summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnas Nashif <anas.nashif@intel.com>2013-03-27 09:15:23 -0700
committerAnas Nashif <anas.nashif@intel.com>2013-03-27 09:15:23 -0700
commit6576640b55777bd811a12a188b9b1f3c63653799 (patch)
tree7dab5ece3a5bf7ed238e8b0824194ce01b61121e
downloadgpg2-6576640b55777bd811a12a188b9b1f3c63653799.tar.gz
gpg2-6576640b55777bd811a12a188b9b1f3c63653799.tar.bz2
gpg2-6576640b55777bd811a12a188b9b1f3c63653799.zip
Imported Upstream version 2.0.19upstream/2.0.19
Diffstat
-rw-r--r--ABOUT-NLS1068
-rw-r--r--AUTHORS180
-rw-r--r--COPYING676
-rw-r--r--COPYING.LIB165
-rw-r--r--ChangeLog140
-rw-r--r--ChangeLog-20111207
-rw-r--r--INSTALL234
-rw-r--r--Makefile.am104
-rw-r--r--Makefile.in928
-rw-r--r--NEWS823
-rw-r--r--README151
-rw-r--r--README.SVN51
-rw-r--r--THANKS294
-rw-r--r--TODO118
-rw-r--r--VERSION1
-rw-r--r--acinclude.m4308
-rw-r--r--aclocal.m41239
-rw-r--r--agent/ChangeLog-20112617
-rw-r--r--agent/Makefile.am110
-rw-r--r--agent/Makefile.in1164
-rw-r--r--agent/agent.h373
-rw-r--r--agent/cache.c340
-rw-r--r--agent/call-pinentry.c1178
-rw-r--r--agent/call-scd.c1167
-rw-r--r--agent/command-ssh.c3089
-rw-r--r--agent/command.c2073
-rw-r--r--agent/divert-scd.c451
-rw-r--r--agent/findkey.c952
-rw-r--r--agent/genkey.c484
-rw-r--r--agent/gpg-agent.c2291
-rw-r--r--agent/learncard.c472
-rw-r--r--agent/minip12.c2360
-rw-r--r--agent/minip12.h36
-rw-r--r--agent/pkdecrypt.c151
-rw-r--r--agent/pksign.c261
-rw-r--r--agent/preset-passphrase.c270
-rw-r--r--agent/protect-tool.c1271
-rw-r--r--agent/protect.c1321
-rw-r--r--agent/t-protect.c310
-rw-r--r--agent/trans.c41
-rw-r--r--agent/trustlist.c763
-rw-r--r--am/cmacros.am55
-rwxr-xr-xautogen.sh243
-rw-r--r--common/ChangeLog-20111638
-rw-r--r--common/Makefile.am142
-rw-r--r--common/Makefile.in2035
-rw-r--r--common/README11
-rw-r--r--common/asshelp.c457
-rw-r--r--common/asshelp.h50
-rw-r--r--common/audit-events.h114
-rw-r--r--common/audit.c1324
-rw-r--r--common/audit.h224
-rw-r--r--common/b64dec.c217
-rw-r--r--common/b64enc.c351
-rw-r--r--common/common-defs.h33
-rw-r--r--common/convert.c249
-rw-r--r--common/dns-cert.c342
-rw-r--r--common/dns-cert.h26
-rw-r--r--common/estream-printf.c1788
-rw-r--r--common/estream-printf.h110
-rw-r--r--common/estream.c3687
-rw-r--r--common/estream.h379
-rw-r--r--common/exaudit.awk43
-rw-r--r--common/exechelp.c1033
-rw-r--r--common/exechelp.h97
-rw-r--r--common/exstatus.awk40
-rw-r--r--common/gc-opt-flags.h40
-rw-r--r--common/get-passphrase.c262
-rw-r--r--common/get-passphrase.h45
-rw-r--r--common/gettime.c592
-rw-r--r--common/gpgrlhelp.c91
-rw-r--r--common/helpfile.c262
-rw-r--r--common/homedir.c449
-rw-r--r--common/http.c2068
-rw-r--r--common/http.h116
-rw-r--r--common/i18n.c107
-rw-r--r--common/i18n.h47
-rw-r--r--common/init.c71
-rw-r--r--common/init.h26
-rw-r--r--common/iobuf.c2595
-rw-r--r--common/iobuf.h162
-rw-r--r--common/keyserver.h42
-rw-r--r--common/localename.c116
-rw-r--r--common/membuf.c118
-rw-r--r--common/membuf.h47
-rw-r--r--common/miscellaneous.c241
-rw-r--r--common/mkstrtable.awk185
-rw-r--r--common/openpgpdefs.h87
-rw-r--r--common/percent.c229
-rw-r--r--common/pka.c323
-rw-r--r--common/pka.h25
-rw-r--r--common/session-env.c385
-rw-r--r--common/session-env.h43
-rw-r--r--common/sexp-parse.h128
-rw-r--r--common/sexputil.c429
-rw-r--r--common/signal.c262
-rw-r--r--common/simple-pwquery.c690
-rw-r--r--common/simple-pwquery.h115
-rw-r--r--common/srv.c321
-rw-r--r--common/srv.h49
-rw-r--r--common/ssh-utils.c187
-rw-r--r--common/ssh-utils.h36
-rw-r--r--common/status-codes.h206
-rw-r--r--common/status.c66
-rw-r--r--common/status.h137
-rw-r--r--common/sysutils.c492
-rw-r--r--common/sysutils.h59
-rw-r--r--common/t-b64.c182
-rw-r--r--common/t-convert.c461
-rw-r--r--common/t-exechelp.c188
-rw-r--r--common/t-gettime.c103
-rw-r--r--common/t-helpfile.c67
-rw-r--r--common/t-percent.c115
-rw-r--r--common/t-session-env.c294
-rw-r--r--common/t-sexputil.c192
-rw-r--r--common/t-ssh-utils.c233
-rw-r--r--common/t-sysutils.c85
-rw-r--r--common/tlv.c305
-rw-r--r--common/tlv.h113
-rw-r--r--common/ttyio.c690
-rw-r--r--common/ttyio.h63
-rw-r--r--common/util.h333
-rw-r--r--common/xasprintf.c62
-rw-r--r--common/xreadline.c117
-rw-r--r--common/yesno.c141
-rw-r--r--config.h.in891
-rwxr-xr-xconfigure17748
-rw-r--r--configure.ac1544
-rw-r--r--doc/ChangeLog-2011798
-rw-r--r--doc/DETAILS1299
-rw-r--r--doc/FAQ13
-rw-r--r--doc/HACKING200
-rw-r--r--doc/KEYSERVER83
-rw-r--r--doc/Makefile.am150
-rw-r--r--doc/Makefile.in1029
-rw-r--r--doc/OpenPGP108
-rw-r--r--doc/TRANSLATE62
-rw-r--r--doc/com-certs.pem484
-rw-r--r--doc/contrib.texi106
-rw-r--r--doc/debugging.texi277
-rw-r--r--doc/examples/README9
-rw-r--r--doc/examples/gpgconf.conf63
-rw-r--r--doc/examples/pwpattern.list48
-rwxr-xr-xdoc/examples/scd-event102
-rw-r--r--doc/examples/trustlist.txt66
-rw-r--r--doc/glossary.texi72
-rw-r--r--doc/gnupg-card-architecture.eps1003
-rw-r--r--doc/gnupg-card-architecture.fig419
-rw-r--r--doc/gnupg-card-architecture.pdfbin0 -> 19685 bytes
-rw-r--r--doc/gnupg-card-architecture.pngbin0 -> 15022 bytes
-rw-r--r--doc/gnupg-logo.eps2704
-rw-r--r--doc/gnupg-logo.pdfbin0 -> 11736 bytes
-rw-r--r--doc/gnupg-logo.pngbin0 -> 8988 bytes
-rw-r--r--doc/gnupg.info178
-rw-r--r--doc/gnupg.info-17752
-rw-r--r--doc/gnupg.info-22125
-rw-r--r--doc/gnupg.texi222
-rw-r--r--doc/gnupg7.texi31
-rw-r--r--doc/gpg-agent.texi1386
-rw-r--r--doc/gpg.texi3394
-rw-r--r--doc/gpgsm.texi1458
-rw-r--r--doc/gpgv.texi163
-rw-r--r--doc/gpl.texi725
-rw-r--r--doc/help.be.txt286
-rw-r--r--doc/help.ca.txt286
-rw-r--r--doc/help.cs.txt286
-rw-r--r--doc/help.da.txt286
-rw-r--r--doc/help.de.txt279
-rw-r--r--doc/help.el.txt286
-rw-r--r--doc/help.eo.txt286
-rw-r--r--doc/help.es.txt251
-rw-r--r--doc/help.et.txt286
-rw-r--r--doc/help.fi.txt256
-rw-r--r--doc/help.fr.txt256
-rw-r--r--doc/help.gl.txt286
-rw-r--r--doc/help.hu.txt257
-rw-r--r--doc/help.id.txt251
-rw-r--r--doc/help.it.txt251
-rw-r--r--doc/help.ja.txt286
-rw-r--r--doc/help.nb.txt286
-rw-r--r--doc/help.pl.txt250
-rw-r--r--doc/help.pt.txt253
-rw-r--r--doc/help.pt_BR.txt253
-rw-r--r--doc/help.ro.txt251
-rw-r--r--doc/help.ru.txt250
-rw-r--r--doc/help.sk.txt254
-rw-r--r--doc/help.sv.txt286
-rw-r--r--doc/help.tr.txt242
-rw-r--r--doc/help.txt372
-rw-r--r--doc/help.zh_CN.txt233
-rw-r--r--doc/help.zh_TW.txt245
-rw-r--r--doc/howto-create-a-server-cert.texi288
-rw-r--r--doc/howtos.texi15
-rw-r--r--doc/instguide.texi91
-rw-r--r--doc/opt-homedir.texi10
-rw-r--r--doc/qualified.txt243
-rw-r--r--doc/samplekeys.asc939
-rw-r--r--doc/scdaemon.texi731
-rw-r--r--doc/see-also-note.texi14
-rw-r--r--doc/specify-user-id.texi171
-rw-r--r--doc/stamp-vti4
-rw-r--r--doc/sysnotes.texi86
-rw-r--r--doc/texi.css6
-rw-r--r--doc/tools.texi1899
-rw-r--r--doc/version.texi4
-rw-r--r--doc/yat2m.c1360
-rw-r--r--g10/ChangeLog-201111041
-rw-r--r--g10/Makefile.am141
-rw-r--r--g10/Makefile.in962
-rw-r--r--g10/armor.c1498
-rw-r--r--g10/build-packet.c1362
-rw-r--r--g10/call-agent.c1369
-rw-r--r--g10/call-agent.h145
-rw-r--r--g10/card-util.c1996
-rw-r--r--g10/cipher.c163
-rw-r--r--g10/compress-bz2.c253
-rw-r--r--g10/compress.c351
-rw-r--r--g10/cpr.c526
-rw-r--r--g10/dearmor.c134
-rw-r--r--g10/decrypt.c199
-rw-r--r--g10/delkey.c219
-rw-r--r--g10/encode.c912
-rw-r--r--g10/encr-data.c373
-rw-r--r--g10/exec.c624
-rw-r--r--g10/exec.h51
-rw-r--r--g10/export.c756
-rw-r--r--g10/filter.h163
-rw-r--r--g10/free-packet.c567
-rw-r--r--g10/getkey.c3156
-rw-r--r--g10/gpg.c4368
-rw-r--r--g10/gpg.h122
-rw-r--r--g10/gpgv.c537
-rw-r--r--g10/helptext.c88
-rw-r--r--g10/import.c2525
-rw-r--r--g10/kbnode.c398
-rw-r--r--g10/keydb.c828
-rw-r--r--g10/keydb.h317
-rw-r--r--g10/keyedit.c5271
-rw-r--r--g10/keygen.c4316
-rw-r--r--g10/keyid.c831
-rw-r--r--g10/keylist.c1665
-rw-r--r--g10/keyring.c1693
-rw-r--r--g10/keyring.h44
-rw-r--r--g10/keyserver-internal.h52
-rw-r--r--g10/keyserver.c2203
-rw-r--r--g10/main.h350
-rw-r--r--g10/mainproc.c2184
-rw-r--r--g10/mdfilter.c75
-rw-r--r--g10/misc.c1415
-rw-r--r--g10/openfile.c436
-rw-r--r--g10/options.h361
-rw-r--r--g10/options.skel206
-rw-r--r--g10/packet.h514
-rw-r--r--g10/parse-packet.c2569
-rw-r--r--g10/passphrase.c685
-rw-r--r--g10/photoid.c375
-rw-r--r--g10/photoid.h33
-rw-r--r--g10/pkclist.c1531
-rw-r--r--g10/pkglue.c341
-rw-r--r--g10/pkglue.h34
-rw-r--r--g10/plaintext.c663
-rw-r--r--g10/progress.c159
-rw-r--r--g10/pubkey-enc.c357
-rw-r--r--g10/revoke.c736
-rw-r--r--g10/rmd160.c425
-rw-r--r--g10/rmd160.h24
-rw-r--r--g10/seckey-cert.c473
-rw-r--r--g10/server.c609
-rw-r--r--g10/seskey.c282
-rw-r--r--g10/sig-check.c666
-rw-r--r--g10/sign.c1575
-rw-r--r--g10/skclist.c256
-rw-r--r--g10/t-rmd160.c92
-rw-r--r--g10/tdbdump.c234
-rw-r--r--g10/tdbio.c1516
-rw-r--r--g10/tdbio.h118
-rw-r--r--g10/textfilter.c250
-rw-r--r--g10/trustdb.c2503
-rw-r--r--g10/trustdb.h97
-rw-r--r--g10/verify.c278
-rw-r--r--gl/Makefile.am145
-rw-r--r--gl/Makefile.in640
-rw-r--r--gl/alloca_.h53
-rw-r--r--gl/allocsa.c136
-rw-r--r--gl/allocsa.h127
-rw-r--r--gl/allocsa.valgrind7
-rw-r--r--gl/m4/absolute-header.m444
-rw-r--r--gl/m4/alloca.m442
-rw-r--r--gl/m4/allocsa.m415
-rw-r--r--gl/m4/eealloc.m432
-rw-r--r--gl/m4/gnulib-comp.m482
-rw-r--r--gl/m4/gnulib-tool.m433
-rw-r--r--gl/m4/mkdtemp.m422
-rw-r--r--gl/m4/setenv.m468
-rw-r--r--gl/m4/stdint.m4368
-rw-r--r--gl/m4/strpbrk.m416
-rw-r--r--gl/m4/unistd_h.m418
-rw-r--r--gl/mkdtemp.c208
-rw-r--r--gl/mkdtemp.h31
-rw-r--r--gl/setenv.c327
-rw-r--r--gl/setenv.h53
-rw-r--r--gl/size_max.h30
-rw-r--r--gl/stdint_.h491
-rw-r--r--gl/strpbrk.c41
-rw-r--r--gl/strpbrk.h27
-rw-r--r--gl/unsetenv.c91
-rw-r--r--gl/xsize.h107
-rw-r--r--include/ChangeLog-2011444
-rw-r--r--include/Makefile.am1
-rw-r--r--include/Makefile.in445
-rw-r--r--include/_regex.h574
-rw-r--r--include/cipher.h110
-rw-r--r--include/host2net.h42
-rw-r--r--include/types.h134
-rw-r--r--jnlib/ChangeLog-2011709
-rw-r--r--jnlib/Makefile.am70
-rw-r--r--jnlib/Makefile.in727
-rw-r--r--jnlib/README8
-rw-r--r--jnlib/argparse.c1205
-rw-r--r--jnlib/argparse.h183
-rw-r--r--jnlib/dotlock.c697
-rw-r--r--jnlib/dotlock.h33
-rw-r--r--jnlib/dynload.h72
-rw-r--r--jnlib/libjnlib-config.h84
-rw-r--r--jnlib/logging.c651
-rw-r--r--jnlib/logging.h88
-rw-r--r--jnlib/mischelp.c133
-rw-r--r--jnlib/mischelp.h98
-rw-r--r--jnlib/stringhelp.c1141
-rw-r--r--jnlib/stringhelp.h136
-rw-r--r--jnlib/strlist.c185
-rw-r--r--jnlib/strlist.h49
-rw-r--r--jnlib/t-stringhelp.c414
-rw-r--r--jnlib/t-support.c143
-rw-r--r--jnlib/t-support.h50
-rw-r--r--jnlib/types.h114
-rw-r--r--jnlib/utf8conv.c738
-rw-r--r--jnlib/utf8conv.h41
-rw-r--r--jnlib/w32-afunix.c137
-rw-r--r--jnlib/w32-afunix.h49
-rw-r--r--jnlib/w32-gettext.c1703
-rw-r--r--jnlib/w32-reg.c182
-rw-r--r--jnlib/w32help.h41
-rw-r--r--kbx/ChangeLog-2011349
-rw-r--r--kbx/Makefile.am53
-rw-r--r--kbx/Makefile.in657
-rw-r--r--kbx/kbxutil.c594
-rw-r--r--kbx/keybox-blob.c1047
-rw-r--r--kbx/keybox-defs.h261
-rw-r--r--kbx/keybox-dump.c699
-rw-r--r--kbx/keybox-file.c163
-rw-r--r--kbx/keybox-init.c202
-rw-r--r--kbx/keybox-openpgp.c508
-rw-r--r--kbx/keybox-search-desc.h73
-rw-r--r--kbx/keybox-search.c1031
-rw-r--r--kbx/keybox-update.c720
-rw-r--r--kbx/keybox-util.c71
-rw-r--r--kbx/keybox.h119
-rwxr-xr-xkbx/mkerrors70
-rw-r--r--keyserver/ChangeLog-20111349
-rw-r--r--keyserver/Makefile.am86
-rw-r--r--keyserver/Makefile.in1076
-rw-r--r--keyserver/curl-shim.c382
-rw-r--r--keyserver/curl-shim.h111
-rwxr-xr-xkeyserver/gpg2keys_mailto.in211
-rwxr-xr-xkeyserver/gpg2keys_test.in97
-rw-r--r--keyserver/gpgkeys_curl.c419
-rw-r--r--keyserver/gpgkeys_finger.c500
-rw-r--r--keyserver/gpgkeys_hkp.c977
-rw-r--r--keyserver/gpgkeys_kdns.c444
-rw-r--r--keyserver/gpgkeys_ldap.c2379
-rw-r--r--keyserver/ksutil.c622
-rw-r--r--keyserver/ksutil.h149
-rw-r--r--keyserver/no-libgcrypt.c107
-rw-r--r--m4/ChangeLog-2011159
-rw-r--r--m4/Makefile.am20
-rw-r--r--m4/Makefile.in453
-rw-r--r--m4/autobuild.m434
-rw-r--r--m4/codeset.m421
-rw-r--r--m4/estream.m449
-rw-r--r--m4/gettext.m4381
-rw-r--r--m4/glibc2.m430
-rw-r--r--m4/glibc21.m430
-rw-r--r--m4/gnupg-pth.m4105
-rw-r--r--m4/gpg-error.m465
-rw-r--r--m4/iconv.m4180
-rw-r--r--m4/intdiv0.m470
-rw-r--r--m4/intl.m4259
-rw-r--r--m4/intldir.m419
-rw-r--r--m4/intmax.m433
-rw-r--r--m4/inttypes-pri.m436
-rw-r--r--m4/inttypes.m427
-rw-r--r--m4/inttypes_h.m426
-rw-r--r--m4/isc-posix.m426
-rw-r--r--m4/ksba.m4109
-rw-r--r--m4/lcmessage.m430
-rw-r--r--m4/ldap.m4100
-rw-r--r--m4/lib-ld.m4110
-rw-r--r--m4/lib-link.m4709
-rw-r--r--m4/lib-prefix.m4185
-rw-r--r--m4/libassuan.m4175
-rw-r--r--m4/libcurl.m4239
-rw-r--r--m4/libgcrypt.m4108
-rw-r--r--m4/libusb.m469
-rw-r--r--m4/lock.m4311
-rw-r--r--m4/longdouble.m431
-rw-r--r--m4/nls.m431
-rw-r--r--m4/po.m4449
-rw-r--r--m4/printf-posix.m444
-rw-r--r--m4/progtest.m492
-rw-r--r--m4/readline.m463
-rw-r--r--m4/signed.m417
-rw-r--r--m4/size_max.m462
-rw-r--r--m4/socklen.m452
-rw-r--r--m4/stdint_h.m426
-rw-r--r--m4/sys_socket_h.m423
-rw-r--r--m4/tar-ustar.m443
-rw-r--r--m4/uintmax_t.m430
-rw-r--r--m4/visibility.m452
-rw-r--r--m4/wchar_t.m420
-rw-r--r--m4/wint_t.m420
-rw-r--r--m4/xsize.m413
-rw-r--r--po/ChangeLog-2011336
-rw-r--r--po/LINGUAS30
-rw-r--r--po/Makefile.in.in429
-rw-r--r--po/Makevars41
-rw-r--r--po/POTFILES.in109
-rw-r--r--po/Rules-quot47
-rw-r--r--po/be.gmobin0 -> 9060 bytes
-rw-r--r--po/be.po8531
-rw-r--r--po/boldquot.sed10
-rw-r--r--po/ca.gmobin0 -> 57453 bytes
-rw-r--r--po/ca.po10383
-rw-r--r--po/cs.gmobin0 -> 186067 bytes
-rw-r--r--po/cs.po9079
-rw-r--r--po/da.gmobin0 -> 14162 bytes
-rw-r--r--po/da.po9298
-rw-r--r--po/de.gmobin0 -> 190092 bytes
-rw-r--r--po/de.po9034
-rw-r--r--po/el.gmobin0 -> 57433 bytes
-rw-r--r--po/el.po10024
-rw-r--r--po/en@boldquot.gmobin0 -> 173263 bytes
-rw-r--r--po/en@boldquot.header25
-rw-r--r--po/en@boldquot.po8373
-rw-r--r--po/en@quot.gmobin0 -> 171263 bytes
-rw-r--r--po/en@quot.header22
-rw-r--r--po/en@quot.po8362
-rw-r--r--po/eo.gmobin0 -> 38570 bytes
-rw-r--r--po/eo.po10135
-rw-r--r--po/es.gmobin0 -> 172779 bytes
-rw-r--r--po/es.po10178
-rw-r--r--po/et.gmobin0 -> 54136 bytes
-rw-r--r--po/et.po9902
-rw-r--r--po/fi.gmobin0 -> 56808 bytes
-rw-r--r--po/fi.po10006
-rw-r--r--po/fr.gmobin0 -> 113512 bytes
-rw-r--r--po/fr.po9455
-rw-r--r--po/gl.gmobin0 -> 56225 bytes
-rw-r--r--po/gl.po10327
-rw-r--r--po/gnupg2.pot8085
-rw-r--r--po/hu.gmobin0 -> 56243 bytes
-rw-r--r--po/hu.po9983
-rw-r--r--po/id.gmobin0 -> 54707 bytes
-rw-r--r--po/id.po9984
-rw-r--r--po/insert-header.sin23
-rw-r--r--po/it.gmobin0 -> 56352 bytes
-rw-r--r--po/it.po10018
-rw-r--r--po/ja.gmobin0 -> 91476 bytes
-rw-r--r--po/ja.po9453
-rw-r--r--po/nb.gmobin0 -> 79298 bytes
-rw-r--r--po/nb.po8824
-rw-r--r--po/pl.gmobin0 -> 182381 bytes
-rw-r--r--po/pl.po8479
-rw-r--r--po/pt.gmobin0 -> 48183 bytes
-rw-r--r--po/pt.po9962
-rw-r--r--po/pt_BR.gmobin0 -> 28325 bytes
-rw-r--r--po/pt_BR.po10177
-rw-r--r--po/quot.sed6
-rw-r--r--po/remove-potcdate.sin19
-rw-r--r--po/ro.gmobin0 -> 108775 bytes
-rw-r--r--po/ro.po9850
-rw-r--r--po/ru.gmobin0 -> 199848 bytes
-rw-r--r--po/ru.po8427
-rw-r--r--po/sk.gmobin0 -> 55493 bytes
-rw-r--r--po/sk.po9989
-rw-r--r--po/stamp-po1
-rw-r--r--po/sv.gmobin0 -> 181397 bytes
-rw-r--r--po/sv.po8836
-rw-r--r--po/tr.gmobin0 -> 178211 bytes
-rw-r--r--po/tr.po8531
-rw-r--r--po/uk.gmobin0 -> 245099 bytes
-rw-r--r--po/uk.po8541
-rw-r--r--po/zh_CN.gmobin0 -> 111017 bytes
-rw-r--r--po/zh_CN.po9056
-rw-r--r--po/zh_TW.gmobin0 -> 170841 bytes
-rw-r--r--po/zh_TW.po8907
-rw-r--r--scd/ChangeLog-20112427
-rw-r--r--scd/Makefile.am71
-rw-r--r--scd/Makefile.in763
-rw-r--r--scd/apdu.c3543
-rw-r--r--scd/apdu.h140
-rw-r--r--scd/app-common.h228
-rw-r--r--scd/app-dinsig.c574
-rw-r--r--scd/app-geldkarte.c409
-rw-r--r--scd/app-help.c182
-rw-r--r--scd/app-nks.c1420
-rw-r--r--scd/app-openpgp.c3813
-rw-r--r--scd/app-p15.c3423
-rw-r--r--scd/app.c981
-rw-r--r--scd/ccid-driver.c3490
-rw-r--r--scd/ccid-driver.h109
-rw-r--r--scd/command.c2327
-rw-r--r--scd/iso7816.c873
-rw-r--r--scd/iso7816.h123
-rw-r--r--scd/pcsc-wrapper.c848
-rw-r--r--scd/scdaemon.c1318
-rw-r--r--scd/scdaemon.h132
-rw-r--r--scripts/ChangeLog-201152
-rwxr-xr-xscripts/compile141
-rwxr-xr-xscripts/config.guess1530
-rwxr-xr-xscripts/config.rpath666
-rwxr-xr-xscripts/config.sub1773
-rwxr-xr-xscripts/depcomp582
-rwxr-xr-xscripts/install-sh507
-rwxr-xr-xscripts/mdate-sh199
-rwxr-xr-xscripts/missing365
-rwxr-xr-xscripts/mkinstalldirs161
-rw-r--r--scripts/texinfo.tex8638
-rw-r--r--sm/ChangeLog-20112705
-rw-r--r--sm/Makefile.am71
-rw-r--r--sm/Makefile.in711
-rw-r--r--sm/base64.c733
-rw-r--r--sm/call-agent.c1069
-rw-r--r--sm/call-dirmngr.c1126
-rw-r--r--sm/certchain.c2044
-rw-r--r--sm/certcheck.c439
-rw-r--r--sm/certdump.c974
-rw-r--r--sm/certlist.c555
-rw-r--r--sm/certreqgen-ui.c415
-rw-r--r--sm/certreqgen.c884
-rw-r--r--sm/decrypt.c586
-rw-r--r--sm/delete.c182
-rw-r--r--sm/encrypt.c513
-rw-r--r--sm/export.c749
-rw-r--r--sm/fingerprint.c347
-rw-r--r--sm/gpgsm.c2181
-rw-r--r--sm/gpgsm.h423
-rw-r--r--sm/import.c807
-rw-r--r--sm/keydb.c1535
-rw-r--r--sm/keydb.h86
-rw-r--r--sm/keylist.c1562
-rw-r--r--sm/misc.c89
-rw-r--r--sm/qualified.c321
-rw-r--r--sm/server.c1464
-rw-r--r--sm/sign.c780
-rw-r--r--sm/verify.c660
-rw-r--r--tests/ChangeLog-2011142
-rw-r--r--tests/Makefile.am75
-rw-r--r--tests/Makefile.in845
-rw-r--r--tests/asschk.c1092
-rwxr-xr-xtests/inittests99
-rw-r--r--tests/openpgp/ChangeLog-2011379
-rw-r--r--tests/openpgp/Makefile.am124
-rw-r--r--tests/openpgp/Makefile.in660
-rwxr-xr-xtests/openpgp/armdetach.test19
-rwxr-xr-xtests/openpgp/armdetachm.test17
-rwxr-xr-xtests/openpgp/armencrypt.test19
-rwxr-xr-xtests/openpgp/armencryptp.test20
-rwxr-xr-xtests/openpgp/armor.test764
-rwxr-xr-xtests/openpgp/armsignencrypt.test21
-rwxr-xr-xtests/openpgp/armsigs.test19
-rw-r--r--tests/openpgp/bug537-test.data.asc960
-rw-r--r--tests/openpgp/bug894-test.asc565
-rwxr-xr-xtests/openpgp/clearsig.test110
-rwxr-xr-xtests/openpgp/conventional-mdc.test30
-rwxr-xr-xtests/openpgp/conventional.test29
-rwxr-xr-xtests/openpgp/decrypt-dsa.test18
-rwxr-xr-xtests/openpgp/decrypt.test18
-rwxr-xr-xtests/openpgp/defs.inc193
-rwxr-xr-xtests/openpgp/detach.test18
-rwxr-xr-xtests/openpgp/detachm.test17
-rwxr-xr-xtests/openpgp/encrypt-dsa.test29
-rwxr-xr-xtests/openpgp/encrypt.test28
-rwxr-xr-xtests/openpgp/encryptp.test18
-rwxr-xr-xtests/openpgp/genkey1024.test39
-rw-r--r--tests/openpgp/gpg-agent.conf.tmpl2
-rw-r--r--tests/openpgp/gpg.conf.tmpl5
-rwxr-xr-xtests/openpgp/import.test26
-rwxr-xr-xtests/openpgp/mds.test77
-rwxr-xr-xtests/openpgp/mkdemodirs41
-rwxr-xr-xtests/openpgp/multisig.test154
-rw-r--r--tests/openpgp/plain-1-pgp.asc27
-rw-r--r--tests/openpgp/plain-1.asc26
-rw-r--r--tests/openpgp/plain-1o.asc28
-rw-r--r--tests/openpgp/plain-2.asc31
-rw-r--r--tests/openpgp/plain-2o.asc36
-rw-r--r--tests/openpgp/plain-3.asc13
-rw-r--r--tests/openpgp/plain-3o.asc10
-rw-r--r--tests/openpgp/pubdemo.asc566
-rw-r--r--tests/openpgp/pubring.asc720
-rw-r--r--tests/openpgp/pubring.pkr.asc28
-rwxr-xr-xtests/openpgp/seat.test19
-rw-r--r--tests/openpgp/secdemo.asc737
-rw-r--r--tests/openpgp/secring.asc73
-rw-r--r--tests/openpgp/secring.skr.asc27
-rwxr-xr-xtests/openpgp/signdemokey16
-rwxr-xr-xtests/openpgp/signencrypt-dsa.test30
-rwxr-xr-xtests/openpgp/signencrypt.test34
-rwxr-xr-xtests/openpgp/sigs-dsa.test30
-rwxr-xr-xtests/openpgp/sigs.test45
-rwxr-xr-xtests/openpgp/verify.test260
-rwxr-xr-xtests/openpgp/version.test17
-rw-r--r--tests/pkits/ChangeLog-201171
-rw-r--r--tests/pkits/Makefile.am75
-rw-r--r--tests/pkits/Makefile.in607
-rw-r--r--tests/pkits/README37
-rwxr-xr-xtests/pkits/basic-certificate-revocation31
-rwxr-xr-xtests/pkits/certificate-policies31
-rw-r--r--tests/pkits/common.sh275
-rwxr-xr-xtests/pkits/delta-crls31
-rwxr-xr-xtests/pkits/distribution-points31
-rwxr-xr-xtests/pkits/import-all-certs58
-rw-r--r--tests/pkits/import-all-certs.data471
-rwxr-xr-xtests/pkits/inhibit-any-policy31
-rwxr-xr-xtests/pkits/inhibit-policy-mapping31
-rwxr-xr-xtests/pkits/inittests108
-rwxr-xr-xtests/pkits/key-usage28
-rwxr-xr-xtests/pkits/name-constraints31
-rwxr-xr-xtests/pkits/policy-mappings31
-rwxr-xr-xtests/pkits/private-certificate-extensions31
-rwxr-xr-xtests/pkits/require-explicit-policy31
-rwxr-xr-xtests/pkits/runtest4
-rwxr-xr-xtests/pkits/signature-verification167
-rwxr-xr-xtests/pkits/validate-all-certs59
-rwxr-xr-xtests/pkits/validity-periods218
-rwxr-xr-xtests/pkits/verifying-basic-constraints31
-rwxr-xr-xtests/pkits/verifying-name-chaining31
-rwxr-xr-xtests/pkits/verifying-paths-self-issued31
-rwxr-xr-xtests/runtest4
-rw-r--r--tests/samplekeys/32100C27173EF6E9C4E9A25D3D69F86D37A4F939.key18
-rw-r--r--tests/samplekeys/cert_g10code_pete1.pem24
-rw-r--r--tests/samplekeys/cert_g10code_test1.pem19
-rw-r--r--tests/samplekeys/cert_g10code_theo1.pem40
-rw-r--r--tests/sm-sign+verify73
-rw-r--r--tests/sm-verify114
-rw-r--r--tests/text-1.dsig.pem27
-rw-r--r--tests/text-1.osig-bad.pem45
-rw-r--r--tests/text-1.osig.pem48
-rw-r--r--tests/text-1.txt17
-rw-r--r--tests/text-2.osig-bad.pem28
-rw-r--r--tests/text-2.osig.pem29
-rw-r--r--tests/text-2.txt2
-rw-r--r--tests/text-3.txt2
-rw-r--r--tools/ChangeLog-20111098
-rw-r--r--tools/Makefile.am121
-rw-r--r--tools/Makefile.in1078
-rw-r--r--tools/Manifest6
-rwxr-xr-xtools/addgnupghome122
-rwxr-xr-xtools/applygnupgdefaults82
-rw-r--r--tools/ccidmon.c879
-rw-r--r--tools/clean-sat.c36
-rwxr-xr-xtools/convert-from-10655
-rw-r--r--tools/gpg-check-pattern.c503
-rw-r--r--tools/gpg-connect-agent.c2228
-rw-r--r--tools/gpg-zip.in140
-rw-r--r--tools/gpgconf-comp.c3623
-rw-r--r--tools/gpgconf.c348
-rw-r--r--tools/gpgconf.h80
-rw-r--r--tools/gpgkey2ssh.c306
-rw-r--r--tools/gpgparsemail.c809
-rwxr-xr-xtools/gpgsm-gencert.sh203
-rw-r--r--tools/gpgsplit.c882
-rw-r--r--tools/gpgtar-create.c903
-rw-r--r--tools/gpgtar-extract.c349
-rw-r--r--tools/gpgtar-list.c332
-rw-r--r--tools/gpgtar.c538
-rw-r--r--tools/gpgtar.h132
-rwxr-xr-xtools/lspgpot27
-rwxr-xr-xtools/mail-signed-keys114
-rw-r--r--tools/make-dns-cert.c247
-rw-r--r--tools/mk-tdata.c69
-rw-r--r--tools/no-libgcrypt.c144
-rw-r--r--tools/rfc822parse.c1256
-rw-r--r--tools/rfc822parse.h79
-rw-r--r--tools/sockprox.c550
-rw-r--r--tools/symcryptrun.c1027
-rw-r--r--tools/watchgnupg.c392
687 files changed, 620406 insertions, 0 deletions
diff --git a/ABOUT-NLS b/ABOUT-NLS
new file mode 100644
index 0000000..83bc72e
--- /dev/null
+++ b/ABOUT-NLS
@@ -0,0 +1,1068 @@
+1 Notes on the Free Translation Project
+***************************************
+
+Free software is going international! The Free Translation Project is
+a way to get maintainers of free software, translators, and users all
+together, so that free software will gradually become able to speak many
+languages. A few packages already provide translations for their
+messages.
+
+ If you found this `ABOUT-NLS' file inside a distribution, you may
+assume that the distributed package does use GNU `gettext' internally,
+itself available at your nearest GNU archive site. But you do _not_
+need to install GNU `gettext' prior to configuring, installing or using
+this package with messages translated.
+
+ Installers will find here some useful hints. These notes also
+explain how users should proceed for getting the programs to use the
+available translations. They tell how people wanting to contribute and
+work on translations can contact the appropriate team.
+
+ When reporting bugs in the `intl/' directory or bugs which may be
+related to internationalization, you should tell about the version of
+`gettext' which is used. The information can be found in the
+`intl/VERSION' file, in internationalized packages.
+
+1.1 Quick configuration advice
+==============================
+
+If you want to exploit the full power of internationalization, you
+should configure it using
+
+ ./configure --with-included-gettext
+
+to force usage of internationalizing routines provided within this
+package, despite the existence of internationalizing capabilities in the
+operating system where this package is being installed. So far, only
+the `gettext' implementation in the GNU C library version 2 provides as
+many features (such as locale alias, message inheritance, automatic
+charset conversion or plural form handling) as the implementation here.
+It is also not possible to offer this additional functionality on top
+of a `catgets' implementation. Future versions of GNU `gettext' will
+very likely convey even more functionality. So it might be a good idea
+to change to GNU `gettext' as soon as possible.
+
+ So you need _not_ provide this option if you are using GNU libc 2 or
+you have installed a recent copy of the GNU gettext package with the
+included `libintl'.
+
+1.2 INSTALL Matters
+===================
+
+Some packages are "localizable" when properly installed; the programs
+they contain can be made to speak your own native language. Most such
+packages use GNU `gettext'. Other packages have their own ways to
+internationalization, predating GNU `gettext'.
+
+ By default, this package will be installed to allow translation of
+messages. It will automatically detect whether the system already
+provides the GNU `gettext' functions. If not, the included GNU
+`gettext' library will be used. This library is wholly contained
+within this package, usually in the `intl/' subdirectory, so prior
+installation of the GNU `gettext' package is _not_ required.
+Installers may use special options at configuration time for changing
+the default behaviour. The commands:
+
+ ./configure --with-included-gettext
+ ./configure --disable-nls
+
+will, respectively, bypass any pre-existing `gettext' to use the
+internationalizing routines provided within this package, or else,
+_totally_ disable translation of messages.
+
+ When you already have GNU `gettext' installed on your system and run
+configure without an option for your new package, `configure' will
+probably detect the previously built and installed `libintl.a' file and
+will decide to use this. This might not be desirable. You should use
+the more recent version of the GNU `gettext' library. I.e. if the file
+`intl/VERSION' shows that the library which comes with this package is
+more recent, you should use
+
+ ./configure --with-included-gettext
+
+to prevent auto-detection.
+
+ The configuration process will not test for the `catgets' function
+and therefore it will not be used. The reason is that even an
+emulation of `gettext' on top of `catgets' could not provide all the
+extensions of the GNU `gettext' library.
+
+ Internationalized packages usually have many `po/LL.po' files, where
+LL gives an ISO 639 two-letter code identifying the language. Unless
+translations have been forbidden at `configure' time by using the
+`--disable-nls' switch, all available translations are installed
+together with the package. However, the environment variable `LINGUAS'
+may be set, prior to configuration, to limit the installed set.
+`LINGUAS' should then contain a space separated list of two-letter
+codes, stating which languages are allowed.
+
+1.3 Using This Package
+======================
+
+As a user, if your language has been installed for this package, you
+only have to set the `LANG' environment variable to the appropriate
+`LL_CC' combination. If you happen to have the `LC_ALL' or some other
+`LC_xxx' environment variables set, you should unset them before
+setting `LANG', otherwise the setting of `LANG' will not have the
+desired effect. Here `LL' is an ISO 639 two-letter language code, and
+`CC' is an ISO 3166 two-letter country code. For example, let's
+suppose that you speak German and live in Germany. At the shell
+prompt, merely execute `setenv LANG de_DE' (in `csh'),
+`export LANG; LANG=de_DE' (in `sh') or `export LANG=de_DE' (in `bash').
+This can be done from your `.login' or `.profile' file, once and for
+all.
+
+ You might think that the country code specification is redundant.
+But in fact, some languages have dialects in different countries. For
+example, `de_AT' is used for Austria, and `pt_BR' for Brazil. The
+country code serves to distinguish the dialects.
+
+ The locale naming convention of `LL_CC', with `LL' denoting the
+language and `CC' denoting the country, is the one use on systems based
+on GNU libc. On other systems, some variations of this scheme are
+used, such as `LL' or `LL_CC.ENCODING'. You can get the list of
+locales supported by your system for your language by running the
+command `locale -a | grep '^LL''.
+
+ Not all programs have translations for all languages. By default, an
+English message is shown in place of a nonexistent translation. If you
+understand other languages, you can set up a priority list of languages.
+This is done through a different environment variable, called
+`LANGUAGE'. GNU `gettext' gives preference to `LANGUAGE' over `LANG'
+for the purpose of message handling, but you still need to have `LANG'
+set to the primary language; this is required by other parts of the
+system libraries. For example, some Swedish users who would rather
+read translations in German than English for when Swedish is not
+available, set `LANGUAGE' to `sv:de' while leaving `LANG' to `sv_SE'.
+
+ Special advice for Norwegian users: The language code for Norwegian
+bokma*l changed from `no' to `nb' recently (in 2003). During the
+transition period, while some message catalogs for this language are
+installed under `nb' and some older ones under `no', it's recommended
+for Norwegian users to set `LANGUAGE' to `nb:no' so that both newer and
+older translations are used.
+
+ In the `LANGUAGE' environment variable, but not in the `LANG'
+environment variable, `LL_CC' combinations can be abbreviated as `LL'
+to denote the language's main dialect. For example, `de' is equivalent
+to `de_DE' (German as spoken in Germany), and `pt' to `pt_PT'
+(Portuguese as spoken in Portugal) in this context.
+
+1.4 Translating Teams
+=====================
+
+For the Free Translation Project to be a success, we need interested
+people who like their own language and write it well, and who are also
+able to synergize with other translators speaking the same language.
+Each translation team has its own mailing list. The up-to-date list of
+teams can be found at the Free Translation Project's homepage,
+`http://translationproject.org/', in the "Teams" area.
+
+ If you'd like to volunteer to _work_ at translating messages, you
+should become a member of the translating team for your own language.
+The subscribing address is _not_ the same as the list itself, it has
+`-request' appended. For example, speakers of Swedish can send a
+message to `sv-request@li.org', having this message body:
+
+ subscribe
+
+ Keep in mind that team members are expected to participate
+_actively_ in translations, or at solving translational difficulties,
+rather than merely lurking around. If your team does not exist yet and
+you want to start one, or if you are unsure about what to do or how to
+get started, please write to `coordinator@translationproject.org' to
+reach the coordinator for all translator teams.
+
+ The English team is special. It works at improving and uniformizing
+the terminology in use. Proven linguistic skills are praised more than
+programming skills, here.
+
+1.5 Available Packages
+======================
+
+Languages are not equally supported in all packages. The following
+matrix shows the current state of internationalization, as of November
+2007. The matrix shows, in regard of each package, for which languages
+PO files have been submitted to translation coordination, with a
+translation percentage of at least 50%.
+
+ Ready PO files af am ar az be bg bs ca cs cy da de el en en_GB eo
+ +----------------------------------------------------+
+ Compendium | [] [] [] [] |
+ a2ps | [] [] [] [] [] |
+ aegis | () |
+ ant-phone | () |
+ anubis | [] |
+ ap-utils | |
+ aspell | [] [] [] [] [] |
+ bash | [] |
+ bfd | |
+ bibshelf | [] |
+ binutils | |
+ bison | [] [] |
+ bison-runtime | [] |
+ bluez-pin | [] [] [] [] [] |
+ cflow | [] |
+ clisp | [] [] [] |
+ console-tools | [] [] |
+ coreutils | [] [] [] [] |
+ cpio | |
+ cpplib | [] [] [] |
+ cryptonit | [] |
+ dialog | |
+ diffutils | [] [] [] [] [] [] |
+ doodle | [] |
+ e2fsprogs | [] [] |
+ enscript | [] [] [] [] |
+ fetchmail | [] [] () [] [] |
+ findutils | [] |
+ findutils_stable | [] [] [] |
+ flex | [] [] [] |
+ fslint | |
+ gas | |
+ gawk | [] [] [] |
+ gcal | [] |
+ gcc | [] |
+ gettext-examples | [] [] [] [] [] |
+ gettext-runtime | [] [] [] [] [] |
+ gettext-tools | [] [] |
+ gip | [] |
+ gliv | [] [] |
+ glunarclock | [] |
+ gmult | [] [] |
+ gnubiff | () |
+ gnucash | [] [] () () [] |
+ gnuedu | |
+ gnulib | [] |
+ gnunet | |
+ gnunet-gtk | |
+ gnutls | [] |
+ gpe-aerial | [] [] |
+ gpe-beam | [] [] |
+ gpe-calendar | |
+ gpe-clock | [] [] |
+ gpe-conf | [] [] |
+ gpe-contacts | |
+ gpe-edit | [] |
+ gpe-filemanager | |
+ gpe-go | [] |
+ gpe-login | [] [] |
+ gpe-ownerinfo | [] [] |
+ gpe-package | |
+ gpe-sketchbook | [] [] |
+ gpe-su | [] [] |
+ gpe-taskmanager | [] [] |
+ gpe-timesheet | [] |
+ gpe-today | [] [] |
+ gpe-todo | |
+ gphoto2 | [] [] [] [] |
+ gprof | [] [] |
+ gpsdrive | |
+ gramadoir | [] [] |
+ grep | [] [] |
+ gretl | () |
+ gsasl | |
+ gss | |
+ gst-plugins-bad | [] [] |
+ gst-plugins-base | [] [] |
+ gst-plugins-good | [] [] [] |
+ gst-plugins-ugly | [] [] |
+ gstreamer | [] [] [] [] [] [] [] |
+ gtick | () |
+ gtkam | [] [] [] [] |
+ gtkorphan | [] [] |
+ gtkspell | [] [] [] [] |
+ gutenprint | [] |
+ hello | [] [] [] [] [] |
+ herrie | [] |
+ hylafax | |
+ idutils | [] [] |
+ indent | [] [] [] [] |
+ iso_15924 | |
+ iso_3166 | [] [] [] [] [] [] [] [] [] [] [] |
+ iso_3166_2 | |
+ iso_4217 | [] [] [] |
+ iso_639 | [] [] [] [] |
+ jpilot | [] |
+ jtag | |
+ jwhois | |
+ kbd | [] [] [] [] |
+ keytouch | [] [] |
+ keytouch-editor | [] |
+ keytouch-keyboa... | [] |
+ latrine | () |
+ ld | [] |
+ leafpad | [] [] [] [] [] |
+ libc | [] [] [] [] |
+ libexif | [] |
+ libextractor | [] |
+ libgpewidget | [] [] [] |
+ libgpg-error | [] |
+ libgphoto2 | [] [] |
+ libgphoto2_port | [] [] |
+ libgsasl | |
+ libiconv | [] [] |
+ libidn | [] [] [] |
+ lifelines | [] () |
+ lilypond | [] |
+ lingoteach | |
+ lprng | |
+ lynx | [] [] [] [] |
+ m4 | [] [] [] [] |
+ mailfromd | |
+ mailutils | [] |
+ make | [] [] |
+ man-db | [] [] [] |
+ minicom | [] [] [] |
+ nano | [] [] [] |
+ opcodes | [] |
+ parted | [] [] |
+ pilot-qof | |
+ popt | [] [] [] |
+ psmisc | [] |
+ pwdutils | |
+ qof | |
+ radius | [] |
+ recode | [] [] [] [] [] [] |
+ rpm | [] |
+ screem | |
+ scrollkeeper | [] [] [] [] [] [] [] [] |
+ sed | [] [] [] |
+ shared-mime-info | [] [] [] [] () [] [] [] |
+ sharutils | [] [] [] [] [] [] |
+ shishi | |
+ skencil | [] () |
+ solfege | |
+ soundtracker | [] [] |
+ sp | [] |
+ system-tools-ba... | [] [] [] [] [] [] [] [] [] |
+ tar | [] [] |
+ texinfo | [] [] [] |
+ tin | () () |
+ tuxpaint | [] [] [] [] [] [] |
+ unicode-han-tra... | |
+ unicode-transla... | |
+ util-linux | [] [] [] [] |
+ util-linux-ng | [] [] [] [] |
+ vorbis-tools | [] |
+ wastesedge | () |
+ wdiff | [] [] [] [] |
+ wget | [] [] [] |
+ xchat | [] [] [] [] [] [] [] |
+ xkeyboard-config | [] |
+ xpad | [] [] [] |
+ +----------------------------------------------------+
+ af am ar az be bg bs ca cs cy da de el en en_GB eo
+ 6 0 2 1 8 26 2 40 48 2 56 88 15 1 15 18
+
+ es et eu fa fi fr ga gl gu he hi hr hu id is it
+ +--------------------------------------------------+
+ Compendium | [] [] [] [] [] |
+ a2ps | [] [] [] () |
+ aegis | |
+ ant-phone | [] |
+ anubis | [] |
+ ap-utils | [] [] |
+ aspell | [] [] [] |
+ bash | [] |
+ bfd | [] [] |
+ bibshelf | [] [] [] |
+ binutils | [] [] [] |
+ bison | [] [] [] [] [] [] |
+ bison-runtime | [] [] [] [] [] |
+ bluez-pin | [] [] [] [] [] |
+ cflow | [] |
+ clisp | [] [] |
+ console-tools | |
+ coreutils | [] [] [] [] [] [] |
+ cpio | [] [] [] |
+ cpplib | [] [] |
+ cryptonit | [] |
+ dialog | [] [] [] |
+ diffutils | [] [] [] [] [] [] [] [] [] |
+ doodle | [] [] |
+ e2fsprogs | [] [] [] |
+ enscript | [] [] [] |
+ fetchmail | [] |
+ findutils | [] [] [] |
+ findutils_stable | [] [] [] [] |
+ flex | [] [] [] |
+ fslint | |
+ gas | [] [] |
+ gawk | [] [] [] [] () |
+ gcal | [] [] |
+ gcc | [] |
+ gettext-examples | [] [] [] [] [] [] [] |
+ gettext-runtime | [] [] [] [] [] [] |
+ gettext-tools | [] [] [] [] |
+ gip | [] [] [] [] |
+ gliv | () |
+ glunarclock | [] [] [] |
+ gmult | [] [] [] |
+ gnubiff | () () |
+ gnucash | () () () |
+ gnuedu | [] |
+ gnulib | [] [] [] |
+ gnunet | |
+ gnunet-gtk | |
+ gnutls | |
+ gpe-aerial | [] [] |
+ gpe-beam | [] [] |
+ gpe-calendar | |
+ gpe-clock | [] [] [] [] |
+ gpe-conf | [] |
+ gpe-contacts | [] [] |
+ gpe-edit | [] [] [] [] |
+ gpe-filemanager | [] |
+ gpe-go | [] [] [] |
+ gpe-login | [] [] [] |
+ gpe-ownerinfo | [] [] [] [] [] |
+ gpe-package | [] |
+ gpe-sketchbook | [] [] |
+ gpe-su | [] [] [] [] |
+ gpe-taskmanager | [] [] [] |
+ gpe-timesheet | [] [] [] [] |
+ gpe-today | [] [] [] [] |
+ gpe-todo | [] |
+ gphoto2 | [] [] [] [] [] |
+ gprof | [] [] [] [] [] |
+ gpsdrive | [] |
+ gramadoir | [] [] |
+ grep | [] [] [] |
+ gretl | [] [] [] () |
+ gsasl | [] [] |
+ gss | [] [] |
+ gst-plugins-bad | [] [] [] [] |
+ gst-plugins-base | [] [] [] [] |
+ gst-plugins-good | [] [] [] [] [] |
+ gst-plugins-ugly | [] [] [] [] |
+ gstreamer | [] [] [] |
+ gtick | [] [] [] |
+ gtkam | [] [] [] [] |
+ gtkorphan | [] [] |
+ gtkspell | [] [] [] [] [] [] [] |
+ gutenprint | [] |
+ hello | [] [] [] [] [] [] [] [] [] [] [] [] [] |
+ herrie | [] |
+ hylafax | |
+ idutils | [] [] [] [] [] |
+ indent | [] [] [] [] [] [] [] [] [] [] |
+ iso_15924 | [] |
+ iso_3166 | [] [] [] [] [] [] [] [] [] [] [] [] [] |
+ iso_3166_2 | [] |
+ iso_4217 | [] [] [] [] [] [] |
+ iso_639 | [] [] [] [] [] [] |
+ jpilot | [] [] |
+ jtag | [] |
+ jwhois | [] [] [] [] [] |
+ kbd | [] [] |
+ keytouch | [] [] [] |
+ keytouch-editor | [] |
+ keytouch-keyboa... | [] [] |
+ latrine | [] [] |
+ ld | [] [] [] [] |
+ leafpad | [] [] [] [] [] [] |
+ libc | [] [] [] [] [] |
+ libexif | [] |
+ libextractor | [] |
+ libgpewidget | [] [] [] [] [] |
+ libgpg-error | [] |
+ libgphoto2 | [] [] [] |
+ libgphoto2_port | [] [] |
+ libgsasl | [] [] |
+ libiconv | [] [] [] |
+ libidn | [] [] |
+ lifelines | () |
+ lilypond | [] [] [] |
+ lingoteach | [] [] [] |
+ lprng | |
+ lynx | [] [] [] |
+ m4 | [] [] [] [] |
+ mailfromd | |
+ mailutils | [] [] |
+ make | [] [] [] [] [] [] [] [] |
+ man-db | [] |
+ minicom | [] [] [] [] |
+ nano | [] [] [] [] [] [] [] |
+ opcodes | [] [] [] [] |
+ parted | [] [] [] |
+ pilot-qof | |
+ popt | [] [] [] [] |
+ psmisc | [] [] |
+ pwdutils | |
+ qof | [] |
+ radius | [] [] |
+ recode | [] [] [] [] [] [] [] [] |
+ rpm | [] [] |
+ screem | |
+ scrollkeeper | [] [] [] |
+ sed | [] [] [] [] [] |
+ shared-mime-info | [] [] [] [] [] [] |
+ sharutils | [] [] [] [] [] [] [] [] |
+ shishi | [] |
+ skencil | [] [] |
+ solfege | [] |
+ soundtracker | [] [] [] |
+ sp | [] |
+ system-tools-ba... | [] [] [] [] [] [] [] [] [] |
+ tar | [] [] [] [] [] |
+ texinfo | [] [] [] |
+ tin | [] () |
+ tuxpaint | [] [] |
+ unicode-han-tra... | |
+ unicode-transla... | [] [] |
+ util-linux | [] [] [] [] [] [] [] |
+ util-linux-ng | [] [] [] [] [] [] [] |
+ vorbis-tools | |
+ wastesedge | () |
+ wdiff | [] [] [] [] [] [] [] [] |
+ wget | [] [] [] [] [] [] [] [] |
+ xchat | [] [] [] [] [] [] [] |
+ xkeyboard-config | [] [] [] [] |
+ xpad | [] [] [] |
+ +--------------------------------------------------+
+ es et eu fa fi fr ga gl gu he hi hr hu id is it
+ 85 22 14 2 48 101 61 12 2 8 2 6 53 29 1 52
+
+ ja ka ko ku ky lg lt lv mk mn ms mt nb ne nl nn
+ +--------------------------------------------------+
+ Compendium | [] |
+ a2ps | () [] [] |
+ aegis | () |
+ ant-phone | [] |
+ anubis | [] [] [] |
+ ap-utils | [] |
+ aspell | [] [] |
+ bash | [] |
+ bfd | |
+ bibshelf | [] |
+ binutils | |
+ bison | [] [] [] |
+ bison-runtime | [] [] [] |
+ bluez-pin | [] [] [] |
+ cflow | |
+ clisp | [] |
+ console-tools | |
+ coreutils | [] |
+ cpio | [] |
+ cpplib | [] |
+ cryptonit | [] |
+ dialog | [] [] |
+ diffutils | [] [] [] |
+ doodle | |
+ e2fsprogs | [] |
+ enscript | [] |
+ fetchmail | [] [] |
+ findutils | [] |
+ findutils_stable | [] |
+ flex | [] [] |
+ fslint | |
+ gas | |
+ gawk | [] [] |
+ gcal | |
+ gcc | |
+ gettext-examples | [] [] [] |
+ gettext-runtime | [] [] [] |
+ gettext-tools | [] [] |
+ gip | [] [] |
+ gliv | [] |
+ glunarclock | [] [] |
+ gmult | [] [] [] |
+ gnubiff | |
+ gnucash | () () () |
+ gnuedu | |
+ gnulib | [] [] |
+ gnunet | |
+ gnunet-gtk | |
+ gnutls | [] |
+ gpe-aerial | [] |
+ gpe-beam | [] |
+ gpe-calendar | [] |
+ gpe-clock | [] [] [] |
+ gpe-conf | [] [] [] |
+ gpe-contacts | [] |
+ gpe-edit | [] [] [] |
+ gpe-filemanager | [] [] |
+ gpe-go | [] [] [] |
+ gpe-login | [] [] [] |
+ gpe-ownerinfo | [] [] |
+ gpe-package | [] [] |
+ gpe-sketchbook | [] [] |
+ gpe-su | [] [] [] |
+ gpe-taskmanager | [] [] [] [] |
+ gpe-timesheet | [] |
+ gpe-today | [] [] |
+ gpe-todo | [] |
+ gphoto2 | [] [] |
+ gprof | [] |
+ gpsdrive | [] |
+ gramadoir | () |
+ grep | [] [] |
+ gretl | |
+ gsasl | [] |
+ gss | |
+ gst-plugins-bad | [] |
+ gst-plugins-base | [] |
+ gst-plugins-good | [] |
+ gst-plugins-ugly | [] |
+ gstreamer | [] |
+ gtick | [] |
+ gtkam | [] [] |
+ gtkorphan | [] |
+ gtkspell | [] [] |
+ gutenprint | [] |
+ hello | [] [] [] [] [] [] [] |
+ herrie | [] |
+ hylafax | |
+ idutils | [] |
+ indent | [] [] |
+ iso_15924 | [] |
+ iso_3166 | [] [] [] [] [] [] [] [] |
+ iso_3166_2 | [] |
+ iso_4217 | [] [] [] |
+ iso_639 | [] [] [] [] |
+ jpilot | () () |
+ jtag | |
+ jwhois | [] |
+ kbd | [] |
+ keytouch | [] |
+ keytouch-editor | [] |
+ keytouch-keyboa... | |
+ latrine | [] |
+ ld | |
+ leafpad | [] [] |
+ libc | [] [] [] |
+ libexif | |
+ libextractor | |
+ libgpewidget | [] |
+ libgpg-error | |
+ libgphoto2 | [] |
+ libgphoto2_port | [] |
+ libgsasl | [] |
+ libiconv | [] |
+ libidn | [] [] |
+ lifelines | [] |
+ lilypond | [] |
+ lingoteach | [] |
+ lprng | |
+ lynx | [] [] |
+ m4 | [] [] |
+ mailfromd | |
+ mailutils | |
+ make | [] [] [] |
+ man-db | |
+ minicom | [] |
+ nano | [] [] [] |
+ opcodes | [] |
+ parted | [] [] |
+ pilot-qof | |
+ popt | [] [] [] |
+ psmisc | [] [] [] |
+ pwdutils | |
+ qof | |
+ radius | |
+ recode | [] |
+ rpm | [] [] |
+ screem | [] |
+ scrollkeeper | [] [] [] [] |
+ sed | [] [] |
+ shared-mime-info | [] [] [] [] [] [] [] |
+ sharutils | [] [] |
+ shishi | |
+ skencil | |
+ solfege | () () |
+ soundtracker | |
+ sp | () |
+ system-tools-ba... | [] [] [] [] |
+ tar | [] [] [] |
+ texinfo | [] [] |
+ tin | |
+ tuxpaint | () [] [] |
+ unicode-han-tra... | |
+ unicode-transla... | |
+ util-linux | [] [] |
+ util-linux-ng | [] [] |
+ vorbis-tools | |
+ wastesedge | [] |
+ wdiff | [] [] |
+ wget | [] [] |
+ xchat | [] [] [] [] |
+ xkeyboard-config | [] [] [] |
+ xpad | [] [] [] |
+ +--------------------------------------------------+
+ ja ka ko ku ky lg lt lv mk mn ms mt nb ne nl nn
+ 51 2 25 3 2 0 6 0 2 2 20 0 11 1 103 6
+
+ or pa pl pt pt_BR rm ro ru rw sk sl sq sr sv ta
+ +--------------------------------------------------+
+ Compendium | [] [] [] [] [] |
+ a2ps | () [] [] [] [] [] [] |
+ aegis | () () |
+ ant-phone | [] [] |
+ anubis | [] [] [] |
+ ap-utils | () |
+ aspell | [] [] [] |
+ bash | [] [] |
+ bfd | |
+ bibshelf | [] |
+ binutils | [] [] |
+ bison | [] [] [] [] [] |
+ bison-runtime | [] [] [] [] [] |
+ bluez-pin | [] [] [] [] [] [] [] [] [] |
+ cflow | [] |
+ clisp | [] |
+ console-tools | [] |
+ coreutils | [] [] [] [] |
+ cpio | [] [] [] |
+ cpplib | [] |
+ cryptonit | [] [] |
+ dialog | [] |
+ diffutils | [] [] [] [] [] [] |
+ doodle | [] [] |
+ e2fsprogs | [] [] |
+ enscript | [] [] [] [] [] |
+ fetchmail | [] [] [] |
+ findutils | [] [] [] |
+ findutils_stable | [] [] [] [] [] [] |
+ flex | [] [] [] [] [] |
+ fslint | [] |
+ gas | |
+ gawk | [] [] [] [] |
+ gcal | [] |
+ gcc | [] [] |
+ gettext-examples | [] [] [] [] [] [] [] [] |
+ gettext-runtime | [] [] [] [] [] [] [] [] |
+ gettext-tools | [] [] [] [] [] [] [] |
+ gip | [] [] [] [] |
+ gliv | [] [] [] [] [] [] |
+ glunarclock | [] [] [] [] [] [] |
+ gmult | [] [] [] [] |
+ gnubiff | () [] |
+ gnucash | () [] |
+ gnuedu | |
+ gnulib | [] [] [] |
+ gnunet | |
+ gnunet-gtk | [] |
+ gnutls | [] [] |
+ gpe-aerial | [] [] [] [] [] [] [] |
+ gpe-beam | [] [] [] [] [] [] [] |
+ gpe-calendar | [] [] [] [] |
+ gpe-clock | [] [] [] [] [] [] [] [] |
+ gpe-conf | [] [] [] [] [] [] [] |
+ gpe-contacts | [] [] [] [] [] |
+ gpe-edit | [] [] [] [] [] [] [] [] [] |
+ gpe-filemanager | [] [] |
+ gpe-go | [] [] [] [] [] [] [] [] |
+ gpe-login | [] [] [] [] [] [] [] [] |
+ gpe-ownerinfo | [] [] [] [] [] [] [] [] |
+ gpe-package | [] [] |
+ gpe-sketchbook | [] [] [] [] [] [] [] [] |
+ gpe-su | [] [] [] [] [] [] [] [] |
+ gpe-taskmanager | [] [] [] [] [] [] [] [] |
+ gpe-timesheet | [] [] [] [] [] [] [] [] |
+ gpe-today | [] [] [] [] [] [] [] [] |
+ gpe-todo | [] [] [] [] |
+ gphoto2 | [] [] [] [] [] [] |
+ gprof | [] [] [] |
+ gpsdrive | [] [] |
+ gramadoir | [] [] |
+ grep | [] [] [] [] |
+ gretl | [] [] [] |
+ gsasl | [] [] [] |
+ gss | [] [] [] [] |
+ gst-plugins-bad | [] [] [] |
+ gst-plugins-base | [] [] |
+ gst-plugins-good | [] [] |
+ gst-plugins-ugly | [] [] [] |
+ gstreamer | [] [] [] [] |
+ gtick | [] |
+ gtkam | [] [] [] [] [] |
+ gtkorphan | [] |
+ gtkspell | [] [] [] [] [] [] [] [] |
+ gutenprint | [] |
+ hello | [] [] [] [] [] [] [] [] |
+ herrie | [] [] [] |
+ hylafax | |
+ idutils | [] [] [] [] [] |
+ indent | [] [] [] [] [] [] [] |
+ iso_15924 | |
+ iso_3166 | [] [] [] [] [] [] [] [] [] [] [] [] [] |
+ iso_3166_2 | |
+ iso_4217 | [] [] [] [] [] [] [] |
+ iso_639 | [] [] [] [] [] [] [] |
+ jpilot | |
+ jtag | [] |
+ jwhois | [] [] [] [] |
+ kbd | [] [] [] |
+ keytouch | [] |
+ keytouch-editor | [] |
+ keytouch-keyboa... | [] |
+ latrine | |
+ ld | [] |
+ leafpad | [] [] [] [] [] [] |
+ libc | [] [] [] [] |
+ libexif | [] [] |
+ libextractor | [] [] |
+ libgpewidget | [] [] [] [] [] [] [] [] |
+ libgpg-error | [] [] [] |
+ libgphoto2 | [] |
+ libgphoto2_port | [] [] [] |
+ libgsasl | [] [] [] [] |
+ libiconv | [] [] [] |
+ libidn | [] [] () |
+ lifelines | [] [] |
+ lilypond | |
+ lingoteach | [] |
+ lprng | [] |
+ lynx | [] [] [] |
+ m4 | [] [] [] [] [] |
+ mailfromd | [] |
+ mailutils | [] [] [] |
+ make | [] [] [] [] |
+ man-db | [] [] [] [] |
+ minicom | [] [] [] [] [] |
+ nano | [] [] [] [] |
+ opcodes | [] [] |
+ parted | [] |
+ pilot-qof | |
+ popt | [] [] [] [] |
+ psmisc | [] [] |
+ pwdutils | [] [] |
+ qof | [] [] |
+ radius | [] [] |
+ recode | [] [] [] [] [] [] [] |
+ rpm | [] [] [] [] |
+ screem | |
+ scrollkeeper | [] [] [] [] [] [] [] |
+ sed | [] [] [] [] [] [] [] [] [] |
+ shared-mime-info | [] [] [] [] [] [] |
+ sharutils | [] [] [] [] |
+ shishi | [] |
+ skencil | [] [] [] |
+ solfege | [] |
+ soundtracker | [] [] |
+ sp | |
+ system-tools-ba... | [] [] [] [] [] [] [] [] [] |
+ tar | [] [] [] [] |
+ texinfo | [] [] [] [] |
+ tin | () |
+ tuxpaint | [] [] [] [] [] [] |
+ unicode-han-tra... | |
+ unicode-transla... | |
+ util-linux | [] [] [] [] |
+ util-linux-ng | [] [] [] [] |
+ vorbis-tools | [] |
+ wastesedge | |
+ wdiff | [] [] [] [] [] [] [] |
+ wget | [] [] [] [] |
+ xchat | [] [] [] [] [] [] [] |
+ xkeyboard-config | [] [] [] |
+ xpad | [] [] [] |
+ +--------------------------------------------------+
+ or pa pl pt pt_BR rm ro ru rw sk sl sq sr sv ta
+ 0 5 77 31 53 4 58 72 3 45 46 9 45 122 3
+
+ tg th tk tr uk ven vi wa xh zh_CN zh_HK zh_TW zu
+ +---------------------------------------------------+
+ Compendium | [] [] [] [] | 19
+ a2ps | [] [] [] | 19
+ aegis | [] | 1
+ ant-phone | [] [] | 6
+ anubis | [] [] [] | 11
+ ap-utils | () [] | 4
+ aspell | [] [] [] | 16
+ bash | [] | 6
+ bfd | | 2
+ bibshelf | [] | 7
+ binutils | [] [] [] [] | 9
+ bison | [] [] [] [] | 20
+ bison-runtime | [] [] [] [] | 18
+ bluez-pin | [] [] [] [] [] [] | 28
+ cflow | [] [] | 5
+ clisp | | 9
+ console-tools | [] [] | 5
+ coreutils | [] [] [] | 18
+ cpio | [] [] [] [] | 11
+ cpplib | [] [] [] [] [] | 12
+ cryptonit | [] | 6
+ dialog | [] [] [] | 9
+ diffutils | [] [] [] [] [] | 29
+ doodle | [] | 6
+ e2fsprogs | [] [] | 10
+ enscript | [] [] [] | 16
+ fetchmail | [] [] | 12
+ findutils | [] [] [] | 11
+ findutils_stable | [] [] [] [] | 18
+ flex | [] [] | 15
+ fslint | [] | 2
+ gas | [] | 3
+ gawk | [] [] [] | 16
+ gcal | [] | 5
+ gcc | [] [] [] | 7
+ gettext-examples | [] [] [] [] [] [] | 29
+ gettext-runtime | [] [] [] [] [] [] | 28
+ gettext-tools | [] [] [] [] [] | 20
+ gip | [] [] | 13
+ gliv | [] [] | 11
+ glunarclock | [] [] [] | 15
+ gmult | [] [] [] [] | 16
+ gnubiff | [] | 2
+ gnucash | () [] | 5
+ gnuedu | [] | 2
+ gnulib | [] | 10
+ gnunet | | 0
+ gnunet-gtk | [] [] | 3
+ gnutls | | 4
+ gpe-aerial | [] [] | 14
+ gpe-beam | [] [] | 14
+ gpe-calendar | [] [] | 7
+ gpe-clock | [] [] [] [] | 21
+ gpe-conf | [] [] [] | 16
+ gpe-contacts | [] [] | 10
+ gpe-edit | [] [] [] [] [] | 22
+ gpe-filemanager | [] [] | 7
+ gpe-go | [] [] [] [] | 19
+ gpe-login | [] [] [] [] [] | 21
+ gpe-ownerinfo | [] [] [] [] | 21
+ gpe-package | [] | 6
+ gpe-sketchbook | [] [] | 16
+ gpe-su | [] [] [] [] | 21
+ gpe-taskmanager | [] [] [] [] | 21
+ gpe-timesheet | [] [] [] [] | 18
+ gpe-today | [] [] [] [] [] | 21
+ gpe-todo | [] [] | 8
+ gphoto2 | [] [] [] [] | 21
+ gprof | [] [] | 13
+ gpsdrive | [] | 5
+ gramadoir | [] | 7
+ grep | [] | 12
+ gretl | | 6
+ gsasl | [] [] [] | 9
+ gss | [] | 7
+ gst-plugins-bad | [] [] [] | 13
+ gst-plugins-base | [] [] | 11
+ gst-plugins-good | [] [] [] [] [] | 16
+ gst-plugins-ugly | [] [] [] | 13
+ gstreamer | [] [] [] | 18
+ gtick | [] [] | 7
+ gtkam | [] | 16
+ gtkorphan | [] | 7
+ gtkspell | [] [] [] [] [] [] | 27
+ gutenprint | | 4
+ hello | [] [] [] [] [] | 38
+ herrie | [] [] | 8
+ hylafax | | 0
+ idutils | [] [] | 15
+ indent | [] [] [] [] [] | 28
+ iso_15924 | [] [] | 4
+ iso_3166 | [] [] [] [] [] [] [] [] [] | 54
+ iso_3166_2 | [] [] | 4
+ iso_4217 | [] [] [] [] [] | 24
+ iso_639 | [] [] [] [] [] | 26
+ jpilot | [] [] [] [] | 7
+ jtag | [] | 3
+ jwhois | [] [] [] | 13
+ kbd | [] [] [] | 13
+ keytouch | [] | 8
+ keytouch-editor | [] | 5
+ keytouch-keyboa... | [] | 5
+ latrine | [] [] | 5
+ ld | [] [] [] [] | 10
+ leafpad | [] [] [] [] [] | 24
+ libc | [] [] [] | 19
+ libexif | [] | 5
+ libextractor | [] | 5
+ libgpewidget | [] [] [] | 20
+ libgpg-error | [] | 6
+ libgphoto2 | [] [] | 9
+ libgphoto2_port | [] [] [] | 11
+ libgsasl | [] | 8
+ libiconv | [] [] | 11
+ libidn | [] [] | 11
+ lifelines | | 4
+ lilypond | [] | 6
+ lingoteach | [] | 6
+ lprng | [] | 2
+ lynx | [] [] [] | 15
+ m4 | [] [] [] | 18
+ mailfromd | [] [] | 3
+ mailutils | [] [] | 8
+ make | [] [] [] | 20
+ man-db | [] | 9
+ minicom | [] | 14
+ nano | [] [] [] | 20
+ opcodes | [] [] | 10
+ parted | [] [] [] | 11
+ pilot-qof | [] | 1
+ popt | [] [] [] [] | 18
+ psmisc | [] [] | 10
+ pwdutils | [] | 3
+ qof | [] | 4
+ radius | [] [] | 7
+ recode | [] [] [] | 25
+ rpm | [] [] [] [] | 13
+ screem | [] | 2
+ scrollkeeper | [] [] [] [] | 26
+ sed | [] [] [] [] | 23
+ shared-mime-info | [] [] [] | 29
+ sharutils | [] [] [] | 23
+ shishi | [] | 3
+ skencil | [] | 7
+ solfege | [] | 3
+ soundtracker | [] [] | 9
+ sp | [] | 3
+ system-tools-ba... | [] [] [] [] [] [] [] | 38
+ tar | [] [] [] | 17
+ texinfo | [] [] [] | 15
+ tin | | 1
+ tuxpaint | [] [] [] | 19
+ unicode-han-tra... | | 0
+ unicode-transla... | | 2
+ util-linux | [] [] [] | 20
+ util-linux-ng | [] [] [] | 20
+ vorbis-tools | [] [] | 4
+ wastesedge | | 1
+ wdiff | [] [] | 23
+ wget | [] [] [] | 20
+ xchat | [] [] [] [] | 29
+ xkeyboard-config | [] [] [] | 14
+ xpad | [] [] [] | 15
+ +---------------------------------------------------+
+ 76 teams tg th tk tr uk ven vi wa xh zh_CN zh_HK zh_TW zu
+ 163 domains 0 3 1 74 51 0 143 21 1 57 7 45 0 2036
+
+ Some counters in the preceding matrix are higher than the number of
+visible blocks let us expect. This is because a few extra PO files are
+used for implementing regional variants of languages, or language
+dialects.
+
+ For a PO file in the matrix above to be effective, the package to
+which it applies should also have been internationalized and
+distributed as such by its maintainer. There might be an observable
+lag between the mere existence a PO file and its wide availability in a
+distribution.
+
+ If November 2007 seems to be old, you may fetch a more recent copy
+of this `ABOUT-NLS' file on most GNU archive sites. The most
+up-to-date matrix with full percentage details can be found at
+`http://translationproject.org/extra/matrix.html'.
+
+1.6 Using `gettext' in new packages
+===================================
+
+If you are writing a freely available program and want to
+internationalize it you are welcome to use GNU `gettext' in your
+package. Of course you have to respect the GNU Library General Public
+License which covers the use of the GNU `gettext' library. This means
+in particular that even non-free programs can use `libintl' as a shared
+library, whereas only free software can use `libintl' as a static
+library or use modified versions of `libintl'.
+
+ Once the sources are changed appropriately and the setup can handle
+the use of `gettext' the only thing missing are the translations. The
+Free Translation Project is also available for packages which are not
+developed inside the GNU project. Therefore the information given above
+applies also for every other Free Software Project. Contact
+`coordinator@translationproject.org' to make the `.pot' files available
+to the translation teams.
+
diff --git a/AUTHORS b/AUTHORS
new file mode 100644
index 0000000..eea52a8
--- /dev/null
+++ b/AUTHORS
@@ -0,0 +1,180 @@
+Program: GnuPG
+Homepage: http://www.gnupg.org
+Maintainer: Werner Koch <wk@gnupg.org>
+Bug reports: http://bugs.gnupg.org
+Security related bug reports: <security@gnupg.org>
+License: GPLv3+
+
+
+Authors
+=======
+
+Ales Nyakhaychyk <nyakhaychyk@i1fn.linux.by> Translations [be]
+
+Birger Langkjer <birger.langkjer@image.dk> Translations [da]
+
+Maxim Britov <maxim.britov@gmail.com> Translations [ru]
+
+Daniel Resare <daniel@resare.com> Translations [sv]
+Per Tunedal <per@clipanish.com> Translations [sv]
+Daniel Nylander <po@danielnylander.se> Translations [sv]
+
+Daiki Ueno <ueno@unixuser.org> Assigns Past and Future Changes.
+ (changed:passphrase.c and related code)
+
+David Shaw <dshaw@jabberwocky.com> Assigns past and future changes.
+ (all in keyserver/,
+ a lot of changes in g10/ see the ChangeLog,
+ bug fixes here and there)
+
+Dokianakis Theofanis <madf@hellug.gr> Translations [el]
+
+Edmund GRIMLEY EVANS <edmundo@rano.org> Translations [eo]
+
+Florian Weimer <fw@deneb.enyo.de> Assigns past and future changes
+ (changed:g10/parse-packet.c, include/iobuf.h, util/iobuf.c)
+
+g10 Code GmbH <info@g10code.com> Assigns past and future changes
+ (all work since 2001 as indicated by mail addresses in ChangeLogs)
+
+Gaël Quéri <gael@lautre.net> Translations [fr]
+ (fixed a lot of typos)
+
+Gregory Steuck <steuck@iname.com> Translations [ru]
+
+Nagy Ferenc László <nfl@nfllab.com> Translations [hu]
+
+Ivo Timmermans <itimmermans@bigfoot.com> Translations [nl]
+
+Jacobo Tarri'o Barreiro <jtarrio@iname.com> Translations [gl]
+
+Janusz Aleksander Urbanowicz <alex@bofh.torun.pl> Translations [pl]
+Jakub Bogusz <qboosh@pld-linux.org> Translations [pl]
+
+Jedi Lin <Jedi@idej.org> Translations [zh-tw]
+
+Jouni Hiltunen <jouni.hiltunen@kolumbus.fi> Translations [fi]
+Tommi Vainikainen <Tommi.Vainikainen@iki.fi> Translations [fi]
+
+Laurentiu Buzdugan <lbgnupg@rolix.org> Translations [ro]
+
+Magda Procha'zkova' <magda@math.muni.cz> Translations [cs]
+
+Michael Roth <mroth@nessie.de> Assigns changes.
+ (wrote cipher/des.c., changes and bug fixes all over the place)
+
+Michal Majer <mmajer@econ.umb.sk> Translations [sk]
+
+Marco d'Itri <md@linux.it> Translations [it]
+
+Marcus Brinkmann <marcus@g10code.de>
+ (gpgconf and fixes all over the place)
+
+Matthew Skala <mskala@ansuz.sooke.bc.ca> Disclaimer
+ (wrote cipher/twofish.c)
+
+Moritz Schulte <moritz@g10code.com>
+ (ssh support gpg-agent)
+
+Niklas Hernaeus <nh@df.lth.se> Disclaimer
+ (weak key patches)
+
+Nilgun Belma Buguner <nilgun@technologist.com> Translations [tr]
+
+Nils Ellmenreich <nils 'at' infosun.fmi.uni-passau.de>
+ Assigns past and future changes
+ (configure.in, cipher/rndlinux.c, FAQ)
+
+Paul Eggert <eggert@twinsun.com>
+ (configuration macros for LFS)
+
+Pavel I. Shajdo <pshajdo@gmail.com> Translations [ru]
+ (man pages)
+
+Pedro Morais <morais@poli.org> Translations [pt_PT]
+
+Petr Pisar <petr.pisar@atlas.cz> Translations [cs]
+
+Rémi Guyomarch <rguyom@mail.dotcom.fr> Assigns past and future changes.
+ (g10/compress.c, g10/encr-data.c,
+ g10/free-packet.c, g10/mdfilter.c, g10/plaintext.c, util/iobuf.c)
+
+Stefan Bellon <sbellon@sbellon.de> Assigns past and future changes.
+ (All patches to support RISC OS)
+
+Timo Schulz <twoaday@freakmail.de> Assigns past and future changes.
+ (util/w32reg.c, g10/passphrase.c, g10/hkp.c)
+
+Tedi Heriyanto <tedi_h@gmx.net> Translations [id]
+
+Thiago Jung Bauermann <jungmann@cwb.matrix.com.br> Translations [pt_BR]
+Rafael Caetano dos Santos <rcaetano@linux.ime.usp.br> Translations [pt_BR]
+
+Toomas Soome <tsoome@ut.ee> Translations [et]
+
+Urko Lusa <ulusa@euskalnet.net> Translations [es_ES]
+
+Walter Koch <koch@u32.de> Translations [de]
+
+Werner Koch <wk@gnupg.org> Assigns GNU Privacy Guard and future changes.
+ (started the whole thing, wrote the S/MIME extensions, the
+ smartcard daemon and the gpg-agent)
+
+Yosiaki IIDA <iida@ring.gr.jp> Translations [ja]
+
+Yuri Chornoivan, yurchor at ukr dot net: Translations [uk]
+
+
+Other authors
+=============
+
+The files common/libestream.[ch] are maintained as a separate project
+by g10 Code GmbH. These files, as used here, are considered part of
+GnuPG.
+
+The RPM specs file scripts/gnupg.spec has been contributed by
+several people.
+
+The function build_argv in agent/w32main.c is based on code from
+Alexandre Julliard.
+
+The gpg-zip documentation is based on the manpage for gpg-zip, written
+by Colin Tuckley and Daniel Leidert for the GNU/Debian distribution.
+
+
+Copyright
+=========
+
+GnuPG is distributed under the GNU General Public License, version 2
+or later. A few files are under the Lesser General Public License, a
+few other files carry the all permissive license note as found at the
+bottom of this file. Certain files in keyserver/ allow one specific
+exception:
+
+ In addition, as a special exception, the Free Software Foundation
+ gives permission to link the code of the keyserver helper tools:
+ gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL
+ project's "OpenSSL" library (or with modified versions of it that
+ use the same license as the "OpenSSL" library), and distribute the
+ linked executables. You must obey the GNU General Public License
+ in all respects for all of the code used other than "OpenSSL". If
+ you modify this file, you may extend this exception to your version
+ of the file, but you are not obligated to do so. If you do not
+ wish to do so, delete this exception statement from your version.
+
+Note that the gpgkeys_* binaries are currently installed under the
+name gpg2keys_*.
+
+=========
+
+ Copyright 1998, 1999, 2000, 2001, 2002, 2004, 2005,
+ 2006, 2007, 2008 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
diff --git a/COPYING b/COPYING
new file mode 100644
index 0000000..4432540
--- /dev/null
+++ b/COPYING
@@ -0,0 +1,676 @@
+
+ GNU GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so. This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software. The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable. Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products. If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ <program> Copyright (C) <year> <name of author>
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+ The GNU General Public License does not permit incorporating your program
+into proprietary programs. If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License. But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.
+
diff --git a/COPYING.LIB b/COPYING.LIB
new file mode 100644
index 0000000..fc8a5de
--- /dev/null
+++ b/COPYING.LIB
@@ -0,0 +1,165 @@
+ GNU LESSER GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+ This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+ 0. Additional Definitions.
+
+ As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+ "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+ An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+ A "Combined Work" is a work produced by combining or linking an
+Application with the Library. The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+ The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+ The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+ 1. Exception to Section 3 of the GNU GPL.
+
+ You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+ 2. Conveying Modified Versions.
+
+ If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+ a) under this License, provided that you make a good faith effort to
+ ensure that, in the event an Application does not supply the
+ function or data, the facility still operates, and performs
+ whatever part of its purpose remains meaningful, or
+
+ b) under the GNU GPL, with none of the additional permissions of
+ this License applicable to that copy.
+
+ 3. Object Code Incorporating Material from Library Header Files.
+
+ The object code form of an Application may incorporate material from
+a header file that is part of the Library. You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+ a) Give prominent notice with each copy of the object code that the
+ Library is used in it and that the Library and its use are
+ covered by this License.
+
+ b) Accompany the object code with a copy of the GNU GPL and this license
+ document.
+
+ 4. Combined Works.
+
+ You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+ a) Give prominent notice with each copy of the Combined Work that
+ the Library is used in it and that the Library and its use are
+ covered by this License.
+
+ b) Accompany the Combined Work with a copy of the GNU GPL and this license
+ document.
+
+ c) For a Combined Work that displays copyright notices during
+ execution, include the copyright notice for the Library among
+ these notices, as well as a reference directing the user to the
+ copies of the GNU GPL and this license document.
+
+ d) Do one of the following:
+
+ 0) Convey the Minimal Corresponding Source under the terms of this
+ License, and the Corresponding Application Code in a form
+ suitable for, and under terms that permit, the user to
+ recombine or relink the Application with a modified version of
+ the Linked Version to produce a modified Combined Work, in the
+ manner specified by section 6 of the GNU GPL for conveying
+ Corresponding Source.
+
+ 1) Use a suitable shared library mechanism for linking with the
+ Library. A suitable mechanism is one that (a) uses at run time
+ a copy of the Library already present on the user's computer
+ system, and (b) will operate properly with a modified version
+ of the Library that is interface-compatible with the Linked
+ Version.
+
+ e) Provide Installation Information, but only if you would otherwise
+ be required to provide such information under section 6 of the
+ GNU GPL, and only to the extent that such information is
+ necessary to install and execute a modified version of the
+ Combined Work produced by recombining or relinking the
+ Application with a modified version of the Linked Version. (If
+ you use option 4d0, the Installation Information must accompany
+ the Minimal Corresponding Source and Corresponding Application
+ Code. If you use option 4d1, you must provide the Installation
+ Information in the manner specified by section 6 of the GNU GPL
+ for conveying Corresponding Source.)
+
+ 5. Combined Libraries.
+
+ You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+ a) Accompany the combined library with a copy of the same work based
+ on the Library, uncombined with any other library facilities,
+ conveyed under the terms of this License.
+
+ b) Give prominent notice with the combined library that part of it
+ is a work based on the Library, and explaining where to find the
+ accompanying uncombined form of the same work.
+
+ 6. Revised Versions of the GNU Lesser General Public License.
+
+ The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+ If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.
diff --git a/ChangeLog b/ChangeLog
new file mode 100644
index 0000000..6d12f01
--- /dev/null
+++ b/ChangeLog
@@ -0,0 +1,140 @@
+2012-03-27 Werner Koch <wk@gnupg.org>
+
+ Release 2.0.19.
+
+ Update zh_TW translation.
+
+ Update config.{sub,guess} to version 2012-02-10.
+ * scripts/config.guess, scripts/config.sub: Update.
+
+ Update texinfo source from master.
+ * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi
+ * doc/scdaemon.texi, doc/tools.texi: Update.
+ * doc/yat2m.c: Update.
+
+ Add target to update the texinfo files from master.
+ * doc/Makefile.am (update-source): New.
+
+2012-03-26 Werner Koch <wk@gnupg.org>
+
+ Fix make rules for audit-events.h et al.
+ * common/Makefile.am (audit-events.h, status-codes.h): Fix target file
+ name.
+
+ Update samplekeys and NEWS.
+ * doc/samplekeys.asc: Update.
+
+ Allow compressed data with algorithm 0.
+ * g10/mainproc.c (proc_compressed): Remove superfluous check for
+ an algorithm number of 0. This is bug#1326.
+
+2012-02-01 David Shaw <dshaw@jabberwocky.com>
+
+ Honor --cert-digest-algo when recreating a cert.
+ * g10/sign.c (update_keysig_packet): Honor --cert-digest-algo when
+ recreating a cert.
+
+ This is used by various things in --edit-key like setpref, primary,
+ etc. Suggested by Christian Aistleitner.
+
+2012-01-31 Werner Koch <wk@gnupg.org>
+
+ Update copyright year.
+
+ Require an installed gitlog_to_changelog for make dist.
+ * scripts/gitlog-to-changelog: Remove.
+ * Makefile.am (GITLOG_TO_CHANGELOG): New.
+ (gen-ChangeLog): Use it. Add set -e.
+
+ Add Ukrainian translation.
+ * po/uk.po: New.
+ * po/LINGUAS: Add uk.po.
+
+ estream: Avoid printing leading zeroes by %p on 32 bit systems.
+ * common/estream-printf.c (pr_pointer): Synchronize definition of
+ AULONG with its use.
+
+ gpg: Add a DECRYPTION_INFO status.
+ * common/status.h (STATUS_DECRYPTION_INFO): New.
+ * g10/encr-data.c: Include status.h.
+ (decrypt_data): Emit STATUS_DECRYPTION_INFO line.
+
+2012-01-20 Werner Koch <wk@gnupg.org>
+
+ Do not copy default merge commit log entries into the ChangeLog.
+ * scripts/gitlog-to-changelog: Skip merge commits.
+
+ Add files to .gitignore.
+
+2012-01-20 David Shaw <dshaw@jabberwocky.com>
+
+ Changes to --min-cert-level should cause a trustdb rebuild (issue 1366)
+ * g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level
+
+ * g10/trustdb.c (check_trustdb_stale): Request a rebuild if
+ pending_check_trustdb is true (set when we detect a trustdb
+ parameter has changed).
+
+ * g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
+ listing for min_cert_level not matching.
+
+ * g10/tdbio.c (tdbio_update_version_record, create_version_record,
+ tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
+ tdbio_write_record): Add a byte for min_cert_level in the tdbio
+ version record.
+
+2012-01-11 David Shaw <dshaw@jabberwocky.com>
+
+ Refresh sample keys.
+
+2012-01-03 Werner Koch <wk@gnupg.org>
+
+ Terminate csh commands with a semicolon.
+ Fixes bug#1386.
+
+ * agent/gpg-agent.c (main): Terminate csh style output with a semicolon.
+ * scd/scdaemon.c: Ditto.
+
+2011-12-28 David Shaw <dshaw@jabberwocky.com>
+
+ Use the longest key ID available when talking to a HKP server.
+ This is issue 1340. Now that PKSD is dead, and SKS supports long key
+ IDs, this is safe to do. Patch from Daniel Kahn Gillmor
+ <dkg@fifthhorseman.net>.
+
+2011-12-15 David Shaw <dshaw@jabberwocky.com>
+
+ Merge fix for issue 1331 from 1.4.
+ * photoid.c (generate_photo_id): Check for the JPEG magic numbers
+ instead of JFIF since some programs generate an EXIF header first.
+
+2011-12-02 Werner Koch <wk@gnupg.org>
+
+ Generate the ChangeLog from commit logs.
+ * scripts/gitlog-to-changelog: New script. Taken from gnulib.
+ * scripts/git-log-fix: New file.
+ * scripts/git-log-footer: New file.
+ * scripts/git-hooks/commit-msg: New script.
+ * autogen.sh: Install commit-msg hook for git.
+ * doc/HACKING: Describe the ChangeLog policy.
+ * ChangeLog: New file.
+ * Makefile.am (EXTRA_DIST): Add new files.
+ (gen-ChangeLog): New.
+ (dist-hook): Run gen-ChangeLog.
+
+ Rename all ChangeLog files to ChangeLog-2011.
+
+2011-12-01 Werner Koch <wk@gnupg.org>
+
+ NB: Changes done before December 1st, 2011 are described in
+ per directory files named ChangeLog-2011. See doc/HACKING for
+ details.
+
+ -----
+ Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
+ 2010, 2011 Free Software Foundation, Inc.
+
+ Copying and distribution of this file and/or the original GIT
+ commit log messages, with or without modification, are
+ permitted provided the copyright notice and this notice are
+ preserved.
diff --git a/ChangeLog-2011 b/ChangeLog-2011
new file mode 100644
index 0000000..46320b2
--- /dev/null
+++ b/ChangeLog-2011
@@ -0,0 +1,1207 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2011-08-04 Werner Koch <wk@g10code.com>
+
+ Release 2.0.18.
+
+ * configure.ac: Fix usage of AC_LANG_PROGRAM.
+ (AC_CHECK_HEADERS): Check for utmp.h.
+
+2011-02-04 Werner Koch <wk@g10code.com>
+
+ * autogen.sh: Ensure that the git pre-commit hoom has been
+ enabled. Add a cleanpo filter if not yet set.
+
+2011-01-13 Werner Koch <wk@g10code.com>
+
+ Release 2.0.17.
+
+2011-01-11 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Add option --enable-gpgtar.
+ (AC_CHECK_FUNCS): Add stat.
+
+ * autogen.sh <w32>: Remove superfluous --without-included-gettext.
+
+2011-01-10 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Support a git_revision string.
+
+2010-07-19 Werner Koch <wk@g10code.com>
+
+ Release 2.0.16.
+
+ * configure.ac: Require libgpg-error 1.7 and libksba 1.0.7 to
+ force building with more recent versions.
+
+2010-05-04 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Add option --enable-standard-socket.
+
+2010-03-09 Werner Koch <wk@g10code.com>
+
+ Release 2.0.15.
+
+ * configure.ac: Add option --disable-ccid-driver.
+
+2010-02-18 Werner Koch <wk@g10code.com>
+
+ Release 2.0.15rc1.
+
+ * configure.ac: Remove double check for libassuan.
+
+2010-02-11 Marcus Brinkmann <marcus@g10code.de>
+
+ From trunk 2009-10-16:
+
+ * configure.ac: Check for libassuan instead of libassuan-pth.
+
+2009-10-12 Werner Koch <wk@g10code.com>
+
+ From trunk 2009-09-23:
+
+ * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
+ Update to new API (2, 1.1.0).
+
+2009-12-21 Werner Koch <wk@g10code.com>
+
+ Release 2.0.14.
+
+2009-12-08 Werner Koch <wk@g10code.com>
+
+ * configure.ac (USE_DNS_CERT): Support via ADNS.
+
+2009-12-07 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Check for ADNS before checking for the BIND
+ resolver.
+ (USE_ADNS): Fallback macro for PKA and CERT lookups.
+
+2009-09-04 Werner Koch <wk@g10code.com>
+
+ Release 2.0.13.
+
+2009-06-29 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Take care of --without-adns. Suggested by
+ Arfrever Frehtes Taifersar Arahesis.
+
+2009-06-17 Werner Koch <wk@g10code.com>
+
+ Release 2.0.12.
+
+2009-06-05 David Shaw <dshaw@jabberwocky.com>
+
+ * configure.ac: Remove Camellia restriction.
+
+2009-04-01 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Test for fsync.
+
+2009-03-18 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Test for getrlimit.
+
+2009-03-03 Werner Koch <wk@g10code.com>
+
+ Release 2.0.11.
+
+2009-01-12 Werner Koch <wk@g10code.com>
+
+ Release 2.0.10.
+
+2008-12-09 Werner Koch <wk@g10code.com>
+
+ Release 2.0.10rc1.
+
+2008-10-17 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Use more warning options with modern GCCs.
+
+2008-09-29 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Require libgcrypt 1.4.
+
+2008-08-27 David Shaw <dshaw@jabberwocky.com>
+
+ * configure.ac: Use printf for the most portable SVN version
+ detection.
+
+ * configure.ac: Darwin's /bin/sh has a builtin echo that doesn't
+ understand '-n'. Use tr to trim the carriage return instead.
+
+2008-04-23 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Call gl_HEADER_SYS_SOCKET and gl_TYPE_SOCKLEN_T.
+
+2008-04-07 Werner Koch <wk@g10code.com>
+
+ * configure.ac (ADNSLIBS): Test for adns.
+ (GPGKEYS_KDNS): New.
+
+2008-04-01 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Require curl 7.10 (Oct 1 2002) or later as we use
+ curl_version_info().
+ (AC_INIT): Fix quoting.
+
+2008-03-27 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (dist_doc_DATA): New. Install README.
+
+2008-03-26 Werner Koch <wk@g10code.com>
+
+ Release 2.0.9.
+
+2008-02-19 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Remove --with-pkits-tests.
+
+2008-02-15 Werner Koch <wk@g10code.com>
+
+ * gl/allocsa.h, gl/m4/allocsa.m4: Replace HAVE_LONG_LONG by
+ HAVE_LONG_LONG_INT.
+
+2008-02-15 gettextize <bug-gnu-gettext@gnu.org>
+
+ * configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.17.
+
+2007-12-20 Werner Koch <wk@g10code.com>
+
+ Released 2.0.8.
+
+2007-12-17 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Add treatment for HAVE_LDAP_START_TLS_SA.
+
+2007-12-14 Werner Koch <wk@g10code.com>
+
+ Released 2.0.8rc1.
+
+2007-12-12 Werner Koch <wk@g10code.com>
+
+ * configure.ac (USE_CAMELLIA): Define by new option --enable-camellia.
+
+2007-12-03 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Add test gt_LC_MESSAGES..
+
+2007-10-01 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Require assuan 1.0.4.
+
+2007-09-14 Werner Koch <wk@g10code.com>
+
+ * configure.ac (GNUPG_LIBASSUAN_VERSION): New.
+
+2007-09-10 Werner Koch <wk@g10code.com>
+
+ Released 2.0.7.
+
+2007-08-27 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Remove remaining support for internal regex.
+ Define DISABLE_REGEX automake conditional. Add option
+ --with-regex.
+ * autogen.sh [--build-w32]: Remove --disable-regex. Use --with-regex.
+
+2007-08-16 Werner Koch <wk@g10code.com>
+
+ Released 2.0.6.
+
+2007-08-08 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Use AC_CANONICAL_HOST and not AC_CANONICAL_TARGET.
+
+2007-07-09 Werner Koch <wk@g10code.com>
+
+ * configure.ac (AM_ICONV): Check for it even when building without
+ NLS.
+
+2007-07-05 Werner Koch <wk@g10code.com>
+
+ Released 2.0.5.
+
+ * configure.ac: Require libassuan 1.0.2.
+
+2007-07-05 Marcus Brinkmann <marcus@g10code.de>
+
+ * configure.ac: Invoke AM_LANGINFO_CODESET.
+
+2007-07-04 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (AUTOMAKE_OPTIONS): Add no-dist-gzip.
+
+ Switched entire package to GPLv3+.
+
+ * configure.ac: Require libksba 1.0.2.
+
+ * COPYING: Updated to GPLv3.
+ * COPYING.LIB: New as jnlib/ uses this license.
+
+ * gl/: Switched to GPLv3+.
+
+ * intl/ Removed.
+ * configure.ac (AM_GNU_GETTEXT): Add external flag.
+ (AM_ICONV): New.
+
+2007-07-03 Werner Koch <wk@g10code.com>
+
+ * configure.ac [W32]: Use ws2_32 instead of wsock32.
+
+2007-06-25 Werner Koch <wk@g10code.com>
+
+ * gl/mkdtemp.c (gen_tempname) [MKDIR_TAKES_ONE_ARG]: Avoid
+ compiler warning by using the proper config macro.
+
+2007-06-15 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Call AM_PO_SUBDIRS.
+ (W32SOCKLIBS): New.
+
+ * autogen.sh: Use = and not == in test to be POSIXly correct.
+ <build-w32>: Disable use of regex.
+
+2007-06-14 Werner Koch <wk@g10code.com>
+
+ * configure.ac [AH_BOTTOM]: Remove the hardwired names of modules.
+
+2007-06-12 Werner Koch <wk@g10code.com>
+
+ * configure.ac [AH_BOTTOM]: Define HTTP_NO_WSASTARTUP.
+
+2007-06-11 Werner Koch <wk@g10code.com>
+
+ * am/cmacros.am (libcommonstd, libcommonpth, libcommonstd_ldadd)
+ (libcommonpth_ldadd): Add macros.
+
+2007-06-06 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Add a few notices message so make browsing of the
+ log file easier.
+ (CC_FOR_BUILD): New.
+
+2007-05-30 Werner Koch <wk@g10code.com>
+
+ * configure.ac [W32]: Do not create a symlink to w32-pth.h.
+ Require the installation of the w32pth package.
+
+2007-05-29 Werner Koch <wk@g10code.com>
+
+ * gl/: Updated to a newer version.
+
+2007-05-24 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Use -Wpointer-arith is possible.
+
+2007-05-15 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Renamed the estream macros. Remove -Wformat-nonliteral.
+
+ * configure.ac: Call ESTREAM_INIT and define the memory
+ allocators for estream_asprintf.
+ (gl_MODULES): Remove vasprintf.
+
+2007-05-09 Werner Koch <wk@g10code.com>
+
+ Released 2.0.4.
+
+2007-05-07 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Require libgcrypt 1.2.2 to avoid compiler warnings.
+
+2007-05-07 gettextize <bug-gnu-gettext@gnu.org>
+
+ * configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.16.1.
+
+2007-05-07 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Bail out if no C-89 compiler has been found.
+
+2007-05-04 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Add --enable-mailto
+
+ * configure.ac: Require automake 1.10
+ (AC_CONFIG_FILES): Rename gpgkeys_ to gpg2keys_.
+ (AM_PROG_CC_C_O): New.
+
+2007-03-08 Werner Koch <wk@g10code.com>
+
+ Released 2.0.3.
+
+ * autogen.sh: Add option --force.
+
+2007-01-31 Werner Koch <wk@g10code.com>
+
+ Released 2.0.2.
+
+2006-11-30 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Save original LIBS when testing for dlopen.
+
+2006-11-28 Werner Koch <wk@g10code.com>
+
+ Released 2.0.1.
+
+2006-11-23 Werner Koch <wk@g10code.com>
+
+ Released 2.0.1rc1.
+
+2006-11-21 Werner Koch <wk@g10code.com>
+
+ * configure.ac [AH_BOTTOM]: Disable PTH soft mapping.
+ (AC_CHECK_SIZEOF): Check for time_t.
+ (BUILD_INCLUDED_LIBINTL): Remove AM_PO_SUBDIRS as it is not
+ required for C.
+
+2006-11-15 Werner Koch <wk@g10code.com>
+
+ * autogen.sh: Add convenience option --build-amd64.
+
+2006-11-14 Werner Koch <wk@g10code.com>
+
+ * configure.ac (HAVE_ASSUAN_SET_IO_MONITOR): Test for it.
+
+2006-11-11 Werner Koch <wk@g10code.com>
+
+ Released 2.0.0.
+
+2006-11-06 Werner Koch <wk@g10code.com>
+
+ Released 1.9.95.
+
+2006-11-03 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Test for pty.h. From Gentoo.
+
+2006-10-24 Werner Koch <wk@g10code.com>
+
+ Released 1.9.94.
+
+2006-10-20 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (stowinstall): Add convenience target.
+
+2006-10-18 Werner Koch <wk@g10code.com>
+
+ * configure.ac: svn revison magic fixes for old bashs. Suggested
+ by Alain Guibert.
+
+2006-10-18 Werner Koch <wk@g10code.com>
+
+ Released 1.9.93.
+
+2006-10-17 Werner Koch <wk@g10code.com>
+
+ * autogen.sh <--build-w32>: Test also for a host "mingw32".
+
+ * configure.ac: Removed W32LIBS. Use NETLIBS instead.
+
+2006-10-11 Werner Koch <wk@g10code.com>
+
+ Released 1.9.92.
+
+ * configure.ac: Require libassuan 0.9.3.
+
+2006-10-09 Werner Koch <wk@g10code.com>
+
+ * acinclude.m4: Moved pth check to m4/gnupg-pth.m4.
+
+2006-10-06 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Also check for libassuan's pth version.
+
+2006-10-04 Werner Koch <wk@g10code.com>
+
+ Released 1.9.91.
+
+ * configure.ac: Require libassuan 0.9.1 which fixes a problem with
+ gpgsm.
+
+2006-09-27 Werner Koch <wk@g10code.com>
+
+ * gl/strsep.h, gl/strsep.c, gl/m4/strsep.m4: Removed.
+ * gl/strpbrk.h, gl/strpbrk.c, gl/m4/strpbrk.m4: Removed.
+ * gl/Makefile.am: Removed module strsep and strpbrk.
+ * configure.ac: Check for strsep in the context of jnlib. Remove
+ check from gl_MODULES. Moved check for timegm into the jnlib context.
+
+2006-09-27 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am: Fix cut & paste error.
+
+2006-09-25 Werner Koch <wk@g10code.com>
+
+ Released 1.9.90.
+
+2006-09-22 Werner Koch <wk@g10code.com>
+
+ * AUTHORS: Add information about used licenses.
+
+2006-09-20 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (dist-hook): Removed distfiles cruft.
+ (SUBDIRS): Added include
+
+2006-09-18 Werner Koch <wk@g10code.com>
+
+ Released 1.9.23.
+
+ * configure.ac (--enable-agent-only): Donot build tools and doc
+ (--disable-tools,--disable-doc): New.
+ * Makefile.am (SUBDIRS): Allow to conditional build tools and doc.
+
+2006-09-14 Werner Koch <wk@g10code.com>
+
+ Replaced all call gpg_error_from_errno(errno) by
+ gpg_error_from_syserror().
+
+ * configure.ac: Build gpg by default.
+ (GNUPG_SYS_SO_PEERCRED): Removed.
+
+2006-09-13 Werner Koch <wk@g10code.com>
+
+ * autogen.sh: Better detection of the cross compiler kit.
+
+2006-09-06 Marcus Brinkmann <marcus@g10code.de>
+
+ * configure.ac: New automake conditional RUN_GPG_TESTS.
+
+2006-09-06 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Define _ASSUAN_ONLY_GPG_ERRORS. Require Assuan
+ 0.9 and libgpg-error 1.4
+
+2006-08-31 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Require libksba 1.0 and added API check for it.
+ (GPG_ERR_LOCKED): Removed DECL check as we require 1.2 anyway.
+ (have_libusb): New to give a feedback about CCID support
+
+2006-08-21 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Removed docbook tests.
+ (AC_CONFIG_FILES): Added gpgkeys_test and gpgkeys_mailto.
+
+ * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Enable gpg.
+
+2006-08-17 Werner Koch <wk@g10code.com>
+
+ * THANKS: Merged with the 1.4 one.
+
+2006-08-16 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Removed test for capabilities and mlock.
+
+2006-08-15 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (keyserver): Enable building of keyserver helpers.
+
+ * configure.ac: Merged with the current configure from 1.4.5.
+ Require libgpg-error 1.2 and libksba 0.9.16.
+
+2006-07-29 Marcus Brinkmann <marcus@g10code.de>
+
+ * README: Spelling fixes.
+
+2006-07-27 Werner Koch <wk@g10code.com>
+
+ Released 1.9.22.
+
+ * configure.ac: Call AB_INIT.
+
+2006-07-03 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Test for ksba_dn_teststr.
+
+2006-06-30 Werner Koch <wk@g10code.com>
+
+ * keyserver/: New. Taken from 1.4.4
+ * Makefile.am (SUBDIRS): Include keyserver/.
+ * configure.ac: Include keyserver/.
+ (FAKE_CURL, GPGKEYS_CURL): New.
+
+2006-06-20 Werner Koch <wk@g10code.com>
+
+ Released 1.9.21.
+
+2006-06-08 Marcus Brinkmann <marcus@g10code.de>
+
+ * configure.ac (PTH_LIBS): Add --all to pth-config invocation.
+
+2006-05-24 Werner Koch <wk@g10code.com>
+
+ * configure.ac: New option --disable-optimization taked from 1.4.3.
+
+2006-05-23 Werner Koch <wk@g10code.com>
+
+ * configure.ac (ZLIBS): New for zlib link commands. Add bzip2
+ support.
+
+2006-05-22 Werner Koch <wk@g10code.com>
+
+ * configure.ac (EXEEXT): New.
+
+2006-04-18 Werner Koch <wk@g10code.com>
+
+ * configure.ac (PK_UID_CACHE_SIZE): New.
+
+2006-04-07 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Use new method to include the SVN revison. Now it
+ is the actual global revision number.
+
+2005-12-20 Werner Koch <wk@g10code.com>
+
+ Released 1.9.20.
+
+2005-11-28 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Append the revision to the version string.
+
+2005-11-13 Werner Koch <wk@g10code.com>
+
+ * am/cmacros.am (-DGNUPG_SYSCONFDIR): Define it.
+
+2005-11-11 Werner Koch <wk@g10code.com>
+
+ * configure.ac (NEED_KSBA_VERSION: Require 0.9.13.
+
+2005-09-12 Werner Koch <wk@g10code.com>
+
+ Released 1.9.19.
+
+2005-08-01 Werner Koch <wk@g10code.com>
+
+ Released 1.9.18.
+
+ * configure.ac: Require libksba 0.9.12 to match new features in gpgsm.
+
+2005-06-20 Werner Koch <wk@g10code.com>
+
+ Released 1.9.17.
+
+2005-06-02 Werner Koch <wk@g10code.com>
+
+ * configure.ac (HAVE_PTH): Define as alias for USE_GNU_PTH. It is
+ used by common/estream.c.
+
+2005-06-01 Werner Koch <wk@g10code.com>
+
+ * configure.ac (gl_INIT): Add gnulib stuff.
+ (fseeko, ftello, ttyname, isascii): Replaced the AC_REPLACE_FUNCS
+ by a simple check.
+ (putc_unlocked): Removed check. Not used.
+ (strsep, mkdtemp, asprintf): Replaced checks by gnulib checks.
+ (xsize): Added will probably come handy soon.
+ (CFLAGS): Use -Wformat-security instead of
+ -Wformat-nonliteral. Add --Wno-format-y2k.
+ * gl/, gl/m4/: New.
+
+2005-05-15 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Remove option --disable-threads; require the use
+ of GNU Pth.
+
+2005-04-27 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Removed OpenSC detection and options.
+ * acinclude.m4: Ditto.
+
+2005-04-21 Werner Koch <wk@g10code.com>
+
+ Released 1.9.16.
+
+ * configure.ac: Do not build gpg by default.
+
+2005-04-20 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Test whether GPG_ERR_LOCKED is declared and
+ provide a replacement if not.
+
+2005-04-15 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Require libksba 0.9.11.
+
+2005-04-15 Marcus Brinkmann <marcus@g10code.de>
+
+ * configure.ac: Check for /usr/bin/shred and define SHRED.
+
+ * configure.ac: Add --enable-symcryptrun, disabled by default.
+ Define automake variable BUILD_SYMCRYPTRUN.
+ Check for openpty -lutil, define LIBUTIL_LIBS.
+
+2005-03-03 Werner Koch <wk@g10code.com>
+
+ * acinclude.m4 (GNUPG_PTH_VERSION_CHECK): Accidently used
+ --ldflags instead of --cflags. Reported by Kazu Yamamoto.
+
+2005-02-03 Werner Koch <wk@g10code.com>
+
+ * AUTHORS: Copied from 1.4 and edited to refelct the changes in
+ 1.9.
+
+2005-01-17 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Make --without-included-regex work as expected.
+ Fixed FTP location info for some libraries.
+
+2005-01-13 Werner Koch <wk@g10code.com>
+
+ Released 1.9.15.
+
+ * acinclude.m4 (GNUPG_PTH_VERSION_CHECK): Link a simple test
+ program to see whether the installation is sane.
+
+2005-01-07 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Require gpg-error 1.0.
+
+2005-01-04 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Remove hack not to build gpg2 for W32.
+ * autogen.sh <build-w32>: Pass option --disable-gpg instead.
+
+2004-12-22 Werner Koch <wk@g10code.com>
+
+ Released 1.9.14.
+
+2004-12-20 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Add PATHSEP_C and PATHSEP_S. For W32 let all
+ directories default to c:/gnupg. Require libassuan 0.6.9.
+
+2004-12-18 Werner Koch <wk@g10code.com>
+
+ * configure.ac (AH_BOTTOM): Define EXEEXT_S.
+
+ * autogen.sh: Updated --build-w32 feature.
+
+2004-12-15 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (SUBDIRS) [W32]: Do not build in tests/.
+
+ * acinclude.m4: Add proper macro name quoting for use with
+ automake 1.9.
+
+ * configure.ac: Add replacement check for ttyname.
+ Removed support for a included zlib.
+
+2004-12-06 Werner Koch <wk@g10code.com>
+
+ * configure.ac (have_w32_system): New. Disable Pth checks for W32.
+ Link jnlib/w32-pth.h to pth.h.
+
+2004-12-03 Werner Koch <wk@g10code.com>
+
+ Released 1.9.13.
+
+2004-11-26 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Replace strsep. Replaced use of "target" by
+ "host".
+
+2004-10-22 Werner Koch <wk@g10code.com>
+
+ Released 1.9.12.
+
+ * Makefile.am (AUTOMAKE_OPTIONS): Set option to create bzip2 tarball.
+
+2004-10-01 Werner Koch <wk@g10code.com>
+
+ Released 1.9.11.
+
+2004-09-30 Werner Koch <wk@g10code.com>
+
+ * README: Minor updates.
+
+2004-09-30 gettextize <bug-gnu-gettext@gnu.org>
+
+ * configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.14.1.
+
+2004-08-16 Werner Koch <wk@g10code.de>
+
+ * configure.ac: Build Makefile for tests/pkits. New option
+ --with-pkits-tests.
+
+2004-08-05 Werner Koch <wk@g10code.de>
+
+ * configure.ac: Changed tests for libusb to also suuport the
+ stable version 0.1.x.
+
+2004-07-22 Werner Koch <wk@g10code.de>
+
+ Released 1.9.10.
+
+ * configure.ac: Define AM conditional HAVE_OPENSC.
+
+2004-07-21 Werner Koch <wk@g10code.de>
+
+ * configure.ac: Don't set DIE to no after it might has been set to
+ yes.
+
+2004-07-20 Werner Koch <wk@g10code.de>
+
+ * Makefile.am (sm): Build kbx only if gpgsm is to be build.
+
+2004-07-20 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: New option --enable-agent-only.
+
+2004-06-08 Werner Koch <wk@gnupg.org>
+
+ Released 1.9.9.
+
+2004-06-06 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Require libksba 0.9.7.
+
+2004-04-29 Werner Koch <wk@gnupg.org>
+
+ Released 1.9.8.
+
+2004-04-20 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Remove the fopencookie test. We don't need the
+ dummy function because we conditionally use fopencookie,
+ fpencookie or a replacement at place.
+
+2004-04-02 Thomas Schwinge <schwinge@nic-nac-project.de>
+
+ * autogen.sh: Added ACLOCAL_FLAGS.
+
+2004-04-06 Werner Koch <wk@gnupg.org>
+
+ Released 1.9.7.
+
+ * configure.ac: Require libgcrypt 1.1.94.
+ Introduce PACKAGE_GT and set it to gnupg2.
+
+2004-03-23 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT.
+
+2004-03-09 Werner Koch <wk@gnupg.org>
+
+ * configure.ac (NEED_GPG_ERROR_VERSION): Set to 0.7.
+
+2004-03-06 Werner Koch <wk@gnupg.org>
+
+ Released 1.9.6.
+
+ * configure.ac: Check the Libgcrypt API.
+
+2004-02-25 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: New option --disable-threads to inhibit
+ unintentional builds without Pth.
+
+2004-02-21 Werner Koch <wk@gnupg.org>
+
+ Released 1.9.5.
+
+2004-02-20 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Fixed URLs in the notice messages.
+
+2004-02-18 Werner Koch <wk@gnupg.org>
+
+ * acinclude.m4: Removed macros to detect gpg-error, libgcrypt,
+ libassuan and ksba as they are now distributed in m4/.
+
+2004-02-13 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Require libksba 0.9.4 and libgcrypt 1.1.92.
+
+2004-02-12 Werner Koch <wk@gnupg.org>
+
+ * autogen.sh: Removed cruft from debugging.
+
+ * am/cmacros.am: New.
+
+2004-02-11 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Removed the need for g10defs.h. Reworked the
+ --with-foo-pgm stuff.
+
+ * autogen.sh (check_version): Removed bashism and simplified.
+ * acinclude.m4 (AM_PATH_OPENSC): Kludge to avoid error output for
+ a bad opensc-config.
+
+2004-01-30 Werner Koch <wk@gnupg.org>
+
+ Released 1.9.4.
+
+ * configure.ac: Require libksba 0.9.3 due to another bug fix there.
+
+2004-01-29 Werner Koch <wk@gnupg.org>
+
+ * README: Updated.
+
+ * configure.ac: Require libksba 0.9.2 due to bug fixes.
+
+2004-01-24 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Now requires libassuan 0.6.3.
+
+2003-12-23 Werner Koch <wk@gnupg.org>
+
+ Released 1.9.3.
+
+ * README-alpha: Removed.
+ * configure.ac, Makefile.am: Add the tests and tools directories.
+
+2003-12-19 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Now require libgcrypt 1.1.91 to help testing the
+ latest libgcrypt changes. Requires libksab 0.9.1.
+
+2003-12-17 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Requires now libassuan 0.6.2.
+ (CFLAGS): Add --Wformat-noliteral in gcc mode.
+
+2003-12-16 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Check for funopen and fopencookie as part of the
+ jnlib checks.
+
+2003-12-09 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Add a min_automake_version.
+ * README.CVS: New.
+ * autogen.sh: Revamped except for the --build-w32 hack.
+ * Makefile.am: Add README.CVS
+
+2003-11-17 Werner Koch <wk@gnupg.org>
+
+ Release 1.9.2.
+
+ * configure.ac: Requires now libassuan 0.6.1.
+
+2003-10-31 Werner Koch <wk@gnupg.org>
+
+ * configure.ac (NEED_KSBA_VERSION): Set to 0.9.0 due the changed
+ time interface.
+
+2003-10-21 Werner Koch <wk@gnupg.org>
+
+ * configure.ac (PRINTABLE_OS_NAME): Remove special case for The
+ Hurd; Robert Millan reported that the uname test is now
+ sufficient.
+
+2003-10-01 Werner Koch <wk@gnupg.org>
+
+ * configure.ac (AH_BOTTOM): Define GNUPG_MAJOR_VERSION.
+
+2003-09-23 Werner Koch <wk@gnupg.org>
+
+ Merged most of David Shaw's changes in 1.3 since 2003-06-03.
+
+ * configure.ac: Drop all TIGER/192 support.
+ (uint64_t): Check for UINT64_C to go along with uint64_t.
+ (getaddrinfo): Check for it.
+ (sigset_t): Check for sigset_t and struct sigaction. This is for
+ Forte c89 on Solaris which seems to define only the function call
+ half of the two pairs by default.
+ (W32LIBS): Include wsock32 in W32LIBS. This is different from
+ NETLIBS so we don't need to force other platforms to pull in the
+ netlibs when they aren't actually needed.
+
+2003-09-06 Werner Koch <wk@gnupg.org>
+
+ Released 1.9.1.
+
+ * configure.ac: Require newer versions of some libraries.
+
+2003-09-02 Werner Koch <wk@gnupg.org>
+
+ * configure.ac (HAVE_LIBUSB): Added a simple test for libusb.
+
+2003-08-19 Marcus Brinkmann <marcus@g10code.de>
+
+ * configure.ac (AM_PATH_GPG_ERROR): Add missing comma in
+ invocation.
+
+2003-08-06 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Check for libgpg-error. Print infos about missing
+ libraries more nicely.
+ * acinclude.m4 (AM_PATH_GPG_ERROR): Added.
+
+2003-08-05 Werner Koch <wk@gnupg.org>
+
+ Released 1.9.0.
+
+ * configure.ac (GNUPG_DEFAULT_HONMEDIR): Changed back to ~/.gnupg.
+
+2003-07-31 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (DISTCLEANFILES): Add g10defs.h
+
+2003-06-18 Werner Koch <wk@gnupg.org>
+
+ * configure.ac (GNUPG_DEFAULT_HOMEDIR): Changed temporary to
+ .gnupg2 to avoid accidential use with production keys.
+
+2003-06-11 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Merged all stuff from current 1.3 version in.
+ * acinclude.m4: Merged required macros from current 1.2 version in.
+
+2003-06-04 Werner Koch <wk@gnupg.org>
+
+ * configure.ac, Makefile.am: Enable building of gpg.
+
+2003-04-29 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Build a limited version of scdaemon if libopensc
+ is not available.
+
+ * configure.ac (ALL_LINUGAS): Removed.
+
+ * Makefile.am (ACLOCAL_AMFLAGS): New.
+ * configure.ac (AM_GNU_GETTEXT_VERSION): New. Set to 0.11.5.
+
+2003-04-29 gettextize <bug-gnu-gettext@gnu.org>
+
+ * Makefile.am (SUBDIRS): Add m4.
+ (ACLOCAL_AMFLAGS): New variable.
+ (EXTRA_DIST): Add scripts/config.rpath.
+ * configure.ac (AC_CONFIG_FILES): Add m4/Makefile.
+
+2003-04-29 Werner Koch <wk@gnupg.org>
+
+ * assuan/ : Removed. We now use libassuan.
+ * Makefile.am (SUBDIRS): Removed assuan
+
+ * configure.ac: Check for libassuan.
+
+2003-01-09 Werner Koch <wk@gnupg.org>
+
+ * configure.ac (GNUPG_PROTECT_TOOL): New option --with-protect-tool.
+ (NEED_KSBA_VERSION): Does now require 0.4.6.
+
+ * README: Noted where to find gpg-protect-tool.
+
+2002-10-31 Neal H. Walfield <neal@g10code.de>
+
+ * configure.ac: Check for flockfile and funlockfile. Check for
+ isascii and putc_unlocked replacing them if not found.
+
+ * configure.ac (PTH_LIBS): If pth is found, add the output of
+ `$PTH_CONFIG --ldflags`, not just `$PTH_CONFIG --libs`.
+
+2002-10-19 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Bumped version number to 1.9.0-cvs.
+
+ NewPG (Aegypten project) to GnuPG merge.
+
+2002-09-20 Werner Koch <wk@gnupg.org>
+
+ Released 0.9.2.
+
+2002-09-05 Neal H. Walfield <neal@g10code.de>
+
+ * configure.ac: Check for makeinfo.
+
+2002-09-03 Neal H. Walfield <neal@g10code.de>
+
+ * autogen.sh (have_version): New function. Generalize and
+ simplify logic for finding and determining the versions of GNU
+ programs. Use it.
+
+2002-08-23 Werner Koch <wk@gnupg.org>
+
+ Released 0.9.1.
+
+ * acinclude.m4 (AM_PATH_LIBGCRYPT): Updated from Libgcrypt.
+ (AM_PATH_OPENSC): Strip non-digits from the micro version.
+
+2002-08-21 Werner Koch <wk@gnupg.org>
+
+ Released 0.9.0.
+
+ * configure.ac: Changed the default homedir to .gnupg.
+ * README-alpha: Removed.
+
+2002-08-19 Werner Koch <wk@gnupg.org>
+
+ * acinclude.m4: Removed -lpcsclite from KSBA_LIBS; copy+paste bug.
+
+2002-08-13 Werner Koch <wk@gnupg.org>
+
+ * acinclude.m4 (AM_PATH_OPENSC, AM_PATH_KSBA): New.
+ * configure.ac: Use them.
+
+2002-08-10 Werner Koch <wk@gnupg.org>
+
+ Released 0.3.10.
+
+ * configure.ac (NEED_LIBKSBA_VERSION): Require 0.4.4. Add support
+ for gettext.
+
+2002-07-22 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Check for ftello and provide a replacement.
+
+2002-07-01 Werner Koch <wk@gnupg.org>
+
+ Released 0.3.9.
+
+ * README: Short note on how to export in pkcs-12 format.
+
+2002-06-29 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Define --with options to set the default location
+ of the agent, scdaemon, pinentry and dirmngr.
+
+2002-06-27 Werner Koch <wk@gnupg.org>
+
+ * README: Short blurb on how to import a PKCS-12 file.
+
+ * configure.ac (AH_BOTTOM): New to define some constants.
+
+2002-06-25 Werner Koch <wk@gnupg.org>
+
+ Released 0.3.8.
+
+ * configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.1.8.
+
+2002-06-12 Werner Koch <wk@gnupg.org>
+
+ * configure.ac (NEED_LIBKSBA_VERSION): We need 0.4.3 now.
+
+2002-06-04 Werner Koch <wk@gnupg.org>
+
+ Released 0.3.7.
+
+2002-05-21 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: We now require libgcrypt 1.1.7 and libksba 0.4.2.
+
+2002-05-14 Werner Koch <wk@gnupg.org>
+
+ * doc/: New
+ * configure.ac, Makefile.am: Added doc/
+
+2002-05-03 Werner Koch <wk@gnupg.org>
+
+ Released 0.3.6.
+
+2002-04-25 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Check for setlocale.
+
+2002-04-24 Marcus Brinkmann <marcus@g10code.de>
+
+ * configure.ac: Check for locale.h.
+
+2002-04-15 Werner Koch <wk@gnupg.org>
+
+ Released 0.3.5.
+
+ * NEWS: Started to describe release notes.
+
+ * configure.ac (NEED_LIBKSBA_VERSION, NEED_LIBGCRYPT_VERSION): Defined
+
+2002-04-01 Werner Koch <wk@gnupg.org>
+
+ Released 0.3.4.
+
+2002-03-18 Werner Koch <wk@gnupg.org>
+
+ Released 0.3.3.
+
+2002-03-08 Werner Koch <wk@gnupg.org>
+
+ * README: Add some explanation on how to specify a user ID.
+
+2002-03-06 Werner Koch <wk@gnupg.org>
+
+ Released 0.3.2.
+
+2002-03-04 Werner Koch <wk@gnupg.org>
+
+ Released 0.3.1.
+
+ * README: Explained some options and files.
+
+2002-02-14 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Fixed status messages related to presence of Pth.
+
+2002-02-13 Werner Koch <wk@gnupg.org>
+
+ * acinclude.m4 (GNUPG_SYS_SO_PEERCRED): New.
+ * configure.ac: use it.
+
+2002-02-12 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Check for PTH. Provide replacement fucntions for
+ apsrintf and fopencookie.
+
+ * acinclude.m4 (GNUPG_PTH_VERSION_CHECK): New.
+
+2002-02-07 Werner Koch <wk@gnupg.org>
+
+ Released 0.3.0.
+
+ * configure.ac: Require libgcrypt 1.1.6.
+
+2002-02-01 Marcus Brinkmann <marcus@g10code.de>
+
+ * configure.ac (KSBA_CONFIG): Remove superfluous x in front of
+ variable.
+
+2002-01-26 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Add options to disable the build of some programs
+ and print a configure status at the end.
+ * acinclude.m4 (GNUPG_BUILD_PROGRAM): New.
+
+ * scd/ : New. Added to Makefile and configure.
+ * configure.ac: Check for libopensc
+ * Makefile.am: Build scd only when libopensc is available
+
+2002-01-23 Werner Koch <wk@gnupg.org>
+
+ * configure.ac (mkdtemp): See whether we have to provide a
+ replacement.
+
+2001-12-18 Werner Koch <wk@gnupg.org>
+
+ Released 0.0.0.
+
+2001-12-17 Werner Koch <wk@gnupg.org>
+
+ * acinclude.m4: Add AM_PATH_LIBGCRYPT macro.
+ * configure.ac: and use it here. Figure out the location of libksba
+
+2001-12-15 Werner Koch <wk@gnupg.org>
+
+ * configure.ac (missing_dir): Bail out if asprintf and fopencookie
+ are not available.
+
+2001-12-04 Werner Koch <wk@gnupg.org>
+
+ * configure.ac (HAVE_JNLIB_LOGGING): always define it.
+
+
+ Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
+ 2010 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/INSTALL b/INSTALL
new file mode 100644
index 0000000..5458714
--- /dev/null
+++ b/INSTALL
@@ -0,0 +1,234 @@
+Installation Instructions
+*************************
+
+Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
+2006 Free Software Foundation, Inc.
+
+This file is free documentation; the Free Software Foundation gives
+unlimited permission to copy, distribute and modify it.
+
+Basic Installation
+==================
+
+Briefly, the shell commands `./configure; make; make install' should
+configure, build, and install this package. The following
+more-detailed instructions are generic; see the `README' file for
+instructions specific to this package.
+
+ The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation. It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions. Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+ It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring. Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.
+
+ If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release. If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+ The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'. You need `configure.ac' if
+you want to change it or regenerate `configure' using a newer version
+of `autoconf'.
+
+The simplest way to compile this package is:
+
+ 1. `cd' to the directory containing the package's source code and type
+ `./configure' to configure the package for your system.
+
+ Running `configure' might take a while. While running, it prints
+ some messages telling which features it is checking for.
+
+ 2. Type `make' to compile the package.
+
+ 3. Optionally, type `make check' to run any self-tests that come with
+ the package.
+
+ 4. Type `make install' to install the programs and any data files and
+ documentation.
+
+ 5. You can remove the program binaries and object files from the
+ source code directory by typing `make clean'. To also remove the
+ files that `configure' created (so you can compile the package for
+ a different kind of computer), type `make distclean'. There is
+ also a `make maintainer-clean' target, but that is intended mainly
+ for the package's developers. If you use it, you may have to get
+ all sorts of other programs in order to regenerate files that came
+ with the distribution.
+
+Compilers and Options
+=====================
+
+Some systems require unusual options for compilation or linking that the
+`configure' script does not know about. Run `./configure --help' for
+details on some of the pertinent environment variables.
+
+ You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment. Here
+is an example:
+
+ ./configure CC=c99 CFLAGS=-g LIBS=-lposix
+
+ *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory. To do this, you can use GNU `make'. `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script. `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+ With a non-GNU `make', it is safer to compile the package for one
+architecture at a time in the source code directory. After you have
+installed the package for one architecture, use `make distclean' before
+reconfiguring for another architecture.
+
+Installation Names
+==================
+
+By default, `make install' installs the package's commands under
+`/usr/local/bin', include files under `/usr/local/include', etc. You
+can specify an installation prefix other than `/usr/local' by giving
+`configure' the option `--prefix=PREFIX'.
+
+ You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files. If you
+pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
+
+ In addition, if you use an unusual directory layout you can give
+options like `--bindir=DIR' to specify different values for particular
+kinds of files. Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+ If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System). The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+ For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Specifying the System Type
+==========================
+
+There may be some features `configure' cannot figure out automatically,
+but needs to determine by the type of machine the package will run on.
+Usually, assuming the package is built to be run on the _same_
+architectures, `configure' can figure that out, but if it prints a
+message saying it cannot guess the machine type, give it the
+`--build=TYPE' option. TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
+ CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+ OS KERNEL-OS
+
+ See the file `config.sub' for the possible values of each field. If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+ If you are _building_ compiler tools for cross-compiling, you should
+use the option `--target=TYPE' to select the type of system they will
+produce code for.
+
+ If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
+
+Sharing Defaults
+================
+
+If you want to set default values for `configure' scripts to share, you
+can create a site shell script called `config.site' that gives default
+values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists. Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+Variables not defined in a site shell script can be set in the
+environment passed to `configure'. However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost. In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'. For example:
+
+ ./configure CC=/usr/local2/bin/gcc
+
+causes the specified `gcc' to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+an Autoconf bug. Until the bug is fixed you can use this workaround:
+
+ CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
+
+`configure' Invocation
+======================
+
+`configure' recognizes the following options to control how it operates.
+
+`--help'
+`-h'
+ Print a summary of the options to `configure', and exit.
+
+`--version'
+`-V'
+ Print the version of Autoconf used to generate the `configure'
+ script, and exit.
+
+`--cache-file=FILE'
+ Enable the cache: use and save the results of the tests in FILE,
+ traditionally `config.cache'. FILE defaults to `/dev/null' to
+ disable caching.
+
+`--config-cache'
+`-C'
+ Alias for `--cache-file=config.cache'.
+
+`--quiet'
+`--silent'
+`-q'
+ Do not print messages saying which checks are being made. To
+ suppress all normal output, redirect it to `/dev/null' (any error
+ messages will still be shown).
+
+`--srcdir=DIR'
+ Look for the package's source code in directory DIR. Usually
+ `configure' can determine that directory automatically.
+
+`configure' also accepts some other, not widely useful, options. Run
+`configure --help' for more details.
+
diff --git a/Makefile.am b/Makefile.am
new file mode 100644
index 0000000..447976e
--- /dev/null
+++ b/Makefile.am
@@ -0,0 +1,104 @@
+# Makefile.am - Top level makefile for GnuPG
+# Copyright (C) 2001, 2004, 2012 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+## Process this file with automake to produce Makefile.in
+
+ACLOCAL_AMFLAGS = -I m4 -I gl/m4
+AUTOMAKE_OPTIONS = dist-bzip2 no-dist-gzip
+DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-mailto --enable-gpgtar
+
+GITLOG_TO_CHANGELOG=gitlog-to-changelog
+
+EXTRA_DIST = scripts/config.rpath autogen.sh README.SVN \
+ ChangeLog-2011 po/ChangeLog-2011 scripts/ChangeLog-2011
+
+DISTCLEANFILES = g10defs.h
+
+if BUILD_GPGSM
+kbx = kbx
+else
+kbx =
+endif
+
+
+if BUILD_GPG
+gpg = g10
+keyserver = keyserver
+else
+gpg =
+keyserver =
+endif
+if BUILD_GPGSM
+sm = sm
+else
+sm =
+endif
+if BUILD_AGENT
+agent = agent
+else
+agent =
+endif
+if BUILD_SCDAEMON
+scd = scd
+else
+scd =
+endif
+if BUILD_TOOLS
+tools = tools
+else
+tools =
+endif
+if BUILD_DOC
+doc = doc
+else
+doc =
+endif
+
+if HAVE_W32_SYSTEM
+tests =
+else
+tests = tests
+endif
+
+SUBDIRS = m4 gl include jnlib common ${kbx} \
+ ${gpg} ${keyserver} ${sm} ${agent} ${scd} ${tools} po ${doc} ${tests}
+
+dist_doc_DATA = README
+
+
+dist-hook: gen-ChangeLog
+ echo "$(VERSION)" > $(distdir)/VERSION
+
+
+gen_start_date = 2011-12-01T06:00:00
+.PHONY: gen-ChangeLog
+gen-ChangeLog:
+ set -e; \
+ if test -d $(top_srcdir)/.git; then \
+ (cd $(top_srcdir) && \
+ $(GITLOG_TO_CHANGELOG) --append-dot --tear-off \
+ --amend=scripts/git-log-fix \
+ --since=$(gen_start_date) ) > $(distdir)/cl-t; \
+ cat $(top_srcdir)/scripts/git-log-footer >> $(distdir)/cl-t; \
+ rm -f $(distdir)/ChangeLog; \
+ mv $(distdir)/cl-t $(distdir)/ChangeLog; \
+ fi
+
+
+stowinstall:
+ $(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/gnupg
diff --git a/Makefile.in b/Makefile.in
new file mode 100644
index 0000000..db8950b
--- /dev/null
+++ b/Makefile.in
@@ -0,0 +1,928 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Makefile.am - Top level makefile for GnuPG
+# Copyright (C) 2001, 2004, 2012 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(dist_doc_DATA) \
+ $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(srcdir)/config.h.in $(top_srcdir)/configure ABOUT-NLS \
+ AUTHORS COPYING COPYING.LIB ChangeLog INSTALL NEWS THANKS TODO \
+ scripts/compile scripts/config.guess scripts/config.rpath \
+ scripts/config.sub scripts/depcomp scripts/install-sh \
+ scripts/mdate-sh scripts/missing scripts/mkinstalldirs \
+ scripts/texinfo.tex
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(docdir)"
+DATA = $(dist_doc_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+ distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = m4 gl include jnlib common kbx g10 keyserver sm agent \
+ scd tools po doc tests
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+ { test ! -d "$(distdir)" \
+ || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+ && rm -fr "$(distdir)"; }; }
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
+GZIP_ENV = --best
+DIST_ARCHIVES = $(distdir).tar.bz2
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+ACLOCAL_AMFLAGS = -I m4 -I gl/m4
+AUTOMAKE_OPTIONS = dist-bzip2 no-dist-gzip
+DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-mailto --enable-gpgtar
+GITLOG_TO_CHANGELOG = gitlog-to-changelog
+EXTRA_DIST = scripts/config.rpath autogen.sh README.SVN \
+ ChangeLog-2011 po/ChangeLog-2011 scripts/ChangeLog-2011
+
+DISTCLEANFILES = g10defs.h
+@BUILD_GPGSM_FALSE@kbx =
+@BUILD_GPGSM_TRUE@kbx = kbx
+@BUILD_GPG_FALSE@gpg =
+@BUILD_GPG_TRUE@gpg = g10
+@BUILD_GPG_FALSE@keyserver =
+@BUILD_GPG_TRUE@keyserver = keyserver
+@BUILD_GPGSM_FALSE@sm =
+@BUILD_GPGSM_TRUE@sm = sm
+@BUILD_AGENT_FALSE@agent =
+@BUILD_AGENT_TRUE@agent = agent
+@BUILD_SCDAEMON_FALSE@scd =
+@BUILD_SCDAEMON_TRUE@scd = scd
+@BUILD_TOOLS_FALSE@tools =
+@BUILD_TOOLS_TRUE@tools = tools
+@BUILD_DOC_FALSE@doc =
+@BUILD_DOC_TRUE@doc = doc
+@HAVE_W32_SYSTEM_FALSE@tests = tests
+@HAVE_W32_SYSTEM_TRUE@tests =
+SUBDIRS = m4 gl include jnlib common ${kbx} \
+ ${gpg} ${keyserver} ${sm} ${agent} ${scd} ${tools} po ${doc} ${tests}
+
+dist_doc_DATA = README
+gen_start_date = 2011-12-01T06:00:00
+all: config.h
+ $(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh:
+ @:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
+ $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ echo ' $(SHELL) ./config.status'; \
+ $(SHELL) ./config.status;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ $(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ $(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+ @if test ! -f $@; then \
+ rm -f stamp-h1; \
+ $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+ else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+ @rm -f stamp-h1
+ cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ ($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+ rm -f stamp-h1
+ touch $@
+
+distclean-hdr:
+ -rm -f config.h stamp-h1
+install-dist_docDATA: $(dist_doc_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)"
+ @list='$(dist_doc_DATA)'; test -n "$(docdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \
+ done
+
+uninstall-dist_docDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_doc_DATA)'; test -n "$(docdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(docdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(docdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ $(am__remove_distdir)
+ test -d "$(distdir)" || mkdir "$(distdir)"
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+ -test -n "$(am__skip_mode_fix)" \
+ || find "$(distdir)" -type d ! -perm -755 \
+ -exec chmod u+rwx,go+rx {} \; -o \
+ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+ || chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+ tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+ $(am__remove_distdir)
+dist-bzip2: distdir
+ tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+ $(am__remove_distdir)
+
+dist-lzma: distdir
+ tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+ $(am__remove_distdir)
+
+dist-xz: distdir
+ tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+ $(am__remove_distdir)
+
+dist-tarZ: distdir
+ tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+ $(am__remove_distdir)
+
+dist-shar: distdir
+ shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+ $(am__remove_distdir)
+
+dist-zip: distdir
+ -rm -f $(distdir).zip
+ zip -rq $(distdir).zip $(distdir)
+ $(am__remove_distdir)
+
+dist dist-all: distdir
+ tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+ $(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration. Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+ case '$(DIST_ARCHIVES)' in \
+ *.tar.gz*) \
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
+ *.tar.bz2*) \
+ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
+ *.tar.lzma*) \
+ lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
+ *.tar.xz*) \
+ xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+ *.tar.Z*) \
+ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+ *.shar.gz*) \
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
+ *.zip*) \
+ unzip $(distdir).zip ;;\
+ esac
+ chmod -R a-w $(distdir); chmod a+w $(distdir)
+ mkdir $(distdir)/_build
+ mkdir $(distdir)/_inst
+ chmod a-w $(distdir)
+ test -d $(distdir)/_build || exit 0; \
+ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+ && am__cwd=`pwd` \
+ && $(am__cd) $(distdir)/_build \
+ && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+ $(DISTCHECK_CONFIGURE_FLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) dvi \
+ && $(MAKE) $(AM_MAKEFLAGS) check \
+ && $(MAKE) $(AM_MAKEFLAGS) install \
+ && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+ && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+ distuninstallcheck \
+ && chmod -R a-w "$$dc_install_base" \
+ && ({ \
+ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+ } || { rm -rf "$$dc_destdir"; exit 1; }) \
+ && rm -rf "$$dc_destdir" \
+ && $(MAKE) $(AM_MAKEFLAGS) dist \
+ && rm -rf $(DIST_ARCHIVES) \
+ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+ && cd "$$am__cwd" \
+ || exit 1
+ $(am__remove_distdir)
+ @(echo "$(distdir) archives ready for distribution: "; \
+ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+ @$(am__cd) '$(distuninstallcheck_dir)' \
+ && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+ || { echo "ERROR: files left after uninstall:" ; \
+ if test -n "$(DESTDIR)"; then \
+ echo " (check DESTDIR support)"; \
+ fi ; \
+ $(distuninstallcheck_listfiles) ; \
+ exit 1; } >&2
+distcleancheck: distclean
+ @if test '$(srcdir)' = . ; then \
+ echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+ exit 1 ; \
+ fi
+ @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+ || { echo "ERROR: files left in build directory after distclean:" ; \
+ $(distcleancheck_listfiles) ; \
+ exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(DATA) config.h
+installdirs: installdirs-recursive
+installdirs-am:
+ for dir in "$(DESTDIR)$(docdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f $(am__CONFIG_DISTCLEAN_FILES)
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am: install-dist_docDATA
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f $(am__CONFIG_DISTCLEAN_FILES)
+ -rm -rf $(top_srcdir)/autom4te.cache
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-dist_docDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+ ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am am--refresh check check-am clean clean-generic \
+ ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
+ dist-hook dist-lzma dist-shar dist-tarZ dist-xz dist-zip \
+ distcheck distclean distclean-generic distclean-hdr \
+ distclean-tags distcleancheck distdir distuninstallcheck dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dist_docDATA install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ installdirs-am maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \
+ tags-recursive uninstall uninstall-am uninstall-dist_docDATA
+
+
+dist-hook: gen-ChangeLog
+ echo "$(VERSION)" > $(distdir)/VERSION
+.PHONY: gen-ChangeLog
+gen-ChangeLog:
+ set -e; \
+ if test -d $(top_srcdir)/.git; then \
+ (cd $(top_srcdir) && \
+ $(GITLOG_TO_CHANGELOG) --append-dot --tear-off \
+ --amend=scripts/git-log-fix \
+ --since=$(gen_start_date) ) > $(distdir)/cl-t; \
+ cat $(top_srcdir)/scripts/git-log-footer >> $(distdir)/cl-t; \
+ rm -f $(distdir)/ChangeLog; \
+ mv $(distdir)/cl-t $(distdir)/ChangeLog; \
+ fi
+
+stowinstall:
+ $(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/gnupg
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/NEWS b/NEWS
new file mode 100644
index 0000000..39b3438
--- /dev/null
+++ b/NEWS
@@ -0,0 +1,823 @@
+Noteworthy changes in version 2.0.19 (2012-03-27)
+-------------------------------------------------
+
+ * GPG now accepts a space separated fingerprint as a user ID. This
+ allows to copy and paste the fingerprint from the key listing.
+
+ * GPG now uses the longest key ID available. Removed support for the
+ original HKP keyserver which is not anymore used by any site.
+
+ * Rebuild the trustdb after changing the option --min-cert-level.
+
+ * Ukrainian translation.
+
+ * Honor option --cert-digest-algo when creating a cert.
+
+ * Emit a DECRYPTION_INFO status line.
+
+ * Improved detection of JPEG files.
+
+
+Noteworthy changes in version 2.0.18 (2011-08-04)
+-------------------------------------------------
+
+ * Bug fix for newer versions of Libgcrypt.
+
+ * Support the SSH confirm flag and show SSH fingerprints in ssh
+ related pinentries.
+
+ * Improved dirmngr/gpgsm interaction for OCSP.
+
+ * Allow generation of card keys up to 4096 bit.
+
+
+Noteworthy changes in version 2.0.17 (2011-01-13)
+-------------------------------------------------
+
+ * Allow more hash algorithms with the OpenPGP v2 card.
+
+ * The gpg-agent now tests for a new gpg-agent.conf on a HUP.
+
+ * Fixed output of "gpgconf --check-options".
+
+ * Fixed a bug where Scdaemon sends a signal to Gpg-agent running in
+ non-daemon mode.
+
+ * Fixed TTY management for pinentries and session variable update
+ problem.
+
+
+Noteworthy changes in version 2.0.16 (2010-07-19)
+-------------------------------------------------
+
+ * If the agent's --use-standard-socket option is active, all tools
+ try to start and daemonize the agent on the fly. In the past this
+ was only supported on W32; on non-W32 systems the new configure
+ option --enable-standard-socket may now be used to use this feature
+ by default.
+
+ * The gpg-agent commands KILLAGENT and RELOADAGENT are now available
+ on all platforms.
+
+ * Minor bug fixes.
+
+
+Noteworthy changes in version 2.0.15 (2010-03-09)
+-------------------------------------------------
+
+ * New command --passwd for GPG.
+
+ * Fixes a regression in 2.0.14 which prevented unprotection of new
+ or changed gpg-agent passphrases.
+
+ * Make use of libassuan 2.0 which is available as a DSO.
+
+
+Noteworthy changes in version 2.0.14 (2009-12-21)
+-------------------------------------------------
+
+ * The default for --include-cert is now to include all certificates
+ in the chain except for the root certificate.
+
+ * Numerical values may now be used as an alternative to the
+ debug-level keywords.
+
+ * The GPGSM --audit-log feature is now more complete.
+
+ * GPG now supports DNS lookups for SRV, PKA and CERT on W32.
+
+ * New GPGSM option --ignore-cert-extension.
+
+ * New and changed passphrases are now created with an iteration count
+ requiring about 100ms of CPU work.
+
+
+Noteworthy changes in version 2.0.13 (2009-09-04)
+-------------------------------------------------
+
+ * GPG now generates 2048 bit RSA keys by default. The default hash
+ algorithm preferences has changed to prefer SHA-256 over SHA-1.
+ 2048 bit DSA keys are now generated to use a 256 bit hash algorithm
+
+ * The envvars XMODIFIERS, GTK_IM_MODULE and QT_IM_MODULE are now
+ passed to the Pinentry to make SCIM work.
+
+ * The GPGSM command --gen-key features a --batch mode and implements
+ all features of gpgsm-gencert.sh in standard mode.
+
+ * New option --re-import for GPGSM's IMPORT server command.
+
+ * Enhanced writing of existing keys to OpenPGP v2 cards.
+
+ * Add hack to the internal CCID driver to allow the use of some
+ Omnikey based card readers with 2048 bit keys.
+
+ * GPG now repeatly asks the user to insert the requested OpenPGP
+ card. This can be disabled with --limit-card-insert-tries=1.
+
+ * Minor bug fixes.
+
+
+Noteworthy changes in version 2.0.12 (2009-06-17)
+-------------------------------------------------
+
+ * GPGSM now always lists ephemeral certificates if specified by
+ fingerprint or keygrip.
+
+ * New command "KEYINFO" for GPG_AGENT. GPGSM now also returns
+ information about smartcards.
+
+ * Made sure not to leak file descriptors if running gpg-agent with a
+ command. Restore the signal mask to solve a problem in Mono.
+
+ * Changed order of the confirmation questions for root certificates
+ and store negative answers in trustlist.txt.
+
+ * Better synchronization of concurrent smartcard sessions.
+
+ * Support 2048 bit OpenPGP cards.
+
+ * Support Telesec Netkey 3 cards.
+
+ * The gpg-protect-tool now uses gpg-agent via libassuan. Under
+ Windows the Pinentry will now be put into the foreground.
+
+ * Changed code to avoid a possible Mac OS X system freeze.
+
+
+Noteworthy changes in version 2.0.11 (2009-03-03)
+-------------------------------------------------
+
+ * Fixed a problem in SCDAEMON which caused unexpected card resets.
+
+ * SCDAEMON is now aware of the Geldkarte.
+
+ * The SCDAEMON option --allow-admin is now used by default.
+
+ * GPGCONF now restarts SCdaemon if necessary.
+
+ * The default cipher algorithm in GPGSM is now again 3DES. This is
+ due to interoperability problems with Outlook 2003 which still
+ can't cope with AES.
+
+
+Noteworthy changes in version 2.0.10 (2009-01-12)
+-------------------------------------------------
+
+ * [gpg] New keyserver helper gpg2keys_kdns as generic DNS CERT
+ lookup. Run with --help for a short description. Requires the
+ ADNS library.
+
+ * [gpg] New mechanisms "local" and "nodefault" for --auto-key-locate.
+ Fixed a few problems with this option.
+
+ * [gpg] New command --locate-keys.
+
+ * [gpg] New options --with-sig-list and --with-sig-check.
+
+ * [gpg] The option "-sat" is no longer an alias for --clearsign.
+
+ * [gpg] The option --fixed-list-mode is now implicitly used and obsolete.
+
+ * [gpg] New control statement %ask-passphrase for the unattended key
+ generation.
+
+ * [gpg] The algorithm to compute the SIG_ID status has been changed.
+
+ * [gpgsm] Now uses AES by default.
+
+ * [gpgsm] Made --output option work with --export-secret-key-p12.
+
+ * [gpg-agent] Terminate process if the own listening socket is not
+ anymore served by ourself.
+
+ * [scdaemon] Made it more robust on W32.
+
+ * [gpg-connect-agent] Accept commands given as command line arguments.
+
+ * [w32] Initialized the socket subsystem for all keyserver helpers.
+
+ * [w32] The sysconf directory has been moved from a subdirectory of
+ the installation directory to %CSIDL_COMMON_APPDATA%/GNU/etc/gnupg.
+
+ * [w32] The gnupg2.nls directory is not anymore used. The standard
+ locale directory is now used.
+
+ * [w32] Fixed a race condition between gpg and gpgsm in the use of
+ temporary file names.
+
+ * The gpg-preset-passphrase mechanism works again. An arbitrary
+ string may now be used for a custom cache ID.
+
+ * Admin PINs are cached again (bug in 2.0.9).
+
+ * Support for version 2 OpenPGP cards.
+
+ * Libgcrypt 1.4 is now required.
+
+
+Noteworthy changes in version 2.0.9 (2008-03-26)
+------------------------------------------------
+
+ * Gpgsm always tries to locate missing certificates from a running
+ Dirmngr's cache.
+
+ * Tweaks for Windows.
+
+ * The Admin PIN for OpenPGP cards may now be entered with the pinpad.
+
+ * Improved certificate chain construction.
+
+ * Extended the PKITS framework.
+
+ * Fixed a bug in the ambigious name detection.
+
+ * Fixed possible memory corruption while importing OpenPGP keys (bug
+ introduced with 2.0.8). [CVE-2008-1530]
+
+ * Minor bug fixes.
+
+
+Noteworthy changes in version 2.0.8 (2007-12-20)
+------------------------------------------------
+
+ * Enhanced gpg-connect-agent with a small scripting language.
+
+ * New option --list-config for gpgconf.
+
+ * Fixed a crash in gpgconf.
+
+ * Gpg-agent now supports the passphrase quality bar of the latest
+ Pinentry.
+
+ * The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the
+ Pinentry.
+
+ * Fixed the auto creation of the key stub for smartcards.
+
+ * Fixed a rare bug in decryption using the OpenPGP card.
+
+ * Creating DSA2 keys is now possible.
+
+ * New option --extra-digest-algo for gpgsm to allow verification of
+ broken signatures.
+
+ * Allow encryption with legacy Elgamal sign+encrypt keys with option
+ --rfc2440.
+
+ * Windows is now a supported platform.
+
+ * Made sure that under Windows the file permissions of the socket are
+ taken into account. This required a change of our socket emulation
+ code and changed the IPC protocol under Windows.
+
+
+Noteworthy changes in version 2.0.7 (2007-09-10)
+------------------------------------------------
+
+ * Fixed encryption problem if duplicate certificates are in the
+ keybox.
+
+ * Made it work on Windows Vista. Note that the entire Windows port
+ is still considered Beta.
+
+ * Add new options min-passphrase-nonalpha, check-passphrase-pattern,
+ enforce-passphrase-constraints and max-passphrase-days to
+ gpg-agent.
+
+ * Add command --check-components to gpgconf. Gpgconf now uses the
+ installed versions of the programs and does not anymore search via
+ PATH for them.
+
+
+Noteworthy changes in version 2.0.6 (2007-08-16)
+------------------------------------------------
+
+ * GPGSM does now grok --default-key.
+
+ * GPGCONF is now aware of --default-key and --encrypt-to.
+
+ * GPGSM does again correctly print the serial number as well the the
+ various keyids. This was broken since 2.0.4.
+
+ * New option --validation-model and support for the chain-model.
+
+ * Improved Windows support.
+
+
+Noteworthy changes in version 2.0.5 (2007-07-05)
+------------------------------------------------
+
+ * Switched license to GPLv3.
+
+ * Basic support for Windows. Run "./autogen.sh --build-w32" to build
+ it. As usual the mingw cross compiling toolchain is required.
+
+ * Fixed bug when using the --p12-charset without --armor.
+
+ * The command --gen-key may now be used instead of the
+ gpgsm-gencert.sh script.
+
+ * Changed key generation to reveal less information about the
+ machine. Bug fixes for gpg2's card key generation.
+
+
+Noteworthy changes in version 2.0.4 (2007-05-09)
+------------------------------------------------
+
+ * The server mode key listing commands are now also working for
+ systems without the funopen/fopencookie API.
+
+ * PKCS#12 import now tries several encodings in case the passphrase
+ was not utf-8 encoded. New option --p12-charset for gpgsm.
+
+ * Improved the libgcrypt logging support in all modules.
+
+
+Noteworthy changes in version 2.0.3 (2007-03-08)
+------------------------------------------------
+
+ * By default, do not allow processing multiple plaintexts in a single
+ stream. Many programs that called GnuPG were assuming that GnuPG
+ did not permit this, and were thus not using the plaintext boundary
+ status tags that GnuPG provides. This change makes GnuPG reject
+ such messages by default which makes those programs safe again.
+ --allow-multiple-messages returns to the old behavior. [CVE-2007-1263].
+
+ * New --verify-option show-primary-uid-only.
+
+ * gpgconf may now reads a global configuration file to select which
+ options are changeable by a frontend. The new applygnupgdefaults
+ tool may be used by an admin to set default options for all users.
+
+ * The PIN pad of the Cherry XX44 keyboard is now supported. The
+ DINSIG and the NKS applications are now also aware of PIN pads.
+
+
+Noteworthy changes in version 2.0.2 (2007-01-31)
+------------------------------------------------
+
+ * Fixed a serious and exploitable bug in processing encrypted
+ packages. [CVE-2006-6235].
+
+ * Added --passphrase-repeat to set the number of times GPG will
+ prompt for a new passphrase to be repeated. This is useful to help
+ memorize a new passphrase. The default is 1 repetition.
+
+ * Using a PIN pad does now also work for the signing key.
+
+ * A warning is displayed by gpg-agent if a new passphrase is too
+ short. New option --min-passphrase-len defaults to 8.
+
+ * The status code BEGIN_SIGNING now shows the used hash algorithms.
+
+
+Noteworthy changes in version 2.0.1 (2006-11-28)
+------------------------------------------------
+
+ * Experimental support for the PIN pads of the SPR 532 and the Kaan
+ Advanced card readers. Add "disable-keypad" scdaemon.conf if you
+ don't want it. Does currently only work for the OpenPGP card and
+ its authentication and decrypt keys.
+
+ * Fixed build problems on some some platforms and crashes on amd64.
+
+ * Fixed a buffer overflow in gpg2. [bug#728,CVE-2006-6169]
+
+
+Noteworthy changes in version 2.0.0 (2006-11-11)
+------------------------------------------------
+
+ * First stable version of a GnuPG integrating OpenPGP and S/MIME.
+
+
+Noteworthy changes in version 1.9.95 (2006-11-06)
+-------------------------------------------------
+
+ * Minor bug fixes.
+
+
+Noteworthy changes in version 1.9.94 (2006-10-24)
+-------------------------------------------------
+
+ * Keys for gpgsm may now be specified using a keygrip. A keygrip is
+ indicated by a prefixing it with an ampersand.
+
+ * gpgconf now supports switching the CMS cipher algo (e.g. to AES).
+
+ * New command --gpgconf-test for all major tools. This may be used to
+ check whether the configuration file is sane.
+
+
+Noteworthy changes in version 1.9.93 (2006-10-18)
+-------------------------------------------------
+
+ * In --with-validation mode gpgsm will now also ask whether a root
+ certificate should be trusted.
+
+ * Link to Pth only if really necessary.
+
+ * Fixed a pubring corruption bug in gpg2 occurring when importing
+ signatures or keys with insane lengths.
+
+ * Fixed v3 keyID calculation bug in gpg2.
+
+ * More tweaks for certificates without extensions.
+
+
+Noteworthy changes in version 1.9.92 (2006-10-11)
+-------------------------------------------------
+
+ * Bug fixes.
+
+
+Noteworthy changes in version 1.9.91 (2006-10-04)
+-------------------------------------------------
+
+ * New "relax" flag for trustlist.txt to allow root CA certificates
+ without BasicContraints.
+
+ * [gpg2] Removed the -k PGP 2 compatibility hack. -k is now an
+ alias for --list-keys.
+
+ * [gpg2] Print a warning if "-sat" is used instead of "--clearsign".
+
+
+Noteworthy changes in version 1.9.90 (2006-09-25)
+-------------------------------------------------
+
+ * Made readline work for gpg.
+
+ * Cleanups und minor bug fixes.
+
+ * Included translations from gnupg 1.4.5.
+
+
+Noteworthy changes in version 1.9.23 (2006-09-18)
+-------------------------------------------------
+
+ * Regular man pages for most tools are now build directly from the
+ Texinfo source.
+
+ * The gpg code from 1.4.5 has been fully merged into this release.
+ The configure option --enable-gpg is still required to build this
+ gpg part. For production use of OpenPGP the gpg version 1.4.5 is
+ still recommended. Note, that gpg will be installed under the name
+ gpg2 to allow coexisting with an 1.4.x gpg.
+
+ * API change in gpg-agent's pkdecrypt command. Thus an older gpgsm
+ may not be used with the current gpg-agent.
+
+ * The scdaemon will now call a script on reader status changes.
+
+ * gpgsm now allows file descriptor passing for "INPUT", "OUTPUT" and
+ "MESSAGE".
+
+ * The gpgsm server may now output a key listing to the output file
+ handle. This needs to be enabled using "OPTION list-to-output=1".
+
+ * The --output option of gpgsm has now an effect on list-keys.
+
+ * New gpgsm commands --dump-chain and list-chain.
+
+ * gpg-connect-agent has new options to utilize descriptor passing.
+
+ * A global trustlist may now be used. See doc/examples/trustlist.txt.
+
+ * When creating a new pubring.kbx keybox common certificates are
+ imported.
+
+
+Noteworthy changes in version 1.9.22 (2006-07-27)
+-------------------------------------------------
+
+ * Enhanced pkcs#12 support to allow import from simple keyBags.
+
+ * Exporting to pkcs#12 now create bag attributes so that Mozilla is
+ able to import the files.
+
+ * Fixed uploading of certain keys to the smart card.
+
+
+Noteworthy changes in version 1.9.21 (2006-06-20)
+-------------------------------------------------
+
+ * New command APDU for scdaemon to allow using it for general card
+ access. Might be used through gpg-connect-agent by using the SCD
+ prefix command.
+
+ * Support for the CardMan 4040 PCMCIA reader (Linux 2.6.15 required).
+
+ * Scdaemon does not anymore reset cards at the end of a connection.
+
+ * Kludge to allow use of Bundesnetzagentur issued X.509 certificates.
+
+ * Added --hash=xxx option to scdaemon's PKSIGN command.
+
+ * Pkcs#12 files are now created with a MAC. This is for better
+ interoperability.
+
+ * Collected bug fixes and minor other changes.
+
+
+Noteworthy changes in version 1.9.20 (2005-12-20)
+-------------------------------------------------
+
+ * Importing pkcs#12 files created be recent versions of Mozilla works
+ again.
+
+ * Basic support for qualified signatures.
+
+ * New debug tool gpgparsemail.
+
+
+Noteworthy changes in version 1.9.19 (2005-09-12)
+-------------------------------------------------
+
+ * The Belgian eID card is now supported for signatures and ssh.
+ Other pkcs#15 cards should work as well.
+
+ * Fixed bug in --export-secret-key-p12 so that certificates are again
+ included.
+
+
+Noteworthy changes in version 1.9.18 (2005-08-01)
+-------------------------------------------------
+
+ * [gpgsm] Now allows for more than one email address as well as URIs
+ and dnsNames in certificate request generation. A keygrip may be
+ given to create a request from an existing key.
+
+ * A couple of minor bug fixes.
+
+
+Noteworthy changes in version 1.9.17 (2005-06-20)
+-------------------------------------------------
+
+ * gpg-connect-agent has now features to handle Assuan INQUIRE
+ commands.
+
+ * Internal changes for OpenPGP cards. New Assuan command WRITEKEY.
+
+ * GNU Pth is now a hard requirement.
+
+ * [scdaemon] Support for OpenSC has been removed. Instead a new and
+ straightforward pkcs#15 modules has been written. As of now it
+ does allows only signing using TCOS cards but we are going to
+ enhance it to match all the old capabilities.
+
+ * [gpg-agent] New option --write-env-file and Assuan command
+ UPDATESTARTUPTTY.
+
+ * [gpg-agent] New option --default-cache-ttl-ssh to set the TTL for
+ SSH passphrase caching independent from the other passphrases.
+
+
+Noteworthy changes in version 1.9.16 (2005-04-21)
+-------------------------------------------------
+
+ * gpg-agent does now support the ssh-agent protocol and thus allows
+ to use the pinentry as well as the OpenPGP smartcard with ssh.
+
+ * New tool gpg-connect-agent as a general client for the gpg-agent.
+
+ * New tool symcryptrun as a wrapper for certain encryption tools.
+
+ * The gpg tool is not anymore build by default because those gpg
+ versions available in the gnupg 1.4 series are far more matured.
+
+
+Noteworthy changes in version 1.9.15 (2005-01-13)
+-------------------------------------------------
+
+ * Fixed passphrase caching bug.
+
+ * Better support for CCID readers; the reader from Cherry RS 6700 USB
+ does now work.
+
+
+Noteworthy changes in version 1.9.14 (2004-12-22)
+-------------------------------------------------
+
+ * [gpg-agent] New option --use-standard-socket to allow the use of a
+ fixed socket. gpgsm falls back to this socket if GPG_AGENT_INFO
+ has not been set.
+
+ * Ported to MS Windows with some functional limitations.
+
+ * New tool gpg-preset-passphrase.
+
+
+Noteworthy changes in version 1.9.13 (2004-12-03)
+-------------------------------------------------
+
+ * [gpgsm] New option --prefer-system-dirmngr.
+
+ * Minor cleanups and debugging aids.
+
+
+Noteworthy changes in version 1.9.12 (2004-10-22)
+-------------------------------------------------
+
+ * [scdaemon] Partly rewrote the PC/SC code.
+
+ * Removed the sc-investigate tool. It is now in a separate package
+ available at ftp://ftp.g10code.com/g10code/gscutils/ .
+
+ * [gpg-agent] Fixed logging problem.
+
+
+Noteworthy changes in version 1.9.11 (2004-10-01)
+-------------------------------------------------
+
+ * When using --import along with --with-validation, the imported
+ certificates are validated and only imported if they are fully
+ valid.
+
+ * [gpg-agent] New option --max-cache-ttl.
+
+ * [gpg-agent] When used without --daemon or --server, gpg-agent now
+ check whether a agent is already running and usable.
+
+ * Fixed some i18n problems.
+
+
+Noteworthy changes in version 1.9.10 (2004-07-22)
+-------------------------------------------------
+
+ * Fixed a serious bug in the checking of trusted root certificates.
+
+ * New configure option --enable-agent-pnly allows to build and
+ install just the agent.
+
+ * Fixed a problem with the log file handling.
+
+
+Noteworthy changes in version 1.9.9 (2004-06-08)
+------------------------------------------------
+
+ * [gpg-agent] The new option --allow-mark-trusted is now required to
+ allow gpg-agent to add a key to the trustlist.txt after user
+ confirmation.
+
+ * Creating PKCS#10 requests does now honor the key usage.
+
+
+Noteworthy changes in version 1.9.8 (2004-04-29)
+------------------------------------------------
+
+ * [scdaemon] Overhauled the internal CCID driver.
+
+ * [scdaemon] Status files named ~/.gnupg/reader_<n>.status are now
+ written when using the internal CCID driver.
+
+ * [gpgsm] New commands --dump-{,secret,external}-keys to show a very
+ detailed view of the certificates.
+
+ * The keybox gets now compressed after 3 hours and ephemeral
+ stored certificates are deleted after about a day.
+
+ * [gpg] Usability fixes for --card-edit. Note, that this has already
+ been ported back to gnupg-1.3
+
+
+Noteworthy changes in version 1.9.7 (2004-04-06)
+------------------------------------------------
+
+ * Instrumented the modules for gpgconf.
+
+ * Added support for DINSIG card applications.
+
+ * Include the smimeCapabilities attribute with signed messages.
+
+ * Now uses the gettext domain "gnupg2" to avoid conflicts with gnupg
+ versions < 1.9.
+
+
+Noteworthy changes in version 1.9.6 (2004-03-06)
+------------------------------------------------
+
+ * Code cleanups and bug fixes.
+
+
+Noteworthy changes in version 1.9.5 (2004-02-21)
+------------------------------------------------
+
+ * gpg-protect-tool gets now installed into libexec as it ought to be.
+ Cleaned up the build system to better comply with the coding
+ standards.
+
+ * [gpgsm] The --import command is now able to autodetect pkcs#12
+ files and import secret and private keys from this file format.
+ A new command --export-secret-key-p12 is provided to allow
+ exporting of secret keys in PKCS\#12 format.
+
+ * [gpgsm] The pinentry will now present a description of the key for
+ whom the passphrase is requested.
+
+ * [gpgsm] New option --with-validation to check the validity of key
+ while listing it.
+
+ * New option --debug-level={none,basic,advanced,expert,guru} to map
+ the debug flags to sensitive levels on a per program base.
+
+
+Noteworthy changes in version 1.9.4 (2004-01-30)
+------------------------------------------------
+
+ * Added support for the Telesec NKS 2.0 card application.
+
+ * Added simple tool addgnupghome to create .gnupg directories from
+ /etc/skel/.gnupg.
+
+ * Various minor bug fixes and cleanups; mainly gpgsm and gpg-agent
+ related.
+
+
+Noteworthy changes in version 1.9.3 (2003-12-23)
+------------------------------------------------
+
+ * New gpgsm options --{enable,disable}-ocsp to validate keys using
+ OCSP. This option requires a not yet released DirMngr version.
+ Default is disabled.
+
+ * The --log-file option may now be used to print logs to a socket.
+ Prefix the socket name with "socket://" to enable this. This does
+ not work on all systems and falls back to stderr if there is a
+ problem with the socket.
+
+ * The options --encrypt-to and --no-encrypt-to now work the same in
+ gpgsm as in gpg. Note, they are also used in server mode.
+
+ * Duplicated recipients are now silently removed in gpgsm.
+
+
+Noteworthy changes in version 1.9.2 (2003-11-17)
+------------------------------------------------
+
+ * On card key generation is no longer done using the --gen-key
+ command but from the menu provided by the new --card-edit command.
+
+ * PINs are now properly cached and there are only 2 PINs visible.
+ The 3rd PIN (CHV2) is internally syncronized with the regular PIN.
+
+ * All kind of other internal stuff.
+
+
+Noteworthy changes in version 1.9.1 (2003-09-06)
+------------------------------------------------
+
+ * Support for OpenSC is back. scdaemon supports a --disable-opensc to
+ disable OpenSC use at runtime, so that PC/SC or ct-API can still be
+ used directly.
+
+ * Rudimentary support for the SCR335 smartcard reader using an
+ internal driver. Requires current libusb from CVS.
+
+ * Bug fixes.
+
+
+Noteworthy changes in version 1.9.0 (2003-08-05)
+------------------------------------------------
+
+ ====== PLEASE SEE README-alpha =======
+
+ * gpg has been renamed to gpg2 and gpgv to gpgv2. This is a
+ temporary change to allow co-existing with stable gpg versions.
+
+ * ~/.gnupg/gpg.conf-1.9.0 is fist tried as config file before the
+ usual gpg.conf.
+
+ * Removed the -k, -kv and -kvv commands. -k is now an alias to
+ --list-keys. New command -K as alias for --list-secret-keys.
+
+ * Removed --run-as-shm-coprocess feature.
+
+ * gpg does now also use libgcrypt, libgpg-error is required.
+
+ * New gpgsm commands --call-dirmngr and --call-protect-tool.
+
+ * Changing a passphrase is now possible using "gpgsm --passwd"
+
+ * The content-type attribute is now recognized and created.
+
+ * The agent does now reread certain options on receiving a HUP.
+
+ * The pinentry is now forked for each request so that clients with
+ different environments are supported. When running in daemon mode
+ and --keep-display is not used the DISPLAY variable is ignored.
+
+ * Merged stuff from the newpg branch and started this new
+ development branch.
+
+
+ Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
+ 2010, 2011 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/README b/README
new file mode 100644
index 0000000..e7289c9
--- /dev/null
+++ b/README
@@ -0,0 +1,151 @@
+ The GNU Privacy Guard 2
+ =========================
+ Version 2.0
+
+ Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ 2005, 2006, 2007, 2008, 2009, 2010, 2011,
+ 2012 Free Software Foundation, Inc.
+
+
+INTRODUCTION
+============
+
+GnuPG is GNU's tool for secure communication and data storage. It can
+be used to encrypt data and to create digital signatures. It includes
+an advanced key management facility and is compliant with the proposed
+OpenPGP Internet standard as described in RFC4880 and the S/MIME
+standard as described by several RFCs.
+
+GnuPG is distributed under the terms of the GNU General Public
+License. See the file COPYING for details. GnuPG works best on
+GNU/Linux or *BSD systems. Most other Unices are also supported but
+are not as well tested as the Free Unices.
+
+GnuPG 2.0 is the stable version of GnuPG integrating support for
+OpenPGP and S/MIME. It does not conflict with an installed 1.4
+OpenPGP-only version.
+
+
+
+BUILD INSTRUCTIONS
+==================
+
+GnuPG 2.0 depends on the following packages:
+
+ libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/)
+ libgcrypt (ftp://ftp.gnupg.org/gcrypt/libgcrypt/)
+ libksba (ftp://ftp.gnupg.org/gcrypt/libksba/)
+ libassuan >= 2.0 (ftp://ftp.gnupg.org/gcrypt/libassuan/)
+
+You also need the Pinentry package for most function of GnuPG; however
+it is not a build requirement. Pinentry is available at
+ftp://ftp.gnupg.org/gcrypt/pinentry/ .
+
+You should get the latest versions of course, the GnuPG configure
+script complains if a version is not sufficient.
+
+After building and installing the above packages in the order as given
+above, you may now continue with GnuPG installation (you may also just
+try to build GnuPG to see whether your already installed versions are
+sufficient).
+
+As with all packages, you just have to do
+
+ ./configure
+ make
+ make install
+
+(Before doing install you might need to become root.)
+
+If everything succeeds, you have a working GnuPG with support for
+S/MIME and smartcards. Note that there is no binary gpg but a gpg2 so
+that this package won't conflict with a GnuPG 1.4 installation. gpg2
+behaves just like gpg.
+
+In case of problem please ask on gnupg-users@gnupg.org for advise.
+
+Note that the PKITS tests are always skipped unless you copy the PKITS
+test data file into the tests/pkits directory.
+
+
+DOCUMENTATION
+=============
+
+The complete documentation is in the texinfo manual named
+`gnupg.info'. Run "info gnupg" to read it. If you want a a printable
+copy of the manual, change to the "doc" directory and enter "make pdf"
+For a HTML version enter "make html" and point your browser to
+gnupg.html/index.html. Standard man pages for all components are
+provided as well. An online version of the manual is available at
+http://www.gnupg.org/documentation/manuals/gnupg/ . A version of the
+manual pertaining to the current development snapshot is at
+http://www.gnupg.org/documentation/manuals/gnupg-devel/ .
+
+
+GNUPG 1.4 AND GNUPG 2.0
+=======================
+
+GnuPG 2.0 is a newer version of GnuPG with additional support for
+S/MIME. It has a different design philosophy that splits
+functionality up into several modules. Both versions may be installed
+simultaneously without any conflict (gpg is called gpg2 in GnuPG 2).
+In fact, the gpg version from GnuPG 1.4 is able to make use of the
+gpg-agent as included in GnuPG 2 and allows for seamless passphrase
+caching. The advantage of GnuPG 1.4 is its smaller size and no
+dependency on other modules at run and build time.
+
+
+HOW TO GET MORE INFORMATION
+===========================
+
+The primary WWW page is "http://www.gnupg.org"
+The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"
+
+See http://www.gnupg.org/download/mirrors.html for a list of mirrors
+and use them if possible. You may also find GnuPG mirrored on some of
+the regular GNU mirrors.
+
+We have some mailing lists dedicated to GnuPG:
+
+ gnupg-announce@gnupg.org For important announcements like new
+ versions and such stuff. This is a
+ moderated list and has very low traffic.
+ Do not post to this list.
+
+ gnupg-users@gnupg.org For general user discussion and
+ help (English).
+
+ gnupg-de@gnupg.org German speaking counterpart of
+ gnupg-users.
+
+ gnupg-ru@gnupg.org Russian speaking counterpart of
+ gnupg-users.
+
+ gnupg-devel@gnupg.org GnuPG developers main forum.
+
+You subscribe to one of the list by sending mail with a subject of
+"subscribe" to x-request@gnupg.org, where x is the name of the mailing
+list (gnupg-announce, gnupg-users, etc.). An archive of the mailing
+lists is available at <http://www.gnupg.org/documentation/mailing-lists.html>.
+
+Please direct bug reports to http://bugs.gnupg.org or post them direct
+to the mailing list <gnupg-devel@gnupg.org>.
+
+Please direct questions about GnuPG to the users mailing list or one
+of the pgp newsgroups; please do not direct questions to one of the
+authors directly as we are busy working on improvements and bug fixes.
+The English and German mailing lists are watched by the authors and we
+try to answer questions when time allows us to do so.
+
+Commercial grade support for GnuPG is available; please see
+<http://www.gnupg.org/service.html>.
+
+
+ This file is Free Software; as a special exception the authors gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved. For conditions
+ of the whole package, please see the file COPYING. This file is
+ distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY, to the extent permitted by law; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
diff --git a/README.SVN b/README.SVN
new file mode 100644
index 0000000..c642282
--- /dev/null
+++ b/README.SVN
@@ -0,0 +1,51 @@
+If you are building from Subversion, run the script
+
+./autogen.sh
+
+first, to make sure that you have all the necessary maintainer tools
+are installed and to build the actual configuration files. If you
+have just updated from SVN, you should add the option "--force" to
+autogen.sh so that meta data from SVN is noticed. Then run
+
+./configure --enable-maintainer-mode
+
+followed by the usual make.
+
+If autogen.sh complains about insufficient versions of the required
+tools, or the tools are not installed, you may use environment
+variables to override the default tool names:
+
+ AUTOMAKE_SUFFIX is used as a suffix for all tools from the automake
+ package. For example
+ AUTOMAKE_SUFFIX="-1.7" ./autogen.sh
+ uses "automake-1.7" and "aclocal-1.7.
+ AUTOMAKE_PREFIX is used as a prefix for all tools from the automake
+ page and may be combined with AUTOMAKE_SUFFIX. e.g.:
+ AUTOMAKE_PREFIX=/usr/foo/bin ./autogen.sh
+ uses "automake" and "aclocal" in the /usr/foo/bin
+ directory.
+ AUTOCONF_SUFFIX is used as a suffix for all tools from the automake
+ package
+ AUTOCONF_PREFIX is used as a prefix for all tools from the automake
+ package
+ GETTEXT_SUFFIX is used as a suffix for all tools from the gettext
+ package
+ GETTEXT_PREFIX is used as a prefix for all tools from the gettext
+ package
+
+It is also possible to use the variable name AUTOMAKE, AUTOCONF,
+ACLOCAL, AUTOHEADER, GETTEXT and MSGMERGE to directly specify the name
+of the programs to run. It is however better to use the suffix and
+prefix forms as described above because that does not require
+knowledge about the actual tools used by autgen.sh.
+
+
+Please don't use autopoint, libtoolize or autoreconf unless you are
+the current maintainer and want to update the standard configuration
+files. All those files should be in the SVN and only updated manually
+if the maintainer decides that newer versions are required. The
+maintainer should also make sure that the required version of automake
+et al. are properly indicated at the top of configure.ac and take care
+to copy the files and not merely use symlinks.
+
+
diff --git a/THANKS b/THANKS
new file mode 100644
index 0000000..10e8631
--- /dev/null
+++ b/THANKS
@@ -0,0 +1,294 @@
+GnuPG was originally written by Werner Koch. Other people contributed
+by reporting problems, suggesting various improvements or submitting
+actual code. Here is a list of those people. Help us keep it
+complete and free of errors.
+
+
+Adam Mitchell adam at cafe21.org
+Alain Guibert alguibert+gpd at free.fr
+Albert Chin china at thewrittenword.com
+Alec Habig habig at budoe2.bu.edu
+Alexander Belopolsky belopolsky at mac.com
+Allan Clark allanc at sco.com
+Anand Kumria wildfire at progsoc.uts.edu.au
+Andreas Haumer andreas at xss.co.at
+Andrew J. Schorr aschorr at telemetry-investments.com
+Anthony Carrico acarrico at memebeam.org
+Anthony Mulcahy anthony at kcn.ne.jp
+Ariel T Glenn ariel at columbia.edu
+ARIGA Seiji ariga at os.rim.or.jp
+Benjamin Donnachie benjamin at py-soft.co.uk
+Bernhard Herzog bh at intevation.de
+Bernard Leak thisisnotapipe.a-t.hotmail.com
+Bernhard Reiter bernhard at intevation.de
+Billy Halsey bshalsey at paxoo.com
+Bob Dunlop bob at xyzzy.org.uk
+Bob Mathews bobmathews at mindspring.com
+Bodo Moeller Bodo_Moeller at public.uni-hamburg.de
+Brendan O'Dea bod at debian.org
+Brenno de Winter brenno at dewinter.com
+Brian M. Carlson karlsson at hal-pc.org
+Brian Moore bem at cmc.net
+Brian Warner warner at lothar.com
+Bryan Fullerton bryanf at samurai.com
+Bryce Nichols bryce at bnichols.org
+Carl Meijer carlm at prism.co.za
+Caskey L. Dickson caskey at technocage.com
+Cees van de Griend cees-list at griend.xs4all.nl
+Charles Levert charles at comm.polymtl.ca
+Charly Avital shavital at mac.com
+Chip Salzenberg chip at valinux.com
+Chris Adams cmadams at hiwaay.net
+Christian Biere christianbiere at gmx.de
+Christian Kurz shorty at debian.org
+Christian von Roques roques at pond.sub.org
+Christopher Oliver oliver at fritz.traverse.net
+Christian Recktenwald chris at citecs.de
+Colin Tuckley colin at tuckley.org
+Daiki Ueno ueno at unixuser.org
+Dan Winship danw at helixcode.com
+Daniel Eisenbud eisenbud at cs.swarthmore.edu
+Daniel Kahn Gillmor dkg at fifthhorseman dot net
+Daniel Koening dan at chaosdorf.de
+Daniel Leidert daniel leidert at wgdd.de
+Daniel Resare daniel at resare.com
+Dany Nativel dany at natzo.com
+Dave Dykstra dwd at bell-labs.com
+David C Niemi niemi at tuxers.net
+David Champion dgc at uchicago.edu
+David D. Scribner dscribner at bigfoot.com
+David Ellement ellement at sdd.hp.com
+David Hallinan hallinan at rtd.com
+David Hollenberg dhollen at ISI.EDU
+David Mathog MATHOG at seqaxp.bio.caltech.edu
+David R. Bergstein dbergstein at home.com
+David Shaw dshaw at jabberwocky.com
+Detlef Lannert lannert at lannert.rz.uni-duesseldorf.de
+Dimitri dmitri at advantrix.com
+Dirk Lattermann dlatt at t-online.de
+Dirk Meyer dirk.meyer at dinoex.sub.org
+Disastry Disastry at saiknes.lv
+Douglas Calvert dfc at anize.org
+Ed Boraas ecxjo at esperanto.org
+Edmund GRIMLEY EVANS edmundo at rano.org
+Edwin Woudt edwin at woudt.nl
+Enzo Michelangeli em at MailAndNews.com
+Ernst Molitor ernst.molitor at uni-bonn.de
+Evgeny Legerov
+Fabian Keil fk at fabiankeil de
+Fabio Coatti cova at ferrara.linux.it
+Felix von Leitner leitner at amdiv.de
+fish stiqz fish at analog.org
+Florian Weimer Florian.Weimer at rus.uni-stuttgart.de
+Francesco Potorti pot at gnu.org
+Frank Donahoe fdonahoe at wilkes1.wilkes.edu
+Frank Heckenbach heckenb at mi.uni-erlangen.de
+Frank Stajano frank.stajano at cl.cam.ac.uk
+Frank Tobin ftobin at uiuc.edu
+Gabriel Rosenkoetter gr at eclipsed.net
+Gaël Quéri gael at lautre.net
+Gene Carter gcarter at lanier.com
+Geoff Keating geoffk at ozemail.com.au
+Georg Schwarz georg.schwarz at iname.com
+Giampaolo Tomassoni g.tomassoni at libero.it
+Gilbert Fernandes gilbert_fernandes at hotmail.com
+Grant Olson kgo at grant-olson net
+Greg Louis glouis at dynamicro.on.ca
+Greg Troxel gdt at ir.bbn.com
+Gregory Steuck steuck at iname.com
+Harald Denker harry at hal.westfalen.de
+Holger Baust Holger.Baust at freenet-ag.de
+Henrik Nordstrom henrik at henriknordstrom.net
+Hendrik Buschkamp buschkamp at rheumanet.org
+Holger Schurig holger at d.om.org
+Holger Smolinski smolinsk at de.ibm.com
+Holger Trapp Holger.Trapp at informatik.tu-chemnitz.de
+Hugh Daniel hugh at toad.com
+Huy Le huyle at ugcs.caltech.edu
+Ian McKellar imckellar at harvestroad.com.au
+Ingo Klöcker kloecker at kde.org
+Ivo Timmermans itimmermans at bigfoot.com
+Jan Krueger max at physics.otago.ac.nz
+Jan Niehusmann jan at gondor.com
+Jan-0liver Wagner jan @ intevation.de
+Janusz A. Urbanowicz alex at bofh.torun.pl
+James Troup james at nocrew.org
+Jean-loup Gailly gzip at prep.ai.mit.edu
+Jeff Long long at kestrel.cc.ukans.edu
+Jeffery Von Ronne jronne at ics.uci.edu
+Jens Bachem bachem at rrz.uni-koeln.de
+Jens Seidel jensseidel at users.sf.net
+Jeroen C. van Gelderen jeroen at vangelderen.org
+Jeroen Schot schot at a-eskwadraat nl
+J Horacio MG homega at ciberia.es
+J. Michael Ashley jashley at acm.org
+Jim Bauer jfbauer at home.com
+Jim Small cavenewt at my-deja.com
+Joachim Backes backes at rhrk.uni-kl.de
+Joe Rhett jrhett at isite.net
+Joerg Honegger Joerg.Honegger at hp.com
+John A. Martin jam at jamux.com
+John Clizbe JPClizbe at comcast.net
+John R. Shannon john at johnrshannon.com
+Johnny Teveßen j.tevessen at gmx.de
+Jörg Schilling schilling at fokus.gmd.de
+Jos Backus Jos.Backus at nl.origin-it.com
+Joseph Walton joe at kafsemo.org
+Juan F. Codagnone juam at arnet.com.ar
+Jun Kuriyama kuriyama at sky.rim.or.jp
+Kahil D. Jallad kdj4 at cs.columbia.edu
+Karl Fogel kfogel at guanabana.onshore.com
+Karsten Thygesen karthy at kom.auc.dk
+Katsuhiro Kondou kondou at nec.co.jp
+Kazu Yamamoto kazu at iij.ad.jp
+Kazuyoshi Kakihara
+Keith Clayton keith at claytons.org
+Ken Takusagawa ken.takusagawa.2 at gmail.com
+Kevin Ryde user42 at zip.com.au
+Kiss Gabor kissg at ssg.ki.iif.hu
+Klaus Singvogel ks at caldera.de
+Kurt Garloff garloff at suse.de
+Lars Kellogg-Stedman lars at bu.edu
+L. Sassaman rabbi at quickie.net
+M Taylor mctaylor at privacy.nb.ca
+Marcel Waldvogel mwa at arl.wustl.edu
+Marco d'Itri md at linux.it
+Marco Parrone marc0 at autistici.org
+Marcus Brinkmann Marcus.Brinkmann at ruhr-uni-bochum.de
+Mark Adler madler at alumni.caltech.edu
+Mark Elbrecht snowball3 at bigfoot.com
+Mark Pettit pettit at yahoo-inc.com
+Markus Friedl Markus.Friedl at informatik.uni-erlangen.de
+Martin Kahlert martin.kahlert at provi.de
+Martin Hamilton
+Martin Schulte schulte at thp.uni-koeln.de
+Matt Kraai kraai at alumni.carnegiemellon.edu
+Matthew Skala mskala at ansuz.sooke.bc.ca
+Matthew Wilcox matthew at wil.cx
+Matthias Urlichs smurf at noris.de
+Max Valianskiy maxcom at maxcom.ml.org
+Michael Engels michael.engels at uni-duesseldorf.de
+Michael Fischer v. Mollard mfvm at gmx.de
+Michael Nottebrock michaelnottebrock at gmx.net
+Michael Roth mroth at nessie.de
+Michael Sobolev mss at despair.transas.com
+Michael Tokarev mjt at tls.msk.ru
+Mike Dowling ML.Dowling at tu-bs.de
+Mike McEwan mike at lotusland.demon.co.uk
+Moritz Schulte moritz at chaosdorf.de
+Neal H Walfield neal at cs.uml.edu
+Nelson H. F. Beebe beebe at math.utah.edu
+Nicolas Graner Nicolas.Graner at cri.u-psud.fr
+NIIBE Yutaka gniibe at chroot.org
+Niklas Hernaeus
+Nimrod Zimerman zimerman at forfree.at
+Norihiko Murase skeleten at shillest.net
+N J Doye nic at niss.ac.uk
+Oliver Haakert haakert at hsp.de
+Oskari Jääskeläinen f33003a at cc.hut.fi
+Pascal Scheffers Pascal at scheffers.net
+Paul D. Smith psmith at baynetworks.com
+Per Cederqvist ceder at lysator.liu.se
+Petr Cerny pcerny at suse.cz
+Phil Blundell pb at debian.org
+Philippe Laliberte arsphl at oeil.qc.ca
+Peter Fales psfales at lucent.com
+Peter Gutmann pgut001 at cs.auckland.ac.nz
+Peter Marschall Peter.Marschall at gedos.de
+Peter Valchev pvalchev at openbsd.org
+Petr Uzel petr.uzel at suse cz
+Phong Nguyen Phong.Nguyen at ens.fr
+Piotr Krukowiecki piotr at pingu.ii.uj.edu.pl
+QingLong qinglong at bolizm.ihep.su
+Ralph Gillen gillen at theochem.uni-duesseldorf.de
+Rat ratinox at peorth.gweep.net
+Ray Link rlink at pitt.edu
+Reinhard Wobst R.Wobst at ifw-dresden.de
+Rémi Guyomarch rguyom at mail.dotcom.fr
+Reuben Sumner rasumner at wisdom.weizmann.ac.il
+Richard Lefebvre rick at cerca.umontreal.ca
+Richard Outerbridge outer at interlog.com
+Richard Patterson vectro at yahoo.com
+Robert Joop rj at rainbow.in-berlin.de
+Roddy Strachan roddy at satlink.com.au
+Roger Sondermann r.so at bigfoot.com
+Roland Rosenfeld roland at spinnaker.rhein.de
+Roman Pavlik rp at tns.cz
+Ross Golder rossigee at bigfoot.com
+Russell Coker russell at coker.com.au
+Ryan Malayter rmalayter at bai.org
+Sam Roberts sam at cogent.ca
+Sami Tolvanen sami at tolvanen.com
+Sascha Kiefer sk at intertivity.com
+Scott Worley sworley at chkno.net
+Sean MacLennan seanm at netwinder.org
+Sebastian Klemke packet at convergence.de
+Serge Munhoven munhoven at mema.ucl.ac.be
+SL Baur steve at xemacs.org
+Sten Lindgren ged at solace dot miun dot se
+Stefan Bellon sbellon at sbellon.de
+Dr.Stefan.Dalibor Dr.Stefan.Dalibor at bfa.de
+Stefan Karrmann S.Karrmann at gmx.net
+Stefan Keller dres at cs.tu-berlin.de
+Steffen Ullrich ccrlphr at xensei.com
+Steffen Zahn zahn at berlin.snafu.de
+Steven Bakker steven at icoe.att.com
+Steven Murdoch sjmurdoch at bigfoot.com
+Stoyan Angelov s_angelov at filibeto.org
+Susanne Schultz schultz at hsp.de
+Tavis Ormandy taviso at gentoo.org
+Ted Cabeen secabeen at pobox.com
+Thiago Jung Bauermann jungmann at cwb.matrix.com.br
+Thijmen Klok thijmen at xs4all.nl
+Thomas Roessler roessler at guug.de
+Tim Mooney mooney at dogbert.cc.ndsu.nodak.edu
+Timo Schulz twoaday at freakmail.de
+Tobias Winkler tobias.winkler at s1998.tu-chemnitz.de
+Todd Vierling tv at pobox.com
+TOGAWA Satoshi Satoshi.Togawa at jp.yokogawa.com
+Tom Duerbusch DuerbuschT at stlouiscity.com
+Tom Pegios tomp at idirect.com
+Tom Spindler dogcow at home.merit.edu
+Tom Zerucha tzeruch at ceddec.com
+Tomas Fasth tomas.fasth at twinspot.net
+Tommi Komulainen Tommi.Komulainen at iki.fi
+Thomas Klausner wiz at danbala.ifoer.tuwien.ac.at
+Tomasz Kozlowski tomek at rentec.com
+Thomas Mikkelsen tbm at image.dk
+Ulf Möller 3umoelle at informatik.uni-hamburg.de
+Urko Lusa ulusa at euskalnet.net
+Vincent P. Broman broman at spawar.navy.mil
+Volker Quetschke quetschke at scytek.de
+W Lewis wiml at hhhh.org
+Walter Hofmann Walter.Hofmann at physik.stud.uni-erlangen.de
+Walter Koch koch at hsp.de
+Wayne Chapeskie waynec at spinnaker.com
+Werner Koch wk at gnupg.org
+Wim Vandeputte bunbun at reptile.rug.ac.be
+Winona Brown win at huh.org
+Yosiaki IIDA iida at ring.gr.jp
+Yoshihiro Kajiki kajiki at ylug.org
+ nbecker at hns.com
+
+
+Thanks to the German Unix User Group for sponsoring this project,
+Martin Hamilton for hosting the first mailing list and OpenIT for
+hosting the server.
+
+The development of this software has partly (i.e. the Windows port)
+been funded by the German Ministry for Economics and Technology under
+grant VIB3-68553.168-001/1999.
+
+Many thanks to my wife Gerlinde for having so much patience with
+me while hacking late in the evening.
+
+ Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004
+ 2006 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/TODO b/TODO
new file mode 100644
index 0000000..5182fc8
--- /dev/null
+++ b/TODO
@@ -0,0 +1,118 @@
+ -*- outline -*-
+
+* src/base64
+** Make parsing more robust
+ Currently we don't cope with overlong lines in the best way.
+** Check that we really release the ksba reader/writer objects.
+
+* sm/call-agent.c
+** Some code should go into import.c
+** When we allow concurrent service request in gpgsm, we
+ might want to have an agent context for each service request
+ (i.e. Assuan context).
+
+* sm/certchain.c
+** Try to keep certificate references somewhere
+ This will help with some of our caching code. We also need to test
+ that caching; in particular "regtp_ca_chainlen".
+
+* sm/decrypt.c
+** replace leading zero in integer hack by a cleaner solution
+
+* sm/gpgsm.c
+** Implement --default-key
+** support the anyPolicy semantic
+** Should we prefer nonRepudiation certs over plain signing certs?
+ Also: Do we need a way to allow the selection of a qualSig cert
+ over a plain one? The background is that the Telesec cards have 3
+ certs capable of signing all with the same subject name.
+
+* sm/keydb.c
+** Check file permissions
+** Check that all error code mapping is done.
+** Remove the inter-module dependencies between gpgsm and keybox
+** Add an source_of_key field
+
+* agent/
+** If we detect that a private key has been deleted
+ Bump the key event counter.
+
+* agent/command.c
+** Make sure that secure memory is used where appropriate
+
+* agent/pkdecrypt.c, agent/pksign.c
+** Support DSA
+
+* Move pkcs-1 encoding into libgcrypt.
+
+* Use a MAC to protect sensitive files.
+ The problem here is that we need yet another key and it is unlikely
+ that users are willing to remember that key too. It is possible to
+ do this with a smartcard, though.
+
+* sm/export.c
+** Return an error code or a status info per user ID.
+
+* common/tlv.c
+ The parse_sexp function should not go into this file. Check whether
+ we can change all S-expression handling code to make use of this
+ function.
+
+* scd
+** Application context vs. reader slot
+ We have 2 concurrent method of tracking whether a reader is in use:
+ Using the session_list in command.c and the lock_table in app.c. It
+ would be better to do this just at one place. First we need to see
+ how we can support cards with multiple applications.
+** Resolve fixme in do_sign of app-dinsig.
+** Disconnect
+ Card timeout is currently used as a boolean.
+ Add disconnect support for the ccid driver.
+
+* Regression tests
+** Add a regression test to check the extkeyusage.
+
+* Windows port (W32)
+** Regex support is disabled
+ We need to adjust the test to find the regex we have anyway in
+ gpg4win. Is that regex compatible to the OpenPGP requirement?
+
+
+* sm/
+** check that we issue NO_SECKEY xxx if a -u key was not found
+ We don't. The messages returned are also wrong (recipient vs. signer).
+
+* g10/
+** issue a NO_SECKEY xxxx if a -u key was not found.
+
+* Extend selinux support to other modules
+ See also http://etbe.coker.com.au/2008/06/06/se-linux-support-gpg/
+
+* UTF-8 specific TODOs
+ None.
+
+* Manual
+** Document all gpgsm options.
+
+
+* Pinpad Reader
+ We do not yet support P15 applications. The trivial thing using
+ ASCII characters will be easy to implement but the other cases need
+ some more work.
+
+* Bugs
+
+
+* Howtos
+** Migrate OpenPGP keys to another system
+
+* Gpg-Agent Locale
+ Although we pass LC_MESSAGE from gpgsm et al. to Pinentry, this has
+ only an effect on the stock GTK strings (e.g. "OK") and not on any
+ strings gpg-agent generates and passes to Pinentry. This defeats
+ our design goal to allow changing the locale without changing
+ gpg-agent's default locale (e.g. by the command updatestartuptty).
+
+* RFC 4387: Operational Protocols: Certificate Store Access via HTTP
+ Do we support this?
+
diff --git a/VERSION b/VERSION
new file mode 100644
index 0000000..ed2af5c
--- /dev/null
+++ b/VERSION
@@ -0,0 +1 @@
+2.0.19
diff --git a/acinclude.m4 b/acinclude.m4
new file mode 100644
index 0000000..d8f2e17
--- /dev/null
+++ b/acinclude.m4
@@ -0,0 +1,308 @@
+dnl macros to configure gnupg
+dnl Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
+dnl
+dnl This file is part of GnuPG.
+dnl
+dnl GnuPG is free software; you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; either version 3 of the License, or
+dnl (at your option) any later version.
+dnl
+dnl GnuPG is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+dnl GNU General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License
+dnl along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+dnl GNUPG_CHECK_TYPEDEF(TYPE, HAVE_NAME)
+dnl Check whether a typedef exists and create a #define $2 if it exists
+dnl
+AC_DEFUN([GNUPG_CHECK_TYPEDEF],
+ [ AC_MSG_CHECKING(for $1 typedef)
+ AC_CACHE_VAL(gnupg_cv_typedef_$1,
+ [AC_TRY_COMPILE([#define _GNU_SOURCE 1
+ #include <stdlib.h>
+ #include <sys/types.h>], [
+ #undef $1
+ int a = sizeof($1);
+ ], gnupg_cv_typedef_$1=yes, gnupg_cv_typedef_$1=no )])
+ AC_MSG_RESULT($gnupg_cv_typedef_$1)
+ if test "$gnupg_cv_typedef_$1" = yes; then
+ AC_DEFINE($2,1,[Defined if a `]$1[' is typedef'd])
+ fi
+ ])
+
+
+dnl GNUPG_CHECK_GNUMAKE
+dnl
+AC_DEFUN([GNUPG_CHECK_GNUMAKE],
+ [
+ if ${MAKE-make} --version 2>/dev/null | grep '^GNU ' >/dev/null 2>&1; then
+ :
+ else
+ AC_MSG_WARN([[
+***
+*** It seems that you are not using GNU make. Some make tools have serious
+*** flaws and you may not be able to build this software at all. Before you
+*** complain, please try GNU make: GNU make is easy to build and available
+*** at all GNU archives. It is always available from ftp.gnu.org:/gnu/make.
+***]])
+ fi
+ ])
+
+dnl GNUPG_CHECK_FAQPROG
+dnl
+AC_DEFUN([GNUPG_CHECK_FAQPROG],
+ [ AC_MSG_CHECKING(for faqprog.pl)
+ if faqprog.pl -V 2>/dev/null | grep '^faqprog.pl ' >/dev/null 2>&1; then
+ working_faqprog=yes
+ FAQPROG="faqprog.pl"
+ else
+ working_faqprog=no
+ FAQPROG=": "
+ fi
+ AC_MSG_RESULT($working_faqprog)
+ AC_SUBST(FAQPROG)
+ AM_CONDITIONAL(WORKING_FAQPROG, test "$working_faqprog" = "yes" )
+
+dnl if test $working_faqprog = no; then
+dnl AC_MSG_WARN([[
+dnl ***
+dnl *** It seems that the faqprog.pl program is not installed;
+dnl *** however it is only needed if you want to change the FAQ.
+dnl *** (faqprog.pl should be available at:
+dnl *** ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl )
+dnl *** No need to worry about this warning.
+dnl ***]])
+dnl fi
+ ])
+
+dnl GNUPG_CHECK_DOCBOOK_TO_TEXI
+dnl
+AC_DEFUN([GNUPG_CHECK_DOCBOOK_TO_TEXI],
+ [
+ AC_CHECK_PROG(DOCBOOK_TO_TEXI, docbook2texi, yes, no)
+ AC_MSG_CHECKING(for sgml to texi tools)
+ working_sgmltotexi=no
+ if test "$ac_cv_prog_DOCBOOK_TO_TEXI" = yes; then
+ if sgml2xml -v /dev/null 2>&1 | grep 'SP version' >/dev/null 2>&1 ; then
+ working_sgmltotexi=yes
+ fi
+ fi
+ AC_MSG_RESULT($working_sgmltotexi)
+ AM_CONDITIONAL(HAVE_DOCBOOK_TO_TEXI, test "$working_sgmltotexi" = "yes" )
+ ])
+
+
+
+dnl GNUPG_CHECK_ENDIAN
+dnl define either LITTLE_ENDIAN_HOST or BIG_ENDIAN_HOST
+dnl
+AC_DEFUN([GNUPG_CHECK_ENDIAN],
+ [
+ tmp_assumed_endian=big
+ if test "$cross_compiling" = yes; then
+ case "$host_cpu" in
+ i@<:@345678@:>@* )
+ tmp_assumed_endian=little
+ ;;
+ *)
+ ;;
+ esac
+ AC_MSG_WARN(cross compiling; assuming $tmp_assumed_endian endianess)
+ fi
+ AC_MSG_CHECKING(endianess)
+ AC_CACHE_VAL(gnupg_cv_c_endian,
+ [ gnupg_cv_c_endian=unknown
+ # See if sys/param.h defines the BYTE_ORDER macro.
+ AC_TRY_COMPILE([#include <sys/types.h>
+ #include <sys/param.h>], [
+ #if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
+ bogus endian macros
+ #endif], [# It does; now see whether it defined to BIG_ENDIAN or not.
+ AC_TRY_COMPILE([#include <sys/types.h>
+ #include <sys/param.h>], [
+ #if BYTE_ORDER != BIG_ENDIAN
+ not big endian
+ #endif], gnupg_cv_c_endian=big, gnupg_cv_c_endian=little)])
+ if test "$gnupg_cv_c_endian" = unknown; then
+ AC_TRY_RUN([main () {
+ /* Are we little or big endian? From Harbison&Steele. */
+ union
+ {
+ long l;
+ char c[sizeof (long)];
+ } u;
+ u.l = 1;
+ exit (u.c[sizeof (long) - 1] == 1);
+ }],
+ gnupg_cv_c_endian=little,
+ gnupg_cv_c_endian=big,
+ gnupg_cv_c_endian=$tmp_assumed_endian
+ )
+ fi
+ ])
+ AC_MSG_RESULT([$gnupg_cv_c_endian])
+ if test "$gnupg_cv_c_endian" = little; then
+ AC_DEFINE(LITTLE_ENDIAN_HOST,1,
+ [Defined if the host has little endian byte ordering])
+ else
+ AC_DEFINE(BIG_ENDIAN_HOST,1,
+ [Defined if the host has big endian byte ordering])
+ fi
+ ])
+
+
+
+
+# GNUPG_BUILD_PROGRAM(NAME,DEFAULT)
+# Add a --enable-NAME option to configure an set the
+# shell variable build_NAME either to "yes" or "no". DEFAULT must
+# either be "yes" or "no" and decided on the default value for
+# build_NAME and whether --enable-NAME or --disable-NAME is shown with
+# ./configure --help
+AC_DEFUN([GNUPG_BUILD_PROGRAM],
+ [build_$1=$2
+ m4_if([$2],[yes],[
+ AC_ARG_ENABLE([$1], AC_HELP_STRING([--disable-$1],
+ [do not build the $1 program]),
+ build_$1=$enableval, build_$1=$2)
+ ],[
+ AC_ARG_ENABLE([$1], AC_HELP_STRING([--enable-$1],
+ [build the $1 program]),
+ build_$1=$enableval, build_$1=$2)
+ ])
+ case "$build_$1" in
+ no|yes)
+ ;;
+ *)
+ AC_MSG_ERROR([only yes or no allowed for feature --enable-$1])
+ ;;
+ esac
+ ])
+
+
+
+
+# Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock
+# is not called from uid 0 (not tested whether uid 0 works)
+# For DECs Tru64 we have also to check whether mlock is in librt
+# mlock is there a macro using memlk()
+dnl GNUPG_CHECK_MLOCK
+dnl
+AC_DEFUN([GNUPG_CHECK_MLOCK],
+ [ AC_CHECK_FUNCS(mlock)
+ if test "$ac_cv_func_mlock" = "no"; then
+ AC_CHECK_HEADERS(sys/mman.h)
+ if test "$ac_cv_header_sys_mman_h" = "yes"; then
+ # Add librt to LIBS:
+ AC_CHECK_LIB(rt, memlk)
+ AC_CACHE_CHECK([whether mlock is in sys/mman.h],
+ gnupg_cv_mlock_is_in_sys_mman,
+ [AC_TRY_LINK([
+ #include <assert.h>
+ #ifdef HAVE_SYS_MMAN_H
+ #include <sys/mman.h>
+ #endif
+ ], [
+ int i;
+
+ /* glibc defines this for functions which it implements
+ * to always fail with ENOSYS. Some functions are actually
+ * named something starting with __ and the normal name
+ * is an alias. */
+ #if defined (__stub_mlock) || defined (__stub___mlock)
+ choke me
+ #else
+ mlock(&i, 4);
+ #endif
+ ; return 0;
+ ],
+ gnupg_cv_mlock_is_in_sys_mman=yes,
+ gnupg_cv_mlock_is_in_sys_mman=no)])
+ if test "$gnupg_cv_mlock_is_in_sys_mman" = "yes"; then
+ AC_DEFINE(HAVE_MLOCK,1,
+ [Defined if the system supports an mlock() call])
+ fi
+ fi
+ fi
+ if test "$ac_cv_func_mlock" = "yes"; then
+ AC_MSG_CHECKING(whether mlock is broken)
+ AC_CACHE_VAL(gnupg_cv_have_broken_mlock,
+ AC_TRY_RUN([
+ #include <stdlib.h>
+ #include <unistd.h>
+ #include <errno.h>
+ #include <sys/mman.h>
+ #include <sys/types.h>
+ #include <fcntl.h>
+
+ int main()
+ {
+ char *pool;
+ int err;
+ long int pgsize = getpagesize();
+
+ pool = malloc( 4096 + pgsize );
+ if( !pool )
+ return 2;
+ pool += (pgsize - ((long int)pool % pgsize));
+
+ err = mlock( pool, 4096 );
+ if( !err || errno == EPERM )
+ return 0; /* okay */
+
+ return 1; /* hmmm */
+ }
+
+ ],
+ gnupg_cv_have_broken_mlock="no",
+ gnupg_cv_have_broken_mlock="yes",
+ gnupg_cv_have_broken_mlock="assume-no"
+ )
+ )
+ if test "$gnupg_cv_have_broken_mlock" = "yes"; then
+ AC_DEFINE(HAVE_BROKEN_MLOCK,1,
+ [Defined if the mlock() call does not work])
+ AC_MSG_RESULT(yes)
+ AC_CHECK_FUNCS(plock)
+ else
+ if test "$gnupg_cv_have_broken_mlock" = "no"; then
+ AC_MSG_RESULT(no)
+ else
+ AC_MSG_RESULT(assuming no)
+ fi
+ fi
+ fi
+ ])
+
+
+dnl Stolen from gcc
+dnl Define MKDIR_TAKES_ONE_ARG if mkdir accepts only one argument instead
+dnl of the usual 2.
+AC_DEFUN([GNUPG_FUNC_MKDIR_TAKES_ONE_ARG],
+[AC_CHECK_HEADERS(sys/stat.h unistd.h direct.h)
+AC_CACHE_CHECK([if mkdir takes one argument], gnupg_cv_mkdir_takes_one_arg,
+[AC_TRY_COMPILE([
+#include <sys/types.h>
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#ifdef HAVE_DIRECT_H
+# include <direct.h>
+#endif], [mkdir ("foo", 0);],
+ gnupg_cv_mkdir_takes_one_arg=no, gnupg_cv_mkdir_takes_one_arg=yes)])
+if test $gnupg_cv_mkdir_takes_one_arg = yes ; then
+ AC_DEFINE(MKDIR_TAKES_ONE_ARG,1,
+ [Defined if mkdir() does not take permission flags])
+fi
+])
+
+
+
+
diff --git a/aclocal.m4 b/aclocal.m4
new file mode 100644
index 0000000..54c1b19
--- /dev/null
+++ b/aclocal.m4
@@ -0,0 +1,1239 @@
+# generated automatically by aclocal 1.11.1 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_ifndef([AC_AUTOCONF_VERSION],
+ [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.68],,
+[m4_warning([this file was generated for autoconf 2.68.
+You have another version of autoconf. It may work, but is not guaranteed to.
+If you have problems, you may need to regenerate the build system entirely.
+To do so, use the procedure documented by the package, typically `autoreconf'.])])
+
+# intlmacosx.m4 serial 1 (gettext-0.17)
+dnl Copyright (C) 2004-2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+dnl Checks for special options needed on MacOS X.
+dnl Defines INTL_MACOSX_LIBS.
+AC_DEFUN([gt_INTL_MACOSX],
+[
+ dnl Check for API introduced in MacOS X 10.2.
+ AC_CACHE_CHECK([for CFPreferencesCopyAppValue],
+ gt_cv_func_CFPreferencesCopyAppValue,
+ [gt_save_LIBS="$LIBS"
+ LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation"
+ AC_TRY_LINK([#include <CoreFoundation/CFPreferences.h>],
+ [CFPreferencesCopyAppValue(NULL, NULL)],
+ [gt_cv_func_CFPreferencesCopyAppValue=yes],
+ [gt_cv_func_CFPreferencesCopyAppValue=no])
+ LIBS="$gt_save_LIBS"])
+ if test $gt_cv_func_CFPreferencesCopyAppValue = yes; then
+ AC_DEFINE([HAVE_CFPREFERENCESCOPYAPPVALUE], 1,
+ [Define to 1 if you have the MacOS X function CFPreferencesCopyAppValue in the CoreFoundation framework.])
+ fi
+ dnl Check for API introduced in MacOS X 10.3.
+ AC_CACHE_CHECK([for CFLocaleCopyCurrent], gt_cv_func_CFLocaleCopyCurrent,
+ [gt_save_LIBS="$LIBS"
+ LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation"
+ AC_TRY_LINK([#include <CoreFoundation/CFLocale.h>], [CFLocaleCopyCurrent();],
+ [gt_cv_func_CFLocaleCopyCurrent=yes],
+ [gt_cv_func_CFLocaleCopyCurrent=no])
+ LIBS="$gt_save_LIBS"])
+ if test $gt_cv_func_CFLocaleCopyCurrent = yes; then
+ AC_DEFINE([HAVE_CFLOCALECOPYCURRENT], 1,
+ [Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the CoreFoundation framework.])
+ fi
+ INTL_MACOSX_LIBS=
+ if test $gt_cv_func_CFPreferencesCopyAppValue = yes || test $gt_cv_func_CFLocaleCopyCurrent = yes; then
+ INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation"
+ fi
+ AC_SUBST([INTL_MACOSX_LIBS])
+])
+
+# longlong.m4 serial 13
+dnl Copyright (C) 1999-2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Paul Eggert.
+
+# Define HAVE_LONG_LONG_INT if 'long long int' works.
+# This fixes a bug in Autoconf 2.61, but can be removed once we
+# assume 2.62 everywhere.
+
+# Note: If the type 'long long int' exists but is only 32 bits large
+# (as on some very old compilers), HAVE_LONG_LONG_INT will not be
+# defined. In this case you can treat 'long long int' like 'long int'.
+
+AC_DEFUN([AC_TYPE_LONG_LONG_INT],
+[
+ AC_CACHE_CHECK([for long long int], [ac_cv_type_long_long_int],
+ [AC_LINK_IFELSE(
+ [_AC_TYPE_LONG_LONG_SNIPPET],
+ [dnl This catches a bug in Tandem NonStop Kernel (OSS) cc -O circa 2004.
+ dnl If cross compiling, assume the bug isn't important, since
+ dnl nobody cross compiles for this platform as far as we know.
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[@%:@include <limits.h>
+ @%:@ifndef LLONG_MAX
+ @%:@ define HALF \
+ (1LL << (sizeof (long long int) * CHAR_BIT - 2))
+ @%:@ define LLONG_MAX (HALF - 1 + HALF)
+ @%:@endif]],
+ [[long long int n = 1;
+ int i;
+ for (i = 0; ; i++)
+ {
+ long long int m = n << i;
+ if (m >> i != n)
+ return 1;
+ if (LLONG_MAX / 2 < m)
+ break;
+ }
+ return 0;]])],
+ [ac_cv_type_long_long_int=yes],
+ [ac_cv_type_long_long_int=no],
+ [ac_cv_type_long_long_int=yes])],
+ [ac_cv_type_long_long_int=no])])
+ if test $ac_cv_type_long_long_int = yes; then
+ AC_DEFINE([HAVE_LONG_LONG_INT], 1,
+ [Define to 1 if the system has the type `long long int'.])
+ fi
+])
+
+# Define HAVE_UNSIGNED_LONG_LONG_INT if 'unsigned long long int' works.
+# This fixes a bug in Autoconf 2.61, but can be removed once we
+# assume 2.62 everywhere.
+
+# Note: If the type 'unsigned long long int' exists but is only 32 bits
+# large (as on some very old compilers), AC_TYPE_UNSIGNED_LONG_LONG_INT
+# will not be defined. In this case you can treat 'unsigned long long int'
+# like 'unsigned long int'.
+
+AC_DEFUN([AC_TYPE_UNSIGNED_LONG_LONG_INT],
+[
+ AC_CACHE_CHECK([for unsigned long long int],
+ [ac_cv_type_unsigned_long_long_int],
+ [AC_LINK_IFELSE(
+ [_AC_TYPE_LONG_LONG_SNIPPET],
+ [ac_cv_type_unsigned_long_long_int=yes],
+ [ac_cv_type_unsigned_long_long_int=no])])
+ if test $ac_cv_type_unsigned_long_long_int = yes; then
+ AC_DEFINE([HAVE_UNSIGNED_LONG_LONG_INT], 1,
+ [Define to 1 if the system has the type `unsigned long long int'.])
+ fi
+])
+
+# Expands to a C program that can be used to test for simultaneous support
+# of 'long long' and 'unsigned long long'. We don't want to say that
+# 'long long' is available if 'unsigned long long' is not, or vice versa,
+# because too many programs rely on the symmetry between signed and unsigned
+# integer types (excluding 'bool').
+AC_DEFUN([_AC_TYPE_LONG_LONG_SNIPPET],
+[
+ AC_LANG_PROGRAM(
+ [[/* Test preprocessor. */
+ #if ! (-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+ error in preprocessor;
+ #endif
+ #if ! (18446744073709551615ULL <= -1ull)
+ error in preprocessor;
+ #endif
+ /* Test literals. */
+ long long int ll = 9223372036854775807ll;
+ long long int nll = -9223372036854775807LL;
+ unsigned long long int ull = 18446744073709551615ULL;
+ /* Test constant expressions. */
+ typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+ ? 1 : -1)];
+ typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1
+ ? 1 : -1)];
+ int i = 63;]],
+ [[/* Test availability of runtime routines for shift and division. */
+ long long int llmax = 9223372036854775807ll;
+ unsigned long long int ullmax = 18446744073709551615ull;
+ return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i)
+ | (llmax / ll) | (llmax % ll)
+ | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i)
+ | (ullmax / ull) | (ullmax % ull));]])
+])
+
+# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+# (This private macro should not be called outside this file.)
+AC_DEFUN([AM_AUTOMAKE_VERSION],
+[am__api_version='1.11'
+dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+dnl require some minimum version. Point them to the right macro.
+m4_if([$1], [1.11.1], [],
+ [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+])
+
+# _AM_AUTOCONF_VERSION(VERSION)
+# -----------------------------
+# aclocal traces this macro to find the Autoconf version.
+# This is a private macro too. Using m4_define simplifies
+# the logic in aclocal, which can simply ignore this definition.
+m4_define([_AM_AUTOCONF_VERSION], [])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+[AM_AUTOMAKE_VERSION([1.11.1])dnl
+m4_ifndef([AC_AUTOCONF_VERSION],
+ [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+
+# AM_AUX_DIR_EXPAND -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory. The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run. This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+# fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+# fails if $ac_aux_dir is absolute,
+# fails when called from a subdirectory in a VPATH build with
+# a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir. In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir. That would be:
+# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+# MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH. The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 9
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])],
+ [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
+if $2; then
+ $1_TRUE=
+ $1_FALSE='#'
+else
+ $1_TRUE='#'
+ $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+ AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 10
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery. Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC, [depcc="$CC" am_compiler_list=],
+ [$1], CXX, [depcc="$CXX" am_compiler_list=],
+ [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+ [$1], UPC, [depcc="$UPC" am_compiler_list=],
+ [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'],
+ [depcc="$$1" am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+ [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_$1_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+ fi
+ am__universal=false
+ m4_case([$1], [CC],
+ [case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac],
+ [CXX],
+ [case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac])
+
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
+ case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
+ none) break ;;
+ esac
+ if depmode=$depmode \
+ source=sub/conftest.c object=$am__obj \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_$1_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[ --disable-dependency-tracking speeds up one-time build
+ --enable-dependency-tracking do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+ am_depcomp="$ac_aux_dir/depcomp"
+ AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
+])
+
+# Generate code to set up dependency tracking. -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 5
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[{
+ # Autoconf 2.62 quotes --file arguments for eval, but not when files
+ # are listed without --file. Let's play safe and only enable the eval
+ # if we detect the quoting.
+ case $CONFIG_FILES in
+ *\'*) eval set x "$CONFIG_FILES" ;;
+ *) set x $CONFIG_FILES ;;
+ esac
+ shift
+ for mf
+ do
+ # Strip MF so we end up with the name of the file.
+ mf=`echo "$mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile or not.
+ # We used to match only the files named `Makefile.in', but
+ # some people rename them; so instead we look at the file content.
+ # Grep'ing the first line is not enough: some people post-process
+ # each Makefile.in and add a new line on top of each file to say so.
+ # Grep'ing the whole file is not good either: AIX grep has a line
+ # limit of 2048, but all sed's we know have understand at least 4000.
+ if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+ dirpart=`AS_DIRNAME("$mf")`
+ else
+ continue
+ fi
+ # Extract the definition of DEPDIR, am__include, and am__quote
+ # from the Makefile without running `make'.
+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+ test -z "$DEPDIR" && continue
+ am__include=`sed -n 's/^am__include = //p' < "$mf"`
+ test -z "am__include" && continue
+ am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+ # When using ansi2knr, U may be empty or an underscore; expand it
+ U=`sed -n 's/^U = //p' < "$mf"`
+ # Find all dependency output files, they are included files with
+ # $(DEPDIR) in their names. We invoke sed twice because it is the
+ # simplest approach to changing $(DEPDIR) to its actual value in the
+ # expansion.
+ for file in `sed -n "
+ s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+ # Make sure the directory exists.
+ test -f "$dirpart/$file" && continue
+ fdir=`AS_DIRNAME(["$file"])`
+ AS_MKDIR_P([$dirpart/$fdir])
+ # echo "creating $dirpart/$file"
+ echo '# dummy' > "$dirpart/$file"
+ done
+ done
+}
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled. FIXME. This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+ [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+ [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 8
+
+# AM_CONFIG_HEADER is obsolete. It has been replaced by AC_CONFIG_HEADERS.
+AU_DEFUN([AM_CONFIG_HEADER], [AC_CONFIG_HEADERS($@)])
+
+# Do all the work for Automake. -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2008, 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 16
+
+# This macro actually does too much. Some checks are only needed if
+# your package does certain things. But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out. PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition. After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.62])dnl
+dnl Autoconf wants to disallow AM_ names. We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+ # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+ # is not polluted with repeated "-I."
+ AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
+ # test to see if srcdir already configured
+ if test -f $srcdir/config.status; then
+ AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+ fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+ if (cygpath --version) >/dev/null 2>/dev/null; then
+ CYGPATH_W='cygpath -w'
+ else
+ CYGPATH_W=echo
+ fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
+m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
+ [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target. The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+ [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+ [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+ [_AM_DEPENDENCIES(CC)],
+ [define([AC_PROG_CC],
+ defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+ [_AM_DEPENDENCIES(CXX)],
+ [define([AC_PROG_CXX],
+ defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_OBJC],
+ [_AM_DEPENDENCIES(OBJC)],
+ [define([AC_PROG_OBJC],
+ defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
+])
+_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl
+dnl The `parallel-tests' driver may need to know about EXEEXT, so add the
+dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro
+dnl is hooked onto _AC_COMPILER_EXEEXT early, see below.
+AC_CONFIG_COMMANDS_PRE(dnl
+[m4_provide_if([_AM_COMPILER_EXEEXT],
+ [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
+])
+
+dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
+dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
+dnl mangled by Autoconf and run in a shell conditional statement.
+m4_define([_AC_COMPILER_EXEEXT],
+m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated. The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_arg=$1
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+ case $_am_header in
+ $_am_arg | $_am_arg:* )
+ break ;;
+ * )
+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+ esac
+done
+echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+if test x"${install_sh}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+ *)
+ install_sh="\${SHELL} $am_aux_dir/install-sh"
+ esac
+fi
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot. For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+ am__leading_dot=.
+else
+ am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Add --enable-maintainer-mode option to configure. -*- Autoconf -*-
+# From Jim Meyering
+
+# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_MAINTAINER_MODE([DEFAULT-MODE])
+# ----------------------------------
+# Control maintainer-specific portions of Makefiles.
+# Default is to disable them, unless `enable' is passed literally.
+# For symmetry, `disable' may be passed as well. Anyway, the user
+# can override the default with the --enable/--disable switch.
+AC_DEFUN([AM_MAINTAINER_MODE],
+[m4_case(m4_default([$1], [disable]),
+ [enable], [m4_define([am_maintainer_other], [disable])],
+ [disable], [m4_define([am_maintainer_other], [enable])],
+ [m4_define([am_maintainer_other], [enable])
+ m4_warn([syntax], [unexpected argument to AM@&t@_MAINTAINER_MODE: $1])])
+AC_MSG_CHECKING([whether to am_maintainer_other maintainer-specific portions of Makefiles])
+ dnl maintainer-mode's default is 'disable' unless 'enable' is passed
+ AC_ARG_ENABLE([maintainer-mode],
+[ --][am_maintainer_other][-maintainer-mode am_maintainer_other make rules and dependencies not useful
+ (and sometimes confusing) to the casual installer],
+ [USE_MAINTAINER_MODE=$enableval],
+ [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes]))
+ AC_MSG_RESULT([$USE_MAINTAINER_MODE])
+ AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes])
+ MAINT=$MAINTAINER_MODE_TRUE
+ AC_SUBST([MAINT])dnl
+]
+)
+
+AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE])
+
+# Check to see how 'make' treats includes. -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+ @echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+ am__include=include
+ am__quote=
+ _am_result=GNU
+ ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+ echo '.include "confinc"' > confmf
+ case `$am_make -s -f confmf 2> /dev/null` in #(
+ *the\ am__doit\ target*)
+ am__include=.include
+ am__quote="\""
+ _am_result=BSD
+ ;;
+ esac
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 6
+
+# AM_PROG_CC_C_O
+# --------------
+# Like AC_PROG_CC_C_O, but changed for automake.
+AC_DEFUN([AM_PROG_CC_C_O],
+[AC_REQUIRE([AC_PROG_CC_C_O])dnl
+AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([compile])dnl
+# FIXME: we rely on the cache variable name because
+# there is no other way.
+set dummy $CC
+am_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']`
+eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o
+if test "$am_t" != yes; then
+ # Losing compiler, so override with the script.
+ # FIXME: It is wrong to rewrite CC.
+ # But if we don't then we get into trouble of one sort or another.
+ # A longer-term fix would be to have automake use am__CC in this case,
+ # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+ CC="$am_aux_dir/compile $CC"
+fi
+dnl Make sure AC_PROG_CC is never called again, or it will override our
+dnl setting of CC.
+m4_define([AC_PROG_CC],
+ [m4_fatal([AC_PROG_CC cannot be called after AM_PROG_CC_C_O])])
+])
+
+# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 6
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([missing])dnl
+if test x"${MISSING+set}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+ *)
+ MISSING="\${SHELL} $am_aux_dir/missing" ;;
+ esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+ am_missing_run="$MISSING --run "
+else
+ am_missing_run=
+ AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check for `mkdir -p'.
+AC_DEFUN([AM_PROG_MKDIR_P],
+[AC_PREREQ([2.60])dnl
+AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P,
+dnl while keeping a definition of mkdir_p for backward compatibility.
+dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
+dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
+dnl Makefile.ins that do not define MKDIR_P, so we do our own
+dnl adjustment using top_builddir (which is defined more often than
+dnl MKDIR_P).
+AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
+case $mkdir_p in
+ [[\\/$]]* | ?:[[\\/]]*) ;;
+ */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+])
+
+# Helper functions for option handling. -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME. Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Check to make sure that the build environment is sane. -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name. Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+ *[[\\\"\#\$\&\'\`$am_lf]]*)
+ AC_MSG_ERROR([unsafe absolute working directory name]);;
+esac
+case $srcdir in
+ *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*)
+ AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+ if test "$[*]" = "X"; then
+ # -L didn't work.
+ set X `ls -t "$srcdir/configure" conftest.file`
+ fi
+ rm -f conftest.file
+ if test "$[*]" != "X $srcdir/configure conftest.file" \
+ && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken
+alias in your environment])
+ fi
+
+ test "$[2]" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries. This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'. However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+ AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Copyright (C) 2006, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
+# This macro is traced by Automake.
+AC_DEFUN([_AM_SUBST_NOTMAKE])
+
+# AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Public sister of _AM_SUBST_NOTMAKE.
+AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+
+# Check how to create a tarball. -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+# tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+# $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+ [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+ [m4_case([$1], [ustar],, [pax],,
+ [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+ case $_am_tool in
+ gnutar)
+ for _am_tar in tar gnutar gtar;
+ do
+ AM_RUN_LOG([$_am_tar --version]) && break
+ done
+ am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+ am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+ am__untar="$_am_tar -xf -"
+ ;;
+ plaintar)
+ # Must skip GNU tar: if it does not support --format= it doesn't create
+ # ustar tarball either.
+ (tar --version) >/dev/null 2>&1 && continue
+ am__tar='tar chf - "$$tardir"'
+ am__tar_='tar chf - "$tardir"'
+ am__untar='tar xf -'
+ ;;
+ pax)
+ am__tar='pax -L -x $1 -w "$$tardir"'
+ am__tar_='pax -L -x $1 -w "$tardir"'
+ am__untar='pax -r'
+ ;;
+ cpio)
+ am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+ am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+ am__untar='cpio -i -H $1 -d'
+ ;;
+ none)
+ am__tar=false
+ am__tar_=false
+ am__untar=false
+ ;;
+ esac
+
+ # If the value was cached, stop now. We just wanted to have am__tar
+ # and am__untar set.
+ test -n "${am_cv_prog_tar_$1}" && break
+
+ # tar/untar a dummy directory, and stop if the command works
+ rm -rf conftest.dir
+ mkdir conftest.dir
+ echo GrepMe > conftest.dir/file
+ AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+ rm -rf conftest.dir
+ if test -s conftest.tar; then
+ AM_RUN_LOG([$am__untar <conftest.tar])
+ grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+ fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
+m4_include([gl/m4/absolute-header.m4])
+m4_include([gl/m4/alloca.m4])
+m4_include([gl/m4/allocsa.m4])
+m4_include([gl/m4/eealloc.m4])
+m4_include([gl/m4/gnulib-comp.m4])
+m4_include([gl/m4/gnulib-tool.m4])
+m4_include([gl/m4/mkdtemp.m4])
+m4_include([gl/m4/setenv.m4])
+m4_include([gl/m4/stdint.m4])
+m4_include([gl/m4/strpbrk.m4])
+m4_include([gl/m4/unistd_h.m4])
+m4_include([m4/autobuild.m4])
+m4_include([m4/codeset.m4])
+m4_include([m4/estream.m4])
+m4_include([m4/gettext.m4])
+m4_include([m4/gnupg-pth.m4])
+m4_include([m4/gpg-error.m4])
+m4_include([m4/iconv.m4])
+m4_include([m4/isc-posix.m4])
+m4_include([m4/ksba.m4])
+m4_include([m4/lcmessage.m4])
+m4_include([m4/ldap.m4])
+m4_include([m4/lib-ld.m4])
+m4_include([m4/lib-link.m4])
+m4_include([m4/lib-prefix.m4])
+m4_include([m4/libassuan.m4])
+m4_include([m4/libcurl.m4])
+m4_include([m4/libgcrypt.m4])
+m4_include([m4/longdouble.m4])
+m4_include([m4/nls.m4])
+m4_include([m4/po.m4])
+m4_include([m4/progtest.m4])
+m4_include([m4/readline.m4])
+m4_include([m4/size_max.m4])
+m4_include([m4/socklen.m4])
+m4_include([m4/sys_socket_h.m4])
+m4_include([m4/tar-ustar.m4])
+m4_include([m4/xsize.m4])
+m4_include([acinclude.m4])
diff --git a/agent/ChangeLog-2011 b/agent/ChangeLog-2011
new file mode 100644
index 0000000..f543f27
--- /dev/null
+++ b/agent/ChangeLog-2011
@@ -0,0 +1,2617 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2011-08-04 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_keyinfo, do_one_keyinfo): Support options --data
+ and --ssh-fpr.
+
+ * command-ssh.c (ssh_identity_register): Display the ssh
+ fingerprint in the prompt.
+ (add_control_entry): Add arg FMTFPR and use it as comment in
+ sshcontrol.
+ (confirm_flag_from_sshcontrol): New.
+ (data_sign): Ask for confirmaton if requested.
+ (search_control_file): Add new arg R_CONFIRM and enhance parser.
+ * findkey.c (agent_raw_key_from_file): New.
+ (modify_description): Add format letter %F.
+
+ * findkey.c (agent_key_from_file): Simplify comment extraction by
+ using gcry_sexp_nth_string.
+
+2011-08-04 Werner Koch <wk@g10code.com>
+
+ * genkey.c (check_passphrase_pattern): Use gpg_strerror.
+
+ * command-ssh.c (ssh_receive_mpint_list): Remove set but unused
+ var ELEMS_PUBLIC_N.
+
+ * gpg-agent.c (main): Remove set but unused var MAY_COREDUMP.
+
+2011-07-22 Werner Koch <wk@g10code.com>
+
+ * command-ssh.c (ssh_receive_key): Do not init comment to an empty
+ static string; in the error case it would be freed.
+
+2011-04-29 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c: Include estream.h
+ (main): s/pth_kill/es_pth_kill/.
+
+2010-11-11 Werner Koch <wk@g10code.com>
+
+ * agent.h (opt): Add field SIGUSR2_ENABLED.
+ * gpg-agent.c (handle_connections): Set that flag.
+ * call-scd.c (start_scd): Enable events depending on this flag.
+
+2010-09-30 Werner Koch <wk@g10code.com>
+
+ * findkey.c (unprotect): Do not put the passphrase into the cache
+ if it has been changed.
+
+2010-09-24 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main, reread_configuration): Always test whether
+ the default configuration file has been created in the meantime.
+ Fixes bug#1285.
+
+2010-08-11 Werner Koch <wk@g10code.com>
+
+ * call-pinentry.c (agent_askpin, agent_get_passphrase): Fix
+ setting of confidential flag.
+
+ * call-scd.c (agent_card_scd): Pass assuan comment lines to the
+ caller.
+ (ASSUAN_CONVEY_COMMENTS): Provide replacement if needed.
+
+2010-05-12 Werner Koch <wk@g10code.com>
+
+ * preset-passphrase.c (forget_passphrase): Actually implement
+ this. Fixes bug#1198.
+
+ * gpg-agent.c (handle_tick): Do not print die message with option -q.
+
+2010-05-11 Werner Koch <wk@g10code.com>
+
+ * agent.h (opt): Add field USE_STANDARD_SOCKET.
+ * gpg-agent.c (use_standard_socket): Remove. Use new option instead.
+
+ * command.c (cmd_killagent, cmd_reloadagent): Provide command also
+ for non-W32 platforms.
+ (cmd_getinfo): New subcommands std_session_env and std_startup_env.
+
+2010-05-04 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main): Add command --use-standard-socket-p.
+
+2010-05-03 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (check_own_socket_thread): Do not release SOCKNAME
+ too early.
+
+2010-03-17 Werner Koch <wk@g10code.com>
+
+ * call-scd.c (unlock_scd): Send a BYE under certain conditions.
+
+2010-02-19 Werner Koch <wk@g10code.com>
+
+ * call-pinentry.c (start_pinentry): Remove a translation prefix.
+
+2010-02-18 Werner Koch <wk@g10code.com>
+
+ * protect.c (agent_unprotect): Initialize CLEARTEXT.
+
+ * command.c (register_commands): Unconditionally use
+ assuan_register_post_cmd_notify.
+ (start_command_handler): Undocumented use assuan_set_io_monitor.
+
+2010-02-17 Werner Koch <wk@g10code.com>
+
+ * call-pinentry.c (start_pinentry): Always free OPTSTR. Send
+ default-xxx strings.
+
+2010-02-11 Marcus Brinkmann <marcus@g10code.de>
+
+ From trunk 2009-09-23, 2009-11-02, 2009-11-04, 2009-11-05, 2009-11-25,
+ 2009-12-08:
+
+ * Makefile.am (gpg_agent_CFLAGS, gpg_agent_LDADD): Use libassuan
+ instead of libassuan-pth.
+ * gpg-agent.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
+ (main): Update to new API. Call assuan_set_system_hooks and
+ assuan_sock_init. Fix invocation of assuan_socket_connect.
+ Call assuan_set_assuan_log_stream here.
+ (parse_rereadable_options): Don't set global assuan log
+ file (there ain't one anymore).
+ (check_own_socket_pid_cb): Return gpg_error_t instead of int.
+ (check_own_socket_thread, check_for_running_agent): Create assuan
+ context before connecting to server. Update use of
+ assuan_socket_connect.
+ * command.c: Include "scdaemon.h" before <assuan.h> because of
+ GPG_ERR_SOURCE_DEFAULT check.
+ (write_and_clear_outbuf): Use gpg_error_t instead of
+ assuan_error_t.
+ (cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
+ (cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
+ (cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
+ (cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
+ (cmd_get_confirmation, cmd_learn, cmd_passwd)
+ (cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
+ (cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
+ (cmd_getinfo, option_handler): Return gpg_error_t instead of int.
+ (post_cmd_notify): Change type of ERR to gpg_error_t from int.
+ (io_monitor): Add hook argument. Use symbols for constants.
+ (register_commands): Change return type of HANDLER to gpg_error_t.
+ Use assuan_handler_t type. Add NULL arg to assuan_register_command.
+ Add help arg to assuan_register_command. Convert all command
+ comments to help strings.
+ (start_command_handler): Allocate assuan context before starting
+ server. Change assuan_init_socket_server_ext into
+ assuan_init_socket_server. Use assuan_fd_t and assuan_fdopen on fds.
+ Do not call assuan_set_log_stream anymore.
+ (reset_notify): Take LINE arg and return error.
+ * call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
+ of GPG_ERR_SOURCE_DEFAULT check.
+ (unlock_pinentry): Call assuan_release instead of
+ assuan_disconnect.
+ (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
+ (start_pinentry): Allocate assuan context before connecting to
+ server. Call assuan_pipe_connect, notassuan_pipe_connect_ext.
+ Convert posix fd to assuan fd.
+ * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
+ (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
+ (pass_data_thru): Change return type to gpg_error_t.
+ (start_scd): Allocate assuan context before connecting to server.
+ Update use of assuan_socket_connect and assuan_pipe_connect.
+ Convert posix fd to assuan fd.
+
+2010-01-26 Werner Koch <wk@g10code.com>
+
+ * protect.c (do_encryption): Encode the s2kcount and do not use a
+ static value of 96.
+
+2009-12-21 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_getinfo): Add sub-command "s2k_count".
+
+2009-12-14 Werner Koch <wk@g10code.com>
+
+ * protect.c (agent_unprotect): Decode the S2K count here and take
+ care of the new unencoded values. Add a lower limit sanity check.
+ (hash_passphrase): Do not decode here.
+ (get_standard_s2k_count, calibrate_s2k_count): New.
+ (calibrate_get_time, calibrate_elapsed_time): New.
+ (do_encryption): Use get_standard_s2k_count.
+
+2009-12-03 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (set_debug): Allow for numerical debug leveles. Print
+ active debug flags.
+
+2009-12-02 Werner Koch <wk@g10code.com>
+
+ * trustlist.c (read_trustfiles): Store the pointer returned from
+ shrinking the memory and not the orginal one. Fixes bug#1163.
+ Reported by TAKAHASHI Tamotsu. Also return correct error after
+ memory failure.
+
+2009-09-04 Marcus Brinkmann <marcus@g10code.com>
+
+ * command.c (start_command_handler): Add comment about gap in
+ implementation (in dead code), for future reference.
+
+2009-08-11 Werner Koch <wk@g10code.com>
+
+ * divert-scd.c (ask_for_card): I18n a prompt string.
+
+2009-07-06 Werner Koch <wk@g10code.com>
+
+ * agent.h: Include session-env.h.
+ (opt): Replace most of the startup_xxx fields by a session_env_t.
+ (struct server_control_s): Likewise.
+ * gpg-agent.c (main): Rewrite setting of the startup fields.
+ (handle_connections, main): Allocate SESSION_ENV.
+ (agent_init_default_ctrl, agent_deinit_default_ctrl): Change
+ accordingly.
+ * command.c (option_handler): Ditto.
+ (cmd_updatestartuptty): Change accordingly. Protect old values
+ from out of core failures.
+ * command-ssh.c (start_command_handler_ssh): Ditto.
+ (start_command_handler_ssh): Replace strdup by xtrystrdup.
+ * call-pinentry.c (atfork_cb): Pass new envrinmnet variables.
+ (start_pinentry): Use session_env stuff.
+ * protect-tool.c (main): Adjust call to gnupg_prepare_get_passphrase.
+
+2009-06-24 Werner Koch <wk@g10code.com>
+
+ * genkey.c (agent_protect_and_store): Return RC and not 0.
+ * protect.c (do_encryption): Fix ignored error code from malloc.
+ Reported by Fabian Keil.
+
+2009-06-17 Werner Koch <wk@g10code.com>
+
+ * call-pinentry.c (agent_get_confirmation): Add arg WITH_CANCEL.
+ Change all callers.
+ * trustlist.c (agent_marktrusted): Use WITH_CANCEL
+
+2009-06-09 Werner Koch <wk@g10code.com>
+
+ * learncard.c (send_cert_back): Ignore certain error codes.
+
+2009-06-05 Werner Koch <wk@g10code.com>
+
+ * protect-tool.c (store_private_key): Fix last change by appending
+ a ".key".
+
+2009-06-03 Werner Koch <wk@g10code.com>
+
+ * protect-tool.c: Include estream.h.
+ (store_private_key): Replace stdio streams by estream functions
+ for a portable use of the "x" mode.
+ * trustlist.c: Include estream.h.
+ (agent_marktrusted): Replace stdio stream by estream functions.
+
+ * protect-tool.c (store_private_key): Use bin2hex.
+
+2009-06-02 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main): Run pth_kill after fork. Fixes bug#1066.
+
+2009-05-19 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (JNLIB_NEED_AFLOCAL): Define.
+ (create_server_socket): Use SUN_LEN macro.
+
+2009-05-15 Werner Koch <wk@g10code.com>
+
+ Fix bug #1053.
+
+ * agent.h (lookup_ttl_t): New.
+ * findkey.c (unprotect): Add arg LOOKUP_TTL.
+ (agent_key_from_file): Ditto.
+ * pksign.c (agent_pksign_do): Ditto.
+ * command-ssh.c (ttl_from_sshcontrol): New.
+ (data_sign): Pass new function to agent_pksign_do.
+ (search_control_file): Add new arg R_TTL.
+
+2009-05-14 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_get_passphrase): Add option --qualitybar.
+ * call-pinentry.c (agent_askpin): Factor some code out to ...
+ (setup_qualitybar): .. new.
+ (agent_get_passphrase): Add arg WITH_QUALITYBAR and implement it.
+
+2009-04-14 Marcus Brinkmann <marcus@g10code.de>
+
+ * call-pinentry.c (agent_get_confirmation): Try SETNOTOK command
+ with pinentry.
+
+2009-04-01 Werner Koch <wk@g10code.com>
+
+ * protect-tool.c (pe_opt): New.
+ (opts): Add option --agent-program. Use ARGPARSE macros.
+ (get_new_passphrase): Remove.
+ (get_passphrase): Use gpg-agent directly. Remove arg OPT_CHECK and
+ change all callers.
+ * Makefile.am (gpg_protect_tool_LDADD): Replace pwquery_libs by
+ LIBASSUAN_LIBS.
+ (gpg_protect_tool_CFLAGS): New.
+
+ * command.c (percent_plus_unescape): Remove.
+ (cmd_putval): Use percent_plus_unescape_inplace.
+ * call-scd.c (unescape_status_string): Remove.
+ (card_getattr_cb): Use percent_plus_unescape.
+ * protect-tool.c (main): Use percent_plus_unescape from common/.
+ (percent_plus_unescape, percent_plus_unescape_string): Remove.
+
+2009-03-27 Werner Koch <wk@g10code.com>
+
+ * learncard.c (agent_handle_learn): Add new certtype 111.
+
+2009-03-26 Werner Koch <wk@g10code.com>
+
+ * agent.h (MAX_DIGEST_LEN): Change to 64.
+ * command.c (cmd_sethash): Allow digest length of 48 and 64.
+ (cmd_sethash): Allow more hash algos.
+
+ * trustlist.c (reformat_name): New.
+ (agent_marktrusted): Use a reformatted name. Reload the table
+ before the update and always reload it at the end.
+ (agent_istrusted): Check early for the disabled flag.
+
+2009-03-25 Werner Koch <wk@g10code.com>
+
+ * pkdecrypt.c (agent_pkdecrypt): Return a specific error message
+ if the key is not available.
+
+ * gpg-agent.c (main): Print a started message to show the real pid.
+
+2009-03-20 Werner Koch <wk@g10code.com>
+
+ * learncard.c (struct kpinfo_cp_parm_s): Add field CTRL.
+ (struct certinfo_cb_parm_s): Ditto.
+ (agent_handle_learn): Set CTRL field.
+ (kpinfo_cb, certinfo_cb): Send progress status.
+
+ * agent.h (agent_write_status): Flag with GNUPG_GCC_A_SENTINEL.
+
+2009-03-19 Werner Koch <wk@g10code.com>
+
+ * trustlist.c (struct trustitem_s): Add field DISABLED.
+ (read_one_trustfile): Parse the '!' flag.
+ (agent_istrusted, agent_listtrusted): Check flag.
+ (agent_istrusted): Add arg R_DISABLED. Change all callers.
+ (agent_marktrusted): Do not ask if flagged as disabled. Reverse
+ the order of the questions. Store the disabled flag.
+
+ * gpg-agent.c (main): Save signal mask and open fds. Restore mask
+ and close all fds prior to the exec. Fixes bug#1013.
+
+2009-03-17 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_get_passphrase): Break repeat loop on error.
+ Show error message.
+ (cmd_getinfo): Add subcommand "cmd_has_option".
+ (command_has_option): New.
+
+2009-03-17 Daiki Ueno <ueno@unixuser.org>
+
+ * command.c (option_value): New function.
+ (cmd_get_passphrase): Accept new option --repeat, which makes
+ gpg-agent to ask passphrase several times.
+
+2009-03-06 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_keyinfo): New command.
+ (register_commands): Register it.
+ (agent_write_status): Make sure not to print LR or CR.
+ * divert-scd.c (ask_for_card): Factor shadow info parsing out to ...
+ * protect.c (parse_shadow_info): New.
+ * findkey.c (agent_key_from_file): Use make_canon_sexp.
+ (agent_write_private_key, unprotect, read_key_file)
+ (agent_key_available): Use bin2hex.
+ (agent_key_info_from_file): New.
+ (read_key_file): Log no error message for ENOENT.
+
+2009-03-05 Werner Koch <wk@g10code.com>
+
+ * divert-scd.c (getpin_cb): Support flag 'P'. Change max_digits
+ from 8 to 16. Append a message about keypads.
+ * findkey.c (unprotect): Change max digits to 16.
+
+2009-03-02 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_getinfo): Add subcommand "scd_running".
+
+ * call-scd.c (agent_scd_check_running): New.
+
+ * gpg-agent.c: Add missing option strings for "--batch" and
+ "--homedir". Reported by Petr Uzel.
+
+ * protect-tool.c (import_p12_file): Take care of canceled
+ passphrase entry. Fixes bug#1003.
+ (export_p12_file): Ditto.
+
+2008-12-17 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (handle_connections): Set action of all pth event
+ handled signals to SIG_IGN. Use a different pth_sigmask strategy.
+
+2008-12-10 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_get_passphrase): Implement option --no-ask.
+
+2008-12-09 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main): Call i18n_init before init_common_subsystems.
+ * preset-passphrase.c (main): Ditto.
+ * protect-tool.c (main): Ditto.
+
+ * command.c (cmd_preset_passphrase): Allow an arbitrary string for
+ the cache id.
+
+2008-12-08 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (handle_connections): Sync the ticker to the next
+ full second. This is bug#871.
+
+2008-12-05 Werner Koch <wk@g10code.com>
+
+ * minip12.c (decrypt_block): Fix const modified of CHARSETS.
+ * learncard.c (sinfo_cb_parm_s): Remove superflous semicolon.
+ Reported by Stoyan Angelov.
+
+2008-11-18 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (make_libversion): New.
+ (my_strusage): Print libgcrypt version
+
+2008-11-11 Werner Koch <wk@g10code.com>
+
+ * call-scd.c (membuf_data_cb): Change return type to
+ assuan_error_t to avoid warnings with newer libassuan versions.
+
+2008-11-04 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_killagent): Stop the agent immediately.
+ (start_command_handler): Take care of GPG_ERR_EOF.
+
+2008-10-29 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main): Move USE_STANDARD_SOCKET to the outer scope.
+ (create_socket_name): Remove arg USE_STANDARD_SOCKET. Change all
+ callers.
+ (create_server_socket): Remove IS_STANDARD_NAME and replace it by
+ USE_STANDARD_SOCKET. Change all callers.
+ (check_own_socket_running): New.
+ (check_own_socket, check_own_socket_thread): New.
+ (handle_tick): Check server socket once a minute.
+ (handle_connections): Remove the extra pth_wait in the shutdown
+ case.
+
+2008-10-20 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_geteventcounter): Mark unused arg.
+ (cmd_listtrusted, cmd_pksign, cmd_pkdecrypt, cmd_genkey): Ditto.
+ (cmd_updatestartuptty, post_cmd_notify): Ditto.
+ * command-ssh.c (add_control_entry)
+ (ssh_handler_request_identities, ssh_handler_remove_identity)
+ (ssh_handler_remove_all_identities, ssh_handler_lock)
+ (ssh_handler_unlock): Ditto.
+ * call-pinentry.c (pinentry_active_p, popup_message_thread)
+ (agent_popup_message_stop): Ditto.
+ * findkey.c (agent_public_key_from_file): Ditto.
+ * genkey.c (check_passphrase_pattern): Ditto.
+ * call-scd.c (atfork_cb): Ditto.
+ * protect-tool.c (import_p12_cert_cb): Ditto.
+ * t-protect.c (main): Ditto.
+
+2008-10-17 Werner Koch <wk@g10code.com>
+
+ * call-scd.c (start_scd) [W32]: Use snprintf again because we now
+ always use the estream variant.
+
+2008-10-15 Werner Koch <wk@g10code.com>
+
+ * call-scd.c (start_scd): Enable assuan loggging if requested.
+ (agent_scd_check_aliveness) [W32]: Fix use of GetExitCodeProcess.
+
+2008-10-14 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (get_agent_scd_notify_event): Need to use a manual
+ reset event.
+
+2008-09-29 Werner Koch <wk@g10code.com>
+
+ * agent.h (GCRY_MD_USER): Rename to GCRY_MODULE_ID_USER.
+ (GCRY_MD_USER_TLS_MD5SHA1): Rename to MD_USER_TLS_MD5SHA1 and
+ change all users.
+
+2008-09-25 Werner Koch <wk@g10code.com>
+
+ * divert-scd.c (getpin_cb): Support a Reset Code style PINs..
+
+2008-09-03 Werner Koch <wk@g10code.com>
+
+ * command.c (parse_keygrip): Use hex2bin.
+ (cmd_preset_passphrase): Decode the passphrase. Reported by Kiss
+ Gabor. Fixes #679 again.
+ * preset-passphrase.c (make_hexstring): Remove.
+ (preset_passphrase): Use bin2hex.
+
+2008-05-27 Werner Koch <wk@g10code.com>
+
+ * trustlist.c (insert_colons): Fix stupidly wrong allocation size
+ computation.
+
+2008-05-26 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main): Re-initialize default assuan log stream if a
+ log file is used.
+
+ * trustlist.c (agent_marktrusted): Use xtryasprintf and xfree.
+
+ * gpg-agent.c (main, agent_deinit_default_ctrl): Always use xfree
+ because our asprintf is mapped to an xmalloc style function in
+ util.h. Replace xstrdup by xtrystrdup.
+ * w32main.c (build_argv): Ditto.
+ * preset-passphrase.c (preset_passphrase): Ditto.
+ * divert-scd.c (ask_for_card): Ditto.
+ * command.c (option_handler): Ditto.
+ * command-ssh.c (ssh_handler_request_identities): Ditto.
+ * call-pinentry.c (start_pinentry): Ditto.
+
+ * gpg-agent.c (start_connection_thread)
+ (start_connection_thread_ssh): Use pth_thread_id for useful output
+ under W32.
+ (pth_thread_id) [!PTH_HAVE_PTH_THREAD_ID]: New.
+
+2008-03-17 Werner Koch <wk@g10code.com>
+
+ * agent.h (agent_inq_pinentry_launched): New prototype.
+
+ * call-pinentry.c: Include sys/types.h and signal.h.
+
+2008-02-14 Werner Koch <wk@g10code.com>
+
+ * command.c (agent_inq_pinentry_launched): New.
+ (option_handler): Add option allow-pinentry-notify.
+ * call-pinentry.c (getinfo_pid_cb): New.
+ (start_pinentry): Ask for the PID and notify the client.
+
+2008-01-15 Marcus Brinkmann <marcus@g10code.de>
+
+ * call-pinentry.c (start_pinentry): Start pinentry in detached
+ mode.
+
+2007-12-04 Werner Koch <wk@g10code.com>
+
+ * call-pinentry.c (agent_askpin): Use gnupg_get_help_string.
+
+2007-12-03 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main): s/standard_socket/use_standard_socket/ for
+ clarity.
+ (create_server_socket): New arg IS_SSH to avoid testing with
+ assuan commands.
+
+2007-11-20 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (get_agent_scd_notify_event): New.
+ (handle_signal): Factor SIGUSR2 code out to:
+ (agent_sigusr2_action): .. New.
+ (agent_sighup_action): Print info message here and not in
+ handle_signal.
+ (handle_connections) [PTH_EVENT_HANDLE]: Call agent_sigusr2_action.
+
+ * call-scd.c (agent_scd_check_aliveness) [W32]: Implemented.
+ (start_scd) [W32]: Send event-signal option.
+
+2007-11-19 Werner Koch <wk@g10code.com>
+
+ * call-pinentry.c (agent_askpin): Set the tooltip for the quality
+ bar.
+
+2007-11-15 Werner Koch <wk@g10code.com>
+
+ * agent.h (struct server_control_s): Add XAUTHORITY and
+ PINENTRY_USER_DATA.
+ * gpg-agent.c: New option --xauthority.
+ (main, agent_init_default_ctrl)
+ (agent_deinit_default_ctrl): Implemented
+ * command.c (cmd_updatestartuptty): Ditto.
+ * command-ssh.c (start_command_handler_ssh): Ditto.
+ * call-pinentry.c (atfork_cb): Set the environment.
+ (start_pinentry): Pass CTRL as arg to atfork_cb.
+
+2007-11-14 Werner Koch <wk@g10code.com>
+
+ * call-scd.c (start_scd) [W32]: Take care of fflush peculiarities.
+
+2007-11-07 Werner Koch <wk@g10code.com>
+
+ * agent.h: Remove errors.h.
+
+2007-10-24 Werner Koch <wk@g10code.com>
+
+ * genkey.c (check_passphrase_constraints): Changed the wording of
+ the warning messages.
+
+2007-10-19 Werner Koch <wk@g10code.com>
+
+ * protect-tool.c (get_passphrase): Use new utf8 switch fucntions.
+
+2007-10-15 Daiki Ueno <ueno@unixuser.org> (wk)
+
+ * command-ssh.c (reenter_compare_cb): New function; imported from
+ genkey.c.
+ (ssh_identity_register): Ask initial passphrase twice.
+
+2007-10-02 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_getinfo): Add "pid" subcommand.
+
+2007-10-01 Werner Koch <wk@g10code.com>
+
+ * agent.h (struct server_control_s): Remove unused CONNECTION_FD.
+
+ * gpg-agent.c: Remove w32-afunix.h. Include mkdtemp.h.
+ (socket_nonce, socket_nonce_ssh): New.
+ (create_server_socket): Use assuan socket wrappers. Remove W32
+ specific stuff. Save the server nonce.
+ (check_nonce): New.
+ (start_connection_thread, start_connection_thread_ssh): Call it.
+ (handle_connections): Change args to gnupg_fd_t.
+ * command.c (start_command_handler): Change LISTEN_FD to gnupg_fd_t.
+ * command-ssh.c (start_command_handler_ssh): Ditto.
+
+2007-09-18 Werner Koch <wk@g10code.com>
+
+ * agent.h (struct pin_entry_info_s): Add element WITH_QUALITYBAR.
+ * genkey.c (check_passphrase_constraints): New arg SILENT.
+ Changed all callers.
+ (agent_protect_and_store, agent_genkey): Enable qualitybar.
+ * call-pinentry.c (agent_askpin): Send that option.
+ (unescape_passphrase_string): New.
+ (inq_quality): New.
+ (estimate_passphrase_quality): New.
+
+2007-09-14 Marcus Brinkmann <marcus@g10code.de>
+
+ * call-pinentry.c (agent_popup_message_stop): Implement kill for
+ Windows.
+
+2007-08-28 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main): Add option --faked-system-time.
+
+ * protect-tool.c (read_and_unprotect): Print the protected-at date.
+
+ * agent.h (struct server_control_s): Add member IN_PASSWD.
+ * command.c (cmd_passwd): Set it.
+ * findkey.c (try_unprotect_cb): Use it.
+
+ * protect.c (do_encryption): Replace asprintf by xtryasprint.
+ (agent_protect): Create the protected-at item.
+ (agent_unprotect): Add optional arg PROTECTED_AT.
+ (merge_lists): Add args CUTOFF and CUTLEN.
+ (agent_unprotect): Use them.
+ * findkey.c (try_unprotect_cb): Add code to test for expired keys.
+ (unprotect): Allow changing the passphrase.
+
+2007-08-27 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c: Add options --min-passphrase-nonalpha,
+ --check-passphrase-pattern and --enforce-passphrase-constraints.
+ (MIN_PASSPHRASE_NONALPHA): Init nonalpha option to 1.
+ (main): Declare options for gpgconf.
+ * agent.h (struct): Add members MIN_PASSPHRASE_NONALPHA,
+ ENFORCE_PASSPHRASE_CONSTRAINTS and CHECK_PASSPHRASE_PATTERN.
+ * genkey.c (nonalpha_charcount): New.
+ (check_passphrase_pattern): New.
+ (check_passphrase_constraints): Implement. Factor some code out...
+ (take_this_one_anyway, take_this_one_anyway2): .. New.
+
+ * call-pinentry.c (agent_show_message): New.
+ (agent_askpin): We better reset the pin buffer before asking.
+
+ * trustlist.c (insert_colons): New.
+ (agent_marktrusted): Pretty print the fpr.
+
+2007-08-22 Werner Koch <wk@g10code.com>
+
+ * findkey.c (O_BINARY): Make sure it is defined.
+ (agent_write_private_key): Use O_BINARY
+
+ * protect-tool.c (import_p12_file): Add hack to allow importing of
+ gnupg 2.0.4 generated files.
+
+2007-08-06 Werner Koch <wk@g10code.com>
+
+ * trustlist.c (read_one_trustfile): Add flag "cm".
+ (agent_istrusted): Ditto.
+
+2007-08-02 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c: Include gc-opt-flags.h and remove their definition
+ here.
+
+2007-07-13 Werner Koch <wk@g10code.com>
+
+ * genkey.c (check_passphrase_constraints): Require a confirmation
+ for an empty passphrase.
+ (agent_genkey, agent_protect_and_store): No need to repeat an
+ empty passphrase.
+
+2007-07-05 Werner Koch <wk@g10code.com>
+
+ * call-scd.c (struct inq_needpin_s): New.
+ (inq_needpin): Pass unknown inquiries up.
+
+2007-07-04 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (TIMERTICK_INTERVAL): New.
+ (fixed_gcry_pth_init, main): Kludge to fix Pth initialization.
+
+2007-07-03 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (handle_connections): Do not use FD_SETSIZE for
+ select but compute the correct number.
+
+2007-07-02 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_reloadagent) [W32]: New.
+ (register_commands) [W32]: New command RELOADAGENT.
+
+ * Makefile.am (gpg_agent_SOURCES): Remove w32main.c and w32main.h.
+ (gpg_agent_res_ldflags): Remove icon file as we don't have a
+ proper icon yet.
+ * gpg-agent.c (main): do not include w32main.h. Remove all calls
+ to w32main.c.
+ (agent_sighup_action): New.
+ (handle_signal): Use it.
+
+2007-06-26 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (create_directories) [W32]: Made it work.
+
+2007-06-21 Werner Koch <wk@g10code.com>
+
+ * agent.h (ctrl_t): Remove. It is now declared in ../common/util.h.
+
+ * gpg-agent.c (check_for_running_agent): New arg SILENT. Changed
+ all callers.
+ (create_server_socket): If the standard socket is in use check
+ whether a agent is running and avoid starting another one.
+
+2007-06-18 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpg-agent.c (main): Percent escape pathname in --gpgconf-list
+ output.
+
+2007-06-18 Werner Koch <wk@g10code.com>
+
+ * w32main.c (build_argv): New.
+ (WinMain): Use it.
+
+ * command.c (cmd_killagent) [W32]: New.
+ (cmd_getinfo): New.
+ * gpg-agent.c (get_agent_ssh_socket_name): New.
+ (no_force_standard_socket) New.
+ (create_server_socket): Use it.
+ * Makefile.am (gpg_agent_res_ldflags): Pass windows option to ld.
+
+2007-06-14 Werner Koch <wk@g10code.com>
+
+ * protect-tool.c (main): Setup default socket name for
+ simple-pwquery.
+ (MAP_SPWQ_ERROR_IMPL): New. Use map_spwq_error for spqw related
+ error codes.
+ * preset-passphrase.c (main): Setup default socket name for
+ simple-pwquery.
+ (map_spwq_error): Remove.
+ (MAP_SPWQ_ERROR_IMPL): New.
+
+ * call-pinentry.c (start_pinentry): Use gnupg_module_name.
+ * call-scd.c (start_scd): Ditto.
+
+2007-06-12 Werner Koch <wk@g10code.com>
+
+ * taskbar.c: New.
+
+ * trustlist.c (read_one_trustfile): Replace GNUPG_SYSCONFDIR by a
+ function call.
+ (read_trustfiles): Ditto.
+
+ * gpg-agent.c (main): Replace some calls by init_common_subsystems.
+ * preset-passphrase.c (main): Ditto.
+ * protect-tool.c (main): Ditto.
+
+2007-06-11 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (common_libs): Use libcommonstd macro.
+ (commonpth_libs): Use libcommonpth macro.
+
+ * protect-tool.c (main) [W32]: Call pth_init.
+
+ * preset-passphrase.c (main) [W32]: Replace the explicit Winsocket
+ init by a call to pth_init.
+
+ * trustlist.c (initialize_module_trustlist): New.
+ * gpg-agent.c (main): Call it.
+
+ * call-pinentry.c (initialize_module_query): Rename to
+ initialize_module_call_pinentry.
+
+ * minip12.c: Remove iconv.h. Add utf8conf.h. Changed all iconv
+ calss to use these jnlib wrappers.
+
+2007-06-06 Werner Koch <wk@g10code.com>
+
+ * minip12.c (enum): Rename CONTEXT to ASNCONTEXT as winnt.h
+ defines such a symbol to access the process context.
+
+ * call-pinentry.c (dump_mutex_state) [W32]: Handle the W32Pth case.
+ * call-scd.c (dump_mutex_state): Ditto.
+
+ * protect-tool.c (i18n_init): Remove.
+ * preset-passphrase.c (i18n_init): Remove.
+ * gpg-agent.c (i18n_init): Remove.
+
+2007-05-19 Marcus Brinkmann <marcus@g10code.de>
+
+ * protect-tool.c (get_passphrase): Free ORIG_CODESET on error.
+
+2007-05-14 Werner Koch <wk@g10code.com>
+
+ * protect.c (make_shadow_info): Replace sprintf by smklen.
+
+2007-04-20 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (my_gcry_logger, my_gcry_outofcore_handler): Removed.
+ (main): Call the setup_libgcrypt_logging helper.
+ * protect-tool.c (my_gcry_logger): Removed.
+ (main): Call the setup_libgcrypt_logging helper.
+
+2007-04-03 Werner Koch <wk@g10code.com>
+
+ * trustlist.c (read_trustfiles): Take a missing trustlist as an
+ empty one.
+
+2007-03-20 Werner Koch <wk@g10code.com>
+
+ * protect-tool.c: New option --p12-charset.
+ * minip12.c (p12_build): Implement it.
+
+2007-03-19 Werner Koch <wk@g10code.com>
+
+ * minip12.c: Include iconv.h.
+ (decrypt_block): New.
+ (parse_bag_encrypted_data, parse_bag_data): Use it here.
+ (bag_data_p, bag_decrypted_data_p): New helpers.
+
+2007-03-06 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main) <gpgconf>: Add entries for all ttl options.
+
+2007-02-20 Werner Koch <wk@g10code.com>
+
+ * call-pinentry.c (start_pinentry): Fix for OS X to allow loading
+ of the bundle. Tested by Benjamin Donnachie.
+
+2007-02-14 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c: New option --pinentry-touch-file.
+ (get_agent_socket_name): New.
+ * agent.h (opt): Add pinentry_touch_file.
+ * call-pinentry.c (start_pinentry): Send new option to the
+ pinentry.
+
+2007-01-31 Moritz Schulte <moritz@g10code.com> (wk)
+
+ * command-ssh.c (stream_read_string): Initialize LENGTH to zero.
+ (start_command_handler_ssh): Use es_fgetc/es_ungetc to check if
+ EOF has been reached before trying to process another request.
+
+2007-01-31 Werner Koch <wk@g10code.com>
+
+ * command-ssh.c (start_command_handler_ssh):
+
+ * Makefile.am (t_common_ldadd): Add LIBICONV.
+
+2007-01-25 Werner Koch <wk@g10code.com>
+
+ * genkey.c (check_passphrase_constraints): Get ngettext call right
+ and use UTF-8 aware strlen.
+
+ * protect-tool.c (get_passphrase): New arg OPT_CHECK.
+ (get_new_passphrase): Enable OPT_CHECK on the first call.
+ * command.c (cmd_get_passphrase): Implement option --check.
+
+2007-01-24 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (MIN_PASSPHRASE_LEN): New
+ (parse_rereadable_options): New option --min-passphrase-len.
+ * genkey.c (check_passphrase_constraints): New.
+ (agent_genkey, agent_protect_and_store): Call new function. Fix
+ memory leak.
+
+ * call-pinentry.c (agent_askpin): Allow translation of the displayed
+ error message.
+ (agent_popup_message_start): Remove arg CANCEL_BTN.
+ (popup_message_thread): Use --one-button option.
+
+ * command.c (cmd_passwd): Now that we don't distinguish between
+ assuan and regular error codes we can jump to the end on error.
+
+2006-12-07 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: Link to iconv for jnlib dependency.
+
+2006-11-20 Werner Koch <wk@g10code.com>
+
+ * call-pinentry.c (agent_popup_message_stop): Use SIGKILL.
+ * call-scd.c (inq_needpin): Implement POPUPKEYPADPROMPT and
+ DISMISSKEYPADPROMPT.
+
+2006-11-15 Werner Koch <wk@g10code.com>
+
+ * protect.c (make_shadow_info): Cast printf arg to unsigned int.
+ * minip12.c (parse_bag_encrypted_data): Ditto.
+ (parse_bag_data, p12_parse): Ditto.
+ * command-ssh.c (ssh_identity_register): Changed buffer_n to
+ size_t.
+
+ * agent.h (struct server_control_s): New field thread_startup.
+ * command.c (start_command_handler): Moved CTRL init code to ..
+ * gpg-agent.c (start_connection_thread): .. here.
+ (agent_deinit_default_ctrl): New.
+ (agent_init_default_ctrl): Made static.
+ (handle_connections): Allocate CTRL and pass it pth_spawn.
+ * command-ssh.c (start_command_handler_ssh): Moved CTRL init code
+ to ..
+ * gpg-agent.c (start_connection_thread_ssh): .. here.
+
+2006-11-14 Werner Koch <wk@g10code.com>
+
+ * command.c (bump_key_eventcounter): New.
+ (bump_card_eventcounter): New.
+ (cmd_geteventcounter): New command.
+ * gpg-agent.c (handle_signal): Call bump_card_eventcounter.
+ * findkey.c (agent_write_private_key): Call bump_key_eventcounter.
+ * trustlist.c (agent_reload_trustlist): Ditto.
+
+ * command.c (post_cmd_notify, io_monitor): New.
+ (register_commands, start_command_handler): Register them.
+
+2006-11-09 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main): In detached mode connect standard
+ descriptors to /dev/null.
+
+ * trustlist.c (read_trustfiles): Make sure not to pass a zero size
+ to realloc as the C standards says that this behaves like free.
+
+2006-11-06 Werner Koch <wk@g10code.com>
+
+ * protect-tool.c (my_strusage): Fixed typo.
+
+2006-10-23 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main): New command --gpgconf-test.
+
+ * minip12.c (parse_bag_encrypted_data, parse_bag_data): Allow for
+ a salt of 20 bytes.
+
+2006-10-20 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (t_common_ldadd): Use GPG_ERROR_LIBS instead -o just -l
+
+2006-10-19 Werner Koch <wk@g10code.com>
+
+ * findkey.c (unprotect): Use it to avoid unnecessary calls to
+ agent_askpin.
+ * call-pinentry.c (pinentry_active_p): New.
+
+2006-10-17 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (gpg_agent_LDADD): Link to libcommonpth.
+ (gpg_agent_CFLAGS): New. This allows to only link this with Pth.
+
+2006-10-16 Werner Koch <wk@g10code.com>
+
+ * call-pinentry.c (agent_get_confirmation): Map Cancel code here too.
+ * trustlist.c (agent_marktrusted): Return Cancel instead of
+ Not_Confirmed for the first question.
+
+2006-10-12 Werner Koch <wk@g10code.com>
+
+ * protect-tool.c (get_passphrase): Fix if !HAVE_LANGINFO_CODESET.
+
+2006-10-06 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (AM_CFLAGS): Use PTH version of libassuan.
+ (gpg_agent_LDADD): Ditto.
+
+ * divert-scd.c (divert_pksign): Use PKAUTH for the TLS algo.
+
+2006-10-05 Werner Koch <wk@g10code.com>
+
+ * command.c (has_option_name): New.
+ (cmd_sethash): New --hash option.
+ * pksign.c (do_encode_raw_pkcs1): New.
+ (agent_pksign_do): Use it here for the TLS algo.
+ * agent.h (GCRY_MD_USER_TLS_MD5SHA1): New.
+ * divert-scd.c (pksign): Add case for tls-md5sha1.
+
+ * divert-scd.c (encode_md_for_card): Check that the algo is valid.
+
+2006-10-04 Werner Koch <wk@g10code.com>
+
+ * call-pinentry.c (agent_get_passphrase): Changed to return the
+ unencoded passphrase.
+ (agent_askpin, agent_get_passphrase, agent_get_confirmation): Need
+ to map the cancel error.
+ * command.c (send_back_passphrase): New.
+ (cmd_get_passphrase): Use it here. Also implement --data option.
+ (skip_options): New.
+
+2006-09-26 Werner Koch <wk@g10code.com>
+
+ * learncard.c (agent_handle_learn): Send back the keypair
+ information.
+
+2006-09-25 Werner Koch <wk@g10code.com>
+
+ * trustlist.c (read_one_trustfile): Allow extra flags.
+ (struct trustitem_s): Replaced KEYFLAGS by a FLAGS struct.
+ Changed all code to use this.
+ (agent_istrusted): New arg CTRL. Changed all callers. Send back
+ flags.
+ * command.c (agent_write_status): New.
+
+2006-09-20 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Changes to allow parallel make runs.
+
+2006-09-15 Werner Koch <wk@g10code.com>
+
+ * trustlist.c: Entirely rewritten.
+ (agent_trustlist_housekeeping): Removed and removed all calls.
+
+2006-09-14 Werner Koch <wk@g10code.com>
+
+ Replaced all call gpg_error_from_errno(errno) by
+ gpg_error_from_syserror().
+
+ * call-pinentry.c (start_pinentry): Replaced pipe_connect2 by
+ pipe_connect_ext.
+ * call-scd.c (start_scd): Ditto.
+ * command.c (start_command_handler): Replaced
+ init_connected_socket_server by init_socket_server_ext.
+
+2006-09-13 Werner Koch <wk@g10code.com>
+
+ * preset-passphrase.c (main) [W32]: Check for WSAStartup error.
+
+2006-09-08 Werner Koch <wk@g10code.com>
+
+ * call-scd.c: Add signal.h as we are referencing SIGUSR2.
+
+2006-09-06 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (AM_CFLAGS): Add $(GPG_ERR_CFLAGS).
+ (gpg_agent_LDADD): Replace -lgpg-error with $(GPG_ERROR_LIBS).
+
+2006-09-06 Werner Koch <wk@g10code.com>
+
+ * query.c: Renamed to ..
+ * call-pinentry.c: .. this.
+
+ * agent.h (out_of_core): Removed.
+ (CTRL): Removed and changed everywhere to ctrl_t.
+
+ Replaced all Assuan error codes by libgpg-error codes. Removed
+ all map_to_assuan_status and map_assuan_err.
+
+ * gpg-agent.c (main): Call assuan_set_assuan_err_source to have Assuan
+ switch to gpg-error codes.
+ * command.c (set_error): Adjusted.
+
+2006-09-04 Werner Koch <wk@g10code.com>
+
+ * command.c (percent_plus_unescape): New.
+ (cmd_get_val, cmd_putval): New.
+
+2006-08-29 Werner Koch <wk@g10code.com>
+
+ * command-ssh.c (stream_read_mpi): Sanity check for early
+ detecting of too large keys.
+ * gpg-agent.c (my_gcry_outofcore_handler): New.
+ (main): Register it.
+ (main): No allocate 32k secure memory (was 16k).
+
+2006-07-31 Werner Koch <wk@g10code.com>
+
+ * preset-passphrase.c (make_hexstring): For consistency use
+ xtrymalloc and changed caller to use xfree. Fixed function
+ comment.
+
+2006-07-29 Marcus Brinkmann <marcus@g10code.de>
+
+ * preset-passphrase.c (preset_passphrase): Do not strip off last
+ character of passphrase.
+ (make_hexstring): New function.
+ * command.c (cmd_preset_passphrase): Use parse_hexstring to syntax
+ check passphrase argument. Truncate passphrase at delimiter.
+
+2006-07-24 Werner Koch <wk@g10code.com>
+
+ * minip12.c (build_key_bag): New args SHA1HASH and
+ KEYIDSTR. Append bag Attributes if these args are given.
+ (build_cert_sequence): ditto.
+ (p12_build): Calculate certificate hash and pass to build
+ functions.
+
+2006-07-21 Werner Koch <wk@g10code.com>
+
+ * minip12.c (oid_pkcs_12_keyBag): New.
+ (parse_bag_encrypted_data): New arg R_RESULT. Support keybags and
+ return the key object.
+ (p12_parse): Take new arg into account. Free RESULT on error.
+
+2006-06-26 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (handle_signal): Print info for SIGUSR2 only in
+ verbose mode.
+
+2006-06-22 Werner Koch <wk@g10code.com>
+
+ * command-ssh.c (make_cstring): Use memcpy instead of strncpy.
+ (ssh_receive_mpint_list, sexp_key_extract, data_sign): Use
+ xtrycalloc instead of xtrymalloc followed by memset.
+
+2006-06-20 Werner Koch <wk@g10code.com>
+
+ * minip12.c (create_final): New arg PW. Add code to calculate the
+ MAC.
+
+2006-06-09 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (gpg_agent_LDADD): Add $(NETLIBS).
+ (gpg_protect_tool_LDADD): Likewise.
+ (gpg_preset_passphrase_LDADD): Likewise.
+
+2006-04-09 Moritz Schulte <moritz@g10code.com>
+
+ * command-ssh.c (ssh_request_process): Removed FIXME mentioning a
+ possible DoS attack.
+
+2006-04-01 Moritz Schulte <moritz@g10code.com>
+
+ * command-ssh.c (ssh_identity_register): Make KEY_GRIP_RAW be 20
+ instead of 21 bytes long; do not fill KEY_GRIP_RAW[20] with NUL
+ byte - KEY_GRIP_RAW is a raw binary string anyway.
+
+2006-02-09 Werner Koch <wk@g10code.com>
+
+ * call-scd.c (struct scd_local_s): New field next_local.
+ (scd_local_list): New.
+ (start_scd): Put new local into list.
+ (agent_reset_scd): Remove it from the list.
+ (agent_scd_check_aliveness): Here is the actual reason why we need
+ all this stuff.
+ (agent_reset_scd): Send the new command RESTART instead of RESET.
+
+2005-12-16 Werner Koch <wk@g10code.com>
+
+ * minip12.c (cram_octet_string): New
+ (p12_parse): Use it for NDEFed bags.
+ (parse_bag_data): Ditto.
+ (string_to_key, set_key_iv, crypt_block): New arg SALTLEN.
+ (p12_build): Use old value 8 for new arg.
+ (parse_bag_encrypted_data, parse_bag_data): Allow for salts of 8
+ to 16 bytes. Add new arg R_CONSUMED.
+
+2005-11-24 Werner Koch <wk@g10code.com>
+
+ * minip12.c (p12_parse): Fixed for case that the key object comes
+ prior to the certificate.
+
+2005-10-19 Werner Koch <wk@g10code.com>
+
+ * divert-scd.c (getpin_cb): Hack to use it for a keypad message.
+
+ * call-scd.c (inq_needpin): Reworked to support the new KEYPADINFO.
+
+ * query.c (start_pinentry): Keep track of the owner.
+ (popup_message_thread, agent_popup_message_start)
+ (agent_popup_message_stop, agent_reset_query): New.
+ * command.c (start_command_handler): Make sure a popup window gets
+ closed.
+
+2005-10-08 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (gpg_protect_tool_LDADD): Add ../gl/libgnu.a.
+ (gpg_preset_passphrase_LDADD, t_common_ldadd): Likewise.
+ (gpg_agent_LDADD): Add ../gl/libgnu.a after ../common/libcommon.a.
+
+2005-09-16 Werner Koch <wk@g10code.com>
+
+ * minip12.c (build_key_sequence, build_cert_sequence): Fixed
+ padding.
+
+2005-09-15 Moritz Schulte <moritz@g10code.com>
+
+ * t-protect.c (test_agent_protect): Implemented.
+ (main): Disable use of secure memory.
+
+2005-09-09 Werner Koch <wk@g10code.com>
+
+ * minip12.c (p12_build): Oops, array needs to be larger for the
+ certificate.
+ (build_cert_bag): Fixed yesterdays change.
+
+ * command-ssh.c (card_key_available): Let the card handler decide
+ whether the card is supported here. Also get a short serial
+ number to return from the card handler.
+
+2005-09-08 Werner Koch <wk@g10code.com>
+
+ * minip12.c (build_cert_bag): Use a non constructed object.
+ i.e. 0x80 and not 0xa0.
+
+2005-08-16 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main): Use a default file name for --write-env-file.
+
+2005-07-25 Werner Koch <wk@g10code.com>
+
+ * findkey.c (agent_public_key_from_file): Fixed array assignment.
+ This was the cause for random segvs.
+
+2005-06-29 Werner Koch <wk@g10code.com>
+
+ * command-ssh.c (data_sign): Removed empty statement.
+
+2005-06-21 Werner Koch <wk@g10code.com>
+
+ * minip12.c (create_final): Cast size_t to ulong for printf.
+ (build_key_bag, build_cert_bag, build_cert_sequence): Ditto.
+
+2005-06-16 Werner Koch <wk@g10code.com>
+
+ * protect-tool.c (make_advanced): Makde RESULT a plain char.
+ * call-scd.c (unescape_status_string): Need to cast unsigned char*
+ for strcpy.
+ (agent_card_pksign): Made arg R_BUF an unsigned char**.
+ * divert-scd.c (divert_pksign): Made SIGVAL unsigned char*.
+ (encode_md_for_card): Initialize R_VAL and R_LEN.
+ * genkey.c (store_key): Made BUF unsigned.
+ * protect.c (do_encryption): Ditto.
+ (do_encryption): Made arg PROTBEGIN unsigned. Initialize RESULT
+ and RESULTLEN even on error.
+ (merge_lists): Need to cast unsigned char * for strcpy. Initialize
+ RESULTand RESULTLEN even on error.
+ (agent_unprotect): Likewise for strtoul.
+ (make_shadow_info): Made P and INFO plain char.
+ (agent_shadow_key): Made P plain char.
+
+2005-06-15 Werner Koch <wk@g10code.com>
+
+ * query.c (agent_get_passphrase): Made HEXSTRING a char*.
+ * command-ssh.c (ssh_key_grip): Made arg BUFFER unsigned.
+ (ssh_key_grip): Simplified.
+ (data_sign): Initialize variables with the definition.
+ (ssh_convert_key_to_blob): Make sure that BLOB and BLOB_SIZE
+ are set to NULL on error. Cool, gcc-4 detects uninitialized stuff
+ beyond function boundaries; well it can't know that we do error
+ proper error handling so that this was not a real error.
+ (file_to_buffer): Likewise for BUFFER and BUFFER_N.
+ (data_sign): Likewise for SIG and SIG_N.
+ (stream_read_byte): Set B to a value even on error.
+ * command.c (cmd_genkey): Changed VALUE to char.
+ (cmd_readkey): Cast arg for gcry_sexp_sprint.
+ * agent.h (struct server_control_s): Made KEYGRIP unsigned.
+
+2005-06-13 Werner Koch <wk@g10code.com>
+
+ * command-ssh.c (start_command_handler_ssh): Reset the SCD.
+
+2005-06-09 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (create_socket_name): New option --max-cache-ttl-ssh.
+ * cache.c (housekeeping): Use it.
+ (agent_put_cache): Use a switch to get the default ttl so that it
+ is easier to add more cases.
+
+2005-06-06 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c: New option --default-cache-ttl-ssh.
+ * agent.h (cache_mode_t): New.
+ * pksign.c (agent_pksign_do): New arg CACHE_MODE to replace the
+ ARG IGNORE_CACHE. Changed all callers.
+ (agent_pksign): Ditto.
+ * findkey.c (agent_key_from_file): Ditto. Canged all callers.
+ (unprotect): Ditto.
+ * command-ssh.c (data_sign): Use CACHE_MODE_SSH.
+ * cache.c (agent_get_cache): New arg CACHE_MODE.
+ (agent_put_cache): Ditto. Store it in the cache.
+
+ * query.c (agent_query_dump_state, dump_mutex_state): New.
+ (unlock_pinentry): Reset the global context before releasing the
+ mutex.
+ * gpg-agent.c (handle_signal): Dump query.c info on SIGUSR1.
+
+ * call-scd.c (agent_scd_check_aliveness): Always do a waitpid and
+ add a timeout to the locking.
+
+2005-06-03 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_updatestartuptty): New.
+
+ * gpg-agent.c: New option --write-env-file.
+
+ * gpg-agent.c (handle_connections): Make sure that the signals we
+ are handling are not blocked.Block signals while creating new
+ threads.
+
+2005-06-02 Werner Koch <wk@g10code.com>
+
+ * call-scd.c (agent_scd_dump_state, dump_mutex_state): New.
+ * gpg-agent.c (handle_signal): Print it on SIGUSR1.
+ (handle_connections): Include the file descriptor into the
+ threadnames.
+
+2005-06-01 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c: Include setenv.h.
+
+2005-05-31 Werner Koch <wk@g10code.com>
+
+ * agent.h (out_of_core): s/__inline__/inine. Noted by Ray Link.
+
+2005-05-25 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main): Do not unset the DISPLAY when we are
+ continuing as child.
+
+2005-05-24 Werner Koch <wk@g10code.com>
+
+ * call-scd.c (inq_needpin): Skip leading spaces in of PIN
+ description.
+ * divert-scd.c (getpin_cb): Enhanced to cope with description
+ flags.
+ * query.c (agent_askpin): Add arg PROMPT_TEXT. Changed all
+ callers.
+
+2005-05-21 Werner Koch <wk@g10code.com>
+
+ * call-scd.c (start_scd): Don't test for an alive scdaemon here.
+ (agent_scd_check_aliveness): New.
+ * gpg-agent.c (handle_tick): Test for an alive scdaemon.
+ (handle_signal): Print thread info on SIGUSR1.
+
+2005-05-20 Werner Koch <wk@g10code.com>
+
+ * protect-tool.c: New option --canonical.
+ (show_file): Implement it.
+
+ * keyformat.txt: Define the created-at attribute for keys.
+
+2005-05-18 Werner Koch <wk@g10code.com>
+
+ * divert-scd.c (ask_for_card): Removed the card reset kludge.
+
+2005-05-17 Werner Koch <wk@g10code.com>
+
+ * call-scd.c (unlock_scd): Add new arg CTRL. Changed all callers.
+ (start_scd): Reoworked to allow for additional connections.
+ * agent.h (ctrl_t): Add local data for the SCdaemon.
+ * command.c (start_command_handler): Release SERVER_LOCAL.
+
+ * gpg-agent.c (create_server_socket): Use xmalloc.
+ (main): Removed option --disable-pth a dummy. Removed non-pth
+ code path.
+ (cleanup_sh): Removed. Not needed anymore.
+
+2005-05-05 Moritz Schulte <moritz@g10code.com>
+
+ * command-ssh.c (ssh_key_to_buffer): Rename to ...
+ (ssh_key_to_protected_buffer): ... this; change callers.
+ Improved documentation.
+ Use ssh_key_grip(), where gcry_pk_get_keygrip() has been used
+ before.
+ (ssh_handler_sign_request): Removed unusued variable P.
+
+2005-04-20 Moritz Schulte <moritz@g10code.com>
+
+ * command-ssh.c (ssh_handler_request_identities): Removed
+ debugging code (sleep call), which was commited unintenionally.
+
+2005-04-20 Werner Koch <wk@g10code.com>
+
+ * minip12.c (parse_bag_encrypted_data): Fix the unpadding hack.
+
+ * gpg-agent.c: New option --disable-scdaemon.
+ (handle_connections): Add time event to drive ...
+ (handle_tick): New function.
+ (main): Record the parent PID. Fixed segv when using ssh and a
+ command.
+
+ * call-scd.c (start_scd): Take care of this option.
+
+2005-04-03 Moritz Schulte <moritz@g10code.com>
+
+ * command-ssh.c (ssh_request_spec): New member: secret_input.
+ (REQUEST_SPEC_DEFINE): New argument: secret_input.
+ (request_specs): Add secret_input flag.
+ (request_spec_lookup): New function ...
+ (ssh_request_process): ... use it here; depending on secret_input
+ flag allocate secure or non-secure memory.
+
+2005-03-02 Moritz Schulte <moritz@g10code.com>
+
+ * command-ssh.c (sexp_key_extract): Removed FIXME, since
+ xtrymallos does set errno correctly by now.
+ (sexp_extract_identifier): Remove const attribute from identifier.
+ (ssh_handler_request_identities): Remove const attribute from
+ key_type; removes ugly casts and FIXME.
+ (sexp_key_extract): Remove const attribute from comment.
+ (ssh_send_key_public): Remove const attribute from
+ key_type/comment; removes ugly cast.
+ (data_sign): Remove const attribute from identifier; removes ugly
+ cast.
+ (key_secret_to_public): Remove const attribute from comment;
+ removes ugly cast.
+ (ssh_handler_sign_request): Remove const attribute from p.
+ (sexp_key_extract): Use make_cstring().
+ (ssh_key_extract_comment): Likewise.
+ (ssh_key_to_buffer): Use secure memory for memory area to hold the
+ key S-Expression.
+ Added more comments.
+
+2005-02-25 Werner Koch <wk@g10code.com>
+
+ * findkey.c (modify_description): Keep invalid % escapes, so that
+ %0A may pass through.
+
+ * agent.h (server_control_s): New field USE_AUTH_CALL.
+ * call-scd.c (agent_card_pksign): Make use of it.
+ * command-ssh.c (data_sign): Set the flag.
+ (ssh_send_key_public): New arg OVERRIDE_COMMENT.
+ (card_key_available): Add new arg CARDSN.
+ (ssh_handler_request_identities): Use the card s/n as comment.
+ (sexp_key_extract): Use GCRYMPI_FMT_STD.
+ (data_sign): Ditto.
+
+ * learncard.c (make_shadow_info): Moved to ..
+ * protect.c (make_shadow_info): .. here. Return NULL on malloc
+ failure. Made global.
+ * agent.h: Add prototype.
+
+2005-02-24 Werner Koch <wk@g10code.com>
+
+ * call-scd.c (unescape_status_string): New. Actual a copy of
+ ../g10/call-agent.c
+ (card_getattr_cb, agent_card_getattr): New.
+
+ * command-ssh.c (card_key_available): New.
+ (ssh_handler_request_identities): First see whether a card key is
+ available.
+
+ * gpg-agent.c (handle_connections): Need to check for events if
+ select returns with -1.
+
+2005-02-23 Werner Koch <wk@g10code.com>
+
+ * command-ssh.c (get_passphrase): Removed.
+ (ssh_identity_register): Partly rewritten.
+ (open_control_file, search_control_file, add_control_entry): New.
+ (ssh_handler_request_identities): Return only files listed in our
+ control file.
+
+ * findkey.c (unprotect): Check for allocation error.
+
+ * agent.h (opt): Add fields to record the startup terminal
+ settings.
+ * gpg-agent.c (main): Record them and do not force keep display
+ with --enable-ssh-support.
+ * command-ssh.c (start_command_handler_ssh): Use them here.
+
+ * gpg-agent.c: Renamed option --ssh-support to
+ --enable-ssh-support.
+
+ * command.c (cmd_readkey): New.
+ (register_commands): Register new command "READKEY".
+
+ * command-ssh.c (ssh_request_process): Improved logging.
+
+ * findkey.c (agent_write_private_key): Always use plain open.
+ Don't depend on an umask for permissions.
+ (agent_key_from_file): Factored file reading code out to ..
+ (read_key_file): .. new function.
+ (agent_public_key_from_file): New.
+
+2005-02-22 Werner Koch <wk@g10code.com>
+
+ * command-ssh.c (stream_read_string): Removed call to abort on
+ memory error because the CVS version of libgcrypt makes sure
+ that ERRNO gets always set on error even with a faulty user
+ supplied function.
+
+2005-02-19 Moritz Schulte <moritz@g10code.com>
+
+ * command-ssh.c (ssh_receive_mpint_list): Slightly rewritten, do
+ not use elems_secret member of key_spec.
+ (ssh_key_type_spec): Removed member: elems_secret.
+ (ssh_key_types): Removed elems_secret data.
+ (ssh_sexp_construct): Renamed to ...
+ (sexp_key_construct): ... this; changed callers.
+ (ssh_sexp_extract): Renamed to ...
+ (sexp_key_extract): ... this; changed callers.
+ (ssh_sexp_extract_key_type): Renamed to ...
+ (sexp_extract_identifier): ... this; changed callers; use
+ make_cstring().
+ Added more comments.
+
+2005-02-18 Moritz Schulte <moritz@g10code.com>
+
+ * command-ssh.c (ssh_sexp_construct): Rewritten generation of sexp
+ template, clarified.
+ (ssh_sexp_extract): Support shadowed-private-key-sexp; treat
+ protected-private key and shadowed-private-key as public keys.
+ (key_secret_to_public): Rewritten: simply use ssh_sexp_extract()
+ and ssh_sexp_construct().
+
+2005-02-15 Werner Koch <wk@g10code.com>
+
+ * findkey.c (modify_description): Don't increment OUT_LEN during
+ the second pass.
+
+2005-02-14 Moritz Schulte <moritz@g10code.com>
+
+ * command-ssh.c (es_read_byte): Renamed to ...
+ (stream_es_read_byte): ... this; changed callers.
+ (es_write_byte): Renamed to ...
+ (stream_write_byte): ... this; changed callers.
+ (es_read_uint32): Renamed to ...
+ (stream_read_uint32): ... this; changed callers.
+ (es_write_uint32): Renamed to ...
+ (stream_write_uint32): ... this; changed callers.
+ (es_read_data): Renamed to ...
+ (stream_read_data): ... this; changed callers.
+ (es_write_data): Renamed to ...
+ (stream_write_data): ... this; changed callers.
+ (es_read_string): Renamed to ...
+ (stream_read_string): ... this; changed callers.
+ (es_read_cstring): Renamed to ...
+ (stream_read_cstring): ... this; changed callers.
+ (es_write_string): Renamed to ...
+ (stream_write_string): ... this; changed callers.
+ (es_write_cstring): Renamed to ...
+ (stream_write_cstring): ... this; changed callers.
+ (es_read_mpi): Renamed to ...
+ (stream_read_mpi): ... this; changed callers.
+ (es_write_mpi): Renamed to ...
+ (stream_write_mpi): ... this; changed callers.
+ (es_copy): Renamed to ...
+ (stream_copy): ... this; changed callers.
+ (es_read_file): Renamed to ...
+ (file_to_buffer): ... this; changed callers.
+ (ssh_identity_register): Removed variable description_length;
+ changed code to use asprintf for description.
+ (stream_write_uint32): Do not filter out the last byte of shift
+ expression.
+ (uint32_construct): New macro ...
+ (stream_read_uint32): ... use it; removed unnecessary cast.
+
+2005-02-03 Werner Koch <wk@g10code.com>
+
+ * agent.h (agent_exit): Add JNLIB_GCC_A_NR to indicate that this
+ function won't return.
+
+ * gpg-agent.c (check_for_running_agent): Initialize pid to a
+ default value if not needed.
+
+ * command-ssh.c: Removed stdint.h. s/byte_t/unsigned char/,
+ s/uint32/u32/ becuase that is what we have always used in GnuPG.
+ (ssh_request_specs): Moved to top of file.
+ (ssh_key_types): Ditto.
+ (make_cstring): Ditto.
+ (data_sign): Don't use a variable for the passphrase prompt, make
+ it translatable.
+ (ssh_request_process):
+
+
+ * findkey.c (modify_description): Renamed arguments for clarity,
+ polished documentation. Make comment a C-string. Fixed case of
+ DESCRIPTION being just "%".
+ (agent_key_from_file): Make sure comment string to a C-string.
+
+ * gpg-agent.c (create_socket_name): Cleanup the implemntation, use
+ DIMof, agent_exit, removed superflous args and return the
+ allocated string as value. Documented. Changed callers.
+ (create_server_socket): Cleanups similar to above. Changed callers.
+ (cleanup_do): Renamed to ..
+ (remove_socket): .. this. Changed caller.
+ (handle_connections): The signals are to be handled in the select
+ and not in the accept. Test all FDs after returning from a
+ select. Remove the event tests from the accept calls. The select
+ already assured that the accept won't block.
+
+2005-01-29 Moritz Schulte <moritz@g10code.com>
+
+ * command-ssh.c (ssh_handler_request_identities)
+ (ssh_handler_sign_request, ssh_handler_add_identity)
+ (ssh_handler_remove_identity, ssh_handler_remove_all_identities)
+ (ssh_handler_lock, ssh_handler_unlock): Changed to return an error
+ code instead of a boolean.
+ (ssh_request_process): Changed to return a boolean instead of an
+ error; adjust caller.
+ (ssh_request_handle_t): Adjusted type.
+ (ssh_request_spec): New member: identifier.
+ (REQUEST_SPEC_DEFINE): New macro; use it for initialization of
+ request_specs[].
+ (ssh_request_process): In debugging mode, log identifier of
+ handler to execute.
+ (start_command_handler_ssh): Moved most of the stream handling
+ code ...
+ (ssh_request_process): ... here.
+
+2005-01-28 Moritz Schulte <moritz@g10code.com>
+
+ * command-ssh.c (ssh_handler_add_identity): Pass ctrl to
+ ssh_identity_register().
+ (ssh_identity_register): New argument: ctrl; pass ctrl to
+ get_passphrase().
+ (get_passphrase): Pass ctrl instead of NULL to agent_askpin().
+ (start_command_handler_ssh): Use agent_init_default_ctrl();
+ deallocate structure members, which might be dynamically
+ allocated.
+ (lifetime_default): Removed variable.
+ (ssh_handler_add_identity): Fix ttl handling; renamed variable
+ `death' to `ttl'.
+ (ssh_identity_register): Fix key grip handling.
+
+2005-01-26 Moritz Schulte <moritz@g10code.com>
+
+ * command-ssh.c (ssh_handler_sign_request): Confirm to agent
+ protocol in case of failure.
+
+ * command-ssh.c: New file.
+
+ * Makefile.am (gpg_agent_SOURCES): New source file: command-ssh.c.
+
+ * findkey.c (modify_description): New function.
+ (agent_key_from_file): Support comment field in key s-expressions.
+
+ * gpg-agent.c (enum cmd_and_opt_values): New item: oSSHSupport.
+ (opts) New entry for oSSHSupport.
+ New variable: socket_name_ssh.
+ (cleanup_do): New function based on cleanup().
+ (cleanup): Use cleanup_do() for socket_name and socket_name_ssh.
+ (main): New switch case for oSSHSupport.
+ (main): Move socket name creation code to ...
+ (create_socket_name): ... this new function.
+ (main): Use create_socket_name() for creating socket names for
+ socket_name and for socket_name_ssh in case ssh support is
+ enabled.
+ Move socket creation code to ...
+ (create_server_socket): ... this new function.
+ (main): Use create_server_socket() for creating sockets.
+ In case standard_socket is set, do not only store a socket name in
+ socket_name, but also in socket_name_ssh.
+ Generate additional environment info strings for ssh support.
+ Pass additional ssh socket argument to handle_connections.
+ (start_connection_thread_ssh): New function.
+ (handle_connections): Use select to multiplex between gpg-agent
+ and ssh-agent protocol.
+
+ * agent.h (struct opt): New member: ssh_support.
+ (start_command_handler_ssh): Add prototype.
+
+2005-01-04 Werner Koch <wk@g10code.com>
+
+ * trustlist.c (agent_marktrusted): Use "Cancel" for the first
+ confirmation and made the strings translatable.
+
+ * cache.c (agent_put_cache): Fix the test for using the default
+ TTL.
+
+2004-12-21 Werner Koch <wk@g10code.com>
+
+ * preset-passphrase.c (preset_passphrase): Handle --passphrase.
+
+ * Makefile.am (gpg_preset_passphrase_LDADD): Reorder libs so that
+ pwquery may use stuff from jnlib. Conditionally add -lwsock2
+ (gpg_protect_tool_LDADD): Ditto.
+
+ * preset-passphrase.c (main): Use default_homedir().
+ (main) [W32]: Initialize sockets.
+
+2004-12-21 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (libexec_PROGRAMS): Add gpg-preset-passphrase.
+ (gpg_preset_passphrase_SOURCES, gpg_preset_passphrase_LDADD): New
+ targets.
+ * agent.h (opt): New member allow_cache_passphrase.
+ * cache.c (housekeeping): Check if R->ttl is not negative.
+ (agent_put_cache): Allow ttl to be negative.
+ * command.c (parse_hexstring): Allow something to follow the
+ hexstring.
+ (cmd_cache_passphrase): New function.
+ (register_commands): Add it.
+ * gpg-agent.c: Handle --allow-preset-passphrase.
+ * preset-passphrase.c: New file.
+
+2004-12-21 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main): Use default_homedir().
+ * protect-tool.c (main): Ditto.
+
+2004-12-20 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main) [W32]: Now that Mutexes work we can remove
+ the pth_init kludge.
+ (main): Add new options --[no-]use-standard-socket.
+ (check_for_running_agent): Check whether it is running on the
+ standard socket.
+
+ * call-scd.c (init_membuf, put_membuf, get_membuf): Removed. We
+ now use the identical implementation from ../common/membuf.c.
+
+ * pksign.c (agent_pksign): Changed arg OUTFP to OUTBUF and use
+ membuf functions to return the value.
+ * pkdecrypt.c (agent_pkdecrypt): Ditto.
+ * genkey.c (agent_genkey): Ditto.
+ * command.c (cmd_pksign, cmd_pkdecrypt, cmd_genkey): Replaced
+ assuan_get_data_fp() by a the membuf scheme.
+ (clear_outbuf, write_and_clear_outbuf): New.
+
+2004-12-19 Werner Koch <wk@g10code.com>
+
+ * query.c (initialize_module_query): New.
+ * call-scd.c (initialize_module_call_scd): New.
+ * gpg-agent.c (main): Call them.
+
+2004-12-18 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (main): Remove special Pth initialize.
+
+ * agent.h (map_assuan_err): Define in terms of
+ map_assuan_err_with_source.
+
+2004-12-17 Moritz Schulte <moritz@g10code.com>
+
+ * query.c: Undo change from 2004-12-05.
+
+2004-12-15 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c [W32]: Various hacks to make it work.
+
+ * findkey.c (agent_write_private_key) [W32]: Adjust open call.
+
+ * call-scd.c (start_scd) [W32]: Don't check whether the daemon
+ didn't died. To hard to do under Windows.
+ (start_scd) [W32]: Disable sending of the event signal option.
+
+ * protect-tool.c (read_file, export_p12_file) [W32]: Use setmode
+ to get stdout and stin into binary mode.
+
+2004-12-05 Moritz Schulte <moritz@g10code.com>
+
+ * query.c (start_pinentry): Allow CTRL be NULL.
+
+2004-10-22 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.c (parse_rereadable_options): Return "not handled"
+ when the log file has not beend hadled. This is will let the main
+ option processing continue. Fixed a bug introduced on 2004-09-4
+ resulting in logging to stderr until a HUP has been given.
+ (main): Don't close the listen FD.
+
+2004-09-30 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Adjusted from gettext 1.14.
+
+2004-09-29 Werner Koch <wk@g10code.com>
+
+ * minip12.c (parse_bag_encrypted_data): Print error if a bad
+ passphrase has been given.
+
+2004-09-28 Werner Koch <wk@g10code.com>
+
+ * protect.c (agent_unprotect): Fixed wiping of CLEARTEXT. Thanks
+ to Moritz for pointing this out.
+
+2004-09-25 Moritz Schulte <moritz@g10code.com>
+
+ * agent.h: Declare: agent_pksign_do.
+ (struct server_control_s): New member: raw_value.
+
+ * pksign.c (do_encode_md): New argument: raw_value; support
+ generation of raw (non-pkcs1) data objects; adjust callers.
+ (agent_pksign_do): New function, based on code ripped
+ out from agent_pksign.
+ (agent_pksign): Use agent_pksign_do.
+
+ * command.c (start_command_handler): Set ctrl.digest.raw_value.
+
+2004-09-09 Werner Koch <wk@g10code.de>
+
+ * gpg-agent.c (check_for_running_agent): New.
+ (main): The default action is now to check for an already running
+ agent.
+ (parse_rereadable_options): Set logfile only on reread.
+ (main): Do not print the "is development version" note.
+
+2004-08-20 Werner Koch <wk@g10code.de>
+
+ * gpg-agent.c: New option --max-cache-ttl. Suggested by Alexander
+ Belopolsky.
+ * cache.c (housekeeping): Use it here instead of the hardwired
+ default of 1 hour.
+
+ * query.c (start_pinentry): Use a timeout for the pinentry lock.
+
+2004-08-18 Werner Koch <wk@g10code.de>
+
+ * protect-tool.c (get_passphrase): Make sure that the default
+ prompts passed to gpg-agent are utf-8 encoded. Add new prompt values.
+ (import_p12_file, import_p12_file, export_p12_file): Changed calls
+ to get_passphrase so that better prompts are displayed.
+ (get_new_passphrase): New.
+
+2004-07-22 Werner Koch <wk@g10code.de>
+
+ * trustlist.c (read_list): Allow colons in the fingerprint.
+ (headerblurb): Rephrased.
+
+ * gpg-agent.c (handle_connections): Increase the stack size ot 256k.
+
+2004-06-20 Moritz Schulte <moritz@g10code.com>
+
+ * gpg-agent.c: Include <sys/stat.h> (build fix for BSD).
+
+2004-05-11 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (handle_signal): Reload the trustlist on SIGHUP.
+ (start_connection_thread): Hack to simulate a ticker.
+ * trustlist.c (agent_trustlist_housekeeping)
+ (agent_reload_trustlist): New. Protected all global functions
+ here with a simple counter which is sufficient for Pth.
+
+2004-05-03 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c: Remove help texts for options lile --lc-ctype.
+ (main): New option --allow-mark-trusted.
+ * trustlist.c (agent_marktrusted): Use it here.
+
+2004-04-30 Werner Koch <wk@gnupg.org>
+
+ * protect-tool.c: New option --enable-status-msg.
+ (store_private_key): Print status messages for imported keys.
+ (read_and_unprotect): Ditto for bad passphrase.
+
+ * gpg-agent.c (parse_rereadable_options): New arg REREAD. Allow
+ changing oLogFile.
+ (current_logfile): New.
+
+2004-04-26 Werner Koch <wk@gnupg.org>
+
+ * call-scd.c (start_scd): Do not register an event signal if we
+ are running as a pipe server.
+
+2004-04-21 Werner Koch <wk@gnupg.org>
+
+ * call-scd.c (start_scd): Send event-signal option. Always check
+ that the scdaemon is still running.
+
+ * gpg-agent.c (handle_signal): Do not use SIGUSR{1,2} anymore for
+ changing the verbosity.
+
+2004-04-16 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (main): Tell the logging code that we are running
+ detached.
+
+2004-04-06 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (main): Use new libgcrypt thread library register
+ scheme.
+
+2004-03-23 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpg-agent.c (main): For now, always print the default config
+ file name for --gpgconf-list.
+
+2004-03-17 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (main) <gpgconf>: Fixed default value quoting.
+
+2004-03-16 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (parse_rereadable_options): Use the new
+ DEFAULT_CACHE_TTL macro.
+ (main): Updated --gpgconf-list output.
+
+2004-02-21 Werner Koch <wk@gnupg.org>
+
+ * command.c (cmd_passwd): Take acount of a key description.
+
+ * genkey.c (reenter_compare_cb): Do not set the error text.
+ (agent_protect_and_store, agent_genkey): Force a re-enter after a
+ non-matching passphrase.
+ * query.c (agent_askpin): Add new arg INITIAL_ERRTEXT; changed
+ all callers.
+
+2004-02-19 Werner Koch <wk@gnupg.org>
+
+ * protect-tool.c: New options --have-cert and --prompt.
+ (export_p12_file): Read a certificate from STDIN and pass it to
+ p12_build. Detect a keygrip and construct the filename in that
+ case. Unprotcet a key if needed. Print error messages for key
+ formats we can't handle.
+ (release_passphrase): New.
+ (get_passphrase): New arg PROMPTNO. Return the allocated
+ string. Changed all callers.
+
+ * minip12.c: Revamped the build part.
+ (p12_build): New args CERT and CERTLEN.
+
+2004-02-18 Werner Koch <wk@gnupg.org>
+
+ * protect-tool.c (main): Setup the used character set.
+ * gpg-agent.c (main): Ditto.
+
+ * gpg-agent.c (set_debug): New. New option --debug-level.
+ (main): New option --gpgconf-list.
+
+2004-02-17 Werner Koch <wk@gnupg.org>
+
+ * pksign.c (do_encode_md): Cleaned up by using gcry_sexp_build.
+
+ * Makefile.am (gpg_protect_tool_SOURCES): Removed
+ simple-pwquery.[ch], as we once moved it to ../common.
+
+2004-02-13 Werner Koch <wk@gnupg.org>
+
+ * command.c (cmd_setkeydesc): New.
+ (register_commands): Add command SETKEYDESC.
+ (cmd_pksign, cmd_pkdecrypt): Use the key description.
+ (reset_notify): Reset the description.
+ * findkey.c (unprotect): Add arg DESC_TEXT.
+ (agent_key_from_file): Ditto.
+ * pksign.c (agent_pksign): Ditto.
+ * pkdecrypt.c (agent_pkdecrypt): Ditto. Made CIPHERTEXT an
+ unsigned char*.
+
+ * protect-tool.c (main): New options --no-fail-on-exist, --homedir.
+ (store_private_key): Use them here.
+
+2004-02-12 Werner Koch <wk@gnupg.org>
+
+ * protect-tool.c (read_file, main): Allow reading from stdin.
+
+ * Makefile.am: Include cmacros.am for common flags.
+ (libexec_PROGRAMS): Put gpg-protect-tool there.
+
+2004-02-10 Werner Koch <wk@gnupg.org>
+
+ * minip12.c (parse_bag_encrypted_data): Finished implementation.
+ (p12_parse): Add callback args.
+ * protect-tool.c (import_p12_cert_cb): New.
+ (import_p12_file): Use it.
+
+2004-02-06 Werner Koch <wk@gnupg.org>
+
+ * minip12.c (crypt_block): Add arg CIPHER_ALGO; changed all callers.
+ (set_key_iv): Add arg KEYBYTES; changed caller.
+
+2004-02-03 Werner Koch <wk@gnupg.org>
+
+ * findkey.c (agent_key_from_file): Extra paranoid wipe.
+ * protect.c (agent_unprotect): Ditto.
+ (merge_lists): Ditto. Add arg RESULTLEN.
+ * pkdecrypt.c (agent_pkdecrypt): Don't show the secret key even in
+ debug mode.
+
+ * protect.c: Add DSA and Elgamal description.
+
+2004-01-29 Werner Koch <wk@gnupg.org>
+
+ * agent.h (server_control_s): Add connection_fd field.
+ * command.c (start_command_handler): Init it here.
+ * gpg-agent.c (agent_init_default_ctrl): and here.
+ * call-scd.c: Add the CTRL arg to all functions calling start_scd
+ and pass it to start_scd. Changed all callers
+ (start_scd): Keep track of the current active connection.
+ (agent_reset_scd): New.
+ * command.c (start_command_handler): Call it here.
+ * learncard.c (agent_handle_learn): Add arg CTRL; changed caller.
+ (send_cert_back): Ditto.
+
+2004-01-28 Werner Koch <wk@gnupg.org>
+
+ * trustlist.c (agent_marktrusted): Check whether the trustlist is
+ writable.
+
+2004-01-27 Werner Koch <wk@gnupg.org>
+
+ * sexp-parse.h: Moved to ../common.
+
+2004-01-24 Werner Koch <wk@gnupg.org>
+
+ * call-scd.c (atfork_cb): New.
+ (start_scd): Make sure secmem gets cleared.
+ * query.c (atfork_cb): New.
+ (start_pinentry): Make sure secmem gets cleared.
+
+2004-01-16 Werner Koch <wk@gnupg.org>
+
+ * findkey.c (agent_key_from_file): Now return an error code so
+ that we have more detailed error messages in the upper layers.
+ This fixes the handling of pinentry's cancel button.
+ * pksign.c (agent_pksign): Changed accordingly.
+ * pkdecrypt.c (agent_pkdecrypt): Ditto.
+ * command.c (cmd_passwd): Ditto.
+
+2003-12-16 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (main): Set the prefixes for assuan logging.
+
+2003-12-15 Werner Koch <wk@gnupg.org>
+
+ * protect.c (do_encryption): Use gcry_create_nonce instad of the
+ obsolete WEAK_RANDOM.
+
+2003-11-20 Werner Koch <wk@gnupg.org>
+
+ * sexp-parse.h (snext): Don't use atoi_1 and digitp macros, so
+ that this file is useful by other applications too.
+
+2003-10-27 Werner Koch <wk@gnupg.org>
+
+ * command.c (cmd_get_confirmation): New command.
+
+2003-08-20 Timo Schulz <twoaday@freakmail.de>
+
+ * pksign.c (do_encode_md): Allocate enough space. Cast md
+ byte to unsigned char to prevent sign extension.
+
+2003-08-14 Timo Schulz <twoaday@freakmail.de>
+
+ * pksign.c (do_encode_md): Due to the fact pkcs#1 padding
+ is now in Libgcrypt, use the new interface.
+
+2003-07-31 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (gpg_agent_LDADD): Added INTLLIBS.
+ (gpg_protect_tool_SOURCES): Added simple-pwquery.[ch]
+
+2003-07-27 Werner Koch <wk@gnupg.org>
+
+ Adjusted for gcry_mpi_print and gcry_mpi_scan API change.
+
+2003-07-15 Werner Koch <wk@gnupg.org>
+
+ * simple-pwquery.c, simple-pwquery.h: Moved to ../common.
+ * Makefile.am (gpg_protect_tool_LDADD): Add simple-pwquery.o.
+ Removed it from xx_SOURCES.
+
+2003-07-04 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (handle_connections): Kludge to allow use of Pth 1
+ and 2.
+
+2003-06-30 Werner Koch <wk@gnupg.org>
+
+ * call-scd.c (learn_status_cb): Store the serialno in PARM.
+
+2003-06-26 Werner Koch <wk@gnupg.org>
+
+ * call-scd.c (agent_card_serialno): Don't do a RESET anymore.
+
+2003-06-25 Werner Koch <wk@gnupg.org>
+
+ * command.c (cmd_scd): New.
+ * call-scd.c (agent_card_scd): New.
+ * divert-scd.c (divert_generic_cmd): New
+
+ * call-scd.c (agent_card_learn): New callback args SINFO.
+ (learn_status_cb): Pass all other status lines to the sinfo
+ callback.
+ * learncard.c (release_sinfo, sinfo_cb): New.
+ (agent_handle_learn): Pass the new cb to the learn function and
+ pass the collected information back to the client's assuan
+ connection.
+
+ * gpg-agent.c (main): Moved pth_init before gcry_check_version.
+
+2003-06-24 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (handle_connections): Adjusted for Pth 2.0
+
+ Adjusted for changes in the libgcrypt API. Some more fixes for the
+ libgpg-error stuff.
+
+2003-06-04 Werner Koch <wk@gnupg.org>
+
+ Renamed error codes from INVALID to INV and removed _ERROR suffixes.
+
+2003-06-03 Werner Koch <wk@gnupg.org>
+
+ Changed all error codes in all files to the new libgpg-error scheme.
+
+ * agent.h: Include gpg-error.h and errno.h
+ * Makefile.am: Link with libgpg-error
+
+ * query.c: assuan.h is now a system header.
+ * genkey.c (agent_genkey): Fixed silly use of xmalloc by
+ xtrymalloc.
+
+2003-04-29 Werner Koch <wk@gnupg.org>
+
+ * command.c (register_commands): Adjusted for new Assuan semantics.
+
+ * Makefile.am: Don't override LDFLAGS.
+
+2002-12-04 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c: New variable config_filename.
+ (parse_rereadable_options): New.
+ (main): Use it here. Add setting of default values, set
+ config_filename.
+ (reread_configuration): Filled with actual code.
+
+2002-12-03 Werner Koch <wk@gnupg.org>
+
+ * protect-tool.c (read_key): Don't run make_canonical on a NULL
+ buffer.
+
+ * command.c (parse_hexstring): New.
+ (cmd_sethash): Use it.
+ (parse_keygrip): New.
+ (cmd_havekey, cmd_sigkey): Use it.
+ (cmd_passwd): New.
+ * genkey.c (agent_protect_and_store): New.
+ (store_key): Add arg FORCE.
+ (agent_genkey): Pass false to this force of store_key.
+
+2002-11-13 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (main): Switch all messages to utf-8.
+
+ * simple-pwquery.c (agent_send_all_options): Use $GPG_TTY and
+ stdin with ttyname.
+
+ * cache.c (new_data): Uiih - /sizeof d/sizeof *d/.
+
+2002-11-10 Werner Koch <wk@gnupg.org>
+
+ * command.c (option_handler): Fix keep_tty check.
+
+2002-11-06 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (main): Make sure we have a default ttyname.
+ * command.c (option_handler): Check opt.keep_tty here
+ * query.c (start_pinentry): but not anymore here.
+
+2002-11-05 Werner Koch <wk@gnupg.org>
+
+ * agent.h (opt,server_control_s): Move display and lc_ variables
+ to the control struct so that they are per connection.
+ * gpg-agent.c (agent_init_default_ctrl): New.
+ (main): Assign those command line options to new default_* variables.
+ Reset DISPLAY in server mode so that tehre is no implicit default.
+ * command.c (start_command_handler): Initialize and deinitialize
+ the control values.
+ (option_handler): Work on the ctrl values and not on the opt.
+ * query.c (start_pinentry): New argument CTRL to set the display
+ connection specific. Changed all callers to pass this value.
+ (agent_askpin,agent_get_passphrase,agent_get_confirmation): Add
+ CTRL arg and pass it ot start_pinentry.
+ * command.c (cmd_get_passphrase): Pass CTRL argument.
+ * trustlist.c (agent_marktrusted): Add CTRL argument
+ * command.c (cmd_marktrusted): Pass CTRL argument
+ * divert-scd.c (ask_for_card): Add CTRL arg.
+ (divert_pksign,divert_pkdecrypt): Ditto. Changed caller.
+ (getpin_cb): Use OPAQUE to pass the CTRL variable. Changed both
+ users.
+ * findkey.c (unprotect): Add CTRL arg.
+ (agent_key_from_file): Ditto.
+
+ * query.c (unlock_pinentry): Disconnect the pinentry so that we
+ start a new one for each request. This is required to support
+ clients with different environments (e.g. X magic cookies).
+
+2002-09-05 Neal H. Walfield <neal@cs.uml.edu>
+
+ * gpg-agent.c (main) [USE_GNU_PTH]: No need to call
+ assuan_set_io_func as assuan is smart.
+
+2002-09-25 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (handle_signal): Flush cache on SIGHUP.
+ * cache.c (agent_flush_cache): New.
+
+ * gpg-agent.c, agent.h: Add --keep-display and --keep-tty.
+ * query.c (start_pinentry): Implement them. The option passing
+ needs more thoughts.
+
+2002-09-09 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (create_private_keys_directory)
+ (create_directories): New.
+ (main): Try to create a home directory.
+
+2002-09-04 Neal H. Walfield <neal@g10code.de>
+
+ * gpg-agent.c (main): Use sigaction, not signal.
+
+2002-09-03 Neal H. Walfield <neal@g10code.de>
+
+ * findkey.c: Include <fcntl.h>.
+ (agent_write_private_key): Prefer POSIX compatibity, open and
+ fdopen, over the simplicity of GNU extensions, fopen(file, "x").
+
+2002-08-22 Werner Koch <wk@gnupg.org>
+
+ * query.c (agent_askpin): Provide the default desc text depending
+ on the pininfo. Do the basic PIN verification only when
+ min_digits is set.
+
+2002-08-21 Werner Koch <wk@gnupg.org>
+
+ * query.c (agent_askpin): Hack to show the right default prompt.
+ (agent_get_passphrase): Ditto.
+
+ * trans.c: Removed and replaced all usages with standard _()
+
+ * divert-scd.c (getpin_cb): Pass a more descritive text to the
+ pinentry.
+
+ * Makefile.am: Renamed the binary protect-tool to gpg-protect-tool.
+ * protect-tool.c: Removed the note about internal use only.
+
+ * gpg-agent.c (main): New option --daemon so that the program is
+ not accidently started in the background.
+
+2002-08-16 Werner Koch <wk@gnupg.org>
+
+ * call-scd.c (learn_status_cb): Handle CERTINFO status.
+ (agent_card_learn): Add args for certinfo cb.
+ * learncard.c (release_certinfo,certinfo_cb): New.
+ (send_cert_back): New. With factored out code from ..
+ (agent_handle_learn): here. Return certinfo stuff.
+
+2002-07-26 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (main): New option --ignore-cache-for-signing.
+ * command.c (option_handler): New server option
+ use-cache-for-signing defaulting to true.
+ (cmd_pksign): handle global and per session option.
+ * findkey.c (agent_key_from_file, unprotect): New arg
+ ignore_cache. Changed all callers.
+ * pksign.c (agent_pksign): Likewise.
+
+2002-06-29 Werner Koch <wk@gnupg.org>
+
+ * query.c (start_pinentry): Use GNUPG_DERAULT_PINENTRY.
+ * call-scd.c (start_scd): Use GNUPG_DEFAULT_SCDAEMON.
+
+2002-06-28 Werner Koch <wk@gnupg.org>
+
+ * protect-tool.c (export_p12_file): New.
+ (main): New command --p12-export.
+ * minip12.c (create_final,p12_build,compute_tag_length): New.
+ (store_tag_length): New.
+
+2002-06-27 Werner Koch <wk@gnupg.org>
+
+ * minip12.c (crypt_block): Renamed from decrypt_block, add arg to
+ allow encryption.
+
+ * Makefile.am (pkglib_PROGRAMS): Put protect-tool there.
+
+ * findkey.c (agent_write_private_key,agent_key_from_file)
+ (agent_key_available): Use GNUPG_PRIVATE_KEYS_DIR constant.
+ * gpg-agent.c (main): Use GNUPG_DEFAULT_HOMEDIR constant.
+
+ * protect-tool.c (store_private_key): New.
+ (import_p12_file): Store the new file if requested.
+ (main): New options --force and --store.
+
+ * gpg-agent.c (main): Set a global flag when running detached.
+ * query.c (start_pinentry): Pass the list of FD to keep in the
+ child when not running detached.
+ * call-scd.c (start_scd): Ditto.
+
+2002-06-26 Werner Koch <wk@gnupg.org>
+
+ * command.c (cmd_istrusted, cmd_listtrusted, cmd_marktrusted)
+ (cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_get_passphrase)
+ (cmd_learn): Print an error message for a failed operation.
+
+ * simple-pwquery.c, simple-pwquery.h: New.
+ * protect-tool. (get_passphrase): New, used to get a passphrase
+ from the agent if none was given on the command line.
+
+2002-06-25 Werner Koch <wk@gnupg.org>
+
+ * protect-tool.c (rsa_key_check): New.
+ (import_p12_file): New.
+ (main): New command --p12-import.
+ * minip12.c, minip12.h: New.
+
+2002-06-24 Werner Koch <wk@gnupg.org>
+
+ * protect-tool.c (read_file): New.
+ (read_key): Factored most code out to read_file.
+
+2002-06-17 Werner Koch <wk@gnupg.org>
+
+ * agent.h: Add a callback function to the pin_entry_info structure.
+ * query.c (agent_askpin): Use the callback to check for a correct
+ PIN. Removed the start_err_text argument because it is not
+ anymore needed; changed callers.
+ * findkey.c (unprotect): Replace our own check loop by a callback.
+ (try_unprotect_cb): New.
+ * genkey.c (reenter_compare_cb): New.
+ (agent_genkey): Use this callback here. Fixed setting of the pi2
+ variable and a segv in case of an empty PIN.
+
+ * divert-scd.c (getpin_cb): Removed some unused stuff and
+ explained what we still have to change.
+
+2002-06-12 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (main): New option --disable-pth.
+
+2002-06-11 Werner Koch <wk@gnupg.org>
+
+ * protect-tool.c: Add command --show-keygrip
+ (show_keygrip): New.
+
+2002-05-23 Werner Koch <wk@gnupg.org>
+
+ * call-scd.c: Seirialized all scdaeom access when using Pth.
+
+ * cache.c: Made the cache Pth-thread-safe.
+ (agent_unlock_cache_entry): New.
+ * findkey.c (unprotect): Unlock the returned cache value.
+ * command.c (cmd_get_passphrase): Ditto.
+
+ * gpg-agent.c (main): Register pth_read/write with Assuan.
+
+2002-05-22 Werner Koch <wk@gnupg.org>
+
+ * query.c: Serialized all pinentry access when using Pth.
+
+ * gpg-agent.c (handle_signal,start_connection_thread)
+ (handle_connections): New
+ (main): Use the new Pth stuff to allow concurrent connections.
+ * command.c (start_command_handler): Add new arg FD so that the
+ fucntion can also be used for an already connected socket.
+ * Makefile.am: Link with Pth.
+
+2002-05-14 Werner Koch <wk@gnupg.org>
+
+ * cache.c (housekeeping, agent_put_cache): Use our time() wrapper.
+
+2002-04-26 Werner Koch <wk@gnupg.org>
+
+ * cache.c (agent_put_cache): Reinitialize the creation time and
+ the ttl when reusing a slot.
+
+ * call-scd.c (start_scd): Print debug messages only with debug
+ flags set.
+ * query.c (start_pinentry): Ditto.
+
+2002-04-25 Marcus Brinkmann <marcus@g10code.de>
+
+ * agent.h (agent_get_confirmation): Replace paramter prompt with
+ two parameters ok and cancel.
+ * query.c (agent_get_confirmation): Likewise. Implement this.
+ * trustlist.c (agent_marktrusted): Fix invocation of
+ agent_get_confirmation.
+ * divert-scd.c (ask_for_card): Likewise.
+
+2002-04-24 Marcus Brinkmann <marcus@g10code.de>
+
+ * agent.h (struct opt): Add members display, ttyname, ttytype,
+ lc_ctype, and lc_messages.
+ * gpg-agent.c (enum cmd_and_opt_values): Add oDisplay, oTTYname,
+ oTTYtype, oLCctype, and LCmessages.
+ (main): Handle these options.
+ * command.c (option_handler): New function.
+ (register_commands): Register option handler.
+ * query.c (start_pinentry): Pass the various display and tty
+ options to the pinentry.
+
+2002-04-05 Werner Koch <wk@gnupg.org>
+
+ * protect-tool.c (show_file): New. Used as default action.
+
+2002-03-28 Werner Koch <wk@gnupg.org>
+
+ * divert-scd.c (encode_md_for_card): Don't do the pkcs-1 padding,
+ the scdaemon should take care of it.
+ (ask_for_card): Hack to not display the trailing zero.
+
+2002-03-11 Werner Koch <wk@gnupg.org>
+
+ * learncard.c (kpinfo_cb): Remove the content restrictions from
+ the keyID.
+
+2002-03-06 Werner Koch <wk@gnupg.org>
+
+ * learncard.c: New.
+ * divert-scd.c (ask_for_card): The serial number is binary so
+ convert it to hex here.
+ * findkey.c (agent_write_private_key): New.
+ * genkey.c (store_key): And use it here.
+
+ * pkdecrypt.c (agent_pkdecrypt): Changed the way the diversion is done.
+ * divert-scd.c (divert_pkdecrypt): Changed interface and
+ implemented it.
+
+2002-03-05 Werner Koch <wk@gnupg.org>
+
+ * call-scd.c (inq_needpin): New.
+ (agent_card_pksign): Add getpin_cb args.
+ (agent_card_pkdecrypt): New.
+
+2002-03-04 Werner Koch <wk@gnupg.org>
+
+ * pksign.c (agent_pksign): Changed how the diversion is done.
+ * divert-scd.c (divert_pksign): Changed interface and implemented it.
+ (encode_md_for_card): New.
+ * call-scd.c (agent_card_pksign): New.
+
+2002-02-28 Werner Koch <wk@gnupg.org>
+
+ * pksign.c (agent_pksign): Detect whether a Smartcard is to be
+ used and divert the operation in this case.
+ * pkdecrypt.c (agent_pkdecrypt): Likewise
+ * findkey.c (agent_key_from_file): Add optional arg shadow_info
+ and have it return information about a shadowed key.
+ * protect.c (agent_get_shadow_info): New.
+
+ * protect.c (snext,sskip,smatch): Moved to
+ * sexp-parse.h: New file.
+ * divert-scd.c: New.
+
+2002-02-27 Werner Koch <wk@gnupg.org>
+
+ * protect.c (agent_shadow_key): New.
+
+ * command.c (cmd_learn): New command LEARN.
+ * gpg-agent.c: New option --scdaemon-program.
+ * call-scd.c (start_scd): New. Based on query.c
+ * query.c: Add 2 more arguments to all uses of assuan_transact.
+
+2002-02-18 Werner Koch <wk@gnupg.org>
+
+ * findkey.c (unprotect): Show an error message for a bad passphrase.
+
+ * command.c (cmd_marktrusted): Implemented.
+ * trustlist.c (agent_marktrusted): New.
+ (open_list): Add APPEND arg.
+
+ * query.c (agent_get_confirmation): New.
+
+2002-02-06 Werner Koch <wk@gnupg.org>
+
+ * cache.c (housekeeping): Fixed linking in the remove case.
+
+2002-02-01 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c: New option --default-cache-ttl.
+ * cache.c (agent_put_cache): Use it.
+
+ * cache.c: Add a few debug outputs.
+
+ * protect.c (agent_private_key_type): New.
+ * agent.h: Add PRIVATE_KEY_ enums.
+ * findkey.c (agent_key_from_file): Use it to decide whether we
+ have to unprotect a key.
+ (unprotect): Cache the passphrase.
+
+ * findkey.c (agent_key_from_file,agent_key_available): The key
+ files do now require a ".key" suffix to make a script's life
+ easier.
+ * genkey.c (store_key): Ditto.
+
+2002-01-31 Werner Koch <wk@gnupg.org>
+
+ * genkey.c (store_key): Protect the key.
+ (agent_genkey): Ask for the passphrase.
+ * findkey.c (unprotect): Actually unprotect the key.
+ * query.c (agent_askpin): Add an optional start_err_text.
+
+2002-01-30 Werner Koch <wk@gnupg.org>
+
+ * protect.c: New.
+ (hash_passphrase): Based on the GnuPG 1.0.6 version.
+ * protect-tool.c: New
+
+2002-01-29 Werner Koch <wk@gnupg.org>
+
+ * findkey.c (agent_key_available): New.
+ * command.c (cmd_havekey): New.
+ (register_commands): And register new command.
+
+2002-01-20 Werner Koch <wk@gnupg.org>
+
+ * command.c (cmd_get_passphrase): Remove the plus signs.
+
+ * query.c (start_pinentry): Send no-grab option to pinentry
+ * gpg-agent.c (main): Move variable grab as no_grab to agent.h.
+
+2002-01-19 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (main): Disable core dumps.
+
+ * cache.c: New.
+ * command.c (cmd_get_passphrase): Use the cache.
+ (cmd_clear_passphrase): Ditto.
+
+ * gpg-agent.c: Removed unused cruft and implement the socket
+ based server.
+ (my_strusage): Take bug report address from configure.ac.
+ * command.c (start_command_handler): Add an argument to start as
+ regular server.
+ (start_command_handler): Enable Assuan logging.
+
+2002-01-15 Werner Koch <wk@gnupg.org>
+
+ * trustlist.c: New.
+ * command.c (cmd_istrusted, cmd_listtrusted, cmd_marktrusted): New.
+
+2002-01-07 Werner Koch <wk@gnupg.org>
+
+ * genkey.c: Store the secret part and return the public part.
+
+2002-01-03 Werner Koch <wk@gnupg.org>
+
+ * command.c (cmd_get_passphrase): New.
+ (cmd_clear_passphrase): New.
+ * query.c (agent_get_passphrase): New.
+
+2002-01-02 Werner Koch <wk@gnupg.org>
+
+ * genkey.c: New.
+ * command.c (cmd_genkey): New.
+
+ * command.c (rc_to_assuan_status): Removed and changed all callers
+ to use map_to_assuan_status.
+
+2001-12-19 Werner Koch <wk@gnupg.org>
+
+ * keyformat.txt: New.
+
+2001-12-19 Marcus Brinkmann <marcus@g10code.de>
+
+ * query.c (start_pinentry): Add new argument to assuan_pipe_connect.
+
+2001-12-18 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am: Use LIBGCRYPT macros
+
+2001-12-14 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (main): New option --batch. New option --debug-wait
+ n, so that it is possible to attach gdb when used in server mode.
+ * query.c (agent_askpin): Don't ask in batch mode.
+
+ * command.c: Removed the conversion macros as they are now in
+ ../common/util.h.
+
+2001-12-14 Marcus Brinkmann <marcus@g10code.de>
+
+ * query.c (LINELENGTH): Removed.
+ (agent_askpin): Use ASSUAN_LINELENGTH, not LINELENGTH.
+
+2001-11-19 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c: Removed all GUI code, removed code for old
+ protocol. New code to use the Assuan protocol as a server and
+ also to communicate with a new ask-passphrase utility.
+
+2000-11-22 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.c (main): csh support by Dan Winship, new options --sh
+ and --csh and set default by consulting $SHELL.
+
+Mon Aug 21 17:59:17 CEST 2000 Werner Koch <wk@openit.de>
+
+ * gpg-agent.c (passphrase_dialog): Cleanup the window and added the
+ user supplied text to the window.
+ (main): Fixed segv in gtk_init when used without a command to start.
+
+ * gpg-agent.c: --flush option.
+ (req_flush): New.
+ (req_clear_passphrase): Implemented.
+
+Fri Aug 18 14:27:14 CEST 2000 Werner Koch <wk@openit.de>
+
+ * gpg-agent.c: New.
+ * Makefile.am: New.
+
+
+ Copyright 2001, 2002, 2003, 2004, 2005,
+ 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/agent/Makefile.am b/agent/Makefile.am
new file mode 100644
index 0000000..cc8a22a
--- /dev/null
+++ b/agent/Makefile.am
@@ -0,0 +1,110 @@
+# Copyright (C) 2001, 2003, 2004, 2005 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+## Process this file with automake to produce Makefile.in
+
+bin_PROGRAMS = gpg-agent
+libexec_PROGRAMS = gpg-protect-tool gpg-preset-passphrase
+noinst_PROGRAMS = $(TESTS)
+
+# EXTRA_DIST = gpg-agent.ico gpg-agent-resource.rc
+EXTRA_DIST = ChangeLog-2011
+
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl
+
+include $(top_srcdir)/am/cmacros.am
+
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+
+gpg_agent_SOURCES = \
+ gpg-agent.c agent.h \
+ command.c command-ssh.c \
+ call-pinentry.c \
+ cache.c \
+ trans.c \
+ findkey.c \
+ pksign.c \
+ pkdecrypt.c \
+ genkey.c \
+ protect.c \
+ trustlist.c \
+ divert-scd.c \
+ call-scd.c \
+ learncard.c
+
+common_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a
+commonpth_libs = $(libcommonpth) ../jnlib/libjnlib.a ../gl/libgnu.a
+pwquery_libs = ../common/libsimple-pwquery.a
+
+#if HAVE_W32_SYSTEM
+#.rc.o:
+# $(WINDRES) `echo $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) | \
+# sed -e 's/-I/--include-dir /g;s/-D/--define /g'` -i $< -o $@
+#
+#gpg_agent_res_ldflags = -Wl,gpg-agent-resource.o -Wl,--subsystem,windows
+#gpg_agent_res_deps = gpg-agent-resource.o
+#else
+gpg_agent_res_ldflags =
+gpg_agent_res_deps =
+#endif
+
+
+gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
+gpg_agent_LDADD = $(commonpth_libs) \
+ $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(PTH_LIBS) \
+ $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV)
+gpg_agent_LDFLAGS = $(gpg_agent_res_ldflags)
+gpg_agent_DEPENDENCIES = $(gpg_agent_res_deps)
+
+gpg_protect_tool_SOURCES = \
+ protect-tool.c \
+ protect.c \
+ minip12.c minip12.h
+
+gpg_protect_tool_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS)
+gpg_protect_tool_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) \
+ $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV)
+
+gpg_preset_passphrase_SOURCES = \
+ preset-passphrase.c
+
+# Needs $(NETLIBS) for libsimple-pwquery.la.
+gpg_preset_passphrase_LDADD = \
+ $(pwquery_libs) $(common_libs) \
+ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV)
+
+
+# Make sure that all libs are build before we use them. This is
+# important for things like make -j2.
+$(PROGRAMS): $(common_libs) $(commonpth_libs) $(pwquery_libs)
+
+
+
+#
+# Module tests
+#
+TESTS = t-protect
+
+t_common_ldadd = $(common_libs) \
+ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV)
+
+t_protect_SOURCES = t-protect.c protect.c
+t_protect_LDADD = $(t_common_ldadd)
+
+
+
+
diff --git a/agent/Makefile.in b/agent/Makefile.in
new file mode 100644
index 0000000..e8aa48f
--- /dev/null
+++ b/agent/Makefile.in
@@ -0,0 +1,1164 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2001, 2003, 2004, 2005 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+# cmacros.am - C macro definitions
+# Copyright (C) 2004 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+bin_PROGRAMS = gpg-agent$(EXEEXT)
+libexec_PROGRAMS = gpg-protect-tool$(EXEEXT) \
+ gpg-preset-passphrase$(EXEEXT)
+noinst_PROGRAMS = $(am__EXEEXT_1)
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/am/cmacros.am
+@HAVE_DOSISH_SYSTEM_FALSE@am__append_1 = -DGNUPG_BINDIR="\"$(bindir)\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBEXECDIR="\"$(libexecdir)\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_DATADIR="\"$(datadir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\""
+
+
+# If a specific protect tool program has been defined, pass its name
+# to cc. Note that these macros should not be used directly but via
+# the gnupg_module_name function.
+@GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
+@GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
+@GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+TESTS = t-protect$(EXEEXT)
+subdir = agent
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)"
+am__EXEEXT_1 = t-protect$(EXEEXT)
+PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS)
+am_gpg_agent_OBJECTS = gpg_agent-gpg-agent.$(OBJEXT) \
+ gpg_agent-command.$(OBJEXT) gpg_agent-command-ssh.$(OBJEXT) \
+ gpg_agent-call-pinentry.$(OBJEXT) gpg_agent-cache.$(OBJEXT) \
+ gpg_agent-trans.$(OBJEXT) gpg_agent-findkey.$(OBJEXT) \
+ gpg_agent-pksign.$(OBJEXT) gpg_agent-pkdecrypt.$(OBJEXT) \
+ gpg_agent-genkey.$(OBJEXT) gpg_agent-protect.$(OBJEXT) \
+ gpg_agent-trustlist.$(OBJEXT) gpg_agent-divert-scd.$(OBJEXT) \
+ gpg_agent-call-scd.$(OBJEXT) gpg_agent-learncard.$(OBJEXT)
+gpg_agent_OBJECTS = $(am_gpg_agent_OBJECTS)
+am__DEPENDENCIES_1 =
+gpg_agent_LINK = $(CCLD) $(gpg_agent_CFLAGS) $(CFLAGS) \
+ $(gpg_agent_LDFLAGS) $(LDFLAGS) -o $@
+am_gpg_preset_passphrase_OBJECTS = preset-passphrase.$(OBJEXT)
+gpg_preset_passphrase_OBJECTS = $(am_gpg_preset_passphrase_OBJECTS)
+gpg_preset_passphrase_DEPENDENCIES = $(pwquery_libs) $(common_libs) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am_gpg_protect_tool_OBJECTS = gpg_protect_tool-protect-tool.$(OBJEXT) \
+ gpg_protect_tool-protect.$(OBJEXT) \
+ gpg_protect_tool-minip12.$(OBJEXT)
+gpg_protect_tool_OBJECTS = $(am_gpg_protect_tool_OBJECTS)
+gpg_protect_tool_DEPENDENCIES = $(common_libs) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+gpg_protect_tool_LINK = $(CCLD) $(gpg_protect_tool_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+am_t_protect_OBJECTS = t-protect.$(OBJEXT) protect.$(OBJEXT)
+t_protect_OBJECTS = $(am_t_protect_OBJECTS)
+am__DEPENDENCIES_2 = $(common_libs) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+t_protect_DEPENDENCIES = $(am__DEPENDENCIES_2)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/scripts/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(gpg_agent_SOURCES) $(gpg_preset_passphrase_SOURCES) \
+ $(gpg_protect_tool_SOURCES) $(t_protect_SOURCES)
+DIST_SOURCES = $(gpg_agent_SOURCES) $(gpg_preset_passphrase_SOURCES) \
+ $(gpg_protect_tool_SOURCES) $(t_protect_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors = \
+red=; grn=; lgn=; blu=; std=
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = $(datadir)/locale
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+
+# EXTRA_DIST = gpg-agent.ico gpg-agent-resource.rc
+EXTRA_DIST = ChangeLog-2011
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common \
+ -I$(top_srcdir)/intl -DLOCALEDIR=\"$(localedir)\" \
+ $(am__append_1) $(am__append_2) $(am__append_3) \
+ $(am__append_4) $(am__append_5) $(am__append_6)
+
+# Convenience macros
+libcommon = ../common/libcommon.a
+libcommonpth = ../common/libcommonpth.a
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+gpg_agent_SOURCES = \
+ gpg-agent.c agent.h \
+ command.c command-ssh.c \
+ call-pinentry.c \
+ cache.c \
+ trans.c \
+ findkey.c \
+ pksign.c \
+ pkdecrypt.c \
+ genkey.c \
+ protect.c \
+ trustlist.c \
+ divert-scd.c \
+ call-scd.c \
+ learncard.c
+
+common_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a
+commonpth_libs = $(libcommonpth) ../jnlib/libjnlib.a ../gl/libgnu.a
+pwquery_libs = ../common/libsimple-pwquery.a
+
+#if HAVE_W32_SYSTEM
+#.rc.o:
+# $(WINDRES) `echo $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) | \
+# sed -e 's/-I/--include-dir /g;s/-D/--define /g'` -i $< -o $@
+#
+#gpg_agent_res_ldflags = -Wl,gpg-agent-resource.o -Wl,--subsystem,windows
+#gpg_agent_res_deps = gpg-agent-resource.o
+#else
+gpg_agent_res_ldflags =
+gpg_agent_res_deps =
+#endif
+gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
+gpg_agent_LDADD = $(commonpth_libs) \
+ $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(PTH_LIBS) \
+ $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV)
+
+gpg_agent_LDFLAGS = $(gpg_agent_res_ldflags)
+gpg_agent_DEPENDENCIES = $(gpg_agent_res_deps)
+gpg_protect_tool_SOURCES = \
+ protect-tool.c \
+ protect.c \
+ minip12.c minip12.h
+
+gpg_protect_tool_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS)
+gpg_protect_tool_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) \
+ $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV)
+
+gpg_preset_passphrase_SOURCES = \
+ preset-passphrase.c
+
+
+# Needs $(NETLIBS) for libsimple-pwquery.la.
+gpg_preset_passphrase_LDADD = \
+ $(pwquery_libs) $(common_libs) \
+ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV)
+
+t_common_ldadd = $(common_libs) \
+ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV)
+
+t_protect_SOURCES = t-protect.c protect.c
+t_protect_LDADD = $(t_common_ldadd)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/am/cmacros.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu agent/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu agent/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(bindir)" && rm -f $$files
+
+clean-binPROGRAMS:
+ -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(libexecdir)" && rm -f $$files
+
+clean-libexecPROGRAMS:
+ -test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
+
+clean-noinstPROGRAMS:
+ -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
+gpg-agent$(EXEEXT): $(gpg_agent_OBJECTS) $(gpg_agent_DEPENDENCIES)
+ @rm -f gpg-agent$(EXEEXT)
+ $(gpg_agent_LINK) $(gpg_agent_OBJECTS) $(gpg_agent_LDADD) $(LIBS)
+gpg-preset-passphrase$(EXEEXT): $(gpg_preset_passphrase_OBJECTS) $(gpg_preset_passphrase_DEPENDENCIES)
+ @rm -f gpg-preset-passphrase$(EXEEXT)
+ $(LINK) $(gpg_preset_passphrase_OBJECTS) $(gpg_preset_passphrase_LDADD) $(LIBS)
+gpg-protect-tool$(EXEEXT): $(gpg_protect_tool_OBJECTS) $(gpg_protect_tool_DEPENDENCIES)
+ @rm -f gpg-protect-tool$(EXEEXT)
+ $(gpg_protect_tool_LINK) $(gpg_protect_tool_OBJECTS) $(gpg_protect_tool_LDADD) $(LIBS)
+t-protect$(EXEEXT): $(t_protect_OBJECTS) $(t_protect_DEPENDENCIES)
+ @rm -f t-protect$(EXEEXT)
+ $(LINK) $(t_protect_OBJECTS) $(t_protect_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-cache.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-call-pinentry.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-call-scd.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-command-ssh.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-command.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-divert-scd.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-findkey.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-genkey.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-gpg-agent.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-learncard.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-pkdecrypt.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-pksign.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-protect.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-trans.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-trustlist.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_protect_tool-minip12.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_protect_tool-protect-tool.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_protect_tool-protect.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/preset-passphrase.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protect.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-protect.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+gpg_agent-gpg-agent.o: gpg-agent.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-gpg-agent.o -MD -MP -MF $(DEPDIR)/gpg_agent-gpg-agent.Tpo -c -o gpg_agent-gpg-agent.o `test -f 'gpg-agent.c' || echo '$(srcdir)/'`gpg-agent.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-gpg-agent.Tpo $(DEPDIR)/gpg_agent-gpg-agent.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpg-agent.c' object='gpg_agent-gpg-agent.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-gpg-agent.o `test -f 'gpg-agent.c' || echo '$(srcdir)/'`gpg-agent.c
+
+gpg_agent-gpg-agent.obj: gpg-agent.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-gpg-agent.obj -MD -MP -MF $(DEPDIR)/gpg_agent-gpg-agent.Tpo -c -o gpg_agent-gpg-agent.obj `if test -f 'gpg-agent.c'; then $(CYGPATH_W) 'gpg-agent.c'; else $(CYGPATH_W) '$(srcdir)/gpg-agent.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-gpg-agent.Tpo $(DEPDIR)/gpg_agent-gpg-agent.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpg-agent.c' object='gpg_agent-gpg-agent.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-gpg-agent.obj `if test -f 'gpg-agent.c'; then $(CYGPATH_W) 'gpg-agent.c'; else $(CYGPATH_W) '$(srcdir)/gpg-agent.c'; fi`
+
+gpg_agent-command.o: command.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-command.o -MD -MP -MF $(DEPDIR)/gpg_agent-command.Tpo -c -o gpg_agent-command.o `test -f 'command.c' || echo '$(srcdir)/'`command.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-command.Tpo $(DEPDIR)/gpg_agent-command.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='command.c' object='gpg_agent-command.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-command.o `test -f 'command.c' || echo '$(srcdir)/'`command.c
+
+gpg_agent-command.obj: command.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-command.obj -MD -MP -MF $(DEPDIR)/gpg_agent-command.Tpo -c -o gpg_agent-command.obj `if test -f 'command.c'; then $(CYGPATH_W) 'command.c'; else $(CYGPATH_W) '$(srcdir)/command.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-command.Tpo $(DEPDIR)/gpg_agent-command.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='command.c' object='gpg_agent-command.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-command.obj `if test -f 'command.c'; then $(CYGPATH_W) 'command.c'; else $(CYGPATH_W) '$(srcdir)/command.c'; fi`
+
+gpg_agent-command-ssh.o: command-ssh.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-command-ssh.o -MD -MP -MF $(DEPDIR)/gpg_agent-command-ssh.Tpo -c -o gpg_agent-command-ssh.o `test -f 'command-ssh.c' || echo '$(srcdir)/'`command-ssh.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-command-ssh.Tpo $(DEPDIR)/gpg_agent-command-ssh.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='command-ssh.c' object='gpg_agent-command-ssh.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-command-ssh.o `test -f 'command-ssh.c' || echo '$(srcdir)/'`command-ssh.c
+
+gpg_agent-command-ssh.obj: command-ssh.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-command-ssh.obj -MD -MP -MF $(DEPDIR)/gpg_agent-command-ssh.Tpo -c -o gpg_agent-command-ssh.obj `if test -f 'command-ssh.c'; then $(CYGPATH_W) 'command-ssh.c'; else $(CYGPATH_W) '$(srcdir)/command-ssh.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-command-ssh.Tpo $(DEPDIR)/gpg_agent-command-ssh.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='command-ssh.c' object='gpg_agent-command-ssh.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-command-ssh.obj `if test -f 'command-ssh.c'; then $(CYGPATH_W) 'command-ssh.c'; else $(CYGPATH_W) '$(srcdir)/command-ssh.c'; fi`
+
+gpg_agent-call-pinentry.o: call-pinentry.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-call-pinentry.o -MD -MP -MF $(DEPDIR)/gpg_agent-call-pinentry.Tpo -c -o gpg_agent-call-pinentry.o `test -f 'call-pinentry.c' || echo '$(srcdir)/'`call-pinentry.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-call-pinentry.Tpo $(DEPDIR)/gpg_agent-call-pinentry.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='call-pinentry.c' object='gpg_agent-call-pinentry.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-call-pinentry.o `test -f 'call-pinentry.c' || echo '$(srcdir)/'`call-pinentry.c
+
+gpg_agent-call-pinentry.obj: call-pinentry.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-call-pinentry.obj -MD -MP -MF $(DEPDIR)/gpg_agent-call-pinentry.Tpo -c -o gpg_agent-call-pinentry.obj `if test -f 'call-pinentry.c'; then $(CYGPATH_W) 'call-pinentry.c'; else $(CYGPATH_W) '$(srcdir)/call-pinentry.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-call-pinentry.Tpo $(DEPDIR)/gpg_agent-call-pinentry.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='call-pinentry.c' object='gpg_agent-call-pinentry.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-call-pinentry.obj `if test -f 'call-pinentry.c'; then $(CYGPATH_W) 'call-pinentry.c'; else $(CYGPATH_W) '$(srcdir)/call-pinentry.c'; fi`
+
+gpg_agent-cache.o: cache.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-cache.o -MD -MP -MF $(DEPDIR)/gpg_agent-cache.Tpo -c -o gpg_agent-cache.o `test -f 'cache.c' || echo '$(srcdir)/'`cache.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-cache.Tpo $(DEPDIR)/gpg_agent-cache.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='cache.c' object='gpg_agent-cache.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-cache.o `test -f 'cache.c' || echo '$(srcdir)/'`cache.c
+
+gpg_agent-cache.obj: cache.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-cache.obj -MD -MP -MF $(DEPDIR)/gpg_agent-cache.Tpo -c -o gpg_agent-cache.obj `if test -f 'cache.c'; then $(CYGPATH_W) 'cache.c'; else $(CYGPATH_W) '$(srcdir)/cache.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-cache.Tpo $(DEPDIR)/gpg_agent-cache.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='cache.c' object='gpg_agent-cache.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-cache.obj `if test -f 'cache.c'; then $(CYGPATH_W) 'cache.c'; else $(CYGPATH_W) '$(srcdir)/cache.c'; fi`
+
+gpg_agent-trans.o: trans.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-trans.o -MD -MP -MF $(DEPDIR)/gpg_agent-trans.Tpo -c -o gpg_agent-trans.o `test -f 'trans.c' || echo '$(srcdir)/'`trans.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-trans.Tpo $(DEPDIR)/gpg_agent-trans.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='trans.c' object='gpg_agent-trans.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-trans.o `test -f 'trans.c' || echo '$(srcdir)/'`trans.c
+
+gpg_agent-trans.obj: trans.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-trans.obj -MD -MP -MF $(DEPDIR)/gpg_agent-trans.Tpo -c -o gpg_agent-trans.obj `if test -f 'trans.c'; then $(CYGPATH_W) 'trans.c'; else $(CYGPATH_W) '$(srcdir)/trans.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-trans.Tpo $(DEPDIR)/gpg_agent-trans.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='trans.c' object='gpg_agent-trans.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-trans.obj `if test -f 'trans.c'; then $(CYGPATH_W) 'trans.c'; else $(CYGPATH_W) '$(srcdir)/trans.c'; fi`
+
+gpg_agent-findkey.o: findkey.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-findkey.o -MD -MP -MF $(DEPDIR)/gpg_agent-findkey.Tpo -c -o gpg_agent-findkey.o `test -f 'findkey.c' || echo '$(srcdir)/'`findkey.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-findkey.Tpo $(DEPDIR)/gpg_agent-findkey.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='findkey.c' object='gpg_agent-findkey.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-findkey.o `test -f 'findkey.c' || echo '$(srcdir)/'`findkey.c
+
+gpg_agent-findkey.obj: findkey.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-findkey.obj -MD -MP -MF $(DEPDIR)/gpg_agent-findkey.Tpo -c -o gpg_agent-findkey.obj `if test -f 'findkey.c'; then $(CYGPATH_W) 'findkey.c'; else $(CYGPATH_W) '$(srcdir)/findkey.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-findkey.Tpo $(DEPDIR)/gpg_agent-findkey.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='findkey.c' object='gpg_agent-findkey.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-findkey.obj `if test -f 'findkey.c'; then $(CYGPATH_W) 'findkey.c'; else $(CYGPATH_W) '$(srcdir)/findkey.c'; fi`
+
+gpg_agent-pksign.o: pksign.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-pksign.o -MD -MP -MF $(DEPDIR)/gpg_agent-pksign.Tpo -c -o gpg_agent-pksign.o `test -f 'pksign.c' || echo '$(srcdir)/'`pksign.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-pksign.Tpo $(DEPDIR)/gpg_agent-pksign.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pksign.c' object='gpg_agent-pksign.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-pksign.o `test -f 'pksign.c' || echo '$(srcdir)/'`pksign.c
+
+gpg_agent-pksign.obj: pksign.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-pksign.obj -MD -MP -MF $(DEPDIR)/gpg_agent-pksign.Tpo -c -o gpg_agent-pksign.obj `if test -f 'pksign.c'; then $(CYGPATH_W) 'pksign.c'; else $(CYGPATH_W) '$(srcdir)/pksign.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-pksign.Tpo $(DEPDIR)/gpg_agent-pksign.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pksign.c' object='gpg_agent-pksign.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-pksign.obj `if test -f 'pksign.c'; then $(CYGPATH_W) 'pksign.c'; else $(CYGPATH_W) '$(srcdir)/pksign.c'; fi`
+
+gpg_agent-pkdecrypt.o: pkdecrypt.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-pkdecrypt.o -MD -MP -MF $(DEPDIR)/gpg_agent-pkdecrypt.Tpo -c -o gpg_agent-pkdecrypt.o `test -f 'pkdecrypt.c' || echo '$(srcdir)/'`pkdecrypt.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-pkdecrypt.Tpo $(DEPDIR)/gpg_agent-pkdecrypt.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pkdecrypt.c' object='gpg_agent-pkdecrypt.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-pkdecrypt.o `test -f 'pkdecrypt.c' || echo '$(srcdir)/'`pkdecrypt.c
+
+gpg_agent-pkdecrypt.obj: pkdecrypt.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-pkdecrypt.obj -MD -MP -MF $(DEPDIR)/gpg_agent-pkdecrypt.Tpo -c -o gpg_agent-pkdecrypt.obj `if test -f 'pkdecrypt.c'; then $(CYGPATH_W) 'pkdecrypt.c'; else $(CYGPATH_W) '$(srcdir)/pkdecrypt.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-pkdecrypt.Tpo $(DEPDIR)/gpg_agent-pkdecrypt.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pkdecrypt.c' object='gpg_agent-pkdecrypt.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-pkdecrypt.obj `if test -f 'pkdecrypt.c'; then $(CYGPATH_W) 'pkdecrypt.c'; else $(CYGPATH_W) '$(srcdir)/pkdecrypt.c'; fi`
+
+gpg_agent-genkey.o: genkey.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-genkey.o -MD -MP -MF $(DEPDIR)/gpg_agent-genkey.Tpo -c -o gpg_agent-genkey.o `test -f 'genkey.c' || echo '$(srcdir)/'`genkey.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-genkey.Tpo $(DEPDIR)/gpg_agent-genkey.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='genkey.c' object='gpg_agent-genkey.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-genkey.o `test -f 'genkey.c' || echo '$(srcdir)/'`genkey.c
+
+gpg_agent-genkey.obj: genkey.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-genkey.obj -MD -MP -MF $(DEPDIR)/gpg_agent-genkey.Tpo -c -o gpg_agent-genkey.obj `if test -f 'genkey.c'; then $(CYGPATH_W) 'genkey.c'; else $(CYGPATH_W) '$(srcdir)/genkey.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-genkey.Tpo $(DEPDIR)/gpg_agent-genkey.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='genkey.c' object='gpg_agent-genkey.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-genkey.obj `if test -f 'genkey.c'; then $(CYGPATH_W) 'genkey.c'; else $(CYGPATH_W) '$(srcdir)/genkey.c'; fi`
+
+gpg_agent-protect.o: protect.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-protect.o -MD -MP -MF $(DEPDIR)/gpg_agent-protect.Tpo -c -o gpg_agent-protect.o `test -f 'protect.c' || echo '$(srcdir)/'`protect.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-protect.Tpo $(DEPDIR)/gpg_agent-protect.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protect.c' object='gpg_agent-protect.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-protect.o `test -f 'protect.c' || echo '$(srcdir)/'`protect.c
+
+gpg_agent-protect.obj: protect.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-protect.obj -MD -MP -MF $(DEPDIR)/gpg_agent-protect.Tpo -c -o gpg_agent-protect.obj `if test -f 'protect.c'; then $(CYGPATH_W) 'protect.c'; else $(CYGPATH_W) '$(srcdir)/protect.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-protect.Tpo $(DEPDIR)/gpg_agent-protect.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protect.c' object='gpg_agent-protect.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-protect.obj `if test -f 'protect.c'; then $(CYGPATH_W) 'protect.c'; else $(CYGPATH_W) '$(srcdir)/protect.c'; fi`
+
+gpg_agent-trustlist.o: trustlist.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-trustlist.o -MD -MP -MF $(DEPDIR)/gpg_agent-trustlist.Tpo -c -o gpg_agent-trustlist.o `test -f 'trustlist.c' || echo '$(srcdir)/'`trustlist.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-trustlist.Tpo $(DEPDIR)/gpg_agent-trustlist.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='trustlist.c' object='gpg_agent-trustlist.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-trustlist.o `test -f 'trustlist.c' || echo '$(srcdir)/'`trustlist.c
+
+gpg_agent-trustlist.obj: trustlist.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-trustlist.obj -MD -MP -MF $(DEPDIR)/gpg_agent-trustlist.Tpo -c -o gpg_agent-trustlist.obj `if test -f 'trustlist.c'; then $(CYGPATH_W) 'trustlist.c'; else $(CYGPATH_W) '$(srcdir)/trustlist.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-trustlist.Tpo $(DEPDIR)/gpg_agent-trustlist.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='trustlist.c' object='gpg_agent-trustlist.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-trustlist.obj `if test -f 'trustlist.c'; then $(CYGPATH_W) 'trustlist.c'; else $(CYGPATH_W) '$(srcdir)/trustlist.c'; fi`
+
+gpg_agent-divert-scd.o: divert-scd.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-divert-scd.o -MD -MP -MF $(DEPDIR)/gpg_agent-divert-scd.Tpo -c -o gpg_agent-divert-scd.o `test -f 'divert-scd.c' || echo '$(srcdir)/'`divert-scd.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-divert-scd.Tpo $(DEPDIR)/gpg_agent-divert-scd.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='divert-scd.c' object='gpg_agent-divert-scd.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-divert-scd.o `test -f 'divert-scd.c' || echo '$(srcdir)/'`divert-scd.c
+
+gpg_agent-divert-scd.obj: divert-scd.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-divert-scd.obj -MD -MP -MF $(DEPDIR)/gpg_agent-divert-scd.Tpo -c -o gpg_agent-divert-scd.obj `if test -f 'divert-scd.c'; then $(CYGPATH_W) 'divert-scd.c'; else $(CYGPATH_W) '$(srcdir)/divert-scd.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-divert-scd.Tpo $(DEPDIR)/gpg_agent-divert-scd.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='divert-scd.c' object='gpg_agent-divert-scd.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-divert-scd.obj `if test -f 'divert-scd.c'; then $(CYGPATH_W) 'divert-scd.c'; else $(CYGPATH_W) '$(srcdir)/divert-scd.c'; fi`
+
+gpg_agent-call-scd.o: call-scd.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-call-scd.o -MD -MP -MF $(DEPDIR)/gpg_agent-call-scd.Tpo -c -o gpg_agent-call-scd.o `test -f 'call-scd.c' || echo '$(srcdir)/'`call-scd.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-call-scd.Tpo $(DEPDIR)/gpg_agent-call-scd.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='call-scd.c' object='gpg_agent-call-scd.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-call-scd.o `test -f 'call-scd.c' || echo '$(srcdir)/'`call-scd.c
+
+gpg_agent-call-scd.obj: call-scd.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-call-scd.obj -MD -MP -MF $(DEPDIR)/gpg_agent-call-scd.Tpo -c -o gpg_agent-call-scd.obj `if test -f 'call-scd.c'; then $(CYGPATH_W) 'call-scd.c'; else $(CYGPATH_W) '$(srcdir)/call-scd.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-call-scd.Tpo $(DEPDIR)/gpg_agent-call-scd.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='call-scd.c' object='gpg_agent-call-scd.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-call-scd.obj `if test -f 'call-scd.c'; then $(CYGPATH_W) 'call-scd.c'; else $(CYGPATH_W) '$(srcdir)/call-scd.c'; fi`
+
+gpg_agent-learncard.o: learncard.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-learncard.o -MD -MP -MF $(DEPDIR)/gpg_agent-learncard.Tpo -c -o gpg_agent-learncard.o `test -f 'learncard.c' || echo '$(srcdir)/'`learncard.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-learncard.Tpo $(DEPDIR)/gpg_agent-learncard.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='learncard.c' object='gpg_agent-learncard.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-learncard.o `test -f 'learncard.c' || echo '$(srcdir)/'`learncard.c
+
+gpg_agent-learncard.obj: learncard.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-learncard.obj -MD -MP -MF $(DEPDIR)/gpg_agent-learncard.Tpo -c -o gpg_agent-learncard.obj `if test -f 'learncard.c'; then $(CYGPATH_W) 'learncard.c'; else $(CYGPATH_W) '$(srcdir)/learncard.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_agent-learncard.Tpo $(DEPDIR)/gpg_agent-learncard.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='learncard.c' object='gpg_agent-learncard.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-learncard.obj `if test -f 'learncard.c'; then $(CYGPATH_W) 'learncard.c'; else $(CYGPATH_W) '$(srcdir)/learncard.c'; fi`
+
+gpg_protect_tool-protect-tool.o: protect-tool.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -MT gpg_protect_tool-protect-tool.o -MD -MP -MF $(DEPDIR)/gpg_protect_tool-protect-tool.Tpo -c -o gpg_protect_tool-protect-tool.o `test -f 'protect-tool.c' || echo '$(srcdir)/'`protect-tool.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_protect_tool-protect-tool.Tpo $(DEPDIR)/gpg_protect_tool-protect-tool.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protect-tool.c' object='gpg_protect_tool-protect-tool.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -c -o gpg_protect_tool-protect-tool.o `test -f 'protect-tool.c' || echo '$(srcdir)/'`protect-tool.c
+
+gpg_protect_tool-protect-tool.obj: protect-tool.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -MT gpg_protect_tool-protect-tool.obj -MD -MP -MF $(DEPDIR)/gpg_protect_tool-protect-tool.Tpo -c -o gpg_protect_tool-protect-tool.obj `if test -f 'protect-tool.c'; then $(CYGPATH_W) 'protect-tool.c'; else $(CYGPATH_W) '$(srcdir)/protect-tool.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_protect_tool-protect-tool.Tpo $(DEPDIR)/gpg_protect_tool-protect-tool.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protect-tool.c' object='gpg_protect_tool-protect-tool.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -c -o gpg_protect_tool-protect-tool.obj `if test -f 'protect-tool.c'; then $(CYGPATH_W) 'protect-tool.c'; else $(CYGPATH_W) '$(srcdir)/protect-tool.c'; fi`
+
+gpg_protect_tool-protect.o: protect.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -MT gpg_protect_tool-protect.o -MD -MP -MF $(DEPDIR)/gpg_protect_tool-protect.Tpo -c -o gpg_protect_tool-protect.o `test -f 'protect.c' || echo '$(srcdir)/'`protect.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_protect_tool-protect.Tpo $(DEPDIR)/gpg_protect_tool-protect.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protect.c' object='gpg_protect_tool-protect.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -c -o gpg_protect_tool-protect.o `test -f 'protect.c' || echo '$(srcdir)/'`protect.c
+
+gpg_protect_tool-protect.obj: protect.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -MT gpg_protect_tool-protect.obj -MD -MP -MF $(DEPDIR)/gpg_protect_tool-protect.Tpo -c -o gpg_protect_tool-protect.obj `if test -f 'protect.c'; then $(CYGPATH_W) 'protect.c'; else $(CYGPATH_W) '$(srcdir)/protect.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_protect_tool-protect.Tpo $(DEPDIR)/gpg_protect_tool-protect.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protect.c' object='gpg_protect_tool-protect.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -c -o gpg_protect_tool-protect.obj `if test -f 'protect.c'; then $(CYGPATH_W) 'protect.c'; else $(CYGPATH_W) '$(srcdir)/protect.c'; fi`
+
+gpg_protect_tool-minip12.o: minip12.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -MT gpg_protect_tool-minip12.o -MD -MP -MF $(DEPDIR)/gpg_protect_tool-minip12.Tpo -c -o gpg_protect_tool-minip12.o `test -f 'minip12.c' || echo '$(srcdir)/'`minip12.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_protect_tool-minip12.Tpo $(DEPDIR)/gpg_protect_tool-minip12.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='minip12.c' object='gpg_protect_tool-minip12.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -c -o gpg_protect_tool-minip12.o `test -f 'minip12.c' || echo '$(srcdir)/'`minip12.c
+
+gpg_protect_tool-minip12.obj: minip12.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -MT gpg_protect_tool-minip12.obj -MD -MP -MF $(DEPDIR)/gpg_protect_tool-minip12.Tpo -c -o gpg_protect_tool-minip12.obj `if test -f 'minip12.c'; then $(CYGPATH_W) 'minip12.c'; else $(CYGPATH_W) '$(srcdir)/minip12.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_protect_tool-minip12.Tpo $(DEPDIR)/gpg_protect_tool-minip12.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='minip12.c' object='gpg_protect_tool-minip12.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -c -o gpg_protect_tool-minip12.obj `if test -f 'minip12.c'; then $(CYGPATH_W) 'minip12.c'; else $(CYGPATH_W) '$(srcdir)/minip12.c'; fi`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ echo "$$grn$$dashes"; \
+ else \
+ echo "$$red$$dashes"; \
+ fi; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes$$std"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
+ clean-noinstPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
+ clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
+ clean-noinstPROGRAMS ctags distclean distclean-compile \
+ distclean-generic distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-binPROGRAMS \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-libexecPROGRAMS \
+ install-man install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic pdf pdf-am \
+ ps ps-am tags uninstall uninstall-am uninstall-binPROGRAMS \
+ uninstall-libexecPROGRAMS
+
+
+# Make sure that all libs are build before we use them. This is
+# important for things like make -j2.
+$(PROGRAMS): $(common_libs) $(commonpth_libs) $(pwquery_libs)
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/agent/agent.h b/agent/agent.h
new file mode 100644
index 0000000..15cf8bf
--- /dev/null
+++ b/agent/agent.h
@@ -0,0 +1,373 @@
+/* agent.h - Global definitions for the agent
+ * Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef AGENT_H
+#define AGENT_H
+
+#ifdef GPG_ERR_SOURCE_DEFAULT
+#error GPG_ERR_SOURCE_DEFAULT already defined
+#endif
+#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GPGAGENT
+#include <gpg-error.h>
+#define map_assuan_err(a) \
+ map_assuan_err_with_source (GPG_ERR_SOURCE_DEFAULT, (a))
+#include <errno.h>
+
+#include <gcrypt.h>
+#include "../common/util.h"
+#include "../common/membuf.h"
+#include "../common/sysutils.h" /* (gnupg_fd_t) */
+#include "../common/session-env.h"
+
+/* To convey some special hash algorithms we use algorithm numbers
+ reserved for application use. */
+#ifndef GCRY_MODULE_ID_USER
+#define GCRY_MODULE_ID_USER 1024
+#endif
+#define MD_USER_TLS_MD5SHA1 (GCRY_MODULE_ID_USER+1)
+
+/* Maximum length of a digest. */
+#define MAX_DIGEST_LEN 64
+
+/* A large struct name "opt" to keep global flags */
+struct
+{
+ unsigned int debug; /* Debug flags (DBG_foo_VALUE) */
+ int verbose; /* Verbosity level */
+ int quiet; /* Be as quiet as possible */
+ int dry_run; /* Don't change any persistent data */
+ int batch; /* Batch mode */
+ const char *homedir; /* Configuration directory name */
+
+ /* Environment setting gathered at program start or changed using the
+ Assuan command UPDATESTARTUPTTY. */
+ session_env_t startup_env;
+ char *startup_lc_ctype;
+ char *startup_lc_messages;
+
+ /* True if we are listening on the standard socket. */
+ int use_standard_socket;
+
+ /* True if we handle sigusr2. */
+ int sigusr2_enabled;
+
+ const char *pinentry_program; /* Filename of the program to start as
+ pinentry. */
+ const char *scdaemon_program; /* Filename of the program to handle
+ smartcard tasks. */
+ int disable_scdaemon; /* Never use the SCdaemon. */
+ int no_grab; /* Don't let the pinentry grab the keyboard */
+
+ /* The name of the file pinentry shall tocuh before exiting. If
+ this is not set the filoe name of the standard socket is used. */
+ const char *pinentry_touch_file;
+
+ /* The default and maximum TTL of cache entries. */
+ unsigned long def_cache_ttl; /* Default. */
+ unsigned long def_cache_ttl_ssh; /* for SSH. */
+ unsigned long max_cache_ttl; /* Default. */
+ unsigned long max_cache_ttl_ssh; /* for SSH. */
+
+ /* Flag disallowing bypassing of the warning. */
+ int enforce_passphrase_constraints;
+ /* The require minmum length of a passphrase. */
+ unsigned int min_passphrase_len;
+ /* The minimum number of non-alpha characters in a passphrase. */
+ unsigned int min_passphrase_nonalpha;
+ /* File name with a patternfile or NULL if not enabled. */
+ const char *check_passphrase_pattern;
+ /* If not 0 the user is asked to change his passphrase after these
+ number of days. */
+ unsigned int max_passphrase_days;
+ /* If set, a passphrase history will be written and checked at each
+ passphrase change. */
+ int enable_passhrase_history;
+
+ int running_detached; /* We are running detached from the tty. */
+
+ int ignore_cache_for_signing;
+ int allow_mark_trusted;
+ int allow_preset_passphrase;
+ int keep_tty; /* Don't switch the TTY (for pinentry) on request */
+ int keep_display; /* Don't switch the DISPLAY (for pinentry) on request */
+ int ssh_support; /* Enable ssh-agent emulation. */
+} opt;
+
+
+#define DBG_COMMAND_VALUE 1 /* debug commands i/o */
+#define DBG_MPI_VALUE 2 /* debug mpi details */
+#define DBG_CRYPTO_VALUE 4 /* debug low level crypto */
+#define DBG_MEMORY_VALUE 32 /* debug memory allocation stuff */
+#define DBG_CACHE_VALUE 64 /* debug the caching */
+#define DBG_MEMSTAT_VALUE 128 /* show memory statistics */
+#define DBG_HASHING_VALUE 512 /* debug hashing operations */
+#define DBG_ASSUAN_VALUE 1024
+
+#define DBG_COMMAND (opt.debug & DBG_COMMAND_VALUE)
+#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
+#define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE)
+#define DBG_CACHE (opt.debug & DBG_CACHE_VALUE)
+#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
+#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE)
+
+struct server_local_s;
+struct scd_local_s;
+
+/* Collection of data per session (aka connection). */
+struct server_control_s
+{
+ /* Private data used to fire up the connection thread. We use this
+ structure do avoid an extra allocation for just a few bytes. */
+ struct {
+ gnupg_fd_t fd;
+ } thread_startup;
+
+ /* Private data of the server (command.c). */
+ struct server_local_s *server_local;
+
+ /* Private data of the SCdaemon (call-scd.c). */
+ struct scd_local_s *scd_local;
+
+ session_env_t session_env;
+ char *lc_ctype;
+ char *lc_messages;
+
+ struct {
+ int algo;
+ unsigned char value[MAX_DIGEST_LEN];
+ int valuelen;
+ int raw_value: 1;
+ } digest;
+ unsigned char keygrip[20];
+ int have_keygrip;
+
+ int use_auth_call; /* Hack to send the PKAUTH command instead of the
+ PKSIGN command to the scdaemon. */
+ int in_passwd; /* Hack to inhibit enforced passphrase change
+ during an explicit passwd command. */
+};
+
+
+struct pin_entry_info_s
+{
+ int min_digits; /* min. number of digits required or 0 for freeform entry */
+ int max_digits; /* max. number of allowed digits allowed*/
+ int max_tries;
+ int failed_tries;
+ int with_qualitybar; /* Set if the quality bar should be displayed. */
+ int (*check_cb)(struct pin_entry_info_s *); /* CB used to check the PIN */
+ void *check_cb_arg; /* optional argument which might be of use in the CB */
+ const char *cb_errtext; /* used by the cb to displaye a specific error */
+ size_t max_length; /* allocated length of the buffer */
+ char pin[1];
+};
+
+
+enum
+ {
+ PRIVATE_KEY_UNKNOWN = 0,
+ PRIVATE_KEY_CLEAR = 1,
+ PRIVATE_KEY_PROTECTED = 2,
+ PRIVATE_KEY_SHADOWED = 3
+ };
+
+
+/* Values for the cache_mode arguments. */
+typedef enum
+ {
+ CACHE_MODE_IGNORE = 0, /* Special mode to bypass the cache. */
+ CACHE_MODE_ANY, /* Any mode except ignore matches. */
+ CACHE_MODE_NORMAL, /* Normal cache (gpg-agent). */
+ CACHE_MODE_USER, /* GET_PASSPHRASE related cache. */
+ CACHE_MODE_SSH /* SSH related cache. */
+ }
+cache_mode_t;
+
+
+/* The type of a function to lookup a TTL by a keygrip. */
+typedef int (*lookup_ttl_t)(const char *hexgrip);
+
+
+/*-- gpg-agent.c --*/
+void agent_exit (int rc) JNLIB_GCC_A_NR; /* Also implemented in other tools */
+const char *get_agent_socket_name (void);
+const char *get_agent_ssh_socket_name (void);
+#ifdef HAVE_W32_SYSTEM
+void *get_agent_scd_notify_event (void);
+#endif
+void agent_sighup_action (void);
+
+/*-- command.c --*/
+gpg_error_t agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid);
+gpg_error_t agent_write_status (ctrl_t ctrl, const char *keyword, ...)
+ GNUPG_GCC_A_SENTINEL(0);
+void bump_key_eventcounter (void);
+void bump_card_eventcounter (void);
+void start_command_handler (ctrl_t, gnupg_fd_t, gnupg_fd_t);
+
+/*-- command-ssh.c --*/
+void start_command_handler_ssh (ctrl_t, gnupg_fd_t);
+
+/*-- findkey.c --*/
+int agent_write_private_key (const unsigned char *grip,
+ const void *buffer, size_t length, int force);
+gpg_error_t agent_key_from_file (ctrl_t ctrl,
+ const char *desc_text,
+ const unsigned char *grip,
+ unsigned char **shadow_info,
+ cache_mode_t cache_mode,
+ lookup_ttl_t lookup_ttl,
+ gcry_sexp_t *result);
+gpg_error_t agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip,
+ gcry_sexp_t *result);
+gpg_error_t agent_public_key_from_file (ctrl_t ctrl,
+ const unsigned char *grip,
+ gcry_sexp_t *result);
+int agent_key_available (const unsigned char *grip);
+gpg_error_t agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
+ int *r_keytype,
+ unsigned char **r_shadow_info);
+
+/*-- call-pinentry.c --*/
+void initialize_module_call_pinentry (void);
+void agent_query_dump_state (void);
+void agent_reset_query (ctrl_t ctrl);
+int pinentry_active_p (ctrl_t ctrl, int waitseconds);
+int agent_askpin (ctrl_t ctrl,
+ const char *desc_text, const char *prompt_text,
+ const char *inital_errtext,
+ struct pin_entry_info_s *pininfo);
+int agent_get_passphrase (ctrl_t ctrl, char **retpass,
+ const char *desc, const char *prompt,
+ const char *errtext, int with_qualitybar);
+int agent_get_confirmation (ctrl_t ctrl, const char *desc, const char *ok,
+ const char *notokay, int with_cancel);
+int agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn);
+int agent_popup_message_start (ctrl_t ctrl,
+ const char *desc, const char *ok_btn);
+void agent_popup_message_stop (ctrl_t ctrl);
+
+
+/*-- cache.c --*/
+void agent_flush_cache (void);
+int agent_put_cache (const char *key, cache_mode_t cache_mode,
+ const char *data, int ttl);
+const char *agent_get_cache (const char *key, cache_mode_t cache_mode,
+ void **cache_id);
+void agent_unlock_cache_entry (void **cache_id);
+
+
+/*-- pksign.c --*/
+int agent_pksign_do (ctrl_t ctrl, const char *desc_text,
+ gcry_sexp_t *signature_sexp,
+ cache_mode_t cache_mode, lookup_ttl_t lookup_ttl);
+int agent_pksign (ctrl_t ctrl, const char *desc_text,
+ membuf_t *outbuf, cache_mode_t cache_mode);
+
+/*-- pkdecrypt.c --*/
+int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
+ const unsigned char *ciphertext, size_t ciphertextlen,
+ membuf_t *outbuf);
+
+/*-- genkey.c --*/
+int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent);
+int agent_genkey (ctrl_t ctrl,
+ const char *keyparam, size_t keyparmlen, membuf_t *outbuf);
+int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey);
+
+/*-- protect.c --*/
+unsigned long get_standard_s2k_count (void);
+int agent_protect (const unsigned char *plainkey, const char *passphrase,
+ unsigned char **result, size_t *resultlen);
+int agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
+ gnupg_isotime_t protected_at,
+ unsigned char **result, size_t *resultlen);
+int agent_private_key_type (const unsigned char *privatekey);
+unsigned char *make_shadow_info (const char *serialno, const char *idstring);
+int agent_shadow_key (const unsigned char *pubkey,
+ const unsigned char *shadow_info,
+ unsigned char **result);
+int agent_get_shadow_info (const unsigned char *shadowkey,
+ unsigned char const **shadow_info);
+gpg_error_t parse_shadow_info (const unsigned char *shadow_info,
+ char **r_hexsn, char **r_idstr);
+
+
+/*-- trustlist.c --*/
+void initialize_module_trustlist (void);
+gpg_error_t agent_istrusted (ctrl_t ctrl, const char *fpr, int *r_disabled);
+gpg_error_t agent_listtrusted (void *assuan_context);
+gpg_error_t agent_marktrusted (ctrl_t ctrl, const char *name,
+ const char *fpr, int flag);
+void agent_reload_trustlist (void);
+
+
+/*-- divert-scd.c --*/
+int divert_pksign (ctrl_t ctrl,
+ const unsigned char *digest, size_t digestlen, int algo,
+ const unsigned char *shadow_info, unsigned char **r_sig);
+int divert_pkdecrypt (ctrl_t ctrl,
+ const unsigned char *cipher,
+ const unsigned char *shadow_info,
+ char **r_buf, size_t *r_len);
+int divert_generic_cmd (ctrl_t ctrl,
+ const char *cmdline, void *assuan_context);
+
+
+/*-- call-scd.c --*/
+void initialize_module_call_scd (void);
+void agent_scd_dump_state (void);
+int agent_scd_check_running (void);
+void agent_scd_check_aliveness (void);
+int agent_reset_scd (ctrl_t ctrl);
+int agent_card_learn (ctrl_t ctrl,
+ void (*kpinfo_cb)(void*, const char *),
+ void *kpinfo_cb_arg,
+ void (*certinfo_cb)(void*, const char *),
+ void *certinfo_cb_arg,
+ void (*sinfo_cb)(void*, const char *,
+ size_t, const char *),
+ void *sinfo_cb_arg);
+int agent_card_serialno (ctrl_t ctrl, char **r_serialno);
+int agent_card_pksign (ctrl_t ctrl,
+ const char *keyid,
+ int (*getpin_cb)(void *, const char *, char*, size_t),
+ void *getpin_cb_arg,
+ const unsigned char *indata, size_t indatalen,
+ unsigned char **r_buf, size_t *r_buflen);
+int agent_card_pkdecrypt (ctrl_t ctrl,
+ const char *keyid,
+ int (*getpin_cb)(void *, const char *, char*,size_t),
+ void *getpin_cb_arg,
+ const unsigned char *indata, size_t indatalen,
+ char **r_buf, size_t *r_buflen);
+int agent_card_readcert (ctrl_t ctrl,
+ const char *id, char **r_buf, size_t *r_buflen);
+int agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf);
+gpg_error_t agent_card_getattr (ctrl_t ctrl, const char *name, char **result);
+int agent_card_scd (ctrl_t ctrl, const char *cmdline,
+ int (*getpin_cb)(void *, const char *, char*, size_t),
+ void *getpin_cb_arg, void *assuan_context);
+
+
+/*-- learncard.c --*/
+int agent_handle_learn (ctrl_t ctrl, void *assuan_context);
+
+
+#endif /*AGENT_H*/
diff --git a/agent/cache.c b/agent/cache.c
new file mode 100644
index 0000000..10f9ef6
--- /dev/null
+++ b/agent/cache.c
@@ -0,0 +1,340 @@
+/* cache.c - keep a cache of passphrases
+ * Copyright (C) 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <assert.h>
+
+#include "agent.h"
+
+struct secret_data_s {
+ int totallen; /* this includes the padding */
+ int datalen; /* actual data length */
+ char data[1];
+};
+
+typedef struct cache_item_s *ITEM;
+struct cache_item_s {
+ ITEM next;
+ time_t created;
+ time_t accessed;
+ int ttl; /* max. lifetime given in seconds, -1 one means infinite */
+ int lockcount;
+ struct secret_data_s *pw;
+ cache_mode_t cache_mode;
+ char key[1];
+};
+
+
+static ITEM thecache;
+
+
+static void
+release_data (struct secret_data_s *data)
+{
+ xfree (data);
+}
+
+static struct secret_data_s *
+new_data (const void *data, size_t length)
+{
+ struct secret_data_s *d;
+ int total;
+
+ /* we pad the data to 32 bytes so that it get more complicated
+ finding something out by watching allocation patterns. This is
+ usally not possible but we better assume nothing about our
+ secure storage provider*/
+ total = length + 32 - (length % 32);
+
+ d = gcry_malloc_secure (sizeof *d + total - 1);
+ if (d)
+ {
+ d->totallen = total;
+ d->datalen = length;
+ memcpy (d->data, data, length);
+ }
+ return d;
+}
+
+
+
+/* check whether there are items to expire */
+static void
+housekeeping (void)
+{
+ ITEM r, rprev;
+ time_t current = gnupg_get_time ();
+
+ /* First expire the actual data */
+ for (r=thecache; r; r = r->next)
+ {
+ if (!r->lockcount && r->pw
+ && r->ttl >= 0 && r->accessed + r->ttl < current)
+ {
+ if (DBG_CACHE)
+ log_debug (" expired `%s' (%ds after last access)\n",
+ r->key, r->ttl);
+ release_data (r->pw);
+ r->pw = NULL;
+ r->accessed = current;
+ }
+ }
+
+ /* Second, make sure that we also remove them based on the created stamp so
+ that the user has to enter it from time to time. */
+ for (r=thecache; r; r = r->next)
+ {
+ unsigned long maxttl;
+
+ switch (r->cache_mode)
+ {
+ case CACHE_MODE_SSH: maxttl = opt.max_cache_ttl_ssh; break;
+ default: maxttl = opt.max_cache_ttl; break;
+ }
+ if (!r->lockcount && r->pw && r->created + maxttl < current)
+ {
+ if (DBG_CACHE)
+ log_debug (" expired `%s' (%lus after creation)\n",
+ r->key, opt.max_cache_ttl);
+ release_data (r->pw);
+ r->pw = NULL;
+ r->accessed = current;
+ }
+ }
+
+ /* Third, make sure that we don't have too many items in the list.
+ Expire old and unused entries after 30 minutes */
+ for (rprev=NULL, r=thecache; r; )
+ {
+ if (!r->pw && r->ttl >= 0 && r->accessed + 60*30 < current)
+ {
+ if (r->lockcount)
+ {
+ log_error ("can't remove unused cache entry `%s' due to"
+ " lockcount=%d\n",
+ r->key, r->lockcount);
+ r->accessed += 60*10; /* next error message in 10 minutes */
+ rprev = r;
+ r = r->next;
+ }
+ else
+ {
+ ITEM r2 = r->next;
+ if (DBG_CACHE)
+ log_debug (" removed `%s' (slot not used for 30m)\n", r->key);
+ xfree (r);
+ if (!rprev)
+ thecache = r2;
+ else
+ rprev->next = r2;
+ r = r2;
+ }
+ }
+ else
+ {
+ rprev = r;
+ r = r->next;
+ }
+ }
+}
+
+
+void
+agent_flush_cache (void)
+{
+ ITEM r;
+
+ if (DBG_CACHE)
+ log_debug ("agent_flush_cache\n");
+
+ for (r=thecache; r; r = r->next)
+ {
+ if (!r->lockcount && r->pw)
+ {
+ if (DBG_CACHE)
+ log_debug (" flushing `%s'\n", r->key);
+ release_data (r->pw);
+ r->pw = NULL;
+ r->accessed = 0;
+ }
+ else if (r->lockcount && r->pw)
+ {
+ if (DBG_CACHE)
+ log_debug (" marked `%s' for flushing\n", r->key);
+ r->accessed = 0;
+ r->ttl = 0;
+ }
+ }
+}
+
+
+
+/* Store DATA of length DATALEN in the cache under KEY and mark it
+ with a maximum lifetime of TTL seconds. If there is already data
+ under this key, it will be replaced. Using a DATA of NULL deletes
+ the entry. A TTL of 0 is replaced by the default TTL and a TTL of
+ -1 set infinite timeout. CACHE_MODE is stored with the cache entry
+ and used to select different timeouts. */
+int
+agent_put_cache (const char *key, cache_mode_t cache_mode,
+ const char *data, int ttl)
+{
+ ITEM r;
+
+ if (DBG_CACHE)
+ log_debug ("agent_put_cache `%s' requested ttl=%d mode=%d\n",
+ key, ttl, cache_mode);
+ housekeeping ();
+
+ if (!ttl)
+ {
+ switch(cache_mode)
+ {
+ case CACHE_MODE_SSH: ttl = opt.def_cache_ttl_ssh; break;
+ default: ttl = opt.def_cache_ttl; break;
+ }
+ }
+ if (!ttl || cache_mode == CACHE_MODE_IGNORE)
+ return 0;
+
+ for (r=thecache; r; r = r->next)
+ {
+ if (!r->lockcount && !strcmp (r->key, key))
+ break;
+ }
+ if (r)
+ { /* replace */
+ if (r->pw)
+ {
+ release_data (r->pw);
+ r->pw = NULL;
+ }
+ if (data)
+ {
+ r->created = r->accessed = gnupg_get_time ();
+ r->ttl = ttl;
+ r->cache_mode = cache_mode;
+ r->pw = new_data (data, strlen (data)+1);
+ if (!r->pw)
+ log_error ("out of core while allocating new cache item\n");
+ }
+ }
+ else if (data)
+ { /* simply insert */
+ r = xtrycalloc (1, sizeof *r + strlen (key));
+ if (!r)
+ log_error ("out of core while allocating new cache control\n");
+ else
+ {
+ strcpy (r->key, key);
+ r->created = r->accessed = gnupg_get_time ();
+ r->ttl = ttl;
+ r->cache_mode = cache_mode;
+ r->pw = new_data (data, strlen (data)+1);
+ if (!r->pw)
+ {
+ log_error ("out of core while allocating new cache item\n");
+ xfree (r);
+ }
+ else
+ {
+ r->next = thecache;
+ thecache = r;
+ }
+ }
+ }
+ return 0;
+}
+
+
+/* Try to find an item in the cache. Note that we currently don't
+ make use of CACHE_MODE. */
+const char *
+agent_get_cache (const char *key, cache_mode_t cache_mode, void **cache_id)
+{
+ ITEM r;
+
+ if (cache_mode == CACHE_MODE_IGNORE)
+ return NULL;
+
+ if (DBG_CACHE)
+ log_debug ("agent_get_cache `%s'...\n", key);
+ housekeeping ();
+
+ /* first try to find one with no locks - this is an updated cache
+ entry: We might have entries with a lockcount and without a
+ lockcount. */
+ for (r=thecache; r; r = r->next)
+ {
+ if (!r->lockcount && r->pw && !strcmp (r->key, key))
+ {
+ /* put_cache does only put strings into the cache, so we
+ don't need the lengths */
+ r->accessed = gnupg_get_time ();
+ if (DBG_CACHE)
+ log_debug ("... hit\n");
+ r->lockcount++;
+ *cache_id = r;
+ return r->pw->data;
+ }
+ }
+ /* again, but this time get even one with a lockcount set */
+ for (r=thecache; r; r = r->next)
+ {
+ if (r->pw && !strcmp (r->key, key))
+ {
+ r->accessed = gnupg_get_time ();
+ if (DBG_CACHE)
+ log_debug ("... hit (locked)\n");
+ r->lockcount++;
+ *cache_id = r;
+ return r->pw->data;
+ }
+ }
+ if (DBG_CACHE)
+ log_debug ("... miss\n");
+
+ *cache_id = NULL;
+ return NULL;
+}
+
+
+void
+agent_unlock_cache_entry (void **cache_id)
+{
+ ITEM r;
+
+ for (r=thecache; r; r = r->next)
+ {
+ if (r == *cache_id)
+ {
+ if (!r->lockcount)
+ log_error ("trying to unlock non-locked cache entry `%s'\n",
+ r->key);
+ else
+ r->lockcount--;
+ return;
+ }
+ }
+}
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
new file mode 100644
index 0000000..ad1bd03
--- /dev/null
+++ b/agent/call-pinentry.c
@@ -0,0 +1,1178 @@
+/* call-pinentry.c - Spawn the pinentry to query stuff from the user
+ * Copyright (C) 2001, 2002, 2004, 2007, 2008,
+ * 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#ifndef HAVE_W32_SYSTEM
+# include <sys/wait.h>
+# include <sys/types.h>
+# include <signal.h>
+#endif
+#include <pth.h>
+
+#include "agent.h"
+#include <assuan.h>
+#include "setenv.h"
+#include "i18n.h"
+
+#ifdef _POSIX_OPEN_MAX
+#define MAX_OPEN_FDS _POSIX_OPEN_MAX
+#else
+#define MAX_OPEN_FDS 20
+#endif
+
+
+/* Because access to the pinentry must be serialized (it is and shall
+ be a global mutual dialog) we should better timeout further
+ requests after some time. 2 minutes seem to be a reasonable
+ time. */
+#define LOCK_TIMEOUT (1*60)
+
+/* The assuan context of the current pinentry. */
+static assuan_context_t entry_ctx;
+
+/* The control variable of the connection owning the current pinentry.
+ This is only valid if ENTRY_CTX is not NULL. Note, that we care
+ only about the value of the pointer and that it should never be
+ dereferenced. */
+static ctrl_t entry_owner;
+
+/* A mutex used to serialize access to the pinentry. */
+static pth_mutex_t entry_lock;
+
+/* The thread ID of the popup working thread. */
+static pth_t popup_tid;
+
+/* A flag used in communication between the popup working thread and
+ its stop function. */
+static int popup_finished;
+
+
+
+/* Data to be passed to our callbacks, */
+struct entry_parm_s
+{
+ int lines;
+ size_t size;
+ unsigned char *buffer;
+};
+
+
+
+
+/* This function must be called once to initialize this module. This
+ has to be done before a second thread is spawned. We can't do the
+ static initialization because Pth emulation code might not be able
+ to do a static init; in particular, it is not possible for W32. */
+void
+initialize_module_call_pinentry (void)
+{
+ static int initialized;
+
+ if (!initialized)
+ {
+ if (pth_mutex_init (&entry_lock))
+ initialized = 1;
+ }
+}
+
+
+
+static void
+dump_mutex_state (pth_mutex_t *m)
+{
+#ifdef _W32_PTH_H
+ (void)m;
+ log_printf ("unknown under W32");
+#else
+ if (!(m->mx_state & PTH_MUTEX_INITIALIZED))
+ log_printf ("not_initialized");
+ else if (!(m->mx_state & PTH_MUTEX_LOCKED))
+ log_printf ("not_locked");
+ else
+ log_printf ("locked tid=0x%lx count=%lu", (long)m->mx_owner, m->mx_count);
+#endif
+}
+
+
+/* This function may be called to print infromation pertaining to the
+ current state of this module to the log. */
+void
+agent_query_dump_state (void)
+{
+ log_info ("agent_query_dump_state: entry_lock=");
+ dump_mutex_state (&entry_lock);
+ log_printf ("\n");
+ log_info ("agent_query_dump_state: entry_ctx=%p pid=%ld popup_tid=%p\n",
+ entry_ctx, (long)assuan_get_pid (entry_ctx), popup_tid);
+}
+
+/* Called to make sure that a popup window owned by the current
+ connection gets closed. */
+void
+agent_reset_query (ctrl_t ctrl)
+{
+ if (entry_ctx && popup_tid && entry_owner == ctrl)
+ {
+ agent_popup_message_stop (ctrl);
+ }
+}
+
+
+/* Unlock the pinentry so that another thread can start one and
+ disconnect that pinentry - we do this after the unlock so that a
+ stalled pinentry does not block other threads. Fixme: We should
+ have a timeout in Assuan for the disconnect operation. */
+static int
+unlock_pinentry (int rc)
+{
+ assuan_context_t ctx = entry_ctx;
+
+ entry_ctx = NULL;
+ if (!pth_mutex_release (&entry_lock))
+ {
+ log_error ("failed to release the entry lock\n");
+ if (!rc)
+ rc = gpg_error (GPG_ERR_INTERNAL);
+ }
+ assuan_release (ctx);
+ return rc;
+}
+
+
+/* To make sure we leave no secrets in our image after forking of the
+ pinentry, we use this callback. */
+static void
+atfork_cb (void *opaque, int where)
+{
+ ctrl_t ctrl = opaque;
+
+ if (!where)
+ {
+ int iterator = 0;
+ const char *name, *assname, *value;
+
+ gcry_control (GCRYCTL_TERM_SECMEM);
+
+ while ((name = session_env_list_stdenvnames (&iterator, &assname)))
+ {
+ /* For all new envvars (!ASSNAME) and the two medium old
+ ones which do have an assuan name but are conveyed using
+ environment variables, update the environment of the
+ forked process. */
+ if (!assname
+ || !strcmp (name, "XAUTHORITY")
+ || !strcmp (name, "PINENTRY_USER_DATA"))
+ {
+ value = session_env_getenv (ctrl->session_env, name);
+ if (value)
+ setenv (name, value, 1);
+ }
+ }
+ }
+}
+
+
+static gpg_error_t
+getinfo_pid_cb (void *opaque, const void *buffer, size_t length)
+{
+ unsigned long *pid = opaque;
+ char pidbuf[50];
+
+ /* There is only the pid in the server's response. */
+ if (length >= sizeof pidbuf)
+ length = sizeof pidbuf -1;
+ if (length)
+ {
+ strncpy (pidbuf, buffer, length);
+ pidbuf[length] = 0;
+ *pid = strtoul (pidbuf, NULL, 10);
+ }
+ return 0;
+}
+
+/* Fork off the pin entry if this has not already been done. Note,
+ that this function must always be used to aquire the lock for the
+ pinentry - we will serialize _all_ pinentry calls.
+ */
+static int
+start_pinentry (ctrl_t ctrl)
+{
+ int rc;
+ const char *pgmname;
+ assuan_context_t ctx;
+ const char *argv[5];
+ int no_close_list[3];
+ int i;
+ pth_event_t evt;
+ const char *tmpstr;
+ unsigned long pinentry_pid;
+ const char *value;
+
+ evt = pth_event (PTH_EVENT_TIME, pth_timeout (LOCK_TIMEOUT, 0));
+ if (!pth_mutex_acquire (&entry_lock, 0, evt))
+ {
+ if (pth_event_occurred (evt))
+ rc = gpg_error (GPG_ERR_TIMEOUT);
+ else
+ rc = gpg_error (GPG_ERR_INTERNAL);
+ pth_event_free (evt, PTH_FREE_THIS);
+ log_error (_("failed to acquire the pinentry lock: %s\n"),
+ gpg_strerror (rc));
+ return rc;
+ }
+ pth_event_free (evt, PTH_FREE_THIS);
+
+ entry_owner = ctrl;
+
+ if (entry_ctx)
+ return 0;
+
+ if (opt.verbose)
+ log_info ("starting a new PIN Entry\n");
+
+#ifdef HAVE_W32_SYSTEM
+ fflush (stdout);
+ fflush (stderr);
+#endif
+ if (fflush (NULL))
+ {
+#ifndef HAVE_W32_SYSTEM
+ gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
+#endif
+ log_error ("error flushing pending output: %s\n", strerror (errno));
+ /* At least Windows XP fails here with EBADF. According to docs
+ and Wine an fflush(NULL) is the same as _flushall. However
+ the Wime implementaion does not flush stdin,stdout and stderr
+ - see above. Lets try to ignore the error. */
+#ifndef HAVE_W32_SYSTEM
+ return unlock_pinentry (tmperr);
+#endif
+ }
+
+ if (!opt.pinentry_program || !*opt.pinentry_program)
+ opt.pinentry_program = gnupg_module_name (GNUPG_MODULE_NAME_PINENTRY);
+ pgmname = opt.pinentry_program;
+ if ( !(pgmname = strrchr (opt.pinentry_program, '/')))
+ pgmname = opt.pinentry_program;
+ else
+ pgmname++;
+
+ /* OS X needs the entire file name in argv[0], so that it can locate
+ the resource bundle. For other systems we stick to the usual
+ convention of supplying only the name of the program. */
+#ifdef __APPLE__
+ argv[0] = opt.pinentry_program;
+#else /*!__APPLE__*/
+ argv[0] = pgmname;
+#endif /*__APPLE__*/
+
+ if (!opt.keep_display
+ && (value = session_env_getenv (ctrl->session_env, "DISPLAY")))
+ {
+ argv[1] = "--display";
+ argv[2] = value;
+ argv[3] = NULL;
+ }
+ else
+ argv[1] = NULL;
+
+ i=0;
+ if (!opt.running_detached)
+ {
+ if (log_get_fd () != -1)
+ no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
+ no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
+ }
+ no_close_list[i] = -1;
+
+ rc = assuan_new (&ctx);
+ if (rc)
+ {
+ log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+
+ /* Connect to the pinentry and perform initial handshaking. Note
+ that atfork is used to change the environment for pinentry. We
+ start the server in detached mode to suppress the console window
+ under Windows. */
+ rc = assuan_pipe_connect (ctx, opt.pinentry_program, argv,
+ no_close_list, atfork_cb, ctrl,
+ ASSUAN_PIPE_CONNECT_DETACHED);
+ if (rc)
+ {
+ log_error ("can't connect to the PIN entry module: %s\n",
+ gpg_strerror (rc));
+ assuan_release (ctx);
+ return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY));
+ }
+ entry_ctx = ctx;
+
+ if (DBG_ASSUAN)
+ log_debug ("connection to PIN entry established\n");
+
+ rc = assuan_transact (entry_ctx,
+ opt.no_grab? "OPTION no-grab":"OPTION grab",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return unlock_pinentry (rc);
+
+ value = session_env_getenv (ctrl->session_env, "GPG_TTY");
+ if (value)
+ {
+ char *optstr;
+ if (asprintf (&optstr, "OPTION ttyname=%s", value) < 0 )
+ return unlock_pinentry (out_of_core ());
+ rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
+ NULL);
+ xfree (optstr);
+ if (rc)
+ return unlock_pinentry (rc);
+ }
+ value = session_env_getenv (ctrl->session_env, "TERM");
+ if (value)
+ {
+ char *optstr;
+ if (asprintf (&optstr, "OPTION ttytype=%s", value) < 0 )
+ return unlock_pinentry (out_of_core ());
+ rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
+ NULL);
+ xfree (optstr);
+ if (rc)
+ return unlock_pinentry (rc);
+ }
+ if (ctrl->lc_ctype)
+ {
+ char *optstr;
+ if (asprintf (&optstr, "OPTION lc-ctype=%s", ctrl->lc_ctype) < 0 )
+ return unlock_pinentry (out_of_core ());
+ rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
+ NULL);
+ xfree (optstr);
+ if (rc)
+ return unlock_pinentry (rc);
+ }
+ if (ctrl->lc_messages)
+ {
+ char *optstr;
+ if (asprintf (&optstr, "OPTION lc-messages=%s", ctrl->lc_messages) < 0 )
+ return unlock_pinentry (out_of_core ());
+ rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
+ NULL);
+ xfree (optstr);
+ if (rc)
+ return unlock_pinentry (rc);
+ }
+
+ {
+ /* Provide a few default strings for use by the pinentries. This
+ may help a pinentry to avoid implementing localization code. */
+ static struct { const char *key, *value; } tbl[] = {
+ /* TRANSLATORS: These are labels for buttons etc used in
+ Pinentries. An underscore indicates that the next letter
+ should be used as an accelerator. Double the underscore for
+ a literal one. The actual to be translated text starts after
+ the second vertical bar. */
+ { "ok", N_("|pinentry-label|_OK") },
+ { "cancel", N_("|pinentry-label|_Cancel") },
+ { "prompt", N_("|pinentry-label|PIN:") },
+ { NULL, NULL}
+ };
+ char *optstr;
+ int idx;
+ const char *s, *s2;
+
+ for (idx=0; tbl[idx].key; idx++)
+ {
+ s = _(tbl[idx].value);
+ if (*s == '|' && (s2=strchr (s+1,'|')))
+ s = s2+1;
+ if (asprintf (&optstr, "OPTION default-%s=%s", tbl[idx].key, s) < 0 )
+ return unlock_pinentry (out_of_core ());
+ assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
+ NULL);
+ xfree (optstr);
+ }
+ }
+
+
+ /* Tell the pinentry the name of a file it shall touch after having
+ messed with the tty. This is optional and only supported by
+ newer pinentries and thus we do no error checking. */
+ tmpstr = opt.pinentry_touch_file;
+ if (tmpstr && !strcmp (tmpstr, "/dev/null"))
+ tmpstr = NULL;
+ else if (!tmpstr)
+ tmpstr = get_agent_socket_name ();
+ if (tmpstr)
+ {
+ char *optstr;
+
+ if (asprintf (&optstr, "OPTION touch-file=%s", tmpstr ) < 0 )
+ ;
+ else
+ {
+ assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
+ NULL);
+ xfree (optstr);
+ }
+ }
+
+
+ /* Now ask the Pinentry for its PID. If the Pinentry is new enough
+ it will send the pid back and we will use an inquire to notify
+ our client. The client may answer the inquiry either with END or
+ with CAN to cancel the pinentry. */
+ rc = assuan_transact (entry_ctx, "GETINFO pid",
+ getinfo_pid_cb, &pinentry_pid,
+ NULL, NULL, NULL, NULL);
+ if (rc)
+ {
+ log_info ("You may want to update to a newer pinentry\n");
+ rc = 0;
+ }
+ else if (!rc && (pid_t)pinentry_pid == (pid_t)(-1))
+ log_error ("pinentry did not return a PID\n");
+ else
+ {
+ rc = agent_inq_pinentry_launched (ctrl, pinentry_pid);
+ if (gpg_err_code (rc) == GPG_ERR_CANCELED)
+ return unlock_pinentry (gpg_error (GPG_ERR_CANCELED));
+ rc = 0;
+ }
+
+ return 0;
+}
+
+
+/* Returns True is the pinentry is currently active. If WAITSECONDS is
+ greater than zero the function will wait for this many seconds
+ before returning. */
+int
+pinentry_active_p (ctrl_t ctrl, int waitseconds)
+{
+ (void)ctrl;
+
+ if (waitseconds > 0)
+ {
+ pth_event_t evt;
+ int rc;
+
+ evt = pth_event (PTH_EVENT_TIME, pth_timeout (waitseconds, 0));
+ if (!pth_mutex_acquire (&entry_lock, 0, evt))
+ {
+ if (pth_event_occurred (evt))
+ rc = gpg_error (GPG_ERR_TIMEOUT);
+ else
+ rc = gpg_error (GPG_ERR_INTERNAL);
+ pth_event_free (evt, PTH_FREE_THIS);
+ return rc;
+ }
+ pth_event_free (evt, PTH_FREE_THIS);
+ }
+ else
+ {
+ if (!pth_mutex_acquire (&entry_lock, 1, NULL))
+ return gpg_error (GPG_ERR_LOCKED);
+ }
+
+ if (!pth_mutex_release (&entry_lock))
+ log_error ("failed to release the entry lock at %d\n", __LINE__);
+ return 0;
+}
+
+
+static gpg_error_t
+getpin_cb (void *opaque, const void *buffer, size_t length)
+{
+ struct entry_parm_s *parm = opaque;
+
+ if (!buffer)
+ return 0;
+
+ /* we expect the pin to fit on one line */
+ if (parm->lines || length >= parm->size)
+ return gpg_error (GPG_ERR_ASS_TOO_MUCH_DATA);
+
+ /* fixme: we should make sure that the assuan buffer is allocated in
+ secure memory or read the response byte by byte */
+ memcpy (parm->buffer, buffer, length);
+ parm->buffer[length] = 0;
+ parm->lines++;
+ return 0;
+}
+
+
+static int
+all_digitsp( const char *s)
+{
+ for (; *s && *s >= '0' && *s <= '9'; s++)
+ ;
+ return !*s;
+}
+
+
+/* Return a new malloced string by unescaping the string S. Escaping
+ is percent escaping and '+'/space mapping. A binary Nul will
+ silently be replaced by a 0xFF. Function returns NULL to indicate
+ an out of memory status. PArsing stops at the end of the string or
+ a white space character. */
+static char *
+unescape_passphrase_string (const unsigned char *s)
+{
+ char *buffer, *d;
+
+ buffer = d = xtrymalloc_secure (strlen ((const char*)s)+1);
+ if (!buffer)
+ return NULL;
+ while (*s && !spacep (s))
+ {
+ if (*s == '%' && s[1] && s[2])
+ {
+ s++;
+ *d = xtoi_2 (s);
+ if (!*d)
+ *d = '\xff';
+ d++;
+ s += 2;
+ }
+ else if (*s == '+')
+ {
+ *d++ = ' ';
+ s++;
+ }
+ else
+ *d++ = *s++;
+ }
+ *d = 0;
+ return buffer;
+}
+
+
+/* Estimate the quality of the passphrase PW and return a value in the
+ range 0..100. */
+static int
+estimate_passphrase_quality (const char *pw)
+{
+ int goodlength = opt.min_passphrase_len + opt.min_passphrase_len/3;
+ int length;
+ const char *s;
+
+ if (goodlength < 1)
+ return 0;
+
+ for (length = 0, s = pw; *s; s++)
+ if (!spacep (s))
+ length ++;
+
+ if (length > goodlength)
+ return 100;
+ return ((length*10) / goodlength)*10;
+}
+
+
+/* Handle the QUALITY inquiry. */
+static gpg_error_t
+inq_quality (void *opaque, const char *line)
+{
+ assuan_context_t ctx = opaque;
+ char *pin;
+ int rc;
+ int percent;
+ char numbuf[20];
+
+ if (!strncmp (line, "QUALITY", 7) && (line[7] == ' ' || !line[7]))
+ {
+ line += 7;
+ while (*line == ' ')
+ line++;
+
+ pin = unescape_passphrase_string (line);
+ if (!pin)
+ rc = gpg_error_from_syserror ();
+ else
+ {
+ percent = estimate_passphrase_quality (pin);
+ if (check_passphrase_constraints (NULL, pin, 1))
+ percent = -percent;
+ snprintf (numbuf, sizeof numbuf, "%d", percent);
+ rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
+ xfree (pin);
+ }
+ }
+ else
+ {
+ log_error ("unsupported inquiry `%s' from pinentry\n", line);
+ rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
+ }
+
+ return rc;
+}
+
+
+/* Helper for agent_askpin and agent_get_passphrase. */
+static int
+setup_qualitybar (void)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+ char *tmpstr, *tmpstr2;
+ const char *tooltip;
+
+ /* TRANSLATORS: This string is displayed by Pinentry as the label
+ for the quality bar. */
+ tmpstr = try_percent_escape (_("Quality:"), "\t\r\n\f\v");
+ snprintf (line, DIM(line)-1, "SETQUALITYBAR %s", tmpstr? tmpstr:"");
+ line[DIM(line)-1] = 0;
+ xfree (tmpstr);
+ rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc == 103 /*(Old assuan error code)*/
+ || gpg_err_code (rc) == GPG_ERR_ASS_UNKNOWN_CMD)
+ ; /* Ignore Unknown Command from old Pinentry versions. */
+ else if (rc)
+ return rc;
+
+ tmpstr2 = gnupg_get_help_string ("pinentry.qualitybar.tooltip", 0);
+ if (tmpstr2)
+ tooltip = tmpstr2;
+ else
+ {
+ /* TRANSLATORS: This string is a tooltip, shown by pinentry when
+ hovering over the quality bar. Please use an appropriate
+ string to describe what this is about. The length of the
+ tooltip is limited to about 900 characters. If you do not
+ translate this entry, a default english text (see source)
+ will be used. */
+ tooltip = _("pinentry.qualitybar.tooltip");
+ if (!strcmp ("pinentry.qualitybar.tooltip", tooltip))
+ tooltip = ("The quality of the text entered above.\n"
+ "Please ask your administrator for "
+ "details about the criteria.");
+ }
+ tmpstr = try_percent_escape (tooltip, "\t\r\n\f\v");
+ xfree (tmpstr2);
+ snprintf (line, DIM(line)-1, "SETQUALITYBAR_TT %s", tmpstr? tmpstr:"");
+ line[DIM(line)-1] = 0;
+ xfree (tmpstr);
+ rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc == 103 /*(Old assuan error code)*/
+ || gpg_err_code (rc) == GPG_ERR_ASS_UNKNOWN_CMD)
+ ; /* Ignore Unknown Command from old pinentry versions. */
+ else if (rc)
+ return rc;
+
+ return 0;
+}
+
+
+
+/* Call the Entry and ask for the PIN. We do check for a valid PIN
+ number here and repeat it as long as we have invalid formed
+ numbers. */
+int
+agent_askpin (ctrl_t ctrl,
+ const char *desc_text, const char *prompt_text,
+ const char *initial_errtext,
+ struct pin_entry_info_s *pininfo)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+ struct entry_parm_s parm;
+ const char *errtext = NULL;
+ int is_pin = 0;
+ int saveflag;
+
+ if (opt.batch)
+ return 0; /* fixme: we should return BAD PIN */
+
+ if (!pininfo || pininfo->max_length < 1)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!desc_text && pininfo->min_digits)
+ desc_text = _("Please enter your PIN, so that the secret key "
+ "can be unlocked for this session");
+ else if (!desc_text)
+ desc_text = _("Please enter your passphrase, so that the secret key "
+ "can be unlocked for this session");
+
+ if (prompt_text)
+ is_pin = !!strstr (prompt_text, "PIN");
+ else
+ is_pin = desc_text && strstr (desc_text, "PIN");
+
+ rc = start_pinentry (ctrl);
+ if (rc)
+ return rc;
+
+ snprintf (line, DIM(line)-1, "SETDESC %s", desc_text);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return unlock_pinentry (rc);
+
+ snprintf (line, DIM(line)-1, "SETPROMPT %s",
+ prompt_text? prompt_text : is_pin? "PIN:" : "Passphrase:");
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return unlock_pinentry (rc);
+
+ /* If a passphrase quality indicator has been requested and a
+ minimum passphrase length has not been disabled, send the command
+ to the pinentry. */
+ if (pininfo->with_qualitybar && opt.min_passphrase_len )
+ {
+ rc = setup_qualitybar ();
+ if (rc)
+ return unlock_pinentry (rc);
+ }
+
+ if (initial_errtext)
+ {
+ snprintf (line, DIM(line)-1, "SETERROR %s", initial_errtext);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return unlock_pinentry (rc);
+ }
+
+ for (;pininfo->failed_tries < pininfo->max_tries; pininfo->failed_tries++)
+ {
+ memset (&parm, 0, sizeof parm);
+ parm.size = pininfo->max_length;
+ *pininfo->pin = 0; /* Reset the PIN. */
+ parm.buffer = (unsigned char*)pininfo->pin;
+
+ if (errtext)
+ {
+ /* TRANLATORS: The string is appended to an error message in
+ the pinentry. The %s is the actual error message, the
+ two %d give the current and maximum number of tries. */
+ snprintf (line, DIM(line)-1, _("SETERROR %s (try %d of %d)"),
+ errtext, pininfo->failed_tries+1, pininfo->max_tries);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return unlock_pinentry (rc);
+ errtext = NULL;
+ }
+
+ saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
+ assuan_begin_confidential (entry_ctx);
+ rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
+ inq_quality, entry_ctx, NULL, NULL);
+ assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
+ /* Most pinentries out in the wild return the old Assuan error code
+ for canceled which gets translated to an assuan Cancel error and
+ not to the code for a user cancel. Fix this here. */
+ if (rc && gpg_err_source (rc)
+ && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
+ rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
+
+ if (gpg_err_code (rc) == GPG_ERR_ASS_TOO_MUCH_DATA)
+ errtext = is_pin? _("PIN too long")
+ : _("Passphrase too long");
+ else if (rc)
+ return unlock_pinentry (rc);
+
+ if (!errtext && pininfo->min_digits)
+ {
+ /* do some basic checks on the entered PIN. */
+ if (!all_digitsp (pininfo->pin))
+ errtext = _("Invalid characters in PIN");
+ else if (pininfo->max_digits
+ && strlen (pininfo->pin) > pininfo->max_digits)
+ errtext = _("PIN too long");
+ else if (strlen (pininfo->pin) < pininfo->min_digits)
+ errtext = _("PIN too short");
+ }
+
+ if (!errtext && pininfo->check_cb)
+ {
+ /* More checks by utilizing the optional callback. */
+ pininfo->cb_errtext = NULL;
+ rc = pininfo->check_cb (pininfo);
+ if (rc == -1 && pininfo->cb_errtext)
+ errtext = pininfo->cb_errtext;
+ else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
+ || gpg_err_code (rc) == GPG_ERR_BAD_PIN)
+ errtext = (is_pin? _("Bad PIN")
+ : _("Bad Passphrase"));
+ else if (rc)
+ return unlock_pinentry (rc);
+ }
+
+ if (!errtext)
+ return unlock_pinentry (0); /* okay, got a PIN or passphrase */
+ }
+
+ return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN
+ : GPG_ERR_BAD_PASSPHRASE));
+}
+
+
+
+/* Ask for the passphrase using the supplied arguments. The returned
+ passphrase needs to be freed by the caller. */
+int
+agent_get_passphrase (ctrl_t ctrl,
+ char **retpass, const char *desc, const char *prompt,
+ const char *errtext, int with_qualitybar)
+{
+
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+ struct entry_parm_s parm;
+ int saveflag;
+
+ *retpass = NULL;
+ if (opt.batch)
+ return gpg_error (GPG_ERR_BAD_PASSPHRASE);
+
+ rc = start_pinentry (ctrl);
+ if (rc)
+ return rc;
+
+ if (!prompt)
+ prompt = desc && strstr (desc, "PIN")? "PIN": _("Passphrase");
+
+
+ if (desc)
+ snprintf (line, DIM(line)-1, "SETDESC %s", desc);
+ else
+ snprintf (line, DIM(line)-1, "RESET");
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return unlock_pinentry (rc);
+
+ snprintf (line, DIM(line)-1, "SETPROMPT %s", prompt);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return unlock_pinentry (rc);
+
+ if (with_qualitybar && opt.min_passphrase_len)
+ {
+ rc = setup_qualitybar ();
+ if (rc)
+ return unlock_pinentry (rc);
+ }
+
+ if (errtext)
+ {
+ snprintf (line, DIM(line)-1, "SETERROR %s", errtext);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return unlock_pinentry (rc);
+ }
+
+ memset (&parm, 0, sizeof parm);
+ parm.size = ASSUAN_LINELENGTH/2 - 5;
+ parm.buffer = gcry_malloc_secure (parm.size+10);
+ if (!parm.buffer)
+ return unlock_pinentry (out_of_core ());
+
+ saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
+ assuan_begin_confidential (entry_ctx);
+ rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
+ inq_quality, entry_ctx, NULL, NULL);
+ assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
+ /* Most pinentries out in the wild return the old Assuan error code
+ for canceled which gets translated to an assuan Cancel error and
+ not to the code for a user cancel. Fix this here. */
+ if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
+ rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
+ if (rc)
+ xfree (parm.buffer);
+ else
+ *retpass = parm.buffer;
+ return unlock_pinentry (rc);
+}
+
+
+
+/* Pop up the PIN-entry, display the text and the prompt and ask the
+ user to confirm this. We return 0 for success, ie. the user
+ confirmed it, GPG_ERR_NOT_CONFIRMED for what the text says or an
+ other error. If WITH_CANCEL it true an extra cancel button is
+ displayed to allow the user to easily return a GPG_ERR_CANCELED.
+ if the Pinentry does not support this, the user can still cancel by
+ closing the Pinentry window. */
+int
+agent_get_confirmation (ctrl_t ctrl,
+ const char *desc, const char *ok,
+ const char *notok, int with_cancel)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+
+ rc = start_pinentry (ctrl);
+ if (rc)
+ return rc;
+
+ if (desc)
+ snprintf (line, DIM(line)-1, "SETDESC %s", desc);
+ else
+ snprintf (line, DIM(line)-1, "RESET");
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ /* Most pinentries out in the wild return the old Assuan error code
+ for canceled which gets translated to an assuan Cancel error and
+ not to the code for a user cancel. Fix this here. */
+ if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
+ rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
+
+ if (rc)
+ return unlock_pinentry (rc);
+
+ if (ok)
+ {
+ snprintf (line, DIM(line)-1, "SETOK %s", ok);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx,
+ line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return unlock_pinentry (rc);
+ }
+ if (notok)
+ {
+ /* Try to use the newer NOTOK feature if a cancel button is
+ requested. If no cancel button is requested we keep on using
+ the standard cancel. */
+ if (with_cancel)
+ {
+ snprintf (line, DIM(line)-1, "SETNOTOK %s", notok);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx,
+ line, NULL, NULL, NULL, NULL, NULL, NULL);
+ }
+ else
+ rc = GPG_ERR_ASS_UNKNOWN_CMD;
+
+ if (gpg_err_code (rc) == GPG_ERR_ASS_UNKNOWN_CMD)
+ {
+ snprintf (line, DIM(line)-1, "SETCANCEL %s", notok);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ }
+ if (rc)
+ return unlock_pinentry (rc);
+ }
+
+ rc = assuan_transact (entry_ctx, "CONFIRM",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
+ rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
+
+ return unlock_pinentry (rc);
+}
+
+
+
+/* Pop up the PINentry, display the text DESC and a button with the
+ text OK_BTN (which may be NULL to use the default of "OK") and waut
+ for the user to hit this button. The return value is not
+ relevant. */
+int
+agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+
+ rc = start_pinentry (ctrl);
+ if (rc)
+ return rc;
+
+ if (desc)
+ snprintf (line, DIM(line)-1, "SETDESC %s", desc);
+ else
+ snprintf (line, DIM(line)-1, "RESET");
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ /* Most pinentries out in the wild return the old Assuan error code
+ for canceled which gets translated to an assuan Cancel error and
+ not to the code for a user cancel. Fix this here. */
+ if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
+ rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
+
+ if (rc)
+ return unlock_pinentry (rc);
+
+ if (ok_btn)
+ {
+ snprintf (line, DIM(line)-1, "SETOK %s", ok_btn);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL,
+ NULL, NULL, NULL);
+ if (rc)
+ return unlock_pinentry (rc);
+ }
+
+ rc = assuan_transact (entry_ctx, "CONFIRM --one-button", NULL, NULL, NULL,
+ NULL, NULL, NULL);
+ if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
+ rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
+
+ return unlock_pinentry (rc);
+}
+
+
+/* The thread running the popup message. */
+static void *
+popup_message_thread (void *arg)
+{
+ (void)arg;
+
+ /* We use the --one-button hack instead of the MESSAGE command to
+ allow the use of old Pinentries. Those old Pinentries will then
+ show an additional Cancel button but that is mostly a visual
+ annoyance. */
+ assuan_transact (entry_ctx, "CONFIRM --one-button",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ popup_finished = 1;
+ return NULL;
+}
+
+
+/* Pop up a message window similar to the confirm one but keep it open
+ until agent_popup_message_stop has been called. It is crucial for
+ the caller to make sure that the stop function gets called as soon
+ as the message is not anymore required because the message is
+ system modal and all other attempts to use the pinentry will fail
+ (after a timeout). */
+int
+agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+ pth_attr_t tattr;
+
+ rc = start_pinentry (ctrl);
+ if (rc)
+ return rc;
+
+ if (desc)
+ snprintf (line, DIM(line)-1, "SETDESC %s", desc);
+ else
+ snprintf (line, DIM(line)-1, "RESET");
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return unlock_pinentry (rc);
+
+ if (ok_btn)
+ {
+ snprintf (line, DIM(line)-1, "SETOK %s", ok_btn);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line, NULL,NULL,NULL,NULL,NULL,NULL);
+ if (rc)
+ return unlock_pinentry (rc);
+ }
+
+ tattr = pth_attr_new();
+ pth_attr_set (tattr, PTH_ATTR_JOINABLE, 1);
+ pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024);
+ pth_attr_set (tattr, PTH_ATTR_NAME, "popup-message");
+
+ popup_finished = 0;
+ popup_tid = pth_spawn (tattr, popup_message_thread, NULL);
+ if (!popup_tid)
+ {
+ rc = gpg_error_from_syserror ();
+ log_error ("error spawning popup message handler: %s\n",
+ strerror (errno) );
+ pth_attr_destroy (tattr);
+ return unlock_pinentry (rc);
+ }
+ pth_attr_destroy (tattr);
+
+ return 0;
+}
+
+/* Close a popup window. */
+void
+agent_popup_message_stop (ctrl_t ctrl)
+{
+ int rc;
+ pid_t pid;
+
+ (void)ctrl;
+
+ if (!popup_tid || !entry_ctx)
+ {
+ log_debug ("agent_popup_message_stop called with no active popup\n");
+ return;
+ }
+
+ pid = assuan_get_pid (entry_ctx);
+ if (pid == (pid_t)(-1))
+ ; /* No pid available can't send a kill. */
+ else if (popup_finished)
+ ; /* Already finished and ready for joining. */
+#ifdef HAVE_W32_SYSTEM
+ /* Older versions of assuan set PID to 0 on Windows to indicate an
+ invalid value. */
+ else if (pid != (pid_t) INVALID_HANDLE_VALUE
+ && pid != 0)
+ {
+ HANDLE process = (HANDLE) pid;
+
+ /* Arbitrary error code. */
+ TerminateProcess (process, 1);
+ }
+#else
+ else if (pid && ((rc=waitpid (pid, NULL, WNOHANG))==-1 || (rc == pid)) )
+ { /* The daemon already died. No need to send a kill. However
+ because we already waited for the process, we need to tell
+ assuan that it should not wait again (done by
+ unlock_pinentry). */
+ if (rc == pid)
+ assuan_set_flag (entry_ctx, ASSUAN_NO_WAITPID, 1);
+ }
+ else if (pid > 0)
+ kill (pid, SIGKILL); /* Need to use SIGKILL due to bad
+ interaction of SIGINT with Pth. */
+#endif
+
+ /* Now wait for the thread to terminate. */
+ rc = pth_join (popup_tid, NULL);
+ if (!rc)
+ log_debug ("agent_popup_message_stop: pth_join failed: %s\n",
+ strerror (errno));
+ popup_tid = NULL;
+ entry_owner = NULL;
+
+ /* Now we can close the connection. */
+ unlock_pinentry (0);
+}
+
+
diff --git a/agent/call-scd.c b/agent/call-scd.c
new file mode 100644
index 0000000..5a43377
--- /dev/null
+++ b/agent/call-scd.c
@@ -0,0 +1,1167 @@
+/* call-scd.c - fork of the scdaemon to do SC operations
+ * Copyright (C) 2001, 2002, 2005, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <unistd.h>
+#include <signal.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#ifndef HAVE_W32_SYSTEM
+#include <sys/wait.h>
+#endif
+#include <pth.h>
+
+#include "agent.h"
+#include <assuan.h>
+
+#ifdef _POSIX_OPEN_MAX
+#define MAX_OPEN_FDS _POSIX_OPEN_MAX
+#else
+#define MAX_OPEN_FDS 20
+#endif
+
+/* This Assuan flag is only available since libassuan 2.0.2. Because
+ comments lines are comments anyway we can use a replacement which
+ might not do anything. assuan_{g,s}et_flag don't return an error
+ thus there won't be any ABI problem. */
+#ifndef ASSUAN_CONVEY_COMMENTS
+#define ASSUAN_CONVEY_COMMENTS 4
+#endif
+
+
+/* Definition of module local data of the CTRL structure. */
+struct scd_local_s
+{
+ /* We keep a list of all allocated context with a an achnor at
+ SCD_LOCAL_LIST (see below). */
+ struct scd_local_s *next_local;
+
+ /* We need to get back to the ctrl object actually referencing this
+ structure. This is really an awkward way of enumerint the lcoal
+ contects. A much cleaner way would be to keep a global list of
+ ctrl objects to enumerate them. */
+ ctrl_t ctrl_backlink;
+
+ assuan_context_t ctx; /* NULL or session context for the SCdaemon
+ used with this connection. */
+ int locked; /* This flag is used to assert proper use of
+ start_scd and unlock_scd. */
+
+};
+
+
+/* Callback parameter for learn card */
+struct learn_parm_s
+{
+ void (*kpinfo_cb)(void*, const char *);
+ void *kpinfo_cb_arg;
+ void (*certinfo_cb)(void*, const char *);
+ void *certinfo_cb_arg;
+ void (*sinfo_cb)(void*, const char *, size_t, const char *);
+ void *sinfo_cb_arg;
+};
+
+struct inq_needpin_s
+{
+ assuan_context_t ctx;
+ int (*getpin_cb)(void *, const char *, char*, size_t);
+ void *getpin_cb_arg;
+ assuan_context_t passthru; /* If not NULL, pass unknown inquiries
+ up to the caller. */
+};
+
+
+/* To keep track of all active SCD contexts, we keep a linked list
+ anchored at this variable. */
+static struct scd_local_s *scd_local_list;
+
+/* A Mutex used inside the start_scd function. */
+static pth_mutex_t start_scd_lock;
+
+/* A malloced string with the name of the socket to be used for
+ additional connections. May be NULL if not provided by
+ SCdaemon. */
+static char *socket_name;
+
+/* The context of the primary connection. This is also used as a flag
+ to indicate whether the scdaemon has been started. */
+static assuan_context_t primary_scd_ctx;
+
+/* To allow reuse of the primary connection, the following flag is set
+ to true if the primary context has been reset and is not in use by
+ any connection. */
+static int primary_scd_ctx_reusable;
+
+
+
+/* Local prototypes. */
+static gpg_error_t membuf_data_cb (void *opaque,
+ const void *buffer, size_t length);
+
+
+
+
+/* This function must be called once to initialize this module. This
+ has to be done before a second thread is spawned. We can't do the
+ static initialization because Pth emulation code might not be able
+ to do a static init; in particular, it is not possible for W32. */
+void
+initialize_module_call_scd (void)
+{
+ static int initialized;
+
+ if (!initialized)
+ {
+ if (!pth_mutex_init (&start_scd_lock))
+ log_fatal ("error initializing mutex: %s\n", strerror (errno));
+ initialized = 1;
+ }
+}
+
+
+static void
+dump_mutex_state (pth_mutex_t *m)
+{
+#ifdef _W32_PTH_H
+ (void)m;
+ log_printf ("unknown under W32");
+#else
+ if (!(m->mx_state & PTH_MUTEX_INITIALIZED))
+ log_printf ("not_initialized");
+ else if (!(m->mx_state & PTH_MUTEX_LOCKED))
+ log_printf ("not_locked");
+ else
+ log_printf ("locked tid=0x%lx count=%lu", (long)m->mx_owner, m->mx_count);
+#endif
+}
+
+
+/* This function may be called to print infromation pertaining to the
+ current state of this module to the log. */
+void
+agent_scd_dump_state (void)
+{
+ log_info ("agent_scd_dump_state: scd_lock=");
+ dump_mutex_state (&start_scd_lock);
+ log_printf ("\n");
+ log_info ("agent_scd_dump_state: primary_scd_ctx=%p pid=%ld reusable=%d\n",
+ primary_scd_ctx,
+ (long)assuan_get_pid (primary_scd_ctx),
+ primary_scd_ctx_reusable);
+ if (socket_name)
+ log_info ("agent_scd_dump_state: socket=`%s'\n", socket_name);
+}
+
+
+/* The unlock_scd function shall be called after having accessed the
+ SCD. It is currently not very useful but gives an opportunity to
+ keep track of connections currently calling SCD. Note that the
+ "lock" operation is done by the start_scd() function which must be
+ called and error checked before any SCD operation. CTRL is the
+ usual connection context and RC the error code to be passed trhough
+ the function. */
+static int
+unlock_scd (ctrl_t ctrl, int rc)
+{
+ if (gpg_err_code (rc) == GPG_ERR_NOT_OPERATIONAL
+ && gpg_err_source (rc) == GPG_ERR_SOURCE_SCD)
+ {
+ /* If the SCdaemon returned this error, it detected a major
+ problem, like no reader connected. To finish this we need to
+ stop the connection. This simulates an explicit killing of
+ the SCdaemon. */
+ assuan_transact (primary_scd_ctx, "BYE",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ }
+
+ if (ctrl->scd_local->locked != 1)
+ {
+ log_error ("unlock_scd: invalid lock count (%d)\n",
+ ctrl->scd_local->locked);
+ if (!rc)
+ rc = gpg_error (GPG_ERR_INTERNAL);
+ }
+ ctrl->scd_local->locked = 0;
+ return rc;
+}
+
+/* To make sure we leave no secrets in our image after forking of the
+ scdaemon, we use this callback. */
+static void
+atfork_cb (void *opaque, int where)
+{
+ (void)opaque;
+
+ if (!where)
+ gcry_control (GCRYCTL_TERM_SECMEM);
+}
+
+
+/* Fork off the SCdaemon if this has not already been done. Lock the
+ daemon and make sure that a proper context has been setup in CTRL.
+ This function might also lock the daemon, which means that the
+ caller must call unlock_scd after this fucntion has returned
+ success and the actual Assuan transaction been done. */
+static int
+start_scd (ctrl_t ctrl)
+{
+ gpg_error_t err = 0;
+ const char *pgmname;
+ assuan_context_t ctx = NULL;
+ const char *argv[3];
+ int no_close_list[3];
+ int i;
+ int rc;
+
+ if (opt.disable_scdaemon)
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ /* If this is the first call for this session, setup the local data
+ structure. */
+ if (!ctrl->scd_local)
+ {
+ ctrl->scd_local = xtrycalloc (1, sizeof *ctrl->scd_local);
+ if (!ctrl->scd_local)
+ return gpg_error_from_syserror ();
+ ctrl->scd_local->ctrl_backlink = ctrl;
+ ctrl->scd_local->next_local = scd_local_list;
+ scd_local_list = ctrl->scd_local;
+ }
+
+
+ /* Assert that the lock count is as expected. */
+ if (ctrl->scd_local->locked)
+ {
+ log_error ("start_scd: invalid lock count (%d)\n",
+ ctrl->scd_local->locked);
+ return gpg_error (GPG_ERR_INTERNAL);
+ }
+ ctrl->scd_local->locked++;
+
+ if (ctrl->scd_local->ctx)
+ return 0; /* Okay, the context is fine. We used to test for an
+ alive context here and do an disconnect. Now that we
+ have a ticker function to check for it, it is easier
+ not to check here but to let the connection run on an
+ error instead. */
+
+
+ /* We need to protect the following code. */
+ if (!pth_mutex_acquire (&start_scd_lock, 0, NULL))
+ {
+ log_error ("failed to acquire the start_scd lock: %s\n",
+ strerror (errno));
+ return gpg_error (GPG_ERR_INTERNAL);
+ }
+
+ /* Check whether the pipe server has already been started and in
+ this case either reuse a lingering pipe connection or establish a
+ new socket based one. */
+ if (primary_scd_ctx && primary_scd_ctx_reusable)
+ {
+ ctx = primary_scd_ctx;
+ primary_scd_ctx_reusable = 0;
+ if (opt.verbose)
+ log_info ("new connection to SCdaemon established (reusing)\n");
+ goto leave;
+ }
+
+ rc = assuan_new (&ctx);
+ if (rc)
+ {
+ log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
+ err = rc;
+ goto leave;
+ }
+
+ if (socket_name)
+ {
+ rc = assuan_socket_connect (ctx, socket_name, 0, 0);
+ if (rc)
+ {
+ log_error ("can't connect to socket `%s': %s\n",
+ socket_name, gpg_strerror (rc));
+ err = gpg_error (GPG_ERR_NO_SCDAEMON);
+ goto leave;
+ }
+
+ if (opt.verbose)
+ log_info ("new connection to SCdaemon established\n");
+ goto leave;
+ }
+
+ if (primary_scd_ctx)
+ {
+ log_info ("SCdaemon is running but won't accept further connections\n");
+ err = gpg_error (GPG_ERR_NO_SCDAEMON);
+ goto leave;
+ }
+
+ /* Nope, it has not been started. Fire it up now. */
+ if (opt.verbose)
+ log_info ("no running SCdaemon - starting it\n");
+
+ if (fflush (NULL))
+ {
+#ifndef HAVE_W32_SYSTEM
+ err = gpg_error_from_syserror ();
+#endif
+ log_error ("error flushing pending output: %s\n", strerror (errno));
+ /* At least Windows XP fails here with EBADF. According to docs
+ and Wine an fflush(NULL) is the same as _flushall. However
+ the Wime implementaion does not flush stdin,stdout and stderr
+ - see above. Lets try to ignore the error. */
+#ifndef HAVE_W32_SYSTEM
+ goto leave;
+#endif
+ }
+
+ if (!opt.scdaemon_program || !*opt.scdaemon_program)
+ opt.scdaemon_program = gnupg_module_name (GNUPG_MODULE_NAME_SCDAEMON);
+ if ( !(pgmname = strrchr (opt.scdaemon_program, '/')))
+ pgmname = opt.scdaemon_program;
+ else
+ pgmname++;
+
+ argv[0] = pgmname;
+ argv[1] = "--multi-server";
+ argv[2] = NULL;
+
+ i=0;
+ if (!opt.running_detached)
+ {
+ if (log_get_fd () != -1)
+ no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
+ no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
+ }
+ no_close_list[i] = -1;
+
+ /* Connect to the pinentry and perform initial handshaking. Use
+ detached flag (128) so that under W32 SCDAEMON does not show up a
+ new window. */
+ rc = assuan_pipe_connect (ctx, opt.scdaemon_program, argv,
+ no_close_list, atfork_cb, NULL, 128);
+ if (rc)
+ {
+ log_error ("can't connect to the SCdaemon: %s\n",
+ gpg_strerror (rc));
+ err = gpg_error (GPG_ERR_NO_SCDAEMON);
+ goto leave;
+ }
+
+ if (opt.verbose)
+ log_debug ("first connection to SCdaemon established\n");
+
+ if (DBG_ASSUAN)
+ assuan_set_log_stream (ctx, log_get_stream ());
+
+ /* Get the name of the additional socket opened by scdaemon. */
+ {
+ membuf_t data;
+ unsigned char *databuf;
+ size_t datalen;
+
+ xfree (socket_name);
+ socket_name = NULL;
+ init_membuf (&data, 256);
+ assuan_transact (ctx, "GETINFO socket_name",
+ membuf_data_cb, &data, NULL, NULL, NULL, NULL);
+
+ databuf = get_membuf (&data, &datalen);
+ if (databuf && datalen)
+ {
+ socket_name = xtrymalloc (datalen + 1);
+ if (!socket_name)
+ log_error ("warning: can't store socket name: %s\n",
+ strerror (errno));
+ else
+ {
+ memcpy (socket_name, databuf, datalen);
+ socket_name[datalen] = 0;
+ if (DBG_ASSUAN)
+ log_debug ("additional connections at `%s'\n", socket_name);
+ }
+ }
+ xfree (databuf);
+ }
+
+ /* Tell the scdaemon we want him to send us an event signal. */
+ if (opt.sigusr2_enabled)
+ {
+ char buf[100];
+
+#ifdef HAVE_W32_SYSTEM
+ snprintf (buf, sizeof buf, "OPTION event-signal=%lx",
+ (unsigned long)get_agent_scd_notify_event ());
+#else
+ snprintf (buf, sizeof buf, "OPTION event-signal=%d", SIGUSR2);
+#endif
+ assuan_transact (ctx, buf, NULL, NULL, NULL, NULL, NULL, NULL);
+ }
+
+ primary_scd_ctx = ctx;
+ primary_scd_ctx_reusable = 0;
+
+ leave:
+ if (err)
+ {
+ unlock_scd (ctrl, err);
+ if (ctx)
+ assuan_release (ctx);
+ }
+ else
+ {
+ ctrl->scd_local->ctx = ctx;
+ }
+ if (!pth_mutex_release (&start_scd_lock))
+ log_error ("failed to release the start_scd lock: %s\n", strerror (errno));
+ return err;
+}
+
+
+/* Check whether the SCdaemon is active. This is a fast check without
+ any locking and might give a wrong result if another thread is about
+ to start the daemon or the daemon is about to be stopped.. */
+int
+agent_scd_check_running (void)
+{
+ return !!primary_scd_ctx;
+}
+
+
+/* Check whether the Scdaemon is still alive and clean it up if not. */
+void
+agent_scd_check_aliveness (void)
+{
+ pth_event_t evt;
+ pid_t pid;
+#ifdef HAVE_W32_SYSTEM
+ DWORD rc;
+#else
+ int rc;
+#endif
+
+ if (!primary_scd_ctx)
+ return; /* No scdaemon running. */
+
+ /* This is not a critical function so we use a short timeout while
+ acquiring the lock. */
+ evt = pth_event (PTH_EVENT_TIME, pth_timeout (1, 0));
+ if (!pth_mutex_acquire (&start_scd_lock, 0, evt))
+ {
+ if (pth_event_occurred (evt))
+ {
+ if (opt.verbose > 1)
+ log_info ("failed to acquire the start_scd lock while"
+ " doing an aliveness check: %s\n", "timeout");
+ }
+ else
+ log_error ("failed to acquire the start_scd lock while"
+ " doing an aliveness check: %s\n", strerror (errno));
+ pth_event_free (evt, PTH_FREE_THIS);
+ return;
+ }
+ pth_event_free (evt, PTH_FREE_THIS);
+
+ if (primary_scd_ctx)
+ {
+ pid = assuan_get_pid (primary_scd_ctx);
+#ifdef HAVE_W32_SYSTEM
+ /* If we have a PID we disconnect if either GetExitProcessCode
+ fails or if ir returns the exit code of the scdaemon. 259 is
+ the error code for STILL_ALIVE. */
+ if (pid != (pid_t)(void*)(-1) && pid
+ && (!GetExitCodeProcess ((HANDLE)pid, &rc) || rc != 259))
+#else
+ if (pid != (pid_t)(-1) && pid
+ && ((rc=waitpid (pid, NULL, WNOHANG))==-1 || (rc == pid)) )
+#endif
+ {
+ /* Okay, scdaemon died. Disconnect the primary connection
+ now but take care that it won't do another wait. Also
+ cleanup all other connections and release their
+ resources. The next use will start a new daemon then.
+ Due to the use of the START_SCD_LOCAL we are sure that
+ none of these context are actually in use. */
+ struct scd_local_s *sl;
+
+ assuan_set_flag (primary_scd_ctx, ASSUAN_NO_WAITPID, 1);
+ assuan_release (primary_scd_ctx);
+
+ for (sl=scd_local_list; sl; sl = sl->next_local)
+ {
+ if (sl->ctx)
+ {
+ if (sl->ctx != primary_scd_ctx)
+ assuan_release (sl->ctx);
+ sl->ctx = NULL;
+ }
+ }
+
+ primary_scd_ctx = NULL;
+ primary_scd_ctx_reusable = 0;
+
+ xfree (socket_name);
+ socket_name = NULL;
+ }
+ }
+
+ if (!pth_mutex_release (&start_scd_lock))
+ log_error ("failed to release the start_scd lock while"
+ " doing the aliveness check: %s\n", strerror (errno));
+}
+
+
+
+/* Reset the SCD if it has been used. Actually it is not a reset but
+ a cleanup of resources used by the current connection. */
+int
+agent_reset_scd (ctrl_t ctrl)
+{
+ if (ctrl->scd_local)
+ {
+ if (ctrl->scd_local->ctx)
+ {
+ /* We can't disconnect the primary context because libassuan
+ does a waitpid on it and thus the system would hang.
+ Instead we send a reset and keep that connection for
+ reuse. */
+ if (ctrl->scd_local->ctx == primary_scd_ctx)
+ {
+ /* Send a RESTART to the SCD. This is required for the
+ primary connection as a kind of virtual EOF; we don't
+ have another way to tell it that the next command
+ should be viewed as if a new connection has been
+ made. For the non-primary connections this is not
+ needed as we simply close the socket. We don't check
+ for an error here because the RESTART may fail for
+ example if the scdaemon has already been terminated.
+ Anyway, we need to set the reusable flag to make sure
+ that the aliveness check can clean it up. */
+ assuan_transact (primary_scd_ctx, "RESTART",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ primary_scd_ctx_reusable = 1;
+ }
+ else
+ assuan_release (ctrl->scd_local->ctx);
+ ctrl->scd_local->ctx = NULL;
+ }
+
+ /* Remove the local context from our list and release it. */
+ if (!scd_local_list)
+ BUG ();
+ else if (scd_local_list == ctrl->scd_local)
+ scd_local_list = ctrl->scd_local->next_local;
+ else
+ {
+ struct scd_local_s *sl;
+
+ for (sl=scd_local_list; sl->next_local; sl = sl->next_local)
+ if (sl->next_local == ctrl->scd_local)
+ break;
+ if (!sl->next_local)
+ BUG ();
+ sl->next_local = ctrl->scd_local->next_local;
+ }
+ xfree (ctrl->scd_local);
+ ctrl->scd_local = NULL;
+ }
+
+ return 0;
+}
+
+
+
+static gpg_error_t
+learn_status_cb (void *opaque, const char *line)
+{
+ struct learn_parm_s *parm = opaque;
+ const char *keyword = line;
+ int keywordlen;
+
+ for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+ ;
+ while (spacep (line))
+ line++;
+ if (keywordlen == 8 && !memcmp (keyword, "CERTINFO", keywordlen))
+ {
+ parm->certinfo_cb (parm->certinfo_cb_arg, line);
+ }
+ else if (keywordlen == 11 && !memcmp (keyword, "KEYPAIRINFO", keywordlen))
+ {
+ parm->kpinfo_cb (parm->kpinfo_cb_arg, line);
+ }
+ else if (keywordlen && *line)
+ {
+ parm->sinfo_cb (parm->sinfo_cb_arg, keyword, keywordlen, line);
+ }
+
+ return 0;
+}
+
+/* Perform the LEARN command and return a list of all private keys
+ stored on the card. */
+int
+agent_card_learn (ctrl_t ctrl,
+ void (*kpinfo_cb)(void*, const char *),
+ void *kpinfo_cb_arg,
+ void (*certinfo_cb)(void*, const char *),
+ void *certinfo_cb_arg,
+ void (*sinfo_cb)(void*, const char *, size_t, const char *),
+ void *sinfo_cb_arg)
+{
+ int rc;
+ struct learn_parm_s parm;
+
+ rc = start_scd (ctrl);
+ if (rc)
+ return rc;
+
+ memset (&parm, 0, sizeof parm);
+ parm.kpinfo_cb = kpinfo_cb;
+ parm.kpinfo_cb_arg = kpinfo_cb_arg;
+ parm.certinfo_cb = certinfo_cb;
+ parm.certinfo_cb_arg = certinfo_cb_arg;
+ parm.sinfo_cb = sinfo_cb;
+ parm.sinfo_cb_arg = sinfo_cb_arg;
+ rc = assuan_transact (ctrl->scd_local->ctx, "LEARN --force",
+ NULL, NULL, NULL, NULL,
+ learn_status_cb, &parm);
+ if (rc)
+ return unlock_scd (ctrl, rc);
+
+ return unlock_scd (ctrl, 0);
+}
+
+
+
+static gpg_error_t
+get_serialno_cb (void *opaque, const char *line)
+{
+ char **serialno = opaque;
+ const char *keyword = line;
+ const char *s;
+ int keywordlen, n;
+
+ for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+ ;
+ while (spacep (line))
+ line++;
+
+ if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
+ {
+ if (*serialno)
+ return gpg_error (GPG_ERR_CONFLICT); /* Unexpected status line. */
+ for (n=0,s=line; hexdigitp (s); s++, n++)
+ ;
+ if (!n || (n&1)|| !(spacep (s) || !*s) )
+ return gpg_error (GPG_ERR_ASS_PARAMETER);
+ *serialno = xtrymalloc (n+1);
+ if (!*serialno)
+ return out_of_core ();
+ memcpy (*serialno, line, n);
+ (*serialno)[n] = 0;
+ }
+
+ return 0;
+}
+
+/* Return the serial number of the card or an appropriate error. The
+ serial number is returned as a hexstring. */
+int
+agent_card_serialno (ctrl_t ctrl, char **r_serialno)
+{
+ int rc;
+ char *serialno = NULL;
+
+ rc = start_scd (ctrl);
+ if (rc)
+ return rc;
+
+ rc = assuan_transact (ctrl->scd_local->ctx, "SERIALNO",
+ NULL, NULL, NULL, NULL,
+ get_serialno_cb, &serialno);
+ if (rc)
+ {
+ xfree (serialno);
+ return unlock_scd (ctrl, rc);
+ }
+ *r_serialno = serialno;
+ return unlock_scd (ctrl, 0);
+}
+
+
+
+
+static gpg_error_t
+membuf_data_cb (void *opaque, const void *buffer, size_t length)
+{
+ membuf_t *data = opaque;
+
+ if (buffer)
+ put_membuf (data, buffer, length);
+ return 0;
+}
+
+/* Handle the NEEDPIN inquiry. */
+static gpg_error_t
+inq_needpin (void *opaque, const char *line)
+{
+ struct inq_needpin_s *parm = opaque;
+ char *pin;
+ size_t pinlen;
+ int rc;
+
+ if (!strncmp (line, "NEEDPIN", 7) && (line[7] == ' ' || !line[7]))
+ {
+ line += 7;
+ while (*line == ' ')
+ line++;
+
+ pinlen = 90;
+ pin = gcry_malloc_secure (pinlen);
+ if (!pin)
+ return out_of_core ();
+
+ rc = parm->getpin_cb (parm->getpin_cb_arg, line, pin, pinlen);
+ if (!rc)
+ rc = assuan_send_data (parm->ctx, pin, pinlen);
+ xfree (pin);
+ }
+ else if (!strncmp (line, "POPUPKEYPADPROMPT", 17)
+ && (line[17] == ' ' || !line[17]))
+ {
+ line += 17;
+ while (*line == ' ')
+ line++;
+
+ rc = parm->getpin_cb (parm->getpin_cb_arg, line, NULL, 1);
+ }
+ else if (!strncmp (line, "DISMISSKEYPADPROMPT", 19)
+ && (line[19] == ' ' || !line[19]))
+ {
+ rc = parm->getpin_cb (parm->getpin_cb_arg, "", NULL, 0);
+ }
+ else if (parm->passthru)
+ {
+ unsigned char *value;
+ size_t valuelen;
+ int rest;
+ int needrest = !strncmp (line, "KEYDATA", 8);
+
+ /* Pass the inquiry up to our caller. We limit the maximum
+ amount to an arbitrary value. As we know that the KEYDATA
+ enquiry is pretty sensitive we disable logging then */
+ if ((rest = (needrest
+ && !assuan_get_flag (parm->passthru, ASSUAN_CONFIDENTIAL))))
+ assuan_begin_confidential (parm->passthru);
+ rc = assuan_inquire (parm->passthru, line, &value, &valuelen, 8096);
+ if (rest)
+ assuan_end_confidential (parm->passthru);
+ if (!rc)
+ {
+ if ((rest = (needrest
+ && !assuan_get_flag (parm->ctx, ASSUAN_CONFIDENTIAL))))
+ assuan_begin_confidential (parm->ctx);
+ rc = assuan_send_data (parm->ctx, value, valuelen);
+ if (rest)
+ assuan_end_confidential (parm->ctx);
+ xfree (value);
+ }
+ else
+ log_error ("error forwarding inquiry `%s': %s\n",
+ line, gpg_strerror (rc));
+ }
+ else
+ {
+ log_error ("unsupported inquiry `%s'\n", line);
+ rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
+ }
+
+ return rc;
+}
+
+
+
+/* Create a signature using the current card */
+int
+agent_card_pksign (ctrl_t ctrl,
+ const char *keyid,
+ int (*getpin_cb)(void *, const char *, char*, size_t),
+ void *getpin_cb_arg,
+ const unsigned char *indata, size_t indatalen,
+ unsigned char **r_buf, size_t *r_buflen)
+{
+ int rc, i;
+ char *p, line[ASSUAN_LINELENGTH];
+ membuf_t data;
+ struct inq_needpin_s inqparm;
+ size_t len;
+ unsigned char *sigbuf;
+ size_t sigbuflen;
+
+ *r_buf = NULL;
+ rc = start_scd (ctrl);
+ if (rc)
+ return rc;
+
+ if (indatalen*2 + 50 > DIM(line))
+ return unlock_scd (ctrl, gpg_error (GPG_ERR_GENERAL));
+
+ sprintf (line, "SETDATA ");
+ p = line + strlen (line);
+ for (i=0; i < indatalen ; i++, p += 2 )
+ sprintf (p, "%02X", indata[i]);
+ rc = assuan_transact (ctrl->scd_local->ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return unlock_scd (ctrl, rc);
+
+ init_membuf (&data, 1024);
+ inqparm.ctx = ctrl->scd_local->ctx;
+ inqparm.getpin_cb = getpin_cb;
+ inqparm.getpin_cb_arg = getpin_cb_arg;
+ inqparm.passthru = 0;
+ snprintf (line, DIM(line)-1,
+ ctrl->use_auth_call? "PKAUTH %s":"PKSIGN %s", keyid);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (ctrl->scd_local->ctx, line,
+ membuf_data_cb, &data,
+ inq_needpin, &inqparm,
+ NULL, NULL);
+ if (rc)
+ {
+ xfree (get_membuf (&data, &len));
+ return unlock_scd (ctrl, rc);
+ }
+ sigbuf = get_membuf (&data, &sigbuflen);
+
+ /* Create an S-expression from it which is formatted like this:
+ "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" */
+ *r_buflen = 21 + 11 + sigbuflen + 4;
+ p = xtrymalloc (*r_buflen);
+ *r_buf = (unsigned char*)p;
+ if (!p)
+ return unlock_scd (ctrl, out_of_core ());
+ p = stpcpy (p, "(7:sig-val(3:rsa(1:s" );
+ sprintf (p, "%u:", (unsigned int)sigbuflen);
+ p += strlen (p);
+ memcpy (p, sigbuf, sigbuflen);
+ p += sigbuflen;
+ strcpy (p, ")))");
+ xfree (sigbuf);
+
+ assert (gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL));
+ return unlock_scd (ctrl, 0);
+}
+
+/* Decipher INDATA using the current card. Note that the returned value is */
+int
+agent_card_pkdecrypt (ctrl_t ctrl,
+ const char *keyid,
+ int (*getpin_cb)(void *, const char *, char*, size_t),
+ void *getpin_cb_arg,
+ const unsigned char *indata, size_t indatalen,
+ char **r_buf, size_t *r_buflen)
+{
+ int rc, i;
+ char *p, line[ASSUAN_LINELENGTH];
+ membuf_t data;
+ struct inq_needpin_s inqparm;
+ size_t len;
+
+ *r_buf = NULL;
+ rc = start_scd (ctrl);
+ if (rc)
+ return rc;
+
+ /* FIXME: use secure memory where appropriate */
+ if (indatalen*2 + 50 > DIM(line))
+ return unlock_scd (ctrl, gpg_error (GPG_ERR_GENERAL));
+
+ sprintf (line, "SETDATA ");
+ p = line + strlen (line);
+ for (i=0; i < indatalen ; i++, p += 2 )
+ sprintf (p, "%02X", indata[i]);
+ rc = assuan_transact (ctrl->scd_local->ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return unlock_scd (ctrl, rc);
+
+ init_membuf (&data, 1024);
+ inqparm.ctx = ctrl->scd_local->ctx;
+ inqparm.getpin_cb = getpin_cb;
+ inqparm.getpin_cb_arg = getpin_cb_arg;
+ inqparm.passthru = 0;
+ snprintf (line, DIM(line)-1, "PKDECRYPT %s", keyid);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (ctrl->scd_local->ctx, line,
+ membuf_data_cb, &data,
+ inq_needpin, &inqparm,
+ NULL, NULL);
+ if (rc)
+ {
+ xfree (get_membuf (&data, &len));
+ return unlock_scd (ctrl, rc);
+ }
+ *r_buf = get_membuf (&data, r_buflen);
+ if (!*r_buf)
+ return unlock_scd (ctrl, gpg_error (GPG_ERR_ENOMEM));
+
+ return unlock_scd (ctrl, 0);
+}
+
+
+
+/* Read a certificate with ID into R_BUF and R_BUFLEN. */
+int
+agent_card_readcert (ctrl_t ctrl,
+ const char *id, char **r_buf, size_t *r_buflen)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+ membuf_t data;
+ size_t len;
+
+ *r_buf = NULL;
+ rc = start_scd (ctrl);
+ if (rc)
+ return rc;
+
+ init_membuf (&data, 1024);
+ snprintf (line, DIM(line)-1, "READCERT %s", id);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (ctrl->scd_local->ctx, line,
+ membuf_data_cb, &data,
+ NULL, NULL,
+ NULL, NULL);
+ if (rc)
+ {
+ xfree (get_membuf (&data, &len));
+ return unlock_scd (ctrl, rc);
+ }
+ *r_buf = get_membuf (&data, r_buflen);
+ if (!*r_buf)
+ return unlock_scd (ctrl, gpg_error (GPG_ERR_ENOMEM));
+
+ return unlock_scd (ctrl, 0);
+}
+
+
+
+/* Read a key with ID and return it in an allocate buffer pointed to
+ by r_BUF as a valid S-expression. */
+int
+agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+ membuf_t data;
+ size_t len, buflen;
+
+ *r_buf = NULL;
+ rc = start_scd (ctrl);
+ if (rc)
+ return rc;
+
+ init_membuf (&data, 1024);
+ snprintf (line, DIM(line)-1, "READKEY %s", id);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (ctrl->scd_local->ctx, line,
+ membuf_data_cb, &data,
+ NULL, NULL,
+ NULL, NULL);
+ if (rc)
+ {
+ xfree (get_membuf (&data, &len));
+ return unlock_scd (ctrl, rc);
+ }
+ *r_buf = get_membuf (&data, &buflen);
+ if (!*r_buf)
+ return unlock_scd (ctrl, gpg_error (GPG_ERR_ENOMEM));
+
+ if (!gcry_sexp_canon_len (*r_buf, buflen, NULL, NULL))
+ {
+ xfree (*r_buf); *r_buf = NULL;
+ return unlock_scd (ctrl, gpg_error (GPG_ERR_INV_VALUE));
+ }
+
+ return unlock_scd (ctrl, 0);
+}
+
+
+
+/* Type used with the card_getattr_cb. */
+struct card_getattr_parm_s {
+ const char *keyword; /* Keyword to look for. */
+ size_t keywordlen; /* strlen of KEYWORD. */
+ char *data; /* Malloced and unescaped data. */
+ int error; /* ERRNO value or 0 on success. */
+};
+
+/* Callback function for agent_card_getattr. */
+static gpg_error_t
+card_getattr_cb (void *opaque, const char *line)
+{
+ struct card_getattr_parm_s *parm = opaque;
+ const char *keyword = line;
+ int keywordlen;
+
+ if (parm->data)
+ return 0; /* We want only the first occurrence. */
+
+ for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+ ;
+ while (spacep (line))
+ line++;
+
+ if (keywordlen == parm->keywordlen
+ && !memcmp (keyword, parm->keyword, keywordlen))
+ {
+ parm->data = percent_plus_unescape ((const unsigned char*)line, 0xff);
+ if (!parm->data)
+ parm->error = errno;
+ }
+
+ return 0;
+}
+
+
+/* Call the agent to retrieve a single line data object. On success
+ the object is malloced and stored at RESULT; it is guaranteed that
+ NULL is never stored in this case. On error an error code is
+ returned and NULL stored at RESULT. */
+gpg_error_t
+agent_card_getattr (ctrl_t ctrl, const char *name, char **result)
+{
+ int err;
+ struct card_getattr_parm_s parm;
+ char line[ASSUAN_LINELENGTH];
+
+ *result = NULL;
+
+ if (!*name)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ memset (&parm, 0, sizeof parm);
+ parm.keyword = name;
+ parm.keywordlen = strlen (name);
+
+ /* We assume that NAME does not need escaping. */
+ if (8 + strlen (name) > DIM(line)-1)
+ return gpg_error (GPG_ERR_TOO_LARGE);
+ stpcpy (stpcpy (line, "GETATTR "), name);
+
+ err = start_scd (ctrl);
+ if (err)
+ return err;
+
+ err = assuan_transact (ctrl->scd_local->ctx, line,
+ NULL, NULL, NULL, NULL,
+ card_getattr_cb, &parm);
+ if (!err && parm.error)
+ err = gpg_error_from_errno (parm.error);
+
+ if (!err && !parm.data)
+ err = gpg_error (GPG_ERR_NO_DATA);
+
+ if (!err)
+ *result = parm.data;
+ else
+ xfree (parm.data);
+
+ return unlock_scd (ctrl, err);
+}
+
+
+
+
+static gpg_error_t
+pass_status_thru (void *opaque, const char *line)
+{
+ assuan_context_t ctx = opaque;
+ char keyword[200];
+ int i;
+
+ for (i=0; *line && !spacep (line) && i < DIM(keyword)-1; line++, i++)
+ keyword[i] = *line;
+ keyword[i] = 0;
+ /* truncate any remaining keyword stuff. */
+ for (; *line && !spacep (line); line++)
+ ;
+ while (spacep (line))
+ line++;
+
+ assuan_write_status (ctx, keyword, line);
+ return 0;
+}
+
+static gpg_error_t
+pass_data_thru (void *opaque, const void *buffer, size_t length)
+{
+ assuan_context_t ctx = opaque;
+
+ assuan_send_data (ctx, buffer, length);
+ return 0;
+}
+
+
+/* Send the line CMDLINE with command for the SCDdaemon to it and send
+ all status messages back. This command is used as a general quoting
+ mechanism to pass everything verbatim to SCDAEMON. The PIN
+ inquiry is handled inside gpg-agent. */
+int
+agent_card_scd (ctrl_t ctrl, const char *cmdline,
+ int (*getpin_cb)(void *, const char *, char*, size_t),
+ void *getpin_cb_arg, void *assuan_context)
+{
+ int rc;
+ struct inq_needpin_s inqparm;
+ int saveflag;
+
+ rc = start_scd (ctrl);
+ if (rc)
+ return rc;
+
+ inqparm.ctx = ctrl->scd_local->ctx;
+ inqparm.getpin_cb = getpin_cb;
+ inqparm.getpin_cb_arg = getpin_cb_arg;
+ inqparm.passthru = assuan_context;
+ saveflag = assuan_get_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS);
+ assuan_set_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS, 1);
+ rc = assuan_transact (ctrl->scd_local->ctx, cmdline,
+ pass_data_thru, assuan_context,
+ inq_needpin, &inqparm,
+ pass_status_thru, assuan_context);
+ assuan_set_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS, saveflag);
+ if (rc)
+ {
+ return unlock_scd (ctrl, rc);
+ }
+
+ return unlock_scd (ctrl, 0);
+}
+
+
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
new file mode 100644
index 0000000..2f96ef5
--- /dev/null
+++ b/agent/command-ssh.c
@@ -0,0 +1,3089 @@
+/* command-ssh.c - gpg-agent's ssh-agent emulation layer
+ * Copyright (C) 2004, 2005, 2006, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* Only v2 of the ssh-agent protocol is implemented. */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <dirent.h>
+#include <assert.h>
+
+#include "agent.h"
+
+#include "estream.h"
+#include "i18n.h"
+#include "../common/ssh-utils.h"
+
+
+
+
+/* Request types. */
+#define SSH_REQUEST_REQUEST_IDENTITIES 11
+#define SSH_REQUEST_SIGN_REQUEST 13
+#define SSH_REQUEST_ADD_IDENTITY 17
+#define SSH_REQUEST_REMOVE_IDENTITY 18
+#define SSH_REQUEST_REMOVE_ALL_IDENTITIES 19
+#define SSH_REQUEST_LOCK 22
+#define SSH_REQUEST_UNLOCK 23
+#define SSH_REQUEST_ADD_ID_CONSTRAINED 25
+
+/* Options. */
+#define SSH_OPT_CONSTRAIN_LIFETIME 1
+#define SSH_OPT_CONSTRAIN_CONFIRM 2
+
+/* Response types. */
+#define SSH_RESPONSE_SUCCESS 6
+#define SSH_RESPONSE_FAILURE 5
+#define SSH_RESPONSE_IDENTITIES_ANSWER 12
+#define SSH_RESPONSE_SIGN_RESPONSE 14
+
+/* Other constants. */
+#define SSH_DSA_SIGNATURE_PADDING 20
+#define SSH_DSA_SIGNATURE_ELEMS 2
+#define SPEC_FLAG_USE_PKCS1V2 (1 << 0)
+
+
+/* The blurb we put into the header of a newly created control file. */
+static const char sshcontrolblurb[] =
+"# List of allowed ssh keys. Only keys present in this file are used\n"
+"# in the SSH protocol. The ssh-add tool may add new entries to this\n"
+"# file to enable them; you may also add them manually. Comment\n"
+"# lines, like this one, as well as empty lines are ignored. Lines do\n"
+"# have a certain length limit but this is not serious limitation as\n"
+"# the format of the entries is fixed and checked by gpg-agent. A\n"
+"# non-comment line starts with optional white spaces, followed by the\n"
+"# keygrip of the key given as 40 hex digits, optionally followed by a\n"
+"# the caching TTL in seconds and another optional field for arbitrary\n"
+"# flags. Prepend the keygrip with an '!' mark to disable it.\n"
+"\n";
+
+
+
+/* Macros. */
+
+/* Return a new uint32 with b0 being the most significant byte and b3
+ being the least significant byte. */
+#define uint32_construct(b0, b1, b2, b3) \
+ ((b0 << 24) | (b1 << 16) | (b2 << 8) | b3)
+
+
+
+
+/*
+ * Basic types.
+ */
+
+/* Type for a request handler. */
+typedef gpg_error_t (*ssh_request_handler_t) (ctrl_t ctrl,
+ estream_t request,
+ estream_t response);
+
+/* Type, which is used for associating request handlers with the
+ appropriate request IDs. */
+typedef struct ssh_request_spec
+{
+ unsigned char type;
+ ssh_request_handler_t handler;
+ const char *identifier;
+ unsigned int secret_input;
+} ssh_request_spec_t;
+
+/* Type for "key modifier functions", which are necessary since
+ OpenSSH and GnuPG treat key material slightly different. A key
+ modifier is called right after a new key identity has been received
+ in order to "sanitize" the material. */
+typedef gpg_error_t (*ssh_key_modifier_t) (const char *elems,
+ gcry_mpi_t *mpis);
+
+/* The encoding of a generated signature is dependent on the
+ algorithm; therefore algorithm specific signature encoding
+ functions are necessary. */
+typedef gpg_error_t (*ssh_signature_encoder_t) (estream_t signature_blob,
+ gcry_mpi_t *mpis);
+
+/* Type, which is used for boundling all the algorithm specific
+ information together in a single object. */
+typedef struct ssh_key_type_spec
+{
+ /* Algorithm identifier as used by OpenSSH. */
+ const char *ssh_identifier;
+
+ /* Algorithm identifier as used by GnuPG. */
+ const char *identifier;
+
+ /* List of MPI names for secret keys; order matches the one of the
+ agent protocol. */
+ const char *elems_key_secret;
+
+ /* List of MPI names for public keys; order matches the one of the
+ agent protocol. */
+ const char *elems_key_public;
+
+ /* List of MPI names for signature data. */
+ const char *elems_signature;
+
+ /* List of MPI names for secret keys; order matches the one, which
+ is required by gpg-agent's key access layer. */
+ const char *elems_sexp_order;
+
+ /* Key modifier function. Key modifier functions are necessary in
+ order to fix any inconsistencies between the representation of
+ keys on the SSH and on the GnuPG side. */
+ ssh_key_modifier_t key_modifier;
+
+ /* Signature encoder function. Signature encoder functions are
+ necessary since the encoding of signatures depends on the used
+ algorithm. */
+ ssh_signature_encoder_t signature_encoder;
+
+ /* Misc flags. */
+ unsigned int flags;
+} ssh_key_type_spec_t;
+
+
+/* Prototypes. */
+static gpg_error_t ssh_handler_request_identities (ctrl_t ctrl,
+ estream_t request,
+ estream_t response);
+static gpg_error_t ssh_handler_sign_request (ctrl_t ctrl,
+ estream_t request,
+ estream_t response);
+static gpg_error_t ssh_handler_add_identity (ctrl_t ctrl,
+ estream_t request,
+ estream_t response);
+static gpg_error_t ssh_handler_remove_identity (ctrl_t ctrl,
+ estream_t request,
+ estream_t response);
+static gpg_error_t ssh_handler_remove_all_identities (ctrl_t ctrl,
+ estream_t request,
+ estream_t response);
+static gpg_error_t ssh_handler_lock (ctrl_t ctrl,
+ estream_t request,
+ estream_t response);
+static gpg_error_t ssh_handler_unlock (ctrl_t ctrl,
+ estream_t request,
+ estream_t response);
+
+static gpg_error_t ssh_key_modifier_rsa (const char *elems, gcry_mpi_t *mpis);
+static gpg_error_t ssh_signature_encoder_rsa (estream_t signature_blob,
+ gcry_mpi_t *mpis);
+static gpg_error_t ssh_signature_encoder_dsa (estream_t signature_blob,
+ gcry_mpi_t *mpis);
+
+
+
+/* Global variables. */
+
+
+/* Associating request types with the corresponding request
+ handlers. */
+
+static ssh_request_spec_t request_specs[] =
+ {
+#define REQUEST_SPEC_DEFINE(id, name, secret_input) \
+ { SSH_REQUEST_##id, ssh_handler_##name, #name, secret_input }
+
+ REQUEST_SPEC_DEFINE (REQUEST_IDENTITIES, request_identities, 1),
+ REQUEST_SPEC_DEFINE (SIGN_REQUEST, sign_request, 0),
+ REQUEST_SPEC_DEFINE (ADD_IDENTITY, add_identity, 1),
+ REQUEST_SPEC_DEFINE (ADD_ID_CONSTRAINED, add_identity, 1),
+ REQUEST_SPEC_DEFINE (REMOVE_IDENTITY, remove_identity, 0),
+ REQUEST_SPEC_DEFINE (REMOVE_ALL_IDENTITIES, remove_all_identities, 0),
+ REQUEST_SPEC_DEFINE (LOCK, lock, 0),
+ REQUEST_SPEC_DEFINE (UNLOCK, unlock, 0)
+#undef REQUEST_SPEC_DEFINE
+ };
+
+
+/* Table holding key type specifications. */
+static ssh_key_type_spec_t ssh_key_types[] =
+ {
+ {
+ "ssh-rsa", "rsa", "nedupq", "en", "s", "nedpqu",
+ ssh_key_modifier_rsa, ssh_signature_encoder_rsa,
+ SPEC_FLAG_USE_PKCS1V2
+ },
+ {
+ "ssh-dss", "dsa", "pqgyx", "pqgy", "rs", "pqgyx",
+ NULL, ssh_signature_encoder_dsa,
+ 0
+ },
+ };
+
+
+
+
+
+/*
+ General utility functions.
+ */
+
+/* A secure realloc, i.e. it makes sure to allocate secure memory if A
+ is NULL. This is required because the standard gcry_realloc does
+ not know whether to allocate secure or normal if NULL is passed as
+ existing buffer. */
+static void *
+realloc_secure (void *a, size_t n)
+{
+ void *p;
+
+ if (a)
+ p = gcry_realloc (a, n);
+ else
+ p = gcry_malloc_secure (n);
+
+ return p;
+}
+
+
+/* Create and return a new C-string from DATA/DATA_N (i.e.: add
+ NUL-termination); return NULL on OOM. */
+static char *
+make_cstring (const char *data, size_t data_n)
+{
+ char *s;
+
+ s = xtrymalloc (data_n + 1);
+ if (s)
+ {
+ memcpy (s, data, data_n);
+ s[data_n] = 0;
+ }
+
+ return s;
+}
+
+
+
+
+/*
+ Primitive I/O functions.
+ */
+
+
+/* Read a byte from STREAM, store it in B. */
+static gpg_error_t
+stream_read_byte (estream_t stream, unsigned char *b)
+{
+ gpg_error_t err;
+ int ret;
+
+ ret = es_fgetc (stream);
+ if (ret == EOF)
+ {
+ if (es_ferror (stream))
+ err = gpg_error_from_syserror ();
+ else
+ err = gpg_error (GPG_ERR_EOF);
+ *b = 0;
+ }
+ else
+ {
+ *b = ret & 0xFF;
+ err = 0;
+ }
+
+ return err;
+}
+
+/* Write the byte contained in B to STREAM. */
+static gpg_error_t
+stream_write_byte (estream_t stream, unsigned char b)
+{
+ gpg_error_t err;
+ int ret;
+
+ ret = es_fputc (b, stream);
+ if (ret == EOF)
+ err = gpg_error_from_syserror ();
+ else
+ err = 0;
+
+ return err;
+}
+
+/* Read a uint32 from STREAM, store it in UINT32. */
+static gpg_error_t
+stream_read_uint32 (estream_t stream, u32 *uint32)
+{
+ unsigned char buffer[4];
+ size_t bytes_read;
+ gpg_error_t err;
+ int ret;
+
+ ret = es_read (stream, buffer, sizeof (buffer), &bytes_read);
+ if (ret)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ if (bytes_read != sizeof (buffer))
+ err = gpg_error (GPG_ERR_EOF);
+ else
+ {
+ u32 n;
+
+ n = uint32_construct (buffer[0], buffer[1], buffer[2], buffer[3]);
+ *uint32 = n;
+ err = 0;
+ }
+ }
+
+ return err;
+}
+
+/* Write the uint32 contained in UINT32 to STREAM. */
+static gpg_error_t
+stream_write_uint32 (estream_t stream, u32 uint32)
+{
+ unsigned char buffer[4];
+ gpg_error_t err;
+ int ret;
+
+ buffer[0] = uint32 >> 24;
+ buffer[1] = uint32 >> 16;
+ buffer[2] = uint32 >> 8;
+ buffer[3] = uint32 >> 0;
+
+ ret = es_write (stream, buffer, sizeof (buffer), NULL);
+ if (ret)
+ err = gpg_error_from_syserror ();
+ else
+ err = 0;
+
+ return err;
+}
+
+/* Read SIZE bytes from STREAM into BUFFER. */
+static gpg_error_t
+stream_read_data (estream_t stream, unsigned char *buffer, size_t size)
+{
+ gpg_error_t err;
+ size_t bytes_read;
+ int ret;
+
+ ret = es_read (stream, buffer, size, &bytes_read);
+ if (ret)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ if (bytes_read != size)
+ err = gpg_error (GPG_ERR_EOF);
+ else
+ err = 0;
+ }
+
+ return err;
+}
+
+/* Write SIZE bytes from BUFFER to STREAM. */
+static gpg_error_t
+stream_write_data (estream_t stream, const unsigned char *buffer, size_t size)
+{
+ gpg_error_t err;
+ int ret;
+
+ ret = es_write (stream, buffer, size, NULL);
+ if (ret)
+ err = gpg_error_from_syserror ();
+ else
+ err = 0;
+
+ return err;
+}
+
+/* Read a binary string from STREAM into STRING, store size of string
+ in STRING_SIZE; depending on SECURE use secure memory for
+ string. */
+static gpg_error_t
+stream_read_string (estream_t stream, unsigned int secure,
+ unsigned char **string, u32 *string_size)
+{
+ gpg_error_t err;
+ unsigned char *buffer = NULL;
+ u32 length = 0;
+
+ /* Read string length. */
+ err = stream_read_uint32 (stream, &length);
+ if (err)
+ goto out;
+
+ /* Allocate space. */
+ if (secure)
+ buffer = xtrymalloc_secure (length + 1);
+ else
+ buffer = xtrymalloc (length + 1);
+ if (! buffer)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ /* Read data. */
+ err = stream_read_data (stream, buffer, length);
+ if (err)
+ goto out;
+
+ /* Finalize string object. */
+ buffer[length] = 0;
+ *string = buffer;
+ if (string_size)
+ *string_size = length;
+
+ out:
+
+ if (err)
+ xfree (buffer);
+
+ return err;
+}
+
+/* Read a C-string from STREAM, store copy in STRING. */
+static gpg_error_t
+stream_read_cstring (estream_t stream, char **string)
+{
+ unsigned char *buffer;
+ gpg_error_t err;
+
+ err = stream_read_string (stream, 0, &buffer, NULL);
+ if (err)
+ goto out;
+
+ *string = (char *) buffer;
+
+ out:
+
+ return err;
+}
+
+
+/* Write a binary string from STRING of size STRING_N to STREAM. */
+static gpg_error_t
+stream_write_string (estream_t stream,
+ const unsigned char *string, u32 string_n)
+{
+ gpg_error_t err;
+
+ err = stream_write_uint32 (stream, string_n);
+ if (err)
+ goto out;
+
+ err = stream_write_data (stream, string, string_n);
+
+ out:
+
+ return err;
+}
+
+/* Write a C-string from STRING to STREAM. */
+static gpg_error_t
+stream_write_cstring (estream_t stream, const char *string)
+{
+ gpg_error_t err;
+
+ err = stream_write_string (stream,
+ (const unsigned char *) string, strlen (string));
+
+ return err;
+}
+
+/* Read an MPI from STREAM, store it in MPINT. Depending on SECURE
+ use secure memory. */
+static gpg_error_t
+stream_read_mpi (estream_t stream, unsigned int secure, gcry_mpi_t *mpint)
+{
+ unsigned char *mpi_data;
+ u32 mpi_data_size;
+ gpg_error_t err;
+ gcry_mpi_t mpi;
+
+ mpi_data = NULL;
+
+ err = stream_read_string (stream, secure, &mpi_data, &mpi_data_size);
+ if (err)
+ goto out;
+
+ /* To avoid excessive use of secure memory we check that an MPI is
+ not too large. */
+ if (mpi_data_size > 520)
+ {
+ log_error (_("ssh keys greater than %d bits are not supported\n"), 4096);
+ err = GPG_ERR_TOO_LARGE;
+ goto out;
+ }
+
+ err = gcry_mpi_scan (&mpi, GCRYMPI_FMT_STD, mpi_data, mpi_data_size, NULL);
+ if (err)
+ goto out;
+
+ *mpint = mpi;
+
+ out:
+
+ xfree (mpi_data);
+
+ return err;
+}
+
+/* Write the MPI contained in MPINT to STREAM. */
+static gpg_error_t
+stream_write_mpi (estream_t stream, gcry_mpi_t mpint)
+{
+ unsigned char *mpi_buffer;
+ size_t mpi_buffer_n;
+ gpg_error_t err;
+
+ mpi_buffer = NULL;
+
+ err = gcry_mpi_aprint (GCRYMPI_FMT_STD, &mpi_buffer, &mpi_buffer_n, mpint);
+ if (err)
+ goto out;
+
+ err = stream_write_string (stream, mpi_buffer, mpi_buffer_n);
+
+ out:
+
+ xfree (mpi_buffer);
+
+ return err;
+}
+
+/* Copy data from SRC to DST until EOF is reached. */
+static gpg_error_t
+stream_copy (estream_t dst, estream_t src)
+{
+ char buffer[BUFSIZ];
+ size_t bytes_read;
+ gpg_error_t err;
+ int ret;
+
+ err = 0;
+ while (1)
+ {
+ ret = es_read (src, buffer, sizeof (buffer), &bytes_read);
+ if (ret || (! bytes_read))
+ {
+ if (ret)
+ err = gpg_error_from_syserror ();
+ break;
+ }
+ ret = es_write (dst, buffer, bytes_read, NULL);
+ if (ret)
+ {
+ err = gpg_error_from_syserror ();
+ break;
+ }
+ }
+
+ return err;
+}
+
+
+/* Read the content of the file specified by FILENAME into a newly
+ create buffer, which is to be stored in BUFFER; store length of
+ buffer in BUFFER_N. */
+static gpg_error_t
+file_to_buffer (const char *filename, unsigned char **buffer, size_t *buffer_n)
+{
+ unsigned char *buffer_new;
+ struct stat statbuf;
+ estream_t stream;
+ gpg_error_t err;
+ int ret;
+
+ *buffer = NULL;
+ *buffer_n = 0;
+
+ buffer_new = NULL;
+ err = 0;
+
+ stream = es_fopen (filename, "r");
+ if (! stream)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ ret = fstat (es_fileno (stream), &statbuf);
+ if (ret)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ buffer_new = xtrymalloc (statbuf.st_size);
+ if (! buffer_new)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ err = stream_read_data (stream, buffer_new, statbuf.st_size);
+ if (err)
+ goto out;
+
+ *buffer = buffer_new;
+ *buffer_n = statbuf.st_size;
+
+ out:
+
+ if (stream)
+ es_fclose (stream);
+
+ if (err)
+ xfree (buffer_new);
+
+ return err;
+}
+
+
+
+
+/* Open the ssh control file and create it if not available. With
+ APPEND passed as true the file will be opened in append mode,
+ otherwise in read only mode. On success a file pointer is stored
+ at the address of R_FP. */
+static gpg_error_t
+open_control_file (FILE **r_fp, int append)
+{
+ gpg_error_t err;
+ char *fname;
+ FILE *fp;
+
+ /* Note: As soon as we start to use non blocking functions here
+ (i.e. where Pth might switch threads) we need to employ a
+ mutex. */
+ *r_fp = NULL;
+ fname = make_filename (opt.homedir, "sshcontrol", NULL);
+ /* FIXME: With "a+" we are not able to check whether this will will
+ be created and thus the blurb needs to be written first. */
+ fp = fopen (fname, append? "a+":"r");
+ if (!fp && errno == ENOENT)
+ {
+ /* Fixme: "x" is a GNU extension. We might want to use the es_
+ functions here. */
+ fp = fopen (fname, "wx");
+ if (!fp)
+ {
+ err = gpg_error (gpg_err_code_from_errno (errno));
+ log_error (_("can't create `%s': %s\n"), fname, gpg_strerror (err));
+ xfree (fname);
+ return err;
+ }
+ fputs (sshcontrolblurb, fp);
+ fclose (fp);
+ fp = fopen (fname, append? "a+":"r");
+ }
+
+ if (!fp)
+ {
+ err = gpg_error (gpg_err_code_from_errno (errno));
+ log_error (_("can't open `%s': %s\n"), fname, gpg_strerror (err));
+ xfree (fname);
+ return err;
+ }
+
+ *r_fp = fp;
+
+ return 0;
+}
+
+
+/* Search the file at stream FP from the beginning until a matching
+ HEXGRIP is found; return success in this case and store true at
+ DISABLED if the found key has been disabled. If R_TTL is not NULL
+ a specified TTL for that key is stored there. If R_CONFIRM is not
+ NULL it is set to 1 if the key has the confirm flag set. */
+static gpg_error_t
+search_control_file (FILE *fp, const char *hexgrip,
+ int *r_disabled, int *r_ttl, int *r_confirm)
+{
+ int c, i, n;
+ char *p, *pend, line[256];
+ long ttl;
+ int lnr = 0;
+ const char fname[] = "sshcontrol";
+
+ assert (strlen (hexgrip) == 40 );
+
+ if (r_confirm)
+ *r_confirm = 0;
+
+ fseek (fp, 0, SEEK_SET);
+ clearerr (fp);
+ *r_disabled = 0;
+ next_line:
+ do
+ {
+ if (!fgets (line, DIM(line)-1, fp) )
+ {
+ if (feof (fp))
+ return gpg_error (GPG_ERR_EOF);
+ return gpg_error (gpg_err_code_from_errno (errno));
+ }
+ lnr++;
+
+ if (!*line || line[strlen(line)-1] != '\n')
+ {
+ /* Eat until end of line */
+ while ( (c=getc (fp)) != EOF && c != '\n')
+ ;
+ return gpg_error (*line? GPG_ERR_LINE_TOO_LONG
+ : GPG_ERR_INCOMPLETE_LINE);
+ }
+
+ /* Allow for empty lines and spaces */
+ for (p=line; spacep (p); p++)
+ ;
+ }
+ while (!*p || *p == '\n' || *p == '#');
+
+ *r_disabled = 0;
+ if (*p == '!')
+ {
+ *r_disabled = 1;
+ for (p++; spacep (p); p++)
+ ;
+ }
+
+ for (i=0; hexdigitp (p) && i < 40; p++, i++)
+ if (hexgrip[i] != (*p >= 'a'? (*p & 0xdf): *p))
+ goto next_line;
+ if (i != 40 || !(spacep (p) || *p == '\n'))
+ {
+ log_error ("invalid formatted line in `%s', line %d\n", fname, lnr);
+ return gpg_error (GPG_ERR_BAD_DATA);
+ }
+
+ ttl = strtol (p, &pend, 10);
+ p = pend;
+ if (!(spacep (p) || *p == '\n') || ttl < -1)
+ {
+ log_error ("invalid TTL value in `%s', line %d; assuming 0\n",
+ fname, lnr);
+ ttl = 0;
+ }
+ if (r_ttl)
+ *r_ttl = ttl;
+
+ /* Now check for key-value pairs of the form NAME[=VALUE]. */
+ while (*p)
+ {
+ for (; spacep (p) && *p != '\n'; p++)
+ ;
+ if (!*p || *p == '\n')
+ break;
+ n = strcspn (p, "= \t\n");
+ if (p[n] == '=')
+ {
+ log_error ("assigning a value to a flag is not yet supported; "
+ "in `%s', line %d; flag ignored\n", fname, lnr);
+ p++;
+ }
+ else if (n == 7 && !memcmp (p, "confirm", 7))
+ {
+ if (r_confirm)
+ *r_confirm = 1;
+ }
+ else
+ log_error ("invalid flag `%.*s' in `%s', line %d; ignored\n",
+ n, p, fname, lnr);
+ p += n;
+ }
+
+ return 0; /* Okay: found it. */
+}
+
+
+
+/* Add an entry to the control file to mark the key with the keygrip
+ HEXGRIP as usable for SSH; i.e. it will be returned when ssh asks
+ for it. FMTFPR is the fingerprint string. This function is in
+ general used to add a key received through the ssh-add function.
+ We can assume that the user wants to allow ssh using this key. */
+static gpg_error_t
+add_control_entry (ctrl_t ctrl, const char *hexgrip, const char *fmtfpr,
+ int ttl, int confirm)
+{
+ gpg_error_t err;
+ FILE *fp;
+ int disabled;
+
+ (void)ctrl;
+
+ err = open_control_file (&fp, 1);
+ if (err)
+ return err;
+
+ err = search_control_file (fp, hexgrip, &disabled, NULL, NULL);
+ if (err && gpg_err_code(err) == GPG_ERR_EOF)
+ {
+ struct tm *tp;
+ time_t atime = time (NULL);
+
+ /* Not yet in the file - add it. Because the file has been
+ opened in append mode, we simply need to write to it. */
+ tp = localtime (&atime);
+ fprintf (fp, ("# Key added on: %04d-%02d-%02d %02d:%02d:%02d\n"
+ "# Fingerprint: %s\n"
+ "%s %d%s\n"),
+ 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
+ tp->tm_hour, tp->tm_min, tp->tm_sec,
+ fmtfpr, hexgrip, ttl, confirm? " confirm":"");
+
+ }
+ fclose (fp);
+ return 0;
+}
+
+
+/* Scan the sshcontrol file and return the TTL. */
+static int
+ttl_from_sshcontrol (const char *hexgrip)
+{
+ FILE *fp;
+ int disabled, ttl;
+
+ if (!hexgrip || strlen (hexgrip) != 40)
+ return 0; /* Wrong input: Use global default. */
+
+ if (open_control_file (&fp, 0))
+ return 0; /* Error: Use the global default TTL. */
+
+ if (search_control_file (fp, hexgrip, &disabled, &ttl, NULL)
+ || disabled)
+ ttl = 0; /* Use the global default if not found or disabled. */
+
+ fclose (fp);
+
+ return ttl;
+}
+
+
+/* Scan the sshcontrol file and return the confirm flag. */
+static int
+confirm_flag_from_sshcontrol (const char *hexgrip)
+{
+ FILE *fp;
+ int disabled, confirm;
+
+ if (!hexgrip || strlen (hexgrip) != 40)
+ return 1; /* Wrong input: Better ask for confirmation. */
+
+ if (open_control_file (&fp, 0))
+ return 1; /* Error: Better ask for confirmation. */
+
+ if (search_control_file (fp, hexgrip, &disabled, NULL, &confirm)
+ || disabled)
+ confirm = 0; /* If not found or disabled, there is no reason to
+ ask for confirmation. */
+
+ fclose (fp);
+
+ return confirm;
+}
+
+
+
+
+
+/*
+
+ MPI lists.
+
+ */
+
+/* Free the list of MPIs MPI_LIST. */
+static void
+mpint_list_free (gcry_mpi_t *mpi_list)
+{
+ if (mpi_list)
+ {
+ unsigned int i;
+
+ for (i = 0; mpi_list[i]; i++)
+ gcry_mpi_release (mpi_list[i]);
+ xfree (mpi_list);
+ }
+}
+
+/* Receive key material MPIs from STREAM according to KEY_SPEC;
+ depending on SECRET expect a public key or secret key. The newly
+ allocated list of MPIs is stored in MPI_LIST. Returns usual error
+ code. */
+static gpg_error_t
+ssh_receive_mpint_list (estream_t stream, int secret,
+ ssh_key_type_spec_t key_spec, gcry_mpi_t **mpi_list)
+{
+ const char *elems_public;
+ unsigned int elems_n;
+ const char *elems;
+ int elem_is_secret;
+ gcry_mpi_t *mpis;
+ gpg_error_t err;
+ unsigned int i;
+
+ mpis = NULL;
+ err = 0;
+
+ if (secret)
+ elems = key_spec.elems_key_secret;
+ else
+ elems = key_spec.elems_key_public;
+ elems_n = strlen (elems);
+
+ elems_public = key_spec.elems_key_public;
+
+ mpis = xtrycalloc (elems_n + 1, sizeof *mpis );
+ if (!mpis)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ elem_is_secret = 0;
+ for (i = 0; i < elems_n; i++)
+ {
+ if (secret)
+ elem_is_secret = ! strchr (elems_public, elems[i]);
+ err = stream_read_mpi (stream, elem_is_secret, &mpis[i]);
+ if (err)
+ break;
+ }
+ if (err)
+ goto out;
+
+ *mpi_list = mpis;
+
+ out:
+
+ if (err)
+ mpint_list_free (mpis);
+
+ return err;
+}
+
+
+
+/* Key modifier function for RSA. */
+static gpg_error_t
+ssh_key_modifier_rsa (const char *elems, gcry_mpi_t *mpis)
+{
+ gcry_mpi_t p;
+ gcry_mpi_t q;
+ gcry_mpi_t u;
+
+ if (strcmp (elems, "nedupq"))
+ /* Modifying only necessary for secret keys. */
+ goto out;
+
+ u = mpis[3];
+ p = mpis[4];
+ q = mpis[5];
+
+ if (gcry_mpi_cmp (p, q) > 0)
+ {
+ /* P shall be smaller then Q! Swap primes. iqmp becomes u. */
+ gcry_mpi_t tmp;
+
+ tmp = mpis[4];
+ mpis[4] = mpis[5];
+ mpis[5] = tmp;
+ }
+ else
+ /* U needs to be recomputed. */
+ gcry_mpi_invm (u, p, q);
+
+ out:
+
+ return 0;
+}
+
+/* Signature encoder function for RSA. */
+static gpg_error_t
+ssh_signature_encoder_rsa (estream_t signature_blob, gcry_mpi_t *mpis)
+{
+ unsigned char *data;
+ size_t data_n;
+ gpg_error_t err;
+ gcry_mpi_t s;
+
+ s = mpis[0];
+
+ err = gcry_mpi_aprint (GCRYMPI_FMT_USG, &data, &data_n, s);
+ if (err)
+ goto out;
+
+ err = stream_write_string (signature_blob, data, data_n);
+ xfree (data);
+
+ out:
+
+ return err;
+}
+
+
+/* Signature encoder function for DSA. */
+static gpg_error_t
+ssh_signature_encoder_dsa (estream_t signature_blob, gcry_mpi_t *mpis)
+{
+ unsigned char buffer[SSH_DSA_SIGNATURE_PADDING * SSH_DSA_SIGNATURE_ELEMS];
+ unsigned char *data;
+ size_t data_n;
+ gpg_error_t err;
+ int i;
+
+ data = NULL;
+
+ for (i = 0; i < 2; i++)
+ {
+ err = gcry_mpi_aprint (GCRYMPI_FMT_USG, &data, &data_n, mpis[i]);
+ if (err)
+ break;
+
+ if (data_n > SSH_DSA_SIGNATURE_PADDING)
+ {
+ err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */
+ break;
+ }
+
+ memset (buffer + (i * SSH_DSA_SIGNATURE_PADDING), 0,
+ SSH_DSA_SIGNATURE_PADDING - data_n);
+ memcpy (buffer + (i * SSH_DSA_SIGNATURE_PADDING)
+ + (SSH_DSA_SIGNATURE_PADDING - data_n), data, data_n);
+
+ xfree (data);
+ data = NULL;
+ }
+ if (err)
+ goto out;
+
+ err = stream_write_string (signature_blob, buffer, sizeof (buffer));
+
+ out:
+
+ xfree (data);
+
+ return err;
+}
+
+/*
+ S-Expressions.
+ */
+
+
+/* This function constructs a new S-Expression for the key identified
+ by the KEY_SPEC, SECRET, MPIS and COMMENT, which is to be stored in
+ *SEXP. Returns usual error code. */
+static gpg_error_t
+sexp_key_construct (gcry_sexp_t *sexp,
+ ssh_key_type_spec_t key_spec, int secret,
+ gcry_mpi_t *mpis, const char *comment)
+{
+ const char *key_identifier[] = { "public-key", "private-key" };
+ gcry_sexp_t sexp_new;
+ char *sexp_template;
+ size_t sexp_template_n;
+ gpg_error_t err;
+ const char *elems;
+ size_t elems_n;
+ unsigned int i;
+ unsigned int j;
+ void **arg_list;
+
+ err = 0;
+ sexp_new = NULL;
+ arg_list = NULL;
+ if (secret)
+ elems = key_spec.elems_sexp_order;
+ else
+ elems = key_spec.elems_key_public;
+ elems_n = strlen (elems);
+
+ /*
+ Calculate size for sexp_template_n:
+
+ "(%s(%s<mpis>)(comment%s))" -> 20 + sizeof (<mpis>).
+
+ mpi: (X%m) -> 5.
+
+ */
+ sexp_template_n = 20 + (elems_n * 5);
+ sexp_template = xtrymalloc (sexp_template_n);
+ if (! sexp_template)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ /* Key identifier, algorithm identifier, mpis, comment. */
+ arg_list = xtrymalloc (sizeof (*arg_list) * (2 + elems_n + 1));
+ if (! arg_list)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ i = 0;
+ arg_list[i++] = &key_identifier[secret];
+ arg_list[i++] = &key_spec.identifier;
+
+ *sexp_template = 0;
+ sexp_template_n = 0;
+ sexp_template_n = sprintf (sexp_template + sexp_template_n, "(%%s(%%s");
+ for (i = 0; i < elems_n; i++)
+ {
+ sexp_template_n += sprintf (sexp_template + sexp_template_n, "(%c%%m)",
+ elems[i]);
+ if (secret)
+ {
+ for (j = 0; j < elems_n; j++)
+ if (key_spec.elems_key_secret[j] == elems[i])
+ break;
+ }
+ else
+ j = i;
+ arg_list[i + 2] = &mpis[j];
+ }
+ sexp_template_n += sprintf (sexp_template + sexp_template_n,
+ ")(comment%%s))");
+
+ arg_list[i + 2] = &comment;
+
+ err = gcry_sexp_build_array (&sexp_new, NULL, sexp_template, arg_list);
+ if (err)
+ goto out;
+
+ *sexp = sexp_new;
+
+ out:
+
+ xfree (arg_list);
+ xfree (sexp_template);
+
+ return err;
+}
+
+/* This functions breaks up the key contained in the S-Expression SEXP
+ according to KEY_SPEC. The MPIs are bundled in a newly create
+ list, which is to be stored in MPIS; a newly allocated string
+ holding the comment will be stored in COMMENT; SECRET will be
+ filled with a boolean flag specifying what kind of key it is.
+ Returns usual error code. */
+static gpg_error_t
+sexp_key_extract (gcry_sexp_t sexp,
+ ssh_key_type_spec_t key_spec, int *secret,
+ gcry_mpi_t **mpis, char **comment)
+{
+ gpg_error_t err;
+ gcry_sexp_t value_list;
+ gcry_sexp_t value_pair;
+ gcry_sexp_t comment_list;
+ unsigned int i;
+ char *comment_new;
+ const char *data;
+ size_t data_n;
+ int is_secret;
+ size_t elems_n;
+ const char *elems;
+ gcry_mpi_t *mpis_new;
+ gcry_mpi_t mpi;
+
+ err = 0;
+ value_list = NULL;
+ value_pair = NULL;
+ comment_list = NULL;
+ comment_new = NULL;
+ mpis_new = NULL;
+
+ data = gcry_sexp_nth_data (sexp, 0, &data_n);
+ if (! data)
+ {
+ err = gpg_error (GPG_ERR_INV_SEXP);
+ goto out;
+ }
+
+ if ((data_n == 10 && !strncmp (data, "public-key", 10))
+ || (data_n == 21 && !strncmp (data, "protected-private-key", 21))
+ || (data_n == 20 && !strncmp (data, "shadowed-private-key", 20)))
+ {
+ is_secret = 0;
+ elems = key_spec.elems_key_public;
+ }
+ else if (data_n == 11 && !strncmp (data, "private-key", 11))
+ {
+ is_secret = 1;
+ elems = key_spec.elems_key_secret;
+ }
+ else
+ {
+ err = gpg_error (GPG_ERR_INV_SEXP);
+ goto out;
+ }
+
+ elems_n = strlen (elems);
+ mpis_new = xtrycalloc (elems_n + 1, sizeof *mpis_new );
+ if (!mpis_new)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ value_list = gcry_sexp_find_token (sexp, key_spec.identifier, 0);
+ if (! value_list)
+ {
+ err = gpg_error (GPG_ERR_INV_SEXP);
+ goto out;
+ }
+
+ for (i = 0; i < elems_n; i++)
+ {
+ value_pair = gcry_sexp_find_token (value_list, elems + i, 1);
+ if (! value_pair)
+ {
+ err = gpg_error (GPG_ERR_INV_SEXP);
+ break;
+ }
+
+ /* Note that we need to use STD format; i.e. prepend a 0x00 to
+ indicate a positive number if the high bit is set. */
+ mpi = gcry_sexp_nth_mpi (value_pair, 1, GCRYMPI_FMT_STD);
+ if (! mpi)
+ {
+ err = gpg_error (GPG_ERR_INV_SEXP);
+ break;
+ }
+ mpis_new[i] = mpi;
+ gcry_sexp_release (value_pair);
+ value_pair = NULL;
+ }
+ if (err)
+ goto out;
+
+ /* We do not require a comment sublist to be present here. */
+ data = NULL;
+ data_n = 0;
+
+ comment_list = gcry_sexp_find_token (sexp, "comment", 0);
+ if (comment_list)
+ data = gcry_sexp_nth_data (comment_list, 1, &data_n);
+ if (! data)
+ {
+ data = "(none)";
+ data_n = 6;
+ }
+
+ comment_new = make_cstring (data, data_n);
+ if (! comment_new)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ if (secret)
+ *secret = is_secret;
+ *mpis = mpis_new;
+ *comment = comment_new;
+
+ out:
+
+ gcry_sexp_release (value_list);
+ gcry_sexp_release (value_pair);
+ gcry_sexp_release (comment_list);
+
+ if (err)
+ {
+ xfree (comment_new);
+ mpint_list_free (mpis_new);
+ }
+
+ return err;
+}
+
+/* Extract the car from SEXP, and create a newly created C-string
+ which is to be stored in IDENTIFIER. */
+static gpg_error_t
+sexp_extract_identifier (gcry_sexp_t sexp, char **identifier)
+{
+ char *identifier_new;
+ gcry_sexp_t sublist;
+ const char *data;
+ size_t data_n;
+ gpg_error_t err;
+
+ identifier_new = NULL;
+ err = 0;
+
+ sublist = gcry_sexp_nth (sexp, 1);
+ if (! sublist)
+ {
+ err = gpg_error (GPG_ERR_INV_SEXP);
+ goto out;
+ }
+
+ data = gcry_sexp_nth_data (sublist, 0, &data_n);
+ if (! data)
+ {
+ err = gpg_error (GPG_ERR_INV_SEXP);
+ goto out;
+ }
+
+ identifier_new = make_cstring (data, data_n);
+ if (! identifier_new)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto out;
+ }
+
+ *identifier = identifier_new;
+
+ out:
+
+ gcry_sexp_release (sublist);
+
+ return err;
+}
+
+
+
+/*
+
+ Key I/O.
+
+*/
+
+/* Search for a key specification entry. If SSH_NAME is not NULL,
+ search for an entry whose "ssh_name" is equal to SSH_NAME;
+ otherwise, search for an entry whose "name" is equal to NAME.
+ Store found entry in SPEC on success, return error otherwise. */
+static gpg_error_t
+ssh_key_type_lookup (const char *ssh_name, const char *name,
+ ssh_key_type_spec_t *spec)
+{
+ gpg_error_t err;
+ unsigned int i;
+
+ for (i = 0; i < DIM (ssh_key_types); i++)
+ if ((ssh_name && (! strcmp (ssh_name, ssh_key_types[i].ssh_identifier)))
+ || (name && (! strcmp (name, ssh_key_types[i].identifier))))
+ break;
+
+ if (i == DIM (ssh_key_types))
+ err = gpg_error (GPG_ERR_NOT_FOUND);
+ else
+ {
+ *spec = ssh_key_types[i];
+ err = 0;
+ }
+
+ return err;
+}
+
+/* Receive a key from STREAM, according to the key specification given
+ as KEY_SPEC. Depending on SECRET, receive a secret or a public
+ key. If READ_COMMENT is true, receive a comment string as well.
+ Constructs a new S-Expression from received data and stores it in
+ KEY_NEW. Returns zero on success or an error code. */
+static gpg_error_t
+ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
+ int read_comment, ssh_key_type_spec_t *key_spec)
+{
+ gpg_error_t err;
+ char *key_type = NULL;
+ char *comment = NULL;
+ gcry_sexp_t key = NULL;
+ ssh_key_type_spec_t spec;
+ gcry_mpi_t *mpi_list = NULL;
+ const char *elems;
+
+
+ err = stream_read_cstring (stream, &key_type);
+ if (err)
+ goto out;
+
+ err = ssh_key_type_lookup (key_type, NULL, &spec);
+ if (err)
+ goto out;
+
+ err = ssh_receive_mpint_list (stream, secret, spec, &mpi_list);
+ if (err)
+ goto out;
+
+ if (read_comment)
+ {
+ err = stream_read_cstring (stream, &comment);
+ if (err)
+ goto out;
+ }
+
+ if (secret)
+ elems = spec.elems_key_secret;
+ else
+ elems = spec.elems_key_public;
+
+ if (spec.key_modifier)
+ {
+ err = (*spec.key_modifier) (elems, mpi_list);
+ if (err)
+ goto out;
+ }
+
+ err = sexp_key_construct (&key, spec, secret, mpi_list, comment? comment:"");
+ if (err)
+ goto out;
+
+ if (key_spec)
+ *key_spec = spec;
+ *key_new = key;
+
+ out:
+
+ mpint_list_free (mpi_list);
+ xfree (key_type);
+ xfree (comment);
+
+ return err;
+}
+
+/* Converts a key of type TYPE, whose key material is given in MPIS,
+ into a newly created binary blob, which is to be stored in
+ BLOB/BLOB_SIZE. Returns zero on success or an error code. */
+static gpg_error_t
+ssh_convert_key_to_blob (unsigned char **blob, size_t *blob_size,
+ const char *type, gcry_mpi_t *mpis)
+{
+ unsigned char *blob_new;
+ long int blob_size_new;
+ estream_t stream;
+ gpg_error_t err;
+ unsigned int i;
+
+ *blob = NULL;
+ *blob_size = 0;
+
+ blob_new = NULL;
+ stream = NULL;
+ err = 0;
+
+ stream = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+");
+ if (! stream)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ err = stream_write_cstring (stream, type);
+ if (err)
+ goto out;
+
+ for (i = 0; mpis[i] && (! err); i++)
+ err = stream_write_mpi (stream, mpis[i]);
+ if (err)
+ goto out;
+
+ blob_size_new = es_ftell (stream);
+ if (blob_size_new == -1)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ err = es_fseek (stream, 0, SEEK_SET);
+ if (err)
+ goto out;
+
+ blob_new = xtrymalloc (blob_size_new);
+ if (! blob_new)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ err = stream_read_data (stream, blob_new, blob_size_new);
+ if (err)
+ goto out;
+
+ *blob = blob_new;
+ *blob_size = blob_size_new;
+
+ out:
+
+ if (stream)
+ es_fclose (stream);
+ if (err)
+ xfree (blob_new);
+
+ return err;
+}
+
+
+/* Write the public key KEY_PUBLIC to STREAM in SSH key format. If
+ OVERRIDE_COMMENT is not NULL, it will be used instead of the
+ comment stored in the key. */
+static gpg_error_t
+ssh_send_key_public (estream_t stream, gcry_sexp_t key_public,
+ const char *override_comment)
+{
+ ssh_key_type_spec_t spec;
+ gcry_mpi_t *mpi_list;
+ char *key_type;
+ char *comment;
+ unsigned char *blob;
+ size_t blob_n;
+ gpg_error_t err;
+
+ key_type = NULL;
+ mpi_list = NULL;
+ comment = NULL;
+ blob = NULL;
+
+ err = sexp_extract_identifier (key_public, &key_type);
+ if (err)
+ goto out;
+
+ err = ssh_key_type_lookup (NULL, key_type, &spec);
+ if (err)
+ goto out;
+
+ err = sexp_key_extract (key_public, spec, NULL, &mpi_list, &comment);
+ if (err)
+ goto out;
+
+ err = ssh_convert_key_to_blob (&blob, &blob_n,
+ spec.ssh_identifier, mpi_list);
+ if (err)
+ goto out;
+
+ err = stream_write_string (stream, blob, blob_n);
+ if (err)
+ goto out;
+
+ err = stream_write_cstring (stream,
+ override_comment? override_comment : comment);
+
+ out:
+
+ mpint_list_free (mpi_list);
+ xfree (key_type);
+ xfree (comment);
+ xfree (blob);
+
+ return err;
+}
+
+/* Read a public key out of BLOB/BLOB_SIZE according to the key
+ specification given as KEY_SPEC, storing the new key in KEY_PUBLIC.
+ Returns zero on success or an error code. */
+static gpg_error_t
+ssh_read_key_public_from_blob (unsigned char *blob, size_t blob_size,
+ gcry_sexp_t *key_public,
+ ssh_key_type_spec_t *key_spec)
+{
+ estream_t blob_stream;
+ gpg_error_t err;
+
+ err = 0;
+
+ blob_stream = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+");
+ if (! blob_stream)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ err = stream_write_data (blob_stream, blob, blob_size);
+ if (err)
+ goto out;
+
+ err = es_fseek (blob_stream, 0, SEEK_SET);
+ if (err)
+ goto out;
+
+ err = ssh_receive_key (blob_stream, key_public, 0, 0, key_spec);
+
+ out:
+
+ if (blob_stream)
+ es_fclose (blob_stream);
+
+ return err;
+}
+
+
+
+/* This function calculates the key grip for the key contained in the
+ S-Expression KEY and writes it to BUFFER, which must be large
+ enough to hold it. Returns usual error code. */
+static gpg_error_t
+ssh_key_grip (gcry_sexp_t key, unsigned char *buffer)
+{
+ if (!gcry_pk_get_keygrip (key, buffer))
+ return gpg_error (GPG_ERR_INTERNAL);
+
+ return 0;
+}
+
+
+/* Converts the secret key KEY_SECRET into a public key, storing it in
+ KEY_PUBLIC. SPEC is the according key specification. Returns zero
+ on success or an error code. */
+static gpg_error_t
+key_secret_to_public (gcry_sexp_t *key_public,
+ ssh_key_type_spec_t spec, gcry_sexp_t key_secret)
+{
+ char *comment;
+ gcry_mpi_t *mpis;
+ gpg_error_t err;
+ int is_secret;
+
+ comment = NULL;
+ mpis = NULL;
+
+ err = sexp_key_extract (key_secret, spec, &is_secret, &mpis, &comment);
+ if (err)
+ goto out;
+
+ err = sexp_key_construct (key_public, spec, 0, mpis, comment);
+
+ out:
+
+ mpint_list_free (mpis);
+ xfree (comment);
+
+ return err;
+}
+
+
+/* Check whether a smartcard is available and whether it has a usable
+ key. Store a copy of that key at R_PK and return 0. If no key is
+ available store NULL at R_PK and return an error code. If CARDSN
+ is not NULL, a string with the serial number of the card will be
+ a malloced and stored there. */
+static gpg_error_t
+card_key_available (ctrl_t ctrl, gcry_sexp_t *r_pk, char **cardsn)
+{
+ gpg_error_t err;
+ char *authkeyid;
+ char *serialno = NULL;
+ unsigned char *pkbuf;
+ size_t pkbuflen;
+ gcry_sexp_t s_pk;
+ unsigned char grip[20];
+
+ *r_pk = NULL;
+ if (cardsn)
+ *cardsn = NULL;
+
+ /* First see whether a card is available and whether the application
+ is supported. */
+ err = agent_card_getattr (ctrl, "$AUTHKEYID", &authkeyid);
+ if ( gpg_err_code (err) == GPG_ERR_CARD_REMOVED )
+ {
+ /* Ask for the serial number to reset the card. */
+ err = agent_card_serialno (ctrl, &serialno);
+ if (err)
+ {
+ if (opt.verbose)
+ log_info (_("error getting serial number of card: %s\n"),
+ gpg_strerror (err));
+ return err;
+ }
+ log_info (_("detected card with S/N: %s\n"), serialno);
+ err = agent_card_getattr (ctrl, "$AUTHKEYID", &authkeyid);
+ }
+ if (err)
+ {
+ log_error (_("error getting default authentication keyID of card: %s\n"),
+ gpg_strerror (err));
+ xfree (serialno);
+ return err;
+ }
+
+ /* Get the S/N if we don't have it yet. Use the fast getattr method. */
+ if (!serialno && (err = agent_card_getattr (ctrl, "SERIALNO", &serialno)) )
+ {
+ log_error (_("error getting serial number of card: %s\n"),
+ gpg_strerror (err));
+ xfree (authkeyid);
+ return err;
+ }
+
+ /* Read the public key. */
+ err = agent_card_readkey (ctrl, authkeyid, &pkbuf);
+ if (err)
+ {
+ if (opt.verbose)
+ log_info (_("no suitable card key found: %s\n"), gpg_strerror (err));
+ xfree (serialno);
+ xfree (authkeyid);
+ return err;
+ }
+
+ pkbuflen = gcry_sexp_canon_len (pkbuf, 0, NULL, NULL);
+ err = gcry_sexp_sscan (&s_pk, NULL, (char*)pkbuf, pkbuflen);
+ if (err)
+ {
+ log_error ("failed to build S-Exp from received card key: %s\n",
+ gpg_strerror (err));
+ xfree (pkbuf);
+ xfree (serialno);
+ xfree (authkeyid);
+ return err;
+ }
+
+ err = ssh_key_grip (s_pk, grip);
+ if (err)
+ {
+ log_debug ("error computing keygrip from received card key: %s\n",
+ gcry_strerror (err));
+ xfree (pkbuf);
+ gcry_sexp_release (s_pk);
+ xfree (serialno);
+ xfree (authkeyid);
+ return err;
+ }
+
+ if ( agent_key_available (grip) )
+ {
+ /* (Shadow)-key is not available in our key storage. */
+ unsigned char *shadow_info;
+ unsigned char *tmp;
+
+ shadow_info = make_shadow_info (serialno, authkeyid);
+ if (!shadow_info)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (pkbuf);
+ gcry_sexp_release (s_pk);
+ xfree (serialno);
+ xfree (authkeyid);
+ return err;
+ }
+ err = agent_shadow_key (pkbuf, shadow_info, &tmp);
+ xfree (shadow_info);
+ if (err)
+ {
+ log_error (_("shadowing the key failed: %s\n"), gpg_strerror (err));
+ xfree (pkbuf);
+ gcry_sexp_release (s_pk);
+ xfree (serialno);
+ xfree (authkeyid);
+ return err;
+ }
+ xfree (pkbuf);
+ pkbuf = tmp;
+ pkbuflen = gcry_sexp_canon_len (pkbuf, 0, NULL, NULL);
+ assert (pkbuflen);
+
+ err = agent_write_private_key (grip, pkbuf, pkbuflen, 0);
+ if (err)
+ {
+ log_error (_("error writing key: %s\n"), gpg_strerror (err));
+ xfree (pkbuf);
+ gcry_sexp_release (s_pk);
+ xfree (serialno);
+ xfree (authkeyid);
+ return err;
+ }
+ }
+
+ if (cardsn)
+ {
+ char *dispsn;
+
+ /* If the card handler is able to return a short serialnumber,
+ use that one, else use the complete serialno. */
+ if (!agent_card_getattr (ctrl, "$DISPSERIALNO", &dispsn))
+ {
+ *cardsn = xtryasprintf ("cardno:%s", dispsn);
+ xfree (dispsn);
+ }
+ else
+ *cardsn = xtryasprintf ("cardno:%s", serialno);
+ if (!*cardsn)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (pkbuf);
+ gcry_sexp_release (s_pk);
+ xfree (serialno);
+ xfree (authkeyid);
+ return err;
+ }
+ }
+
+ xfree (pkbuf);
+ xfree (serialno);
+ xfree (authkeyid);
+ *r_pk = s_pk;
+ return 0;
+}
+
+
+
+
+/*
+
+ Request handler. Each handler is provided with a CTRL context, a
+ REQUEST object and a RESPONSE object. The actual request is to be
+ read from REQUEST, the response needs to be written to RESPONSE.
+
+*/
+
+
+/* Handler for the "request_identities" command. */
+static gpg_error_t
+ssh_handler_request_identities (ctrl_t ctrl,
+ estream_t request, estream_t response)
+{
+ char *key_type;
+ ssh_key_type_spec_t spec;
+ struct dirent *dir_entry;
+ char *key_directory;
+ size_t key_directory_n;
+ char *key_path;
+ unsigned char *buffer;
+ size_t buffer_n;
+ u32 key_counter;
+ estream_t key_blobs;
+ gcry_sexp_t key_secret;
+ gcry_sexp_t key_public;
+ DIR *dir;
+ gpg_error_t err;
+ int ret;
+ FILE *ctrl_fp = NULL;
+ char *cardsn;
+ gpg_error_t ret_err;
+
+ (void)request;
+
+ /* Prepare buffer stream. */
+
+ key_directory = NULL;
+ key_secret = NULL;
+ key_public = NULL;
+ key_type = NULL;
+ key_path = NULL;
+ key_counter = 0;
+ buffer = NULL;
+ dir = NULL;
+ err = 0;
+
+ key_blobs = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+");
+ if (! key_blobs)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ /* Open key directory. */
+ key_directory = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, NULL);
+ if (! key_directory)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto out;
+ }
+ key_directory_n = strlen (key_directory);
+
+ key_path = xtrymalloc (key_directory_n + 46);
+ if (! key_path)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto out;
+ }
+
+ sprintf (key_path, "%s/", key_directory);
+ sprintf (key_path + key_directory_n + 41, ".key");
+
+ dir = opendir (key_directory);
+ if (! dir)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto out;
+ }
+
+
+
+ /* First check whether a key is currently available in the card
+ reader - this should be allowed even without being listed in
+ sshcontrol. */
+
+ if (!card_key_available (ctrl, &key_public, &cardsn))
+ {
+ err = ssh_send_key_public (key_blobs, key_public, cardsn);
+ gcry_sexp_release (key_public);
+ key_public = NULL;
+ xfree (cardsn);
+ if (err)
+ goto out;
+
+ key_counter++;
+ }
+
+
+ /* Then look at all the registered an allowed keys. */
+
+
+ /* Fixme: We should better iterate over the control file and check
+ whether the key file is there. This is better in resepct to
+ performance if tehre are a lot of key sin our key storage. */
+ /* FIXME: make sure that buffer gets deallocated properly. */
+ err = open_control_file (&ctrl_fp, 0);
+ if (err)
+ goto out;
+
+ while ( (dir_entry = readdir (dir)) )
+ {
+ if ((strlen (dir_entry->d_name) == 44)
+ && (! strncmp (dir_entry->d_name + 40, ".key", 4)))
+ {
+ char hexgrip[41];
+ int disabled;
+
+ /* We do only want to return keys listed in our control
+ file. */
+ strncpy (hexgrip, dir_entry->d_name, 40);
+ hexgrip[40] = 0;
+ if ( strlen (hexgrip) != 40 )
+ continue;
+ if (search_control_file (ctrl_fp, hexgrip, &disabled, NULL, NULL)
+ || disabled)
+ continue;
+
+ strncpy (key_path + key_directory_n + 1, dir_entry->d_name, 40);
+
+ /* Read file content. */
+ err = file_to_buffer (key_path, &buffer, &buffer_n);
+ if (err)
+ goto out;
+
+ err = gcry_sexp_sscan (&key_secret, NULL, (char*)buffer, buffer_n);
+ if (err)
+ goto out;
+
+ xfree (buffer);
+ buffer = NULL;
+
+ err = sexp_extract_identifier (key_secret, &key_type);
+ if (err)
+ goto out;
+
+ err = ssh_key_type_lookup (NULL, key_type, &spec);
+ if (err)
+ goto out;
+
+ xfree (key_type);
+ key_type = NULL;
+
+ err = key_secret_to_public (&key_public, spec, key_secret);
+ if (err)
+ goto out;
+
+ gcry_sexp_release (key_secret);
+ key_secret = NULL;
+
+ err = ssh_send_key_public (key_blobs, key_public, NULL);
+ if (err)
+ goto out;
+
+ gcry_sexp_release (key_public);
+ key_public = NULL;
+
+ key_counter++;
+ }
+ }
+
+ ret = es_fseek (key_blobs, 0, SEEK_SET);
+ if (ret)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ out:
+
+ /* Send response. */
+
+ gcry_sexp_release (key_secret);
+ gcry_sexp_release (key_public);
+
+ if (! err)
+ {
+ ret_err = stream_write_byte (response, SSH_RESPONSE_IDENTITIES_ANSWER);
+ if (ret_err)
+ goto leave;
+ ret_err = stream_write_uint32 (response, key_counter);
+ if (ret_err)
+ goto leave;
+ ret_err = stream_copy (response, key_blobs);
+ if (ret_err)
+ goto leave;
+ }
+ else
+ {
+ ret_err = stream_write_byte (response, SSH_RESPONSE_FAILURE);
+ goto leave;
+ };
+
+ leave:
+
+ if (key_blobs)
+ es_fclose (key_blobs);
+ if (dir)
+ closedir (dir);
+
+ if (ctrl_fp)
+ fclose (ctrl_fp);
+
+ xfree (key_directory);
+ xfree (key_path);
+ xfree (buffer);
+ xfree (key_type);
+
+ return ret_err;
+}
+
+
+/* This function hashes the data contained in DATA of size DATA_N
+ according to the message digest algorithm specified by MD_ALGORITHM
+ and writes the message digest to HASH, which needs to large enough
+ for the digest. */
+static gpg_error_t
+data_hash (unsigned char *data, size_t data_n,
+ int md_algorithm, unsigned char *hash)
+{
+ gcry_md_hash_buffer (md_algorithm, hash, data, data_n);
+
+ return 0;
+}
+
+/* This function signs the data contained in CTRL, stores the created
+ signature in newly allocated memory in SIG and it's size in SIG_N;
+ SIG_ENCODER is the signature encoder to use. */
+static gpg_error_t
+data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder,
+ unsigned char **sig, size_t *sig_n)
+{
+ gpg_error_t err;
+ gcry_sexp_t signature_sexp = NULL;
+ estream_t stream = NULL;
+ gcry_sexp_t valuelist = NULL;
+ gcry_sexp_t sublist = NULL;
+ gcry_mpi_t sig_value = NULL;
+ unsigned char *sig_blob = NULL;
+ size_t sig_blob_n = 0;
+ char *identifier = NULL;
+ const char *identifier_raw;
+ size_t identifier_n;
+ ssh_key_type_spec_t spec;
+ int ret;
+ unsigned int i;
+ const char *elems;
+ size_t elems_n;
+ gcry_mpi_t *mpis = NULL;
+ char hexgrip[40+1];
+
+ *sig = NULL;
+ *sig_n = 0;
+
+ /* Quick check to see whether we have a valid keygrip and convert it
+ to hex. */
+ if (!ctrl->have_keygrip)
+ {
+ err = gpg_error (GPG_ERR_NO_SECKEY);
+ goto out;
+ }
+ bin2hex (ctrl->keygrip, 20, hexgrip);
+
+ /* Ask for confirmation if needed. */
+ if (confirm_flag_from_sshcontrol (hexgrip))
+ {
+ gcry_sexp_t key;
+ char *fpr, *prompt;
+ char *comment = NULL;
+
+ err = agent_raw_key_from_file (ctrl, ctrl->keygrip, &key);
+ if (err)
+ goto out;
+ err = ssh_get_fingerprint_string (key, &fpr);
+ if (!err)
+ {
+ gcry_sexp_t tmpsxp = gcry_sexp_find_token (key, "comment", 0);
+ if (tmpsxp)
+ comment = gcry_sexp_nth_string (tmpsxp, 1);
+ gcry_sexp_release (tmpsxp);
+ }
+ gcry_sexp_release (key);
+ if (err)
+ goto out;
+ prompt = xtryasprintf (_("An ssh process requested the use of key%%0A"
+ " %s%%0A"
+ " (%s)%%0A"
+ "Do you want to allow this?"),
+ fpr, comment? comment:"");
+ xfree (fpr);
+ gcry_free (comment);
+ err = agent_get_confirmation (ctrl, prompt, _("Allow"), _("Deny"), 0);
+ xfree (prompt);
+ if (err)
+ goto out;
+ }
+
+ /* Create signature. */
+ ctrl->use_auth_call = 1;
+ err = agent_pksign_do (ctrl,
+ _("Please enter the passphrase "
+ "for the ssh key%%0A %F%%0A (%c)"),
+ &signature_sexp,
+ CACHE_MODE_SSH, ttl_from_sshcontrol);
+ ctrl->use_auth_call = 0;
+ if (err)
+ goto out;
+
+ valuelist = gcry_sexp_nth (signature_sexp, 1);
+ if (! valuelist)
+ {
+ err = gpg_error (GPG_ERR_INV_SEXP);
+ goto out;
+ }
+
+ stream = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+");
+ if (! stream)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ identifier_raw = gcry_sexp_nth_data (valuelist, 0, &identifier_n);
+ if (! identifier_raw)
+ {
+ err = gpg_error (GPG_ERR_INV_SEXP);
+ goto out;
+ }
+
+ identifier = make_cstring (identifier_raw, identifier_n);
+ if (! identifier)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ err = ssh_key_type_lookup (NULL, identifier, &spec);
+ if (err)
+ goto out;
+
+ err = stream_write_cstring (stream, spec.ssh_identifier);
+ if (err)
+ goto out;
+
+ elems = spec.elems_signature;
+ elems_n = strlen (elems);
+
+ mpis = xtrycalloc (elems_n + 1, sizeof *mpis);
+ if (!mpis)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ for (i = 0; i < elems_n; i++)
+ {
+ sublist = gcry_sexp_find_token (valuelist, spec.elems_signature + i, 1);
+ if (! sublist)
+ {
+ err = gpg_error (GPG_ERR_INV_SEXP);
+ break;
+ }
+
+ sig_value = gcry_sexp_nth_mpi (sublist, 1, GCRYMPI_FMT_USG);
+ if (! sig_value)
+ {
+ err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */
+ break;
+ }
+ gcry_sexp_release (sublist);
+ sublist = NULL;
+
+ mpis[i] = sig_value;
+ }
+ if (err)
+ goto out;
+
+ err = (*sig_encoder) (stream, mpis);
+ if (err)
+ goto out;
+
+ sig_blob_n = es_ftell (stream);
+ if (sig_blob_n == -1)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ sig_blob = xtrymalloc (sig_blob_n);
+ if (! sig_blob)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ ret = es_fseek (stream, 0, SEEK_SET);
+ if (ret)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ err = stream_read_data (stream, sig_blob, sig_blob_n);
+ if (err)
+ goto out;
+
+ *sig = sig_blob;
+ *sig_n = sig_blob_n;
+
+ out:
+
+ if (err)
+ xfree (sig_blob);
+
+ if (stream)
+ es_fclose (stream);
+ gcry_sexp_release (valuelist);
+ gcry_sexp_release (signature_sexp);
+ gcry_sexp_release (sublist);
+ mpint_list_free (mpis);
+ xfree (identifier);
+
+ return err;
+}
+
+/* Handler for the "sign_request" command. */
+static gpg_error_t
+ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
+{
+ gcry_sexp_t key;
+ ssh_key_type_spec_t spec;
+ unsigned char hash[MAX_DIGEST_LEN];
+ unsigned int hash_n;
+ unsigned char key_grip[20];
+ unsigned char *key_blob;
+ u32 key_blob_size;
+ unsigned char *data;
+ unsigned char *sig;
+ size_t sig_n;
+ u32 data_size;
+ u32 flags;
+ gpg_error_t err;
+ gpg_error_t ret_err;
+
+ key_blob = NULL;
+ data = NULL;
+ sig = NULL;
+ key = NULL;
+
+ /* Receive key. */
+
+ err = stream_read_string (request, 0, &key_blob, &key_blob_size);
+ if (err)
+ goto out;
+
+ err = ssh_read_key_public_from_blob (key_blob, key_blob_size, &key, &spec);
+ if (err)
+ goto out;
+
+ /* Receive data to sign. */
+ err = stream_read_string (request, 0, &data, &data_size);
+ if (err)
+ goto out;
+
+ /* FIXME? */
+ err = stream_read_uint32 (request, &flags);
+ if (err)
+ goto out;
+
+ /* Hash data. */
+ hash_n = gcry_md_get_algo_dlen (GCRY_MD_SHA1);
+ if (! hash_n)
+ {
+ err = gpg_error (GPG_ERR_INTERNAL);
+ goto out;
+ }
+ err = data_hash (data, data_size, GCRY_MD_SHA1, hash);
+ if (err)
+ goto out;
+
+ /* Calculate key grip. */
+ err = ssh_key_grip (key, key_grip);
+ if (err)
+ goto out;
+
+ /* Sign data. */
+
+ ctrl->digest.algo = GCRY_MD_SHA1;
+ memcpy (ctrl->digest.value, hash, hash_n);
+ ctrl->digest.valuelen = hash_n;
+ ctrl->digest.raw_value = ! (spec.flags & SPEC_FLAG_USE_PKCS1V2);
+ ctrl->have_keygrip = 1;
+ memcpy (ctrl->keygrip, key_grip, 20);
+
+ err = data_sign (ctrl, spec.signature_encoder, &sig, &sig_n);
+
+ out:
+
+ /* Done. */
+
+ if (! err)
+ {
+ ret_err = stream_write_byte (response, SSH_RESPONSE_SIGN_RESPONSE);
+ if (ret_err)
+ goto leave;
+ ret_err = stream_write_string (response, sig, sig_n);
+ if (ret_err)
+ goto leave;
+ }
+ else
+ {
+ ret_err = stream_write_byte (response, SSH_RESPONSE_FAILURE);
+ if (ret_err)
+ goto leave;
+ }
+
+ leave:
+
+ gcry_sexp_release (key);
+ xfree (key_blob);
+ xfree (data);
+ xfree (sig);
+
+ return ret_err;
+}
+
+/* This function extracts the comment contained in the key
+ S-Expression KEY and stores a copy in COMMENT. Returns usual error
+ code. */
+static gpg_error_t
+ssh_key_extract_comment (gcry_sexp_t key, char **comment)
+{
+ gcry_sexp_t comment_list;
+ char *comment_new;
+ const char *data;
+ size_t data_n;
+ gpg_error_t err;
+
+ comment_list = gcry_sexp_find_token (key, "comment", 0);
+ if (! comment_list)
+ {
+ err = gpg_error (GPG_ERR_INV_SEXP);
+ goto out;
+ }
+
+ data = gcry_sexp_nth_data (comment_list, 1, &data_n);
+ if (! data)
+ {
+ err = gpg_error (GPG_ERR_INV_SEXP);
+ goto out;
+ }
+
+ comment_new = make_cstring (data, data_n);
+ if (! comment_new)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ *comment = comment_new;
+ err = 0;
+
+ out:
+
+ gcry_sexp_release (comment_list);
+
+ return err;
+}
+
+/* This function converts the key contained in the S-Expression KEY
+ into a buffer, which is protected by the passphrase PASSPHRASE.
+ Returns usual error code. */
+static gpg_error_t
+ssh_key_to_protected_buffer (gcry_sexp_t key, const char *passphrase,
+ unsigned char **buffer, size_t *buffer_n)
+{
+ unsigned char *buffer_new;
+ unsigned int buffer_new_n;
+ gpg_error_t err;
+
+ err = 0;
+ buffer_new_n = gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON, NULL, 0);
+ buffer_new = xtrymalloc_secure (buffer_new_n);
+ if (! buffer_new)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON, buffer_new, buffer_new_n);
+ /* FIXME: guarantee? */
+
+ err = agent_protect (buffer_new, passphrase, buffer, buffer_n);
+
+ out:
+
+ xfree (buffer_new);
+
+ return err;
+}
+
+
+
+/* Callback function to compare the first entered PIN with the one
+ currently being entered. */
+static int
+reenter_compare_cb (struct pin_entry_info_s *pi)
+{
+ const char *pin1 = pi->check_cb_arg;
+
+ if (!strcmp (pin1, pi->pin))
+ return 0; /* okay */
+ return -1;
+}
+
+/* Store the ssh KEY into our local key storage and protect it after
+ asking for a passphrase. Cache that passphrase. TTL is the
+ maximum caching time for that key. If the key already exists in
+ our key storage, don't do anything. When entering a new key also
+ add an entry to the sshcontrol file. */
+static gpg_error_t
+ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl, int confirm)
+{
+ gpg_error_t err;
+ unsigned char key_grip_raw[20];
+ char key_grip[41];
+ unsigned char *buffer = NULL;
+ size_t buffer_n;
+ char *description = NULL;
+ const char *description2 = _("Please re-enter this passphrase");
+ char *comment = NULL;
+ char *key_fpr = NULL;
+ const char *initial_errtext = NULL;
+ unsigned int i;
+ struct pin_entry_info_s *pi = NULL, *pi2;
+
+ err = ssh_key_grip (key, key_grip_raw);
+ if (err)
+ goto out;
+
+ /* Check whether the key is already in our key storage. Don't do
+ anything then. */
+ if ( !agent_key_available (key_grip_raw) )
+ goto out; /* Yes, key is available. */
+
+ err = ssh_get_fingerprint_string (key, &key_fpr);
+ if (err)
+ goto out;
+
+ err = ssh_key_extract_comment (key, &comment);
+ if (err)
+ goto out;
+
+ if ( asprintf (&description,
+ _("Please enter a passphrase to protect"
+ " the received secret key%%0A"
+ " %s%%0A"
+ " %s%%0A"
+ "within gpg-agent's key storage"),
+ key_fpr, comment ? comment : "") < 0)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+
+ pi = gcry_calloc_secure (2, sizeof (*pi) + 100 + 1);
+ if (!pi)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+ pi2 = pi + (sizeof *pi + 100 + 1);
+ pi->max_length = 100;
+ pi->max_tries = 1;
+ pi2->max_length = 100;
+ pi2->max_tries = 1;
+ pi2->check_cb = reenter_compare_cb;
+ pi2->check_cb_arg = pi->pin;
+
+ next_try:
+ err = agent_askpin (ctrl, description, NULL, initial_errtext, pi);
+ initial_errtext = NULL;
+ if (err)
+ goto out;
+
+ /* Unless the passphrase is empty, ask to confirm it. */
+ if (pi->pin && *pi->pin)
+ {
+ err = agent_askpin (ctrl, description2, NULL, NULL, pi2);
+ if (err == -1)
+ { /* The re-entered one did not match and the user did not
+ hit cancel. */
+ initial_errtext = _("does not match - try again");
+ goto next_try;
+ }
+ }
+
+ err = ssh_key_to_protected_buffer (key, pi->pin, &buffer, &buffer_n);
+ if (err)
+ goto out;
+
+ /* Store this key to our key storage. */
+ err = agent_write_private_key (key_grip_raw, buffer, buffer_n, 0);
+ if (err)
+ goto out;
+
+ /* Cache this passphrase. */
+ for (i = 0; i < 20; i++)
+ sprintf (key_grip + 2 * i, "%02X", key_grip_raw[i]);
+
+ err = agent_put_cache (key_grip, CACHE_MODE_SSH, pi->pin, ttl);
+ if (err)
+ goto out;
+
+ /* And add an entry to the sshcontrol file. */
+ err = add_control_entry (ctrl, key_grip, key_fpr, ttl, confirm);
+
+
+ out:
+ if (pi && pi->max_length)
+ wipememory (pi->pin, pi->max_length);
+ xfree (pi);
+ xfree (buffer);
+ xfree (comment);
+ xfree (key_fpr);
+ xfree (description);
+
+ return err;
+}
+
+
+/* This function removes the key contained in the S-Expression KEY
+ from the local key storage, in case it exists there. Returns usual
+ error code. FIXME: this function is a stub. */
+static gpg_error_t
+ssh_identity_drop (gcry_sexp_t key)
+{
+ unsigned char key_grip[21] = { 0 };
+ gpg_error_t err;
+
+ err = ssh_key_grip (key, key_grip);
+ if (err)
+ goto out;
+
+ key_grip[sizeof (key_grip) - 1] = 0;
+
+ /* FIXME: What to do here - forgetting the passphrase or deleting
+ the key from key cache? */
+
+ out:
+
+ return err;
+}
+
+/* Handler for the "add_identity" command. */
+static gpg_error_t
+ssh_handler_add_identity (ctrl_t ctrl, estream_t request, estream_t response)
+{
+ gpg_error_t ret_err;
+ gpg_error_t err;
+ gcry_sexp_t key;
+ unsigned char b;
+ int confirm;
+ int ttl;
+
+ confirm = 0;
+ key = NULL;
+ ttl = 0;
+
+ /* FIXME? */
+ err = ssh_receive_key (request, &key, 1, 1, NULL);
+ if (err)
+ goto out;
+
+ while (1)
+ {
+ err = stream_read_byte (request, &b);
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ {
+ err = 0;
+ break;
+ }
+
+ switch (b)
+ {
+ case SSH_OPT_CONSTRAIN_LIFETIME:
+ {
+ u32 n = 0;
+
+ err = stream_read_uint32 (request, &n);
+ if (! err)
+ ttl = n;
+ break;
+ }
+
+ case SSH_OPT_CONSTRAIN_CONFIRM:
+ {
+ confirm = 1;
+ break;
+ }
+
+ default:
+ /* FIXME: log/bad? */
+ break;
+ }
+ }
+ if (err)
+ goto out;
+
+ err = ssh_identity_register (ctrl, key, ttl, confirm);
+
+ out:
+
+ gcry_sexp_release (key);
+
+ if (! err)
+ ret_err = stream_write_byte (response, SSH_RESPONSE_SUCCESS);
+ else
+ ret_err = stream_write_byte (response, SSH_RESPONSE_FAILURE);
+
+ return ret_err;
+}
+
+/* Handler for the "remove_identity" command. */
+static gpg_error_t
+ssh_handler_remove_identity (ctrl_t ctrl,
+ estream_t request, estream_t response)
+{
+ unsigned char *key_blob;
+ u32 key_blob_size;
+ gcry_sexp_t key;
+ gpg_error_t ret_err;
+ gpg_error_t err;
+
+ (void)ctrl;
+
+ /* Receive key. */
+
+ key_blob = NULL;
+ key = NULL;
+
+ err = stream_read_string (request, 0, &key_blob, &key_blob_size);
+ if (err)
+ goto out;
+
+ err = ssh_read_key_public_from_blob (key_blob, key_blob_size, &key, NULL);
+ if (err)
+ goto out;
+
+ err = ssh_identity_drop (key);
+
+ out:
+
+ xfree (key_blob);
+ gcry_sexp_release (key);
+
+ if (! err)
+ ret_err = stream_write_byte (response, SSH_RESPONSE_SUCCESS);
+ else
+ ret_err = stream_write_byte (response, SSH_RESPONSE_FAILURE);
+
+ return ret_err;
+}
+
+/* FIXME: stub function. Actually useful? */
+static gpg_error_t
+ssh_identities_remove_all (void)
+{
+ gpg_error_t err;
+
+ err = 0;
+
+ /* FIXME: shall we remove _all_ cache entries or only those
+ registered through the ssh emulation? */
+
+ return err;
+}
+
+/* Handler for the "remove_all_identities" command. */
+static gpg_error_t
+ssh_handler_remove_all_identities (ctrl_t ctrl,
+ estream_t request, estream_t response)
+{
+ gpg_error_t ret_err;
+ gpg_error_t err;
+
+ (void)ctrl;
+ (void)request;
+
+ err = ssh_identities_remove_all ();
+
+ if (! err)
+ ret_err = stream_write_byte (response, SSH_RESPONSE_SUCCESS);
+ else
+ ret_err = stream_write_byte (response, SSH_RESPONSE_FAILURE);
+
+ return ret_err;
+}
+
+/* Lock agent? FIXME: stub function. */
+static gpg_error_t
+ssh_lock (void)
+{
+ gpg_error_t err;
+
+ /* FIXME */
+ log_error ("ssh-agent's lock command is not implemented\n");
+ err = 0;
+
+ return err;
+}
+
+/* Unock agent? FIXME: stub function. */
+static gpg_error_t
+ssh_unlock (void)
+{
+ gpg_error_t err;
+
+ log_error ("ssh-agent's unlock command is not implemented\n");
+ err = 0;
+
+ return err;
+}
+
+/* Handler for the "lock" command. */
+static gpg_error_t
+ssh_handler_lock (ctrl_t ctrl, estream_t request, estream_t response)
+{
+ gpg_error_t ret_err;
+ gpg_error_t err;
+
+ (void)ctrl;
+ (void)request;
+
+ err = ssh_lock ();
+
+ if (! err)
+ ret_err = stream_write_byte (response, SSH_RESPONSE_SUCCESS);
+ else
+ ret_err = stream_write_byte (response, SSH_RESPONSE_FAILURE);
+
+ return ret_err;
+}
+
+/* Handler for the "unlock" command. */
+static gpg_error_t
+ssh_handler_unlock (ctrl_t ctrl, estream_t request, estream_t response)
+{
+ gpg_error_t ret_err;
+ gpg_error_t err;
+
+ (void)ctrl;
+ (void)request;
+
+ err = ssh_unlock ();
+
+ if (! err)
+ ret_err = stream_write_byte (response, SSH_RESPONSE_SUCCESS);
+ else
+ ret_err = stream_write_byte (response, SSH_RESPONSE_FAILURE);
+
+ return ret_err;
+}
+
+
+
+/* Return the request specification for the request identified by TYPE
+ or NULL in case the requested request specification could not be
+ found. */
+static ssh_request_spec_t *
+request_spec_lookup (int type)
+{
+ ssh_request_spec_t *spec;
+ unsigned int i;
+
+ for (i = 0; i < DIM (request_specs); i++)
+ if (request_specs[i].type == type)
+ break;
+ if (i == DIM (request_specs))
+ {
+ if (opt.verbose)
+ log_info ("ssh request %u is not supported\n", type);
+ spec = NULL;
+ }
+ else
+ spec = request_specs + i;
+
+ return spec;
+}
+
+/* Process a single request. The request is read from and the
+ response is written to STREAM_SOCK. Uses CTRL as context. Returns
+ zero in case of success, non zero in case of failure. */
+static int
+ssh_request_process (ctrl_t ctrl, estream_t stream_sock)
+{
+ ssh_request_spec_t *spec;
+ estream_t response;
+ estream_t request;
+ unsigned char request_type;
+ gpg_error_t err;
+ int send_err;
+ int ret;
+ unsigned char *request_data;
+ u32 request_data_size;
+ u32 response_size;
+
+ request_data = NULL;
+ response = NULL;
+ request = NULL;
+ send_err = 0;
+
+ /* Create memory streams for request/response data. The entire
+ request will be stored in secure memory, since it might contain
+ secret key material. The response does not have to be stored in
+ secure memory, since we never give out secret keys.
+
+ Note: we only have little secure memory, but there is NO
+ possibility of DoS here; only trusted clients are allowed to
+ connect to the agent. What could happen is that the agent
+ returns out-of-secure-memory errors on requests in case the
+ agent's owner floods his own agent with many large messages.
+ -moritz */
+
+ /* Retrieve request. */
+ err = stream_read_string (stream_sock, 1, &request_data, &request_data_size);
+ if (err)
+ goto out;
+
+ if (opt.verbose > 1)
+ log_info ("received ssh request of length %u\n",
+ (unsigned int)request_data_size);
+
+ if (! request_data_size)
+ {
+ send_err = 1;
+ goto out;
+ /* Broken request; FIXME. */
+ }
+
+ request_type = request_data[0];
+ spec = request_spec_lookup (request_type);
+ if (! spec)
+ {
+ send_err = 1;
+ goto out;
+ /* Unknown request; FIXME. */
+ }
+
+ if (spec->secret_input)
+ request = es_mopen (NULL, 0, 0, 1, realloc_secure, gcry_free, "r+");
+ else
+ request = es_mopen (NULL, 0, 0, 1, gcry_realloc, gcry_free, "r+");
+ if (! request)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+ ret = es_setvbuf (request, NULL, _IONBF, 0);
+ if (ret)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+ err = stream_write_data (request, request_data + 1, request_data_size - 1);
+ if (err)
+ goto out;
+ es_rewind (request);
+
+ response = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+");
+ if (! response)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+
+ if (opt.verbose)
+ log_info ("ssh request handler for %s (%u) started\n",
+ spec->identifier, spec->type);
+
+ err = (*spec->handler) (ctrl, request, response);
+
+ if (opt.verbose)
+ {
+ if (err)
+ log_info ("ssh request handler for %s (%u) failed: %s\n",
+ spec->identifier, spec->type, gpg_strerror (err));
+ else
+ log_info ("ssh request handler for %s (%u) ready\n",
+ spec->identifier, spec->type);
+ }
+
+ if (err)
+ {
+ send_err = 1;
+ goto out;
+ }
+
+ response_size = es_ftell (response);
+ if (opt.verbose > 1)
+ log_info ("sending ssh response of length %u\n",
+ (unsigned int)response_size);
+
+ err = es_fseek (response, 0, SEEK_SET);
+ if (err)
+ {
+ send_err = 1;
+ goto out;
+ }
+
+ err = stream_write_uint32 (stream_sock, response_size);
+ if (err)
+ {
+ send_err = 1;
+ goto out;
+ }
+
+ err = stream_copy (stream_sock, response);
+ if (err)
+ goto out;
+
+ err = es_fflush (stream_sock);
+ if (err)
+ goto out;
+
+ out:
+
+ if (err && es_feof (stream_sock))
+ log_error ("error occured while processing request: %s\n",
+ gpg_strerror (err));
+
+ if (send_err)
+ {
+ if (opt.verbose > 1)
+ log_info ("sending ssh error response\n");
+ err = stream_write_uint32 (stream_sock, 1);
+ if (err)
+ goto leave;
+ err = stream_write_byte (stream_sock, SSH_RESPONSE_FAILURE);
+ if (err)
+ goto leave;
+ }
+
+ leave:
+
+ if (request)
+ es_fclose (request);
+ if (response)
+ es_fclose (response);
+ xfree (request_data); /* FIXME? */
+
+ return !!err;
+}
+
+/* Start serving client on SOCK_CLIENT. */
+void
+start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
+{
+ estream_t stream_sock = NULL;
+ gpg_error_t err = 0;
+ int ret;
+
+ /* Because the ssh protocol does not send us information about the
+ the current TTY setting, we resort here to use those from startup
+ or those explictly set. */
+ {
+ static const char *names[] =
+ {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL};
+ int idx;
+ const char *value;
+
+ for (idx=0; !err && names[idx]; idx++)
+ if (!session_env_getenv (ctrl->session_env, names[idx])
+ && (value = session_env_getenv (opt.startup_env, names[idx])))
+ err = session_env_setenv (ctrl->session_env, names[idx], value);
+
+ if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype)
+ if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype)))
+ err = gpg_error_from_syserror ();
+
+ if (!err && !ctrl->lc_messages && opt.startup_lc_messages)
+ if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages)))
+ err = gpg_error_from_syserror ();
+
+ if (err)
+ {
+ log_error ("error setting default session environment: %s\n",
+ gpg_strerror (err));
+ goto out;
+ }
+ }
+
+
+ /* Create stream from socket. */
+ stream_sock = es_fdopen (FD2INT(sock_client), "r+");
+ if (!stream_sock)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("failed to create stream from socket: %s\n"),
+ gpg_strerror (err));
+ goto out;
+ }
+ /* We have to disable the estream buffering, because the estream
+ core doesn't know about secure memory. */
+ ret = es_setvbuf (stream_sock, NULL, _IONBF, 0);
+ if (ret)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("failed to disable buffering "
+ "on socket stream: %s\n", gpg_strerror (err));
+ goto out;
+ }
+
+ /* Main processing loop. */
+ while ( !ssh_request_process (ctrl, stream_sock) )
+ {
+ /* Check wether we have reached EOF before trying to read
+ another request. */
+ int c;
+
+ c = es_fgetc (stream_sock);
+ if (c == EOF)
+ break;
+ es_ungetc (c, stream_sock);
+ }
+
+ /* Reset the SCD in case it has been used. */
+ agent_reset_scd (ctrl);
+
+
+ out:
+ if (stream_sock)
+ es_fclose (stream_sock);
+}
diff --git a/agent/command.c b/agent/command.c
new file mode 100644
index 0000000..97cf507
--- /dev/null
+++ b/agent/command.c
@@ -0,0 +1,2073 @@
+/* command.c - gpg-agent command handler
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005,
+ * 2006, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* FIXME: we should not use the default assuan buffering but setup
+ some buffering in secure mempory to protect session keys etc. */
+
+#include <config.h>
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#include <assert.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <dirent.h>
+
+#include "agent.h"
+#include <assuan.h>
+#include "i18n.h"
+#include "../common/ssh-utils.h"
+
+/* maximum allowed size of the inquired ciphertext */
+#define MAXLEN_CIPHERTEXT 4096
+/* maximum allowed size of the key parameters */
+#define MAXLEN_KEYPARAM 1024
+
+#define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
+
+
+#if MAX_DIGEST_LEN < 20
+#error MAX_DIGEST_LEN shorter than keygrip
+#endif
+
+/* Data used to associate an Assuan context with local server data */
+struct server_local_s
+{
+ assuan_context_t assuan_ctx;
+ int message_fd;
+ int use_cache_for_signing;
+ char *keydesc; /* Allocated description for the next key
+ operation. */
+ int pause_io_logging; /* Used to suppress I/O logging during a command */
+ int stopme; /* If set to true the agent will be terminated after
+ the end of this session. */
+ int allow_pinentry_notify; /* Set if pinentry notifications should
+ be done. */
+};
+
+
+/* An entry for the getval/putval commands. */
+struct putval_item_s
+{
+ struct putval_item_s *next;
+ size_t off; /* Offset to the value into DATA. */
+ size_t len; /* Length of the value. */
+ char d[1]; /* Key | Nul | value. */
+};
+
+
+/* A list of key value pairs fpr the getval/putval commands. */
+static struct putval_item_s *putval_list;
+
+
+
+/* To help polling clients, we keep track of the number of certain
+ events. This structure keeps those counters. The counters are
+ integers and there should be no problem if they are overflowing as
+ callers need to check only whether a counter changed. The actual
+ values are not meaningful. */
+struct
+{
+ /* Incremented if any of the other counters below changed. */
+ unsigned int any;
+
+ /* Incremented if a key is added or removed from the internal privat
+ key database. */
+ unsigned int key;
+
+ /* Incremented if a change of the card readers stati has been
+ detected. */
+ unsigned int card;
+
+} eventcounter;
+
+
+
+/* Local prototypes. */
+static int command_has_option (const char *cmd, const char *cmdopt);
+
+
+
+
+/* Release the memory buffer MB but first wipe out the used memory. */
+static void
+clear_outbuf (membuf_t *mb)
+{
+ void *p;
+ size_t n;
+
+ p = get_membuf (mb, &n);
+ if (p)
+ {
+ memset (p, 0, n);
+ xfree (p);
+ }
+}
+
+
+/* Write the content of memory buffer MB as assuan data to CTX and
+ wipe the buffer out afterwards. */
+static gpg_error_t
+write_and_clear_outbuf (assuan_context_t ctx, membuf_t *mb)
+{
+ gpg_error_t ae;
+ void *p;
+ size_t n;
+
+ p = get_membuf (mb, &n);
+ if (!p)
+ return out_of_core ();
+ ae = assuan_send_data (ctx, p, n);
+ memset (p, 0, n);
+ xfree (p);
+ return ae;
+}
+
+
+static gpg_error_t
+reset_notify (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ (void) line;
+
+ memset (ctrl->keygrip, 0, 20);
+ ctrl->have_keygrip = 0;
+ ctrl->digest.valuelen = 0;
+
+ xfree (ctrl->server_local->keydesc);
+ ctrl->server_local->keydesc = NULL;
+ return 0;
+}
+
+
+/* Check whether the option NAME appears in LINE */
+static int
+has_option (const char *line, const char *name)
+{
+ const char *s;
+ int n = strlen (name);
+
+ s = strstr (line, name);
+ return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n)));
+}
+
+/* Same as has_option but does only test for the name of the option
+ and ignores an argument, i.e. with NAME being "--hash" it would
+ return true for "--hash" as well as for "--hash=foo". */
+static int
+has_option_name (const char *line, const char *name)
+{
+ const char *s;
+ int n = strlen (name);
+
+ s = strstr (line, name);
+ return (s && (s == line || spacep (s-1))
+ && (!s[n] || spacep (s+n) || s[n] == '='));
+}
+
+/* Return a pointer to the argument of the option with NAME. If such
+ an option is not given, it returns NULL. */
+static char *
+option_value (const char *line, const char *name)
+{
+ char *s;
+ int n = strlen (name);
+
+ s = strstr (line, name);
+ if (s && (s == line || spacep (s-1))
+ && s[n] && (spacep (s+n) || s[n] == '='))
+ {
+ s += n + 1;
+ s += strspn (s, " ");
+ if (*s && !spacep(s))
+ return s;
+ }
+ return NULL;
+}
+
+
+/* Skip over options. It is assumed that leading spaces have been
+ removed (this is the case for lines passed to a handler from
+ assuan). Blanks after the options are also removed. */
+static char *
+skip_options (char *line)
+{
+ while ( *line == '-' && line[1] == '-' )
+ {
+ while (*line && !spacep (line))
+ line++;
+ while (spacep (line))
+ line++;
+ }
+ return line;
+}
+
+
+/* Replace all '+' by a blank. */
+static void
+plus_to_blank (char *s)
+{
+ for (; *s; s++)
+ {
+ if (*s == '+')
+ *s = ' ';
+ }
+}
+
+
+/* Parse a hex string. Return an Assuan error code or 0 on success and the
+ length of the parsed string in LEN. */
+static int
+parse_hexstring (assuan_context_t ctx, const char *string, size_t *len)
+{
+ const char *p;
+ size_t n;
+
+ /* parse the hash value */
+ for (p=string, n=0; hexdigitp (p); p++, n++)
+ ;
+ if (*p != ' ' && *p != '\t' && *p)
+ return set_error (GPG_ERR_ASS_PARAMETER, "invalid hexstring");
+ if ((n&1))
+ return set_error (GPG_ERR_ASS_PARAMETER, "odd number of digits");
+ *len = n;
+ return 0;
+}
+
+/* Parse the keygrip in STRING into the provided buffer BUF. BUF must
+ provide space for 20 bytes. BUF is not changed if the function
+ returns an error. */
+static int
+parse_keygrip (assuan_context_t ctx, const char *string, unsigned char *buf)
+{
+ int rc;
+ size_t n = 0;
+
+ rc = parse_hexstring (ctx, string, &n);
+ if (rc)
+ return rc;
+ n /= 2;
+ if (n != 20)
+ return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of keygrip");
+
+ if (hex2bin (string, buf, 20) < 0)
+ return set_error (GPG_ERR_BUG, "hex2bin");
+
+ return 0;
+}
+
+
+/* Write an assuan status line. */
+gpg_error_t
+agent_write_status (ctrl_t ctrl, const char *keyword, ...)
+{
+ gpg_error_t err = 0;
+ va_list arg_ptr;
+ const char *text;
+ assuan_context_t ctx = ctrl->server_local->assuan_ctx;
+ char buf[950], *p;
+ size_t n;
+
+ va_start (arg_ptr, keyword);
+
+ p = buf;
+ n = 0;
+ while ( (text = va_arg (arg_ptr, const char *)) )
+ {
+ if (n)
+ {
+ *p++ = ' ';
+ n++;
+ }
+ for ( ; *text && n < DIM (buf)-3; n++, text++)
+ {
+ if (*text == '\n')
+ {
+ *p++ = '\\';
+ *p++ = 'n';
+ }
+ else if (*text == '\r')
+ {
+ *p++ = '\\';
+ *p++ = 'r';
+ }
+ else
+ *p++ = *text;
+ }
+ }
+ *p = 0;
+ err = assuan_write_status (ctx, keyword, buf);
+
+ va_end (arg_ptr);
+ return err;
+}
+
+
+/* Helper to notify the client about a launched Pinentry. Because
+ that might disturb some older clients, this is only done if enabled
+ via an option. Returns an gpg error code. */
+gpg_error_t
+agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid)
+{
+ char line[100];
+
+ if (!ctrl || !ctrl->server_local
+ || !ctrl->server_local->allow_pinentry_notify)
+ return 0;
+ snprintf (line, DIM(line)-1, "PINENTRY_LAUNCHED %lu", pid);
+ return assuan_inquire (ctrl->server_local->assuan_ctx, line, NULL, NULL, 0);
+}
+
+
+
+static const char hlp_geteventcounter[] =
+ "GETEVENTCOUNTER\n"
+ "\n"
+ "Return a a status line named EVENTCOUNTER with the current values\n"
+ "of all event counters. The values are decimal numbers in the range\n"
+ "0 to UINT_MAX and wrapping around to 0. The actual values should\n"
+ "not be relied upon, they shall only be used to detect a change.\n"
+ "\n"
+ "The currently defined counters are:\n"
+ "\n"
+ "ANY - Incremented with any change of any of the other counters.\n"
+ "KEY - Incremented for added or removed private keys.\n"
+ "CARD - Incremented for changes of the card readers stati.";
+static gpg_error_t
+cmd_geteventcounter (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ char any_counter[25];
+ char key_counter[25];
+ char card_counter[25];
+
+ (void)line;
+
+ snprintf (any_counter, sizeof any_counter, "%u", eventcounter.any);
+ snprintf (key_counter, sizeof key_counter, "%u", eventcounter.key);
+ snprintf (card_counter, sizeof card_counter, "%u", eventcounter.card);
+
+ return agent_write_status (ctrl, "EVENTCOUNTER",
+ any_counter,
+ key_counter,
+ card_counter,
+ NULL);
+}
+
+
+/* This function should be called once for all key removals or
+ additions. This function is assured not to do any context
+ switches. */
+void
+bump_key_eventcounter (void)
+{
+ eventcounter.key++;
+ eventcounter.any++;
+}
+
+/* This function should be called for all card reader status
+ changes. This function is assured not to do any context
+ switches. */
+void
+bump_card_eventcounter (void)
+{
+ eventcounter.card++;
+ eventcounter.any++;
+}
+
+
+
+
+static const char hlp_istrusted[] =
+ "ISTRUSTED <hexstring_with_fingerprint>\n"
+ "\n"
+ "Return OK when we have an entry with this fingerprint in our\n"
+ "trustlist";
+static gpg_error_t
+cmd_istrusted (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc, n, i;
+ char *p;
+ char fpr[41];
+
+ /* Parse the fingerprint value. */
+ for (p=line,n=0; hexdigitp (p); p++, n++)
+ ;
+ if (*p || !(n == 40 || n == 32))
+ return set_error (GPG_ERR_ASS_PARAMETER, "invalid fingerprint");
+ i = 0;
+ if (n==32)
+ {
+ strcpy (fpr, "00000000");
+ i += 8;
+ }
+ for (p=line; i < 40; p++, i++)
+ fpr[i] = *p >= 'a'? (*p & 0xdf): *p;
+ fpr[i] = 0;
+ rc = agent_istrusted (ctrl, fpr, NULL);
+ if (!rc || gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
+ return rc;
+ else if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF )
+ return gpg_error (GPG_ERR_NOT_TRUSTED);
+ else
+ {
+ log_error ("command is_trusted failed: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+}
+
+
+static const char hlp_listtrusted[] =
+ "LISTTRUSTED\n"
+ "\n"
+ "List all entries from the trustlist.";
+static gpg_error_t
+cmd_listtrusted (assuan_context_t ctx, char *line)
+{
+ int rc;
+
+ (void)line;
+
+ rc = agent_listtrusted (ctx);
+ if (rc)
+ log_error ("command listtrusted failed: %s\n", gpg_strerror (rc));
+ return rc;
+}
+
+
+static const char hlp_martrusted[] =
+ "MARKTRUSTED <hexstring_with_fingerprint> <flag> <display_name>\n"
+ "\n"
+ "Store a new key in into the trustlist.";
+static gpg_error_t
+cmd_marktrusted (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc, n, i;
+ char *p;
+ char fpr[41];
+ int flag;
+
+ /* parse the fingerprint value */
+ for (p=line,n=0; hexdigitp (p); p++, n++)
+ ;
+ if (!spacep (p) || !(n == 40 || n == 32))
+ return set_error (GPG_ERR_ASS_PARAMETER, "invalid fingerprint");
+ i = 0;
+ if (n==32)
+ {
+ strcpy (fpr, "00000000");
+ i += 8;
+ }
+ for (p=line; i < 40; p++, i++)
+ fpr[i] = *p >= 'a'? (*p & 0xdf): *p;
+ fpr[i] = 0;
+
+ while (spacep (p))
+ p++;
+ flag = *p++;
+ if ( (flag != 'S' && flag != 'P') || !spacep (p) )
+ return set_error (GPG_ERR_ASS_PARAMETER, "invalid flag - must be P or S");
+ while (spacep (p))
+ p++;
+
+ rc = agent_marktrusted (ctrl, p, fpr, flag);
+ if (rc)
+ log_error ("command marktrusted failed: %s\n", gpg_strerror (rc));
+ return rc;
+}
+
+
+
+
+static const char hlp_havekey[] =
+ "HAVEKEY <hexstring_with_keygrip>\n"
+ "\n"
+ "Return success when the secret key is available.";
+static gpg_error_t
+cmd_havekey (assuan_context_t ctx, char *line)
+{
+ int rc;
+ unsigned char buf[20];
+
+ rc = parse_keygrip (ctx, line, buf);
+ if (rc)
+ return rc;
+
+ if (agent_key_available (buf))
+ return gpg_error (GPG_ERR_NO_SECKEY);
+
+ return 0;
+}
+
+
+static const char hlp_sigkey[] =
+ "SIGKEY <hexstring_with_keygrip>\n"
+ "SETKEY <hexstring_with_keygrip>\n"
+ "\n"
+ "Set the key used for a sign or decrypt operation.";
+static gpg_error_t
+cmd_sigkey (assuan_context_t ctx, char *line)
+{
+ int rc;
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ rc = parse_keygrip (ctx, line, ctrl->keygrip);
+ if (rc)
+ return rc;
+ ctrl->have_keygrip = 1;
+ return 0;
+}
+
+
+static const char hlp_setkeydesc[] =
+ "SETKEYDESC plus_percent_escaped_string\n"
+ "\n"
+ "Set a description to be used for the next PKSIGN or PKDECRYPT\n"
+ "operation if this operation requires the entry of a passphrase. If\n"
+ "this command is not used a default text will be used. Note, that\n"
+ "this description implictly selects the label used for the entry\n"
+ "box; if the string contains the string PIN (which in general will\n"
+ "not be translated), \"PIN\" is used, otherwise the translation of\n"
+ "\"passphrase\" is used. The description string should not contain\n"
+ "blanks unless they are percent or '+' escaped.\n"
+ "\n"
+ "The description is only valid for the next PKSIGN or PKDECRYPT\n"
+ "operation.";
+static gpg_error_t
+cmd_setkeydesc (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ char *desc, *p;
+
+ for (p=line; *p == ' '; p++)
+ ;
+ desc = p;
+ p = strchr (desc, ' ');
+ if (p)
+ *p = 0; /* We ignore any garbage; we might late use it for other args. */
+
+ if (!desc || !*desc)
+ return set_error (GPG_ERR_ASS_PARAMETER, "no description given");
+
+ /* Note, that we only need to replace the + characters and should
+ leave the other escaping in place because the escaped string is
+ send verbatim to the pinentry which does the unescaping (but not
+ the + replacing) */
+ plus_to_blank (desc);
+
+ xfree (ctrl->server_local->keydesc);
+ ctrl->server_local->keydesc = xtrystrdup (desc);
+ if (!ctrl->server_local->keydesc)
+ return out_of_core ();
+ return 0;
+}
+
+
+static const char hlp_sethash[] =
+ "SETHASH --hash=<name>|<algonumber> <hexstring>\n"
+ "\n"
+ "The client can use this command to tell the server about the data\n"
+ "(which usually is a hash) to be signed.";
+static gpg_error_t
+cmd_sethash (assuan_context_t ctx, char *line)
+{
+ int rc;
+ size_t n;
+ char *p;
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ unsigned char *buf;
+ char *endp;
+ int algo;
+
+ /* Parse the alternative hash options which may be used instead of
+ the algo number. */
+ if (has_option_name (line, "--hash"))
+ {
+ if (has_option (line, "--hash=sha1"))
+ algo = GCRY_MD_SHA1;
+ else if (has_option (line, "--hash=sha224"))
+ algo = GCRY_MD_SHA224;
+ else if (has_option (line, "--hash=sha256"))
+ algo = GCRY_MD_SHA256;
+ else if (has_option (line, "--hash=sha384"))
+ algo = GCRY_MD_SHA384;
+ else if (has_option (line, "--hash=sha512"))
+ algo = GCRY_MD_SHA512;
+ else if (has_option (line, "--hash=rmd160"))
+ algo = GCRY_MD_RMD160;
+ else if (has_option (line, "--hash=md5"))
+ algo = GCRY_MD_MD5;
+ else if (has_option (line, "--hash=tls-md5sha1"))
+ algo = MD_USER_TLS_MD5SHA1;
+ else
+ return set_error (GPG_ERR_ASS_PARAMETER, "invalid hash algorithm");
+ }
+ else
+ algo = 0;
+
+ line = skip_options (line);
+
+ if (!algo)
+ {
+ /* No hash option has been given: require an algo number instead */
+ algo = (int)strtoul (line, &endp, 10);
+ for (line = endp; *line == ' ' || *line == '\t'; line++)
+ ;
+ if (!algo || gcry_md_test_algo (algo))
+ return set_error (GPG_ERR_UNSUPPORTED_ALGORITHM, NULL);
+ }
+ ctrl->digest.algo = algo;
+
+ /* Parse the hash value. */
+ n = 0;
+ rc = parse_hexstring (ctx, line, &n);
+ if (rc)
+ return rc;
+ n /= 2;
+ if (algo == MD_USER_TLS_MD5SHA1 && n == 36)
+ ;
+ else if (n != 16 && n != 20 && n != 24
+ && n != 28 && n != 32 && n != 48 && n != 64)
+ return set_error (GPG_ERR_ASS_PARAMETER, "unsupported length of hash");
+
+ if (n > MAX_DIGEST_LEN)
+ return set_error (GPG_ERR_ASS_PARAMETER, "hash value to long");
+
+ buf = ctrl->digest.value;
+ ctrl->digest.valuelen = n;
+ for (p=line, n=0; n < ctrl->digest.valuelen; p += 2, n++)
+ buf[n] = xtoi_2 (p);
+ for (; n < ctrl->digest.valuelen; n++)
+ buf[n] = 0;
+ return 0;
+}
+
+
+static const char hlp_pksign[] =
+ "PKSIGN [options]\n"
+ "\n"
+ "Perform the actual sign operation. Neither input nor output are\n"
+ "sensitive to eavesdropping.";
+static gpg_error_t
+cmd_pksign (assuan_context_t ctx, char *line)
+{
+ int rc;
+ cache_mode_t cache_mode = CACHE_MODE_NORMAL;
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ membuf_t outbuf;
+
+ (void)line;
+
+ if (opt.ignore_cache_for_signing)
+ cache_mode = CACHE_MODE_IGNORE;
+ else if (!ctrl->server_local->use_cache_for_signing)
+ cache_mode = CACHE_MODE_IGNORE;
+
+ init_membuf (&outbuf, 512);
+
+ rc = agent_pksign (ctrl, ctrl->server_local->keydesc,
+ &outbuf, cache_mode);
+ if (rc)
+ clear_outbuf (&outbuf);
+ else
+ rc = write_and_clear_outbuf (ctx, &outbuf);
+ if (rc)
+ log_error ("command pksign failed: %s\n", gpg_strerror (rc));
+ xfree (ctrl->server_local->keydesc);
+ ctrl->server_local->keydesc = NULL;
+ return rc;
+}
+
+
+static const char hlp_pkdecrypt[] =
+ "PKDECRYPT <options>\n"
+ "\n"
+ "Perform the actual decrypt operation. Input is not\n"
+ "sensitive to eavesdropping.";
+static gpg_error_t
+cmd_pkdecrypt (assuan_context_t ctx, char *line)
+{
+ int rc;
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ unsigned char *value;
+ size_t valuelen;
+ membuf_t outbuf;
+
+ (void)line;
+
+ /* First inquire the data to decrypt */
+ rc = assuan_inquire (ctx, "CIPHERTEXT",
+ &value, &valuelen, MAXLEN_CIPHERTEXT);
+ if (rc)
+ return rc;
+
+ init_membuf (&outbuf, 512);
+
+ rc = agent_pkdecrypt (ctrl, ctrl->server_local->keydesc,
+ value, valuelen, &outbuf);
+ xfree (value);
+ if (rc)
+ clear_outbuf (&outbuf);
+ else
+ rc = write_and_clear_outbuf (ctx, &outbuf);
+ if (rc)
+ log_error ("command pkdecrypt failed: %s\n", gpg_strerror (rc));
+ xfree (ctrl->server_local->keydesc);
+ ctrl->server_local->keydesc = NULL;
+ return rc;
+}
+
+
+static const char hlp_genkey[] =
+ "GENKEY\n"
+ "\n"
+ "Generate a new key, store the secret part and return the public\n"
+ "part. Here is an example transaction:\n"
+ "\n"
+ " C: GENKEY\n"
+ " S: INQUIRE KEYPARAM\n"
+ " C: D (genkey (rsa (nbits 1024)))\n"
+ " C: END\n"
+ " S: D (public-key\n"
+ " S: D (rsa (n 326487324683264) (e 10001)))\n"
+ " S: OK key created\n"
+ "\n";
+static gpg_error_t
+cmd_genkey (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ unsigned char *value;
+ size_t valuelen;
+ membuf_t outbuf;
+
+ (void)line;
+
+ /* First inquire the parameters */
+ rc = assuan_inquire (ctx, "KEYPARAM", &value, &valuelen, MAXLEN_KEYPARAM);
+ if (rc)
+ return rc;
+
+ init_membuf (&outbuf, 512);
+
+ rc = agent_genkey (ctrl, (char*)value, valuelen, &outbuf);
+ xfree (value);
+ if (rc)
+ clear_outbuf (&outbuf);
+ else
+ rc = write_and_clear_outbuf (ctx, &outbuf);
+ if (rc)
+ log_error ("command genkey failed: %s\n", gpg_strerror (rc));
+ return rc;
+}
+
+
+
+
+static const char hlp_readkey[] =
+ "READKEY <hexstring_with_keygrip>\n"
+ "\n"
+ "Return the public key for the given keygrip.";
+static gpg_error_t
+cmd_readkey (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ unsigned char grip[20];
+ gcry_sexp_t s_pkey = NULL;
+
+ rc = parse_keygrip (ctx, line, grip);
+ if (rc)
+ return rc; /* Return immediately as this is already an Assuan error code.*/
+
+ rc = agent_public_key_from_file (ctrl, grip, &s_pkey);
+ if (!rc)
+ {
+ size_t len;
+ unsigned char *buf;
+
+ len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
+ assert (len);
+ buf = xtrymalloc (len);
+ if (!buf)
+ rc = gpg_error_from_syserror ();
+ else
+ {
+ len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, buf, len);
+ assert (len);
+ rc = assuan_send_data (ctx, buf, len);
+ xfree (buf);
+ }
+ gcry_sexp_release (s_pkey);
+ }
+
+ if (rc)
+ log_error ("command readkey failed: %s\n", gpg_strerror (rc));
+ return rc;
+}
+
+
+
+static const char hlp_keyinfo[] =
+ "KEYINFO [--list] [--data] [--ssh-fpr] <keygrip>\n"
+ "\n"
+ "Return information about the key specified by the KEYGRIP. If the\n"
+ "key is not available GPG_ERR_NOT_FOUND is returned. If the option\n"
+ "--list is given the keygrip is ignored and information about all\n"
+ "available keys are returned. The information is returned as a\n"
+ "status line unless --data was specified, with this format:\n"
+ "\n"
+ " KEYINFO <keygrip> <type> <serialno> <idstr> - - <fpr>\n"
+ "\n"
+ "KEYGRIP is the keygrip.\n"
+ "\n"
+ "TYPE is describes the type of the key:\n"
+ " 'D' - Regular key stored on disk,\n"
+ " 'T' - Key is stored on a smartcard (token).\n"
+ " '-' - Unknown type.\n"
+ "\n"
+ "SERIALNO is an ASCII string with the serial number of the\n"
+ " smartcard. If the serial number is not known a single\n"
+ " dash '-' is used instead.\n"
+ "\n"
+ "IDSTR is the IDSTR used to distinguish keys on a smartcard. If it\n"
+ " is not known a dash is used instead.\n"
+ "\n"
+ "FPR returns the formatted ssh-style fingerprint of the key. It is only\n"
+ " print if the option --ssh-fpr has been used. '-' is printed if the\n"
+ " fingerprint is not available.\n"
+ "\n"
+ "More information may be added in the future.";
+static gpg_error_t
+do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
+ int data, int with_ssh_fpr)
+{
+ gpg_error_t err;
+ char hexgrip[40+1];
+ char *fpr = NULL;
+ int keytype;
+ unsigned char *shadow_info = NULL;
+ char *serialno = NULL;
+ char *idstr = NULL;
+ const char *keytypestr;
+
+ err = agent_key_info_from_file (ctrl, grip, &keytype, &shadow_info);
+ if (err)
+ goto leave;
+
+ /* Reformat the grip so that we use uppercase as good style. */
+ bin2hex (grip, 20, hexgrip);
+
+ if (keytype == PRIVATE_KEY_CLEAR
+ || keytype == PRIVATE_KEY_PROTECTED)
+ keytypestr = "D";
+ else if (keytype == PRIVATE_KEY_SHADOWED)
+ keytypestr = "T";
+ else
+ keytypestr = "-";
+
+ /* Compute the ssh fingerprint if requested. */
+ if (with_ssh_fpr)
+ {
+ gcry_sexp_t key;
+
+ if (!agent_raw_key_from_file (ctrl, grip, &key))
+ {
+ ssh_get_fingerprint_string (key, &fpr);
+ gcry_sexp_release (key);
+ }
+ }
+
+ if (shadow_info)
+ {
+ err = parse_shadow_info (shadow_info, &serialno, &idstr);
+ if (err)
+ goto leave;
+ }
+
+ /* Note that we don't support the CACHED and PROTECTION values as
+ gnupg 2.1 does. We print '-' instead. However we support the
+ ssh fingerprint. */
+ if (!data)
+ err = agent_write_status (ctrl, "KEYINFO",
+ hexgrip,
+ keytypestr,
+ serialno? serialno : "-",
+ idstr? idstr : "-",
+ "-",
+ "-",
+ fpr? fpr : "-",
+ NULL);
+ else
+ {
+ char *string;
+
+ string = xtryasprintf ("%s %s %s %s - - %s\n",
+ hexgrip, keytypestr,
+ serialno? serialno : "-",
+ idstr? idstr : "-",
+ fpr? fpr : "-");
+ if (!string)
+ err = gpg_error_from_syserror ();
+ else
+ err = assuan_send_data (ctx, string, strlen(string));
+ xfree (string);
+ }
+
+ leave:
+ xfree (fpr);
+ xfree (shadow_info);
+ xfree (serialno);
+ xfree (idstr);
+ return err;
+}
+
+
+static gpg_error_t
+cmd_keyinfo (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int err;
+ unsigned char grip[20];
+ DIR *dir = NULL;
+ int list_mode;
+ int opt_data, opt_ssh_fpr;
+
+ list_mode = has_option (line, "--list");
+ opt_data = has_option (line, "--data");
+ opt_ssh_fpr = has_option (line, "--ssh-fpr");
+ line = skip_options (line);
+
+ if (list_mode)
+ {
+ char *dirname;
+ struct dirent *dir_entry;
+ char hexgrip[41];
+
+ dirname = make_filename_try (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, NULL);
+ if (!dirname)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ dir = opendir (dirname);
+ if (!dir)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (dirname);
+ goto leave;
+ }
+ xfree (dirname);
+
+ while ( (dir_entry = readdir (dir)) )
+ {
+ if (strlen (dir_entry->d_name) != 44
+ || strcmp (dir_entry->d_name + 40, ".key"))
+ continue;
+ strncpy (hexgrip, dir_entry->d_name, 40);
+ hexgrip[40] = 0;
+
+ if ( hex2bin (hexgrip, grip, 20) < 0 )
+ continue; /* Bad hex string. */
+
+ err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr);
+ if (err)
+ goto leave;
+ }
+ err = 0;
+ }
+ else
+ {
+ err = parse_keygrip (ctx, line, grip);
+ if (err)
+ goto leave;
+ err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr);
+ }
+
+ leave:
+ if (dir)
+ closedir (dir);
+ if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
+ log_error ("command keyinfo failed: %s\n", gpg_strerror (err));
+ return err;
+}
+
+
+
+static int
+send_back_passphrase (assuan_context_t ctx, int via_data, const char *pw)
+{
+ size_t n;
+ int rc;
+
+ assuan_begin_confidential (ctx);
+ n = strlen (pw);
+ if (via_data)
+ rc = assuan_send_data (ctx, pw, n);
+ else
+ {
+ char *p = xtrymalloc_secure (n*2+1);
+ if (!p)
+ rc = gpg_error_from_syserror ();
+ else
+ {
+ bin2hex (pw, n, p);
+ rc = assuan_set_okay_line (ctx, p);
+ xfree (p);
+ }
+ }
+ return rc;
+}
+
+
+static const char hlp_get_passphrase[] =
+ "GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]]\n"
+ " [--qualitybar] <cache_id>\n"
+ " [<error_message> <prompt> <description>]\n"
+ "\n"
+ "This function is usually used to ask for a passphrase to be used\n"
+ "for conventional encryption, but may also be used by programs which\n"
+ "need specal handling of passphrases. This command uses a syntax\n"
+ "which helps clients to use the agent with minimum effort. The\n"
+ "agent either returns with an error or with a OK followed by the hex\n"
+ "encoded passphrase. Note that the length of the strings is\n"
+ "implicitly limited by the maximum length of a command.\n"
+ "\n"
+ "If the option \"--data\" is used the passphrase is returned by usual\n"
+ "data lines and not on the okay line.\n"
+ "\n"
+ "If the option \"--check\" is used the passphrase constraints checks as\n"
+ "implemented by gpg-agent are applied. A check is not done if the\n"
+ "passphrase has been found in the cache.\n"
+ "\n"
+ "If the option \"--no-ask\" is used and the passphrase is not in the\n"
+ "cache the user will not be asked to enter a passphrase but the error\n"
+ "code GPG_ERR_NO_DATA is returned. \n"
+ "\n"
+ "If the option \"--qualitybar\" is used a visual indication of the\n"
+ "entered passphrase quality is shown. (Unless no minimum passphrase\n"
+ "length has been configured.)";
+static gpg_error_t
+cmd_get_passphrase (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ const char *pw;
+ char *response;
+ char *cacheid = NULL, *desc = NULL, *prompt = NULL, *errtext = NULL;
+ const char *desc2 = _("Please re-enter this passphrase");
+ char *p;
+ void *cache_marker;
+ int opt_data, opt_check, opt_no_ask, opt_qualbar;
+ int opt_repeat = 0;
+ char *repeat_errtext = NULL;
+
+ opt_data = has_option (line, "--data");
+ opt_check = has_option (line, "--check");
+ opt_no_ask = has_option (line, "--no-ask");
+ if (has_option_name (line, "--repeat"))
+ {
+ p = option_value (line, "--repeat");
+ if (p)
+ opt_repeat = atoi (p);
+ else
+ opt_repeat = 1;
+ }
+ opt_qualbar = has_option (line, "--qualitybar");
+ line = skip_options (line);
+
+ cacheid = line;
+ p = strchr (cacheid, ' ');
+ if (p)
+ {
+ *p++ = 0;
+ while (*p == ' ')
+ p++;
+ errtext = p;
+ p = strchr (errtext, ' ');
+ if (p)
+ {
+ *p++ = 0;
+ while (*p == ' ')
+ p++;
+ prompt = p;
+ p = strchr (prompt, ' ');
+ if (p)
+ {
+ *p++ = 0;
+ while (*p == ' ')
+ p++;
+ desc = p;
+ p = strchr (desc, ' ');
+ if (p)
+ *p = 0; /* Ignore trailing garbage. */
+ }
+ }
+ }
+ if (!cacheid || !*cacheid || strlen (cacheid) > 50)
+ return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of cacheID");
+ if (!desc)
+ return set_error (GPG_ERR_ASS_PARAMETER, "no description given");
+
+ if (!strcmp (cacheid, "X"))
+ cacheid = NULL;
+ if (!strcmp (errtext, "X"))
+ errtext = NULL;
+ if (!strcmp (prompt, "X"))
+ prompt = NULL;
+ if (!strcmp (desc, "X"))
+ desc = NULL;
+
+ pw = cacheid ? agent_get_cache (cacheid, CACHE_MODE_NORMAL, &cache_marker)
+ : NULL;
+ if (pw)
+ {
+ rc = send_back_passphrase (ctx, opt_data, pw);
+ agent_unlock_cache_entry (&cache_marker);
+ }
+ else if (opt_no_ask)
+ rc = gpg_error (GPG_ERR_NO_DATA);
+ else
+ {
+ /* Note, that we only need to replace the + characters and
+ should leave the other escaping in place because the escaped
+ string is send verbatim to the pinentry which does the
+ unescaping (but not the + replacing) */
+ if (errtext)
+ plus_to_blank (errtext);
+ if (prompt)
+ plus_to_blank (prompt);
+ if (desc)
+ plus_to_blank (desc);
+
+ next_try:
+ rc = agent_get_passphrase (ctrl, &response, desc, prompt,
+ repeat_errtext? repeat_errtext:errtext,
+ opt_qualbar);
+ xfree (repeat_errtext);
+ repeat_errtext = NULL;
+ if (!rc)
+ {
+ int i;
+
+ if (opt_check && check_passphrase_constraints (ctrl, response, 0))
+ {
+ xfree (response);
+ goto next_try;
+ }
+ for (i = 0; i < opt_repeat; i++)
+ {
+ char *response2;
+
+ rc = agent_get_passphrase (ctrl, &response2, desc2, prompt,
+ errtext, 0);
+ if (rc)
+ break;
+ if (strcmp (response2, response))
+ {
+ xfree (response2);
+ xfree (response);
+ repeat_errtext = try_percent_escape
+ (_("does not match - try again"), NULL);
+ if (!repeat_errtext)
+ {
+ rc = gpg_error_from_syserror ();
+ break;
+ }
+ goto next_try;
+ }
+ xfree (response2);
+ }
+ if (!rc)
+ {
+ if (cacheid)
+ agent_put_cache (cacheid, CACHE_MODE_USER, response, 0);
+ rc = send_back_passphrase (ctx, opt_data, response);
+ }
+ xfree (response);
+ }
+ }
+
+ if (rc)
+ log_error ("command get_passphrase failed: %s\n", gpg_strerror (rc));
+ return rc;
+}
+
+
+static const char hlp_clear_passphrase[] =
+ "CLEAR_PASSPHRASE <cache_id>\n"
+ "\n"
+ "may be used to invalidate the cache entry for a passphrase. The\n"
+ "function returns with OK even when there is no cached passphrase.";
+static gpg_error_t
+cmd_clear_passphrase (assuan_context_t ctx, char *line)
+{
+ char *cacheid = NULL;
+ char *p;
+
+ /* parse the stuff */
+ for (p=line; *p == ' '; p++)
+ ;
+ cacheid = p;
+ p = strchr (cacheid, ' ');
+ if (p)
+ *p = 0; /* ignore garbage */
+ if (!cacheid || !*cacheid || strlen (cacheid) > 50)
+ return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of cacheID");
+
+ agent_put_cache (cacheid, CACHE_MODE_USER, NULL, 0);
+ return 0;
+}
+
+
+static const char hlp_get_confirmation[] =
+ "GET_CONFIRMATION <description>\n"
+ "\n"
+ "This command may be used to ask for a simple confirmation.\n"
+ "DESCRIPTION is displayed along with a Okay and Cancel button. This\n"
+ "command uses a syntax which helps clients to use the agent with\n"
+ "minimum effort. The agent either returns with an error or with a\n"
+ "OK. Note, that the length of DESCRIPTION is implicitly limited by\n"
+ "the maximum length of a command. DESCRIPTION should not contain\n"
+ "any spaces, those must be encoded either percent escaped or simply\n"
+ "as '+'.";
+static gpg_error_t
+cmd_get_confirmation (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ char *desc = NULL;
+ char *p;
+
+ /* parse the stuff */
+ for (p=line; *p == ' '; p++)
+ ;
+ desc = p;
+ p = strchr (desc, ' ');
+ if (p)
+ *p = 0; /* We ignore any garbage -may be later used for other args. */
+
+ if (!desc || !*desc)
+ return set_error (GPG_ERR_ASS_PARAMETER, "no description given");
+
+ if (!strcmp (desc, "X"))
+ desc = NULL;
+
+ /* Note, that we only need to replace the + characters and should
+ leave the other escaping in place because the escaped string is
+ send verbatim to the pinentry which does the unescaping (but not
+ the + replacing) */
+ if (desc)
+ plus_to_blank (desc);
+
+ rc = agent_get_confirmation (ctrl, desc, NULL, NULL, 0);
+ if (rc)
+ log_error ("command get_confirmation failed: %s\n", gpg_strerror (rc));
+ return rc;
+}
+
+
+
+static const char hlp_learn[] =
+ "LEARN [--send]\n"
+ "\n"
+ "Learn something about the currently inserted smartcard. With\n"
+ "--send the new certificates are send back.";
+static gpg_error_t
+cmd_learn (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+
+ rc = agent_handle_learn (ctrl, has_option (line, "--send")? ctx : NULL);
+ if (rc)
+ log_error ("command learn failed: %s\n", gpg_strerror (rc));
+ return rc;
+}
+
+
+
+static const char hlp_passwd[] =
+ "PASSWD <hexstring_with_keygrip>\n"
+ "\n"
+ "Change the passphrase/PIN for the key identified by keygrip in LINE.";
+static gpg_error_t
+cmd_passwd (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ unsigned char grip[20];
+ gcry_sexp_t s_skey = NULL;
+ unsigned char *shadow_info = NULL;
+
+ rc = parse_keygrip (ctx, line, grip);
+ if (rc)
+ goto leave;
+
+ ctrl->in_passwd++;
+ rc = agent_key_from_file (ctrl, ctrl->server_local->keydesc,
+ grip, &shadow_info, CACHE_MODE_IGNORE, NULL,
+ &s_skey);
+ if (rc)
+ ;
+ else if (!s_skey)
+ {
+ log_error ("changing a smartcard PIN is not yet supported\n");
+ rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ }
+ else
+ rc = agent_protect_and_store (ctrl, s_skey);
+ ctrl->in_passwd--;
+
+ xfree (ctrl->server_local->keydesc);
+ ctrl->server_local->keydesc = NULL;
+
+ leave:
+ gcry_sexp_release (s_skey);
+ xfree (shadow_info);
+ if (rc)
+ log_error ("command passwd failed: %s\n", gpg_strerror (rc));
+ return rc;
+}
+
+
+static const char hlp_preset_passphrase[] =
+ "PRESET_PASSPHRASE <string_or_keygrip> <timeout> <hexstring>\n"
+ "\n"
+ "Set the cached passphrase/PIN for the key identified by the keygrip\n"
+ "to passwd for the given time, where -1 means infinite and 0 means\n"
+ "the default (currently only a timeout of -1 is allowed, which means\n"
+ "to never expire it). If passwd is not provided, ask for it via the\n"
+ "pinentry module.";
+static gpg_error_t
+cmd_preset_passphrase (assuan_context_t ctx, char *line)
+{
+ int rc;
+ char *grip_clear = NULL;
+ char *passphrase = NULL;
+ int ttl;
+ size_t len;
+
+ if (!opt.allow_preset_passphrase)
+ return set_error (GPG_ERR_NOT_SUPPORTED, "no --allow-preset-passphrase");
+
+ grip_clear = line;
+ while (*line && (*line != ' ' && *line != '\t'))
+ line++;
+ if (!*line)
+ return gpg_error (GPG_ERR_MISSING_VALUE);
+ *line = '\0';
+ line++;
+ while (*line && (*line == ' ' || *line == '\t'))
+ line++;
+
+ /* Currently, only infinite timeouts are allowed. */
+ ttl = -1;
+ if (line[0] != '-' || line[1] != '1')
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ line++;
+ line++;
+ while (!(*line != ' ' && *line != '\t'))
+ line++;
+
+ /* Syntax check the hexstring. */
+ len = 0;
+ rc = parse_hexstring (ctx, line, &len);
+ if (rc)
+ return rc;
+ line[len] = '\0';
+
+ /* If there is a passphrase, use it. Currently, a passphrase is
+ required. */
+ if (*line)
+ {
+ /* Do in-place conversion. */
+ passphrase = line;
+ if (!hex2str (passphrase, passphrase, strlen (passphrase)+1, NULL))
+ rc = set_error (GPG_ERR_ASS_PARAMETER, "invalid hexstring");
+ }
+ else
+ rc = set_error (GPG_ERR_NOT_IMPLEMENTED, "passphrase is required");
+
+ if (!rc)
+ rc = agent_put_cache (grip_clear, CACHE_MODE_ANY, passphrase, ttl);
+
+ if (rc)
+ log_error ("command preset_passphrase failed: %s\n", gpg_strerror (rc));
+
+ return rc;
+}
+
+
+
+static const char hlp_scd[] =
+ "SCD <commands to pass to the scdaemon>\n"
+ " \n"
+ "This is a general quote command to redirect everything to the\n"
+ "SCdaemon.";
+static gpg_error_t
+cmd_scd (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+
+ rc = divert_generic_cmd (ctrl, line, ctx);
+
+ return rc;
+}
+
+
+
+static const char hlp_getval[] =
+ "GETVAL <key>\n"
+ "\n"
+ "Return the value for KEY from the special environment as created by\n"
+ "PUTVAL.";
+static gpg_error_t
+cmd_getval (assuan_context_t ctx, char *line)
+{
+ int rc = 0;
+ char *key = NULL;
+ char *p;
+ struct putval_item_s *vl;
+
+ for (p=line; *p == ' '; p++)
+ ;
+ key = p;
+ p = strchr (key, ' ');
+ if (p)
+ {
+ *p++ = 0;
+ for (; *p == ' '; p++)
+ ;
+ if (*p)
+ return set_error (GPG_ERR_ASS_PARAMETER, "too many arguments");
+ }
+ if (!key || !*key)
+ return set_error (GPG_ERR_ASS_PARAMETER, "no key given");
+
+
+ for (vl=putval_list; vl; vl = vl->next)
+ if ( !strcmp (vl->d, key) )
+ break;
+
+ if (vl) /* Got an entry. */
+ rc = assuan_send_data (ctx, vl->d+vl->off, vl->len);
+ else
+ return gpg_error (GPG_ERR_NO_DATA);
+
+ if (rc)
+ log_error ("command getval failed: %s\n", gpg_strerror (rc));
+ return rc;
+}
+
+
+static const char hlp_putval[] =
+ "PUTVAL <key> [<percent_escaped_value>]\n"
+ "\n"
+ "The gpg-agent maintains a kind of environment which may be used to\n"
+ "store key/value pairs in it, so that they can be retrieved later.\n"
+ "This may be used by helper daemons to daemonize themself on\n"
+ "invocation and register them with gpg-agent. Callers of the\n"
+ "daemon's service may now first try connect to get the information\n"
+ "for that service from gpg-agent through the GETVAL command and then\n"
+ "try to connect to that daemon. Only if that fails they may start\n"
+ "an own instance of the service daemon. \n"
+ "\n"
+ "KEY is an an arbitrary symbol with the same syntax rules as keys\n"
+ "for shell environment variables. PERCENT_ESCAPED_VALUE is the\n"
+ "corresponsing value; they should be similar to the values of\n"
+ "envronment variables but gpg-agent does not enforce any\n"
+ "restrictions. If that value is not given any value under that KEY\n"
+ "is removed from this special environment.";
+static gpg_error_t
+cmd_putval (assuan_context_t ctx, char *line)
+{
+ int rc = 0;
+ char *key = NULL;
+ char *value = NULL;
+ size_t valuelen = 0;
+ char *p;
+ struct putval_item_s *vl, *vlprev;
+
+ for (p=line; *p == ' '; p++)
+ ;
+ key = p;
+ p = strchr (key, ' ');
+ if (p)
+ {
+ *p++ = 0;
+ for (; *p == ' '; p++)
+ ;
+ if (*p)
+ {
+ value = p;
+ p = strchr (value, ' ');
+ if (p)
+ *p = 0;
+ valuelen = percent_plus_unescape_inplace (value, 0);
+ }
+ }
+ if (!key || !*key)
+ return set_error (GPG_ERR_ASS_PARAMETER, "no key given");
+
+
+ for (vl=putval_list,vlprev=NULL; vl; vlprev=vl, vl = vl->next)
+ if ( !strcmp (vl->d, key) )
+ break;
+
+ if (vl) /* Delete old entry. */
+ {
+ if (vlprev)
+ vlprev->next = vl->next;
+ else
+ putval_list = vl->next;
+ xfree (vl);
+ }
+
+ if (valuelen) /* Add entry. */
+ {
+ vl = xtrymalloc (sizeof *vl + strlen (key) + valuelen);
+ if (!vl)
+ rc = gpg_error_from_syserror ();
+ else
+ {
+ vl->len = valuelen;
+ vl->off = strlen (key) + 1;
+ strcpy (vl->d, key);
+ memcpy (vl->d + vl->off, value, valuelen);
+ vl->next = putval_list;
+ putval_list = vl;
+ }
+ }
+
+ if (rc)
+ log_error ("command putval failed: %s\n", gpg_strerror (rc));
+ return rc;
+}
+
+
+
+
+static const char hlp_updatestartuptty[] =
+ "UPDATESTARTUPTTY\n"
+ "\n"
+ "Set startup TTY and X11 DISPLAY variables to the values of this\n"
+ "session. This command is useful to pull future pinentries to\n"
+ "another screen. It is only required because there is no way in the\n"
+ "ssh-agent protocol to convey this information.";
+static gpg_error_t
+cmd_updatestartuptty (assuan_context_t ctx, char *line)
+{
+ static const char *names[] =
+ { "GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL };
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ gpg_error_t err = 0;
+ session_env_t se;
+ int idx;
+ char *lc_ctype = NULL;
+ char *lc_messages = NULL;
+
+ (void)line;
+
+ se = session_env_new ();
+ if (!se)
+ err = gpg_error_from_syserror ();
+
+ for (idx=0; !err && names[idx]; idx++)
+ {
+ const char *value = session_env_getenv (ctrl->session_env, names[idx]);
+ if (value)
+ err = session_env_setenv (se, names[idx], value);
+ }
+
+ if (!err && ctrl->lc_ctype)
+ if (!(lc_ctype = xtrystrdup (ctrl->lc_ctype)))
+ err = gpg_error_from_syserror ();
+
+ if (!err && ctrl->lc_messages)
+ if (!(lc_messages = xtrystrdup (ctrl->lc_messages)))
+ err = gpg_error_from_syserror ();
+
+ if (err)
+ {
+ session_env_release (se);
+ xfree (lc_ctype);
+ xfree (lc_messages);
+ }
+ else
+ {
+ session_env_release (opt.startup_env);
+ opt.startup_env = se;
+ xfree (opt.startup_lc_ctype);
+ opt.startup_lc_ctype = lc_ctype;
+ xfree (opt.startup_lc_messages);
+ opt.startup_lc_messages = lc_messages;
+ }
+
+ return err;
+}
+
+
+
+static const char hlp_killagent[] =
+ "KILLAGENT\n"
+ "\n"
+ "If the agent has been started using a standard socket\n"
+ "we allow a client to stop the agent.";
+static gpg_error_t
+cmd_killagent (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ (void)line;
+
+ if (!opt.use_standard_socket)
+ return set_error (GPG_ERR_NOT_SUPPORTED, "no --use-standard-socket");
+
+ ctrl->server_local->stopme = 1;
+ return gpg_error (GPG_ERR_EOF);
+}
+
+
+static const char hlp_reloadagent[] =
+ "RELOADAGENT\n"
+ "\n"
+ "This command is an alternative to SIGHUP\n"
+ "to reload the configuration.";
+static gpg_error_t
+cmd_reloadagent (assuan_context_t ctx, char *line)
+{
+ (void)ctx;
+ (void)line;
+
+ agent_sighup_action ();
+ return 0;
+}
+
+
+
+static const char hlp_getinfo[] =
+ "GETINFO <what>\n"
+ "\n"
+ "Multipurpose function to return a variety of information.\n"
+ "Supported values for WHAT are:\n"
+ "\n"
+ " version - Return the version of the program.\n"
+ " pid - Return the process id of the server.\n"
+ " socket_name - Return the name of the socket.\n"
+ " ssh_socket_name - Return the name of the ssh socket.\n"
+ " scd_running - Return OK if the SCdaemon is already running.\n"
+ " std_session_env - List the standard session environment.\n"
+ " std_startup_env - List the standard startup environment.\n"
+ " cmd_has_option\n"
+ " - Returns OK if the command CMD implements the option OPT.";
+static gpg_error_t
+cmd_getinfo (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc = 0;
+
+ if (!strcmp (line, "version"))
+ {
+ const char *s = VERSION;
+ rc = assuan_send_data (ctx, s, strlen (s));
+ }
+ else if (!strcmp (line, "pid"))
+ {
+ char numbuf[50];
+
+ snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ());
+ rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
+ }
+ else if (!strcmp (line, "socket_name"))
+ {
+ const char *s = get_agent_socket_name ();
+
+ if (s)
+ rc = assuan_send_data (ctx, s, strlen (s));
+ else
+ rc = gpg_error (GPG_ERR_NO_DATA);
+ }
+ else if (!strcmp (line, "ssh_socket_name"))
+ {
+ const char *s = get_agent_ssh_socket_name ();
+
+ if (s)
+ rc = assuan_send_data (ctx, s, strlen (s));
+ else
+ rc = gpg_error (GPG_ERR_NO_DATA);
+ }
+ else if (!strcmp (line, "scd_running"))
+ {
+ rc = agent_scd_check_running ()? 0 : gpg_error (GPG_ERR_GENERAL);
+ }
+ else if (!strcmp (line, "s2k_count"))
+ {
+ char numbuf[50];
+
+ snprintf (numbuf, sizeof numbuf, "%lu", get_standard_s2k_count ());
+ rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
+ }
+ else if (!strcmp (line, "std_session_env")
+ || !strcmp (line, "std_startup_env"))
+ {
+ int iterator;
+ const char *name, *value;
+ char *string;
+
+ iterator = 0;
+ while ((name = session_env_list_stdenvnames (&iterator, NULL)))
+ {
+ value = session_env_getenv_or_default
+ (line[5] == 't'? opt.startup_env:ctrl->session_env, name, NULL);
+ if (value)
+ {
+ string = xtryasprintf ("%s=%s", name, value);
+ if (!string)
+ rc = gpg_error_from_syserror ();
+ else
+ {
+ rc = assuan_send_data (ctx, string, strlen (string)+1);
+ if (!rc)
+ rc = assuan_send_data (ctx, NULL, 0);
+ }
+ if (rc)
+ break;
+ }
+ }
+ }
+ else if (!strncmp (line, "cmd_has_option", 14)
+ && (line[14] == ' ' || line[14] == '\t' || !line[14]))
+ {
+ char *cmd, *cmdopt;
+ line += 14;
+ while (*line == ' ' || *line == '\t')
+ line++;
+ if (!*line)
+ rc = gpg_error (GPG_ERR_MISSING_VALUE);
+ else
+ {
+ cmd = line;
+ while (*line && (*line != ' ' && *line != '\t'))
+ line++;
+ if (!*line)
+ rc = gpg_error (GPG_ERR_MISSING_VALUE);
+ else
+ {
+ *line++ = 0;
+ while (*line == ' ' || *line == '\t')
+ line++;
+ if (!*line)
+ rc = gpg_error (GPG_ERR_MISSING_VALUE);
+ else
+ {
+ cmdopt = line;
+ if (!command_has_option (cmd, cmdopt))
+ rc = gpg_error (GPG_ERR_GENERAL);
+ }
+ }
+ }
+ }
+ else
+ rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
+ return rc;
+}
+
+
+
+static gpg_error_t
+option_handler (assuan_context_t ctx, const char *key, const char *value)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ gpg_error_t err = 0;
+
+ if (!strcmp (key, "putenv"))
+ {
+ /* Change the session's environment to be used for the
+ Pinentry. Valid values are:
+ <NAME> Delete envvar NAME
+ <KEY>= Set envvar NAME to the empty string
+ <KEY>=<VALUE> Set envvar NAME to VALUE
+ */
+ err = session_env_putenv (ctrl->session_env, value);
+ }
+ else if (!strcmp (key, "display"))
+ {
+ err = session_env_setenv (ctrl->session_env, "DISPLAY", value);
+ }
+ else if (!strcmp (key, "ttyname"))
+ {
+ if (!opt.keep_tty)
+ err = session_env_setenv (ctrl->session_env, "GPG_TTY", value);
+ }
+ else if (!strcmp (key, "ttytype"))
+ {
+ if (!opt.keep_tty)
+ err = session_env_setenv (ctrl->session_env, "TERM", value);
+ }
+ else if (!strcmp (key, "lc-ctype"))
+ {
+ if (ctrl->lc_ctype)
+ xfree (ctrl->lc_ctype);
+ ctrl->lc_ctype = xtrystrdup (value);
+ if (!ctrl->lc_ctype)
+ return out_of_core ();
+ }
+ else if (!strcmp (key, "lc-messages"))
+ {
+ if (ctrl->lc_messages)
+ xfree (ctrl->lc_messages);
+ ctrl->lc_messages = xtrystrdup (value);
+ if (!ctrl->lc_messages)
+ return out_of_core ();
+ }
+ else if (!strcmp (key, "xauthority"))
+ {
+ err = session_env_setenv (ctrl->session_env, "XAUTHORITY", value);
+ }
+ else if (!strcmp (key, "pinentry-user-data"))
+ {
+ err = session_env_setenv (ctrl->session_env, "PINENTRY_USER_DATA", value);
+ }
+ else if (!strcmp (key, "use-cache-for-signing"))
+ ctrl->server_local->use_cache_for_signing = *value? atoi (value) : 0;
+ else if (!strcmp (key, "allow-pinentry-notify"))
+ ctrl->server_local->allow_pinentry_notify = 1;
+ else
+ err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
+
+ return err;
+}
+
+
+
+
+/* Called by libassuan after all commands. ERR is the error from the
+ last assuan operation and not the one returned from the command. */
+static void
+post_cmd_notify (assuan_context_t ctx, gpg_error_t err)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ (void)err;
+
+ /* Switch off any I/O monitor controlled logging pausing. */
+ ctrl->server_local->pause_io_logging = 0;
+}
+
+
+/* This function is called by libassuan for all I/O. We use it here
+ to disable logging for the GETEVENTCOUNTER commands. This is so
+ that the debug output won't get cluttered by this primitive
+ command. */
+static unsigned int
+io_monitor (assuan_context_t ctx, void *hook, int direction,
+ const char *line, size_t linelen)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ (void) hook;
+
+ /* Note that we only check for the uppercase name. This allows to
+ see the logging for debugging if using a non-upercase command
+ name. */
+ if (ctx && direction == ASSUAN_IO_FROM_PEER
+ && linelen >= 15
+ && !strncmp (line, "GETEVENTCOUNTER", 15)
+ && (linelen == 15 || spacep (line+15)))
+ {
+ ctrl->server_local->pause_io_logging = 1;
+ }
+
+ return ctrl->server_local->pause_io_logging? ASSUAN_IO_MONITOR_NOLOG : 0;
+}
+
+
+/* Return true if the command CMD implements the option OPT. */
+static int
+command_has_option (const char *cmd, const char *cmdopt)
+{
+ if (!strcmp (cmd, "GET_PASSPHRASE"))
+ {
+ if (!strcmp (cmdopt, "repeat"))
+ return 1;
+ }
+
+ return 0;
+}
+
+
+/* Tell the assuan library about our commands */
+static int
+register_commands (assuan_context_t ctx)
+{
+ static struct {
+ const char *name;
+ assuan_handler_t handler;
+ const char * const help;
+ } table[] = {
+ { "GETEVENTCOUNTER",cmd_geteventcounter, hlp_geteventcounter },
+ { "ISTRUSTED", cmd_istrusted, hlp_istrusted },
+ { "HAVEKEY", cmd_havekey, hlp_havekey },
+ { "KEYINFO", cmd_keyinfo, hlp_keyinfo },
+ { "SIGKEY", cmd_sigkey, hlp_sigkey },
+ { "SETKEY", cmd_sigkey, hlp_sigkey },
+ { "SETKEYDESC", cmd_setkeydesc,hlp_setkeydesc },
+ { "SETHASH", cmd_sethash, hlp_sethash },
+ { "PKSIGN", cmd_pksign, hlp_pksign },
+ { "PKDECRYPT", cmd_pkdecrypt, hlp_pkdecrypt },
+ { "GENKEY", cmd_genkey, hlp_genkey },
+ { "READKEY", cmd_readkey, hlp_readkey },
+ { "GET_PASSPHRASE", cmd_get_passphrase, hlp_get_passphrase },
+ { "PRESET_PASSPHRASE", cmd_preset_passphrase, hlp_preset_passphrase },
+ { "CLEAR_PASSPHRASE", cmd_clear_passphrase, hlp_clear_passphrase },
+ { "GET_CONFIRMATION", cmd_get_confirmation, hlp_get_confirmation },
+ { "LISTTRUSTED", cmd_listtrusted, hlp_listtrusted },
+ { "MARKTRUSTED", cmd_marktrusted, hlp_martrusted },
+ { "LEARN", cmd_learn, hlp_learn },
+ { "PASSWD", cmd_passwd, hlp_passwd },
+ { "INPUT", NULL },
+ { "OUTPUT", NULL },
+ { "SCD", cmd_scd, hlp_scd },
+ { "GETVAL", cmd_getval, hlp_getval },
+ { "PUTVAL", cmd_putval, hlp_putval },
+ { "UPDATESTARTUPTTY", cmd_updatestartuptty, hlp_updatestartuptty },
+ { "KILLAGENT", cmd_killagent, hlp_killagent },
+ { "RELOADAGENT", cmd_reloadagent,hlp_reloadagent },
+ { "GETINFO", cmd_getinfo, hlp_getinfo },
+ { NULL }
+ };
+ int i, rc;
+
+ for (i=0; table[i].name; i++)
+ {
+ rc = assuan_register_command (ctx, table[i].name, table[i].handler,
+ table[i].help);
+ if (rc)
+ return rc;
+ }
+ assuan_register_post_cmd_notify (ctx, post_cmd_notify);
+ assuan_register_reset_notify (ctx, reset_notify);
+ assuan_register_option_handler (ctx, option_handler);
+ return 0;
+}
+
+
+/* Startup the server. If LISTEN_FD and FD is given as -1, this is a
+ simple piper server, otherwise it is a regular server. CTRL is the
+ control structure for this connection; it has only the basic
+ intialization. */
+void
+start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
+{
+ int rc;
+ assuan_context_t ctx = NULL;
+
+ rc = assuan_new (&ctx);
+ if (rc)
+ {
+ log_error ("failed to allocate assuan context: %s\n", gpg_strerror (rc));
+ agent_exit (2);
+ }
+
+ if (listen_fd == GNUPG_INVALID_FD && fd == GNUPG_INVALID_FD)
+ {
+ assuan_fd_t filedes[2];
+
+ filedes[0] = assuan_fdopen (0);
+ filedes[1] = assuan_fdopen (1);
+ rc = assuan_init_pipe_server (ctx, filedes);
+ }
+ else if (listen_fd != GNUPG_INVALID_FD)
+ {
+ rc = assuan_init_socket_server (ctx, listen_fd, 0);
+ /* FIXME: Need to call assuan_sock_set_nonce for Windows. But
+ this branch is currently not used. */
+ }
+ else
+ {
+ rc = assuan_init_socket_server (ctx, fd, ASSUAN_SOCKET_SERVER_ACCEPTED);
+ }
+ if (rc)
+ {
+ log_error ("failed to initialize the server: %s\n",
+ gpg_strerror(rc));
+ agent_exit (2);
+ }
+ rc = register_commands (ctx);
+ if (rc)
+ {
+ log_error ("failed to register commands with Assuan: %s\n",
+ gpg_strerror(rc));
+ agent_exit (2);
+ }
+
+ assuan_set_pointer (ctx, ctrl);
+ ctrl->server_local = xcalloc (1, sizeof *ctrl->server_local);
+ ctrl->server_local->assuan_ctx = ctx;
+ ctrl->server_local->message_fd = -1;
+ ctrl->server_local->use_cache_for_signing = 1;
+ ctrl->digest.raw_value = 0;
+
+ assuan_set_io_monitor (ctx, io_monitor, NULL);
+
+ for (;;)
+ {
+ rc = assuan_accept (ctx);
+ if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1)
+ {
+ break;
+ }
+ else if (rc)
+ {
+ log_info ("Assuan accept problem: %s\n", gpg_strerror (rc));
+ break;
+ }
+
+ rc = assuan_process (ctx);
+ if (rc)
+ {
+ log_info ("Assuan processing failed: %s\n", gpg_strerror (rc));
+ continue;
+ }
+ }
+
+ /* Reset the SCD if needed. */
+ agent_reset_scd (ctrl);
+
+ /* Reset the pinentry (in case of popup messages). */
+ agent_reset_query (ctrl);
+
+ /* Cleanup. */
+ assuan_release (ctx);
+ if (ctrl->server_local->stopme)
+ agent_exit (0);
+ xfree (ctrl->server_local);
+ ctrl->server_local = NULL;
+}
+
diff --git a/agent/divert-scd.c b/agent/divert-scd.c
new file mode 100644
index 0000000..bf07d07
--- /dev/null
+++ b/agent/divert-scd.c
@@ -0,0 +1,451 @@
+/* divert-scd.c - divert operations to the scdaemon
+ * Copyright (C) 2002, 2003, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/stat.h>
+
+#include "agent.h"
+#include "i18n.h"
+#include "sexp-parse.h"
+
+
+static int
+ask_for_card (ctrl_t ctrl, const unsigned char *shadow_info, char **r_kid)
+{
+ int rc, i;
+ char *serialno;
+ int no_card = 0;
+ char *desc;
+ char *want_sn, *want_kid;
+ int want_sn_displen;
+
+ *r_kid = NULL;
+
+ rc = parse_shadow_info (shadow_info, &want_sn, &want_kid);
+ if (rc)
+ return rc;
+
+ /* We assume that a 20 byte serial number is a standard one which
+ has the property to have a zero in the last nibble (Due to BCD
+ representation). We don't display this '0' because it may
+ confuse the user. */
+ want_sn_displen = strlen (want_sn);
+ if (want_sn_displen == 20 && want_sn[19] == '0')
+ want_sn_displen--;
+
+ for (;;)
+ {
+ rc = agent_card_serialno (ctrl, &serialno);
+ if (!rc)
+ {
+ log_debug ("detected card with S/N %s\n", serialno);
+ i = strcmp (serialno, want_sn);
+ xfree (serialno);
+ serialno = NULL;
+ if (!i)
+ {
+ xfree (want_sn);
+ *r_kid = want_kid;
+ return 0; /* yes, we have the correct card */
+ }
+ }
+ else if (gpg_err_code (rc) == GPG_ERR_CARD_NOT_PRESENT)
+ {
+ log_debug ("no card present\n");
+ rc = 0;
+ no_card = 1;
+ }
+ else
+ {
+ log_error ("error accessing card: %s\n", gpg_strerror (rc));
+ }
+
+ if (!rc)
+ {
+ if (asprintf (&desc,
+ "%s:%%0A%%0A"
+ " \"%.*s\"",
+ no_card
+ ? _("Please insert the card with serial number")
+ : _("Please remove the current card and "
+ "insert the one with serial number"),
+ want_sn_displen, want_sn) < 0)
+ {
+ rc = out_of_core ();
+ }
+ else
+ {
+ rc = agent_get_confirmation (ctrl, desc, NULL, NULL, 0);
+ xfree (desc);
+ }
+ }
+ if (rc)
+ {
+ xfree (want_sn);
+ xfree (want_kid);
+ return rc;
+ }
+ }
+}
+
+
+/* Put the DIGEST into an DER encoded container and return it in R_VAL. */
+static int
+encode_md_for_card (const unsigned char *digest, size_t digestlen, int algo,
+ unsigned char **r_val, size_t *r_len)
+{
+ unsigned char *frame;
+ unsigned char asn[100];
+ size_t asnlen;
+
+ *r_val = NULL;
+ *r_len = 0;
+
+ asnlen = DIM(asn);
+ if (!algo || gcry_md_test_algo (algo))
+ return gpg_error (GPG_ERR_DIGEST_ALGO);
+ if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
+ {
+ log_error ("no object identifier for algo %d\n", algo);
+ return gpg_error (GPG_ERR_INTERNAL);
+ }
+
+ frame = xtrymalloc (asnlen + digestlen);
+ if (!frame)
+ return out_of_core ();
+ memcpy (frame, asn, asnlen);
+ memcpy (frame+asnlen, digest, digestlen);
+ if (DBG_CRYPTO)
+ log_printhex ("encoded hash:", frame, asnlen+digestlen);
+
+ *r_val = frame;
+ *r_len = asnlen+digestlen;
+ return 0;
+}
+
+
+/* Callback used to ask for the PIN which should be set into BUF. The
+ buf has been allocated by the caller and is of size MAXBUF which
+ includes the terminating null. The function should return an UTF-8
+ string with the passphrase, the buffer may optionally be padded
+ with arbitrary characters.
+
+ INFO gets displayed as part of a generic string. However if the
+ first character of INFO is a vertical bar all up to the next
+ verical bar are considered flags and only everything after the
+ second vertical bar gets displayed as the full prompt.
+
+ Flags:
+
+ 'N' = New PIN, this requests a second prompt to repeat the
+ PIN. If the PIN is not correctly repeated it starts from
+ all over.
+ 'A' = The PIN is an Admin PIN, SO-PIN or alike.
+ 'P' = The PIN is a PUK (Personal Unblocking Key).
+ 'R' = The PIN is a Reset Code.
+
+ Example:
+
+ "|AN|Please enter the new security officer's PIN"
+
+ The text "Please ..." will get displayed and the flags 'A' and 'N'
+ are considered.
+ */
+static int
+getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf)
+{
+ struct pin_entry_info_s *pi;
+ int rc;
+ ctrl_t ctrl = opaque;
+ const char *ends, *s;
+ int any_flags = 0;
+ int newpin = 0;
+ int resetcode = 0;
+ int is_puk = 0;
+ const char *again_text = NULL;
+ const char *prompt = "PIN";
+
+ if (buf && maxbuf < 2)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ /* Parse the flags. */
+ if (info && *info =='|' && (ends=strchr (info+1, '|')))
+ {
+ for (s=info+1; s < ends; s++)
+ {
+ if (*s == 'A')
+ prompt = _("Admin PIN");
+ else if (*s == 'P')
+ {
+ /* TRANSLATORS: A PUK is the Personal Unblocking Code
+ used to unblock a PIN. */
+ prompt = _("PUK");
+ is_puk = 1;
+ }
+ else if (*s == 'N')
+ newpin = 1;
+ else if (*s == 'R')
+ {
+ prompt = _("Reset Code");
+ resetcode = 1;
+ }
+ }
+ info = ends+1;
+ any_flags = 1;
+ }
+ else if (info && *info == '|')
+ log_debug ("pin_cb called without proper PIN info hack\n");
+
+ /* If BUF has been passed as NULL, we are in keypad mode: The
+ callback opens the popup and immediatley returns. */
+ if (!buf)
+ {
+ if (maxbuf == 0) /* Close the pinentry. */
+ {
+ agent_popup_message_stop (ctrl);
+ rc = 0;
+ }
+ else if (maxbuf == 1) /* Open the pinentry. */
+ {
+ if (info)
+ {
+ char *desc;
+
+ if ( asprintf (&desc,
+ _("%s%%0A%%0AUse the reader's keypad for input."),
+ info) < 0 )
+ rc = gpg_error_from_syserror ();
+ else
+ {
+ rc = agent_popup_message_start (ctrl, desc, NULL);
+ xfree (desc);
+ }
+ }
+ else
+ rc = agent_popup_message_start (ctrl, NULL, NULL);
+ }
+ else
+ rc = gpg_error (GPG_ERR_INV_VALUE);
+ return rc;
+ }
+
+ /* FIXME: keep PI and TRIES in OPAQUE. Frankly this is a whole
+ mess because we should call the card's verify function from the
+ pinentry check pin CB. */
+ again:
+ pi = gcry_calloc_secure (1, sizeof (*pi) + maxbuf + 10);
+ if (!pi)
+ return gpg_error_from_syserror ();
+ pi->max_length = maxbuf-1;
+ pi->min_digits = 0; /* we want a real passphrase */
+ pi->max_digits = 16;
+ pi->max_tries = 3;
+
+ if (any_flags)
+ {
+ rc = agent_askpin (ctrl, info, prompt, again_text, pi);
+ again_text = NULL;
+ if (!rc && newpin)
+ {
+ struct pin_entry_info_s *pi2;
+ pi2 = gcry_calloc_secure (1, sizeof (*pi) + maxbuf + 10);
+ if (!pi2)
+ {
+ rc = gpg_error_from_syserror ();
+ xfree (pi);
+ return rc;
+ }
+ pi2->max_length = maxbuf-1;
+ pi2->min_digits = 0;
+ pi2->max_digits = 16;
+ pi2->max_tries = 1;
+ rc = agent_askpin (ctrl,
+ (resetcode?
+ _("Repeat this Reset Code"):
+ is_puk?
+ _("Repeat this PUK"):
+ _("Repeat this PIN")),
+ prompt, NULL, pi2);
+ if (!rc && strcmp (pi->pin, pi2->pin))
+ {
+ again_text = (resetcode?
+ N_("Reset Code not correctly repeated; try again"):
+ is_puk?
+ N_("PUK not correctly repeated; try again"):
+ N_("PIN not correctly repeated; try again"));
+ xfree (pi2);
+ xfree (pi);
+ goto again;
+ }
+ xfree (pi2);
+ }
+ }
+ else
+ {
+ char *desc;
+ if ( asprintf (&desc,
+ _("Please enter the PIN%s%s%s to unlock the card"),
+ info? " (`":"",
+ info? info:"",
+ info? "')":"") < 0)
+ desc = NULL;
+ rc = agent_askpin (ctrl, desc?desc:info, prompt, NULL, pi);
+ xfree (desc);
+ }
+
+ if (!rc)
+ {
+ strncpy (buf, pi->pin, maxbuf-1);
+ buf[maxbuf-1] = 0;
+ }
+ xfree (pi);
+ return rc;
+}
+
+
+
+
+int
+divert_pksign (ctrl_t ctrl,
+ const unsigned char *digest, size_t digestlen, int algo,
+ const unsigned char *shadow_info, unsigned char **r_sig)
+{
+ int rc;
+ char *kid;
+ size_t siglen;
+ unsigned char *sigval = NULL;
+
+ rc = ask_for_card (ctrl, shadow_info, &kid);
+ if (rc)
+ return rc;
+
+ if (algo == MD_USER_TLS_MD5SHA1)
+ {
+ int save = ctrl->use_auth_call;
+ ctrl->use_auth_call = 1;
+ rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl,
+ digest, digestlen, &sigval, &siglen);
+ ctrl->use_auth_call = save;
+ }
+ else
+ {
+ unsigned char *data;
+ size_t ndata;
+
+ rc = encode_md_for_card (digest, digestlen, algo, &data, &ndata);
+ if (!rc)
+ {
+ rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl,
+ data, ndata, &sigval, &siglen);
+ xfree (data);
+ }
+ }
+
+ if (!rc)
+ *r_sig = sigval;
+
+ xfree (kid);
+
+ return rc;
+}
+
+
+/* Decrypt the the value given asn an S-expression in CIPHER using the
+ key identified by SHADOW_INFO and return the plaintext in an
+ allocated buffer in R_BUF. */
+int
+divert_pkdecrypt (ctrl_t ctrl,
+ const unsigned char *cipher,
+ const unsigned char *shadow_info,
+ char **r_buf, size_t *r_len)
+{
+ int rc;
+ char *kid;
+ const unsigned char *s;
+ size_t n;
+ const unsigned char *ciphertext;
+ size_t ciphertextlen;
+ char *plaintext;
+ size_t plaintextlen;
+
+ s = cipher;
+ if (*s != '(')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (!smatch (&s, n, "enc-val"))
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ if (*s != '(')
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (!smatch (&s, n, "rsa"))
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+ if (*s != '(')
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (!smatch (&s, n, "a"))
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ ciphertext = s;
+ ciphertextlen = n;
+
+ rc = ask_for_card (ctrl, shadow_info, &kid);
+ if (rc)
+ return rc;
+
+ rc = agent_card_pkdecrypt (ctrl, kid, getpin_cb, ctrl,
+ ciphertext, ciphertextlen,
+ &plaintext, &plaintextlen);
+ if (!rc)
+ {
+ *r_buf = plaintext;
+ *r_len = plaintextlen;
+ }
+ xfree (kid);
+ return rc;
+}
+
+
+int
+divert_generic_cmd (ctrl_t ctrl, const char *cmdline, void *assuan_context)
+{
+ return agent_card_scd (ctrl, cmdline, getpin_cb, ctrl, assuan_context);
+}
+
+
+
+
+
diff --git a/agent/findkey.c b/agent/findkey.c
new file mode 100644
index 0000000..800db88
--- /dev/null
+++ b/agent/findkey.c
@@ -0,0 +1,952 @@
+/* findkey.c - Locate the secret key
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007,
+ * 2010, 2011 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <fcntl.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <assert.h>
+#include <pth.h> /* (we use pth_sleep) */
+
+#include "agent.h"
+#include "i18n.h"
+#include "../common/ssh-utils.h"
+
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
+/* Helper to pass data to the check callback of the unprotect function. */
+struct try_unprotect_arg_s
+{
+ ctrl_t ctrl;
+ const unsigned char *protected_key;
+ unsigned char *unprotected_key;
+ int change_required; /* Set by the callback to indicate that the
+ user should chnage the passphrase. */
+};
+
+
+/* Write an S-expression formatted key to our key storage. With FORCE
+ passed as true an existing key with the given GRIP will get
+ overwritten. */
+int
+agent_write_private_key (const unsigned char *grip,
+ const void *buffer, size_t length, int force)
+{
+ char *fname;
+ FILE *fp;
+ char hexgrip[40+4+1];
+ int fd;
+
+ bin2hex (grip, 20, hexgrip);
+ strcpy (hexgrip+40, ".key");
+
+ fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
+
+ if (!force && !access (fname, F_OK))
+ {
+ log_error ("secret key file `%s' already exists\n", fname);
+ xfree (fname);
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+
+ /* In FORCE mode we would like to create FNAME but only if it does
+ not already exist. We cannot make this guarantee just using
+ POSIX (GNU provides the "x" opentype for fopen, however, this is
+ not portable). Thus, we use the more flexible open function and
+ then use fdopen to obtain a stream. */
+ fd = open (fname, force? (O_CREAT | O_TRUNC | O_WRONLY | O_BINARY)
+ : (O_CREAT | O_EXCL | O_WRONLY | O_BINARY),
+ S_IRUSR | S_IWUSR
+#ifndef HAVE_W32_SYSTEM
+ | S_IRGRP
+#endif
+ );
+ if (fd < 0)
+ fp = NULL;
+ else
+ {
+ fp = fdopen (fd, "wb");
+ if (!fp)
+ {
+ int save_e = errno;
+ close (fd);
+ errno = save_e;
+ }
+ }
+
+ if (!fp)
+ {
+ gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
+ log_error ("can't create `%s': %s\n", fname, strerror (errno));
+ xfree (fname);
+ return tmperr;
+ }
+
+ if (fwrite (buffer, length, 1, fp) != 1)
+ {
+ gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
+ log_error ("error writing `%s': %s\n", fname, strerror (errno));
+ fclose (fp);
+ remove (fname);
+ xfree (fname);
+ return tmperr;
+ }
+ if ( fclose (fp) )
+ {
+ gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
+ log_error ("error closing `%s': %s\n", fname, strerror (errno));
+ remove (fname);
+ xfree (fname);
+ return tmperr;
+ }
+ bump_key_eventcounter ();
+ xfree (fname);
+ return 0;
+}
+
+
+/* Callback function to try the unprotection from the passpharse query
+ code. */
+static int
+try_unprotect_cb (struct pin_entry_info_s *pi)
+{
+ struct try_unprotect_arg_s *arg = pi->check_cb_arg;
+ size_t dummy;
+ gpg_error_t err;
+ gnupg_isotime_t now, protected_at, tmptime;
+ char *desc = NULL;
+
+ assert (!arg->unprotected_key);
+
+ arg->change_required = 0;
+ err = agent_unprotect (arg->protected_key, pi->pin, protected_at,
+ &arg->unprotected_key, &dummy);
+ if (err)
+ return err;
+ if (!opt.max_passphrase_days || arg->ctrl->in_passwd)
+ return 0; /* No regular passphrase change required. */
+
+ if (!*protected_at)
+ {
+ /* No protection date known - must force passphrase change. */
+ desc = xtrystrdup (_("Note: This passphrase has never been changed.%0A"
+ "Please change it now."));
+ if (!desc)
+ return gpg_error_from_syserror ();
+ }
+ else
+ {
+ gnupg_get_isotime (now);
+ gnupg_copy_time (tmptime, protected_at);
+ err = add_days_to_isotime (tmptime, opt.max_passphrase_days);
+ if (err)
+ return err;
+ if (strcmp (now, tmptime) > 0 )
+ {
+ /* Passphrase "expired". */
+ desc = xtryasprintf
+ (_("This passphrase has not been changed%%0A"
+ "since %.4s-%.2s-%.2s. Please change it now."),
+ protected_at, protected_at+4, protected_at+6);
+ if (!desc)
+ return gpg_error_from_syserror ();
+ }
+ }
+
+ if (desc)
+ {
+ /* Change required. */
+ if (opt.enforce_passphrase_constraints)
+ {
+ err = agent_get_confirmation (arg->ctrl, desc,
+ _("Change passphrase"), NULL, 0);
+ if (!err)
+ arg->change_required = 1;
+ }
+ else
+ {
+ err = agent_get_confirmation (arg->ctrl, desc,
+ _("Change passphrase"),
+ _("I'll change it later"), 0);
+ if (!err)
+ arg->change_required = 1;
+ else if (gpg_err_code (err) == GPG_ERR_CANCELED)
+ err = 0;
+ }
+ xfree (desc);
+ }
+
+ return 0;
+}
+
+
+/* Modify a Key description, replacing certain special format
+ characters. List of currently supported replacements:
+
+ %% - Replaced by a single %
+ %c - Replaced by the content of COMMENT.
+ %F - Replaced by an ssh style fingerprint computed from KEY.
+
+ The functions returns 0 on success or an error code. On success a
+ newly allocated string is stored at the address of RESULT.
+ */
+static gpg_error_t
+modify_description (const char *in, const char *comment, const gcry_sexp_t key,
+ char **result)
+{
+ size_t comment_length;
+ size_t in_len;
+ size_t out_len;
+ char *out;
+ size_t i;
+ int special, pass;
+ char *ssh_fpr = NULL;
+
+ comment_length = strlen (comment);
+ in_len = strlen (in);
+
+ /* First pass calculates the length, second pass does the actual
+ copying. */
+ out = NULL;
+ out_len = 0;
+ for (pass=0; pass < 2; pass++)
+ {
+ special = 0;
+ for (i = 0; i < in_len; i++)
+ {
+ if (special)
+ {
+ special = 0;
+ switch (in[i])
+ {
+ case '%':
+ if (out)
+ *out++ = '%';
+ else
+ out_len++;
+ break;
+
+ case 'c': /* Comment. */
+ if (out)
+ {
+ memcpy (out, comment, comment_length);
+ out += comment_length;
+ }
+ else
+ out_len += comment_length;
+ break;
+
+ case 'F': /* SSH style fingerprint. */
+ if (!ssh_fpr && key)
+ ssh_get_fingerprint_string (key, &ssh_fpr);
+ if (ssh_fpr)
+ {
+ if (out)
+ out = stpcpy (out, ssh_fpr);
+ else
+ out_len += strlen (ssh_fpr);
+ }
+ break;
+
+ default: /* Invalid special sequences are kept as they are. */
+ if (out)
+ {
+ *out++ = '%';
+ *out++ = in[i];
+ }
+ else
+ out_len+=2;
+ break;
+ }
+ }
+ else if (in[i] == '%')
+ special = 1;
+ else
+ {
+ if (out)
+ *out++ = in[i];
+ else
+ out_len++;
+ }
+ }
+
+ if (!pass)
+ {
+ *result = out = xtrymalloc (out_len + 1);
+ if (!out)
+ {
+ xfree (ssh_fpr);
+ return gpg_error_from_syserror ();
+ }
+ }
+ }
+
+ *out = 0;
+ assert (*result + out_len == out);
+ xfree (ssh_fpr);
+ return 0;
+}
+
+
+
+/* Unprotect the canconical encoded S-expression key in KEYBUF. GRIP
+ should be the hex encoded keygrip of that key to be used with the
+ caching mechanism. DESC_TEXT may be set to override the default
+ description used for the pinentry. If LOOKUP_TTL is given this
+ function is used to lookup the default ttl. */
+static int
+unprotect (ctrl_t ctrl, const char *desc_text,
+ unsigned char **keybuf, const unsigned char *grip,
+ cache_mode_t cache_mode, lookup_ttl_t lookup_ttl)
+{
+ struct pin_entry_info_s *pi;
+ struct try_unprotect_arg_s arg;
+ int rc;
+ unsigned char *result;
+ size_t resultlen;
+ char hexgrip[40+1];
+
+ bin2hex (grip, 20, hexgrip);
+
+ /* First try to get it from the cache - if there is none or we can't
+ unprotect it, we fall back to ask the user */
+ if (cache_mode != CACHE_MODE_IGNORE)
+ {
+ void *cache_marker;
+ const char *pw;
+
+ retry:
+ pw = agent_get_cache (hexgrip, cache_mode, &cache_marker);
+ if (pw)
+ {
+ rc = agent_unprotect (*keybuf, pw, NULL, &result, &resultlen);
+ agent_unlock_cache_entry (&cache_marker);
+ if (!rc)
+ {
+ xfree (*keybuf);
+ *keybuf = result;
+ return 0;
+ }
+ rc = 0;
+ }
+
+ /* If the pinentry is currently in use, we wait up to 60 seconds
+ for it to close and check the cache again. This solves a common
+ situation where several requests for unprotecting a key have
+ been made but the user is still entering the passphrase for
+ the first request. Because all requests to agent_askpin are
+ serialized they would then pop up one after the other to
+ request the passphrase - despite that the user has already
+ entered it and is then available in the cache. This
+ implementation is not race free but in the worst case the
+ user has to enter the passphrase only once more. */
+ if (pinentry_active_p (ctrl, 0))
+ {
+ /* Active - wait */
+ if (!pinentry_active_p (ctrl, 60))
+ {
+ /* We need to give the other thread a chance to actually put
+ it into the cache. */
+ pth_sleep (1);
+ goto retry;
+ }
+ /* Timeout - better call pinentry now the plain way. */
+ }
+ }
+
+ pi = gcry_calloc_secure (1, sizeof (*pi) + 100);
+ if (!pi)
+ return gpg_error_from_syserror ();
+ pi->max_length = 100;
+ pi->min_digits = 0; /* we want a real passphrase */
+ pi->max_digits = 16;
+ pi->max_tries = 3;
+ pi->check_cb = try_unprotect_cb;
+ arg.ctrl = ctrl;
+ arg.protected_key = *keybuf;
+ arg.unprotected_key = NULL;
+ arg.change_required = 0;
+ pi->check_cb_arg = &arg;
+
+ rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi);
+ if (!rc)
+ {
+ assert (arg.unprotected_key);
+ if (arg.change_required)
+ {
+ size_t canlen, erroff;
+ gcry_sexp_t s_skey;
+
+ assert (arg.unprotected_key);
+ canlen = gcry_sexp_canon_len (arg.unprotected_key, 0, NULL, NULL);
+ rc = gcry_sexp_sscan (&s_skey, &erroff,
+ (char*)arg.unprotected_key, canlen);
+ if (rc)
+ {
+ log_error ("failed to build S-Exp (off=%u): %s\n",
+ (unsigned int)erroff, gpg_strerror (rc));
+ wipememory (arg.unprotected_key, canlen);
+ xfree (arg.unprotected_key);
+ xfree (pi);
+ return rc;
+ }
+ rc = agent_protect_and_store (ctrl, s_skey);
+ gcry_sexp_release (s_skey);
+ if (rc)
+ {
+ log_error ("changing the passphrase failed: %s\n",
+ gpg_strerror (rc));
+ wipememory (arg.unprotected_key, canlen);
+ xfree (arg.unprotected_key);
+ xfree (pi);
+ return rc;
+ }
+ }
+ else
+ agent_put_cache (hexgrip, cache_mode, pi->pin,
+ lookup_ttl? lookup_ttl (hexgrip) : 0);
+ xfree (*keybuf);
+ *keybuf = arg.unprotected_key;
+ }
+ xfree (pi);
+ return rc;
+}
+
+
+/* Read the key identified by GRIP from the private key directory and
+ return it as an gcrypt S-expression object in RESULT. On failure
+ returns an error code and stores NULL at RESULT. */
+static gpg_error_t
+read_key_file (const unsigned char *grip, gcry_sexp_t *result)
+{
+ int rc;
+ char *fname;
+ FILE *fp;
+ struct stat st;
+ unsigned char *buf;
+ size_t buflen, erroff;
+ gcry_sexp_t s_skey;
+ char hexgrip[40+4+1];
+
+ *result = NULL;
+
+ bin2hex (grip, 20, hexgrip);
+ strcpy (hexgrip+40, ".key");
+
+ fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
+ fp = fopen (fname, "rb");
+ if (!fp)
+ {
+ rc = gpg_error_from_syserror ();
+ if (gpg_err_code (rc) != GPG_ERR_ENOENT)
+ log_error ("can't open `%s': %s\n", fname, strerror (errno));
+ xfree (fname);
+ return rc;
+ }
+
+ if (fstat (fileno(fp), &st))
+ {
+ rc = gpg_error_from_syserror ();
+ log_error ("can't stat `%s': %s\n", fname, strerror (errno));
+ xfree (fname);
+ fclose (fp);
+ return rc;
+ }
+
+ buflen = st.st_size;
+ buf = xtrymalloc (buflen+1);
+ if (!buf || fread (buf, buflen, 1, fp) != 1)
+ {
+ rc = gpg_error_from_syserror ();
+ log_error ("error reading `%s': %s\n", fname, strerror (errno));
+ xfree (fname);
+ fclose (fp);
+ xfree (buf);
+ return rc;
+ }
+
+ /* Convert the file into a gcrypt S-expression object. */
+ rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
+ xfree (fname);
+ fclose (fp);
+ xfree (buf);
+ if (rc)
+ {
+ log_error ("failed to build S-Exp (off=%u): %s\n",
+ (unsigned int)erroff, gpg_strerror (rc));
+ return rc;
+ }
+ *result = s_skey;
+ return 0;
+}
+
+
+/* Return the secret key as an S-Exp in RESULT after locating it using
+ the GRIP. Stores NULL at RESULT if the operation shall be diverted
+ to a token; in this case an allocated S-expression with the
+ shadow_info part from the file is stored at SHADOW_INFO.
+ CACHE_MODE defines now the cache shall be used. DESC_TEXT may be
+ set to present a custom description for the pinentry. LOOKUP_TTL
+ is an optional function to convey a TTL to the cache manager; we do
+ not simply pass the TTL value because the value is only needed if an
+ unprotect action was needed and looking up the TTL may have some
+ overhead (e.g. scanning the sshcontrol file). */
+gpg_error_t
+agent_key_from_file (ctrl_t ctrl, const char *desc_text,
+ const unsigned char *grip, unsigned char **shadow_info,
+ cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
+ gcry_sexp_t *result)
+{
+ int rc;
+ unsigned char *buf;
+ size_t len, buflen, erroff;
+ gcry_sexp_t s_skey;
+ int got_shadow_info = 0;
+
+ *result = NULL;
+ if (shadow_info)
+ *shadow_info = NULL;
+
+ rc = read_key_file (grip, &s_skey);
+ if (rc)
+ return rc;
+
+ /* For use with the protection functions we also need the key as an
+ canonical encoded S-expression in a buffer. Create this buffer
+ now. */
+ rc = make_canon_sexp (s_skey, &buf, &len);
+ if (rc)
+ return rc;
+
+ switch (agent_private_key_type (buf))
+ {
+ case PRIVATE_KEY_CLEAR:
+ break; /* no unprotection needed */
+ case PRIVATE_KEY_PROTECTED:
+ {
+ char *desc_text_final;
+ char *comment = NULL;
+
+ /* Note, that we will take the comment as a C string for
+ display purposes; i.e. all stuff beyond a Nul character is
+ ignored. */
+ {
+ gcry_sexp_t comment_sexp;
+
+ comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0);
+ if (comment_sexp)
+ comment = gcry_sexp_nth_string (comment_sexp, 1);
+ gcry_sexp_release (comment_sexp);
+ }
+
+ desc_text_final = NULL;
+ if (desc_text)
+ rc = modify_description (desc_text, comment? comment:"", s_skey,
+ &desc_text_final);
+ gcry_free (comment);
+
+ if (!rc)
+ {
+ rc = unprotect (ctrl, desc_text_final, &buf, grip,
+ cache_mode, lookup_ttl);
+ if (rc)
+ log_error ("failed to unprotect the secret key: %s\n",
+ gpg_strerror (rc));
+ }
+
+ xfree (desc_text_final);
+ }
+ break;
+ case PRIVATE_KEY_SHADOWED:
+ if (shadow_info)
+ {
+ const unsigned char *s;
+ size_t n;
+
+ rc = agent_get_shadow_info (buf, &s);
+ if (!rc)
+ {
+ n = gcry_sexp_canon_len (s, 0, NULL,NULL);
+ assert (n);
+ *shadow_info = xtrymalloc (n);
+ if (!*shadow_info)
+ rc = out_of_core ();
+ else
+ {
+ memcpy (*shadow_info, s, n);
+ rc = 0;
+ got_shadow_info = 1;
+ }
+ }
+ if (rc)
+ log_error ("get_shadow_info failed: %s\n", gpg_strerror (rc));
+ }
+ else
+ rc = gpg_error (GPG_ERR_UNUSABLE_SECKEY);
+ break;
+ default:
+ log_error ("invalid private key format\n");
+ rc = gpg_error (GPG_ERR_BAD_SECKEY);
+ break;
+ }
+ gcry_sexp_release (s_skey);
+ s_skey = NULL;
+ if (rc || got_shadow_info)
+ {
+ xfree (buf);
+ return rc;
+ }
+
+ buflen = gcry_sexp_canon_len (buf, 0, NULL, NULL);
+ rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
+ wipememory (buf, buflen);
+ xfree (buf);
+ if (rc)
+ {
+ log_error ("failed to build S-Exp (off=%u): %s\n",
+ (unsigned int)erroff, gpg_strerror (rc));
+ return rc;
+ }
+
+ *result = s_skey;
+ return 0;
+}
+
+
+/* Return the key for the keygrip GRIP. The result is stored at
+ RESULT. This function extracts the key from the private key
+ database and returns it as an S-expression object as it is. On
+ failure an error code is returned and NULL stored at RESULT. */
+gpg_error_t
+agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip,
+ gcry_sexp_t *result)
+{
+ gpg_error_t err;
+ gcry_sexp_t s_skey;
+
+ (void)ctrl;
+
+ *result = NULL;
+
+ err = read_key_file (grip, &s_skey);
+ if (!err)
+ *result = s_skey;
+ return err;
+}
+
+
+/* Return the public key for the keygrip GRIP. The result is stored
+ at RESULT. This function extracts the public key from the private
+ key database. On failure an error code is returned and NULL stored
+ at RESULT. */
+gpg_error_t
+agent_public_key_from_file (ctrl_t ctrl,
+ const unsigned char *grip,
+ gcry_sexp_t *result)
+{
+ int i, idx, rc;
+ gcry_sexp_t s_skey;
+ const char *algoname;
+ gcry_sexp_t uri_sexp, comment_sexp;
+ const char *uri, *comment;
+ size_t uri_length, comment_length;
+ char *format, *p;
+ void *args[4+2+2+1]; /* Size is max. # of elements + 2 for uri + 2
+ for comment + end-of-list. */
+ int argidx;
+ gcry_sexp_t list, l2;
+ const char *name;
+ const char *s;
+ size_t n;
+ const char *elems;
+ gcry_mpi_t *array;
+
+ (void)ctrl;
+
+ *result = NULL;
+
+ rc = read_key_file (grip, &s_skey);
+ if (rc)
+ return rc;
+
+ list = gcry_sexp_find_token (s_skey, "shadowed-private-key", 0 );
+ if (!list)
+ list = gcry_sexp_find_token (s_skey, "protected-private-key", 0 );
+ if (!list)
+ list = gcry_sexp_find_token (s_skey, "private-key", 0 );
+ if (!list)
+ {
+ log_error ("invalid private key format\n");
+ gcry_sexp_release (s_skey);
+ return gpg_error (GPG_ERR_BAD_SECKEY);
+ }
+
+ l2 = gcry_sexp_cadr (list);
+ gcry_sexp_release (list);
+ list = l2;
+ name = gcry_sexp_nth_data (list, 0, &n);
+ if (n==3 && !memcmp (name, "rsa", 3))
+ {
+ algoname = "rsa";
+ elems = "ne";
+ }
+ else if (n==3 && !memcmp (name, "dsa", 3))
+ {
+ algoname = "dsa";
+ elems = "pqgy";
+ }
+ else if (n==3 && !memcmp (name, "elg", 3))
+ {
+ algoname = "elg";
+ elems = "pgy";
+ }
+ else
+ {
+ log_error ("unknown private key algorithm\n");
+ gcry_sexp_release (list);
+ gcry_sexp_release (s_skey);
+ return gpg_error (GPG_ERR_BAD_SECKEY);
+ }
+
+ /* Allocate an array for the parameters and copy them out of the
+ secret key. FIXME: We should have a generic copy function. */
+ array = xtrycalloc (strlen(elems) + 1, sizeof *array);
+ if (!array)
+ {
+ rc = gpg_error_from_syserror ();
+ gcry_sexp_release (list);
+ gcry_sexp_release (s_skey);
+ return rc;
+ }
+
+ for (idx=0, s=elems; *s; s++, idx++ )
+ {
+ l2 = gcry_sexp_find_token (list, s, 1);
+ if (!l2)
+ {
+ /* Required parameter not found. */
+ for (i=0; i<idx; i++)
+ gcry_mpi_release (array[i]);
+ xfree (array);
+ gcry_sexp_release (list);
+ gcry_sexp_release (s_skey);
+ return gpg_error (GPG_ERR_BAD_SECKEY);
+ }
+ array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (l2);
+ if (!array[idx])
+ {
+ /* Required parameter is invalid. */
+ for (i=0; i<idx; i++)
+ gcry_mpi_release (array[i]);
+ xfree (array);
+ gcry_sexp_release (list);
+ gcry_sexp_release (s_skey);
+ return gpg_error (GPG_ERR_BAD_SECKEY);
+ }
+ }
+ gcry_sexp_release (list);
+ list = NULL;
+
+ uri = NULL;
+ uri_length = 0;
+ uri_sexp = gcry_sexp_find_token (s_skey, "uri", 0);
+ if (uri_sexp)
+ uri = gcry_sexp_nth_data (uri_sexp, 1, &uri_length);
+
+ comment = NULL;
+ comment_length = 0;
+ comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0);
+ if (comment_sexp)
+ comment = gcry_sexp_nth_data (comment_sexp, 1, &comment_length);
+
+ gcry_sexp_release (s_skey);
+ s_skey = NULL;
+
+
+ /* FIXME: The following thing is pretty ugly code; we should
+ investigate how to make it cleaner. Probably code to handle
+ canonical S-expressions in a memory buffer is better suioted for
+ such a task. After all that is what we do in protect.c. Neeed
+ to find common patterns and write a straightformward API to use
+ them. */
+ assert (sizeof (size_t) <= sizeof (void*));
+
+ format = xtrymalloc (15+7*strlen (elems)+10+15+1+1);
+ if (!format)
+ {
+ rc = gpg_error_from_syserror ();
+ for (i=0; array[i]; i++)
+ gcry_mpi_release (array[i]);
+ xfree (array);
+ gcry_sexp_release (uri_sexp);
+ gcry_sexp_release (comment_sexp);
+ return rc;
+ }
+
+ argidx = 0;
+ p = stpcpy (stpcpy (format, "(public-key("), algoname);
+ for (idx=0, s=elems; *s; s++, idx++ )
+ {
+ *p++ = '(';
+ *p++ = *s;
+ p = stpcpy (p, " %m)");
+ assert (argidx < DIM (args));
+ args[argidx++] = &array[idx];
+ }
+ *p++ = ')';
+ if (uri)
+ {
+ p = stpcpy (p, "(uri %b)");
+ assert (argidx+1 < DIM (args));
+ args[argidx++] = (void *)uri_length;
+ args[argidx++] = (void *)uri;
+ }
+ if (comment)
+ {
+ p = stpcpy (p, "(comment %b)");
+ assert (argidx+1 < DIM (args));
+ args[argidx++] = (void *)comment_length;
+ args[argidx++] = (void*)comment;
+ }
+ *p++ = ')';
+ *p = 0;
+ assert (argidx < DIM (args));
+ args[argidx] = NULL;
+
+ rc = gcry_sexp_build_array (&list, NULL, format, args);
+ xfree (format);
+ for (i=0; array[i]; i++)
+ gcry_mpi_release (array[i]);
+ xfree (array);
+ gcry_sexp_release (uri_sexp);
+ gcry_sexp_release (comment_sexp);
+
+ if (!rc)
+ *result = list;
+ return rc;
+}
+
+
+
+/* Return the secret key as an S-Exp after locating it using the grip.
+ Returns NULL if key is not available. 0 = key is available */
+int
+agent_key_available (const unsigned char *grip)
+{
+ int result;
+ char *fname;
+ char hexgrip[40+4+1];
+
+ bin2hex (grip, 20, hexgrip);
+ strcpy (hexgrip+40, ".key");
+
+ fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
+ result = !access (fname, R_OK)? 0 : -1;
+ xfree (fname);
+ return result;
+}
+
+
+
+/* Return the information about the secret key specified by the binary
+ keygrip GRIP. If the key is a shadowed one the shadow information
+ will be stored at the address R_SHADOW_INFO as an allocated
+ S-expression. */
+gpg_error_t
+agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
+ int *r_keytype, unsigned char **r_shadow_info)
+{
+ gpg_error_t err;
+ unsigned char *buf;
+ size_t len;
+ int keytype;
+
+ (void)ctrl;
+
+ if (r_keytype)
+ *r_keytype = PRIVATE_KEY_UNKNOWN;
+ if (r_shadow_info)
+ *r_shadow_info = NULL;
+
+ {
+ gcry_sexp_t sexp;
+
+ err = read_key_file (grip, &sexp);
+ if (err)
+ {
+ if (gpg_err_code (err) == GPG_ERR_ENOENT)
+ return gpg_error (GPG_ERR_NOT_FOUND);
+ else
+ return err;
+ }
+ err = make_canon_sexp (sexp, &buf, &len);
+ gcry_sexp_release (sexp);
+ if (err)
+ return err;
+ }
+
+ keytype = agent_private_key_type (buf);
+ switch (keytype)
+ {
+ case PRIVATE_KEY_CLEAR:
+ break;
+ case PRIVATE_KEY_PROTECTED:
+ /* If we ever require it we could retrieve the comment fields
+ from such a key. */
+ break;
+ case PRIVATE_KEY_SHADOWED:
+ if (r_shadow_info)
+ {
+ const unsigned char *s;
+ size_t n;
+
+ err = agent_get_shadow_info (buf, &s);
+ if (!err)
+ {
+ n = gcry_sexp_canon_len (s, 0, NULL, NULL);
+ assert (n);
+ *r_shadow_info = xtrymalloc (n);
+ if (!*r_shadow_info)
+ err = gpg_error_from_syserror ();
+ else
+ memcpy (*r_shadow_info, s, n);
+ }
+ }
+ break;
+ default:
+ err = gpg_error (GPG_ERR_BAD_SECKEY);
+ break;
+ }
+
+ if (!err && r_keytype)
+ *r_keytype = keytype;
+
+ xfree (buf);
+ return err;
+}
diff --git a/agent/genkey.c b/agent/genkey.c
new file mode 100644
index 0000000..176e77d
--- /dev/null
+++ b/agent/genkey.c
@@ -0,0 +1,484 @@
+/* genkey.c - Generate a keypair
+ * Copyright (C) 2002, 2003, 2004, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+
+#include "agent.h"
+#include "i18n.h"
+#include "exechelp.h"
+#include "sysutils.h"
+
+static int
+store_key (gcry_sexp_t private, const char *passphrase, int force)
+{
+ int rc;
+ unsigned char *buf;
+ size_t len;
+ unsigned char grip[20];
+
+ if ( !gcry_pk_get_keygrip (private, grip) )
+ {
+ log_error ("can't calculate keygrip\n");
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+
+ len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, NULL, 0);
+ assert (len);
+ buf = gcry_malloc_secure (len);
+ if (!buf)
+ return out_of_core ();
+ len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, buf, len);
+ assert (len);
+
+ if (passphrase)
+ {
+ unsigned char *p;
+
+ rc = agent_protect (buf, passphrase, &p, &len);
+ if (rc)
+ {
+ xfree (buf);
+ return rc;
+ }
+ xfree (buf);
+ buf = p;
+ }
+
+ rc = agent_write_private_key (grip, buf, len, force);
+ xfree (buf);
+ return rc;
+}
+
+
+/* Count the number of non-alpha characters in S. Control characters
+ and non-ascii characters are not considered. */
+static size_t
+nonalpha_count (const char *s)
+{
+ size_t n;
+
+ for (n=0; *s; s++)
+ if (isascii (*s) && ( isdigit (*s) || ispunct (*s) ))
+ n++;
+
+ return n;
+}
+
+
+/* Check PW against a list of pattern. Return 0 if PW does not match
+ these pattern. */
+static int
+check_passphrase_pattern (ctrl_t ctrl, const char *pw)
+{
+ gpg_error_t err = 0;
+ const char *pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CHECK_PATTERN);
+ FILE *infp;
+ const char *argv[10];
+ pid_t pid;
+ int result, i;
+
+ (void)ctrl;
+
+ infp = gnupg_tmpfile ();
+ if (!infp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error creating temporary file: %s\n"), gpg_strerror (err));
+ return 1; /* Error - assume password should not be used. */
+ }
+
+ if (fwrite (pw, strlen (pw), 1, infp) != 1)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error writing to temporary file: %s\n"),
+ gpg_strerror (err));
+ fclose (infp);
+ return 1; /* Error - assume password should not be used. */
+ }
+ rewind (infp);
+
+ i = 0;
+ argv[i++] = "--null";
+ argv[i++] = "--",
+ argv[i++] = opt.check_passphrase_pattern,
+ argv[i] = NULL;
+ assert (i < sizeof argv);
+
+ if (gnupg_spawn_process_fd (pgmname, argv, fileno (infp), -1, -1, &pid))
+ result = 1; /* Execute error - assume password should no be used. */
+ else if (gnupg_wait_process (pgmname, pid, NULL))
+ result = 1; /* Helper returned an error - probably a match. */
+ else
+ result = 0; /* Success; i.e. no match. */
+
+ /* Overwrite our temporary file. */
+ rewind (infp);
+ for (i=((strlen (pw)+99)/100)*100; i > 0; i--)
+ putc ('\xff', infp);
+ fflush (infp);
+ fclose (infp);
+ return result;
+}
+
+
+static int
+take_this_one_anyway2 (ctrl_t ctrl, const char *desc, const char *anyway_btn)
+{
+ gpg_error_t err;
+
+ if (opt.enforce_passphrase_constraints)
+ {
+ err = agent_show_message (ctrl, desc, _("Enter new passphrase"));
+ if (!err)
+ err = gpg_error (GPG_ERR_CANCELED);
+ }
+ else
+ err = agent_get_confirmation (ctrl, desc,
+ anyway_btn, _("Enter new passphrase"), 0);
+ return err;
+}
+
+
+static int
+take_this_one_anyway (ctrl_t ctrl, const char *desc)
+{
+ return take_this_one_anyway2 (ctrl, desc, _("Take this one anyway"));
+}
+
+
+/* Check whether the passphrase PW is suitable. Returns 0 if the
+ passphrase is suitable and true if it is not and the user should be
+ asked to provide a different one. If SILENT is set, no message are
+ displayed. */
+int
+check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
+{
+ gpg_error_t err;
+ unsigned int minlen = opt.min_passphrase_len;
+ unsigned int minnonalpha = opt.min_passphrase_nonalpha;
+
+ if (!pw)
+ pw = "";
+
+ if (utf8_charcount (pw) < minlen )
+ {
+ char *desc;
+
+ if (silent)
+ return gpg_error (GPG_ERR_INV_PASSPHRASE);
+
+ desc = xtryasprintf
+ ( ngettext ("Warning: You have entered an insecure passphrase.%%0A"
+ "A passphrase should be at least %u character long.",
+ "Warning: You have entered an insecure passphrase.%%0A"
+ "A passphrase should be at least %u characters long.",
+ minlen), minlen );
+ if (!desc)
+ return gpg_error_from_syserror ();
+ err = take_this_one_anyway (ctrl, desc);
+ xfree (desc);
+ if (err)
+ return err;
+ }
+
+ if (nonalpha_count (pw) < minnonalpha )
+ {
+ char *desc;
+
+ if (silent)
+ return gpg_error (GPG_ERR_INV_PASSPHRASE);
+
+ desc = xtryasprintf
+ ( ngettext ("Warning: You have entered an insecure passphrase.%%0A"
+ "A passphrase should contain at least %u digit or%%0A"
+ "special character.",
+ "Warning: You have entered an insecure passphrase.%%0A"
+ "A passphrase should contain at least %u digits or%%0A"
+ "special characters.",
+ minnonalpha), minnonalpha );
+ if (!desc)
+ return gpg_error_from_syserror ();
+ err = take_this_one_anyway (ctrl, desc);
+ xfree (desc);
+ if (err)
+ return err;
+ }
+
+ /* If configured check the passphrase against a list of know words
+ and pattern. The actual test is done by an external program.
+ The warning message is generic to give the user no hint on how to
+ circumvent this list. */
+ if (*pw && opt.check_passphrase_pattern &&
+ check_passphrase_pattern (ctrl, pw))
+ {
+ const char *desc =
+ /* */ _("Warning: You have entered an insecure passphrase.%%0A"
+ "A passphrase may not be a known term or match%%0A"
+ "certain pattern.");
+
+ if (silent)
+ return gpg_error (GPG_ERR_INV_PASSPHRASE);
+
+ err = take_this_one_anyway (ctrl, desc);
+ if (err)
+ return err;
+ }
+
+ /* The final check is to warn about an empty passphrase. */
+ if (!*pw)
+ {
+ const char *desc = (opt.enforce_passphrase_constraints?
+ _("You have not entered a passphrase!%0A"
+ "An empty passphrase is not allowed.") :
+ _("You have not entered a passphrase - "
+ "this is in general a bad idea!%0A"
+ "Please confirm that you do not want to "
+ "have any protection on your key."));
+
+ if (silent)
+ return gpg_error (GPG_ERR_INV_PASSPHRASE);
+
+ err = take_this_one_anyway2 (ctrl, desc,
+ _("Yes, protection is not needed"));
+ if (err)
+ return err;
+ }
+
+ return 0;
+}
+
+
+/* Callback function to compare the first entered PIN with the one
+ currently being entered. */
+static int
+reenter_compare_cb (struct pin_entry_info_s *pi)
+{
+ const char *pin1 = pi->check_cb_arg;
+
+ if (!strcmp (pin1, pi->pin))
+ return 0; /* okay */
+ return -1;
+}
+
+
+
+/* Generate a new keypair according to the parameters given in
+ KEYPARAM */
+int
+agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen,
+ membuf_t *outbuf)
+{
+ gcry_sexp_t s_keyparam, s_key, s_private, s_public;
+ struct pin_entry_info_s *pi, *pi2;
+ int rc;
+ size_t len;
+ char *buf;
+
+ rc = gcry_sexp_sscan (&s_keyparam, NULL, keyparam, keyparamlen);
+ if (rc)
+ {
+ log_error ("failed to convert keyparam: %s\n", gpg_strerror (rc));
+ return gpg_error (GPG_ERR_INV_DATA);
+ }
+
+ /* Get the passphrase now, cause key generation may take a while. */
+ {
+ const char *text1 = _("Please enter the passphrase to%0A"
+ "to protect your new key");
+ const char *text2 = _("Please re-enter this passphrase");
+ const char *initial_errtext = NULL;
+
+ pi = gcry_calloc_secure (2, sizeof (*pi) + 100);
+ pi2 = pi + (sizeof *pi + 100);
+ pi->max_length = 100;
+ pi->max_tries = 3;
+ pi->with_qualitybar = 1;
+ pi2->max_length = 100;
+ pi2->max_tries = 3;
+ pi2->check_cb = reenter_compare_cb;
+ pi2->check_cb_arg = pi->pin;
+
+ next_try:
+ rc = agent_askpin (ctrl, text1, NULL, initial_errtext, pi);
+ initial_errtext = NULL;
+ if (!rc)
+ {
+ if (check_passphrase_constraints (ctrl, pi->pin, 0))
+ {
+ pi->failed_tries = 0;
+ pi2->failed_tries = 0;
+ goto next_try;
+ }
+ if (pi->pin && *pi->pin)
+ {
+ rc = agent_askpin (ctrl, text2, NULL, NULL, pi2);
+ if (rc == -1)
+ { /* The re-entered one did not match and the user did not
+ hit cancel. */
+ initial_errtext = _("does not match - try again");
+ goto next_try;
+ }
+ }
+ }
+ if (rc)
+ {
+ xfree (pi);
+ return rc;
+ }
+
+ if (!*pi->pin)
+ {
+ xfree (pi);
+ pi = NULL; /* User does not want a passphrase. */
+ }
+ }
+
+ rc = gcry_pk_genkey (&s_key, s_keyparam );
+ gcry_sexp_release (s_keyparam);
+ if (rc)
+ {
+ log_error ("key generation failed: %s\n", gpg_strerror (rc));
+ xfree (pi);
+ return rc;
+ }
+
+ /* break out the parts */
+ s_private = gcry_sexp_find_token (s_key, "private-key", 0);
+ if (!s_private)
+ {
+ log_error ("key generation failed: invalid return value\n");
+ gcry_sexp_release (s_key);
+ xfree (pi);
+ return gpg_error (GPG_ERR_INV_DATA);
+ }
+ s_public = gcry_sexp_find_token (s_key, "public-key", 0);
+ if (!s_public)
+ {
+ log_error ("key generation failed: invalid return value\n");
+ gcry_sexp_release (s_private);
+ gcry_sexp_release (s_key);
+ xfree (pi);
+ return gpg_error (GPG_ERR_INV_DATA);
+ }
+ gcry_sexp_release (s_key); s_key = NULL;
+
+ /* store the secret key */
+ if (DBG_CRYPTO)
+ log_debug ("storing private key\n");
+ rc = store_key (s_private, pi? pi->pin:NULL, 0);
+ xfree (pi); pi = NULL;
+ gcry_sexp_release (s_private);
+ if (rc)
+ {
+ gcry_sexp_release (s_public);
+ return rc;
+ }
+
+ /* return the public key */
+ if (DBG_CRYPTO)
+ log_debug ("returning public key\n");
+ len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, NULL, 0);
+ assert (len);
+ buf = xtrymalloc (len);
+ if (!buf)
+ {
+ gpg_error_t tmperr = out_of_core ();
+ gcry_sexp_release (s_private);
+ gcry_sexp_release (s_public);
+ return tmperr;
+ }
+ len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, buf, len);
+ assert (len);
+ put_membuf (outbuf, buf, len);
+ gcry_sexp_release (s_public);
+ xfree (buf);
+
+ return 0;
+}
+
+
+
+/* Apply a new passpahrse to the key S_SKEY and store it. */
+int
+agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey)
+{
+ struct pin_entry_info_s *pi, *pi2;
+ int rc;
+
+ {
+ const char *text1 = _("Please enter the new passphrase");
+ const char *text2 = _("Please re-enter this passphrase");
+ const char *initial_errtext = NULL;
+
+ pi = gcry_calloc_secure (2, sizeof (*pi) + 100);
+ pi2 = pi + (sizeof *pi + 100);
+ pi->max_length = 100;
+ pi->max_tries = 3;
+ pi->with_qualitybar = 1;
+ pi2->max_length = 100;
+ pi2->max_tries = 3;
+ pi2->check_cb = reenter_compare_cb;
+ pi2->check_cb_arg = pi->pin;
+
+ next_try:
+ rc = agent_askpin (ctrl, text1, NULL, initial_errtext, pi);
+ initial_errtext = NULL;
+ if (!rc)
+ {
+ if (check_passphrase_constraints (ctrl, pi->pin, 0))
+ {
+ pi->failed_tries = 0;
+ pi2->failed_tries = 0;
+ goto next_try;
+ }
+ /* Unless the passphrase is empty, ask to confirm it. */
+ if (pi->pin && *pi->pin)
+ {
+ rc = agent_askpin (ctrl, text2, NULL, NULL, pi2);
+ if (rc == -1)
+ { /* The re-entered one did not match and the user did not
+ hit cancel. */
+ initial_errtext = _("does not match - try again");
+ goto next_try;
+ }
+ }
+ }
+ if (rc)
+ {
+ xfree (pi);
+ return rc;
+ }
+
+ if (!*pi->pin)
+ {
+ xfree (pi);
+ pi = NULL; /* User does not want a passphrase. */
+ }
+ }
+
+ rc = store_key (s_skey, pi? pi->pin:NULL, 1);
+ xfree (pi);
+ return rc;
+}
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
new file mode 100644
index 0000000..b00d899
--- /dev/null
+++ b/agent/gpg-agent.c
@@ -0,0 +1,2291 @@
+/* gpg-agent.c - The GnuPG Agent
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005,
+ * 2006, 2007, 2009, 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdarg.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <time.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#ifndef HAVE_W32_SYSTEM
+# include <sys/socket.h>
+# include <sys/un.h>
+#endif /*!HAVE_W32_SYSTEM*/
+#include <unistd.h>
+#include <signal.h>
+#include <pth.h>
+
+#define JNLIB_NEED_LOG_LOGV
+#define JNLIB_NEED_AFLOCAL
+#include "agent.h"
+#include <assuan.h> /* Malloc hooks and socket wrappers. */
+
+#include "i18n.h"
+#include "mkdtemp.h" /* Gnulib replacement. */
+#include "sysutils.h"
+#include "setenv.h"
+#include "gc-opt-flags.h"
+#include "exechelp.h"
+#include "../common/estream.h"
+
+enum cmd_and_opt_values
+{ aNull = 0,
+ oCsh = 'c',
+ oQuiet = 'q',
+ oSh = 's',
+ oVerbose = 'v',
+
+ oNoVerbose = 500,
+ aGPGConfList,
+ aGPGConfTest,
+ aUseStandardSocketP,
+ oOptions,
+ oDebug,
+ oDebugAll,
+ oDebugLevel,
+ oDebugWait,
+ oNoGreeting,
+ oNoOptions,
+ oHomedir,
+ oNoDetach,
+ oNoGrab,
+ oLogFile,
+ oServer,
+ oDaemon,
+ oBatch,
+
+ oPinentryProgram,
+ oPinentryTouchFile,
+ oDisplay,
+ oTTYname,
+ oTTYtype,
+ oLCctype,
+ oLCmessages,
+ oXauthority,
+ oScdaemonProgram,
+ oDefCacheTTL,
+ oDefCacheTTLSSH,
+ oMaxCacheTTL,
+ oMaxCacheTTLSSH,
+ oEnforcePassphraseConstraints,
+ oMinPassphraseLen,
+ oMinPassphraseNonalpha,
+ oCheckPassphrasePattern,
+ oMaxPassphraseDays,
+ oEnablePassphraseHistory,
+ oUseStandardSocket,
+ oNoUseStandardSocket,
+ oFakedSystemTime,
+
+ oIgnoreCacheForSigning,
+ oAllowMarkTrusted,
+ oAllowPresetPassphrase,
+ oKeepTTY,
+ oKeepDISPLAY,
+ oSSHSupport,
+ oDisableScdaemon,
+ oWriteEnvFile
+};
+
+
+
+static ARGPARSE_OPTS opts[] = {
+
+ { aGPGConfList, "gpgconf-list", 256, "@" },
+ { aGPGConfTest, "gpgconf-test", 256, "@" },
+ { aUseStandardSocketP, "use-standard-socket-p", 256, "@" },
+
+ { 301, NULL, 0, N_("@Options:\n ") },
+
+ { oServer, "server", 0, N_("run in server mode (foreground)") },
+ { oDaemon, "daemon", 0, N_("run in daemon mode (background)") },
+ { oVerbose, "verbose", 0, N_("verbose") },
+ { oQuiet, "quiet", 0, N_("be somewhat more quiet") },
+ { oSh, "sh", 0, N_("sh-style command output") },
+ { oCsh, "csh", 0, N_("csh-style command output") },
+ { oOptions, "options" , 2, N_("|FILE|read options from FILE")},
+ { oDebug, "debug" ,4|16, "@"},
+ { oDebugAll, "debug-all" ,0, "@"},
+ { oDebugLevel, "debug-level" ,2, "@"},
+ { oDebugWait,"debug-wait",1, "@"},
+ { oNoDetach, "no-detach" ,0, N_("do not detach from the console")},
+ { oNoGrab, "no-grab" ,0, N_("do not grab keyboard and mouse")},
+ { oLogFile, "log-file" ,2, N_("use a log file for the server")},
+ { oUseStandardSocket, "use-standard-socket", 0,
+ N_("use a standard location for the socket")},
+ { oNoUseStandardSocket, "no-use-standard-socket", 0, "@"},
+ { oPinentryProgram, "pinentry-program", 2 ,
+ N_("|PGM|use PGM as the PIN-Entry program") },
+ { oPinentryTouchFile, "pinentry-touch-file", 2 , "@" },
+ { oScdaemonProgram, "scdaemon-program", 2 ,
+ N_("|PGM|use PGM as the SCdaemon program") },
+ { oDisableScdaemon, "disable-scdaemon", 0, N_("do not use the SCdaemon") },
+ { oFakedSystemTime, "faked-system-time", 2, "@" }, /* (epoch time) */
+
+ { oBatch, "batch", 0, "@" },
+ { oHomedir, "homedir", 2, "@"},
+
+ { oDisplay, "display", 2, "@" },
+ { oTTYname, "ttyname", 2, "@" },
+ { oTTYtype, "ttytype", 2, "@" },
+ { oLCctype, "lc-ctype", 2, "@" },
+ { oLCmessages, "lc-messages", 2, "@" },
+ { oXauthority, "xauthority", 2, "@" },
+ { oKeepTTY, "keep-tty", 0, N_("ignore requests to change the TTY")},
+ { oKeepDISPLAY, "keep-display",
+ 0, N_("ignore requests to change the X display")},
+
+ { oDefCacheTTL, "default-cache-ttl", 4,
+ N_("|N|expire cached PINs after N seconds")},
+ { oDefCacheTTLSSH, "default-cache-ttl-ssh", 4, "@" },
+ { oMaxCacheTTL, "max-cache-ttl", 4, "@" },
+ { oMaxCacheTTLSSH, "max-cache-ttl-ssh", 4, "@" },
+
+ { oEnforcePassphraseConstraints, "enforce-passphrase-constraints", 0, "@"},
+ { oMinPassphraseLen, "min-passphrase-len", 4, "@" },
+ { oMinPassphraseNonalpha, "min-passphrase-nonalpha", 4, "@" },
+ { oCheckPassphrasePattern, "check-passphrase-pattern", 2, "@" },
+ { oMaxPassphraseDays, "max-passphrase-days", 4, "@" },
+ { oEnablePassphraseHistory, "enable-passphrase-history", 0, "@" },
+
+ { oIgnoreCacheForSigning, "ignore-cache-for-signing", 0,
+ N_("do not use the PIN cache when signing")},
+ { oAllowMarkTrusted, "allow-mark-trusted", 0,
+ N_("allow clients to mark keys as \"trusted\"")},
+ { oAllowPresetPassphrase, "allow-preset-passphrase", 0,
+ N_("allow presetting passphrase")},
+ { oSSHSupport, "enable-ssh-support", 0, N_("enable ssh-agent emulation") },
+ { oWriteEnvFile, "write-env-file", 2|8,
+ N_("|FILE|write environment settings also to FILE")},
+ {0}
+};
+
+
+#define DEFAULT_CACHE_TTL (10*60) /* 10 minutes */
+#define DEFAULT_CACHE_TTL_SSH (30*60) /* 30 minutes */
+#define MAX_CACHE_TTL (120*60) /* 2 hours */
+#define MAX_CACHE_TTL_SSH (120*60) /* 2 hours */
+#define MIN_PASSPHRASE_LEN (8)
+#define MIN_PASSPHRASE_NONALPHA (1)
+#define MAX_PASSPHRASE_DAYS (0)
+
+/* The timer tick used for housekeeping stuff. For Windows we use a
+ longer period as the SetWaitableTimer seems to signal earlier than
+ the 2 seconds. */
+#ifdef HAVE_W32_SYSTEM
+#define TIMERTICK_INTERVAL (4)
+#else
+#define TIMERTICK_INTERVAL (2) /* Seconds. */
+#endif
+
+
+/* The list of open file descriptors at startup. Note that this list
+ has been allocated using the standard malloc. */
+static int *startup_fd_list;
+
+/* The signal mask at startup and a flag telling whether it is valid. */
+#ifdef HAVE_SIGPROCMASK
+static sigset_t startup_signal_mask;
+static int startup_signal_mask_valid;
+#endif
+
+/* Flag to indicate that a shutdown was requested. */
+static int shutdown_pending;
+
+/* Counter for the currently running own socket checks. */
+static int check_own_socket_running;
+
+/* It is possible that we are currently running under setuid permissions */
+static int maybe_setuid = 1;
+
+/* Name of the communication socket used for native gpg-agent requests. */
+static char *socket_name;
+
+/* Name of the communication socket used for ssh-agent-emulation. */
+static char *socket_name_ssh;
+
+/* We need to keep track of the server's nonces (these are dummies for
+ POSIX systems). */
+static assuan_sock_nonce_t socket_nonce;
+static assuan_sock_nonce_t socket_nonce_ssh;
+
+
+/* Default values for options passed to the pinentry. */
+static char *default_display;
+static char *default_ttyname;
+static char *default_ttytype;
+static char *default_lc_ctype;
+static char *default_lc_messages;
+static char *default_xauthority;
+
+/* Name of a config file, which will be reread on a HUP if it is not NULL. */
+static char *config_filename;
+
+/* Helper to implement --debug-level */
+static const char *debug_level;
+
+/* Keep track of the current log file so that we can avoid updating
+ the log file after a SIGHUP if it didn't changed. Malloced. */
+static char *current_logfile;
+
+/* The handle_tick() function may test whether a parent is still
+ running. We record the PID of the parent here or -1 if it should be
+ watched. */
+static pid_t parent_pid = (pid_t)(-1);
+
+
+/*
+ Local prototypes.
+ */
+
+static char *create_socket_name (char *standard_name, char *template);
+static gnupg_fd_t create_server_socket (char *name, int is_ssh,
+ assuan_sock_nonce_t *nonce);
+static void create_directories (void);
+
+static void agent_init_default_ctrl (ctrl_t ctrl);
+static void agent_deinit_default_ctrl (ctrl_t ctrl);
+
+static void handle_connections (gnupg_fd_t listen_fd,
+ gnupg_fd_t listen_fd_ssh);
+static void check_own_socket (void);
+static int check_for_running_agent (int silent, int mode);
+
+/* Pth wrapper function definitions. */
+ASSUAN_SYSTEM_PTH_IMPL;
+
+GCRY_THREAD_OPTION_PTH_IMPL;
+static int fixed_gcry_pth_init (void)
+{
+ return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0;
+}
+
+
+#ifndef PTH_HAVE_PTH_THREAD_ID
+static unsigned long pth_thread_id (void)
+{
+ return (unsigned long)pth_self ();
+}
+#endif
+
+
+
+/*
+ Functions.
+ */
+
+static char *
+make_libversion (const char *libname, const char *(*getfnc)(const char*))
+{
+ const char *s;
+ char *result;
+
+ if (maybe_setuid)
+ {
+ gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ maybe_setuid = 0;
+ }
+ s = getfnc (NULL);
+ result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
+ strcpy (stpcpy (stpcpy (result, libname), " "), s);
+ return result;
+}
+
+
+static const char *
+my_strusage (int level)
+{
+ static char *ver_gcry;
+ const char *p;
+
+ switch (level)
+ {
+ case 11: p = "gpg-agent (GnuPG)";
+ break;
+ case 13: p = VERSION; break;
+ case 17: p = PRINTABLE_OS_NAME; break;
+ /* TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+ reporting address. This is so that we can change the
+ reporting address without breaking the translations. */
+ case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+ case 20:
+ if (!ver_gcry)
+ ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
+ p = ver_gcry;
+ break;
+
+ case 1:
+ case 40: p = _("Usage: gpg-agent [options] (-h for help)");
+ break;
+ case 41: p = _("Syntax: gpg-agent [options] [command [args]]\n"
+ "Secret key management for GnuPG\n");
+ break;
+
+ default: p = NULL;
+ }
+ return p;
+}
+
+
+
+/* Setup the debugging. With the global variable DEBUG_LEVEL set to NULL
+ only the active debug flags are propagated to the subsystems. With
+ DEBUG_LEVEL set, a specific set of debug flags is set; thus overriding
+ all flags already set. Note that we don't fail here, because it is
+ important to keep gpg-agent running even after re-reading the
+ options due to a SIGHUP. */
+static void
+set_debug (void)
+{
+ int numok = (debug_level && digitp (debug_level));
+ int numlvl = numok? atoi (debug_level) : 0;
+
+ if (!debug_level)
+ ;
+ else if (!strcmp (debug_level, "none") || (numok && numlvl < 1))
+ opt.debug = 0;
+ else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2))
+ opt.debug = DBG_ASSUAN_VALUE;
+ else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5))
+ opt.debug = DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE;
+ else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8))
+ opt.debug = (DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE
+ |DBG_CACHE_VALUE);
+ else if (!strcmp (debug_level, "guru") || numok)
+ {
+ opt.debug = ~0;
+ /* Unless the "guru" string has been used we don't want to allow
+ hashing debugging. The rationale is that people tend to
+ select the highest debug value and would then clutter their
+ disk with debug files which may reveal confidential data. */
+ if (numok)
+ opt.debug &= ~(DBG_HASHING_VALUE);
+ }
+ else
+ {
+ log_error (_("invalid debug-level `%s' given\n"), debug_level);
+ opt.debug = 0; /* Reset debugging, so that prior debug
+ statements won't have an undesired effect. */
+ }
+
+ if (opt.debug && !opt.verbose)
+ opt.verbose = 1;
+ if (opt.debug && opt.quiet)
+ opt.quiet = 0;
+
+ if (opt.debug & DBG_MPI_VALUE)
+ gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
+ if (opt.debug & DBG_CRYPTO_VALUE )
+ gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
+ gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
+
+ if (opt.debug)
+ log_info ("enabled debug flags:%s%s%s%s%s%s%s%s\n",
+ (opt.debug & DBG_COMMAND_VALUE)? " command":"",
+ (opt.debug & DBG_MPI_VALUE )? " mpi":"",
+ (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",
+ (opt.debug & DBG_MEMORY_VALUE )? " memory":"",
+ (opt.debug & DBG_CACHE_VALUE )? " cache":"",
+ (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
+ (opt.debug & DBG_HASHING_VALUE)? " hashing":"",
+ (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"");
+}
+
+
+/* Helper for cleanup to remove one socket with NAME. */
+static void
+remove_socket (char *name)
+{
+ if (name && *name)
+ {
+ char *p;
+
+ remove (name);
+ p = strrchr (name, '/');
+ if (p)
+ {
+ *p = 0;
+ rmdir (name);
+ *p = '/';
+ }
+ *name = 0;
+ }
+}
+
+static void
+cleanup (void)
+{
+ remove_socket (socket_name);
+ remove_socket (socket_name_ssh);
+}
+
+
+
+/* Handle options which are allowed to be reset after program start.
+ Return true when the current option in PARGS could be handled and
+ false if not. As a special feature, passing a value of NULL for
+ PARGS, resets the options to the default. REREAD should be set
+ true if it is not the initial option parsing. */
+static int
+parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
+{
+ if (!pargs)
+ { /* reset mode */
+ opt.quiet = 0;
+ opt.verbose = 0;
+ opt.debug = 0;
+ opt.no_grab = 0;
+ opt.pinentry_program = NULL;
+ opt.pinentry_touch_file = NULL;
+ opt.scdaemon_program = NULL;
+ opt.def_cache_ttl = DEFAULT_CACHE_TTL;
+ opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL_SSH;
+ opt.max_cache_ttl = MAX_CACHE_TTL;
+ opt.max_cache_ttl_ssh = MAX_CACHE_TTL_SSH;
+ opt.enforce_passphrase_constraints = 0;
+ opt.min_passphrase_len = MIN_PASSPHRASE_LEN;
+ opt.min_passphrase_nonalpha = MIN_PASSPHRASE_NONALPHA;
+ opt.check_passphrase_pattern = NULL;
+ opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
+ opt.enable_passhrase_history = 0;
+ opt.ignore_cache_for_signing = 0;
+ opt.allow_mark_trusted = 0;
+ opt.disable_scdaemon = 0;
+ return 1;
+ }
+
+ switch (pargs->r_opt)
+ {
+ case oQuiet: opt.quiet = 1; break;
+ case oVerbose: opt.verbose++; break;
+
+ case oDebug: opt.debug |= pargs->r.ret_ulong; break;
+ case oDebugAll: opt.debug = ~0; break;
+ case oDebugLevel: debug_level = pargs->r.ret_str; break;
+
+ case oLogFile:
+ if (!reread)
+ return 0; /* not handeld */
+ if (!current_logfile || !pargs->r.ret_str
+ || strcmp (current_logfile, pargs->r.ret_str))
+ {
+ log_set_file (pargs->r.ret_str);
+ if (DBG_ASSUAN)
+ assuan_set_assuan_log_stream (log_get_stream ());
+ xfree (current_logfile);
+ current_logfile = xtrystrdup (pargs->r.ret_str);
+ }
+ break;
+
+ case oNoGrab: opt.no_grab = 1; break;
+
+ case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break;
+ case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
+ case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break;
+ case oDisableScdaemon: opt.disable_scdaemon = 1; break;
+
+ case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break;
+ case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break;
+ case oMaxCacheTTL: opt.max_cache_ttl = pargs->r.ret_ulong; break;
+ case oMaxCacheTTLSSH: opt.max_cache_ttl_ssh = pargs->r.ret_ulong; break;
+
+ case oEnforcePassphraseConstraints:
+ opt.enforce_passphrase_constraints=1;
+ break;
+ case oMinPassphraseLen: opt.min_passphrase_len = pargs->r.ret_ulong; break;
+ case oMinPassphraseNonalpha:
+ opt.min_passphrase_nonalpha = pargs->r.ret_ulong;
+ break;
+ case oCheckPassphrasePattern:
+ opt.check_passphrase_pattern = pargs->r.ret_str;
+ break;
+ case oMaxPassphraseDays:
+ opt.max_passphrase_days = pargs->r.ret_ulong;
+ break;
+ case oEnablePassphraseHistory:
+ opt.enable_passhrase_history = 1;
+ break;
+
+ case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
+
+ case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break;
+
+ case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break;
+
+ default:
+ return 0; /* not handled */
+ }
+
+ return 1; /* handled */
+}
+
+
+/* The main entry point. */
+int
+main (int argc, char **argv )
+{
+ ARGPARSE_ARGS pargs;
+ int orig_argc;
+ char **orig_argv;
+ FILE *configfp = NULL;
+ char *configname = NULL;
+ const char *shell;
+ unsigned configlineno;
+ int parse_debug = 0;
+ int default_config =1;
+ int greeting = 0;
+ int nogreeting = 0;
+ int pipe_server = 0;
+ int is_daemon = 0;
+ int nodetach = 0;
+ int csh_style = 0;
+ char *logfile = NULL;
+ int debug_wait = 0;
+ int gpgconf_list = 0;
+ gpg_error_t err;
+ const char *env_file_name = NULL;
+ struct assuan_malloc_hooks malloc_hooks;
+
+ /* Before we do anything else we save the list of currently open
+ file descriptors and the signal mask. This info is required to
+ do the exec call properly. */
+ startup_fd_list = get_all_open_fds ();
+#ifdef HAVE_SIGPROCMASK
+ if (!sigprocmask (SIG_UNBLOCK, NULL, &startup_signal_mask))
+ startup_signal_mask_valid = 1;
+#endif /*HAVE_SIGPROCMASK*/
+
+ /* Set program name etc. */
+ set_strusage (my_strusage);
+ gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
+ /* Please note that we may running SUID(ROOT), so be very CAREFUL
+ when adding any stuff between here and the call to INIT_SECMEM()
+ somewhere after the option parsing */
+ log_set_prefix ("gpg-agent", JNLIB_LOG_WITH_PREFIX|JNLIB_LOG_WITH_PID);
+
+ /* Make sure that our subsystems are ready. */
+ i18n_init ();
+ init_common_subsystems ();
+
+
+ /* Libgcrypt requires us to register the threading model first.
+ Note that this will also do the pth_init. */
+ gcry_threads_pth.init = fixed_gcry_pth_init;
+ err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
+ if (err)
+ {
+ log_fatal ("can't register GNU Pth with Libgcrypt: %s\n",
+ gpg_strerror (err));
+ }
+
+
+ /* Check that the libraries are suitable. Do it here because
+ the option parsing may need services of the library. */
+ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
+ {
+ log_fatal( _("%s is too old (need %s, have %s)\n"), "libgcrypt",
+ NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
+ }
+
+ malloc_hooks.malloc = gcry_malloc;
+ malloc_hooks.realloc = gcry_realloc;
+ malloc_hooks.free = gcry_free;
+ assuan_set_malloc_hooks (&malloc_hooks);
+ assuan_set_assuan_log_prefix (log_get_prefix (NULL));
+ assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
+ assuan_set_system_hooks (ASSUAN_SYSTEM_PTH);
+ assuan_sock_init ();
+
+ setup_libgcrypt_logging ();
+ gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
+
+ disable_core_dumps ();
+
+ /* Set default options. */
+ parse_rereadable_options (NULL, 0); /* Reset them to default values. */
+#ifdef USE_STANDARD_SOCKET
+ opt.use_standard_socket = 1; /* Under Windows we always use a standard
+ socket. */
+#endif
+
+ shell = getenv ("SHELL");
+ if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
+ csh_style = 1;
+
+ opt.homedir = default_homedir ();
+
+ /* Record some of the original environment strings. */
+ {
+ const char *s;
+ int idx;
+ static const char *names[] =
+ { "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL };
+
+ err = 0;
+ opt.startup_env = session_env_new ();
+ if (!opt.startup_env)
+ err = gpg_error_from_syserror ();
+ for (idx=0; !err && names[idx]; idx++)
+ {
+ s = getenv (names[idx]);
+ if (s)
+ err = session_env_setenv (opt.startup_env, names[idx], s);
+ }
+ if (!err)
+ {
+ s = ttyname (0);
+ if (s)
+ err = session_env_setenv (opt.startup_env, "GPG_TTY", s);
+ }
+ if (err)
+ log_fatal ("error recording startup environment: %s\n",
+ gpg_strerror (err));
+
+ /* Fixme: Better use the locale function here. */
+ opt.startup_lc_ctype = getenv ("LC_CTYPE");
+ if (opt.startup_lc_ctype)
+ opt.startup_lc_ctype = xstrdup (opt.startup_lc_ctype);
+ opt.startup_lc_messages = getenv ("LC_MESSAGES");
+ if (opt.startup_lc_messages)
+ opt.startup_lc_messages = xstrdup (opt.startup_lc_messages);
+ }
+
+ /* Check whether we have a config file on the commandline */
+ orig_argc = argc;
+ orig_argv = argv;
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags= 1|(1<<6); /* do not remove the args, ignore version */
+ while (arg_parse( &pargs, opts))
+ {
+ if (pargs.r_opt == oDebug || pargs.r_opt == oDebugAll)
+ parse_debug++;
+ else if (pargs.r_opt == oOptions)
+ { /* yes there is one, so we do not try the default one, but
+ read the option file when it is encountered at the
+ commandline */
+ default_config = 0;
+ }
+ else if (pargs.r_opt == oNoOptions)
+ default_config = 0; /* --no-options */
+ else if (pargs.r_opt == oHomedir)
+ opt.homedir = pargs.r.ret_str;
+ }
+
+ /* Initialize the secure memory. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
+ maybe_setuid = 0;
+
+ /*
+ Now we are now working under our real uid
+ */
+
+ if (default_config)
+ configname = make_filename (opt.homedir, "gpg-agent.conf", NULL );
+
+ argc = orig_argc;
+ argv = orig_argv;
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags= 1; /* do not remove the args */
+ next_pass:
+ if (configname)
+ {
+ configlineno = 0;
+ configfp = fopen (configname, "r");
+ if (!configfp)
+ {
+ if (default_config)
+ {
+ if( parse_debug )
+ log_info (_("NOTE: no default option file `%s'\n"),
+ configname );
+ /* Save the default conf file name so that
+ reread_configuration is able to test whether the
+ config file has been created in the meantime. */
+ xfree (config_filename);
+ config_filename = configname;
+ configname = NULL;
+ }
+ else
+ {
+ log_error (_("option file `%s': %s\n"),
+ configname, strerror(errno) );
+ exit(2);
+ }
+ xfree (configname);
+ configname = NULL;
+ }
+ if (parse_debug && configname )
+ log_info (_("reading options from `%s'\n"), configname );
+ default_config = 0;
+ }
+
+ while (optfile_parse( configfp, configname, &configlineno, &pargs, opts) )
+ {
+ if (parse_rereadable_options (&pargs, 0))
+ continue; /* Already handled */
+ switch (pargs.r_opt)
+ {
+ case aGPGConfList: gpgconf_list = 1; break;
+ case aGPGConfTest: gpgconf_list = 2; break;
+ case aUseStandardSocketP: gpgconf_list = 3; break;
+ case oBatch: opt.batch=1; break;
+
+ case oDebugWait: debug_wait = pargs.r.ret_int; break;
+
+ case oOptions:
+ /* config files may not be nested (silently ignore them) */
+ if (!configfp)
+ {
+ xfree(configname);
+ configname = xstrdup(pargs.r.ret_str);
+ goto next_pass;
+ }
+ break;
+ case oNoGreeting: nogreeting = 1; break;
+ case oNoVerbose: opt.verbose = 0; break;
+ case oNoOptions: break; /* no-options */
+ case oHomedir: opt.homedir = pargs.r.ret_str; break;
+ case oNoDetach: nodetach = 1; break;
+ case oLogFile: logfile = pargs.r.ret_str; break;
+ case oCsh: csh_style = 1; break;
+ case oSh: csh_style = 0; break;
+ case oServer: pipe_server = 1; break;
+ case oDaemon: is_daemon = 1; break;
+
+ case oDisplay: default_display = xstrdup (pargs.r.ret_str); break;
+ case oTTYname: default_ttyname = xstrdup (pargs.r.ret_str); break;
+ case oTTYtype: default_ttytype = xstrdup (pargs.r.ret_str); break;
+ case oLCctype: default_lc_ctype = xstrdup (pargs.r.ret_str); break;
+ case oLCmessages: default_lc_messages = xstrdup (pargs.r.ret_str);
+ case oXauthority: default_xauthority = xstrdup (pargs.r.ret_str);
+ break;
+
+ case oUseStandardSocket: opt.use_standard_socket = 1; break;
+ case oNoUseStandardSocket: opt.use_standard_socket = 0; break;
+
+ case oFakedSystemTime:
+ {
+ time_t faked_time = isotime2epoch (pargs.r.ret_str);
+ if (faked_time == (time_t)(-1))
+ faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
+ gnupg_set_time (faked_time, 0);
+ }
+ break;
+
+ case oKeepTTY: opt.keep_tty = 1; break;
+ case oKeepDISPLAY: opt.keep_display = 1; break;
+
+ case oSSHSupport: opt.ssh_support = 1; break;
+ case oWriteEnvFile:
+ if (pargs.r_type)
+ env_file_name = pargs.r.ret_str;
+ else
+ env_file_name = make_filename ("~/.gpg-agent-info", NULL);
+ break;
+
+ default : pargs.err = configfp? 1:2; break;
+ }
+ }
+ if (configfp)
+ {
+ fclose( configfp );
+ configfp = NULL;
+ /* Keep a copy of the name so that it can be read on SIGHUP. */
+ if (config_filename != configname)
+ {
+ xfree (config_filename);
+ config_filename = configname;
+ }
+ configname = NULL;
+ goto next_pass;
+ }
+
+ xfree (configname);
+ configname = NULL;
+ if (log_get_errorcount(0))
+ exit(2);
+ if (nogreeting )
+ greeting = 0;
+
+ if (greeting)
+ {
+ fprintf (stderr, "%s %s; %s\n",
+ strusage(11), strusage(13), strusage(14) );
+ fprintf (stderr, "%s\n", strusage(15) );
+ }
+#ifdef IS_DEVELOPMENT_VERSION
+ /* We don't want to print it here because gpg-agent is useful of its
+ own and quite matured. */
+ /*log_info ("NOTE: this is a development version!\n");*/
+#endif
+
+ set_debug ();
+
+ if (atexit (cleanup))
+ {
+ log_error ("atexit failed\n");
+ cleanup ();
+ exit (1);
+ }
+
+ initialize_module_call_pinentry ();
+ initialize_module_call_scd ();
+ initialize_module_trustlist ();
+
+ /* Try to create missing directories. */
+ create_directories ();
+
+ if (debug_wait && pipe_server)
+ {
+ log_debug ("waiting for debugger - my pid is %u .....\n",
+ (unsigned int)getpid());
+ gnupg_sleep (debug_wait);
+ log_debug ("... okay\n");
+ }
+
+ if (gpgconf_list == 3)
+ agent_exit (!opt.use_standard_socket);
+ if (gpgconf_list == 2)
+ agent_exit (0);
+ if (gpgconf_list)
+ {
+ char *filename;
+ char *filename_esc;
+
+ /* List options and default values in the GPG Conf format. */
+ filename = make_filename (opt.homedir, "gpg-agent.conf", NULL );
+ filename_esc = percent_escape (filename, NULL);
+
+ printf ("gpgconf-gpg-agent.conf:%lu:\"%s\n",
+ GC_OPT_FLAG_DEFAULT, filename_esc);
+ xfree (filename);
+ xfree (filename_esc);
+
+ printf ("verbose:%lu:\n"
+ "quiet:%lu:\n"
+ "debug-level:%lu:\"none:\n"
+ "log-file:%lu:\n",
+ GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME,
+ GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME,
+ GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
+ GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME );
+ printf ("default-cache-ttl:%lu:%d:\n",
+ GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL );
+ printf ("default-cache-ttl-ssh:%lu:%d:\n",
+ GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL_SSH );
+ printf ("max-cache-ttl:%lu:%d:\n",
+ GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL );
+ printf ("max-cache-ttl-ssh:%lu:%d:\n",
+ GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL_SSH );
+ printf ("enforce-passphrase-constraints:%lu:\n",
+ GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+ printf ("min-passphrase-len:%lu:%d:\n",
+ GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MIN_PASSPHRASE_LEN );
+ printf ("min-passphrase-nonalpha:%lu:%d:\n",
+ GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
+ MIN_PASSPHRASE_NONALPHA);
+ printf ("check-passphrase-pattern:%lu:\n",
+ GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
+ printf ("max-passphrase-days:%lu:%d:\n",
+ GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
+ MAX_PASSPHRASE_DAYS);
+ printf ("enable-passphrase-history:%lu:\n",
+ GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+ printf ("no-grab:%lu:\n",
+ GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+ printf ("ignore-cache-for-signing:%lu:\n",
+ GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+ printf ("allow-mark-trusted:%lu:\n",
+ GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+ printf ("disable-scdaemon:%lu:\n",
+ GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+
+ agent_exit (0);
+ }
+
+ /* If this has been called without any options, we merely check
+ whether an agent is already running. We do this here so that we
+ don't clobber a logfile but print it directly to stderr. */
+ if (!pipe_server && !is_daemon)
+ {
+ log_set_prefix (NULL, JNLIB_LOG_WITH_PREFIX);
+ check_for_running_agent (0, 0);
+ agent_exit (0);
+ }
+
+#ifdef ENABLE_NLS
+ /* gpg-agent usually does not output any messages because it runs in
+ the background. For log files it is acceptable to have messages
+ always encoded in utf-8. We switch here to utf-8, so that
+ commands like --help still give native messages. It is far
+ easier to switch only once instead of for every message and it
+ actually helps when more then one thread is active (avoids an
+ extra copy step). */
+ bind_textdomain_codeset (PACKAGE_GT, "UTF-8");
+#endif
+
+ /* Now start with logging to a file if this is desired. */
+ if (logfile)
+ {
+ log_set_file (logfile);
+ log_set_prefix (NULL, (JNLIB_LOG_WITH_PREFIX
+ |JNLIB_LOG_WITH_TIME
+ |JNLIB_LOG_WITH_PID));
+ current_logfile = xstrdup (logfile);
+ }
+ if (DBG_ASSUAN)
+ assuan_set_assuan_log_stream (log_get_stream ());
+
+ /* Make sure that we have a default ttyname. */
+ if (!default_ttyname && ttyname (1))
+ default_ttyname = xstrdup (ttyname (1));
+ if (!default_ttytype && getenv ("TERM"))
+ default_ttytype = xstrdup (getenv ("TERM"));
+
+
+ if (pipe_server)
+ {
+ /* This is the simple pipe based server */
+ ctrl_t ctrl;
+
+ ctrl = xtrycalloc (1, sizeof *ctrl);
+ if (!ctrl)
+ {
+ log_error ("error allocating connection control data: %s\n",
+ strerror (errno) );
+ agent_exit (1);
+ }
+ ctrl->session_env = session_env_new ();
+ if (!ctrl->session_env)
+ {
+ log_error ("error allocating session environment block: %s\n",
+ strerror (errno) );
+ xfree (ctrl);
+ agent_exit (1);
+ }
+ agent_init_default_ctrl (ctrl);
+ start_command_handler (ctrl, GNUPG_INVALID_FD, GNUPG_INVALID_FD);
+ agent_deinit_default_ctrl (ctrl);
+ xfree (ctrl);
+ }
+ else if (!is_daemon)
+ ; /* NOTREACHED */
+ else
+ { /* Regular server mode */
+ gnupg_fd_t fd;
+ gnupg_fd_t fd_ssh;
+ pid_t pid;
+
+ /* Remove the DISPLAY variable so that a pinentry does not
+ default to a specific display. There is still a default
+ display when gpg-agent was started using --display or a
+ client requested this using an OPTION command. Note, that we
+ don't do this when running in reverse daemon mode (i.e. when
+ exec the program given as arguments). */
+#ifndef HAVE_W32_SYSTEM
+ if (!opt.keep_display && !argc)
+ unsetenv ("DISPLAY");
+#endif
+
+
+ /* Create the sockets. */
+ socket_name = create_socket_name
+ ("S.gpg-agent", "/tmp/gpg-XXXXXX/S.gpg-agent");
+ if (opt.ssh_support)
+ socket_name_ssh = create_socket_name
+ ("S.gpg-agent.ssh", "/tmp/gpg-XXXXXX/S.gpg-agent.ssh");
+
+ fd = create_server_socket (socket_name, 0, &socket_nonce);
+ if (opt.ssh_support)
+ fd_ssh = create_server_socket (socket_name_ssh, 1, &socket_nonce_ssh);
+ else
+ fd_ssh = GNUPG_INVALID_FD;
+
+ /* If we are going to exec a program in the parent, we record
+ the PID, so that the child may check whether the program is
+ still alive. */
+ if (argc)
+ parent_pid = getpid ();
+
+ fflush (NULL);
+#ifdef HAVE_W32_SYSTEM
+ pid = getpid ();
+ printf ("set GPG_AGENT_INFO=%s;%lu;1\n", socket_name, (ulong)pid);
+#else /*!HAVE_W32_SYSTEM*/
+ pid = fork ();
+ if (pid == (pid_t)-1)
+ {
+ log_fatal ("fork failed: %s\n", strerror (errno) );
+ exit (1);
+ }
+ else if (pid)
+ { /* We are the parent */
+ char *infostr, *infostr_ssh_sock, *infostr_ssh_pid;
+
+ /* Close the socket FD. */
+ close (fd);
+
+ /* Note that we used a standard fork so that Pth runs in
+ both the parent and the child. The pth_fork would
+ terminate Pth in the child but that is not the way we
+ want it. Thus we use a plain fork and terminate Pth here
+ in the parent. The pth_kill may or may not work reliable
+ but it should not harm to call it. Because Pth fiddles
+ with the signal mask the signal mask might not be correct
+ right now and thus we restore it. That is not strictly
+ necessary but some programs falsely assume a cleared
+ signal mask. es_pth_kill is a wrapper around pth_kill to
+ take care not to use any Pth functions in the estream
+ code after Pth has been killed. */
+ if ( !es_pth_kill () )
+ log_error ("pth_kill failed in forked process\n");
+
+#ifdef HAVE_SIGPROCMASK
+ if (startup_signal_mask_valid)
+ {
+ if (sigprocmask (SIG_SETMASK, &startup_signal_mask, NULL))
+ log_error ("error restoring signal mask: %s\n",
+ strerror (errno));
+ }
+ else
+ log_info ("no saved signal mask\n");
+#endif /*HAVE_SIGPROCMASK*/
+
+ /* Create the info string: <name>:<pid>:<protocol_version> */
+ if (asprintf (&infostr, "GPG_AGENT_INFO=%s:%lu:1",
+ socket_name, (ulong)pid ) < 0)
+ {
+ log_error ("out of core\n");
+ kill (pid, SIGTERM);
+ exit (1);
+ }
+ if (opt.ssh_support)
+ {
+ if (asprintf (&infostr_ssh_sock, "SSH_AUTH_SOCK=%s",
+ socket_name_ssh) < 0)
+ {
+ log_error ("out of core\n");
+ kill (pid, SIGTERM);
+ exit (1);
+ }
+ if (asprintf (&infostr_ssh_pid, "SSH_AGENT_PID=%u",
+ pid) < 0)
+ {
+ log_error ("out of core\n");
+ kill (pid, SIGTERM);
+ exit (1);
+ }
+ }
+
+ *socket_name = 0; /* Don't let cleanup() remove the socket -
+ the child should do this from now on */
+ if (opt.ssh_support)
+ *socket_name_ssh = 0;
+
+ if (env_file_name)
+ {
+ FILE *fp;
+
+ fp = fopen (env_file_name, "w");
+ if (!fp)
+ log_error (_("error creating `%s': %s\n"),
+ env_file_name, strerror (errno));
+ else
+ {
+ fputs (infostr, fp);
+ putc ('\n', fp);
+ if (opt.ssh_support)
+ {
+ fputs (infostr_ssh_sock, fp);
+ putc ('\n', fp);
+ fputs (infostr_ssh_pid, fp);
+ putc ('\n', fp);
+ }
+ fclose (fp);
+ }
+ }
+
+
+ if (argc)
+ { /* Run the program given on the commandline. */
+ if (putenv (infostr))
+ {
+ log_error ("failed to set environment: %s\n",
+ strerror (errno) );
+ kill (pid, SIGTERM );
+ exit (1);
+ }
+ if (opt.ssh_support && putenv (infostr_ssh_sock))
+ {
+ log_error ("failed to set environment: %s\n",
+ strerror (errno) );
+ kill (pid, SIGTERM );
+ exit (1);
+ }
+ if (opt.ssh_support && putenv (infostr_ssh_pid))
+ {
+ log_error ("failed to set environment: %s\n",
+ strerror (errno) );
+ kill (pid, SIGTERM );
+ exit (1);
+ }
+
+ /* Close all the file descriptors except the standard
+ ones and those open at startup. We explicitly don't
+ close 0,1,2 in case something went wrong collecting
+ them at startup. */
+ close_all_fds (3, startup_fd_list);
+
+ /* Run the command. */
+ execvp (argv[0], argv);
+ log_error ("failed to run the command: %s\n", strerror (errno));
+ kill (pid, SIGTERM);
+ exit (1);
+ }
+ else
+ {
+ /* Print the environment string, so that the caller can use
+ shell's eval to set it */
+ if (csh_style)
+ {
+ *strchr (infostr, '=') = ' ';
+ printf ("setenv %s;\n", infostr);
+ if (opt.ssh_support)
+ {
+ *strchr (infostr_ssh_sock, '=') = ' ';
+ printf ("setenv %s;\n", infostr_ssh_sock);
+ *strchr (infostr_ssh_pid, '=') = ' ';
+ printf ("setenv %s;\n", infostr_ssh_pid);
+ }
+ }
+ else
+ {
+ printf ( "%s; export GPG_AGENT_INFO;\n", infostr);
+ if (opt.ssh_support)
+ {
+ printf ("%s; export SSH_AUTH_SOCK;\n", infostr_ssh_sock);
+ printf ("%s; export SSH_AGENT_PID;\n", infostr_ssh_pid);
+ }
+ }
+ xfree (infostr);
+ if (opt.ssh_support)
+ {
+ xfree (infostr_ssh_sock);
+ xfree (infostr_ssh_pid);
+ }
+ exit (0);
+ }
+ /*NOTREACHED*/
+ } /* End parent */
+
+ /*
+ This is the child
+ */
+
+ /* Detach from tty and put process into a new session */
+ if (!nodetach )
+ {
+ int i;
+ unsigned int oldflags;
+
+ /* Close stdin, stdout and stderr unless it is the log stream */
+ for (i=0; i <= 2; i++)
+ {
+ if (!log_test_fd (i) && i != fd )
+ {
+ if ( ! close (i)
+ && open ("/dev/null", i? O_WRONLY : O_RDONLY) == -1)
+ {
+ log_error ("failed to open `%s': %s\n",
+ "/dev/null", strerror (errno));
+ cleanup ();
+ exit (1);
+ }
+ }
+ }
+ if (setsid() == -1)
+ {
+ log_error ("setsid() failed: %s\n", strerror(errno) );
+ cleanup ();
+ exit (1);
+ }
+
+ log_get_prefix (&oldflags);
+ log_set_prefix (NULL, oldflags | JNLIB_LOG_RUN_DETACHED);
+ opt.running_detached = 1;
+ }
+
+ if (chdir("/"))
+ {
+ log_error ("chdir to / failed: %s\n", strerror (errno));
+ exit (1);
+ }
+
+ {
+ struct sigaction sa;
+
+ sa.sa_handler = SIG_IGN;
+ sigemptyset (&sa.sa_mask);
+ sa.sa_flags = 0;
+ sigaction (SIGPIPE, &sa, NULL);
+ }
+#endif /*!HAVE_W32_SYSTEM*/
+
+ log_info ("%s %s started\n", strusage(11), strusage(13) );
+ handle_connections (fd, opt.ssh_support ? fd_ssh : GNUPG_INVALID_FD);
+ assuan_sock_close (fd);
+ }
+
+ return 0;
+}
+
+
+void
+agent_exit (int rc)
+{
+ /*FIXME: update_random_seed_file();*/
+#if 1
+ /* at this time a bit annoying */
+ if (opt.debug & DBG_MEMSTAT_VALUE)
+ {
+ gcry_control( GCRYCTL_DUMP_MEMORY_STATS );
+ gcry_control( GCRYCTL_DUMP_RANDOM_STATS );
+ }
+ if (opt.debug)
+ gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
+#endif
+ gcry_control (GCRYCTL_TERM_SECMEM );
+ rc = rc? rc : log_get_errorcount(0)? 2 : 0;
+ exit (rc);
+}
+
+
+static void
+agent_init_default_ctrl (ctrl_t ctrl)
+{
+ /* Note we ignore malloc errors because we can't do much about it
+ and the request will fail anyway shortly after this
+ initialization. */
+ session_env_setenv (ctrl->session_env, "DISPLAY", default_display);
+ session_env_setenv (ctrl->session_env, "GPG_TTY", default_ttyname);
+ session_env_setenv (ctrl->session_env, "TERM", default_ttytype);
+ session_env_setenv (ctrl->session_env, "XAUTHORITY", default_xauthority);
+ session_env_setenv (ctrl->session_env, "PINENTRY_USER_DATA", NULL);
+
+ if (ctrl->lc_ctype)
+ xfree (ctrl->lc_ctype);
+ ctrl->lc_ctype = default_lc_ctype? xtrystrdup (default_lc_ctype) : NULL;
+
+ if (ctrl->lc_messages)
+ xfree (ctrl->lc_messages);
+ ctrl->lc_messages = default_lc_messages? xtrystrdup (default_lc_messages)
+ /**/ : NULL;
+
+}
+
+
+static void
+agent_deinit_default_ctrl (ctrl_t ctrl)
+{
+ session_env_release (ctrl->session_env);
+
+ if (ctrl->lc_ctype)
+ xfree (ctrl->lc_ctype);
+ if (ctrl->lc_messages)
+ xfree (ctrl->lc_messages);
+}
+
+
+/* Reread parts of the configuration. Note, that this function is
+ obviously not thread-safe and should only be called from the PTH
+ signal handler.
+
+ Fixme: Due to the way the argument parsing works, we create a
+ memory leak here for all string type arguments. There is currently
+ no clean way to tell whether the memory for the argument has been
+ allocated or points into the process' original arguments. Unless
+ we have a mechanism to tell this, we need to live on with this. */
+static void
+reread_configuration (void)
+{
+ ARGPARSE_ARGS pargs;
+ FILE *fp;
+ unsigned int configlineno = 0;
+ int dummy;
+
+ if (!config_filename)
+ return; /* No config file. */
+
+ fp = fopen (config_filename, "r");
+ if (!fp)
+ {
+ log_info (_("option file `%s': %s\n"),
+ config_filename, strerror(errno) );
+ return;
+ }
+
+ parse_rereadable_options (NULL, 1); /* Start from the default values. */
+
+ memset (&pargs, 0, sizeof pargs);
+ dummy = 0;
+ pargs.argc = &dummy;
+ pargs.flags = 1; /* do not remove the args */
+ while (optfile_parse (fp, config_filename, &configlineno, &pargs, opts) )
+ {
+ if (pargs.r_opt < -1)
+ pargs.err = 1; /* Print a warning. */
+ else /* Try to parse this option - ignore unchangeable ones. */
+ parse_rereadable_options (&pargs, 1);
+ }
+ fclose (fp);
+ set_debug ();
+}
+
+
+/* Return the file name of the socket we are using for native
+ requests. */
+const char *
+get_agent_socket_name (void)
+{
+ const char *s = socket_name;
+
+ return (s && *s)? s : NULL;
+}
+
+/* Return the file name of the socket we are using for SSH
+ requests. */
+const char *
+get_agent_ssh_socket_name (void)
+{
+ const char *s = socket_name_ssh;
+
+ return (s && *s)? s : NULL;
+}
+
+
+/* Under W32, this function returns the handle of the scdaemon
+ notification event. Calling it the first time creates that
+ event. */
+#ifdef HAVE_W32_SYSTEM
+void *
+get_agent_scd_notify_event (void)
+{
+ static HANDLE the_event;
+
+ if (!the_event)
+ {
+ HANDLE h, h2;
+ SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE};
+
+ /* We need to use manual reset evet object due to the way our
+ w32-pth wait function works: If we would use an automatic
+ reset event we are not able to figure out which handle has
+ been signaled because at the time we single out the signaled
+ handles using WFSO the event has already been reset due to
+ the WFMO. */
+ h = CreateEvent (&sa, TRUE, FALSE, NULL);
+ if (!h)
+ log_error ("can't create scd notify event: %s\n", w32_strerror (-1) );
+ else if (!DuplicateHandle (GetCurrentProcess(), h,
+ GetCurrentProcess(), &h2,
+ EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0))
+ {
+ log_error ("setting syncronize for scd notify event failed: %s\n",
+ w32_strerror (-1) );
+ CloseHandle (h);
+ }
+ else
+ {
+ CloseHandle (h);
+ the_event = h2;
+ }
+ }
+
+ log_debug ("returning notify handle %p\n", the_event);
+ return the_event;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+
+/* Create a name for the socket. With USE_STANDARD_SOCKET given as
+ true using STANDARD_NAME in the home directory or if given as
+ false from the mkdir type name TEMPLATE. In the latter case a
+ unique name in a unique new directory will be created. In both
+ cases check for valid characters as well as against a maximum
+ allowed length for a unix domain socket is done. The function
+ terminates the process in case of an error. Returns: Pointer to an
+ allocated string with the absolute name of the socket used. */
+static char *
+create_socket_name (char *standard_name, char *template)
+{
+ char *name, *p;
+
+ if (opt.use_standard_socket)
+ name = make_filename (opt.homedir, standard_name, NULL);
+ else
+ {
+ name = xstrdup (template);
+ p = strrchr (name, '/');
+ if (!p)
+ BUG ();
+ *p = 0;
+ if (!mkdtemp (name))
+ {
+ log_error (_("can't create directory `%s': %s\n"),
+ name, strerror (errno));
+ agent_exit (2);
+ }
+ *p = '/';
+ }
+
+ if (strchr (name, PATHSEP_C))
+ {
+ log_error (("`%s' are not allowed in the socket name\n"), PATHSEP_S);
+ agent_exit (2);
+ }
+ if (strlen (name) + 1 >= DIMof (struct sockaddr_un, sun_path) )
+ {
+ log_error (_("name of socket too long\n"));
+ agent_exit (2);
+ }
+ return name;
+}
+
+
+
+/* Create a Unix domain socket with NAME. Returns the file descriptor
+ or terminates the process in case of an error. Not that this
+ function needs to be used for the regular socket first and only
+ then for the ssh socket. */
+static gnupg_fd_t
+create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce)
+{
+ struct sockaddr_un *serv_addr;
+ socklen_t len;
+ gnupg_fd_t fd;
+ int rc;
+
+ fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0);
+ if (fd == ASSUAN_INVALID_FD)
+ {
+ log_error (_("can't create socket: %s\n"), strerror (errno));
+ agent_exit (2);
+ }
+
+ serv_addr = xmalloc (sizeof (*serv_addr));
+ memset (serv_addr, 0, sizeof *serv_addr);
+ serv_addr->sun_family = AF_UNIX;
+ if (strlen (name) + 1 >= sizeof (serv_addr->sun_path))
+ {
+ log_error (_("socket name `%s' is too long\n"), name);
+ agent_exit (2);
+ }
+ strcpy (serv_addr->sun_path, name);
+ len = SUN_LEN (serv_addr);
+ rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len);
+ if (opt.use_standard_socket && rc == -1 && errno == EADDRINUSE)
+ {
+ /* Check whether a gpg-agent is already running on the standard
+ socket. We do this test only if this is not the ssh socket.
+ For ssh we assume that a test for gpg-agent has already been
+ done and reuse the requested ssh socket. Testing the
+ ssh-socket is not possible because at this point, though we
+ know the new Assuan socket, the Assuan server and thus the
+ ssh-agent server is not yet operational. This would lead to
+ a hang. */
+ if (!is_ssh && !check_for_running_agent (1, 1))
+ {
+ log_error (_("a gpg-agent is already running - "
+ "not starting a new one\n"));
+ *name = 0; /* Inhibit removal of the socket by cleanup(). */
+ assuan_sock_close (fd);
+ agent_exit (2);
+ }
+ remove (name);
+ rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len);
+ }
+ if (rc != -1
+ && (rc=assuan_sock_get_nonce ((struct sockaddr*)serv_addr, len, nonce)))
+ log_error (_("error getting nonce for the socket\n"));
+ if (rc == -1)
+ {
+ /* We use gpg_strerror here because it allows us to get strings
+ for some W32 socket error codes. */
+ log_error (_("error binding socket to `%s': %s\n"),
+ serv_addr->sun_path,
+ gpg_strerror (gpg_error_from_errno (errno)));
+
+ assuan_sock_close (fd);
+ if (opt.use_standard_socket)
+ *name = 0; /* Inhibit removal of the socket by cleanup(). */
+ agent_exit (2);
+ }
+
+ if (listen (FD2INT(fd), 5 ) == -1)
+ {
+ log_error (_("listen() failed: %s\n"), strerror (errno));
+ assuan_sock_close (fd);
+ agent_exit (2);
+ }
+
+ if (opt.verbose)
+ log_info (_("listening on socket `%s'\n"), serv_addr->sun_path);
+
+ return fd;
+}
+
+
+/* Check that the directory for storing the private keys exists and
+ create it if not. This function won't fail as it is only a
+ convenience function and not strictly necessary. */
+static void
+create_private_keys_directory (const char *home)
+{
+ char *fname;
+ struct stat statbuf;
+
+ fname = make_filename (home, GNUPG_PRIVATE_KEYS_DIR, NULL);
+ if (stat (fname, &statbuf) && errno == ENOENT)
+ {
+#ifdef HAVE_W32_SYSTEM /*FIXME: Setup proper permissions. */
+ if (!CreateDirectory (fname, NULL))
+ log_error (_("can't create directory `%s': %s\n"),
+ fname, w32_strerror (-1) );
+#else
+ if (mkdir (fname, S_IRUSR|S_IWUSR|S_IXUSR ))
+ log_error (_("can't create directory `%s': %s\n"),
+ fname, strerror (errno) );
+#endif
+ else if (!opt.quiet)
+ log_info (_("directory `%s' created\n"), fname);
+ }
+ xfree (fname);
+}
+
+/* Create the directory only if the supplied directory name is the
+ same as the default one. This way we avoid to create arbitrary
+ directories when a non-default home directory is used. To cope
+ with HOME, we compare only the suffix if we see that the default
+ homedir does start with a tilde. We don't stop here in case of
+ problems because other functions will throw an error anyway.*/
+static void
+create_directories (void)
+{
+ struct stat statbuf;
+ const char *defhome = standard_homedir ();
+ char *home;
+
+ home = make_filename (opt.homedir, NULL);
+ if ( stat (home, &statbuf) )
+ {
+ if (errno == ENOENT)
+ {
+ if (
+#ifdef HAVE_W32_SYSTEM
+ ( !compare_filenames (home, defhome) )
+#else
+ (*defhome == '~'
+ && (strlen (home) >= strlen (defhome+1)
+ && !strcmp (home + strlen(home)
+ - strlen (defhome+1), defhome+1)))
+ || (*defhome != '~' && !strcmp (home, defhome) )
+#endif
+ )
+ {
+#ifdef HAVE_W32_SYSTEM
+ if (!CreateDirectory (home, NULL))
+ log_error (_("can't create directory `%s': %s\n"),
+ home, w32_strerror (-1) );
+#else
+ if (mkdir (home, S_IRUSR|S_IWUSR|S_IXUSR ))
+ log_error (_("can't create directory `%s': %s\n"),
+ home, strerror (errno) );
+#endif
+ else
+ {
+ if (!opt.quiet)
+ log_info (_("directory `%s' created\n"), home);
+ create_private_keys_directory (home);
+ }
+ }
+ }
+ else
+ log_error (_("stat() failed for `%s': %s\n"), home, strerror (errno));
+ }
+ else if ( !S_ISDIR(statbuf.st_mode))
+ {
+ log_error (_("can't use `%s' as home directory\n"), home);
+ }
+ else /* exists and is a directory. */
+ {
+ create_private_keys_directory (home);
+ }
+ xfree (home);
+}
+
+
+
+/* This is the worker for the ticker. It is called every few seconds
+ and may only do fast operations. */
+static void
+handle_tick (void)
+{
+ static time_t last_minute;
+
+ if (!last_minute)
+ last_minute = time (NULL);
+
+ /* Check whether the scdaemon has died and cleanup in this case. */
+ agent_scd_check_aliveness ();
+
+ /* If we are running as a child of another process, check whether
+ the parent is still alive and shutdown if not. */
+#ifndef HAVE_W32_SYSTEM
+ if (parent_pid != (pid_t)(-1))
+ {
+ if (kill (parent_pid, 0))
+ {
+ shutdown_pending = 2;
+ if (!opt.quiet)
+ {
+ log_info ("parent process died - shutting down\n");
+ log_info ("%s %s stopped\n", strusage(11), strusage(13) );
+ }
+ cleanup ();
+ agent_exit (0);
+ }
+ }
+#endif /*HAVE_W32_SYSTEM*/
+
+ /* Code to be run every minute. */
+ if (last_minute + 60 <= time (NULL))
+ {
+ check_own_socket ();
+ last_minute = time (NULL);
+ }
+
+}
+
+
+/* A global function which allows us to call the reload stuff from
+ other places too. This is only used when build for W32. */
+void
+agent_sighup_action (void)
+{
+ log_info ("SIGHUP received - "
+ "re-reading configuration and flushing cache\n");
+ agent_flush_cache ();
+ reread_configuration ();
+ agent_reload_trustlist ();
+}
+
+
+static void
+agent_sigusr2_action (void)
+{
+ if (opt.verbose)
+ log_info ("SIGUSR2 received - updating card event counter\n");
+ /* Nothing to check right now. We only increment a counter. */
+ bump_card_eventcounter ();
+}
+
+
+static void
+handle_signal (int signo)
+{
+ switch (signo)
+ {
+#ifndef HAVE_W32_SYSTEM
+ case SIGHUP:
+ agent_sighup_action ();
+ break;
+
+ case SIGUSR1:
+ log_info ("SIGUSR1 received - printing internal information:\n");
+ pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ());
+ agent_query_dump_state ();
+ agent_scd_dump_state ();
+ break;
+
+ case SIGUSR2:
+ agent_sigusr2_action ();
+ break;
+
+ case SIGTERM:
+ if (!shutdown_pending)
+ log_info ("SIGTERM received - shutting down ...\n");
+ else
+ log_info ("SIGTERM received - still %ld running threads\n",
+ pth_ctrl( PTH_CTRL_GETTHREADS ));
+ shutdown_pending++;
+ if (shutdown_pending > 2)
+ {
+ log_info ("shutdown forced\n");
+ log_info ("%s %s stopped\n", strusage(11), strusage(13) );
+ cleanup ();
+ agent_exit (0);
+ }
+ break;
+
+ case SIGINT:
+ log_info ("SIGINT received - immediate shutdown\n");
+ log_info( "%s %s stopped\n", strusage(11), strusage(13));
+ cleanup ();
+ agent_exit (0);
+ break;
+#endif
+ default:
+ log_info ("signal %d received - no action defined\n", signo);
+ }
+}
+
+
+/* Check the nonce on a new connection. This is a NOP unless we we
+ are using our Unix domain socket emulation under Windows. */
+static int
+check_nonce (ctrl_t ctrl, assuan_sock_nonce_t *nonce)
+{
+ if (assuan_sock_check_nonce (ctrl->thread_startup.fd, nonce))
+ {
+ log_info (_("error reading nonce on fd %d: %s\n"),
+ FD2INT(ctrl->thread_startup.fd), strerror (errno));
+ assuan_sock_close (ctrl->thread_startup.fd);
+ xfree (ctrl);
+ return -1;
+ }
+ else
+ return 0;
+}
+
+
+/* This is the standard connection thread's main function. */
+static void *
+start_connection_thread (void *arg)
+{
+ ctrl_t ctrl = arg;
+
+ if (check_nonce (ctrl, &socket_nonce))
+ return NULL;
+
+ agent_init_default_ctrl (ctrl);
+ if (opt.verbose)
+ log_info (_("handler 0x%lx for fd %d started\n"),
+ pth_thread_id (), FD2INT(ctrl->thread_startup.fd));
+
+ start_command_handler (ctrl, GNUPG_INVALID_FD, ctrl->thread_startup.fd);
+ if (opt.verbose)
+ log_info (_("handler 0x%lx for fd %d terminated\n"),
+ pth_thread_id (), FD2INT(ctrl->thread_startup.fd));
+
+ agent_deinit_default_ctrl (ctrl);
+ xfree (ctrl);
+ return NULL;
+}
+
+
+/* This is the ssh connection thread's main function. */
+static void *
+start_connection_thread_ssh (void *arg)
+{
+ ctrl_t ctrl = arg;
+
+ if (check_nonce (ctrl, &socket_nonce_ssh))
+ return NULL;
+
+ agent_init_default_ctrl (ctrl);
+ if (opt.verbose)
+ log_info (_("ssh handler 0x%lx for fd %d started\n"),
+ pth_thread_id (), FD2INT(ctrl->thread_startup.fd));
+
+ start_command_handler_ssh (ctrl, ctrl->thread_startup.fd);
+ if (opt.verbose)
+ log_info (_("ssh handler 0x%lx for fd %d terminated\n"),
+ pth_thread_id (), FD2INT(ctrl->thread_startup.fd));
+
+ agent_deinit_default_ctrl (ctrl);
+ xfree (ctrl);
+ return NULL;
+}
+
+
+/* Connection handler loop. Wait for connection requests and spawn a
+ thread after accepting a connection. */
+static void
+handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh)
+{
+ pth_attr_t tattr;
+ pth_event_t ev, time_ev;
+ sigset_t sigs;
+ int signo;
+ struct sockaddr_un paddr;
+ socklen_t plen;
+ fd_set fdset, read_fdset;
+ int ret;
+ gnupg_fd_t fd;
+ int nfd;
+
+ tattr = pth_attr_new();
+ pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
+ pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024);
+
+#ifndef HAVE_W32_SYSTEM /* fixme */
+ /* Make sure that the signals we are going to handle are not blocked
+ and create an event object for them. We also set the default
+ action to ignore because we use an Pth event to get notified
+ about signals. This avoids that the default action is taken in
+ case soemthing goes wrong within Pth. The problem might also be
+ a Pth bug. */
+ sigemptyset (&sigs );
+ {
+ static const int mysigs[] = { SIGHUP, SIGUSR1, SIGUSR2, SIGINT, SIGTERM };
+ struct sigaction sa;
+ int i;
+
+ for (i=0; i < DIM (mysigs); i++)
+ {
+ sigemptyset (&sa.sa_mask);
+ sa.sa_handler = SIG_IGN;
+ sa.sa_flags = 0;
+ sigaction (mysigs[i], &sa, NULL);
+
+ sigaddset (&sigs, mysigs[i]);
+ }
+ }
+
+ pth_sigmask (SIG_UNBLOCK, &sigs, NULL);
+ ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
+#else
+# ifdef PTH_EVENT_HANDLE
+ sigs = 0;
+ ev = pth_event (PTH_EVENT_HANDLE, get_agent_scd_notify_event ());
+ signo = 0;
+# else
+ /* Use a dummy event. */
+ sigs = 0;
+ ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
+# endif
+#endif
+ time_ev = NULL;
+
+ /* Set a flag to tell call-scd.c that it may enable event
+ notifications. */
+ opt.sigusr2_enabled = 1;
+
+ FD_ZERO (&fdset);
+ FD_SET (FD2INT (listen_fd), &fdset);
+ nfd = FD2INT (listen_fd);
+ if (listen_fd_ssh != GNUPG_INVALID_FD)
+ {
+ FD_SET ( FD2INT(listen_fd_ssh), &fdset);
+ if (FD2INT (listen_fd_ssh) > nfd)
+ nfd = FD2INT (listen_fd_ssh);
+ }
+
+ for (;;)
+ {
+ /* Make sure that our signals are not blocked. */
+ pth_sigmask (SIG_UNBLOCK, &sigs, NULL);
+
+ /* Shutdown test. */
+ if (shutdown_pending)
+ {
+ if (pth_ctrl (PTH_CTRL_GETTHREADS) == 1)
+ break; /* ready */
+
+ /* Do not accept new connections but keep on running the
+ loop to cope with the timer events. */
+ FD_ZERO (&fdset);
+ }
+
+ /* Create a timeout event if needed. To help with power saving
+ we syncronize the ticks to the next full second. */
+ if (!time_ev)
+ {
+ pth_time_t nexttick;
+
+ nexttick = pth_timeout (TIMERTICK_INTERVAL, 0);
+ if (nexttick.tv_usec > 10) /* Use a 10 usec threshhold. */
+ {
+ nexttick.tv_sec++;
+ nexttick.tv_usec = 0;
+ }
+ time_ev = pth_event (PTH_EVENT_TIME, nexttick);
+ }
+
+ /* POSIX says that fd_set should be implemented as a structure,
+ thus a simple assignment is fine to copy the entire set. */
+ read_fdset = fdset;
+
+ if (time_ev)
+ pth_event_concat (ev, time_ev, NULL);
+ ret = pth_select_ev (nfd+1, &read_fdset, NULL, NULL, NULL, ev);
+ if (time_ev)
+ pth_event_isolate (time_ev);
+
+ if (ret == -1)
+ {
+ if (pth_event_occurred (ev)
+ || (time_ev && pth_event_occurred (time_ev)))
+ {
+ if (pth_event_occurred (ev))
+ {
+#if defined(HAVE_W32_SYSTEM) && defined(PTH_EVENT_HANDLE)
+ agent_sigusr2_action ();
+#else
+ handle_signal (signo);
+#endif
+ }
+ if (time_ev && pth_event_occurred (time_ev))
+ {
+ pth_event_free (time_ev, PTH_FREE_ALL);
+ time_ev = NULL;
+ handle_tick ();
+ }
+ continue;
+ }
+ log_error (_("pth_select failed: %s - waiting 1s\n"),
+ strerror (errno));
+ pth_sleep (1);
+ continue;
+ }
+
+ if (pth_event_occurred (ev))
+ {
+#if defined(HAVE_W32_SYSTEM) && defined(PTH_EVENT_HANDLE)
+ agent_sigusr2_action ();
+#else
+ handle_signal (signo);
+#endif
+ }
+
+ if (time_ev && pth_event_occurred (time_ev))
+ {
+ pth_event_free (time_ev, PTH_FREE_ALL);
+ time_ev = NULL;
+ handle_tick ();
+ }
+
+
+ /* We now might create new threads and because we don't want any
+ signals (as we are handling them here) to be delivered to a
+ new thread. Thus we need to block those signals. */
+ pth_sigmask (SIG_BLOCK, &sigs, NULL);
+
+ if (!shutdown_pending && FD_ISSET (FD2INT (listen_fd), &read_fdset))
+ {
+ ctrl_t ctrl;
+
+ plen = sizeof paddr;
+ fd = INT2FD (pth_accept (FD2INT(listen_fd),
+ (struct sockaddr *)&paddr, &plen));
+ if (fd == GNUPG_INVALID_FD)
+ {
+ log_error ("accept failed: %s\n", strerror (errno));
+ }
+ else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)) )
+ {
+ log_error ("error allocating connection control data: %s\n",
+ strerror (errno) );
+ assuan_sock_close (fd);
+ }
+ else if ( !(ctrl->session_env = session_env_new ()) )
+ {
+ log_error ("error allocating session environment block: %s\n",
+ strerror (errno) );
+ xfree (ctrl);
+ assuan_sock_close (fd);
+ }
+ else
+ {
+ char threadname[50];
+
+ snprintf (threadname, sizeof threadname-1,
+ "conn fd=%d (gpg)", FD2INT(fd));
+ threadname[sizeof threadname -1] = 0;
+ pth_attr_set (tattr, PTH_ATTR_NAME, threadname);
+ ctrl->thread_startup.fd = fd;
+ if (!pth_spawn (tattr, start_connection_thread, ctrl))
+ {
+ log_error ("error spawning connection handler: %s\n",
+ strerror (errno) );
+ assuan_sock_close (fd);
+ xfree (ctrl);
+ }
+ }
+ fd = GNUPG_INVALID_FD;
+ }
+
+ if (!shutdown_pending && listen_fd_ssh != GNUPG_INVALID_FD
+ && FD_ISSET ( FD2INT (listen_fd_ssh), &read_fdset))
+ {
+ ctrl_t ctrl;
+
+ plen = sizeof paddr;
+ fd = INT2FD(pth_accept (FD2INT(listen_fd_ssh),
+ (struct sockaddr *)&paddr, &plen));
+ if (fd == GNUPG_INVALID_FD)
+ {
+ log_error ("accept failed for ssh: %s\n", strerror (errno));
+ }
+ else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)) )
+ {
+ log_error ("error allocating connection control data: %s\n",
+ strerror (errno) );
+ assuan_sock_close (fd);
+ }
+ else if ( !(ctrl->session_env = session_env_new ()) )
+ {
+ log_error ("error allocating session environment block: %s\n",
+ strerror (errno) );
+ xfree (ctrl);
+ assuan_sock_close (fd);
+ }
+ else
+ {
+ char threadname[50];
+
+ agent_init_default_ctrl (ctrl);
+ snprintf (threadname, sizeof threadname-1,
+ "conn fd=%d (ssh)", FD2INT(fd));
+ threadname[sizeof threadname -1] = 0;
+ pth_attr_set (tattr, PTH_ATTR_NAME, threadname);
+ ctrl->thread_startup.fd = fd;
+ if (!pth_spawn (tattr, start_connection_thread_ssh, ctrl) )
+ {
+ log_error ("error spawning ssh connection handler: %s\n",
+ strerror (errno) );
+ assuan_sock_close (fd);
+ xfree (ctrl);
+ }
+ }
+ fd = GNUPG_INVALID_FD;
+ }
+ }
+
+ pth_event_free (ev, PTH_FREE_ALL);
+ if (time_ev)
+ pth_event_free (time_ev, PTH_FREE_ALL);
+ cleanup ();
+ log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
+}
+
+
+
+/* Helper for check_own_socket. */
+static gpg_error_t
+check_own_socket_pid_cb (void *opaque, const void *buffer, size_t length)
+{
+ membuf_t *mb = opaque;
+ put_membuf (mb, buffer, length);
+ return 0;
+}
+
+
+/* The thread running the actual check. We need to run this in a
+ separate thread so that check_own_thread can be called from the
+ timer tick. */
+static void *
+check_own_socket_thread (void *arg)
+{
+ int rc;
+ char *sockname = arg;
+ assuan_context_t ctx = NULL;
+ membuf_t mb;
+ char *buffer;
+
+ check_own_socket_running++;
+
+ rc = assuan_new (&ctx);
+ if (rc)
+ {
+ log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ rc = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0);
+ if (rc)
+ {
+ log_error ("can't connect my own socket: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ init_membuf (&mb, 100);
+ rc = assuan_transact (ctx, "GETINFO pid", check_own_socket_pid_cb, &mb,
+ NULL, NULL, NULL, NULL);
+ put_membuf (&mb, "", 1);
+ buffer = get_membuf (&mb, NULL);
+ if (rc || !buffer)
+ {
+ log_error ("sending command \"%s\" to my own socket failed: %s\n",
+ "GETINFO pid", gpg_strerror (rc));
+ rc = 1;
+ }
+ else if ( (pid_t)strtoul (buffer, NULL, 10) != getpid ())
+ {
+ log_error ("socket is now serviced by another server\n");
+ rc = 1;
+ }
+ else if (opt.verbose > 1)
+ log_error ("socket is still served by this server\n");
+
+ xfree (buffer);
+
+ leave:
+ xfree (sockname);
+ if (ctx)
+ assuan_release (ctx);
+ if (rc)
+ {
+ /* We may not remove the socket as it is now in use by another
+ server. Setting the name to empty does this. */
+ if (socket_name)
+ *socket_name = 0;
+ if (socket_name_ssh)
+ *socket_name_ssh = 0;
+ shutdown_pending = 2;
+ log_info ("this process is useless - shutting down\n");
+ }
+ check_own_socket_running--;
+ return NULL;
+}
+
+
+/* Check whether we are still listening on our own socket. In case
+ another gpg-agent process started after us has taken ownership of
+ our socket, we woul linger around without any real taks. Thus we
+ better check once in a while whether we are really needed. */
+static void
+check_own_socket (void)
+{
+ char *sockname;
+ pth_attr_t tattr;
+
+ if (!opt.use_standard_socket)
+ return; /* This check makes only sense in standard socket mode. */
+
+ if (check_own_socket_running || shutdown_pending)
+ return; /* Still running or already shutting down. */
+
+ sockname = make_filename (opt.homedir, "S.gpg-agent", NULL);
+ if (!sockname)
+ return; /* Out of memory. */
+
+ tattr = pth_attr_new();
+ pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
+ pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024);
+ pth_attr_set (tattr, PTH_ATTR_NAME, "check-own-socket");
+
+ if (!pth_spawn (tattr, check_own_socket_thread, sockname))
+ log_error ("error spawning check_own_socket_thread: %s\n",
+ strerror (errno) );
+ pth_attr_destroy (tattr);
+}
+
+
+
+/* Figure out whether an agent is available and running. Prints an
+ error if not. If SILENT is true, no messages are printed. Usually
+ started with MODE 0. Returns 0 if the agent is running. */
+static int
+check_for_running_agent (int silent, int mode)
+{
+ int rc;
+ char *infostr, *p;
+ assuan_context_t ctx = NULL;
+ int prot, pid;
+
+ if (!mode)
+ {
+ infostr = getenv ("GPG_AGENT_INFO");
+ if (!infostr || !*infostr)
+ {
+ if (!check_for_running_agent (silent, 1))
+ return 0; /* Okay, its running on the standard socket. */
+ if (!silent)
+ log_error (_("no gpg-agent running in this session\n"));
+ return -1;
+ }
+
+ infostr = xstrdup (infostr);
+ if ( !(p = strchr (infostr, PATHSEP_C)) || p == infostr)
+ {
+ xfree (infostr);
+ if (!check_for_running_agent (silent, 1))
+ return 0; /* Okay, its running on the standard socket. */
+ if (!silent)
+ log_error (_("malformed GPG_AGENT_INFO environment variable\n"));
+ return -1;
+ }
+
+ *p++ = 0;
+ pid = atoi (p);
+ while (*p && *p != PATHSEP_C)
+ p++;
+ prot = *p? atoi (p+1) : 0;
+ if (prot != 1)
+ {
+ xfree (infostr);
+ if (!silent)
+ log_error (_("gpg-agent protocol version %d is not supported\n"),
+ prot);
+ if (!check_for_running_agent (silent, 1))
+ return 0; /* Okay, its running on the standard socket. */
+ return -1;
+ }
+ }
+ else /* MODE != 0 */
+ {
+ infostr = make_filename (opt.homedir, "S.gpg-agent", NULL);
+ pid = (pid_t)(-1);
+ }
+
+ rc = assuan_new (&ctx);
+ if (! rc)
+ rc = assuan_socket_connect (ctx, infostr, pid, 0);
+ xfree (infostr);
+ if (rc)
+ {
+ if (!mode && !check_for_running_agent (silent, 1))
+ return 0; /* Okay, its running on the standard socket. */
+
+ if (!mode && !silent)
+ log_error ("can't connect to the agent: %s\n", gpg_strerror (rc));
+
+ if (ctx)
+ assuan_release (ctx);
+ return -1;
+ }
+
+ if (!opt.quiet && !silent)
+ log_info ("gpg-agent running and available\n");
+
+ assuan_release (ctx);
+ return 0;
+}
diff --git a/agent/learncard.c b/agent/learncard.c
new file mode 100644
index 0000000..77f2bb0
--- /dev/null
+++ b/agent/learncard.c
@@ -0,0 +1,472 @@
+/* learncard.c - Handle the LEARN command
+ * Copyright (C) 2002, 2003, 2004, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/stat.h>
+
+#include "agent.h"
+#include <assuan.h>
+
+/* Structures used by the callback mechanism to convey information
+ pertaining to key pairs. */
+struct keypair_info_s
+{
+ struct keypair_info_s *next;
+ int no_cert;
+ char *id; /* points into grip */
+ char hexgrip[1]; /* The keygrip (i.e. a hash over the public key
+ parameters) formatted as a hex string.
+ Allocated somewhat large to also act as
+ memeory for the above ID field. */
+};
+typedef struct keypair_info_s *KEYPAIR_INFO;
+
+struct kpinfo_cb_parm_s
+{
+ ctrl_t ctrl;
+ int error;
+ KEYPAIR_INFO info;
+};
+
+
+/* Structures used by the callback mechanism to convey information
+ pertaining to certificates. */
+struct certinfo_s {
+ struct certinfo_s *next;
+ int type;
+ int done;
+ char id[1];
+};
+typedef struct certinfo_s *CERTINFO;
+
+struct certinfo_cb_parm_s
+{
+ ctrl_t ctrl;
+ int error;
+ CERTINFO info;
+};
+
+
+/* Structures used by the callback mechanism to convey assuan status
+ lines. */
+struct sinfo_s {
+ struct sinfo_s *next;
+ char *data; /* Points into keyword. */
+ char keyword[1];
+};
+typedef struct sinfo_s *SINFO;
+
+struct sinfo_cb_parm_s {
+ int error;
+ SINFO info;
+};
+
+
+/* Destructor for key information objects. */
+static void
+release_keypair_info (KEYPAIR_INFO info)
+{
+ while (info)
+ {
+ KEYPAIR_INFO tmp = info->next;
+ xfree (info);
+ info = tmp;
+ }
+}
+
+/* Destructor for certificate information objects. */
+static void
+release_certinfo (CERTINFO info)
+{
+ while (info)
+ {
+ CERTINFO tmp = info->next;
+ xfree (info);
+ info = tmp;
+ }
+}
+
+/* Destructor for status information objects. */
+static void
+release_sinfo (SINFO info)
+{
+ while (info)
+ {
+ SINFO tmp = info->next;
+ xfree (info);
+ info = tmp;
+ }
+}
+
+
+
+/* This callback is used by agent_card_learn and passed the content of
+ all KEYPAIRINFO lines. It merely stores this data away */
+static void
+kpinfo_cb (void *opaque, const char *line)
+{
+ struct kpinfo_cb_parm_s *parm = opaque;
+ KEYPAIR_INFO item;
+ char *p;
+
+ if (parm->error)
+ return; /* no need to gather data after an error coccured */
+
+ if ((parm->error = agent_write_status (parm->ctrl, "PROGRESS",
+ "learncard", "k", "0", "0", NULL)))
+ return;
+
+ item = xtrycalloc (1, sizeof *item + strlen (line));
+ if (!item)
+ {
+ parm->error = out_of_core ();
+ return;
+ }
+ strcpy (item->hexgrip, line);
+ for (p = item->hexgrip; hexdigitp (p); p++)
+ ;
+ if (p == item->hexgrip && *p == 'X' && spacep (p+1))
+ {
+ item->no_cert = 1;
+ p++;
+ }
+ else if ((p - item->hexgrip) != 40 || !spacep (p))
+ { /* not a 20 byte hex keygrip or not followed by a space */
+ parm->error = gpg_error (GPG_ERR_INV_RESPONSE);
+ xfree (item);
+ return;
+ }
+ *p++ = 0;
+ while (spacep (p))
+ p++;
+ item->id = p;
+ while (*p && !spacep (p))
+ p++;
+ if (p == item->id)
+ { /* invalid ID string */
+ parm->error = gpg_error (GPG_ERR_INV_RESPONSE);
+ xfree (item);
+ return;
+ }
+ *p = 0; /* ignore trailing stuff */
+
+ /* store it */
+ item->next = parm->info;
+ parm->info = item;
+}
+
+
+/* This callback is used by agent_card_learn and passed the content of
+ all CERTINFO lines. It merely stores this data away */
+static void
+certinfo_cb (void *opaque, const char *line)
+{
+ struct certinfo_cb_parm_s *parm = opaque;
+ CERTINFO item;
+ int type;
+ char *p, *pend;
+
+ if (parm->error)
+ return; /* no need to gather data after an error coccured */
+
+ if ((parm->error = agent_write_status (parm->ctrl, "PROGRESS",
+ "learncard", "c", "0", "0", NULL)))
+ return;
+
+ type = strtol (line, &p, 10);
+ while (spacep (p))
+ p++;
+ for (pend = p; *pend && !spacep (pend); pend++)
+ ;
+ if (p == pend || !*p)
+ {
+ parm->error = gpg_error (GPG_ERR_INV_RESPONSE);
+ return;
+ }
+ *pend = 0; /* ignore trailing stuff */
+
+ item = xtrycalloc (1, sizeof *item + strlen (p));
+ if (!item)
+ {
+ parm->error = out_of_core ();
+ return;
+ }
+ item->type = type;
+ strcpy (item->id, p);
+ /* store it */
+ item->next = parm->info;
+ parm->info = item;
+}
+
+
+/* This callback is used by agent_card_learn and passed the content of
+ all SINFO lines. It merely stores this data away */
+static void
+sinfo_cb (void *opaque, const char *keyword, size_t keywordlen,
+ const char *data)
+{
+ struct sinfo_cb_parm_s *sparm = opaque;
+ SINFO item;
+
+ if (sparm->error)
+ return; /* no need to gather data after an error coccured */
+
+ item = xtrycalloc (1, sizeof *item + keywordlen + 1 + strlen (data));
+ if (!item)
+ {
+ sparm->error = out_of_core ();
+ return;
+ }
+ memcpy (item->keyword, keyword, keywordlen);
+ item->data = item->keyword + keywordlen;
+ *item->data = 0;
+ item->data++;
+ strcpy (item->data, data);
+ /* store it */
+ item->next = sparm->info;
+ sparm->info = item;
+}
+
+
+
+static int
+send_cert_back (ctrl_t ctrl, const char *id, void *assuan_context)
+{
+ int rc;
+ char *derbuf;
+ size_t derbuflen;
+
+ rc = agent_card_readcert (ctrl, id, &derbuf, &derbuflen);
+ if (rc)
+ {
+ const char *action;
+
+ switch (gpg_err_code (rc))
+ {
+ case GPG_ERR_INV_ID:
+ case GPG_ERR_NOT_FOUND:
+ action = " - ignored";
+ break;
+ default:
+ action = "";
+ break;
+ }
+ if (opt.verbose || !*action)
+ log_info ("error reading certificate `%s': %s%s\n",
+ id? id:"?", gpg_strerror (rc), action);
+
+ return *action? 0 : rc;
+ }
+
+ rc = assuan_send_data (assuan_context, derbuf, derbuflen);
+ xfree (derbuf);
+ if (!rc)
+ rc = assuan_send_data (assuan_context, NULL, 0);
+ if (!rc)
+ rc = assuan_write_line (assuan_context, "END");
+ if (rc)
+ {
+ log_error ("sending certificate failed: %s\n",
+ gpg_strerror (rc));
+ return rc;
+ }
+ return 0;
+}
+
+/* Perform the learn operation. If ASSUAN_CONTEXT is not NULL all new
+ certificates are send back via Assuan. */
+int
+agent_handle_learn (ctrl_t ctrl, void *assuan_context)
+{
+ int rc;
+
+ struct kpinfo_cb_parm_s parm;
+ struct certinfo_cb_parm_s cparm;
+ struct sinfo_cb_parm_s sparm;
+ char *serialno = NULL;
+ KEYPAIR_INFO item;
+ SINFO sitem;
+ unsigned char grip[20];
+ char *p;
+ int i;
+ static int certtype_list[] = {
+ 111, /* Root CA */
+ 101, /* trusted */
+ 102, /* useful */
+ 100, /* regular */
+ /* We don't include 110 here because gpgsm can't handle that
+ special root CA format. */
+ -1 /* end of list */
+ };
+
+
+ memset (&parm, 0, sizeof parm);
+ memset (&cparm, 0, sizeof cparm);
+ memset (&sparm, 0, sizeof sparm);
+ parm.ctrl = ctrl;
+ cparm.ctrl = ctrl;
+
+ /* Check whether a card is present and get the serial number */
+ rc = agent_card_serialno (ctrl, &serialno);
+ if (rc)
+ goto leave;
+
+ /* Now gather all the available info. */
+ rc = agent_card_learn (ctrl, kpinfo_cb, &parm, certinfo_cb, &cparm,
+ sinfo_cb, &sparm);
+ if (!rc && (parm.error || cparm.error || sparm.error))
+ rc = parm.error? parm.error : cparm.error? cparm.error : sparm.error;
+ if (rc)
+ {
+ log_debug ("agent_card_learn failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ log_info ("card has S/N: %s\n", serialno);
+
+ /* Pass on all the collected status information. */
+ if (assuan_context)
+ {
+ for (sitem = sparm.info; sitem; sitem = sitem->next)
+ {
+ assuan_write_status (assuan_context, sitem->keyword, sitem->data);
+ }
+ }
+
+ /* Write out the certificates in a standard order. */
+ for (i=0; certtype_list[i] != -1; i++)
+ {
+ CERTINFO citem;
+ for (citem = cparm.info; citem; citem = citem->next)
+ {
+ if (certtype_list[i] != citem->type)
+ continue;
+
+ if (opt.verbose)
+ log_info (" id: %s (type=%d)\n",
+ citem->id, citem->type);
+
+ if (assuan_context)
+ {
+ rc = send_cert_back (ctrl, citem->id, assuan_context);
+ if (rc)
+ goto leave;
+ citem->done = 1;
+ }
+ }
+ }
+
+ for (item = parm.info; item; item = item->next)
+ {
+ unsigned char *pubkey, *shdkey;
+ size_t n;
+
+ if (opt.verbose)
+ log_info (" id: %s (grip=%s)\n", item->id, item->hexgrip);
+
+ if (item->no_cert)
+ continue; /* No public key yet available. */
+
+ if (assuan_context)
+ {
+ agent_write_status (ctrl, "KEYPAIRINFO",
+ item->hexgrip, item->id, NULL);
+ }
+
+ for (p=item->hexgrip, i=0; i < 20; p += 2, i++)
+ grip[i] = xtoi_2 (p);
+
+ if (!agent_key_available (grip))
+ continue; /* The key is already available. */
+
+ /* Unknown key - store it. */
+ rc = agent_card_readkey (ctrl, item->id, &pubkey);
+ if (rc)
+ {
+ log_debug ("agent_card_readkey failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ {
+ unsigned char *shadow_info = make_shadow_info (serialno, item->id);
+ if (!shadow_info)
+ {
+ rc = gpg_error (GPG_ERR_ENOMEM);
+ xfree (pubkey);
+ goto leave;
+ }
+ rc = agent_shadow_key (pubkey, shadow_info, &shdkey);
+ xfree (shadow_info);
+ }
+ xfree (pubkey);
+ if (rc)
+ {
+ log_error ("shadowing the key failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ n = gcry_sexp_canon_len (shdkey, 0, NULL, NULL);
+ assert (n);
+
+ rc = agent_write_private_key (grip, shdkey, n, 0);
+ xfree (shdkey);
+ if (rc)
+ {
+ log_error ("error writing key: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ if (opt.verbose)
+ log_info ("stored\n");
+
+ if (assuan_context)
+ {
+ CERTINFO citem;
+
+ /* only send the certificate if we have not done so before */
+ for (citem = cparm.info; citem; citem = citem->next)
+ {
+ if (!strcmp (citem->id, item->id))
+ break;
+ }
+ if (!citem)
+ {
+ rc = send_cert_back (ctrl, item->id, assuan_context);
+ if (rc)
+ goto leave;
+ }
+ }
+ }
+
+
+ leave:
+ xfree (serialno);
+ release_keypair_info (parm.info);
+ release_certinfo (cparm.info);
+ release_sinfo (sparm.info);
+ return rc;
+}
+
+
diff --git a/agent/minip12.c b/agent/minip12.c
new file mode 100644
index 0000000..2471717
--- /dev/null
+++ b/agent/minip12.c
@@ -0,0 +1,2360 @@
+/* minip12.c - A minimal pkcs-12 implementation.
+ * Copyright (C) 2002, 2003, 2004, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <gcrypt.h>
+#include <errno.h>
+
+#ifdef TEST
+#include <sys/stat.h>
+#include <unistd.h>
+#endif
+
+#include "../jnlib/logging.h"
+#include "../jnlib/utf8conv.h"
+#include "minip12.h"
+
+#ifndef DIM
+#define DIM(v) (sizeof(v)/sizeof((v)[0]))
+#endif
+
+
+enum
+{
+ UNIVERSAL = 0,
+ APPLICATION = 1,
+ ASNCONTEXT = 2,
+ PRIVATE = 3
+};
+
+
+enum
+{
+ TAG_NONE = 0,
+ TAG_BOOLEAN = 1,
+ TAG_INTEGER = 2,
+ TAG_BIT_STRING = 3,
+ TAG_OCTET_STRING = 4,
+ TAG_NULL = 5,
+ TAG_OBJECT_ID = 6,
+ TAG_OBJECT_DESCRIPTOR = 7,
+ TAG_EXTERNAL = 8,
+ TAG_REAL = 9,
+ TAG_ENUMERATED = 10,
+ TAG_EMBEDDED_PDV = 11,
+ TAG_UTF8_STRING = 12,
+ TAG_REALTIVE_OID = 13,
+ TAG_SEQUENCE = 16,
+ TAG_SET = 17,
+ TAG_NUMERIC_STRING = 18,
+ TAG_PRINTABLE_STRING = 19,
+ TAG_TELETEX_STRING = 20,
+ TAG_VIDEOTEX_STRING = 21,
+ TAG_IA5_STRING = 22,
+ TAG_UTC_TIME = 23,
+ TAG_GENERALIZED_TIME = 24,
+ TAG_GRAPHIC_STRING = 25,
+ TAG_VISIBLE_STRING = 26,
+ TAG_GENERAL_STRING = 27,
+ TAG_UNIVERSAL_STRING = 28,
+ TAG_CHARACTER_STRING = 29,
+ TAG_BMP_STRING = 30
+};
+
+
+static unsigned char const oid_data[9] = {
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 };
+static unsigned char const oid_encryptedData[9] = {
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06 };
+static unsigned char const oid_pkcs_12_keyBag[11] = {
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x01 };
+static unsigned char const oid_pkcs_12_pkcs_8ShroudedKeyBag[11] = {
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x02 };
+static unsigned char const oid_pkcs_12_CertBag[11] = {
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x03 };
+static unsigned char const oid_pkcs_12_CrlBag[11] = {
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x04 };
+
+static unsigned char const oid_pbeWithSHAAnd3_KeyTripleDES_CBC[10] = {
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x03 };
+static unsigned char const oid_pbeWithSHAAnd40BitRC2_CBC[10] = {
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x06 };
+static unsigned char const oid_x509Certificate_for_pkcs_12[10] = {
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x16, 0x01 };
+
+
+static unsigned char const oid_rsaEncryption[9] = {
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01 };
+
+
+static unsigned char const data_3desiter2048[30] = {
+ 0x30, 0x1C, 0x06, 0x0A, 0x2A, 0x86, 0x48, 0x86,
+ 0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x03, 0x30, 0x0E,
+ 0x04, 0x08, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0x02, 0x02, 0x08, 0x00 };
+#define DATA_3DESITER2048_SALT_OFF 18
+
+static unsigned char const data_rc2iter2048[30] = {
+ 0x30, 0x1C, 0x06, 0x0A, 0x2A, 0x86, 0x48, 0x86,
+ 0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x06, 0x30, 0x0E,
+ 0x04, 0x08, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0x02, 0x02, 0x08, 0x00 };
+#define DATA_RC2ITER2048_SALT_OFF 18
+
+static unsigned char const data_mactemplate[51] = {
+ 0x30, 0x31, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
+ 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04,
+ 0x14, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x04, 0x08, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x02,
+ 0x02, 0x08, 0x00 };
+#define DATA_MACTEMPLATE_MAC_OFF 17
+#define DATA_MACTEMPLATE_SALT_OFF 39
+
+static unsigned char const data_attrtemplate[106] = {
+ 0x31, 0x7c, 0x30, 0x55, 0x06, 0x09, 0x2a, 0x86,
+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x14, 0x31,
+ 0x48, 0x1e, 0x46, 0x00, 0x47, 0x00, 0x6e, 0x00,
+ 0x75, 0x00, 0x50, 0x00, 0x47, 0x00, 0x20, 0x00,
+ 0x65, 0x00, 0x78, 0x00, 0x70, 0x00, 0x6f, 0x00,
+ 0x72, 0x00, 0x74, 0x00, 0x65, 0x00, 0x64, 0x00,
+ 0x20, 0x00, 0x63, 0x00, 0x65, 0x00, 0x72, 0x00,
+ 0x74, 0x00, 0x69, 0x00, 0x66, 0x00, 0x69, 0x00,
+ 0x63, 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00,
+ 0x20, 0x00, 0x66, 0x00, 0x66, 0x00, 0x66, 0x00,
+ 0x66, 0x00, 0x66, 0x00, 0x66, 0x00, 0x66, 0x00,
+ 0x66, 0x30, 0x23, 0x06, 0x09, 0x2a, 0x86, 0x48,
+ 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, 0x31, 0x16,
+ 0x04, 0x14 }; /* Need to append SHA-1 digest. */
+#define DATA_ATTRTEMPLATE_KEYID_OFF 73
+
+struct buffer_s
+{
+ unsigned char *buffer;
+ size_t length;
+};
+
+
+struct tag_info
+{
+ int class;
+ int is_constructed;
+ unsigned long tag;
+ unsigned long length; /* length part of the TLV */
+ int nhdr;
+ int ndef; /* It is an indefinite length */
+};
+
+
+/* Parse the buffer at the address BUFFER which is of SIZE and return
+ the tag and the length part from the TLV triplet. Update BUFFER
+ and SIZE on success. Checks that the encoded length does not
+ exhaust the length of the provided buffer. */
+static int
+parse_tag (unsigned char const **buffer, size_t *size, struct tag_info *ti)
+{
+ int c;
+ unsigned long tag;
+ const unsigned char *buf = *buffer;
+ size_t length = *size;
+
+ ti->length = 0;
+ ti->ndef = 0;
+ ti->nhdr = 0;
+
+ /* Get the tag */
+ if (!length)
+ return -1; /* premature eof */
+ c = *buf++; length--;
+ ti->nhdr++;
+
+ ti->class = (c & 0xc0) >> 6;
+ ti->is_constructed = !!(c & 0x20);
+ tag = c & 0x1f;
+
+ if (tag == 0x1f)
+ {
+ tag = 0;
+ do
+ {
+ tag <<= 7;
+ if (!length)
+ return -1; /* premature eof */
+ c = *buf++; length--;
+ ti->nhdr++;
+ tag |= c & 0x7f;
+ }
+ while (c & 0x80);
+ }
+ ti->tag = tag;
+
+ /* Get the length */
+ if (!length)
+ return -1; /* prematureeof */
+ c = *buf++; length--;
+ ti->nhdr++;
+
+ if ( !(c & 0x80) )
+ ti->length = c;
+ else if (c == 0x80)
+ ti->ndef = 1;
+ else if (c == 0xff)
+ return -1; /* forbidden length value */
+ else
+ {
+ unsigned long len = 0;
+ int count = c & 0x7f;
+
+ for (; count; count--)
+ {
+ len <<= 8;
+ if (!length)
+ return -1; /* premature_eof */
+ c = *buf++; length--;
+ ti->nhdr++;
+ len |= c & 0xff;
+ }
+ ti->length = len;
+ }
+
+ if (ti->class == UNIVERSAL && !ti->tag)
+ ti->length = 0;
+
+ if (ti->length > length)
+ return -1; /* data larger than buffer. */
+
+ *buffer = buf;
+ *size = length;
+ return 0;
+}
+
+
+/* Given an ASN.1 chunk of a structure like:
+
+ 24 NDEF: OCTET STRING -- This is not passed to us
+ 04 1: OCTET STRING -- INPUT point s to here
+ : 30
+ 04 1: OCTET STRING
+ : 80
+ [...]
+ 04 2: OCTET STRING
+ : 00 00
+ : } -- This denotes a Null tag and are the last
+ -- two bytes in INPUT.
+
+ Create a new buffer with the content of that octet string. INPUT
+ is the orginal buffer with a length as stored at LENGTH. Returns
+ NULL on error or a new malloced buffer with the length of this new
+ buffer stored at LENGTH and the number of bytes parsed from input
+ are added to the value stored at INPUT_CONSUMED. INPUT_CONSUMED is
+ allowed to be passed as NULL if the caller is not interested in
+ this value. */
+static unsigned char *
+cram_octet_string (const unsigned char *input, size_t *length,
+ size_t *input_consumed)
+{
+ const unsigned char *s = input;
+ size_t n = *length;
+ unsigned char *output, *d;
+ struct tag_info ti;
+
+ /* Allocate output buf. We know that it won't be longer than the
+ input buffer. */
+ d = output = gcry_malloc (n);
+ if (!output)
+ goto bailout;
+
+ for (;;)
+ {
+ if (parse_tag (&s, &n, &ti))
+ goto bailout;
+ if (ti.class == UNIVERSAL && ti.tag == TAG_OCTET_STRING
+ && !ti.ndef && !ti.is_constructed)
+ {
+ memcpy (d, s, ti.length);
+ s += ti.length;
+ d += ti.length;
+ n -= ti.length;
+ }
+ else if (ti.class == UNIVERSAL && !ti.tag && !ti.is_constructed)
+ break; /* Ready */
+ else
+ goto bailout;
+ }
+
+
+ *length = d - output;
+ if (input_consumed)
+ *input_consumed += s - input;
+ return output;
+
+ bailout:
+ if (input_consumed)
+ *input_consumed += s - input;
+ gcry_free (output);
+ return NULL;
+}
+
+
+
+static int
+string_to_key (int id, char *salt, size_t saltlen, int iter, const char *pw,
+ int req_keylen, unsigned char *keybuf)
+{
+ int rc, i, j;
+ gcry_md_hd_t md;
+ gcry_mpi_t num_b1 = NULL;
+ int pwlen;
+ unsigned char hash[20], buf_b[64], buf_i[128], *p;
+ size_t cur_keylen;
+ size_t n;
+
+ cur_keylen = 0;
+ pwlen = strlen (pw);
+ if (pwlen > 63/2)
+ {
+ log_error ("password too long\n");
+ return -1;
+ }
+
+ if (saltlen < 8)
+ {
+ log_error ("salt too short\n");
+ return -1;
+ }
+
+ /* Store salt and password in BUF_I */
+ p = buf_i;
+ for(i=0; i < 64; i++)
+ *p++ = salt [i%saltlen];
+ for(i=j=0; i < 64; i += 2)
+ {
+ *p++ = 0;
+ *p++ = pw[j];
+ if (++j > pwlen) /* Note, that we include the trailing zero */
+ j = 0;
+ }
+
+ for (;;)
+ {
+ rc = gcry_md_open (&md, GCRY_MD_SHA1, 0);
+ if (rc)
+ {
+ log_error ( "gcry_md_open failed: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+ for(i=0; i < 64; i++)
+ gcry_md_putc (md, id);
+ gcry_md_write (md, buf_i, 128);
+ memcpy (hash, gcry_md_read (md, 0), 20);
+ gcry_md_close (md);
+ for (i=1; i < iter; i++)
+ gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash, 20);
+
+ for (i=0; i < 20 && cur_keylen < req_keylen; i++)
+ keybuf[cur_keylen++] = hash[i];
+ if (cur_keylen == req_keylen)
+ {
+ gcry_mpi_release (num_b1);
+ return 0; /* ready */
+ }
+
+ /* need more bytes. */
+ for(i=0; i < 64; i++)
+ buf_b[i] = hash[i % 20];
+ rc = gcry_mpi_scan (&num_b1, GCRYMPI_FMT_USG, buf_b, 64, &n);
+ if (rc)
+ {
+ log_error ( "gcry_mpi_scan failed: %s\n", gpg_strerror (rc));
+ return -1;
+ }
+ gcry_mpi_add_ui (num_b1, num_b1, 1);
+ for (i=0; i < 128; i += 64)
+ {
+ gcry_mpi_t num_ij;
+
+ rc = gcry_mpi_scan (&num_ij, GCRYMPI_FMT_USG, buf_i + i, 64, &n);
+ if (rc)
+ {
+ log_error ( "gcry_mpi_scan failed: %s\n",
+ gpg_strerror (rc));
+ return -1;
+ }
+ gcry_mpi_add (num_ij, num_ij, num_b1);
+ gcry_mpi_clear_highbit (num_ij, 64*8);
+ rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf_i + i, 64, &n, num_ij);
+ if (rc)
+ {
+ log_error ( "gcry_mpi_print failed: %s\n",
+ gpg_strerror (rc));
+ return -1;
+ }
+ gcry_mpi_release (num_ij);
+ }
+ }
+}
+
+
+static int
+set_key_iv (gcry_cipher_hd_t chd, char *salt, size_t saltlen, int iter,
+ const char *pw, int keybytes)
+{
+ unsigned char keybuf[24];
+ int rc;
+
+ assert (keybytes == 5 || keybytes == 24);
+ if (string_to_key (1, salt, saltlen, iter, pw, keybytes, keybuf))
+ return -1;
+ rc = gcry_cipher_setkey (chd, keybuf, keybytes);
+ if (rc)
+ {
+ log_error ( "gcry_cipher_setkey failed: %s\n", gpg_strerror (rc));
+ return -1;
+ }
+
+ if (string_to_key (2, salt, saltlen, iter, pw, 8, keybuf))
+ return -1;
+ rc = gcry_cipher_setiv (chd, keybuf, 8);
+ if (rc)
+ {
+ log_error ("gcry_cipher_setiv failed: %s\n", gpg_strerror (rc));
+ return -1;
+ }
+ return 0;
+}
+
+
+static void
+crypt_block (unsigned char *buffer, size_t length, char *salt, size_t saltlen,
+ int iter, const char *pw, int cipher_algo, int encrypt)
+{
+ gcry_cipher_hd_t chd;
+ int rc;
+
+ rc = gcry_cipher_open (&chd, cipher_algo, GCRY_CIPHER_MODE_CBC, 0);
+ if (rc)
+ {
+ log_error ( "gcry_cipher_open failed: %s\n", gpg_strerror(rc));
+ wipememory (buffer, length);
+ return;
+ }
+ if (set_key_iv (chd, salt, saltlen, iter, pw,
+ cipher_algo == GCRY_CIPHER_RFC2268_40? 5:24))
+ {
+ wipememory (buffer, length);
+ goto leave;
+ }
+
+ rc = encrypt? gcry_cipher_encrypt (chd, buffer, length, NULL, 0)
+ : gcry_cipher_decrypt (chd, buffer, length, NULL, 0);
+
+ if (rc)
+ {
+ wipememory (buffer, length);
+ log_error ( "en/de-crytion failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ leave:
+ gcry_cipher_close (chd);
+}
+
+
+/* Decrypt a block of data and try several encodings of the key.
+ CIPHERTEXT is the encrypted data of size LENGTH bytes; PLAINTEXT is
+ a buffer of the same size to receive the decryption result. SALT,
+ SALTLEN, ITER and PW are the information required for decryption
+ and CIPHER_ALGO is the algorithm id to use. CHECK_FNC is a
+ function called with the plaintext and used to check whether the
+ decryption succeeded; i.e. that a correct passphrase has been
+ given. That function shall return true if the decryption has likely
+ succeeded. */
+static void
+decrypt_block (const void *ciphertext, unsigned char *plaintext, size_t length,
+ char *salt, size_t saltlen,
+ int iter, const char *pw, int cipher_algo,
+ int (*check_fnc) (const void *, size_t))
+{
+ static const char * const charsets[] = {
+ "", /* No conversion - use the UTF-8 passphrase direct. */
+ "ISO-8859-1",
+ "ISO-8859-15",
+ "ISO-8859-2",
+ "ISO-8859-3",
+ "ISO-8859-4",
+ "ISO-8859-5",
+ "ISO-8859-6",
+ "ISO-8859-7",
+ "ISO-8859-8",
+ "ISO-8859-9",
+ "KOI8-R",
+ "IBM437",
+ "IBM850",
+ "EUC-JP",
+ "BIG5",
+ NULL
+ };
+ int charsetidx = 0;
+ char *convertedpw = NULL; /* Malloced and converted password or NULL. */
+ size_t convertedpwsize = 0; /* Allocated length. */
+
+ for (charsetidx=0; charsets[charsetidx]; charsetidx++)
+ {
+ if (*charsets[charsetidx])
+ {
+ jnlib_iconv_t cd;
+ const char *inptr;
+ char *outptr;
+ size_t inbytes, outbytes;
+
+ if (!convertedpw)
+ {
+ /* We assume one byte encodings. Thus we can allocate
+ the buffer of the same size as the original
+ passphrase; the result will actually be shorter
+ then. */
+ convertedpwsize = strlen (pw) + 1;
+ convertedpw = gcry_malloc_secure (convertedpwsize);
+ if (!convertedpw)
+ {
+ log_info ("out of secure memory while"
+ " converting passphrase\n");
+ break; /* Give up. */
+ }
+ }
+
+ cd = jnlib_iconv_open (charsets[charsetidx], "utf-8");
+ if (cd == (jnlib_iconv_t)(-1))
+ continue;
+
+ inptr = pw;
+ inbytes = strlen (pw);
+ outptr = convertedpw;
+ outbytes = convertedpwsize - 1;
+ if ( jnlib_iconv (cd, (const char **)&inptr, &inbytes,
+ &outptr, &outbytes) == (size_t)-1)
+ {
+ jnlib_iconv_close (cd);
+ continue;
+ }
+ *outptr = 0;
+ jnlib_iconv_close (cd);
+ log_info ("decryption failed; trying charset `%s'\n",
+ charsets[charsetidx]);
+ }
+ memcpy (plaintext, ciphertext, length);
+ crypt_block (plaintext, length, salt, saltlen, iter,
+ convertedpw? convertedpw:pw, cipher_algo, 0);
+ if (check_fnc (plaintext, length))
+ break; /* Decryption succeeded. */
+ }
+ gcry_free (convertedpw);
+}
+
+
+/* Return true if the decryption of an bag_encrypted_data object has
+ likely succeeded. */
+static int
+bag_decrypted_data_p (const void *plaintext, size_t length)
+{
+ struct tag_info ti;
+ const unsigned char *p = plaintext;
+ size_t n = length;
+
+ /* { */
+ /* # warning debug code is enabled */
+ /* FILE *fp = fopen ("tmp-rc2-plain.der", "wb"); */
+ /* if (!fp || fwrite (p, n, 1, fp) != 1) */
+ /* exit (2); */
+ /* fclose (fp); */
+ /* } */
+
+ if (parse_tag (&p, &n, &ti))
+ return 0;
+ if (ti.class || ti.tag != TAG_SEQUENCE)
+ return 0;
+ if (parse_tag (&p, &n, &ti))
+ return 0;
+
+ return 1;
+}
+
+/* Note: If R_RESULT is passed as NULL, a key object as already be
+ processed and thus we need to skip it here. */
+static int
+parse_bag_encrypted_data (const unsigned char *buffer, size_t length,
+ int startoffset, size_t *r_consumed, const char *pw,
+ void (*certcb)(void*, const unsigned char*, size_t),
+ void *certcbarg, gcry_mpi_t **r_result)
+{
+ struct tag_info ti;
+ const unsigned char *p = buffer;
+ const unsigned char *p_start = buffer;
+ size_t n = length;
+ const char *where;
+ char salt[20];
+ size_t saltlen;
+ unsigned int iter;
+ unsigned char *plain = NULL;
+ int bad_pass = 0;
+ unsigned char *cram_buffer = NULL;
+ size_t consumed = 0; /* Number of bytes consumed from the orginal buffer. */
+ int is_3des = 0;
+ gcry_mpi_t *result = NULL;
+ int result_count;
+
+ if (r_result)
+ *r_result = NULL;
+ where = "start";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class != ASNCONTEXT || ti.tag)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.tag != TAG_SEQUENCE)
+ goto bailout;
+
+ where = "bag.encryptedData.version";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.tag != TAG_INTEGER || ti.length != 1 || *p != 0)
+ goto bailout;
+ p++; n--;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.tag != TAG_SEQUENCE)
+ goto bailout;
+
+ where = "bag.encryptedData.data";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.tag != TAG_OBJECT_ID || ti.length != DIM(oid_data)
+ || memcmp (p, oid_data, DIM(oid_data)))
+ goto bailout;
+ p += DIM(oid_data);
+ n -= DIM(oid_data);
+
+ where = "bag.encryptedData.keyinfo";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (!ti.class && ti.tag == TAG_OBJECT_ID
+ && ti.length == DIM(oid_pbeWithSHAAnd40BitRC2_CBC)
+ && !memcmp (p, oid_pbeWithSHAAnd40BitRC2_CBC,
+ DIM(oid_pbeWithSHAAnd40BitRC2_CBC)))
+ {
+ p += DIM(oid_pbeWithSHAAnd40BitRC2_CBC);
+ n -= DIM(oid_pbeWithSHAAnd40BitRC2_CBC);
+ }
+ else if (!ti.class && ti.tag == TAG_OBJECT_ID
+ && ti.length == DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC)
+ && !memcmp (p, oid_pbeWithSHAAnd3_KeyTripleDES_CBC,
+ DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC)))
+ {
+ p += DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC);
+ n -= DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC);
+ is_3des = 1;
+ }
+ else
+ goto bailout;
+
+ where = "rc2or3des-params";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_OCTET_STRING
+ || ti.length < 8 || ti.length > 20 )
+ goto bailout;
+ saltlen = ti.length;
+ memcpy (salt, p, saltlen);
+ p += saltlen;
+ n -= saltlen;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_INTEGER || !ti.length )
+ goto bailout;
+ for (iter=0; ti.length; ti.length--)
+ {
+ iter <<= 8;
+ iter |= (*p++) & 0xff;
+ n--;
+ }
+
+ where = "rc2or3des-ciphertext";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+
+ consumed = p - p_start;
+ if (ti.class == ASNCONTEXT && ti.tag == 0 && ti.is_constructed && ti.ndef)
+ {
+ /* Mozilla exported certs now come with single byte chunks of
+ octect strings. (Mozilla Firefox 1.0.4). Arghh. */
+ where = "cram-rc2or3des-ciphertext";
+ cram_buffer = cram_octet_string ( p, &n, &consumed);
+ if (!cram_buffer)
+ goto bailout;
+ p = p_start = cram_buffer;
+ if (r_consumed)
+ *r_consumed = consumed;
+ r_consumed = NULL; /* Ugly hack to not update that value any further. */
+ ti.length = n;
+ }
+ else if (ti.class == ASNCONTEXT && ti.tag == 0 && ti.length )
+ ;
+ else
+ goto bailout;
+
+ log_info ("%lu bytes of %s encrypted text\n",ti.length,is_3des?"3DES":"RC2");
+
+ plain = gcry_malloc_secure (ti.length);
+ if (!plain)
+ {
+ log_error ("error allocating decryption buffer\n");
+ goto bailout;
+ }
+ decrypt_block (p, plain, ti.length, salt, saltlen, iter, pw,
+ is_3des? GCRY_CIPHER_3DES : GCRY_CIPHER_RFC2268_40,
+ bag_decrypted_data_p);
+ n = ti.length;
+ startoffset = 0;
+ p_start = p = plain;
+
+ where = "outer.outer.seq";
+ if (parse_tag (&p, &n, &ti))
+ {
+ bad_pass = 1;
+ goto bailout;
+ }
+ if (ti.class || ti.tag != TAG_SEQUENCE)
+ {
+ bad_pass = 1;
+ goto bailout;
+ }
+
+ if (parse_tag (&p, &n, &ti))
+ {
+ bad_pass = 1;
+ goto bailout;
+ }
+
+ /* Loop over all certificates inside the bag. */
+ while (n)
+ {
+ int iscrlbag = 0;
+ int iskeybag = 0;
+
+ where = "certbag.nextcert";
+ if (ti.class || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+
+ where = "certbag.objectidentifier";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_OBJECT_ID)
+ goto bailout;
+ if ( ti.length == DIM(oid_pkcs_12_CertBag)
+ && !memcmp (p, oid_pkcs_12_CertBag, DIM(oid_pkcs_12_CertBag)))
+ {
+ p += DIM(oid_pkcs_12_CertBag);
+ n -= DIM(oid_pkcs_12_CertBag);
+ }
+ else if ( ti.length == DIM(oid_pkcs_12_CrlBag)
+ && !memcmp (p, oid_pkcs_12_CrlBag, DIM(oid_pkcs_12_CrlBag)))
+ {
+ p += DIM(oid_pkcs_12_CrlBag);
+ n -= DIM(oid_pkcs_12_CrlBag);
+ iscrlbag = 1;
+ }
+ else if ( ti.length == DIM(oid_pkcs_12_keyBag)
+ && !memcmp (p, oid_pkcs_12_keyBag, DIM(oid_pkcs_12_keyBag)))
+ {
+ /* The TrustedMIME plugin for MS Outlook started to create
+ files with just one outer 3DES encrypted container and
+ inside the certificates as well as the key. */
+ p += DIM(oid_pkcs_12_keyBag);
+ n -= DIM(oid_pkcs_12_keyBag);
+ iskeybag = 1;
+ }
+ else
+ goto bailout;
+
+ where = "certbag.before.certheader";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class != ASNCONTEXT || ti.tag)
+ goto bailout;
+ if (iscrlbag)
+ {
+ log_info ("skipping unsupported crlBag\n");
+ p += ti.length;
+ n -= ti.length;
+ }
+ else if (iskeybag && (result || !r_result))
+ {
+ log_info ("one keyBag already processed; skipping this one\n");
+ p += ti.length;
+ n -= ti.length;
+ }
+ else if (iskeybag)
+ {
+ int len;
+
+ log_info ("processing simple keyBag\n");
+
+ /* Fixme: This code is duplicated from parse_bag_data. */
+ if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_INTEGER
+ || ti.length != 1 || *p)
+ goto bailout;
+ p++; n--;
+ if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+ len = ti.length;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (len < ti.nhdr)
+ goto bailout;
+ len -= ti.nhdr;
+ if (ti.class || ti.tag != TAG_OBJECT_ID
+ || ti.length != DIM(oid_rsaEncryption)
+ || memcmp (p, oid_rsaEncryption,
+ DIM(oid_rsaEncryption)))
+ goto bailout;
+ p += DIM (oid_rsaEncryption);
+ n -= DIM (oid_rsaEncryption);
+ if (len < ti.length)
+ goto bailout;
+ len -= ti.length;
+ if (n < len)
+ goto bailout;
+ p += len;
+ n -= len;
+ if ( parse_tag (&p, &n, &ti)
+ || ti.class || ti.tag != TAG_OCTET_STRING)
+ goto bailout;
+ if ( parse_tag (&p, &n, &ti)
+ || ti.class || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+ len = ti.length;
+
+ result = gcry_calloc (10, sizeof *result);
+ if (!result)
+ {
+ log_error ( "error allocating result array\n");
+ goto bailout;
+ }
+ result_count = 0;
+
+ where = "reading.keybag.key-parameters";
+ for (result_count = 0; len && result_count < 9;)
+ {
+ if ( parse_tag (&p, &n, &ti)
+ || ti.class || ti.tag != TAG_INTEGER)
+ goto bailout;
+ if (len < ti.nhdr)
+ goto bailout;
+ len -= ti.nhdr;
+ if (len < ti.length)
+ goto bailout;
+ len -= ti.length;
+ if (!result_count && ti.length == 1 && !*p)
+ ; /* ignore the very first one if it is a 0 */
+ else
+ {
+ int rc;
+
+ rc = gcry_mpi_scan (result+result_count, GCRYMPI_FMT_USG, p,
+ ti.length, NULL);
+ if (rc)
+ {
+ log_error ("error parsing key parameter: %s\n",
+ gpg_strerror (rc));
+ goto bailout;
+ }
+ result_count++;
+ }
+ p += ti.length;
+ n -= ti.length;
+ }
+ if (len)
+ goto bailout;
+ }
+ else
+ {
+ log_info ("processing certBag\n");
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_OBJECT_ID
+ || ti.length != DIM(oid_x509Certificate_for_pkcs_12)
+ || memcmp (p, oid_x509Certificate_for_pkcs_12,
+ DIM(oid_x509Certificate_for_pkcs_12)))
+ goto bailout;
+ p += DIM(oid_x509Certificate_for_pkcs_12);
+ n -= DIM(oid_x509Certificate_for_pkcs_12);
+
+ where = "certbag.before.octetstring";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class != ASNCONTEXT || ti.tag)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_OCTET_STRING || ti.ndef)
+ goto bailout;
+
+ /* Return the certificate. */
+ if (certcb)
+ certcb (certcbarg, p, ti.length);
+
+ p += ti.length;
+ n -= ti.length;
+ }
+
+ /* Ugly hack to cope with the padding: Forget about the rest if
+ that is less or equal to the cipher's block length. We can
+ reasonable assume that all valid data will be longer than
+ just one block. */
+ if (n <= 8)
+ n = 0;
+
+ /* Skip the optional SET with the pkcs12 cert attributes. */
+ if (n)
+ {
+ where = "bag.attributes";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (!ti.class && ti.tag == TAG_SEQUENCE)
+ ; /* No attributes. */
+ else if (!ti.class && ti.tag == TAG_SET && !ti.ndef)
+ { /* The optional SET. */
+ p += ti.length;
+ n -= ti.length;
+ if (n <= 8)
+ n = 0;
+ if (n && parse_tag (&p, &n, &ti))
+ goto bailout;
+ }
+ else
+ goto bailout;
+ }
+ }
+
+ if (r_consumed)
+ *r_consumed = consumed;
+ gcry_free (plain);
+ gcry_free (cram_buffer);
+ if (r_result)
+ *r_result = result;
+ return 0;
+
+ bailout:
+ if (result)
+ {
+ int i;
+
+ for (i=0; result[i]; i++)
+ gcry_mpi_release (result[i]);
+ gcry_free (result);
+ }
+ if (r_consumed)
+ *r_consumed = consumed;
+ gcry_free (plain);
+ gcry_free (cram_buffer);
+ log_error ("encryptedData error at \"%s\", offset %u\n",
+ where, (unsigned int)((p - p_start)+startoffset));
+ if (bad_pass)
+ {
+ /* Note, that the following string might be used by other programs
+ to check for a bad passphrase; it should therefore not be
+ translated or changed. */
+ log_error ("possibly bad passphrase given\n");
+ }
+ return -1;
+}
+
+
+/* Return true if the decryption of a bag_data object has likely
+ succeeded. */
+static int
+bag_data_p (const void *plaintext, size_t length)
+{
+ struct tag_info ti;
+ const unsigned char *p = plaintext;
+ size_t n = length;
+
+/* { */
+/* # warning debug code is enabled */
+/* FILE *fp = fopen ("tmp-3des-plain-key.der", "wb"); */
+/* if (!fp || fwrite (p, n, 1, fp) != 1) */
+/* exit (2); */
+/* fclose (fp); */
+/* } */
+
+ if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_SEQUENCE)
+ return 0;
+ if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_INTEGER
+ || ti.length != 1 || *p)
+ return 0;
+
+ return 1;
+}
+
+
+static gcry_mpi_t *
+parse_bag_data (const unsigned char *buffer, size_t length, int startoffset,
+ size_t *r_consumed, const char *pw)
+{
+ int rc;
+ struct tag_info ti;
+ const unsigned char *p = buffer;
+ const unsigned char *p_start = buffer;
+ size_t n = length;
+ const char *where;
+ char salt[20];
+ size_t saltlen;
+ unsigned int iter;
+ int len;
+ unsigned char *plain = NULL;
+ gcry_mpi_t *result = NULL;
+ int result_count, i;
+ unsigned char *cram_buffer = NULL;
+ size_t consumed = 0; /* Number of bytes consumed from the orginal buffer. */
+
+ where = "start";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class != ASNCONTEXT || ti.tag)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_OCTET_STRING)
+ goto bailout;
+
+ consumed = p - p_start;
+ if (ti.is_constructed && ti.ndef)
+ {
+ /* Mozilla exported certs now come with single byte chunks of
+ octect strings. (Mozilla Firefox 1.0.4). Arghh. */
+ where = "cram-data.outersegs";
+ cram_buffer = cram_octet_string ( p, &n, &consumed);
+ if (!cram_buffer)
+ goto bailout;
+ p = p_start = cram_buffer;
+ if (r_consumed)
+ *r_consumed = consumed;
+ r_consumed = NULL; /* Ugly hack to not update that value any further. */
+ }
+
+
+ where = "data.outerseqs";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+
+ where = "data.objectidentifier";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_OBJECT_ID
+ || ti.length != DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag)
+ || memcmp (p, oid_pkcs_12_pkcs_8ShroudedKeyBag,
+ DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag)))
+ goto bailout;
+ p += DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag);
+ n -= DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag);
+
+ where = "shrouded,outerseqs";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class != ASNCONTEXT || ti.tag)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_OBJECT_ID
+ || ti.length != DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC)
+ || memcmp (p, oid_pbeWithSHAAnd3_KeyTripleDES_CBC,
+ DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC)))
+ goto bailout;
+ p += DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC);
+ n -= DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC);
+
+ where = "3des-params";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_OCTET_STRING
+ || ti.length < 8 || ti.length > 20)
+ goto bailout;
+ saltlen = ti.length;
+ memcpy (salt, p, saltlen);
+ p += saltlen;
+ n -= saltlen;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_INTEGER || !ti.length )
+ goto bailout;
+ for (iter=0; ti.length; ti.length--)
+ {
+ iter <<= 8;
+ iter |= (*p++) & 0xff;
+ n--;
+ }
+
+ where = "3des-ciphertext";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class || ti.tag != TAG_OCTET_STRING || !ti.length )
+ goto bailout;
+
+ log_info ("%lu bytes of 3DES encrypted text\n", ti.length);
+
+ plain = gcry_malloc_secure (ti.length);
+ if (!plain)
+ {
+ log_error ("error allocating decryption buffer\n");
+ goto bailout;
+ }
+ consumed += p - p_start + ti.length;
+ decrypt_block (p, plain, ti.length, salt, saltlen, iter, pw,
+ GCRY_CIPHER_3DES,
+ bag_data_p);
+ n = ti.length;
+ startoffset = 0;
+ p_start = p = plain;
+
+ where = "decrypted-text";
+ if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_INTEGER
+ || ti.length != 1 || *p)
+ goto bailout;
+ p++; n--;
+ if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+ len = ti.length;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (len < ti.nhdr)
+ goto bailout;
+ len -= ti.nhdr;
+ if (ti.class || ti.tag != TAG_OBJECT_ID
+ || ti.length != DIM(oid_rsaEncryption)
+ || memcmp (p, oid_rsaEncryption,
+ DIM(oid_rsaEncryption)))
+ goto bailout;
+ p += DIM (oid_rsaEncryption);
+ n -= DIM (oid_rsaEncryption);
+ if (len < ti.length)
+ goto bailout;
+ len -= ti.length;
+ if (n < len)
+ goto bailout;
+ p += len;
+ n -= len;
+ if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_OCTET_STRING)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+ len = ti.length;
+
+ result = gcry_calloc (10, sizeof *result);
+ if (!result)
+ {
+ log_error ( "error allocating result array\n");
+ goto bailout;
+ }
+ result_count = 0;
+
+ where = "reading.key-parameters";
+ for (result_count=0; len && result_count < 9;)
+ {
+ if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_INTEGER)
+ goto bailout;
+ if (len < ti.nhdr)
+ goto bailout;
+ len -= ti.nhdr;
+ if (len < ti.length)
+ goto bailout;
+ len -= ti.length;
+ if (!result_count && ti.length == 1 && !*p)
+ ; /* ignore the very first one if it is a 0 */
+ else
+ {
+ rc = gcry_mpi_scan (result+result_count, GCRYMPI_FMT_USG, p,
+ ti.length, NULL);
+ if (rc)
+ {
+ log_error ("error parsing key parameter: %s\n",
+ gpg_strerror (rc));
+ goto bailout;
+ }
+ result_count++;
+ }
+ p += ti.length;
+ n -= ti.length;
+ }
+ if (len)
+ goto bailout;
+
+ gcry_free (cram_buffer);
+ if (r_consumed)
+ *r_consumed = consumed;
+ return result;
+
+ bailout:
+ gcry_free (plain);
+ if (result)
+ {
+ for (i=0; result[i]; i++)
+ gcry_mpi_release (result[i]);
+ gcry_free (result);
+ }
+ gcry_free (cram_buffer);
+ log_error ( "data error at \"%s\", offset %u\n",
+ where, (unsigned int)((p - buffer) + startoffset));
+ if (r_consumed)
+ *r_consumed = consumed;
+ return NULL;
+}
+
+
+/* Parse a PKCS12 object and return an array of MPI representing the
+ secret key parameters. This is a very limited implementation in
+ that it is only able to look for 3DES encoded encryptedData and
+ tries to extract the first private key object it finds. In case of
+ an error NULL is returned. CERTCB and CERRTCBARG are used to pass
+ X.509 certificates back to the caller. */
+gcry_mpi_t *
+p12_parse (const unsigned char *buffer, size_t length, const char *pw,
+ void (*certcb)(void*, const unsigned char*, size_t),
+ void *certcbarg)
+{
+ struct tag_info ti;
+ const unsigned char *p = buffer;
+ const unsigned char *p_start = buffer;
+ size_t n = length;
+ const char *where;
+ int bagseqlength, len;
+ int bagseqndef, lenndef;
+ gcry_mpi_t *result = NULL;
+ unsigned char *cram_buffer = NULL;
+
+ where = "pfx";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.tag != TAG_SEQUENCE)
+ goto bailout;
+
+ where = "pfxVersion";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.tag != TAG_INTEGER || ti.length != 1 || *p != 3)
+ goto bailout;
+ p++; n--;
+
+ where = "authSave";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.tag != TAG_SEQUENCE)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.tag != TAG_OBJECT_ID || ti.length != DIM(oid_data)
+ || memcmp (p, oid_data, DIM(oid_data)))
+ goto bailout;
+ p += DIM(oid_data);
+ n -= DIM(oid_data);
+
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class != ASNCONTEXT || ti.tag)
+ goto bailout;
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class != UNIVERSAL || ti.tag != TAG_OCTET_STRING)
+ goto bailout;
+
+ if (ti.is_constructed && ti.ndef)
+ {
+ /* Mozilla exported certs now come with single byte chunks of
+ octect strings. (Mozilla Firefox 1.0.4). Arghh. */
+ where = "cram-bags";
+ cram_buffer = cram_octet_string ( p, &n, NULL);
+ if (!cram_buffer)
+ goto bailout;
+ p = p_start = cram_buffer;
+ }
+
+ where = "bags";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (ti.class != UNIVERSAL || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+ bagseqndef = ti.ndef;
+ bagseqlength = ti.length;
+ while (bagseqlength || bagseqndef)
+ {
+/* log_debug ( "at offset %u\n", (p - p_start)); */
+ where = "bag-sequence";
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (bagseqndef && ti.class == UNIVERSAL && !ti.tag && !ti.is_constructed)
+ break; /* Ready */
+ if (ti.class != UNIVERSAL || ti.tag != TAG_SEQUENCE)
+ goto bailout;
+
+ if (!bagseqndef)
+ {
+ if (bagseqlength < ti.nhdr)
+ goto bailout;
+ bagseqlength -= ti.nhdr;
+ if (bagseqlength < ti.length)
+ goto bailout;
+ bagseqlength -= ti.length;
+ }
+ lenndef = ti.ndef;
+ len = ti.length;
+
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (lenndef)
+ len = ti.nhdr;
+ else
+ len -= ti.nhdr;
+
+ if (ti.tag == TAG_OBJECT_ID && ti.length == DIM(oid_encryptedData)
+ && !memcmp (p, oid_encryptedData, DIM(oid_encryptedData)))
+ {
+ size_t consumed = 0;
+
+ p += DIM(oid_encryptedData);
+ n -= DIM(oid_encryptedData);
+ if (!lenndef)
+ len -= DIM(oid_encryptedData);
+ where = "bag.encryptedData";
+ if (parse_bag_encrypted_data (p, n, (p - p_start), &consumed, pw,
+ certcb, certcbarg,
+ result? NULL : &result))
+ goto bailout;
+ if (lenndef)
+ len += consumed;
+ }
+ else if (ti.tag == TAG_OBJECT_ID && ti.length == DIM(oid_data)
+ && !memcmp (p, oid_data, DIM(oid_data)))
+ {
+ if (result)
+ {
+ log_info ("already got an key object, skipping this one\n");
+ p += ti.length;
+ n -= ti.length;
+ }
+ else
+ {
+ size_t consumed = 0;
+
+ p += DIM(oid_data);
+ n -= DIM(oid_data);
+ if (!lenndef)
+ len -= DIM(oid_data);
+ result = parse_bag_data (p, n, (p - p_start), &consumed, pw);
+ if (!result)
+ goto bailout;
+ if (lenndef)
+ len += consumed;
+ }
+ }
+ else
+ {
+ log_info ("unknown bag type - skipped\n");
+ p += ti.length;
+ n -= ti.length;
+ }
+
+ if (len < 0 || len > n)
+ goto bailout;
+ p += len;
+ n -= len;
+ if (lenndef)
+ {
+ /* Need to skip the Null Tag. */
+ if (parse_tag (&p, &n, &ti))
+ goto bailout;
+ if (!(ti.class == UNIVERSAL && !ti.tag && !ti.is_constructed))
+ goto bailout;
+ }
+ }
+
+ gcry_free (cram_buffer);
+ return result;
+ bailout:
+ log_error ("error at \"%s\", offset %u\n",
+ where, (unsigned int)(p - p_start));
+ if (result)
+ {
+ int i;
+
+ for (i=0; result[i]; i++)
+ gcry_mpi_release (result[i]);
+ gcry_free (result);
+ }
+ gcry_free (cram_buffer);
+ return NULL;
+}
+
+
+
+static size_t
+compute_tag_length (size_t n)
+{
+ int needed = 0;
+
+ if (n < 128)
+ needed += 2; /* tag and one length byte */
+ else if (n < 256)
+ needed += 3; /* tag, number of length bytes, 1 length byte */
+ else if (n < 65536)
+ needed += 4; /* tag, number of length bytes, 2 length bytes */
+ else
+ {
+ log_error ("object too larger to encode\n");
+ return 0;
+ }
+ return needed;
+}
+
+static unsigned char *
+store_tag_length (unsigned char *p, int tag, size_t n)
+{
+ if (tag == TAG_SEQUENCE)
+ tag |= 0x20; /* constructed */
+
+ *p++ = tag;
+ if (n < 128)
+ *p++ = n;
+ else if (n < 256)
+ {
+ *p++ = 0x81;
+ *p++ = n;
+ }
+ else if (n < 65536)
+ {
+ *p++ = 0x82;
+ *p++ = n >> 8;
+ *p++ = n;
+ }
+
+ return p;
+}
+
+
+/* Create the final PKCS-12 object from the sequences contained in
+ SEQLIST. PW is the password. That array is terminated with an NULL
+ object. */
+static unsigned char *
+create_final (struct buffer_s *sequences, const char *pw, size_t *r_length)
+{
+ int i;
+ size_t needed = 0;
+ size_t len[8], n;
+ unsigned char *macstart;
+ size_t maclen;
+ unsigned char *result, *p;
+ size_t resultlen;
+ char salt[8];
+ unsigned char keybuf[20];
+ gcry_md_hd_t md;
+ int rc;
+ int with_mac = 1;
+
+
+ /* 9 steps to create the pkcs#12 Krampf. */
+
+ /* 8. The MAC. */
+ /* We add this at step 0. */
+
+ /* 7. All the buffers. */
+ for (i=0; sequences[i].buffer; i++)
+ needed += sequences[i].length;
+
+ /* 6. This goes into a sequences. */
+ len[6] = needed;
+ n = compute_tag_length (needed);
+ needed += n;
+
+ /* 5. Encapsulate all in an octet string. */
+ len[5] = needed;
+ n = compute_tag_length (needed);
+ needed += n;
+
+ /* 4. And tag it with [0]. */
+ len[4] = needed;
+ n = compute_tag_length (needed);
+ needed += n;
+
+ /* 3. Prepend an data OID. */
+ needed += 2 + DIM (oid_data);
+
+ /* 2. Put all into a sequences. */
+ len[2] = needed;
+ n = compute_tag_length (needed);
+ needed += n;
+
+ /* 1. Prepend the version integer 3. */
+ needed += 3;
+
+ /* 0. And the final outer sequence. */
+ if (with_mac)
+ needed += DIM (data_mactemplate);
+ len[0] = needed;
+ n = compute_tag_length (needed);
+ needed += n;
+
+ /* Allocate a buffer. */
+ result = gcry_malloc (needed);
+ if (!result)
+ {
+ log_error ("error allocating buffer\n");
+ return NULL;
+ }
+ p = result;
+
+ /* 0. Store the very outer sequence. */
+ p = store_tag_length (p, TAG_SEQUENCE, len[0]);
+
+ /* 1. Store the version integer 3. */
+ *p++ = TAG_INTEGER;
+ *p++ = 1;
+ *p++ = 3;
+
+ /* 2. Store another sequence. */
+ p = store_tag_length (p, TAG_SEQUENCE, len[2]);
+
+ /* 3. Store the data OID. */
+ p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_data));
+ memcpy (p, oid_data, DIM (oid_data));
+ p += DIM (oid_data);
+
+ /* 4. Next comes a context tag. */
+ p = store_tag_length (p, 0xa0, len[4]);
+
+ /* 5. And an octet string. */
+ p = store_tag_length (p, TAG_OCTET_STRING, len[5]);
+
+ /* 6. And the inner sequence. */
+ macstart = p;
+ p = store_tag_length (p, TAG_SEQUENCE, len[6]);
+
+ /* 7. Append all the buffers. */
+ for (i=0; sequences[i].buffer; i++)
+ {
+ memcpy (p, sequences[i].buffer, sequences[i].length);
+ p += sequences[i].length;
+ }
+
+ if (with_mac)
+ {
+ /* Intermezzo to compute the MAC. */
+ maclen = p - macstart;
+ gcry_randomize (salt, 8, GCRY_STRONG_RANDOM);
+ if (string_to_key (3, salt, 8, 2048, pw, 20, keybuf))
+ {
+ gcry_free (result);
+ return NULL;
+ }
+ rc = gcry_md_open (&md, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
+ if (rc)
+ {
+ log_error ("gcry_md_open failed: %s\n", gpg_strerror (rc));
+ gcry_free (result);
+ return NULL;
+ }
+ rc = gcry_md_setkey (md, keybuf, 20);
+ if (rc)
+ {
+ log_error ("gcry_md_setkey failed: %s\n", gpg_strerror (rc));
+ gcry_md_close (md);
+ gcry_free (result);
+ return NULL;
+ }
+ gcry_md_write (md, macstart, maclen);
+
+ /* 8. Append the MAC template and fix it up. */
+ memcpy (p, data_mactemplate, DIM (data_mactemplate));
+ memcpy (p + DATA_MACTEMPLATE_SALT_OFF, salt, 8);
+ memcpy (p + DATA_MACTEMPLATE_MAC_OFF, gcry_md_read (md, 0), 20);
+ p += DIM (data_mactemplate);
+ gcry_md_close (md);
+ }
+
+ /* Ready. */
+ resultlen = p - result;
+ if (needed != resultlen)
+ log_debug ("length mismatch: %lu, %lu\n",
+ (unsigned long)needed, (unsigned long)resultlen);
+
+ *r_length = resultlen;
+ return result;
+}
+
+
+/* Build a DER encoded SEQUENCE with the key:
+
+ SEQUENCE {
+ INTEGER 0
+ SEQUENCE {
+ OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
+ NULL
+ }
+ OCTET STRING, encapsulates {
+ SEQUENCE {
+ INTEGER 0
+ INTEGER
+ INTEGER
+ INTEGER
+ INTEGER
+ INTEGER
+ INTEGER
+ INTEGER
+ INTEGER
+ }
+ }
+ }
+*/
+
+static unsigned char *
+build_key_sequence (gcry_mpi_t *kparms, size_t *r_length)
+{
+ int rc, i;
+ size_t needed, n;
+ unsigned char *plain, *p;
+ size_t plainlen;
+ size_t outseqlen, oidseqlen, octstrlen, inseqlen;
+
+ needed = 3; /* The version(?) integer of value 0. */
+ for (i=0; kparms[i]; i++)
+ {
+ n = 0;
+ rc = gcry_mpi_print (GCRYMPI_FMT_STD, NULL, 0, &n, kparms[i]);
+ if (rc)
+ {
+ log_error ("error formatting parameter: %s\n", gpg_strerror (rc));
+ return NULL;
+ }
+ needed += n;
+ n = compute_tag_length (n);
+ if (!n)
+ return NULL;
+ needed += n;
+ }
+ if (i != 8)
+ {
+ log_error ("invalid parameters for p12_build\n");
+ return NULL;
+ }
+ /* Now this all goes into a sequence. */
+ inseqlen = needed;
+ n = compute_tag_length (needed);
+ if (!n)
+ return NULL;
+ needed += n;
+ /* Encapsulate all into an octet string. */
+ octstrlen = needed;
+ n = compute_tag_length (needed);
+ if (!n)
+ return NULL;
+ needed += n;
+ /* Prepend the object identifier sequence. */
+ oidseqlen = 2 + DIM (oid_rsaEncryption) + 2;
+ needed += 2 + oidseqlen;
+ /* The version number. */
+ needed += 3;
+ /* And finally put the whole thing into a sequence. */
+ outseqlen = needed;
+ n = compute_tag_length (needed);
+ if (!n)
+ return NULL;
+ needed += n;
+
+ /* allocate 8 extra bytes for padding */
+ plain = gcry_malloc_secure (needed+8);
+ if (!plain)
+ {
+ log_error ("error allocating encryption buffer\n");
+ return NULL;
+ }
+
+ /* And now fill the plaintext buffer. */
+ p = plain;
+ p = store_tag_length (p, TAG_SEQUENCE, outseqlen);
+ /* Store version. */
+ *p++ = TAG_INTEGER;
+ *p++ = 1;
+ *p++ = 0;
+ /* Store object identifier sequence. */
+ p = store_tag_length (p, TAG_SEQUENCE, oidseqlen);
+ p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_rsaEncryption));
+ memcpy (p, oid_rsaEncryption, DIM (oid_rsaEncryption));
+ p += DIM (oid_rsaEncryption);
+ *p++ = TAG_NULL;
+ *p++ = 0;
+ /* Start with the octet string. */
+ p = store_tag_length (p, TAG_OCTET_STRING, octstrlen);
+ p = store_tag_length (p, TAG_SEQUENCE, inseqlen);
+ /* Store the key parameters. */
+ *p++ = TAG_INTEGER;
+ *p++ = 1;
+ *p++ = 0;
+ for (i=0; kparms[i]; i++)
+ {
+ n = 0;
+ rc = gcry_mpi_print (GCRYMPI_FMT_STD, NULL, 0, &n, kparms[i]);
+ if (rc)
+ {
+ log_error ("oops: error formatting parameter: %s\n",
+ gpg_strerror (rc));
+ gcry_free (plain);
+ return NULL;
+ }
+ p = store_tag_length (p, TAG_INTEGER, n);
+
+ n = plain + needed - p;
+ rc = gcry_mpi_print (GCRYMPI_FMT_STD, p, n, &n, kparms[i]);
+ if (rc)
+ {
+ log_error ("oops: error storing parameter: %s\n",
+ gpg_strerror (rc));
+ gcry_free (plain);
+ return NULL;
+ }
+ p += n;
+ }
+
+ plainlen = p - plain;
+ assert (needed == plainlen);
+ /* Append some pad characters; we already allocated extra space. */
+ n = 8 - plainlen % 8;
+ for (i=0; i < n; i++, plainlen++)
+ *p++ = n;
+
+ *r_length = plainlen;
+ return plain;
+}
+
+
+
+static unsigned char *
+build_key_bag (unsigned char *buffer, size_t buflen, char *salt,
+ const unsigned char *sha1hash, const char *keyidstr,
+ size_t *r_length)
+{
+ size_t len[11], needed;
+ unsigned char *p, *keybag;
+ size_t keybaglen;
+
+ /* Walk 11 steps down to collect the info: */
+
+ /* 10. The data goes into an octet string. */
+ needed = compute_tag_length (buflen);
+ needed += buflen;
+
+ /* 9. Prepend the algorithm identifier. */
+ needed += DIM (data_3desiter2048);
+
+ /* 8. Put a sequence around. */
+ len[8] = needed;
+ needed += compute_tag_length (needed);
+
+ /* 7. Prepend a [0] tag. */
+ len[7] = needed;
+ needed += compute_tag_length (needed);
+
+ /* 6b. The attributes which are appended at the end. */
+ if (sha1hash)
+ needed += DIM (data_attrtemplate) + 20;
+
+ /* 6. Prepend the shroudedKeyBag OID. */
+ needed += 2 + DIM (oid_pkcs_12_pkcs_8ShroudedKeyBag);
+
+ /* 5+4. Put all into two sequences. */
+ len[5] = needed;
+ needed += compute_tag_length ( needed);
+ len[4] = needed;
+ needed += compute_tag_length (needed);
+
+ /* 3. This all goes into an octet string. */
+ len[3] = needed;
+ needed += compute_tag_length (needed);
+
+ /* 2. Prepend another [0] tag. */
+ len[2] = needed;
+ needed += compute_tag_length (needed);
+
+ /* 1. Prepend the data OID. */
+ needed += 2 + DIM (oid_data);
+
+ /* 0. Prepend another sequence. */
+ len[0] = needed;
+ needed += compute_tag_length (needed);
+
+ /* Now that we have all length information, allocate a buffer. */
+ p = keybag = gcry_malloc (needed);
+ if (!keybag)
+ {
+ log_error ("error allocating buffer\n");
+ return NULL;
+ }
+
+ /* Walk 11 steps up to store the data. */
+
+ /* 0. Store the first sequence. */
+ p = store_tag_length (p, TAG_SEQUENCE, len[0]);
+
+ /* 1. Store the data OID. */
+ p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_data));
+ memcpy (p, oid_data, DIM (oid_data));
+ p += DIM (oid_data);
+
+ /* 2. Store a [0] tag. */
+ p = store_tag_length (p, 0xa0, len[2]);
+
+ /* 3. And an octet string. */
+ p = store_tag_length (p, TAG_OCTET_STRING, len[3]);
+
+ /* 4+5. Two sequences. */
+ p = store_tag_length (p, TAG_SEQUENCE, len[4]);
+ p = store_tag_length (p, TAG_SEQUENCE, len[5]);
+
+ /* 6. Store the shroudedKeyBag OID. */
+ p = store_tag_length (p, TAG_OBJECT_ID,
+ DIM (oid_pkcs_12_pkcs_8ShroudedKeyBag));
+ memcpy (p, oid_pkcs_12_pkcs_8ShroudedKeyBag,
+ DIM (oid_pkcs_12_pkcs_8ShroudedKeyBag));
+ p += DIM (oid_pkcs_12_pkcs_8ShroudedKeyBag);
+
+ /* 7. Store a [0] tag. */
+ p = store_tag_length (p, 0xa0, len[7]);
+
+ /* 8. Store a sequence. */
+ p = store_tag_length (p, TAG_SEQUENCE, len[8]);
+
+ /* 9. Now for the pre-encoded algorithm identifier and the salt. */
+ memcpy (p, data_3desiter2048, DIM (data_3desiter2048));
+ memcpy (p + DATA_3DESITER2048_SALT_OFF, salt, 8);
+ p += DIM (data_3desiter2048);
+
+ /* 10. And the octet string with the encrypted data. */
+ p = store_tag_length (p, TAG_OCTET_STRING, buflen);
+ memcpy (p, buffer, buflen);
+ p += buflen;
+
+ /* Append the attributes whose length we calculated at step 2b. */
+ if (sha1hash)
+ {
+ int i;
+
+ memcpy (p, data_attrtemplate, DIM (data_attrtemplate));
+ for (i=0; i < 8; i++)
+ p[DATA_ATTRTEMPLATE_KEYID_OFF+2*i+1] = keyidstr[i];
+ p += DIM (data_attrtemplate);
+ memcpy (p, sha1hash, 20);
+ p += 20;
+ }
+
+
+ keybaglen = p - keybag;
+ if (needed != keybaglen)
+ log_debug ("length mismatch: %lu, %lu\n",
+ (unsigned long)needed, (unsigned long)keybaglen);
+
+ *r_length = keybaglen;
+ return keybag;
+}
+
+
+static unsigned char *
+build_cert_bag (unsigned char *buffer, size_t buflen, char *salt,
+ size_t *r_length)
+{
+ size_t len[9], needed;
+ unsigned char *p, *certbag;
+ size_t certbaglen;
+
+ /* Walk 9 steps down to collect the info: */
+
+ /* 8. The data goes into an octet string. */
+ needed = compute_tag_length (buflen);
+ needed += buflen;
+
+ /* 7. The algorithm identifier. */
+ needed += DIM (data_rc2iter2048);
+
+ /* 6. The data OID. */
+ needed += 2 + DIM (oid_data);
+
+ /* 5. A sequence. */
+ len[5] = needed;
+ needed += compute_tag_length ( needed);
+
+ /* 4. An integer. */
+ needed += 3;
+
+ /* 3. A sequence. */
+ len[3] = needed;
+ needed += compute_tag_length (needed);
+
+ /* 2. A [0] tag. */
+ len[2] = needed;
+ needed += compute_tag_length (needed);
+
+ /* 1. The encryptedData OID. */
+ needed += 2 + DIM (oid_encryptedData);
+
+ /* 0. The first sequence. */
+ len[0] = needed;
+ needed += compute_tag_length (needed);
+
+ /* Now that we have all length information, allocate a buffer. */
+ p = certbag = gcry_malloc (needed);
+ if (!certbag)
+ {
+ log_error ("error allocating buffer\n");
+ return NULL;
+ }
+
+ /* Walk 9 steps up to store the data. */
+
+ /* 0. Store the first sequence. */
+ p = store_tag_length (p, TAG_SEQUENCE, len[0]);
+
+ /* 1. Store the encryptedData OID. */
+ p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_encryptedData));
+ memcpy (p, oid_encryptedData, DIM (oid_encryptedData));
+ p += DIM (oid_encryptedData);
+
+ /* 2. Store a [0] tag. */
+ p = store_tag_length (p, 0xa0, len[2]);
+
+ /* 3. Store a sequence. */
+ p = store_tag_length (p, TAG_SEQUENCE, len[3]);
+
+ /* 4. Store the integer 0. */
+ *p++ = TAG_INTEGER;
+ *p++ = 1;
+ *p++ = 0;
+
+ /* 5. Store a sequence. */
+ p = store_tag_length (p, TAG_SEQUENCE, len[5]);
+
+ /* 6. Store the data OID. */
+ p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_data));
+ memcpy (p, oid_data, DIM (oid_data));
+ p += DIM (oid_data);
+
+ /* 7. Now for the pre-encoded algorithm identifier and the salt. */
+ memcpy (p, data_rc2iter2048, DIM (data_rc2iter2048));
+ memcpy (p + DATA_RC2ITER2048_SALT_OFF, salt, 8);
+ p += DIM (data_rc2iter2048);
+
+ /* 8. And finally the [0] tag with the encrypted data. */
+ p = store_tag_length (p, 0x80, buflen);
+ memcpy (p, buffer, buflen);
+ p += buflen;
+ certbaglen = p - certbag;
+
+ if (needed != certbaglen)
+ log_debug ("length mismatch: %lu, %lu\n",
+ (unsigned long)needed, (unsigned long)certbaglen);
+
+ *r_length = certbaglen;
+ return certbag;
+}
+
+
+static unsigned char *
+build_cert_sequence (unsigned char *buffer, size_t buflen,
+ const unsigned char *sha1hash, const char *keyidstr,
+ size_t *r_length)
+{
+ size_t len[8], needed, n;
+ unsigned char *p, *certseq;
+ size_t certseqlen;
+ int i;
+
+ assert (strlen (keyidstr) == 8);
+
+ /* Walk 8 steps down to collect the info: */
+
+ /* 7. The data goes into an octet string. */
+ needed = compute_tag_length (buflen);
+ needed += buflen;
+
+ /* 6. A [0] tag. */
+ len[6] = needed;
+ needed += compute_tag_length (needed);
+
+ /* 5. An OID. */
+ needed += 2 + DIM (oid_x509Certificate_for_pkcs_12);
+
+ /* 4. A sequence. */
+ len[4] = needed;
+ needed += compute_tag_length (needed);
+
+ /* 3. A [0] tag. */
+ len[3] = needed;
+ needed += compute_tag_length (needed);
+
+ /* 2b. The attributes which are appended at the end. */
+ if (sha1hash)
+ needed += DIM (data_attrtemplate) + 20;
+
+ /* 2. An OID. */
+ needed += 2 + DIM (oid_pkcs_12_CertBag);
+
+ /* 1. A sequence. */
+ len[1] = needed;
+ needed += compute_tag_length (needed);
+
+ /* 0. The first sequence. */
+ len[0] = needed;
+ needed += compute_tag_length (needed);
+
+ /* Now that we have all length information, allocate a buffer. */
+ p = certseq = gcry_malloc (needed + 8 /*(for padding)*/);
+ if (!certseq)
+ {
+ log_error ("error allocating buffer\n");
+ return NULL;
+ }
+
+ /* Walk 8 steps up to store the data. */
+
+ /* 0. Store the first sequence. */
+ p = store_tag_length (p, TAG_SEQUENCE, len[0]);
+
+ /* 1. Store the second sequence. */
+ p = store_tag_length (p, TAG_SEQUENCE, len[1]);
+
+ /* 2. Store the pkcs12-cert-bag OID. */
+ p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_pkcs_12_CertBag));
+ memcpy (p, oid_pkcs_12_CertBag, DIM (oid_pkcs_12_CertBag));
+ p += DIM (oid_pkcs_12_CertBag);
+
+ /* 3. Store a [0] tag. */
+ p = store_tag_length (p, 0xa0, len[3]);
+
+ /* 4. Store a sequence. */
+ p = store_tag_length (p, TAG_SEQUENCE, len[4]);
+
+ /* 5. Store the x509Certificate OID. */
+ p = store_tag_length (p, TAG_OBJECT_ID,
+ DIM (oid_x509Certificate_for_pkcs_12));
+ memcpy (p, oid_x509Certificate_for_pkcs_12,
+ DIM (oid_x509Certificate_for_pkcs_12));
+ p += DIM (oid_x509Certificate_for_pkcs_12);
+
+ /* 6. Store a [0] tag. */
+ p = store_tag_length (p, 0xa0, len[6]);
+
+ /* 7. And the octet string with the actual certificate. */
+ p = store_tag_length (p, TAG_OCTET_STRING, buflen);
+ memcpy (p, buffer, buflen);
+ p += buflen;
+
+ /* Append the attributes whose length we calculated at step 2b. */
+ if (sha1hash)
+ {
+ memcpy (p, data_attrtemplate, DIM (data_attrtemplate));
+ for (i=0; i < 8; i++)
+ p[DATA_ATTRTEMPLATE_KEYID_OFF+2*i+1] = keyidstr[i];
+ p += DIM (data_attrtemplate);
+ memcpy (p, sha1hash, 20);
+ p += 20;
+ }
+
+ certseqlen = p - certseq;
+ if (needed != certseqlen)
+ log_debug ("length mismatch: %lu, %lu\n",
+ (unsigned long)needed, (unsigned long)certseqlen);
+
+ /* Append some pad characters; we already allocated extra space. */
+ n = 8 - certseqlen % 8;
+ for (i=0; i < n; i++, certseqlen++)
+ *p++ = n;
+
+ *r_length = certseqlen;
+ return certseq;
+}
+
+
+/* Expect the RSA key parameters in KPARMS and a password in PW.
+ Create a PKCS structure from it and return it as well as the length
+ in R_LENGTH; return NULL in case of an error. If CHARSET is not
+ NULL, re-encode PW to that character set. */
+unsigned char *
+p12_build (gcry_mpi_t *kparms, unsigned char *cert, size_t certlen,
+ const char *pw, const char *charset, size_t *r_length)
+{
+ unsigned char *buffer = NULL;
+ size_t n, buflen;
+ char salt[8];
+ struct buffer_s seqlist[3];
+ int seqlistidx = 0;
+ unsigned char sha1hash[20];
+ char keyidstr[8+1];
+ char *pwbuf = NULL;
+ size_t pwbufsize = 0;
+
+ n = buflen = 0; /* (avoid compiler warning). */
+ memset (sha1hash, 0, 20);
+ *keyidstr = 0;
+
+ if (charset && pw && *pw)
+ {
+ jnlib_iconv_t cd;
+ const char *inptr;
+ char *outptr;
+ size_t inbytes, outbytes;
+
+ /* We assume that the converted passphrase is at max 2 times
+ longer than its utf-8 encoding. */
+ pwbufsize = strlen (pw)*2 + 1;
+ pwbuf = gcry_malloc_secure (pwbufsize);
+ if (!pwbuf)
+ {
+ log_error ("out of secure memory while converting passphrase\n");
+ goto failure;
+ }
+
+ cd = jnlib_iconv_open (charset, "utf-8");
+ if (cd == (jnlib_iconv_t)(-1))
+ {
+ log_error ("can't convert passphrase to"
+ " requested charset `%s': %s\n",
+ charset, strerror (errno));
+ gcry_free (pwbuf);
+ goto failure;
+ }
+
+ inptr = pw;
+ inbytes = strlen (pw);
+ outptr = pwbuf;
+ outbytes = pwbufsize - 1;
+ if ( jnlib_iconv (cd, (const char **)&inptr, &inbytes,
+ &outptr, &outbytes) == (size_t)-1)
+ {
+ log_error ("error converting passphrase to"
+ " requested charset `%s': %s\n",
+ charset, strerror (errno));
+ gcry_free (pwbuf);
+ jnlib_iconv_close (cd);
+ goto failure;
+ }
+ *outptr = 0;
+ jnlib_iconv_close (cd);
+ pw = pwbuf;
+ }
+
+
+ if (cert && certlen)
+ {
+ /* Calculate the hash value we need for the bag attributes. */
+ gcry_md_hash_buffer (GCRY_MD_SHA1, sha1hash, cert, certlen);
+ sprintf (keyidstr, "%02x%02x%02x%02x",
+ sha1hash[16], sha1hash[17], sha1hash[18], sha1hash[19]);
+
+ /* Encode the certificate. */
+ buffer = build_cert_sequence (cert, certlen, sha1hash, keyidstr,
+ &buflen);
+ if (!buffer)
+ goto failure;
+
+ /* Encrypt it. */
+ gcry_randomize (salt, 8, GCRY_STRONG_RANDOM);
+ crypt_block (buffer, buflen, salt, 8, 2048, pw,
+ GCRY_CIPHER_RFC2268_40, 1);
+
+ /* Encode the encrypted stuff into a bag. */
+ seqlist[seqlistidx].buffer = build_cert_bag (buffer, buflen, salt, &n);
+ seqlist[seqlistidx].length = n;
+ gcry_free (buffer);
+ buffer = NULL;
+ if (!seqlist[seqlistidx].buffer)
+ goto failure;
+ seqlistidx++;
+ }
+
+
+ if (kparms)
+ {
+ /* Encode the key. */
+ buffer = build_key_sequence (kparms, &buflen);
+ if (!buffer)
+ goto failure;
+
+ /* Encrypt it. */
+ gcry_randomize (salt, 8, GCRY_STRONG_RANDOM);
+ crypt_block (buffer, buflen, salt, 8, 2048, pw, GCRY_CIPHER_3DES, 1);
+
+ /* Encode the encrypted stuff into a bag. */
+ if (cert && certlen)
+ seqlist[seqlistidx].buffer = build_key_bag (buffer, buflen, salt,
+ sha1hash, keyidstr, &n);
+ else
+ seqlist[seqlistidx].buffer = build_key_bag (buffer, buflen, salt,
+ NULL, NULL, &n);
+ seqlist[seqlistidx].length = n;
+ gcry_free (buffer);
+ buffer = NULL;
+ if (!seqlist[seqlistidx].buffer)
+ goto failure;
+ seqlistidx++;
+ }
+
+ seqlist[seqlistidx].buffer = NULL;
+ seqlist[seqlistidx].length = 0;
+
+ buffer = create_final (seqlist, pw, &buflen);
+
+ failure:
+ if (pwbuf)
+ {
+ wipememory (pwbuf, pwbufsize);
+ gcry_free (pwbuf);
+ }
+ for ( ; seqlistidx; seqlistidx--)
+ gcry_free (seqlist[seqlistidx].buffer);
+
+ *r_length = buffer? buflen : 0;
+ return buffer;
+}
+
+
+#ifdef TEST
+
+static void
+cert_cb (void *opaque, const unsigned char *cert, size_t certlen)
+{
+ printf ("got a certificate of %u bytes length\n", certlen);
+}
+
+int
+main (int argc, char **argv)
+{
+ FILE *fp;
+ struct stat st;
+ unsigned char *buf;
+ size_t buflen;
+ gcry_mpi_t *result;
+
+ if (argc != 3)
+ {
+ fprintf (stderr, "usage: testp12 file passphrase\n");
+ return 1;
+ }
+
+ gcry_control (GCRYCTL_DISABLE_SECMEM, NULL);
+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL);
+
+ fp = fopen (argv[1], "rb");
+ if (!fp)
+ {
+ fprintf (stderr, "can't open `%s': %s\n", argv[1], strerror (errno));
+ return 1;
+ }
+
+ if (fstat (fileno(fp), &st))
+ {
+ fprintf (stderr, "can't stat `%s': %s\n", argv[1], strerror (errno));
+ return 1;
+ }
+
+ buflen = st.st_size;
+ buf = gcry_malloc (buflen+1);
+ if (!buf || fread (buf, buflen, 1, fp) != 1)
+ {
+ fprintf (stderr, "error reading `%s': %s\n", argv[1], strerror (errno));
+ return 1;
+ }
+ fclose (fp);
+
+ result = p12_parse (buf, buflen, argv[2], cert_cb, NULL);
+ if (result)
+ {
+ int i, rc;
+ unsigned char *tmpbuf;
+
+ for (i=0; result[i]; i++)
+ {
+ rc = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &tmpbuf,
+ NULL, result[i]);
+ if (rc)
+ printf ("%d: [error printing number: %s]\n",
+ i, gpg_strerror (rc));
+ else
+ {
+ printf ("%d: %s\n", i, tmpbuf);
+ gcry_free (tmpbuf);
+ }
+ }
+ }
+
+ return 0;
+
+}
+
+/*
+Local Variables:
+compile-command: "gcc -Wall -O0 -g -DTEST=1 -o minip12 minip12.c ../jnlib/libjnlib.a -L /usr/local/lib -lgcrypt -lgpg-error"
+End:
+*/
+#endif /* TEST */
diff --git a/agent/minip12.h b/agent/minip12.h
new file mode 100644
index 0000000..998f82f
--- /dev/null
+++ b/agent/minip12.h
@@ -0,0 +1,36 @@
+/* minip12.h - Global definitions for the minimal pkcs-12 implementation.
+ * Copyright (C) 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef MINIP12_H
+#define MINIP12_H
+
+#include <gcrypt.h>
+
+gcry_mpi_t *p12_parse (const unsigned char *buffer, size_t length,
+ const char *pw,
+ void (*certcb)(void*, const unsigned char*, size_t),
+ void *certcbarg);
+
+unsigned char *p12_build (gcry_mpi_t *kparms,
+ unsigned char *cert, size_t certlen,
+ const char *pw, const char *charset,
+ size_t *r_length);
+
+
+#endif /*MINIP12_H*/
diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c
new file mode 100644
index 0000000..9e1c47d
--- /dev/null
+++ b/agent/pkdecrypt.c
@@ -0,0 +1,151 @@
+/* pkdecrypt.c - public key decryption (well, acually using a secret key)
+ * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/stat.h>
+
+#include "agent.h"
+
+
+/* DECRYPT the stuff in ciphertext which is expected to be a S-Exp.
+ Try to get the key from CTRL and write the decoded stuff back to
+ OUTFP. */
+int
+agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
+ const unsigned char *ciphertext, size_t ciphertextlen,
+ membuf_t *outbuf)
+{
+ gcry_sexp_t s_skey = NULL, s_cipher = NULL, s_plain = NULL;
+ unsigned char *shadow_info = NULL;
+ int rc;
+ char *buf = NULL;
+ size_t len;
+
+ if (!ctrl->have_keygrip)
+ {
+ log_error ("speculative decryption not yet supported\n");
+ rc = gpg_error (GPG_ERR_NO_SECKEY);
+ goto leave;
+ }
+
+ rc = gcry_sexp_sscan (&s_cipher, NULL, (char*)ciphertext, ciphertextlen);
+ if (rc)
+ {
+ log_error ("failed to convert ciphertext: %s\n", gpg_strerror (rc));
+ rc = gpg_error (GPG_ERR_INV_DATA);
+ goto leave;
+ }
+
+ if (DBG_CRYPTO)
+ {
+ log_printhex ("keygrip:", ctrl->keygrip, 20);
+ log_printhex ("cipher: ", ciphertext, ciphertextlen);
+ }
+ rc = agent_key_from_file (ctrl, desc_text,
+ ctrl->keygrip, &shadow_info,
+ CACHE_MODE_NORMAL, NULL, &s_skey);
+ if (rc)
+ {
+ if (gpg_err_code (rc) == GPG_ERR_ENOENT)
+ rc = gpg_error (GPG_ERR_NO_SECKEY);
+ else
+ log_error ("failed to read the secret key\n");
+ goto leave;
+ }
+
+ if (!s_skey)
+ { /* divert operation to the smartcard */
+
+ if (!gcry_sexp_canon_len (ciphertext, ciphertextlen, NULL, NULL))
+ {
+ rc = gpg_error (GPG_ERR_INV_SEXP);
+ goto leave;
+ }
+
+ rc = divert_pkdecrypt (ctrl, ciphertext, shadow_info, &buf, &len );
+ if (rc)
+ {
+ log_error ("smartcard decryption failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ {
+ char tmpbuf[60];
+
+ sprintf (tmpbuf, "(5:value%u:", (unsigned int)len);
+ put_membuf (outbuf, tmpbuf, strlen (tmpbuf));
+ put_membuf (outbuf, buf, len);
+ put_membuf (outbuf, ")", 2);
+ }
+ }
+ else
+ { /* No smartcard, but a private key */
+/* if (DBG_CRYPTO ) */
+/* { */
+/* log_debug ("skey: "); */
+/* gcry_sexp_dump (s_skey); */
+/* } */
+
+ rc = gcry_pk_decrypt (&s_plain, s_cipher, s_skey);
+ if (rc)
+ {
+ log_error ("decryption failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ if (DBG_CRYPTO)
+ {
+ log_debug ("plain: ");
+ gcry_sexp_dump (s_plain);
+ }
+ len = gcry_sexp_sprint (s_plain, GCRYSEXP_FMT_CANON, NULL, 0);
+ assert (len);
+ buf = xmalloc (len);
+ len = gcry_sexp_sprint (s_plain, GCRYSEXP_FMT_CANON, buf, len);
+ assert (len);
+ if (*buf == '(')
+ put_membuf (outbuf, buf, len);
+ else
+ {
+ /* Old style libgcrypt: This is only an S-expression
+ part. Turn it into a complete S-expression. */
+ put_membuf (outbuf, "(5:value", 8);
+ put_membuf (outbuf, buf, len);
+ put_membuf (outbuf, ")", 2);
+ }
+ }
+
+
+ leave:
+ gcry_sexp_release (s_skey);
+ gcry_sexp_release (s_plain);
+ gcry_sexp_release (s_cipher);
+ xfree (buf);
+ xfree (shadow_info);
+ return rc;
+}
+
+
diff --git a/agent/pksign.c b/agent/pksign.c
new file mode 100644
index 0000000..25cadb2
--- /dev/null
+++ b/agent/pksign.c
@@ -0,0 +1,261 @@
+/* pksign.c - public key signing (well, actually using a secret key)
+ * Copyright (C) 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/stat.h>
+
+#include "agent.h"
+
+
+static int
+do_encode_md (const byte * md, size_t mdlen, int algo, gcry_sexp_t * r_hash,
+ int raw_value)
+{
+ gcry_sexp_t hash;
+ int rc;
+
+ if (!raw_value)
+ {
+ const char *s;
+ char tmp[16+1];
+ int i;
+
+ s = gcry_md_algo_name (algo);
+ if (s && strlen (s) < 16)
+ {
+ for (i=0; i < strlen (s); i++)
+ tmp[i] = tolower (s[i]);
+ tmp[i] = '\0';
+ }
+
+ rc = gcry_sexp_build (&hash, NULL,
+ "(data (flags pkcs1) (hash %s %b))",
+ tmp, (int)mdlen, md);
+ }
+ else
+ {
+ gcry_mpi_t mpi;
+
+ rc = gcry_mpi_scan (&mpi, GCRYMPI_FMT_USG, md, mdlen, NULL);
+ if (! rc)
+ {
+ rc = gcry_sexp_build (&hash, NULL,
+ "(data (flags raw) (value %m))",
+ mpi);
+ gcry_mpi_release (mpi);
+ }
+
+ }
+
+ *r_hash = hash;
+ return rc;
+}
+
+
+/* Special version of do_encode_md to take care of pkcs#1 padding.
+ For TLS-MD5SHA1 we need to do the padding ourself as Libgrypt does
+ not know about this special scheme. Fixme: We should have a
+ pkcs1-only-padding flag for Libgcrypt. */
+static int
+do_encode_raw_pkcs1 (const byte *md, size_t mdlen, unsigned int nbits,
+ gcry_sexp_t *r_hash)
+{
+ int rc;
+ gcry_sexp_t hash;
+ unsigned char *frame;
+ size_t i, n, nframe;
+
+ nframe = (nbits+7) / 8;
+ if ( !mdlen || mdlen + 8 + 4 > nframe )
+ {
+ /* Can't encode this hash into a frame of size NFRAME. */
+ return gpg_error (GPG_ERR_TOO_SHORT);
+ }
+
+ frame = xtrymalloc (nframe);
+ if (!frame)
+ return gpg_error_from_syserror ();
+
+ /* Assemble the pkcs#1 block type 1. */
+ n = 0;
+ frame[n++] = 0;
+ frame[n++] = 1; /* Block type. */
+ i = nframe - mdlen - 3 ;
+ assert (i >= 8); /* At least 8 bytes of padding. */
+ memset (frame+n, 0xff, i );
+ n += i;
+ frame[n++] = 0;
+ memcpy (frame+n, md, mdlen );
+ n += mdlen;
+ assert (n == nframe);
+
+ /* Create the S-expression. */
+ rc = gcry_sexp_build (&hash, NULL,
+ "(data (flags raw) (value %b))",
+ (int)nframe, frame);
+ xfree (frame);
+
+ *r_hash = hash;
+ return rc;
+}
+
+
+
+/* SIGN whatever information we have accumulated in CTRL and return
+ the signature S-expression. LOOKUP is an optional function to
+ provide a way for lower layers to ask for the caching TTL. */
+int
+agent_pksign_do (ctrl_t ctrl, const char *desc_text,
+ gcry_sexp_t *signature_sexp,
+ cache_mode_t cache_mode, lookup_ttl_t lookup_ttl)
+{
+ gcry_sexp_t s_skey = NULL, s_sig = NULL;
+ unsigned char *shadow_info = NULL;
+ unsigned int rc = 0; /* FIXME: gpg-error? */
+
+ if (! ctrl->have_keygrip)
+ return gpg_error (GPG_ERR_NO_SECKEY);
+
+ rc = agent_key_from_file (ctrl, desc_text, ctrl->keygrip,
+ &shadow_info, cache_mode, lookup_ttl,
+ &s_skey);
+ if (rc)
+ {
+ log_error ("failed to read the secret key\n");
+ goto leave;
+ }
+
+ if (!s_skey)
+ {
+ /* Divert operation to the smartcard */
+
+ unsigned char *buf = NULL;
+ size_t len = 0;
+
+ rc = divert_pksign (ctrl,
+ ctrl->digest.value,
+ ctrl->digest.valuelen,
+ ctrl->digest.algo,
+ shadow_info, &buf);
+ if (rc)
+ {
+ log_error ("smartcard signing failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ len = gcry_sexp_canon_len (buf, 0, NULL, NULL);
+ assert (len);
+
+ rc = gcry_sexp_sscan (&s_sig, NULL, (char*)buf, len);
+ xfree (buf);
+ if (rc)
+ {
+ log_error ("failed to convert sigbuf returned by divert_pksign "
+ "into S-Exp: %s", gpg_strerror (rc));
+ goto leave;
+ }
+ }
+ else
+ {
+ /* No smartcard, but a private key */
+
+ gcry_sexp_t s_hash = NULL;
+
+ /* Put the hash into a sexp */
+ if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
+ rc = do_encode_raw_pkcs1 (ctrl->digest.value,
+ ctrl->digest.valuelen,
+ gcry_pk_get_nbits (s_skey),
+ &s_hash);
+ else
+ rc = do_encode_md (ctrl->digest.value,
+ ctrl->digest.valuelen,
+ ctrl->digest.algo,
+ &s_hash,
+ ctrl->digest.raw_value);
+ if (rc)
+ goto leave;
+
+ if (DBG_CRYPTO)
+ {
+ log_debug ("skey: ");
+ gcry_sexp_dump (s_skey);
+ }
+
+ /* sign */
+ rc = gcry_pk_sign (&s_sig, s_hash, s_skey);
+ gcry_sexp_release (s_hash);
+ if (rc)
+ {
+ log_error ("signing failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ if (DBG_CRYPTO)
+ {
+ log_debug ("result: ");
+ gcry_sexp_dump (s_sig);
+ }
+ }
+
+ leave:
+
+ *signature_sexp = s_sig;
+
+ gcry_sexp_release (s_skey);
+ xfree (shadow_info);
+
+ return rc;
+}
+
+/* SIGN whatever information we have accumulated in CTRL and write it
+ back to OUTFP. */
+int
+agent_pksign (ctrl_t ctrl, const char *desc_text,
+ membuf_t *outbuf, cache_mode_t cache_mode)
+{
+ gcry_sexp_t s_sig = NULL;
+ char *buf = NULL;
+ size_t len = 0;
+ int rc = 0;
+
+ rc = agent_pksign_do (ctrl, desc_text, &s_sig, cache_mode, NULL);
+ if (rc)
+ goto leave;
+
+ len = gcry_sexp_sprint (s_sig, GCRYSEXP_FMT_CANON, NULL, 0);
+ assert (len);
+ buf = xmalloc (len);
+ len = gcry_sexp_sprint (s_sig, GCRYSEXP_FMT_CANON, buf, len);
+ assert (len);
+
+ put_membuf (outbuf, buf, len);
+
+ leave:
+ gcry_sexp_release (s_sig);
+ xfree (buf);
+
+ return rc;
+}
diff --git a/agent/preset-passphrase.c b/agent/preset-passphrase.c
new file mode 100644
index 0000000..72de91b
--- /dev/null
+++ b/agent/preset-passphrase.c
@@ -0,0 +1,270 @@
+/* preset-passphrase.c - A tool to preset a passphrase.
+ * Copyright (C) 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdarg.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#ifdef HAVE_LOCALE_H
+#include <locale.h>
+#endif
+#ifdef HAVE_LANGINFO_CODESET
+#include <langinfo.h>
+#endif
+#ifdef HAVE_DOSISH_SYSTEM
+#include <fcntl.h> /* for setmode() */
+#endif
+#ifdef HAVE_W32_SYSTEM
+#include <windows.h> /* To initialize the sockets. fixme */
+#endif
+
+#define JNLIB_NEED_LOG_LOGV
+#include "agent.h"
+#include "minip12.h"
+#include "simple-pwquery.h"
+#include "i18n.h"
+#include "sysutils.h"
+
+
+enum cmd_and_opt_values
+{ aNull = 0,
+ oVerbose = 'v',
+ oPassphrase = 'P',
+
+ oPreset = 'c',
+ oForget = 'f',
+
+ oNoVerbose = 500,
+
+ oHomedir,
+
+aTest };
+
+
+static const char *opt_homedir;
+static const char *opt_passphrase;
+
+static ARGPARSE_OPTS opts[] = {
+
+ { 301, NULL, 0, N_("@Options:\n ") },
+
+ { oVerbose, "verbose", 0, "verbose" },
+ { oPassphrase, "passphrase", 2, "|STRING|use passphrase STRING" },
+ { oPreset, "preset", 256, "preset passphrase"},
+ { oForget, "forget", 256, "forget passphrase"},
+
+ { oHomedir, "homedir", 2, "@" },
+ {0}
+};
+
+
+static const char *
+my_strusage (int level)
+{
+ const char *p;
+ switch (level)
+ {
+ case 11: p = "gpg-preset-passphrase (GnuPG)";
+ break;
+ case 13: p = VERSION; break;
+ case 17: p = PRINTABLE_OS_NAME; break;
+ case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+ case 1:
+ case 40:
+ p = _("Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n");
+ break;
+ case 41:
+ p = _("Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+ "Password cache maintenance\n");
+ break;
+
+ default: p = NULL;
+ }
+ return p;
+}
+
+
+
+
+/* Include the implementation of map_spwq_error. */
+MAP_SPWQ_ERROR_IMPL
+
+
+static void
+preset_passphrase (const char *keygrip)
+{
+ int rc;
+ char *line;
+ /* FIXME: Use secure memory. */
+ char passphrase[500];
+ char *passphrase_esc;
+
+ if (!opt_passphrase)
+ {
+ rc = read (0, passphrase, sizeof (passphrase) - 1);
+ if (rc < 0)
+ {
+ log_error ("reading passphrase failed: %s\n",
+ gpg_strerror (gpg_error_from_syserror ()));
+ return;
+ }
+ passphrase[rc] = '\0';
+ line = strchr (passphrase, '\n');
+ if (line)
+ {
+ if (line > passphrase && line[-1] == '\r')
+ line--;
+ *line = '\0';
+ }
+
+ /* FIXME: How to handle empty passwords? */
+ }
+
+ {
+ const char *s = opt_passphrase ? opt_passphrase : passphrase;
+ passphrase_esc = bin2hex (s, strlen (s), NULL);
+ }
+ if (!passphrase_esc)
+ {
+ log_error ("can not escape string: %s\n",
+ gpg_strerror (gpg_error_from_syserror ()));
+ return;
+ }
+
+ rc = asprintf (&line, "PRESET_PASSPHRASE %s -1 %s\n", keygrip,
+ passphrase_esc);
+ wipememory (passphrase_esc, strlen (passphrase_esc));
+ xfree (passphrase_esc);
+
+ if (rc < 0)
+ {
+ log_error ("caching passphrase failed: %s\n",
+ gpg_strerror (gpg_error_from_syserror ()));
+ return;
+ }
+ if (!opt_passphrase)
+ wipememory (passphrase, sizeof (passphrase));
+
+ rc = map_spwq_error (simple_query (line));
+ if (rc)
+ {
+ log_error ("caching passphrase failed: %s\n", gpg_strerror (rc));
+ return;
+ }
+
+ wipememory (line, strlen (line));
+ xfree (line);
+}
+
+
+static void
+forget_passphrase (const char *keygrip)
+{
+ int rc;
+ char *line;
+
+ rc = asprintf (&line, "CLEAR_PASSPHRASE %s\n", keygrip);
+ if (rc < 0)
+ rc = gpg_error_from_syserror ();
+ else
+ rc = map_spwq_error (simple_query (line));
+ if (rc)
+ {
+ log_error ("clearing passphrase failed: %s\n", gpg_strerror (rc));
+ return;
+ }
+
+ xfree (line);
+}
+
+
+int
+main (int argc, char **argv)
+{
+ ARGPARSE_ARGS pargs;
+ int cmd = 0;
+ const char *keygrip = NULL;
+
+ set_strusage (my_strusage);
+ log_set_prefix ("gpg-preset-passphrase", 1);
+
+ /* Make sure that our subsystems are ready. */
+ i18n_init ();
+ init_common_subsystems ();
+
+ opt_homedir = default_homedir ();
+
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags= 1; /* (do not remove the args) */
+ while (arg_parse (&pargs, opts) )
+ {
+ switch (pargs.r_opt)
+ {
+ case oVerbose: opt.verbose++; break;
+ case oHomedir: opt_homedir = pargs.r.ret_str; break;
+
+ case oPreset: cmd = oPreset; break;
+ case oForget: cmd = oForget; break;
+ case oPassphrase: opt_passphrase = pargs.r.ret_str; break;
+
+ default : pargs.err = 2; break;
+ }
+ }
+ if (log_get_errorcount(0))
+ exit(2);
+
+ if (argc == 1)
+ keygrip = *argv;
+ else
+ usage (1);
+
+ /* Tell simple-pwquery about the the standard socket name. */
+ {
+ char *tmp = make_filename (opt_homedir, "S.gpg-agent", NULL);
+ simple_pw_set_socket (tmp);
+ xfree (tmp);
+ }
+
+ if (cmd == oPreset)
+ preset_passphrase (keygrip);
+ else if (cmd == oForget)
+ forget_passphrase (keygrip);
+ else
+ log_error ("one of the options --preset or --forget must be given\n");
+
+ agent_exit (0);
+ return 8; /*NOTREACHED*/
+}
+
+
+void
+agent_exit (int rc)
+{
+ rc = rc? rc : log_get_errorcount(0)? 2 : 0;
+ exit (rc);
+}
diff --git a/agent/protect-tool.c b/agent/protect-tool.c
new file mode 100644
index 0000000..dc040f9
--- /dev/null
+++ b/agent/protect-tool.c
@@ -0,0 +1,1271 @@
+/* protect-tool.c - A tool to test the secret key protection
+ * Copyright (C) 2002, 2003, 2004, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdarg.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#ifdef HAVE_LOCALE_H
+#include <locale.h>
+#endif
+#ifdef HAVE_LANGINFO_CODESET
+#include <langinfo.h>
+#endif
+#ifdef HAVE_DOSISH_SYSTEM
+#include <fcntl.h> /* for setmode() */
+#endif
+
+#define JNLIB_NEED_LOG_LOGV
+#include "agent.h"
+#include "minip12.h"
+#include "i18n.h"
+#include "get-passphrase.h"
+#include "sysutils.h"
+#include "estream.h"
+
+
+enum cmd_and_opt_values
+{
+ aNull = 0,
+ oVerbose = 'v',
+ oArmor = 'a',
+ oPassphrase = 'P',
+
+ oProtect = 'p',
+ oUnprotect = 'u',
+
+ oNoVerbose = 500,
+ oShadow,
+ oShowShadowInfo,
+ oShowKeygrip,
+ oS2Kcalibration,
+ oCanonical,
+
+ oP12Import,
+ oP12Export,
+ oP12Charset,
+ oStore,
+ oForce,
+ oHaveCert,
+ oNoFailOnExist,
+ oHomedir,
+ oPrompt,
+ oStatusMsg,
+
+ oAgentProgram
+};
+
+
+struct rsa_secret_key_s
+{
+ gcry_mpi_t n; /* public modulus */
+ gcry_mpi_t e; /* public exponent */
+ gcry_mpi_t d; /* exponent */
+ gcry_mpi_t p; /* prime p. */
+ gcry_mpi_t q; /* prime q. */
+ gcry_mpi_t u; /* inverse of p mod q. */
+};
+
+
+static const char *opt_homedir;
+static int opt_armor;
+static int opt_canonical;
+static int opt_store;
+static int opt_force;
+static int opt_no_fail_on_exist;
+static int opt_have_cert;
+static const char *opt_passphrase;
+static char *opt_prompt;
+static int opt_status_msg;
+static const char *opt_p12_charset;
+static const char *opt_agent_program;
+
+static char *get_passphrase (int promptno);
+static void release_passphrase (char *pw);
+static int store_private_key (const unsigned char *grip,
+ const void *buffer, size_t length, int force);
+
+
+static ARGPARSE_OPTS opts[] = {
+ ARGPARSE_group (300, N_("@Commands:\n ")),
+
+ ARGPARSE_c (oProtect, "protect", "protect a private key"),
+ ARGPARSE_c (oUnprotect, "unprotect", "unprotect a private key"),
+ ARGPARSE_c (oShadow, "shadow", "create a shadow entry for a public key"),
+ ARGPARSE_c (oShowShadowInfo, "show-shadow-info", "return the shadow info"),
+ ARGPARSE_c (oShowKeygrip, "show-keygrip", "show the \"keygrip\""),
+ ARGPARSE_c (oP12Import, "p12-import",
+ "import a pkcs#12 encoded private key"),
+ ARGPARSE_c (oP12Export, "p12-export",
+ "export a private key pkcs#12 encoded"),
+
+ ARGPARSE_c (oS2Kcalibration, "s2k-calibration", "@"),
+
+ ARGPARSE_group (301, N_("@\nOptions:\n ")),
+
+ ARGPARSE_s_n (oVerbose, "verbose", "verbose"),
+ ARGPARSE_s_n (oArmor, "armor", "write output in advanced format"),
+ ARGPARSE_s_n (oCanonical, "canonical", "write output in canonical format"),
+
+ ARGPARSE_s_s (oPassphrase, "passphrase", "|STRING|use passphrase STRING"),
+ ARGPARSE_s_s (oP12Charset,"p12-charset",
+ "|NAME|set charset for a new PKCS#12 passphrase to NAME"),
+ ARGPARSE_s_n (oHaveCert, "have-cert",
+ "certificate to export provided on STDIN"),
+ ARGPARSE_s_n (oStore, "store",
+ "store the created key in the appropriate place"),
+ ARGPARSE_s_n (oForce, "force",
+ "force overwriting"),
+ ARGPARSE_s_n (oNoFailOnExist, "no-fail-on-exist", "@"),
+ ARGPARSE_s_s (oHomedir, "homedir", "@"),
+ ARGPARSE_s_s (oPrompt, "prompt",
+ "|ESCSTRING|use ESCSTRING as prompt in pinentry"),
+ ARGPARSE_s_n (oStatusMsg, "enable-status-msg", "@"),
+
+ ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
+
+ ARGPARSE_end ()
+};
+
+static const char *
+my_strusage (int level)
+{
+ const char *p;
+ switch (level)
+ {
+ case 11: p = "gpg-protect-tool (GnuPG)";
+ break;
+ case 13: p = VERSION; break;
+ case 17: p = PRINTABLE_OS_NAME; break;
+ case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+ case 1:
+ case 40: p = _("Usage: gpg-protect-tool [options] (-h for help)\n");
+ break;
+ case 41: p = _("Syntax: gpg-protect-tool [options] [args]\n"
+ "Secret key maintenance tool\n");
+ break;
+
+ default: p = NULL;
+ }
+ return p;
+}
+
+
+/* static void */
+/* print_mpi (const char *text, gcry_mpi_t a) */
+/* { */
+/* char *buf; */
+/* void *bufaddr = &buf; */
+/* int rc; */
+
+/* rc = gcry_mpi_aprint (GCRYMPI_FMT_HEX, bufaddr, NULL, a); */
+/* if (rc) */
+/* log_info ("%s: [error printing number: %s]\n", text, gpg_strerror (rc)); */
+/* else */
+/* { */
+/* log_info ("%s: %s\n", text, buf); */
+/* gcry_free (buf); */
+/* } */
+/* } */
+
+
+
+static unsigned char *
+make_canonical (const char *fname, const char *buf, size_t buflen)
+{
+ int rc;
+ size_t erroff, len;
+ gcry_sexp_t sexp;
+ unsigned char *result;
+
+ rc = gcry_sexp_sscan (&sexp, &erroff, buf, buflen);
+ if (rc)
+ {
+ log_error ("invalid S-Expression in `%s' (off=%u): %s\n",
+ fname, (unsigned int)erroff, gpg_strerror (rc));
+ return NULL;
+ }
+ len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, NULL, 0);
+ assert (len);
+ result = xmalloc (len);
+ len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, result, len);
+ assert (len);
+ gcry_sexp_release (sexp);
+ return result;
+}
+
+static char *
+make_advanced (const unsigned char *buf, size_t buflen)
+{
+ int rc;
+ size_t erroff, len;
+ gcry_sexp_t sexp;
+ char *result;
+
+ rc = gcry_sexp_sscan (&sexp, &erroff, (const char*)buf, buflen);
+ if (rc)
+ {
+ log_error ("invalid canonical S-Expression (off=%u): %s\n",
+ (unsigned int)erroff, gpg_strerror (rc));
+ return NULL;
+ }
+ len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0);
+ assert (len);
+ result = xmalloc (len);
+ len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, result, len);
+ assert (len);
+ gcry_sexp_release (sexp);
+ return result;
+}
+
+
+static char *
+read_file (const char *fname, size_t *r_length)
+{
+ FILE *fp;
+ char *buf;
+ size_t buflen;
+
+ if (!strcmp (fname, "-"))
+ {
+ size_t nread, bufsize = 0;
+
+ fp = stdin;
+#ifdef HAVE_DOSISH_SYSTEM
+ setmode ( fileno(fp) , O_BINARY );
+#endif
+ buf = NULL;
+ buflen = 0;
+#define NCHUNK 8192
+ do
+ {
+ bufsize += NCHUNK;
+ if (!buf)
+ buf = xmalloc (bufsize);
+ else
+ buf = xrealloc (buf, bufsize);
+
+ nread = fread (buf+buflen, 1, NCHUNK, fp);
+ if (nread < NCHUNK && ferror (fp))
+ {
+ log_error ("error reading `[stdin]': %s\n", strerror (errno));
+ xfree (buf);
+ return NULL;
+ }
+ buflen += nread;
+ }
+ while (nread == NCHUNK);
+#undef NCHUNK
+
+ }
+ else
+ {
+ struct stat st;
+
+ fp = fopen (fname, "rb");
+ if (!fp)
+ {
+ log_error ("can't open `%s': %s\n", fname, strerror (errno));
+ return NULL;
+ }
+
+ if (fstat (fileno(fp), &st))
+ {
+ log_error ("can't stat `%s': %s\n", fname, strerror (errno));
+ fclose (fp);
+ return NULL;
+ }
+
+ buflen = st.st_size;
+ buf = xmalloc (buflen+1);
+ if (fread (buf, buflen, 1, fp) != 1)
+ {
+ log_error ("error reading `%s': %s\n", fname, strerror (errno));
+ fclose (fp);
+ xfree (buf);
+ return NULL;
+ }
+ fclose (fp);
+ }
+
+ *r_length = buflen;
+ return buf;
+}
+
+
+static unsigned char *
+read_key (const char *fname)
+{
+ char *buf;
+ size_t buflen;
+ unsigned char *key;
+
+ buf = read_file (fname, &buflen);
+ if (!buf)
+ return NULL;
+ key = make_canonical (fname, buf, buflen);
+ xfree (buf);
+ return key;
+}
+
+
+
+static void
+read_and_protect (const char *fname)
+{
+ int rc;
+ unsigned char *key;
+ unsigned char *result;
+ size_t resultlen;
+ char *pw;
+
+ key = read_key (fname);
+ if (!key)
+ return;
+
+ pw = get_passphrase (1);
+ rc = agent_protect (key, pw, &result, &resultlen);
+ release_passphrase (pw);
+ xfree (key);
+ if (rc)
+ {
+ log_error ("protecting the key failed: %s\n", gpg_strerror (rc));
+ return;
+ }
+
+ if (opt_armor)
+ {
+ char *p = make_advanced (result, resultlen);
+ xfree (result);
+ if (!p)
+ return;
+ result = (unsigned char*)p;
+ resultlen = strlen (p);
+ }
+
+ fwrite (result, resultlen, 1, stdout);
+ xfree (result);
+}
+
+
+static void
+read_and_unprotect (const char *fname)
+{
+ int rc;
+ unsigned char *key;
+ unsigned char *result;
+ size_t resultlen;
+ char *pw;
+ gnupg_isotime_t protected_at;
+
+ key = read_key (fname);
+ if (!key)
+ return;
+
+ rc = agent_unprotect (key, (pw=get_passphrase (1)),
+ protected_at, &result, &resultlen);
+ release_passphrase (pw);
+ xfree (key);
+ if (rc)
+ {
+ if (opt_status_msg)
+ log_info ("[PROTECT-TOOL:] bad-passphrase\n");
+ log_error ("unprotecting the key failed: %s\n", gpg_strerror (rc));
+ return;
+ }
+ if (opt.verbose)
+ log_info ("key protection done at %.4s-%.2s-%.2s %.2s:%.2s:%s\n",
+ protected_at, protected_at+4, protected_at+6,
+ protected_at+9, protected_at+11, protected_at+13);
+
+
+ if (opt_armor)
+ {
+ char *p = make_advanced (result, resultlen);
+ xfree (result);
+ if (!p)
+ return;
+ result = (unsigned char*)p;
+ resultlen = strlen (p);
+ }
+
+ fwrite (result, resultlen, 1, stdout);
+ xfree (result);
+}
+
+
+
+static void
+read_and_shadow (const char *fname)
+{
+ int rc;
+ unsigned char *key;
+ unsigned char *result;
+ size_t resultlen;
+ unsigned char dummy_info[] = "(8:313233342:43)";
+
+ key = read_key (fname);
+ if (!key)
+ return;
+
+ rc = agent_shadow_key (key, dummy_info, &result);
+ xfree (key);
+ if (rc)
+ {
+ log_error ("shadowing the key failed: %s\n", gpg_strerror (rc));
+ return;
+ }
+ resultlen = gcry_sexp_canon_len (result, 0, NULL,NULL);
+ assert (resultlen);
+
+ if (opt_armor)
+ {
+ char *p = make_advanced (result, resultlen);
+ xfree (result);
+ if (!p)
+ return;
+ result = (unsigned char*)p;
+ resultlen = strlen (p);
+ }
+
+ fwrite (result, resultlen, 1, stdout);
+ xfree (result);
+}
+
+static void
+show_shadow_info (const char *fname)
+{
+ int rc;
+ unsigned char *key;
+ const unsigned char *info;
+ size_t infolen;
+
+ key = read_key (fname);
+ if (!key)
+ return;
+
+ rc = agent_get_shadow_info (key, &info);
+ xfree (key);
+ if (rc)
+ {
+ log_error ("get_shadow_info failed: %s\n", gpg_strerror (rc));
+ return;
+ }
+ infolen = gcry_sexp_canon_len (info, 0, NULL,NULL);
+ assert (infolen);
+
+ if (opt_armor)
+ {
+ char *p = make_advanced (info, infolen);
+ if (!p)
+ return;
+ fwrite (p, strlen (p), 1, stdout);
+ xfree (p);
+ }
+ else
+ fwrite (info, infolen, 1, stdout);
+}
+
+
+static void
+show_file (const char *fname)
+{
+ unsigned char *key;
+ size_t keylen;
+ char *p;
+
+ key = read_key (fname);
+ if (!key)
+ return;
+
+ keylen = gcry_sexp_canon_len (key, 0, NULL,NULL);
+ assert (keylen);
+
+ if (opt_canonical)
+ {
+ fwrite (key, keylen, 1, stdout);
+ }
+ else
+ {
+ p = make_advanced (key, keylen);
+ if (p)
+ {
+ fwrite (p, strlen (p), 1, stdout);
+ xfree (p);
+ }
+ }
+ xfree (key);
+}
+
+static void
+show_keygrip (const char *fname)
+{
+ unsigned char *key;
+ gcry_sexp_t private;
+ unsigned char grip[20];
+ int i;
+
+ key = read_key (fname);
+ if (!key)
+ return;
+
+ if (gcry_sexp_new (&private, key, 0, 0))
+ {
+ log_error ("gcry_sexp_new failed\n");
+ return;
+ }
+ xfree (key);
+
+ if (!gcry_pk_get_keygrip (private, grip))
+ {
+ log_error ("can't calculate keygrip\n");
+ return;
+ }
+ gcry_sexp_release (private);
+
+ for (i=0; i < 20; i++)
+ printf ("%02X", grip[i]);
+ putchar ('\n');
+}
+
+
+static int
+rsa_key_check (struct rsa_secret_key_s *skey)
+{
+ int err = 0;
+ gcry_mpi_t t = gcry_mpi_snew (0);
+ gcry_mpi_t t1 = gcry_mpi_snew (0);
+ gcry_mpi_t t2 = gcry_mpi_snew (0);
+ gcry_mpi_t phi = gcry_mpi_snew (0);
+
+ /* check that n == p * q */
+ gcry_mpi_mul (t, skey->p, skey->q);
+ if (gcry_mpi_cmp( t, skey->n) )
+ {
+ log_error ("RSA oops: n != p * q\n");
+ err++;
+ }
+
+ /* check that p is less than q */
+ if (gcry_mpi_cmp (skey->p, skey->q) > 0)
+ {
+ gcry_mpi_t tmp;
+
+ log_info ("swapping secret primes\n");
+ tmp = gcry_mpi_copy (skey->p);
+ gcry_mpi_set (skey->p, skey->q);
+ gcry_mpi_set (skey->q, tmp);
+ gcry_mpi_release (tmp);
+ /* and must recompute u of course */
+ gcry_mpi_invm (skey->u, skey->p, skey->q);
+ }
+
+ /* check that e divides neither p-1 nor q-1 */
+ gcry_mpi_sub_ui (t, skey->p, 1 );
+ gcry_mpi_div (NULL, t, t, skey->e, 0);
+ if (!gcry_mpi_cmp_ui( t, 0) )
+ {
+ log_error ("RSA oops: e divides p-1\n");
+ err++;
+ }
+ gcry_mpi_sub_ui (t, skey->q, 1);
+ gcry_mpi_div (NULL, t, t, skey->e, 0);
+ if (!gcry_mpi_cmp_ui( t, 0))
+ {
+ log_info ( "RSA oops: e divides q-1\n" );
+ err++;
+ }
+
+ /* check that d is correct. */
+ gcry_mpi_sub_ui (t1, skey->p, 1);
+ gcry_mpi_sub_ui (t2, skey->q, 1);
+ gcry_mpi_mul (phi, t1, t2);
+ gcry_mpi_invm (t, skey->e, phi);
+ if (gcry_mpi_cmp (t, skey->d))
+ { /* no: try universal exponent. */
+ gcry_mpi_gcd (t, t1, t2);
+ gcry_mpi_div (t, NULL, phi, t, 0);
+ gcry_mpi_invm (t, skey->e, t);
+ if (gcry_mpi_cmp (t, skey->d))
+ {
+ log_error ("RSA oops: bad secret exponent\n");
+ err++;
+ }
+ }
+
+ /* check for correctness of u */
+ gcry_mpi_invm (t, skey->p, skey->q);
+ if (gcry_mpi_cmp (t, skey->u))
+ {
+ log_info ( "RSA oops: bad u parameter\n");
+ err++;
+ }
+
+ if (err)
+ log_info ("RSA secret key check failed\n");
+
+ gcry_mpi_release (t);
+ gcry_mpi_release (t1);
+ gcry_mpi_release (t2);
+ gcry_mpi_release (phi);
+
+ return err? -1:0;
+}
+
+
+/* A callback used by p12_parse to return a certificate. */
+static void
+import_p12_cert_cb (void *opaque, const unsigned char *cert, size_t certlen)
+{
+ struct b64state state;
+ gpg_error_t err, err2;
+
+ (void)opaque;
+
+ err = b64enc_start (&state, stdout, "CERTIFICATE");
+ if (!err)
+ err = b64enc_write (&state, cert, certlen);
+ err2 = b64enc_finish (&state);
+ if (!err)
+ err = err2;
+ if (err)
+ log_error ("error writing armored certificate: %s\n", gpg_strerror (err));
+}
+
+static void
+import_p12_file (const char *fname)
+{
+ char *buf;
+ unsigned char *result;
+ size_t buflen, resultlen, buf_off;
+ int i;
+ int rc;
+ gcry_mpi_t *kparms;
+ struct rsa_secret_key_s sk;
+ gcry_sexp_t s_key;
+ unsigned char *key;
+ unsigned char grip[20];
+ char *pw;
+
+ /* fixme: we should release some stuff on error */
+
+ buf = read_file (fname, &buflen);
+ if (!buf)
+ return;
+
+ /* GnuPG 2.0.4 accidently created binary P12 files with the string
+ "The passphrase is %s encoded.\n\n" prepended to the ASN.1 data.
+ We fix that here. */
+ if (buflen > 29 && !memcmp (buf, "The passphrase is ", 18))
+ {
+ for (buf_off=18; buf_off < buflen && buf[buf_off] != '\n'; buf_off++)
+ ;
+ buf_off++;
+ if (buf_off < buflen && buf[buf_off] == '\n')
+ buf_off++;
+ }
+ else
+ buf_off = 0;
+
+ kparms = p12_parse ((unsigned char*)buf+buf_off, buflen-buf_off,
+ (pw=get_passphrase (2)),
+ import_p12_cert_cb, NULL);
+ release_passphrase (pw);
+ xfree (buf);
+ if (!kparms)
+ {
+ log_error ("error parsing or decrypting the PKCS-12 file\n");
+ return;
+ }
+ for (i=0; kparms[i]; i++)
+ ;
+ if (i != 8)
+ {
+ log_error ("invalid structure of private key\n");
+ return;
+ }
+
+
+/* print_mpi (" n", kparms[0]); */
+/* print_mpi (" e", kparms[1]); */
+/* print_mpi (" d", kparms[2]); */
+/* print_mpi (" p", kparms[3]); */
+/* print_mpi (" q", kparms[4]); */
+/* print_mpi ("dmp1", kparms[5]); */
+/* print_mpi ("dmq1", kparms[6]); */
+/* print_mpi (" u", kparms[7]); */
+
+ sk.n = kparms[0];
+ sk.e = kparms[1];
+ sk.d = kparms[2];
+ sk.q = kparms[3];
+ sk.p = kparms[4];
+ sk.u = kparms[7];
+ if (rsa_key_check (&sk))
+ return;
+/* print_mpi (" n", sk.n); */
+/* print_mpi (" e", sk.e); */
+/* print_mpi (" d", sk.d); */
+/* print_mpi (" p", sk.p); */
+/* print_mpi (" q", sk.q); */
+/* print_mpi (" u", sk.u); */
+
+ /* Create an S-expresion from the parameters. */
+ rc = gcry_sexp_build (&s_key, NULL,
+ "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
+ sk.n, sk.e, sk.d, sk.p, sk.q, sk.u, NULL);
+ for (i=0; i < 8; i++)
+ gcry_mpi_release (kparms[i]);
+ gcry_free (kparms);
+ if (rc)
+ {
+ log_error ("failed to created S-expression from key: %s\n",
+ gpg_strerror (rc));
+ return;
+ }
+
+ /* Compute the keygrip. */
+ if (!gcry_pk_get_keygrip (s_key, grip))
+ {
+ log_error ("can't calculate keygrip\n");
+ return;
+ }
+ log_info ("keygrip: ");
+ for (i=0; i < 20; i++)
+ log_printf ("%02X", grip[i]);
+ log_printf ("\n");
+
+ /* Convert to canonical encoding. */
+ buflen = gcry_sexp_sprint (s_key, GCRYSEXP_FMT_CANON, NULL, 0);
+ assert (buflen);
+ key = gcry_xmalloc_secure (buflen);
+ buflen = gcry_sexp_sprint (s_key, GCRYSEXP_FMT_CANON, key, buflen);
+ assert (buflen);
+ gcry_sexp_release (s_key);
+
+ pw = get_passphrase (4);
+ rc = agent_protect (key, pw, &result, &resultlen);
+ release_passphrase (pw);
+ xfree (key);
+ if (rc)
+ {
+ log_error ("protecting the key failed: %s\n", gpg_strerror (rc));
+ return;
+ }
+
+ if (opt_armor)
+ {
+ char *p = make_advanced (result, resultlen);
+ xfree (result);
+ if (!p)
+ return;
+ result = (unsigned char*)p;
+ resultlen = strlen (p);
+ }
+
+ if (opt_store)
+ store_private_key (grip, result, resultlen, opt_force);
+ else
+ fwrite (result, resultlen, 1, stdout);
+
+ xfree (result);
+}
+
+
+
+static gcry_mpi_t *
+sexp_to_kparms (gcry_sexp_t sexp)
+{
+ gcry_sexp_t list, l2;
+ const char *name;
+ const char *s;
+ size_t n;
+ int i, idx;
+ const char *elems;
+ gcry_mpi_t *array;
+
+ list = gcry_sexp_find_token (sexp, "private-key", 0 );
+ if(!list)
+ return NULL;
+ l2 = gcry_sexp_cadr (list);
+ gcry_sexp_release (list);
+ list = l2;
+ name = gcry_sexp_nth_data (list, 0, &n);
+ if(!name || n != 3 || memcmp (name, "rsa", 3))
+ {
+ gcry_sexp_release (list);
+ return NULL;
+ }
+
+ /* Parameter names used with RSA. */
+ elems = "nedpqu";
+ array = xcalloc (strlen(elems) + 1, sizeof *array);
+ for (idx=0, s=elems; *s; s++, idx++ )
+ {
+ l2 = gcry_sexp_find_token (list, s, 1);
+ if (!l2)
+ {
+ for (i=0; i<idx; i++)
+ gcry_mpi_release (array[i]);
+ xfree (array);
+ gcry_sexp_release (list);
+ return NULL; /* required parameter not found */
+ }
+ array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (l2);
+ if (!array[idx])
+ {
+ for (i=0; i<idx; i++)
+ gcry_mpi_release (array[i]);
+ xfree (array);
+ gcry_sexp_release (list);
+ return NULL; /* required parameter is invalid */
+ }
+ }
+
+ gcry_sexp_release (list);
+ return array;
+}
+
+
+/* Check whether STRING is a KEYGRIP, i.e has the correct length and
+ does only consist of uppercase hex characters. */
+static int
+is_keygrip (const char *string)
+{
+ int i;
+
+ for(i=0; string[i] && i < 41; i++)
+ if (!strchr("01234567890ABCDEF", string[i]))
+ return 0;
+ return i == 40;
+}
+
+
+static void
+export_p12_file (const char *fname)
+{
+ int rc;
+ gcry_mpi_t kparms[9], *kp;
+ unsigned char *key;
+ size_t keylen;
+ gcry_sexp_t private;
+ struct rsa_secret_key_s sk;
+ int i;
+ unsigned char *cert = NULL;
+ size_t certlen = 0;
+ int keytype;
+ size_t keylen_for_wipe = 0;
+ char *pw;
+
+ if ( is_keygrip (fname) )
+ {
+ char hexgrip[40+4+1];
+ char *p;
+
+ assert (strlen(fname) == 40);
+ strcpy (stpcpy (hexgrip, fname), ".key");
+
+ p = make_filename (opt_homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
+ key = read_key (p);
+ xfree (p);
+ }
+ else
+ key = read_key (fname);
+
+ if (!key)
+ return;
+
+ keytype = agent_private_key_type (key);
+ if (keytype == PRIVATE_KEY_PROTECTED)
+ {
+ unsigned char *tmpkey;
+ size_t tmplen;
+
+ rc = agent_unprotect (key, (pw=get_passphrase (1)),
+ NULL, &tmpkey, &tmplen);
+ release_passphrase (pw);
+ if (rc)
+ {
+ if (opt_status_msg && gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE )
+ log_info ("[PROTECT-TOOL:] bad-passphrase\n");
+ log_error ("unprotecting key `%s' failed: %s\n",
+ fname, gpg_strerror (rc));
+ xfree (key);
+ return;
+ }
+ xfree (key);
+ key = tmpkey;
+ keylen_for_wipe = tmplen;
+
+ keytype = agent_private_key_type (key);
+ }
+
+ if (keytype == PRIVATE_KEY_SHADOWED)
+ {
+ log_error ("`%s' is a shadowed private key - can't export it\n", fname);
+ wipememory (key, keylen_for_wipe);
+ xfree (key);
+ return;
+ }
+ else if (keytype != PRIVATE_KEY_CLEAR)
+ {
+ log_error ("\%s' is not a private key\n", fname);
+ wipememory (key, keylen_for_wipe);
+ xfree (key);
+ return;
+ }
+
+
+ if (opt_have_cert)
+ {
+ cert = (unsigned char*)read_file ("-", &certlen);
+ if (!cert)
+ {
+ wipememory (key, keylen_for_wipe);
+ xfree (key);
+ return;
+ }
+ }
+
+
+ if (gcry_sexp_new (&private, key, 0, 0))
+ {
+ log_error ("gcry_sexp_new failed\n");
+ wipememory (key, keylen_for_wipe);
+ xfree (key);
+ xfree (cert);
+ return;
+ }
+ wipememory (key, keylen_for_wipe);
+ xfree (key);
+
+ kp = sexp_to_kparms (private);
+ gcry_sexp_release (private);
+ if (!kp)
+ {
+ log_error ("error converting key parameters\n");
+ xfree (cert);
+ return;
+ }
+ sk.n = kp[0];
+ sk.e = kp[1];
+ sk.d = kp[2];
+ sk.p = kp[3];
+ sk.q = kp[4];
+ sk.u = kp[5];
+ xfree (kp);
+
+
+ kparms[0] = sk.n;
+ kparms[1] = sk.e;
+ kparms[2] = sk.d;
+ kparms[3] = sk.q;
+ kparms[4] = sk.p;
+ kparms[5] = gcry_mpi_snew (0); /* compute d mod (p-1) */
+ gcry_mpi_sub_ui (kparms[5], kparms[3], 1);
+ gcry_mpi_mod (kparms[5], sk.d, kparms[5]);
+ kparms[6] = gcry_mpi_snew (0); /* compute d mod (q-1) */
+ gcry_mpi_sub_ui (kparms[6], kparms[4], 1);
+ gcry_mpi_mod (kparms[6], sk.d, kparms[6]);
+ kparms[7] = sk.u;
+ kparms[8] = NULL;
+
+ pw = get_passphrase (3);
+ key = p12_build (kparms, cert, certlen, pw, opt_p12_charset, &keylen);
+ release_passphrase (pw);
+ xfree (cert);
+ for (i=0; i < 8; i++)
+ gcry_mpi_release (kparms[i]);
+ if (!key)
+ return;
+
+#ifdef HAVE_DOSISH_SYSTEM
+ setmode ( fileno (stdout) , O_BINARY );
+#endif
+ fwrite (key, keylen, 1, stdout);
+ xfree (key);
+}
+
+
+
+int
+main (int argc, char **argv )
+{
+ ARGPARSE_ARGS pargs;
+ int cmd = 0;
+ const char *fname;
+
+ set_strusage (my_strusage);
+ gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
+ log_set_prefix ("gpg-protect-tool", 1);
+
+ /* Make sure that our subsystems are ready. */
+ i18n_init ();
+ init_common_subsystems ();
+
+ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
+ {
+ log_fatal( _("%s is too old (need %s, have %s)\n"), "libgcrypt",
+ NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
+ }
+
+ setup_libgcrypt_logging ();
+ gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
+
+
+ opt_homedir = default_homedir ();
+
+
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags= 1; /* (do not remove the args) */
+ while (arg_parse (&pargs, opts) )
+ {
+ switch (pargs.r_opt)
+ {
+ case oVerbose: opt.verbose++; break;
+ case oArmor: opt_armor=1; break;
+ case oCanonical: opt_canonical=1; break;
+ case oHomedir: opt_homedir = pargs.r.ret_str; break;
+
+ case oAgentProgram: opt_agent_program = pargs.r.ret_str; break;
+
+ case oProtect: cmd = oProtect; break;
+ case oUnprotect: cmd = oUnprotect; break;
+ case oShadow: cmd = oShadow; break;
+ case oShowShadowInfo: cmd = oShowShadowInfo; break;
+ case oShowKeygrip: cmd = oShowKeygrip; break;
+ case oP12Import: cmd = oP12Import; break;
+ case oP12Export: cmd = oP12Export; break;
+ case oP12Charset: opt_p12_charset = pargs.r.ret_str; break;
+
+ case oS2Kcalibration: cmd = oS2Kcalibration; break;
+
+ case oPassphrase: opt_passphrase = pargs.r.ret_str; break;
+ case oStore: opt_store = 1; break;
+ case oForce: opt_force = 1; break;
+ case oNoFailOnExist: opt_no_fail_on_exist = 1; break;
+ case oHaveCert: opt_have_cert = 1; break;
+ case oPrompt: opt_prompt = pargs.r.ret_str; break;
+ case oStatusMsg: opt_status_msg = 1; break;
+
+ default: pargs.err = ARGPARSE_PRINT_ERROR; break;
+ }
+ }
+ if (log_get_errorcount (0))
+ exit (2);
+
+ fname = "-";
+ if (argc == 1)
+ fname = *argv;
+ else if (argc > 1)
+ usage (1);
+
+ /* Set the information which can't be taken from envvars. */
+ gnupg_prepare_get_passphrase (GPG_ERR_SOURCE_DEFAULT,
+ opt.verbose,
+ opt_homedir,
+ opt_agent_program,
+ NULL, NULL, NULL);
+
+ if (opt_prompt)
+ opt_prompt = percent_plus_unescape (opt_prompt, 0);
+
+ if (cmd == oProtect)
+ read_and_protect (fname);
+ else if (cmd == oUnprotect)
+ read_and_unprotect (fname);
+ else if (cmd == oShadow)
+ read_and_shadow (fname);
+ else if (cmd == oShowShadowInfo)
+ show_shadow_info (fname);
+ else if (cmd == oShowKeygrip)
+ show_keygrip (fname);
+ else if (cmd == oP12Import)
+ import_p12_file (fname);
+ else if (cmd == oP12Export)
+ export_p12_file (fname);
+ else if (cmd == oS2Kcalibration)
+ {
+ if (!opt.verbose)
+ opt.verbose++; /* We need to see something. */
+ get_standard_s2k_count ();
+ }
+ else
+ show_file (fname);
+
+ agent_exit (0);
+ return 8; /*NOTREACHED*/
+}
+
+void
+agent_exit (int rc)
+{
+ rc = rc? rc : log_get_errorcount(0)? 2 : 0;
+ exit (rc);
+}
+
+
+/* Return the passphrase string and ask the agent if it has not been
+ set from the command line PROMPTNO select the prompt to display:
+ 0 = default
+ 1 = taken from the option --prompt
+ 2 = for unprotecting a pkcs#12 object
+ 3 = for protecting a new pkcs#12 object
+ 4 = for protecting an imported pkcs#12 in our system
+*/
+static char *
+get_passphrase (int promptno)
+{
+ char *pw;
+ int err;
+ const char *desc;
+ char *orig_codeset;
+ int repeat = 0;
+
+ if (opt_passphrase)
+ return xstrdup (opt_passphrase);
+
+ orig_codeset = i18n_switchto_utf8 ();
+
+ if (promptno == 1 && opt_prompt)
+ {
+ desc = opt_prompt;
+ }
+ else if (promptno == 2)
+ {
+ desc = _("Please enter the passphrase to unprotect the "
+ "PKCS#12 object.");
+ }
+ else if (promptno == 3)
+ {
+ desc = _("Please enter the passphrase to protect the "
+ "new PKCS#12 object.");
+ repeat = 1;
+ }
+ else if (promptno == 4)
+ {
+ desc = _("Please enter the passphrase to protect the "
+ "imported object within the GnuPG system.");
+ repeat = 1;
+ }
+ else
+ desc = _("Please enter the passphrase or the PIN\n"
+ "needed to complete this operation.");
+
+ i18n_switchback (orig_codeset);
+
+ err = gnupg_get_passphrase (NULL, NULL, _("Passphrase:"), desc,
+ repeat, repeat, 1, &pw);
+ if (err)
+ {
+ if (gpg_err_code (err) == GPG_ERR_CANCELED)
+ log_info (_("cancelled\n"));
+ else
+ log_error (_("error while asking for the passphrase: %s\n"),
+ gpg_strerror (err));
+ agent_exit (0);
+ }
+ assert (pw);
+
+ return pw;
+}
+
+
+static void
+release_passphrase (char *pw)
+{
+ if (pw)
+ {
+ wipememory (pw, strlen (pw));
+ xfree (pw);
+ }
+}
+
+static int
+store_private_key (const unsigned char *grip,
+ const void *buffer, size_t length, int force)
+{
+ char *fname;
+ estream_t fp;
+ char hexgrip[40+4+1];
+
+ bin2hex (grip, 20, hexgrip);
+ strcpy (hexgrip+40, ".key");
+
+ fname = make_filename (opt_homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
+ if (force)
+ fp = es_fopen (fname, "wb");
+ else
+ {
+ if (!access (fname, F_OK))
+ {
+ if (opt_status_msg)
+ log_info ("[PROTECT-TOOL:] secretkey-exists\n");
+ if (opt_no_fail_on_exist)
+ log_info ("secret key file `%s' already exists\n", fname);
+ else
+ log_error ("secret key file `%s' already exists\n", fname);
+ xfree (fname);
+ return opt_no_fail_on_exist? 0 : -1;
+ }
+ /* FWIW: Under Windows Vista the standard fopen in the msvcrt
+ fails if the "x" GNU extension is used. */
+ fp = es_fopen (fname, "wbx");
+ }
+
+ if (!fp)
+ {
+ log_error ("can't create `%s': %s\n", fname, strerror (errno));
+ xfree (fname);
+ return -1;
+ }
+
+ if (es_fwrite (buffer, length, 1, fp) != 1)
+ {
+ log_error ("error writing `%s': %s\n", fname, strerror (errno));
+ es_fclose (fp);
+ remove (fname);
+ xfree (fname);
+ return -1;
+ }
+ if (es_fclose (fp))
+ {
+ log_error ("error closing `%s': %s\n", fname, strerror (errno));
+ remove (fname);
+ xfree (fname);
+ return -1;
+ }
+ log_info ("secret key stored as `%s'\n", fname);
+
+ if (opt_status_msg)
+ log_info ("[PROTECT-TOOL:] secretkey-stored\n");
+
+ xfree (fname);
+ return 0;
+}
diff --git a/agent/protect.c b/agent/protect.c
new file mode 100644
index 0000000..d6c9641
--- /dev/null
+++ b/agent/protect.c
@@ -0,0 +1,1321 @@
+/* protect.c - Un/Protect a secret key
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002,
+ * 2003, 2007, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#ifdef HAVE_W32_SYSTEM
+# include <windows.h>
+#else
+# include <sys/times.h>
+#endif
+
+#include "agent.h"
+
+#include "sexp-parse.h"
+
+#define PROT_CIPHER GCRY_CIPHER_AES
+#define PROT_CIPHER_STRING "aes"
+#define PROT_CIPHER_KEYLEN (128/8)
+
+
+/* A table containing the information needed to create a protected
+ private key */
+static struct {
+ const char *algo;
+ const char *parmlist;
+ int prot_from, prot_to;
+} protect_info[] = {
+ { "rsa", "nedpqu", 2, 5 },
+ { "dsa", "pqgyx", 4, 4 },
+ { "elg", "pgyx", 3, 3 },
+ { NULL }
+};
+
+
+/* A helper object for time measurement. */
+struct calibrate_time_s
+{
+#ifdef HAVE_W32_SYSTEM
+ FILETIME creation_time, exit_time, kernel_time, user_time;
+#else
+ clock_t ticks;
+#endif
+};
+
+
+static int
+hash_passphrase (const char *passphrase, int hashalgo,
+ int s2kmode,
+ const unsigned char *s2ksalt, unsigned long s2kcount,
+ unsigned char *key, size_t keylen);
+
+/* Get the process time and store it in DATA. */
+static void
+calibrate_get_time (struct calibrate_time_s *data)
+{
+#ifdef HAVE_W32_SYSTEM
+ GetProcessTimes (GetCurrentProcess (),
+ &data->creation_time, &data->exit_time,
+ &data->kernel_time, &data->user_time);
+#else
+ struct tms tmp;
+
+ times (&tmp);
+ data->ticks = tmp.tms_utime;
+#endif
+}
+
+
+static unsigned long
+calibrate_elapsed_time (struct calibrate_time_s *starttime)
+{
+ struct calibrate_time_s stoptime;
+
+ calibrate_get_time (&stoptime);
+#ifdef HAVE_W32_SYSTEM
+ {
+ unsigned long long t1, t2;
+
+ t1 = (((unsigned long long)starttime->kernel_time.dwHighDateTime << 32)
+ + starttime->kernel_time.dwLowDateTime);
+ t1 += (((unsigned long long)starttime->user_time.dwHighDateTime << 32)
+ + starttime->user_time.dwLowDateTime);
+ t2 = (((unsigned long long)stoptime.kernel_time.dwHighDateTime << 32)
+ + stoptime.kernel_time.dwLowDateTime);
+ t2 += (((unsigned long long)stoptime.user_time.dwHighDateTime << 32)
+ + stoptime.user_time.dwLowDateTime);
+ return (unsigned long)((t2 - t1)/10000);
+ }
+#else
+ return (unsigned long)((((double) (stoptime.ticks - starttime->ticks))
+ /CLOCKS_PER_SEC)*10000000);
+#endif
+}
+
+
+/* Run a test hashing for COUNT and return the time required in
+ milliseconds. */
+static unsigned long
+calibrate_s2k_count_one (unsigned long count)
+{
+ int rc;
+ char keybuf[PROT_CIPHER_KEYLEN];
+ struct calibrate_time_s starttime;
+
+ calibrate_get_time (&starttime);
+ rc = hash_passphrase ("123456789abcdef0", GCRY_MD_SHA1,
+ 3, "saltsalt", count, keybuf, sizeof keybuf);
+ if (rc)
+ BUG ();
+ return calibrate_elapsed_time (&starttime);
+}
+
+
+/* Measure the time we need to do the hash operations and deduce an
+ S2K count which requires about 100ms of time. */
+static unsigned long
+calibrate_s2k_count (void)
+{
+ unsigned long count;
+ unsigned long ms;
+
+ for (count = 65536; count; count *= 2)
+ {
+ ms = calibrate_s2k_count_one (count);
+ if (opt.verbose > 1)
+ log_info ("S2K calibration: %lu -> %lums\n", count, ms);
+ if (ms > 100)
+ break;
+ }
+
+ count = (unsigned long)(((double)count / ms) * 100);
+ count /= 1024;
+ count *= 1024;
+ if (count < 65536)
+ count = 65536;
+
+ if (opt.verbose)
+ {
+ ms = calibrate_s2k_count_one (count);
+ log_info ("S2K calibration: %lu iterations for %lums\n", count, ms);
+ }
+
+ return count;
+}
+
+
+
+/* Return the standard S2K count. */
+unsigned long
+get_standard_s2k_count (void)
+{
+ static unsigned long count;
+
+ if (!count)
+ count = calibrate_s2k_count ();
+
+ /* Enforce a lower limit. */
+ return count < 65536 ? 65536 : count;
+}
+
+
+
+
+/* Calculate the MIC for a private key S-Exp. SHA1HASH should point to
+ a 20 byte buffer. This function is suitable for any algorithms. */
+static int
+calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
+{
+ const unsigned char *hash_begin, *hash_end;
+ const unsigned char *s;
+ size_t n;
+
+ s = plainkey;
+ if (*s != '(')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (!smatch (&s, n, "private-key"))
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ if (*s != '(')
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ hash_begin = s;
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s += n; /* skip over the algorithm name */
+
+ while (*s == '(')
+ {
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s += n;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s += n;
+ if ( *s != ')' )
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s++;
+ }
+ if (*s != ')')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s++;
+ hash_end = s;
+
+ gcry_md_hash_buffer (GCRY_MD_SHA1, sha1hash,
+ hash_begin, hash_end - hash_begin);
+
+ return 0;
+}
+
+
+
+/* Encrypt the parameter block starting at PROTBEGIN with length
+ PROTLEN using the utf8 encoded key PASSPHRASE and return the entire
+ encrypted block in RESULT or return with an error code. SHA1HASH
+ is the 20 byte SHA-1 hash required for the integrity code.
+
+ The parameter block is expected to be an incomplete S-Expression of
+ the form (example in advanced format):
+
+ (d #046129F..[some bytes not shown]..81#)
+ (p #00e861b..[some bytes not shown]..f1#)
+ (q #00f7a7c..[some bytes not shown]..61#)
+ (u #304559a..[some bytes not shown]..9b#)
+
+ the returned block is the S-Expression:
+
+ (protected mode (parms) encrypted_octet_string)
+
+*/
+static int
+do_encryption (const unsigned char *protbegin, size_t protlen,
+ const char *passphrase, const unsigned char *sha1hash,
+ unsigned char **result, size_t *resultlen)
+{
+ gcry_cipher_hd_t hd;
+ const char *modestr = "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc";
+ int blklen, enclen, outlen;
+ unsigned char *iv = NULL;
+ int rc;
+ char *outbuf = NULL;
+ char *p;
+ int saltpos, ivpos, encpos;
+
+ *resultlen = 0;
+ *result = NULL;
+
+ rc = gcry_cipher_open (&hd, PROT_CIPHER, GCRY_CIPHER_MODE_CBC,
+ GCRY_CIPHER_SECURE);
+ if (rc)
+ return rc;
+
+
+ /* We need to work on a copy of the data because this makes it
+ easier to add the trailer and the padding and more important we
+ have to prefix the text with 2 parenthesis, so we have to
+ allocate enough space for:
+
+ ((<parameter_list>)(4:hash4:sha120:<hashvalue>)) + padding
+
+ We always append a full block of random bytes as padding but
+ encrypt only what is needed for a full blocksize. */
+ blklen = gcry_cipher_get_algo_blklen (PROT_CIPHER);
+ outlen = 2 + protlen + 2 + 6 + 6 + 23 + 2 + blklen;
+ enclen = outlen/blklen * blklen;
+ outbuf = gcry_malloc_secure (outlen);
+ if (!outbuf)
+ rc = out_of_core ();
+ if (!rc)
+ {
+ /* Allocate random bytes to be used as IV, padding and s2k salt. */
+ iv = xtrymalloc (blklen*2+8);
+ if (!iv)
+ rc = gpg_error (GPG_ERR_ENOMEM);
+ else
+ {
+ gcry_create_nonce (iv, blklen*2+8);
+ rc = gcry_cipher_setiv (hd, iv, blklen);
+ }
+ }
+ if (!rc)
+ {
+ unsigned char *key;
+ size_t keylen = PROT_CIPHER_KEYLEN;
+
+ key = gcry_malloc_secure (keylen);
+ if (!key)
+ rc = out_of_core ();
+ else
+ {
+ rc = hash_passphrase (passphrase, GCRY_MD_SHA1,
+ 3, iv+2*blklen,
+ get_standard_s2k_count (), key, keylen);
+ if (!rc)
+ rc = gcry_cipher_setkey (hd, key, keylen);
+ xfree (key);
+ }
+ }
+ if (!rc)
+ {
+ p = outbuf;
+ *p++ = '(';
+ *p++ = '(';
+ memcpy (p, protbegin, protlen);
+ p += protlen;
+ memcpy (p, ")(4:hash4:sha120:", 17);
+ p += 17;
+ memcpy (p, sha1hash, 20);
+ p += 20;
+ *p++ = ')';
+ *p++ = ')';
+ memcpy (p, iv+blklen, blklen);
+ p += blklen;
+ assert ( p - outbuf == outlen);
+ rc = gcry_cipher_encrypt (hd, outbuf, enclen, NULL, 0);
+ }
+ gcry_cipher_close (hd);
+ if (rc)
+ {
+ xfree (iv);
+ xfree (outbuf);
+ return rc;
+ }
+
+ /* Now allocate the buffer we want to return. This is
+
+ (protected openpgp-s2k3-sha1-aes-cbc
+ ((sha1 salt no_of_iterations) 16byte_iv)
+ encrypted_octet_string)
+
+ in canoncical format of course. We use asprintf and %n modifier
+ and dummy values as placeholders. */
+ {
+ char countbuf[35];
+
+ snprintf (countbuf, sizeof countbuf, "%lu", get_standard_s2k_count ());
+ p = xtryasprintf
+ ("(9:protected%d:%s((4:sha18:%n_8bytes_%u:%s)%d:%n%*s)%d:%n%*s)",
+ (int)strlen (modestr), modestr,
+ &saltpos,
+ (unsigned int)strlen (countbuf), countbuf,
+ blklen, &ivpos, blklen, "",
+ enclen, &encpos, enclen, "");
+ if (!p)
+ {
+ gpg_error_t tmperr = out_of_core ();
+ xfree (iv);
+ xfree (outbuf);
+ return tmperr;
+ }
+ }
+ *resultlen = strlen (p);
+ *result = (unsigned char*)p;
+ memcpy (p+saltpos, iv+2*blklen, 8);
+ memcpy (p+ivpos, iv, blklen);
+ memcpy (p+encpos, outbuf, enclen);
+ xfree (iv);
+ xfree (outbuf);
+ return 0;
+}
+
+
+
+/* Protect the key encoded in canonical format in PLAINKEY. We assume
+ a valid S-Exp here. */
+int
+agent_protect (const unsigned char *plainkey, const char *passphrase,
+ unsigned char **result, size_t *resultlen)
+{
+ int rc;
+ const unsigned char *s;
+ const unsigned char *hash_begin, *hash_end;
+ const unsigned char *prot_begin, *prot_end, *real_end;
+ size_t n;
+ int c, infidx, i;
+ unsigned char hashvalue[20];
+ char timestamp_exp[35];
+ unsigned char *protected;
+ size_t protectedlen;
+ int depth = 0;
+ unsigned char *p;
+ gcry_md_hd_t md;
+
+ /* Create an S-expression with the procted-at timestamp. */
+ memcpy (timestamp_exp, "(12:protected-at15:", 19);
+ gnupg_get_isotime (timestamp_exp+19);
+ timestamp_exp[19+15] = ')';
+
+ /* Parse original key. */
+ s = plainkey;
+ if (*s != '(')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ depth++;
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (!smatch (&s, n, "private-key"))
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ if (*s != '(')
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ depth++;
+ hash_begin = s;
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+
+ for (infidx=0; protect_info[infidx].algo
+ && !smatch (&s, n, protect_info[infidx].algo); infidx++)
+ ;
+ if (!protect_info[infidx].algo)
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+
+ prot_begin = prot_end = NULL;
+ for (i=0; (c=protect_info[infidx].parmlist[i]); i++)
+ {
+ if (i == protect_info[infidx].prot_from)
+ prot_begin = s;
+ if (*s != '(')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ depth++;
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (n != 1 || c != *s)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s += n;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s +=n; /* skip value */
+ if (*s != ')')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ depth--;
+ if (i == protect_info[infidx].prot_to)
+ prot_end = s;
+ s++;
+ }
+ if (*s != ')' || !prot_begin || !prot_end )
+ return gpg_error (GPG_ERR_INV_SEXP);
+ depth--;
+ hash_end = s;
+ s++;
+ /* skip to the end of the S-exp */
+ assert (depth == 1);
+ rc = sskip (&s, &depth);
+ if (rc)
+ return rc;
+ assert (!depth);
+ real_end = s-1;
+
+
+ /* Hash the stuff. Because the timestamp_exp won't get protected,
+ we can't simply hash a continuous buffer but need to use several
+ md_writes. */
+ rc = gcry_md_open (&md, GCRY_MD_SHA1, 0 );
+ if (rc)
+ return rc;
+ gcry_md_write (md, hash_begin, hash_end - hash_begin);
+ gcry_md_write (md, timestamp_exp, 35);
+ gcry_md_write (md, ")", 1);
+ memcpy (hashvalue, gcry_md_read (md, GCRY_MD_SHA1), 20);
+ gcry_md_close (md);
+
+ rc = do_encryption (prot_begin, prot_end - prot_begin + 1,
+ passphrase, hashvalue,
+ &protected, &protectedlen);
+ if (rc)
+ return rc;
+
+ /* Now create the protected version of the key. Note that the 10
+ extra bytes are for for the inserted "protected-" string (the
+ beginning of the plaintext reads: "((11:private-key(" ). The 35
+ term is the space for (12:protected-at15:<timestamp>). */
+ *resultlen = (10
+ + (prot_begin-plainkey)
+ + protectedlen
+ + 35
+ + (real_end-prot_end));
+ *result = p = xtrymalloc (*resultlen);
+ if (!p)
+ {
+ gpg_error_t tmperr = out_of_core ();
+ xfree (protected);
+ return tmperr;
+ }
+ memcpy (p, "(21:protected-", 14);
+ p += 14;
+ memcpy (p, plainkey+4, prot_begin - plainkey - 4);
+ p += prot_begin - plainkey - 4;
+ memcpy (p, protected, protectedlen);
+ p += protectedlen;
+
+ memcpy (p, timestamp_exp, 35);
+ p += 35;
+
+ memcpy (p, prot_end+1, real_end - prot_end);
+ p += real_end - prot_end;
+ assert ( p - *result == *resultlen);
+ xfree (protected);
+
+ return 0;
+}
+
+
+/* Do the actual decryption and check the return list for consistency. */
+static int
+do_decryption (const unsigned char *protected, size_t protectedlen,
+ const char *passphrase,
+ const unsigned char *s2ksalt, unsigned long s2kcount,
+ const unsigned char *iv, size_t ivlen,
+ unsigned char **result)
+{
+ int rc = 0;
+ int blklen;
+ gcry_cipher_hd_t hd;
+ unsigned char *outbuf;
+ size_t reallen;
+
+ blklen = gcry_cipher_get_algo_blklen (PROT_CIPHER);
+ if (protectedlen < 4 || (protectedlen%blklen))
+ return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
+
+ rc = gcry_cipher_open (&hd, PROT_CIPHER, GCRY_CIPHER_MODE_CBC,
+ GCRY_CIPHER_SECURE);
+ if (rc)
+ return rc;
+
+ outbuf = gcry_malloc_secure (protectedlen);
+ if (!outbuf)
+ rc = out_of_core ();
+ if (!rc)
+ rc = gcry_cipher_setiv (hd, iv, ivlen);
+ if (!rc)
+ {
+ unsigned char *key;
+ size_t keylen = PROT_CIPHER_KEYLEN;
+
+ key = gcry_malloc_secure (keylen);
+ if (!key)
+ rc = out_of_core ();
+ else
+ {
+ rc = hash_passphrase (passphrase, GCRY_MD_SHA1,
+ 3, s2ksalt, s2kcount, key, keylen);
+ if (!rc)
+ rc = gcry_cipher_setkey (hd, key, keylen);
+ xfree (key);
+ }
+ }
+ if (!rc)
+ rc = gcry_cipher_decrypt (hd, outbuf, protectedlen,
+ protected, protectedlen);
+ gcry_cipher_close (hd);
+ if (rc)
+ {
+ xfree (outbuf);
+ return rc;
+ }
+ /* Do a quick check first. */
+ if (*outbuf != '(' && outbuf[1] != '(')
+ {
+ xfree (outbuf);
+ return gpg_error (GPG_ERR_BAD_PASSPHRASE);
+ }
+ /* Check that we have a consistent S-Exp. */
+ reallen = gcry_sexp_canon_len (outbuf, protectedlen, NULL, NULL);
+ if (!reallen || (reallen + blklen < protectedlen) )
+ {
+ xfree (outbuf);
+ return gpg_error (GPG_ERR_BAD_PASSPHRASE);
+ }
+ *result = outbuf;
+ return 0;
+}
+
+
+/* Merge the parameter list contained in CLEARTEXT with the original
+ protect lists PROTECTEDKEY by replacing the list at REPLACEPOS.
+ Return the new list in RESULT and the MIC value in the 20 byte
+ buffer SHA1HASH. CUTOFF and CUTLEN will receive the offset and the
+ length of the resulting list which should go into the MIC
+ calculation but then be removed. */
+static int
+merge_lists (const unsigned char *protectedkey,
+ size_t replacepos,
+ const unsigned char *cleartext,
+ unsigned char *sha1hash,
+ unsigned char **result, size_t *resultlen,
+ size_t *cutoff, size_t *cutlen)
+{
+ size_t n, newlistlen;
+ unsigned char *newlist, *p;
+ const unsigned char *s;
+ const unsigned char *startpos, *endpos;
+ int i, rc;
+
+ *result = NULL;
+ *resultlen = 0;
+ *cutoff = 0;
+ *cutlen = 0;
+
+ if (replacepos < 26)
+ return gpg_error (GPG_ERR_BUG);
+
+ /* Estimate the required size of the resulting list. We have a large
+ safety margin of >20 bytes (MIC hash from CLEARTEXT and the
+ removed "protected-" */
+ newlistlen = gcry_sexp_canon_len (protectedkey, 0, NULL, NULL);
+ if (!newlistlen)
+ return gpg_error (GPG_ERR_BUG);
+ n = gcry_sexp_canon_len (cleartext, 0, NULL, NULL);
+ if (!n)
+ return gpg_error (GPG_ERR_BUG);
+ newlistlen += n;
+ newlist = gcry_malloc_secure (newlistlen);
+ if (!newlist)
+ return out_of_core ();
+
+ /* Copy the initial segment */
+ strcpy ((char*)newlist, "(11:private-key");
+ p = newlist + 15;
+ memcpy (p, protectedkey+15+10, replacepos-15-10);
+ p += replacepos-15-10;
+
+ /* copy the cleartext */
+ s = cleartext;
+ if (*s != '(' && s[1] != '(')
+ return gpg_error (GPG_ERR_BUG); /*we already checked this */
+ s += 2;
+ startpos = s;
+ while ( *s == '(' )
+ {
+ s++;
+ n = snext (&s);
+ if (!n)
+ goto invalid_sexp;
+ s += n;
+ n = snext (&s);
+ if (!n)
+ goto invalid_sexp;
+ s += n;
+ if ( *s != ')' )
+ goto invalid_sexp;
+ s++;
+ }
+ if ( *s != ')' )
+ goto invalid_sexp;
+ endpos = s;
+ s++;
+ /* Intermezzo: Get the MIC */
+ if (*s != '(')
+ goto invalid_sexp;
+ s++;
+ n = snext (&s);
+ if (!smatch (&s, n, "hash"))
+ goto invalid_sexp;
+ n = snext (&s);
+ if (!smatch (&s, n, "sha1"))
+ goto invalid_sexp;
+ n = snext (&s);
+ if (n != 20)
+ goto invalid_sexp;
+ memcpy (sha1hash, s, 20);
+ s += n;
+ if (*s != ')')
+ goto invalid_sexp;
+ /* End intermezzo */
+
+ /* append the parameter list */
+ memcpy (p, startpos, endpos - startpos);
+ p += endpos - startpos;
+
+ /* Skip over the protected list element in the original list. */
+ s = protectedkey + replacepos;
+ assert (*s == '(');
+ s++;
+ i = 1;
+ rc = sskip (&s, &i);
+ if (rc)
+ goto failure;
+ /* Record the position of the optional protected-at expression. */
+ if (*s == '(')
+ {
+ const unsigned char *save_s = s;
+ s++;
+ n = snext (&s);
+ if (smatch (&s, n, "protected-at"))
+ {
+ i = 1;
+ rc = sskip (&s, &i);
+ if (rc)
+ goto failure;
+ *cutlen = s - save_s;
+ }
+ s = save_s;
+ }
+ startpos = s;
+ i = 2; /* we are inside this level */
+ rc = sskip (&s, &i);
+ if (rc)
+ goto failure;
+ assert (s[-1] == ')');
+ endpos = s; /* one behind the end of the list */
+
+ /* Append the rest. */
+ if (*cutlen)
+ *cutoff = p - newlist;
+ memcpy (p, startpos, endpos - startpos);
+ p += endpos - startpos;
+
+
+ /* ready */
+ *result = newlist;
+ *resultlen = newlistlen;
+ return 0;
+
+ failure:
+ wipememory (newlist, newlistlen);
+ xfree (newlist);
+ return rc;
+
+ invalid_sexp:
+ wipememory (newlist, newlistlen);
+ xfree (newlist);
+ return gpg_error (GPG_ERR_INV_SEXP);
+}
+
+
+
+/* Unprotect the key encoded in canonical format. We assume a valid
+ S-Exp here. If a protected-at item is available, its value will
+ be stored at protocted_at unless this is NULL. */
+int
+agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
+ gnupg_isotime_t protected_at,
+ unsigned char **result, size_t *resultlen)
+{
+ int rc;
+ const unsigned char *s;
+ const unsigned char *protect_list;
+ size_t n;
+ int infidx, i;
+ unsigned char sha1hash[20], sha1hash2[20];
+ const unsigned char *s2ksalt;
+ unsigned long s2kcount;
+ const unsigned char *iv;
+ const unsigned char *prot_begin;
+ unsigned char *cleartext = NULL; /* Just to avoid gcc warning. */
+ unsigned char *final;
+ size_t finallen;
+ size_t cutoff, cutlen;
+
+ if (protected_at)
+ *protected_at = 0;
+
+ s = protectedkey;
+ if (*s != '(')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (!smatch (&s, n, "protected-private-key"))
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ if (*s != '(')
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+
+ for (infidx=0; protect_info[infidx].algo
+ && !smatch (&s, n, protect_info[infidx].algo); infidx++)
+ ;
+ if (!protect_info[infidx].algo)
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+
+
+ /* See wether we have a protected-at timestamp. */
+ protect_list = s; /* Save for later. */
+ if (protected_at)
+ {
+ while (*s == '(')
+ {
+ prot_begin = s;
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (smatch (&s, n, "protected-at"))
+ {
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (n != 15)
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ memcpy (protected_at, s, 15);
+ protected_at[15] = 0;
+ break;
+ }
+ s += n;
+ i = 1;
+ rc = sskip (&s, &i);
+ if (rc)
+ return rc;
+ }
+ }
+
+ /* Now find the list with the protected information. Here is an
+ example for such a list:
+ (protected openpgp-s2k3-sha1-aes-cbc
+ ((sha1 <salt> <count>) <Initialization_Vector>)
+ <encrypted_data>)
+ */
+ s = protect_list;
+ for (;;)
+ {
+ if (*s != '(')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ prot_begin = s;
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (smatch (&s, n, "protected"))
+ break;
+ s += n;
+ i = 1;
+ rc = sskip (&s, &i);
+ if (rc)
+ return rc;
+ }
+ /* found */
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (!smatch (&s, n, "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc"))
+ return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
+ if (*s != '(' || s[1] != '(')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s += 2;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (!smatch (&s, n, "sha1"))
+ return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
+ n = snext (&s);
+ if (n != 8)
+ return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
+ s2ksalt = s;
+ s += n;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
+ /* We expect a list close as next, so we can simply use strtoul()
+ here. We might want to check that we only have digits - but this
+ is nothing we should worry about */
+ if (s[n] != ')' )
+ return gpg_error (GPG_ERR_INV_SEXP);
+
+ /* Old versions of gpg-agent used the funny floating point number in
+ a byte encoding as specified by OpenPGP. However this is not
+ needed and thus we now store it as a plain unsigned integer. We
+ can easily distinguish the old format by looking at its value:
+ Less than 256 is an old-style encoded number; other values are
+ plain integers. In any case we check that they are at least
+ 65536 because we never used a lower value in the past and we
+ should have a lower limit. */
+ s2kcount = strtoul ((const char*)s, NULL, 10);
+ if (!s2kcount)
+ return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
+ if (s2kcount < 256)
+ s2kcount = (16ul + (s2kcount & 15)) << ((s2kcount >> 4) + 6);
+ if (s2kcount < 65536)
+ return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
+
+ s += n;
+ s++; /* skip list end */
+
+ n = snext (&s);
+ if (n != 16) /* Wrong blocksize for IV (we support only aes-128). */
+ return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
+ iv = s;
+ s += n;
+ if (*s != ')' )
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+
+ rc = do_decryption (s, n,
+ passphrase, s2ksalt, s2kcount,
+ iv, 16,
+ &cleartext);
+ if (rc)
+ return rc;
+
+ rc = merge_lists (protectedkey, prot_begin-protectedkey, cleartext,
+ sha1hash, &final, &finallen, &cutoff, &cutlen);
+ /* Albeit cleartext has been allocated in secure memory and thus
+ xfree will wipe it out, we do an extra wipe just in case
+ somethings goes badly wrong. */
+ wipememory (cleartext, n);
+ xfree (cleartext);
+ if (rc)
+ return rc;
+
+ rc = calculate_mic (final, sha1hash2);
+ if (!rc && memcmp (sha1hash, sha1hash2, 20))
+ rc = gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
+ if (rc)
+ {
+ wipememory (final, finallen);
+ xfree (final);
+ return rc;
+ }
+ /* Now remove tha part which is included in the MIC but should not
+ go into the final thing. */
+ if (cutlen)
+ {
+ memmove (final+cutoff, final+cutoff+cutlen, finallen-cutoff-cutlen);
+ finallen -= cutlen;
+ }
+
+ *result = final;
+ *resultlen = gcry_sexp_canon_len (final, 0, NULL, NULL);
+ return 0;
+}
+
+/* Check the type of the private key, this is one of the constants:
+ PRIVATE_KEY_UNKNOWN if we can't figure out the type (this is the
+ value 0), PRIVATE_KEY_CLEAR for an unprotected private key.
+ PRIVATE_KEY_PROTECTED for an protected private key or
+ PRIVATE_KEY_SHADOWED for a sub key where the secret parts are stored
+ elsewhere. */
+int
+agent_private_key_type (const unsigned char *privatekey)
+{
+ const unsigned char *s;
+ size_t n;
+
+ s = privatekey;
+ if (*s != '(')
+ return PRIVATE_KEY_UNKNOWN;
+ s++;
+ n = snext (&s);
+ if (!n)
+ return PRIVATE_KEY_UNKNOWN;
+ if (smatch (&s, n, "protected-private-key"))
+ return PRIVATE_KEY_PROTECTED;
+ if (smatch (&s, n, "shadowed-private-key"))
+ return PRIVATE_KEY_SHADOWED;
+ if (smatch (&s, n, "private-key"))
+ return PRIVATE_KEY_CLEAR;
+ return PRIVATE_KEY_UNKNOWN;
+}
+
+
+
+/* Transform a passphrase into a suitable key of length KEYLEN and
+ store this key in the caller provided buffer KEY. The caller must
+ provide an HASHALGO, a valid S2KMODE (see rfc-2440) and depending on
+ that mode an S2KSALT of 8 random bytes and an S2KCOUNT.
+
+ Returns an error code on failure. */
+static int
+hash_passphrase (const char *passphrase, int hashalgo,
+ int s2kmode,
+ const unsigned char *s2ksalt,
+ unsigned long s2kcount,
+ unsigned char *key, size_t keylen)
+{
+ int rc;
+ gcry_md_hd_t md;
+ int pass, i;
+ int used = 0;
+ int pwlen = strlen (passphrase);
+
+ if ( (s2kmode != 0 && s2kmode != 1 && s2kmode != 3)
+ || !hashalgo || !keylen || !key || !passphrase)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if ((s2kmode == 1 ||s2kmode == 3) && !s2ksalt)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ rc = gcry_md_open (&md, hashalgo, GCRY_MD_FLAG_SECURE);
+ if (rc)
+ return rc;
+
+ for (pass=0; used < keylen; pass++)
+ {
+ if (pass)
+ {
+ gcry_md_reset (md);
+ for (i=0; i < pass; i++) /* preset the hash context */
+ gcry_md_putc (md, 0);
+ }
+
+ if (s2kmode == 1 || s2kmode == 3)
+ {
+ int len2 = pwlen + 8;
+ unsigned long count = len2;
+
+ if (s2kmode == 3)
+ {
+ count = s2kcount;
+ if (count < len2)
+ count = len2;
+ }
+
+ while (count > len2)
+ {
+ gcry_md_write (md, s2ksalt, 8);
+ gcry_md_write (md, passphrase, pwlen);
+ count -= len2;
+ }
+ if (count < 8)
+ gcry_md_write (md, s2ksalt, count);
+ else
+ {
+ gcry_md_write (md, s2ksalt, 8);
+ count -= 8;
+ gcry_md_write (md, passphrase, count);
+ }
+ }
+ else
+ gcry_md_write (md, passphrase, pwlen);
+
+ gcry_md_final (md);
+ i = gcry_md_get_algo_dlen (hashalgo);
+ if (i > keylen - used)
+ i = keylen - used;
+ memcpy (key+used, gcry_md_read (md, hashalgo), i);
+ used += i;
+ }
+ gcry_md_close(md);
+ return 0;
+}
+
+
+
+
+/* Create an canonical encoded S-expression with the shadow info from
+ a card's SERIALNO and the IDSTRING. */
+unsigned char *
+make_shadow_info (const char *serialno, const char *idstring)
+{
+ const char *s;
+ char *info, *p;
+ char numbuf[20];
+ size_t n;
+
+ for (s=serialno, n=0; *s && s[1]; s += 2)
+ n++;
+
+ info = p = xtrymalloc (1 + sizeof numbuf + n
+ + sizeof numbuf + strlen (idstring) + 1 + 1);
+ if (!info)
+ return NULL;
+ *p++ = '(';
+ p = stpcpy (p, smklen (numbuf, sizeof numbuf, n, NULL));
+ for (s=serialno; *s && s[1]; s += 2)
+ *(unsigned char *)p++ = xtoi_2 (s);
+ p = stpcpy (p, smklen (numbuf, sizeof numbuf, strlen (idstring), NULL));
+ p = stpcpy (p, idstring);
+ *p++ = ')';
+ *p = 0;
+ return (unsigned char *)info;
+}
+
+
+
+/* Create a shadow key from a public key. We use the shadow protocol
+ "ti-v1" and insert the S-expressionn SHADOW_INFO. The resulting
+ S-expression is returned in an allocated buffer RESULT will point
+ to. The input parameters are expected to be valid canonicalized
+ S-expressions */
+int
+agent_shadow_key (const unsigned char *pubkey,
+ const unsigned char *shadow_info,
+ unsigned char **result)
+{
+ const unsigned char *s;
+ const unsigned char *point;
+ size_t n;
+ int depth = 0;
+ char *p;
+ size_t pubkey_len = gcry_sexp_canon_len (pubkey, 0, NULL,NULL);
+ size_t shadow_info_len = gcry_sexp_canon_len (shadow_info, 0, NULL,NULL);
+
+ if (!pubkey_len || !shadow_info_len)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ s = pubkey;
+ if (*s != '(')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ depth++;
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (!smatch (&s, n, "public-key"))
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ if (*s != '(')
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ depth++;
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s += n; /* skip over the algorithm name */
+
+ while (*s != ')')
+ {
+ if (*s != '(')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ depth++;
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s += n;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s +=n; /* skip value */
+ if (*s != ')')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ depth--;
+ s++;
+ }
+ point = s; /* insert right before the point */
+ depth--;
+ s++;
+ assert (depth == 1);
+
+ /* Calculate required length by taking in account: the "shadowed-"
+ prefix, the "shadowed", "t1-v1" as well as some parenthesis */
+ n = 12 + pubkey_len + 1 + 3+8 + 2+5 + shadow_info_len + 1;
+ *result = xtrymalloc (n);
+ p = (char*)*result;
+ if (!p)
+ return out_of_core ();
+ p = stpcpy (p, "(20:shadowed-private-key");
+ /* (10:public-key ...)*/
+ memcpy (p, pubkey+14, point - (pubkey+14));
+ p += point - (pubkey+14);
+ p = stpcpy (p, "(8:shadowed5:t1-v1");
+ memcpy (p, shadow_info, shadow_info_len);
+ p += shadow_info_len;
+ *p++ = ')';
+ memcpy (p, point, pubkey_len - (point - pubkey));
+ p += pubkey_len - (point - pubkey);
+
+ return 0;
+}
+
+/* Parse a canonical encoded shadowed key and return a pointer to the
+ inner list with the shadow_info */
+int
+agent_get_shadow_info (const unsigned char *shadowkey,
+ unsigned char const **shadow_info)
+{
+ const unsigned char *s;
+ size_t n;
+ int depth = 0;
+
+ s = shadowkey;
+ if (*s != '(')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ depth++;
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (!smatch (&s, n, "shadowed-private-key"))
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ if (*s != '(')
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ depth++;
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s += n; /* skip over the algorithm name */
+
+ for (;;)
+ {
+ if (*s == ')')
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ if (*s != '(')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ depth++;
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (smatch (&s, n, "shadowed"))
+ break;
+ s += n;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s +=n; /* skip value */
+ if (*s != ')')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ depth--;
+ s++;
+ }
+ /* Found the shadowed list, S points to the protocol */
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ if (smatch (&s, n, "t1-v1"))
+ {
+ if (*s != '(')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ *shadow_info = s;
+ }
+ else
+ return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
+ return 0;
+}
+
+
+/* Parse the canonical encoded SHADOW_INFO S-expression. On success
+ the hex encoded serial number is returned as a malloced strings at
+ R_HEXSN and the Id string as a malloced string at R_IDSTR. On
+ error an error code is returned and NULL is stored at the result
+ parameters addresses. If the serial number or the ID string is not
+ required, NULL may be passed for them. */
+gpg_error_t
+parse_shadow_info (const unsigned char *shadow_info,
+ char **r_hexsn, char **r_idstr)
+{
+ const unsigned char *s;
+ size_t n;
+
+ if (r_hexsn)
+ *r_hexsn = NULL;
+ if (r_idstr)
+ *r_idstr = NULL;
+
+ s = shadow_info;
+ if (*s != '(')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s++;
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+
+ if (r_hexsn)
+ {
+ *r_hexsn = bin2hex (s, n, NULL);
+ if (!*r_hexsn)
+ return gpg_error_from_syserror ();
+ }
+ s += n;
+
+ n = snext (&s);
+ if (!n)
+ {
+ if (r_hexsn)
+ {
+ xfree (*r_hexsn);
+ *r_hexsn = NULL;
+ }
+ return gpg_error (GPG_ERR_INV_SEXP);
+ }
+
+ if (r_idstr)
+ {
+ *r_idstr = xtrymalloc (n+1);
+ if (!*r_idstr)
+ {
+ if (r_hexsn)
+ {
+ xfree (*r_hexsn);
+ *r_hexsn = NULL;
+ }
+ return gpg_error_from_syserror ();
+ }
+ memcpy (*r_idstr, s, n);
+ (*r_idstr)[n] = 0;
+ }
+
+ return 0;
+}
+
diff --git a/agent/t-protect.c b/agent/t-protect.c
new file mode 100644
index 0000000..0e29caf
--- /dev/null
+++ b/agent/t-protect.c
@@ -0,0 +1,310 @@
+/* t-protect.c - Module tests for protect.c
+ * Copyright (C) 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+
+#include "agent.h"
+
+
+#define pass() do { ; } while(0)
+#define fail() do { fprintf (stderr, "%s:%d: test failed\n",\
+ __FILE__,__LINE__); \
+ exit (1); \
+ } while(0)
+
+
+static void
+test_agent_protect (void)
+{
+ /* Protect the key encoded in canonical format in PLAINKEY. We assume
+ a valid S-Exp here. */
+
+ unsigned int i;
+ int ret;
+ struct key_spec
+ {
+ const char *string;
+ };
+ /* Valid RSA key. */
+ struct key_spec key_rsa_valid =
+ {
+ "\x28\x31\x31\x3A\x70\x72\x69\x76\x61\x74\x65\x2D\x6B\x65\x79\x28\x33\x3A\x72\x73"
+ "\x61\x28\x31\x3A\x6E\x31\x32\x39\x3A\x00\xB6\xB5\x09\x59\x6A\x9E\xCA\xBC\x93\x92"
+ "\x12\xF8\x91\xE6\x56\xA6\x26\xBA\x07\xDA\x85\x21\xA9\xCA\xD4\xC0\x8E\x64\x0C\x04"
+ "\x05\x2F\xBB\x87\xF4\x24\xEF\x1A\x02\x75\xA4\x8A\x92\x99\xAC\x9D\xB6\x9A\xBE\x3D"
+ "\x01\x24\xE6\xC7\x56\xB1\xF7\xDF\xB9\xB8\x42\xD6\x25\x1A\xEA\x6E\xE8\x53\x90\x49"
+ "\x5C\xAD\xA7\x3D\x67\x15\x37\xFC\xE5\x85\x0A\x93\x2F\x32\xBA\xB6\x0A\xB1\xAC\x1F"
+ "\x85\x2C\x1F\x83\xC6\x25\xE7\xA7\xD7\x0C\xDA\x9E\xF1\x6D\x5C\x8E\x47\x73\x9D\x77"
+ "\xDF\x59\x26\x1A\xBE\x84\x54\x80\x7F\xF4\x41\xE1\x43\xFB\xD3\x7F\x85\x45\x29\x28"
+ "\x31\x3A\x65\x33\x3A\x01\x00\x01\x29\x28\x31\x3A\x64\x31\x32\x38\x3A\x07\x7A\xD3"
+ "\xDE\x28\x42\x45\xF4\x80\x6A\x1B\x82\xB7\x9E\x61\x6F\xBD\xE8\x21\xC8\x2D\x69\x1A"
+ "\x65\x66\x5E\x57\xB5\xFA\xD3\xF3\x4E\x67\xF4\x01\xE7\xBD\x2E\x28\x69\x9E\x89\xD9"
+ "\xC4\x96\xCF\x82\x19\x45\xAE\x83\xAC\x7A\x12\x31\x17\x6A\x19\x6B\xA6\x02\x7E\x77"
+ "\xD8\x57\x89\x05\x5D\x50\x40\x4A\x7A\x2A\x95\xB1\x51\x2F\x91\xF1\x90\xBB\xAE\xF7"
+ "\x30\xED\x55\x0D\x22\x7D\x51\x2F\x89\xC0\xCD\xB3\x1A\xC0\x6F\xA9\xA1\x95\x03\xDD"
+ "\xF6\xB6\x6D\x0B\x42\xB9\x69\x1B\xFD\x61\x40\xEC\x17\x20\xFF\xC4\x8A\xE0\x0C\x34"
+ "\x79\x6D\xC8\x99\xE5\x29\x28\x31\x3A\x70\x36\x35\x3A\x00\xD5\x86\xC7\x8E\x5F\x1B"
+ "\x4B\xF2\xE7\xCD\x7A\x04\xCA\x09\x19\x11\x70\x6F\x19\x78\x8B\x93\xE4\x4E\xE2\x0A"
+ "\xAF\x46\x2E\x83\x63\xE9\x8A\x72\x25\x3E\xD8\x45\xCC\xBF\x24\x81\xBB\x35\x1E\x85"
+ "\x57\xC8\x5B\xCF\xFF\x0D\xAB\xDB\xFF\x8E\x26\xA7\x9A\x09\x38\x09\x6F\x27\x29\x28"
+ "\x31\x3A\x71\x36\x35\x3A\x00\xDB\x0C\xDF\x60\xF2\x6F\x2A\x29\x6C\x88\xD6\xBF\x9F"
+ "\x8E\x5B\xE4\x5C\x0D\xDD\x71\x3C\x96\xCC\x73\xEB\xCB\x48\xB0\x61\x74\x09\x43\xF2"
+ "\x1D\x2A\x93\xD6\xE4\x2A\x72\x11\xE7\xF0\x2A\x95\xDC\xED\x6C\x39\x0A\x67\xAD\x21"
+ "\xEC\xF7\x39\xAE\x8A\x0C\xA4\x6F\xF2\xEB\xB3\x29\x28\x31\x3A\x75\x36\x34\x3A\x33"
+ "\x14\x91\x95\xF1\x69\x12\xDB\x20\xA4\x8D\x02\x0D\xBC\x3B\x9E\x38\x81\xB3\x9D\x72"
+ "\x2B\xF7\x93\x78\xF6\x34\x0F\x43\x14\x8A\x6E\x9F\xC5\xF5\x3E\x28\x53\xB7\x38\x7B"
+ "\xA4\x44\x3B\xA5\x3A\x52\xFC\xA8\x17\x3D\xE6\xE8\x5B\x42\xF9\x78\x3D\x4A\x78\x17"
+ "\xD0\x68\x0B\x29\x29\x29\x00"
+ };
+ /* This RSA key is missing the last closing brace. */
+ struct key_spec key_rsa_bogus_0 =
+ {
+ "\x28\x31\x31\x3A\x70\x72\x69\x76\x61\x74\x65\x2D\x6B\x65\x79\x28\x33\x3A\x72\x73"
+ "\x61\x28\x31\x3A\x6E\x31\x32\x39\x3A\x00\xB6\xB5\x09\x59\x6A\x9E\xCA\xBC\x93\x92"
+ "\x12\xF8\x91\xE6\x56\xA6\x26\xBA\x07\xDA\x85\x21\xA9\xCA\xD4\xC0\x8E\x64\x0C\x04"
+ "\x05\x2F\xBB\x87\xF4\x24\xEF\x1A\x02\x75\xA4\x8A\x92\x99\xAC\x9D\xB6\x9A\xBE\x3D"
+ "\x01\x24\xE6\xC7\x56\xB1\xF7\xDF\xB9\xB8\x42\xD6\x25\x1A\xEA\x6E\xE8\x53\x90\x49"
+ "\x5C\xAD\xA7\x3D\x67\x15\x37\xFC\xE5\x85\x0A\x93\x2F\x32\xBA\xB6\x0A\xB1\xAC\x1F"
+ "\x85\x2C\x1F\x83\xC6\x25\xE7\xA7\xD7\x0C\xDA\x9E\xF1\x6D\x5C\x8E\x47\x73\x9D\x77"
+ "\xDF\x59\x26\x1A\xBE\x84\x54\x80\x7F\xF4\x41\xE1\x43\xFB\xD3\x7F\x85\x45\x29\x28"
+ "\x31\x3A\x65\x33\x3A\x01\x00\x01\x29\x28\x31\x3A\x64\x31\x32\x38\x3A\x07\x7A\xD3"
+ "\xDE\x28\x42\x45\xF4\x80\x6A\x1B\x82\xB7\x9E\x61\x6F\xBD\xE8\x21\xC8\x2D\x69\x1A"
+ "\x65\x66\x5E\x57\xB5\xFA\xD3\xF3\x4E\x67\xF4\x01\xE7\xBD\x2E\x28\x69\x9E\x89\xD9"
+ "\xC4\x96\xCF\x82\x19\x45\xAE\x83\xAC\x7A\x12\x31\x17\x6A\x19\x6B\xA6\x02\x7E\x77"
+ "\xD8\x57\x89\x05\x5D\x50\x40\x4A\x7A\x2A\x95\xB1\x51\x2F\x91\xF1\x90\xBB\xAE\xF7"
+ "\x30\xED\x55\x0D\x22\x7D\x51\x2F\x89\xC0\xCD\xB3\x1A\xC0\x6F\xA9\xA1\x95\x03\xDD"
+ "\xF6\xB6\x6D\x0B\x42\xB9\x69\x1B\xFD\x61\x40\xEC\x17\x20\xFF\xC4\x8A\xE0\x0C\x34"
+ "\x79\x6D\xC8\x99\xE5\x29\x28\x31\x3A\x70\x36\x35\x3A\x00\xD5\x86\xC7\x8E\x5F\x1B"
+ "\x4B\xF2\xE7\xCD\x7A\x04\xCA\x09\x19\x11\x70\x6F\x19\x78\x8B\x93\xE4\x4E\xE2\x0A"
+ "\xAF\x46\x2E\x83\x63\xE9\x8A\x72\x25\x3E\xD8\x45\xCC\xBF\x24\x81\xBB\x35\x1E\x85"
+ "\x57\xC8\x5B\xCF\xFF\x0D\xAB\xDB\xFF\x8E\x26\xA7\x9A\x09\x38\x09\x6F\x27\x29\x28"
+ "\x31\x3A\x71\x36\x35\x3A\x00\xDB\x0C\xDF\x60\xF2\x6F\x2A\x29\x6C\x88\xD6\xBF\x9F"
+ "\x8E\x5B\xE4\x5C\x0D\xDD\x71\x3C\x96\xCC\x73\xEB\xCB\x48\xB0\x61\x74\x09\x43\xF2"
+ "\x1D\x2A\x93\xD6\xE4\x2A\x72\x11\xE7\xF0\x2A\x95\xDC\xED\x6C\x39\x0A\x67\xAD\x21"
+ "\xEC\xF7\x39\xAE\x8A\x0C\xA4\x6F\xF2\xEB\xB3\x29\x28\x31\x3A\x75\x36\x34\x3A\x33"
+ "\x14\x91\x95\xF1\x69\x12\xDB\x20\xA4\x8D\x02\x0D\xBC\x3B\x9E\x38\x81\xB3\x9D\x72"
+ "\x2B\xF7\x93\x78\xF6\x34\x0F\x43\x14\x8A\x6E\x9F\xC5\xF5\x3E\x28\x53\xB7\x38\x7B"
+ "\xA4\x44\x3B\xA5\x3A\x52\xFC\xA8\x17\x3D\xE6\xE8\x5B\x42\xF9\x78\x3D\x4A\x78\x17"
+ "\xD0\x68\x0B\x29\x29\x00"
+ };
+ /* This RSA key is the `e' value. */
+ struct key_spec key_rsa_bogus_1 =
+ {
+ "\x28\x31\x31\x3A\x70\x72\x69\x76\x61\x74\x65\x2D\x6B\x65\x79\x28\x33\x3A\x72\x73"
+ "\x61\x28\x31\x3A\x6E\x31\x32\x39\x3A\x00\xA8\x80\xB6\x71\xF4\x95\x9F\x49\x84\xED"
+ "\xC1\x1D\x5F\xFF\xED\x14\x7B\x9C\x6A\x62\x0B\x7B\xE2\x3E\x41\x48\x49\x85\xF5\x64"
+ "\x50\x04\x9D\x30\xFC\x84\x1F\x01\xC3\xC3\x15\x03\x48\x6D\xFE\x59\x0B\xB0\xD0\x3E"
+ "\x68\x8A\x05\x7A\x62\xB0\xB9\x6E\xC5\xD2\xA8\xEE\x0C\x6B\xDE\x5E\x3D\x8E\xE8\x8F"
+ "\xB3\xAE\x86\x99\x7E\xDE\x2B\xC2\x4D\x60\x51\xDB\xB1\x2C\xD0\x38\xEC\x88\x62\x3E"
+ "\xA9\xDD\x11\x53\x04\x17\xE4\xF2\x07\x50\xDC\x44\xED\x14\xF5\x0B\xAB\x9C\xBC\x24"
+ "\xC6\xCB\xAD\x0F\x05\x25\x94\xE2\x73\xEB\x14\xD5\xEE\x5E\x18\xF0\x40\x31\x29\x28"
+ "\x31\x3A\x64\x31\x32\x38\x3A\x40\xD0\x55\x9D\x2A\xA7\xBC\xBF\xE2\x3E\x33\x98\x71"
+ "\x7B\x37\x3D\xB8\x38\x57\xA1\x43\xEA\x90\x81\x42\xCA\x23\xE1\xBF\x9C\xA8\xBC\xC5"
+ "\x9B\xF8\x9D\x77\x71\xCD\xD3\x85\x8B\x20\x3A\x92\xE9\xBC\x79\xF3\xF7\xF5\x6D\x15"
+ "\xA3\x58\x3F\xC2\xEB\xED\x72\xD4\xE0\xCF\xEC\xB3\xEC\xEB\x09\xEA\x1E\x72\x6A\xBA"
+ "\x95\x82\x2C\x7E\x30\x95\x66\x3F\xA8\x2D\x40\x0F\x7A\x12\x4E\xF0\x71\x0F\x97\xDB"
+ "\x81\xE4\x39\x6D\x24\x58\xFA\xAB\x3A\x36\x73\x63\x01\x77\x42\xC7\x9A\xEA\x87\xDA"
+ "\x93\x8F\x6C\x64\xAD\x9E\xF0\xCA\xA2\x89\xA4\x0E\xB3\x25\x73\x29\x28\x31\x3A\x70"
+ "\x36\x35\x3A\x00\xC3\xF7\x37\x3F\x9D\x93\xEC\xC7\x5E\x4C\xB5\x73\x29\x62\x35\x80"
+ "\xC6\x7C\x1B\x1E\x68\x5F\x92\x56\x77\x0A\xE2\x8E\x95\x74\x87\xA5\x2F\x83\x2D\xF7"
+ "\xA1\xC2\x78\x54\x18\x6E\xDE\x35\xF0\x9F\x7A\xCA\x80\x5C\x83\x5C\x44\xAD\x8B\xE7"
+ "\x5B\xE2\x63\x7D\x6A\xC7\x98\x97\x29\x28\x31\x3A\x71\x36\x35\x3A\x00\xDC\x1F\xB1"
+ "\xB3\xD8\x13\xE0\x09\x19\xFD\x1C\x58\xA1\x2B\x02\xB4\xC8\xF2\x1C\xE7\xF9\xC6\x3B"
+ "\x68\xB9\x72\x43\x86\xEF\xA9\x94\x68\x02\xEF\x7D\x77\xE0\x0A\xD1\xD7\x48\xFD\xCD"
+ "\x98\xDA\x13\x8A\x76\x48\xD4\x0F\x63\x28\xFA\x01\x1B\xF3\xC7\x15\xB8\x53\x22\x7E"
+ "\x77\x29\x28\x31\x3A\x75\x36\x35\x3A\x00\xB3\xBB\x4D\xEE\x5A\xAF\xD0\xF2\x56\x8A"
+ "\x10\x2D\x6F\x4B\x2D\x76\x49\x9B\xE9\xA8\x60\x5D\x9E\x7E\x50\x86\xF1\xA1\x0F\x28"
+ "\x9B\x7B\xE8\xDD\x1F\x87\x4E\x79\x7B\x50\x12\xA7\xB4\x8B\x52\x38\xEC\x7C\xBB\xB9"
+ "\x55\x87\x11\x1C\x74\xE7\x7F\xA0\xBA\xE3\x34\x5D\x61\xBF\x29\x29\x29\x00"
+ };
+
+ struct
+ {
+ const char *key;
+ const char *passphrase;
+ int no_result_expected;
+ int compare_results;
+ unsigned char *result_expected;
+ size_t resultlen_expected;
+ int ret_expected;
+ unsigned char *result;
+ size_t resultlen;
+ } specs[] =
+ {
+ /* Invalid S-Expressions */
+ /* - non-NULL */
+ { "",
+ "passphrase", 1, 0, NULL, 0, GPG_ERR_INV_SEXP, NULL, 0 },
+ /* - NULL; disabled, this segfaults */
+ //{ NULL,
+ // "passphrase", 1, NULL, 0, GPG_ERR_INV_SEXP, NULL, 0 },
+
+ /* Valid and invalid keys. */
+ { key_rsa_valid.string,
+ "passphrase", 0, 0, NULL, 0, 0, NULL, 0 },
+ { key_rsa_bogus_0.string,
+ "passphrase", 0, 0, NULL, 0, GPG_ERR_INV_SEXP, NULL, 0 },
+ { key_rsa_bogus_1.string,
+ "passphrase", 0, 0, NULL, 0, GPG_ERR_INV_SEXP, NULL, 0 },
+
+ /* FIXME: add more test data. */
+ };
+
+ for (i = 0; i < DIM (specs); i++)
+ {
+ ret = agent_protect ((const unsigned char*)specs[i].key,
+ specs[i].passphrase,
+ &specs[i].result, &specs[i].resultlen);
+ if (gpg_err_code (ret) != specs[i].ret_expected)
+ {
+ printf ("agent_protect() returned `%i/%s'; expected `%i/%s'\n",
+ ret, gpg_strerror (ret),
+ specs[i].ret_expected, gpg_strerror (specs[i].ret_expected));
+ abort ();
+ }
+
+ if (specs[i].no_result_expected)
+ {
+ assert (! specs[i].result);
+ assert (! specs[i].resultlen);
+ }
+ else
+ {
+ if (specs[i].compare_results)
+ {
+ assert (specs[i].resultlen == specs[i].resultlen_expected);
+ if (specs[i].result_expected)
+ assert (! memcmp (specs[i].result, specs[i].result_expected,
+ specs[i].resultlen));
+ else
+ assert (! specs[i].result);
+ }
+ xfree (specs[i].result);
+ }
+ }
+}
+
+
+static void
+test_agent_unprotect (void)
+{
+ /* Unprotect the key encoded in canonical format. We assume a valid
+ S-Exp here. */
+/* int */
+/* agent_unprotect (const unsigned char *protectedkey, const char *passphrase, */
+/* unsigned char **result, size_t *resultlen) */
+}
+
+
+static void
+test_agent_private_key_type (void)
+{
+/* Check the type of the private key, this is one of the constants:
+ PRIVATE_KEY_UNKNOWN if we can't figure out the type (this is the
+ value 0), PRIVATE_KEY_CLEAR for an unprotected private key.
+ PRIVATE_KEY_PROTECTED for an protected private key or
+ PRIVATE_KEY_SHADOWED for a sub key where the secret parts are stored
+ elsewhere. */
+/* int */
+/* agent_private_key_type (const unsigned char *privatekey) */
+}
+
+
+static void
+test_make_shadow_info (void)
+{
+#if 0
+ static struct
+ {
+ const char *snstr;
+ const char *idstr;
+ const char *expected;
+ } data[] = {
+ { "", "", NULL },
+
+ };
+ int i;
+ unsigned char *result;
+
+ for (i=0; i < DIM(data); i++)
+ {
+ result = make_shadow_info (data[i].snstr, data[i].idstr);
+ if (!result && !data[i].expected)
+ pass ();
+ else if (!result && data[i].expected)
+ fail ();
+ else if (!data[i].expected)
+ fail ();
+ /* fixme: Need to compare the result but also need to check
+ proper S-expression syntax. */
+ }
+#endif
+}
+
+
+
+static void
+test_agent_shadow_key (void)
+{
+/* Create a shadow key from a public key. We use the shadow protocol
+ "ti-v1" and insert the S-expressionn SHADOW_INFO. The resulting
+ S-expression is returned in an allocated buffer RESULT will point
+ to. The input parameters are expected to be valid canonicalized
+ S-expressions */
+/* int */
+/* agent_shadow_key (const unsigned char *pubkey, */
+/* const unsigned char *shadow_info, */
+/* unsigned char **result) */
+}
+
+
+static void
+test_agent_get_shadow_info (void)
+{
+/* Parse a canonical encoded shadowed key and return a pointer to the
+ inner list with the shadow_info */
+/* int */
+/* agent_get_shadow_info (const unsigned char *shadowkey, */
+/* unsigned char const **shadow_info) */
+}
+
+
+
+
+int
+main (int argc, char **argv)
+{
+ (void)argc;
+ (void)argv;
+
+ gcry_control (GCRYCTL_DISABLE_SECMEM);
+
+ test_agent_protect ();
+ test_agent_unprotect ();
+ test_agent_private_key_type ();
+ test_make_shadow_info ();
+ test_agent_shadow_key ();
+ test_agent_get_shadow_info ();
+
+ return 0;
+}
diff --git a/agent/trans.c b/agent/trans.c
new file mode 100644
index 0000000..9e48889
--- /dev/null
+++ b/agent/trans.c
@@ -0,0 +1,41 @@
+/* trans.c - translatable strings
+ * Copyright (C) 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* To avoid any problems with the gettext implementation (there used
+ to be some vulnerabilities in the last years and the use of
+ external files is a minor security problem in itself), we use our
+ own simple translation stuff */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/stat.h>
+
+#include "agent.h"
+
+const char *
+trans (const char *text)
+{
+ return text;
+}
diff --git a/agent/trustlist.c b/agent/trustlist.c
new file mode 100644
index 0000000..be5406b
--- /dev/null
+++ b/agent/trustlist.c
@@ -0,0 +1,763 @@
+/* trustlist.c - Maintain the list of trusted keys
+ * Copyright (C) 2002, 2004, 2006, 2007, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <pth.h>
+
+#include "agent.h"
+#include <assuan.h> /* fixme: need a way to avoid assuan calls here */
+#include "i18n.h"
+#include "estream.h"
+
+
+/* A structure to store the information from the trust file. */
+struct trustitem_s
+{
+ struct
+ {
+ int disabled:1; /* This entry is disabled. */
+ int for_pgp:1; /* Set by '*' or 'P' as first flag. */
+ int for_smime:1; /* Set by '*' or 'S' as first flag. */
+ int relax:1; /* Relax checking of root certificate
+ constraints. */
+ int cm:1; /* Use chain model for validation. */
+ } flags;
+ unsigned char fpr[20]; /* The binary fingerprint. */
+};
+typedef struct trustitem_s trustitem_t;
+
+/* Malloced table and its allocated size with all trust items. */
+static trustitem_t *trusttable;
+static size_t trusttablesize;
+/* A mutex used to protect the table. */
+static pth_mutex_t trusttable_lock;
+
+
+
+static const char headerblurb[] =
+"# This is the list of trusted keys. Comment lines, like this one, as\n"
+"# well as empty lines are ignored. Lines have a length limit but this\n"
+"# is not a serious limitation as the format of the entries is fixed and\n"
+"# checked by gpg-agent. A non-comment line starts with optional white\n"
+"# space, followed by the SHA-1 fingerpint in hex, followed by a flag\n"
+"# which may be one of 'P', 'S' or '*' and optionally followed by a list of\n"
+"# other flags. The fingerprint may be prefixed with a '!' to mark the\n"
+"# key as not trusted. You should give the gpg-agent a HUP or run the\n"
+"# command \"gpgconf --reload gpg-agent\" after changing this file.\n"
+"\n\n"
+"# Include the default trust list\n"
+"include-default\n"
+"\n";
+
+
+/* This function must be called once to initialize this module. This
+ has to be done before a second thread is spawned. We can't do the
+ static initialization because Pth emulation code might not be able
+ to do a static init; in particular, it is not possible for W32. */
+void
+initialize_module_trustlist (void)
+{
+ static int initialized;
+
+ if (!initialized)
+ {
+ if (!pth_mutex_init (&trusttable_lock))
+ log_fatal ("error initializing mutex: %s\n", strerror (errno));
+ initialized = 1;
+ }
+}
+
+
+
+
+static void
+lock_trusttable (void)
+{
+ if (!pth_mutex_acquire (&trusttable_lock, 0, NULL))
+ log_fatal ("failed to acquire mutex in %s\n", __FILE__);
+}
+
+static void
+unlock_trusttable (void)
+{
+ if (!pth_mutex_release (&trusttable_lock))
+ log_fatal ("failed to release mutex in %s\n", __FILE__);
+}
+
+
+
+static gpg_error_t
+read_one_trustfile (const char *fname, int allow_include,
+ trustitem_t **addr_of_table,
+ size_t *addr_of_tablesize,
+ int *addr_of_tableidx)
+{
+ gpg_error_t err = 0;
+ FILE *fp;
+ int n, c;
+ char *p, line[256];
+ trustitem_t *table, *ti;
+ int tableidx;
+ size_t tablesize;
+ int lnr = 0;
+
+ table = *addr_of_table;
+ tablesize = *addr_of_tablesize;
+ tableidx = *addr_of_tableidx;
+
+ fp = fopen (fname, "r");
+ if (!fp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error opening `%s': %s\n"), fname, gpg_strerror (err));
+ goto leave;
+ }
+
+ while (fgets (line, DIM(line)-1, fp))
+ {
+ lnr++;
+
+ if (!*line || line[strlen(line)-1] != '\n')
+ {
+ /* Eat until end of line. */
+ while ( (c=getc (fp)) != EOF && c != '\n')
+ ;
+ err = gpg_error (*line? GPG_ERR_LINE_TOO_LONG
+ : GPG_ERR_INCOMPLETE_LINE);
+ log_error (_("file `%s', line %d: %s\n"),
+ fname, lnr, gpg_strerror (err));
+ continue;
+ }
+ line[strlen(line)-1] = 0; /* Chop the LF. */
+
+ /* Allow for empty lines and spaces */
+ for (p=line; spacep (p); p++)
+ ;
+ if (!*p || *p == '#')
+ continue;
+
+ if (!strncmp (p, "include-default", 15)
+ && (!p[15] || spacep (p+15)))
+ {
+ char *etcname;
+ gpg_error_t err2;
+
+ if (!allow_include)
+ {
+ log_error (_("statement \"%s\" ignored in `%s', line %d\n"),
+ "include-default", fname, lnr);
+ continue;
+ }
+ /* fixme: Should check for trailing garbage. */
+
+ etcname = make_filename (gnupg_sysconfdir (), "trustlist.txt", NULL);
+ if ( !strcmp (etcname, fname) ) /* Same file. */
+ log_info (_("statement \"%s\" ignored in `%s', line %d\n"),
+ "include-default", fname, lnr);
+ else if ( access (etcname, F_OK) && errno == ENOENT )
+ {
+ /* A non existent system trustlist is not an error.
+ Just print a note. */
+ log_info (_("system trustlist `%s' not available\n"), etcname);
+ }
+ else
+ {
+ err2 = read_one_trustfile (etcname, 0,
+ &table, &tablesize, &tableidx);
+ if (err2)
+ err = err2;
+ }
+ xfree (etcname);
+
+ continue;
+ }
+
+ if (tableidx == tablesize) /* Need more space. */
+ {
+ trustitem_t *tmp;
+ size_t tmplen;
+
+ tmplen = tablesize + 20;
+ tmp = xtryrealloc (table, tmplen * sizeof *table);
+ if (!tmp)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ table = tmp;
+ tablesize = tmplen;
+ }
+
+ ti = table + tableidx;
+
+ memset (&ti->flags, 0, sizeof ti->flags);
+ if (*p == '!')
+ {
+ ti->flags.disabled = 1;
+ p++;
+ while (spacep (p))
+ p++;
+ }
+
+ n = hexcolon2bin (p, ti->fpr, 20);
+ if (n < 0)
+ {
+ log_error (_("bad fingerprint in `%s', line %d\n"), fname, lnr);
+ err = gpg_error (GPG_ERR_BAD_DATA);
+ continue;
+ }
+ p += n;
+ for (; spacep (p); p++)
+ ;
+
+ /* Process the first flag which needs to be the first for
+ backward compatibility. */
+ if (!*p || *p == '*' )
+ {
+ ti->flags.for_smime = 1;
+ ti->flags.for_pgp = 1;
+ }
+ else if ( *p == 'P' || *p == 'p')
+ {
+ ti->flags.for_pgp = 1;
+ }
+ else if ( *p == 'S' || *p == 's')
+ {
+ ti->flags.for_smime = 1;
+ }
+ else
+ {
+ log_error (_("invalid keyflag in `%s', line %d\n"), fname, lnr);
+ err = gpg_error (GPG_ERR_BAD_DATA);
+ continue;
+ }
+ p++;
+ if ( *p && !spacep (p) )
+ {
+ log_error (_("invalid keyflag in `%s', line %d\n"), fname, lnr);
+ err = gpg_error (GPG_ERR_BAD_DATA);
+ continue;
+ }
+
+ /* Now check for more key-value pairs of the form NAME[=VALUE]. */
+ while (*p)
+ {
+ for (; spacep (p); p++)
+ ;
+ if (!*p)
+ break;
+ n = strcspn (p, "= \t");
+ if (p[n] == '=')
+ {
+ log_error ("assigning a value to a flag is not yet supported; "
+ "in `%s', line %d\n", fname, lnr);
+ err = gpg_error (GPG_ERR_BAD_DATA);
+ p++;
+ }
+ else if (n == 5 && !memcmp (p, "relax", 5))
+ ti->flags.relax = 1;
+ else if (n == 2 && !memcmp (p, "cm", 2))
+ ti->flags.cm = 1;
+ else
+ log_error ("flag `%.*s' in `%s', line %d ignored\n",
+ n, p, fname, lnr);
+ p += n;
+ }
+ tableidx++;
+ }
+ if ( !err && !feof (fp) )
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error reading `%s', line %d: %s\n"),
+ fname, lnr, gpg_strerror (err));
+ }
+
+ leave:
+ if (fp)
+ fclose (fp);
+ *addr_of_table = table;
+ *addr_of_tablesize = tablesize;
+ *addr_of_tableidx = tableidx;
+ return err;
+}
+
+
+/* Read the trust files and update the global table on success. */
+static gpg_error_t
+read_trustfiles (void)
+{
+ gpg_error_t err;
+ trustitem_t *table, *ti;
+ int tableidx;
+ size_t tablesize;
+ char *fname;
+ int allow_include = 1;
+
+ tablesize = 20;
+ table = xtrycalloc (tablesize, sizeof *table);
+ if (!table)
+ return gpg_error_from_syserror ();
+ tableidx = 0;
+
+ fname = make_filename (opt.homedir, "trustlist.txt", NULL);
+ if ( access (fname, F_OK) )
+ {
+ if ( errno == ENOENT )
+ ; /* Silently ignore a non-existing trustfile. */
+ else
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error opening `%s': %s\n"), fname, gpg_strerror (err));
+ }
+ xfree (fname);
+ fname = make_filename (gnupg_sysconfdir (), "trustlist.txt", NULL);
+ allow_include = 0;
+ }
+ err = read_one_trustfile (fname, allow_include,
+ &table, &tablesize, &tableidx);
+ xfree (fname);
+
+ if (err)
+ {
+ xfree (table);
+ if (gpg_err_code (err) == GPG_ERR_ENOENT)
+ {
+ /* Take a missing trustlist as an empty one. */
+ lock_trusttable ();
+ xfree (trusttable);
+ trusttable = NULL;
+ trusttablesize = 0;
+ unlock_trusttable ();
+ err = 0;
+ }
+ return err;
+ }
+
+ /* Fixme: we should drop duplicates and sort the table. */
+ ti = xtryrealloc (table, (tableidx?tableidx:1) * sizeof *table);
+ if (!ti)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (table);
+ return err;
+ }
+
+ lock_trusttable ();
+ xfree (trusttable);
+ trusttable = ti;
+ trusttablesize = tableidx;
+ unlock_trusttable ();
+ return 0;
+}
+
+
+
+/* Check whether the given fpr is in our trustdb. We expect FPR to be
+ an all uppercase hexstring of 40 characters. */
+gpg_error_t
+agent_istrusted (ctrl_t ctrl, const char *fpr, int *r_disabled)
+{
+ gpg_error_t err;
+ trustitem_t *ti;
+ size_t len;
+ unsigned char fprbin[20];
+
+ if (r_disabled)
+ *r_disabled = 0;
+
+ if ( hexcolon2bin (fpr, fprbin, 20) < 0 )
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ if (!trusttable)
+ {
+ err = read_trustfiles ();
+ if (err)
+ {
+ log_error (_("error reading list of trusted root certificates\n"));
+ return err;
+ }
+ }
+
+ if (trusttable)
+ {
+ for (ti=trusttable, len = trusttablesize; len; ti++, len--)
+ if (!memcmp (ti->fpr, fprbin, 20))
+ {
+ if (ti->flags.disabled && r_disabled)
+ *r_disabled = 1;
+
+ if (ti->flags.relax)
+ {
+ err = agent_write_status (ctrl,
+ "TRUSTLISTFLAG", "relax",
+ NULL);
+ if (err)
+ return err;
+ }
+ else if (ti->flags.cm)
+ {
+ err = agent_write_status (ctrl,
+ "TRUSTLISTFLAG", "cm",
+ NULL);
+ if (err)
+ return err;
+ }
+ return ti->flags.disabled? gpg_error (GPG_ERR_NOT_TRUSTED) : 0;
+ }
+ }
+ return gpg_error (GPG_ERR_NOT_TRUSTED);
+}
+
+
+/* Write all trust entries to FP. */
+gpg_error_t
+agent_listtrusted (void *assuan_context)
+{
+ trustitem_t *ti;
+ char key[51];
+ gpg_error_t err;
+ size_t len;
+
+ if (!trusttable)
+ {
+ err = read_trustfiles ();
+ if (err)
+ {
+ log_error (_("error reading list of trusted root certificates\n"));
+ return err;
+ }
+ }
+
+ if (trusttable)
+ {
+ /* We need to lock the table because the scheduler may interrupt
+ assuan_send_data and an other thread may then re-read the table. */
+ lock_trusttable ();
+ for (ti=trusttable, len = trusttablesize; len; ti++, len--)
+ {
+ if (ti->flags.disabled)
+ continue;
+ bin2hex (ti->fpr, 20, key);
+ key[40] = ' ';
+ key[41] = ((ti->flags.for_smime && ti->flags.for_pgp)? '*'
+ : ti->flags.for_smime? 'S': ti->flags.for_pgp? 'P':' ');
+ key[42] = '\n';
+ assuan_send_data (assuan_context, key, 43);
+ assuan_send_data (assuan_context, NULL, 0); /* flush */
+ }
+ unlock_trusttable ();
+ }
+
+ return 0;
+}
+
+
+/* Create a copy of string with colons inserted after each two bytes.
+ Caller needs to release the string. In case of a memory failure,
+ NULL is returned. */
+static char *
+insert_colons (const char *string)
+{
+ char *buffer, *p;
+ size_t n = strlen (string);
+ size_t nnew = n + (n+1)/2;
+
+ p = buffer = xtrymalloc ( nnew + 1 );
+ if (!buffer)
+ return NULL;
+ while (*string)
+ {
+ *p++ = *string++;
+ if (*string)
+ {
+ *p++ = *string++;
+ if (*string)
+ *p++ = ':';
+ }
+ }
+ *p = 0;
+ assert (strlen (buffer) <= nnew);
+
+ return buffer;
+}
+
+
+/* To pretty print DNs in the Pinentry, we replace slashes by
+ REPLSTRING. The caller needs to free the returned string. NULL is
+ returned on error with ERRNO set. */
+static char *
+reformat_name (const char *name, const char *replstring)
+{
+ const char *s;
+ char *newname;
+ char *d;
+ size_t count;
+ size_t replstringlen = strlen (replstring);
+
+ /* If the name does not start with a slash it is not a preformatted
+ DN and thus we don't bother to reformat it. */
+ if (*name != '/')
+ return xtrystrdup (name);
+
+ /* Count the names. Note that a slash contained in a DN part is
+ expected to be C style escaped and thus the slashes we see here
+ are the actual part delimiters. */
+ for (s=name+1, count=0; *s; s++)
+ if (*s == '/')
+ count++;
+ newname = xtrymalloc (strlen (name) + count*replstringlen + 1);
+ if (!newname)
+ return NULL;
+ for (s=name+1, d=newname; *s; s++)
+ if (*s == '/')
+ d = stpcpy (d, replstring);
+ else
+ *d++ = *s;
+ *d = 0;
+ return newname;
+}
+
+
+/* Insert the given fpr into our trustdb. We expect FPR to be an all
+ uppercase hexstring of 40 characters. FLAG is either 'P' or 'C'.
+ This function does first check whether that key has already been put
+ into the trustdb and returns success in this case. Before a FPR
+ actually gets inserted, the user is asked by means of the Pinentry
+ whether this is actual want he wants to do. */
+gpg_error_t
+agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag)
+{
+ gpg_error_t err = 0;
+ char *desc;
+ char *fname;
+ estream_t fp;
+ char *fprformatted;
+ char *nameformatted;
+ int is_disabled;
+ int yes_i_trust;
+
+ /* Check whether we are at all allowed to modify the trustlist.
+ This is useful so that the trustlist may be a symlink to a global
+ trustlist with only admin priviliges to modify it. Of course
+ this is not a secure way of denying access, but it avoids the
+ usual clicking on an Okay button most users are used to. */
+ fname = make_filename (opt.homedir, "trustlist.txt", NULL);
+ if ( access (fname, W_OK) && errno != ENOENT)
+ {
+ xfree (fname);
+ return gpg_error (GPG_ERR_EPERM);
+ }
+ xfree (fname);
+
+ if (!agent_istrusted (ctrl, fpr, &is_disabled))
+ {
+ return 0; /* We already got this fingerprint. Silently return
+ success. */
+ }
+
+ /* This feature must explicitly been enabled. */
+ if (!opt.allow_mark_trusted)
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ if (is_disabled)
+ {
+ /* There is an disabled entry in the trustlist. Return an error
+ so that the user won't be asked again for that one. Changing
+ this flag with the integrated marktrusted feature is and will
+ not be made possible. */
+ return gpg_error (GPG_ERR_NOT_TRUSTED);
+ }
+
+
+ /* Insert a new one. */
+ nameformatted = reformat_name (name, "%0A ");
+ if (!nameformatted)
+ return gpg_error_from_syserror ();
+
+ /* First a general question whether this is trusted. */
+ desc = xtryasprintf (
+ /* TRANSLATORS: This prompt is shown by the Pinentry
+ and has one special property: A "%%0A" is used by
+ Pinentry to insert a line break. The double
+ percent sign is actually needed because it is also
+ a printf format string. If you need to insert a
+ plain % sign, you need to encode it as "%%25". The
+ "%s" gets replaced by the name as stored in the
+ certificate. */
+ _("Do you ultimately trust%%0A"
+ " \"%s\"%%0A"
+ "to correctly certify user certificates?"),
+ nameformatted);
+ if (!desc)
+ {
+ xfree (nameformatted);
+ return out_of_core ();
+ }
+ err = agent_get_confirmation (ctrl, desc, _("Yes"), _("No"), 1);
+ xfree (desc);
+ if (!err)
+ yes_i_trust = 1;
+ else if (gpg_err_code (err) == GPG_ERR_NOT_CONFIRMED)
+ yes_i_trust = 0;
+ else
+ {
+ xfree (nameformatted);
+ return err;
+ }
+
+
+ fprformatted = insert_colons (fpr);
+ if (!fprformatted)
+ {
+ xfree (nameformatted);
+ return out_of_core ();
+ }
+
+ /* If the user trusts this certificate he has to verify the
+ fingerprint of course. */
+ if (yes_i_trust)
+ {
+ desc = xtryasprintf
+ (
+ /* TRANSLATORS: This prompt is shown by the Pinentry and has
+ one special property: A "%%0A" is used by Pinentry to
+ insert a line break. The double percent sign is actually
+ needed because it is also a printf format string. If you
+ need to insert a plain % sign, you need to encode it as
+ "%%25". The second "%s" gets replaced by a hexdecimal
+ fingerprint string whereas the first one receives the name
+ as stored in the certificate. */
+ _("Please verify that the certificate identified as:%%0A"
+ " \"%s\"%%0A"
+ "has the fingerprint:%%0A"
+ " %s"), nameformatted, fprformatted);
+ if (!desc)
+ {
+ xfree (fprformatted);
+ xfree (nameformatted);
+ return out_of_core ();
+ }
+
+ /* TRANSLATORS: "Correct" is the label of a button and intended
+ to be hit if the fingerprint matches the one of the CA. The
+ other button is "the default "Cancel" of the Pinentry. */
+ err = agent_get_confirmation (ctrl, desc, _("Correct"), _("Wrong"), 1);
+ xfree (desc);
+ if (gpg_err_code (err) == GPG_ERR_NOT_CONFIRMED)
+ yes_i_trust = 0;
+ else if (err)
+ {
+ xfree (fprformatted);
+ xfree (nameformatted);
+ return err;
+ }
+ }
+
+
+ /* Now check again to avoid duplicates. We take the lock to make
+ sure that nobody else plays with our file and force a reread. */
+ lock_trusttable ();
+ agent_reload_trustlist ();
+ if (!agent_istrusted (ctrl, fpr, &is_disabled) || is_disabled)
+ {
+ unlock_trusttable ();
+ xfree (fprformatted);
+ xfree (nameformatted);
+ return is_disabled? gpg_error (GPG_ERR_NOT_TRUSTED) : 0;
+ }
+
+ fname = make_filename (opt.homedir, "trustlist.txt", NULL);
+ if ( access (fname, F_OK) && errno == ENOENT)
+ {
+ fp = es_fopen (fname, "wx");
+ if (!fp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("can't create `%s': %s\n", fname, gpg_strerror (err));
+ xfree (fname);
+ unlock_trusttable ();
+ xfree (fprformatted);
+ xfree (nameformatted);
+ return err;
+ }
+ es_fputs (headerblurb, fp);
+ es_fclose (fp);
+ }
+ fp = es_fopen (fname, "a+");
+ if (!fp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("can't open `%s': %s\n", fname, gpg_strerror (err));
+ xfree (fname);
+ unlock_trusttable ();
+ xfree (fprformatted);
+ xfree (nameformatted);
+ return err;
+ }
+
+ /* Append the key. */
+ es_fputs ("\n# ", fp);
+ xfree (nameformatted);
+ nameformatted = reformat_name (name, "\n# ");
+ if (!nameformatted || strchr (name, '\n'))
+ {
+ /* Note that there should never be a LF in NAME but we better
+ play safe and print a sanitized version in this case. */
+ es_write_sanitized (fp, name, strlen (name), NULL, NULL);
+ }
+ else
+ es_fputs (nameformatted, fp);
+ es_fprintf (fp, "\n%s%s %c\n", yes_i_trust?"":"!", fprformatted, flag);
+ if (es_ferror (fp))
+ err = gpg_error_from_syserror ();
+
+ if (es_fclose (fp))
+ err = gpg_error_from_syserror ();
+
+ agent_reload_trustlist ();
+ xfree (fname);
+ unlock_trusttable ();
+ xfree (fprformatted);
+ xfree (nameformatted);
+ return err;
+}
+
+
+/* This function may be called to force reloading of the
+ trustlist. */
+void
+agent_reload_trustlist (void)
+{
+ /* All we need to do is to delete the trusttable. At the next
+ access it will get re-read. */
+ lock_trusttable ();
+ xfree (trusttable);
+ trusttable = NULL;
+ trusttablesize = 0;
+ unlock_trusttable ();
+ bump_key_eventcounter ();
+}
diff --git a/am/cmacros.am b/am/cmacros.am
new file mode 100644
index 0000000..be34ca3
--- /dev/null
+++ b/am/cmacros.am
@@ -0,0 +1,55 @@
+# cmacros.am - C macro definitions
+# Copyright (C) 2004 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+localedir = $(datadir)/locale
+
+AM_CPPFLAGS += -DLOCALEDIR=\"$(localedir)\"
+
+if ! HAVE_DOSISH_SYSTEM
+AM_CPPFLAGS += -DGNUPG_BINDIR="\"$(bindir)\"" \
+ -DGNUPG_LIBEXECDIR="\"$(libexecdir)\"" \
+ -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\"" \
+ -DGNUPG_DATADIR="\"$(datadir)/@PACKAGE@\"" \
+ -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\""
+endif
+
+
+# If a specific protect tool program has been defined, pass its name
+# to cc. Note that these macros should not be used directly but via
+# the gnupg_module_name function.
+if GNUPG_AGENT_PGM
+AM_CPPFLAGS += -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
+endif
+if GNUPG_PINENTRY_PGM
+AM_CPPFLAGS += -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
+endif
+if GNUPG_SCDAEMON_PGM
+AM_CPPFLAGS += -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
+endif
+if GNUPG_DIRMNGR_PGM
+AM_CPPFLAGS += -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+endif
+if GNUPG_PROTECT_TOOL_PGM
+AM_CPPFLAGS += -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+endif
+
+
+# Convenience macros
+libcommon = ../common/libcommon.a
+libcommonpth = ../common/libcommonpth.a
+
diff --git a/autogen.sh b/autogen.sh
new file mode 100755
index 0000000..289c21e
--- /dev/null
+++ b/autogen.sh
@@ -0,0 +1,243 @@
+#! /bin/sh
+# Run this to generate all the initial makefiles, etc.
+#
+# Copyright (C) 2003 g10 Code GmbH
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+configure_ac="configure.ac"
+
+cvtver () {
+ awk 'NR==1 {split($NF,A,".");X=1000000*A[1]+1000*A[2]+A[3];print X;exit 0}'
+}
+
+check_version () {
+ if [ `("$1" --version || echo "0") | cvtver` -ge "$2" ]; then
+ return 0
+ fi
+ echo "**Error**: "\`$1\'" not installed or too old." >&2
+ echo ' Version '$3' or newer is required.' >&2
+ [ -n "$4" ] && echo ' Note that this is part of '\`$4\''.' >&2
+ DIE="yes"
+ return 1
+}
+
+# Allow to override the default tool names
+AUTOCONF=${AUTOCONF_PREFIX}${AUTOCONF:-autoconf}${AUTOCONF_SUFFIX}
+AUTOHEADER=${AUTOCONF_PREFIX}${AUTOHEADER:-autoheader}${AUTOCONF_SUFFIX}
+
+AUTOMAKE=${AUTOMAKE_PREFIX}${AUTOMAKE:-automake}${AUTOMAKE_SUFFIX}
+ACLOCAL=${AUTOMAKE_PREFIX}${ACLOCAL:-aclocal}${AUTOMAKE_SUFFIX}
+
+GETTEXT=${GETTEXT_PREFIX}${GETTEXT:-gettext}${GETTEXT_SUFFIX}
+MSGMERGE=${GETTEXT_PREFIX}${MSGMERGE:-msgmerge}${GETTEXT_SUFFIX}
+
+DIE=no
+FORCE=
+if test x"$1" = x"--force"; then
+ FORCE=" --force"
+ shift
+fi
+
+# ***** W32 build script *******
+# Used to cross-compile for Windows.
+if test "$1" = "--build-w32"; then
+ tmp=`dirname $0`
+ tsdir=`cd "$tmp"; pwd`
+ shift
+ if [ ! -f $tsdir/scripts/config.guess ]; then
+ echo "$tsdir/scripts/config.guess not found" >&2
+ exit 1
+ fi
+ build=`$tsdir/scripts/config.guess`
+
+ [ -z "$w32root" ] && w32root="$HOME/w32root"
+ echo "Using $w32root as standard install directory" >&2
+
+ # Locate the cross compiler
+ crossbindir=
+ for host in i586-mingw32msvc i386-mingw32msvc mingw32; do
+ if ${host}-gcc --version >/dev/null 2>&1 ; then
+ crossbindir=/usr/${host}/bin
+ conf_CC="CC=${host}-gcc"
+ break;
+ fi
+ done
+ if [ -z "$crossbindir" ]; then
+ echo "Cross compiler kit not installed" >&2
+ echo "Under Debian GNU/Linux, you may install it using" >&2
+ echo " apt-get install mingw32 mingw32-runtime mingw32-binutils" >&2
+ echo "Stop." >&2
+ exit 1
+ fi
+
+ if [ -f "$tsdir/config.log" ]; then
+ if ! head $tsdir/config.log | grep "$host" >/dev/null; then
+ echo "Please run a 'make distclean' first" >&2
+ exit 1
+ fi
+ fi
+
+ ./configure --enable-maintainer-mode --prefix=${w32root} \
+ --host=${host} --build=${build} \
+ --enable-gpgtar \
+ --with-gpg-error-prefix=${w32root} \
+ --with-ksba-prefix=${w32root} \
+ --with-libgcrypt-prefix=${w32root} \
+ --with-libassuan-prefix=${w32root} \
+ --with-zlib=${w32root} \
+ --with-regex=${w32root} \
+ --with-pth-prefix=${w32root} \
+ --with-adns=${w32root} "$@"
+ rc=$?
+ exit $rc
+fi
+# ***** end W32 build script *******
+
+# ***** AMD64 cross build script *******
+# Used to cross-compile for AMD64 (for testing)
+if test "$1" = "--build-amd64"; then
+ tmp=`dirname $0`
+ tsdir=`cd "$tmp"; pwd`
+ shift
+ if [ ! -f $tsdir/scripts/config.guess ]; then
+ echo "$tsdir/scripts/config.guess not found" >&2
+ exit 1
+ fi
+ build=`$tsdir/scripts/config.guess`
+
+ [ -z "$amd64root" ] && amd64root="$HOME/amd64root"
+ echo "Using $amd64root as standard install directory" >&2
+
+ # Locate the cross compiler
+ crossbindir=
+ for host in x86_64-linux-gnu amd64-linux-gnu; do
+ if ${host}-gcc --version >/dev/null 2>&1 ; then
+ crossbindir=/usr/${host}/bin
+ conf_CC="CC=${host}-gcc"
+ break;
+ fi
+ done
+ if [ -z "$crossbindir" ]; then
+ echo "Cross compiler kit not installed" >&2
+ echo "Stop." >&2
+ exit 1
+ fi
+
+ if [ -f "$tsdir/config.log" ]; then
+ if ! head $tsdir/config.log | grep "$host" >/dev/null; then
+ echo "Please run a 'make distclean' first" >&2
+ exit 1
+ fi
+ fi
+
+ $tsdir/configure --enable-maintainer-mode --prefix=${amd64root} \
+ --host=${host} --build=${build} \
+ --with-gpg-error-prefix=${amd64root} \
+ --with-ksba-prefix=${amd64root} \
+ --with-libgcrypt-prefix=${amd64root} \
+ --with-libassuan-prefix=${amd64root} \
+ --with-zlib=/usr/x86_64-linux-gnu/usr \
+ --with-pth-prefix=/usr/x86_64-linux-gnu/usr
+ rc=$?
+ exit $rc
+fi
+# ***** end AMD64 cross build script *******
+
+
+# Grep the required versions from configure.ac
+autoconf_vers=`sed -n '/^AC_PREREQ(/ {
+s/^.*(\(.*\))/\1/p
+q
+}' ${configure_ac}`
+autoconf_vers_num=`echo "$autoconf_vers" | cvtver`
+
+automake_vers=`sed -n '/^min_automake_version=/ {
+s/^.*="\(.*\)"/\1/p
+q
+}' ${configure_ac}`
+automake_vers_num=`echo "$automake_vers" | cvtver`
+
+gettext_vers=`sed -n '/^AM_GNU_GETTEXT_VERSION(/ {
+s/^.*\[\(.*\)])/\1/p
+q
+}' ${configure_ac}`
+gettext_vers_num=`echo "$gettext_vers" | cvtver`
+
+
+if [ -z "$autoconf_vers" -o -z "$automake_vers" -o -z "$gettext_vers" ]
+then
+ echo "**Error**: version information not found in "\`${configure_ac}\'"." >&2
+ exit 1
+fi
+
+
+if check_version $AUTOCONF $autoconf_vers_num $autoconf_vers ; then
+ check_version $AUTOHEADER $autoconf_vers_num $autoconf_vers autoconf
+fi
+if check_version $AUTOMAKE $automake_vers_num $automake_vers; then
+ check_version $ACLOCAL $automake_vers_num $autoconf_vers automake
+fi
+if check_version $GETTEXT $gettext_vers_num $gettext_vers; then
+ check_version $MSGMERGE $gettext_vers_num $gettext_vers gettext
+fi
+
+if test "$DIE" = "yes"; then
+ cat <<EOF
+
+Note that you may use alternative versions of the tools by setting
+the corresponding environment variables; see README.CVS for details.
+
+EOF
+ exit 1
+fi
+
+
+# Update the git setup.
+if [ -d .git ]; then
+ if [ -f .git/hooks/pre-commit.sample -a ! -f .git/hooks/pre-commit ] ; then
+ cat <<EOF >&2
+*** Activating trailing whitespace git pre-commit hook. ***
+ For more information see this thread:
+ http://mail.gnome.org/archives/desktop-devel-list/2009-May/msg00084html
+ To deactivate this pre-commit hook again move .git/hooks/pre-commit
+ and .git/hooks/pre-commit.sample out of the way.
+EOF
+ cp -av .git/hooks/pre-commit.sample .git/hooks/pre-commit
+ chmod -c +x .git/hooks/pre-commit
+ fi
+ tmp=$(git config --get filter.cleanpo.clean)
+ if [ "$tmp" != "awk '/^\"POT-Creation-Date:/&&!s{s=1;next};!/^#: /{print}'" ]
+ then
+ echo "*** Adding GIT filter.cleanpo.clean configuration." >&2
+ git config --add filter.cleanpo.clean \
+ "awk '/^\"POT-Creation-Date:/&&!s{s=1;next};!/^#: /{print}'"
+ fi
+ if [ -f scripts/git-hooks/commit-msg -a ! -f .git/hooks/commit-msg ] ; then
+ cat <<EOF >&2
+*** Activating commit log message check hook. ***
+EOF
+ cp -av scripts/git-hooks/commit-msg .git/hooks/commit-msg
+ chmod -c +x .git/hooks/commit-msg
+ fi
+fi
+
+
+echo "Running aclocal -I m4 -I gl/m4 ${ACLOCAL_FLAGS:+$ACLOCAL_FLAGS }..."
+$ACLOCAL -I m4 -I gl/m4 $ACLOCAL_FLAGS
+echo "Running autoheader..."
+$AUTOHEADER
+echo "Running automake --gnu ..."
+$AUTOMAKE --gnu;
+echo "Running autoconf${FORCE} ..."
+$AUTOCONF${FORCE}
+
+echo "You may now run:
+ ./configure --sysconfdir=/etc --enable-maintainer-mode --enable-symcryptrun --enable-mailto --enable-gpgtar && make
+"
diff --git a/common/ChangeLog-2011 b/common/ChangeLog-2011
new file mode 100644
index 0000000..0d0d1cc
--- /dev/null
+++ b/common/ChangeLog-2011
@@ -0,0 +1,1638 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2011-08-04 Werner Koch <wk@g10code.com>
+
+ * ssh-utils.c, ssh-utils.h: New.
+ * t-ssh-utils.c: New.
+ * Makefile.am (t_ssh_utils_LDADD): New.
+ (module_tests): Add t-ssh-utils.c
+
+2011-08-04 Werner Koch <wk@g10code.com>
+
+ * pka.c (get_pka_info): Remove set but unused variables ARCOUNT
+ and NSCOUNT.
+ * estream.c (es_fwrite, es_fread): Remove set but unused variable
+ ERR.
+
+2011-04-29 Werner Koch <wk@g10code.com>
+
+ * estream.c (es_pth_kill): New.
+ (estream_pth_killed): New.
+ (ESTREAM_MUTEX_LOCK, ESTREAM_MUTEX_UNLOCK)
+ (ESTREAM_MUTEX_TRYLOCK, ESTREAM_MUTEX_INITIALIZE): Take care of
+ the killed status.
+ (ESTREAM_SYS_YIELD): Ditto.
+ (es_pth_read, es_pth_write): Ditto.
+ (es_init_do): Ditto.
+
+2011-01-20 Werner Koch <wk@g10code.com>
+
+ * estream.c (es_func_mem_write): Fix computation of NEWSIZE.
+
+2011-01-11 Werner Koch <wk@g10code.com>
+
+ Estream changes as used by gnupg master from 2010-07-19.
+
+ * estream.c (es_fname_get, es_fname_set): New.
+ (fname_set_internal): New.
+ (struct estream_internal): Add fields printable_fname and
+ printable_fname_inuse.
+ (_es_get_std_stream): Set stream name.
+ (es_fopen, es_freopen, es_deinitialize): Set fname.
+
+2011-01-10 Thomas Mraz <t8m@centrum.cz> (wk)
+
+ * pka.c (get_pka_info) [!USE_ADNS]: Turn ANSWER into a union to
+ avoid aliasing problems with modern compilers. See bug#1307.
+ Reported by Steve Grubb.
+
+2011-01-10 Werner Koch <wk@g10code.com>
+
+ * session-env.c (update_var): Fix same value test. Fixes
+ bug#1311.
+
+2010-09-16 Werner Koch <wk@g10code.com>
+
+ * util.h: Add GPG_ERR_MISSING_ISSUER_CERT.
+ * status.c (get_inv_recpsgnr_code): Ditto.
+
+2010-05-03 Werner Koch <wk@g10code.com>
+
+ * asshelp.c (lock_agent_spawning, unlock_agent_spawning): New.
+ (start_new_gpg_agent): Test for configured standard socket and
+ try to fire up the agent in this case.
+
+ * exechelp.c (gnupg_spawn_process_detached): Do not reuse PID for
+ the second fork.
+ (gnupg_wait_process): Do not log a message if EXITCODE is given.
+
+2010-03-17 Werner Koch <wk@g10code.com>
+
+ * asshelp.c (start_new_gpg_agent) [W32]: Use a named mutex to
+ avoid starting two agents.
+
+2010-03-12 Werner Koch <wk@g10code.com>
+
+ * status.h (STATUS_ENTER): New.
+
+2010-02-11 Marcus Brinkmann <marcus@g10code.de>
+
+ From trunk 2009-10-16, 2009-11-02, 2009-11-05:
+
+ * Makefile.am (libcommon_a_CFLAGS): Use LIBASSUAN_CFLAGS instead
+ of LIBASSUAN_PTH_CFLAGS.
+ * get-passphrase.c (default_inq_cb, membuf_data_cb): Change return
+ type to gpg_error_t.
+ * asshelp.c (start_new_gpg_agent): Update use of
+ assuan_socket_connect and assuan_pipe_connect. Convert posix FD
+ to assuan FD.
+ [HAVE_W32_SYSTEM]: Add missing argument in assuan_socket_connect
+ invocation.
+ * iobuf.c (iobuf_open_fd_or_name): Fix type of FD in function
+ declaration.
+
+2009-10-13 Werner Koch <wk@g10code.com>
+
+ From trunk 2009-09-23:
+
+ * asshelp.c (start_new_gpg_agent): Allocate assuan context before
+ starting server.
+
+2009-12-21 Marcus Brinkmann <marcus@g10code.de> (wk)
+
+ * Makefile.am (audit-events.h, status.h) [!MAINTAINER_MODE]: No
+ longer include these rules if not in maintainer mode.
+
+2009-12-08 Werner Koch <wk@g10code.com>
+
+ * dns-cert.c: Add support for ADNS.
+
+2009-12-07 Werner Koch <wk@g10code.com>
+
+ * pka.c (get_pka_info): Add support for ADNS.
+ * src.v (getsrv): Add support for ADNS.
+
+ * srv.c (getsrv): s/xrealloc/xtryrealloc/.
+
+2009-12-04 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (audit-events.h, status-codes.h): Create files in
+ the source dir. Fixes bug#1164.
+
+2009-12-03 Werner Koch <wk@g10code.com>
+
+ From trunk:
+ * audit.c (proc_type_decrypt, proc_type_sign): Implemented.
+ (proc_type_verify): Print hash algo infos.
+ * audit.h (AUDIT_DATA_CIPHER_ALGO, AUDIT_BAD_DATA_CIPHER_ALSO)
+ (AUDIT_NEW_RECP, AUDIT_DECRYPTION_RESULT, AUDIT_RECP_RESULT)
+ (AUDIT_ATTR_HASH_ALGO, AUDIT_SIGNED_BY, AUDIT_SIGNING_DONE):
+
+2009-09-03 Werner Koch <wk@g10code.com>
+
+ Update from libestream:
+ * estream-printf.c: Include stdint.h only if HAVE_STDINT_H is
+ defined.
+ * estream-printf.c: Remove all test code. Use macro DEBUG instead
+ of TEST for debugging.
+ * estream-printf.c (pr_float): Make buffer larger for silly high
+ numbers.
+
+2009-08-11 David Shaw <dshaw@jabberwocky.com>
+
+ * ttyio.h, ttyio.c (tty_enable_completion): Some ifdefs around
+ HAVE_LIBREADLINE to allow building when readline isn't available.
+
+2009-08-06 Werner Koch <wk@g10code.com>
+
+ * status.h (STATUS_INV_SGNR, STATUS_NO_SGNR): New.
+ * status.c (get_inv_recpsgnr_code): New.
+
+2009-07-23 David Shaw <dshaw@jabberwocky.com>
+
+ * srv.c (getsrv): Fix type-punning warning.
+
+2009-07-23 Werner Koch <wk@g10code.com>
+
+ * util.h (GPG_ERR_NOT_ENABLED): New.
+ * audit.h (enum): Add AUDIT_CRL_CHECK.
+ * audit.c (proc_type_verify): Show CRL check result.
+
+2009-07-06 Werner Koch <wk@g10code.com>
+
+ * get-passphrase.c (struct agentargs): Add SESSION_ENV and remove
+ obsolete args.
+ (gnupg_prepare_get_passphrase): Ditto.
+
+ * session-env.c, session-env.h: New.
+ * t-session-env.c: New.
+ * Makefile.am (common_sources, module_tests): Add them.
+ * asshelp.h: Include "session-env.h"
+ * asshelp.c (send_one_option): Add arg PUTENV.
+ (send_pinentry_environment): Replace most args by SESSION_ENV and
+ rewrite fucntion.
+ (start_new_gpg_agent): Likewise.
+
+ * t-exechelp.c (test_close_all_fds): Remove debug code.
+
+2009-07-01 Werner Koch <wk@g10code.com>
+
+ * sexputil.c (get_pk_algo_from_canon_sexp): New.
+
+2009-06-29 Werner Koch <wk@g10code.com>
+
+ * estream.c (BUFFER_ROUND_TO_BLOCK): Remove unused macro.
+ (es_func_mem_write): Rewrite reallocation part.
+
+ * estream.c (es_write_sanitized_utf8_buffer): Typo typo fix.
+
+2009-06-25 Werner Koch <wk@g10code.com>
+
+ * estream.c (es_write_sanitized_utf8_buffer): Typo fix.
+
+2009-06-24 Werner Koch <wk@g10code.com>
+
+ * estream.c (es_read_line): In the malloc error case, set
+ MAX_LENGTH to 0 only if requested.
+ * xreadline.c (read_line): Ditto.
+ * estream.c (es_write_sanitized_utf8_buffer): Pass on error from
+ es_fputs.
+ * sexputil.c (get_rsa_pk_from_canon_sexp): Check for error after
+ the loop. Reported by Fabian Keil.
+
+2009-06-22 Werner Koch <wk@g10code.com>
+
+ * estream.c (es_pth_read, es_pth_write) [W32]: New.
+ (ESTREAM_SYS_READ, ESTREAM_SYS_WRITE) [HAVE_PTH]: Use them.
+
+2009-06-03 Werner Koch <wk@g10code.com>
+
+ * estream.c (es_convert_mode): Rewrite and support the "x" flag.
+
+2009-05-28 David Shaw <dshaw@jabberwocky.com>
+
+ From 1.4:
+
+ * http.h, http.c (send_request) Pass in a STRLIST for additional
+ headers. Change all callers.
+
+2009-05-27 David Shaw <dshaw@jabberwocky.com>
+
+ From 1.4:
+
+ * http.h, http.c (send_request): Pass in srvtag and make its
+ presence sufficient to turn the feature on.
+ (http_open): From here.
+ (http_document): And here.
+
+ * srv.c (getsrv): Raise maximum packet size to 2048, as PACKETSZ
+ is too small these days.
+
+2009-05-22 Werner Koch <wk@g10code.com>
+
+ * ttyio.c (tty_cleanup_after_signal): New.
+
+2009-05-19 Werner Koch <wk@g10code.com>
+
+ * simple-pwquery.c (agent_open): Use SUN_LEN
+ (JNLIB_NEED_AFLOCAL): Define and include mischelp.h.
+
+2009-05-07 Werner Koch <wk@g10code.com>
+
+ * sexputil.c (get_rsa_pk_from_canon_sexp): New.
+ * t-sexputil.c (test_make_canon_sexp_from_rsa_pk): Extend the test.
+
+2009-04-28 Werner Koch <wk@g10code.com>
+
+ * sexputil.c (make_canon_sexp_from_rsa_pk): New.
+ * t-sexputil.c (test_make_canon_sexp_from_rsa_pk): New.
+
+2009-04-01 Werner Koch <wk@g10code.com>
+
+ * iobuf.c: Port David's changes from 1.4:
+ (fd_cache_invalidate): Pass return code from close back.
+ (direct_open, iobuf_ioctl): Check that eturn value.
+ (fd_cache_synchronize): New.
+ (iobuf_ioctl): Add new sub command 4 (fsync).
+
+ * iobuf.c (fd_cache_strcmp): New. Taken from 1.4.
+ (fd_cache_invalidate, fd_cache_close, fd_cache_open): Use it.
+
+ * exechelp.c (gnupg_spawn_process): Implement new flag bit 6.
+ * sysutils.c (gnupg_allow_set_foregound_window): Allow the use of
+ ASFW_ANY.
+
+ * membuf.c (put_membuf, get_membuf): Wipe memory on out of core.
+
+2009-03-31 Werner Koch <wk@g10code.com>
+
+ * percent.c (percent_unescape, percent_plus_unescape): New.
+ (percent_plus_unescape_inplace, percent_unescape_inplace): New.
+ (do_plus_or_plain_unescape, count_unescape, do_unescape): New.
+ (do_unescape_inplace): New.
+ * t-percent.c (test_percent_plus_escape): Test percent_plus_unescape.
+
+ * get-passphrase.c, get-passphrase.h: New.
+ * Makefile.am (without_pth_sources): New.
+
+2009-03-18 Werner Koch <wk@g10code.com>
+
+ * exechelp.c: Include sys/resource.h and sys/stat.h.
+ (get_max_open_fds): New.
+ (do_exec): Use it.
+ (get_all_open_fds): New.
+ (close_all_fds): New.
+ (do_exec): Use close_all_fds.
+ * t-exechelp.c: New.
+
+2009-03-13 David Shaw <dshaw@jabberwocky.com>
+
+ * http.c (do_parse_uri): Properly handle IPv6 literal addresses as
+ per RFC-2732. Adapted from patch by Phil Pennock.
+
+2009-03-12 Werner Koch <wk@g10code.com>
+
+ * gettime.c: Include i18n.h.
+ (dump_isotime): New.
+
+2009-03-06 Werner Koch <wk@g10code.com>
+
+ * sexputil.c (make_canon_sexp): New.
+
+2009-03-03 Werner Koch <wk@g10code.com>
+
+ * exechelp.c (do_exec): Make sure that /dev/null connected FDs are
+ not closed.
+
+2009-01-19 Werner Koch <wk@g10code.com>
+
+ * audit.c (writeout_li): Translate a few more result strings.
+ Fixes bug#970.
+
+ * convert.c (hex2str): Fix optimization to append a nul character.
+
+2008-12-05 Werner Koch <wk@g10code.com>
+
+ * percent.c, t-percent.c: New.
+
+ * exechelp.c (gnupg_spawn_process, gnupg_spawn_process_fd)
+ (gnupg_spawn_process_detached) [W32]: Remove debug output.
+
+2008-11-20 Werner Koch <wk@g10code.com>
+
+ * audit.c (writeout_li): Translate OKTEXT.
+
+2008-11-04 Werner Koch <wk@g10code.com>
+
+ * i18n.c (i18n_init) [USE_SIMPLE_GETTEXT]: Adjust for changed
+ w32-gettext.c.
+ * homedir.c (gnupg_localedir): New.
+
+2008-10-20 Werner Koch <wk@g10code.com>
+
+ * http.c (http_register_tls_callback) [!HTTP_USE_GNUTLS]: Mark
+ unused arg.
+ * localename.c (do_nl_locale_name): Ditto.
+ * audit.c (event2str): Silent gcc warning.
+ * sysutils.c (translate_sys2libc_fd): Mark unused arg.
+ (translate_sys2libc_fd_int): Ditto.
+ * iobuf.c (translate_file_handle): Ditto.
+ * asshelp.c (send_one_option): Ditto.
+ * exechelp.c (gnupg_spawn_process): Ditto.
+ * signal.c (got_usr_signal): Ditto
+ * estream.c (es_func_fd_create) [!W32]: Ditto.
+ (es_func_fp_create) [!W32]: Ditto.
+ (es_write_hexstring): Ditto.
+ (dummy_mutex_call_void, dummy_mutex_call_int) [HAVE_PTH]: New.
+ (ESTREAM_MUTEX_LOCK, ESTREAM_MUTEX_UNLOCK, ESTREAM_MUTEX_TRYLOCK)
+ (ESTREAM_MUTEX_INITIALIZE) [HAVE_PTH]: Use dummy calls so to mark
+ unused arg.
+
+2008-10-19 Werner Koch <wk@g10code.com>
+
+ * estream-printf.c (estream_vsnprintf): Fix return value.
+ (check_snprintf): Add a new test.
+ (one_test) [W32]: Disable test.
+
+2008-10-17 Werner Koch <wk@g10code.com>
+
+ * util.h (snprintf) [W32]: Redefine to estream_snprintf.
+
+2008-09-03 Werner Koch <wk@g10code.com>
+
+ * convert.c (hex2str): New.
+ (hex2str_alloc): New.
+ * t-convert.c (test_hex2str): New.
+
+2008-08-19 Werner Koch <wk@g10code.com>
+
+ * iobuf.c: Avoid passing a NULL (iobuf_t)->desc to the log
+ function. Should in general never be NULL, but well. Reported by
+ M. Heneka.
+
+2008-06-26 Werner Koch <wk@g10code.com>
+
+ * estream.c (es_write_sanitized): Loose check for control
+ characters to better cope with utf-8. The range 0x80..0x9f is
+ nowadays not anymore accidently used for control charaters.
+
+2008-06-25 Marcus Brinkmann <marcus@g10code.de>
+
+ Revert last three changes related to handle translation.
+ * sysutils.c:
+ (FD_TRANSLATE_MAX, fd_translate, fd_translate_len)
+ (translate_table_init, translate_table_lookup): Removed.
+ * iobuf.c (check_special_filename): Do not use
+ translate_table_lookup.
+ * sysutils.h (translate_table_init, translate_table_lookup):
+ Remove prototypes.
+
+2008-06-19 Werner Koch <wk@g10code.com>
+
+ * sysutils.c: Remove <ctype.h>.
+ (fd_translate_max): Use macro for the size.
+ (translate_table_init): Protect read against EINTR and replace
+ isspace by spacep.
+
+2008-06-18 Marcus Brinkmann <marcus@g10code.de>
+
+ * sysutils.c (TRANS_MAX): Bump up to 350 to be on the safe side.
+
+ * sysutils.h (translate_table_init, translate_table_lookup): New
+ prototypes.
+ * sysutils.c: Include <ctype.h>.
+ (FD_TRANSLATE_MAX): New macro.
+ (fd_translate, fd_translate_len): New static variables.
+ (translate_table_init, translate_table_lookup): New functions.
+ (translate_sys2libc_fd_int): Translate file descriptor.
+ * iobuf.c (check_special_filename): Translate handle values from
+ special filenames.
+
+2008-06-16 Werner Koch <wk@g10code.com>
+
+ * homedir.c (w32_commondir): New.
+ (gnupg_sysconfdir): Use it.
+
+2008-06-09 Werner Koch <wk@g10code.com>
+
+ * b64dec.c: New.
+
+2008-06-05 Werner Koch <wk@g10code.com>
+
+ * util.h (gnupg_copy_time): Replace strcpy by memcpy.
+
+2008-05-26 Werner Koch <wk@g10code.com>
+
+ * asshelp.c (send_one_option, send_pinentry_environment): use
+ xfree and xtrystrdup.
+
+ * i18n.c (i18n_switchto_utf8) [USE_SIMPLE_GETTEXT]: Return NULL.
+
+ * homedir.c (gnupg_module_name): Add
+ GNUPG_MODULE_NAME_CONNECT_AGENT and GNUPG_MODULE_NAME_GPGCONF.
+
+2008-04-21 Werner Koch <wk@g10code.com>
+
+ * http.c (http_wait_response) [W32]: Use DuplicateHandle because
+ it is a socket.
+ (cookie_read) [W32]: Use recv in place of read.
+
+2008-04-08 Werner Koch <wk@g10code.com>
+
+ * i18n.c (i18n_switchto_utf8, i18n_switchback)
+ [USE_SIMPLE_GETTEXT]: Implement.
+
+2008-04-07 Werner Koch <wk@g10code.com>
+
+ * b64enc.c (b64enc_start): Detect PGP mode.
+ (b64enc_finish): Write PGP CRC.
+ * util.h (struct b64state): Add field CRC.
+ * t-b64.c: New.
+
+ * pka.c (get_pka_info): Use xtrymalloc and check result.
+
+2008-03-25 Werner Koch <wk@g10code.com>
+
+ * localename.c: Strip all W32 code. Include w32help.h.
+ (gnupg_messages_locale_name) [W32]: Use the gettext_localename.
+
+2008-03-17 Werner Koch <wk@g10code.com>
+
+ * iobuf.c (IOBUF_BUFFER_SIZE): Actually use this macro.
+
+ * simple-pwquery.c (agent_send_all_options): Fix last change.
+
+2008-03-06 Werner Koch <wk@g10code.com>
+
+ * simple-pwquery.c (agent_send_all_options): Add support for
+ XAUTHORITY and PINENTRY_USER_DATA.
+
+2008-02-15 Marcus Brinkmann <marcus@g10code.de>
+
+ * exechelp.c (gnupg_spawn_process_fd): Add flag DETACHED_PROCESS
+ unconditionally (required for all callers at the moment).
+
+2008-02-14 Werner Koch <wk@g10code.com>
+
+ * sysutils.c (gnupg_allow_set_foregound_window): New.
+ (WINVER) [W32]: Define.
+
+2008-01-31 Werner Koch <wk@g10code.com>
+
+ * audit.c (audit_print_result): Make sure that the output is
+ always UTF8.
+
+2008-01-27 Werner Koch <wk@g10code.com>
+
+ * exechelp.c (gnupg_spawn_process): Add arg FLAGS and changed all
+ callers to pass 0 for it.
+
+2007-12-13 Werner Koch <wk@g10code.com>
+
+ * sexputil.c (hash_algo_from_sigval): New.
+ * t-sexputil.c: New.
+ * Makefile.am (module_tests): Add it.
+
+2007-12-11 Werner Koch <wk@g10code.com>
+
+ * asshelp.c (send_pinentry_environment): Allow using of old
+ gpg-agents not capabale of the xauthority and pinentry_user_data
+ options.
+
+2007-12-04 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (t_helpfile_LDADD, module_maint_tests): New.
+ * t-helpfile.c: New.
+ * helpfile.c: New.
+ * membuf.h (is_membuf_ready, MEMBUF_ZERO): New.
+ * localename.c: New. Taken from gettext with modifications as done
+ for GpgOL. Export one new function.
+ * util.h (gnupg_messages_locale_name, gnupg_get_help_string): Added.
+
+ * sysutils.c (gnupg_reopen_std): New. Taken from ../g10/gpg.c.
+
+2007-11-27 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (CLEANFILES): New.
+
+ * homedir.c (dirmngr_socket_name): Use CSIDL_WINDOWS.
+
+2007-11-15 Werner Koch <wk@g10code.com>
+
+ * asshelp.c (send_pinentry_environment): Add args XAUTHORITY and
+ PINENTRY_USER_DATA.
+ (start_new_gpg_agent): Ditto.
+
+2007-11-07 Werner Koch <wk@g10code.com>
+
+ * status.h: New.
+ * errors.h: Remove.
+
+2007-11-05 Werner Koch <wk@g10code.com>
+
+ * audit.c, audit.h: New.
+ * Makefile.am: Add rules to build audit-events.h.
+ * exaudit.awk: New.
+ * mkstrtable.awk: New. Taken from libgpg-error.
+
+2007-10-19 Werner Koch <wk@g10code.com>
+
+ * i18n.c (i18n_switchto_utf8, i18n_switchback): New.
+
+2007-10-01 Werner Koch <wk@g10code.com>
+
+ * sysutils.h (FD2INT, INT2FD): New.
+
+2007-09-21 Werner Koch <wk@g10code.com>
+
+ * homedir.c (default_homedir): Make registry work. Reported by
+ Marc Mutz.
+
+2007-08-29 Werner Koch <wk@g10code.com>
+
+ * exechelp.c (gnupg_wait_process): Add arg EXITCODE. Changed all
+ callers.
+ (gnupg_create_inbound_pipe): New.
+ * util.h (GNUPG_MODULE_NAME_GPGSM, GNUPG_MODULE_NAME_GPG): New.
+ * homedir.c (gnupg_module_name): Add them
+
+2007-08-28 Werner Koch <wk@g10code.com>
+
+ * gettime.c (check_isotime, add_isotime): New. Originally written
+ for DirMngr by me.
+ (add_days_to_isotime): New.
+ (date2jd, jd2date, days_per_month, days_per_year): New. Taken from
+ my ancient (1988) code used in Wedit (time2.c).
+
+2007-08-27 Werner Koch <wk@g10code.com>
+
+ * util.h (GNUPG_MODULE_NAME_CHECK_PATTERN): New.
+ * homedir.c (gnupg_module_name): Add it.
+ * exechelp.c (w32_fd_or_null) [W32]: New.
+ (gnupg_spawn_process_fd): New.
+ (gnupg_wait_process) [W32]: Close the handle after if the process has
+ returned.
+
+2007-08-22 Werner Koch <wk@g10code.com>
+
+ Updated estream from libestream.
+
+ * estream.c (mem_malloc, mem_realloc, mem_free): New. Use them
+ instead of the ES_MEM_foo.
+ * estream.c (estream_cookie_mem): Remove members DONT_FREE,
+ APPEND_ZERO, PTR and SIZE. Add MEMORY_LIMIT. Put GROW into a new
+ FLAGS struct.
+ (es_func_mem_create): Remove APPEND_ZERO, DONT_FREE, PTR and
+ SIZE. Add MEMORY_LIMIT.
+ (es_func_mem_write, es_func_mem_seek, es_func_mem_destroy): Revamp.
+ (es_open_memstream): Change API to just take a memory limit and a
+ mode argument. Rename to ..
+ (es_fopenmem): .. this.
+ (HAVE_W32_SYSTEM) [_WIN32]: Define if not defined.
+ (tmpfd) [W32]: Implement directly using the W32 API.
+ (es_fgets): Rewrite without using doreadline.
+
+2007-08-21 Werner Koch <wk@g10code.com>
+
+ * sysutils.c (gnupg_tmpfile): New.
+ * t-sysutils.c: New.
+ * Makefile.am (module_tests): Add t-sysutils.
+
+2007-08-20 Werner Koch <wk@g10code.com>
+
+ * exechelp.c [W32]: Redefine X_OK to F_OK.
+
+2007-08-16 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (t_convert_DEPENDENCIES): Remove
+ ($(PROGRAMS)): Remove.
+ (t_common_ldadd): Use libcommon.a and not the macro.
+
+2007-08-14 Werner Koch <wk@g10code.com>
+
+ * homedir.c (dirmngr_socket_name): New.
+
+2007-08-07 Werner Koch <wk@g10code.com>
+
+ * tlv.c, tlv.h: Move from ../scd/.
+ * tlv.c (parse_sexp, parse_ber_header): Add ERRSOURCE arg and prefix
+ name with a _.
+ * tlv.h: Use macro to convey ERRSOURCE.
+
+2007-08-02 Werner Koch <wk@g10code.com>
+
+ * gc-opt-flags.h: New.
+
+2007-08-01 Werner Koch <wk@g10code.com>
+
+ * estream-printf.c (read_dummy_value): Removed as it is useless now.
+ (read_values): Remove check on !vaargs which is not anymore needed
+ and anyway not portable. Reported by Peter O'Gorman.
+
+2007-07-16 Werner Koch <wk@g10code.com>
+
+ * estream.c (es_func_file_create): Clear NO_CLOSE flag.
+
+2007-07-12 Werner Koch <wk@g10code.com>
+
+ * sysutils.h (gnupg_fd_t): New.
+ * sysutils.c (translate_sys2libc_fd): Use that type instead of int.
+ (translate_sys2libc_fd_int): New.
+
+2007-07-09 Werner Koch <wk@g10code.com>
+
+ * t-gettime.c (test_isotime2epoch): Use time_t and not u32.
+
+2007-07-05 Werner Koch <wk@g10code.com>
+
+ * t-gettime.c: New.
+ * gettime.c (isotime2epoch, epoch2isotime): New.
+
+2007-07-04 Werner Koch <wk@g10code.com>
+
+ * estream.c (es_init_do): Do not throw an error if pth has already
+ been initialized.
+
+2007-06-26 Werner Koch <wk@g10code.com>
+
+ * Makefile.am ($(PROGRAMS)): New.
+
+ * util.h (init_common_subsystems): Moved to ..
+ * init.h: .. New.
+ * util.h: Include init.h.
+
+ * homedir.c (standard_homedir): New.
+ (default_homedir) [W32]: Reimplemented in terms of
+ standard_homedir. Fixed memory leak.
+
+2007-06-25 Werner Koch <wk@g10code.com>
+
+ * iobuf.c: Add more documentation and slighly restructured macro
+ defintion for better readability.
+ (FILEP_OR_FD): Rename to fp_or_fd_t.
+ (CLOSE_CACHE): Rename to close_cache_t.
+
+ * sysutils.c (translate_sys2libc_fd): New using the code from iobuf.c.
+ * iobuf.c: Include sysutils.h.
+ (iobuf_translate_file_handle): Remove.
+ (translate_file_handle): Use new function.
+
+ * estream-printf.c [TEST]: Header including fixes.
+ (do_format): Do not append a trailing Nul. This avoids spurious
+ Nuls in the es_printf output.
+ (estream_vsnprintf, estream_vasprintf): Take this in account.
+
+ * estream.h (struct es__stream): Change FLAGS to a bit structure.
+ (ES__FLAG_WRITING): Replace by a bit from FLAGS. * estream.c
+ (struct estream_internal): Rename FLAGS to MODEFLAGS so that they
+ are not confused with the estream flags.
+ (es_initialize, es_create): Add arg MODEFLAGS so that we can setup
+ the intial writemode. Changed all callers to pass them.
+ (es_convert_mode): Set O_BINARY.
+ (es_func_fd_create, es_func_fp_create, es_func_file_create) [W32]:
+ Call setmode if requested.
+
+2007-06-24 Werner Koch <wk@g10code.com>
+
+ * estream.c (do_fpopen, es_fpopen, es_fpopen_nc): New.
+ (es_func_fp_create, es_func_fp_read, es_func_fp_write)
+ (es_func_fp_seek, es_func_fp_destroy): New.
+
+2007-06-22 Werner Koch <wk@g10code.com>
+
+ * estream.c (es_fdopen): Factored code out to..
+ (do_fdopen): .. new.
+ (es_fdopen_nc): New.
+ (estream_cookie_fd): Add field NO_CLOSE.
+ (es_func_fd_create): Add arg NO_CLOSE and changed all callers.
+ (es_func_fd_destroy): Handle the new flag.
+
+ * homedir.c (gnupg_libexecdir) [W32]: Factor code out to ..
+ (w32_rootdir): .. new.
+ (gnupg_sysconfdir, gnupg_libdir, gnupg_datadir) [W32]: Return
+ name based on w32_rootdir().
+
+2007-06-21 Werner Koch <wk@g10code.com>
+
+ * membuf.h (get_membuf_len): New.
+
+ * membuf.c (init_membuf_secure): Really allocate in secure memory.
+ (put_membuf_str): New.
+
+ * ttyio.c (tty_getf): New.
+
+ * util.h (ctrl_t): Declare it here.
+
+ * asshelp.c (start_new_gpg_agent): New. Based on code from
+ ../sm/call-agent.c
+
+2007-06-20 Werner Koch <wk@g10code.com>
+
+ * sysutils.c (gnupg_sleep): New.
+ * sysutils.h [W32]: Remove _sleep wrapper. Changed all callers to
+ use gnupg_sleep.
+
+ * exechelp.c (build_w32_commandline_copy): New.
+ (build_w32_commandline): Factored some code out to new function
+ and correctly process a PGMNAME with spaces.
+ (gnupg_spawn_process_detached) [W32]: Implement.
+
+2007-06-14 Werner Koch <wk@g10code.com>
+
+ * simple-pwquery.h (MAP_SPWQ_ERROR_IMPL): New.
+ (SPWQ_NO_PIN_ENTRY): New.
+ * simple-pwquery.c (simple_pw_set_socket): New.
+ (agent_open): Use it if GPG_AGENT_INFO is not set.
+ (simple_pwquery): Extended to allow returning of otehyr error codes.
+
+ * util.h (GNUPG_MODULE_NAME_AGENT, GNUPG_MODULE_NAME_PINENTRY)
+ (GNUPG_MODULE_NAME_SCDAEMON, GNUPG_MODULE_NAME_DIRMNGR)
+ (GNUPG_MODULE_NAME_PROTECT_TOOL): New.
+ * homedir.c (gnupg_module_name): New.
+ (gnupg_bindir): New.
+
+2007-06-12 Werner Koch <wk@g10code.com>
+
+ * homedir.c (gnupg_sysconfdir): New.
+ (gnupg_libexecdir): New. Taken from g10/misc.c:get_libexecdir.
+ (gnupg_datadir): New.
+ (gnupg_libdir): New.
+
+ * http.c (connect_server) [W32]: Do not call init_sockets if
+ HTTP_NO_WSASTARTUP is defined.
+
+ * init.c: New.
+
+ * estream.c (es_init_do): Init stream lock here because we can't
+ use a static initialization with W32pth.
+
+2007-06-11 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (t_common_ldadd): Use libcommonstd macro.
+
+2007-06-06 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Include am/cmacros.am.
+
+ * sysutils.h [W32]: Remove prototypes for the registry access.
+ * w32reg.c: Move to ../jnlib/w32-reg.c.
+
+ * i18n.c (i18n_init): New.
+
+ * simple-gettext.c: Remove.
+
+ * iobuf.c (iobuf_get_filelength): Rename SIZE to EXSIZE to silent
+ shadowing warning.
+
+2007-06-04 Werner Koch <wk@g10code.com>
+
+ * http.c [W32]: Include unistd.h also in this case.
+ (write_server) [W32]: Fixed error code.
+ (init_sockets): Fixed syntax error.
+ (cookie_close): Replace close by sock_close macro.
+
+ * estream.c [w32]: Do not init Mutex.
+
+ * Makefile.am (common_sources) [USE_SNS_SRV]: Build srv.c only
+ when needed.
+
+ * ttyio.c (init_ttyfp) [W32]: Do not use TTYFP.
+
+ * util.h: Include ../jnlib/dynload.h.
+
+ * dynload.h: Move to ../jnlib.
+
+2007-05-30 Werner Koch <wk@g10code.com>
+
+ * estream.c (MEM_FREE, MEM_ALLOC, MEM_REALLOC): Prefix with ES_ as
+ windows.h also has such definitions,
+
+2007-05-15 Werner Koch <wk@g10code.com>
+
+ * util.h: Do not include gnulib's vasprintf. Redefine asprintf
+ and vasprintf.
+
+ * xasprintf.c (xasprintf, xtryasprintf): Use estream_vasprintf.
+
+ * estream-printf.h, estream-printf.c: New. Taken from current
+ libestream SVN.
+ * Makefile.am (common_sources): Add them.
+
+2007-05-14 Werner Koch <wk@g10code.com>
+
+ * sexp-parse.h (smklen): New.
+ * sexputil.c: Include sexp-parse.h.
+ (make_simple_sexp_from_hexstr): Replace sprintf by smklen.
+
+2007-05-07 Werner Koch <wk@g10code.com>
+
+ * signal.c (got_fatal_signal): Protect SIG from being clobbered by
+ a faulty signal implementaion. Suggested by James Juran.
+
+2007-04-25 Werner Koch <wk@g10code.com>
+
+ * i18n.h (ngettext): New.
+ * simple-gettext.c (ngettext): New.
+
+2007-04-20 Werner Koch <wk@g10code.com>
+
+ * miscellaneous.c (my_gcry_logger, my_gcry_outofcore_handler):
+ Moved from gpg-agent to here.
+ (my_gcry_fatalerror_handler): new.
+ (setup_libgcrypt_logging): New.
+
+2007-03-19 Werner Koch <wk@g10code.com>
+
+ * miscellaneous.c (print_hexstring): New.
+ * estream.c (es_fprintf_unlocked): New.
+ (es_write_sanitized): New.
+ (es_write_hexstring): New.
+ (es_write_sanitized_utf8_buffer) [GNUPG_MAJOR_VERSION]: New.
+
+2007-03-09 David Shaw <dshaw@jabberwocky.com>
+
+ From STABLE-BRANCH-1-4
+
+ * http.c (do_parse_uri): Remove the hkp port 11371 detection. We
+ implement hkp in the keyserver handler, and the support here makes
+ it appear like a bad hkp request actually succeeded.
+
+2007-01-31 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (t_common_ldadd): Add LIBINCONV and LIBINTL.
+
+2007-01-25 Werner Koch <wk@g10code.com>
+
+ * simple-pwquery.c (simple_pwquery): New arg OPT_CHECK.
+
+2006-12-13 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am (AM_CPPFLAGS): Include intl/ so we can reference the
+ built-in headers.
+
+2006-11-23 Werner Koch <wk@g10code.com>
+
+ * http.c: Include i18n.h
+
+2006-11-21 Werner Koch <wk@g10code.com>
+
+ * estream.c: Remove explicit Pth soft mapping diabling becuase it
+ is now done in config.h.
+
+2006-11-15 Werner Koch <wk@g10code.com>
+
+ * estream.c: Disabled Pth soft mapping.
+ (my_funopen_hook_ret_t): New.
+ (print_fun_writer): Use it here.
+
+ * iobuf.c (fd_cache_close): Use %d instead of %p for debug output.
+
+2006-11-03 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (t_convert_DEPENDENCIES): Add libcommon. From
+ Gentoo.
+
+2006-10-24 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (libcommon_a_CFLAGS): Add $(LIBASSUAN_CFLAGS).
+ (libsimple_pwquery_a_CFLAGS): New variable.
+
+2006-10-20 Werner Koch <wk@g10code.com>
+
+ * convert.c (hex2bin): New.
+
+2006-10-17 Werner Koch <wk@g10code.com>
+
+ * estream.c (struct estream_internal, es_initialize)
+ (es_deinitialize, print_fun_writer, es_print): New and modified
+ functions to avoid tempfiles for printf style printing.
+
+ * Makefile.am (libcommonpth_a_SOURCES): New. We now build a secon
+ version of the library with explicit Pth support.
+ * exechelp.c, estream.c: Make use of WITHOUT_GNU_PTH.
+
+2006-10-08 Werner Koch <wk@g10code.com>
+
+ * gpgrlhelp.c: Trun all functions into dummies if readline is not
+ available.
+
+2006-10-06 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (AM_CFLAGS): Use PTH version of libassuan.
+
+ * util.h (GNUPG_GCC_A_SENTINEL): Defined for gcc >= 4.
+
+2006-10-04 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgrlhelp.c: readline requires stdio.h.
+
+2006-10-04 Werner Koch <wk@g10code.com>
+
+ * membuf.c (init_membuf_secure): New.
+ (put_membuf): Make sure that ERRNO is set even if the underlying
+ malloc code does not work properly.
+ (get_membuf): Set ERRNO on error.
+ (get_membuf): Allow to pass LEN as NULL.
+
+2006-10-02 Werner Koch <wk@g10code.com>
+
+ * iobuf.c (iobuf_unread): Removed. This code is not required.
+ Also removed the entire unget buffer stuff.
+
+2006-09-27 Werner Koch <wk@g10code.com>
+
+ * util.h: Do not include strsep.h and strpbrk.h.
+ (isascii): Removed as it is now in jnlib.
+
+ * iobuf.c (pop_filter, underflow, iobuf_close): Free the unget
+ buffer.
+
+2006-09-27 Florian Weimer <fweimer@bfk.de> (wk)
+
+ * iobuf.c (iobuf_unread): New.
+
+2006-09-22 Werner Koch <wk@g10code.com>
+
+ * i18n.h: Changed license to an all permissive one.
+
+ * ttyio.c (tty_get): We need to use readline too. Added two more
+ hooks.
+
+2006-09-21 Werner Koch <wk@g10code.com>
+
+ * ttyio.c (tty_private_set_rl_hooks): New.
+ (tty_enable_completion, tty_disable_completion): Use a hook to
+ enable readline support. Now always available.
+ (tty_cleanup_rl_after_signal): New.
+
+ * ttyio.h: Removed readline specific stuff. Included util.h.
+ * common-defs.h: New.
+
+2006-09-15 Werner Koch <wk@g10code.com>
+
+ * convert.c: New.
+ (hexcolon2bin): New.
+ (bin2hex, bin2hexcolon, do_binhex): New.
+ * t-convert.c: New
+
+2006-09-14 Werner Koch <wk@g10code.com>
+
+ * util.h (out_of_core): Use new gpg_error_from_syserror function.
+
+ * http.c (init_sockets): Changed it to require 2.2 unless it is
+ build within gnupg 1 where we require 1.1 (and not anymore allow
+ for 1.0).
+
+2006-09-07 Werner Koch <wk@g10code.com>
+
+ * exechelp.c (gnupg_spawn_process): Factor out post fork code to ..
+ (do_exec): .. new function. Allow passing of -1 for the fds.
+ (gnupg_spawn_process): Terminate gcrypt's secure memory in the child.
+ (gnupg_spawn_process_detached): New.
+
+2006-09-06 Werner Koch <wk@g10code.com>
+
+ * maperror.c: Removed.
+
+ * util.h (out_of_core): New.
+
+2006-09-04 Werner Koch <wk@g10code.com>
+
+ * http.c (http_get_header): New.
+ (capitalize_header_name, store_header): New.
+ (parse_response): Store headers away.
+ (send_request): Return GPG_ERR_NOT_FOUND if connect_server failed.
+ * http.h: New flag HTTP_FLAG_NEED_HEADER.
+
+2006-08-21 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (libcommon_a_SOURCES): Added keyserver.h
+
+ * openpgpdefs.h: New. Stripped from ..g10/packet.h.
+
+2006-08-16 Werner Koch <wk@g10code.com>
+
+ * keyserver.h: Moved from ../include to here.
+
+ * http.c: Include srv.h.
+
+ * srv.c, srv.h: New. Taken from GnuPG 1.4
+
+2006-08-14 Werner Koch <wk@g10code.com>
+
+ * http.h (struct http_context_s): Moved to implementation.
+ * http.c (http_open): Changed call to return a context.
+ (http_open_document): Ditto.
+ (http_get_read_ptr, http_get_read_ptr, http_get_status_code): New.
+ (do_parse_uri): Replaced strlwr by straight code to ease
+ standalone use of this file.
+ (http_wait_response): Removed arg STATUS_CODE as it is available
+ through an accessor function. Adjusted caller.
+ (http_escape_string): New.
+
+ * estream.c (es_read_line): Renamed to ..
+ (doreadline): .. this. Changed all callers.
+ (es_read_line): New. This is theusual limited getline variabnt as
+ used at several places. Here taken and adjusted from xreadline.c
+ (es_free): New.
+
+2006-08-11 Werner Koch <wk@g10code.com>
+
+ * http.c: Major internal changes to optionallly support GNUTLS and
+ ESTREAM.
+ (http_open): Move initialization of the stream ...
+ (send_request): .. here.
+ (http_register_tls_callback): New.
+
+ * estream.c (es_writen): Try to seek only is a seek function has
+ been registered.
+
+2006-08-09 Werner Koch <wk@g10code.com>
+
+ * http.c, http.h: New. Taken from gnupg 1.4.5, merged with
+ changes done for the Dirmngr project (by g10 Code) and cleaned up
+ some stuff.
+ (make_header_line): New. Change all caller to make user of the new
+ * Makefile.am (libcommon_a_SOURCES): Added http.c and http.h.
+
+2006-05-23 Werner Koch <wk@g10code.com>
+
+ * gettime.c (isotimestamp): New.
+
+ * ttyio.c (tty_get_ttyname): Posixly correct usage of ctermid.
+
+ * dns-cert.c: New. Taken from 1.4.3's util/cert.c.
+ * dns-cert.h: New.
+
+2006-05-22 Werner Koch <wk@g10code.com>
+
+ * pka.c: New. Taked from 1.4.3.
+ * pka.h: New.
+ * Makefile.am: Added pka.
+
+2006-05-19 Werner Koch <wk@g10code.com>
+
+ * yesno.c (answer_is_yes_no_default, answer_is_yes_no_quit):
+ Updated from 1.4.3.
+ (answer_is_okay_cancel): new. From 1.4.3.
+
+ * miscellaneous.c (match_multistr): New. Taken from 1.4.3.
+
+ * ttyio.c (tty_enable_completion, tty_disable_completion): New
+ dummy functions.
+ * ttyio.h: Add prototypes and stubs.
+
+2006-04-19 Werner Koch <wk@g10code.com>
+
+ * iobuf.c (iobuf_get_fd): New. Taken from 1.4.3.
+ (iobuf_is_pipe_filename): New.
+ (pop_filter): Made static.
+ (iobuf_skip_rest): New. Orginal patch by Florian
+ Weimer. Added new argument PARTIAL.
+ (block_filter): Remove the old gpg indeterminate length mode.
+ (block_filter): Properly handle a partial body stream
+ that ends with a 5-byte length that happens to be zero.
+ (iobuf_set_block_mode, iobuf_in_block_mode): Removed as
+ superfluous.
+ (iobuf_get_filelength): New arg OVERFLOW.
+ (iobuf_get_filelength) [W32]: Use GetFileSizeEx if available
+ * miscellaneous.c (is_file_compressed): Take care of OVERFLOW.
+
+2006-04-18 Werner Koch <wk@g10code.com>
+
+ * homedir.c (w32_shgetfolderpath): New. Taken from gpg 1.4.3.
+ (default_homedir): Use it.
+
+2005-10-08 Marcus Brinkmann <marcus@g10code.de>
+
+ * signal.c (get_signal_name): Check value of HAVE_DECL_SYS_SIGLIST
+ instead of just if it is defined.
+
+2005-09-28 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).
+
+2005-07-04 Marcus Brinkmann <marcus@g10code.de>
+
+ * simple-pwquery.h (simple_pwclear): New prototype.
+ * simple-pwquery.c (simple_pwclear): New function.
+
+2005-06-15 Werner Koch <wk@g10code.com>
+
+ * miscellaneous.c (make_printable_string): Made P a void*.
+
+ * sexputil.c (keygrip_from_canon_sexp, cmp_simple_canon_sexp):
+ Fixed signed/unsigned pointer mismatch.
+ (make_simple_sexp_from_hexstr): Ditto. This is all too ugly; I
+ wonder why gcc-4's default is to warn about them and forcing us to
+ use cast the warning away.
+ * iobuf.c (block_filter): Ditto.
+ (iobuf_flush): Ditto.
+ (iobuf_read_line): Ditto.
+ (iobuf_read): Make BUFFER a void *.
+ (iobuf_write): Make BUFFER a const void *.
+ * ttyio.c (tty_print_utf8_string2): Ditto.
+ * estream.c (estream_cookie_mem): Make MEMORY unsigned char*.
+ (es_write): Make BUFFER a void *.
+ (es_writen): Ditto.
+ (es_func_fd_read, es_func_fd_write, es_func_mem_read)
+ (es_func_mem_write): Ditto.
+ (es_read, es_readn): Ditto.
+ (es_func_mem_write): Made MEMORY_NEW an unsigned char *.
+ * estream.h (es_cookie_read_function_t)
+ (es_cookie_write_function_t): Changed buffer arg to void*.
+
+2005-06-03 Werner Koch <wk@g10code.com>
+
+ * estream.c: Use HAVE_CONFIG_H and not USE_CONFIG_H!
+ (es_func_fd_read, es_func_fd_write): Protect against EINTR.
+
+2005-06-01 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (AM_CPPFLAGS): Added.
+
+ * util.h: Add some includes for gnulib.
+ (ttyname, isascii): Define them inline.
+ * fseeko.c, ftello.c: Removed.
+ * strsep.c, mkdtemp.c: Removed.
+ * ttyname.c, isascii.c: Removed.
+
+2005-05-31 Werner Koch <wk@g10code.com>
+
+ * dynload.h: s/__inline__/inline/.
+
+2005-05-13 Werner Koch <wk@g10code.com>
+
+ * signal.c (got_fatal_signal): Print the signal number if we can't
+ get a name for it.
+ (get_signal_name): Return NULL if no name is available. Fixed
+ conditional for sys_siglist to the correct one.
+
+2005-04-17 Werner Koch <wk@g10code.com>
+
+ * sexputil.c (cmp_simple_canon_sexp): New.
+ (make_simple_sexp_from_hexstr): New.
+
+2005-04-07 Werner Koch <wk@g10code.com>
+
+ * sexputil.c: New.
+
+2005-04-11 Marcus Brinkmann <marcus@g10code.de>
+
+ * simple-pwquery.c (simple_pwquery): Use spwq_secure_free.
+
+2005-03-03 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (AM_CFLAGS): Added PTH_CFLAGS. Noted by Kazu Yamamoto.
+
+2005-02-25 Werner Koch <wk@g10code.com>
+
+ * xasprintf.c (xtryasprintf): New.
+
+2005-01-26 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am (libcommon_a_SOURCES): New source files: estream.c,
+ estream.h.
+ * estream.c, estream.h: New files.
+
+2005-01-03 Werner Koch <wk@g10code.com>
+
+ * asshelp.c (send_pinentry_environment): Fixed changed from
+ 2004-12-18; cut+paste error for lc-messages.
+
+2004-12-21 Werner Koch <wk@g10code.com>
+
+ * simple-pwquery.c (agent_open) [W32]: Implement for W32.
+ (readline) [W32]: Use recv instead of read.
+ (writen) [W32]: Use send instead of write.
+ (my_stpcpy): Define a stpcpy replacement so that this file
+ continues to be self-contained.
+ (agent_send_all_options) [W32]: Don't call ttyname.
+
+2004-12-21 Marcus Brinkmann <marcus@g10code.de>
+
+ * simple-pwquery.h (simple_query): Add prototype.
+ * simple-pwquery.c (simple_query): New function.
+
+2004-12-21 Werner Koch <wk@g10code.com>
+
+ * signal.c (got_fatal_signal, got_usr_signal)
+ (got_fatal_signal) [DOSISH]: Don't build.
+ * simple-gettext.c: Include sysutils.h
+
+ * homedir.c: New. Use CSIDL_APPDATA for W32 as the default home
+ directory.
+ * Makefile.am (libcommon_a_SOURCES): Add it.
+ (EXTRA_DIST): Removed mkerror and mkerrtok.
+
+2004-12-20 Werner Koch <wk@g10code.com>
+
+ * sysutils.h [W32]: Define sleep.
+ * util.h: Add prototype for mkdtemp.
+
+ * membuf.c (put_membuf): Wipe out buffer after a failed realloc.
+
+2004-12-19 Werner Koch <wk@g10code.com>
+
+ * maperror.c (map_assuan_err_with_source): Oops, args were swapped.
+
+2004-12-18 Werner Koch <wk@g10code.com>
+
+ * maperror.c (map_assuan_err): Renamed to ..
+ (map_assuan_err_with_source): .. this and add arg SOURCE.c
+ * asshelp.c (send_pinentry_environment, send_one_option): Add arg
+ ERRSOURCE.
+
+2004-12-15 Werner Koch <wk@g10code.com>
+
+ * sysutils.h [W32]: Prototypes for registry functions.
+ * w32reg.c: Include sysutils.h
+
+ * simple-pwquery.c [W32]: Dummy code to allow a build.
+
+ * exechelp.c [W32]: Implemented for W32 .
+
+ * ttyname.c: New.
+
+ * asshelp.c (send_one_option): New.
+ (send_pinentry_environment): Cleaned up and made sure that empty
+ values are not send.
+
+2004-12-07 Werner Koch <wk@g10code.com>
+
+ * asshelp.c (send_pinentry_environment) [W32]: Do not use ttyname.
+
+2004-12-06 Werner Koch <wk@g10code.com>
+
+ * exechelp.h, exechelp.c: New. Based on code from ../sm/import.c.
+
+2004-12-03 Werner Koch <wk@g10code.com>
+
+ * strsep.c: Fixed copyright comments.
+
+2004-11-26 Werner Koch <wk@g10code.com>
+
+ * simple-gettext.c: New taken from gnupg 1.3.x
+
+ * simple-pwquery.c [_WIN32]: Include winsock2.h.
+ (agent_open): Disable it until we have our AF_UNIX implementation
+ ready.
+ * fseeko.c, ftello.c: Include sys/types for the sake of W32.
+
+2004-11-23 Werner Koch <wk@g10code.com>
+
+ * b64enc.c: Include stdio.h and string.h
+
+2004-08-18 Werner Koch <wk@g10code.de>
+
+ * simple-pwquery.c (simple_pwquery): Handle gpg-error style return
+ code for canceled.
+
+2004-07-20 Werner Koch <wk@g10code.de>
+
+ * maperror.c: Removed header ksba.h. Not required anymore.
+
+2004-06-14 Werner Koch <wk@gnupg.org>
+
+ * xreadline.c: New. Based on the iobuf_read_line function.
+
+2004-05-12 Werner Koch <wk@gnupg.org>
+
+ * util.h (xtrycalloc_secure,xtrymalloc_secure): New.
+
+2004-05-11 Werner Koch <wk@gnupg.org>
+
+ * sysutils.c (disable_core_dumps): Only set the current limit.
+ (enable_core_dumps): New.
+
+2004-04-13 Werner Koch <wk@gnupg.org>
+
+ * simple-pwquery.c (copy_and_escape): Relaxed quoting.
+
+2004-04-05 Werner Koch <wk@gnupg.org>
+
+ * errors.h (STATUS_NEWSIG): New.
+
+2004-03-11 Werner Koch <wk@gnupg.org>
+
+ * dynload.h [__MINGW32__]: Define RTLD_LAZY.
+
+2004-03-09 Werner Koch <wk@gnupg.org>
+
+ * maperror.c (map_assuan_err): Map the Locale_Problem item.
+
+2004-03-03 Werner Koch <wk@gnupg.org>
+
+ * asshelp.c, asshelp.h: New.
+ (send_pinentry_environment): New. Code taken from ../sm/call-agent.c.
+
+2004-02-19 Werner Koch <wk@gnupg.org>
+
+ * simple-pwquery.c (agent_open): Don't mangle INFOSTR.
+
+2004-02-17 Werner Koch <wk@gnupg.org>
+
+ * simple-pwquery.c (agent_open): Ignore an empty GPG_AGENT_INFO.
+
+ * errors.h: Added STATUS_IMPORT_OK.
+
+2004-02-10 Werner Koch <wk@gnupg.org>
+
+ * b64enc.c: New. Based on code from ../sm/base64.c.
+
+2004-01-30 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (libcommon_a_SOURCES): Add xasprintf.c.
+ * miscellaneous.c (xasprintf): Moved to ...
+ * xasprintf (xasprintf): ... here. New file.
+ This allows to use xasprintf without sucking in gpg-error.
+
+2004-01-27 Werner Koch <wk@gnupg.org>
+
+ * sexp-parse.h: New; moved from../agent.
+
+ * util.h (xtoi_4): New.
+
+2003-12-23 Werner Koch <wk@gnupg.org>
+
+ * maperror.c (map_assuan_err): Prepared for a new error code.
+
+2003-12-17 Werner Koch <wk@gnupg.org>
+
+ * gettime.c (asctimestamp): Add a note on a non-avoidable gcc warning.
+
+ * util.h [!HAVE_VASPRINTF]: Add printf format attribute to the
+ replacement function.
+
+ * miscellaneous.c (xasprintf): New.
+
+2003-11-14 Werner Koch <wk@gnupg.org>
+
+ * mkdtemp.c (mkdtemp): Use gcry_create_nonce.
+
+ * cryptmiss.c: Removed.
+
+2003-11-13 Werner Koch <wk@gnupg.org>
+
+ * util.h (vasprintf): Also fixed the prototype.
+
+ * vasprintf.c (vasprintf): ARGS should not be a pointer. Fixed
+ segv on Solaris. Reported by Andrew J. Schorr.
+
+2003-11-12 Werner Koch <wk@gnupg.org>
+
+ * maperror.c (map_ksba_err, map_gcry_err, map_kbx_err): Removed.
+
+2003-10-31 Werner Koch <wk@gnupg.org>
+
+ * util.h (gnupg_isotime_t): New.
+ (gnupg_copy_time): New.
+
+ * gettime.c (gnupg_get_isotime): New.
+
+2003-09-23 Werner Koch <wk@gnupg.org>
+
+ * iobuf.c (check_special_filename): Replaced is isdigit by digitp
+ to avoid passing negative values and potential locale problems.
+ Problem noted by Christian Biere.
+
+ * util.h (ascii_isspace): New.
+
+2003-09-18 Werner Koch <wk@gnupg.org>
+
+ * ttyio.c (tty_fprintf): New.
+ (tty_print_string, tty_print_utf8_string2)
+ (tty_print_utf8_string): Made P argument const byte*.
+
+2003-08-20 Marcus Brinkmann <marcus@g10code.de>
+
+ * maperror.c (map_ksba_err): Map -1. Use gpg_err_make to set
+ the error source.
+
+2003-08-14 Timo Schulz <twoaday@freakmail.de>
+
+ * dynload.h. New. W32 wrapper around the dynload mechanism.
+
+2003-07-15 Werner Koch <wk@gnupg.org>
+
+ * simple-pwquery.c, simple-pwquery.h: New; moved from ../agent.
+ * Makefile.am (libsimple_pwquery_a_LIBADD): New.
+
+2003-06-25 Werner Koch <wk@gnupg.org>
+
+ * maperror.c (map_to_assuan_status): Directly map 0 to 0.
+
+2003-06-17 Werner Koch <wk@gnupg.org>
+
+ * gettime.c (scan_isodatestr,add_days_to_timestamp,strtimevalue)
+ (strtimestamp,asctimestamp): New. Code taken from gnupg 1.3.2
+ mischelp.c.
+
+ * yesno.c: New. Code taken from gnupg 1.3.2 mischelp.c
+
+ * miscellaneous.c: New.
+
+ * util.h: Include utf8conf.h
+
+2003-06-16 Werner Koch <wk@gnupg.org>
+
+ * gettime.c (make_timestamp): New.
+
+ * ttyio.c: New. Taken from gnupg 1.2.
+ * ttyio.h: Move from ../include.
+
+2003-06-13 Werner Koch <wk@gnupg.org>
+
+ * util.h (seterr): Removed macro.
+ (xmalloc_secure,xcalloc_secure): New.
+
+2003-06-11 Werner Koch <wk@gnupg.org>
+
+ * iobuf.c (iobuf_writebyte,iobuf_write): Return error code from
+ iobuf_flush.
+ (iobuf_writestr): Ditto.
+
+2003-06-10 Werner Koch <wk@gnupg.org>
+
+ * iobuf.c, iobuf.h: New. Taken from current gnupg 1.3 CVS. Run
+ indent on it and adjusted error handling to libgpg-error style.
+ Replaced IOBUF by iobuf_t. Renamed malloc functions.
+
+2003-06-04 Werner Koch <wk@gnupg.org>
+
+ * errors.h: Removed all error codes. We keep the status codes for
+ now.
+ * Makefile.am: Do not create errors.c anymore; remove it from the
+ sources.
+
+ * maperror.c: Don't include error.h. Change all error codes to
+ libgpg-error style.
+ (map_assuan_err): Changed to new Assuan error code convention.
+ (map_to_assuan_status): Likewise.
+ (map_gcry_err,map_kbx_err): Not needed. For now dummy functions.
+
+ * membuf.c, membuf.h: New. Code taken from ../sm/call-agent.h.
+ * Makefile.am: Added above.
+
+2003-04-29 Werner Koch <wk@gnupg.org>
+
+ * util.h (fopencokokie): Removed prototype and struct.
+
+ * fopencookie.c: Removed.
+
+ * maperror.c: Use system assuan.h
+
+2002-10-31 Neal H. Walfield <neal@g10code.de>
+
+ * isascii.c: New file.
+ * putc_unlocked.c: Likewise.
+
+2002-10-28 Neal H. Walfield <neal@g10code.de>
+
+ * signal.c (caught_fatal_sig): Remove superfluous zero
+ initializer.
+ (caught_sigusr1): Likewise.
+
+2002-09-04 Neal H. Walfield <neal@g10code.de>
+
+ * vasprintf.c (vasprintf) [va_copy]: Use va_copy.
+ [!va_copy && __va_copy]: Use __va_copy.
+ [!va_copy && !__va_copy]: Only now fall back to using memcpy.
+
+2002-08-21 Werner Koch <wk@gnupg.org>
+
+ * errors.h: Added STATUS_IMPORT_PROBLEM.
+
+2002-08-20 Werner Koch <wk@gnupg.org>
+
+ * vasprintf.c: Hack to handle NULL for %s.
+
+2002-08-09 Werner Koch <wk@gnupg.org>
+
+ * signal.c: New. Taken from GnuPG 1.1.91.
+
+2002-07-23 Werner Koch <wk@gnupg.org>
+
+ * util.h (_IO_cookie_io_functions_t): Fixed typo. Noted by
+ Richard Lefebvre.
+
+2002-07-22 Werner Koch <wk@gnupg.org>
+
+ * fseeko.c, ftello.c: New.
+
+2002-06-28 Werner Koch <wk@gnupg.org>
+
+ * maperror.c (map_to_assuan_status): Map more errorcodes to Bad
+ Certificate.
+
+2002-06-26 Werner Koch <wk@gnupg.org>
+
+ * maperror.c (map_to_assuan_status): Map EOF to No_Data_Available.
+
+2002-06-10 Werner Koch <wk@gnupg.org>
+
+ * errors.h (gnupg_error_token): Add new prototype.
+ (STATUS_ERROR): New.
+
+ * mkerrtok: New.
+ * Makefile.am: Use it to create the new error token function.
+
+2002-06-04 Werner Koch <wk@gnupg.org>
+
+ * maperror.c (map_to_assuan_status): Map Bad_CA_Certificate.
+
+2002-05-23 Werner Koch <wk@gnupg.org>
+
+ * no-pth.c, Makefile.am: Removed.
+
+2002-05-22 Werner Koch <wk@gnupg.org>
+
+ * mkdtemp.c: Replaced byte by unsigned char because it is no longer
+ defined in gcrypt.h.
+
+2002-05-21 Werner Koch <wk@gnupg.org>
+
+ * maperror.c (map_gcry_err): Add libgcrypt's new S-expression errors.
+ (map_ksba_err): Add a few mappings.
+
+2002-05-14 Werner Koch <wk@gnupg.org>
+
+ * gettime.c: New.
+
+2002-05-03 Werner Koch <wk@gnupg.org>
+
+ * errors.h: Added STARUS_EXPSIG and STATUS_EXPKEYSIG.
+
+2002-04-15 Werner Koch <wk@gnupg.org>
+
+ * cryptmiss.c: New.
+
+2002-02-14 Werner Koch <wk@gnupg.org>
+
+ * maperror.c: Add more assuan<->gnupg mappings.
+
+2002-02-12 Werner Koch <wk@gnupg.org>
+
+ * fopencookie.c: Dummy function.
+
+ * vasprintf.c: New. Taken from binutils-2.9.1 and dropped all non
+ ANSI-C stuff. Merged with asprintf version.
+
+ * no-pth.c: New.
+
+2002-01-23 Werner Koch <wk@gnupg.org>
+
+ * mkdtemp.c: Copied from gnupg-1.0.6c and changed to use libgcrypt.
+
+2002-01-19 Werner Koch <wk@gnupg.org>
+
+ * sysutils.c: New. This is the misc.c file from gnupg 1.0.6 with
+ the OpenPGP stuff removed.
+ * sysutils.h: New.
+
+2002-01-15 Werner Koch <wk@gnupg.org>
+
+ * maperror.c: Add mapping for Not_Trusted.
+
+2002-01-11 Werner Koch <wk@gnupg.org>
+
+ * maperror.c (map_assuan_err): Codes for CRL
+
+2002-01-08 Werner Koch <wk@gnupg.org>
+
+ * util.h (spacep): New.
+
+2002-01-02 Werner Koch <wk@gnupg.org>
+
+ * maperror.c (map_to_assuan_status): New. Merged from ../agent
+ and ../sm.
+
+2001-12-20 Werner Koch <wk@gnupg.org>
+
+ * maperror.c (map_gcry_err): Add some mappings.
+
+2001-12-18 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (AM_CPPFLAGS): Include flags for gcrypt and ksba
+
+2001-12-14 Werner Koch <wk@gnupg.org>
+
+ * util.h (digitp, hexdigitp): New ctype like macros.
+ (atoi_1,atoi_2,atoi_4,xtoi_1,xtoi_2): New.
+
+
+ Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ 2008, 2009 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/common/Makefile.am b/common/Makefile.am
new file mode 100644
index 0000000..75b4623
--- /dev/null
+++ b/common/Makefile.am
@@ -0,0 +1,142 @@
+# Makefile for common gnupg modules
+# Copyright (C) 2001, 2003, 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+## Process this file with automake to produce Makefile.in
+
+EXTRA_DIST = mkstrtable.awk exaudit.awk exstatus.awk \
+ audit-events.h status-codes.h ChangeLog-2011
+
+noinst_LIBRARIES = libcommon.a libcommonpth.a libsimple-pwquery.a libgpgrl.a
+noinst_PROGRAMS = $(module_tests) $(module_maint_tests)
+TESTS = $(module_tests)
+
+BUILT_SOURCES = audit-events.h status-codes.h
+
+CLEANFILES = audit-events.h status-codes.h
+
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl
+
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS)
+
+include $(top_srcdir)/am/cmacros.am
+
+common_sources = \
+ common-defs.h \
+ util.h i18n.c i18n.h \
+ status.c status.h\
+ openpgpdefs.h \
+ gc-opt-flags.h \
+ keyserver.h \
+ sexp-parse.h \
+ tlv.c tlv.h \
+ init.c init.h \
+ sexputil.c \
+ sysutils.c sysutils.h \
+ homedir.c \
+ gettime.c \
+ yesno.c \
+ b64enc.c b64dec.c \
+ convert.c \
+ percent.c \
+ miscellaneous.c \
+ xasprintf.c \
+ xreadline.c \
+ membuf.c membuf.h \
+ iobuf.c iobuf.h \
+ ttyio.c ttyio.h \
+ asshelp.c asshelp.h \
+ exechelp.c exechelp.h \
+ signal.c \
+ estream.c estream.h estream-printf.c estream-printf.h \
+ audit.c audit.h \
+ srv.h \
+ dns-cert.c dns-cert.h \
+ pka.c pka.h \
+ http.c http.h \
+ localename.c \
+ session-env.c session-env.h \
+ ssh-utils.c ssh-utils.h \
+ helpfile.c
+
+# Sources only useful without PTH.
+without_pth_sources = \
+ get-passphrase.c get-passphrase.h
+
+
+libcommon_a_SOURCES = $(common_sources) $(without_pth_sources)
+if USE_DNS_SRV
+libcommon_a_SOURCES += srv.c
+endif
+libcommon_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) -DWITHOUT_GNU_PTH=1
+
+libcommonpth_a_SOURCES = $(common_sources)
+if USE_DNS_SRV
+libcommonpth_a_SOURCES += srv.c
+endif
+libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
+
+libsimple_pwquery_a_SOURCES = \
+ simple-pwquery.c simple-pwquery.h asshelp.c asshelp.h
+libsimple_pwquery_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS)
+
+libgpgrl_a_SOURCES = \
+ gpgrlhelp.c
+
+if MAINTAINER_MODE
+# Note: Due to the dependency on Makefile, the file will always be
+# rebuilt, so we allow this only in maintainer mode.
+
+# Create the audit-events.h include file from audit.h
+# Note: We create the target file in the source directory because it
+# is a distributed built source. If we would not do that we may end
+# up with two files and then it is not clear which version of the
+# files will be picked up.
+audit-events.h: Makefile mkstrtable.awk exaudit.awk audit.h
+ $(AWK) -f $(srcdir)/exaudit.awk $(srcdir)/audit.h \
+ | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \
+ -v namespace=eventstr_ > $(srcdir)/audit-events.h
+
+# Create the status-codes.h include file from status.h
+status-codes.h: Makefile mkstrtable.awk exstatus.awk status.h
+ $(AWK) -f $(srcdir)/exstatus.awk $(srcdir)/status.h \
+ | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \
+ -v namespace=statusstr_ > $(srcdir)/status-codes.h
+
+endif
+
+
+#
+# Module tests
+#
+module_tests = t-convert t-percent t-gettime t-sysutils t-sexputil t-exechelp \
+ t-session-env t-ssh-utils
+module_maint_tests = t-helpfile t-b64
+
+t_common_ldadd = libcommon.a ../jnlib/libjnlib.a ../gl/libgnu.a \
+ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV)
+
+t_convert_LDADD = $(t_common_ldadd)
+t_percent_LDADD = $(t_common_ldadd)
+t_gettime_LDADD = $(t_common_ldadd)
+t_sysutils_LDADD = $(t_common_ldadd)
+t_helpfile_LDADD = $(t_common_ldadd)
+t_sexputil_LDADD = $(t_common_ldadd)
+t_b64_LDADD = $(t_common_ldadd)
+t_exechelp_LDADD = $(t_common_ldadd)
+t_session_env_LDADD = $(t_common_ldadd)
+t_ssh_utils_LDADD = $(t_common_ldadd)
diff --git a/common/Makefile.in b/common/Makefile.in
new file mode 100644
index 0000000..04c00b1
--- /dev/null
+++ b/common/Makefile.in
@@ -0,0 +1,2035 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Makefile for common gnupg modules
+# Copyright (C) 2001, 2003, 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+# cmacros.am - C macro definitions
+# Copyright (C) 2004 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+noinst_PROGRAMS = $(am__EXEEXT_1) $(am__EXEEXT_2)
+TESTS = $(am__EXEEXT_1)
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/am/cmacros.am
+@HAVE_DOSISH_SYSTEM_FALSE@am__append_1 = -DGNUPG_BINDIR="\"$(bindir)\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBEXECDIR="\"$(libexecdir)\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_DATADIR="\"$(datadir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\""
+
+
+# If a specific protect tool program has been defined, pass its name
+# to cc. Note that these macros should not be used directly but via
+# the gnupg_module_name function.
+@GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
+@GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
+@GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@USE_DNS_SRV_TRUE@am__append_7 = srv.c
+@USE_DNS_SRV_TRUE@am__append_8 = srv.c
+subdir = common
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+LIBRARIES = $(noinst_LIBRARIES)
+ARFLAGS = cru
+libcommon_a_AR = $(AR) $(ARFLAGS)
+libcommon_a_LIBADD =
+am__libcommon_a_SOURCES_DIST = common-defs.h util.h i18n.c i18n.h \
+ status.c status.h openpgpdefs.h gc-opt-flags.h keyserver.h \
+ sexp-parse.h tlv.c tlv.h init.c init.h sexputil.c sysutils.c \
+ sysutils.h homedir.c gettime.c yesno.c b64enc.c b64dec.c \
+ convert.c percent.c miscellaneous.c xasprintf.c xreadline.c \
+ membuf.c membuf.h iobuf.c iobuf.h ttyio.c ttyio.h asshelp.c \
+ asshelp.h exechelp.c exechelp.h signal.c estream.c estream.h \
+ estream-printf.c estream-printf.h audit.c audit.h srv.h \
+ dns-cert.c dns-cert.h pka.c pka.h http.c http.h localename.c \
+ session-env.c session-env.h ssh-utils.c ssh-utils.h helpfile.c \
+ get-passphrase.c get-passphrase.h srv.c
+am__objects_1 = libcommon_a-i18n.$(OBJEXT) \
+ libcommon_a-status.$(OBJEXT) libcommon_a-tlv.$(OBJEXT) \
+ libcommon_a-init.$(OBJEXT) libcommon_a-sexputil.$(OBJEXT) \
+ libcommon_a-sysutils.$(OBJEXT) libcommon_a-homedir.$(OBJEXT) \
+ libcommon_a-gettime.$(OBJEXT) libcommon_a-yesno.$(OBJEXT) \
+ libcommon_a-b64enc.$(OBJEXT) libcommon_a-b64dec.$(OBJEXT) \
+ libcommon_a-convert.$(OBJEXT) libcommon_a-percent.$(OBJEXT) \
+ libcommon_a-miscellaneous.$(OBJEXT) \
+ libcommon_a-xasprintf.$(OBJEXT) \
+ libcommon_a-xreadline.$(OBJEXT) libcommon_a-membuf.$(OBJEXT) \
+ libcommon_a-iobuf.$(OBJEXT) libcommon_a-ttyio.$(OBJEXT) \
+ libcommon_a-asshelp.$(OBJEXT) libcommon_a-exechelp.$(OBJEXT) \
+ libcommon_a-signal.$(OBJEXT) libcommon_a-estream.$(OBJEXT) \
+ libcommon_a-estream-printf.$(OBJEXT) \
+ libcommon_a-audit.$(OBJEXT) libcommon_a-dns-cert.$(OBJEXT) \
+ libcommon_a-pka.$(OBJEXT) libcommon_a-http.$(OBJEXT) \
+ libcommon_a-localename.$(OBJEXT) \
+ libcommon_a-session-env.$(OBJEXT) \
+ libcommon_a-ssh-utils.$(OBJEXT) libcommon_a-helpfile.$(OBJEXT)
+am__objects_2 = libcommon_a-get-passphrase.$(OBJEXT)
+@USE_DNS_SRV_TRUE@am__objects_3 = libcommon_a-srv.$(OBJEXT)
+am_libcommon_a_OBJECTS = $(am__objects_1) $(am__objects_2) \
+ $(am__objects_3)
+libcommon_a_OBJECTS = $(am_libcommon_a_OBJECTS)
+libcommonpth_a_AR = $(AR) $(ARFLAGS)
+libcommonpth_a_LIBADD =
+am__libcommonpth_a_SOURCES_DIST = common-defs.h util.h i18n.c i18n.h \
+ status.c status.h openpgpdefs.h gc-opt-flags.h keyserver.h \
+ sexp-parse.h tlv.c tlv.h init.c init.h sexputil.c sysutils.c \
+ sysutils.h homedir.c gettime.c yesno.c b64enc.c b64dec.c \
+ convert.c percent.c miscellaneous.c xasprintf.c xreadline.c \
+ membuf.c membuf.h iobuf.c iobuf.h ttyio.c ttyio.h asshelp.c \
+ asshelp.h exechelp.c exechelp.h signal.c estream.c estream.h \
+ estream-printf.c estream-printf.h audit.c audit.h srv.h \
+ dns-cert.c dns-cert.h pka.c pka.h http.c http.h localename.c \
+ session-env.c session-env.h ssh-utils.c ssh-utils.h helpfile.c \
+ srv.c
+am__objects_4 = libcommonpth_a-i18n.$(OBJEXT) \
+ libcommonpth_a-status.$(OBJEXT) libcommonpth_a-tlv.$(OBJEXT) \
+ libcommonpth_a-init.$(OBJEXT) \
+ libcommonpth_a-sexputil.$(OBJEXT) \
+ libcommonpth_a-sysutils.$(OBJEXT) \
+ libcommonpth_a-homedir.$(OBJEXT) \
+ libcommonpth_a-gettime.$(OBJEXT) \
+ libcommonpth_a-yesno.$(OBJEXT) libcommonpth_a-b64enc.$(OBJEXT) \
+ libcommonpth_a-b64dec.$(OBJEXT) \
+ libcommonpth_a-convert.$(OBJEXT) \
+ libcommonpth_a-percent.$(OBJEXT) \
+ libcommonpth_a-miscellaneous.$(OBJEXT) \
+ libcommonpth_a-xasprintf.$(OBJEXT) \
+ libcommonpth_a-xreadline.$(OBJEXT) \
+ libcommonpth_a-membuf.$(OBJEXT) libcommonpth_a-iobuf.$(OBJEXT) \
+ libcommonpth_a-ttyio.$(OBJEXT) \
+ libcommonpth_a-asshelp.$(OBJEXT) \
+ libcommonpth_a-exechelp.$(OBJEXT) \
+ libcommonpth_a-signal.$(OBJEXT) \
+ libcommonpth_a-estream.$(OBJEXT) \
+ libcommonpth_a-estream-printf.$(OBJEXT) \
+ libcommonpth_a-audit.$(OBJEXT) \
+ libcommonpth_a-dns-cert.$(OBJEXT) libcommonpth_a-pka.$(OBJEXT) \
+ libcommonpth_a-http.$(OBJEXT) \
+ libcommonpth_a-localename.$(OBJEXT) \
+ libcommonpth_a-session-env.$(OBJEXT) \
+ libcommonpth_a-ssh-utils.$(OBJEXT) \
+ libcommonpth_a-helpfile.$(OBJEXT)
+@USE_DNS_SRV_TRUE@am__objects_5 = libcommonpth_a-srv.$(OBJEXT)
+am_libcommonpth_a_OBJECTS = $(am__objects_4) $(am__objects_5)
+libcommonpth_a_OBJECTS = $(am_libcommonpth_a_OBJECTS)
+libgpgrl_a_AR = $(AR) $(ARFLAGS)
+libgpgrl_a_LIBADD =
+am_libgpgrl_a_OBJECTS = gpgrlhelp.$(OBJEXT)
+libgpgrl_a_OBJECTS = $(am_libgpgrl_a_OBJECTS)
+libsimple_pwquery_a_AR = $(AR) $(ARFLAGS)
+libsimple_pwquery_a_LIBADD =
+am_libsimple_pwquery_a_OBJECTS = \
+ libsimple_pwquery_a-simple-pwquery.$(OBJEXT) \
+ libsimple_pwquery_a-asshelp.$(OBJEXT)
+libsimple_pwquery_a_OBJECTS = $(am_libsimple_pwquery_a_OBJECTS)
+am__EXEEXT_1 = t-convert$(EXEEXT) t-percent$(EXEEXT) \
+ t-gettime$(EXEEXT) t-sysutils$(EXEEXT) t-sexputil$(EXEEXT) \
+ t-exechelp$(EXEEXT) t-session-env$(EXEEXT) \
+ t-ssh-utils$(EXEEXT)
+am__EXEEXT_2 = t-helpfile$(EXEEXT) t-b64$(EXEEXT)
+PROGRAMS = $(noinst_PROGRAMS)
+t_b64_SOURCES = t-b64.c
+t_b64_OBJECTS = t-b64.$(OBJEXT)
+am__DEPENDENCIES_1 =
+am__DEPENDENCIES_2 = libcommon.a ../jnlib/libjnlib.a ../gl/libgnu.a \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+t_b64_DEPENDENCIES = $(am__DEPENDENCIES_2)
+t_convert_SOURCES = t-convert.c
+t_convert_OBJECTS = t-convert.$(OBJEXT)
+t_convert_DEPENDENCIES = $(am__DEPENDENCIES_2)
+t_exechelp_SOURCES = t-exechelp.c
+t_exechelp_OBJECTS = t-exechelp.$(OBJEXT)
+t_exechelp_DEPENDENCIES = $(am__DEPENDENCIES_2)
+t_gettime_SOURCES = t-gettime.c
+t_gettime_OBJECTS = t-gettime.$(OBJEXT)
+t_gettime_DEPENDENCIES = $(am__DEPENDENCIES_2)
+t_helpfile_SOURCES = t-helpfile.c
+t_helpfile_OBJECTS = t-helpfile.$(OBJEXT)
+t_helpfile_DEPENDENCIES = $(am__DEPENDENCIES_2)
+t_percent_SOURCES = t-percent.c
+t_percent_OBJECTS = t-percent.$(OBJEXT)
+t_percent_DEPENDENCIES = $(am__DEPENDENCIES_2)
+t_session_env_SOURCES = t-session-env.c
+t_session_env_OBJECTS = t-session-env.$(OBJEXT)
+t_session_env_DEPENDENCIES = $(am__DEPENDENCIES_2)
+t_sexputil_SOURCES = t-sexputil.c
+t_sexputil_OBJECTS = t-sexputil.$(OBJEXT)
+t_sexputil_DEPENDENCIES = $(am__DEPENDENCIES_2)
+t_ssh_utils_SOURCES = t-ssh-utils.c
+t_ssh_utils_OBJECTS = t-ssh-utils.$(OBJEXT)
+t_ssh_utils_DEPENDENCIES = $(am__DEPENDENCIES_2)
+t_sysutils_SOURCES = t-sysutils.c
+t_sysutils_OBJECTS = t-sysutils.$(OBJEXT)
+t_sysutils_DEPENDENCIES = $(am__DEPENDENCIES_2)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/scripts/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(libcommon_a_SOURCES) $(libcommonpth_a_SOURCES) \
+ $(libgpgrl_a_SOURCES) $(libsimple_pwquery_a_SOURCES) t-b64.c \
+ t-convert.c t-exechelp.c t-gettime.c t-helpfile.c t-percent.c \
+ t-session-env.c t-sexputil.c t-ssh-utils.c t-sysutils.c
+DIST_SOURCES = $(am__libcommon_a_SOURCES_DIST) \
+ $(am__libcommonpth_a_SOURCES_DIST) $(libgpgrl_a_SOURCES) \
+ $(libsimple_pwquery_a_SOURCES) t-b64.c t-convert.c \
+ t-exechelp.c t-gettime.c t-helpfile.c t-percent.c \
+ t-session-env.c t-sexputil.c t-ssh-utils.c t-sysutils.c
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors = \
+red=; grn=; lgn=; blu=; std=
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = $(datadir)/locale
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+EXTRA_DIST = mkstrtable.awk exaudit.awk exstatus.awk \
+ audit-events.h status-codes.h ChangeLog-2011
+
+noinst_LIBRARIES = libcommon.a libcommonpth.a libsimple-pwquery.a libgpgrl.a
+BUILT_SOURCES = audit-events.h status-codes.h
+CLEANFILES = audit-events.h status-codes.h
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl \
+ -DLOCALEDIR=\"$(localedir)\" $(am__append_1) $(am__append_2) \
+ $(am__append_3) $(am__append_4) $(am__append_5) \
+ $(am__append_6)
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS)
+
+# Convenience macros
+libcommon = ../common/libcommon.a
+libcommonpth = ../common/libcommonpth.a
+common_sources = \
+ common-defs.h \
+ util.h i18n.c i18n.h \
+ status.c status.h\
+ openpgpdefs.h \
+ gc-opt-flags.h \
+ keyserver.h \
+ sexp-parse.h \
+ tlv.c tlv.h \
+ init.c init.h \
+ sexputil.c \
+ sysutils.c sysutils.h \
+ homedir.c \
+ gettime.c \
+ yesno.c \
+ b64enc.c b64dec.c \
+ convert.c \
+ percent.c \
+ miscellaneous.c \
+ xasprintf.c \
+ xreadline.c \
+ membuf.c membuf.h \
+ iobuf.c iobuf.h \
+ ttyio.c ttyio.h \
+ asshelp.c asshelp.h \
+ exechelp.c exechelp.h \
+ signal.c \
+ estream.c estream.h estream-printf.c estream-printf.h \
+ audit.c audit.h \
+ srv.h \
+ dns-cert.c dns-cert.h \
+ pka.c pka.h \
+ http.c http.h \
+ localename.c \
+ session-env.c session-env.h \
+ ssh-utils.c ssh-utils.h \
+ helpfile.c
+
+
+# Sources only useful without PTH.
+without_pth_sources = \
+ get-passphrase.c get-passphrase.h
+
+libcommon_a_SOURCES = $(common_sources) $(without_pth_sources) \
+ $(am__append_7)
+libcommon_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) -DWITHOUT_GNU_PTH=1
+libcommonpth_a_SOURCES = $(common_sources) $(am__append_8)
+libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
+libsimple_pwquery_a_SOURCES = \
+ simple-pwquery.c simple-pwquery.h asshelp.c asshelp.h
+
+libsimple_pwquery_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS)
+libgpgrl_a_SOURCES = \
+ gpgrlhelp.c
+
+
+#
+# Module tests
+#
+module_tests = t-convert t-percent t-gettime t-sysutils t-sexputil t-exechelp \
+ t-session-env t-ssh-utils
+
+module_maint_tests = t-helpfile t-b64
+t_common_ldadd = libcommon.a ../jnlib/libjnlib.a ../gl/libgnu.a \
+ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV)
+
+t_convert_LDADD = $(t_common_ldadd)
+t_percent_LDADD = $(t_common_ldadd)
+t_gettime_LDADD = $(t_common_ldadd)
+t_sysutils_LDADD = $(t_common_ldadd)
+t_helpfile_LDADD = $(t_common_ldadd)
+t_sexputil_LDADD = $(t_common_ldadd)
+t_b64_LDADD = $(t_common_ldadd)
+t_exechelp_LDADD = $(t_common_ldadd)
+t_session_env_LDADD = $(t_common_ldadd)
+t_ssh_utils_LDADD = $(t_common_ldadd)
+all: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/am/cmacros.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu common/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu common/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLIBRARIES:
+ -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
+libcommon.a: $(libcommon_a_OBJECTS) $(libcommon_a_DEPENDENCIES)
+ -rm -f libcommon.a
+ $(libcommon_a_AR) libcommon.a $(libcommon_a_OBJECTS) $(libcommon_a_LIBADD)
+ $(RANLIB) libcommon.a
+libcommonpth.a: $(libcommonpth_a_OBJECTS) $(libcommonpth_a_DEPENDENCIES)
+ -rm -f libcommonpth.a
+ $(libcommonpth_a_AR) libcommonpth.a $(libcommonpth_a_OBJECTS) $(libcommonpth_a_LIBADD)
+ $(RANLIB) libcommonpth.a
+libgpgrl.a: $(libgpgrl_a_OBJECTS) $(libgpgrl_a_DEPENDENCIES)
+ -rm -f libgpgrl.a
+ $(libgpgrl_a_AR) libgpgrl.a $(libgpgrl_a_OBJECTS) $(libgpgrl_a_LIBADD)
+ $(RANLIB) libgpgrl.a
+libsimple-pwquery.a: $(libsimple_pwquery_a_OBJECTS) $(libsimple_pwquery_a_DEPENDENCIES)
+ -rm -f libsimple-pwquery.a
+ $(libsimple_pwquery_a_AR) libsimple-pwquery.a $(libsimple_pwquery_a_OBJECTS) $(libsimple_pwquery_a_LIBADD)
+ $(RANLIB) libsimple-pwquery.a
+
+clean-noinstPROGRAMS:
+ -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
+t-b64$(EXEEXT): $(t_b64_OBJECTS) $(t_b64_DEPENDENCIES)
+ @rm -f t-b64$(EXEEXT)
+ $(LINK) $(t_b64_OBJECTS) $(t_b64_LDADD) $(LIBS)
+t-convert$(EXEEXT): $(t_convert_OBJECTS) $(t_convert_DEPENDENCIES)
+ @rm -f t-convert$(EXEEXT)
+ $(LINK) $(t_convert_OBJECTS) $(t_convert_LDADD) $(LIBS)
+t-exechelp$(EXEEXT): $(t_exechelp_OBJECTS) $(t_exechelp_DEPENDENCIES)
+ @rm -f t-exechelp$(EXEEXT)
+ $(LINK) $(t_exechelp_OBJECTS) $(t_exechelp_LDADD) $(LIBS)
+t-gettime$(EXEEXT): $(t_gettime_OBJECTS) $(t_gettime_DEPENDENCIES)
+ @rm -f t-gettime$(EXEEXT)
+ $(LINK) $(t_gettime_OBJECTS) $(t_gettime_LDADD) $(LIBS)
+t-helpfile$(EXEEXT): $(t_helpfile_OBJECTS) $(t_helpfile_DEPENDENCIES)
+ @rm -f t-helpfile$(EXEEXT)
+ $(LINK) $(t_helpfile_OBJECTS) $(t_helpfile_LDADD) $(LIBS)
+t-percent$(EXEEXT): $(t_percent_OBJECTS) $(t_percent_DEPENDENCIES)
+ @rm -f t-percent$(EXEEXT)
+ $(LINK) $(t_percent_OBJECTS) $(t_percent_LDADD) $(LIBS)
+t-session-env$(EXEEXT): $(t_session_env_OBJECTS) $(t_session_env_DEPENDENCIES)
+ @rm -f t-session-env$(EXEEXT)
+ $(LINK) $(t_session_env_OBJECTS) $(t_session_env_LDADD) $(LIBS)
+t-sexputil$(EXEEXT): $(t_sexputil_OBJECTS) $(t_sexputil_DEPENDENCIES)
+ @rm -f t-sexputil$(EXEEXT)
+ $(LINK) $(t_sexputil_OBJECTS) $(t_sexputil_LDADD) $(LIBS)
+t-ssh-utils$(EXEEXT): $(t_ssh_utils_OBJECTS) $(t_ssh_utils_DEPENDENCIES)
+ @rm -f t-ssh-utils$(EXEEXT)
+ $(LINK) $(t_ssh_utils_OBJECTS) $(t_ssh_utils_LDADD) $(LIBS)
+t-sysutils$(EXEEXT): $(t_sysutils_OBJECTS) $(t_sysutils_DEPENDENCIES)
+ @rm -f t-sysutils$(EXEEXT)
+ $(LINK) $(t_sysutils_OBJECTS) $(t_sysutils_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgrlhelp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-asshelp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-audit.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-b64dec.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-b64enc.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-convert.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-dns-cert.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-estream-printf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-estream.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-exechelp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-get-passphrase.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-gettime.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-helpfile.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-homedir.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-http.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-i18n.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-init.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-iobuf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-localename.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-membuf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-miscellaneous.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-percent.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-pka.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-session-env.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-sexputil.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-signal.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-srv.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-ssh-utils.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-status.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-sysutils.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-tlv.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-ttyio.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-xasprintf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-xreadline.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-yesno.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-asshelp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-audit.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-b64dec.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-b64enc.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-convert.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-dns-cert.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-estream-printf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-estream.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-exechelp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-gettime.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-helpfile.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-homedir.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-http.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-i18n.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-init.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-iobuf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-localename.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-membuf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-miscellaneous.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-percent.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-pka.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-session-env.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-sexputil.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-signal.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-srv.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-ssh-utils.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-status.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-sysutils.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-tlv.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-ttyio.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-xasprintf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-xreadline.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-yesno.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libsimple_pwquery_a-asshelp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libsimple_pwquery_a-simple-pwquery.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-b64.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-convert.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-exechelp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-gettime.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-helpfile.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-percent.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-session-env.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-sexputil.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-ssh-utils.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-sysutils.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+libcommon_a-i18n.o: i18n.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-i18n.o -MD -MP -MF $(DEPDIR)/libcommon_a-i18n.Tpo -c -o libcommon_a-i18n.o `test -f 'i18n.c' || echo '$(srcdir)/'`i18n.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-i18n.Tpo $(DEPDIR)/libcommon_a-i18n.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='i18n.c' object='libcommon_a-i18n.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-i18n.o `test -f 'i18n.c' || echo '$(srcdir)/'`i18n.c
+
+libcommon_a-i18n.obj: i18n.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-i18n.obj -MD -MP -MF $(DEPDIR)/libcommon_a-i18n.Tpo -c -o libcommon_a-i18n.obj `if test -f 'i18n.c'; then $(CYGPATH_W) 'i18n.c'; else $(CYGPATH_W) '$(srcdir)/i18n.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-i18n.Tpo $(DEPDIR)/libcommon_a-i18n.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='i18n.c' object='libcommon_a-i18n.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-i18n.obj `if test -f 'i18n.c'; then $(CYGPATH_W) 'i18n.c'; else $(CYGPATH_W) '$(srcdir)/i18n.c'; fi`
+
+libcommon_a-status.o: status.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-status.o -MD -MP -MF $(DEPDIR)/libcommon_a-status.Tpo -c -o libcommon_a-status.o `test -f 'status.c' || echo '$(srcdir)/'`status.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-status.Tpo $(DEPDIR)/libcommon_a-status.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='status.c' object='libcommon_a-status.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-status.o `test -f 'status.c' || echo '$(srcdir)/'`status.c
+
+libcommon_a-status.obj: status.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-status.obj -MD -MP -MF $(DEPDIR)/libcommon_a-status.Tpo -c -o libcommon_a-status.obj `if test -f 'status.c'; then $(CYGPATH_W) 'status.c'; else $(CYGPATH_W) '$(srcdir)/status.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-status.Tpo $(DEPDIR)/libcommon_a-status.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='status.c' object='libcommon_a-status.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-status.obj `if test -f 'status.c'; then $(CYGPATH_W) 'status.c'; else $(CYGPATH_W) '$(srcdir)/status.c'; fi`
+
+libcommon_a-tlv.o: tlv.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-tlv.o -MD -MP -MF $(DEPDIR)/libcommon_a-tlv.Tpo -c -o libcommon_a-tlv.o `test -f 'tlv.c' || echo '$(srcdir)/'`tlv.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-tlv.Tpo $(DEPDIR)/libcommon_a-tlv.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tlv.c' object='libcommon_a-tlv.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-tlv.o `test -f 'tlv.c' || echo '$(srcdir)/'`tlv.c
+
+libcommon_a-tlv.obj: tlv.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-tlv.obj -MD -MP -MF $(DEPDIR)/libcommon_a-tlv.Tpo -c -o libcommon_a-tlv.obj `if test -f 'tlv.c'; then $(CYGPATH_W) 'tlv.c'; else $(CYGPATH_W) '$(srcdir)/tlv.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-tlv.Tpo $(DEPDIR)/libcommon_a-tlv.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tlv.c' object='libcommon_a-tlv.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-tlv.obj `if test -f 'tlv.c'; then $(CYGPATH_W) 'tlv.c'; else $(CYGPATH_W) '$(srcdir)/tlv.c'; fi`
+
+libcommon_a-init.o: init.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-init.o -MD -MP -MF $(DEPDIR)/libcommon_a-init.Tpo -c -o libcommon_a-init.o `test -f 'init.c' || echo '$(srcdir)/'`init.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-init.Tpo $(DEPDIR)/libcommon_a-init.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='init.c' object='libcommon_a-init.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-init.o `test -f 'init.c' || echo '$(srcdir)/'`init.c
+
+libcommon_a-init.obj: init.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-init.obj -MD -MP -MF $(DEPDIR)/libcommon_a-init.Tpo -c -o libcommon_a-init.obj `if test -f 'init.c'; then $(CYGPATH_W) 'init.c'; else $(CYGPATH_W) '$(srcdir)/init.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-init.Tpo $(DEPDIR)/libcommon_a-init.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='init.c' object='libcommon_a-init.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-init.obj `if test -f 'init.c'; then $(CYGPATH_W) 'init.c'; else $(CYGPATH_W) '$(srcdir)/init.c'; fi`
+
+libcommon_a-sexputil.o: sexputil.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-sexputil.o -MD -MP -MF $(DEPDIR)/libcommon_a-sexputil.Tpo -c -o libcommon_a-sexputil.o `test -f 'sexputil.c' || echo '$(srcdir)/'`sexputil.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-sexputil.Tpo $(DEPDIR)/libcommon_a-sexputil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sexputil.c' object='libcommon_a-sexputil.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-sexputil.o `test -f 'sexputil.c' || echo '$(srcdir)/'`sexputil.c
+
+libcommon_a-sexputil.obj: sexputil.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-sexputil.obj -MD -MP -MF $(DEPDIR)/libcommon_a-sexputil.Tpo -c -o libcommon_a-sexputil.obj `if test -f 'sexputil.c'; then $(CYGPATH_W) 'sexputil.c'; else $(CYGPATH_W) '$(srcdir)/sexputil.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-sexputil.Tpo $(DEPDIR)/libcommon_a-sexputil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sexputil.c' object='libcommon_a-sexputil.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-sexputil.obj `if test -f 'sexputil.c'; then $(CYGPATH_W) 'sexputil.c'; else $(CYGPATH_W) '$(srcdir)/sexputil.c'; fi`
+
+libcommon_a-sysutils.o: sysutils.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-sysutils.o -MD -MP -MF $(DEPDIR)/libcommon_a-sysutils.Tpo -c -o libcommon_a-sysutils.o `test -f 'sysutils.c' || echo '$(srcdir)/'`sysutils.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-sysutils.Tpo $(DEPDIR)/libcommon_a-sysutils.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sysutils.c' object='libcommon_a-sysutils.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-sysutils.o `test -f 'sysutils.c' || echo '$(srcdir)/'`sysutils.c
+
+libcommon_a-sysutils.obj: sysutils.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-sysutils.obj -MD -MP -MF $(DEPDIR)/libcommon_a-sysutils.Tpo -c -o libcommon_a-sysutils.obj `if test -f 'sysutils.c'; then $(CYGPATH_W) 'sysutils.c'; else $(CYGPATH_W) '$(srcdir)/sysutils.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-sysutils.Tpo $(DEPDIR)/libcommon_a-sysutils.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sysutils.c' object='libcommon_a-sysutils.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-sysutils.obj `if test -f 'sysutils.c'; then $(CYGPATH_W) 'sysutils.c'; else $(CYGPATH_W) '$(srcdir)/sysutils.c'; fi`
+
+libcommon_a-homedir.o: homedir.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-homedir.o -MD -MP -MF $(DEPDIR)/libcommon_a-homedir.Tpo -c -o libcommon_a-homedir.o `test -f 'homedir.c' || echo '$(srcdir)/'`homedir.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-homedir.Tpo $(DEPDIR)/libcommon_a-homedir.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='homedir.c' object='libcommon_a-homedir.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-homedir.o `test -f 'homedir.c' || echo '$(srcdir)/'`homedir.c
+
+libcommon_a-homedir.obj: homedir.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-homedir.obj -MD -MP -MF $(DEPDIR)/libcommon_a-homedir.Tpo -c -o libcommon_a-homedir.obj `if test -f 'homedir.c'; then $(CYGPATH_W) 'homedir.c'; else $(CYGPATH_W) '$(srcdir)/homedir.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-homedir.Tpo $(DEPDIR)/libcommon_a-homedir.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='homedir.c' object='libcommon_a-homedir.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-homedir.obj `if test -f 'homedir.c'; then $(CYGPATH_W) 'homedir.c'; else $(CYGPATH_W) '$(srcdir)/homedir.c'; fi`
+
+libcommon_a-gettime.o: gettime.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-gettime.o -MD -MP -MF $(DEPDIR)/libcommon_a-gettime.Tpo -c -o libcommon_a-gettime.o `test -f 'gettime.c' || echo '$(srcdir)/'`gettime.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-gettime.Tpo $(DEPDIR)/libcommon_a-gettime.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gettime.c' object='libcommon_a-gettime.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-gettime.o `test -f 'gettime.c' || echo '$(srcdir)/'`gettime.c
+
+libcommon_a-gettime.obj: gettime.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-gettime.obj -MD -MP -MF $(DEPDIR)/libcommon_a-gettime.Tpo -c -o libcommon_a-gettime.obj `if test -f 'gettime.c'; then $(CYGPATH_W) 'gettime.c'; else $(CYGPATH_W) '$(srcdir)/gettime.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-gettime.Tpo $(DEPDIR)/libcommon_a-gettime.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gettime.c' object='libcommon_a-gettime.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-gettime.obj `if test -f 'gettime.c'; then $(CYGPATH_W) 'gettime.c'; else $(CYGPATH_W) '$(srcdir)/gettime.c'; fi`
+
+libcommon_a-yesno.o: yesno.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-yesno.o -MD -MP -MF $(DEPDIR)/libcommon_a-yesno.Tpo -c -o libcommon_a-yesno.o `test -f 'yesno.c' || echo '$(srcdir)/'`yesno.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-yesno.Tpo $(DEPDIR)/libcommon_a-yesno.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='yesno.c' object='libcommon_a-yesno.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-yesno.o `test -f 'yesno.c' || echo '$(srcdir)/'`yesno.c
+
+libcommon_a-yesno.obj: yesno.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-yesno.obj -MD -MP -MF $(DEPDIR)/libcommon_a-yesno.Tpo -c -o libcommon_a-yesno.obj `if test -f 'yesno.c'; then $(CYGPATH_W) 'yesno.c'; else $(CYGPATH_W) '$(srcdir)/yesno.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-yesno.Tpo $(DEPDIR)/libcommon_a-yesno.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='yesno.c' object='libcommon_a-yesno.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-yesno.obj `if test -f 'yesno.c'; then $(CYGPATH_W) 'yesno.c'; else $(CYGPATH_W) '$(srcdir)/yesno.c'; fi`
+
+libcommon_a-b64enc.o: b64enc.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-b64enc.o -MD -MP -MF $(DEPDIR)/libcommon_a-b64enc.Tpo -c -o libcommon_a-b64enc.o `test -f 'b64enc.c' || echo '$(srcdir)/'`b64enc.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-b64enc.Tpo $(DEPDIR)/libcommon_a-b64enc.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='b64enc.c' object='libcommon_a-b64enc.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-b64enc.o `test -f 'b64enc.c' || echo '$(srcdir)/'`b64enc.c
+
+libcommon_a-b64enc.obj: b64enc.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-b64enc.obj -MD -MP -MF $(DEPDIR)/libcommon_a-b64enc.Tpo -c -o libcommon_a-b64enc.obj `if test -f 'b64enc.c'; then $(CYGPATH_W) 'b64enc.c'; else $(CYGPATH_W) '$(srcdir)/b64enc.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-b64enc.Tpo $(DEPDIR)/libcommon_a-b64enc.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='b64enc.c' object='libcommon_a-b64enc.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-b64enc.obj `if test -f 'b64enc.c'; then $(CYGPATH_W) 'b64enc.c'; else $(CYGPATH_W) '$(srcdir)/b64enc.c'; fi`
+
+libcommon_a-b64dec.o: b64dec.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-b64dec.o -MD -MP -MF $(DEPDIR)/libcommon_a-b64dec.Tpo -c -o libcommon_a-b64dec.o `test -f 'b64dec.c' || echo '$(srcdir)/'`b64dec.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-b64dec.Tpo $(DEPDIR)/libcommon_a-b64dec.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='b64dec.c' object='libcommon_a-b64dec.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-b64dec.o `test -f 'b64dec.c' || echo '$(srcdir)/'`b64dec.c
+
+libcommon_a-b64dec.obj: b64dec.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-b64dec.obj -MD -MP -MF $(DEPDIR)/libcommon_a-b64dec.Tpo -c -o libcommon_a-b64dec.obj `if test -f 'b64dec.c'; then $(CYGPATH_W) 'b64dec.c'; else $(CYGPATH_W) '$(srcdir)/b64dec.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-b64dec.Tpo $(DEPDIR)/libcommon_a-b64dec.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='b64dec.c' object='libcommon_a-b64dec.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-b64dec.obj `if test -f 'b64dec.c'; then $(CYGPATH_W) 'b64dec.c'; else $(CYGPATH_W) '$(srcdir)/b64dec.c'; fi`
+
+libcommon_a-convert.o: convert.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-convert.o -MD -MP -MF $(DEPDIR)/libcommon_a-convert.Tpo -c -o libcommon_a-convert.o `test -f 'convert.c' || echo '$(srcdir)/'`convert.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-convert.Tpo $(DEPDIR)/libcommon_a-convert.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='convert.c' object='libcommon_a-convert.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-convert.o `test -f 'convert.c' || echo '$(srcdir)/'`convert.c
+
+libcommon_a-convert.obj: convert.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-convert.obj -MD -MP -MF $(DEPDIR)/libcommon_a-convert.Tpo -c -o libcommon_a-convert.obj `if test -f 'convert.c'; then $(CYGPATH_W) 'convert.c'; else $(CYGPATH_W) '$(srcdir)/convert.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-convert.Tpo $(DEPDIR)/libcommon_a-convert.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='convert.c' object='libcommon_a-convert.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-convert.obj `if test -f 'convert.c'; then $(CYGPATH_W) 'convert.c'; else $(CYGPATH_W) '$(srcdir)/convert.c'; fi`
+
+libcommon_a-percent.o: percent.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-percent.o -MD -MP -MF $(DEPDIR)/libcommon_a-percent.Tpo -c -o libcommon_a-percent.o `test -f 'percent.c' || echo '$(srcdir)/'`percent.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-percent.Tpo $(DEPDIR)/libcommon_a-percent.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='percent.c' object='libcommon_a-percent.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-percent.o `test -f 'percent.c' || echo '$(srcdir)/'`percent.c
+
+libcommon_a-percent.obj: percent.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-percent.obj -MD -MP -MF $(DEPDIR)/libcommon_a-percent.Tpo -c -o libcommon_a-percent.obj `if test -f 'percent.c'; then $(CYGPATH_W) 'percent.c'; else $(CYGPATH_W) '$(srcdir)/percent.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-percent.Tpo $(DEPDIR)/libcommon_a-percent.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='percent.c' object='libcommon_a-percent.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-percent.obj `if test -f 'percent.c'; then $(CYGPATH_W) 'percent.c'; else $(CYGPATH_W) '$(srcdir)/percent.c'; fi`
+
+libcommon_a-miscellaneous.o: miscellaneous.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-miscellaneous.o -MD -MP -MF $(DEPDIR)/libcommon_a-miscellaneous.Tpo -c -o libcommon_a-miscellaneous.o `test -f 'miscellaneous.c' || echo '$(srcdir)/'`miscellaneous.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-miscellaneous.Tpo $(DEPDIR)/libcommon_a-miscellaneous.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='miscellaneous.c' object='libcommon_a-miscellaneous.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-miscellaneous.o `test -f 'miscellaneous.c' || echo '$(srcdir)/'`miscellaneous.c
+
+libcommon_a-miscellaneous.obj: miscellaneous.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-miscellaneous.obj -MD -MP -MF $(DEPDIR)/libcommon_a-miscellaneous.Tpo -c -o libcommon_a-miscellaneous.obj `if test -f 'miscellaneous.c'; then $(CYGPATH_W) 'miscellaneous.c'; else $(CYGPATH_W) '$(srcdir)/miscellaneous.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-miscellaneous.Tpo $(DEPDIR)/libcommon_a-miscellaneous.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='miscellaneous.c' object='libcommon_a-miscellaneous.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-miscellaneous.obj `if test -f 'miscellaneous.c'; then $(CYGPATH_W) 'miscellaneous.c'; else $(CYGPATH_W) '$(srcdir)/miscellaneous.c'; fi`
+
+libcommon_a-xasprintf.o: xasprintf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-xasprintf.o -MD -MP -MF $(DEPDIR)/libcommon_a-xasprintf.Tpo -c -o libcommon_a-xasprintf.o `test -f 'xasprintf.c' || echo '$(srcdir)/'`xasprintf.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-xasprintf.Tpo $(DEPDIR)/libcommon_a-xasprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xasprintf.c' object='libcommon_a-xasprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-xasprintf.o `test -f 'xasprintf.c' || echo '$(srcdir)/'`xasprintf.c
+
+libcommon_a-xasprintf.obj: xasprintf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-xasprintf.obj -MD -MP -MF $(DEPDIR)/libcommon_a-xasprintf.Tpo -c -o libcommon_a-xasprintf.obj `if test -f 'xasprintf.c'; then $(CYGPATH_W) 'xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/xasprintf.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-xasprintf.Tpo $(DEPDIR)/libcommon_a-xasprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xasprintf.c' object='libcommon_a-xasprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-xasprintf.obj `if test -f 'xasprintf.c'; then $(CYGPATH_W) 'xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/xasprintf.c'; fi`
+
+libcommon_a-xreadline.o: xreadline.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-xreadline.o -MD -MP -MF $(DEPDIR)/libcommon_a-xreadline.Tpo -c -o libcommon_a-xreadline.o `test -f 'xreadline.c' || echo '$(srcdir)/'`xreadline.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-xreadline.Tpo $(DEPDIR)/libcommon_a-xreadline.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xreadline.c' object='libcommon_a-xreadline.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-xreadline.o `test -f 'xreadline.c' || echo '$(srcdir)/'`xreadline.c
+
+libcommon_a-xreadline.obj: xreadline.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-xreadline.obj -MD -MP -MF $(DEPDIR)/libcommon_a-xreadline.Tpo -c -o libcommon_a-xreadline.obj `if test -f 'xreadline.c'; then $(CYGPATH_W) 'xreadline.c'; else $(CYGPATH_W) '$(srcdir)/xreadline.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-xreadline.Tpo $(DEPDIR)/libcommon_a-xreadline.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xreadline.c' object='libcommon_a-xreadline.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-xreadline.obj `if test -f 'xreadline.c'; then $(CYGPATH_W) 'xreadline.c'; else $(CYGPATH_W) '$(srcdir)/xreadline.c'; fi`
+
+libcommon_a-membuf.o: membuf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-membuf.o -MD -MP -MF $(DEPDIR)/libcommon_a-membuf.Tpo -c -o libcommon_a-membuf.o `test -f 'membuf.c' || echo '$(srcdir)/'`membuf.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-membuf.Tpo $(DEPDIR)/libcommon_a-membuf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='membuf.c' object='libcommon_a-membuf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-membuf.o `test -f 'membuf.c' || echo '$(srcdir)/'`membuf.c
+
+libcommon_a-membuf.obj: membuf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-membuf.obj -MD -MP -MF $(DEPDIR)/libcommon_a-membuf.Tpo -c -o libcommon_a-membuf.obj `if test -f 'membuf.c'; then $(CYGPATH_W) 'membuf.c'; else $(CYGPATH_W) '$(srcdir)/membuf.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-membuf.Tpo $(DEPDIR)/libcommon_a-membuf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='membuf.c' object='libcommon_a-membuf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-membuf.obj `if test -f 'membuf.c'; then $(CYGPATH_W) 'membuf.c'; else $(CYGPATH_W) '$(srcdir)/membuf.c'; fi`
+
+libcommon_a-iobuf.o: iobuf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-iobuf.o -MD -MP -MF $(DEPDIR)/libcommon_a-iobuf.Tpo -c -o libcommon_a-iobuf.o `test -f 'iobuf.c' || echo '$(srcdir)/'`iobuf.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-iobuf.Tpo $(DEPDIR)/libcommon_a-iobuf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iobuf.c' object='libcommon_a-iobuf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-iobuf.o `test -f 'iobuf.c' || echo '$(srcdir)/'`iobuf.c
+
+libcommon_a-iobuf.obj: iobuf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-iobuf.obj -MD -MP -MF $(DEPDIR)/libcommon_a-iobuf.Tpo -c -o libcommon_a-iobuf.obj `if test -f 'iobuf.c'; then $(CYGPATH_W) 'iobuf.c'; else $(CYGPATH_W) '$(srcdir)/iobuf.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-iobuf.Tpo $(DEPDIR)/libcommon_a-iobuf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iobuf.c' object='libcommon_a-iobuf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-iobuf.obj `if test -f 'iobuf.c'; then $(CYGPATH_W) 'iobuf.c'; else $(CYGPATH_W) '$(srcdir)/iobuf.c'; fi`
+
+libcommon_a-ttyio.o: ttyio.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-ttyio.o -MD -MP -MF $(DEPDIR)/libcommon_a-ttyio.Tpo -c -o libcommon_a-ttyio.o `test -f 'ttyio.c' || echo '$(srcdir)/'`ttyio.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-ttyio.Tpo $(DEPDIR)/libcommon_a-ttyio.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ttyio.c' object='libcommon_a-ttyio.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-ttyio.o `test -f 'ttyio.c' || echo '$(srcdir)/'`ttyio.c
+
+libcommon_a-ttyio.obj: ttyio.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-ttyio.obj -MD -MP -MF $(DEPDIR)/libcommon_a-ttyio.Tpo -c -o libcommon_a-ttyio.obj `if test -f 'ttyio.c'; then $(CYGPATH_W) 'ttyio.c'; else $(CYGPATH_W) '$(srcdir)/ttyio.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-ttyio.Tpo $(DEPDIR)/libcommon_a-ttyio.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ttyio.c' object='libcommon_a-ttyio.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-ttyio.obj `if test -f 'ttyio.c'; then $(CYGPATH_W) 'ttyio.c'; else $(CYGPATH_W) '$(srcdir)/ttyio.c'; fi`
+
+libcommon_a-asshelp.o: asshelp.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-asshelp.o -MD -MP -MF $(DEPDIR)/libcommon_a-asshelp.Tpo -c -o libcommon_a-asshelp.o `test -f 'asshelp.c' || echo '$(srcdir)/'`asshelp.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-asshelp.Tpo $(DEPDIR)/libcommon_a-asshelp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asshelp.c' object='libcommon_a-asshelp.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-asshelp.o `test -f 'asshelp.c' || echo '$(srcdir)/'`asshelp.c
+
+libcommon_a-asshelp.obj: asshelp.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-asshelp.obj -MD -MP -MF $(DEPDIR)/libcommon_a-asshelp.Tpo -c -o libcommon_a-asshelp.obj `if test -f 'asshelp.c'; then $(CYGPATH_W) 'asshelp.c'; else $(CYGPATH_W) '$(srcdir)/asshelp.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-asshelp.Tpo $(DEPDIR)/libcommon_a-asshelp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asshelp.c' object='libcommon_a-asshelp.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-asshelp.obj `if test -f 'asshelp.c'; then $(CYGPATH_W) 'asshelp.c'; else $(CYGPATH_W) '$(srcdir)/asshelp.c'; fi`
+
+libcommon_a-exechelp.o: exechelp.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-exechelp.o -MD -MP -MF $(DEPDIR)/libcommon_a-exechelp.Tpo -c -o libcommon_a-exechelp.o `test -f 'exechelp.c' || echo '$(srcdir)/'`exechelp.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-exechelp.Tpo $(DEPDIR)/libcommon_a-exechelp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='exechelp.c' object='libcommon_a-exechelp.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-exechelp.o `test -f 'exechelp.c' || echo '$(srcdir)/'`exechelp.c
+
+libcommon_a-exechelp.obj: exechelp.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-exechelp.obj -MD -MP -MF $(DEPDIR)/libcommon_a-exechelp.Tpo -c -o libcommon_a-exechelp.obj `if test -f 'exechelp.c'; then $(CYGPATH_W) 'exechelp.c'; else $(CYGPATH_W) '$(srcdir)/exechelp.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-exechelp.Tpo $(DEPDIR)/libcommon_a-exechelp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='exechelp.c' object='libcommon_a-exechelp.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-exechelp.obj `if test -f 'exechelp.c'; then $(CYGPATH_W) 'exechelp.c'; else $(CYGPATH_W) '$(srcdir)/exechelp.c'; fi`
+
+libcommon_a-signal.o: signal.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-signal.o -MD -MP -MF $(DEPDIR)/libcommon_a-signal.Tpo -c -o libcommon_a-signal.o `test -f 'signal.c' || echo '$(srcdir)/'`signal.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-signal.Tpo $(DEPDIR)/libcommon_a-signal.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='signal.c' object='libcommon_a-signal.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-signal.o `test -f 'signal.c' || echo '$(srcdir)/'`signal.c
+
+libcommon_a-signal.obj: signal.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-signal.obj -MD -MP -MF $(DEPDIR)/libcommon_a-signal.Tpo -c -o libcommon_a-signal.obj `if test -f 'signal.c'; then $(CYGPATH_W) 'signal.c'; else $(CYGPATH_W) '$(srcdir)/signal.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-signal.Tpo $(DEPDIR)/libcommon_a-signal.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='signal.c' object='libcommon_a-signal.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-signal.obj `if test -f 'signal.c'; then $(CYGPATH_W) 'signal.c'; else $(CYGPATH_W) '$(srcdir)/signal.c'; fi`
+
+libcommon_a-estream.o: estream.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-estream.o -MD -MP -MF $(DEPDIR)/libcommon_a-estream.Tpo -c -o libcommon_a-estream.o `test -f 'estream.c' || echo '$(srcdir)/'`estream.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-estream.Tpo $(DEPDIR)/libcommon_a-estream.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='estream.c' object='libcommon_a-estream.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-estream.o `test -f 'estream.c' || echo '$(srcdir)/'`estream.c
+
+libcommon_a-estream.obj: estream.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-estream.obj -MD -MP -MF $(DEPDIR)/libcommon_a-estream.Tpo -c -o libcommon_a-estream.obj `if test -f 'estream.c'; then $(CYGPATH_W) 'estream.c'; else $(CYGPATH_W) '$(srcdir)/estream.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-estream.Tpo $(DEPDIR)/libcommon_a-estream.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='estream.c' object='libcommon_a-estream.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-estream.obj `if test -f 'estream.c'; then $(CYGPATH_W) 'estream.c'; else $(CYGPATH_W) '$(srcdir)/estream.c'; fi`
+
+libcommon_a-estream-printf.o: estream-printf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-estream-printf.o -MD -MP -MF $(DEPDIR)/libcommon_a-estream-printf.Tpo -c -o libcommon_a-estream-printf.o `test -f 'estream-printf.c' || echo '$(srcdir)/'`estream-printf.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-estream-printf.Tpo $(DEPDIR)/libcommon_a-estream-printf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='estream-printf.c' object='libcommon_a-estream-printf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-estream-printf.o `test -f 'estream-printf.c' || echo '$(srcdir)/'`estream-printf.c
+
+libcommon_a-estream-printf.obj: estream-printf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-estream-printf.obj -MD -MP -MF $(DEPDIR)/libcommon_a-estream-printf.Tpo -c -o libcommon_a-estream-printf.obj `if test -f 'estream-printf.c'; then $(CYGPATH_W) 'estream-printf.c'; else $(CYGPATH_W) '$(srcdir)/estream-printf.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-estream-printf.Tpo $(DEPDIR)/libcommon_a-estream-printf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='estream-printf.c' object='libcommon_a-estream-printf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-estream-printf.obj `if test -f 'estream-printf.c'; then $(CYGPATH_W) 'estream-printf.c'; else $(CYGPATH_W) '$(srcdir)/estream-printf.c'; fi`
+
+libcommon_a-audit.o: audit.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-audit.o -MD -MP -MF $(DEPDIR)/libcommon_a-audit.Tpo -c -o libcommon_a-audit.o `test -f 'audit.c' || echo '$(srcdir)/'`audit.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-audit.Tpo $(DEPDIR)/libcommon_a-audit.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='audit.c' object='libcommon_a-audit.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-audit.o `test -f 'audit.c' || echo '$(srcdir)/'`audit.c
+
+libcommon_a-audit.obj: audit.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-audit.obj -MD -MP -MF $(DEPDIR)/libcommon_a-audit.Tpo -c -o libcommon_a-audit.obj `if test -f 'audit.c'; then $(CYGPATH_W) 'audit.c'; else $(CYGPATH_W) '$(srcdir)/audit.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-audit.Tpo $(DEPDIR)/libcommon_a-audit.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='audit.c' object='libcommon_a-audit.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-audit.obj `if test -f 'audit.c'; then $(CYGPATH_W) 'audit.c'; else $(CYGPATH_W) '$(srcdir)/audit.c'; fi`
+
+libcommon_a-dns-cert.o: dns-cert.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-dns-cert.o -MD -MP -MF $(DEPDIR)/libcommon_a-dns-cert.Tpo -c -o libcommon_a-dns-cert.o `test -f 'dns-cert.c' || echo '$(srcdir)/'`dns-cert.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-dns-cert.Tpo $(DEPDIR)/libcommon_a-dns-cert.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='dns-cert.c' object='libcommon_a-dns-cert.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-dns-cert.o `test -f 'dns-cert.c' || echo '$(srcdir)/'`dns-cert.c
+
+libcommon_a-dns-cert.obj: dns-cert.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-dns-cert.obj -MD -MP -MF $(DEPDIR)/libcommon_a-dns-cert.Tpo -c -o libcommon_a-dns-cert.obj `if test -f 'dns-cert.c'; then $(CYGPATH_W) 'dns-cert.c'; else $(CYGPATH_W) '$(srcdir)/dns-cert.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-dns-cert.Tpo $(DEPDIR)/libcommon_a-dns-cert.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='dns-cert.c' object='libcommon_a-dns-cert.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-dns-cert.obj `if test -f 'dns-cert.c'; then $(CYGPATH_W) 'dns-cert.c'; else $(CYGPATH_W) '$(srcdir)/dns-cert.c'; fi`
+
+libcommon_a-pka.o: pka.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-pka.o -MD -MP -MF $(DEPDIR)/libcommon_a-pka.Tpo -c -o libcommon_a-pka.o `test -f 'pka.c' || echo '$(srcdir)/'`pka.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-pka.Tpo $(DEPDIR)/libcommon_a-pka.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pka.c' object='libcommon_a-pka.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-pka.o `test -f 'pka.c' || echo '$(srcdir)/'`pka.c
+
+libcommon_a-pka.obj: pka.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-pka.obj -MD -MP -MF $(DEPDIR)/libcommon_a-pka.Tpo -c -o libcommon_a-pka.obj `if test -f 'pka.c'; then $(CYGPATH_W) 'pka.c'; else $(CYGPATH_W) '$(srcdir)/pka.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-pka.Tpo $(DEPDIR)/libcommon_a-pka.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pka.c' object='libcommon_a-pka.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-pka.obj `if test -f 'pka.c'; then $(CYGPATH_W) 'pka.c'; else $(CYGPATH_W) '$(srcdir)/pka.c'; fi`
+
+libcommon_a-http.o: http.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-http.o -MD -MP -MF $(DEPDIR)/libcommon_a-http.Tpo -c -o libcommon_a-http.o `test -f 'http.c' || echo '$(srcdir)/'`http.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-http.Tpo $(DEPDIR)/libcommon_a-http.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='http.c' object='libcommon_a-http.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-http.o `test -f 'http.c' || echo '$(srcdir)/'`http.c
+
+libcommon_a-http.obj: http.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-http.obj -MD -MP -MF $(DEPDIR)/libcommon_a-http.Tpo -c -o libcommon_a-http.obj `if test -f 'http.c'; then $(CYGPATH_W) 'http.c'; else $(CYGPATH_W) '$(srcdir)/http.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-http.Tpo $(DEPDIR)/libcommon_a-http.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='http.c' object='libcommon_a-http.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-http.obj `if test -f 'http.c'; then $(CYGPATH_W) 'http.c'; else $(CYGPATH_W) '$(srcdir)/http.c'; fi`
+
+libcommon_a-localename.o: localename.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-localename.o -MD -MP -MF $(DEPDIR)/libcommon_a-localename.Tpo -c -o libcommon_a-localename.o `test -f 'localename.c' || echo '$(srcdir)/'`localename.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-localename.Tpo $(DEPDIR)/libcommon_a-localename.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='localename.c' object='libcommon_a-localename.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-localename.o `test -f 'localename.c' || echo '$(srcdir)/'`localename.c
+
+libcommon_a-localename.obj: localename.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-localename.obj -MD -MP -MF $(DEPDIR)/libcommon_a-localename.Tpo -c -o libcommon_a-localename.obj `if test -f 'localename.c'; then $(CYGPATH_W) 'localename.c'; else $(CYGPATH_W) '$(srcdir)/localename.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-localename.Tpo $(DEPDIR)/libcommon_a-localename.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='localename.c' object='libcommon_a-localename.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-localename.obj `if test -f 'localename.c'; then $(CYGPATH_W) 'localename.c'; else $(CYGPATH_W) '$(srcdir)/localename.c'; fi`
+
+libcommon_a-session-env.o: session-env.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-session-env.o -MD -MP -MF $(DEPDIR)/libcommon_a-session-env.Tpo -c -o libcommon_a-session-env.o `test -f 'session-env.c' || echo '$(srcdir)/'`session-env.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-session-env.Tpo $(DEPDIR)/libcommon_a-session-env.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='session-env.c' object='libcommon_a-session-env.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-session-env.o `test -f 'session-env.c' || echo '$(srcdir)/'`session-env.c
+
+libcommon_a-session-env.obj: session-env.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-session-env.obj -MD -MP -MF $(DEPDIR)/libcommon_a-session-env.Tpo -c -o libcommon_a-session-env.obj `if test -f 'session-env.c'; then $(CYGPATH_W) 'session-env.c'; else $(CYGPATH_W) '$(srcdir)/session-env.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-session-env.Tpo $(DEPDIR)/libcommon_a-session-env.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='session-env.c' object='libcommon_a-session-env.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-session-env.obj `if test -f 'session-env.c'; then $(CYGPATH_W) 'session-env.c'; else $(CYGPATH_W) '$(srcdir)/session-env.c'; fi`
+
+libcommon_a-ssh-utils.o: ssh-utils.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-ssh-utils.o -MD -MP -MF $(DEPDIR)/libcommon_a-ssh-utils.Tpo -c -o libcommon_a-ssh-utils.o `test -f 'ssh-utils.c' || echo '$(srcdir)/'`ssh-utils.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-ssh-utils.Tpo $(DEPDIR)/libcommon_a-ssh-utils.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ssh-utils.c' object='libcommon_a-ssh-utils.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-ssh-utils.o `test -f 'ssh-utils.c' || echo '$(srcdir)/'`ssh-utils.c
+
+libcommon_a-ssh-utils.obj: ssh-utils.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-ssh-utils.obj -MD -MP -MF $(DEPDIR)/libcommon_a-ssh-utils.Tpo -c -o libcommon_a-ssh-utils.obj `if test -f 'ssh-utils.c'; then $(CYGPATH_W) 'ssh-utils.c'; else $(CYGPATH_W) '$(srcdir)/ssh-utils.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-ssh-utils.Tpo $(DEPDIR)/libcommon_a-ssh-utils.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ssh-utils.c' object='libcommon_a-ssh-utils.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-ssh-utils.obj `if test -f 'ssh-utils.c'; then $(CYGPATH_W) 'ssh-utils.c'; else $(CYGPATH_W) '$(srcdir)/ssh-utils.c'; fi`
+
+libcommon_a-helpfile.o: helpfile.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-helpfile.o -MD -MP -MF $(DEPDIR)/libcommon_a-helpfile.Tpo -c -o libcommon_a-helpfile.o `test -f 'helpfile.c' || echo '$(srcdir)/'`helpfile.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-helpfile.Tpo $(DEPDIR)/libcommon_a-helpfile.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='helpfile.c' object='libcommon_a-helpfile.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-helpfile.o `test -f 'helpfile.c' || echo '$(srcdir)/'`helpfile.c
+
+libcommon_a-helpfile.obj: helpfile.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-helpfile.obj -MD -MP -MF $(DEPDIR)/libcommon_a-helpfile.Tpo -c -o libcommon_a-helpfile.obj `if test -f 'helpfile.c'; then $(CYGPATH_W) 'helpfile.c'; else $(CYGPATH_W) '$(srcdir)/helpfile.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-helpfile.Tpo $(DEPDIR)/libcommon_a-helpfile.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='helpfile.c' object='libcommon_a-helpfile.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-helpfile.obj `if test -f 'helpfile.c'; then $(CYGPATH_W) 'helpfile.c'; else $(CYGPATH_W) '$(srcdir)/helpfile.c'; fi`
+
+libcommon_a-get-passphrase.o: get-passphrase.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-get-passphrase.o -MD -MP -MF $(DEPDIR)/libcommon_a-get-passphrase.Tpo -c -o libcommon_a-get-passphrase.o `test -f 'get-passphrase.c' || echo '$(srcdir)/'`get-passphrase.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-get-passphrase.Tpo $(DEPDIR)/libcommon_a-get-passphrase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='get-passphrase.c' object='libcommon_a-get-passphrase.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-get-passphrase.o `test -f 'get-passphrase.c' || echo '$(srcdir)/'`get-passphrase.c
+
+libcommon_a-get-passphrase.obj: get-passphrase.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-get-passphrase.obj -MD -MP -MF $(DEPDIR)/libcommon_a-get-passphrase.Tpo -c -o libcommon_a-get-passphrase.obj `if test -f 'get-passphrase.c'; then $(CYGPATH_W) 'get-passphrase.c'; else $(CYGPATH_W) '$(srcdir)/get-passphrase.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-get-passphrase.Tpo $(DEPDIR)/libcommon_a-get-passphrase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='get-passphrase.c' object='libcommon_a-get-passphrase.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-get-passphrase.obj `if test -f 'get-passphrase.c'; then $(CYGPATH_W) 'get-passphrase.c'; else $(CYGPATH_W) '$(srcdir)/get-passphrase.c'; fi`
+
+libcommon_a-srv.o: srv.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-srv.o -MD -MP -MF $(DEPDIR)/libcommon_a-srv.Tpo -c -o libcommon_a-srv.o `test -f 'srv.c' || echo '$(srcdir)/'`srv.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-srv.Tpo $(DEPDIR)/libcommon_a-srv.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='srv.c' object='libcommon_a-srv.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-srv.o `test -f 'srv.c' || echo '$(srcdir)/'`srv.c
+
+libcommon_a-srv.obj: srv.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-srv.obj -MD -MP -MF $(DEPDIR)/libcommon_a-srv.Tpo -c -o libcommon_a-srv.obj `if test -f 'srv.c'; then $(CYGPATH_W) 'srv.c'; else $(CYGPATH_W) '$(srcdir)/srv.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommon_a-srv.Tpo $(DEPDIR)/libcommon_a-srv.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='srv.c' object='libcommon_a-srv.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-srv.obj `if test -f 'srv.c'; then $(CYGPATH_W) 'srv.c'; else $(CYGPATH_W) '$(srcdir)/srv.c'; fi`
+
+libcommonpth_a-i18n.o: i18n.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-i18n.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-i18n.Tpo -c -o libcommonpth_a-i18n.o `test -f 'i18n.c' || echo '$(srcdir)/'`i18n.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-i18n.Tpo $(DEPDIR)/libcommonpth_a-i18n.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='i18n.c' object='libcommonpth_a-i18n.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-i18n.o `test -f 'i18n.c' || echo '$(srcdir)/'`i18n.c
+
+libcommonpth_a-i18n.obj: i18n.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-i18n.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-i18n.Tpo -c -o libcommonpth_a-i18n.obj `if test -f 'i18n.c'; then $(CYGPATH_W) 'i18n.c'; else $(CYGPATH_W) '$(srcdir)/i18n.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-i18n.Tpo $(DEPDIR)/libcommonpth_a-i18n.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='i18n.c' object='libcommonpth_a-i18n.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-i18n.obj `if test -f 'i18n.c'; then $(CYGPATH_W) 'i18n.c'; else $(CYGPATH_W) '$(srcdir)/i18n.c'; fi`
+
+libcommonpth_a-status.o: status.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-status.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-status.Tpo -c -o libcommonpth_a-status.o `test -f 'status.c' || echo '$(srcdir)/'`status.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-status.Tpo $(DEPDIR)/libcommonpth_a-status.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='status.c' object='libcommonpth_a-status.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-status.o `test -f 'status.c' || echo '$(srcdir)/'`status.c
+
+libcommonpth_a-status.obj: status.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-status.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-status.Tpo -c -o libcommonpth_a-status.obj `if test -f 'status.c'; then $(CYGPATH_W) 'status.c'; else $(CYGPATH_W) '$(srcdir)/status.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-status.Tpo $(DEPDIR)/libcommonpth_a-status.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='status.c' object='libcommonpth_a-status.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-status.obj `if test -f 'status.c'; then $(CYGPATH_W) 'status.c'; else $(CYGPATH_W) '$(srcdir)/status.c'; fi`
+
+libcommonpth_a-tlv.o: tlv.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-tlv.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-tlv.Tpo -c -o libcommonpth_a-tlv.o `test -f 'tlv.c' || echo '$(srcdir)/'`tlv.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-tlv.Tpo $(DEPDIR)/libcommonpth_a-tlv.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tlv.c' object='libcommonpth_a-tlv.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-tlv.o `test -f 'tlv.c' || echo '$(srcdir)/'`tlv.c
+
+libcommonpth_a-tlv.obj: tlv.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-tlv.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-tlv.Tpo -c -o libcommonpth_a-tlv.obj `if test -f 'tlv.c'; then $(CYGPATH_W) 'tlv.c'; else $(CYGPATH_W) '$(srcdir)/tlv.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-tlv.Tpo $(DEPDIR)/libcommonpth_a-tlv.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tlv.c' object='libcommonpth_a-tlv.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-tlv.obj `if test -f 'tlv.c'; then $(CYGPATH_W) 'tlv.c'; else $(CYGPATH_W) '$(srcdir)/tlv.c'; fi`
+
+libcommonpth_a-init.o: init.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-init.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-init.Tpo -c -o libcommonpth_a-init.o `test -f 'init.c' || echo '$(srcdir)/'`init.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-init.Tpo $(DEPDIR)/libcommonpth_a-init.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='init.c' object='libcommonpth_a-init.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-init.o `test -f 'init.c' || echo '$(srcdir)/'`init.c
+
+libcommonpth_a-init.obj: init.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-init.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-init.Tpo -c -o libcommonpth_a-init.obj `if test -f 'init.c'; then $(CYGPATH_W) 'init.c'; else $(CYGPATH_W) '$(srcdir)/init.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-init.Tpo $(DEPDIR)/libcommonpth_a-init.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='init.c' object='libcommonpth_a-init.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-init.obj `if test -f 'init.c'; then $(CYGPATH_W) 'init.c'; else $(CYGPATH_W) '$(srcdir)/init.c'; fi`
+
+libcommonpth_a-sexputil.o: sexputil.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-sexputil.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-sexputil.Tpo -c -o libcommonpth_a-sexputil.o `test -f 'sexputil.c' || echo '$(srcdir)/'`sexputil.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-sexputil.Tpo $(DEPDIR)/libcommonpth_a-sexputil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sexputil.c' object='libcommonpth_a-sexputil.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-sexputil.o `test -f 'sexputil.c' || echo '$(srcdir)/'`sexputil.c
+
+libcommonpth_a-sexputil.obj: sexputil.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-sexputil.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-sexputil.Tpo -c -o libcommonpth_a-sexputil.obj `if test -f 'sexputil.c'; then $(CYGPATH_W) 'sexputil.c'; else $(CYGPATH_W) '$(srcdir)/sexputil.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-sexputil.Tpo $(DEPDIR)/libcommonpth_a-sexputil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sexputil.c' object='libcommonpth_a-sexputil.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-sexputil.obj `if test -f 'sexputil.c'; then $(CYGPATH_W) 'sexputil.c'; else $(CYGPATH_W) '$(srcdir)/sexputil.c'; fi`
+
+libcommonpth_a-sysutils.o: sysutils.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-sysutils.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-sysutils.Tpo -c -o libcommonpth_a-sysutils.o `test -f 'sysutils.c' || echo '$(srcdir)/'`sysutils.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-sysutils.Tpo $(DEPDIR)/libcommonpth_a-sysutils.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sysutils.c' object='libcommonpth_a-sysutils.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-sysutils.o `test -f 'sysutils.c' || echo '$(srcdir)/'`sysutils.c
+
+libcommonpth_a-sysutils.obj: sysutils.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-sysutils.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-sysutils.Tpo -c -o libcommonpth_a-sysutils.obj `if test -f 'sysutils.c'; then $(CYGPATH_W) 'sysutils.c'; else $(CYGPATH_W) '$(srcdir)/sysutils.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-sysutils.Tpo $(DEPDIR)/libcommonpth_a-sysutils.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sysutils.c' object='libcommonpth_a-sysutils.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-sysutils.obj `if test -f 'sysutils.c'; then $(CYGPATH_W) 'sysutils.c'; else $(CYGPATH_W) '$(srcdir)/sysutils.c'; fi`
+
+libcommonpth_a-homedir.o: homedir.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-homedir.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-homedir.Tpo -c -o libcommonpth_a-homedir.o `test -f 'homedir.c' || echo '$(srcdir)/'`homedir.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-homedir.Tpo $(DEPDIR)/libcommonpth_a-homedir.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='homedir.c' object='libcommonpth_a-homedir.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-homedir.o `test -f 'homedir.c' || echo '$(srcdir)/'`homedir.c
+
+libcommonpth_a-homedir.obj: homedir.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-homedir.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-homedir.Tpo -c -o libcommonpth_a-homedir.obj `if test -f 'homedir.c'; then $(CYGPATH_W) 'homedir.c'; else $(CYGPATH_W) '$(srcdir)/homedir.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-homedir.Tpo $(DEPDIR)/libcommonpth_a-homedir.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='homedir.c' object='libcommonpth_a-homedir.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-homedir.obj `if test -f 'homedir.c'; then $(CYGPATH_W) 'homedir.c'; else $(CYGPATH_W) '$(srcdir)/homedir.c'; fi`
+
+libcommonpth_a-gettime.o: gettime.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-gettime.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-gettime.Tpo -c -o libcommonpth_a-gettime.o `test -f 'gettime.c' || echo '$(srcdir)/'`gettime.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-gettime.Tpo $(DEPDIR)/libcommonpth_a-gettime.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gettime.c' object='libcommonpth_a-gettime.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-gettime.o `test -f 'gettime.c' || echo '$(srcdir)/'`gettime.c
+
+libcommonpth_a-gettime.obj: gettime.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-gettime.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-gettime.Tpo -c -o libcommonpth_a-gettime.obj `if test -f 'gettime.c'; then $(CYGPATH_W) 'gettime.c'; else $(CYGPATH_W) '$(srcdir)/gettime.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-gettime.Tpo $(DEPDIR)/libcommonpth_a-gettime.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gettime.c' object='libcommonpth_a-gettime.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-gettime.obj `if test -f 'gettime.c'; then $(CYGPATH_W) 'gettime.c'; else $(CYGPATH_W) '$(srcdir)/gettime.c'; fi`
+
+libcommonpth_a-yesno.o: yesno.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-yesno.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-yesno.Tpo -c -o libcommonpth_a-yesno.o `test -f 'yesno.c' || echo '$(srcdir)/'`yesno.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-yesno.Tpo $(DEPDIR)/libcommonpth_a-yesno.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='yesno.c' object='libcommonpth_a-yesno.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-yesno.o `test -f 'yesno.c' || echo '$(srcdir)/'`yesno.c
+
+libcommonpth_a-yesno.obj: yesno.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-yesno.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-yesno.Tpo -c -o libcommonpth_a-yesno.obj `if test -f 'yesno.c'; then $(CYGPATH_W) 'yesno.c'; else $(CYGPATH_W) '$(srcdir)/yesno.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-yesno.Tpo $(DEPDIR)/libcommonpth_a-yesno.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='yesno.c' object='libcommonpth_a-yesno.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-yesno.obj `if test -f 'yesno.c'; then $(CYGPATH_W) 'yesno.c'; else $(CYGPATH_W) '$(srcdir)/yesno.c'; fi`
+
+libcommonpth_a-b64enc.o: b64enc.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-b64enc.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-b64enc.Tpo -c -o libcommonpth_a-b64enc.o `test -f 'b64enc.c' || echo '$(srcdir)/'`b64enc.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-b64enc.Tpo $(DEPDIR)/libcommonpth_a-b64enc.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='b64enc.c' object='libcommonpth_a-b64enc.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-b64enc.o `test -f 'b64enc.c' || echo '$(srcdir)/'`b64enc.c
+
+libcommonpth_a-b64enc.obj: b64enc.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-b64enc.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-b64enc.Tpo -c -o libcommonpth_a-b64enc.obj `if test -f 'b64enc.c'; then $(CYGPATH_W) 'b64enc.c'; else $(CYGPATH_W) '$(srcdir)/b64enc.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-b64enc.Tpo $(DEPDIR)/libcommonpth_a-b64enc.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='b64enc.c' object='libcommonpth_a-b64enc.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-b64enc.obj `if test -f 'b64enc.c'; then $(CYGPATH_W) 'b64enc.c'; else $(CYGPATH_W) '$(srcdir)/b64enc.c'; fi`
+
+libcommonpth_a-b64dec.o: b64dec.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-b64dec.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-b64dec.Tpo -c -o libcommonpth_a-b64dec.o `test -f 'b64dec.c' || echo '$(srcdir)/'`b64dec.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-b64dec.Tpo $(DEPDIR)/libcommonpth_a-b64dec.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='b64dec.c' object='libcommonpth_a-b64dec.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-b64dec.o `test -f 'b64dec.c' || echo '$(srcdir)/'`b64dec.c
+
+libcommonpth_a-b64dec.obj: b64dec.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-b64dec.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-b64dec.Tpo -c -o libcommonpth_a-b64dec.obj `if test -f 'b64dec.c'; then $(CYGPATH_W) 'b64dec.c'; else $(CYGPATH_W) '$(srcdir)/b64dec.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-b64dec.Tpo $(DEPDIR)/libcommonpth_a-b64dec.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='b64dec.c' object='libcommonpth_a-b64dec.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-b64dec.obj `if test -f 'b64dec.c'; then $(CYGPATH_W) 'b64dec.c'; else $(CYGPATH_W) '$(srcdir)/b64dec.c'; fi`
+
+libcommonpth_a-convert.o: convert.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-convert.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-convert.Tpo -c -o libcommonpth_a-convert.o `test -f 'convert.c' || echo '$(srcdir)/'`convert.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-convert.Tpo $(DEPDIR)/libcommonpth_a-convert.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='convert.c' object='libcommonpth_a-convert.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-convert.o `test -f 'convert.c' || echo '$(srcdir)/'`convert.c
+
+libcommonpth_a-convert.obj: convert.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-convert.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-convert.Tpo -c -o libcommonpth_a-convert.obj `if test -f 'convert.c'; then $(CYGPATH_W) 'convert.c'; else $(CYGPATH_W) '$(srcdir)/convert.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-convert.Tpo $(DEPDIR)/libcommonpth_a-convert.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='convert.c' object='libcommonpth_a-convert.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-convert.obj `if test -f 'convert.c'; then $(CYGPATH_W) 'convert.c'; else $(CYGPATH_W) '$(srcdir)/convert.c'; fi`
+
+libcommonpth_a-percent.o: percent.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-percent.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-percent.Tpo -c -o libcommonpth_a-percent.o `test -f 'percent.c' || echo '$(srcdir)/'`percent.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-percent.Tpo $(DEPDIR)/libcommonpth_a-percent.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='percent.c' object='libcommonpth_a-percent.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-percent.o `test -f 'percent.c' || echo '$(srcdir)/'`percent.c
+
+libcommonpth_a-percent.obj: percent.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-percent.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-percent.Tpo -c -o libcommonpth_a-percent.obj `if test -f 'percent.c'; then $(CYGPATH_W) 'percent.c'; else $(CYGPATH_W) '$(srcdir)/percent.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-percent.Tpo $(DEPDIR)/libcommonpth_a-percent.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='percent.c' object='libcommonpth_a-percent.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-percent.obj `if test -f 'percent.c'; then $(CYGPATH_W) 'percent.c'; else $(CYGPATH_W) '$(srcdir)/percent.c'; fi`
+
+libcommonpth_a-miscellaneous.o: miscellaneous.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-miscellaneous.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-miscellaneous.Tpo -c -o libcommonpth_a-miscellaneous.o `test -f 'miscellaneous.c' || echo '$(srcdir)/'`miscellaneous.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-miscellaneous.Tpo $(DEPDIR)/libcommonpth_a-miscellaneous.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='miscellaneous.c' object='libcommonpth_a-miscellaneous.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-miscellaneous.o `test -f 'miscellaneous.c' || echo '$(srcdir)/'`miscellaneous.c
+
+libcommonpth_a-miscellaneous.obj: miscellaneous.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-miscellaneous.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-miscellaneous.Tpo -c -o libcommonpth_a-miscellaneous.obj `if test -f 'miscellaneous.c'; then $(CYGPATH_W) 'miscellaneous.c'; else $(CYGPATH_W) '$(srcdir)/miscellaneous.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-miscellaneous.Tpo $(DEPDIR)/libcommonpth_a-miscellaneous.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='miscellaneous.c' object='libcommonpth_a-miscellaneous.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-miscellaneous.obj `if test -f 'miscellaneous.c'; then $(CYGPATH_W) 'miscellaneous.c'; else $(CYGPATH_W) '$(srcdir)/miscellaneous.c'; fi`
+
+libcommonpth_a-xasprintf.o: xasprintf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-xasprintf.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-xasprintf.Tpo -c -o libcommonpth_a-xasprintf.o `test -f 'xasprintf.c' || echo '$(srcdir)/'`xasprintf.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-xasprintf.Tpo $(DEPDIR)/libcommonpth_a-xasprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xasprintf.c' object='libcommonpth_a-xasprintf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-xasprintf.o `test -f 'xasprintf.c' || echo '$(srcdir)/'`xasprintf.c
+
+libcommonpth_a-xasprintf.obj: xasprintf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-xasprintf.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-xasprintf.Tpo -c -o libcommonpth_a-xasprintf.obj `if test -f 'xasprintf.c'; then $(CYGPATH_W) 'xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/xasprintf.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-xasprintf.Tpo $(DEPDIR)/libcommonpth_a-xasprintf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xasprintf.c' object='libcommonpth_a-xasprintf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-xasprintf.obj `if test -f 'xasprintf.c'; then $(CYGPATH_W) 'xasprintf.c'; else $(CYGPATH_W) '$(srcdir)/xasprintf.c'; fi`
+
+libcommonpth_a-xreadline.o: xreadline.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-xreadline.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-xreadline.Tpo -c -o libcommonpth_a-xreadline.o `test -f 'xreadline.c' || echo '$(srcdir)/'`xreadline.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-xreadline.Tpo $(DEPDIR)/libcommonpth_a-xreadline.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xreadline.c' object='libcommonpth_a-xreadline.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-xreadline.o `test -f 'xreadline.c' || echo '$(srcdir)/'`xreadline.c
+
+libcommonpth_a-xreadline.obj: xreadline.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-xreadline.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-xreadline.Tpo -c -o libcommonpth_a-xreadline.obj `if test -f 'xreadline.c'; then $(CYGPATH_W) 'xreadline.c'; else $(CYGPATH_W) '$(srcdir)/xreadline.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-xreadline.Tpo $(DEPDIR)/libcommonpth_a-xreadline.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xreadline.c' object='libcommonpth_a-xreadline.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-xreadline.obj `if test -f 'xreadline.c'; then $(CYGPATH_W) 'xreadline.c'; else $(CYGPATH_W) '$(srcdir)/xreadline.c'; fi`
+
+libcommonpth_a-membuf.o: membuf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-membuf.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-membuf.Tpo -c -o libcommonpth_a-membuf.o `test -f 'membuf.c' || echo '$(srcdir)/'`membuf.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-membuf.Tpo $(DEPDIR)/libcommonpth_a-membuf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='membuf.c' object='libcommonpth_a-membuf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-membuf.o `test -f 'membuf.c' || echo '$(srcdir)/'`membuf.c
+
+libcommonpth_a-membuf.obj: membuf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-membuf.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-membuf.Tpo -c -o libcommonpth_a-membuf.obj `if test -f 'membuf.c'; then $(CYGPATH_W) 'membuf.c'; else $(CYGPATH_W) '$(srcdir)/membuf.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-membuf.Tpo $(DEPDIR)/libcommonpth_a-membuf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='membuf.c' object='libcommonpth_a-membuf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-membuf.obj `if test -f 'membuf.c'; then $(CYGPATH_W) 'membuf.c'; else $(CYGPATH_W) '$(srcdir)/membuf.c'; fi`
+
+libcommonpth_a-iobuf.o: iobuf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-iobuf.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-iobuf.Tpo -c -o libcommonpth_a-iobuf.o `test -f 'iobuf.c' || echo '$(srcdir)/'`iobuf.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-iobuf.Tpo $(DEPDIR)/libcommonpth_a-iobuf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iobuf.c' object='libcommonpth_a-iobuf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-iobuf.o `test -f 'iobuf.c' || echo '$(srcdir)/'`iobuf.c
+
+libcommonpth_a-iobuf.obj: iobuf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-iobuf.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-iobuf.Tpo -c -o libcommonpth_a-iobuf.obj `if test -f 'iobuf.c'; then $(CYGPATH_W) 'iobuf.c'; else $(CYGPATH_W) '$(srcdir)/iobuf.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-iobuf.Tpo $(DEPDIR)/libcommonpth_a-iobuf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='iobuf.c' object='libcommonpth_a-iobuf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-iobuf.obj `if test -f 'iobuf.c'; then $(CYGPATH_W) 'iobuf.c'; else $(CYGPATH_W) '$(srcdir)/iobuf.c'; fi`
+
+libcommonpth_a-ttyio.o: ttyio.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-ttyio.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-ttyio.Tpo -c -o libcommonpth_a-ttyio.o `test -f 'ttyio.c' || echo '$(srcdir)/'`ttyio.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-ttyio.Tpo $(DEPDIR)/libcommonpth_a-ttyio.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ttyio.c' object='libcommonpth_a-ttyio.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-ttyio.o `test -f 'ttyio.c' || echo '$(srcdir)/'`ttyio.c
+
+libcommonpth_a-ttyio.obj: ttyio.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-ttyio.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-ttyio.Tpo -c -o libcommonpth_a-ttyio.obj `if test -f 'ttyio.c'; then $(CYGPATH_W) 'ttyio.c'; else $(CYGPATH_W) '$(srcdir)/ttyio.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-ttyio.Tpo $(DEPDIR)/libcommonpth_a-ttyio.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ttyio.c' object='libcommonpth_a-ttyio.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-ttyio.obj `if test -f 'ttyio.c'; then $(CYGPATH_W) 'ttyio.c'; else $(CYGPATH_W) '$(srcdir)/ttyio.c'; fi`
+
+libcommonpth_a-asshelp.o: asshelp.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-asshelp.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-asshelp.Tpo -c -o libcommonpth_a-asshelp.o `test -f 'asshelp.c' || echo '$(srcdir)/'`asshelp.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-asshelp.Tpo $(DEPDIR)/libcommonpth_a-asshelp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asshelp.c' object='libcommonpth_a-asshelp.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-asshelp.o `test -f 'asshelp.c' || echo '$(srcdir)/'`asshelp.c
+
+libcommonpth_a-asshelp.obj: asshelp.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-asshelp.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-asshelp.Tpo -c -o libcommonpth_a-asshelp.obj `if test -f 'asshelp.c'; then $(CYGPATH_W) 'asshelp.c'; else $(CYGPATH_W) '$(srcdir)/asshelp.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-asshelp.Tpo $(DEPDIR)/libcommonpth_a-asshelp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asshelp.c' object='libcommonpth_a-asshelp.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-asshelp.obj `if test -f 'asshelp.c'; then $(CYGPATH_W) 'asshelp.c'; else $(CYGPATH_W) '$(srcdir)/asshelp.c'; fi`
+
+libcommonpth_a-exechelp.o: exechelp.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-exechelp.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-exechelp.Tpo -c -o libcommonpth_a-exechelp.o `test -f 'exechelp.c' || echo '$(srcdir)/'`exechelp.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-exechelp.Tpo $(DEPDIR)/libcommonpth_a-exechelp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='exechelp.c' object='libcommonpth_a-exechelp.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-exechelp.o `test -f 'exechelp.c' || echo '$(srcdir)/'`exechelp.c
+
+libcommonpth_a-exechelp.obj: exechelp.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-exechelp.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-exechelp.Tpo -c -o libcommonpth_a-exechelp.obj `if test -f 'exechelp.c'; then $(CYGPATH_W) 'exechelp.c'; else $(CYGPATH_W) '$(srcdir)/exechelp.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-exechelp.Tpo $(DEPDIR)/libcommonpth_a-exechelp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='exechelp.c' object='libcommonpth_a-exechelp.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-exechelp.obj `if test -f 'exechelp.c'; then $(CYGPATH_W) 'exechelp.c'; else $(CYGPATH_W) '$(srcdir)/exechelp.c'; fi`
+
+libcommonpth_a-signal.o: signal.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-signal.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-signal.Tpo -c -o libcommonpth_a-signal.o `test -f 'signal.c' || echo '$(srcdir)/'`signal.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-signal.Tpo $(DEPDIR)/libcommonpth_a-signal.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='signal.c' object='libcommonpth_a-signal.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-signal.o `test -f 'signal.c' || echo '$(srcdir)/'`signal.c
+
+libcommonpth_a-signal.obj: signal.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-signal.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-signal.Tpo -c -o libcommonpth_a-signal.obj `if test -f 'signal.c'; then $(CYGPATH_W) 'signal.c'; else $(CYGPATH_W) '$(srcdir)/signal.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-signal.Tpo $(DEPDIR)/libcommonpth_a-signal.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='signal.c' object='libcommonpth_a-signal.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-signal.obj `if test -f 'signal.c'; then $(CYGPATH_W) 'signal.c'; else $(CYGPATH_W) '$(srcdir)/signal.c'; fi`
+
+libcommonpth_a-estream.o: estream.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-estream.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-estream.Tpo -c -o libcommonpth_a-estream.o `test -f 'estream.c' || echo '$(srcdir)/'`estream.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-estream.Tpo $(DEPDIR)/libcommonpth_a-estream.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='estream.c' object='libcommonpth_a-estream.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-estream.o `test -f 'estream.c' || echo '$(srcdir)/'`estream.c
+
+libcommonpth_a-estream.obj: estream.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-estream.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-estream.Tpo -c -o libcommonpth_a-estream.obj `if test -f 'estream.c'; then $(CYGPATH_W) 'estream.c'; else $(CYGPATH_W) '$(srcdir)/estream.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-estream.Tpo $(DEPDIR)/libcommonpth_a-estream.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='estream.c' object='libcommonpth_a-estream.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-estream.obj `if test -f 'estream.c'; then $(CYGPATH_W) 'estream.c'; else $(CYGPATH_W) '$(srcdir)/estream.c'; fi`
+
+libcommonpth_a-estream-printf.o: estream-printf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-estream-printf.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-estream-printf.Tpo -c -o libcommonpth_a-estream-printf.o `test -f 'estream-printf.c' || echo '$(srcdir)/'`estream-printf.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-estream-printf.Tpo $(DEPDIR)/libcommonpth_a-estream-printf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='estream-printf.c' object='libcommonpth_a-estream-printf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-estream-printf.o `test -f 'estream-printf.c' || echo '$(srcdir)/'`estream-printf.c
+
+libcommonpth_a-estream-printf.obj: estream-printf.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-estream-printf.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-estream-printf.Tpo -c -o libcommonpth_a-estream-printf.obj `if test -f 'estream-printf.c'; then $(CYGPATH_W) 'estream-printf.c'; else $(CYGPATH_W) '$(srcdir)/estream-printf.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-estream-printf.Tpo $(DEPDIR)/libcommonpth_a-estream-printf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='estream-printf.c' object='libcommonpth_a-estream-printf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-estream-printf.obj `if test -f 'estream-printf.c'; then $(CYGPATH_W) 'estream-printf.c'; else $(CYGPATH_W) '$(srcdir)/estream-printf.c'; fi`
+
+libcommonpth_a-audit.o: audit.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-audit.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-audit.Tpo -c -o libcommonpth_a-audit.o `test -f 'audit.c' || echo '$(srcdir)/'`audit.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-audit.Tpo $(DEPDIR)/libcommonpth_a-audit.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='audit.c' object='libcommonpth_a-audit.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-audit.o `test -f 'audit.c' || echo '$(srcdir)/'`audit.c
+
+libcommonpth_a-audit.obj: audit.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-audit.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-audit.Tpo -c -o libcommonpth_a-audit.obj `if test -f 'audit.c'; then $(CYGPATH_W) 'audit.c'; else $(CYGPATH_W) '$(srcdir)/audit.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-audit.Tpo $(DEPDIR)/libcommonpth_a-audit.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='audit.c' object='libcommonpth_a-audit.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-audit.obj `if test -f 'audit.c'; then $(CYGPATH_W) 'audit.c'; else $(CYGPATH_W) '$(srcdir)/audit.c'; fi`
+
+libcommonpth_a-dns-cert.o: dns-cert.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-dns-cert.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-dns-cert.Tpo -c -o libcommonpth_a-dns-cert.o `test -f 'dns-cert.c' || echo '$(srcdir)/'`dns-cert.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-dns-cert.Tpo $(DEPDIR)/libcommonpth_a-dns-cert.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='dns-cert.c' object='libcommonpth_a-dns-cert.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-dns-cert.o `test -f 'dns-cert.c' || echo '$(srcdir)/'`dns-cert.c
+
+libcommonpth_a-dns-cert.obj: dns-cert.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-dns-cert.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-dns-cert.Tpo -c -o libcommonpth_a-dns-cert.obj `if test -f 'dns-cert.c'; then $(CYGPATH_W) 'dns-cert.c'; else $(CYGPATH_W) '$(srcdir)/dns-cert.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-dns-cert.Tpo $(DEPDIR)/libcommonpth_a-dns-cert.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='dns-cert.c' object='libcommonpth_a-dns-cert.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-dns-cert.obj `if test -f 'dns-cert.c'; then $(CYGPATH_W) 'dns-cert.c'; else $(CYGPATH_W) '$(srcdir)/dns-cert.c'; fi`
+
+libcommonpth_a-pka.o: pka.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-pka.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-pka.Tpo -c -o libcommonpth_a-pka.o `test -f 'pka.c' || echo '$(srcdir)/'`pka.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-pka.Tpo $(DEPDIR)/libcommonpth_a-pka.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pka.c' object='libcommonpth_a-pka.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-pka.o `test -f 'pka.c' || echo '$(srcdir)/'`pka.c
+
+libcommonpth_a-pka.obj: pka.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-pka.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-pka.Tpo -c -o libcommonpth_a-pka.obj `if test -f 'pka.c'; then $(CYGPATH_W) 'pka.c'; else $(CYGPATH_W) '$(srcdir)/pka.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-pka.Tpo $(DEPDIR)/libcommonpth_a-pka.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pka.c' object='libcommonpth_a-pka.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-pka.obj `if test -f 'pka.c'; then $(CYGPATH_W) 'pka.c'; else $(CYGPATH_W) '$(srcdir)/pka.c'; fi`
+
+libcommonpth_a-http.o: http.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-http.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-http.Tpo -c -o libcommonpth_a-http.o `test -f 'http.c' || echo '$(srcdir)/'`http.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-http.Tpo $(DEPDIR)/libcommonpth_a-http.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='http.c' object='libcommonpth_a-http.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-http.o `test -f 'http.c' || echo '$(srcdir)/'`http.c
+
+libcommonpth_a-http.obj: http.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-http.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-http.Tpo -c -o libcommonpth_a-http.obj `if test -f 'http.c'; then $(CYGPATH_W) 'http.c'; else $(CYGPATH_W) '$(srcdir)/http.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-http.Tpo $(DEPDIR)/libcommonpth_a-http.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='http.c' object='libcommonpth_a-http.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-http.obj `if test -f 'http.c'; then $(CYGPATH_W) 'http.c'; else $(CYGPATH_W) '$(srcdir)/http.c'; fi`
+
+libcommonpth_a-localename.o: localename.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-localename.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-localename.Tpo -c -o libcommonpth_a-localename.o `test -f 'localename.c' || echo '$(srcdir)/'`localename.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-localename.Tpo $(DEPDIR)/libcommonpth_a-localename.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='localename.c' object='libcommonpth_a-localename.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-localename.o `test -f 'localename.c' || echo '$(srcdir)/'`localename.c
+
+libcommonpth_a-localename.obj: localename.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-localename.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-localename.Tpo -c -o libcommonpth_a-localename.obj `if test -f 'localename.c'; then $(CYGPATH_W) 'localename.c'; else $(CYGPATH_W) '$(srcdir)/localename.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-localename.Tpo $(DEPDIR)/libcommonpth_a-localename.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='localename.c' object='libcommonpth_a-localename.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-localename.obj `if test -f 'localename.c'; then $(CYGPATH_W) 'localename.c'; else $(CYGPATH_W) '$(srcdir)/localename.c'; fi`
+
+libcommonpth_a-session-env.o: session-env.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-session-env.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-session-env.Tpo -c -o libcommonpth_a-session-env.o `test -f 'session-env.c' || echo '$(srcdir)/'`session-env.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-session-env.Tpo $(DEPDIR)/libcommonpth_a-session-env.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='session-env.c' object='libcommonpth_a-session-env.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-session-env.o `test -f 'session-env.c' || echo '$(srcdir)/'`session-env.c
+
+libcommonpth_a-session-env.obj: session-env.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-session-env.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-session-env.Tpo -c -o libcommonpth_a-session-env.obj `if test -f 'session-env.c'; then $(CYGPATH_W) 'session-env.c'; else $(CYGPATH_W) '$(srcdir)/session-env.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-session-env.Tpo $(DEPDIR)/libcommonpth_a-session-env.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='session-env.c' object='libcommonpth_a-session-env.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-session-env.obj `if test -f 'session-env.c'; then $(CYGPATH_W) 'session-env.c'; else $(CYGPATH_W) '$(srcdir)/session-env.c'; fi`
+
+libcommonpth_a-ssh-utils.o: ssh-utils.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-ssh-utils.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-ssh-utils.Tpo -c -o libcommonpth_a-ssh-utils.o `test -f 'ssh-utils.c' || echo '$(srcdir)/'`ssh-utils.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-ssh-utils.Tpo $(DEPDIR)/libcommonpth_a-ssh-utils.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ssh-utils.c' object='libcommonpth_a-ssh-utils.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-ssh-utils.o `test -f 'ssh-utils.c' || echo '$(srcdir)/'`ssh-utils.c
+
+libcommonpth_a-ssh-utils.obj: ssh-utils.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-ssh-utils.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-ssh-utils.Tpo -c -o libcommonpth_a-ssh-utils.obj `if test -f 'ssh-utils.c'; then $(CYGPATH_W) 'ssh-utils.c'; else $(CYGPATH_W) '$(srcdir)/ssh-utils.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-ssh-utils.Tpo $(DEPDIR)/libcommonpth_a-ssh-utils.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ssh-utils.c' object='libcommonpth_a-ssh-utils.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-ssh-utils.obj `if test -f 'ssh-utils.c'; then $(CYGPATH_W) 'ssh-utils.c'; else $(CYGPATH_W) '$(srcdir)/ssh-utils.c'; fi`
+
+libcommonpth_a-helpfile.o: helpfile.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-helpfile.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-helpfile.Tpo -c -o libcommonpth_a-helpfile.o `test -f 'helpfile.c' || echo '$(srcdir)/'`helpfile.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-helpfile.Tpo $(DEPDIR)/libcommonpth_a-helpfile.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='helpfile.c' object='libcommonpth_a-helpfile.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-helpfile.o `test -f 'helpfile.c' || echo '$(srcdir)/'`helpfile.c
+
+libcommonpth_a-helpfile.obj: helpfile.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-helpfile.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-helpfile.Tpo -c -o libcommonpth_a-helpfile.obj `if test -f 'helpfile.c'; then $(CYGPATH_W) 'helpfile.c'; else $(CYGPATH_W) '$(srcdir)/helpfile.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-helpfile.Tpo $(DEPDIR)/libcommonpth_a-helpfile.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='helpfile.c' object='libcommonpth_a-helpfile.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-helpfile.obj `if test -f 'helpfile.c'; then $(CYGPATH_W) 'helpfile.c'; else $(CYGPATH_W) '$(srcdir)/helpfile.c'; fi`
+
+libcommonpth_a-srv.o: srv.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-srv.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-srv.Tpo -c -o libcommonpth_a-srv.o `test -f 'srv.c' || echo '$(srcdir)/'`srv.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-srv.Tpo $(DEPDIR)/libcommonpth_a-srv.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='srv.c' object='libcommonpth_a-srv.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-srv.o `test -f 'srv.c' || echo '$(srcdir)/'`srv.c
+
+libcommonpth_a-srv.obj: srv.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-srv.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-srv.Tpo -c -o libcommonpth_a-srv.obj `if test -f 'srv.c'; then $(CYGPATH_W) 'srv.c'; else $(CYGPATH_W) '$(srcdir)/srv.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcommonpth_a-srv.Tpo $(DEPDIR)/libcommonpth_a-srv.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='srv.c' object='libcommonpth_a-srv.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-srv.obj `if test -f 'srv.c'; then $(CYGPATH_W) 'srv.c'; else $(CYGPATH_W) '$(srcdir)/srv.c'; fi`
+
+libsimple_pwquery_a-simple-pwquery.o: simple-pwquery.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsimple_pwquery_a_CFLAGS) $(CFLAGS) -MT libsimple_pwquery_a-simple-pwquery.o -MD -MP -MF $(DEPDIR)/libsimple_pwquery_a-simple-pwquery.Tpo -c -o libsimple_pwquery_a-simple-pwquery.o `test -f 'simple-pwquery.c' || echo '$(srcdir)/'`simple-pwquery.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libsimple_pwquery_a-simple-pwquery.Tpo $(DEPDIR)/libsimple_pwquery_a-simple-pwquery.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='simple-pwquery.c' object='libsimple_pwquery_a-simple-pwquery.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsimple_pwquery_a_CFLAGS) $(CFLAGS) -c -o libsimple_pwquery_a-simple-pwquery.o `test -f 'simple-pwquery.c' || echo '$(srcdir)/'`simple-pwquery.c
+
+libsimple_pwquery_a-simple-pwquery.obj: simple-pwquery.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsimple_pwquery_a_CFLAGS) $(CFLAGS) -MT libsimple_pwquery_a-simple-pwquery.obj -MD -MP -MF $(DEPDIR)/libsimple_pwquery_a-simple-pwquery.Tpo -c -o libsimple_pwquery_a-simple-pwquery.obj `if test -f 'simple-pwquery.c'; then $(CYGPATH_W) 'simple-pwquery.c'; else $(CYGPATH_W) '$(srcdir)/simple-pwquery.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libsimple_pwquery_a-simple-pwquery.Tpo $(DEPDIR)/libsimple_pwquery_a-simple-pwquery.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='simple-pwquery.c' object='libsimple_pwquery_a-simple-pwquery.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsimple_pwquery_a_CFLAGS) $(CFLAGS) -c -o libsimple_pwquery_a-simple-pwquery.obj `if test -f 'simple-pwquery.c'; then $(CYGPATH_W) 'simple-pwquery.c'; else $(CYGPATH_W) '$(srcdir)/simple-pwquery.c'; fi`
+
+libsimple_pwquery_a-asshelp.o: asshelp.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsimple_pwquery_a_CFLAGS) $(CFLAGS) -MT libsimple_pwquery_a-asshelp.o -MD -MP -MF $(DEPDIR)/libsimple_pwquery_a-asshelp.Tpo -c -o libsimple_pwquery_a-asshelp.o `test -f 'asshelp.c' || echo '$(srcdir)/'`asshelp.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libsimple_pwquery_a-asshelp.Tpo $(DEPDIR)/libsimple_pwquery_a-asshelp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asshelp.c' object='libsimple_pwquery_a-asshelp.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsimple_pwquery_a_CFLAGS) $(CFLAGS) -c -o libsimple_pwquery_a-asshelp.o `test -f 'asshelp.c' || echo '$(srcdir)/'`asshelp.c
+
+libsimple_pwquery_a-asshelp.obj: asshelp.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsimple_pwquery_a_CFLAGS) $(CFLAGS) -MT libsimple_pwquery_a-asshelp.obj -MD -MP -MF $(DEPDIR)/libsimple_pwquery_a-asshelp.Tpo -c -o libsimple_pwquery_a-asshelp.obj `if test -f 'asshelp.c'; then $(CYGPATH_W) 'asshelp.c'; else $(CYGPATH_W) '$(srcdir)/asshelp.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libsimple_pwquery_a-asshelp.Tpo $(DEPDIR)/libsimple_pwquery_a-asshelp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asshelp.c' object='libsimple_pwquery_a-asshelp.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsimple_pwquery_a_CFLAGS) $(CFLAGS) -c -o libsimple_pwquery_a-asshelp.obj `if test -f 'asshelp.c'; then $(CYGPATH_W) 'asshelp.c'; else $(CYGPATH_W) '$(srcdir)/asshelp.c'; fi`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ echo "$$grn$$dashes"; \
+ else \
+ echo "$$red$$dashes"; \
+ fi; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes$$std"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+all-am: Makefile $(LIBRARIES) $(PROGRAMS)
+installdirs:
+install: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+clean: clean-am
+
+clean-am: clean-generic clean-noinstLIBRARIES clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: all check check-am install install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
+ clean-generic clean-noinstLIBRARIES clean-noinstPROGRAMS ctags \
+ distclean distclean-compile distclean-generic distclean-tags \
+ distdir dvi dvi-am html html-am info info-am install \
+ install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am
+
+
+# Note: Due to the dependency on Makefile, the file will always be
+# rebuilt, so we allow this only in maintainer mode.
+
+# Create the audit-events.h include file from audit.h
+# Note: We create the target file in the source directory because it
+# is a distributed built source. If we would not do that we may end
+# up with two files and then it is not clear which version of the
+# files will be picked up.
+@MAINTAINER_MODE_TRUE@audit-events.h: Makefile mkstrtable.awk exaudit.awk audit.h
+@MAINTAINER_MODE_TRUE@ $(AWK) -f $(srcdir)/exaudit.awk $(srcdir)/audit.h \
+@MAINTAINER_MODE_TRUE@ | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \
+@MAINTAINER_MODE_TRUE@ -v namespace=eventstr_ > $(srcdir)/audit-events.h
+
+# Create the status-codes.h include file from status.h
+@MAINTAINER_MODE_TRUE@status-codes.h: Makefile mkstrtable.awk exstatus.awk status.h
+@MAINTAINER_MODE_TRUE@ $(AWK) -f $(srcdir)/exstatus.awk $(srcdir)/status.h \
+@MAINTAINER_MODE_TRUE@ | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \
+@MAINTAINER_MODE_TRUE@ -v namespace=statusstr_ > $(srcdir)/status-codes.h
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/common/README b/common/README
new file mode 100644
index 0000000..a90224b
--- /dev/null
+++ b/common/README
@@ -0,0 +1,11 @@
+Stuff used by several modules of GnuPG.
+
+These directories use it:
+
+gpg
+sm
+agent
+
+These directories don't use it:
+
+kbx \ No newline at end of file
diff --git a/common/asshelp.c b/common/asshelp.c
new file mode 100644
index 0000000..3dc4b22
--- /dev/null
+++ b/common/asshelp.c
@@ -0,0 +1,457 @@
+/* asshelp.c - Helper functions for Assuan
+ * Copyright (C) 2002, 2004, 2007, 2009, 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#ifdef HAVE_LOCALE_H
+#include <locale.h>
+#endif
+
+#define JNLIB_NEED_LOG_LOGV
+#include "i18n.h"
+#include "util.h"
+#include "exechelp.h"
+#include "sysutils.h"
+#include "status.h"
+#include "asshelp.h"
+
+/* The type we use for lock_agent_spawning. */
+#ifdef HAVE_W32_SYSTEM
+# define lock_agent_t HANDLE
+#else
+# define lock_agent_t DOTLOCK
+#endif
+
+
+static gpg_error_t
+send_one_option (assuan_context_t ctx, gpg_err_source_t errsource,
+ const char *name, const char *value, int use_putenv)
+{
+ gpg_error_t err;
+ char *optstr;
+
+ (void)errsource;
+
+ if (!value || !*value)
+ err = 0; /* Avoid sending empty strings. */
+ else if (asprintf (&optstr, "OPTION %s%s=%s",
+ use_putenv? "putenv=":"", name, value) < 0)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ err = assuan_transact (ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL);
+ xfree (optstr);
+ }
+
+ return err;
+}
+
+
+/* Send the assuan commands pertaining to the pinentry environment. The
+ OPT_* arguments are optional and may be used to override the
+ defaults taken from the current locale. */
+gpg_error_t
+send_pinentry_environment (assuan_context_t ctx,
+ gpg_err_source_t errsource,
+ const char *opt_lc_ctype,
+ const char *opt_lc_messages,
+ session_env_t session_env)
+
+{
+ gpg_error_t err = 0;
+#if defined(HAVE_SETLOCALE)
+ char *old_lc = NULL;
+#endif
+ char *dft_lc = NULL;
+ const char *dft_ttyname;
+ int iterator;
+ const char *name, *assname, *value;
+ int is_default;
+
+ iterator = 0;
+ while ((name = session_env_list_stdenvnames (&iterator, &assname)))
+ {
+ value = session_env_getenv_or_default (session_env, name, NULL);
+ if (!value)
+ continue;
+
+ if (assname)
+ err = send_one_option (ctx, errsource, assname, value, 0);
+ else
+ {
+ err = send_one_option (ctx, errsource, name, value, 1);
+ if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
+ err = 0; /* Server too old; can't pass the new envvars. */
+ }
+ if (err)
+ return err;
+ }
+
+
+ dft_ttyname = session_env_getenv_or_default (session_env, "GPG_TTY",
+ &is_default);
+ if (dft_ttyname && !is_default)
+ dft_ttyname = NULL; /* We need the default value. */
+
+ /* Send the value for LC_CTYPE. */
+#if defined(HAVE_SETLOCALE) && defined(LC_CTYPE)
+ old_lc = setlocale (LC_CTYPE, NULL);
+ if (old_lc)
+ {
+ old_lc = xtrystrdup (old_lc);
+ if (!old_lc)
+ return gpg_error_from_syserror ();
+ }
+ dft_lc = setlocale (LC_CTYPE, "");
+#endif
+ if (opt_lc_ctype || (dft_ttyname && dft_lc))
+ {
+ err = send_one_option (ctx, errsource, "lc-ctype",
+ opt_lc_ctype ? opt_lc_ctype : dft_lc, 0);
+ }
+#if defined(HAVE_SETLOCALE) && defined(LC_CTYPE)
+ if (old_lc)
+ {
+ setlocale (LC_CTYPE, old_lc);
+ xfree (old_lc);
+ }
+#endif
+ if (err)
+ return err;
+
+ /* Send the value for LC_MESSAGES. */
+#if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES)
+ old_lc = setlocale (LC_MESSAGES, NULL);
+ if (old_lc)
+ {
+ old_lc = xtrystrdup (old_lc);
+ if (!old_lc)
+ return gpg_error_from_syserror ();
+ }
+ dft_lc = setlocale (LC_MESSAGES, "");
+#endif
+ if (opt_lc_messages || (dft_ttyname && dft_lc))
+ {
+ err = send_one_option (ctx, errsource, "lc-messages",
+ opt_lc_messages ? opt_lc_messages : dft_lc, 0);
+ }
+#if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES)
+ if (old_lc)
+ {
+ setlocale (LC_MESSAGES, old_lc);
+ xfree (old_lc);
+ }
+#endif
+ if (err)
+ return err;
+
+ return 0;
+}
+
+
+/* Lock the agent spawning process. The caller needs to provide the
+ address of a variable to store the lock information. */
+static gpg_error_t
+lock_agent_spawning (lock_agent_t *lock, const char *homedir)
+{
+#ifdef HAVE_W32_SYSTEM
+ int waitrc;
+
+ (void)homedir; /* Not required. */
+
+ *lock = CreateMutex (NULL, FALSE, "GnuPG_spawn_agent_sentinel");
+ if (!*lock)
+ {
+ log_error ("failed to create the spawn_agent mutex: %s\n",
+ w32_strerror (-1));
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+
+ waitrc = WaitForSingleObject (*lock, 5000);
+ if (waitrc == WAIT_OBJECT_0)
+ return 0;
+
+ if (waitrc == WAIT_TIMEOUT)
+ log_info ("error waiting for the spawn_agent mutex: timeout\n");
+ else
+ log_info ("error waiting for the spawn_agent mutex: "
+ "(code=%d) %s\n", waitrc, w32_strerror (-1));
+ return gpg_error (GPG_ERR_GENERAL);
+#else /*!HAVE_W32_SYSTEM*/
+ char *fname;
+
+ *lock = NULL;
+
+ fname = make_filename (homedir, "gnupg_spawn_agent_sentinel", NULL);
+ if (!fname)
+ return gpg_error_from_syserror ();
+
+ *lock = create_dotlock (fname);
+ xfree (fname);
+ if (!*lock)
+ return gpg_error_from_syserror ();
+
+ /* FIXME: We should use a timeout of 5000 here - however
+ make_dotlock does not yet support values other than -1 and 0. */
+ if (make_dotlock (*lock, -1))
+ return gpg_error_from_syserror ();
+
+ return 0;
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+
+/* Unlock the spawning process. */
+static void
+unlock_agent_spawning (lock_agent_t *lock)
+{
+ if (*lock)
+ {
+#ifdef HAVE_W32_SYSTEM
+ if (!ReleaseMutex (*lock))
+ log_error ("failed to release the spawn_agent mutex: %s\n",
+ w32_strerror (-1));
+ CloseHandle (*lock);
+#else /*!HAVE_W32_SYSTEM*/
+ destroy_dotlock (*lock);
+#endif /*!HAVE_W32_SYSTEM*/
+ *lock = NULL;
+ }
+}
+
+
+/* Try to connect to the agent via socket or fork it off and work by
+ pipes. Handle the server's initial greeting. Returns a new assuan
+ context at R_CTX or an error code. */
+gpg_error_t
+start_new_gpg_agent (assuan_context_t *r_ctx,
+ gpg_err_source_t errsource,
+ const char *homedir,
+ const char *agent_program,
+ const char *opt_lc_ctype,
+ const char *opt_lc_messages,
+ session_env_t session_env,
+ int verbose, int debug,
+ gpg_error_t (*status_cb)(ctrl_t, int, ...),
+ ctrl_t status_cb_arg)
+{
+ /* If we ever failed to connect via a socket we will force the use
+ of the pipe based server for the lifetime of the process. */
+ static int force_pipe_server = 0;
+
+ gpg_error_t err = 0;
+ char *infostr, *p;
+ assuan_context_t ctx;
+
+ *r_ctx = NULL;
+
+ err = assuan_new (&ctx);
+ if (err)
+ {
+ log_error ("error allocating assuan context: %s\n", gpg_strerror (err));
+ return err;
+ }
+
+ restart:
+ infostr = force_pipe_server? NULL : getenv ("GPG_AGENT_INFO");
+ if (!infostr || !*infostr)
+ {
+ char *sockname;
+ const char *argv[3];
+ pid_t pid;
+ int excode;
+
+ /* First check whether we can connect at the standard
+ socket. */
+ sockname = make_filename (homedir, "S.gpg-agent", NULL);
+ err = assuan_socket_connect (ctx, sockname, 0, 0);
+
+ if (err)
+ {
+ /* With no success start a new server. */
+ if (verbose)
+ log_info (_("no running gpg-agent - starting one\n"));
+
+ if (status_cb)
+ status_cb (status_cb_arg, STATUS_PROGRESS,
+ "starting_agent ? 0 0", NULL);
+
+ if (fflush (NULL))
+ {
+ gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
+ log_error ("error flushing pending output: %s\n",
+ strerror (errno));
+ xfree (sockname);
+ assuan_release (ctx);
+ return tmperr;
+ }
+
+ if (!agent_program || !*agent_program)
+ agent_program = gnupg_module_name (GNUPG_MODULE_NAME_AGENT);
+
+ argv[0] = "--use-standard-socket-p";
+ argv[1] = NULL;
+ err = gnupg_spawn_process_fd (agent_program, argv, -1, -1, -1, &pid);
+ if (err)
+ log_debug ("starting `%s' for testing failed: %s\n",
+ agent_program, gpg_strerror (err));
+ else if ((err = gnupg_wait_process (agent_program, pid, &excode)))
+ {
+ if (excode == -1)
+ log_debug ("running `%s' for testing failed: %s\n",
+ agent_program, gpg_strerror (err));
+ }
+
+ if (!err && !excode)
+ {
+ /* If the agent has been configured for use with a
+ standard socket, an environment variable is not
+ required and thus we we can savely start the agent
+ here. */
+ lock_agent_t lock;
+
+ argv[0] = "--daemon";
+ argv[1] = "--use-standard-socket";
+ argv[2] = NULL;
+
+ if (!(err = lock_agent_spawning (&lock, homedir))
+ && assuan_socket_connect (ctx, sockname, 0, 0))
+ {
+ err = gnupg_spawn_process_detached (agent_program, argv,NULL);
+ if (err)
+ log_error ("failed to start agent `%s': %s\n",
+ agent_program, gpg_strerror (err));
+ else
+ {
+ int i;
+
+ if (verbose)
+ log_info (_("waiting %d seconds for the agent "
+ "to come up\n"), 5);
+ for (i=0; i < 5; i++)
+ {
+ gnupg_sleep (1);
+ err = assuan_socket_connect (ctx, sockname, 0, 0);
+ if (!err)
+ break;
+ }
+ }
+ }
+
+ unlock_agent_spawning (&lock);
+ }
+ else
+ {
+ /* If using the standard socket is not the default we
+ start the agent as a pipe server which gives us most
+ of the required features except for passphrase
+ caching etc. */
+ const char *pgmname;
+ int no_close_list[3];
+ int i;
+
+ if ( !(pgmname = strrchr (agent_program, '/')))
+ pgmname = agent_program;
+ else
+ pgmname++;
+
+ argv[0] = pgmname;
+ argv[1] = "--server";
+ argv[2] = NULL;
+
+ i=0;
+ if (log_get_fd () != -1)
+ no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
+ no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
+ no_close_list[i] = -1;
+
+ /* Connect to the agent and perform initial handshaking. */
+ err = assuan_pipe_connect (ctx, agent_program, argv,
+ no_close_list, NULL, NULL, 0);
+ }
+ }
+ xfree (sockname);
+ }
+ else
+ {
+ int prot;
+ int pid;
+
+ infostr = xstrdup (infostr);
+ if ( !(p = strchr (infostr, PATHSEP_C)) || p == infostr)
+ {
+ log_error (_("malformed GPG_AGENT_INFO environment variable\n"));
+ xfree (infostr);
+ force_pipe_server = 1;
+ goto restart;
+ }
+ *p++ = 0;
+ pid = atoi (p);
+ while (*p && *p != PATHSEP_C)
+ p++;
+ prot = *p? atoi (p+1) : 0;
+ if (prot != 1)
+ {
+ log_error (_("gpg-agent protocol version %d is not supported\n"),
+ prot);
+ xfree (infostr);
+ force_pipe_server = 1;
+ goto restart;
+ }
+
+ err = assuan_socket_connect (ctx, infostr, pid, 0);
+ xfree (infostr);
+ if (gpg_err_code (err) == GPG_ERR_ASS_CONNECT_FAILED)
+ {
+ log_info (_("can't connect to the agent - trying fall back\n"));
+ force_pipe_server = 1;
+ goto restart;
+ }
+ }
+
+ if (err)
+ {
+ log_error ("can't connect to the agent: %s\n", gpg_strerror (err));
+ assuan_release (ctx);
+ return gpg_error (GPG_ERR_NO_AGENT);
+ }
+
+ if (debug)
+ log_debug ("connection to agent established\n");
+
+ err = assuan_transact (ctx, "RESET",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (!err)
+ err = send_pinentry_environment (ctx, errsource,
+ opt_lc_ctype, opt_lc_messages,
+ session_env);
+ if (err)
+ {
+ assuan_release (ctx);
+ return err;
+ }
+
+ *r_ctx = ctx;
+ return 0;
+}
+
diff --git a/common/asshelp.h b/common/asshelp.h
new file mode 100644
index 0000000..f7bc88b
--- /dev/null
+++ b/common/asshelp.h
@@ -0,0 +1,50 @@
+/* asshelp.h - Helper functions for Assuan
+ * Copyright (C) 2004, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_ASSHELP_H
+#define GNUPG_COMMON_ASSHELP_H
+
+#include <assuan.h>
+#include <gpg-error.h>
+
+#include "session-env.h"
+
+gpg_error_t
+send_pinentry_environment (assuan_context_t ctx,
+ gpg_err_source_t errsource,
+ const char *opt_lc_ctype,
+ const char *opt_lc_messages,
+ session_env_t session_env);
+
+/* This fucntion is used by the call-agent.c modules to fire up a new
+ agent. */
+gpg_error_t
+start_new_gpg_agent (assuan_context_t *r_ctx,
+ gpg_err_source_t errsource,
+ const char *homedir,
+ const char *agent_program,
+ const char *opt_lc_ctype,
+ const char *opt_lc_messages,
+ session_env_t session_env,
+ int verbose, int debug,
+ gpg_error_t (*status_cb)(ctrl_t, int, ...),
+ ctrl_t status_cb_arg);
+
+
+#endif /*GNUPG_COMMON_ASSHELP_H*/
diff --git a/common/audit-events.h b/common/audit-events.h
new file mode 100644
index 0000000..74484ea
--- /dev/null
+++ b/common/audit-events.h
@@ -0,0 +1,114 @@
+/* Output of mkstrtable.awk. DO NOT EDIT. */
+
+/* audit.h - Definitions for the audit subsystem
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* The purpose of this complex string table is to produce
+ optimal code with a minimum of relocations. */
+
+static const char eventstr_msgstr[] =
+ "null event" "\0"
+ "setup ready" "\0"
+ "agent ready" "\0"
+ "dirmngr ready" "\0"
+ "gpg ready" "\0"
+ "gpgsm ready" "\0"
+ "got data" "\0"
+ "detached signature" "\0"
+ "cert only sig" "\0"
+ "data hash algo" "\0"
+ "attr hash algo" "\0"
+ "data cipher algo" "\0"
+ "bad data hash algo" "\0"
+ "bad data cipher algo" "\0"
+ "data hashing" "\0"
+ "read error" "\0"
+ "write error" "\0"
+ "usage error" "\0"
+ "save cert" "\0"
+ "new sig" "\0"
+ "sig name" "\0"
+ "sig status" "\0"
+ "new recp" "\0"
+ "recp name" "\0"
+ "recp result" "\0"
+ "decryption result" "\0"
+ "validate chain" "\0"
+ "chain begin" "\0"
+ "chain cert" "\0"
+ "chain rootcert" "\0"
+ "chain end" "\0"
+ "chain status" "\0"
+ "root trusted" "\0"
+ "crl check" "\0"
+ "got recipients" "\0"
+ "session key" "\0"
+ "encrypted to" "\0"
+ "encryption done" "\0"
+ "signed by" "\0"
+ "signing done";
+
+static const int eventstr_msgidx[] =
+ {
+ 0,
+ 11,
+ 23,
+ 35,
+ 49,
+ 59,
+ 71,
+ 80,
+ 99,
+ 113,
+ 128,
+ 143,
+ 160,
+ 179,
+ 200,
+ 213,
+ 224,
+ 236,
+ 248,
+ 258,
+ 266,
+ 275,
+ 286,
+ 295,
+ 305,
+ 317,
+ 335,
+ 350,
+ 362,
+ 373,
+ 388,
+ 398,
+ 411,
+ 424,
+ 434,
+ 449,
+ 461,
+ 474,
+ 490,
+ 500,
+
+ };
+
+#define eventstr_msgidxof(code) (0 ? -1 \
+ : ((code >= 0) && (code <= 39)) ? (code - 0) \
+ : -1)
diff --git a/common/audit.c b/common/audit.c
new file mode 100644
index 0000000..02a0a2b
--- /dev/null
+++ b/common/audit.c
@@ -0,0 +1,1324 @@
+/* audit.c - GnuPG's audit subsystem
+ * Copyright (C) 2007, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <assert.h>
+
+#include "util.h"
+#include "i18n.h"
+#include "audit.h"
+#include "audit-events.h"
+
+/* A list to maintain a list of helptags. */
+struct helptag_s
+{
+ struct helptag_s *next;
+ const char *name;
+};
+typedef struct helptag_s *helptag_t;
+
+
+/* One log entry. */
+struct log_item_s
+{
+ audit_event_t event; /* The event. */
+ gpg_error_t err; /* The logged error code. */
+ int intvalue; /* A logged integer value. */
+ char *string; /* A malloced string or NULL. */
+ ksba_cert_t cert; /* A certifciate or NULL. */
+ int have_err:1;
+ int have_intvalue:1;
+};
+typedef struct log_item_s *log_item_t;
+
+
+
+/* The main audit object. */
+struct audit_ctx_s
+{
+ const char *failure; /* If set a description of the internal failure. */
+ audit_type_t type;
+
+ log_item_t log; /* The table with the log entries. */
+ size_t logsize; /* The allocated size for LOG. */
+ size_t logused; /* The used size of LOG. */
+
+ estream_t outstream; /* The current output stream. */
+ int use_html; /* The output shall be HTML formatted. */
+ int indentlevel; /* Current level of indentation. */
+ helptag_t helptags; /* List of help keys. */
+};
+
+
+
+
+static void writeout_para (audit_ctx_t ctx,
+ const char *format, ...) JNLIB_GCC_A_PRINTF(2,3);
+static void writeout_li (audit_ctx_t ctx, const char *oktext,
+ const char *format, ...) JNLIB_GCC_A_PRINTF(3,4);
+static void writeout_rem (audit_ctx_t ctx,
+ const char *format, ...) JNLIB_GCC_A_PRINTF(2,3);
+
+
+/* Add NAME to the list of help tags. NAME needs to be a const string
+ an this function merly stores this pointer. */
+static void
+add_helptag (audit_ctx_t ctx, const char *name)
+{
+ helptag_t item;
+
+ for (item=ctx->helptags; item; item = item->next)
+ if (!strcmp (item->name, name))
+ return; /* Already in the list. */
+ item = xtrycalloc (1, sizeof *item);
+ if (!item)
+ return; /* Don't care about memory problems. */
+ item->name = name;
+ item->next = ctx->helptags;
+ ctx->helptags = item;
+}
+
+
+/* Remove all help tags from the context. */
+static void
+clear_helptags (audit_ctx_t ctx)
+{
+ while (ctx->helptags)
+ {
+ helptag_t tmp = ctx->helptags->next;
+ xfree (ctx->helptags);
+ ctx->helptags = tmp;
+ }
+}
+
+
+
+static const char *
+event2str (audit_event_t event)
+{
+ /* We need the cast so that compiler does not complain about an
+ always true comparison (>= 0) for an unsigned value. */
+ int idx = eventstr_msgidxof ((int)event);
+ if (idx == -1)
+ return "Unknown event";
+ else
+ return eventstr_msgstr + eventstr_msgidx[idx];
+}
+
+
+
+/* Create a new audit context. In case of an error NULL is returned
+ and errno set appropriately. */
+audit_ctx_t
+audit_new (void)
+{
+ audit_ctx_t ctx;
+
+ ctx = xtrycalloc (1, sizeof *ctx);
+
+ return ctx;
+}
+
+
+/* Release an audit context. Passing NULL for CTX is allowed and does
+ nothing. */
+void
+audit_release (audit_ctx_t ctx)
+{
+ int idx;
+ if (!ctx)
+ return;
+ if (ctx->log)
+ {
+ for (idx=0; idx < ctx->logused; idx++)
+ {
+ if (ctx->log[idx].string)
+ xfree (ctx->log[idx].string);
+ if (ctx->log[idx].cert)
+ ksba_cert_release (ctx->log[idx].cert);
+ }
+ xfree (ctx->log);
+ }
+ clear_helptags (ctx);
+ xfree (ctx);
+}
+
+
+/* Set the type for the audit operation. If CTX is NULL, this is a
+ dummy fucntion. */
+void
+audit_set_type (audit_ctx_t ctx, audit_type_t type)
+{
+ if (!ctx || ctx->failure)
+ return; /* Audit not enabled or an internal error has occurred. */
+
+ if (ctx->type && ctx->type != type)
+ {
+ ctx->failure = "conflict in type initialization";
+ return;
+ }
+ ctx->type = type;
+}
+
+
+/* Create a new log item and put it into the table. Return that log
+ item on success; return NULL on memory failure and mark that in
+ CTX. */
+static log_item_t
+create_log_item (audit_ctx_t ctx)
+{
+ log_item_t item, table;
+ size_t size;
+
+ if (!ctx->log)
+ {
+ size = 10;
+ table = xtrymalloc (size * sizeof *table);
+ if (!table)
+ {
+ ctx->failure = "Out of memory in create_log_item";
+ return NULL;
+ }
+ ctx->log = table;
+ ctx->logsize = size;
+ item = ctx->log + 0;
+ ctx->logused = 1;
+ }
+ else if (ctx->logused >= ctx->logsize)
+ {
+ size = ctx->logsize + 10;
+ table = xtryrealloc (ctx->log, size * sizeof *table);
+ if (!table)
+ {
+ ctx->failure = "Out of memory while reallocating in create_log_item";
+ return NULL;
+ }
+ ctx->log = table;
+ ctx->logsize = size;
+ item = ctx->log + ctx->logused++;
+ }
+ else
+ item = ctx->log + ctx->logused++;
+
+ item->event = AUDIT_NULL_EVENT;
+ item->err = 0;
+ item->have_err = 0;
+ item->intvalue = 0;
+ item->have_intvalue = 0;
+ item->string = NULL;
+ item->cert = NULL;
+
+ return item;
+
+}
+
+/* Add a new event to the audit log. If CTX is NULL, this function
+ does nothing. */
+void
+audit_log (audit_ctx_t ctx, audit_event_t event)
+{
+ log_item_t item;
+
+ if (!ctx || ctx->failure)
+ return; /* Audit not enabled or an internal error has occurred. */
+ if (!event)
+ {
+ ctx->failure = "Invalid event passed to audit_log";
+ return;
+ }
+ if (!(item = create_log_item (ctx)))
+ return;
+ item->event = event;
+}
+
+/* Add a new event to the audit log. If CTX is NULL, this function
+ does nothing. This version also adds the result of the operation
+ to the log. */
+void
+audit_log_ok (audit_ctx_t ctx, audit_event_t event, gpg_error_t err)
+{
+ log_item_t item;
+
+ if (!ctx || ctx->failure)
+ return; /* Audit not enabled or an internal error has occurred. */
+ if (!event)
+ {
+ ctx->failure = "Invalid event passed to audit_log_ok";
+ return;
+ }
+ if (!(item = create_log_item (ctx)))
+ return;
+ item->event = event;
+ item->err = err;
+ item->have_err = 1;
+}
+
+
+/* Add a new event to the audit log. If CTX is NULL, this function
+ does nothing. This version also add the integer VALUE to the log. */
+void
+audit_log_i (audit_ctx_t ctx, audit_event_t event, int value)
+{
+ log_item_t item;
+
+ if (!ctx || ctx->failure)
+ return; /* Audit not enabled or an internal error has occurred. */
+ if (!event)
+ {
+ ctx->failure = "Invalid event passed to audit_log_i";
+ return;
+ }
+ if (!(item = create_log_item (ctx)))
+ return;
+ item->event = event;
+ item->intvalue = value;
+ item->have_intvalue = 1;
+}
+
+
+/* Add a new event to the audit log. If CTX is NULL, this function
+ does nothing. This version also add the integer VALUE to the log. */
+void
+audit_log_s (audit_ctx_t ctx, audit_event_t event, const char *value)
+{
+ log_item_t item;
+ char *tmp;
+
+ if (!ctx || ctx->failure)
+ return; /* Audit not enabled or an internal error has occurred. */
+ if (!event)
+ {
+ ctx->failure = "Invalid event passed to audit_log_s";
+ return;
+ }
+ tmp = xtrystrdup (value? value : "");
+ if (!tmp)
+ {
+ ctx->failure = "Out of memory in audit_event";
+ return;
+ }
+ if (!(item = create_log_item (ctx)))
+ {
+ xfree (tmp);
+ return;
+ }
+ item->event = event;
+ item->string = tmp;
+}
+
+/* Add a new event to the audit log. If CTX is NULL, this function
+ does nothing. This version also adds the certificate CERT and the
+ result of an operation to the log. */
+void
+audit_log_cert (audit_ctx_t ctx, audit_event_t event,
+ ksba_cert_t cert, gpg_error_t err)
+{
+ log_item_t item;
+
+ if (!ctx || ctx->failure)
+ return; /* Audit not enabled or an internal error has occurred. */
+ if (!event)
+ {
+ ctx->failure = "Invalid event passed to audit_log_cert";
+ return;
+ }
+ if (!(item = create_log_item (ctx)))
+ return;
+ item->event = event;
+ item->err = err;
+ item->have_err = 1;
+ if (cert)
+ {
+ ksba_cert_ref (cert);
+ item->cert = cert;
+ }
+}
+
+
+/* Write TEXT to the outstream. */
+static void
+writeout (audit_ctx_t ctx, const char *text)
+{
+ if (ctx->use_html)
+ {
+ for (; *text; text++)
+ {
+ if (*text == '<')
+ es_fputs ("&lt;", ctx->outstream);
+ else if (*text == '&')
+ es_fputs ("&amp;", ctx->outstream);
+ else
+ es_putc (*text, ctx->outstream);
+ }
+ }
+ else
+ es_fputs (text, ctx->outstream);
+}
+
+
+/* Write TEXT to the outstream using a variable argument list. */
+static void
+writeout_v (audit_ctx_t ctx, const char *format, va_list arg_ptr)
+{
+ char *buf;
+
+ estream_vasprintf (&buf, format, arg_ptr);
+ if (buf)
+ {
+ writeout (ctx, buf);
+ xfree (buf);
+ }
+ else
+ writeout (ctx, "[!!Out of core!!]");
+}
+
+
+/* Write TEXT as a paragraph. */
+static void
+writeout_para (audit_ctx_t ctx, const char *format, ...)
+{
+ va_list arg_ptr;
+
+ if (ctx->use_html)
+ es_fputs ("<p>", ctx->outstream);
+ va_start (arg_ptr, format) ;
+ writeout_v (ctx, format, arg_ptr);
+ va_end (arg_ptr);
+ if (ctx->use_html)
+ es_fputs ("</p>\n", ctx->outstream);
+ else
+ es_fputc ('\n', ctx->outstream);
+}
+
+
+static void
+enter_li (audit_ctx_t ctx)
+{
+ if (ctx->use_html)
+ {
+ if (!ctx->indentlevel)
+ {
+ es_fputs ("<table border=\"0\">\n"
+ " <colgroup>\n"
+ " <col width=\"80%\" />\n"
+ " <col width=\"20%\" />\n"
+ " </colgroup>\n",
+ ctx->outstream);
+ }
+ }
+ ctx->indentlevel++;
+}
+
+
+static void
+leave_li (audit_ctx_t ctx)
+{
+ ctx->indentlevel--;
+ if (ctx->use_html)
+ {
+ if (!ctx->indentlevel)
+ es_fputs ("</table>\n", ctx->outstream);
+ }
+}
+
+
+/* Write TEXT as a list element. If OKTEXT is not NULL, append it to
+ the last line. */
+static void
+writeout_li (audit_ctx_t ctx, const char *oktext, const char *format, ...)
+{
+ va_list arg_ptr;
+ const char *color = NULL;
+
+ if (ctx->use_html && format && oktext)
+ {
+ if (!strcmp (oktext, "Yes")
+ || !strcmp (oktext, "good") )
+ color = "green";
+ else if (!strcmp (oktext, "No")
+ || !strcmp (oktext, "bad") )
+ color = "red";
+ }
+
+ if (format && oktext)
+ {
+ const char *s = NULL;
+
+ if (!strcmp (oktext, "Yes"))
+ oktext = _("Yes");
+ else if (!strcmp (oktext, "No"))
+ oktext = _("No");
+ else if (!strcmp (oktext, "good"))
+ {
+ /* TRANSLATORS: Copy the prefix between the vertical bars
+ verbatim. It will not be printed. */
+ oktext = _("|audit-log-result|Good");
+ }
+ else if (!strcmp (oktext, "bad"))
+ oktext = _("|audit-log-result|Bad");
+ else if (!strcmp (oktext, "unsupported"))
+ oktext = _("|audit-log-result|Not supported");
+ else if (!strcmp (oktext, "no-cert"))
+ oktext = _("|audit-log-result|No certificate");
+ else if (!strcmp (oktext, "disabled"))
+ oktext = _("|audit-log-result|Not enabled");
+ else if (!strcmp (oktext, "error"))
+ oktext = _("|audit-log-result|Error");
+ else if (!strcmp (oktext, "not-used"))
+ oktext = _("|audit-log-result|Not used");
+ else if (!strcmp (oktext, "okay"))
+ oktext = _("|audit-log-result|Okay");
+ else if (!strcmp (oktext, "skipped"))
+ oktext = _("|audit-log-result|Skipped");
+ else if (!strcmp (oktext, "some"))
+ oktext = _("|audit-log-result|Some");
+ else
+ s = "";
+
+ /* If we have set a prefix, skip it. */
+ if (!s && *oktext == '|' && (s=strchr (oktext+1,'|')))
+ oktext = s+1;
+ }
+
+ if (ctx->use_html)
+ {
+ int i;
+
+ es_fputs (" <tr><td><table><tr><td>", ctx->outstream);
+ if (color)
+ es_fprintf (ctx->outstream, "<font color=\"%s\">*</font>", color);
+ else
+ es_fputs ("*", ctx->outstream);
+ for (i=1; i < ctx->indentlevel; i++)
+ es_fputs ("&nbsp;&nbsp;", ctx->outstream);
+ es_fputs ("</td><td>", ctx->outstream);
+ }
+ else
+ es_fprintf (ctx->outstream, "* %*s", (ctx->indentlevel-1)*2, "");
+ if (format)
+ {
+ va_start (arg_ptr, format) ;
+ writeout_v (ctx, format, arg_ptr);
+ va_end (arg_ptr);
+ }
+ if (ctx->use_html)
+ es_fputs ("</td></tr></table>", ctx->outstream);
+ if (format && oktext)
+ {
+ if (ctx->use_html)
+ {
+ es_fputs ("</td><td>", ctx->outstream);
+ if (color)
+ es_fprintf (ctx->outstream, "<font color=\"%s\">", color);
+ }
+ else
+ writeout (ctx, ": ");
+ writeout (ctx, oktext);
+ if (color)
+ es_fputs ("</font>", ctx->outstream);
+ }
+
+ if (ctx->use_html)
+ es_fputs ("</td></tr>\n", ctx->outstream);
+ else
+ es_fputc ('\n', ctx->outstream);
+}
+
+
+/* Write a remark line. */
+static void
+writeout_rem (audit_ctx_t ctx, const char *format, ...)
+{
+ va_list arg_ptr;
+
+ if (ctx->use_html)
+ {
+ int i;
+
+ es_fputs (" <tr><td><table><tr><td>*", ctx->outstream);
+ for (i=1; i < ctx->indentlevel; i++)
+ es_fputs ("&nbsp;&nbsp;", ctx->outstream);
+ es_fputs ("&nbsp;&nbsp;&nbsp;</td><td> (", ctx->outstream);
+
+ }
+ else
+ es_fprintf (ctx->outstream, "* %*s (", (ctx->indentlevel-1)*2, "");
+ if (format)
+ {
+ va_start (arg_ptr, format) ;
+ writeout_v (ctx, format, arg_ptr);
+ va_end (arg_ptr);
+ }
+ if (ctx->use_html)
+ es_fputs (")</td></tr></table></td></tr>\n", ctx->outstream);
+ else
+ es_fputs (")\n", ctx->outstream);
+}
+
+
+/* Return the first log item for EVENT. If STOPEVENT is not 0 never
+ look behind that event in the log. If STARTITEM is not NULL start
+ search _after_that item. */
+static log_item_t
+find_next_log_item (audit_ctx_t ctx, log_item_t startitem,
+ audit_event_t event, audit_event_t stopevent)
+{
+ int idx;
+
+ for (idx=0; idx < ctx->logused; idx++)
+ {
+ if (startitem)
+ {
+ if (ctx->log + idx == startitem)
+ startitem = NULL;
+ }
+ else if (stopevent && ctx->log[idx].event == stopevent)
+ break;
+ else if (ctx->log[idx].event == event)
+ return ctx->log + idx;
+ }
+ return NULL;
+}
+
+
+static log_item_t
+find_log_item (audit_ctx_t ctx, audit_event_t event, audit_event_t stopevent)
+{
+ return find_next_log_item (ctx, NULL, event, stopevent);
+}
+
+
+/* Helper to a format a serial number. */
+static char *
+format_serial (ksba_const_sexp_t sn)
+{
+ const char *p = (const char *)sn;
+ unsigned long n;
+ char *endp;
+
+ if (!p)
+ return NULL;
+ if (*p != '(')
+ BUG (); /* Not a valid S-expression. */
+ n = strtoul (p+1, &endp, 10);
+ p = endp;
+ if (*p != ':')
+ BUG (); /* Not a valid S-expression. */
+ return bin2hex (p+1, n, NULL);
+}
+
+
+/* Return a malloced string with the serial number and the issuer DN
+ of the certificate. */
+static char *
+get_cert_name (ksba_cert_t cert)
+{
+ char *result;
+ ksba_sexp_t sn;
+ char *issuer, *p;
+
+ if (!cert)
+ return xtrystrdup ("[no certificate]");
+
+ issuer = ksba_cert_get_issuer (cert, 0);
+ sn = ksba_cert_get_serial (cert);
+ if (issuer && sn)
+ {
+ p = format_serial (sn);
+ if (!p)
+ result = xtrystrdup ("[invalid S/N]");
+ else
+ {
+ result = xtrymalloc (strlen (p) + strlen (issuer) + 2 + 1);
+ if (result)
+ {
+ *result = '#';
+ strcpy (stpcpy (stpcpy (result+1, p),"/"), issuer);
+ }
+ xfree (p);
+ }
+ }
+ else
+ result = xtrystrdup ("[missing S/N or issuer]");
+ ksba_free (sn);
+ xfree (issuer);
+ return result;
+}
+
+/* Return a malloced string with the serial number and the issuer DN
+ of the certificate. */
+static char *
+get_cert_subject (ksba_cert_t cert, int idx)
+{
+ char *result;
+ char *subject;
+
+ if (!cert)
+ return xtrystrdup ("[no certificate]");
+
+ subject = ksba_cert_get_subject (cert, idx);
+ if (subject)
+ {
+ result = xtrymalloc (strlen (subject) + 1 + 1);
+ if (result)
+ {
+ *result = '/';
+ strcpy (result+1, subject);
+ }
+ }
+ else
+ result = NULL;
+ xfree (subject);
+ return result;
+}
+
+
+/* List the given certificiate. If CERT is NULL, this is a NOP. */
+static void
+list_cert (audit_ctx_t ctx, ksba_cert_t cert, int with_subj)
+{
+ char *name;
+ int idx;
+
+ name = get_cert_name (cert);
+ writeout_rem (ctx, "%s", name);
+ xfree (name);
+ if (with_subj)
+ {
+ enter_li (ctx);
+ for (idx=0; (name = get_cert_subject (cert, idx)); idx++)
+ {
+ writeout_rem (ctx, "%s", name);
+ xfree (name);
+ }
+ leave_li (ctx);
+ }
+}
+
+
+/* List the chain of certificates from STARTITEM up to STOPEVENT. The
+ certifcates are written out as comments. */
+static void
+list_certchain (audit_ctx_t ctx, log_item_t startitem, audit_event_t stopevent)
+{
+ log_item_t item;
+
+ startitem = find_next_log_item (ctx, startitem, AUDIT_CHAIN_BEGIN,stopevent);
+ writeout_li (ctx, startitem? "Yes":"No", _("Certificate chain available"));
+ if (!startitem)
+ return;
+
+ item = find_next_log_item (ctx, startitem,
+ AUDIT_CHAIN_ROOTCERT, AUDIT_CHAIN_END);
+ if (!item)
+ writeout_rem (ctx, "%s", _("root certificate missing"));
+ else
+ {
+ list_cert (ctx, item->cert, 0);
+ }
+ item = startitem;
+ while ( ((item = find_next_log_item (ctx, item,
+ AUDIT_CHAIN_CERT, AUDIT_CHAIN_END))))
+ {
+ list_cert (ctx, item->cert, 1);
+ }
+}
+
+
+
+/* Process an encrypt operation's log. */
+static void
+proc_type_encrypt (audit_ctx_t ctx)
+{
+ log_item_t loopitem, item;
+ int recp_no, idx;
+ char numbuf[35];
+ int algo;
+ char *name;
+
+ item = find_log_item (ctx, AUDIT_ENCRYPTION_DONE, 0);
+ writeout_li (ctx, item?"Yes":"No", "%s", _("Data encryption succeeded"));
+
+ enter_li (ctx);
+
+ item = find_log_item (ctx, AUDIT_GOT_DATA, 0);
+ writeout_li (ctx, item? "Yes":"No", "%s", _("Data available"));
+
+ item = find_log_item (ctx, AUDIT_SESSION_KEY, 0);
+ writeout_li (ctx, item? "Yes":"No", "%s", _("Session key created"));
+ if (item)
+ {
+ algo = gcry_cipher_map_name (item->string);
+ if (algo)
+ writeout_rem (ctx, _("algorithm: %s"), gcry_cipher_algo_name (algo));
+ else if (item->string && !strcmp (item->string, "1.2.840.113549.3.2"))
+ writeout_rem (ctx, _("unsupported algorithm: %s"), "RC2");
+ else if (item->string)
+ writeout_rem (ctx, _("unsupported algorithm: %s"), item->string);
+ else
+ writeout_rem (ctx, _("seems to be not encrypted"));
+ }
+
+ item = find_log_item (ctx, AUDIT_GOT_RECIPIENTS, 0);
+ snprintf (numbuf, sizeof numbuf, "%d",
+ item && item->have_intvalue? item->intvalue : 0);
+ writeout_li (ctx, numbuf, "%s", _("Number of recipients"));
+
+ /* Loop over all recipients. */
+ loopitem = NULL;
+ recp_no = 0;
+ while ((loopitem=find_next_log_item (ctx, loopitem, AUDIT_ENCRYPTED_TO, 0)))
+ {
+ recp_no++;
+ writeout_li (ctx, NULL, _("Recipient %d"), recp_no);
+ if (loopitem->cert)
+ {
+ name = get_cert_name (loopitem->cert);
+ writeout_rem (ctx, "%s", name);
+ xfree (name);
+ enter_li (ctx);
+ for (idx=0; (name = get_cert_subject (loopitem->cert, idx)); idx++)
+ {
+ writeout_rem (ctx, "%s", name);
+ xfree (name);
+ }
+ leave_li (ctx);
+ }
+ }
+
+ leave_li (ctx);
+}
+
+
+
+/* Process a sign operation's log. */
+static void
+proc_type_sign (audit_ctx_t ctx)
+{
+ log_item_t item, loopitem;
+ int signer, idx;
+ const char *result;
+ ksba_cert_t cert;
+ char *name;
+ int lastalgo;
+
+ item = find_log_item (ctx, AUDIT_SIGNING_DONE, 0);
+ writeout_li (ctx, item?"Yes":"No", "%s", _("Data signing succeeded"));
+
+ enter_li (ctx);
+
+ item = find_log_item (ctx, AUDIT_GOT_DATA, 0);
+ writeout_li (ctx, item? "Yes":"No", "%s", _("Data available"));
+ /* Write remarks with the data hash algorithms. We use a very
+ simple scheme to avoid some duplicates. */
+ loopitem = NULL;
+ lastalgo = 0;
+ while ((loopitem = find_next_log_item
+ (ctx, loopitem, AUDIT_DATA_HASH_ALGO, AUDIT_NEW_SIG)))
+ {
+ if (loopitem->intvalue && loopitem->intvalue != lastalgo)
+ writeout_rem (ctx, _("data hash algorithm: %s"),
+ gcry_md_algo_name (loopitem->intvalue));
+ lastalgo = loopitem->intvalue;
+ }
+
+ /* Loop over all signer. */
+ loopitem = NULL;
+ signer = 0;
+ while ((loopitem=find_next_log_item (ctx, loopitem, AUDIT_NEW_SIG, 0)))
+ {
+ signer++;
+
+ item = find_next_log_item (ctx, loopitem, AUDIT_SIGNED_BY, AUDIT_NEW_SIG);
+ if (!item)
+ result = "error";
+ else if (!item->err)
+ result = "okay";
+ else if (gpg_err_code (item->err) == GPG_ERR_CANCELED)
+ result = "skipped";
+ else
+ result = gpg_strerror (item->err);
+ cert = item? item->cert : NULL;
+
+ writeout_li (ctx, result, _("Signer %d"), signer);
+ item = find_next_log_item (ctx, loopitem,
+ AUDIT_ATTR_HASH_ALGO, AUDIT_NEW_SIG);
+ if (item)
+ writeout_rem (ctx, _("attr hash algorithm: %s"),
+ gcry_md_algo_name (item->intvalue));
+
+ if (cert)
+ {
+ name = get_cert_name (cert);
+ writeout_rem (ctx, "%s", name);
+ xfree (name);
+ enter_li (ctx);
+ for (idx=0; (name = get_cert_subject (cert, idx)); idx++)
+ {
+ writeout_rem (ctx, "%s", name);
+ xfree (name);
+ }
+ leave_li (ctx);
+ }
+ }
+
+ leave_li (ctx);
+}
+
+
+
+/* Process a decrypt operation's log. */
+static void
+proc_type_decrypt (audit_ctx_t ctx)
+{
+ log_item_t loopitem, item;
+ int algo, recpno;
+ char *name;
+ char numbuf[35];
+ int idx;
+
+ item = find_log_item (ctx, AUDIT_DECRYPTION_RESULT, 0);
+ writeout_li (ctx, item && !item->err?"Yes":"No",
+ "%s", _("Data decryption succeeded"));
+
+ enter_li (ctx);
+
+ item = find_log_item (ctx, AUDIT_GOT_DATA, 0);
+ writeout_li (ctx, item? "Yes":"No", "%s", _("Data available"));
+
+ item = find_log_item (ctx, AUDIT_DATA_CIPHER_ALGO, 0);
+ algo = item? item->intvalue : 0;
+ writeout_li (ctx, algo?"Yes":"No", "%s", _("Encryption algorithm supported"));
+ if (algo)
+ writeout_rem (ctx, _("algorithm: %s"), gcry_cipher_algo_name (algo));
+
+ item = find_log_item (ctx, AUDIT_BAD_DATA_CIPHER_ALGO, 0);
+ if (item && item->string)
+ {
+ algo = gcry_cipher_map_name (item->string);
+ if (algo)
+ writeout_rem (ctx, _("algorithm: %s"), gcry_cipher_algo_name (algo));
+ else if (item->string && !strcmp (item->string, "1.2.840.113549.3.2"))
+ writeout_rem (ctx, _("unsupported algorithm: %s"), "RC2");
+ else if (item->string)
+ writeout_rem (ctx, _("unsupported algorithm: %s"), item->string);
+ else
+ writeout_rem (ctx, _("seems to be not encrypted"));
+ }
+
+
+ for (recpno = 0, item = NULL;
+ (item = find_next_log_item (ctx, item, AUDIT_NEW_RECP, 0)); recpno++)
+ ;
+ snprintf (numbuf, sizeof numbuf, "%d", recpno);
+ writeout_li (ctx, numbuf, "%s", _("Number of recipients"));
+
+ /* Loop over all recipients. */
+ loopitem = NULL;
+ while ((loopitem = find_next_log_item (ctx, loopitem, AUDIT_NEW_RECP, 0)))
+ {
+ const char *result;
+
+ recpno = loopitem->have_intvalue? loopitem->intvalue : -1;
+
+ item = find_next_log_item (ctx, loopitem,
+ AUDIT_RECP_RESULT, AUDIT_NEW_RECP);
+ if (!item)
+ result = "not-used";
+ else if (!item->err)
+ result = "okay";
+ else if (gpg_err_code (item->err) == GPG_ERR_CANCELED)
+ result = "skipped";
+ else
+ result = gpg_strerror (item->err);
+
+ item = find_next_log_item (ctx, loopitem,
+ AUDIT_RECP_NAME, AUDIT_NEW_RECP);
+ writeout_li (ctx, result, _("Recipient %d"), recpno);
+ if (item && item->string)
+ writeout_rem (ctx, "%s", item->string);
+
+ /* If we have a certificate write out more infos. */
+ item = find_next_log_item (ctx, loopitem,
+ AUDIT_SAVE_CERT, AUDIT_NEW_RECP);
+ if (item && item->cert)
+ {
+ enter_li (ctx);
+ for (idx=0; (name = get_cert_subject (item->cert, idx)); idx++)
+ {
+ writeout_rem (ctx, "%s", name);
+ xfree (name);
+ }
+ leave_li (ctx);
+ }
+ }
+
+ leave_li (ctx);
+}
+
+
+
+/* Process a verification operation's log. */
+static void
+proc_type_verify (audit_ctx_t ctx)
+{
+ log_item_t loopitem, item;
+ int signo, count, idx, n_good, n_bad;
+ char numbuf[35];
+ const char *result;
+
+ /* If there is at least one signature status we claim that the
+ verification succeeded. This does not mean that the data has
+ verified okay. */
+ item = find_log_item (ctx, AUDIT_SIG_STATUS, 0);
+ writeout_li (ctx, item?"Yes":"No", "%s", _("Data verification succeeded"));
+ enter_li (ctx);
+
+ item = find_log_item (ctx, AUDIT_GOT_DATA, AUDIT_NEW_SIG);
+ writeout_li (ctx, item? "Yes":"No", "%s", _("Data available"));
+ if (!item)
+ goto leave;
+
+ item = find_log_item (ctx, AUDIT_NEW_SIG, 0);
+ writeout_li (ctx, item? "Yes":"No", "%s", _("Signature available"));
+ if (!item)
+ goto leave;
+
+ /* Print info about the used data hashing algorithms. */
+ for (idx=0, n_good=n_bad=0; idx < ctx->logused; idx++)
+ {
+ item = ctx->log + idx;
+ if (item->event == AUDIT_NEW_SIG)
+ break;
+ else if (item->event == AUDIT_DATA_HASH_ALGO)
+ n_good++;
+ else if (item->event == AUDIT_BAD_DATA_HASH_ALGO)
+ n_bad++;
+ }
+ item = find_log_item (ctx, AUDIT_DATA_HASHING, AUDIT_NEW_SIG);
+ if (!item || item->err || !n_good)
+ result = "No";
+ else if (n_good && !n_bad)
+ result = "Yes";
+ else
+ result = "Some";
+ writeout_li (ctx, result, "%s", _("Parsing data succeeded"));
+ if (n_good || n_bad)
+ {
+ for (idx=0; idx < ctx->logused; idx++)
+ {
+ item = ctx->log + idx;
+ if (item->event == AUDIT_NEW_SIG)
+ break;
+ else if (item->event == AUDIT_DATA_HASH_ALGO)
+ writeout_rem (ctx, _("data hash algorithm: %s"),
+ gcry_md_algo_name (item->intvalue));
+ else if (item->event == AUDIT_BAD_DATA_HASH_ALGO)
+ writeout_rem (ctx, _("bad data hash algorithm: %s"),
+ item->string? item->string:"?");
+ }
+ }
+
+
+ /* Loop over all signatures. */
+ loopitem = find_log_item (ctx, AUDIT_NEW_SIG, 0);
+ assert (loopitem);
+ do
+ {
+ signo = loopitem->have_intvalue? loopitem->intvalue : -1;
+
+ item = find_next_log_item (ctx, loopitem,
+ AUDIT_SIG_STATUS, AUDIT_NEW_SIG);
+ writeout_li (ctx, item? item->string:"?", _("Signature %d"), signo);
+ item = find_next_log_item (ctx, loopitem,
+ AUDIT_SIG_NAME, AUDIT_NEW_SIG);
+ if (item)
+ writeout_rem (ctx, "%s", item->string);
+
+ item = find_next_log_item (ctx, loopitem,
+ AUDIT_DATA_HASH_ALGO, AUDIT_NEW_SIG);
+ if (item)
+ writeout_rem (ctx, _("data hash algorithm: %s"),
+ gcry_md_algo_name (item->intvalue));
+ item = find_next_log_item (ctx, loopitem,
+ AUDIT_ATTR_HASH_ALGO, AUDIT_NEW_SIG);
+ if (item)
+ writeout_rem (ctx, _("attr hash algorithm: %s"),
+ gcry_md_algo_name (item->intvalue));
+
+ enter_li (ctx);
+
+ /* List the certificate chain. */
+ list_certchain (ctx, loopitem, AUDIT_NEW_SIG);
+
+ /* Show the result of the chain validation. */
+ item = find_next_log_item (ctx, loopitem,
+ AUDIT_CHAIN_STATUS, AUDIT_NEW_SIG);
+ if (item && item->have_err)
+ {
+ writeout_li (ctx, item->err? "No":"Yes",
+ _("Certificate chain valid"));
+ if (item->err)
+ writeout_rem (ctx, "%s", gpg_strerror (item->err));
+ }
+
+ /* Show whether the root certificate is fine. */
+ item = find_next_log_item (ctx, loopitem,
+ AUDIT_ROOT_TRUSTED, AUDIT_CHAIN_STATUS);
+ if (item)
+ {
+ writeout_li (ctx, item->err?"No":"Yes", "%s",
+ _("Root certificate trustworthy"));
+ if (item->err)
+ {
+ add_helptag (ctx, "gpgsm.root-cert-not-trusted");
+ writeout_rem (ctx, "%s", gpg_strerror (item->err));
+ list_cert (ctx, item->cert, 0);
+ }
+ }
+
+ /* Show result of the CRL/OCSP check. */
+ item = find_next_log_item (ctx, loopitem,
+ AUDIT_CRL_CHECK, AUDIT_NEW_SIG);
+ if (item)
+ {
+ const char *ok;
+ switch (gpg_err_code (item->err))
+ {
+ case 0: ok = "good"; break;
+ case GPG_ERR_CERT_REVOKED: ok = "bad"; break;
+ case GPG_ERR_NOT_ENABLED: ok = "disabled"; break;
+ case GPG_ERR_NO_CRL_KNOWN:
+ ok = _("no CRL found for certificate");
+ break;
+ case GPG_ERR_CRL_TOO_OLD:
+ ok = _("the available CRL is too old");
+ break;
+ default: ok = gpg_strerror (item->err); break;
+ }
+
+ writeout_li (ctx, ok, "%s", _("CRL/OCSP check of certificates"));
+ if (item->err
+ && gpg_err_code (item->err) != GPG_ERR_CERT_REVOKED
+ && gpg_err_code (item->err) != GPG_ERR_NOT_ENABLED)
+ add_helptag (ctx, "gpgsm.crl-problem");
+ }
+
+ leave_li (ctx);
+ }
+ while ((loopitem = find_next_log_item (ctx, loopitem, AUDIT_NEW_SIG, 0)));
+
+
+ leave:
+ /* Always list the certificates stored in the signature. */
+ item = NULL;
+ count = 0;
+ while ( ((item = find_next_log_item (ctx, item,
+ AUDIT_SAVE_CERT, AUDIT_NEW_SIG))))
+ count++;
+ snprintf (numbuf, sizeof numbuf, "%d", count);
+ writeout_li (ctx, numbuf, _("Included certificates"));
+ item = NULL;
+ while ( ((item = find_next_log_item (ctx, item,
+ AUDIT_SAVE_CERT, AUDIT_NEW_SIG))))
+ {
+ char *name = get_cert_name (item->cert);
+ writeout_rem (ctx, "%s", name);
+ xfree (name);
+ enter_li (ctx);
+ for (idx=0; (name = get_cert_subject (item->cert, idx)); idx++)
+ {
+ writeout_rem (ctx, "%s", name);
+ xfree (name);
+ }
+ leave_li (ctx);
+ }
+ leave_li (ctx);
+}
+
+
+
+
+/* Print the formatted audit result. THIS IS WORK IN PROGRESS. */
+void
+audit_print_result (audit_ctx_t ctx, estream_t out, int use_html)
+{
+ int idx;
+ size_t n;
+ log_item_t item;
+ helptag_t helptag;
+ const char *s;
+ int show_raw = 0;
+ char *orig_codeset;
+
+ if (!ctx)
+ return;
+
+ orig_codeset = i18n_switchto_utf8 ();
+
+ /* We use an environment variable to include some debug info in the
+ log. */
+ if ((s = getenv ("gnupg_debug_audit")))
+ show_raw = 1;
+
+ assert (!ctx->outstream);
+ ctx->outstream = out;
+ ctx->use_html = use_html;
+ ctx->indentlevel = 0;
+ clear_helptags (ctx);
+
+ if (use_html)
+ es_fputs ("<div class=\"GnuPGAuditLog\">\n", ctx->outstream);
+
+ if (!ctx->log || !ctx->logused)
+ {
+ writeout_para (ctx, _("No audit log entries."));
+ goto leave;
+ }
+
+ if (show_raw)
+ {
+ int maxlen;
+
+ for (idx=0,maxlen=0; idx < DIM (eventstr_msgidx); idx++)
+ {
+ n = strlen (eventstr_msgstr + eventstr_msgidx[idx]);
+ if (n > maxlen)
+ maxlen = n;
+ }
+
+ if (use_html)
+ es_fputs ("<pre>\n", out);
+ for (idx=0; idx < ctx->logused; idx++)
+ {
+ es_fprintf (out, "log: %-*s",
+ maxlen, event2str (ctx->log[idx].event));
+ if (ctx->log[idx].have_intvalue)
+ es_fprintf (out, " i=%d", ctx->log[idx].intvalue);
+ if (ctx->log[idx].string)
+ {
+ es_fputs (" s=`", out);
+ writeout (ctx, ctx->log[idx].string);
+ es_fputs ("'", out);
+ }
+ if (ctx->log[idx].cert)
+ es_fprintf (out, " has_cert");
+ if (ctx->log[idx].have_err)
+ {
+ es_fputs (" err=`", out);
+ writeout (ctx, gpg_strerror (ctx->log[idx].err));
+ es_fputs ("'", out);
+ }
+ es_fputs ("\n", out);
+ }
+ if (use_html)
+ es_fputs ("</pre>\n", out);
+ else
+ es_fputs ("\n", out);
+ }
+
+ enter_li (ctx);
+ switch (ctx->type)
+ {
+ case AUDIT_TYPE_NONE:
+ writeout_li (ctx, NULL, _("Unknown operation"));
+ break;
+ case AUDIT_TYPE_ENCRYPT:
+ proc_type_encrypt (ctx);
+ break;
+ case AUDIT_TYPE_SIGN:
+ proc_type_sign (ctx);
+ break;
+ case AUDIT_TYPE_DECRYPT:
+ proc_type_decrypt (ctx);
+ break;
+ case AUDIT_TYPE_VERIFY:
+ proc_type_verify (ctx);
+ break;
+ }
+ item = find_log_item (ctx, AUDIT_AGENT_READY, 0);
+ if (item && item->have_err)
+ {
+ writeout_li (ctx, item->err? "No":"Yes", "%s", _("Gpg-Agent usable"));
+ if (item->err)
+ {
+ writeout_rem (ctx, "%s", gpg_strerror (item->err));
+ add_helptag (ctx, "gnupg.agent-problem");
+ }
+ }
+ item = find_log_item (ctx, AUDIT_DIRMNGR_READY, 0);
+ if (item && item->have_err)
+ {
+ writeout_li (ctx, item->err? "No":"Yes", "%s", _("Dirmngr usable"));
+ if (item->err)
+ {
+ writeout_rem (ctx, "%s", gpg_strerror (item->err));
+ add_helptag (ctx, "gnupg.dirmngr-problem");
+ }
+ }
+ leave_li (ctx);
+
+
+ /* Show the help from the collected help tags. */
+ if (ctx->helptags)
+ {
+ if (use_html)
+ {
+ es_fputs ("<hr/>\n", ctx->outstream);
+ if (ctx->helptags->next)
+ es_fputs ("<ul>\n", ctx->outstream);
+ }
+ else
+ es_fputs ("\n\n", ctx->outstream);
+ }
+ for (helptag = ctx->helptags; helptag; helptag = helptag->next)
+ {
+ char *text;
+
+ if (use_html && ctx->helptags->next)
+ es_fputs ("<li>\n", ctx->outstream);
+
+ text = gnupg_get_help_string (helptag->name, 0);
+ if (text)
+ {
+ writeout_para (ctx, "%s", text);
+ xfree (text);
+ }
+ else
+ writeout_para (ctx, _("No help available for `%s'."), helptag->name);
+ if (use_html && ctx->helptags->next)
+ es_fputs ("</li>\n", ctx->outstream);
+ if (helptag->next)
+ es_fputs ("\n", ctx->outstream);
+ }
+ if (use_html && ctx->helptags && ctx->helptags->next)
+ es_fputs ("</ul>\n", ctx->outstream);
+
+ leave:
+ if (use_html)
+ es_fputs ("</div>\n", ctx->outstream);
+ ctx->outstream = NULL;
+ ctx->use_html = 0;
+ clear_helptags (ctx);
+ i18n_switchback (orig_codeset);
+}
+
diff --git a/common/audit.h b/common/audit.h
new file mode 100644
index 0000000..bc67a2e
--- /dev/null
+++ b/common/audit.h
@@ -0,0 +1,224 @@
+/* audit.h - Definitions for the audit subsystem
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_AUDIT_H
+#define GNUPG_COMMON_AUDIT_H
+
+#include <ksba.h>
+
+#include "estream.h"
+
+struct audit_ctx_s;
+typedef struct audit_ctx_s *audit_ctx_t;
+
+/* Constants for the audit type. */
+typedef enum
+ {
+ AUDIT_TYPE_NONE = 0, /* No type set. */
+ AUDIT_TYPE_ENCRYPT, /* Data encryption. */
+ AUDIT_TYPE_SIGN, /* Signature creation. */
+ AUDIT_TYPE_DECRYPT, /* Data decryption. */
+ AUDIT_TYPE_VERIFY /* Signature verification. */
+ }
+audit_type_t;
+
+/* The events we support. */
+typedef enum
+ {
+ AUDIT_NULL_EVENT = 0,
+ /* No such event. Its value shall be 0 and no other values shall
+ be assigned to the other enum symbols. This is required so
+ that the exaudit.awk script comes up with correct values
+ without running cc. */
+
+ AUDIT_SETUP_READY,
+ /* All preparations done so that the actual processing can start
+ now. This indicates that all parameters are okay and we can
+ start to process the actual data. */
+
+ AUDIT_AGENT_READY, /* err */
+ /* Indicates whether the gpg-agent is available. For some
+ operations the agent is not required and thus no such event
+ will be logged. */
+
+ AUDIT_DIRMNGR_READY, /* err */
+ /* Indicates whether the Dirmngr is available. For some
+ operations the Dirmngr is not required and thus no such event
+ will be logged. */
+
+ AUDIT_GPG_READY, /* err */
+ /* Indicates whether the Gpg engine is available. */
+
+ AUDIT_GPGSM_READY, /* err */
+ /* Indicates whether the Gpgsm engine is available. */
+
+ AUDIT_GOT_DATA,
+ /* Data to be processed has been seen. */
+
+ AUDIT_DETACHED_SIGNATURE,
+ /* The signature is a detached one. */
+
+ AUDIT_CERT_ONLY_SIG,
+ /* A certifciate only signature has been detected. */
+
+ AUDIT_DATA_HASH_ALGO, /* int */
+ /* The hash algo given as argument is used for the data. This
+ event will be repeated for all hash algorithms used with the
+ data. */
+
+ AUDIT_ATTR_HASH_ALGO, /* int */
+ /* The hash algo given as argument is used to hash the message
+ digest and other signed attributes of this signature. */
+
+ AUDIT_DATA_CIPHER_ALGO, /* int */
+ /* The cipher algo given as argument is used for this data. */
+
+ AUDIT_BAD_DATA_HASH_ALGO, /* string */
+ /* The hash algo as specified by the signature can't be used.
+ STRING is the description of this algorithm which usually is an
+ OID string. STRING may be NULL. */
+
+ AUDIT_BAD_DATA_CIPHER_ALGO, /* string */
+ /* The symmetric cipher algorithm is not supported. STRING is the
+ description of this algorithm which usually is an OID string.
+ STRING may be NULL. */
+
+ AUDIT_DATA_HASHING, /* ok_err */
+ /* Logs the result of the data hashing. */
+
+ AUDIT_READ_ERROR, /* ok_err */
+ /* A generic read error occurred. */
+
+ AUDIT_WRITE_ERROR, /* ok_err */
+ /* A generic write error occurred. */
+
+ AUDIT_USAGE_ERROR,
+ /* The program was used in an inappropriate way; For example by
+ passing a data object while the signature does not expect one
+ or vice versa. */
+
+ AUDIT_SAVE_CERT, /* cert, ok_err */
+ /* Save the certificate received in a message. */
+
+ AUDIT_NEW_SIG, /* int */
+ /* Start the verification of a new signature for the last data
+ object. The argument is the signature number as used
+ internally by the program. */
+
+ AUDIT_SIG_NAME, /* string */
+ /* The name of a signer. This is the name or other identification
+ data as known from the signature and not the name from the
+ certificate used for verification. An example for STRING when
+ using CMS is: "#1234/CN=Prostetnic Vogon Jeltz". */
+
+ AUDIT_SIG_STATUS, /* string */
+ /* The signature status of the current signer. This is the last
+ audit information for one signature. STRING gives the status:
+
+ "error" - there was a problem checking this or any signature.
+ "unsupported" - the signature type is not supported.
+ "no-cert" - The certificate of the signer was not found (the
+ S/N+issuer of the signer is already in the log).
+ "bad" - bad signature
+ "good" - good signature
+ */
+
+ AUDIT_NEW_RECP, /* int */
+ /* A new recipient has been seen during decryption. The argument
+ is the recipient number as used internally by the program. */
+
+ AUDIT_RECP_NAME, /* string */
+ /* The name of a recipient. This is the name or other identification
+ data as known from the decryption and not the name from the
+ certificate used for decryption. An example for STRING when
+ using CMS is: "#1234/CN=Prostetnic Vogon Jeltz". */
+
+ AUDIT_RECP_RESULT, /* ok_err */
+ /* The status of the session key decryption. This is only written
+ for recipients tried. */
+
+ AUDIT_DECRYPTION_RESULT, /* ok_err */
+ /* The status of the entire decryption. The decryption was
+ successful if the error code is 0. */
+
+ AUDIT_VALIDATE_CHAIN,
+ /* Start the validation of a certificate chain. */
+
+ AUDIT_CHAIN_BEGIN,
+ AUDIT_CHAIN_CERT, /* cert */
+ AUDIT_CHAIN_ROOTCERT,/* cert */
+ AUDIT_CHAIN_END,
+ /* These 4 events are used to log the certificates making up a
+ certificate chain. ROOTCERT is used for the trustanchor and
+ CERT for all other certificates. */
+
+ AUDIT_CHAIN_STATUS, /* err */
+ /* Tells the final status of the chain validation. */
+
+ AUDIT_ROOT_TRUSTED, /* cert, err */
+ /* Tells whether the root certificate is trusted. This event is
+ emmited durcing chain validation. */
+
+ AUDIT_CRL_CHECK, /* err */
+ /* Tells the status of a CRL or OCSP check. */
+
+ AUDIT_GOT_RECIPIENTS, /* int */
+ /* Records the number of recipients to be used for encryption.
+ This includes the recipients set by --encrypt-to but records 0
+ if no real recipient has been given. */
+
+ AUDIT_SESSION_KEY, /* string */
+ /* Mark the creation or availibility of the session key. The
+ parameter is the algorithm ID. */
+
+ AUDIT_ENCRYPTED_TO, /* cert, err */
+ /* Records the certificate used for encryption and whether the
+ session key could be encrypted to it (err==0). */
+
+ AUDIT_ENCRYPTION_DONE,
+ /* Encryption succeeded. */
+
+ AUDIT_SIGNED_BY, /* cert, err */
+ /* Records the certificate used for signed and whether the signure
+ could be created (if err==0). */
+
+ AUDIT_SIGNING_DONE,
+ /* Signing succeeded. */
+
+
+ AUDIT_LAST_EVENT /* Marker for parsing this list. */
+ }
+audit_event_t;
+
+
+audit_ctx_t audit_new (void);
+void audit_release (audit_ctx_t ctx);
+void audit_set_type (audit_ctx_t ctx, audit_type_t type);
+void audit_log (audit_ctx_t ctx, audit_event_t event);
+void audit_log_ok (audit_ctx_t ctx, audit_event_t event, gpg_error_t err);
+void audit_log_i (audit_ctx_t ctx, audit_event_t event, int value);
+void audit_log_s (audit_ctx_t ctx, audit_event_t event, const char *value);
+void audit_log_cert (audit_ctx_t ctx, audit_event_t event,
+ ksba_cert_t cert, gpg_error_t err);
+
+void audit_print_result (audit_ctx_t ctx, estream_t stream, int use_html);
+
+
+
+#endif /*GNUPG_COMMON_AUDIT_H*/
diff --git a/common/b64dec.c b/common/b64dec.c
new file mode 100644
index 0000000..af223ae
--- /dev/null
+++ b/common/b64dec.c
@@ -0,0 +1,217 @@
+/* b64dec.c - Simple Base64 decoder.
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "i18n.h"
+#include "util.h"
+
+
+/* The reverse base-64 list used for base-64 decoding. */
+static unsigned char const asctobin[128] =
+ {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
+ 0x3c, 0x3d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+ 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
+ 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+ 0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
+ 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+ 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
+ 0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff
+ };
+
+enum decoder_states
+ {
+ s_init, s_idle, s_lfseen, s_begin,
+ s_b64_0, s_b64_1, s_b64_2, s_b64_3,
+ s_waitendtitle, s_waitend
+ };
+
+
+
+/* Initialize the context for the base64 decoder. If TITLE is NULL a
+ plain base64 decoding is done. If it is the empty string the
+ decoder will skip everything until a "-----BEGIN " line has been
+ seen, decoding ends at a "----END " line.
+
+ Not yet implemented: If TITLE is either "PGP" or begins with "PGP "
+ the PGP armor lines are skipped as well. */
+gpg_error_t
+b64dec_start (struct b64state *state, const char *title)
+{
+ memset (state, 0, sizeof *state);
+ if (title)
+ {
+ if (!strncmp (title, "PGP", 3) && (!title[3] || title[3] == ' '))
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+
+ state->title = xtrystrdup (title);
+ if (!state->title)
+ return gpg_error_from_syserror ();
+ state->idx = s_init;
+ }
+ else
+ state->idx = s_b64_0;
+ return 0;
+}
+
+
+/* Do in-place decoding of base-64 data of LENGTH in BUFFER. Stores the
+ new length of the buffer at R_NBYTES. */
+gpg_error_t
+b64dec_proc (struct b64state *state, void *buffer, size_t length,
+ size_t *r_nbytes)
+{
+ enum decoder_states ds = state->idx;
+ unsigned char val = state->radbuf[0];
+ int pos = state->quad_count;
+ char *d, *s;
+
+ if (state->stop_seen)
+ {
+ *r_nbytes = 0;
+ return gpg_error (GPG_ERR_EOF);
+ }
+
+ for (s=d=buffer; length && !state->stop_seen; length--, s++)
+ {
+ switch (ds)
+ {
+ case s_idle:
+ if (*s == '\n')
+ {
+ ds = s_lfseen;
+ pos = 0;
+ }
+ break;
+ case s_init:
+ ds = s_lfseen;
+ case s_lfseen:
+ if (*s != "-----BEGIN "[pos])
+ ds = s_idle;
+ else if (pos == 10)
+ ds = s_begin;
+ else
+ pos++;
+ break;
+ case s_begin:
+ if (*s == '\n')
+ ds = s_b64_0;
+ break;
+ case s_b64_0:
+ case s_b64_1:
+ case s_b64_2:
+ case s_b64_3:
+ {
+ int c;
+
+ if (*s == '-' && state->title)
+ {
+ /* Not a valid Base64 character: assume end
+ header. */
+ ds = s_waitend;
+ }
+ else if (*s == '=')
+ {
+ /* Pad character: stop */
+ if (ds == s_b64_1)
+ *d++ = val;
+ ds = state->title? s_waitendtitle : s_waitend;
+ }
+ else if (*s == '\n' || *s == ' ' || *s == '\r' || *s == '\t')
+ ; /* Skip white spaces. */
+ else if ( (*s & 0x80)
+ || (c = asctobin[*(unsigned char *)s]) == 255)
+ {
+ /* Skip invalid encodings. */
+ state->invalid_encoding = 1;
+ }
+ else if (ds == s_b64_0)
+ {
+ val = c << 2;
+ ds = s_b64_1;
+ }
+ else if (ds == s_b64_1)
+ {
+ val |= (c>>4)&3;
+ *d++ = val;
+ val = (c<<4)&0xf0;
+ ds = s_b64_2;
+ }
+ else if (ds == s_b64_2)
+ {
+ val |= (c>>2)&15;
+ *d++ = val;
+ val = (c<<6)&0xc0;
+ ds = s_b64_3;
+ }
+ else
+ {
+ val |= c&0x3f;
+ *d++ = val;
+ ds = s_b64_0;
+ }
+ }
+ break;
+ case s_waitendtitle:
+ if (*s == '-')
+ ds = s_waitend;
+ break;
+ case s_waitend:
+ if ( *s == '\n')
+ state->stop_seen = 1;
+ break;
+ default:
+ BUG();
+ }
+ }
+
+
+ state->idx = ds;
+ state->radbuf[0] = val;
+ state->quad_count = pos;
+ *r_nbytes = (d -(char*) buffer);
+ return 0;
+}
+
+
+/* This function needs to be called before releasing the decoder
+ state. It may return an error code in case an encoding error has
+ been found during decoding. */
+gpg_error_t
+b64dec_finish (struct b64state *state)
+{
+ xfree (state->title);
+ state->title = NULL;
+ return state->invalid_encoding? gpg_error(GPG_ERR_BAD_DATA): 0;
+}
+
diff --git a/common/b64enc.c b/common/b64enc.c
new file mode 100644
index 0000000..4722bd1
--- /dev/null
+++ b/common/b64enc.c
@@ -0,0 +1,351 @@
+/* b64enc.c - Simple Base64 encoder.
+ * Copyright (C) 2001, 2003, 2004, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "i18n.h"
+#include "util.h"
+
+#define B64ENC_DID_HEADER 1
+#define B64ENC_DID_TRAILER 2
+#define B64ENC_NO_LINEFEEDS 16
+#define B64ENC_USE_PGPCRC 32
+
+/* The base-64 character list */
+static unsigned char bintoasc[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789+/";
+
+/* Stuff required to create the OpenPGP CRC. This crc_table has been
+ created using this code:
+
+ #include <stdio.h>
+ #include <stdint.h>
+
+ #define CRCPOLY 0x864CFB
+
+ int
+ main (void)
+ {
+ int i, j;
+ uint32_t t;
+ uint32_t crc_table[256];
+
+ crc_table[0] = 0;
+ for (i=j=0; j < 128; j++ )
+ {
+ t = crc_table[j];
+ if ( (t & 0x00800000) )
+ {
+ t <<= 1;
+ crc_table[i++] = t ^ CRCPOLY;
+ crc_table[i++] = t;
+ }
+ else
+ {
+ t <<= 1;
+ crc_table[i++] = t;
+ crc_table[i++] = t ^ CRCPOLY;
+ }
+ }
+
+ puts ("static const u32 crc_table[256] = {");
+ for (i=j=0; i < 256; i++)
+ {
+ printf ("%s 0x%08lx", j? "":" ", (unsigned long)crc_table[i]);
+ if (i != 255)
+ {
+ putchar (',');
+ if ( ++j > 5)
+ {
+ j = 0;
+ putchar ('\n');
+ }
+ }
+ }
+ puts ("\n};");
+ return 0;
+ }
+*/
+#define CRCINIT 0xB704CE
+static const u32 crc_table[256] = {
+ 0x00000000, 0x00864cfb, 0x018ad50d, 0x010c99f6, 0x0393e6e1, 0x0315aa1a,
+ 0x021933ec, 0x029f7f17, 0x07a18139, 0x0727cdc2, 0x062b5434, 0x06ad18cf,
+ 0x043267d8, 0x04b42b23, 0x05b8b2d5, 0x053efe2e, 0x0fc54e89, 0x0f430272,
+ 0x0e4f9b84, 0x0ec9d77f, 0x0c56a868, 0x0cd0e493, 0x0ddc7d65, 0x0d5a319e,
+ 0x0864cfb0, 0x08e2834b, 0x09ee1abd, 0x09685646, 0x0bf72951, 0x0b7165aa,
+ 0x0a7dfc5c, 0x0afbb0a7, 0x1f0cd1e9, 0x1f8a9d12, 0x1e8604e4, 0x1e00481f,
+ 0x1c9f3708, 0x1c197bf3, 0x1d15e205, 0x1d93aefe, 0x18ad50d0, 0x182b1c2b,
+ 0x192785dd, 0x19a1c926, 0x1b3eb631, 0x1bb8faca, 0x1ab4633c, 0x1a322fc7,
+ 0x10c99f60, 0x104fd39b, 0x11434a6d, 0x11c50696, 0x135a7981, 0x13dc357a,
+ 0x12d0ac8c, 0x1256e077, 0x17681e59, 0x17ee52a2, 0x16e2cb54, 0x166487af,
+ 0x14fbf8b8, 0x147db443, 0x15712db5, 0x15f7614e, 0x3e19a3d2, 0x3e9fef29,
+ 0x3f9376df, 0x3f153a24, 0x3d8a4533, 0x3d0c09c8, 0x3c00903e, 0x3c86dcc5,
+ 0x39b822eb, 0x393e6e10, 0x3832f7e6, 0x38b4bb1d, 0x3a2bc40a, 0x3aad88f1,
+ 0x3ba11107, 0x3b275dfc, 0x31dced5b, 0x315aa1a0, 0x30563856, 0x30d074ad,
+ 0x324f0bba, 0x32c94741, 0x33c5deb7, 0x3343924c, 0x367d6c62, 0x36fb2099,
+ 0x37f7b96f, 0x3771f594, 0x35ee8a83, 0x3568c678, 0x34645f8e, 0x34e21375,
+ 0x2115723b, 0x21933ec0, 0x209fa736, 0x2019ebcd, 0x228694da, 0x2200d821,
+ 0x230c41d7, 0x238a0d2c, 0x26b4f302, 0x2632bff9, 0x273e260f, 0x27b86af4,
+ 0x252715e3, 0x25a15918, 0x24adc0ee, 0x242b8c15, 0x2ed03cb2, 0x2e567049,
+ 0x2f5ae9bf, 0x2fdca544, 0x2d43da53, 0x2dc596a8, 0x2cc90f5e, 0x2c4f43a5,
+ 0x2971bd8b, 0x29f7f170, 0x28fb6886, 0x287d247d, 0x2ae25b6a, 0x2a641791,
+ 0x2b688e67, 0x2beec29c, 0x7c3347a4, 0x7cb50b5f, 0x7db992a9, 0x7d3fde52,
+ 0x7fa0a145, 0x7f26edbe, 0x7e2a7448, 0x7eac38b3, 0x7b92c69d, 0x7b148a66,
+ 0x7a181390, 0x7a9e5f6b, 0x7801207c, 0x78876c87, 0x798bf571, 0x790db98a,
+ 0x73f6092d, 0x737045d6, 0x727cdc20, 0x72fa90db, 0x7065efcc, 0x70e3a337,
+ 0x71ef3ac1, 0x7169763a, 0x74578814, 0x74d1c4ef, 0x75dd5d19, 0x755b11e2,
+ 0x77c46ef5, 0x7742220e, 0x764ebbf8, 0x76c8f703, 0x633f964d, 0x63b9dab6,
+ 0x62b54340, 0x62330fbb, 0x60ac70ac, 0x602a3c57, 0x6126a5a1, 0x61a0e95a,
+ 0x649e1774, 0x64185b8f, 0x6514c279, 0x65928e82, 0x670df195, 0x678bbd6e,
+ 0x66872498, 0x66016863, 0x6cfad8c4, 0x6c7c943f, 0x6d700dc9, 0x6df64132,
+ 0x6f693e25, 0x6fef72de, 0x6ee3eb28, 0x6e65a7d3, 0x6b5b59fd, 0x6bdd1506,
+ 0x6ad18cf0, 0x6a57c00b, 0x68c8bf1c, 0x684ef3e7, 0x69426a11, 0x69c426ea,
+ 0x422ae476, 0x42aca88d, 0x43a0317b, 0x43267d80, 0x41b90297, 0x413f4e6c,
+ 0x4033d79a, 0x40b59b61, 0x458b654f, 0x450d29b4, 0x4401b042, 0x4487fcb9,
+ 0x461883ae, 0x469ecf55, 0x479256a3, 0x47141a58, 0x4defaaff, 0x4d69e604,
+ 0x4c657ff2, 0x4ce33309, 0x4e7c4c1e, 0x4efa00e5, 0x4ff69913, 0x4f70d5e8,
+ 0x4a4e2bc6, 0x4ac8673d, 0x4bc4fecb, 0x4b42b230, 0x49ddcd27, 0x495b81dc,
+ 0x4857182a, 0x48d154d1, 0x5d26359f, 0x5da07964, 0x5cace092, 0x5c2aac69,
+ 0x5eb5d37e, 0x5e339f85, 0x5f3f0673, 0x5fb94a88, 0x5a87b4a6, 0x5a01f85d,
+ 0x5b0d61ab, 0x5b8b2d50, 0x59145247, 0x59921ebc, 0x589e874a, 0x5818cbb1,
+ 0x52e37b16, 0x526537ed, 0x5369ae1b, 0x53efe2e0, 0x51709df7, 0x51f6d10c,
+ 0x50fa48fa, 0x507c0401, 0x5542fa2f, 0x55c4b6d4, 0x54c82f22, 0x544e63d9,
+ 0x56d11cce, 0x56575035, 0x575bc9c3, 0x57dd8538
+};
+
+
+/* Prepare for base-64 writing to the stream FP. If TITLE is not NULL
+ and not an empty string, this string will be used as the title for
+ the armor lines, with TITLE being an empty string, we don't write
+ the header lines and furthermore even don't write any linefeeds.
+ If TITLE starts with "PGP " the OpenPGP CRC checksum will be
+ written as well. With TITLE beeing NULL, we merely don't write
+ header but make sure that lines are not too long. Note, that we
+ don't write any output unless at least one byte get written using
+ b64enc_write. */
+gpg_error_t
+b64enc_start (struct b64state *state, FILE *fp, const char *title)
+{
+ memset (state, 0, sizeof *state);
+ state->fp = fp;
+ if (title && !*title)
+ state->flags |= B64ENC_NO_LINEFEEDS;
+ else if (title)
+ {
+ if (!strncmp (title, "PGP ", 4))
+ {
+ state->flags |= B64ENC_USE_PGPCRC;
+ state->crc = CRCINIT;
+ }
+ state->title = xtrystrdup (title);
+ if (!state->title)
+ return gpg_error_from_syserror ();
+ }
+ return 0;
+}
+
+
+/* Write NBYTES from BUFFER to the Base 64 stream identified by
+ STATE. With BUFFER and NBYTES being 0, merely do a fflush on the
+ stream. */
+gpg_error_t
+b64enc_write (struct b64state *state, const void *buffer, size_t nbytes)
+{
+ unsigned char radbuf[4];
+ int idx, quad_count;
+ const unsigned char *p;
+ FILE *fp = state->fp;
+
+
+ if (!nbytes)
+ {
+ if (buffer && fflush (fp))
+ goto write_error;
+ return 0;
+ }
+
+ if (!(state->flags & B64ENC_DID_HEADER))
+ {
+ if (state->title)
+ {
+ if ( fputs ("-----BEGIN ", fp) == EOF
+ || fputs (state->title, fp) == EOF
+ || fputs ("-----\n", fp) == EOF)
+ goto write_error;
+ if ( (state->flags & B64ENC_USE_PGPCRC)
+ && fputs ("\n", fp) == EOF)
+ goto write_error;
+ }
+
+ state->flags |= B64ENC_DID_HEADER;
+ }
+
+ idx = state->idx;
+ quad_count = state->quad_count;
+ assert (idx < 4);
+ memcpy (radbuf, state->radbuf, idx);
+
+ if ( (state->flags & B64ENC_USE_PGPCRC) )
+ {
+ size_t n;
+ u32 crc = state->crc;
+
+ for (p=buffer, n=nbytes; n; p++, n-- )
+ crc = (crc << 8) ^ crc_table[((crc >> 16)&0xff) ^ *p];
+ state->crc = (crc & 0x00ffffff);
+ }
+
+ for (p=buffer; nbytes; p++, nbytes--)
+ {
+ radbuf[idx++] = *p;
+ if (idx > 2)
+ {
+ char tmp[4];
+
+ tmp[0] = bintoasc[(*radbuf >> 2) & 077];
+ tmp[1] = bintoasc[(((*radbuf<<4)&060)|((radbuf[1] >> 4)&017))&077];
+ tmp[2] = bintoasc[(((radbuf[1]<<2)&074)|((radbuf[2]>>6)&03))&077];
+ tmp[3] = bintoasc[radbuf[2]&077];
+ for (idx=0; idx < 4; idx++)
+ putc (tmp[idx], fp);
+ idx = 0;
+ if (ferror (fp))
+ goto write_error;
+ if (++quad_count >= (64/4))
+ {
+ quad_count = 0;
+ if (!(state->flags & B64ENC_NO_LINEFEEDS)
+ && fputs ("\n", fp) == EOF)
+ goto write_error;
+ }
+ }
+ }
+ memcpy (state->radbuf, radbuf, idx);
+ state->idx = idx;
+ state->quad_count = quad_count;
+ return 0;
+
+ write_error:
+ return gpg_error_from_syserror ();
+}
+
+gpg_error_t
+b64enc_finish (struct b64state *state)
+{
+ gpg_error_t err = 0;
+ unsigned char radbuf[4];
+ int idx, quad_count;
+ FILE *fp;
+ char tmp[4];
+
+ if (!(state->flags & B64ENC_DID_HEADER))
+ goto cleanup;
+
+ /* Flush the base64 encoding */
+ fp = state->fp;
+ idx = state->idx;
+ quad_count = state->quad_count;
+ assert (idx < 4);
+ memcpy (radbuf, state->radbuf, idx);
+
+ if (idx)
+ {
+ tmp[0] = bintoasc[(*radbuf>>2)&077];
+ if (idx == 1)
+ {
+ tmp[1] = bintoasc[((*radbuf << 4) & 060) & 077];
+ tmp[2] = '=';
+ tmp[3] = '=';
+ }
+ else
+ {
+ tmp[1] = bintoasc[(((*radbuf<<4)&060)|((radbuf[1]>>4)&017))&077];
+ tmp[2] = bintoasc[((radbuf[1] << 2) & 074) & 077];
+ tmp[3] = '=';
+ }
+ for (idx=0; idx < 4; idx++)
+ putc (tmp[idx], fp);
+ idx = 0;
+ if (ferror (fp))
+ goto write_error;
+
+ if (++quad_count >= (64/4))
+ {
+ quad_count = 0;
+ if (!(state->flags & B64ENC_NO_LINEFEEDS)
+ && fputs ("\n", fp) == EOF)
+ goto write_error;
+ }
+ }
+
+ /* Finish the last line and write the trailer. */
+ if (quad_count
+ && !(state->flags & B64ENC_NO_LINEFEEDS)
+ && fputs ("\n", fp) == EOF)
+ goto write_error;
+
+ if ( (state->flags & B64ENC_USE_PGPCRC) )
+ {
+ /* Write the CRC. */
+ putc ('=', fp);
+ radbuf[0] = state->crc >>16;
+ radbuf[1] = state->crc >> 8;
+ radbuf[2] = state->crc;
+ tmp[0] = bintoasc[(*radbuf>>2)&077];
+ tmp[1] = bintoasc[(((*radbuf<<4)&060)|((radbuf[1]>>4)&017))&077];
+ tmp[2] = bintoasc[(((radbuf[1]<<2)&074)|((radbuf[2]>>6)&03))&077];
+ tmp[3] = bintoasc[radbuf[2]&077];
+ for (idx=0; idx < 4; idx++)
+ putc (tmp[idx], fp);
+ if (ferror (fp))
+ goto write_error;
+ if (!(state->flags & B64ENC_NO_LINEFEEDS)
+ && fputs ("\n", fp) == EOF)
+ goto write_error;
+ }
+
+ if (state->title)
+ {
+ if ( fputs ("-----END ", fp) == EOF
+ || fputs (state->title, fp) == EOF
+ || fputs ("-----\n", fp) == EOF)
+ goto write_error;
+ }
+
+ goto cleanup;
+
+ write_error:
+ err = gpg_error_from_syserror ();
+
+ cleanup:
+ if (state->title)
+ {
+ xfree (state->title);
+ state->title = NULL;
+ }
+ state->fp = NULL;
+ return err;
+}
+
diff --git a/common/common-defs.h b/common/common-defs.h
new file mode 100644
index 0000000..4a550c3
--- /dev/null
+++ b/common/common-defs.h
@@ -0,0 +1,33 @@
+/* common-defs.h - Private declarations for common/
+ * Copyright (C) 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_COMMON_DEFS_H
+#define GNUPG_COMMON_COMMON_DEFS_H
+
+/*-- ttyio.c --*/
+void tty_private_set_rl_hooks (void (*init_stream) (FILE *),
+ void (*set_completer) (rl_completion_func_t*),
+ void (*inhibit_completion) (int),
+ void (*cleanup_after_signal) (void),
+ char *(*readline_fun) (const char*),
+ void (*add_history_fun) (const char*));
+
+
+
+#endif /*GNUPG_COMMON_COMMON_DEFS_H*/
diff --git a/common/convert.c b/common/convert.c
new file mode 100644
index 0000000..d3e8b64
--- /dev/null
+++ b/common/convert.c
@@ -0,0 +1,249 @@
+/* convert.c - Hex conversion functions.
+ * Copyright (C) 2006, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <ctype.h>
+
+#include "util.h"
+
+
+#define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A'))
+
+
+/* Convert STRING consisting of hex characters into its binary
+ representation and store that at BUFFER. BUFFER needs to be of
+ LENGTH bytes. The function checks that the STRING will convert
+ exactly to LENGTH bytes. The string is delimited by either end of
+ string or a white space character. The function returns -1 on
+ error or the length of the parsed string. */
+int
+hex2bin (const char *string, void *buffer, size_t length)
+{
+ int i;
+ const char *s = string;
+
+ for (i=0; i < length; )
+ {
+ if (!hexdigitp (s) || !hexdigitp (s+1))
+ return -1; /* Invalid hex digits. */
+ ((unsigned char*)buffer)[i++] = xtoi_2 (s);
+ s += 2;
+ }
+ if (*s && (!isascii (*s) || !isspace (*s)) )
+ return -1; /* Not followed by Nul or white space. */
+ if (i != length)
+ return -1; /* Not of expected length. */
+ if (*s)
+ s++; /* Skip the delimiter. */
+ return s - string;
+}
+
+
+/* Convert STRING consisting of hex characters into its binary representation
+ and store that at BUFFER. BUFFER needs to be of LENGTH bytes. The
+ function check that the STRING will convert exactly to LENGTH
+ bytes. Colons inbetween the hex digits are allowed, if one colon
+ has been given a colon is expected very 2 characters. The string
+ is delimited by either end of string or a white space character.
+ The function returns -1 on error or the length of the parsed
+ string. */
+int
+hexcolon2bin (const char *string, void *buffer, size_t length)
+{
+ int i;
+ const char *s = string;
+ int need_colon = 0;
+
+ for (i=0; i < length; )
+ {
+ if (i==1 && *s == ':') /* Skip colons between hex digits. */
+ {
+ need_colon = 1;
+ s++;
+ }
+ else if (need_colon && *s == ':')
+ s++;
+ else if (need_colon)
+ return -1; /* Colon expected. */
+ if (!hexdigitp (s) || !hexdigitp (s+1))
+ return -1; /* Invalid hex digits. */
+ ((unsigned char*)buffer)[i++] = xtoi_2 (s);
+ s += 2;
+ }
+ if (*s == ':')
+ return -1; /* Trailing colons are not allowed. */
+ if (*s && (!isascii (*s) || !isspace (*s)) )
+ return -1; /* Not followed by Nul or white space. */
+ if (i != length)
+ return -1; /* Not of expected length. */
+ if (*s)
+ s++; /* Skip the delimiter. */
+ return s - string;
+}
+
+
+
+static char *
+do_bin2hex (const void *buffer, size_t length, char *stringbuf, int with_colon)
+{
+ const unsigned char *s;
+ char *p;
+
+ if (!stringbuf)
+ {
+ /* Not really correct for with_colon but we don't care about the
+ one wasted byte. */
+ size_t n = with_colon? 3:2;
+ size_t nbytes = n * length + 1;
+ if (length && (nbytes-1) / n != length)
+ {
+ errno = ENOMEM;
+ return NULL;
+ }
+ stringbuf = xtrymalloc (nbytes);
+ if (!stringbuf)
+ return NULL;
+ }
+
+ for (s = buffer, p = stringbuf; length; length--, s++)
+ {
+ if (with_colon && s != buffer)
+ *p++ = ':';
+ *p++ = tohex ((*s>>4)&15);
+ *p++ = tohex (*s&15);
+ }
+ *p = 0;
+
+ return stringbuf;
+}
+
+
+/* Convert LENGTH bytes of data in BUFFER into hex encoding and store
+ that at the provided STRINGBUF. STRINGBUF must be allocated of at
+ least (2*LENGTH+1) bytes or be NULL so that the function mallocs an
+ appropriate buffer. Returns STRINGBUF or NULL on error (which may
+ only occur if STRINGBUF has been NULL and the internal malloc
+ failed). */
+char *
+bin2hex (const void *buffer, size_t length, char *stringbuf)
+{
+ return do_bin2hex (buffer, length, stringbuf, 0);
+}
+
+/* Convert LENGTH bytes of data in BUFFER into hex encoding and store
+ that at the provided STRINGBUF. STRINGBUF must be allocated of at
+ least (3*LENGTH+1) bytes or be NULL so that the function mallocs an
+ appropriate buffer. Returns STRINGBUF or NULL on error (which may
+ only occur if STRINGBUF has been NULL and the internal malloc
+ failed). */
+char *
+bin2hexcolon (const void *buffer, size_t length, char *stringbuf)
+{
+ return do_bin2hex (buffer, length, stringbuf, 1);
+}
+
+
+
+/* Convert HEXSTRING consisting of hex characters into string and
+ store that at BUFFER. HEXSTRING is either delimited by end of
+ string or a white space character. The function makes sure that
+ the resulting string in BUFFER is terminated by a Nul character.
+ BUFSIZE is the availabe length of BUFFER; if the converted result
+ plus a possible required Nul character does not fit into this
+ buffer, the function returns NULL and won't change the existing
+ conent of buffer. In-place conversion is possible as long as
+ BUFFER points to HEXSTRING.
+
+ If BUFFER is NULL and bufsize is 0 the function scans HEXSTRING but
+ does not store anything. This may be used to find the end of
+ hexstring.
+
+ On sucess the function returns a pointer to the next character
+ after HEXSTRING (which is either end-of-string or a the next white
+ space). If BUFLEN is not NULL the strlen of buffer is stored
+ there; this will even be done if BUFFER has been passed as NULL. */
+const char *
+hex2str (const char *hexstring, char *buffer, size_t bufsize, size_t *buflen)
+{
+ const char *s = hexstring;
+ int idx, count;
+ int need_nul = 0;
+
+ if (buflen)
+ *buflen = 0;
+
+ for (s=hexstring, count=0; hexdigitp (s) && hexdigitp (s+1); s += 2, count++)
+ ;
+ if (*s && (!isascii (*s) || !isspace (*s)) )
+ return NULL; /* Not followed by Nul or white space. */
+ /* We need to append a nul character. However we don't want that if
+ the hexstring already ends with "00". */
+ need_nul = ((s == hexstring) || !(s[-2] == '0' && s[-1] == '0'));
+ if (need_nul)
+ count++;
+
+ if (buffer)
+ {
+ if (count > bufsize)
+ return NULL; /* Too long. */
+
+ for (s=hexstring, idx=0; hexdigitp (s) && hexdigitp (s+1); s += 2)
+ ((unsigned char*)buffer)[idx++] = xtoi_2 (s);
+ if (need_nul)
+ buffer[idx] = 0;
+ }
+
+ if (buflen)
+ *buflen = count - 1;
+ return s;
+}
+
+
+/* Same as hex2str but this function allocated a new string. Returns
+ NULL on error. If R_COUNT is not NULL, the number of scanned bytes
+ will be stored there. ERRNO is set on error. */
+char *
+hex2str_alloc (const char *hexstring, size_t *r_count)
+{
+ const char *tail;
+ size_t nbytes;
+ char *result;
+
+ tail = hex2str (hexstring, NULL, 0, &nbytes);
+ if (!tail)
+ {
+ if (r_count)
+ *r_count = 0;
+ errno = EINVAL;
+ return NULL;
+ }
+ if (r_count)
+ *r_count = tail - hexstring;
+ result = xtrymalloc (nbytes+1);
+ if (!result)
+ return NULL;
+ if (!hex2str (hexstring, result, nbytes+1, NULL))
+ BUG ();
+ return result;
+}
+
+
+
diff --git a/common/dns-cert.c b/common/dns-cert.c
new file mode 100644
index 0000000..efdefaf
--- /dev/null
+++ b/common/dns-cert.c
@@ -0,0 +1,342 @@
+/* dns-cert.c - DNS CERT code
+ * Copyright (C) 2005, 2006, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GNUPG.
+ *
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <sys/types.h>
+#ifdef USE_DNS_CERT
+# ifdef HAVE_W32_SYSTEM
+# include <windows.h>
+# else
+# include <netinet/in.h>
+# include <arpa/nameser.h>
+# include <resolv.h>
+# endif
+# include <string.h>
+#endif
+#ifdef USE_ADNS
+# include <adns.h>
+# ifndef HAVE_ADNS_FREE
+# define adns_free free
+# endif
+#endif
+
+#include "util.h"
+#include "iobuf.h"
+#include "dns-cert.h"
+
+/* Not every installation has gotten around to supporting CERTs
+ yet... */
+#ifndef T_CERT
+#define T_CERT 37
+#endif
+
+/* ADNS has no support for CERT yes. */
+#define my_adns_r_cert 37
+
+
+
+/* Returns -1 on error, 0 for no answer, 1 for PGP provided and 2 for
+ IPGP provided. Note that this fucntion retruns the first CERT
+ found with a supported type; it is expected that only one CERT
+ record is used. */
+int
+get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
+ unsigned char **fpr, size_t *fpr_len, char **url)
+{
+#ifdef USE_DNS_CERT
+#ifdef USE_ADNS
+ adns_state state;
+ adns_answer *answer = NULL;
+ int rc;
+ unsigned int ctype;
+ int count;
+
+ rc = adns_init (&state, adns_if_noerrprint, NULL);
+ if (rc)
+ {
+ log_error ("error initializing adns: %s\n", strerror (errno));
+ return -1;
+ }
+
+ rc = adns_synchronous (state, name, (adns_r_unknown | my_adns_r_cert),
+ adns_qf_quoteok_query, &answer);
+ if (rc)
+ {
+ /* log_error ("DNS query failed: %s\n", strerror (errno)); */
+ adns_finish (state);
+ return -1;
+ }
+ if (answer->status != adns_s_ok)
+ {
+ /* log_error ("DNS query returned an error: %s (%s)\n", */
+ /* adns_strerror (answer->status), */
+ /* adns_errabbrev (answer->status)); */
+ adns_free (answer);
+ adns_finish (state);
+ return 0;
+ }
+
+ for (rc = 0, count=0; !rc && count < answer->nrrs; count++)
+ {
+ int datalen = answer->rrs.byteblock[count].len;
+ const unsigned char *data = answer->rrs.byteblock[count].data;
+
+ if (datalen < 5)
+ continue; /* Truncated CERT record - skip. */
+
+ ctype = ((data[0]<<8)|data[1]);
+ /* (key tag and algorithm fields are not required.) */
+ data += 5;
+ datalen -= 5;
+
+ if (ctype == 3 && datalen >= 11)
+ {
+ /* CERT type is PGP. Gpg checks for a minimum length of 11,
+ thus we do the same. */
+ *iobuf = iobuf_temp_with_content ((char*)data, datalen);
+ rc = 1;
+ }
+ else if (ctype == 6 && datalen && datalen < 1023
+ && datalen >= data[0]+1 && fpr && fpr_len && url)
+ {
+ /* CERT type is IPGP. We made sure tha the data is
+ plausible and that the caller requested the
+ information. */
+ *fpr_len = data[0];
+ if (*fpr_len)
+ {
+ *fpr = xmalloc (*fpr_len);
+ memcpy (*fpr, data+1, *fpr_len);
+ }
+ else
+ *fpr = NULL;
+
+ if (datalen > *fpr_len + 1)
+ {
+ *url = xmalloc (datalen - (*fpr_len+1) + 1);
+ memcpy (*url, data + (*fpr_len+1), datalen - (*fpr_len+1));
+ (*url)[datalen - (*fpr_len+1)] = '\0';
+ }
+ else
+ *url = NULL;
+
+ rc = 2;
+ }
+ }
+
+ adns_free (answer);
+ adns_finish (state);
+ return rc;
+
+#else /*!USE_ADNS*/
+
+ unsigned char *answer;
+ int r,ret=-1;
+ u16 count;
+
+ if(fpr)
+ *fpr=NULL;
+
+ if(url)
+ *url=NULL;
+
+ answer=xmalloc(max_size);
+
+ r=res_query(name,C_IN,T_CERT,answer,max_size);
+ /* Not too big, not too small, no errors and at least 1 answer. */
+ if(r>=sizeof(HEADER) && r<=max_size
+ && (((HEADER *)answer)->rcode)==NOERROR
+ && (count=ntohs(((HEADER *)answer)->ancount)))
+ {
+ int rc;
+ unsigned char *pt,*emsg;
+
+ emsg=&answer[r];
+
+ pt=&answer[sizeof(HEADER)];
+
+ /* Skip over the query */
+
+ rc=dn_skipname(pt,emsg);
+ if(rc==-1)
+ goto fail;
+
+ pt+=rc+QFIXEDSZ;
+
+ /* There are several possible response types for a CERT request.
+ We're interested in the PGP (a key) and IPGP (a URI) types.
+ Skip all others. TODO: A key is better than a URI since
+ we've gone through all this bother to fetch it, so favor that
+ if we have both PGP and IPGP? */
+
+ while(count-->0 && pt<emsg)
+ {
+ u16 type,class,dlen,ctype;
+
+ rc=dn_skipname(pt,emsg); /* the name we just queried for */
+ if(rc==-1)
+ break;
+
+ pt+=rc;
+
+ /* Truncated message? 15 bytes takes us to the point where
+ we start looking at the ctype. */
+ if((emsg-pt)<15)
+ break;
+
+ type=*pt++ << 8;
+ type|=*pt++;
+
+ class=*pt++ << 8;
+ class|=*pt++;
+ /* We asked for IN and got something else !? */
+ if(class!=C_IN)
+ break;
+
+ /* ttl */
+ pt+=4;
+
+ /* data length */
+ dlen=*pt++ << 8;
+ dlen|=*pt++;
+
+ /* We asked for CERT and got something else - might be a
+ CNAME, so loop around again. */
+ if(type!=T_CERT)
+ {
+ pt+=dlen;
+ continue;
+ }
+
+ /* The CERT type */
+ ctype=*pt++ << 8;
+ ctype|=*pt++;
+
+ /* Skip the CERT key tag and algo which we don't need. */
+ pt+=3;
+
+ dlen-=5;
+
+ /* 15 bytes takes us to here */
+
+ if(ctype==3 && iobuf && dlen)
+ {
+ /* PGP type */
+ *iobuf=iobuf_temp_with_content((char *)pt,dlen);
+ ret=1;
+ break;
+ }
+ else if(ctype==6 && dlen && dlen<1023 && dlen>=pt[0]+1
+ && fpr && fpr_len && url)
+ {
+ /* IPGP type */
+ *fpr_len=pt[0];
+
+ if(*fpr_len)
+ {
+ *fpr=xmalloc(*fpr_len);
+ memcpy(*fpr,&pt[1],*fpr_len);
+ }
+ else
+ *fpr=NULL;
+
+ if(dlen>*fpr_len+1)
+ {
+ *url=xmalloc(dlen-(*fpr_len+1)+1);
+ memcpy(*url,&pt[*fpr_len+1],dlen-(*fpr_len+1));
+ (*url)[dlen-(*fpr_len+1)]='\0';
+ }
+ else
+ *url=NULL;
+
+ ret=2;
+ break;
+ }
+
+ /* Neither type matches, so go around to the next answer. */
+ pt+=dlen;
+ }
+ }
+
+ fail:
+ xfree(answer);
+ return ret;
+#endif /*!USE_ADNS*/
+#else /* !USE_DNS_CERT */
+ return -1;
+#endif
+}
+
+
+
+/* Test with simon.josefsson.org */
+
+#ifdef TEST
+int
+main(int argc,char *argv[])
+{
+ unsigned char *fpr;
+ size_t fpr_len;
+ char *url;
+ int rc;
+ IOBUF iobuf;
+
+ if(argc!=2)
+ {
+ printf("cert-test [name]\n");
+ return 1;
+ }
+
+ printf("CERT lookup on %s\n",argv[1]);
+
+ rc=get_dns_cert (argv[1],16384,&iobuf,&fpr,&fpr_len,&url);
+ if(rc==-1)
+ printf("error\n");
+ else if(rc==0)
+ printf("no answer\n");
+ else if(rc==1)
+ {
+ printf("key found: %d bytes\n",(int)iobuf_get_temp_length(iobuf));
+ iobuf_close(iobuf);
+ }
+ else if(rc==2)
+ {
+ if(fpr)
+ {
+ size_t i;
+ printf("Fingerprint found (%d bytes): ",(int)fpr_len);
+ for(i=0;i<fpr_len;i++)
+ printf("%02X",fpr[i]);
+ printf("\n");
+ }
+ else
+ printf("No fingerprint found\n");
+
+ if(url)
+ printf("URL found: %s\n",url);
+ else
+ printf("No URL found\n");
+
+ xfree(fpr);
+ xfree(url);
+ }
+
+ return 0;
+}
+#endif /* TEST */
diff --git a/common/dns-cert.h b/common/dns-cert.h
new file mode 100644
index 0000000..8275339
--- /dev/null
+++ b/common/dns-cert.h
@@ -0,0 +1,26 @@
+/* dns-cert.h - DNS CERT definition
+ * Copyright (C) 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef GNUPG_COMMON_DNS_CERT_H
+#define GNUPG_COMMON_DNS_CERT_H
+
+int get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
+ unsigned char **fpr, size_t *fpr_len, char **url);
+
+
+#endif /*GNUPG_COMMON_DNS_CERT_H*/
diff --git a/common/estream-printf.c b/common/estream-printf.c
new file mode 100644
index 0000000..a5f3a69
--- /dev/null
+++ b/common/estream-printf.c
@@ -0,0 +1,1788 @@
+/* estream-printf.c - Versatile C-99 compliant printf formatting
+ * Copyright (C) 2007, 2008, 2009 g10 Code GmbH
+ *
+ * This file is part of Libestream.
+ *
+ * Libestream is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * Libestream is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Libestream; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* Required autoconf tests:
+
+ AC_TYPE_LONG_LONG_INT defines HAVE_LONG_LONG_INT
+ AC_TYPE_LONG_DOUBLE defines HAVE_LONG_DOUBLE
+ AC_TYPE_INTMAX_T defines HAVE_INTMAX_T
+ AC_TYPE_UINTMAX_T defines HAVE_UINTMAX_T
+ AC_CHECK_TYPES([ptrdiff_t]) defines HAVE_PTRDIFF_T
+ AC_CHECK_SIZEOF([unsigned long]) defines SIZEOF_UNSIGNED_LONG
+ AC_CHECK_SIZEOF([void *]) defines SIZEOF_VOID_P
+ HAVE_LANGINFO_THOUSANDS_SEP
+
+ Note that the file estream.m4 provides the autoconf macro
+ ESTREAM_PRINTF_INIT which runs all required checks.
+ See estream-printf.h for ways to tune this code.
+
+ Missing stuff: wchar and wint_t
+ thousands_sep in pr_float.
+
+*/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdarg.h>
+#include <errno.h>
+#include <stddef.h>
+#include <assert.h>
+#if defined(HAVE_INTMAX_T) || defined(HAVE_UINTMAX_T)
+# ifdef HAVE_STDINT_H
+# include <stdint.h>
+# endif
+#endif
+#ifdef HAVE_LANGINFO_THOUSANDS_SEP
+#include <langinfo.h>
+#endif
+#ifdef _ESTREAM_PRINTF_EXTRA_INCLUDE
+# include _ESTREAM_PRINTF_EXTRA_INCLUDE
+#endif
+#include "estream-printf.h"
+
+/* #define DEBUG 1 */
+
+
+/* Allow redefinition of asprintf used malloc functions. */
+#if defined(_ESTREAM_PRINTF_MALLOC)
+#define my_printf_malloc(a) _ESTREAM_PRINTF_MALLOC((a))
+#else
+#define my_printf_malloc(a) malloc((a))
+#endif
+#if defined(_ESTREAM_PRINTF_FREE)
+#define my_printf_free(a) _ESTREAM_PRINTF_FREE((a))
+#else
+#define my_printf_free(a) free((a))
+#endif
+
+
+/* Calculate array dimension. */
+#ifndef DIM
+#define DIM(array) (sizeof (array) / sizeof (*array))
+#endif
+
+
+/* We allow for that many args without requiring malloced memory. */
+#define DEFAULT_MAX_ARGSPECS 5
+
+/* We allow for that many values without requiring malloced memory. */
+#define DEFAULT_MAX_VALUES 8
+
+/* We allocate this many new array argspec elements each time. */
+#define ARGSPECS_BUMP_VALUE 10
+
+/* Special values for the field width and the precision. */
+#define NO_FIELD_VALUE (-1)
+#define STAR_FIELD_VALUE (-2)
+
+/* Bit valuues used for the conversion flags. */
+#define FLAG_GROUPING 1
+#define FLAG_LEFT_JUST 2
+#define FLAG_PLUS_SIGN 4
+#define FLAG_SPACE_PLUS 8
+#define FLAG_ALT_CONV 16
+#define FLAG_ZERO_PAD 32
+
+/* Constants used the length modifiers. */
+typedef enum
+ {
+ LENMOD_NONE = 0,
+ LENMOD_CHAR, /* "hh" */
+ LENMOD_SHORT, /* "h" */
+ LENMOD_LONG, /* "l" */
+ LENMOD_LONGLONG, /* "ll" */
+ LENMOD_INTMAX, /* "j" */
+ LENMOD_SIZET, /* "z" */
+ LENMOD_PTRDIFF, /* "t" */
+ LENMOD_LONGDBL /* "L" */
+ } lenmod_t;
+
+/* All the conversion specifiers. */
+typedef enum
+ {
+ CONSPEC_UNKNOWN = 0,
+ CONSPEC_DECIMAL,
+ CONSPEC_OCTAL,
+ CONSPEC_UNSIGNED,
+ CONSPEC_HEX,
+ CONSPEC_HEX_UP,
+ CONSPEC_FLOAT,
+ CONSPEC_FLOAT_UP,
+ CONSPEC_EXP,
+ CONSPEC_EXP_UP,
+ CONSPEC_F_OR_G,
+ CONSPEC_F_OR_G_UP,
+ CONSPEC_HEX_EXP,
+ CONSPEC_HEX_EXP_UP,
+ CONSPEC_CHAR,
+ CONSPEC_STRING,
+ CONSPEC_POINTER,
+ CONSPEC_STRERROR,
+ CONSPEC_BYTES_SO_FAR
+ } conspec_t;
+
+
+/* Constants describing all the suppoorted types. Note that we list
+ all the types we know about even if certain types are not available
+ on this system. */
+typedef enum
+ {
+ VALTYPE_UNSUPPORTED = 0, /* Artificial type for error detection. */
+ VALTYPE_CHAR,
+ VALTYPE_SCHAR,
+ VALTYPE_UCHAR,
+ VALTYPE_SHORT,
+ VALTYPE_USHORT,
+ VALTYPE_INT,
+ VALTYPE_UINT,
+ VALTYPE_LONG,
+ VALTYPE_ULONG,
+ VALTYPE_LONGLONG,
+ VALTYPE_ULONGLONG,
+ VALTYPE_DOUBLE,
+ VALTYPE_LONGDOUBLE,
+ VALTYPE_STRING,
+ VALTYPE_INTMAX,
+ VALTYPE_UINTMAX,
+ VALTYPE_SIZE,
+ VALTYPE_PTRDIFF,
+ VALTYPE_POINTER,
+ VALTYPE_CHAR_PTR,
+ VALTYPE_SCHAR_PTR,
+ VALTYPE_SHORT_PTR,
+ VALTYPE_INT_PTR,
+ VALTYPE_LONG_PTR,
+ VALTYPE_LONGLONG_PTR,
+ VALTYPE_INTMAX_PTR,
+ VALTYPE_SIZE_PTR,
+ VALTYPE_PTRDIFF_PTR
+ } valtype_t;
+
+
+/* A union used to store the actual values. */
+typedef union
+{
+ char a_char;
+ signed char a_schar;
+ unsigned char a_uchar;
+ short a_short;
+ unsigned short a_ushort;
+ int a_int;
+ unsigned int a_uint;
+ long int a_long;
+ unsigned long int a_ulong;
+#ifdef HAVE_LONG_LONG_INT
+ long long int a_longlong;
+ unsigned long long int a_ulonglong;
+#endif
+ double a_double;
+#ifdef HAVE_LONG_DOUBLE
+ long double a_longdouble;
+#endif
+ const char *a_string;
+#ifdef HAVE_INTMAX_T
+ intmax_t a_intmax;
+#endif
+#ifdef HAVE_UINTMAX_T
+ intmax_t a_uintmax;
+#endif
+ size_t a_size;
+#ifdef HAVE_PTRDIFF_T
+ ptrdiff_t a_ptrdiff;
+#endif
+ void *a_void_ptr;
+ char *a_char_ptr;
+ signed char *a_schar_ptr;
+ short *a_short_ptr;
+ int *a_int_ptr;
+ long *a_long_ptr;
+#ifdef HAVE_LONG_LONG_INT
+ long long int *a_longlong_ptr;
+#endif
+#ifdef HAVE_INTMAX_T
+ intmax_t *a_intmax_ptr;
+#endif
+ size_t *a_size_ptr;
+#ifdef HAVE_PTRDIFF_T
+ ptrdiff_t *a_ptrdiff_ptr;
+#endif
+} value_t;
+
+/* An object used to keep track of a format option and arguments. */
+struct argspec_s
+{
+ size_t length; /* The length of these args including the percent. */
+ unsigned int flags; /* The conversion flags (bits defined by FLAG_foo). */
+ int width; /* The field width. */
+ int precision; /* The precision. */
+ lenmod_t lenmod; /* The length modifier. */
+ conspec_t conspec; /* The conversion specifier. */
+ int arg_pos; /* The position of the argument. This one may
+ be -1 to indicate that no value is expected
+ (e.g. for "%m"). */
+ int width_pos; /* The position of the argument for a field
+ width star's value. 0 for not used. */
+ int precision_pos; /* The position of the argument for the a
+ precision star's value. 0 for not used. */
+ valtype_t vt; /* The type of the corresponding argument. */
+};
+typedef struct argspec_s *argspec_t;
+
+/* An object to build up a table of values and their types. */
+struct valueitem_s
+{
+ valtype_t vt; /* The type of the value. */
+ value_t value; /* The value. */
+};
+typedef struct valueitem_s *valueitem_t;
+
+
+#ifdef DEBUG
+static void
+dump_argspecs (argspec_t arg, size_t argcount)
+{
+ int idx;
+
+ for (idx=0; argcount; argcount--, arg++, idx++)
+ fprintf (stderr,
+ "%2d: len=%u flags=%u width=%d prec=%d mod=%d "
+ "con=%d vt=%d pos=%d-%d-%d\n",
+ idx,
+ (unsigned int)arg->length,
+ arg->flags,
+ arg->width,
+ arg->precision,
+ arg->lenmod,
+ arg->conspec,
+ arg->vt,
+ arg->arg_pos,
+ arg->width_pos,
+ arg->precision_pos);
+}
+#endif /*DEBUG*/
+
+
+/* Set the vt field for ARG. */
+static void
+compute_type (argspec_t arg)
+{
+ switch (arg->conspec)
+ {
+ case CONSPEC_UNKNOWN:
+ arg->vt = VALTYPE_UNSUPPORTED;
+ break;
+
+ case CONSPEC_DECIMAL:
+ switch (arg->lenmod)
+ {
+ case LENMOD_CHAR: arg->vt = VALTYPE_SCHAR; break;
+ case LENMOD_SHORT: arg->vt = VALTYPE_SHORT; break;
+ case LENMOD_LONG: arg->vt = VALTYPE_LONG; break;
+ case LENMOD_LONGLONG: arg->vt = VALTYPE_LONGLONG; break;
+ case LENMOD_INTMAX: arg->vt = VALTYPE_INTMAX; break;
+ case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break;
+ case LENMOD_PTRDIFF: arg->vt = VALTYPE_PTRDIFF; break;
+ default: arg->vt = VALTYPE_INT; break;
+ }
+ break;
+
+ case CONSPEC_OCTAL:
+ case CONSPEC_UNSIGNED:
+ case CONSPEC_HEX:
+ case CONSPEC_HEX_UP:
+ switch (arg->lenmod)
+ {
+ case LENMOD_CHAR: arg->vt = VALTYPE_UCHAR; break;
+ case LENMOD_SHORT: arg->vt = VALTYPE_USHORT; break;
+ case LENMOD_LONG: arg->vt = VALTYPE_ULONG; break;
+ case LENMOD_LONGLONG: arg->vt = VALTYPE_ULONGLONG; break;
+ case LENMOD_INTMAX: arg->vt = VALTYPE_UINTMAX; break;
+ case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break;
+ case LENMOD_PTRDIFF: arg->vt = VALTYPE_PTRDIFF; break;
+ default: arg->vt = VALTYPE_UINT; break;
+ }
+ break;
+
+ case CONSPEC_FLOAT:
+ case CONSPEC_FLOAT_UP:
+ case CONSPEC_EXP:
+ case CONSPEC_EXP_UP:
+ case CONSPEC_F_OR_G:
+ case CONSPEC_F_OR_G_UP:
+ case CONSPEC_HEX_EXP:
+ case CONSPEC_HEX_EXP_UP:
+ switch (arg->lenmod)
+ {
+ case LENMOD_LONGDBL: arg->vt = VALTYPE_LONGDOUBLE; break;
+ case LENMOD_LONG: arg->vt = VALTYPE_DOUBLE; break;
+ default: arg->vt = VALTYPE_DOUBLE; break;
+ }
+ break;
+
+ case CONSPEC_CHAR:
+ arg->vt = VALTYPE_INT;
+ break;
+
+ case CONSPEC_STRING:
+ arg->vt = VALTYPE_STRING;
+ break;
+
+ case CONSPEC_POINTER:
+ arg->vt = VALTYPE_POINTER;
+ break;
+
+ case CONSPEC_STRERROR:
+ arg->vt = VALTYPE_STRING;
+ break;
+
+ case CONSPEC_BYTES_SO_FAR:
+ switch (arg->lenmod)
+ {
+ case LENMOD_CHAR: arg->vt = VALTYPE_SCHAR_PTR; break;
+ case LENMOD_SHORT: arg->vt = VALTYPE_SHORT_PTR; break;
+ case LENMOD_LONG: arg->vt = VALTYPE_LONG_PTR; break;
+ case LENMOD_LONGLONG: arg->vt = VALTYPE_LONGLONG_PTR; break;
+ case LENMOD_INTMAX: arg->vt = VALTYPE_INTMAX_PTR; break;
+ case LENMOD_SIZET: arg->vt = VALTYPE_SIZE_PTR; break;
+ case LENMOD_PTRDIFF: arg->vt = VALTYPE_PTRDIFF_PTR; break;
+ default: arg->vt = VALTYPE_INT_PTR; break;
+ }
+ break;
+
+ }
+}
+
+
+
+/* Parse the FORMAT string and populate the specification array stored
+ at the address ARGSPECS_ADDR. The caller has provided enough space
+ to store up to MAX_ARGSPECS in that buffer. The function may
+ however ignore the provided buffer and malloc a larger one. On
+ success the addrrss of that larger buffer will be stored at
+ ARGSPECS_ADDR. The actual number of specifications will be
+ returned at R_ARGSPECS_COUNT. */
+static int
+parse_format (const char *format,
+ argspec_t *argspecs_addr, size_t max_argspecs,
+ size_t *r_argspecs_count)
+{
+ const char *s;
+ argspec_t argspecs = *argspecs_addr;
+ argspec_t arg;
+ size_t argcount = 0;
+
+ if (!format)
+ goto leave_einval;
+
+ for (; *format; format++)
+ {
+ unsigned int flags;
+ int width, precision;
+ lenmod_t lenmod;
+ conspec_t conspec;
+ int arg_pos, width_pos, precision_pos;
+
+ if (*format != '%')
+ continue;
+ s = ++format;
+ if (!*s)
+ goto leave_einval;
+ if (*s == '%')
+ continue; /* Just a quoted percent. */
+
+ /* First check whether there is a positional argument. */
+ arg_pos = 0; /* No positional argument given. */
+ if (*s >= '1' && *s <= '9')
+ {
+ const char *save_s = s;
+
+ arg_pos = (*s++ - '0');
+ for (; *s >= '0' && *s <= '9'; s++)
+ arg_pos = 10*arg_pos + (*s - '0');
+ if (arg_pos < 0)
+ goto leave_einval; /* Overflow during conversion. */
+ if (*s == '$')
+ s++;
+ else
+ {
+ arg_pos = 0;
+ s = save_s;
+ }
+ }
+
+ /* Parse the flags. */
+ flags = 0;
+ for ( ; *s; s++)
+ {
+ switch (*s)
+ {
+ case '\'': flags |= FLAG_GROUPING; break;
+ case '-': flags |= FLAG_LEFT_JUST; break;
+ case '+': flags |= FLAG_PLUS_SIGN; break;
+ case ' ': flags |= FLAG_SPACE_PLUS; break;
+ case '#': flags |= FLAG_ALT_CONV; break;
+ case '0': flags |= FLAG_ZERO_PAD; break;
+ default:
+ goto flags_parsed;
+ }
+ }
+ flags_parsed:
+
+ /* Parse the field width. */
+ width_pos = 0;
+ if (*s == '*')
+ {
+ width = STAR_FIELD_VALUE;
+ s++;
+ /* If we have a positional argument, another one might also
+ be used to give the position of the star's value. */
+ if (arg_pos && *s >= '1' && *s <= '9')
+ {
+ width_pos = (*s++ - '0');
+ for (; *s >= '0' && *s <= '9'; s++)
+ width_pos = 10*width_pos + (*s - '0');
+ if (width_pos < 1)
+ goto leave_einval; /* Overflow during conversion. */
+ if (*s != '$')
+ goto leave_einval; /* Not followed by $. */
+ s++;
+ }
+ }
+ else if ( *s >= '0' && *s <= '9')
+ {
+ width = (*s++ - '0');
+ for (; *s >= '0' && *s <= '9'; s++)
+ {
+ if (!width && *s == '0')
+ goto leave_einval; /* Leading zeroes are not allowed.
+ Fixme: check what other
+ implementations do. */
+ width = 10*width + (*s - '0');
+ }
+ if (width < 0)
+ goto leave_einval; /* Overflow during conversion. */
+ }
+ else
+ width = NO_FIELD_VALUE;
+
+ /* Parse the precision. */
+ precision_pos = 0;
+ precision = NO_FIELD_VALUE;
+ if (*s == '.')
+ {
+ int ignore_value = (s[1] == '-');
+
+ s++;
+ if (*s == '*')
+ {
+ precision = STAR_FIELD_VALUE;
+ s++;
+ /* If we have a positional argument, another one might also
+ be used to give the position of the star's value. */
+ if (arg_pos && *s >= '1' && *s <= '9')
+ {
+ precision_pos = (*s++ - '0');
+ for (; *s >= '0' && *s <= '9'; s++)
+ precision_pos = 10*precision_pos + (*s - '0');
+ if (precision_pos < 1)
+ goto leave_einval; /* Overflow during conversion. */
+ if (*s != '$')
+ goto leave_einval; /* Not followed by $. */
+ s++;
+ }
+ }
+ else if ( *s >= '0' && *s <= '9')
+ {
+ precision = (*s++ - '0');
+ for (; *s >= '0' && *s <= '9'; s++)
+ {
+ if (!precision && *s == '0')
+ goto leave_einval; /* Leading zeroes are not allowed.
+ Fixme: check what other
+ implementations do. */
+ precision = 10*precision + (*s - '0');
+ }
+ if (precision < 0)
+ goto leave_einval; /* Overflow during conversion. */
+ }
+ else
+ precision = 0;
+ if (ignore_value)
+ precision = NO_FIELD_VALUE;
+ }
+
+ /* Parse the length modifiers. */
+ switch (*s)
+ {
+ case 'h':
+ if (s[1] == 'h')
+ {
+ lenmod = LENMOD_CHAR;
+ s++;
+ }
+ else
+ lenmod = LENMOD_SHORT;
+ s++;
+ break;
+ case 'l':
+ if (s[1] == 'l')
+ {
+ lenmod = LENMOD_LONGLONG;
+ s++;
+ }
+ else
+ lenmod = LENMOD_LONG;
+ s++;
+ break;
+ case 'j': lenmod = LENMOD_INTMAX; s++; break;
+ case 'z': lenmod = LENMOD_SIZET; s++; break;
+ case 't': lenmod = LENMOD_PTRDIFF; s++; break;
+ case 'L': lenmod = LENMOD_LONGDBL; s++; break;
+ default: lenmod = LENMOD_NONE; break;
+ }
+
+ /* Parse the conversion specifier. */
+ switch (*s)
+ {
+ case 'd':
+ case 'i': conspec = CONSPEC_DECIMAL; break;
+ case 'o': conspec = CONSPEC_OCTAL; break;
+ case 'u': conspec = CONSPEC_UNSIGNED; break;
+ case 'x': conspec = CONSPEC_HEX; break;
+ case 'X': conspec = CONSPEC_HEX_UP; break;
+ case 'f': conspec = CONSPEC_FLOAT; break;
+ case 'F': conspec = CONSPEC_FLOAT_UP; break;
+ case 'e': conspec = CONSPEC_EXP; break;
+ case 'E': conspec = CONSPEC_EXP_UP; break;
+ case 'g': conspec = CONSPEC_F_OR_G; break;
+ case 'G': conspec = CONSPEC_F_OR_G_UP; break;
+ case 'a': conspec = CONSPEC_HEX_EXP; break;
+ case 'A': conspec = CONSPEC_HEX_EXP_UP; break;
+ case 'c': conspec = CONSPEC_CHAR; break;
+ case 's': conspec = CONSPEC_STRING; break;
+ case 'p': conspec = CONSPEC_POINTER; break;
+ case 'n': conspec = CONSPEC_BYTES_SO_FAR; break;
+ case 'C': conspec = CONSPEC_CHAR; lenmod = LENMOD_LONG; break;
+ case 'S': conspec = CONSPEC_STRING; lenmod = LENMOD_LONG; break;
+ case 'm': conspec = CONSPEC_STRERROR; arg_pos = -1; break;
+ default: conspec = CONSPEC_UNKNOWN;
+ }
+
+ /* Save the args. */
+ if (argcount >= max_argspecs)
+ {
+ /* We either need to allocate a new array instead of the
+ caller provided one or realloc the array. Instead of
+ using realloc we allocate a new one and release the
+ original one then. */
+ size_t n, newmax;
+ argspec_t newarg;
+
+ newmax = max_argspecs + ARGSPECS_BUMP_VALUE;
+ if (newmax <= max_argspecs)
+ goto leave_einval; /* Too many arguments. */
+ newarg = calloc (newmax, sizeof *newarg);
+ if (!newarg)
+ goto leave;
+ for (n=0; n < argcount; n++)
+ newarg[n] = argspecs[n];
+ if (argspecs != *argspecs_addr)
+ free (argspecs);
+ argspecs = newarg;
+ max_argspecs = newmax;
+ }
+
+ arg = argspecs + argcount;
+ arg->length = s - format + 2;
+ arg->flags = flags;
+ arg->width = width;
+ arg->precision = precision;
+ arg->lenmod = lenmod;
+ arg->conspec = conspec;
+ arg->arg_pos = arg_pos;
+ arg->width_pos = width_pos;
+ arg->precision_pos = precision_pos;
+ compute_type (arg);
+ argcount++;
+ format = s;
+ }
+
+ *argspecs_addr = argspecs;
+ *r_argspecs_count = argcount;
+ return 0; /* Success. */
+
+ leave_einval:
+ errno = EINVAL;
+ leave:
+ if (argspecs != *argspecs_addr)
+ free (argspecs);
+ *argspecs_addr = NULL;
+ return -1;
+}
+
+
+/* This function reads all the values as specified by VALUETABLE into
+ VALUETABLE. The values are expected in VAARGS. The function
+ returns -1 if a specified type is not supported. */
+static int
+read_values (valueitem_t valuetable, size_t valuetable_len, va_list vaargs)
+{
+ int validx;
+
+ for (validx=0; validx < valuetable_len; validx++)
+ {
+ value_t *value = &valuetable[validx].value;
+ valtype_t vt = valuetable[validx].vt;
+
+ switch (vt)
+ {
+ case VALTYPE_CHAR: value->a_char = va_arg (vaargs, int); break;
+ case VALTYPE_CHAR_PTR:
+ value->a_char_ptr = va_arg (vaargs, char *);
+ break;
+ case VALTYPE_SCHAR: value->a_schar = va_arg (vaargs, int); break;
+ case VALTYPE_SCHAR_PTR:
+ value->a_schar_ptr = va_arg (vaargs, signed char *);
+ break;
+ case VALTYPE_UCHAR: value->a_uchar = va_arg (vaargs, int); break;
+ case VALTYPE_SHORT: value->a_short = va_arg (vaargs, int); break;
+ case VALTYPE_USHORT: value->a_ushort = va_arg (vaargs, int); break;
+ case VALTYPE_SHORT_PTR:
+ value->a_short_ptr = va_arg (vaargs, short *);
+ break;
+ case VALTYPE_INT:
+ value->a_int = va_arg (vaargs, int);
+ break;
+ case VALTYPE_INT_PTR:
+ value->a_int_ptr = va_arg (vaargs, int *);
+ break;
+ case VALTYPE_UINT:
+ value->a_uint = va_arg (vaargs, unsigned int);
+ break;
+ case VALTYPE_LONG:
+ value->a_long = va_arg (vaargs, long);
+ break;
+ case VALTYPE_ULONG:
+ value->a_ulong = va_arg (vaargs, unsigned long);
+ break;
+ case VALTYPE_LONG_PTR:
+ value->a_long_ptr = va_arg (vaargs, long *);
+ break;
+#ifdef HAVE_LONG_LONG_INT
+ case VALTYPE_LONGLONG:
+ value->a_longlong = va_arg (vaargs, long long int);
+ break;
+ case VALTYPE_ULONGLONG:
+ value->a_ulonglong = va_arg (vaargs, unsigned long long int);
+ break;
+ case VALTYPE_LONGLONG_PTR:
+ value->a_longlong_ptr = va_arg (vaargs, long long *);
+ break;
+#endif
+ case VALTYPE_DOUBLE:
+ value->a_double = va_arg (vaargs, double);
+ break;
+#ifdef HAVE_LONG_DOUBLE
+ case VALTYPE_LONGDOUBLE:
+ value->a_longdouble = va_arg (vaargs, long double);
+ break;
+#endif
+ case VALTYPE_STRING:
+ value->a_string = va_arg (vaargs, const char *);
+ break;
+ case VALTYPE_POINTER:
+ value->a_void_ptr = va_arg (vaargs, void *);
+ break;
+#ifdef HAVE_INTMAX_T
+ case VALTYPE_INTMAX:
+ value->a_intmax = va_arg (vaargs, intmax_t);
+ break;
+ case VALTYPE_INTMAX_PTR:
+ value->a_intmax_ptr = va_arg (vaargs, intmax_t *);
+ break;
+#endif
+#ifdef HAVE_UINTMAX_T
+ case VALTYPE_UINTMAX:
+ value->a_uintmax = va_arg (vaargs, uintmax_t);
+ break;
+#endif
+ case VALTYPE_SIZE:
+ value->a_size = va_arg (vaargs, size_t);
+ break;
+ case VALTYPE_SIZE_PTR:
+ value->a_size_ptr = va_arg (vaargs, size_t *);
+ break;
+#ifdef HAVE_PTRDIFF_T
+ case VALTYPE_PTRDIFF:
+ value->a_ptrdiff = va_arg (vaargs, ptrdiff_t);
+ break;
+ case VALTYPE_PTRDIFF_PTR:
+ value->a_ptrdiff_ptr = va_arg (vaargs, ptrdiff_t *);
+ break;
+#endif
+ default: /* Unsupported type. */
+ return -1;
+ }
+ }
+ return 0;
+}
+
+
+
+/* Output COUNT padding characters PADCHAR and update NBYTES by the
+ number of bytes actually written. */
+static int
+pad_out (estream_printf_out_t outfnc, void *outfncarg,
+ int padchar, int count, size_t *nbytes)
+{
+ char buf[32];
+ size_t n;
+ int rc;
+
+ while (count > 0)
+ {
+ n = (count <= sizeof buf)? count : sizeof buf;
+ memset (buf, padchar, n);
+ rc = outfnc (outfncarg, buf, n);
+ if (rc)
+ return rc;
+ *nbytes += n;
+ count -= n;
+ }
+
+ return 0;
+}
+
+
+/* "d,i,o,u,x,X" formatting. OUTFNC and OUTFNCARG describes the
+ output routine, ARG gives the argument description and VALUE the
+ actual value (its type is available through arg->vt). */
+static int
+pr_integer (estream_printf_out_t outfnc, void *outfncarg,
+ argspec_t arg, value_t value, size_t *nbytes)
+{
+ int rc;
+#ifdef HAVE_LONG_LONG_INT
+ unsigned long long aulong;
+#else
+ unsigned long aulong;
+#endif
+ char numbuf[100];
+ char *p, *pend;
+ size_t n;
+ char signchar = 0;
+ int n_prec; /* Number of extra precision digits required. */
+ int n_extra; /* Extra number of prefix or sign characters. */
+
+ if (arg->conspec == CONSPEC_DECIMAL)
+ {
+#ifdef HAVE_LONG_LONG_INT
+ long long along;
+#else
+ long along;
+#endif
+
+ switch (arg->vt)
+ {
+ case VALTYPE_SHORT: along = value.a_short; break;
+ case VALTYPE_INT: along = value.a_int; break;
+ case VALTYPE_LONG: along = value.a_long; break;
+#ifdef HAVE_LONG_LONG_INT
+ case VALTYPE_LONGLONG: along = value.a_longlong; break;
+ case VALTYPE_SIZE: along = value.a_size; break;
+# ifdef HAVE_INTMAX_T
+ case VALTYPE_INTMAX: along = value.a_intmax; break;
+# endif
+# ifdef HAVE_PTRDIFF_T
+ case VALTYPE_PTRDIFF: along = value.a_ptrdiff; break;
+# endif
+#endif /*HAVE_LONG_LONG_INT*/
+ default:
+ return -1;
+ }
+ if (along < 0)
+ {
+ aulong = -along;
+ signchar = '-';
+ }
+ else
+ aulong = along;
+ }
+ else
+ {
+ switch (arg->vt)
+ {
+ case VALTYPE_USHORT: aulong = value.a_ushort; break;
+ case VALTYPE_UINT: aulong = value.a_uint; break;
+ case VALTYPE_ULONG: aulong = value.a_ulong; break;
+#ifdef HAVE_LONG_LONG_INT
+ case VALTYPE_ULONGLONG: aulong = value.a_ulonglong; break;
+ case VALTYPE_SIZE: aulong = value.a_size; break;
+# ifdef HAVE_UINTMAX_T
+ case VALTYPE_UINTMAX: aulong = value.a_uintmax; break;
+# endif
+# ifdef HAVE_PTRDIFF_T
+ case VALTYPE_PTRDIFF: aulong = value.a_ptrdiff; break;
+# endif
+#endif /*HAVE_LONG_LONG_INT*/
+ default:
+ return -1;
+ }
+ }
+
+ if (signchar == '-')
+ ;
+ else if ((arg->flags & FLAG_PLUS_SIGN))
+ signchar = '+';
+ else if ((arg->flags & FLAG_SPACE_PLUS))
+ signchar = ' ';
+
+ n_extra = !!signchar;
+
+ /* We build the string up backwards. */
+ p = pend = numbuf + DIM(numbuf);
+ if ((!aulong && !arg->precision))
+ ;
+ else if (arg->conspec == CONSPEC_DECIMAL
+ || arg->conspec == CONSPEC_UNSIGNED)
+ {
+ int grouping = -1;
+ const char * grouping_string =
+#ifdef HAVE_LANGINFO_THOUSANDS_SEP
+ nl_langinfo(THOUSANDS_SEP);
+#else
+ "'";
+#endif
+
+ do
+ {
+ if ((arg->flags & FLAG_GROUPING)
+ && (++grouping == 3) && *grouping_string)
+ {
+ *--p = *grouping_string;
+ grouping = 0;
+ }
+ *--p = '0' + (aulong % 10);
+ aulong /= 10;
+ }
+ while (aulong);
+ }
+ else if (arg->conspec == CONSPEC_OCTAL)
+ {
+ do
+ {
+ *--p = '0' + (aulong % 8);
+ aulong /= 8;
+ }
+ while (aulong);
+ if ((arg->flags & FLAG_ALT_CONV) && *p != '0')
+ *--p = '0';
+ }
+ else /* HEX or HEXUP */
+ {
+ const char *digits = ((arg->conspec == CONSPEC_HEX)
+ ? "0123456789abcdef" : "0123456789ABCDEF");
+ do
+ {
+ *--p = digits[(aulong % 16)];
+ aulong /= 16;
+ }
+ while (aulong);
+ if ((arg->flags & FLAG_ALT_CONV))
+ n_extra += 2;
+ }
+
+ n = pend - p;
+
+ if ((arg->flags & FLAG_ZERO_PAD)
+ && arg->precision == NO_FIELD_VALUE && !(arg->flags & FLAG_LEFT_JUST)
+ && n && arg->width - n_extra > n )
+ n_prec = arg->width - n_extra - n;
+ else if (arg->precision > 0 && arg->precision > n)
+ n_prec = arg->precision - n;
+ else
+ n_prec = 0;
+
+ if (!(arg->flags & FLAG_LEFT_JUST)
+ && arg->width >= 0 && arg->width - n_extra > n
+ && arg->width - n_extra - n >= n_prec )
+ {
+ rc = pad_out (outfnc, outfncarg, ' ',
+ arg->width - n_extra - n - n_prec, nbytes);
+ if (rc)
+ return rc;
+ }
+
+ if (signchar)
+ {
+ rc = outfnc (outfncarg, &signchar, 1);
+ if (rc)
+ return rc;
+ *nbytes += 1;
+ }
+
+ if ((arg->flags & FLAG_ALT_CONV)
+ && (arg->conspec == CONSPEC_HEX || arg->conspec == CONSPEC_HEX_UP))
+ {
+ rc = outfnc (outfncarg, arg->conspec == CONSPEC_HEX? "0x": "0X", 2);
+ if (rc)
+ return rc;
+ *nbytes += 2;
+ }
+
+ if (n_prec)
+ {
+ rc = pad_out (outfnc, outfncarg, '0', n_prec, nbytes);
+ if (rc)
+ return rc;
+ }
+
+ rc = outfnc (outfncarg, p, pend - p);
+ if (rc)
+ return rc;
+ *nbytes += pend - p;
+
+ if ((arg->flags & FLAG_LEFT_JUST)
+ && arg->width >= 0 && arg->width - n_extra - n_prec > n)
+ {
+ rc = pad_out (outfnc, outfncarg, ' ',
+ arg->width - n_extra - n_prec - n, nbytes);
+ if (rc)
+ return rc;
+ }
+
+ return 0;
+}
+
+
+/* "e,E,f,F,g,G,a,A" formatting. OUTFNC and OUTFNCARG describes the
+ output routine, ARG gives the argument description and VALUE the
+ actual value (its type is available through arg->vt). For
+ portability reasons sprintf is used for the actual formatting.
+ This is useful because sprint is the only standard function to
+ convert a floating number into its ascii representation. To avoid
+ using malloc we just pass the precision to sprintf and do the final
+ formatting with our own code. */
+static int
+pr_float (estream_printf_out_t outfnc, void *outfncarg,
+ argspec_t arg, value_t value, size_t *nbytes)
+{
+ int rc;
+#ifdef HAVE_LONG_DOUBLE
+ long double adblfloat = 0; /* Just to please gcc. */
+ int use_dbl = 0;
+#endif
+ double afloat;
+ char numbuf[350];
+ char formatstr[20];
+ char *p, *pend;
+ size_t n;
+ char signchar = 0;
+ int n_extra; /* Extra number of prefix or sign characters. */
+
+ switch (arg->vt)
+ {
+ case VALTYPE_DOUBLE: afloat = value.a_double; break;
+#ifdef HAVE_LONG_DOUBLE
+ case VALTYPE_LONGDOUBLE:
+ afloat = 0; /* Just to please gcc. */
+ adblfloat = value.a_longdouble;
+ use_dbl=1; break;
+#endif
+ default:
+ return -1;
+ }
+
+ /* We build the string using sprint. */
+ p = formatstr + sizeof formatstr;
+ *--p = 0;
+ switch (arg->conspec)
+ {
+ case CONSPEC_FLOAT: *--p = 'f'; break;
+ case CONSPEC_FLOAT_UP: *--p = 'F'; break;
+ case CONSPEC_EXP: *--p = 'e'; break;
+ case CONSPEC_EXP_UP: *--p = 'E'; break;
+ case CONSPEC_F_OR_G: *--p = 'g'; break;
+ case CONSPEC_F_OR_G_UP: *--p = 'G'; break;
+ case CONSPEC_HEX_EXP: *--p = 'a'; break;
+ case CONSPEC_HEX_EXP_UP: *--p = 'A'; break;
+ default:
+ return -1; /* Actually a bug. */
+ }
+#ifdef HAVE_LONG_DOUBLE
+ if (use_dbl)
+ *--p = 'L';
+#endif
+ if (arg->precision != NO_FIELD_VALUE)
+ {
+ /* Limit it to a meaningful value so that even a stupid sprintf
+ won't overflow our buffer. */
+ n = arg->precision <= 100? arg->precision : 100;
+ do
+ {
+ *--p = '0' + (n % 10);
+ n /= 10;
+ }
+ while (n);
+ *--p = '.';
+ }
+ if ((arg->flags & FLAG_ALT_CONV))
+ *--p = '#';
+ *--p = '%';
+#ifdef HAVE_LONG_DOUBLE
+ if (use_dbl)
+ sprintf (numbuf, p, adblfloat);
+ else
+#endif /*HAVE_LONG_DOUBLE*/
+ sprintf (numbuf, p, afloat);
+ p = numbuf;
+ n = strlen (numbuf);
+ pend = p + n;
+
+ if (*p =='-')
+ {
+ signchar = '-';
+ p++;
+ n--;
+ }
+ else if ((arg->flags & FLAG_PLUS_SIGN))
+ signchar = '+';
+ else if ((arg->flags & FLAG_SPACE_PLUS))
+ signchar = ' ';
+
+ n_extra = !!signchar;
+
+ if (!(arg->flags & FLAG_LEFT_JUST)
+ && arg->width >= 0 && arg->width - n_extra > n)
+ {
+ rc = pad_out (outfnc, outfncarg, ' ', arg->width - n_extra - n, nbytes);
+ if (rc)
+ return rc;
+ }
+
+ if (signchar)
+ {
+ rc = outfnc (outfncarg, &signchar, 1);
+ if (rc)
+ return rc;
+ *nbytes += 1;
+ }
+
+ rc = outfnc (outfncarg, p, pend - p);
+ if (rc)
+ return rc;
+ *nbytes += pend - p;
+
+ if ((arg->flags & FLAG_LEFT_JUST)
+ && arg->width >= 0 && arg->width - n_extra > n)
+ {
+ rc = pad_out (outfnc, outfncarg, ' ', arg->width - n_extra - n, nbytes);
+ if (rc)
+ return rc;
+ }
+
+ return 0;
+}
+
+
+/* "c" formatting. */
+static int
+pr_char (estream_printf_out_t outfnc, void *outfncarg,
+ argspec_t arg, value_t value, size_t *nbytes)
+{
+ int rc;
+ char buf[1];
+
+ if (arg->vt != VALTYPE_INT)
+ return -1;
+ buf[0] = (unsigned int)value.a_int;
+ rc = outfnc (outfncarg, buf, 1);
+ if(rc)
+ return rc;
+ *nbytes += 1;
+
+ return 0;
+}
+
+
+/* "s" formatting. */
+static int
+pr_string (estream_printf_out_t outfnc, void *outfncarg,
+ argspec_t arg, value_t value, size_t *nbytes)
+{
+ int rc;
+ size_t n;
+ const char *string, *s;
+
+ if (arg->vt != VALTYPE_STRING)
+ return -1;
+ string = value.a_string;
+ if (!string)
+ string = "(null)";
+ if (arg->precision >= 0)
+ {
+ for (n=0,s=string; *s && n < arg->precision; s++)
+ n++;
+ }
+ else
+ n = strlen (string);
+
+ if (!(arg->flags & FLAG_LEFT_JUST)
+ && arg->width >= 0 && arg->width > n )
+ {
+ rc = pad_out (outfnc, outfncarg, ' ', arg->width - n, nbytes);
+ if (rc)
+ return rc;
+ }
+
+ rc = outfnc (outfncarg, string, n);
+ if (rc)
+ return rc;
+ *nbytes += n;
+
+ if ((arg->flags & FLAG_LEFT_JUST)
+ && arg->width >= 0 && arg->width > n)
+ {
+ rc = pad_out (outfnc, outfncarg, ' ', arg->width - n, nbytes);
+ if (rc)
+ return rc;
+ }
+
+ return 0;
+}
+
+
+/* "p" formatting. */
+static int
+pr_pointer (estream_printf_out_t outfnc, void *outfncarg,
+ argspec_t arg, value_t value, size_t *nbytes)
+{
+ int rc;
+#if defined(HAVE_LONG_LONG_INT) && (SIZEOF_UNSIGNED_LONG < SIZEOF_VOID_P)
+ unsigned long long aulong;
+#else
+ unsigned long aulong;
+#endif
+ char numbuf[100];
+ char *p, *pend;
+
+ if (arg->vt != VALTYPE_POINTER)
+ return -1;
+ /* We assume that a pointer can be converted to an unsigned long.
+ That is not correct for a 64 bit Windows, but then we assume that
+ long long is supported and usable for storing a pointer. */
+#if defined(HAVE_LONG_LONG_INT) && (SIZEOF_UNSIGNED_LONG < SIZEOF_VOID_P)
+ aulong = (unsigned long long)value.a_void_ptr;
+#else
+ aulong = (unsigned long)value.a_void_ptr;
+#endif
+
+ p = pend = numbuf + DIM(numbuf);
+ do
+ {
+ *--p = "0123456789abcdefx"[(aulong % 16)];
+ aulong /= 16;
+ }
+ while (aulong);
+ while ((pend-p) < 2*sizeof (aulong))
+ *--p = '0';
+ *--p = 'x';
+ *--p = '0';
+
+ rc = outfnc (outfncarg, p, pend - p);
+ if (rc)
+ return rc;
+ *nbytes += pend - p;
+
+ return 0;
+}
+
+/* "n" pesudo format operation. */
+static int
+pr_bytes_so_far (estream_printf_out_t outfnc, void *outfncarg,
+ argspec_t arg, value_t value, size_t *nbytes)
+{
+ (void)outfnc;
+ (void)outfncarg;
+
+ switch (arg->vt)
+ {
+ case VALTYPE_SCHAR_PTR:
+ *value.a_schar_ptr = (signed char)(unsigned int)(*nbytes);
+ break;
+ case VALTYPE_SHORT_PTR:
+ *value.a_short_ptr = (short)(unsigned int)(*nbytes);
+ break;
+ case VALTYPE_LONG_PTR:
+ *value.a_long_ptr = (long)(*nbytes);
+ break;
+#ifdef HAVE_LONG_LONG_INT
+ case VALTYPE_LONGLONG_PTR:
+ *value.a_longlong_ptr = (long long)(*nbytes);
+ break;
+#endif
+#ifdef HAVE_INTMAX_T
+ case VALTYPE_INTMAX_PTR:
+ *value.a_intmax_ptr = (intmax_t)(*nbytes);
+ break;
+#endif
+ case VALTYPE_SIZE_PTR:
+ *value.a_size_ptr = (*nbytes);
+ break;
+#ifdef HAVE_PTRDIFF_T
+ case VALTYPE_PTRDIFF_PTR:
+ *value.a_ptrdiff_ptr = (ptrdiff_t)(*nbytes);
+ break;
+#endif
+ case VALTYPE_INT_PTR:
+ *value.a_int_ptr = (int)(*nbytes);
+ break;
+ default:
+ return -1; /* An unsupported type has been used. */
+ }
+
+ return 0;
+}
+
+
+
+/* Run the actual formatting. OUTFNC and OUTFNCARG are the output
+ functions. FORMAT is format string ARGSPECS is the parsed format
+ string, ARGSPECS_LEN the number of items in ARGSPECS. VALUETABLE
+ holds the values and may be directly addressed using the position
+ arguments given by ARGSPECS. MYERRNO is used for the "%m"
+ conversion. NBYTES well be updated to reflect the number of bytes
+ send to the output function. */
+static int
+do_format (estream_printf_out_t outfnc, void *outfncarg,
+ const char *format, argspec_t argspecs, size_t argspecs_len,
+ valueitem_t valuetable, int myerrno, size_t *nbytes)
+{
+ int rc = 0;
+ const char *s;
+ argspec_t arg = argspecs;
+ int argidx = 0; /* Only used for assertion. */
+ size_t n;
+ value_t value;
+
+ s = format;
+ while ( *s )
+ {
+ if (*s != '%')
+ {
+ s++;
+ continue;
+ }
+ if (s != format)
+ {
+ rc = outfnc (outfncarg, format, (n=s-format));
+ if (rc)
+ return rc;
+ *nbytes += n;
+ }
+ if (s[1] == '%')
+ {
+ /* Note that this code ignores one trailing percent escape -
+ this is however okay as the args parser must have
+ detected this already. */
+ rc = outfnc (outfncarg, s, 1);
+ if (rc)
+ return rc;
+ *nbytes += 1;
+ s += 2;
+ format = s;
+ continue;
+ }
+
+ /* Save the next start. */
+ s += arg->length;
+ format = s;
+
+ assert (argidx < argspecs_len);
+ argidx++;
+
+ /* Apply indirect field width and precision values. */
+ if (arg->width == STAR_FIELD_VALUE)
+ {
+ assert (valuetable[arg->width_pos-1].vt == VALTYPE_INT);
+ arg->width = valuetable[arg->width_pos-1].value.a_int;
+ if (arg->width < 0)
+ {
+ arg->width = -arg->width;
+ arg->flags |= FLAG_LEFT_JUST;
+ }
+ }
+ if (arg->precision == STAR_FIELD_VALUE)
+ {
+ assert (valuetable[arg->precision_pos-1].vt == VALTYPE_INT);
+ arg->precision = valuetable[arg->precision_pos-1].value.a_int;
+ if (arg->precision < 0)
+ arg->precision = NO_FIELD_VALUE;
+ }
+
+ if (arg->arg_pos == -1 && arg->conspec == CONSPEC_STRERROR)
+ value.a_string = strerror (myerrno);
+ else
+ {
+ assert (arg->vt == valuetable[arg->arg_pos-1].vt);
+ value = valuetable[arg->arg_pos-1].value;
+ }
+
+ switch (arg->conspec)
+ {
+ case CONSPEC_UNKNOWN: assert (!"bug"); break;
+
+ case CONSPEC_DECIMAL:
+ case CONSPEC_UNSIGNED:
+ case CONSPEC_OCTAL:
+ case CONSPEC_HEX:
+ case CONSPEC_HEX_UP:
+ rc = pr_integer (outfnc, outfncarg, arg, value, nbytes);
+ break;
+ case CONSPEC_FLOAT:
+ case CONSPEC_FLOAT_UP:
+ case CONSPEC_EXP:
+ case CONSPEC_EXP_UP:
+ case CONSPEC_F_OR_G:
+ case CONSPEC_F_OR_G_UP:
+ case CONSPEC_HEX_EXP:
+ case CONSPEC_HEX_EXP_UP:
+ rc = pr_float (outfnc, outfncarg, arg, value, nbytes);
+ break;
+ case CONSPEC_CHAR:
+ rc = pr_char (outfnc, outfncarg, arg, value, nbytes);
+ break;
+ case CONSPEC_STRING:
+ case CONSPEC_STRERROR:
+ rc = pr_string (outfnc, outfncarg, arg, value, nbytes);
+ break;
+ case CONSPEC_POINTER:
+ rc = pr_pointer (outfnc, outfncarg, arg, value, nbytes);
+ break;
+ case CONSPEC_BYTES_SO_FAR:
+ rc = pr_bytes_so_far (outfnc, outfncarg, arg, value, nbytes);
+ break;
+ }
+ if (rc)
+ return rc;
+ arg++;
+ }
+
+ /* Print out any trailing stuff. */
+ n = s - format;
+ rc = n? outfnc (outfncarg, format, n) : 0;
+ if (!rc)
+ *nbytes += n;
+
+ return rc;
+}
+
+
+
+
+/* The versatile printf formatting routine. It expects a callback
+ function OUTFNC and an opaque argument OUTFNCARG used for actual
+ output of the formatted stuff. FORMAT is the format specification
+ and VAARGS a variable argumemt list matching the arguments of
+ FORMAT. */
+int
+estream_format (estream_printf_out_t outfnc,
+ void *outfncarg,
+ const char *format, va_list vaargs)
+{
+ /* Buffer to hold the argspecs and a pointer to it.*/
+ struct argspec_s argspecs_buffer[DEFAULT_MAX_ARGSPECS];
+ argspec_t argspecs = argspecs_buffer;
+ size_t argspecs_len; /* Number of specifications in ARGSPECS. */
+
+ /* Buffer to hold the description for the values. */
+ struct valueitem_s valuetable_buffer[DEFAULT_MAX_VALUES];
+ valueitem_t valuetable = valuetable_buffer;
+
+ int rc; /* Return code. */
+ size_t argidx; /* Used to index the argspecs array. */
+ size_t validx; /* Used to index the valuetable. */
+ int max_pos;/* Highest argument position. */
+
+ size_t nbytes = 0; /* Keep track of the number of bytes passed to
+ the output function. */
+
+ int myerrno = errno; /* Save the errno for use with "%m". */
+
+
+ /* Parse the arguments to come up with descriptive list. We can't
+ do this on the fly because we need to support positional
+ arguments. */
+ rc = parse_format (format, &argspecs, DIM(argspecs_buffer), &argspecs_len);
+ if (rc)
+ goto leave;
+
+ /* Check that all ARG_POS fields are set. */
+ for (argidx=0,max_pos=0; argidx < argspecs_len; argidx++)
+ {
+ if (argspecs[argidx].arg_pos != -1
+ && argspecs[argidx].arg_pos > max_pos)
+ max_pos = argspecs[argidx].arg_pos;
+ if (argspecs[argidx].width_pos > max_pos)
+ max_pos = argspecs[argidx].width_pos;
+ if (argspecs[argidx].precision_pos > max_pos)
+ max_pos = argspecs[argidx].precision_pos;
+ }
+ if (!max_pos)
+ {
+ /* Fill in all the positions. */
+ for (argidx=0; argidx < argspecs_len; argidx++)
+ {
+ if (argspecs[argidx].width == STAR_FIELD_VALUE)
+ argspecs[argidx].width_pos = ++max_pos;
+ if (argspecs[argidx].precision == STAR_FIELD_VALUE)
+ argspecs[argidx].precision_pos = ++max_pos;
+ if (argspecs[argidx].arg_pos != -1 )
+ argspecs[argidx].arg_pos = ++max_pos;
+ }
+ }
+ else
+ {
+ /* Check that they are all filled. More test are done later. */
+ for (argidx=0; argidx < argspecs_len; argidx++)
+ {
+ if (!argspecs[argidx].arg_pos
+ || (argspecs[argidx].width == STAR_FIELD_VALUE
+ && !argspecs[argidx].width_pos)
+ || (argspecs[argidx].precision == STAR_FIELD_VALUE
+ && !argspecs[argidx].precision_pos))
+ goto leave_einval;
+ }
+ }
+ /* Check that there is no overflow in max_pos and that it has a
+ reasonable length. There may never be more elements than the
+ number of characters in FORMAT. */
+ if (max_pos < 0 || max_pos >= strlen (format))
+ goto leave_einval;
+
+#ifdef DEBUG
+ dump_argspecs (argspecs, argspecs_len);
+#endif
+
+ /* Allocate a table to hold the values. If it is small enough we
+ use a stack allocated buffer. */
+ if (max_pos > DIM(valuetable_buffer))
+ {
+ valuetable = calloc (max_pos, sizeof *valuetable);
+ if (!valuetable)
+ goto leave_error;
+ }
+ else
+ {
+ for (validx=0; validx < DIM(valuetable_buffer); validx++)
+ valuetable[validx].vt = VALTYPE_UNSUPPORTED;
+ }
+ for (argidx=0; argidx < argspecs_len; argidx++)
+ {
+ if (argspecs[argidx].arg_pos != - 1)
+ {
+ validx = argspecs[argidx].arg_pos - 1;
+ if (valuetable[validx].vt)
+ goto leave_einval; /* Already defined. */
+ valuetable[validx].vt = argspecs[argidx].vt;
+ }
+ if (argspecs[argidx].width == STAR_FIELD_VALUE)
+ {
+ validx = argspecs[argidx].width_pos - 1;
+ if (valuetable[validx].vt)
+ goto leave_einval; /* Already defined. */
+ valuetable[validx].vt = VALTYPE_INT;
+ }
+ if (argspecs[argidx].precision == STAR_FIELD_VALUE)
+ {
+ validx = argspecs[argidx].precision_pos - 1;
+ if (valuetable[validx].vt)
+ goto leave_einval; /* Already defined. */
+ valuetable[validx].vt = VALTYPE_INT;
+ }
+ }
+
+ /* Read all the arguments. This will error out for unsupported
+ types and for not given positional arguments. */
+ rc = read_values (valuetable, max_pos, vaargs);
+ if (rc)
+ goto leave_einval;
+
+/* for (validx=0; validx < max_pos; validx++) */
+/* fprintf (stderr, "%2d: vt=%d\n", validx, valuetable[validx].vt); */
+
+ /* Everything has been collected, go ahead with the formatting. */
+ rc = do_format (outfnc, outfncarg, format,
+ argspecs, argspecs_len, valuetable, myerrno, &nbytes);
+
+ goto leave;
+
+ leave_einval:
+ errno = EINVAL;
+ leave_error:
+ rc = -1;
+ leave:
+ if (valuetable != valuetable_buffer)
+ free (valuetable);
+ if (argspecs != argspecs_buffer)
+ free (argspecs);
+ return rc;
+}
+
+
+
+
+/* A simple output handler utilizing stdio. */
+static int
+plain_stdio_out (void *outfncarg, const char *buf, size_t buflen)
+{
+ FILE *fp = (FILE*)outfncarg;
+
+ if ( fwrite (buf, buflen, 1, fp) != 1 )
+ return -1;
+ return 0;
+}
+
+
+/* A replacement for printf. */
+int
+estream_printf (const char *format, ...)
+{
+ int rc;
+ va_list arg_ptr;
+
+ va_start (arg_ptr, format);
+ rc = estream_format (plain_stdio_out, stderr, format, arg_ptr);
+ va_end (arg_ptr);
+
+ return rc;
+}
+
+/* A replacement for fprintf. */
+int
+estream_fprintf (FILE *fp, const char *format, ...)
+{
+ int rc;
+ va_list arg_ptr;
+
+ va_start (arg_ptr, format);
+ rc = estream_format (plain_stdio_out, fp, format, arg_ptr);
+ va_end (arg_ptr);
+
+ return rc;
+}
+
+/* A replacement for vfprintf. */
+int
+estream_vfprintf (FILE *fp, const char *format, va_list arg_ptr)
+{
+ return estream_format (plain_stdio_out, fp, format, arg_ptr);
+}
+
+
+
+/* Communication object used between estream_snprintf and
+ fixed_buffer_out. */
+struct fixed_buffer_parm_s
+{
+ size_t size; /* Size of the buffer. */
+ size_t count; /* Number of bytes requested for output. */
+ size_t used; /* Used size of the buffer. */
+ char *buffer; /* Provided buffer. */
+};
+
+/* A simple malloced buffer output handler. */
+static int
+fixed_buffer_out (void *outfncarg, const char *buf, size_t buflen)
+{
+ struct fixed_buffer_parm_s *parm = outfncarg;
+
+ parm->count += buflen;
+
+ if (!parm->buffer)
+ ;
+ else if (parm->used + buflen < parm->size)
+ {
+ /* Handle the common case that everything fits into the buffer
+ separately. */
+ memcpy (parm->buffer + parm->used, buf, buflen);
+ parm->used += buflen;
+ }
+ else
+ {
+ /* The slow version of above. */
+ for ( ;buflen && parm->used < parm->size; buflen--)
+ parm->buffer[parm->used++] = *buf++;
+ }
+
+ return 0;
+}
+
+
+/* A replacement for vsnprintf. */
+int
+estream_vsnprintf (char *buf, size_t bufsize,
+ const char *format, va_list arg_ptr)
+{
+ struct fixed_buffer_parm_s parm;
+ int rc;
+
+ parm.size = bufsize;
+ parm.count = 0;
+ parm.used = 0;
+ parm.buffer = bufsize?buf:NULL;
+ rc = estream_format (fixed_buffer_out, &parm, format, arg_ptr);
+ if (!rc)
+ rc = fixed_buffer_out (&parm, "", 1); /* Print terminating Nul. */
+ if (rc == -1)
+ return -1;
+ if (bufsize && buf && parm.size && parm.count >= parm.size)
+ buf[parm.size-1] = 0;
+
+ parm.count--; /* Do not count the trailing nul. */
+ return (int)parm.count; /* Return number of bytes which would have
+ been written. */
+}
+
+/* A replacement for snprintf. */
+int
+estream_snprintf (char *buf, size_t bufsize, const char *format, ...)
+{
+ int rc;
+ va_list arg_ptr;
+
+ va_start (arg_ptr, format);
+ rc = estream_vsnprintf (buf, bufsize, format, arg_ptr);
+ va_end (arg_ptr);
+
+ return rc;
+}
+
+
+
+/* Communication object used between estream_asprintf and
+ dynamic_buffer_out. */
+struct dynamic_buffer_parm_s
+{
+ int error_flag; /* Internal helper. */
+ size_t alloced; /* Allocated size of the buffer. */
+ size_t used; /* Used size of the buffer. */
+ char *buffer; /* Malloced buffer. */
+};
+
+/* A simple malloced buffer output handler. */
+static int
+dynamic_buffer_out (void *outfncarg, const char *buf, size_t buflen)
+{
+ struct dynamic_buffer_parm_s *parm = outfncarg;
+
+ if (parm->error_flag)
+ {
+ /* Just in case some formatting routine did not checked for an
+ error. */
+ errno = parm->error_flag;
+ return -1;
+ }
+
+ if (parm->used + buflen >= parm->alloced)
+ {
+ char *p;
+
+ parm->alloced += buflen + 512;
+ p = realloc (parm->buffer, parm->alloced);
+ if (!p)
+ {
+ parm->error_flag = errno ? errno : ENOMEM;
+ /* Wipe out what we already accumulated. This is useful in
+ case sensitive data is formated. */
+ memset (parm->buffer, 0, parm->used);
+ return -1;
+ }
+ parm->buffer = p;
+ }
+ memcpy (parm->buffer + parm->used, buf, buflen);
+ parm->used += buflen;
+
+ return 0;
+}
+
+
+/* A replacement for vasprintf. As with the BSD of vasprintf version -1
+ will be returned on error and NULL stored at BUFP. On success the
+ number of bytes printed will be returned. */
+int
+estream_vasprintf (char **bufp, const char *format, va_list arg_ptr)
+{
+ struct dynamic_buffer_parm_s parm;
+ int rc;
+
+ parm.error_flag = 0;
+ parm.alloced = 512;
+ parm.used = 0;
+ parm.buffer = my_printf_malloc (parm.alloced);
+ if (!parm.buffer)
+ {
+ *bufp = NULL;
+ return -1;
+ }
+
+ rc = estream_format (dynamic_buffer_out, &parm, format, arg_ptr);
+ if (!rc)
+ rc = dynamic_buffer_out (&parm, "", 1); /* Print terminating Nul. */
+ /* Fixme: Should we shrink the resulting buffer? */
+ if (rc != -1 && parm.error_flag)
+ {
+ rc = -1;
+ errno = parm.error_flag;
+ }
+ if (rc == -1)
+ {
+ memset (parm.buffer, 0, parm.used);
+ my_printf_free (parm.buffer);
+ *bufp = NULL;
+ return -1;
+ }
+ assert (parm.used); /* We have at least the terminating Nul. */
+ *bufp = parm.buffer;
+ return parm.used - 1; /* Do not include that Nul. */
+}
+
+/* A replacement for asprintf. As with the BSD of asprintf version -1
+ will be returned on error and NULL stored at BUFP. On success the
+ number of bytes printed will be returned. */
+int
+estream_asprintf (char **bufp, const char *format, ...)
+{
+ int rc;
+ va_list arg_ptr;
+
+ va_start (arg_ptr, format);
+ rc = estream_vasprintf (bufp, format, arg_ptr);
+ va_end (arg_ptr);
+
+ return rc;
+}
+
+
diff --git a/common/estream-printf.h b/common/estream-printf.h
new file mode 100644
index 0000000..3987b33
--- /dev/null
+++ b/common/estream-printf.h
@@ -0,0 +1,110 @@
+/* estream-printf.h - Versatile C-99 compliant printf formatting.
+ * Copyright (C) 2007 g10 Code GmbH
+ *
+ * This file is part of Libestream.
+ *
+ * Libestream is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * Libestream is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Libestream; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ESTREAM_PRINTF_H
+#define ESTREAM_PRINTF_H
+
+#include <stdarg.h>
+#include <stdio.h>
+
+/* To use this file with libraries the following macro is useful:
+
+ #define _ESTREAM_EXT_SYM_PREFIX _foo_
+
+ This prefixes all external symbols with "_foo_".
+
+ For the implementation of the code (estream-printf.c) the following
+ macros may be used to tune the implementation for certain systems:
+
+ #define _ESTREAM_PRINTF_MALLOC foo_malloc
+ #define _ESTREAM_PRINTF_FREE foo_free
+
+ Make estream_asprintf and estream_vasprintf use foo_malloc and
+ foo_free instead of the standard malloc and free functions to
+ allocate the memory returned to the caller.
+
+ #define _ESTREAM_PRINTF_EXTRA_INCLUDE "foo.h"
+
+ This includes the file "foo.h" which may provide prototypes for
+ the custom memory allocation functions.
+ */
+
+
+#ifdef _ESTREAM_EXT_SYM_PREFIX
+#ifndef _ESTREAM_PREFIX
+#define _ESTREAM_PREFIX1(x,y) x ## y
+#define _ESTREAM_PREFIX2(x,y) _ESTREAM_PREFIX1(x,y)
+#define _ESTREAM_PREFIX(x) _ESTREAM_PREFIX2(_ESTREAM_EXT_SYM_PREFIX,x)
+#endif /*_ESTREAM_PREFIX*/
+#define estream_printf_out_t _ESTREAM_PREFIX(estream_printf_out_t)
+#define estream_format _ESTREAM_PREFIX(estream_format)
+#define estream_printf _ESTREAM_PREFIX(estream_printf)
+#define estream_fprintf _ESTREAM_PREFIX(estream_fprintf)
+#define estream_vfprintf _ESTREAM_PREFIX(estream_vfprintf)
+#define estream_snprintf _ESTREAM_PREFIX(estream_snprintf)
+#define estream_vsnprintf _ESTREAM_PREFIX(estream_vsnprintf)
+#define estream_asprintf _ESTREAM_PREFIX(estream_asprintf)
+#define estream_vasprintf _ESTREAM_PREFIX(estream_vasprintf)
+#endif /*_ESTREAM_EXT_SYM_PREFIX*/
+
+#ifndef _ESTREAM_GCC_A_PRINTF
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
+# define _ESTREAM_GCC_A_PRINTF( f, a ) __attribute__ ((format (printf,f,a)))
+#else
+# define _ESTREAM_GCC_A_PRINTF( f, a )
+#endif
+#endif /*_ESTREAM_GCC_A_PRINTF*/
+
+
+#ifdef __cplusplus
+extern "C"
+{
+#if 0
+}
+#endif
+#endif
+
+
+typedef int (*estream_printf_out_t)
+ (void *outfncarg, const char *buf, size_t buflen);
+
+int estream_format (estream_printf_out_t outfnc, void *outfncarg,
+ const char *format, va_list vaargs)
+ _ESTREAM_GCC_A_PRINTF(3,0);
+int estream_printf (const char *format, ...)
+ _ESTREAM_GCC_A_PRINTF(1,2);
+int estream_fprintf (FILE *fp, const char *format, ... )
+ _ESTREAM_GCC_A_PRINTF(2,3);
+int estream_vfprintf (FILE *fp, const char *format, va_list arg_ptr)
+ _ESTREAM_GCC_A_PRINTF(2,0);
+int estream_snprintf (char *buf, size_t bufsize, const char *format, ...)
+ _ESTREAM_GCC_A_PRINTF(3,4);
+int estream_vsnprintf (char *buf,size_t bufsize,
+ const char *format, va_list arg_ptr)
+ _ESTREAM_GCC_A_PRINTF(3,0);
+int estream_asprintf (char **bufp, const char *format, ...)
+ _ESTREAM_GCC_A_PRINTF(2,3);
+int estream_vasprintf (char **bufp, const char *format, va_list arg_ptr)
+ _ESTREAM_GCC_A_PRINTF(2,0);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif /*ESTREAM_PRINTF_H*/
diff --git a/common/estream.c b/common/estream.c
new file mode 100644
index 0000000..2d68415
--- /dev/null
+++ b/common/estream.c
@@ -0,0 +1,3687 @@
+/* estream.c - Extended Stream I/O Library
+ * Copyright (C) 2004, 2005, 2006, 2007, 2009, 2010 g10 Code GmbH
+ *
+ * This file is part of Libestream.
+ *
+ * Libestream is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * Libestream is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Libestream; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * ALTERNATIVELY, Libestream may be distributed under the terms of the
+ * following license, in which case the provisions of this license are
+ * required INSTEAD OF the GNU General Public License. If you wish to
+ * allow use of your version of this file only under the terms of the
+ * GNU General Public License, and not to allow others to use your
+ * version of this file under the terms of the following license,
+ * indicate your decision by deleting this paragraph and the license
+ * below.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef USE_ESTREAM_SUPPORT_H
+# include <estream-support.h>
+#endif
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#if defined(_WIN32) && !defined(HAVE_W32_SYSTEM)
+# define HAVE_W32_SYSTEM 1
+# if defined(__MINGW32CE__) && !defined (HAVE_W32CE_SYSTEM)
+# define HAVE_W32CE_SYSTEM
+# endif
+#endif
+
+#include <sys/types.h>
+#include <sys/file.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <stddef.h>
+#include <assert.h>
+#ifdef HAVE_W32_SYSTEM
+# include <windows.h>
+#endif
+#ifdef HAVE_W32CE_SYSTEM
+# include <gpg-error.h> /* ERRNO replacement. */
+#endif
+
+#ifdef WITHOUT_GNU_PTH /* Give the Makefile a chance to build without Pth. */
+# undef HAVE_PTH
+# undef USE_GNU_PTH
+#endif
+
+#ifdef HAVE_PTH
+# include <pth.h>
+#endif
+
+/* This is for the special hack to use estream.c in GnuPG. */
+#ifdef GNUPG_MAJOR_VERSION
+# include "../common/util.h"
+#endif
+
+#ifndef HAVE_MKSTEMP
+int mkstemp (char *template);
+#endif
+
+#ifndef HAVE_MEMRCHR
+void *memrchr (const void *block, int c, size_t size);
+#endif
+
+#include <estream.h>
+#include <estream-printf.h>
+
+
+
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
+#ifdef HAVE_W32CE_SYSTEM
+# define _set_errno(a) gpg_err_set_errno ((a))
+/* Setmode is missing in cegcc but available since CE 5.0. */
+int _setmode (int handle, int mode);
+# define setmode(a,b) _setmode ((a),(b))
+#else
+# define _set_errno(a) do { errno = (a); } while (0)
+#endif
+
+#ifdef HAVE_W32_SYSTEM
+# define IS_INVALID_FD(a) ((void*)(a) == (void*)(-1))
+#else
+# define IS_INVALID_FD(a) ((a) == -1)
+#endif
+
+
+/* Generally used types. */
+
+typedef void *(*func_realloc_t) (void *mem, size_t size);
+typedef void (*func_free_t) (void *mem);
+
+
+
+
+/* Buffer management layer. */
+
+#define BUFFER_BLOCK_SIZE BUFSIZ
+#define BUFFER_UNREAD_SIZE 16
+
+
+
+/* Locking. */
+
+#ifdef HAVE_PTH
+typedef pth_mutex_t estream_mutex_t;
+#else /*!HAVE_PTH*/
+typedef void *estream_mutex_t;
+#endif /*!HAVE_PTH*/
+
+static inline void
+dummy_mutex_call_void (estream_mutex_t mutex)
+{
+ (void)mutex;
+}
+
+static inline int
+dummy_mutex_call_int (estream_mutex_t mutex)
+{
+ (void)mutex;
+ return 0;
+}
+
+
+#ifdef HAVE_PTH
+
+static int estream_pth_killed;
+
+# define ESTREAM_MUTEX_INITIALIZER PTH_MUTEX_INIT
+# define ESTREAM_MUTEX_LOCK(mutex) \
+ (estream_pth_killed ? dummy_mutex_call_void ((mutex)) \
+ : pth_mutex_acquire (&(mutex), 0, NULL))
+# define ESTREAM_MUTEX_UNLOCK(mutex) \
+ (estream_pth_killed ? dummy_mutex_call_void ((mutex)) \
+ : pth_mutex_release (&(mutex)))
+# define ESTREAM_MUTEX_TRYLOCK(mutex) \
+ (estream_pth_killed ? dummy_mutex_call_int ((mutex)) \
+ : ((pth_mutex_acquire (&(mutex), 1, NULL) == TRUE)? 0:-1))
+# define ESTREAM_MUTEX_INITIALIZE(mutex) \
+ (estream_pth_killed ? dummy_mutex_call_void ((mutex)) \
+ : pth_mutex_init (&(mutex)))
+
+#else /*!HAVE_PTH*/
+
+# define ESTREAM_MUTEX_INITIALIZER NULL
+# define ESTREAM_MUTEX_LOCK(mutex) dummy_mutex_call_void ((mutex))
+# define ESTREAM_MUTEX_UNLOCK(mutex) dummy_mutex_call_void ((mutex))
+# define ESTREAM_MUTEX_TRYLOCK(mutex) dummy_mutex_call_int ((mutex))
+# define ESTREAM_MUTEX_INITIALIZE(mutex) dummy_mutex_call_void ((mutex))
+
+#endif /*!HAVE_PTH*/
+
+/* Primitive system I/O. */
+
+#ifdef HAVE_PTH
+# define ESTREAM_SYS_READ es_pth_read
+# define ESTREAM_SYS_WRITE es_pth_write
+# define ESTREAM_SYS_YIELD() \
+ do { if (!estream_pth_killed) pth_yield (NULL); } while (0)
+#else
+# define ESTREAM_SYS_READ read
+# define ESTREAM_SYS_WRITE write
+# define ESTREAM_SYS_YIELD() do { } while (0)
+#endif
+
+/* Misc definitions. */
+
+#define ES_DEFAULT_OPEN_MODE (S_IRUSR | S_IWUSR)
+
+/* An internal stream object. */
+
+struct estream_internal
+{
+ unsigned char buffer[BUFFER_BLOCK_SIZE];
+ unsigned char unread_buffer[BUFFER_UNREAD_SIZE];
+ estream_mutex_t lock; /* Lock. */
+ void *cookie; /* Cookie. */
+ void *opaque; /* Opaque data. */
+ unsigned int modeflags; /* Flags for the backend. */
+ char *printable_fname; /* Malloced filename for es_fname_get. */
+ off_t offset;
+ es_cookie_read_function_t func_read;
+ es_cookie_write_function_t func_write;
+ es_cookie_seek_function_t func_seek;
+ es_cookie_close_function_t func_close;
+ int strategy;
+ int fd;
+ struct
+ {
+ unsigned int err: 1;
+ unsigned int eof: 1;
+ } indicators;
+ unsigned int deallocate_buffer: 1;
+ unsigned int is_stdstream:1; /* This is a standard stream. */
+ unsigned int stdstream_fd:2; /* 0, 1 or 2 for a standard stream. */
+ unsigned int print_err: 1; /* Error in print_fun_writer. */
+ unsigned int printable_fname_inuse: 1; /* es_fname_get has been used. */
+ int print_errno; /* Errno from print_fun_writer. */
+ size_t print_ntotal; /* Bytes written from in print_fun_writer. */
+ FILE *print_fp; /* Stdio stream used by print_fun_writer. */
+};
+
+
+typedef struct estream_internal *estream_internal_t;
+
+#define ESTREAM_LOCK(stream) ESTREAM_MUTEX_LOCK (stream->intern->lock)
+#define ESTREAM_UNLOCK(stream) ESTREAM_MUTEX_UNLOCK (stream->intern->lock)
+#define ESTREAM_TRYLOCK(stream) ESTREAM_MUTEX_TRYLOCK (stream->intern->lock)
+
+/* Stream list. */
+
+typedef struct estream_list *estream_list_t;
+
+struct estream_list
+{
+ estream_t car;
+ estream_list_t cdr;
+ estream_list_t *prev_cdr;
+};
+
+static estream_list_t estream_list;
+static estream_mutex_t estream_list_lock;
+
+#define ESTREAM_LIST_LOCK ESTREAM_MUTEX_LOCK (estream_list_lock)
+#define ESTREAM_LIST_UNLOCK ESTREAM_MUTEX_UNLOCK (estream_list_lock)
+
+/* File descriptors registered to be used as the standard file handles. */
+static int custom_std_fds[3];
+static unsigned char custom_std_fds_valid[3];
+
+
+#ifndef EOPNOTSUPP
+# define EOPNOTSUPP ENOSYS
+#endif
+
+
+/* Local prototypes. */
+static void fname_set_internal (estream_t stream, const char *fname, int quote);
+
+
+
+
+/* Macros. */
+
+/* Calculate array dimension. */
+#ifndef DIM
+#define DIM(array) (sizeof (array) / sizeof (*array))
+#endif
+
+#define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A'))
+
+
+/* Evaluate EXPRESSION, setting VARIABLE to the return code, if
+ VARIABLE is zero. */
+#define SET_UNLESS_NONZERO(variable, tmp_variable, expression) \
+ do \
+ { \
+ tmp_variable = expression; \
+ if ((! variable) && tmp_variable) \
+ variable = tmp_variable; \
+ } \
+ while (0)
+
+
+/* Malloc wrappers to overcome problems on some older OSes. */
+static void *
+mem_alloc (size_t n)
+{
+ if (!n)
+ n++;
+ return malloc (n);
+}
+
+static void *
+mem_realloc (void *p, size_t n)
+{
+ if (!p)
+ return mem_alloc (n);
+ return realloc (p, n);
+}
+
+static void
+mem_free (void *p)
+{
+ if (p)
+ free (p);
+}
+
+
+
+/*
+ * List manipulation.
+ */
+
+/* Add STREAM to the list of registered stream objects. If
+ WITH_LOCKED_LIST is true we assumed that the list of streams is
+ already locked. */
+static int
+es_list_add (estream_t stream, int with_locked_list)
+{
+ estream_list_t list_obj;
+ int ret;
+
+ list_obj = mem_alloc (sizeof (*list_obj));
+ if (! list_obj)
+ ret = -1;
+ else
+ {
+ if (!with_locked_list)
+ ESTREAM_LIST_LOCK;
+ list_obj->car = stream;
+ list_obj->cdr = estream_list;
+ list_obj->prev_cdr = &estream_list;
+ if (estream_list)
+ estream_list->prev_cdr = &list_obj->cdr;
+ estream_list = list_obj;
+ if (!with_locked_list)
+ ESTREAM_LIST_UNLOCK;
+ ret = 0;
+ }
+
+ return ret;
+}
+
+/* Remove STREAM from the list of registered stream objects. */
+static void
+es_list_remove (estream_t stream, int with_locked_list)
+{
+ estream_list_t list_obj;
+
+ if (!with_locked_list)
+ ESTREAM_LIST_LOCK;
+ for (list_obj = estream_list; list_obj; list_obj = list_obj->cdr)
+ if (list_obj->car == stream)
+ {
+ *list_obj->prev_cdr = list_obj->cdr;
+ if (list_obj->cdr)
+ list_obj->cdr->prev_cdr = list_obj->prev_cdr;
+ mem_free (list_obj);
+ break;
+ }
+ if (!with_locked_list)
+ ESTREAM_LIST_UNLOCK;
+}
+
+/* Type of an stream-iterator-function. */
+typedef int (*estream_iterator_t) (estream_t stream);
+
+/* Iterate over list of registered streams, calling ITERATOR for each
+ of them. */
+static int
+es_list_iterate (estream_iterator_t iterator)
+{
+ estream_list_t list_obj;
+ int ret = 0;
+
+ ESTREAM_LIST_LOCK;
+ for (list_obj = estream_list; list_obj; list_obj = list_obj->cdr)
+ ret |= (*iterator) (list_obj->car);
+ ESTREAM_LIST_UNLOCK;
+
+ return ret;
+}
+
+
+
+/*
+ * I/O Helper
+ *
+ * Unfortunately our Pth emulation for Windows expects system handles
+ * for pth_read and pth_write. We use a simple approach to fix this:
+ * If the function returns an error we fall back to a vanilla read or
+ * write, assuming that we do I/O on a plain file where the operation
+ * can't block.
+ */
+#ifdef HAVE_PTH
+static int
+es_pth_read (int fd, void *buffer, size_t size)
+{
+ if (estream_pth_killed)
+ return read (fd, buffer, size);
+ else
+ {
+# ifdef HAVE_W32_SYSTEM
+ int rc = pth_read (fd, buffer, size);
+ if (rc == -1 && errno == EINVAL)
+ rc = read (fd, buffer, size);
+ return rc;
+# else /*!HAVE_W32_SYSTEM*/
+ return pth_read (fd, buffer, size);
+# endif /* !HAVE_W32_SYSTEM*/
+ }
+}
+
+static int
+es_pth_write (int fd, const void *buffer, size_t size)
+{
+ if (estream_pth_killed)
+ return write (fd, buffer, size);
+ else
+ {
+# ifdef HAVE_W32_SYSTEM
+ int rc = pth_write (fd, buffer, size);
+ if (rc == -1 && errno == EINVAL)
+ rc = write (fd, buffer, size);
+ return rc;
+# else /*!HAVE_W32_SYSTEM*/
+ return pth_write (fd, buffer, size);
+# endif /* !HAVE_W32_SYSTEM*/
+ }
+}
+#endif /*HAVE_PTH*/
+
+
+
+static void
+es_deinit (void)
+{
+ /* Flush all streams. */
+ es_fflush (NULL);
+}
+
+
+/* A replacement for pth_kill. The reason we need this is that after
+ a pth_kill all our pth functions may not be used anymore. Thus
+ applications using estream and pth need to use this function
+ instead of a plain pth_kill. */
+int
+es_pth_kill (void)
+{
+#ifdef HAVE_PTH
+ int rc;
+
+ rc = pth_kill ();
+ if (rc)
+ estream_pth_killed = 1;
+ return rc;
+#else /*!HAVE_PTH*/
+ return 0;
+#endif /*!HAVE_PTH*/
+}
+
+
+/*
+ * Initialization.
+ */
+
+static int
+es_init_do (void)
+{
+ static int initialized;
+
+ if (!initialized)
+ {
+#ifdef HAVE_PTH
+ if (estream_pth_killed)
+ initialized = 1;
+ else
+ {
+ if (!pth_init () && errno != EPERM )
+ return -1;
+ if (pth_mutex_init (&estream_list_lock))
+ initialized = 1;
+ }
+#else
+ initialized = 1;
+#endif
+ atexit (es_deinit);
+ }
+ return 0;
+}
+
+
+
+/*
+ * I/O methods.
+ */
+
+/* Implementation of Memory I/O. */
+
+/* Cookie for memory objects. */
+typedef struct estream_cookie_mem
+{
+ unsigned int modeflags; /* Open flags. */
+ unsigned char *memory; /* Allocated data buffer. */
+ size_t memory_size; /* Allocated size of MEMORY. */
+ size_t memory_limit; /* Caller supplied maximum allowed
+ allocation size or 0 for no limit. */
+ size_t offset; /* Current offset in MEMORY. */
+ size_t data_len; /* Used length of data in MEMORY. */
+ size_t block_size; /* Block size. */
+ struct {
+ unsigned int grow: 1; /* MEMORY is allowed to grow. */
+ } flags;
+ func_realloc_t func_realloc;
+ func_free_t func_free;
+} *estream_cookie_mem_t;
+
+
+/* Create function for memory objects. DATA is either NULL or a user
+ supplied buffer with the initial content of the memory buffer. If
+ DATA is NULL, DATA_N and DATA_LEN need to be 0 as well. If DATA is
+ not NULL, DATA_N gives the allocated size of DATA and DATA_LEN the
+ used length in DATA. */
+static int
+es_func_mem_create (void *ES__RESTRICT *ES__RESTRICT cookie,
+ unsigned char *ES__RESTRICT data, size_t data_n,
+ size_t data_len,
+ size_t block_size, unsigned int grow,
+ func_realloc_t func_realloc, func_free_t func_free,
+ unsigned int modeflags,
+ size_t memory_limit)
+{
+ estream_cookie_mem_t mem_cookie;
+ int err;
+
+ if (!data && (data_n || data_len))
+ {
+ _set_errno (EINVAL);
+ return -1;
+ }
+
+ mem_cookie = mem_alloc (sizeof (*mem_cookie));
+ if (!mem_cookie)
+ err = -1;
+ else
+ {
+ mem_cookie->modeflags = modeflags;
+ mem_cookie->memory = data;
+ mem_cookie->memory_size = data_n;
+ mem_cookie->memory_limit = memory_limit;
+ mem_cookie->offset = 0;
+ mem_cookie->data_len = data_len;
+ mem_cookie->block_size = block_size;
+ mem_cookie->flags.grow = !!grow;
+ mem_cookie->func_realloc = func_realloc ? func_realloc : mem_realloc;
+ mem_cookie->func_free = func_free ? func_free : mem_free;
+ *cookie = mem_cookie;
+ err = 0;
+ }
+
+ return err;
+}
+
+
+/* Read function for memory objects. */
+static ssize_t
+es_func_mem_read (void *cookie, void *buffer, size_t size)
+{
+ estream_cookie_mem_t mem_cookie = cookie;
+ ssize_t ret;
+
+ if (size > mem_cookie->data_len - mem_cookie->offset)
+ size = mem_cookie->data_len - mem_cookie->offset;
+
+ if (size)
+ {
+ memcpy (buffer, mem_cookie->memory + mem_cookie->offset, size);
+ mem_cookie->offset += size;
+ }
+
+ ret = size;
+ return ret;
+}
+
+
+/* Write function for memory objects. */
+static ssize_t
+es_func_mem_write (void *cookie, const void *buffer, size_t size)
+{
+ estream_cookie_mem_t mem_cookie = cookie;
+ ssize_t ret;
+ size_t nleft;
+
+ if (!size)
+ return 0; /* A flush is a NOP for memory objects. */
+
+ if (mem_cookie->modeflags & O_APPEND)
+ {
+ /* Append to data. */
+ mem_cookie->offset = mem_cookie->data_len;
+ }
+
+ assert (mem_cookie->memory_size >= mem_cookie->offset);
+ nleft = mem_cookie->memory_size - mem_cookie->offset;
+
+ /* If we are not allowed to grow limit the size to the left space. */
+ if (!mem_cookie->flags.grow && size > nleft)
+ size = nleft;
+
+ /* Enlarge the memory buffer if needed. */
+ if (size > nleft)
+ {
+ unsigned char *newbuf;
+ size_t newsize;
+
+ if (!mem_cookie->memory_size)
+ newsize = size; /* Not yet allocated. */
+ else
+ newsize = mem_cookie->memory_size + (size - nleft);
+ if (newsize < mem_cookie->offset)
+ {
+ _set_errno (EINVAL);
+ return -1;
+ }
+
+ /* Round up to the next block length. BLOCK_SIZE should always
+ be set; we check anyway. */
+ if (mem_cookie->block_size)
+ {
+ newsize += mem_cookie->block_size - 1;
+ if (newsize < mem_cookie->offset)
+ {
+ _set_errno (EINVAL);
+ return -1;
+ }
+ newsize /= mem_cookie->block_size;
+ newsize *= mem_cookie->block_size;
+ }
+
+ /* Check for a total limit. */
+ if (mem_cookie->memory_limit && newsize > mem_cookie->memory_limit)
+ {
+ _set_errno (ENOSPC);
+ return -1;
+ }
+
+ newbuf = mem_cookie->func_realloc (mem_cookie->memory, newsize);
+ if (!newbuf)
+ return -1;
+
+ mem_cookie->memory = newbuf;
+ mem_cookie->memory_size = newsize;
+
+ assert (mem_cookie->memory_size >= mem_cookie->offset);
+ nleft = mem_cookie->memory_size - mem_cookie->offset;
+
+ assert (size <= nleft);
+ }
+
+ memcpy (mem_cookie->memory + mem_cookie->offset, buffer, size);
+ if (mem_cookie->offset + size > mem_cookie->data_len)
+ mem_cookie->data_len = mem_cookie->offset + size;
+ mem_cookie->offset += size;
+
+ ret = size;
+ return ret;
+}
+
+
+/* Seek function for memory objects. */
+static int
+es_func_mem_seek (void *cookie, off_t *offset, int whence)
+{
+ estream_cookie_mem_t mem_cookie = cookie;
+ off_t pos_new;
+
+ switch (whence)
+ {
+ case SEEK_SET:
+ pos_new = *offset;
+ break;
+
+ case SEEK_CUR:
+ pos_new = mem_cookie->offset += *offset;
+ break;
+
+ case SEEK_END:
+ pos_new = mem_cookie->data_len += *offset;
+ break;
+
+ default:
+ _set_errno (EINVAL);
+ return -1;
+ }
+
+ if (pos_new > mem_cookie->memory_size)
+ {
+ size_t newsize;
+ void *newbuf;
+
+ if (!mem_cookie->flags.grow)
+ {
+ _set_errno (ENOSPC);
+ return -1;
+ }
+
+ newsize = pos_new + mem_cookie->block_size - 1;
+ if (newsize < pos_new)
+ {
+ _set_errno (EINVAL);
+ return -1;
+ }
+ newsize /= mem_cookie->block_size;
+ newsize *= mem_cookie->block_size;
+
+ if (mem_cookie->memory_limit && newsize > mem_cookie->memory_limit)
+ {
+ _set_errno (ENOSPC);
+ return -1;
+ }
+
+ newbuf = mem_cookie->func_realloc (mem_cookie->memory, newsize);
+ if (!newbuf)
+ return -1;
+
+ mem_cookie->memory = newbuf;
+ mem_cookie->memory_size = newsize;
+ }
+
+ if (pos_new > mem_cookie->data_len)
+ {
+ /* Fill spare space with zeroes. */
+ memset (mem_cookie->memory + mem_cookie->data_len,
+ 0, pos_new - mem_cookie->data_len);
+ mem_cookie->data_len = pos_new;
+ }
+
+ mem_cookie->offset = pos_new;
+ *offset = pos_new;
+
+ return 0;
+}
+
+
+/* Destroy function for memory objects. */
+static int
+es_func_mem_destroy (void *cookie)
+{
+ estream_cookie_mem_t mem_cookie = cookie;
+
+ if (cookie)
+ {
+ mem_cookie->func_free (mem_cookie->memory);
+ mem_free (mem_cookie);
+ }
+ return 0;
+}
+
+
+static es_cookie_io_functions_t estream_functions_mem =
+ {
+ es_func_mem_read,
+ es_func_mem_write,
+ es_func_mem_seek,
+ es_func_mem_destroy
+ };
+
+
+
+/* Implementation of fd I/O. */
+
+/* Cookie for fd objects. */
+typedef struct estream_cookie_fd
+{
+ int fd; /* The file descriptor we are using for actual output. */
+ int no_close; /* If set we won't close the file descriptor. */
+} *estream_cookie_fd_t;
+
+/* Create function for fd objects. */
+static int
+es_func_fd_create (void **cookie, int fd, unsigned int modeflags, int no_close)
+{
+ estream_cookie_fd_t fd_cookie;
+ int err;
+
+ fd_cookie = mem_alloc (sizeof (*fd_cookie));
+ if (! fd_cookie)
+ err = -1;
+ else
+ {
+#ifdef HAVE_DOSISH_SYSTEM
+ /* Make sure it is in binary mode if requested. */
+ if ( (modeflags & O_BINARY) )
+ setmode (fd, O_BINARY);
+#else
+ (void)modeflags;
+#endif
+ fd_cookie->fd = fd;
+ fd_cookie->no_close = no_close;
+ *cookie = fd_cookie;
+ err = 0;
+ }
+
+ return err;
+}
+
+/* Read function for fd objects. */
+static ssize_t
+es_func_fd_read (void *cookie, void *buffer, size_t size)
+
+{
+ estream_cookie_fd_t file_cookie = cookie;
+ ssize_t bytes_read;
+
+ if (IS_INVALID_FD (file_cookie->fd))
+ {
+ ESTREAM_SYS_YIELD ();
+ bytes_read = 0;
+ }
+ else
+ {
+ do
+ bytes_read = ESTREAM_SYS_READ (file_cookie->fd, buffer, size);
+ while (bytes_read == -1 && errno == EINTR);
+ }
+
+ return bytes_read;
+}
+
+/* Write function for fd objects. */
+static ssize_t
+es_func_fd_write (void *cookie, const void *buffer, size_t size)
+{
+ estream_cookie_fd_t file_cookie = cookie;
+ ssize_t bytes_written;
+
+ if (IS_INVALID_FD (file_cookie->fd))
+ {
+ ESTREAM_SYS_YIELD ();
+ bytes_written = size; /* Yeah: Success writing to the bit bucket. */
+ }
+ else
+ {
+ do
+ bytes_written = ESTREAM_SYS_WRITE (file_cookie->fd, buffer, size);
+ while (bytes_written == -1 && errno == EINTR);
+ }
+
+ return bytes_written;
+}
+
+/* Seek function for fd objects. */
+static int
+es_func_fd_seek (void *cookie, off_t *offset, int whence)
+{
+ estream_cookie_fd_t file_cookie = cookie;
+ off_t offset_new;
+ int err;
+
+ if (IS_INVALID_FD (file_cookie->fd))
+ {
+ _set_errno (ESPIPE);
+ err = -1;
+ }
+ else
+ {
+ offset_new = lseek (file_cookie->fd, *offset, whence);
+ if (offset_new == -1)
+ err = -1;
+ else
+ {
+ *offset = offset_new;
+ err = 0;
+ }
+ }
+
+ return err;
+}
+
+/* Destroy function for fd objects. */
+static int
+es_func_fd_destroy (void *cookie)
+{
+ estream_cookie_fd_t fd_cookie = cookie;
+ int err;
+
+ if (fd_cookie)
+ {
+ if (IS_INVALID_FD (fd_cookie->fd))
+ err = 0;
+ else
+ err = fd_cookie->no_close? 0 : close (fd_cookie->fd);
+ mem_free (fd_cookie);
+ }
+ else
+ err = 0;
+
+ return err;
+}
+
+
+static es_cookie_io_functions_t estream_functions_fd =
+ {
+ es_func_fd_read,
+ es_func_fd_write,
+ es_func_fd_seek,
+ es_func_fd_destroy
+ };
+
+
+
+
+/* Implementation of FILE* I/O. */
+
+/* Cookie for fp objects. */
+typedef struct estream_cookie_fp
+{
+ FILE *fp; /* The file pointer we are using for actual output. */
+ int no_close; /* If set we won't close the file pointer. */
+} *estream_cookie_fp_t;
+
+/* Create function for fd objects. */
+static int
+es_func_fp_create (void **cookie, FILE *fp,
+ unsigned int modeflags, int no_close)
+{
+ estream_cookie_fp_t fp_cookie;
+ int err;
+
+ fp_cookie = mem_alloc (sizeof *fp_cookie);
+ if (!fp_cookie)
+ err = -1;
+ else
+ {
+#ifdef HAVE_DOSISH_SYSTEM
+ /* Make sure it is in binary mode if requested. */
+ if ( (modeflags & O_BINARY) )
+ setmode (fileno (fp), O_BINARY);
+#else
+ (void)modeflags;
+#endif
+ fp_cookie->fp = fp;
+ fp_cookie->no_close = no_close;
+ *cookie = fp_cookie;
+ err = 0;
+ }
+
+ return err;
+}
+
+/* Read function for FILE* objects. */
+static ssize_t
+es_func_fp_read (void *cookie, void *buffer, size_t size)
+
+{
+ estream_cookie_fp_t file_cookie = cookie;
+ ssize_t bytes_read;
+
+ if (file_cookie->fp)
+ bytes_read = fread (buffer, 1, size, file_cookie->fp);
+ else
+ bytes_read = 0;
+ if (!bytes_read && ferror (file_cookie->fp))
+ return -1;
+ return bytes_read;
+}
+
+/* Write function for FILE* objects. */
+static ssize_t
+es_func_fp_write (void *cookie, const void *buffer, size_t size)
+
+{
+ estream_cookie_fp_t file_cookie = cookie;
+ size_t bytes_written;
+
+
+ if (file_cookie->fp)
+ bytes_written = fwrite (buffer, 1, size, file_cookie->fp);
+ else
+ bytes_written = size; /* Successfully written to the bit bucket. */
+ if (bytes_written != size)
+ return -1;
+ return bytes_written;
+}
+
+/* Seek function for FILE* objects. */
+static int
+es_func_fp_seek (void *cookie, off_t *offset, int whence)
+{
+ estream_cookie_fp_t file_cookie = cookie;
+ long int offset_new;
+
+ if (!file_cookie->fp)
+ {
+ _set_errno (ESPIPE);
+ return -1;
+ }
+
+ if ( fseek (file_cookie->fp, (long int)*offset, whence) )
+ {
+ /* fprintf (stderr, "\nfseek failed: errno=%d (%s)\n", */
+ /* errno,strerror (errno)); */
+ return -1;
+ }
+
+ offset_new = ftell (file_cookie->fp);
+ if (offset_new == -1)
+ {
+ /* fprintf (stderr, "\nftell failed: errno=%d (%s)\n", */
+ /* errno,strerror (errno)); */
+ return -1;
+ }
+ *offset = offset_new;
+ return 0;
+}
+
+/* Destroy function for FILE* objects. */
+static int
+es_func_fp_destroy (void *cookie)
+{
+ estream_cookie_fp_t fp_cookie = cookie;
+ int err;
+
+ if (fp_cookie)
+ {
+ if (fp_cookie->fp)
+ {
+ fflush (fp_cookie->fp);
+ err = fp_cookie->no_close? 0 : fclose (fp_cookie->fp);
+ }
+ else
+ err = 0;
+ mem_free (fp_cookie);
+ }
+ else
+ err = 0;
+
+ return err;
+}
+
+
+static es_cookie_io_functions_t estream_functions_fp =
+ {
+ es_func_fp_read,
+ es_func_fp_write,
+ es_func_fp_seek,
+ es_func_fp_destroy
+ };
+
+
+
+
+/* Implementation of file I/O. */
+
+/* Create function for file objects. */
+static int
+es_func_file_create (void **cookie, int *filedes,
+ const char *path, unsigned int modeflags)
+{
+ estream_cookie_fd_t file_cookie;
+ int err;
+ int fd;
+
+ err = 0;
+ fd = -1;
+
+ file_cookie = mem_alloc (sizeof (*file_cookie));
+ if (! file_cookie)
+ {
+ err = -1;
+ goto out;
+ }
+
+ fd = open (path, modeflags, ES_DEFAULT_OPEN_MODE);
+ if (fd == -1)
+ {
+ err = -1;
+ goto out;
+ }
+#ifdef HAVE_DOSISH_SYSTEM
+ /* Make sure it is in binary mode if requested. */
+ if ( (modeflags & O_BINARY) )
+ setmode (fd, O_BINARY);
+#endif
+
+ file_cookie->fd = fd;
+ file_cookie->no_close = 0;
+ *cookie = file_cookie;
+ *filedes = fd;
+
+ out:
+
+ if (err)
+ mem_free (file_cookie);
+
+ return err;
+}
+
+
+static int
+es_convert_mode (const char *mode, unsigned int *modeflags)
+{
+ unsigned int omode, oflags;
+
+ switch (*mode)
+ {
+ case 'r':
+ omode = O_RDONLY;
+ oflags = 0;
+ break;
+ case 'w':
+ omode = O_WRONLY;
+ oflags = O_TRUNC | O_CREAT;
+ break;
+ case 'a':
+ omode = O_WRONLY;
+ oflags = O_APPEND | O_CREAT;
+ break;
+ default:
+ _set_errno (EINVAL);
+ return -1;
+ }
+ for (mode++; *mode; mode++)
+ {
+ switch (*mode)
+ {
+ case '+':
+ omode = O_RDWR;
+ break;
+ case 'b':
+ oflags |= O_BINARY;
+ break;
+ case 'x':
+ oflags |= O_EXCL;
+ break;
+ default: /* Ignore unknown flags. */
+ break;
+ }
+ }
+
+ *modeflags = (omode | oflags);
+ return 0;
+}
+
+
+
+/*
+ * Low level stream functionality.
+ */
+
+static int
+es_fill (estream_t stream)
+{
+ size_t bytes_read = 0;
+ int err;
+
+ if (!stream->intern->func_read)
+ {
+ _set_errno (EOPNOTSUPP);
+ err = -1;
+ }
+ else
+ {
+ es_cookie_read_function_t func_read = stream->intern->func_read;
+ ssize_t ret;
+
+ ret = (*func_read) (stream->intern->cookie,
+ stream->buffer, stream->buffer_size);
+ if (ret == -1)
+ {
+ bytes_read = 0;
+ err = -1;
+ }
+ else
+ {
+ bytes_read = ret;
+ err = 0;
+ }
+ }
+
+ if (err)
+ stream->intern->indicators.err = 1;
+ else if (!bytes_read)
+ stream->intern->indicators.eof = 1;
+
+ stream->intern->offset += stream->data_len;
+ stream->data_len = bytes_read;
+ stream->data_offset = 0;
+
+ return err;
+}
+
+static int
+es_flush (estream_t stream)
+{
+ es_cookie_write_function_t func_write = stream->intern->func_write;
+ int err;
+
+ assert (stream->flags.writing);
+
+ if (stream->data_offset)
+ {
+ size_t bytes_written;
+ size_t data_flushed;
+ ssize_t ret;
+
+ if (! func_write)
+ {
+ err = EOPNOTSUPP;
+ goto out;
+ }
+
+ /* Note: to prevent an endless loop caused by user-provided
+ write-functions that pretend to have written more bytes than
+ they were asked to write, we have to check for
+ "(stream->data_offset - data_flushed) > 0" instead of
+ "stream->data_offset - data_flushed". */
+
+ data_flushed = 0;
+ err = 0;
+
+ while ((((ssize_t) (stream->data_offset - data_flushed)) > 0) && (! err))
+ {
+ ret = (*func_write) (stream->intern->cookie,
+ stream->buffer + data_flushed,
+ stream->data_offset - data_flushed);
+ if (ret == -1)
+ {
+ bytes_written = 0;
+ err = -1;
+ }
+ else
+ bytes_written = ret;
+
+ data_flushed += bytes_written;
+ if (err)
+ break;
+ }
+
+ stream->data_flushed += data_flushed;
+ if (stream->data_offset == data_flushed)
+ {
+ stream->intern->offset += stream->data_offset;
+ stream->data_offset = 0;
+ stream->data_flushed = 0;
+
+ /* Propagate flush event. */
+ (*func_write) (stream->intern->cookie, NULL, 0);
+ }
+ }
+ else
+ err = 0;
+
+ out:
+
+ if (err)
+ stream->intern->indicators.err = 1;
+
+ return err;
+}
+
+/* Discard buffered data for STREAM. */
+static void
+es_empty (estream_t stream)
+{
+ assert (!stream->flags.writing);
+ stream->data_len = 0;
+ stream->data_offset = 0;
+ stream->unread_data_len = 0;
+}
+
+/* Initialize STREAM. */
+static void
+es_initialize (estream_t stream,
+ void *cookie, int fd, es_cookie_io_functions_t functions,
+ unsigned int modeflags)
+{
+ stream->intern->cookie = cookie;
+ stream->intern->opaque = NULL;
+ stream->intern->offset = 0;
+ stream->intern->func_read = functions.func_read;
+ stream->intern->func_write = functions.func_write;
+ stream->intern->func_seek = functions.func_seek;
+ stream->intern->func_close = functions.func_close;
+ stream->intern->strategy = _IOFBF;
+ stream->intern->fd = fd;
+ stream->intern->print_err = 0;
+ stream->intern->print_errno = 0;
+ stream->intern->print_ntotal = 0;
+ stream->intern->print_fp = NULL;
+ stream->intern->indicators.err = 0;
+ stream->intern->indicators.eof = 0;
+ stream->intern->is_stdstream = 0;
+ stream->intern->stdstream_fd = 0;
+ stream->intern->deallocate_buffer = 0;
+ stream->intern->printable_fname = NULL;
+ stream->intern->printable_fname_inuse = 0;
+
+ stream->data_len = 0;
+ stream->data_offset = 0;
+ stream->data_flushed = 0;
+ stream->unread_data_len = 0;
+ /* Depending on the modeflags we set whether we start in writing or
+ reading mode. This is required in case we are working on a
+ stream which is not seeekable (like stdout). Without this
+ pre-initialization we would do a seek at the first write call and
+ as this will fail no utput will be delivered. */
+ if ((modeflags & O_WRONLY) || (modeflags & O_RDWR) )
+ stream->flags.writing = 1;
+ else
+ stream->flags.writing = 0;
+}
+
+/* Deinitialize STREAM. */
+static int
+es_deinitialize (estream_t stream)
+{
+ es_cookie_close_function_t func_close;
+ int err, tmp_err;
+
+ if (stream->intern->print_fp)
+ {
+ int save_errno = errno;
+ fclose (stream->intern->print_fp);
+ stream->intern->print_fp = NULL;
+ _set_errno (save_errno);
+ }
+
+ func_close = stream->intern->func_close;
+
+ err = 0;
+ if (stream->flags.writing)
+ SET_UNLESS_NONZERO (err, tmp_err, es_flush (stream));
+ if (func_close)
+ SET_UNLESS_NONZERO (err, tmp_err, (*func_close) (stream->intern->cookie));
+
+ mem_free (stream->intern->printable_fname);
+ stream->intern->printable_fname = NULL;
+ stream->intern->printable_fname_inuse = 0;
+
+ return err;
+}
+
+/* Create a new stream object, initialize it. */
+static int
+es_create (estream_t *stream, void *cookie, int fd,
+ es_cookie_io_functions_t functions, unsigned int modeflags,
+ int with_locked_list)
+{
+ estream_internal_t stream_internal_new;
+ estream_t stream_new;
+ int err;
+
+ stream_new = NULL;
+ stream_internal_new = NULL;
+
+ stream_new = mem_alloc (sizeof (*stream_new));
+ if (! stream_new)
+ {
+ err = -1;
+ goto out;
+ }
+
+ stream_internal_new = mem_alloc (sizeof (*stream_internal_new));
+ if (! stream_internal_new)
+ {
+ err = -1;
+ goto out;
+ }
+
+ stream_new->buffer = stream_internal_new->buffer;
+ stream_new->buffer_size = sizeof (stream_internal_new->buffer);
+ stream_new->unread_buffer = stream_internal_new->unread_buffer;
+ stream_new->unread_buffer_size = sizeof (stream_internal_new->unread_buffer);
+ stream_new->intern = stream_internal_new;
+
+ ESTREAM_MUTEX_INITIALIZE (stream_new->intern->lock);
+ es_initialize (stream_new, cookie, fd, functions, modeflags);
+
+ err = es_list_add (stream_new, with_locked_list);
+ if (err)
+ goto out;
+
+ *stream = stream_new;
+
+ out:
+
+ if (err)
+ {
+ if (stream_new)
+ {
+ es_deinitialize (stream_new);
+ mem_free (stream_new);
+ }
+ }
+
+ return err;
+}
+
+/* Deinitialize a stream object and destroy it. */
+static int
+es_destroy (estream_t stream, int with_locked_list)
+{
+ int err = 0;
+
+ if (stream)
+ {
+ es_list_remove (stream, with_locked_list);
+ err = es_deinitialize (stream);
+ mem_free (stream->intern);
+ mem_free (stream);
+ }
+
+ return err;
+}
+
+/* Try to read BYTES_TO_READ bytes FROM STREAM into BUFFER in
+ unbuffered-mode, storing the amount of bytes read in
+ *BYTES_READ. */
+static int
+es_read_nbf (estream_t ES__RESTRICT stream,
+ unsigned char *ES__RESTRICT buffer,
+ size_t bytes_to_read, size_t *ES__RESTRICT bytes_read)
+{
+ es_cookie_read_function_t func_read = stream->intern->func_read;
+ size_t data_read;
+ ssize_t ret;
+ int err;
+
+ data_read = 0;
+ err = 0;
+
+ while (bytes_to_read - data_read)
+ {
+ ret = (*func_read) (stream->intern->cookie,
+ buffer + data_read, bytes_to_read - data_read);
+ if (ret == -1)
+ {
+ err = -1;
+ break;
+ }
+ else if (ret)
+ data_read += ret;
+ else
+ break;
+ }
+
+ stream->intern->offset += data_read;
+ *bytes_read = data_read;
+
+ return err;
+}
+
+/* Try to read BYTES_TO_READ bytes FROM STREAM into BUFFER in
+ fully-buffered-mode, storing the amount of bytes read in
+ *BYTES_READ. */
+static int
+es_read_fbf (estream_t ES__RESTRICT stream,
+ unsigned char *ES__RESTRICT buffer,
+ size_t bytes_to_read, size_t *ES__RESTRICT bytes_read)
+{
+ size_t data_available;
+ size_t data_to_read;
+ size_t data_read;
+ int err;
+
+ data_read = 0;
+ err = 0;
+
+ while ((bytes_to_read - data_read) && (! err))
+ {
+ if (stream->data_offset == stream->data_len)
+ {
+ /* Nothing more to read in current container, try to
+ fill container with new data. */
+ err = es_fill (stream);
+ if (! err)
+ if (! stream->data_len)
+ /* Filling did not result in any data read. */
+ break;
+ }
+
+ if (! err)
+ {
+ /* Filling resulted in some new data. */
+
+ data_to_read = bytes_to_read - data_read;
+ data_available = stream->data_len - stream->data_offset;
+ if (data_to_read > data_available)
+ data_to_read = data_available;
+
+ memcpy (buffer + data_read,
+ stream->buffer + stream->data_offset, data_to_read);
+ stream->data_offset += data_to_read;
+ data_read += data_to_read;
+ }
+ }
+
+ *bytes_read = data_read;
+
+ return err;
+}
+
+/* Try to read BYTES_TO_READ bytes FROM STREAM into BUFFER in
+ line-buffered-mode, storing the amount of bytes read in
+ *BYTES_READ. */
+static int
+es_read_lbf (estream_t ES__RESTRICT stream,
+ unsigned char *ES__RESTRICT buffer,
+ size_t bytes_to_read, size_t *ES__RESTRICT bytes_read)
+{
+ int err;
+
+ err = es_read_fbf (stream, buffer, bytes_to_read, bytes_read);
+
+ return err;
+}
+
+/* Try to read BYTES_TO_READ bytes FROM STREAM into BUFFER, storing
+ *the amount of bytes read in BYTES_READ. */
+static int
+es_readn (estream_t ES__RESTRICT stream,
+ void *ES__RESTRICT buffer_arg,
+ size_t bytes_to_read, size_t *ES__RESTRICT bytes_read)
+{
+ unsigned char *buffer = (unsigned char *)buffer_arg;
+ size_t data_read_unread, data_read;
+ int err;
+
+ data_read_unread = 0;
+ data_read = 0;
+ err = 0;
+
+ if (stream->flags.writing)
+ {
+ /* Switching to reading mode -> flush output. */
+ err = es_flush (stream);
+ if (err)
+ goto out;
+ stream->flags.writing = 0;
+ }
+
+ /* Read unread data first. */
+ while ((bytes_to_read - data_read_unread) && stream->unread_data_len)
+ {
+ buffer[data_read_unread]
+ = stream->unread_buffer[stream->unread_data_len - 1];
+ stream->unread_data_len--;
+ data_read_unread++;
+ }
+
+ switch (stream->intern->strategy)
+ {
+ case _IONBF:
+ err = es_read_nbf (stream,
+ buffer + data_read_unread,
+ bytes_to_read - data_read_unread, &data_read);
+ break;
+ case _IOLBF:
+ err = es_read_lbf (stream,
+ buffer + data_read_unread,
+ bytes_to_read - data_read_unread, &data_read);
+ break;
+ case _IOFBF:
+ err = es_read_fbf (stream,
+ buffer + data_read_unread,
+ bytes_to_read - data_read_unread, &data_read);
+ break;
+ }
+
+ out:
+
+ if (bytes_read)
+ *bytes_read = data_read_unread + data_read;
+
+ return err;
+}
+
+/* Try to unread DATA_N bytes from DATA into STREAM, storing the
+ amount of bytes successfully unread in *BYTES_UNREAD. */
+static void
+es_unreadn (estream_t ES__RESTRICT stream,
+ const unsigned char *ES__RESTRICT data, size_t data_n,
+ size_t *ES__RESTRICT bytes_unread)
+{
+ size_t space_left;
+
+ space_left = stream->unread_buffer_size - stream->unread_data_len;
+
+ if (data_n > space_left)
+ data_n = space_left;
+
+ if (! data_n)
+ goto out;
+
+ memcpy (stream->unread_buffer + stream->unread_data_len, data, data_n);
+ stream->unread_data_len += data_n;
+ stream->intern->indicators.eof = 0;
+
+ out:
+
+ if (bytes_unread)
+ *bytes_unread = data_n;
+}
+
+/* Seek in STREAM. */
+static int
+es_seek (estream_t ES__RESTRICT stream, off_t offset, int whence,
+ off_t *ES__RESTRICT offset_new)
+{
+ es_cookie_seek_function_t func_seek = stream->intern->func_seek;
+ int err, ret;
+ off_t off;
+
+ if (! func_seek)
+ {
+ _set_errno (EOPNOTSUPP);
+ err = -1;
+ goto out;
+ }
+
+ if (stream->flags.writing)
+ {
+ /* Flush data first in order to prevent flushing it to the wrong
+ offset. */
+ err = es_flush (stream);
+ if (err)
+ goto out;
+ stream->flags.writing = 0;
+ }
+
+ off = offset;
+ if (whence == SEEK_CUR)
+ {
+ off = off - stream->data_len + stream->data_offset;
+ off -= stream->unread_data_len;
+ }
+
+ ret = (*func_seek) (stream->intern->cookie, &off, whence);
+ if (ret == -1)
+ {
+ err = -1;
+ goto out;
+ }
+
+ err = 0;
+ es_empty (stream);
+
+ if (offset_new)
+ *offset_new = off;
+
+ stream->intern->indicators.eof = 0;
+ stream->intern->offset = off;
+
+ out:
+
+ if (err)
+ stream->intern->indicators.err = 1;
+
+ return err;
+}
+
+/* Write BYTES_TO_WRITE bytes from BUFFER into STREAM in
+ unbuffered-mode, storing the amount of bytes written in
+ *BYTES_WRITTEN. */
+static int
+es_write_nbf (estream_t ES__RESTRICT stream,
+ const unsigned char *ES__RESTRICT buffer,
+ size_t bytes_to_write, size_t *ES__RESTRICT bytes_written)
+{
+ es_cookie_write_function_t func_write = stream->intern->func_write;
+ size_t data_written;
+ ssize_t ret;
+ int err;
+
+ if (bytes_to_write && (! func_write))
+ {
+ err = EOPNOTSUPP;
+ goto out;
+ }
+
+ data_written = 0;
+ err = 0;
+
+ while (bytes_to_write - data_written)
+ {
+ ret = (*func_write) (stream->intern->cookie,
+ buffer + data_written,
+ bytes_to_write - data_written);
+ if (ret == -1)
+ {
+ err = -1;
+ break;
+ }
+ else
+ data_written += ret;
+ }
+
+ stream->intern->offset += data_written;
+ *bytes_written = data_written;
+
+ out:
+
+ return err;
+}
+
+/* Write BYTES_TO_WRITE bytes from BUFFER into STREAM in
+ fully-buffered-mode, storing the amount of bytes written in
+ *BYTES_WRITTEN. */
+static int
+es_write_fbf (estream_t ES__RESTRICT stream,
+ const unsigned char *ES__RESTRICT buffer,
+ size_t bytes_to_write, size_t *ES__RESTRICT bytes_written)
+{
+ size_t space_available;
+ size_t data_to_write;
+ size_t data_written;
+ int err;
+
+ data_written = 0;
+ err = 0;
+
+ while ((bytes_to_write - data_written) && (! err))
+ {
+ if (stream->data_offset == stream->buffer_size)
+ /* Container full, flush buffer. */
+ err = es_flush (stream);
+
+ if (! err)
+ {
+ /* Flushing resulted in empty container. */
+
+ data_to_write = bytes_to_write - data_written;
+ space_available = stream->buffer_size - stream->data_offset;
+ if (data_to_write > space_available)
+ data_to_write = space_available;
+
+ memcpy (stream->buffer + stream->data_offset,
+ buffer + data_written, data_to_write);
+ stream->data_offset += data_to_write;
+ data_written += data_to_write;
+ }
+ }
+
+ *bytes_written = data_written;
+
+ return err;
+}
+
+
+/* Write BYTES_TO_WRITE bytes from BUFFER into STREAM in
+ line-buffered-mode, storing the amount of bytes written in
+ *BYTES_WRITTEN. */
+static int
+es_write_lbf (estream_t ES__RESTRICT stream,
+ const unsigned char *ES__RESTRICT buffer,
+ size_t bytes_to_write, size_t *ES__RESTRICT bytes_written)
+{
+ size_t data_flushed = 0;
+ size_t data_buffered = 0;
+ unsigned char *nlp;
+ int err = 0;
+
+ nlp = memrchr (buffer, '\n', bytes_to_write);
+ if (nlp)
+ {
+ /* Found a newline, directly write up to (including) this
+ character. */
+ err = es_flush (stream);
+ if (!err)
+ err = es_write_nbf (stream, buffer, nlp - buffer + 1, &data_flushed);
+ }
+
+ if (!err)
+ {
+ /* Write remaining data fully buffered. */
+ err = es_write_fbf (stream, buffer + data_flushed,
+ bytes_to_write - data_flushed, &data_buffered);
+ }
+
+ *bytes_written = data_flushed + data_buffered;
+ return err;
+}
+
+
+/* Write BYTES_TO_WRITE bytes from BUFFER into STREAM in, storing the
+ amount of bytes written in BYTES_WRITTEN. */
+static int
+es_writen (estream_t ES__RESTRICT stream,
+ const void *ES__RESTRICT buffer,
+ size_t bytes_to_write, size_t *ES__RESTRICT bytes_written)
+{
+ size_t data_written;
+ int err;
+
+ data_written = 0;
+ err = 0;
+
+ if (!stream->flags.writing)
+ {
+ /* Switching to writing mode -> discard input data and seek to
+ position at which reading has stopped. We can do this only
+ if a seek function has been registered. */
+ if (stream->intern->func_seek)
+ {
+ err = es_seek (stream, 0, SEEK_CUR, NULL);
+ if (err)
+ {
+ if (errno == ESPIPE)
+ err = 0;
+ else
+ goto out;
+ }
+ }
+ }
+
+ switch (stream->intern->strategy)
+ {
+ case _IONBF:
+ err = es_write_nbf (stream, buffer, bytes_to_write, &data_written);
+ break;
+
+ case _IOLBF:
+ err = es_write_lbf (stream, buffer, bytes_to_write, &data_written);
+ break;
+
+ case _IOFBF:
+ err = es_write_fbf (stream, buffer, bytes_to_write, &data_written);
+ break;
+ }
+
+ out:
+
+ if (bytes_written)
+ *bytes_written = data_written;
+ if (data_written)
+ if (!stream->flags.writing)
+ stream->flags.writing = 1;
+
+ return err;
+}
+
+
+static int
+es_peek (estream_t ES__RESTRICT stream, unsigned char **ES__RESTRICT data,
+ size_t *ES__RESTRICT data_len)
+{
+ int err;
+
+ if (stream->flags.writing)
+ {
+ /* Switching to reading mode -> flush output. */
+ err = es_flush (stream);
+ if (err)
+ goto out;
+ stream->flags.writing = 0;
+ }
+
+ if (stream->data_offset == stream->data_len)
+ {
+ /* Refill container. */
+ err = es_fill (stream);
+ if (err)
+ goto out;
+ }
+
+ if (data)
+ *data = stream->buffer + stream->data_offset;
+ if (data_len)
+ *data_len = stream->data_len - stream->data_offset;
+ err = 0;
+
+ out:
+
+ return err;
+}
+
+
+/* Skip SIZE bytes of input data contained in buffer. */
+static int
+es_skip (estream_t stream, size_t size)
+{
+ int err;
+
+ if (stream->data_offset + size > stream->data_len)
+ {
+ _set_errno (EINVAL);
+ err = -1;
+ }
+ else
+ {
+ stream->data_offset += size;
+ err = 0;
+ }
+
+ return err;
+}
+
+
+static int
+doreadline (estream_t ES__RESTRICT stream, size_t max_length,
+ char *ES__RESTRICT *ES__RESTRICT line,
+ size_t *ES__RESTRICT line_length)
+{
+ size_t space_left;
+ size_t line_size;
+ estream_t line_stream;
+ char *line_new;
+ void *line_stream_cookie;
+ char *newline;
+ unsigned char *data;
+ size_t data_len;
+ int err;
+
+ line_new = NULL;
+ line_stream = NULL;
+ line_stream_cookie = NULL;
+
+ err = es_func_mem_create (&line_stream_cookie, NULL, 0, 0,
+ BUFFER_BLOCK_SIZE, 1,
+ mem_realloc, mem_free,
+ O_RDWR,
+ 0);
+ if (err)
+ goto out;
+
+ err = es_create (&line_stream, line_stream_cookie, -1,
+ estream_functions_mem, O_RDWR, 0);
+ if (err)
+ goto out;
+
+ space_left = max_length;
+ line_size = 0;
+ while (1)
+ {
+ if (max_length && (space_left == 1))
+ break;
+
+ err = es_peek (stream, &data, &data_len);
+ if (err || (! data_len))
+ break;
+
+ if (data_len > (space_left - 1))
+ data_len = space_left - 1;
+
+ newline = memchr (data, '\n', data_len);
+ if (newline)
+ {
+ data_len = (newline - (char *) data) + 1;
+ err = es_write (line_stream, data, data_len, NULL);
+ if (! err)
+ {
+ space_left -= data_len;
+ line_size += data_len;
+ es_skip (stream, data_len);
+ break;
+ }
+ }
+ else
+ {
+ err = es_write (line_stream, data, data_len, NULL);
+ if (! err)
+ {
+ space_left -= data_len;
+ line_size += data_len;
+ es_skip (stream, data_len);
+ }
+ }
+ if (err)
+ break;
+ }
+ if (err)
+ goto out;
+
+ /* Complete line has been written to line_stream. */
+
+ if ((max_length > 1) && (! line_size))
+ {
+ stream->intern->indicators.eof = 1;
+ goto out;
+ }
+
+ err = es_seek (line_stream, 0, SEEK_SET, NULL);
+ if (err)
+ goto out;
+
+ if (! *line)
+ {
+ line_new = mem_alloc (line_size + 1);
+ if (! line_new)
+ {
+ err = -1;
+ goto out;
+ }
+ }
+ else
+ line_new = *line;
+
+ err = es_read (line_stream, line_new, line_size, NULL);
+ if (err)
+ goto out;
+
+ line_new[line_size] = '\0';
+
+ if (! *line)
+ *line = line_new;
+ if (line_length)
+ *line_length = line_size;
+
+ out:
+
+ if (line_stream)
+ es_destroy (line_stream, 0);
+ else if (line_stream_cookie)
+ es_func_mem_destroy (line_stream_cookie);
+
+ if (err)
+ {
+ if (! *line)
+ mem_free (line_new);
+ stream->intern->indicators.err = 1;
+ }
+
+ return err;
+}
+
+
+/* Output fucntion used for estream_format. */
+static int
+print_writer (void *outfncarg, const char *buf, size_t buflen)
+{
+ estream_t stream = outfncarg;
+ size_t nwritten;
+ int rc;
+
+ nwritten = 0;
+ rc = es_writen (stream, buf, buflen, &nwritten);
+ stream->intern->print_ntotal += nwritten;
+ return rc;
+}
+
+
+/* The core of our printf function. This is called in locked state. */
+static int
+es_print (estream_t ES__RESTRICT stream,
+ const char *ES__RESTRICT format, va_list ap)
+{
+ int rc;
+
+ stream->intern->print_ntotal = 0;
+ rc = estream_format (print_writer, stream, format, ap);
+ if (rc)
+ return -1;
+ return (int)stream->intern->print_ntotal;
+}
+
+
+static void
+es_set_indicators (estream_t stream, int ind_err, int ind_eof)
+{
+ if (ind_err != -1)
+ stream->intern->indicators.err = ind_err ? 1 : 0;
+ if (ind_eof != -1)
+ stream->intern->indicators.eof = ind_eof ? 1 : 0;
+}
+
+
+static int
+es_get_indicator (estream_t stream, int ind_err, int ind_eof)
+{
+ int ret = 0;
+
+ if (ind_err)
+ ret = stream->intern->indicators.err;
+ else if (ind_eof)
+ ret = stream->intern->indicators.eof;
+
+ return ret;
+}
+
+
+static int
+es_set_buffering (estream_t ES__RESTRICT stream,
+ char *ES__RESTRICT buffer, int mode, size_t size)
+{
+ int err;
+
+ /* Flush or empty buffer depending on mode. */
+ if (stream->flags.writing)
+ {
+ err = es_flush (stream);
+ if (err)
+ goto out;
+ }
+ else
+ es_empty (stream);
+
+ es_set_indicators (stream, -1, 0);
+
+ /* Free old buffer in case that was allocated by this function. */
+ if (stream->intern->deallocate_buffer)
+ {
+ stream->intern->deallocate_buffer = 0;
+ mem_free (stream->buffer);
+ stream->buffer = NULL;
+ }
+
+ if (mode == _IONBF)
+ stream->buffer_size = 0;
+ else
+ {
+ void *buffer_new;
+
+ if (buffer)
+ buffer_new = buffer;
+ else
+ {
+ if (!size)
+ size = BUFSIZ;
+ buffer_new = mem_alloc (size);
+ if (! buffer_new)
+ {
+ err = -1;
+ goto out;
+ }
+ }
+
+ stream->buffer = buffer_new;
+ stream->buffer_size = size;
+ if (! buffer)
+ stream->intern->deallocate_buffer = 1;
+ }
+ stream->intern->strategy = mode;
+ err = 0;
+
+ out:
+
+ return err;
+}
+
+
+static off_t
+es_offset_calculate (estream_t stream)
+{
+ off_t offset;
+
+ offset = stream->intern->offset + stream->data_offset;
+ if (offset < stream->unread_data_len)
+ /* Offset undefined. */
+ offset = 0;
+ else
+ offset -= stream->unread_data_len;
+
+ return offset;
+}
+
+
+static void
+es_opaque_ctrl (estream_t ES__RESTRICT stream, void *ES__RESTRICT opaque_new,
+ void **ES__RESTRICT opaque_old)
+{
+ if (opaque_old)
+ *opaque_old = stream->intern->opaque;
+ if (opaque_new)
+ stream->intern->opaque = opaque_new;
+}
+
+
+static int
+es_get_fd (estream_t stream)
+{
+ return stream->intern->fd;
+}
+
+
+
+/* API. */
+
+int
+es_init (void)
+{
+ int err;
+
+ err = es_init_do ();
+
+ return err;
+}
+
+estream_t
+es_fopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode)
+{
+ unsigned int modeflags;
+ int create_called;
+ estream_t stream;
+ void *cookie;
+ int err;
+ int fd;
+
+ stream = NULL;
+ cookie = NULL;
+ create_called = 0;
+
+ err = es_convert_mode (mode, &modeflags);
+ if (err)
+ goto out;
+
+ err = es_func_file_create (&cookie, &fd, path, modeflags);
+ if (err)
+ goto out;
+
+ create_called = 1;
+ err = es_create (&stream, cookie, fd, estream_functions_fd, modeflags, 0);
+ if (err)
+ goto out;
+
+ if (stream && path)
+ fname_set_internal (stream, path, 1);
+
+ out:
+
+ if (err && create_called)
+ (*estream_functions_fd.func_close) (cookie);
+
+ return stream;
+}
+
+
+estream_t
+es_mopen (unsigned char *ES__RESTRICT data, size_t data_n, size_t data_len,
+ unsigned int grow,
+ func_realloc_t func_realloc, func_free_t func_free,
+ const char *ES__RESTRICT mode)
+{
+ unsigned int modeflags;
+ int create_called;
+ estream_t stream;
+ void *cookie;
+ int err;
+
+ cookie = 0;
+ stream = NULL;
+ create_called = 0;
+
+ err = es_convert_mode (mode, &modeflags);
+ if (err)
+ goto out;
+
+ err = es_func_mem_create (&cookie, data, data_n, data_len,
+ BUFFER_BLOCK_SIZE, grow,
+ func_realloc, func_free, modeflags, 0);
+ if (err)
+ goto out;
+
+ create_called = 1;
+ err = es_create (&stream, cookie, -1, estream_functions_mem, modeflags, 0);
+
+ out:
+
+ if (err && create_called)
+ (*estream_functions_mem.func_close) (cookie);
+
+ return stream;
+}
+
+
+estream_t
+es_fopenmem (size_t memlimit, const char *ES__RESTRICT mode)
+{
+ unsigned int modeflags;
+ estream_t stream = NULL;
+ void *cookie = NULL;
+
+ /* Memory streams are always read/write. We use MODE only to get
+ the append flag. */
+ if (es_convert_mode (mode, &modeflags))
+ return NULL;
+ modeflags |= O_RDWR;
+
+
+ if (es_func_mem_create (&cookie, NULL, 0, 0,
+ BUFFER_BLOCK_SIZE, 1,
+ mem_realloc, mem_free, modeflags,
+ memlimit))
+ return NULL;
+
+ if (es_create (&stream, cookie, -1, estream_functions_mem, modeflags, 0))
+ (*estream_functions_mem.func_close) (cookie);
+
+ return stream;
+}
+
+
+
+estream_t
+es_fopencookie (void *ES__RESTRICT cookie,
+ const char *ES__RESTRICT mode,
+ es_cookie_io_functions_t functions)
+{
+ unsigned int modeflags;
+ estream_t stream;
+ int err;
+
+ stream = NULL;
+ modeflags = 0;
+
+ err = es_convert_mode (mode, &modeflags);
+ if (err)
+ goto out;
+
+ err = es_create (&stream, cookie, -1, functions, modeflags, 0);
+ if (err)
+ goto out;
+
+ out:
+
+ return stream;
+}
+
+
+estream_t
+do_fdopen (int filedes, const char *mode, int no_close, int with_locked_list)
+{
+ unsigned int modeflags;
+ int create_called;
+ estream_t stream;
+ void *cookie;
+ int err;
+
+ stream = NULL;
+ cookie = NULL;
+ create_called = 0;
+
+ err = es_convert_mode (mode, &modeflags);
+ if (err)
+ goto out;
+
+ err = es_func_fd_create (&cookie, filedes, modeflags, no_close);
+ if (err)
+ goto out;
+
+ create_called = 1;
+ err = es_create (&stream, cookie, filedes, estream_functions_fd,
+ modeflags, with_locked_list);
+
+ out:
+
+ if (err && create_called)
+ (*estream_functions_fd.func_close) (cookie);
+
+ return stream;
+}
+
+estream_t
+es_fdopen (int filedes, const char *mode)
+{
+ return do_fdopen (filedes, mode, 0, 0);
+}
+
+/* A variant of es_fdopen which does not close FILEDES at the end. */
+estream_t
+es_fdopen_nc (int filedes, const char *mode)
+{
+ return do_fdopen (filedes, mode, 1, 0);
+}
+
+
+estream_t
+do_fpopen (FILE *fp, const char *mode, int no_close, int with_locked_list)
+{
+ unsigned int modeflags;
+ int create_called;
+ estream_t stream;
+ void *cookie;
+ int err;
+
+ stream = NULL;
+ cookie = NULL;
+ create_called = 0;
+
+ err = es_convert_mode (mode, &modeflags);
+ if (err)
+ goto out;
+
+ if (fp)
+ fflush (fp);
+ err = es_func_fp_create (&cookie, fp, modeflags, no_close);
+ if (err)
+ goto out;
+
+ create_called = 1;
+ err = es_create (&stream, cookie, fp? fileno (fp):-1, estream_functions_fp,
+ modeflags, with_locked_list);
+
+ out:
+
+ if (err && create_called)
+ (*estream_functions_fp.func_close) (cookie);
+
+ return stream;
+}
+
+
+/* Create an estream from the stdio stream FP. This mechanism is
+ useful in case the stdio streams have special properties and may
+ not be mixed with fd based functions. This is for example the case
+ under Windows where the 3 standard streams are associated with the
+ console whereas a duped and fd-opened stream of one of this stream
+ won't be associated with the console. As this messes things up it
+ is easier to keep on using the standard I/O stream as a backend for
+ estream. */
+estream_t
+es_fpopen (FILE *fp, const char *mode)
+{
+ return do_fpopen (fp, mode, 0, 0);
+}
+
+
+/* Same as es_fpopen but does not close FP at the end. */
+estream_t
+es_fpopen_nc (FILE *fp, const char *mode)
+{
+ return do_fpopen (fp, mode, 1, 0);
+}
+
+
+/* Set custom standard descriptors to be used for stdin, stdout and
+ stderr. This function needs to be called before any of the
+ standard streams are accessed. */
+void
+_es_set_std_fd (int no, int fd)
+{
+ ESTREAM_LIST_LOCK;
+ if (no >= 0 && no < 3 && !custom_std_fds_valid[no])
+ {
+ custom_std_fds[no] = fd;
+ custom_std_fds_valid[no] = 1;
+ }
+ ESTREAM_LIST_UNLOCK;
+}
+
+
+/* Return the stream used for stdin, stdout or stderr. */
+estream_t
+_es_get_std_stream (int fd)
+{
+ estream_list_t list_obj;
+ estream_t stream = NULL;
+
+ fd %= 3; /* We only allow 0, 1 or 2 but we don't want to return an error. */
+ ESTREAM_LIST_LOCK;
+ for (list_obj = estream_list; list_obj; list_obj = list_obj->cdr)
+ if (list_obj->car->intern->is_stdstream
+ && list_obj->car->intern->stdstream_fd == fd)
+ {
+ stream = list_obj->car;
+ break;
+ }
+ if (!stream)
+ {
+ /* Standard stream not yet created. We first try to create them
+ from registered file descriptors. */
+ if (!fd && custom_std_fds_valid[0])
+ stream = do_fdopen (custom_std_fds[0], "r", 1, 1);
+ else if (fd == 1 && custom_std_fds_valid[1])
+ stream = do_fdopen (custom_std_fds[1], "a", 1, 1);
+ else if (custom_std_fds_valid[2])
+ stream = do_fdopen (custom_std_fds[2], "a", 1, 1);
+
+ if (!stream)
+ {
+ /* Second try is to use the standard C streams. */
+ if (!fd)
+ stream = do_fpopen (stdin, "r", 1, 1);
+ else if (fd == 1)
+ stream = do_fpopen (stdout, "a", 1, 1);
+ else
+ stream = do_fpopen (stderr, "a", 1, 1);
+ }
+
+ if (!stream)
+ {
+ /* Last try: Create a bit bucket. */
+ stream = do_fpopen (NULL, fd? "a":"r", 0, 1);
+ if (!stream)
+ {
+ fprintf (stderr, "fatal: error creating a dummy estream"
+ " for %d: %s\n", fd, strerror (errno));
+ abort();
+ }
+ }
+
+ stream->intern->is_stdstream = 1;
+ stream->intern->stdstream_fd = fd;
+ if (fd == 2)
+ es_set_buffering (stream, NULL, _IOLBF, 0);
+ fname_set_internal (stream,
+ fd == 0? "[stdin]" :
+ fd == 1? "[stdout]" : "[stderr]", 0);
+ }
+ ESTREAM_LIST_UNLOCK;
+ return stream;
+}
+
+
+estream_t
+es_freopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode,
+ estream_t ES__RESTRICT stream)
+{
+ int err;
+
+ if (path)
+ {
+ unsigned int modeflags;
+ int create_called;
+ void *cookie;
+ int fd;
+
+ cookie = NULL;
+ create_called = 0;
+
+ ESTREAM_LOCK (stream);
+
+ es_deinitialize (stream);
+
+ err = es_convert_mode (mode, &modeflags);
+ if (err)
+ goto leave;
+
+ err = es_func_file_create (&cookie, &fd, path, modeflags);
+ if (err)
+ goto leave;
+
+ create_called = 1;
+ es_initialize (stream, cookie, fd, estream_functions_fd, modeflags);
+
+ leave:
+
+ if (err)
+ {
+ if (create_called)
+ es_func_fd_destroy (cookie);
+
+ es_destroy (stream, 0);
+ stream = NULL;
+ }
+ else
+ {
+ if (stream && path)
+ fname_set_internal (stream, path, 1);
+ ESTREAM_UNLOCK (stream);
+ }
+ }
+ else
+ {
+ /* FIXME? We don't support re-opening at the moment. */
+ _set_errno (EINVAL);
+ es_deinitialize (stream);
+ es_destroy (stream, 0);
+ stream = NULL;
+ }
+
+ return stream;
+}
+
+
+int
+es_fclose (estream_t stream)
+{
+ int err;
+
+ err = es_destroy (stream, 0);
+
+ return err;
+}
+
+int
+es_fileno_unlocked (estream_t stream)
+{
+ return es_get_fd (stream);
+}
+
+
+void
+es_flockfile (estream_t stream)
+{
+ ESTREAM_LOCK (stream);
+}
+
+
+int
+es_ftrylockfile (estream_t stream)
+{
+ return ESTREAM_TRYLOCK (stream);
+}
+
+
+void
+es_funlockfile (estream_t stream)
+{
+ ESTREAM_UNLOCK (stream);
+}
+
+
+int
+es_fileno (estream_t stream)
+{
+ int ret;
+
+ ESTREAM_LOCK (stream);
+ ret = es_fileno_unlocked (stream);
+ ESTREAM_UNLOCK (stream);
+
+ return ret;
+}
+
+
+int
+es_feof_unlocked (estream_t stream)
+{
+ return es_get_indicator (stream, 0, 1);
+}
+
+
+int
+es_feof (estream_t stream)
+{
+ int ret;
+
+ ESTREAM_LOCK (stream);
+ ret = es_feof_unlocked (stream);
+ ESTREAM_UNLOCK (stream);
+
+ return ret;
+}
+
+
+int
+es_ferror_unlocked (estream_t stream)
+{
+ return es_get_indicator (stream, 1, 0);
+}
+
+
+int
+es_ferror (estream_t stream)
+{
+ int ret;
+
+ ESTREAM_LOCK (stream);
+ ret = es_ferror_unlocked (stream);
+ ESTREAM_UNLOCK (stream);
+
+ return ret;
+}
+
+
+void
+es_clearerr_unlocked (estream_t stream)
+{
+ es_set_indicators (stream, 0, 0);
+}
+
+
+void
+es_clearerr (estream_t stream)
+{
+ ESTREAM_LOCK (stream);
+ es_clearerr_unlocked (stream);
+ ESTREAM_UNLOCK (stream);
+}
+
+
+static int
+do_fflush (estream_t stream)
+{
+ int err;
+
+ if (stream->flags.writing)
+ err = es_flush (stream);
+ else
+ {
+ es_empty (stream);
+ err = 0;
+ }
+
+ return err;
+}
+
+
+int
+es_fflush (estream_t stream)
+{
+ int err;
+
+ if (stream)
+ {
+ ESTREAM_LOCK (stream);
+ err = do_fflush (stream);
+ ESTREAM_UNLOCK (stream);
+ }
+ else
+ err = es_list_iterate (do_fflush);
+
+ return err ? EOF : 0;
+}
+
+
+int
+es_fseek (estream_t stream, long int offset, int whence)
+{
+ int err;
+
+ ESTREAM_LOCK (stream);
+ err = es_seek (stream, offset, whence, NULL);
+ ESTREAM_UNLOCK (stream);
+
+ return err;
+}
+
+
+int
+es_fseeko (estream_t stream, off_t offset, int whence)
+{
+ int err;
+
+ ESTREAM_LOCK (stream);
+ err = es_seek (stream, offset, whence, NULL);
+ ESTREAM_UNLOCK (stream);
+
+ return err;
+}
+
+
+long int
+es_ftell (estream_t stream)
+{
+ long int ret;
+
+ ESTREAM_LOCK (stream);
+ ret = es_offset_calculate (stream);
+ ESTREAM_UNLOCK (stream);
+
+ return ret;
+}
+
+
+off_t
+es_ftello (estream_t stream)
+{
+ off_t ret = -1;
+
+ ESTREAM_LOCK (stream);
+ ret = es_offset_calculate (stream);
+ ESTREAM_UNLOCK (stream);
+
+ return ret;
+}
+
+
+void
+es_rewind (estream_t stream)
+{
+ ESTREAM_LOCK (stream);
+ es_seek (stream, 0L, SEEK_SET, NULL);
+ es_set_indicators (stream, 0, -1);
+ ESTREAM_UNLOCK (stream);
+}
+
+
+int
+_es_getc_underflow (estream_t stream)
+{
+ int err;
+ unsigned char c;
+ size_t bytes_read;
+
+ err = es_readn (stream, &c, 1, &bytes_read);
+
+ return (err || (! bytes_read)) ? EOF : c;
+}
+
+
+int
+_es_putc_overflow (int c, estream_t stream)
+{
+ unsigned char d = c;
+ int err;
+
+ err = es_writen (stream, &d, 1, NULL);
+
+ return err ? EOF : c;
+}
+
+
+int
+es_fgetc (estream_t stream)
+{
+ int ret;
+
+ ESTREAM_LOCK (stream);
+ ret = es_getc_unlocked (stream);
+ ESTREAM_UNLOCK (stream);
+
+ return ret;
+}
+
+
+int
+es_fputc (int c, estream_t stream)
+{
+ int ret;
+
+ ESTREAM_LOCK (stream);
+ ret = es_putc_unlocked (c, stream);
+ ESTREAM_UNLOCK (stream);
+
+ return ret;
+}
+
+
+int
+es_ungetc (int c, estream_t stream)
+{
+ unsigned char data = (unsigned char) c;
+ size_t data_unread;
+
+ ESTREAM_LOCK (stream);
+ es_unreadn (stream, &data, 1, &data_unread);
+ ESTREAM_UNLOCK (stream);
+
+ return data_unread ? c : EOF;
+}
+
+
+int
+es_read (estream_t ES__RESTRICT stream,
+ void *ES__RESTRICT buffer, size_t bytes_to_read,
+ size_t *ES__RESTRICT bytes_read)
+{
+ int err;
+
+ if (bytes_to_read)
+ {
+ ESTREAM_LOCK (stream);
+ err = es_readn (stream, buffer, bytes_to_read, bytes_read);
+ ESTREAM_UNLOCK (stream);
+ }
+ else
+ err = 0;
+
+ return err;
+}
+
+
+int
+es_write (estream_t ES__RESTRICT stream,
+ const void *ES__RESTRICT buffer, size_t bytes_to_write,
+ size_t *ES__RESTRICT bytes_written)
+{
+ int err;
+
+ if (bytes_to_write)
+ {
+ ESTREAM_LOCK (stream);
+ err = es_writen (stream, buffer, bytes_to_write, bytes_written);
+ ESTREAM_UNLOCK (stream);
+ }
+ else
+ err = 0;
+
+ return err;
+}
+
+
+size_t
+es_fread (void *ES__RESTRICT ptr, size_t size, size_t nitems,
+ estream_t ES__RESTRICT stream)
+{
+ size_t ret, bytes;
+
+ if (size * nitems)
+ {
+ ESTREAM_LOCK (stream);
+ es_readn (stream, ptr, size * nitems, &bytes);
+ ESTREAM_UNLOCK (stream);
+
+ ret = bytes / size;
+ }
+ else
+ ret = 0;
+
+ return ret;
+}
+
+
+size_t
+es_fwrite (const void *ES__RESTRICT ptr, size_t size, size_t nitems,
+ estream_t ES__RESTRICT stream)
+{
+ size_t ret, bytes;
+
+ if (size * nitems)
+ {
+ ESTREAM_LOCK (stream);
+ es_writen (stream, ptr, size * nitems, &bytes);
+ ESTREAM_UNLOCK (stream);
+
+ ret = bytes / size;
+ }
+ else
+ ret = 0;
+
+ return ret;
+}
+
+
+char *
+es_fgets (char *ES__RESTRICT buffer, int length, estream_t ES__RESTRICT stream)
+{
+ unsigned char *s = (unsigned char*)buffer;
+ int c;
+
+ if (!length)
+ return NULL;
+
+ c = EOF;
+ ESTREAM_LOCK (stream);
+ while (length > 1 && (c = es_getc_unlocked (stream)) != EOF && c != '\n')
+ {
+ *s++ = c;
+ length--;
+ }
+ ESTREAM_UNLOCK (stream);
+
+ if (c == EOF && s == (unsigned char*)buffer)
+ return NULL; /* Nothing read. */
+
+ if (c != EOF && length > 1)
+ *s++ = c;
+
+ *s = 0;
+ return buffer;
+}
+
+
+int
+es_fputs_unlocked (const char *ES__RESTRICT s, estream_t ES__RESTRICT stream)
+{
+ size_t length;
+ int err;
+
+ length = strlen (s);
+ err = es_writen (stream, s, length, NULL);
+ return err ? EOF : 0;
+}
+
+int
+es_fputs (const char *ES__RESTRICT s, estream_t ES__RESTRICT stream)
+{
+ size_t length;
+ int err;
+
+ length = strlen (s);
+ ESTREAM_LOCK (stream);
+ err = es_writen (stream, s, length, NULL);
+ ESTREAM_UNLOCK (stream);
+
+ return err ? EOF : 0;
+}
+
+
+ssize_t
+es_getline (char *ES__RESTRICT *ES__RESTRICT lineptr, size_t *ES__RESTRICT n,
+ estream_t ES__RESTRICT stream)
+{
+ char *line = NULL;
+ size_t line_n = 0;
+ int err;
+
+ ESTREAM_LOCK (stream);
+ err = doreadline (stream, 0, &line, &line_n);
+ ESTREAM_UNLOCK (stream);
+ if (err)
+ goto out;
+
+ if (*n)
+ {
+ /* Caller wants us to use his buffer. */
+
+ if (*n < (line_n + 1))
+ {
+ /* Provided buffer is too small -> resize. */
+
+ void *p;
+
+ p = mem_realloc (*lineptr, line_n + 1);
+ if (! p)
+ err = -1;
+ else
+ {
+ if (*lineptr != p)
+ *lineptr = p;
+ }
+ }
+
+ if (! err)
+ {
+ memcpy (*lineptr, line, line_n + 1);
+ if (*n != line_n)
+ *n = line_n;
+ }
+ mem_free (line);
+ }
+ else
+ {
+ /* Caller wants new buffers. */
+ *lineptr = line;
+ *n = line_n;
+ }
+
+ out:
+
+ return err ? err : (ssize_t)line_n;
+}
+
+
+
+/* Same as fgets() but if the provided buffer is too short a larger
+ one will be allocated. This is similar to getline. A line is
+ considered a byte stream ending in a LF.
+
+ If MAX_LENGTH is not NULL, it shall point to a value with the
+ maximum allowed allocation.
+
+ Returns the length of the line. EOF is indicated by a line of
+ length zero. A truncated line is indicated my setting the value at
+ MAX_LENGTH to 0. If the returned value is less then 0 not enough
+ memory was enable or another error occurred; ERRNO is then set
+ accordingly.
+
+ If a line has been truncated, the file pointer is moved forward to
+ the end of the line so that the next read starts with the next
+ line. Note that MAX_LENGTH must be re-initialzied in this case.
+
+ The caller initially needs to provide the address of a variable,
+ initialized to NULL, at ADDR_OF_BUFFER and don't change this value
+ anymore with the following invocations. LENGTH_OF_BUFFER should be
+ the address of a variable, initialized to 0, which is also
+ maintained by this function. Thus, both paramaters should be
+ considered the state of this function.
+
+ Note: The returned buffer is allocated with enough extra space to
+ allow the caller to append a CR,LF,Nul. The buffer should be
+ released using es_free.
+ */
+ssize_t
+es_read_line (estream_t stream,
+ char **addr_of_buffer, size_t *length_of_buffer,
+ size_t *max_length)
+{
+ int c;
+ char *buffer = *addr_of_buffer;
+ size_t length = *length_of_buffer;
+ size_t nbytes = 0;
+ size_t maxlen = max_length? *max_length : 0;
+ char *p;
+
+ if (!buffer)
+ {
+ /* No buffer given - allocate a new one. */
+ length = 256;
+ buffer = mem_alloc (length);
+ *addr_of_buffer = buffer;
+ if (!buffer)
+ {
+ *length_of_buffer = 0;
+ if (max_length)
+ *max_length = 0;
+ return -1;
+ }
+ *length_of_buffer = length;
+ }
+
+ if (length < 4)
+ {
+ /* This should never happen. If it does, the function has been
+ called with wrong arguments. */
+ _set_errno (EINVAL);
+ return -1;
+ }
+ length -= 3; /* Reserve 3 bytes for CR,LF,EOL. */
+
+ ESTREAM_LOCK (stream);
+ p = buffer;
+ while ((c = es_getc_unlocked (stream)) != EOF)
+ {
+ if (nbytes == length)
+ {
+ /* Enlarge the buffer. */
+ if (maxlen && length > maxlen)
+ {
+ /* We are beyond our limit: Skip the rest of the line. */
+ while (c != '\n' && (c=es_getc_unlocked (stream)) != EOF)
+ ;
+ *p++ = '\n'; /* Always append a LF (we reserved some space). */
+ nbytes++;
+ if (max_length)
+ *max_length = 0; /* Indicate truncation. */
+ break; /* the while loop. */
+ }
+ length += 3; /* Adjust for the reserved bytes. */
+ length += length < 1024? 256 : 1024;
+ *addr_of_buffer = mem_realloc (buffer, length);
+ if (!*addr_of_buffer)
+ {
+ int save_errno = errno;
+ mem_free (buffer);
+ *length_of_buffer = 0;
+ if (max_length)
+ *max_length = 0;
+ ESTREAM_UNLOCK (stream);
+ _set_errno (save_errno);
+ return -1;
+ }
+ buffer = *addr_of_buffer;
+ *length_of_buffer = length;
+ length -= 3;
+ p = buffer + nbytes;
+ }
+ *p++ = c;
+ nbytes++;
+ if (c == '\n')
+ break;
+ }
+ *p = 0; /* Make sure the line is a string. */
+ ESTREAM_UNLOCK (stream);
+
+ return nbytes;
+}
+
+/* Wrapper around free() to match the memory allocation system used
+ by estream. Should be used for all buffers returned to the caller
+ by libestream. */
+void
+es_free (void *a)
+{
+ mem_free (a);
+}
+
+
+int
+es_vfprintf_unlocked (estream_t ES__RESTRICT stream,
+ const char *ES__RESTRICT format,
+ va_list ap)
+{
+ return es_print (stream, format, ap);
+}
+
+
+int
+es_vfprintf (estream_t ES__RESTRICT stream, const char *ES__RESTRICT format,
+ va_list ap)
+{
+ int ret;
+
+ ESTREAM_LOCK (stream);
+ ret = es_print (stream, format, ap);
+ ESTREAM_UNLOCK (stream);
+
+ return ret;
+}
+
+
+int
+es_fprintf_unlocked (estream_t ES__RESTRICT stream,
+ const char *ES__RESTRICT format, ...)
+{
+ int ret;
+
+ va_list ap;
+ va_start (ap, format);
+ ret = es_print (stream, format, ap);
+ va_end (ap);
+
+ return ret;
+}
+
+
+int
+es_fprintf (estream_t ES__RESTRICT stream,
+ const char *ES__RESTRICT format, ...)
+{
+ int ret;
+
+ va_list ap;
+ va_start (ap, format);
+ ESTREAM_LOCK (stream);
+ ret = es_print (stream, format, ap);
+ ESTREAM_UNLOCK (stream);
+ va_end (ap);
+
+ return ret;
+}
+
+/* A variant of asprintf. The function returns the allocated buffer
+ or NULL on error; ERRNO is set in the error case. The caller
+ should use es_free to release the buffer. This function actually
+ belongs into estream-printf but we put it here as a convenience
+ and because es_free is required anyway. */
+char *
+es_asprintf (const char *ES__RESTRICT format, ...)
+{
+ int rc;
+ va_list ap;
+ char *buf;
+
+ va_start (ap, format);
+ rc = estream_vasprintf (&buf, format, ap);
+ va_end (ap);
+ if (rc < 0)
+ return NULL;
+ return buf;
+}
+
+
+/* A variant of vasprintf. The function returns the allocated buffer
+ or NULL on error; ERRNO is set in the error case. The caller
+ should use es_free to release the buffer. This function actually
+ belongs into estream-printf but we put it here as a convenience
+ and because es_free is required anyway. */
+char *
+es_vasprintf (const char *ES__RESTRICT format, va_list ap)
+{
+ int rc;
+ char *buf;
+
+ rc = estream_vasprintf (&buf, format, ap);
+ if (rc < 0)
+ return NULL;
+ return buf;
+}
+
+
+static int
+tmpfd (void)
+{
+#ifdef HAVE_W32_SYSTEM
+ int attempts, n;
+#ifdef HAVE_W32CE_SYSTEM
+ wchar_t buffer[MAX_PATH+9+12+1];
+# define mystrlen(a) wcslen (a)
+ wchar_t *name, *p;
+#else
+ char buffer[MAX_PATH+9+12+1];
+# define mystrlen(a) strlen (a)
+ char *name, *p;
+#endif
+ HANDLE file;
+ int pid = GetCurrentProcessId ();
+ unsigned int value;
+ int i;
+
+ n = GetTempPath (MAX_PATH+1, buffer);
+ if (!n || n > MAX_PATH || mystrlen (buffer) > MAX_PATH)
+ {
+ _set_errno (ENOENT);
+ return -1;
+ }
+ p = buffer + mystrlen (buffer);
+#ifdef HAVE_W32CE_SYSTEM
+ wcscpy (p, L"_estream");
+#else
+ strcpy (p, "_estream");
+#endif
+ p += 8;
+ /* We try to create the directory but don't care about an error as
+ it may already exist and the CreateFile would throw an error
+ anyway. */
+ CreateDirectory (buffer, NULL);
+ *p++ = '\\';
+ name = p;
+ for (attempts=0; attempts < 10; attempts++)
+ {
+ p = name;
+ value = (GetTickCount () ^ ((pid<<16) & 0xffff0000));
+ for (i=0; i < 8; i++)
+ {
+ *p++ = tohex (((value >> 28) & 0x0f));
+ value <<= 4;
+ }
+#ifdef HAVE_W32CE_SYSTEM
+ wcscpy (p, L".tmp");
+#else
+ strcpy (p, ".tmp");
+#endif
+ file = CreateFile (buffer,
+ GENERIC_READ | GENERIC_WRITE,
+ 0,
+ NULL,
+ CREATE_NEW,
+ FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE,
+ NULL);
+ if (file != INVALID_HANDLE_VALUE)
+ {
+#ifdef HAVE_W32CE_SYSTEM
+ int fd = (int)file;
+#else
+ int fd = _open_osfhandle ((long)file, 0);
+ if (fd == -1)
+ {
+ CloseHandle (file);
+ return -1;
+ }
+#endif
+ return fd;
+ }
+ Sleep (1); /* One ms as this is the granularity of GetTickCount. */
+ }
+ _set_errno (ENOENT);
+ return -1;
+#else /*!HAVE_W32_SYSTEM*/
+ FILE *fp;
+ int fp_fd;
+ int fd;
+
+ fp = NULL;
+ fd = -1;
+
+ fp = tmpfile ();
+ if (! fp)
+ goto out;
+
+ fp_fd = fileno (fp);
+ fd = dup (fp_fd);
+
+ out:
+
+ if (fp)
+ fclose (fp);
+
+ return fd;
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+estream_t
+es_tmpfile (void)
+{
+ unsigned int modeflags;
+ int create_called;
+ estream_t stream;
+ void *cookie;
+ int err;
+ int fd;
+
+ create_called = 0;
+ stream = NULL;
+ modeflags = O_RDWR | O_TRUNC | O_CREAT;
+ cookie = NULL;
+
+ fd = tmpfd ();
+ if (fd == -1)
+ {
+ err = -1;
+ goto out;
+ }
+
+ err = es_func_fd_create (&cookie, fd, modeflags, 0);
+ if (err)
+ goto out;
+
+ create_called = 1;
+ err = es_create (&stream, cookie, fd, estream_functions_fd, modeflags, 0);
+
+ out:
+
+ if (err)
+ {
+ if (create_called)
+ es_func_fd_destroy (cookie);
+ else if (fd != -1)
+ close (fd);
+ stream = NULL;
+ }
+
+ return stream;
+}
+
+
+int
+es_setvbuf (estream_t ES__RESTRICT stream,
+ char *ES__RESTRICT buf, int type, size_t size)
+{
+ int err;
+
+ if ((type == _IOFBF || type == _IOLBF || type == _IONBF)
+ && (!buf || size || type == _IONBF))
+ {
+ ESTREAM_LOCK (stream);
+ err = es_set_buffering (stream, buf, type, size);
+ ESTREAM_UNLOCK (stream);
+ }
+ else
+ {
+ _set_errno (EINVAL);
+ err = -1;
+ }
+
+ return err;
+}
+
+
+void
+es_setbuf (estream_t ES__RESTRICT stream, char *ES__RESTRICT buf)
+{
+ ESTREAM_LOCK (stream);
+ es_set_buffering (stream, buf, buf ? _IOFBF : _IONBF, BUFSIZ);
+ ESTREAM_UNLOCK (stream);
+}
+
+void
+es_opaque_set (estream_t stream, void *opaque)
+{
+ ESTREAM_LOCK (stream);
+ es_opaque_ctrl (stream, opaque, NULL);
+ ESTREAM_UNLOCK (stream);
+}
+
+
+void *
+es_opaque_get (estream_t stream)
+{
+ void *opaque;
+
+ ESTREAM_LOCK (stream);
+ es_opaque_ctrl (stream, NULL, &opaque);
+ ESTREAM_UNLOCK (stream);
+
+ return opaque;
+}
+
+
+static void
+fname_set_internal (estream_t stream, const char *fname, int quote)
+{
+ if (stream->intern->printable_fname
+ && !stream->intern->printable_fname_inuse)
+ {
+ mem_free (stream->intern->printable_fname);
+ stream->intern->printable_fname = NULL;
+ }
+ if (stream->intern->printable_fname)
+ return; /* Can't change because it is in use. */
+
+ if (*fname != '[')
+ quote = 0;
+ else
+ quote = !!quote;
+
+ stream->intern->printable_fname = mem_alloc (strlen (fname) + quote + 1);
+ if (fname)
+ {
+ if (quote)
+ stream->intern->printable_fname[0] = '\\';
+ strcpy (stream->intern->printable_fname+quote, fname);
+ }
+}
+
+
+/* Set the filename attribute of STREAM. There is no error return.
+ as long as STREAM is valid. This function is called internally by
+ functions which open a filename. */
+void
+es_fname_set (estream_t stream, const char *fname)
+{
+ if (fname)
+ {
+ ESTREAM_LOCK (stream);
+ fname_set_internal (stream, fname, 1);
+ ESTREAM_UNLOCK (stream);
+ }
+}
+
+
+/* Return the filename attribute of STREAM. In case no filename has
+ been set, "[?]" will be returned. The returned file name is valid
+ as long as STREAM is valid. */
+const char *
+es_fname_get (estream_t stream)
+{
+ const char *fname;
+
+ ESTREAM_LOCK (stream);
+ fname = stream->intern->printable_fname;
+ if (fname)
+ stream->intern->printable_fname_inuse = 1;
+ ESTREAM_UNLOCK (stream);
+ if (!fname)
+ fname = "[?]";
+ return fname;
+}
+
+
+/* Print a BUFFER to STREAM while replacing all control characters and
+ the characters in DELIMITERS by standard C escape sequences.
+ Returns 0 on success or -1 on error. If BYTES_WRITTEN is not NULL
+ the number of bytes actually written are stored at this
+ address. */
+int
+es_write_sanitized (estream_t ES__RESTRICT stream,
+ const void * ES__RESTRICT buffer, size_t length,
+ const char * delimiters,
+ size_t * ES__RESTRICT bytes_written)
+{
+ const unsigned char *p = buffer;
+ size_t count = 0;
+ int ret;
+
+ ESTREAM_LOCK (stream);
+ for (; length; length--, p++, count++)
+ {
+ if (*p < 0x20
+ || *p == 0x7f
+ || (delimiters
+ && (strchr (delimiters, *p) || *p == '\\')))
+ {
+ es_putc_unlocked ('\\', stream);
+ count++;
+ if (*p == '\n')
+ {
+ es_putc_unlocked ('n', stream);
+ count++;
+ }
+ else if (*p == '\r')
+ {
+ es_putc_unlocked ('r', stream);
+ count++;
+ }
+ else if (*p == '\f')
+ {
+ es_putc_unlocked ('f', stream);
+ count++;
+ }
+ else if (*p == '\v')
+ {
+ es_putc_unlocked ('v', stream);
+ count++;
+ }
+ else if (*p == '\b')
+ {
+ es_putc_unlocked ('b', stream);
+ count++;
+ }
+ else if (!*p)
+ {
+ es_putc_unlocked('0', stream);
+ count++;
+ }
+ else
+ {
+ es_fprintf_unlocked (stream, "x%02x", *p);
+ count += 3;
+ }
+ }
+ else
+ {
+ es_putc_unlocked (*p, stream);
+ count++;
+ }
+ }
+
+ if (bytes_written)
+ *bytes_written = count;
+ ret = es_ferror_unlocked (stream)? -1 : 0;
+ ESTREAM_UNLOCK (stream);
+
+ return ret;
+}
+
+
+/* Write LENGTH bytes of BUFFER to STREAM as a hex encoded string.
+ RESERVED must be 0. Returns 0 on success or -1 on error. If
+ BYTES_WRITTEN is not NULL the number of bytes actually written are
+ stored at this address. */
+int
+es_write_hexstring (estream_t ES__RESTRICT stream,
+ const void *ES__RESTRICT buffer, size_t length,
+ int reserved, size_t *ES__RESTRICT bytes_written )
+{
+ int ret;
+ const unsigned char *s;
+ size_t count = 0;
+
+ (void)reserved;
+
+#define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A'))
+
+ if (!length)
+ return 0;
+
+ ESTREAM_LOCK (stream);
+
+ for (s = buffer; length; s++, length--)
+ {
+ es_putc_unlocked ( tohex ((*s>>4)&15), stream);
+ es_putc_unlocked ( tohex (*s&15), stream);
+ count += 2;
+ }
+
+ if (bytes_written)
+ *bytes_written = count;
+ ret = es_ferror_unlocked (stream)? -1 : 0;
+
+ ESTREAM_UNLOCK (stream);
+
+ return ret;
+
+#undef tohex
+}
+
+
+
+#ifdef GNUPG_MAJOR_VERSION
+/* Special estream function to print an UTF8 string in the native
+ encoding. The interface is the same as es_write_sanitized, however
+ only one delimiter may be supported.
+
+ THIS IS NOT A STANDARD ESTREAM FUNCTION AND ONLY USED BY GNUPG!. */
+int
+es_write_sanitized_utf8_buffer (estream_t stream,
+ const void *buffer, size_t length,
+ const char *delimiters, size_t *bytes_written)
+{
+ const char *p = buffer;
+ size_t i;
+
+ /* We can handle plain ascii simpler, so check for it first. */
+ for (i=0; i < length; i++ )
+ {
+ if ( (p[i] & 0x80) )
+ break;
+ }
+ if (i < length)
+ {
+ int delim = delimiters? *delimiters : 0;
+ char *buf;
+ int ret;
+
+ /*(utf8 conversion already does the control character quoting). */
+ buf = utf8_to_native (p, length, delim);
+ if (bytes_written)
+ *bytes_written = strlen (buf);
+ ret = es_fputs (buf, stream);
+ xfree (buf);
+ return ret == EOF? ret : (int)i;
+ }
+ else
+ return es_write_sanitized (stream, p, length, delimiters, bytes_written);
+}
+#endif /*GNUPG_MAJOR_VERSION*/
diff --git a/common/estream.h b/common/estream.h
new file mode 100644
index 0000000..69f19f4
--- /dev/null
+++ b/common/estream.h
@@ -0,0 +1,379 @@
+/* estream.h - Extended stream I/O Library
+ * Copyright (C) 2004, 2005, 2006, 2007, 2010 g10 Code GmbH
+ *
+ * This file is part of Libestream.
+ *
+ * Libestream is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * Libestream is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Libestream; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * ALTERNATIVELY, Libestream may be distributed under the terms of the
+ * following license, in which case the provisions of this license are
+ * required INSTEAD OF the GNU General Public License. If you wish to
+ * allow use of your version of this file only under the terms of the
+ * GNU General Public License, and not to allow others to use your
+ * version of this file under the terms of the following license,
+ * indicate your decision by deleting this paragraph and the license
+ * below.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ESTREAM_H
+#define ESTREAM_H
+
+#include <sys/types.h>
+#include <stdarg.h>
+#include <stdio.h>
+
+/* To use this file with libraries the following macro is useful:
+
+ #define _ESTREAM_EXT_SYM_PREFIX _foo_
+
+ This prefixes all external symbols with "_foo_".
+
+ */
+
+
+#ifdef _ESTREAM_EXT_SYM_PREFIX
+#ifndef _ESTREAM_PREFIX
+#define _ESTREAM_PREFIX1(x,y) x ## y
+#define _ESTREAM_PREFIX2(x,y) _ESTREAM_PREFIX1(x,y)
+#define _ESTREAM_PREFIX(x) _ESTREAM_PREFIX2(_ESTREAM_EXT_SYM_PREFIX,x)
+#endif /*_ESTREAM_PREFIX*/
+#define es_fopen _ESTREAM_PREFIX(es_fopen)
+#define es_mopen _ESTREAM_PREFIX(es_mopen)
+#define es_fopenmem _ESTREAM_PREFIX(es_fopenmem)
+#define es_fdopen _ESTREAM_PREFIX(es_fdopen)
+#define es_fdopen_nc _ESTREAM_PREFIX(es_fdopen_nc)
+#define es_fpopen _ESTREAM_PREFIX(es_fpopen)
+#define es_fpopen_nc _ESTREAM_PREFIX(es_fpopen_nc)
+#define _es_set_std_fd _ESTREAM_PREFIX(_es_set_std_fd)
+#define _es_get_std_stream _ESTREAM_PREFIX(_es_get_std_stream)
+#define es_freopen _ESTREAM_PREFIX(es_freopen)
+#define es_fopencookie _ESTREAM_PREFIX(es_fopencookie)
+#define es_fclose _ESTREAM_PREFIX(es_fclose)
+#define es_fileno _ESTREAM_PREFIX(es_fileno)
+#define es_fileno_unlocked _ESTREAM_PREFIX(es_fileno_unlocked)
+#define es_flockfile _ESTREAM_PREFIX(es_flockfile)
+#define es_ftrylockfile _ESTREAM_PREFIX(es_ftrylockfile)
+#define es_funlockfile _ESTREAM_PREFIX(es_funlockfile)
+#define es_feof _ESTREAM_PREFIX(es_feof)
+#define es_feof_unlocked _ESTREAM_PREFIX(es_feof_unlocked)
+#define es_ferror _ESTREAM_PREFIX(es_ferror)
+#define es_ferror_unlocked _ESTREAM_PREFIX(es_ferror_unlocked)
+#define es_clearerr _ESTREAM_PREFIX(es_clearerr)
+#define es_clearerr_unlocked _ESTREAM_PREFIX(es_clearerr_unlocked)
+#define es_fflush _ESTREAM_PREFIX(es_fflush)
+#define es_fseek _ESTREAM_PREFIX(es_fseek)
+#define es_fseeko _ESTREAM_PREFIX(es_fseeko)
+#define es_ftell _ESTREAM_PREFIX(es_ftell)
+#define es_ftello _ESTREAM_PREFIX(es_ftello)
+#define es_rewind _ESTREAM_PREFIX(es_rewind)
+#define es_fgetc _ESTREAM_PREFIX(es_fgetc)
+#define es_fputc _ESTREAM_PREFIX(es_fputc)
+#define _es_getc_underflow _ESTREAM_PREFIX(_es_getc_underflow)
+#define _es_putc_overflow _ESTREAM_PREFIX(_es_putc_overflow)
+#define es_ungetc _ESTREAM_PREFIX(es_ungetc)
+#define es_read _ESTREAM_PREFIX(es_read)
+#define es_write _ESTREAM_PREFIX(es_write)
+#define es_write_sanitized _ESTREAM_PREFIX(es_write_sanitized)
+#define es_write_hexstring _ESTREAM_PREFIX(es_write_hexstring)
+#define es_fread _ESTREAM_PREFIX(es_fread)
+#define es_fwrite _ESTREAM_PREFIX(es_fwrite)
+#define es_fgets _ESTREAM_PREFIX(es_fgets)
+#define es_fputs _ESTREAM_PREFIX(es_fputs)
+#define es_fputs_unlocked _ESTREAM_PREFIX(es_fputs_unlocked)
+#define es_getline _ESTREAM_PREFIX(es_getline)
+#define es_read_line _ESTREAM_PREFIX(es_read_line)
+#define es_free _ESTREAM_PREFIX(es_free)
+#define es_fprintf _ESTREAM_PREFIX(es_fprintf)
+#define es_fprintf_unlocked _ESTREAM_PREFIX(es_fprintf_unlocked)
+#define es_vfprintf _ESTREAM_PREFIX(es_vfprint)
+#define es_vfprintf_unlocked _ESTREAM_PREFIX(es_vfprint_unlocked)
+#define es_setvbuf _ESTREAM_PREFIX(es_setvbuf)
+#define es_setbuf _ESTREAM_PREFIX(es_setbuf)
+#define es_tmpfile _ESTREAM_PREFIX(es_tmpfile)
+#define es_opaque_set _ESTREAM_PREFIX(es_opaque_set)
+#define es_opaque_get _ESTREAM_PREFIX(es_opaque_get)
+#define es_fname_set _ESTREAM_PREFIX(es_fname_set)
+#define es_fname_get _ESTREAM_PREFIX(es_fname_get)
+#define es_write_sanitized_utf8_buffer \
+ _ESTREAM_PREFIX(es_write_sanitized_utf8_buffer)
+#endif /*_ESTREAM_EXT_SYM_PREFIX*/
+
+
+#ifdef __cplusplus
+extern "C"
+{
+#if 0
+}
+#endif
+#endif
+
+
+/* Forward declaration for the (opaque) internal type. */
+struct estream_internal;
+
+/* The definition of this struct is entirely private. You must not
+ use it for anything. It is only here so some functions can be
+ implemented as macros. */
+struct es__stream
+{
+ /* The layout of this struct must never change. It may be grown,
+ but only if all functions which access the new members are
+ versioned. */
+
+ /* A pointer to the stream buffer. */
+ unsigned char *buffer;
+
+ /* The size of the buffer in bytes. */
+ size_t buffer_size;
+
+ /* The length of the usable data in the buffer, only valid when in
+ read mode (see flags). */
+ size_t data_len;
+
+ /* The current position of the offset pointer, valid in read and
+ write mode. */
+ size_t data_offset;
+
+ size_t data_flushed;
+ unsigned char *unread_buffer;
+ size_t unread_buffer_size;
+
+ /* The number of unread bytes. */
+ size_t unread_data_len;
+
+ /* Various flags. */
+ struct {
+ unsigned int writing: 1;
+ unsigned int reserved: 7;
+ } flags;
+
+ /* A pointer to our internal data for this stream. */
+ struct estream_internal *intern;
+};
+
+/* The opaque type for an estream. */
+typedef struct es__stream *estream_t;
+
+
+typedef ssize_t (*es_cookie_read_function_t) (void *cookie,
+ void *buffer, size_t size);
+typedef ssize_t (*es_cookie_write_function_t) (void *cookie,
+ const void *buffer,
+ size_t size);
+typedef int (*es_cookie_seek_function_t) (void *cookie,
+ off_t *pos, int whence);
+typedef int (*es_cookie_close_function_t) (void *cookie);
+
+typedef struct es_cookie_io_functions
+{
+ es_cookie_read_function_t func_read;
+ es_cookie_write_function_t func_write;
+ es_cookie_seek_function_t func_seek;
+ es_cookie_close_function_t func_close;
+} es_cookie_io_functions_t;
+
+
+#ifndef _ESTREAM_GCC_A_PRINTF
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
+# define _ESTREAM_GCC_A_PRINTF( f, a ) __attribute__ ((format (printf,f,a)))
+#else
+# define _ESTREAM_GCC_A_PRINTF( f, a )
+#endif
+#endif /*_ESTREAM_GCC_A_PRINTF*/
+
+
+#ifndef ES__RESTRICT
+# if defined __GNUC__ && defined __GNUC_MINOR__
+# if (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 92))
+# define ES__RESTRICT __restrict__
+# endif
+# endif
+#endif
+#ifndef ES__RESTRICT
+# define ES__RESTRICT
+#endif
+
+int es_init (void);
+
+int es_pth_kill (void);
+
+estream_t es_fopen (const char *ES__RESTRICT path,
+ const char *ES__RESTRICT mode);
+estream_t es_mopen (unsigned char *ES__RESTRICT data,
+ size_t data_n, size_t data_len,
+ unsigned int grow,
+ void *(*func_realloc) (void *mem, size_t size),
+ void (*func_free) (void *mem),
+ const char *ES__RESTRICT mode);
+estream_t es_fopenmem (size_t memlimit, const char *ES__RESTRICT mode);
+estream_t es_fdopen (int filedes, const char *mode);
+estream_t es_fdopen_nc (int filedes, const char *mode);
+estream_t es_fpopen (FILE *fp, const char *mode);
+estream_t es_fpopen_nc (FILE *fp, const char *mode);
+estream_t es_freopen (const char *ES__RESTRICT path,
+ const char *ES__RESTRICT mode,
+ estream_t ES__RESTRICT stream);
+estream_t es_fopencookie (void *ES__RESTRICT cookie,
+ const char *ES__RESTRICT mode,
+ es_cookie_io_functions_t functions);
+int es_fclose (estream_t stream);
+int es_fileno (estream_t stream);
+int es_fileno_unlocked (estream_t stream);
+
+void _es_set_std_fd (int no, int fd);
+estream_t _es_get_std_stream (int fd);
+
+#define es_stdin _es_get_std_stream (0)
+#define es_stdout _es_get_std_stream (1)
+#define es_stderr _es_get_std_stream (2)
+
+
+void es_flockfile (estream_t stream);
+int es_ftrylockfile (estream_t stream);
+void es_funlockfile (estream_t stream);
+
+int es_feof (estream_t stream);
+int es_feof_unlocked (estream_t stream);
+int es_ferror (estream_t stream);
+int es_ferror_unlocked (estream_t stream);
+void es_clearerr (estream_t stream);
+void es_clearerr_unlocked (estream_t stream);
+
+int es_fflush (estream_t stream);
+int es_fseek (estream_t stream, long int offset, int whence);
+int es_fseeko (estream_t stream, off_t offset, int whence);
+long int es_ftell (estream_t stream);
+off_t es_ftello (estream_t stream);
+void es_rewind (estream_t stream);
+
+int es_fgetc (estream_t stream);
+int es_fputc (int c, estream_t stream);
+
+int _es_getc_underflow (estream_t stream);
+int _es_putc_overflow (int c, estream_t stream);
+
+#define es_getc_unlocked(stream) \
+ (((!(stream)->flags.writing) \
+ && ((stream)->data_offset < (stream)->data_len) \
+ && (! (stream)->unread_data_len)) \
+ ? ((int) (stream)->buffer[((stream)->data_offset)++]) \
+ : _es_getc_underflow ((stream)))
+
+#define es_putc_unlocked(c, stream) \
+ (((stream)->flags.writing \
+ && ((stream)->data_offset < (stream)->buffer_size) \
+ && (c != '\n')) \
+ ? ((int) ((stream)->buffer[((stream)->data_offset)++] = (c))) \
+ : _es_putc_overflow ((c), (stream)))
+
+#define es_getc(stream) es_fgetc (stream)
+#define es_putc(c, stream) es_fputc (c, stream)
+
+int es_ungetc (int c, estream_t stream);
+
+int es_read (estream_t ES__RESTRICT stream,
+ void *ES__RESTRICT buffer, size_t bytes_to_read,
+ size_t *ES__RESTRICT bytes_read);
+int es_write (estream_t ES__RESTRICT stream,
+ const void *ES__RESTRICT buffer, size_t bytes_to_write,
+ size_t *ES__RESTRICT bytes_written);
+int es_write_sanitized (estream_t ES__RESTRICT stream,
+ const void *ES__RESTRICT buffer, size_t length,
+ const char *delimiters,
+ size_t *ES__RESTRICT bytes_written);
+int es_write_hexstring (estream_t ES__RESTRICT stream,
+ const void *ES__RESTRICT buffer, size_t length,
+ int reserved, size_t *ES__RESTRICT bytes_written);
+
+size_t es_fread (void *ES__RESTRICT ptr, size_t size, size_t nitems,
+ estream_t ES__RESTRICT stream);
+size_t es_fwrite (const void *ES__RESTRICT ptr, size_t size, size_t memb,
+ estream_t ES__RESTRICT stream);
+
+char *es_fgets (char *ES__RESTRICT s, int n, estream_t ES__RESTRICT stream);
+int es_fputs (const char *ES__RESTRICT s, estream_t ES__RESTRICT stream);
+int es_fputs_unlocked (const char *ES__RESTRICT s,
+ estream_t ES__RESTRICT stream);
+
+ssize_t es_getline (char *ES__RESTRICT *ES__RESTRICT lineptr,
+ size_t *ES__RESTRICT n,
+ estream_t stream);
+ssize_t es_read_line (estream_t stream,
+ char **addr_of_buffer, size_t *length_of_buffer,
+ size_t *max_length);
+void es_free (void *a);
+
+int es_fprintf (estream_t ES__RESTRICT stream,
+ const char *ES__RESTRICT format, ...)
+ _ESTREAM_GCC_A_PRINTF(2,3);
+int es_fprintf_unlocked (estream_t ES__RESTRICT stream,
+ const char *ES__RESTRICT format, ...)
+ _ESTREAM_GCC_A_PRINTF(2,3);
+
+int es_vfprintf (estream_t ES__RESTRICT stream,
+ const char *ES__RESTRICT format, va_list ap)
+ _ESTREAM_GCC_A_PRINTF(2,0);
+int es_vfprintf_unlocked (estream_t ES__RESTRICT stream,
+ const char *ES__RESTRICT format, va_list ap)
+ _ESTREAM_GCC_A_PRINTF(2,0);
+
+int es_setvbuf (estream_t ES__RESTRICT stream,
+ char *ES__RESTRICT buf, int mode, size_t size);
+void es_setbuf (estream_t ES__RESTRICT stream, char *ES__RESTRICT buf);
+
+estream_t es_tmpfile (void);
+
+void es_opaque_set (estream_t ES__RESTRICT stream, void *ES__RESTRICT opaque);
+void *es_opaque_get (estream_t stream);
+
+void es_fname_set (estream_t stream, const char *fname);
+const char *es_fname_get (estream_t stream);
+
+
+#ifdef GNUPG_MAJOR_VERSION
+int es_write_sanitized_utf8_buffer (estream_t stream,
+ const void *buffer, size_t length,
+ const char *delimiters,
+ size_t *bytes_written);
+#endif /*GNUPG_MAJOR_VERSION*/
+
+#ifdef __cplusplus
+}
+#endif
+#endif /*ESTREAM_H*/
diff --git a/common/exaudit.awk b/common/exaudit.awk
new file mode 100644
index 0000000..270e148
--- /dev/null
+++ b/common/exaudit.awk
@@ -0,0 +1,43 @@
+# exaudit.awk - Extract audit event codes from audit.h
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+BEGIN {
+ print "# Output of exaudit.awk - DO NOT EDIT."
+ topheader = 0;
+ okay = 0;
+ code = 0;
+}
+
+topheader == 0 && /^\/\*/ { topheader = 1 }
+topheader == 1 { print $0 }
+topheader == 1 && /\*\// { topheader = 2; print "" }
+
+/AUDIT_NULL_EVENT/ { okay = 1 }
+!okay { next }
+/AUDIT_LAST_EVENT/ { exit }
+/AUDIT_[A-Za-z_]+/ {
+ sub (/[,\/\*]+/, "", $1);
+ desc = tolower (substr($1,7));
+ gsub (/_/," ",desc);
+ printf "%d\t%s\t%s\n", code, $1, desc;
+ code++;
+}
+
+END {
+ print "# end of audit codes."
+}
diff --git a/common/exechelp.c b/common/exechelp.c
new file mode 100644
index 0000000..cd9ba7b
--- /dev/null
+++ b/common/exechelp.c
@@ -0,0 +1,1033 @@
+/* exechelp.c - fork and exec helpers
+ * Copyright (C) 2004, 2007, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <signal.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#ifdef WITHOUT_GNU_PTH /* Give the Makefile a chance to build without Pth. */
+#undef HAVE_PTH
+#undef USE_GNU_PTH
+#endif
+
+#ifdef USE_GNU_PTH
+#include <pth.h>
+#endif
+#ifndef HAVE_W32_SYSTEM
+#include <sys/wait.h>
+#endif
+
+#ifdef HAVE_GETRLIMIT
+#include <sys/time.h>
+#include <sys/resource.h>
+#endif /*HAVE_GETRLIMIT*/
+
+#ifdef HAVE_STAT
+# include <sys/stat.h>
+#endif
+
+
+#include "util.h"
+#include "i18n.h"
+#include "sysutils.h"
+#include "exechelp.h"
+
+/* Define to 1 do enable debugging. */
+#define DEBUG_W32_SPAWN 1
+
+
+/* We have the usual problem here: Some modules are linked against pth
+ and some are not. However we want to use pth_fork and pth_waitpid
+ here. Using a weak symbol works but is not portable - we should
+ provide a an explicit dummy pth module instead of using the
+ pragma. */
+#ifndef _WIN32
+#pragma weak pth_fork
+#pragma weak pth_waitpid
+#endif
+
+#ifdef HAVE_W32_SYSTEM
+/* It seems Vista doesn't grok X_OK and so fails access() tests.
+ Previous versions interpreted X_OK as F_OK anyway, so we'll just
+ use F_OK directly. */
+#undef X_OK
+#define X_OK F_OK
+#endif /* HAVE_W32_SYSTEM */
+
+
+#ifdef HAVE_W32_SYSTEM
+/* We assume that a HANDLE can be represented by an int which should
+ be true for all i386 systems (HANDLE is defined as void *) and
+ these are the only systems for which Windows is available. Further
+ we assume that -1 denotes an invalid handle. */
+# define fd_to_handle(a) ((HANDLE)(a))
+# define handle_to_fd(a) ((int)(a))
+# define pid_to_handle(a) ((HANDLE)(a))
+# define handle_to_pid(a) ((int)(a))
+#endif
+
+
+/* Return the maximum number of currently allowed open file
+ descriptors. Only useful on POSIX systems but returns a value on
+ other systems too. */
+int
+get_max_fds (void)
+{
+ int max_fds = -1;
+#ifdef HAVE_GETRLIMIT
+ struct rlimit rl;
+
+# ifdef RLIMIT_NOFILE
+ if (!getrlimit (RLIMIT_NOFILE, &rl))
+ max_fds = rl.rlim_max;
+# endif
+
+# ifdef RLIMIT_OFILE
+ if (max_fds == -1 && !getrlimit (RLIMIT_OFILE, &rl))
+ max_fds = rl.rlim_max;
+
+# endif
+#endif /*HAVE_GETRLIMIT*/
+
+#ifdef _SC_OPEN_MAX
+ if (max_fds == -1)
+ {
+ long int scres = sysconf (_SC_OPEN_MAX);
+ if (scres >= 0)
+ max_fds = scres;
+ }
+#endif
+
+#ifdef _POSIX_OPEN_MAX
+ if (max_fds == -1)
+ max_fds = _POSIX_OPEN_MAX;
+#endif
+
+#ifdef OPEN_MAX
+ if (max_fds == -1)
+ max_fds = OPEN_MAX;
+#endif
+
+ if (max_fds == -1)
+ max_fds = 256; /* Arbitrary limit. */
+
+ return max_fds;
+}
+
+
+/* Close all file descriptors starting with descriptor FIRST. If
+ EXCEPT is not NULL, it is expected to be a list of file descriptors
+ which shall not be closed. This list shall be sorted in ascending
+ order with the end marked by -1. */
+void
+close_all_fds (int first, int *except)
+{
+ int max_fd = get_max_fds ();
+ int fd, i, except_start;
+
+ if (except)
+ {
+ except_start = 0;
+ for (fd=first; fd < max_fd; fd++)
+ {
+ for (i=except_start; except[i] != -1; i++)
+ {
+ if (except[i] == fd)
+ {
+ /* If we found the descriptor in the exception list
+ we can start the next compare run at the next
+ index because the exception list is ordered. */
+ except_start = i + 1;
+ break;
+ }
+ }
+ if (except[i] == -1)
+ close (fd);
+ }
+ }
+ else
+ {
+ for (fd=first; fd < max_fd; fd++)
+ close (fd);
+ }
+
+ errno = 0;
+}
+
+
+/* Returns an array with all currently open file descriptors. The end
+ of the array is marked by -1. The caller needs to release this
+ array using the *standard free* and not with xfree. This allow the
+ use of this fucntion right at startup even before libgcrypt has
+ been initialized. Returns NULL on error and sets ERRNO
+ accordingly. */
+int *
+get_all_open_fds (void)
+{
+ int *array;
+ size_t narray;
+ int fd, max_fd, idx;
+#ifndef HAVE_STAT
+ array = calloc (1, sizeof *array);
+ if (array)
+ array[0] = -1;
+#else /*HAVE_STAT*/
+ struct stat statbuf;
+
+ max_fd = get_max_fds ();
+ narray = 32; /* If you change this change also t-exechelp.c. */
+ array = calloc (narray, sizeof *array);
+ if (!array)
+ return NULL;
+
+ /* Note: The list we return is ordered. */
+ for (idx=0, fd=0; fd < max_fd; fd++)
+ if (!(fstat (fd, &statbuf) == -1 && errno == EBADF))
+ {
+ if (idx+1 >= narray)
+ {
+ int *tmp;
+
+ narray += (narray < 256)? 32:256;
+ tmp = realloc (array, narray * sizeof *array);
+ if (!tmp)
+ {
+ free (array);
+ return NULL;
+ }
+ array = tmp;
+ }
+ array[idx++] = fd;
+ }
+ array[idx] = -1;
+#endif /*HAVE_STAT*/
+ return array;
+}
+
+
+
+#ifdef HAVE_W32_SYSTEM
+/* Helper function to build_w32_commandline. */
+static char *
+build_w32_commandline_copy (char *buffer, const char *string)
+{
+ char *p = buffer;
+ const char *s;
+
+ if (!*string) /* Empty string. */
+ p = stpcpy (p, "\"\"");
+ else if (strpbrk (string, " \t\n\v\f\""))
+ {
+ /* Need top do some kind of quoting. */
+ p = stpcpy (p, "\"");
+ for (s=string; *s; s++)
+ {
+ *p++ = *s;
+ if (*s == '\"')
+ *p++ = *s;
+ }
+ *p++ = '\"';
+ *p = 0;
+ }
+ else
+ p = stpcpy (p, string);
+
+ return p;
+}
+
+/* Build a command line for use with W32's CreateProcess. On success
+ CMDLINE gets the address of a newly allocated string. */
+static gpg_error_t
+build_w32_commandline (const char *pgmname, const char * const *argv,
+ char **cmdline)
+{
+ int i, n;
+ const char *s;
+ char *buf, *p;
+
+ *cmdline = NULL;
+ n = 0;
+ s = pgmname;
+ n += strlen (s) + 1 + 2; /* (1 space, 2 quoting */
+ for (; *s; s++)
+ if (*s == '\"')
+ n++; /* Need to double inner quotes. */
+ for (i=0; (s=argv[i]); i++)
+ {
+ n += strlen (s) + 1 + 2; /* (1 space, 2 quoting */
+ for (; *s; s++)
+ if (*s == '\"')
+ n++; /* Need to double inner quotes. */
+ }
+ n++;
+
+ buf = p = xtrymalloc (n);
+ if (!buf)
+ return gpg_error_from_syserror ();
+
+ p = build_w32_commandline_copy (p, pgmname);
+ for (i=0; argv[i]; i++)
+ {
+ *p++ = ' ';
+ p = build_w32_commandline_copy (p, argv[i]);
+ }
+
+ *cmdline= buf;
+ return 0;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+#ifdef HAVE_W32_SYSTEM
+/* Create pipe where the write end is inheritable. */
+static int
+create_inheritable_pipe (int filedes[2])
+{
+ HANDLE r, w, h;
+ SECURITY_ATTRIBUTES sec_attr;
+
+ memset (&sec_attr, 0, sizeof sec_attr );
+ sec_attr.nLength = sizeof sec_attr;
+ sec_attr.bInheritHandle = FALSE;
+
+ if (!CreatePipe (&r, &w, &sec_attr, 0))
+ return -1;
+
+ if (!DuplicateHandle (GetCurrentProcess(), w,
+ GetCurrentProcess(), &h, 0,
+ TRUE, DUPLICATE_SAME_ACCESS ))
+ {
+ log_error ("DuplicateHandle failed: %s\n", w32_strerror (-1));
+ CloseHandle (r);
+ CloseHandle (w);
+ return -1;
+ }
+ CloseHandle (w);
+ w = h;
+
+ filedes[0] = handle_to_fd (r);
+ filedes[1] = handle_to_fd (w);
+ return 0;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+#ifdef HAVE_W32_SYSTEM
+static HANDLE
+w32_open_null (int for_write)
+{
+ HANDLE hfile;
+
+ hfile = CreateFile ("nul",
+ for_write? GENERIC_WRITE : GENERIC_READ,
+ FILE_SHARE_READ | FILE_SHARE_WRITE,
+ NULL, OPEN_EXISTING, 0, NULL);
+ if (hfile == INVALID_HANDLE_VALUE)
+ log_debug ("can't open `nul': %s\n", w32_strerror (-1));
+ return hfile;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+#ifndef HAVE_W32_SYSTEM
+/* The exec core used right after the fork. This will never return. */
+static void
+do_exec (const char *pgmname, const char *argv[],
+ int fd_in, int fd_out, int fd_err,
+ void (*preexec)(void) )
+{
+ char **arg_list;
+ int i, j;
+ int fds[3];
+
+ fds[0] = fd_in;
+ fds[1] = fd_out;
+ fds[2] = fd_err;
+
+ /* Create the command line argument array. */
+ i = 0;
+ if (argv)
+ while (argv[i])
+ i++;
+ arg_list = xcalloc (i+2, sizeof *arg_list);
+ arg_list[0] = strrchr (pgmname, '/');
+ if (arg_list[0])
+ arg_list[0]++;
+ else
+ arg_list[0] = xstrdup (pgmname);
+ if (argv)
+ for (i=0,j=1; argv[i]; i++, j++)
+ arg_list[j] = (char*)argv[i];
+
+ /* Assign /dev/null to unused FDs. */
+ for (i=0; i <= 2; i++)
+ {
+ if (fds[i] == -1 )
+ {
+ fds[i] = open ("/dev/null", i? O_WRONLY : O_RDONLY);
+ if (fds[i] == -1)
+ log_fatal ("failed to open `%s': %s\n",
+ "/dev/null", strerror (errno));
+ }
+ }
+
+ /* Connect the standard files. */
+ for (i=0; i <= 2; i++)
+ {
+ if (fds[i] != i && dup2 (fds[i], i) == -1)
+ log_fatal ("dup2 std%s failed: %s\n",
+ i==0?"in":i==1?"out":"err", strerror (errno));
+ }
+
+ /* Close all other files. */
+ close_all_fds (3, NULL);
+
+ if (preexec)
+ preexec ();
+ execv (pgmname, arg_list);
+ /* No way to print anything, as we have closed all streams. */
+ _exit (127);
+}
+#endif /*!HAVE_W32_SYSTEM*/
+
+
+/* Portable function to create a pipe. Under Windows the write end is
+ inheritable. */
+gpg_error_t
+gnupg_create_inbound_pipe (int filedes[2])
+{
+ gpg_error_t err = 0;
+#if HAVE_W32_SYSTEM
+ int fds[2];
+
+ filedes[0] = filedes[1] = -1;
+ err = gpg_error (GPG_ERR_GENERAL);
+ if (!create_inheritable_pipe (fds))
+ {
+ filedes[0] = _open_osfhandle (fds[0], 0);
+ if (filedes[0] == -1)
+ {
+ log_error ("failed to translate osfhandle %p\n", (void*)fds[0]);
+ CloseHandle (fd_to_handle (fds[1]));
+ }
+ else
+ {
+ filedes[1] = _open_osfhandle (fds[1], 1);
+ if (filedes[1] == -1)
+ {
+ log_error ("failed to translate osfhandle %p\n", (void*)fds[1]);
+ close (filedes[0]);
+ filedes[0] = -1;
+ CloseHandle (fd_to_handle (fds[1]));
+ }
+ else
+ err = 0;
+ }
+ }
+#else
+ if (pipe (filedes) == -1)
+ {
+ err = gpg_error_from_syserror ();
+ filedes[0] = filedes[1] = -1;
+ }
+#endif
+ return err;
+}
+
+
+/* Fork and exec the PGMNAME, connect the file descriptor of INFILE to
+ stdin, write the output to OUTFILE, return a new stream in
+ STATUSFILE for stderr and the pid of the process in PID. The
+ arguments for the process are expected in the NULL terminated array
+ ARGV. The program name itself should not be included there. If
+ PREEXEC is not NULL, that function will be called right before the
+ exec. Calling gnupg_wait_process is required.
+
+ FLAGS is a bit vector with just one bit defined for now:
+
+ Bit 7: If set the process will be started as a background process.
+ This flag is only useful under W32 systems, so that no new
+ console is created and pops up a console window when
+ starting the server
+
+ Bit 6: On W32 run AllowSetForegroundWindow for the child. Due to
+ error problems this actually allows SetForegroundWindow for
+ childs of this process.
+
+ Returns 0 on success or an error code. */
+gpg_error_t
+gnupg_spawn_process (const char *pgmname, const char *argv[],
+ FILE *infile, FILE *outfile,
+ void (*preexec)(void), unsigned int flags,
+ FILE **statusfile, pid_t *pid)
+{
+#ifdef HAVE_W32_SYSTEM
+ gpg_error_t err;
+ SECURITY_ATTRIBUTES sec_attr;
+ PROCESS_INFORMATION pi =
+ {
+ NULL, /* Returns process handle. */
+ 0, /* Returns primary thread handle. */
+ 0, /* Returns pid. */
+ 0 /* Returns tid. */
+ };
+ STARTUPINFO si;
+ int cr_flags;
+ char *cmdline;
+ int fd, fdout, rp[2];
+
+ (void)preexec;
+
+ /* Setup return values. */
+ *statusfile = NULL;
+ *pid = (pid_t)(-1);
+ fflush (infile);
+ rewind (infile);
+ fd = _get_osfhandle (fileno (infile));
+ fdout = _get_osfhandle (fileno (outfile));
+ if (fd == -1 || fdout == -1)
+ log_fatal ("no file descriptor for file passed to gnupg_spawn_process\n");
+
+ /* Prepare security attributes. */
+ memset (&sec_attr, 0, sizeof sec_attr );
+ sec_attr.nLength = sizeof sec_attr;
+ sec_attr.bInheritHandle = FALSE;
+
+ /* Build the command line. */
+ err = build_w32_commandline (pgmname, argv, &cmdline);
+ if (err)
+ return err;
+
+ /* Create a pipe. */
+ if (create_inheritable_pipe (rp))
+ {
+ err = gpg_error (GPG_ERR_GENERAL);
+ log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
+ xfree (cmdline);
+ return err;
+ }
+
+ /* Start the process. Note that we can't run the PREEXEC function
+ because this would change our own environment. */
+ memset (&si, 0, sizeof si);
+ si.cb = sizeof (si);
+ si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
+ si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE;
+ si.hStdInput = fd_to_handle (fd);
+ si.hStdOutput = fd_to_handle (fdout);
+ si.hStdError = fd_to_handle (rp[1]);
+
+ cr_flags = (CREATE_DEFAULT_ERROR_MODE
+ | ((flags & 128)? DETACHED_PROCESS : 0)
+ | GetPriorityClass (GetCurrentProcess ())
+ | CREATE_SUSPENDED);
+/* log_debug ("CreateProcess, path=`%s' cmdline=`%s'\n", pgmname, cmdline); */
+ if (!CreateProcess (pgmname, /* Program to start. */
+ cmdline, /* Command line arguments. */
+ &sec_attr, /* Process security attributes. */
+ &sec_attr, /* Thread security attributes. */
+ TRUE, /* Inherit handles. */
+ cr_flags, /* Creation flags. */
+ NULL, /* Environment. */
+ NULL, /* Use current drive/directory. */
+ &si, /* Startup information. */
+ &pi /* Returns process information. */
+ ))
+ {
+ log_error ("CreateProcess failed: %s\n", w32_strerror (-1));
+ xfree (cmdline);
+ CloseHandle (fd_to_handle (rp[0]));
+ CloseHandle (fd_to_handle (rp[1]));
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+ xfree (cmdline);
+ cmdline = NULL;
+
+ /* Close the other end of the pipe. */
+ CloseHandle (fd_to_handle (rp[1]));
+
+/* log_debug ("CreateProcess ready: hProcess=%p hThread=%p" */
+/* " dwProcessID=%d dwThreadId=%d\n", */
+/* pi.hProcess, pi.hThread, */
+/* (int) pi.dwProcessId, (int) pi.dwThreadId); */
+
+ /* Fixme: For unknown reasons AllowSetForegroundWindow returns an
+ invalid argument error if we pass the correct processID to
+ it. As a workaround we use -1 (ASFW_ANY). */
+ if ( (flags & 64) )
+ gnupg_allow_set_foregound_window ((pid_t)(-1)/*pi.dwProcessId*/);
+
+ /* Process has been created suspended; resume it now. */
+ ResumeThread (pi.hThread);
+ CloseHandle (pi.hThread);
+
+ {
+ int x;
+
+ x = _open_osfhandle (rp[0], 0);
+ if (x == -1)
+ log_error ("failed to translate osfhandle %p\n", (void*)rp[0] );
+ else
+ *statusfile = fdopen (x, "r");
+ }
+ if (!*statusfile)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("can't fdopen pipe for reading: %s\n"), gpg_strerror (err));
+ CloseHandle (pi.hProcess);
+ return err;
+ }
+
+ *pid = handle_to_pid (pi.hProcess);
+ return 0;
+
+#else /* !HAVE_W32_SYSTEM */
+ gpg_error_t err;
+ int fd, fdout, rp[2];
+
+ (void)flags; /* Currently not used. */
+
+ *statusfile = NULL;
+ *pid = (pid_t)(-1);
+ fflush (infile);
+ rewind (infile);
+ fd = fileno (infile);
+ fdout = fileno (outfile);
+ if (fd == -1 || fdout == -1)
+ log_fatal ("no file descriptor for file passed to gnupg_spawn_process\n");
+
+ if (pipe (rp) == -1)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error creating a pipe: %s\n"), strerror (errno));
+ return err;
+ }
+
+#ifdef USE_GNU_PTH
+ *pid = pth_fork? pth_fork () : fork ();
+#else
+ *pid = fork ();
+#endif
+ if (*pid == (pid_t)(-1))
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error forking process: %s\n"), strerror (errno));
+ close (rp[0]);
+ close (rp[1]);
+ return err;
+ }
+
+ if (!*pid)
+ {
+ gcry_control (GCRYCTL_TERM_SECMEM);
+ /* Run child. */
+ do_exec (pgmname, argv, fd, fdout, rp[1], preexec);
+ /*NOTREACHED*/
+ }
+
+ /* Parent. */
+ close (rp[1]);
+
+ *statusfile = fdopen (rp[0], "r");
+ if (!*statusfile)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("can't fdopen pipe for reading: %s\n"), strerror (errno));
+ kill (*pid, SIGTERM);
+ *pid = (pid_t)(-1);
+ return err;
+ }
+
+ return 0;
+#endif /* !HAVE_W32_SYSTEM */
+}
+
+
+
+/* Simplified version of gnupg_spawn_process. This function forks and
+ then execs PGMNAME, while connecting INFD to stdin, OUTFD to stdout
+ and ERRFD to stderr (any of them may be -1 to connect them to
+ /dev/null). The arguments for the process are expected in the NULL
+ terminated array ARGV. The program name itself should not be
+ included there. Calling gnupg_wait_process is required.
+
+ Returns 0 on success or an error code. */
+gpg_error_t
+gnupg_spawn_process_fd (const char *pgmname, const char *argv[],
+ int infd, int outfd, int errfd, pid_t *pid)
+{
+#ifdef HAVE_W32_SYSTEM
+ gpg_error_t err;
+ SECURITY_ATTRIBUTES sec_attr;
+ PROCESS_INFORMATION pi = { NULL, 0, 0, 0 };
+ STARTUPINFO si;
+ char *cmdline;
+ int i;
+ HANDLE stdhd[3];
+
+ /* Setup return values. */
+ *pid = (pid_t)(-1);
+
+ /* Prepare security attributes. */
+ memset (&sec_attr, 0, sizeof sec_attr );
+ sec_attr.nLength = sizeof sec_attr;
+ sec_attr.bInheritHandle = FALSE;
+
+ /* Build the command line. */
+ err = build_w32_commandline (pgmname, argv, &cmdline);
+ if (err)
+ return err;
+
+ memset (&si, 0, sizeof si);
+ si.cb = sizeof (si);
+ si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
+ si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE;
+ stdhd[0] = infd == -1? w32_open_null (0) : INVALID_HANDLE_VALUE;
+ stdhd[1] = outfd == -1? w32_open_null (1) : INVALID_HANDLE_VALUE;
+ stdhd[2] = errfd == -1? w32_open_null (1) : INVALID_HANDLE_VALUE;
+ si.hStdInput = infd == -1? stdhd[0] : (void*)_get_osfhandle (infd);
+ si.hStdOutput = outfd == -1? stdhd[1] : (void*)_get_osfhandle (outfd);
+ si.hStdError = errfd == -1? stdhd[2] : (void*)_get_osfhandle (errfd);
+
+/* log_debug ("CreateProcess, path=`%s' cmdline=`%s'\n", pgmname, cmdline); */
+ if (!CreateProcess (pgmname, /* Program to start. */
+ cmdline, /* Command line arguments. */
+ &sec_attr, /* Process security attributes. */
+ &sec_attr, /* Thread security attributes. */
+ TRUE, /* Inherit handles. */
+ (CREATE_DEFAULT_ERROR_MODE
+ | GetPriorityClass (GetCurrentProcess ())
+ | CREATE_SUSPENDED | DETACHED_PROCESS),
+ NULL, /* Environment. */
+ NULL, /* Use current drive/directory. */
+ &si, /* Startup information. */
+ &pi /* Returns process information. */
+ ))
+ {
+ log_error ("CreateProcess failed: %s\n", w32_strerror (-1));
+ err = gpg_error (GPG_ERR_GENERAL);
+ }
+ else
+ err = 0;
+ xfree (cmdline);
+ for (i=0; i < 3; i++)
+ if (stdhd[i] != INVALID_HANDLE_VALUE)
+ CloseHandle (stdhd[i]);
+ if (err)
+ return err;
+
+/* log_debug ("CreateProcess ready: hProcess=%p hThread=%p" */
+/* " dwProcessID=%d dwThreadId=%d\n", */
+/* pi.hProcess, pi.hThread, */
+/* (int) pi.dwProcessId, (int) pi.dwThreadId); */
+
+ /* Process has been created suspended; resume it now. */
+ ResumeThread (pi.hThread);
+ CloseHandle (pi.hThread);
+
+ *pid = handle_to_pid (pi.hProcess);
+ return 0;
+
+#else /* !HAVE_W32_SYSTEM */
+ gpg_error_t err;
+
+#ifdef USE_GNU_PTH
+ *pid = pth_fork? pth_fork () : fork ();
+#else
+ *pid = fork ();
+#endif
+ if (*pid == (pid_t)(-1))
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error forking process: %s\n"), strerror (errno));
+ return err;
+ }
+
+ if (!*pid)
+ {
+ gcry_control (GCRYCTL_TERM_SECMEM);
+ /* Run child. */
+ do_exec (pgmname, argv, infd, outfd, errfd, NULL);
+ /*NOTREACHED*/
+ }
+
+ return 0;
+#endif /* !HAVE_W32_SYSTEM */
+}
+
+
+/* Wait for the process identified by PID to terminate. PGMNAME should
+ be the same as supplied to the spawn function and is only used for
+ diagnostics. Returns 0 if the process succeeded, GPG_ERR_GENERAL
+ for any failures of the spawned program or other error codes. If
+ EXITCODE is not NULL the exit code of the process is stored at this
+ address or -1 if it could not be retrieved. */
+gpg_error_t
+gnupg_wait_process (const char *pgmname, pid_t pid, int *exitcode)
+{
+ gpg_err_code_t ec;
+
+#ifdef HAVE_W32_SYSTEM
+ HANDLE proc = fd_to_handle (pid);
+ int code;
+ DWORD exc;
+
+ if (exitcode)
+ *exitcode = -1;
+
+ if (pid == (pid_t)(-1))
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ /* FIXME: We should do a pth_waitpid here. However this has not yet
+ been implemented. A special W32 pth system call would even be
+ better. */
+ code = WaitForSingleObject (proc, INFINITE);
+ switch (code)
+ {
+ case WAIT_FAILED:
+ log_error (_("waiting for process %d to terminate failed: %s\n"),
+ (int)pid, w32_strerror (-1));
+ ec = GPG_ERR_GENERAL;
+ break;
+
+ case WAIT_OBJECT_0:
+ if (!GetExitCodeProcess (proc, &exc))
+ {
+ log_error (_("error getting exit code of process %d: %s\n"),
+ (int)pid, w32_strerror (-1) );
+ ec = GPG_ERR_GENERAL;
+ }
+ else if (exc)
+ {
+ log_error (_("error running `%s': exit status %d\n"),
+ pgmname, (int)exc );
+ if (exitcode)
+ *exitcode = (int)exc;
+ ec = GPG_ERR_GENERAL;
+ }
+ else
+ {
+ if (exitcode)
+ *exitcode = 0;
+ ec = 0;
+ }
+ CloseHandle (proc);
+ break;
+
+ default:
+ log_error ("WaitForSingleObject returned unexpected "
+ "code %d for pid %d\n", code, (int)pid );
+ ec = GPG_ERR_GENERAL;
+ break;
+ }
+
+#else /* !HAVE_W32_SYSTEM */
+ int i, status;
+
+ if (exitcode)
+ *exitcode = -1;
+
+ if (pid == (pid_t)(-1))
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+#ifdef USE_GNU_PTH
+ i = pth_waitpid ? pth_waitpid (pid, &status, 0) : waitpid (pid, &status, 0);
+#else
+ while ( (i=waitpid (pid, &status, 0)) == -1 && errno == EINTR)
+ ;
+#endif
+ if (i == (pid_t)(-1))
+ {
+ log_error (_("waiting for process %d to terminate failed: %s\n"),
+ (int)pid, strerror (errno));
+ ec = gpg_err_code_from_errno (errno);
+ }
+ else if (WIFEXITED (status) && WEXITSTATUS (status) == 127)
+ {
+ log_error (_("error running `%s': probably not installed\n"), pgmname);
+ ec = GPG_ERR_CONFIGURATION;
+ }
+ else if (WIFEXITED (status) && WEXITSTATUS (status))
+ {
+
+ if (!exitcode)
+ log_error (_("error running `%s': exit status %d\n"), pgmname,
+ WEXITSTATUS (status));
+ else
+ *exitcode = WEXITSTATUS (status);
+ ec = GPG_ERR_GENERAL;
+ }
+ else if (!WIFEXITED (status))
+ {
+ log_error (_("error running `%s': terminated\n"), pgmname);
+ ec = GPG_ERR_GENERAL;
+ }
+ else
+ {
+ if (exitcode)
+ *exitcode = 0;
+ ec = 0;
+ }
+#endif /* !HAVE_W32_SYSTEM */
+
+ return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec);
+}
+
+
+/* Spawn a new process and immediatley detach from it. The name of
+ the program to exec is PGMNAME and its arguments are in ARGV (the
+ programname is automatically passed as first argument).
+ Environment strings in ENVP are set. An error is returned if
+ pgmname is not executable; to make this work it is necessary to
+ provide an absolute file name. All standard file descriptors are
+ connected to /dev/null. */
+gpg_error_t
+gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
+ const char *envp[] )
+{
+#ifdef HAVE_W32_SYSTEM
+ gpg_error_t err;
+ SECURITY_ATTRIBUTES sec_attr;
+ PROCESS_INFORMATION pi =
+ {
+ NULL, /* Returns process handle. */
+ 0, /* Returns primary thread handle. */
+ 0, /* Returns pid. */
+ 0 /* Returns tid. */
+ };
+ STARTUPINFO si;
+ int cr_flags;
+ char *cmdline;
+
+
+ /* FIXME: We don't make use of ENVP yet. It is currently only used
+ to pass the GPG_AGENT_INFO variable to gpg-agent. As the default
+ on windows is to use a standard socket, this does not really
+ matter. */
+ (void)envp;
+
+ if (access (pgmname, X_OK))
+ return gpg_error_from_syserror ();
+
+ /* Prepare security attributes. */
+ memset (&sec_attr, 0, sizeof sec_attr );
+ sec_attr.nLength = sizeof sec_attr;
+ sec_attr.bInheritHandle = FALSE;
+
+ /* Build the command line. */
+ err = build_w32_commandline (pgmname, argv, &cmdline);
+ if (err)
+ return err;
+
+ /* Start the process. */
+ memset (&si, 0, sizeof si);
+ si.cb = sizeof (si);
+ si.dwFlags = STARTF_USESHOWWINDOW;
+ si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE;
+
+ cr_flags = (CREATE_DEFAULT_ERROR_MODE
+ | GetPriorityClass (GetCurrentProcess ())
+ | CREATE_NEW_PROCESS_GROUP
+ | DETACHED_PROCESS);
+/* log_debug ("CreateProcess(detached), path=`%s' cmdline=`%s'\n", */
+/* pgmname, cmdline); */
+ if (!CreateProcess (pgmname, /* Program to start. */
+ cmdline, /* Command line arguments. */
+ &sec_attr, /* Process security attributes. */
+ &sec_attr, /* Thread security attributes. */
+ FALSE, /* Inherit handles. */
+ cr_flags, /* Creation flags. */
+ NULL, /* Environment. */
+ NULL, /* Use current drive/directory. */
+ &si, /* Startup information. */
+ &pi /* Returns process information. */
+ ))
+ {
+ log_error ("CreateProcess(detached) failed: %s\n", w32_strerror (-1));
+ xfree (cmdline);
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+ xfree (cmdline);
+ cmdline = NULL;
+
+/* log_debug ("CreateProcess(detached) ready: hProcess=%p hThread=%p" */
+/* " dwProcessID=%d dwThreadId=%d\n", */
+/* pi.hProcess, pi.hThread, */
+/* (int) pi.dwProcessId, (int) pi.dwThreadId); */
+
+ CloseHandle (pi.hThread);
+
+ return 0;
+
+#else
+ pid_t pid;
+ int i;
+
+ if (getuid() != geteuid())
+ return gpg_error (GPG_ERR_BUG);
+
+ if (access (pgmname, X_OK))
+ return gpg_error_from_syserror ();
+
+#ifdef USE_GNU_PTH
+ pid = pth_fork? pth_fork () : fork ();
+#else
+ pid = fork ();
+#endif
+ if (pid == (pid_t)(-1))
+ {
+ log_error (_("error forking process: %s\n"), strerror (errno));
+ return gpg_error_from_syserror ();
+ }
+ if (!pid)
+ {
+ pid_t pid2;
+
+ gcry_control (GCRYCTL_TERM_SECMEM);
+ if (setsid() == -1 || chdir ("/"))
+ _exit (1);
+ pid2 = fork (); /* Double fork to let init takes over the new child. */
+ if (pid2 == (pid_t)(-1))
+ _exit (1);
+ if (pid2)
+ _exit (0); /* Let the parent exit immediately. */
+
+ if (envp)
+ for (i=0; envp[i]; i++)
+ putenv (xstrdup (envp[i]));
+
+ do_exec (pgmname, argv, -1, -1, -1, NULL);
+
+ /*NOTREACHED*/
+ }
+
+ if (waitpid (pid, NULL, 0) == -1)
+ log_error ("waitpid failed in gnupg_spawn_process_detached: %s",
+ strerror (errno));
+
+ return 0;
+#endif /* !HAVE_W32_SYSTEM*/
+}
diff --git a/common/exechelp.h b/common/exechelp.h
new file mode 100644
index 0000000..0efee29
--- /dev/null
+++ b/common/exechelp.h
@@ -0,0 +1,97 @@
+/* exechelp.h - Definitions for the fork and exec helpers
+ * Copyright (C) 2004, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_EXECHELP_H
+#define GNUPG_COMMON_EXECHELP_H
+
+/* Return the maximum number of currently allowed file descriptors.
+ Only useful on POSIX systems. */
+int get_max_fds (void);
+
+
+/* Close all file descriptors starting with descriptor FIRST. If
+ EXCEPT is not NULL, it is expected to be a list of file descriptors
+ which are not to close. This list shall be sorted in ascending
+ order with its end marked by -1. */
+void close_all_fds (int first, int *except);
+
+
+/* Returns an array with all currently open file descriptors. The end
+ of the array is marked by -1. The caller needs to release this
+ array using the *standard free* and not with xfree. This allow the
+ use of this fucntion right at startup even before libgcrypt has
+ been initialized. Returns NULL on error and sets ERRNO accordingly. */
+int *get_all_open_fds (void);
+
+
+/* Portable function to create a pipe. Under Windows the write end is
+ inheritable. */
+gpg_error_t gnupg_create_inbound_pipe (int filedes[2]);
+
+
+/* Fork and exec the PGMNAME, connect the file descriptor of INFILE to
+ stdin, write the output to OUTFILE, return a new stream in
+ STATUSFILE for stderr and the pid of the process in PID. The
+ arguments for the process are expected in the NULL terminated array
+ ARGV. The program name itself should not be included there. If
+ PREEXEC is not NULL, that function will be called right before the
+ exec. FLAGS is currently only useful for W32, see the source for
+ details. Calling gnupg_wait_process is required. Returns 0 on
+ success or an error code. */
+gpg_error_t gnupg_spawn_process (const char *pgmname, const char *argv[],
+ FILE *infile, FILE *outfile,
+ void (*preexec)(void), unsigned int flags,
+ FILE **statusfile, pid_t *pid);
+
+
+/* Simplified version of gnupg_spawn_process. This function forks and
+ then execs PGMNAME, while connecting INFD to stdin, OUTFD to stdout
+ and ERRFD to stderr (any of them may be -1 to connect them to
+ /dev/null). The arguments for the process are expected in the NULL
+ terminated array ARGV. The program name itself should not be
+ included there. Calling gnupg_wait_process is required. Returns 0
+ on success or an error code. */
+gpg_error_t gnupg_spawn_process_fd (const char *pgmname,
+ const char *argv[],
+ int infd, int outfd, int errfd,
+ pid_t *pid);
+
+
+/* Wait for the process identified by PID to terminate. PGMNAME should
+ be the same as supplied to the spawn fucntion and is only used for
+ diagnostics. Returns 0 if the process succeded, GPG_ERR_GENERAL
+ for any failures of the spawned program or other error codes. If
+ EXITCODE is not NULL the exit code of the process is stored at this
+ address or -1 if it could not be retrieved. */
+gpg_error_t gnupg_wait_process (const char *pgmname, pid_t pid, int *exitcode);
+
+
+/* Spawn a new process and immediatley detach from it. The name of
+ the program to exec is PGMNAME and its arguments are in ARGV (the
+ programname is automatically passed as first argument).
+ Environment strings in ENVP are set. An error is returned if
+ pgmname is not executable; to make this work it is necessary to
+ provide an absolute file name. */
+gpg_error_t gnupg_spawn_process_detached (const char *pgmname,
+ const char *argv[],
+ const char *envp[] );
+
+
+
+#endif /*GNUPG_COMMON_EXECHELP_H*/
diff --git a/common/exstatus.awk b/common/exstatus.awk
new file mode 100644
index 0000000..ea48e81
--- /dev/null
+++ b/common/exstatus.awk
@@ -0,0 +1,40 @@
+# exstatus.awk - Extract status codes from status.h
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+BEGIN {
+ print "# Created by exstatus.awk - DO NOT EDIT."
+ topheader = 0;
+ code = 0;
+}
+
+topheader == 0 && /^\/\*/ { topheader = 1 }
+topheader == 1 { print $0 }
+topheader == 1 && /\*\// { topheader = 2; print "" }
+
+/^[ \t]+STATUS_[A-Za-z_]+/ {
+ sub (/[,\/\*]+/, "", $1);
+ desc = substr($1,8);
+ printf "%d\t%s\t%s\n", code, $1, desc;
+ code++;
+}
+
+
+END {
+ print "# end of status codes."
+}
+
diff --git a/common/gc-opt-flags.h b/common/gc-opt-flags.h
new file mode 100644
index 0000000..261fe87
--- /dev/null
+++ b/common/gc-opt-flags.h
@@ -0,0 +1,40 @@
+/* gc-opt-flags.h - gpgconf constants used by the backends.
+ * Copyright (C) 2004, 2007 Free Software Foundation, Inc.
+ *
+ * This file is free software; as a special exception the author gives
+ * unlimited permission to copy and/or distribute it, with or without
+ * modifications, as long as this notice is preserved.
+ *
+ * This file is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY, to the extent permitted by law; without even
+ * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE.
+ */
+
+#ifndef GNUPG_GC_OPT_FLAGS_H
+#define GNUPG_GC_OPT_FLAGS_H
+
+/* Public option flags. YOU MUST NOT CHANGE THE NUMBERS OF THE
+ EXISTING FLAGS, AS THEY ARE PART OF THE EXTERNAL INTERFACE. See
+ gnupg/tools/gpgconf-comp.c for details. */
+
+#define GC_OPT_FLAG_NONE 0UL
+
+/* The RUNTIME flag for an option indicates that the option can be
+ changed at runtime. */
+#define GC_OPT_FLAG_RUNTIME (1UL << 3)
+
+/* The DEFAULT flag for an option indicates that the option has a
+ default value. */
+#define GC_OPT_FLAG_DEFAULT (1UL << 4)
+
+/* The DEF_DESC flag for an option indicates that the option has a
+ default, which is described by the value of the default field. */
+#define GC_OPT_FLAG_DEF_DESC (1UL << 5)
+
+/* The NO_ARG_DESC flag for an option indicates that the argument has
+ a default, which is described by the value of the ARGDEF field. */
+#define GC_OPT_FLAG_NO_ARG_DESC (1UL << 6)
+
+
+#endif /*GNUPG_GC_OPT_FLAGS_H*/
diff --git a/common/get-passphrase.c b/common/get-passphrase.c
new file mode 100644
index 0000000..0900794
--- /dev/null
+++ b/common/get-passphrase.c
@@ -0,0 +1,262 @@
+/* get-passphrase.c - Ask for a passphrase via the agent
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <assuan.h>
+
+#include "util.h"
+#include "i18n.h"
+#include "asshelp.h"
+#include "membuf.h"
+#include "sysutils.h"
+#include "get-passphrase.h"
+
+/* The context used by this process to ask for the passphrase. */
+static assuan_context_t agent_ctx;
+static struct
+{
+ gpg_err_source_t errsource;
+ int verbosity;
+ const char *homedir;
+ const char *agent_program;
+ const char *lc_ctype;
+ const char *lc_messages;
+ session_env_t session_env;
+ const char *pinentry_user_data;
+} agentargs;
+
+
+/* Set local variable to be used for a possible agent startup. Note
+ that the strings are just pointers and should not anymore be
+ modified by the caller. */
+void
+gnupg_prepare_get_passphrase (gpg_err_source_t errsource,
+ int verbosity,
+ const char *homedir,
+ const char *agent_program,
+ const char *opt_lc_ctype,
+ const char *opt_lc_messages,
+ session_env_t session_env)
+{
+ agentargs.errsource = errsource;
+ agentargs.verbosity = verbosity;
+ agentargs.homedir = homedir;
+ agentargs.agent_program = agent_program;
+ agentargs.lc_ctype = opt_lc_ctype;
+ agentargs.lc_messages = opt_lc_messages;
+ agentargs.session_env = session_env;
+}
+
+
+/* Try to connect to the agent via socket or fork it off and work by
+ pipes. Handle the server's initial greeting. */
+static gpg_error_t
+start_agent (void)
+{
+ gpg_error_t err;
+
+ /* Fixme: This code is not thread safe, thus we don't build it with
+ pth. We will need a context for each thread or serialize the
+ access to the agent. */
+ if (agent_ctx)
+ return 0;
+
+ err = start_new_gpg_agent (&agent_ctx,
+ agentargs.errsource,
+ agentargs.homedir,
+ agentargs.agent_program,
+ agentargs.lc_ctype,
+ agentargs.lc_messages,
+ agentargs.session_env,
+ agentargs.verbosity, 0, NULL, NULL);
+ if (!err)
+ {
+ /* Tell the agent that we support Pinentry notifications. No
+ error checking so that it will work with older agents. */
+ assuan_transact (agent_ctx, "OPTION allow-pinentry-notify",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ }
+
+ return err;
+}
+
+
+/* This is the default inquiry callback. It merely handles the
+ Pinentry notification. */
+static gpg_error_t
+default_inq_cb (void *opaque, const char *line)
+{
+ (void)opaque;
+
+ if (!strncmp (line, "PINENTRY_LAUNCHED", 17) && (line[17]==' '||!line[17]))
+ {
+ gnupg_allow_set_foregound_window ((pid_t)strtoul (line+17, NULL, 10));
+ /* We do not return errors to avoid breaking other code. */
+ }
+ else
+ log_debug ("ignoring gpg-agent inquiry `%s'\n", line);
+
+ return 0;
+}
+
+
+static gpg_error_t
+membuf_data_cb (void *opaque, const void *buffer, size_t length)
+{
+ membuf_t *data = opaque;
+
+ if (buffer)
+ put_membuf (data, buffer, length);
+ return 0;
+}
+
+
+/* Ask for a passphrase via gpg-agent. On success the caller needs to
+ free the string stored at R_PASSPHRASE. On error NULL will be
+ stored at R_PASSPHRASE and an appropriate gpg error code is
+ returned. With REPEAT set to 1, gpg-agent will ask the user to
+ repeat the just entered passphrase. CACHE_ID is a gpg-agent style
+ passphrase cache id or NULL. ERR_MSG is a error message to be
+ presented to the user (e.g. "bad passphrase - try again") or NULL.
+ PROMPT is the prompt string to label the entry box, it may be NULL
+ for a default one. DESC_MSG is a longer description to be
+ displayed above the entry box, if may be NULL for a default one.
+ If USE_SECMEM is true, the returned passphrase is retruned in
+ secure memory. The length of all these strings is limited; they
+ need to fit in their encoded form into a standard Assuan line (i.e
+ less then about 950 characters). All strings shall be UTF-8. */
+gpg_error_t
+gnupg_get_passphrase (const char *cache_id,
+ const char *err_msg,
+ const char *prompt,
+ const char *desc_msg,
+ int repeat,
+ int check_quality,
+ int use_secmem,
+ char **r_passphrase)
+{
+ gpg_error_t err;
+ char line[ASSUAN_LINELENGTH];
+ const char *arg1 = NULL;
+ char *arg2 = NULL;
+ char *arg3 = NULL;
+ char *arg4 = NULL;
+ membuf_t data;
+
+ *r_passphrase = NULL;
+
+ err = start_agent ();
+ if (err)
+ return err;
+
+ /* Check that the gpg-agent understands the repeat option. */
+ if (assuan_transact (agent_ctx,
+ "GETINFO cmd_has_option GET_PASSPHRASE repeat",
+ NULL, NULL, NULL, NULL, NULL, NULL))
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ arg1 = cache_id && *cache_id? cache_id:NULL;
+ if (err_msg && *err_msg)
+ if (!(arg2 = percent_plus_escape (err_msg)))
+ goto no_mem;
+ if (prompt && *prompt)
+ if (!(arg3 = percent_plus_escape (prompt)))
+ goto no_mem;
+ if (desc_msg && *desc_msg)
+ if (!(arg4 = percent_plus_escape (desc_msg)))
+ goto no_mem;
+
+ snprintf (line, DIM(line)-1,
+ "GET_PASSPHRASE --data %s--repeat=%d -- %s %s %s %s",
+ check_quality? "--check ":"",
+ repeat,
+ arg1? arg1:"X",
+ arg2? arg2:"X",
+ arg3? arg3:"X",
+ arg4? arg4:"X");
+ line[DIM(line)-1] = 0;
+ xfree (arg2);
+ xfree (arg3);
+ xfree (arg4);
+
+ if (use_secmem)
+ init_membuf_secure (&data, 64);
+ else
+ init_membuf (&data, 64);
+ err = assuan_transact (agent_ctx, line,
+ membuf_data_cb, &data,
+ default_inq_cb, NULL, NULL, NULL);
+
+ /* Older Pinentries return the old assuan error code for canceled
+ which gets translated bt libassuan to GPG_ERR_ASS_CANCELED and
+ not to the code for a user cancel. Fix this here. */
+ if (err && gpg_err_source (err)
+ && gpg_err_code (err) == GPG_ERR_ASS_CANCELED)
+ err = gpg_err_make (gpg_err_source (err), GPG_ERR_CANCELED);
+
+ if (err)
+ {
+ void *p;
+ size_t n;
+
+ p = get_membuf (&data, &n);
+ if (p)
+ wipememory (p, n);
+ xfree (p);
+ }
+ else
+ {
+ put_membuf (&data, "", 1);
+ *r_passphrase = get_membuf (&data, NULL);
+ if (!*r_passphrase)
+ err = gpg_error_from_syserror ();
+ }
+ return err;
+ no_mem:
+ err = gpg_error_from_syserror ();
+ xfree (arg2);
+ xfree (arg3);
+ xfree (arg4);
+ return err;
+}
+
+
+/* Flush the passphrase cache with Id CACHE_ID. */
+gpg_error_t
+gnupg_clear_passphrase (const char *cache_id)
+{
+ gpg_error_t err;
+ char line[ASSUAN_LINELENGTH];
+
+ if (!cache_id || !*cache_id)
+ return 0;
+
+ err = start_agent ();
+ if (err)
+ return err;
+
+ snprintf (line, DIM(line)-1, "CLEAR_PASSPHRASE %s", cache_id);
+ line[DIM(line)-1] = 0;
+ return assuan_transact (agent_ctx, line, NULL, NULL,
+ default_inq_cb, NULL, NULL, NULL);
+}
diff --git a/common/get-passphrase.h b/common/get-passphrase.h
new file mode 100644
index 0000000..603ac81
--- /dev/null
+++ b/common/get-passphrase.h
@@ -0,0 +1,45 @@
+/* get-passphrase.h - Definitions to ask for a passphrase via the agent.
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_GET_PASSPHRASE_H
+#define GNUPG_COMMON_GET_PASSPHRASE_H
+
+#include "session-env.h"
+
+void gnupg_prepare_get_passphrase (gpg_err_source_t errsource,
+ int verbosity,
+ const char *homedir,
+ const char *agent_program,
+ const char *opt_lc_ctype,
+ const char *opt_lc_messages,
+ session_env_t session_env);
+
+gpg_error_t gnupg_get_passphrase (const char *cache_id,
+ const char *err_msg,
+ const char *prompt,
+ const char *desc_msg,
+ int repeat,
+ int check_quality,
+ int use_secmem,
+ char **r_passphrase);
+
+gpg_error_t gnupg_clear_passphrase (const char *cache_id);
+
+
+#endif /*GNUPG_COMMON_GET_PASSPHRASE_H*/
diff --git a/common/gettime.c b/common/gettime.c
new file mode 100644
index 0000000..1b4e435
--- /dev/null
+++ b/common/gettime.c
@@ -0,0 +1,592 @@
+/* gettime.c - Wrapper for time functions
+ * Copyright (C) 1998, 2002, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <time.h>
+#include <ctype.h>
+#ifdef HAVE_LANGINFO_H
+#include <langinfo.h>
+#endif
+
+#include "util.h"
+#include "i18n.h"
+
+static unsigned long timewarp;
+static enum { NORMAL = 0, FROZEN, FUTURE, PAST } timemode;
+
+/* Correction used to map to real Julian days. */
+#define JD_DIFF 1721060L
+
+
+/* Wrapper for the time(3). We use this here so we can fake the time
+ for tests */
+time_t
+gnupg_get_time ()
+{
+ time_t current = time (NULL);
+ if (timemode == NORMAL)
+ return current;
+ else if (timemode == FROZEN)
+ return timewarp;
+ else if (timemode == FUTURE)
+ return current + timewarp;
+ else
+ return current - timewarp;
+}
+
+
+/* Return the current time (possibly faked) in ISO format. */
+void
+gnupg_get_isotime (gnupg_isotime_t timebuf)
+{
+ time_t atime = gnupg_get_time ();
+
+ if (atime < 0)
+ *timebuf = 0;
+ else
+ {
+ struct tm *tp;
+#ifdef HAVE_GMTIME_R
+ struct tm tmbuf;
+
+ tp = gmtime_r (&atime, &tmbuf);
+#else
+ tp = gmtime (&atime);
+#endif
+ snprintf (timebuf, 16, "%04d%02d%02dT%02d%02d%02d",
+ 1900 + tp->tm_year, tp->tm_mon+1, tp->tm_mday,
+ tp->tm_hour, tp->tm_min, tp->tm_sec);
+ }
+}
+
+
+/* Set the time to NEWTIME so that gnupg_get_time returns a time
+ starting with this one. With FREEZE set to 1 the returned time
+ will never change. Just for completeness, a value of (time_t)-1
+ for NEWTIME gets you back to reality. Note that this is obviously
+ not thread-safe but this is not required. */
+void
+gnupg_set_time (time_t newtime, int freeze)
+{
+ time_t current = time (NULL);
+
+ if ( newtime == (time_t)-1 || current == newtime)
+ {
+ timemode = NORMAL;
+ timewarp = 0;
+ }
+ else if (freeze)
+ {
+ timemode = FROZEN;
+ timewarp = current;
+ }
+ else if (newtime > current)
+ {
+ timemode = FUTURE;
+ timewarp = newtime - current;
+ }
+ else
+ {
+ timemode = PAST;
+ timewarp = current - newtime;
+ }
+}
+
+/* Returns true when we are in timewarp mode */
+int
+gnupg_faked_time_p (void)
+{
+ return timemode;
+}
+
+
+/* This function is used by gpg because OpenPGP defines the timestamp
+ as an unsigned 32 bit value. */
+u32
+make_timestamp (void)
+{
+ time_t t = gnupg_get_time ();
+
+ if (t == (time_t)-1)
+ log_fatal ("gnupg_get_time() failed\n");
+ return (u32)t;
+}
+
+
+
+/****************
+ * Scan a date string and return a timestamp.
+ * The only supported format is "yyyy-mm-dd"
+ * Returns 0 for an invalid date.
+ */
+u32
+scan_isodatestr( const char *string )
+{
+ int year, month, day;
+ struct tm tmbuf;
+ time_t stamp;
+ int i;
+
+ if( strlen(string) != 10 || string[4] != '-' || string[7] != '-' )
+ return 0;
+ for( i=0; i < 4; i++ )
+ if( !digitp (string+i) )
+ return 0;
+ if( !digitp (string+5) || !digitp(string+6) )
+ return 0;
+ if( !digitp(string+8) || !digitp(string+9) )
+ return 0;
+ year = atoi(string);
+ month = atoi(string+5);
+ day = atoi(string+8);
+ /* some basic checks */
+ if( year < 1970 || month < 1 || month > 12 || day < 1 || day > 31 )
+ return 0;
+ memset( &tmbuf, 0, sizeof tmbuf );
+ tmbuf.tm_mday = day;
+ tmbuf.tm_mon = month-1;
+ tmbuf.tm_year = year - 1900;
+ tmbuf.tm_isdst = -1;
+ stamp = mktime( &tmbuf );
+ if( stamp == (time_t)-1 )
+ return 0;
+ return stamp;
+}
+
+/* Scan am ISO timestamp and return an Epoch based timestamp. The only
+ supported format is "yyyymmddThhmmss" delimited by white space, nul, a
+ colon or a comma. Returns (time_t)(-1) for an invalid string. */
+time_t
+isotime2epoch (const char *string)
+{
+ const char *s;
+ int year, month, day, hour, minu, sec;
+ struct tm tmbuf;
+ int i;
+
+ if (!*string)
+ return (time_t)(-1);
+ for (s=string, i=0; i < 8; i++, s++)
+ if (!digitp (s))
+ return (time_t)(-1);
+ if (*s != 'T')
+ return (time_t)(-1);
+ for (s++, i=9; i < 15; i++, s++)
+ if (!digitp (s))
+ return (time_t)(-1);
+ if ( !(!*s || (isascii (*s) && isspace(*s)) || *s == ':' || *s == ','))
+ return (time_t)(-1); /* Wrong delimiter. */
+
+ year = atoi_4 (string);
+ month = atoi_2 (string + 4);
+ day = atoi_2 (string + 6);
+ hour = atoi_2 (string + 9);
+ minu = atoi_2 (string + 11);
+ sec = atoi_2 (string + 13);
+
+ /* Basic checks. */
+ if (year < 1970 || month < 1 || month > 12 || day < 1 || day > 31
+ || hour > 23 || minu > 59 || sec > 61 )
+ return (time_t)(-1);
+
+ memset (&tmbuf, 0, sizeof tmbuf);
+ tmbuf.tm_sec = sec;
+ tmbuf.tm_min = minu;
+ tmbuf.tm_hour = hour;
+ tmbuf.tm_mday = day;
+ tmbuf.tm_mon = month-1;
+ tmbuf.tm_year = year - 1900;
+ tmbuf.tm_isdst = -1;
+ return timegm (&tmbuf);
+}
+
+
+/* Convert an Epoch time to an iso time stamp. */
+void
+epoch2isotime (gnupg_isotime_t timebuf, time_t atime)
+{
+ if (atime < 0)
+ *timebuf = 0;
+ else
+ {
+ struct tm *tp;
+#ifdef HAVE_GMTIME_R
+ struct tm tmbuf;
+
+ tp = gmtime_r (&atime, &tmbuf);
+#else
+ tp = gmtime (&atime);
+#endif
+ snprintf (timebuf, 16, "%04d%02d%02dT%02d%02d%02d",
+ 1900 + tp->tm_year, tp->tm_mon+1, tp->tm_mday,
+ tp->tm_hour, tp->tm_min, tp->tm_sec);
+ }
+}
+
+
+
+
+u32
+add_days_to_timestamp( u32 stamp, u16 days )
+{
+ return stamp + days*86400L;
+}
+
+
+/****************
+ * Return a string with a time value in the form: x Y, n D, n H
+ */
+
+const char *
+strtimevalue( u32 value )
+{
+ static char buffer[30];
+ unsigned int years, days, hours, minutes;
+
+ value /= 60;
+ minutes = value % 60;
+ value /= 60;
+ hours = value % 24;
+ value /= 24;
+ days = value % 365;
+ value /= 365;
+ years = value;
+
+ sprintf(buffer,"%uy%ud%uh%um", years, days, hours, minutes );
+ if( years )
+ return buffer;
+ if( days )
+ return strchr( buffer, 'y' ) + 1;
+ return strchr( buffer, 'd' ) + 1;
+}
+
+
+/*
+ * Note: this function returns GMT
+ */
+const char *
+strtimestamp( u32 stamp )
+{
+ static char buffer[11+5];
+ struct tm *tp;
+ time_t atime = stamp;
+
+ if (atime < 0) {
+ strcpy (buffer, "????" "-??" "-??");
+ }
+ else {
+ tp = gmtime( &atime );
+ sprintf(buffer,"%04d-%02d-%02d",
+ 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
+ }
+ return buffer;
+}
+
+
+/*
+ * Note: this function returns GMT
+ */
+const char *
+isotimestamp (u32 stamp)
+{
+ static char buffer[25+5];
+ struct tm *tp;
+ time_t atime = stamp;
+
+ if (atime < 0)
+ {
+ strcpy (buffer, "????" "-??" "-??" " " "??" ":" "??" ":" "??");
+ }
+ else
+ {
+ tp = gmtime ( &atime );
+ sprintf (buffer,"%04d-%02d-%02d %02d:%02d:%02d",
+ 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
+ tp->tm_hour, tp->tm_min, tp->tm_sec);
+ }
+ return buffer;
+}
+
+
+/****************
+ * Note: this function returns local time
+ */
+const char *
+asctimestamp( u32 stamp )
+{
+ static char buffer[50];
+#if defined (HAVE_STRFTIME) && defined (HAVE_NL_LANGINFO)
+ static char fmt[50];
+#endif
+ struct tm *tp;
+ time_t atime = stamp;
+
+ if (atime < 0) {
+ strcpy (buffer, "????" "-??" "-??");
+ return buffer;
+ }
+
+ tp = localtime( &atime );
+#ifdef HAVE_STRFTIME
+#if defined(HAVE_NL_LANGINFO)
+ mem2str( fmt, nl_langinfo(D_T_FMT), DIM(fmt)-3 );
+ if( strstr( fmt, "%Z" ) == NULL )
+ strcat( fmt, " %Z");
+ /* NOTE: gcc -Wformat-noliteral will complain here. I have
+ found no way to suppress this warning .*/
+ strftime (buffer, DIM(buffer)-1, fmt, tp);
+#else
+ /* FIXME: we should check whether the locale appends a " %Z"
+ * These locales from glibc don't put the " %Z":
+ * fi_FI hr_HR ja_JP lt_LT lv_LV POSIX ru_RU ru_SU sv_FI sv_SE zh_CN
+ */
+ strftime( buffer, DIM(buffer)-1, "%c %Z", tp );
+#endif
+ buffer[DIM(buffer)-1] = 0;
+#else
+ mem2str( buffer, asctime(tp), DIM(buffer) );
+#endif
+ return buffer;
+}
+
+
+
+static int
+days_per_year (int y)
+{
+ int s ;
+
+ s = !(y % 4);
+ if ( !(y % 100))
+ if ((y%400))
+ s = 0;
+ return s ? 366 : 365;
+}
+
+static int
+days_per_month (int y, int m)
+{
+ int s;
+
+ switch(m)
+ {
+ case 1: case 3: case 5: case 7: case 8: case 10: case 12:
+ return 31 ;
+ case 2:
+ s = !(y % 4);
+ if (!(y % 100))
+ if ((y % 400))
+ s = 0;
+ return s? 29 : 28 ;
+ case 4: case 6: case 9: case 11:
+ return 30;
+ }
+ BUG();
+}
+
+
+/* Convert YEAR, MONTH and DAY into the Julian date. We assume that
+ it is already noon. We do not support dates before 1582-10-15. */
+static unsigned long
+date2jd (int year, int month, int day)
+{
+ unsigned long jd;
+
+ jd = 365L * year + 31 * (month-1) + day + JD_DIFF;
+ if (month < 3)
+ year-- ;
+ else
+ jd -= (4 * month + 23) / 10;
+
+ jd += year / 4 - ((year / 100 + 1) *3) / 4;
+
+ return jd ;
+}
+
+/* Convert a Julian date back to YEAR, MONTH and DAY. Return day of
+ the year or 0 on error. This function uses some more or less
+ arbitrary limits, most important is that days before 1582 are not
+ supported. */
+static int
+jd2date (unsigned long jd, int *year, int *month, int *day)
+{
+ int y, m, d;
+ long delta;
+
+ if (!jd)
+ return 0 ;
+ if (jd < 1721425 || jd > 2843085)
+ return 0;
+
+ y = (jd - JD_DIFF) / 366;
+ d = m = 1;
+
+ while ((delta = jd - date2jd (y, m, d)) > days_per_year (y))
+ y++;
+
+ m = (delta / 31) + 1;
+ while( (delta = jd - date2jd (y, m, d)) > days_per_month (y,m))
+ if (++m > 12)
+ {
+ m = 1;
+ y++;
+ }
+
+ d = delta + 1 ;
+ if (d > days_per_month (y, m))
+ {
+ d = 1;
+ m++;
+ }
+ if (m > 12)
+ {
+ m = 1;
+ y++;
+ }
+
+ if (year)
+ *year = y;
+ if (month)
+ *month = m;
+ if (day)
+ *day = d ;
+
+ return (jd - date2jd (y, 1, 1)) + 1;
+}
+
+
+/* Check that the 15 bytes in ATIME represent a valid ISO time. Note
+ that this function does not expect a string but a plain 15 byte
+ isotime buffer. */
+gpg_error_t
+check_isotime (const gnupg_isotime_t atime)
+{
+ int i;
+ const char *s;
+
+ if (!*atime)
+ return gpg_error (GPG_ERR_NO_VALUE);
+
+ for (s=atime, i=0; i < 8; i++, s++)
+ if (!digitp (s))
+ return gpg_error (GPG_ERR_INV_TIME);
+ if (*s != 'T')
+ return gpg_error (GPG_ERR_INV_TIME);
+ for (s++, i=9; i < 15; i++, s++)
+ if (!digitp (s))
+ return gpg_error (GPG_ERR_INV_TIME);
+ return 0;
+}
+
+
+void
+dump_isotime (const gnupg_isotime_t t)
+{
+ if (!t || !*t)
+ log_printf (_("[none]"));
+ else
+ log_printf ("%.4s-%.2s-%.2s %.2s:%.2s:%s",
+ t, t+4, t+6, t+9, t+11, t+13);
+}
+
+
+/* Add SECONDS to ATIME. SECONDS may not be negative and is limited
+ to about the equivalent of 62 years which should be more then
+ enough for our purposes. */
+gpg_error_t
+add_seconds_to_isotime (gnupg_isotime_t atime, int nseconds)
+{
+ gpg_error_t err;
+ int year, month, day, hour, minute, sec, ndays;
+ unsigned long jd;
+
+ err = check_isotime (atime);
+ if (err)
+ return err;
+
+ if (nseconds < 0 || nseconds >= (0x7fffffff - 61) )
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ year = atoi_4 (atime+0);
+ month = atoi_2 (atime+4);
+ day = atoi_2 (atime+6);
+ hour = atoi_2 (atime+9);
+ minute= atoi_2 (atime+11);
+ sec = atoi_2 (atime+13);
+
+ if (year <= 1582) /* The julian date functions don't support this. */
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ sec += nseconds;
+ minute += sec/60;
+ sec %= 60;
+ hour += minute/60;
+ minute %= 60;
+ ndays = hour/24;
+ hour %= 24;
+
+ jd = date2jd (year, month, day) + ndays;
+ jd2date (jd, &year, &month, &day);
+
+ if (year > 9999 || month > 12 || day > 31
+ || year < 0 || month < 1 || day < 1)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ snprintf (atime, 16, "%04d%02d%02dT%02d%02d%02d",
+ year, month, day, hour, minute, sec);
+ return 0;
+}
+
+
+gpg_error_t
+add_days_to_isotime (gnupg_isotime_t atime, int ndays)
+{
+ gpg_error_t err;
+ int year, month, day, hour, minute, sec;
+ unsigned long jd;
+
+ err = check_isotime (atime);
+ if (err)
+ return err;
+
+ if (ndays < 0 || ndays >= 9999*366 )
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ year = atoi_4 (atime+0);
+ month = atoi_2 (atime+4);
+ day = atoi_2 (atime+6);
+ hour = atoi_2 (atime+9);
+ minute= atoi_2 (atime+11);
+ sec = atoi_2 (atime+13);
+
+ if (year <= 1582) /* The julian date functions don't support this. */
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ jd = date2jd (year, month, day) + ndays;
+ jd2date (jd, &year, &month, &day);
+
+ if (year > 9999 || month > 12 || day > 31
+ || year < 0 || month < 1 || day < 1)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ snprintf (atime, 16, "%04d%02d%02dT%02d%02d%02d",
+ year, month, day, hour, minute, sec);
+ return 0;
+}
diff --git a/common/gpgrlhelp.c b/common/gpgrlhelp.c
new file mode 100644
index 0000000..28459aa
--- /dev/null
+++ b/common/gpgrlhelp.c
@@ -0,0 +1,91 @@
+/* gpgrlhelp.c - A readline wrapper.
+ * Copyright (C) 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* This module may by used by applications to initializes readline
+ support. It is required so that we can have hooks in other parts
+ of libcommon without actually requiring to link against
+ libreadline. It works along with ttyio.c which is a proper part of
+ libcommon. */
+
+#include <config.h>
+#include <stdlib.h>
+#include <stddef.h>
+
+#ifdef HAVE_LIBREADLINE
+#define GNUPG_LIBREADLINE_H_INCLUDED
+#include <stdio.h>
+#include <readline/readline.h>
+#include <readline/history.h>
+#endif
+
+#include "util.h"
+#include "common-defs.h"
+
+
+#ifdef HAVE_LIBREADLINE
+static void
+set_completer (rl_completion_func_t *completer)
+{
+ rl_attempted_completion_function = completer;
+ rl_inhibit_completion = 0;
+}
+
+static void
+inhibit_completion (int value)
+{
+ rl_inhibit_completion = value;
+}
+
+static void
+cleanup_after_signal (void)
+{
+ rl_free_line_state ();
+ rl_cleanup_after_signal ();
+}
+
+static void
+init_stream (FILE *fp)
+{
+ rl_catch_signals = 0;
+ rl_instream = rl_outstream = fp;
+ rl_inhibit_completion = 1;
+}
+
+#endif /*HAVE_LIBREADLINE*/
+
+
+/* Initialize our readline code. This should be called as early as
+ possible as it is actually a constructur. */
+void
+gnupg_rl_initialize (void)
+{
+#ifdef HAVE_LIBREADLINE
+ tty_private_set_rl_hooks (init_stream,
+ set_completer,
+ inhibit_completion,
+ cleanup_after_signal,
+ readline,
+ add_history);
+ rl_readline_name = "GnuPG";
+#endif
+}
+
+
+
+
diff --git a/common/helpfile.c b/common/helpfile.c
new file mode 100644
index 0000000..34b6bdc
--- /dev/null
+++ b/common/helpfile.c
@@ -0,0 +1,262 @@
+/* helpfile.c - GnuPG's helpfile feature
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+
+
+#include "util.h"
+#include "i18n.h"
+#include "membuf.h"
+
+
+/* Try to find KEY in the file FNAME. */
+static char *
+findkey_fname (const char *key, const char *fname)
+{
+ gpg_error_t err = 0;
+ FILE *fp;
+ int lnr = 0;
+ int c;
+ char *p, line[256];
+ int in_item = 0;
+ membuf_t mb = MEMBUF_ZERO;
+
+ fp = fopen (fname, "r");
+ if (!fp)
+ {
+ if (errno != ENOENT)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("can't open `%s': %s\n"), fname, gpg_strerror (err));
+ }
+ return NULL;
+ }
+
+ while (fgets (line, DIM(line)-1, fp))
+ {
+ lnr++;
+
+ if (!*line || line[strlen(line)-1] != '\n')
+ {
+ /* Eat until end of line. */
+ while ( (c=getc (fp)) != EOF && c != '\n')
+ ;
+ err = gpg_error (*line? GPG_ERR_LINE_TOO_LONG
+ : GPG_ERR_INCOMPLETE_LINE);
+ log_error (_("file `%s', line %d: %s\n"),
+ fname, lnr, gpg_strerror (err));
+ }
+ else
+ line[strlen(line)-1] = 0; /* Chop the LF. */
+
+ again:
+ if (!in_item)
+ {
+ /* Allow for empty lines and spaces while not in an item. */
+ for (p=line; spacep (p); p++)
+ ;
+ if (!*p || *p == '#')
+ continue;
+ if (*line != '.' || spacep(line+1))
+ {
+ log_info (_("file `%s', line %d: %s\n"),
+ fname, lnr, _("ignoring garbage line"));
+ continue;
+ }
+ trim_trailing_spaces (line);
+ in_item = 1;
+ if (!strcmp (line+1, key))
+ {
+ /* Found. Start collecting. */
+ init_membuf (&mb, 1024);
+ }
+ continue;
+ }
+
+ /* If in an item only allow for comments in the first column
+ and provide ". " as an escape sequence to allow for
+ leading dots and hash marks in the actual text. */
+ if (*line == '#')
+ continue;
+ if (*line == '.')
+ {
+ if (spacep(line+1))
+ p = line + 2;
+ else
+ {
+ trim_trailing_spaces (line);
+ in_item = 0;
+ if (is_membuf_ready (&mb))
+ break; /* Yep, found and collected the item. */
+ if (!line[1])
+ continue; /* Just an end of text dot. */
+ goto again; /* A new key line. */
+ }
+ }
+ else
+ p = line;
+
+ if (is_membuf_ready (&mb))
+ {
+ put_membuf_str (&mb, p);
+ put_membuf (&mb, "\n", 1);
+ }
+
+ }
+ if ( !err && ferror (fp) )
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error reading `%s', line %d: %s\n"),
+ fname, lnr, gpg_strerror (err));
+ }
+
+ fclose (fp);
+ if (is_membuf_ready (&mb))
+ {
+ /* We have collected something. */
+ if (err)
+ {
+ xfree (get_membuf (&mb, NULL));
+ return NULL;
+ }
+ else
+ {
+ put_membuf (&mb, "", 1); /* Terminate string. */
+ return get_membuf (&mb, NULL);
+ }
+ }
+ else
+ return NULL;
+}
+
+
+/* Try the help files depending on the locale. */
+static char *
+findkey_locale (const char *key, const char *locname,
+ int only_current_locale, const char *dirname)
+{
+ const char *s;
+ char *fname, *ext, *p;
+ char *result;
+
+ fname = xtrymalloc (strlen (dirname) + 6 + strlen (locname) + 4 + 1);
+ if (!fname)
+ return NULL;
+ ext = stpcpy (stpcpy (fname, dirname), "/help.");
+ /* Search with locale name and territory. ("help.LL_TT.txt") */
+ if (strchr (locname, '_'))
+ {
+ strcpy (stpcpy (ext, locname), ".txt");
+ result = findkey_fname (key, fname);
+ }
+ else
+ result = NULL; /* No territory. */
+
+ if (!result)
+ {
+ /* Search with just the locale name - if any. ("help.LL.txt") */
+ if (*locname)
+ {
+ for (p=ext, s=locname; *s && *s != '_';)
+ *p++ = *s++;
+ strcpy (p, ".txt");
+ result = findkey_fname (key, fname);
+ }
+ else
+ result = NULL;
+ }
+
+ if (!result && (!only_current_locale || !*locname) )
+ {
+ /* Last try: Search in file without any locale info. ("help.txt") */
+ strcpy (ext, "txt");
+ result = findkey_fname (key, fname);
+ }
+
+ xfree (fname);
+ return result;
+}
+
+
+/* Return a malloced help text as identified by KEY. The system takes
+ the string from an UTF-8 encoded file to be created by an
+ administrator or as distributed with GnuPG. On a GNU or Unix
+ system the entry is searched in these files:
+
+ /etc/gnupg/help.LL.txt
+ /etc/gnupg/help.txt
+ /usr/share/gnupg/help.LL.txt
+ /usr/share/gnupg/help.txt
+
+ Here LL denotes the two digit language code of the current locale.
+ If ONLY_CURRENT_LOCALE is set, the fucntion won;t fallback to the
+ english valiant ("help.txt") unless that locale has been requested.
+
+ The help file needs to be encoded in UTF-8, lines with a '#' in the
+ first column are comment lines and entirely ignored. Help keys are
+ identified by a key consisting of a single word with a single dot
+ as the first character. All key lines listed without any
+ intervening lines (except for comment lines) lead to the same help
+ text. Lines following the key lines make up the actual hep texts.
+
+*/
+
+char *
+gnupg_get_help_string (const char *key, int only_current_locale)
+{
+ static const char *locname;
+ char *result;
+
+ if (!locname)
+ {
+ char *buffer, *p;
+ int count = 0;
+ const char *s = gnupg_messages_locale_name ();
+ buffer = xtrystrdup (s);
+ if (!buffer)
+ locname = "";
+ else
+ {
+ for (p = buffer; *p; p++)
+ if (*p == '.' || *p == '@' || *p == '/' /*(safeguard)*/)
+ *p = 0;
+ else if (*p == '_')
+ {
+ if (count++)
+ *p = 0; /* Also cut at a underscore in the territory. */
+ }
+ locname = buffer;
+ }
+ }
+
+ if (!key || !*key)
+ return NULL;
+
+ result = findkey_locale (key, locname, only_current_locale,
+ gnupg_sysconfdir ());
+ if (!result)
+ result = findkey_locale (key, locname, only_current_locale,
+ gnupg_datadir ());
+
+ if (result)
+ trim_trailing_spaces (result);
+
+ return result;
+}
diff --git a/common/homedir.c b/common/homedir.c
new file mode 100644
index 0000000..5f2e31e
--- /dev/null
+++ b/common/homedir.c
@@ -0,0 +1,449 @@
+/* homedir.c - Setup the home directory.
+ * Copyright (C) 2004, 2006, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <fcntl.h>
+
+#ifdef HAVE_W32_SYSTEM
+#include <shlobj.h>
+#ifndef CSIDL_APPDATA
+#define CSIDL_APPDATA 0x001a
+#endif
+#ifndef CSIDL_LOCAL_APPDATA
+#define CSIDL_LOCAL_APPDATA 0x001c
+#endif
+#ifndef CSIDL_COMMON_APPDATA
+#define CSIDL_COMMON_APPDATA 0x0023
+#endif
+#ifndef CSIDL_FLAG_CREATE
+#define CSIDL_FLAG_CREATE 0x8000
+#endif
+#endif /*HAVE_W32_SYSTEM*/
+
+
+
+#include "util.h"
+#include "sysutils.h"
+
+
+/* This is a helper function to load a Windows function from either of
+ one DLLs. */
+#ifdef HAVE_W32_SYSTEM
+static HRESULT
+w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d, LPSTR e)
+{
+ static int initialized;
+ static HRESULT (WINAPI * func)(HWND,int,HANDLE,DWORD,LPSTR);
+
+ if (!initialized)
+ {
+ static char *dllnames[] = { "shell32.dll", "shfolder.dll", NULL };
+ void *handle;
+ int i;
+
+ initialized = 1;
+
+ for (i=0, handle = NULL; !handle && dllnames[i]; i++)
+ {
+ handle = dlopen (dllnames[i], RTLD_LAZY);
+ if (handle)
+ {
+ func = dlsym (handle, "SHGetFolderPathA");
+ if (!func)
+ {
+ dlclose (handle);
+ handle = NULL;
+ }
+ }
+ }
+ }
+
+ if (func)
+ return func (a,b,c,d,e);
+ else
+ return -1;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+/* Get the standard home directory. In general this function should
+ not be used as it does not consider a registry value (under W32) or
+ the GNUPGHOME environment variable. It is better to use
+ default_homedir(). */
+const char *
+standard_homedir (void)
+{
+#ifdef HAVE_W32_SYSTEM
+ static const char *dir;
+
+ if (!dir)
+ {
+ char path[MAX_PATH];
+
+ /* It might be better to use LOCAL_APPDATA because this is
+ defined as "non roaming" and thus more likely to be kept
+ locally. For private keys this is desired. However, given
+ that many users copy private keys anyway forth and back,
+ using a system roaming services might be better than to let
+ them do it manually. A security conscious user will anyway
+ use the registry entry to have better control. */
+ if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE,
+ NULL, 0, path) >= 0)
+ {
+ char *tmp = xmalloc (strlen (path) + 6 +1);
+ strcpy (stpcpy (tmp, path), "\\gnupg");
+ dir = tmp;
+
+ /* Try to create the directory if it does not yet exists. */
+ if (access (dir, F_OK))
+ CreateDirectory (dir, NULL);
+ }
+ else
+ dir = GNUPG_DEFAULT_HOMEDIR;
+ }
+ return dir;
+#else/*!HAVE_W32_SYSTEM*/
+ return GNUPG_DEFAULT_HOMEDIR;
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+/* Set up the default home directory. The usual --homedir option
+ should be parsed later. */
+const char *
+default_homedir (void)
+{
+ const char *dir;
+
+ dir = getenv ("GNUPGHOME");
+#ifdef HAVE_W32_SYSTEM
+ if (!dir || !*dir)
+ {
+ static const char *saved_dir;
+
+ if (!saved_dir)
+ {
+ if (!dir || !*dir)
+ {
+ char *tmp;
+
+ tmp = read_w32_registry_string (NULL, "Software\\GNU\\GnuPG",
+ "HomeDir");
+ if (tmp && !*tmp)
+ {
+ xfree (tmp);
+ tmp = NULL;
+ }
+ if (tmp)
+ saved_dir = tmp;
+ }
+
+ if (!saved_dir)
+ saved_dir = standard_homedir ();
+ }
+ dir = saved_dir;
+ }
+#endif /*HAVE_W32_SYSTEM*/
+ if (!dir || !*dir)
+ dir = GNUPG_DEFAULT_HOMEDIR;
+
+ return dir;
+}
+
+
+#ifdef HAVE_W32_SYSTEM
+static const char *
+w32_rootdir (void)
+{
+ static int got_dir;
+ static char dir[MAX_PATH+5];
+
+ if (!got_dir)
+ {
+ char *p;
+
+ if ( !GetModuleFileName ( NULL, dir, MAX_PATH) )
+ {
+ log_debug ("GetModuleFileName failed: %s\n", w32_strerror (0));
+ *dir = 0;
+ }
+ got_dir = 1;
+ p = strrchr (dir, DIRSEP_C);
+ if (p)
+ *p = 0;
+ else
+ {
+ log_debug ("bad filename `%s' returned for this process\n", dir);
+ *dir = 0;
+ }
+ }
+
+ if (*dir)
+ return dir;
+ /* Fallback to the hardwired value. */
+ return GNUPG_LIBEXECDIR;
+}
+
+static const char *
+w32_commondir (void)
+{
+ static char *dir;
+
+ if (!dir)
+ {
+ char path[MAX_PATH];
+
+ if (w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA,
+ NULL, 0, path) >= 0)
+ {
+ char *tmp = xmalloc (strlen (path) + 4 +1);
+ strcpy (stpcpy (tmp, path), "\\GNU");
+ dir = tmp;
+ /* No auto create of the directory. Either the installer or
+ the admin has to create these directories. */
+ }
+ else
+ {
+ /* Ooops: Not defined - probably an old Windows version.
+ Use the installation directory instead. */
+ dir = xstrdup (w32_rootdir ());
+ }
+ }
+
+ return dir;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+
+
+/* Return the name of the sysconfdir. This is a static string. This
+ function is required because under Windows we can't simply compile
+ it in. */
+const char *
+gnupg_sysconfdir (void)
+{
+#ifdef HAVE_W32_SYSTEM
+ static char *name;
+
+ if (!name)
+ {
+ const char *s1, *s2;
+ s1 = w32_commondir ();
+ s2 = DIRSEP_S "etc" DIRSEP_S "gnupg";
+ name = xmalloc (strlen (s1) + strlen (s2) + 1);
+ strcpy (stpcpy (name, s1), s2);
+ }
+ return name;
+#else /*!HAVE_W32_SYSTEM*/
+ return GNUPG_SYSCONFDIR;
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+
+const char *
+gnupg_bindir (void)
+{
+#ifdef HAVE_W32_SYSTEM
+ return w32_rootdir ();
+#else /*!HAVE_W32_SYSTEM*/
+ return GNUPG_BINDIR;
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+
+/* Return the name of the libexec directory. The name is allocated in
+ a static area on the first use. This function won't fail. */
+const char *
+gnupg_libexecdir (void)
+{
+#ifdef HAVE_W32_SYSTEM
+ return w32_rootdir ();
+#else /*!HAVE_W32_SYSTEM*/
+ return GNUPG_LIBEXECDIR;
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+const char *
+gnupg_libdir (void)
+{
+#ifdef HAVE_W32_SYSTEM
+ static char *name;
+
+ if (!name)
+ {
+ const char *s1, *s2;
+ s1 = w32_rootdir ();
+ s2 = DIRSEP_S "lib" DIRSEP_S "gnupg";
+ name = xmalloc (strlen (s1) + strlen (s2) + 1);
+ strcpy (stpcpy (name, s1), s2);
+ }
+ return name;
+#else /*!HAVE_W32_SYSTEM*/
+ return GNUPG_LIBDIR;
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+const char *
+gnupg_datadir (void)
+{
+#ifdef HAVE_W32_SYSTEM
+ static char *name;
+
+ if (!name)
+ {
+ const char *s1, *s2;
+ s1 = w32_rootdir ();
+ s2 = DIRSEP_S "share" DIRSEP_S "gnupg";
+ name = xmalloc (strlen (s1) + strlen (s2) + 1);
+ strcpy (stpcpy (name, s1), s2);
+ }
+ return name;
+#else /*!HAVE_W32_SYSTEM*/
+ return GNUPG_DATADIR;
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+
+const char *
+gnupg_localedir (void)
+{
+#ifdef HAVE_W32_SYSTEM
+ static char *name;
+
+ if (!name)
+ {
+ const char *s1, *s2;
+ s1 = w32_rootdir ();
+ s2 = DIRSEP_S "share" DIRSEP_S "locale";
+ name = xmalloc (strlen (s1) + strlen (s2) + 1);
+ strcpy (stpcpy (name, s1), s2);
+ }
+ return name;
+#else /*!HAVE_W32_SYSTEM*/
+ return LOCALEDIR;
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+
+/* Return the default socket name used by DirMngr. */
+const char *
+dirmngr_socket_name (void)
+{
+#ifdef HAVE_W32_SYSTEM
+ static char *name;
+
+ if (!name)
+ {
+ char s1[MAX_PATH];
+ const char *s2;
+
+ /* We need something akin CSIDL_COMMON_PROGRAMS, but local
+ (non-roaming). */
+ if (w32_shgetfolderpath (NULL, CSIDL_WINDOWS, NULL, 0, s1) < 0)
+ strcpy (s1, "C:\\WINDOWS");
+ s2 = DIRSEP_S "S.dirmngr";
+ name = xmalloc (strlen (s1) + strlen (s2) + 1);
+ strcpy (stpcpy (name, s1), s2);
+ }
+ return name;
+#else /*!HAVE_W32_SYSTEM*/
+ return "/var/run/dirmngr/socket";
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+
+
+/* Return the file name of a helper tool. WHICH is one of the
+ GNUPG_MODULE_NAME_foo constants. */
+const char *
+gnupg_module_name (int which)
+{
+ const char *s, *s2;
+
+#define X(a,b) do { \
+ static char *name; \
+ if (!name) \
+ { \
+ s = gnupg_ ## a (); \
+ s2 = DIRSEP_S b EXEEXT_S; \
+ name = xmalloc (strlen (s) + strlen (s2) + 1); \
+ strcpy (stpcpy (name, s), s2); \
+ } \
+ return name; \
+ } while (0)
+
+ switch (which)
+ {
+ case GNUPG_MODULE_NAME_AGENT:
+#ifdef GNUPG_DEFAULT_AGENT
+ return GNUPG_DEFAULT_AGENT;
+#else
+ X(bindir, "gpg-agent");
+#endif
+
+ case GNUPG_MODULE_NAME_PINENTRY:
+#ifdef GNUPG_DEFAULT_PINENTRY
+ return GNUPG_DEFAULT_PINENTRY;
+#else
+ X(bindir, "pinentry");
+#endif
+
+ case GNUPG_MODULE_NAME_SCDAEMON:
+#ifdef GNUPG_DEFAULT_SCDAEMON
+ return GNUPG_DEFAULT_SCDAEMON;
+#else
+ X(bindir, "scdaemon");
+#endif
+
+ case GNUPG_MODULE_NAME_DIRMNGR:
+#ifdef GNUPG_DEFAULT_DIRMNGR
+ return GNUPG_DEFAULT_DIRMNGR;
+#else
+ X(bindir, "dirmngr");
+#endif
+
+ case GNUPG_MODULE_NAME_PROTECT_TOOL:
+#ifdef GNUPG_DEFAULT_PROTECT_TOOL
+ return GNUPG_DEFAULT_PROTECT_TOOL;
+#else
+ X(libexecdir, "gpg-protect-tool");
+#endif
+
+ case GNUPG_MODULE_NAME_CHECK_PATTERN:
+ X(libexecdir, "gpg-check-pattern");
+
+ case GNUPG_MODULE_NAME_GPGSM:
+ X(bindir, "gpgsm");
+
+ case GNUPG_MODULE_NAME_GPG:
+ X(bindir, "gpg2");
+
+ case GNUPG_MODULE_NAME_CONNECT_AGENT:
+ X(bindir, "gpg-connect-agent");
+
+ case GNUPG_MODULE_NAME_GPGCONF:
+ X(bindir, "gpgconf");
+
+ default:
+ BUG ();
+ }
+#undef X
+}
diff --git a/common/http.c b/common/http.c
new file mode 100644
index 0000000..c12bd2b
--- /dev/null
+++ b/common/http.c
@@ -0,0 +1,2068 @@
+/* http.c - HTTP protocol handler
+ * Copyright (C) 1999, 2001, 2002, 2003, 2004, 2006,
+ * 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* Simple HTTP client implementation. We try to keep the code as
+ self-contained as possible. There are some contraints however:
+
+ - stpcpy is required
+ - fixme: list other requirements.
+
+
+ - With HTTP_USE_ESTREAM defined, all I/O is done through estream.
+ - With HTTP_USE_GNUTLS support for https is provided (this also
+ requires estream).
+ - With HTTP_NO_WSASTARTUP the socket initialization is not done
+ under Windows. This is useful if the socket layer has already
+ been initialized elsewhere. This also avoids the installation of
+ an exit handler to cleanup the socket layer.
+*/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <unistd.h>
+
+#ifdef HAVE_W32_SYSTEM
+# include <windows.h>
+#else /*!HAVE_W32_SYSTEM*/
+# include <sys/types.h>
+# include <sys/socket.h>
+# include <sys/time.h>
+# include <time.h>
+# include <netinet/in.h>
+# include <arpa/inet.h>
+# include <netdb.h>
+#endif /*!HAVE_W32_SYSTEM*/
+
+#ifdef HTTP_USE_GNUTLS
+# include <gnutls/gnutls.h>
+/* For non-understandable reasons GNUTLS dropped the _t suffix from
+ all types. yes, ISO-C might be read as this but there are still
+ other name space conflicts and using _t is actually a Good
+ Thing. */
+typedef gnutls_session gnutls_session_t;
+typedef gnutls_transport_ptr gnutls_transport_ptr_t;
+#endif /*HTTP_USE_GNUTLS*/
+
+#ifdef TEST
+#undef USE_DNS_SRV
+#endif
+
+#include "util.h"
+#include "i18n.h"
+#include "http.h"
+#ifdef USE_DNS_SRV
+#include "srv.h"
+#else /*!USE_DNS_SRV*/
+/* If we are not compiling with SRV record support we provide stub
+ data structures. */
+#ifndef MAXDNAME
+#define MAXDNAME 1025
+#endif
+struct srventry
+{
+ unsigned short priority;
+ unsigned short weight;
+ unsigned short port;
+ int run_count;
+ char target[MAXDNAME];
+};
+#endif/*!USE_DNS_SRV*/
+
+
+#ifdef HAVE_W32_SYSTEM
+#define sock_close(a) closesocket(a)
+#else
+#define sock_close(a) close(a)
+#endif
+
+#ifndef EAGAIN
+#define EAGAIN EWOULDBLOCK
+#endif
+
+#define HTTP_PROXY_ENV "http_proxy"
+#define MAX_LINELEN 20000 /* Max. length of a HTTP header line. */
+#define VALID_URI_CHARS "abcdefghijklmnopqrstuvwxyz" \
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
+ "01234567890@" \
+ "!\"#$%&'()*+,-./:;<=>?[\\]^_{|}~"
+
+/* Define a prefix to map stream functions to the estream library. */
+#ifdef HTTP_USE_ESTREAM
+#define P_ES(a) es_ ## a
+#else
+#define P_ES(a) a
+#endif
+#ifndef HTTP_USE_GNUTLS
+typedef void * gnutls_session_t;
+#endif
+#if defined(HTTP_USE_GNUTLS) && !defined(HTTP_USE_ESTREAM)
+#error Use of GNUTLS also requires support for Estream
+#endif
+
+static gpg_error_t do_parse_uri (parsed_uri_t uri, int only_local_part);
+static int remove_escapes (char *string);
+static int insert_escapes (char *buffer, const char *string,
+ const char *special);
+static uri_tuple_t parse_tuple (char *string);
+static gpg_error_t send_request (http_t hd, const char *auth,const char *proxy,
+ const char *srvtag,strlist_t headers);
+static char *build_rel_path (parsed_uri_t uri);
+static gpg_error_t parse_response (http_t hd);
+
+static int connect_server (const char *server, unsigned short port,
+ unsigned int flags, const char *srvtag);
+static gpg_error_t write_server (int sock, const char *data, size_t length);
+
+#ifdef HTTP_USE_ESTREAM
+static ssize_t cookie_read (void *cookie, void *buffer, size_t size);
+static ssize_t cookie_write (void *cookie, const void *buffer, size_t size);
+static int cookie_close (void *cookie);
+
+static es_cookie_io_functions_t cookie_functions =
+ {
+ cookie_read,
+ cookie_write,
+ NULL,
+ cookie_close
+ };
+
+struct cookie_s
+{
+ int fd; /* File descriptor or -1 if already closed. */
+ gnutls_session_t tls_session; /* TLS session context or NULL if not used. */
+ int keep_socket; /* Flag to communicate with teh close handler. */
+};
+typedef struct cookie_s *cookie_t;
+
+#endif /*HTTP_USE_ESTREAM*/
+
+#ifdef HTTP_USE_GNUTLS
+static gpg_error_t (*tls_callback) (http_t, gnutls_session_t, int);
+#endif /*HTTP_USE_GNUTLS*/
+
+
+/* An object to save header lines. */
+struct header_s
+{
+ struct header_s *next;
+ char *value; /* The value of the header (malloced). */
+ char name[1]; /* The name of the header (canonicalized). */
+};
+typedef struct header_s *header_t;
+
+
+/* Our handle context. */
+struct http_context_s
+{
+ unsigned int status_code;
+ int sock;
+ int in_data;
+#ifdef HTTP_USE_ESTREAM
+ estream_t fp_read;
+ estream_t fp_write;
+ void *write_cookie;
+#else /*!HTTP_USE_ESTREAM*/
+ FILE *fp_read;
+ FILE *fp_write;
+#endif /*!HTTP_USE_ESTREAM*/
+ void *tls_context;
+ int is_http_0_9;
+ parsed_uri_t uri;
+ http_req_t req_type;
+ char *buffer; /* Line buffer. */
+ size_t buffer_size;
+ unsigned int flags;
+ header_t headers; /* Received headers. */
+};
+
+
+
+
+#if defined(HAVE_W32_SYSTEM) && !defined(HTTP_NO_WSASTARTUP)
+
+#if GNUPG_MAJOR_VERSION == 1
+#define REQ_WINSOCK_MAJOR 1
+#define REQ_WINSOCK_MINOR 1
+#else
+#define REQ_WINSOCK_MAJOR 2
+#define REQ_WINSOCK_MINOR 2
+#endif
+
+
+static void
+deinit_sockets (void)
+{
+ WSACleanup();
+}
+
+static void
+init_sockets (void)
+{
+ static int initialized;
+ static WSADATA wsdata;
+
+ if (initialized)
+ return;
+
+ if ( WSAStartup( MAKEWORD (REQ_WINSOCK_MINOR, REQ_WINSOCK_MAJOR), &wsdata ) )
+ {
+ log_error ("error initializing socket library: ec=%d\n",
+ (int)WSAGetLastError () );
+ return;
+ }
+ if ( LOBYTE(wsdata.wVersion) != REQ_WINSOCK_MAJOR
+ || HIBYTE(wsdata.wVersion) != REQ_WINSOCK_MINOR )
+ {
+ log_error ("socket library version is %x.%x - but %d.%d needed\n",
+ LOBYTE(wsdata.wVersion), HIBYTE(wsdata.wVersion),
+ REQ_WINSOCK_MAJOR, REQ_WINSOCK_MINOR);
+ WSACleanup();
+ return;
+ }
+ atexit ( deinit_sockets );
+ initialized = 1;
+}
+#endif /*HAVE_W32_SYSTEM && !HTTP_NO_WSASTARTUP*/
+
+
+
+/*
+ * Helper function to create an HTTP header with hex encoded data. A
+ * new buffer is returned. This buffer is the concatenation of the
+ * string PREFIX, the hex-encoded DATA of length LEN and the string
+ * SUFFIX. On error NULL is returned and ERRNO set.
+ */
+static char *
+make_header_line (const char *prefix, const char *suffix,
+ const void *data, size_t len )
+{
+ static unsigned char bintoasc[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789+/";
+ const unsigned int *s = data;
+ char *buffer, *p;
+
+ buffer = xtrymalloc (strlen (prefix) + (len+2)/3*4 + strlen (suffix) + 1);
+ if (!buffer)
+ return NULL;
+ p = stpcpy (buffer, prefix);
+ for ( ; len >= 3 ; len -= 3, s += 3 )
+ {
+ *p++ = bintoasc[(s[0] >> 2) & 077];
+ *p++ = bintoasc[(((s[0] <<4)&060)|((s[1] >> 4)&017))&077];
+ *p++ = bintoasc[(((s[1]<<2)&074)|((s[2]>>6)&03))&077];
+ *p++ = bintoasc[s[2]&077];
+ }
+ if ( len == 2 )
+ {
+ *p++ = bintoasc[(s[0] >> 2) & 077];
+ *p++ = bintoasc[(((s[0] <<4)&060)|((s[1] >> 4)&017))&077];
+ *p++ = bintoasc[((s[1]<<2)&074)];
+ *p++ = '=';
+ }
+ else if ( len == 1 )
+ {
+ *p++ = bintoasc[(s[0] >> 2) & 077];
+ *p++ = bintoasc[(s[0] <<4)&060];
+ *p++ = '=';
+ *p++ = '=';
+ }
+ strcpy (p, suffix);
+ return buffer;
+}
+
+
+
+
+void
+http_register_tls_callback ( gpg_error_t (*cb) (http_t, void *, int) )
+{
+#ifdef HTTP_USE_GNUTLS
+ tls_callback = (gpg_error_t (*) (http_t, gnutls_session_t, int))cb;
+#else
+ (void)cb;
+#endif
+}
+
+
+
+/* Start a HTTP retrieval and return on success in R_HD a context
+ pointer for completing the the request and to wait for the
+ response. */
+gpg_error_t
+http_open (http_t *r_hd, http_req_t reqtype, const char *url,
+ const char *auth, unsigned int flags, const char *proxy,
+ void *tls_context, const char *srvtag,strlist_t headers)
+{
+ gpg_error_t err;
+ http_t hd;
+
+ *r_hd = NULL;
+
+ if (!(reqtype == HTTP_REQ_GET || reqtype == HTTP_REQ_POST))
+ return gpg_error (GPG_ERR_INV_ARG);
+
+ /* Create the handle. */
+ hd = xtrycalloc (1, sizeof *hd);
+ if (!hd)
+ return gpg_error_from_syserror ();
+ hd->sock = -1;
+ hd->req_type = reqtype;
+ hd->flags = flags;
+ hd->tls_context = tls_context;
+
+ err = http_parse_uri (&hd->uri, url);
+ if (!err)
+ err = send_request (hd, auth, proxy, srvtag, headers);
+
+ if (err)
+ {
+ if (!hd->fp_read && !hd->fp_write && hd->sock != -1)
+ sock_close (hd->sock);
+ if (hd->fp_read)
+ P_ES(fclose) (hd->fp_read);
+ if (hd->fp_write)
+ P_ES(fclose) (hd->fp_write);
+ http_release_parsed_uri (hd->uri);
+ xfree (hd);
+ }
+ else
+ *r_hd = hd;
+ return err;
+}
+
+
+void
+http_start_data (http_t hd)
+{
+ if (!hd->in_data)
+ {
+#ifdef HTTP_USE_ESTREAM
+ es_fputs ("\r\n", hd->fp_write);
+ es_fflush (hd->fp_write);
+#else
+ fflush (hd->fp_write);
+ write_server (hd->sock, "\r\n", 2);
+#endif
+ hd->in_data = 1;
+ }
+ else
+ P_ES(fflush) (hd->fp_write);
+}
+
+
+gpg_error_t
+http_wait_response (http_t hd)
+{
+ gpg_error_t err;
+
+ /* Make sure that we are in the data. */
+ http_start_data (hd);
+
+ /* We dup the socket, to cope with the fact that fclose closes the
+ underlying socket. In TLS mode we don't do that because we can't
+ close the socket gnutls is working on; instead we make sure that
+ the fclose won't close the socket in this case. */
+#ifdef HTTP_USE_ESTREAM
+ if (hd->write_cookie)
+ {
+ /* The write cookie is only set in the TLS case. */
+ cookie_t cookie = hd->write_cookie;
+ cookie->keep_socket = 1;
+ }
+ else
+#endif /*HTTP_USE_ESTREAM*/
+ {
+#ifdef HAVE_W32_SYSTEM
+ HANDLE handle = (HANDLE)hd->sock;
+ if (!DuplicateHandle (GetCurrentProcess(), handle,
+ GetCurrentProcess(), &handle, 0,
+ TRUE, DUPLICATE_SAME_ACCESS ))
+ return gpg_error_from_syserror ();
+ hd->sock = (int)handle;
+#else
+ hd->sock = dup (hd->sock);
+#endif
+ if (hd->sock == -1)
+ return gpg_error_from_syserror ();
+ }
+ P_ES(fclose) (hd->fp_write);
+ hd->fp_write = NULL;
+#ifdef HTTP_USE_ESTREAM
+ hd->write_cookie = NULL;
+#endif
+
+ if (!(hd->flags & HTTP_FLAG_NO_SHUTDOWN))
+ shutdown (hd->sock, 1);
+ hd->in_data = 0;
+
+#ifdef HTTP_USE_ESTREAM
+ {
+ cookie_t cookie;
+
+ cookie = xtrycalloc (1, sizeof *cookie);
+ if (!cookie)
+ return gpg_error_from_syserror ();
+ cookie->fd = hd->sock;
+ if (hd->uri->use_tls)
+ cookie->tls_session = hd->tls_context;
+
+ hd->fp_read = es_fopencookie (cookie, "r", cookie_functions);
+ if (!hd->fp_read)
+ {
+ xfree (cookie);
+ return gpg_error_from_syserror ();
+ }
+ }
+#else /*!HTTP_USE_ESTREAM*/
+ hd->fp_read = fdopen (hd->sock, "r");
+ if (!hd->fp_read)
+ return gpg_error_from_syserror ();
+#endif /*!HTTP_USE_ESTREAM*/
+
+ err = parse_response (hd);
+ return err;
+}
+
+
+/* Convenience function to send a request and wait for the response.
+ Closes the handle on error. If PROXY is not NULL, this value will
+ be used as an HTTP proxy and any enabled $http_proxy gets
+ ignored. */
+gpg_error_t
+http_open_document (http_t *r_hd, const char *document,
+ const char *auth, unsigned int flags, const char *proxy,
+ void *tls_context, const char *srvtag,strlist_t headers)
+{
+ gpg_error_t err;
+
+ err = http_open (r_hd, HTTP_REQ_GET, document, auth, flags,
+ proxy, tls_context, srvtag, headers);
+ if (err)
+ return err;
+
+ err = http_wait_response (*r_hd);
+ if (err)
+ http_close (*r_hd, 0);
+
+ return err;
+}
+
+
+void
+http_close (http_t hd, int keep_read_stream)
+{
+ if (!hd)
+ return;
+ if (!hd->fp_read && !hd->fp_write && hd->sock != -1)
+ sock_close (hd->sock);
+ if (hd->fp_read && !keep_read_stream)
+ P_ES(fclose) (hd->fp_read);
+ if (hd->fp_write)
+ P_ES(fclose) (hd->fp_write);
+ http_release_parsed_uri (hd->uri);
+ while (hd->headers)
+ {
+ header_t tmp = hd->headers->next;
+ xfree (hd->headers->value);
+ xfree (hd->headers);
+ hd->headers = tmp;
+ }
+ xfree (hd->buffer);
+ xfree (hd);
+}
+
+
+#ifdef HTTP_USE_ESTREAM
+estream_t
+http_get_read_ptr (http_t hd)
+{
+ return hd?hd->fp_read:NULL;
+}
+estream_t
+http_get_write_ptr (http_t hd)
+{
+ return hd?hd->fp_write:NULL;
+}
+#else /*!HTTP_USE_ESTREAM*/
+FILE *
+http_get_read_ptr (http_t hd)
+{
+ return hd?hd->fp_read:NULL;
+}
+FILE *
+http_get_write_ptr (http_t hd)
+{
+ return hd?hd->fp_write:NULL;
+}
+#endif /*!HTTP_USE_ESTREAM*/
+unsigned int
+http_get_status_code (http_t hd)
+{
+ return hd?hd->status_code:0;
+}
+
+
+
+/*
+ * Parse an URI and put the result into the newly allocated RET_URI.
+ * The caller must always use release_parsed_uri() to releases the
+ * resources (even on error).
+ */
+gpg_error_t
+http_parse_uri (parsed_uri_t * ret_uri, const char *uri)
+{
+ *ret_uri = xcalloc (1, sizeof **ret_uri + strlen (uri));
+ strcpy ((*ret_uri)->buffer, uri);
+ return do_parse_uri (*ret_uri, 0);
+}
+
+void
+http_release_parsed_uri (parsed_uri_t uri)
+{
+ if (uri)
+ {
+ uri_tuple_t r, r2;
+
+ for (r = uri->query; r; r = r2)
+ {
+ r2 = r->next;
+ xfree (r);
+ }
+ xfree (uri);
+ }
+}
+
+
+static gpg_error_t
+do_parse_uri (parsed_uri_t uri, int only_local_part)
+{
+ uri_tuple_t *tail;
+ char *p, *p2, *p3, *pp;
+ int n;
+
+ p = uri->buffer;
+ n = strlen (uri->buffer);
+
+ /* Initialize all fields to an empty string or an empty list. */
+ uri->scheme = uri->host = uri->path = p + n;
+ uri->port = 0;
+ uri->params = uri->query = NULL;
+ uri->use_tls = 0;
+
+ /* A quick validity check. */
+ if (strspn (p, VALID_URI_CHARS) != n)
+ return gpg_error (GPG_ERR_BAD_URI); /* Invalid characters found. */
+
+ if (!only_local_part)
+ {
+ /* Find the scheme. */
+ if (!(p2 = strchr (p, ':')) || p2 == p)
+ return gpg_error (GPG_ERR_BAD_URI); /* No scheme. */
+ *p2++ = 0;
+ for (pp=p; *pp; pp++)
+ *pp = tolower (*(unsigned char*)pp);
+ uri->scheme = p;
+ if (!strcmp (uri->scheme, "http"))
+ uri->port = 80;
+#ifdef HTTP_USE_GNUTLS
+ else if (!strcmp (uri->scheme, "https"))
+ {
+ uri->port = 443;
+ uri->use_tls = 1;
+ }
+#endif
+ else
+ return gpg_error (GPG_ERR_INV_URI); /* Unsupported scheme */
+
+ p = p2;
+
+ /* Find the hostname */
+ if (*p != '/')
+ return gpg_error (GPG_ERR_INV_URI); /* Does not start with a slash. */
+
+ p++;
+ if (*p == '/') /* There seems to be a hostname. */
+ {
+ p++;
+ if ((p2 = strchr (p, '/')))
+ *p2++ = 0;
+
+ /* Check for username/password encoding */
+ if ((p3 = strchr (p, '@')))
+ {
+ uri->auth = p;
+ *p3++ = '\0';
+ p = p3;
+ }
+
+ for (pp=p; *pp; pp++)
+ *pp = tolower (*(unsigned char*)pp);
+
+ /* Handle an IPv6 literal */
+ if( *p == '[' && (p3=strchr( p, ']' )) )
+ {
+ *p3++ = '\0';
+ /* worst case, uri->host should have length 0, points to \0 */
+ uri->host = p + 1;
+ p = p3;
+ }
+ else
+ uri->host = p;
+
+ if ((p3 = strchr (p, ':')))
+ {
+ *p3++ = '\0';
+ uri->port = atoi (p3);
+ }
+
+ if ((n = remove_escapes (uri->host)) < 0)
+ return gpg_error (GPG_ERR_BAD_URI);
+ if (n != strlen (uri->host))
+ return gpg_error (GPG_ERR_BAD_URI); /* Hostname incudes a Nul. */
+ p = p2 ? p2 : NULL;
+ }
+ } /* End global URI part. */
+
+ /* Parse the pathname part */
+ if (!p || !*p)
+ return 0; /* We don't have a path. Okay. */
+
+ /* TODO: Here we have to check params. */
+
+ /* Do we have a query part? */
+ if ((p2 = strchr (p, '?')))
+ *p2++ = 0;
+
+ uri->path = p;
+ if ((n = remove_escapes (p)) < 0)
+ return gpg_error (GPG_ERR_BAD_URI);
+ if (n != strlen (p))
+ return gpg_error (GPG_ERR_BAD_URI); /* Path includes a Nul. */
+ p = p2 ? p2 : NULL;
+
+ if (!p || !*p)
+ return 0; /* We don't have a query string. Okay. */
+
+ /* Now parse the query string. */
+ tail = &uri->query;
+ for (;;)
+ {
+ uri_tuple_t elem;
+
+ if ((p2 = strchr (p, '&')))
+ *p2++ = 0;
+ if (!(elem = parse_tuple (p)))
+ return gpg_error (GPG_ERR_BAD_URI);
+ *tail = elem;
+ tail = &elem->next;
+
+ if (!p2)
+ break; /* Ready. */
+ p = p2;
+ }
+
+ return 0;
+}
+
+
+/*
+ * Remove all %xx escapes; this is done in-place. Returns: New length
+ * of the string.
+ */
+static int
+remove_escapes (char *string)
+{
+ int n = 0;
+ unsigned char *p, *s;
+
+ for (p = s = (unsigned char*)string; *s; s++)
+ {
+ if (*s == '%')
+ {
+ if (s[1] && s[2] && isxdigit (s[1]) && isxdigit (s[2]))
+ {
+ s++;
+ *p = *s >= '0' && *s <= '9' ? *s - '0' :
+ *s >= 'A' && *s <= 'F' ? *s - 'A' + 10 : *s - 'a' + 10;
+ *p <<= 4;
+ s++;
+ *p |= *s >= '0' && *s <= '9' ? *s - '0' :
+ *s >= 'A' && *s <= 'F' ? *s - 'A' + 10 : *s - 'a' + 10;
+ p++;
+ n++;
+ }
+ else
+ {
+ *p++ = *s++;
+ if (*s)
+ *p++ = *s++;
+ if (*s)
+ *p++ = *s++;
+ if (*s)
+ *p = 0;
+ return -1; /* Bad URI. */
+ }
+ }
+ else
+ {
+ *p++ = *s;
+ n++;
+ }
+ }
+ *p = 0; /* Make sure to keep a string terminator. */
+ return n;
+}
+
+
+static int
+insert_escapes (char *buffer, const char *string,
+ const char *special)
+{
+ const unsigned char *s = (const unsigned char*)string;
+ int n = 0;
+
+ for (; *s; s++)
+ {
+ if (strchr (VALID_URI_CHARS, *s) && !strchr (special, *s))
+ {
+ if (buffer)
+ *(unsigned char*)buffer++ = *s;
+ n++;
+ }
+ else
+ {
+ if (buffer)
+ {
+ sprintf (buffer, "%%%02X", *s);
+ buffer += 3;
+ }
+ n += 3;
+ }
+ }
+ return n;
+}
+
+
+/* Allocate a new string from STRING using standard HTTP escaping as
+ well as escaping of characters given in SPECIALS. A common pattern
+ for SPECIALS is "%;?&=". However it depends on the needs, for
+ example "+" and "/: often needs to be escaped too. Returns NULL on
+ failure and sets ERRNO. */
+char *
+http_escape_string (const char *string, const char *specials)
+{
+ int n;
+ char *buf;
+
+ n = insert_escapes (NULL, string, specials);
+ buf = xtrymalloc (n+1);
+ if (buf)
+ {
+ insert_escapes (buf, string, specials);
+ buf[n] = 0;
+ }
+ return buf;
+}
+
+
+
+static uri_tuple_t
+parse_tuple (char *string)
+{
+ char *p = string;
+ char *p2;
+ int n;
+ uri_tuple_t tuple;
+
+ if ((p2 = strchr (p, '=')))
+ *p2++ = 0;
+ if ((n = remove_escapes (p)) < 0)
+ return NULL; /* Bad URI. */
+ if (n != strlen (p))
+ return NULL; /* Name with a Nul in it. */
+ tuple = xtrycalloc (1, sizeof *tuple);
+ if (!tuple)
+ return NULL; /* Out of core. */
+ tuple->name = p;
+ if (!p2) /* We have only the name, so we assume an empty value string. */
+ {
+ tuple->value = p + strlen (p);
+ tuple->valuelen = 0;
+ tuple->no_value = 1; /* Explicitly mark that we have seen no '='. */
+ }
+ else /* Name and value. */
+ {
+ if ((n = remove_escapes (p2)) < 0)
+ {
+ xfree (tuple);
+ return NULL; /* Bad URI. */
+ }
+ tuple->value = p2;
+ tuple->valuelen = n;
+ }
+ return tuple;
+}
+
+
+/*
+ * Send a HTTP request to the server
+ * Returns 0 if the request was successful
+ */
+static gpg_error_t
+send_request (http_t hd, const char *auth,
+ const char *proxy,const char *srvtag,strlist_t headers)
+{
+ gnutls_session_t tls_session;
+ gpg_error_t err;
+ const char *server;
+ char *request, *p;
+ unsigned short port;
+ const char *http_proxy = NULL;
+ char *proxy_authstr = NULL;
+ char *authstr = NULL;
+ int save_errno;
+
+ tls_session = hd->tls_context;
+ if (hd->uri->use_tls && !tls_session)
+ {
+ log_error ("TLS requested but no GNUTLS context provided\n");
+ return gpg_error (GPG_ERR_INTERNAL);
+ }
+
+ server = *hd->uri->host ? hd->uri->host : "localhost";
+ port = hd->uri->port ? hd->uri->port : 80;
+
+ if ( (proxy && *proxy)
+ || ( (hd->flags & HTTP_FLAG_TRY_PROXY)
+ && (http_proxy = getenv (HTTP_PROXY_ENV))
+ && *http_proxy ))
+ {
+ parsed_uri_t uri;
+
+ if (proxy)
+ http_proxy = proxy;
+
+ err = http_parse_uri (&uri, http_proxy);
+ if (err)
+ {
+ log_error ("invalid HTTP proxy (%s): %s\n",
+ http_proxy, gpg_strerror (err));
+ http_release_parsed_uri (uri);
+ return gpg_error (GPG_ERR_CONFIGURATION);
+
+ }
+
+ if (uri->auth)
+ {
+ remove_escapes (uri->auth);
+ proxy_authstr = make_header_line ("Proxy-Authorization: Basic ",
+ "\r\n",
+ uri->auth, strlen(uri->auth));
+ if (!proxy_authstr)
+ {
+ err = gpg_error_from_syserror ();
+ http_release_parsed_uri (uri);
+ return err;
+ }
+ }
+
+ hd->sock = connect_server (*uri->host ? uri->host : "localhost",
+ uri->port ? uri->port : 80,
+ hd->flags, srvtag);
+ save_errno = errno;
+ http_release_parsed_uri (uri);
+ }
+ else
+ {
+ hd->sock = connect_server (server, port, hd->flags, srvtag);
+ save_errno = errno;
+ }
+
+ if (hd->sock == -1)
+ {
+ xfree (proxy_authstr);
+ return (save_errno
+ ? gpg_error_from_errno (save_errno)
+ : gpg_error (GPG_ERR_NOT_FOUND));
+ }
+
+#ifdef HTTP_USE_GNUTLS
+ if (hd->uri->use_tls)
+ {
+ int rc;
+
+ gnutls_transport_set_ptr (tls_session, (gnutls_transport_ptr_t)hd->sock);
+ do
+ {
+ rc = gnutls_handshake (tls_session);
+ }
+ while (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN);
+ if (rc < 0)
+ {
+ log_info ("TLS handshake failed: %s\n", gnutls_strerror (rc));
+ xfree (proxy_authstr);
+ return gpg_error (GPG_ERR_NETWORK);
+ }
+
+ if (tls_callback)
+ {
+ err = tls_callback (hd, tls_session, 0);
+ if (err)
+ {
+ log_info ("TLS connection authentication failed: %s\n",
+ gpg_strerror (err));
+ xfree (proxy_authstr);
+ return err;
+ }
+ }
+ }
+#endif /*HTTP_USE_GNUTLS*/
+
+ if (auth || hd->uri->auth)
+ {
+ char *myauth;
+
+ if (auth)
+ {
+ myauth = xtrystrdup (auth);
+ if (!myauth)
+ {
+ xfree (proxy_authstr);
+ return gpg_error_from_syserror ();
+ }
+ remove_escapes (myauth);
+ }
+ else
+ {
+ remove_escapes (hd->uri->auth);
+ myauth = hd->uri->auth;
+ }
+
+ authstr = make_header_line ("Authorization: Basic %s", "\r\n",
+ myauth, strlen (myauth));
+ if (auth)
+ xfree (myauth);
+
+ if (!authstr)
+ {
+ xfree (proxy_authstr);
+ return gpg_error_from_syserror ();
+ }
+ }
+
+ p = build_rel_path (hd->uri);
+ if (!p)
+ return gpg_error_from_syserror ();
+
+ request = xtrymalloc (2 * strlen (server)
+ + strlen (p)
+ + (authstr?strlen(authstr):0)
+ + (proxy_authstr?strlen(proxy_authstr):0)
+ + 100);
+ if (!request)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (p);
+ xfree (authstr);
+ xfree (proxy_authstr);
+ return err;
+ }
+
+ if (http_proxy && *http_proxy)
+ {
+ sprintf (request, "%s http://%s:%hu%s%s HTTP/1.0\r\n%s%s",
+ hd->req_type == HTTP_REQ_GET ? "GET" :
+ hd->req_type == HTTP_REQ_HEAD ? "HEAD" :
+ hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS",
+ server, port, *p == '/' ? "" : "/", p,
+ authstr ? authstr : "",
+ proxy_authstr ? proxy_authstr : "");
+ }
+ else
+ {
+ char portstr[35];
+
+ if (port == 80)
+ *portstr = 0;
+ else
+ sprintf (portstr, ":%u", port);
+
+ sprintf (request, "%s %s%s HTTP/1.0\r\nHost: %s%s\r\n%s",
+ hd->req_type == HTTP_REQ_GET ? "GET" :
+ hd->req_type == HTTP_REQ_HEAD ? "HEAD" :
+ hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS",
+ *p == '/' ? "" : "/", p, server, portstr,
+ authstr? authstr:"");
+ }
+ xfree (p);
+
+
+#ifdef HTTP_USE_ESTREAM
+ /* First setup estream so that we can write even the first line
+ using estream. This is also required for the sake of gnutls. */
+ {
+ cookie_t cookie;
+
+ cookie = xtrycalloc (1, sizeof *cookie);
+ if (!cookie)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ cookie->fd = hd->sock;
+ if (hd->uri->use_tls)
+ {
+ cookie->tls_session = tls_session;
+ hd->write_cookie = cookie;
+ }
+
+ hd->fp_write = es_fopencookie (cookie, "w", cookie_functions);
+ if (!hd->fp_write)
+ {
+ xfree (cookie);
+ err = gpg_error_from_syserror ();
+ }
+ else if (es_fputs (request, hd->fp_write) || es_fflush (hd->fp_write))
+ err = gpg_error_from_syserror ();
+ else
+ err = 0;
+
+ if(err==0)
+ for(;headers;headers=headers->next)
+ {
+ if ((es_fputs (headers->d, hd->fp_write) || es_fflush (hd->fp_write))
+ || (es_fputs("\r\n",hd->fp_write) || es_fflush(hd->fp_write)))
+ {
+ err = gpg_error_from_syserror ();
+ break;
+ }
+ }
+ }
+
+ leave:
+
+#else /*!HTTP_USE_ESTREAM*/
+ /* We send out the start of the request through our own send
+ function and only then assign a stdio stream. This allows for
+ better error reporting that through standard stdio means. */
+ err = write_server (hd->sock, request, strlen (request));
+
+ if(err==0)
+ for(;headers;headers=headers->next)
+ {
+ err = write_server( hd->sock, headers->d, strlen(headers->d) );
+ if(err)
+ break;
+ err = write_server( hd->sock, "\r\n", 2 );
+ if(err)
+ break;
+ }
+
+ if (!err)
+ {
+ hd->fp_write = fdopen (hd->sock, "w");
+ if (!hd->fp_write)
+ err = gpg_error_from_syserror ();
+ }
+
+#endif /*!HTTP_USE_ESTREAM*/
+
+ xfree (request);
+ xfree (authstr);
+ xfree (proxy_authstr);
+
+ return err;
+}
+
+
+/*
+ * Build the relative path from the parsed URI. Minimal
+ * implementation. May return NULL in case of memory failure; errno
+ * is then set accordingly.
+ */
+static char *
+build_rel_path (parsed_uri_t uri)
+{
+ uri_tuple_t r;
+ char *rel_path, *p;
+ int n;
+
+ /* Count the needed space. */
+ n = insert_escapes (NULL, uri->path, "%;?&");
+ /* TODO: build params. */
+ for (r = uri->query; r; r = r->next)
+ {
+ n++; /* '?'/'&' */
+ n += insert_escapes (NULL, r->name, "%;?&=");
+ if (!r->no_value)
+ {
+ n++; /* '=' */
+ n += insert_escapes (NULL, r->value, "%;?&=");
+ }
+ }
+ n++;
+
+ /* Now allocate and copy. */
+ p = rel_path = xtrymalloc (n);
+ if (!p)
+ return NULL;
+ n = insert_escapes (p, uri->path, "%;?&");
+ p += n;
+ /* TODO: add params. */
+ for (r = uri->query; r; r = r->next)
+ {
+ *p++ = r == uri->query ? '?' : '&';
+ n = insert_escapes (p, r->name, "%;?&=");
+ p += n;
+ if (!r->no_value)
+ {
+ *p++ = '=';
+ /* TODO: Use valuelen. */
+ n = insert_escapes (p, r->value, "%;?&=");
+ p += n;
+ }
+ }
+ *p = 0;
+ return rel_path;
+}
+
+
+
+/*
+ Same as fgets() but if the buffer is too short a larger one will be
+ allocated up to some limit *MAX_LENGTH. A line is considered a
+ byte stream ending in a LF. Returns the length of the line. EOF is
+ indicated by a line of length zero. The last LF may be missing due
+ to an EOF. If MAX_LENGTH is zero on return, the line has been
+ truncated. If the returned buffer is NULL, not enough memory was
+ enable to increase it, the return value will also be 0 and some
+ bytes might have been lost which should be no problem becuase
+ out-of-memory is pretty fatal for most applications.
+
+ If a line has been truncated, the file pointer is internally moved
+ forward to the end of the line.
+
+ Note: The returned buffer is allocated with enough extra space to
+ append a CR,LF,Nul
+ */
+static size_t
+my_read_line (
+#ifdef HTTP_USE_ESTREAM
+ estream_t fp,
+#else
+ FILE *fp,
+#endif
+ char **addr_of_buffer,
+ size_t *length_of_buffer, size_t *max_length)
+{
+ int c;
+ char *buffer = *addr_of_buffer;
+ size_t length = *length_of_buffer;
+ size_t nbytes = 0;
+ size_t maxlen = *max_length;
+ char *p;
+
+ if (!buffer) /* Must allocate a new buffer. */
+ {
+ length = 256;
+ buffer = xtrymalloc (length);
+ *addr_of_buffer = buffer;
+ if (!buffer)
+ {
+ *length_of_buffer = *max_length = 0;
+ return 0;
+ }
+ *length_of_buffer = length;
+ }
+
+ length -= 3; /* Reserve 3 bytes (cr,lf,eol). */
+ p = buffer;
+ while ((c = P_ES(getc) (fp)) != EOF)
+ {
+ if (nbytes == length) /* Increase the buffer. */
+ {
+ if (length > maxlen) /* Limit reached. */
+ {
+ /* Skip the rest of the line. */
+ while (c != '\n' && (c = P_ES(getc) (fp)) != EOF)
+ ;
+ *p++ = '\n'; /* Always append a LF (we reserved some space). */
+ nbytes++;
+ *max_length = 0; /* Indicate truncation */
+ break; /*(the while loop)*/
+ }
+ length += 3; /* Adjust for the reserved bytes. */
+ length += length < 1024 ? 256 : 1024;
+ *addr_of_buffer = xtryrealloc (buffer, length);
+ if (!*addr_of_buffer)
+ {
+ int save_errno = errno;
+ xfree (buffer);
+ *length_of_buffer = *max_length = 0;
+ errno = save_errno;
+ return 0;
+ }
+ buffer = *addr_of_buffer;
+ *length_of_buffer = length;
+ length -= 3; /* And re-adjust for the reservation. */
+ p = buffer + nbytes;
+ }
+ *p++ = c;
+ nbytes++;
+ if (c == '\n')
+ break;
+ }
+ *p = 0; /* Make sure the line is a string. */
+
+ return nbytes;
+}
+
+
+/* Transform a header name into a standard capitalized format; e.g.
+ "Content-Type". Conversion stops at the colon. As usual we don't
+ use the localized versions of ctype.h. */
+static void
+capitalize_header_name (char *name)
+{
+ int first = 1;
+
+ for (; *name && *name != ':'; name++)
+ {
+ if (*name == '-')
+ first = 1;
+ else if (first)
+ {
+ if (*name >= 'a' && *name <= 'z')
+ *name = *name - 'a' + 'A';
+ first = 0;
+ }
+ else if (*name >= 'A' && *name <= 'Z')
+ *name = *name - 'A' + 'a';
+ }
+}
+
+
+/* Store an HTTP header line in LINE away. Line continuation is
+ supported as well as merging of headers with the same name. This
+ function may modify LINE. */
+static gpg_error_t
+store_header (http_t hd, char *line)
+{
+ size_t n;
+ char *p, *value;
+ header_t h;
+
+ n = strlen (line);
+ if (n && line[n-1] == '\n')
+ {
+ line[--n] = 0;
+ if (n && line[n-1] == '\r')
+ line[--n] = 0;
+ }
+ if (!n) /* we are never called to hit this. */
+ return gpg_error (GPG_ERR_BUG);
+ if (*line == ' ' || *line == '\t')
+ {
+ /* Continuation. This won't happen too often as it is not
+ recommended. We use a straightforward implementaion. */
+ if (!hd->headers)
+ return gpg_error (GPG_ERR_PROTOCOL_VIOLATION);
+ n += strlen (hd->headers->value);
+ p = xtrymalloc (n+1);
+ if (!p)
+ return gpg_error_from_syserror ();
+ strcpy (stpcpy (p, hd->headers->value), line);
+ xfree (hd->headers->value);
+ hd->headers->value = p;
+ return 0;
+ }
+
+ capitalize_header_name (line);
+ p = strchr (line, ':');
+ if (!p)
+ return gpg_error (GPG_ERR_PROTOCOL_VIOLATION);
+ *p++ = 0;
+ while (*p == ' ' || *p == '\t')
+ p++;
+ value = p;
+
+ for (h=hd->headers; h; h = h->next)
+ if ( !strcmp (h->name, line) )
+ break;
+ if (h)
+ {
+ /* We have already seen a line with that name. Thus we assume
+ it is a comma separated list and merge them. */
+ p = xtrymalloc (strlen (h->value) + 1 + strlen (value)+ 1);
+ if (!p)
+ return gpg_error_from_syserror ();
+ strcpy (stpcpy (stpcpy (p, h->value), ","), value);
+ xfree (h->value);
+ h->value = p;
+ return 0;
+ }
+
+ /* Append a new header. */
+ h = xtrymalloc (sizeof *h + strlen (line));
+ if (!h)
+ return gpg_error_from_syserror ();
+ strcpy (h->name, line);
+ h->value = xtrymalloc (strlen (value)+1);
+ if (!h->value)
+ {
+ xfree (h);
+ return gpg_error_from_syserror ();
+ }
+ strcpy (h->value, value);
+ h->next = hd->headers;
+ hd->headers = h;
+
+ return 0;
+}
+
+
+/* Return the header NAME from the last response. The returned value
+ is valid as along as HD has not been closed and no othe request has
+ been send. If the header was not found, NULL is returned. Name
+ must be canonicalized, that is the first letter of each dash
+ delimited part must be uppercase and all other letters lowercase.
+ Note that the context must have been opened with the
+ HTTP_FLAG_NEED_HEADER. */
+const char *
+http_get_header (http_t hd, const char *name)
+{
+ header_t h;
+
+ for (h=hd->headers; h; h = h->next)
+ if ( !strcmp (h->name, name) )
+ return h->value;
+ return NULL;
+}
+
+
+
+/*
+ * Parse the response from a server.
+ * Returns: Errorcode and sets some files in the handle
+ */
+static gpg_error_t
+parse_response (http_t hd)
+{
+ char *line, *p, *p2;
+ size_t maxlen, len;
+
+ /* Delete old header lines. */
+ while (hd->headers)
+ {
+ header_t tmp = hd->headers->next;
+ xfree (hd->headers->value);
+ xfree (hd->headers);
+ hd->headers = tmp;
+ }
+
+ /* Wait for the status line. */
+ do
+ {
+ maxlen = MAX_LINELEN;
+ len = my_read_line (hd->fp_read, &hd->buffer, &hd->buffer_size, &maxlen);
+ line = hd->buffer;
+ if (!line)
+ return gpg_error_from_syserror (); /* Out of core. */
+ if (!maxlen)
+ return gpg_error (GPG_ERR_TRUNCATED); /* Line has been truncated. */
+ if (!len)
+ return gpg_error (GPG_ERR_EOF);
+ if ( (hd->flags & HTTP_FLAG_LOG_RESP) )
+ log_info ("RESP: `%.*s'\n",
+ (int)strlen(line)-(*line&&line[1]?2:0),line);
+ }
+ while (!*line);
+
+ if ((p = strchr (line, '/')))
+ *p++ = 0;
+ if (!p || strcmp (line, "HTTP"))
+ return 0; /* Assume http 0.9. */
+
+ if ((p2 = strpbrk (p, " \t")))
+ {
+ *p2++ = 0;
+ p2 += strspn (p2, " \t");
+ }
+ if (!p2)
+ return 0; /* Also assume http 0.9. */
+ p = p2;
+ /* TODO: Add HTTP version number check. */
+ if ((p2 = strpbrk (p, " \t")))
+ *p2++ = 0;
+ if (!isdigit ((unsigned int)p[0]) || !isdigit ((unsigned int)p[1])
+ || !isdigit ((unsigned int)p[2]) || p[3])
+ {
+ /* Malformed HTTP status code - assume http 0.9. */
+ hd->is_http_0_9 = 1;
+ hd->status_code = 200;
+ return 0;
+ }
+ hd->status_code = atoi (p);
+
+ /* Skip all the header lines and wait for the empty line. */
+ do
+ {
+ maxlen = MAX_LINELEN;
+ len = my_read_line (hd->fp_read, &hd->buffer, &hd->buffer_size, &maxlen);
+ line = hd->buffer;
+ if (!line)
+ return gpg_error_from_syserror (); /* Out of core. */
+ /* Note, that we can silently ignore truncated lines. */
+ if (!len)
+ return gpg_error (GPG_ERR_EOF);
+ /* Trim line endings of empty lines. */
+ if ((*line == '\r' && line[1] == '\n') || *line == '\n')
+ *line = 0;
+ if ( (hd->flags & HTTP_FLAG_LOG_RESP) )
+ log_info ("RESP: `%.*s'\n",
+ (int)strlen(line)-(*line&&line[1]?2:0),line);
+ if ( (hd->flags & HTTP_FLAG_NEED_HEADER) && *line )
+ {
+ gpg_error_t err = store_header (hd, line);
+ if (err)
+ return err;
+ }
+ }
+ while (len && *line);
+
+ return 0;
+}
+
+#if 0
+static int
+start_server ()
+{
+ struct sockaddr_in mya;
+ struct sockaddr_in peer;
+ int fd, client;
+ fd_set rfds;
+ int addrlen;
+ int i;
+
+ if ((fd = socket (AF_INET, SOCK_STREAM, 0)) == -1)
+ {
+ log_error ("socket() failed: %s\n", strerror (errno));
+ return -1;
+ }
+ i = 1;
+ if (setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, (byte *) & i, sizeof (i)))
+ log_info ("setsockopt(SO_REUSEADDR) failed: %s\n", strerror (errno));
+
+ mya.sin_family = AF_INET;
+ memset (&mya.sin_addr, 0, sizeof (mya.sin_addr));
+ mya.sin_port = htons (11371);
+
+ if (bind (fd, (struct sockaddr *) &mya, sizeof (mya)))
+ {
+ log_error ("bind to port 11371 failed: %s\n", strerror (errno));
+ sock_close (fd);
+ return -1;
+ }
+
+ if (listen (fd, 5))
+ {
+ log_error ("listen failed: %s\n", strerror (errno));
+ sock_close (fd);
+ return -1;
+ }
+
+ for (;;)
+ {
+ FD_ZERO (&rfds);
+ FD_SET (fd, &rfds);
+
+ if (select (fd + 1, &rfds, NULL, NULL, NULL) <= 0)
+ continue; /* ignore any errors */
+
+ if (!FD_ISSET (fd, &rfds))
+ continue;
+
+ addrlen = sizeof peer;
+ client = accept (fd, (struct sockaddr *) &peer, &addrlen);
+ if (client == -1)
+ continue; /* oops */
+
+ log_info ("connect from %s\n", inet_ntoa (peer.sin_addr));
+
+ fflush (stdout);
+ fflush (stderr);
+ if (!fork ())
+ {
+ int c;
+ FILE *fp;
+
+ fp = fdopen (client, "r");
+ while ((c = getc (fp)) != EOF)
+ putchar (c);
+ fclose (fp);
+ exit (0);
+ }
+ sock_close (client);
+ }
+
+
+ return 0;
+}
+#endif
+
+/* Actually connect to a server. Returns the file descriptor or -1 on
+ error. ERRNO is set on error. */
+static int
+connect_server (const char *server, unsigned short port,
+ unsigned int flags, const char *srvtag)
+{
+ int sock = -1;
+ int srvcount = 0;
+ int hostfound = 0;
+ int srv, connected;
+ int last_errno = 0;
+ struct srventry *serverlist = NULL;
+
+ /* Not currently using the flags */
+ (void)flags;
+
+#ifdef HAVE_W32_SYSTEM
+ unsigned long inaddr;
+
+#ifndef HTTP_NO_WSASTARTUP
+ init_sockets ();
+#endif
+ /* Win32 gethostbyname doesn't handle IP addresses internally, so we
+ try inet_addr first on that platform only. */
+ inaddr = inet_addr(server);
+ if ( inaddr != INADDR_NONE )
+ {
+ struct sockaddr_in addr;
+
+ memset(&addr,0,sizeof(addr));
+
+ sock = socket(AF_INET,SOCK_STREAM,0);
+ if ( sock==INVALID_SOCKET )
+ {
+ log_error("error creating socket: ec=%d\n",(int)WSAGetLastError());
+ return -1;
+ }
+
+ addr.sin_family = AF_INET;
+ addr.sin_port = htons(port);
+ memcpy (&addr.sin_addr,&inaddr,sizeof(inaddr));
+
+ if (!connect (sock,(struct sockaddr *)&addr,sizeof(addr)) )
+ return sock;
+ sock_close(sock);
+ return -1;
+ }
+#endif /*HAVE_W32_SYSTEM*/
+
+#ifdef USE_DNS_SRV
+ /* Do the SRV thing */
+ if (srvtag)
+ {
+ /* We're using SRV, so append the tags. */
+ if (1+strlen (srvtag) + 6 + strlen (server) + 1 <= MAXDNAME)
+ {
+ char srvname[MAXDNAME];
+
+ stpcpy (stpcpy (stpcpy (stpcpy (srvname,"_"), srvtag),
+ "._tcp."), server);
+ srvcount = getsrv (srvname, &serverlist);
+ }
+ }
+#endif /*USE_DNS_SRV*/
+
+ if (!serverlist)
+ {
+ /* Either we're not using SRV, or the SRV lookup failed. Make
+ up a fake SRV record. */
+ serverlist = xtrycalloc (1, sizeof *serverlist);
+ if (!serverlist)
+ return -1; /* Out of core. */
+ serverlist->port = port;
+ strncpy (serverlist->target, server, MAXDNAME);
+ serverlist->target[MAXDNAME-1] = '\0';
+ srvcount = 1;
+ }
+
+#ifdef HAVE_GETADDRINFO
+ connected = 0;
+ for (srv=0; srv < srvcount && !connected; srv++)
+ {
+ struct addrinfo hints, *res, *ai;
+ char portstr[35];
+
+ sprintf (portstr, "%hu", port);
+ memset (&hints, 0, sizeof (hints));
+ hints.ai_socktype = SOCK_STREAM;
+ if (getaddrinfo (serverlist[srv].target, portstr, &hints, &res))
+ continue; /* Not found - try next one. */
+ hostfound = 1;
+
+ for (ai = res; ai && !connected; ai = ai->ai_next)
+ {
+ if (sock != -1)
+ sock_close (sock);
+ sock = socket (ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+ if (sock == -1)
+ {
+ int save_errno = errno;
+ log_error ("error creating socket: %s\n", strerror (errno));
+ freeaddrinfo (res);
+ xfree (serverlist);
+ errno = save_errno;
+ return -1;
+ }
+
+ if (connect (sock, ai->ai_addr, ai->ai_addrlen))
+ last_errno = errno;
+ else
+ connected = 1;
+ }
+ freeaddrinfo (res);
+ }
+#else /* !HAVE_GETADDRINFO */
+ connected = 0;
+ for (srv=0; srv < srvcount && !connected; srv++)
+ {
+ int i;
+ struct hostent *host = NULL;
+ struct sockaddr_in addr;
+
+ /* Note: This code is not thread-safe. */
+
+ memset (&addr, 0, sizeof (addr));
+ host = gethostbyname (serverlist[srv].target);
+ if (!host)
+ continue;
+ hostfound = 1;
+
+ if (sock != -1)
+ sock_close (sock);
+ sock = socket (host->h_addrtype, SOCK_STREAM, 0);
+ if (sock == -1)
+ {
+ log_error (_("error creating socket: %s\n"), strerror (errno));
+ xfree (serverlist);
+ return -1;
+ }
+
+ addr.sin_family = host->h_addrtype;
+ if (addr.sin_family != AF_INET)
+ {
+ log_error ("unknown address family for `%s'\n",
+ serverlist[srv].target);
+ xfree (serverlist);
+ return -1;
+ }
+ addr.sin_port = htons (serverlist[srv].port);
+ if (host->h_length != 4)
+ {
+ log_error ("illegal address length for `%s'\n",
+ serverlist[srv].target);
+ xfree (serverlist);
+ return -1;
+ }
+
+ /* Try all A records until one responds. */
+ for (i = 0; host->h_addr_list[i] && !connected; i++)
+ {
+ memcpy (&addr.sin_addr, host->h_addr_list[i], host->h_length);
+ if (connect (sock, (struct sockaddr *) &addr, sizeof (addr)))
+ last_errno = errno;
+ else
+ {
+ connected = 1;
+ break;
+ }
+ }
+ }
+#endif /* !HAVE_GETADDRINFO */
+
+ xfree (serverlist);
+
+ if (!connected)
+ {
+#ifdef HAVE_W32_SYSTEM
+ log_error ("can't connect to `%s': %s%sec=%d\n",
+ server,
+ hostfound? "":_("host not found"),
+ hostfound? "":" - ", (int)WSAGetLastError());
+#else
+ log_error ("can't connect to `%s': %s\n",
+ server,
+ hostfound? strerror (last_errno):"host not found");
+#endif
+ if (sock != -1)
+ sock_close (sock);
+ errno = last_errno;
+ return -1;
+ }
+ return sock;
+}
+
+
+static gpg_error_t
+write_server (int sock, const char *data, size_t length)
+{
+ int nleft;
+
+ nleft = length;
+ while (nleft > 0)
+ {
+#ifdef HAVE_W32_SYSTEM
+ int nwritten;
+
+ nwritten = send (sock, data, nleft, 0);
+ if ( nwritten == SOCKET_ERROR )
+ {
+ log_info ("network write failed: ec=%d\n", (int)WSAGetLastError ());
+ return gpg_error (GPG_ERR_NETWORK);
+ }
+#else /*!HAVE_W32_SYSTEM*/
+ int nwritten = write (sock, data, nleft);
+ if (nwritten == -1)
+ {
+ if (errno == EINTR)
+ continue;
+ if (errno == EAGAIN)
+ {
+ struct timeval tv;
+
+ tv.tv_sec = 0;
+ tv.tv_usec = 50000;
+ select (0, NULL, NULL, NULL, &tv);
+ continue;
+ }
+ log_info ("network write failed: %s\n", strerror (errno));
+ return gpg_error_from_syserror ();
+ }
+#endif /*!HAVE_W32_SYSTEM*/
+ nleft -= nwritten;
+ data += nwritten;
+ }
+
+ return 0;
+}
+
+
+
+#ifdef HTTP_USE_ESTREAM
+/* Read handler for estream. */
+static ssize_t
+cookie_read (void *cookie, void *buffer, size_t size)
+{
+ cookie_t c = cookie;
+ int nread;
+
+#ifdef HTTP_USE_GNUTLS
+ if (c->tls_session)
+ {
+ again:
+ nread = gnutls_record_recv (c->tls_session, buffer, size);
+ if (nread < 0)
+ {
+ if (nread == GNUTLS_E_INTERRUPTED)
+ goto again;
+ if (nread == GNUTLS_E_AGAIN)
+ {
+ struct timeval tv;
+
+ tv.tv_sec = 0;
+ tv.tv_usec = 50000;
+ select (0, NULL, NULL, NULL, &tv);
+ goto again;
+ }
+ if (nread == GNUTLS_E_REHANDSHAKE)
+ goto again; /* A client is allowed to just ignore this request. */
+ log_info ("TLS network read failed: %s\n", gnutls_strerror (nread));
+ errno = EIO;
+ return -1;
+ }
+ }
+ else
+#endif /*HTTP_USE_GNUTLS*/
+ {
+ do
+ {
+#ifdef HAVE_W32_SYSTEM
+ /* Under Windows we need to use recv for a socket. */
+ nread = recv (c->fd, buffer, size, 0);
+#else
+ nread = read (c->fd, buffer, size);
+#endif
+ }
+ while (nread == -1 && errno == EINTR);
+ }
+
+ return nread;
+}
+
+/* Write handler for estream. */
+static ssize_t
+cookie_write (void *cookie, const void *buffer, size_t size)
+{
+ cookie_t c = cookie;
+ int nwritten = 0;
+
+#ifdef HTTP_USE_GNUTLS
+ if (c->tls_session)
+ {
+ int nleft = size;
+ while (nleft > 0)
+ {
+ nwritten = gnutls_record_send (c->tls_session, buffer, nleft);
+ if (nwritten <= 0)
+ {
+ if (nwritten == GNUTLS_E_INTERRUPTED)
+ continue;
+ if (nwritten == GNUTLS_E_AGAIN)
+ {
+ struct timeval tv;
+
+ tv.tv_sec = 0;
+ tv.tv_usec = 50000;
+ select (0, NULL, NULL, NULL, &tv);
+ continue;
+ }
+ log_info ("TLS network write failed: %s\n",
+ gnutls_strerror (nwritten));
+ errno = EIO;
+ return -1;
+ }
+ nleft -= nwritten;
+ buffer += nwritten;
+ }
+ }
+ else
+#endif /*HTTP_USE_GNUTLS*/
+ {
+ if ( write_server (c->fd, buffer, size) )
+ {
+ errno = EIO;
+ nwritten = -1;
+ }
+ else
+ nwritten = size;
+ }
+
+ return nwritten;
+}
+
+/* Close handler for estream. */
+static int
+cookie_close (void *cookie)
+{
+ cookie_t c = cookie;
+
+ if (!c)
+ return 0;
+
+#ifdef HTTP_USE_GNUTLS
+ if (c->tls_session && !c->keep_socket)
+ {
+ gnutls_bye (c->tls_session, GNUTLS_SHUT_RDWR);
+ }
+#endif /*HTTP_USE_GNUTLS*/
+ if (c->fd != -1 && !c->keep_socket)
+ sock_close (c->fd);
+
+ xfree (c);
+ return 0;
+}
+#endif /*HTTP_USE_ESTREAM*/
+
+
+
+
+/**** Test code ****/
+#ifdef TEST
+
+static gpg_error_t
+verify_callback (http_t hd, void *tls_context, int reserved)
+{
+ log_info ("verification of certificates skipped\n");
+ return 0;
+}
+
+
+
+/* static void */
+/* my_gnutls_log (int level, const char *text) */
+/* { */
+/* fprintf (stderr, "gnutls:L%d: %s", level, text); */
+/* } */
+
+int
+main (int argc, char **argv)
+{
+ int rc;
+ parsed_uri_t uri;
+ uri_tuple_t r;
+ http_t hd;
+ int c;
+ gnutls_session_t tls_session = NULL;
+#ifdef HTTP_USE_GNUTLS
+ gnutls_certificate_credentials certcred;
+ const int certprio[] = { GNUTLS_CRT_X509, 0 };
+#endif /*HTTP_USE_GNUTLS*/
+ header_t hdr;
+
+#ifdef HTTP_USE_ESTREAM
+ es_init ();
+#endif
+ log_set_prefix ("http-test", 1 | 4);
+ if (argc == 1)
+ {
+ /*start_server (); */
+ return 0;
+ }
+
+ if (argc != 2)
+ {
+ fprintf (stderr, "usage: http-test uri\n");
+ return 1;
+ }
+ argc--;
+ argv++;
+
+#ifdef HTTP_USE_GNUTLS
+ rc = gnutls_global_init ();
+ if (rc)
+ log_error ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
+ rc = gnutls_certificate_allocate_credentials (&certcred);
+ if (rc)
+ log_error ("gnutls_certificate_allocate_credentials failed: %s\n",
+ gnutls_strerror (rc));
+/* rc = gnutls_certificate_set_x509_trust_file */
+/* (certcred, "ca.pem", GNUTLS_X509_FMT_PEM); */
+/* if (rc) */
+/* log_error ("gnutls_certificate_set_x509_trust_file failed: %s\n", */
+/* gnutls_strerror (rc)); */
+ rc = gnutls_init (&tls_session, GNUTLS_CLIENT);
+ if (rc)
+ log_error ("gnutls_init failed: %s\n", gnutls_strerror (rc));
+ rc = gnutls_set_default_priority (tls_session);
+ if (rc)
+ log_error ("gnutls_set_default_priority failed: %s\n",
+ gnutls_strerror (rc));
+ rc = gnutls_certificate_type_set_priority (tls_session, certprio);
+ if (rc)
+ log_error ("gnutls_certificate_type_set_priority failed: %s\n",
+ gnutls_strerror (rc));
+ rc = gnutls_credentials_set (tls_session, GNUTLS_CRD_CERTIFICATE, certcred);
+ if (rc)
+ log_error ("gnutls_credentials_set failed: %s\n", gnutls_strerror (rc));
+/* gnutls_global_set_log_function (my_gnutls_log); */
+/* gnutls_global_set_log_level (4); */
+
+ http_register_tls_callback (verify_callback);
+#endif /*HTTP_USE_GNUTLS*/
+
+ rc = http_parse_uri (&uri, *argv);
+ if (rc)
+ {
+ log_error ("`%s': %s\n", *argv, gpg_strerror (rc));
+ http_release_parsed_uri (uri);
+ return 1;
+ }
+
+ printf ("Scheme: %s\n", uri->scheme);
+ printf ("Host : %s\n", uri->host);
+ printf ("Port : %u\n", uri->port);
+ printf ("Path : %s\n", uri->path);
+ for (r = uri->params; r; r = r->next)
+ {
+ printf ("Params: %s", r->name);
+ if (!r->no_value)
+ {
+ printf ("=%s", r->value);
+ if (strlen (r->value) != r->valuelen)
+ printf (" [real length=%d]", (int) r->valuelen);
+ }
+ putchar ('\n');
+ }
+ for (r = uri->query; r; r = r->next)
+ {
+ printf ("Query : %s", r->name);
+ if (!r->no_value)
+ {
+ printf ("=%s", r->value);
+ if (strlen (r->value) != r->valuelen)
+ printf (" [real length=%d]", (int) r->valuelen);
+ }
+ putchar ('\n');
+ }
+ http_release_parsed_uri (uri);
+ uri = NULL;
+
+ rc = http_open_document (&hd, *argv, NULL,
+ HTTP_FLAG_NO_SHUTDOWN | HTTP_FLAG_NEED_HEADER,
+ NULL, tls_session);
+ if (rc)
+ {
+ log_error ("can't get `%s': %s\n", *argv, gpg_strerror (rc));
+ return 1;
+ }
+ log_info ("open_http_document succeeded; status=%u\n",
+ http_get_status_code (hd));
+ for (hdr = hd->headers; hdr; hdr = hdr->next)
+ printf ("HDR: %s: %s\n", hdr->name, hdr->value);
+ switch (http_get_status_code (hd))
+ {
+ case 200:
+ while ((c = P_ES(getc) (http_get_read_ptr (hd))) != EOF)
+ putchar (c);
+ break;
+ case 301:
+ case 302:
+ printf ("Redirected to `%s'\n", http_get_header (hd, "Location"));
+ break;
+ }
+ http_close (hd, 0);
+
+#ifdef HTTP_USE_GNUTLS
+ gnutls_deinit (tls_session);
+ gnutls_certificate_free_credentials (certcred);
+ gnutls_global_deinit ();
+#endif /*HTTP_USE_GNUTLS*/
+
+ return 0;
+}
+#endif /*TEST*/
+
+
+/*
+Local Variables:
+compile-command: "gcc -I.. -I../gl -DTEST -DHAVE_CONFIG_H -Wall -O2 -g -o http-test http.c -L. -lcommon -L../jnlib -ljnlib -lgcrypt -lpth -lgnutls"
+End:
+*/
diff --git a/common/http.h b/common/http.h
new file mode 100644
index 0000000..28a5304
--- /dev/null
+++ b/common/http.h
@@ -0,0 +1,116 @@
+/* http.h - HTTP protocol handler
+ * Copyright (C) 1999, 2000, 2001, 2003,
+ * 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef GNUPG_COMMON_HTTP_H
+#define GNUPG_COMMON_HTTP_H
+
+#include <gpg-error.h>
+#ifdef HTTP_USE_ESTREAM
+#include "estream.h"
+#endif
+
+struct uri_tuple_s {
+ struct uri_tuple_s *next;
+ const char *name; /* A pointer into name. */
+ char *value; /* A pointer to value (a Nul is always appended). */
+ size_t valuelen; /* The real length of the value; we need it
+ because the value may contain embedded Nuls. */
+ int no_value; /* True if no value has been given in the URL. */
+};
+typedef struct uri_tuple_s *uri_tuple_t;
+
+struct parsed_uri_s
+{
+ /* All these pointers point into BUFFER; most stuff is not escaped. */
+ char *scheme; /* Pointer to the scheme string (lowercase). */
+ int use_tls; /* Whether TLS should be used. */
+ char *auth; /* username/password for basic auth */
+ char *host; /* Host (converted to lowercase). */
+ unsigned short port; /* Port (always set if the host is set). */
+ char *path; /* Path. */
+ uri_tuple_t params; /* ";xxxxx" */
+ uri_tuple_t query; /* "?xxx=yyy" */
+ char buffer[1]; /* Buffer which holds a (modified) copy of the URI. */
+};
+typedef struct parsed_uri_s *parsed_uri_t;
+
+typedef enum
+ {
+ HTTP_REQ_GET = 1,
+ HTTP_REQ_HEAD = 2,
+ HTTP_REQ_POST = 3
+ }
+http_req_t;
+
+/* We put the flag values into an enum, so that gdb can display them. */
+enum
+ {
+ HTTP_FLAG_TRY_PROXY = 1,
+ HTTP_FLAG_NO_SHUTDOWN = 2,
+ HTTP_FLAG_LOG_RESP = 4,
+ HTTP_FLAG_NEED_HEADER = 8
+ };
+
+struct http_context_s;
+typedef struct http_context_s *http_t;
+
+void http_register_tls_callback (gpg_error_t (*cb) (http_t, void *, int));
+
+gpg_error_t http_parse_uri (parsed_uri_t *ret_uri, const char *uri);
+
+void http_release_parsed_uri (parsed_uri_t uri);
+
+gpg_error_t http_open (http_t *r_hd, http_req_t reqtype,
+ const char *url,
+ const char *auth,
+ unsigned int flags,
+ const char *proxy,
+ void *tls_context,
+ const char *srvtag,
+ strlist_t headers);
+
+void http_start_data (http_t hd);
+
+gpg_error_t http_wait_response (http_t hd);
+
+void http_close (http_t hd, int keep_read_stream);
+
+gpg_error_t http_open_document (http_t *r_hd,
+ const char *document,
+ const char *auth,
+ unsigned int flags,
+ const char *proxy,
+ void *tls_context,
+ const char *srvtag,
+ strlist_t headers);
+
+#ifdef HTTP_USE_ESTREAM
+estream_t http_get_read_ptr (http_t hd);
+estream_t http_get_write_ptr (http_t hd);
+#else /*!HTTP_USE_ESTREAM*/
+FILE *http_get_read_ptr (http_t hd);
+FILE *http_get_write_ptr (http_t hd);
+#endif /*!HTTP_USE_ESTREAM*/
+unsigned int http_get_status_code (http_t hd);
+const char *http_get_header (http_t hd, const char *name);
+
+char *http_escape_string (const char *string, const char *specials);
+
+
+#endif /*GNUPG_COMMON_HTTP_H*/
diff --git a/common/i18n.c b/common/i18n.c
new file mode 100644
index 0000000..db5ddf5
--- /dev/null
+++ b/common/i18n.c
@@ -0,0 +1,107 @@
+/* i18n.c - gettext initialization
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#ifdef HAVE_LOCALE_H
+#include <locale.h>
+#endif
+#ifdef HAVE_LANGINFO_CODESET
+#include <langinfo.h>
+#endif
+
+#include "util.h"
+#include "i18n.h"
+
+
+void
+i18n_init (void)
+{
+#ifdef USE_SIMPLE_GETTEXT
+ bindtextdomain (PACKAGE_GT, gnupg_localedir ());
+#else
+# ifdef ENABLE_NLS
+ setlocale (LC_ALL, "" );
+ bindtextdomain (PACKAGE_GT, LOCALEDIR);
+ textdomain (PACKAGE_GT);
+# endif
+#endif
+}
+
+
+/* The Assuan agent protocol requires us to transmit utf-8 strings
+ thus we need a way to temporary switch gettext from native to
+ utf8. */
+char *
+i18n_switchto_utf8 (void)
+{
+#ifdef USE_SIMPLE_GETTEXT
+ gettext_select_utf8 (1);
+ return NULL;
+#elif defined(ENABLE_NLS)
+ char *orig_codeset = bind_textdomain_codeset (PACKAGE_GT, NULL);
+# ifdef HAVE_LANGINFO_CODESET
+ if (!orig_codeset)
+ orig_codeset = nl_langinfo (CODESET);
+# endif
+ if (orig_codeset)
+ { /* We only switch when we are able to restore the codeset later.
+ Note that bind_textdomain_codeset does only return on memory
+ errors but not if a codeset is not available. Thus we don't
+ bother printing a diagnostic here. */
+ orig_codeset = xstrdup (orig_codeset);
+ if (!bind_textdomain_codeset (PACKAGE_GT, "utf-8"))
+ {
+ xfree (orig_codeset);
+ orig_codeset = NULL;
+ }
+ }
+ return orig_codeset;
+#else
+ return NULL;
+#endif
+}
+
+/* Switch back to the saved codeset. */
+void
+i18n_switchback (char *saved_codeset)
+{
+#ifdef USE_SIMPLE_GETTEXT
+ (void)saved_codeset;
+ gettext_select_utf8 (0);
+#elif defined(ENABLE_NLS)
+ if (saved_codeset)
+ {
+ bind_textdomain_codeset (PACKAGE_GT, saved_codeset);
+ xfree (saved_codeset);
+ }
+#else
+ (void)saved_codeset;
+#endif
+}
+
+
+/* Gettext variant which temporary switches to utf-8 for string. */
+const char *
+i18n_utf8 (const char *string)
+{
+ char *saved = i18n_switchto_utf8 ();
+ const char *result = _(string);
+ i18n_switchback (saved);
+ return result;
+}
diff --git a/common/i18n.h b/common/i18n.h
new file mode 100644
index 0000000..7405f9a
--- /dev/null
+++ b/common/i18n.h
@@ -0,0 +1,47 @@
+/* i18n.h
+ * Copyright (C) 1998, 2001 Free Software Foundation, Inc.
+ *
+ * This file is free software; as a special exception the author gives
+ * unlimited permission to copy and/or distribute it, with or without
+ * modifications, as long as this notice is preserved.
+ *
+ * This file is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY, to the extent permitted by law; without even
+ * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE.
+ */
+
+#ifndef GNUPG_COMMON_I18N_H
+#define GNUPG_COMMON_I18N_H
+
+
+#ifdef USE_SIMPLE_GETTEXT
+# include "../jnlib/w32help.h"
+# define _(a) gettext (a)
+# define N_(a) (a)
+#else
+# ifdef HAVE_LOCALE_H
+# include <locale.h>
+# endif
+# ifdef ENABLE_NLS
+# include <libintl.h>
+# define _(a) gettext (a)
+# ifdef gettext_noop
+# define N_(a) gettext_noop (a)
+# else
+# define N_(a) (a)
+# endif
+# else
+# define _(a) (a)
+# define N_(a) (a)
+# define ngettext(a,b,c) ((c)==1? (a):(b))
+# endif
+#endif /*!USE_SIMPLE_GETTEXT*/
+
+void i18n_init (void);
+char *i18n_switchto_utf8 (void);
+void i18n_switchback (char *saved_codeset);
+const char *i18n_utf8 (const char *string);
+
+
+#endif /*GNUPG_COMMON_I18N_H*/
diff --git a/common/init.c b/common/init.c
new file mode 100644
index 0000000..5425ace
--- /dev/null
+++ b/common/init.c
@@ -0,0 +1,71 @@
+/* init.c - Various initializations
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#ifdef WITHOUT_GNU_PTH /* Give the Makefile a chance to build without Pth. */
+#undef HAVE_PTH
+#undef USE_GNU_PTH
+#endif
+
+#ifdef HAVE_W32_SYSTEM
+#include <windows.h>
+#endif
+#ifdef HAVE_PTH
+#include <pth.h>
+#endif
+
+#include "estream.h"
+#include "util.h"
+
+
+/* This function is to be used early at program startup to make sure
+ that some subsystems are initialized. This is in particular
+ important for W32 to initialize the sockets so that our socket
+ emulation code used directly as well as in libassuan may be used.
+ It should best be called before any I/O is done so that setup
+ required for logging is ready. CAUTION: This might be called while
+ running suid(root). */
+void
+init_common_subsystems (void)
+{
+ /* Try to auto set the character set. */
+ set_native_charset (NULL);
+
+#ifdef HAVE_W32_SYSTEM
+ /* For W32 we need to initialize the socket layer. This is because
+ we use recv and send in libassuan as well as at some other
+ places. If we are building with PTH we let pth_init do it. We
+ can't do much on error so we ignore them. An error would anyway
+ later pop up if one of the socket functions is used. */
+# ifdef HAVE_PTH
+ pth_init ();
+# else
+ {
+ WSADATA wsadat;
+
+ WSAStartup (0x202, &wsadat);
+ }
+# endif /*!HAVE_PTH*/
+#endif
+
+ /* Initialize the Estream library. */
+ es_init ();
+}
+
diff --git a/common/init.h b/common/init.h
new file mode 100644
index 0000000..14dfa7b
--- /dev/null
+++ b/common/init.h
@@ -0,0 +1,26 @@
+/* init.h - Definitions for init fucntions.
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_INIT_H
+#define GNUPG_COMMON_INIT_H
+
+void init_common_subsystems (void);
+
+
+#endif /*GNUPG_COMMON_INIT_H*/
diff --git a/common/iobuf.c b/common/iobuf.c
new file mode 100644
index 0000000..04b17ff
--- /dev/null
+++ b/common/iobuf.c
@@ -0,0 +1,2595 @@
+/* iobuf.c - File Handling for OpenPGP.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2006,
+ * 2007, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <ctype.h>
+#include <assert.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#ifdef HAVE_W32_SYSTEM
+# include <windows.h>
+#endif
+#ifdef __riscos__
+# include <kernel.h>
+# include <swis.h>
+#endif /* __riscos__ */
+
+#include "util.h"
+#include "sysutils.h"
+#include "iobuf.h"
+
+/*-- Begin configurable part. --*/
+
+/* The size of the internal buffers.
+ NOTE: If you change this value you MUST also adjust the regression
+ test "armored_key_8192" in armor.test! */
+#define IOBUF_BUFFER_SIZE 8192
+
+/* We don't want to use the STDIO based backend. If you change this
+ be aware that there is no fsync support for the stdio backend. */
+#undef FILE_FILTER_USES_STDIO
+
+/*-- End configurable part. --*/
+
+
+/* Under W32 the default is to use the setmode call. Define a macro
+ which allows us to enable this call. */
+#ifdef HAVE_W32_SYSTEM
+# define USE_SETMODE 1
+#endif /*HAVE_W32_SYSTEM*/
+
+
+/* Definition of constants and macros used by our file filter
+ implementation. What we define here are 3 macros to make the
+ appropriate calls:
+
+ my_fileno
+ Is expanded to fileno(a) if using a stdion backend and to a if we
+ are using the low-level backend.
+
+ my_fopen
+ Is defined to fopen for the stdio backend and to direct_open if
+ we are using the low-evel backend.
+
+ my_fopen_ro
+ Is defined to fopen for the stdio backend and to fd_cache_open if
+ we are using the low-evel backend.
+
+ fp_or_fd_t
+ Is the type we use for the backend stream or file descriptor.
+
+ INVALID_FP, FILEP_OR_FD_FOR_STDIN, FILEP_OR_FD_FOR_STDOUT
+ Are macros defined depending on the used backend.
+
+*/
+#ifdef FILE_FILTER_USES_STDIO
+# define my_fileno(a) fileno ((a))
+# define my_fopen_ro(a,b) fopen ((a),(b))
+# define my_fopen(a,b) fopen ((a),(b))
+ typedef FILE *fp_or_fd_t;
+# define INVALID_FP NULL
+# define FILEP_OR_FD_FOR_STDIN (stdin)
+# define FILEP_OR_FD_FOR_STDOUT (stdout)
+#else /*!FILE_FILTER_USES_STDIO*/
+# define my_fopen_ro(a,b) fd_cache_open ((a),(b))
+# define my_fopen(a,b) direct_open ((a),(b))
+# ifdef HAVE_W32_SYSTEM
+ /* (We assume that a HANDLE first into an int.) */
+# define my_fileno(a) ((int)(a))
+ typedef HANDLE fp_or_fd_t;
+# define INVALID_FP ((HANDLE)-1)
+# define FILEP_OR_FD_FOR_STDIN (GetStdHandle (STD_INPUT_HANDLE))
+# define FILEP_OR_FD_FOR_STDOUT (GetStdHandle (STD_OUTPUT_HANDLE))
+# undef USE_SETMODE
+# else /*!HAVE_W32_SYSTEM*/
+# define my_fileno(a) (a)
+ typedef int fp_or_fd_t;
+# define INVALID_FP (-1)
+# define FILEP_OR_FD_FOR_STDIN (0)
+# define FILEP_OR_FD_FOR_STDOUT (1)
+# endif /*!HAVE_W32_SYSTEM*/
+#endif /*!FILE_FILTER_USES_STDIO*/
+
+/* The context used by the file filter. */
+typedef struct
+{
+ fp_or_fd_t fp; /* Open file pointer or handle. */
+ int keep_open;
+ int no_cache;
+ int eof_seen;
+ int print_only_name; /* Flags indicating that fname is not a real file. */
+ char fname[1]; /* Name of the file. */
+}
+file_filter_ctx_t;
+
+
+/* If we are not using stdio as the backend we make use of a "close
+ cache". */
+#ifndef FILE_FILTER_USES_STDIO
+struct close_cache_s
+{
+ struct close_cache_s *next;
+ fp_or_fd_t fp;
+ char fname[1];
+};
+typedef struct close_cache_s *close_cache_t;
+static close_cache_t close_cache;
+#endif /*!FILE_FILTER_USES_STDIO*/
+
+
+
+#ifdef HAVE_W32_SYSTEM
+typedef struct
+{
+ int sock;
+ int keep_open;
+ int no_cache;
+ int eof_seen;
+ int print_only_name; /* Flag indicating that fname is not a real file. */
+ char fname[1]; /* Name of the file */
+}
+sock_filter_ctx_t;
+#endif /*HAVE_W32_SYSTEM*/
+
+/* The first partial length header block must be of size 512
+ * to make it easier (and efficienter) we use a min. block size of 512
+ * for all chunks (but the last one) */
+#define OP_MIN_PARTIAL_CHUNK 512
+#define OP_MIN_PARTIAL_CHUNK_2POW 9
+
+/* The context we use for the block filter (used to handle OpenPGP
+ length information header). */
+typedef struct
+{
+ int use;
+ size_t size;
+ size_t count;
+ int partial; /* 1 = partial header, 2 in last partial packet. */
+ char *buffer; /* Used for partial header. */
+ size_t buflen; /* Used size of buffer. */
+ int first_c; /* First character of a partial header (which is > 0). */
+ int eof;
+}
+block_filter_ctx_t;
+
+
+/* Global flag to tell whether special file names are enabled. See
+ gpg.c for an explanation of these file names. FIXME: it does not
+ belong into the iobuf subsystem. */
+static int special_names_enabled;
+
+/* Local prototypes. */
+static int underflow (iobuf_t a);
+static int translate_file_handle (int fd, int for_write);
+
+
+
+#ifndef FILE_FILTER_USES_STDIO
+/* This is a replacement for strcmp. Under W32 it does not
+ distinguish between backslash and slash. */
+static int
+fd_cache_strcmp (const char *a, const char *b)
+{
+#ifdef HAVE_DOSISH_SYSTEM
+ for (; *a && *b; a++, b++)
+ {
+ if (*a != *b && !((*a == '/' && *b == '\\')
+ || (*a == '\\' && *b == '/')) )
+ break;
+ }
+ return *(const unsigned char *)a - *(const unsigned char *)b;
+#else
+ return strcmp (a, b);
+#endif
+}
+
+/*
+ * Invalidate (i.e. close) a cached iobuf
+ */
+static int
+fd_cache_invalidate (const char *fname)
+{
+ close_cache_t cc;
+ int rc = 0;
+
+ assert (fname);
+ if (DBG_IOBUF)
+ log_debug ("fd_cache_invalidate (%s)\n", fname);
+
+ for (cc = close_cache; cc; cc = cc->next)
+ {
+ if (cc->fp != INVALID_FP && !fd_cache_strcmp (cc->fname, fname))
+ {
+ if (DBG_IOBUF)
+ log_debug (" did (%s)\n", cc->fname);
+#ifdef HAVE_W32_SYSTEM
+ if (!CloseHandle (cc->fp))
+ rc = -1;
+#else
+ rc = close (cc->fp);
+#endif
+ cc->fp = INVALID_FP;
+ }
+ }
+ return rc;
+}
+
+
+/* Try to sync changes to the disk. This is to avoid data loss during
+ a system crash in write/close/rename cycle on some file
+ systems. */
+static int
+fd_cache_synchronize (const char *fname)
+{
+ int err = 0;
+
+#ifdef HAVE_FSYNC
+ close_cache_t cc;
+
+ if (DBG_IOBUF)
+ log_debug ("fd_cache_synchronize (%s)\n", fname);
+
+ for (cc=close_cache; cc; cc = cc->next )
+ {
+ if (cc->fp != INVALID_FP && !fd_cache_strcmp (cc->fname, fname))
+ {
+ if (DBG_IOBUF)
+ log_debug (" did (%s)\n", cc->fname);
+
+ err = fsync (cc->fp);
+ }
+ }
+#else
+ (void)fname;
+#endif /*HAVE_FSYNC*/
+
+ return err;
+}
+
+
+static fp_or_fd_t
+direct_open (const char *fname, const char *mode)
+{
+#ifdef HAVE_W32_SYSTEM
+ unsigned long da, cd, sm;
+ HANDLE hfile;
+
+ /* Note, that we do not handle all mode combinations */
+
+ /* According to the ReactOS source it seems that open() of the
+ * standard MSW32 crt does open the file in shared mode which is
+ * something new for MS applications ;-)
+ */
+ if (strchr (mode, '+'))
+ {
+ if (fd_cache_invalidate (fname))
+ return INVALID_FP;
+ da = GENERIC_READ | GENERIC_WRITE;
+ cd = OPEN_EXISTING;
+ sm = FILE_SHARE_READ | FILE_SHARE_WRITE;
+ }
+ else if (strchr (mode, 'w'))
+ {
+ if (fd_cache_invalidate (fname))
+ return INVALID_FP;
+ da = GENERIC_WRITE;
+ cd = CREATE_ALWAYS;
+ sm = FILE_SHARE_WRITE;
+ }
+ else
+ {
+ da = GENERIC_READ;
+ cd = OPEN_EXISTING;
+ sm = FILE_SHARE_READ;
+ }
+
+ hfile = CreateFile (fname, da, sm, NULL, cd, FILE_ATTRIBUTE_NORMAL, NULL);
+ return hfile;
+#else /*!HAVE_W32_SYSTEM*/
+ int oflag;
+ int cflag = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
+
+ /* Note, that we do not handle all mode combinations */
+ if (strchr (mode, '+'))
+ {
+ if (fd_cache_invalidate (fname))
+ return INVALID_FP;
+ oflag = O_RDWR;
+ }
+ else if (strchr (mode, 'w'))
+ {
+ if (fd_cache_invalidate (fname))
+ return INVALID_FP;
+ oflag = O_WRONLY | O_CREAT | O_TRUNC;
+ }
+ else
+ {
+ oflag = O_RDONLY;
+ }
+#ifdef O_BINARY
+ if (strchr (mode, 'b'))
+ oflag |= O_BINARY;
+#endif
+ /* No we need to distinguish between POSIX and RISC OS. */
+#ifndef __riscos__
+ return open (fname, oflag, cflag);
+#else
+ {
+ struct stat buf;
+ int rc = stat (fname, &buf);
+
+ /* Don't allow iobufs on directories */
+ if (!rc && S_ISDIR (buf.st_mode) && !S_ISREG (buf.st_mode))
+ return __set_errno (EISDIR);
+ else
+ return open (fname, oflag, cflag);
+ }
+#endif
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+
+/*
+ * Instead of closing an FD we keep it open and cache it for later reuse
+ * Note that this caching strategy only works if the process does not chdir.
+ */
+static void
+fd_cache_close (const char *fname, fp_or_fd_t fp)
+{
+ close_cache_t cc;
+
+ assert (fp);
+ if (!fname || !*fname)
+ {
+#ifdef HAVE_W32_SYSTEM
+ CloseHandle (fp);
+#else
+ close (fp);
+#endif
+ if (DBG_IOBUF)
+ log_debug ("fd_cache_close (%d) real\n", (int)fp);
+ return;
+ }
+ /* try to reuse a slot */
+ for (cc = close_cache; cc; cc = cc->next)
+ {
+ if (cc->fp == INVALID_FP && !fd_cache_strcmp (cc->fname, fname))
+ {
+ cc->fp = fp;
+ if (DBG_IOBUF)
+ log_debug ("fd_cache_close (%s) used existing slot\n", fname);
+ return;
+ }
+ }
+ /* add a new one */
+ if (DBG_IOBUF)
+ log_debug ("fd_cache_close (%s) new slot created\n", fname);
+ cc = xcalloc (1, sizeof *cc + strlen (fname));
+ strcpy (cc->fname, fname);
+ cc->fp = fp;
+ cc->next = close_cache;
+ close_cache = cc;
+}
+
+/*
+ * Do an direct_open on FNAME but first try to reuse one from the fd_cache
+ */
+static fp_or_fd_t
+fd_cache_open (const char *fname, const char *mode)
+{
+ close_cache_t cc;
+
+ assert (fname);
+ for (cc = close_cache; cc; cc = cc->next)
+ {
+ if (cc->fp != INVALID_FP && !fd_cache_strcmp (cc->fname, fname))
+ {
+ fp_or_fd_t fp = cc->fp;
+ cc->fp = INVALID_FP;
+ if (DBG_IOBUF)
+ log_debug ("fd_cache_open (%s) using cached fp\n", fname);
+#ifdef HAVE_W32_SYSTEM
+ if (SetFilePointer (fp, 0, NULL, FILE_BEGIN) == 0xffffffff)
+ {
+ log_error ("rewind file failed on handle %p: ec=%d\n",
+ fp, (int) GetLastError ());
+ fp = INVALID_FP;
+ }
+#else
+ if (lseek (fp, 0, SEEK_SET) == (off_t) - 1)
+ {
+ log_error ("can't rewind fd %d: %s\n", fp, strerror (errno));
+ fp = INVALID_FP;
+ }
+#endif
+ return fp;
+ }
+ }
+ if (DBG_IOBUF)
+ log_debug ("fd_cache_open (%s) not cached\n", fname);
+ return direct_open (fname, mode);
+}
+
+#endif /*FILE_FILTER_USES_STDIO */
+
+
+/****************
+ * Read data from a file into buf which has an allocated length of *LEN.
+ * return the number of read bytes in *LEN. OPAQUE is the FILE * of
+ * the stream. A is not used.
+ * control may be:
+ * IOBUFCTRL_INIT: called just before the function is linked into the
+ * list of function. This can be used to prepare internal
+ * data structures of the function.
+ * IOBUFCTRL_FREE: called just before the function is removed from the
+ * list of functions and can be used to release internal
+ * data structures or close a file etc.
+ * IOBUFCTRL_UNDERFLOW: called by iobuf_underflow to fill the buffer
+ * with new stuff. *RET_LEN is the available size of the
+ * buffer, and should be set to the number of bytes
+ * which were put into the buffer. The function
+ * returns 0 to indicate success, -1 on EOF and
+ * GPG_ERR_xxxxx for other errors.
+ *
+ * IOBUFCTRL_FLUSH: called by iobuf_flush() to write out the collected stuff.
+ * *RET_LAN is the number of bytes in BUF.
+ *
+ * IOBUFCTRL_CANCEL: send to all filters on behalf of iobuf_cancel. The
+ * filter may take appropriate action on this message.
+ */
+static int
+file_filter (void *opaque, int control, iobuf_t chain, byte * buf,
+ size_t * ret_len)
+{
+ file_filter_ctx_t *a = opaque;
+ fp_or_fd_t f = a->fp;
+ size_t size = *ret_len;
+ size_t nbytes = 0;
+ int rc = 0;
+
+ (void)chain; /* Not used. */
+
+#ifdef FILE_FILTER_USES_STDIO
+ if (control == IOBUFCTRL_UNDERFLOW)
+ {
+ assert (size); /* We need a buffer. */
+ if (feof (f))
+ {
+ /* On terminals you could easily read as many EOFs as you
+ call fread() or fgetc() repeatly. Every call will block
+ until you press CTRL-D. So we catch this case before we
+ call fread() again. */
+ rc = -1;
+ *ret_len = 0;
+ }
+ else
+ {
+ clearerr (f);
+ nbytes = fread (buf, 1, size, f);
+ if (feof (f) && !nbytes)
+ {
+ rc = -1; /* Okay: we can return EOF now. */
+ }
+ else if (ferror (f) && errno != EPIPE)
+ {
+ rc = gpg_error_from_syserror ();
+ log_error ("%s: read error: %s\n", a->fname, strerror (errno));
+ }
+ *ret_len = nbytes;
+ }
+ }
+ else if (control == IOBUFCTRL_FLUSH)
+ {
+ if (size)
+ {
+ clearerr (f);
+ nbytes = fwrite (buf, 1, size, f);
+ if (ferror (f))
+ {
+ rc = gpg_error_from_syserror ();
+ log_error ("%s: write error: %s\n", a->fname, strerror (errno));
+ }
+ }
+ *ret_len = nbytes;
+ }
+ else if (control == IOBUFCTRL_INIT)
+ {
+ a->keep_open = a->no_cache = 0;
+ }
+ else if (control == IOBUFCTRL_DESC)
+ {
+ *(char **) buf = "file_filter";
+ }
+ else if (control == IOBUFCTRL_FREE)
+ {
+ if (f != stdin && f != stdout)
+ {
+ if (DBG_IOBUF)
+ log_debug ("%s: close fd %d\n", a->fname, fileno (f));
+ if (!a->keep_open)
+ fclose (f);
+ }
+ f = NULL;
+ xfree (a); /* We can free our context now. */
+ }
+#else /* !stdio implementation */
+
+ if (control == IOBUFCTRL_UNDERFLOW)
+ {
+ assert (size); /* We need a buffer. */
+ if (a->eof_seen)
+ {
+ rc = -1;
+ *ret_len = 0;
+ }
+ else
+ {
+#ifdef HAVE_W32_SYSTEM
+ unsigned long nread;
+
+ nbytes = 0;
+ if (!ReadFile (f, buf, size, &nread, NULL))
+ {
+ int ec = (int) GetLastError ();
+ if (ec != ERROR_BROKEN_PIPE)
+ {
+ rc = gpg_error_from_errno (ec);
+ log_error ("%s: read error: ec=%d\n", a->fname, ec);
+ }
+ }
+ else if (!nread)
+ {
+ a->eof_seen = 1;
+ rc = -1;
+ }
+ else
+ {
+ nbytes = nread;
+ }
+
+#else
+
+ int n;
+
+ nbytes = 0;
+ do
+ {
+ n = read (f, buf, size);
+ }
+ while (n == -1 && errno == EINTR);
+ if (n == -1)
+ { /* error */
+ if (errno != EPIPE)
+ {
+ rc = gpg_error_from_syserror ();
+ log_error ("%s: read error: %s\n",
+ a->fname, strerror (errno));
+ }
+ }
+ else if (!n)
+ { /* eof */
+ a->eof_seen = 1;
+ rc = -1;
+ }
+ else
+ {
+ nbytes = n;
+ }
+#endif
+ *ret_len = nbytes;
+ }
+ }
+ else if (control == IOBUFCTRL_FLUSH)
+ {
+ if (size)
+ {
+#ifdef HAVE_W32_SYSTEM
+ byte *p = buf;
+ unsigned long n;
+
+ nbytes = size;
+ do
+ {
+ if (size && !WriteFile (f, p, nbytes, &n, NULL))
+ {
+ int ec = (int) GetLastError ();
+ rc = gpg_error_from_errno (ec);
+ log_error ("%s: write error: ec=%d\n", a->fname, ec);
+ break;
+ }
+ p += n;
+ nbytes -= n;
+ }
+ while (nbytes);
+ nbytes = p - buf;
+#else
+ byte *p = buf;
+ int n;
+
+ nbytes = size;
+ do
+ {
+ do
+ {
+ n = write (f, p, nbytes);
+ }
+ while (n == -1 && errno == EINTR);
+ if (n > 0)
+ {
+ p += n;
+ nbytes -= n;
+ }
+ }
+ while (n != -1 && nbytes);
+ if (n == -1)
+ {
+ rc = gpg_error_from_syserror ();
+ log_error ("%s: write error: %s\n", a->fname, strerror (errno));
+ }
+ nbytes = p - buf;
+#endif
+ }
+ *ret_len = nbytes;
+ }
+ else if (control == IOBUFCTRL_INIT)
+ {
+ a->eof_seen = 0;
+ a->keep_open = 0;
+ a->no_cache = 0;
+ }
+ else if (control == IOBUFCTRL_DESC)
+ {
+ *(char **) buf = "file_filter(fd)";
+ }
+ else if (control == IOBUFCTRL_FREE)
+ {
+#ifdef HAVE_W32_SYSTEM
+ if (f != FILEP_OR_FD_FOR_STDIN && f != FILEP_OR_FD_FOR_STDOUT)
+ {
+ if (DBG_IOBUF)
+ log_debug ("%s: close handle %p\n", a->fname, f);
+ if (!a->keep_open)
+ fd_cache_close (a->no_cache ? NULL : a->fname, f);
+ }
+#else
+ if ((int) f != 0 && (int) f != 1)
+ {
+ if (DBG_IOBUF)
+ log_debug ("%s: close fd %d\n", a->fname, f);
+ if (!a->keep_open)
+ fd_cache_close (a->no_cache ? NULL : a->fname, f);
+ }
+ f = INVALID_FP;
+#endif
+ xfree (a); /* We can free our context now. */
+ }
+#endif /* !stdio implementation. */
+ return rc;
+}
+
+
+#ifdef HAVE_W32_SYSTEM
+/* Because network sockets are special objects under Lose32 we have to
+ use a dedicated filter for them. */
+static int
+sock_filter (void *opaque, int control, iobuf_t chain, byte * buf,
+ size_t * ret_len)
+{
+ sock_filter_ctx_t *a = opaque;
+ size_t size = *ret_len;
+ size_t nbytes = 0;
+ int rc = 0;
+
+ (void)chain;
+
+ if (control == IOBUFCTRL_UNDERFLOW)
+ {
+ assert (size); /* need a buffer */
+ if (a->eof_seen)
+ {
+ rc = -1;
+ *ret_len = 0;
+ }
+ else
+ {
+ int nread;
+
+ nread = recv (a->sock, buf, size, 0);
+ if (nread == SOCKET_ERROR)
+ {
+ int ec = (int) WSAGetLastError ();
+ rc = gpg_error_from_errno (ec);
+ log_error ("socket read error: ec=%d\n", ec);
+ }
+ else if (!nread)
+ {
+ a->eof_seen = 1;
+ rc = -1;
+ }
+ else
+ {
+ nbytes = nread;
+ }
+ *ret_len = nbytes;
+ }
+ }
+ else if (control == IOBUFCTRL_FLUSH)
+ {
+ if (size)
+ {
+ byte *p = buf;
+ int n;
+
+ nbytes = size;
+ do
+ {
+ n = send (a->sock, p, nbytes, 0);
+ if (n == SOCKET_ERROR)
+ {
+ int ec = (int) WSAGetLastError ();
+ rc = gpg_error_from_errno (ec);
+ log_error ("socket write error: ec=%d\n", ec);
+ break;
+ }
+ p += n;
+ nbytes -= n;
+ }
+ while (nbytes);
+ nbytes = p - buf;
+ }
+ *ret_len = nbytes;
+ }
+ else if (control == IOBUFCTRL_INIT)
+ {
+ a->eof_seen = 0;
+ a->keep_open = 0;
+ a->no_cache = 0;
+ }
+ else if (control == IOBUFCTRL_DESC)
+ {
+ *(char **) buf = "sock_filter";
+ }
+ else if (control == IOBUFCTRL_FREE)
+ {
+ if (!a->keep_open)
+ closesocket (a->sock);
+ xfree (a); /* we can free our context now */
+ }
+ return rc;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+/****************
+ * This is used to implement the block write mode.
+ * Block reading is done on a byte by byte basis in readbyte(),
+ * without a filter
+ */
+static int
+block_filter (void *opaque, int control, iobuf_t chain, byte * buffer,
+ size_t * ret_len)
+{
+ block_filter_ctx_t *a = opaque;
+ char *buf = (char *)buffer;
+ size_t size = *ret_len;
+ int c, needed, rc = 0;
+ char *p;
+
+ if (control == IOBUFCTRL_UNDERFLOW)
+ {
+ size_t n = 0;
+
+ p = buf;
+ assert (size); /* need a buffer */
+ if (a->eof) /* don't read any further */
+ rc = -1;
+ while (!rc && size)
+ {
+ if (!a->size)
+ { /* get the length bytes */
+ if (a->partial == 2)
+ {
+ a->eof = 1;
+ if (!n)
+ rc = -1;
+ break;
+ }
+ else if (a->partial)
+ {
+ /* These OpenPGP introduced huffman like encoded length
+ * bytes are really a mess :-( */
+ if (a->first_c)
+ {
+ c = a->first_c;
+ a->first_c = 0;
+ }
+ else if ((c = iobuf_get (chain)) == -1)
+ {
+ log_error ("block_filter: 1st length byte missing\n");
+ rc = GPG_ERR_BAD_DATA;
+ break;
+ }
+ if (c < 192)
+ {
+ a->size = c;
+ a->partial = 2;
+ if (!a->size)
+ {
+ a->eof = 1;
+ if (!n)
+ rc = -1;
+ break;
+ }
+ }
+ else if (c < 224)
+ {
+ a->size = (c - 192) * 256;
+ if ((c = iobuf_get (chain)) == -1)
+ {
+ log_error
+ ("block_filter: 2nd length byte missing\n");
+ rc = GPG_ERR_BAD_DATA;
+ break;
+ }
+ a->size += c + 192;
+ a->partial = 2;
+ if (!a->size)
+ {
+ a->eof = 1;
+ if (!n)
+ rc = -1;
+ break;
+ }
+ }
+ else if (c == 255)
+ {
+ a->size = iobuf_get (chain) << 24;
+ a->size |= iobuf_get (chain) << 16;
+ a->size |= iobuf_get (chain) << 8;
+ if ((c = iobuf_get (chain)) == -1)
+ {
+ log_error ("block_filter: invalid 4 byte length\n");
+ rc = GPG_ERR_BAD_DATA;
+ break;
+ }
+ a->size |= c;
+ a->partial = 2;
+ if (!a->size)
+ {
+ a->eof = 1;
+ if (!n)
+ rc = -1;
+ break;
+ }
+ }
+ else
+ { /* Next partial body length. */
+ a->size = 1 << (c & 0x1f);
+ }
+ /* log_debug("partial: ctx=%p c=%02x size=%u\n", a, c, a->size); */
+ }
+ else
+ BUG ();
+ }
+
+ while (!rc && size && a->size)
+ {
+ needed = size < a->size ? size : a->size;
+ c = iobuf_read (chain, p, needed);
+ if (c < needed)
+ {
+ if (c == -1)
+ c = 0;
+ log_error
+ ("block_filter %p: read error (size=%lu,a->size=%lu)\n",
+ a, (ulong) size + c, (ulong) a->size + c);
+ rc = GPG_ERR_BAD_DATA;
+ }
+ else
+ {
+ size -= c;
+ a->size -= c;
+ p += c;
+ n += c;
+ }
+ }
+ }
+ *ret_len = n;
+ }
+ else if (control == IOBUFCTRL_FLUSH)
+ {
+ if (a->partial)
+ { /* the complicated openpgp scheme */
+ size_t blen, n, nbytes = size + a->buflen;
+
+ assert (a->buflen <= OP_MIN_PARTIAL_CHUNK);
+ if (nbytes < OP_MIN_PARTIAL_CHUNK)
+ {
+ /* not enough to write a partial block out; so we store it */
+ if (!a->buffer)
+ a->buffer = xmalloc (OP_MIN_PARTIAL_CHUNK);
+ memcpy (a->buffer + a->buflen, buf, size);
+ a->buflen += size;
+ }
+ else
+ { /* okay, we can write out something */
+ /* do this in a loop to use the most efficient block lengths */
+ p = buf;
+ do
+ {
+ /* find the best matching block length - this is limited
+ * by the size of the internal buffering */
+ for (blen = OP_MIN_PARTIAL_CHUNK * 2,
+ c = OP_MIN_PARTIAL_CHUNK_2POW + 1; blen <= nbytes;
+ blen *= 2, c++)
+ ;
+ blen /= 2;
+ c--;
+ /* write the partial length header */
+ assert (c <= 0x1f); /*;-) */
+ c |= 0xe0;
+ iobuf_put (chain, c);
+ if ((n = a->buflen))
+ { /* write stuff from the buffer */
+ assert (n == OP_MIN_PARTIAL_CHUNK);
+ if (iobuf_write (chain, a->buffer, n))
+ rc = gpg_error_from_syserror ();
+ a->buflen = 0;
+ nbytes -= n;
+ }
+ if ((n = nbytes) > blen)
+ n = blen;
+ if (n && iobuf_write (chain, p, n))
+ rc = gpg_error_from_syserror ();
+ p += n;
+ nbytes -= n;
+ }
+ while (!rc && nbytes >= OP_MIN_PARTIAL_CHUNK);
+ /* store the rest in the buffer */
+ if (!rc && nbytes)
+ {
+ assert (!a->buflen);
+ assert (nbytes < OP_MIN_PARTIAL_CHUNK);
+ if (!a->buffer)
+ a->buffer = xmalloc (OP_MIN_PARTIAL_CHUNK);
+ memcpy (a->buffer, p, nbytes);
+ a->buflen = nbytes;
+ }
+ }
+ }
+ else
+ BUG ();
+ }
+ else if (control == IOBUFCTRL_INIT)
+ {
+ if (DBG_IOBUF)
+ log_debug ("init block_filter %p\n", a);
+ if (a->partial)
+ a->count = 0;
+ else if (a->use == 1)
+ a->count = a->size = 0;
+ else
+ a->count = a->size; /* force first length bytes */
+ a->eof = 0;
+ a->buffer = NULL;
+ a->buflen = 0;
+ }
+ else if (control == IOBUFCTRL_DESC)
+ {
+ *(char **) buf = "block_filter";
+ }
+ else if (control == IOBUFCTRL_FREE)
+ {
+ if (a->use == 2)
+ { /* write the end markers */
+ if (a->partial)
+ {
+ u32 len;
+ /* write out the remaining bytes without a partial header
+ * the length of this header may be 0 - but if it is
+ * the first block we are not allowed to use a partial header
+ * and frankly we can't do so, because this length must be
+ * a power of 2. This is _really_ complicated because we
+ * have to check the possible length of a packet prior
+ * to it's creation: a chain of filters becomes complicated
+ * and we need a lot of code to handle compressed packets etc.
+ * :-(((((((
+ */
+ /* construct header */
+ len = a->buflen;
+ /*log_debug("partial: remaining length=%u\n", len ); */
+ if (len < 192)
+ rc = iobuf_put (chain, len);
+ else if (len < 8384)
+ {
+ if (!(rc = iobuf_put (chain, ((len - 192) / 256) + 192)))
+ rc = iobuf_put (chain, ((len - 192) % 256));
+ }
+ else
+ { /* use a 4 byte header */
+ if (!(rc = iobuf_put (chain, 0xff)))
+ if (!(rc = iobuf_put (chain, (len >> 24) & 0xff)))
+ if (!(rc = iobuf_put (chain, (len >> 16) & 0xff)))
+ if (!(rc = iobuf_put (chain, (len >> 8) & 0xff)))
+ rc = iobuf_put (chain, len & 0xff);
+ }
+ if (!rc && len)
+ rc = iobuf_write (chain, a->buffer, len);
+ if (rc)
+ {
+ log_error ("block_filter: write error: %s\n",
+ strerror (errno));
+ rc = gpg_error_from_syserror ();
+ }
+ xfree (a->buffer);
+ a->buffer = NULL;
+ a->buflen = 0;
+ }
+ else
+ BUG ();
+ }
+ else if (a->size)
+ {
+ log_error ("block_filter: pending bytes!\n");
+ }
+ if (DBG_IOBUF)
+ log_debug ("free block_filter %p\n", a);
+ xfree (a); /* we can free our context now */
+ }
+
+ return rc;
+}
+
+
+static void
+print_chain (iobuf_t a)
+{
+ if (!DBG_IOBUF)
+ return;
+ for (; a; a = a->chain)
+ {
+ size_t dummy_len = 0;
+ const char *desc = "[none]";
+
+ if (a->filter)
+ a->filter (a->filter_ov, IOBUFCTRL_DESC, NULL,
+ (byte *) & desc, &dummy_len);
+
+ log_debug ("iobuf chain: %d.%d `%s' filter_eof=%d start=%d len=%d\n",
+ a->no, a->subno, desc?desc:"?", a->filter_eof,
+ (int) a->d.start, (int) a->d.len);
+ }
+}
+
+int
+iobuf_print_chain (iobuf_t a)
+{
+ print_chain (a);
+ return 0;
+}
+
+/****************
+ * Allocate a new io buffer, with no function assigned.
+ * Use is the desired usage: 1 for input, 2 for output, 3 for temp buffer
+ * BUFSIZE is a suggested buffer size.
+ */
+iobuf_t
+iobuf_alloc (int use, size_t bufsize)
+{
+ iobuf_t a;
+ static int number = 0;
+
+ a = xcalloc (1, sizeof *a);
+ a->use = use;
+ a->d.buf = xmalloc (bufsize);
+ a->d.size = bufsize;
+ a->no = ++number;
+ a->subno = 0;
+ a->opaque = NULL;
+ a->real_fname = NULL;
+ return a;
+}
+
+int
+iobuf_close (iobuf_t a)
+{
+ iobuf_t a2;
+ size_t dummy_len = 0;
+ int rc = 0;
+
+ if (a && a->directfp)
+ {
+ fclose (a->directfp);
+ xfree (a->real_fname);
+ if (DBG_IOBUF)
+ log_debug ("iobuf_close -> %p\n", a->directfp);
+ return 0;
+ }
+
+ for (; a && !rc; a = a2)
+ {
+ a2 = a->chain;
+ if (a->use == 2 && (rc = iobuf_flush (a)))
+ log_error ("iobuf_flush failed on close: %s\n", gpg_strerror (rc));
+
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: close `%s'\n", a->no, a->subno,
+ a->desc?a->desc:"?");
+ if (a->filter && (rc = a->filter (a->filter_ov, IOBUFCTRL_FREE,
+ a->chain, NULL, &dummy_len)))
+ log_error ("IOBUFCTRL_FREE failed on close: %s\n", gpg_strerror (rc));
+ xfree (a->real_fname);
+ if (a->d.buf)
+ {
+ memset (a->d.buf, 0, a->d.size); /* erase the buffer */
+ xfree (a->d.buf);
+ }
+ xfree (a);
+ }
+ return rc;
+}
+
+int
+iobuf_cancel (iobuf_t a)
+{
+ const char *s;
+ iobuf_t a2;
+ int rc;
+#if defined(HAVE_W32_SYSTEM) || defined(__riscos__)
+ char *remove_name = NULL;
+#endif
+
+ if (a && a->use == 2)
+ {
+ s = iobuf_get_real_fname (a);
+ if (s && *s)
+ {
+#if defined(HAVE_W32_SYSTEM) || defined(__riscos__)
+ remove_name = xstrdup (s);
+#else
+ remove (s);
+#endif
+ }
+ }
+
+ /* send a cancel message to all filters */
+ for (a2 = a; a2; a2 = a2->chain)
+ {
+ size_t dummy;
+ if (a2->filter)
+ a2->filter (a2->filter_ov, IOBUFCTRL_CANCEL, a2->chain, NULL, &dummy);
+ }
+
+ rc = iobuf_close (a);
+#if defined(HAVE_W32_SYSTEM) || defined(__riscos__)
+ if (remove_name)
+ {
+ /* Argg, MSDOS does not allow to remove open files. So
+ * we have to do it here */
+ remove (remove_name);
+ xfree (remove_name);
+ }
+#endif
+ return rc;
+}
+
+
+/****************
+ * create a temporary iobuf, which can be used to collect stuff
+ * in an iobuf and later be written by iobuf_write_temp() to another
+ * iobuf.
+ */
+iobuf_t
+iobuf_temp ()
+{
+ iobuf_t a;
+
+ a = iobuf_alloc (3, IOBUF_BUFFER_SIZE);
+
+ return a;
+}
+
+iobuf_t
+iobuf_temp_with_content (const char *buffer, size_t length)
+{
+ iobuf_t a;
+
+ a = iobuf_alloc (3, length);
+ memcpy (a->d.buf, buffer, length);
+ a->d.len = length;
+
+ return a;
+}
+
+void
+iobuf_enable_special_filenames (int yes)
+{
+ special_names_enabled = yes;
+}
+
+
+/* See whether the filename has the form "-&nnnn", where n is a
+ non-zero number. Returns this number or -1 if it is not the
+ case. */
+static int
+check_special_filename (const char *fname)
+{
+ if (special_names_enabled && fname && *fname == '-' && fname[1] == '&')
+ {
+ int i;
+
+ fname += 2;
+ for (i = 0; digitp (fname+i); i++)
+ ;
+ if (!fname[i])
+ return atoi (fname);
+ }
+ return -1;
+}
+
+
+/* This fucntion returns true if FNAME indicates a PIPE (stdout or
+ stderr) or a special file name if those are enabled. */
+int
+iobuf_is_pipe_filename (const char *fname)
+{
+ if (!fname || (*fname=='-' && !fname[1]) )
+ return 1;
+ return check_special_filename (fname) != -1;
+}
+
+
+/* Either open the file specified by the file descriptor FD or - if FD
+ is -1, the file with name FNAME. As of now MODE is assumed to be
+ "rb" if FNAME is used. In contrast to iobuf_fdopen the file
+ descriptor FD will not be closed during an iobuf_close. */
+iobuf_t
+iobuf_open_fd_or_name (gnupg_fd_t fd, const char *fname, const char *mode)
+{
+ iobuf_t a;
+
+ if (fd == -1)
+ a = iobuf_open (fname);
+ else
+ {
+ int fd2;
+
+ fd2 = dup (fd);
+ if (fd2 == -1)
+ a = NULL;
+ else
+ a = iobuf_fdopen (fd2, mode);
+ }
+ return a;
+}
+
+
+/****************
+ * Create a head iobuf for reading from a file
+ * returns: NULL if an error occures and sets errno
+ */
+iobuf_t
+iobuf_open (const char *fname)
+{
+ iobuf_t a;
+ fp_or_fd_t fp;
+ file_filter_ctx_t *fcx;
+ size_t len;
+ int print_only = 0;
+ int fd;
+
+ if (!fname || (*fname == '-' && !fname[1]))
+ {
+ fp = FILEP_OR_FD_FOR_STDIN;
+#ifdef USE_SETMODE
+ setmode (my_fileno (fp), O_BINARY);
+#endif
+ fname = "[stdin]";
+ print_only = 1;
+ }
+ else if ((fd = check_special_filename (fname)) != -1)
+ return iobuf_fdopen (translate_file_handle (fd, 0), "rb");
+ else if ((fp = my_fopen_ro (fname, "rb")) == INVALID_FP)
+ return NULL;
+ a = iobuf_alloc (1, IOBUF_BUFFER_SIZE);
+ fcx = xmalloc (sizeof *fcx + strlen (fname));
+ fcx->fp = fp;
+ fcx->print_only_name = print_only;
+ strcpy (fcx->fname, fname);
+ if (!print_only)
+ a->real_fname = xstrdup (fname);
+ a->filter = file_filter;
+ a->filter_ov = fcx;
+ file_filter (fcx, IOBUFCTRL_DESC, NULL, (byte *) & a->desc, &len);
+ file_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len);
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: open `%s' fd=%d\n",
+ a->no, a->subno, fname, (int) my_fileno (fcx->fp));
+
+ return a;
+}
+
+/****************
+ * Create a head iobuf for reading from a file
+ * returns: NULL if an error occures and sets errno
+ */
+iobuf_t
+iobuf_fdopen (int fd, const char *mode)
+{
+ iobuf_t a;
+ fp_or_fd_t fp;
+ file_filter_ctx_t *fcx;
+ size_t len;
+
+#ifdef FILE_FILTER_USES_STDIO
+ if (!(fp = fdopen (fd, mode)))
+ return NULL;
+#else
+ fp = (fp_or_fd_t) fd;
+#endif
+ a = iobuf_alloc (strchr (mode, 'w') ? 2 : 1, IOBUF_BUFFER_SIZE);
+ fcx = xmalloc (sizeof *fcx + 20);
+ fcx->fp = fp;
+ fcx->print_only_name = 1;
+ sprintf (fcx->fname, "[fd %d]", fd);
+ a->filter = file_filter;
+ a->filter_ov = fcx;
+ file_filter (fcx, IOBUFCTRL_DESC, NULL, (byte *) & a->desc, &len);
+ file_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len);
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: fdopen `%s'\n", a->no, a->subno, fcx->fname);
+ iobuf_ioctl (a, 3, 1, NULL); /* disable fd caching */
+ return a;
+}
+
+
+iobuf_t
+iobuf_sockopen (int fd, const char *mode)
+{
+ iobuf_t a;
+#ifdef HAVE_W32_SYSTEM
+ sock_filter_ctx_t *scx;
+ size_t len;
+
+ a = iobuf_alloc (strchr (mode, 'w') ? 2 : 1, IOBUF_BUFFER_SIZE);
+ scx = xmalloc (sizeof *scx + 25);
+ scx->sock = fd;
+ scx->print_only_name = 1;
+ sprintf (scx->fname, "[sock %d]", fd);
+ a->filter = sock_filter;
+ a->filter_ov = scx;
+ sock_filter (scx, IOBUFCTRL_DESC, NULL, (byte *) & a->desc, &len);
+ sock_filter (scx, IOBUFCTRL_INIT, NULL, NULL, &len);
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: sockopen `%s'\n", a->no, a->subno, scx->fname);
+ iobuf_ioctl (a, 3, 1, NULL); /* disable fd caching */
+#else
+ a = iobuf_fdopen (fd, mode);
+#endif
+ return a;
+}
+
+/****************
+ * create an iobuf for writing to a file; the file will be created.
+ */
+iobuf_t
+iobuf_create (const char *fname)
+{
+ iobuf_t a;
+ fp_or_fd_t fp;
+ file_filter_ctx_t *fcx;
+ size_t len;
+ int print_only = 0;
+ int fd;
+
+ if (!fname || (*fname == '-' && !fname[1]))
+ {
+ fp = FILEP_OR_FD_FOR_STDOUT;
+#ifdef USE_SETMODE
+ setmode (my_fileno (fp), O_BINARY);
+#endif
+ fname = "[stdout]";
+ print_only = 1;
+ }
+ else if ((fd = check_special_filename (fname)) != -1)
+ return iobuf_fdopen (translate_file_handle (fd, 1), "wb");
+ else if ((fp = my_fopen (fname, "wb")) == INVALID_FP)
+ return NULL;
+ a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
+ fcx = xmalloc (sizeof *fcx + strlen (fname));
+ fcx->fp = fp;
+ fcx->print_only_name = print_only;
+ strcpy (fcx->fname, fname);
+ if (!print_only)
+ a->real_fname = xstrdup (fname);
+ a->filter = file_filter;
+ a->filter_ov = fcx;
+ file_filter (fcx, IOBUFCTRL_DESC, NULL, (byte *) & a->desc, &len);
+ file_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len);
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: create `%s'\n", a->no, a->subno,
+ a->desc?a->desc:"?");
+
+ return a;
+}
+
+/****************
+ * append to an iobuf; if the file does not exist, create it.
+ * cannot be used for stdout.
+ * Note: This is not used.
+ */
+#if 0 /* not used */
+iobuf_t
+iobuf_append (const char *fname)
+{
+ iobuf_t a;
+ FILE *fp;
+ file_filter_ctx_t *fcx;
+ size_t len;
+
+ if (!fname)
+ return NULL;
+ else if (!(fp = my_fopen (fname, "ab")))
+ return NULL;
+ a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
+ fcx = m_alloc (sizeof *fcx + strlen (fname));
+ fcx->fp = fp;
+ strcpy (fcx->fname, fname);
+ a->real_fname = m_strdup (fname);
+ a->filter = file_filter;
+ a->filter_ov = fcx;
+ file_filter (fcx, IOBUFCTRL_DESC, NULL, (byte *) & a->desc, &len);
+ file_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len);
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: append `%s'\n", a->no, a->subno,
+ a->desc?a->desc:"?");
+
+ return a;
+}
+#endif
+
+iobuf_t
+iobuf_openrw (const char *fname)
+{
+ iobuf_t a;
+ fp_or_fd_t fp;
+ file_filter_ctx_t *fcx;
+ size_t len;
+
+ if (!fname)
+ return NULL;
+ else if ((fp = my_fopen (fname, "r+b")) == INVALID_FP)
+ return NULL;
+ a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
+ fcx = xmalloc (sizeof *fcx + strlen (fname));
+ fcx->fp = fp;
+ strcpy (fcx->fname, fname);
+ a->real_fname = xstrdup (fname);
+ a->filter = file_filter;
+ a->filter_ov = fcx;
+ file_filter (fcx, IOBUFCTRL_DESC, NULL, (byte *) & a->desc, &len);
+ file_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len);
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: openrw `%s'\n", a->no, a->subno,
+ a->desc?a->desc:"?");
+
+ return a;
+}
+
+
+int
+iobuf_ioctl (iobuf_t a, int cmd, int intval, void *ptrval)
+{
+ if (cmd == 1)
+ { /* keep system filepointer/descriptor open */
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: ioctl `%s' keep=%d\n",
+ a ? a->no : -1, a ? a->subno : -1,
+ a && a->desc ? a->desc : "?",
+ intval);
+ for (; a; a = a->chain)
+ if (!a->chain && a->filter == file_filter)
+ {
+ file_filter_ctx_t *b = a->filter_ov;
+ b->keep_open = intval;
+ return 0;
+ }
+#ifdef HAVE_W32_SYSTEM
+ else if (!a->chain && a->filter == sock_filter)
+ {
+ sock_filter_ctx_t *b = a->filter_ov;
+ b->keep_open = intval;
+ return 0;
+ }
+#endif
+ }
+ else if (cmd == 2)
+ { /* invalidate cache */
+ if (DBG_IOBUF)
+ log_debug ("iobuf-*.*: ioctl `%s' invalidate\n",
+ ptrval ? (char *) ptrval : "?");
+ if (!a && !intval && ptrval)
+ {
+#ifndef FILE_FILTER_USES_STDIO
+ if (fd_cache_invalidate (ptrval))
+ return -1;
+#endif
+ return 0;
+ }
+ }
+ else if (cmd == 3)
+ { /* disallow/allow caching */
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: ioctl `%s' no_cache=%d\n",
+ a ? a->no : -1, a ? a->subno : -1,
+ a && a->desc? a->desc : "?",
+ intval);
+ for (; a; a = a->chain)
+ if (!a->chain && a->filter == file_filter)
+ {
+ file_filter_ctx_t *b = a->filter_ov;
+ b->no_cache = intval;
+ return 0;
+ }
+#ifdef HAVE_W32_SYSTEM
+ else if (!a->chain && a->filter == sock_filter)
+ {
+ sock_filter_ctx_t *b = a->filter_ov;
+ b->no_cache = intval;
+ return 0;
+ }
+#endif
+ }
+ else if (cmd == 4)
+ {
+ /* Do a fsync on the open fd and return any errors to the caller
+ of iobuf_ioctl. Note that we work on a file name here. */
+ if (DBG_IOBUF)
+ log_debug ("iobuf-*.*: ioctl `%s' fsync\n",
+ ptrval? (const char*)ptrval:"<null>");
+
+ if (!a && !intval && ptrval)
+ {
+#ifndef FILE_FILTER_USES_STDIO
+ return fd_cache_synchronize (ptrval);
+#else
+ return 0;
+#endif
+ }
+ }
+
+
+ return -1;
+}
+
+
+/****************
+ * Register an i/o filter.
+ */
+int
+iobuf_push_filter (iobuf_t a,
+ int (*f) (void *opaque, int control,
+ iobuf_t chain, byte * buf, size_t * len),
+ void *ov)
+{
+ return iobuf_push_filter2 (a, f, ov, 0);
+}
+
+int
+iobuf_push_filter2 (iobuf_t a,
+ int (*f) (void *opaque, int control,
+ iobuf_t chain, byte * buf, size_t * len),
+ void *ov, int rel_ov)
+{
+ iobuf_t b;
+ size_t dummy_len = 0;
+ int rc = 0;
+
+ if (a->directfp)
+ BUG ();
+
+ if (a->use == 2 && (rc = iobuf_flush (a)))
+ return rc;
+ /* make a copy of the current stream, so that
+ * A is the new stream and B the original one.
+ * The contents of the buffers are transferred to the
+ * new stream.
+ */
+ b = xmalloc (sizeof *b);
+ memcpy (b, a, sizeof *b);
+ /* fixme: it is stupid to keep a copy of the name at every level
+ * but we need the name somewhere because the name known by file_filter
+ * may have been released when we need the name of the file */
+ b->real_fname = a->real_fname ? xstrdup (a->real_fname) : NULL;
+ /* remove the filter stuff from the new stream */
+ a->filter = NULL;
+ a->filter_ov = NULL;
+ a->filter_ov_owner = 0;
+ a->filter_eof = 0;
+ if (a->use == 3)
+ a->use = 2; /* make a write stream from a temp stream */
+
+ if (a->use == 2)
+ { /* allocate a fresh buffer for the
+ original stream */
+ b->d.buf = xmalloc (a->d.size);
+ b->d.len = 0;
+ b->d.start = 0;
+ }
+ else
+ { /* allocate a fresh buffer for the new
+ stream */
+ a->d.buf = xmalloc (a->d.size);
+ a->d.len = 0;
+ a->d.start = 0;
+ }
+ /* disable nlimit for the new stream */
+ a->ntotal = b->ntotal + b->nbytes;
+ a->nlimit = a->nbytes = 0;
+ a->nofast &= ~1;
+ /* make a link from the new stream to the original stream */
+ a->chain = b;
+ a->opaque = b->opaque;
+
+ /* setup the function on the new stream */
+ a->filter = f;
+ a->filter_ov = ov;
+ a->filter_ov_owner = rel_ov;
+
+ a->subno = b->subno + 1;
+ f (ov, IOBUFCTRL_DESC, NULL, (byte *) & a->desc, &dummy_len);
+
+ if (DBG_IOBUF)
+ {
+ log_debug ("iobuf-%d.%d: push `%s'\n", a->no, a->subno,
+ a->desc?a->desc:"?");
+ print_chain (a);
+ }
+
+ /* now we can initialize the new function if we have one */
+ if (a->filter && (rc = a->filter (a->filter_ov, IOBUFCTRL_INIT, a->chain,
+ NULL, &dummy_len)))
+ log_error ("IOBUFCTRL_INIT failed: %s\n", gpg_strerror (rc));
+ return rc;
+}
+
+/****************
+ * Remove an i/o filter.
+ */
+static int
+pop_filter (iobuf_t a, int (*f) (void *opaque, int control,
+ iobuf_t chain, byte * buf, size_t * len),
+ void *ov)
+{
+ iobuf_t b;
+ size_t dummy_len = 0;
+ int rc = 0;
+
+ if (a->directfp)
+ BUG ();
+
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: pop `%s'\n", a->no, a->subno,
+ a->desc?a->desc:"?");
+ if (!a->filter)
+ { /* this is simple */
+ b = a->chain;
+ assert (b);
+ xfree (a->d.buf);
+ xfree (a->real_fname);
+ memcpy (a, b, sizeof *a);
+ xfree (b);
+ return 0;
+ }
+ for (b = a; b; b = b->chain)
+ if (b->filter == f && (!ov || b->filter_ov == ov))
+ break;
+ if (!b)
+ log_bug ("pop_filter(): filter function not found\n");
+
+ /* flush this stream if it is an output stream */
+ if (a->use == 2 && (rc = iobuf_flush (b)))
+ {
+ log_error ("iobuf_flush failed in pop_filter: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+ /* and tell the filter to free it self */
+ if (b->filter && (rc = b->filter (b->filter_ov, IOBUFCTRL_FREE, b->chain,
+ NULL, &dummy_len)))
+ {
+ log_error ("IOBUFCTRL_FREE failed: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+ if (b->filter_ov && b->filter_ov_owner)
+ {
+ xfree (b->filter_ov);
+ b->filter_ov = NULL;
+ }
+
+
+ /* and see how to remove it */
+ if (a == b && !b->chain)
+ log_bug ("can't remove the last filter from the chain\n");
+ else if (a == b)
+ { /* remove the first iobuf from the chain */
+ /* everything from b is copied to a. This is save because
+ * a flush has been done on the to be removed entry
+ */
+ b = a->chain;
+ xfree (a->d.buf);
+ xfree (a->real_fname);
+ memcpy (a, b, sizeof *a);
+ xfree (b);
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: popped filter\n", a->no, a->subno);
+ }
+ else if (!b->chain)
+ { /* remove the last iobuf from the chain */
+ log_bug ("Ohh jeee, trying to remove a head filter\n");
+ }
+ else
+ { /* remove an intermediate iobuf from the chain */
+ log_bug ("Ohh jeee, trying to remove an intermediate filter\n");
+ }
+
+ return rc;
+}
+
+
+/****************
+ * read underflow: read more bytes into the buffer and return
+ * the first byte or -1 on EOF.
+ */
+static int
+underflow (iobuf_t a)
+{
+ size_t len;
+ int rc;
+
+ assert (a->d.start == a->d.len);
+ if (a->use == 3)
+ return -1; /* EOF because a temp buffer can't do an underflow */
+
+ if (a->filter_eof)
+ {
+ if (a->chain)
+ {
+ iobuf_t b = a->chain;
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: pop `%s' in underflow\n",
+ a->no, a->subno, a->desc?a->desc:"?");
+ xfree (a->d.buf);
+ xfree (a->real_fname);
+ memcpy (a, b, sizeof *a);
+ xfree (b);
+ print_chain (a);
+ }
+ else
+ a->filter_eof = 0; /* for the top level filter */
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: underflow: eof (due to filter eof)\n",
+ a->no, a->subno);
+ return -1; /* return one(!) EOF */
+ }
+ if (a->error)
+ {
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: error\n", a->no, a->subno);
+ return -1;
+ }
+
+ if (a->directfp)
+ {
+ FILE *fp = a->directfp;
+
+ len = fread (a->d.buf, 1, a->d.size, fp);
+ if (len < a->d.size)
+ {
+ if (ferror (fp))
+ a->error = gpg_error_from_syserror ();
+ }
+ a->d.len = len;
+ a->d.start = 0;
+ return len ? a->d.buf[a->d.start++] : -1;
+ }
+
+
+ if (a->filter)
+ {
+ len = a->d.size;
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: underflow: req=%lu\n",
+ a->no, a->subno, (ulong) len);
+ rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
+ a->d.buf, &len);
+ if (DBG_IOBUF)
+ {
+ log_debug ("iobuf-%d.%d: underflow: got=%lu rc=%d\n",
+ a->no, a->subno, (ulong) len, rc);
+/* if( a->no == 1 ) */
+/* log_hexdump (" data:", a->d.buf, len); */
+ }
+ if (a->use == 1 && rc == -1)
+ { /* EOF: we can remove the filter */
+ size_t dummy_len = 0;
+
+ /* and tell the filter to free itself */
+ if ((rc = a->filter (a->filter_ov, IOBUFCTRL_FREE, a->chain,
+ NULL, &dummy_len)))
+ log_error ("IOBUFCTRL_FREE failed: %s\n", gpg_strerror (rc));
+ if (a->filter_ov && a->filter_ov_owner)
+ {
+ xfree (a->filter_ov);
+ a->filter_ov = NULL;
+ }
+ a->filter = NULL;
+ a->desc = NULL;
+ a->filter_ov = NULL;
+ a->filter_eof = 1;
+ if (!len && a->chain)
+ {
+ iobuf_t b = a->chain;
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: pop in underflow (!len)\n",
+ a->no, a->subno);
+ xfree (a->d.buf);
+ xfree (a->real_fname);
+ memcpy (a, b, sizeof *a);
+ xfree (b);
+ print_chain (a);
+ }
+ }
+ else if (rc)
+ a->error = rc;
+
+ if (!len)
+ {
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: underflow: eof\n", a->no, a->subno);
+ return -1;
+ }
+ a->d.len = len;
+ a->d.start = 0;
+ return a->d.buf[a->d.start++];
+ }
+ else
+ {
+ if (DBG_IOBUF)
+ log_debug ("iobuf-%d.%d: underflow: eof (no filter)\n",
+ a->no, a->subno);
+ return -1; /* no filter; return EOF */
+ }
+}
+
+
+int
+iobuf_flush (iobuf_t a)
+{
+ size_t len;
+ int rc;
+
+ if (a->directfp)
+ return 0;
+
+ if (a->use == 3)
+ { /* increase the temp buffer */
+ unsigned char *newbuf;
+ size_t newsize = a->d.size + IOBUF_BUFFER_SIZE;
+
+ if (DBG_IOBUF)
+ log_debug ("increasing temp iobuf from %lu to %lu\n",
+ (ulong) a->d.size, (ulong) newsize);
+ newbuf = xmalloc (newsize);
+ memcpy (newbuf, a->d.buf, a->d.len);
+ xfree (a->d.buf);
+ a->d.buf = newbuf;
+ a->d.size = newsize;
+ return 0;
+ }
+ else if (a->use != 2)
+ log_bug ("flush on non-output iobuf\n");
+ else if (!a->filter)
+ log_bug ("iobuf_flush: no filter\n");
+ len = a->d.len;
+ rc = a->filter (a->filter_ov, IOBUFCTRL_FLUSH, a->chain, a->d.buf, &len);
+ if (!rc && len != a->d.len)
+ {
+ log_info ("iobuf_flush did not write all!\n");
+ rc = GPG_ERR_INTERNAL;
+ }
+ else if (rc)
+ a->error = rc;
+ a->d.len = 0;
+
+ return rc;
+}
+
+
+/****************
+ * Read a byte from the iobuf; returns -1 on EOF
+ */
+int
+iobuf_readbyte (iobuf_t a)
+{
+ int c;
+
+ if (a->nlimit && a->nbytes >= a->nlimit)
+ return -1; /* forced EOF */
+
+ if (a->d.start < a->d.len)
+ {
+ c = a->d.buf[a->d.start++];
+ }
+ else if ((c = underflow (a)) == -1)
+ return -1; /* EOF */
+
+ a->nbytes++;
+ return c;
+}
+
+
+int
+iobuf_read (iobuf_t a, void *buffer, unsigned int buflen)
+{
+ unsigned char *buf = (unsigned char *)buffer;
+ int c, n;
+
+ if (a->nlimit)
+ {
+ /* Handle special cases. */
+ for (n = 0; n < buflen; n++)
+ {
+ if ((c = iobuf_readbyte (a)) == -1)
+ {
+ if (!n)
+ return -1; /* eof */
+ break;
+ }
+ else if (buf)
+ *buf = c;
+ if (buf)
+ buf++;
+ }
+ return n;
+ }
+
+ n = 0;
+ do
+ {
+ if (n < buflen && a->d.start < a->d.len)
+ {
+ unsigned size = a->d.len - a->d.start;
+ if (size > buflen - n)
+ size = buflen - n;
+ if (buf)
+ memcpy (buf, a->d.buf + a->d.start, size);
+ n += size;
+ a->d.start += size;
+ if (buf)
+ buf += size;
+ }
+ if (n < buflen)
+ {
+ if ((c = underflow (a)) == -1)
+ {
+ a->nbytes += n;
+ return n ? n : -1 /*EOF*/;
+ }
+ if (buf)
+ *buf++ = c;
+ n++;
+ }
+ }
+ while (n < buflen);
+ a->nbytes += n;
+ return n;
+}
+
+
+
+/****************
+ * Have a look at the iobuf.
+ * NOTE: This only works in special cases.
+ */
+int
+iobuf_peek (iobuf_t a, byte * buf, unsigned buflen)
+{
+ int n = 0;
+
+ if (a->filter_eof)
+ return -1;
+
+ if (!(a->d.start < a->d.len))
+ {
+ if (underflow (a) == -1)
+ return -1;
+ /* And unget this character. */
+ assert (a->d.start == 1);
+ a->d.start = 0;
+ }
+
+ for (n = 0; n < buflen && (a->d.start + n) < a->d.len; n++, buf++)
+ *buf = a->d.buf[n];
+ return n;
+}
+
+
+
+
+int
+iobuf_writebyte (iobuf_t a, unsigned int c)
+{
+ int rc;
+
+ if (a->directfp)
+ BUG ();
+
+ if (a->d.len == a->d.size)
+ if ((rc=iobuf_flush (a)))
+ return rc;
+
+ assert (a->d.len < a->d.size);
+ a->d.buf[a->d.len++] = c;
+ return 0;
+}
+
+
+int
+iobuf_write (iobuf_t a, const void *buffer, unsigned int buflen)
+{
+ const unsigned char *buf = (const unsigned char *)buffer;
+ int rc;
+
+ if (a->directfp)
+ BUG ();
+
+ do
+ {
+ if (buflen && a->d.len < a->d.size)
+ {
+ unsigned size = a->d.size - a->d.len;
+ if (size > buflen)
+ size = buflen;
+ memcpy (a->d.buf + a->d.len, buf, size);
+ buflen -= size;
+ buf += size;
+ a->d.len += size;
+ }
+ if (buflen)
+ {
+ rc = iobuf_flush (a);
+ if (rc)
+ return rc;
+ }
+ }
+ while (buflen);
+ return 0;
+}
+
+
+int
+iobuf_writestr (iobuf_t a, const char *buf)
+{
+ int rc;
+
+ for (; *buf; buf++)
+ if ((rc=iobuf_writebyte (a, *buf)))
+ return rc;
+ return 0;
+}
+
+
+
+/****************
+ * copy the contents of TEMP to A.
+ */
+int
+iobuf_write_temp (iobuf_t a, iobuf_t temp)
+{
+ while (temp->chain)
+ pop_filter (temp, temp->filter, NULL);
+ return iobuf_write (a, temp->d.buf, temp->d.len);
+}
+
+/****************
+ * copy the contents of the temp io stream to BUFFER.
+ */
+size_t
+iobuf_temp_to_buffer (iobuf_t a, byte * buffer, size_t buflen)
+{
+ size_t n = a->d.len;
+
+ if (n > buflen)
+ n = buflen;
+ memcpy (buffer, a->d.buf, n);
+ return n;
+}
+
+
+/****************
+ * Call this function to terminate processing of the temp stream
+ * without closing it. This removes all filters from the stream
+ * makes sure that iobuf_get_temp_{buffer,length}() returns correct
+ * values.
+ */
+void
+iobuf_flush_temp (iobuf_t temp)
+{
+ while (temp->chain)
+ pop_filter (temp, temp->filter, NULL);
+}
+
+
+/****************
+ * Set a limit on how many bytes may be read from the input stream A.
+ * Setting the limit to 0 disables this feature.
+ */
+void
+iobuf_set_limit (iobuf_t a, off_t nlimit)
+{
+ if (nlimit)
+ a->nofast |= 1;
+ else
+ a->nofast &= ~1;
+ a->nlimit = nlimit;
+ a->ntotal += a->nbytes;
+ a->nbytes = 0;
+}
+
+
+
+/* Return the length of an open file A. IF OVERFLOW is not NULL it
+ will be set to true if the file is larger than what off_t can cope
+ with. The function return 0 on error or on overflow condition. */
+off_t
+iobuf_get_filelength (iobuf_t a, int *overflow)
+{
+ struct stat st;
+
+ if (overflow)
+ *overflow = 0;
+
+ if ( a->directfp )
+ {
+ FILE *fp = a->directfp;
+
+ if ( !fstat(fileno(fp), &st) )
+ return st.st_size;
+ log_error("fstat() failed: %s\n", strerror(errno) );
+ return 0;
+ }
+
+ /* Hmmm: file_filter may have already been removed */
+ for ( ; a; a = a->chain )
+ if ( !a->chain && a->filter == file_filter )
+ {
+ file_filter_ctx_t *b = a->filter_ov;
+ fp_or_fd_t fp = b->fp;
+
+#if defined(HAVE_W32_SYSTEM) && !defined(FILE_FILTER_USES_STDIO)
+ ulong size;
+ static int (* __stdcall get_file_size_ex) (void *handle,
+ LARGE_INTEGER *r_size);
+ static int get_file_size_ex_initialized;
+
+ if (!get_file_size_ex_initialized)
+ {
+ void *handle;
+
+ handle = dlopen ("kernel32.dll", RTLD_LAZY);
+ if (handle)
+ {
+ get_file_size_ex = dlsym (handle, "GetFileSizeEx");
+ if (!get_file_size_ex)
+ dlclose (handle);
+ }
+ get_file_size_ex_initialized = 1;
+ }
+
+ if (get_file_size_ex)
+ {
+ /* This is a newer system with GetFileSizeEx; we use this
+ then because it seem that GetFileSize won't return a
+ proper error in case a file is larger than 4GB. */
+ LARGE_INTEGER exsize;
+
+ if (get_file_size_ex (fp, &exsize))
+ {
+ if (!exsize.u.HighPart)
+ return exsize.u.LowPart;
+ if (overflow)
+ *overflow = 1;
+ return 0;
+ }
+ }
+ else
+ {
+ if ((size=GetFileSize (fp, NULL)) != 0xffffffff)
+ return size;
+ }
+ log_error ("GetFileSize for handle %p failed: %s\n",
+ fp, w32_strerror (0));
+#else
+ if ( !fstat(my_fileno(fp), &st) )
+ return st.st_size;
+ log_error("fstat() failed: %s\n", strerror(errno) );
+#endif
+ break/*the for loop*/;
+ }
+
+ return 0;
+}
+
+
+/* Return the file descriptor of the underlying file or -1 if it is
+ not available. */
+int
+iobuf_get_fd (iobuf_t a)
+{
+ if (a->directfp)
+ return fileno ( (FILE*)a->directfp );
+
+ for ( ; a; a = a->chain )
+ if (!a->chain && a->filter == file_filter)
+ {
+ file_filter_ctx_t *b = a->filter_ov;
+ fp_or_fd_t fp = b->fp;
+
+ return my_fileno (fp);
+ }
+
+ return -1;
+}
+
+
+
+/****************
+ * Tell the file position, where the next read will take place
+ */
+off_t
+iobuf_tell (iobuf_t a)
+{
+ return a->ntotal + a->nbytes;
+}
+
+
+#if !defined(HAVE_FSEEKO) && !defined(fseeko)
+
+#ifdef HAVE_LIMITS_H
+# include <limits.h>
+#endif
+#ifndef LONG_MAX
+# define LONG_MAX ((long) ((unsigned long) -1 >> 1))
+#endif
+#ifndef LONG_MIN
+# define LONG_MIN (-1 - LONG_MAX)
+#endif
+
+/****************
+ * A substitute for fseeko, for hosts that don't have it.
+ */
+static int
+fseeko (FILE * stream, off_t newpos, int whence)
+{
+ while (newpos != (long) newpos)
+ {
+ long pos = newpos < 0 ? LONG_MIN : LONG_MAX;
+ if (fseek (stream, pos, whence) != 0)
+ return -1;
+ newpos -= pos;
+ whence = SEEK_CUR;
+ }
+ return fseek (stream, (long) newpos, whence);
+}
+#endif
+
+/****************
+ * This is a very limited implementation. It simply discards all internal
+ * buffering and removes all filters but the first one.
+ */
+int
+iobuf_seek (iobuf_t a, off_t newpos)
+{
+ file_filter_ctx_t *b = NULL;
+
+ if (a->directfp)
+ {
+ FILE *fp = a->directfp;
+ if (fseeko (fp, newpos, SEEK_SET))
+ {
+ log_error ("can't seek: %s\n", strerror (errno));
+ return -1;
+ }
+ clearerr (fp);
+ }
+ else
+ {
+ for (; a; a = a->chain)
+ {
+ if (!a->chain && a->filter == file_filter)
+ {
+ b = a->filter_ov;
+ break;
+ }
+ }
+ if (!a)
+ return -1;
+#ifdef FILE_FILTER_USES_STDIO
+ if (fseeko (b->fp, newpos, SEEK_SET))
+ {
+ log_error ("can't fseek: %s\n", strerror (errno));
+ return -1;
+ }
+#else
+#ifdef HAVE_W32_SYSTEM
+ if (SetFilePointer (b->fp, newpos, NULL, FILE_BEGIN) == 0xffffffff)
+ {
+ log_error ("SetFilePointer failed on handle %p: ec=%d\n",
+ b->fp, (int) GetLastError ());
+ return -1;
+ }
+#else
+ if (lseek (b->fp, newpos, SEEK_SET) == (off_t) - 1)
+ {
+ log_error ("can't lseek: %s\n", strerror (errno));
+ return -1;
+ }
+#endif
+#endif
+ }
+ a->d.len = 0; /* discard buffer */
+ a->d.start = 0;
+ a->nbytes = 0;
+ a->nlimit = 0;
+ a->nofast &= ~1;
+ a->ntotal = newpos;
+ a->error = 0;
+ /* remove filters, but the last */
+ if (a->chain)
+ log_debug ("pop_filter called in iobuf_seek - please report\n");
+ while (a->chain)
+ pop_filter (a, a->filter, NULL);
+
+ return 0;
+}
+
+
+
+
+
+
+/****************
+ * Retrieve the real filename
+ */
+const char *
+iobuf_get_real_fname (iobuf_t a)
+{
+ if (a->real_fname)
+ return a->real_fname;
+
+ /* the old solution */
+ for (; a; a = a->chain)
+ if (!a->chain && a->filter == file_filter)
+ {
+ file_filter_ctx_t *b = a->filter_ov;
+ return b->print_only_name ? NULL : b->fname;
+ }
+
+ return NULL;
+}
+
+
+/****************
+ * Retrieve the filename
+ */
+const char *
+iobuf_get_fname (iobuf_t a)
+{
+ for (; a; a = a->chain)
+ if (!a->chain && a->filter == file_filter)
+ {
+ file_filter_ctx_t *b = a->filter_ov;
+ return b->fname;
+ }
+ return NULL;
+}
+
+
+/****************
+ * enable partial block mode as described in the OpenPGP draft.
+ * LEN is the first length byte on read, but ignored on writes.
+ */
+void
+iobuf_set_partial_block_mode (iobuf_t a, size_t len)
+{
+ block_filter_ctx_t *ctx = xcalloc (1, sizeof *ctx);
+
+ assert (a->use == 1 || a->use == 2);
+ ctx->use = a->use;
+ if (!len)
+ {
+ if (a->use == 1)
+ log_debug ("pop_filter called in set_partial_block_mode"
+ " - please report\n");
+ pop_filter (a, block_filter, NULL);
+ }
+ else
+ {
+ ctx->partial = 1;
+ ctx->size = 0;
+ ctx->first_c = len;
+ iobuf_push_filter (a, block_filter, ctx);
+ }
+}
+
+
+
+/****************
+ * Same as fgets() but if the buffer is too short a larger one will
+ * be allocated up to some limit *max_length.
+ * A line is considered a byte stream ending in a LF.
+ * Returns the length of the line. EOF is indicated by a line of
+ * length zero. The last LF may be missing due to an EOF.
+ * is max_length is zero on return, the line has been truncated.
+ *
+ * Note: The buffer is allocated with enough space to append a CR,LF,EOL
+ */
+unsigned int
+iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
+ unsigned *length_of_buffer, unsigned *max_length)
+{
+ int c;
+ char *buffer = (char *)*addr_of_buffer;
+ unsigned length = *length_of_buffer;
+ unsigned nbytes = 0;
+ unsigned maxlen = *max_length;
+ char *p;
+
+ if (!buffer)
+ { /* must allocate a new buffer */
+ length = 256;
+ buffer = xmalloc (length);
+ *addr_of_buffer = (unsigned char *)buffer;
+ *length_of_buffer = length;
+ }
+
+ length -= 3; /* reserve 3 bytes (cr,lf,eol) */
+ p = buffer;
+ while ((c = iobuf_get (a)) != -1)
+ {
+ if (nbytes == length)
+ { /* increase the buffer */
+ if (length > maxlen)
+ { /* this is out limit */
+ /* skip the rest of the line */
+ while (c != '\n' && (c = iobuf_get (a)) != -1)
+ ;
+ *p++ = '\n'; /* always append a LF (we have reserved space) */
+ nbytes++;
+ *max_length = 0; /* indicate truncation */
+ break;
+ }
+ length += 3; /* correct for the reserved byte */
+ length += length < 1024 ? 256 : 1024;
+ buffer = xrealloc (buffer, length);
+ *addr_of_buffer = (unsigned char *)buffer;
+ *length_of_buffer = length;
+ length -= 3; /* and reserve again */
+ p = buffer + nbytes;
+ }
+ *p++ = c;
+ nbytes++;
+ if (c == '\n')
+ break;
+ }
+ *p = 0; /* make sure the line is a string */
+
+ return nbytes;
+}
+
+static int
+translate_file_handle (int fd, int for_write)
+{
+#ifdef HAVE_W32_SYSTEM
+# ifdef FILE_FILTER_USES_STDIO
+ fd = translate_sys2libc_fd (fd, for_write);
+# else
+ {
+ int x;
+
+ (void)for_write;
+
+ if (fd == 0)
+ x = (int) GetStdHandle (STD_INPUT_HANDLE);
+ else if (fd == 1)
+ x = (int) GetStdHandle (STD_OUTPUT_HANDLE);
+ else if (fd == 2)
+ x = (int) GetStdHandle (STD_ERROR_HANDLE);
+ else
+ x = fd;
+
+ if (x == -1)
+ log_debug ("GetStdHandle(%d) failed: ec=%d\n",
+ fd, (int) GetLastError ());
+
+ fd = x;
+ }
+# endif
+#else
+ (void)for_write;
+#endif
+ return fd;
+}
+
+
+void
+iobuf_skip_rest (iobuf_t a, unsigned long n, int partial)
+{
+ if ( partial )
+ {
+ for (;;)
+ {
+ if (a->nofast || a->d.start >= a->d.len)
+ {
+ if (iobuf_readbyte (a) == -1)
+ {
+ break;
+ }
+ }
+ else
+ {
+ unsigned long count = a->d.len - a->d.start;
+ a->nbytes += count;
+ a->d.start = a->d.len;
+ }
+ }
+ }
+ else
+ {
+ unsigned long remaining = n;
+ while (remaining > 0)
+ {
+ if (a->nofast || a->d.start >= a->d.len)
+ {
+ if (iobuf_readbyte (a) == -1)
+ {
+ break;
+ }
+ --remaining;
+ }
+ else
+ {
+ unsigned long count = a->d.len - a->d.start;
+ if (count > remaining)
+ {
+ count = remaining;
+ }
+ a->nbytes += count;
+ a->d.start += count;
+ remaining -= count;
+ }
+ }
+ }
+}
diff --git a/common/iobuf.h b/common/iobuf.h
new file mode 100644
index 0000000..8a3671e
--- /dev/null
+++ b/common/iobuf.h
@@ -0,0 +1,162 @@
+/* iobuf.h - I/O buffer
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GNUPG.
+ *
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_IOBUF_H
+#define GNUPG_COMMON_IOBUF_H
+
+#include "../include/types.h" /* fixme: should be moved elsewhere. */
+
+
+#define DBG_IOBUF iobuf_debug_mode
+
+
+#define IOBUFCTRL_INIT 1
+#define IOBUFCTRL_FREE 2
+#define IOBUFCTRL_UNDERFLOW 3
+#define IOBUFCTRL_FLUSH 4
+#define IOBUFCTRL_DESC 5
+#define IOBUFCTRL_CANCEL 6
+#define IOBUFCTRL_USER 16
+
+typedef struct iobuf_struct *iobuf_t;
+typedef struct iobuf_struct *IOBUF; /* Compatibility with gpg 1.4. */
+
+/* fixme: we should hide most of this stuff */
+struct iobuf_struct
+{
+ int use; /* 1 input , 2 output, 3 temp */
+ off_t nlimit;
+ off_t nbytes; /* Used together with nlimit. */
+ off_t ntotal; /* Total bytes read (position of stream). */
+ int nofast; /* Used by the iobuf_get (). */
+ void *directfp;
+ struct
+ {
+ size_t size; /* Allocated size */
+ size_t start; /* Number of invalid bytes at the
+ begin of the buffer */
+ size_t len; /* Currently filled to this size */
+ byte *buf;
+ } d;
+
+ int filter_eof;
+ int error;
+ int (*filter) (void *opaque, int control,
+ iobuf_t chain, byte * buf, size_t * len);
+ void *filter_ov; /* Value for opaque */
+ int filter_ov_owner;
+ char *real_fname;
+ iobuf_t chain; /* Next iobuf used for i/o if any
+ (passed to filter) */
+ int no, subno;
+ const char *desc;
+ void *opaque; /* Can be used to hold any information
+ this value is copied to all
+ instances */
+};
+
+#ifndef EXTERN_UNLESS_MAIN_MODULE
+#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE)
+#define EXTERN_UNLESS_MAIN_MODULE extern
+#else
+#define EXTERN_UNLESS_MAIN_MODULE
+#endif
+#endif
+EXTERN_UNLESS_MAIN_MODULE int iobuf_debug_mode;
+
+void iobuf_enable_special_filenames (int yes);
+int iobuf_is_pipe_filename (const char *fname);
+iobuf_t iobuf_alloc (int use, size_t bufsize);
+iobuf_t iobuf_temp (void);
+iobuf_t iobuf_temp_with_content (const char *buffer, size_t length);
+iobuf_t iobuf_open (const char *fname);
+iobuf_t iobuf_fdopen (int fd, const char *mode);
+iobuf_t iobuf_sockopen (int fd, const char *mode);
+iobuf_t iobuf_create (const char *fname);
+iobuf_t iobuf_append (const char *fname);
+iobuf_t iobuf_openrw (const char *fname);
+int iobuf_ioctl (iobuf_t a, int cmd, int intval, void *ptrval);
+int iobuf_close (iobuf_t iobuf);
+int iobuf_cancel (iobuf_t iobuf);
+
+int iobuf_push_filter (iobuf_t a, int (*f) (void *opaque, int control,
+ iobuf_t chain, byte * buf,
+ size_t * len), void *ov);
+int iobuf_push_filter2 (iobuf_t a,
+ int (*f) (void *opaque, int control, iobuf_t chain,
+ byte * buf, size_t * len), void *ov,
+ int rel_ov);
+int iobuf_flush (iobuf_t a);
+void iobuf_clear_eof (iobuf_t a);
+#define iobuf_set_error(a) do { (a)->error = 1; } while(0)
+#define iobuf_error(a) ((a)->error)
+
+void iobuf_set_limit (iobuf_t a, off_t nlimit);
+
+off_t iobuf_tell (iobuf_t a);
+int iobuf_seek (iobuf_t a, off_t newpos);
+
+int iobuf_readbyte (iobuf_t a);
+int iobuf_read (iobuf_t a, void *buf, unsigned buflen);
+void iobuf_unread (iobuf_t a, const unsigned char *buf, unsigned int buflen);
+unsigned iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
+ unsigned *length_of_buffer, unsigned *max_length);
+int iobuf_peek (iobuf_t a, byte * buf, unsigned buflen);
+int iobuf_writebyte (iobuf_t a, unsigned c);
+int iobuf_write (iobuf_t a, const void *buf, unsigned buflen);
+int iobuf_writestr (iobuf_t a, const char *buf);
+
+void iobuf_flush_temp (iobuf_t temp);
+int iobuf_write_temp (iobuf_t a, iobuf_t temp);
+size_t iobuf_temp_to_buffer (iobuf_t a, byte * buffer, size_t buflen);
+
+off_t iobuf_get_filelength (iobuf_t a, int *overflow);
+#define IOBUF_FILELENGTH_LIMIT 0xffffffff
+int iobuf_get_fd (iobuf_t a);
+const char *iobuf_get_real_fname (iobuf_t a);
+const char *iobuf_get_fname (iobuf_t a);
+
+void iobuf_set_partial_block_mode (iobuf_t a, size_t len);
+
+void iobuf_skip_rest (iobuf_t a, unsigned long n, int partial);
+
+
+/* get a byte form the iobuf; must check for eof prior to this function
+ * this function returns values in the range 0 .. 255 or -1 to indicate EOF
+ * iobuf_get_noeof() does not return -1 to indicate EOF, but masks the
+ * returned value to be in the range 0 ..255.
+ */
+#define iobuf_get(a) \
+ ( ((a)->nofast || (a)->d.start >= (a)->d.len )? \
+ iobuf_readbyte((a)) : ( (a)->nbytes++, (a)->d.buf[(a)->d.start++] ) )
+#define iobuf_get_noeof(a) (iobuf_get((a))&0xff)
+
+/* write a byte to the iobuf and return true on write error
+ * This macro does only write the low order byte
+ */
+#define iobuf_put(a,c) iobuf_writebyte(a,c)
+
+#define iobuf_where(a) "[don't know]"
+#define iobuf_id(a) ((a)->no)
+
+#define iobuf_get_temp_buffer(a) ( (a)->d.buf )
+#define iobuf_get_temp_length(a) ( (a)->d.len )
+#define iobuf_is_temp(a) ( (a)->use == 3 )
+
+#endif /*GNUPG_COMMON_IOBUF_H*/
diff --git a/common/keyserver.h b/common/keyserver.h
new file mode 100644
index 0000000..6455e8c
--- /dev/null
+++ b/common/keyserver.h
@@ -0,0 +1,42 @@
+/* keyserver.h - Public definitions for gpg keyserver helpers.
+ * Copyright (C) 2001, 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_KEYSERVER_H
+#define GNUPG_COMMON_KEYSERVER_H
+
+#define KEYSERVER_PROTO_VERSION 1
+
+/* These are usable for return codes for the gpgkeys_ process, and
+ also KEY FAILED codes. */
+#define KEYSERVER_OK 0 /* not an error */
+#define KEYSERVER_INTERNAL_ERROR 1 /* gpgkeys_ internal error */
+#define KEYSERVER_NOT_SUPPORTED 2 /* operation not supported */
+#define KEYSERVER_VERSION_ERROR 3 /* VERSION mismatch */
+#define KEYSERVER_GENERAL_ERROR 4 /* keyserver internal error */
+#define KEYSERVER_NO_MEMORY 5 /* out of memory */
+#define KEYSERVER_KEY_NOT_FOUND 6 /* key not found */
+#define KEYSERVER_KEY_EXISTS 7 /* key already exists */
+#define KEYSERVER_KEY_INCOMPLETE 8 /* key incomplete (EOF) */
+#define KEYSERVER_UNREACHABLE 9 /* unable to contact keyserver */
+#define KEYSERVER_TIMEOUT 10 /* timeout while accessing keyserver */
+
+/* Must be 127 due to shell internal magic. */
+#define KEYSERVER_SCHEME_NOT_FOUND 127
+
+#endif /*GNUPG_COMMON_KEYSERVER_H*/
diff --git a/common/localename.c b/common/localename.c
new file mode 100644
index 0000000..cb7fcc2
--- /dev/null
+++ b/common/localename.c
@@ -0,0 +1,116 @@
+/* localename.c - Determine the current selected locale.
+ Copyright (C) 1995-1999, 2000-2003, 2007,
+ 2008 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public License
+ as published by the Free Software Foundation; either version 2.1,
+ or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this program; if not, see <http://www.gnu.org/licenses/>.
+*/
+/* Written by Ulrich Drepper <drepper@gnu.org>, 1995. */
+/* Win32 code written by Tor Lillqvist <tml@iki.fi>. */
+/* Modified for GpgOL use by Werner Koch <wk@gnupg.org>, 2005. */
+/* Modified for GnuPG use by Werner Koch <wk@gnupg.org>, 2007 */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_LOCALE_H
+#include <locale.h>
+#endif
+
+#include "../jnlib/w32help.h"
+
+/* XPG3 defines the result of 'setlocale (category, NULL)' as:
+ "Directs 'setlocale()' to query 'category' and return the current
+ setting of 'local'."
+ However it does not specify the exact format. Neither do SUSV2 and
+ ISO C 99. So we can use this feature only on selected systems (e.g.
+ those using GNU C Library). */
+#if defined _LIBC || (defined __GNU_LIBRARY__ && __GNU_LIBRARY__ >= 2)
+# define HAVE_LOCALE_NULL
+#endif
+
+/* Use a dummy value for LC_MESSAGES in case it is not defined. This
+ works becuase we always test for HAVE_LC_MESSAGES and the core
+ fucntion takes the category as a string as well. */
+#ifndef HAVE_LC_MESSAGES
+#define LC_MESSAGES 0
+#endif
+
+
+/* Determine the current locale's name, and canonicalize it into XPG syntax
+ language[_territory[.codeset]][@modifier]
+ The codeset part in the result is not reliable; the locale_charset()
+ should be used for codeset information instead.
+ The result must not be freed; it is statically allocated. */
+
+#ifndef HAVE_W32_SYSTEM
+static const char *
+do_nl_locale_name (int category, const char *categoryname)
+{
+ const char *retval;
+
+ /* Use the POSIX methods of looking to 'LC_ALL', 'LC_xxx', and 'LANG'.
+ On some systems this can be done by the 'setlocale' function itself. */
+# if defined HAVE_SETLOCALE && defined HAVE_LC_MESSAGES && defined HAVE_LOCALE_NULL
+ (void)categoryname;
+ retval = setlocale (category, NULL);
+# else
+ /* Setting of LC_ALL overwrites all other. */
+ retval = getenv ("LC_ALL");
+ if (retval == NULL || retval[0] == '\0')
+ {
+ /* Next comes the name of the desired category. */
+ retval = getenv (categoryname);
+ if (retval == NULL || retval[0] == '\0')
+ {
+ /* Last possibility is the LANG environment variable. */
+ retval = getenv ("LANG");
+ if (retval == NULL || retval[0] == '\0')
+ /* We use C as the default domain. POSIX says this is
+ implementation defined. */
+ retval = "C";
+ }
+ }
+# endif
+
+ return retval;
+}
+#endif /* HAVE_W32_SYSTEM */
+
+
+
+/* Return the locale used for translatable messages. The standard C
+ and POSIX are locale names are mapped to an empty string. If a
+ locale can't be found an empty string will be returned. */
+const char *
+gnupg_messages_locale_name (void)
+{
+ const char *s;
+
+#ifdef HAVE_W32_SYSTEM
+ /* We use the localname function from ../jnlib/w32-gettext.c. */
+ s = gettext_localename ();
+#else
+ s = do_nl_locale_name (LC_MESSAGES, "LC_MESSAGES");
+#endif
+ if (!s)
+ s = "";
+ else if (!strcmp (s, "C") || !strcmp (s, "POSIX"))
+ s = "";
+
+ return s;
+}
+
diff --git a/common/membuf.c b/common/membuf.c
new file mode 100644
index 0000000..737930b
--- /dev/null
+++ b/common/membuf.c
@@ -0,0 +1,118 @@
+/* membuf.c - A simple implementation of a dynamic buffer.
+ * Copyright (C) 2001, 2003, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include "membuf.h"
+
+#include "util.h"
+
+
+/* A simple implementation of a dynamic buffer. Use init_membuf() to
+ create a buffer, put_membuf to append bytes and get_membuf to
+ release and return the buffer. Allocation errors are detected but
+ only returned at the final get_membuf(), this helps not to clutter
+ the code with out of core checks. */
+
+void
+init_membuf (membuf_t *mb, int initiallen)
+{
+ mb->len = 0;
+ mb->size = initiallen;
+ mb->out_of_core = 0;
+ mb->buf = xtrymalloc (initiallen);
+ if (!mb->buf)
+ mb->out_of_core = errno;
+}
+
+/* Same as init_membuf but allocates the buffer in secure memory. */
+void
+init_membuf_secure (membuf_t *mb, int initiallen)
+{
+ mb->len = 0;
+ mb->size = initiallen;
+ mb->out_of_core = 0;
+ mb->buf = xtrymalloc_secure (initiallen);
+ if (!mb->buf)
+ mb->out_of_core = errno;
+}
+
+
+void
+put_membuf (membuf_t *mb, const void *buf, size_t len)
+{
+ if (mb->out_of_core)
+ return;
+
+ if (mb->len + len >= mb->size)
+ {
+ char *p;
+
+ mb->size += len + 1024;
+ p = xtryrealloc (mb->buf, mb->size);
+ if (!p)
+ {
+ mb->out_of_core = errno ? errno : ENOMEM;
+ /* Wipe out what we already accumulated. This is required
+ in case we are storing sensitive data here. The membuf
+ API does not provide another way to cleanup after an
+ error. */
+ wipememory (mb->buf, mb->len);
+ return;
+ }
+ mb->buf = p;
+ }
+ memcpy (mb->buf + mb->len, buf, len);
+ mb->len += len;
+}
+
+
+void
+put_membuf_str (membuf_t *mb, const char *string)
+{
+ put_membuf (mb, string, strlen (string));
+}
+
+
+void *
+get_membuf (membuf_t *mb, size_t *len)
+{
+ char *p;
+
+ if (mb->out_of_core)
+ {
+ if (mb->buf)
+ {
+ wipememory (mb->buf, mb->len);
+ xfree (mb->buf);
+ mb->buf = NULL;
+ }
+ errno = mb->out_of_core;
+ return NULL;
+ }
+
+ p = mb->buf;
+ if (len)
+ *len = mb->len;
+ mb->buf = NULL;
+ mb->out_of_core = ENOMEM; /* hack to make sure it won't get reused. */
+ return p;
+}
diff --git a/common/membuf.h b/common/membuf.h
new file mode 100644
index 0000000..75b506d
--- /dev/null
+++ b/common/membuf.h
@@ -0,0 +1,47 @@
+/* membuf.h - A simple implementation of a dynamic buffer
+ * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_MEMBUF_H
+#define GNUPG_COMMON_MEMBUF_H
+
+/* The definition of the structure is private, we only need it here,
+ so it can be allocated on the stack. */
+struct private_membuf_s
+{
+ size_t len;
+ size_t size;
+ char *buf;
+ int out_of_core;
+};
+
+typedef struct private_membuf_s membuf_t;
+
+/* Return the current length of the membuf. */
+#define get_membuf_len(a) ((a)->len)
+#define is_membuf_ready(a) ((a)->buf || (a)->out_of_core)
+#define MEMBUF_ZERO { 0, 0, NULL, 0}
+
+void init_membuf (membuf_t *mb, int initiallen);
+void init_membuf_secure (membuf_t *mb, int initiallen);
+void put_membuf (membuf_t *mb, const void *buf, size_t len);
+void put_membuf_str (membuf_t *mb, const char *string);
+void *get_membuf (membuf_t *mb, size_t *len);
+
+
+#endif /*GNUPG_COMMON_MEMBUF_H*/
diff --git a/common/miscellaneous.c b/common/miscellaneous.c
new file mode 100644
index 0000000..1c88068
--- /dev/null
+++ b/common/miscellaneous.c
@@ -0,0 +1,241 @@
+/* miscellaneous.c - Stuff not fitting elsewhere
+ * Copyright (C) 2003, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#define JNLIB_NEED_LOG_LOGV
+#include "util.h"
+#include "iobuf.h"
+#include "i18n.h"
+
+
+/* Used by libgcrypt for logging. */
+static void
+my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr)
+{
+ (void)dummy;
+
+ /* Map the log levels. */
+ switch (level)
+ {
+ case GCRY_LOG_CONT: level = JNLIB_LOG_CONT; break;
+ case GCRY_LOG_INFO: level = JNLIB_LOG_INFO; break;
+ case GCRY_LOG_WARN: level = JNLIB_LOG_WARN; break;
+ case GCRY_LOG_ERROR:level = JNLIB_LOG_ERROR; break;
+ case GCRY_LOG_FATAL:level = JNLIB_LOG_FATAL; break;
+ case GCRY_LOG_BUG: level = JNLIB_LOG_BUG; break;
+ case GCRY_LOG_DEBUG:level = JNLIB_LOG_DEBUG; break;
+ default: level = JNLIB_LOG_ERROR; break;
+ }
+ log_logv (level, fmt, arg_ptr);
+}
+
+
+/* This function is called by libgcrypt on a fatal error. */
+static void
+my_gcry_fatalerror_handler (void *opaque, int rc, const char *text)
+{
+ (void)opaque;
+
+ log_fatal ("libgcrypt problem: %s\n", text ? text : gpg_strerror (rc));
+ abort ();
+}
+
+
+/* This function is called by libgcrypt if it ran out of core and
+ there is no way to return that error to the caller. We do our own
+ function here to make use of our logging functions. */
+static int
+my_gcry_outofcore_handler (void *opaque, size_t req_n, unsigned int flags)
+{
+ static int been_here; /* Used to protect against recursive calls. */
+
+ (void)opaque;
+
+ if (!been_here)
+ {
+ been_here = 1;
+ if ( (flags & 1) )
+ log_fatal (_("out of core in secure memory "
+ "while allocating %lu bytes"), (unsigned long)req_n);
+ else
+ log_fatal (_("out of core while allocating %lu bytes"),
+ (unsigned long)req_n);
+ }
+ return 0; /* Let libgcrypt call its own fatal error handler.
+ Actually this will turn out to be
+ my_gcry_fatalerror_handler. */
+}
+
+
+/* Setup libgcrypt to use our own logging functions. Should be used
+ early at startup. */
+void
+setup_libgcrypt_logging (void)
+{
+ gcry_set_log_handler (my_gcry_logger, NULL);
+ gcry_set_fatalerror_handler (my_gcry_fatalerror_handler, NULL);
+ gcry_set_outofcore_handler (my_gcry_outofcore_handler, NULL);
+}
+
+
+
+/* Decide whether the filename is stdout or a real filename and return
+ * an appropriate string. */
+const char *
+print_fname_stdout (const char *s)
+{
+ if( !s || (*s == '-' && !s[1]) )
+ return "[stdout]";
+ return s;
+}
+
+
+/* Decide whether the filename is stdin or a real filename and return
+ * an appropriate string. */
+const char *
+print_fname_stdin (const char *s)
+{
+ if( !s || (*s == '-' && !s[1]) )
+ return "[stdin]";
+ return s;
+}
+
+/* fixme: Globally replace it by print_sanitized_buffer. */
+void
+print_string( FILE *fp, const byte *p, size_t n, int delim )
+{
+ print_sanitized_buffer (fp, p, n, delim);
+}
+
+void
+print_utf8_string2 ( FILE *fp, const byte *p, size_t n, int delim )
+{
+ print_sanitized_utf8_buffer (fp, p, n, delim);
+}
+
+void
+print_utf8_string( FILE *fp, const byte *p, size_t n )
+{
+ print_utf8_string2 (fp, p, n, 0);
+}
+
+/* Write LENGTH bytes of BUFFER to FP as a hex encoded string.
+ RESERVED must be 0. */
+void
+print_hexstring (FILE *fp, const void *buffer, size_t length, int reserved)
+{
+#define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A'))
+ const unsigned char *s;
+
+ (void)reserved;
+
+ for (s = buffer; length; s++, length--)
+ {
+ putc ( tohex ((*s>>4)&15), fp);
+ putc ( tohex (*s&15), fp);
+ }
+#undef tohex
+}
+
+char *
+make_printable_string (const void *p, size_t n, int delim )
+{
+ return sanitize_buffer (p, n, delim);
+}
+
+
+
+/*
+ * Check if the file is compressed.
+ */
+int
+is_file_compressed (const char *s, int *ret_rc)
+{
+ iobuf_t a;
+ byte buf[4];
+ int i, rc = 0;
+ int overflow;
+
+ struct magic_compress_s {
+ size_t len;
+ byte magic[4];
+ } magic[] = {
+ { 3, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */
+ { 3, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */
+ { 4, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */
+ };
+
+ if ( iobuf_is_pipe_filename (s) || !ret_rc )
+ return 0; /* We can't check stdin or no file was given */
+
+ a = iobuf_open( s );
+ if ( a == NULL ) {
+ *ret_rc = gpg_error_from_syserror ();
+ return 0;
+ }
+
+ if ( iobuf_get_filelength( a, &overflow ) < 4 && !overflow) {
+ *ret_rc = 0;
+ goto leave;
+ }
+
+ if ( iobuf_read( a, buf, 4 ) == -1 ) {
+ *ret_rc = a->error;
+ goto leave;
+ }
+
+ for ( i = 0; i < DIM( magic ); i++ ) {
+ if ( !memcmp( buf, magic[i].magic, magic[i].len ) ) {
+ *ret_rc = 0;
+ rc = 1;
+ break;
+ }
+ }
+
+leave:
+ iobuf_close( a );
+ return rc;
+}
+
+
+/* Try match against each substring of multistr, delimited by | */
+int
+match_multistr (const char *multistr,const char *match)
+{
+ do
+ {
+ size_t seglen = strcspn (multistr,"|");
+ if (!seglen)
+ break;
+ /* Using the localized strncasecmp! */
+ if (strncasecmp(multistr,match,seglen)==0)
+ return 1;
+ multistr += seglen;
+ if (*multistr == '|')
+ multistr++;
+ }
+ while (*multistr);
+
+ return 0;
+}
+
+
diff --git a/common/mkstrtable.awk b/common/mkstrtable.awk
new file mode 100644
index 0000000..56e9bb8
--- /dev/null
+++ b/common/mkstrtable.awk
@@ -0,0 +1,185 @@
+# mkstrtable.awk
+# Copyright (C) 2003, 2004 g10 Code GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception, g10 Code GmbH gives unlimited permission to
+# copy, distribute and modify the C source files that are the output
+# of mkstrtable.awk. You need not follow the terms of the GNU General
+# Public License when using or distributing such scripts, even though
+# portions of the text of mkstrtable.awk appear in them. The GNU
+# General Public License (GPL) does govern all other use of the material
+# that constitutes the mkstrtable.awk program.
+#
+# Certain portions of the mkstrtable.awk source text are designed to be
+# copied (in certain cases, depending on the input) into the output of
+# mkstrtable.awk. We call these the "data" portions. The rest of the
+# mkstrtable.awk source text consists of comments plus executable code
+# that decides which of the data portions to output in any given case.
+# We call these comments and executable code the "non-data" portions.
+# mkstrtable.h never copies any of the non-data portions into its output.
+#
+# This special exception to the GPL applies to versions of mkstrtable.awk
+# released by g10 Code GmbH. When you make and distribute a modified version
+# of mkstrtable.awk, you may extend this special exception to the GPL to
+# apply to your modified version as well, *unless* your modified version
+# has the potential to copy into its output some of the text that was the
+# non-data portion of the version that you started with. (In other words,
+# unless your change moves or copies text from the non-data portions to the
+# data portions.) If your modification has such potential, you must delete
+# any notice of this special exception to the GPL from your modified version.
+
+# This script outputs a source file that does define the following
+# symbols:
+#
+# static const char msgstr[];
+# A string containing all messages in the list.
+#
+# static const int msgidx[];
+# A list of index numbers, one for each message, that points to the
+# beginning of the string in msgstr.
+#
+# msgidxof (code);
+# A macro that maps code numbers to idx numbers. If a DEFAULT MESSAGE
+# is provided (see below), its index will be returned for unknown codes.
+# Otherwise -1 is returned for codes that do not appear in the list.
+# You can lookup the message with code CODE with:
+# msgstr + msgidx[msgidxof (code)].
+#
+# The input file has the following format:
+# CODE1 ... MESSAGE1 (code nr, <tab>, something, <tab>, msg)
+# CODE2 ... MESSAGE2 (code nr, <tab>, something, <tab>, msg)
+# ...
+# CODEn ... MESSAGEn (code nr, <tab>, something, <tab>, msg)
+# ... DEFAULT-MESSAGE (<tab>, something, <tab>, fall-back msg)
+#
+# Comments (starting with # and ending at the end of the line) are removed,
+# as is trailing whitespace. The last line is optional; if no DEFAULT
+# MESSAGE is given, msgidxof will return the number -1 for unknown
+# index numbers.
+#
+# The field to be used is specified with the variable "textidx" on
+# the command line. It defaults to 2.
+#
+# The variable nogettext can be set to 1 to suppress gettext markers.
+#
+# The variable prefix can be used to prepend a string to each message.
+#
+# The variable namespace can be used to prepend a string to each
+# variable and macro name.
+
+BEGIN {
+ FS = "[\t]+";
+# cpos holds the current position in the message string.
+ cpos = 0;
+# msg holds the number of messages.
+ msg = 0;
+ print "/* Output of mkstrtable.awk. DO NOT EDIT. */";
+ print "";
+ header = 1;
+ if (textidx == 0)
+ textidx = 2;
+# nogettext can be set to 1 to suppress gettext noop markers.
+}
+
+/^#/ { next; }
+
+header {
+ if ($1 ~ /^[0123456789]+$/)
+ {
+ print "/* The purpose of this complex string table is to produce";
+ print " optimal code with a minimum of relocations. */";
+ print "";
+ print "static const char " namespace "msgstr[] = ";
+ header = 0;
+ }
+ else
+ print;
+}
+
+!header {
+ sub (/\#.+/, "");
+ sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
+
+ if (/^$/)
+ next;
+
+# Print the string msgstr line by line. We delay output by one line to be able
+# to treat the last line differently (see END).
+ if (last_msgstr)
+ {
+ if (nogettext)
+ print " \"" last_msgstr "\" \"\\0\"";
+ else
+ print " gettext_noop (\"" last_msgstr "\") \"\\0\"";
+ }
+ last_msgstr = prefix $textidx;
+
+# Remember the error code and msgidx of each error message.
+ code[msg] = $1;
+ pos[msg] = cpos;
+ cpos += length (last_msgstr) + 1;
+ msg++;
+
+ if ($1 == "")
+ {
+ has_default = 1;
+ exit;
+ }
+}
+END {
+ if (has_default)
+ coded_msgs = msg - 1;
+ else
+ coded_msgs = msg;
+
+ if (nogettext)
+ print " \"" prefix last_msgstr "\";";
+ else
+ print " gettext_noop (\"" prefix last_msgstr "\");";
+ print "";
+ print "static const int " namespace "msgidx[] =";
+ print " {";
+ for (i = 0; i < coded_msgs; i++)
+ print " " pos[i] ",";
+ print " " pos[coded_msgs];
+ print " };";
+ print "";
+ print "#define " namespace "msgidxof(code) (0 ? -1 \\";
+
+# Gather the ranges.
+ skip = code[0];
+ start = code[0];
+ stop = code[0];
+ for (i = 1; i < coded_msgs; i++)
+ {
+ if (code[i] == stop + 1)
+ stop++;
+ else
+ {
+ print " : ((code >= " start ") && (code <= " stop ")) ? (code - " \
+ skip ") \\";
+ skip += code[i] - stop - 1;
+ start = code[i];
+ stop = code[i];
+ }
+ }
+ print " : ((code >= " start ") && (code <= " stop ")) ? (code - " \
+ skip ") \\";
+ if (has_default)
+ print " : " stop + 1 " - " skip ")";
+ else
+ print " : -1)";
+
+ }
diff --git a/common/openpgpdefs.h b/common/openpgpdefs.h
new file mode 100644
index 0000000..e8121b1
--- /dev/null
+++ b/common/openpgpdefs.h
@@ -0,0 +1,87 @@
+/* openpgpdefs.h - Constants from the OpenPGP standard (rfc2440)
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+ * 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_OPENPGPDEFS_H
+#define GNUPG_COMMON_OPENPGPDEFS_H
+
+typedef enum
+ {
+ PKT_NONE = 0,
+ PKT_PUBKEY_ENC = 1, /* Public key encrypted packet. */
+ PKT_SIGNATURE = 2, /* Secret key encrypted packet. */
+ PKT_SYMKEY_ENC = 3, /* Session key packet. */
+ PKT_ONEPASS_SIG = 4, /* One pass sig packet. */
+ PKT_SECRET_KEY = 5, /* Secret key. */
+ PKT_PUBLIC_KEY = 6, /* Public key. */
+ PKT_SECRET_SUBKEY = 7, /* Secret subkey. */
+ PKT_COMPRESSED = 8, /* Compressed data packet. */
+ PKT_ENCRYPTED = 9, /* Conventional encrypted data. */
+ PKT_MARKER = 10, /* Marker packet. */
+ PKT_PLAINTEXT = 11, /* Literal data packet. */
+ PKT_RING_TRUST = 12, /* Keyring trust packet. */
+ PKT_USER_ID = 13, /* User id packet. */
+ PKT_PUBLIC_SUBKEY = 14, /* Public subkey. */
+ PKT_OLD_COMMENT = 16, /* Comment packet from an OpenPGP draft. */
+ PKT_ATTRIBUTE = 17, /* PGP's attribute packet. */
+ PKT_ENCRYPTED_MDC = 18, /* Integrity protected encrypted data. */
+ PKT_MDC = 19, /* Manipulation detection code packet. */
+ PKT_COMMENT = 61, /* new comment packet (GnuPG specific). */
+ PKT_GPG_CONTROL = 63 /* internal control packet (GnuPG specific). */
+ }
+pkttype_t;
+
+
+typedef enum
+ {
+ SIGSUBPKT_TEST_CRITICAL = -3,
+ SIGSUBPKT_LIST_UNHASHED = -2,
+ SIGSUBPKT_LIST_HASHED = -1,
+ SIGSUBPKT_NONE = 0,
+ SIGSUBPKT_SIG_CREATED = 2, /* Signature creation time. */
+ SIGSUBPKT_SIG_EXPIRE = 3, /* Signature expiration time. */
+ SIGSUBPKT_EXPORTABLE = 4, /* Exportable. */
+ SIGSUBPKT_TRUST = 5, /* Trust signature. */
+ SIGSUBPKT_REGEXP = 6, /* Regular expression. */
+ SIGSUBPKT_REVOCABLE = 7, /* Revocable. */
+ SIGSUBPKT_KEY_EXPIRE = 9, /* Key expiration time. */
+ SIGSUBPKT_ARR = 10, /* Additional recipient request. */
+ SIGSUBPKT_PREF_SYM = 11, /* Preferred symmetric algorithms. */
+ SIGSUBPKT_REV_KEY = 12, /* Revocation key. */
+ SIGSUBPKT_ISSUER = 16, /* Issuer key ID. */
+ SIGSUBPKT_NOTATION = 20, /* Notation data. */
+ SIGSUBPKT_PREF_HASH = 21, /* Preferred hash algorithms. */
+ SIGSUBPKT_PREF_COMPR = 22, /* Preferred compression algorithms. */
+ SIGSUBPKT_KS_FLAGS = 23, /* Key server preferences. */
+ SIGSUBPKT_PREF_KS = 24, /* Preferred key server. */
+ SIGSUBPKT_PRIMARY_UID = 25, /* Primary user id. */
+ SIGSUBPKT_POLICY = 26, /* Policy URL. */
+ SIGSUBPKT_KEY_FLAGS = 27, /* Key flags. */
+ SIGSUBPKT_SIGNERS_UID = 28, /* Signer's user id. */
+ SIGSUBPKT_REVOC_REASON = 29, /* Reason for revocation. */
+ SIGSUBPKT_FEATURES = 30, /* Feature flags. */
+
+ SIGSUBPKT_SIGNATURE = 32, /* Embedded signature. */
+
+ SIGSUBPKT_FLAG_CRITICAL = 128
+ }
+sigsubpkttype_t;
+
+
+#endif /*GNUPG_COMMON_OPENPGPDEFS_H*/
diff --git a/common/percent.c b/common/percent.c
new file mode 100644
index 0000000..e0c3592
--- /dev/null
+++ b/common/percent.c
@@ -0,0 +1,229 @@
+/* percent.c - Percent escaping
+ * Copyright (C) 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <ctype.h>
+#include <assert.h>
+
+#include "util.h"
+
+
+/* Create a newly alloced string from STRING with all spaces and
+ control characters converted to plus signs or %xx sequences. The
+ function returns the new string or NULL in case of a malloc
+ failure.
+
+ Note that we also escape the quote character to work around a bug
+ in the mingw32 runtime which does not correcty handle command line
+ quoting. We correctly double the quote mark when calling a program
+ (i.e. gpg-protect-tool), but the pre-main code does not notice the
+ double quote as an escaped quote. We do this also on POSIX systems
+ for consistency. */
+char *
+percent_plus_escape (const char *string)
+{
+ char *buffer, *p;
+ const char *s;
+ size_t length;
+
+ for (length=1, s=string; *s; s++)
+ {
+ if (*s == '+' || *s == '\"' || *s == '%'
+ || *(const unsigned char *)s < 0x20)
+ length += 3;
+ else
+ length++;
+ }
+
+ buffer = p = xtrymalloc (length);
+ if (!buffer)
+ return NULL;
+
+ for (s=string; *s; s++)
+ {
+ if (*s == '+' || *s == '\"' || *s == '%'
+ || *(const unsigned char *)s < 0x20)
+ {
+ snprintf (p, 4, "%%%02X", *(unsigned char *)s);
+ p += 3;
+ }
+ else if (*s == ' ')
+ *p++ = '+';
+ else
+ *p++ = *s;
+ }
+ *p = 0;
+
+ return buffer;
+
+}
+
+
+/* Do the percent and plus/space unescaping from STRING to BUFFER and
+ return the length of the valid buffer. Plus unescaping is only
+ done if WITHPLUS is true. An escaped Nul character will be
+ replaced by NULREPL. */
+static size_t
+do_unescape (unsigned char *buffer, const unsigned char *string,
+ int withplus, int nulrepl)
+{
+ unsigned char *p = buffer;
+
+ while (*string)
+ {
+ if (*string == '%' && string[1] && string[2])
+ {
+ string++;
+ *p = xtoi_2 (string);
+ if (!*p)
+ *p = nulrepl;
+ string++;
+ }
+ else if (*string == '+' && withplus)
+ *p = ' ';
+ else
+ *p = *string;
+ p++;
+ string++;
+ }
+
+ return (p - buffer);
+}
+
+
+/* Count space required after unescaping STRING. Note that this will
+ never be larger than strlen (STRING). */
+static size_t
+count_unescape (const unsigned char *string)
+{
+ size_t n = 0;
+
+ while (*string)
+ {
+ if (*string == '%' && string[1] && string[2])
+ {
+ string++;
+ string++;
+ }
+ string++;
+ n++;
+ }
+
+ return n;
+}
+
+
+/* Helper. */
+static char *
+do_plus_or_plain_unescape (const char *string, int withplus, int nulrepl)
+{
+ size_t nbytes, n;
+ char *newstring;
+
+ nbytes = count_unescape (string);
+ newstring = xtrymalloc (nbytes+1);
+ if (newstring)
+ {
+ n = do_unescape (newstring, string, withplus, nulrepl);
+ assert (n == nbytes);
+ newstring[n] = 0;
+ }
+ return newstring;
+}
+
+
+/* Create a new allocated string from STRING with all "%xx" sequences
+ decoded and all plus signs replaced by a space. Embedded Nul
+ characters are replaced by the value of NULREPL. The function
+ returns the new string or NULL in case of a malloc failure. */
+char *
+percent_plus_unescape (const char *string, int nulrepl)
+{
+ return do_plus_or_plain_unescape (string, 1, nulrepl);
+}
+
+
+/* Create a new allocated string from STRING with all "%xx" sequences
+ decoded. Embedded Nul characters are replaced by the value of
+ NULREPL. The function returns the new string or NULL in case of a
+ malloc failure. */
+char *
+percent_unescape (const char *string, int nulrepl)
+{
+ return do_plus_or_plain_unescape (string, 0, nulrepl);
+}
+
+
+static size_t
+do_unescape_inplace (char *string, int withplus, int nulrepl)
+{
+ unsigned char *p, *p0;
+
+ p = p0 = string;
+ while (*string)
+ {
+ if (*string == '%' && string[1] && string[2])
+ {
+ string++;
+ *p = xtoi_2 (string);
+ if (!*p)
+ *p = nulrepl;
+ string++;
+ }
+ else if (*string == '+' && withplus)
+ *p = ' ';
+ else
+ *p = *string;
+ p++;
+ string++;
+ }
+
+ return (p - p0);
+}
+
+
+/* Perform percent and plus unescaping in STRING and return the new
+ valid length of the string. Embedded Nul characters are replaced
+ by the value of NULREPL. A terminating Nul character is not
+ inserted; the caller might want to call this function this way:
+
+ foo[percent_plus_unescape_inplace (foo, 0)] = 0;
+ */
+size_t
+percent_plus_unescape_inplace (char *string, int nulrepl)
+{
+ return do_unescape_inplace (string, 1, nulrepl);
+}
+
+
+/* Perform percent unescaping in STRING and return the new valid
+ length of the string. Embedded Nul characters are replaced by the
+ value of NULREPL. A terminating Nul character is not inserted; the
+ caller might want to call this function this way:
+
+ foo[percent_unescape_inplace (foo, 0)] = 0;
+ */
+size_t
+percent_unescape_inplace (char *string, int nulrepl)
+{
+ return do_unescape_inplace (string, 0, nulrepl);
+}
+
diff --git a/common/pka.c b/common/pka.c
new file mode 100644
index 0000000..918f19e
--- /dev/null
+++ b/common/pka.c
@@ -0,0 +1,323 @@
+/* pka.c - DNS Public Key Association RR access
+ * Copyright (C) 2005, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef USE_DNS_PKA
+#include <sys/types.h>
+#ifdef _WIN32
+#include <windows.h>
+#else
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+#endif
+#endif /* USE_DNS_PKA */
+#ifdef USE_ADNS
+# include <adns.h>
+# ifndef HAVE_ADNS_FREE
+# define adns_free free
+# endif
+#endif
+
+#include "util.h"
+#include "pka.h"
+
+#ifdef USE_DNS_PKA
+/* Parse the TXT resource record. Format is:
+
+ v=pka1;fpr=a4d94e92b0986ab5ee9dcd755de249965b0358a2;uri=string
+
+ For simplicity white spaces are not allowed. Because we expect to
+ use a new RRTYPE for this in the future we define the TXT really
+ strict for simplicity: No white spaces, case sensitivity of the
+ names, order must be as given above. Only URI is optional.
+
+ This function modifies BUFFER. On success 0 is returned, the 20
+ byte fingerprint stored at FPR and BUFFER contains the URI or an
+ empty string.
+*/
+static int
+parse_txt_record (char *buffer, unsigned char *fpr)
+{
+ char *p, *pend;
+ int i;
+
+ p = buffer;
+ pend = strchr (p, ';');
+ if (!pend)
+ return -1;
+ *pend++ = 0;
+ if (strcmp (p, "v=pka1"))
+ return -1; /* Wrong or missing version. */
+
+ p = pend;
+ pend = strchr (p, ';');
+ if (pend)
+ *pend++ = 0;
+ if (strncmp (p, "fpr=", 4))
+ return -1; /* Missing fingerprint part. */
+ p += 4;
+ for (i=0; i < 20 && hexdigitp (p) && hexdigitp (p+1); i++, p += 2)
+ fpr[i] = xtoi_2 (p);
+ if (i != 20)
+ return -1; /* Fingerprint consists not of exactly 40 hexbytes. */
+
+ p = pend;
+ if (!p || !*p)
+ {
+ *buffer = 0;
+ return 0; /* Success (no URI given). */
+ }
+ if (strncmp (p, "uri=", 4))
+ return -1; /* Unknown part. */
+ p += 4;
+ /* There is an URI, copy it to the start of the buffer. */
+ while (*p)
+ *buffer++ = *p++;
+ *buffer = 0;
+ return 0;
+}
+
+
+/* For the given email ADDRESS lookup the PKA information in the DNS.
+
+ On success the 20 byte SHA-1 fingerprint is stored at FPR and the
+ URI will be returned in an allocated buffer. Note that the URI
+ might be an zero length string as this information is optional.
+ Caller must xfree the returned string.
+
+ On error NULL is returned and the 20 bytes at FPR are not
+ defined. */
+char *
+get_pka_info (const char *address, unsigned char *fpr)
+{
+#ifdef USE_ADNS
+ int rc;
+ adns_state state;
+ const char *domain;
+ char *name;
+ adns_answer *answer = NULL;
+ char *buffer = NULL;
+
+ domain = strrchr (address, '@');
+ if (!domain || domain == address || !domain[1])
+ return NULL; /* Invalid mail address given. */
+ name = xtrymalloc (strlen (address) + 5 + 1);
+ if (!name)
+ return NULL;
+ memcpy (name, address, domain - address);
+ strcpy (stpcpy (name + (domain-address), "._pka."), domain+1);
+
+ rc = adns_init (&state, adns_if_noerrprint, NULL);
+ if (rc)
+ {
+ log_error ("error initializing adns: %s\n", strerror (errno));
+ xfree (name);
+ return NULL;
+ }
+
+ rc = adns_synchronous (state, name, adns_r_txt, adns_qf_quoteok_query,
+ &answer);
+ xfree (name);
+ if (rc)
+ {
+ log_error ("DNS query failed: %s\n", strerror (errno));
+ adns_finish (state);
+ return NULL;
+ }
+ if (answer->status != adns_s_ok
+ || answer->type != adns_r_txt || !answer->nrrs)
+ {
+ /* log_error ("DNS query returned an error: %s (%s)\n", */
+ /* adns_strerror (answer->status), */
+ /* adns_errabbrev (answer->status)); */
+ adns_free (answer);
+ adns_finish (state);
+ return NULL;
+ }
+
+ /* We use a PKA records iff there is exactly one record. */
+ if (answer->nrrs == 1 && answer->rrs.manyistr[0]->i != -1)
+ {
+ buffer = xtrystrdup (answer->rrs.manyistr[0]->str);
+ if (parse_txt_record (buffer, fpr))
+ {
+ xfree (buffer);
+ buffer = NULL; /* Not a valid gpg trustdns RR. */
+ }
+ }
+
+ adns_free (answer);
+ adns_finish (state);
+ return buffer;
+
+#else /*!USE_ADNS*/
+ union
+ {
+ signed char p[PACKETSZ];
+ HEADER h;
+ } answer;
+ int anslen;
+ int qdcount, ancount;
+ int rc;
+ unsigned char *p, *pend;
+ const char *domain;
+ char *name;
+
+
+ domain = strrchr (address, '@');
+ if (!domain || domain == address || !domain[1])
+ return NULL; /* invalid mail address given. */
+
+ name = xtrymalloc (strlen (address) + 5 + 1);
+ if (!name)
+ return NULL;
+ memcpy (name, address, domain - address);
+ strcpy (stpcpy (name + (domain-address), "._pka."), domain+1);
+
+ anslen = res_query (name, C_IN, T_TXT, answer.p, PACKETSZ);
+ xfree (name);
+ if (anslen < sizeof(HEADER))
+ return NULL; /* DNS resolver returned a too short answer. */
+ if ( (rc=answer.h.rcode) != NOERROR )
+ return NULL; /* DNS resolver returned an error. */
+
+ /* We assume that PACKETSZ is large enough and don't do dynmically
+ expansion of the buffer. */
+ if (anslen > PACKETSZ)
+ return NULL; /* DNS resolver returned a too long answer */
+
+ qdcount = ntohs (answer.h.qdcount);
+ ancount = ntohs (answer.h.ancount);
+
+ if (!ancount)
+ return NULL; /* Got no answer. */
+
+ p = answer.p + sizeof (HEADER);
+ pend = answer.p + anslen; /* Actually points directly behind the buffer. */
+
+ while (qdcount-- && p < pend)
+ {
+ rc = dn_skipname (p, pend);
+ if (rc == -1)
+ return NULL;
+ p += rc + QFIXEDSZ;
+ }
+
+ if (ancount > 1)
+ return NULL; /* more than one possible gpg trustdns record - none used. */
+
+ while (ancount-- && p <= pend)
+ {
+ unsigned int type, class, txtlen, n;
+ char *buffer, *bufp;
+
+ rc = dn_skipname (p, pend);
+ if (rc == -1)
+ return NULL;
+ p += rc;
+ if (p >= pend - 10)
+ return NULL; /* RR too short. */
+
+ type = *p++ << 8;
+ type |= *p++;
+ class = *p++ << 8;
+ class |= *p++;
+ p += 4;
+ txtlen = *p++ << 8;
+ txtlen |= *p++;
+ if (type != T_TXT || class != C_IN)
+ return NULL; /* Answer does not match the query. */
+
+ buffer = bufp = xmalloc (txtlen + 1);
+ while (txtlen && p < pend)
+ {
+ for (n = *p++, txtlen--; txtlen && n && p < pend; txtlen--, n--)
+ *bufp++ = *p++;
+ }
+ *bufp = 0;
+ if (parse_txt_record (buffer, fpr))
+ {
+ xfree (buffer);
+ return NULL; /* Not a valid gpg trustdns RR. */
+ }
+ return buffer;
+ }
+
+ return NULL;
+#endif /*!USE_ADNS*/
+}
+
+#else /* !USE_DNS_PKA */
+
+/* Dummy version of the function if we can't use the resolver
+ functions. */
+char *
+get_pka_info (const char *address, unsigned char *fpr)
+{
+ return NULL;
+}
+#endif /* !USE_DNS_PKA */
+
+
+#ifdef TEST
+int
+main(int argc,char *argv[])
+{
+ unsigned char fpr[20];
+ char *uri;
+ int i;
+
+ if (argc < 2)
+ {
+ fprintf (stderr, "usage: pka mail-addresses\n");
+ return 1;
+ }
+ argc--;
+ argv++;
+
+ for (; argc; argc--, argv++)
+ {
+ uri = get_pka_info ( *argv, fpr );
+ printf ("%s", *argv);
+ if (uri)
+ {
+ putchar (' ');
+ for (i=0; i < 20; i++)
+ printf ("%02X", fpr[i]);
+ if (*uri)
+ printf (" %s", uri);
+ xfree (uri);
+ }
+ putchar ('\n');
+ }
+ return 0;
+}
+#endif /* TEST */
+
+/*
+Local Variables:
+compile-command: "cc -DUSE_DNS_PKA -DTEST -I.. -I../include -Wall -g -o pka pka.c -lresolv ../tools/no-libgcrypt.o ../jnlib/libjnlib.a"
+End:
+*/
diff --git a/common/pka.h b/common/pka.h
new file mode 100644
index 0000000..98c29ec
--- /dev/null
+++ b/common/pka.h
@@ -0,0 +1,25 @@
+/* pka.h - DNS Public Key Association RR access definitions
+ * Copyright (C) 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef GNUPG_COMMON_PKA_H
+#define GNUPG_COMMON_PKA_H
+
+char *get_pka_info (const char *address, unsigned char *fpr);
+
+
+#endif /*GNUPG_COMMON_PKA_H*/
diff --git a/common/session-env.c b/common/session-env.c
new file mode 100644
index 0000000..10f5dfe
--- /dev/null
+++ b/common/session-env.c
@@ -0,0 +1,385 @@
+/* se4ssiobn-env.c - session environment helper functions.
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <ctype.h>
+#include <assert.h>
+#include <unistd.h>
+
+#include "util.h"
+#include "session-env.h"
+
+
+struct variable_s
+{
+ char *value; /* Pointer into NAME to the Nul terminated value. */
+ int is_default; /* The value is a default one. */
+ char name[1]; /* Nul terminated Name and space for the value. */
+};
+
+
+
+/* The session environment object. */
+struct session_environment_s
+{
+ size_t arraysize; /* Allocated size or ARRAY. */
+ size_t arrayused; /* Used size of ARRAY. */
+ struct variable_s **array; /* Array of variables. NULL slots are unused. */
+};
+
+
+/* A list of environment vribales we pass from the acual user
+ (e.g. gpgme) down to the pinentry. We do not handle the locale
+ settings because they do not only depend on envvars. */
+static struct
+{
+ const char *name;
+ const char *assname; /* Name used by Assuan or NULL. */
+} stdenvnames[] = {
+ { "GPG_TTY", "ttyname" }, /* GnuPG specific envvar. */
+ { "TERM", "ttytype" }, /* Used to set ttytype. */
+ { "DISPLAY", "display" }, /* The X-Display. */
+ { "XAUTHORITY","xauthority"}, /* Xlib Authentication. */
+ { "XMODIFIERS" }, /* Used by Xlib to select X input
+ modules (eg "@im=SCIM"). */
+ { "GTK_IM_MODULE" }, /* Used by gtk to select gtk input
+ modules (eg "scim-bridge"). */
+ { "QT_IM_MODULE" }, /* Used by Qt to select qt input
+ modules (eg "xim"). */
+ { "PINENTRY_USER_DATA", "pinentry-user-data"}
+ /* Used for communication with
+ non-standard Pinentries. */
+};
+
+
+/* Track last allocated arraysize of all objects ever created. If
+ nothing has ever been allocated we use INITIAL_ARRAYSIZE and we
+ will never use more than MAXDEFAULT_ARRAYSIZE for initial
+ allocation. Note that this is not reentrant if used with a
+ preemptive thread model. */
+static size_t lastallocatedarraysize;
+#define INITIAL_ARRAYSIZE 8 /* Let's use the number of stdenvnames. */
+#define CHUNK_ARRAYSIZE 10
+#define MAXDEFAULT_ARRAYSIZE (INITIAL_ARRAYSIZE + CHUNK_ARRAYSIZE * 5)
+
+
+/* Return the names of standard environment variables one after the
+ other. The caller needs to set the value at the address of
+ ITERATOR initally to 0 and then call this function until it returns
+ NULL. */
+const char *
+session_env_list_stdenvnames (int *iterator, const char **r_assname)
+{
+ int idx = *iterator;
+
+ if (idx < 0 || idx >= DIM (stdenvnames))
+ return NULL;
+ *iterator = idx + 1;
+ if (r_assname)
+ *r_assname = stdenvnames[idx].assname;
+ return stdenvnames[idx].name;
+}
+
+
+/* Create a new session environment object. Return NULL and sets
+ ERRNO on failure. */
+session_env_t
+session_env_new (void)
+{
+ session_env_t se;
+
+ se = xtrycalloc (1, sizeof *se);
+ if (se)
+ {
+ se->arraysize = (lastallocatedarraysize?
+ lastallocatedarraysize : INITIAL_ARRAYSIZE);
+ se->array = xtrycalloc (se->arraysize, sizeof *se->array);
+ if (!se->array)
+ {
+ xfree (se);
+ se = NULL;
+ }
+ }
+
+ return se;
+}
+
+
+/* Release a session environment object. */
+void
+session_env_release (session_env_t se)
+{
+ int idx;
+
+ if (!se)
+ return;
+
+ if (se->arraysize > INITIAL_ARRAYSIZE
+ && se->arraysize <= MAXDEFAULT_ARRAYSIZE
+ && se->arraysize > lastallocatedarraysize)
+ lastallocatedarraysize = se->arraysize;
+
+ for (idx=0; idx < se->arrayused; idx++)
+ if (se->array[idx])
+ xfree (se->array[idx]);
+ xfree (se->array);
+ xfree (se);
+}
+
+
+static gpg_error_t
+delete_var (session_env_t se, const char *name)
+{
+ int idx;
+
+ for (idx=0; idx < se->arrayused; idx++)
+ if (se->array[idx] && !strcmp (se->array[idx]->name, name))
+ {
+ xfree (se->array[idx]);
+ se->array[idx] = NULL;
+ }
+ return 0;
+}
+
+
+static gpg_error_t
+update_var (session_env_t se, const char *string, size_t namelen,
+ const char *explicit_value, int set_default)
+{
+ int idx;
+ int freeidx = -1;
+ const char *value;
+ size_t valuelen;
+ struct variable_s *var;
+
+ if (explicit_value)
+ value = explicit_value;
+ else
+ value = string + namelen + 1;
+ valuelen = strlen (value);
+
+ for (idx=0; idx < se->arrayused; idx++)
+ {
+ if (!se->array[idx])
+ freeidx = idx;
+ else if (!strncmp (se->array[idx]->name, string, namelen)
+ && strlen (se->array[idx]->name) == namelen)
+ {
+ if (strlen (se->array[idx]->value) == valuelen)
+ {
+ /* The new value has the same length. We can update it
+ in-place. */
+ memcpy (se->array[idx]->value, value, valuelen);
+ se->array[idx]->is_default = !!set_default;
+ return 0;
+ }
+ /* Prepare for update. */
+ freeidx = idx;
+ }
+ }
+
+ if (freeidx == -1)
+ {
+ if (se->arrayused == se->arraysize)
+ {
+ /* Reallocate the array. */
+ size_t newsize;
+ struct variable_s **newarray;
+
+ newsize = se->arraysize + CHUNK_ARRAYSIZE;
+ newarray = xtrycalloc (newsize, sizeof *newarray);
+ if (!newarray)
+ return gpg_error_from_syserror ();
+ for (idx=0; idx < se->arrayused; idx++)
+ newarray[idx] = se->array[idx];
+ se->arraysize = newsize;
+ xfree (se->array);
+ se->array = newarray;
+ }
+ freeidx = se->arrayused++;
+ }
+
+ /* Allocate new memory and return an error if that didn't worked.
+ Allocating it first allows us to keep the old value; it doesn't
+ matter that arrayused has already been incremented in case of a
+ new entry - it will then pint to a NULL slot. */
+ var = xtrymalloc (sizeof *var + namelen + 1 + valuelen);
+ if (!var)
+ return gpg_error_from_syserror ();
+ var->is_default = !!set_default;
+ memcpy (var->name, string, namelen);
+ var->name[namelen] = '\0';
+ var->value = var->name + namelen + 1;
+ strcpy (var->value, value);
+
+ xfree (se->array[freeidx]);
+ se->array[freeidx] = var;
+ return 0;
+}
+
+
+/* Set or update an environment variable of the session environment.
+ String is similar to the putval(3) function but it is reentrant and
+ takes a copy. In particular it exhibits this behaviour:
+
+ <NAME> Delete envvar NAME
+ <KEY>= Set envvar NAME to the empty string
+ <KEY>=<VALUE> Set envvar NAME to VALUE
+
+ On success 0 is returned; on error an gpg-error code. */
+gpg_error_t
+session_env_putenv (session_env_t se, const char *string)
+{
+ const char *s;
+
+ if (!string || !*string)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ s = strchr (string, '=');
+ if (s == string)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!s)
+ return delete_var (se, string);
+ else
+ return update_var (se, string, s - string, NULL, 0);
+}
+
+
+/* Same as session_env_putenv but with name and value given as distict
+ values. */
+gpg_error_t
+session_env_setenv (session_env_t se, const char *name, const char *value)
+{
+ if (!name || !*name)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!value)
+ return delete_var (se, name);
+ else
+ return update_var (se, name, strlen (name), value, 0);
+}
+
+
+
+
+/* Return the value of the environment variable NAME from the SE
+ object. If the variable does not exist, NULL is returned. The
+ returned value is valid as long as SE is valid and as long it has
+ not been removed or updated by a call to session_env_putenv. The
+ caller MUST not change the returned value. */
+char *
+session_env_getenv (session_env_t se, const char *name)
+{
+ int idx;
+
+ if (!se || !name || !*name)
+ return NULL;
+
+ for (idx=0; idx < se->arrayused; idx++)
+ if (se->array[idx] && !strcmp (se->array[idx]->name, name))
+ return se->array[idx]->is_default? NULL : se->array[idx]->value;
+ return NULL;
+}
+
+
+/* Return the value of the environment variable NAME from the SE
+ object. The returned value is valid as long as SE is valid and as
+ long it has not been removed or updated by a call to
+ session_env_putenv. If the variable does not exist, the fucntion
+ tries to return the value trough a call to getenv; if that returns
+ a value, this value is recorded and and used. If no value could be
+ found, returns NULL. The caller must not change the returned
+ value. */
+char *
+session_env_getenv_or_default (session_env_t se, const char *name,
+ int *r_default)
+{
+ int idx;
+ char *defvalue;
+
+ if (r_default)
+ *r_default = 0;
+ if (!se || !name || !*name)
+ return NULL;
+
+ for (idx=0; idx < se->arrayused; idx++)
+ if (se->array[idx] && !strcmp (se->array[idx]->name, name))
+ {
+ if (r_default && se->array[idx]->is_default)
+ *r_default = 1;
+ return se->array[idx]->value;
+ }
+
+ /* Get the default value with and additional fallback for GPG_TTY. */
+ defvalue = getenv (name);
+ if ((!defvalue || !*defvalue) && !strcmp (name, "GPG_TTY") && ttyname (0))
+ defvalue = ttyname (0);
+ if (defvalue)
+ {
+ /* Record the default value for later use so that we are safe
+ from later modifications of the environment. We need to take
+ a copy to better cope with the rules of putenv(3). We ignore
+ the error of the update function because we can't return an
+ explicit error anyway and the following scan would then fail
+ anyway. */
+ update_var (se, name, strlen (name), defvalue, 1);
+
+ for (idx=0; idx < se->arrayused; idx++)
+ if (se->array[idx] && !strcmp (se->array[idx]->name, name))
+ {
+ if (r_default && se->array[idx]->is_default)
+ *r_default = 1;
+ return se->array[idx]->value;
+ }
+ }
+
+ return NULL;
+}
+
+
+/* List the entire environment stored in SE. The caller initially
+ needs to set the value of ITERATOR to 0 and then call this function
+ until it returns NULL. The value is retruned at R_VALUE. If
+ R_DEFAULT is not NULL, the default flag is stored on return. The
+ default flag indicates that the value has been taken from the
+ process' environment. The caller must not change the returned
+ name or value. */
+char *
+session_env_listenv (session_env_t se, int *iterator,
+ const char **r_value, int *r_default)
+{
+ int idx = *iterator;
+
+ if (!se || idx < 0)
+ return NULL;
+
+ for (; idx < se->arrayused; idx++)
+ if (se->array[idx])
+ {
+ *iterator = idx+1;
+ if (r_default)
+ *r_default = se->array[idx]->is_default;
+ if (r_value)
+ *r_value = se->array[idx]->value;
+ return se->array[idx]->name;
+ }
+ return NULL;
+}
+
+
diff --git a/common/session-env.h b/common/session-env.h
new file mode 100644
index 0000000..031fe1d
--- /dev/null
+++ b/common/session-env.h
@@ -0,0 +1,43 @@
+/* session-env.h - Definitions for session environment functions
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_SESSION_ENV_H
+#define GNUPG_COMMON_SESSION_ENV_H
+
+struct session_environment_s;
+typedef struct session_environment_s *session_env_t;
+
+const char *session_env_list_stdenvnames (int *iterator,
+ const char **r_assname);
+
+session_env_t session_env_new (void);
+void session_env_release (session_env_t se);
+
+gpg_error_t session_env_putenv (session_env_t se, const char *string);
+gpg_error_t session_env_setenv (session_env_t se,
+ const char *name, const char *value);
+
+char *session_env_getenv (session_env_t se, const char *name);
+char *session_env_getenv_or_default (session_env_t se, const char *name,
+ int *r_default);
+char *session_env_listenv (session_env_t se, int *iterator,
+ const char **r_value, int *r_default);
+
+
+#endif /*GNUPG_COMMON_SESSION_ENV_H*/
diff --git a/common/sexp-parse.h b/common/sexp-parse.h
new file mode 100644
index 0000000..b3213a6
--- /dev/null
+++ b/common/sexp-parse.h
@@ -0,0 +1,128 @@
+/* sexp-parse.h - S-Exp helper functions
+ * Copyright (C) 2002, 2003, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef SEXP_PARSE_H
+#define SEXP_PARSE_H
+
+#include <gpg-error.h>
+
+/* Return the length of the next S-Exp part and update the pointer to
+ the first data byte. 0 is returned on error */
+static inline size_t
+snext (unsigned char const **buf)
+{
+ const unsigned char *s;
+ int n;
+
+ s = *buf;
+ for (n=0; *s && *s != ':' && (*s >= '0' && *s <= '9'); s++)
+ n = n*10 + (*s - '0');
+ if (!n || *s != ':')
+ return 0; /* we don't allow empty lengths */
+ *buf = s+1;
+ return n;
+}
+
+/* Skip over the S-Expression BUF points to and update BUF to point to
+ the chacter right behind. DEPTH gives the initial number of open
+ lists and may be passed as a positive number to skip over the
+ remainder of an S-Expression if the current position is somewhere
+ in an S-Expression. The function may return an error code if it
+ encounters an impossible condition. */
+static inline gpg_error_t
+sskip (unsigned char const **buf, int *depth)
+{
+ const unsigned char *s = *buf;
+ size_t n;
+ int d = *depth;
+
+ while (d > 0)
+ {
+ if (*s == '(')
+ {
+ d++;
+ s++;
+ }
+ else if (*s == ')')
+ {
+ d--;
+ s++;
+ }
+ else
+ {
+ if (!d)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ n = snext (&s);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s += n;
+ }
+ }
+ *buf = s;
+ *depth = d;
+ return 0;
+}
+
+
+/* Check whether the the string at the address BUF points to matches
+ the token. Return true on match and update BUF to point behind the
+ token. Return false and dont update tha buffer if it does not
+ match. */
+static inline int
+smatch (unsigned char const **buf, size_t buflen, const char *token)
+{
+ size_t toklen = strlen (token);
+
+ if (buflen != toklen || memcmp (*buf, token, toklen))
+ return 0;
+ *buf += toklen;
+ return 1;
+}
+
+/* Format VALUE for use as the length indicatior of an S-expression.
+ The caller needs to provide a buffer HELP_BUFFER wth a length of
+ HELP_BUFLEN. The return value is a pointer into HELP_BUFFER with
+ the formatted length string. The colon and a trailing nul are
+ appended. HELP_BUFLEN must be at least 3 - a more useful value is
+ 15. If LENGTH is not NULL, the LENGTH of the resulting string
+ (excluding the terminating nul) is stored at that address. */
+static inline char *
+smklen (char *help_buffer, size_t help_buflen, size_t value, size_t *length)
+{
+ char *p = help_buffer + help_buflen;
+
+ if (help_buflen >= 3)
+ {
+ *--p = 0;
+ *--p = ':';
+ do
+ {
+ *--p = '0' + (value % 10);
+ value /= 10;
+ }
+ while (value && p > help_buffer);
+ }
+
+ if (length)
+ *length = (help_buffer + help_buflen) - p;
+ return p;
+}
+
+
+#endif /*SEXP_PARSE_H*/
diff --git a/common/sexputil.c b/common/sexputil.c
new file mode 100644
index 0000000..1e59187
--- /dev/null
+++ b/common/sexputil.c
@@ -0,0 +1,429 @@
+/* sexputil.c - Utility functions for S-expressions.
+ * Copyright (C) 2005, 2007, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* This file implements a few utility functions useful when working
+ with canonical encrypted S-expresions (i.e. not the S-exprssion
+ objects from libgcrypt). */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#ifdef HAVE_LOCALE_H
+#include <locale.h>
+#endif
+
+#include "util.h"
+#include "tlv.h"
+#include "sexp-parse.h"
+
+
+/* Helper function to create a a canonical encoded S-expression from a
+ Libgcrypt S-expression object. The function returns 0 on success
+ and the malloced canonical S-expression is stored at R_BUFFER and
+ the allocated length at R_BUFLEN. On error an error code is
+ returned and (NULL, 0) stored at R_BUFFER and R_BUFLEN. If the
+ allocated buffer length is not required, NULL by be used for
+ R_BUFLEN. */
+gpg_error_t
+make_canon_sexp (gcry_sexp_t sexp, unsigned char **r_buffer, size_t *r_buflen)
+{
+ size_t len;
+ unsigned char *buf;
+
+ *r_buffer = NULL;
+ if (r_buflen)
+ *r_buflen = 0;;
+
+ len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, NULL, 0);
+ if (!len)
+ return gpg_error (GPG_ERR_BUG);
+ buf = xtrymalloc (len);
+ if (!buf)
+ return gpg_error_from_syserror ();
+ len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, buf, len);
+ if (!len)
+ return gpg_error (GPG_ERR_BUG);
+
+ *r_buffer = buf;
+ if (r_buflen)
+ *r_buflen = len;
+
+ return 0;
+}
+
+
+/* Return the so called "keygrip" which is the SHA-1 hash of the
+ public key parameters expressed in a way depended on the algorithm.
+
+ KEY is expected to be an canonical encoded S-expression with a
+ public or private key. KEYLEN is the length of that buffer.
+
+ GRIP must be at least 20 bytes long. On success 0 is returned, on
+ error an error code. */
+gpg_error_t
+keygrip_from_canon_sexp (const unsigned char *key, size_t keylen,
+ unsigned char *grip)
+{
+ gpg_error_t err;
+ gcry_sexp_t sexp;
+
+ if (!grip)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ err = gcry_sexp_sscan (&sexp, NULL, (const char *)key, keylen);
+ if (err)
+ return err;
+ if (!gcry_pk_get_keygrip (sexp, grip))
+ err = gpg_error (GPG_ERR_INTERNAL);
+ gcry_sexp_release (sexp);
+ return err;
+}
+
+
+/* Compare two simple S-expressions like "(3:foo)". Returns 0 if they
+ are identical or !0 if they are not. Not that this function can't
+ be used for sorting. */
+int
+cmp_simple_canon_sexp (const unsigned char *a_orig,
+ const unsigned char *b_orig)
+{
+ const char *a = (const char *)a_orig;
+ const char *b = (const char *)b_orig;
+ unsigned long n1, n2;
+ char *endp;
+
+ if (!a && !b)
+ return 0; /* Both are NULL, they are identical. */
+ if (!a || !b)
+ return 1; /* One is NULL, they are not identical. */
+ if (*a != '(' || *b != '(')
+ log_bug ("invalid S-exp in cmp_simple_canon_sexp\n");
+
+ a++;
+ n1 = strtoul (a, &endp, 10);
+ a = endp;
+ b++;
+ n2 = strtoul (b, &endp, 10);
+ b = endp;
+
+ if (*a != ':' || *b != ':' )
+ log_bug ("invalid S-exp in cmp_simple_canon_sexp\n");
+ if (n1 != n2)
+ return 1; /* Not the same. */
+
+ for (a++, b++; n1; n1--, a++, b++)
+ if (*a != *b)
+ return 1; /* Not the same. */
+ return 0;
+}
+
+
+/* Create a simple S-expression from the hex string at LIBNE. Returns
+ a newly allocated buffer with that canonical encoded S-expression
+ or NULL in case of an error. On return the number of characters
+ scanned in LINE will be stored at NSCANNED. This fucntions stops
+ converting at the first character not representing a hexdigit. Odd
+ numbers of hex digits are allowed; a leading zero is then
+ assumed. If no characters have been found, NULL is returned.*/
+unsigned char *
+make_simple_sexp_from_hexstr (const char *line, size_t *nscanned)
+{
+ size_t n, len;
+ const char *s;
+ unsigned char *buf;
+ unsigned char *p;
+ char numbuf[50], *numbufp;
+ size_t numbuflen;
+
+ for (n=0, s=line; hexdigitp (s); s++, n++)
+ ;
+ if (nscanned)
+ *nscanned = n;
+ if (!n)
+ return NULL;
+ len = ((n+1) & ~0x01)/2;
+ numbufp = smklen (numbuf, sizeof numbuf, len, &numbuflen);
+ buf = xtrymalloc (1 + numbuflen + len + 1 + 1);
+ if (!buf)
+ return NULL;
+ buf[0] = '(';
+ p = (unsigned char *)stpcpy ((char *)buf+1, numbufp);
+ s = line;
+ if ((n&1))
+ {
+ *p++ = xtoi_1 (s);
+ s++;
+ n--;
+ }
+ for (; n > 1; n -=2, s += 2)
+ *p++ = xtoi_2 (s);
+ *p++ = ')';
+ *p = 0; /* (Not really neaded.) */
+
+ return buf;
+}
+
+
+/* Return the hash algorithm from a KSBA sig-val. SIGVAL is a
+ canonical encoded S-expression. Return 0 if the hash algorithm is
+ not encoded in SIG-VAL or it is not supported by libgcrypt. */
+int
+hash_algo_from_sigval (const unsigned char *sigval)
+{
+ const unsigned char *s = sigval;
+ size_t n;
+ int depth;
+ char buffer[50];
+
+ if (!s || *s != '(')
+ return 0; /* Invalid S-expression. */
+ s++;
+ n = snext (&s);
+ if (!n)
+ return 0; /* Invalid S-expression. */
+ if (!smatch (&s, n, "sig-val"))
+ return 0; /* Not a sig-val. */
+ if (*s != '(')
+ return 0; /* Invalid S-expression. */
+ s++;
+ /* Skip over the algo+parameter list. */
+ depth = 1;
+ if (sskip (&s, &depth) || depth)
+ return 0; /* Invalid S-expression. */
+ if (*s != '(')
+ return 0; /* No futher list. */
+ /* Check whether this is (hash ALGO). */
+ s++;
+ n = snext (&s);
+ if (!n)
+ return 0; /* Invalid S-expression. */
+ if (!smatch (&s, n, "hash"))
+ return 0; /* Not a "hash" keyword. */
+ n = snext (&s);
+ if (!n || n+1 >= sizeof (buffer))
+ return 0; /* Algorithm string is missing or too long. */
+ memcpy (buffer, s, n);
+ buffer[n] = 0;
+
+ return gcry_md_map_name (buffer);
+}
+
+
+/* Create a public key S-expression for an RSA public key from the
+ modulus M with length MLEN and the public exponent E with length
+ ELEN. Returns a newly allocated buffer of NULL in case of a memory
+ allocation problem. If R_LEN is not NULL, the length of the
+ canonical S-expression is stored there. */
+unsigned char *
+make_canon_sexp_from_rsa_pk (const void *m_arg, size_t mlen,
+ const void *e_arg, size_t elen,
+ size_t *r_len)
+{
+ const unsigned char *m = m_arg;
+ const unsigned char *e = e_arg;
+ int m_extra = 0;
+ int e_extra = 0;
+ char mlen_str[35];
+ char elen_str[35];
+ unsigned char *keybuf, *p;
+ const char const part1[] = "(10:public-key(3:rsa(1:n";
+ const char const part2[] = ")(1:e";
+ const char const part3[] = ")))";
+
+ /* Remove leading zeroes. */
+ for (; mlen && !*m; mlen--, m++)
+ ;
+ for (; elen && !*e; elen--, e++)
+ ;
+
+ /* Insert a leading zero if the number would be zero or interpreted
+ as negative. */
+ if (!mlen || (m[0] & 0x80))
+ m_extra = 1;
+ if (!elen || (e[0] & 0x80))
+ e_extra = 1;
+
+ /* Build the S-expression. */
+ snprintf (mlen_str, sizeof mlen_str, "%u:", (unsigned int)mlen+m_extra);
+ snprintf (elen_str, sizeof elen_str, "%u:", (unsigned int)elen+e_extra);
+
+ keybuf = xtrymalloc (strlen (part1) + strlen (mlen_str) + mlen + m_extra
+ + strlen (part2) + strlen (elen_str) + elen + e_extra
+ + strlen (part3) + 1);
+ if (!keybuf)
+ return NULL;
+
+ p = stpcpy (keybuf, part1);
+ p = stpcpy (p, mlen_str);
+ if (m_extra)
+ *p++ = 0;
+ memcpy (p, m, mlen);
+ p += mlen;
+ p = stpcpy (p, part2);
+ p = stpcpy (p, elen_str);
+ if (e_extra)
+ *p++ = 0;
+ memcpy (p, e, elen);
+ p += elen;
+ p = stpcpy (p, part3);
+
+ if (r_len)
+ *r_len = p - keybuf;
+
+ return keybuf;
+}
+
+
+/* Return the so parameters of a public RSA key expressed as an
+ canonical encoded S-expression. */
+gpg_error_t
+get_rsa_pk_from_canon_sexp (const unsigned char *keydata, size_t keydatalen,
+ unsigned char const **r_n, size_t *r_nlen,
+ unsigned char const **r_e, size_t *r_elen)
+{
+ gpg_error_t err;
+ const unsigned char *buf, *tok;
+ size_t buflen, toklen;
+ int depth, last_depth1, last_depth2;
+ const unsigned char *rsa_n = NULL;
+ const unsigned char *rsa_e = NULL;
+ size_t rsa_n_len, rsa_e_len;
+
+ *r_n = NULL;
+ *r_nlen = 0;
+ *r_e = NULL;
+ *r_elen = 0;
+
+ buf = keydata;
+ buflen = keydatalen;
+ depth = 0;
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ return err;
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ return err;
+ if (!tok || toklen != 10 || memcmp ("public-key", tok, toklen))
+ return gpg_error (GPG_ERR_BAD_PUBKEY);
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ return err;
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ return err;
+ if (!tok || toklen != 3 || memcmp ("rsa", tok, toklen))
+ return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
+
+ last_depth1 = depth;
+ while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
+ && depth && depth >= last_depth1)
+ {
+ if (tok)
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ return err;
+ if (tok && toklen == 1)
+ {
+ const unsigned char **mpi;
+ size_t *mpi_len;
+
+ switch (*tok)
+ {
+ case 'n': mpi = &rsa_n; mpi_len = &rsa_n_len; break;
+ case 'e': mpi = &rsa_e; mpi_len = &rsa_e_len; break;
+ default: mpi = NULL; mpi_len = NULL; break;
+ }
+ if (mpi && *mpi)
+ return gpg_error (GPG_ERR_DUP_VALUE);
+
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ return err;
+ if (tok && mpi)
+ {
+ /* Strip off leading zero bytes and save. */
+ for (;toklen && !*tok; toklen--, tok++)
+ ;
+ *mpi = tok;
+ *mpi_len = toklen;
+ }
+ }
+
+ /* Skip to the end of the list. */
+ last_depth2 = depth;
+ while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
+ && depth && depth >= last_depth2)
+ ;
+ if (err)
+ return err;
+ }
+
+ if (err)
+ return err;
+
+ if (!rsa_n || !rsa_n_len || !rsa_e || !rsa_e_len)
+ return gpg_error (GPG_ERR_BAD_PUBKEY);
+
+ *r_n = rsa_n;
+ *r_nlen = rsa_n_len;
+ *r_e = rsa_e;
+ *r_elen = rsa_e_len;
+ return 0;
+}
+
+
+/* Return the algo of a public RSA expressed as an canonical encoded
+ S-expression. On error the algo is set to 0. */
+gpg_error_t
+get_pk_algo_from_canon_sexp (const unsigned char *keydata, size_t keydatalen,
+ int *r_algo)
+{
+ gpg_error_t err;
+ const unsigned char *buf, *tok;
+ size_t buflen, toklen;
+ int depth;
+
+ *r_algo = 0;
+
+ buf = keydata;
+ buflen = keydatalen;
+ depth = 0;
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ return err;
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ return err;
+ if (!tok || toklen != 10 || memcmp ("public-key", tok, toklen))
+ return gpg_error (GPG_ERR_BAD_PUBKEY);
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ return err;
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ return err;
+ if (!tok)
+ return gpg_error (GPG_ERR_BAD_PUBKEY);
+
+ if (toklen == 3 && !memcmp ("rsa", tok, toklen))
+ *r_algo = GCRY_PK_RSA;
+ else if (toklen == 3 && !memcmp ("dsa", tok, toklen))
+ *r_algo = GCRY_PK_DSA;
+ else if (toklen == 3 && !memcmp ("elg", tok, toklen))
+ *r_algo = GCRY_PK_ELG;
+ else if (toklen == 5 && !memcmp ("ecdsa", tok, toklen))
+ *r_algo = GCRY_PK_ECDSA;
+ else
+ return gpg_error (GPG_ERR_PUBKEY_ALGO);
+
+ return 0;
+}
diff --git a/common/signal.c b/common/signal.c
new file mode 100644
index 0000000..98859a4
--- /dev/null
+++ b/common/signal.c
@@ -0,0 +1,262 @@
+/* signal.c - signal handling
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002,
+ * 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "util.h"
+
+
+#ifndef HAVE_DOSISH_SYSTEM
+static volatile int caught_fatal_sig;
+static volatile int caught_sigusr1;
+#endif
+static void (*cleanup_fnc)(void);
+
+
+#ifndef HAVE_DOSISH_SYSTEM
+static void
+init_one_signal (int sig, RETSIGTYPE (*handler)(int), int check_ign )
+{
+# ifdef HAVE_SIGACTION
+ struct sigaction oact, nact;
+
+ if (check_ign)
+ {
+ /* we don't want to change an IGN handler */
+ sigaction (sig, NULL, &oact );
+ if (oact.sa_handler == SIG_IGN )
+ return;
+ }
+
+ nact.sa_handler = handler;
+ sigemptyset (&nact.sa_mask);
+ nact.sa_flags = 0;
+ sigaction ( sig, &nact, NULL);
+# else
+ RETSIGTYPE (*ohandler)(int);
+
+ ohandler = signal (sig, handler);
+ if (check_ign && ohandler == SIG_IGN)
+ {
+ /* Change it back if it was already set to IGN */
+ signal (sig, SIG_IGN);
+ }
+# endif
+}
+#endif /*!HAVE_DOSISH_SYSTEM*/
+
+#ifndef HAVE_DOSISH_SYSTEM
+static const char *
+get_signal_name( int signum )
+{
+ /* Note that we can't use strsignal(), because it is not
+ reentrant. */
+#if HAVE_DECL_SYS_SIGLIST && defined(NSIG)
+ return (signum >= 0 && signum < NSIG) ? sys_siglist[signum] : "?";
+#else
+ return NULL;
+#endif
+}
+#endif /*!HAVE_DOSISH_SYSTEM*/
+
+#ifndef HAVE_DOSISH_SYSTEM
+static RETSIGTYPE
+got_fatal_signal (int sig)
+{
+ const char *s;
+
+ if (caught_fatal_sig)
+ raise (sig);
+ caught_fatal_sig = 1;
+
+ if (cleanup_fnc)
+ cleanup_fnc ();
+ /* Better don't translate these messages. */
+ write (2, "\n", 1 );
+ s = log_get_prefix (NULL);
+ if (s)
+ write(2, s, strlen (s));
+ write (2, ": signal ", 9 );
+ s = get_signal_name(sig);
+ if (s)
+ write (2, s, strlen(s) );
+ else
+ {
+ /* We are in a signal handler so we can't use any kind of printf
+ even not sprintf. So we use a straightforward algorithm. We
+ got a report that on one particular system, raising a signal
+ while in this handler, the parameter SIG get sclobbered and
+ things are messed up because we modify its value. Although
+ this is a bug in that system, we will protect against it. */
+ if (sig < 0 || sig >= 100000)
+ write (2, "?", 1);
+ else
+ {
+ int i, value, any=0;
+
+ for (value=sig,i=10000; i; i /= 10)
+ {
+ if (value >= i || ((any || i==1) && !(value/i)))
+ {
+ write (2, "0123456789"+(value/i), 1);
+ if ((value/i))
+ any = 1;
+ value %= i;
+ }
+ }
+ }
+ }
+ write (2, " caught ... exiting\n", 20);
+
+ /* Reset action to default action and raise signal again */
+ init_one_signal (sig, SIG_DFL, 0);
+ /* Fixme: remove_lockfiles ();*/
+#ifdef __riscos__
+ close_fds ();
+#endif /* __riscos__ */
+ raise( sig );
+}
+#endif /*!HAVE_DOSISH_SYSTEM*/
+
+#ifndef HAVE_DOSISH_SYSTEM
+static RETSIGTYPE
+got_usr_signal (int sig)
+{
+ (void)sig;
+ caught_sigusr1 = 1;
+}
+#endif /*!HAVE_DOSISH_SYSTEM*/
+
+void
+gnupg_init_signals (int mode, void (*fast_cleanup)(void))
+{
+ assert (!mode);
+
+ cleanup_fnc = fast_cleanup;
+#ifndef HAVE_DOSISH_SYSTEM
+ init_one_signal (SIGINT, got_fatal_signal, 1 );
+ init_one_signal (SIGHUP, got_fatal_signal, 1 );
+ init_one_signal (SIGTERM, got_fatal_signal, 1 );
+ init_one_signal (SIGQUIT, got_fatal_signal, 1 );
+ init_one_signal (SIGSEGV, got_fatal_signal, 1 );
+ init_one_signal (SIGUSR1, got_usr_signal, 0 );
+ init_one_signal (SIGPIPE, SIG_IGN, 0 );
+#endif
+}
+
+void
+gnupg_pause_on_sigusr (int which)
+{
+#ifndef HAVE_DOSISH_SYSTEM
+# ifdef HAVE_SIGPROCMASK
+ sigset_t mask, oldmask;
+
+ assert (which == 1);
+ sigemptyset( &mask );
+ sigaddset( &mask, SIGUSR1 );
+
+ sigprocmask( SIG_BLOCK, &mask, &oldmask );
+ while (!caught_sigusr1)
+ sigsuspend (&oldmask);
+ caught_sigusr1 = 0;
+ sigprocmask (SIG_UNBLOCK, &mask, NULL);
+# else
+ assert (which == 1);
+ sighold (SIGUSR1);
+ while (!caught_sigusr1)
+ sigpause(SIGUSR1);
+ caught_sigusr1 = 0;
+ sigrelease(SIGUSR1);
+# endif /*!HAVE_SIGPROCMASK*/
+#endif
+}
+
+
+static void
+do_block( int block )
+{
+#ifndef HAVE_DOSISH_SYSTEM
+ static int is_blocked;
+#ifdef HAVE_SIGPROCMASK
+ static sigset_t oldmask;
+
+ if (block)
+ {
+ sigset_t newmask;
+
+ if (is_blocked)
+ log_bug ("signals are already blocked\n");
+ sigfillset( &newmask );
+ sigprocmask( SIG_BLOCK, &newmask, &oldmask );
+ is_blocked = 1;
+ }
+ else
+ {
+ if (!is_blocked)
+ log_bug("signals are not blocked\n");
+ sigprocmask (SIG_SETMASK, &oldmask, NULL);
+ is_blocked = 0;
+ }
+#else /*!HAVE_SIGPROCMASK*/
+ static void (*disposition[MAXSIG])();
+ int sig;
+
+ if (block)
+ {
+ if (is_blocked)
+ log_bug("signals are already blocked\n");
+ for (sig=1; sig < MAXSIG; sig++)
+ {
+ disposition[sig] = sigset (sig, SIG_HOLD);
+ }
+ is_blocked = 1;
+ }
+ else
+ {
+ if (!is_blocked)
+ log_bug ("signals are not blocked\n");
+ for (sig=1; sig < MAXSIG; sig++) {
+ sigset (sig, disposition[sig]);
+ }
+ is_blocked = 0;
+ }
+#endif /*!HAVE_SIGPROCMASK*/
+#endif /*HAVE_DOSISH_SYSTEM*/
+}
+
+
+void
+gnupg_block_all_signals ()
+{
+ do_block(1);
+}
+
+void
+gnupg_unblock_all_signals ()
+{
+ do_block(0);
+}
diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c
new file mode 100644
index 0000000..3598b35
--- /dev/null
+++ b/common/simple-pwquery.c
@@ -0,0 +1,690 @@
+/* simple-pwquery.c - A simple password query client for gpg-agent
+ * Copyright (C) 2002, 2004, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* This module is intended as a standalone client implementation to
+ gpg-agent's GET_PASSPHRASE command. In particular it does not use
+ the Assuan library and can only cope with an already running
+ gpg-agent. Some stuff is configurable in the header file. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#ifdef HAVE_W32_SYSTEM
+#include <winsock2.h>
+#else
+#include <sys/socket.h>
+#include <sys/un.h>
+#endif
+#ifdef HAVE_LOCALE_H
+#include <locale.h>
+#endif
+
+#define JNLIB_NEED_AFLOCAL
+#include "../jnlib/mischelp.h"
+#ifdef HAVE_W32_SYSTEM
+#include "../jnlib/w32-afunix.h"
+#endif
+
+
+#define SIMPLE_PWQUERY_IMPLEMENTATION 1
+#include "simple-pwquery.h"
+
+#if defined(SPWQ_USE_LOGGING) && !defined(HAVE_JNLIB_LOGGING)
+# undef SPWQ_USE_LOGGING
+#endif
+
+#ifndef _
+#define _(a) (a)
+#endif
+
+#if !defined (hexdigitp) && !defined (xtoi_2)
+#define digitp(p) (*(p) >= '0' && *(p) <= '9')
+#define hexdigitp(a) (digitp (a) \
+ || (*(a) >= 'A' && *(a) <= 'F') \
+ || (*(a) >= 'a' && *(a) <= 'f'))
+#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \
+ *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
+#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
+#endif
+
+
+/* Name of the socket to be used if GPG_AGENT_INFO has not been
+ set. No default socket is used if this is NULL. */
+static char *default_gpg_agent_info;
+
+
+
+
+
+
+#ifndef HAVE_STPCPY
+static char *
+my_stpcpy(char *a,const char *b)
+{
+ while( *b )
+ *a++ = *b++;
+ *a = 0;
+
+ return (char*)a;
+}
+#define stpcpy(a,b) my_stpcpy((a), (b))
+#endif
+
+
+
+/* Write NBYTES of BUF to file descriptor FD. */
+static int
+writen (int fd, const void *buf, size_t nbytes)
+{
+ size_t nleft = nbytes;
+ int nwritten;
+
+ while (nleft > 0)
+ {
+#ifdef HAVE_W32_SYSTEM
+ nwritten = send (fd, buf, nleft, 0);
+#else
+ nwritten = write (fd, buf, nleft);
+#endif
+ if (nwritten < 0)
+ {
+ if (errno == EINTR)
+ nwritten = 0;
+ else {
+#ifdef SPWQ_USE_LOGGING
+ log_error ("write failed: %s\n", strerror (errno));
+#endif
+ return SPWQ_IO_ERROR;
+ }
+ }
+ nleft -= nwritten;
+ buf = (const char*)buf + nwritten;
+ }
+
+ return 0;
+}
+
+
+/* Read an entire line and return number of bytes read. */
+static int
+readline (int fd, char *buf, size_t buflen)
+{
+ size_t nleft = buflen;
+ char *p;
+ int nread = 0;
+
+ while (nleft > 0)
+ {
+#ifdef HAVE_W32_SYSTEM
+ int n = recv (fd, buf, nleft, 0);
+#else
+ int n = read (fd, buf, nleft);
+#endif
+ if (n < 0)
+ {
+ if (errno == EINTR)
+ continue;
+ return -(SPWQ_IO_ERROR);
+ }
+ else if (!n)
+ {
+ return -(SPWQ_PROTOCOL_ERROR); /* incomplete line */
+ }
+ p = buf;
+ nleft -= n;
+ buf += n;
+ nread += n;
+
+ for (; n && *p != '\n'; n--, p++)
+ ;
+ if (n)
+ {
+ break; /* At least one full line available - that's enough.
+ This function is just a simple implementation, so
+ it is okay to forget about pending bytes. */
+ }
+ }
+
+ return nread;
+}
+
+
+/* Send an option to the agent */
+static int
+agent_send_option (int fd, const char *name, const char *value)
+{
+ char buf[200];
+ int nread;
+ char *line;
+ int i;
+
+ line = spwq_malloc (7 + strlen (name) + 1 + strlen (value) + 2);
+ if (!line)
+ return SPWQ_OUT_OF_CORE;
+ strcpy (stpcpy (stpcpy (stpcpy (
+ stpcpy (line, "OPTION "), name), "="), value), "\n");
+ i = writen (fd, line, strlen (line));
+ spwq_free (line);
+ if (i)
+ return i;
+
+ /* get response */
+ nread = readline (fd, buf, DIM(buf)-1);
+ if (nread < 0)
+ return -nread;
+ if (nread < 3)
+ return SPWQ_PROTOCOL_ERROR;
+
+ if (buf[0] == 'O' && buf[1] == 'K' && (buf[2] == ' ' || buf[2] == '\n'))
+ return 0; /* okay */
+
+ return SPWQ_ERR_RESPONSE;
+}
+
+
+/* Send all available options to the agent. */
+static int
+agent_send_all_options (int fd)
+{
+ char *dft_display = NULL;
+ char *dft_ttyname = NULL;
+ char *dft_ttytype = NULL;
+ char *dft_xauthority = NULL;
+ char *dft_pinentry_user_data = NULL;
+ int rc = 0;
+
+ dft_display = getenv ("DISPLAY");
+ if (dft_display)
+ {
+ if ((rc = agent_send_option (fd, "display", dft_display)))
+ return rc;
+ }
+
+ dft_ttyname = getenv ("GPG_TTY");
+#ifndef HAVE_W32_SYSTEM
+ if ((!dft_ttyname || !*dft_ttyname) && ttyname (0))
+ dft_ttyname = ttyname (0);
+#endif
+ if (dft_ttyname && *dft_ttyname)
+ {
+ if ((rc=agent_send_option (fd, "ttyname", dft_ttyname)))
+ return rc;
+ }
+
+ dft_ttytype = getenv ("TERM");
+ if (dft_ttyname && dft_ttytype)
+ {
+ if ((rc = agent_send_option (fd, "ttytype", dft_ttytype)))
+ return rc;
+ }
+
+#if defined(HAVE_SETLOCALE)
+ {
+ char *old_lc = NULL;
+ char *dft_lc = NULL;
+
+#if defined(LC_CTYPE)
+ old_lc = setlocale (LC_CTYPE, NULL);
+ if (old_lc)
+ {
+ char *p = spwq_malloc (strlen (old_lc)+1);
+ if (!p)
+ return SPWQ_OUT_OF_CORE;
+ strcpy (p, old_lc);
+ old_lc = p;
+ }
+ dft_lc = setlocale (LC_CTYPE, "");
+ if (dft_ttyname && dft_lc)
+ rc = agent_send_option (fd, "lc-ctype", dft_lc);
+ if (old_lc)
+ {
+ setlocale (LC_CTYPE, old_lc);
+ spwq_free (old_lc);
+ }
+ if (rc)
+ return rc;
+#endif
+
+#if defined(LC_MESSAGES)
+ old_lc = setlocale (LC_MESSAGES, NULL);
+ if (old_lc)
+ {
+ char *p = spwq_malloc (strlen (old_lc)+1);
+ if (!p)
+ return SPWQ_OUT_OF_CORE;
+ strcpy (p, old_lc);
+ old_lc = p;
+ }
+ dft_lc = setlocale (LC_MESSAGES, "");
+ if (dft_ttyname && dft_lc)
+ rc = agent_send_option (fd, "lc-messages", dft_lc);
+ if (old_lc)
+ {
+ setlocale (LC_MESSAGES, old_lc);
+ spwq_free (old_lc);
+ }
+ if (rc)
+ return rc;
+#endif
+ }
+#endif /*HAVE_SETLOCALE*/
+
+ /* Send the XAUTHORITY variable. */
+ dft_xauthority = getenv ("XAUTHORITY");
+ if (dft_xauthority)
+ {
+ /* We ignore errors here because older gpg-agents don't support
+ this option. */
+ agent_send_option (fd, "xauthority", dft_xauthority);
+ }
+
+ /* Send the PINENTRY_USER_DATA variable. */
+ dft_pinentry_user_data = getenv ("PINENTRY_USER_DATA");
+ if (dft_pinentry_user_data)
+ {
+ /* We ignore errors here because older gpg-agents don't support
+ this option. */
+ agent_send_option (fd, "pinentry-user-data", dft_pinentry_user_data);
+ }
+
+ return 0;
+}
+
+
+
+/* Try to open a connection to the agent, send all options and return
+ the file descriptor for the connection. Return -1 in case of
+ error. */
+static int
+agent_open (int *rfd)
+{
+ int rc;
+ int fd;
+ char *infostr, *p;
+ struct sockaddr_un client_addr;
+ size_t len;
+ int prot;
+ char line[200];
+ int nread;
+
+ *rfd = -1;
+ infostr = getenv ( "GPG_AGENT_INFO" );
+ if ( !infostr || !*infostr )
+ infostr = default_gpg_agent_info;
+ if ( !infostr || !*infostr )
+ {
+#ifdef SPWQ_USE_LOGGING
+ log_error (_("gpg-agent is not available in this session\n"));
+#endif
+ return SPWQ_NO_AGENT;
+ }
+ p = spwq_malloc (strlen (infostr)+1);
+ if (!p)
+ return SPWQ_OUT_OF_CORE;
+ strcpy (p, infostr);
+ infostr = p;
+
+ if ( !(p = strchr ( infostr, PATHSEP_C)) || p == infostr
+ || (p-infostr)+1 >= sizeof client_addr.sun_path )
+ {
+#ifdef SPWQ_USE_LOGGING
+ log_error ( _("malformed GPG_AGENT_INFO environment variable\n"));
+#endif
+ return SPWQ_NO_AGENT;
+ }
+ *p++ = 0;
+
+ while (*p && *p != PATHSEP_C)
+ p++;
+ prot = *p? atoi (p+1) : 0;
+ if ( prot != 1)
+ {
+#ifdef SPWQ_USE_LOGGING
+ log_error (_("gpg-agent protocol version %d is not supported\n"),prot);
+#endif
+ return SPWQ_PROTOCOL_ERROR;
+ }
+
+#ifdef HAVE_W32_SYSTEM
+ fd = _w32_sock_new (AF_UNIX, SOCK_STREAM, 0);
+#else
+ fd = socket (AF_UNIX, SOCK_STREAM, 0);
+#endif
+ if (fd == -1)
+ {
+#ifdef SPWQ_USE_LOGGING
+ log_error ("can't create socket: %s\n", strerror(errno) );
+#endif
+ return SPWQ_SYS_ERROR;
+ }
+
+ memset (&client_addr, 0, sizeof client_addr);
+ client_addr.sun_family = AF_UNIX;
+ strcpy (client_addr.sun_path, infostr);
+ len = SUN_LEN (&client_addr);
+
+#ifdef HAVE_W32_SYSTEM
+ rc = _w32_sock_connect (fd, (struct sockaddr*)&client_addr, len );
+#else
+ rc = connect (fd, (struct sockaddr*)&client_addr, len );
+#endif
+ if (rc == -1)
+ {
+#ifdef SPWQ_USE_LOGGING
+ log_error ( _("can't connect to `%s': %s\n"), infostr, strerror (errno));
+#endif
+ close (fd );
+ return SPWQ_IO_ERROR;
+ }
+
+ nread = readline (fd, line, DIM(line));
+ if (nread < 3 || !(line[0] == 'O' && line[1] == 'K'
+ && (line[2] == '\n' || line[2] == ' ')) )
+ {
+#ifdef SPWQ_USE_LOGGING
+ log_error ( _("communication problem with gpg-agent\n"));
+#endif
+ close (fd );
+ return SPWQ_PROTOCOL_ERROR;
+ }
+
+ rc = agent_send_all_options (fd);
+ if (rc)
+ {
+#ifdef SPWQ_USE_LOGGING
+ log_error (_("problem setting the gpg-agent options\n"));
+#endif
+ close (fd);
+ return rc;
+ }
+
+ *rfd = fd;
+ return 0;
+}
+
+
+/* Copy text to BUFFER and escape as required. Return a pointer to
+ the end of the new buffer. Note that BUFFER must be large enough
+ to keep the entire text; allocataing it 3 times the size of TEXT
+ is sufficient. */
+static char *
+copy_and_escape (char *buffer, const char *text)
+{
+ int i;
+ const unsigned char *s = (unsigned char *)text;
+ char *p = buffer;
+
+
+ for (i=0; s[i]; i++)
+ {
+ if (s[i] < ' ' || s[i] == '+')
+ {
+ sprintf (p, "%%%02X", s[i]);
+ p += 3;
+ }
+ else if (s[i] == ' ')
+ *p++ = '+';
+ else
+ *p++ = s[i];
+ }
+ return p;
+}
+
+
+/* Set the name of the default socket to NAME. */
+int
+simple_pw_set_socket (const char *name)
+{
+ spwq_free (default_gpg_agent_info);
+ if (name)
+ {
+ default_gpg_agent_info = spwq_malloc (strlen (name) + 4 + 1);
+ if (!default_gpg_agent_info)
+ return SPWQ_OUT_OF_CORE;
+ /* We don't know the PID thus we use 0. */
+ strcpy (stpcpy (default_gpg_agent_info, name),
+ PATHSEP_S "0" PATHSEP_S "1");
+ }
+ else
+ default_gpg_agent_info = NULL;
+
+ return 0;
+}
+
+
+/* Ask the gpg-agent for a passphrase and present the user with a
+ DESCRIPTION, a PROMPT and optionally with a TRYAGAIN extra text.
+ If a CACHEID is not NULL it is used to locate the passphrase in in
+ the cache and store it under this ID. If OPT_CHECK is true
+ gpg-agent is asked to apply some checks on the passphrase security.
+ If ERRORCODE is not NULL it should point a variable receiving an
+ errorcode; this error code might be 0 if the user canceled the
+ operation. The function returns NULL to indicate an error. */
+char *
+simple_pwquery (const char *cacheid,
+ const char *tryagain,
+ const char *prompt,
+ const char *description,
+ int opt_check,
+ int *errorcode)
+{
+ int fd = -1;
+ int nread;
+ char *result = NULL;
+ char *pw = NULL;
+ char *p;
+ int rc, i;
+
+ rc = agent_open (&fd);
+ if (rc)
+ goto leave;
+
+ if (!cacheid)
+ cacheid = "X";
+ if (!tryagain)
+ tryagain = "X";
+ if (!prompt)
+ prompt = "X";
+ if (!description)
+ description = "X";
+
+ {
+ char *line;
+ /* We allocate 3 times the needed space so that there is enough
+ space for escaping. */
+ line = spwq_malloc (15 + 10
+ + 3*strlen (cacheid) + 1
+ + 3*strlen (tryagain) + 1
+ + 3*strlen (prompt) + 1
+ + 3*strlen (description) + 1
+ + 2);
+ if (!line)
+ {
+ rc = SPWQ_OUT_OF_CORE;
+ goto leave;
+ }
+ strcpy (line, "GET_PASSPHRASE ");
+ p = line+15;
+ if (opt_check)
+ p = stpcpy (p, "--check ");
+ p = copy_and_escape (p, cacheid);
+ *p++ = ' ';
+ p = copy_and_escape (p, tryagain);
+ *p++ = ' ';
+ p = copy_and_escape (p, prompt);
+ *p++ = ' ';
+ p = copy_and_escape (p, description);
+ *p++ = '\n';
+ rc = writen (fd, line, p - line);
+ spwq_free (line);
+ if (rc)
+ goto leave;
+ }
+
+ /* get response */
+ pw = spwq_secure_malloc (500);
+ nread = readline (fd, pw, 499);
+ if (nread < 0)
+ {
+ rc = -nread;
+ goto leave;
+ }
+ if (nread < 3)
+ {
+ rc = SPWQ_PROTOCOL_ERROR;
+ goto leave;
+ }
+
+ if (pw[0] == 'O' && pw[1] == 'K' && pw[2] == ' ')
+ { /* we got a passphrase - convert it back from hex */
+ size_t pwlen = 0;
+
+ for (i=3; i < nread && hexdigitp (pw+i); i+=2)
+ pw[pwlen++] = xtoi_2 (pw+i);
+ pw[pwlen] = 0; /* make a C String */
+ result = pw;
+ pw = NULL;
+ }
+ else if ((nread > 7 && !memcmp (pw, "ERR 111", 7)
+ && (pw[7] == ' ' || pw[7] == '\n') )
+ || ((nread > 4 && !memcmp (pw, "ERR ", 4)
+ && (strtoul (pw+4, NULL, 0) & 0xffff) == 99)) )
+ {
+ /* 111 is the old Assuan code for canceled which might still
+ be in use by old installations. 99 is GPG_ERR_CANCELED as
+ used by modern gpg-agents; 0xffff is used to mask out the
+ error source. */
+#ifdef SPWQ_USE_LOGGING
+ log_info (_("canceled by user\n") );
+#endif
+ *errorcode = 0; /* Special error code to indicate Cancel. */
+ }
+ else if (nread > 4 && !memcmp (pw, "ERR ", 4))
+ {
+ switch ( (strtoul (pw+4, NULL, 0) & 0xffff) )
+ {
+ case 85: rc = SPWQ_NO_PIN_ENTRY; break;
+ default: rc = SPWQ_GENERAL_ERROR; break;
+ }
+ }
+ else
+ {
+#ifdef SPWQ_USE_LOGGING
+ log_error (_("problem with the agent\n"));
+#endif
+ rc = SPWQ_ERR_RESPONSE;
+ }
+
+ leave:
+ if (errorcode)
+ *errorcode = rc;
+ if (fd != -1)
+ close (fd);
+ if (pw)
+ spwq_secure_free (pw);
+ return result;
+}
+
+
+/* Ask the gpg-agent to clear the passphrase for the cache ID CACHEID. */
+int
+simple_pwclear (const char *cacheid)
+{
+ char line[500];
+ char *p;
+
+ /* We need not more than 50 characters for the command and the
+ terminating nul. */
+ if (strlen (cacheid) * 3 > sizeof (line) - 50)
+ return SPWQ_PROTOCOL_ERROR;
+
+ strcpy (line, "CLEAR_PASSPHRASE ");
+ p = line + 17;
+ p = copy_and_escape (p, cacheid);
+ *p++ = '\n';
+ *p++ = '\0';
+
+ return simple_query (line);
+}
+
+
+/* Perform the simple query QUERY (which must be new-line and 0
+ terminated) and return the error code. */
+int
+simple_query (const char *query)
+{
+ int fd = -1;
+ int nread;
+ char response[500];
+ int rc;
+
+ rc = agent_open (&fd);
+ if (rc)
+ goto leave;
+
+ rc = writen (fd, query, strlen (query));
+ if (rc)
+ goto leave;
+
+ /* get response */
+ nread = readline (fd, response, 499);
+ if (nread < 0)
+ {
+ rc = -nread;
+ goto leave;
+ }
+ if (nread < 3)
+ {
+ rc = SPWQ_PROTOCOL_ERROR;
+ goto leave;
+ }
+
+ if (response[0] == 'O' && response[1] == 'K')
+ /* OK, do nothing. */;
+ else if ((nread > 7 && !memcmp (response, "ERR 111", 7)
+ && (response[7] == ' ' || response[7] == '\n') )
+ || ((nread > 4 && !memcmp (response, "ERR ", 4)
+ && (strtoul (response+4, NULL, 0) & 0xffff) == 99)) )
+ {
+ /* 111 is the old Assuan code for canceled which might still
+ be in use by old installations. 99 is GPG_ERR_CANCELED as
+ used by modern gpg-agents; 0xffff is used to mask out the
+ error source. */
+#ifdef SPWQ_USE_LOGGING
+ log_info (_("canceled by user\n") );
+#endif
+ }
+ else
+ {
+#ifdef SPWQ_USE_LOGGING
+ log_error (_("problem with the agent\n"));
+#endif
+ rc = SPWQ_ERR_RESPONSE;
+ }
+
+ leave:
+ if (fd != -1)
+ close (fd);
+ return rc;
+}
diff --git a/common/simple-pwquery.h b/common/simple-pwquery.h
new file mode 100644
index 0000000..8de9b1b
--- /dev/null
+++ b/common/simple-pwquery.h
@@ -0,0 +1,115 @@
+/* simple-pwquery.c - A simple password query cleint for gpg-agent
+ * Copyright (C) 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef SIMPLE_PWQUERY_H
+#define SIMPLE_PWQUERY_H
+
+#ifdef SIMPLE_PWQUERY_IMPLEMENTATION /* Begin configuration stuff. */
+
+/* Include whatever files you need. */
+#include <gcrypt.h>
+#include "../jnlib/logging.h"
+
+/* Try to write error message using the standard log mechanism. The
+ current implementation requires that the HAVE_JNLIB_LOGGING is also
+ defined. */
+#define SPWQ_USE_LOGGING 1
+
+/* Memory allocation functions used by the implementation. Note, that
+ the returned value is expected to be freed with
+ spwq_secure_free. */
+#define spwq_malloc(a) gcry_malloc (a)
+#define spwq_free(a) gcry_free (a)
+#define spwq_secure_malloc(a) gcry_malloc_secure (a)
+#define spwq_secure_free(a) gcry_free (a)
+
+#endif /*SIMPLE_PWQUERY_IMPLEMENTATION*/ /* End configuration stuff. */
+
+
+/* Ask the gpg-agent for a passphrase and present the user with a
+ DESCRIPTION, a PROMPT and optiaonlly with a TRYAGAIN extra text.
+ If a CACHEID is not NULL it is used to locate the passphrase in in
+ the cache and store it under this ID. If OPT_CHECK is true
+ gpg-agent is asked to apply some checks on the passphrase security.
+ If ERRORCODE is not NULL it should point a variable receiving an
+ errorcode; this errocode might be 0 if the user canceled the
+ operation. The function returns NULL to indicate an error. */
+char *simple_pwquery (const char *cacheid,
+ const char *tryagain,
+ const char *prompt,
+ const char *description,
+ int opt_check,
+ int *errorcode);
+
+/* Ask the gpg-agent to clear the passphrase for the cache ID CACHEID. */
+int simple_pwclear (const char *cacheid);
+
+/* Perform the simple query QUERY (which must be new-line and 0
+ terminated) and return the error code. */
+int simple_query (const char *query);
+
+/* Set the name of the standard socket to be used if GPG_AGENT_INFO is
+ not defined. The use of this function is optional but if it needs
+ to be called before any other function. Returns 0 on success. */
+int simple_pw_set_socket (const char *name);
+
+#define SPWQ_OUT_OF_CORE 1
+#define SPWQ_IO_ERROR 2
+#define SPWQ_PROTOCOL_ERROR 3
+#define SPWQ_ERR_RESPONSE 4
+#define SPWQ_NO_AGENT 5
+#define SPWQ_SYS_ERROR 6
+#define SPWQ_GENERAL_ERROR 7
+#define SPWQ_NO_PIN_ENTRY 8
+
+
+/* We often need to map error codes to gpg-error style error codes.
+ To have a consistent mapping this macro may be used to implemt the
+ mapping function. */
+#define MAP_SPWQ_ERROR_IMPL \
+ static gpg_error_t \
+ map_spwq_error (int err) \
+ { \
+ switch (err) \
+ { \
+ case 0: \
+ return 0; \
+ case SPWQ_OUT_OF_CORE: \
+ return gpg_error_from_errno (ENOMEM); \
+ case SPWQ_IO_ERROR: \
+ return gpg_error_from_errno (EIO); \
+ case SPWQ_PROTOCOL_ERROR: \
+ return gpg_error (GPG_ERR_PROTOCOL_VIOLATION); \
+ case SPWQ_ERR_RESPONSE: \
+ return gpg_error (GPG_ERR_INV_RESPONSE); \
+ case SPWQ_NO_AGENT: \
+ return gpg_error (GPG_ERR_NO_AGENT); \
+ case SPWQ_SYS_ERROR: \
+ return gpg_error_from_syserror (); \
+ case SPWQ_NO_PIN_ENTRY: \
+ return gpg_error (GPG_ERR_NO_PIN_ENTRY); \
+ case SPWQ_GENERAL_ERROR: \
+ default: \
+ return gpg_error (GPG_ERR_GENERAL); \
+ } \
+ }
+/* End of MAP_SPWQ_ERROR_IMPL. */
+
+
+#endif /*SIMPLE_PWQUERY_H*/
diff --git a/common/srv.c b/common/srv.c
new file mode 100644
index 0000000..f3831b4
--- /dev/null
+++ b/common/srv.c
@@ -0,0 +1,321 @@
+/* srv.c - DNS SRV code
+ * Copyright (C) 2003, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GNUPG.
+ *
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <sys/types.h>
+#ifdef _WIN32
+#include <windows.h>
+#else
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+#endif
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#ifdef USE_ADNS
+# include <adns.h>
+# ifndef HAVE_ADNS_FREE
+# define adns_free free
+# endif
+#endif
+
+#include "util.h"
+#include "srv.h"
+
+/* Not every installation has gotten around to supporting SRVs
+ yet... */
+#ifndef T_SRV
+#define T_SRV 33
+#endif
+
+static int
+priosort(const void *a,const void *b)
+{
+ const struct srventry *sa=a,*sb=b;
+ if(sa->priority>sb->priority)
+ return 1;
+ else if(sa->priority<sb->priority)
+ return -1;
+ else
+ return 0;
+}
+
+
+int
+getsrv (const char *name,struct srventry **list)
+{
+ int srvcount=0;
+ u16 count;
+ int i, rc;
+
+ *list = NULL;
+
+#ifdef USE_ADNS
+ {
+ adns_state state;
+ adns_answer *answer = NULL;
+
+ rc = adns_init (&state, adns_if_noerrprint, NULL);
+ if (rc)
+ {
+ log_error ("error initializing adns: %s\n", strerror (errno));
+ return -1;
+ }
+
+ rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query,
+ &answer);
+ if (rc)
+ {
+ log_error ("DNS query failed: %s\n", strerror (errno));
+ adns_finish (state);
+ return -1;
+ }
+ if (answer->status != adns_s_ok
+ || answer->type != adns_r_srv || !answer->nrrs)
+ {
+ /* log_error ("DNS query returned an error or no records: %s (%s)\n", */
+ /* adns_strerror (answer->status), */
+ /* adns_errabbrev (answer->status)); */
+ adns_free (answer);
+ adns_finish (state);
+ return 0;
+ }
+
+ for (count = 0; count < answer->nrrs; count++)
+ {
+ struct srventry *srv = NULL;
+ struct srventry *newlist;
+
+ if (strlen (answer->rrs.srvha[count].ha.host) >= MAXDNAME)
+ {
+ log_info ("hostname in SRV record too long - skipped\n");
+ continue;
+ }
+
+ newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
+ if (!newlist)
+ goto fail;
+ *list = newlist;
+ memset (&(*list)[srvcount], 0, sizeof(struct srventry));
+ srv = &(*list)[srvcount];
+ srvcount++;
+
+ srv->priority = answer->rrs.srvha[count].priority;
+ srv->weight = answer->rrs.srvha[count].weight;
+ srv->port = answer->rrs.srvha[count].port;
+ strcpy (srv->target, answer->rrs.srvha[count].ha.host);
+ }
+
+ adns_free (answer);
+ adns_finish (state);
+ }
+#else /*!USE_ADNS*/
+ {
+ unsigned char answer[2048];
+ HEADER *header = (HEADER *)answer;
+ unsigned char *pt, *emsg;
+ int r;
+ u16 dlen;
+
+ r = res_query (name, C_IN, T_SRV, answer, sizeof answer);
+ if (r < sizeof (HEADER) || r > sizeof answer)
+ return -1;
+ if (header->rcode != NOERROR || !(count=ntohs (header->ancount)))
+ return 0; /* Error or no record found. */
+
+ emsg = &answer[r];
+ pt = &answer[sizeof(HEADER)];
+
+ /* Skip over the query */
+ rc = dn_skipname (pt, emsg);
+ if (rc == -1)
+ goto fail;
+
+ pt += rc + QFIXEDSZ;
+
+ while (count-- > 0 && pt < emsg)
+ {
+ struct srventry *srv=NULL;
+ u16 type,class;
+ struct srventry *newlist;
+
+ newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
+ if (!newlist)
+ goto fail;
+ *list = newlist;
+ memset(&(*list)[srvcount],0,sizeof(struct srventry));
+ srv=&(*list)[srvcount];
+ srvcount++;
+
+ rc = dn_skipname(pt,emsg); /* the name we just queried for */
+ if (rc == -1)
+ goto fail;
+ pt+=rc;
+
+ /* Truncated message? */
+ if((emsg-pt)<16)
+ goto fail;
+
+ type=*pt++ << 8;
+ type|=*pt++;
+ /* We asked for SRV and got something else !? */
+ if(type!=T_SRV)
+ goto fail;
+
+ class=*pt++ << 8;
+ class|=*pt++;
+ /* We asked for IN and got something else !? */
+ if(class!=C_IN)
+ goto fail;
+
+ pt+=4; /* ttl */
+ dlen=*pt++ << 8;
+ dlen|=*pt++;
+ srv->priority=*pt++ << 8;
+ srv->priority|=*pt++;
+ srv->weight=*pt++ << 8;
+ srv->weight|=*pt++;
+ srv->port=*pt++ << 8;
+ srv->port|=*pt++;
+
+ /* Get the name. 2782 doesn't allow name compression, but
+ dn_expand still works to pull the name out of the
+ packet. */
+ rc = dn_expand(answer,emsg,pt,srv->target,MAXDNAME);
+ if (rc == 1 && srv->target[0] == 0) /* "." */
+ {
+ xfree(*list);
+ *list = NULL;
+ return 0;
+ }
+ if (rc == -1)
+ goto fail;
+ pt += rc;
+ /* Corrupt packet? */
+ if (dlen != rc+6)
+ goto fail;
+ }
+ }
+#endif /*!USE_ADNS*/
+
+ /* Now we have an array of all the srv records. */
+
+ /* Order by priority */
+ qsort(*list,srvcount,sizeof(struct srventry),priosort);
+
+ /* For each priority, move the zero-weighted items first. */
+ for (i=0; i < srvcount; i++)
+ {
+ int j;
+
+ for (j=i;j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
+ {
+ if((*list)[j].weight==0)
+ {
+ /* Swap j with i */
+ if(j!=i)
+ {
+ struct srventry temp;
+
+ memcpy (&temp,&(*list)[j],sizeof(struct srventry));
+ memcpy (&(*list)[j],&(*list)[i],sizeof(struct srventry));
+ memcpy (&(*list)[i],&temp,sizeof(struct srventry));
+ }
+
+ break;
+ }
+ }
+ }
+
+ /* Run the RFC-2782 weighting algorithm. We don't need very high
+ quality randomness for this, so regular libc srand/rand is
+ sufficient. Fixme: It is a bit questionaly to reinitalize srand
+ - better use a gnupg fucntion for this. */
+ srand(time(NULL)*getpid());
+
+ for (i=0; i < srvcount; i++)
+ {
+ int j;
+ float prio_count=0,chose;
+
+ for (j=i; j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
+ {
+ prio_count+=(*list)[j].weight;
+ (*list)[j].run_count=prio_count;
+ }
+
+ chose=prio_count*rand()/RAND_MAX;
+
+ for (j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
+ {
+ if (chose<=(*list)[j].run_count)
+ {
+ /* Swap j with i */
+ if(j!=i)
+ {
+ struct srventry temp;
+
+ memcpy(&temp,&(*list)[j],sizeof(struct srventry));
+ memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
+ memcpy(&(*list)[i],&temp,sizeof(struct srventry));
+ }
+ break;
+ }
+ }
+ }
+
+ return srvcount;
+
+ fail:
+ xfree(*list);
+ *list=NULL;
+ return -1;
+}
+
+#ifdef TEST
+int
+main(int argc,char *argv[])
+{
+ struct srventry *srv;
+ int rc,i;
+
+ rc=getsrv("_hkp._tcp.wwwkeys.pgp.net",&srv);
+ printf("Count=%d\n\n",rc);
+ for(i=0;i<rc;i++)
+ {
+ printf("priority=%hu\n",srv[i].priority);
+ printf("weight=%hu\n",srv[i].weight);
+ printf("port=%hu\n",srv[i].port);
+ printf("target=%s\n",srv[i].target);
+ printf("\n");
+ }
+
+ xfree(srv);
+
+ return 0;
+}
+#endif /* TEST */
+
+/*
+Local Variables:
+compile-command: "cc -DTEST -I.. -I../include -Wall -g -o srv srv.c -lresolv ../tools/no-libgcrypt.o ../jnlib/libjnlib.a"
+End:
+*/
diff --git a/common/srv.h b/common/srv.h
new file mode 100644
index 0000000..fa35863
--- /dev/null
+++ b/common/srv.h
@@ -0,0 +1,49 @@
+/* srv.h
+ * Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GNUPG.
+ *
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_SRV_H
+#define GNUPG_COMMON_SRV_H
+
+#ifdef USE_DNS_SRV
+# ifdef _WIN32
+# include <windows.h>
+# else
+# include <netinet/in.h>
+# include <arpa/nameser.h>
+# include <resolv.h>
+# endif /* !_WIN32 */
+#endif /* USE_DNS_SRV */
+
+
+#ifndef MAXDNAME
+#define MAXDNAME 1025
+#endif
+
+struct srventry
+{
+ unsigned short priority;
+ unsigned short weight;
+ unsigned short port;
+ int run_count;
+ char target[MAXDNAME];
+};
+
+int getsrv(const char *name,struct srventry **list);
+
+#endif /*GNUPG_COMMON_SRV_H*/
diff --git a/common/ssh-utils.c b/common/ssh-utils.c
new file mode 100644
index 0000000..e2de802
--- /dev/null
+++ b/common/ssh-utils.c
@@ -0,0 +1,187 @@
+/* ssh-utils.c - Secure Shell helper functions
+ * Copyright (C) 2011 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <ctype.h>
+#include <assert.h>
+
+#include "util.h"
+#include "ssh-utils.h"
+
+
+
+/* Return the Secure Shell type fingerprint for KEY. The length of
+ the fingerprint is returned at R_LEN and the fingerprint itself at
+ R_FPR. In case of a error code is returned and NULL stored at
+ R_FPR. This function is usually called via the ssh_get_fingerprint
+ macro which makes sure to use the correct value for ERRSOURCE. */
+static gpg_error_t
+get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len,
+ gpg_err_source_t errsource, int as_string)
+{
+ gpg_error_t err;
+ gcry_sexp_t list = NULL;
+ gcry_sexp_t l2 = NULL;
+ const char *s;
+ char *name = NULL;
+ int idx;
+ const char *elems;
+ gcry_md_hd_t md = NULL;
+
+ *r_fpr = NULL;
+ *r_len = 0;
+
+ /* Check that the first element is valid. */
+ list = gcry_sexp_find_token (key, "public-key", 0);
+ if (!list)
+ list = gcry_sexp_find_token (key, "private-key", 0);
+ if (!list)
+ list = gcry_sexp_find_token (key, "protected-private-key", 0);
+ if (!list)
+ list = gcry_sexp_find_token (key, "shadowed-private-key", 0);
+ if (!list)
+ {
+ err = gpg_err_make (errsource, GPG_ERR_UNKNOWN_SEXP);
+ goto leave;
+ }
+
+ l2 = gcry_sexp_cadr (list);
+ gcry_sexp_release (list);
+ list = l2;
+ l2 = NULL;
+
+ name = gcry_sexp_nth_string (list, 0);
+ if (!name)
+ {
+ err = gpg_err_make (errsource, GPG_ERR_INV_SEXP);
+ goto leave;
+ }
+
+ err = gcry_md_open (&md, GCRY_MD_MD5, 0);
+ if (err)
+ goto leave;
+
+ switch (gcry_pk_map_name (name))
+ {
+ case GCRY_PK_RSA:
+ elems = "en";
+ gcry_md_write (md, "\0\0\0\x07ssh-rsa", 11);
+ break;
+ case GCRY_PK_DSA:
+ elems = "pqgy";
+ gcry_md_write (md, "\0\0\0\x07ssh-dss", 11);
+ break;
+ default:
+ elems = "";
+ err = gpg_err_make (errsource, GPG_ERR_PUBKEY_ALGO);
+ break;
+ }
+ if (err)
+ goto leave;
+
+ for (idx = 0, s = elems; *s; s++, idx++)
+ {
+ gcry_mpi_t a;
+ unsigned char *buf;
+ size_t buflen;
+
+ l2 = gcry_sexp_find_token (list, s, 1);
+ if (!l2)
+ {
+ err = gpg_err_make (errsource, GPG_ERR_INV_SEXP);
+ goto leave;
+ }
+ a = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (l2);
+ l2 = NULL;
+ if (!a)
+ {
+ err = gpg_err_make (errsource, GPG_ERR_INV_SEXP);
+ goto leave;
+ }
+
+ err = gcry_mpi_aprint (GCRYMPI_FMT_SSH, &buf, &buflen, a);
+ gcry_mpi_release (a);
+ if (err)
+ goto leave;
+ gcry_md_write (md, buf, buflen);
+ gcry_free (buf);
+ }
+
+ *r_fpr = gcry_malloc (as_string? 61:20);
+ if (!*r_fpr)
+ {
+ err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
+ goto leave;
+ }
+
+ if (as_string)
+ {
+ bin2hexcolon (gcry_md_read (md, GCRY_MD_MD5), 16, *r_fpr);
+ *r_len = 3*16+1;
+ strlwr (*r_fpr);
+ }
+ else
+ {
+ memcpy (*r_fpr, gcry_md_read (md, GCRY_MD_MD5), 16);
+ *r_len = 16;
+ }
+ err = 0;
+
+ leave:
+ gcry_free (name);
+ gcry_sexp_release (l2);
+ gcry_md_close (md);
+ gcry_sexp_release (list);
+ return err;
+}
+
+/* Return the Secure Shell type fingerprint for KEY. The length of
+ the fingerprint is returned at R_LEN and the fingerprint itself at
+ R_FPR. In case of an error an error code is returned and NULL
+ stored at R_FPR. This function is usually called via the
+ ssh_get_fingerprint macro which makes sure to use the correct value
+ for ERRSOURCE. */
+gpg_error_t
+_ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len,
+ gpg_err_source_t errsource)
+{
+ return get_fingerprint (key, r_fpr, r_len, errsource, 0);
+}
+
+
+/* Return the Secure Shell type fingerprint for KEY as a string. The
+ fingerprint is mallcoed and stored at R_FPRSTR. In case of an
+ error an error code is returned and NULL stored at R_FPRSTR. This
+ function is usually called via the ssh_get_fingerprint_string macro
+ which makes sure to use the correct value for ERRSOURCE. */
+gpg_error_t
+_ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr,
+ gpg_err_source_t errsource)
+{
+ gpg_error_t err;
+ size_t dummy;
+ void *string;
+
+ err = get_fingerprint (key, &string, &dummy, errsource, 1);
+ *r_fprstr = string;
+ return err;
+}
diff --git a/common/ssh-utils.h b/common/ssh-utils.h
new file mode 100644
index 0000000..1813c8b
--- /dev/null
+++ b/common/ssh-utils.h
@@ -0,0 +1,36 @@
+/* ssh-utils.c - Secure Shell helper function definitions
+ * Copyright (C) 2011 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_SSH_UTILS_H
+#define GNUPG_COMMON_SSH_UTILS_H
+
+
+gpg_error_t _ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len,
+ gpg_err_source_t errsource);
+#define ssh_get_fingerprint(a,b,c) \
+ _ssh_get_fingerprint ((a), (b), (c), GPG_ERR_SOURCE_DEFAULT)
+
+gpg_error_t _ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr,
+ gpg_err_source_t errsource);
+#define ssh_get_fingerprint_string(a,b) \
+ _ssh_get_fingerprint_string ((a), (b), GPG_ERR_SOURCE_DEFAULT)
+
+
+
+#endif /*GNUPG_COMMON_SSH_UTILS_H*/
diff --git a/common/status-codes.h b/common/status-codes.h
new file mode 100644
index 0000000..5f59b49
--- /dev/null
+++ b/common/status-codes.h
@@ -0,0 +1,206 @@
+/* Output of mkstrtable.awk. DO NOT EDIT. */
+
+/* status.h - Status codes
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* The purpose of this complex string table is to produce
+ optimal code with a minimum of relocations. */
+
+static const char statusstr_msgstr[] =
+ "ENTER" "\0"
+ "LEAVE" "\0"
+ "ABORT" "\0"
+ "GOODSIG" "\0"
+ "BADSIG" "\0"
+ "ERRSIG" "\0"
+ "BADARMOR" "\0"
+ "RSA_OR_IDEA" "\0"
+ "TRUST_UNDEFINED" "\0"
+ "TRUST_NEVER" "\0"
+ "TRUST_MARGINAL" "\0"
+ "TRUST_FULLY" "\0"
+ "TRUST_ULTIMATE" "\0"
+ "NEED_PASSPHRASE" "\0"
+ "VALIDSIG" "\0"
+ "SIG_ID" "\0"
+ "ENC_TO" "\0"
+ "NODATA" "\0"
+ "BAD_PASSPHRASE" "\0"
+ "NO_PUBKEY" "\0"
+ "NO_SECKEY" "\0"
+ "NEED_PASSPHRASE_SYM" "\0"
+ "DECRYPTION_INFO" "\0"
+ "DECRYPTION_FAILED" "\0"
+ "DECRYPTION_OKAY" "\0"
+ "MISSING_PASSPHRASE" "\0"
+ "GOOD_PASSPHRASE" "\0"
+ "GOODMDC" "\0"
+ "BADMDC" "\0"
+ "ERRMDC" "\0"
+ "IMPORTED" "\0"
+ "IMPORT_OK" "\0"
+ "IMPORT_PROBLEM" "\0"
+ "IMPORT_RES" "\0"
+ "IMPORT_CHECK" "\0"
+ "FILE_START" "\0"
+ "FILE_DONE" "\0"
+ "FILE_ERROR" "\0"
+ "BEGIN_DECRYPTION" "\0"
+ "END_DECRYPTION" "\0"
+ "BEGIN_ENCRYPTION" "\0"
+ "END_ENCRYPTION" "\0"
+ "BEGIN_SIGNING" "\0"
+ "DELETE_PROBLEM" "\0"
+ "GET_BOOL" "\0"
+ "GET_LINE" "\0"
+ "GET_HIDDEN" "\0"
+ "GOT_IT" "\0"
+ "PROGRESS" "\0"
+ "SIG_CREATED" "\0"
+ "SESSION_KEY" "\0"
+ "NOTATION_NAME" "\0"
+ "NOTATION_DATA" "\0"
+ "POLICY_URL" "\0"
+ "BEGIN_STREAM" "\0"
+ "END_STREAM" "\0"
+ "KEY_CREATED" "\0"
+ "USERID_HINT" "\0"
+ "UNEXPECTED" "\0"
+ "INV_RECP" "\0"
+ "INV_SGNR" "\0"
+ "NO_RECP" "\0"
+ "NO_SGNR" "\0"
+ "ALREADY_SIGNED" "\0"
+ "KEYEXPIRED" "\0"
+ "KEYREVOKED" "\0"
+ "SIGEXPIRED" "\0"
+ "EXPSIG" "\0"
+ "EXPKEYSIG" "\0"
+ "ATTRIBUTE" "\0"
+ "REVKEYSIG" "\0"
+ "NEWSIG" "\0"
+ "SIG_SUBPACKET" "\0"
+ "PLAINTEXT" "\0"
+ "PLAINTEXT_LENGTH" "\0"
+ "KEY_NOT_CREATED" "\0"
+ "NEED_PASSPHRASE_PIN" "\0"
+ "CARDCTRL" "\0"
+ "SC_OP_FAILURE" "\0"
+ "SC_OP_SUCCESS" "\0"
+ "BACKUP_KEY_CREATED" "\0"
+ "PKA_TRUST_BAD" "\0"
+ "PKA_TRUST_GOOD" "\0"
+ "TRUNCATED" "\0"
+ "ERROR" "\0"
+ "SUCCESS";
+
+static const int statusstr_msgidx[] =
+ {
+ 0,
+ 6,
+ 12,
+ 18,
+ 26,
+ 33,
+ 40,
+ 49,
+ 61,
+ 77,
+ 89,
+ 104,
+ 116,
+ 131,
+ 147,
+ 156,
+ 163,
+ 170,
+ 177,
+ 192,
+ 202,
+ 212,
+ 232,
+ 248,
+ 266,
+ 282,
+ 301,
+ 317,
+ 325,
+ 332,
+ 339,
+ 348,
+ 358,
+ 373,
+ 384,
+ 397,
+ 408,
+ 418,
+ 429,
+ 446,
+ 461,
+ 478,
+ 493,
+ 507,
+ 522,
+ 531,
+ 540,
+ 551,
+ 558,
+ 567,
+ 579,
+ 591,
+ 605,
+ 619,
+ 630,
+ 643,
+ 654,
+ 666,
+ 678,
+ 689,
+ 698,
+ 707,
+ 715,
+ 723,
+ 738,
+ 749,
+ 760,
+ 771,
+ 778,
+ 788,
+ 798,
+ 808,
+ 815,
+ 829,
+ 839,
+ 856,
+ 872,
+ 892,
+ 901,
+ 915,
+ 929,
+ 948,
+ 962,
+ 977,
+ 987,
+ 993,
+
+ };
+
+#define statusstr_msgidxof(code) (0 ? -1 \
+ : ((code >= 0) && (code <= 85)) ? (code - 0) \
+ : -1)
diff --git a/common/status.c b/common/status.c
new file mode 100644
index 0000000..7b9f4a3
--- /dev/null
+++ b/common/status.c
@@ -0,0 +1,66 @@
+/* status.c - status code helper functions
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+
+#include "util.h"
+#include "status.h"
+#include "status-codes.h"
+
+
+/* Return the status string for code NO. */
+const char *
+get_status_string ( int no )
+{
+ int idx = statusstr_msgidxof (no);
+ if (idx == -1)
+ return "?";
+ else
+ return statusstr_msgstr + statusstr_msgidx[idx];
+}
+
+
+const char *
+get_inv_recpsgnr_code (gpg_error_t err)
+{
+ const char *errstr;
+
+ switch (gpg_err_code (err))
+ {
+ case GPG_ERR_NO_PUBKEY: errstr = "1"; break;
+ case GPG_ERR_AMBIGUOUS_NAME: errstr = "2"; break;
+ case GPG_ERR_WRONG_KEY_USAGE: errstr = "3"; break;
+ case GPG_ERR_CERT_REVOKED: errstr = "4"; break;
+ case GPG_ERR_CERT_EXPIRED: errstr = "5"; break;
+ case GPG_ERR_NO_CRL_KNOWN: errstr = "6"; break;
+ case GPG_ERR_CRL_TOO_OLD: errstr = "7"; break;
+ case GPG_ERR_NO_POLICY_MATCH: errstr = "8"; break;
+
+ case GPG_ERR_UNUSABLE_SECKEY:
+ case GPG_ERR_NO_SECKEY: errstr = "9"; break;
+
+ case GPG_ERR_NOT_TRUSTED: errstr = "10"; break;
+ case GPG_ERR_MISSING_CERT: errstr = "11"; break;
+ case GPG_ERR_MISSING_ISSUER_CERT: errstr = "12"; break;
+ default: errstr = "0"; break;
+ }
+
+ return errstr;
+}
diff --git a/common/status.h b/common/status.h
new file mode 100644
index 0000000..cfb64ca
--- /dev/null
+++ b/common/status.h
@@ -0,0 +1,137 @@
+/* status.h - Status codes
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_STATUS_H
+#define GNUPG_COMMON_STATUS_H
+
+enum
+ {
+ STATUS_ENTER,
+ STATUS_LEAVE,
+ STATUS_ABORT,
+
+ STATUS_GOODSIG,
+ STATUS_BADSIG,
+ STATUS_ERRSIG,
+
+ STATUS_BADARMOR,
+
+ STATUS_RSA_OR_IDEA,
+
+ STATUS_TRUST_UNDEFINED,
+ STATUS_TRUST_NEVER,
+ STATUS_TRUST_MARGINAL,
+ STATUS_TRUST_FULLY,
+ STATUS_TRUST_ULTIMATE,
+
+ STATUS_NEED_PASSPHRASE,
+ STATUS_VALIDSIG,
+ STATUS_SIG_ID,
+ STATUS_ENC_TO,
+ STATUS_NODATA,
+ STATUS_BAD_PASSPHRASE,
+ STATUS_NO_PUBKEY,
+ STATUS_NO_SECKEY,
+ STATUS_NEED_PASSPHRASE_SYM,
+ STATUS_DECRYPTION_INFO,
+ STATUS_DECRYPTION_FAILED,
+ STATUS_DECRYPTION_OKAY,
+ STATUS_MISSING_PASSPHRASE,
+ STATUS_GOOD_PASSPHRASE,
+ STATUS_GOODMDC,
+ STATUS_BADMDC,
+ STATUS_ERRMDC,
+ STATUS_IMPORTED,
+ STATUS_IMPORT_OK,
+ STATUS_IMPORT_PROBLEM,
+ STATUS_IMPORT_RES,
+ STATUS_IMPORT_CHECK,
+
+ STATUS_FILE_START,
+ STATUS_FILE_DONE,
+ STATUS_FILE_ERROR,
+
+ STATUS_BEGIN_DECRYPTION,
+ STATUS_END_DECRYPTION,
+ STATUS_BEGIN_ENCRYPTION,
+ STATUS_END_ENCRYPTION,
+ STATUS_BEGIN_SIGNING,
+
+ STATUS_DELETE_PROBLEM,
+
+ STATUS_GET_BOOL,
+ STATUS_GET_LINE,
+ STATUS_GET_HIDDEN,
+ STATUS_GOT_IT,
+
+ STATUS_PROGRESS,
+ STATUS_SIG_CREATED,
+ STATUS_SESSION_KEY,
+ STATUS_NOTATION_NAME,
+ STATUS_NOTATION_DATA,
+ STATUS_POLICY_URL,
+ STATUS_BEGIN_STREAM,
+ STATUS_END_STREAM,
+ STATUS_KEY_CREATED,
+ STATUS_USERID_HINT,
+ STATUS_UNEXPECTED,
+ STATUS_INV_RECP,
+ STATUS_INV_SGNR,
+ STATUS_NO_RECP,
+ STATUS_NO_SGNR,
+
+ STATUS_ALREADY_SIGNED,
+ STATUS_KEYEXPIRED,
+ STATUS_KEYREVOKED,
+ STATUS_SIGEXPIRED,
+ STATUS_EXPSIG,
+ STATUS_EXPKEYSIG,
+
+ STATUS_ATTRIBUTE,
+
+ STATUS_REVKEYSIG,
+
+ STATUS_NEWSIG,
+ STATUS_SIG_SUBPACKET,
+
+ STATUS_PLAINTEXT,
+ STATUS_PLAINTEXT_LENGTH,
+ STATUS_KEY_NOT_CREATED,
+ STATUS_NEED_PASSPHRASE_PIN,
+
+ STATUS_CARDCTRL,
+ STATUS_SC_OP_FAILURE,
+ STATUS_SC_OP_SUCCESS,
+
+ STATUS_BACKUP_KEY_CREATED,
+
+ STATUS_PKA_TRUST_BAD,
+ STATUS_PKA_TRUST_GOOD,
+
+ STATUS_TRUNCATED,
+ STATUS_ERROR,
+ STATUS_SUCCESS
+};
+
+
+const char *get_status_string (int code);
+const char *get_inv_recpsgnr_code (gpg_error_t err);
+
+
+#endif /*GNUPG_COMMON_STATUS_H*/
diff --git a/common/sysutils.c b/common/sysutils.c
new file mode 100644
index 0000000..8e0c75c
--- /dev/null
+++ b/common/sysutils.c
@@ -0,0 +1,492 @@
+/* sysutils.c - system helpers
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004,
+ * 2007, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#ifdef WITHOUT_GNU_PTH /* Give the Makefile a chance to build without Pth. */
+# undef HAVE_PTH
+# undef USE_GNU_PTH
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#ifdef HAVE_STAT
+# include <sys/stat.h>
+#endif
+#if defined(__linux__) && defined(__alpha__) && __GLIBC__ < 2
+# include <asm/sysinfo.h>
+# include <asm/unistd.h>
+#endif
+#ifdef HAVE_SETRLIMIT
+# include <time.h>
+# include <sys/time.h>
+# include <sys/resource.h>
+#endif
+#ifdef HAVE_W32_SYSTEM
+# define WINVER 0x0500 /* Required for AllowSetForegroundWindow. */
+# include <windows.h>
+#endif
+#ifdef HAVE_PTH
+# include <pth.h>
+#endif
+#include <fcntl.h>
+
+#include "util.h"
+#include "i18n.h"
+
+#include "sysutils.h"
+
+#define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A'))
+
+
+#if defined(__linux__) && defined(__alpha__) && __GLIBC__ < 2
+#warning using trap_unaligned
+static int
+setsysinfo(unsigned long op, void *buffer, unsigned long size,
+ int *start, void *arg, unsigned long flag)
+{
+ return syscall(__NR_osf_setsysinfo, op, buffer, size, start, arg, flag);
+}
+
+void
+trap_unaligned(void)
+{
+ unsigned int buf[2];
+
+ buf[0] = SSIN_UACPROC;
+ buf[1] = UAC_SIGBUS | UAC_NOPRINT;
+ setsysinfo(SSI_NVPAIRS, buf, 1, 0, 0, 0);
+}
+#else
+void
+trap_unaligned(void)
+{ /* dummy */
+}
+#endif
+
+
+int
+disable_core_dumps (void)
+{
+#ifdef HAVE_DOSISH_SYSTEM
+ return 0;
+#else
+# ifdef HAVE_SETRLIMIT
+ struct rlimit limit;
+
+ /* We only set the current limit unless we were not able to
+ retrieve the old value. */
+ if (getrlimit (RLIMIT_CORE, &limit))
+ limit.rlim_max = 0;
+ limit.rlim_cur = 0;
+ if( !setrlimit (RLIMIT_CORE, &limit) )
+ return 0;
+ if( errno != EINVAL && errno != ENOSYS )
+ log_fatal (_("can't disable core dumps: %s\n"), strerror(errno) );
+#endif
+ return 1;
+#endif
+}
+
+int
+enable_core_dumps (void)
+{
+#ifdef HAVE_DOSISH_SYSTEM
+ return 0;
+#else
+# ifdef HAVE_SETRLIMIT
+ struct rlimit limit;
+
+ if (getrlimit (RLIMIT_CORE, &limit))
+ return 1;
+ limit.rlim_cur = limit.rlim_max;
+ setrlimit (RLIMIT_CORE, &limit);
+ return 1; /* We always return true because this function is
+ merely a debugging aid. */
+# endif
+ return 1;
+#endif
+}
+
+
+
+/* Return a string which is used as a kind of process ID */
+const byte *
+get_session_marker( size_t *rlen )
+{
+ static byte marker[SIZEOF_UNSIGNED_LONG*2];
+ static int initialized;
+
+ if ( !initialized ) {
+ volatile ulong aa, bb; /* we really want the uninitialized value */
+ ulong a, b;
+
+ initialized = 1;
+ /* Although this marker is guessable it is not easy to use
+ * for a faked control packet because an attacker does not
+ * have enough control about the time the verification does
+ * take place. Of course, we can add just more random but
+ * than we need the random generator even for verification
+ * tasks - which does not make sense. */
+ a = aa ^ (ulong)getpid();
+ b = bb ^ (ulong)time(NULL);
+ memcpy( marker, &a, SIZEOF_UNSIGNED_LONG );
+ memcpy( marker+SIZEOF_UNSIGNED_LONG, &b, SIZEOF_UNSIGNED_LONG );
+ }
+ *rlen = sizeof(marker);
+ return marker;
+}
+
+
+#if 0 /* not yet needed - Note that this will require inclusion of
+ cmacros.am in Makefile.am */
+int
+check_permissions(const char *path,int extension,int checkonly)
+{
+#if defined(HAVE_STAT) && !defined(HAVE_DOSISH_SYSTEM)
+ char *tmppath;
+ struct stat statbuf;
+ int ret=1;
+ int isdir=0;
+
+ if(opt.no_perm_warn)
+ return 0;
+
+ if(extension && path[0]!=DIRSEP_C)
+ {
+ if(strchr(path,DIRSEP_C))
+ tmppath=make_filename(path,NULL);
+ else
+ tmppath=make_filename(GNUPG_LIBDIR,path,NULL);
+ }
+ else
+ tmppath=m_strdup(path);
+
+ /* It's okay if the file doesn't exist */
+ if(stat(tmppath,&statbuf)!=0)
+ {
+ ret=0;
+ goto end;
+ }
+
+ isdir=S_ISDIR(statbuf.st_mode);
+
+ /* Per-user files must be owned by the user. Extensions must be
+ owned by the user or root. */
+ if((!extension && statbuf.st_uid != getuid()) ||
+ (extension && statbuf.st_uid!=0 && statbuf.st_uid!=getuid()))
+ {
+ if(!checkonly)
+ log_info(_("Warning: unsafe ownership on %s \"%s\"\n"),
+ isdir?"directory":extension?"extension":"file",path);
+ goto end;
+ }
+
+ /* This works for both directories and files - basically, we don't
+ care what the owner permissions are, so long as the group and
+ other permissions are 0 for per-user files, and non-writable for
+ extensions. */
+ if((extension && (statbuf.st_mode & (S_IWGRP|S_IWOTH)) !=0) ||
+ (!extension && (statbuf.st_mode & (S_IRWXG|S_IRWXO)) != 0))
+ {
+ char *dir;
+
+ /* However, if the directory the directory/file is in is owned
+ by the user and is 700, then this is not a problem.
+ Theoretically, we could walk this test up to the root
+ directory /, but for the sake of sanity, I'm stopping at one
+ level down. */
+
+ dir= make_dirname (tmppath);
+ if(stat(dir,&statbuf)==0 && statbuf.st_uid==getuid() &&
+ S_ISDIR(statbuf.st_mode) && (statbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
+ {
+ xfree (dir);
+ ret=0;
+ goto end;
+ }
+
+ m_free(dir);
+
+ if(!checkonly)
+ log_info(_("Warning: unsafe permissions on %s \"%s\"\n"),
+ isdir?"directory":extension?"extension":"file",path);
+ goto end;
+ }
+
+ ret=0;
+
+ end:
+ m_free(tmppath);
+
+ return ret;
+
+#endif /* HAVE_STAT && !HAVE_DOSISH_SYSTEM */
+
+ return 0;
+}
+#endif
+
+
+/* Wrapper around the usual sleep fucntion. This one won't wake up
+ before the sleep time has really elapsed. When build with Pth it
+ merely calls pth_sleep and thus suspends only the current
+ thread. */
+void
+gnupg_sleep (unsigned int seconds)
+{
+#ifdef HAVE_PTH
+ /* With Pth we force a regular sleep for seconds == 0 so that also
+ the process will give up its timeslot. */
+ if (!seconds)
+ {
+# ifdef HAVE_W32_SYSTEM
+ Sleep (0);
+# else
+ sleep (0);
+# endif
+ }
+ pth_sleep (seconds);
+#else
+ /* Fixme: make sure that a sleep won't wake up to early. */
+# ifdef HAVE_W32_SYSTEM
+ Sleep (seconds*1000);
+# else
+ sleep (seconds);
+# endif
+#endif
+}
+
+
+/* This function is a NOP for POSIX systems but required under Windows
+ as the file handles as returned by OS calls (like CreateFile) are
+ different from the libc file descriptors (like open). This function
+ translates system file handles to libc file handles. FOR_WRITE
+ gives the direction of the handle. */
+int
+translate_sys2libc_fd (gnupg_fd_t fd, int for_write)
+{
+#ifdef HAVE_W32_SYSTEM
+ int x;
+
+ if (fd == GNUPG_INVALID_FD)
+ return -1;
+
+ /* Note that _open_osfhandle is currently defined to take and return
+ a long. */
+ x = _open_osfhandle ((long)fd, for_write ? 1 : 0);
+ if (x == -1)
+ log_error ("failed to translate osfhandle %p\n", (void *) fd);
+ return x;
+#else /*!HAVE_W32_SYSTEM */
+ (void)for_write;
+ return fd;
+#endif
+}
+
+/* This is the same as translate_sys2libc_fd but takes an integer
+ which is assumed to be such an system handle. */
+int
+translate_sys2libc_fd_int (int fd, int for_write)
+{
+#ifdef HAVE_W32_SYSTEM
+ if (fd <= 2)
+ return fd; /* Do not do this for error, stdin, stdout, stderr. */
+
+ return translate_sys2libc_fd ((void*)fd, for_write);
+#else
+ (void)for_write;
+ return fd;
+#endif
+}
+
+
+
+/* Replacement for tmpfile(). This is required because the tmpfile
+ function of Windows' runtime library is broken, insecure, ignores
+ TMPDIR and so on. In addition we create a file with an inheritable
+ handle. */
+FILE *
+gnupg_tmpfile (void)
+{
+#ifdef HAVE_W32_SYSTEM
+ int attempts, n;
+ char buffer[MAX_PATH+7+12+1];
+ char *name, *p;
+ HANDLE file;
+ int pid = GetCurrentProcessId ();
+ unsigned int value;
+ int i;
+ SECURITY_ATTRIBUTES sec_attr;
+
+ memset (&sec_attr, 0, sizeof sec_attr );
+ sec_attr.nLength = sizeof sec_attr;
+ sec_attr.bInheritHandle = TRUE;
+
+ n = GetTempPath (MAX_PATH+1, buffer);
+ if (!n || n > MAX_PATH || strlen (buffer) > MAX_PATH)
+ {
+ errno = ENOENT;
+ return NULL;
+ }
+ p = buffer + strlen (buffer);
+ p = stpcpy (p, "_gnupg");
+ /* We try to create the directory but don't care about an error as
+ it may already exist and the CreateFile would throw an error
+ anyway. */
+ CreateDirectory (buffer, NULL);
+ *p++ = '\\';
+ name = p;
+ for (attempts=0; attempts < 10; attempts++)
+ {
+ p = name;
+ value = (GetTickCount () ^ ((pid<<16) & 0xffff0000));
+ for (i=0; i < 8; i++)
+ {
+ *p++ = tohex (((value >> 28) & 0x0f));
+ value <<= 4;
+ }
+ strcpy (p, ".tmp");
+ file = CreateFile (buffer,
+ GENERIC_READ | GENERIC_WRITE,
+ 0,
+ &sec_attr,
+ CREATE_NEW,
+ FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE,
+ NULL);
+ if (file != INVALID_HANDLE_VALUE)
+ {
+ FILE *fp;
+ int fd = _open_osfhandle ((long)file, 0);
+ if (fd == -1)
+ {
+ CloseHandle (file);
+ return NULL;
+ }
+ fp = fdopen (fd, "w+b");
+ if (!fp)
+ {
+ int save = errno;
+ close (fd);
+ errno = save;
+ return NULL;
+ }
+ return fp;
+ }
+ Sleep (1); /* One ms as this is the granularity of GetTickCount. */
+ }
+ errno = ENOENT;
+ return NULL;
+#else /*!HAVE_W32_SYSTEM*/
+ return tmpfile ();
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+
+/* Make sure that the standard file descriptors are opened. Obviously
+ some folks close them before an exec and the next file we open will
+ get one of them assigned and thus any output (i.e. diagnostics) end
+ up in that file (e.g. the trustdb). Not actually a gpg problem as
+ this will hapen with almost all utilities when called in a wrong
+ way. However we try to minimize the damage here and raise
+ awareness of the problem.
+
+ Must be called before we open any files! */
+void
+gnupg_reopen_std (const char *pgmname)
+{
+#if defined(HAVE_STAT) && !defined(HAVE_W32_SYSTEM)
+ struct stat statbuf;
+ int did_stdin = 0;
+ int did_stdout = 0;
+ int did_stderr = 0;
+ FILE *complain;
+
+ if (fstat (STDIN_FILENO, &statbuf) == -1 && errno ==EBADF)
+ {
+ if (open ("/dev/null",O_RDONLY) == STDIN_FILENO)
+ did_stdin = 1;
+ else
+ did_stdin = 2;
+ }
+
+ if (fstat (STDOUT_FILENO, &statbuf) == -1 && errno == EBADF)
+ {
+ if (open ("/dev/null",O_WRONLY) == STDOUT_FILENO)
+ did_stdout = 1;
+ else
+ did_stdout = 2;
+ }
+
+ if (fstat (STDERR_FILENO, &statbuf)==-1 && errno==EBADF)
+ {
+ if (open ("/dev/null", O_WRONLY) == STDERR_FILENO)
+ did_stderr = 1;
+ else
+ did_stderr = 2;
+ }
+
+ /* It's hard to log this sort of thing since the filehandle we would
+ complain to may be closed... */
+ if (!did_stderr)
+ complain = stderr;
+ else if (!did_stdout)
+ complain = stdout;
+ else
+ complain = NULL;
+
+ if (complain)
+ {
+ if (did_stdin == 1)
+ fprintf (complain, "%s: WARNING: standard input reopened\n", pgmname);
+ if (did_stdout == 1)
+ fprintf (complain, "%s: WARNING: standard output reopened\n", pgmname);
+ if (did_stderr == 1)
+ fprintf (complain, "%s: WARNING: standard error reopened\n", pgmname);
+
+ if (did_stdin == 2 || did_stdout == 2 || did_stderr == 2)
+ fprintf(complain,"%s: fatal: unable to reopen standard input,"
+ " output, or error\n", pgmname);
+ }
+
+ if (did_stdin == 2 || did_stdout == 2 || did_stderr == 2)
+ exit (3);
+#else /* !(HAVE_STAT && !HAVE_W32_SYSTEM) */
+ (void)pgmname;
+#endif
+}
+
+
+/* Hack required for Windows. */
+void
+gnupg_allow_set_foregound_window (pid_t pid)
+{
+ if (!pid)
+ log_info ("%s called with invalid pid %lu\n",
+ "gnupg_allow_set_foregound_window", (unsigned long)pid);
+#ifdef HAVE_W32_SYSTEM
+ else if (!AllowSetForegroundWindow ((pid_t)pid == (pid_t)(-1)?ASFW_ANY:pid))
+ log_info ("AllowSetForegroundWindow(%lu) failed: %s\n",
+ (unsigned long)pid, w32_strerror (-1));
+#endif
+}
diff --git a/common/sysutils.h b/common/sysutils.h
new file mode 100644
index 0000000..fd4340f
--- /dev/null
+++ b/common/sysutils.h
@@ -0,0 +1,59 @@
+/* sysutils.h - System utility functions for Gnupg
+ * Copyright (C) 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_SYSUTILS_H
+#define GNUPG_COMMON_SYSUTILS_H
+
+/* Because we use system handles and not libc low level file
+ descriptors on W32, we need to declare them as HANDLE (which
+ actually is a plain pointer). This is required to eventually
+ support 64 bits Windows systems. */
+#ifdef HAVE_W32_SYSTEM
+typedef void *gnupg_fd_t;
+#define GNUPG_INVALID_FD ((void*)(-1))
+#define INT2FD(s) ((void *)(s))
+#define FD2INT(h) ((unsigned int)(h))
+#else
+typedef int gnupg_fd_t;
+#define GNUPG_INVALID_FD (-1)
+#define INT2FD(s) (s)
+#define FD2INT(h) (h)
+#endif
+
+
+void trap_unaligned (void);
+int disable_core_dumps (void);
+int enable_core_dumps (void);
+const unsigned char *get_session_marker (size_t *rlen);
+/*int check_permissions (const char *path,int extension,int checkonly);*/
+void gnupg_sleep (unsigned int seconds);
+int translate_sys2libc_fd (gnupg_fd_t fd, int for_write);
+int translate_sys2libc_fd_int (int fd, int for_write);
+FILE *gnupg_tmpfile (void);
+void gnupg_reopen_std (const char *pgmname);
+void gnupg_allow_set_foregound_window (pid_t pid);
+
+
+#ifdef HAVE_W32_SYSTEM
+
+#include "../jnlib/w32help.h"
+
+#endif /*HAVE_W32_SYSTEM*/
+
+#endif /*GNUPG_COMMON_SYSUTILS_H*/
diff --git a/common/t-b64.c b/common/t-b64.c
new file mode 100644
index 0000000..a230dc0
--- /dev/null
+++ b/common/t-b64.c
@@ -0,0 +1,182 @@
+/* t-b64.c - Module tests for b64enc.c and b64dec.c
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+
+ As of now this is only a test program for manual tests.
+
+ */
+
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "util.h"
+
+#define pass() do { ; } while(0)
+#define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\
+ __FILE__,__LINE__, (a)); \
+ errcount++; \
+ } while(0)
+
+static int verbose;
+static int errcount;
+
+static void
+test_b64enc_pgp (const char *string)
+{
+ gpg_error_t err;
+ struct b64state state;
+
+ if (!string)
+ string = "a";
+
+ err = b64enc_start (&state, stdout, "PGP MESSAGE");
+ if (err)
+ fail (1);
+
+ err = b64enc_write (&state, string, strlen (string));
+ if (err)
+ fail (2);
+
+ err = b64enc_finish (&state);
+ if (err)
+ fail (3);
+
+ pass ();
+}
+
+
+static void
+test_b64enc_file (const char *fname)
+{
+ gpg_error_t err;
+ struct b64state state;
+ FILE *fp;
+ char buffer[50];
+ size_t nread;
+
+ fp = fname ? fopen (fname, "r") : stdin;
+ if (!fp)
+ {
+ fprintf (stderr, "%s:%d: can't open `%s': %s\n",
+ __FILE__, __LINE__, fname? fname:"[stdin]", strerror (errno));
+ fail (0);
+ }
+
+ err = b64enc_start (&state, stdout, "DATA");
+ if (err)
+ fail (1);
+
+ while ( (nread = fread (buffer, 1, sizeof buffer, fp)) )
+ {
+ err = b64enc_write (&state, buffer, nread);
+ if (err)
+ fail (2);
+ }
+
+ err = b64enc_finish (&state);
+ if (err)
+ fail (3);
+
+ fclose (fp);
+ pass ();
+}
+
+static void
+test_b64dec_file (const char *fname)
+{
+ gpg_error_t err;
+ struct b64state state;
+ FILE *fp;
+ char buffer[50];
+ size_t nread, nbytes;
+
+ fp = fname ? fopen (fname, "r") : stdin;
+ if (!fp)
+ {
+ fprintf (stderr, "%s:%d: can't open `%s': %s\n",
+ __FILE__, __LINE__, fname? fname:"[stdin]", strerror (errno));
+ fail (0);
+ }
+
+ err = b64dec_start (&state, "");
+ if (err)
+ fail (1);
+
+ while ( (nread = fread (buffer, 1, sizeof buffer, fp)) )
+ {
+ err = b64dec_proc (&state, buffer, nread, &nbytes);
+ if (err)
+ {
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ break;
+ fail (2);
+ }
+ else if (nbytes)
+ fwrite (buffer, 1, nbytes, stdout);
+ }
+
+ err = b64dec_finish (&state);
+ if (err)
+ fail (3);
+
+ fclose (fp);
+ pass ();
+}
+
+
+
+int
+main (int argc, char **argv)
+{
+ int do_encode = 0;
+ int do_decode = 0;
+
+ if (argc)
+ { argc--; argv++; }
+ if (argc && !strcmp (argv[0], "--verbose"))
+ {
+ verbose = 1;
+ argc--; argv++;
+ }
+
+ if (argc && !strcmp (argv[0], "--encode"))
+ {
+ do_encode = 1;
+ argc--; argv++;
+ }
+ else if (argc && !strcmp (argv[0], "--decode"))
+ {
+ do_decode = 1;
+ argc--; argv++;
+ }
+
+ if (do_encode)
+ test_b64enc_file (argc? *argv: NULL);
+ else if (do_decode)
+ test_b64dec_file (argc? *argv: NULL);
+ else
+ test_b64enc_pgp (argc? *argv: NULL);
+
+ return !!errcount;
+}
+
diff --git a/common/t-convert.c b/common/t-convert.c
new file mode 100644
index 0000000..4b04f3a
--- /dev/null
+++ b/common/t-convert.c
@@ -0,0 +1,461 @@
+/* t-convert.c - Module test for convert.c
+ * Copyright (C) 2006, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+
+#include "util.h"
+
+#define pass() do { ; } while(0)
+#define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\
+ __FILE__,__LINE__, (a)); \
+ exit (1); \
+ } while(0)
+
+
+static void
+test_hex2bin (void)
+{
+ static const char *valid[] = {
+ "00112233445566778899aabbccddeeff11223344",
+ "00112233445566778899AABBCCDDEEFF11223344",
+ "00112233445566778899AABBCCDDEEFF11223344 blah",
+ "00112233445566778899AABBCCDDEEFF11223344\tblah",
+ "00112233445566778899AABBCCDDEEFF11223344\nblah",
+ NULL
+ };
+ static const char *invalid[] = {
+ "00112233445566778899aabbccddeeff1122334",
+ "00112233445566778899AABBCCDDEEFF1122334",
+ "00112233445566778899AABBCCDDEEFG11223344",
+ "00 112233445566778899aabbccddeeff11223344",
+ "00:112233445566778899aabbccddeeff11223344",
+ ":00112233445566778899aabbccddeeff11223344",
+ "0:0112233445566778899aabbccddeeff11223344",
+ "00112233445566778899aabbccddeeff11223344:",
+ "00112233445566778899aabbccddeeff112233445",
+ "00112233445566778899aabbccddeeff1122334455",
+ "00112233445566778899aabbccddeeff11223344blah",
+ NULL
+ };
+ static const char *valid2[] = {
+ "00",
+ "00 x",
+ NULL
+ };
+ static const char *invalid2[] = {
+ "",
+ "0",
+ "00:",
+ "00x",
+ " 00",
+ NULL
+ };
+ unsigned char buffer[20];
+ int len;
+ int i;
+
+
+ for (i=0; valid[i]; i++)
+ {
+ len = hex2bin (valid[i], buffer, sizeof buffer);
+ if (len < 0)
+ fail (i);
+ if (memcmp (buffer, ("\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa"
+ "\xbb\xcc\xdd\xee\xff\x11\x22\x33\x44"), 20))
+ fail (i);
+ }
+ if (hex2bin (valid[0], buffer, sizeof buffer) != 40)
+ fail (0);
+ if (hex2bin (valid[2], buffer, sizeof buffer) != 41)
+ fail (0);
+
+ for (i=0; invalid[i]; i++)
+ {
+ len = hex2bin (invalid[i], buffer, sizeof buffer);
+ if (!(len < 0))
+ fail (i);
+ }
+
+ for (i=0; valid2[i]; i++)
+ {
+ len = hex2bin (valid2[i], buffer, 1);
+ if (len < 0)
+ fail (i);
+ if (memcmp (buffer, "\x00", 1))
+ fail (i);
+ }
+ if (hex2bin (valid2[0], buffer, 1) != 2)
+ fail (0);
+ if (hex2bin (valid2[1], buffer, 1) != 3)
+ fail (0);
+
+ for (i=0; invalid2[i]; i++)
+ {
+ len = hex2bin (invalid2[i], buffer, 1);
+ if (!(len < 0))
+ fail (i);
+ }
+}
+
+
+
+static void
+test_hexcolon2bin (void)
+{
+ static const char *valid[] = {
+ "00112233445566778899aabbccddeeff11223344",
+ "00112233445566778899AABBCCDDEEFF11223344",
+ "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:11:22:33:44",
+ "00112233445566778899AABBCCDDEEFF11223344 blah",
+ "00112233445566778899AABBCCDDEEFF11223344\tblah",
+ "00112233445566778899AABBCCDDEEFF11223344\nblah",
+ NULL
+ };
+ static const char *invalid[] = {
+ "00112233445566778899aabbccddeeff1122334",
+ "00112233445566778899AABBCCDDEEFF1122334",
+ "00112233445566778899AABBCCDDEEFG11223344",
+ ":00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:11:22:33:44",
+ "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:11:22:33:44:",
+ "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:11:22:3344",
+ "00:1122:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:11:22:33:44",
+ "0011:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:11:22:33:44",
+ "00 11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:11:22:33:44",
+ "00:11 22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:11:22:33:44",
+ "00112233445566778899aabbccddeeff112233445",
+ "00112233445566778899aabbccddeeff1122334455",
+ "00112233445566778899aabbccddeeff11223344blah",
+ NULL
+ };
+ static const char *valid2[] = {
+ "00",
+ "00 x",
+ NULL
+ };
+ static const char *invalid2[] = {
+ "",
+ "0",
+ "00:",
+ ":00",
+ "0:0",
+ "00x",
+ " 00",
+ NULL
+ };
+ unsigned char buffer[20];
+ int len;
+ int i;
+
+
+ for (i=0; valid[i]; i++)
+ {
+ len = hexcolon2bin (valid[i], buffer, sizeof buffer);
+ if (len < 0)
+ fail (i);
+ if (memcmp (buffer, ("\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa"
+ "\xbb\xcc\xdd\xee\xff\x11\x22\x33\x44"), 20))
+ fail (i);
+ }
+ if (hexcolon2bin (valid[0], buffer, sizeof buffer) != 40)
+ fail (0);
+ if (hexcolon2bin (valid[3], buffer, sizeof buffer) != 41)
+ fail (0);
+
+ for (i=0; invalid[i]; i++)
+ {
+ len = hexcolon2bin (invalid[i], buffer, sizeof buffer);
+ if (!(len < 0))
+ fail (i);
+ }
+
+ for (i=0; valid2[i]; i++)
+ {
+ len = hexcolon2bin (valid2[i], buffer, 1);
+ if (len < 0)
+ fail (i);
+ if (memcmp (buffer, "\x00", 1))
+ fail (i);
+ }
+ if (hexcolon2bin (valid2[0], buffer, 1) != 2)
+ fail (0);
+ if (hexcolon2bin (valid2[1], buffer, 1) != 3)
+ fail (0);
+
+ for (i=0; invalid2[i]; i++)
+ {
+ len = hexcolon2bin (invalid2[i], buffer, 1);
+ if (!(len < 0))
+ fail (i);
+ }
+
+
+}
+
+
+
+static void
+test_bin2hex (void)
+{
+ char stuff[20+1] = ("\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa"
+ "\xbb\xcc\xdd\xee\xff\x01\x10\x02\xa3");
+ char hexstuff[] = "00112233445566778899AABBCCDDEEFF011002A3";
+ char buffer[2*20+1];
+ char *p;
+
+ p = bin2hex (stuff, 20, buffer);
+ if (!p)
+ fail (0);
+ if (p != buffer)
+ fail (0);
+ if (strcmp (buffer, hexstuff))
+ fail (0);
+
+ p = bin2hex (stuff, 20, NULL);
+ if (!p)
+ fail (0);
+ if (strcmp (p, hexstuff))
+ fail (0);
+
+ p = bin2hex (stuff, (size_t)(-1), NULL);
+ if (p)
+ fail (0);
+ if (errno != ENOMEM)
+ fail (1);
+}
+
+
+static void
+test_bin2hexcolon (void)
+{
+ char stuff[20+1] = ("\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa"
+ "\xbb\xcc\xdd\xee\xff\x01\x10\x02\xa3");
+ char hexstuff[] = ("00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF"
+ ":01:10:02:A3");
+ char buffer[3*20+1];
+ char *p;
+
+ p = bin2hexcolon (stuff, 20, buffer);
+ if (!p)
+ fail (0);
+ if (p != buffer)
+ fail (0);
+ if (strcmp (buffer, hexstuff))
+ fail (0);
+
+ p = bin2hexcolon (stuff, 20, NULL);
+ if (!p)
+ fail (0);
+ if (strcmp (p, hexstuff))
+ fail (0);
+
+ p = bin2hexcolon (stuff, (size_t)(-1), NULL);
+ if (p)
+ fail (0);
+ if (errno != ENOMEM)
+ fail (1);
+}
+
+
+
+static void
+test_hex2str (void)
+{
+ static struct {
+ const char *hex;
+ const char *str;
+ int off;
+ int no_alloc_test;
+ } tests[] = {
+ /* Simple tests. */
+ { "112233445566778899aabbccddeeff1122",
+ "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
+ 34 },
+ { "112233445566778899aabbccddeeff1122 blah",
+ "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
+ 34 },
+ { "112233445566778899aabbccddeeff1122\tblah",
+ "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
+ 34 },
+ { "112233445566778899aabbccddeeff1122\nblah",
+ "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
+ 34 },
+ /* Valid tests yielding an empty string. */
+ { "00",
+ "",
+ 2 },
+ { "00 x",
+ "",
+ 2 },
+ { "",
+ "",
+ 0 },
+ { " ",
+ "",
+ 0 },
+ /* Test trailing Nul feature. */
+ { "112233445566778899aabbccddeeff112200",
+ "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
+ 36 },
+ { "112233445566778899aabbccddeeff112200 ",
+ "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
+ 36 },
+ /* Test buffer size. (buffer is of length 20) */
+ { "6162636465666768696A6b6c6D6e6f70717273",
+ "abcdefghijklmnopqrs",
+ 38 },
+ { "6162636465666768696A6b6c6D6e6f7071727300",
+ "abcdefghijklmnopqrs",
+ 40 },
+ { "6162636465666768696A6b6c6D6e6f7071727374",
+ NULL,
+ 0, 1 },
+ { "6162636465666768696A6b6c6D6e6f707172737400",
+ NULL,
+ 0, 1 },
+ { "6162636465666768696A6b6c6D6e6f707172737475",
+ NULL,
+ 0, 1 },
+
+ /* Invalid tests. */
+ { "112233445566778899aabbccddeeff1122334", NULL, 0 },
+ { "112233445566778899AABBCCDDEEFF1122334", NULL, 0 },
+ { "112233445566778899AABBCCDDEEFG11223344", NULL, 0 },
+ { "0:0112233445566778899aabbccddeeff11223344", NULL, 0 },
+ { "112233445566778899aabbccddeeff11223344:", NULL, 0 },
+ { "112233445566778899aabbccddeeff112233445", NULL, 0 },
+ { "112233445566778899aabbccddeeff1122334455", NULL, 0, 1 },
+ { "112233445566778899aabbccddeeff11223344blah", NULL, 0 },
+ { "0", NULL, 0 },
+ { "00:", NULL, 0 },
+ { "00x", NULL, 0 },
+
+ { NULL, NULL, 0 }
+ };
+
+ int idx;
+ char buffer[20];
+ const char *tail;
+ size_t count;
+ char *result;
+
+ for (idx=0; tests[idx].hex; idx++)
+ {
+ tail = hex2str (tests[idx].hex, buffer, sizeof buffer, &count);
+ if (tests[idx].str)
+ {
+ /* Good case test. */
+ if (!tail)
+ fail (idx);
+ else if (strcmp (tests[idx].str, buffer))
+ fail (idx);
+ else if (tail - tests[idx].hex != tests[idx].off)
+ fail (idx);
+ else if (strlen (buffer) != count)
+ fail (idx);
+ }
+ else
+ {
+ /* Bad case test. */
+ if (tail)
+ fail (idx);
+ }
+ }
+
+ /* Same tests again using in-place conversion. */
+ for (idx=0; tests[idx].hex; idx++)
+ {
+ char tmpbuf[100];
+
+ assert (strlen (tests[idx].hex)+1 < sizeof tmpbuf);
+ strcpy (tmpbuf, tests[idx].hex);
+
+ /* Note: we still need to use 20 as buffer length because our
+ tests assume that. */
+ tail = hex2str (tmpbuf, tmpbuf, 20, &count);
+ if (tests[idx].str)
+ {
+ /* Good case test. */
+ if (!tail)
+ fail (idx);
+ else if (strcmp (tests[idx].str, tmpbuf))
+ fail (idx);
+ else if (tail - tmpbuf != tests[idx].off)
+ fail (idx);
+ else if (strlen (tmpbuf) != count)
+ fail (idx);
+ }
+ else
+ {
+ /* Bad case test. */
+ if (tail)
+ fail (idx);
+ if (strcmp (tmpbuf, tests[idx].hex))
+ fail (idx); /* Buffer was modified. */
+ }
+ }
+
+ /* Test the allocation variant. */
+ for (idx=0; tests[idx].hex; idx++)
+ {
+ if (tests[idx].no_alloc_test)
+ continue;
+
+ result = hex2str_alloc (tests[idx].hex, &count);
+ if (tests[idx].str)
+ {
+ /* Good case test. */
+ if (!result)
+ fail (idx);
+ else if (strcmp (tests[idx].str, result))
+ fail (idx);
+ else if (count != tests[idx].off)
+ fail (idx);
+ }
+ else
+ {
+ /* Bad case test. */
+ if (result)
+ fail (idx);
+ }
+ xfree (result);
+ }
+}
+
+
+
+
+
+int
+main (int argc, char **argv)
+{
+ (void)argc;
+ (void)argv;
+
+ test_hex2bin ();
+ test_hexcolon2bin ();
+ test_bin2hex ();
+ test_bin2hexcolon ();
+ test_hex2str ();
+
+ return 0;
+}
+
diff --git a/common/t-exechelp.c b/common/t-exechelp.c
new file mode 100644
index 0000000..600379b
--- /dev/null
+++ b/common/t-exechelp.c
@@ -0,0 +1,188 @@
+/* t-exechelp.c - Module test for exechelp.c
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <assert.h>
+#include <unistd.h>
+
+#include "util.h"
+#include "exechelp.h"
+
+static int verbose;
+
+
+static void
+print_open_fds (int *array)
+{
+ int n;
+
+ for (n=0; array[n] != -1; n++)
+ ;
+ printf ("open file descriptors: %d", n);
+ if (verbose)
+ {
+ putchar (' ');
+ putchar (' ');
+ putchar ('(');
+ for (n=0; array[n] != -1; n++)
+ printf ("%d%s", array[n], array[n+1] == -1?"":" ");
+ putchar (')');
+ }
+ putchar ('\n');
+}
+
+
+static int *
+xget_all_open_fds (void)
+{
+ int *array;
+
+ array = get_all_open_fds ();
+ if (!array)
+ {
+ fprintf (stderr, "%s:%d: get_all_open_fds failed: %s\n",
+ __FILE__, __LINE__, strerror (errno));
+ exit (1);
+ }
+ return array;
+}
+
+
+/* That is a very crude test. To do a proper test we would need to
+ fork a test process and best return information by some other means
+ than file descriptors. */
+static void
+test_close_all_fds (void)
+{
+ int max_fd = get_max_fds ();
+ int *array;
+ int fd;
+ int initial_count, count, n;
+#if 0
+ char buffer[100];
+
+ snprintf (buffer, sizeof buffer, "/bin/ls -l /proc/%d/fd", (int)getpid ());
+ system (buffer);
+#endif
+
+ printf ("max. file descriptors: %d\n", max_fd);
+ array = xget_all_open_fds ();
+ print_open_fds (array);
+ for (initial_count=n=0; array[n] != -1; n++)
+ initial_count++;
+ free (array);
+
+ /* Some dups to get more file descriptors and close one. */
+ dup (1);
+ dup (1);
+ fd = dup (1);
+ dup (1);
+ close (fd);
+
+ array = xget_all_open_fds ();
+ if (verbose)
+ print_open_fds (array);
+ for (count=n=0; array[n] != -1; n++)
+ count++;
+ if (count != initial_count+3)
+ {
+ fprintf (stderr, "%s:%d: dup or close failed\n",
+ __FILE__, __LINE__);
+ exit (1);
+ }
+ free (array);
+
+ /* Close the non standard ones. */
+ close_all_fds (3, NULL);
+
+ /* Get a list to check whether they are all closed. */
+ array = xget_all_open_fds ();
+ if (verbose)
+ print_open_fds (array);
+ for (count=n=0; array[n] != -1; n++)
+ count++;
+ if (count > initial_count)
+ {
+ fprintf (stderr, "%s:%d: not all files were closed\n",
+ __FILE__, __LINE__);
+ exit (1);
+ }
+ initial_count = count;
+ free (array);
+
+ /* Now let's check the realloc we use. We do this and the next
+ tests only if we are allowed to open enought descriptors. */
+ if (get_max_fds () > 32)
+ {
+ int except[] = { 20, 23, 24, -1 };
+
+ for (n=initial_count; n < 31; n++)
+ dup (1);
+ array = xget_all_open_fds ();
+ if (verbose)
+ print_open_fds (array);
+ free (array);
+ for (n=0; n < 5; n++)
+ {
+ dup (1);
+ array = xget_all_open_fds ();
+ if (verbose)
+ print_open_fds (array);
+ free (array);
+ }
+
+ /* Check whether the except list works. */
+ close_all_fds (3, except);
+ array = xget_all_open_fds ();
+ if (verbose)
+ print_open_fds (array);
+ for (count=n=0; array[n] != -1; n++)
+ count++;
+ free (array);
+
+ if (count != initial_count + DIM(except)-1)
+ {
+ fprintf (stderr, "%s:%d: close_all_fds failed\n",
+ __FILE__, __LINE__);
+ exit (1);
+ }
+ }
+
+}
+
+
+int
+main (int argc, char **argv)
+{
+ if (argc)
+ { argc--; argv++; }
+ if (argc && !strcmp (argv[0], "--verbose"))
+ {
+ verbose = 1;
+ argc--; argv++;
+ }
+
+ test_close_all_fds ();
+
+ return 0;
+}
+
diff --git a/common/t-gettime.c b/common/t-gettime.c
new file mode 100644
index 0000000..a4401d8
--- /dev/null
+++ b/common/t-gettime.c
@@ -0,0 +1,103 @@
+/* t-gettime.c - Module test for gettime.c
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "util.h"
+
+#define pass() do { ; } while(0)
+#define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\
+ __FILE__,__LINE__, (a)); \
+ errcount++; \
+ } while(0)
+
+static int verbose;
+static int errcount;
+#define INVALID ((time_t)(-1))
+
+
+static void
+test_isotime2epoch (void)
+{
+ struct { const char *string; time_t expected; } array [] = {
+ { "19700101T000001", 1 },
+ { "19700101T235959", 86399 },
+ { "19980815T143712", 903191832 },
+ { "19700101T000000", 0 },
+ { "19691231T235959", INVALID },
+ { "19000101T000000", INVALID },
+ { "", INVALID },
+ { "19000101T00000", INVALID },
+ { "20010101t123456", INVALID },
+ { "20010101T123456", 978352496 },
+ { "20070629T160000", 1183132800 },
+ { "20070629T160000:", 1183132800 },
+ { "20070629T160000,", 1183132800 },
+ { "20070629T160000 ", 1183132800 },
+ { "20070629T160000\n", 1183132800 },
+ { "20070629T160000.", INVALID },
+ { NULL, 0 }
+ };
+ int idx;
+ time_t val;
+ gnupg_isotime_t tbuf;
+
+ for (idx=0; array[idx].string; idx++)
+ {
+ val = isotime2epoch (array[idx].string);
+ if (val != array[idx].expected )
+ {
+ fail (idx);
+ if (verbose)
+ fprintf (stderr, "string `%s' exp: %ld got: %ld\n",
+ array[idx].string, (long)array[idx].expected,
+ (long)val);
+ }
+ if (array[idx].expected != INVALID)
+ {
+ epoch2isotime (tbuf, val);
+ if (strlen (tbuf) != 15)
+ {
+ if (verbose)
+ fprintf (stderr, "string `%s', time-t %ld, revert: `%s'\n",
+ array[idx].string, (long)val, tbuf);
+ fail (idx);
+ }
+ if (strncmp (array[idx].string, tbuf, 15))
+ fail (idx);
+ }
+ }
+}
+
+
+
+
+int
+main (int argc, char **argv)
+{
+ if (argc > 1 && !strcmp (argv[1], "--verbose"))
+ verbose = 1;
+
+ test_isotime2epoch ();
+
+ return !!errcount;
+}
+
diff --git a/common/t-helpfile.c b/common/t-helpfile.c
new file mode 100644
index 0000000..fa5d27a
--- /dev/null
+++ b/common/t-helpfile.c
@@ -0,0 +1,67 @@
+/* t-helpfile.c - Module test for helpfile.c
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "util.h"
+#include "i18n.h"
+
+/* #define pass() do { ; } while(0) */
+/* #define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\ */
+/* __FILE__,__LINE__, (a)); \ */
+/* errcount++; \ */
+/* } while(0) */
+
+static int verbose;
+static int errcount;
+
+
+
+int
+main (int argc, char **argv)
+{
+ char *result;
+
+ if (argc)
+ { argc--; argv++; }
+ i18n_init ();
+ if (argc && !strcmp (argv[0], "--verbose"))
+ {
+ verbose = 1;
+ argc--; argv++;
+ }
+
+ result = gnupg_get_help_string (argc? argv[0]:NULL, 0);
+ if (!result)
+ {
+ fprintf (stderr,
+ "Error: nothing found for `%s'\n", argc?argv[0]:"(null)");
+ errcount++;
+ }
+ else
+ {
+ printf ("key `%s' result=`%s'\n", argc?argv[0]:"(null)", result);
+ xfree (result);
+ }
+
+ return !!errcount;
+}
+
diff --git a/common/t-percent.c b/common/t-percent.c
new file mode 100644
index 0000000..b8641b9
--- /dev/null
+++ b/common/t-percent.c
@@ -0,0 +1,115 @@
+/* t-percent.c - Module test for percent.c
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+
+#include "util.h"
+
+#define pass() do { ; } while(0)
+#define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\
+ __FILE__,__LINE__, (a)); \
+ exit (1); \
+ } while(0)
+
+static void
+test_percent_plus_escape (void)
+{
+ static struct {
+ const char *string;
+ const char *expect;
+ } tbl[] = {
+ {
+ "",
+ ""
+ }, {
+ "a",
+ "a",
+ }, {
+ " ",
+ "+",
+ }, {
+ " ",
+ "++"
+ }, {
+ "+ +",
+ "%2B+%2B"
+ }, {
+ "\" \"",
+ "%22+%22"
+ }, {
+ "%22",
+ "%2522"
+ }, {
+ "%% ",
+ "%25%25+"
+ }, {
+ "\n ABC\t",
+ "%0A+ABC%09"
+ }, { NULL, NULL }
+ };
+ char *buf, *buf2;
+ int i;
+ size_t len;
+
+ for (i=0; tbl[i].string; i++)
+ {
+ buf = percent_plus_escape (tbl[i].string);
+ if (!buf)
+ {
+ fprintf (stderr, "out of core: %s\n", strerror (errno));
+ exit (2);
+ }
+ if (strcmp (buf, tbl[i].expect))
+ fail (i);
+ buf2 = percent_plus_unescape (buf, 0);
+ if (!buf2)
+ {
+ fprintf (stderr, "out of core: %s\n", strerror (errno));
+ exit (2);
+ }
+ if (strcmp (buf2, tbl[i].string))
+ fail (i);
+ xfree (buf2);
+ /* Now test the inplace conversion. */
+ len = percent_plus_unescape_inplace (buf, 0);
+ buf[len] = 0;
+ if (strcmp (buf, tbl[i].string))
+ fail (i);
+ xfree (buf);
+ }
+}
+
+
+
+int
+main (int argc, char **argv)
+{
+ (void)argc;
+ (void)argv;
+
+ /* FIXME: We escape_unescape is not tested - only
+ percent_plus_unescape. */
+ test_percent_plus_escape ();
+
+ return 0;
+}
+
diff --git a/common/t-session-env.c b/common/t-session-env.c
new file mode 100644
index 0000000..94b6683
--- /dev/null
+++ b/common/t-session-env.c
@@ -0,0 +1,294 @@
+/* t-session-env.c - Module test for session-env.c
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "util.h"
+#include "session-env.h"
+
+#define pass() do { ; } while(0)
+#define fail(e) do { fprintf (stderr, "%s:%d: function failed: %s\n", \
+ __FILE__,__LINE__, gpg_strerror (e)); \
+ exit (1); \
+ } while(0)
+
+static int verbose;
+
+static void
+listall (session_env_t se)
+{
+ int iterator = 0;
+ const char *name, *value;
+ int def;
+
+ if (verbose)
+ printf ("environment of %p\n", se);
+ while ( (name = session_env_listenv (se, &iterator, &value, &def)) )
+ if (verbose)
+ printf (" %s%s=%s\n", def? "[def] ":" ", name, value);
+
+}
+
+
+static void
+show_stdnames (void)
+{
+ const char *name, *assname;
+ int iterator = 0;
+
+ printf ("Known envvars:");
+ while ((name = session_env_list_stdenvnames (&iterator, &assname)))
+ {
+ printf ( " %s", name);
+ if (assname)
+ printf ( "(%s)", assname);
+ }
+ putchar('\n');
+}
+
+
+static void
+test_all (void)
+{
+ gpg_error_t err;
+ session_env_t se_0, se;
+ const char *s, *s2;
+ int idx;
+
+ se_0 = session_env_new ();
+ if (!se_0)
+ fail (gpg_error_from_syserror ());
+ se = session_env_new ();
+ if (!se)
+ fail (gpg_error_from_syserror ());
+
+ err = session_env_putenv (se, NULL);
+ if (gpg_err_code (err) != GPG_ERR_INV_VALUE)
+ fail (err);
+ err = session_env_putenv (se, "");
+ if (gpg_err_code (err) != GPG_ERR_INV_VALUE)
+ fail (err);
+ err = session_env_putenv (se, "=");
+ if (gpg_err_code (err) != GPG_ERR_INV_VALUE)
+ fail (err);
+
+ /* Delete some nonexistant variables. */
+ err = session_env_putenv (se, "A");
+ if (err)
+ fail (err);
+ err = session_env_putenv (se, "a");
+ if (err)
+ fail (err);
+ err = session_env_putenv (se, "_aaaa aaaaaasssssssssssss\nddd");
+ if (err)
+ fail (err);
+
+ /* Create a few variables. */
+ err = session_env_putenv (se, "EMPTY=");
+ if (err)
+ fail (err);
+ err = session_env_putenv (se, "foo=value_of_foo");
+ if (err)
+ fail (err);
+ err = session_env_putenv (se, "bar=the value_of_bar");
+ if (err)
+ fail (err);
+ err = session_env_putenv (se, "baz=this-is-baz");
+ if (err)
+ fail (err);
+ err = session_env_putenv (se, "BAZ=this-is-big-baz");
+ if (err)
+ fail (err);
+
+ listall (se);
+
+ /* Update one. */
+ err = session_env_putenv (se, "baz=this-is-another-baz");
+ if (err)
+ fail (err);
+
+ listall (se);
+
+ /* Delete one. */
+ err = session_env_putenv (se, "bar");
+ if (err)
+ fail (err);
+
+ listall (se);
+
+ /* Insert a new one. */
+ err = session_env_putenv (se, "FOO=value_of_foo");
+ if (err)
+ fail (err);
+
+ listall (se);
+
+ /* Retrieve a default one. */
+ s = session_env_getenv_or_default (se, "HOME", NULL);
+ if (!s)
+ {
+ fprintf (stderr, "failed to get default of HOME\n");
+ exit (1);
+ }
+
+ s = session_env_getenv (se, "HOME");
+ if (s)
+ fail(0); /* This is a default value, thus we should not see it. */
+
+ s = session_env_getenv_or_default (se, "HOME", NULL);
+ if (!s)
+ fail(0); /* But here we should see it. */
+
+ /* Add a few more. */
+ err = session_env_putenv (se, "X1=A value");
+ if (err)
+ fail (err);
+ err = session_env_putenv (se, "X2=Another value");
+ if (err)
+ fail (err);
+ err = session_env_putenv (se, "X3=A value");
+ if (err)
+ fail (err);
+
+ listall (se);
+
+ /* Check that we can overwrite a default value. */
+ err = session_env_putenv (se, "HOME=/this/is/my/new/home");
+ if (err)
+ fail (err);
+ /* And that we get this string back. */
+ s = session_env_getenv (se, "HOME");
+ if (!s)
+ fail (0);
+ if (strcmp (s, "/this/is/my/new/home"))
+ fail (0);
+ /* A new get default should return the very same string. */
+ s2 = session_env_getenv_or_default (se, "HOME", NULL);
+ if (!s2)
+ fail (0);
+ if (s2 != s)
+ fail (0);
+
+ listall (se);
+
+ /* Check that the other object is clean. */
+ {
+ int iterator = 0;
+
+ if (session_env_listenv (se_0, &iterator, NULL, NULL))
+ fail (0);
+ }
+
+
+ session_env_release (se);
+
+ /* Use a new session for quick mass test. */
+ se = session_env_new ();
+ if (!se)
+ fail (gpg_error_from_syserror ());
+
+ /* Create. */
+ for (idx=0; idx < 500; idx++)
+ {
+ char buf[100];
+
+ snprintf (buf, sizeof buf, "FOO_%d=Value for %x", idx, idx);
+ err = session_env_putenv (se, buf);
+ if (err)
+ fail (err);
+ }
+ err = session_env_setenv (se, "TEST1", "value1");
+ if (err)
+ fail (err);
+ err = session_env_setenv (se, "TEST1", "value1-updated");
+ if (err)
+ fail (err);
+
+ listall (se);
+
+ /* Delete all. */
+ for (idx=0; idx < 500; idx++)
+ {
+ char buf[100];
+
+ snprintf (buf, sizeof buf, "FOO_%d", idx);
+ err = session_env_putenv (se, buf);
+ if (err)
+ fail (err);
+ }
+ err = session_env_setenv (se, "TEST1", NULL);
+ if (err)
+ fail (err);
+
+ /* Check that all are deleted. */
+ {
+ int iterator = 0;
+
+ if (session_env_listenv (se, &iterator, NULL, NULL))
+ fail (0);
+ }
+
+ /* Add a few strings again. */
+ for (idx=0; idx < 500; idx++)
+ {
+ char buf[100];
+
+ if (!(idx % 10))
+ {
+ if ( !(idx % 3))
+ snprintf (buf, sizeof buf, "FOO_%d=", idx);
+ else
+ snprintf (buf, sizeof buf, "FOO_%d=new value for %x", idx, idx);
+ err = session_env_putenv (se, buf);
+ if (err)
+ fail (err);
+ }
+ }
+
+ listall (se);
+
+ session_env_release (se);
+
+ session_env_release (se_0);
+}
+
+
+
+int
+main (int argc, char **argv)
+{
+ if (argc)
+ { argc--; argv++; }
+ if (argc && !strcmp (argv[0], "--verbose"))
+ {
+ verbose = 1;
+ argc--; argv++;
+ }
+
+
+ show_stdnames ();
+ test_all ();
+
+ return 0;
+}
+
diff --git a/common/t-sexputil.c b/common/t-sexputil.c
new file mode 100644
index 0000000..05da162
--- /dev/null
+++ b/common/t-sexputil.c
@@ -0,0 +1,192 @@
+/* t-sexputil.c - Module test for sexputil.c
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "util.h"
+
+#define pass() do { ; } while(0)
+#define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\
+ __FILE__,__LINE__, (a)); \
+ exit (1); \
+ } while(0)
+
+
+static void
+test_hash_algo_from_sigval (void)
+{
+ int algo;
+ /* A real world example. */
+ unsigned char example1_rsa_sha1[] =
+ ("\x28\x37\x3A\x73\x69\x67\x2D\x76\x61\x6C\x28\x33\x3A\x72\x73\x61"
+ "\x28\x31\x3A\x73\x31\x32\x38\x3A\x17\xD2\xE9\x5F\xB4\x24\xD4\x1E"
+ "\x8C\xEE\x94\xDA\x41\x42\x1F\x26\x5E\xF4\x6D\xEC\x5B\xBD\x5B\x89"
+ "\x7A\x69\x11\x43\xE9\xD2\x23\x21\x25\x64\xA6\xB0\x56\xEF\xB4\xE9"
+ "\x06\xB2\x44\xF6\x80\x1E\xFF\x41\x23\xEB\xC9\xFA\xFD\x09\xBF\x9C"
+ "\x8E\xCF\x7F\xC3\x7F\x3A\x40\x48\x89\xDC\xBA\xB7\xDB\x9E\xF1\xBA"
+ "\x7C\x08\xEA\x74\x1D\x49\xE7\x65\xEF\x67\x79\xBC\x23\xD9\x49\xCD"
+ "\x05\x99\xD3\xD8\xB7\x7B\xC7\x0E\xF2\xB3\x01\x48\x0F\xC8\xEB\x05"
+ "\x7B\xFB\x61\xCC\x41\x04\x74\x6D\x33\x84\xB1\xE6\x6A\xD8\x0F\xBC"
+ "\x27\xAC\x43\x45\xFA\x04\xD1\x22\x29\x29\x28\x34\x3A\x68\x61\x73"
+ "\x68\x34\x3A\x73\x68\x61\x31\x29\x29");
+ /* The same but without the hash algo. */
+ unsigned char example1_rsa[] =
+ ("\x28\x37\x3A\x73\x69\x67\x2D\x76\x61\x6C\x28\x33\x3A\x72\x73\x61"
+ "\x28\x31\x3A\x73\x31\x32\x38\x3A\x17\xD2\xE9\x5F\xB4\x24\xD4\x1E"
+ "\x8C\xEE\x94\xDA\x41\x42\x1F\x26\x5E\xF4\x6D\xEC\x5B\xBD\x5B\x89"
+ "\x7A\x69\x11\x43\xE9\xD2\x23\x21\x25\x64\xA6\xB0\x56\xEF\xB4\xE9"
+ "\x06\xB2\x44\xF6\x80\x1E\xFF\x41\x23\xEB\xC9\xFA\xFD\x09\xBF\x9C"
+ "\x8E\xCF\x7F\xC3\x7F\x3A\x40\x48\x89\xDC\xBA\xB7\xDB\x9E\xF1\xBA"
+ "\x7C\x08\xEA\x74\x1D\x49\xE7\x65\xEF\x67\x79\xBC\x23\xD9\x49\xCD"
+ "\x05\x99\xD3\xD8\xB7\x7B\xC7\x0E\xF2\xB3\x01\x48\x0F\xC8\xEB\x05"
+ "\x7B\xFB\x61\xCC\x41\x04\x74\x6D\x33\x84\xB1\xE6\x6A\xD8\x0F\xBC"
+ "\x27\xAC\x43\x45\xFA\x04\xD1\x22\x29\x29\x29");
+
+ algo = hash_algo_from_sigval (example1_rsa_sha1);
+ if (algo != GCRY_MD_SHA1)
+ fail (0);
+ algo = hash_algo_from_sigval (example1_rsa);
+ if (algo)
+ fail (0);
+}
+
+
+static void
+test_make_canon_sexp_from_rsa_pk (void)
+{
+ struct {
+ unsigned char *m;
+ size_t mlen;
+ unsigned char *e;
+ size_t elen;
+ unsigned char *result;
+ size_t resultlen;
+ gpg_err_code_t reverr; /* Expected error from the reverse fucntion. */
+ } tests[] = {
+ {
+ "\x82\xB4\x12\x48\x08\x48\xC0\x76\xAA\x8E\xF1\xF8\x7F\x5E\x9B\x89"
+ "\xA9\x62\x92\xA2\x16\x1B\xF5\x9F\xE1\x41\xF3\xF0\x42\xB5\x5C\x46"
+ "\xB8\x83\x9F\x39\x97\x73\xFF\xC5\xB2\xF4\x59\x5F\xBA\xC7\x0E\x03"
+ "\x9D\x27\xC0\x86\x37\x31\x46\xE0\xA1\xFE\xA1\x41\xD4\xE3\xE9\xB3"
+ "\x9B\xD5\x84\x65\xA5\x37\x35\x34\x07\x58\xB6\xBA\x21\xCA\x21\x72"
+ "\x4C\xF3\xFC\x91\x47\xD1\x3C\x1D\xA5\x9C\x38\x4D\x58\x39\x92\x16"
+ "\xB1\xE5\x43\xFE\xB5\x46\x4B\x43\xD1\x47\xB0\xE8\x2A\xDB\xF8\x34"
+ "\xB0\x5A\x22\x3D\x14\xBB\xEA\x63\x65\xA7\xF1\xF2\xF8\x97\x74\xA7",
+ 128,
+ "\x40\x00\x00\x81",
+ 4,
+ "\x28\x31\x30\x3a\x70\x75\x62\x6c\x69\x63\x2d\x6b\x65\x79\x28\x33"
+ "\x3a\x72\x73\x61\x28\x31\x3a\x6e\x31\x32\x39\x3a\x00\x82\xb4\x12"
+ "\x48\x08\x48\xc0\x76\xaa\x8e\xf1\xf8\x7f\x5e\x9b\x89\xa9\x62\x92"
+ "\xa2\x16\x1b\xf5\x9f\xe1\x41\xf3\xf0\x42\xb5\x5c\x46\xb8\x83\x9f"
+ "\x39\x97\x73\xff\xc5\xb2\xf4\x59\x5f\xba\xc7\x0e\x03\x9d\x27\xc0"
+ "\x86\x37\x31\x46\xe0\xa1\xfe\xa1\x41\xd4\xe3\xe9\xb3\x9b\xd5\x84"
+ "\x65\xa5\x37\x35\x34\x07\x58\xb6\xba\x21\xca\x21\x72\x4c\xf3\xfc"
+ "\x91\x47\xd1\x3c\x1d\xa5\x9c\x38\x4d\x58\x39\x92\x16\xb1\xe5\x43"
+ "\xfe\xb5\x46\x4b\x43\xd1\x47\xb0\xe8\x2a\xdb\xf8\x34\xb0\x5a\x22"
+ "\x3d\x14\xbb\xea\x63\x65\xa7\xf1\xf2\xf8\x97\x74\xa7\x29\x28\x31"
+ "\x3a\x65\x34\x3a\x40\x00\x00\x81\x29\x29\x29",
+ 171
+ },
+ {
+ "\x63\xB4\x12\x48\x08\x48\xC0\x76\xAA\x8E\xF1\xF8\x7F\x5E\x9B\x89",
+ 16,
+ "\x03",
+ 1,
+ "\x28\x31\x30\x3a\x70\x75\x62\x6c\x69\x63\x2d\x6b\x65\x79\x28\x33"
+ "\x3a\x72\x73\x61\x28\x31\x3a\x6e\x31\x36\x3a\x63\xb4\x12\x48\x08"
+ "\x48\xc0\x76\xaa\x8e\xf1\xf8\x7f\x5e\x9b\x89\x29\x28\x31\x3a\x65"
+ "\x31\x3a\x03\x29\x29\x29",
+ 54,
+ },
+ {
+ "",
+ 0,
+ "",
+ 0,
+ "\x28\x31\x30\x3a\x70\x75\x62\x6c\x69\x63\x2d\x6b\x65\x79\x28\x33"
+ "\x3a\x72\x73\x61\x28\x31\x3a\x6e\x31\x3a\x00\x29\x28\x31\x3a\x65"
+ "\x31\x3a\x00\x29\x29\x29",
+ 38,
+ GPG_ERR_BAD_PUBKEY
+ },
+ {
+ NULL
+ }
+ };
+ int idx;
+ gpg_error_t err;
+ unsigned char *sexp;
+ size_t length;
+ const unsigned char *rsa_n, *rsa_e;
+ size_t rsa_n_len, rsa_e_len;
+
+ for (idx=0; tests[idx].m; idx++)
+ {
+ sexp = make_canon_sexp_from_rsa_pk (tests[idx].m, tests[idx].mlen,
+ tests[idx].e, tests[idx].elen,
+ &length);
+ if (!sexp)
+ {
+ fprintf (stderr, "%s:%d: out of core\n", __FILE__, __LINE__);
+ exit (1);
+ }
+
+ if (length != tests[idx].resultlen)
+ fail (idx);
+ if (memcmp (sexp, tests[idx].result, tests[idx].resultlen))
+ fail (idx);
+
+ /* Test the reverse function. */
+ err = get_rsa_pk_from_canon_sexp (sexp, length,
+ &rsa_n, &rsa_n_len,
+ &rsa_e, &rsa_e_len);
+ if (gpg_err_code (err) != tests[idx].reverr)
+ fail (idx);
+ if (!err)
+ {
+ if (tests[idx].mlen != rsa_n_len)
+ fail (idx);
+ if (memcmp (tests[idx].m, rsa_n, rsa_n_len))
+ fail (idx);
+ if (tests[idx].elen != rsa_e_len)
+ fail (idx);
+ if (memcmp (tests[idx].e, rsa_e, rsa_e_len))
+ fail (idx);
+ }
+
+ xfree (sexp);
+ }
+}
+
+
+int
+main (int argc, char **argv)
+{
+ (void)argc;
+ (void)argv;
+
+ test_hash_algo_from_sigval ();
+ test_make_canon_sexp_from_rsa_pk ();
+
+ return 0;
+}
+
diff --git a/common/t-ssh-utils.c b/common/t-ssh-utils.c
new file mode 100644
index 0000000..a8a63cf
--- /dev/null
+++ b/common/t-ssh-utils.c
@@ -0,0 +1,233 @@
+/* t-ssh-utils.c - Module test for ssh-utils.c
+ * Copyright (C) 2011 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "util.h"
+#include "ssh-utils.h"
+
+
+static struct { const char *key; const char *fpr; } sample_keys[] = {
+ { "(protected-private-key "
+ "(rsa "
+ "(n #"
+ "00D88E47BCE0DA99D6180E8A9F4E6A673CC16F5BB6CF930E0E868BAABA715A8E1D3E2BEA"
+ "5477170E1F6CAFC0F8907B9892993C70AC476BBB301669F68EE0593532FB522DD60755A3"
+ "2F8B08649E856271A7F9BCB25F29554DF11707F812EA377683A99DD4698C4DBF797A0ABF"
+ "43C8EBB364B9FFC9EE78CBEA348C590507A4EA390312153DDD905EC4F1A63D5DA56C08FD"
+ "C3F6E5707BFC5DBDC09D19723B1AC6E466906F13AA2ECDBD258148F86C980D45CF233415"
+ "38C5857C2CF0B4C9AB2B4E6A4517FF084FDB009A33553A68907A29691B6FAE994E864F78"
+ "7B83F714730BEDB0AF1723D636E034D73EB7EC9BA127BB4BE80FD805813E3F45E7FAE514"
+ "AD2ECA9607#)"
+ "(e \"#\")"
+ "(protected openpgp-s2k3-sha1-aes-cbc "
+ "("
+ "(sha1 #B5847F9A2DB4E0C5# \"5242880\")"
+ "#342D81BDE21301F18FDCE169A99A47C5#)"
+ "#23512602219EC7A97DBA89347CCD59D2072D80CE3F7DD6C97A058B83DAB3C829D97DF5"
+ "DFE9181F27DBF58258C4CDBD562A5B20BB5BC35EDCA7B1E57B8CDBF92D798F46EE5567BD"
+ "8A67EF3BE09908A49D41AA166A3398B64227BC75021C69A8FE8354E2903EF52DC91B1FE3"
+ "EF9558E5C2D34CF38BFC29E99A49AE30B0C22CE81EE14FC71E986E7C7CB5FCF807433FDA"
+ "EF1D00985767265BA0BE333754E44CCF622CBB98A029D78A6A9AADBC24613127B6448350"
+ "23DA355ED31CF089DD11A7FC6003CEEB53FB327A05604D053C99996F9E01CB355983F66E"
+ "7BEB9687A9277BBF440ED5FAF1A8396C9B06C9B47BA7A994E1931B08DAD34449952CD343"
+ "9A691477682C324EA07CCCE5DF0F0E9DAEFAE3A4717AACA6DC18ED91DD5A820C924BD36B"
+ "B3BA85BD63B3180C7F94EE58956940621280B9628FA5CC560BB14331AF1A7B5B499F8F03"
+ "0ED464ABD4E26C5FD610697EDD0FD1203983E73418F3776568A613D3CEFF17199473052A"
+ "18807A6F5C52A2A643185801D087EE4DC930ABEEB67C5B8A1CB2F29D0ACBD855972BEC0B"
+ "DE6E52387CFCC54B4C2B87EE947C97173BFCAE3E2658EB819D87F542C9A9FE6C410D08F5"
+ "3CD5451FB50253F4A848DFE136B3A5861D58B76A26A7E3E4E7A8F8D4BD5B80430674A6B9"
+ "A2C8EDD53DB37865D1ACBB07E1758DFF64A944E0126F948BF088C0FC0C3607E39522EC94"
+ "91483A90D9498D7F6C3C8720124C7E3F6E271E78E1CFFB4EF64F070F7424F30372A07D02"
+ "2355D8B17BB0DEBCBE101F621E0526551A35A56830D74E0F5BD6313DF114D1E46D4844AA"
+ "E4EB6268637D04B27D200D7F40AFA9AD2CFAA5415E5FC08358FFA79A9E743CCDF6668FE5"
+ "D79FA03D61941E57244F066A31F1C9D6A34DC62BC738C52B604F00B19EB9FD0173F3B139"
+ "42932066B7DC94DC4C563392F798A1CE2D5D75B8FF93E440433263CFB7016143A9923CD9"
+ "634E964A8056946F462B06F320F44449D85B07FA26A324505C858274F89EDBD8346950DE"
+ "5F#)"
+ "(protected-at \"20110720T135431\")"
+ ")"
+ "(comment passphrase_is_abc)"
+ ")",
+ "c7:c6:a7:ec:04:6c:87:59:54:f2:88:58:09:e0:f2:b1"
+ },
+ {
+ "(protected-private-key "
+ "(dsa "
+ "(p #00FC7DC086F4517079BCCFA7FD229477FE88B0231038DFC21B29CCBD74C6F6FE04FD"
+ "7248C0473D5028BE106D7A7C8F54B269225789E781763527D1432CD46E416C2D14DDCA70"
+ "27DA4B92D1E222B5BDF4B9C8C761CACCFBD108F7729412E8835653BE5073447287A6BDEB"
+ "4645A5411752405EE7F503E44B1DFDCA6054CD3C44630B#)"
+ "(q #00D498505BF0E7EE01239EB51F2B400B8EF6329B17#)"
+ "(g #00A127B3DD5106F0A463312E42ECB83790E6F3BEA7AC3FAF7A42FB2C00F376323676"
+ "C9E48984F0D4AC3FE5856F1C2765E9BC3C8A5C9C9CD3166C057E82569D187C48591AA66B"
+ "8966BFF2B827BE36BD0BA4B895B42136F1381D52DDA708B2A3D181F648228DFFFEB153DA"
+ "ACCAEBB51EF08A7807CD628024CEFF96FEE97DE95C8CBE#)"
+ "(y #008E2B0915A3A299D83B4333C848C5D312F25903773E8C4D50691CAF81C3B768FA41"
+ "7D19F0FD437B377CCF51D3AE598649656D4D74D210CDBC2B76209B16EAAFCB14D6F4D691"
+ "20164885852AF1CEBB4D8602AD6755DFA7163645B4DB7926CD44D2DD9F840BFEF57F3DB0"
+ "933C85EB6B0AAC20BC67E73F47B8DDBEC8EFAA64286EF1#)"
+ "(protected openpgp-s2k3-sha1-aes-cbc "
+ "("
+ "(sha1 \"ü¿jy²üa4\" \"5242880\")"
+ "#FF12BEE0B03F842349717AE1AB6D7AC2#)"
+ "#95570487C8B5C49492D4E662259F2CF9B6D7E64F728F17A1FE1B2DA616E5976FE32861E"
+ "C4B1F0DA03D9006C432CF2136871266E9444377ACEF04340B36B4550B5C1E4CC69AD4380"
+ "A709FB0DAA5104A8B#)"
+ "(protected-at \"20110720T142801\")"
+ ")"
+ "(comment sample_dsa_passphrase_is_abc)"
+ ")",
+ "2d:b1:70:1a:04:9e:41:a3:ce:27:a5:c7:22:fe:3a:a3"
+ },
+ {
+ NULL,
+ NULL
+ }
+};
+
+
+
+static char *
+read_file (const char *fname, size_t *r_length)
+{
+ FILE *fp;
+ char *buf;
+ size_t buflen;
+ struct stat st;
+
+ fp = fopen (fname, "rb");
+ if (!fp)
+ {
+ fprintf (stderr, "%s:%d: can't open `%s': %s\n",
+ __FILE__, __LINE__, fname, strerror (errno));
+ exit (1);
+ }
+
+ if (fstat (fileno(fp), &st))
+ {
+ fprintf (stderr, "%s:%d: can't stat `%s': %s\n",
+ __FILE__, __LINE__, fname, strerror (errno));
+ exit (1);
+ }
+
+ buflen = st.st_size;
+ buf = xmalloc (buflen+1);
+ if (fread (buf, buflen, 1, fp) != 1)
+ {
+ fprintf (stderr, "%s:%d: error reading `%s': %s\n",
+ __FILE__, __LINE__, fname, strerror (errno));
+ exit (1);
+ }
+ fclose (fp);
+
+ *r_length = buflen;
+ return buf;
+}
+
+
+static gcry_sexp_t
+read_key (const char *fname)
+{
+ gpg_error_t err;
+ char *buf;
+ size_t buflen;
+ gcry_sexp_t key;
+
+ buf = read_file (fname, &buflen);
+
+ err = gcry_sexp_sscan (&key, NULL, buf, buflen);
+ if (err)
+ {
+ fprintf (stderr, "%s:%d: gcry_sexp_sscan failed: %s\n",
+ __FILE__, __LINE__, gpg_strerror (err));
+ exit (1); \
+ }
+
+ xfree (buf);
+ return key;
+}
+
+
+int
+main (int argc, char **argv)
+{
+ gpg_error_t err;
+ gcry_sexp_t key;
+ char *string;
+ int idx;
+
+ if (argc == 2)
+ {
+ key = read_key (argv[1]);
+ err = ssh_get_fingerprint_string (key, &string);
+ if (err)
+ {
+ fprintf (stderr, "%s:%d: error getting fingerprint: %s\n",
+ __FILE__, __LINE__, gpg_strerror (err));
+ exit (1);
+ }
+ puts (string);
+ xfree (string);
+ gcry_sexp_release (key);
+ }
+ else
+ {
+ for (idx=0; sample_keys[idx].key; idx++)
+ {
+ err = gcry_sexp_sscan (&key, NULL, sample_keys[idx].key,
+ strlen (sample_keys[idx].key));
+ if (err)
+ {
+ fprintf (stderr, "%s:%d: gcry_sexp_sscan failed for "
+ "sample key %d: %s\n",
+ __FILE__, __LINE__, idx, gpg_strerror (err));
+ exit (1);
+ }
+
+ err = ssh_get_fingerprint_string (key, &string);
+ gcry_sexp_release (key);
+ if (err)
+ {
+ fprintf (stderr, "%s:%d: error getting fingerprint for "
+ "sample key %d: %s\n",
+ __FILE__, __LINE__, idx, gpg_strerror (err));
+ exit (1);
+ }
+
+ if (strcmp (string, sample_keys[idx].fpr))
+ {
+ fprintf (stderr, "%s:%d: fingerprint mismatch for "
+ "sample key %d\n",
+ __FILE__, __LINE__, idx);
+ fprintf (stderr, "want: %s\n got: %s\n",
+ sample_keys[idx].fpr, string);
+ exit (1);
+ }
+ xfree (string);
+ }
+ }
+
+ return 0;
+}
diff --git a/common/t-sysutils.c b/common/t-sysutils.c
new file mode 100644
index 0000000..45d359e
--- /dev/null
+++ b/common/t-sysutils.c
@@ -0,0 +1,85 @@
+/* t-sysutils.c - Module test for sysutils.c
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "util.h"
+#include "sysutils.h"
+
+#define pass() do { ; } while(0)
+#define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\
+ __FILE__,__LINE__, (a)); \
+ errcount++; \
+ } while(0)
+
+static int verbose;
+static int errcount;
+
+
+static void
+test_gnupg_tmpfile (void)
+{
+ FILE *fparr[10];
+ int fparridx;
+ int idx;
+ FILE *fp;
+ char buffer[100];
+
+#define ASTRING "fooooooooooooooo\n" /* Needs to be shorter than BUFFER. */
+
+ for (fparridx=0; fparridx < DIM (fparr); fparridx++)
+ {
+ fp = gnupg_tmpfile ();
+ fparr[fparridx] = fp;
+ if (!fp)
+ fail (fparridx);
+ else
+ {
+ fputs ( ASTRING, fp);
+ rewind (fp);
+ if (!fgets (buffer, sizeof (buffer), fp))
+ fail (fparridx);
+ if (strcmp (buffer, ASTRING))
+ fail (fparridx);
+ if (fgets (buffer, sizeof (buffer), fp))
+ fail (fparridx);
+ }
+ }
+ for (idx=0; idx < fparridx; idx++)
+ {
+ if (fparr[idx])
+ fclose (fparr[idx]);
+ }
+}
+
+
+
+int
+main (int argc, char **argv)
+{
+ if (argc > 1 && !strcmp (argv[1], "--verbose"))
+ verbose = 1;
+
+ test_gnupg_tmpfile ();
+
+ return !!errcount;
+}
+
diff --git a/common/tlv.c b/common/tlv.c
new file mode 100644
index 0000000..c687564
--- /dev/null
+++ b/common/tlv.c
@@ -0,0 +1,305 @@
+/* tlv.c - Tag-Length-Value Utilities
+ * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#if GNUPG_MAJOR_VERSION == 1
+#define GPG_ERR_EOF (-1)
+#define GPG_ERR_BAD_BER (1) /*G10ERR_GENERAL*/
+#define GPG_ERR_INV_SEXP (45) /*G10ERR_INV_ARG*/
+typedef int gpg_error_t;
+#define gpg_make_err(x,n) (n)
+#else
+#include <gpg-error.h>
+#endif
+
+#include "tlv.h"
+
+static const unsigned char *
+do_find_tlv (const unsigned char *buffer, size_t length,
+ int tag, size_t *nbytes, int nestlevel)
+{
+ const unsigned char *s = buffer;
+ size_t n = length;
+ size_t len;
+ int this_tag;
+ int composite;
+
+ for (;;)
+ {
+ buffer = s;
+ if (n < 2)
+ return NULL; /* Buffer definitely too short for tag and length. */
+ if (!*s || *s == 0xff)
+ { /* Skip optional filler between TLV objects. */
+ s++;
+ n--;
+ continue;
+ }
+ composite = !!(*s & 0x20);
+ if ((*s & 0x1f) == 0x1f)
+ { /* more tag bytes to follow */
+ s++;
+ n--;
+ if (n < 2)
+ return NULL; /* buffer definitely too short for tag and length. */
+ if ((*s & 0x1f) == 0x1f)
+ return NULL; /* We support only up to 2 bytes. */
+ this_tag = (s[-1] << 8) | (s[0] & 0x7f);
+ }
+ else
+ this_tag = s[0];
+ len = s[1];
+ s += 2; n -= 2;
+ if (len < 0x80)
+ ;
+ else if (len == 0x81)
+ { /* One byte length follows. */
+ if (!n)
+ return NULL; /* we expected 1 more bytes with the length. */
+ len = s[0];
+ s++; n--;
+ }
+ else if (len == 0x82)
+ { /* Two byte length follows. */
+ if (n < 2)
+ return NULL; /* We expected 2 more bytes with the length. */
+ len = (s[0] << 8) | s[1];
+ s += 2; n -= 2;
+ }
+ else
+ return NULL; /* APDU limit is 65535, thus it does not make
+ sense to assume longer length fields. */
+
+ if (composite && nestlevel < 100)
+ { /* Dive into this composite DO after checking for a too deep
+ nesting. */
+ const unsigned char *tmp_s;
+ size_t tmp_len;
+
+ tmp_s = do_find_tlv (s, len, tag, &tmp_len, nestlevel+1);
+ if (tmp_s)
+ {
+ *nbytes = tmp_len;
+ return tmp_s;
+ }
+ }
+
+ if (this_tag == tag)
+ {
+ *nbytes = len;
+ return s;
+ }
+ if (len > n)
+ return NULL; /* Buffer too short to skip to the next tag. */
+ s += len; n -= len;
+ }
+}
+
+
+/* Locate a TLV encoded data object in BUFFER of LENGTH and
+ return a pointer to value as well as its length in NBYTES. Return
+ NULL if it was not found or if the object does not fit into the buffer. */
+const unsigned char *
+find_tlv (const unsigned char *buffer, size_t length,
+ int tag, size_t *nbytes)
+{
+ const unsigned char *p;
+
+ p = do_find_tlv (buffer, length, tag, nbytes, 0);
+ if (p && *nbytes > (length - (p-buffer)))
+ p = NULL; /* Object longer than buffer. */
+ return p;
+}
+
+
+
+/* Locate a TLV encoded data object in BUFFER of LENGTH and
+ return a pointer to value as well as its length in NBYTES. Return
+ NULL if it was not found. Note, that the function does not check
+ whether the value fits into the provided buffer. */
+const unsigned char *
+find_tlv_unchecked (const unsigned char *buffer, size_t length,
+ int tag, size_t *nbytes)
+{
+ return do_find_tlv (buffer, length, tag, nbytes, 0);
+}
+
+
+/* ASN.1 BER parser: Parse BUFFER of length SIZE and return the tag
+ and the length part from the TLV triplet. Update BUFFER and SIZE
+ on success. */
+gpg_error_t
+_parse_ber_header (unsigned char const **buffer, size_t *size,
+ int *r_class, int *r_tag,
+ int *r_constructed, int *r_ndef,
+ size_t *r_length, size_t *r_nhdr,
+ gpg_err_source_t errsource)
+{
+ int c;
+ unsigned long tag;
+ const unsigned char *buf = *buffer;
+ size_t length = *size;
+
+ *r_ndef = 0;
+ *r_length = 0;
+ *r_nhdr = 0;
+
+ /* Get the tag. */
+ if (!length)
+ return gpg_err_make (errsource, GPG_ERR_EOF);
+ c = *buf++; length--; ++*r_nhdr;
+
+ *r_class = (c & 0xc0) >> 6;
+ *r_constructed = !!(c & 0x20);
+ tag = c & 0x1f;
+
+ if (tag == 0x1f)
+ {
+ tag = 0;
+ do
+ {
+ tag <<= 7;
+ if (!length)
+ return gpg_err_make (errsource, GPG_ERR_EOF);
+ c = *buf++; length--; ++*r_nhdr;
+ tag |= c & 0x7f;
+
+ }
+ while (c & 0x80);
+ }
+ *r_tag = tag;
+
+ /* Get the length. */
+ if (!length)
+ return gpg_err_make (errsource, GPG_ERR_EOF);
+ c = *buf++; length--; ++*r_nhdr;
+
+ if ( !(c & 0x80) )
+ *r_length = c;
+ else if (c == 0x80)
+ *r_ndef = 1;
+ else if (c == 0xff)
+ return gpg_err_make (errsource, GPG_ERR_BAD_BER);
+ else
+ {
+ unsigned long len = 0;
+ int count = c & 0x7f;
+
+ if (count > sizeof (len) || count > sizeof (size_t))
+ return gpg_err_make (errsource, GPG_ERR_BAD_BER);
+
+ for (; count; count--)
+ {
+ len <<= 8;
+ if (!length)
+ return gpg_err_make (errsource, GPG_ERR_EOF);
+ c = *buf++; length--; ++*r_nhdr;
+ len |= c & 0xff;
+ }
+ *r_length = len;
+ }
+
+ /* Without this kludge some example certs can't be parsed. */
+ if (*r_class == CLASS_UNIVERSAL && !*r_tag)
+ *r_length = 0;
+
+ *buffer = buf;
+ *size = length;
+ return 0;
+}
+
+
+/* FIXME: The following function should not go into this file but for
+ now it is easier to keep it here. */
+
+/* Return the next token of an canconical encoded S-expression. BUF
+ is the pointer to the S-expression and BUFLEN is a pointer to the
+ length of this S-expression (used to validate the syntax). Both
+ are updated to reflect the new position. The token itself is
+ returned as a pointer into the orginal buffer at TOK and TOKLEN.
+ If a parentheses is the next token, TOK will be set to NULL.
+ TOKLEN is checked to be within the bounds. On error a error code
+ is returned and all pointers should are not guaranteed to point to
+ a meanigful value. DEPTH should be initialized to 0 and will
+ reflect on return the actual depth of the tree. To detect the end
+ of the S-expression it is advisable to check DEPTH after a
+ successful return:
+
+ depth = 0;
+ while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
+ && depth)
+ process_token (tok, toklen);
+ if (err)
+ handle_error ();
+ */
+gpg_error_t
+_parse_sexp (unsigned char const **buf, size_t *buflen,
+ int *depth, unsigned char const **tok, size_t *toklen,
+ gpg_err_source_t errsource)
+{
+ const unsigned char *s;
+ size_t n, vlen;
+
+ s = *buf;
+ n = *buflen;
+ *tok = NULL;
+ *toklen = 0;
+ if (!n)
+ return *depth ? gpg_err_make (errsource, GPG_ERR_INV_SEXP) : 0;
+ if (*s == '(')
+ {
+ s++; n--;
+ (*depth)++;
+ *buf = s;
+ *buflen = n;
+ return 0;
+ }
+ if (*s == ')')
+ {
+ if (!*depth)
+ return gpg_err_make (errsource, GPG_ERR_INV_SEXP);
+ *toklen = 1;
+ s++; n--;
+ (*depth)--;
+ *buf = s;
+ *buflen = n;
+ return 0;
+ }
+ for (vlen=0; n && *s && *s != ':' && (*s >= '0' && *s <= '9'); s++, n--)
+ vlen = vlen*10 + (*s - '0');
+ if (!n || *s != ':')
+ return gpg_err_make (errsource, GPG_ERR_INV_SEXP);
+ s++; n--;
+ if (vlen > n)
+ return gpg_err_make (errsource, GPG_ERR_INV_SEXP);
+ *tok = s;
+ *toklen = vlen;
+ s += vlen;
+ n -= vlen;
+ *buf = s;
+ *buflen = n;
+ return 0;
+}
+
diff --git a/common/tlv.h b/common/tlv.h
new file mode 100644
index 0000000..a04af93
--- /dev/null
+++ b/common/tlv.h
@@ -0,0 +1,113 @@
+/* tlv.h - Tag-Length-Value Utilities
+ * Copyright (C) 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef SCD_TLV_H
+#define SCD_TLV_H 1
+
+
+enum tlv_tag_class {
+ CLASS_UNIVERSAL = 0,
+ CLASS_APPLICATION = 1,
+ CLASS_CONTEXT = 2,
+ CLASS_PRIVATE =3
+};
+
+enum tlv_tag_type {
+ TAG_NONE = 0,
+ TAG_BOOLEAN = 1,
+ TAG_INTEGER = 2,
+ TAG_BIT_STRING = 3,
+ TAG_OCTET_STRING = 4,
+ TAG_NULL = 5,
+ TAG_OBJECT_ID = 6,
+ TAG_OBJECT_DESCRIPTOR = 7,
+ TAG_EXTERNAL = 8,
+ TAG_REAL = 9,
+ TAG_ENUMERATED = 10,
+ TAG_EMBEDDED_PDV = 11,
+ TAG_UTF8_STRING = 12,
+ TAG_REALTIVE_OID = 13,
+ TAG_SEQUENCE = 16,
+ TAG_SET = 17,
+ TAG_NUMERIC_STRING = 18,
+ TAG_PRINTABLE_STRING = 19,
+ TAG_TELETEX_STRING = 20,
+ TAG_VIDEOTEX_STRING = 21,
+ TAG_IA5_STRING = 22,
+ TAG_UTC_TIME = 23,
+ TAG_GENERALIZED_TIME = 24,
+ TAG_GRAPHIC_STRING = 25,
+ TAG_VISIBLE_STRING = 26,
+ TAG_GENERAL_STRING = 27,
+ TAG_UNIVERSAL_STRING = 28,
+ TAG_CHARACTER_STRING = 29,
+ TAG_BMP_STRING = 30
+};
+
+
+/* Locate a TLV encoded data object in BUFFER of LENGTH and return a
+ pointer to value as well as its length in NBYTES. Return NULL if
+ it was not found or if the object does not fit into the buffer. */
+const unsigned char *find_tlv (const unsigned char *buffer, size_t length,
+ int tag, size_t *nbytes);
+
+
+/* Locate a TLV encoded data object in BUFFER of LENGTH and return a
+ pointer to value as well as its length in NBYTES. Return NULL if
+ it was not found. Note, that the function does not check whether
+ the value fits into the provided buffer.*/
+const unsigned char *find_tlv_unchecked (const unsigned char *buffer,
+ size_t length,
+ int tag, size_t *nbytes);
+
+
+/* ASN.1 BER parser: Parse BUFFER of length SIZE and return the tag
+ and the length part from the TLV triplet. Update BUFFER and SIZE
+ on success. */
+gpg_error_t _parse_ber_header (unsigned char const **buffer, size_t *size,
+ int *r_class, int *r_tag,
+ int *r_constructed,
+ int *r_ndef, size_t *r_length, size_t *r_nhdr,
+ gpg_err_source_t errsource);
+#define parse_ber_header(a,b,c,d,e,f,g,h) \
+ _parse_ber_header ((a),(b),(c),(d),(e),(f),(g),(h),\
+ GPG_ERR_SOURCE_DEFAULT)
+
+
+/* Return the next token of an canconical encoded S-expression. BUF
+ is the pointer to the S-expression and BUFLEN is a pointer to the
+ length of this S-expression (used to validate the syntax). Both
+ are updated to reflect the new position. The token itself is
+ returned as a pointer into the orginal buffer at TOK and TOKLEN.
+ If a parentheses is the next token, TOK will be set to NULL.
+ TOKLEN is checked to be within the bounds. On error a error code
+ is returned and all pointers should are not guaranteed to point to
+ a meanigful value. DEPTH should be initialized to 0 and will
+ reflect on return the actual depth of the tree. To detect the end
+ of the S-expression it is advisable to check DEPTH after a
+ successful return. */
+gpg_error_t _parse_sexp (unsigned char const **buf, size_t *buflen,
+ int *depth, unsigned char const **tok, size_t *toklen,
+ gpg_err_source_t errsource);
+#define parse_sexp(a,b,c,d,e) \
+ _parse_sexp ((a),(b),(c),(d),(e), GPG_ERR_SOURCE_DEFAULT)
+
+
+
+#endif /* SCD_TLV_H */
diff --git a/common/ttyio.c b/common/ttyio.c
new file mode 100644
index 0000000..fc27407
--- /dev/null
+++ b/common/ttyio.c
@@ -0,0 +1,690 @@
+/* ttyio.c - tty i/O functions
+ * Copyright (C) 1998,1999,2000,2001,2002,2003,2004,2006,2007,
+ * 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+#ifdef HAVE_TCGETATTR
+#include <termios.h>
+#else
+#ifdef HAVE_TERMIO_H
+/* simulate termios with termio */
+#include <termio.h>
+#define termios termio
+#define tcsetattr ioctl
+#define TCSAFLUSH TCSETAF
+#define tcgetattr(A,B) ioctl(A,TCGETA,B)
+#define HAVE_TCGETATTR
+#endif
+#endif
+#ifdef _WIN32 /* use the odd Win32 functions */
+#include <windows.h>
+#ifdef HAVE_TCGETATTR
+#error mingw32 and termios
+#endif
+#endif
+#include <errno.h>
+#include <ctype.h>
+
+#include "util.h"
+#include "ttyio.h"
+#include "estream-printf.h"
+#include "common-defs.h"
+
+#define CONTROL_D ('D' - 'A' + 1)
+
+#ifdef _WIN32 /* use the odd Win32 functions */
+static struct {
+ HANDLE in, out;
+} con;
+#define DEF_INPMODE (ENABLE_LINE_INPUT|ENABLE_ECHO_INPUT \
+ |ENABLE_PROCESSED_INPUT )
+#define HID_INPMODE (ENABLE_LINE_INPUT|ENABLE_PROCESSED_INPUT )
+#define DEF_OUTMODE (ENABLE_WRAP_AT_EOL_OUTPUT|ENABLE_PROCESSED_OUTPUT)
+
+#else /* yeah, we have a real OS */
+static FILE *ttyfp = NULL;
+#endif
+
+static int initialized;
+static int last_prompt_len;
+static int batchmode;
+static int no_terminal;
+
+#ifdef HAVE_TCGETATTR
+ static struct termios termsave;
+ static int restore_termios;
+#endif
+
+/* Hooks set by gpgrlhelp.c if required. */
+static void (*my_rl_set_completer) (rl_completion_func_t *);
+static void (*my_rl_inhibit_completion) (int);
+static void (*my_rl_cleanup_after_signal) (void);
+static void (*my_rl_init_stream) (FILE *);
+static char *(*my_rl_readline) (const char*);
+static void (*my_rl_add_history) (const char*);
+
+
+/* This is a wrapper around ttyname so that we can use it even when
+ the standard streams are redirected. It figures the name out the
+ first time and returns it in a statically allocated buffer. */
+const char *
+tty_get_ttyname (void)
+{
+ static char *name;
+
+ /* On a GNU system ctermid() always return /dev/tty, so this does
+ not make much sense - however if it is ever changed we do the
+ Right Thing now. */
+#ifdef HAVE_CTERMID
+ static int got_name;
+
+ if (!got_name)
+ {
+ const char *s;
+ /* Note that despite our checks for these macros the function is
+ not necessarily thread save. We mainly do this for
+ portability reasons, in case L_ctermid is not defined. */
+# if defined(_POSIX_THREAD_SAFE_FUNCTIONS) || defined(_POSIX_TRHEADS)
+ char buffer[L_ctermid];
+ s = ctermid (buffer);
+# else
+ s = ctermid (NULL);
+# endif
+ if (s)
+ name = strdup (s);
+ got_name = 1;
+ }
+#endif /*HAVE_CTERMID*/
+ /* Assume the standard tty on memory error or when tehre is no
+ certmid. */
+ return name? name : "/dev/tty";
+}
+
+
+
+#ifdef HAVE_TCGETATTR
+static void
+cleanup(void)
+{
+ if( restore_termios ) {
+ restore_termios = 0; /* do it prios in case it is interrupted again */
+ if( tcsetattr(fileno(ttyfp), TCSAFLUSH, &termsave) )
+ log_error("tcsetattr() failed: %s\n", strerror(errno) );
+ }
+}
+#endif
+
+static void
+init_ttyfp(void)
+{
+ if( initialized )
+ return;
+
+#if defined(_WIN32)
+ {
+ SECURITY_ATTRIBUTES sa;
+
+ memset(&sa, 0, sizeof(sa));
+ sa.nLength = sizeof(sa);
+ sa.bInheritHandle = TRUE;
+ con.out = CreateFileA( "CONOUT$", GENERIC_READ|GENERIC_WRITE,
+ FILE_SHARE_READ|FILE_SHARE_WRITE,
+ &sa, OPEN_EXISTING, 0, 0 );
+ if( con.out == INVALID_HANDLE_VALUE )
+ log_fatal("open(CONOUT$) failed: rc=%d", (int)GetLastError() );
+ memset(&sa, 0, sizeof(sa));
+ sa.nLength = sizeof(sa);
+ sa.bInheritHandle = TRUE;
+ con.in = CreateFileA( "CONIN$", GENERIC_READ|GENERIC_WRITE,
+ FILE_SHARE_READ|FILE_SHARE_WRITE,
+ &sa, OPEN_EXISTING, 0, 0 );
+ if( con.in == INVALID_HANDLE_VALUE )
+ log_fatal("open(CONIN$) failed: rc=%d", (int)GetLastError() );
+ }
+ SetConsoleMode(con.in, DEF_INPMODE );
+ SetConsoleMode(con.out, DEF_OUTMODE );
+
+#elif defined(__EMX__)
+ ttyfp = stdout; /* Fixme: replace by the real functions: see wklib */
+ if (my_rl_init_stream)
+ my_rl_init_stream (ttyfp);
+#else
+ ttyfp = batchmode? stderr : fopen (tty_get_ttyname (), "r+");
+ if( !ttyfp ) {
+ log_error("cannot open `%s': %s\n", tty_get_ttyname (),
+ strerror(errno) );
+ exit(2);
+ }
+ if (my_rl_init_stream)
+ my_rl_init_stream (ttyfp);
+#endif
+
+
+#ifdef HAVE_TCGETATTR
+ atexit( cleanup );
+#endif
+ initialized = 1;
+}
+
+
+int
+tty_batchmode( int onoff )
+{
+ int old = batchmode;
+ if( onoff != -1 )
+ batchmode = onoff;
+ return old;
+}
+
+int
+tty_no_terminal(int onoff)
+{
+ int old = no_terminal;
+ no_terminal = onoff ? 1 : 0;
+ return old;
+}
+
+void
+tty_printf( const char *fmt, ... )
+{
+ va_list arg_ptr;
+
+ if (no_terminal)
+ return;
+
+ if( !initialized )
+ init_ttyfp();
+
+ va_start( arg_ptr, fmt ) ;
+#ifdef _WIN32
+ {
+ char *buf = NULL;
+ int n;
+ DWORD nwritten;
+
+ n = vasprintf(&buf, fmt, arg_ptr);
+ if( !buf )
+ log_bug("vasprintf() failed\n");
+
+ if( !WriteConsoleA( con.out, buf, n, &nwritten, NULL ) )
+ log_fatal("WriteConsole failed: rc=%d", (int)GetLastError() );
+ if( n != nwritten )
+ log_fatal("WriteConsole failed: %d != %d\n", n, (int)nwritten );
+ last_prompt_len += n;
+ xfree (buf);
+ }
+#else
+ last_prompt_len += vfprintf(ttyfp,fmt,arg_ptr) ;
+ fflush(ttyfp);
+#endif
+ va_end(arg_ptr);
+}
+
+
+/* Same as tty_printf but if FP is not NULL, behave like a regular
+ fprintf. */
+void
+tty_fprintf (FILE *fp, const char *fmt, ... )
+{
+ va_list arg_ptr;
+
+ if (fp)
+ {
+ va_start (arg_ptr, fmt) ;
+ vfprintf (fp, fmt, arg_ptr );
+ va_end (arg_ptr);
+ return;
+ }
+
+ if (no_terminal)
+ return;
+
+ if( !initialized )
+ init_ttyfp();
+
+ va_start( arg_ptr, fmt ) ;
+#ifdef _WIN32
+ {
+ char *buf = NULL;
+ int n;
+ DWORD nwritten;
+
+ n = vasprintf(&buf, fmt, arg_ptr);
+ if( !buf )
+ log_bug("vasprintf() failed\n");
+
+ if( !WriteConsoleA( con.out, buf, n, &nwritten, NULL ) )
+ log_fatal("WriteConsole failed: rc=%d", (int)GetLastError() );
+ if( n != nwritten )
+ log_fatal("WriteConsole failed: %d != %d\n", n, (int)nwritten );
+ last_prompt_len += n;
+ xfree (buf);
+ }
+#else
+ last_prompt_len += vfprintf(ttyfp,fmt,arg_ptr) ;
+ fflush(ttyfp);
+#endif
+ va_end(arg_ptr);
+}
+
+
+/****************
+ * Print a string, but filter all control characters out.
+ */
+void
+tty_print_string ( const byte *p, size_t n )
+{
+ if (no_terminal)
+ return;
+
+ if( !initialized )
+ init_ttyfp();
+
+#ifdef _WIN32
+ /* not so effective, change it if you want */
+ for( ; n; n--, p++ )
+ if( iscntrl( *p ) ) {
+ if( *p == '\n' )
+ tty_printf("\\n");
+ else if( !*p )
+ tty_printf("\\0");
+ else
+ tty_printf("\\x%02x", *p);
+ }
+ else
+ tty_printf("%c", *p);
+#else
+ for( ; n; n--, p++ )
+ if( iscntrl( *p ) ) {
+ putc('\\', ttyfp);
+ if( *p == '\n' )
+ putc('n', ttyfp);
+ else if( !*p )
+ putc('0', ttyfp);
+ else
+ fprintf(ttyfp, "x%02x", *p );
+ }
+ else
+ putc(*p, ttyfp);
+#endif
+}
+
+void
+tty_print_utf8_string2( const byte *p, size_t n, size_t max_n )
+{
+ size_t i;
+ char *buf;
+
+ if (no_terminal)
+ return;
+
+ /* we can handle plain ascii simpler, so check for it first */
+ for(i=0; i < n; i++ ) {
+ if( p[i] & 0x80 )
+ break;
+ }
+ if( i < n ) {
+ buf = utf8_to_native( (const char *)p, n, 0 );
+ if( max_n && (strlen( buf ) > max_n )) {
+ buf[max_n] = 0;
+ }
+ /*(utf8 conversion already does the control character quoting)*/
+ tty_printf("%s", buf );
+ xfree( buf );
+ }
+ else {
+ if( max_n && (n > max_n) ) {
+ n = max_n;
+ }
+ tty_print_string( p, n );
+ }
+}
+
+void
+tty_print_utf8_string( const byte *p, size_t n )
+{
+ tty_print_utf8_string2( p, n, 0 );
+}
+
+
+static char *
+do_get( const char *prompt, int hidden )
+{
+ char *buf;
+#ifndef __riscos__
+ byte cbuf[1];
+#endif
+ int c, n, i;
+
+ if( batchmode ) {
+ log_error("Sorry, we are in batchmode - can't get input\n");
+ exit(2);
+ }
+
+ if (no_terminal) {
+ log_error("Sorry, no terminal at all requested - can't get input\n");
+ exit(2);
+ }
+
+ if( !initialized )
+ init_ttyfp();
+
+ last_prompt_len = 0;
+ tty_printf( "%s", prompt );
+ buf = xmalloc((n=50));
+ i = 0;
+
+#ifdef _WIN32 /* windoze version */
+ if( hidden )
+ SetConsoleMode(con.in, HID_INPMODE );
+
+ for(;;) {
+ DWORD nread;
+
+ if( !ReadConsoleA( con.in, cbuf, 1, &nread, NULL ) )
+ log_fatal("ReadConsole failed: rc=%d", (int)GetLastError() );
+ if( !nread )
+ continue;
+ if( *cbuf == '\n' )
+ break;
+
+ if( !hidden )
+ last_prompt_len++;
+ c = *cbuf;
+ if( c == '\t' )
+ c = ' ';
+ else if( c > 0xa0 )
+ ; /* we don't allow 0xa0, as this is a protected blank which may
+ * confuse the user */
+ else if( iscntrl(c) )
+ continue;
+ if( !(i < n-1) ) {
+ n += 50;
+ buf = xrealloc (buf, n);
+ }
+ buf[i++] = c;
+ }
+
+ if( hidden )
+ SetConsoleMode(con.in, DEF_INPMODE );
+
+#elif defined(__riscos__)
+ do {
+ c = riscos_getchar();
+ if (c == 0xa || c == 0xd) { /* Return || Enter */
+ c = (int) '\n';
+ } else if (c == 0x8 || c == 0x7f) { /* Backspace || Delete */
+ if (i>0) {
+ i--;
+ if (!hidden) {
+ last_prompt_len--;
+ fputc(8, ttyfp);
+ fputc(32, ttyfp);
+ fputc(8, ttyfp);
+ fflush(ttyfp);
+ }
+ } else {
+ fputc(7, ttyfp);
+ fflush(ttyfp);
+ }
+ continue;
+ } else if (c == (int) '\t') { /* Tab */
+ c = ' ';
+ } else if (c > 0xa0) {
+ ; /* we don't allow 0xa0, as this is a protected blank which may
+ * confuse the user */
+ } else if (iscntrl(c)) {
+ continue;
+ }
+ if(!(i < n-1)) {
+ n += 50;
+ buf = xrealloc (buf, n);
+ }
+ buf[i++] = c;
+ if (!hidden) {
+ last_prompt_len++;
+ fputc(c, ttyfp);
+ fflush(ttyfp);
+ }
+ } while (c != '\n');
+ i = (i>0) ? i-1 : 0;
+#else /* unix version */
+ if( hidden ) {
+#ifdef HAVE_TCGETATTR
+ struct termios term;
+
+ if( tcgetattr(fileno(ttyfp), &termsave) )
+ log_fatal("tcgetattr() failed: %s\n", strerror(errno) );
+ restore_termios = 1;
+ term = termsave;
+ term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
+ if( tcsetattr( fileno(ttyfp), TCSAFLUSH, &term ) )
+ log_fatal("tcsetattr() failed: %s\n", strerror(errno) );
+#endif
+ }
+
+ /* fixme: How can we avoid that the \n is echoed w/o disabling
+ * canonical mode - w/o this kill_prompt can't work */
+ while( read(fileno(ttyfp), cbuf, 1) == 1 && *cbuf != '\n' ) {
+ if( !hidden )
+ last_prompt_len++;
+ c = *cbuf;
+ if( c == CONTROL_D )
+ log_info("control d found\n");
+ if( c == '\t' )
+ c = ' ';
+ else if( c > 0xa0 )
+ ; /* we don't allow 0xa0, as this is a protected blank which may
+ * confuse the user */
+ else if( iscntrl(c) )
+ continue;
+ if( !(i < n-1) ) {
+ n += 50;
+ buf = xrealloc (buf, n );
+ }
+ buf[i++] = c;
+ }
+ if( *cbuf != '\n' ) {
+ buf[0] = CONTROL_D;
+ i = 1;
+ }
+
+
+ if( hidden ) {
+#ifdef HAVE_TCGETATTR
+ if( tcsetattr(fileno(ttyfp), TCSAFLUSH, &termsave) )
+ log_error("tcsetattr() failed: %s\n", strerror(errno) );
+ restore_termios = 0;
+#endif
+ }
+#endif /* end unix version */
+ buf[i] = 0;
+ return buf;
+}
+
+
+char *
+tty_get( const char *prompt )
+{
+ if (!batchmode && !no_terminal && my_rl_readline && my_rl_add_history)
+ {
+ char *line;
+ char *buf;
+
+ if (!initialized)
+ init_ttyfp();
+
+ last_prompt_len = 0;
+
+ line = my_rl_readline (prompt?prompt:"");
+
+ /* We need to copy it to memory controlled by our malloc
+ implementations; further we need to convert an EOF to our
+ convention. */
+ buf = xmalloc(line? strlen(line)+1:2);
+ if (line)
+ {
+ strcpy (buf, line);
+ trim_spaces (buf);
+ if (strlen (buf) > 2 )
+ my_rl_add_history (line); /* Note that we test BUF but add LINE. */
+ free (line);
+ }
+ else
+ {
+ buf[0] = CONTROL_D;
+ buf[1] = 0;
+ }
+ return buf;
+ }
+ else
+ return do_get ( prompt, 0 );
+}
+
+/* Variable argument version of tty_get. The prompt is is actually a
+ format string with arguments. */
+char *
+tty_getf (const char *promptfmt, ... )
+{
+ va_list arg_ptr;
+ char *prompt;
+ char *answer;
+
+ va_start (arg_ptr, promptfmt);
+ if (estream_vasprintf (&prompt, promptfmt, arg_ptr) < 0)
+ log_fatal ("estream_vasprintf failed: %s\n", strerror (errno));
+ va_end (arg_ptr);
+ answer = tty_get (prompt);
+ xfree (prompt);
+ return answer;
+}
+
+
+
+char *
+tty_get_hidden( const char *prompt )
+{
+ return do_get( prompt, 1 );
+}
+
+
+void
+tty_kill_prompt()
+{
+ if ( no_terminal )
+ return;
+
+ if( !initialized )
+ init_ttyfp();
+
+ if( batchmode )
+ last_prompt_len = 0;
+ if( !last_prompt_len )
+ return;
+#ifdef _WIN32
+ tty_printf("\r%*s\r", last_prompt_len, "");
+#else
+ {
+ int i;
+ putc('\r', ttyfp);
+ for(i=0; i < last_prompt_len; i ++ )
+ putc(' ', ttyfp);
+ putc('\r', ttyfp);
+ fflush(ttyfp);
+ }
+#endif
+ last_prompt_len = 0;
+}
+
+
+int
+tty_get_answer_is_yes( const char *prompt )
+{
+ int yes;
+ char *p = tty_get( prompt );
+ tty_kill_prompt();
+ yes = answer_is_yes(p);
+ xfree(p);
+ return yes;
+}
+
+
+/* Called by gnupg_rl_initialize to setup the readline support. */
+void
+tty_private_set_rl_hooks (void (*init_stream) (FILE *),
+ void (*set_completer) (rl_completion_func_t*),
+ void (*inhibit_completion) (int),
+ void (*cleanup_after_signal) (void),
+ char *(*readline_fun) (const char*),
+ void (*add_history_fun) (const char*))
+{
+ my_rl_init_stream = init_stream;
+ my_rl_set_completer = set_completer;
+ my_rl_inhibit_completion = inhibit_completion;
+ my_rl_cleanup_after_signal = cleanup_after_signal;
+ my_rl_readline = readline_fun;
+ my_rl_add_history = add_history_fun;
+}
+
+
+#ifdef HAVE_LIBREADLINE
+void
+tty_enable_completion (rl_completion_func_t *completer)
+{
+ if (no_terminal || !my_rl_set_completer )
+ return;
+
+ if (!initialized)
+ init_ttyfp();
+
+ my_rl_set_completer (completer);
+}
+
+void
+tty_disable_completion (void)
+{
+ if (no_terminal || !my_rl_inhibit_completion)
+ return;
+
+ if (!initialized)
+ init_ttyfp();
+
+ my_rl_inhibit_completion (1);
+}
+#endif
+
+void
+tty_cleanup_after_signal (void)
+{
+#ifdef HAVE_TCGETATTR
+ cleanup ();
+#endif
+}
+
+void
+tty_cleanup_rl_after_signal (void)
+{
+ if (my_rl_cleanup_after_signal)
+ my_rl_cleanup_after_signal ();
+}
diff --git a/common/ttyio.h b/common/ttyio.h
new file mode 100644
index 0000000..eb2116a
--- /dev/null
+++ b/common/ttyio.h
@@ -0,0 +1,63 @@
+/* ttyio.h
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2006,
+ * 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GNUPG.
+ *
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef GNUPG_COMMON_TTYIO_H
+#define GNUPG_COMMON_TTYIO_H
+
+#include "util.h" /* Make sure our readline typedef is available. */
+
+
+const char *tty_get_ttyname (void);
+int tty_batchmode (int onoff);
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
+void tty_printf (const char *fmt, ... )
+ __attribute__ ((format (printf,1,2)));
+void tty_fprintf (FILE *fp, const char *fmt, ... )
+ __attribute__ ((format (printf,2,3)));
+char *tty_getf (const char *promptfmt, ... )
+ __attribute__ ((format (printf,1,2)));
+#else
+void tty_printf (const char *fmt, ... );
+void tty_fprintf (FILE *fp, const char *fmt, ... );
+char *tty_getf (const char *promptfmt, ... );
+#endif
+void tty_print_string (const unsigned char *p, size_t n);
+void tty_print_utf8_string (const unsigned char *p, size_t n);
+void tty_print_utf8_string2 (const unsigned char *p, size_t n, size_t max_n);
+char *tty_get (const char *prompt);
+char *tty_get_hidden (const char *prompt);
+void tty_kill_prompt (void);
+int tty_get_answer_is_yes (const char *prompt);
+int tty_no_terminal (int onoff);
+
+#ifdef HAVE_LIBREADLINE
+void tty_enable_completion (rl_completion_func_t *completer);
+void tty_disable_completion (void);
+#else
+/* Use a macro to stub out these functions since a macro has no need
+ to typedef a "rl_completion_func_t" which would be undefined
+ without readline. */
+#define tty_enable_completion(x)
+#define tty_disable_completion()
+#endif
+void tty_cleanup_after_signal (void);
+void tty_cleanup_rl_after_signal (void);
+
+
+#endif /*GNUPG_COMMON_TTYIO_H*/
diff --git a/common/util.h b/common/util.h
new file mode 100644
index 0000000..cad6c8e
--- /dev/null
+++ b/common/util.h
@@ -0,0 +1,333 @@
+/* util.h - Utility functions for GnuPG
+ * Copyright (C) 2001, 2002, 2003, 2004, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_UTIL_H
+#define GNUPG_COMMON_UTIL_H
+
+#include <gcrypt.h> /* We need this for the memory function protos. */
+#include <time.h> /* We need time_t. */
+#include <errno.h> /* We need errno. */
+#include <gpg-error.h> /* We need gpg_error_t. */
+
+/* Add error codes available only in newer versions of libgpg-error. */
+#ifndef GPG_ERR_NOT_ENABLED
+#define GPG_ERR_NOT_ENABLED 179
+#endif
+#ifndef GPG_ERR_MISSING_ISSUER_CERT
+#define GPG_ERR_MISSING_ISSUER_CERT 185
+#endif
+
+/* Hash function used with libksba. */
+#define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write)
+
+/* Get all the stuff from jnlib. */
+#include "../jnlib/logging.h"
+#include "../jnlib/argparse.h"
+#include "../jnlib/stringhelp.h"
+#include "../jnlib/mischelp.h"
+#include "../jnlib/strlist.h"
+#include "../jnlib/dotlock.h"
+#include "../jnlib/utf8conv.h"
+#include "../jnlib/dynload.h"
+
+#include "init.h"
+
+/* Redefine asprintf by our estream version which uses our own memory
+ allocator.. */
+#include "estream-printf.h"
+#define asprintf estream_asprintf
+#define vasprintf estream_vasprintf
+
+/* Due to a bug in mingw32's snprintf related to the 'l' modifier we
+ better use our snprintf. */
+#ifdef HAVE_W32_SYSTEM
+#define snprintf estream_snprintf
+#endif
+
+
+/* GCC attributes. */
+#if __GNUC__ >= 4
+# define GNUPG_GCC_A_SENTINEL(a) __attribute__ ((sentinel(a)))
+#else
+# define GNUPG_GCC_A_SENTINEL(a)
+#endif
+
+
+/* We need this type even if we are not using libreadline and or we
+ did not include libreadline in the current file. */
+#ifndef GNUPG_LIBREADLINE_H_INCLUDED
+typedef char **rl_completion_func_t (const char *, int, int);
+#endif /*!GNUPG_LIBREADLINE_H_INCLUDED*/
+
+
+/* Handy malloc macros - please use only them. */
+#define xtrymalloc(a) gcry_malloc ((a))
+#define xtrymalloc_secure(a) gcry_malloc_secure ((a))
+#define xtrycalloc(a,b) gcry_calloc ((a),(b))
+#define xtrycalloc_secure(a,b) gcry_calloc_secure ((a),(b))
+#define xtryrealloc(a,b) gcry_realloc ((a),(b))
+#define xtrystrdup(a) gcry_strdup ((a))
+#define xfree(a) gcry_free ((a))
+
+#define xmalloc(a) gcry_xmalloc ((a))
+#define xmalloc_secure(a) gcry_xmalloc_secure ((a))
+#define xcalloc(a,b) gcry_xcalloc ((a),(b))
+#define xcalloc_secure(a,b) gcry_xcalloc_secure ((a),(b))
+#define xrealloc(a,b) gcry_xrealloc ((a),(b))
+#define xstrdup(a) gcry_xstrdup ((a))
+
+/* For compatibility with gpg 1.4 we also define these: */
+#define xmalloc_clear(a) gcry_xcalloc (1, (a))
+#define xmalloc_secure_clear(a) gcry_xcalloc_secure (1, (a))
+
+/* Convenience function to return a gpg-error code for memory
+ allocation failures. This function makes sure that an error will
+ be returned even if accidently ERRNO is not set. */
+static inline gpg_error_t
+out_of_core (void)
+{
+ return gpg_error_from_syserror ();
+}
+
+/* A type to hold the ISO time. Note that this this is the same as
+ the the KSBA type ksba_isotime_t. */
+typedef char gnupg_isotime_t[16];
+
+
+/*-- gettime.c --*/
+time_t gnupg_get_time (void);
+void gnupg_get_isotime (gnupg_isotime_t timebuf);
+void gnupg_set_time (time_t newtime, int freeze);
+int gnupg_faked_time_p (void);
+u32 make_timestamp (void);
+u32 scan_isodatestr (const char *string);
+time_t isotime2epoch (const char *string);
+void epoch2isotime (gnupg_isotime_t timebuf, time_t atime);
+u32 add_days_to_timestamp (u32 stamp, u16 days);
+const char *strtimevalue (u32 stamp);
+const char *strtimestamp (u32 stamp); /* GMT */
+const char *isotimestamp (u32 stamp); /* GMT */
+const char *asctimestamp (u32 stamp); /* localized */
+gpg_error_t add_seconds_to_isotime (gnupg_isotime_t atime, int nseconds);
+gpg_error_t add_days_to_isotime (gnupg_isotime_t atime, int ndays);
+gpg_error_t check_isotime (const gnupg_isotime_t atime);
+void dump_isotime (const gnupg_isotime_t atime);
+
+/* Copy one ISO date to another, this is inline so that we can do a
+ minimal sanity check. A null date (empty string) is allowed. */
+static inline void
+gnupg_copy_time (gnupg_isotime_t d, const gnupg_isotime_t s)
+{
+ if (*s)
+ {
+ if ((strlen (s) != 15 || s[8] != 'T'))
+ BUG();
+ memcpy (d, s, 15);
+ d[15] = 0;
+ }
+ else
+ *d = 0;
+}
+
+
+/*-- signal.c --*/
+void gnupg_init_signals (int mode, void (*fast_cleanup)(void));
+void gnupg_pause_on_sigusr (int which);
+void gnupg_block_all_signals (void);
+void gnupg_unblock_all_signals (void);
+
+/*-- yesno.c --*/
+int answer_is_yes (const char *s);
+int answer_is_yes_no_default (const char *s, int def_answer);
+int answer_is_yes_no_quit (const char *s);
+int answer_is_okay_cancel (const char *s, int def_answer);
+
+/*-- xreadline.c --*/
+ssize_t read_line (FILE *fp,
+ char **addr_of_buffer, size_t *length_of_buffer,
+ size_t *max_length);
+
+
+/*-- b64enc.c and b64dec.c --*/
+struct b64state
+{
+ unsigned int flags;
+ int idx;
+ int quad_count;
+ FILE *fp;
+ char *title;
+ unsigned char radbuf[4];
+ u32 crc;
+ int stop_seen:1;
+ int invalid_encoding:1;
+};
+
+gpg_error_t b64enc_start (struct b64state *state, FILE *fp, const char *title);
+gpg_error_t b64enc_write (struct b64state *state,
+ const void *buffer, size_t nbytes);
+gpg_error_t b64enc_finish (struct b64state *state);
+
+gpg_error_t b64dec_start (struct b64state *state, const char *title);
+gpg_error_t b64dec_proc (struct b64state *state, void *buffer, size_t length,
+ size_t *r_nbytes);
+gpg_error_t b64dec_finish (struct b64state *state);
+
+
+
+
+/*-- sexputil.c */
+gpg_error_t make_canon_sexp (gcry_sexp_t sexp,
+ unsigned char **r_buffer, size_t *r_buflen);
+gpg_error_t keygrip_from_canon_sexp (const unsigned char *key, size_t keylen,
+ unsigned char *grip);
+int cmp_simple_canon_sexp (const unsigned char *a, const unsigned char *b);
+unsigned char *make_simple_sexp_from_hexstr (const char *line,
+ size_t *nscanned);
+int hash_algo_from_sigval (const unsigned char *sigval);
+unsigned char *make_canon_sexp_from_rsa_pk (const void *m, size_t mlen,
+ const void *e, size_t elen,
+ size_t *r_len);
+gpg_error_t get_rsa_pk_from_canon_sexp (const unsigned char *keydata,
+ size_t keydatalen,
+ unsigned char const **r_n,
+ size_t *r_nlen,
+ unsigned char const **r_e,
+ size_t *r_elen);
+gpg_error_t get_pk_algo_from_canon_sexp (const unsigned char *keydata,
+ size_t keydatalen,
+ int *r_algo);
+
+/*-- convert.c --*/
+int hex2bin (const char *string, void *buffer, size_t length);
+int hexcolon2bin (const char *string, void *buffer, size_t length);
+char *bin2hex (const void *buffer, size_t length, char *stringbuf);
+char *bin2hexcolon (const void *buffer, size_t length, char *stringbuf);
+const char *hex2str (const char *hexstring,
+ char *buffer, size_t bufsize, size_t *buflen);
+char *hex2str_alloc (const char *hexstring, size_t *r_count);
+
+/*-- percent.c --*/
+char *percent_plus_escape (const char *string);
+char *percent_plus_unescape (const char *string, int nulrepl);
+char *percent_unescape (const char *string, int nulrepl);
+
+size_t percent_plus_unescape_inplace (char *string, int nulrepl);
+size_t percent_unescape_inplace (char *string, int nulrepl);
+
+
+/*-- homedir.c --*/
+const char *standard_homedir (void);
+const char *default_homedir (void);
+const char *gnupg_sysconfdir (void);
+const char *gnupg_bindir (void);
+const char *gnupg_libexecdir (void);
+const char *gnupg_libdir (void);
+const char *gnupg_datadir (void);
+const char *gnupg_localedir (void);
+const char *dirmngr_socket_name (void);
+
+/* All module names. We also include gpg and gpgsm for the sake for
+ gpgconf. */
+#define GNUPG_MODULE_NAME_AGENT 1
+#define GNUPG_MODULE_NAME_PINENTRY 2
+#define GNUPG_MODULE_NAME_SCDAEMON 3
+#define GNUPG_MODULE_NAME_DIRMNGR 4
+#define GNUPG_MODULE_NAME_PROTECT_TOOL 5
+#define GNUPG_MODULE_NAME_CHECK_PATTERN 6
+#define GNUPG_MODULE_NAME_GPGSM 7
+#define GNUPG_MODULE_NAME_GPG 8
+#define GNUPG_MODULE_NAME_CONNECT_AGENT 9
+#define GNUPG_MODULE_NAME_GPGCONF 10
+const char *gnupg_module_name (int which);
+
+
+
+/*-- gpgrlhelp.c --*/
+void gnupg_rl_initialize (void);
+
+/*-- helpfile.c --*/
+char *gnupg_get_help_string (const char *key, int only_current_locale);
+
+/*-- localename.c --*/
+const char *gnupg_messages_locale_name (void);
+
+/*-- miscellaneous.c --*/
+
+/* This function is called at startup to tell libgcrypt to use our own
+ logging subsystem. */
+void setup_libgcrypt_logging (void);
+
+/* Same as estream_asprintf but die on memory failure. */
+char *xasprintf (const char *fmt, ...) JNLIB_GCC_A_PRINTF(1,2);
+/* This is now an alias to estream_asprintf. */
+char *xtryasprintf (const char *fmt, ...) JNLIB_GCC_A_PRINTF(1,2);
+
+const char *print_fname_stdout (const char *s);
+const char *print_fname_stdin (const char *s);
+void print_string (FILE *fp, const byte *p, size_t n, int delim);
+void print_utf8_string2 ( FILE *fp, const byte *p, size_t n, int delim);
+void print_utf8_string (FILE *fp, const byte *p, size_t n);
+void print_hexstring (FILE *fp, const void *buffer, size_t length,
+ int reserved);
+char *make_printable_string (const void *p, size_t n, int delim);
+
+int is_file_compressed (const char *s, int *ret_rc);
+
+int match_multistr (const char *multistr,const char *match);
+
+
+/*-- Simple replacement functions. */
+#ifndef HAVE_TTYNAME
+/* Systems without ttyname (W32) will merely return NULL. */
+static inline char *
+ttyname (int fd)
+{
+ (void)fd;
+ return NULL;
+}
+#endif /* !HAVE_TTYNAME */
+
+
+/*-- Macros to replace ctype ones to avoid locale problems. --*/
+#define spacep(p) (*(p) == ' ' || *(p) == '\t')
+#define digitp(p) (*(p) >= '0' && *(p) <= '9')
+#define hexdigitp(a) (digitp (a) \
+ || (*(a) >= 'A' && *(a) <= 'F') \
+ || (*(a) >= 'a' && *(a) <= 'f'))
+ /* Note this isn't identical to a C locale isspace() without \f and
+ \v, but works for the purposes used here. */
+#define ascii_isspace(a) ((a)==' ' || (a)=='\n' || (a)=='\r' || (a)=='\t')
+
+/* The atoi macros assume that the buffer has only valid digits. */
+#define atoi_1(p) (*(p) - '0' )
+#define atoi_2(p) ((atoi_1(p) * 10) + atoi_1((p)+1))
+#define atoi_4(p) ((atoi_2(p) * 100) + atoi_2((p)+2))
+#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \
+ *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
+#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
+#define xtoi_4(p) ((xtoi_2(p) * 256) + xtoi_2((p)+2))
+
+
+/*-- Forward declaration of the commonly used server control structure. */
+/* (We need it here as it is used by some callback prototypes.) */
+struct server_control_s;
+typedef struct server_control_s *ctrl_t;
+
+
+#endif /*GNUPG_COMMON_UTIL_H*/
diff --git a/common/xasprintf.c b/common/xasprintf.c
new file mode 100644
index 0000000..9774d06
--- /dev/null
+++ b/common/xasprintf.c
@@ -0,0 +1,62 @@
+/* xasprintf.c
+ * Copyright (C) 2003, 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include "util.h"
+#include "iobuf.h"
+#include "estream-printf.h"
+
+#if !defined(_ESTREAM_PRINTF_MALLOC) || !defined(_ESTREAM_PRINTF_FREE)
+#error Need to define ESTREAM_PRINTF_MALLOC and _FREE
+#endif
+
+/* Same as asprintf but return an allocated buffer suitable to be
+ freed using xfree. This function simply dies on memory failure,
+ thus no extra check is required. */
+char *
+xasprintf (const char *fmt, ...)
+{
+ va_list ap;
+ char *buf;
+
+ va_start (ap, fmt);
+ if (estream_vasprintf (&buf, fmt, ap) < 0)
+ log_fatal ("estream_asprintf failed: %s\n", strerror (errno));
+ va_end (ap);
+ return buf;
+}
+
+/* Same as above but return NULL on memory failure. */
+char *
+xtryasprintf (const char *fmt, ...)
+{
+ int rc;
+ va_list ap;
+ char *buf;
+
+ va_start (ap, fmt);
+ rc = estream_vasprintf (&buf, fmt, ap);
+ va_end (ap);
+ if (rc < 0)
+ return NULL;
+ return buf;
+}
diff --git a/common/xreadline.c b/common/xreadline.c
new file mode 100644
index 0000000..8ca72b7
--- /dev/null
+++ b/common/xreadline.c
@@ -0,0 +1,117 @@
+/* xreadline.c - fgets replacement function
+ * Copyright (C) 1999, 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include "util.h"
+
+
+/* Same as fgets() but if the provided buffer is too short a larger
+ one will be allocated. This is similar to getline. A line is
+ considered a byte stream ending in a LF.
+
+ If MAX_LENGTH is not NULL, it shall point to a value with the
+ maximum allowed allocation.
+
+ Returns the length of the line. EOF is indicated by a line of
+ length zero. A truncated line is indicated by setting the value at
+ MAX_LENGTH to 0. If the returned value is less then 0 not enough
+ memory was enable and ERRNO is set accordingly.
+
+ If a line has been truncated, the file pointer is moved forward to
+ the end of the line so that the next read starts with the next
+ line. Note that MAX_LENGTH must be re-initialzied in this case.
+
+ Note: The returned buffer is allocated with enough extra space to
+ append a CR,LF,Nul
+ */
+ssize_t
+read_line (FILE *fp,
+ char **addr_of_buffer, size_t *length_of_buffer,
+ size_t *max_length)
+{
+ int c;
+ char *buffer = *addr_of_buffer;
+ size_t length = *length_of_buffer;
+ size_t nbytes = 0;
+ size_t maxlen = max_length? *max_length : 0;
+ char *p;
+
+ if (!buffer)
+ { /* No buffer given - allocate a new one. */
+ length = 256;
+ buffer = xtrymalloc (length);
+ *addr_of_buffer = buffer;
+ if (!buffer)
+ {
+ *length_of_buffer = 0;
+ if (max_length)
+ *max_length = 0;
+ return -1;
+ }
+ *length_of_buffer = length;
+ }
+
+ length -= 3; /* Reserve 3 bytes for CR,LF,EOL. */
+ p = buffer;
+ while ((c = getc (fp)) != EOF)
+ {
+ if (nbytes == length)
+ { /* Enlarge the buffer. */
+ if (maxlen && length > maxlen) /* But not beyond our limit. */
+ {
+ /* Skip the rest of the line. */
+ while (c != '\n' && (c=getc (fp)) != EOF)
+ ;
+ *p++ = '\n'; /* Always append a LF (we reserved some space). */
+ nbytes++;
+ if (max_length)
+ *max_length = 0; /* Indicate truncation. */
+ break; /* the while loop. */
+ }
+ length += 3; /* Adjust for the reserved bytes. */
+ length += length < 1024? 256 : 1024;
+ *addr_of_buffer = xtryrealloc (buffer, length);
+ if (!*addr_of_buffer)
+ {
+ int save_errno = errno;
+ xfree (buffer);
+ *length_of_buffer = 0;
+ if (max_length)
+ *max_length = 0;
+ errno = save_errno;
+ return -1;
+ }
+ buffer = *addr_of_buffer;
+ *length_of_buffer = length;
+ length -= 3;
+ p = buffer + nbytes;
+ }
+ *p++ = c;
+ nbytes++;
+ if (c == '\n')
+ break;
+ }
+ *p = 0; /* Make sure the line is a string. */
+
+ return nbytes;
+}
diff --git a/common/yesno.c b/common/yesno.c
new file mode 100644
index 0000000..a7131b7
--- /dev/null
+++ b/common/yesno.c
@@ -0,0 +1,141 @@
+/* yesno.c - Yes/No questions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include "i18n.h"
+#include "util.h"
+
+
+/* Check the string S for a YES or NO answer and take care of
+ localization. If no valid string is given the value of DEF_ANSWER
+ is returned. Returns 1 for yes and 0 for no. */
+int
+answer_is_yes_no_default (const char *s, int def_answer)
+{
+ /* TRANSLATORS: See doc/TRANSLATE about this string. */
+ const char *long_yes = _("yes");
+ const char *short_yes = _("yY");
+ /* TRANSLATORS: See doc/TRANSLATE about this string. */
+ const char *long_no = _("no");
+ const char *short_no = _("nN");
+
+ /* Note: we have to use the local dependent compare here. */
+ if ( match_multistr(long_yes,s) )
+ return 1;
+ if ( *s && strchr( short_yes, *s ) && !s[1] )
+ return 1;
+ /* Test for "no" strings to catch ambiguities for the next test. */
+ if ( match_multistr(long_no,s) )
+ return 0;
+ if ( *s && strchr( short_no, *s ) && !s[1] )
+ return 0;
+ /* Test for the english version (for those who are used to type yes). */
+ if ( !ascii_strcasecmp(s, "yes" ) )
+ return 1;
+ if ( *s && strchr( "yY", *s ) && !s[1] )
+ return 1;
+ return def_answer;
+}
+
+int
+answer_is_yes ( const char *s )
+{
+ return answer_is_yes_no_default(s,0);
+}
+
+/****************
+ * Return 1 for yes, -1 for quit, or 0 for no
+ */
+int
+answer_is_yes_no_quit ( const char *s )
+{
+ /* TRANSLATORS: See doc/TRANSLATE about this string. */
+ const char *long_yes = _("yes");
+ /* TRANSLATORS: See doc/TRANSLATE about this string. */
+ const char *long_no = _("no");
+ /* TRANSLATORS: See doc/TRANSLATE about this string. */
+ const char *long_quit = _("quit");
+ const char *short_yes = _("yY");
+ const char *short_no = _("nN");
+ const char *short_quit = _("qQ");
+
+ /* Note: we have to use a local dependent compare here. */
+ if ( match_multistr(long_no,s) )
+ return 0;
+ if ( match_multistr(long_yes,s) )
+ return 1;
+ if ( match_multistr(long_quit,s) )
+ return -1;
+ if ( *s && strchr( short_no, *s ) && !s[1] )
+ return 0;
+ if ( *s && strchr( short_yes, *s ) && !s[1] )
+ return 1;
+ if ( *s && strchr( short_quit, *s ) && !s[1] )
+ return -1;
+ /* but not here. */
+ if ( !ascii_strcasecmp(s, "yes" ) )
+ return 1;
+ if ( !ascii_strcasecmp(s, "quit" ) )
+ return -1;
+ if ( *s && strchr( "yY", *s ) && !s[1] )
+ return 1;
+ if ( *s && strchr( "qQ", *s ) && !s[1] )
+ return -1;
+ return 0;
+}
+
+/*
+ Return 1 for okay, 0 for for cancel or DEF_ANSWER for default.
+ */
+int
+answer_is_okay_cancel (const char *s, int def_answer)
+{
+ /* TRANSLATORS: See doc/TRANSLATE about this string. */
+ const char *long_okay = _("okay|okay");
+ /* TRANSLATORS: See doc/TRANSLATE about this string. */
+ const char *long_cancel = _("cancel|cancel");
+ const char *short_okay = _("oO");
+ const char *short_cancel = _("cC");
+
+ /* Note: We have to use the locale dependent compare. */
+ if ( match_multistr(long_okay,s) )
+ return 1;
+ if ( match_multistr(long_cancel,s) )
+ return 0;
+ if ( *s && strchr( short_okay, *s ) && !s[1] )
+ return 1;
+ if ( *s && strchr( short_cancel, *s ) && !s[1] )
+ return 0;
+ /* Always test for the English values (not locale here). */
+ if ( !ascii_strcasecmp(s, "okay" ) )
+ return 1;
+ if ( !ascii_strcasecmp(s, "ok" ) )
+ return 1;
+ if ( !ascii_strcasecmp(s, "cancel" ) )
+ return 0;
+ if ( *s && strchr( "oO", *s ) && !s[1] )
+ return 1;
+ if ( *s && strchr( "cC", *s ) && !s[1] )
+ return 0;
+ return def_answer;
+}
+
diff --git a/config.h.in b/config.h.in
new file mode 100644
index 0000000..c10904b
--- /dev/null
+++ b/config.h.in
@@ -0,0 +1,891 @@
+/* config.h.in. Generated from configure.ac by autoheader. */
+
+
+#ifndef GNUPG_CONFIG_H_INCLUDED
+#define GNUPG_CONFIG_H_INCLUDED
+
+
+/* Define this to an absolute name of <stdint.h>. */
+#undef ABSOLUTE_STDINT_H
+
+/* Defined if the host has big endian byte ordering */
+#undef BIG_ENDIAN_HOST
+
+/* an Apple OSXism */
+#undef BIND_8_COMPAT
+
+/* Define to the number of bits in type 'ptrdiff_t'. */
+#undef BITSIZEOF_PTRDIFF_T
+
+/* Define to the number of bits in type 'sig_atomic_t'. */
+#undef BITSIZEOF_SIG_ATOMIC_T
+
+/* Define to the number of bits in type 'size_t'. */
+#undef BITSIZEOF_SIZE_T
+
+/* Define to the number of bits in type 'wchar_t'. */
+#undef BITSIZEOF_WCHAR_T
+
+/* Define to the number of bits in type 'wint_t'. */
+#undef BITSIZEOF_WINT_T
+
+/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP
+ systems. This function is required for `alloca.c' support on those systems.
+ */
+#undef CRAY_STACKSEG_END
+
+/* Define to 1 if using `alloca.c'. */
+#undef C_ALLOCA
+
+/* define to disable keyserver helpers */
+#undef DISABLE_KEYSERVER_HELPERS
+
+/* Defined to disable exec-path for keyserver helpers */
+#undef DISABLE_KEYSERVER_PATH
+
+/* define to disable photo viewing */
+#undef DISABLE_PHOTO_VIEWER
+
+/* Define to disable regular expression support */
+#undef DISABLE_REGEX
+
+/* Define to 1 if translation of program messages to the user's native
+ language is requested. */
+#undef ENABLE_NLS
+
+/* Define to enable SELinux support */
+#undef ENABLE_SELINUX_HACKS
+
+/* The executable file extension, if any */
+#undef EXEEXT
+
+/* if set, restrict photo-viewer to this */
+#undef FIXED_PHOTO_VIEWER
+
+/* version of the libbassuan library */
+#undef GNUPG_LIBASSUAN_VERSION
+
+/* Define to 1 if you have the `adns_free' function. */
+#undef HAVE_ADNS_FREE
+
+/* Define to 1 if you have the <adns.h> header file. */
+#undef HAVE_ADNS_H
+
+/* Define to 1 if you have `alloca' after including <alloca.h>, a header that
+ may be supplied by this distribution. */
+#undef HAVE_ALLOCA
+
+/* Define HAVE_ALLOCA_H for backward compatibility with older code that
+ includes <alloca.h> only if HAVE_ALLOCA_H is defined. */
+#undef HAVE_ALLOCA_H
+
+/* Define to 1 if you have the `atexit' function. */
+#undef HAVE_ATEXIT
+
+/* Defined if a `byte' is typedef'd */
+#undef HAVE_BYTE_TYPEDEF
+
+/* Defined if the bz2 compression library is available */
+#undef HAVE_BZIP2
+
+/* Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the
+ CoreFoundation framework. */
+#undef HAVE_CFLOCALECOPYCURRENT
+
+/* Define to 1 if you have the MacOS X function CFPreferencesCopyAppValue in
+ the CoreFoundation framework. */
+#undef HAVE_CFPREFERENCESCOPYAPPVALUE
+
+/* Define to 1 if you have the `clock_gettime' function. */
+#undef HAVE_CLOCK_GETTIME
+
+/* Define to 1 if you have the `ctermid' function. */
+#undef HAVE_CTERMID
+
+/* Define if the GNU dcgettext() function is already present or preinstalled.
+ */
+#undef HAVE_DCGETTEXT
+
+/* Define to 1 if you have the declaration of `getpagesize', and to 0 if you
+ don't. */
+#undef HAVE_DECL_GETPAGESIZE
+
+/* Define to 1 if you have the declaration of `sys_siglist', and to 0 if you
+ don't. */
+#undef HAVE_DECL_SYS_SIGLIST
+
+/* Define to 1 if you have the <direct.h> header file. */
+#undef HAVE_DIRECT_H
+
+/* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
+#undef HAVE_DOPRNT
+
+/* Defined if we run on some of the PCDOS like systems (DOS, Windoze. OS/2)
+ with special properties like no file modes */
+#undef HAVE_DOSISH_SYSTEM
+
+/* defined if we must run on a stupid file system */
+#undef HAVE_DRIVE_LETTERS
+
+/* Define if you have the declaration of environ. */
+#undef HAVE_ENVIRON_DECL
+
+/* Define to 1 if you have the `fcntl' function. */
+#undef HAVE_FCNTL
+
+/* Define to 1 if you have the `flockfile' function. */
+#undef HAVE_FLOCKFILE
+
+/* Define to 1 if you have the `fopencookie' function. */
+#undef HAVE_FOPENCOOKIE
+
+/* Define to 1 if you have the `fork' function. */
+#undef HAVE_FORK
+
+/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */
+#undef HAVE_FSEEKO
+
+/* Define to 1 if you have the `fsync' function. */
+#undef HAVE_FSYNC
+
+/* Define to 1 if you have the `ftello' function. */
+#undef HAVE_FTELLO
+
+/* Define to 1 if you have the `ftruncate' function. */
+#undef HAVE_FTRUNCATE
+
+/* Define to 1 if you have the `funlockfile' function. */
+#undef HAVE_FUNLOCKFILE
+
+/* Define to 1 if you have the `funopen' function. */
+#undef HAVE_FUNOPEN
+
+/* Define to 1 if you have the `getaddrinfo' function. */
+#undef HAVE_GETADDRINFO
+
+/* Define to 1 if you have the <getopt.h> header file. */
+#undef HAVE_GETOPT_H
+
+/* Define to 1 if you have the `getpagesize' function. */
+#undef HAVE_GETPAGESIZE
+
+/* Define to 1 if you have the `getpwnam' function. */
+#undef HAVE_GETPWNAM
+
+/* Define to 1 if you have the `getpwuid' function. */
+#undef HAVE_GETPWUID
+
+/* Define to 1 if you have the `getrlimit' function. */
+#undef HAVE_GETRLIMIT
+
+/* Define to 1 if you have the `getrusage' function. */
+#undef HAVE_GETRUSAGE
+
+/* Define if the GNU gettext() function is already present or preinstalled. */
+#undef HAVE_GETTEXT
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#undef HAVE_GETTIMEOFDAY
+
+/* Define to 1 if you have the `gmtime_r' function. */
+#undef HAVE_GMTIME_R
+
+/* Define if you have the iconv() function and it works. */
+#undef HAVE_ICONV
+
+/* Define to 1 if the system has the type `intmax_t'. */
+#undef HAVE_INTMAX_T
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the `isascii' function. */
+#undef HAVE_ISASCII
+
+/* Define if you have <langinfo.h> and nl_langinfo(CODESET). */
+#undef HAVE_LANGINFO_CODESET
+
+/* Define to 1 if you have the <langinfo.h> header file. */
+#undef HAVE_LANGINFO_H
+
+/* Define if you have <langinfo.h> and nl_langinfo(THOUSANDS_SEP). */
+#undef HAVE_LANGINFO_THOUSANDS_SEP
+
+/* Define if your <locale.h> file defines LC_MESSAGES. */
+#undef HAVE_LC_MESSAGES
+
+/* Define to 1 if you have the `ldap_get_option' function. */
+#undef HAVE_LDAP_GET_OPTION
+
+/* Define if the LDAP library supports ld_errno */
+#undef HAVE_LDAP_LD_ERRNO
+
+/* Define to 1 if you have the `ldap_set_option' function. */
+#undef HAVE_LDAP_SET_OPTION
+
+/* Define to 1 if you have the `ldap_start_tls_s' function. */
+#undef HAVE_LDAP_START_TLS_S
+
+/* Define to 1 if you have the `ldap_start_tls_sA' function. */
+#undef HAVE_LDAP_START_TLS_SA
+
+/* Define to 1 if you have a functional curl library. */
+#undef HAVE_LIBCURL
+
+/* Define to 1 if you have a fully functional readline library. */
+#undef HAVE_LIBREADLINE
+
+/* defined if libusb is available */
+#undef HAVE_LIBUSB
+
+/* defined if libutil is available */
+#undef HAVE_LIBUTIL
+
+/* Define to 1 if you have the <locale.h> header file. */
+#undef HAVE_LOCALE_H
+
+/* Define to 1 if the system has the type `long double'. */
+#undef HAVE_LONG_DOUBLE
+
+/* Define to 1 if the system has the type `long long int'. */
+#undef HAVE_LONG_LONG_INT
+
+/* Define to 1 if you have the `memicmp' function. */
+#undef HAVE_MEMICMP
+
+/* Define to 1 if you have the `memmove' function. */
+#undef HAVE_MEMMOVE
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the `memrchr' function. */
+#undef HAVE_MEMRCHR
+
+/* Define to 1 if you have the `mkdtemp' function. */
+#undef HAVE_MKDTEMP
+
+/* Define to 1 if you have the `mmap' function. */
+#undef HAVE_MMAP
+
+/* Define to 1 if you have the `nl_langinfo' function. */
+#undef HAVE_NL_LANGINFO
+
+/* Define to 1 if you have the `pipe' function. */
+#undef HAVE_PIPE
+
+/* Defined if the GNU Pth is available */
+#undef HAVE_PTH
+
+/* Define to 1 if the system has the type `ptrdiff_t'. */
+#undef HAVE_PTRDIFF_T
+
+/* Define to 1 if you have the <pty.h> header file. */
+#undef HAVE_PTY_H
+
+/* Define to 1 if you have the <pwd.h> header file. */
+#undef HAVE_PWD_H
+
+/* Define to 1 if you have the `raise' function. */
+#undef HAVE_RAISE
+
+/* Define to 1 if you have the `rand' function. */
+#undef HAVE_RAND
+
+/* Define to 1 if you have the <search.h> header file. */
+#undef HAVE_SEARCH_H
+
+/* Define to 1 if you have the `setenv' function. */
+#undef HAVE_SETENV
+
+/* Define to 1 if you have the `setlocale' function. */
+#undef HAVE_SETLOCALE
+
+/* Define to 1 if you have the `setrlimit' function. */
+#undef HAVE_SETRLIMIT
+
+/* Define to 1 if you have the `sigaction' function. */
+#undef HAVE_SIGACTION
+
+/* Define to 1 if 'sig_atomic_t' is a signed integer type. */
+#undef HAVE_SIGNED_SIG_ATOMIC_T
+
+/* Define to 1 if 'wchar_t' is a signed integer type. */
+#undef HAVE_SIGNED_WCHAR_T
+
+/* Define to 1 if 'wint_t' is a signed integer type. */
+#undef HAVE_SIGNED_WINT_T
+
+/* Define to 1 if you have the `sigprocmask' function. */
+#undef HAVE_SIGPROCMASK
+
+/* Define to 1 if the system has the type `sigset_t'. */
+#undef HAVE_SIGSET_T
+
+/* Define to 1 if you have the `stat' function. */
+#undef HAVE_STAT
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the `stpcpy' function. */
+#undef HAVE_STPCPY
+
+/* Define to 1 if you have the `strcasecmp' function. */
+#undef HAVE_STRCASECMP
+
+/* Define to 1 if you have the `strchr' function. */
+#undef HAVE_STRCHR
+
+/* Define to 1 if you have the `strerror' function. */
+#undef HAVE_STRERROR
+
+/* Define to 1 if you have the `strftime' function. */
+#undef HAVE_STRFTIME
+
+/* Define to 1 if you have the `stricmp' function. */
+#undef HAVE_STRICMP
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the `strlwr' function. */
+#undef HAVE_STRLWR
+
+/* Define to 1 if you have the `strncasecmp' function. */
+#undef HAVE_STRNCASECMP
+
+/* Define to 1 if you have the `strpbrk' function. */
+#undef HAVE_STRPBRK
+
+/* Define to 1 if you have the `strsep' function. */
+#undef HAVE_STRSEP
+
+/* Define to 1 if you have the `strtol' function. */
+#undef HAVE_STRTOL
+
+/* Define to 1 if you have the `strtoul' function. */
+#undef HAVE_STRTOUL
+
+/* Define to 1 if the system has the type `struct sigaction'. */
+#undef HAVE_STRUCT_SIGACTION
+
+/* Define to 1 if you have the <sys/bitypes.h> header file. */
+#undef HAVE_SYS_BITYPES_H
+
+/* Define to 1 if you have the <sys/inttypes.h> header file. */
+#undef HAVE_SYS_INTTYPES_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#undef HAVE_SYS_TIME_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the `tcgetattr' function. */
+#undef HAVE_TCGETATTR
+
+/* Define to 1 if you have the <termio.h> header file. */
+#undef HAVE_TERMIO_H
+
+/* Define to 1 if you have the `timegm' function. */
+#undef HAVE_TIMEGM
+
+/* Define to 1 if you have the `times' function. */
+#undef HAVE_TIMES
+
+/* Define to 1 if you have the <time.h> header file. */
+#undef HAVE_TIME_H
+
+/* Define to 1 if you have the `tsearch' function. */
+#undef HAVE_TSEARCH
+
+/* Define to 1 if you have the `ttyname' function. */
+#undef HAVE_TTYNAME
+
+/* Defined if a `u16' is typedef'd */
+#undef HAVE_U16_TYPEDEF
+
+/* Defined if a `u32' is typedef'd */
+#undef HAVE_U32_TYPEDEF
+
+/* Define to 1 if the system has the type `uintmax_t'. */
+#undef HAVE_UINTMAX_T
+
+/* Defined if a `ulong' is typedef'd */
+#undef HAVE_ULONG_TYPEDEF
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `unsetenv' function. */
+#undef HAVE_UNSETENV
+
+/* Define to 1 if the system has the type `unsigned long long int'. */
+#undef HAVE_UNSIGNED_LONG_LONG_INT
+
+/* Define to 1 if you have the `usb_create_match' function. */
+#undef HAVE_USB_CREATE_MATCH
+
+/* Defined if a `ushort' is typedef'd */
+#undef HAVE_USHORT_TYPEDEF
+
+/* Define to 1 if you have the <utmp.h> header file. */
+#undef HAVE_UTMP_H
+
+/* Define to 1 if you have the `vfork' function. */
+#undef HAVE_VFORK
+
+/* Define to 1 if you have the <vfork.h> header file. */
+#undef HAVE_VFORK_H
+
+/* Define to 1 if you have the `vprintf' function. */
+#undef HAVE_VPRINTF
+
+/* Defined if we run on a W32 API based system */
+#undef HAVE_W32_SYSTEM
+
+/* Define to 1 if you have the `wait4' function. */
+#undef HAVE_WAIT4
+
+/* Define to 1 if you have the `waitpid' function. */
+#undef HAVE_WAITPID
+
+/* Define to 1 if you have the <wchar.h> header file. */
+#undef HAVE_WCHAR_H
+
+/* Define to 1 if you have the <winsock2.h> header file. */
+#undef HAVE_WINSOCK2_H
+
+/* Define to 1 if `fork' works. */
+#undef HAVE_WORKING_FORK
+
+/* Define to 1 if `vfork' works. */
+#undef HAVE_WORKING_VFORK
+
+/* Define to 1 if you have the <ws2tcpip.h> header file. */
+#undef HAVE_WS2TCPIP_H
+
+/* Define as const if the declaration of iconv() needs const. */
+#undef ICONV_CONST
+
+/* Defined if this is not a regular release */
+#undef IS_DEVELOPMENT_VERSION
+
+/* Defined if libcurl supports AsynchDNS */
+#undef LIBCURL_FEATURE_ASYNCHDNS
+
+/* Defined if libcurl supports IDN */
+#undef LIBCURL_FEATURE_IDN
+
+/* Defined if libcurl supports IPv6 */
+#undef LIBCURL_FEATURE_IPV6
+
+/* Defined if libcurl supports KRB4 */
+#undef LIBCURL_FEATURE_KRB4
+
+/* Defined if libcurl supports libz */
+#undef LIBCURL_FEATURE_LIBZ
+
+/* Defined if libcurl supports NTLM */
+#undef LIBCURL_FEATURE_NTLM
+
+/* Defined if libcurl supports SSL */
+#undef LIBCURL_FEATURE_SSL
+
+/* Defined if libcurl supports SSPI */
+#undef LIBCURL_FEATURE_SSPI
+
+/* Defined if libcurl supports DICT */
+#undef LIBCURL_PROTOCOL_DICT
+
+/* Defined if libcurl supports FILE */
+#undef LIBCURL_PROTOCOL_FILE
+
+/* Defined if libcurl supports FTP */
+#undef LIBCURL_PROTOCOL_FTP
+
+/* Defined if libcurl supports FTPS */
+#undef LIBCURL_PROTOCOL_FTPS
+
+/* Defined if libcurl supports HTTP */
+#undef LIBCURL_PROTOCOL_HTTP
+
+/* Defined if libcurl supports HTTPS */
+#undef LIBCURL_PROTOCOL_HTTPS
+
+/* Defined if libcurl supports LDAP */
+#undef LIBCURL_PROTOCOL_LDAP
+
+/* Defined if libcurl supports TELNET */
+#undef LIBCURL_PROTOCOL_TELNET
+
+/* Defined if libcurl supports TFTP */
+#undef LIBCURL_PROTOCOL_TFTP
+
+/* Defined if the host has little endian byte ordering */
+#undef LITTLE_ENDIAN_HOST
+
+/* If malloc(0) is != NULL, define this to 1. Otherwise define this to 0. */
+#undef MALLOC_0_IS_NONNULL
+
+/* Defined if mkdir() does not take permission flags */
+#undef MKDIR_TAKES_ONE_ARG
+
+/* Required version of Libksba */
+#undef NEED_KSBA_VERSION
+
+/* Define if the LDAP library requires including lber.h before ldap.h */
+#undef NEED_LBER_H
+
+/* Required version of Libgcrypt */
+#undef NEED_LIBGCRYPT_VERSION
+
+/* Define to disable all external program execution */
+#undef NO_EXEC
+
+/* Define to 1 if your C compiler doesn't accept -c and -o together. */
+#undef NO_MINUS_C_MINUS_O
+
+/* Name of this package */
+#undef PACKAGE
+
+/* Bug report address */
+#undef PACKAGE_BUGREPORT
+
+/* Name of this package for gettext */
+#undef PACKAGE_GT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Size of the key and UID caches */
+#undef PK_UID_CACHE_SIZE
+
+/* A human readable text with the name of the OS */
+#undef PRINTABLE_OS_NAME
+
+/* Define to l, ll, u, ul, ull, etc., as suitable for constants of type
+ 'ptrdiff_t'. */
+#undef PTRDIFF_T_SUFFIX
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#undef RETSIGTYPE
+
+/* defines the filename of the shred program */
+#undef SHRED
+
+/* Define to l, ll, u, ul, ull, etc., as suitable for constants of type
+ 'sig_atomic_t'. */
+#undef SIG_ATOMIC_T_SUFFIX
+
+/* The size of `time_t', as computed by sizeof. */
+#undef SIZEOF_TIME_T
+
+/* The size of `uint64_t', as computed by sizeof. */
+#undef SIZEOF_UINT64_T
+
+/* The size of `unsigned int', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_INT
+
+/* The size of `unsigned long', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_LONG
+
+/* The size of `unsigned long long', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_LONG_LONG
+
+/* The size of `unsigned short', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_SHORT
+
+/* The size of `void *', as computed by sizeof. */
+#undef SIZEOF_VOID_P
+
+/* Define as the maximum value of type 'size_t', if the system doesn't define
+ it. */
+#undef SIZE_MAX
+
+/* Define to l, ll, u, ul, ull, etc., as suitable for constants of type
+ 'size_t'. */
+#undef SIZE_T_SUFFIX
+
+/* If using the C implementation of alloca, define if you know the
+ direction of stack growth for your system; otherwise it will be
+ automatically deduced at runtime.
+ STACK_DIRECTION > 0 => grows toward higher addresses
+ STACK_DIRECTION < 0 => grows toward lower addresses
+ STACK_DIRECTION = 0 => direction of growth unknown */
+#undef STACK_DIRECTION
+
+/* Define to 1 if the `S_IS*' macros in <sys/stat.h> do not work properly. */
+#undef STAT_MACROS_BROKEN
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#undef TIME_WITH_SYS_TIME
+
+/* Use ADNS as resolver library. */
+#undef USE_ADNS
+
+/* define to use DNS CERT */
+#undef USE_DNS_CERT
+
+/* define to use our experimental DNS PKA */
+#undef USE_DNS_PKA
+
+/* define to use DNS SRV */
+#undef USE_DNS_SRV
+
+/* Defined if the GNU Portable Thread Library should be used */
+#undef USE_GNU_PTH
+
+/* set this to limit filenames to the 8.3 format */
+#undef USE_ONLY_8DOT3
+
+/* because the Unix gettext has too much overhead on MingW32 systems and these
+ systems lack Posix functions, we use a simplified version of gettext */
+#undef USE_SIMPLE_GETTEXT
+
+/* Use a standard socket for the agent by default */
+#undef USE_STANDARD_SOCKET
+
+/* Enable extensions on AIX 3, Interix. */
+#ifndef _ALL_SOURCE
+# undef _ALL_SOURCE
+#endif
+/* Enable GNU extensions on systems that have them. */
+#ifndef _GNU_SOURCE
+# undef _GNU_SOURCE
+#endif
+/* Enable threading extensions on Solaris. */
+#ifndef _POSIX_PTHREAD_SEMANTICS
+# undef _POSIX_PTHREAD_SEMANTICS
+#endif
+/* Enable extensions on HP NonStop. */
+#ifndef _TANDEM_SOURCE
+# undef _TANDEM_SOURCE
+#endif
+/* Enable general extensions on Solaris. */
+#ifndef __EXTENSIONS__
+# undef __EXTENSIONS__
+#endif
+
+
+/* Version of this package */
+#undef VERSION
+
+/* Define if unsetenv() returns void, not int. */
+#undef VOID_UNSETENV
+
+/* Define to l, ll, u, ul, ull, etc., as suitable for constants of type
+ 'wchar_t'. */
+#undef WCHAR_T_SUFFIX
+
+/* Define to l, ll, u, ul, ull, etc., as suitable for constants of type
+ 'wint_t'. */
+#undef WINT_T_SUFFIX
+
+/* Number of bits in a file offset, on hosts where this is settable. */
+#undef _FILE_OFFSET_BITS
+
+/* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */
+#undef _LARGEFILE_SOURCE
+
+/* Define for large files, on AIX-style hosts. */
+#undef _LARGE_FILES
+
+/* Define to 1 if on MINIX. */
+#undef _MINIX
+
+/* Define to 2 if the system does not provide POSIX.1 features except with
+ this defined. */
+#undef _POSIX_1_SOURCE
+
+/* Define to 1 if you need to in order for `stat' and other things to work. */
+#undef _POSIX_SOURCE
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Define curl_free() as free() if our version of curl lacks curl_free. */
+#undef curl_free
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+ calls it, or to nothing if 'inline' is not supported under any name. */
+#ifndef __cplusplus
+#undef inline
+#endif
+
+/* Define to the widest signed integer type if <stdint.h> and <inttypes.h> do
+ not define. */
+#undef intmax_t
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef mode_t
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef pid_t
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#undef size_t
+
+/* type to use in place of socklen_t if not defined */
+#undef socklen_t
+
+/* Define to the widest unsigned integer type if <stdint.h> and <inttypes.h>
+ do not define. */
+#undef uintmax_t
+
+/* Define as `fork' if `vfork' does not work. */
+#undef vfork
+
+/* Define to empty if the keyword `volatile' does not work. Warning: valid
+ code using `volatile' can become incorrect without. Disable with care. */
+#undef volatile
+
+
+/* This is the major version number of GnuPG so that
+ source included files can test for this. Note, that
+ we use 2 here even for GnuPG 1.9.x. */
+#define GNUPG_MAJOR_VERSION 2
+
+/* Now to separate file name parts.
+ Please note that the string version must not contain more
+ than one character because the code assumes strlen()==1 */
+#ifdef HAVE_DOSISH_SYSTEM
+#define DIRSEP_C '\\'
+#define DIRSEP_S "\\"
+#define EXTSEP_C '.'
+#define EXTSEP_S "."
+#define PATHSEP_C ';'
+#define PATHSEP_S ";"
+#define EXEEXT_S ".exe"
+#else
+#define DIRSEP_C '/'
+#define DIRSEP_S "/"
+#define EXTSEP_C '.'
+#define EXTSEP_S "."
+#define PATHSEP_C ':'
+#define PATHSEP_S ":"
+#define EXEEXT_S ""
+#endif
+
+/* This is the same as VERSION, but should be overridden if the
+ platform cannot handle things like dots '.' in filenames. Set
+ SAFE_VERSION_DOT and SAFE_VERSION_DASH to whatever SAFE_VERSION
+ uses for dots and dashes. */
+#define SAFE_VERSION VERSION
+#define SAFE_VERSION_DOT '.'
+#define SAFE_VERSION_DASH '-'
+
+/* Some global constants. */
+#ifdef HAVE_DRIVE_LETTERS
+#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
+#elif defined(__VMS)
+#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg"
+#else
+#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
+#endif
+#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
+
+/* For some systems (DOS currently), we hardcode the path here. For
+ POSIX systems the values are constructed by the Makefiles, so that
+ the values may be overridden by the make invocations; this is to
+ comply with the GNU coding standards. */
+#ifdef HAVE_DRIVE_LETTERS
+ /* FIXME: We need to use a function to determine these values depending
+ on the actual installation directory. */
+#define GNUPG_BINDIR "c:\\gnupg"
+#define GNUPG_LIBEXECDIR "c:\\gnupg"
+#define GNUPG_LIBDIR "c:\\gnupg"
+#define GNUPG_DATADIR "c:\\gnupg"
+#define GNUPG_SYSCONFDIR "c:\\gnupg"
+#endif
+
+/* Derive some other constants. */
+#if !(defined(HAVE_FORK) && defined(HAVE_PIPE) && defined(HAVE_WAITPID))
+#define EXEC_TEMPFILE_ONLY
+#endif
+
+
+/* We didn't define endianness above, so get it from OS macros. This
+ is intended for making fat binary builds on OS X. */
+#if !defined(BIG_ENDIAN_HOST) && !defined(LITTLE_ENDIAN_HOST)
+#if defined(__BIG_ENDIAN__)
+#define BIG_ENDIAN_HOST 1
+#elif defined(__LITTLE_ENDIAN__)
+#define LITTLE_ENDIAN_HOST 1
+#else
+#error "No endianness found"
+#endif
+#endif
+
+
+/* Hack used for W32: ldap.m4 also tests for the ASCII version of
+ ldap_start_tls_s because that is the actual symbol used in the
+ library. winldap.h redefines it to our commonly used value,
+ thus we define our usual macro here. */
+#ifdef HAVE_LDAP_START_TLS_SA
+# ifndef HAVE_LDAP_START_TLS_S
+# define HAVE_LDAP_START_TLS_S 1
+# endif
+#endif
+
+
+/* Tell libgcrypt not to use its own libgpg-error implementation. */
+#define USE_LIBGPG_ERROR 1
+
+/* We use jnlib, so tell other modules about it. */
+#define HAVE_JNLIB_LOGGING 1
+
+/* Our HTTP code is used in estream mode. */
+#define HTTP_USE_ESTREAM 1
+
+/* Under W32 we do an explicit socket initialization, thus we need to
+ avoid the on-demand initialization which would also install an atexit
+ handler. */
+#define HTTP_NO_WSASTARTUP
+
+/* We always include support for the OpenPGP card. */
+#define ENABLE_CARD_SUPPORT 1
+
+/* We don't want the old assuan codes anymore. */
+#define _ASSUAN_ONLY_GPG_ERRORS 1
+
+/* We explicitly need to disable PTH's soft mapping as Debian
+ currently enables it by default for no reason. */
+#define PTH_SYSCALL_SOFT 0
+
+/* We want to use the libgcrypt provided memory allocation for
+ asprintf. */
+#define _ESTREAM_PRINTF_MALLOC gcry_malloc
+#define _ESTREAM_PRINTF_FREE gcry_free
+#define _ESTREAM_PRINTF_EXTRA_INCLUDE "util.h"
+
+#endif /*GNUPG_CONFIG_H_INCLUDED*/
+
diff --git a/configure b/configure
new file mode 100755
index 0000000..829fc79
--- /dev/null
+++ b/configure
@@ -0,0 +1,17748 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.68 for gnupg 2.0.19.
+#
+# Report bugs to <http://bugs.gnupg.org>.
+#
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
+# Foundation, Inc.
+#
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test "x$CONFIG_SHELL" = x; then
+ as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '\${1+\"\$@\"}'='\"\$@\"'
+ setopt NO_GLOB_SUBST
+else
+ case \`(set -o) 2>/dev/null\` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+"
+ as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+ exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1"
+ as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+ as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+ eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+ test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1"
+ if (eval "$as_required") 2>/dev/null; then :
+ as_have_required=yes
+else
+ as_have_required=no
+fi
+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ as_found=:
+ case $as_dir in #(
+ /*)
+ for as_base in sh bash ksh sh5; do
+ # Try only shells that exist, to save several forks.
+ as_shell=$as_dir/$as_base
+ if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ CONFIG_SHELL=$as_shell as_have_required=yes
+ if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ break 2
+fi
+fi
+ done;;
+ esac
+ as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+ CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+ if test "x$CONFIG_SHELL" != x; then :
+ # We cannot yet assume a decent shell, so we have to provide a
+ # neutralization value for shells without unset; and this also
+ # works around shells that cannot unset nonexistent variables.
+ # Preserve -v and -x to the replacement shell.
+ BASH_ENV=/dev/null
+ ENV=/dev/null
+ (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+ export CONFIG_SHELL
+ case $- in # ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
+ esac
+ exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"}
+fi
+
+ if test x$as_have_required = xno; then :
+ $as_echo "$0: This script requires a shell more modern than all"
+ $as_echo "$0: the shells that I found on your system."
+ if test x${ZSH_VERSION+set} = xset ; then
+ $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+ $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+ else
+ $as_echo "$0: Please tell bug-autoconf@gnu.org and
+$0: http://bugs.gnupg.org about your system, including any
+$0: error possibly output before this message. Then install
+$0: a modern shell, or manually run the script under such a
+$0: shell if you do have one."
+ fi
+ exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+ as_lineno_1=$LINENO as_lineno_1a=$LINENO
+ as_lineno_2=$LINENO as_lineno_2a=$LINENO
+ eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+ test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+ # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
+ sed -n '
+ p
+ /[$]LINENO/=
+ ' <$as_myself |
+ sed '
+ s/[$]LINENO.*/&-/
+ t lineno
+ b
+ :lineno
+ N
+ :loop
+ s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+ t loop
+ s/-\n.*//
+ ' >$as_me.lineno &&
+ chmod +x "$as_me.lineno" ||
+ { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+ # Don't try to exec as it changes $[0], causing all sort of problems
+ # (the dirname of $[0] is not the place where we might find the
+ # original and so on. Autoconf is especially sensitive to this).
+ . "./$as_me.lineno"
+ # Exit status is that of the last command.
+ exit
+}
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -p'
+ fi
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in #(
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME='gnupg'
+PACKAGE_TARNAME='gnupg'
+PACKAGE_VERSION='2.0.19'
+PACKAGE_STRING='gnupg 2.0.19'
+PACKAGE_BUGREPORT='http://bugs.gnupg.org'
+PACKAGE_URL=''
+
+ac_unique_file="sm/gpgsm.c"
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_STRING_H
+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
+# include <memory.h>
+# endif
+# include <string.h>
+#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+gt_needs=
+ac_header_list=
+ac_subst_vars='am__EXEEXT_FALSE
+am__EXEEXT_TRUE
+LTLIBOBJS
+RUN_GPG_TESTS_FALSE
+RUN_GPG_TESTS_TRUE
+BUILD_GPGTAR_FALSE
+BUILD_GPGTAR_TRUE
+BUILD_SYMCRYPTRUN_FALSE
+BUILD_SYMCRYPTRUN_TRUE
+BUILD_DOC_FALSE
+BUILD_DOC_TRUE
+BUILD_TOOLS_FALSE
+BUILD_TOOLS_TRUE
+BUILD_SCDAEMON_FALSE
+BUILD_SCDAEMON_TRUE
+BUILD_AGENT_FALSE
+BUILD_AGENT_TRUE
+BUILD_GPGSM_FALSE
+BUILD_GPGSM_TRUE
+BUILD_GPG_FALSE
+BUILD_GPG_TRUE
+GPGKEYS_KDNS
+W32SOCKLIBS
+NETLIBS
+CROSS_COMPILING_FALSE
+CROSS_COMPILING_TRUE
+LIBREADLINE
+ZLIBS
+ENABLE_BZIP2_SUPPORT_FALSE
+ENABLE_BZIP2_SUPPORT_TRUE
+DISABLE_REGEX_FALSE
+DISABLE_REGEX_TRUE
+LIBGNU_LTLIBDEPS
+LIBGNU_LIBDEPS
+UNISTD_H
+STDINT_H
+WINT_T_SUFFIX
+WCHAR_T_SUFFIX
+SIZE_T_SUFFIX
+SIG_ATOMIC_T_SUFFIX
+PTRDIFF_T_SUFFIX
+HAVE_SIGNED_WINT_T
+HAVE_SIGNED_WCHAR_T
+HAVE_SIGNED_SIG_ATOMIC_T
+BITSIZEOF_WINT_T
+BITSIZEOF_WCHAR_T
+BITSIZEOF_SIZE_T
+BITSIZEOF_SIG_ATOMIC_T
+BITSIZEOF_PTRDIFF_T
+HAVE_SYS_BITYPES_H
+HAVE_SYS_INTTYPES_H
+HAVE_STDINT_H
+ABSOLUTE_STDINT_H
+HAVE_SYS_TYPES_H
+HAVE_INTTYPES_H
+HAVE_WCHAR_H
+HAVE_UNSIGNED_LONG_LONG_INT
+HAVE_LONG_LONG_INT
+LIBOBJS
+ALLOCA_H
+ALLOCA
+GL_COND_LIBTOOL_FALSE
+GL_COND_LIBTOOL_TRUE
+SYS_SOCKET_H
+BUILD_INCLUDED_LIBINTL
+USE_INCLUDED_LIBINTL
+POSUB
+LTLIBINTL
+LIBINTL
+INTLLIBS
+INTL_MACOSX_LIBS
+XGETTEXT_EXTRA_OPTIONS
+MSGMERGE
+XGETTEXT_015
+XGETTEXT
+GMSGFMT_015
+MSGFMT_015
+GMSGFMT
+MSGFMT
+GETTEXT_MACRO_VERSION
+USE_NLS
+LTLIBICONV
+LIBICONV
+GPGKEYS_MAILTO
+SENDMAIL
+GPGKEYS_CURL
+FAKE_CURL_FALSE
+FAKE_CURL_TRUE
+LIBCURL
+LIBCURL_CPPFLAGS
+_libcurl_config
+LDAP_CPPFLAGS
+LDAPLIBS
+GPGKEYS_LDAP
+USE_DNS_SRV_FALSE
+USE_DNS_SRV_TRUE
+DNSLIBS
+ADNSLIBS
+PTH_LIBS
+PTH_CFLAGS
+PTH_CONFIG
+SHRED
+LIBUTIL_LIBS
+DL_LIBS
+LIBUSB_LIBS
+KSBA_LIBS
+KSBA_CFLAGS
+KSBA_CONFIG
+LIBASSUAN_LIBS
+LIBASSUAN_CFLAGS
+LIBASSUAN_CONFIG
+LIBGCRYPT_LIBS
+LIBGCRYPT_CFLAGS
+LIBGCRYPT_CONFIG
+GPG_ERROR_LIBS
+GPG_ERROR_CFLAGS
+GPG_ERROR_CONFIG
+GPGKEYS_FINGER
+GPGKEYS_HKP
+HAVE_W32_SYSTEM_FALSE
+HAVE_W32_SYSTEM_TRUE
+USE_SIMPLE_GETTEXT_FALSE
+USE_SIMPLE_GETTEXT_TRUE
+HAVE_DOSISH_SYSTEM_FALSE
+HAVE_DOSISH_SYSTEM_TRUE
+CC_FOR_BUILD
+HAVE_USTAR_FALSE
+HAVE_USTAR_TRUE
+TAR
+WORKING_FAQPROG_FALSE
+WORKING_FAQPROG_TRUE
+FAQPROG
+WINDRES
+PERL
+AR
+RANLIB
+LN_S
+MAINT
+MAINTAINER_MODE_FALSE
+MAINTAINER_MODE_TRUE
+GNUPG_PROTECT_TOOL_PGM_FALSE
+GNUPG_PROTECT_TOOL_PGM_TRUE
+GNUPG_PROTECT_TOOL_PGM
+GNUPG_DIRMNGR_PGM_FALSE
+GNUPG_DIRMNGR_PGM_TRUE
+GNUPG_DIRMNGR_PGM
+GNUPG_SCDAEMON_PGM_FALSE
+GNUPG_SCDAEMON_PGM_TRUE
+GNUPG_SCDAEMON_PGM
+GNUPG_PINENTRY_PGM_FALSE
+GNUPG_PINENTRY_PGM_TRUE
+GNUPG_PINENTRY_PGM
+GNUPG_AGENT_PGM_FALSE
+GNUPG_AGENT_PGM_TRUE
+GNUPG_AGENT_PGM
+PACKAGE_GT
+EGREP
+GREP
+CPP
+am__fastdepCC_FALSE
+am__fastdepCC_TRUE
+CCDEPMODE
+AMDEPBACKSLASH
+AMDEP_FALSE
+AMDEP_TRUE
+am__quote
+am__include
+DEPDIR
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+am__untar
+am__tar
+AMTAR
+am__leading_dot
+SET_MAKE
+AWK
+mkdir_p
+MKDIR_P
+INSTALL_STRIP_PROGRAM
+STRIP
+install_sh
+MAKEINFO
+AUTOHEADER
+AUTOMAKE
+AUTOCONF
+ACLOCAL
+VERSION
+PACKAGE
+CYGPATH_W
+am__isrc
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_dependency_tracking
+enable_gpg
+enable_gpgsm
+enable_agent
+enable_scdaemon
+enable_tools
+enable_doc
+enable_symcryptrun
+enable_gpgtar
+with_agent_pgm
+with_pinentry_pgm
+with_scdaemon_pgm
+with_dirmngr_pgm
+with_protect_tool_pgm
+enable_agent_only
+enable_selinux_support
+enable_bzip2
+enable_exec
+enable_photo_viewers
+with_photo_viewer
+enable_keyserver_helpers
+enable_ldap
+enable_hkp
+enable_finger
+enable_generic
+enable_mailto
+enable_keyserver_path
+enable_key_cache
+with_capabilities
+enable_ccid_driver
+enable_maintainer_mode
+enable_largefile
+with_tar
+enable_standard_socket
+with_gpg_error_prefix
+with_libgcrypt_prefix
+with_libassuan_prefix
+with_ksba_prefix
+with_pth_prefix
+with_adns
+enable_dns_srv
+enable_dns_pka
+enable_dns_cert
+with_ldap
+with_libcurl
+with_mailprog
+with_gnu_ld
+enable_rpath
+with_libiconv_prefix
+enable_nls
+with_libintl_prefix
+enable_endian_check
+enable_regex
+with_regex
+with_zlib
+with_bzip2
+with_readline
+enable_optimization
+'
+ ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+CPP
+CC_FOR_BUILD'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+ # If the previous option needs an argument, assign it.
+ if test -n "$ac_prev"; then
+ eval $ac_prev=\$ac_option
+ ac_prev=
+ continue
+ fi
+
+ case $ac_option in
+ *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+ *=) ac_optarg= ;;
+ *) ac_optarg=yes ;;
+ esac
+
+ # Accept the important Cygnus configure options, so we can diagnose typos.
+
+ case $ac_dashdash$ac_option in
+ --)
+ ac_dashdash=yes ;;
+
+ -bindir | --bindir | --bindi | --bind | --bin | --bi)
+ ac_prev=bindir ;;
+ -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+ bindir=$ac_optarg ;;
+
+ -build | --build | --buil | --bui | --bu)
+ ac_prev=build_alias ;;
+ -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+ build_alias=$ac_optarg ;;
+
+ -cache-file | --cache-file | --cache-fil | --cache-fi \
+ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+ ac_prev=cache_file ;;
+ -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+ cache_file=$ac_optarg ;;
+
+ --config-cache | -C)
+ cache_file=config.cache ;;
+
+ -datadir | --datadir | --datadi | --datad)
+ ac_prev=datadir ;;
+ -datadir=* | --datadir=* | --datadi=* | --datad=*)
+ datadir=$ac_optarg ;;
+
+ -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+ | --dataroo | --dataro | --datar)
+ ac_prev=datarootdir ;;
+ -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+ datarootdir=$ac_optarg ;;
+
+ -disable-* | --disable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=no ;;
+
+ -docdir | --docdir | --docdi | --doc | --do)
+ ac_prev=docdir ;;
+ -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+ docdir=$ac_optarg ;;
+
+ -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+ ac_prev=dvidir ;;
+ -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+ dvidir=$ac_optarg ;;
+
+ -enable-* | --enable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=\$ac_optarg ;;
+
+ -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+ | --exec | --exe | --ex)
+ ac_prev=exec_prefix ;;
+ -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+ | --exec=* | --exe=* | --ex=*)
+ exec_prefix=$ac_optarg ;;
+
+ -gas | --gas | --ga | --g)
+ # Obsolete; use --with-gas.
+ with_gas=yes ;;
+
+ -help | --help | --hel | --he | -h)
+ ac_init_help=long ;;
+ -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+ ac_init_help=recursive ;;
+ -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+ ac_init_help=short ;;
+
+ -host | --host | --hos | --ho)
+ ac_prev=host_alias ;;
+ -host=* | --host=* | --hos=* | --ho=*)
+ host_alias=$ac_optarg ;;
+
+ -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+ ac_prev=htmldir ;;
+ -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+ | --ht=*)
+ htmldir=$ac_optarg ;;
+
+ -includedir | --includedir | --includedi | --included | --include \
+ | --includ | --inclu | --incl | --inc)
+ ac_prev=includedir ;;
+ -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+ | --includ=* | --inclu=* | --incl=* | --inc=*)
+ includedir=$ac_optarg ;;
+
+ -infodir | --infodir | --infodi | --infod | --info | --inf)
+ ac_prev=infodir ;;
+ -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+ infodir=$ac_optarg ;;
+
+ -libdir | --libdir | --libdi | --libd)
+ ac_prev=libdir ;;
+ -libdir=* | --libdir=* | --libdi=* | --libd=*)
+ libdir=$ac_optarg ;;
+
+ -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+ | --libexe | --libex | --libe)
+ ac_prev=libexecdir ;;
+ -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+ | --libexe=* | --libex=* | --libe=*)
+ libexecdir=$ac_optarg ;;
+
+ -localedir | --localedir | --localedi | --localed | --locale)
+ ac_prev=localedir ;;
+ -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+ localedir=$ac_optarg ;;
+
+ -localstatedir | --localstatedir | --localstatedi | --localstated \
+ | --localstate | --localstat | --localsta | --localst | --locals)
+ ac_prev=localstatedir ;;
+ -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+ localstatedir=$ac_optarg ;;
+
+ -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+ ac_prev=mandir ;;
+ -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+ mandir=$ac_optarg ;;
+
+ -nfp | --nfp | --nf)
+ # Obsolete; use --without-fp.
+ with_fp=no ;;
+
+ -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+ | --no-cr | --no-c | -n)
+ no_create=yes ;;
+
+ -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+ no_recursion=yes ;;
+
+ -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+ | --oldin | --oldi | --old | --ol | --o)
+ ac_prev=oldincludedir ;;
+ -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+ oldincludedir=$ac_optarg ;;
+
+ -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+ ac_prev=prefix ;;
+ -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+ prefix=$ac_optarg ;;
+
+ -program-prefix | --program-prefix | --program-prefi | --program-pref \
+ | --program-pre | --program-pr | --program-p)
+ ac_prev=program_prefix ;;
+ -program-prefix=* | --program-prefix=* | --program-prefi=* \
+ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+ program_prefix=$ac_optarg ;;
+
+ -program-suffix | --program-suffix | --program-suffi | --program-suff \
+ | --program-suf | --program-su | --program-s)
+ ac_prev=program_suffix ;;
+ -program-suffix=* | --program-suffix=* | --program-suffi=* \
+ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+ program_suffix=$ac_optarg ;;
+
+ -program-transform-name | --program-transform-name \
+ | --program-transform-nam | --program-transform-na \
+ | --program-transform-n | --program-transform- \
+ | --program-transform | --program-transfor \
+ | --program-transfo | --program-transf \
+ | --program-trans | --program-tran \
+ | --progr-tra | --program-tr | --program-t)
+ ac_prev=program_transform_name ;;
+ -program-transform-name=* | --program-transform-name=* \
+ | --program-transform-nam=* | --program-transform-na=* \
+ | --program-transform-n=* | --program-transform-=* \
+ | --program-transform=* | --program-transfor=* \
+ | --program-transfo=* | --program-transf=* \
+ | --program-trans=* | --program-tran=* \
+ | --progr-tra=* | --program-tr=* | --program-t=*)
+ program_transform_name=$ac_optarg ;;
+
+ -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+ ac_prev=pdfdir ;;
+ -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+ pdfdir=$ac_optarg ;;
+
+ -psdir | --psdir | --psdi | --psd | --ps)
+ ac_prev=psdir ;;
+ -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+ psdir=$ac_optarg ;;
+
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ silent=yes ;;
+
+ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+ ac_prev=sbindir ;;
+ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+ | --sbi=* | --sb=*)
+ sbindir=$ac_optarg ;;
+
+ -sharedstatedir | --sharedstatedir | --sharedstatedi \
+ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+ | --sharedst | --shareds | --shared | --share | --shar \
+ | --sha | --sh)
+ ac_prev=sharedstatedir ;;
+ -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+ | --sha=* | --sh=*)
+ sharedstatedir=$ac_optarg ;;
+
+ -site | --site | --sit)
+ ac_prev=site ;;
+ -site=* | --site=* | --sit=*)
+ site=$ac_optarg ;;
+
+ -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+ ac_prev=srcdir ;;
+ -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+ srcdir=$ac_optarg ;;
+
+ -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+ | --syscon | --sysco | --sysc | --sys | --sy)
+ ac_prev=sysconfdir ;;
+ -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+ sysconfdir=$ac_optarg ;;
+
+ -target | --target | --targe | --targ | --tar | --ta | --t)
+ ac_prev=target_alias ;;
+ -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+ target_alias=$ac_optarg ;;
+
+ -v | -verbose | --verbose | --verbos | --verbo | --verb)
+ verbose=yes ;;
+
+ -version | --version | --versio | --versi | --vers | -V)
+ ac_init_version=: ;;
+
+ -with-* | --with-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=\$ac_optarg ;;
+
+ -without-* | --without-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=no ;;
+
+ --x)
+ # Obsolete; use --with-x.
+ with_x=yes ;;
+
+ -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+ | --x-incl | --x-inc | --x-in | --x-i)
+ ac_prev=x_includes ;;
+ -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+ x_includes=$ac_optarg ;;
+
+ -x-libraries | --x-libraries | --x-librarie | --x-librari \
+ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+ ac_prev=x_libraries ;;
+ -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+ x_libraries=$ac_optarg ;;
+
+ -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
+ ;;
+
+ *=*)
+ ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+ # Reject names that are not valid shell variable names.
+ case $ac_envvar in #(
+ '' | [0-9]* | *[!_$as_cr_alnum]* )
+ as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+ esac
+ eval $ac_envvar=\$ac_optarg
+ export $ac_envvar ;;
+
+ *)
+ # FIXME: should be removed in autoconf 3.0.
+ $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+ $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
+ ;;
+
+ esac
+done
+
+if test -n "$ac_prev"; then
+ ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+ as_fn_error $? "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+ case $enable_option_checking in
+ no) ;;
+ fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+ *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+ esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
+ datadir sysconfdir sharedstatedir localstatedir includedir \
+ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+ libdir localedir mandir
+do
+ eval ac_val=\$$ac_var
+ # Remove trailing slashes.
+ case $ac_val in
+ */ )
+ ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+ eval $ac_var=\$ac_val;;
+ esac
+ # Be sure to have absolute directory names.
+ case $ac_val in
+ [\\/$]* | ?:[\\/]* ) continue;;
+ NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+ esac
+ as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+ if test "x$build_alias" = x; then
+ cross_compiling=maybe
+ $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host.
+ If a cross compiler is detected then cross compile mode will be used" >&2
+ elif test "x$build_alias" != "x$host_alias"; then
+ cross_compiling=yes
+ fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+ as_fn_error $? "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+ as_fn_error $? "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+ ac_srcdir_defaulted=yes
+ # Try the directory containing this script, then the parent directory.
+ ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_myself" : 'X\(//\)[^/]' \| \
+ X"$as_myself" : 'X\(//\)$' \| \
+ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ srcdir=$ac_confdir
+ if test ! -r "$srcdir/$ac_unique_file"; then
+ srcdir=..
+ fi
+else
+ ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+ test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+ as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+ cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
+ pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+ srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+ eval ac_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_env_${ac_var}_value=\$${ac_var}
+ eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+ # Omit some internal or obsolete options to make the list less imposing.
+ # This message is too long to be a string in the A/UX 3.1 sh.
+ cat <<_ACEOF
+\`configure' configures gnupg 2.0.19 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE. See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+ -h, --help display this help and exit
+ --help=short display options specific to this package
+ --help=recursive display the short help of all the included packages
+ -V, --version display version information and exit
+ -q, --quiet, --silent do not print \`checking ...' messages
+ --cache-file=FILE cache test results in FILE [disabled]
+ -C, --config-cache alias for \`--cache-file=config.cache'
+ -n, --no-create do not create output files
+ --srcdir=DIR find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+ --prefix=PREFIX install architecture-independent files in PREFIX
+ [$ac_default_prefix]
+ --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+ [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+ --bindir=DIR user executables [EPREFIX/bin]
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+ --includedir=DIR C header files [PREFIX/include]
+ --oldincludedir=DIR C header files for non-gcc [/usr/include]
+ --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+ --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+ --infodir=DIR info documentation [DATAROOTDIR/info]
+ --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+ --mandir=DIR man documentation [DATAROOTDIR/man]
+ --docdir=DIR documentation root [DATAROOTDIR/doc/gnupg]
+ --htmldir=DIR html documentation [DOCDIR]
+ --dvidir=DIR dvi documentation [DOCDIR]
+ --pdfdir=DIR pdf documentation [DOCDIR]
+ --psdir=DIR ps documentation [DOCDIR]
+_ACEOF
+
+ cat <<\_ACEOF
+
+Program names:
+ --program-prefix=PREFIX prepend PREFIX to installed program names
+ --program-suffix=SUFFIX append SUFFIX to installed program names
+ --program-transform-name=PROGRAM run sed PROGRAM on installed program names
+
+System types:
+ --build=BUILD configure for building on BUILD [guessed]
+ --host=HOST cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+ case $ac_init_help in
+ short | recursive ) echo "Configuration of gnupg 2.0.19:";;
+ esac
+ cat <<\_ACEOF
+
+Optional Features:
+ --disable-option-checking ignore unrecognized --enable/--with options
+ --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
+ --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+ --disable-dependency-tracking speeds up one-time build
+ --enable-dependency-tracking do not reject slow dependency extractors
+ --disable-gpg do not build the gpg program
+ --disable-gpgsm do not build the gpgsm program
+ --disable-agent do not build the agent program
+ --disable-scdaemon do not build the scdaemon program
+ --disable-tools do not build the tools program
+ --disable-doc do not build the doc program
+ --enable-symcryptrun build the symcryptrun program
+ --enable-gpgtar build the gpgtar program
+ --enable-agent-only build only the gpg-agent
+ --enable-selinux-support
+ enable SELinux support
+ --disable-bzip2 disable the BZIP2 compression algorithm
+ --disable-exec disable all external program execution
+ --disable-photo-viewers disable photo ID viewers
+ --disable-keyserver-helpers disable all external keyserver support
+ --disable-ldap disable LDAP keyserver interface only
+ --disable-hkp disable HKP keyserver interface only
+ --disable-finger disable finger key fetching interface only
+ --disable-generic disable generic object key fetching interface only
+ --enable-mailto enable email keyserver interface only
+ --disable-keyserver-path
+ disable the exec-path option for keyserver helpers
+ --enable-key-cache=SIZE Set key cache to SIZE (default 4096)
+ --disable-ccid-driver disable the internal CCID driver
+ --enable-maintainer-mode enable make rules and dependencies not useful
+ (and sometimes confusing) to the casual installer
+ --disable-largefile omit support for large files
+ --enable-standard-socket
+ use a standard socket for the agent by default
+ --disable-dns-srv disable the use of DNS SRV in HKP and HTTP
+ --disable-dns-pka disable the use of PKA records in DNS
+ --disable-dns-cert disable the use of CERT records in DNS
+ --disable-rpath do not hardcode runtime library paths
+ --disable-nls do not use Native Language Support
+ --disable-endian-check disable the endian check and trust the OS provided
+ macros
+ --disable-regex do not handle regular expressions in trust
+ signatures
+ --disable-optimization disable compiler optimization
+
+Optional Packages:
+ --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --with-agent-pgm=PATH Use PATH as the default for the agent)
+ --with-pinentry-pgm=PATH Use PATH as the default for the pinentry)
+ --with-scdaemon-pgm=PATH Use PATH as the default for the scdaemon)
+ --with-dirmngr-pgm=PATH Use PATH as the default for the dirmngr)
+ --with-protect-tool-pgm=PATH Use PATH as the default for the protect-tool)
+ --with-photo-viewer=FIXED_VIEWER set a fixed photo ID viewer
+ --with-capabilities use linux capabilities default=no
+ --with-tar=PATH look for a tar program in PATH
+ --with-gpg-error-prefix=PFX
+ prefix where GPG Error is installed (optional)
+ --with-libgcrypt-prefix=PFX
+ prefix where LIBGCRYPT is installed (optional)
+ --with-libassuan-prefix=PFX
+ prefix where LIBASSUAN is installed (optional)
+ --with-ksba-prefix=PFX prefix where KSBA is installed (optional)
+ --with-pth-prefix=PFX prefix where GNU Pth is installed (optional)
+ --with-adns=DIR look for the adns library in DIR
+ --with-ldap=DIR look for the LDAP library in DIR
+ --with-libcurl=DIR look for the curl library in DIR
+ --with-mailprog=NAME use "NAME -t" for mail transport
+ --with-gnu-ld assume the C compiler uses GNU ld default=no
+ --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib
+ --without-libiconv-prefix don't search for libiconv in includedir and libdir
+ --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib
+ --without-libintl-prefix don't search for libintl in includedir and libdir
+ --with-regex=DIR look for regex in DIR
+ --with-zlib=DIR use libz in DIR
+ --with-bzip2=DIR look for bzip2 in DIR
+ --with-readline=DIR look for the readline library in DIR
+
+Some influential environment variables:
+ CC C compiler command
+ CFLAGS C compiler flags
+ LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
+ nonstandard directory <lib dir>
+ LIBS libraries to pass to the linker, e.g. -l<library>
+ CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+ you have headers in a nonstandard directory <include dir>
+ CPP C preprocessor
+ CC_FOR_BUILD
+ build system C compiler
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to <http://bugs.gnupg.org>.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+ # If there are subdirs, report their specific --help.
+ for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+ test -d "$ac_dir" ||
+ { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+ continue
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+ cd "$ac_dir" || { ac_status=$?; continue; }
+ # Check for guested configure.
+ if test -f "$ac_srcdir/configure.gnu"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+ elif test -f "$ac_srcdir/configure"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure" --help=recursive
+ else
+ $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ fi || ac_status=$?
+ cd "$ac_pwd" || { ac_status=$?; break; }
+ done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+ cat <<\_ACEOF
+gnupg configure 2.0.19
+generated by GNU Autoconf 2.68
+
+Copyright (C) 2010 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+ exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext
+ if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } > conftest.i && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
+# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists, giving a warning if it cannot be compiled using
+# the include files in INCLUDES and setting the cache variable VAR
+# accordingly.
+ac_fn_c_check_header_mongrel ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if eval \${$3+:} false; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
+$as_echo_n "checking $2 usability... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_header_compiler=yes
+else
+ ac_header_compiler=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
+$as_echo "$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
+$as_echo_n "checking $2 presence... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <$2>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ ac_header_preproc=yes
+else
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
+$as_echo "$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
+ yes:no: )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
+$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+ ;;
+ no:yes:* )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
+$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
+$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
+$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
+$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+( $as_echo "## ------------------------------------ ##
+## Report this to http://bugs.gnupg.org ##
+## ------------------------------------ ##"
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=\$ac_header_compiler"
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_header_mongrel
+
+# ac_fn_c_try_run LINENO
+# ----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
+# that executables *can* be run.
+ac_fn_c_try_run ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: program exited with status $ac_status" >&5
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=$ac_status
+fi
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_run
+
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_header_compile
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ $as_test_x conftest$ac_exeext
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+ # interfere with the next link command; also delete a directory that is
+ # left behind by Apple's compiler. We do this before executing the actions.
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
+
+# ac_fn_c_check_func LINENO FUNC VAR
+# ----------------------------------
+# Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $2 innocuous_$2
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $2 (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main ()
+{
+return $2 ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_func
+
+# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
+# -------------------------------------------
+# Tests whether TYPE exists after having included INCLUDES, setting cache
+# variable VAR accordingly.
+ac_fn_c_check_type ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=no"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof ($2))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof (($2)))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ eval "$3=yes"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_type
+
+# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES
+# ---------------------------------------------
+# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR
+# accordingly.
+ac_fn_c_check_decl ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ as_decl_name=`echo $2|sed 's/ *(.*//'`
+ as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5
+$as_echo_n "checking whether $as_decl_name is declared... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+#ifndef $as_decl_name
+#ifdef __cplusplus
+ (void) $as_decl_use;
+#else
+ (void) $as_decl_name;
+#endif
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_decl
+
+# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
+# --------------------------------------------
+# Tries to find the compile-time value of EXPR in a program that includes
+# INCLUDES, setting VAR accordingly. Returns whether the value could be
+# computed
+ac_fn_c_compute_int ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid; break
+else
+ as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) < 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=$ac_mid; break
+else
+ as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ ac_lo= ac_hi=
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid
+else
+ as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in #((
+?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
+'') ac_retval=1 ;;
+esac
+ else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+static long int longval () { return $2; }
+static unsigned long int ulongval () { return $2; }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ return 1;
+ if (($2) < 0)
+ {
+ long int i = longval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%ld", i);
+ }
+ else
+ {
+ unsigned long int i = ulongval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%lu", i);
+ }
+ /* Do not output a trailing newline, as this causes \r\n confusion
+ on some platforms. */
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ echo >>conftest.val; read $3 <conftest.val; ac_retval=0
+else
+ ac_retval=1
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f conftest.val
+
+ fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_compute_int
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by gnupg $as_me 2.0.19, which was
+generated by GNU Autoconf 2.68. Invocation command line was
+
+ $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
+
+/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
+/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
+/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ $as_echo "PATH: $as_dir"
+ done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+ for ac_arg
+ do
+ case $ac_arg in
+ -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ continue ;;
+ *\'*)
+ ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ case $ac_pass in
+ 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+ 2)
+ as_fn_append ac_configure_args1 " '$ac_arg'"
+ if test $ac_must_keep_next = true; then
+ ac_must_keep_next=false # Got value, back to normal.
+ else
+ case $ac_arg in
+ *=* | --config-cache | -C | -disable-* | --disable-* \
+ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+ | -with-* | --with-* | -without-* | --without-* | --x)
+ case "$ac_configure_args0 " in
+ "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+ esac
+ ;;
+ -* ) ac_must_keep_next=true ;;
+ esac
+ fi
+ as_fn_append ac_configure_args " '$ac_arg'"
+ ;;
+ esac
+ done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log. We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+ # Save into config.log some information that might help in debugging.
+ {
+ echo
+
+ $as_echo "## ---------------- ##
+## Cache variables. ##
+## ---------------- ##"
+ echo
+ # The following way of writing the cache mishandles newlines in values,
+(
+ for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+ (set) 2>&1 |
+ case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ sed -n \
+ "s/'\''/'\''\\\\'\'''\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+ ;; #(
+ *)
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+)
+ echo
+
+ $as_echo "## ----------------- ##
+## Output variables. ##
+## ----------------- ##"
+ echo
+ for ac_var in $ac_subst_vars
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+
+ if test -n "$ac_subst_files"; then
+ $as_echo "## ------------------- ##
+## File substitutions. ##
+## ------------------- ##"
+ echo
+ for ac_var in $ac_subst_files
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+ fi
+
+ if test -s confdefs.h; then
+ $as_echo "## ----------- ##
+## confdefs.h. ##
+## ----------- ##"
+ echo
+ cat confdefs.h
+ echo
+ fi
+ test "$ac_signal" != 0 &&
+ $as_echo "$as_me: caught signal $ac_signal"
+ $as_echo "$as_me: exit $exit_status"
+ } >&5
+ rm -f core *.core core.conftest.* &&
+ rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+ exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+ trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+ # We do not want a PATH search for config.site.
+ case $CONFIG_SITE in #((
+ -*) ac_site_file1=./$CONFIG_SITE;;
+ */*) ac_site_file1=$CONFIG_SITE;;
+ *) ac_site_file1=./$CONFIG_SITE;;
+ esac
+elif test "x$prefix" != xNONE; then
+ ac_site_file1=$prefix/share/config.site
+ ac_site_file2=$prefix/etc/config.site
+else
+ ac_site_file1=$ac_default_prefix/share/config.site
+ ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+ test "x$ac_site_file" = xNONE && continue
+ if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+ sed 's/^/| /' "$ac_site_file" >&5
+ . "$ac_site_file" \
+ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+done
+
+if test -r "$cache_file"; then
+ # Some versions of bash will fail to source /dev/null (special files
+ # actually), so we avoid doing that. DJGPP emulates it as a regular file.
+ if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+ case $cache_file in
+ [\\/]* | ?:[\\/]* ) . "$cache_file";;
+ *) . "./$cache_file";;
+ esac
+ fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+ >$cache_file
+fi
+
+gt_needs="$gt_needs need-ngettext"
+as_fn_append ac_header_list " sys/socket.h"
+as_fn_append ac_header_list " sys/time.h"
+as_fn_append ac_header_list " unistd.h"
+as_fn_append ac_header_list " wchar.h"
+as_fn_append ac_header_list " stdint.h"
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+ eval ac_old_set=\$ac_cv_env_${ac_var}_set
+ eval ac_new_set=\$ac_env_${ac_var}_set
+ eval ac_old_val=\$ac_cv_env_${ac_var}_value
+ eval ac_new_val=\$ac_env_${ac_var}_value
+ case $ac_old_set,$ac_new_set in
+ set,)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,set)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,);;
+ *)
+ if test "x$ac_old_val" != "x$ac_new_val"; then
+ # differences in whitespace do not lead to failure.
+ ac_old_val_w=`echo x $ac_old_val`
+ ac_new_val_w=`echo x $ac_new_val`
+ if test "$ac_old_val_w" != "$ac_new_val_w"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ ac_cache_corrupted=:
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+ eval $ac_var=\$ac_old_val
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
+$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
+$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
+ fi;;
+ esac
+ # Pass precious variables to config.status.
+ if test "$ac_new_set" = set; then
+ case $ac_new_val in
+ *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *) ac_arg=$ac_var=$ac_new_val ;;
+ esac
+ case " $ac_configure_args " in
+ *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+ *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+ esac
+ fi
+done
+if $ac_cache_corrupted; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+ as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+# Set development_version to yes if the minor number is odd or you
+# feel that the default check for a development version is not
+# sufficient.
+development_version=no
+
+NEED_GPG_ERROR_VERSION=1.7
+
+NEED_LIBGCRYPT_API=1
+NEED_LIBGCRYPT_VERSION=1.4.0
+
+NEED_LIBASSUAN_API=2
+NEED_LIBASSUAN_VERSION=2.0.0
+
+NEED_KSBA_API=1
+NEED_KSBA_VERSION=1.0.7
+
+
+PACKAGE=$PACKAGE_NAME
+PACKAGE_GT=${PACKAGE_NAME}2
+VERSION=$PACKAGE_VERSION
+
+ac_aux_dir=
+for ac_dir in scripts "$srcdir"/scripts; do
+ if test -f "$ac_dir/install-sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install-sh -c"
+ break
+ elif test -f "$ac_dir/install.sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install.sh -c"
+ break
+ elif test -f "$ac_dir/shtool"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/shtool install -c"
+ break
+ fi
+done
+if test -z "$ac_aux_dir"; then
+ as_fn_error $? "cannot find install-sh, install.sh, or shtool in scripts \"$srcdir\"/scripts" "$LINENO" 5
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
+
+
+
+ac_config_headers="$ac_config_headers config.h"
+
+am__api_version='1.11'
+
+# Find a good install program. We prefer a C program (faster),
+# so one script is as good as another. But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if ${ac_cv_path_install+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in #((
+ ./ | .// | /[cC]/* | \
+ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
+ /usr/ucb/* ) ;;
+ *)
+ # OSF1 and SCO ODT 3.0 have their own names for install.
+ # Don't use installbsd from OSF since it installs stuff as root
+ # by default.
+ for ac_prog in ginstall scoinst install; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+ if test $ac_prog = install &&
+ grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # AIX install. It has an incompatible calling convention.
+ :
+ elif test $ac_prog = install &&
+ grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # program-specific install script used by HP pwplus--don't use.
+ :
+ else
+ rm -rf conftest.one conftest.two conftest.dir
+ echo one > conftest.one
+ echo two > conftest.two
+ mkdir conftest.dir
+ if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+ test -s conftest.one && test -s conftest.two &&
+ test -s conftest.dir/conftest.one &&
+ test -s conftest.dir/conftest.two
+ then
+ ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ break 3
+ fi
+ fi
+ fi
+ done
+ done
+ ;;
+esac
+
+ done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+ if test "${ac_cv_path_install+set}" = set; then
+ INSTALL=$ac_cv_path_install
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for INSTALL within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ INSTALL=$ac_install_sh
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
+$as_echo_n "checking whether build environment is sane... " >&6; }
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name. Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+ *[\\\"\#\$\&\'\`$am_lf]*)
+ as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;;
+esac
+case $srcdir in
+ *[\\\"\#\$\&\'\`$am_lf\ \ ]*)
+ as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+ if test "$*" = "X"; then
+ # -L didn't work.
+ set X `ls -t "$srcdir/configure" conftest.file`
+ fi
+ rm -f conftest.file
+ if test "$*" != "X $srcdir/configure conftest.file" \
+ && test "$*" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ as_fn_error $? "ls -t appears to fail. Make sure there is not a broken
+alias in your environment" "$LINENO" 5
+ fi
+
+ test "$2" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ as_fn_error $? "newly created file is older than distributed files!
+Check your system clock" "$LINENO" 5
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+test "$program_prefix" != NONE &&
+ program_transform_name="s&^&$program_prefix&;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+ program_transform_name="s&\$&$program_suffix&;$program_transform_name"
+# Double any \ or $.
+# By default was `s,x,x', remove it if useless.
+ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+
+if test x"${MISSING+set}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+ *)
+ MISSING="\${SHELL} $am_aux_dir/missing" ;;
+ esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+ am_missing_run="$MISSING --run "
+else
+ am_missing_run=
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5
+$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+if test x"${install_sh}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+ *)
+ install_sh="\${SHELL} $am_aux_dir/install-sh"
+ esac
+fi
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'. However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_STRIP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_STRIP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_STRIP" = x; then
+ STRIP=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ STRIP=$ac_ct_STRIP
+ fi
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5
+$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+if test -z "$MKDIR_P"; then
+ if ${ac_cv_path_mkdir+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in mkdir gmkdir; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
+ case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
+ 'mkdir (GNU coreutils) '* | \
+ 'mkdir (coreutils) '* | \
+ 'mkdir (fileutils) '4.1*)
+ ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+ break 3;;
+ esac
+ done
+ done
+ done
+IFS=$as_save_IFS
+
+fi
+
+ test -d ./--version && rmdir ./--version
+ if test "${ac_cv_path_mkdir+set}" = set; then
+ MKDIR_P="$ac_cv_path_mkdir -p"
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for MKDIR_P within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ MKDIR_P="$ac_install_sh -d"
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
+$as_echo "$MKDIR_P" >&6; }
+
+mkdir_p="$MKDIR_P"
+case $mkdir_p in
+ [\\/$]* | ?:[\\/]*) ;;
+ */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+
+for ac_prog in gawk mawk nawk awk
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AWK+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$AWK"; then
+ ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AWK="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$AWK" && break
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+ @echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+ *@@@%%%=?*=@@@%%%*)
+ eval ac_cv_prog_make_${ac_make}_set=yes;;
+ *)
+ eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ SET_MAKE=
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+ am__leading_dot=.
+else
+ am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+ # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+ # is not polluted with repeated "-I."
+ am__isrc=' -I$(srcdir)'
+ # test to see if srcdir already configured
+ if test -f $srcdir/config.status; then
+ as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5
+ fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+ if (cygpath --version) >/dev/null 2>/dev/null; then
+ CYGPATH_W='cygpath -w'
+ else
+ CYGPATH_W=echo
+ fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE=$PACKAGE
+ VERSION=$VERSION
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+# We need awk for the "check" target. The system "awk" is bad on
+# some platforms.
+# Always define AMTAR for backward compatibility.
+
+AMTAR=${AMTAR-"${am_missing_run}tar"}
+
+am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+
+
+
+
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+ as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if ${ac_cv_build+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+ ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+ as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if ${ac_cv_host+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "x$host_alias" = x; then
+ ac_cv_host=$ac_cv_build
+else
+ ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: autobuild project... ${PACKAGE_NAME:-$PACKAGE}" >&5
+$as_echo "$as_me: autobuild project... ${PACKAGE_NAME:-$PACKAGE}" >&6;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: autobuild revision... ${PACKAGE_VERSION:-$VERSION}" >&5
+$as_echo "$as_me: autobuild revision... ${PACKAGE_VERSION:-$VERSION}" >&6;}
+ hostname=`hostname`
+ if test "$hostname"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: autobuild hostname... $hostname" >&5
+$as_echo "$as_me: autobuild hostname... $hostname" >&6;}
+ fi
+
+ date=`date +%Y%m%d-%H%M%S`
+ if test "$?" != 0; then
+ date=`date`
+ fi
+ if test "$date"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: autobuild timestamp... $date" >&5
+$as_echo "$as_me: autobuild timestamp... $date" >&6;}
+ fi
+
+
+DEPDIR="${am__leading_dot}deps"
+
+ac_config_commands="$ac_config_commands depfiles"
+
+
+am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+ @echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5
+$as_echo_n "checking for style of include used by $am_make... " >&6; }
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+ am__include=include
+ am__quote=
+ _am_result=GNU
+ ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+ echo '.include "confinc"' > confmf
+ case `$am_make -s -f confmf 2> /dev/null` in #(
+ *the\ am__doit\ target*)
+ am__include=.include
+ am__quote="\""
+ _am_result=BSD
+ ;;
+ esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5
+$as_echo "$_am_result" >&6; }
+rm -f confinc confmf
+
+# Check whether --enable-dependency-tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then :
+ enableval=$enable_dependency_tracking;
+fi
+
+if test "x$enable_dependency_tracking" != xno; then
+ am_depcomp="$ac_aux_dir/depcomp"
+ AMDEPBACKSLASH='\'
+fi
+ if test "x$enable_dependency_tracking" != xno; then
+ AMDEP_TRUE=
+ AMDEP_FALSE='#'
+else
+ AMDEP_TRUE='#'
+ AMDEP_FALSE=
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ fi
+fi
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $# != 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in cl.exe
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$CC" && break
+ done
+fi
+if test -z "$CC"; then
+ ac_ct_CC=$CC
+ for ac_prog in cl.exe
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CC" && break
+done
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+ esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link_default") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile. We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+ ;;
+ [ab].out )
+ # We found the default executable, but exeext='' is most
+ # certainly right.
+ break;;
+ *.* )
+ if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+ then :; else
+ ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ fi
+ # We set ac_cv_exeext here because the later test for it is not
+ # safe: cross compilers may not add the suffix if given an `-o'
+ # argument, so we may need to know it at that point already.
+ # Even if this section looks crufty: it has the advantage of
+ # actually working.
+ break;;
+ * )
+ break;;
+ esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+ ac_file=''
+fi
+if test -z "$ac_file"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+$as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "C compiler cannot create executables
+See \`config.log' for more details" "$LINENO" 5; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+ac_exeext=$ac_cv_exeext
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ break;;
+ * ) break;;
+ esac
+done
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest conftest$ac_cv_exeext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdio.h>
+int
+main ()
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+ { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if { ac_try='./conftest$ac_cv_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then
+ cross_compiling=no
+ else
+ if test "$cross_compiling" = maybe; then
+ cross_compiling=yes
+ else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if ${ac_cv_objext+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ for ac_file in conftest.o conftest.obj conftest.*; do
+ test -f "$ac_file" || continue;
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+ *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+ break;;
+ esac
+done
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if ${ac_cv_c_compiler_gnu+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_compiler_gnu=yes
+else
+ ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GCC=yes
+else
+ GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if ${ac_cv_prog_cc_g+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_c_werror_flag=$ac_c_werror_flag
+ ac_c_werror_flag=yes
+ ac_cv_prog_cc_g=no
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+else
+ CFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ ac_c_werror_flag=$ac_save_c_werror_flag
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
+else
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if ${ac_cv_prog_cc_c89+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not '\xHH' hex character constants.
+ These don't provoke an error unfortunately, instead are silently treated
+ as 'x'. The following induces an error, until -std is added to get
+ proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
+ array size at least. It's necessary to write '\x00'==0 to get something
+ that's true only with -std. */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
+ ;
+ return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+ test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+ x)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+ xno)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+ *)
+ CC="$CC $ac_cv_prog_cc_c89"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CC" am_compiler_list=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if ${am_cv_CC_dependencies_compiler_type+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_CC_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+ fi
+ am__universal=false
+ case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac
+
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
+ case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
+ none) break ;;
+ esac
+ if depmode=$depmode \
+ source=sub/conftest.c object=$am__obj \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_CC_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+ if
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+ am__fastdepCC_TRUE=
+ am__fastdepCC_FALSE='#'
+else
+ am__fastdepCC_TRUE='#'
+ am__fastdepCC_FALSE=
+fi
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+ if ${ac_cv_prog_CPP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Double quotes because CPP needs to be expanded
+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+ break
+fi
+
+ done
+ ac_cv_prog_CPP=$CPP
+
+fi
+ CPP=$ac_cv_prog_CPP
+else
+ ac_cv_prog_CPP=$CPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
+if ${ac_cv_path_GREP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$GREP"; then
+ ac_path_GREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in grep ggrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
+# Check for GNU ac_path_GREP and select it if it is found.
+ # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'GREP' >> "conftest.nl"
+ "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_GREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_GREP="$ac_path_GREP"
+ ac_path_GREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_GREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_GREP"; then
+ as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_GREP=$GREP
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+$as_echo "$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if ${ac_cv_path_EGREP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+ then ac_cv_path_EGREP="$GREP -E"
+ else
+ if test -z "$EGREP"; then
+ ac_path_EGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in egrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+ # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'EGREP' >> "conftest.nl"
+ "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_EGREP="$ac_path_EGREP"
+ ac_path_EGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_EGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_EGREP"; then
+ as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_EGREP=$EGREP
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if ${ac_cv_header_stdc+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_stdc=yes
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then :
+ :
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ return 2;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+ inttypes.h stdint.h unistd.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+ ac_fn_c_check_header_mongrel "$LINENO" "minix/config.h" "ac_cv_header_minix_config_h" "$ac_includes_default"
+if test "x$ac_cv_header_minix_config_h" = xyes; then :
+ MINIX=yes
+else
+ MINIX=
+fi
+
+
+ if test "$MINIX" = yes; then
+
+$as_echo "#define _POSIX_SOURCE 1" >>confdefs.h
+
+
+$as_echo "#define _POSIX_1_SOURCE 2" >>confdefs.h
+
+
+$as_echo "#define _MINIX 1" >>confdefs.h
+
+ fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether it is safe to define __EXTENSIONS__" >&5
+$as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; }
+if ${ac_cv_safe_to_define___extensions__+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+# define __EXTENSIONS__ 1
+ $ac_includes_default
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_safe_to_define___extensions__=yes
+else
+ ac_cv_safe_to_define___extensions__=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5
+$as_echo "$ac_cv_safe_to_define___extensions__" >&6; }
+ test $ac_cv_safe_to_define___extensions__ = yes &&
+ $as_echo "#define __EXTENSIONS__ 1" >>confdefs.h
+
+ $as_echo "#define _ALL_SOURCE 1" >>confdefs.h
+
+ $as_echo "#define _GNU_SOURCE 1" >>confdefs.h
+
+ $as_echo "#define _POSIX_PTHREAD_SEMANTICS 1" >>confdefs.h
+
+ $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h
+
+
+
+
+# Some status variables.
+have_gpg_error=no
+have_libgcrypt=no
+have_libassuan=no
+have_ksba=no
+have_pth=no
+have_libusb=no
+have_adns=no
+
+use_bzip2=yes
+use_exec=yes
+disable_keyserver_path=no
+use_ccid_driver=yes
+use_standard_socket=no
+
+build_gpg=yes
+
+ # Check whether --enable-gpg was given.
+if test "${enable_gpg+set}" = set; then :
+ enableval=$enable_gpg; build_gpg=$enableval
+else
+ build_gpg=yes
+fi
+
+
+ case "$build_gpg" in
+ no|yes)
+ ;;
+ *)
+ as_fn_error $? "only yes or no allowed for feature --enable-gpg" "$LINENO" 5
+ ;;
+ esac
+
+build_gpgsm=yes
+
+ # Check whether --enable-gpgsm was given.
+if test "${enable_gpgsm+set}" = set; then :
+ enableval=$enable_gpgsm; build_gpgsm=$enableval
+else
+ build_gpgsm=yes
+fi
+
+
+ case "$build_gpgsm" in
+ no|yes)
+ ;;
+ *)
+ as_fn_error $? "only yes or no allowed for feature --enable-gpgsm" "$LINENO" 5
+ ;;
+ esac
+
+build_agent=yes
+
+ # Check whether --enable-agent was given.
+if test "${enable_agent+set}" = set; then :
+ enableval=$enable_agent; build_agent=$enableval
+else
+ build_agent=yes
+fi
+
+
+ case "$build_agent" in
+ no|yes)
+ ;;
+ *)
+ as_fn_error $? "only yes or no allowed for feature --enable-agent" "$LINENO" 5
+ ;;
+ esac
+
+build_scdaemon=yes
+
+ # Check whether --enable-scdaemon was given.
+if test "${enable_scdaemon+set}" = set; then :
+ enableval=$enable_scdaemon; build_scdaemon=$enableval
+else
+ build_scdaemon=yes
+fi
+
+
+ case "$build_scdaemon" in
+ no|yes)
+ ;;
+ *)
+ as_fn_error $? "only yes or no allowed for feature --enable-scdaemon" "$LINENO" 5
+ ;;
+ esac
+
+build_tools=yes
+
+ # Check whether --enable-tools was given.
+if test "${enable_tools+set}" = set; then :
+ enableval=$enable_tools; build_tools=$enableval
+else
+ build_tools=yes
+fi
+
+
+ case "$build_tools" in
+ no|yes)
+ ;;
+ *)
+ as_fn_error $? "only yes or no allowed for feature --enable-tools" "$LINENO" 5
+ ;;
+ esac
+
+build_doc=yes
+
+ # Check whether --enable-doc was given.
+if test "${enable_doc+set}" = set; then :
+ enableval=$enable_doc; build_doc=$enableval
+else
+ build_doc=yes
+fi
+
+
+ case "$build_doc" in
+ no|yes)
+ ;;
+ *)
+ as_fn_error $? "only yes or no allowed for feature --enable-doc" "$LINENO" 5
+ ;;
+ esac
+
+build_symcryptrun=no
+
+ # Check whether --enable-symcryptrun was given.
+if test "${enable_symcryptrun+set}" = set; then :
+ enableval=$enable_symcryptrun; build_symcryptrun=$enableval
+else
+ build_symcryptrun=no
+fi
+
+
+ case "$build_symcryptrun" in
+ no|yes)
+ ;;
+ *)
+ as_fn_error $? "only yes or no allowed for feature --enable-symcryptrun" "$LINENO" 5
+ ;;
+ esac
+
+build_gpgtar=no
+
+ # Check whether --enable-gpgtar was given.
+if test "${enable_gpgtar+set}" = set; then :
+ enableval=$enable_gpgtar; build_gpgtar=$enableval
+else
+ build_gpgtar=no
+fi
+
+
+ case "$build_gpgtar" in
+ no|yes)
+ ;;
+ *)
+ as_fn_error $? "only yes or no allowed for feature --enable-gpgtar" "$LINENO" 5
+ ;;
+ esac
+
+
+
+
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_GT "$PACKAGE_GT"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define NEED_LIBGCRYPT_VERSION "$NEED_LIBGCRYPT_VERSION"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define NEED_KSBA_VERSION "$NEED_KSBA_VERSION"
+_ACEOF
+
+
+
+# The default is to use the modules from this package and the few
+# other packages in a standard place; i.e where this package gets
+# installed. With these options it is possible to override these
+# ${prefix} depended values with fixed paths, which can't be replaced
+# at make time. See also am/cmacros.am and the defaults in AH_BOTTOM.
+
+# Check whether --with-agent-pgm was given.
+if test "${with_agent_pgm+set}" = set; then :
+ withval=$with_agent_pgm; GNUPG_AGENT_PGM="$withval"
+else
+ GNUPG_AGENT_PGM=""
+fi
+
+
+ if test -n "$GNUPG_AGENT_PGM"; then
+ GNUPG_AGENT_PGM_TRUE=
+ GNUPG_AGENT_PGM_FALSE='#'
+else
+ GNUPG_AGENT_PGM_TRUE='#'
+ GNUPG_AGENT_PGM_FALSE=
+fi
+
+show_gnupg_agent_pgm="(default)"
+test -n "$GNUPG_AGENT_PGM" && show_gnupg_agent_pgm="$GNUPG_AGENT_PGM"
+
+
+# Check whether --with-pinentry-pgm was given.
+if test "${with_pinentry_pgm+set}" = set; then :
+ withval=$with_pinentry_pgm; GNUPG_PINENTRY_PGM="$withval"
+else
+ GNUPG_PINENTRY_PGM=""
+fi
+
+
+ if test -n "$GNUPG_PINENTRY_PGM"; then
+ GNUPG_PINENTRY_PGM_TRUE=
+ GNUPG_PINENTRY_PGM_FALSE='#'
+else
+ GNUPG_PINENTRY_PGM_TRUE='#'
+ GNUPG_PINENTRY_PGM_FALSE=
+fi
+
+show_gnupg_pinentry_pgm="(default)"
+test -n "$GNUPG_PINENTRY_PGM" && show_gnupg_pinentry_pgm="$GNUPG_PINENTRY_PGM"
+
+
+
+# Check whether --with-scdaemon-pgm was given.
+if test "${with_scdaemon_pgm+set}" = set; then :
+ withval=$with_scdaemon_pgm; GNUPG_SCDAEMON_PGM="$withval"
+else
+ GNUPG_SCDAEMON_PGM=""
+fi
+
+
+ if test -n "$GNUPG_SCDAEMON_PGM"; then
+ GNUPG_SCDAEMON_PGM_TRUE=
+ GNUPG_SCDAEMON_PGM_FALSE='#'
+else
+ GNUPG_SCDAEMON_PGM_TRUE='#'
+ GNUPG_SCDAEMON_PGM_FALSE=
+fi
+
+show_gnupg_scdaemon_pgm="(default)"
+test -n "$GNUPG_SCDAEMON_PGM" && show_gnupg_scdaemon_pgm="$GNUPG_SCDAEMON_PGM"
+
+
+
+# Check whether --with-dirmngr-pgm was given.
+if test "${with_dirmngr_pgm+set}" = set; then :
+ withval=$with_dirmngr_pgm; GNUPG_DIRMNGR_PGM="$withval"
+else
+ GNUPG_DIRMNGR_PGM=""
+fi
+
+
+ if test -n "$GNUPG_DIRMNGR_PGM"; then
+ GNUPG_DIRMNGR_PGM_TRUE=
+ GNUPG_DIRMNGR_PGM_FALSE='#'
+else
+ GNUPG_DIRMNGR_PGM_TRUE='#'
+ GNUPG_DIRMNGR_PGM_FALSE=
+fi
+
+show_gnupg_dirmngr_pgm="(default)"
+test -n "$GNUPG_DIRMNGR_PGM" && show_gnupg_dirmngr_pgm="$GNUPG_DIRMNGR_PGM"
+
+
+# Check whether --with-protect-tool-pgm was given.
+if test "${with_protect_tool_pgm+set}" = set; then :
+ withval=$with_protect_tool_pgm; GNUPG_PROTECT_TOOL_PGM="$withval"
+else
+ GNUPG_PROTECT_TOOL_PGM=""
+fi
+
+
+ if test -n "$GNUPG_PROTECT_TOOL_PGM"; then
+ GNUPG_PROTECT_TOOL_PGM_TRUE=
+ GNUPG_PROTECT_TOOL_PGM_FALSE='#'
+else
+ GNUPG_PROTECT_TOOL_PGM_TRUE='#'
+ GNUPG_PROTECT_TOOL_PGM_FALSE=
+fi
+
+show_gnupg_protect_tool_pgm="(default)"
+test -n "$GNUPG_PROTECT_TOOL_PGM" \
+ && show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM"
+
+
+# Some folks want to use only the agent from this packet. Make it
+# easier for them by providing the configure option
+# --enable-only-agent.
+# Check whether --enable-agent-only was given.
+if test "${enable_agent_only+set}" = set; then :
+ enableval=$enable_agent_only; build_agent_only=$enableval
+fi
+
+
+# SELinux support includes tracking of sensitive files to avoid
+# leaking their contents through processing these files by gpg itself
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether SELinux support is requested" >&5
+$as_echo_n "checking whether SELinux support is requested... " >&6; }
+# Check whether --enable-selinux-support was given.
+if test "${enable_selinux_support+set}" = set; then :
+ enableval=$enable_selinux_support; selinux_support=$enableval
+else
+ selinux_support=no
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $selinux_support" >&5
+$as_echo "$selinux_support" >&6; }
+
+# Allow disabling of bzib2 support.
+# It is defined only after we confirm the library is available later
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the BZIP2 compression algorithm" >&5
+$as_echo_n "checking whether to enable the BZIP2 compression algorithm... " >&6; }
+# Check whether --enable-bzip2 was given.
+if test "${enable_bzip2+set}" = set; then :
+ enableval=$enable_bzip2; use_bzip2=$enableval
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_bzip2" >&5
+$as_echo "$use_bzip2" >&6; }
+
+# Configure option to allow or disallow execution of external
+# programs, like a photo viewer.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable external program execution" >&5
+$as_echo_n "checking whether to enable external program execution... " >&6; }
+# Check whether --enable-exec was given.
+if test "${enable_exec+set}" = set; then :
+ enableval=$enable_exec; use_exec=$enableval
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_exec" >&5
+$as_echo "$use_exec" >&6; }
+if test "$use_exec" = no ; then
+
+$as_echo "#define NO_EXEC 1" >>confdefs.h
+
+fi
+
+if test "$use_exec" = yes ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable photo ID viewing" >&5
+$as_echo_n "checking whether to enable photo ID viewing... " >&6; }
+ # Check whether --enable-photo-viewers was given.
+if test "${enable_photo_viewers+set}" = set; then :
+ enableval=$enable_photo_viewers; if test "$enableval" = no ; then
+
+$as_echo "#define DISABLE_PHOTO_VIEWER 1" >>confdefs.h
+
+ fi
+else
+ enableval=yes
+fi
+
+ gnupg_cv_enable_photo_viewers=$enableval
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
+$as_echo "$enableval" >&6; }
+
+ if test "$gnupg_cv_enable_photo_viewers" = yes ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use a fixed photo ID viewer" >&5
+$as_echo_n "checking whether to use a fixed photo ID viewer... " >&6; }
+
+# Check whether --with-photo-viewer was given.
+if test "${with_photo_viewer+set}" = set; then :
+ withval=$with_photo_viewer; if test "$withval" = yes ; then
+ withval=no
+ elif test "$withval" != no ; then
+
+cat >>confdefs.h <<_ACEOF
+#define FIXED_PHOTO_VIEWER "$withval"
+_ACEOF
+
+ fi
+else
+ withval=no
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
+$as_echo "$withval" >&6; }
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable external keyserver helpers" >&5
+$as_echo_n "checking whether to enable external keyserver helpers... " >&6; }
+ # Check whether --enable-keyserver-helpers was given.
+if test "${enable_keyserver_helpers+set}" = set; then :
+ enableval=$enable_keyserver_helpers; if test "$enableval" = no ; then
+
+$as_echo "#define DISABLE_KEYSERVER_HELPERS 1" >>confdefs.h
+
+ fi
+else
+ enableval=yes
+fi
+
+ gnupg_cv_enable_keyserver_helpers=$enableval
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
+$as_echo "$enableval" >&6; }
+
+ if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then
+ # LDAP is defined only after we confirm the library is available later
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether LDAP keyserver support is requested" >&5
+$as_echo_n "checking whether LDAP keyserver support is requested... " >&6; }
+ # Check whether --enable-ldap was given.
+if test "${enable_ldap+set}" = set; then :
+ enableval=$enable_ldap; try_ldap=$enableval
+else
+ try_ldap=yes
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $try_ldap" >&5
+$as_echo "$try_ldap" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether HKP keyserver support is requested" >&5
+$as_echo_n "checking whether HKP keyserver support is requested... " >&6; }
+ # Check whether --enable-hkp was given.
+if test "${enable_hkp+set}" = set; then :
+ enableval=$enable_hkp; try_hkp=$enableval
+else
+ try_hkp=yes
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $try_hkp" >&5
+$as_echo "$try_hkp" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether finger key fetching support is requested" >&5
+$as_echo_n "checking whether finger key fetching support is requested... " >&6; }
+ # Check whether --enable-finger was given.
+if test "${enable_finger+set}" = set; then :
+ enableval=$enable_finger; try_finger=$enableval
+else
+ try_finger=yes
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $try_finger" >&5
+$as_echo "$try_finger" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether generic object key fetching support is requested" >&5
+$as_echo_n "checking whether generic object key fetching support is requested... " >&6; }
+ # Check whether --enable-generic was given.
+if test "${enable_generic+set}" = set; then :
+ enableval=$enable_generic; try_generic=$enableval
+else
+ try_generic=yes
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $try_generic" >&5
+$as_echo "$try_generic" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether email keyserver support is requested" >&5
+$as_echo_n "checking whether email keyserver support is requested... " >&6; }
+ # Check whether --enable-mailto was given.
+if test "${enable_mailto+set}" = set; then :
+ enableval=$enable_mailto; try_mailto=$enableval
+else
+ try_mailto=no
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $try_mailto" >&5
+$as_echo "$try_mailto" >&6; }
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether keyserver exec-path is enabled" >&5
+$as_echo_n "checking whether keyserver exec-path is enabled... " >&6; }
+ # Check whether --enable-keyserver-path was given.
+if test "${enable_keyserver_path+set}" = set; then :
+ enableval=$enable_keyserver_path; if test "$enableval" = no ; then
+ disable_keyserver_path=yes
+ fi
+else
+ enableval=yes
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
+$as_echo "$enableval" >&6; }
+fi
+
+
+#
+# Check for the key/uid cache size. This can't be zero, but can be
+# pretty small on embedded systems. This is used for the gpg part.
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for the size of the key and uid cache" >&5
+$as_echo_n "checking for the size of the key and uid cache... " >&6; }
+# Check whether --enable-key-cache was given.
+if test "${enable_key_cache+set}" = set; then :
+ enableval=$enable_key_cache;
+else
+ enableval=4096
+fi
+
+if test "$enableval" = "no"; then
+ enableval=5
+elif test "$enableval" = "yes" || test "$enableval" = ""; then
+ enableval=4096
+fi
+key_cache_size=`echo "$enableval" | sed 's/[A-Za-z]//g'`
+if test "$enableval" != "$key_cache_size" || test "$key_cache_size" -lt 5; then
+ as_fn_error $? "invalid key-cache size" "$LINENO" 5
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $key_cache_size" >&5
+$as_echo "$key_cache_size" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define PK_UID_CACHE_SIZE $key_cache_size
+_ACEOF
+
+
+
+
+#
+# Check whether we want to use Linux capabilities
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether use of capabilities is requested" >&5
+$as_echo_n "checking whether use of capabilities is requested... " >&6; }
+
+# Check whether --with-capabilities was given.
+if test "${with_capabilities+set}" = set; then :
+ withval=$with_capabilities; use_capabilities="$withval"
+else
+ use_capabilities=no
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_capabilities" >&5
+$as_echo "$use_capabilities" >&6; }
+
+
+#
+# Allow disabling of internal CCID support.
+# It is defined only after we confirm the library is available later
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the internal CCID driver" >&5
+$as_echo_n "checking whether to enable the internal CCID driver... " >&6; }
+# Check whether --enable-ccid-driver was given.
+if test "${enable_ccid_driver+set}" = set; then :
+ enableval=$enable_ccid_driver; use_ccid_driver=$enableval
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_ccid_driver" >&5
+$as_echo "$use_ccid_driver" >&6; }
+
+
+#
+# To avoid double inclusion of config.h which might happen at some
+# places, we add the usual double inclusion protection at the top of
+# config.h.
+#
+
+
+#
+# Stuff which goes at the bottom of config.h.
+#
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5
+$as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; }
+ # Check whether --enable-maintainer-mode was given.
+if test "${enable_maintainer_mode+set}" = set; then :
+ enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval
+else
+ USE_MAINTAINER_MODE=no
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5
+$as_echo "$USE_MAINTAINER_MODE" >&6; }
+ if test $USE_MAINTAINER_MODE = yes; then
+ MAINTAINER_MODE_TRUE=
+ MAINTAINER_MODE_FALSE='#'
+else
+ MAINTAINER_MODE_TRUE='#'
+ MAINTAINER_MODE_FALSE=
+fi
+
+ MAINT=$MAINTAINER_MODE_TRUE
+
+
+
+# Checks for programs.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for programs" >&5
+$as_echo "$as_me: checking for programs" >&6;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+ @echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+ *@@@%%%=?*=@@@%%%*)
+ eval ac_cv_prog_make_${ac_make}_set=yes;;
+ *)
+ eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ SET_MAKE=
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
+$as_echo_n "checking whether build environment is sane... " >&6; }
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name. Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+ *[\\\"\#\$\&\'\`$am_lf]*)
+ as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;;
+esac
+case $srcdir in
+ *[\\\"\#\$\&\'\`$am_lf\ \ ]*)
+ as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+ if test "$*" = "X"; then
+ # -L didn't work.
+ set X `ls -t "$srcdir/configure" conftest.file`
+ fi
+ rm -f conftest.file
+ if test "$*" != "X $srcdir/configure conftest.file" \
+ && test "$*" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ as_fn_error $? "ls -t appears to fail. Make sure there is not a broken
+alias in your environment" "$LINENO" 5
+ fi
+
+ test "$2" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ as_fn_error $? "newly created file is older than distributed files!
+Check your system clock" "$LINENO" 5
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+missing_dir=`cd $ac_aux_dir && pwd`
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+for ac_prog in gawk mawk nawk awk
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AWK+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$AWK"; then
+ ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AWK="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$AWK" && break
+done
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ fi
+fi
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $# != 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in cl.exe
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$CC" && break
+ done
+fi
+if test -z "$CC"; then
+ ac_ct_CC=$CC
+ for ac_prog in cl.exe
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CC" && break
+done
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if ${ac_cv_c_compiler_gnu+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_compiler_gnu=yes
+else
+ ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GCC=yes
+else
+ GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if ${ac_cv_prog_cc_g+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_c_werror_flag=$ac_c_werror_flag
+ ac_c_werror_flag=yes
+ ac_cv_prog_cc_g=no
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+else
+ CFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ ac_c_werror_flag=$ac_save_c_werror_flag
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
+else
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if ${ac_cv_prog_cc_c89+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not '\xHH' hex character constants.
+ These don't provoke an error unfortunately, instead are silently treated
+ as 'x'. The following induces an error, until -std is added to get
+ proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
+ array size at least. It's necessary to write '\x00'==0 to get something
+ that's true only with -std. */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
+ ;
+ return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+ test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+ x)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+ xno)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+ *)
+ CC="$CC $ac_cv_prog_cc_c89"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CC" am_compiler_list=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if ${am_cv_CC_dependencies_compiler_type+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_CC_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+ fi
+ am__universal=false
+ case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac
+
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
+ case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
+ none) break ;;
+ esac
+ if depmode=$depmode \
+ source=sub/conftest.c object=$am__obj \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_CC_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+ if
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+ am__fastdepCC_TRUE=
+ am__fastdepCC_FALSE='#'
+else
+ am__fastdepCC_TRUE='#'
+ am__fastdepCC_FALSE=
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+ if ${ac_cv_prog_CPP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Double quotes because CPP needs to be expanded
+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+ break
+fi
+
+ done
+ ac_cv_prog_CPP=$CPP
+
+fi
+ CPP=$ac_cv_prog_CPP
+else
+ ac_cv_prog_CPP=$CPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+if test "x$CC" != xcc; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC and cc understand -c and -o together" >&5
+$as_echo_n "checking whether $CC and cc understand -c and -o together... " >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether cc understands -c and -o together" >&5
+$as_echo_n "checking whether cc understands -c and -o together... " >&6; }
+fi
+set dummy $CC; ac_cc=`$as_echo "$2" |
+ sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
+if eval \${ac_cv_prog_cc_${ac_cc}_c_o+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+# Make sure it works both with $CC and with simple cc.
+# We do the test twice because some compilers refuse to overwrite an
+# existing .o file with -o, though they will create one.
+ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
+rm -f conftest2.*
+if { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } &&
+ test -f conftest2.$ac_objext && { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; };
+then
+ eval ac_cv_prog_cc_${ac_cc}_c_o=yes
+ if test "x$CC" != xcc; then
+ # Test first that cc exists at all.
+ if { ac_try='cc -c conftest.$ac_ext >&5'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then
+ ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
+ rm -f conftest2.*
+ if { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } &&
+ test -f conftest2.$ac_objext && { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; };
+ then
+ # cc works too.
+ :
+ else
+ # cc exists but doesn't like -o.
+ eval ac_cv_prog_cc_${ac_cc}_c_o=no
+ fi
+ fi
+ fi
+else
+ eval ac_cv_prog_cc_${ac_cc}_c_o=no
+fi
+rm -f core conftest*
+
+fi
+if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define NO_MINUS_C_MINUS_O 1" >>confdefs.h
+
+fi
+
+# FIXME: we rely on the cache variable name because
+# there is no other way.
+set dummy $CC
+am_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
+eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o
+if test "$am_t" != yes; then
+ # Losing compiler, so override with the script.
+ # FIXME: It is wrong to rewrite CC.
+ # But if we don't then we get into trouble of one sort or another.
+ # A longer-term fix would be to have automake use am__CC in this case,
+ # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+ CC="$am_aux_dir/compile $CC"
+fi
+
+
+if test "x$ac_cv_prog_cc_c89" = "xno" ; then
+ as_fn_error $? "No C-89 compiler found" "$LINENO" 5
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
+$as_echo_n "checking whether ln -s works... " >&6; }
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
+$as_echo "no, using $LN_S" >&6; }
+fi
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_RANLIB+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+ ac_ct_RANLIB=$RANLIB
+ # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_RANLIB+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_RANLIB"; then
+ ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_RANLIB="ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_RANLIB" = x; then
+ RANLIB=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ RANLIB=$ac_ct_RANLIB
+ fi
+else
+ RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AR+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$AR"; then
+ ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AR="${ac_tool_prefix}ar"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_AR"; then
+ ac_ct_AR=$AR
+ # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_AR+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_AR"; then
+ ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_AR="ar"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_AR" = x; then
+ AR=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ AR=$ac_ct_AR
+ fi
+else
+ AR="$ac_cv_prog_AR"
+fi
+
+# Extract the first word of ""perl"", so it can be a program name with args.
+set dummy "perl"; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PERL+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PERL in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PERL=$ac_cv_path_PERL
+if test -n "$PERL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
+$as_echo "$PERL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}windres", so it can be a program name with args.
+set dummy ${ac_tool_prefix}windres; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_WINDRES+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$WINDRES"; then
+ ac_cv_prog_WINDRES="$WINDRES" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_WINDRES="${ac_tool_prefix}windres"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+WINDRES=$ac_cv_prog_WINDRES
+if test -n "$WINDRES"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $WINDRES" >&5
+$as_echo "$WINDRES" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_WINDRES"; then
+ ac_ct_WINDRES=$WINDRES
+ # Extract the first word of "windres", so it can be a program name with args.
+set dummy windres; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_WINDRES+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_WINDRES"; then
+ ac_cv_prog_ac_ct_WINDRES="$ac_ct_WINDRES" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_WINDRES="windres"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_WINDRES=$ac_cv_prog_ac_ct_WINDRES
+if test -n "$ac_ct_WINDRES"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_WINDRES" >&5
+$as_echo "$ac_ct_WINDRES" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_WINDRES" = x; then
+ WINDRES=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ WINDRES=$ac_ct_WINDRES
+ fi
+else
+ WINDRES="$ac_cv_prog_WINDRES"
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strerror in -lcposix" >&5
+$as_echo_n "checking for strerror in -lcposix... " >&6; }
+if ${ac_cv_lib_cposix_strerror+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcposix $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strerror ();
+int
+main ()
+{
+return strerror ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_cposix_strerror=yes
+else
+ ac_cv_lib_cposix_strerror=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cposix_strerror" >&5
+$as_echo "$ac_cv_lib_cposix_strerror" >&6; }
+if test "x$ac_cv_lib_cposix_strerror" = xyes; then :
+ LIBS="$LIBS -lcposix"
+fi
+
+
+
+
+
+
+# Check whether --enable-largefile was given.
+if test "${enable_largefile+set}" = set; then :
+ enableval=$enable_largefile;
+fi
+
+if test "$enable_largefile" != no; then
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5
+$as_echo_n "checking for special C compiler options needed for large files... " >&6; }
+if ${ac_cv_sys_largefile_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_sys_largefile_CC=no
+ if test "$GCC" != yes; then
+ ac_save_CC=$CC
+ while :; do
+ # IRIX 6.2 and later do not support large files by default,
+ # so use the C compiler's -n32 option if that helps.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ if ac_fn_c_try_compile "$LINENO"; then :
+ break
+fi
+rm -f core conftest.err conftest.$ac_objext
+ CC="$CC -n32"
+ if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_sys_largefile_CC=' -n32'; break
+fi
+rm -f core conftest.err conftest.$ac_objext
+ break
+ done
+ CC=$ac_save_CC
+ rm -f conftest.$ac_ext
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5
+$as_echo "$ac_cv_sys_largefile_CC" >&6; }
+ if test "$ac_cv_sys_largefile_CC" != no; then
+ CC=$CC$ac_cv_sys_largefile_CC
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5
+$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; }
+if ${ac_cv_sys_file_offset_bits+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_sys_file_offset_bits=no; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#define _FILE_OFFSET_BITS 64
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_sys_file_offset_bits=64; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cv_sys_file_offset_bits=unknown
+ break
+done
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5
+$as_echo "$ac_cv_sys_file_offset_bits" >&6; }
+case $ac_cv_sys_file_offset_bits in #(
+ no | unknown) ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits
+_ACEOF
+;;
+esac
+rm -rf conftest*
+ if test $ac_cv_sys_file_offset_bits = unknown; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5
+$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; }
+if ${ac_cv_sys_large_files+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_sys_large_files=no; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#define _LARGE_FILES 1
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_sys_large_files=1; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cv_sys_large_files=unknown
+ break
+done
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5
+$as_echo "$ac_cv_sys_large_files" >&6; }
+case $ac_cv_sys_large_files in #(
+ no | unknown) ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define _LARGE_FILES $ac_cv_sys_large_files
+_ACEOF
+;;
+esac
+rm -rf conftest*
+ fi
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for faqprog.pl" >&5
+$as_echo_n "checking for faqprog.pl... " >&6; }
+ if faqprog.pl -V 2>/dev/null | grep '^faqprog.pl ' >/dev/null 2>&1; then
+ working_faqprog=yes
+ FAQPROG="faqprog.pl"
+ else
+ working_faqprog=no
+ FAQPROG=": "
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $working_faqprog" >&5
+$as_echo "$working_faqprog" >&6; }
+
+ if test "$working_faqprog" = "yes" ; then
+ WORKING_FAQPROG_TRUE=
+ WORKING_FAQPROG_FALSE='#'
+else
+ WORKING_FAQPROG_TRUE='#'
+ WORKING_FAQPROG_FALSE=
+fi
+
+
+
+
+
+# Check whether --with-tar was given.
+if test "${with_tar+set}" = set; then :
+ withval=$with_tar; _do_tar=$withval
+fi
+
+
+ if test x$_do_tar != xno ; then
+
+ if test x$_do_tar = x ; then
+ # Extract the first word of ""tar"", so it can be a program name with args.
+set dummy "tar"; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_TAR+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $TAR in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_TAR="$TAR" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_TAR="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+TAR=$ac_cv_path_TAR
+if test -n "$TAR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TAR" >&5
+$as_echo "$TAR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ _mytar=$ac_cv_path_TAR
+ fi
+
+ # Check if our tar is ustar format. If so, it's good. TODO: Add some
+ # code to check various options, etc, to try and create ustar
+ # format.
+
+ if test x$_mytar != x ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $_mytar speaks USTAR" >&5
+$as_echo_n "checking whether $_mytar speaks USTAR... " >&6; }
+ echo hithere > conftest.txt
+ $_mytar -cf - conftest.txt | (dd skip=257 bs=1 count=5 2>/dev/null || cat) | grep ustar > /dev/null
+ _tar_bad=$?
+ rm conftest.txt
+
+ if test x$_tar_bad = x0 ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ fi
+ fi
+
+ if test x$_tar_bad = x0; then
+ HAVE_USTAR_TRUE=
+ HAVE_USTAR_FALSE='#'
+else
+ HAVE_USTAR_TRUE='#'
+ HAVE_USTAR_FALSE=
+fi
+
+
+
+# We need to compile and run a program on the build machine. A
+# comment in libgpg-error says that the AC_PROG_CC_FOR_BUILD macro in
+# the AC archive is broken for autoconf 2.57. Given that tehre is no
+# newer version of that macro, we assume that it is also broken for
+# autoconf 2.61 and thus we use a simple but usually sufficient
+# approach.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for cc for build" >&5
+$as_echo_n "checking for cc for build... " >&6; }
+if test "$cross_compiling" = "yes"; then
+ CC_FOR_BUILD="${CC_FOR_BUILD-cc}"
+else
+ CC_FOR_BUILD="${CC_FOR_BUILD-$CC}"
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC_FOR_BUILD" >&5
+$as_echo "$CC_FOR_BUILD" >&6; }
+
+
+
+
+try_gettext=yes
+have_dosish_system=no
+have_w32_system=no
+use_simple_gettext=no
+case "${host}" in
+ *-mingw32*)
+ # special stuff for Windoze NT
+ ac_cv_have_dev_random=no
+
+$as_echo "#define USE_ONLY_8DOT3 1" >>confdefs.h
+
+
+$as_echo "#define HAVE_DRIVE_LETTERS 1" >>confdefs.h
+
+
+$as_echo "#define USE_SIMPLE_GETTEXT 1" >>confdefs.h
+
+ disable_keyserver_path=yes
+ have_dosish_system=yes
+ have_w32_system=yes
+ try_gettext="no"
+ use_simple_gettext=yes
+ ;;
+ i?86-emx-os2 | i?86-*-os2*emx )
+ # OS/2 with the EMX environment
+ ac_cv_have_dev_random=no
+ $as_echo "#define HAVE_DRIVE_LETTERS 1" >>confdefs.h
+
+ have_dosish_system=yes
+ try_gettext="no"
+ ;;
+
+ i?86-*-msdosdjgpp*)
+ # DOS with the DJGPP environment
+ ac_cv_have_dev_random=no
+ $as_echo "#define HAVE_DRIVE_LETTERS 1" >>confdefs.h
+
+ have_dosish_system=yes
+ try_gettext="no"
+ ;;
+
+ *-*-freebsd*)
+ # FreeBSD
+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
+ ;;
+
+ *-*-hpux*)
+ if test -z "$GCC" ; then
+ CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE"
+ fi
+ ;;
+ *-dec-osf4*)
+ if test -z "$GCC" ; then
+ # Suppress all warnings
+ # to get rid of the unsigned/signed char mismatch warnings.
+ CFLAGS="$CFLAGS -w"
+ fi
+ ;;
+ *-dec-osf5*)
+ if test -z "$GCC" ; then
+ # Use the newer compiler `-msg_disable ptrmismatch1' to
+ # get rid of the unsigned/signed char mismatch warnings.
+ # Using this may hide other pointer mismatch warnings, but
+ # it at least lets other warning classes through
+ CFLAGS="$CFLAGS -msg_disable ptrmismatch1"
+ fi
+ ;;
+ m68k-atari-mint)
+ ;;
+ *)
+ ;;
+esac
+
+if test "$have_dosish_system" = yes; then
+
+$as_echo "#define HAVE_DOSISH_SYSTEM 1" >>confdefs.h
+
+fi
+ if test "$have_dosish_system" = yes; then
+ HAVE_DOSISH_SYSTEM_TRUE=
+ HAVE_DOSISH_SYSTEM_FALSE='#'
+else
+ HAVE_DOSISH_SYSTEM_TRUE='#'
+ HAVE_DOSISH_SYSTEM_FALSE=
+fi
+
+
+ if test x"$use_simple_gettext" = xyes; then
+ USE_SIMPLE_GETTEXT_TRUE=
+ USE_SIMPLE_GETTEXT_FALSE='#'
+else
+ USE_SIMPLE_GETTEXT_TRUE='#'
+ USE_SIMPLE_GETTEXT_FALSE=
+fi
+
+
+if test "$have_w32_system" = yes; then
+
+$as_echo "#define HAVE_W32_SYSTEM 1" >>confdefs.h
+
+fi
+ if test "$have_w32_system" = yes; then
+ HAVE_W32_SYSTEM_TRUE=
+ HAVE_W32_SYSTEM_FALSE='#'
+else
+ HAVE_W32_SYSTEM_TRUE='#'
+ HAVE_W32_SYSTEM_FALSE=
+fi
+
+
+if test "$disable_keyserver_path" = yes; then
+
+$as_echo "#define DISABLE_KEYSERVER_PATH 1" >>confdefs.h
+
+fi
+
+#
+# Allows enabling the use of a standard socket by default This is
+# gpg-agent's option --[no-]use-standard-socket. For Windows we force
+# the use of this.
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use a standard socket by default" >&5
+$as_echo_n "checking whether to use a standard socket by default... " >&6; }
+# Check whether --enable-standard-socket was given.
+if test "${enable_standard_socket+set}" = set; then :
+ enableval=$enable_standard_socket; use_standard_socket=$enableval
+fi
+
+tmp=""
+if test "$use_standard_socket" != yes; then
+ if test "$have_w32_system" = yes; then
+ use_standard_socket=yes
+ tmp=" (forced)"
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_standard_socket$tmp" >&5
+$as_echo "$use_standard_socket$tmp" >&6; }
+if test "$use_standard_socket" = yes; then
+
+$as_echo "#define USE_STANDARD_SOCKET 1" >>confdefs.h
+
+fi
+
+
+# (These need to go after AC_PROG_CC so that $EXEEXT is defined)
+
+cat >>confdefs.h <<_ACEOF
+#define EXEEXT "$EXEEXT"
+_ACEOF
+
+
+if test x"$try_hkp" = xyes ; then
+ GPGKEYS_HKP="gpg2keys_hkp$EXEEXT"
+
+fi
+
+if test x"$try_finger" = xyes ; then
+ GPGKEYS_FINGER="gpg2keys_finger$EXEEXT"
+
+fi
+
+
+
+#
+# Checks for libraries.
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libraries" >&5
+$as_echo "$as_me: checking for libraries" >&6;}
+
+
+#
+# libgpg-error is a library with error codes shared between GnuPG
+# related projects.
+#
+
+# Check whether --with-gpg-error-prefix was given.
+if test "${with_gpg_error_prefix+set}" = set; then :
+ withval=$with_gpg_error_prefix; gpg_error_config_prefix="$withval"
+else
+ gpg_error_config_prefix=""
+fi
+
+ if test x$gpg_error_config_prefix != x ; then
+ if test x${GPG_ERROR_CONFIG+set} != xset ; then
+ GPG_ERROR_CONFIG=$gpg_error_config_prefix/bin/gpg-error-config
+ fi
+ fi
+
+ # Extract the first word of "gpg-error-config", so it can be a program name with args.
+set dummy gpg-error-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_GPG_ERROR_CONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $GPG_ERROR_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_GPG_ERROR_CONFIG="$GPG_ERROR_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_GPG_ERROR_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_GPG_ERROR_CONFIG" && ac_cv_path_GPG_ERROR_CONFIG="no"
+ ;;
+esac
+fi
+GPG_ERROR_CONFIG=$ac_cv_path_GPG_ERROR_CONFIG
+if test -n "$GPG_ERROR_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GPG_ERROR_CONFIG" >&5
+$as_echo "$GPG_ERROR_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ min_gpg_error_version="$NEED_GPG_ERROR_VERSION"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GPG Error - version >= $min_gpg_error_version" >&5
+$as_echo_n "checking for GPG Error - version >= $min_gpg_error_version... " >&6; }
+ ok=no
+ if test "$GPG_ERROR_CONFIG" != "no" ; then
+ req_major=`echo $min_gpg_error_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)/\1/'`
+ req_minor=`echo $min_gpg_error_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)/\2/'`
+ gpg_error_config_version=`$GPG_ERROR_CONFIG $gpg_error_config_args --version`
+ major=`echo $gpg_error_config_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\).*/\1/'`
+ minor=`echo $gpg_error_config_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\).*/\2/'`
+ if test "$major" -gt "$req_major"; then
+ ok=yes
+ else
+ if test "$major" -eq "$req_major"; then
+ if test "$minor" -ge "$req_minor"; then
+ ok=yes
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags`
+ GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs`
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ($gpg_error_config_version)" >&5
+$as_echo "yes ($gpg_error_config_version)" >&6; }
+ have_gpg_error=yes
+ else
+ GPG_ERROR_CFLAGS=""
+ GPG_ERROR_LIBS=""
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ have_gpg_error=no
+ fi
+
+
+
+
+
+#
+# Libgcrypt is our generic crypto library
+#
+
+# Check whether --with-libgcrypt-prefix was given.
+if test "${with_libgcrypt_prefix+set}" = set; then :
+ withval=$with_libgcrypt_prefix; libgcrypt_config_prefix="$withval"
+else
+ libgcrypt_config_prefix=""
+fi
+
+ if test x$libgcrypt_config_prefix != x ; then
+ if test x${LIBGCRYPT_CONFIG+set} != xset ; then
+ LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
+ fi
+ fi
+
+ # Extract the first word of "libgcrypt-config", so it can be a program name with args.
+set dummy libgcrypt-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_LIBGCRYPT_CONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $LIBGCRYPT_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_LIBGCRYPT_CONFIG="$LIBGCRYPT_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_LIBGCRYPT_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_LIBGCRYPT_CONFIG" && ac_cv_path_LIBGCRYPT_CONFIG="no"
+ ;;
+esac
+fi
+LIBGCRYPT_CONFIG=$ac_cv_path_LIBGCRYPT_CONFIG
+if test -n "$LIBGCRYPT_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBGCRYPT_CONFIG" >&5
+$as_echo "$LIBGCRYPT_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ tmp="$NEED_LIBGCRYPT_API:$NEED_LIBGCRYPT_VERSION"
+ if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
+ req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
+ min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
+ else
+ req_libgcrypt_api=0
+ min_libgcrypt_version="$tmp"
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBGCRYPT - version >= $min_libgcrypt_version" >&5
+$as_echo_n "checking for LIBGCRYPT - version >= $min_libgcrypt_version... " >&6; }
+ ok=no
+ if test "$LIBGCRYPT_CONFIG" != "no" ; then
+ req_major=`echo $min_libgcrypt_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\1/'`
+ req_minor=`echo $min_libgcrypt_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\2/'`
+ req_micro=`echo $min_libgcrypt_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\3/'`
+ libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
+ major=`echo $libgcrypt_config_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1/'`
+ minor=`echo $libgcrypt_config_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\2/'`
+ micro=`echo $libgcrypt_config_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\3/'`
+ if test "$major" -gt "$req_major"; then
+ ok=yes
+ else
+ if test "$major" -eq "$req_major"; then
+ if test "$minor" -gt "$req_minor"; then
+ ok=yes
+ else
+ if test "$minor" -eq "$req_minor"; then
+ if test "$micro" -ge "$req_micro"; then
+ ok=yes
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ($libgcrypt_config_version)" >&5
+$as_echo "yes ($libgcrypt_config_version)" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ if test $ok = yes; then
+ # If we have a recent libgcrypt, we should also check that the
+ # API is compatible
+ if test "$req_libgcrypt_api" -gt 0 ; then
+ tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
+ if test "$tmp" -gt 0 ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking LIBGCRYPT API version" >&5
+$as_echo_n "checking LIBGCRYPT API version... " >&6; }
+ if test "$req_libgcrypt_api" -eq "$tmp" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: okay" >&5
+$as_echo "okay" >&6; }
+ else
+ ok=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: does not match. want=$req_libgcrypt_api got=$tmp" >&5
+$as_echo "does not match. want=$req_libgcrypt_api got=$tmp" >&6; }
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
+ LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
+ have_libgcrypt=yes
+ else
+ LIBGCRYPT_CFLAGS=""
+ LIBGCRYPT_LIBS=""
+ have_libgcrypt=no
+ fi
+
+
+
+
+
+#
+# libassuan is used for IPC
+#
+
+# Check whether --with-libassuan-prefix was given.
+if test "${with_libassuan_prefix+set}" = set; then :
+ withval=$with_libassuan_prefix; libassuan_config_prefix="$withval"
+else
+ libassuan_config_prefix=""
+fi
+
+ if test x$libassuan_config_prefix != x ; then
+ libassuan_config_args="$libassuan_config_args --prefix=$libassuan_config_prefix"
+ if test x${LIBASSUAN_CONFIG+set} != xset ; then
+ LIBASSUAN_CONFIG=$libassuan_config_prefix/bin/libassuan-config
+ fi
+ fi
+ # Extract the first word of "libassuan-config", so it can be a program name with args.
+set dummy libassuan-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_LIBASSUAN_CONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $LIBASSUAN_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_LIBASSUAN_CONFIG="$LIBASSUAN_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_LIBASSUAN_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_LIBASSUAN_CONFIG" && ac_cv_path_LIBASSUAN_CONFIG="no"
+ ;;
+esac
+fi
+LIBASSUAN_CONFIG=$ac_cv_path_LIBASSUAN_CONFIG
+if test -n "$LIBASSUAN_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBASSUAN_CONFIG" >&5
+$as_echo "$LIBASSUAN_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+ tmp="$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION"
+ if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
+ req_libassuan_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
+ min_libassuan_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
+ else
+ req_libassuan_api=0
+ min_libassuan_version="$tmp"
+ fi
+
+ if test "$LIBASSUAN_CONFIG" != "no" ; then
+ libassuan_version=`$LIBASSUAN_CONFIG --version`
+ fi
+ libassuan_version_major=`echo $libassuan_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1/'`
+ libassuan_version_minor=`echo $libassuan_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\2/'`
+ libassuan_version_micro=`echo $libassuan_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\3/'`
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBASSUAN - version >= $min_libassuan_version" >&5
+$as_echo_n "checking for LIBASSUAN - version >= $min_libassuan_version... " >&6; }
+ ok=no
+ if test "$LIBASSUAN_CONFIG" != "no" ; then
+
+ req_major=`echo $min_libassuan_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\1/'`
+ req_minor=`echo $min_libassuan_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\2/'`
+ req_micro=`echo $min_libassuan_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\3/'`
+ if test "$libassuan_version_major" -gt "$req_major"; then
+ ok=yes
+ else
+ if test "$libassuan_version_major" -eq "$req_major"; then
+ if test "$libassuan_version_minor" -gt "$req_minor"; then
+ ok=yes
+ else
+ if test "$libassuan_version_minor" -eq "$req_minor"; then
+ if test "$libassuan_version_micro" -ge "$req_micro"; then
+ ok=yes
+ fi
+ fi
+ fi
+ fi
+ fi
+
+ fi
+
+ if test $ok = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ($libassuan_version)" >&5
+$as_echo "yes ($libassuan_version)" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+ if test $ok = yes; then
+ if test "$req_libassuan_api" -gt 0 ; then
+ tmp=`$LIBASSUAN_CONFIG --api-version 2>/dev/null || echo 0`
+ if test "$tmp" -gt 0 ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking LIBASSUAN API version" >&5
+$as_echo_n "checking LIBASSUAN API version... " >&6; }
+ if test "$req_libassuan_api" -eq "$tmp" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: okay" >&5
+$as_echo "okay" >&6; }
+ else
+ ok=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: does not match. want=$req_libassuan_api got=$tmp." >&5
+$as_echo "does not match. want=$req_libassuan_api got=$tmp." >&6; }
+ fi
+ fi
+ fi
+ fi
+
+
+ if test $ok = yes; then
+ LIBASSUAN_CFLAGS=`$LIBASSUAN_CONFIG $libassuan_config_args --cflags`
+ LIBASSUAN_LIBS=`$LIBASSUAN_CONFIG $libassuan_config_args --libs`
+ have_libassuan=yes
+ else
+ LIBASSUAN_CFLAGS=""
+ LIBASSUAN_LIBS=""
+ have_libassuan=no
+ fi
+
+
+
+if test "$have_libassuan" = "yes"; then
+
+cat >>confdefs.h <<_ACEOF
+#define GNUPG_LIBASSUAN_VERSION "$libassuan_version"
+_ACEOF
+
+fi
+
+
+
+#
+# libksba is our X.509 support library
+#
+
+# Check whether --with-ksba-prefix was given.
+if test "${with_ksba_prefix+set}" = set; then :
+ withval=$with_ksba_prefix; ksba_config_prefix="$withval"
+else
+ ksba_config_prefix=""
+fi
+
+ if test x$ksba_config_prefix != x ; then
+ ksba_config_args="$ksba_config_args --prefix=$ksba_config_prefix"
+ if test x${KSBA_CONFIG+set} != xset ; then
+ KSBA_CONFIG=$ksba_config_prefix/bin/ksba-config
+ fi
+ fi
+
+ # Extract the first word of "ksba-config", so it can be a program name with args.
+set dummy ksba-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_KSBA_CONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $KSBA_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_KSBA_CONFIG="$KSBA_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_KSBA_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_KSBA_CONFIG" && ac_cv_path_KSBA_CONFIG="no"
+ ;;
+esac
+fi
+KSBA_CONFIG=$ac_cv_path_KSBA_CONFIG
+if test -n "$KSBA_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KSBA_CONFIG" >&5
+$as_echo "$KSBA_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ tmp="$NEED_KSBA_API:$NEED_KSBA_VERSION"
+ if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
+ req_ksba_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
+ min_ksba_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
+ else
+ req_ksba_api=0
+ min_ksba_version="$tmp"
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for KSBA - version >= $min_ksba_version" >&5
+$as_echo_n "checking for KSBA - version >= $min_ksba_version... " >&6; }
+ ok=no
+ if test "$KSBA_CONFIG" != "no" ; then
+ req_major=`echo $min_ksba_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\1/'`
+ req_minor=`echo $min_ksba_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\2/'`
+ req_micro=`echo $min_ksba_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\3/'`
+ ksba_config_version=`$KSBA_CONFIG $ksba_config_args --version`
+ major=`echo $ksba_config_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1/'`
+ minor=`echo $ksba_config_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\2/'`
+ micro=`echo $ksba_config_version | \
+ sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\3/'`
+ if test "$major" -gt "$req_major"; then
+ ok=yes
+ else
+ if test "$major" -eq "$req_major"; then
+ if test "$minor" -gt "$req_minor"; then
+ ok=yes
+ else
+ if test "$minor" -eq "$req_minor"; then
+ if test "$micro" -ge "$req_micro"; then
+ ok=yes
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ($ksba_config_version)" >&5
+$as_echo "yes ($ksba_config_version)" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ if test $ok = yes; then
+ # Even if we have a recent libksba, we should check that the
+ # API is compatible.
+ if test "$req_ksba_api" -gt 0 ; then
+ tmp=`$KSBA_CONFIG --api-version 2>/dev/null || echo 0`
+ if test "$tmp" -gt 0 ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking KSBA API version" >&5
+$as_echo_n "checking KSBA API version... " >&6; }
+ if test "$req_ksba_api" -eq "$tmp" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: okay" >&5
+$as_echo "okay" >&6; }
+ else
+ ok=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: does not match. want=$req_ksba_api got=$tmp." >&5
+$as_echo "does not match. want=$req_ksba_api got=$tmp." >&6; }
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ KSBA_CFLAGS=`$KSBA_CONFIG $ksba_config_args --cflags`
+ KSBA_LIBS=`$KSBA_CONFIG $ksba_config_args --libs`
+ have_ksba=yes
+ else
+ KSBA_CFLAGS=""
+ KSBA_LIBS=""
+ have_ksba=no
+ fi
+
+
+
+
+
+#
+# libusb allows us to use the integrated CCID smartcard reader driver.
+#
+# FiXME: Use GNUPG_CHECK_LIBUSB and modify to use separate AC_SUBSTs.
+if test "$use_ccid_driver" = yes ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for usb_bulk_write in -lusb" >&5
+$as_echo_n "checking for usb_bulk_write in -lusb... " >&6; }
+if ${ac_cv_lib_usb_usb_bulk_write+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lusb $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char usb_bulk_write ();
+int
+main ()
+{
+return usb_bulk_write ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_usb_usb_bulk_write=yes
+else
+ ac_cv_lib_usb_usb_bulk_write=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_usb_usb_bulk_write" >&5
+$as_echo "$ac_cv_lib_usb_usb_bulk_write" >&6; }
+if test "x$ac_cv_lib_usb_usb_bulk_write" = xyes; then :
+ LIBUSB_LIBS="$LIBUSB_LIBS -lusb"
+
+$as_echo "#define HAVE_LIBUSB 1" >>confdefs.h
+
+ have_libusb=yes
+
+fi
+
+ for ac_func in usb_create_match
+do :
+ ac_fn_c_check_func "$LINENO" "usb_create_match" "ac_cv_func_usb_create_match"
+if test "x$ac_cv_func_usb_create_match" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_USB_CREATE_MATCH 1
+_ACEOF
+
+fi
+done
+
+fi
+
+
+#
+# Check wether it is necessary to link against libdl.
+#
+gnupg_dlopen_save_libs="$LIBS"
+LIBS=""
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5
+$as_echo_n "checking for library containing dlopen... " >&6; }
+if ${ac_cv_search_dlopen+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' c dl; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_dlopen=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_dlopen+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_dlopen+:} false; then :
+
+else
+ ac_cv_search_dlopen=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5
+$as_echo "$ac_cv_search_dlopen" >&6; }
+ac_res=$ac_cv_search_dlopen
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+DL_LIBS=$LIBS
+
+LIBS="$gnupg_dlopen_save_libs"
+
+#
+# Checks for symcryptrun:
+#
+
+# libutil has openpty() and login_tty().
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for openpty in -lutil" >&5
+$as_echo_n "checking for openpty in -lutil... " >&6; }
+if ${ac_cv_lib_util_openpty+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lutil $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char openpty ();
+int
+main ()
+{
+return openpty ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_util_openpty=yes
+else
+ ac_cv_lib_util_openpty=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_util_openpty" >&5
+$as_echo "$ac_cv_lib_util_openpty" >&6; }
+if test "x$ac_cv_lib_util_openpty" = xyes; then :
+ LIBUTIL_LIBS="$LIBUTIL_LIBS -lutil"
+
+$as_echo "#define HAVE_LIBUTIL 1" >>confdefs.h
+
+
+fi
+
+
+
+# shred is used to clean temporary plain text files.
+# Extract the first word of "shred", so it can be a program name with args.
+set dummy shred; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_SHRED+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $SHRED in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_SHRED="$SHRED" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_SHRED="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_SHRED" && ac_cv_path_SHRED="/usr/bin/shred"
+ ;;
+esac
+fi
+SHRED=$ac_cv_path_SHRED
+if test -n "$SHRED"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SHRED" >&5
+$as_echo "$SHRED" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SHRED "${SHRED}"
+_ACEOF
+
+
+
+
+#
+# Check whether the GNU Pth library is available
+# Note, that we include a Pth emulation for W32.
+#
+
+# Check whether --with-pth-prefix was given.
+if test "${with_pth_prefix+set}" = set; then :
+ withval=$with_pth_prefix; pth_config_prefix="$withval"
+else
+ pth_config_prefix=""
+fi
+
+ if test x$pth_config_prefix != x ; then
+ PTH_CONFIG="$pth_config_prefix/bin/pth-config"
+ fi
+ # Extract the first word of "pth-config", so it can be a program name with args.
+set dummy pth-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PTH_CONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PTH_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PTH_CONFIG="$PTH_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_PTH_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_PTH_CONFIG" && ac_cv_path_PTH_CONFIG="no"
+ ;;
+esac
+fi
+PTH_CONFIG=$ac_cv_path_PTH_CONFIG
+if test -n "$PTH_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PTH_CONFIG" >&5
+$as_echo "$PTH_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ tmp=1.3.7
+ if test "$PTH_CONFIG" != "no"; then
+
+ _pth_version=`$PTH_CONFIG --version | awk 'NR==1 {print $3}'`
+ _req_version="$tmp"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PTH - version >= $_req_version" >&5
+$as_echo_n "checking for PTH - version >= $_req_version... " >&6; }
+ for _var in _pth_version _req_version; do
+ eval "_val=\"\$${_var}\""
+ _major=`echo $_val | sed 's/\([0-9]*\)\.\([0-9]*\)\([ab.]\)\([0-9]*\)/\1/'`
+ _minor=`echo $_val | sed 's/\([0-9]*\)\.\([0-9]*\)\([ab.]\)\([0-9]*\)/\2/'`
+ _rtype=`echo $_val | sed 's/\([0-9]*\)\.\([0-9]*\)\([ab.]\)\([0-9]*\)/\3/'`
+ _micro=`echo $_val | sed 's/\([0-9]*\)\.\([0-9]*\)\([ab.]\)\([0-9]*\)/\4/'`
+ case $_rtype in
+ "a" ) _rtype=0 ;;
+ "b" ) _rtype=1 ;;
+ "." ) _rtype=2 ;;
+ esac
+ _hex=`echo dummy | awk '{ printf("%d%02d%1d%02d", major, minor, rtype, micro); }' \
+ "major=$_major" "minor=$_minor" "rtype=$_rtype" "micro=$_micro"`
+ eval "${_var}_hex=\"\$_hex\""
+ done
+ have_pth=no
+ if test ".$_pth_version_hex" != .; then
+ if test ".$_req_version_hex" != .; then
+ if test $_pth_version_hex -ge $_req_version_hex; then
+ have_pth=yes
+ fi
+ fi
+ fi
+ if test $have_pth = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether PTH installation is sane" >&5
+$as_echo_n "checking whether PTH installation is sane... " >&6; }
+ if ${gnupg_cv_pth_is_sane+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ _gnupg_pth_save_cflags=$CFLAGS
+ _gnupg_pth_save_ldflags=$LDFLAGS
+ _gnupg_pth_save_libs=$LIBS
+ CFLAGS="$CFLAGS `$PTH_CONFIG --cflags`"
+ LDFLAGS="$LDFLAGS `$PTH_CONFIG --ldflags`"
+ LIBS="$LIBS `$PTH_CONFIG --libs --all`"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <pth.h>
+
+int
+main ()
+{
+ pth_init ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ gnupg_cv_pth_is_sane=yes
+else
+ gnupg_cv_pth_is_sane=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ CFLAGS=$_gnupg_pth_save_cflags
+ LDFLAGS=$_gnupg_pth_save_ldflags
+ LIBS=$_gnupg_pth_save_libs
+
+fi
+
+ if test $gnupg_cv_pth_is_sane != yes; then
+ have_pth=no
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_pth_is_sane" >&5
+$as_echo "$gnupg_cv_pth_is_sane" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+ if test $have_pth = yes; then
+ PTH_CFLAGS=`$PTH_CONFIG --cflags`
+ PTH_LIBS=`$PTH_CONFIG --ldflags`
+ PTH_LIBS="$PTH_LIBS `$PTH_CONFIG --libs --all`"
+
+$as_echo "#define HAVE_PTH 1" >>confdefs.h
+
+ fi
+ fi
+
+
+
+if test "$have_pth" = "yes"; then
+
+$as_echo "#define USE_GNU_PTH 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+***
+*** To support concurrent access to the gpg-agent and the SCdaemon
+*** we need the support of the GNU Portable Threads Library.
+*** Download it from ftp://ftp.gnu.org/gnu/pth/
+*** On a Debian GNU/Linux system you might want to try
+*** apt-get install libpth-dev
+***" >&5
+$as_echo "$as_me: WARNING:
+***
+*** To support concurrent access to the gpg-agent and the SCdaemon
+*** we need the support of the GNU Portable Threads Library.
+*** Download it from ftp://ftp.gnu.org/gnu/pth/
+*** On a Debian GNU/Linux system you might want to try
+*** apt-get install libpth-dev
+***" >&2;}
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for networking options" >&5
+$as_echo "$as_me: checking for networking options" >&6;}
+
+#
+# Must check for network library requirements before doing link tests
+# for ldap, for example. If ldap libs are static (or dynamic and without
+# ELF runtime link paths), then link will fail and LDAP support won't
+# be detected.
+#
+ac_fn_c_check_func "$LINENO" "gethostbyname" "ac_cv_func_gethostbyname"
+if test "x$ac_cv_func_gethostbyname" = xyes; then :
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lnsl" >&5
+$as_echo_n "checking for gethostbyname in -lnsl... " >&6; }
+if ${ac_cv_lib_nsl_gethostbyname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnsl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gethostbyname ();
+int
+main ()
+{
+return gethostbyname ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_nsl_gethostbyname=yes
+else
+ ac_cv_lib_nsl_gethostbyname=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_gethostbyname" >&5
+$as_echo "$ac_cv_lib_nsl_gethostbyname" >&6; }
+if test "x$ac_cv_lib_nsl_gethostbyname" = xyes; then :
+ NETLIBS="-lnsl $NETLIBS"
+fi
+
+fi
+
+ac_fn_c_check_func "$LINENO" "setsockopt" "ac_cv_func_setsockopt"
+if test "x$ac_cv_func_setsockopt" = xyes; then :
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setsockopt in -lsocket" >&5
+$as_echo_n "checking for setsockopt in -lsocket... " >&6; }
+if ${ac_cv_lib_socket_setsockopt+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char setsockopt ();
+int
+main ()
+{
+return setsockopt ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_socket_setsockopt=yes
+else
+ ac_cv_lib_socket_setsockopt=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_setsockopt" >&5
+$as_echo "$ac_cv_lib_socket_setsockopt" >&6; }
+if test "x$ac_cv_lib_socket_setsockopt" = xyes; then :
+ NETLIBS="-lsocket $NETLIBS"
+fi
+
+fi
+
+
+
+#
+# Check for ADNS.
+#
+_cppflags="${CPPFLAGS}"
+_ldflags="${LDFLAGS}"
+
+# Check whether --with-adns was given.
+if test "${with_adns+set}" = set; then :
+ withval=$with_adns; if test -d "$withval"; then
+ CPPFLAGS="${CPPFLAGS} -I$withval/include"
+ LDFLAGS="${LDFLAGS} -L$withval/lib"
+ fi
+fi
+
+if test "$with_adns" != "no"; then
+ for ac_header in adns.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "adns.h" "ac_cv_header_adns_h" "$ac_includes_default"
+if test "x$ac_cv_header_adns_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_ADNS_H 1
+_ACEOF
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for adns_init in -ladns" >&5
+$as_echo_n "checking for adns_init in -ladns... " >&6; }
+if ${ac_cv_lib_adns_adns_init+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ladns $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char adns_init ();
+int
+main ()
+{
+return adns_init ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_adns_adns_init=yes
+else
+ ac_cv_lib_adns_adns_init=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_adns_adns_init" >&5
+$as_echo "$ac_cv_lib_adns_adns_init" >&6; }
+if test "x$ac_cv_lib_adns_adns_init" = xyes; then :
+ have_adns=yes
+else
+ CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}
+fi
+
+else
+ CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}
+fi
+
+done
+
+fi
+if test "$have_adns" = "yes"; then
+ ADNSLIBS="-ladns"
+fi
+
+# Newer adns versions feature a free function to be used under W32.
+for ac_func in adns_free
+do :
+ ac_fn_c_check_func "$LINENO" "adns_free" "ac_cv_func_adns_free"
+if test "x$ac_cv_func_adns_free" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_ADNS_FREE 1
+_ACEOF
+
+fi
+done
+
+
+
+#
+# Now try for the resolver functions so we can use DNS for SRV, PA and CERT.
+#
+if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then
+ # Check whether --enable-dns-srv was given.
+if test "${enable_dns_srv+set}" = set; then :
+ enableval=$enable_dns_srv; use_dns_srv=$enableval
+else
+ use_dns_srv=yes
+fi
+
+fi
+
+# Check whether --enable-dns-pka was given.
+if test "${enable_dns_pka+set}" = set; then :
+ enableval=$enable_dns_pka; use_dns_pka=$enableval
+else
+ use_dns_pka=yes
+fi
+
+
+# Check whether --enable-dns-cert was given.
+if test "${enable_dns_cert+set}" = set; then :
+ enableval=$enable_dns_cert; use_dns_cert=$enableval
+else
+ use_dns_cert=yes
+fi
+
+
+if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \
+ || test x"$use_dns_cert" = xyes; then
+ _dns_save_libs=$LIBS
+ LIBS=""
+ # the double underscore thing is a glibc-ism?
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_query" >&5
+$as_echo_n "checking for library containing res_query... " >&6; }
+if ${ac_cv_search_res_query+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char res_query ();
+int
+main ()
+{
+return res_query ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv bind; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_res_query=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_res_query+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_res_query+:} false; then :
+
+else
+ ac_cv_search_res_query=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_res_query" >&5
+$as_echo "$ac_cv_search_res_query" >&6; }
+ac_res=$ac_cv_search_res_query
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __res_query" >&5
+$as_echo_n "checking for library containing __res_query... " >&6; }
+if ${ac_cv_search___res_query+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char __res_query ();
+int
+main ()
+{
+return __res_query ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv bind; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search___res_query=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search___res_query+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search___res_query+:} false; then :
+
+else
+ ac_cv_search___res_query=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search___res_query" >&5
+$as_echo "$ac_cv_search___res_query" >&6; }
+ac_res=$ac_cv_search___res_query
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else
+ have_resolver=no
+fi
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5
+$as_echo_n "checking for library containing dn_expand... " >&6; }
+if ${ac_cv_search_dn_expand+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dn_expand ();
+int
+main ()
+{
+return dn_expand ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv bind; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_dn_expand=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_dn_expand+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_dn_expand+:} false; then :
+
+else
+ ac_cv_search_dn_expand=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5
+$as_echo "$ac_cv_search_dn_expand" >&6; }
+ac_res=$ac_cv_search_dn_expand
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __dn_expand" >&5
+$as_echo_n "checking for library containing __dn_expand... " >&6; }
+if ${ac_cv_search___dn_expand+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char __dn_expand ();
+int
+main ()
+{
+return __dn_expand ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv bind; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search___dn_expand=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search___dn_expand+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search___dn_expand+:} false; then :
+
+else
+ ac_cv_search___dn_expand=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search___dn_expand" >&5
+$as_echo "$ac_cv_search___dn_expand" >&6; }
+ac_res=$ac_cv_search___dn_expand
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else
+ have_resolver=no
+fi
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_skipname" >&5
+$as_echo_n "checking for library containing dn_skipname... " >&6; }
+if ${ac_cv_search_dn_skipname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dn_skipname ();
+int
+main ()
+{
+return dn_skipname ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv bind; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_dn_skipname=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_dn_skipname+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_dn_skipname+:} false; then :
+
+else
+ ac_cv_search_dn_skipname=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_skipname" >&5
+$as_echo "$ac_cv_search_dn_skipname" >&6; }
+ac_res=$ac_cv_search_dn_skipname
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __dn_skipname" >&5
+$as_echo_n "checking for library containing __dn_skipname... " >&6; }
+if ${ac_cv_search___dn_skipname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char __dn_skipname ();
+int
+main ()
+{
+return __dn_skipname ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv bind; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search___dn_skipname=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search___dn_skipname+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search___dn_skipname+:} false; then :
+
+else
+ ac_cv_search___dn_skipname=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search___dn_skipname" >&5
+$as_echo "$ac_cv_search___dn_skipname" >&6; }
+ac_res=$ac_cv_search___dn_skipname
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else
+ have_resolver=no
+fi
+
+fi
+
+
+ if test x"$have_resolver" != xno ; then
+
+ # Make sure that the BIND 4 resolver interface is workable before
+ # enabling any code that calls it. At some point I'll rewrite the
+ # code to use the BIND 8 resolver API.
+ # We might also want to use adns instead. Problem with ADNS is that
+ # it does not support v6.
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the resolver is usable" >&5
+$as_echo_n "checking whether the resolver is usable... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+int
+main ()
+{
+unsigned char answer[PACKETSZ];
+ res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
+ dn_skipname(0,0);
+ dn_expand(0,0,0,0,0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ have_resolver=yes
+else
+ have_resolver=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $have_resolver" >&5
+$as_echo "$have_resolver" >&6; }
+
+ # This is Apple-specific and somewhat bizarre as they changed the
+ # define in bind 8 for some reason.
+
+ if test x"$have_resolver" != xyes ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether I can make the resolver usable with BIND_8_COMPAT" >&5
+$as_echo_n "checking whether I can make the resolver usable with BIND_8_COMPAT... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#define BIND_8_COMPAT
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+int
+main ()
+{
+unsigned char answer[PACKETSZ];
+ res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
+ dn_skipname(0,0); dn_expand(0,0,0,0,0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ have_resolver=yes ; need_compat=yes
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $have_resolver" >&5
+$as_echo "$have_resolver" >&6; }
+ fi
+ fi
+
+ if test x"$have_resolver" = xyes ; then
+ DNSLIBS=$LIBS
+
+ if test x"$use_dns_srv" = xyes ; then
+
+$as_echo "#define USE_DNS_SRV 1" >>confdefs.h
+
+ fi
+
+ if test x"$use_dns_pka" = xyes ; then
+
+$as_echo "#define USE_DNS_PKA 1" >>confdefs.h
+
+ fi
+
+ if test x"$use_dns_cert" = xyes ; then
+
+$as_echo "#define USE_DNS_CERT 1" >>confdefs.h
+
+ fi
+
+ if test x"$need_compat" = xyes ; then
+
+$as_echo "#define BIND_8_COMPAT 1" >>confdefs.h
+
+ fi
+ else
+ # If we have no resolver library but ADNS (e.g. under W32) enable the
+ # code parts which can be used with ADNS.
+ if test x"$have_adns" = xyes ; then
+ DNSLIBS="$ADNSLIBS"
+
+$as_echo "#define USE_ADNS 1" >>confdefs.h
+
+
+ if test x"$use_dns_srv" = xyes ; then
+ $as_echo "#define USE_DNS_SRV 1" >>confdefs.h
+
+ fi
+
+ if test x"$use_dns_pka" = xyes ; then
+ $as_echo "#define USE_DNS_PKA 1" >>confdefs.h
+
+ fi
+
+ if test x"$use_dns_cert" = xyes ; then
+
+$as_echo "#define USE_DNS_CERT 1" >>confdefs.h
+
+ fi
+ else
+ use_dns_srv=no
+ use_dns_pka=no
+ use_dns_cert=no
+ fi
+ fi
+
+ LIBS=$_dns_save_libs
+fi
+
+
+
+ if test x"$use_dns_srv" = xyes; then
+ USE_DNS_SRV_TRUE=
+ USE_DNS_SRV_FALSE='#'
+else
+ USE_DNS_SRV_TRUE='#'
+ USE_DNS_SRV_FALSE=
+fi
+
+
+
+#
+# Check for LDAP
+#
+if test "$try_ldap" = yes ; then
+
+# Try and link a LDAP test program to weed out unusable LDAP
+# libraries. -lldap [-llber [-lresolv]] is for older OpenLDAPs.
+# OpenLDAP, circa 1999, was terrible with creating weird dependencies.
+# If all else fails, the user can play guess-the-dependency by using
+# something like ./configure LDAPLIBS="-Lfoo -lbar"
+
+
+# Check whether --with-ldap was given.
+if test "${with_ldap+set}" = set; then :
+ withval=$with_ldap; _ldap_with=$withval
+fi
+
+
+if test x$_ldap_with != xno ; then
+
+ if test -d "$withval" ; then
+ LDAP_CPPFLAGS="-I$withval/include"
+ LDAP_LDFLAGS="-L$withval/lib"
+ fi
+
+ _ldap_save_cppflags=$CPPFLAGS
+ CPPFLAGS="${LDAP_CPPFLAGS} ${CPPFLAGS}"
+ _ldap_save_ldflags=$LDFLAGS
+ LDFLAGS="${LDAP_LDFLAGS} ${LDFLAGS}"
+
+ for MY_LDAPLIBS in ${LDAPLIBS+"$LDAPLIBS"} "-lldap" "-lldap -llber" "-lldap -llber -lresolv" "-lwldap32"; do
+ _ldap_save_libs=$LIBS
+ LIBS="$MY_LDAPLIBS $NETLIBS $LIBS"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether LDAP via \"$MY_LDAPLIBS\" is present and sane" >&5
+$as_echo_n "checking whether LDAP via \"$MY_LDAPLIBS\" is present and sane... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#ifdef _WIN32
+#include <winsock2.h>
+#include <winldap.h>
+#else
+#include <ldap.h>
+#endif
+
+int
+main ()
+{
+ldap_open("foobar",1234);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ gnupg_cv_func_ldap_init=yes
+else
+ gnupg_cv_func_ldap_init=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_func_ldap_init" >&5
+$as_echo "$gnupg_cv_func_ldap_init" >&6; }
+
+ if test $gnupg_cv_func_ldap_init = no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether I can make LDAP be sane with lber.h" >&5
+$as_echo_n "checking whether I can make LDAP be sane with lber.h... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <lber.h>
+#include <ldap.h>
+int
+main ()
+{
+ldap_open("foobar",1234);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ gnupg_cv_func_ldaplber_init=yes
+else
+ gnupg_cv_func_ldaplber_init=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_func_ldaplber_init" >&5
+$as_echo "$gnupg_cv_func_ldaplber_init" >&6; }
+ fi
+
+ if test "$gnupg_cv_func_ldaplber_init" = yes ; then
+
+$as_echo "#define NEED_LBER_H 1" >>confdefs.h
+
+ fi
+
+ if test "$gnupg_cv_func_ldap_init" = yes || \
+ test "$gnupg_cv_func_ldaplber_init" = yes ; then
+ LDAPLIBS="$LDAP_LDFLAGS $MY_LDAPLIBS"
+ GPGKEYS_LDAP="gpg2keys_ldap$EXEEXT"
+
+ for ac_func in ldap_get_option ldap_set_option
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ # The extra test for ldap_start_tls_sA is for W32 because
+ # that is the actual function in the library.
+ for ac_func in ldap_start_tls_s ldap_start_tls_sA
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+ if test "$ac_cv_func_ldap_get_option" != yes ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether LDAP supports ld_errno" >&5
+$as_echo_n "checking whether LDAP supports ld_errno... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ldap.h>
+int
+main ()
+{
+LDAP *ldap; ldap->ld_errno;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ gnupg_cv_func_ldap_ld_errno=yes
+else
+ gnupg_cv_func_ldap_ld_errno=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_func_ldap_ld_errno" >&5
+$as_echo "$gnupg_cv_func_ldap_ld_errno" >&6; }
+
+ if test "$gnupg_cv_func_ldap_ld_errno" = yes ; then
+
+$as_echo "#define HAVE_LDAP_LD_ERRNO 1" >>confdefs.h
+
+ fi
+ fi
+ fi
+
+ LIBS=$_ldap_save_libs
+
+ if test "$GPGKEYS_LDAP" != "" ; then break; fi
+ done
+
+
+
+
+
+ CPPFLAGS=$_ldap_save_cppflags
+ LDFLAGS=$_ldap_save_ldflags
+fi
+
+fi
+
+#
+# Check for curl. We fake the curl API if libcurl isn't installed.
+# We require 7.10 or later as we use curl_version_info().
+#
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-libcurl was given.
+if test "${with_libcurl+set}" = set; then :
+ withval=$with_libcurl; _libcurl_with=$withval
+else
+ _libcurl_with=yes
+fi
+
+
+ if test "$_libcurl_with" != "no" ; then
+
+ for ac_prog in gawk mawk nawk awk
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AWK+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$AWK"; then
+ ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AWK="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$AWK" && break
+done
+
+
+ _libcurl_version_parse="eval $AWK '{split(\$NF,A,\".\"); X=256*256*A[1]+256*A[2]+A[3]; print X;}'"
+
+ _libcurl_try_link=yes
+
+ if test -d "$_libcurl_with" ; then
+ LIBCURL_CPPFLAGS="-I$withval/include"
+ _libcurl_ldflags="-L$withval/lib"
+ # Extract the first word of ""$withval/bin/curl-config"", so it can be a program name with args.
+set dummy "$withval/bin/curl-config"; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path__libcurl_config+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $_libcurl_config in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path__libcurl_config="$_libcurl_config" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path__libcurl_config="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+_libcurl_config=$ac_cv_path__libcurl_config
+if test -n "$_libcurl_config"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_libcurl_config" >&5
+$as_echo "$_libcurl_config" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ else
+ # Extract the first word of "curl-config", so it can be a program name with args.
+set dummy curl-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path__libcurl_config+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $_libcurl_config in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path__libcurl_config="$_libcurl_config" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path__libcurl_config="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+_libcurl_config=$ac_cv_path__libcurl_config
+if test -n "$_libcurl_config"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_libcurl_config" >&5
+$as_echo "$_libcurl_config" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ fi
+
+ if test x$_libcurl_config != "x" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the version of libcurl" >&5
+$as_echo_n "checking for the version of libcurl... " >&6; }
+if ${libcurl_cv_lib_curl_version+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ libcurl_cv_lib_curl_version=`$_libcurl_config --version | $AWK '{print $2}'`
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libcurl_cv_lib_curl_version" >&5
+$as_echo "$libcurl_cv_lib_curl_version" >&6; }
+
+ _libcurl_version=`echo $libcurl_cv_lib_curl_version | $_libcurl_version_parse`
+ _libcurl_wanted=`echo 7.10 | $_libcurl_version_parse`
+
+ if test $_libcurl_wanted -gt 0 ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libcurl >= version 7.10" >&5
+$as_echo_n "checking for libcurl >= version 7.10... " >&6; }
+if ${libcurl_cv_lib_version_ok+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ if test $_libcurl_version -ge $_libcurl_wanted ; then
+ libcurl_cv_lib_version_ok=yes
+ else
+ libcurl_cv_lib_version_ok=no
+ fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libcurl_cv_lib_version_ok" >&5
+$as_echo "$libcurl_cv_lib_version_ok" >&6; }
+ fi
+
+ if test $_libcurl_wanted -eq 0 || test x$libcurl_cv_lib_version_ok = xyes ; then
+ if test x"$LIBCURL_CPPFLAGS" = "x" ; then
+ LIBCURL_CPPFLAGS=`$_libcurl_config --cflags`
+ fi
+ if test x"$LIBCURL" = "x" ; then
+ LIBCURL=`$_libcurl_config --libs`
+
+ # This is so silly, but Apple actually has a bug in their
+ # curl-config script. Fixed in Tiger, but there are still
+ # lots of Panther installs around.
+ case "${host}" in
+ powerpc-apple-darwin7*)
+ LIBCURL=`echo $LIBCURL | sed -e 's|-arch i386||g'`
+ ;;
+ esac
+ fi
+
+ # All curl-config scripts support --feature
+ _libcurl_features=`$_libcurl_config --feature`
+
+ # Is it modern enough to have --protocols? (7.12.4)
+ if test $_libcurl_version -ge 461828 ; then
+ _libcurl_protocols=`$_libcurl_config --protocols`
+ fi
+ else
+ _libcurl_try_link=no
+ fi
+
+ unset _libcurl_wanted
+ fi
+
+ if test $_libcurl_try_link = yes ; then
+
+ # we didn't find curl-config, so let's see if the user-supplied
+ # link line (or failing that, "-lcurl") is enough.
+ LIBCURL=${LIBCURL-"$_libcurl_ldflags -lcurl"}
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether libcurl is usable" >&5
+$as_echo_n "checking whether libcurl is usable... " >&6; }
+if ${libcurl_cv_lib_curl_usable+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ _libcurl_save_cppflags=$CPPFLAGS
+ CPPFLAGS="$LIBCURL_CPPFLAGS $CPPFLAGS"
+ _libcurl_save_libs=$LIBS
+ LIBS="$LIBCURL $LIBS"
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <curl/curl.h>
+int
+main ()
+{
+
+/* Try and use a few common options to force a failure if we are
+ missing symbols or cannot link. */
+int x;
+curl_easy_setopt(NULL,CURLOPT_URL,NULL);
+x=CURL_ERROR_SIZE;
+x=CURLOPT_WRITEFUNCTION;
+x=CURLOPT_FILE;
+x=CURLOPT_ERRORBUFFER;
+x=CURLOPT_STDERR;
+x=CURLOPT_VERBOSE;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ libcurl_cv_lib_curl_usable=yes
+else
+ libcurl_cv_lib_curl_usable=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ CPPFLAGS=$_libcurl_save_cppflags
+ LIBS=$_libcurl_save_libs
+ unset _libcurl_save_cppflags
+ unset _libcurl_save_libs
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libcurl_cv_lib_curl_usable" >&5
+$as_echo "$libcurl_cv_lib_curl_usable" >&6; }
+
+ if test $libcurl_cv_lib_curl_usable = yes ; then
+
+ # Does curl_free() exist in this version of libcurl?
+ # If not, fake it with free()
+
+ _libcurl_save_cppflags=$CPPFLAGS
+ CPPFLAGS="$CPPFLAGS $LIBCURL_CPPFLAGS"
+ _libcurl_save_libs=$LIBS
+ LIBS="$LIBS $LIBCURL"
+
+ ac_fn_c_check_func "$LINENO" "curl_free" "ac_cv_func_curl_free"
+if test "x$ac_cv_func_curl_free" = xyes; then :
+
+else
+
+$as_echo "#define curl_free free" >>confdefs.h
+
+fi
+
+
+ CPPFLAGS=$_libcurl_save_cppflags
+ LIBS=$_libcurl_save_libs
+ unset _libcurl_save_cppflags
+ unset _libcurl_save_libs
+
+
+$as_echo "#define HAVE_LIBCURL 1" >>confdefs.h
+
+
+
+
+ for _libcurl_feature in $_libcurl_features ; do
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "libcurl_feature_$_libcurl_feature" | $as_tr_cpp` 1
+_ACEOF
+
+ eval `$as_echo "libcurl_feature_$_libcurl_feature" | $as_tr_sh`=yes
+ done
+
+ if test "x$_libcurl_protocols" = "x" ; then
+
+ # We don't have --protocols, so just assume that all
+ # protocols are available
+ _libcurl_protocols="HTTP FTP FILE TELNET LDAP DICT"
+
+ if test x$libcurl_feature_SSL = xyes ; then
+ _libcurl_protocols="$_libcurl_protocols HTTPS"
+
+ # FTPS wasn't standards-compliant until version
+ # 7.11.0
+ if test $_libcurl_version -ge 461568; then
+ _libcurl_protocols="$_libcurl_protocols FTPS"
+ fi
+ fi
+ fi
+
+ for _libcurl_protocol in $_libcurl_protocols ; do
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "libcurl_protocol_$_libcurl_protocol" | $as_tr_cpp` 1
+_ACEOF
+
+ eval `$as_echo "libcurl_protocol_$_libcurl_protocol" | $as_tr_sh`=yes
+ done
+ else
+ unset LIBCURL
+ unset LIBCURL_CPPFLAGS
+ fi
+ fi
+
+ unset _libcurl_try_link
+ unset _libcurl_version_parse
+ unset _libcurl_config
+ unset _libcurl_feature
+ unset _libcurl_features
+ unset _libcurl_protocol
+ unset _libcurl_protocols
+ unset _libcurl_version
+ unset _libcurl_ldflags
+ fi
+
+ if test x$_libcurl_with = xno || test x$libcurl_cv_lib_curl_usable != xyes ; then
+ # This is the IF-NO path
+ fake_curl=yes
+ else
+ # This is the IF-YES path
+ :
+ fi
+
+ unset _libcurl_with
+
+ if test x"$fake_curl" = xyes; then
+ FAKE_CURL_TRUE=
+ FAKE_CURL_FALSE='#'
+else
+ FAKE_CURL_TRUE='#'
+ FAKE_CURL_FALSE=
+fi
+
+
+# Generic, for us, means curl
+
+if test x"$try_generic" = xyes ; then
+ GPGKEYS_CURL="gpg2keys_curl$EXEEXT"
+
+fi
+
+#
+# Check for sendmail
+#
+# This isn't necessarily sendmail itself, but anything that gives a
+# sendmail-ish interface to the outside world. That includes Exim,
+# Postfix, etc. Basically, anything that can handle "sendmail -t".
+if test "$try_mailto" = yes ; then
+
+# Check whether --with-mailprog was given.
+if test "${with_mailprog+set}" = set; then :
+ withval=$with_mailprog;
+else
+ with_mailprog=yes
+fi
+
+
+ if test x"$with_mailprog" = xyes ; then
+ # Extract the first word of "sendmail", so it can be a program name with args.
+set dummy sendmail; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_SENDMAIL+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $SENDMAIL in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_SENDMAIL="$SENDMAIL" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="$PATH:/usr/sbin:/usr/libexec:/usr/lib"
+for as_dir in $as_dummy
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_SENDMAIL="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+SENDMAIL=$ac_cv_path_SENDMAIL
+if test -n "$SENDMAIL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SENDMAIL" >&5
+$as_echo "$SENDMAIL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ if test "$ac_cv_path_SENDMAIL" ; then
+ GPGKEYS_MAILTO="gpg2keys_mailto"
+ fi
+ elif test x"$with_mailprog" != xno ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a mail transport program" >&5
+$as_echo_n "checking for a mail transport program... " >&6; }
+ SENDMAIL=$with_mailprog
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_mailprog" >&5
+$as_echo "$with_mailprog" >&6; }
+ GPGKEYS_MAILTO="gpg2keys_mailto"
+ fi
+fi
+
+
+
+#
+# Construct a printable name of the OS
+#
+case "${host}" in
+ *-mingw32*)
+ PRINTABLE_OS_NAME="MingW32"
+ ;;
+ *-*-cygwin*)
+ PRINTABLE_OS_NAME="Cygwin"
+ ;;
+ i?86-emx-os2 | i?86-*-os2*emx )
+ PRINTABLE_OS_NAME="OS/2"
+ ;;
+ i?86-*-msdosdjgpp*)
+ PRINTABLE_OS_NAME="MSDOS/DJGPP"
+ try_dynload=no
+ ;;
+ *-linux*)
+ PRINTABLE_OS_NAME="GNU/Linux"
+ ;;
+ *)
+ PRINTABLE_OS_NAME=`uname -s || echo "Unknown"`
+ ;;
+esac
+
+cat >>confdefs.h <<_ACEOF
+#define PRINTABLE_OS_NAME "$PRINTABLE_OS_NAME"
+_ACEOF
+
+
+
+#
+# Checking for iconv
+#
+
+ if test "X$prefix" = "XNONE"; then
+ acl_final_prefix="$ac_default_prefix"
+ else
+ acl_final_prefix="$prefix"
+ fi
+ if test "X$exec_prefix" = "XNONE"; then
+ acl_final_exec_prefix='${prefix}'
+ else
+ acl_final_exec_prefix="$exec_prefix"
+ fi
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ eval acl_final_exec_prefix=\"$acl_final_exec_prefix\"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then :
+ withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
+else
+ with_gnu_ld=no
+fi
+
+# Prepare PATH_SEPARATOR.
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by GCC" >&5
+$as_echo_n "checking for ld used by GCC... " >&6; }
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [\\/]* | [A-Za-z]:[\\/]*)
+ re_direlt='/[^/][^/]*/\.\./'
+ # Canonicalize the path of ld
+ ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'`
+ while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+$as_echo_n "checking for GNU ld... " >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+$as_echo_n "checking for non-GNU ld... " >&6; }
+fi
+if ${acl_cv_path_LD+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$LD"; then
+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}"
+ for ac_dir in $PATH; do
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ acl_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some GNU ld's only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$acl_cv_path_LD" -v 2>&1 < /dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break ;;
+ *)
+ test "$with_gnu_ld" != yes && break ;;
+ esac
+ fi
+ done
+ IFS="$ac_save_ifs"
+else
+ acl_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$acl_cv_path_LD"
+if test -n "$LD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+$as_echo "$LD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
+if ${acl_cv_prog_gnu_ld+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ # I'd rather use --version here, but apparently some GNU ld's only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ acl_cv_prog_gnu_ld=yes ;;
+*)
+ acl_cv_prog_gnu_ld=no ;;
+esac
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $acl_cv_prog_gnu_ld" >&5
+$as_echo "$acl_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$acl_cv_prog_gnu_ld
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shared library run path origin" >&5
+$as_echo_n "checking for shared library run path origin... " >&6; }
+if ${acl_cv_rpath+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \
+ ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh
+ . ./conftest.sh
+ rm -f ./conftest.sh
+ acl_cv_rpath=done
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $acl_cv_rpath" >&5
+$as_echo "$acl_cv_rpath" >&6; }
+ wl="$acl_cv_wl"
+ acl_libext="$acl_cv_libext"
+ acl_shlibext="$acl_cv_shlibext"
+ acl_libname_spec="$acl_cv_libname_spec"
+ acl_library_names_spec="$acl_cv_library_names_spec"
+ acl_hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec"
+ acl_hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator"
+ acl_hardcode_direct="$acl_cv_hardcode_direct"
+ acl_hardcode_minus_L="$acl_cv_hardcode_minus_L"
+ # Check whether --enable-rpath was given.
+if test "${enable_rpath+set}" = set; then :
+ enableval=$enable_rpath; :
+else
+ enable_rpath=yes
+fi
+
+
+
+ acl_libdirstem=lib
+ searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'`
+ if test -n "$searchpath"; then
+ acl_save_IFS="${IFS= }"; IFS=":"
+ for searchdir in $searchpath; do
+ if test -d "$searchdir"; then
+ case "$searchdir" in
+ */lib64/ | */lib64 ) acl_libdirstem=lib64 ;;
+ *) searchdir=`cd "$searchdir" && pwd`
+ case "$searchdir" in
+ */lib64 ) acl_libdirstem=lib64 ;;
+ esac ;;
+ esac
+ fi
+ done
+ IFS="$acl_save_IFS"
+ fi
+
+
+
+
+
+
+
+
+
+ use_additional=yes
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-libiconv-prefix was given.
+if test "${with_libiconv_prefix+set}" = set; then :
+ withval=$with_libiconv_prefix;
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+
+fi
+
+ LIBICONV=
+ LTLIBICONV=
+ INCICONV=
+ LIBICONV_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='iconv '
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIBICONV="${LIBICONV}${LIBICONV:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$value"
+ else
+ :
+ fi
+ else
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIBICONV; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so"
+ else
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ if test "$acl_hardcode_direct" = yes; then
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so"
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ haveit=
+ for x in $LDFLAGS $LIBICONV; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so"
+ else
+ LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$found_a"
+ else
+ LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir -l$name"
+ fi
+ fi
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIBICONV_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INCICONV; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ INCICONV="${INCICONV}${INCICONV:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test -n "$found_la"; then
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIBICONV; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LIBICONV="${LIBICONV}${LIBICONV:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIBICONV; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$dep"
+ LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name"
+ LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$flag"
+ else
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ for found_dir in $ltrpathdirs; do
+ LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-R$found_dir"
+ done
+ fi
+
+
+
+
+
+
+
+ am_save_CPPFLAGS="$CPPFLAGS"
+
+ for element in $INCICONV; do
+ haveit=
+ for x in $CPPFLAGS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+ fi
+ done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iconv" >&5
+$as_echo_n "checking for iconv... " >&6; }
+if ${am_cv_func_iconv+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ am_cv_func_iconv="no, consider installing GNU libiconv"
+ am_cv_lib_iconv=no
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <iconv.h>
+int
+main ()
+{
+iconv_t cd = iconv_open("","");
+ iconv(cd,NULL,NULL,NULL,NULL);
+ iconv_close(cd);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ am_cv_func_iconv=yes
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ if test "$am_cv_func_iconv" != yes; then
+ am_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBICONV"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <iconv.h>
+int
+main ()
+{
+iconv_t cd = iconv_open("","");
+ iconv(cd,NULL,NULL,NULL,NULL);
+ iconv_close(cd);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ am_cv_lib_iconv=yes
+ am_cv_func_iconv=yes
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$am_save_LIBS"
+ fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv" >&5
+$as_echo "$am_cv_func_iconv" >&6; }
+ if test "$am_cv_func_iconv" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working iconv" >&5
+$as_echo_n "checking for working iconv... " >&6; }
+if ${am_cv_func_iconv_works+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ am_save_LIBS="$LIBS"
+ if test $am_cv_lib_iconv = yes; then
+ LIBS="$LIBS $LIBICONV"
+ fi
+ if test "$cross_compiling" = yes; then :
+ case "$host_os" in
+ aix* | hpux*) am_cv_func_iconv_works="guessing no" ;;
+ *) am_cv_func_iconv_works="guessing yes" ;;
+ esac
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <iconv.h>
+#include <string.h>
+int main ()
+{
+ /* Test against AIX 5.1 bug: Failures are not distinguishable from successful
+ returns. */
+ {
+ iconv_t cd_utf8_to_88591 = iconv_open ("ISO8859-1", "UTF-8");
+ if (cd_utf8_to_88591 != (iconv_t)(-1))
+ {
+ static const char input[] = "\342\202\254"; /* EURO SIGN */
+ char buf[10];
+ const char *inptr = input;
+ size_t inbytesleft = strlen (input);
+ char *outptr = buf;
+ size_t outbytesleft = sizeof (buf);
+ size_t res = iconv (cd_utf8_to_88591,
+ (char **) &inptr, &inbytesleft,
+ &outptr, &outbytesleft);
+ if (res == 0)
+ return 1;
+ }
+ }
+#if 0 /* This bug could be worked around by the caller. */
+ /* Test against HP-UX 11.11 bug: Positive return value instead of 0. */
+ {
+ iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591");
+ if (cd_88591_to_utf8 != (iconv_t)(-1))
+ {
+ static const char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337";
+ char buf[50];
+ const char *inptr = input;
+ size_t inbytesleft = strlen (input);
+ char *outptr = buf;
+ size_t outbytesleft = sizeof (buf);
+ size_t res = iconv (cd_88591_to_utf8,
+ (char **) &inptr, &inbytesleft,
+ &outptr, &outbytesleft);
+ if ((int)res > 0)
+ return 1;
+ }
+ }
+#endif
+ /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is
+ provided. */
+ if (/* Try standardized names. */
+ iconv_open ("UTF-8", "EUC-JP") == (iconv_t)(-1)
+ /* Try IRIX, OSF/1 names. */
+ && iconv_open ("UTF-8", "eucJP") == (iconv_t)(-1)
+ /* Try AIX names. */
+ && iconv_open ("UTF-8", "IBM-eucJP") == (iconv_t)(-1)
+ /* Try HP-UX names. */
+ && iconv_open ("utf8", "eucJP") == (iconv_t)(-1))
+ return 1;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ am_cv_func_iconv_works=yes
+else
+ am_cv_func_iconv_works=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+ LIBS="$am_save_LIBS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv_works" >&5
+$as_echo "$am_cv_func_iconv_works" >&6; }
+ case "$am_cv_func_iconv_works" in
+ *no) am_func_iconv=no am_cv_lib_iconv=no ;;
+ *) am_func_iconv=yes ;;
+ esac
+ else
+ am_func_iconv=no am_cv_lib_iconv=no
+ fi
+ if test "$am_func_iconv" = yes; then
+
+$as_echo "#define HAVE_ICONV 1" >>confdefs.h
+
+ fi
+ if test "$am_cv_lib_iconv" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libiconv" >&5
+$as_echo_n "checking how to link with libiconv... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBICONV" >&5
+$as_echo "$LIBICONV" >&6; }
+ else
+ CPPFLAGS="$am_save_CPPFLAGS"
+ LIBICONV=
+ LTLIBICONV=
+ fi
+
+
+
+ if test "$am_cv_func_iconv" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iconv declaration" >&5
+$as_echo_n "checking for iconv declaration... " >&6; }
+ if ${am_cv_proto_iconv+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+#include <iconv.h>
+extern
+#ifdef __cplusplus
+"C"
+#endif
+#if defined(__STDC__) || defined(__cplusplus)
+size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);
+#else
+size_t iconv();
+#endif
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ am_cv_proto_iconv_arg1=""
+else
+ am_cv_proto_iconv_arg1="const"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ am_cv_proto_iconv="extern size_t iconv (iconv_t cd, $am_cv_proto_iconv_arg1 char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);"
+fi
+
+ am_cv_proto_iconv=`echo "$am_cv_proto_iconv" | tr -s ' ' | sed -e 's/( /(/'`
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${ac_t:-
+ }$am_cv_proto_iconv" >&5
+$as_echo "${ac_t:-
+ }$am_cv_proto_iconv" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define ICONV_CONST $am_cv_proto_iconv_arg1
+_ACEOF
+
+ fi
+
+
+
+#
+# Check for gettext
+#
+# This is "GNU gnupg" - The project-id script from gettext
+# needs this string
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gettext" >&5
+$as_echo "$as_me: checking for gettext" >&6;}
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NLS is requested" >&5
+$as_echo_n "checking whether NLS is requested... " >&6; }
+ # Check whether --enable-nls was given.
+if test "${enable_nls+set}" = set; then :
+ enableval=$enable_nls; USE_NLS=$enableval
+else
+ USE_NLS=yes
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5
+$as_echo "$USE_NLS" >&6; }
+
+
+
+
+ GETTEXT_MACRO_VERSION=0.17
+
+
+
+
+# Prepare PATH_SEPARATOR.
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+
+# Find out how to test for executable files. Don't use a zero-byte file,
+# as systems may use methods other than mode bits to determine executability.
+cat >conf$$.file <<_ASEOF
+#! /bin/sh
+exit 0
+_ASEOF
+chmod +x conf$$.file
+if test -x conf$$.file >/dev/null 2>&1; then
+ ac_executable_p="test -x"
+else
+ ac_executable_p="test -f"
+fi
+rm -f conf$$.file
+
+# Extract the first word of "msgfmt", so it can be a program name with args.
+set dummy msgfmt; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_MSGFMT+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case "$MSGFMT" in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_MSGFMT="$MSGFMT" # Let the user override the test with a path.
+ ;;
+ *)
+ ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$ac_save_IFS"
+ test -z "$ac_dir" && ac_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then
+ echo "$as_me: trying $ac_dir/$ac_word..." >&5
+ if $ac_dir/$ac_word --statistics /dev/null >&5 2>&1 &&
+ (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then
+ ac_cv_path_MSGFMT="$ac_dir/$ac_word$ac_exec_ext"
+ break 2
+ fi
+ fi
+ done
+ done
+ IFS="$ac_save_IFS"
+ test -z "$ac_cv_path_MSGFMT" && ac_cv_path_MSGFMT=":"
+ ;;
+esac
+fi
+MSGFMT="$ac_cv_path_MSGFMT"
+if test "$MSGFMT" != ":"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5
+$as_echo "$MSGFMT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ # Extract the first word of "gmsgfmt", so it can be a program name with args.
+set dummy gmsgfmt; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_GMSGFMT+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $GMSGFMT in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_GMSGFMT="$GMSGFMT" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_GMSGFMT" && ac_cv_path_GMSGFMT="$MSGFMT"
+ ;;
+esac
+fi
+GMSGFMT=$ac_cv_path_GMSGFMT
+if test -n "$GMSGFMT"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GMSGFMT" >&5
+$as_echo "$GMSGFMT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+ case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;;
+ *) MSGFMT_015=$MSGFMT ;;
+ esac
+
+ case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;;
+ *) GMSGFMT_015=$GMSGFMT ;;
+ esac
+
+
+
+# Prepare PATH_SEPARATOR.
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+
+# Find out how to test for executable files. Don't use a zero-byte file,
+# as systems may use methods other than mode bits to determine executability.
+cat >conf$$.file <<_ASEOF
+#! /bin/sh
+exit 0
+_ASEOF
+chmod +x conf$$.file
+if test -x conf$$.file >/dev/null 2>&1; then
+ ac_executable_p="test -x"
+else
+ ac_executable_p="test -f"
+fi
+rm -f conf$$.file
+
+# Extract the first word of "xgettext", so it can be a program name with args.
+set dummy xgettext; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_XGETTEXT+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case "$XGETTEXT" in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path.
+ ;;
+ *)
+ ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$ac_save_IFS"
+ test -z "$ac_dir" && ac_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then
+ echo "$as_me: trying $ac_dir/$ac_word..." >&5
+ if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&5 2>&1 &&
+ (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then
+ ac_cv_path_XGETTEXT="$ac_dir/$ac_word$ac_exec_ext"
+ break 2
+ fi
+ fi
+ done
+ done
+ IFS="$ac_save_IFS"
+ test -z "$ac_cv_path_XGETTEXT" && ac_cv_path_XGETTEXT=":"
+ ;;
+esac
+fi
+XGETTEXT="$ac_cv_path_XGETTEXT"
+if test "$XGETTEXT" != ":"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5
+$as_echo "$XGETTEXT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ rm -f messages.po
+
+ case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;;
+ *) XGETTEXT_015=$XGETTEXT ;;
+ esac
+
+
+
+# Prepare PATH_SEPARATOR.
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+
+# Find out how to test for executable files. Don't use a zero-byte file,
+# as systems may use methods other than mode bits to determine executability.
+cat >conf$$.file <<_ASEOF
+#! /bin/sh
+exit 0
+_ASEOF
+chmod +x conf$$.file
+if test -x conf$$.file >/dev/null 2>&1; then
+ ac_executable_p="test -x"
+else
+ ac_executable_p="test -f"
+fi
+rm -f conf$$.file
+
+# Extract the first word of "msgmerge", so it can be a program name with args.
+set dummy msgmerge; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_MSGMERGE+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case "$MSGMERGE" in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_MSGMERGE="$MSGMERGE" # Let the user override the test with a path.
+ ;;
+ *)
+ ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$ac_save_IFS"
+ test -z "$ac_dir" && ac_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then
+ echo "$as_me: trying $ac_dir/$ac_word..." >&5
+ if $ac_dir/$ac_word --update -q /dev/null /dev/null >&5 2>&1; then
+ ac_cv_path_MSGMERGE="$ac_dir/$ac_word$ac_exec_ext"
+ break 2
+ fi
+ fi
+ done
+ done
+ IFS="$ac_save_IFS"
+ test -z "$ac_cv_path_MSGMERGE" && ac_cv_path_MSGMERGE=":"
+ ;;
+esac
+fi
+MSGMERGE="$ac_cv_path_MSGMERGE"
+if test "$MSGMERGE" != ":"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGMERGE" >&5
+$as_echo "$MSGMERGE" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$localedir" || localedir='${datadir}/locale'
+
+
+ test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS=
+
+
+ ac_config_commands="$ac_config_commands po-directories"
+
+
+
+if test "$try_gettext" = yes; then
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFPreferencesCopyAppValue" >&5
+$as_echo_n "checking for CFPreferencesCopyAppValue... " >&6; }
+if ${gt_cv_func_CFPreferencesCopyAppValue+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ gt_save_LIBS="$LIBS"
+ LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <CoreFoundation/CFPreferences.h>
+int
+main ()
+{
+CFPreferencesCopyAppValue(NULL, NULL)
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ gt_cv_func_CFPreferencesCopyAppValue=yes
+else
+ gt_cv_func_CFPreferencesCopyAppValue=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$gt_save_LIBS"
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFPreferencesCopyAppValue" >&5
+$as_echo "$gt_cv_func_CFPreferencesCopyAppValue" >&6; }
+ if test $gt_cv_func_CFPreferencesCopyAppValue = yes; then
+
+$as_echo "#define HAVE_CFPREFERENCESCOPYAPPVALUE 1" >>confdefs.h
+
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFLocaleCopyCurrent" >&5
+$as_echo_n "checking for CFLocaleCopyCurrent... " >&6; }
+if ${gt_cv_func_CFLocaleCopyCurrent+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ gt_save_LIBS="$LIBS"
+ LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <CoreFoundation/CFLocale.h>
+int
+main ()
+{
+CFLocaleCopyCurrent();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ gt_cv_func_CFLocaleCopyCurrent=yes
+else
+ gt_cv_func_CFLocaleCopyCurrent=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$gt_save_LIBS"
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFLocaleCopyCurrent" >&5
+$as_echo "$gt_cv_func_CFLocaleCopyCurrent" >&6; }
+ if test $gt_cv_func_CFLocaleCopyCurrent = yes; then
+
+$as_echo "#define HAVE_CFLOCALECOPYCURRENT 1" >>confdefs.h
+
+ fi
+ INTL_MACOSX_LIBS=
+ if test $gt_cv_func_CFPreferencesCopyAppValue = yes || test $gt_cv_func_CFLocaleCopyCurrent = yes; then
+ INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation"
+ fi
+
+
+
+
+
+
+ LIBINTL=
+ LTLIBINTL=
+ POSUB=
+
+ case " $gt_needs " in
+ *" need-formatstring-macros "*) gt_api_version=3 ;;
+ *" need-ngettext "*) gt_api_version=2 ;;
+ *) gt_api_version=1 ;;
+ esac
+ gt_func_gnugettext_libc="gt_cv_func_gnugettext${gt_api_version}_libc"
+ gt_func_gnugettext_libintl="gt_cv_func_gnugettext${gt_api_version}_libintl"
+
+ if test "$USE_NLS" = "yes"; then
+ gt_use_preinstalled_gnugettext=no
+
+
+ if test $gt_api_version -ge 3; then
+ gt_revision_test_code='
+#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
+#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1)
+#endif
+typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1];
+'
+ else
+ gt_revision_test_code=
+ fi
+ if test $gt_api_version -ge 2; then
+ gt_expression_test_code=' + * ngettext ("", "", 0)'
+ else
+ gt_expression_test_code=
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libc" >&5
+$as_echo_n "checking for GNU gettext in libc... " >&6; }
+if eval \${$gt_func_gnugettext_libc+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <libintl.h>
+$gt_revision_test_code
+extern int _nl_msg_cat_cntr;
+extern int *_nl_domain_bindings;
+int
+main ()
+{
+bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_domain_bindings
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$gt_func_gnugettext_libc=yes"
+else
+ eval "$gt_func_gnugettext_libc=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$gt_func_gnugettext_libc
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+
+ if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then
+
+
+
+
+
+ am_save_CPPFLAGS="$CPPFLAGS"
+
+ for element in $INCICONV; do
+ haveit=
+ for x in $CPPFLAGS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+ fi
+ done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iconv" >&5
+$as_echo_n "checking for iconv... " >&6; }
+if ${am_cv_func_iconv+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ am_cv_func_iconv="no, consider installing GNU libiconv"
+ am_cv_lib_iconv=no
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <iconv.h>
+int
+main ()
+{
+iconv_t cd = iconv_open("","");
+ iconv(cd,NULL,NULL,NULL,NULL);
+ iconv_close(cd);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ am_cv_func_iconv=yes
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ if test "$am_cv_func_iconv" != yes; then
+ am_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBICONV"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <iconv.h>
+int
+main ()
+{
+iconv_t cd = iconv_open("","");
+ iconv(cd,NULL,NULL,NULL,NULL);
+ iconv_close(cd);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ am_cv_lib_iconv=yes
+ am_cv_func_iconv=yes
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$am_save_LIBS"
+ fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv" >&5
+$as_echo "$am_cv_func_iconv" >&6; }
+ if test "$am_cv_func_iconv" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working iconv" >&5
+$as_echo_n "checking for working iconv... " >&6; }
+if ${am_cv_func_iconv_works+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ am_save_LIBS="$LIBS"
+ if test $am_cv_lib_iconv = yes; then
+ LIBS="$LIBS $LIBICONV"
+ fi
+ if test "$cross_compiling" = yes; then :
+ case "$host_os" in
+ aix* | hpux*) am_cv_func_iconv_works="guessing no" ;;
+ *) am_cv_func_iconv_works="guessing yes" ;;
+ esac
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <iconv.h>
+#include <string.h>
+int main ()
+{
+ /* Test against AIX 5.1 bug: Failures are not distinguishable from successful
+ returns. */
+ {
+ iconv_t cd_utf8_to_88591 = iconv_open ("ISO8859-1", "UTF-8");
+ if (cd_utf8_to_88591 != (iconv_t)(-1))
+ {
+ static const char input[] = "\342\202\254"; /* EURO SIGN */
+ char buf[10];
+ const char *inptr = input;
+ size_t inbytesleft = strlen (input);
+ char *outptr = buf;
+ size_t outbytesleft = sizeof (buf);
+ size_t res = iconv (cd_utf8_to_88591,
+ (char **) &inptr, &inbytesleft,
+ &outptr, &outbytesleft);
+ if (res == 0)
+ return 1;
+ }
+ }
+#if 0 /* This bug could be worked around by the caller. */
+ /* Test against HP-UX 11.11 bug: Positive return value instead of 0. */
+ {
+ iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591");
+ if (cd_88591_to_utf8 != (iconv_t)(-1))
+ {
+ static const char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337";
+ char buf[50];
+ const char *inptr = input;
+ size_t inbytesleft = strlen (input);
+ char *outptr = buf;
+ size_t outbytesleft = sizeof (buf);
+ size_t res = iconv (cd_88591_to_utf8,
+ (char **) &inptr, &inbytesleft,
+ &outptr, &outbytesleft);
+ if ((int)res > 0)
+ return 1;
+ }
+ }
+#endif
+ /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is
+ provided. */
+ if (/* Try standardized names. */
+ iconv_open ("UTF-8", "EUC-JP") == (iconv_t)(-1)
+ /* Try IRIX, OSF/1 names. */
+ && iconv_open ("UTF-8", "eucJP") == (iconv_t)(-1)
+ /* Try AIX names. */
+ && iconv_open ("UTF-8", "IBM-eucJP") == (iconv_t)(-1)
+ /* Try HP-UX names. */
+ && iconv_open ("utf8", "eucJP") == (iconv_t)(-1))
+ return 1;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ am_cv_func_iconv_works=yes
+else
+ am_cv_func_iconv_works=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+ LIBS="$am_save_LIBS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv_works" >&5
+$as_echo "$am_cv_func_iconv_works" >&6; }
+ case "$am_cv_func_iconv_works" in
+ *no) am_func_iconv=no am_cv_lib_iconv=no ;;
+ *) am_func_iconv=yes ;;
+ esac
+ else
+ am_func_iconv=no am_cv_lib_iconv=no
+ fi
+ if test "$am_func_iconv" = yes; then
+
+$as_echo "#define HAVE_ICONV 1" >>confdefs.h
+
+ fi
+ if test "$am_cv_lib_iconv" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libiconv" >&5
+$as_echo_n "checking how to link with libiconv... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBICONV" >&5
+$as_echo "$LIBICONV" >&6; }
+ else
+ CPPFLAGS="$am_save_CPPFLAGS"
+ LIBICONV=
+ LTLIBICONV=
+ fi
+
+
+
+
+
+
+
+
+ use_additional=yes
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-libintl-prefix was given.
+if test "${with_libintl_prefix+set}" = set; then :
+ withval=$with_libintl_prefix;
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+
+fi
+
+ LIBINTL=
+ LTLIBINTL=
+ INCINTL=
+ LIBINTL_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='intl '
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIBINTL="${LIBINTL}${LIBINTL:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$value"
+ else
+ :
+ fi
+ else
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIBINTL; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so"
+ else
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ if test "$acl_hardcode_direct" = yes; then
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so"
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ haveit=
+ for x in $LDFLAGS $LIBINTL; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so"
+ else
+ LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$found_a"
+ else
+ LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir -l$name"
+ fi
+ fi
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIBINTL_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INCINTL; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ INCINTL="${INCINTL}${INCINTL:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test -n "$found_la"; then
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIBINTL; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LIBINTL="${LIBINTL}${LIBINTL:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIBINTL; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$dep"
+ LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name"
+ LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$flag"
+ else
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ for found_dir in $ltrpathdirs; do
+ LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-R$found_dir"
+ done
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libintl" >&5
+$as_echo_n "checking for GNU gettext in libintl... " >&6; }
+if eval \${$gt_func_gnugettext_libintl+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ gt_save_CPPFLAGS="$CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS $INCINTL"
+ gt_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBINTL"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <libintl.h>
+$gt_revision_test_code
+extern int _nl_msg_cat_cntr;
+extern
+#ifdef __cplusplus
+"C"
+#endif
+const char *_nl_expand_alias (const char *);
+int
+main ()
+{
+bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$gt_func_gnugettext_libintl=yes"
+else
+ eval "$gt_func_gnugettext_libintl=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" != yes; } && test -n "$LIBICONV"; then
+ LIBS="$LIBS $LIBICONV"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <libintl.h>
+$gt_revision_test_code
+extern int _nl_msg_cat_cntr;
+extern
+#ifdef __cplusplus
+"C"
+#endif
+const char *_nl_expand_alias (const char *);
+int
+main ()
+{
+bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ LIBINTL="$LIBINTL $LIBICONV"
+ LTLIBINTL="$LTLIBINTL $LTLIBICONV"
+ eval "$gt_func_gnugettext_libintl=yes"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ fi
+ CPPFLAGS="$gt_save_CPPFLAGS"
+ LIBS="$gt_save_LIBS"
+fi
+eval ac_res=\$$gt_func_gnugettext_libintl
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ fi
+
+ if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" = "yes"; } \
+ || { { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; } \
+ && test "$PACKAGE" != gettext-runtime \
+ && test "$PACKAGE" != gettext-tools; }; then
+ gt_use_preinstalled_gnugettext=yes
+ else
+ LIBINTL=
+ LTLIBINTL=
+ INCINTL=
+ fi
+
+
+
+ if test -n "$INTL_MACOSX_LIBS"; then
+ if test "$gt_use_preinstalled_gnugettext" = "yes" \
+ || test "$nls_cv_use_gnu_gettext" = "yes"; then
+ LIBINTL="$LIBINTL $INTL_MACOSX_LIBS"
+ LTLIBINTL="$LTLIBINTL $INTL_MACOSX_LIBS"
+ fi
+ fi
+
+ if test "$gt_use_preinstalled_gnugettext" = "yes" \
+ || test "$nls_cv_use_gnu_gettext" = "yes"; then
+
+$as_echo "#define ENABLE_NLS 1" >>confdefs.h
+
+ else
+ USE_NLS=no
+ fi
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use NLS" >&5
+$as_echo_n "checking whether to use NLS... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5
+$as_echo "$USE_NLS" >&6; }
+ if test "$USE_NLS" = "yes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking where the gettext function comes from" >&5
+$as_echo_n "checking where the gettext function comes from... " >&6; }
+ if test "$gt_use_preinstalled_gnugettext" = "yes"; then
+ if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
+ gt_source="external libintl"
+ else
+ gt_source="libc"
+ fi
+ else
+ gt_source="included intl directory"
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_source" >&5
+$as_echo "$gt_source" >&6; }
+ fi
+
+ if test "$USE_NLS" = "yes"; then
+
+ if test "$gt_use_preinstalled_gnugettext" = "yes"; then
+ if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libintl" >&5
+$as_echo_n "checking how to link with libintl... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBINTL" >&5
+$as_echo "$LIBINTL" >&6; }
+
+ for element in $INCINTL; do
+ haveit=
+ for x in $CPPFLAGS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+ fi
+ done
+
+ fi
+
+
+$as_echo "#define HAVE_GETTEXT 1" >>confdefs.h
+
+
+$as_echo "#define HAVE_DCGETTEXT 1" >>confdefs.h
+
+ fi
+
+ POSUB=po
+ fi
+
+
+
+ INTLLIBS="$LIBINTL"
+
+
+
+
+
+
+
+ # gettext requires some extra checks. These really should be part of
+ # the basic AM_GNU_GETTEXT macro. TODO: move other gettext-specific
+ # function checks to here.
+
+ for ac_func in strchr
+do :
+ ac_fn_c_check_func "$LINENO" "strchr" "ac_cv_func_strchr"
+if test "x$ac_cv_func_strchr" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_STRCHR 1
+_ACEOF
+
+fi
+done
+
+else
+ USE_NLS=no
+ USE_INCLUDED_LIBINTL=no
+ BUILD_INCLUDED_LIBINTL=no
+ POSUB=po
+
+
+
+
+fi
+
+# We use HAVE_LANGINFO_CODESET in a couple of places.
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_langinfo and CODESET" >&5
+$as_echo_n "checking for nl_langinfo and CODESET... " >&6; }
+if ${am_cv_langinfo_codeset+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <langinfo.h>
+int
+main ()
+{
+char* cs = nl_langinfo(CODESET); return !cs;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ am_cv_langinfo_codeset=yes
+else
+ am_cv_langinfo_codeset=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_langinfo_codeset" >&5
+$as_echo "$am_cv_langinfo_codeset" >&6; }
+ if test $am_cv_langinfo_codeset = yes; then
+
+$as_echo "#define HAVE_LANGINFO_CODESET 1" >>confdefs.h
+
+ fi
+
+
+# Checks required for our use locales
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LC_MESSAGES" >&5
+$as_echo_n "checking for LC_MESSAGES... " >&6; }
+if ${gt_cv_val_LC_MESSAGES+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <locale.h>
+int
+main ()
+{
+return LC_MESSAGES
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ gt_cv_val_LC_MESSAGES=yes
+else
+ gt_cv_val_LC_MESSAGES=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_val_LC_MESSAGES" >&5
+$as_echo "$gt_cv_val_LC_MESSAGES" >&6; }
+ if test $gt_cv_val_LC_MESSAGES = yes; then
+
+$as_echo "#define HAVE_LC_MESSAGES 1" >>confdefs.h
+
+ fi
+
+
+
+#
+# SELinux support
+#
+if test "$selinux_support" = yes ; then
+
+$as_echo "#define ENABLE_SELINUX_HACKS 1" >>confdefs.h
+
+fi
+
+
+#
+# Checks for header files.
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for header files" >&5
+$as_echo "$as_me: checking for header files" >&6;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if ${ac_cv_header_stdc+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_stdc=yes
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then :
+ :
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ return 2;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+for ac_header in string.h unistd.h langinfo.h termio.h locale.h getopt.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+for ac_header in pty.h utmp.h pwd.h inttypes.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5
+$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; }
+if ${ac_cv_header_time+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+
+int
+main ()
+{
+if ((struct tm *) 0)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_time=yes
+else
+ ac_cv_header_time=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5
+$as_echo "$ac_cv_header_time" >&6; }
+if test $ac_cv_header_time = yes; then
+
+$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h
+
+fi
+
+
+
+#
+# Checks for typedefs, structures, and compiler characteristics.
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for system characteristics" >&5
+$as_echo "$as_me: checking for system characteristics" >&6;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
+$as_echo_n "checking for an ANSI C-conforming const... " >&6; }
+if ${ac_cv_c_const+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+/* FIXME: Include the comments suggested by Paul. */
+#ifndef __cplusplus
+ /* Ultrix mips cc rejects this. */
+ typedef int charset[2];
+ const charset cs;
+ /* SunOS 4.1.1 cc rejects this. */
+ char const *const *pcpcc;
+ char **ppc;
+ /* NEC SVR4.0.2 mips cc rejects this. */
+ struct point {int x, y;};
+ static struct point const zero = {0,0};
+ /* AIX XL C 1.02.0.0 rejects this.
+ It does not let you subtract one const X* pointer from another in
+ an arm of an if-expression whose if-part is not a constant
+ expression */
+ const char *g = "string";
+ pcpcc = &g + (g ? g-g : 0);
+ /* HPUX 7.0 cc rejects these. */
+ ++pcpcc;
+ ppc = (char**) pcpcc;
+ pcpcc = (char const *const *) ppc;
+ { /* SCO 3.2v4 cc rejects this. */
+ char *t;
+ char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+ *t++ = 0;
+ if (s) return 0;
+ }
+ { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
+ int x[] = {25, 17};
+ const int *foo = &x[0];
+ ++foo;
+ }
+ { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+ typedef const int *iptr;
+ iptr p = 0;
+ ++p;
+ }
+ { /* AIX XL C 1.02.0.0 rejects this saying
+ "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+ struct s { int j; const int *ap[3]; };
+ struct s *b; b->j = 5;
+ }
+ { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+ const int foo = 10;
+ if (!foo) return 0;
+ }
+ return !cs[0] && !zero.x;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_const=yes
+else
+ ac_cv_c_const=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
+$as_echo "$ac_cv_c_const" >&6; }
+if test $ac_cv_c_const = no; then
+
+$as_echo "#define const /**/" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
+$as_echo_n "checking for inline... " >&6; }
+if ${ac_cv_c_inline+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_c_inline=no
+for ac_kw in inline __inline__ __inline; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifndef __cplusplus
+typedef int foo_t;
+static $ac_kw foo_t static_foo () {return 0; }
+$ac_kw foo_t foo () {return 0; }
+#endif
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_inline=$ac_kw
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ test "$ac_cv_c_inline" != no && break
+done
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5
+$as_echo "$ac_cv_c_inline" >&6; }
+
+case $ac_cv_c_inline in
+ inline | yes) ;;
+ *)
+ case $ac_cv_c_inline in
+ no) ac_val=;;
+ *) ac_val=$ac_cv_c_inline;;
+ esac
+ cat >>confdefs.h <<_ACEOF
+#ifndef __cplusplus
+#define inline $ac_val
+#endif
+_ACEOF
+ ;;
+esac
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working volatile" >&5
+$as_echo_n "checking for working volatile... " >&6; }
+if ${ac_cv_c_volatile+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+volatile int x;
+int * volatile y = (int *) 0;
+return !x && !y;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_volatile=yes
+else
+ ac_cv_c_volatile=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_volatile" >&5
+$as_echo "$ac_cv_c_volatile" >&6; }
+if test $ac_cv_c_volatile = no; then
+
+$as_echo "#define volatile /**/" >>confdefs.h
+
+fi
+
+ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default"
+if test "x$ac_cv_type_size_t" = xyes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define size_t unsigned int
+_ACEOF
+
+fi
+
+ac_fn_c_check_type "$LINENO" "mode_t" "ac_cv_type_mode_t" "$ac_includes_default"
+if test "x$ac_cv_type_mode_t" = xyes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define mode_t int
+_ACEOF
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5
+$as_echo_n "checking return type of signal handlers... " >&6; }
+if ${ac_cv_type_signal+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <signal.h>
+
+int
+main ()
+{
+return *(signal (0, 0)) (0) == 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_type_signal=int
+else
+ ac_cv_type_signal=void
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5
+$as_echo "$ac_cv_type_signal" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define RETSIGTYPE $ac_cv_type_signal
+_ACEOF
+
+
+ac_fn_c_check_decl "$LINENO" "sys_siglist" "ac_cv_have_decl_sys_siglist" "#include <signal.h>
+/* NetBSD declares sys_siglist in unistd.h. */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_sys_siglist" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_SYS_SIGLIST $ac_have_decl
+_ACEOF
+
+
+
+
+
+
+ for ac_header in $ac_header_list
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+
+
+ if test $ac_cv_header_sys_socket_h = yes; then
+ SYS_SOCKET_H=''
+ else
+ for ac_header in winsock2.h ws2tcpip.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ SYS_SOCKET_H='sys/socket.h'
+ fi
+
+
+ ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "#include <sys/types.h>
+ #if HAVE_SYS_SOCKET_H
+ # include <sys/socket.h>
+ #elif HAVE_WS2TCPIP_H
+ # include <ws2tcpip.h>
+ #endif
+"
+if test "x$ac_cv_type_socklen_t" = xyes; then :
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5
+$as_echo_n "checking for socklen_t equivalent... " >&6; }
+ if ${gl_cv_gl_cv_socklen_t_equiv+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Systems have either "struct sockaddr *" or
+ # "void *" as the second argument to getpeername
+ gl_cv_socklen_t_equiv=
+ for arg2 in "struct sockaddr" void; do
+ for t in int size_t "unsigned int" "long int" "unsigned long int"; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ #include <sys/socket.h>
+
+ int getpeername (int, $arg2 *, $t *);
+int
+main ()
+{
+$t len;
+ getpeername (0, 0, &len);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ gl_cv_socklen_t_equiv="$t"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ test "$gl_cv_socklen_t_equiv" != "" && break
+ done
+ test "$gl_cv_socklen_t_equiv" != "" && break
+ done
+
+fi
+
+ if test "$gl_cv_socklen_t_equiv" = ""; then
+ as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_socklen_t_equiv" >&5
+$as_echo "$gl_cv_socklen_t_equiv" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define socklen_t $gl_cv_socklen_t_equiv
+_ACEOF
+
+fi
+
+
+# Check whether --enable-endian-check was given.
+if test "${enable_endian_check+set}" = set; then :
+ enableval=$enable_endian_check; endiancheck=$enableval
+else
+ endiancheck=yes
+fi
+
+
+if test x"$endiancheck" = xyes ; then
+
+ tmp_assumed_endian=big
+ if test "$cross_compiling" = yes; then
+ case "$host_cpu" in
+ i[345678]* )
+ tmp_assumed_endian=little
+ ;;
+ *)
+ ;;
+ esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling; assuming $tmp_assumed_endian endianess" >&5
+$as_echo "$as_me: WARNING: cross compiling; assuming $tmp_assumed_endian endianess" >&2;}
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking endianess" >&5
+$as_echo_n "checking endianess... " >&6; }
+ if ${gnupg_cv_c_endian+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ gnupg_cv_c_endian=unknown
+ # See if sys/param.h defines the BYTE_ORDER macro.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ #include <sys/param.h>
+int
+main ()
+{
+
+ #if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
+ bogus endian macros
+ #endif
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ # It does; now see whether it defined to BIG_ENDIAN or not.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ #include <sys/param.h>
+int
+main ()
+{
+
+ #if BYTE_ORDER != BIG_ENDIAN
+ not big endian
+ #endif
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ gnupg_cv_c_endian=big
+else
+ gnupg_cv_c_endian=little
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ if test "$gnupg_cv_c_endian" = unknown; then
+ if test "$cross_compiling" = yes; then :
+ gnupg_cv_c_endian=$tmp_assumed_endian
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+main () {
+ /* Are we little or big endian? From Harbison&Steele. */
+ union
+ {
+ long l;
+ char c[sizeof (long)];
+ } u;
+ u.l = 1;
+ exit (u.c[sizeof (long) - 1] == 1);
+ }
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ gnupg_cv_c_endian=little
+else
+ gnupg_cv_c_endian=big
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+ fi
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_c_endian" >&5
+$as_echo "$gnupg_cv_c_endian" >&6; }
+ if test "$gnupg_cv_c_endian" = little; then
+
+$as_echo "#define LITTLE_ENDIAN_HOST 1" >>confdefs.h
+
+ else
+
+$as_echo "#define BIG_ENDIAN_HOST 1" >>confdefs.h
+
+ fi
+
+fi
+
+# fixme: we should get rid of the byte type
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for byte typedef" >&5
+$as_echo_n "checking for byte typedef... " >&6; }
+ if ${gnupg_cv_typedef_byte+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#define _GNU_SOURCE 1
+ #include <stdlib.h>
+ #include <sys/types.h>
+int
+main ()
+{
+
+ #undef byte
+ int a = sizeof(byte);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ gnupg_cv_typedef_byte=yes
+else
+ gnupg_cv_typedef_byte=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_byte" >&5
+$as_echo "$gnupg_cv_typedef_byte" >&6; }
+ if test "$gnupg_cv_typedef_byte" = yes; then
+
+$as_echo "#define HAVE_BYTE_TYPEDEF 1" >>confdefs.h
+
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ushort typedef" >&5
+$as_echo_n "checking for ushort typedef... " >&6; }
+ if ${gnupg_cv_typedef_ushort+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#define _GNU_SOURCE 1
+ #include <stdlib.h>
+ #include <sys/types.h>
+int
+main ()
+{
+
+ #undef ushort
+ int a = sizeof(ushort);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ gnupg_cv_typedef_ushort=yes
+else
+ gnupg_cv_typedef_ushort=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_ushort" >&5
+$as_echo "$gnupg_cv_typedef_ushort" >&6; }
+ if test "$gnupg_cv_typedef_ushort" = yes; then
+
+$as_echo "#define HAVE_USHORT_TYPEDEF 1" >>confdefs.h
+
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ulong typedef" >&5
+$as_echo_n "checking for ulong typedef... " >&6; }
+ if ${gnupg_cv_typedef_ulong+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#define _GNU_SOURCE 1
+ #include <stdlib.h>
+ #include <sys/types.h>
+int
+main ()
+{
+
+ #undef ulong
+ int a = sizeof(ulong);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ gnupg_cv_typedef_ulong=yes
+else
+ gnupg_cv_typedef_ulong=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_ulong" >&5
+$as_echo "$gnupg_cv_typedef_ulong" >&6; }
+ if test "$gnupg_cv_typedef_ulong" = yes; then
+
+$as_echo "#define HAVE_ULONG_TYPEDEF 1" >>confdefs.h
+
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u16 typedef" >&5
+$as_echo_n "checking for u16 typedef... " >&6; }
+ if ${gnupg_cv_typedef_u16+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#define _GNU_SOURCE 1
+ #include <stdlib.h>
+ #include <sys/types.h>
+int
+main ()
+{
+
+ #undef u16
+ int a = sizeof(u16);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ gnupg_cv_typedef_u16=yes
+else
+ gnupg_cv_typedef_u16=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_u16" >&5
+$as_echo "$gnupg_cv_typedef_u16" >&6; }
+ if test "$gnupg_cv_typedef_u16" = yes; then
+
+$as_echo "#define HAVE_U16_TYPEDEF 1" >>confdefs.h
+
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u32 typedef" >&5
+$as_echo_n "checking for u32 typedef... " >&6; }
+ if ${gnupg_cv_typedef_u32+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#define _GNU_SOURCE 1
+ #include <stdlib.h>
+ #include <sys/types.h>
+int
+main ()
+{
+
+ #undef u32
+ int a = sizeof(u32);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ gnupg_cv_typedef_u32=yes
+else
+ gnupg_cv_typedef_u32=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_u32" >&5
+$as_echo "$gnupg_cv_typedef_u32" >&6; }
+ if test "$gnupg_cv_typedef_u32" = yes; then
+
+$as_echo "#define HAVE_U32_TYPEDEF 1" >>confdefs.h
+
+ fi
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned short" >&5
+$as_echo_n "checking size of unsigned short... " >&6; }
+if ${ac_cv_sizeof_unsigned_short+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned short))" "ac_cv_sizeof_unsigned_short" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_unsigned_short" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned short)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_unsigned_short=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_short" >&5
+$as_echo "$ac_cv_sizeof_unsigned_short" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_SHORT $ac_cv_sizeof_unsigned_short
+_ACEOF
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned int" >&5
+$as_echo_n "checking size of unsigned int... " >&6; }
+if ${ac_cv_sizeof_unsigned_int+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned int))" "ac_cv_sizeof_unsigned_int" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_unsigned_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned int)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_unsigned_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_int" >&5
+$as_echo "$ac_cv_sizeof_unsigned_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_INT $ac_cv_sizeof_unsigned_int
+_ACEOF
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5
+$as_echo_n "checking size of unsigned long... " >&6; }
+if ${ac_cv_sizeof_unsigned_long+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_unsigned_long" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned long)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_unsigned_long=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5
+$as_echo "$ac_cv_sizeof_unsigned_long" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long
+_ACEOF
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long long" >&5
+$as_echo_n "checking size of unsigned long long... " >&6; }
+if ${ac_cv_sizeof_unsigned_long_long+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long long))" "ac_cv_sizeof_unsigned_long_long" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_unsigned_long_long" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned long long)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_unsigned_long_long=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long_long" >&5
+$as_echo "$ac_cv_sizeof_unsigned_long_long" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_LONG_LONG $ac_cv_sizeof_unsigned_long_long
+_ACEOF
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5
+$as_echo_n "checking size of time_t... " >&6; }
+if ${ac_cv_sizeof_time_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t" "
+#include <stdio.h>
+#if TIME_WITH_SYS_TIME
+# include <sys/time.h>
+# include <time.h>
+#else
+# if HAVE_SYS_TIME_H
+# include <sys/time.h>
+# else
+# include <time.h>
+# endif
+#endif
+
+"; then :
+
+else
+ if test "$ac_cv_type_time_t" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (time_t)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_time_t=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5
+$as_echo "$ac_cv_sizeof_time_t" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_TIME_T $ac_cv_sizeof_time_t
+_ACEOF
+
+
+
+
+# Ensure that we have UINT64_C before we bother to check for uint64_t
+# Fixme: really needed in gnupg? I think it is only useful in libcgrypt.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for UINT64_C" >&5
+$as_echo_n "checking for UINT64_C... " >&6; }
+if ${gnupg_cv_uint64_c_works+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <inttypes.h>
+int
+main ()
+{
+uint64_t foo=UINT64_C(42);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ gnupg_cv_uint64_c_works=yes
+else
+ gnupg_cv_uint64_c_works=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_uint64_c_works" >&5
+$as_echo "$gnupg_cv_uint64_c_works" >&6; }
+if test "$gnupg_cv_uint64_c_works" = "yes" ; then
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of uint64_t" >&5
+$as_echo_n "checking size of uint64_t... " >&6; }
+if ${ac_cv_sizeof_uint64_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (uint64_t))" "ac_cv_sizeof_uint64_t" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_uint64_t" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (uint64_t)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_uint64_t=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_uint64_t" >&5
+$as_echo "$ac_cv_sizeof_uint64_t" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UINT64_T $ac_cv_sizeof_uint64_t
+_ACEOF
+
+
+fi
+
+if test "$ac_cv_sizeof_unsigned_short" = "0" \
+ || test "$ac_cv_sizeof_unsigned_int" = "0" \
+ || test "$ac_cv_sizeof_unsigned_long" = "0"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Hmmm, something is wrong with the sizes - using defaults" >&5
+$as_echo "$as_me: WARNING: Hmmm, something is wrong with the sizes - using defaults" >&2;};
+fi
+
+
+#
+# Checks for library functions.
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library functions" >&5
+$as_echo "$as_me: checking for library functions" >&6;}
+ac_fn_c_check_decl "$LINENO" "getpagesize" "ac_cv_have_decl_getpagesize" "$ac_includes_default"
+if test "x$ac_cv_have_decl_getpagesize" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_GETPAGESIZE $ac_have_decl
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5
+$as_echo_n "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; }
+if ${ac_cv_sys_largefile_source+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h> /* for off_t */
+ #include <stdio.h>
+int
+main ()
+{
+int (*fp) (FILE *, off_t, int) = fseeko;
+ return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_sys_largefile_source=no; break
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#define _LARGEFILE_SOURCE 1
+#include <sys/types.h> /* for off_t */
+ #include <stdio.h>
+int
+main ()
+{
+int (*fp) (FILE *, off_t, int) = fseeko;
+ return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_sys_largefile_source=1; break
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ ac_cv_sys_largefile_source=unknown
+ break
+done
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_source" >&5
+$as_echo "$ac_cv_sys_largefile_source" >&6; }
+case $ac_cv_sys_largefile_source in #(
+ no | unknown) ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source
+_ACEOF
+;;
+esac
+rm -rf conftest*
+
+# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug
+# in glibc 2.1.3, but that breaks too many other things.
+# If you want fseeko and ftello with glibc, upgrade to a fixed glibc.
+if test $ac_cv_sys_largefile_source != unknown; then
+
+$as_echo "#define HAVE_FSEEKO 1" >>confdefs.h
+
+fi
+
+for ac_func in vprintf
+do :
+ ac_fn_c_check_func "$LINENO" "vprintf" "ac_cv_func_vprintf"
+if test "x$ac_cv_func_vprintf" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_VPRINTF 1
+_ACEOF
+
+ac_fn_c_check_func "$LINENO" "_doprnt" "ac_cv_func__doprnt"
+if test "x$ac_cv_func__doprnt" = xyes; then :
+
+$as_echo "#define HAVE_DOPRNT 1" >>confdefs.h
+
+fi
+
+fi
+done
+
+
+ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default"
+if test "x$ac_cv_type_pid_t" = xyes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define pid_t int
+_ACEOF
+
+fi
+
+for ac_header in vfork.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "vfork.h" "ac_cv_header_vfork_h" "$ac_includes_default"
+if test "x$ac_cv_header_vfork_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_VFORK_H 1
+_ACEOF
+
+fi
+
+done
+
+for ac_func in fork vfork
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+if test "x$ac_cv_func_fork" = xyes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fork" >&5
+$as_echo_n "checking for working fork... " >&6; }
+if ${ac_cv_func_fork_works+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ ac_cv_func_fork_works=cross
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+
+ /* By Ruediger Kuhlmann. */
+ return fork () < 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_func_fork_works=yes
+else
+ ac_cv_func_fork_works=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fork_works" >&5
+$as_echo "$ac_cv_func_fork_works" >&6; }
+
+else
+ ac_cv_func_fork_works=$ac_cv_func_fork
+fi
+if test "x$ac_cv_func_fork_works" = xcross; then
+ case $host in
+ *-*-amigaos* | *-*-msdosdjgpp*)
+ # Override, as these systems have only a dummy fork() stub
+ ac_cv_func_fork_works=no
+ ;;
+ *)
+ ac_cv_func_fork_works=yes
+ ;;
+ esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&5
+$as_echo "$as_me: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&2;}
+fi
+ac_cv_func_vfork_works=$ac_cv_func_vfork
+if test "x$ac_cv_func_vfork" = xyes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vfork" >&5
+$as_echo_n "checking for working vfork... " >&6; }
+if ${ac_cv_func_vfork_works+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ ac_cv_func_vfork_works=cross
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+/* Thanks to Paul Eggert for this test. */
+$ac_includes_default
+#include <sys/wait.h>
+#ifdef HAVE_VFORK_H
+# include <vfork.h>
+#endif
+/* On some sparc systems, changes by the child to local and incoming
+ argument registers are propagated back to the parent. The compiler
+ is told about this with #include <vfork.h>, but some compilers
+ (e.g. gcc -O) don't grok <vfork.h>. Test for this by using a
+ static variable whose address is put into a register that is
+ clobbered by the vfork. */
+static void
+#ifdef __cplusplus
+sparc_address_test (int arg)
+# else
+sparc_address_test (arg) int arg;
+#endif
+{
+ static pid_t child;
+ if (!child) {
+ child = vfork ();
+ if (child < 0) {
+ perror ("vfork");
+ _exit(2);
+ }
+ if (!child) {
+ arg = getpid();
+ write(-1, "", 0);
+ _exit (arg);
+ }
+ }
+}
+
+int
+main ()
+{
+ pid_t parent = getpid ();
+ pid_t child;
+
+ sparc_address_test (0);
+
+ child = vfork ();
+
+ if (child == 0) {
+ /* Here is another test for sparc vfork register problems. This
+ test uses lots of local variables, at least as many local
+ variables as main has allocated so far including compiler
+ temporaries. 4 locals are enough for gcc 1.40.3 on a Solaris
+ 4.1.3 sparc, but we use 8 to be safe. A buggy compiler should
+ reuse the register of parent for one of the local variables,
+ since it will think that parent can't possibly be used any more
+ in this routine. Assigning to the local variable will thus
+ munge parent in the parent process. */
+ pid_t
+ p = getpid(), p1 = getpid(), p2 = getpid(), p3 = getpid(),
+ p4 = getpid(), p5 = getpid(), p6 = getpid(), p7 = getpid();
+ /* Convince the compiler that p..p7 are live; otherwise, it might
+ use the same hardware register for all 8 local variables. */
+ if (p != p1 || p != p2 || p != p3 || p != p4
+ || p != p5 || p != p6 || p != p7)
+ _exit(1);
+
+ /* On some systems (e.g. IRIX 3.3), vfork doesn't separate parent
+ from child file descriptors. If the child closes a descriptor
+ before it execs or exits, this munges the parent's descriptor
+ as well. Test for this by closing stdout in the child. */
+ _exit(close(fileno(stdout)) != 0);
+ } else {
+ int status;
+ struct stat st;
+
+ while (wait(&status) != child)
+ ;
+ return (
+ /* Was there some problem with vforking? */
+ child < 0
+
+ /* Did the child fail? (This shouldn't happen.) */
+ || status
+
+ /* Did the vfork/compiler bug occur? */
+ || parent != getpid()
+
+ /* Did the file descriptor bug occur? */
+ || fstat(fileno(stdout), &st) != 0
+ );
+ }
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_func_vfork_works=yes
+else
+ ac_cv_func_vfork_works=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vfork_works" >&5
+$as_echo "$ac_cv_func_vfork_works" >&6; }
+
+fi;
+if test "x$ac_cv_func_fork_works" = xcross; then
+ ac_cv_func_vfork_works=$ac_cv_func_vfork
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&5
+$as_echo "$as_me: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&2;}
+fi
+
+if test "x$ac_cv_func_vfork_works" = xyes; then
+
+$as_echo "#define HAVE_WORKING_VFORK 1" >>confdefs.h
+
+else
+
+$as_echo "#define vfork fork" >>confdefs.h
+
+fi
+if test "x$ac_cv_func_fork_works" = xyes; then
+
+$as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h
+
+fi
+
+for ac_func in strerror strlwr tcgetattr mmap
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in strcasecmp strncasecmp ctermid times gmtime_r
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in unsetenv fcntl ftruncate
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in gettimeofday getrusage getrlimit setrlimit clock_gettime
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in atexit raise getpagesize strftime nl_langinfo setlocale
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in waitpid wait4 sigaction sigprocmask pipe stat getaddrinfo
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in ttyname rand ftello fsync stat
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+ac_fn_c_check_type "$LINENO" "struct sigaction" "ac_cv_type_struct_sigaction" "#include <signal.h>
+"
+if test "x$ac_cv_type_struct_sigaction" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SIGACTION 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "sigset_t" "ac_cv_type_sigset_t" "#include <signal.h>
+"
+if test "x$ac_cv_type_sigset_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_SIGSET_T 1
+_ACEOF
+
+
+fi
+
+
+#
+# These are needed by libjnlib - fixme: we should use a jnlib.m4
+# Note: We already checked pwd.h.
+for ac_func in memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in memrchr isascii timegm getrusage setrlimit stat setlocale
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in flockfile funlockfile fopencookie funopen getpwnam getpwuid
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+#
+# gnulib checks
+#
+
+
+
+# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
+# for constant arguments. Useless!
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working alloca.h" >&5
+$as_echo_n "checking for working alloca.h... " >&6; }
+if ${ac_cv_working_alloca_h+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <alloca.h>
+int
+main ()
+{
+char *p = (char *) alloca (2 * sizeof (int));
+ if (p) return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_working_alloca_h=yes
+else
+ ac_cv_working_alloca_h=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_working_alloca_h" >&5
+$as_echo "$ac_cv_working_alloca_h" >&6; }
+if test $ac_cv_working_alloca_h = yes; then
+
+$as_echo "#define HAVE_ALLOCA_H 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for alloca" >&5
+$as_echo_n "checking for alloca... " >&6; }
+if ${ac_cv_func_alloca_works+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __GNUC__
+# define alloca __builtin_alloca
+#else
+# ifdef _MSC_VER
+# include <malloc.h>
+# define alloca _alloca
+# else
+# ifdef HAVE_ALLOCA_H
+# include <alloca.h>
+# else
+# ifdef _AIX
+ #pragma alloca
+# else
+# ifndef alloca /* predefined by HP cc +Olibcalls */
+void *alloca (size_t);
+# endif
+# endif
+# endif
+# endif
+#endif
+
+int
+main ()
+{
+char *p = (char *) alloca (1);
+ if (p) return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_func_alloca_works=yes
+else
+ ac_cv_func_alloca_works=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_alloca_works" >&5
+$as_echo "$ac_cv_func_alloca_works" >&6; }
+
+if test $ac_cv_func_alloca_works = yes; then
+
+$as_echo "#define HAVE_ALLOCA 1" >>confdefs.h
+
+else
+ # The SVR3 libPW and SVR4 libucb both contain incompatible functions
+# that cause trouble. Some versions do not even contain alloca or
+# contain a buggy version. If you still want to use their alloca,
+# use ar to extract alloca.o from them instead of compiling alloca.c.
+
+ALLOCA=\${LIBOBJDIR}alloca.$ac_objext
+
+$as_echo "#define C_ALLOCA 1" >>confdefs.h
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether \`alloca.c' needs Cray hooks" >&5
+$as_echo_n "checking whether \`alloca.c' needs Cray hooks... " >&6; }
+if ${ac_cv_os_cray+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#if defined CRAY && ! defined CRAY2
+webecray
+#else
+wenotbecray
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "webecray" >/dev/null 2>&1; then :
+ ac_cv_os_cray=yes
+else
+ ac_cv_os_cray=no
+fi
+rm -f conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_os_cray" >&5
+$as_echo "$ac_cv_os_cray" >&6; }
+if test $ac_cv_os_cray = yes; then
+ for ac_func in _getb67 GETB67 getb67; do
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+
+cat >>confdefs.h <<_ACEOF
+#define CRAY_STACKSEG_END $ac_func
+_ACEOF
+
+ break
+fi
+
+ done
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking stack direction for C alloca" >&5
+$as_echo_n "checking stack direction for C alloca... " >&6; }
+if ${ac_cv_c_stack_direction+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ ac_cv_c_stack_direction=0
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+int
+find_stack_direction ()
+{
+ static char *addr = 0;
+ auto char dummy;
+ if (addr == 0)
+ {
+ addr = &dummy;
+ return find_stack_direction ();
+ }
+ else
+ return (&dummy > addr) ? 1 : -1;
+}
+
+int
+main ()
+{
+ return find_stack_direction () < 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_c_stack_direction=1
+else
+ ac_cv_c_stack_direction=-1
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_stack_direction" >&5
+$as_echo "$ac_cv_c_stack_direction" >&6; }
+cat >>confdefs.h <<_ACEOF
+#define STACK_DIRECTION $ac_cv_c_stack_direction
+_ACEOF
+
+
+fi
+
+
+ for ac_header in stdlib.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdlib_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_STDLIB_H 1
+_ACEOF
+
+fi
+
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible malloc" >&5
+$as_echo_n "checking for GNU libc compatible malloc... " >&6; }
+if ${ac_cv_func_malloc_0_nonnull+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ ac_cv_func_malloc_0_nonnull=no
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#if defined STDC_HEADERS || defined HAVE_STDLIB_H
+# include <stdlib.h>
+#else
+char *malloc ();
+#endif
+
+int
+main ()
+{
+return ! malloc (0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_func_malloc_0_nonnull=yes
+else
+ ac_cv_func_malloc_0_nonnull=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_malloc_0_nonnull" >&5
+$as_echo "$ac_cv_func_malloc_0_nonnull" >&6; }
+if test $ac_cv_func_malloc_0_nonnull = yes; then :
+ gl_cv_func_malloc_0_nonnull=1
+else
+ gl_cv_func_malloc_0_nonnull=0
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define MALLOC_0_IS_NONNULL $gl_cv_func_malloc_0_nonnull
+_ACEOF
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5
+$as_echo_n "checking for long long int... " >&6; }
+if ${ac_cv_type_long_long_int+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ /* Test preprocessor. */
+ #if ! (-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+ error in preprocessor;
+ #endif
+ #if ! (18446744073709551615ULL <= -1ull)
+ error in preprocessor;
+ #endif
+ /* Test literals. */
+ long long int ll = 9223372036854775807ll;
+ long long int nll = -9223372036854775807LL;
+ unsigned long long int ull = 18446744073709551615ULL;
+ /* Test constant expressions. */
+ typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+ ? 1 : -1)];
+ typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1
+ ? 1 : -1)];
+ int i = 63;
+int
+main ()
+{
+/* Test availability of runtime routines for shift and division. */
+ long long int llmax = 9223372036854775807ll;
+ unsigned long long int ullmax = 18446744073709551615ull;
+ return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i)
+ | (llmax / ll) | (llmax % ll)
+ | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i)
+ | (ullmax / ull) | (ullmax % ull));
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ if test "$cross_compiling" = yes; then :
+ ac_cv_type_long_long_int=yes
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <limits.h>
+ #ifndef LLONG_MAX
+ # define HALF \
+ (1LL << (sizeof (long long int) * CHAR_BIT - 2))
+ # define LLONG_MAX (HALF - 1 + HALF)
+ #endif
+int
+main ()
+{
+long long int n = 1;
+ int i;
+ for (i = 0; ; i++)
+ {
+ long long int m = n << i;
+ if (m >> i != n)
+ return 1;
+ if (LLONG_MAX / 2 < m)
+ break;
+ }
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_type_long_long_int=yes
+else
+ ac_cv_type_long_long_int=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+else
+ ac_cv_type_long_long_int=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_long_int" >&5
+$as_echo "$ac_cv_type_long_long_int" >&6; }
+ if test $ac_cv_type_long_long_int = yes; then
+
+$as_echo "#define HAVE_LONG_LONG_INT 1" >>confdefs.h
+
+ fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long double" >&5
+$as_echo_n "checking for long double... " >&6; }
+if ${gt_cv_c_long_double+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$GCC" = yes; then
+ gt_cv_c_long_double=yes
+ else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ /* The Stardent Vistra knows sizeof(long double), but does not support it. */
+ long double foo = 0.0;
+ /* On Ultrix 4.3 cc, long double is 4 and double is 8. */
+ int array [2*(sizeof(long double) >= sizeof(double)) - 1];
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ gt_cv_c_long_double=yes
+else
+ gt_cv_c_long_double=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_c_long_double" >&5
+$as_echo "$gt_cv_c_long_double" >&6; }
+ if test $gt_cv_c_long_double = yes; then
+
+$as_echo "#define HAVE_LONG_DOUBLE 1" >>confdefs.h
+
+ fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stat file-mode macros are broken" >&5
+$as_echo_n "checking whether stat file-mode macros are broken... " >&6; }
+if ${ac_cv_header_stat_broken+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#if defined S_ISBLK && defined S_IFDIR
+extern char c1[S_ISBLK (S_IFDIR) ? -1 : 1];
+#endif
+
+#if defined S_ISBLK && defined S_IFCHR
+extern char c2[S_ISBLK (S_IFCHR) ? -1 : 1];
+#endif
+
+#if defined S_ISLNK && defined S_IFREG
+extern char c3[S_ISLNK (S_IFREG) ? -1 : 1];
+#endif
+
+#if defined S_ISSOCK && defined S_IFREG
+extern char c4[S_ISSOCK (S_IFREG) ? -1 : 1];
+#endif
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_stat_broken=no
+else
+ ac_cv_header_stat_broken=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stat_broken" >&5
+$as_echo "$ac_cv_header_stat_broken" >&6; }
+if test $ac_cv_header_stat_broken = yes; then
+
+$as_echo "#define STAT_MACROS_BROKEN 1" >>confdefs.h
+
+fi
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for unsigned long long int" >&5
+$as_echo_n "checking for unsigned long long int... " >&6; }
+if ${ac_cv_type_unsigned_long_long_int+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ /* Test preprocessor. */
+ #if ! (-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+ error in preprocessor;
+ #endif
+ #if ! (18446744073709551615ULL <= -1ull)
+ error in preprocessor;
+ #endif
+ /* Test literals. */
+ long long int ll = 9223372036854775807ll;
+ long long int nll = -9223372036854775807LL;
+ unsigned long long int ull = 18446744073709551615ULL;
+ /* Test constant expressions. */
+ typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+ ? 1 : -1)];
+ typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1
+ ? 1 : -1)];
+ int i = 63;
+int
+main ()
+{
+/* Test availability of runtime routines for shift and division. */
+ long long int llmax = 9223372036854775807ll;
+ unsigned long long int ullmax = 18446744073709551615ull;
+ return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i)
+ | (llmax / ll) | (llmax % ll)
+ | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i)
+ | (ullmax / ull) | (ullmax % ull));
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_type_unsigned_long_long_int=yes
+else
+ ac_cv_type_unsigned_long_long_int=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_unsigned_long_long_int" >&5
+$as_echo "$ac_cv_type_unsigned_long_long_int" >&6; }
+ if test $ac_cv_type_unsigned_long_long_int = yes; then
+
+$as_echo "#define HAVE_UNSIGNED_LONG_LONG_INT 1" >>confdefs.h
+
+ fi
+
+
+
+
+
+
+ if false; then
+ GL_COND_LIBTOOL_TRUE=
+ GL_COND_LIBTOOL_FALSE='#'
+else
+ GL_COND_LIBTOOL_TRUE='#'
+ GL_COND_LIBTOOL_FALSE=
+fi
+
+ gl_cond_libtool=false
+ gl_libdeps=
+ gl_ltlibdeps=
+ gl_source_base='gl'
+
+
+
+
+
+ if test $ac_cv_func_alloca_works = no; then
+ :
+ fi
+
+ # Define an additional variable used in the Makefile substitution.
+ if test $ac_cv_working_alloca_h = yes; then
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#if defined __GNUC__ || defined _AIX || defined _MSC_VER
+ Need own alloca
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "Need own alloca" >/dev/null 2>&1; then :
+
+$as_echo "#define HAVE_ALLOCA 1" >>confdefs.h
+
+ ALLOCA_H=alloca.h
+else
+ ALLOCA_H=
+fi
+rm -f conftest*
+
+ else
+ ALLOCA_H=alloca.h
+ fi
+
+
+
+$as_echo "#define HAVE_ALLOCA_H 1" >>confdefs.h
+
+
+
+
+
+
+
+
+
+ ac_fn_c_check_func "$LINENO" "mkdtemp" "ac_cv_func_mkdtemp"
+if test "x$ac_cv_func_mkdtemp" = xyes; then :
+ $as_echo "#define HAVE_MKDTEMP 1" >>confdefs.h
+
+else
+ case " $LIBOBJS " in
+ *" mkdtemp.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS mkdtemp.$ac_objext"
+ ;;
+esac
+
+fi
+
+
+ if test $ac_cv_func_mkdtemp = no; then
+
+
+
+ for ac_header in time.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "time.h" "ac_cv_header_time_h" "$ac_includes_default"
+if test "x$ac_cv_header_time_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_TIME_H 1
+_ACEOF
+
+fi
+
+done
+
+ for ac_func in gettimeofday
+do :
+ ac_fn_c_check_func "$LINENO" "gettimeofday" "ac_cv_func_gettimeofday"
+if test "x$ac_cv_func_gettimeofday" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETTIMEOFDAY 1
+_ACEOF
+
+fi
+done
+
+
+ fi
+
+
+ ac_fn_c_check_func "$LINENO" "setenv" "ac_cv_func_setenv"
+if test "x$ac_cv_func_setenv" = xyes; then :
+ $as_echo "#define HAVE_SETENV 1" >>confdefs.h
+
+else
+ case " $LIBOBJS " in
+ *" setenv.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS setenv.$ac_objext"
+ ;;
+esac
+
+fi
+
+ac_fn_c_check_func "$LINENO" "unsetenv" "ac_cv_func_unsetenv"
+if test "x$ac_cv_func_unsetenv" = xyes; then :
+ $as_echo "#define HAVE_UNSETENV 1" >>confdefs.h
+
+else
+ case " $LIBOBJS " in
+ *" unsetenv.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS unsetenv.$ac_objext"
+ ;;
+esac
+
+fi
+
+
+ if test $ac_cv_func_setenv = no; then
+
+
+
+ for ac_header in search.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "search.h" "ac_cv_header_search_h" "$ac_includes_default"
+if test "x$ac_cv_header_search_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SEARCH_H 1
+_ACEOF
+
+fi
+
+done
+
+ for ac_func in tsearch
+do :
+ ac_fn_c_check_func "$LINENO" "tsearch" "ac_cv_func_tsearch"
+if test "x$ac_cv_func_tsearch" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_TSEARCH 1
+_ACEOF
+
+fi
+done
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if environ is properly declared" >&5
+$as_echo_n "checking if environ is properly declared... " >&6; }
+ if ${gt_cv_var_environ_declaration+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <unistd.h>
+ extern struct { int foo; } environ;
+int
+main ()
+{
+environ.foo = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ gt_cv_var_environ_declaration=no
+else
+ gt_cv_var_environ_declaration=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_var_environ_declaration" >&5
+$as_echo "$gt_cv_var_environ_declaration" >&6; }
+ if test $gt_cv_var_environ_declaration = yes; then
+
+$as_echo "#define HAVE_ENVIRON_DECL 1" >>confdefs.h
+
+ fi
+
+
+ fi
+ if test $ac_cv_func_unsetenv = no; then
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if environ is properly declared" >&5
+$as_echo_n "checking if environ is properly declared... " >&6; }
+ if ${gt_cv_var_environ_declaration+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <unistd.h>
+ extern struct { int foo; } environ;
+int
+main ()
+{
+environ.foo = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ gt_cv_var_environ_declaration=no
+else
+ gt_cv_var_environ_declaration=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_var_environ_declaration" >&5
+$as_echo "$gt_cv_var_environ_declaration" >&6; }
+ if test $gt_cv_var_environ_declaration = yes; then
+
+$as_echo "#define HAVE_ENVIRON_DECL 1" >>confdefs.h
+
+ fi
+
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for unsetenv() return type" >&5
+$as_echo_n "checking for unsetenv() return type... " >&6; }
+if ${gt_cv_func_unsetenv_ret+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+extern
+#ifdef __cplusplus
+"C"
+#endif
+#if defined(__STDC__) || defined(__cplusplus)
+int unsetenv (const char *name);
+#else
+int unsetenv();
+#endif
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ gt_cv_func_unsetenv_ret='int'
+else
+ gt_cv_func_unsetenv_ret='void'
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_unsetenv_ret" >&5
+$as_echo "$gt_cv_func_unsetenv_ret" >&6; }
+ if test $gt_cv_func_unsetenv_ret = 'void'; then
+
+$as_echo "#define VOID_UNSETENV 1" >>confdefs.h
+
+ fi
+ fi
+
+
+ for ac_header in stdint.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdint_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_STDINT_H 1
+_ACEOF
+
+fi
+
+done
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SIZE_MAX" >&5
+$as_echo_n "checking for SIZE_MAX... " >&6; }
+ if ${gl_cv_size_max+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ gl_cv_size_max=
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <limits.h>
+#if HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#ifdef SIZE_MAX
+Found it
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "Found it" >/dev/null 2>&1; then :
+ gl_cv_size_max=yes
+fi
+rm -f conftest*
+
+ if test -z "$gl_cv_size_max"; then
+ if ac_fn_c_compute_int "$LINENO" "sizeof (size_t) * CHAR_BIT - 1" "size_t_bits_minus_1" "#include <stddef.h>
+#include <limits.h>"; then :
+
+else
+ size_t_bits_minus_1=
+fi
+
+
+ if ac_fn_c_compute_int "$LINENO" "sizeof (size_t) <= sizeof (unsigned int)" "fits_in_uint" "#include <stddef.h>"; then :
+
+else
+ fits_in_uint=
+fi
+
+
+ if test -n "$size_t_bits_minus_1" && test -n "$fits_in_uint"; then
+ if test $fits_in_uint = 1; then
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stddef.h>
+ extern size_t foo;
+ extern unsigned long foo;
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ fits_in_uint=0
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+ if test $fits_in_uint = 1; then
+ gl_cv_size_max="(((1U << $size_t_bits_minus_1) - 1) * 2 + 1)"
+ else
+ gl_cv_size_max="(((1UL << $size_t_bits_minus_1) - 1) * 2 + 1)"
+ fi
+ else
+ gl_cv_size_max='((size_t)~(size_t)0)'
+ fi
+ fi
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_size_max" >&5
+$as_echo "$gl_cv_size_max" >&6; }
+ if test "$gl_cv_size_max" != yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define SIZE_MAX $gl_cv_size_max
+_ACEOF
+
+ fi
+
+
+
+
+ if test $ac_cv_type_long_long_int = yes; then
+ HAVE_LONG_LONG_INT=1
+ else
+ HAVE_LONG_LONG_INT=0
+ fi
+
+
+ if test $ac_cv_type_unsigned_long_long_int = yes; then
+ HAVE_UNSIGNED_LONG_LONG_INT=1
+ else
+ HAVE_UNSIGNED_LONG_LONG_INT=0
+ fi
+
+
+
+ if test $ac_cv_header_wchar_h = yes; then
+ HAVE_WCHAR_H=1
+ else
+ HAVE_WCHAR_H=0
+ fi
+
+
+ if test $ac_cv_header_inttypes_h = yes; then
+ HAVE_INTTYPES_H=1
+ else
+ HAVE_INTTYPES_H=0
+ fi
+
+
+ if test $ac_cv_header_sys_types_h = yes; then
+ HAVE_SYS_TYPES_H=1
+ else
+ HAVE_SYS_TYPES_H=0
+ fi
+
+
+ if test $ac_cv_header_stdint_h = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of <stdint.h>" >&5
+$as_echo_n "checking absolute name of <stdint.h>... " >&6; }
+if ${gl_cv_absolute_stdint_h+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test $ac_cv_header_stdint_h = yes; then
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdint.h>
+_ACEOF
+ gl_cv_absolute_stdint_h=`(eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+sed -n '\#/stdint.h#{s#.*"\(.*/stdint.h\)".*#\1#;s#^/[^/]#//&#;p;q;}'`
+ fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_absolute_stdint_h" >&5
+$as_echo "$gl_cv_absolute_stdint_h" >&6; }
+cat >>confdefs.h <<_ACEOF
+#define ABSOLUTE_STDINT_H "$gl_cv_absolute_stdint_h"
+_ACEOF
+
+
+ ABSOLUTE_STDINT_H=\"$gl_cv_absolute_stdint_h\"
+ HAVE_STDINT_H=1
+ else
+ ABSOLUTE_STDINT_H=\"no/such/file/stdint.h\"
+ HAVE_STDINT_H=0
+ fi
+
+
+
+ if test $ac_cv_header_stdint_h = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stdint.h conforms to C99" >&5
+$as_echo_n "checking whether stdint.h conforms to C99... " >&6; }
+if ${gl_cv_header_working_stdint_h+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ gl_cv_header_working_stdint_h=no
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+
+#include <stddef.h>
+#define __STDC_LIMIT_MACROS 1 /* to make it work also in C++ mode */
+#define __STDC_CONSTANT_MACROS 1 /* to make it work also in C++ mode */
+#include ABSOLUTE_STDINT_H
+#ifdef INT8_MAX
+int8_t a1 = INT8_MAX;
+int8_t a1min = INT8_MIN;
+#endif
+#ifdef INT16_MAX
+int16_t a2 = INT16_MAX;
+int16_t a2min = INT16_MIN;
+#endif
+#ifdef INT32_MAX
+int32_t a3 = INT32_MAX;
+int32_t a3min = INT32_MIN;
+#endif
+#ifdef INT64_MAX
+int64_t a4 = INT64_MAX;
+int64_t a4min = INT64_MIN;
+#endif
+#ifdef UINT8_MAX
+uint8_t b1 = UINT8_MAX;
+#else
+typedef int b1[(unsigned char) -1 != 255 ? 1 : -1];
+#endif
+#ifdef UINT16_MAX
+uint16_t b2 = UINT16_MAX;
+#endif
+#ifdef UINT32_MAX
+uint32_t b3 = UINT32_MAX;
+#endif
+#ifdef UINT64_MAX
+uint64_t b4 = UINT64_MAX;
+#endif
+int_least8_t c1 = INT8_C (0x7f);
+int_least8_t c1max = INT_LEAST8_MAX;
+int_least8_t c1min = INT_LEAST8_MIN;
+int_least16_t c2 = INT16_C (0x7fff);
+int_least16_t c2max = INT_LEAST16_MAX;
+int_least16_t c2min = INT_LEAST16_MIN;
+int_least32_t c3 = INT32_C (0x7fffffff);
+int_least32_t c3max = INT_LEAST32_MAX;
+int_least32_t c3min = INT_LEAST32_MIN;
+int_least64_t c4 = INT64_C (0x7fffffffffffffff);
+int_least64_t c4max = INT_LEAST64_MAX;
+int_least64_t c4min = INT_LEAST64_MIN;
+uint_least8_t d1 = UINT8_C (0xff);
+uint_least8_t d1max = UINT_LEAST8_MAX;
+uint_least16_t d2 = UINT16_C (0xffff);
+uint_least16_t d2max = UINT_LEAST16_MAX;
+uint_least32_t d3 = UINT32_C (0xffffffff);
+uint_least32_t d3max = UINT_LEAST32_MAX;
+uint_least64_t d4 = UINT64_C (0xffffffffffffffff);
+uint_least64_t d4max = UINT_LEAST64_MAX;
+int_fast8_t e1 = INT_FAST8_MAX;
+int_fast8_t e1min = INT_FAST8_MIN;
+int_fast16_t e2 = INT_FAST16_MAX;
+int_fast16_t e2min = INT_FAST16_MIN;
+int_fast32_t e3 = INT_FAST32_MAX;
+int_fast32_t e3min = INT_FAST32_MIN;
+int_fast64_t e4 = INT_FAST64_MAX;
+int_fast64_t e4min = INT_FAST64_MIN;
+uint_fast8_t f1 = UINT_FAST8_MAX;
+uint_fast16_t f2 = UINT_FAST16_MAX;
+uint_fast32_t f3 = UINT_FAST32_MAX;
+uint_fast64_t f4 = UINT_FAST64_MAX;
+#ifdef INTPTR_MAX
+intptr_t g = INTPTR_MAX;
+intptr_t gmin = INTPTR_MIN;
+#endif
+#ifdef UINTPTR_MAX
+uintptr_t h = UINTPTR_MAX;
+#endif
+intmax_t i = INTMAX_MAX;
+uintmax_t j = UINTMAX_MAX;
+struct s {
+ int check_PTRDIFF: PTRDIFF_MIN < 0 && 0 < PTRDIFF_MAX ? 1 : -1;
+ int check_SIG_ATOMIC: SIG_ATOMIC_MIN <= 0 && 0 < SIG_ATOMIC_MAX ? 1 : -1;
+ int check_SIZE: 0 < SIZE_MAX ? 1 : -1;
+ int check_WCHAR: WCHAR_MIN <= 0 && 0 < WCHAR_MAX ? 1 : -1;
+ int check_WINT: WINT_MIN <= 0 && 0 < WINT_MAX ? 1 : -1;
+
+ /* Detect bugs in glibc 2.4 and Solaris 10 stdint.h, among others. */
+ int check_UINT8_C:
+ (-1 < UINT8_C (0)) == (-1 < (uint_least8_t) 0) ? 1 : -1;
+ int check_UINT16_C:
+ (-1 < UINT16_C (0)) == (-1 < (uint_least16_t) 0) ? 1 : -1;
+
+ /* Detect bugs in OpenBSD 3.9 stdint.h. */
+#ifdef UINT8_MAX
+ int check_uint8: (uint8_t) -1 == UINT8_MAX ? 1 : -1;
+#endif
+#ifdef UINT16_MAX
+ int check_uint16: (uint16_t) -1 == UINT16_MAX ? 1 : -1;
+#endif
+#ifdef UINT32_MAX
+ int check_uint32: (uint32_t) -1 == UINT32_MAX ? 1 : -1;
+#endif
+#ifdef UINT64_MAX
+ int check_uint64: (uint64_t) -1 == UINT64_MAX ? 1 : -1;
+#endif
+ int check_uint_least8: (uint_least8_t) -1 == UINT_LEAST8_MAX ? 1 : -1;
+ int check_uint_least16: (uint_least16_t) -1 == UINT_LEAST16_MAX ? 1 : -1;
+ int check_uint_least32: (uint_least32_t) -1 == UINT_LEAST32_MAX ? 1 : -1;
+ int check_uint_least64: (uint_least64_t) -1 == UINT_LEAST64_MAX ? 1 : -1;
+ int check_uint_fast8: (uint_fast8_t) -1 == UINT_FAST8_MAX ? 1 : -1;
+ int check_uint_fast16: (uint_fast16_t) -1 == UINT_FAST16_MAX ? 1 : -1;
+ int check_uint_fast32: (uint_fast32_t) -1 == UINT_FAST32_MAX ? 1 : -1;
+ int check_uint_fast64: (uint_fast64_t) -1 == UINT_FAST64_MAX ? 1 : -1;
+ int check_uintptr: (uintptr_t) -1 == UINTPTR_MAX ? 1 : -1;
+ int check_uintmax: (uintmax_t) -1 == UINTMAX_MAX ? 1 : -1;
+ int check_size: (size_t) -1 == SIZE_MAX ? 1 : -1;
+};
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ gl_cv_header_working_stdint_h=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_working_stdint_h" >&5
+$as_echo "$gl_cv_header_working_stdint_h" >&6; }
+ fi
+ if test "$gl_cv_header_working_stdint_h" != yes; then
+
+ for ac_header in sys/inttypes.h sys/bitypes.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ if test $ac_cv_header_sys_inttypes_h = yes; then
+ HAVE_SYS_INTTYPES_H=1
+ else
+ HAVE_SYS_INTTYPES_H=0
+ fi
+
+ if test $ac_cv_header_sys_bitypes_h = yes; then
+ HAVE_SYS_BITYPES_H=1
+ else
+ HAVE_SYS_BITYPES_H=0
+ fi
+
+
+
+
+
+ for gltype in ptrdiff_t sig_atomic_t size_t wchar_t wint_t ; do
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for bit size of $gltype" >&5
+$as_echo_n "checking for bit size of $gltype... " >&6; }
+if eval \${gl_cv_bitsizeof_${gltype}+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "sizeof ($gltype) * CHAR_BIT" "result" "
+ #include <stddef.h>
+ #include <signal.h>
+ #if HAVE_WCHAR_H
+ /* BSD/OS 4.1 has a bug: <stdio.h> and <time.h> must be included before
+ <wchar.h>. */
+ # include <stdio.h>
+ # include <time.h>
+ # include <wchar.h>
+ #endif
+
+#include <limits.h>"; then :
+
+else
+ result=unknown
+fi
+
+
+ eval gl_cv_bitsizeof_${gltype}=\$result
+
+fi
+eval ac_res=\$gl_cv_bitsizeof_${gltype}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval result=\$gl_cv_bitsizeof_${gltype}
+ if test $result = unknown; then
+ result=0
+ fi
+ GLTYPE=`echo "$gltype" | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'`
+ cat >>confdefs.h <<_ACEOF
+#define BITSIZEOF_${GLTYPE} $result
+_ACEOF
+
+ eval BITSIZEOF_${GLTYPE}=\$result
+ done
+
+
+
+
+ for gltype in sig_atomic_t wchar_t wint_t ; do
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $gltype is signed" >&5
+$as_echo_n "checking whether $gltype is signed... " >&6; }
+if eval \${gl_cv_type_${gltype}_signed+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <stddef.h>
+ #include <signal.h>
+ #if HAVE_WCHAR_H
+ /* BSD/OS 4.1 has a bug: <stdio.h> and <time.h> must be included before
+ <wchar.h>. */
+ # include <stdio.h>
+ # include <time.h>
+ # include <wchar.h>
+ #endif
+
+ int verify[2 * (($gltype) -1 < ($gltype) 0) - 1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ result=yes
+else
+ result=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ eval gl_cv_type_${gltype}_signed=\$result
+
+fi
+eval ac_res=\$gl_cv_type_${gltype}_signed
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval result=\$gl_cv_type_${gltype}_signed
+ GLTYPE=`echo $gltype | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'`
+ if test "$result" = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SIGNED_${GLTYPE} 1
+_ACEOF
+
+ eval HAVE_SIGNED_${GLTYPE}=1
+ else
+ eval HAVE_SIGNED_${GLTYPE}=0
+ fi
+ done
+
+
+ gl_cv_type_ptrdiff_t_signed=yes
+ gl_cv_type_size_t_signed=no
+
+
+ for gltype in ptrdiff_t sig_atomic_t size_t wchar_t wint_t ; do
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $gltype integer literal suffix" >&5
+$as_echo_n "checking for $gltype integer literal suffix... " >&6; }
+if eval \${gl_cv_type_${gltype}_suffix+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval gl_cv_type_${gltype}_suffix=no
+ eval result=\$gl_cv_type_${gltype}_signed
+ if test "$result" = yes; then
+ glsufu=
+ else
+ glsufu=u
+ fi
+ for glsuf in "$glsufu" ${glsufu}l ${glsufu}ll ${glsufu}i64; do
+ case $glsuf in
+ '') gltype1='int';;
+ l) gltype1='long int';;
+ ll) gltype1='long long int';;
+ i64) gltype1='__int64';;
+ u) gltype1='unsigned int';;
+ ul) gltype1='unsigned long int';;
+ ull) gltype1='unsigned long long int';;
+ ui64)gltype1='unsigned __int64';;
+ esac
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <stddef.h>
+ #include <signal.h>
+ #if HAVE_WCHAR_H
+ /* BSD/OS 4.1 has a bug: <stdio.h> and <time.h> must be included before
+ <wchar.h>. */
+ # include <stdio.h>
+ # include <time.h>
+ # include <wchar.h>
+ #endif
+
+ extern $gltype foo;
+ extern $gltype1 foo;
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval gl_cv_type_${gltype}_suffix=\$glsuf
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ eval result=\$gl_cv_type_${gltype}_suffix
+ test "$result" != no && break
+ done
+fi
+eval ac_res=\$gl_cv_type_${gltype}_suffix
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ GLTYPE=`echo $gltype | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'`
+ eval result=\$gl_cv_type_${gltype}_suffix
+ test "$result" = no && result=
+ eval ${GLTYPE}_SUFFIX=\$result
+ cat >>confdefs.h <<_ACEOF
+#define ${GLTYPE}_SUFFIX $result
+_ACEOF
+
+ done
+
+
+
+ STDINT_H=stdint.h
+ fi
+
+
+
+ ac_fn_c_check_func "$LINENO" "strpbrk" "ac_cv_func_strpbrk"
+if test "x$ac_cv_func_strpbrk" = xyes; then :
+ $as_echo "#define HAVE_STRPBRK 1" >>confdefs.h
+
+else
+ case " $LIBOBJS " in
+ *" strpbrk.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strpbrk.$ac_objext"
+ ;;
+esac
+
+fi
+
+
+ if test $ac_cv_func_strpbrk = no; then
+ :
+ fi
+
+
+ for ac_header in unistd.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
+if test "x$ac_cv_header_unistd_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_UNISTD_H 1
+_ACEOF
+
+ UNISTD_H=''
+
+else
+
+ UNISTD_H='unistd.h'
+
+fi
+
+done
+
+
+
+
+
+
+ for ac_header in stdint.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdint_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_STDINT_H 1
+_ACEOF
+
+fi
+
+done
+
+
+ LIBGNU_LIBDEPS="$gl_libdeps"
+
+ LIBGNU_LTLIBDEPS="$gl_ltlibdeps"
+
+
+
+
+#
+# W32 specific test
+#
+for ac_header in sys/stat.h unistd.h direct.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if mkdir takes one argument" >&5
+$as_echo_n "checking if mkdir takes one argument... " >&6; }
+if ${gnupg_cv_mkdir_takes_one_arg+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#ifdef HAVE_DIRECT_H
+# include <direct.h>
+#endif
+int
+main ()
+{
+mkdir ("foo", 0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ gnupg_cv_mkdir_takes_one_arg=no
+else
+ gnupg_cv_mkdir_takes_one_arg=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_mkdir_takes_one_arg" >&5
+$as_echo "$gnupg_cv_mkdir_takes_one_arg" >&6; }
+if test $gnupg_cv_mkdir_takes_one_arg = yes ; then
+
+$as_echo "#define MKDIR_TAKES_ONE_ARG 1" >>confdefs.h
+
+fi
+
+
+#
+# Sanity check regex. Tests adapted from mutt.
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether regular expression support is requested" >&5
+$as_echo_n "checking whether regular expression support is requested... " >&6; }
+# Check whether --enable-regex was given.
+if test "${enable_regex+set}" = set; then :
+ enableval=$enable_regex; use_regex=$enableval
+else
+ use_regex=yes
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_regex" >&5
+$as_echo "$use_regex" >&6; }
+
+if test "$use_regex" = yes ; then
+ _cppflags="${CPPFLAGS}"
+ _ldflags="${LDFLAGS}"
+
+# Check whether --with-regex was given.
+if test "${with_regex+set}" = set; then :
+ withval=$with_regex;
+ if test -d "$withval" ; then
+ CPPFLAGS="${CPPFLAGS} -I$withval/include"
+ LDFLAGS="${LDFLAGS} -L$withval/lib"
+ fi
+
+else
+ withval=""
+fi
+
+
+ # Does the system have regex functions at all?
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing regcomp" >&5
+$as_echo_n "checking for library containing regcomp... " >&6; }
+if ${ac_cv_search_regcomp+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char regcomp ();
+int
+main ()
+{
+return regcomp ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' regex; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_regcomp=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_regcomp+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_regcomp+:} false; then :
+
+else
+ ac_cv_search_regcomp=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_regcomp" >&5
+$as_echo "$ac_cv_search_regcomp" >&6; }
+ac_res=$ac_cv_search_regcomp
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+ ac_fn_c_check_func "$LINENO" "regcomp" "ac_cv_func_regcomp"
+if test "x$ac_cv_func_regcomp" = xyes; then :
+ gnupg_cv_have_regex=yes
+else
+ gnupg_cv_have_regex=no
+fi
+
+
+ if test $gnupg_cv_have_regex = no; then
+ use_regex=no
+ else
+ if test x"$cross_compiling" = xyes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling; assuming regexp libray is not broken" >&5
+$as_echo "$as_me: WARNING: cross compiling; assuming regexp libray is not broken" >&2;}
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether your system's regexp library is broken" >&5
+$as_echo_n "checking whether your system's regexp library is broken... " >&6; }
+if ${gnupg_cv_regex_broken+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ gnupg_cv_regex_broken=yes
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <unistd.h>
+#include <regex.h>
+main() { regex_t blah ; regmatch_t p; p.rm_eo = p.rm_eo; return regcomp(&blah, "foo.*bar", REG_NOSUB) || regexec (&blah, "foobar", 0, NULL, 0); }
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ gnupg_cv_regex_broken=no
+else
+ gnupg_cv_regex_broken=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_regex_broken" >&5
+$as_echo "$gnupg_cv_regex_broken" >&6; }
+
+ if test $gnupg_cv_regex_broken = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: your regex is broken - disabling regex use" >&5
+$as_echo "$as_me: WARNING: your regex is broken - disabling regex use" >&2;}
+ use_regex=no
+ fi
+ fi
+ fi
+ CPPFLAGS="${_cppflags}"
+ LDFLAGS="${_ldflags}"
+fi
+
+if test "$use_regex" != yes ; then
+
+$as_echo "#define DISABLE_REGEX 1" >>confdefs.h
+
+fi
+ if test x"$use_regex" != xyes; then
+ DISABLE_REGEX_TRUE=
+ DISABLE_REGEX_FALSE='#'
+else
+ DISABLE_REGEX_TRUE='#'
+ DISABLE_REGEX_FALSE=
+fi
+
+
+
+
+#
+# Do we have zlib? Must do it here because Solaris failed
+# when compiling a conftest (due to the "-lz" from LIBS).
+# Note that we combine zlib and bzlib2 in ZLIBS.
+#
+_cppflags="${CPPFLAGS}"
+_ldflags="${LDFLAGS}"
+
+# Check whether --with-zlib was given.
+if test "${with_zlib+set}" = set; then :
+ withval=$with_zlib;
+ if test -d "$withval"; then
+ CPPFLAGS="${CPPFLAGS} -I$withval/include"
+ LDFLAGS="${LDFLAGS} -L$withval/lib"
+ fi
+
+fi
+
+
+ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default"
+if test "x$ac_cv_header_zlib_h" = xyes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for deflateInit2_ in -lz" >&5
+$as_echo_n "checking for deflateInit2_ in -lz... " >&6; }
+if ${ac_cv_lib_z_deflateInit2_+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lz $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char deflateInit2_ ();
+int
+main ()
+{
+return deflateInit2_ ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_z_deflateInit2_=yes
+else
+ ac_cv_lib_z_deflateInit2_=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_deflateInit2_" >&5
+$as_echo "$ac_cv_lib_z_deflateInit2_" >&6; }
+if test "x$ac_cv_lib_z_deflateInit2_" = xyes; then :
+ ZLIBS="-lz"
+else
+ CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}
+fi
+
+else
+ CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}
+fi
+
+
+
+#
+# Check whether we can support bzip2
+#
+if test "$use_bzip2" = yes ; then
+ _cppflags="${CPPFLAGS}"
+ _ldflags="${LDFLAGS}"
+
+# Check whether --with-bzip2 was given.
+if test "${with_bzip2+set}" = set; then :
+ withval=$with_bzip2;
+ if test -d "$withval" ; then
+ CPPFLAGS="${CPPFLAGS} -I$withval/include"
+ LDFLAGS="${LDFLAGS} -L$withval/lib"
+ fi
+
+else
+ withval=""
+fi
+
+
+ # Checking alongside stdio.h as an early version of bzip2 (1.0)
+ # required stdio.h to be included before bzlib.h, and Solaris 9 is
+ # woefully out of date.
+ if test "$withval" != no ; then
+ ac_fn_c_check_header_compile "$LINENO" "bzlib.h" "ac_cv_header_bzlib_h" "#include <stdio.h>
+"
+if test "x$ac_cv_header_bzlib_h" = xyes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BZ2_bzCompressInit in -lbz2" >&5
+$as_echo_n "checking for BZ2_bzCompressInit in -lbz2... " >&6; }
+if ${ac_cv_lib_bz2_BZ2_bzCompressInit+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lbz2 $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char BZ2_bzCompressInit ();
+int
+main ()
+{
+return BZ2_bzCompressInit ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_bz2_BZ2_bzCompressInit=yes
+else
+ ac_cv_lib_bz2_BZ2_bzCompressInit=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bz2_BZ2_bzCompressInit" >&5
+$as_echo "$ac_cv_lib_bz2_BZ2_bzCompressInit" >&6; }
+if test "x$ac_cv_lib_bz2_BZ2_bzCompressInit" = xyes; then :
+
+ have_bz2=yes
+ ZLIBS="$ZLIBS -lbz2"
+
+$as_echo "#define HAVE_BZIP2 1" >>confdefs.h
+
+
+else
+ CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}
+fi
+
+else
+ CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}
+fi
+
+
+ fi
+fi
+ if test x"$have_bz2" = "xyes"; then
+ ENABLE_BZIP2_SUPPORT_TRUE=
+ ENABLE_BZIP2_SUPPORT_FALSE='#'
+else
+ ENABLE_BZIP2_SUPPORT_TRUE='#'
+ ENABLE_BZIP2_SUPPORT_FALSE=
+fi
+
+
+
+
+# Check for readline support
+
+
+# Check whether --with-readline was given.
+if test "${with_readline+set}" = set; then :
+ withval=$with_readline; _do_readline=$withval
+else
+ _do_readline=yes
+fi
+
+
+ if test "$_do_readline" != "no" ; then
+ if test -d "$withval" ; then
+ CPPFLAGS="${CPPFLAGS} -I$withval/include"
+ LDFLAGS="${LDFLAGS} -L$withval/lib"
+ fi
+
+ for _termcap in "" "-ltermcap" "-lcurses" "-lncurses" ; do
+ _readline_save_libs=$LIBS
+ _combo="-lreadline${_termcap:+ $_termcap}"
+ LIBS="$LIBS $_combo"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether readline via \"$_combo\" is present and sane" >&5
+$as_echo_n "checking whether readline via \"$_combo\" is present and sane... " >&6; }
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <readline/readline.h>
+#include <readline/history.h>
+
+int
+main ()
+{
+
+rl_completion_func_t *completer;
+add_history("foobar");
+rl_catch_signals=0;
+rl_inhibit_completion=0;
+rl_attempted_completion_function=NULL;
+rl_completion_matches(NULL,NULL);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ _found_readline=yes
+else
+ _found_readline=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_found_readline" >&5
+$as_echo "$_found_readline" >&6; }
+
+ LIBS=$_readline_save_libs
+
+ if test $_found_readline = yes ; then
+
+$as_echo "#define HAVE_LIBREADLINE 1" >>confdefs.h
+
+ LIBREADLINE=$_combo
+
+ break
+ fi
+ done
+
+ unset _termcap
+ unset _readline_save_libs
+ unset _combo
+ unset _found_readline
+ fi
+
+
+#
+# Allow users to append something to the version string without
+# flagging it as development version. The user version parts is
+# considered everything after a dash.
+#
+if test "$development_version" != yes; then
+ tmp_pat='[a-zA-Z]'
+ if echo "$VERSION" | sed 's/-.*//' | grep "$tmp_pat" >/dev/null ; then
+ development_version=yes
+ fi
+fi
+if test "$development_version" = yes; then
+
+$as_echo "#define IS_DEVELOPMENT_VERSION 1" >>confdefs.h
+
+fi
+
+ if test x$cross_compiling = xyes; then
+ CROSS_COMPILING_TRUE=
+ CROSS_COMPILING_FALSE='#'
+else
+ CROSS_COMPILING_TRUE='#'
+ CROSS_COMPILING_FALSE=
+fi
+
+
+
+ if ${MAKE-make} --version 2>/dev/null | grep '^GNU ' >/dev/null 2>&1; then
+ :
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+***
+*** It seems that you are not using GNU make. Some make tools have serious
+*** flaws and you may not be able to build this software at all. Before you
+*** complain, please try GNU make: GNU make is easy to build and available
+*** at all GNU archives. It is always available from ftp.gnu.org:/gnu/make.
+***" >&5
+$as_echo "$as_me: WARNING:
+***
+*** It seems that you are not using GNU make. Some make tools have serious
+*** flaws and you may not be able to build this software at all. Before you
+*** complain, please try GNU make: GNU make is easy to build and available
+*** at all GNU archives. It is always available from ftp.gnu.org:/gnu/make.
+***" >&2;}
+ fi
+
+
+# Add some extra libs here so that previous tests don't fail for
+# mysterious reasons - the final link step should bail out.
+# W32SOCKLIBS is also defined so that if can be used for tools not
+# requiring any network stuff but linking to code in libcommon which
+# tracks in winsock stuff (e.g. init_common_subsystems.
+if test "$have_w32_system" = yes; then
+ W32SOCKLIBS="-lws2_32"
+ NETLIBS="${NETLIBS} ${W32SOCKLIBS}"
+fi
+
+
+
+
+#
+# Setup gcc specific options
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for cc features" >&5
+$as_echo "$as_me: checking for cc features" >&6;}
+if test "$GCC" = yes; then
+ # Note that it is okay to use CFLAGS here because this are just
+ # warning options and the user should have a chance of overriding
+ # them.
+ if test "$USE_MAINTAINER_MODE" = "yes"; then
+ CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
+ CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gcc supports -Wno-missing-field-initializers" >&5
+$as_echo_n "checking if gcc supports -Wno-missing-field-initializers... " >&6; }
+ _gcc_cflags_save=$CFLAGS
+ CFLAGS="-Wno-missing-field-initializers"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ _gcc_wopt=yes
+else
+ _gcc_wopt=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_gcc_wopt" >&5
+$as_echo "$_gcc_wopt" >&6; }
+ CFLAGS=$_gcc_cflags_save;
+ if test x"$_gcc_wopt" = xyes ; then
+ CFLAGS="$CFLAGS -W -Wno-sign-compare -Wno-missing-field-initializers"
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gcc supports -Wdeclaration-after-statement" >&5
+$as_echo_n "checking if gcc supports -Wdeclaration-after-statement... " >&6; }
+ _gcc_cflags_save=$CFLAGS
+ CFLAGS="-Wdeclaration-after-statement"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ _gcc_wopt=yes
+else
+ _gcc_wopt=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_gcc_wopt" >&5
+$as_echo "$_gcc_wopt" >&6; }
+ CFLAGS=$_gcc_cflags_save;
+ if test x"$_gcc_wopt" = xyes ; then
+ CFLAGS="$CFLAGS -Wdeclaration-after-statement"
+ fi
+ else
+ CFLAGS="$CFLAGS -Wall"
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gcc supports -Wno-pointer-sign" >&5
+$as_echo_n "checking if gcc supports -Wno-pointer-sign... " >&6; }
+ _gcc_cflags_save=$CFLAGS
+ CFLAGS="-Wno-pointer-sign"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ _gcc_psign=yes
+else
+ _gcc_psign=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_gcc_psign" >&5
+$as_echo "$_gcc_psign" >&6; }
+ CFLAGS=$_gcc_cflags_save;
+ if test x"$_gcc_psign" = xyes ; then
+ CFLAGS="$CFLAGS -Wno-pointer-sign"
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gcc supports -Wpointer-arith" >&5
+$as_echo_n "checking if gcc supports -Wpointer-arith... " >&6; }
+ _gcc_cflags_save=$CFLAGS
+ CFLAGS="-Wpointer-arith"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ _gcc_psign=yes
+else
+ _gcc_psign=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_gcc_psign" >&5
+$as_echo "$_gcc_psign" >&6; }
+ CFLAGS=$_gcc_cflags_save;
+ if test x"$_gcc_psign" = xyes ; then
+ CFLAGS="$CFLAGS -Wpointer-arith"
+ fi
+fi
+
+
+#
+# This is handy for debugging so the compiler doesn't rearrange
+# things and eliminate variables.
+#
+# Check whether --enable-optimization was given.
+if test "${enable_optimization+set}" = set; then :
+ enableval=$enable_optimization; if test $enableval = no ; then
+ CFLAGS=`echo $CFLAGS | sed 's/-O[0-9]//'`
+ fi
+fi
+
+
+#
+# Prepare building of estream
+#
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking system features for estream-printf" >&5
+$as_echo "$as_me: checking system features for estream-printf" >&6;}
+ for ac_header in stdint.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdint_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_STDINT_H 1
+_ACEOF
+
+fi
+
+done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5
+$as_echo_n "checking for long long int... " >&6; }
+if ${ac_cv_type_long_long_int+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ /* Test preprocessor. */
+ #if ! (-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+ error in preprocessor;
+ #endif
+ #if ! (18446744073709551615ULL <= -1ull)
+ error in preprocessor;
+ #endif
+ /* Test literals. */
+ long long int ll = 9223372036854775807ll;
+ long long int nll = -9223372036854775807LL;
+ unsigned long long int ull = 18446744073709551615ULL;
+ /* Test constant expressions. */
+ typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+ ? 1 : -1)];
+ typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1
+ ? 1 : -1)];
+ int i = 63;
+int
+main ()
+{
+/* Test availability of runtime routines for shift and division. */
+ long long int llmax = 9223372036854775807ll;
+ unsigned long long int ullmax = 18446744073709551615ull;
+ return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i)
+ | (llmax / ll) | (llmax % ll)
+ | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i)
+ | (ullmax / ull) | (ullmax % ull));
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ if test "$cross_compiling" = yes; then :
+ ac_cv_type_long_long_int=yes
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <limits.h>
+ #ifndef LLONG_MAX
+ # define HALF \
+ (1LL << (sizeof (long long int) * CHAR_BIT - 2))
+ # define LLONG_MAX (HALF - 1 + HALF)
+ #endif
+int
+main ()
+{
+long long int n = 1;
+ int i;
+ for (i = 0; ; i++)
+ {
+ long long int m = n << i;
+ if (m >> i != n)
+ return 1;
+ if (LLONG_MAX / 2 < m)
+ break;
+ }
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_type_long_long_int=yes
+else
+ ac_cv_type_long_long_int=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+else
+ ac_cv_type_long_long_int=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_long_int" >&5
+$as_echo "$ac_cv_type_long_long_int" >&6; }
+ if test $ac_cv_type_long_long_int = yes; then
+
+$as_echo "#define HAVE_LONG_LONG_INT 1" >>confdefs.h
+
+ fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long double" >&5
+$as_echo_n "checking for long double... " >&6; }
+if ${ac_cv_type_long_double+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$GCC" = yes; then
+ ac_cv_type_long_double=yes
+ else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+/* The Stardent Vistra knows sizeof (long double), but does
+ not support it. */
+ long double foo = 0.0L;
+int
+main ()
+{
+static int test_array [1 - 2 * !(/* On Ultrix 4.3 cc, long double is 4 and double is 8. */
+ sizeof (double) <= sizeof (long double))];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_type_long_double=yes
+else
+ ac_cv_type_long_double=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_double" >&5
+$as_echo "$ac_cv_type_long_double" >&6; }
+ if test $ac_cv_type_long_double = yes; then
+
+$as_echo "#define HAVE_LONG_DOUBLE 1" >>confdefs.h
+
+ fi
+
+
+
+ ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" "$ac_includes_default"
+if test "x$ac_cv_type_intmax_t" = xyes; then :
+
+$as_echo "#define HAVE_INTMAX_T 1" >>confdefs.h
+
+else
+ test $ac_cv_type_long_long_int = yes \
+ && ac_type='long long int' \
+ || ac_type='long int'
+
+cat >>confdefs.h <<_ACEOF
+#define intmax_t $ac_type
+_ACEOF
+
+fi
+
+
+
+
+ ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" "$ac_includes_default"
+if test "x$ac_cv_type_uintmax_t" = xyes; then :
+
+$as_echo "#define HAVE_UINTMAX_T 1" >>confdefs.h
+
+else
+ test $ac_cv_type_unsigned_long_long_int = yes \
+ && ac_type='unsigned long long int' \
+ || ac_type='unsigned long int'
+
+cat >>confdefs.h <<_ACEOF
+#define uintmax_t $ac_type
+_ACEOF
+
+fi
+
+
+ ac_fn_c_check_type "$LINENO" "ptrdiff_t" "ac_cv_type_ptrdiff_t" "$ac_includes_default"
+if test "x$ac_cv_type_ptrdiff_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_PTRDIFF_T 1
+_ACEOF
+
+
+fi
+
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5
+$as_echo_n "checking size of unsigned long... " >&6; }
+if ${ac_cv_sizeof_unsigned_long+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_unsigned_long" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned long)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_unsigned_long=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5
+$as_echo "$ac_cv_sizeof_unsigned_long" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long
+_ACEOF
+
+
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of void *" >&5
+$as_echo_n "checking size of void *... " >&6; }
+if ${ac_cv_sizeof_void_p+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (void *))" "ac_cv_sizeof_void_p" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_void_p" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (void *)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_void_p=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_void_p" >&5
+$as_echo "$ac_cv_sizeof_void_p" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_VOID_P $ac_cv_sizeof_void_p
+_ACEOF
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_langinfo and THOUSANDS_SEP" >&5
+$as_echo_n "checking for nl_langinfo and THOUSANDS_SEP... " >&6; }
+if ${estream_cv_langinfo_thousands_sep+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <langinfo.h>
+int
+main ()
+{
+char* cs = nl_langinfo(THOUSANDS_SEP); return !cs;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ estream_cv_langinfo_thousands_sep=yes
+else
+ estream_cv_langinfo_thousands_sep=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $estream_cv_langinfo_thousands_sep" >&5
+$as_echo "$estream_cv_langinfo_thousands_sep" >&6; }
+ if test $estream_cv_langinfo_thousands_sep = yes; then
+
+$as_echo "#define HAVE_LANGINFO_THOUSANDS_SEP 1" >>confdefs.h
+
+ fi
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking system features for estream" >&5
+$as_echo "$as_me: checking system features for estream" >&6;}
+
+
+
+
+#
+# Decide what to build
+#
+if test "$have_adns" = "yes"; then
+ GPGKEYS_KDNS="gpg2keys_kdns$EXEEXT"
+
+fi
+
+
+missing_pth=no
+if test $have_ksba = no; then
+ build_gpgsm=no
+ build_scdaemon=no
+fi
+
+build_agent_threaded=""
+if test "$build_agent" = "yes"; then
+ if test $have_pth = no; then
+ build_agent_threaded="(not multi-threaded)"
+ missing_pth=yes
+ fi
+fi
+
+build_scdaemon_extra=""
+if test "$build_scdaemon" = "yes"; then
+ tmp=""
+ if test $have_pth = no; then
+ build_scdaemon_extra="not multi-threaded"
+ tmp=", "
+ missing_pth=yes
+ fi
+ if test $have_libusb = no; then
+ build_scdaemon_extra="${tmp}without internal CCID driver"
+ tmp=", "
+ fi
+ if test -n "$build_scdaemon_extra"; then
+ build_scdaemon_extra="(${build_scdaemon_extra})"
+ fi
+fi
+
+
+if test "$build_agent_only" = "yes" ; then
+ build_gpg=no
+ build_gpgsm=no
+ build_scdaemon=no
+ build_tools=no
+ build_doc=no
+fi
+
+
+ if test "$build_gpg" = "yes"; then
+ BUILD_GPG_TRUE=
+ BUILD_GPG_FALSE='#'
+else
+ BUILD_GPG_TRUE='#'
+ BUILD_GPG_FALSE=
+fi
+
+ if test "$build_gpgsm" = "yes"; then
+ BUILD_GPGSM_TRUE=
+ BUILD_GPGSM_FALSE='#'
+else
+ BUILD_GPGSM_TRUE='#'
+ BUILD_GPGSM_FALSE=
+fi
+
+ if test "$build_agent" = "yes"; then
+ BUILD_AGENT_TRUE=
+ BUILD_AGENT_FALSE='#'
+else
+ BUILD_AGENT_TRUE='#'
+ BUILD_AGENT_FALSE=
+fi
+
+ if test "$build_scdaemon" = "yes"; then
+ BUILD_SCDAEMON_TRUE=
+ BUILD_SCDAEMON_FALSE='#'
+else
+ BUILD_SCDAEMON_TRUE='#'
+ BUILD_SCDAEMON_FALSE=
+fi
+
+ if test "$build_tools" = "yes"; then
+ BUILD_TOOLS_TRUE=
+ BUILD_TOOLS_FALSE='#'
+else
+ BUILD_TOOLS_TRUE='#'
+ BUILD_TOOLS_FALSE=
+fi
+
+ if test "$build_doc" = "yes"; then
+ BUILD_DOC_TRUE=
+ BUILD_DOC_FALSE='#'
+else
+ BUILD_DOC_TRUE='#'
+ BUILD_DOC_FALSE=
+fi
+
+ if test "$build_symcryptrun" = "yes"; then
+ BUILD_SYMCRYPTRUN_TRUE=
+ BUILD_SYMCRYPTRUN_FALSE='#'
+else
+ BUILD_SYMCRYPTRUN_TRUE='#'
+ BUILD_SYMCRYPTRUN_FALSE=
+fi
+
+ if test "$build_gpgtar" = "yes"; then
+ BUILD_GPGTAR_TRUE=
+ BUILD_GPGTAR_FALSE='#'
+else
+ BUILD_GPGTAR_TRUE='#'
+ BUILD_GPGTAR_FALSE=
+fi
+
+
+ if test x$cross_compiling = xno -a "$build_gpg" = yes ; then
+ RUN_GPG_TESTS_TRUE=
+ RUN_GPG_TESTS_FALSE='#'
+else
+ RUN_GPG_TESTS_TRUE='#'
+ RUN_GPG_TESTS_FALSE=
+fi
+
+
+
+#
+# Print errors here so that they are visible all
+# together and the user can acquire them all together.
+#
+die=no
+if test "$have_gpg_error" = "no"; then
+ die=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}:
+***
+*** You need libgpg-error to build this program.
+** This library is for example available at
+*** ftp://ftp.gnupg.org/gcrypt/libgpg-error
+*** (at least version $NEED_GPG_ERROR_VERSION is required.)
+***" >&5
+$as_echo "$as_me:
+***
+*** You need libgpg-error to build this program.
+** This library is for example available at
+*** ftp://ftp.gnupg.org/gcrypt/libgpg-error
+*** (at least version $NEED_GPG_ERROR_VERSION is required.)
+***" >&6;}
+fi
+if test "$have_libgcrypt" = "no"; then
+ die=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}:
+***
+*** You need libgcrypt to build this program.
+** This library is for example available at
+*** ftp://ftp.gnupg.org/gcrypt/libgcrypt/
+*** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API is required.)
+***" >&5
+$as_echo "$as_me:
+***
+*** You need libgcrypt to build this program.
+** This library is for example available at
+*** ftp://ftp.gnupg.org/gcrypt/libgcrypt/
+*** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API is required.)
+***" >&6;}
+fi
+if test "$have_libassuan" = "no"; then
+ die=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}:
+***
+*** You need libassuan to build this program.
+*** This library is for example available at
+*** ftp://ftp.gnupg.org/gcrypt/libassuan/
+*** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required).
+***" >&5
+$as_echo "$as_me:
+***
+*** You need libassuan to build this program.
+*** This library is for example available at
+*** ftp://ftp.gnupg.org/gcrypt/libassuan/
+*** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required).
+***" >&6;}
+fi
+if test "$have_ksba" = "no"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}:
+***
+*** You need libksba to build this program.
+*** This library is for example available at
+*** ftp://ftp.gnupg.org/gcrypt/libksba/
+*** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required).
+***" >&5
+$as_echo "$as_me:
+***
+*** You need libksba to build this program.
+*** This library is for example available at
+*** ftp://ftp.gnupg.org/gcrypt/libksba/
+*** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required).
+***" >&6;}
+fi
+if test "$missing_pth" = "yes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}:
+***
+*** It is now required to build with support for the
+*** GNU Portable Threads Library (Pth). Please install this
+*** library first. The library is for example available at
+*** ftp://ftp.gnu.org/gnu/pth/
+*** On a Debian GNU/Linux system you can install it using
+*** apt-get install libpth-dev
+*** To build GnuPG for Windows you need to use the W32PTH
+*** package; available at:
+*** ftp://ftp.g10code.com/g10code/w32pth/
+***" >&5
+$as_echo "$as_me:
+***
+*** It is now required to build with support for the
+*** GNU Portable Threads Library (Pth). Please install this
+*** library first. The library is for example available at
+*** ftp://ftp.gnu.org/gnu/pth/
+*** On a Debian GNU/Linux system you can install it using
+*** apt-get install libpth-dev
+*** To build GnuPG for Windows you need to use the W32PTH
+*** package; available at:
+*** ftp://ftp.g10code.com/g10code/w32pth/
+***" >&6;}
+ die=yes
+fi
+
+if test "$die" = "yes"; then
+ as_fn_error $? "
+***
+*** Required libraries not found. Please consult the above messages
+*** and install them before running configure again.
+***" "$LINENO" 5
+fi
+
+
+
+ac_config_files="$ac_config_files m4/Makefile Makefile po/Makefile.in gl/Makefile include/Makefile jnlib/Makefile common/Makefile kbx/Makefile g10/Makefile sm/Makefile agent/Makefile scd/Makefile keyserver/Makefile keyserver/gpg2keys_mailto keyserver/gpg2keys_test tools/gpg-zip tools/Makefile doc/Makefile tests/Makefile tests/openpgp/Makefile tests/pkits/Makefile"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems. If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+ for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+
+ (set) 2>&1 |
+ case $as_nl`(ac_space=' '; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ # `set' does not quote correctly, so add quotes: double-quote
+ # substitution turns \\\\ into \\, and sed turns \\ into \.
+ sed -n \
+ "s/'/'\\\\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+ ;; #(
+ *)
+ # `set' quotes correctly as required by POSIX, so do not add quotes.
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+) |
+ sed '
+ /^ac_cv_env_/b end
+ t clear
+ :clear
+ s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+ t end
+ s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+ :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+ if test -w "$cache_file"; then
+ if test "x$cache_file" != "x/dev/null"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+ if test ! -f "$cache_file" || test -h "$cache_file"; then
+ cat confcache >"$cache_file"
+ else
+ case $cache_file in #(
+ */* | ?:*)
+ mv -f confcache "$cache_file"$$ &&
+ mv -f "$cache_file"$$ "$cache_file" ;; #(
+ *)
+ mv -f confcache "$cache_file" ;;
+ esac
+ fi
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+ fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+U=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+ # 1. Remove the extension, and $U if already installed.
+ ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+ ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+ # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
+ # will be set to the directory where LIBOBJS objects are built.
+ as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+ as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+ if test -n "$EXEEXT"; then
+ am__EXEEXT_TRUE=
+ am__EXEEXT_FALSE='#'
+else
+ am__EXEEXT_TRUE='#'
+ am__EXEEXT_FALSE=
+fi
+
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+ as_fn_error $? "conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+ as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${GNUPG_AGENT_PGM_TRUE}" && test -z "${GNUPG_AGENT_PGM_FALSE}"; then
+ as_fn_error $? "conditional \"GNUPG_AGENT_PGM\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${GNUPG_PINENTRY_PGM_TRUE}" && test -z "${GNUPG_PINENTRY_PGM_FALSE}"; then
+ as_fn_error $? "conditional \"GNUPG_PINENTRY_PGM\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${GNUPG_SCDAEMON_PGM_TRUE}" && test -z "${GNUPG_SCDAEMON_PGM_FALSE}"; then
+ as_fn_error $? "conditional \"GNUPG_SCDAEMON_PGM\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${GNUPG_DIRMNGR_PGM_TRUE}" && test -z "${GNUPG_DIRMNGR_PGM_FALSE}"; then
+ as_fn_error $? "conditional \"GNUPG_DIRMNGR_PGM\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${GNUPG_PROTECT_TOOL_PGM_TRUE}" && test -z "${GNUPG_PROTECT_TOOL_PGM_FALSE}"; then
+ as_fn_error $? "conditional \"GNUPG_PROTECT_TOOL_PGM\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then
+ as_fn_error $? "conditional \"MAINTAINER_MODE\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+ as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${WORKING_FAQPROG_TRUE}" && test -z "${WORKING_FAQPROG_FALSE}"; then
+ as_fn_error $? "conditional \"WORKING_FAQPROG\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${HAVE_USTAR_TRUE}" && test -z "${HAVE_USTAR_FALSE}"; then
+ as_fn_error $? "conditional \"HAVE_USTAR\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${HAVE_DOSISH_SYSTEM_TRUE}" && test -z "${HAVE_DOSISH_SYSTEM_FALSE}"; then
+ as_fn_error $? "conditional \"HAVE_DOSISH_SYSTEM\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${USE_SIMPLE_GETTEXT_TRUE}" && test -z "${USE_SIMPLE_GETTEXT_FALSE}"; then
+ as_fn_error $? "conditional \"USE_SIMPLE_GETTEXT\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${HAVE_W32_SYSTEM_TRUE}" && test -z "${HAVE_W32_SYSTEM_FALSE}"; then
+ as_fn_error $? "conditional \"HAVE_W32_SYSTEM\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${USE_DNS_SRV_TRUE}" && test -z "${USE_DNS_SRV_FALSE}"; then
+ as_fn_error $? "conditional \"USE_DNS_SRV\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${FAKE_CURL_TRUE}" && test -z "${FAKE_CURL_FALSE}"; then
+ as_fn_error $? "conditional \"FAKE_CURL\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${GL_COND_LIBTOOL_TRUE}" && test -z "${GL_COND_LIBTOOL_FALSE}"; then
+ as_fn_error $? "conditional \"GL_COND_LIBTOOL\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${DISABLE_REGEX_TRUE}" && test -z "${DISABLE_REGEX_FALSE}"; then
+ as_fn_error $? "conditional \"DISABLE_REGEX\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_BZIP2_SUPPORT_TRUE}" && test -z "${ENABLE_BZIP2_SUPPORT_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_BZIP2_SUPPORT\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${CROSS_COMPILING_TRUE}" && test -z "${CROSS_COMPILING_FALSE}"; then
+ as_fn_error $? "conditional \"CROSS_COMPILING\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${BUILD_GPG_TRUE}" && test -z "${BUILD_GPG_FALSE}"; then
+ as_fn_error $? "conditional \"BUILD_GPG\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${BUILD_GPGSM_TRUE}" && test -z "${BUILD_GPGSM_FALSE}"; then
+ as_fn_error $? "conditional \"BUILD_GPGSM\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${BUILD_AGENT_TRUE}" && test -z "${BUILD_AGENT_FALSE}"; then
+ as_fn_error $? "conditional \"BUILD_AGENT\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${BUILD_SCDAEMON_TRUE}" && test -z "${BUILD_SCDAEMON_FALSE}"; then
+ as_fn_error $? "conditional \"BUILD_SCDAEMON\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${BUILD_TOOLS_TRUE}" && test -z "${BUILD_TOOLS_FALSE}"; then
+ as_fn_error $? "conditional \"BUILD_TOOLS\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${BUILD_DOC_TRUE}" && test -z "${BUILD_DOC_FALSE}"; then
+ as_fn_error $? "conditional \"BUILD_DOC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${BUILD_SYMCRYPTRUN_TRUE}" && test -z "${BUILD_SYMCRYPTRUN_FALSE}"; then
+ as_fn_error $? "conditional \"BUILD_SYMCRYPTRUN\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${BUILD_GPGTAR_TRUE}" && test -z "${BUILD_GPGTAR_FALSE}"; then
+ as_fn_error $? "conditional \"BUILD_GPGTAR\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${RUN_GPG_TESTS_TRUE}" && test -z "${RUN_GPG_TESTS_FALSE}"; then
+ as_fn_error $? "conditional \"RUN_GPG_TESTS\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+
+: "${CONFIG_STATUS=./config.status}"
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -p'
+ fi
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in #(
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by gnupg $as_me 2.0.19, which was
+generated by GNU Autoconf 2.68. Invocation command line was
+
+ CONFIG_FILES = $CONFIG_FILES
+ CONFIG_HEADERS = $CONFIG_HEADERS
+ CONFIG_LINKS = $CONFIG_LINKS
+ CONFIG_COMMANDS = $CONFIG_COMMANDS
+ $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+config_commands="$ac_config_commands"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration. Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+ -h, --help print this help, then exit
+ -V, --version print version number and configuration settings, then exit
+ --config print configuration, then exit
+ -q, --quiet, --silent
+ do not print progress messages
+ -d, --debug don't remove temporary files
+ --recheck update $as_me by reconfiguring in the same conditions
+ --file=FILE[:TEMPLATE]
+ instantiate the configuration file FILE
+ --header=FILE[:TEMPLATE]
+ instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration commands:
+$config_commands
+
+Report bugs to <http://bugs.gnupg.org>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_version="\\
+gnupg config.status 2.0.19
+configured by $0, generated by GNU Autoconf 2.68,
+ with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2010 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+MKDIR_P='$MKDIR_P'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+ case $1 in
+ --*=?*)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+ ac_shift=:
+ ;;
+ --*=)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=
+ ac_shift=:
+ ;;
+ *)
+ ac_option=$1
+ ac_optarg=$2
+ ac_shift=shift
+ ;;
+ esac
+
+ case $ac_option in
+ # Handling of the options.
+ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+ ac_cs_recheck=: ;;
+ --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+ $as_echo "$ac_cs_version"; exit ;;
+ --config | --confi | --conf | --con | --co | --c )
+ $as_echo "$ac_cs_config"; exit ;;
+ --debug | --debu | --deb | --de | --d | -d )
+ debug=: ;;
+ --file | --fil | --fi | --f )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ '') as_fn_error $? "missing file argument" ;;
+ esac
+ as_fn_append CONFIG_FILES " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --header | --heade | --head | --hea )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append CONFIG_HEADERS " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --he | --h)
+ # Conflict between --help and --header
+ as_fn_error $? "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
+ --help | --hel | -h )
+ $as_echo "$ac_cs_usage"; exit ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil | --si | --s)
+ ac_cs_silent=: ;;
+
+ # This is an error.
+ -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+ *) as_fn_append ac_config_targets " $1"
+ ac_need_defaults=false ;;
+
+ esac
+ shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+ exec 6>/dev/null
+ ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+ set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+ shift
+ \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+ CONFIG_SHELL='$SHELL'
+ export CONFIG_SHELL
+ exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+ echo
+ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+ $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+# Capture the value of obsolete ALL_LINGUAS because we need it to compute
+ # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it
+ # from automake < 1.5.
+ eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"'
+ # Capture the value of LINGUAS because we need it to compute CATALOGS.
+ LINGUAS="${LINGUAS-%UNSET%}"
+
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+ case $ac_config_target in
+ "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+ "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+ "po-directories") CONFIG_COMMANDS="$CONFIG_COMMANDS po-directories" ;;
+ "m4/Makefile") CONFIG_FILES="$CONFIG_FILES m4/Makefile" ;;
+ "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+ "po/Makefile.in") CONFIG_FILES="$CONFIG_FILES po/Makefile.in" ;;
+ "gl/Makefile") CONFIG_FILES="$CONFIG_FILES gl/Makefile" ;;
+ "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
+ "jnlib/Makefile") CONFIG_FILES="$CONFIG_FILES jnlib/Makefile" ;;
+ "common/Makefile") CONFIG_FILES="$CONFIG_FILES common/Makefile" ;;
+ "kbx/Makefile") CONFIG_FILES="$CONFIG_FILES kbx/Makefile" ;;
+ "g10/Makefile") CONFIG_FILES="$CONFIG_FILES g10/Makefile" ;;
+ "sm/Makefile") CONFIG_FILES="$CONFIG_FILES sm/Makefile" ;;
+ "agent/Makefile") CONFIG_FILES="$CONFIG_FILES agent/Makefile" ;;
+ "scd/Makefile") CONFIG_FILES="$CONFIG_FILES scd/Makefile" ;;
+ "keyserver/Makefile") CONFIG_FILES="$CONFIG_FILES keyserver/Makefile" ;;
+ "keyserver/gpg2keys_mailto") CONFIG_FILES="$CONFIG_FILES keyserver/gpg2keys_mailto" ;;
+ "keyserver/gpg2keys_test") CONFIG_FILES="$CONFIG_FILES keyserver/gpg2keys_test" ;;
+ "tools/gpg-zip") CONFIG_FILES="$CONFIG_FILES tools/gpg-zip" ;;
+ "tools/Makefile") CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;;
+ "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+ "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;;
+ "tests/openpgp/Makefile") CONFIG_FILES="$CONFIG_FILES tests/openpgp/Makefile" ;;
+ "tests/pkits/Makefile") CONFIG_FILES="$CONFIG_FILES tests/pkits/Makefile" ;;
+
+ *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+ esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used. Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+ test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+ test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+ test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience. Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+ tmp= ac_tmp=
+ trap 'exit_status=$?
+ : "${ac_tmp:=$tmp}"
+ { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
+' 0
+ trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+ tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+ test -d "$tmp"
+} ||
+{
+ tmp=./conf$$-$RANDOM
+ (umask 077 && mkdir "$tmp")
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+ac_tmp=$tmp
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+ eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+ ac_cs_awk_cr='\\r'
+else
+ ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+ echo "cat >conf$$subs.awk <<_ACEOF" &&
+ echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+ echo "_ACEOF"
+} >conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+ . ./conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+
+ ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+ if test $ac_delim_n = $ac_delim_num; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+ N
+ s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
+ for (key in S) S_is_set[key] = 1
+ FS = ""
+
+}
+{
+ line = $ 0
+ nfields = split(line, field, "@")
+ substed = 0
+ len = length(field[1])
+ for (i = 2; i < nfields; i++) {
+ key = field[i]
+ keylen = length(key)
+ if (S_is_set[key]) {
+ value = S[key]
+ line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+ len += length(value) + length(field[++i])
+ substed = 1
+ } else
+ len += 1 + keylen
+ }
+
+ print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+ sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+ cat
+fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
+ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+ ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
+h
+s///
+s/^/:/
+s/[ ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
+s/:*$//
+x
+s/\(=[ ]*\).*/\1/
+G
+s/\n//
+s/^[^=]*=[ ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+ ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
+ if test -z "$ac_tt"; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any. Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[ ]*#[ ]*define[ ][ ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ for (key in D) D_is_set[key] = 1
+ FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+ line = \$ 0
+ split(line, arg, " ")
+ if (arg[1] == "#") {
+ defundef = arg[2]
+ mac1 = arg[3]
+ } else {
+ defundef = substr(arg[1], 2)
+ mac1 = arg[2]
+ }
+ split(mac1, mac2, "(") #)
+ macro = mac2[1]
+ prefix = substr(line, 1, index(line, defundef) - 1)
+ if (D_is_set[macro]) {
+ # Preserve the white space surrounding the "#".
+ print prefix "define", macro P[macro] D[macro]
+ next
+ } else {
+ # Replace #undef with comments. This is necessary, for example,
+ # in the case of _POSIX_SOURCE, which is predefined and required
+ # on some systems where configure will not decide to define it.
+ if (defundef == "undef") {
+ print "/*", prefix defundef, macro, "*/"
+ next
+ }
+ }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+ case $ac_tag in
+ :[FHLC]) ac_mode=$ac_tag; continue;;
+ esac
+ case $ac_mode$ac_tag in
+ :[FHL]*:*);;
+ :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
+ :[FH]-) ac_tag=-:-;;
+ :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+ esac
+ ac_save_IFS=$IFS
+ IFS=:
+ set x $ac_tag
+ IFS=$ac_save_IFS
+ shift
+ ac_file=$1
+ shift
+
+ case $ac_mode in
+ :L) ac_source=$1;;
+ :[FH])
+ ac_file_inputs=
+ for ac_f
+ do
+ case $ac_f in
+ -) ac_f="$ac_tmp/stdin";;
+ *) # Look for the file first in the build tree, then in the source tree
+ # (if the path is not absolute). The absolute path cannot be DOS-style,
+ # because $ac_f cannot contain `:'.
+ test -f "$ac_f" ||
+ case $ac_f in
+ [\\/$]*) false;;
+ *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+ esac ||
+ as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+ esac
+ case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+ as_fn_append ac_file_inputs " '$ac_f'"
+ done
+
+ # Let's still pretend it is `configure' which instantiates (i.e., don't
+ # use $as_me), people would be surprised to read:
+ # /* config.h. Generated by config.status. */
+ configure_input='Generated from '`
+ $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+ `' by configure.'
+ if test x"$ac_file" != x-; then
+ configure_input="$ac_file. $configure_input"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+ fi
+ # Neutralize special characters interpreted by sed in replacement strings.
+ case $configure_input in #(
+ *\&* | *\|* | *\\* )
+ ac_sed_conf_input=`$as_echo "$configure_input" |
+ sed 's/[\\\\&|]/\\\\&/g'`;; #(
+ *) ac_sed_conf_input=$configure_input;;
+ esac
+
+ case $ac_tag in
+ *:-:* | *:-) cat >"$ac_tmp/stdin" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+ esac
+ ;;
+ esac
+
+ ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$ac_file" : 'X\(//\)[^/]' \| \
+ X"$ac_file" : 'X\(//\)$' \| \
+ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ as_dir="$ac_dir"; as_fn_mkdir_p
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+ case $ac_mode in
+ :F)
+ #
+ # CONFIG_FILE
+ #
+
+ case $INSTALL in
+ [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+ *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+ esac
+ ac_MKDIR_P=$MKDIR_P
+ case $MKDIR_P in
+ [\\/$]* | ?:[\\/]* ) ;;
+ */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+ esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+ p
+ q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_datarootdir_hack='
+ s&@datadir@&$datadir&g
+ s&@docdir@&$docdir&g
+ s&@infodir@&$infodir&g
+ s&@localedir@&$localedir&g
+ s&@mandir@&$mandir&g
+ s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
+ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+ { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
+ { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
+ "$ac_tmp/out"`; test -z "$ac_out"; } &&
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&2;}
+
+ rm -f "$ac_tmp/stdin"
+ case $ac_file in
+ -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+ *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
+ esac \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ ;;
+ :H)
+ #
+ # CONFIG_HEADER
+ #
+ if test x"$ac_file" != x-; then
+ {
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
+ } >"$ac_tmp/config.h" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+ else
+ rm -f "$ac_file"
+ mv "$ac_tmp/config.h" "$ac_file" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ fi
+ else
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
+ || as_fn_error $? "could not create -" "$LINENO" 5
+ fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+ case $_am_header in
+ $_am_arg | $_am_arg:* )
+ break ;;
+ * )
+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+ esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$_am_arg" : 'X\(//\)[^/]' \| \
+ X"$_am_arg" : 'X\(//\)$' \| \
+ X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+
+ :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+ esac
+
+
+ case $ac_file$ac_mode in
+ "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+ # Autoconf 2.62 quotes --file arguments for eval, but not when files
+ # are listed without --file. Let's play safe and only enable the eval
+ # if we detect the quoting.
+ case $CONFIG_FILES in
+ *\'*) eval set x "$CONFIG_FILES" ;;
+ *) set x $CONFIG_FILES ;;
+ esac
+ shift
+ for mf
+ do
+ # Strip MF so we end up with the name of the file.
+ mf=`echo "$mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile or not.
+ # We used to match only the files named `Makefile.in', but
+ # some people rename them; so instead we look at the file content.
+ # Grep'ing the first line is not enough: some people post-process
+ # each Makefile.in and add a new line on top of each file to say so.
+ # Grep'ing the whole file is not good either: AIX grep has a line
+ # limit of 2048, but all sed's we know have understand at least 4000.
+ if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+ dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$mf" : 'X\(//\)[^/]' \| \
+ X"$mf" : 'X\(//\)$' \| \
+ X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ else
+ continue
+ fi
+ # Extract the definition of DEPDIR, am__include, and am__quote
+ # from the Makefile without running `make'.
+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+ test -z "$DEPDIR" && continue
+ am__include=`sed -n 's/^am__include = //p' < "$mf"`
+ test -z "am__include" && continue
+ am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+ # When using ansi2knr, U may be empty or an underscore; expand it
+ U=`sed -n 's/^U = //p' < "$mf"`
+ # Find all dependency output files, they are included files with
+ # $(DEPDIR) in their names. We invoke sed twice because it is the
+ # simplest approach to changing $(DEPDIR) to its actual value in the
+ # expansion.
+ for file in `sed -n "
+ s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+ # Make sure the directory exists.
+ test -f "$dirpart/$file" && continue
+ fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$file" : 'X\(//\)[^/]' \| \
+ X"$file" : 'X\(//\)$' \| \
+ X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ as_dir=$dirpart/$fdir; as_fn_mkdir_p
+ # echo "creating $dirpart/$file"
+ echo '# dummy' > "$dirpart/$file"
+ done
+ done
+}
+ ;;
+ "po-directories":C)
+ for ac_file in $CONFIG_FILES; do
+ # Support "outfile[:infile[:infile...]]"
+ case "$ac_file" in
+ *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
+ esac
+ # PO directories have a Makefile.in generated from Makefile.in.in.
+ case "$ac_file" in */Makefile.in)
+ # Adjust a relative srcdir.
+ ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'`
+ ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`"
+ ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'`
+ # In autoconf-2.13 it is called $ac_given_srcdir.
+ # In autoconf-2.50 it is called $srcdir.
+ test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir"
+ case "$ac_given_srcdir" in
+ .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;;
+ /*) top_srcdir="$ac_given_srcdir" ;;
+ *) top_srcdir="$ac_dots$ac_given_srcdir" ;;
+ esac
+ # Treat a directory as a PO directory if and only if it has a
+ # POTFILES.in file. This allows packages to have multiple PO
+ # directories under different names or in different locations.
+ if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then
+ rm -f "$ac_dir/POTFILES"
+ test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES"
+ cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES"
+ POMAKEFILEDEPS="POTFILES.in"
+ # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend
+ # on $ac_dir but don't depend on user-specified configuration
+ # parameters.
+ if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then
+ # The LINGUAS file contains the set of available languages.
+ if test -n "$OBSOLETE_ALL_LINGUAS"; then
+ test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete"
+ fi
+ ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"`
+ # Hide the ALL_LINGUAS assigment from automake < 1.5.
+ eval 'ALL_LINGUAS''=$ALL_LINGUAS_'
+ POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS"
+ else
+ # The set of available languages was given in configure.in.
+ # Hide the ALL_LINGUAS assigment from automake < 1.5.
+ eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS'
+ fi
+ # Compute POFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po)
+ # Compute UPDATEPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update)
+ # Compute DUMMYPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop)
+ # Compute GMOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo)
+ case "$ac_given_srcdir" in
+ .) srcdirpre= ;;
+ *) srcdirpre='$(srcdir)/' ;;
+ esac
+ POFILES=
+ UPDATEPOFILES=
+ DUMMYPOFILES=
+ GMOFILES=
+ for lang in $ALL_LINGUAS; do
+ POFILES="$POFILES $srcdirpre$lang.po"
+ UPDATEPOFILES="$UPDATEPOFILES $lang.po-update"
+ DUMMYPOFILES="$DUMMYPOFILES $lang.nop"
+ GMOFILES="$GMOFILES $srcdirpre$lang.gmo"
+ done
+ # CATALOGS depends on both $ac_dir and the user's LINGUAS
+ # environment variable.
+ INST_LINGUAS=
+ if test -n "$ALL_LINGUAS"; then
+ for presentlang in $ALL_LINGUAS; do
+ useit=no
+ if test "%UNSET%" != "$LINGUAS"; then
+ desiredlanguages="$LINGUAS"
+ else
+ desiredlanguages="$ALL_LINGUAS"
+ fi
+ for desiredlang in $desiredlanguages; do
+ # Use the presentlang catalog if desiredlang is
+ # a. equal to presentlang, or
+ # b. a variant of presentlang (because in this case,
+ # presentlang can be used as a fallback for messages
+ # which are not translated in the desiredlang catalog).
+ case "$desiredlang" in
+ "$presentlang"*) useit=yes;;
+ esac
+ done
+ if test $useit = yes; then
+ INST_LINGUAS="$INST_LINGUAS $presentlang"
+ fi
+ done
+ fi
+ CATALOGS=
+ if test -n "$INST_LINGUAS"; then
+ for lang in $INST_LINGUAS; do
+ CATALOGS="$CATALOGS $lang.gmo"
+ done
+ fi
+ test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile"
+ sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile"
+ for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do
+ if test -f "$f"; then
+ case "$f" in
+ *.orig | *.bak | *~) ;;
+ *) cat "$f" >> "$ac_dir/Makefile" ;;
+ esac
+ fi
+ done
+ fi
+ ;;
+ esac
+ done ;;
+
+ esac
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+ as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded. So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status. When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+ ac_cs_success=:
+ ac_config_status_args=
+ test "$silent" = yes &&
+ ac_config_status_args="$ac_config_status_args --quiet"
+ exec 5>/dev/null
+ $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+ exec 5>>config.log
+ # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+ # would make configure fail if this is the last instruction.
+ $ac_cs_success || as_fn_exit 1
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
+
+
+echo "
+ GnuPG v${VERSION} has been configured as follows:
+
+ Platform: $PRINTABLE_OS_NAME ($host)
+
+ OpenPGP: $build_gpg
+ S/MIME: $build_gpgsm
+ Agent: $build_agent $build_agent_threaded
+ Smartcard: $build_scdaemon $build_scdaemon_extra
+ Gpgtar: $build_gpgtar
+
+ Protect tool: $show_gnupg_protect_tool_pgm
+ Default agent: $show_gnupg_agent_pgm
+ Default pinentry: $show_gnupg_pinentry_pgm
+ Default scdaemon: $show_gnupg_scdaemon_pgm
+ Default dirmngr: $show_gnupg_dirmngr_pgm
+"
+if test x"$use_regex" != xyes ; then
+echo "
+ Warning: No regular expression support available.
+ OpenPGP trust signatures won't work.
+ gpg-check-pattern will not be build.
+"
+fi
diff --git a/configure.ac b/configure.ac
new file mode 100644
index 0000000..7cc3a83
--- /dev/null
+++ b/configure.ac
@@ -0,0 +1,1544 @@
+# configure.ac - for GnuPG 2.0
+# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+# 2006, 2007, 2008, 2010, 2011,
+# 2012 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+# Process this file with autoconf to produce a configure script.
+AC_PREREQ(2.61)
+min_automake_version="1.10"
+
+# Remember to change the version number immediately *after* a release.
+# Set my_issvn to "yes" for non-released code. Remember to run an
+# "svn up" and "autogen.sh" right before creating a distribution.
+m4_define([my_version], [2.0.19])
+m4_define([my_issvn], [no])
+
+m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \
+ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))
+m4_define([git_revision], m4_esyscmd([git branch -v 2>/dev/null \
+ | awk '/^\* / {printf "%s",$3}']))
+m4_define([my_full_version], [my_version[]m4_if(my_issvn,[yes],
+ [m4_if(git_revision,[],[-svn[]svn_revision],[-git[]git_revision])])])
+
+AC_INIT([gnupg],[my_full_version],[http://bugs.gnupg.org])
+# Set development_version to yes if the minor number is odd or you
+# feel that the default check for a development version is not
+# sufficient.
+development_version=no
+
+NEED_GPG_ERROR_VERSION=1.7
+
+NEED_LIBGCRYPT_API=1
+NEED_LIBGCRYPT_VERSION=1.4.0
+
+NEED_LIBASSUAN_API=2
+NEED_LIBASSUAN_VERSION=2.0.0
+
+NEED_KSBA_API=1
+NEED_KSBA_VERSION=1.0.7
+
+
+PACKAGE=$PACKAGE_NAME
+PACKAGE_GT=${PACKAGE_NAME}2
+VERSION=$PACKAGE_VERSION
+
+AC_CONFIG_AUX_DIR(scripts)
+AC_CONFIG_SRCDIR(sm/gpgsm.c)
+AM_CONFIG_HEADER(config.h)
+AM_INIT_AUTOMAKE($PACKAGE, $VERSION)
+AC_CANONICAL_HOST
+AB_INIT
+
+AC_GNU_SOURCE
+
+# Some status variables.
+have_gpg_error=no
+have_libgcrypt=no
+have_libassuan=no
+have_ksba=no
+have_pth=no
+have_libusb=no
+have_adns=no
+
+use_bzip2=yes
+use_exec=yes
+disable_keyserver_path=no
+use_ccid_driver=yes
+use_standard_socket=no
+
+GNUPG_BUILD_PROGRAM(gpg, yes)
+GNUPG_BUILD_PROGRAM(gpgsm, yes)
+GNUPG_BUILD_PROGRAM(agent, yes)
+GNUPG_BUILD_PROGRAM(scdaemon, yes)
+GNUPG_BUILD_PROGRAM(tools, yes)
+GNUPG_BUILD_PROGRAM(doc, yes)
+GNUPG_BUILD_PROGRAM(symcryptrun, no)
+GNUPG_BUILD_PROGRAM(gpgtar, no)
+
+
+AC_SUBST(PACKAGE)
+AC_SUBST(PACKAGE_GT)
+AC_SUBST(VERSION)
+AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of this package])
+AC_DEFINE_UNQUOTED(PACKAGE_GT, "$PACKAGE_GT",
+ [Name of this package for gettext])
+AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version of this package])
+AC_DEFINE_UNQUOTED(PACKAGE_BUGREPORT, "$PACKAGE_BUGREPORT",
+ [Bug report address])
+AC_DEFINE_UNQUOTED(NEED_LIBGCRYPT_VERSION, "$NEED_LIBGCRYPT_VERSION",
+ [Required version of Libgcrypt])
+AC_DEFINE_UNQUOTED(NEED_KSBA_VERSION, "$NEED_KSBA_VERSION",
+ [Required version of Libksba])
+
+
+# The default is to use the modules from this package and the few
+# other packages in a standard place; i.e where this package gets
+# installed. With these options it is possible to override these
+# ${prefix} depended values with fixed paths, which can't be replaced
+# at make time. See also am/cmacros.am and the defaults in AH_BOTTOM.
+AC_ARG_WITH(agent-pgm,
+ [ --with-agent-pgm=PATH Use PATH as the default for the agent)],
+ GNUPG_AGENT_PGM="$withval", GNUPG_AGENT_PGM="" )
+AC_SUBST(GNUPG_AGENT_PGM)
+AM_CONDITIONAL(GNUPG_AGENT_PGM, test -n "$GNUPG_AGENT_PGM")
+show_gnupg_agent_pgm="(default)"
+test -n "$GNUPG_AGENT_PGM" && show_gnupg_agent_pgm="$GNUPG_AGENT_PGM"
+
+AC_ARG_WITH(pinentry-pgm,
+ [ --with-pinentry-pgm=PATH Use PATH as the default for the pinentry)],
+ GNUPG_PINENTRY_PGM="$withval", GNUPG_PINENTRY_PGM="" )
+AC_SUBST(GNUPG_PINENTRY_PGM)
+AM_CONDITIONAL(GNUPG_PINENTRY_PGM, test -n "$GNUPG_PINENTRY_PGM")
+show_gnupg_pinentry_pgm="(default)"
+test -n "$GNUPG_PINENTRY_PGM" && show_gnupg_pinentry_pgm="$GNUPG_PINENTRY_PGM"
+
+
+AC_ARG_WITH(scdaemon-pgm,
+ [ --with-scdaemon-pgm=PATH Use PATH as the default for the scdaemon)],
+ GNUPG_SCDAEMON_PGM="$withval", GNUPG_SCDAEMON_PGM="" )
+AC_SUBST(GNUPG_SCDAEMON_PGM)
+AM_CONDITIONAL(GNUPG_SCDAEMON_PGM, test -n "$GNUPG_SCDAEMON_PGM")
+show_gnupg_scdaemon_pgm="(default)"
+test -n "$GNUPG_SCDAEMON_PGM" && show_gnupg_scdaemon_pgm="$GNUPG_SCDAEMON_PGM"
+
+
+AC_ARG_WITH(dirmngr-pgm,
+ [ --with-dirmngr-pgm=PATH Use PATH as the default for the dirmngr)],
+ GNUPG_DIRMNGR_PGM="$withval", GNUPG_DIRMNGR_PGM="" )
+AC_SUBST(GNUPG_DIRMNGR_PGM)
+AM_CONDITIONAL(GNUPG_DIRMNGR_PGM, test -n "$GNUPG_DIRMNGR_PGM")
+show_gnupg_dirmngr_pgm="(default)"
+test -n "$GNUPG_DIRMNGR_PGM" && show_gnupg_dirmngr_pgm="$GNUPG_DIRMNGR_PGM"
+
+AC_ARG_WITH(protect-tool-pgm,
+ [ --with-protect-tool-pgm=PATH Use PATH as the default for the protect-tool)],
+ GNUPG_PROTECT_TOOL_PGM="$withval", GNUPG_PROTECT_TOOL_PGM="" )
+AC_SUBST(GNUPG_PROTECT_TOOL_PGM)
+AM_CONDITIONAL(GNUPG_PROTECT_TOOL_PGM, test -n "$GNUPG_PROTECT_TOOL_PGM")
+show_gnupg_protect_tool_pgm="(default)"
+test -n "$GNUPG_PROTECT_TOOL_PGM" \
+ && show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM"
+
+
+# Some folks want to use only the agent from this packet. Make it
+# easier for them by providing the configure option
+# --enable-only-agent.
+AC_ARG_ENABLE(agent-only,
+ AC_HELP_STRING([--enable-agent-only],[build only the gpg-agent]),
+ build_agent_only=$enableval)
+
+# SELinux support includes tracking of sensitive files to avoid
+# leaking their contents through processing these files by gpg itself
+AC_MSG_CHECKING([whether SELinux support is requested])
+AC_ARG_ENABLE(selinux-support,
+ AC_HELP_STRING([--enable-selinux-support],
+ [enable SELinux support]),
+ selinux_support=$enableval, selinux_support=no)
+AC_MSG_RESULT($selinux_support)
+
+# Allow disabling of bzib2 support.
+# It is defined only after we confirm the library is available later
+AC_MSG_CHECKING([whether to enable the BZIP2 compression algorithm])
+AC_ARG_ENABLE(bzip2,
+ AC_HELP_STRING([--disable-bzip2],[disable the BZIP2 compression algorithm]),
+ use_bzip2=$enableval)
+AC_MSG_RESULT($use_bzip2)
+
+# Configure option to allow or disallow execution of external
+# programs, like a photo viewer.
+AC_MSG_CHECKING([whether to enable external program execution])
+AC_ARG_ENABLE(exec,
+ AC_HELP_STRING([--disable-exec],[disable all external program execution]),
+ use_exec=$enableval)
+AC_MSG_RESULT($use_exec)
+if test "$use_exec" = no ; then
+ AC_DEFINE(NO_EXEC,1,[Define to disable all external program execution])
+fi
+
+if test "$use_exec" = yes ; then
+ AC_MSG_CHECKING([whether to enable photo ID viewing])
+ AC_ARG_ENABLE(photo-viewers,
+ [ --disable-photo-viewers disable photo ID viewers],
+ [if test "$enableval" = no ; then
+ AC_DEFINE(DISABLE_PHOTO_VIEWER,1,[define to disable photo viewing])
+ fi],enableval=yes)
+ gnupg_cv_enable_photo_viewers=$enableval
+ AC_MSG_RESULT($enableval)
+
+ if test "$gnupg_cv_enable_photo_viewers" = yes ; then
+ AC_MSG_CHECKING([whether to use a fixed photo ID viewer])
+ AC_ARG_WITH(photo-viewer,
+ [ --with-photo-viewer=FIXED_VIEWER set a fixed photo ID viewer],
+ [if test "$withval" = yes ; then
+ withval=no
+ elif test "$withval" != no ; then
+ AC_DEFINE_UNQUOTED(FIXED_PHOTO_VIEWER,"$withval",
+ [if set, restrict photo-viewer to this])
+ fi],withval=no)
+ AC_MSG_RESULT($withval)
+ fi
+
+ AC_MSG_CHECKING([whether to enable external keyserver helpers])
+ AC_ARG_ENABLE(keyserver-helpers,
+ [ --disable-keyserver-helpers disable all external keyserver support],
+ [if test "$enableval" = no ; then
+ AC_DEFINE(DISABLE_KEYSERVER_HELPERS,1,
+ [define to disable keyserver helpers])
+ fi],enableval=yes)
+ gnupg_cv_enable_keyserver_helpers=$enableval
+ AC_MSG_RESULT($enableval)
+
+ if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then
+ # LDAP is defined only after we confirm the library is available later
+ AC_MSG_CHECKING([whether LDAP keyserver support is requested])
+ AC_ARG_ENABLE(ldap,
+ AC_HELP_STRING([--disable-ldap],[disable LDAP keyserver interface only]),
+ try_ldap=$enableval, try_ldap=yes)
+ AC_MSG_RESULT($try_ldap)
+
+ AC_MSG_CHECKING([whether HKP keyserver support is requested])
+ AC_ARG_ENABLE(hkp,
+ AC_HELP_STRING([--disable-hkp],[disable HKP keyserver interface only]),
+ try_hkp=$enableval, try_hkp=yes)
+ AC_MSG_RESULT($try_hkp)
+
+ AC_MSG_CHECKING([whether finger key fetching support is requested])
+ AC_ARG_ENABLE(finger,
+ AC_HELP_STRING([--disable-finger],
+ [disable finger key fetching interface only]),
+ try_finger=$enableval, try_finger=yes)
+ AC_MSG_RESULT($try_finger)
+
+ AC_MSG_CHECKING([whether generic object key fetching support is requested])
+ AC_ARG_ENABLE(generic,
+ AC_HELP_STRING([--disable-generic],
+ [disable generic object key fetching interface only]),
+ try_generic=$enableval, try_generic=yes)
+ AC_MSG_RESULT($try_generic)
+
+ AC_MSG_CHECKING([whether email keyserver support is requested])
+ AC_ARG_ENABLE(mailto,
+ AC_HELP_STRING([--enable-mailto],
+ [enable email keyserver interface only]),
+ try_mailto=$enableval, try_mailto=no)
+ AC_MSG_RESULT($try_mailto)
+ fi
+
+ AC_MSG_CHECKING([whether keyserver exec-path is enabled])
+ AC_ARG_ENABLE(keyserver-path,
+ AC_HELP_STRING([--disable-keyserver-path],
+ [disable the exec-path option for keyserver helpers]),
+ [if test "$enableval" = no ; then
+ disable_keyserver_path=yes
+ fi],enableval=yes)
+ AC_MSG_RESULT($enableval)
+fi
+
+
+#
+# Check for the key/uid cache size. This can't be zero, but can be
+# pretty small on embedded systems. This is used for the gpg part.
+#
+AC_MSG_CHECKING([for the size of the key and uid cache])
+AC_ARG_ENABLE(key-cache,
+ AC_HELP_STRING([--enable-key-cache=SIZE],
+ [Set key cache to SIZE (default 4096)]),,enableval=4096)
+if test "$enableval" = "no"; then
+ enableval=5
+elif test "$enableval" = "yes" || test "$enableval" = ""; then
+ enableval=4096
+fi
+changequote(,)dnl
+key_cache_size=`echo "$enableval" | sed 's/[A-Za-z]//g'`
+changequote([,])dnl
+if test "$enableval" != "$key_cache_size" || test "$key_cache_size" -lt 5; then
+ AC_MSG_ERROR([invalid key-cache size])
+fi
+AC_MSG_RESULT($key_cache_size)
+AC_DEFINE_UNQUOTED(PK_UID_CACHE_SIZE,$key_cache_size,
+ [Size of the key and UID caches])
+
+
+
+#
+# Check whether we want to use Linux capabilities
+#
+AC_MSG_CHECKING([whether use of capabilities is requested])
+AC_ARG_WITH(capabilities,
+ [ --with-capabilities use linux capabilities [default=no]],
+[use_capabilities="$withval"],[use_capabilities=no])
+AC_MSG_RESULT($use_capabilities)
+
+
+#
+# Allow disabling of internal CCID support.
+# It is defined only after we confirm the library is available later
+#
+AC_MSG_CHECKING([whether to enable the internal CCID driver])
+AC_ARG_ENABLE(ccid-driver,
+ AC_HELP_STRING([--disable-ccid-driver],
+ [disable the internal CCID driver]),
+ use_ccid_driver=$enableval)
+AC_MSG_RESULT($use_ccid_driver)
+
+
+#
+# To avoid double inclusion of config.h which might happen at some
+# places, we add the usual double inclusion protection at the top of
+# config.h.
+#
+AH_TOP([
+#ifndef GNUPG_CONFIG_H_INCLUDED
+#define GNUPG_CONFIG_H_INCLUDED
+])
+
+#
+# Stuff which goes at the bottom of config.h.
+#
+AH_BOTTOM([
+/* This is the major version number of GnuPG so that
+ source included files can test for this. Note, that
+ we use 2 here even for GnuPG 1.9.x. */
+#define GNUPG_MAJOR_VERSION 2
+
+/* Now to separate file name parts.
+ Please note that the string version must not contain more
+ than one character because the code assumes strlen()==1 */
+#ifdef HAVE_DOSISH_SYSTEM
+#define DIRSEP_C '\\'
+#define DIRSEP_S "\\"
+#define EXTSEP_C '.'
+#define EXTSEP_S "."
+#define PATHSEP_C ';'
+#define PATHSEP_S ";"
+#define EXEEXT_S ".exe"
+#else
+#define DIRSEP_C '/'
+#define DIRSEP_S "/"
+#define EXTSEP_C '.'
+#define EXTSEP_S "."
+#define PATHSEP_C ':'
+#define PATHSEP_S ":"
+#define EXEEXT_S ""
+#endif
+
+/* This is the same as VERSION, but should be overridden if the
+ platform cannot handle things like dots '.' in filenames. Set
+ SAFE_VERSION_DOT and SAFE_VERSION_DASH to whatever SAFE_VERSION
+ uses for dots and dashes. */
+#define SAFE_VERSION VERSION
+#define SAFE_VERSION_DOT '.'
+#define SAFE_VERSION_DASH '-'
+
+/* Some global constants. */
+#ifdef HAVE_DRIVE_LETTERS
+#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
+#elif defined(__VMS)
+#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg"
+#else
+#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
+#endif
+#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
+
+/* For some systems (DOS currently), we hardcode the path here. For
+ POSIX systems the values are constructed by the Makefiles, so that
+ the values may be overridden by the make invocations; this is to
+ comply with the GNU coding standards. */
+#ifdef HAVE_DRIVE_LETTERS
+ /* FIXME: We need to use a function to determine these values depending
+ on the actual installation directory. */
+#define GNUPG_BINDIR "c:\\gnupg"
+#define GNUPG_LIBEXECDIR "c:\\gnupg"
+#define GNUPG_LIBDIR "c:\\gnupg"
+#define GNUPG_DATADIR "c:\\gnupg"
+#define GNUPG_SYSCONFDIR "c:\\gnupg"
+#endif
+
+/* Derive some other constants. */
+#if !(defined(HAVE_FORK) && defined(HAVE_PIPE) && defined(HAVE_WAITPID))
+#define EXEC_TEMPFILE_ONLY
+#endif
+
+
+/* We didn't define endianness above, so get it from OS macros. This
+ is intended for making fat binary builds on OS X. */
+#if !defined(BIG_ENDIAN_HOST) && !defined(LITTLE_ENDIAN_HOST)
+#if defined(__BIG_ENDIAN__)
+#define BIG_ENDIAN_HOST 1
+#elif defined(__LITTLE_ENDIAN__)
+#define LITTLE_ENDIAN_HOST 1
+#else
+#error "No endianness found"
+#endif
+#endif
+
+
+/* Hack used for W32: ldap.m4 also tests for the ASCII version of
+ ldap_start_tls_s because that is the actual symbol used in the
+ library. winldap.h redefines it to our commonly used value,
+ thus we define our usual macro here. */
+#ifdef HAVE_LDAP_START_TLS_SA
+# ifndef HAVE_LDAP_START_TLS_S
+# define HAVE_LDAP_START_TLS_S 1
+# endif
+#endif
+
+
+/* Tell libgcrypt not to use its own libgpg-error implementation. */
+#define USE_LIBGPG_ERROR 1
+
+/* We use jnlib, so tell other modules about it. */
+#define HAVE_JNLIB_LOGGING 1
+
+/* Our HTTP code is used in estream mode. */
+#define HTTP_USE_ESTREAM 1
+
+/* Under W32 we do an explicit socket initialization, thus we need to
+ avoid the on-demand initialization which would also install an atexit
+ handler. */
+#define HTTP_NO_WSASTARTUP
+
+/* We always include support for the OpenPGP card. */
+#define ENABLE_CARD_SUPPORT 1
+
+/* We don't want the old assuan codes anymore. */
+#define _ASSUAN_ONLY_GPG_ERRORS 1
+
+/* We explicitly need to disable PTH's soft mapping as Debian
+ currently enables it by default for no reason. */
+#define PTH_SYSCALL_SOFT 0
+
+/* We want to use the libgcrypt provided memory allocation for
+ asprintf. */
+#define _ESTREAM_PRINTF_MALLOC gcry_malloc
+#define _ESTREAM_PRINTF_FREE gcry_free
+#define _ESTREAM_PRINTF_EXTRA_INCLUDE "util.h"
+
+#endif /*GNUPG_CONFIG_H_INCLUDED*/
+])
+
+
+AM_MAINTAINER_MODE
+
+# Checks for programs.
+AC_MSG_NOTICE([checking for programs])
+AC_PROG_MAKE_SET
+AM_SANITY_CHECK
+missing_dir=`cd $ac_aux_dir && pwd`
+AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir)
+AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir)
+AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir)
+AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)
+AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir)
+AC_PROG_AWK
+AC_PROG_CC
+AC_PROG_CPP
+AM_PROG_CC_C_O
+if test "x$ac_cv_prog_cc_c89" = "xno" ; then
+ AC_MSG_ERROR([[No C-89 compiler found]])
+fi
+AC_PROG_INSTALL
+AC_PROG_LN_S
+AC_PROG_RANLIB
+AC_CHECK_TOOL(AR, ar, :)
+AC_PATH_PROG(PERL,"perl")
+AC_CHECK_TOOL(WINDRES, windres, :)
+AC_ISC_POSIX
+gl_EARLY
+AC_SYS_LARGEFILE
+GNUPG_CHECK_FAQPROG
+GNUPG_CHECK_USTAR
+
+# We need to compile and run a program on the build machine. A
+# comment in libgpg-error says that the AC_PROG_CC_FOR_BUILD macro in
+# the AC archive is broken for autoconf 2.57. Given that tehre is no
+# newer version of that macro, we assume that it is also broken for
+# autoconf 2.61 and thus we use a simple but usually sufficient
+# approach.
+AC_MSG_CHECKING(for cc for build)
+if test "$cross_compiling" = "yes"; then
+ CC_FOR_BUILD="${CC_FOR_BUILD-cc}"
+else
+ CC_FOR_BUILD="${CC_FOR_BUILD-$CC}"
+fi
+AC_MSG_RESULT($CC_FOR_BUILD)
+AC_ARG_VAR(CC_FOR_BUILD,[build system C compiler])
+
+
+
+try_gettext=yes
+have_dosish_system=no
+have_w32_system=no
+use_simple_gettext=no
+case "${host}" in
+ *-mingw32*)
+ # special stuff for Windoze NT
+ ac_cv_have_dev_random=no
+ AC_DEFINE(USE_ONLY_8DOT3,1,
+ [set this to limit filenames to the 8.3 format])
+ AC_DEFINE(HAVE_DRIVE_LETTERS,1,
+ [defined if we must run on a stupid file system])
+ AC_DEFINE(USE_SIMPLE_GETTEXT,1,
+ [because the Unix gettext has too much overhead on
+ MingW32 systems and these systems lack Posix functions,
+ we use a simplified version of gettext])
+ disable_keyserver_path=yes
+ have_dosish_system=yes
+ have_w32_system=yes
+ try_gettext="no"
+ use_simple_gettext=yes
+ ;;
+ i?86-emx-os2 | i?86-*-os2*emx )
+ # OS/2 with the EMX environment
+ ac_cv_have_dev_random=no
+ AC_DEFINE(HAVE_DRIVE_LETTERS)
+ have_dosish_system=yes
+ try_gettext="no"
+ ;;
+
+ i?86-*-msdosdjgpp*)
+ # DOS with the DJGPP environment
+ ac_cv_have_dev_random=no
+ AC_DEFINE(HAVE_DRIVE_LETTERS)
+ have_dosish_system=yes
+ try_gettext="no"
+ ;;
+
+ *-*-freebsd*)
+ # FreeBSD
+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
+ ;;
+
+ *-*-hpux*)
+ if test -z "$GCC" ; then
+ CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE"
+ fi
+ ;;
+ *-dec-osf4*)
+ if test -z "$GCC" ; then
+ # Suppress all warnings
+ # to get rid of the unsigned/signed char mismatch warnings.
+ CFLAGS="$CFLAGS -w"
+ fi
+ ;;
+ *-dec-osf5*)
+ if test -z "$GCC" ; then
+ # Use the newer compiler `-msg_disable ptrmismatch1' to
+ # get rid of the unsigned/signed char mismatch warnings.
+ # Using this may hide other pointer mismatch warnings, but
+ # it at least lets other warning classes through
+ CFLAGS="$CFLAGS -msg_disable ptrmismatch1"
+ fi
+ ;;
+ m68k-atari-mint)
+ ;;
+ *)
+ ;;
+esac
+
+if test "$have_dosish_system" = yes; then
+ AC_DEFINE(HAVE_DOSISH_SYSTEM,1,
+ [Defined if we run on some of the PCDOS like systems
+ (DOS, Windoze. OS/2) with special properties like
+ no file modes])
+fi
+AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes)
+
+AM_CONDITIONAL(USE_SIMPLE_GETTEXT, test x"$use_simple_gettext" = xyes)
+
+if test "$have_w32_system" = yes; then
+ AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system])
+fi
+AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)
+
+if test "$disable_keyserver_path" = yes; then
+ AC_DEFINE(DISABLE_KEYSERVER_PATH,1,
+ [Defined to disable exec-path for keyserver helpers])
+fi
+
+#
+# Allows enabling the use of a standard socket by default This is
+# gpg-agent's option --[no-]use-standard-socket. For Windows we force
+# the use of this.
+#
+AC_MSG_CHECKING([whether to use a standard socket by default])
+AC_ARG_ENABLE(standard-socket,
+ AC_HELP_STRING([--enable-standard-socket],
+ [use a standard socket for the agent by default]),
+ use_standard_socket=$enableval)
+tmp=""
+if test "$use_standard_socket" != yes; then
+ if test "$have_w32_system" = yes; then
+ use_standard_socket=yes
+ tmp=" (forced)"
+ fi
+fi
+AC_MSG_RESULT($use_standard_socket$tmp)
+if test "$use_standard_socket" = yes; then
+ AC_DEFINE(USE_STANDARD_SOCKET,1,
+ [Use a standard socket for the agent by default])
+fi
+
+
+# (These need to go after AC_PROG_CC so that $EXEEXT is defined)
+AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
+
+if test x"$try_hkp" = xyes ; then
+ AC_SUBST(GPGKEYS_HKP,"gpg2keys_hkp$EXEEXT")
+fi
+
+if test x"$try_finger" = xyes ; then
+ AC_SUBST(GPGKEYS_FINGER,"gpg2keys_finger$EXEEXT")
+fi
+
+
+
+#
+# Checks for libraries.
+#
+AC_MSG_NOTICE([checking for libraries])
+
+
+#
+# libgpg-error is a library with error codes shared between GnuPG
+# related projects.
+#
+AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION",
+ have_gpg_error=yes,have_gpg_error=no)
+
+
+#
+# Libgcrypt is our generic crypto library
+#
+AM_PATH_LIBGCRYPT("$NEED_LIBGCRYPT_API:$NEED_LIBGCRYPT_VERSION",
+ have_libgcrypt=yes,have_libgcrypt=no)
+
+
+#
+# libassuan is used for IPC
+#
+AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION",
+ have_libassuan=yes,have_libassuan=no)
+if test "$have_libassuan" = "yes"; then
+ AC_DEFINE_UNQUOTED(GNUPG_LIBASSUAN_VERSION, "$libassuan_version",
+ [version of the libbassuan library])
+fi
+
+
+
+#
+# libksba is our X.509 support library
+#
+AM_PATH_KSBA("$NEED_KSBA_API:$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no)
+
+
+#
+# libusb allows us to use the integrated CCID smartcard reader driver.
+#
+# FiXME: Use GNUPG_CHECK_LIBUSB and modify to use separate AC_SUBSTs.
+if test "$use_ccid_driver" = yes ; then
+ AC_CHECK_LIB(usb, usb_bulk_write,
+ [ LIBUSB_LIBS="$LIBUSB_LIBS -lusb"
+ AC_DEFINE(HAVE_LIBUSB,1,
+ [defined if libusb is available])
+ have_libusb=yes
+ ])
+ AC_CHECK_FUNCS(usb_create_match)
+fi
+AC_SUBST(LIBUSB_LIBS)
+
+#
+# Check wether it is necessary to link against libdl.
+#
+gnupg_dlopen_save_libs="$LIBS"
+LIBS=""
+AC_SEARCH_LIBS(dlopen, c dl,,,)
+DL_LIBS=$LIBS
+AC_SUBST(DL_LIBS)
+LIBS="$gnupg_dlopen_save_libs"
+
+#
+# Checks for symcryptrun:
+#
+
+# libutil has openpty() and login_tty().
+AC_CHECK_LIB(util, openpty,
+ [ LIBUTIL_LIBS="$LIBUTIL_LIBS -lutil"
+ AC_DEFINE(HAVE_LIBUTIL,1,
+ [defined if libutil is available])
+ ])
+AC_SUBST(LIBUTIL_LIBS)
+
+# shred is used to clean temporary plain text files.
+AC_PATH_PROG(SHRED, shred, /usr/bin/shred)
+AC_DEFINE_UNQUOTED(SHRED,
+ "${SHRED}", [defines the filename of the shred program])
+
+
+
+#
+# Check whether the GNU Pth library is available
+# Note, that we include a Pth emulation for W32.
+#
+GNUPG_PATH_PTH
+if test "$have_pth" = "yes"; then
+ AC_DEFINE(USE_GNU_PTH, 1,
+ [Defined if the GNU Portable Thread Library should be used])
+else
+ AC_MSG_WARN([[
+***
+*** To support concurrent access to the gpg-agent and the SCdaemon
+*** we need the support of the GNU Portable Threads Library.
+*** Download it from ftp://ftp.gnu.org/gnu/pth/
+*** On a Debian GNU/Linux system you might want to try
+*** apt-get install libpth-dev
+***]])
+fi
+
+
+AC_MSG_NOTICE([checking for networking options])
+
+#
+# Must check for network library requirements before doing link tests
+# for ldap, for example. If ldap libs are static (or dynamic and without
+# ELF runtime link paths), then link will fail and LDAP support won't
+# be detected.
+#
+AC_CHECK_FUNC(gethostbyname, , AC_CHECK_LIB(nsl, gethostbyname,
+ [NETLIBS="-lnsl $NETLIBS"]))
+AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt,
+ [NETLIBS="-lsocket $NETLIBS"]))
+
+
+#
+# Check for ADNS.
+#
+_cppflags="${CPPFLAGS}"
+_ldflags="${LDFLAGS}"
+AC_ARG_WITH(adns,
+ AC_HELP_STRING([--with-adns=DIR],
+ [look for the adns library in DIR]),
+ [if test -d "$withval"; then
+ CPPFLAGS="${CPPFLAGS} -I$withval/include"
+ LDFLAGS="${LDFLAGS} -L$withval/lib"
+ fi])
+if test "$with_adns" != "no"; then
+ AC_CHECK_HEADERS(adns.h,
+ AC_CHECK_LIB(adns, adns_init,
+ [have_adns=yes],
+ [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]),
+ [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}])
+fi
+if test "$have_adns" = "yes"; then
+ ADNSLIBS="-ladns"
+fi
+AC_SUBST(ADNSLIBS)
+# Newer adns versions feature a free function to be used under W32.
+AC_CHECK_FUNCS(adns_free)
+
+
+#
+# Now try for the resolver functions so we can use DNS for SRV, PA and CERT.
+#
+if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then
+ AC_ARG_ENABLE(dns-srv,
+ AC_HELP_STRING([--disable-dns-srv],
+ [disable the use of DNS SRV in HKP and HTTP]),
+ use_dns_srv=$enableval,use_dns_srv=yes)
+fi
+
+AC_ARG_ENABLE(dns-pka,
+ AC_HELP_STRING([--disable-dns-pka],
+ [disable the use of PKA records in DNS]),
+ use_dns_pka=$enableval,use_dns_pka=yes)
+
+AC_ARG_ENABLE(dns-cert,
+ AC_HELP_STRING([--disable-dns-cert],
+ [disable the use of CERT records in DNS]),
+ use_dns_cert=$enableval,use_dns_cert=yes)
+
+if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \
+ || test x"$use_dns_cert" = xyes; then
+ _dns_save_libs=$LIBS
+ LIBS=""
+ # the double underscore thing is a glibc-ism?
+ AC_SEARCH_LIBS(res_query,resolv bind,,
+ AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no))
+ AC_SEARCH_LIBS(dn_expand,resolv bind,,
+ AC_SEARCH_LIBS(__dn_expand,resolv bind,,have_resolver=no))
+ AC_SEARCH_LIBS(dn_skipname,resolv bind,,
+ AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no))
+
+ if test x"$have_resolver" != xno ; then
+
+ # Make sure that the BIND 4 resolver interface is workable before
+ # enabling any code that calls it. At some point I'll rewrite the
+ # code to use the BIND 8 resolver API.
+ # We might also want to use adns instead. Problem with ADNS is that
+ # it does not support v6.
+
+ AC_MSG_CHECKING([whether the resolver is usable])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>]],
+[[unsigned char answer[PACKETSZ];
+ res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
+ dn_skipname(0,0);
+ dn_expand(0,0,0,0,0);
+]])],have_resolver=yes,have_resolver=no)
+ AC_MSG_RESULT($have_resolver)
+
+ # This is Apple-specific and somewhat bizarre as they changed the
+ # define in bind 8 for some reason.
+
+ if test x"$have_resolver" != xyes ; then
+ AC_MSG_CHECKING(
+ [whether I can make the resolver usable with BIND_8_COMPAT])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#define BIND_8_COMPAT
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>]],
+[[unsigned char answer[PACKETSZ];
+ res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
+ dn_skipname(0,0); dn_expand(0,0,0,0,0);
+]])],[have_resolver=yes ; need_compat=yes])
+ AC_MSG_RESULT($have_resolver)
+ fi
+ fi
+
+ if test x"$have_resolver" = xyes ; then
+ DNSLIBS=$LIBS
+
+ if test x"$use_dns_srv" = xyes ; then
+ AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
+ fi
+
+ if test x"$use_dns_pka" = xyes ; then
+ AC_DEFINE(USE_DNS_PKA,1,[define to use our experimental DNS PKA])
+ fi
+
+ if test x"$use_dns_cert" = xyes ; then
+ AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
+ fi
+
+ if test x"$need_compat" = xyes ; then
+ AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
+ fi
+ else
+ # If we have no resolver library but ADNS (e.g. under W32) enable the
+ # code parts which can be used with ADNS.
+ if test x"$have_adns" = xyes ; then
+ DNSLIBS="$ADNSLIBS"
+ AC_DEFINE(USE_ADNS,1,[Use ADNS as resolver library.])
+
+ if test x"$use_dns_srv" = xyes ; then
+ AC_DEFINE(USE_DNS_SRV,1)
+ fi
+
+ if test x"$use_dns_pka" = xyes ; then
+ AC_DEFINE(USE_DNS_PKA,1)
+ fi
+
+ if test x"$use_dns_cert" = xyes ; then
+ AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
+ fi
+ else
+ use_dns_srv=no
+ use_dns_pka=no
+ use_dns_cert=no
+ fi
+ fi
+
+ LIBS=$_dns_save_libs
+fi
+
+AC_SUBST(DNSLIBS)
+
+AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes)
+
+
+#
+# Check for LDAP
+#
+if test "$try_ldap" = yes ; then
+ GNUPG_CHECK_LDAP($NETLIBS)
+fi
+
+#
+# Check for curl. We fake the curl API if libcurl isn't installed.
+# We require 7.10 or later as we use curl_version_info().
+#
+LIBCURL_CHECK_CONFIG([yes],[7.10],,[fake_curl=yes])
+AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
+
+# Generic, for us, means curl
+
+if test x"$try_generic" = xyes ; then
+ AC_SUBST(GPGKEYS_CURL,"gpg2keys_curl$EXEEXT")
+fi
+
+#
+# Check for sendmail
+#
+# This isn't necessarily sendmail itself, but anything that gives a
+# sendmail-ish interface to the outside world. That includes Exim,
+# Postfix, etc. Basically, anything that can handle "sendmail -t".
+if test "$try_mailto" = yes ; then
+ AC_ARG_WITH(mailprog,
+ AC_HELP_STRING([--with-mailprog=NAME],
+ [use "NAME -t" for mail transport]),
+ ,with_mailprog=yes)
+
+ if test x"$with_mailprog" = xyes ; then
+ AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib)
+ if test "$ac_cv_path_SENDMAIL" ; then
+ GPGKEYS_MAILTO="gpg2keys_mailto"
+ fi
+ elif test x"$with_mailprog" != xno ; then
+ AC_MSG_CHECKING([for a mail transport program])
+ AC_SUBST(SENDMAIL,$with_mailprog)
+ AC_MSG_RESULT($with_mailprog)
+ GPGKEYS_MAILTO="gpg2keys_mailto"
+ fi
+fi
+
+AC_SUBST(GPGKEYS_MAILTO)
+
+#
+# Construct a printable name of the OS
+#
+case "${host}" in
+ *-mingw32*)
+ PRINTABLE_OS_NAME="MingW32"
+ ;;
+ *-*-cygwin*)
+ PRINTABLE_OS_NAME="Cygwin"
+ ;;
+ i?86-emx-os2 | i?86-*-os2*emx )
+ PRINTABLE_OS_NAME="OS/2"
+ ;;
+ i?86-*-msdosdjgpp*)
+ PRINTABLE_OS_NAME="MSDOS/DJGPP"
+ try_dynload=no
+ ;;
+ *-linux*)
+ PRINTABLE_OS_NAME="GNU/Linux"
+ ;;
+ *)
+ PRINTABLE_OS_NAME=`uname -s || echo "Unknown"`
+ ;;
+esac
+AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME",
+ [A human readable text with the name of the OS])
+
+
+#
+# Checking for iconv
+#
+AM_ICONV
+
+
+#
+# Check for gettext
+#
+# This is "GNU gnupg" - The project-id script from gettext
+# needs this string
+#
+AC_MSG_NOTICE([checking for gettext])
+AM_PO_SUBDIRS
+AM_GNU_GETTEXT_VERSION([0.17])
+if test "$try_gettext" = yes; then
+ AM_GNU_GETTEXT([external],[need-ngettext])
+
+ # gettext requires some extra checks. These really should be part of
+ # the basic AM_GNU_GETTEXT macro. TODO: move other gettext-specific
+ # function checks to here.
+
+ AC_CHECK_FUNCS(strchr)
+else
+ USE_NLS=no
+ USE_INCLUDED_LIBINTL=no
+ BUILD_INCLUDED_LIBINTL=no
+ POSUB=po
+ AC_SUBST(USE_NLS)
+ AC_SUBST(USE_INCLUDED_LIBINTL)
+ AC_SUBST(BUILD_INCLUDED_LIBINTL)
+ AC_SUBST(POSUB)
+fi
+
+# We use HAVE_LANGINFO_CODESET in a couple of places.
+AM_LANGINFO_CODESET
+
+# Checks required for our use locales
+gt_LC_MESSAGES
+
+
+#
+# SELinux support
+#
+if test "$selinux_support" = yes ; then
+ AC_DEFINE(ENABLE_SELINUX_HACKS,1,[Define to enable SELinux support])
+fi
+
+
+#
+# Checks for header files.
+#
+AC_MSG_NOTICE([checking for header files])
+AC_HEADER_STDC
+AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h])
+AC_CHECK_HEADERS([pty.h utmp.h pwd.h inttypes.h])
+AC_HEADER_TIME
+
+
+#
+# Checks for typedefs, structures, and compiler characteristics.
+#
+AC_MSG_NOTICE([checking for system characteristics])
+AC_C_CONST
+AC_C_INLINE
+AC_C_VOLATILE
+AC_TYPE_SIZE_T
+AC_TYPE_MODE_T
+AC_TYPE_SIGNAL
+AC_DECL_SYS_SIGLIST
+
+gl_HEADER_SYS_SOCKET
+gl_TYPE_SOCKLEN_T
+
+AC_ARG_ENABLE(endian-check,
+ AC_HELP_STRING([--disable-endian-check],
+ [disable the endian check and trust the OS provided macros]),
+ endiancheck=$enableval,endiancheck=yes)
+
+if test x"$endiancheck" = xyes ; then
+ GNUPG_CHECK_ENDIAN
+fi
+
+# fixme: we should get rid of the byte type
+GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF)
+GNUPG_CHECK_TYPEDEF(ushort, HAVE_USHORT_TYPEDEF)
+GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF)
+GNUPG_CHECK_TYPEDEF(u16, HAVE_U16_TYPEDEF)
+GNUPG_CHECK_TYPEDEF(u32, HAVE_U32_TYPEDEF)
+
+AC_CHECK_SIZEOF(unsigned short)
+AC_CHECK_SIZEOF(unsigned int)
+AC_CHECK_SIZEOF(unsigned long)
+AC_CHECK_SIZEOF(unsigned long long)
+AC_CHECK_SIZEOF(time_t,,[[
+#include <stdio.h>
+#if TIME_WITH_SYS_TIME
+# include <sys/time.h>
+# include <time.h>
+#else
+# if HAVE_SYS_TIME_H
+# include <sys/time.h>
+# else
+# include <time.h>
+# endif
+#endif
+]])
+
+
+# Ensure that we have UINT64_C before we bother to check for uint64_t
+# Fixme: really needed in gnupg? I think it is only useful in libcgrypt.
+AC_CACHE_CHECK([for UINT64_C],[gnupg_cv_uint64_c_works],
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <inttypes.h>]],
+ [[uint64_t foo=UINT64_C(42);]])],
+ [gnupg_cv_uint64_c_works=yes],
+ [gnupg_cv_uint64_c_works=no] ))
+if test "$gnupg_cv_uint64_c_works" = "yes" ; then
+ AC_CHECK_SIZEOF(uint64_t)
+fi
+
+if test "$ac_cv_sizeof_unsigned_short" = "0" \
+ || test "$ac_cv_sizeof_unsigned_int" = "0" \
+ || test "$ac_cv_sizeof_unsigned_long" = "0"; then
+ AC_MSG_WARN([Hmmm, something is wrong with the sizes - using defaults]);
+fi
+
+
+#
+# Checks for library functions.
+#
+AC_MSG_NOTICE([checking for library functions])
+AC_CHECK_DECLS(getpagesize)
+AC_FUNC_FSEEKO
+AC_FUNC_VPRINTF
+AC_FUNC_FORK
+AC_CHECK_FUNCS([strerror strlwr tcgetattr mmap])
+AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times gmtime_r])
+AC_CHECK_FUNCS([unsetenv fcntl ftruncate])
+AC_CHECK_FUNCS([gettimeofday getrusage getrlimit setrlimit clock_gettime])
+AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale])
+AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe stat getaddrinfo])
+AC_CHECK_FUNCS([ttyname rand ftello fsync stat])
+
+AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include <signal.h>])
+
+#
+# These are needed by libjnlib - fixme: we should use a jnlib.m4
+# Note: We already checked pwd.h.
+AC_CHECK_FUNCS([memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol])
+AC_CHECK_FUNCS([memrchr isascii timegm getrusage setrlimit stat setlocale])
+AC_CHECK_FUNCS([flockfile funlockfile fopencookie funopen getpwnam getpwuid])
+
+#
+# gnulib checks
+#
+gl_SOURCE_BASE([gl])
+gl_M4_BASE([gl/m4])
+gl_MODULES([setenv mkdtemp xsize strpbrk])
+gl_INIT
+
+
+#
+# W32 specific test
+#
+GNUPG_FUNC_MKDIR_TAKES_ONE_ARG
+
+#
+# Sanity check regex. Tests adapted from mutt.
+#
+AC_MSG_CHECKING([whether regular expression support is requested])
+AC_ARG_ENABLE(regex,
+ AC_HELP_STRING([--disable-regex],
+ [do not handle regular expressions in trust signatures]),
+ use_regex=$enableval, use_regex=yes)
+AC_MSG_RESULT($use_regex)
+
+if test "$use_regex" = yes ; then
+ _cppflags="${CPPFLAGS}"
+ _ldflags="${LDFLAGS}"
+ AC_ARG_WITH(regex,
+ AC_HELP_STRING([--with-regex=DIR],[look for regex in DIR]),
+ [
+ if test -d "$withval" ; then
+ CPPFLAGS="${CPPFLAGS} -I$withval/include"
+ LDFLAGS="${LDFLAGS} -L$withval/lib"
+ fi
+ ],withval="")
+
+ # Does the system have regex functions at all?
+ AC_SEARCH_LIBS([regcomp], [regex])
+ AC_CHECK_FUNC(regcomp, gnupg_cv_have_regex=yes, gnupg_cv_have_regex=no)
+
+ if test $gnupg_cv_have_regex = no; then
+ use_regex=no
+ else
+ if test x"$cross_compiling" = xyes; then
+ AC_MSG_WARN([cross compiling; assuming regexp libray is not broken])
+ else
+ AC_CACHE_CHECK([whether your system's regexp library is broken],
+ [gnupg_cv_regex_broken],
+ AC_TRY_RUN([
+#include <unistd.h>
+#include <regex.h>
+main() { regex_t blah ; regmatch_t p; p.rm_eo = p.rm_eo; return regcomp(&blah, "foo.*bar", REG_NOSUB) || regexec (&blah, "foobar", 0, NULL, 0); }],
+ gnupg_cv_regex_broken=no, gnupg_cv_regex_broken=yes, gnupg_cv_regex_broken=yes))
+
+ if test $gnupg_cv_regex_broken = yes; then
+ AC_MSG_WARN([your regex is broken - disabling regex use])
+ use_regex=no
+ fi
+ fi
+ fi
+ CPPFLAGS="${_cppflags}"
+ LDFLAGS="${_ldflags}"
+fi
+
+if test "$use_regex" != yes ; then
+ AC_DEFINE(DISABLE_REGEX,1, [Define to disable regular expression support])
+fi
+AM_CONDITIONAL(DISABLE_REGEX, test x"$use_regex" != xyes)
+
+
+
+#
+# Do we have zlib? Must do it here because Solaris failed
+# when compiling a conftest (due to the "-lz" from LIBS).
+# Note that we combine zlib and bzlib2 in ZLIBS.
+#
+_cppflags="${CPPFLAGS}"
+_ldflags="${LDFLAGS}"
+AC_ARG_WITH(zlib,
+ [ --with-zlib=DIR use libz in DIR],[
+ if test -d "$withval"; then
+ CPPFLAGS="${CPPFLAGS} -I$withval/include"
+ LDFLAGS="${LDFLAGS} -L$withval/lib"
+ fi
+ ])
+
+AC_CHECK_HEADER(zlib.h,
+ AC_CHECK_LIB(z, deflateInit2_,
+ ZLIBS="-lz",
+ CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}),
+ CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags})
+
+#
+# Check whether we can support bzip2
+#
+if test "$use_bzip2" = yes ; then
+ _cppflags="${CPPFLAGS}"
+ _ldflags="${LDFLAGS}"
+ AC_ARG_WITH(bzip2,
+ AC_HELP_STRING([--with-bzip2=DIR],[look for bzip2 in DIR]),
+ [
+ if test -d "$withval" ; then
+ CPPFLAGS="${CPPFLAGS} -I$withval/include"
+ LDFLAGS="${LDFLAGS} -L$withval/lib"
+ fi
+ ],withval="")
+
+ # Checking alongside stdio.h as an early version of bzip2 (1.0)
+ # required stdio.h to be included before bzlib.h, and Solaris 9 is
+ # woefully out of date.
+ if test "$withval" != no ; then
+ AC_CHECK_HEADER(bzlib.h,
+ AC_CHECK_LIB(bz2,BZ2_bzCompressInit,
+ [
+ have_bz2=yes
+ ZLIBS="$ZLIBS -lbz2"
+ AC_DEFINE(HAVE_BZIP2,1,
+ [Defined if the bz2 compression library is available])
+ ],
+ CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}),
+ CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags},[#include <stdio.h>])
+ fi
+fi
+AM_CONDITIONAL(ENABLE_BZIP2_SUPPORT,test x"$have_bz2" = "xyes")
+AC_SUBST(ZLIBS)
+
+
+# Check for readline support
+GNUPG_CHECK_READLINE
+
+#
+# Allow users to append something to the version string without
+# flagging it as development version. The user version parts is
+# considered everything after a dash.
+#
+if test "$development_version" != yes; then
+ changequote(,)dnl
+ tmp_pat='[a-zA-Z]'
+ changequote([,])dnl
+ if echo "$VERSION" | sed 's/-.*//' | grep "$tmp_pat" >/dev/null ; then
+ development_version=yes
+ fi
+fi
+if test "$development_version" = yes; then
+ AC_DEFINE(IS_DEVELOPMENT_VERSION,1,
+ [Defined if this is not a regular release])
+fi
+
+AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes)
+
+GNUPG_CHECK_GNUMAKE
+
+# Add some extra libs here so that previous tests don't fail for
+# mysterious reasons - the final link step should bail out.
+# W32SOCKLIBS is also defined so that if can be used for tools not
+# requiring any network stuff but linking to code in libcommon which
+# tracks in winsock stuff (e.g. init_common_subsystems.
+if test "$have_w32_system" = yes; then
+ W32SOCKLIBS="-lws2_32"
+ NETLIBS="${NETLIBS} ${W32SOCKLIBS}"
+fi
+
+AC_SUBST(NETLIBS)
+AC_SUBST(W32SOCKLIBS)
+
+#
+# Setup gcc specific options
+#
+AC_MSG_NOTICE([checking for cc features])
+if test "$GCC" = yes; then
+ # Note that it is okay to use CFLAGS here because this are just
+ # warning options and the user should have a chance of overriding
+ # them.
+ if test "$USE_MAINTAINER_MODE" = "yes"; then
+ CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
+ CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security"
+ AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers])
+ _gcc_cflags_save=$CFLAGS
+ CFLAGS="-Wno-missing-field-initializers"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],
+ [_gcc_wopt=yes],[_gcc_wopt=no])
+ AC_MSG_RESULT($_gcc_wopt)
+ CFLAGS=$_gcc_cflags_save;
+ if test x"$_gcc_wopt" = xyes ; then
+ CFLAGS="$CFLAGS -W -Wno-sign-compare -Wno-missing-field-initializers"
+ fi
+ AC_MSG_CHECKING([if gcc supports -Wdeclaration-after-statement])
+ _gcc_cflags_save=$CFLAGS
+ CFLAGS="-Wdeclaration-after-statement"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],
+ [_gcc_wopt=yes],[_gcc_wopt=no])
+ AC_MSG_RESULT($_gcc_wopt)
+ CFLAGS=$_gcc_cflags_save;
+ if test x"$_gcc_wopt" = xyes ; then
+ CFLAGS="$CFLAGS -Wdeclaration-after-statement"
+ fi
+ else
+ CFLAGS="$CFLAGS -Wall"
+ fi
+
+ AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
+ _gcc_cflags_save=$CFLAGS
+ CFLAGS="-Wno-pointer-sign"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],[_gcc_psign=yes],[_gcc_psign=no])
+ AC_MSG_RESULT($_gcc_psign)
+ CFLAGS=$_gcc_cflags_save;
+ if test x"$_gcc_psign" = xyes ; then
+ CFLAGS="$CFLAGS -Wno-pointer-sign"
+ fi
+
+ AC_MSG_CHECKING([if gcc supports -Wpointer-arith])
+ _gcc_cflags_save=$CFLAGS
+ CFLAGS="-Wpointer-arith"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],[_gcc_psign=yes],[_gcc_psign=no])
+ AC_MSG_RESULT($_gcc_psign)
+ CFLAGS=$_gcc_cflags_save;
+ if test x"$_gcc_psign" = xyes ; then
+ CFLAGS="$CFLAGS -Wpointer-arith"
+ fi
+fi
+
+
+#
+# This is handy for debugging so the compiler doesn't rearrange
+# things and eliminate variables.
+#
+AC_ARG_ENABLE(optimization,
+ AC_HELP_STRING([--disable-optimization],
+ [disable compiler optimization]),
+ [if test $enableval = no ; then
+ CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'`
+ fi])
+
+#
+# Prepare building of estream
+#
+estream_INIT
+
+
+#
+# Decide what to build
+#
+if test "$have_adns" = "yes"; then
+ AC_SUBST(GPGKEYS_KDNS, "gpg2keys_kdns$EXEEXT")
+fi
+
+
+missing_pth=no
+if test $have_ksba = no; then
+ build_gpgsm=no
+ build_scdaemon=no
+fi
+
+build_agent_threaded=""
+if test "$build_agent" = "yes"; then
+ if test $have_pth = no; then
+ build_agent_threaded="(not multi-threaded)"
+ missing_pth=yes
+ fi
+fi
+
+build_scdaemon_extra=""
+if test "$build_scdaemon" = "yes"; then
+ tmp=""
+ if test $have_pth = no; then
+ build_scdaemon_extra="not multi-threaded"
+ tmp=", "
+ missing_pth=yes
+ fi
+ if test $have_libusb = no; then
+ build_scdaemon_extra="${tmp}without internal CCID driver"
+ tmp=", "
+ fi
+ if test -n "$build_scdaemon_extra"; then
+ build_scdaemon_extra="(${build_scdaemon_extra})"
+ fi
+fi
+
+
+if test "$build_agent_only" = "yes" ; then
+ build_gpg=no
+ build_gpgsm=no
+ build_scdaemon=no
+ build_tools=no
+ build_doc=no
+fi
+
+
+AM_CONDITIONAL(BUILD_GPG, test "$build_gpg" = "yes")
+AM_CONDITIONAL(BUILD_GPGSM, test "$build_gpgsm" = "yes")
+AM_CONDITIONAL(BUILD_AGENT, test "$build_agent" = "yes")
+AM_CONDITIONAL(BUILD_SCDAEMON, test "$build_scdaemon" = "yes")
+AM_CONDITIONAL(BUILD_TOOLS, test "$build_tools" = "yes")
+AM_CONDITIONAL(BUILD_DOC, test "$build_doc" = "yes")
+AM_CONDITIONAL(BUILD_SYMCRYPTRUN, test "$build_symcryptrun" = "yes")
+AM_CONDITIONAL(BUILD_GPGTAR, test "$build_gpgtar" = "yes")
+
+AM_CONDITIONAL(RUN_GPG_TESTS,
+ test x$cross_compiling = xno -a "$build_gpg" = yes )
+
+
+#
+# Print errors here so that they are visible all
+# together and the user can acquire them all together.
+#
+die=no
+if test "$have_gpg_error" = "no"; then
+ die=yes
+ AC_MSG_NOTICE([[
+***
+*** You need libgpg-error to build this program.
+** This library is for example available at
+*** ftp://ftp.gnupg.org/gcrypt/libgpg-error
+*** (at least version $NEED_GPG_ERROR_VERSION is required.)
+***]])
+fi
+if test "$have_libgcrypt" = "no"; then
+ die=yes
+ AC_MSG_NOTICE([[
+***
+*** You need libgcrypt to build this program.
+** This library is for example available at
+*** ftp://ftp.gnupg.org/gcrypt/libgcrypt/
+*** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API is required.)
+***]])
+fi
+if test "$have_libassuan" = "no"; then
+ die=yes
+ AC_MSG_NOTICE([[
+***
+*** You need libassuan to build this program.
+*** This library is for example available at
+*** ftp://ftp.gnupg.org/gcrypt/libassuan/
+*** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required).
+***]])
+fi
+if test "$have_ksba" = "no"; then
+ AC_MSG_NOTICE([[
+***
+*** You need libksba to build this program.
+*** This library is for example available at
+*** ftp://ftp.gnupg.org/gcrypt/libksba/
+*** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required).
+***]])
+fi
+if test "$missing_pth" = "yes"; then
+ AC_MSG_NOTICE([[
+***
+*** It is now required to build with support for the
+*** GNU Portable Threads Library (Pth). Please install this
+*** library first. The library is for example available at
+*** ftp://ftp.gnu.org/gnu/pth/
+*** On a Debian GNU/Linux system you can install it using
+*** apt-get install libpth-dev
+*** To build GnuPG for Windows you need to use the W32PTH
+*** package; available at:
+*** ftp://ftp.g10code.com/g10code/w32pth/
+***]])
+ die=yes
+fi
+
+if test "$die" = "yes"; then
+ AC_MSG_ERROR([[
+***
+*** Required libraries not found. Please consult the above messages
+*** and install them before running configure again.
+***]])
+fi
+
+
+
+AC_CONFIG_FILES([ m4/Makefile
+Makefile
+po/Makefile.in
+gl/Makefile
+include/Makefile
+jnlib/Makefile
+common/Makefile
+kbx/Makefile
+g10/Makefile
+sm/Makefile
+agent/Makefile
+scd/Makefile
+keyserver/Makefile
+keyserver/gpg2keys_mailto
+keyserver/gpg2keys_test
+tools/gpg-zip
+tools/Makefile
+doc/Makefile
+tests/Makefile
+tests/openpgp/Makefile
+tests/pkits/Makefile
+])
+AC_OUTPUT
+
+
+echo "
+ GnuPG v${VERSION} has been configured as follows:
+
+ Platform: $PRINTABLE_OS_NAME ($host)
+
+ OpenPGP: $build_gpg
+ S/MIME: $build_gpgsm
+ Agent: $build_agent $build_agent_threaded
+ Smartcard: $build_scdaemon $build_scdaemon_extra
+ Gpgtar: $build_gpgtar
+
+ Protect tool: $show_gnupg_protect_tool_pgm
+ Default agent: $show_gnupg_agent_pgm
+ Default pinentry: $show_gnupg_pinentry_pgm
+ Default scdaemon: $show_gnupg_scdaemon_pgm
+ Default dirmngr: $show_gnupg_dirmngr_pgm
+"
+if test x"$use_regex" != xyes ; then
+echo "
+ Warning: No regular expression support available.
+ OpenPGP trust signatures won't work.
+ gpg-check-pattern will not be build.
+"
+fi
diff --git a/doc/ChangeLog-2011 b/doc/ChangeLog-2011
new file mode 100644
index 0000000..680affa
--- /dev/null
+++ b/doc/ChangeLog-2011
@@ -0,0 +1,798 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2011-01-13 Werner Koch <wk@g10code.com>
+
+ * FAQ: Make it a static file with a pointer to the online location.
+ * Makefile.am (EXTRA_DIST): Remove faq.raw and faq.html.
+ (FAQ, faq.html): Remove these targets
+
+2010-03-05 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration Options): Mention that
+ show-uid-validity does only work with public keys. Noted by
+ Daniel Kahn Gillmor.
+
+2009-08-24 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi: Suggested new ordering for --edit-key.
+
+2009-08-17 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (OpenPGP Options): Clarify that
+ personal-foo-preferences overrides recipient preferences (safely).
+
+2009-08-14 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (GPG Configuration Options): Document keyserver options
+ check-cert and ca-cert-file.
+
+2009-08-06 Werner Koch <wk@g10code.com>
+
+ * DETAILS: Describe the new INV_SNDR and NO_SNDR..
+
+2009-07-31 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (OpenPGP Options): Don't mention
+ --no-sk-comment (doesn't exist any longer).
+
+2009-07-23 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (GPG Configuration Options): LDAP uses DNS-SD to locate
+ a server before falling back to keys.{domain}.
+
+2009-07-23 Werner Koch <wk@g10code.com>
+
+ * help.txt (gpgsm.crl-problem): New.
+
+2009-07-22 Werner Koch <wk@g10code.com>
+
+ * scdaemon.texi, instguide.texi, gpgsm.texi, sysnotes.texi
+ * glossary.texi, howto-create-a-server-cert.texi, tools.texi
+ * gpg-agent.texi, gpg.texi, debugging.texi: Typo fixes. Reported
+ by Jeroen Schot. Fixes bug#1093.
+
+ * gpg.texi (GPG Configuration Options): Tell what files to backup.
+ * sysnotes.texi: Remove some warning notes for W32.
+
+2009-07-20 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (Operational GPG Commands): Add a note for --send-keys.
+ Fixes bug#1090.
+
+2009-07-06 Werner Koch <wk@g10code.com>
+
+ * debugging.texi (Common Problems): Add a note about corrupted
+ keys in --search-keys.
+
+2009-06-02 Werner Koch <wk@g10code.com>
+
+ * tools.texi (watchgnupg): Typo fix. Fixes bug#1065.
+
+ * gpg-agent.texi (Agent Commands): Update description of --daemon.
+
+2009-05-20 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration Options): Explain new meaning of
+ --enable-dsa2.
+
+2009-03-16 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (GPG Configuration Options): Document keyserver-options
+ debug.
+
+2009-03-04 Werner Koch <wk@g10code.com>
+
+ * help.txt (gpg.keygen.size): Add a link to web page.
+
+2009-03-03 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (Operational GPG Commands): "merge-only" is an
+ import-option. Reported by Joseph Oreste Bruni.
+
+2009-03-02 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Invoking GPG-AGENT): Modernized instructions.
+ (Agent Options): Fix spelling of option --lc-ctype.
+
+2009-01-12 Werner Koch <wk@g10code.com>
+
+ * faq.raw: Fix bug reorting address.
+
+2008-12-12 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (General GPGSM Commands): Fix --help, --version and
+ --warranty wording.
+
+2008-12-08 Werner Koch <wk@g10code.com>
+
+ * DETAILS: Clarify the use of "trust" and "validity" as suggested
+ by Daniel Kahn Gillmor. Fix some typos. Remove the outdated
+ sections on packet headers and pipemode. Point to the libgcrypt
+ manual for a description of the key generation.
+
+2008-11-12 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Agent Options): Use Posix $() instead of
+ backticks to avoid rendering problems.
+
+2008-10-13 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (Certificate Management): Explain hot to delete the
+ secret key.
+
+2008-10-01 Werner Koch <wk@g10code.com>
+
+ * tools.texi (Controlling gpg-connect-agent): Describe /datafile.
+
+2008-09-23 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (OpenPGP Key Management): Clarify setpref a bit.
+
+2008-08-30 Werner Koch <wk@g10code.com>
+
+ * yat2m.c (write_th): Print a note that this is generated source.
+ (VERSION): Bump up to 1.0.
+
+2008-07-30 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (GPGSM Configuration): Mention com-cert.pem.
+
+2008-06-25 Werner Koch <wk@g10code.com>
+
+ * qualified.txt: Add new BnetzA certs 12R and 13R.
+ * com-certs.pem: Ditto.
+ * examples/trustlist.txt: Ditto.
+
+2008-06-19 Werner Koch <wk@g10code.com>
+
+ * tools.texi (Listing options): Describe new complect gpgconf type
+ "alias list".
+
+2008-06-16 Werner Koch <wk@g10code.com>
+
+ * DETAILS (group): Document %ask-passphrase.
+
+2008-05-26 Werner Koch <wk@g10code.com>
+
+ * gpgv.texi: Minor fixes. Fixes bug#918.
+
+ * opt-homedir.texi: Typo fixes. Fixes bug#917.
+
+2008-05-26 Marcus Brinkmann <marcus@g10code.de>
+
+ * tools.texi (Invoking gpgconf): Document --list-dirs.
+
+2008-05-20 Marcus Brinkmann <marcus@g10code.de>
+
+ * tools.texi (Invoking gpgconf): Add --dry-run and --check-options.
+ (Checking programs): Document --check-options.
+
+2008-05-15 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpg.texi (Operational GPG Commands): Mention the way to change
+ the default signing key.
+
+2008-05-06 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (myman_pages): Add gpg-zip.1.
+
+ * tools.texi (gpg-zip): Add new section.
+
+2008-04-08 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration Options): Change subkeys.pgp.net to
+ keys.gnupg.net. Describe --auto-key-locate mechanisms local and
+ nodefault.
+
+2008-04-03 Werner Koch <wk@g10code.com>
+
+ * yat2m.c (proc_texi_cmd): Remove extra apostrophe from @samp and
+ use open and close quote to @file and @env.
+
+2008-04-02 Werner Koch <wk@g10code.com>
+
+ * opt-homedir.texi: Remove special case for Registry key.
+
+ * yat2m.c (proc_texi_cmd): Use the \(aq glyph for @samp. This is
+ bug#898.
+ (proc_texi_buffer): Handle backslashs correctly.
+
+2008-03-27 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (nobase_dist_doc_DATA, dist_html_DATA): New. Move
+ relevant files to here.
+ (install-html-local): Remove.
+
+2008-02-27 Marcus Brinkmann <marcus@g10code.de>
+
+ * tools.texi (Listing options): Document new types.
+
+2008-02-26 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration Options): Mention rfc4398.
+
+2008-02-05 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (GPG Esoteric Options): Tweak mention of Tempest font
+ to add a "claimed" in there.
+
+2008-01-29 Justin Pryzby <jpryzby+d@quoininc.com> (wk)
+
+ * gpg-agent.texi (Agent Options): Grammar fixes
+
+ * qualified.txt: Spelling fixes.
+
+2008-01-28 Justin Pryzby <jpryzby+d@quoininc.com> (wk)
+
+ * gpg-agent.texi, yat2m.c, scdaemon.texi, qualified.txt
+ * tools.texi, gpgsm.texi: Typo fixes and minor grammer fixes.
+
+2008-01-10 Werner Koch <wk@g10code.com>
+
+ * qualified.txt: Add missing country tag to the last entries.
+ Reported by Marcus Brinkmann.
+
+2008-01-10 Marcus Brinkmann <marcus@g10code.de>
+
+ * tools.texi (gpgconf): Some clarifications.
+
+2008-01-02 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Esoteric Options): Mention --log-file.
+
+2007-12-13 Werner Koch <wk@g10code.com>
+
+ * qualified.txt: Add 2 root certs from S-Trust for 2008-2012.
+ * examples/trustlist.txt: Ditto.
+ * com-certs.pem: Ditto.
+
+ * gpgsm.texi (Esoteric Options): Document --extra-digest-algo.
+
+2007-12-12 Werner Koch <wk@g10code.com>
+
+ * gpg.texi: Typo fixes. From Christer Andersson.
+
+2007-12-04 Werner Koch <wk@g10code.com>
+
+ * help.txt: New online help file.
+ * help.be.txt, help.ca.txt, help.cs.txt, help.da.txt, help.de.txt
+ * help.el.txt, help.eo.txt, help.es.txt, help.et.txt, help.fi.txt
+ * help.fr.txt, help.gl.txt, help.hu.txt, help.id.txt, help.it.txt
+ * help.ja.txt, help.nb.txt, help.pl.txt, help.pt.txt
+ * help.pt_BR.txt, help.ro.txt, help.ru.txt, help.sk.txt
+ * help.sv.txt, help.tr.txt, help.zh_CN.txt, help.zh_TW.txt: New
+ online file, generated from teh current po files.
+ * Makefile.am (dist_pkgdata_DATA): Add them.
+
+2007-11-19 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration Options): English Grammar fix.
+ Thanks to Gerg Troxel.
+
+ * gpgsm.texi (Certificate Options): Document
+ --auto-issuer-key-retrieve.
+
+2007-11-15 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration): Add PINENTRY_USER_DATA.
+
+ * gpg-agent.texi (Agent Options): Add xauthority.
+
+2007-10-31 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpg-agent.texi (Agent Options): Fix typos, by Bernhard Reiter.
+
+2007-10-27 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi: Document --rfc4880 (the new --openpgp).
+
+2007-10-25 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi: Clarify --force-v3-sigs, --pgp2, and --pgp6 a bit.
+
+2007-10-23 Werner Koch <wk@g10code.com>
+
+ * tools.texi (Listing global options): New.
+
+2007-10-19 Werner Koch <wk@g10code.com>
+
+ * tools.texi (Controlling gpg-connect-agent): Updated.
+
+2007-08-29 Werner Koch <wk@g10code.com>
+
+ * tools.texi (Checking programs): New.
+
+2007-08-27 Werner Koch <wk@g10code.com>
+
+ * examples/pwpattern.list: New.
+
+2007-08-24 Werner Koch <wk@g10code.com>
+
+ * debugging.texi (Common Problems): Add "A root certifciate does
+ not validate."
+
+2007-08-14 Werner Koch <wk@g10code.com>
+
+ * glossary.texi (Glossary): Add a more items.
+
+2007-08-13 Werner Koch <wk@g10code.com>
+
+ * yat2m.c (proc_texi_cmd): Do not put @samp content between two
+ newlines.
+
+ * gpg-agent.texi (Agent Configuration): Explain the CM flag for
+ trustlist.txt.
+
+2007-08-09 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (Certificate Options): Describe --validation-model.
+
+2007-07-23 Werner Koch <wk@g10code.com>
+
+ * scdaemon.texi (Scdaemon Commands): Remove obsolete --print-atr.
+
+2007-07-17 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (Input and Output): Document --default-key.
+
+2007-07-04 Werner Koch <wk@g10code.com>
+
+ * gpl.texi: Updated to GPLv3.
+
+2007-06-22 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (Operational GPG Commands): Describe the flags used by
+ --check-sigs.
+
+2007-06-21 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (Certificate Management): Changed description of
+ --gen-key.
+
+2007-06-19 Werner Koch <wk@g10code.com>
+
+ * glossary.texi (Glossary): Describe PSE.
+
+2007-06-18 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Agent GETINFO): New.
+
+2007-06-06 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (yat2m): Use a plain rule to build it for the sake
+ of cross-compiling.
+
+ * yat2m.c (finish_page): Init SECT to NULL.
+
+2007-05-11 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (--export): Enhanced description.
+
+2007-05-09 Werner Koch <wk@g10code.com>
+
+ * examples/gpgconf.conf: Remove active example line.
+
+ * Makefile.am (online): Distinguish between released and svn manuals.
+
+2007-05-08 Werner Koch <wk@g10code.com>
+
+ * howtos.texi: New.
+ * howto-create-a-server-cert.texi: New.
+ * Makefile.am (gnupg_TEXINFOS): Add new files.
+
+ * gnupg.texi: Moved the logo for HTML more to the top.
+ * Makefile.am (install-html-local): New.
+ (DVIPS): Redefine to include srcdir.
+
+2007-05-04 Werner Koch <wk@g10code.com>
+
+ * gnupg.texi (Top): Fix typo and a grammar issue.
+ * Makefile.am (EXTRA_DIST): Add gnupg-logo.png. Suggested by
+ Bernard Leak.
+
+2007-04-15 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (OpenPGP Options): Update the personal-foo-preferences
+ documentation a bit.
+
+2007-04-10 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration Options): Document --batch, no-tty,
+ --yes and --no.
+
+2007-03-08 Werner Koch <wk@g10code.com>
+
+ * gnupg-logo.png, gnupg-logo.eps, gnupg-logo.pdf: New.
+ * gnupg-badge-openpgp.eps, gnupg-badge-openpgp.eps
+ * gnupg-badge-openpgp.jpg: Removed.
+ * gnupg.texi: Use new logo.
+
+2007-03-07 Werner Koch <wk@g10code.com>
+
+ * tools.texi (applygnupgdefaults): New.
+
+2007-03-06 Werner Koch <wk@g10code.com>
+
+ * examples/gpgconf.conf: New.
+
+2007-03-04 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (GPG Esoteric Options): Document
+ --allow-multiple-messages.
+
+2007-02-26 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Configuration): Document envvar LANGUAGE.
+ (GPG Configuration Options): Document show-primary-uid-only.
+
+2007-02-18 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Esoteric Options): No card reader options for gpg2.
+
+2007-02-14 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Agent Options): Doc --pinentry-touch-file.
+
+2007-02-05 Werner Koch <wk@g10code.com>
+
+ * debugging.texi (Common Problems): Tell how to export a private
+ key without a certificate.
+
+2007-01-30 Werner Koch <wk@g10code.com>
+
+ * com-certs.pem: Added the current root certifcates of D-Trust and
+ S-Trust.
+
+2007-01-18 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi, specify-user-id.texi: Only some of the mentions of
+ exclamation marks have an example. Give examples to the rest.
+
+2007-01-17 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (GPG Configuration Options): Make http_proxy option
+ documentation match reality.
+ (BUGS): Warn about hibernate/safe-sleep/etc writing main RAM to
+ disk, despite locking.
+
+2006-12-08 Werner Koch <wk@g10code.com>
+
+ * gnupg.texi (direntry): Rename gpg to gpg2.
+
+2006-12-04 Werner Koch <wk@g10code.com>
+
+ * gpgv.texi: New.
+ * tools.texi: Include new file.
+
+2006-12-02 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi (GPG Esoteric Options): Document --passphrase-repeat.
+
+2006-11-14 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (GPGSM EXPORT): Document changes.
+
+2006-11-11 Werner Koch <wk@g10code.com>
+
+ * gnupg.texi (Top): Move gpg-agent part before gpg.
+
+2006-11-05 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi: Reference to --s2k-count in --s2k-mode.
+
+2006-10-30 Werner Koch <wk@g10code.com>
+
+ * faq.raw: Minor corrections.
+
+2006-10-12 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (man_MANS): Do not install gnupg.7 due to a conflict
+ with gpg1.
+
+2006-10-12 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.texi: Document --s2k-count.
+
+2006-09-25 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Examples): Add markup to all options. This is
+ required to have the double dashs printed correclty.
+
+2006-09-22 Werner Koch <wk@g10code.com>
+
+ * instguide.texi (Installation): New.
+ * assuan.texi (Assuan): Removed. Use the libassuan manual instead.
+ * gnupg.texi: Reflect these changes.
+
+ * gpg.texi: Make some parts depend on the "gpgone" set
+ command. This allows us to use the same source for gpg1 and gpg2.
+
+ * yat2m.c (parse_file): Better parsing of @ifset and ifclear.
+ (main): Allow definition of "-D gpgone".
+ (parse_file): Allow macro definitions.
+ (proc_texi_cmd): Expand macros.
+ (proc_texi_buffer): Process commands terminated by the closing
+ brace of the enclosing command.
+
+2006-09-20 Werner Koch <wk@g10code.com>
+
+ * texi.css: New. Note that the current vesion of makeinfo has a
+ bug while copying the @import directive. A pacth has been send to
+ upstream.
+
+2006-09-19 Werner Koch <wk@g10code.com>
+
+ * gpg.texi: Some restructuring.
+
+ * Makefile.am (online): New target.
+
+2006-09-18 Werner Koch <wk@g10code.com>
+
+ * com-certs.pem: New.
+
+2006-09-13 Werner Koch <wk@g10code.com>
+
+ * gpg.texi (GPG Esoteric Options): Fixed typo in
+ --require-cross-certification and made it the default.
+
+2006-09-11 Werner Koch <wk@g10code.com>
+
+ * HACKING: Cleaned up.
+
+2006-09-08 Werner Koch <wk@g10code.com>
+
+ * yat2m.c (parse_file): Ignore @node lines immediately.
+ (proc_texi_cmd): No special @end ifset processing anymore.
+
+ * specify-user-id.texi: New. Factored out of gpg.texi and ../README.
+
+2006-09-07 Werner Koch <wk@g10code.com>
+
+ * scdaemon.texi (Scdaemon Configuration): New.
+
+ * examples/scd-event: Event handler for sdaemon.
+ * examples/: New directory
+
+2006-08-22 Werner Koch <wk@g10code.com>
+
+ * yat2m.c (parse_file): Added code to skip a line after @mansect.
+
+ * gnupg7.texi: New.
+
+2006-08-21 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Added other doc files from gpg 1.4.
+
+2006-08-17 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Added rules to build man pages.
+
+ * yat2m.c: New.
+
+2006-02-14 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.texi (GPGSM Configuration): New section.
+
+2005-11-14 Werner Koch <wk@g10code.com>
+
+ * qualified.txt: Added real information.
+
+2005-11-13 Werner Koch <wk@g10code.com>
+
+ * qualified.txt: New.
+ * Makefile.am (dist_pkgdata_DATA): New.
+
+2005-08-16 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Agent Options): Note default file name for
+ --write-env-file.
+
+2005-06-03 Werner Koch <wk@g10code.com>
+
+ * debugging.texi (Architecture Details): New section, mostly empty.
+ * gnupg-card-architecture.fig: New.
+ * Makefile.am: Rules to build png and eps versions.
+
+ * gpg-agent.texi (Agent UPDATESTARTUPTTY): New.
+
+2005-05-17 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Agent Options): Removed --disable-pth.
+
+2005-04-27 Werner Koch <wk@g10code.com>
+
+ * tools.texi (symcryptrun): Added.
+
+ * scdaemon.texi: Removed OpenSC specific options.
+
+2005-04-20 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Agent Configuration): New section.
+
+2005-02-24 Werner Koch <wk@g10code.com>
+
+ * tools.texi (gpg-connect-agent): New.
+
+2005-02-14 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (Certificate Management): Document --import.
+
+2005-01-27 Moritz Schulte <moritz@g10code.com>
+
+ * gpg-agent.texi: Document ssh-agent emulation layer.
+
+2005-01-04 Werner Koch <wk@g10code.com>
+
+ * gnupg.texi: Updated to use @copying.
+
+2004-12-22 Werner Koch <wk@g10code.com>
+
+ * gnupg.texi: Reordered.
+ * contrib.texi: Updated.
+
+2004-12-21 Werner Koch <wk@g10code.com>
+
+ * tools.texi (gpg-preset-passphrase): New section.
+
+ * gnupg-badge-openpgp.eps, gnupg-badge-openpgp.jpg: New
+ * gnupg.texi: Add a logo.
+ * sysnotes.texi: New.
+
+2004-11-05 Werner Koch <wk@g10code.com>
+
+ * debugging.texi (Common Problems): Curses pinentry problem.
+
+2004-10-22 Werner Koch <wk@g10code.com>
+
+ * tools.texi (Helper Tools): Document gpgsm-gencert.sh.
+
+2004-10-05 Werner Koch <wk@g10code.com>
+
+ * gpg-agent.texi (Invoking GPG-AGENT): Tell that GPG_TTY needs to
+ be set in all cases.
+
+2004-09-30 Werner Koch <wk@g10code.com>
+
+ * gpg.texi: New.
+ * gnupg.texi: Include gpg.texi
+
+ * tools.texi: Add a few @command markups.
+ * gpgsm.texi: Ditto.
+ * gpg-agent.texi: Ditto.
+ * scdaemon.texi: Ditto.
+
+2004-09-30 Marcus Brinkmann <marcus@g10code.de>
+
+ * tools.texi (Changing options): Add documentation for gpgconf.
+
+ * contrib.texi (Contributors): Add two missing periods.
+
+2004-09-29 Werner Koch <wk@g10code.com>
+
+ * gpgsm.texi (Configuration Options): Add --log-file.
+
+ * gpg-agent.texi (Invoking GPG-AGENT): Add a few words about the
+ expected pinentry filename.
+
+ Changed license of the manual stuff to GPL.
+
+ * gnupg.texi (Top): New menu item Helper Tools.
+
+ * tools.texi (Helper Tools): New.
+ * Makefile.am (gnupg_TEXINFOS): Add tools.texi.
+
+2004-08-05 Werner Koch <wk@g10code.de>
+
+ * scdaemon.texi (Card applications): New section.
+
+2004-06-22 Werner Koch <wk@g10code.com>
+
+ * glossary.texi: New.
+
+2004-06-18 Werner Koch <wk@gnupg.org>
+
+ * debugging.texi: New.
+ * gnupg.texi: Include it.
+
+2004-05-11 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.texi (Esoteric Options): Add --debug-allow-core-dump.
+
+2004-05-03 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.texi (Agent Options): Add --allow-mark-trusted.
+
+2004-02-03 Werner Koch <wk@gnupg.org>
+
+ * contrib.texi (Contributors): Updated from the gpg 1.2.3 thanks
+ list.
+ * gpgsm.texi, gpg-agent.texi, scdaemon.texi: Language cleanups.
+
+2003-12-01 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.texi (Certificate Options): Add --{enable,disable}-ocsp.
+
+2003-11-17 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.texi (Scdaemon Options): Added --allow-admin and
+ --deny-admin.
+
+2003-10-27 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.texi (Agent GET_CONFIRMATION): New.
+
+2002-12-04 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.texi (Agent Signals): New.
+
+2002-12-03 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.texi (Operational Commands): Add --passwd and
+ --call-protect-tool.
+ * gpg-agent.texi (Agent PASSWD): New
+
+2002-11-13 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.texi (Invoking GPG-AGENT): Tell about GPG_TTY.
+
+2002-11-12 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.texi (Operational Commands): Add --call-dirmngr.
+
+2002-09-25 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.texi (Agent Options): Add --keep-tty and --keep-display.
+
+2002-09-12 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.texi (Invoking GPG-AGENT): Explained how to start only
+ one instance.
+
+2002-08-28 Werner Koch <wk@gnupg.org>
+
+ * gpg-agent.texi (Agent Options): Explained more options.
+ * scdaemon.texi (Scdaemon Options): Ditto.
+
+2002-08-09 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (gnupg_TEXINFOS): Include contrib.texi.
+
+2002-08-06 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.texi: Added more options.
+
+2002-07-26 Werner Koch <wk@gnupg.org>
+
+ * assuan.texi: New.
+ * gpgsm.texi, scdaemon.texi, gpg-agent.texi: Documented the Assuan
+ protocol used.
+
+2002-07-22 Werner Koch <wk@gnupg.org>
+
+ * gnupg.texi, scdaemon.texi, gpg-agent.texi: New.
+ * contrib.texi, gpl.texi, fdl.texi: New.
+ * gpgsm.texi: Made this an include file for gnupg.texi.
+ * Makefile.am: Build gnupg.info instead of gpgsm.info.
+
+2002-06-04 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.texi (Invocation): Described the various debug flags.
+
+2002-05-14 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am, gpgsm.texi: New.
+
+ Copyright 2002, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/doc/DETAILS b/doc/DETAILS
new file mode 100644
index 0000000..423eea9
--- /dev/null
+++ b/doc/DETAILS
@@ -0,0 +1,1299 @@
+ -*- text -*-
+Format of colon listings
+========================
+First an example:
+
+$ gpg --fixed-list-mode --with-colons --list-keys \
+ --with-fingerprint --with-fingerprint wk@gnupg.org
+
+pub:f:1024:17:6C7EE1B8621CC013:899817715:1055898235::m:::scESC:
+fpr:::::::::ECAF7590EB3443B5C7CF3ACB6C7EE1B8621CC013:
+uid:f::::::::Werner Koch <wk@g10code.com>:
+uid:f::::::::Werner Koch <wk@gnupg.org>:
+sub:f:1536:16:06AD222CADF6A6E1:919537416:1036177416:::::e:
+fpr:::::::::CF8BCC4B18DE08FCD8A1615906AD222CADF6A6E1:
+sub:r:1536:20:5CE086B5B5A18FF4:899817788:1025961788:::::esc:
+fpr:::::::::AB059359A3B81F410FCFF97F5CE086B5B5A18FF4:
+
+The double --with-fingerprint prints the fingerprint for the subkeys
+too. --fixed-list-mode is the modern listing way printing dates in
+seconds since Epoch and does not merge the first userID with the pub
+record; gpg2 does this by default and the option is a dummy.
+
+
+ 1. Field: Type of record
+ pub = public key
+ crt = X.509 certificate
+ crs = X.509 certificate and private key available
+ sub = subkey (secondary key)
+ sec = secret key
+ ssb = secret subkey (secondary key)
+ uid = user id (only field 10 is used).
+ uat = user attribute (same as user id except for field 10).
+ sig = signature
+ rev = revocation signature
+ fpr = fingerprint: (fingerprint is in field 10)
+ pkd = public key data (special field format, see below)
+ grp = keygrip
+ rvk = revocation key
+ tru = trust database information
+ spk = signature subpacket
+
+ 2. Field: A letter describing the calculated validity. This is a single
+ letter, but be prepared that additional information may follow
+ in some future versions. (not used for secret keys)
+ o = Unknown (this key is new to the system)
+ i = The key is invalid (e.g. due to a missing self-signature)
+ d = The key has been disabled
+ (deprecated - use the 'D' in field 12 instead)
+ r = The key has been revoked
+ e = The key has expired
+ - = Unknown validity (i.e. no value assigned)
+ q = Undefined validity
+ '-' and 'q' may safely be treated as the same
+ value for most purposes
+ n = The key is valid
+ m = The key is marginal valid.
+ f = The key is fully valid
+ u = The key is ultimately valid. This often means
+ that the secret key is available, but any key may
+ be marked as ultimately valid.
+
+ If the validity information is given for a UID or UAT
+ record, it describes the validity calculated based on this
+ user ID. If given for a key record it describes the best
+ validity taken from the best rated user ID.
+
+ For X.509 certificates a 'u' is used for a trusted root
+ certificate (i.e. for the trust anchor) and an 'f' for all
+ other valid certificates.
+
+ 3. Field: length of key in bits.
+
+ 4. Field: Algorithm: 1 = RSA
+ 16 = Elgamal (encrypt only)
+ 17 = DSA (sometimes called DH, sign only)
+ 20 = Elgamal (sign and encrypt - don't use them!)
+ (for other id's see include/cipher.h)
+
+ 5. Field: KeyID
+
+ 6. Field: Creation Date (in UTC). For UID and UAT records, this is
+ the self-signature date. Note that the date is usally
+ printed in seconds since epoch, however, we are migrating
+ to an ISO 8601 format (e.g. "19660205T091500"). This is
+ currently only relevant for X.509. A simple way to detect
+ the new format is to scan for the 'T'.
+
+ 7. Field: Key or user ID/user attribute expiration date or empty if none.
+
+ 8. Field: Used for serial number in crt records (used to be the Local-ID).
+ For UID and UAT records, this is a hash of the user ID contents
+ used to represent that exact user ID. For trust signatures,
+ this is the trust depth seperated by the trust value by a
+ space.
+
+ 9. Field: Ownertrust (primary public keys only)
+ This is a single letter, but be prepared that additional
+ information may follow in some future versions. For trust
+ signatures with a regular expression, this is the regular
+ expression value, quoted as in field 10.
+
+10. Field: User-ID. The value is quoted like a C string to avoid
+ control characters (the colon is quoted "\x3a").
+ For a "pub" record this field is not used on --fixed-list-mode.
+ A UAT record puts the attribute subpacket count here, a
+ space, and then the total attribute subpacket size.
+ In gpgsm the issuer name comes here
+ An FPR record stores the fingerprint here.
+ The fingerprint of an revocation key is stored here.
+
+11. Field: Signature class as per RFC-4880. This is a 2 digit
+ hexnumber followed by either the letter 'x' for an
+ exportable signature or the letter 'l' for a local-only
+ signature. The class byte of an revocation key is also
+ given here, 'x' and 'l' is used the same way. IT is not
+ used for X.509.
+
+12. Field: Key capabilities:
+ e = encrypt
+ s = sign
+ c = certify
+ a = authentication
+ A key may have any combination of them in any order. In
+ addition to these letters, the primary key has uppercase
+ versions of the letters to denote the _usable_
+ capabilities of the entire key, and a potential letter 'D'
+ to indicate a disabled key.
+
+13. Field: Used in FPR records for S/MIME keys to store the
+ fingerprint of the issuer certificate. This is useful to
+ build the certificate path based on certificates stored in
+ the local keyDB; it is only filled if the issuer
+ certificate is available. The root has been reached if
+ this is the same string as the fingerprint. The advantage
+ of using this value is that it is guaranteed to have been
+ been build by the same lookup algorithm as gpgsm uses.
+ For "uid" records this lists the preferences in the same
+ way the gpg's --edit-key menu does.
+ For "sig" records, this is the fingerprint of the key that
+ issued the signature. Note that this is only filled in if
+ the signature verified correctly. Note also that for
+ various technical reasons, this fingerprint is only
+ available if --no-sig-cache is used.
+
+14. Field Flag field used in the --edit menu output:
+
+15. Field Used in sec/sbb to print the serial number of a token
+ (internal protect mode 1002) or a '#' if that key is a
+ simple stub (internal protect mode 1001)
+
+All dates are displayed in the format yyyy-mm-dd unless you use the
+option --fixed-list-mode in which case they are displayed as seconds
+since Epoch. More fields may be added later, so parsers should be
+prepared for this. When parsing a number the parser should stop at the
+first non-number character so that additional information can later be
+added.
+
+If field 1 has the tag "pkd", a listing looks like this:
+pkd:0:1024:B665B1435F4C2 .... FF26ABB:
+ ! ! !-- the value
+ ! !------ for information number of bits in the value
+ !--------- index (eg. DSA goes from 0 to 3: p,q,g,y)
+
+
+Example for a "tru" trust base record:
+
+ tru:o:0:1166697654:1:3:1:5
+
+ The fields are:
+
+ 2: Reason for staleness of trust. If this field is empty, then the
+ trustdb is not stale. This field may have multiple flags in it:
+
+ o: Trustdb is old
+ t: Trustdb was built with a different trust model than the one we
+ are using now.
+
+ 3: Trust model:
+ 0: Classic trust model, as used in PGP 2.x.
+ 1: PGP trust model, as used in PGP 6 and later. This is the same
+ as the classic trust model, except for the addition of trust
+ signatures.
+
+ GnuPG before version 1.4 used the classic trust model by default.
+ GnuPG 1.4 and later uses the PGP trust model by default.
+
+ 4: Date trustdb was created in seconds since 1970-01-01.
+ 5: Date trustdb will expire in seconds since 1970-01-01.
+ 6: Number of marginally trusted users to introduce a new key signer
+ (gpg's option --marginals-needed)
+ 7: Number of completely trusted users to introduce a new key signer.
+ (gpg's option --completes-needed)
+ 8: Maximum depth of a certification chain.
+ *gpg's option --max-cert-depth)
+
+The "spk" signature subpacket records have the fields:
+
+ 2: Subpacket number as per RFC-4880 and later.
+ 3: Flags in hex. Currently the only two bits assigned are 1, to
+ indicate that the subpacket came from the hashed part of the
+ signature, and 2, to indicate the subpacket was marked critical.
+ 4: Length of the subpacket. Note that this is the length of the
+ subpacket, and not the length of field 5 below. Due to the need
+ for %-encoding, the length of field 5 may be up to 3x this value.
+ 5: The subpacket data. Printable ASCII is shown as ASCII, but other
+ values are rendered as %XX where XX is the hex value for the byte.
+
+
+Format of the "--status-fd" output
+==================================
+Every line is prefixed with "[GNUPG:] ", followed by a keyword with
+the type of the status line and a some arguments depending on the
+type (maybe none); an application should always be prepared to see
+more arguments in future versions.
+
+
+ NEWSIG
+ May be issued right before a signature verification starts. This
+ is useful to define a context for parsing ERROR status
+ messages. No arguments are currently defined.
+
+ GOODSIG <long_keyid_or_fpr> <username>
+ The signature with the keyid is good. For each signature only
+ one of the codes GOODSIG, BADSIG, EXPSIG, EXPKEYSIG, REVKEYSIG
+ or ERRSIG will be emitted. In the past they were used as a
+ marker for a new signature; new code should use the NEWSIG
+ status instead. The username is the primary one encoded in
+ UTF-8 and %XX escaped. The fingerprint may be used instead of
+ the long keyid if it is available. This is the case with CMS
+ and might eventually also be available for OpenPGP.
+
+ EXPSIG <long_keyid_or_fpr> <username>
+ The signature with the keyid is good, but the signature is
+ expired. The username is the primary one encoded in UTF-8 and
+ %XX escaped. The fingerprint may be used instead of the long
+ keyid if it is available. This is the case with CMS and might
+ eventually also be available for OpenPGP.
+
+ EXPKEYSIG <long_keyid_or_fpr> <username>
+ The signature with the keyid is good, but the signature was
+ made by an expired key. The username is the primary one
+ encoded in UTF-8 and %XX escaped. The fingerprint may be used
+ instead of the long keyid if it is available. This is the
+ case with CMS and might eventually also be available for
+ OpenPGP.
+
+ REVKEYSIG <long_keyid_or_fpr> <username>
+ The signature with the keyid is good, but the signature was
+ made by a revoked key. The username is the primary one encoded
+ in UTF-8 and %XX escaped. The fingerprint may be used instead
+ of the long keyid if it is available. This is the case with
+ CMS and might eventually also be available for OpenPGP.
+
+ BADSIG <long_keyid_or_fpr> <username>
+ The signature with the keyid has not been verified okay. The
+ username is the primary one encoded in UTF-8 and %XX
+ escaped. The fingerprint may be used instead of the long keyid
+ if it is available. This is the case with CMS and might
+ eventually also be available for OpenPGP.
+
+ ERRSIG <long_keyid_or_fpr> <pubkey_algo> <hash_algo> \
+ <sig_class> <timestamp> <rc>
+ It was not possible to check the signature. This may be
+ caused by a missing public key or an unsupported algorithm. A
+ RC of 4 indicates unknown algorithm, a 9 indicates a missing
+ public key. The other fields give more information about this
+ signature. sig_class is a 2 byte hex-value. The fingerprint
+ may be used instead of the long keyid if it is available.
+ This is the case with CMS and might eventually also be
+ available for OpenPGP.
+
+ Note, that TIMESTAMP may either be a number with seconds since
+ epoch or an ISO 8601 string which can be detected by the
+ presence of the letter 'T' inside.
+
+ VALIDSIG <fingerprint in hex> <sig_creation_date> <sig-timestamp>
+ <expire-timestamp> <sig-version> <reserved> <pubkey-algo>
+ <hash-algo> <sig-class> [ <primary-key-fpr> ]
+
+ The signature with the keyid is good. This is the same as
+ GOODSIG but has the fingerprint as the argument. Both status
+ lines are emitted for a good signature. All arguments here
+ are on one long line. sig-timestamp is the signature creation
+ time in seconds after the epoch. expire-timestamp is the
+ signature expiration time in seconds after the epoch (zero
+ means "does not expire"). sig-version, pubkey-algo, hash-algo,
+ and sig-class (a 2-byte hex value) are all straight from the
+ signature packet. PRIMARY-KEY-FPR is the fingerprint of the
+ primary key or identical to the first argument. This is
+ useful to get back to the primary key without running gpg
+ again for this purpose.
+
+ The primary-key-fpr parameter is used for OpenPGP and not
+ available for CMS signatures. The sig-version as well as the
+ sig class is not defined for CMS and currently set to 0 and 00.
+
+ Note, that *-TIMESTAMP may either be a number with seconds
+ since epoch or an ISO 8601 string which can be detected by the
+ presence of the letter 'T' inside.
+
+ SIG_ID <radix64_string> <sig_creation_date> <sig-timestamp>
+ This is emitted only for signatures of class 0 or 1 which
+ have been verified okay. The string is a signature id
+ and may be used in applications to detect replay attacks
+ of signed messages. Note that only DLP algorithms give
+ unique ids - others may yield duplicated ones when they
+ have been created in the same second.
+
+ Note, that SIG-TIMESTAMP may either be a number with seconds
+ since epoch or an ISO 8601 string which can be detected by the
+ presence of the letter 'T' inside.
+
+ ENC_TO <long_keyid> <keytype> <keylength>
+ The message is encrypted to this LONG_KEYID. KEYTYPE is the
+ numerical value of the public key algorithm or 0 if it is not
+ known, KEYLENGTH is the length of the key or 0 if it is not
+ known (which is currently always the case). Gpg prints this
+ line always; Gpgsm only if it knows the certificate.
+
+ NODATA <what>
+ No data has been found. Codes for what are:
+ 1 - No armored data.
+ 2 - Expected a packet but did not found one.
+ 3 - Invalid packet found, this may indicate a non OpenPGP
+ message.
+ 4 - signature expected but not found
+ You may see more than one of these status lines.
+
+ UNEXPECTED <what>
+ Unexpected data has been encountered
+ 0 - not further specified 1
+
+
+ TRUST_UNDEFINED <error token>
+ TRUST_NEVER <error token>
+ TRUST_MARGINAL [0 [<validation_model>]]
+ TRUST_FULLY [0 [<validation_model>]]
+ TRUST_ULTIMATE [0 [<validation_model>]]
+ For good signatures one of these status lines are emitted to
+ indicate the validity of the key used to create the signature.
+ The error token values are currently only emitted by gpgsm.
+ VALIDATION_MODEL describes the algorithm used to check the
+ validity of the key. The defaults are the standard Web of
+ Trust model for gpg and the the standard X.509 model for
+ gpgsm. The defined values are
+
+ "pgp" for the standard PGP WoT.
+ "shell" for the standard X.509 model.
+ "chain" for the chain model.
+
+ Note that we use the term "TRUST_" in the status names for
+ historic reasons; we now speak of validity.
+
+ PKA_TRUST_GOOD <mailbox>
+ PKA_TRUST_BAD <mailbox>
+ Depending on the outcome of the PKA check one of the above
+ status codes is emitted in addition to a TRUST_* status.
+ Without PKA info available or
+
+ SIGEXPIRED
+ This is deprecated in favor of KEYEXPIRED.
+
+ KEYEXPIRED <expire-timestamp>
+ The key has expired. expire-timestamp is the expiration time
+ in seconds since Epoch. This status line is not very useful
+ because it will also be emitted for expired subkeys even if
+ this subkey is not used. To check whether a key used to sign
+ a message has expired, the EXPKEYSIG status line is to be
+ used.
+
+ Note, that TIMESTAMP may either be a number with seconds since
+ epoch or an ISO 8601 string which can be detected by the
+ presence of the letter 'T' inside.
+
+ KEYREVOKED
+ The used key has been revoked by its owner. No arguments yet.
+
+ BADARMOR
+ The ASCII armor is corrupted. No arguments yet.
+
+ RSA_OR_IDEA
+ The IDEA algorithms has been used in the data. A
+ program might want to fallback to another program to handle
+ the data if GnuPG failed. This status message used to be emitted
+ also for RSA but this has been dropped after the RSA patent expired.
+ However we can't change the name of the message.
+
+ SHM_INFO
+ SHM_GET
+ SHM_GET_BOOL
+ SHM_GET_HIDDEN
+
+ GET_BOOL
+ GET_LINE
+ GET_HIDDEN
+ GOT_IT
+
+ NEED_PASSPHRASE <long main keyid> <long keyid> <keytype> <keylength>
+ Issued whenever a passphrase is needed.
+ keytype is the numerical value of the public key algorithm
+ or 0 if this is not applicable, keylength is the length
+ of the key or 0 if it is not known (this is currently always the case).
+
+ NEED_PASSPHRASE_SYM <cipher_algo> <s2k_mode> <s2k_hash>
+ Issued whenever a passphrase for symmetric encryption is needed.
+
+ NEED_PASSPHRASE_PIN <card_type> <chvno> [<serialno>]
+ Issued whenever a PIN is requested to unlock a card.
+
+ MISSING_PASSPHRASE
+ No passphrase was supplied. An application which encounters this
+ message may want to stop parsing immediately because the next message
+ will probably be a BAD_PASSPHRASE. However, if the application
+ is a wrapper around the key edit menu functionality it might not
+ make sense to stop parsing but simply ignoring the following
+ BAD_PASSPHRASE.
+
+ BAD_PASSPHRASE <long keyid>
+ The supplied passphrase was wrong or not given. In the latter case
+ you may have seen a MISSING_PASSPHRASE.
+
+ GOOD_PASSPHRASE
+ The supplied passphrase was good and the secret key material
+ is therefore usable.
+
+ DECRYPTION_FAILED
+ The symmetric decryption failed - one reason could be a wrong
+ passphrase for a symmetrical encrypted message.
+
+ DECRYPTION_OKAY
+ The decryption process succeeded. This means, that either the
+ correct secret key has been used or the correct passphrase
+ for a conventional encrypted message was given. The program
+ itself may return an errorcode because it may not be possible to
+ verify a signature for some reasons.
+
+ NO_PUBKEY <long keyid>
+ NO_SECKEY <long keyid>
+ The key is not available
+
+ IMPORT_CHECK <long keyid> <fingerprint> <user ID>
+ This status is emitted in interactive mode right before
+ the "import.okay" prompt.
+
+ IMPORTED <long keyid> <username>
+ The keyid and name of the signature just imported
+
+ IMPORT_OK <reason> [<fingerprint>]
+ The key with the primary key's FINGERPRINT has been imported.
+ Reason flags:
+ 0 := Not actually changed
+ 1 := Entirely new key.
+ 2 := New user IDs
+ 4 := New signatures
+ 8 := New subkeys
+ 16 := Contains private key.
+ The flags may be ORed.
+
+ IMPORT_PROBLEM <reason> [<fingerprint>]
+ Issued for each import failure. Reason codes are:
+ 0 := "No specific reason given".
+ 1 := "Invalid Certificate".
+ 2 := "Issuer Certificate missing".
+ 3 := "Certificate Chain too long".
+ 4 := "Error storing certificate".
+
+ IMPORT_RES <count> <no_user_id> <imported> <imported_rsa> <unchanged>
+ <n_uids> <n_subk> <n_sigs> <n_revoc> <sec_read> <sec_imported>
+ <sec_dups> <skipped_new_keys> <not_imported>
+ Final statistics on import process (this is one long line)
+
+ FILE_START <what> <filename>
+ Start processing a file <filename>. <what> indicates the performed
+ operation:
+ 1 - verify
+ 2 - encrypt
+ 3 - decrypt
+
+ FILE_DONE
+ Marks the end of a file processing which has been started
+ by FILE_START.
+
+ BEGIN_DECRYPTION
+ END_DECRYPTION
+ Mark the start and end of the actual decryption process. These
+ are also emitted when in --list-only mode.
+
+ BEGIN_ENCRYPTION <mdc_method> <sym_algo>
+ END_ENCRYPTION
+ Mark the start and end of the actual encryption process.
+
+ BEGIN_SIGNING
+ Mark the start of the actual signing process. This may be used
+ as an indication that all requested secret keys are ready for
+ use.
+
+ DELETE_PROBLEM reason_code
+ Deleting a key failed. Reason codes are:
+ 1 - No such key
+ 2 - Must delete secret key first
+ 3 - Ambigious specification
+
+ PROGRESS what char cur total
+ Used by the primegen and Public key functions to indicate progress.
+ "char" is the character displayed with no --status-fd enabled, with
+ the linefeed replaced by an 'X'. "cur" is the current amount
+ done and "total" is amount to be done; a "total" of 0 indicates that
+ the total amount is not known. The condition
+ TOATL && CUR == TOTAL
+ may be used to detect the end of an operation.
+ Well known values for WHAT:
+ "pk_dsa" - DSA key generation
+ "pk_elg" - Elgamal key generation
+ "primegen" - Prime generation
+ "need_entropy" - Waiting for new entropy in the RNG
+ "file:XXX" - processing file XXX
+ (note that current gpg versions leave out the
+ "file:" prefix).
+ "tick" - generic tick without any special meaning - useful
+ for letting clients know that the server is
+ still working.
+ "starting_agent" - A gpg-agent was started because it is not
+ running as a daemon.
+ "learncard" Send by the agent and gpgsm while learing
+ the data of a smartcard.
+ "card_busy" A smartcard is still working
+
+ SIG_CREATED <type> <pubkey algo> <hash algo> <class> <timestamp> <key fpr>
+ A signature has been created using these parameters.
+ type: 'D' = detached
+ 'C' = cleartext
+ 'S' = standard
+ (only the first character should be checked)
+ class: 2 hex digits with the signature class
+
+ Note, that TIMESTAMP may either be a number with seconds since
+ epoch or an ISO 8601 string which can be detected by the
+ presence of the letter 'T' inside.
+
+ KEY_CREATED <type> <fingerprint> [<handle>]
+ A key has been created
+ type: 'B' = primary and subkey
+ 'P' = primary
+ 'S' = subkey
+ The fingerprint is one of the primary key for type B and P and
+ the one of the subkey for S. Handle is an arbitrary
+ non-whitespace string used to match key parameters from batch
+ key creation run.
+
+ KEY_NOT_CREATED [<handle>]
+ The key from batch run has not been created due to errors.
+
+
+ SESSION_KEY <algo>:<hexdigits>
+ The session key used to decrypt the message. This message will
+ only be emitted when the special option --show-session-key
+ is used. The format is suitable to be passed to the option
+ --override-session-key
+
+ NOTATION_NAME <name>
+ NOTATION_DATA <string>
+ name and string are %XX escaped; the data may be split
+ among several NOTATION_DATA lines.
+
+ USERID_HINT <long main keyid> <string>
+ Give a hint about the user ID for a certain keyID.
+
+ POLICY_URL <string>
+ string is %XX escaped
+
+ BEGIN_STREAM
+ END_STREAM
+ Issued by pipemode.
+
+ INV_RECP <reason> <requested_recipient>
+ INV_SGNR <reason> <requested_sender>
+ Issued for each unusable recipient/sender. The reasons codes
+ currently in use are:
+ 0 := "No specific reason given".
+ 1 := "Not Found"
+ 2 := "Ambigious specification"
+ 3 := "Wrong key usage"
+ 4 := "Key revoked"
+ 5 := "Key expired"
+ 6 := "No CRL known"
+ 7 := "CRL too old"
+ 8 := "Policy mismatch"
+ 9 := "Not a secret key"
+ 10 := "Key not trusted"
+ 11 := "Missing certificate"
+ 12 := "Missing issuer certificate"
+
+ Note that for historical reasons the INV_RECP status is also
+ used for gpgsm's SIGNER command where it relates to signer's
+ of course. Newer GnuPG versions are using INV_SGNR;
+ applications should ignore the INV_RECP during the sender's
+ command processing once they have seen an INV_SGNR. We use
+ different code so that we can distinguish them while doing an
+ encrypt+sign.
+
+
+ NO_RECP <reserved>
+ NO_SGNR <reserved>
+ Issued when no recipients/senders are usable.
+
+ ALREADY_SIGNED <long-keyid>
+ Warning: This is experimental and might be removed at any time.
+
+ TRUNCATED <maxno>
+ The output was truncated to MAXNO items. This status code is issued
+ for certain external requests
+
+ ERROR <error location> <error code> [<more>]
+
+ This is a generic error status message, it might be followed
+ by error location specific data. <error code> and
+ <error_location> should not contain spaces. The error code is
+ a either a string commencing with a letter or such a string
+ prefixed with a numerical error code and an underscore; e.g.:
+ "151011327_EOF".
+
+ SUCCESS [<location>]
+ Postive confirimation that an operation succeeded. <location>
+ is optional but if given should not contain spaces.
+ Used only with a few commands.
+
+
+ ATTRIBUTE <fpr> <octets> <type> <index> <count>
+ <timestamp> <expiredate> <flags>
+ This is one long line issued for each attribute subpacket when
+ an attribute packet is seen during key listing. <fpr> is the
+ fingerprint of the key. <octets> is the length of the
+ attribute subpacket. <type> is the attribute type
+ (1==image). <index>/<count> indicates that this is the Nth
+ indexed subpacket of count total subpackets in this attribute
+ packet. <timestamp> and <expiredate> are from the
+ self-signature on the attribute packet. If the attribute
+ packet does not have a valid self-signature, then the
+ timestamp is 0. <flags> are a bitwise OR of:
+ 0x01 = this attribute packet is a primary uid
+ 0x02 = this attribute packet is revoked
+ 0x04 = this attribute packet is expired
+
+ CARDCTRL <what> [<serialno>]
+ This is used to control smartcard operations.
+ Defined values for WHAT are:
+ 1 = Request insertion of a card. Serialnumber may be given
+ to request a specific card. Used by gpg 1.4 w/o scdaemon.
+ 2 = Request removal of a card. Used by gpg 1.4 w/o scdaemon.
+ 3 = Card with serialnumber detected
+ 4 = No card available.
+ 5 = No card reader available
+ 6 = No card support available
+
+ PLAINTEXT <format> <timestamp> <filename>
+ This indicates the format of the plaintext that is about to be
+ written. The format is a 1 byte hex code that shows the
+ format of the plaintext: 62 ('b') is binary data, 74 ('t') is
+ text data with no character set specified, and 75 ('u') is
+ text data encoded in the UTF-8 character set. The timestamp
+ is in seconds since the epoch. If a filename is available it
+ gets printed as the third argument, percent-escaped as usual.
+
+ PLAINTEXT_LENGTH <length>
+ This indicates the length of the plaintext that is about to be
+ written. Note that if the plaintext packet has partial length
+ encoding it is not possible to know the length ahead of time.
+ In that case, this status tag does not appear.
+
+ SIG_SUBPACKET <type> <flags> <len> <data>
+ This indicates that a signature subpacket was seen. The
+ format is the same as the "spk" record above.
+
+ SC_OP_FAILURE [<code>]
+ An operation on a smartcard definitely failed. Currently
+ there is no indication of the actual error code, but
+ application should be prepared to later accept more arguments.
+ Defined values for CODE are:
+ 0 - unspecified error (identically to a missing CODE)
+ 1 - canceled
+ 2 - bad PIN
+
+ SC_OP_SUCCESS
+ A smart card operaion succeeded. This status is only printed
+ for certain operation and is mostly useful to check whether a
+ PIN change really worked.
+
+ BACKUP_KEY_CREATED fingerprint fname
+ A backup key named FNAME has been created for the key with
+ KEYID.
+
+ MOUNTPOINT <name>
+ NAME is a percent-plus escaped filename describing the
+ mountpoint for the current operation (e.g. g13 --mount). This
+ may either be the specified mountpoint or one randomly choosen
+ by g13.
+
+ DECRYPTION_INFO <mdc_method> <sym_algo>
+ Print information about the symmetric encryption algorithm and
+ the MDC method. This will be emitted even if the decryption
+ fails.
+
+
+
+Format of the "--attribute-fd" output
+=====================================
+
+When --attribute-fd is set, during key listings (--list-keys,
+--list-secret-keys) GnuPG dumps each attribute packet to the file
+descriptor specified. --attribute-fd is intended for use with
+--status-fd as part of the required information is carried on the
+ATTRIBUTE status tag (see above).
+
+The contents of the attribute data is specified by RFC 4880. For
+convenience, here is the Photo ID format, as it is currently the only
+attribute defined:
+
+ Byte 0-1: The length of the image header. Due to a historical
+ accident (i.e. oops!) back in the NAI PGP days, this is
+ a little-endian number. Currently 16 (0x10 0x00).
+
+ Byte 2: The image header version. Currently 0x01.
+
+ Byte 3: Encoding format. 0x01 == JPEG.
+
+ Byte 4-15: Reserved, and currently unused.
+
+ All other data after this header is raw image (JPEG) data.
+
+
+Format of the "--list-config" output
+====================================
+
+--list-config outputs information about the GnuPG configuration for
+the benefit of frontends or other programs that call GnuPG. There are
+several list-config items, all colon delimited like the rest of the
+--with-colons output. The first field is always "cfg" to indicate
+configuration information. The second field is one of (with
+examples):
+
+version: the third field contains the version of GnuPG.
+
+ cfg:version:1.3.5
+
+pubkey: the third field contains the public key algorithmdcaiphers
+ this version of GnuPG supports, separated by semicolons. The
+ algorithm numbers are as specified in RFC-4880. Note that in
+ contrast to the --status-fd interface these are _not_ the
+ Libgcrypt identifiers.
+
+ cfg:pubkey:1;2;3;16;17
+
+cipher: the third field contains the symmetric ciphers this version of
+ GnuPG supports, separated by semicolons. The cipher numbers
+ are as specified in RFC-4880.
+
+ cfg:cipher:2;3;4;7;8;9;10
+
+digest: the third field contains the digest (hash) algorithms this
+ version of GnuPG supports, separated by semicolons. The
+ digest numbers are as specified in RFC-4880.
+
+ cfg:digest:1;2;3;8;9;10
+
+compress: the third field contains the compression algorithms this
+ version of GnuPG supports, separated by semicolons. The
+ algorithm numbers are as specified in RFC-4880.
+
+ cfg:compress:0;1;2;3
+
+group: the third field contains the name of the group, and the fourth
+ field contains the values that the group expands to, separated
+ by semicolons.
+
+For example, a group of:
+ group mynames = paige 0x12345678 joe patti
+
+would result in:
+ cfg:group:mynames:patti;joe;0x12345678;paige
+
+
+Key generation
+==============
+ See the Libcrypt manual.
+
+
+Unattended key generation
+=========================
+This feature allows unattended generation of keys controlled by a
+parameter file. To use this feature, you use --gen-key together with
+--batch and feed the parameters either from stdin or from a file given
+on the commandline.
+
+The format of this file is as follows:
+ o Text only, line length is limited to about 1000 chars.
+ o You must use UTF-8 encoding to specify non-ascii characters.
+ o Empty lines are ignored.
+ o Leading and trailing spaces are ignored.
+ o A hash sign as the first non white space character indicates a comment line.
+ o Control statements are indicated by a leading percent sign, the
+ arguments are separated by white space from the keyword.
+ o Parameters are specified by a keyword, followed by a colon. Arguments
+ are separated by white space.
+ o The first parameter must be "Key-Type", control statements
+ may be placed anywhere.
+ o Key generation takes place when either the end of the parameter file
+ is reached, the next "Key-Type" parameter is encountered or at the
+ control statement "%commit"
+ o Control statements:
+ %echo <text>
+ Print <text>.
+ %dry-run
+ Suppress actual key generation (useful for syntax checking).
+ %commit
+ Perform the key generation. An implicit commit is done
+ at the next "Key-Type" parameter.
+ %pubring <filename>
+ %secring <filename>
+ Do not write the key to the default or commandline given
+ keyring but to <filename>. This must be given before the first
+ commit to take place, duplicate specification of the same filename
+ is ignored, the last filename before a commit is used.
+ The filename is used until a new filename is used (at commit points)
+ and all keys are written to that file. If a new filename is given,
+ this file is created (and overwrites an existing one).
+ GnuPG < 2.1: Both control statements must be given.
+ GnuPG >= 2.1: "%secring" is now a no-op.
+ %ask-passphrase
+ Enable a mode where the command "passphrase" is ignored and
+ instead the usual passphrase dialog is used. This does not
+ make sense for batch key generation; however the unattended
+ key generation feature is also used by GUIs and this feature
+ relinquishes the GUI from implementing its own passphrase
+ entry code. This is a global option.
+ %no-ask-passphrase
+ Disable the ask-passphrase mode.
+ %no-protection
+ With GnuPG 2.1 it is not anymore possible to specify a
+ passphrase for unattended key generation. The passphrase
+ command is simply ignored and %ask-passpharse is thus
+ implicitly enabled. Using this option allows to the creation
+ of keys without any passphrases. This option is mainly
+ intended for regression tests.
+ %transient-key
+ If given the keys are created using a faster and a somewhat
+ less secure random number generator. This option may be used
+ for keys which are only used for a short time and do not
+ require full cryptographic strength. It takes only effect if
+ used together with the option no-protection.
+
+ o The order of the parameters does not matter except for "Key-Type"
+ which must be the first parameter. The parameters are only for the
+ generated keyblock and parameters from previous key generations are not
+ used. Some syntactically checks may be performed.
+ The currently defined parameters are:
+ Key-Type: <algo-number>|<algo-string>
+ Starts a new parameter block by giving the type of the primary
+ key. The algorithm must be capable of signing. This is a
+ required parameter. It may be "default" to use the default
+ one; in this case don't give a Key-Usage and use "default" for
+ the Subkey-Type.
+ Key-Length: <length-in-bits>
+ Length of the key in bits. The default is returned by running
+ the command "gpg --gpgconf-list".
+ Key-Usage: <usage-list>
+ Space or comma delimited list of key usage, allowed values are
+ "encrypt", "sign", and "auth". This is used to generate the
+ key flags. Please make sure that the algorithm is capable of
+ this usage. Note that OpenPGP requires that all primary keys
+ are capable of certification, so no matter what usage is given
+ here, the "cert" flag will be on. If no Key-Usage is
+ specified and the key-type is not "default", all allowed
+ usages for that particular algorithm are used; if it is not
+ given but "default" is used the usage will be "sign".
+ Subkey-Type: <algo-number>|<algo-string>
+ This generates a secondary key. Currently only one subkey
+ can be handled. "default" is also supported.
+ Subkey-Length: <length-in-bits>
+ Length of the subkey in bits. The default is returned by running
+ the command "gpg --gpgconf-list".
+ Subkey-Usage: <usage-list>
+ Similar to Key-Usage.
+ Passphrase: <string>
+ If you want to specify a passphrase for the secret key,
+ enter it here. Default is not to use any passphrase.
+ Name-Real: <string>
+ Name-Comment: <string>
+ Name-Email: <string>
+ The 3 parts of a key. Remember to use UTF-8 here.
+ If you don't give any of them, no user ID is created.
+ Expire-Date: <iso-date>|(<number>[d|w|m|y])
+ Set the expiration date for the key (and the subkey). It may
+ either be entered in ISO date format (2000-08-15) or as number
+ of days, weeks, month or years. The special notation
+ "seconds=N" is also allowed to directly give an Epoch
+ value. Without a letter days are assumed. Note that there is
+ no check done on the overflow of the type used by OpenPGP for
+ timestamps. Thus you better make sure that the given value
+ make sense. Although OpenPGP works with time intervals, GnuPG
+ uses an absolute value internally and thus the last year we
+ can represent is 2105.
+ Creation-Date: <iso-date>
+ Set the creation date of the key as stored in the key
+ information and which is also part of the fingerprint
+ calculation. Either a date like "1986-04-26" or a full
+ timestamp like "19860426T042640" may be used. The time is
+ considered to be UTC. If it is not given the current time
+ is used.
+ Preferences: <string>
+ Set the cipher, hash, and compression preference values for
+ this key. This expects the same type of string as "setpref"
+ in the --edit menu.
+ Revoker: <algo>:<fpr> [sensitive]
+ Add a designated revoker to the generated key. Algo is the
+ public key algorithm of the designated revoker (i.e. RSA=1,
+ DSA=17, etc.) Fpr is the fingerprint of the designated
+ revoker. The optional "sensitive" flag marks the designated
+ revoker as sensitive information. Only v4 keys may be
+ designated revokers.
+ Handle: <string>
+ This is an optional parameter only used with the status lines
+ KEY_CREATED and KEY_NOT_CREATED. STRING may be up to 100
+ characters and should not contain spaces. It is useful for
+ batch key generation to associate a key parameter block with a
+ status line.
+ Keyserver: <string>
+ This is an optional parameter that specifies the preferred
+ keyserver URL for the key.
+
+
+Here is an example on how to create a key:
+$ cat >foo <<EOF
+ %echo Generating a basic OpenPGP key
+ Key-Type: DSA
+ Key-Length: 1024
+ Subkey-Type: ELG-E
+ Subkey-Length: 1024
+ Name-Real: Joe Tester
+ Name-Comment: with stupid passphrase
+ Name-Email: joe@foo.bar
+ Expire-Date: 0
+ Passphrase: abc
+ %pubring foo.pub
+ %secring foo.sec
+ # Do a commit here, so that we can later print "done" :-)
+ %commit
+ %echo done
+EOF
+$ gpg --batch --gen-key foo
+ [...]
+$ gpg --no-default-keyring --secret-keyring ./foo.sec \
+ --keyring ./foo.pub --list-secret-keys
+/home/wk/work/gnupg-stable/scratch/foo.sec
+------------------------------------------
+sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe@foo.bar>
+ssb 1024g/8F70E2C0 2000-03-09
+
+If you want to create a key with the default algorithms you would
+use these parameters:
+
+ %echo Generating a default key
+ Key-Type: default
+ Subkey-Type: default
+ Name-Real: Joe Tester
+ Name-Comment: with stupid passphrase
+ Name-Email: joe@foo.bar
+ Expire-Date: 0
+ Passphrase: abc
+ %pubring foo.pub
+ %secring foo.sec
+ # Do a commit here, so that we can later print "done" :-)
+ %commit
+ %echo done
+
+
+
+
+Layout of the TrustDB
+=====================
+The TrustDB is built from fixed length records, where the first byte
+describes the record type. All numeric values are stored in network
+byte order. The length of each record is 40 bytes. The first record of
+the DB is always of type 1 and this is the only record of this type.
+
+FIXME: The layout changed, document it here.
+
+ Record type 0:
+ --------------
+ Unused record, can be reused for any purpose.
+
+ Record type 1:
+ --------------
+ Version information for this TrustDB. This is always the first
+ record of the DB and the only one with type 1.
+ 1 byte value 1
+ 3 bytes 'gpg' magic value
+ 1 byte Version of the TrustDB (2)
+ 1 byte marginals needed
+ 1 byte completes needed
+ 1 byte max_cert_depth
+ The three items are used to check whether the cached
+ validity value from the dir record can be used.
+ 1 u32 locked flags [not used]
+ 1 u32 timestamp of trustdb creation
+ 1 u32 timestamp of last modification which may affect the validity
+ of keys in the trustdb. This value is checked against the
+ validity timestamp in the dir records.
+ 1 u32 timestamp of last validation [currently not used]
+ (Used to keep track of the time, when this TrustDB was checked
+ against the pubring)
+ 1 u32 record number of keyhashtable [currently not used]
+ 1 u32 first free record
+ 1 u32 record number of shadow directory hash table [currently not used]
+ It does not make sense to combine this table with the key table
+ because the keyid is not in every case a part of the fingerprint.
+ 1 u32 record number of the trusthashtbale
+
+
+ Record type 2: (directory record)
+ --------------
+ Informations about a public key certificate.
+ These are static values which are never changed without user interaction.
+
+ 1 byte value 2
+ 1 byte reserved
+ 1 u32 LID . (This is simply the record number of this record.)
+ 1 u32 List of key-records (the first one is the primary key)
+ 1 u32 List of uid-records
+ 1 u32 cache record
+ 1 byte ownertrust
+ 1 byte dirflag
+ 1 byte maximum validity of all the user ids
+ 1 u32 time of last validity check.
+ 1 u32 Must check when this time has been reached.
+ (0 = no check required)
+
+
+ Record type 3: (key record)
+ --------------
+ Informations about a primary public key.
+ (This is mainly used to lookup a trust record)
+
+ 1 byte value 3
+ 1 byte reserved
+ 1 u32 LID
+ 1 u32 next - next key record
+ 7 bytes reserved
+ 1 byte keyflags
+ 1 byte pubkey algorithm
+ 1 byte length of the fingerprint (in bytes)
+ 20 bytes fingerprint of the public key
+ (This is the value we use to identify a key)
+
+ Record type 4: (uid record)
+ --------------
+ Informations about a userid
+ We do not store the userid but the hash value of the userid because that
+ is sufficient.
+
+ 1 byte value 4
+ 1 byte reserved
+ 1 u32 LID points to the directory record.
+ 1 u32 next next userid
+ 1 u32 pointer to preference record
+ 1 u32 siglist list of valid signatures
+ 1 byte uidflags
+ 1 byte validity of the key calculated over this user id
+ 20 bytes ripemd160 hash of the username.
+
+
+ Record type 5: (pref record)
+ --------------
+ This record type is not anymore used.
+
+ 1 byte value 5
+ 1 byte reserved
+ 1 u32 LID; points to the directory record (and not to the uid record!).
+ (or 0 for standard preference record)
+ 1 u32 next
+ 30 byte preference data
+
+ Record type 6 (sigrec)
+ -------------
+ Used to keep track of key signatures. Self-signatures are not
+ stored. If a public key is not in the DB, the signature points to
+ a shadow dir record, which in turn has a list of records which
+ might be interested in this key (and the signature record here
+ is one).
+
+ 1 byte value 6
+ 1 byte reserved
+ 1 u32 LID points back to the dir record
+ 1 u32 next next sigrec of this uid or 0 to indicate the
+ last sigrec.
+ 6 times
+ 1 u32 Local_id of signatures dir or shadow dir record
+ 1 byte Flag: Bit 0 = checked: Bit 1 is valid (we have a real
+ directory record for this)
+ 1 = valid is set (but may be revoked)
+
+
+
+ Record type 8: (shadow directory record)
+ --------------
+ This record is used to reserve a LID for a public key. We
+ need this to create the sig records of other keys, even if we
+ do not yet have the public key of the signature.
+ This record (the record number to be more precise) will be reused
+ as the dir record when we import the real public key.
+
+ 1 byte value 8
+ 1 byte reserved
+ 1 u32 LID (This is simply the record number of this record.)
+ 2 u32 keyid
+ 1 byte pubkey algorithm
+ 3 byte reserved
+ 1 u32 hintlist A list of records which have references to
+ this key. This is used for fast access to
+ signature records which are not yet checked.
+ Note, that this is only a hint and the actual records
+ may not anymore hold signature records for that key
+ but that the code cares about this.
+ 18 byte reserved
+
+
+
+ Record Type 10 (hash table)
+ --------------
+ Due to the fact that we use fingerprints to lookup keys, we can
+ implement quick access by some simple hash methods, and avoid
+ the overhead of gdbm. A property of fingerprints is that they can be
+ used directly as hash values. (They can be considered as strong
+ random numbers.)
+ What we use is a dynamic multilevel architecture, which combines
+ hashtables, record lists, and linked lists.
+
+ This record is a hashtable of 256 entries; a special property
+ is that all these records are stored consecutively to make one
+ big table. The hash value is simple the 1st, 2nd, ... byte of
+ the fingerprint (depending on the indirection level).
+
+ When used to hash shadow directory records, a different table is used
+ and indexed by the keyid.
+
+ 1 byte value 10
+ 1 byte reserved
+ n u32 recnum; n depends on the record length:
+ n = (reclen-2)/4 which yields 9 for the current record length
+ of 40 bytes.
+
+ the total number of such record which makes up the table is:
+ m = (256+n-1) / n
+ which is 29 for a record length of 40.
+
+ To look up a key we use the first byte of the fingerprint to get
+ the recnum from this hashtable and look up the addressed record:
+ - If this record is another hashtable, we use 2nd byte
+ to index this hash table and so on.
+ - if this record is a hashlist, we walk all entries
+ until we found one a matching one.
+ - if this record is a key record, we compare the
+ fingerprint and to decide whether it is the requested key;
+
+
+ Record type 11 (hash list)
+ --------------
+ see hash table for an explanation.
+ This is also used for other purposes.
+
+ 1 byte value 11
+ 1 byte reserved
+ 1 u32 next next hash list record
+ n times n = (reclen-5)/5
+ 1 u32 recnum
+
+ For the current record length of 40, n is 7
+
+
+
+ Record type 254 (free record)
+ ---------------
+ All these records form a linked list of unused records.
+ 1 byte value 254
+ 1 byte reserved (0)
+ 1 u32 next_free
+
+
+
+GNU extensions to the S2K algorithm
+===================================
+S2K mode 101 is used to identify these extensions.
+After the hash algorithm the 3 bytes "GNU" are used to make
+clear that these are extensions for GNU, the next bytes gives the
+GNU protection mode - 1000. Defined modes are:
+ 1001 - do not store the secret part at all
+ 1002 - a stub to access smartcards (not used in 1.2.x)
+
+
+
+Other Notes
+===========
+ * For packet version 3 we calculate the keyids this way:
+ RSA := low 64 bits of n
+ ELGAMAL := build a v3 pubkey packet (with CTB 0x99) and calculate
+ a rmd160 hash value from it. This is used as the
+ fingerprint and the low 64 bits are the keyid.
+
+ * Revocation certificates consist only of the signature packet;
+ "import" knows how to handle this. The rationale behind it is
+ to keep them small.
+
+
+OIDs below the GnuPG arc:
+=========================
+
+ 1.3.6.1.4.1.11591.2 GnuPG
+ 1.3.6.1.4.1.11591.2.1 notation
+ 1.3.6.1.4.1.11591.2.1.1 pkaAddress
+ 1.3.6.1.4.1.11591.2.12242973 invalid encoded OID
+
+
+
+Keyserver Message Format
+=========================
+
+The keyserver may be contacted by a Unix Domain socket or via TCP.
+
+The format of a request is:
+
+====
+command-tag
+"Content-length:" digits
+CRLF
+=======
+
+Where command-tag is
+
+NOOP
+GET <user-name>
+PUT
+DELETE <user-name>
+
+
+The format of a response is:
+
+======
+"GNUPG/1.0" status-code status-text
+"Content-length:" digits
+CRLF
+============
+followed by <digits> bytes of data
+
+
+Status codes are:
+
+ o 1xx: Informational - Request received, continuing process
+
+ o 2xx: Success - The action was successfully received, understood,
+ and accepted
+
+ o 4xx: Client Error - The request contains bad syntax or cannot be
+ fulfilled
+
+ o 5xx: Server Error - The server failed to fulfill an apparently
+ valid request
+
+
+
+Documentation on HKP (the http keyserver protocol):
+
+A minimalistic HTTP server on port 11371 recognizes a GET for /pks/lookup.
+The standard http URL encoded query parameters are this (always key=value):
+
+- op=index (like pgp -kv), op=vindex (like pgp -kvv) and op=get (like
+ pgp -kxa)
+
+- search=<stringlist>. This is a list of words that must occur in the key.
+ The words are delimited with space, points, @ and so on. The delimiters
+ are not searched for and the order of the words doesn't matter (but see
+ next option).
+
+- exact=on. This switch tells the hkp server to only report exact matching
+ keys back. In this case the order and the "delimiters" are important.
+
+- fingerprint=on. Also reports the fingerprints when used with 'index' or
+ 'vindex'
+
+The keyserver also recognizes http-POSTs to /pks/add. Use this to upload
+keys.
+
+
+A better way to do this would be a request like:
+
+ /pks/lookup/<gnupg_formatierte_user_id>?op=<operation>
+
+This can be implemented using Hurd's translator mechanism.
+However, I think the whole key server stuff has to be re-thought;
+I have some ideas and probably create a white paper.
+
diff --git a/doc/FAQ b/doc/FAQ
new file mode 100644
index 0000000..32d0744
--- /dev/null
+++ b/doc/FAQ
@@ -0,0 +1,13 @@
+GnuPG Frequently Asked Questions
+
+A FAQ is a fast moving target and thus we don't distribute it anymore
+with GnuPG. You may retrieve the current FAQ in HTML format at
+
+ http://www.gnupg.org/faq/GnuPG-FAQ.html
+
+or in plain text format at the FTP server:
+
+ ftp://ftp.gnupg.org/gcrypt/gnupg/GnuPG-FAQ.txt
+
+
+
diff --git a/doc/HACKING b/doc/HACKING
new file mode 100644
index 0000000..e27bc07
--- /dev/null
+++ b/doc/HACKING
@@ -0,0 +1,200 @@
+ A Hacker's Guide to GNUPG
+ ================================
+ (Some notes on GNUPG internals.)
+
+
+* No more ChangeLog files
+
+Do not modify any of the ChangeLog files in GnuPG. Starting on
+December 1st, 2011 we put change information only in the GIT commit
+log, and generate a top-level ChangeLog file from logs at "make dist"
+time. As such, there are strict requirements on the form of the
+commit log messages. The old ChangeLog files have all be renamed to
+ChangeLog-2011
+
+
+* Commit log requirements
+
+Your commit log should always start with a one-line summary, the second
+line should be blank, and the remaining lines are usually ChangeLog-style
+entries for all affected files. However, it's fine -- even recommended --
+to write a few lines of prose describing the change, when the summary
+and ChangeLog entries don't give enough of the big picture. Omit the
+leading TABs that you're used to seeing in a "real" ChangeLog file, but
+keep the maximum line length at 72 or smaller, so that the generated
+ChangeLog lines, each with its leading TAB, will not exceed 80 columns.
+
+
+
+===> What follows is probably out of date <===
+
+
+
+RFCs
+====
+
+1423 Privacy Enhancement for Internet Electronic Mail:
+ Part III: Algorithms, Modes, and Identifiers.
+
+1489 Registration of a Cyrillic Character Set.
+
+1750 Randomness Recommendations for Security.
+
+1991 PGP Message Exchange Formats.
+
+2015 MIME Security with Pretty Good Privacy (PGP).
+
+2144 The CAST-128 Encryption Algorithm.
+
+2279 UTF-8, a transformation format of ISO 10646.
+
+2440 OpenPGP.
+
+
+
+Directory Layout
+----------------
+ ./ Readme, configure
+ ./agent Gpg-agent and related tools
+ ./doc Documentation
+ ./doc Documentation
+ ./g10 Gpg program here called gpg2
+ ./jnlib Utility functions
+ ./kbx Keybox library
+ ./scd Smartcard daemon
+ ./scripts Scripts needed by configure and others
+ ./sm Gpgsm program
+
+
+Detailed Roadmap
+----------------
+g10/gpg.c Main module with option parsing and all the stuff you have
+ to do on startup. Also has the exout handler and some
+ helper functions.
+g10/sign.c Create signature and optionally encrypt
+
+g10/parse-packet.c
+g10/build-packet.c
+g10/free-packet.c
+ Parsing and creating of OpenPGP message packets.
+
+g10/getkey.c Key selection code
+g10/pkclist.c Build a list of public keys
+g10/skclist.c Build a list of secret keys
+g10/ringedit.c Keyring I/O
+g10/keydb.h
+
+g10/keyid.c Helper functions to get the keyid, fingerprint etc.
+
+
+g10/trustdb.c
+g10/trustdb.h
+g10/tdbdump.c
+ Management of the trustdb.gpg
+
+g10/compress.c Filter to handle compression
+g10/filter.h Declarations for all filter functions
+g10/delkey.c Delete a key
+g10/kbnode.c Helper for the KBNODE linked list
+g10/main.h Prototypes and some constants
+g10/mainproc.c Message processing
+g10/armor.c Ascii armor filter
+g10/mdfilter.c Filter to calculate hashs
+g10/textfilter.c Filter to handle CR/LF and trailing white space
+g10/cipher.c En-/Decryption filter
+g10/misc.c Utlity functions
+g10/options.h Structure with all the command line options
+ and related constants
+g10/openfile.c Create/Open Files
+g10/tdbio.c I/O handling for the trustdb.gpg
+g10/tdbio.h
+g10/hkp.h Keyserver access
+g10/hkp.c
+g10/packet.h Defintion of OpenPGP structures.
+g10/passphrase.c Passphrase handling code
+g10/pubkey-enc.c
+g10/seckey-cert.c
+g10/seskey.c
+g10/import.c
+g10/export.c
+g10/comment.c
+g10/status.c
+g10/status.h
+g10/sign.c
+g10/plaintext.c
+g10/encr-data.c
+g10/encode.c
+g10/revoke.c
+g10/keylist.c
+g10/sig-check.c
+g10/signal.c
+g10/helptext.c
+g10/verify.c
+g10/decrypt.c
+g10/keyedit.c
+g10/dearmor.c
+g10/keygen.c
+
+
+
+Memory allocation
+-----------------
+Use only the functions:
+
+ xmalloc
+ xmalloc_secure
+ xtrymalloc
+ xtrymalloc_secure
+ xcalloc
+ xcalloc_secure
+ xtrycalloc
+ xtrycalloc_secure
+ xrealloc
+ xtryrealloc
+ xstrdup
+ xtrystrdup
+ xfree
+
+
+The *secure versions allocated memory in the secure memory. That is,
+swapping out of this memory is avoided and is gets overwritten on
+free. Use this for passphrases, session keys and other sensitive
+material. This memory set aside for secure memory is linited to a few
+k. In general the function don't print a memeory message and
+terminate the process if there is not enough memory available. The
+"try" versions of the functions return NULL instead.
+
+
+Logging
+-------
+
+
+
+
+
+
+Option parsing
+---------------
+GNUPG does not use getopt or GNU getopt but functions of it's own. See
+util/argparse.c for details. The advantage of these functions is that
+it is more easy to display and maintain the help texts for the options.
+The same option table is also used to parse resource files.
+
+
+
+What is an IOBUF
+----------------
+This is the data structure used for most I/O of gnupg. It is similar
+to System V Streams but much simpler. Because OpenPGP messages are nested
+in different ways; the use of such a system has big advantages. Here is
+an example, how it works: If the parser sees a packet header with a partial
+length, it pushes the block_filter onto the IOBUF to handle these partial
+length packets: from now on you don't have to worry about this. When it sees
+a compressed packet it pushes the uncompress filter and the next read byte
+is one which has already been uncompressed by this filter. Same goes for
+enciphered packet, plaintext packets and so on. The file g10/encode.c
+might be a good staring point to see how it is used - actually this is
+the other way: constructing messages using pushed filters but it may be
+easier to understand.
+
+
diff --git a/doc/KEYSERVER b/doc/KEYSERVER
new file mode 100644
index 0000000..f63200a
--- /dev/null
+++ b/doc/KEYSERVER
@@ -0,0 +1,83 @@
+Format of keyserver colon listings
+==================================
+
+David Shaw <dshaw@jabberwocky.com>
+
+The machine readable response begins with an optional information
+line:
+
+info:<version>:<count>
+
+<version> = this is the version of this protocol. Currently, this is
+ the number 1.
+
+<count> = the number of keys returned in this response. Note this is
+ the number of keys, and not the number of lines returned.
+ It should match the number of "pub:" lines returned.
+
+If this optional line is not included, or the version information is
+not supplied, the version number is assumed to be 1.
+
+The key listings are made up of several lines per key. The first line
+is for the primary key:
+
+pub:<fingerprint>:<algo>:<keylen>:<creationdate>:<expirationdate>:<flags>
+
+<fingerprint> = this is either the fingerprint or the keyid of the
+ key. Either the 16-digit or 8-digit keyids are
+ acceptable, but obviously the fingerprint is best.
+ Since it is not possible to calculate the keyid from a
+ V3 key fingerprint, for V3 keys this should be either
+ the 16-digit or 8-digit keyid only.
+
+<algo> = the algorithm number from RFC-2440. (i.e. 1==RSA, 17==DSA,
+ etc).
+
+<keylen> = the key length (i.e. 1024, 2048, 4096, etc.)
+
+<creationdate> = creation date of the key in standard RFC-2440 form
+ (i.e. number of seconds since 1/1/1970 UTC time)
+
+<expirationdate> = expiration date of the key in standard RFC-2440
+ form (i.e. number of seconds since 1/1/1970 UTC time)
+
+<flags> = letter codes to indicate details of the key, if any. Flags
+ may be in any order.
+
+ r == revoked
+ d == disabled
+ e == expired
+
+Following the "pub" line are one or more "uid" lines to indicate user
+IDs on the key:
+
+uid:<escaped uid string>:<creationdate>:<expirationdate>:<flags>
+
+<escaped uid string> == the user ID string, with HTTP %-escaping for
+ anything that isn't 7-bit safe as well as for
+ the ":" character. Any other characters may
+ be escaped, as desired.
+
+creationdate, expirationdate, and flags mean the same here as before.
+The information is taken from the self-sig, if any, and applies to the
+user ID in question, and not to the key as a whole.
+
+Details:
+
+* All characters except for the <escaped uid string> are
+ case-insensitive.
+
+* Obviously, on a keyserver without integrated crypto, many of the
+ items given here are not fully trustworthy until the key is
+ downloaded and signatures checked. For example, the information
+ that a key is flagged "r" for revoked should be treated as
+ untrustworthy information until the key is checked on the client
+ side.
+
+* Empty fields are allowed. For example, a key with no expiration
+ date would have the <expirationdate> field empty. Also, a keyserver
+ that does not track a particular piece of information may leave that
+ field empty as well. I expect that the creation and expiration
+ dates for user IDs will be left empty in current keyservers. Colons
+ for empty fields on the end of each line may be left off, if
+ desired.
diff --git a/doc/Makefile.am b/doc/Makefile.am
new file mode 100644
index 0000000..c8d799b
--- /dev/null
+++ b/doc/Makefile.am
@@ -0,0 +1,150 @@
+# Copyright (C) 2002, 2004 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+## Process this file with automake to produce Makefile.in
+
+examples = examples/README examples/scd-event examples/trustlist.txt \
+ examples/gpgconf.conf examples/pwpattern.list
+
+helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
+ help.da.txt help.de.txt help.el.txt help.eo.txt \
+ help.es.txt help.et.txt help.fi.txt help.fr.txt \
+ help.gl.txt help.hu.txt help.id.txt help.it.txt \
+ help.ja.txt help.nb.txt help.pl.txt help.pt.txt \
+ help.pt_BR.txt help.ro.txt help.ru.txt help.sk.txt \
+ help.sv.txt help.tr.txt help.zh_CN.txt help.zh_TW.txt
+
+EXTRA_DIST = samplekeys.asc ChangeLog-2011 \
+ gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png \
+ gnupg-card-architecture.eps gnupg-card-architecture.png \
+ gnupg-card-architecture.pdf \
+ FAQ gnupg7.texi \
+ opt-homedir.texi see-also-note.texi specify-user-id.texi \
+ gpgv.texi texi.css yat2m.c
+
+BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \
+ gnupg-card-architecture.pdf
+
+info_TEXINFOS = gnupg.texi
+
+dist_pkgdata_DATA = qualified.txt com-certs.pem $(helpfiles)
+
+nobase_dist_doc_DATA = FAQ DETAILS HACKING TRANSLATE OpenPGP KEYSERVER \
+ $(examples)
+
+
+gnupg_TEXINFOS = \
+ gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi instguide.texi \
+ tools.texi debugging.texi glossary.texi contrib.texi gpl.texi \
+ sysnotes.texi gnupg-card-architecture.fig \
+ howtos.texi howto-create-a-server-cert.texi
+
+DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips
+
+AM_MAKEINFOFLAGS = -I $(srcdir) --css-include=$(srcdir)/texi.css
+
+YAT2M_OPTIONS = -I $(srcdir) \
+ --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard"
+
+myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \
+ scdaemon.texi tools.texi
+myman_pages = gpg2.1 gpgsm.1 gpg-agent.1 scdaemon.1 gpgv2.1 \
+ watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \
+ gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \
+ gpgsm-gencert.sh.1 applygnupgdefaults.8 gpg-zip.1
+
+man_MANS = $(myman_pages)
+noinst_MANS = gnupg.7
+
+watchgnupg_SOURCE = gnupg.texi
+
+
+CLEANFILES = yat2m faq.txt
+
+DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
+ $(myman_pages) gnupg.7
+
+yat2m: yat2m.c
+ $(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c
+
+.fig.png:
+ fig2dev -L png `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+.fig.jpg:
+ fig2dev -L jpg `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+.fig.eps:
+ fig2dev -L eps `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+.fig.pdf:
+ fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+# Note that yatm --store has a bug in that the @ifset gpgtwoone still
+# creates a dirmngr-client page from tools.texi.
+yat2m-stamp: $(myman_sources)
+ @rm -f yat2m-stamp.tmp
+ @touch yat2m-stamp.tmp
+ for file in $(myman_sources) ; do \
+ ./yat2m $(YAT2M_OPTIONS) --store \
+ `test -f '$$file' || echo '$(srcdir)/'`$$file ; done
+ @test -f dirmngr-client.1 && rm dirmngr-client.1
+ @mv -f yat2m-stamp.tmp $@
+
+yat2m-stamp: yat2m
+
+$(myman_pages) gnupg.7 : yat2m-stamp
+ @if test -f $@; then :; else \
+ trap 'rm -rf yat2m-stamp yat2m-lock' 1 2 13 15; \
+ if mkdir yat2m-lock 2>/dev/null; then \
+ rm -f yat2m-stamp; \
+ $(MAKE) $(AM_MAKEFLAGS) yat2m-stamp; \
+ rmdir yat2m-lock; \
+ else \
+ while test -d yat2m-lock; do sleep 1; done; \
+ test -f yat2m-stamp; exit $$?; \
+ fi; \
+ fi
+
+# Make sure that gnupg.texi is touched if any other source file has
+# been modified. This is required so that the version.texi magic
+# updates the release date.
+gnupg.texi : $(gnupg_TEXINFOS)
+ touch $(srcdir)/gnupg.texi
+
+# Copy shared files from the master branch. We keep the texinfo files
+# all in master so that we need to modify only one source. Macros are
+# used to customize them for a specific version.
+update-source:
+ @set -e; cd $(srcdir); \
+ for i in $(gnupg_TEXINFOS) yat2m.c ; do \
+ echo "updating from master:doc/$$i" >&2 ; \
+ git show master:doc/$$i >$$i ; \
+ done
+
+online: gnupg.html gnupg.pdf
+ set -e; \
+ echo "Uploading current manuals to www.gnupg.org ..."; \
+ cp $(srcdir)/gnupg-logo.png gnupg.html/; \
+ user=werner ; dashdevel="" ; \
+ if echo "@PACKAGE_VERSION@" | grep -- "-git" >/dev/null; then \
+ dashdevel="-devel" ; \
+ else \
+ rsync -v gnupg.pdf $${user}@cvs.gnupg.org:webspace/manuals/ ; \
+ fi ; \
+ cd gnupg.html ; \
+ rsync -vr --exclude='.svn' . \
+ $${user}@cvs.gnupg.org:webspace/manuals/gnupg$${dashdevel}/
diff --git a/doc/Makefile.in b/doc/Makefile.in
new file mode 100644
index 0000000..cb96a30
--- /dev/null
+++ b/doc/Makefile.in
@@ -0,0 +1,1029 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2002, 2004 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = doc
+DIST_COMMON = $(dist_pkgdata_DATA) $(gnupg_TEXINFOS) \
+ $(nobase_dist_doc_DATA) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(srcdir)/stamp-vti \
+ $(srcdir)/version.texi
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+INFO_DEPS = $(srcdir)/gnupg.info
+TEXINFO_TEX = $(top_srcdir)/scripts/texinfo.tex
+am__TEXINFO_TEX_DIR = $(top_srcdir)/scripts
+DVIS = gnupg.dvi
+PDFS = gnupg.pdf
+PSS = gnupg.ps
+HTMLS = gnupg.html
+TEXINFOS = gnupg.texi
+TEXI2DVI = texi2dvi
+TEXI2PDF = $(TEXI2DVI) --pdf --batch
+MAKEINFOHTML = $(MAKEINFO) --html
+AM_MAKEINFOHTMLFLAGS = $(AM_MAKEINFOFLAGS)
+am__installdirs = "$(DESTDIR)$(infodir)" "$(DESTDIR)$(man1dir)" \
+ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgdatadir)" \
+ "$(DESTDIR)$(docdir)"
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+man1dir = $(mandir)/man1
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DATA = $(dist_pkgdata_DATA) $(nobase_dist_doc_DATA)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+examples = examples/README examples/scd-event examples/trustlist.txt \
+ examples/gpgconf.conf examples/pwpattern.list
+
+helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
+ help.da.txt help.de.txt help.el.txt help.eo.txt \
+ help.es.txt help.et.txt help.fi.txt help.fr.txt \
+ help.gl.txt help.hu.txt help.id.txt help.it.txt \
+ help.ja.txt help.nb.txt help.pl.txt help.pt.txt \
+ help.pt_BR.txt help.ro.txt help.ru.txt help.sk.txt \
+ help.sv.txt help.tr.txt help.zh_CN.txt help.zh_TW.txt
+
+EXTRA_DIST = samplekeys.asc ChangeLog-2011 \
+ gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png \
+ gnupg-card-architecture.eps gnupg-card-architecture.png \
+ gnupg-card-architecture.pdf \
+ FAQ gnupg7.texi \
+ opt-homedir.texi see-also-note.texi specify-user-id.texi \
+ gpgv.texi texi.css yat2m.c
+
+BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \
+ gnupg-card-architecture.pdf
+
+info_TEXINFOS = gnupg.texi
+dist_pkgdata_DATA = qualified.txt com-certs.pem $(helpfiles)
+nobase_dist_doc_DATA = FAQ DETAILS HACKING TRANSLATE OpenPGP KEYSERVER \
+ $(examples)
+
+gnupg_TEXINFOS = \
+ gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi instguide.texi \
+ tools.texi debugging.texi glossary.texi contrib.texi gpl.texi \
+ sysnotes.texi gnupg-card-architecture.fig \
+ howtos.texi howto-create-a-server-cert.texi
+
+DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips
+AM_MAKEINFOFLAGS = -I $(srcdir) --css-include=$(srcdir)/texi.css
+YAT2M_OPTIONS = -I $(srcdir) \
+ --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard"
+
+myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \
+ scdaemon.texi tools.texi
+
+myman_pages = gpg2.1 gpgsm.1 gpg-agent.1 scdaemon.1 gpgv2.1 \
+ watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \
+ gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \
+ gpgsm-gencert.sh.1 applygnupgdefaults.8 gpg-zip.1
+
+man_MANS = $(myman_pages)
+noinst_MANS = gnupg.7
+watchgnupg_SOURCE = gnupg.texi
+CLEANFILES = yat2m faq.txt
+DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
+ $(myman_pages) gnupg.7
+
+all: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .dvi .eps .fig .html .info .jpg .pdf .png .ps .texi
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu doc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+.texi.info:
+ restore=: && backupdir="$(am__leading_dot)am$$$$" && \
+ am__cwd=`pwd` && $(am__cd) $(srcdir) && \
+ rm -rf $$backupdir && mkdir $$backupdir && \
+ if ($(MAKEINFO) --version) >/dev/null 2>&1; then \
+ for f in $@ $@-[0-9] $@-[0-9][0-9] $(@:.info=).i[0-9] $(@:.info=).i[0-9][0-9]; do \
+ if test -f $$f; then mv $$f $$backupdir; restore=mv; else :; fi; \
+ done; \
+ else :; fi && \
+ cd "$$am__cwd"; \
+ if $(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \
+ -o $@ $<; \
+ then \
+ rc=0; \
+ $(am__cd) $(srcdir); \
+ else \
+ rc=$$?; \
+ $(am__cd) $(srcdir) && \
+ $$restore $$backupdir/* `echo "./$@" | sed 's|[^/]*$$||'`; \
+ fi; \
+ rm -rf $$backupdir; exit $$rc
+
+.texi.dvi:
+ TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \
+ MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \
+ $(TEXI2DVI) $<
+
+.texi.pdf:
+ TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \
+ MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \
+ $(TEXI2PDF) $<
+
+.texi.html:
+ rm -rf $(@:.html=.htp)
+ if $(MAKEINFOHTML) $(AM_MAKEINFOHTMLFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \
+ -o $(@:.html=.htp) $<; \
+ then \
+ rm -rf $@; \
+ if test ! -d $(@:.html=.htp) && test -d $(@:.html=); then \
+ mv $(@:.html=) $@; else mv $(@:.html=.htp) $@; fi; \
+ else \
+ if test ! -d $(@:.html=.htp) && test -d $(@:.html=); then \
+ rm -rf $(@:.html=); else rm -Rf $(@:.html=.htp) $@; fi; \
+ exit 1; \
+ fi
+$(srcdir)/gnupg.info: gnupg.texi $(srcdir)/version.texi $(gnupg_TEXINFOS)
+gnupg.dvi: gnupg.texi $(srcdir)/version.texi $(gnupg_TEXINFOS)
+gnupg.pdf: gnupg.texi $(srcdir)/version.texi $(gnupg_TEXINFOS)
+gnupg.html: gnupg.texi $(srcdir)/version.texi $(gnupg_TEXINFOS)
+$(srcdir)/version.texi: @MAINTAINER_MODE_TRUE@ $(srcdir)/stamp-vti
+$(srcdir)/stamp-vti: gnupg.texi $(top_srcdir)/configure
+ @(dir=.; test -f ./gnupg.texi || dir=$(srcdir); \
+ set `$(SHELL) $(top_srcdir)/scripts/mdate-sh $$dir/gnupg.texi`; \
+ echo "@set UPDATED $$1 $$2 $$3"; \
+ echo "@set UPDATED-MONTH $$2 $$3"; \
+ echo "@set EDITION $(VERSION)"; \
+ echo "@set VERSION $(VERSION)") > vti.tmp
+ @cmp -s vti.tmp $(srcdir)/version.texi \
+ || (echo "Updating $(srcdir)/version.texi"; \
+ cp vti.tmp $(srcdir)/version.texi)
+ -@rm -f vti.tmp
+ @cp $(srcdir)/version.texi $@
+
+mostlyclean-vti:
+ -rm -f vti.tmp
+
+maintainer-clean-vti:
+@MAINTAINER_MODE_TRUE@ -rm -f $(srcdir)/stamp-vti $(srcdir)/version.texi
+.dvi.ps:
+ TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \
+ $(DVIPS) -o $@ $<
+
+uninstall-dvi-am:
+ @$(NORMAL_UNINSTALL)
+ @list='$(DVIS)'; test -n "$(dvidir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(dvidir)/$$f'"; \
+ rm -f "$(DESTDIR)$(dvidir)/$$f"; \
+ done
+
+uninstall-html-am:
+ @$(NORMAL_UNINSTALL)
+ @list='$(HTMLS)'; test -n "$(htmldir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " rm -rf '$(DESTDIR)$(htmldir)/$$f'"; \
+ rm -rf "$(DESTDIR)$(htmldir)/$$f"; \
+ done
+
+uninstall-info-am:
+ @$(PRE_UNINSTALL)
+ @if test -d '$(DESTDIR)$(infodir)' && \
+ (install-info --version && \
+ install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \
+ list='$(INFO_DEPS)'; \
+ for file in $$list; do \
+ relfile=`echo "$$file" | sed 's|^.*/||'`; \
+ echo " install-info --info-dir='$(DESTDIR)$(infodir)' --remove '$(DESTDIR)$(infodir)/$$relfile'"; \
+ if install-info --info-dir="$(DESTDIR)$(infodir)" --remove "$(DESTDIR)$(infodir)/$$relfile"; \
+ then :; else test ! -f "$(DESTDIR)$(infodir)/$$relfile" || exit 1; fi; \
+ done; \
+ else :; fi
+ @$(NORMAL_UNINSTALL)
+ @list='$(INFO_DEPS)'; \
+ for file in $$list; do \
+ relfile=`echo "$$file" | sed 's|^.*/||'`; \
+ relfile_i=`echo "$$relfile" | sed 's|\.info$$||;s|$$|.i|'`; \
+ (if test -d "$(DESTDIR)$(infodir)" && cd "$(DESTDIR)$(infodir)"; then \
+ echo " cd '$(DESTDIR)$(infodir)' && rm -f $$relfile $$relfile-[0-9] $$relfile-[0-9][0-9] $$relfile_i[0-9] $$relfile_i[0-9][0-9]"; \
+ rm -f $$relfile $$relfile-[0-9] $$relfile-[0-9][0-9] $$relfile_i[0-9] $$relfile_i[0-9][0-9]; \
+ else :; fi); \
+ done
+
+uninstall-pdf-am:
+ @$(NORMAL_UNINSTALL)
+ @list='$(PDFS)'; test -n "$(pdfdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(pdfdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(pdfdir)/$$f"; \
+ done
+
+uninstall-ps-am:
+ @$(NORMAL_UNINSTALL)
+ @list='$(PSS)'; test -n "$(psdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(psdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(psdir)/$$f"; \
+ done
+
+dist-info: $(INFO_DEPS)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ list='$(INFO_DEPS)'; \
+ for base in $$list; do \
+ case $$base in \
+ $(srcdir)/*) base=`echo "$$base" | sed "s|^$$srcdirstrip/||"`;; \
+ esac; \
+ if test -f $$base; then d=.; else d=$(srcdir); fi; \
+ base_i=`echo "$$base" | sed 's|\.info$$||;s|$$|.i|'`; \
+ for file in $$d/$$base $$d/$$base-[0-9] $$d/$$base-[0-9][0-9] $$d/$$base_i[0-9] $$d/$$base_i[0-9][0-9]; do \
+ if test -f $$file; then \
+ relfile=`expr "$$file" : "$$d/\(.*\)"`; \
+ test -f "$(distdir)/$$relfile" || \
+ cp -p $$file "$(distdir)/$$relfile"; \
+ else :; fi; \
+ done; \
+ done
+
+mostlyclean-aminfo:
+ -rm -rf gnupg.aux gnupg.cp gnupg.cps gnupg.fn gnupg.ky gnupg.log gnupg.op \
+ gnupg.ops gnupg.pg gnupg.tmp gnupg.toc gnupg.tp gnupg.vr
+
+clean-aminfo:
+ -test -z "gnupg.dvi gnupg.pdf gnupg.ps gnupg.html" \
+ || rm -rf gnupg.dvi gnupg.pdf gnupg.ps gnupg.html
+
+maintainer-clean-aminfo:
+ @list='$(INFO_DEPS)'; for i in $$list; do \
+ i_i=`echo "$$i" | sed 's|\.info$$||;s|$$|.i|'`; \
+ echo " rm -f $$i $$i-[0-9] $$i-[0-9][0-9] $$i_i[0-9] $$i_i[0-9][0-9]"; \
+ rm -f $$i $$i-[0-9] $$i-[0-9][0-9] $$i_i[0-9] $$i_i[0-9][0-9]; \
+ done
+install-man1: $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+ @list=''; test -n "$(man1dir)" || exit 0; \
+ { for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.1[a-z]*$$/p'; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man1dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.1[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ test -z "$$files" || { \
+ echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(man1dir)" && rm -f $$files; }
+install-man8: $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list=''; test -n "$(man8dir)" || exit 0; \
+ { for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.8[a-z]*$$/p'; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man8dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.8[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ test -z "$$files" || { \
+ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
+install-dist_pkgdataDATA: $(dist_pkgdata_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(pkgdatadir)" || $(MKDIR_P) "$(DESTDIR)$(pkgdatadir)"
+ @list='$(dist_pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgdatadir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgdatadir)" || exit $$?; \
+ done
+
+uninstall-dist_pkgdataDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(pkgdatadir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(pkgdatadir)" && rm -f $$files
+install-nobase_dist_docDATA: $(nobase_dist_doc_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)"
+ @list='$(nobase_dist_doc_DATA)'; test -n "$(docdir)" || list=; \
+ $(am__nobase_list) | while read dir files; do \
+ xfiles=; for file in $$files; do \
+ if test -f "$$file"; then xfiles="$$xfiles $$file"; \
+ else xfiles="$$xfiles $(srcdir)/$$file"; fi; done; \
+ test -z "$$xfiles" || { \
+ test "x$$dir" = x. || { \
+ echo "$(MKDIR_P) '$(DESTDIR)$(docdir)/$$dir'"; \
+ $(MKDIR_P) "$(DESTDIR)$(docdir)/$$dir"; }; \
+ echo " $(INSTALL_DATA) $$xfiles '$(DESTDIR)$(docdir)/$$dir'"; \
+ $(INSTALL_DATA) $$xfiles "$(DESTDIR)$(docdir)/$$dir" || exit $$?; }; \
+ done
+
+uninstall-nobase_dist_docDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(nobase_dist_doc_DATA)'; test -n "$(docdir)" || list=; \
+ $(am__nobase_strip_setup); files=`$(am__nobase_strip)`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(docdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(docdir)" && rm -f $$files
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @list='$(MANS)'; if test -n "$$list"; then \
+ list=`for p in $$list; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+ if test -n "$$list" && \
+ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \
+ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+ echo " typically \`make maintainer-clean' will remove them" >&2; \
+ exit 1; \
+ else :; fi; \
+ else :; fi
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-info
+check-am: all-am
+check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+all-am: Makefile $(INFO_DEPS) $(MANS) $(DATA)
+installdirs:
+ for dir in "$(DESTDIR)$(infodir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgdatadir)" "$(DESTDIR)$(docdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+clean: clean-am
+
+clean-am: clean-aminfo clean-generic mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am: $(DVIS)
+
+html: html-am
+
+html-am: $(HTMLS)
+
+info: info-am
+
+info-am: $(INFO_DEPS)
+
+install-data-am: install-dist_pkgdataDATA install-info-am install-man \
+ install-nobase_dist_docDATA
+
+install-dvi: install-dvi-am
+
+install-dvi-am: $(DVIS)
+ @$(NORMAL_INSTALL)
+ test -z "$(dvidir)" || $(MKDIR_P) "$(DESTDIR)$(dvidir)"
+ @list='$(DVIS)'; test -n "$(dvidir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dvidir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(dvidir)" || exit $$?; \
+ done
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am: $(HTMLS)
+ @$(NORMAL_INSTALL)
+ test -z "$(htmldir)" || $(MKDIR_P) "$(DESTDIR)$(htmldir)"
+ @list='$(HTMLS)'; list2=; test -n "$(htmldir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p" || test -d "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ $(am__strip_dir) \
+ if test -d "$$d$$p"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)/$$f'"; \
+ $(MKDIR_P) "$(DESTDIR)$(htmldir)/$$f" || exit 1; \
+ echo " $(INSTALL_DATA) '$$d$$p'/* '$(DESTDIR)$(htmldir)/$$f'"; \
+ $(INSTALL_DATA) "$$d$$p"/* "$(DESTDIR)$(htmldir)/$$f" || exit $$?; \
+ else \
+ list2="$$list2 $$d$$p"; \
+ fi; \
+ done; \
+ test -z "$$list2" || { echo "$$list2" | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(htmldir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(htmldir)" || exit $$?; \
+ done; }
+install-info: install-info-am
+
+install-info-am: $(INFO_DEPS)
+ @$(NORMAL_INSTALL)
+ test -z "$(infodir)" || $(MKDIR_P) "$(DESTDIR)$(infodir)"
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \
+ for file in $$list; do \
+ case $$file in \
+ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+ esac; \
+ if test -f $$file; then d=.; else d=$(srcdir); fi; \
+ file_i=`echo "$$file" | sed 's|\.info$$||;s|$$|.i|'`; \
+ for ifile in $$d/$$file $$d/$$file-[0-9] $$d/$$file-[0-9][0-9] \
+ $$d/$$file_i[0-9] $$d/$$file_i[0-9][0-9] ; do \
+ if test -f $$ifile; then \
+ echo "$$ifile"; \
+ else : ; fi; \
+ done; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(infodir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(infodir)" || exit $$?; done
+ @$(POST_INSTALL)
+ @if (install-info --version && \
+ install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \
+ list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \
+ for file in $$list; do \
+ relfile=`echo "$$file" | sed 's|^.*/||'`; \
+ echo " install-info --info-dir='$(DESTDIR)$(infodir)' '$(DESTDIR)$(infodir)/$$relfile'";\
+ install-info --info-dir="$(DESTDIR)$(infodir)" "$(DESTDIR)$(infodir)/$$relfile" || :;\
+ done; \
+ else : ; fi
+install-man: install-man1 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am: $(PDFS)
+ @$(NORMAL_INSTALL)
+ test -z "$(pdfdir)" || $(MKDIR_P) "$(DESTDIR)$(pdfdir)"
+ @list='$(PDFS)'; test -n "$(pdfdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pdfdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(pdfdir)" || exit $$?; done
+install-ps: install-ps-am
+
+install-ps-am: $(PSS)
+ @$(NORMAL_INSTALL)
+ test -z "$(psdir)" || $(MKDIR_P) "$(DESTDIR)$(psdir)"
+ @list='$(PSS)'; test -n "$(psdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(psdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(psdir)" || exit $$?; done
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-aminfo \
+ maintainer-clean-generic maintainer-clean-vti
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-aminfo mostlyclean-generic mostlyclean-vti
+
+pdf: pdf-am
+
+pdf-am: $(PDFS)
+
+ps: ps-am
+
+ps-am: $(PSS)
+
+uninstall-am: uninstall-dist_pkgdataDATA uninstall-dvi-am \
+ uninstall-html-am uninstall-info-am uninstall-man \
+ uninstall-nobase_dist_docDATA uninstall-pdf-am uninstall-ps-am
+
+uninstall-man: uninstall-man1 uninstall-man8
+
+.MAKE: all check install install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-aminfo clean-generic \
+ dist-info distclean distclean-generic distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dist_pkgdataDATA install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-man1 install-man8 install-nobase_dist_docDATA \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-aminfo \
+ maintainer-clean-generic maintainer-clean-vti mostlyclean \
+ mostlyclean-aminfo mostlyclean-generic mostlyclean-vti pdf \
+ pdf-am ps ps-am uninstall uninstall-am \
+ uninstall-dist_pkgdataDATA uninstall-dvi-am uninstall-html-am \
+ uninstall-info-am uninstall-man uninstall-man1 uninstall-man8 \
+ uninstall-nobase_dist_docDATA uninstall-pdf-am uninstall-ps-am
+
+
+yat2m: yat2m.c
+ $(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c
+
+.fig.png:
+ fig2dev -L png `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+.fig.jpg:
+ fig2dev -L jpg `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+.fig.eps:
+ fig2dev -L eps `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+.fig.pdf:
+ fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
+
+# Note that yatm --store has a bug in that the @ifset gpgtwoone still
+# creates a dirmngr-client page from tools.texi.
+yat2m-stamp: $(myman_sources)
+ @rm -f yat2m-stamp.tmp
+ @touch yat2m-stamp.tmp
+ for file in $(myman_sources) ; do \
+ ./yat2m $(YAT2M_OPTIONS) --store \
+ `test -f '$$file' || echo '$(srcdir)/'`$$file ; done
+ @test -f dirmngr-client.1 && rm dirmngr-client.1
+ @mv -f yat2m-stamp.tmp $@
+
+yat2m-stamp: yat2m
+
+$(myman_pages) gnupg.7 : yat2m-stamp
+ @if test -f $@; then :; else \
+ trap 'rm -rf yat2m-stamp yat2m-lock' 1 2 13 15; \
+ if mkdir yat2m-lock 2>/dev/null; then \
+ rm -f yat2m-stamp; \
+ $(MAKE) $(AM_MAKEFLAGS) yat2m-stamp; \
+ rmdir yat2m-lock; \
+ else \
+ while test -d yat2m-lock; do sleep 1; done; \
+ test -f yat2m-stamp; exit $$?; \
+ fi; \
+ fi
+
+# Make sure that gnupg.texi is touched if any other source file has
+# been modified. This is required so that the version.texi magic
+# updates the release date.
+gnupg.texi : $(gnupg_TEXINFOS)
+ touch $(srcdir)/gnupg.texi
+
+# Copy shared files from the master branch. We keep the texinfo files
+# all in master so that we need to modify only one source. Macros are
+# used to customize them for a specific version.
+update-source:
+ @set -e; cd $(srcdir); \
+ for i in $(gnupg_TEXINFOS) yat2m.c ; do \
+ echo "updating from master:doc/$$i" >&2 ; \
+ git show master:doc/$$i >$$i ; \
+ done
+
+online: gnupg.html gnupg.pdf
+ set -e; \
+ echo "Uploading current manuals to www.gnupg.org ..."; \
+ cp $(srcdir)/gnupg-logo.png gnupg.html/; \
+ user=werner ; dashdevel="" ; \
+ if echo "@PACKAGE_VERSION@" | grep -- "-git" >/dev/null; then \
+ dashdevel="-devel" ; \
+ else \
+ rsync -v gnupg.pdf $${user}@cvs.gnupg.org:webspace/manuals/ ; \
+ fi ; \
+ cd gnupg.html ; \
+ rsync -vr --exclude='.svn' . \
+ $${user}@cvs.gnupg.org:webspace/manuals/gnupg$${dashdevel}/
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/doc/OpenPGP b/doc/OpenPGP
new file mode 100644
index 0000000..a511ad7
--- /dev/null
+++ b/doc/OpenPGP
@@ -0,0 +1,108 @@
+ GnuPG and OpenPGP
+ =================
+
+ See RFC2440 for a description of OpenPGP. We have an annotated version
+ of this RFC online: http://www.gnupg.org/rfc2440.html
+
+
+
+ Compatibility Notes
+ ===================
+ GnuPG (>=1.0.3) is in compliance with RFC2440 despite these exceptions:
+
+ * (9.2) states that IDEA SHOULD be implemented. This is not done
+ due to patent problems.
+
+
+ All MAY features are implemented with this exception:
+
+ * multi-part armored messages are not supported.
+ MIME (rfc2015) should be used instead.
+
+ Most of the OPTIONAL stuff is implemented.
+
+ There are a couple of options which can be used to override some
+ RFC requirements. This is always mentioned with the description
+ of that options.
+
+ A special format of partial packet length exists for v3 packets
+ which can be considered to be in compliance with RFC1991; this
+ format is only created if a special option is active.
+
+ GnuPG uses a S2K mode of 101 for GNU extensions to the secret key
+ protection algorithms. This number is not defined in OpenPGP, but
+ given the fact that this number is in a range which used at many
+ other places in OpenPGP for private/experimenat algorithm identifiers,
+ this should be not a so bad choice. The 3 bytes "GNU" are used
+ to identify this as a GNU extension - see the file DETAILS for a
+ definition of the used data formats.
+
+
+
+ Some Notes on OpenPGP / PGP Compatibility:
+ ==========================================
+
+ * PGP 5.x does not accept V4 signatures for anything other than
+ key material. The GnuPG option --force-v3-sigs mimics this
+ behavior.
+
+ * PGP 5.x does not recognize the "five-octet" lengths in
+ new-format headers or in signature subpacket lengths.
+
+ * PGP 5.0 rejects an encrypted session key if the keylength
+ differs from the S2K symmetric algorithm. This is a bug in its
+ validation function.
+
+ * PGP 5.0 does not handle multiple one-pass signature headers and
+ trailers. Signing one will compress the one-pass signed literal
+ and prefix a V3 signature instead of doing a nested one-pass
+ signature.
+
+ * When exporting a private key, PGP 2.x generates the header
+ "BEGIN PGP SECRET KEY BLOCK" instead of "BEGIN PGP PRIVATE KEY
+ BLOCK". All previous versions ignore the implied data type, and
+ look directly at the packet data type.
+
+ * In a clear-signed signature, PGP 5.0 will figure out the correct
+ hash algorithm if there is no "Hash:" header, but it will reject
+ a mismatch between the header and the actual algorithm used. The
+ "standard" (i.e. Zimmermann/Finney/et al.) version of PGP 2.x
+ rejects the "Hash:" header and assumes MD5. There are a number
+ of enhanced variants of PGP 2.6.x that have been modified for
+ SHA-1 signatures.
+
+ * PGP 5.0 can read an RSA key in V4 format, but can only recognize
+ it with a V3 keyid, and can properly use only a V3 format RSA
+ key.
+
+ * Neither PGP 5.x nor PGP 6.0 recognize ElGamal Encrypt and Sign
+ keys. They only handle ElGamal Encrypt-only keys.
+
+
+ Parts of this document are taken from:
+ ======================================
+
+ OpenPGP Message Format
+ draft-ietf-openpgp-formats-07.txt
+
+
+ Copyright 1998 by The Internet Society. All Rights Reserved.
+
+ This document and translations of it may be copied and furnished to
+ others, and derivative works that comment on or otherwise explain it
+ or assist in its implementation may be prepared, copied, published
+ and distributed, in whole or in part, without restriction of any
+ kind, provided that the above copyright notice and this paragraph
+ are included on all such copies and derivative works. However, this
+ document itself may not be modified in any way, such as by removing
+ the copyright notice or references to the Internet Society or other
+ Internet organizations, except as needed for the purpose of
+ developing Internet standards in which case the procedures for
+ copyrights defined in the Internet Standards process must be
+ followed, or as required to translate it into languages other than
+ English.
+
+ The limited permissions granted above are perpetual and will not be
+ revoked by the Internet Society or its successors or assigns.
+
+
diff --git a/doc/TRANSLATE b/doc/TRANSLATE
new file mode 100644
index 0000000..8dfc183
--- /dev/null
+++ b/doc/TRANSLATE
@@ -0,0 +1,62 @@
+$Id$
+
+Note for translators
+--------------------
+
+Some strings in GnuPG are for matching user input against. These
+strings can accept multiple values that mean essentially the same
+thing.
+
+For example, the string "yes" in English is "sí" in Spanish. However,
+some users will type "si" (without the accent). To accomodate both
+users, you can translate the string "yes" as "sí|si". You can have
+any number of alternate matches seperated by the | character like
+"sí|si|seguro".
+
+The strings that can be handled in this way are of the form "yes|yes",
+(or "no|no", etc.) There should also be a comment in the .po file
+directing you to this file.
+
+
+Help files
+----------
+
+GnuPG provides a little help feature (entering a ? on a prompt). This
+help used to be translated the usual way with gettext but it turned
+out that this is too inflexible and does for example not allow to
+correct little mistakes in the English text. For some newer features
+we require editable help files anyway and thus the existing help
+strings have neen moved to plain text files names "help.LL.txt". We
+distribute these files and allow overriding them by files of that name
+in /etc/gnupg. The syntax of these files is documented in
+doc/help.txt. This is also the original we use to describe new
+possible online help keys. The source files are located in doc/ and
+need to be in encoded in UTF-8. Strings which require a translation
+are disabled like this
+
+ .#gpgsm.some.help-item
+ This string is not translated.
+
+After translation you should remove the the hash mark so that the
+entry looks like.
+
+ .gpgsm.some.help-item
+ This string has been translated.
+
+The percent sign is not a special character and if there is something
+to watch out there will be a remark.
+
+
+
+Sending new or updated translations
+-----------------------------------
+
+Please note that we do not use the TP Robot but require that
+translations are to be send by mail to translations@gnupg.org. We
+also strongly advise to get subscribed to i18n@gnupg.org and request
+assistance if it is not clear on how to translate certain strings. A
+wrongly translated string may lead to a security problem.
+
+A copyright disclaimer to the FSF is required by all translators.
+
+
diff --git a/doc/com-certs.pem b/doc/com-certs.pem
new file mode 100644
index 0000000..43e93b7
--- /dev/null
+++ b/doc/com-certs.pem
@@ -0,0 +1,484 @@
+# Common certificates for initial keybox creation.
+
+Issuer ...: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support@cacert.org
+Serial ...: 00
+Subject ..: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support@cacert.org
+
+-----BEGIN CERTIFICATE-----
+MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
+ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
+gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
+MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
+IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
+dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
+czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
+dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
+AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
+b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
+ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
+nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
+18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
+gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
+Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
+sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
+SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
+CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
+GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
+zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
+omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE
+Serial ...: 32D18D
+Subject ..: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
+OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
+aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w
+IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC
+REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
+bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg
+MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2
+wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf
+mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P
+ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
+KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe
+IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn
+XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ=
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
+Serial ...: 2A
+Subject ..: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAw2gAwIBAgIBKjAKBgYrJAMDAQIFADA/MQswCQYDVQQGEwJERTEaMBgG
+A1UECgwRQnVuZGVzbmV0emFnZW50dXIxFDASBgNVBAMMCzEwUi1DQSAxOlBOMB4X
+DTA1MDgwMzE1MzAzNloXDTA3MTIzMTE1MDkyM1owPzELMAkGA1UEBhMCREUxGjAY
+BgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMFItQ0EgMTpQTjCB
+oDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEAiHXC5/hw6rYNc/4cilHLjd/SqwS3
+4LaogQHZVFciyYJ0+5gAfca/kLnPEvOUuYSYNfb2ar0e/iDPxZAAEfqfVGuRT9Pa
+R7hWvPiZUFpoGcNvyOVxKuM9Iyx/i1wan/wS6u12QIgGBUek5ig1+TTwuuNcanlW
+kQPuodHs+BoUGHMCBEAAAIGjggGwMIIBrDAOBgNVHQ8BAf8EBAMCAgQwGAYIKwYB
+BQUHAQMEDDAKMAgGBgQAjkYBATBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGG
+Lmh0dHA6Ly9vY3NwLm5yY2EtZHMuZGU6ODA4MC9vY3NwLW9jc3ByZXNwb25kZXIw
+EgYDVR0gBAswCTAHBgUrJAgBATCBsQYDVR0fBIGpMIGmMIGjoIGgoIGdhoGabGRh
+cDovL2xkYXAubnJjYS1kcy5kZTozODkvQ049Q1JMLE89QnVuZGVzbmV0emFnZW50
+dXIsQz1ERSxkYz1sZGFwLGRjPW5yY2EtZHMsZGM9ZGU/Y2VydGlmaWNhdGVSZXZv
+Y2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRp
+b25Qb2ludDAbBgkrBgEEAcBtAwUEDjAMBgorBgEEAcBtAwUBMA8GA1UdEwEB/wQF
+MAMBAf8wHwYDVR0jBBgwFoAUw8916sARU0UT/pdlYwBpUwKWuWQwHQYDVR0OBBYE
+FMPPderAEVNFE/6XZWMAaVMClrlkMAoGBiskAwMBAgUAA4GBAGXK8m/O9KmfaZuA
+1GzMyasIHx8Lu+V0da8NTZzAmqAl+44MtS4QNcZdtxsDvOcqHHs1Tosh9D398hSG
+hXd6gjniKWxMKvjL8TQKu999QIn6YKLCowjUYpp8v4B9X8jNa9vJy2EzoPOBmdWT
+l5hhXfvWpPe68kN9zaEmcDO+m60H
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=9R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE
+Serial ...: 02
+Subject ..: /CN=9R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIEEjCCA36gAwIBAgIBAjAKBgYrJAMDAQIFADBhMQswCQYDVQQGEwJERTE9MDsG
+A1UECgw0UmVndWxpZXJ1bmdzYmVow7ZyZGUgZsO8ciBUZWxla29tbXVuaWthdGlv
+biB1bmQgUG9zdDETMBEGA1UEAwwKOVItQ0EgMTpQTjAeFw0wNDExMjUxNDU5MTFa
+Fw0wNzEyMzExNDU2NTlaMGExCzAJBgNVBAYTAkRFMT0wOwYDVQQKDDRSZWd1bGll
+cnVuZ3NiZWjDtnJkZSBmw7xyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MRMw
+EQYDVQQDDAo5Ui1DQSAxOlBOMIGgMA0GCSqGSIb3DQEBAQUAA4GOADCBigKBgQCN
+0ECEO2KjPsHBz2cmOSePEmKEH33Q/vRUl1u8D2Uus3txZgqRvCs0F7HzAtDJKSap
+C1+qj5t1R4g8jrlWwsqi+oOc3bpUuPMLo+ys9PG7ODK+xZuwFlezO6rj30mEj+y0
+HMxCaTAedim2J5CmWcqQtATGGzwqYHEVFYo0y5kuuQIEQAAAgaOCAd0wggHZMA4G
+A1UdDwEB/wQEAwICBDAYBggrBgEFBQcBAwQMMAowCAYGBACORgEBMEoGCCsGAQUF
+BwEBBD4wPDA6BggrBgEFBQcwAYYuaHR0cDovL29jc3AubnJjYS1kcy5kZTo4MDgw
+L29jc3Atb2NzcHJlc3BvbmRlcjASBgNVHSAECzAJMAcGBSskCAEBMIHeBgNVHR8E
+gdYwgdMwgdCggc2ggcqGgcdsZGFwOi8vbGRhcC5ucmNhLWRzLmRlOjM4OS9DTj1D
+UkwsTz1SZWd1bGllcnVuZ3NiZWglRjZyZGUlMjBmJUZDciUyMFRlbGVrb21tdW5p
+a2F0aW9uJTIwdW5kJTIwUG9zdCxDPURFLGRjPWxkYXAsZGM9bnJjYS1kcyxkYz1k
+ZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeT9iYXNlP29iamVjdENs
+YXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MBsGCSsGAQQBwG0DBQQOMAwGCisGAQQB
+wG0DBQEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRnBgT5ZxC7e1vJLBj+
+92+P1kZrJzAdBgNVHQ4EFgQUZwYE+WcQu3tbySwY/vdvj9ZGaycwCgYGKyQDAwEC
+BQADgYEACAnkgbAd47VgJqu5CY3B6AlxbGkor2guYHXO+KgBkQeXDVWt4ZvN9hY2
+blhPMc/sLv+Tmg9zjyzjqQdxhWXUDoctorBny8LQQQvMqAtc8qk6DL+X0heq1U2k
+s1e8wj9AUGOfvmSL/r1BWPzLOCWay2bHQCQ1sU5QnvNbmJO21GI=
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
+Serial ...: 2D
+Subject ..: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAw2gAwIBAgIBLTAKBgYrJAMDAQIFADA/MQswCQYDVQQGEwJERTEaMBgG
+A1UECgwRQnVuZGVzbmV0emFnZW50dXIxFDASBgNVBAMMCzExUi1DQSAxOlBOMB4X
+DTA1MDgwMzE4MDk0OVoXDTA3MTIzMTE4MDQyOFowPzELMAkGA1UEBhMCREUxGjAY
+BgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMVItQ0EgMTpQTjCB
+oDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEAkodoSFtoGjJphYloxQLsmyOe/M5h
+UpURxSkop41MtGlrHeOeQsxMSRdCJInwjLKZg9Pxd92QFsB3f6AJUGTO7z6PJ/ST
++m0EBksoPtciWLYtlRXtD/RK6mUB7CG5CfqK6AUHbWtXW6mNAZLoJOd0jLsQCUi8
+XmHP92vfmW2ptSkCBEAAAIGjggGwMIIBrDAOBgNVHQ8BAf8EBAMCAgQwGAYIKwYB
+BQUHAQMEDDAKMAgGBgQAjkYBATBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGG
+Lmh0dHA6Ly9vY3NwLm5yY2EtZHMuZGU6ODA4MC9vY3NwLW9jc3ByZXNwb25kZXIw
+EgYDVR0gBAswCTAHBgUrJAgBATCBsQYDVR0fBIGpMIGmMIGjoIGgoIGdhoGabGRh
+cDovL2xkYXAubnJjYS1kcy5kZTozODkvQ049Q1JMLE89QnVuZGVzbmV0emFnZW50
+dXIsQz1ERSxkYz1sZGFwLGRjPW5yY2EtZHMsZGM9ZGU/Y2VydGlmaWNhdGVSZXZv
+Y2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRp
+b25Qb2ludDAbBgkrBgEEAcBtAwUEDjAMBgorBgEEAcBtAwUBMA8GA1UdEwEB/wQF
+MAMBAf8wHwYDVR0jBBgwFoAUXYAPovSdSBb8oBS7lEJmWSK6incwHQYDVR0OBBYE
+FF2AD6L0nUgW/KAUu5RCZlkiuop3MAoGBiskAwMBAgUAA4GBAIxx56h5+p2lqK0v
+hRVwkWAAPduspH4U9q7QsFIWbEkFe+2TcXx7MV9NAUe4kN9MsN9CEgSSeLDfpIFA
+uyHndqgmDaqXmWSDl2QutHQwSj8a04bSNbY7s0FUCMqrr/465Rf6quIWi7qXhwDe
+yDmXv3nzPTGVM3F+aavJCybjJ1qk
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE
+Serial ...: 0139
+Subject ..: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIErTCCA5WgAwIBAgICATkwDQYJKoZIhvcNAQENBQAwPzELMAkGA1UEBhMCREUx
+GjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMlItQ0EgMTpQ
+TjAeFw0wNzA1MjUxMTAxNDRaFw0xMjA1MjUxMDU2MDdaMD8xCzAJBgNVBAYTAkRF
+MRowGAYDVQQKDBFCdW5kZXNuZXR6YWdlbnR1cjEUMBIGA1UEAwwLMTJSLUNBIDE6
+UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIBAQCYOqYxUqr6ZdlIuVaz
+1raETmld82tCCFjUnIlHGpaTbBGQ9ddW4pdkdNmK4dHDesAnGFB6tgZzFTYivjTY
+Jyzv3NunMth8AjwCivQ0u2RBlunY2jg6dNSeTwGlmOlG709HgWPHvvAboqLDoV81
+knMbNbG4P7Ff/+lsTnbN/gT0X5fHUz5UO3eowyl2kD6GBZwb+noR/86U0V39yXsk
+ZD/NNBXKOzKo9VXx09S1Uq027Cc+VIa62DWUeUGiUDjCXXJoaAF2wQcD/crrAJlU
+zeOVZkSzRJXpjpG8kZhKgSgOpgfnpjDXAXWbkJuyDL2fqXLPxAyBq3ThgUHZT99s
+QSd3AgRAAACBo4IBsDCCAawwDgYDVR0PAQH/BAQDAgIEMBgGCCsGAQUFBwEDBAww
+CjAIBgYEAI5GAQEwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzABhi5odHRwOi8v
+b2NzcC5ucmNhLWRzLmRlOjgwODAvb2NzcC1vY3NwcmVzcG9uZGVyMBIGA1UdIAQL
+MAkwBwYFKyQIAQEwgbEGA1UdHwSBqTCBpjCBo6CBoKCBnYaBmmxkYXA6Ly9sZGFw
+Lm5yY2EtZHMuZGU6Mzg5L0NOPUNSTCxPPUJ1bmRlc25ldHphZ2VudHVyLEM9REUs
+ZGM9bGRhcCxkYz1ucmNhLWRzLGRjPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp
+c3Q7YmluYXJ5P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQw
+GwYJKwYBBAHAbQMFBA4wDAYKKwYBBAHAbQMFATAPBgNVHRMBAf8EBTADAQH/MB8G
+A1UdIwQYMBaAFATenX/fQ3KJumlJAfToSSjeAhlvMB0GA1UdDgQWBBQE3p1/30Ny
+ibppSQH06Eko3gIZbzANBgkqhkiG9w0BAQ0FAAOCAQEADf4IOMHGmSpkPc1UP0LS
+sK8Y/xXvOgdHPx4f2CpcgUKRRk+Ue9MKiZG0KCFaNK9Qpnxejuk42Iu3flC5kn8T
+fPQWtxC3ZQqD8sd6EX/FDdfkHJFJ9rIYKiSG6m2PDBUcbpQZ9kwhC7qCKE1coUhb
+FW3WbntkDtrQycz7ZyQ6Ip+PpRoxwToJqTsExb+8whukhOo1vsgdaMZS/6iwwVkt
+rJvl7EWMJVWctm15iDQzp4sawgSOg7U5icyTb1q+FqI5KlAfd/dRbv2yvThiOl7+
+bfN9Brosoxtwi/uJO8vSGOCIUUkiGhIk7+OX+mvppTG+7R1Jn6Af6AOzGSbQz5Ks
+Uw==
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE
+Serial ...: 013C
+Subject ..: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIErTCCA5WgAwIBAgICATwwDQYJKoZIhvcNAQENBQAwPzELMAkGA1UEBhMCREUx
+GjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxM1ItQ0EgMTpQ
+TjAeFw0wNzA1MjkxMTAyMzdaFw0xMjA1MjkxMDU1NTRaMD8xCzAJBgNVBAYTAkRF
+MRowGAYDVQQKDBFCdW5kZXNuZXR6YWdlbnR1cjEUMBIGA1UEAwwLMTNSLUNBIDE6
+UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIBAQCaXK0TY+Vp+Hxx8B9D
+lrHkc0zRdhXNuDP4Cedl9e6wPwdi90HVEjDK3FoDv7UPBtgGwMzRUQVIz/etbcQr
+tnGwSQlsDI/Q5R1HAh241+/rWYodi6OqNsNeb065RRBlwHAa4uvT3b/Cj/OJI5Kp
+6qRPquK0iuMaFwuxGCxfhTLOmmGVNYOE7/9UzKXA2yvthY3jfmIm18l/z08PgUYj
+rjENdrez3ZRgjZ/XsXSNw3B2K3cZQ+xRP4rqfkmfPO8T6UhOeoiQFx2v1PizBWRQ
+uiUtFjrCiaDeBjo3kfGgbpdPnHzqUEoEOyAlsglFLJC9xaCiLtt2ic1/1OFFlNgQ
+tLJLAgRAAACBo4IBsDCCAawwDgYDVR0PAQH/BAQDAgIEMBgGCCsGAQUFBwEDBAww
+CjAIBgYEAI5GAQEwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzABhi5odHRwOi8v
+b2NzcC5ucmNhLWRzLmRlOjgwODAvb2NzcC1vY3NwcmVzcG9uZGVyMBIGA1UdIAQL
+MAkwBwYFKyQIAQEwgbEGA1UdHwSBqTCBpjCBo6CBoKCBnYaBmmxkYXA6Ly9sZGFw
+Lm5yY2EtZHMuZGU6Mzg5L0NOPUNSTCxPPUJ1bmRlc25ldHphZ2VudHVyLEM9REUs
+ZGM9bGRhcCxkYz1ucmNhLWRzLGRjPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp
+c3Q7YmluYXJ5P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQw
+GwYJKwYBBAHAbQMFBA4wDAYKKwYBBAHAbQMFATAPBgNVHRMBAf8EBTADAQH/MB8G
+A1UdIwQYMBaAFAYenQPZrutto05LK939ru/TEqiNMB0GA1UdDgQWBBQGHp0D2a7r
+baNOSyvd/a7v0xKojTANBgkqhkiG9w0BAQ0FAAOCAQEADrtfqJ8lnYsVyV5YK/H/
+evPf9LY1AfuuQkMkm9UP9a9BBQINoIULB+n+gF/c0dxEboF74Ikp08dhDOq0mjvj
+f0lpsBPgX/eN9IOWdMBs3rKIXn7suOoUtnBuFgW6fJ32CPTLUQd5Dqv9DizTiKMf
+X66oMBQD784IKya1bLaJd7x1UXtP1h2DAej1scF9DbiDDDieuid0wyibrPDgjUN1
+tbYiLH2did0zZRLlp6gDpgh4t8Efqb7XDijKzQHvWKzr4IALTpYoD42yeslMa5yV
+mm15NhiRGAdX+JbvYgfP3aDIMX/yoaMB8GXEUq7CmFhAwpxfhy/oyvswX5MyE8D2
+Lw==
+-----END CERTIFICATE-----
+
+
+Issuer ...: /CN=8R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE
+Serial ...: 01
+Subject ..: /CN=8R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIEEjCCA36gAwIBAgIBATAKBgYrJAMDAQIFADBhMQswCQYDVQQGEwJERTE9MDsG
+A1UECgw0UmVndWxpZXJ1bmdzYmVow7ZyZGUgZsO8ciBUZWxla29tbXVuaWthdGlv
+biB1bmQgUG9zdDETMBEGA1UEAwwKOFItQ0EgMTpQTjAeFw0wNDExMjUxNDEwMzda
+Fw0wNzEyMzExNDA0MDNaMGExCzAJBgNVBAYTAkRFMT0wOwYDVQQKDDRSZWd1bGll
+cnVuZ3NiZWjDtnJkZSBmw7xyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MRMw
+EQYDVQQDDAo4Ui1DQSAxOlBOMIGgMA0GCSqGSIb3DQEBAQUAA4GOADCBigKBgQCS
+DvtngJbI4K8sbCHFfCalXaDa7xgc2pdsL2oQlgZygt1EY5ZgZB93JThnDSaDzdLj
+ZIPrXJLxCOLq6Kmxj63V9p9WUaF5nz/6PVRMmLzI7cvh5QDjsX4ZmEzm/it7e/YH
+vC1Yiw5bTULjwVZ27vqO64mhplQM3HKVgk6FX51XnwIEQAAAgaOCAd0wggHZMA4G
+A1UdDwEB/wQEAwICBDAYBggrBgEFBQcBAwQMMAowCAYGBACORgEBMEoGCCsGAQUF
+BwEBBD4wPDA6BggrBgEFBQcwAYYuaHR0cDovL29jc3AubnJjYS1kcy5kZTo4MDgw
+L29jc3Atb2NzcHJlc3BvbmRlcjASBgNVHSAECzAJMAcGBSskCAEBMIHeBgNVHR8E
+gdYwgdMwgdCggc2ggcqGgcdsZGFwOi8vbGRhcC5ucmNhLWRzLmRlOjM4OS9DTj1D
+UkwsTz1SZWd1bGllcnVuZ3NiZWglRjZyZGUlMjBmJUZDciUyMFRlbGVrb21tdW5p
+a2F0aW9uJTIwdW5kJTIwUG9zdCxDPURFLGRjPWxkYXAsZGM9bnJjYS1kcyxkYz1k
+ZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeT9iYXNlP29iamVjdENs
+YXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MBsGCSsGAQQBwG0DBQQOMAwGCisGAQQB
+wG0DBQEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTuKY5dMBMWc1wFL/fr
+arlCuHKNBDAdBgNVHQ4EFgQU7imOXTATFnNcBS/362q5QrhyjQQwCgYGKyQDAwEC
+BQADgYEAbDMwH4zJB/0qgmbBWvvCGJsm9lmLzLdOcB8HCm1EvlCLqaCX7TwoUuBN
+voxU9OHt1wAbChNP+ueDmI/0u2KRNv6/t4cOB8d4navwsW5nmknSzdZ6UZTUfmCr
+n6XIdUtl2hkiFlQpCvCIBFj/+PjQRMdovRN42EQ9XVhb5B2MGv8=
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE
+Serial ...: 00C48C8D
+Subject ..: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIICaTCCAdWgAwIBAgIEAMSMjTAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
+MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
+dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo3Ui1DQSAxOlBO
+MCIYDzIwMDExMDE1MTExNTE1WhgPMjAwNjAyMTUxMTE1MTVaMG8xCzAJBgNVBAYT
+AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
+dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjdSLUNB
+IDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIqJA/4+pRD+BXsRd+ej
+qVObXlKRhn1CoyKxVwR3O/RtE1M4FcajKDdT1p1pLULyqPBE2roMS5D/f83192gE
+Mw1uGZIusehg6n8tPQIJPkSb4X22yM0ZFeLAQXKNJ+98e03xv/TU4Fa//elPiPs/
+9Y99Gm6DOvTpCxIY8QK9Pxm7AgUAwAAAAaMSMBAwDgYDVR0PAQH/BAQDAgEGMAoG
+BiskAwMBAgUAA4GBADnITH+fLD0qsWcAncwPztzTAnqUw9O0+yvfmxvEU0zcJRuF
+Tl8DK+/aKp4SwVhRJZlWxenHzkjWynsUXBUv878gizllRpA7265REyHQki4NnxAi
+OGxEVGe/NbGeU88Pgnk7alhtdA/Ty8/WX9a3U/0G4pLaJppxGSm+ypQZ0XOY
+-----END CERTIFICATE-----
+
+
+Issuer ...: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
+Serial ...: 00B95F
+Subject ..: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
+ aka ..: info@d-trust.net
+ aka ..: (uri http://www.d-trust.net)
+
+-----BEGIN CERTIFICATE-----
+MIIFCjCCA/KgAwIBAgIDALlfMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAkRF
+MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxLDAqBgNVBAMMI0QtVFJVU1QgUXVhbGlm
+aWVkIFJvb3QgQ0EgMSAyMDA2OlBOMB4XDTA2MDQyNzEyNDA1NFoXDTExMDQyNzEy
+NDA1NFowUjELMAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEsMCoG
+A1UEAwwjRC1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAxIDIwMDY6UE4wggEkMA0G
+CSqGSIb3DQEBAQUAA4IBEQAwggEMAoIBAQCPACqp8H/KTbDBUM8BTiRzsfCJmN5G
+Uxv8x3wsYLMtZ8meq04vEun2OneNeKZ2LxJy3UchUWitYP9pLPt9M8yt0pyuOXOQ
+5r2RPAM46OlfStoPbZ+lCxpZbNcQGLM+/OcQU9GoCNWWkDSctwIN8T4mUf7vSzuT
+jM4n5NHW7Y8bANhH7lh2fwkfIk7PxsxFw9amptlqzDqbBPz8/SdBUFt0G8t52Niw
+lcYHWDV2YH4Qs1SAxOsyG0O8hpYKiKIwRHxPu5ZD3bMgDJXA3d+9zXlrLlmL0YFC
+tvlPxmvqUhmMsL4vGEj/xWivULCTVOz6KcJ9edWwK9JxyO/KmGyDLwKxAgUApBVt
+/aOCAeUwggHhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJr+c6YCNnohJ6M3
+fhSzwwTq2CkWMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29j
+c3AuZC10cnVzdC5uZXQwFwYDVR0gBBAwDjAMBgorBgEEAaU0Ah4BMDMGA1UdEQQs
+MCqBEGluZm9AZC10cnVzdC5uZXSGFmh0dHA6Ly93d3cuZC10cnVzdC5uZXQwGAYI
+KwYBBQUHAQMEDDAKMAgGBgQAjkYBATAOBgNVHQ8BAf8EBAMCAQYwggEABgNVHR8E
+gfgwgfUwgfKgge+ggeyGgaVsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NO
+PUQtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAxJTIwMjAwNiUzQVBO
+LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0
+P2Jhc2U/b2JqZWN0Q2xhc3M9Y3JsRGlzdHJpYnV0aW9uUG9pbnSGQmh0dHA6Ly93
+d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfcXVhbGlmaWVkX3Jvb3RfY2FfMV8y
+MDA2X3BuLmNybDANBgkqhkiG9w0BAQUFAAOCAQEABsVNHg5zVMB+A4swJ8/vW+RV
+mW8KZiJb5AVytFzBeZkkF2+DXFMtursZ0sICIcRCSsNyAQcqHqzcgnDWCHASlu4o
+Em3TeBsmWo8r/uGpbFVAOhjq2VOFwjjIr3TC7zmMoLE+WGBRSuZh4/5wnxQ+NNbY
+8HHE52UPI6VyV7RZeE0IZfbjkejw8WpvNtRfc6NxOCxf1LYibiCUaYs+EBDD+eod
+lWwpmHwPSj4GCzR9wBdbWML/GQZ6iFVOuEmApm2B11KEn4hvKtRMEp1CdHIn8Jwx
+51E89XcjJOIitO0lUozimqvlUb0lEynXe1/CUOhAsiAnLvq0GbnjFN6+9GRnqg==
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
+Serial ...: 00B960
+Subject ..: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
+ aka ..: info@d-trust.net
+ aka ..: (uri http://www.d-trust.net)
+
+-----BEGIN CERTIFICATE-----
+MIIFBjCCA+6gAwIBAgIDALlgMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAkRF
+MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxLDAqBgNVBAMMI0QtVFJVU1QgUXVhbGlm
+aWVkIFJvb3QgQ0EgMiAyMDA2OlBOMB4XDTA2MDQyNzEyNDA1NFoXDTExMDQyNzEy
+NDA1NFowUjELMAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEsMCoG
+A1UEAwwjRC1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyIDIwMDY6UE4wggEkMA0G
+CSqGSIb3DQEBAQUAA4IBEQAwggEMAoIBAQC9p9EZM645WSti4m3Lp/m5Cu2PCeAf
+DYMsN2UQab5SAD94wc0xB68rhD0QiyXT1bhqnHKGhdsmmNwVbFLWyFWVc69+5pbx
+jkEa1Z5oYbftpLZlqblas/iPG1C546c/O5JUHehrpyJziTaIqvDm0hMCarEGrd4i
+hdwP7XsLNLeHFVdpVMWKUIJjUud18Wyr6MVRGs85YTme2gPki8JZMjeOteTA8dnY
+unohiJM1rs8YQiYgIfQJV5oBd7OWZQLSuoh5tddYnP4KDFZUCCsC1OkBD+MnVlcv
+IEfrDDuWdvFgOdS8FB5l4E3D0eYPpn536EDpWeGuCnn8joQPdiMwwGL7AgUAuaHl
+M6OCAeEwggHdMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFILMyG0qJl9Aqmsa
+DhPJE4d+Xp/JMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29j
+c3AuZC10cnVzdC5uZXQwFwYDVR0gBBAwDjAMBgorBgEEAaU0Ah4BMDMGA1UdEQQs
+MCqBEGluZm9AZC10cnVzdC5uZXSGFmh0dHA6Ly93d3cuZC10cnVzdC5uZXQwGAYI
+KwYBBQUHAQMEDDAKMAgGBgQAjkYBATAOBgNVHQ8BAf8EBAMCAQYwgf0GA1UdHwSB
+9TCB8jCB76CB7KCB6YaBpWxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQvQ049
+RC1UUlVTVCUyMFF1YWxpZmllZCUyMFJvb3QlMjBDQSUyMDIlMjAyMDA2JTNBUE4s
+Tz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/
+YmFzZT9vYmplY3RDbGFzcz1jcmxEaXN0cmlidXRpb25Qb2ludIY/aHR0cDovL3d3
+dy5kLXRydXN0Lm5ldC9jcmwvZC10cnVzdF9xdWFsaWZpZWRfcm9vdF9jYV8yXzIw
+MDYuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB/TeSQASSUVjLVpTMB+S2bEYZWL04N
+5UO5sIdV5MQFxmbmQNam4odnkOx/GjHy0uuf14Pz7lztlLh4EMvEZbvoQ8wRsrrl
+vMjWBUSnhTMPhohj4gUCEJDBq50qi0057Jos9DF4iLaFgiWBER+FeSHD8uEy6WGG
+UrQ9fw8wRa+CRUeZldtZ25VSR++wxBuX3bkF/hRBuSk9PzT6jZojZDWKsqhPGo0W
+dK4V81hS4Zri3b3gSD/3iOAJ4EO8jdyeSVomw/u1UOapVFnWhpN7H6Nwekij66eO
+4WNzbeTNgJtkdOlzW2AcsWe3mS43BE286z7l/DzDs8JK36va/TRHb29p
+-----END CERTIFICATE-----
+
+
+Issuer ...: /CN=S-TRUST Qualified Root CA 2006-001:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+ /ST=Baden-Wuerttemberg (BW)/C=DE
+Serial ...: 00DF749F80AA51F0EDC0CB1FC183E97EE2
+Subject ..: /CN=S-TRUST Qualified Root CA 2006-001:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+ /ST=Baden-Wuerttemberg (BW)/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIETDCCAzSgAwIBAgIRAN90n4CqUfDtwMsfwYPpfuIwDQYJKoZIhvcNAQEFBQAw
+gZ4xCzAJBgNVBAYTAkRFMSAwHgYDVQQIExdCYWRlbi1XdWVydHRlbWJlcmcgKEJX
+KTESMBAGA1UEBxMJU3R1dHRnYXJ0MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmth
+c3NlbiBWZXJsYWcgR21iSDEuMCwGA1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9v
+dCBDQSAyMDA2LTAwMTpQTjAeFw0wNjAxMDEwMDAwMDBaFw0xMDEyMzAyMzU5NTla
+MIGeMQswCQYDVQQGEwJERTEgMB4GA1UECBMXQmFkZW4tV3VlcnR0ZW1iZXJnIChC
+VykxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1dHNjaGVyIFNwYXJr
+YXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1QgUXVhbGlmaWVkIFJv
+b3QgQ0EgMjAwNi0wMDE6UE4wggEkMA0GCSqGSIb3DQEBAQUAA4IBEQAwggEMAoIB
+AQCCp5M7qIP3WgNNE9t4kxFLb2HdwE2pivcWfEjFh9AJcwZIaD781+OhuNxhMEil
+C+B9N3bYgLMj7r/LbIFwRVmUf9E64kBDrY/wLAlXLpiicOiKE7rS1tcOAdD69s7I
+5jaBXCz/eQo20QLsp11/btwYos9PlfptLqHjS8AUwUaMyolqmWqaxLD33ZfoQswP
+FpyFFzAnRondt/5WUt244kpqgTlwP4o9J1AZamK5o/kKEXl8hDT6CulFoK51cX/J
+C9lEA10mwchVfv+9cel9b2ryPXg3hPf1XFFR+l90/ZYlreaSKz5+LluI6a/ALtYl
+hqJpvndXm6YZDzKKtxT3LZ1DAgUA8A8a46OBgDB+MBIGA1UdEwEB/wQIMAYBAf8C
+AQEwDgYDVR0PAQH/BAQDAgEGMBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwHQYD
+VR0OBBYEFKhXJN3CR/Jkirm68N+VHxcd09zBMB8GA1UdIwQYMBaAFKhXJN3CR/Jk
+irm68N+VHxcd09zBMA0GCSqGSIb3DQEBBQUAA4IBAQBB8UGGU179RK9v5SglLn8m
+AdBrwG5B4x0nlI3Ayj+GuP9R8ALcMEBwcFgSZTav7N8ERKa8VlCRNria7Fvf3kOu
++f67smpShBvEkrHy+ThvezBUtLfSSd1HzvaPnfwu86DMVnTIOkEcl0KLrpc/ZjEt
+u81iHuiHBemf6gWdTCApiJ+CN4tARi3irvWcjhz/IIcA/ZwAaCW22Z1ysDklCIPS
+9OnX9ki1f73PR+kdo4G7Dfo7TbuvV5Kzeh54sZ77A5utdvKer4ZHBmn9CGmk4VeI
+BWdFlE7Fispzm+jZCduF0TcazvP/tYontx71GQnHRwLfiY4xnuzXEoSNXoaHzhzO
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=S-TRUST Qualified Root CA 2007-001:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+ /ST=Baden-Wuerttemberg (BW)/C=DE
+Serial ...: 00BC098E0402E92956B8D7DE74977E26F7
+Subject ..: /CN=S-TRUST Qualified Root CA 2007-001:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+ /ST=Baden-Wuerttemberg (BW)/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIESzCCAzOgAwIBAgIRALwJjgQC6SlWuNfedJd+JvcwDQYJKoZIhvcNAQELBQAw
+gZ4xCzAJBgNVBAYTAkRFMSAwHgYDVQQIExdCYWRlbi1XdWVydHRlbWJlcmcgKEJX
+KTESMBAGA1UEBxMJU3R1dHRnYXJ0MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmth
+c3NlbiBWZXJsYWcgR21iSDEuMCwGA1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9v
+dCBDQSAyMDA3LTAwMTpQTjAeFw0wNzAxMDEwMDAwMDBaFw0xMTEyMzAyMzU5NTla
+MIGeMQswCQYDVQQGEwJERTEgMB4GA1UECBMXQmFkZW4tV3VlcnR0ZW1iZXJnIChC
+VykxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1dHNjaGVyIFNwYXJr
+YXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1QgUXVhbGlmaWVkIFJv
+b3QgQ0EgMjAwNy0wMDE6UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIB
+AQCnJdNNiDQLKpPIfHTC3ifleXWTf96hLfvP58q41fuywQ+rXju453yjPgr/ej5i
+RgYPyJnSc498wyu/XtPLIC3gQvowfiI8WmSj/eEToHUhrLIAtx1VXSi/Rugt3E1Y
+uYGkPn/gnrkk+RtPJQuBl1NRxKEVi7rg1Ch5RJvWsUTOmxgeWlr8qZnPoLkA2y6N
+lhL6LP3Th+OQIH4RFFfazNYWpH4Cg6I5nzyieHaR6LrGk0L7GfDKdZG4Eqan3JvI
+ilrFHzzCm7qudd+31jcRamReqZqJ0wzBmY1LNAzDyCAC3Y+YWEz8crhDW3mK/wFY
+H0RHHeow06RMTEVwls+FrhWfAgRAAACBo4GAMH4wEgYDVR0TAQH/BAgwBgEB/wIB
+ATAOBgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNV
+HQ4EFgQUPAujGBtjPCldr0A+EM4YCZSIX1cwHwYDVR0jBBgwFoAUPAujGBtjPCld
+r0A+EM4YCZSIX1cwDQYJKoZIhvcNAQELBQADggEBAJ1pVXXcVb9m0yRPjvE4Rvko
+tdjIm29YnY13ILCrPqjfgtpSlId6NHPhykGLkw3ratNlWQp3rmen/8EqQJa0rsPD
+CiB20ilLb1CmF8/SViJ26C+K0ayzk8s2v7S/m7/Tx9Dgd2PXWwy2XjeGG/2SkISH
+5CtSjbm8U+xTh5SQMgK1MX/bDiNJebDOO0N2lxAjtcGmw7K6OTWS7KnFfjzv6fKK
+L7Ed2Gpd2gBkbuJVe/wX2mDP2P4rpcCEkXrDoWbi9WWc+eP5fCgE4Nj7/VhnbPf6
+DJCvmUG571uf1oukFaoeeyzpw2q28Ly1KR8DNPw+B/3PzJUIjXYzPGyUjv3aPew=
+-----END CERTIFICATE-----
+
+
+Issuer ...: /CN=S-TRUST Qualified Root CA 2008-001:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+Serial ...: 00B3963E0E6C2D65125853E970665402E5
+Subject ..: /CN=S-TRUST Qualified Root CA 2008-001:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIFODCCBCCgAwIBAgIRALOWPg5sLWUSWFPpcGZUAuUwDQYJKoZIhvcNAQELBQAw
+fDELMAkGA1UEBhMCREUxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1
+dHNjaGVyIFNwYXJrYXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1Qg
+UXVhbGlmaWVkIFJvb3QgQ0EgMjAwOC0wMDE6UE4wHhcNMDgwMTAxMDAwMDAwWhcN
+MTIxMjMwMjM1OTU5WjB8MQswCQYDVQQGEwJERTESMBAGA1UEBxMJU3R1dHRnYXJ0
+MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmthc3NlbiBWZXJsYWcgR21iSDEuMCwG
+A1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyMDA4LTAwMTpQTjCCASMw
+DQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAKfUBh+i0NSWzddPtWG15DdTqbPM
+SJmeWw6dXutkR6UNonxC+yAm6rfZJhb83tPGB09qlAcNn7fcdR/g4SNdu3McwT+J
+HKHou6hhbMZmsza72Qcj9P/AwWq/o5oJa2eI4pU7I5YjS3x3oGtvmhJkwYiehIyx
+7DI+wHKcohwJV83jlZW3YrPmKgpaOZsc5lJM/+Ha4Q77MLPWHdCnxUkrbL1+Q/Ea
+qY+DoMMa9wxY+UmwbKe8ANfAf2NIMfJwmb748f+7EJMLjUA8nxrQ4iAPJ1lSrfZs
+d9cjzjdXZnhLvR9T2nNa2nROOHk2ARCOPAJgxk9EheRr4B6RbJ4hinuydJUCBEAA
+AIGjggGyMIIBrjASBgNVHRMBAf8ECDAGAQH/AgEBMIIBLAYDVR0fBIIBIzCCAR8w
+ggEboIIBF6CCAROGZWh0dHA6Ly9vbnNpdGVjcmwucy10cnVzdC5kZS9EZXV0c2No
+ZXJTcGFya2Fzc2VuVmVybGFnR21iSFNUUlVTVFF1YWxpZmllZFJvb3RDQTIwMDgw
+MDFQTi9MYXRlc3RDUkwuY3JshoGpbGRhcDovL2RpcmVjdG9yeS5zLXRydXN0LmRl
+L0NOPVMtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAyMDA4LTAwMSUz
+QVBOLE89RGV1dHNjaGVyJTIwU3Bhcmthc3NlbiUyMFZlcmxhZyUyMEdtYkgsTD1T
+dHV0dGdhcnQsQz1ERT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTAO
+BgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNVHQ4E
+FgQU7UBDbxBuOWcii/O2xVNRExXxPj0wHwYDVR0jBBgwFoAU7UBDbxBuOWcii/O2
+xVNRExXxPj0wDQYJKoZIhvcNAQELBQADggEBAEdeesrApdpV+0cz698ZM+fsbcmk
+AYTy8U1vcnEPzcxaEAvUO57ndJlSdBK7+5yFbVuFW7CTp90TPgljoDqWDOI2hsLU
+YxrHUfDCwsm/ALLDpImRKWGZ07nKxOHGAOxB4tQUaDUHwaClbw3UB3nBi9++f9d0
+FLM9oOVxbhKGco4/qo3LP+QfJU6xjL8itqaf0WHXcnN69CD/5D7e/iziwHvLWLEU
+0cUXVDzdyWKEvJ3RpFIk6EUulKFHZrCctis1ixg/iQybKs2DWG/RtCo6CGhtydT8
+I1y6qAwPL2gAt+ypf+Mk4SLewnpXlw6ZVDQlLEBLGto72DAyJTxRh8f6BpY=
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=S-TRUST Qualified Root CA 2008-002:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+Serial ...: 00C4216083F35C54F67B09A80C3C55FE7D
+Subject ..: /CN=S-TRUST Qualified Root CA 2008-002:PN
+ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIFODCCBCCgAwIBAgIRAMQhYIPzXFT2ewmoDDxV/n0wDQYJKoZIhvcNAQELBQAw
+fDELMAkGA1UEBhMCREUxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1
+dHNjaGVyIFNwYXJrYXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1Qg
+UXVhbGlmaWVkIFJvb3QgQ0EgMjAwOC0wMDI6UE4wHhcNMDgwMTAxMDAwMDAwWhcN
+MTIxMjMwMjM1OTU5WjB8MQswCQYDVQQGEwJERTESMBAGA1UEBxMJU3R1dHRnYXJ0
+MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmthc3NlbiBWZXJsYWcgR21iSDEuMCwG
+A1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyMDA4LTAwMjpQTjCCASMw
+DQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAJCrKgvHaZdd5LpNAlVZVf8a3CJY
+lBUt4Awwlu5q9wnkObVGHyekGLG6h7wMrY9OCL4uqWn9vIz+5vGXMEvU+NniMXIn
+JodZS8CbBBYUxS42PgZp7TNCd4gglEA1xOhsQH8T9iRZzdRCLyZYjysYsHiujn/x
+7y0+nxQsYu2mONaPFZq7ZBsDlAk5BPdIZCrutHDHe5inKwbpDUdpnKFlM1UDZ3eS
+4dl+YT/3t4QSJAVHVFz/Pzf1tevpMFYP4M7jHaktp327GMtrhYlpeoSZRc1cizHU
+Vdhj6Foyj1wWkQMwvb1ChPbRxS+4V3b6R+vgelULDBqFSF0Rtj/kRUgT/q8CBEAA
+AIGjggGyMIIBrjASBgNVHRMBAf8ECDAGAQH/AgEBMIIBLAYDVR0fBIIBIzCCAR8w
+ggEboIIBF6CCAROGZWh0dHA6Ly9vbnNpdGVjcmwucy10cnVzdC5kZS9EZXV0c2No
+ZXJTcGFya2Fzc2VuVmVybGFnR21iSFNUUlVTVFF1YWxpZmllZFJvb3RDQTIwMDgw
+MDJQTi9MYXRlc3RDUkwuY3JshoGpbGRhcDovL2RpcmVjdG9yeS5zLXRydXN0LmRl
+L0NOPVMtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAyMDA4LTAwMiUz
+QVBOLE89RGV1dHNjaGVyJTIwU3Bhcmthc3NlbiUyMFZlcmxhZyUyMEdtYkgsTD1T
+dHV0dGdhcnQsQz1ERT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTAO
+BgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNVHQ4E
+FgQUIQpnbAV/rAz9qSo/4q/3/TlplqwwHwYDVR0jBBgwFoAUIQpnbAV/rAz9qSo/
+4q/3/TlplqwwDQYJKoZIhvcNAQELBQADggEBAHRr6IiNPkWJYHVa8vi4tufRG9nE
+Yy8t2ll8xbu4ar+LXCqbttdaQzVU/7RCX4S1aPm6wb9WFJU+/JfZHpez+gJ9uIFy
+6rYJDxZ4qTxaGnIKGguZbEkpvne38/vtyjR5RuCj5AwEuP7Vy7/j5O1WZDoROMoD
+rRsBHLtg90aDVou0IG+wK5+RPOixSMjfMf79uixHrsriMHrzulTEMmX+S+VfXGmO
+G1RRiCiWgYaEtSIDAP0V9ehpcghfJLlmMBnxSf4n7OZvkd1whvme2rXaQxnZi2qV
+d2qclY03eJ7zx6Zpq8VFuVvOxvmFZ4mMe706runhCq+rHc5x6x0/oIMhDrk=
+-----END CERTIFICATE-----
+
diff --git a/doc/contrib.texi b/doc/contrib.texi
new file mode 100644
index 0000000..bb558bd
--- /dev/null
+++ b/doc/contrib.texi
@@ -0,0 +1,106 @@
+@c Copyright (C) 2002 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node Contributors
+@unnumbered Contributors to GnuPG
+@cindex contributors
+
+The GnuPG project would like to thank its many contributors. Without
+them the project would not have been nearly as successful as it has
+been. Any omissions in this list are accidental. Feel free to contact
+the maintainer if you have been left out or some of your contributions
+are not listed.
+
+David Shaw, Matthew Skala, Michael Roth, Niklas Hernaeus, Nils
+Ellmenreich, Rémi Guyomarch, Stefan Bellon, Timo Schulz and Werner
+Koch wrote the code. Birger Langkjer, Daniel Resare, Dokianakis
+Theofanis, Edmund GRIMLEY EVANS, Gaël Quéri, Gregory Steuck, Nagy
+Ferenc László, Ivo Timmermans, Jacobo Tarri'o Barreiro, Janusz
+Aleksander Urbanowicz, Jedi Lin, Jouni Hiltunen, Laurentiu Buzdugan,
+Magda Procha'zkova', Michael Anckaert, Michal Majer, Marco d'Itri,
+Nilgun Belma Buguner, Pedro Morais, Tedi Heriyanto, Thiago Jung
+Bauermann, Rafael Caetano dos Santos, Toomas Soome, Urko Lusa, Walter
+Koch, Yosiaki IIDA did the official translations. Mike Ashley wrote
+and maintains the GNU Privacy Handbook. David Scribner is the current
+FAQ editor. Lorenzo Cappelletti maintains the web site.
+
+The new modularized architecture of gnupg 1.9 as well as the X.509/CMS
+part has been developed as part of the Ägypten project. Direct
+contributors to this project are: Bernhard Herzog, who did extensive
+testing and tracked down a lot of bugs. Bernhard Reiter, who made sure
+that we met the specifications and the deadlines. He did extensive
+testing and came up with a lot of suggestions. Jan-Oliver Wagner made
+sure that we met the specifications and the deadlines. He also did
+extensive testing and came up with a lot of suggestions. Karl-Heinz
+Zimmer and Marc Mutz had to struggle with all the bugs and
+misconceptions while working on KDE integration. Marcus Brinkman
+extended GPGME, cleaned up the Assuan code and fixed bugs all over the
+place. Moritz Schulte took over Libgcrypt maintenance and developed it
+into a stable an useful library. Steffen Hansen had a hard time to
+write the dirmngr due to underspecified interfaces. Thomas Koester did
+extensive testing and tracked down a lot of bugs. Werner Koch designed
+the system and wrote most of the code.
+
+The following people helped greatly by suggesting improvements,
+testing, fixing bugs, providing resources and doing other important
+tasks: Adam Mitchell, Albert Chin, Alec Habig, Allan Clark, Anand
+Kumria, Andreas Haumer, Anthony Mulcahy, Ariel T Glenn, Bob Mathews,
+Bodo Moeller, Brendan O'Dea, Brenno de Winter, Brian M. Carlson, Brian
+Moore, Brian Warner, Bryan Fullerton, Caskey L. Dickson, Cees van de
+Griend, Charles Levert, Chip Salzenberg, Chris Adams, Christian Biere,
+Christian Kurz, Christian von Roques, Christopher Oliver, Christian
+Recktenwald, Dan Winship, Daniel Eisenbud, Daniel Koening, Dave
+Dykstra, David C Niemi, David Champion, David Ellement, David
+Hallinan, David Hollenberg, David Mathog, David R. Bergstein, Detlef
+Lannert, Dimitri, Dirk Lattermann, Dirk Meyer, Disastry, Douglas
+Calvert, Ed Boraas, Edmund GRIMLEY EVANS, Edwin Woudt, Enzo
+Michelangeli, Ernst Molitor, Fabio Coatti, Felix von Leitner, fish
+stiqz, Florian Weimer, Francesco Potorti, Frank Donahoe, Frank
+Heckenbach, Frank Stajano, Frank Tobin, Gabriel Rosenkoetter, Gaël
+Quéri, Gene Carter, Geoff Keating, Georg Schwarz, Giampaolo Tomassoni,
+Gilbert Fernandes, Greg Louis, Greg Troxel, Gregory Steuck, Gregery
+Barton, Harald Denker, Holger Baust, Hendrik Buschkamp, Holger
+Schurig, Holger Smolinski, Holger Trapp, Hugh Daniel, Huy Le, Ian
+McKellar, Ivo Timmermans, Jan Krueger, Jan Niehusmann, Janusz
+A. Urbanowicz, James Troup, Jean-loup Gailly, Jeff Long, Jeffery Von
+Ronne, Jens Bachem, Jeroen C. van Gelderen, J Horacio MG, J. Michael
+Ashley, Jim Bauer, Jim Small, Joachim Backes, Joe Rhett, John
+A. Martin, Johnny Teveßen, Jörg Schilling, Jos Backus, Joseph Walton,
+Juan F. Codagnone, Jun Kuriyama, Kahil D. Jallad, Karl Fogel, Karsten
+Thygesen, Katsuhiro Kondou, Kazu Yamamoto, Keith Clayton, Kevin Ryde,
+Klaus Singvogel, Kurt Garloff, Lars Kellogg-Stedman, L. Sassaman, M
+Taylor, Marcel Waldvogel, Marco d'Itri, Marco Parrone, Marcus
+Brinkmann, Mark Adler, Mark Elbrecht, Mark Pettit, Markus Friedl,
+Martin Kahlert, Martin Hamilton, Martin Schulte, Matt Kraai, Matthew
+Skala, Matthew Wilcox, Matthias Urlichs, Max Valianskiy, Michael
+Engels, Michael Fischer v. Mollard, Michael Roth, Michael Sobolev,
+Michael Tokarev, Nicolas Graner, Mike McEwan, Neal H Walfield, Nelson
+H. F. Beebe, NIIBE Yutaka, Niklas Hernaeus, Nimrod Zimerman, N J Doye,
+Oliver Haakert, Oskari Jääskeläinen, Pascal Scheffers, Paul D. Smith,
+Per Cederqvist, Phil Blundell, Philippe Laliberte, Peter Fales, Peter
+Gutmann, Peter Marschall, Peter Valchev, Piotr Krukowiecki, QingLong,
+Ralph Gillen, Rat, Reinhard Wobst, Rémi Guyomarch, Reuben Sumner,
+Richard Outerbridge, Robert Joop, Roddy Strachan, Roger Sondermann,
+Roland Rosenfeld, Roman Pavlik, Ross Golder, Ryan Malayter, Sam
+Roberts, Sami Tolvanen, Sean MacLennan, Sebastian Klemke, Serge
+Munhoven, SL Baur, Stefan Bellon, Dr.Stefan.Dalibor, Stefan Karrmann,
+Stefan Keller, Steffen Ullrich, Steffen Zahn, Steven Bakker, Steven
+Murdoch, Susanne Schultz, Ted Cabeen, Thiago Jung Bauermann, Thijmen
+Klok, Thomas Roessler, Tim Mooney, Timo Schulz, Todd Vierling, TOGAWA
+Satoshi, Tom Spindler, Tom Zerucha, Tomas Fasth, Tommi Komulainen,
+Thomas Klausner, Tomasz Kozlowski, Thomas Mikkelsen, Ulf Möller, Urko
+Lusa, Vincent P. Broman, Volker Quetschke, W Lewis, Walter Hofmann,
+Walter Koch, Wayne Chapeskie, Wim Vandeputte, Winona Brown, Yosiaki
+IIDA, Yoshihiro Kajiki and Gerlinde Klaes.
+
+This software has been made possible by the previous work of Chris
+Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin Hellmann
+Paul Kendall, Philip R. Zimmermann, Peter Gutmann, Philip A. Nelson,
+Taher Elgamal, Torbjorn Granlund, Whitfield Diffie, some unknown NSA
+mathematicians and all the folks who have worked hard to create
+complete and free operating systems.
+
+And finally we'd like to thank everyone who uses these tools, submits
+bug reports and generally reminds us why we're doing this work in the
+first place.
diff --git a/doc/debugging.texi b/doc/debugging.texi
new file mode 100644
index 0000000..c83ab1e
--- /dev/null
+++ b/doc/debugging.texi
@@ -0,0 +1,277 @@
+@c Copyright (C) 2004 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node Debugging
+@chapter How to solve problems
+
+Everyone knows that software often does not do what it should do and thus
+there is a need to track down problems. We call this debugging in a
+reminiscent to the moth jamming a relay in a Mark II box back in 1947.
+
+Most of the problems a merely configuration and user problems but
+nevertheless there are the most annoying ones and responsible for many
+gray hairs. We try to give some guidelines here on how to identify and
+solve the problem at hand.
+
+
+@menu
+* Debugging Tools:: Description of some useful tools.
+* Debugging Hints:: Various hints on debugging.
+* Common Problems:: Commonly seen problems.
+* Architecture Details:: How the whole thing works internally.
+@end menu
+
+
+@node Debugging Tools
+@section Debugging Tools
+
+The GnuPG distribution comes with a couple of tools, useful to help find
+and solving problems.
+
+@menu
+* kbxutil:: Scrutinizing a keybox file.
+@end menu
+
+@node kbxutil
+@subsection Scrutinizing a keybox file
+
+A keybox is a file format used to store public keys along with meta
+information and indices. The commonly used one is the file
+@file{pubring.kbx} in the @file{.gnupg} directory. It contains all
+X.509 certificates as well as OpenPGP keys@footnote{Well, OpenPGP keys
+are not implemented, @command{gpg} still used the keyring file
+@file{pubring.gpg}} .
+
+@noindent
+When called the standard way, e.g.:
+
+@samp{kbxutil ~/.gnupg/pubring.kbx}
+
+@noindent
+it lists all records (called @acronym{blobs}) with there meta-information
+in a human readable format.
+
+@noindent
+To see statistics on the keybox in question, run it using
+
+@samp{kbxutil --stats ~/.gnupg/pubring.kbx}
+
+@noindent
+and you get an output like:
+
+@example
+Total number of blobs: 99
+ header: 1
+ empty: 0
+ openpgp: 0
+ x509: 98
+ non flagged: 81
+ secret flagged: 0
+ ephemeral flagged: 17
+@end example
+
+In this example you see that the keybox does not have any OpenPGP keys
+but contains 98 X.509 certificates and a total of 17 keys or certificates
+are flagged as ephemeral, meaning that they are only temporary stored
+(cached) in the keybox and won't get listed using the usual commands
+provided by @command{gpgsm} or @command{gpg}. 81 certificates are stored
+in a standard way and directly available from @command{gpgsm}.
+
+@noindent
+To find duplicated certificates and keyblocks in a keybox file (this
+should not occur but sometimes things go wrong), run it using
+
+@samp{kbxutil --find-dups ~/.gnupg/pubring.kbx}
+
+
+@node Debugging Hints
+@section Various hints on debugging.
+
+@itemize @bullet
+
+@item How to find the IP address of a keyserver
+
+If a round robin URL of is used for a keyserver
+(e.g. subkeys.gnupg.org); it is not easy to see what server is actually
+used. Using the keyserver debug option as in
+
+@smallexample
+ gpg --keyserver-options debug=1 -v --refresh-key 1E42B367
+@end smallexample
+
+is thus often helpful. Note that the actual output depends on the
+backend and may change from release to release.
+
+@ifset gpgtwoone
+@item Logging on WindowsCE
+
+For development, the best logging method on WindowsCE is the use of
+remote debugging using a log file name of @file{tcp://<ip-addr>:<port>}.
+The command @command{watchgnupg} may be used on the remote host to listen
+on the given port. (@pxref{option watchgnupg --tcp}). For in the field
+tests it is better to make use of the logging facility provided by the
+@command{gpgcedev} driver (part of libassuan); this is enabled by using
+a log file name of @file{GPG2:}. (@pxref{option --log-file}).
+@end ifset
+
+@end itemize
+
+
+@node Common Problems
+@section Commonly Seen Problems
+
+
+@itemize @bullet
+@item Error code @samp{Not supported} from Dirmngr
+
+Most likely the option @option{enable-ocsp} is active for gpgsm
+but Dirmngr's OCSP feature has not been enabled using
+@option{allow-ocsp} in @file{dirmngr.conf}.
+
+@item The Curses based Pinentry does not work
+
+The far most common reason for this is that the environment variable
+@code{GPG_TTY} has not been set correctly. Make sure that it has been
+set to a real tty devce and not just to @samp{/dev/tty};
+i.e. @samp{GPG_TTY=tty} is plainly wrong; what you want is
+@samp{GPG_TTY=`tty`} --- note the back ticks. Also make sure that
+this environment variable gets exported, that is you should follow up
+the setting with an @samp{export GPG_TTY} (assuming a Bourne style
+shell). Even for GUI based Pinentries; you should have set
+@code{GPG_TTY}. See the section on installing the @command{gpg-agent}
+on how to do it.
+
+
+@item SSH hangs while a popping up pinentry was expected
+
+SSH has no way to tell the gpg-agent what terminal or X display it is
+running on. So when remotely logging into a box where a gpg-agent with
+SSH support is running, the pinentry will get popped up on whatever
+display the gpg-agent has been started. To solve this problem you may
+issue the command
+
+@smallexample
+echo UPDATESTARTUPTTY | gpg-connect-agent
+@end smallexample
+
+and the next pinentry will pop up on your display or screen. However,
+you need to kill the running pinentry first because only one pinentry
+may be running at once. If you plan to use ssh on a new display you
+should issue the above command before invoking ssh or any other service
+making use of ssh.
+
+
+@item Exporting a secret key without a certificate
+
+I may happen that you have created a certificate request using
+@command{gpgsm} but not yet received and imported the certificate from
+the CA. However, you want to export the secret key to another machine
+right now to import the certificate over there then. You can do this
+with a little trick but it requires that you know the approximate time
+you created the signing request. By running the command
+
+@smallexample
+ ls -ltr ~/.gnupg/private-keys-v1.d
+@end smallexample
+
+you get a listing of all private keys under control of @command{gpg-agent}.
+Pick the key which best matches the creation time and run the command
+
+@smallexample
+ /usr/local/libexec/gpg-protect-tool --p12-export ~/.gnupg/private-keys-v1.d/@var{foo} >@var{foo}.p12
+@end smallexample
+
+(Please adjust the path to @command{gpg-protect-tool} to the appropriate
+location). @var{foo} is the name of the key file you picked (it should
+have the suffix @file{.key}). A Pinentry box will pop up and ask you
+for the current passphrase of the key and a new passphrase to protect it
+in the pkcs#12 file.
+
+To import the created file on the machine you use this command:
+
+@smallexample
+ /usr/local/libexec/gpg-protect-tool --p12-import --store @var{foo}.p12
+@end smallexample
+
+You will be asked for the pkcs#12 passphrase and a new passphrase to
+protect the imported private key at its new location.
+
+Note that there is no easy way to match existing certificates with
+stored private keys because some private keys are used for Secure Shell
+or other purposes and don't have a corresponding certificate.
+
+
+@item A root certificate does not verify
+
+A common problem is that the root certificate misses the required
+basicConstraints attribute and thus @command{gpgsm} rejects this
+certificate. An error message indicating ``no value'' is a sign for
+such a certificate. You may use the @code{relax} flag in
+@file{trustlist.txt} to accept the certificate anyway. Note that the
+fingerprint and this flag may only be added manually to
+@file{trustlist.txt}.
+
+@item Error message: ``digest algorithm N has not been enabled''
+
+The signature is broken. You may try the option
+@option{--extra-digest-algo SHA256} to workaround the problem. The
+number N is the internal algorithm identifier; for example 8 refers to
+SHA-256.
+
+
+@item The Windows version does not work under Wine
+
+When running the W32 version of @command{gpg} under Wine you may get
+an error messages like:
+
+@smallexample
+gpg: fatal: WriteConsole failed: Access denied
+@end smallexample
+
+@noindent
+The solution is to use the command @command{wineconsole}.
+
+Some operations like gen-key really want to talk to the console directly
+for increased security (for example to prevent the passphrase from
+appearing on the screen). So, you should use @command{wineconsole}
+instead of @command{wine}, which will launch a windows console that
+implements those additional features.
+
+
+@item Why does GPG's --search-key list weird keys?
+
+For performance reasons the keyservers do not check the keys the same
+way @command{gpg} does. It may happen that the listing of keys
+available on the keyservers shows keys with wrong user IDs or with user
+Ids from other keys. If you try to import this key, the bad keys or bad
+user ids won't get imported, though. This is a bit unfortunate but we
+can't do anything about it without actually downloading the keys.
+
+@end itemize
+
+
+@c ********************************************
+@c *** Architecture Details *****************
+@c ********************************************
+@node Architecture Details
+@section How the whole thing works internally.
+
+
+@menu
+* GnuPG-1 and GnuPG-2:: Relationship between the two branches.
+@end menu
+
+@node GnuPG-1 and GnuPG-2
+@subsection Relationship between the two branches.
+
+Here is a little picture showing how the components work together:
+
+@image{gnupg-card-architecture, 10cm}
+
+@noindent
+Lets try to explain it:
+
+TO BE DONE.
+
+
diff --git a/doc/examples/README b/doc/examples/README
new file mode 100644
index 0000000..3444822
--- /dev/null
+++ b/doc/examples/README
@@ -0,0 +1,9 @@
+Files in this directory:
+
+
+scd-event A handler script used with scdaemon
+
+trustlist.txt A list of trustworthy root certificates
+ (Please check yourself whether you actually trust them)
+
+gpgconf.conf A sample configuration file for gpgconf.
diff --git a/doc/examples/gpgconf.conf b/doc/examples/gpgconf.conf
new file mode 100644
index 0000000..ec8685a
--- /dev/null
+++ b/doc/examples/gpgconf.conf
@@ -0,0 +1,63 @@
+# gpgconf.conf - configuration for gpgconf
+#----------------------------------------------------------------------
+# This file is read by gpgconf(1) to setup defaults for all or
+# specified users and groups. It may be used to change the hardwired
+# defaults in gpgconf and to enforce certain values for the various
+# GnuPG related configuration files.
+#
+# Empty lines and comment lines, indicated by a hash mark as first non
+# white space character, are ignored. The line is separated by white
+# space into fields. The first field is used to match the user or
+# group and must start at the first column, the file is processes
+# sequential until a matching rule is found. A rule may contain
+# several lines; continuation lines are indicated by a indenting them.
+#
+# Syntax of a line:
+# <key>|WS <component> <option> ["["<flag>"]"] [<value>]
+#
+# Examples for the <key> field:
+# foo - Matches the user "foo".
+# foo: - Matches the user "foo".
+# foo:staff - Matches the user "foo" or the group "staff".
+# :staff - Matches the group "staff".
+# * - Matches any user.
+# All other variants are not defined and reserved for future use.
+#
+# <component> and <option> are as specified by gpgconf.
+# <flag> may be one of:
+# default - Delete the option so that the default is used.
+# no-change - Mark the field as non changeable by gpgconf.
+# change - Mark the field as changeable by gpgconf.
+#
+# Example file:
+#==========
+# :staff gpg-agent allow-mark-trusted [change]
+# gpg-agent min-passphrase-len 6
+#
+# * gpg-agent min-passphrase-len [no-change] 8
+# gpg-agent min-passphrase-nonalpha [no-change] 1
+# gpg-agent max-passphrase-days [no-change] 700
+# gpg-agent enable-passphrase-history [no-change]
+# gpg-agent enforce-passphrase-constraints [default]
+# gpg-agent enforce-passphrase-constraints [no-change]
+# gpg-agent max-cache-ttl [no-change] 10800
+# gpg-agent max-cache-ttl-ssh [no-change] 10800
+# gpg-agent allow-mark-trusted [default]
+# gpg-agent allow-mark-trusted [no-change]
+# gpgsm enable-ocsp
+#===========
+# All users in the group "staff" are allowed to change the value for
+# --allow-mark-trusted; gpgconf's default is not to allow a change
+# through its interface. When "gpgconf --apply-defaults" is used,
+# "allow-mark-trusted" will get enabled and "min-passphrase-len" set
+# to 6. All other users are not allowed to change
+# "min-passphrase-len" and "allow-mark-trusted". When "gpgconf
+# --apply-defaults" is used for them, "min-passphrase-len" is set to
+# 8, "allow-mark-trusted" deleted from the config file and
+# "enable-ocsp" is put into the config file of gpgsm. The latter may
+# be changed by any user.
+#-------------------------------------------------------------------
+
+
+
+
diff --git a/doc/examples/pwpattern.list b/doc/examples/pwpattern.list
new file mode 100644
index 0000000..251c2d4
--- /dev/null
+++ b/doc/examples/pwpattern.list
@@ -0,0 +1,48 @@
+# pwpattern.list -*- default-generic -*-
+#
+# This is an example for a pattern file as used by gpg-check-pattern.
+# The file is line based with comment lines beginning on the *first*
+# position with a '#'. Empty lines and lines with just spaces are
+# ignored. The other lines may be verbatim patterns and match as they
+# are (trailing spaces are ignored) or extended regular expressions
+# indicated by a / in the first column and terminated by another / or
+# end of line. All comparisons are case insensitive.
+
+# Reject the usual metavariables. Usual not required because
+# gpg-agent can be used to reject all passphrases shorter than 8
+# charactes.
+foo
+bar
+baz
+
+# As well as very common passwords. Note that gpg-agent can be used
+# to reject them due to missing non-alpha characters.
+password
+passwort
+passphrase
+mantra
+test
+abc
+egal
+
+# German number plates.
+/^[A-Z]{1,3}[ ]*-[ ]*[A-Z]{1,2}[ ]*[0-9]+/
+
+# Dates (very limited, only ISO dates). */
+/^[012][0-9][0-9][0-9]-[012][0-9]-[0123][0-9]$/
+
+# Arbitrary strings
+the quick brown fox jumps over the lazy dogs back
+no-password
+no password
+
+12345678
+123456789
+1234567890
+87654321
+987654321
+0987654321
+qwertyuiop
+qwertzuiop
+asdfghjkl
+zxcvbnm
diff --git a/doc/examples/scd-event b/doc/examples/scd-event
new file mode 100755
index 0000000..938465f
--- /dev/null
+++ b/doc/examples/scd-event
@@ -0,0 +1,102 @@
+#!/bin/sh
+# Sample script for scdaemon event mechanism.
+
+#exec >>/tmp/scd-event.log
+
+PGM=scd-event
+
+reader_port=
+old_code=0x0000
+new_code=0x0000
+status=
+
+tick='`'
+prev=
+while [ $# -gt 0 ]; do
+ arg="$1"
+ case $arg in
+ -*=*) optarg=$(echo "X$arg" | sed -e '1s/^X//' -e 's/[-_a-zA-Z0-9]*=//')
+ ;;
+ *) optarg=
+ ;;
+ esac
+ if [ -n "$prev" ]; then
+ eval "$prev=\$arg"
+ prev=
+ shift
+ continue
+ fi
+ case $arg in
+ --help|-h)
+ cat <<EOF
+Usage: $PGM [options]
+$PGM is called by scdaemon on card reader status changes
+
+Options:
+ --reader-port N Reports change for port N
+ --old-code 0xNNNN Previous status code
+ --old-code 0xNNNN Current status code
+ --status USABLE|ACTIVE|PRESENT|NOCARD
+ Human readable status code
+
+Environment:
+
+GNUPGHOME=DIR Set to the active homedir
+
+EOF
+ exit 0
+ ;;
+
+ --reader-port)
+ prev=reader_port
+ ;;
+ --reader-port=*)
+ reader_port="$optarg"
+ ;;
+ --old-code)
+ prev=old_code
+ ;;
+ --old-code=*)
+ old_code="$optarg"
+ ;;
+ --new-code)
+ prev=new_code
+ ;;
+ --new-code=*)
+ new_code="$optarg"
+ ;;
+ --status)
+ prev=status
+ ;;
+ --new-code=*)
+ status="$optarg"
+ ;;
+
+ -*)
+ echo "$PGM: invalid option $tick$arg'" >&2
+ exit 1
+ ;;
+
+ *)
+ break
+ ;;
+ esac
+ shift
+done
+if [ -n "$prev" ]; then
+ echo "$PGM: argument missing for option $tick$prev'" >&2
+ exit 1
+fi
+
+cat <<EOF
+========================
+port: $reader_port
+old-code: $old_code
+new-code: $new_code
+status: $status
+EOF
+
+if [ x$status = xUSABLE ]; then
+ gpg --batch --card-status 2>&1
+fi
+
diff --git a/doc/examples/trustlist.txt b/doc/examples/trustlist.txt
new file mode 100644
index 0000000..4d57242
--- /dev/null
+++ b/doc/examples/trustlist.txt
@@ -0,0 +1,66 @@
+# This is the global list of trusted keys. Comment lines, like this
+# one, as well as empty lines are ignored. Lines have a length limit
+# but this is not serious limitation as the format of the entries is
+# fixed and checked by gpg-agent. A non-comment line starts with
+# optional white space, followed by the SHA-1 fingerpint in hex,
+# optionally followed by a flag character which my either be 'P', 'S'
+# or '*'. This file will be read by gpg-agent if no local trustlist
+# is available or if the statement "include-default" is used in the
+# local list. You should give the gpg-agent(s) a HUP after editing
+# this file.
+
+
+#Serial number: 32D18D
+# Issuer: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
+# fÈur Telekommunikation und Post/C=DE
+EA:8D:99:DD:36:AA:2D:07:1A:3C:7B:69:00:9E:51:B9:4A:2E:E7:60 S
+
+#Serial number: 00C48C8D
+# Issuer: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
+# fÈur Telekommunikation und Post/C=DE
+DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B S
+
+#Serial number: 01
+# Issuer: /CN=8R-CA 1:PN/O=Regulierungsbehörde für
+# Telekommunikation und Post/C=DE
+42:6A:F6:78:30:E9:CE:24:5B:EF:41:A2:C1:A8:51:DA:C5:0A:6D:F5 S
+
+#Serial number: 02
+# Issuer: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
+# Telekommunikation und Post/C=DE
+75:9A:4A:CE:7C:DA:7E:89:1B:B2:72:4B:E3:76:EA:47:3A:96:97:24 S
+
+#Serial number: 2A
+# Issuer: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
+31:C9:D2:E6:31:4D:0B:CC:2C:1A:45:00:A6:6B:97:98:27:18:8E:CD S
+
+#Serial number: 2D
+# Issuer: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
+A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D S
+
+# S/N: 0139
+# Issuer: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE
+44:7E:D4:E3:9A:D7:92:E2:07:FA:53:1A:2E:F5:B8:02:5B:47:57:B0 de
+
+# S/N: 013C
+# Issuer: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE
+AC:A7:BE:45:1F:A6:BF:09:F2:D1:3F:08:7B:BC:EB:7F:46:A2:CC:8A de
+
+
+# S/N: 00B3963E0E6C2D65125853E970665402E5
+# Issuer: /CN=S-TRUST Qualified Root CA 2008-001:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA S
+
+# S/N: 00C4216083F35C54F67B09A80C3C55FE7D
+# Issuer: /CN=S-TRUST Qualified Root CA 2008-002:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B S
+
+
+#Serial number: 00
+# Issuer: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.
+# cacert.org/O=Root CA/EMail=support@cacert.org
+13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33 S
+
+
diff --git a/doc/glossary.texi b/doc/glossary.texi
new file mode 100644
index 0000000..1c72e50
--- /dev/null
+++ b/doc/glossary.texi
@@ -0,0 +1,72 @@
+@c Copyright (C) 2004 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node Glossary
+@unnumbered Glossary
+
+
+@table @samp
+@item ARL
+ The @emph{Authority Revocation List} is technical identical to a
+@acronym{CRL} but used for @acronym{CA}s and not for end user
+certificates.
+
+@item Chain model
+ Verification model for X.509 which uses the creation date of a
+signature as the date the validation starts and in turn checks that each
+certificate has been issued within the time frame, the issuing
+certificate was valid. This allows the verification of signatures after
+the CA's certificate expired. The validation test also required an
+online check of the certificate status. The chain model is required by
+the German signature law. See also @emph{Shell model}.
+
+@item CMS
+ The @emph{Cryptographic Message Standard} describes a message
+format for encryption and digital signing. It is closely related to the
+X.509 certificate format. @acronym{CMS} was formerly known under the
+name @code{PKCS#7} and is described by @code{RFC3369}.
+
+@item CRL
+ The @emph{Certificate Revocation List} is a list containing
+certificates revoked by the issuer.
+
+@item CSR
+ The @emph{Certificate Signing Request} is a message send to a CA to
+ask them to issue a new certificate. The data format of such a signing
+request is called PCKS#10.
+
+@item OpenPGP
+ A data format used to build a PKI and to exchange encrypted or
+signed messages. In contrast to X.509, OpenPGP also includes the
+message format but does not explicitly demand a specific PKI. However
+any kind of PKI may be build upon the OpenPGP protocol.
+
+@item Keygrip
+ This term is used by GnuPG to describe a 20 byte hash value used
+to identify a certain key without referencing to a concrete protocol.
+It is used internally to access a private key. Usually it is shown and
+entered as a 40 character hexadecimal formatted string.
+
+@item OCSP
+ The @emph{Online Certificate Status Protocol} is used as an
+alternative to a @acronym{CRL}. It is described in @code{RFC 2560}.
+
+@item PSE
+ The @emph{Personal Security Environment} describes a database to
+store private keys. This is either a smartcard or a collection of files
+on a disk; the latter is often called a Soft-PSE.
+
+
+@item Shell model
+The standard model for validation of certificates under X.509. At the
+time of the verification all certificates must be valid and not expired.
+See also @emph{Chain mode}.
+
+
+@item X.509
+Description of a PKI used with CMS. It is for example
+defined by @code{RFC3280}.
+
+
+@end table
diff --git a/doc/gnupg-card-architecture.eps b/doc/gnupg-card-architecture.eps
new file mode 100644
index 0000000..70f4536
--- /dev/null
+++ b/doc/gnupg-card-architecture.eps
@@ -0,0 +1,1003 @@
+%!PS-Adobe-3.0 EPSF-3.0
+%%Title: /home/wk/w/gnupg-stable/doc/gnupg-card-architecture.fig
+%%Creator: fig2dev Version 3.2 Patchlevel 5d
+%%CreationDate: Tue Mar 27 10:23:53 2012
+%%BoundingBox: 0 0 823 458
+%Magnification: 1.0000
+%%EndComments
+%
+% Copyright 2005 Werner Koch
+%
+% This file is part of GnuPG.
+%
+% GnuPG is free software; you can redistribute it and/or modify
+% it under the terms of the GNU General Public License as published by
+% the Free Software Foundation; either version 3 of the License, or
+% (at your option) any later version.
+%
+% GnuPG is distributed in the hope that it will be useful,
+% but WITHOUT ANY WARRANTY; without even the implied warranty of
+% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+% GNU General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with this program; if not, see <http://www.gnu.org/licenses/>.
+%
+%
+%%BeginProlog
+/$F2psDict 200 dict def
+$F2psDict begin
+$F2psDict /mtrx matrix put
+/col-1 {0 setgray} bind def
+/col0 {0.000 0.000 0.000 srgb} bind def
+/col1 {0.000 0.000 1.000 srgb} bind def
+/col2 {0.000 1.000 0.000 srgb} bind def
+/col3 {0.000 1.000 1.000 srgb} bind def
+/col4 {1.000 0.000 0.000 srgb} bind def
+/col5 {1.000 0.000 1.000 srgb} bind def
+/col6 {1.000 1.000 0.000 srgb} bind def
+/col7 {1.000 1.000 1.000 srgb} bind def
+/col8 {0.000 0.000 0.560 srgb} bind def
+/col9 {0.000 0.000 0.690 srgb} bind def
+/col10 {0.000 0.000 0.820 srgb} bind def
+/col11 {0.530 0.810 1.000 srgb} bind def
+/col12 {0.000 0.560 0.000 srgb} bind def
+/col13 {0.000 0.690 0.000 srgb} bind def
+/col14 {0.000 0.820 0.000 srgb} bind def
+/col15 {0.000 0.560 0.560 srgb} bind def
+/col16 {0.000 0.690 0.690 srgb} bind def
+/col17 {0.000 0.820 0.820 srgb} bind def
+/col18 {0.560 0.000 0.000 srgb} bind def
+/col19 {0.690 0.000 0.000 srgb} bind def
+/col20 {0.820 0.000 0.000 srgb} bind def
+/col21 {0.560 0.000 0.560 srgb} bind def
+/col22 {0.690 0.000 0.690 srgb} bind def
+/col23 {0.820 0.000 0.820 srgb} bind def
+/col24 {0.500 0.190 0.000 srgb} bind def
+/col25 {0.630 0.250 0.000 srgb} bind def
+/col26 {0.750 0.380 0.000 srgb} bind def
+/col27 {1.000 0.500 0.500 srgb} bind def
+/col28 {1.000 0.630 0.630 srgb} bind def
+/col29 {1.000 0.750 0.750 srgb} bind def
+/col30 {1.000 0.880 0.880 srgb} bind def
+/col31 {1.000 0.840 0.000 srgb} bind def
+/col32 {0.255 0.271 0.255 srgb} bind def
+/col33 {0.502 0.502 0.502 srgb} bind def
+/col34 {0.753 0.753 0.753 srgb} bind def
+/col35 {0.776 0.718 0.592 srgb} bind def
+/col36 {0.937 0.973 1.000 srgb} bind def
+/col37 {0.863 0.796 0.651 srgb} bind def
+/col38 {0.878 0.878 0.878 srgb} bind def
+/col39 {0.557 0.561 0.557 srgb} bind def
+/col40 {0.667 0.667 0.667 srgb} bind def
+/col41 {0.333 0.333 0.333 srgb} bind def
+/col42 {0.251 0.251 0.251 srgb} bind def
+/col43 {0.525 0.510 0.525 srgb} bind def
+/col44 {0.780 0.765 0.780 srgb} bind def
+/col45 {0.906 0.890 0.906 srgb} bind def
+/col46 {0.557 0.557 0.557 srgb} bind def
+/col47 {0.267 0.267 0.267 srgb} bind def
+/col48 {0.525 0.525 0.525 srgb} bind def
+/col49 {0.780 0.780 0.780 srgb} bind def
+/col50 {0.400 0.400 0.400 srgb} bind def
+/col51 {0.886 0.886 0.933 srgb} bind def
+/col52 {0.580 0.580 0.604 srgb} bind def
+/col53 {0.859 0.859 0.859 srgb} bind def
+/col54 {0.631 0.631 0.718 srgb} bind def
+/col55 {0.612 0.000 0.000 srgb} bind def
+/col56 {0.929 0.929 0.929 srgb} bind def
+/col57 {0.525 0.675 1.000 srgb} bind def
+/col58 {0.439 0.439 1.000 srgb} bind def
+/col59 {0.745 0.745 0.745 srgb} bind def
+/col60 {0.318 0.318 0.318 srgb} bind def
+/col61 {0.000 0.000 0.286 srgb} bind def
+/col62 {0.475 0.475 0.475 srgb} bind def
+/col63 {0.188 0.204 0.188 srgb} bind def
+/col64 {0.780 0.714 0.588 srgb} bind def
+/col65 {0.843 0.843 0.843 srgb} bind def
+/col66 {0.682 0.682 0.682 srgb} bind def
+/col67 {0.522 0.502 0.490 srgb} bind def
+/col68 {0.824 0.824 0.824 srgb} bind def
+/col69 {0.227 0.227 0.227 srgb} bind def
+/col70 {0.271 0.451 0.667 srgb} bind def
+/col71 {0.000 0.000 0.000 srgb} bind def
+/col72 {0.906 0.906 0.906 srgb} bind def
+/col73 {0.969 0.969 0.969 srgb} bind def
+/col74 {0.839 0.843 0.839 srgb} bind def
+/col75 {0.482 0.475 0.647 srgb} bind def
+/col76 {0.937 0.984 1.000 srgb} bind def
+/col77 {0.620 0.620 0.620 srgb} bind def
+/col78 {0.443 0.459 0.443 srgb} bind def
+/col79 {0.451 0.459 0.549 srgb} bind def
+/col80 {0.255 0.255 0.255 srgb} bind def
+/col81 {0.388 0.365 0.808 srgb} bind def
+/col82 {0.337 0.318 0.318 srgb} bind def
+/col83 {0.867 0.616 0.576 srgb} bind def
+/col84 {0.945 0.925 0.878 srgb} bind def
+/col85 {0.765 0.765 0.765 srgb} bind def
+/col86 {0.886 0.784 0.659 srgb} bind def
+/col87 {0.882 0.882 0.882 srgb} bind def
+/col88 {0.855 0.478 0.102 srgb} bind def
+/col89 {0.945 0.894 0.102 srgb} bind def
+/col90 {0.533 0.490 0.761 srgb} bind def
+/col91 {0.839 0.839 0.839 srgb} bind def
+/col92 {0.549 0.549 0.647 srgb} bind def
+/col93 {0.290 0.290 0.290 srgb} bind def
+/col94 {0.549 0.420 0.420 srgb} bind def
+/col95 {0.353 0.353 0.353 srgb} bind def
+/col96 {0.388 0.388 0.388 srgb} bind def
+/col97 {0.718 0.608 0.451 srgb} bind def
+/col98 {0.255 0.576 1.000 srgb} bind def
+/col99 {0.749 0.439 0.231 srgb} bind def
+/col100 {0.859 0.467 0.000 srgb} bind def
+/col101 {0.855 0.722 0.000 srgb} bind def
+/col102 {0.000 0.392 0.000 srgb} bind def
+/col103 {0.353 0.420 0.231 srgb} bind def
+/col104 {0.827 0.827 0.827 srgb} bind def
+/col105 {0.557 0.557 0.643 srgb} bind def
+/col106 {0.953 0.725 0.365 srgb} bind def
+/col107 {0.537 0.600 0.420 srgb} bind def
+/col108 {0.392 0.392 0.392 srgb} bind def
+/col109 {0.718 0.902 1.000 srgb} bind def
+/col110 {0.525 0.753 0.925 srgb} bind def
+/col111 {0.741 0.741 0.741 srgb} bind def
+/col112 {0.827 0.584 0.322 srgb} bind def
+/col113 {0.596 0.824 0.996 srgb} bind def
+/col114 {0.549 0.612 0.420 srgb} bind def
+/col115 {0.969 0.420 0.000 srgb} bind def
+/col116 {0.353 0.420 0.224 srgb} bind def
+/col117 {0.549 0.612 0.420 srgb} bind def
+/col118 {0.549 0.612 0.482 srgb} bind def
+/col119 {0.094 0.290 0.094 srgb} bind def
+/col120 {0.678 0.678 0.678 srgb} bind def
+/col121 {0.969 0.741 0.353 srgb} bind def
+/col122 {0.388 0.420 0.612 srgb} bind def
+/col123 {0.871 0.000 0.000 srgb} bind def
+/col124 {0.678 0.678 0.678 srgb} bind def
+/col125 {0.969 0.741 0.353 srgb} bind def
+/col126 {0.678 0.678 0.678 srgb} bind def
+/col127 {0.969 0.741 0.353 srgb} bind def
+/col128 {0.388 0.420 0.612 srgb} bind def
+/col129 {0.322 0.420 0.161 srgb} bind def
+/col130 {0.580 0.580 0.580 srgb} bind def
+/col131 {0.000 0.388 0.000 srgb} bind def
+/col132 {0.000 0.388 0.290 srgb} bind def
+/col133 {0.482 0.518 0.290 srgb} bind def
+/col134 {0.906 0.741 0.482 srgb} bind def
+/col135 {0.647 0.710 0.776 srgb} bind def
+/col136 {0.420 0.420 0.580 srgb} bind def
+/col137 {0.518 0.420 0.420 srgb} bind def
+/col138 {0.322 0.612 0.290 srgb} bind def
+/col139 {0.839 0.906 0.906 srgb} bind def
+/col140 {0.322 0.388 0.388 srgb} bind def
+/col141 {0.094 0.420 0.290 srgb} bind def
+/col142 {0.612 0.647 0.710 srgb} bind def
+/col143 {1.000 0.580 0.000 srgb} bind def
+/col144 {1.000 0.580 0.000 srgb} bind def
+/col145 {0.000 0.388 0.290 srgb} bind def
+/col146 {0.482 0.518 0.290 srgb} bind def
+/col147 {0.388 0.451 0.482 srgb} bind def
+/col148 {0.906 0.741 0.482 srgb} bind def
+/col149 {0.094 0.290 0.094 srgb} bind def
+/col150 {0.969 0.741 0.353 srgb} bind def
+/col151 {0.871 0.871 0.871 srgb} bind def
+/col152 {0.953 0.933 0.827 srgb} bind def
+/col153 {0.961 0.682 0.365 srgb} bind def
+/col154 {0.584 0.808 0.600 srgb} bind def
+/col155 {0.710 0.082 0.490 srgb} bind def
+/col156 {0.933 0.933 0.933 srgb} bind def
+/col157 {0.518 0.518 0.518 srgb} bind def
+/col158 {0.482 0.482 0.482 srgb} bind def
+/col159 {0.000 0.353 0.000 srgb} bind def
+/col160 {0.906 0.451 0.451 srgb} bind def
+/col161 {1.000 0.796 0.192 srgb} bind def
+/col162 {0.161 0.475 0.290 srgb} bind def
+/col163 {0.871 0.157 0.129 srgb} bind def
+/col164 {0.129 0.349 0.776 srgb} bind def
+/col165 {0.973 0.973 0.973 srgb} bind def
+/col166 {0.902 0.902 0.902 srgb} bind def
+/col167 {0.129 0.518 0.353 srgb} bind def
+/col168 {1.000 0.580 0.031 srgb} bind def
+/col169 {0.000 0.439 0.000 srgb} bind def
+/col170 {0.816 0.000 0.000 srgb} bind def
+/col171 {0.996 0.839 0.000 srgb} bind def
+/col172 {0.847 0.125 0.063 srgb} bind def
+/col173 {0.000 0.204 0.518 srgb} bind def
+/col174 {0.839 0.125 0.063 srgb} bind def
+/col175 {0.220 0.565 0.000 srgb} bind def
+/col176 {0.729 0.000 0.000 srgb} bind def
+/col177 {0.000 0.200 0.502 srgb} bind def
+/col178 {0.000 0.655 0.741 srgb} bind def
+/col179 {1.000 0.773 0.000 srgb} bind def
+/col180 {0.031 0.482 0.816 srgb} bind def
+/col181 {0.984 0.757 0.000 srgb} bind def
+/col182 {0.518 0.000 0.161 srgb} bind def
+/col183 {0.027 0.224 0.612 srgb} bind def
+/col184 {0.000 0.388 0.741 srgb} bind def
+/col185 {0.224 0.675 0.875 srgb} bind def
+/col186 {0.259 0.753 0.878 srgb} bind def
+/col187 {0.192 0.808 1.000 srgb} bind def
+/col188 {1.000 0.871 0.000 srgb} bind def
+/col189 {0.031 0.353 0.000 srgb} bind def
+/col190 {1.000 0.129 0.000 srgb} bind def
+/col191 {0.969 0.369 0.031 srgb} bind def
+/col192 {0.937 0.482 0.031 srgb} bind def
+/col193 {1.000 0.510 0.000 srgb} bind def
+/col194 {0.000 0.490 0.000 srgb} bind def
+/col195 {0.000 0.000 0.745 srgb} bind def
+/col196 {0.459 0.459 0.459 srgb} bind def
+/col197 {0.953 0.953 0.953 srgb} bind def
+/col198 {0.843 0.827 0.843 srgb} bind def
+/col199 {0.682 0.667 0.682 srgb} bind def
+/col200 {0.761 0.761 0.761 srgb} bind def
+/col201 {0.188 0.188 0.188 srgb} bind def
+/col202 {0.318 0.333 0.318 srgb} bind def
+/col203 {0.969 0.953 0.969 srgb} bind def
+/col204 {0.443 0.443 0.443 srgb} bind def
+
+end
+
+/cp {closepath} bind def
+/ef {eofill} bind def
+/gr {grestore} bind def
+/gs {gsave} bind def
+/sa {save} bind def
+/rs {restore} bind def
+/l {lineto} bind def
+/m {moveto} bind def
+/rm {rmoveto} bind def
+/n {newpath} bind def
+/s {stroke} bind def
+/sh {show} bind def
+/slc {setlinecap} bind def
+/slj {setlinejoin} bind def
+/slw {setlinewidth} bind def
+/srgb {setrgbcolor} bind def
+/rot {rotate} bind def
+/sc {scale} bind def
+/sd {setdash} bind def
+/ff {findfont} bind def
+/sf {setfont} bind def
+/scf {scalefont} bind def
+/sw {stringwidth} bind def
+/tr {translate} bind def
+/tnt {dup dup currentrgbcolor
+ 4 -2 roll dup 1 exch sub 3 -1 roll mul add
+ 4 -2 roll dup 1 exch sub 3 -1 roll mul add
+ 4 -2 roll dup 1 exch sub 3 -1 roll mul add srgb}
+ bind def
+/shd {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
+ 4 -2 roll mul srgb} bind def
+/reencdict 12 dict def /ReEncode { reencdict begin
+/newcodesandnames exch def /newfontname exch def /basefontname exch def
+/basefontdict basefontname findfont def /newfont basefontdict maxlength dict def
+basefontdict { exch dup /FID ne { dup /Encoding eq
+{ exch dup length array copy newfont 3 1 roll put }
+{ exch newfont 3 1 roll put } ifelse } { pop pop } ifelse } forall
+newfont /FontName newfontname put newcodesandnames aload pop
+128 1 255 { newfont /Encoding get exch /.notdef put } for
+newcodesandnames length 2 idiv { newfont /Encoding get 3 1 roll put } repeat
+newfontname newfont definefont pop end } def
+/isovec [
+8#055 /minus 8#200 /grave 8#201 /acute 8#202 /circumflex 8#203 /tilde
+8#204 /macron 8#205 /breve 8#206 /dotaccent 8#207 /dieresis
+8#210 /ring 8#211 /cedilla 8#212 /hungarumlaut 8#213 /ogonek 8#214 /caron
+8#220 /dotlessi 8#230 /oe 8#231 /OE
+8#240 /space 8#241 /exclamdown 8#242 /cent 8#243 /sterling
+8#244 /currency 8#245 /yen 8#246 /brokenbar 8#247 /section 8#250 /dieresis
+8#251 /copyright 8#252 /ordfeminine 8#253 /guillemotleft 8#254 /logicalnot
+8#255 /hyphen 8#256 /registered 8#257 /macron 8#260 /degree 8#261 /plusminus
+8#262 /twosuperior 8#263 /threesuperior 8#264 /acute 8#265 /mu 8#266 /paragraph
+8#267 /periodcentered 8#270 /cedilla 8#271 /onesuperior 8#272 /ordmasculine
+8#273 /guillemotright 8#274 /onequarter 8#275 /onehalf
+8#276 /threequarters 8#277 /questiondown 8#300 /Agrave 8#301 /Aacute
+8#302 /Acircumflex 8#303 /Atilde 8#304 /Adieresis 8#305 /Aring
+8#306 /AE 8#307 /Ccedilla 8#310 /Egrave 8#311 /Eacute
+8#312 /Ecircumflex 8#313 /Edieresis 8#314 /Igrave 8#315 /Iacute
+8#316 /Icircumflex 8#317 /Idieresis 8#320 /Eth 8#321 /Ntilde 8#322 /Ograve
+8#323 /Oacute 8#324 /Ocircumflex 8#325 /Otilde 8#326 /Odieresis 8#327 /multiply
+8#330 /Oslash 8#331 /Ugrave 8#332 /Uacute 8#333 /Ucircumflex
+8#334 /Udieresis 8#335 /Yacute 8#336 /Thorn 8#337 /germandbls 8#340 /agrave
+8#341 /aacute 8#342 /acircumflex 8#343 /atilde 8#344 /adieresis 8#345 /aring
+8#346 /ae 8#347 /ccedilla 8#350 /egrave 8#351 /eacute
+8#352 /ecircumflex 8#353 /edieresis 8#354 /igrave 8#355 /iacute
+8#356 /icircumflex 8#357 /idieresis 8#360 /eth 8#361 /ntilde 8#362 /ograve
+8#363 /oacute 8#364 /ocircumflex 8#365 /otilde 8#366 /odieresis 8#367 /divide
+8#370 /oslash 8#371 /ugrave 8#372 /uacute 8#373 /ucircumflex
+8#374 /udieresis 8#375 /yacute 8#376 /thorn 8#377 /ydieresis] def
+/Helvetica-Bold /Helvetica-Bold-iso isovec ReEncode
+/Helvetica /Helvetica-iso isovec ReEncode
+/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
+/$F2psEnd {$F2psEnteredState restore end} def
+
+/pageheader {
+save
+newpath 0 458 moveto 0 0 lineto 823 0 lineto 823 458 lineto closepath clip newpath
+-8.3 472.6 translate
+1 -1 scale
+$F2psBegin
+10 setmiterlimit
+0 slj 0 slc
+ 0.06299 0.06299 sc
+} bind def
+/pagefooter {
+$F2psEnd
+restore
+} bind def
+%%EndProlog
+pageheader
+%
+% Fig objects follow
+%
+%
+% here starts figure with depth 60
+% Polyline
+0 slj
+0 slc
+15.000 slw
+n 9393 2072 m 9318 2072 9318 5664 75 arcto 4 {pop} repeat
+ 9318 5739 13062 5739 75 arcto 4 {pop} repeat
+ 13137 5739 13137 2147 75 arcto 4 {pop} repeat
+ 13137 2072 9393 2072 75 arcto 4 {pop} repeat
+ cp gs col6 1.00 shd ef gr gs col0 s gr
+% Polyline
+n 10849 5901 m 10774 5901 10774 6285 75 arcto 4 {pop} repeat
+ 10774 6360 11616 6360 75 arcto 4 {pop} repeat
+ 11691 6360 11691 5976 75 arcto 4 {pop} repeat
+ 11691 5901 10849 5901 75 arcto 4 {pop} repeat
+ cp gs col6 1.00 shd ef gr gs col0 s gr
+% Polyline
+n 228 2072 m 153 2072 153 5664 75 arcto 4 {pop} repeat
+ 153 5739 3897 5739 75 arcto 4 {pop} repeat
+ 3972 5739 3972 2147 75 arcto 4 {pop} repeat
+ 3972 2072 228 2072 75 arcto 4 {pop} repeat
+ cp gs col6 1.00 shd ef gr gs col0 s gr
+% Polyline
+n 4810 2072 m 4735 2072 4735 5664 75 arcto 4 {pop} repeat
+ 4735 5739 8479 5739 75 arcto 4 {pop} repeat
+ 8554 5739 8554 2147 75 arcto 4 {pop} repeat
+ 8554 2072 4810 2072 75 arcto 4 {pop} repeat
+ cp gs col6 1.00 shd ef gr gs col0 s gr
+% Polyline
+n 6643 423 m 6568 423 6568 1264 75 arcto 4 {pop} repeat
+ 6568 1339 8479 1339 75 arcto 4 {pop} repeat
+ 8554 1339 8554 498 75 arcto 4 {pop} repeat
+ 8554 423 6643 423 75 arcto 4 {pop} repeat
+ cp gs col6 1.00 shd ef gr gs col0 s gr
+% Polyline
+n 10768 6991 m 10693 6991 10693 7405 75 arcto 4 {pop} repeat
+ 10693 7480 11656 7480 75 arcto 4 {pop} repeat
+ 11731 7480 11731 7066 75 arcto 4 {pop} repeat
+ 11731 6991 10768 6991 75 arcto 4 {pop} repeat
+ cp gs col6 1.00 shd ef gr gs col0 s gr
+% here ends figure;
+%
+% here starts figure with depth 50
+% Polyline
+0 slj
+0 slc
+7.500 slw
+n 9546 3936 m 9471 3936 9471 4319 75 arcto 4 {pop} repeat
+ 9471 4394 10465 4394 75 arcto 4 {pop} repeat
+ 10540 4394 10540 4011 75 arcto 4 {pop} repeat
+ 10540 3936 9546 3936 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 9546 5158 m 9471 5158 9471 5541 75 arcto 4 {pop} repeat
+ 9471 5616 10312 5616 75 arcto 4 {pop} repeat
+ 10387 5616 10387 5233 75 arcto 4 {pop} repeat
+ 10387 5158 9546 5158 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 9546 4547 m 9471 4547 9471 4930 75 arcto 4 {pop} repeat
+ 9471 5005 12909 5005 75 arcto 4 {pop} repeat
+ 12984 5005 12984 4622 75 arcto 4 {pop} repeat
+ 12984 4547 9546 4547 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 12142 5158 m 12067 5158 12067 5541 75 arcto 4 {pop} repeat
+ 12067 5616 12909 5616 75 arcto 4 {pop} repeat
+ 12984 5616 12984 5233 75 arcto 4 {pop} repeat
+ 12984 5158 12142 5158 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 10859 5168 m 10784 5168 10784 5552 75 arcto 4 {pop} repeat
+ 10784 5627 11626 5627 75 arcto 4 {pop} repeat
+ 11701 5627 11701 5243 75 arcto 4 {pop} repeat
+ 11701 5168 10859 5168 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 10768 3936 m 10693 3936 10693 4319 75 arcto 4 {pop} repeat
+ 10693 4394 11687 4394 75 arcto 4 {pop} repeat
+ 11762 4394 11762 4011 75 arcto 4 {pop} repeat
+ 11762 3936 10768 3936 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 11990 3936 m 11915 3936 11915 4319 75 arcto 4 {pop} repeat
+ 11915 4394 12909 4394 75 arcto 4 {pop} repeat
+ 12984 4394 12984 4011 75 arcto 4 {pop} repeat
+ 12984 3936 11990 3936 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+ [15 45] 45 sd
+n 9318 3753 m
+ 13137 3753 l gs col0 s gr [] 0 sd
+% Polyline
+15.000 slw
+n 11755 5739 m 11770 5739 l gs col0 s gr
+% Polyline
+ [90] 0 sd
+n 10693 5739 m 10693 6502 l 11762 6502 l
+ 11762 5739 l gs col0 s gr [] 0 sd
+% Polyline
+7.500 slw
+n 381 3936 m 306 3936 306 4319 75 arcto 4 {pop} repeat
+ 306 4394 1300 4394 75 arcto 4 {pop} repeat
+ 1375 4394 1375 4011 75 arcto 4 {pop} repeat
+ 1375 3936 381 3936 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 381 5158 m 306 5158 306 5541 75 arcto 4 {pop} repeat
+ 306 5616 1147 5616 75 arcto 4 {pop} repeat
+ 1222 5616 1222 5233 75 arcto 4 {pop} repeat
+ 1222 5158 381 5158 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 381 4547 m 306 4547 306 4930 75 arcto 4 {pop} repeat
+ 306 5005 3744 5005 75 arcto 4 {pop} repeat
+ 3819 5005 3819 4622 75 arcto 4 {pop} repeat
+ 3819 4547 381 4547 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 2977 5158 m 2902 5158 2902 5541 75 arcto 4 {pop} repeat
+ 2902 5616 3744 5616 75 arcto 4 {pop} repeat
+ 3819 5616 3819 5233 75 arcto 4 {pop} repeat
+ 3819 5158 2977 5158 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 1694 5168 m 1619 5168 1619 5552 75 arcto 4 {pop} repeat
+ 1619 5627 2461 5627 75 arcto 4 {pop} repeat
+ 2536 5627 2536 5243 75 arcto 4 {pop} repeat
+ 2536 5168 1694 5168 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 2214 3753 m 2139 3753 2139 4136 75 arcto 4 {pop} repeat
+ 2139 4211 3133 4211 75 arcto 4 {pop} repeat
+ 3208 4211 3208 3828 75 arcto 4 {pop} repeat
+ 3208 3753 2214 3753 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+15.000 slw
+n 2590 5739 m 2605 5739 l gs col0 s gr
+% Polyline
+7.500 slw
+gs clippath
+1498 4113 m 1386 4132 l 1393 4172 l 1504 4153 l 1504 4153 l 1421 4147 l 1498 4113 l cp
+eoclip
+n 2139 4028 m
+ 1405 4150 l gs col0 s gr gr
+
+% arrowhead
+n 1498 4113 m 1421 4147 l 1504 4153 l 1498 4113 l cp gs 0.00 setgray ef gr col0 s
+% Polyline
+ [15 45] 45 sd
+n 153 3753 m 1833 3753 l 1833 4364 l
+ 3972 4364 l gs col0 s gr [] 0 sd
+% Polyline
+n 4963 4058 m 4888 4058 4888 5358 75 arcto 4 {pop} repeat
+ 4888 5433 5271 5433 75 arcto 4 {pop} repeat
+ 5346 5433 5346 4133 75 arcto 4 {pop} repeat
+ 5346 4058 4963 4058 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 4963 2378 m 4888 2378 4888 3678 75 arcto 4 {pop} repeat
+ 4888 3753 5271 3753 75 arcto 4 {pop} repeat
+ 5346 3753 5346 2453 75 arcto 4 {pop} repeat
+ 5346 2378 4963 2378 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 6032 3447 m 5957 3447 5957 4136 75 arcto 4 {pop} repeat
+ 5957 4211 7104 4211 75 arcto 4 {pop} repeat
+ 7179 4211 7179 3522 75 arcto 4 {pop} repeat
+ 7179 3447 6032 3447 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 7191 4883 m 7199 4883 l gs col0 s gr
+% Polyline
+n 7191 4883 m 7199 4883 l gs col0 s gr
+% Polyline
+n 6796 4517 m 6721 4517 6721 4900 75 arcto 4 {pop} repeat
+ 6721 4975 7257 4975 75 arcto 4 {pop} repeat
+ 7332 4975 7332 4592 75 arcto 4 {pop} repeat
+ 7332 4517 6796 4517 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+gs clippath
+6934 4479 m 7028 4542 l 7050 4508 l 6957 4445 l 6957 4445 l 7014 4508 l 6934 4479 l cp
+6660 4248 m 6566 4185 l 6544 4219 l 6637 4282 l 6637 4282 l 6581 4220 l 6660 4248 l cp
+eoclip
+n 6568 4211 m
+ 7027 4517 l gs col0 s gr gr
+
+% arrowhead
+n 6660 4248 m 6581 4220 l 6637 4282 l 6660 4248 l cp gs 0.00 setgray ef gr col0 s
+% arrowhead
+n 6934 4479 m 7014 4508 l 6957 4445 l 6934 4479 l cp gs 0.00 setgray ef gr col0 s
+% Polyline
+gs clippath
+6179 4445 m 6086 4508 l 6108 4542 l 6202 4479 l 6202 4479 l 6123 4508 l 6179 4445 l cp
+6498 4282 m 6591 4219 l 6569 4185 l 6475 4248 l 6475 4248 l 6555 4220 l 6498 4282 l cp
+eoclip
+n 6568 4211 m
+ 6110 4517 l gs col0 s gr gr
+
+% arrowhead
+n 6498 4282 m 6555 4220 l 6475 4248 l 6498 4282 l cp gs 0.00 setgray ef gr col0 s
+% arrowhead
+n 6179 4445 m 6123 4508 l 6202 4479 l 6179 4445 l cp gs 0.00 setgray ef gr col0 s
+% Polyline
+n 5880 4517 m 5805 4517 5805 4900 75 arcto 4 {pop} repeat
+ 5805 4975 6341 4975 75 arcto 4 {pop} repeat
+ 6416 4975 6416 4592 75 arcto 4 {pop} repeat
+ 6416 4517 5880 4517 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 7713 3600 m 7638 3600 7638 3983 75 arcto 4 {pop} repeat
+ 7638 4058 8326 4058 75 arcto 4 {pop} repeat
+ 8401 4058 8401 3675 75 arcto 4 {pop} repeat
+ 8401 3600 7713 3600 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+n 7634 3814 m 7642 3814 l gs col0 s gr
+% Polyline
+n 9546 2225 m 9471 2225 9471 3525 75 arcto 4 {pop} repeat
+ 9471 3600 9854 3600 75 arcto 4 {pop} repeat
+ 9929 3600 9929 2300 75 arcto 4 {pop} repeat
+ 9929 2225 9546 2225 75 arcto 4 {pop} repeat
+ cp gs col0 s gr
+% Polyline
+ [60] 0 sd
+gs clippath
+11083 351 m 11196 351 l 11196 310 l 11083 310 l 11083 310 l 11165 331 l 11083 351 l cp
+eoclip
+n 10632 331 m
+ 11181 331 l gs col1 s gr gr
+ [] 0 sd
+% arrowhead
+n 11083 351 m 11165 331 l 11083 310 l 11083 351 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+15.000 slw
+gs clippath
+10986 677 m 11196 677 l 11196 596 l 10986 596 l 10986 596 l 11149 637 l 10986 677 l cp
+eoclip
+n 10632 637 m
+ 11181 637 l gs col1 s gr gr
+
+% arrowhead
+n 10986 677 m 11149 637 l 10986 596 l 10986 677 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+7.500 slw
+gs clippath
+11083 962 m 11196 962 l 11196 921 l 11083 921 l 11083 921 l 11165 942 l 11083 962 l cp
+eoclip
+n 10632 942 m
+ 11181 942 l gs col0 s gr gr
+
+% arrowhead
+n 11083 962 m 11165 942 l 11083 921 l 11083 962 l cp gs 0.00 setgray ef gr col0 s
+% Polyline
+n 6919 6197 m 6904 6197 6904 7170 15 arcto 4 {pop} repeat
+ 6904 7185 8457 7185 15 arcto 4 {pop} repeat
+ 8472 7185 8472 6212 15 arcto 4 {pop} repeat
+ 8472 6197 6919 6197 15 arcto 4 {pop} repeat
+ cp gs col7 1.00 shd ef gr gs col-1 s gr
+% Polyline
+gs clippath
+5873 3698 m 5953 3778 l 5982 3749 l 5902 3669 l 5902 3669 l 5946 3742 l 5873 3698 l cp
+eoclip
+n 5346 3142 m
+ 5957 3753 l gs col0 s gr gr
+
+% arrowhead
+n 5873 3698 m 5946 3742 l 5902 3669 l 5873 3698 l cp gs 0.00 setgray ef gr col0 s
+% Polyline
+gs clippath
+5912 3994 m 5982 3906 l 5950 3880 l 5880 3968 l 5880 3968 l 5947 3918 l 5912 3994 l cp
+eoclip
+n 5346 4669 m
+ 5957 3905 l gs col0 s gr gr
+
+% arrowhead
+n 5912 3994 m 5947 3918 l 5880 3968 l 5912 3994 l cp gs 0.00 setgray ef gr col0 s
+% Polyline
+gs clippath
+7540 3834 m 7653 3834 l 7653 3793 l 7540 3793 l 7540 3793 l 7622 3814 l 7540 3834 l cp
+7276 3793 m 7164 3793 l 7164 3834 l 7276 3834 l 7276 3834 l 7195 3814 l 7276 3793 l cp
+eoclip
+n 7179 3814 m
+ 7638 3814 l gs col0 s gr gr
+
+% arrowhead
+n 7276 3793 m 7195 3814 l 7276 3834 l 7276 3793 l cp gs 0.00 setgray ef gr col0 s
+% arrowhead
+n 7540 3834 m 7622 3814 l 7540 3793 l 7540 3834 l cp gs 0.00 setgray ef gr col0 s
+% Polyline
+2 slj
+15.000 slw
+gs clippath
+7694 1441 m 7524 1318 l 7476 1384 l 7646 1507 l 7646 1507 l 7539 1379 l 7694 1441 l cp
+eoclip
+n 8022 3600 m 8022 3599 l 8023 3597 l 8024 3592 l 8026 3585 l 8028 3575 l
+ 8031 3562 l 8035 3545 l 8039 3525 l 8045 3501 l 8051 3474 l
+ 8057 3444 l 8064 3410 l 8072 3374 l 8079 3336 l 8087 3295 l
+ 8095 3252 l 8102 3208 l 8109 3163 l 8116 3117 l 8123 3069 l
+ 8129 3021 l 8134 2972 l 8139 2921 l 8143 2870 l 8145 2818 l
+ 8147 2765 l 8148 2710 l 8147 2654 l 8145 2596 l 8142 2537 l
+ 8136 2476 l 8129 2414 l 8120 2351 l 8109 2288 l 8096 2225 l
+ 8079 2156 l 8060 2091 l 8039 2029 l 8017 1971 l 7995 1917 l
+ 7971 1868 l 7948 1822 l 7923 1780 l 7899 1740 l 7874 1704 l
+ 7848 1670 l 7823 1638 l 7797 1608 l 7772 1580 l 7746 1553 l
+ 7720 1528 l 7695 1505 l 7671 1483 l 7647 1463 l 7625 1445 l
+ 7605 1428 l 7586 1413 l 7569 1400 l 7554 1389 l 7542 1380 l
+ 7532 1373 l 7524 1368 l
+ 7513 1360 l gs col1 s gr gr
+
+% arrowhead
+0 slj
+n 7694 1441 m 7539 1379 l 7646 1507 l 7694 1441 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+gs clippath
+9472 3096 m 9513 2890 l 9433 2874 l 9393 3080 l 9393 3080 l 9465 2929 l 9472 3096 l cp
+eoclip
+n 7332 4730 m 7333 4730 l 7335 4731 l 7339 4732 l 7346 4733 l 7355 4735 l
+ 7367 4738 l 7382 4741 l 7401 4745 l 7423 4750 l 7449 4754 l
+ 7477 4760 l 7509 4765 l 7543 4771 l 7580 4776 l 7619 4782 l
+ 7660 4787 l 7702 4791 l 7746 4795 l 7791 4798 l 7837 4800 l
+ 7884 4801 l 7931 4800 l 7979 4798 l 8028 4794 l 8078 4789 l
+ 8128 4781 l 8179 4771 l 8231 4758 l 8284 4742 l 8338 4724 l
+ 8393 4702 l 8449 4676 l 8506 4646 l 8564 4612 l 8622 4575 l
+ 8680 4532 l 8737 4486 l 8790 4439 l 8840 4389 l 8888 4337 l
+ 8932 4284 l 8975 4231 l 9014 4176 l 9050 4122 l 9084 4068 l
+ 9116 4013 l 9145 3959 l 9172 3904 l 9198 3850 l 9221 3796 l
+ 9244 3741 l 9264 3687 l 9284 3633 l 9302 3579 l 9319 3526 l
+ 9335 3473 l 9350 3420 l 9365 3369 l 9378 3319 l 9390 3270 l
+ 9402 3223 l 9412 3178 l 9422 3136 l 9431 3097 l 9438 3061 l
+ 9445 3028 l 9451 3000 l 9456 2975 l 9460 2953 l 9464 2936 l
+ 9466 2922 l 9468 2912 l
+ 9471 2897 l gs col1 s gr gr
+
+% arrowhead
+0 slj
+n 9472 3096 m 9465 2929 l 9393 3080 l col1 s
+% Polyline
+2 slj
+gs clippath
+4726 4612 m 4867 4768 l 4928 4713 l 4786 4558 l 4786 4558 l 4866 4706 l 4726 4612 l cp
+eoclip
+n 3238 3997 m 3239 3997 l 3242 3997 l 3247 3998 l 3255 3999 l 3266 4000 l
+ 3281 4002 l 3300 4004 l 3322 4007 l 3347 4011 l 3375 4015 l
+ 3406 4019 l 3439 4024 l 3474 4029 l 3511 4035 l 3549 4042 l
+ 3589 4049 l 3629 4057 l 3671 4066 l 3713 4075 l 3757 4086 l
+ 3802 4097 l 3848 4110 l 3896 4124 l 3946 4139 l 3997 4156 l
+ 4051 4175 l 4105 4196 l 4161 4218 l 4216 4242 l 4274 4269 l
+ 4329 4296 l 4381 4323 l 4428 4349 l 4472 4375 l 4513 4401 l
+ 4550 4426 l 4585 4450 l 4617 4473 l 4647 4497 l 4675 4520 l
+ 4701 4542 l 4726 4564 l 4749 4585 l 4770 4606 l 4790 4626 l
+ 4809 4644 l 4825 4661 l 4840 4677 l 4853 4691 l 4863 4702 l
+ 4872 4712 l 4878 4719 l
+ 4888 4730 l gs col1 s gr gr
+
+% arrowhead
+0 slj
+n 4726 4612 m 4866 4706 l 4786 4558 l 4726 4612 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+gs clippath
+11276 6815 m 11140 6976 l 11202 7028 l 11338 6868 l 11338 6868 l 11202 6966 l 11276 6815 l cp
+eoclip
+n 11243 6502 m 11244 6504 l 11247 6510 l 11252 6518 l 11259 6530 l 11267 6546 l
+ 11276 6563 l 11284 6583 l 11291 6604 l 11298 6627 l 11303 6652 l
+ 11306 6681 l 11307 6713 l 11304 6747 l 11299 6777 l 11292 6805 l
+ 11283 6831 l 11273 6854 l 11263 6876 l 11252 6895 l 11241 6913 l
+ 11229 6930 l 11218 6946 l 11207 6959 l 11198 6971 l
+ 11181 6991 l gs col1 s gr gr
+
+% arrowhead
+0 slj
+n 11276 6815 m 11202 6966 l 11338 6868 l 11276 6815 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+7.500 slw
+ [60] 0 sd
+gs clippath
+8590 6891 m 8487 6844 l 8470 6881 l 8573 6928 l 8573 6928 l 8508 6876 l 8590 6891 l cp
+eoclip
+n 10693 7235 m 10692 7235 l 10690 7235 l 10685 7235 l 10679 7236 l 10669 7236 l
+ 10656 7236 l 10640 7237 l 10621 7238 l 10598 7238 l 10572 7239 l
+ 10544 7240 l 10512 7241 l 10478 7241 l 10442 7242 l 10404 7242 l
+ 10365 7243 l 10324 7243 l 10281 7242 l 10238 7242 l 10194 7241 l
+ 10148 7240 l 10101 7238 l 10052 7236 l 10003 7233 l 9951 7230 l
+ 9898 7226 l 9842 7221 l 9785 7216 l 9725 7209 l 9664 7202 l
+ 9600 7194 l 9536 7184 l 9471 7174 l 9403 7162 l 9337 7150 l
+ 9274 7137 l 9215 7124 l 9159 7110 l 9106 7097 l 9056 7084 l
+ 9010 7071 l 8966 7058 l 8925 7045 l 8885 7032 l 8848 7019 l
+ 8812 7006 l 8778 6993 l 8746 6981 l 8715 6968 l 8685 6956 l
+ 8657 6944 l 8631 6933 l 8607 6922 l 8585 6912 l 8565 6903 l
+ 8548 6895 l 8533 6888 l 8521 6883 l 8511 6878 l 8504 6874 l
+
+ 8493 6869 l gs col1 s gr gr
+ [] 0 sd
+% arrowhead
+0 slj
+n 8590 6891 m 8508 6876 l 8573 6928 l 8590 6891 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+ [60] 0 sd
+gs clippath
+8591 6548 m 8479 6541 l 8476 6582 l 8589 6589 l 8589 6589 l 8509 6564 l 8591 6548 l cp
+eoclip
+n 9898 5647 m 9898 5648 l 9898 5651 l 9898 5655 l 9897 5662 l 9897 5672 l
+ 9896 5685 l 9895 5701 l 9893 5720 l 9891 5742 l 9888 5766 l
+ 9885 5793 l 9881 5821 l 9876 5851 l 9870 5882 l 9863 5913 l
+ 9854 5946 l 9845 5978 l 9833 6011 l 9820 6044 l 9805 6077 l
+ 9788 6111 l 9768 6145 l 9746 6179 l 9719 6213 l 9690 6247 l
+ 9656 6281 l 9619 6315 l 9577 6348 l 9532 6380 l 9487 6407 l
+ 9440 6432 l 9393 6455 l 9346 6475 l 9299 6492 l 9252 6507 l
+ 9206 6520 l 9161 6530 l 9116 6540 l 9072 6547 l 9028 6553 l
+ 8984 6558 l 8941 6562 l 8899 6565 l 8857 6567 l 8816 6569 l
+ 8776 6570 l 8737 6570 l 8700 6570 l 8666 6569 l 8633 6569 l
+ 8604 6568 l 8578 6567 l 8556 6566 l 8537 6565 l 8522 6565 l
+ 8510 6564 l
+ 8493 6563 l gs col1 s gr gr
+ [] 0 sd
+% arrowhead
+0 slj
+n 8591 6548 m 8509 6564 l 8589 6589 l 8591 6548 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+ [60] 0 sd
+gs clippath
+8591 6735 m 8479 6725 l 8476 6765 l 8588 6775 l 8588 6775 l 8509 6748 l 8591 6735 l cp
+eoclip
+n 12465 5647 m 12465 5648 l 12466 5649 l 12466 5651 l 12468 5655 l 12470 5661 l
+ 12472 5668 l 12475 5678 l 12478 5689 l 12482 5703 l 12486 5719 l
+ 12491 5737 l 12495 5757 l 12500 5779 l 12504 5803 l 12508 5828 l
+ 12512 5855 l 12514 5882 l 12516 5911 l 12517 5941 l 12516 5971 l
+ 12514 6002 l 12510 6033 l 12504 6065 l 12496 6096 l 12486 6128 l
+ 12473 6160 l 12457 6192 l 12437 6224 l 12414 6256 l 12388 6287 l
+ 12356 6319 l 12321 6351 l 12280 6383 l 12234 6414 l 12181 6446 l
+ 12123 6477 l 12058 6508 l 11986 6539 l 11908 6568 l 11823 6597 l
+ 11731 6624 l 11659 6643 l 11584 6661 l 11507 6678 l 11428 6693 l
+ 11349 6707 l 11269 6721 l 11189 6732 l 11108 6743 l 11027 6753 l
+ 10947 6762 l 10866 6769 l 10786 6776 l 10706 6782 l 10626 6787 l
+ 10547 6791 l 10468 6795 l 10388 6798 l 10310 6800 l 10231 6801 l
+ 10152 6803 l 10074 6803 l 9996 6803 l 9918 6803 l 9841 6802 l
+ 9764 6801 l 9688 6800 l 9612 6798 l 9537 6796 l 9463 6794 l
+ 9391 6792 l 9320 6789 l 9250 6787 l 9182 6784 l 9117 6781 l
+ 9053 6778 l 8993 6775 l 8935 6772 l 8880 6769 l 8829 6767 l
+ 8781 6764 l 8737 6762 l 8697 6759 l 8661 6757 l 8628 6755 l
+ 8600 6754 l 8575 6752 l 8554 6751 l 8537 6750 l 8523 6749 l
+ 8512 6748 l 8504 6748 l
+ 8493 6747 l gs col1 s gr gr
+ [] 0 sd
+% arrowhead
+0 slj
+n 8591 6735 m 8509 6748 l 8588 6775 l 8591 6735 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+ [60] 0 sd
+gs clippath
+6745 6644 m 6858 6644 l 6858 6603 l 6745 6603 l 6745 6603 l 6827 6624 l 6745 6644 l cp
+eoclip
+n 2077 5647 m 2077 5648 l 2077 5650 l 2076 5653 l 2076 5657 l 2075 5663 l
+ 2075 5670 l 2074 5679 l 2074 5690 l 2074 5702 l 2074 5716 l
+ 2074 5732 l 2075 5750 l 2076 5768 l 2078 5788 l 2081 5810 l
+ 2084 5832 l 2089 5855 l 2095 5880 l 2103 5904 l 2111 5929 l
+ 2122 5955 l 2134 5981 l 2149 6007 l 2166 6034 l 2185 6060 l
+ 2207 6087 l 2232 6113 l 2260 6140 l 2291 6166 l 2327 6193 l
+ 2367 6219 l 2411 6246 l 2460 6273 l 2515 6299 l 2575 6326 l
+ 2641 6352 l 2714 6379 l 2793 6405 l 2879 6430 l 2972 6455 l
+ 3071 6479 l 3177 6502 l 3258 6518 l 3341 6533 l 3425 6547 l
+ 3511 6560 l 3598 6572 l 3685 6584 l 3772 6594 l 3860 6604 l
+ 3947 6612 l 4034 6620 l 4120 6627 l 4206 6634 l 4292 6640 l
+ 4377 6645 l 4462 6649 l 4546 6653 l 4630 6656 l 4714 6659 l
+ 4797 6661 l 4880 6663 l 4963 6664 l 5045 6665 l 5127 6666 l
+ 5208 6666 l 5289 6666 l 5370 6666 l 5450 6665 l 5530 6665 l
+ 5608 6663 l 5686 6662 l 5763 6661 l 5838 6659 l 5912 6657 l
+ 5985 6656 l 6056 6654 l 6124 6652 l 6191 6649 l 6255 6647 l
+ 6316 6645 l 6375 6643 l 6430 6641 l 6483 6639 l 6531 6637 l
+ 6576 6636 l 6618 6634 l 6655 6632 l 6689 6631 l 6719 6630 l
+ 6746 6628 l 6768 6627 l 6787 6627 l 6803 6626 l 6816 6625 l
+ 6825 6625 l 6833 6624 l
+ 6843 6624 l gs col1 s gr gr
+ [] 0 sd
+% arrowhead
+0 slj
+n 6745 6644 m 6827 6624 l 6745 6603 l 6745 6644 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+ [60] 0 sd
+gs clippath
+6748 6778 m 6860 6765 l 6855 6725 l 6743 6737 l 6743 6737 l 6827 6749 l 6748 6778 l cp
+eoclip
+n 733 5647 m 733 5649 l 734 5651 l 735 5654 l 736 5659 l 737 5665 l
+ 740 5674 l 743 5684 l 746 5696 l 750 5711 l 756 5727 l
+ 762 5746 l 769 5766 l 777 5788 l 786 5813 l 797 5838 l
+ 808 5866 l 821 5894 l 836 5924 l 852 5955 l 869 5987 l
+ 888 6019 l 909 6052 l 931 6085 l 956 6119 l 983 6152 l
+ 1012 6186 l 1043 6220 l 1077 6254 l 1114 6287 l 1154 6321 l
+ 1197 6354 l 1244 6387 l 1295 6420 l 1349 6453 l 1409 6486 l
+ 1473 6518 l 1543 6550 l 1618 6582 l 1699 6613 l 1786 6644 l
+ 1880 6674 l 1980 6703 l 2087 6731 l 2200 6758 l 2319 6784 l
+ 2444 6808 l 2538 6824 l 2633 6839 l 2730 6853 l 2828 6865 l
+ 2927 6877 l 3025 6887 l 3124 6896 l 3222 6905 l 3320 6912 l
+ 3418 6918 l 3515 6923 l 3611 6927 l 3707 6931 l 3801 6934 l
+ 3896 6935 l 3989 6937 l 4082 6937 l 4174 6937 l 4266 6936 l
+ 4357 6934 l 4447 6933 l 4537 6930 l 4627 6927 l 4716 6924 l
+ 4805 6920 l 4893 6915 l 4980 6911 l 5067 6906 l 5153 6901 l
+ 5239 6895 l 5324 6889 l 5408 6883 l 5491 6877 l 5573 6870 l
+ 5654 6864 l 5733 6857 l 5811 6851 l 5888 6844 l 5962 6837 l
+ 6034 6830 l 6104 6824 l 6171 6817 l 6236 6811 l 6298 6805 l
+ 6357 6799 l 6413 6793 l 6465 6788 l 6514 6783 l 6560 6778 l
+ 6602 6774 l 6640 6770 l 6674 6766 l 6705 6762 l 6732 6759 l
+ 6756 6757 l 6776 6755 l 6794 6753 l 6808 6751 l 6819 6750 l
+ 6828 6749 l 6834 6748 l
+ 6843 6747 l gs col1 s gr gr
+ [] 0 sd
+% arrowhead
+0 slj
+n 6748 6778 m 6827 6749 l 6743 6737 l 6748 6778 l cp gs col1 1.00 shd ef gr col1 s
+% Polyline
+2 slj
+ [60] 0 sd
+gs clippath
+6745 6522 m 6858 6522 l 6858 6481 l 6745 6481 l 6745 6481 l 6827 6502 l 6745 6522 l cp
+eoclip
+n 3361 5647 m 3361 5648 l 3361 5650 l 3360 5653 l 3360 5657 l 3359 5663 l
+ 3359 5670 l 3358 5678 l 3358 5689 l 3357 5700 l 3357 5714 l
+ 3358 5728 l 3359 5744 l 3360 5762 l 3363 5780 l 3366 5799 l
+ 3370 5819 l 3375 5840 l 3382 5861 l 3390 5882 l 3400 5904 l
+ 3412 5926 l 3425 5949 l 3441 5971 l 3460 5994 l 3481 6017 l
+ 3506 6040 l 3533 6063 l 3565 6086 l 3600 6109 l 3640 6133 l
+ 3685 6156 l 3735 6180 l 3790 6204 l 3851 6227 l 3918 6251 l
+ 3991 6274 l 4070 6297 l 4155 6319 l 4226 6336 l 4299 6352 l
+ 4374 6366 l 4450 6380 l 4526 6393 l 4603 6405 l 4680 6416 l
+ 4756 6426 l 4832 6436 l 4908 6444 l 4983 6452 l 5058 6459 l
+ 5133 6465 l 5207 6470 l 5280 6475 l 5353 6480 l 5426 6484 l
+ 5499 6488 l 5571 6491 l 5643 6493 l 5714 6496 l 5785 6498 l
+ 5855 6499 l 5925 6501 l 5993 6502 l 6061 6503 l 6127 6504 l
+ 6192 6504 l 6255 6505 l 6315 6505 l 6374 6505 l 6430 6505 l
+ 6482 6505 l 6532 6505 l 6578 6505 l 6621 6504 l 6660 6504 l
+ 6695 6504 l 6725 6503 l 6752 6503 l 6775 6503 l 6794 6503 l
+ 6809 6502 l 6821 6502 l 6830 6502 l
+ 6843 6502 l gs col1 s gr gr
+ [] 0 sd
+% arrowhead
+0 slj
+n 6745 6522 m 6827 6502 l 6745 6481 l 6745 6522 l cp gs col1 1.00 shd ef gr col1 s
+/Helvetica-iso ff 165.00 scf sf
+9623 4242 m
+gs 1 -1 sc (OpenPGP) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+9776 4853 m
+gs 1 -1 sc (APDU and ISO-7816 access code) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+9623 5464 m
+gs 1 -1 sc (CCID) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+12220 5464 m
+gs 1 -1 sc (CT-API) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+10957 5464 m
+gs 1 -1 sc (PC/SC) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+10998 4242 m
+gs 1 -1 sc (NKS) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+12067 4242 m
+gs 1 -1 sc (PKCS#15) col0 sh gr
+/Helvetica-Bold-iso ff 225.00 scf sf
+10540 2989 m
+gs 1 -1 sc (SCDaemon) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+10896 6176 m
+gs 1 -1 sc (wrapper) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+458 4242 m
+gs 1 -1 sc (OpenPGP) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+611 4853 m
+gs 1 -1 sc (APDU and ISO-7816 access code) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+458 5464 m
+gs 1 -1 sc (CCID) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+3055 5464 m
+gs 1 -1 sc (CT-API) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+1792 5464 m
+gs 1 -1 sc (PC/SC) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+2291 4058 m
+gs 1 -1 sc (Gluecode) col0 sh gr
+/Helvetica-Bold-iso ff 225.00 scf sf
+1375 2989 m
+gs 1 -1 sc (gpg 1.4) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+5194 5128 m
+gs 1 -1 sc 90.0 rot (Assuan) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+5194 3447 m
+gs 1 -1 sc 90.0 rot (ssh-agent) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+6110 3753 m
+gs 1 -1 sc (Private Key) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+6110 4058 m
+gs 1 -1 sc (Operations) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+6874 4822 m
+gs 1 -1 sc (Card) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+5957 4822 m
+gs 1 -1 sc (Disk) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+7790 3905 m
+gs 1 -1 sc (Cache) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+9776 3294 m
+gs 1 -1 sc 90.0 rot (Assuan) col0 sh gr
+/Helvetica-Bold-iso ff 225.00 scf sf
+7027 881 m
+gs 1 -1 sc (pinentry) col0 sh gr
+/Helvetica-iso ff 150.00 scf sf
+6874 1187 m
+gs 1 -1 sc (\(GTK+, Qt, Curses\)) col0 sh gr
+/Helvetica-iso ff 150.00 scf sf
+11365 392 m
+gs 1 -1 sc (Alternative access paths) col0 sh gr
+/Helvetica-iso ff 150.00 scf sf
+11365 698 m
+gs 1 -1 sc (IPC \(pipe or socket\)) col0 sh gr
+/Helvetica-iso ff 150.00 scf sf
+11365 1003 m
+gs 1 -1 sc (Internal data flow) col0 sh gr
+/Helvetica-Bold-iso ff 225.00 scf sf
+5957 2989 m
+gs 1 -1 sc (gpg-agent) col0 sh gr
+/Helvetica-iso ff 165.00 scf sf
+10998 7297 m
+gs 1 -1 sc (pcsd) col0 sh gr
+% Polyline
+n 7084 6526 m 7069 6526 7069 6731 15 arcto 4 {pop} repeat
+ 7069 6746 7292 6746 15 arcto 4 {pop} repeat
+ 7307 6746 7307 6541 15 arcto 4 {pop} repeat
+ 7307 6526 7084 6526 15 arcto 4 {pop} repeat
+ cp gs col31 1.00 shd ef gr gs col0 s gr
+% Polyline
+n 7234 6691 m
+ 7307 6691 l gs col0 s gr
+% Polyline
+n 7069 6636 m
+ 7143 6636 l gs 0.00 setgray ef gr gs col0 s gr
+% Polyline
+n 7069 6581 m
+ 7143 6581 l gs col0 s gr
+% Polyline
+n 7069 6691 m
+ 7143 6691 l gs col0 s gr
+% Polyline
+n 7143 6526 m
+ 7143 6746 l gs col0 s gr
+% Polyline
+n 7307 6581 m 7234 6581 l
+ 7234 6746 l gs col0 s gr
+% Polyline
+n 7234 6636 m
+ 7307 6636 l gs col0 s gr
+% here ends figure;
+pagefooter
+showpage
+%%Trailer
+%EOF
diff --git a/doc/gnupg-card-architecture.fig b/doc/gnupg-card-architecture.fig
new file mode 100644
index 0000000..0efa362
--- /dev/null
+++ b/doc/gnupg-card-architecture.fig
@@ -0,0 +1,419 @@
+#FIG 3.2 Produced by xfig version 3.2.5-alpha5
+# Copyright 2005 Werner Koch
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+Landscape
+Center
+Metric
+A4
+100.00
+Single
+-2
+1200 2
+0 32 #414541
+0 33 #808080
+0 34 #c0c0c0
+0 35 #c6b797
+0 36 #eff8ff
+0 37 #dccba6
+0 38 #e0e0e0
+0 39 #8e8f8e
+0 40 #aaaaaa
+0 41 #555555
+0 42 #404040
+0 43 #868286
+0 44 #c7c3c7
+0 45 #e7e3e7
+0 46 #8e8e8e
+0 47 #444444
+0 48 #868686
+0 49 #c7c7c7
+0 50 #666666
+0 51 #e2e2ee
+0 52 #94949a
+0 53 #dbdbdb
+0 54 #a1a1b7
+0 55 #9c0000
+0 56 #ededed
+0 57 #86acff
+0 58 #7070ff
+0 59 #bebebe
+0 60 #515151
+0 61 #000049
+0 62 #797979
+0 63 #303430
+0 64 #c7b696
+0 65 #d7d7d7
+0 66 #aeaeae
+0 67 #85807d
+0 68 #d2d2d2
+0 69 #3a3a3a
+0 70 #4573aa
+0 71 #000000
+0 72 #e7e7e7
+0 73 #f7f7f7
+0 74 #d6d7d6
+0 75 #7b79a5
+0 76 #effbff
+0 77 #9e9e9e
+0 78 #717571
+0 79 #73758c
+0 80 #414141
+0 81 #635dce
+0 82 #565151
+0 83 #dd9d93
+0 84 #f1ece0
+0 85 #c3c3c3
+0 86 #e2c8a8
+0 87 #e1e1e1
+0 88 #da7a1a
+0 89 #f1e41a
+0 90 #887dc2
+0 91 #d6d6d6
+0 92 #8c8ca5
+0 93 #4a4a4a
+0 94 #8c6b6b
+0 95 #5a5a5a
+0 96 #636363
+0 97 #b79b73
+0 98 #4193ff
+0 99 #bf703b
+0 100 #db7700
+0 101 #dab800
+0 102 #006400
+0 103 #5a6b3b
+0 104 #d3d3d3
+0 105 #8e8ea4
+0 106 #f3b95d
+0 107 #89996b
+0 108 #646464
+0 109 #b7e6ff
+0 110 #86c0ec
+0 111 #bdbdbd
+0 112 #d39552
+0 113 #98d2fe
+0 114 #8c9c6b
+0 115 #f76b00
+0 116 #5a6b39
+0 117 #8c9c6b
+0 118 #8c9c7b
+0 119 #184a18
+0 120 #adadad
+0 121 #f7bd5a
+0 122 #636b9c
+0 123 #de0000
+0 124 #adadad
+0 125 #f7bd5a
+0 126 #adadad
+0 127 #f7bd5a
+0 128 #636b9c
+0 129 #526b29
+0 130 #949494
+0 131 #006300
+0 132 #00634a
+0 133 #7b844a
+0 134 #e7bd7b
+0 135 #a5b5c6
+0 136 #6b6b94
+0 137 #846b6b
+0 138 #529c4a
+0 139 #d6e7e7
+0 140 #526363
+0 141 #186b4a
+0 142 #9ca5b5
+0 143 #ff9400
+0 144 #ff9400
+0 145 #00634a
+0 146 #7b844a
+0 147 #63737b
+0 148 #e7bd7b
+0 149 #184a18
+0 150 #f7bd5a
+0 151 #dedede
+0 152 #f3eed3
+0 153 #f5ae5d
+0 154 #95ce99
+0 155 #b5157d
+0 156 #eeeeee
+0 157 #848484
+0 158 #7b7b7b
+0 159 #005a00
+0 160 #e77373
+0 161 #ffcb31
+0 162 #29794a
+0 163 #de2821
+0 164 #2159c6
+0 165 #f8f8f8
+0 166 #e6e6e6
+0 167 #21845a
+0 168 #ff9408
+0 169 #007000
+0 170 #d00000
+0 171 #fed600
+0 172 #d82010
+0 173 #003484
+0 174 #d62010
+0 175 #389000
+0 176 #ba0000
+0 177 #003380
+0 178 #00a7bd
+0 179 #ffc500
+0 180 #087bd0
+0 181 #fbc100
+0 182 #840029
+0 183 #07399c
+0 184 #0063bd
+0 185 #39acdf
+0 186 #42c0e0
+0 187 #31ceff
+0 188 #ffde00
+0 189 #085a00
+0 190 #ff2100
+0 191 #f75e08
+0 192 #ef7b08
+0 193 #ff8200
+0 194 #007d00
+0 195 #0000be
+0 196 #757575
+0 197 #f3f3f3
+0 198 #d7d3d7
+0 199 #aeaaae
+0 200 #c2c2c2
+0 201 #303030
+0 202 #515551
+0 203 #f7f3f7
+0 204 #717171
+6 9270 1980 13230 6570
+6 9471 3906 13014 5677
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 10540 4394 10540 3936 9471 3936 9471 4394 10540 4394
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 10387 5616 10387 5158 9471 5158 9471 5616 10387 5616
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 12984 5005 12984 4547 9471 4547 9471 5005 12984 5005
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 12984 5616 12984 5158 12067 5158 12067 5616 12984 5616
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 11701 5627 11701 5168 10784 5168 10784 5627 11701 5627
+4 0 0 50 -1 16 11 0.0000 4 173 835 9623 4242 OpenPGP\001
+4 0 0 50 -1 16 11 0.0000 4 132 2770 9776 4853 APDU and ISO-7816 access code\001
+4 0 0 50 -1 16 11 0.0000 4 132 448 9623 5464 CCID\001
+4 0 0 50 -1 16 11 0.0000 4 132 601 12220 5464 CT-API\001
+4 0 0 50 -1 16 11 0.0000 4 132 560 10957 5464 PC/SC\001
+-6
+6 10693 3906 13014 4394
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 11762 4394 11762 3936 10693 3936 10693 4394 11762 4394
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 12984 4394 12984 3936 11915 3936 11915 4394 12984 4394
+4 0 0 50 -1 16 11 0.0000 4 132 377 10998 4242 NKS\001
+4 0 0 50 -1 16 11 0.0000 4 132 804 12067 4242 PKCS#15\001
+-6
+2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
+ 13137 2072 9318 2072 9318 5739 13137 5739 13137 2072
+2 1 2 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
+ 9318 3753 13137 3753
+2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
+ 11691 6360 10774 6360 10774 5901 11691 5901 11691 6360
+2 1 2 2 0 7 50 -1 -1 4.500 0 0 -1 0 0 1
+ 11762 5739
+2 1 1 2 0 7 50 -1 -1 6.000 0 0 -1 0 0 4
+ 10693 5739 10693 6502 11762 6502 11762 5739
+4 0 0 50 -1 18 15 0.0000 4 183 1293 10540 2989 SCDaemon\001
+4 0 0 50 -1 16 11 0.0000 4 133 662 10896 6176 wrapper\001
+-6
+6 90 1980 4050 5760
+6 306 3906 3849 5677
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 1375 4394 1375 3936 306 3936 306 4394 1375 4394
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 1222 5616 1222 5158 306 5158 306 5616 1222 5616
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 3819 5005 3819 4547 306 4547 306 5005 3819 5005
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 3819 5616 3819 5158 2902 5158 2902 5616 3819 5616
+2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
+ 2536 5627 2536 5168 1619 5168 1619 5627 2536 5627
+4 0 0 50 -1 16 11 0.0000 4 173 835 458 4242 OpenPGP\001
+4 0 0 50 -1 16 11 0.0000 4 132 2770 611 4853 APDU and ISO-7816 access code\001
+4 0 0 50 -1 16 11 0.0000 4 132 448 458 5464 CCID\001
+4 0 0 50 -1 16 11 0.0000 4 132 601 3055 5464 CT-API\001
+4 0 0 50 -1 16 11 0.0000 4 132 560 1792 5464 PC/SC\001
+-6
+6 2139 3753 3208 4211
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 3208 4211 3208 3753 2139 3753 2139 4211 3208 4211
+4 0 0 50 -1 16 11 0.0000 4 132 784 2291 4058 Gluecode\001
+-6
+2 1 2 2 0 7 50 -1 -1 4.500 0 0 -1 0 0 1
+ 2597 5739
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2
+ 1 1 1.00 40.73 81.47
+ 2139 4028 1405 4150
+2 1 2 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 4
+ 153 3753 1833 3753 1833 4364 3972 4364
+2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
+ 3972 2072 153 2072 153 5739 3972 5739 3972 2072
+4 0 0 50 -1 18 15 0.0000 4 224 866 1375 2989 gpg 1.4\001
+-6
+6 4888 4058 5346 5433
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 5346 5433 5346 4058 4888 4058 4888 5433 5346 5433
+4 0 0 50 -1 16 11 1.5708 4 132 611 5194 5128 Assuan\001
+-6
+6 4680 1980 8640 5760
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 5346 3753 5346 2378 4888 2378 4888 3753 5346 3753
+2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
+ 8554 5739 4735 5739 4735 2072 8554 2072 8554 5739
+4 0 0 50 -1 16 11 1.5708 4 173 804 5194 3447 ssh-agent\001
+-6
+6 5805 3447 7332 4975
+6 5957 3447 7179 4211
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 7179 4211 7179 3447 5957 3447 5957 4211 7179 4211
+4 0 0 50 -1 16 11 0.0000 4 173 937 6110 3753 Private Key\001
+4 0 0 50 -1 16 11 0.0000 4 173 896 6110 4058 Operations\001
+-6
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1
+ 7195 4883
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1
+ 7195 4883
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 7332 4975 7332 4517 6721 4517 6721 4975 7332 4975
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2
+ 1 1 1.00 40.73 81.47
+ 1 1 1.00 40.73 81.47
+ 6568 4211 7027 4517
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2
+ 1 1 1.00 40.73 81.47
+ 1 1 1.00 40.73 81.47
+ 6568 4211 6110 4517
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 6416 4975 6416 4517 5805 4517 5805 4975 6416 4975
+4 0 0 50 -1 16 11 0.0000 4 132 397 6874 4822 Card\001
+4 0 0 50 -1 16 11 0.0000 4 132 356 5957 4822 Disk\001
+-6
+6 7638 3600 8401 4058
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 8401 4058 8401 3600 7638 3600 7638 4058 8401 4058
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1
+ 7638 3814
+4 0 0 50 -1 16 11 0.0000 4 132 530 7790 3905 Cache\001
+-6
+6 9471 2225 9929 3600
+2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
+ 9929 3600 9929 2225 9471 2225 9471 3600 9929 3600
+4 0 0 50 -1 16 11 1.5708 4 132 611 9776 3294 Assuan\001
+-6
+6 6480 360 8640 1440
+2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
+ 8554 1339 6568 1339 6568 423 8554 423 8554 1339
+4 0 0 50 -1 18 15 0.0000 4 234 967 7027 881 pinentry\001
+4 0 0 50 -1 16 10 0.0000 4 153 1375 6874 1187 (GTK+, Qt, Curses)\001
+-6
+6 10570 270 13137 1003
+2 1 1 1 1 2 50 -1 -1 4.000 0 0 -1 1 0 2
+ 1 1 1.00 40.73 81.47
+ 10632 331 11181 331
+2 1 0 2 1 2 50 -1 -1 6.000 0 0 -1 1 0 2
+ 1 1 2.00 81.47 162.94
+ 10632 637 11181 637
+2 1 0 1 0 2 50 -1 -1 4.000 0 0 -1 1 0 2
+ 1 1 1.00 40.73 81.47
+ 10632 942 11181 942
+4 0 0 50 -1 16 10 0.0000 4 163 1762 11365 392 Alternative access paths\001
+4 0 0 50 -1 16 10 0.0000 4 163 1426 11365 698 IPC (pipe or socket)\001
+4 0 0 50 -1 16 10 0.0000 4 122 1232 11365 1003 Internal data flow\001
+-6
+# Smartcard ID-1
+6 6840 6120 8550 7200
+6 7069 6526 7307 6746
+2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
+ 7234 6691 7307 6691
+2 1 0 1 0 0 48 -1 20 0.000 0 0 -1 0 0 2
+ 7069 6636 7143 6636
+2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
+ 7069 6581 7143 6581
+2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
+ 7069 6691 7143 6691
+2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
+ 7143 6526 7143 6746
+2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 3
+ 7307 6581 7234 6581 7234 6746
+2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
+ 7234 6636 7307 6636
+2 4 0 1 0 31 49 -1 20 0.000 0 0 1 0 0 5
+ 7069 6526 7307 6526 7307 6746 7069 6746 7069 6526
+-6
+2 4 0 1 -1 7 50 -1 20 0.000 0 0 1 0 0 5
+ 8472 7185 6904 7185 6904 6197 8472 6197 8472 7185
+-6
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2
+ 1 1 1.00 40.73 81.47
+ 5346 3142 5957 3753
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2
+ 1 1 1.00 40.73 81.47
+ 5346 4669 5957 3905
+2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2
+ 1 1 1.00 40.73 81.47
+ 1 1 1.00 40.73 81.47
+ 7179 3814 7638 3814
+2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
+ 11731 7480 10693 7480 10693 6991 11731 6991 11731 7480
+3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3
+ 1 1 2.00 81.47 162.94
+ 8022 3600 8096 2225 7513 1360
+ 0.000 -1.000 0.000
+3 2 0 2 1 2 50 -1 -1 0.000 0 1 0 3
+ 0 0 2.00 81.47 162.94
+ 7332 4730 8737 4486 9471 2897
+ 0.000 -1.000 0.000
+3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3
+ 1 1 2.00 81.47 162.94
+ 3238 3997 4216 4242 4888 4730
+ 0.000 -1.000 0.000
+3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3
+ 1 1 2.00 81.47 162.94
+ 11243 6502 11304 6747 11181 6991
+ 0.000 -1.000 0.000
+3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
+ 1 1 1.00 40.73 81.47
+ 10693 7235 9471 7174 8493 6869
+ 0.000 -1.000 0.000
+3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
+ 1 1 1.00 40.73 81.47
+ 9898 5647 9532 6380 8493 6563
+ 0.000 -1.000 0.000
+3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
+ 1 1 1.00 40.73 81.47
+ 12465 5647 11731 6624 8493 6747
+ 0.000 -1.000 0.000
+3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
+ 1 1 1.00 40.73 81.47
+ 2077 5647 3177 6502 6843 6624
+ 0.000 -1.000 0.000
+3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
+ 1 1 1.00 40.73 81.47
+ 733 5647 2444 6808 6843 6747
+ 0.000 -1.000 0.000
+3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
+ 1 1 1.00 40.73 81.47
+ 3361 5647 4155 6319 6843 6502
+ 0.000 -1.000 0.000
+4 0 0 50 -1 18 15 0.0000 4 214 1191 5957 2989 gpg-agent\001
+4 0 0 50 -1 16 11 0.0000 4 173 387 10998 7297 pcsd\001
diff --git a/doc/gnupg-card-architecture.pdf b/doc/gnupg-card-architecture.pdf
new file mode 100644
index 0000000..dac8c4c
--- /dev/null
+++ b/doc/gnupg-card-architecture.pdf
Binary files differ
diff --git a/doc/gnupg-card-architecture.png b/doc/gnupg-card-architecture.png
new file mode 100644
index 0000000..860bbb9
--- /dev/null
+++ b/doc/gnupg-card-architecture.png
Binary files differ
diff --git a/doc/gnupg-logo.eps b/doc/gnupg-logo.eps
new file mode 100644
index 0000000..d428f23
--- /dev/null
+++ b/doc/gnupg-logo.eps
@@ -0,0 +1,2704 @@
+%!PS-Adobe-3.0 EPSF-3.0
+%%Creator: (ImageMagick)
+%%Title: (gnupg-logo.eps)
+%%CreationDate: (Thu Mar 8 17:48:33 2007)
+%%BoundingBox: 0 0 118 38
+%%HiResBoundingBox: 0 0 118.11 38
+%%DocumentData: Clean7Bit
+%%LanguageLevel: 1
+%%Pages: 1
+%%EndComments
+
+%%BeginDefaults
+%%EndDefaults
+
+%%BeginProlog
+%
+% Display a color image. The image is displayed in color on
+% Postscript viewers or printers that support color, otherwise
+% it is displayed as grayscale.
+%
+/DirectClassPacket
+{
+ %
+ % Get a DirectClass packet.
+ %
+ % Parameters:
+ % red.
+ % green.
+ % blue.
+ % length: number of pixels minus one of this color (optional).
+ %
+ currentfile color_packet readhexstring pop pop
+ compression 0 eq
+ {
+ /number_pixels 3 def
+ }
+ {
+ currentfile byte readhexstring pop 0 get
+ /number_pixels exch 1 add 3 mul def
+ } ifelse
+ 0 3 number_pixels 1 sub
+ {
+ pixels exch color_packet putinterval
+ } for
+ pixels 0 number_pixels getinterval
+} bind def
+
+/DirectClassImage
+{
+ %
+ % Display a DirectClass image.
+ %
+ systemdict /colorimage known
+ {
+ columns rows 8
+ [
+ columns 0 0
+ rows neg 0 rows
+ ]
+ { DirectClassPacket } false 3 colorimage
+ }
+ {
+ %
+ % No colorimage operator; convert to grayscale.
+ %
+ columns rows 8
+ [
+ columns 0 0
+ rows neg 0 rows
+ ]
+ { GrayDirectClassPacket } image
+ } ifelse
+} bind def
+
+/GrayDirectClassPacket
+{
+ %
+ % Get a DirectClass packet; convert to grayscale.
+ %
+ % Parameters:
+ % red
+ % green
+ % blue
+ % length: number of pixels minus one of this color (optional).
+ %
+ currentfile color_packet readhexstring pop pop
+ color_packet 0 get 0.299 mul
+ color_packet 1 get 0.587 mul add
+ color_packet 2 get 0.114 mul add
+ cvi
+ /gray_packet exch def
+ compression 0 eq
+ {
+ /number_pixels 1 def
+ }
+ {
+ currentfile byte readhexstring pop 0 get
+ /number_pixels exch 1 add def
+ } ifelse
+ 0 1 number_pixels 1 sub
+ {
+ pixels exch gray_packet put
+ } for
+ pixels 0 number_pixels getinterval
+} bind def
+
+/GrayPseudoClassPacket
+{
+ %
+ % Get a PseudoClass packet; convert to grayscale.
+ %
+ % Parameters:
+ % index: index into the colormap.
+ % length: number of pixels minus one of this color (optional).
+ %
+ currentfile byte readhexstring pop 0 get
+ /offset exch 3 mul def
+ /color_packet colormap offset 3 getinterval def
+ color_packet 0 get 0.299 mul
+ color_packet 1 get 0.587 mul add
+ color_packet 2 get 0.114 mul add
+ cvi
+ /gray_packet exch def
+ compression 0 eq
+ {
+ /number_pixels 1 def
+ }
+ {
+ currentfile byte readhexstring pop 0 get
+ /number_pixels exch 1 add def
+ } ifelse
+ 0 1 number_pixels 1 sub
+ {
+ pixels exch gray_packet put
+ } for
+ pixels 0 number_pixels getinterval
+} bind def
+
+/PseudoClassPacket
+{
+ %
+ % Get a PseudoClass packet.
+ %
+ % Parameters:
+ % index: index into the colormap.
+ % length: number of pixels minus one of this color (optional).
+ %
+ currentfile byte readhexstring pop 0 get
+ /offset exch 3 mul def
+ /color_packet colormap offset 3 getinterval def
+ compression 0 eq
+ {
+ /number_pixels 3 def
+ }
+ {
+ currentfile byte readhexstring pop 0 get
+ /number_pixels exch 1 add 3 mul def
+ } ifelse
+ 0 3 number_pixels 1 sub
+ {
+ pixels exch color_packet putinterval
+ } for
+ pixels 0 number_pixels getinterval
+} bind def
+
+/PseudoClassImage
+{
+ %
+ % Display a PseudoClass image.
+ %
+ % Parameters:
+ % class: 0-PseudoClass or 1-Grayscale.
+ %
+ currentfile buffer readline pop
+ token pop /class exch def pop
+ class 0 gt
+ {
+ currentfile buffer readline pop
+ token pop /depth exch def pop
+ /grays columns 8 add depth sub depth mul 8 idiv string def
+ columns rows depth
+ [
+ columns 0 0
+ rows neg 0 rows
+ ]
+ { currentfile grays readhexstring pop } image
+ }
+ {
+ %
+ % Parameters:
+ % colors: number of colors in the colormap.
+ % colormap: red, green, blue color packets.
+ %
+ currentfile buffer readline pop
+ token pop /colors exch def pop
+ /colors colors 3 mul def
+ /colormap colors string def
+ currentfile colormap readhexstring pop pop
+ systemdict /colorimage known
+ {
+ columns rows 8
+ [
+ columns 0 0
+ rows neg 0 rows
+ ]
+ { PseudoClassPacket } false 3 colorimage
+ }
+ {
+ %
+ % No colorimage operator; convert to grayscale.
+ %
+ columns rows 8
+ [
+ columns 0 0
+ rows neg 0 rows
+ ]
+ { GrayPseudoClassPacket } image
+ } ifelse
+ } ifelse
+} bind def
+
+/DisplayImage
+{
+ %
+ % Display a DirectClass or PseudoClass image.
+ %
+ % Parameters:
+ % x & y translation.
+ % x & y scale.
+ % label pointsize.
+ % image label.
+ % image columns & rows.
+ % class: 0-DirectClass or 1-PseudoClass.
+ % compression: 0-none or 1-RunlengthEncoded.
+ % hex color packets.
+ %
+ gsave
+ /buffer 512 string def
+ /byte 1 string def
+ /color_packet 3 string def
+ /pixels 768 string def
+
+ currentfile buffer readline pop
+ token pop /x exch def
+ token pop /y exch def pop
+ x y translate
+ currentfile buffer readline pop
+ token pop /x exch def
+ token pop /y exch def pop
+ currentfile buffer readline pop
+ token pop /pointsize exch def pop
+ /Times-Roman findfont pointsize scalefont setfont
+ x y scale
+ currentfile buffer readline pop
+ token pop /columns exch def
+ token pop /rows exch def pop
+ currentfile buffer readline pop
+ token pop /class exch def pop
+ currentfile buffer readline pop
+ token pop /compression exch def pop
+ class 0 gt { PseudoClassImage } { DirectClassImage } ifelse
+ grestore
+} bind def
+%%EndProlog
+%%Page: 1 1
+%%PageBoundingBox: 0 0 118 38
+userdict begin
+DisplayImage
+0 0
+118.11 38.189
+12.000000
+300 97
+0
+0
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFFBFE3F675C3EC33A7E30795DE008EDB008CDB
+008DDB008FDC0092DD0093DD0093DD0093DD0093DD0091DC008FDC008DDB008CDB008EDB
+0996DE38AAE47AC5EDC3E5F7FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEBF7FC91CFF031A6E30090DC008CDB008FDC0092DD0093DD0093DD
+0093DD0092DD0091DC0090DC0090DC008FDC0090DC0091DC0091DD0092DD0093DD0093DD
+0092DD008FDC008CDB0091DC35A8E397D2F1F0F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFEDF8FD81C8EE1B9DE0008CDB008FDC0093DD0093DD0093DD0091DD008FDC008DDB
+008DDB0092DD0E99DF1B9EE126A3E22AA5E320A1E11A9EE00A97DE0091DC008DDB008DDB
+008FDC0092DD0093DD0092DD008FDC008DDB229FE189CCEFF1F9FDFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+A1D7F2239FE1008CDB0090DC0093DD0093DD0092DD008EDC008DDB0C97DE37A9E474C3EC
+A4D7F3C8E7F8E6F4FCF4FAFDFCFEFFFFFFFFFEFFFFFCFEFFEBF7FCCDEAF8A5D8F370C2EC
+32A7E30895DE008DDB008FDC0093DD0093DD0090DC008CDB28A2E2ACDBF4FFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDEF1FB4CB2E6
+008EDB008FDC0093DD0093DD0092DD008DDB0091DC3FACE597D2F1DFF1FBFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFF7FBFEE7F4FCD5EDF9CBE9F8C4E5F7CFEAF8DDF1FAEEF8FD
+EFF8FDD6EDF995D1F140ADE50593DD008FDC0093DD0093DD008FDC008EDC56B6E8E6F5FC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB1DEF51A9CE0008CDB
+0093DD0093DD0093DD008EDB0493DD55B5E8C3E5F7FFFFFFFFFFFFFFFFFFFFFFFFF9FDFE
+CDE9F89BD4F165BDEA38AAE41F9FE10D98DF0294DD0091DC008FDC0091DC0193DD0B97DE
+1D9FE13AABE468BFEB8DCEF07AC5ED39A9E40A95DE0092DD0093DD0092DD008CDB229FE0
+BBE2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8ACDEF0090DC0090DC0093DD
+0093DD0091DC008DDB44AEE6C7E7F8FFFFFFFFFFFFFFFFFFFFFFFFC9E7F871C2EC2AA3E2
+0192DD008DDB008DDB008FDC0090DC0091DC0092DD0092DD0093DD0092DD0092DD0091DD
+0090DC008FDC008DDB008EDB0996DE23A2E2189DE00192DD0093DD0093DD0093DD008FDC
+0592DD96D2F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF73C3EC008DDB0091DD0093DD0093DD
+008EDB1198DF96D2F1FFFFFFFFFFFFFFFFFFF6FBFE9FD6F241ADE50092DD008CDB008FDC
+0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0092DD0091DC0092DD0093DD0093DD0093DD0093DD0093DD
+0091DC008EDC82CAEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6CC0EB008BDB0092DD0093DD0093DD008CDB
+34A7E3D3ECF9FFFFFFFFFFFFFFFFFFA4D8F22BA3E2008DDB008EDB0092DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0092DD008DDB7CC8EDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF78C6ED008DDB0092DD0093DD0093DD008CDB55B6E8
+F0F9FDFFFFFFFFFFFFC9E8F842ADE5008EDB008FDC0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0092DD008DDB89CDEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF9AD4F1008EDB0092DD0093DD0093DD008CDB61BCEAFCFEFF
+FFFFFFFEFFFF87CBEF0894DD008DDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0092DD008FDCA6D9F3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFC4E6F70793DD0091DC0093DD0093DD008CDB5AB9E9FEFEFFFFFFFF
+E6F5FC4BB1E7008CDB0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0090DC0D96DED2ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFF0F9FD28A3E2008EDB0093DD0093DD008DDB40AEE5F8FCFEFFFFFFD3ECF9
+29A2E2008CDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0092DD0090DC008FDC008DDB008DDB008DDB008DDB008FDC0091DC0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD008DDB33A8E4F7FBFEFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF68BFEB008BDB0093DD0093DD008FDC1D9EE1E6F4FCFFFFFFC8E8F8179ADF
+008EDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008CDB
+0091DC1B9EE139ABE454B6E86AC0EB68BFEB52B6E837AAE4199DE00090DC008CDB0090DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD008CDB7EC8EEFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFC5E6F70191DC0092DD0093DD0092DD0190DCB8E1F6FFFFFFC9E9F81499DF008FDB
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008EDC2EA6E380C8EE
+C3E5F7F0F8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEEF8FDBDE3F679C5ED29A3E2
+008EDB008FDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0091DC0894DED2ECF9FFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FEFFFF3FAEE5008DDB0093DD0093DD008CDB65BEEAFFFFFFD9EFFA189BDF008EDC0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0091DD008DDB2FA5E3A7D9F3F9FDFEFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFE
+A0D6F229A3E2008CDB0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB4CB4E7FFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+B3DFF5008FDB0093DD0093DD0090DC189CE0ECF7FCF0F9FD2FA6E3008EDB0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD008FDC0693DD85CBEEF5FBFEFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFF2FAFD79C6ED0291DD0090DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0291DCC3E6F7FFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFEFF
+3AACE5008EDB0093DD0093DD008CDB8DCFF0FFFFFF56B7E8008CDB0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008EDB1A9CE0BDE3F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFB3DFF51298DF008FDC0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB4EB4E7FFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC8E7F8
+0191DC0092DD0093DD0090DC189DE0F9FCFEA2D8F3008DDB0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD008EDC1F9EE0D5EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFCDEAF8199CE0008FDC0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0493DDD1ECF9FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF65BEEB
+008CDB0093DD0093DD008CDB80C9EEEDF7FD1199DF0090DC0093DD0093DD0093DD0093DD
+0093DD0093DD0090DC1398DFD1ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC3E6F70B95DD0091DC0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB78C6EDFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F8FD179DE0
+0090DC0093DD0092DD0594DEE4F3FB60BCEA008CDB0093DD0093DD0093DD0093DD0093DD
+0093DD0092DD008FDCACDCF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FD7F2008EDB0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC29A5E3F9FCFE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB4DFF5008FDC
+0093DD0093DD008EDB49B2E7CBE9F80492DD0092DD0093DD0093DD0093DD0093DD0093DD
+0093DD008DDB64BDEBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF51B5E8008DDB0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DCC8E8F8
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6AC0EB008CDB
+0093DD0093DD008DDB8DCFF057B8E9008DDB0093DD0093DD0093DD0093DD0093DD0093DD
+0091DC1199DFE7F5FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDBEFFA0B96DE0091DC0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB7FC9EE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF36AAE4008FDC
+0093DD0093DD0694DD85CBEF0996DE0092DD0093DD0093DD0093DD0093DD0093DD0093DD
+008CDB75C5ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF69BFEB008CDB0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008EDB46B0E7
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0091DC23A2E252B6E8008EDC0093DD0093DD0093DD0093DD0093DD0093DD0092DD
+0895DDD9EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD0EBF90493DD0092DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0090DC189DE0
+F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC6E7F70091DD0093DD
+0093DD0091DC1FA0E1169CE00091DC0093DD0093DD0093DD0093DD0093DD0093DD008EDB
+40AEE6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDFEFF2EA7E3008FDC0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0394DD
+D2ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA5D9F3008EDB0093DD
+0093DD0093DD0294DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB
+89CDEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF72C3EC008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC
+B8E1F5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8CCFF0008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC
+BAE2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA8DAF3008EDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008EDB
+9FD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF77C5ED008CDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0495DE
+D4EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC8E8F80092DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008DDB
+8CCFF0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6AC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC0C99DF
+E4F3FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDBF0FB0797DE0092DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F4FC0E99DF0092DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEEF7FD139BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6DC1EB008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC129BDF
+F1F8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1F8FD129BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB
+7FC9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFF7FBFEF4FAFDF4FAFEF4FAFEF4FAFE66BEEA008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC119BDF
+E3F3FCF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFE
+F4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFE
+F4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEF4FAFEE3F3FC119BDF0091DC
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0087D9
+80C9EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF58B8E91E9BDF1EA0E11EA0E11EA0E10D98DF0092DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0294DD
+1C9FE11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E1
+1EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E1
+1EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11EA0E11C9FE10294DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD008EDB008FDC58B7E8
+E3F3FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FBB6E0F591D0F071C2EC
+53B5E841AEE637AAE436AAE436A9E43FADE554B6E872C3EC91D0F0B5DFF5DDF0FAFCFDFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFEFEFFE0F2FBDDF0FADDF1FADDF1FADDF1FADDF1FADDF1FADDF1FADDF1FADDF1FA
+DDF1FADDF1FADDF1FADDF1FADDF1FADDF0FAE5F4FBEEF8FDF6FBFEFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FBB7E0F593D0F071C2EC53B5E8
+41AEE536AAE436AAE436A9E43EADE553B6E870C2EC90D0F0B6DFF5DEF1FBFCFDFEFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF3DADE5008BDA0090DC0090DC0090DC0092DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC
+0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC
+0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0090DC0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008EDB37A8E4B1DEF4FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFEFFFFC7E7F780C8EE39AAE40E98DF008FDC008DDB008CDB
+008DDB008EDB008FDC008FDC008FDC008EDB008DDB008CDB008DDB008FDC0A96DE2CA4E2
+62BCEAA2D7F2DAEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFDFEFF3FADE60993DD0997DE0997DE0997DE0997DE0997DE0997DE0997DE0997DE
+0997DE0997DE0997DE0997DE0997DE0996DE0D99DF159BE023A1E13AABE467BEEAA2D6F2
+DBEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFC7E7F77FC7EE37A9E40F98DF008FDC008DDB008CDB008DDB
+008EDB008FDC008FDC008FDC008EDC008DDB008CDB008DDB008FDC0A97DE2CA4E260BBEA
+A4D7F3DAEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0092DD008EDB008DDB2EA5E3A1D6F2FCFEFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFF9FDFEA1D7F238A9E40091DC008CDB008FDC0091DC0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC
+008DDB008DDB0895DE40ACE590CFF0EBF6FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF58B8E9008BDA0092DD0092DD0092DD0092DD0092DD0092DD0092DD0092DD
+0092DD0092DD0092DD0092DD0092DD0092DD0091DC0091DC0090DC008FDC008DDB008DDB
+0995DE4CB2E7B4DFF5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFF9FDFEA1D6F239A9E40091DC008CDB008FDC0091DC0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC008DDB
+008DDB0996DE3FACE591D0F0ECF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0091DC008DDB0090DC3DABE4A1D7F2F8FCFEFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFAFDDF434A7E3008DDB008EDC0092DD0093DD0093DD0093DD0093DD0092DD0090DC
+008EDB008DDB008CDB008DDB008DDB008CDB008DDB008EDB0090DC0092DD0093DD0093DD
+0093DD0093DD0092DD008EDB0089D99DD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF62BCEA008DDB0093DD0093DD0093DD0093DD0093DD0093DD0091DC008DDB
+008DDB008DDB008DDB008DDB008DDB008EDB0090DC0092DD0093DD0093DD0093DD0093DD
+0092DD008DDB008FDC4CB1E7D1ECF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+B0DDF535A7E3008DDB008EDC0092DD0093DD0093DD0093DD0093DD0092DD0090DC008EDB
+008DDB008CDB008DDB008DDB008CDB008DDB008EDB0090DC0092DD0093DD0093DD0093DD
+0093DD0092DD008EDC0089D9A8DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DC
+008DDB008DDB1A9CE061BAEAC0E4F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF8FC
+63BCEA008EDC008EDC0093DD0093DD0093DD0093DD0093DD0091DD008DDB0090DC22A1E1
+4BB3E76FC2EC86CCEF94D2F194D2F186CCEF6DC1EB4AB2E722A1E10092DD008CDB008FDC
+0093DD0093DD0093DD0093DD008EDB9DD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0091DC25A3E261BCEA
+61BCEA61BCEA61BCEA61BCEA5BBAE944AFE621A1E10090DC008DDB0092DD0093DD0093DD
+0093DD0093DD0093DD008CDB1097DEABDBF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFECF7FD63BBEA
+008FDC008EDC0093DD0093DD0093DD0093DD0093DD0091DD008DDB0091DC22A1E14AB2E7
+6EC1EB87CCEF94D2F194D2F185CBEF6CC0EB4AB2E723A1E10092DD008CDB008FDC0093DD
+0093DD0093DD0093DD008EDBA8DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0090DC008CDB008EDB1299DF
+50B4E7A3D7F2ECF7FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD5EDF92BA4E2
+008CDB0092DD0093DD0093DD0093DD0093DD0092DD008DDB0C96DE63BCEABDE3F6F5FBFE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFEC7E7F780C8EE2BA4E2
+008FDC008EDB0092DD0093DD008EDB9ED6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB66BEEBFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4FAFDBDE3F655B6E80090DC0090DC0093DD
+0093DD0093DD0093DD0093DD0090DC008FDCA0D7F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD6EEFA2DA4E2008BDB
+0092DD0093DD0093DD0093DD0093DD0093DD008DDB0B96DE63BCE9BEE3F6F5FBFEFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFEC8E7F782C9EE2CA4E2008FDC
+008EDB0092DD0093DD008EDBA9DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0092DD008FDC008DDB008DDB0494DD2AA4E268BEEAA6D9F3E6F4FB
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFE9F6FC93D1F1FEFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC2E6F71A9BE0008EDB
+0093DD0093DD0093DD0093DD0093DD0091DC008FDC5CB9E9D6EEFAFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FCFE
+B1DEF549B0E60090DC008EDB008EDB9ED6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAEDCF41499DF008FDC
+0093DD0093DD0093DD0093DD0093DD0090DC0894DDC6E7F8FFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC8E8F81A9BDF008EDB0093DD
+0093DD0093DD0093DD0093DD0091DC008FDC5AB8E8D4ECF9FFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FCFEB1DEF5
+49B0E60090DC008EDB008EDBA9DAF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DC008FDC
+008DDB008DDB008FDC0996DE2DA6E35FBAE99BD4F1D3ECF9F9FCFEFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFF4FAFD3AAAE440AEE6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD0ECF91399DF008EDC0093DD
+0093DD0093DD0093DD0093DD008FDC0B95DE9ED5F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFB5DFF536A8E30087D99AD4F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC6E7F80F96DE
+0091DC0093DD0093DD0093DD0093DD0093DD008EDB2CA6E3F6FBFEFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCEEBF9169ADF008EDB0093DD0093DD
+0093DD0093DD0093DD0090DC0A95DE9FD6F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFB7E0F537A8E40087D9A5D8F3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0092DD0091DC0090DC008FDC008EDB008DDB008DDB008EDB0394DD199DE035A9E4
+60BBE98ECEF0B8E1F6DCF0FAFCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFEEF8FD43AEE60087D951B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE3F3FB209FE1008EDB0093DD0093DD
+0093DD0093DD0093DD008FDC1399DEC0E5F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFF9FDFE84C9EEAADBF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF99D4F2
+008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDBA2D8F2FFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FB209FE1008EDB0093DD0093DD0093DD
+0093DD0093DD0090DC0F97DEBBE2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFAFDFE85CAEEB3DFF5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0092DD0091DC008FDC008EDB008DDB008DDB008CDB008DDB008EDB
+0090DC0495DD0E99DF1E9FE131A7E34AB2E76FC2EC91D0F0B0DDF4D3ECF9F0F8FDFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFE4F4FC36A8E3008CDB008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDFEFF48B1E7008CDB0093DD0093DD0093DD
+0093DD0093DD0091DC0793DDBDE3F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFF
+2FA7E3008FDC0093DD0093DD0093DD0093DD0093DD008EDB3AACE5FEFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDFEFF4AB2E7008CDB0093DD0093DD0093DD0093DD
+0093DD0091DC0692DDB9E2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0090DC
+008EDB008CDB008EDC0294DD139BDF2CA5E342AFE659B8E969BFEB7CC7ED91D0F0ACDBF4
+C3E5F7D5EDF9E6F4FCF4FAFDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+CDEAF924A0E1008DDB0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8ECFF0008CDB0093DD0093DD0093DD0093DD
+0093DD0093DD008DDB94D2F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FDFEE1F2FBC7E7F7BDE3F6BDE3F6
+C0E4F6D7EEF9F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+93D1F0008DDB0093DD0093DD0093DD0093DD0093DD0092DD0795DEDBF0FAFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8CCFF0008CDB0093DD0093DD0093DD0093DD0093DD
+0093DD008DDB92D1F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0090DC008CDB0090DC1C9EE0
+4AB1E778C5EDAFDCF4D2EBF9EBF6FCFCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDCF4
+1398DF008EDB0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE0F2FB0F98DF0090DC0093DD0093DD0093DD0093DD
+0093DD008DDB4CB3E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEAF6FC9ED6F29ED6F29ED6F29ED6F29ED6F29ED6F29ED4F1D7EEFA
+FFFFFFFFFFFFFFFFFFFFFFFFF4FBFEAEDCF45DB9E928A3E20B97DE0091DC008FDC008FDC
+008FDC0695DE1A9DE044AFE691CFF0E0F2FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE7F5FC9ED5F29ED6F29ED6F2
+9ED6F29ED6F29ED6F29ED4F1B6E0F5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB9E1F69ED4F19ED6F29ED6F2
+9ED6F29ED6F29ED6F29ED4F2DEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+D4EDF90594DD0092DD0093DD0093DD0093DD0093DD0093DD008EDCA9DBF3FFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFE4F3FB1099DF0090DC0093DD0093DD0093DD0093DD0093DD
+008DDB49B2E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0091DC008DDB0090DC2AA3E275C4ECBDE3F6F1F9FD
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF7FC8EE0090DC
+0090DC0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6BC1EB008CDB0093DD0093DD0093DD0093DD0093DD
+0092DC0A95DDD8EEFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFDBF0FA0092DD008CDB008EDB008EDB008EDB008EDB0087D98FD0F0
+FFFFFFFFFFFFFFFFFFA1D7F32AA2E2008EDB008DDB0090DC0091DD0092DD0093DD0093DD
+0093DD0092DD0091DC008EDB008CDB1198DF7FC8EEF7FCFEFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD1EBF9008FDC008CDB008EDB
+008EDB008EDB008EDB0087D953B6E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF57B8E90087D9008EDB008EDB
+008EDB008EDB008DDB008CDBC4E6F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+F6FBFE1EA0E10090DC0093DD0093DD0093DD0093DD0093DD008CDB88CDEFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF6BC0EB008CDB0093DD0093DD0093DD0093DD0093DD0091DC
+0995DED6EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0091DC008CDB0D97DE60BAE9B8E0F5F9FCFEFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDDF1FA49B0E6008DDB0092DD
+0093DD0093DD0093DD0093DD008ADA4DB3E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFE1F3FB0D98DF0091DD0093DD0093DD0093DD0093DD0093DD
+008CDB66BFEAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEEF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB93D2F1
+FFFFFFF6FBFE5DBAE9008DDB008FDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0091DC008BDB3BAAE4E1F2FBFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE8F5FC0F9ADF0091DC0093DD
+0093DD0093DD0093DD008DDB71C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7BC7ED008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FEFFFF33A9E4008FDC0093DD0093DD0093DD0093DD0093DD008DDB72C3ECFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFE2F2FB0C97DE0091DC0093DD0093DD0093DD0093DD0093DD008DDB
+65BEEBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0092DD008DDB0D96DE71C1ECDBEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA4D8F31A9BDF008DDB0093DD0093DD
+0093DD0093DD008FDC008EDB1C9ADF6ABFEBFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF84CBEE008CDB0093DD0093DD0093DD0093DD0093DD0092DD
+0492DDCEEAF8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB98D4F1
+FFFFFF50B4E7008BDA0092DD0093DD0093DD0093DD0092DD0092DD0092DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD008CDB2AA3E2E7F5FCFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEEF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF81C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFF37ABE4008FDC0093DD0093DD0093DD0093DD0093DD008DDB69BFEBFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFF84CBEF008CDB0093DD0093DD0093DD0093DD0093DD0092DD0393DD
+CFEAF8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0093DD0093DD
+008FDC0091DC63BCEAD9EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDDF1FB57B7E8008EDB0090DC0093DD0093DD0093DD
+0090DC008DDB33A7E3A5D8F3F1F9FDACDCF4FDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFBFDFF2CA6E3008FDC0093DD0093DD0093DD0093DD0093DD008FDB
+32A8E4FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDBA1D8F2
+83CAEE008BDA0093DD0093DD008FDC008DDB008EDB0091DC0093DD0091DC008EDB008DDB
+0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD008BDA4EB4E7FFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FEFFFF33A9E4008FDC0093DD0093DD0093DD0093DD0093DD008CDB73C3ECFFFFFFFFFFFF
+FFFFFFFFFFFFFEFEFF31A8E4008FDC0093DD0093DD0093DD0093DD0093DD008FDC2BA6E3
+FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0093DD0092DD008CDB
+2AA3E2B7E0F5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFF6FBFE8DCEEF1499DF008CDB0092DD0093DD0093DD0091DC008CDB
+209EE097D2F1F9FCFEFFFFFFC6E7F756B7E9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFD4ECF90394DD0092DD0093DD0093DD0093DD0093DD0093DD008CDB
+6EC1ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0092DD45B0E6
+0695DE0092DD0090DC008FDC31A7E37DC7EEADDCF4C6E7F7CDEAF8C5E6F7A7D9F368BEEB
+189CE0008DDB0093DD0093DD0093DD0093DD0093DD0093DD0092DD008FDCBAE2F6FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+F7FCFE21A1E20090DC0093DD0093DD0093DD0093DD0093DD008DDB8BCEEFFFFFFFFFFFFF
+FFFFFFFFFFFFD3ECF90493DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0093DD0091DC008EDB66BDEA
+F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFEFFFFA5D8F32CA3E2008DDB0091DC0093DD0093DD0092DD008CDB0B95DE78C5EC
+ECF7FCFFFFFFFFFFFFF8FCFE2BA4E245B0E6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFF91D0F1008CDB0093DD0093DD0093DD0093DD0093DD0093DD008EDB
+B0DDF5FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD0091DC
+0092DD008EDB1D9DE0ACDBF4FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+E8F5FC65BDEA008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB52B6E8FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+D9EFFA0695DD0092DD0093DD0093DD0093DD0093DD0093DD008EDBACDCF4FFFFFFFFFFFF
+FFFFFFFFFFFF95D2F1008DDB0093DD0093DD0093DD0093DD0093DD0093DD008EDBACDCF4
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD0093DD0090DC0793DD97D3F1FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FDFE
+ABDBF43BABE4008EDB008FDC0093DD0093DD0093DD008EDB0091DC54B5E7D2ECF9FFFFFF
+FFFFFFFFFFFFFFFFFF79C7ED0087D951B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFF57B8E9008DDB0093DD0093DD0093DD0093DD0093DD0092DD0696DE
+DBEFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD0093DD
+008FDC229FE1D8EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF66BEEA008DDB0093DD0093DD0093DD0093DD0093DD0090DC189EE0F2F9FD
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+9AD4F1008DDB0093DD0093DD0093DD0093DD0093DD0092DD0896DEDDF1FBFFFFFFFFFFFF
+FFFFFFFFFFFF56B7E8008DDB0093DD0093DD0093DD0093DD0093DD0092DD0796DEDAEFFA
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB0093DD008FDB1399DFB8E1F6FFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEAF6FC96D1F02FA5E3
+008EDB008EDC0093DD0093DD0092DD008DDB008EDB44AEE5BDE3F6FFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFA9DBF3008FDC008CDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFBFDFF2BA5E3008FDC0093DD0093DD0093DD0093DD0093DD0090DC1FA0E1
+F6FBFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD0092DC
+0894DDC8E8F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFEEF7FD189DE00090DC0093DD0093DD0093DD0093DD0092DD0495DED6EDFA
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+3BACE5008EDB0093DD0093DD0093DD0093DD0093DD008EDB3DADE5FFFFFFFFFFFFFFFFFF
+FFFFFFFCFEFF2BA6E3008FDC0093DD0093DD0093DD0093DD0093DD0090DC23A2E2F9FCFE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008EDB008FDC169ADFC7E8F8FFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FCFEBBE2F66BBFEB189CE0008DDB008FDC
+0093DD0092DD0090DC008CDB0292DD47AFE6AEDCF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFCEEBF90F97DE0090DC008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFE6F4FC0D99DF0091DC0093DD0093DD0093DD0093DD0093DD008EDB42AFE6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD008DDB
+61BCEAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFF6BC0EC008DDB0093DD0093DD0093DD0093DD0093DD0090DCC1E5F7
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB7E1F5
+0190DC0093DD0093DD0093DD0093DD0093DD0093DD008DDBA2D7F2FFFFFFFFFFFFFFFFFF
+FFFFFFEAF6FD129BDF0091DC0093DD0093DD0093DD0093DD0093DD008EDB3CACE5FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF42AFE6008ADA1198DECAE9F8FFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEFF8FDB7E0F571C2EC28A2E20090DC008CDB0090DC0091DC008EDB
+008DDB0091DC27A2E273C3ECCDE9F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+E0F2FB219FE1008EDC0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFD0EBF80294DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB5CBAE9
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0092DD0292DD
+CBE9F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFA7DAF3008DDB0093DD0093DD0093DD0093DD0093DD008FDCBCE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2FAFD2BA4E2
+008FDC0093DD0093DD0093DD0093DD0093DD008EDC2BA5E3F5FBFEFFFFFFFFFFFFFFFFFF
+FFFFFFCFEBF80193DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB58B9E8FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF3DADE5038EDCB9E2F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3FAFDD8EEFA
+B1DDF479C5ED44AFE6169BE0008DDB0089DA008BDA008CDB008DDB0091DC1A9DE046B0E6
+89CCEFC5E6F7F7FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9F6FC
+31A6E3008DDB0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFC0E4F70090DC0093DD0093DD0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FCFEF6FBFE
+F6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF5FBFEFDFEFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD0090DC27A4E2
+FAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBEE4F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6FBFE4FB3E7008DDB
+0093DD0093DD0093DD0093DD0093DD0090DC0592DDC2E5F7FFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFB8E1F5008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB75C4ECFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9FDFEF6FBFEF6FBFE
+F6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF5FBFEFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF37AAE48FD0F0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFAFDFEDCF0FABEE3F6A7D9F38CCEEF72C3EC56B7E836A9E4159BE00091DC
+008DDB008CDB0090DC0796DE199DE02EA6E347B0E674C3EC9BD4F1C6E6F7EFF8FDFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE6F5FC35A8E3
+008DDB0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFAEDCF4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDB7FC9EE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDCF4229DE0
+22A1E122A1E122A1E122A1E122A1E122A0E12FA7E3EBF6FCFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB51B5E8
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB62BDEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCEEAF83FADE5008DDB0093DD
+0093DD0093DD0093DD0093DD0091DC008EDB95D3F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFAADCF4008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB84CBEFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDDF4229DE022A1E1
+22A1E122A1E122A1E122A1E122A0E133A9E4EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFCFEFFADDCF4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFCFEFFEFF8FDE3F3FBD4EDF9C4E6F7BAE1F6B5E0F5B2DEF5B6E0F5BAE2F6
+C5E6F7CCE9F8D7EEFAE4F4FBF1F9FDFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD8EEFA2BA3E2008DDB
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFA8D9F4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDB82CAEE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC2E5F7008EDC
+008FDC0090DC0090DC0090DC0090DC008CDB23A2E2FAFDFEFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB63BDEA
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB5DBAE9F4FAFE
+F4FAFEF4FAFEF4FAFEF2FAFDE9F5FCCBE9F89DD5F250B4E70794DD008EDC0093DD0093DD
+0093DD0093DD0093DD008EDB0491DD98D4F1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFF9ED6F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB8FD0F0FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBBE2F6008CDB0090DC
+0090DC0090DC0090DC0090DC008CDB23A2E2FAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBFE4F61B9CE0008EDB0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF9CD5F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB94D2F1
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCAE8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC33A9E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB6FC2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0092DD0B98DE1EA0E1
+1EA0E11EA0E11EA0E11B9FE1109ADF0093DD008DDB008EDB0092DD0093DD0093DD0093DD
+0093DD0090DC008CDB2BA3E2B8E1F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFF9ED6F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB8FD0F0FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FCFF00793DD008FDC0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFA7D9F4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB88CDEF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0093DD0092DD0090DC
+0090DC0090DC0090DC0090DC0091DC0092DD0093DD0093DD0093DD0093DD0091DC008EDB
+008CDB1B9CE083CAEEF3FAFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFF9DD6F2008EDB0093DD0093DD0093DD0093DD0093DD0093DD008DDB90D0F0FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDEF1FB54B5E8008DDB0091DC0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFABDBF4008EDB0093DD0093DD0093DD0093DD0093DD0093DD008CDB80C9EE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0093DD0092DD0090DC
+0090DC0090DC0090DC0090DC008FDC008FDC008EDB008DDB008CDB008FDC0F98DF49B1E6
+97D2F1EBF6FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFA7DAF3008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB89CDEFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFDFFFF98D3F1179BDF008CDB0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD0093DD008DDB78C5ED
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD0092DD0D98DF22A1E1
+22A1E122A1E122A1E123A2E130A7E335A9E446B0E65EBAE981C8EEB3DEF5E3F3FBFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFB8E1F5008EDC0093DD0093DD0093DD0093DD0093DD0093DD008CDB7CC7EDFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFB7E0F53CABE5008DDB0090DC0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFCEEAF80293DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB65BEEB
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB5EBAEAF6FBFE
+F6FBFEF6FBFEF6FBFEF6FBFEFEFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFCCEAF80193DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB65BEEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF
+BBE2F648B0E60090DC008EDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFE2F2FB0B98DF0091DC0093DD0093DD0093DD0093DD0093DD008DDB4DB4E7
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB62BDEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFE7F5FC0E99DF0091DD0093DD0093DD0093DD0093DD0093DD008EDB47B1E7FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFECF7FC9BD4F138A9E4
+0091DC008EDB0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFAFCFF26A3E20090DC0093DD0093DD0093DD0093DD0093DD008FDC2EA7E3
+FDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFAFDFE27A4E2008FDC0093DD0093DD0093DD0093DD0093DD008FDC2DA6E3FCFEFE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFF8FDBAE1F568BEEB1A9CE0008DDB008EDC
+0092DD0093DD0093DD0093DD0093DD0093DD0090DC008DDB0091DC0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFF50B5E8008DDB0093DD0093DD0093DD0093DD0093DD0091DC0F9ADF
+E7F5FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF4DB4E7008EDB0093DD0093DD0093DD0093DD0093DD0091DC119BDFEAF6FD
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFDDF0FAA5D8F35DB9E91D9EE1008FDC008DDB0090DC0093DD0093DD
+0093DD0093DD0093DD0092DD008DDB008EDB23A1E184CBEE79C6ED0090DC0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFF86CCEF008CDB0093DD0093DD0093DD0093DD0093DD0093DD0090DC
+C2E5F7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF8ACDEF008CDB0093DD0093DD0093DD0093DD0093DD0093DD0090DCBEE4F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFFE8F5FCC1E5F7
+96D2F168BEEB34A8E40996DE008EDB008DDB0090DC0093DD0093DD0093DD0093DD0093DD
+0092DD008FDC008CDB0794DD4FB3E7A9DAF3F7FCFEF5FBFE34A8E40090DC0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFC8E8F80192DD0092DD0093DD0093DD0093DD0093DD0093DD008DDB
+83CAEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFC8E8F80191DC0093DD0093DD0093DD0093DD0093DD0093DD008DDB86CCEF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFCFEFFFAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FAFDFEF3FAFDEBF7FCD9EFFAC5E6F7AEDCF494D1F175C4EC4CB3E72CA5E3119ADF0091DC
+008DDB008DDB008FDC0092DD0093DD0093DD0093DD0093DD0092DD0091DC008EDC008CDB
+0090DC2BA3E27CC7EDD5EDF9FFFFFFFFFFFFF7FCFE39ABE4008DDB0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFF6FBFE1FA0E10090DC0093DD0093DD0093DD0093DD0093DD008EDB
+43B0E6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFF9FCFF25A3E2008FDC0093DD0093DD0093DD0093DD0093DD008EDB3BADE5
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFE3F3FBA7D9F372C2EC53B5E83CACE533A9E427A3E224A2E2
+1D9FE1149CE00B97DE0194DD008FDC008CDB008CDB008BDB008DDB008EDB0090DC0091DC
+0091DC0091DC0090DC008FDC008EDC008DDB008CDB008DDB0091DC159BDF3EACE584CAEE
+C4E6F7F8FCFEFFFFFFFFFFFFFFFFFFF1F9FD49B1E6008DDB0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF6FC2EC008CDB0093DD0093DD0093DD0093DD0093DD0092DD
+0B97DEDEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF81C9EE008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFF6EC2EC008CDB0093DD0093DD0093DD0093DD0093DD0092DD0896DE
+DDF0FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2FAFDDAEFFAB6DFF592D0F075C4EC52B5E8
+36A9E428A4E21C9EE1129ADF0D98DF0A97DE0595DE0595DE0595DE0595DE0595DE0A97DE
+0C98DF129BDF1D9FE12BA5E33BABE555B6E87CC7ED9DD5F2C3E5F7ECF6FCFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFE8F6FC41ADE5008CDB0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFCEEAF90392DC0092DD0093DD0093DD0093DD0093DD0093DD
+008CDB82CBEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB70C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7BC7ED008CDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFCFEAF80393DD0092DD0093DD0093DD0093DD0093DD0093DD008CDB
+81CAEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFDFEFFF5FBFEEFF8FDE6F4FCE0F2FBD6EEFAD5EDF9D5EDF9D5EDF9D5EDF9DFF1FB
+E3F3FBEDF7FDF3FAFDFBFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFCAE8F826A1E1008DDB0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4AB3E7008DDB0093DD0093DD0093DD0093DD0093DD
+0090DC1A9DE0EDF7FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD
+0093DD0093DD0093DD008DDB71C2ECFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF67BEEB008DDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFF4AB3E7008DDB0093DD0093DD0093DD0093DD0093DD0090DC
+199DE0EDF7FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFEFFFF91D0F00C95DE008EDC0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC1E5F70090DC0092DD0093DD0093DD0093DD0093DD
+0093DD008CDB7DC8EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFECF7FD119BDF0091DC0093DD
+0093DD0093DD0093DD008DDB60BBEAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFEFF36AAE5008FDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFC4E6F70191DC0092DD0093DD0093DD0093DD0093DD0093DD
+008CDB78C6EDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+D0EBF945AEE5008DDB0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF59B9E9008CDB0093DD0093DD0093DD0093DD
+0093DD0091DC0A95DECFEBF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5FAFE1EA0E10090DC0093DD
+0093DD0093DD0093DD008FDC2FA7E3FEFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEAF80392DD0092DD0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5BBAE9008BDB0093DD0093DD0093DD0093DD0093DD
+0091DD0994DDCEEAF8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE1F2FB72C2EC
+0B95DE008DDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE3F3FB189CE0008FDC0093DD0093DD0093DD
+0093DD0093DD008EDC2DA5E2EDF8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3BACE5008EDC0093DD
+0093DD0093DD0093DD0092DD0392DDC9E8F8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF52B6E8008EDB0093DD0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F3FB199CE00090DC0093DD0093DD0093DD0093DD
+0093DD008EDC2BA4E2EDF8FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F4FB79C5ED1499DF008CDB
+0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFADDCF4008FDB0092DD0093DD0093DD
+0093DD0093DD0093DD008DDB44AFE6F1F9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC9E8F80092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF65BEEB008CDB0093DD
+0093DD0093DD0093DD0093DD008EDB43AFE6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF86CCEF008DDB0093DD0093DD0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAFDDF4008FDC0092DD0093DD0093DD0093DD
+0093DD0093DD008DDB40ADE5EFF9FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCDEAF80093DD0092DD
+0093DD0093DD0093DD0093DD008FDC36AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCAE8F866BDEA159ADF008CDB0091DC0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF86CCEF008DDB0092DD0093DD
+0093DD0093DD0093DD0093DD008DDB37A9E4D8EEFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD1ECF90092DD
+0092DD0093DD0093DD0093DD0093DD008FDC32A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA3D8F3008DDB0093DD
+0093DD0093DD0093DD0093DD0093DD008EDB64BCEAF5FBFDFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFEFF8FD6EC0EB008FDC0092DD0092DD0093DD0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF85CBEF008DDB0092DD0093DD0093DD
+0093DD0093DD0093DD008DDB37A9E3D9EFFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD5EEF90093DD0092DD
+0093DD0093DD0093DD0093DD008FDC37AAE4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFDEF1FB93D0F03EACE50192DD008DDB0091DC0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF71C3EC008CDB0092DD
+0093DD0093DD0093DD0093DD0093DD008EDB159ADF98D3F1F7FCFEFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFEFF98D3F10091DC
+0092DD0093DD0093DD0093DD0093DD008FDC33A8E4FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEDF8FD179DE00090DC
+0093DD0093DD0093DD0093DD0093DD0093DD008DDB2FA5E39DD5F2DEF1FBF6FBFEFBFDFE
+FAFDFEF0F9FDD2ECF988CCEF25A1E1008DDB0092DD0091DC0896DE0194DD0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF75C4ED008CDB0092DD0093DD
+0093DD0093DD0093DD0093DD008EDB1599DF97D3F1F7FCFEFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFF9BD5F10091DD0092DD
+0093DD0093DD0093DD0093DD008FDC33A9E4FEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4FAFD
+C6E6F787CBEF3EACE50C97DE008DDB008EDC0092DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF86CBEF008FDC
+008FDC0093DD0093DD0093DD0093DD0093DD0090DC008EDB2BA4E28DCEF0D9EFFAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE2F3FB9AD3F138A9E40090DC0092DD
+0093DD0093DD0093DD0093DD0093DD0090DC20A1E1F6FBFEFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBDE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8ECFF0008BDA
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD008FDC008EDB0A97DE21A1E12AA5E3
+29A4E3199EE00394DD008DDB0090DC0093DD008FDC21A1E187CCEF0191DC0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF88CCEF008FDC008FDC
+0093DD0093DD0093DD0093DD0093DD0090DC008EDB2CA4E28ECEF0DBEFFAFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE3F3FB99D3F138A9E40090DC0092DD0093DD
+0093DD0093DD0093DD0093DD008FDC23A2E2F8FCFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FCFEE6F4FCCDE9F8AEDCF484CAEE4DB3E71F9FE1
+0092DC008CDB008EDC0091DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAADBF4
+1C9CE0008CDB0092DD0093DD0093DD0093DD0093DD0093DD008FDC008DDB0996DE33A8E3
+5FBBEA84CBEE8FD0F08FD0F089CDEF6CC1EB3BABE50F98DF008DDB008FDC0093DD0093DD
+0093DD0093DD0093DD0093DD0092DD008DDB008FDCD5EDF9FFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEDF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB70C2EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBDE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBEE3F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBFDFE47B1E6
+008BDB0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0091DD0090DC008FDC
+0090DC0090DC0092DD0093DD0093DD008FDC0B95DDC8E8F8B7E1F6008EDB0093DD0093DD
+0093DD0093DD0092DD0997DEDDF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF61BCEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB61BCEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAADBF41C9CE0
+008CDB0092DD0093DD0093DD0093DD0093DD0093DD008FDC008DDB0A96DE32A8E35DBAE9
+83CAEE8FD0F08FD0F08ACDEF6CC0EB3CABE51099DF008DDB008FDC0093DD0093DD0093DD
+0093DD0093DD0093DD0092DD008EDB0090DCD6EEFAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE1F2FBBAE1F68DCEF0
+6BC0EB58B8E94AB2E742AEE642AFE642AFE642AFE642AEE64AB2E751B5E856B8E861BCEA
+61BCEA61BCEA57B8E94DB3E73BACE524A2E20E99DF0093DD008EDC008DDB008EDB0090DC
+0092DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+E3F3FB5FBAE90291DC008DDB0091DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC
+008DDB008CDB008DDB008DDB008DDB008DDB008FDC0091DC0093DD0093DD0093DD0093DD
+0093DD0091DC008EDB008CDB0494DD35A8E484CAEEE9F6FCFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFEEF7FD129BDF0091DC0093DD0093DD0093DD0093DD008DDB6EC1EC
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFBEE3F6008FDC0093DD0093DD0093DD0093DD0093DD008FDCBAE2F6
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFF8FD
+42AEE6008ADA0091DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB0E96DEB5E0F5FFFFFFA9DAF4008EDB0093DD0093DD
+0093DD0093DD0092DD0A97DEDEF2FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF62BDEA008DDB0093DD0093DD0093DD0093DD0093DD008DDB63BDEAFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE4F4FB
+61BBE90191DC008DDB0091DD0093DD0093DD0093DD0093DD0093DD0092DD008FDC008DDB
+008CDB008DDB008DDB008DDB008DDB008FDC0091DC0093DD0093DD0093DD0093DD0093DD
+0091DC008EDB008CDB0393DD34A8E481C9EEE7F5FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCEEAF881C8EE3DACE50C97DE008FDC008DDB
+008DDB008DDB008EDB008EDB008EDB008EDB008EDB008EDB008EDB008EDB008DDB008DDB
+008DDB008DDB008DDB008EDB008EDC0090DC0091DC0092DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD008DDB51B5E8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFC4E6F75BB7E90C97DE008CDB008DDB0090DC0092DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DC008FDC008DDB
+008EDC1199DF4BB2E78DCDF0D1EBF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFE9F5FC0997DE008EDB0090DC0090DC0090DC0090DC008ADA58B8E9
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFB6E0F5008CDB0090DC0090DC0090DC0090DC0090DC008ADA9FD6F3
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+F5FBFE70C2EC0894DD008CDB0090DC0093DD0093DD0093DD0093DD0093DD0093DD0093DD
+0093DD0092DD008EDB008DDB3BAAE4CBE9F8FFFFFFFFFFFFA7D9F4008BDA0090DC0090DC
+0090DC0090DC008FDC0092DCD3EDF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFF50B5E8008ADA0090DC0090DC0090DC0090DC0090DC008ADA4DB4E8FFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFC2E5F75AB7E80D97DE008DDB008EDB0090DC0092DD0093DD0093DD0093DD0093DD
+0093DD0093DD0093DD0093DD0093DD0093DD0093DD0092DD0091DD008FDC008DDB008EDC
+1199DF4AB1E78DCEEFD1EBF9FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFF1F9FDA6D9F339A9E4008CDB0086D90088DA008BDB008CDB008DDB
+008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB
+008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB
+008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB
+008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB008DDB
+008DDB008DDB008DDB008DDB0086D947B1E7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFDDF1FA93D0F050B3E71B9DE00293DD008EDC008DDB008CDB
+008CDB008DDB008DDB008DDB008CDB008CDB008DDB008EDB0091DC0D98DF35A8E36ABFEB
+AFDCF4E5F4FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFD8EEFA26A2E222A0E122A1E122A1E122A1E122A1E1229DE05AB9E9
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFA1D7F3229CE022A1E122A1E122A1E122A1E122A1E1229CE08FD0F0
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFCFEAF965BCEA1B9DE00090DC008DDB008CDB008CDB008DDB008CDB008DDB
+008EDC0B97DE44AEE5A6D8F3FBFDFEFFFFFFFFFFFFFFFFFFB4DFF5229DE022A1E122A1E1
+22A1E122A1E122A1E1219EE1BFE4F6FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFDFEFF4DB4E7229EE022A1E122A1E122A1E122A1E122A1E1229EE047B1E6FBFDFE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFDFF1FB96D1F14EB3E71B9DE00293DD008EDC008DDB008CDB008CDB
+008DDB008DDB008DDB008CDB008CDB008DDB008EDB0091DC0D97DE34A8E36BBFEBAEDCF4
+E5F4FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFBFDFFABDCF466BCEA60BBE968BFEB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB
+6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB
+6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB
+6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB
+6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB6BC0EB
+6BC0EB6BC0EB6BC0EB6BC0EB6BBDEA9AD4F2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F8FDD0EBF9B4DEF599D3F185CBEF
+73C3EC6BC0EB6BC0EB6BC0EB70C2EC82CAEE93D1F0A8DAF3C5E6F7E3F2FBFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFBFEFEF5FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFF8FCFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF8FCFE
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFEEF8FDC5E6F7A0D6F285CBEF77C5ED6DC1EC80C9EE94D1F1
+B4DEF5DEF1FBFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCFEFFF6FBFEF6FBFEF6FBFE
+F6FBFEF6FBFEF6FBFEF6FBFEFAFDFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFEFFFFF5FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF6FBFEF4FBFDFDFEFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0F8FDD1EBF9B2DEF597D3F185CBEE72C3EC
+6BC0EB6BC0EB6BC0EB70C2EC81C9EE92D0F0A9DAF3C4E6F7E2F2FBFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+
+end
+%%PageTrailer
+%%Trailer
+%%EOF
diff --git a/doc/gnupg-logo.pdf b/doc/gnupg-logo.pdf
new file mode 100644
index 0000000..84a3470
--- /dev/null
+++ b/doc/gnupg-logo.pdf
Binary files differ
diff --git a/doc/gnupg-logo.png b/doc/gnupg-logo.png
new file mode 100644
index 0000000..73cf00a
--- /dev/null
+++ b/doc/gnupg-logo.png
Binary files differ
diff --git a/doc/gnupg.info b/doc/gnupg.info
new file mode 100644
index 0000000..bc2da62
--- /dev/null
+++ b/doc/gnupg.info
@@ -0,0 +1,178 @@
+This is /home/wk/w/gnupg-stable/doc/gnupg.info, produced by makeinfo
+version 4.13 from /home/wk/w/gnupg-stable/doc/gnupg.texi.
+
+This is the `The GNU Privacy Guard Manual' (version 2.0.19,
+March 2012).
+
+ Copyright (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software
+Foundation, Inc.
+
+ Permission is granted to copy, distribute and/or modify this
+ document under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 3 of the
+ License, or (at your option) any later version. The text of the
+ license can be found in the section entitled "Copying".
+
+INFO-DIR-SECTION GNU Utilities
+START-INFO-DIR-ENTRY
+* gpg2: (gnupg). OpenPGP encryption and signing tool.
+* gpgsm: (gnupg). S/MIME encryption and signing tool.
+* gpg-agent: (gnupg). The secret key daemon.
+END-INFO-DIR-ENTRY
+
+
+Indirect:
+gnupg.info-1: 871
+gnupg.info-2: 299961
+
+Tag Table:
+(Indirect)
+Node: Top871
+Node: Installation2489
+Node: Invoking GPG-AGENT5502
+Node: Agent Commands8324
+Node: Agent Options9734
+Ref: option --options9891
+Ref: option --homedir10160
+Ref: option --log-file14140
+Ref: option --allow-mark-trusted14474
+Ref: option --enable-ssh-support19677
+Node: Agent Configuration21742
+Node: Agent Signals27217
+Node: Agent Examples28523
+Node: Agent Protocol29337
+Node: Agent PKDECRYPT31364
+Node: Agent PKSIGN33073
+Node: Agent GENKEY35179
+Node: Agent IMPORT36439
+Node: Agent EXPORT36881
+Node: Agent ISTRUSTED37096
+Node: Agent GET_PASSPHRASE39474
+Node: Agent GET_CONFIRMATION41855
+Node: Agent HAVEKEY42522
+Node: Agent LEARN43152
+Node: Agent PASSWD43447
+Node: Agent UPDATESTARTUPTTY43751
+Node: Agent GETEVENTCOUNTER44229
+Node: Agent GETINFO45037
+Node: Agent OPTION45744
+Node: Invoking GPG46721
+Node: GPG Commands48087
+Node: General GPG Commands48918
+Node: Operational GPG Commands49549
+Ref: option --export-ownertrust61814
+Node: OpenPGP Key Management63613
+Node: GPG Options75675
+Node: GPG Configuration Options76899
+Node: GPG Key related Options106612
+Node: GPG Input and Output110195
+Node: OpenPGP Options115796
+Node: GPG Esoteric Options123517
+Ref: GPG Esoteric Options-Footnote-1145993
+Node: GPG Configuration146147
+Node: GPG Examples149430
+Node: Unattended Usage of GPG153764
+Node: Unattended GPG key generation154203
+Node: Invoking GPGSM163335
+Node: GPGSM Commands164204
+Node: General GPGSM Commands164642
+Node: Operational GPGSM Commands165330
+Node: Certificate Management167363
+Node: GPGSM Options171728
+Node: Configuration Options172302
+Node: Certificate Options174587
+Node: Input and Output178480
+Ref: option --p12-charset179062
+Node: CMS Options181309
+Node: Esoteric Options182331
+Node: GPGSM Configuration186703
+Node: GPGSM Examples192398
+Node: Unattended Usage192595
+Node: Automated signature checking193186
+Node: CSR and certificate creation194985
+Node: GPGSM Protocol200045
+Node: GPGSM ENCRYPT201210
+Node: GPGSM DECRYPT203878
+Node: GPGSM SIGN204711
+Node: GPGSM VERIFY206159
+Node: GPGSM GENKEY206674
+Node: GPGSM LISTKEYS207688
+Node: GPGSM EXPORT208613
+Node: GPGSM IMPORT209570
+Node: GPGSM DELETE210310
+Node: GPGSM GETINFO210813
+Node: Invoking SCDAEMON211463
+Node: Scdaemon Commands212137
+Node: Scdaemon Options213258
+Node: Card applications220966
+Node: OpenPGP Card221575
+Node: NKS Card222051
+Node: DINSIG Card222377
+Node: PKCS#15 Card222753
+Node: Geldkarte Card223023
+Node: Undefined Card223415
+Node: Scdaemon Configuration223829
+Node: Scdaemon Examples224866
+Node: Scdaemon Protocol225049
+Node: Scdaemon SERIALNO226545
+Node: Scdaemon LEARN227474
+Node: Scdaemon READCERT228330
+Node: Scdaemon READKEY228731
+Node: Scdaemon PKSIGN229017
+Node: Scdaemon PKDECRYPT229743
+Node: Scdaemon GETATTR230255
+Node: Scdaemon SETATTR230459
+Node: Scdaemon WRITEKEY230666
+Node: Scdaemon GENKEY231370
+Node: Scdaemon RANDOM231575
+Node: Scdaemon PASSWD231798
+Node: Scdaemon CHECKPIN232191
+Node: Scdaemon RESTART233196
+Node: Scdaemon APDU233731
+Node: Specify a User ID234707
+Ref: how-to-specify-a-user-id234865
+Node: Helper Tools239496
+Node: watchgnupg240335
+Ref: option watchgnupg --tcp241063
+Node: gpgv242394
+Node: addgnupghome245561
+Node: gpgconf246259
+Ref: gpgconf-Footnote-1248395
+Node: Invoking gpgconf248693
+Node: Format conventions251569
+Node: Listing components256895
+Node: Checking programs258986
+Node: Listing options261735
+Node: Changing options269225
+Node: Listing global options270926
+Node: Files used by gpgconf272696
+Node: applygnupgdefaults273046
+Node: gpgsm-gencert.sh273786
+Node: gpg-preset-passphrase274154
+Node: Invoking gpg-preset-passphrase275032
+Node: gpg-connect-agent276302
+Node: Invoking gpg-connect-agent277015
+Node: Controlling gpg-connect-agent279148
+Node: gpgparsemail285604
+Node: symcryptrun285925
+Node: Invoking symcryptrun286824
+Node: gpg-zip288612
+Node: Howtos290438
+Node: Howto Create a Server Cert290705
+Node: System Notes299961
+Node: W32 Notes302433
+Node: Debugging302854
+Node: Debugging Tools303683
+Node: kbxutil303963
+Ref: kbxutil-Footnote-1305532
+Node: Debugging Hints305628
+Node: Common Problems306230
+Node: Architecture Details311438
+Node: GnuPG-1 and GnuPG-2311689
+Node: Copying312013
+Node: Contributors349637
+Node: Glossary355870
+Node: Option Index358396
+Node: Index417494
+
+End Tag Table
diff --git a/doc/gnupg.info-1 b/doc/gnupg.info-1
new file mode 100644
index 0000000..4ae6e74
--- /dev/null
+++ b/doc/gnupg.info-1
@@ -0,0 +1,7752 @@
+This is /home/wk/w/gnupg-stable/doc/gnupg.info, produced by makeinfo
+version 4.13 from /home/wk/w/gnupg-stable/doc/gnupg.texi.
+
+This is the `The GNU Privacy Guard Manual' (version 2.0.19,
+March 2012).
+
+ Copyright (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software
+Foundation, Inc.
+
+ Permission is granted to copy, distribute and/or modify this
+ document under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 3 of the
+ License, or (at your option) any later version. The text of the
+ license can be found in the section entitled "Copying".
+
+INFO-DIR-SECTION GNU Utilities
+START-INFO-DIR-ENTRY
+* gpg2: (gnupg). OpenPGP encryption and signing tool.
+* gpgsm: (gnupg). S/MIME encryption and signing tool.
+* gpg-agent: (gnupg). The secret key daemon.
+END-INFO-DIR-ENTRY
+
+
+File: gnupg.info, Node: Top, Next: Installation, Up: (dir)
+
+Using the GNU Privacy Guard
+***************************
+
+This is the `The GNU Privacy Guard Manual' (version 2.0.19,
+March 2012).
+
+ Copyright (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software
+Foundation, Inc.
+
+ Permission is granted to copy, distribute and/or modify this
+ document under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 3 of the
+ License, or (at your option) any later version. The text of the
+ license can be found in the section entitled "Copying".
+
+ This manual documents how to use the GNU Privacy Guard system as
+well as the administration and the architecture.
+
+* Menu:
+
+* Installation:: A short installation guide.
+
+* Invoking GPG-AGENT:: How to launch the secret key daemon.
+* Invoking GPG:: Using the OpenPGP protocol.
+* Invoking GPGSM:: Using the S/MIME protocol.
+* Invoking SCDAEMON:: How to handle Smartcards.
+* Specify a User ID:: How to Specify a User Id.
+
+* Helper Tools:: Description of small helper tools
+
+* Howtos:: How to do certain things.
+* System Notes:: Notes pertaining to certain OSes.
+* Debugging:: How to solve problems
+
+* Copying:: GNU General Public License says
+ how you can copy and share GnuPG
+* Contributors:: People who have contributed to GnuPG.
+
+* Glossary:: Short description of terms used.
+* Option Index:: Index to command line options.
+* Index:: Index of concepts and symbol names.
+
+
+File: gnupg.info, Node: Installation, Next: Invoking GPG-AGENT, Prev: Top, Up: Top
+
+1 A short installation guide.
+*****************************
+
+Unfortunately the installation guide has not been finished in time.
+Instead of delaying the release of GnuPG 2.0 even further, I decided to
+release without that guide. The chapter on gpg-agent and gpgsm do
+include brief information on how to set up the whole thing. Please
+watch the GnuPG website for updates of the documentation. In the
+meantime you may search the GnuPG mailing list archives or ask on the
+gnupg-users mailing listsfor advise on how to solve problems or how to
+get that whole thing up and running.
+
+ ** Building the software
+
+ Building the software is decribed in the file `INSTALL'. Given that
+you are already reading this documentation we can only give some extra
+hints
+
+ To comply with the rules on GNU systems you should have build time
+configured `dirmngr' using:
+
+ ./configure --sysconfdir=/etc --localstatedir=/var
+
+ This is to make sure that system wide configuration files are
+searched in the directory `/etc/gnupg' and variable data below `/var';
+the default would be to also install them below `/usr/local' where the
+binaries get installed. If you selected to use the `--prefix=/' you
+obviously don't need those option as they are the default then.
+
+ ** Explain how to setup a root CA key as trusted
+
+ Such questions may also help to write a proper installation guide.
+
+ [to be written]
+
+ XXX Tell how to setup the system, install certificates, how dirmngr
+relates to GnuPG etc.
+
+ ** Explain how to setup a root CA key as trusted
+
+ X.509 is based on a hierarchical key infrastructure. At the root of
+the tree a trusted anchor (root certificate) is required. There are
+usually no other means of verifying whether this root certificate is
+trustworthy than looking it up in a list. GnuPG uses a file
+(`trustlist.txt') to keep track of all root certificates it knows
+about. There are 3 ways to get certificates into this list:
+
+ * Use the list which comes with GnuPG. However this list only
+ contains a few root certificates. Most installations will need
+ more.
+
+ * Let `gpgsm' ask you whether you want to insert a new root
+ certificate. To enable this feature you need to set the option
+ `allow-mark-trusted' into `gpg-agent.conf'. In general it is not
+ a good idea to do it this way. Checking whether a root
+ certificate is really trustworthy requires decisions, which casual
+ users are not up to. Thus, by default this option is not enabled.
+
+ * Manually maintain the list of trusted root certificates. For a
+ multi user installation this can be done once for all users on a
+ machine. Specific changes on a per-user base are also possible.
+
+ XXX decribe how to maintain trustlist.txt and
+/etc/gnupg/trustlist.txt.
+
+ ** How to get the ssh support running
+
+ XXX How to use the ssh support.
+
+1.1 Installation Overview
+=========================
+
+XXXX
+
+
+File: gnupg.info, Node: Invoking GPG-AGENT, Next: Invoking GPG, Prev: Installation, Up: Top
+
+2 Invoking GPG-AGENT
+********************
+
+`gpg-agent' is a daemon to manage secret (private) keys independently
+from any protocol. It is used as a backend for `gpg' and `gpgsm' as
+well as for a couple of other utilities.
+
+The usual way to run the agent is from the `~/.xsession' file:
+
+ eval $(gpg-agent --daemon)
+ If you don't use an X server, you can also put this into your regular
+startup file `~/.profile' or `.bash_profile'. It is best not to run
+multiple instance of the `gpg-agent', so you should make sure that only
+one is running: `gpg-agent' uses an environment variable to inform
+clients about the communication parameters. You can write the content
+of this environment variable to a file so that you can test for a
+running agent. Here is an example using Bourne shell syntax:
+
+ gpg-agent --daemon --enable-ssh-support \
+ --write-env-file "${HOME}/.gpg-agent-info"
+
+ This code should only be run once per user session to initially fire
+up the agent. In the example the optional support for the included
+Secure Shell agent is enabled and the information about the agent is
+written to a file in the HOME directory. Note that by running
+gpg-agent without arguments you may test whether an agent is already
+running; however such a test may lead to a race condition, thus it is
+not suggested.
+
+The second script needs to be run for each interactive session:
+
+ if [ -f "${HOME}/.gpg-agent-info" ]; then
+ . "${HOME}/.gpg-agent-info"
+ export GPG_AGENT_INFO
+ export SSH_AUTH_SOCK
+ fi
+
+It reads the data out of the file and exports the variables. If you
+don't use Secure Shell, you don't need the last two export statements.
+
+You should always add the following lines to your `.bashrc' or whatever
+initialization file is used for all shell invocations:
+
+ GPG_TTY=$(tty)
+ export GPG_TTY
+
+It is important that this environment variable always reflects the
+output of the `tty' command. For W32 systems this option is not
+required.
+
+ Please make sure that a proper pinentry program has been installed
+under the default filename (which is system dependant) or use the
+option `pinentry-program' to specify the full name of that program. It
+is often useful to install a symbolic link from the actual used
+pinentry (e.g. `/usr/bin/pinentry-gtk') to the expected one (e.g.
+`/usr/bin/pinentry').
+
+*Note Option Index::,for an index to `GPG-AGENT''s commands and options.
+
+* Menu:
+
+* Agent Commands:: List of all commands.
+* Agent Options:: List of all options.
+* Agent Configuration:: Configuration files.
+* Agent Signals:: Use of some signals.
+* Agent Examples:: Some usage examples.
+* Agent Protocol:: The protocol the agent uses.
+
+
+File: gnupg.info, Node: Agent Commands, Next: Agent Options, Up: Invoking GPG-AGENT
+
+2.1 Commands
+============
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+`--version'
+ Print the program version and licensing information. Note that
+ you cannot abbreviate this command.
+
+`--help'
+`-h'
+ Print a usage message summarizing the most useful command-line
+ options. Note that you cannot abbreviate this command.
+
+`--dump-options'
+ Print a list of all available options and commands. Note that you
+ cannot abbreviate this command.
+
+`--server'
+ Run in server mode and wait for commands on the `stdin'. The
+ default mode is to create a socket and listen for commands there.
+
+`--daemon [COMMAND LINE]'
+ Start the gpg-agent as a daemon; that is, detach it from the
+ console and run it in the background. Because `gpg-agent' prints
+ out important information required for further use, a common way of
+ invoking gpg-agent is: `eval $(gpg-agent --daemon)' to setup the
+ environment variables. The option `--write-env-file' is another
+ way commonly used to do this. Yet another way is creating a new
+ process as a child of gpg-agent: `gpg-agent --daemon /bin/sh'.
+ This way you get a new shell with the environment setup properly;
+ if you exit from this shell, gpg-agent terminates as well.
+
+
+File: gnupg.info, Node: Agent Options, Next: Agent Configuration, Prev: Agent Commands, Up: Invoking GPG-AGENT
+
+2.2 Option Summary
+==================
+
+`--options FILE'
+ Reads configuration from FILE instead of from the default per-user
+ configuration file. The default configuration file is named
+ `gpg-agent.conf' and expected in the `.gnupg' directory directly
+ below the home directory of the user.
+
+`--homedir DIR'
+ Set the name of the home directory to DIR. If this option is not
+ used, the home directory defaults to `~/.gnupg'. It is only
+ recognized when given on the command line. It also overrides any
+ home directory stated through the environment variable `GNUPGHOME'
+ or (on W32 systems) by means of the Registry entry
+ HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR.
+
+`-v'
+
+`--verbose'
+ Outputs additional information while running. You can increase
+ the verbosity by giving several verbose commands to `gpgsm', such
+ as `-vv'.
+
+`-q'
+
+`--quiet'
+ Try to be as quiet as possible.
+
+`--batch'
+ Don't invoke a pinentry or do any other thing requiring human
+ interaction.
+
+`--faked-system-time EPOCH'
+ This option is only useful for testing; it sets the system time
+ back or forth to EPOCH which is the number of seconds elapsed
+ since the year 1970.
+
+`--debug-level LEVEL'
+ Select the debug level for investigating problems. LEVEL may be a
+ numeric value or a keyword:
+
+ `none'
+ No debugging at all. A value of less than 1 may be used
+ instead of the keyword.
+
+ `basic'
+ Some basic debug messages. A value between 1 and 2 may be
+ used instead of the keyword.
+
+ `advanced'
+ More verbose debug messages. A value between 3 and 5 may be
+ used instead of the keyword.
+
+ `expert'
+ Even more detailed messages. A value between 6 and 8 may be
+ used instead of the keyword.
+
+ `guru'
+ All of the debug messages you can get. A value greater than 8
+ may be used instead of the keyword. The creation of hash
+ tracing files is only enabled if the keyword is used.
+
+ How these messages are mapped to the actual debugging flags is not
+ specified and may change with newer releases of this program. They
+ are however carefully selected to best aid in debugging.
+
+`--debug FLAGS'
+ This option is only useful for debugging and the behaviour may
+ change at any time without notice. FLAGS are bit encoded and may
+ be given in usual C-Syntax. The currently defined bits are:
+
+ `0 (1)'
+ X.509 or OpenPGP protocol related data
+
+ `1 (2)'
+ values of big number integers
+
+ `2 (4)'
+ low level crypto operations
+
+ `5 (32)'
+ memory allocation
+
+ `6 (64)'
+ caching
+
+ `7 (128)'
+ show memory statistics.
+
+ `9 (512)'
+ write hashed data to files named `dbgmd-000*'
+
+ `10 (1024)'
+ trace Assuan protocol
+
+ `12 (4096)'
+ bypass all certificate validation
+
+`--debug-all'
+ Same as `--debug=0xffffffff'
+
+`--debug-wait N'
+ When running in server mode, wait N seconds before entering the
+ actual processing loop and print the pid. This gives time to
+ attach a debugger.
+
+`--no-detach'
+ Don't detach the process from the console. This is mainly useful
+ for debugging.
+
+`-s'
+`--sh'
+`-c'
+`--csh'
+ Format the info output in daemon mode for use with the standard
+ Bourne shell or the C-shell respectively. The default is to guess
+ it based on the environment variable `SHELL' which is correct in
+ almost all cases.
+
+`--write-env-file FILE'
+ Often it is required to connect to the agent from a process not
+ being an inferior of `gpg-agent' and thus the environment variable
+ with the socket name is not available. To help setting up those
+ variables in other sessions, this option may be used to write the
+ information into FILE. If FILE is not specified the default name
+ `${HOME}/.gpg-agent-info' will be used. The format is suitable to
+ be evaluated by a Bourne shell like in this simple example:
+
+ eval $(cat FILE)
+ eval $(cut -d= -f 1 < FILE | xargs echo export)
+
+`--no-grab'
+ Tell the pinentry not to grab the keyboard and mouse. This option
+ should in general not be used to avoid X-sniffing attacks.
+
+`--log-file FILE'
+ Append all logging output to FILE. This is very helpful in seeing
+ what the agent actually does. If neither a log file nor a log file
+ descriptor has been set on a Windows platform, the Registry entry
+ `HKCU\Software\GNU\GnuPG:DefaultLogFile', if set, is used to
+ specify the logging output.
+
+`--allow-mark-trusted'
+ Allow clients to mark keys as trusted, i.e. put them into the
+ `trustlist.txt' file. This is by default not allowed to make it
+ harder for users to inadvertently accept Root-CA keys.
+
+`--ignore-cache-for-signing'
+ This option will let `gpg-agent' bypass the passphrase cache for
+ all signing operation. Note that there is also a per-session
+ option to control this behaviour but this command line option
+ takes precedence.
+
+`--default-cache-ttl N'
+ Set the time a cache entry is valid to N seconds. The default is
+ 600 seconds.
+
+`--default-cache-ttl-ssh N'
+ Set the time a cache entry used for SSH keys is valid to N
+ seconds. The default is 1800 seconds.
+
+`--max-cache-ttl N'
+ Set the maximum time a cache entry is valid to N seconds. After
+ this time a cache entry will be expired even if it has been
+ accessed recently. The default is 2 hours (7200 seconds).
+
+`--max-cache-ttl-ssh N'
+ Set the maximum time a cache entry used for SSH keys is valid to N
+ seconds. After this time a cache entry will be expired even if it
+ has been accessed recently. The default is 2 hours (7200 seconds).
+
+`--enforce-passphrase-constraints'
+ Enforce the passphrase constraints by not allowing the user to
+ bypass them using the "Take it anyway" button.
+
+`--min-passphrase-len N'
+ Set the minimal length of a passphrase. When entering a new
+ passphrase shorter than this value a warning will be displayed.
+ Defaults to 8.
+
+`--min-passphrase-nonalpha N'
+ Set the minimal number of digits or special characters required in
+ a passphrase. When entering a new passphrase with less than this
+ number of digits or special characters a warning will be
+ displayed. Defaults to 1.
+
+`--check-passphrase-pattern FILE'
+ Check the passphrase against the pattern given in FILE. When
+ entering a new passphrase matching one of these pattern a warning
+ will be displayed. FILE should be an absolute filename. The
+ default is not to use any pattern file.
+
+ Security note: It is known that checking a passphrase against a
+ list of pattern or even against a complete dictionary is not very
+ effective to enforce good passphrases. Users will soon figure up
+ ways to bypass such a policy. A better policy is to educate users
+ on good security behavior and optionally to run a passphrase
+ cracker regularly on all users passphrases to catch the very
+ simple ones.
+
+`--max-passphrase-days N'
+ Ask the user to change the passphrase if N days have passed since
+ the last change. With `--enforce-passphrase-constraints' set the
+ user may not bypass this check.
+
+`--enable-passphrase-history'
+ This option does nothing yet.
+
+`--pinentry-program FILENAME'
+ Use program FILENAME as the PIN entry. The default is installation
+ dependent.
+
+`--pinentry-touch-file FILENAME'
+ By default the filename of the socket gpg-agent is listening for
+ requests is passed to Pinentry, so that it can touch that file
+ before exiting (it does this only in curses mode). This option
+ changes the file passed to Pinentry to FILENAME. The special name
+ `/dev/null' may be used to completely disable this feature. Note
+ that Pinentry will not create that file, it will only change the
+ modification and access time.
+
+`--scdaemon-program FILENAME'
+ Use program FILENAME as the Smartcard daemon. The default is
+ installation dependent and can be shown with the `gpgconf' command.
+
+`--disable-scdaemon'
+ Do not make use of the scdaemon tool. This option has the effect
+ of disabling the ability to do smartcard operations. Note, that
+ enabling this option at runtime does not kill an already forked
+ scdaemon.
+
+`--use-standard-socket'
+`--no-use-standard-socket'
+ By enabling this option `gpg-agent' will listen on the socket
+ named `S.gpg-agent', located in the home directory, and not create
+ a random socket below a temporary directory. Tools connecting to
+ `gpg-agent' should first try to connect to the socket given in
+ environment variable GPG_AGENT_INFO and then fall back to this
+ socket. This option may not be used if the home directory is
+ mounted on a remote file system which does not support special
+ files like fifos or sockets. Note, that `--use-standard-socket'
+ is the default on Windows systems. The default may be changed at
+ build time. It is possible to test at runtime whether the agent
+ has been configured for use with the standard socket by issuing
+ the command `gpg-agent --use-standard-socket-p' which returns
+ success if the standard socket option has been enabled.
+
+`--display STRING'
+`--ttyname STRING'
+`--ttytype STRING'
+`--lc-ctype STRING'
+`--lc-messages STRING'
+`--xauthority STRING'
+ These options are used with the server mode to pass localization
+ information.
+
+`--keep-tty'
+`--keep-display'
+ Ignore requests to change the current `tty' or X window system's
+ `DISPLAY' variable respectively. This is useful to lock the
+ pinentry to pop up at the `tty' or display you started the agent.
+
+`--enable-ssh-support'
+ Enable the OpenSSH Agent protocol.
+
+ In this mode of operation, the agent does not only implement the
+ gpg-agent protocol, but also the agent protocol used by OpenSSH
+ (through a separate socket). Consequently, it should be possible
+ to use the gpg-agent as a drop-in replacement for the well known
+ ssh-agent.
+
+ SSH Keys, which are to be used through the agent, need to be added
+ to the gpg-agent initially through the ssh-add utility. When a
+ key is added, ssh-add will ask for the password of the provided
+ key file and send the unprotected key material to the agent; this
+ causes the gpg-agent to ask for a passphrase, which is to be used
+ for encrypting the newly received key and storing it in a
+ gpg-agent specific directory.
+
+ Once a key has been added to the gpg-agent this way, the gpg-agent
+ will be ready to use the key.
+
+ Note: in case the gpg-agent receives a signature request, the user
+ might need to be prompted for a passphrase, which is necessary for
+ decrypting the stored key. Since the ssh-agent protocol does not
+ contain a mechanism for telling the agent on which
+ display/terminal it is running, gpg-agent's ssh-support will use
+ the TTY or X display where gpg-agent has been started. To switch
+ this display to the current one, the following command may be used:
+
+ gpg-connect-agent updatestartuptty /bye
+
+ Although all GnuPG components try to start the gpg-agent as
+ needed, this is not possible for the ssh support because ssh does
+ not know about it. Thus if no GnuPG tool which accesses the agent
+ has been run, there is no guarantee that ssh is abale to use
+ gpg-agent for authentication. To fix this you may start gpg-agent
+ if needed using this simple command:
+
+ gpg-connect-agent /bye
+
+ Adding the `--verbose' shows the progress of starting the agent.
+
+
+ All the long options may also be given in the configuration file
+after stripping off the two leading dashes.
+
+
+File: gnupg.info, Node: Agent Configuration, Next: Agent Signals, Prev: Agent Options, Up: Invoking GPG-AGENT
+
+2.3 Configuration
+=================
+
+There are a few configuration files needed for the operation of the
+agent. By default they may all be found in the current home directory
+(*note option --homedir::).
+
+`gpg-agent.conf'
+ This is the standard configuration file read by `gpg-agent' on
+ startup. It may contain any valid long option; the leading two
+ dashes may not be entered and the option may not be abbreviated.
+ This file is also read after a `SIGHUP' however only a few
+ options will actually have an effect. This default name may be
+ changed on the command line (*note option --options::). You
+ should backup this file.
+
+`trustlist.txt'
+ This is the list of trusted keys. You should backup this file.
+
+ Comment lines, indicated by a leading hash mark, as well as empty
+ lines are ignored. To mark a key as trusted you need to enter its
+ fingerprint followed by a space and a capital letter `S'. Colons
+ may optionally be used to separate the bytes of a fingerprint;
+ this allows to cut and paste the fingerprint from a key listing
+ output. If the line is prefixed with a `!' the key is
+ explicitly marked as not trusted.
+
+ Here is an example where two keys are marked as ultimately trusted
+ and one as not trusted:
+
+ # CN=Wurzel ZS 3,O=Intevation GmbH,C=DE
+ A6935DD34EF3087973C706FC311AA2CCF733765B S
+
+ # CN=PCA-1-Verwaltung-02/O=PKI-1-Verwaltung/C=DE
+ DC:BD:69:25:48:BD:BB:7E:31:6E:BB:80:D3:00:80:35:D4:F8:A6:CD S
+
+ # CN=Root-CA/O=Schlapphuete/L=Pullach/C=DE
+ !14:56:98:D3:FE:9C:CA:5A:31:6E:BC:81:D3:11:4E:00:90:A3:44:C2 S
+
+ Before entering a key into this file, you need to ensure its
+ authenticity. How to do this depends on your organisation; your
+ administrator might have already entered those keys which are
+ deemed trustworthy enough into this file. Places where to look
+ for the fingerprint of a root certificate are letters received
+ from the CA or the website of the CA (after making 100% sure that
+ this is indeed the website of that CA). You may want to consider
+ allowing interactive updates of this file by using the *Note
+ option --allow-mark-trusted::. This is however not as secure as
+ maintaining this file manually. It is even advisable to change
+ the permissions to read-only so that this file can't be changed
+ inadvertently.
+
+ As a special feature a line `include-default' will include a global
+ list of trusted certificates (e.g. `/etc/gnupg/trustlist.txt').
+ This global list is also used if the local list is not available.
+
+ It is possible to add further flags after the `S' for use by the
+ caller:
+
+ `relax'
+ Relax checking of some root certificate requirements. As of
+ now this flag allows the use of root certificates with a
+ missing basicConstraints attribute (despite that it is a MUST
+ for CA certificates) and disables CRL checking for the root
+ certificate.
+
+ `cm'
+ If validation of a certificate finally issued by a CA with
+ this flag set fails, try again using the chain validation
+ model.
+
+
+`sshcontrol'
+ This file is used when support for the secure shell agent protocol
+ has been enabled (*note option --enable-ssh-support::). Only keys
+ present in this file are used in the SSH protocol. You should
+ backup this file.
+
+ The `ssh-add' tool may be used to add new entries to this file;
+ you may also add them manually. Comment lines, indicated by a
+ leading hash mark, as well as empty lines are ignored. An entry
+ starts with optional whitespace, followed by the keygrip of the
+ key given as 40 hex digits, optionally followed by the caching TTL
+ in seconds and another optional field for arbitrary flags. A
+ non-zero TTL overrides the global default as set by
+ `--default-cache-ttl-ssh'.
+
+ The only flag support is `confirm'. If this flag is found for a
+ key, each use of the key will pop up a pinentry to confirm the use
+ of that key. The flag is automatically set if a new key was
+ loaded into `gpg-agent' using the option `-c' of the `ssh-add'
+ command.
+
+ The keygrip may be prefixed with a `!' to disable an entry entry.
+
+ The following example lists exactly one key. Note that keys
+ available through a OpenPGP smartcard in the active smartcard
+ reader are implicitly added to this list; i.e. there is no need to
+ list them.
+
+ # Key added on: 2011-07-20 20:38:46
+ # Fingerprint: 5e:8d:c4:ad:e7:af:6e:27:8a:d6:13:e4:79:ad:0b:81
+ 34B62F25E277CF13D3C6BCEBFD3F85D08F0A864B 0 confirm
+
+`private-keys-v1.d/'
+ This is the directory where gpg-agent stores the private keys.
+ Each key is stored in a file with the name made up of the
+ keygrip and the suffix `key'. You should backup all files in
+ this directory and take great care to keep this backup closed
+ away.
+
+
+ Note that on larger installations, it is useful to put predefined
+files into the directory `/etc/skel/.gnupg/' so that newly created
+users start up with a working configuration. For existing users the a
+small helper script is provided to create these files (*note
+addgnupghome::).
+
+
+File: gnupg.info, Node: Agent Signals, Next: Agent Examples, Prev: Agent Configuration, Up: Invoking GPG-AGENT
+
+2.4 Use of some signals.
+========================
+
+A running `gpg-agent' may be controlled by signals, i.e. using the
+`kill' command to send a signal to the process.
+
+ Here is a list of supported signals:
+
+`SIGHUP'
+ This signal flushes all cached passphrases and if the program has
+ been started with a configuration file, the configuration file is
+ read again. Only certain options are honored: `quiet', `verbose',
+ `debug', `debug-all', `debug-level', `no-grab',
+ `pinentry-program', `default-cache-ttl', `max-cache-ttl',
+ `ignore-cache-for-signing', `allow-mark-trusted' and
+ `disable-scdaemon'. `scdaemon-program' is also supported but due
+ to the current implementation, which calls the scdaemon only once,
+ it is not of much use unless you manually kill the scdaemon.
+
+`SIGTERM'
+ Shuts down the process but waits until all current requests are
+ fulfilled. If the process has received 3 of these signals and
+ requests are still pending, a shutdown is forced.
+
+`SIGINT'
+ Shuts down the process immediately.
+
+`SIGUSR1'
+ Dump internal information to the log file.
+
+`SIGUSR2'
+ This signal is used for internal purposes.
+
+
+
+File: gnupg.info, Node: Agent Examples, Next: Agent Protocol, Prev: Agent Signals, Up: Invoking GPG-AGENT
+
+2.5 Examples
+============
+
+The usual way to invoke `gpg-agent' is
+
+ $ eval $(gpg-agent --daemon)
+
+ An alternative way is by replacing `ssh-agent' with `gpg-agent'. If
+for example `ssh-agent' is started as part of the Xsession
+initialization, you may simply replace `ssh-agent' by a script like:
+
+ #!/bin/sh
+
+ exec /usr/local/bin/gpg-agent --enable-ssh-support --daemon \
+ --write-env-file ${HOME}/.gpg-agent-info "$@"
+
+and add something like (for Bourne shells)
+
+ if [ -f "${HOME}/.gpg-agent-info" ]; then
+ . "${HOME}/.gpg-agent-info"
+ export GPG_AGENT_INFO
+ export SSH_AUTH_SOCK
+ fi
+
+to your shell initialization file (e.g. `~/.bashrc').
+
+
+File: gnupg.info, Node: Agent Protocol, Prev: Agent Examples, Up: Invoking GPG-AGENT
+
+2.6 Agent's Assuan Protocol
+===========================
+
+Note: this section does only document the protocol, which is used by
+GnuPG components; it does not deal with the ssh-agent protocol.
+
+ The `gpg-agent' should be started by the login shell and set an
+environment variable to tell clients about the socket to be used.
+Clients should deny to access an agent with a socket name which does
+not match its own configuration. An application may choose to start an
+instance of the gpgagent if it does not figure that any has been
+started; it should not do this if a gpgagent is running but not usable.
+Because `gpg-agent' can only be used in background mode, no special
+command line option is required to activate the use of the protocol.
+
+ To identify a key we use a thing called keygrip which is the SHA-1
+hash of an canonical encoded S-Expression of the public key as used in
+Libgcrypt. For the purpose of this interface the keygrip is given as a
+hex string. The advantage of using this and not the hash of a
+certificate is that it will be possible to use the same keypair for
+different protocols, thereby saving space on the token used to keep the
+secret keys.
+
+* Menu:
+
+* Agent PKDECRYPT:: Decrypting a session key
+* Agent PKSIGN:: Signing a Hash
+* Agent GENKEY:: Generating a Key
+* Agent IMPORT:: Importing a Secret Key
+* Agent EXPORT:: Exporting a Secret Key
+* Agent ISTRUSTED:: Importing a Root Certificate
+* Agent GET_PASSPHRASE:: Ask for a passphrase
+* Agent GET_CONFIRMATION:: Ask for confirmation
+* Agent HAVEKEY:: Check whether a key is available
+* Agent LEARN:: Register a smartcard
+* Agent PASSWD:: Change a Passphrase
+* Agent UPDATESTARTUPTTY:: Change the Standard Display
+* Agent GETEVENTCOUNTER:: Get the Event Counters
+* Agent GETINFO:: Return information about the process
+* Agent OPTION:: Set options for the session
+
+
+File: gnupg.info, Node: Agent PKDECRYPT, Next: Agent PKSIGN, Up: Agent Protocol
+
+2.6.1 Decrypting a session key
+------------------------------
+
+The client asks the server to decrypt a session key. The encrypted
+session key should have all information needed to select the
+appropriate secret key or to delegate it to a smartcard.
+
+ SETKEY <keyGrip>
+
+ Tell the server about the key to be used for decryption. If this is
+not used, `gpg-agent' may try to figure out the key by trying to
+decrypt the message with each key available.
+
+ PKDECRYPT
+
+ The agent checks whether this command is allowed and then does an
+INQUIRY to get the ciphertext the client should then send the cipher
+text.
+
+ S: INQUIRE CIPHERTEXT
+ C: D (xxxxxx
+ C: D xxxx)
+ C: END
+
+ Please note that the server may send status info lines while reading
+the data lines from the client. The data send is a SPKI like S-Exp with
+this structure:
+
+ (enc-val
+ (<algo>
+ (<param_name1> <mpi>)
+ ...
+ (<param_namen> <mpi>)))
+
+ Where algo is a string with the name of the algorithm; see the
+libgcrypt documentation for a list of valid algorithms. The number and
+names of the parameters depend on the algorithm. The agent does return
+an error if there is an inconsistency.
+
+ If the decryption was successful the decrypted data is returned by
+means of "D" lines.
+
+ Here is an example session:
+
+ C: PKDECRYPT
+ S: INQUIRE CIPHERTEXT
+ C: D (enc-val elg (a 349324324)
+ C: D (b 3F444677CA)))
+ C: END
+ S: # session key follows
+ S: D (value 1234567890ABCDEF0)
+ S: OK descryption successful
+
+
+File: gnupg.info, Node: Agent PKSIGN, Next: Agent GENKEY, Prev: Agent PKDECRYPT, Up: Agent Protocol
+
+2.6.2 Signing a Hash
+--------------------
+
+The client ask the agent to sign a given hash value. A default key
+will be chosen if no key has been set. To set a key a client first
+uses:
+
+ SIGKEY <keyGrip>
+
+ This can be used multiple times to create multiple signature, the
+list of keys is reset with the next PKSIGN command or a RESET. The
+server test whether the key is a valid key to sign something and
+responds with okay.
+
+ SETHASH --hash=<name>|<algo> <hexstring>
+
+ The client can use this command to tell the server about the data
+<hexstring> (which usually is a hash) to be signed. <algo> is the
+decimal encoded hash algorithm number as used by Libgcrypt. Either
+<algo> or -hash=<name> must be given. Valid names for <name> are:
+
+`sha1'
+
+`sha256'
+
+`rmd160'
+
+`md5'
+
+`tls-md5sha1'
+
+The actual signing is done using
+
+ PKSIGN <options>
+
+ Options are not yet defined, but my later be used to choose among
+different algorithms. The agent does then some checks, asks for the
+passphrase and as a result the server returns the signature as an SPKI
+like S-expression in "D" lines:
+
+ (sig-val
+ (<algo>
+ (<param_name1> <mpi>)
+ ...
+ (<param_namen> <mpi>)))
+
+ The operation is affected by the option
+
+ OPTION use-cache-for-signing=0|1
+
+ The default of `1' uses the cache. Setting this option to `0' will
+lead `gpg-agent' to ignore the passphrase cache. Note, that there is
+also a global command line option for `gpg-agent' to globally disable
+the caching.
+
+ Here is an example session:
+
+ C: SIGKEY <keyGrip>
+ S: OK key available
+ C: SIGKEY <keyGrip>
+ S: OK key available
+ C: PKSIGN
+ S: # I did ask the user whether he really wants to sign
+ S: # I did ask the user for the passphrase
+ S: INQUIRE HASHVAL
+ C: D ABCDEF012345678901234
+ C: END
+ S: # signature follows
+ S: D (sig-val rsa (s 45435453654612121212))
+ S: OK
+
+
+File: gnupg.info, Node: Agent GENKEY, Next: Agent IMPORT, Prev: Agent PKSIGN, Up: Agent Protocol
+
+2.6.3 Generating a Key
+----------------------
+
+This is used to create a new keypair and store the secret key inside the
+active PSE -- which is in most cases a Soft-PSE. An not yet defined
+option allows to choose the storage location. To get the secret key out
+of the PSE, a special export tool has to be used.
+
+ GENKEY
+
+ Invokes the key generation process and the server will then inquire
+on the generation parameters, like:
+
+ S: INQUIRE KEYPARM
+ C: D (genkey (rsa (nbits 1024)))
+ C: END
+
+ The format of the key parameters which depends on the algorithm is of
+the form:
+
+ (genkey
+ (algo
+ (parameter_name_1 ....)
+ ....
+ (parameter_name_n ....)))
+
+ If everything succeeds, the server returns the *public key* in a SPKI
+like S-Expression like this:
+
+ (public-key
+ (rsa
+ (n <mpi>)
+ (e <mpi>)))
+
+ Here is an example session:
+
+ C: GENKEY
+ S: INQUIRE KEYPARM
+ C: D (genkey (rsa (nbits 1024)))
+ C: END
+ S: D (public-key
+ S: D (rsa (n 326487324683264) (e 10001)))
+ S OK key created
+
+
+File: gnupg.info, Node: Agent IMPORT, Next: Agent EXPORT, Prev: Agent GENKEY, Up: Agent Protocol
+
+2.6.4 Importing a Secret Key
+----------------------------
+
+This operation is not yet supported by GpgAgent. Specialized tools are
+to be used for this.
+
+ There is no actual need because we can expect that secret keys
+created by a 3rd party are stored on a smartcard. If we have generated
+the key ourself, we do not need to import it.
+
+
+File: gnupg.info, Node: Agent EXPORT, Next: Agent ISTRUSTED, Prev: Agent IMPORT, Up: Agent Protocol
+
+2.6.5 Export a Secret Key
+-------------------------
+
+Not implemented.
+
+ Should be done by an extra tool.
+
+
+File: gnupg.info, Node: Agent ISTRUSTED, Next: Agent GET_PASSPHRASE, Prev: Agent EXPORT, Up: Agent Protocol
+
+2.6.6 Importing a Root Certificate
+----------------------------------
+
+Actually we do not import a Root Cert but provide a way to validate any
+piece of data by storing its Hash along with a description and an
+identifier in the PSE. Here is the interface description:
+
+ ISTRUSTED <fingerprint>
+
+ Check whether the OpenPGP primary key or the X.509 certificate with
+the given fingerprint is an ultimately trusted key or a trusted Root CA
+certificate. The fingerprint should be given as a hexstring (without
+any blanks or colons or whatever in between) and may be left padded with
+00 in case of an MD5 fingerprint. GPGAgent will answer with:
+
+ OK
+
+ The key is in the table of trusted keys.
+
+ ERR 304 (Not Trusted)
+
+ The key is not in this table.
+
+ Gpg needs the entire list of trusted keys to maintain the web of
+trust; the following command is therefore quite helpful:
+
+ LISTTRUSTED
+
+ GpgAgent returns a list of trusted keys line by line:
+
+ S: D 000000001234454556565656677878AF2F1ECCFF P
+ S: D 340387563485634856435645634856438576457A P
+ S: D FEDC6532453745367FD83474357495743757435D S
+ S: OK
+
+ The first item on a line is the hexified fingerprint where MD5
+fingerprints are `00' padded to the left and the second item is a flag
+to indicate the type of key (so that gpg is able to only take care of
+PGP keys). P = OpenPGP, S = S/MIME. A client should ignore the rest
+of the line, so that we can extend the format in the future.
+
+ Finally a client should be able to mark a key as trusted:
+
+ MARKTRUSTED FINGERPRINT "P"|"S"
+
+ The server will then pop up a window to ask the user whether she
+really trusts this key. For this it will probably ask for a text to be
+displayed like this:
+
+ S: INQUIRE TRUSTDESC
+ C: D Do you trust the key with the fingerprint @FPR@
+ C: D bla fasel blurb.
+ C: END
+ S: OK
+
+ Known sequences with the pattern @foo@ are replaced according to this
+table:
+
+`@FPR16@'
+ Format the fingerprint according to gpg rules for a v3 keys.
+
+`@FPR20@'
+ Format the fingerprint according to gpg rules for a v4 keys.
+
+`@FPR@'
+ Choose an appropriate format to format the fingerprint.
+
+`@@'
+ Replaced by a single `@'
+
+
+File: gnupg.info, Node: Agent GET_PASSPHRASE, Next: Agent GET_CONFIRMATION, Prev: Agent ISTRUSTED, Up: Agent Protocol
+
+2.6.7 Ask for a passphrase
+--------------------------
+
+This function is usually used to ask for a passphrase to be used for
+conventional encryption, but may also be used by programs which need
+special handling of passphrases. This command uses a syntax which helps
+clients to use the agent with minimum effort.
+
+ GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]] [--qualitybar] CACHE_ID [ERROR_MESSAGE PROMPT DESCRIPTION]
+
+ CACHE_ID is expected to be a string used to identify a cached
+passphrase. Use a `X' to bypass the cache. With no other arguments
+the agent returns a cached passphrase or an error. By convention
+either the hexified fingerprint of the key shall be used for CACHE_ID
+or an arbitrary string prefixed with the name of the calling
+application and a colon: Like `gpg:somestring'.
+
+ ERROR_MESSAGE is either a single `X' for no error message or a
+string to be shown as an error message like (e.g. "invalid
+passphrase"). Blanks must be percent escaped or replaced by `+''.
+
+ PROMPT is either a single `X' for a default prompt or the text to be
+shown as the prompt. Blanks must be percent escaped or replaced by `+'.
+
+ DESCRIPTION is a text shown above the entry field. Blanks must be
+percent escaped or replaced by `+'.
+
+ The agent either returns with an error or with a OK followed by the
+hex encoded passphrase. Note that the length of the strings is
+implicitly limited by the maximum length of a command. If the option
+`--data' is used, the passphrase is not returned on the OK line but by
+regular data lines; this is the preferred method.
+
+ If the option `--check' is used, the standard passphrase constraints
+checks are applied. A check is not done if the passphrase has been
+found in the cache.
+
+ If the option `--no-ask' is used and the passphrase is not in the
+cache the user will not be asked to enter a passphrase but the error
+code `GPG_ERR_NO_DATA' is returned.
+
+ If the option `--qualitybar' is used and a minimum passphrase length
+has been configured, a visual indication of the entered passphrase
+quality is shown.
+
+ CLEAR_PASSPHRASE CACHE_ID
+
+ may be used to invalidate the cache entry for a passphrase. The
+function returns with OK even when there is no cached passphrase.
+
+
+File: gnupg.info, Node: Agent GET_CONFIRMATION, Next: Agent HAVEKEY, Prev: Agent GET_PASSPHRASE, Up: Agent Protocol
+
+2.6.8 Ask for confirmation
+--------------------------
+
+This command may be used to ask for a simple confirmation by presenting
+a text and 2 buttons: Okay and Cancel.
+
+ GET_CONFIRMATION DESCRIPTION
+
+ DESCRIPTIONis displayed along with a Okay and Cancel button. Blanks
+must be percent escaped or replaced by `+'. A `X' may be used to
+display confirmation dialog with a default text.
+
+ The agent either returns with an error or with a OK. Note, that the
+length of DESCRIPTION is implicitly limited by the maximum length of a
+command.
+
+
+File: gnupg.info, Node: Agent HAVEKEY, Next: Agent LEARN, Prev: Agent GET_CONFIRMATION, Up: Agent Protocol
+
+2.6.9 Check whether a key is available
+--------------------------------------
+
+This can be used to see whether a secret key is available. It does not
+return any information on whether the key is somehow protected.
+
+ HAVEKEY KEYGRIPS
+
+ The agent answers either with OK or `No_Secret_Key' (208). The
+caller may want to check for other error codes as well. More than one
+keygrip may be given. In this case the command returns success if at
+least one of the keygrips corresponds to an available secret key.
+
+
+File: gnupg.info, Node: Agent LEARN, Next: Agent PASSWD, Prev: Agent HAVEKEY, Up: Agent Protocol
+
+2.6.10 Register a smartcard
+---------------------------
+
+ LEARN [--send]
+
+ This command is used to register a smartcard. With the -send option
+given the certificates are send back.
+
+
+File: gnupg.info, Node: Agent PASSWD, Next: Agent UPDATESTARTUPTTY, Prev: Agent LEARN, Up: Agent Protocol
+
+2.6.11 Change a Passphrase
+--------------------------
+
+ PASSWD KEYGRIP
+
+ This command is used to interactively change the passphrase of the
+key identified by the hex string KEYGRIP.
+
+
+File: gnupg.info, Node: Agent UPDATESTARTUPTTY, Next: Agent GETEVENTCOUNTER, Prev: Agent PASSWD, Up: Agent Protocol
+
+2.6.12 Change the standard display
+----------------------------------
+
+ UPDATESTARTUPTTY
+
+ Set the startup TTY and X-DISPLAY variables to the values of this
+session. This command is useful to direct future pinentry invocations
+to another screen. It is only required because there is no way in the
+ssh-agent protocol to convey this information.
+
+
+File: gnupg.info, Node: Agent GETEVENTCOUNTER, Next: Agent GETINFO, Prev: Agent UPDATESTARTUPTTY, Up: Agent Protocol
+
+2.6.13 Get the Event Counters
+-----------------------------
+
+ GETEVENTCOUNTER
+
+ This function return one status line with the current values of the
+event counters. The event counters are useful to avoid polling by
+delaying a poll until something has changed. The values are decimal
+numbers in the range `0' to `UINT_MAX' and wrapping around to 0. The
+actual values should not be relied upon; they shall only be used to
+detect a change.
+
+ The currently defined counters are are:
+`ANY'
+ Incremented with any change of any of the other counters.
+
+`KEY'
+ Incremented for added or removed private keys.
+
+`CARD'
+ Incremented for changes of the card readers stati.
+
+
+File: gnupg.info, Node: Agent GETINFO, Next: Agent OPTION, Prev: Agent GETEVENTCOUNTER, Up: Agent Protocol
+
+2.6.14 Return information about the process
+-------------------------------------------
+
+This is a multipurpose function to return a variety of information.
+
+ GETINFO WHAT
+
+ The value of WHAT specifies the kind of information returned:
+`version'
+ Return the version of the program.
+
+`pid'
+ Return the process id of the process.
+
+`socket_name'
+ Return the name of the socket used to connect the agent.
+
+`ssh_socket_name'
+ Return the name of the socket used for SSH connections. If SSH
+ support has not been enabled the error `GPG_ERR_NO_DATA' will be
+ returned.
+
+
+File: gnupg.info, Node: Agent OPTION, Prev: Agent GETINFO, Up: Agent Protocol
+
+2.6.15 Set options for the session
+----------------------------------
+
+Here is a list of session options which are not yet described with
+other commands. The general syntax for an Assuan option is:
+
+ OPTION KEY=VALUE
+
+Supported KEYs are:
+
+`agent-awareness'
+ This may be used to tell gpg-agent of which gpg-agent version the
+ client is aware of. gpg-agent uses this information to enable
+ features which might break older clients.
+
+`putenv'
+ Change the session's environment to be used for the Pinentry.
+ Valid values are:
+
+ `NAME'
+ Delete envvar NAME
+
+ `NAME='
+ Set envvar NAME to the empty string
+
+ `NAME=VALUE'
+ Set envvar NAME to the string VALUE.
+
+`use-cache-for-signing'
+ See Assuan command `PKSIGN'.
+
+`allow-pinentry-notify'
+ This does not need any value. It is used to enable the
+ PINENTRY_LAUNCHED inquiry.
+
+
+
+File: gnupg.info, Node: Invoking GPG, Next: Invoking GPGSM, Prev: Invoking GPG-AGENT, Up: Top
+
+3 Invoking GPG
+**************
+
+`gpg2' is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a
+tool to provide digital encryption and signing services using the
+OpenPGP standard. `gpg2' features complete key management and all bells
+and whistles you can expect from a decent OpenPGP implementation.
+
+ In contrast to the standalone version `gpg', which is more suited
+for server and embedded platforms, this version is commonly installed
+under the name `gpg2' and more targeted to the desktop as it requires
+several other modules to be installed. The standalone version will be
+kept maintained and it is possible to install both versions on the same
+system. If you need to use different configuration files, you should
+make use of something like `gpg.conf-2' instead of just `gpg.conf'.
+
+ Documentation for the old standard `gpg' is available as a man page
+and at *note GnuPG 1: (gpg)Top.
+
+ *Note Option Index::, for an index to `gpg2''s commands and options.
+
+* Menu:
+
+* GPG Commands:: List of all commands.
+* GPG Options:: List of all options.
+* GPG Configuration:: Configuration files.
+* GPG Examples:: Some usage examples.
+
+Developer information:
+* Unattended Usage of GPG:: Using `gpg' from other programs.
+
+
+File: gnupg.info, Node: GPG Commands, Next: GPG Options, Up: Invoking GPG
+
+3.1 Commands
+============
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+ `gpg2' may be run with no commands, in which case it will perform a
+reasonable action depending on the type of file it is given as input
+(an encrypted message is decrypted, a signature is verified, a file
+containing keys is listed).
+
+ Please remember that option as well as command parsing stops as soon
+as a non-option is encountered, you can explicitly stop parsing by
+using the special option `--'.
+
+* Menu:
+
+* General GPG Commands:: Commands not specific to the functionality.
+* Operational GPG Commands:: Commands to select the type of operation.
+* OpenPGP Key Management:: How to manage your keys.
+
+
+File: gnupg.info, Node: General GPG Commands, Next: Operational GPG Commands, Up: GPG Commands
+
+3.1.1 Commands not specific to the function
+-------------------------------------------
+
+`--version'
+ Print the program version and licensing information. Note that you
+ cannot abbreviate this command.
+
+`--help'
+`-h'
+ Print a usage message summarizing the most useful command line
+ options. Note that you cannot abbreviate this command.
+
+`--warranty'
+ Print warranty information.
+
+`--dump-options'
+ Print a list of all available options and commands. Note that you
+ cannot abbreviate this command.
+
+
+File: gnupg.info, Node: Operational GPG Commands, Next: OpenPGP Key Management, Prev: General GPG Commands, Up: GPG Commands
+
+3.1.2 Commands to select the type of operation
+----------------------------------------------
+
+`--sign'
+`-s'
+ Make a signature. This command may be combined with `--encrypt'
+ (for a signed and encrypted message), `--symmetric' (for a signed
+ and symmetrically encrypted message), or `--encrypt' and
+ `--symmetric' together (for a signed message that may be decrypted
+ via a secret key or a passphrase). The key to be used for signing
+ is chosen by default or can be set with the `--local-user' and
+ `--default-key' options.
+
+`--clearsign'
+ Make a clear text signature. The content in a clear text
+ signature is readable without any special software. OpenPGP
+ software is only needed to verify the signature. Clear text
+ signatures may modify end-of-line whitespace for platform
+ independence and are not intended to be reversible. The key to be
+ used for signing is chosen by default or can be set with the
+ `--local-user' and `--default-key' options.
+
+`--detach-sign'
+`-b'
+ Make a detached signature.
+
+`--encrypt'
+`-e'
+ Encrypt data. This option may be combined with `--sign' (for a
+ signed and encrypted message), `--symmetric' (for a message that
+ may be decrypted via a secret key or a passphrase), or `--sign'
+ and `--symmetric' together (for a signed message that may be
+ decrypted via a secret key or a passphrase).
+
+`--symmetric'
+`-c'
+ Encrypt with a symmetric cipher using a passphrase. The default
+ symmetric cipher used is CAST5, but may be chosen with the
+ `--cipher-algo' option. This option may be combined with `--sign'
+ (for a signed and symmetrically encrypted message), `--encrypt'
+ (for a message that may be decrypted via a secret key or a
+ passphrase), or `--sign' and `--encrypt' together (for a signed
+ message that may be decrypted via a secret key or a passphrase).
+
+`--store'
+ Store only (make a simple RFC1991 literal data packet).
+
+`--decrypt'
+`-d'
+ Decrypt the file given on the command line (or STDIN if no file is
+ specified) and write it to STDOUT (or the file specified with
+ `--output'). If the decrypted file is signed, the signature is also
+ verified. This command differs from the default operation, as it
+ never writes to the filename which is included in the file and it
+ rejects files which don't begin with an encrypted message.
+
+`--verify'
+ Assume that the first argument is a signed file or a detached
+ signature and verify it without generating any output. With no
+ arguments, the signature packet is read from STDIN. If only a
+ sigfile is given, it may be a complete signature or a detached
+ signature, in which case the signed stuff is expected in a file
+ without the ".sig" or ".asc" extension. With more than 1
+ argument, the first should be a detached signature and the
+ remaining files are the signed stuff. To read the signed stuff
+ from STDIN, use `-' as the second filename. For security reasons
+ a detached signature cannot read the signed material from STDIN
+ without denoting it in the above way.
+
+`--multifile'
+ This modifies certain other commands to accept multiple files for
+ processing on the command line or read from STDIN with each
+ filename on a separate line. This allows for many files to be
+ processed at once. `--multifile' may currently be used along with
+ `--verify', `--encrypt', and `--decrypt'. Note that `--multifile
+ --verify' may not be used with detached signatures.
+
+`--verify-files'
+ Identical to `--multifile --verify'.
+
+`--encrypt-files'
+ Identical to `--multifile --encrypt'.
+
+`--decrypt-files'
+ Identical to `--multifile --decrypt'.
+
+`--list-keys'
+`-k'
+`--list-public-keys'
+ List all keys from the public keyrings, or just the keys given on
+ the command line.
+
+ Avoid using the output of this command in scripts or other
+ programs as it is likely to change as GnuPG changes. See
+ `--with-colons' for a machine-parseable key listing command that
+ is appropriate for use in scripts and other programs.
+
+`--list-secret-keys'
+`-K'
+ List all keys from the secret keyrings, or just the ones given on
+ the command line. A `#' after the letters `sec' means that the
+ secret key is not usable (for example, if it was created via
+ `--export-secret-subkeys').
+
+`--list-sigs'
+ Same as `--list-keys', but the signatures are listed too. This
+ command has the same effect as using `--list-keys' with
+ `--with-sig-list'.
+
+ For each signature listed, there are several flags in between the
+ "sig" tag and keyid. These flags give additional information about
+ each signature. From left to right, they are the numbers 1-3 for
+ certificate check level (see `--ask-cert-level'), "L" for a local
+ or non-exportable signature (see `--lsign-key'), "R" for a
+ nonRevocable signature (see the `--edit-key' command "nrsign"),
+ "P" for a signature that contains a policy URL (see
+ `--cert-policy-url'), "N" for a signature that contains a notation
+ (see `--cert-notation'), "X" for an eXpired signature (see
+ `--ask-cert-expire'), and the numbers 1-9 or "T" for 10 and above
+ to indicate trust signature levels (see the `--edit-key' command
+ "tsign").
+
+`--check-sigs'
+ Same as `--list-sigs', but the signatures are verified. Note that
+ for performance reasons the revocation status of a signing key is
+ not shown. This command has the same effect as using
+ `--list-keys' with `--with-sig-check'.
+
+ The status of the verification is indicated by a flag directly
+ following the "sig" tag (and thus before the flags described above
+ for `--list-sigs'). A "!" indicates that the signature has been
+ successfully verified, a "-" denotes a bad signature and a "%" is
+ used if an error occurred while checking the signature (e.g. a non
+ supported algorithm).
+
+`--locate-keys'
+ Locate the keys given as arguments. This command basically uses
+ the same algorithm as used when locating keys for encryption or
+ signing and may thus be used to see what keys `gpg2' might use. In
+ particular external methods as defined by `--auto-key-locate' may
+ be used to locate a key. Only public keys are listed.
+
+`--fingerprint'
+ List all keys (or the specified ones) along with their
+ fingerprints. This is the same output as `--list-keys' but with
+ the additional output of a line with the fingerprint. May also be
+ combined with `--list-sigs' or `--check-sigs'. If this command is
+ given twice, the fingerprints of all secondary keys are listed too.
+
+`--list-packets'
+ List only the sequence of packets. This is mainly useful for
+ debugging.
+
+`--card-edit'
+ Present a menu to work with a smartcard. The subcommand "help"
+ provides an overview on available commands. For a detailed
+ description, please see the Card HOWTO at
+ http://www.gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO .
+
+`--card-status'
+ Show the content of the smart card.
+
+`--change-pin'
+ Present a menu to allow changing the PIN of a smartcard. This
+ functionality is also available as the subcommand "passwd" with the
+ `--card-edit' command.
+
+`--delete-key `name''
+ Remove key from the public keyring. In batch mode either `--yes' is
+ required or the key must be specified by fingerprint. This is a
+ safeguard against accidental deletion of multiple keys.
+
+`--delete-secret-key `name''
+ Remove key from the secret and public keyring. In batch mode the
+ key must be specified by fingerprint.
+
+`--delete-secret-and-public-key `name''
+ Same as `--delete-key', but if a secret key exists, it will be
+ removed first. In batch mode the key must be specified by
+ fingerprint.
+
+`--export'
+ Either export all keys from all keyrings (default keyrings and
+ those registered via option `--keyring'), or if at least one name
+ is given, those of the given name. The new keyring is written to
+ STDOUT or to the file given with option `--output'. Use together
+ with `--armor' to mail those keys.
+
+`--send-keys `key IDs''
+ Similar to `--export' but sends the keys to a keyserver.
+ Fingerprints may be used instead of key IDs. Option `--keyserver'
+ must be used to give the name of this keyserver. Don't send your
+ complete keyring to a keyserver -- select only those keys which
+ are new or changed by you. If no key IDs are given, `gpg' does
+ nothing.
+
+`--export-secret-keys'
+`--export-secret-subkeys'
+ Same as `--export', but exports the secret keys instead. This is
+ normally not very useful and a security risk. The second form of
+ the command has the special property to render the secret part of
+ the primary key useless; this is a GNU extension to OpenPGP and
+ other implementations can not be expected to successfully import
+ such a key. See the option `--simple-sk-checksum' if you want to
+ import such an exported key with an older OpenPGP implementation.
+
+`--import'
+`--fast-import'
+ Import/merge keys. This adds the given keys to the keyring. The
+ fast version is currently just a synonym.
+
+ There are a few other options which control how this command works.
+ Most notable here is the `--import-options merge-only' option
+ which does not insert new keys but does only the merging of new
+ signatures, user-IDs and subkeys.
+
+`--recv-keys `key IDs''
+ Import the keys with the given key IDs from a keyserver. Option
+ `--keyserver' must be used to give the name of this keyserver.
+
+`--refresh-keys'
+ Request updates from a keyserver for keys that already exist on the
+ local keyring. This is useful for updating a key with the latest
+ signatures, user IDs, etc. Calling this with no arguments will
+ refresh the entire keyring. Option `--keyserver' must be used to
+ give the name of the keyserver for all keys that do not have
+ preferred keyservers set (see `--keyserver-options
+ honor-keyserver-url').
+
+`--search-keys `names''
+ Search the keyserver for the given names. Multiple names given
+ here will be joined together to create the search string for the
+ keyserver. Option `--keyserver' must be used to give the name of
+ this keyserver. Keyservers that support different search methods
+ allow using the syntax specified in "How to specify a user ID"
+ below. Note that different keyserver types support different
+ search methods. Currently only LDAP supports them all.
+
+`--fetch-keys `URIs''
+ Retrieve keys located at the specified URIs. Note that different
+ installations of GnuPG may support different protocols (HTTP, FTP,
+ LDAP, etc.)
+
+`--update-trustdb'
+ Do trust database maintenance. This command iterates over all keys
+ and builds the Web of Trust. This is an interactive command
+ because it may have to ask for the "ownertrust" values for keys.
+ The user has to give an estimation of how far she trusts the owner
+ of the displayed key to correctly certify (sign) other keys. GnuPG
+ only asks for the ownertrust value if it has not yet been assigned
+ to a key. Using the `--edit-key' menu, the assigned value can be
+ changed at any time.
+
+`--check-trustdb'
+ Do trust database maintenance without user interaction. From time
+ to time the trust database must be updated so that expired keys or
+ signatures and the resulting changes in the Web of Trust can be
+ tracked. Normally, GnuPG will calculate when this is required and
+ do it automatically unless `--no-auto-check-trustdb' is set. This
+ command can be used to force a trust database check at any time.
+ The processing is identical to that of `--update-trustdb' but it
+ skips keys with a not yet defined "ownertrust".
+
+ For use with cron jobs, this command can be used together with
+ `--batch' in which case the trust database check is done only if a
+ check is needed. To force a run even in batch mode add the option
+ `--yes'.
+
+`--export-ownertrust'
+ Send the ownertrust values to STDOUT. This is useful for backup
+ purposes as these values are the only ones which can't be
+ re-created from a corrupted trustdb. Example:
+ gpg2 --export-ownertrust > otrust.txt
+
+`--import-ownertrust'
+ Update the trustdb with the ownertrust values stored in `files' (or
+ STDIN if not given); existing values will be overwritten. In case
+ of a severely damaged trustdb and if you have a recent backup of
+ the ownertrust values (e.g. in the file `otrust.txt', you may
+ re-create the trustdb using these commands:
+ cd ~/.gnupg
+ rm trustdb.gpg
+ gpg2 --import-ownertrust < otrust.txt
+
+`--rebuild-keydb-caches'
+ When updating from version 1.0.6 to 1.0.7 this command should be
+ used to create signature caches in the keyring. It might be handy
+ in other situations too.
+
+`--print-md `algo''
+`--print-mds'
+ Print message digest of algorithm ALGO for all given files or
+ STDIN. With the second form (or a deprecated "*" as algo) digests
+ for all available algorithms are printed.
+
+`--gen-random `0|1|2' `count''
+ Emit COUNT random bytes of the given quality level 0, 1 or 2. If
+ COUNT is not given or zero, an endless sequence of random bytes
+ will be emitted. If used with `--armor' the output will be base64
+ encoded. PLEASE, don't use this command unless you know what you
+ are doing; it may remove precious entropy from the system!
+
+`--gen-prime `mode' `bits''
+ Use the source, Luke :-). The output format is still subject to
+ change.
+
+`--enarmor'
+
+`--dearmor'
+ Pack or unpack an arbitrary input into/from an OpenPGP ASCII armor.
+ This is a GnuPG extension to OpenPGP and in general not very
+ useful.
+
+
+
+File: gnupg.info, Node: OpenPGP Key Management, Prev: Operational GPG Commands, Up: GPG Commands
+
+3.1.3 How to manage your keys
+-----------------------------
+
+This section explains the main commands for key management
+
+`--gen-key'
+ Generate a new key pair. This command is normally only used
+ interactively.
+
+ There is an experimental feature which allows you to create keys in
+ batch mode. See the file `doc/DETAILS' in the source distribution
+ on how to use this.
+
+`--gen-revoke `name''
+ Generate a revocation certificate for the complete key. To revoke
+ a subkey or a signature, use the `--edit' command.
+
+`--desig-revoke `name''
+ Generate a designated revocation certificate for a key. This
+ allows a user (with the permission of the keyholder) to revoke
+ someone else's key.
+
+`--edit-key'
+ Present a menu which enables you to do most of the key management
+ related tasks. It expects the specification of a key on the
+ command line.
+
+ uid `n'
+ Toggle selection of user ID or photographic user ID with
+ index `n'. Use `*' to select all and `0' to deselect all.
+
+ key `n'
+ Toggle selection of subkey with index `n'. Use `*' to
+ select all and `0' to deselect all.
+
+ sign
+ Make a signature on key of user `name' If the key is not yet
+ signed by the default user (or the users given with -u), the
+ program displays the information of the key again, together
+ with its fingerprint and asks whether it should be signed.
+ This question is repeated for all users specified with -u.
+
+ lsign
+ Same as "sign" but the signature is marked as non-exportable
+ and will therefore never be used by others. This may be
+ used to make keys valid only in the local environment.
+
+ nrsign
+ Same as "sign" but the signature is marked as non-revocable
+ and can therefore never be revoked.
+
+ tsign
+ Make a trust signature. This is a signature that combines the
+ notions of certification (like a regular signature), and
+ trust (like the "trust" command). It is generally only
+ useful in distinct communities or groups.
+
+ Note that "l" (for local / non-exportable), "nr" (for
+ non-revocable, and "t" (for trust) may be freely mixed and
+ prefixed to "sign" to create a signature of any type desired.
+
+ delsig
+ Delete a signature. Note that it is not possible to retract a
+ signature, once it has been send to the public (i.e. to a
+ keyserver). In that case you better use `revsig'.
+
+ revsig
+ Revoke a signature. For every signature which has been
+ generated by one of the secret keys, GnuPG asks whether a
+ revocation certificate should be generated.
+
+ check
+ Check the signatures on all selected user IDs.
+
+ adduid
+ Create an additional user ID.
+
+ addphoto
+ Create a photographic user ID. This will prompt for a JPEG
+ file that will be embedded into the user ID. Note that a
+ very large JPEG will make for a very large key. Also note
+ that some programs will display your JPEG unchanged
+ (GnuPG), and some programs will scale it to fit in a dialog
+ box (PGP).
+
+ showphoto
+ Display the selected photographic user ID.
+
+ deluid
+ Delete a user ID or photographic user ID. Note that it is not
+ possible to retract a user id, once it has been send to the
+ public (i.e. to a keyserver). In that case you better use
+ `revuid'.
+
+ revuid
+ Revoke a user ID or photographic user ID.
+
+ primary
+ Flag the current user id as the primary one, removes the
+ primary user id flag from all other user ids and sets the
+ timestamp of all affected self-signatures one second ahead.
+ Note that setting a photo user ID as primary makes it
+ primary over other photo user IDs, and setting a regular
+ user ID as primary makes it primary over other regular user
+ IDs.
+
+ keyserver
+ Set a preferred keyserver for the specified user ID(s). This
+ allows other users to know where you prefer they get your
+ key from. See `--keyserver-options honor-keyserver-url' for
+ more on how this works. Setting a value of "none" removes
+ an existing preferred keyserver.
+
+ notation
+ Set a name=value notation for the specified user ID(s). See
+ `--cert-notation' for more on how this works. Setting a value
+ of "none" removes all notations, setting a notation
+ prefixed with a minus sign (-) removes that notation, and
+ setting a notation name (without the =value) prefixed with
+ a minus sign removes all notations with that name.
+
+ pref
+ List preferences from the selected user ID. This shows the
+ actual preferences, without including any implied
+ preferences.
+
+ showpref
+ More verbose preferences listing for the selected user ID.
+ This shows the preferences in effect by including the
+ implied preferences of 3DES (cipher), SHA-1 (digest), and
+ Uncompressed (compression) if they are not already included
+ in the preference list. In addition, the preferred
+ keyserver and signature notations (if any) are shown.
+
+ setpref `string'
+ Set the list of user ID preferences to `string' for all (or
+ just the selected) user IDs. Calling setpref with no
+ arguments sets the preference list to the default (either
+ built-in or set via `--default-preference-list'), and
+ calling setpref with "none" as the argument sets an empty
+ preference list. Use `gpg2 --version' to get a list of
+ available algorithms. Note that while you can change the
+ preferences on an attribute user ID (aka "photo ID"), GnuPG
+ does not select keys via attribute user IDs so these
+ preferences will not be used by GnuPG.
+
+ When setting preferences, you should list the algorithms in
+ the order which you'd like to see them used by someone else
+ when encrypting a message to your key. If you don't
+ include 3DES, it will be automatically added at the end.
+ Note that there are many factors that go into choosing an
+ algorithm (for example, your key may not be the only
+ recipient), and so the remote OpenPGP application being used
+ to send to you may or may not follow your exact chosen
+ order for a given message. It will, however, only choose
+ an algorithm that is present on the preference list of
+ every recipient key. See also the INTEROPERABILITY WITH
+ OTHER OPENPGP PROGRAMS section below.
+
+ addkey
+ Add a subkey to this key.
+
+ addcardkey
+ Generate a subkey on a card and add it to this key.
+
+ keytocard
+ Transfer the selected secret subkey (or the primary key if no
+ subkey has been selected) to a smartcard. The secret key in
+ the keyring will be replaced by a stub if the key could be
+ stored successfully on the card and you use the save
+ command later. Only certain key types may be transferred to
+ the card. A sub menu allows you to select on what card to
+ store the key. Note that it is not possible to get that key
+ back from the card - if the card gets broken your secret
+ key will be lost unless you have a backup somewhere.
+
+ bkuptocard `file'
+ Restore the given file to a card. This command may be used to
+ restore a backup key (as generated during card
+ initialization) to a new card. In almost all cases this
+ will be the encryption key. You should use this command
+ only with the corresponding public key and make sure that the
+ file given as argument is indeed the backup to restore. You
+ should then select 2 to restore as encryption key. You
+ will first be asked to enter the passphrase of the backup
+ key and then for the Admin PIN of the card.
+
+ delkey
+ Remove a subkey (secondart key). Note that it is not possible
+ to retract a subkey, once it has been send to the public
+ (i.e. to a keyserver). In that case you better use
+ `revkey'.
+
+ revkey
+ Revoke a subkey.
+
+ expire
+ Change the key or subkey expiration time. If a subkey is
+ selected, the expiration time of this subkey will be
+ changed. With no selection, the key expiration of the
+ primary key is changed.
+
+ trust
+ Change the owner trust value for the key. This updates the
+ trust-db immediately and no save is required.
+
+ disable
+ enable
+ Disable or enable an entire key. A disabled key can not
+ normally be used for encryption.
+
+ addrevoker
+ Add a designated revoker to the key. This takes one optional
+ argument: "sensitive". If a designated revoker is marked as
+ sensitive, it will not be exported by default (see
+ export-options).
+
+ passwd
+ Change the passphrase of the secret key.
+
+ toggle
+ Toggle between public and secret key listing.
+
+ clean
+ Compact (by removing all signatures except the selfsig) any
+ user ID that is no longer usable (e.g. revoked, or
+ expired). Then, remove any signatures that are not usable
+ by the trust calculations. Specifically, this removes any
+ signature that does not validate, any signature that is
+ superseded by a later signature, revoked signatures, and
+ signatures issued by keys that are not present on the keyring.
+
+ minimize
+ Make the key as small as possible. This removes all
+ signatures from each user ID except for the most recent
+ self-signature.
+
+ cross-certify
+ Add cross-certification signatures to signing subkeys that
+ may not currently have them. Cross-certification signatures
+ protect against a subtle attack against signing subkeys. See
+ `--require-cross-certification'. All new keys generated have
+ this signature by default, so this option is only useful to
+ bring older keys up to date.
+
+ save
+ Save all changes to the key rings and quit.
+
+ quit
+ Quit the program without updating the key rings.
+
+ The listing shows you the key with its secondary keys and all user
+ ids. The primary user id is indicated by a dot, and selected keys
+ or user ids are indicated by an asterisk. The trust value is
+ displayed with the primary key: the first is the assigned owner
+ trust and the second is the calculated trust value. Letters are
+ used for the values:
+
+ -
+ No ownertrust assigned / not yet calculated.
+
+ e
+ Trust calculation has failed; probably due to an expired
+ key.
+
+ q
+ Not enough information for calculation.
+
+ n
+ Never trust this key.
+
+ m
+ Marginally trusted.
+
+ f
+ Fully trusted.
+
+ u
+ Ultimately trusted.
+
+
+`--sign-key `name''
+ Signs a public key with your secret key. This is a shortcut
+ version of the subcommand "sign" from `--edit'.
+
+`--lsign-key `name''
+ Signs a public key with your secret key but marks it as
+ non-exportable. This is a shortcut version of the subcommand
+ "lsign" from `--edit-key'.
+
+`--passwd USER_ID'
+ Change the passphrase of the secret key belonging to the
+ certificate specified as USER_ID. This is a shortcut for the
+ sub-command `passwd' of the edit key menu.
+
+
+
+File: gnupg.info, Node: GPG Options, Next: GPG Configuration, Prev: GPG Commands, Up: Invoking GPG
+
+3.2 Option Summary
+==================
+
+`gpg2' features a bunch of options to control the exact behaviour and
+to change the default configuration.
+
+* Menu:
+
+* GPG Configuration Options:: How to change the configuration.
+* GPG Key related Options:: Key related options.
+* GPG Input and Output:: Input and Output.
+* OpenPGP Options:: OpenPGP protocol specific options.
+* GPG Esoteric Options:: Doing things one usually don't want to do.
+
+ Long options can be put in an options file (default
+"~/.gnupg/gpg.conf"). Short option names will not work - for example,
+"armor" is a valid option for the options file, while "a" is not. Do not
+write the 2 dashes, but simply the name of the option and any required
+arguments. Lines with a hash ('#') as the first non-white-space
+character are ignored. Commands may be put in this file too, but that is
+not generally useful as the command will execute automatically with
+every execution of gpg.
+
+ Please remember that option parsing stops as soon as a non-option is
+encountered, you can explicitly stop parsing by using the special option
+`--'.
+
+
+File: gnupg.info, Node: GPG Configuration Options, Next: GPG Key related Options, Up: GPG Options
+
+3.2.1 How to change the configuration
+-------------------------------------
+
+These options are used to change the configuration and are usually found
+in the option file.
+
+`--default-key NAME'
+ Use NAME as the default key to sign with. If this option is not
+ used, the default key is the first key found in the secret keyring.
+ Note that `-u' or `--local-user' overrides this option.
+
+`--default-recipient NAME'
+ Use NAME as default recipient if option `--recipient' is not used
+ and don't ask if this is a valid one. NAME must be non-empty.
+
+`--default-recipient-self'
+ Use the default key as default recipient if option `--recipient'
+ is not used and don't ask if this is a valid one. The default key
+ is the first one from the secret keyring or the one set with
+ `--default-key'.
+
+`--no-default-recipient'
+ Reset `--default-recipient' and `--default-recipient-self'.
+
+`-v, --verbose'
+ Give more information during processing. If used twice, the input
+ data is listed in detail.
+
+`--no-verbose'
+ Reset verbose level to 0.
+
+`-q, --quiet'
+ Try to be as quiet as possible.
+
+`--batch'
+`--no-batch'
+ Use batch mode. Never ask, do not allow interactive commands.
+ `--no-batch' disables this option. Note that even with a filename
+ given on the command line, gpg might still need to read from STDIN
+ (in particular if gpg figures that the input is a detached
+ signature and no data file has been specified). Thus if you do
+ not want to feed data via STDIN, you should connect STDIN to
+ `/dev/null'.
+
+`--no-tty'
+ Make sure that the TTY (terminal) is never used for any output.
+ This option is needed in some cases because GnuPG sometimes prints
+ warnings to the TTY even if `--batch' is used.
+
+`--yes'
+ Assume "yes" on most questions.
+
+`--no'
+ Assume "no" on most questions.
+
+`--list-options `parameters''
+ This is a space or comma delimited string that gives options used
+ when listing keys and signatures (that is, `--list-keys',
+ `--list-sigs', `--list-public-keys', `--list-secret-keys', and the
+ `--edit-key' functions). Options can be prepended with a `no-'
+ (after the two dashes) to give the opposite meaning. The options
+ are:
+
+ show-photos
+ Causes `--list-keys', `--list-sigs', `--list-public-keys',
+ and `--list-secret-keys' to display any photo IDs attached
+ to the key. Defaults to no. See also `--photo-viewer'.
+ Does not work with `--with-colons': see `--attribute-fd'
+ for the appropriate way to get photo data for scripts and
+ other frontends.
+
+ show-policy-urls
+ Show policy URLs in the `--list-sigs' or `--check-sigs'
+ listings. Defaults to no.
+
+ show-notations
+ show-std-notations
+ show-user-notations
+ Show all, IETF standard, or user-defined signature notations
+ in the `--list-sigs' or `--check-sigs' listings. Defaults
+ to no.
+
+ show-keyserver-urls
+ Show any preferred keyserver URL in the `--list-sigs' or
+ `--check-sigs' listings. Defaults to no.
+
+ show-uid-validity
+ Display the calculated validity of user IDs during key
+ listings. Defaults to no.
+
+ show-unusable-uids
+ Show revoked and expired user IDs in key listings. Defaults
+ to no.
+
+ show-unusable-subkeys
+ Show revoked and expired subkeys in key listings. Defaults to
+ no.
+
+ show-keyring
+ Display the keyring name at the head of key listings to show
+ which keyring a given key resides on. Defaults to no.
+
+ show-sig-expire
+ Show signature expiration dates (if any) during `--list-sigs'
+ or `--check-sigs' listings. Defaults to no.
+
+ show-sig-subpackets
+ Include signature subpackets in the key listing. This option
+ can take an optional argument list of the subpackets to
+ list. If no argument is passed, list all subpackets.
+ Defaults to no. This option is only meaningful when using
+ `--with-colons' along with `--list-sigs' or `--check-sigs'.
+
+
+`--verify-options `parameters''
+ This is a space or comma delimited string that gives options used
+ when verifying signatures. Options can be prepended with a `no-'
+ to give the opposite meaning. The options are:
+
+ show-photos
+ Display any photo IDs present on the key that issued the
+ signature. Defaults to no. See also `--photo-viewer'.
+
+ show-policy-urls
+ Show policy URLs in the signature being verified. Defaults to
+ no.
+
+ show-notations
+ show-std-notations
+ show-user-notations
+ Show all, IETF standard, or user-defined signature notations
+ in the signature being verified. Defaults to IETF standard.
+
+ show-keyserver-urls
+ Show any preferred keyserver URL in the signature being
+ verified. Defaults to no.
+
+ show-uid-validity
+ Display the calculated validity of the user IDs on the key
+ that issued the signature. Defaults to no.
+
+ show-unusable-uids
+ Show revoked and expired user IDs during signature
+ verification. Defaults to no.
+
+ show-primary-uid-only
+ Show only the primary user ID during signature verification.
+ That is all the AKA lines as well as photo Ids are not
+ shown with the signature verification status.
+
+ pka-lookups
+ Enable PKA lookups to verify sender addresses. Note that PKA
+ is based on DNS, and so enabling this option may disclose
+ information on when and what signatures are verified or to
+ whom data is encrypted. This is similar to the "web bug"
+ described for the auto-key-retrieve feature.
+
+ pka-trust-increase
+ Raise the trust in a signature to full if the signature
+ passes PKA validation. This option is only meaningful if
+ pka-lookups is set.
+
+`--enable-dsa2'
+`--disable-dsa2'
+ Enable hash truncation for all DSA keys even for old DSA Keys up to
+ 1024 bit. This is also the default with `--openpgp'. Note that
+ older versions of GnuPG also required this flag to allow the
+ generation of DSA larger than 1024 bit.
+
+`--photo-viewer `string''
+ This is the command line that should be run to view a photo ID.
+ "%i" will be expanded to a filename containing the photo. "%I"
+ does the same, except the file will not be deleted once the viewer
+ exits. Other flags are "%k" for the key ID, "%K" for the long key
+ ID, "%f" for the key fingerprint, "%t" for the extension of the
+ image type (e.g. "jpg"), "%T" for the MIME type of the image (e.g.
+ "image/jpeg"), "%v" for the single-character calculated validity
+ of the image being viewed (e.g. "f"), "%V" for the calculated
+ validity as a string (e.g. "full"), and "%%" for an actual
+ percent sign. If neither %i or %I are present, then the photo will
+ be supplied to the viewer on standard input.
+
+ The default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k'
+ STDIN". Note that if your image viewer program is not secure, then
+ executing it from GnuPG does not make it secure.
+
+`--exec-path `string''
+ Sets a list of directories to search for photo viewers and
+ keyserver helpers. If not provided, keyserver helpers use the
+ compiled-in default directory, and photo viewers use the $PATH
+ environment variable. Note, that on W32 system this value is
+ ignored when searching for keyserver helpers.
+
+`--keyring `file''
+ Add `file' to the current list of keyrings. If `file' begins with
+ a tilde and a slash, these are replaced by the $HOME directory. If
+ the filename does not contain a slash, it is assumed to be in the
+ GnuPG home directory ("~/.gnupg" if `--homedir' or $GNUPGHOME is
+ not used).
+
+ Note that this adds a keyring to the current list. If the intent
+ is to use the specified keyring alone, use `--keyring' along with
+ `--no-default-keyring'.
+
+`--secret-keyring `file''
+ Same as `--keyring' but for the secret keyrings.
+
+`--primary-keyring `file''
+ Designate `file' as the primary public keyring. This means that
+ newly imported keys (via `--import' or keyserver `--recv-from')
+ will go to this keyring.
+
+`--trustdb-name `file''
+ Use `file' instead of the default trustdb. If `file' begins with a
+ tilde and a slash, these are replaced by the $HOME directory. If
+ the filename does not contain a slash, it is assumed to be in the
+ GnuPG home directory (`~/.gnupg' if `--homedir' or $GNUPGHOME is
+ not used).
+
+`--homedir DIR'
+ Set the name of the home directory to DIR. If this option is not
+ used, the home directory defaults to `~/.gnupg'. It is only
+ recognized when given on the command line. It also overrides any
+ home directory stated through the environment variable `GNUPGHOME'
+ or (on W32 systems) by means of the Registry entry
+ HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR.
+
+`--display-charset `name''
+ Set the name of the native character set. This is used to convert
+ some informational strings like user IDs to the proper UTF-8
+ encoding. Note that this has nothing to do with the character set
+ of data to be encrypted or signed; GnuPG does not recode
+ user-supplied data. If this option is not used, the default
+ character set is determined from the current locale. A verbosity
+ level of 3 shows the chosen set. Valid values for `name' are:
+
+ iso-8859-1
+ This is the Latin 1 set.
+
+ iso-8859-2
+ The Latin 2 set.
+
+ iso-8859-15
+ This is currently an alias for the Latin 1 set.
+
+ koi8-r
+ The usual Russian set (rfc1489).
+
+ utf-8
+ Bypass all translations and assume that the OS uses native
+ UTF-8 encoding.
+
+`--utf8-strings'
+`--no-utf8-strings'
+ Assume that command line arguments are given as UTF8 strings. The
+ default (`--no-utf8-strings') is to assume that arguments are
+ encoded in the character set as specified by `--display-charset'.
+ These options affect all following arguments. Both options may be
+ used multiple times.
+
+`--options `file''
+ Read options from `file' and do not try to read them from the
+ default options file in the homedir (see `--homedir'). This option
+ is ignored if used in an options file.
+
+`--no-options'
+ Shortcut for `--options /dev/null'. This option is detected before
+ an attempt to open an option file. Using this option will also
+ prevent the creation of a `~/.gnupg' homedir.
+
+`-z `n''
+`--compress-level `n''
+`--bzip2-compress-level `n''
+ Set compression level to `n' for the ZIP and ZLIB compression
+ algorithms. The default is to use the default compression level of
+ zlib (normally 6). `--bzip2-compress-level' sets the compression
+ level for the BZIP2 compression algorithm (defaulting to 6 as
+ well). This is a different option from `--compress-level' since
+ BZIP2 uses a significant amount of memory for each additional
+ compression level. `-z' sets both. A value of 0 for `n' disables
+ compression.
+
+`--bzip2-decompress-lowmem'
+ Use a different decompression method for BZIP2 compressed files.
+ This alternate method uses a bit more than half the memory, but
+ also runs at half the speed. This is useful under extreme low
+ memory circumstances when the file was originally compressed at a
+ high `--bzip2-compress-level'.
+
+`--mangle-dos-filenames'
+`--no-mangle-dos-filenames'
+ Older version of Windows cannot handle filenames with more than one
+ dot. `--mangle-dos-filenames' causes GnuPG to replace (rather than
+ add to) the extension of an output filename to avoid this problem.
+ This option is off by default and has no effect on non-Windows
+ platforms.
+
+`--ask-cert-level'
+`--no-ask-cert-level'
+ When making a key signature, prompt for a certification level. If
+ this option is not specified, the certification level used is set
+ via `--default-cert-level'. See `--default-cert-level' for
+ information on the specific levels and how they are used.
+ `--no-ask-cert-level' disables this option. This option defaults
+ to no.
+
+`--default-cert-level `n''
+ The default to use for the check level when signing a key.
+
+ 0 means you make no particular claim as to how carefully you
+ verified the key.
+
+ 1 means you believe the key is owned by the person who claims to
+ own it but you could not, or did not verify the key at all. This is
+ useful for a "persona" verification, where you sign the key of a
+ pseudonymous user.
+
+ 2 means you did casual verification of the key. For example, this
+ could mean that you verified the key fingerprint and checked the
+ user ID on the key against a photo ID.
+
+ 3 means you did extensive verification of the key. For example,
+ this could mean that you verified the key fingerprint with the
+ owner of the key in person, and that you checked, by means of a
+ hard to forge document with a photo ID (such as a passport) that
+ the name of the key owner matches the name in the user ID on the
+ key, and finally that you verified (by exchange of email) that the
+ email address on the key belongs to the key owner.
+
+ Note that the examples given above for levels 2 and 3 are just
+ that: examples. In the end, it is up to you to decide just what
+ "casual" and "extensive" mean to you.
+
+ This option defaults to 0 (no particular claim).
+
+`--min-cert-level'
+ When building the trust database, treat any signatures with a
+ certification level below this as invalid. Defaults to 2, which
+ disregards level 1 signatures. Note that level 0 "no particular
+ claim" signatures are always accepted.
+
+`--trusted-key `long key ID''
+ Assume that the specified key (which must be given as a full 8
+ byte key ID) is as trustworthy as one of your own secret keys.
+ This option is useful if you don't want to keep your secret keys
+ (or one of them) online but still want to be able to check the
+ validity of a given recipient's or signator's key.
+
+`--trust-model `pgp|classic|direct|always|auto''
+ Set what trust model GnuPG should follow. The models are:
+
+ pgp
+ This is the Web of Trust combined with trust signatures as
+ used in PGP 5.x and later. This is the default trust model
+ when creating a new trust database.
+
+ classic
+ This is the standard Web of Trust as used in PGP 2.x and
+ earlier.
+
+ direct
+ Key validity is set directly by the user and not calculated
+ via the Web of Trust.
+
+ always
+ Skip key validation and assume that used keys are always fully
+ trusted. You generally won't use this unless you are using
+ some external validation scheme. This option also
+ suppresses the "[uncertain]" tag printed with signature
+ checks when there is no evidence that the user ID is bound
+ to the key.
+
+ auto
+ Select the trust model depending on whatever the internal
+ trust database says. This is the default model if such a
+ database already exists.
+
+`--auto-key-locate `parameters''
+`--no-auto-key-locate'
+ GnuPG can automatically locate and retrieve keys as needed using
+ this option. This happens when encrypting to an email address (in
+ the "user@example.com" form), and there are no user@example.com
+ keys on the local keyring. This option takes any number of the
+ following mechanisms, in the order they are to be tried:
+
+ cert
+ Locate a key using DNS CERT, as specified in rfc4398.
+
+ pka
+ Locate a key using DNS PKA.
+
+ ldap
+ Using DNS Service Discovery, check the domain in question for
+ any LDAP keyservers to use. If this fails, attempt to
+ locate the key using the PGP Universal method of checking
+ `ldap://keys.(thedomain)'.
+
+ keyserver
+ Locate a key using whatever keyserver is defined using the
+ `--keyserver' option.
+
+ keyserver-URL
+ In addition, a keyserver URL as used in the `--keyserver'
+ option may be used here to query that particular keyserver.
+
+ local
+ Locate the key using the local keyrings. This mechanism
+ allows to select the order a local key lookup is done.
+ Thus using `--auto-key-locate local' is identical to
+ `--no-auto-key-locate'.
+
+ nodefault
+ This flag disables the standard local key lookup, done before
+ any of the mechanisms defined by the `--auto-key-locate'
+ are tried. The position of this mechanism in the list does
+ not matter. It is not required if `local' is also used.
+
+
+`--keyid-format `short|0xshort|long|0xlong''
+ Select how to display key IDs. "short" is the traditional
+ 8-character key ID. "long" is the more accurate (but less
+ convenient) 16-character key ID. Add an "0x" to either to include
+ an "0x" at the beginning of the key ID, as in 0x99242560. Note
+ that this option is ignored if the option -with-colons is used.
+
+`--keyserver `name''
+ Use `name' as your keyserver. This is the server that
+ `--recv-keys', `--send-keys', and `--search-keys' will communicate
+ with to receive keys from, send keys to, and search for keys on.
+ The format of the `name' is a URI:
+ `scheme:[//]keyservername[:port]' The scheme is the type of
+ keyserver: "hkp" for the HTTP (or compatible) keyservers, "ldap"
+ for the LDAP keyservers, or "mailto" for the Graff email
+ keyserver. Note that your particular installation of GnuPG may
+ have other keyserver types available as well. Keyserver schemes
+ are case-insensitive. After the keyserver name, optional keyserver
+ configuration options may be provided. These are the same as the
+ global `--keyserver-options' from below, but apply only to this
+ particular keyserver.
+
+ Most keyservers synchronize with each other, so there is generally
+ no need to send keys to more than one server. The keyserver
+ `hkp://keys.gnupg.net' uses round robin DNS to give a different
+ keyserver each time you use it.
+
+`--keyserver-options `name=value1 ''
+ This is a space or comma delimited string that gives options for
+ the keyserver. Options can be prefixed with a `no-' to give the
+ opposite meaning. Valid import-options or export-options may be
+ used here as well to apply to importing (`--recv-key') or exporting
+ (`--send-key') a key from a keyserver. While not all options are
+ available for all keyserver types, some common options are:
+
+ include-revoked
+ When searching for a key with `--search-keys', include keys
+ that are marked on the keyserver as revoked. Note that not
+ all keyservers differentiate between revoked and unrevoked
+ keys, and for such keyservers this option is meaningless.
+ Note also that most keyservers do not have cryptographic
+ verification of key revocations, and so turning this option
+ off may result in skipping keys that are incorrectly marked
+ as revoked.
+
+ include-disabled
+ When searching for a key with `--search-keys', include keys
+ that are marked on the keyserver as disabled. Note that
+ this option is not used with HKP keyservers.
+
+ auto-key-retrieve
+ This option enables the automatic retrieving of keys from a
+ keyserver when verifying signatures made by keys that are
+ not on the local keyring.
+
+ Note that this option makes a "web bug" like behavior
+ possible. Keyserver operators can see which keys you
+ request, so by sending you a message signed by a brand new
+ key (which you naturally will not have on your local
+ keyring), the operator can tell both your IP address and
+ the time when you verified the signature.
+
+ honor-keyserver-url
+ When using `--refresh-keys', if the key in question has a
+ preferred keyserver URL, then use that preferred keyserver
+ to refresh the key from. In addition, if auto-key-retrieve
+ is set, and the signature being verified has a preferred
+ keyserver URL, then use that preferred keyserver to fetch
+ the key from. Defaults to yes.
+
+ honor-pka-record
+ If auto-key-retrieve is set, and the signature being verified
+ has a PKA record, then use the PKA information to fetch the
+ key. Defaults to yes.
+
+ include-subkeys
+ When receiving a key, include subkeys as potential targets.
+ Note that this option is not used with HKP keyservers, as
+ they do not support retrieving keys by subkey id.
+
+ use-temp-files
+ On most Unix-like platforms, GnuPG communicates with the
+ keyserver helper program via pipes, which is the most
+ efficient method. This option forces GnuPG to use temporary
+ files to communicate. On some platforms (such as Win32 and
+ RISC OS), this option is always enabled.
+
+ keep-temp-files
+ If using `use-temp-files', do not delete the temp files after
+ using them. This option is useful to learn the keyserver
+ communication protocol by reading the temporary files.
+
+ verbose
+ Tell the keyserver helper program to be more verbose. This
+ option can be repeated multiple times to increase the
+ verbosity level.
+
+ timeout
+ Tell the keyserver helper program how long (in seconds) to
+ try and perform a keyserver action before giving up. Note
+ that performing multiple actions at the same time uses this
+ timeout value per action. For example, when retrieving
+ multiple keys via `--recv-keys', the timeout applies
+ separately to each key retrieval, and not to the
+ `--recv-keys' command as a whole. Defaults to 30 seconds.
+
+ http-proxy=`value'
+ Set the proxy to use for HTTP and HKP keyservers. This
+ overrides the "http_proxy" environment variable, if any.
+
+ max-cert-size
+ When retrieving a key via DNS CERT, only accept keys up to
+ this size. Defaults to 16384 bytes.
+
+ debug
+ Turn on debug output in the keyserver helper program. Note
+ that the details of debug output depends on which keyserver
+ helper program is being used, and in turn, on any libraries
+ that the keyserver helper program uses internally (libcurl,
+ openldap, etc).
+
+ check-cert
+ Enable certificate checking if the keyserver presents one
+ (for hkps or ldaps). Defaults to on.
+
+ ca-cert-file
+ Provide a certificate store to override the system default.
+ Only necessary if check-cert is enabled, and the keyserver
+ is using a certificate that is not present in a system
+ default certificate list.
+
+ Note that depending on the SSL library that the keyserver
+ helper is built with, this may actually be a directory or a
+ file.
+
+`--completes-needed `n''
+ Number of completely trusted users to introduce a new key signer
+ (defaults to 1).
+
+`--marginals-needed `n''
+ Number of marginally trusted users to introduce a new key signer
+ (defaults to 3)
+
+`--max-cert-depth `n''
+ Maximum depth of a certification chain (default is 5).
+
+`--simple-sk-checksum'
+ Secret keys are integrity protected by using a SHA-1 checksum. This
+ method is part of the upcoming enhanced OpenPGP specification but
+ GnuPG already uses it as a countermeasure against certain attacks.
+ Old applications don't understand this new format, so this option
+ may be used to switch back to the old behaviour. Using this option
+ bears a security risk. Note that using this option only takes
+ effect when the secret key is encrypted - the simplest way to make
+ this happen is to change the passphrase on the key (even changing
+ it to the same value is acceptable).
+
+`--no-sig-cache'
+ Do not cache the verification status of key signatures. Caching
+ gives a much better performance in key listings. However, if you
+ suspect that your public keyring is not save against write
+ modifications, you can use this option to disable the caching. It
+ probably does not make sense to disable it because all kind of
+ damage can be done if someone else has write access to your public
+ keyring.
+
+`--no-sig-create-check'
+ GnuPG normally verifies each signature right after creation to
+ protect against bugs and hardware malfunctions which could leak
+ out bits from the secret key. This extra verification needs some
+ time (about 115% for DSA keys), and so this option can be used to
+ disable it. However, due to the fact that the signature creation
+ needs manual interaction, this performance penalty does not matter
+ in most settings.
+
+`--auto-check-trustdb'
+`--no-auto-check-trustdb'
+ If GnuPG feels that its information about the Web of Trust has to
+ be updated, it automatically runs the `--check-trustdb' command
+ internally. This may be a time consuming process.
+ `--no-auto-check-trustdb' disables this option.
+
+`--use-agent'
+`--no-use-agent'
+ This is dummy option. `gpg2' always requires the agent.
+
+`--gpg-agent-info'
+ This is dummy option. It has no effect when used with `gpg2'.
+
+`--lock-once'
+ Lock the databases the first time a lock is requested and do not
+ release the lock until the process terminates.
+
+`--lock-multiple'
+ Release the locks every time a lock is no longer needed. Use this
+ to override a previous `--lock-once' from a config file.
+
+`--lock-never'
+ Disable locking entirely. This option should be used only in very
+ special environments, where it can be assured that only one process
+ is accessing those files. A bootable floppy with a stand-alone
+ encryption system will probably use this. Improper usage of this
+ option may lead to data and key corruption.
+
+`--exit-on-status-write-error'
+ This option will cause write errors on the status FD to immediately
+ terminate the process. That should in fact be the default but it
+ never worked this way and thus we need an option to enable this,
+ so that the change won't break applications which close their end
+ of a status fd connected pipe too early. Using this option along
+ with `--enable-progress-filter' may be used to cleanly cancel long
+ running gpg operations.
+
+`--limit-card-insert-tries `n''
+ With `n' greater than 0 the number of prompts asking to insert a
+ smartcard gets limited to N-1. Thus with a value of 1 gpg won't at
+ all ask to insert a card if none has been inserted at startup. This
+ option is useful in the configuration file in case an application
+ does not know about the smartcard support and waits ad infinitum
+ for an inserted card.
+
+`--no-random-seed-file'
+ GnuPG uses a file to store its internal random pool over
+ invocations. This makes random generation faster; however
+ sometimes write operations are not desired. This option can be
+ used to achieve that with the cost of slower random generation.
+
+`--no-greeting'
+ Suppress the initial copyright message.
+
+`--no-secmem-warning'
+ Suppress the warning about "using insecure memory".
+
+`--no-permission-warning'
+ Suppress the warning about unsafe file and home directory
+ (`--homedir') permissions. Note that the permission checks that
+ GnuPG performs are not intended to be authoritative, but rather
+ they simply warn about certain common permission problems. Do not
+ assume that the lack of a warning means that your system is secure.
+
+ Note that the warning for unsafe `--homedir' permissions cannot be
+ suppressed in the gpg.conf file, as this would allow an attacker to
+ place an unsafe gpg.conf file in place, and use this file to
+ suppress warnings about itself. The `--homedir' permissions
+ warning may only be suppressed on the command line.
+
+`--no-mdc-warning'
+ Suppress the warning about missing MDC integrity protection.
+
+`--require-secmem'
+`--no-require-secmem'
+ Refuse to run if GnuPG cannot get secure memory. Defaults to no
+ (i.e. run, but give a warning).
+
+`--require-cross-certification'
+`--no-require-cross-certification'
+ When verifying a signature made from a subkey, ensure that the
+ cross certification "back signature" on the subkey is present and
+ valid. This protects against a subtle attack against subkeys that
+ can sign. Defaults to `--require-cross-certification' for `gpg2'.
+
+`--expert'
+`--no-expert'
+ Allow the user to do certain nonsensical or "silly" things like
+ signing an expired or revoked key, or certain potentially
+ incompatible things like generating unusual key types. This also
+ disables certain warning messages about potentially incompatible
+ actions. As the name implies, this option is for experts only. If
+ you don't fully understand the implications of what it allows you
+ to do, leave this off. `--no-expert' disables this option.
+
+
+
+File: gnupg.info, Node: GPG Key related Options, Next: GPG Input and Output, Prev: GPG Configuration Options, Up: GPG Options
+
+3.2.2 Key related options
+-------------------------
+
+`--recipient NAME'
+`-r'
+ Encrypt for user id NAME. If this option or `--hidden-recipient'
+ is not specified, GnuPG asks for the user-id unless
+ `--default-recipient' is given.
+
+`--hidden-recipient NAME'
+`-R'
+ Encrypt for user ID NAME, but hide the key ID of this user's key.
+ This option helps to hide the receiver of the message and is a
+ limited countermeasure against traffic analysis. If this option or
+ `--recipient' is not specified, GnuPG asks for the user ID unless
+ `--default-recipient' is given.
+
+`--encrypt-to `name''
+ Same as `--recipient' but this one is intended for use in the
+ options file and may be used with your own user-id as an
+ "encrypt-to-self". These keys are only used when there are other
+ recipients given either by use of `--recipient' or by the asked
+ user id. No trust checking is performed for these user ids and
+ even disabled keys can be used.
+
+`--hidden-encrypt-to `name''
+ Same as `--hidden-recipient' but this one is intended for use in
+ the options file and may be used with your own user-id as a hidden
+ "encrypt-to-self". These keys are only used when there are other
+ recipients given either by use of `--recipient' or by the asked
+ user id. No trust checking is performed for these user ids and
+ even disabled keys can be used.
+
+`--no-encrypt-to'
+ Disable the use of all `--encrypt-to' and `--hidden-encrypt-to'
+ keys.
+
+`--group `name=value1 ''
+ Sets up a named group, which is similar to aliases in email
+ programs. Any time the group name is a recipient (`-r' or
+ `--recipient'), it will be expanded to the values specified.
+ Multiple groups with the same name are automatically merged into a
+ single group.
+
+ The values are `key IDs' or fingerprints, but any key description
+ is accepted. Note that a value with spaces in it will be treated as
+ two different values. Note also there is only one level of
+ expansion -- you cannot make an group that points to another
+ group. When used from the command line, it may be necessary to
+ quote the argument to this option to prevent the shell from
+ treating it as multiple arguments.
+
+`--ungroup `name''
+ Remove a given entry from the `--group' list.
+
+`--no-groups'
+ Remove all entries from the `--group' list.
+
+`--local-user NAME'
+`-u'
+ Use NAME as the key to sign with. Note that this option overrides
+ `--default-key'.
+
+`--try-all-secrets'
+ Don't look at the key ID as stored in the message but try all
+ secret keys in turn to find the right decryption key. This option
+ forces the behaviour as used by anonymous recipients (created by
+ using `--throw-keyids' or `--hidden-recipient') and might come
+ handy in case where an encrypted message contains a bogus key ID.
+
+`--skip-hidden-recipients'
+`--no-skip-hidden-recipients'
+ During decryption skip all anonymous recipients. This option
+ helps in the case that people use the hidden recipients feature to
+ hide there own encrypt-to key from others. If oneself has many
+ secret keys this may lead to a major annoyance because all keys
+ are tried in turn to decrypt soemthing which was not really
+ intended for it. The drawback of this option is that it is
+ currently not possible to decrypt a message which includes real
+ anonymous recipients.
+
+
+
+File: gnupg.info, Node: GPG Input and Output, Next: OpenPGP Options, Prev: GPG Key related Options, Up: GPG Options
+
+3.2.3 Input and Output
+----------------------
+
+`--armor'
+`-a'
+ Create ASCII armored output. The default is to create the binary
+ OpenPGP format.
+
+`--no-armor'
+ Assume the input data is not in ASCII armored format.
+
+`--output FILE'
+`-o FILE'
+ Write output to FILE.
+
+`--max-output `n''
+ This option sets a limit on the number of bytes that will be
+ generated when processing a file. Since OpenPGP supports various
+ levels of compression, it is possible that the plaintext of a
+ given message may be significantly larger than the original
+ OpenPGP message. While GnuPG works properly with such messages,
+ there is often a desire to set a maximum file size that will be
+ generated before processing is forced to stop by the OS limits.
+ Defaults to 0, which means "no limit".
+
+`--import-options `parameters''
+ This is a space or comma delimited string that gives options for
+ importing keys. Options can be prepended with a `no-' to give the
+ opposite meaning. The options are:
+
+ import-local-sigs
+ Allow importing key signatures marked as "local". This is not
+ generally useful unless a shared keyring scheme is being
+ used. Defaults to no.
+
+ repair-pks-subkey-bug
+ During import, attempt to repair the damage caused by the PKS
+ keyserver bug (pre version 0.9.6) that mangles keys with
+ multiple subkeys. Note that this cannot completely repair
+ the damaged key as some crucial data is removed by the
+ keyserver, but it does at least give you back one subkey.
+ Defaults to no for regular `--import' and to yes for
+ keyserver `--recv-keys'.
+
+ merge-only
+ During import, allow key updates to existing keys, but do not
+ allow any new keys to be imported. Defaults to no.
+
+ import-clean
+ After import, compact (remove all signatures except the
+ self-signature) any user IDs from the new key that are not
+ usable. Then, remove any signatures from the new key that
+ are not usable. This includes signatures that were issued
+ by keys that are not present on the keyring. This option is
+ the same as running the `--edit-key' command "clean" after
+ import. Defaults to no.
+
+ import-minimal
+ Import the smallest key possible. This removes all signatures
+ except the most recent self-signature on each user ID. This
+ option is the same as running the `--edit-key' command
+ "minimize" after import. Defaults to no.
+
+`--export-options `parameters''
+ This is a space or comma delimited string that gives options for
+ exporting keys. Options can be prepended with a `no-' to give the
+ opposite meaning. The options are:
+
+ export-local-sigs
+ Allow exporting key signatures marked as "local". This is not
+ generally useful unless a shared keyring scheme is being
+ used. Defaults to no.
+
+ export-attributes
+ Include attribute user IDs (photo IDs) while exporting. This
+ is useful to export keys if they are going to be used by an
+ OpenPGP program that does not accept attribute user IDs.
+ Defaults to yes.
+
+ export-sensitive-revkeys
+ Include designated revoker information that was marked as
+ "sensitive". Defaults to no.
+
+ export-reset-subkey-passwd
+ When using the `--export-secret-subkeys' command, this option
+ resets the passphrases for all exported subkeys to empty.
+ This is useful when the exported subkey is to be used on an
+ unattended machine where a passphrase doesn't necessarily
+ make sense. Defaults to no.
+
+ export-clean
+ Compact (remove all signatures from) user IDs on the key being
+ exported if the user IDs are not usable. Also, do not export
+ any signatures that are not usable. This includes
+ signatures that were issued by keys that are not present on
+ the keyring. This option is the same as running the
+ `--edit-key' command "clean" before export except that the
+ local copy of the key is not modified. Defaults to no.
+
+ export-minimal
+ Export the smallest key possible. This removes all signatures
+ except the most recent self-signature on each user ID. This
+ option is the same as running the `--edit-key' command
+ "minimize" before export except that the local copy of the
+ key is not modified. Defaults to no.
+
+`--with-colons'
+ Print key listings delimited by colons. Note that the output will
+ be encoded in UTF-8 regardless of any `--display-charset' setting.
+ This format is useful when GnuPG is called from scripts and other
+ programs as it is easily machine parsed. The details of this
+ format are documented in the file `doc/DETAILS', which is included
+ in the GnuPG source distribution.
+
+`--fixed-list-mode'
+ Do not merge primary user ID and primary key in `--with-colon'
+ listing mode and print all timestamps as seconds since 1970-01-01.
+ Since GnuPG 2.0.10, this mode is always used and thus this option
+ is obsolete; it does not harm to use it though.
+
+`--with-fingerprint'
+ Same as the command `--fingerprint' but changes only the format of
+ the output and may be used together with another command.
+
+
+
+File: gnupg.info, Node: OpenPGP Options, Next: GPG Esoteric Options, Prev: GPG Input and Output, Up: GPG Options
+
+3.2.4 OpenPGP protocol specific options.
+----------------------------------------
+
+`-t, --textmode'
+`--no-textmode'
+ Treat input files as text and store them in the OpenPGP canonical
+ text form with standard "CRLF" line endings. This also sets the
+ necessary flags to inform the recipient that the encrypted or
+ signed data is text and may need its line endings converted back
+ to whatever the local system uses. This option is useful when
+ communicating between two platforms that have different line
+ ending conventions (UNIX-like to Mac, Mac to Windows, etc).
+ `--no-textmode' disables this option, and is the default.
+
+`--force-v3-sigs'
+`--no-force-v3-sigs'
+ OpenPGP states that an implementation should generate v4 signatures
+ but PGP versions 5 through 7 only recognize v4 signatures on key
+ material. This option forces v3 signatures for signatures on data.
+ Note that this option implies `--no-ask-sig-expire', and unsets
+ `--sig-policy-url', `--sig-notation', and `--sig-keyserver-url',
+ as these features cannot be used with v3 signatures.
+ `--no-force-v3-sigs' disables this option. Defaults to no.
+
+`--force-v4-certs'
+`--no-force-v4-certs'
+ Always use v4 key signatures even on v3 keys. This option also
+ changes the default hash algorithm for v3 RSA keys from MD5 to
+ SHA-1. `--no-force-v4-certs' disables this option.
+
+`--force-mdc'
+ Force the use of encryption with a modification detection code.
+ This is always used with the newer ciphers (those with a blocksize
+ greater than 64 bits), or if all of the recipient keys indicate
+ MDC support in their feature flags.
+
+`--disable-mdc'
+ Disable the use of the modification detection code. Note that by
+ using this option, the encrypted message becomes vulnerable to a
+ message modification attack.
+
+`--personal-cipher-preferences `string''
+ Set the list of personal cipher preferences to `string'. Use
+ `gpg2 --version' to get a list of available algorithms, and use
+ `none' to set no preference at all. This allows the user to
+ safely override the algorithm chosen by the recipient key
+ preferences, as GPG will only select an algorithm that is usable by
+ all recipients. The most highly ranked cipher in this list is also
+ used for the `--symmetric' encryption command.
+
+`--personal-digest-preferences `string''
+ Set the list of personal digest preferences to `string'. Use
+ `gpg2 --version' to get a list of available algorithms, and use
+ `none' to set no preference at all. This allows the user to
+ safely override the algorithm chosen by the recipient key
+ preferences, as GPG will only select an algorithm that is usable by
+ all recipients. The most highly ranked digest algorithm in this
+ list is also used when signing without encryption (e.g.
+ `--clearsign' or `--sign').
+
+`--personal-compress-preferences `string''
+ Set the list of personal compression preferences to `string'. Use
+ `gpg2 --version' to get a list of available algorithms, and use
+ `none' to set no preference at all. This allows the user to
+ safely override the algorithm chosen by the recipient key
+ preferences, as GPG will only select an algorithm that is usable
+ by all recipients. The most highly ranked compression algorithm
+ in this list is also used when there are no recipient keys to
+ consider (e.g. `--symmetric').
+
+`--s2k-cipher-algo `name''
+ Use `name' as the cipher algorithm used to protect secret keys.
+ The default cipher is CAST5. This cipher is also used for
+ conventional encryption if `--personal-cipher-preferences' and
+ `--cipher-algo' is not given.
+
+`--s2k-digest-algo `name''
+ Use `name' as the digest algorithm used to mangle the passphrases.
+ The default algorithm is SHA-1.
+
+`--s2k-mode `n''
+ Selects how passphrases are mangled. If `n' is 0 a plain
+ passphrase (which is not recommended) will be used, a 1 adds a
+ salt to the passphrase and a 3 (the default) iterates the whole
+ process a number of times (see -s2k-count). Unless `--rfc1991' is
+ used, this mode is also used for conventional encryption.
+
+`--s2k-count `n''
+ Specify how many times the passphrase mangling is repeated. This
+ value may range between 1024 and 65011712 inclusive. The default
+ is inquired from gpg-agent. Note that not all values in the
+ 1024-65011712 range are legal and if an illegal value is selected,
+ GnuPG will round up to the nearest legal value. This option is
+ only meaningful if `--s2k-mode' is 3.
+
+
+3.2.5 Compliance options
+------------------------
+
+These options control what GnuPG is compliant to. Only one of these
+options may be active at a time. Note that the default setting of this
+is nearly always the correct one. See the INTEROPERABILITY WITH OTHER
+OPENPGP PROGRAMS section below before using one of these options.
+
+`--gnupg'
+ Use standard GnuPG behavior. This is essentially OpenPGP behavior
+ (see `--openpgp'), but with some additional workarounds for common
+ compatibility problems in different versions of PGP. This is the
+ default option, so it is not generally needed, but it may be
+ useful to override a different compliance option in the gpg.conf
+ file.
+
+`--openpgp'
+ Reset all packet, cipher and digest options to strict OpenPGP
+ behavior. Use this option to reset all previous options like
+ `--s2k-*', `--cipher-algo', `--digest-algo' and `--compress-algo'
+ to OpenPGP compliant values. All PGP workarounds are disabled.
+
+`--rfc4880'
+ Reset all packet, cipher and digest options to strict RFC-4880
+ behavior. Note that this is currently the same thing as
+ `--openpgp'.
+
+`--rfc2440'
+ Reset all packet, cipher and digest options to strict RFC-2440
+ behavior.
+
+`--rfc1991'
+ Try to be more RFC-1991 (PGP 2.x) compliant.
+
+`--pgp2'
+ Set up all options to be as PGP 2.x compliant as possible, and
+ warn if an action is taken (e.g. encrypting to a non-RSA key) that
+ will create a message that PGP 2.x will not be able to handle.
+ Note that `PGP 2.x' here means `MIT PGP 2.6.2'. There are other
+ versions of PGP 2.x available, but the MIT release is a good
+ common baseline.
+
+ This option implies `--rfc1991 --disable-mdc --no-force-v4-certs
+ --escape-from-lines --force-v3-sigs --cipher-algo IDEA
+ --digest-algo MD5 --compress-algo ZIP'. It also disables
+ `--textmode' when encrypting.
+
+`--pgp6'
+ Set up all options to be as PGP 6 compliant as possible. This
+ restricts you to the ciphers IDEA (if the IDEA plugin is
+ installed), 3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160,
+ and the compression algorithms none and ZIP. This also disables
+ -throw-keyids, and making signatures with signing subkeys as PGP 6
+ does not understand signatures made by signing subkeys.
+
+ This option implies `--disable-mdc --escape-from-lines
+ --force-v3-sigs'.
+
+`--pgp7'
+ Set up all options to be as PGP 7 compliant as possible. This is
+ identical to `--pgp6' except that MDCs are not disabled, and the
+ list of allowable ciphers is expanded to add AES128, AES192,
+ AES256, and TWOFISH.
+
+`--pgp8'
+ Set up all options to be as PGP 8 compliant as possible. PGP 8 is
+ a lot closer to the OpenPGP standard than previous versions of
+ PGP, so all this does is disable `--throw-keyids' and set
+ `--escape-from-lines'. All algorithms are allowed except for the
+ SHA224, SHA384, and SHA512 digests.
+
+
+
+File: gnupg.info, Node: GPG Esoteric Options, Prev: OpenPGP Options, Up: GPG Options
+
+3.2.6 Doing things one usually doesn't want to do.
+--------------------------------------------------
+
+`-n'
+`--dry-run'
+ Don't make any changes (this is not completely implemented).
+
+`--list-only'
+ Changes the behaviour of some commands. This is like `--dry-run'
+ but different in some cases. The semantic of this command may be
+ extended in the future. Currently it only skips the actual
+ decryption pass and therefore enables a fast listing of the
+ encryption keys.
+
+`-i'
+`--interactive'
+ Prompt before overwriting any files.
+
+`--debug-level LEVEL'
+ Select the debug level for investigating problems. LEVEL may be a
+ numeric value or by a keyword:
+
+ `none'
+ No debugging at all. A value of less than 1 may be used
+ instead of the keyword.
+
+ `basic'
+ Some basic debug messages. A value between 1 and 2 may be
+ used instead of the keyword.
+
+ `advanced'
+ More verbose debug messages. A value between 3 and 5 may be
+ used instead of the keyword.
+
+ `expert'
+ Even more detailed messages. A value between 6 and 8 may be
+ used instead of the keyword.
+
+ `guru'
+ All of the debug messages you can get. A value greater than 8
+ may be used instead of the keyword. The creation of hash
+ tracing files is only enabled if the keyword is used.
+
+ How these messages are mapped to the actual debugging flags is not
+ specified and may change with newer releases of this program. They
+ are however carefully selected to best aid in debugging.
+
+`--debug FLAGS'
+ Set debugging flags. All flags are or-ed and FLAGS may be given in
+ C syntax (e.g. 0x0042).
+
+`--debug-all'
+ Set all useful debugging flags.
+
+`--faked-system-time EPOCH'
+ This option is only useful for testing; it sets the system time
+ back or forth to EPOCH which is the number of seconds elapsed
+ since the year 1970. Alternatively EPOCH may be given as a full
+ ISO time string (e.g. "20070924T154812").
+
+`--enable-progress-filter'
+ Enable certain PROGRESS status outputs. This option allows
+ frontends to display a progress indicator while gpg is processing
+ larger files. There is a slight performance overhead using it.
+
+`--status-fd `n''
+ Write special status strings to the file descriptor `n'. See the
+ file DETAILS in the documentation for a listing of them.
+
+`--status-file `file''
+ Same as `--status-fd', except the status data is written to file
+ `file'.
+
+`--logger-fd `n''
+ Write log output to file descriptor `n' and not to STDERR.
+
+`--log-file `file''
+`--logger-file `file''
+ Same as `--logger-fd', except the logger data is written to file
+ `file'. Note that `--log-file' is only implemented for GnuPG-2.
+
+`--attribute-fd `n''
+ Write attribute subpackets to the file descriptor `n'. This is most
+ useful for use with `--status-fd', since the status messages are
+ needed to separate out the various subpackets from the stream
+ delivered to the file descriptor.
+
+`--attribute-file `file''
+ Same as `--attribute-fd', except the attribute data is written to
+ file `file'.
+
+`--comment `string''
+`--no-comments'
+ Use `string' as a comment string in clear text signatures and ASCII
+ armored messages or keys (see `--armor'). The default behavior is
+ not to use a comment string. `--comment' may be repeated multiple
+ times to get multiple comment strings. `--no-comments' removes all
+ comments. It is a good idea to keep the length of a single comment
+ below 60 characters to avoid problems with mail programs wrapping
+ such lines. Note that comment lines, like all other header lines,
+ are not protected by the signature.
+
+`--emit-version'
+`--no-emit-version'
+ Force inclusion of the version string in ASCII armored output.
+ `--no-emit-version' disables this option.
+
+`--sig-notation `name=value''
+`--cert-notation `name=value''
+`-N, --set-notation `name=value''
+ Put the name value pair into the signature as notation data.
+ `name' must consist only of printable characters or spaces, and
+ must contain a '@' character in the form keyname@domain.example.com
+ (substituting the appropriate keyname and domain name, of course).
+ This is to help prevent pollution of the IETF reserved notation
+ namespace. The `--expert' flag overrides the '@' check. `value'
+ may be any printable string; it will be encoded in UTF8, so you
+ should check that your `--display-charset' is set correctly. If
+ you prefix `name' with an exclamation mark (!), the notation data
+ will be flagged as critical (rfc2440:5.2.3.15). `--sig-notation'
+ sets a notation for data signatures. `--cert-notation' sets a
+ notation for key signatures (certifications). `--set-notation'
+ sets both.
+
+ There are special codes that may be used in notation names. "%k"
+ will be expanded into the key ID of the key being signed, "%K"
+ into the long key ID of the key being signed, "%f" into the
+ fingerprint of the key being signed, "%s" into the key ID of the
+ key making the signature, "%S" into the long key ID of the key
+ making the signature, "%g" into the fingerprint of the key making
+ the signature (which might be a subkey), "%p" into the fingerprint
+ of the primary key of the key making the signature, "%c" into the
+ signature count from the OpenPGP smartcard, and "%%" results in a
+ single "%". %k, %K, and %f are only meaningful when making a key
+ signature (certification), and %c is only meaningful when using
+ the OpenPGP smartcard.
+
+`--sig-policy-url `string''
+`--cert-policy-url `string''
+`--set-policy-url `string''
+ Use `string' as a Policy URL for signatures (rfc2440:5.2.3.19). If
+ you prefix it with an exclamation mark (!), the policy URL packet
+ will be flagged as critical. `--sig-policy-url' sets a policy url
+ for data signatures. `--cert-policy-url' sets a policy url for key
+ signatures (certifications). `--set-policy-url' sets both.
+
+ The same %-expandos used for notation data are available here as
+ well.
+
+`--sig-keyserver-url `string''
+ Use `string' as a preferred keyserver URL for data signatures. If
+ you prefix it with an exclamation mark (!), the keyserver URL
+ packet will be flagged as critical.
+
+ The same %-expandos used for notation data are available here as
+ well.
+
+`--set-filename `string''
+ Use `string' as the filename which is stored inside messages.
+ This overrides the default, which is to use the actual filename of
+ the file being encrypted.
+
+`--for-your-eyes-only'
+`--no-for-your-eyes-only'
+ Set the `for your eyes only' flag in the message. This causes
+ GnuPG to refuse to save the file unless the `--output' option is
+ given, and PGP to use a "secure viewer" with a claimed
+ Tempest-resistant font to display the message. This option
+ overrides `--set-filename'. `--no-for-your-eyes-only' disables
+ this option.
+
+`--use-embedded-filename'
+`--no-use-embedded-filename'
+ Try to create a file with a name as embedded in the data. This can
+ be a dangerous option as it allows to overwrite files. Defaults to
+ no.
+
+`--cipher-algo `name''
+ Use `name' as cipher algorithm. Running the program with the
+ command `--version' yields a list of supported algorithms. If this
+ is not used the cipher algorithm is selected from the preferences
+ stored with the key. In general, you do not want to use this
+ option as it allows you to violate the OpenPGP standard.
+ `--personal-cipher-preferences' is the safe way to accomplish the
+ same thing.
+
+`--digest-algo `name''
+ Use `name' as the message digest algorithm. Running the program
+ with the command `--version' yields a list of supported
+ algorithms. In general, you do not want to use this option as it
+ allows you to violate the OpenPGP standard.
+ `--personal-digest-preferences' is the safe way to accomplish the
+ same thing.
+
+`--compress-algo `name''
+ Use compression algorithm `name'. "zlib" is RFC-1950 ZLIB
+ compression. "zip" is RFC-1951 ZIP compression which is used by
+ PGP. "bzip2" is a more modern compression scheme that can
+ compress some things better than zip or zlib, but at the cost of
+ more memory used during compression and decompression.
+ "uncompressed" or "none" disables compression. If this option is
+ not used, the default behavior is to examine the recipient key
+ preferences to see which algorithms the recipient supports. If all
+ else fails, ZIP is used for maximum compatibility.
+
+ ZLIB may give better compression results than ZIP, as the
+ compression window size is not limited to 8k. BZIP2 may give even
+ better compression results than that, but will use a significantly
+ larger amount of memory while compressing and decompressing. This
+ may be significant in low memory situations. Note, however, that
+ PGP (all versions) only supports ZIP compression. Using any
+ algorithm other than ZIP or "none" will make the message
+ unreadable with PGP. In general, you do not want to use this
+ option as it allows you to violate the OpenPGP standard.
+ `--personal-compress-preferences' is the safe way to accomplish
+ the same thing.
+
+`--cert-digest-algo `name''
+ Use `name' as the message digest algorithm used when signing a
+ key. Running the program with the command `--version' yields a
+ list of supported algorithms. Be aware that if you choose an
+ algorithm that GnuPG supports but other OpenPGP implementations do
+ not, then some users will not be able to use the key signatures
+ you make, or quite possibly your entire key.
+
+`--disable-cipher-algo `name''
+ Never allow the use of `name' as cipher algorithm. The given name
+ will not be checked so that a later loaded algorithm will still
+ get disabled.
+
+`--disable-pubkey-algo `name''
+ Never allow the use of `name' as public key algorithm. The given
+ name will not be checked so that a later loaded algorithm will
+ still get disabled.
+
+`--throw-keyids'
+`--no-throw-keyids'
+ Do not put the recipient key IDs into encrypted messages. This
+ helps to hide the receivers of the message and is a limited
+ countermeasure against traffic analysis.(1) On the receiving
+ side, it may slow down the decryption process because all
+ available secret keys must be tried. `--no-throw-keyids' disables
+ this option. This option is essentially the same as using
+ `--hidden-recipient' for all recipients.
+
+`--not-dash-escaped'
+ This option changes the behavior of cleartext signatures so that
+ they can be used for patch files. You should not send such an
+ armored file via email because all spaces and line endings are
+ hashed too. You can not use this option for data which has 5
+ dashes at the beginning of a line, patch files don't have this. A
+ special armor header line tells GnuPG about this cleartext
+ signature option.
+
+`--escape-from-lines'
+`--no-escape-from-lines'
+ Because some mailers change lines starting with "From " to ">From
+ " it is good to handle such lines in a special way when creating
+ cleartext signatures to prevent the mail system from breaking the
+ signature. Note that all other PGP versions do it this way too.
+ Enabled by default. `--no-escape-from-lines' disables this option.
+
+`--passphrase-repeat `n''
+ Specify how many times `gpg2' will request a new passphrase be
+ repeated. This is useful for helping memorize a passphrase.
+ Defaults to 1 repetition.
+
+`--passphrase-fd `n''
+ Read the passphrase from file descriptor `n'. Only the first line
+ will be read from file descriptor `n'. If you use 0 for `n', the
+ passphrase will be read from STDIN. This can only be used if only
+ one passphrase is supplied. Note that this passphrase is only
+ used if the option `--batch' has also been given. This is
+ different from `gpg'.
+
+`--passphrase-file `file''
+ Read the passphrase from file `file'. Only the first line will be
+ read from file `file'. This can only be used if only one
+ passphrase is supplied. Obviously, a passphrase stored in a file is
+ of questionable security if other users can read this file. Don't
+ use this option if you can avoid it. Note that this passphrase is
+ only used if the option `--batch' has also been given. This is
+ different from `gpg'.
+
+`--passphrase `string''
+ Use `string' as the passphrase. This can only be used if only one
+ passphrase is supplied. Obviously, this is of very questionable
+ security on a multi-user system. Don't use this option if you can
+ avoid it. Note that this passphrase is only used if the option
+ `--batch' has also been given. This is different from `gpg'.
+
+`--command-fd `n''
+ This is a replacement for the deprecated shared-memory IPC mode.
+ If this option is enabled, user input on questions is not expected
+ from the TTY but from the given file descriptor. It should be used
+ together with `--status-fd'. See the file doc/DETAILS in the source
+ distribution for details on how to use it.
+
+`--command-file `file''
+ Same as `--command-fd', except the commands are read out of file
+ `file'
+
+`--allow-non-selfsigned-uid'
+`--no-allow-non-selfsigned-uid'
+ Allow the import and use of keys with user IDs which are not
+ self-signed. This is not recommended, as a non self-signed user ID
+ is trivial to forge. `--no-allow-non-selfsigned-uid' disables.
+
+`--allow-freeform-uid'
+ Disable all checks on the form of the user ID while generating a
+ new one. This option should only be used in very special
+ environments as it does not ensure the de-facto standard format of
+ user IDs.
+
+`--ignore-time-conflict'
+ GnuPG normally checks that the timestamps associated with keys and
+ signatures have plausible values. However, sometimes a signature
+ seems to be older than the key due to clock problems. This option
+ makes these checks just a warning. See also `--ignore-valid-from'
+ for timestamp issues on subkeys.
+
+`--ignore-valid-from'
+ GnuPG normally does not select and use subkeys created in the
+ future. This option allows the use of such keys and thus exhibits
+ the pre-1.0.7 behaviour. You should not use this option unless
+ there is some clock problem. See also `--ignore-time-conflict' for
+ timestamp issues with signatures.
+
+`--ignore-crc-error'
+ The ASCII armor used by OpenPGP is protected by a CRC checksum
+ against transmission errors. Occasionally the CRC gets mangled
+ somewhere on the transmission channel but the actual content
+ (which is protected by the OpenPGP protocol anyway) is still okay.
+ This option allows GnuPG to ignore CRC errors.
+
+`--ignore-mdc-error'
+ This option changes a MDC integrity protection failure into a
+ warning. This can be useful if a message is partially corrupt,
+ but it is necessary to get as much data as possible out of the
+ corrupt message. However, be aware that a MDC protection failure
+ may also mean that the message was tampered with intentionally by
+ an attacker.
+
+`--no-default-keyring'
+ Do not add the default keyrings to the list of keyrings. Note that
+ GnuPG will not operate without any keyrings, so if you use this
+ option and do not provide alternate keyrings via `--keyring' or
+ `--secret-keyring', then GnuPG will still use the default public or
+ secret keyrings.
+
+`--skip-verify'
+ Skip the signature verification step. This may be used to make the
+ decryption faster if the signature verification is not needed.
+
+`--with-key-data'
+ Print key listings delimited by colons (like `--with-colons') and
+ print the public key data.
+
+`--fast-list-mode'
+ Changes the output of the list commands to work faster; this is
+ achieved by leaving some parts empty. Some applications don't need
+ the user ID and the trust information given in the listings. By
+ using this options they can get a faster listing. The exact
+ behaviour of this option may change in future versions. If you
+ are missing some information, don't use this option.
+
+`--no-literal'
+ This is not for normal use. Use the source to see for what it
+ might be useful.
+
+`--set-filesize'
+ This is not for normal use. Use the source to see for what it
+ might be useful.
+
+`--show-session-key'
+ Display the session key used for one message. See
+ `--override-session-key' for the counterpart of this option.
+
+ We think that Key Escrow is a Bad Thing; however the user should
+ have the freedom to decide whether to go to prison or to reveal
+ the content of one specific message without compromising all
+ messages ever encrypted for one secret key. DON'T USE IT UNLESS
+ YOU ARE REALLY FORCED TO DO SO.
+
+`--override-session-key `string''
+ Don't use the public key but the session key `string'. The format
+ of this string is the same as the one printed by
+ `--show-session-key'. This option is normally not used but comes
+ handy in case someone forces you to reveal the content of an
+ encrypted message; using this option you can do this without
+ handing out the secret key.
+
+`--ask-sig-expire'
+`--no-ask-sig-expire'
+ When making a data signature, prompt for an expiration time. If
+ this option is not specified, the expiration time set via
+ `--default-sig-expire' is used. `--no-ask-sig-expire' disables
+ this option.
+
+`--default-sig-expire'
+ The default expiration time to use for signature expiration. Valid
+ values are "0" for no expiration, a number followed by the letter d
+ (for days), w (for weeks), m (for months), or y (for years) (for
+ example "2m" for two months, or "5y" for five years), or an
+ absolute date in the form YYYY-MM-DD. Defaults to "0".
+
+`--ask-cert-expire'
+`--no-ask-cert-expire'
+ When making a key signature, prompt for an expiration time. If this
+ option is not specified, the expiration time set via
+ `--default-cert-expire' is used. `--no-ask-cert-expire' disables
+ this option.
+
+`--default-cert-expire'
+ The default expiration time to use for key signature expiration.
+ Valid values are "0" for no expiration, a number followed by the
+ letter d (for days), w (for weeks), m (for months), or y (for
+ years) (for example "2m" for two months, or "5y" for five years),
+ or an absolute date in the form YYYY-MM-DD. Defaults to "0".
+
+`--allow-secret-key-import'
+ This is an obsolete option and is not used anywhere.
+
+`--allow-multiple-messages'
+
+`--no-allow-multiple-messages'
+ Allow processing of multiple OpenPGP messages contained in a
+ single file or stream. Some programs that call GPG are not
+ prepared to deal with multiple messages being processed together,
+ so this option defaults to no. Note that versions of GPG prior to
+ 1.4.7 always allowed multiple messages.
+
+ Warning: Do not use this option unless you need it as a temporary
+ workaround!
+
+`--enable-special-filenames'
+ This options enables a mode in which filenames of the form `-&n',
+ where n is a non-negative decimal number, refer to the file
+ descriptor n and not to a file with that name.
+
+`--no-expensive-trust-checks'
+ Experimental use only.
+
+`--preserve-permissions'
+ Don't change the permissions of a secret keyring back to user
+ read/write only. Use this option only if you really know what you
+ are doing.
+
+`--default-preference-list `string''
+ Set the list of default preferences to `string'. This preference
+ list is used for new keys and becomes the default for "setpref" in
+ the edit menu.
+
+`--default-keyserver-url `name''
+ Set the default keyserver URL to `name'. This keyserver will be
+ used as the keyserver URL when writing a new self-signature on a
+ key, which includes key generation and changing preferences.
+
+`--list-config'
+ Display various internal configuration parameters of GnuPG. This
+ option is intended for external programs that call GnuPG to
+ perform tasks, and is thus not generally useful. See the file
+ `doc/DETAILS' in the source distribution for the details of which
+ configuration items may be listed. `--list-config' is only usable
+ with `--with-colons' set.
+
+`--gpgconf-list'
+ This command is similar to `--list-config' but in general only
+ internally used by the `gpgconf' tool.
+
+`--gpgconf-test'
+ This is more or less dummy action. However it parses the
+ configuration file and returns with failure if the configuration
+ file would prevent `gpg' from startup. Thus it may be used to run
+ a syntax check on the configuration file.
+
+
+3.2.7 Deprecated options
+------------------------
+
+`--show-photos'
+`--no-show-photos'
+ Causes `--list-keys', `--list-sigs', `--list-public-keys',
+ `--list-secret-keys', and verifying a signature to also display
+ the photo ID attached to the key, if any. See also
+ `--photo-viewer'. These options are deprecated. Use
+ `--list-options [no-]show-photos' and/or `--verify-options
+ [no-]show-photos' instead.
+
+`--show-keyring'
+ Display the keyring name at the head of key listings to show which
+ keyring a given key resides on. This option is deprecated: use
+ `--list-options [no-]show-keyring' instead.
+
+`--always-trust'
+ Identical to `--trust-model always'. This option is deprecated.
+
+`--show-notation'
+`--no-show-notation'
+ Show signature notations in the `--list-sigs' or `--check-sigs'
+ listings as well as when verifying a signature with a notation in
+ it. These options are deprecated. Use `--list-options
+ [no-]show-notation' and/or `--verify-options [no-]show-notation'
+ instead.
+
+`--show-policy-url'
+`--no-show-policy-url'
+ Show policy URLs in the `--list-sigs' or `--check-sigs' listings
+ as well as when verifying a signature with a policy URL in it.
+ These options are deprecated. Use `--list-options
+ [no-]show-policy-url' and/or `--verify-options
+ [no-]show-policy-url' instead.
+
+
+ ---------- Footnotes ----------
+
+ (1) Using a little social engineering anyone who is able to decrypt
+the message can check whether one of the other recipients is the one he
+suspects.
+
+
+File: gnupg.info, Node: GPG Configuration, Next: GPG Examples, Prev: GPG Options, Up: Invoking GPG
+
+3.3 Configuration files
+=======================
+
+There are a few configuration files to control certain aspects of
+`gpg2''s operation. Unless noted, they are expected in the current home
+directory (*note option --homedir::).
+
+`gpg.conf'
+ This is the standard configuration file read by `gpg2' on
+ startup. It may contain any valid long option; the leading two
+ dashes may not be entered and the option may not be abbreviated.
+ This default name may be changed on the command line (*note
+ option --options::). You should backup this file.
+
+
+ Note that on larger installations, it is useful to put predefined
+files into the directory `/etc/skel/.gnupg/' so that newly created users
+start up with a working configuration. For existing users the a small
+helper script is provided to create these files (*note addgnupghome::).
+
+ For internal purposes `gpg2' creates and maintains a few other
+files; They all live in in the current home directory (*note option
+--homedir::). Only the `gpg2' may modify these files.
+
+`~/.gnupg/secring.gpg'
+ The secret keyring. You should backup this file.
+
+`~/.gnupg/secring.gpg.lock'
+ The lock file for the secret keyring.
+
+`~/.gnupg/pubring.gpg'
+ The public keyring. You should backup this file.
+
+`~/.gnupg/pubring.gpg.lock'
+ The lock file for the public keyring.
+
+`~/.gnupg/trustdb.gpg'
+ The trust database. There is no need to backup this file; it is
+ better to backup the ownertrust values (*note option
+ --export-ownertrust::).
+
+`~/.gnupg/trustdb.gpg.lock'
+ The lock file for the trust database.
+
+`~/.gnupg/random_seed'
+ A file used to preserve the state of the internal random pool.
+
+`/usr[/local]/share/gnupg/options.skel'
+ The skeleton options file.
+
+`/usr[/local]/lib/gnupg/'
+ Default location for extensions.
+
+
+ Operation is further controlled by a few environment variables:
+
+HOME
+ Used to locate the default home directory.
+
+GNUPGHOME
+ If set directory used instead of "~/.gnupg".
+
+GPG_AGENT_INFO
+ Used to locate the gpg-agent. The value consists of 3 colon
+ delimited fields: The first is the path to the Unix Domain
+ Socket, the second the PID of the gpg-agent and the protocol
+ version which should be set to 1. When starting the gpg-agent as
+ described in its documentation, this variable is set to the correct
+ value. The option `--gpg-agent-info' can be used to override it.
+
+PINENTRY_USER_DATA
+ This value is passed via gpg-agent to pinentry. It is useful to
+ convey extra information to a custom pinentry.
+
+COLUMNS
+LINES
+ Used to size some displays to the full size of the screen.
+
+LANGUAGE
+ Apart from its use by GNU, it is used in the W32 version to
+ override the language selection done through the Registry. If
+ used and set to a valid and available language name (LANGID),
+ the file with the translation is loaded from
+
+ `GPGDIR/gnupg.nls/LANGID.mo'. Here GPGDIR is the directory out
+ of which the gpg binary has been loaded. If it can't be loaded
+ the Registry is tried and as last resort the native Windows
+ locale system is used.
+
+
+
+File: gnupg.info, Node: GPG Examples, Next: Unattended Usage of GPG, Prev: GPG Configuration, Up: Invoking GPG
+
+3.4 Examples
+============
+
+gpg -se -r `Bob' `file'
+ sign and encrypt for user Bob
+
+gpg -clearsign `file'
+ make a clear text signature
+
+gpg -sb `file'
+ make a detached signature
+
+gpg -u 0x12345678 -sb `file'
+ make a detached signature with the key 0x12345678
+
+gpg -list-keys `user_ID'
+ show keys
+
+gpg -fingerprint `user_ID'
+ show fingerprint
+
+gpg -verify `pgpfile'
+gpg -verify `sigfile'
+ Verify the signature of the file but do not output the data. The
+ second form is used for detached signatures, where `sigfile' is
+ the detached signature (either ASCII armored or binary) and are
+ the signed data; if this is not given, the name of the file
+ holding the signed data is constructed by cutting off the
+ extension (".asc" or ".sig") of `sigfile' or by asking the user
+ for the filename.
+
+RETURN VALUE
+************
+
+The program returns 0 if everything was fine, 1 if at least a signature
+was bad, and other error codes for fatal errors.
+
+WARNINGS
+********
+
+Use a *good* password for your user account and a *good* passphrase to
+protect your secret key. This passphrase is the weakest part of the
+whole system. Programs to do dictionary attacks on your secret keyring
+are very easy to write and so you should protect your "~/.gnupg/"
+directory very well.
+
+ Keep in mind that, if this program is used over a network (telnet),
+it is *very* easy to spy out your passphrase!
+
+ If you are going to verify detached signatures, make sure that the
+program knows about it; either give both filenames on the command line
+or use `-' to specify STDIN.
+
+INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS
+********************************************
+
+GnuPG tries to be a very flexible implementation of the OpenPGP
+standard. In particular, GnuPG implements many of the optional parts of
+the standard, such as the SHA-512 hash, and the ZLIB and BZIP2
+compression algorithms. It is important to be aware that not all
+OpenPGP programs implement these optional algorithms and that by
+forcing their use via the `--cipher-algo', `--digest-algo',
+`--cert-digest-algo', or `--compress-algo' options in GnuPG, it is
+possible to create a perfectly valid OpenPGP message, but one that
+cannot be read by the intended recipient.
+
+ There are dozens of variations of OpenPGP programs available, and
+each supports a slightly different subset of these optional algorithms.
+For example, until recently, no (unhacked) version of PGP supported the
+BLOWFISH cipher algorithm. A message using BLOWFISH simply could not be
+read by a PGP user. By default, GnuPG uses the standard OpenPGP
+preferences system that will always do the right thing and create
+messages that are usable by all recipients, regardless of which OpenPGP
+program they use. Only override this safe default if you really know
+what you are doing.
+
+ If you absolutely must override the safe default, or if the
+preferences on a given key are invalid for some reason, you are far
+better off using the `--pgp6', `--pgp7', or `--pgp8' options. These
+options are safe as they do not force any particular algorithms in
+violation of OpenPGP, but rather reduce the available algorithms to a
+"PGP-safe" list.
+
+BUGS
+****
+
+On older systems this program should be installed as setuid(root). This
+is necessary to lock memory pages. Locking memory pages prevents the
+operating system from writing memory pages (which may contain
+passphrases or other sensitive material) to disk. If you get no warning
+message about insecure memory your operating system supports locking
+without being root. The program drops root privileges as soon as locked
+memory is allocated.
+
+ Note also that some systems (especially laptops) have the ability to
+"suspend to disk" (also known as "safe sleep" or "hibernate"). This
+writes all memory to disk before going into a low power or even powered
+off mode. Unless measures are taken in the operating system to protect
+the saved memory, passphrases or other sensitive material may be
+recoverable from it later.
+
+ Before you report a bug you should first search the mailing list
+archives for similar problems and second check whether such a bug has
+already been reported to our bug tracker at http://bugs.gnupg.org .
+
+
+File: gnupg.info, Node: Unattended Usage of GPG, Prev: GPG Examples, Up: Invoking GPG
+
+3.5 Unattended Usage
+====================
+
+`gpg' is often used as a backend engine by other software. To help
+with this a machine interface has been defined to have an unambiguous
+way to do this. The options `--status-fd' and `--batch' are almost
+always required for this.
+
+* Menu:
+
+* Unattended GPG key generation:: Unattended key generation
+
+
+File: gnupg.info, Node: Unattended GPG key generation, Up: Unattended Usage of GPG
+
+3.6 Unattended key generation
+=============================
+
+The command `--gen-key' may be used along with the option `--batch' for
+unattended key generation. The parameters are either read from stdin
+or given as a file on the command line. The format of the parameter
+file is as follows:
+
+ * Text only, line length is limited to about 1000 characters.
+
+ * UTF-8 encoding must be used to specify non-ASCII characters.
+
+ * Empty lines are ignored.
+
+ * Leading and trailing while space is ignored.
+
+ * A hash sign as the first non white space character indicates a
+ comment line.
+
+ * Control statements are indicated by a leading percent sign, the
+ arguments are separated by white space from the keyword.
+
+ * Parameters are specified by a keyword, followed by a colon.
+ Arguments are separated by white space.
+
+ * The first parameter must be `Key-Type'; control statements may be
+ placed anywhere.
+
+ * The order of the parameters does not matter except for `Key-Type'
+ which must be the first parameter. The parameters are only used
+ for the generated keyblock (primary and subkeys); parameters
+ from previous sets are not used. Some syntactically checks may
+ be performed.
+
+ * Key generation takes place when either the end of the parameter
+ file is reached, the next `Key-Type' parameter is encountered or
+ at the control statement `%commit' is encountered.
+
+Control statements:
+
+%echo TEXT
+ Print TEXT as diagnostic.
+
+%dry-run
+ Suppress actual key generation (useful for syntax checking).
+
+%commit
+ Perform the key generation. Note that an implicit commit is done
+ at the next Key-Type parameter.
+
+%pubring FILENAME
+%secring FILENAME
+ Do not write the key to the default or commandline given keyring
+ but to FILENAME. This must be given before the first commit to
+ take place, duplicate specification of the same filename is
+ ignored, the last filename before a commit is used. The filename
+ is used until a new filename is used (at commit points) and all
+ keys are written to that file. If a new filename is given, this
+ file is created (and overwrites an existing one). For GnuPG
+ versions prior to 2.1, both control statements must be given. For
+ GnuPG 2.1 and later `%secring' is a no-op.
+
+%ask-passphrase
+%no-ask-passphrase
+ Enable (or disable) a mode where the command `passphrase' is
+ ignored and instead the usual passphrase dialog is used. This does
+ not make sense for batch key generation; however the unattended key
+ generation feature is also used by GUIs and this feature
+ relinquishes the GUI from implementing its own passphrase entry
+ code. These are global control statements and affect all future
+ key genrations.
+
+%no-protection
+ Since GnuPG version 2.1 it is not anymore possible to specify a
+ passphrase for unattended key generation. The passphrase command
+ is simply ignored and `%ask-passpharse' is thus implicitly enabled.
+ Using this option allows the creation of keys without any
+ passphrase protection. This option is mainly intended for
+ regression tests.
+
+%transient-key
+ If given the keys are created using a faster and a somewhat less
+ secure random number generator. This option may be used for keys
+ which are only used for a short time and do not require full
+ cryptographic strength. It takes only effect if used together with
+ the control statement `%no-protection'.
+
+
+General Parameters:
+
+Key-Type: ALGO
+ Starts a new parameter block by giving the type of the primary
+ key. The algorithm must be capable of signing. This is a required
+ parameter. ALGO may either be an OpenPGP algorithm number or a
+ string with the algorithm name. The special value `default' may
+ be used for ALGO to create the default key type; in this case a
+ `Key-Usage' shall not be given and `default' also be used for
+ `Subkey-Type'.
+
+Key-Length: NBITS
+ The requested length of the generated key in bits. The default is
+ returned by running the command `gpg2 --gpgconf-list'.
+
+Key-Grip: HEXSTRING
+ This is optional and used to generate a CSR or certificate for an
+ already existing key. Key-Length will be ignored when given.
+
+Key-Usage: USAGE-LIST
+ Space or comma delimited list of key usages. Allowed values are
+ `encrypt', `sign', and `auth'. This is used to generate the key
+ flags. Please make sure that the algorithm is capable of this
+ usage. Note that OpenPGP requires that all primary keys are
+ capable of certification, so no matter what usage is given here,
+ the `cert' flag will be on. If no `Key-Usage' is specified and
+ the `Key-Type' is not `default', all allowed usages for that
+ particular algorithm are used; if it is not given but `default' is
+ used the usage will be `sign'.
+
+Subkey-Type: ALGO
+ This generates a secondary key (subkey). Currently only one subkey
+ can be handled. See also `Key-Type' above.
+
+Subkey-Length: NBITS
+ Length of the secondary key (subkey) in bits. The default is
+ returned by running the command `gpg2 --gpgconf-list'".
+
+Subkey-Usage: USAGE-LIST
+ Key usage lists for a subkey; similar to `Key-Usage'.
+
+Passphrase: STRING
+ If you want to specify a passphrase for the secret key, enter it
+ here. Default is not to use any passphrase.
+
+Name-Real: NAME
+Name-Comment: COMMENT
+Name-Email: EMAIL
+ The three parts of a user name. Remember to use UTF-8 encoding
+ here. If you don't give any of them, no user ID is created.
+
+Expire-Date: ISO-DATE|(NUMBER[d|w|m|y])
+ Set the expiration date for the key (and the subkey). It may
+ either be entered in ISO date format (2000-08-15) or as number of
+ days, weeks, month or years. The special notation "seconds=N" is
+ also allowed to directly give an Epoch value. Without a letter
+ days are assumed. Note that there is no check done on the
+ overflow of the type used by OpenPGP for timestamps. Thus you
+ better make sure that the given value make sense. Although
+ OpenPGP works with time intervals, GnuPG uses an absolute value
+ internally and thus the last year we can represent is 2105.
+
+Ceation-Date: ISO-DATE
+ Set the creation date of the key as stored in the key information
+ and which is also part of the fingerprint calculation. Either a
+ date like "1986-04-26" or a full timestamp like "19860426T042640"
+ may be used. The time is considered to be UTC. If it is not
+ given the current time is used.
+
+Preferences: STRING
+ Set the cipher, hash, and compression preference values for this
+ key. This expects the same type of string as the sub-command
+ `setpref' in the `--edit-key' menu.
+
+Revoker: ALGO:FPR [sensitive]
+ Add a designated revoker to the generated key. Algo is the public
+ key algorithm of the designated revoker (i.e. RSA=1, DSA=17, etc.)
+ FPR is the fingerprint of the designated revoker. The optional
+ `sensitive' flag marks the designated revoker as sensitive
+ information. Only v4 keys may be designated revokers.
+
+Keyserver: STRING
+ This is an optional parameter that specifies the preferred
+ keyserver URL for the key.
+
+Handle: STRING
+ This is an optional parameter only used with the status lines
+ KEY_CREATED and KEY_NOT_CREATED. STRING may be up to 100
+ characters and should not contain spaces. It is useful for batch
+ key generation to associate a key parameter block with a status
+ line.
+
+
+Here is an example on how to create a key:
+ $ cat >foo <<EOF
+ %echo Generating a basic OpenPGP key
+ Key-Type: DSA
+ Key-Length: 1024
+ Subkey-Type: ELG-E
+ Subkey-Length: 1024
+ Name-Real: Joe Tester
+ Name-Comment: with stupid passphrase
+ Name-Email: joe@foo.bar
+ Expire-Date: 0
+ Passphrase: abc
+ %pubring foo.pub
+ %secring foo.sec
+ # Do a commit here, so that we can later print "done" :-)
+ %commit
+ %echo done
+ EOF
+ $ gpg2 --batch --gen-key foo
+ [...]
+ $ gpg2 --no-default-keyring --secret-keyring ./foo.sec \
+ --keyring ./foo.pub --list-secret-keys
+ /home/wk/work/gnupg-stable/scratch/foo.sec
+ ------------------------------------------
+ sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe@foo.bar>
+ ssb 1024g/8F70E2C0 2000-03-09
+
+If you want to create a key with the default algorithms you would use
+these parameters:
+ %echo Generating a default key
+ Key-Type: default
+ Subkey-Type: default
+ Name-Real: Joe Tester
+ Name-Comment: with stupid passphrase
+ Name-Email: joe@foo.bar
+ Expire-Date: 0
+ Passphrase: abc
+ %pubring foo.pub
+ %secring foo.sec
+ # Do a commit here, so that we can later print "done" :-)
+ %commit
+ %echo done
+
+
+File: gnupg.info, Node: Invoking GPGSM, Next: Invoking SCDAEMON, Prev: Invoking GPG, Up: Top
+
+4 Invoking GPGSM
+****************
+
+`gpgsm' is a tool similar to `gpg' to provide digital encryption and
+signing services on X.509 certificates and the CMS protocol. It is
+mainly used as a backend for S/MIME mail processing. `gpgsm' includes
+a full featured certificate management and complies with all rules
+defined for the German Sphinx project.
+
+ *Note Option Index::, for an index to `GPGSM''s commands and options.
+
+* Menu:
+
+* GPGSM Commands:: List of all commands.
+* GPGSM Options:: List of all options.
+* GPGSM Configuration:: Configuration files.
+* GPGSM Examples:: Some usage examples.
+
+Developer information:
+* Unattended Usage:: Using `gpgsm' from other programs.
+* GPGSM Protocol:: The protocol the server mode uses.
+
+
+File: gnupg.info, Node: GPGSM Commands, Next: GPGSM Options, Up: Invoking GPGSM
+
+4.1 Commands
+============
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+* Menu:
+
+* General GPGSM Commands:: Commands not specific to the functionality.
+* Operational GPGSM Commands:: Commands to select the type of operation.
+* Certificate Management:: How to manage certificates.
+
+
+File: gnupg.info, Node: General GPGSM Commands, Next: Operational GPGSM Commands, Up: GPGSM Commands
+
+4.1.1 Commands not specific to the function
+-------------------------------------------
+
+`--version'
+ Print the program version and licensing information. Note that you
+ cannot abbreviate this command.
+
+`--help, -h'
+ Print a usage message summarizing the most useful command-line
+ options. Note that you cannot abbreviate this command.
+
+`--warranty'
+ Print warranty information. Note that you cannot abbreviate this
+ command.
+
+`--dump-options'
+ Print a list of all available options and commands. Note that you
+ cannot abbreviate this command.
+
+
+File: gnupg.info, Node: Operational GPGSM Commands, Next: Certificate Management, Prev: General GPGSM Commands, Up: GPGSM Commands
+
+4.1.2 Commands to select the type of operation
+----------------------------------------------
+
+`--encrypt'
+ Perform an encryption. The keys the data is encrypted too must be
+ set using the option `--recipient'.
+
+`--decrypt'
+ Perform a decryption; the type of input is automatically
+ determined. It may either be in binary form or PEM encoded;
+ automatic determination of base-64 encoding is not done.
+
+`--sign'
+ Create a digital signature. The key used is either the fist one
+ found in the keybox or those set with the `--local-user' option.
+
+`--verify'
+ Check a signature file for validity. Depending on the arguments a
+ detached signature may also be checked.
+
+`--server'
+ Run in server mode and wait for commands on the `stdin'.
+
+`--call-dirmngr COMMAND [ARGS]'
+ Behave as a Dirmngr client issuing the request COMMAND with the
+ optional list of ARGS. The output of the Dirmngr is printed
+ stdout. Please note that file names given as arguments should
+ have an absolute file name (i.e. commencing with `/' because they
+ are passed verbatim to the Dirmngr and the working directory of the
+ Dirmngr might not be the same as the one of this client.
+ Currently it is not possible to pass data via stdin to the
+ Dirmngr. COMMAND should not contain spaces.
+
+ This is command is required for certain maintaining tasks of the
+ dirmngr where a dirmngr must be able to call back to `gpgsm'. See
+ the Dirmngr manual for details.
+
+`--call-protect-tool ARGUMENTS'
+ Certain maintenance operations are done by an external program call
+ `gpg-protect-tool'; this is usually not installed in a directory
+ listed in the PATH variable. This command provides a simple
+ wrapper to access this tool. ARGUMENTS are passed verbatim to
+ this command; use `--help' to get a list of supported operations.
+
+
+
+File: gnupg.info, Node: Certificate Management, Prev: Operational GPGSM Commands, Up: GPGSM Commands
+
+4.1.3 How to manage the certificates and keys
+---------------------------------------------
+
+`--gen-key'
+ -This command allows the creation of a certificate signing
+ request. It -is commonly used along with the `--output' option to
+ save the -created CSR into a file. If used with the `--batch' a
+ parameter -file is used to create the CSR.
+
+`--list-keys'
+`-k'
+ List all available certificates stored in the local key database.
+ Note that the displayed data might be reformatted for better human
+ readability and illegal characters are replaced by safe
+ substitutes.
+
+`--list-secret-keys'
+`-K'
+ List all available certificates for which a corresponding a secret
+ key is available.
+
+`--list-external-keys PATTERN'
+ List certificates matching PATTERN using an external server. This
+ utilizes the `dirmngr' service.
+
+`--list-chain'
+ Same as `--list-keys' but also prints all keys making up the chain.
+
+`--dump-cert'
+`--dump-keys'
+ List all available certificates stored in the local key database
+ using a format useful mainly for debugging.
+
+`--dump-chain'
+ Same as `--dump-keys' but also prints all keys making up the chain.
+
+`--dump-secret-keys'
+ List all available certificates for which a corresponding a secret
+ key is available using a format useful mainly for debugging.
+
+`--dump-external-keys PATTERN'
+ List certificates matching PATTERN using an external server. This
+ utilizes the `dirmngr' service. It uses a format useful mainly
+ for debugging.
+
+`--keydb-clear-some-cert-flags'
+ This is a debugging aid to reset certain flags in the key database
+ which are used to cache certain certificate stati. It is
+ especially useful if a bad CRL or a weird running OCSP responder
+ did accidentally revoke certificate. There is no security issue
+ with this command because `gpgsm' always make sure that the
+ validity of a certificate is checked right before it is used.
+
+`--delete-keys PATTERN'
+ Delete the keys matching PATTERN. Note that there is no command
+ to delete the secret part of the key directly. In case you need
+ to do this, you should run the command `gpgsm --dump-secret-keys
+ KEYID' before you delete the key, copy the string of hex-digits in
+ the "keygrip" line and delete the file consisting of these
+ hex-digits and the suffix `.key' from the `private-keys-v1.d'
+ directory below our GnuPG home directory (usually `~/.gnupg').
+
+`--export [PATTERN]'
+ Export all certificates stored in the Keybox or those specified by
+ the optional PATTERN. Those pattern consist of a list of user ids
+ (*note how-to-specify-a-user-id::). When used along with the
+ `--armor' option a few informational lines are prepended before
+ each block. There is one limitation: As there is no commonly
+ agreed upon way to pack more than one certificate into an ASN.1
+ structure, the binary export (i.e. without using `armor') works
+ only for the export of one certificate. Thus it is required to
+ specify a PATTERN which yields exactly one certificate. Ephemeral
+ certificate are only exported if all PATTERN are given as
+ fingerprints or keygrips.
+
+`--export-secret-key-p12 KEY-ID'
+ Export the private key and the certificate identified by KEY-ID in
+ a PKCS#12 format. When using along with the `--armor' option a few
+ informational lines are prepended to the output. Note, that the
+ PKCS#12 format is not very secure and this command is only
+ provided if there is no other way to exchange the private key.
+ (*note option --p12-charset::)
+
+`--import [FILES]'
+ Import the certificates from the PEM or binary encoded files as
+ well as from signed-only messages. This command may also be used
+ to import a secret key from a PKCS#12 file.
+
+`--learn-card'
+ Read information about the private keys from the smartcard and
+ import the certificates from there. This command utilizes the
+ `gpg-agent' and in turn the `scdaemon'.
+
+`--passwd USER_ID'
+ Change the passphrase of the private key belonging to the
+ certificate specified as USER_ID. Note, that changing the
+ passphrase/PIN of a smartcard is not yet supported.
+
+
+
+File: gnupg.info, Node: GPGSM Options, Next: GPGSM Configuration, Prev: GPGSM Commands, Up: Invoking GPGSM
+
+4.2 Option Summary
+==================
+
+`GPGSM' features a bunch of options to control the exact behaviour and
+to change the default configuration.
+
+* Menu:
+
+* Configuration Options:: How to change the configuration.
+* Certificate Options:: Certificate related options.
+* Input and Output:: Input and Output.
+* CMS Options:: How to change how the CMS is created.
+* Esoteric Options:: Doing things one usually do not want to do.
+
+
+File: gnupg.info, Node: Configuration Options, Next: Certificate Options, Up: GPGSM Options
+
+4.2.1 How to change the configuration
+-------------------------------------
+
+These options are used to change the configuration and are usually found
+in the option file.
+
+`--options FILE'
+ Reads configuration from FILE instead of from the default per-user
+ configuration file. The default configuration file is named
+ `gpgsm.conf' and expected in the `.gnupg' directory directly below
+ the home directory of the user.
+
+`--homedir DIR'
+ Set the name of the home directory to DIR. If this option is not
+ used, the home directory defaults to `~/.gnupg'. It is only
+ recognized when given on the command line. It also overrides any
+ home directory stated through the environment variable `GNUPGHOME'
+ or (on W32 systems) by means of the Registry entry
+ HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR.
+
+`-v'
+
+`--verbose'
+ Outputs additional information while running. You can increase
+ the verbosity by giving several verbose commands to `gpgsm', such
+ as `-vv'.
+
+`--policy-file FILENAME'
+ Change the default name of the policy file to FILENAME.
+
+`--agent-program FILE'
+ Specify an agent program to be used for secret key operations. The
+ default value is the `/usr/local/bin/gpg-agent'. This is only used
+ as a fallback when the environment variable `GPG_AGENT_INFO' is not
+ set or a running agent cannot be connected.
+
+`--dirmngr-program FILE'
+ Specify a dirmngr program to be used for CRL checks. The default
+ value is `/usr/sbin/dirmngr'. This is only used as a fallback
+ when the environment variable `DIRMNGR_INFO' is not set or a
+ running dirmngr cannot be connected.
+
+`--prefer-system-dirmngr'
+ If a system wide `dirmngr' is running in daemon mode, first try to
+ connect to this one. Fallback to a pipe based server if this does
+ not work. Under Windows this option is ignored because the system
+ dirmngr is always used.
+
+`--disable-dirmngr'
+ Entirely disable the use of the Dirmngr.
+
+`--no-secmem-warning'
+ Do not print a warning when the so called "secure memory" cannot
+ be used.
+
+`--log-file FILE'
+ When running in server mode, append all logging output to FILE.
+
+
+
+File: gnupg.info, Node: Certificate Options, Next: Input and Output, Prev: Configuration Options, Up: GPGSM Options
+
+4.2.2 Certificate related options
+---------------------------------
+
+`--enable-policy-checks'
+`--disable-policy-checks'
+ By default policy checks are enabled. These options may be used to
+ change it.
+
+`--enable-crl-checks'
+`--disable-crl-checks'
+ By default the CRL checks are enabled and the DirMngr is used to
+ check for revoked certificates. The disable option is most useful
+ with an off-line network connection to suppress this check.
+
+`--enable-trusted-cert-crl-check'
+`--disable-trusted-cert-crl-check'
+ By default the CRL for trusted root certificates are checked like
+ for any other certificates. This allows a CA to revoke its own
+ certificates voluntary without the need of putting all ever issued
+ certificates into a CRL. The disable option may be used to switch
+ this extra check off. Due to the caching done by the Dirmngr,
+ there will not be any noticeable performance gain. Note, that
+ this also disables possible OCSP checks for trusted root
+ certificates. A more specific way of disabling this check is by
+ adding the "relax" keyword to the root CA line of the
+ `trustlist.txt'
+
+`--force-crl-refresh'
+ Tell the dirmngr to reload the CRL for each request. For better
+ performance, the dirmngr will actually optimize this by suppressing
+ the loading for short time intervals (e.g. 30 minutes). This option
+ is useful to make sure that a fresh CRL is available for
+ certificates hold in the keybox. The suggested way of doing this
+ is by using it along with the option `--with-validation' for a key
+ listing command. This option should not be used in a
+ configuration file.
+
+`--enable-ocsp'
+`--disable-ocsp'
+ By default OCSP checks are disabled. The enable option may be
+ used to enable OCSP checks via Dirmngr. If CRL checks are also
+ enabled, CRLs will be used as a fallback if for some reason an
+ OCSP request will not succeed. Note, that you have to allow OCSP
+ requests in Dirmngr's configuration too (option `--allow-ocsp')
+ and configure Dirmngr properly. If you do not do so you will get
+ the error code `Not supported'.
+
+`--auto-issuer-key-retrieve'
+ If a required certificate is missing while validating the chain of
+ certificates, try to load that certificate from an external
+ location. This usually means that Dirmngr is employed to search
+ for the certificate. Note that this option makes a "web bug" like
+ behavior possible. LDAP server operators can see which keys you
+ request, so by sending you a message signed by a brand new key
+ (which you naturally will not have on your local keybox), the
+ operator can tell both your IP address and the time when you
+ verified the signature.
+
+`--validation-model NAME'
+ This option changes the default validation model. The only
+ possible values are "shell" (which is the default), "chain" which
+ forces the use of the chain model and "steed" for a new simplified
+ model. The chain model is also used if an option in the
+ `trustlist.txt' or an attribute of the certificate requests it.
+ However the standard model (shell) is in that case always tried
+ first.
+
+`--ignore-cert-extension OID'
+ Add OID to the list of ignored certificate extensions. The OID is
+ expected to be in dotted decimal form, like `2.5.29.3'. This
+ option may be used more than once. Critical flagged certificate
+ extensions matching one of the OIDs in the list are treated as if
+ they are actually handled and thus the certificate will not be
+ rejected due to an unknown critical extension. Use this option
+ with care because extensions are usually flagged as critical for a
+ reason.
+
+
+
+File: gnupg.info, Node: Input and Output, Next: CMS Options, Prev: Certificate Options, Up: GPGSM Options
+
+4.2.3 Input and Output
+----------------------
+
+`--armor'
+`-a'
+ Create PEM encoded output. Default is binary output.
+
+`--base64'
+ Create Base-64 encoded output; i.e. PEM without the header lines.
+
+`--assume-armor'
+ Assume the input data is PEM encoded. Default is to autodetect the
+ encoding but this is may fail.
+
+`--assume-base64'
+ Assume the input data is plain base-64 encoded.
+
+`--assume-binary'
+ Assume the input data is binary encoded.
+
+`--p12-charset NAME'
+ `gpgsm' uses the UTF-8 encoding when encoding passphrases for
+ PKCS#12 files. This option may be used to force the passphrase to
+ be encoded in the specified encoding NAME. This is useful if the
+ application used to import the key uses a different encoding and
+ thus will not be able to import a file generated by `gpgsm'.
+ Commonly used values for NAME are `Latin1' and `CP850'. Note that
+ `gpgsm' itself automagically imports any file with a passphrase
+ encoded to the most commonly used encodings.
+
+`--default-key USER_ID'
+ Use USER_ID as the standard key for signing. This key is used if
+ no other key has been defined as a signing key. Note, that the
+ first `--local-users' option also sets this key if it has not yet
+ been set; however `--default-key' always overrides this.
+
+`--local-user USER_ID'
+
+`-u USER_ID'
+ Set the user(s) to be used for signing. The default is the first
+ secret key found in the database.
+
+`--recipient NAME'
+`-r'
+ Encrypt to the user id NAME. There are several ways a user id may
+ be given (*note how-to-specify-a-user-id::).
+
+`--output FILE'
+`-o FILE'
+ Write output to FILE. The default is to write it to stdout.
+
+`--with-key-data'
+ Displays extra information with the `--list-keys' commands.
+ Especially a line tagged `grp' is printed which tells you the
+ keygrip of a key. This string is for example used as the file
+ name of the secret key.
+
+`--with-validation'
+ When doing a key listing, do a full validation check for each key
+ and print the result. This is usually a slow operation because it
+ requires a CRL lookup and other operations.
+
+ When used along with -import, a validation of the certificate to
+ import is done and only imported if it succeeds the test. Note
+ that this does not affect an already available certificate in the
+ DB. This option is therefore useful to simply verify a
+ certificate.
+
+`--with-md5-fingerprint'
+ For standard key listings, also print the MD5 fingerprint of the
+ certificate.
+
+`--with-keygrip'
+ Include the keygrip in standard key listings. Note that the
+ keygrip is always listed in -with-colons mode.
+
+
+
+File: gnupg.info, Node: CMS Options, Next: Esoteric Options, Prev: Input and Output, Up: GPGSM Options
+
+4.2.4 How to change how the CMS is created.
+-------------------------------------------
+
+`--include-certs N'
+ Using N of -2 includes all certificate except for the root cert,
+ -1 includes all certs, 0 does not include any certs, 1 includes
+ only the signers cert and all other positive values include up to N
+ certificates starting with the signer cert. The default is -2.
+
+`--cipher-algo OID'
+ Use the cipher algorithm with the ASN.1 object identifier OID for
+ encryption. For convenience the strings `3DES', `AES' and
+ `AES256' may be used instead of their OIDs. The default is `3DES'
+ (1.2.840.113549.3.7).
+
+`--digest-algo `name''
+ Use `name' as the message digest algorithm. Usually this
+ algorithm is deduced from the respective signing certificate. This
+ option forces the use of the given algorithm and may lead to severe
+ interoperability problems.
+
+
+
+File: gnupg.info, Node: Esoteric Options, Prev: CMS Options, Up: GPGSM Options
+
+4.2.5 Doing things one usually do not want to do.
+-------------------------------------------------
+
+`--extra-digest-algo NAME'
+ Sometimes signatures are broken in that they announce a different
+ digest algorithm than actually used. `gpgsm' uses a one-pass data
+ processing model and thus needs to rely on the announced digest
+ algorithms to properly hash the data. As a workaround this option
+ may be used to tell gpg to also hash the data using the algorithm
+ NAME; this slows processing down a little bit but allows to verify
+ such broken signatures. If `gpgsm' prints an error like "digest
+ algo 8 has not been enabled" you may want to try this option, with
+ `SHA256' for NAME.
+
+`--faked-system-time EPOCH'
+ This option is only useful for testing; it sets the system time
+ back or forth to EPOCH which is the number of seconds elapsed
+ since the year 1970. Alternatively EPOCH may be given as a full
+ ISO time string (e.g. "20070924T154812").
+
+`--with-ephemeral-keys'
+ Include ephemeral flagged keys in the output of key listings. Note
+ that they are included anyway if the key specification for a
+ listing is given as fingerprint or keygrip.
+
+`--debug-level LEVEL'
+ Select the debug level for investigating problems. LEVEL may be a
+ numeric value or by a keyword:
+
+ `none'
+ No debugging at all. A value of less than 1 may be used
+ instead of the keyword.
+
+ `basic'
+ Some basic debug messages. A value between 1 and 2 may be
+ used instead of the keyword.
+
+ `advanced'
+ More verbose debug messages. A value between 3 and 5 may be
+ used instead of the keyword.
+
+ `expert'
+ Even more detailed messages. A value between 6 and 8 may be
+ used instead of the keyword.
+
+ `guru'
+ All of the debug messages you can get. A value greater than 8
+ may be used instead of the keyword. The creation of hash
+ tracing files is only enabled if the keyword is used.
+
+ How these messages are mapped to the actual debugging flags is not
+ specified and may change with newer releases of this program. They
+ are however carefully selected to best aid in debugging.
+
+`--debug FLAGS'
+ This option is only useful for debugging and the behaviour may
+ change at any time without notice; using `--debug-levels' is the
+ preferred method to select the debug verbosity. FLAGS are bit
+ encoded and may be given in usual C-Syntax. The currently defined
+ bits are:
+
+ `0 (1)'
+ X.509 or OpenPGP protocol related data
+
+ `1 (2)'
+ values of big number integers
+
+ `2 (4)'
+ low level crypto operations
+
+ `5 (32)'
+ memory allocation
+
+ `6 (64)'
+ caching
+
+ `7 (128)'
+ show memory statistics.
+
+ `9 (512)'
+ write hashed data to files named `dbgmd-000*'
+
+ `10 (1024)'
+ trace Assuan protocol
+
+ Note, that all flags set using this option may get overridden by
+ `--debug-level'.
+
+`--debug-all'
+ Same as `--debug=0xffffffff'
+
+`--debug-allow-core-dump'
+ Usually `gpgsm' tries to avoid dumping core by well written code
+ and by disabling core dumps for security reasons. However, bugs
+ are pretty durable beasts and to squash them it is sometimes
+ useful to have a core dump. This option enables core dumps unless
+ the Bad Thing happened before the option parsing.
+
+`--debug-no-chain-validation'
+ This is actually not a debugging option but only useful as such.
+ It lets `gpgsm' bypass all certificate chain validation checks.
+
+`--debug-ignore-expiration'
+ This is actually not a debugging option but only useful as such.
+ It lets `gpgsm' ignore all notAfter dates, this is used by the
+ regression tests.
+
+`--fixed-passphrase STRING'
+ Supply the passphrase STRING to the gpg-protect-tool. This option
+ is only useful for the regression tests included with this package
+ and may be revised or removed at any time without notice.
+
+`--no-common-certs-import'
+ Suppress the import of common certificates on keybox creation.
+
+
+ All the long options may also be given in the configuration file
+after stripping off the two leading dashes.
+
+
+File: gnupg.info, Node: GPGSM Configuration, Next: GPGSM Examples, Prev: GPGSM Options, Up: Invoking GPGSM
+
+4.3 Configuration files
+=======================
+
+There are a few configuration files to control certain aspects of
+`gpgsm''s operation. Unless noted, they are expected in the current
+home directory (*note option --homedir::).
+
+`gpgsm.conf'
+ This is the standard configuration file read by `gpgsm' on
+ startup. It may contain any valid long option; the leading two
+ dashes may not be entered and the option may not be abbreviated.
+ This default name may be changed on the command line (*note option
+ --options::). You should backup this file.
+
+`policies.txt'
+ This is a list of allowed CA policies. This file should list the
+ object identifiers of the policies line by line. Empty lines and
+ lines starting with a hash mark are ignored. Policies missing in
+ this file and not marked as critical in the certificate will print
+ only a warning; certificates with policies marked as critical and
+ not listed in this file will fail the signature verification. You
+ should backup this file.
+
+ For example, to allow only the policy 2.289.9.9, the file should
+ look like this:
+
+ # Allowed policies
+ 2.289.9.9
+
+`qualified.txt'
+ This is the list of root certificates used for qualified
+ certificates. They are defined as certificates capable of
+ creating legally binding signatures in the same way as handwritten
+ signatures are. Comments start with a hash mark and empty lines
+ are ignored. Lines do have a length limit but this is not a
+ serious limitation as the format of the entries is fixed and
+ checked by gpgsm: A non-comment line starts with optional
+ whitespace, followed by exactly 40 hex character, white space and
+ a lowercased 2 letter country code. Additional data delimited with
+ by a white space is current ignored but might late be used for
+ other purposes.
+
+ Note that even if a certificate is listed in this file, this does
+ not mean that the certificate is trusted; in general the
+ certificates listed in this file need to be listed also in
+ `trustlist.txt'.
+
+ This is a global file an installed in the data directory (e.g.
+ `/usr/share/gnupg/qualified.txt'). GnuPG installs a suitable file
+ with root certificates as used in Germany. As new Root-CA
+ certificates may be issued over time, these entries may need to be
+ updated; new distributions of this software should come with an
+ updated list but it is still the responsibility of the
+ Administrator to check that this list is correct.
+
+ Everytime `gpgsm' uses a certificate for signing or verification
+ this file will be consulted to check whether the certificate under
+ question has ultimately been issued by one of these CAs. If this
+ is the case the user will be informed that the verified signature
+ represents a legally binding ("qualified") signature. When
+ creating a signature using such a certificate an extra prompt will
+ be issued to let the user confirm that such a legally binding
+ signature shall really be created.
+
+ Because this software has not yet been approved for use with such
+ certificates, appropriate notices will be shown to indicate this
+ fact.
+
+`help.txt'
+ This is plain text file with a few help entries used with
+ `pinentry' as well as a large list of help items for `gpg' and
+ `gpgsm'. The standard file has English help texts; to install
+ localized versions use filenames like `help.LL.txt' with LL
+ denoting the locale. GnuPG comes with a set of predefined help
+ files in the data directory (e.g. `/usr/share/gnupg/help.de.txt')
+ and allows overriding of any help item by help files stored in the
+ system configuration directory (e.g. `/etc/gnupg/help.de.txt').
+ For a reference of the help file's syntax, please see the installed
+ `help.txt' file.
+
+`com-certs.pem'
+ This file is a collection of common certificates used to populated
+ a newly created `pubring.kbx'. An administrator may replace this
+ file with a custom one. The format is a concatenation of PEM
+ encoded X.509 certificates. This global file is installed in the
+ data directory (e.g. `/usr/share/gnupg/com-certs.pem').
+
+
+ Note that on larger installations, it is useful to put predefined
+files into the directory `/etc/skel/.gnupg/' so that newly created users
+start up with a working configuration. For existing users a small
+helper script is provided to create these files (*note addgnupghome::).
+
+ For internal purposes gpgsm creates and maintains a few other files;
+they all live in in the current home directory (*note option
+--homedir::). Only `gpgsm' may modify these files.
+
+`pubring.kbx'
+ This a database file storing the certificates as well as meta
+ information. For debugging purposes the tool `kbxutil' may be
+ used to show the internal structure of this file. You should
+ backup this file.
+
+`random_seed'
+ This content of this file is used to maintain the internal state
+ of the random number generator across invocations. The same file
+ is used by other programs of this software too.
+
+`S.gpg-agent'
+ If this file exists and the environment variable `GPG_AGENT_INFO'
+ is not set, `gpgsm' will first try to connect to this socket for
+ accessing `gpg-agent' before starting a new `gpg-agent' instance.
+ Under Windows this socket (which in reality be a plain file
+ describing a regular TCP listening port) is the standard way of
+ connecting the `gpg-agent'.
+
+
+
+File: gnupg.info, Node: GPGSM Examples, Next: Unattended Usage, Prev: GPGSM Configuration, Up: Invoking GPGSM
+
+4.4 Examples
+============
+
+ $ gpgsm -er goo@bar.net <plaintext >ciphertext
+
+
+File: gnupg.info, Node: Unattended Usage, Next: GPGSM Protocol, Prev: GPGSM Examples, Up: Invoking GPGSM
+
+4.5 Unattended Usage
+====================
+
+`gpgsm' is often used as a backend engine by other software. To help
+with this a machine interface has been defined to have an unambiguous
+way to do this. This is most likely used with the `--server' command
+but may also be used in the standard operation mode by using the
+`--status-fd' option.
+
+* Menu:
+
+* Automated signature checking:: Automated signature checking.
+* CSR and certificate creation:: CSR and certificate creation.
+
+
+File: gnupg.info, Node: Automated signature checking, Up: Unattended Usage
+
+4.6 Automated signature checking
+================================
+
+It is very important to understand the semantics used with signature
+verification. Checking a signature is not as simple as it may sound and
+so the operation is a bit complicated. In most cases it is required to
+look at several status lines. Here is a table of all cases a signed
+message may have:
+
+The signature is valid
+ This does mean that the signature has been successfully verified,
+ the certificates are all sane. However there are two subcases with
+ important information: One of the certificates may have expired
+ or a signature of a message itself as expired. It is a sound
+ practise to consider such a signature still as valid but
+ additional information should be displayed. Depending on the
+ subcase `gpgsm' will issue these status codes:
+ signature valid and nothing did expire
+ `GOODSIG', `VALIDSIG', `TRUST_FULLY'
+
+ signature valid but at least one certificate has expired
+ `EXPKEYSIG', `VALIDSIG', `TRUST_FULLY'
+
+ signature valid but expired
+ `EXPSIG', `VALIDSIG', `TRUST_FULLY' Note, that this case is
+ currently not implemented.
+
+The signature is invalid
+ This means that the signature verification failed (this is an
+ indication of af a transfer error, a program error or tampering
+ with the message). `gpgsm' issues one of these status codes
+ sequences:
+ ``BADSIG''
+
+ ``GOODSIG', `VALIDSIG' `TRUST_NEVER''
+
+Error verifying a signature
+ For some reason the signature could not be verified, i.e. it
+ cannot be decided whether the signature is valid or invalid. A
+ common reason for this is a missing certificate.
+
+
+
+File: gnupg.info, Node: CSR and certificate creation, Up: Unattended Usage
+
+4.7 CSR and certificate creation
+================================
+
+*Please notice*: The immediate creation of certificates is only
+supported by GnuPG version 2.1 or later. With a 2.0 version you may
+only create a CSR.
+
+The command `--gen-key' may be used along with the option `--batch' to
+either create a certificate signing request (CSR) or an X.509
+certificate. The is controlled by a parameter file; the format of this
+file is as follows:
+
+ * Text only, line length is limited to about 1000 characters.
+
+ * UTF-8 encoding must be used to specify non-ASCII characters.
+
+ * Empty lines are ignored.
+
+ * Leading and trailing while space is ignored.
+
+ * A hash sign as the first non white space character indicates a
+ comment line.
+
+ * Control statements are indicated by a leading percent sign, the
+ arguments are separated by white space from the keyword.
+
+ * Parameters are specified by a keyword, followed by a colon.
+ Arguments are separated by white space.
+
+ * The first parameter must be `Key-Type', control statements may be
+ placed anywhere.
+
+ * The order of the parameters does not matter except for `Key-Type'
+ which must be the first parameter. The parameters are only used
+ for the generated CSR/certificate; parameters from previous sets
+ are not used. Some syntactically checks may be performed.
+
+ * Key generation takes place when either the end of the parameter
+ file is reached, the next `Key-Type' parameter is encountered or
+ at the control statement `%commit' is encountered.
+
+Control statements:
+
+%echo TEXT
+ Print TEXT as diagnostic.
+
+%dry-run
+ Suppress actual key generation (useful for syntax checking).
+
+%commit
+ Perform the key generation. Note that an implicit commit is done
+ at the next Key-Type parameter.
+
+
+General Parameters:
+
+Key-Type: ALGO
+ Starts a new parameter block by giving the type of the primary
+ key. The algorithm must be capable of signing. This is a required
+ parameter. The only supported value for ALGO is `rsa'.
+
+Key-Length: NBITS
+ The requested length of a generated key in bits. Defaults to 2048.
+
+Key-Grip: HEXSTRING
+ This is optional and used to generate a CSR or certificatet for an
+ already existing key. Key-Length will be ignored when given.
+
+Key-Usage: USAGE-LIST
+ Space or comma delimited list of key usage, allowed values are
+ `encrypt', `sign' and `cert'. This is used to generate the
+ keyUsage extension. Please make sure that the algorithm is
+ capable of this usage. Default is to allow encrypt and sign.
+
+Name-DN: SUBJECT-NAME
+ This is the Distinguished Name (DN) of the subject in RFC-2253
+ format.
+
+Name-Email: STRING
+ This is an email address for the altSubjectName. This parameter is
+ optional but may occur several times to add several email
+ addresses to a certificate.
+
+Name-DNS: STRING
+ The is an DNS name for the altSubjectName. This parameter is
+ optional but may occur several times to add several DNS names to a
+ certificate.
+
+Name-URI: STRING
+ This is an URI for the altSubjectName. This parameter is optional
+ but may occur several times to add several URIs to a certificate.
+
+Additional parameters used to create a certificate (in contrast to a
+certificate signing request):
+
+Serial: SN
+ If this parameter is given an X.509 certificate will be generated.
+ SN is expected to be a hex string representing an unsigned integer
+ of arbitary length. The special value `random' can be used to
+ create a 64 bit random serial number.
+
+Issuer-DN: ISSUER-NAME
+ This is the DN name of the issuer in rfc2253 format. If it is not
+ set it will default to the subject DN and a special GnuPG
+ extension will be included in the certificate to mark it as a
+ standalone certificate.
+
+Creation-Date: ISO-DATE
+Not-Before: ISO-DATE
+ Set the notBefore date of the certificate. Either a date like
+ `1986-04-26' or `1986-04-26 12:00' or a standard ISO timestamp
+ like `19860426T042640' may be used. The time is considered to be
+ UTC. If it is not given the current date is used.
+
+Expire-Date: ISO-DATE
+Not-After: ISO-DATE
+ Set the notAfter date of the certificate. Either a date like
+ `2063-04-05' or `2063-04-05 17:00' or a standard ISO timestamp
+ like `20630405T170000' may be used. The time is considered to be
+ UTC. If it is not given a default value in the not too far future
+ is used.
+
+Signing-Key: KEYGRIP
+ This gives the keygrip of the key used to sign the certificate.
+ If it is not given a self-signed certificate will be created. For
+ compatibility with future versions, it is suggested to prefix the
+ keygrip with a `&'.
+
+Hash-Algo: HASH-ALGO
+ Use HASH-ALGO for this CSR or certificate. The supported hash
+ algorithms are: `sha1', `sha256', `sha384' and `sha512'; they may
+ also be specified with uppercase letters. The default is `sha1'.
+
+
+
+File: gnupg.info, Node: GPGSM Protocol, Prev: Unattended Usage, Up: Invoking GPGSM
+
+4.8 The Protocol the Server Mode Uses.
+======================================
+
+Description of the protocol used to access `GPGSM'. `GPGSM' does
+implement the Assuan protocol and in addition provides a regular
+command line interface which exhibits a full client to this protocol
+(but uses internal linking). To start `gpgsm' as a server the command
+line the option `--server' must be used. Additional options are
+provided to select the communication method (i.e. the name of the
+socket).
+
+ We assume that the connection has already been established; see the
+Assuan manual for details.
+
+* Menu:
+
+* GPGSM ENCRYPT:: Encrypting a message.
+* GPGSM DECRYPT:: Decrypting a message.
+* GPGSM SIGN:: Signing a message.
+* GPGSM VERIFY:: Verifying a message.
+* GPGSM GENKEY:: Generating a key.
+* GPGSM LISTKEYS:: List available keys.
+* GPGSM EXPORT:: Export certificates.
+* GPGSM IMPORT:: Import certificates.
+* GPGSM DELETE:: Delete certificates.
+* GPGSM GETINFO:: Information about the process
+
+
+File: gnupg.info, Node: GPGSM ENCRYPT, Next: GPGSM DECRYPT, Up: GPGSM Protocol
+
+4.8.1 Encrypting a Message
+--------------------------
+
+Before encryption can be done the recipient must be set using the
+command:
+
+ RECIPIENT USERID
+
+ Set the recipient for the encryption. USERID should be the internal
+representation of the key; the server may accept any other way of
+specification. If this is a valid and trusted recipient the server
+does respond with OK, otherwise the return is an ERR with the reason why
+the recipient cannot be used, the encryption will then not be done for
+this recipient. If the policy is not to encrypt at all if not all
+recipients are valid, the client has to take care of this. All
+`RECIPIENT' commands are cumulative until a `RESET' or an successful
+`ENCRYPT' command.
+
+ INPUT FD[=N] [--armor|--base64|--binary]
+
+ Set the file descriptor for the message to be encrypted to N.
+Obviously the pipe must be open at that point, the server establishes
+its own end. If the server returns an error the client should consider
+this session failed. If N is not given, this commands uses the last
+file descriptor passed to the application. *Note the assuan_sendfd
+function: (assuan)fun-assuan_sendfd, on how to do descriptor passing.
+
+ The `--armor' option may be used to advice the server that the input
+data is in PEM format, `--base64' advices that a raw base-64 encoding
+is used, `--binary' advices of raw binary input (BER). If none of
+these options is used, the server tries to figure out the used
+encoding, but this may not always be correct.
+
+ OUTPUT FD[=N] [--armor|--base64]
+
+ Set the file descriptor to be used for the output (i.e. the encrypted
+message). Obviously the pipe must be open at that point, the server
+establishes its own end. If the server returns an error he client
+should consider this session failed.
+
+ The option armor encodes the output in PEM format, the `--base64'
+option applies just a base 64 encoding. No option creates binary
+output (BER).
+
+ The actual encryption is done using the command
+
+ ENCRYPT
+
+ It takes the plaintext from the `INPUT' command, writes to the
+ciphertext to the file descriptor set with the `OUTPUT' command, take
+the recipients from all the recipients set so far. If this command
+fails the clients should try to delete all output currently done or
+otherwise mark it as invalid. `GPGSM' does ensure that there will not
+be any security problem with leftover data on the output in this case.
+
+ This command should in general not fail, as all necessary checks have
+been done while setting the recipients. The input and output pipes are
+closed.
+
+
+File: gnupg.info, Node: GPGSM DECRYPT, Next: GPGSM SIGN, Prev: GPGSM ENCRYPT, Up: GPGSM Protocol
+
+4.8.2 Decrypting a message
+--------------------------
+
+Input and output FDs are set the same way as in encryption, but `INPUT'
+refers to the ciphertext and output to the plaintext. There is no need
+to set recipients. `GPGSM' automatically strips any S/MIME headers
+from the input, so it is valid to pass an entire MIME part to the INPUT
+pipe.
+
+ The encryption is done by using the command
+
+ DECRYPT
+
+ It performs the decrypt operation after doing some check on the
+internal state. (e.g. that all needed data has been set). Because it
+utilizes the GPG-Agent for the session key decryption, there is no need
+to ask the client for a protecting passphrase - GpgAgent takes care of
+this by requesting this from the user.
+
+
+File: gnupg.info, Node: GPGSM SIGN, Next: GPGSM VERIFY, Prev: GPGSM DECRYPT, Up: GPGSM Protocol
+
+4.8.3 Signing a Message
+-----------------------
+
+Signing is usually done with these commands:
+
+ INPUT FD[=N] [--armor|--base64|--binary]
+
+ This tells `GPGSM' to read the data to sign from file descriptor N.
+
+ OUTPUT FD[=M] [--armor|--base64]
+
+ Write the output to file descriptor M. If a detached signature is
+requested, only the signature is written.
+
+ SIGN [--detached]
+
+ Sign the data set with the INPUT command and write it to the sink
+set by OUTPUT. With `--detached', a detached signature is created
+(surprise).
+
+ The key used for signing is the default one or the one specified in
+the configuration file. To get finer control over the keys, it is
+possible to use the command
+
+ SIGNER USERID
+
+ to the signer's key. USERID should be the internal representation
+of the key; the server may accept any other way of specification. If
+this is a valid and trusted recipient the server does respond with OK,
+otherwise the return is an ERR with the reason why the key cannot be
+used, the signature will then not be created using this key. If the
+policy is not to sign at all if not all keys are valid, the client has
+to take care of this. All `SIGNER' commands are cumulative until a
+`RESET' is done. Note that a `SIGN' does not reset this list of
+signers which is in contrats to the `RECIPIENT' command.
+
+
+File: gnupg.info, Node: GPGSM VERIFY, Next: GPGSM GENKEY, Prev: GPGSM SIGN, Up: GPGSM Protocol
+
+4.8.4 Verifying a Message
+-------------------------
+
+To verify a mesage the command:
+
+ VERIFY
+
+ is used. It does a verify operation on the message send to the input
+FD. The result is written out using status lines. If an output FD was
+given, the signed text will be written to that. If the signature is a
+detached one, the server will inquire about the signed material and the
+client must provide it.
+
+
+File: gnupg.info, Node: GPGSM GENKEY, Next: GPGSM LISTKEYS, Prev: GPGSM VERIFY, Up: GPGSM Protocol
+
+4.8.5 Generating a Key
+----------------------
+
+This is used to generate a new keypair, store the secret part in the
+PSE and the public key in the key database. We will probably add
+optional commands to allow the client to select whether a hardware
+token is used to store the key. Configuration options to `GPGSM' can
+be used to restrict the use of this command.
+
+ GENKEY
+
+ `GPGSM' checks whether this command is allowed and then does an
+INQUIRY to get the key parameters, the client should then send the key
+parameters in the native format:
+
+ S: INQUIRE KEY_PARAM native
+ C: D foo:fgfgfg
+ C: D bar
+ C: END
+
+ Please note that the server may send Status info lines while reading
+the data lines from the client. After this the key generation takes
+place and the server eventually does send an ERR or OK response.
+Status lines may be issued as a progress indicator.
+
+
+File: gnupg.info, Node: GPGSM LISTKEYS, Next: GPGSM EXPORT, Prev: GPGSM GENKEY, Up: GPGSM Protocol
+
+4.8.6 List available keys
+-------------------------
+
+To list the keys in the internal database or using an external key
+provider, the command:
+
+ LISTKEYS PATTERN
+
+ is used. To allow multiple patterns (which are ORed during the
+search) quoting is required: Spaces are to be translated into "+" or
+into "%20"; in turn this requires that the usual escape quoting rules
+are done.
+
+ LISTSECRETKEYS PATTERN
+
+ Lists only the keys where a secret key is available.
+
+ The list commands commands are affected by the option
+
+ OPTION list-mode=MODE
+
+ where mode may be:
+`0'
+ Use default (which is usually the same as 1).
+
+`1'
+ List only the internal keys.
+
+`2'
+ List only the external keys.
+
+`3'
+ List internal and external keys.
+
+ Note that options are valid for the entire session.
+
+
+File: gnupg.info, Node: GPGSM EXPORT, Next: GPGSM IMPORT, Prev: GPGSM LISTKEYS, Up: GPGSM Protocol
+
+4.8.7 Export certificates
+-------------------------
+
+To export certificate from the internal key database the command:
+
+ EXPORT [--data [--armor] [--base64]] [--] PATTERN
+
+ is used. To allow multiple patterns (which are ORed) quoting is
+required: Spaces are to be translated into "+" or into "%20"; in turn
+this requires that the usual escape quoting rules are done.
+
+ If the `--data' option has not been given, the format of the output
+depends on what was set with the OUTPUT command. When using PEM
+encoding a few informational lines are prepended.
+
+ If the `--data' has been given, a target set via OUTPUT is ignored
+and the data is returned inline using standard `D'-lines. This avoids
+the need for an extra file descriptor. In this case the options
+`--armor' and `--base64' may be used in the same way as with the OUTPUT
+command.
+
+
+File: gnupg.info, Node: GPGSM IMPORT, Next: GPGSM DELETE, Prev: GPGSM EXPORT, Up: GPGSM Protocol
+
+4.8.8 Import certificates
+-------------------------
+
+To import certificates into the internal key database, the command
+
+ IMPORT [--re-import]
+
+ is used. The data is expected on the file descriptor set with the
+`INPUT' command. Certain checks are performed on the certificate.
+Note that the code will also handle PKCS#12 files and import private
+keys; a helper program is used for that.
+
+ With the option `--re-import' the input data is expected to a be a
+linefeed separated list of fingerprints. The command will re-import
+the corresponding certificates; that is they are made permanent by
+removing their ephemeral flag.
+
+
+File: gnupg.info, Node: GPGSM DELETE, Next: GPGSM GETINFO, Prev: GPGSM IMPORT, Up: GPGSM Protocol
+
+4.8.9 Delete certificates
+-------------------------
+
+To delete a certificate the command
+
+ DELKEYS PATTERN
+
+ is used. To allow multiple patterns (which are ORed) quoting is
+required: Spaces are to be translated into "+" or into "%20"; in turn
+this requires that the usual escape quoting rules are done.
+
+ The certificates must be specified unambiguously otherwise an error
+is returned.
+
+
+File: gnupg.info, Node: GPGSM GETINFO, Prev: GPGSM DELETE, Up: GPGSM Protocol
+
+4.8.10 Return information about the process
+-------------------------------------------
+
+This is a multipurpose function to return a variety of information.
+
+ GETINFO WHAT
+
+ The value of WHAT specifies the kind of information returned:
+`version'
+ Return the version of the program.
+
+`pid'
+ Return the process id of the process.
+
+`agent-check'
+ Return success if the agent is running.
+
+`cmd_has_option CMD OPT'
+ Return success if the command CMD implements the option OPT. The
+ leading two dashes usually used with OPT shall not be given.
+
+
+File: gnupg.info, Node: Invoking SCDAEMON, Next: Specify a User ID, Prev: Invoking GPGSM, Up: Top
+
+5 Invoking the SCDAEMON
+***********************
+
+The `scdaemon' is a daemon to manage smartcards. It is usually invoked
+by `gpg-agent' and in general not used directly.
+
+ *Note Option Index::, for an index to `scdaemon''s commands and
+options.
+
+* Menu:
+
+* Scdaemon Commands:: List of all commands.
+* Scdaemon Options:: List of all options.
+* Card applications:: Description of card applications.
+* Scdaemon Configuration:: Configuration files.
+* Scdaemon Examples:: Some usage examples.
+* Scdaemon Protocol:: The protocol the daemon uses.
+
+
+File: gnupg.info, Node: Scdaemon Commands, Next: Scdaemon Options, Up: Invoking SCDAEMON
+
+5.1 Commands
+============
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+`--version'
+ Print the program version and licensing information. Not that you
+ can abbreviate this command.
+
+`--help, -h'
+ Print a usage message summarizing the most useful command-line
+ options. Not that you can abbreviate this command.
+
+`--dump-options'
+ Print a list of all available options and commands. Not that you
+ can abbreviate this command.
+
+`--server'
+ Run in server mode and wait for commands on the `stdin'. This is
+ default mode is to create a socket and listen for commands there.
+
+`--multi-server'
+ Run in server mode and wait for commands on the `stdin' as well as
+ on an additional Unix Domain socket. The server command `GETINFO'
+ may be used to get the name of that extra socket.
+
+`--daemon'
+ Run the program in the background. This option is required to
+ prevent it from being accidentally running in the background.
+
+
+
+File: gnupg.info, Node: Scdaemon Options, Next: Card applications, Prev: Scdaemon Commands, Up: Invoking SCDAEMON
+
+5.2 Option Summary
+==================
+
+`--options FILE'
+ Reads configuration from FILE instead of from the default per-user
+ configuration file. The default configuration file is named
+ `scdaemon.conf' and expected in the `.gnupg' directory directly
+ below the home directory of the user.
+
+`--homedir DIR'
+ Set the name of the home directory to DIR. If this option is not
+ used, the home directory defaults to `~/.gnupg'. It is only
+ recognized when given on the command line. It also overrides any
+ home directory stated through the environment variable `GNUPGHOME'
+ or (on W32 systems) by means of the Registry entry
+ HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR.
+
+`-v'
+
+`--verbose'
+ Outputs additional information while running. You can increase
+ the verbosity by giving several verbose commands to `gpgsm', such
+ as `-vv'.
+
+`--debug-level LEVEL'
+ Select the debug level for investigating problems. LEVEL may be a
+ numeric value or a keyword:
+
+ `none'
+ No debugging at all. A value of less than 1 may be used
+ instead of the keyword.
+
+ `basic'
+ Some basic debug messages. A value between 1 and 2 may be
+ used instead of the keyword.
+
+ `advanced'
+ More verbose debug messages. A value between 3 and 5 may be
+ used instead of the keyword.
+
+ `expert'
+ Even more detailed messages. A value between 6 and 8 may be
+ used instead of the keyword.
+
+ `guru'
+ All of the debug messages you can get. A value greater than 8
+ may be used instead of the keyword. The creation of hash
+ tracing files is only enabled if the keyword is used.
+
+ How these messages are mapped to the actual debugging flags is not
+ specified and may change with newer releases of this program. They
+ are however carefully selected to best aid in debugging.
+
+ Note: All debugging options are subject to change and thus
+ should not be used by any application program. As the name
+ says, they are only used as helpers to debug problems.
+
+`--debug FLAGS'
+ This option is only useful for debugging and the behaviour may
+ change at any time without notice. FLAGS are bit encoded and may
+ be given in usual C-Syntax. The currently defined bits are:
+
+ `0 (1)'
+ command I/O
+
+ `1 (2)'
+ values of big number integers
+
+ `2 (4)'
+ low level crypto operations
+
+ `5 (32)'
+ memory allocation
+
+ `6 (64)'
+ caching
+
+ `7 (128)'
+ show memory statistics.
+
+ `9 (512)'
+ write hashed data to files named `dbgmd-000*'
+
+ `10 (1024)'
+ trace Assuan protocol. See also option
+ `--debug-assuan-log-cats'.
+
+ `11 (2048)'
+ trace APDU I/O to the card. This may reveal sensitive data.
+
+ `12 (4096)'
+ trace some card reader related function calls.
+
+`--debug-all'
+ Same as `--debug=0xffffffff'
+
+`--debug-wait N'
+ When running in server mode, wait N seconds before entering the
+ actual processing loop and print the pid. This gives time to
+ attach a debugger.
+
+`--debug-ccid-driver'
+ Enable debug output from the included CCID driver for smartcards.
+ Using this option twice will also enable some tracing of the T=1
+ protocol. Note that this option may reveal sensitive data.
+
+`--debug-disable-ticker'
+ This option disables all ticker functions like checking for card
+ insertions.
+
+`--debug-allow-core-dump'
+ For security reasons we won't create a core dump when the process
+ aborts. For debugging purposes it is sometimes better to allow
+ core dump. This options enables it and also changes the working
+ directory to `/tmp' when running in `--server' mode.
+
+`--debug-log-tid'
+ This option appends a thread ID to the PID in the log output.
+
+`--debug-assuan-log-cats CATS'
+ Changes the active Libassuan logging categories to CATS. The
+ value for CATS is an unsigned integer given in usual C-Syntax. A
+ value of of 0 switches to a default category. If this option is
+ not used the categories are taken from the environment variable
+ `ASSUAN_DEBUG'. Note that this option has only an effect if the
+ Assuan debug flag has also been with the option `--debug'. For a
+ list of categories see the Libassuan manual.
+
+`--no-detach'
+ Don't detach the process from the console. This is mainly useful
+ for debugging.
+
+`--log-file FILE'
+ Append all logging output to FILE. This is very helpful in seeing
+ what the agent actually does.
+
+`--pcsc-driver LIBRARY'
+ Use LIBRARY to access the smartcard reader. The current default
+ is `libpcsclite.so'. Instead of using this option you might also
+ want to install a symbolic link to the default file name (e.g.
+ from `libpcsclite.so.1').
+
+`--ctapi-driver LIBRARY'
+ Use LIBRARY to access the smartcard reader. The current default
+ is `libtowitoko.so'. Note that the use of this interface is
+ deprecated; it may be removed in future releases.
+
+`--disable-ccid'
+ Disable the integrated support for CCID compliant readers. This
+ allows to fall back to one of the other drivers even if the
+ internal CCID driver can handle the reader. Note, that CCID
+ support is only available if libusb was available at build time.
+
+`--reader-port NUMBER_OR_STRING'
+ This option may be used to specify the port of the card terminal.
+ A value of 0 refers to the first serial device; add 32768 to
+ access USB devices. The default is 32768 (first USB device).
+ PC/SC or CCID readers might need a string here; run the program in
+ verbose mode to get a list of available readers. The default is
+ then the first reader found.
+
+ To get a list of available CCID readers you may use this command:
+ echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ {print $2}'
+
+`--card-timeout N'
+ If N is not 0 and no client is actively using the card, the card
+ will be powered down after N seconds. Powering down the card
+ avoids a potential risk of damaging a card when used with certain
+ cheap readers. This also allows non Scdaemon aware applications to
+ access the card. The disadvantage of using a card timeout is that
+ accessing the card takes longer and that the user needs to enter
+ the PIN again after the next power up.
+
+ Note that with the current version of Scdaemon the card is powered
+ down immediately at the next timer tick for any value of N other
+ than 0.
+
+`--disable-keypad'
+ Even if a card reader features a keypad, do not try to use it.
+
+`--deny-admin'
+ This option disables the use of admin class commands for card
+ applications where this is supported. Currently we support it for
+ the OpenPGP card. This commands is useful to inhibit accidental
+ access to admin class command which could ultimately lock the card
+ through wrong PIN numbers. Note that GnuPG versions older than
+ 2.0.11 featured an `--allow-admin' command which was required to
+ use such admin commands. This option has no more effect today
+ because the default is now to allow admin commands.
+
+`--disable-application NAME'
+ This option disables the use of the card application named NAME.
+ This is mainly useful for debugging or if a application with lower
+ priority should be used by default.
+
+
+ All the long options may also be given in the configuration file
+after stripping off the two leading dashes.
+
+
+File: gnupg.info, Node: Card applications, Next: Scdaemon Configuration, Prev: Scdaemon Options, Up: Invoking SCDAEMON
+
+5.3 Description of card applications
+====================================
+
+`scdaemon' supports the card applications as described below.
+
+* Menu:
+
+* OpenPGP Card:: The OpenPGP card application
+* NKS Card:: The Telesec NetKey card application
+* DINSIG Card:: The DINSIG card application
+* PKCS#15 Card:: The PKCS#15 card application
+* Geldkarte Card:: The Geldkarte application
+* Undefined Card:: The Undefined stub application
+
+
+File: gnupg.info, Node: OpenPGP Card, Next: NKS Card, Up: Card applications
+
+5.3.1 The OpenPGP card application "openpgp"
+--------------------------------------------
+
+This application is currently only used by `gpg' but may in future also
+be useful with `gpgsm'. Version 1 and version 2 of the card is
+supported.
+
+ The specifications for these cards are available at
+`http://g10code.com/docs/openpgp-card-1.0.pdf' and
+`http://g10code.com/docs/openpgp-card-2.0.pdf'.
+
+
+File: gnupg.info, Node: NKS Card, Next: DINSIG Card, Prev: OpenPGP Card, Up: Card applications
+
+5.3.2 The Telesec NetKey card "nks"
+-----------------------------------
+
+This is the main application of the Telesec cards as available in
+Germany. It is a superset of the German DINSIG card. The card is used
+by `gpgsm'.
+
+
+File: gnupg.info, Node: DINSIG Card, Next: PKCS#15 Card, Prev: NKS Card, Up: Card applications
+
+5.3.3 The DINSIG card application "dinsig"
+------------------------------------------
+
+This is an application as described in the German draft standard _DIN V
+66291-1_. It is intended to be used by cards supporting the German
+signature law and its bylaws (SigG and SigV).
+
+
+File: gnupg.info, Node: PKCS#15 Card, Next: Geldkarte Card, Prev: DINSIG Card, Up: Card applications
+
+5.3.4 The PKCS#15 card application "p15"
+----------------------------------------
+
+This is common framework for smart card applications. It is used by
+`gpgsm'.
+
+
+File: gnupg.info, Node: Geldkarte Card, Next: Undefined Card, Prev: PKCS#15 Card, Up: Card applications
+
+5.3.5 The Geldkarte card application "geldkarte"
+------------------------------------------------
+
+This is a simple application to display information of a German
+Geldkarte. The Geldkarte is a small amount debit card application which
+comes with almost all German banking cards.
+
+
+File: gnupg.info, Node: Undefined Card, Prev: Geldkarte Card, Up: Card applications
+
+5.3.6 The Undefined card application "undefined"
+------------------------------------------------
+
+This is a stub application to allow the use of the APDU command even if
+no supported application is found on the card. This application is not
+used automatically but must be explicitly requested using the SERIALNO
+command.
+
+
+File: gnupg.info, Node: Scdaemon Configuration, Next: Scdaemon Examples, Prev: Card applications, Up: Invoking SCDAEMON
+
+5.4 Configuration files
+=======================
+
+There are a few configuration files to control certain aspects of
+`scdaemons''s operation. Unless noted, they are expected in the current
+home directory (*note option --homedir::).
+
+`scdaemon.conf'
+ This is the standard configuration file read by `scdaemon' on
+ startup. It may contain any valid long option; the leading two
+ dashes may not be entered and the option may not be abbreviated.
+ This default name may be changed on the command line (*note option
+ --options::).
+
+`scd-event'
+ If this file is present and executable, it will be called on veyer
+ card reader's status changed. An example of this script is
+ provided with the distribution
+
+`reader_N.status'
+ This file is created by `sdaemon' to let other applications now
+ about reader status changes. Its use is now deprecated in favor of
+ `scd-event'.
+
+
+
+File: gnupg.info, Node: Scdaemon Examples, Next: Scdaemon Protocol, Prev: Scdaemon Configuration, Up: Invoking SCDAEMON
+
+5.5 Examples
+============
+
+ $ scdaemon --server -v
+
+
+File: gnupg.info, Node: Scdaemon Protocol, Prev: Scdaemon Examples, Up: Invoking SCDAEMON
+
+5.6 Scdaemon's Assuan Protocol
+==============================
+
+The SC-Daemon should be started by the system to provide access to
+external tokens. Using Smartcards on a multi-user system does not make
+much sense expect for system services, but in this case no regular user
+accounts are hosted on the machine.
+
+ A client connects to the SC-Daemon by connecting to the socket named
+`/var/run/scdaemon/socket', configuration information is read from
+/ETC/SCDAEMON.CONF
+
+ Each connection acts as one session, SC-Daemon takes care of
+synchronizing access to a token between sessions.
+
+* Menu:
+
+* Scdaemon SERIALNO:: Return the serial number.
+* Scdaemon LEARN:: Read all useful information from the card.
+* Scdaemon READCERT:: Return a certificate.
+* Scdaemon READKEY:: Return a public key.
+* Scdaemon PKSIGN:: Signing data with a Smartcard.
+* Scdaemon PKDECRYPT:: Decrypting data with a Smartcard.
+* Scdaemon GETATTR:: Read an attribute's value.
+* Scdaemon SETATTR:: Update an attribute's value.
+* Scdaemon WRITEKEY:: Write a key to a card.
+* Scdaemon GENKEY:: Generate a new key on-card.
+* Scdaemon RANDOM:: Return random bytes generate on-card.
+* Scdaemon PASSWD:: Change PINs.
+* Scdaemon CHECKPIN:: Perform a VERIFY operation.
+* Scdaemon RESTART:: Restart connection
+* Scdaemon APDU:: Send a verbatim APDU to the card
+
+
+File: gnupg.info, Node: Scdaemon SERIALNO, Next: Scdaemon LEARN, Up: Scdaemon Protocol
+
+5.6.1 Return the serial number
+------------------------------
+
+This command should be used to check for the presence of a card. It is
+special in that it can be used to reset the card. Most other commands
+will return an error when a card change has been detected and the use of
+this function is therefore required.
+
+ Background: We want to keep the client clear of handling card changes
+between operations; i.e. the client can assume that all operations are
+done on the same card unless he call this function.
+
+ SERIALNO
+
+ Return the serial number of the card using a status response like:
+
+ S SERIALNO D27600000000000000000000 0
+
+ The trailing 0 should be ignored for now, it is reserved for a future
+extension. The serial number is the hex encoded value identified by
+the `0x5A' tag in the GDO file (FIX=0x2F02).
+
+
+File: gnupg.info, Node: Scdaemon LEARN, Next: Scdaemon READCERT, Prev: Scdaemon SERIALNO, Up: Scdaemon Protocol
+
+5.6.2 Read all useful information from the card
+-----------------------------------------------
+
+ LEARN [--force]
+
+ Learn all useful information of the currently inserted card. When
+used without the force options, the command might do an INQUIRE like
+this:
+
+ INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp>
+
+ The client should just send an `END' if the processing should go on
+or a `CANCEL' to force the function to terminate with a cancel error
+message. The response of this command is a list of status lines
+formatted as this:
+
+ S KEYPAIRINFO HEXSTRING_WITH_KEYGRIP HEXSTRING_WITH_ID
+
+ If there is no certificate yet stored on the card a single "X" is
+returned in HEXSTRING_WITH_KEYGRIP.
+
+
+File: gnupg.info, Node: Scdaemon READCERT, Next: Scdaemon READKEY, Prev: Scdaemon LEARN, Up: Scdaemon Protocol
+
+5.6.3 Return a certificate
+--------------------------
+
+ READCERT HEXIFIED_CERTID|KEYID
+
+ This function is used to read a certificate identified by
+HEXIFIED_CERTID from the card. With OpenPGP cards the keyid
+`OpenPGP.3' may be used to rad the certificate of version 2 cards.
+
+
+File: gnupg.info, Node: Scdaemon READKEY, Next: Scdaemon PKSIGN, Prev: Scdaemon READCERT, Up: Scdaemon Protocol
+
+5.6.4 Return a public key
+-------------------------
+
+ READKEY HEXIFIED_CERTID
+
+ Return the public key for the given cert or key ID as an standard
+S-Expression.
+
+
+File: gnupg.info, Node: Scdaemon PKSIGN, Next: Scdaemon PKDECRYPT, Prev: Scdaemon READKEY, Up: Scdaemon Protocol
+
+5.6.5 Signing data with a Smartcard
+-----------------------------------
+
+To sign some data the caller should use the command
+
+ SETDATA HEXSTRING
+
+ to tell `scdaemon' about the data to be signed. The data must be
+given in hex notation. The actual signing is done using the command
+
+ PKSIGN KEYID
+
+ where KEYID is the hexified ID of the key to be used. The key id
+may have been retrieved using the command `LEARN'. If another hash
+algorithm than SHA-1 is used, that algorithm may be given like:
+
+ PKSIGN --hash=ALGONAME KEYID
+
+ With ALGONAME are one of `sha1', `rmd160' or `md5'.
+
+
+File: gnupg.info, Node: Scdaemon PKDECRYPT, Next: Scdaemon GETATTR, Prev: Scdaemon PKSIGN, Up: Scdaemon Protocol
+
+5.6.6 Decrypting data with a Smartcard
+--------------------------------------
+
+To decrypt some data the caller should use the command
+
+ SETDATA HEXSTRING
+
+ to tell `scdaemon' about the data to be decrypted. The data must be
+given in hex notation. The actual decryption is then done using the
+command
+
+ PKDECRYPT KEYID
+
+ where KEYID is the hexified ID of the key to be used.
+
+
+File: gnupg.info, Node: Scdaemon GETATTR, Next: Scdaemon SETATTR, Prev: Scdaemon PKDECRYPT, Up: Scdaemon Protocol
+
+5.6.7 Read an attribute's value.
+--------------------------------
+
+TO BE WRITTEN.
+
+
+File: gnupg.info, Node: Scdaemon SETATTR, Next: Scdaemon WRITEKEY, Prev: Scdaemon GETATTR, Up: Scdaemon Protocol
+
+5.6.8 Update an attribute's value.
+----------------------------------
+
+TO BE WRITTEN.
+
+
+File: gnupg.info, Node: Scdaemon WRITEKEY, Next: Scdaemon GENKEY, Prev: Scdaemon SETATTR, Up: Scdaemon Protocol
+
+5.6.9 Write a key to a card.
+----------------------------
+
+ WRITEKEY [--force] KEYID
+
+ This command is used to store a secret key on a smartcard. The
+allowed keyids depend on the currently selected smartcard application.
+The actual keydata is requested using the inquiry `KEYDATA' and need to
+be provided without any protection. With `--force' set an existing key
+under this KEYID will get overwritten. The key data is expected to be
+the usual canonical encoded S-expression.
+
+ A PIN will be requested in most cases. This however depends on the
+actual card application.
+
+
+File: gnupg.info, Node: Scdaemon GENKEY, Next: Scdaemon RANDOM, Prev: Scdaemon WRITEKEY, Up: Scdaemon Protocol
+
+5.6.10 Generate a new key on-card.
+----------------------------------
+
+TO BE WRITTEN.
+
+
+File: gnupg.info, Node: Scdaemon RANDOM, Next: Scdaemon PASSWD, Prev: Scdaemon GENKEY, Up: Scdaemon Protocol
+
+5.6.11 Return random bytes generate on-card.
+--------------------------------------------
+
+TO BE WRITTEN.
+
+
+File: gnupg.info, Node: Scdaemon PASSWD, Next: Scdaemon CHECKPIN, Prev: Scdaemon RANDOM, Up: Scdaemon Protocol
+
+5.6.12 Change PINs.
+-------------------
+
+ PASSWD [--reset] [--nullpin] CHVNO
+
+ Change the PIN or reset the retry counter of the card holder
+verification vector number CHVNO. The option `--nullpin' is used to
+initialize the PIN of TCOS cards (6 byte NullPIN only).
+
+
+File: gnupg.info, Node: Scdaemon CHECKPIN, Next: Scdaemon RESTART, Prev: Scdaemon PASSWD, Up: Scdaemon Protocol
+
+5.6.13 Perform a VERIFY operation.
+----------------------------------
+
+ CHECKPIN IDSTR
+
+ Perform a VERIFY operation without doing anything else. This may be
+used to initialize a the PIN cache earlier to long lasting operations.
+Its use is highly application dependent:
+
+*OpenPGP*
+ Perform a simple verify operation for CHV1 and CHV2, so that
+ further operations won't ask for CHV2 and it is possible to do a
+ cheap check on the PIN: If there is something wrong with the PIN
+ entry system, only the regular CHV will get blocked and not the
+ dangerous CHV3. IDSTR is the usual card's serial number in hex
+ notation; an optional fingerprint part will get ignored.
+
+ There is however a special mode if IDSTR is suffixed with the
+ literal string `[CHV3]': In this case the Admin PIN is checked if
+ and only if the retry counter is still at 3.
+
+
+
+File: gnupg.info, Node: Scdaemon RESTART, Next: Scdaemon APDU, Prev: Scdaemon CHECKPIN, Up: Scdaemon Protocol
+
+5.6.14 Perform a RESTART operation.
+-----------------------------------
+
+ RESTART
+
+ Restart the current connection; this is a kind of warm reset. It
+deletes the context used by this connection but does not actually reset
+the card.
+
+ This is used by gpg-agent to reuse a primary pipe connection and may
+be used by clients to backup from a conflict in the serial command;
+i.e. to select another application.
+
+
+File: gnupg.info, Node: Scdaemon APDU, Prev: Scdaemon RESTART, Up: Scdaemon Protocol
+
+5.6.15 Send a verbatim APDU to the card.
+----------------------------------------
+
+ APDU [--atr] [--more] [--exlen[=N]] [HEXSTRING]
+
+ Send an APDU to the current reader. This command bypasses the high
+level functions and sends the data directly to the card. HEXSTRING is
+expected to be a proper APDU. If HEXSTRING is not given no commands
+are send to the card; However the command will implicitly check whether
+the card is ready for use.
+
+ Using the option `--atr' returns the ATR of the card as a status
+message before any data like this:
+ S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1
+
+ Using the option `--more' handles the card status word MORE_DATA
+(61xx) and concatenate all responses to one block.
+
+ Using the option `--exlen' the returned APDU may use extended length
+up to N bytes. If N is not given a default value is used (currently
+4096).
+
+
+File: gnupg.info, Node: Specify a User ID, Next: Helper Tools, Prev: Invoking SCDAEMON, Up: Top
+
+6 How to Specify a User Id
+**************************
+
+There are different ways to specify a user ID to GnuPG. Some of them
+are only valid for `gpg' others are only good for `gpgsm'. Here is the
+entire list of ways to specify a key:
+
+ * By key Id. This format is deduced from the length of the string
+ and its content or `0x' prefix. The key Id of an X.509 certificate
+ are the low 64 bits of its SHA-1 fingerprint. The use of key Ids
+ is just a shortcut, for all automated processing the fingerprint
+ should be used.
+
+ When using `gpg' an exclamation mark (!) may be appended to force
+ using the specified primary or secondary key and not to try and
+ calculate which primary or secondary key to use.
+
+ The last four lines of the example give the key ID in their long
+ form as internally used by the OpenPGP protocol. You can see the
+ long key ID using the option `--with-colons'.
+
+ 234567C4
+ 0F34E556E
+ 01347A56A
+ 0xAB123456
+
+ 234AABBCC34567C4
+ 0F323456784E56EAB
+ 01AB3FED1347A5612
+ 0x234AABBCC34567C4
+
+ * By fingerprint. This format is deduced from the length of the
+ string and its content or the `0x' prefix. Note, that only the 20
+ byte version fingerprint is available with `gpgsm' (i.e. the SHA-1
+ hash of the certificate).
+
+ When using `gpg' an exclamation mark (!) may be appended to force
+ using the specified primary or secondary key and not to try and
+ calculate which primary or secondary key to use.
+
+ The best way to specify a key Id is by using the fingerprint. This
+ avoids any ambiguities in case that there are duplicated key IDs.
+
+ 1234343434343434C434343434343434
+ 123434343434343C3434343434343734349A3434
+ 0E12343434343434343434EAB3484343434343434
+ 0xE12343434343434343434EAB3484343434343434
+
+ (`gpgsm' also accepts colons between each pair of hexadecimal
+ digits because this is the de-facto standard on how to present
+ X.509 fingerprints.)
+
+ * By exact match on OpenPGP user ID. This is denoted by a leading
+ equal sign. It does not make sense for X.509 certificates.
+
+ =Heinrich Heine <heinrichh@uni-duesseldorf.de>
+
+ * By exact match on an email address. This is indicated by
+ enclosing the email address in the usual way with left and right
+ angles.
+
+ <heinrichh@uni-duesseldorf.de>
+
+ * By word match. All words must match exactly (not case sensitive)
+ but can appear in any order in the user ID or a subjects name.
+ Words are any sequences of letters, digits, the underscore and all
+ characters with bit 7 set.
+
+ +Heinrich Heine duesseldorf
+
+ * By exact match on the subject's DN. This is indicated by a
+ leading slash, directly followed by the RFC-2253 encoded DN of the
+ subject. Note that you can't use the string printed by "gpgsm
+ -list-keys" because that one as been reordered and modified for
+ better readability; use -with-colons to print the raw (but standard
+ escaped) RFC-2253 string
+
+ /CN=Heinrich Heine,O=Poets,L=Paris,C=FR
+
+ * By exact match on the issuer's DN. This is indicated by a leading
+ hash mark, directly followed by a slash and then directly followed
+ by the rfc2253 encoded DN of the issuer. This should return the
+ Root cert of the issuer. See note above.
+
+ #/CN=Root Cert,O=Poets,L=Paris,C=FR
+
+ * By exact match on serial number and issuer's DN. This is
+ indicated by a hash mark, followed by the hexadecimal
+ representation of the serial number, then followed by a slash and
+ the RFC-2253 encoded DN of the issuer. See note above.
+
+ #4F03/CN=Root Cert,O=Poets,L=Paris,C=FR
+
+ * By keygrip This is indicated by an ampersand followed by the 40
+ hex digits of a keygrip. `gpgsm' prints the keygrip when using
+ the command `--dump-cert'. It does not yet work for OpenPGP keys.
+
+ &D75F22C3F86E355877348498CDC92BD21010A480
+
+ * By substring match. This is the default mode but applications may
+ want to explicitly indicate this by putting the asterisk in front.
+ Match is not case sensitive.
+
+ Heine
+ *Heine
+
+
+ Please note that we have reused the hash mark identifier which was
+used in old GnuPG versions to indicate the so called local-id. It is
+not anymore used and there should be no conflict when used with X.509
+stuff.
+
+ Using the RFC-2253 format of DNs has the drawback that it is not
+possible to map them back to the original encoding, however we don't
+have to do this because our key database stores this encoding as meta
+data.
+
+
+File: gnupg.info, Node: Helper Tools, Next: Howtos, Prev: Specify a User ID, Up: Top
+
+7 Helper Tools
+**************
+
+GnuPG comes with a couple of smaller tools:
+
+* Menu:
+
+* watchgnupg:: Read logs from a socket.
+* gpgv:: Verify OpenPGP signatures.
+* addgnupghome:: Create .gnupg home directories.
+* gpgconf:: Modify .gnupg home directories.
+* applygnupgdefaults:: Run gpgconf for all users.
+* gpgsm-gencert.sh:: Generate an X.509 certificate request.
+* gpg-preset-passphrase:: Put a passphrase into the cache.
+* gpg-connect-agent:: Communicate with a running agent.
+* gpgparsemail:: Parse a mail message into an annotated format
+* symcryptrun:: Call a simple symmetric encryption tool.
+* gpg-zip:: Encrypt or sign files into an archive.
+
+
+File: gnupg.info, Node: watchgnupg, Next: gpgv, Up: Helper Tools
+
+7.1 Read logs from a socket
+===========================
+
+Most of the main utilities are able to write their log files to a Unix
+Domain socket if configured that way. `watchgnupg' is a simple
+listener for such a socket. It ameliorates the output with a time stamp
+and makes sure that long lines are not interspersed with log output from
+other utilities. This tool is not available for Windows.
+
+`watchgnupg' is commonly invoked as
+
+ watchgnupg --force ~/.gnupg/S.log
+
+This starts it on the current terminal for listening on the socket
+`~/.gnupg/S.log'.
+
+`watchgnupg' understands these options:
+
+`--force'
+ Delete an already existing socket file.
+
+`--tcp N'
+ Instead of reading from a local socket, listen for connects on TCP
+ port N.
+
+`--verbose'
+ Enable extra informational output.
+
+`--version'
+ Print version of the program and exit.
+
+`--help'
+ Display a brief help page and exit.
+
+
+
+Examples
+********
+
+ $ watchgnupg --force /home/foo/.gnupg/S.log
+
+ This waits for connections on the local socket
+`/home/foo/.gnupg/S.log' and shows all log entries. To make this work
+the option `log-file' needs to be used with all modules which logs are
+to be shown. The value for that option must be given with a special
+prefix (e.g. in the conf file):
+
+ log-file socket:///home/foo/.gnupg/S.log
+
+ For debugging purposes it is also possible to do remote logging.
+Take care if you use this feature because the information is send in the
+clear over the network. Use this syntax in the conf files:
+
+ log-file tcp://192.168.1.1:4711
+
+ You may use any port and not just 4711 as shown above; only IP
+addresses are supported (v4 and v6) and no host names. You need to
+start `watchgnupg' with the `tcp' option. Note that under Windows the
+registry entry HKCU\SOFTWARE\GNU\GNUPG:DEFAULTLOGFILE can be used to
+change the default log output from `stderr' to whatever is given by
+that entry. However the only useful entry is a TCP name for remote
+debugging.
+
+
+File: gnupg.info, Node: gpgv, Next: addgnupghome, Prev: watchgnupg, Up: Helper Tools
+
+7.2 Verify OpenPGP signatures
+=============================
+
+ `gpgv2' is an OpenPGP signature verification tool.
+
+ This program is actually a stripped-down version of `gpg' which is
+only able to check signatures. It is somewhat smaller than the
+fully-blown `gpg' and uses a different (and simpler) way to check that
+the public keys used to make the signature are valid. There are no
+configuration files and only a few options are implemented.
+
+ `gpgv2' assumes that all keys in the keyring are trustworthy. By
+default it uses a keyring named `trustedkeys.gpg' which is assumed to
+be in the home directory as defined by GnuPG or set by an option or an
+environment variable. An option may be used to specify another keyring
+or even multiple keyrings.
+
+
+
+ `gpgv2' recognizes these options:
+
+`--verbose'
+`-v'
+ Gives more information during processing. If used twice, the input
+ data is listed in detail.
+
+`--quiet'
+`-q'
+ Try to be as quiet as possible.
+
+`--keyring FILE'
+ Add FILE to the list of keyrings. If FILE begins with a tilde and
+ a slash, these are replaced by the HOME directory. If the filename
+ does not contain a slash, it is assumed to be in the
+ home-directory ("~/.gnupg" if -homedir is not used).
+
+`--status-fd N'
+ Write special status strings to the file descriptor N. See the
+ file DETAILS in the documentation for a listing of them.
+
+`--logger-fd `n''
+ Write log output to file descriptor `n' and not to stderr.
+
+`--ignore-time-conflict'
+ GnuPG normally checks that the timestamps associated with keys and
+ signatures have plausible values. However, sometimes a signature
+ seems to be older than the key due to clock problems. This option
+ turns these checks into warnings.
+
+`--homedir DIR'
+ Set the name of the home directory to DIR. If this option is not
+ used, the home directory defaults to `~/.gnupg'. It is only
+ recognized when given on the command line. It also overrides any
+ home directory stated through the environment variable `GNUPGHOME'
+ or (on W32 systems) by means of the Registry entry
+ HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR.
+
+
+ The program returns 0 if everything is fine, 1 if at least one
+signature was bad, and other error codes for fatal errors.
+
+7.2.1 Examples
+--------------
+
+gpgv2 `pgpfile'
+gpgv2 `sigfile' [`datafile']
+ Verify the signature of the file. The second form is used for
+ detached signatures, where `sigfile' is the detached signature
+ (either ASCII-armored or binary) and `datafile' contains the
+ signed data; if `datafile' is "-" the signed data is expected on
+ `stdin'; if `datafile' is not given the name of the file holding
+ the signed data is constructed by cutting off the extension
+ (".asc", ".sig" or ".sign") from `sigfile'.
+
+
+7.2.2 Environment
+-----------------
+
+HOME
+ Used to locate the default home directory.
+
+GNUPGHOME
+ If set directory used instead of "~/.gnupg".
+
+
+7.2.3 FILES
+-----------
+
+~/.gnupg/trustedkeys.gpg
+ The default keyring with the allowed keys.
+
+
+ `gpg2'(1)
+
+
+File: gnupg.info, Node: addgnupghome, Next: gpgconf, Prev: gpgv, Up: Helper Tools
+
+7.3 Create .gnupg home directories.
+===================================
+
+If GnuPG is installed on a system with existing user accounts, it is
+sometimes required to populate the GnuPG home directory with existing
+files. Especially a `trustlist.txt' and a keybox with some initial
+certificates are often desired. This scripts help to do this by
+copying all files from `/etc/skel/.gnupg' to the home directories of
+the accounts given on the command line. It takes care not to overwrite
+existing GnuPG home directories.
+
+`addgnupghome' is invoked by root as:
+
+ addgnupghome account1 account2 ... accountn
+
+
+File: gnupg.info, Node: gpgconf, Next: applygnupgdefaults, Prev: addgnupghome, Up: Helper Tools
+
+7.4 Modify .gnupg home directories.
+===================================
+
+The `gpgconf' is a utility to automatically and reasonable safely query
+and modify configuration files in the `.gnupg' home directory. It is
+designed not to be invoked manually by the user, but automatically by
+graphical user interfaces (GUI).(1)
+
+ `gpgconf' provides access to the configuration of one or more
+components of the GnuPG system. These components correspond more or
+less to the programs that exist in the GnuPG framework, like GnuPG,
+GPGSM, DirMngr, etc. But this is not a strict one-to-one relationship.
+Not all configuration options are available through `gpgconf'.
+`gpgconf' provides a generic and abstract method to access the most
+important configuration options that can feasibly be controlled via
+such a mechanism.
+
+ `gpgconf' can be used to gather and change the options available in
+each component, and can also provide their default values. `gpgconf'
+will give detailed type information that can be used to restrict the
+user's input without making an attempt to commit the changes.
+
+ `gpgconf' provides the backend of a configuration editor. The
+configuration editor would usually be a graphical user interface
+program, that allows to display the current options, their default
+values, and allows the user to make changes to the options. These
+changes can then be made active with `gpgconf' again. Such a program
+that uses `gpgconf' in this way will be called GUI throughout this
+section.
+
+* Menu:
+
+* Invoking gpgconf:: List of all commands and options.
+* Format conventions:: Formatting conventions relevant for all commands.
+* Listing components:: List all gpgconf components.
+* Checking programs:: Check all programs know to gpgconf.
+* Listing options:: List all options of a component.
+* Changing options:: Changing options of a component.
+* Listing global options:: List all global options.
+* Files used by gpgconf:: What files are used by gpgconf.
+
+ ---------- Footnotes ----------
+
+ (1) Please note that currently no locking is done, so concurrent
+access should be avoided. There are some precautions to avoid
+corruption with concurrent usage, but results may be inconsistent and
+some changes may get lost. The stateless design makes it difficult to
+provide more guarantees.
+
+
+File: gnupg.info, Node: Invoking gpgconf, Next: Format conventions, Up: gpgconf
+
+7.4.1 Invoking gpgconf
+----------------------
+
+One of the following commands must be given:
+
+`--list-components'
+ List all components. This is the default command used if none is
+ specified.
+
+`--check-programs'
+ List all available backend programs and test whether they are
+ runnable.
+
+`--list-options COMPONENT'
+ List all options of the component COMPONENT.
+
+`--change-options COMPONENT'
+ Change the options of the component COMPONENT.
+
+`--check-options COMPONENT'
+ Check the options for the component COMPONENT.
+
+`--apply-defaults'
+ Update all configuration files with values taken from the global
+ configuration file (usually `/etc/gnupg/gpgconf.conf').
+
+`--list-dirs'
+ Lists the directories used by `gpgconf'. One directory is listed
+ per line, and each line consists of a colon-separated list where
+ the first field names the directory type (for example `sysconfdir')
+ and the second field contains the percent-escaped directory.
+ Although they are not directories, the socket file names used by
+ `gpg-agent' and `dirmngr' are printed as well. Note that the
+ socket file names and the `homedir' lines are the default names
+ and they may be overridden by command line switches.
+
+`--list-config [FILENAME]'
+ List the global configuration file in a colon separated format. If
+ FILENAME is given, check that file instead.
+
+`--check-config [FILENAME]'
+ Run a syntax check on the global configuration file. If FILENAME
+ is given, check that file instead.
+
+`--reload [COMPONENT]'
+ Reload all or the given component. This is basically the same as
+ sending a SIGHUP to the component. Components which don't support
+ reloading are ignored.
+
+`--kill [COMPONENT]'
+ Kill the given component. Components which support killing are
+ gpg-agent and scdaemon. Components which don't support reloading
+ are ignored. Note that as of now reload and kill have the same
+ effect for scdaemon.
+
+
+ The following options may be used:
+
+`-v'
+`--verbose'
+ Outputs additional information while running. Specifically, this
+ extends numerical field values by human-readable descriptions.
+
+`-n'
+`--dry-run'
+ Do not actually change anything. This is currently only
+ implemented for `--change-options' and can be used for testing
+ purposes.
+
+`-r'
+`--runtime'
+ Only used together with `--change-options'. If one of the
+ modified options can be changed in a running daemon process, signal
+ the running daemon to ask it to reparse its configuration file
+ after changing.
+
+ This means that the changes will take effect at run-time, as far as
+ this is possible. Otherwise, they will take effect at the next
+ start of the respective backend programs.
+
+
+
+File: gnupg.info, Node: Format conventions, Next: Listing components, Prev: Invoking gpgconf, Up: gpgconf
+
+7.4.2 Format conventions
+------------------------
+
+Some lines in the output of `gpgconf' contain a list of colon-separated
+fields. The following conventions apply:
+
+ * The GUI program is required to strip off trailing newline and/or
+ carriage return characters from the output.
+
+ * `gpgconf' will never leave out fields. If a certain version
+ provides a certain field, this field will always be present in all
+ `gpgconf' versions from that time on.
+
+ * Future versions of `gpgconf' might append fields to the list. New
+ fields will always be separated from the previously last field by
+ a colon separator. The GUI should be prepared to parse the last
+ field it knows about up until a colon or end of line.
+
+ * Not all fields are defined under all conditions. You are required
+ to ignore the content of undefined fields.
+
+ There are several standard types for the content of a field:
+
+verbatim
+ Some fields contain strings that are not escaped in any way. Such
+ fields are described to be used _verbatim_. These fields will
+ never contain a colon character (for obvious reasons). No
+ de-escaping or other formatting is required to use the field
+ content. This is for easy parsing of the output, when it is known
+ that the content can never contain any special characters.
+
+percent-escaped
+ Some fields contain strings that are described to be
+ _percent-escaped_. Such strings need to be de-escaped before
+ their content can be presented to the user. A percent-escaped
+ string is de-escaped by replacing all occurrences of `%XY' by the
+ byte that has the hexadecimal value `XY'. `X' and `Y' are from
+ the set `0-9a-f'.
+
+localised
+ Some fields contain strings that are described to be _localised_.
+ Such strings are translated to the active language and formatted in
+ the active character set.
+
+unsigned number
+ Some fields contain an _unsigned number_. This number will always
+ fit into a 32-bit unsigned integer variable. The number may be
+ followed by a space, followed by a human readable description of
+ that value (if the verbose option is used). You should ignore
+ everything in the field that follows the number.
+
+signed number
+ Some fields contain a _signed number_. This number will always
+ fit into a 32-bit signed integer variable. The number may be
+ followed by a space, followed by a human readable description of
+ that value (if the verbose option is used). You should ignore
+ everything in the field that follows the number.
+
+boolean value
+ Some fields contain a _boolean value_. This is a number with
+ either the value 0 or 1. The number may be followed by a space,
+ followed by a human readable description of that value (if the
+ verbose option is used). You should ignore everything in the
+ field that follows the number; checking just the first character
+ is sufficient in this case.
+
+option
+ Some fields contain an _option_ argument. The format of an option
+ argument depends on the type of the option and on some flags:
+
+ no argument
+ The simplest case is that the option does not take an
+ argument at all (TYPE `0'). Then the option argument is an
+ unsigned number that specifies how often the option occurs.
+ If the `list' flag is not set, then the only valid number is
+ `1'. Options that do not take an argument never have the
+ `default' or `optional arg' flag set.
+
+ number
+ If the option takes a number argument (ALT-TYPE is `2' or
+ `3'), and it can only occur once (`list' flag is not set),
+ then the option argument is either empty (only allowed if the
+ argument is optional), or it is a number. A number is a
+ string that begins with an optional minus character, followed
+ by one or more digits. The number must fit into an integer
+ variable (unsigned or signed, depending on ALT-TYPE).
+
+ number list
+ If the option takes a number argument and it can occur more
+ than once, then the option argument is either empty, or it is
+ a comma-separated list of numbers as described above.
+
+ string
+ If the option takes a string argument (ALT-TYPE is 1), and it
+ can only occur once (`list' flag is not set) then the option
+ argument is either empty (only allowed if the argument is
+ optional), or it starts with a double quote character (`"')
+ followed by a percent-escaped string that is the argument
+ value. Note that there is only a leading double quote
+ character, no trailing one. The double quote character is
+ only needed to be able to differentiate between no value and
+ the empty string as value.
+
+ string list
+ If the option takes a number argument and it can occur more
+ than once, then the option argument is either empty, or it is
+ a comma-separated list of string arguments as described above.
+
+ The active language and character set are currently determined from
+the locale environment of the `gpgconf' program.
+
+
+File: gnupg.info, Node: Listing components, Next: Checking programs, Prev: Format conventions, Up: gpgconf
+
+7.4.3 Listing components
+------------------------
+
+The command `--list-components' will list all components that can be
+configured with `gpgconf'. Usually, one component will correspond to
+one GnuPG-related program and contain the options of that programs
+configuration file that can be modified using `gpgconf'. However, this
+is not necessarily the case. A component might also be a group of
+selected options from several programs, or contain entirely virtual
+options that have a special effect rather than changing exactly one
+option in one configuration file.
+
+ A component is a set of configuration options that semantically
+belong together. Furthermore, several changes to a component can be
+made in an atomic way with a single operation. The GUI could for
+example provide a menu with one entry for each component, or a window
+with one tabulator sheet per component.
+
+ The command argument `--list-components' lists all available
+components, one per line. The format of each line is:
+
+ `NAME:DESCRIPTION:PGMNAME:'
+
+NAME
+ This field contains a name tag of the component. The name tag is
+ used to specify the component in all communication with `gpgconf'.
+ The name tag is to be used _verbatim_. It is thus not in any
+ escaped format.
+
+DESCRIPTION
+ The _string_ in this field contains a human-readable description
+ of the component. It can be displayed to the user of the GUI for
+ informational purposes. It is _percent-escaped_ and _localized_.
+
+PGMNAME
+ The _string_ in this field contains the absolute name of the
+ program's file. It can be used to unambiguously invoke that
+ program. It is _percent-escaped_.
+
+ Example:
+ $ gpgconf --list-components
+ gpg:GPG for OpenPGP:/usr/local/bin/gpg2:
+ gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:
+ scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:
+ gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:
+ dirmngr:Directory Manager:/usr/local/bin/dirmngr:
+
+
+File: gnupg.info, Node: Checking programs, Next: Listing options, Prev: Listing components, Up: gpgconf
+
+7.4.4 Checking programs
+-----------------------
+
+The command `--check-programs' is similar to `--list-components' but
+works on backend programs and not on components. It runs each program
+to test whether it is installed and runnable. This also includes a
+syntax check of all config file options of the program.
+
+ The command argument `--check-programs' lists all available
+programs, one per line. The format of each line is:
+
+ `NAME:DESCRIPTION:PGMNAME:AVAIL:OKAY:CFGFILE:LINE:ERROR:'
+
+NAME
+ This field contains a name tag of the program which is identical
+ to the name of the component. The name tag is to be used
+ _verbatim_. It is thus not in any escaped format. This field may
+ be empty to indicate a continuation of error descriptions for the
+ last name. The description and pgmname fields are then also empty.
+
+DESCRIPTION
+ The _string_ in this field contains a human-readable description
+ of the component. It can be displayed to the user of the GUI for
+ informational purposes. It is _percent-escaped_ and _localized_.
+
+PGMNAME
+ The _string_ in this field contains the absolute name of the
+ program's file. It can be used to unambiguously invoke that
+ program. It is _percent-escaped_.
+
+AVAIL
+ The _boolean value_ in this field indicates whether the program is
+ installed and runnable.
+
+OKAY
+ The _boolean value_ in this field indicates whether the program's
+ config file is syntactically okay.
+
+CFGFILE
+ If an error occurred in the configuration file (as indicated by a
+ false value in the field `okay'), this field has the name of the
+ failing configuration file. It is _percent-escaped_.
+
+LINE
+ If an error occurred in the configuration file, this field has the
+ line number of the failing statement in the configuration file.
+ It is an _unsigned number_.
+
+ERROR
+ If an error occurred in the configuration file, this field has the
+ error text of the failing statement in the configuration file. It
+ is _percent-escaped_ and _localized_.
+
+
+In the following example the `dirmngr' is not runnable and the
+configuration file of `scdaemon' is not okay.
+
+ $ gpgconf --check-programs
+ gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1:
+ gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:1:1:
+ scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:1:0:
+ gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:1:1:
+ dirmngr:Directory Manager:/usr/local/bin/dirmngr:0:0:
+
+The command `--check-options COMPONENT' will verify the configuration
+file in the same manner as `--check-programs', but only for the
+component COMPONENT.
+
+
+File: gnupg.info, Node: Listing options, Next: Changing options, Prev: Checking programs, Up: gpgconf
+
+7.4.5 Listing options
+---------------------
+
+Every component contains one or more options. Options may be gathered
+into option groups to allow the GUI to give visual hints to the user
+about which options are related.
+
+ The command argument `--list-options COMPONENT' lists all options
+(and the groups they belong to) in the component COMPONENT, one per
+line. COMPONENT must be the string in the field NAME in the output of
+the `--list-components' command.
+
+ There is one line for each option and each group. First come all
+options that are not in any group. Then comes a line describing a
+group. Then come all options that belong into each group. Then comes
+the next group and so on. There does not need to be any group (and in
+this case the output will stop after the last non-grouped option).
+
+ The format of each line is:
+
+`NAME:FLAGS:LEVEL:DESCRIPTION:TYPE:ALT-TYPE:ARGNAME:DEFAULT:ARGDEF:VALUE'
+
+NAME
+ This field contains a name tag for the group or option. The name
+ tag is used to specify the group or option in all communication
+ with `gpgconf'. The name tag is to be used _verbatim_. It is
+ thus not in any escaped format.
+
+FLAGS
+ The flags field contains an _unsigned number_. Its value is the
+ OR-wise combination of the following flag values:
+
+ `group (1)'
+ If this flag is set, this is a line describing a group and
+ not an option.
+
+ The following flag values are only defined for options (that is, if
+ the `group' flag is not used).
+
+ `optional arg (2)'
+ If this flag is set, the argument is optional. This is never
+ set for TYPE `0' (none) options.
+
+ `list (4)'
+ If this flag is set, the option can be given multiple times.
+
+ `runtime (8)'
+ If this flag is set, the option can be changed at runtime.
+
+ `default (16)'
+ If this flag is set, a default value is available.
+
+ `default desc (32)'
+ If this flag is set, a (runtime) default is available. This
+ and the `default' flag are mutually exclusive.
+
+ `no arg desc (64)'
+ If this flag is set, and the `optional arg' flag is set, then
+ the option has a special meaning if no argument is given.
+
+ `no change (128)'
+ If this flag is set, gpgconf ignores requests to change the
+ value. GUI frontends should grey out this option. Note,
+ that manual changes of the configuration files are still
+ possible.
+
+LEVEL
+ This field is defined for options and for groups. It contains an
+ _unsigned number_ that specifies the expert level under which this
+ group or option should be displayed. The following expert levels
+ are defined for options (they have analogous meaning for groups):
+
+ `basic (0)'
+ This option should always be offered to the user.
+
+ `advanced (1)'
+ This option may be offered to advanced users.
+
+ `expert (2)'
+ This option should only be offered to expert users.
+
+ `invisible (3)'
+ This option should normally never be displayed, not even to
+ expert users.
+
+ `internal (4)'
+ This option is for internal use only. Ignore it.
+
+ The level of a group will always be the lowest level of all
+ options it contains.
+
+DESCRIPTION
+ This field is defined for options and groups. The _string_ in
+ this field contains a human-readable description of the option or
+ group. It can be displayed to the user of the GUI for
+ informational purposes. It is _percent-escaped_ and _localized_.
+
+TYPE
+ This field is only defined for options. It contains an _unsigned
+ number_ that specifies the type of the option's argument, if any.
+ The following types are defined:
+
+ Basic types:
+
+ `none (0)'
+ No argument allowed.
+
+ `string (1)'
+ An _unformatted string_.
+
+ `int32 (2)'
+ A _signed number_.
+
+ `uint32 (3)'
+ An _unsigned number_.
+
+ Complex types:
+
+ `pathname (32)'
+ A _string_ that describes the pathname of a file. The file
+ does not necessarily need to exist.
+
+ `ldap server (33)'
+ A _string_ that describes an LDAP server in the format:
+
+ `HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN'
+
+ `key fingerprint (34)'
+ A _string_ with a 40 digit fingerprint specifying a
+ certificate.
+
+ `pub key (35)'
+ A _string_ that describes a certificate by user ID, key ID or
+ fingerprint.
+
+ `sec key (36)'
+ A _string_ that describes a certificate with a key by user ID,
+ key ID or fingerprint.
+
+ `alias list (37)'
+ A _string_ that describes an alias list, like the one used
+ with gpg's group option. The list consists of a key, an
+ equal sign and space separated values.
+
+ More types will be added in the future. Please see the ALT-TYPE
+ field for information on how to cope with unknown types.
+
+ALT-TYPE
+ This field is identical to TYPE, except that only the types `0' to
+ `31' are allowed. The GUI is expected to present the user the
+ option in the format specified by TYPE. But if the argument type
+ TYPE is not supported by the GUI, it can still display the option
+ in the more generic basic type ALT-TYPE. The GUI must support all
+ the defined basic types to be able to display all options. More
+ basic types may be added in future versions. If the GUI
+ encounters a basic type it doesn't support, it should report an
+ error and abort the operation.
+
+ARGNAME
+ This field is only defined for options with an argument type TYPE
+ that is not `0'. In this case it may contain a _percent-escaped_
+ and _localised string_ that gives a short name for the argument.
+ The field may also be empty, though, in which case a short name is
+ not known.
+
+DEFAULT
+ This field is defined only for options for which the `default' or
+ `default desc' flag is set. If the `default' flag is set, its
+ format is that of an _option argument_ (*Note Format
+ conventions::, for details). If the default value is empty, then
+ no default is known. Otherwise, the value specifies the default
+ value for this option. If the `default desc' flag is set, the
+ field is either empty or contains a description of the effect if
+ the option is not given.
+
+ARGDEF
+ This field is defined only for options for which the `optional
+ arg' flag is set. If the `no arg desc' flag is not set, its
+ format is that of an _option argument_ (*Note Format
+ conventions::, for details). If the default value is empty, then
+ no default is known. Otherwise, the value specifies the default
+ argument for this option. If the `no arg desc' flag is set, the
+ field is either empty or contains a description of the effect of
+ this option if no argument is given.
+
+VALUE
+ This field is defined only for options. Its format is that of an
+ _option argument_. If it is empty, then the option is not
+ explicitly set in the current configuration, and the default
+ applies (if any). Otherwise, it contains the current value of the
+ option. Note that this field is also meaningful if the option
+ itself does not take a real argument (in this case, it contains
+ the number of times the option appears).
+
+
+File: gnupg.info, Node: Changing options, Next: Listing global options, Prev: Listing options, Up: gpgconf
+
+7.4.6 Changing options
+----------------------
+
+The command `--change-options COMPONENT' will attempt to change the
+options of the component COMPONENT to the specified values. COMPONENT
+must be the string in the field NAME in the output of the
+`--list-components' command. You have to provide the options that
+shall be changed in the following format on standard input:
+
+ `NAME:FLAGS:NEW-VALUE'
+
+NAME
+ This is the name of the option to change. NAME must be the string
+ in the field NAME in the output of the `--list-options' command.
+
+FLAGS
+ The flags field contains an _unsigned number_. Its value is the
+ OR-wise combination of the following flag values:
+
+ `default (16)'
+ If this flag is set, the option is deleted and the default
+ value is used instead (if applicable).
+
+NEW-VALUE
+ The new value for the option. This field is only defined if the
+ `default' flag is not set. The format is that of an _option
+ argument_. If it is empty (or the field is omitted), the default
+ argument is used (only allowed if the argument is optional for this
+ option). Otherwise, the option will be set to the specified value.
+
+The output of the command is the same as that of `--check-options' for
+the modified configuration file.
+
+ Examples:
+
+ To set the force option, which is of basic type `none (0)':
+
+ $ echo 'force:0:1' | gpgconf --change-options dirmngr
+
+ To delete the force option:
+
+ $ echo 'force:16:' | gpgconf --change-options dirmngr
+
+ The `--runtime' option can influence when the changes take effect.
+
+
+File: gnupg.info, Node: Listing global options, Next: Files used by gpgconf, Prev: Changing options, Up: gpgconf
+
+7.4.7 Listing global options
+----------------------------
+
+Sometimes it is useful for applications to look at the global options
+file `gpgconf.conf'. The colon separated listing format is record
+oriented and uses the first field to identify the record type:
+
+`k'
+ This describes a key record to start the definition of a new
+ ruleset for a user/group. The format of a key record is:
+
+ `k:USER:GROUP:'
+
+ USER
+ This is the user field of the key. It is percent escaped.
+ See the definition of the gpgconf.conf format for details.
+
+ GROUP
+ This is the group field of the key. It is percent escaped.
+
+`r'
+ This describes a rule record. All rule records up to the next key
+ record make up a rule set for that key. The format of a rule
+ record is:
+
+ `r:::COMPONENT:OPTION:FLAGS:VALUE:'
+
+ COMPONENT
+ This is the component part of a rule. It is a plain string.
+
+ OPTION
+ This is the option part of a rule. It is a plain string.
+
+ FLAG
+ This is the flags part of a rule. There may be only one flag
+ per rule but by using the same component and option, several
+ flags may be assigned to an option. It is a plain string.
+
+ VALUE
+ This is the optional value for the option. It is a percent
+ escaped string with a single quotation mark to indicate a
+ string. The quotation mark is only required to distinguish
+ between no value specified and an empty string.
+
+
+Unknown record types should be ignored. Note that there is
+intentionally no feature to change the global option file through
+`gpgconf'.
+
+
+File: gnupg.info, Node: Files used by gpgconf, Prev: Listing global options, Up: gpgconf
+
+7.4.8 Files used by gpgconf
+---------------------------
+
+`/etc/gnupg/gpgconf.conf'
+ If this file exists, it is processed as a global configuration
+ file. A commented example can be found in the `examples'
+ directory of the distribution.
+
+
+File: gnupg.info, Node: applygnupgdefaults, Next: gpgsm-gencert.sh, Prev: gpgconf, Up: Helper Tools
+
+7.5 Run gpgconf for all users.
+==============================
+
+This script is a wrapper around `gpgconf' to run it with the command
+`--apply-defaults' for all real users with an existing GnuPG home
+directory. Admins might want to use this script to update he GnuPG
+configuration files for all users after `/etc/gnupg/gpgconf.conf' has
+been changed. This allows to enforce certain policies for all users.
+Note, that this is not a bulletproof of forcing a user to use certain
+options. A user may always directly edit the configuration files and
+bypass gpgconf.
+
+`applygnupgdefaults' is invoked by root as:
+
+ applygnupgdefaults
+
+
+File: gnupg.info, Node: gpgsm-gencert.sh, Next: gpg-preset-passphrase, Prev: applygnupgdefaults, Up: Helper Tools
+
+7.6 Generate an X.509 certificate request
+=========================================
+
+This is a simple tool to interactively generate a certificate request
+which will be printed to stdout.
+
+`gpgsm-gencert.sh' is invoked as:
+
+ `gpgsm-cencert.sh'
+
+
+File: gnupg.info, Node: gpg-preset-passphrase, Next: gpg-connect-agent, Prev: gpgsm-gencert.sh, Up: Helper Tools
+
+7.7 Put a passphrase into the cache.
+====================================
+
+The `gpg-preset-passphrase' is a utility to seed the internal cache of
+a running `gpg-agent' with passphrases. It is mainly useful for
+unattended machines, where the usual `pinentry' tool may not be used
+and the passphrases for the to be used keys are given at machine
+startup.
+
+ Passphrases set with this utility don't expire unless the `--forget'
+option is used to explicitly clear them from the cache -- or
+`gpg-agent' is either restarted or reloaded (by sending a SIGHUP to
+it). It is necessary to allow this passphrase presetting by starting
+`gpg-agent' with the `--allow-preset-passphrase'.
+
+* Menu:
+
+* Invoking gpg-preset-passphrase:: List of all commands and options.
+
+
+File: gnupg.info, Node: Invoking gpg-preset-passphrase, Up: gpg-preset-passphrase
+
+7.7.1 List of all commands and options.
+---------------------------------------
+
+`gpg-preset-passphrase' is invoked this way:
+
+ gpg-preset-passphrase [options] [command] CACHEID
+
+ CACHEID is either a 40 character keygrip of hexadecimal characters
+identifying the key for which the passphrase should be set or cleared.
+The keygrip is listed along with the key when running the command:
+`gpgsm --dump-secret-keys'. Alternatively an arbitrary string may be
+used to identify a passphrase; it is suggested that such a string is
+prefixed with the name of the application (e.g `foo:12346').
+
+One of the following command options must be given:
+
+`--preset'
+ Preset a passphrase. This is what you usually will use.
+ `gpg-preset-passphrase' will then read the passphrase from `stdin'.
+
+`--forget'
+ Flush the passphrase for the given cache ID from the cache.
+
+
+The following additional options may be used:
+
+`-v'
+`--verbose'
+ Output additional information while running.
+
+`-P STRING'
+`--passphrase STRING'
+ Instead of reading the passphrase from `stdin', use the supplied
+ STRING as passphrase. Note that this makes the passphrase visible
+ for other users.
+
+
+File: gnupg.info, Node: gpg-connect-agent, Next: gpgparsemail, Prev: gpg-preset-passphrase, Up: Helper Tools
+
+7.8 Communicate with a running agent.
+=====================================
+
+The `gpg-connect-agent' is a utility to communicate with a running
+`gpg-agent'. It is useful to check out the commands gpg-agent provides
+using the Assuan interface. It might also be useful for scripting
+simple applications. Input is expected at stdin and out put gets
+printed to stdout.
+
+ It is very similar to running `gpg-agent' in server mode; but here
+we connect to a running instance.
+
+* Menu:
+
+* Invoking gpg-connect-agent:: List of all options.
+* Controlling gpg-connect-agent:: Control commands.
+
+
+File: gnupg.info, Node: Invoking gpg-connect-agent, Next: Controlling gpg-connect-agent, Up: gpg-connect-agent
+
+7.8.1 List of all options.
+--------------------------
+
+`gpg-connect-agent' is invoked this way:
+
+ gpg-connect-agent [options] [commands]
+
+The following options may be used:
+
+`-v'
+`--verbose'
+ Output additional information while running.
+
+`-q'
+
+`--quiet'
+ Try to be as quiet as possible.
+
+`--homedir DIR'
+ Set the name of the home directory to DIR. If this option is not
+ used, the home directory defaults to `~/.gnupg'. It is only
+ recognized when given on the command line. It also overrides any
+ home directory stated through the environment variable `GNUPGHOME'
+ or (on W32 systems) by means of the Registry entry
+ HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR.
+
+`--agent-program FILE'
+ Specify the agent program to be started if none is running.
+
+`-S'
+`--raw-socket NAME'
+ Connect to socket NAME assuming this is an Assuan style server.
+ Do not run any special initializations or environment checks.
+ This may be used to directly connect to any Assuan style socket
+ server.
+
+`-E'
+`--exec'
+ Take the rest of the command line as a program and it's arguments
+ and execute it as an assuan server. Here is how you would run
+ `gpgsm':
+ gpg-connect-agent --exec gpgsm --server
+ Note that you may not use options on the command line in this case.
+
+`--no-ext-connect'
+ When using `-S' or `--exec', `gpg-connect-agent' connects to the
+ assuan server in extended mode to allow descriptor passing. This
+ option makes it use the old mode.
+
+`--run FILE'
+ Run the commands from FILE at startup and then continue with the
+ regular input method. Note, that commands given on the command
+ line are executed after this file.
+
+`-s'
+`--subst'
+ Run the command `/subst' at startup.
+
+`--hex'
+ Print data lines in a hex format and the ASCII representation of
+ non-control characters.
+
+`--decode'
+ Decode data lines. That is to remove percent escapes but make
+ sure that a new line always starts with a D and a space.
+
+
+
+File: gnupg.info, Node: Controlling gpg-connect-agent, Prev: Invoking gpg-connect-agent, Up: gpg-connect-agent
+
+7.8.2 Control commands.
+-----------------------
+
+While reading Assuan commands, gpg-agent also allows a few special
+commands to control its operation. These control commands all start
+with a slash (`/').
+
+`/echo ARGS'
+ Just print ARGS.
+
+`/let NAME VALUE'
+ Set the variable NAME to VALUE. Variables are only substituted on
+ the input if the `/subst' has been used. Variables are referenced
+ by prefixing the name with a dollar sign and optionally include
+ the name in curly braces. The rules for a valid name are
+ identically to those of the standard bourne shell. This is not yet
+ enforced but may be in the future. When used with curly braces no
+ leading or trailing white space is allowed.
+
+ If a variable is not found, it is searched in the environment and
+ if found copied to the table of variables.
+
+ Variable functions are available: The name of the function must be
+ followed by at least one space and the at least one argument. The
+ following functions are available:
+
+ `get'
+ Return a value described by the argument. Available
+ arguments are:
+
+ `cwd'
+ The current working directory.
+
+ `homedir'
+ The gnupg homedir.
+
+ `sysconfdir'
+ GnuPG's system configuration directory.
+
+ `bindir'
+ GnuPG's binary directory.
+
+ `libdir'
+ GnuPG's library directory.
+
+ `libexecdir'
+ GnuPG's library directory for executable files.
+
+ `datadir'
+ GnuPG's data directory.
+
+ `serverpid'
+ The PID of the current server. Command `/serverpid' must
+ have been given to return a useful value.
+
+ `unescape ARGS'
+ Remove C-style escapes from ARGS. Note that `\0' and `\x00'
+ terminate the returned string implicitly. The string to be
+ converted are the entire arguments right behind the
+ delimiting space of the function name.
+
+ `unpercent ARGS'
+ `unpercent+ ARGS'
+ Remove percent style escaping from ARGS. Note that `%00'
+ terminates the string implicitly. The string to be converted
+ are the entire arguments right behind the delimiting space of
+ the function name. `unpercent+' also maps plus signs to a
+ spaces.
+
+ `percent ARGS'
+ `percent+ ARGS'
+ Escape the ARGS using percent style escaping. Tabs,
+ formfeeds, linefeeds, carriage returns and colons are
+ escaped. `percent+' also maps spaces to plus signs.
+
+ `errcode ARG'
+ `errsource ARG'
+ `errstring ARG'
+ Assume ARG is an integer and evaluate it using `strtol'.
+ Return the gpg-error error code, error source or a formatted
+ string with the error code and error source.
+
+ `+'
+ `-'
+ `*'
+ `/'
+ `%'
+ Evaluate all arguments as long integers using `strtol' and
+ apply this operator. A division by zero yields an empty
+ string.
+
+ `!'
+ `|'
+ `&'
+ Evaluate all arguments as long integers using `strtol' and
+ apply the logical oeprators NOT, OR or AND. The NOT operator
+ works on the last argument only.
+
+
+`/definq NAME VAR'
+ Use content of the variable VAR for inquiries with NAME. NAME may
+ be an asterisk (`*') to match any inquiry.
+
+`/definqfile NAME FILE'
+ Use content of FILE for inquiries with NAME. NAME may be an
+ asterisk (`*') to match any inquiry.
+
+`/definqprog NAME PROG'
+ Run PROG for inquiries matching NAME and pass the entire line to
+ it as command line arguments.
+
+`/datafile NAME'
+ Write all data lines from the server to the file NAME. The file
+ is opened for writing and created if it does not exists. An
+ existing file is first truncated to 0. The data written to the
+ file fully decoded. Using a single dash for NAME writes to
+ stdout. The file is kept open until a new file is set using this
+ command or this command is used without an argument.
+
+`/showdef'
+ Print all definitions
+
+`/cleardef'
+ Delete all definitions
+
+`/sendfd FILE MODE'
+ Open FILE in MODE (which needs to be a valid `fopen' mode string)
+ and send the file descriptor to the server. This is usually
+ followed by a command like `INPUT FD' to set the input source for
+ other commands.
+
+`/recvfd'
+ Not yet implemented.
+
+`/open VAR FILE [MODE]'
+ Open FILE and assign the file descriptor to VAR. Warning: This
+ command is experimental and might change in future versions.
+
+`/close FD'
+ Close the file descriptor FD. Warning: This command is
+ experimental and might change in future versions.
+
+`/showopen'
+ Show a list of open files.
+
+`/serverpid'
+ Send the Assuan command `GETINFO pid' to the server and store the
+ returned PID for internal purposes.
+
+`/sleep'
+ Sleep for a second.
+
+`/hex'
+`/nohex'
+ Same as the command line option `--hex'.
+
+`/decode'
+`/nodecode'
+ Same as the command line option `--decode'.
+
+`/subst'
+`/nosubst'
+ Enable and disable variable substitution. It defaults to disabled
+ unless the command line option `--subst' has been used. If /subst
+ as been enabled once, leading whitespace is removed from input
+ lines which makes scripts easier to read.
+
+`/while CONDITION'
+`/end'
+ These commands provide a way for executing loops. All lines
+ between the `while' and the corresponding `end' are executed as
+ long as the evaluation of CONDITION yields a non-zero value or is
+ the string `true' or `yes'. The evaluation is done by passing
+ CONDITION to the `strtol' function. Example:
+
+ /subst
+ /let i 3
+ /while $i
+ /echo loop couter is $i
+ /let i ${- $i 1}
+ /end
+
+`/if CONDITION'
+`/end'
+ These commands provide a way for conditional execution. All lines
+ between the `if' and the corresponding `end' are executed only if
+ the evaluation of CONDITION yields a non-zero value or is the
+ string `true' or `yes'. The evaluation is done by passing
+ CONDITION to the `strtol' function.
+
+`/run FILE'
+ Run commands from FILE.
+
+`/bye'
+ Terminate the connection and the program
+
+`/help'
+ Print a list of available control commands.
+
+
+
+File: gnupg.info, Node: gpgparsemail, Next: symcryptrun, Prev: gpg-connect-agent, Up: Helper Tools
+
+7.9 Parse a mail message into an annotated format
+=================================================
+
+The `gpgparsemail' is a utility currently only useful for debugging.
+Run it with `--help' for usage information.
+
+
+File: gnupg.info, Node: symcryptrun, Next: gpg-zip, Prev: gpgparsemail, Up: Helper Tools
+
+7.10 Call a simple symmetric encryption tool.
+=============================================
+
+Sometimes simple encryption tools are already in use for a long time and
+there might be a desire to integrate them into the GnuPG framework. The
+protocols and encryption methods might be non-standard or not even
+properly documented, so that a full-fledged encryption tool with an
+interface like gpg is not doable. `symcryptrun' provides a solution:
+It operates by calling the external encryption/decryption module and
+provides a passphrase for a key using the standard `pinentry' based
+mechanism through `gpg-agent'.
+
+ Note, that `symcryptrun' is only available if GnuPG has been
+configured with `--enable-symcryptrun' at build time.
+
+* Menu:
+
+* Invoking symcryptrun:: List of all commands and options.
+
+
+File: gnupg.info, Node: Invoking symcryptrun, Up: symcryptrun
+
+7.10.1 List of all commands and options.
+----------------------------------------
+
+`symcryptrun' is invoked this way:
+
+ symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE
+ [--decrypt | --encrypt] [inputfile]
+
+ For encryption, the plain text must be provided on STDIN or as the
+argument INPUTFILE, and the ciphertext will be output to STDOUT. For
+decryption vice versa.
+
+ CLASS describes the calling conventions of the external tool.
+Currently it must be given as `confucius'. PROGRAM is the full
+filename of that external tool.
+
+ For the class `confucius' the option `--keyfile' is required;
+KEYFILE is the name of a file containing the secret key, which may be
+protected by a passphrase. For detailed calling conventions, see the
+source code.
+
+Note, that `gpg-agent' must be running before starting `symcryptrun'.
+
+The following additional options may be used:
+
+`-v'
+`--verbose'
+ Output additional information while running.
+
+`-q'
+
+`--quiet'
+ Try to be as quiet as possible.
+
+`--homedir DIR'
+ Set the name of the home directory to DIR. If this option is not
+ used, the home directory defaults to `~/.gnupg'. It is only
+ recognized when given on the command line. It also overrides any
+ home directory stated through the environment variable `GNUPGHOME'
+ or (on W32 systems) by means of the Registry entry
+ HKCU\SOFTWARE\GNU\GNUPG:HOMEDIR.
+
+`--log-file FILE'
+ Append all logging output to FILE. Default is to write logging
+ information to STDERR.
+
+
+The possible exit status codes of `symcryptrun' are:
+
+`0'
+ Success.
+
+`1'
+ Some error occured.
+
+`2'
+ No valid passphrase was provided.
+
+`3'
+ The operation was canceled by the user.
+
+
+
+File: gnupg.info, Node: gpg-zip, Prev: symcryptrun, Up: Helper Tools
+
+7.11 Encrypt or sign files into an archive
+==========================================
+
+`gpg-zip' encrypts or signs files into an archive. It is an gpg-ized
+tar using the same format as used by PGP's PGP Zip.
+
+`gpg-zip' is invoked this way:
+
+ gpg-zip [options] FILENAME1 [FILENAME2, ...] DIRECTORY [DIRECTORY2, ...]
+
+`gpg-zip' understands these options:
+
+`--encrypt'
+`-e'
+ Encrypt data. This option may be combined with `--symmetric' (for
+ output that may be decrypted via a secret key or a passphrase).
+
+`--decrypt'
+`-d'
+ Decrypt data.
+
+`--symmetric'
+`-c'
+ Encrypt with a symmetric cipher using a passphrase. The default
+ symmetric cipher used is CAST5, but may be chosen with the
+ `--cipher-algo' option to `gpg'.
+
+`--sign'
+`-s'
+ Make a signature. See `gpg'.
+
+`--recipient USER'
+`-r USER'
+ Encrypt for user id USER. See `gpg'.
+
+`--local-user USER'
+`-u USER'
+ Use USER as the key to sign with. See `gpg'.
+
+`--list-archive'
+ List the contents of the specified archive.
+
+`--output FILE'
+`-o FILE'
+ Write output to specified file FILE.
+
+`--gpg GPGCMD'
+ Use the specified command GPGCMD instead of `gpg'.
+
+`--gpg-args ARGS'
+ Pass the specified options to `gpg'.
+
+`--tar TARCMD'
+ Use the specified command TARCMD instead of `tar'.
+
+`--tar-args ARGS'
+ Pass the specified options to `tar'.
+
+`--version'
+ Print version of the program and exit.
+
+`--help'
+ Display a brief help page and exit.
+
+
+The program returns 0 if everything was fine, 1 otherwise.
+
+Some examples:
+
+Encrypt the contents of directory `mydocs' for user Bob to file `test1':
+
+ gpg-zip --encrypt --output test1 --gpg-args -r Bob mydocs
+
+List the contents of archive `test1':
+
+ gpg-zip --list-archive test1
+
+
+File: gnupg.info, Node: Howtos, Next: System Notes, Prev: Helper Tools, Up: Top
+
+8 How to do certain things
+**************************
+
+This is a collection of small howto documents.
+
+* Menu:
+
+* Howto Create a Server Cert:: Creating a TLS server certificate.
+
+
+File: gnupg.info, Node: Howto Create a Server Cert, Up: Howtos
+
+8.1 Creating a TLS server certificate
+=====================================
+
+Here is a brief run up on how to create a server certificate. It has
+actually been done this way to get a certificate from CAcert to be used
+on a real server. It has only been tested with this CA, but there
+shouldn't be any problem to run this against any other CA.
+
+ Before you start, make sure that gpg-agent is running. As there is
+no need for a configuration file, you may simply enter:
+
+ $ gpgsm-gencert.sh >a.p10
+ Key type
+ [1] RSA
+ [2] Existing key
+ [3] Direct from card
+ Your selection: 1
+ You selected: RSA
+
+ I opted for creating a new RSA key. The other option is to use an
+already existing key, by selecting `2' and entering the so-called
+keygrip. Running the command `gpgsm --dump-secret-key USERID' shows
+you this keygrip. Using `3' offers another menu to create a
+certificate directly from a smart card based key.
+
+ Let's continue:
+
+ Key length
+ [1] 1024
+ [2] 2048
+ Your selection: 1
+ You selected: 1024
+
+ The script offers two common key sizes. With the current setup of
+CAcert, it does not make much sense to use a 2k key; their policies need
+to be revised anyway (a CA root key valid for 30 years is not really
+serious).
+
+ Key usage
+ [1] sign, encrypt
+ [2] sign
+ [3] encrypt
+ Your selection: 1
+ You selected: sign, encrypt
+
+ We want to sign and encrypt using this key. This is just a suggestion
+and the CA may actually assign other key capabilities.
+
+ Now for some real data:
+
+ Name (DN)
+ > CN=kerckhoffs.g10code.com
+
+ This is the most important value for a server certificate. Enter here
+the canonical name of your server machine. You may add other virtual
+server names later.
+
+ E-Mail addresses (end with an empty line)
+ >
+
+ We don't need email addresses in a server certificate and CAcert
+would anyway ignore such a request. Thus just hit enter.
+
+ If you want to create a client certificate for email encryption, this
+would be the place to enter your mail address (e.g. <joe@example.org>).
+You may enter as many addresses as you like, however the CA may not
+accept them all or reject the entire request.
+
+ DNS Names (optional; end with an empty line)
+ > www.g10code.com
+ DNS Names (optional; end with an empty line)
+ > ftp.g10code.com
+ DNS Names (optional; end with an empty line)
+ >
+
+ Here I entered the names of the servers which actually run on the
+machine given in the DN above. The browser will accept a certificate for
+any of these names. As usual the CA must approve all of these names.
+
+ URIs (optional; end with an empty line)
+ >
+
+ It is possible to insert arbitrary URIs into a certificate; for a
+server certificate this does not make sense.
+
+ We have now entered all required information and `gpgsm' will
+display what it has gathered and ask whether to create the certificate
+request:
+
+ Parameters for certificate request to create:
+ 1 Key-Type: RSA
+ 2 Key-Length: 1024
+ 3 Key-Usage: sign, encrypt
+ 4 Name-DN: CN=kerckhoffs.g10code.com
+ 5 Name-DNS: www.g10code.com
+ 6 Name-DNS: ftp.g10code.com
+
+ Really create such a CSR?
+ [1] yes
+ [2] no
+ Your selection: 1
+ You selected: yes
+
+ `gpgsm' will now start working on creating the request. As this
+includes the creation of an RSA key it may take a while. During this
+time you will be asked 3 times for a passphrase to protect the created
+private key on your system. A pop up window will appear to ask for it.
+The first two prompts are for the new passphrase and for re-entering it;
+the third one is required to actually create the certificate signing
+request.
+
+ When it is ready, you should see the final notice:
+
+ gpgsm: certificate request created
+
+ Now, you may look at the created request:
+
+ $ cat a.p10
+ -----BEGIN CERTIFICATE REQUEST-----
+ MIIBnzCCAQgCAQAwITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCB
+ nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVyg
+ HtB7kr+YISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlS
+ wFTALLX78GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkm
+ Bj5cNy+YMbGVldECAwEAAaA+MDwGCSqGSIb3DQEJDjEvMC0wKwYDVR0RBCQwIoIP
+ d3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5jb20wDQYJKoZIhvcNAQEFBQAD
+ gYEAzBRIi8KTfKyebOlMtDN6oDYBOv+r9A4w3u/Z1ikjffaiN1Bmd2o9Ez9KXKHA
+ IezLeSEA/rGUPN5Ur5qIJnRNQ8xrS+iLftr8msWQSZppVnA/vnqMrtqBUpitqAr0
+ eYBmt1Uem2Y3UFABrKPglv2xzgGkrKX6AqmFoOnJWQ0QcTw=
+ -----END CERTIFICATE REQUEST-----
+ $
+
+ You may now proceed by logging into your account at the CAcert
+website, choose `Server Certificates - New', check `sign by class 3 root
+certificate', paste the above request block into the text field and
+click on `Submit'.
+
+ If everything works out fine, a certificate will be shown. Now run
+
+ $ gpgsm --import
+
+ and paste the certificate from the CAcert page into your terminal
+followed by a Ctrl-D
+
+ -----BEGIN CERTIFICATE-----
+ MIIEIjCCAgqgAwIBAgIBTDANBgkqhkiG9w0BAQQFADBUMRQwEgYDVQQKEwtDQWNl
+ cnQgSW5jLjEeMBwGA1UECxMVaHR0cDovL3d3dy5DQWNlcnQub3JnMRwwGgYDVQQD
+ ExNDQWNlcnQgQ2xhc3MgMyBSb290MB4XDTA1MTAyODE2MjA1MVoXDTA3MTAyODE2
+ MjA1MVowITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCBnzANBgkq
+ hkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVygHtB7kr+Y
+ ISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlSwFTALLX7
+ 8GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkmBj5cNy+Y
+ MbGVldECAwEAAaOBtTCBsjAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUF
+ BwMCBggrBgEFBQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIF
+ oDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy
+ dC5vcmcwKwYDVR0RBCQwIoIPd3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5j
+ b20wDQYJKoZIhvcNAQEEBQADggIBAAj5XAHCtzQR8PV6PkQBgZqUCbcfxGO/ZIp9
+ aIT6J2z0Jo1OZI6KmConbqnZG9WyDlV5P7msQXW/Z9nBfoj4KSmNR8G/wtb8ClJn
+ W8s75+K3ZLq1UgEyxBDrS7GjtbVaj7gsfZsuiQzxmk9lbl1gbkpJ3VEMjwVCTMlM
+ fpjp8etyPhUZqOZaoKVaq//KTOsjhPMwz7TcfOkHvXketPrWTcefJQU7NKLH16D3
+ mZAwnBxp3P51H6E6VG8AoJO8xCBuVwsbXKEf/FW+tmKG9pog6CaZQ9WibROTtnKj
+ NJjSBsrUk5C+JowO/EyZRGm6R1tlok8iFXj+2aimyeBqDcxozNmFgh9F3S5u0wK0
+ 6cfYgkPVMHxgwV3f3Qh+tJkgLExN7KfO9hvpZqAh+CLQtxVmvpxEVEXKR6nwBI5U
+ BaseulvVy3wUfg2daPkG17kDDBzQlsWC0BRF8anH+FWSrvseC3nS0a9g3sXF1Ic3
+ gIqeAMhkant1Ac3RR6YCWtJKr2rcQNdDAxXK35/gUSQNCi9dclEzoOgjziuA1Mha
+ 94jYcvGKcwThn0iITVS5hOsCfaySBLxTzfIruLbPxXlpWuCW/6I/7YyivppKgEZU
+ rUTFlNElRXCwIl0YcJkIaYYqWf7+A/aqYJCi8+51usZwMy3Jsq3hJ6MA3h1BgwZs
+ Rtct3tIX
+ -----END CERTIFICATE-----
+ gpgsm: issuer certificate (#/CN=CAcert Class 3 Ro[...]) not found
+ gpgsm: certificate imported
+
+ gpgsm: total number processed: 1
+ gpgsm: imported: 1
+
+ gpgsm tells you that it has imported the certificate. It is now
+associated with the key you used when creating the request. The root
+certificate has not been found, so you may want to import it from the
+CACert website.
+
+ To see the content of your certificate, you may now enter:
+
+ $ gpgsm -K kerckhoffs.g10code.com
+ /home/foo/.gnupg/pubring.kbx
+ ---------------------------
+ Serial number: 4C
+ Issuer: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.[...]
+ Subject: /CN=kerckhoffs.g10code.com
+ aka: (dns-name www.g10code.com)
+ aka: (dns-name ftp.g10code.com)
+ validity: 2005-10-28 16:20:51 through 2007-10-28 16:20:51
+ key type: 1024 bit RSA
+ key usage: digitalSignature keyEncipherment
+ ext key usage: clientAuth (suggested), serverAuth (suggested), [...]
+ fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:19:D8:E9:65:B9:BD:4F:B1:98:CC:57
+
+ I used `-K' above because this will only list certificates for which
+a private key is available. To see more details, you may use
+`--dump-secret-keys' instead of `-K'.
+
+ To make actual use of the certificate you need to install it on your
+server. Server software usually expects a PKCS\#12 file with key and
+certificate. To create such a file, run:
+
+ $ gpgsm --export-secret-key-p12 -a >kerckhoffs-cert.pem
+
+ You will be asked for the passphrase as well as for a new passphrase
+to be used to protect the PKCS\#12 file. The file now contains the
+certificate as well as the private key:
+
+ $ cat kerckhoffs-cert.pem
+ Issuer ...: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.CA[...]
+ Serial ...: 4C
+ Subject ..: /CN=kerckhoffs.g10code.com
+ aka ..: (dns-name www.g10code.com)
+ aka ..: (dns-name ftp.g10code.com)
+
+ -----BEGIN PKCS12-----
+ MIIHlwIBAzCCB5AGCSqGSIb37QdHAaCCB4EEggd9MIIHeTk1BJ8GCSqGSIb3DQEu
+ [...many more lines...]
+ -----END PKCS12-----
+ $
+
+ Copy this file in a secure way to the server, install it there and
+delete the file then. You may export the file again at any time as long
+as it is available in GnuPG's private key database.
+
diff --git a/doc/gnupg.info-2 b/doc/gnupg.info-2
new file mode 100644
index 0000000..5959a28
--- /dev/null
+++ b/doc/gnupg.info-2
@@ -0,0 +1,2125 @@
+This is /home/wk/w/gnupg-stable/doc/gnupg.info, produced by makeinfo
+version 4.13 from /home/wk/w/gnupg-stable/doc/gnupg.texi.
+
+This is the `The GNU Privacy Guard Manual' (version 2.0.19,
+March 2012).
+
+ Copyright (C) 2002, 2004, 2005, 2006, 2007, 2010 Free Software
+Foundation, Inc.
+
+ Permission is granted to copy, distribute and/or modify this
+ document under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 3 of the
+ License, or (at your option) any later version. The text of the
+ license can be found in the section entitled "Copying".
+
+INFO-DIR-SECTION GNU Utilities
+START-INFO-DIR-ENTRY
+* gpg2: (gnupg). OpenPGP encryption and signing tool.
+* gpgsm: (gnupg). S/MIME encryption and signing tool.
+* gpg-agent: (gnupg). The secret key daemon.
+END-INFO-DIR-ENTRY
+
+
+File: gnupg.info, Node: System Notes, Next: Debugging, Prev: Howtos, Up: Top
+
+9 Notes pertaining to certain OSes.
+***********************************
+
+GnuPG has been developed on GNU/Linux systems and is know to work on
+almost all Free OSes. All modern POSIX systems should be supported
+right now, however there are probably a lot of smaller glitches we need
+to fix first. The major problem areas are:
+
+ * For logging to sockets and other internal operations the
+ `fopencookie' function (`funopen' under *BSD) is used. This is a
+ very convenient function which makes it possible to create outputs
+ in a structures and easy maintainable way. The drawback however
+ is that most proprietary OSes don't support this function. At
+ g10 Code we have looked into several ways on how to overcome this
+ limitation but no sufficiently easy and maintainable way has been
+ found. Porting _glibc_ to a general POSIX system is of course an
+ option and would make writing portable software much easier; this
+ it has not yet been done and the system administrator would need
+ to cope with the GNU specific admin things in addition to the
+ generic ones of his system.
+
+ We have now settled to use explicit stdio wrappers with a
+ functionality similar to funopen. Although the code for this has
+ already been written (_libestream_), we have not yet changed GnuPG
+ to use it.
+
+ This means that on systems not supporting either `funopen' or
+ `fopencookie', logging to a socket won't work, prompts are not
+ formatted as pretty as they should be and `gpgsm''s `LISTKEYS'
+ Assuan command does not work.
+
+ * We are planning to use file descriptor passing for interprocess
+ communication. This will allow us save a lot of resources and
+ improve performance of certain operations a lot. Systems not
+ supporting this won't gain these benefits but we try to keep them
+ working the standard way as it is done today.
+
+ * We require more or less full POSIX compatibility. This has been
+ around for 15 years now and thus we don't believe it makes sense to
+ support non POSIX systems anymore. Well, we of course the usual
+ workarounds for near POSIX systems well be applied.
+
+ There is one exception of this rule: Systems based the Microsoft
+ Windows API (called here _W32_) will be supported to some extend.
+
+
+* Menu:
+
+* W32 Notes:: Microsoft Windows Notes
+
+
+File: gnupg.info, Node: W32 Notes, Up: System Notes
+
+9.1 Microsoft Windows Notes
+===========================
+
+Current limitations are:
+
+ * `gpgconf' does not create backup files, so in case of trouble your
+ configuration file might get lost.
+
+ * `watchgnupg' is not available. Logging to sockets is not possible.
+
+ * The periodical smartcard status checking done by `scdaemon' is not
+ yet supported.
+
+
+
+File: gnupg.info, Node: Debugging, Next: Copying, Prev: System Notes, Up: Top
+
+10 How to solve problems
+************************
+
+Everyone knows that software often does not do what it should do and
+thus there is a need to track down problems. We call this debugging in
+a reminiscent to the moth jamming a relay in a Mark II box back in 1947.
+
+ Most of the problems a merely configuration and user problems but
+nevertheless there are the most annoying ones and responsible for many
+gray hairs. We try to give some guidelines here on how to identify and
+solve the problem at hand.
+
+* Menu:
+
+* Debugging Tools:: Description of some useful tools.
+* Debugging Hints:: Various hints on debugging.
+* Common Problems:: Commonly seen problems.
+* Architecture Details:: How the whole thing works internally.
+
+
+File: gnupg.info, Node: Debugging Tools, Next: Debugging Hints, Up: Debugging
+
+10.1 Debugging Tools
+====================
+
+The GnuPG distribution comes with a couple of tools, useful to help find
+and solving problems.
+
+* Menu:
+
+* kbxutil:: Scrutinizing a keybox file.
+
+
+File: gnupg.info, Node: kbxutil, Up: Debugging Tools
+
+10.1.1 Scrutinizing a keybox file
+---------------------------------
+
+A keybox is a file format used to store public keys along with meta
+information and indices. The commonly used one is the file
+`pubring.kbx' in the `.gnupg' directory. It contains all X.509
+certificates as well as OpenPGP keys(1) .
+
+When called the standard way, e.g.:
+
+ `kbxutil ~/.gnupg/pubring.kbx'
+
+it lists all records (called blobs) with there meta-information in a
+human readable format.
+
+To see statistics on the keybox in question, run it using
+
+ `kbxutil --stats ~/.gnupg/pubring.kbx'
+
+and you get an output like:
+
+ Total number of blobs: 99
+ header: 1
+ empty: 0
+ openpgp: 0
+ x509: 98
+ non flagged: 81
+ secret flagged: 0
+ ephemeral flagged: 17
+
+ In this example you see that the keybox does not have any OpenPGP
+keys but contains 98 X.509 certificates and a total of 17 keys or
+certificates are flagged as ephemeral, meaning that they are only
+temporary stored (cached) in the keybox and won't get listed using the
+usual commands provided by `gpgsm' or `gpg'. 81 certificates are stored
+in a standard way and directly available from `gpgsm'.
+
+To find duplicated certificates and keyblocks in a keybox file (this
+should not occur but sometimes things go wrong), run it using
+
+ `kbxutil --find-dups ~/.gnupg/pubring.kbx'
+
+ ---------- Footnotes ----------
+
+ (1) Well, OpenPGP keys are not implemented, `gpg' still used the
+keyring file `pubring.gpg'
+
+
+File: gnupg.info, Node: Debugging Hints, Next: Common Problems, Prev: Debugging Tools, Up: Debugging
+
+10.2 Various hints on debugging.
+================================
+
+ * How to find the IP address of a keyserver
+
+ If a round robin URL of is used for a keyserver (e.g.
+ subkeys.gnupg.org); it is not easy to see what server is actually
+ used. Using the keyserver debug option as in
+
+ gpg --keyserver-options debug=1 -v --refresh-key 1E42B367
+
+ is thus often helpful. Note that the actual output depends on the
+ backend and may change from release to release.
+
+
+
+File: gnupg.info, Node: Common Problems, Next: Architecture Details, Prev: Debugging Hints, Up: Debugging
+
+10.3 Commonly Seen Problems
+===========================
+
+ * Error code `Not supported' from Dirmngr
+
+ Most likely the option `enable-ocsp' is active for gpgsm but
+ Dirmngr's OCSP feature has not been enabled using `allow-ocsp' in
+ `dirmngr.conf'.
+
+ * The Curses based Pinentry does not work
+
+ The far most common reason for this is that the environment
+ variable `GPG_TTY' has not been set correctly. Make sure that it
+ has been set to a real tty devce and not just to `/dev/tty'; i.e.
+ `GPG_TTY=tty' is plainly wrong; what you want is `GPG_TTY=`tty`'
+ -- note the back ticks. Also make sure that this environment
+ variable gets exported, that is you should follow up the setting
+ with an `export GPG_TTY' (assuming a Bourne style shell). Even for
+ GUI based Pinentries; you should have set `GPG_TTY'. See the
+ section on installing the `gpg-agent' on how to do it.
+
+ * SSH hangs while a popping up pinentry was expected
+
+ SSH has no way to tell the gpg-agent what terminal or X display it
+ is running on. So when remotely logging into a box where a
+ gpg-agent with SSH support is running, the pinentry will get
+ popped up on whatever display the gpg-agent has been started. To
+ solve this problem you may issue the command
+
+ echo UPDATESTARTUPTTY | gpg-connect-agent
+
+ and the next pinentry will pop up on your display or screen.
+ However, you need to kill the running pinentry first because only
+ one pinentry may be running at once. If you plan to use ssh on a
+ new display you should issue the above command before invoking ssh
+ or any other service making use of ssh.
+
+ * Exporting a secret key without a certificate
+
+ I may happen that you have created a certificate request using
+ `gpgsm' but not yet received and imported the certificate from the
+ CA. However, you want to export the secret key to another machine
+ right now to import the certificate over there then. You can do
+ this with a little trick but it requires that you know the
+ approximate time you created the signing request. By running the
+ command
+
+ ls -ltr ~/.gnupg/private-keys-v1.d
+
+ you get a listing of all private keys under control of `gpg-agent'.
+ Pick the key which best matches the creation time and run the
+ command
+
+ /usr/local/libexec/gpg-protect-tool --p12-export ~/.gnupg/private-keys-v1.d/FOO >FOO.p12
+
+ (Please adjust the path to `gpg-protect-tool' to the appropriate
+ location). FOO is the name of the key file you picked (it should
+ have the suffix `.key'). A Pinentry box will pop up and ask you
+ for the current passphrase of the key and a new passphrase to
+ protect it in the pkcs#12 file.
+
+ To import the created file on the machine you use this command:
+
+ /usr/local/libexec/gpg-protect-tool --p12-import --store FOO.p12
+
+ You will be asked for the pkcs#12 passphrase and a new passphrase
+ to protect the imported private key at its new location.
+
+ Note that there is no easy way to match existing certificates with
+ stored private keys because some private keys are used for Secure
+ Shell or other purposes and don't have a corresponding certificate.
+
+ * A root certificate does not verify
+
+ A common problem is that the root certificate misses the required
+ basicConstraints attribute and thus `gpgsm' rejects this
+ certificate. An error message indicating "no value" is a sign for
+ such a certificate. You may use the `relax' flag in
+ `trustlist.txt' to accept the certificate anyway. Note that the
+ fingerprint and this flag may only be added manually to
+ `trustlist.txt'.
+
+ * Error message: "digest algorithm N has not been enabled"
+
+ The signature is broken. You may try the option
+ `--extra-digest-algo SHA256' to workaround the problem. The
+ number N is the internal algorithm identifier; for example 8
+ refers to SHA-256.
+
+ * The Windows version does not work under Wine
+
+ When running the W32 version of `gpg' under Wine you may get an
+ error messages like:
+
+ gpg: fatal: WriteConsole failed: Access denied
+
+ The solution is to use the command `wineconsole'.
+
+ Some operations like gen-key really want to talk to the console
+ directly for increased security (for example to prevent the
+ passphrase from appearing on the screen). So, you should use
+ `wineconsole' instead of `wine', which will launch a windows
+ console that implements those additional features.
+
+ * Why does GPG's -search-key list weird keys?
+
+ For performance reasons the keyservers do not check the keys the
+ same way `gpg' does. It may happen that the listing of keys
+ available on the keyservers shows keys with wrong user IDs or with
+ user Ids from other keys. If you try to import this key, the bad
+ keys or bad user ids won't get imported, though. This is a bit
+ unfortunate but we can't do anything about it without actually
+ downloading the keys.
+
+
+
+File: gnupg.info, Node: Architecture Details, Prev: Common Problems, Up: Debugging
+
+10.4 How the whole thing works internally.
+==========================================
+
+* Menu:
+
+* GnuPG-1 and GnuPG-2:: Relationship between the two branches.
+
+
+File: gnupg.info, Node: GnuPG-1 and GnuPG-2, Up: Architecture Details
+
+10.4.1 Relationship between the two branches.
+---------------------------------------------
+
+Here is a little picture showing how the components work together:
+
+
+
+Lets try to explain it:
+
+ TO BE DONE.
+
+
+File: gnupg.info, Node: Copying, Next: Contributors, Prev: Debugging, Up: Top
+
+GNU General Public License
+**************************
+
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. `http://fsf.org/'
+
+ Everyone is permitted to copy and distribute verbatim copies of this
+ license document, but changing it is not allowed.
+
+Preamble
+========
+
+The GNU General Public License is a free, copyleft license for software
+and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program-to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you
+have certain responsibilities if you distribute copies of the software,
+or if you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the
+manufacturer can do so. This is fundamentally incompatible with the
+aim of protecting users' freedom to change the software. The
+systematic pattern of such abuse occurs in the area of products for
+individuals to use, which is precisely where it is most unacceptable.
+Therefore, we have designed this version of the GPL to prohibit the
+practice for those products. If such problems arise substantially in
+other domains, we stand ready to extend this provision to those domains
+in future versions of the GPL, as needed to protect the freedom of
+users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public
+ License.
+
+ "Copyright" also means copyright-like laws that apply to other
+ kinds of works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+ License. Each licensee is addressed as "you". "Licensees" and
+ "recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the
+ work in a fashion requiring copyright permission, other than the
+ making of an exact copy. The resulting work is called a "modified
+ version" of the earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work
+ based on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+ permission, would make you directly or secondarily liable for
+ infringement under applicable copyright law, except executing it
+ on a computer or modifying a private copy. Propagation includes
+ copying, distribution (with or without modification), making
+ available to the public, and in some countries other activities as
+ well.
+
+ To "convey" a work means any kind of propagation that enables other
+ parties to make or receive copies. Mere interaction with a user
+ through a computer network, with no transfer of a copy, is not
+ conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+ to the extent that it includes a convenient and prominently visible
+ feature that (1) displays an appropriate copyright notice, and (2)
+ tells the user that there is no warranty for the work (except to
+ the extent that warranties are provided), that licensees may
+ convey the work under this License, and how to view a copy of this
+ License. If the interface presents a list of user commands or
+ options, such as a menu, a prominent item in the list meets this
+ criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+ for making modifications to it. "Object code" means any
+ non-source form of a work.
+
+ A "Standard Interface" means an interface that either is an
+ official standard defined by a recognized standards body, or, in
+ the case of interfaces specified for a particular programming
+ language, one that is widely used among developers working in that
+ language.
+
+ The "System Libraries" of an executable work include anything,
+ other than the work as a whole, that (a) is included in the normal
+ form of packaging a Major Component, but which is not part of that
+ Major Component, and (b) serves only to enable use of the work
+ with that Major Component, or to implement a Standard Interface
+ for which an implementation is available to the public in source
+ code form. A "Major Component", in this context, means a major
+ essential component (kernel, window system, and so on) of the
+ specific operating system (if any) on which the executable work
+ runs, or a compiler used to produce the work, or an object code
+ interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+ the source code needed to generate, install, and (for an executable
+ work) run the object code and to modify the work, including
+ scripts to control those activities. However, it does not include
+ the work's System Libraries, or general-purpose tools or generally
+ available free programs which are used unmodified in performing
+ those activities but which are not part of the work. For example,
+ Corresponding Source includes interface definition files
+ associated with source files for the work, and the source code for
+ shared libraries and dynamically linked subprograms that the work
+ is specifically designed to require, such as by intimate data
+ communication or control flow between those subprograms and other
+ parts of the work.
+
+ The Corresponding Source need not include anything that users can
+ regenerate automatically from other parts of the Corresponding
+ Source.
+
+ The Corresponding Source for a work in source code form is that
+ same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+ copyright on the Program, and are irrevocable provided the stated
+ conditions are met. This License explicitly affirms your unlimited
+ permission to run the unmodified Program. The output from running
+ a covered work is covered by this License only if the output,
+ given its content, constitutes a covered work. This License
+ acknowledges your rights of fair use or other equivalent, as
+ provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+ convey, without conditions so long as your license otherwise
+ remains in force. You may convey covered works to others for the
+ sole purpose of having them make modifications exclusively for
+ you, or provide you with facilities for running those works,
+ provided that you comply with the terms of this License in
+ conveying all material for which you do not control copyright.
+ Those thus making or running the covered works for you must do so
+ exclusively on your behalf, under your direction and control, on
+ terms that prohibit them from making any copies of your
+ copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+ the conditions stated below. Sublicensing is not allowed; section
+ 10 makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+ measure under any applicable law fulfilling obligations under
+ article 11 of the WIPO copyright treaty adopted on 20 December
+ 1996, or similar laws prohibiting or restricting circumvention of
+ such measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+ circumvention of technological measures to the extent such
+ circumvention is effected by exercising rights under this License
+ with respect to the covered work, and you disclaim any intention
+ to limit operation or modification of the work as a means of
+ enforcing, against the work's users, your or third parties' legal
+ rights to forbid circumvention of technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+ receive it, in any medium, provided that you conspicuously and
+ appropriately publish on each copy an appropriate copyright notice;
+ keep intact all notices stating that this License and any
+ non-permissive terms added in accord with section 7 apply to the
+ code; keep intact all notices of the absence of any warranty; and
+ give all recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+ and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+ produce it from the Program, in the form of source code under the
+ terms of section 4, provided that you also meet all of these
+ conditions:
+
+ a. The work must carry prominent notices stating that you
+ modified it, and giving a relevant date.
+
+ b. The work must carry prominent notices stating that it is
+ released under this License and any conditions added under
+ section 7. This requirement modifies the requirement in
+ section 4 to "keep intact all notices".
+
+ c. You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable
+ section 7 additional terms, to the whole of the work, and all
+ its parts, regardless of how they are packaged. This License
+ gives no permission to license the work in any other way, but
+ it does not invalidate such permission if you have separately
+ received it.
+
+ d. If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has
+ interactive interfaces that do not display Appropriate Legal
+ Notices, your work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+ works, which are not by their nature extensions of the covered
+ work, and which are not combined with it such as to form a larger
+ program, in or on a volume of a storage or distribution medium, is
+ called an "aggregate" if the compilation and its resulting
+ copyright are not used to limit the access or legal rights of the
+ compilation's users beyond what the individual works permit.
+ Inclusion of a covered work in an aggregate does not cause this
+ License to apply to the other parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+ of sections 4 and 5, provided that you also convey the
+ machine-readable Corresponding Source under the terms of this
+ License, in one of these ways:
+
+ a. Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b. Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for
+ as long as you offer spare parts or customer support for that
+ product model, to give anyone who possesses the object code
+ either (1) a copy of the Corresponding Source for all the
+ software in the product that is covered by this License, on a
+ durable physical medium customarily used for software
+ interchange, for a price no more than your reasonable cost of
+ physically performing this conveying of source, or (2) access
+ to copy the Corresponding Source from a network server at no
+ charge.
+
+ c. Convey individual copies of the object code with a copy of
+ the written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially,
+ and only if you received the object code with such an offer,
+ in accord with subsection 6b.
+
+ d. Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access
+ to the Corresponding Source in the same way through the same
+ place at no further charge. You need not require recipients
+ to copy the Corresponding Source along with the object code.
+ If the place to copy the object code is a network server, the
+ Corresponding Source may be on a different server (operated
+ by you or a third party) that supports equivalent copying
+ facilities, provided you maintain clear directions next to
+ the object code saying where to find the Corresponding Source.
+ Regardless of what server hosts the Corresponding Source, you
+ remain obligated to ensure that it is available for as long
+ as needed to satisfy these requirements.
+
+ e. Convey the object code using peer-to-peer transmission,
+ provided you inform other peers where the object code and
+ Corresponding Source of the work are being offered to the
+ general public at no charge under subsection 6d.
+
+
+ A separable portion of the object code, whose source code is
+ excluded from the Corresponding Source as a System Library, need
+ not be included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means
+ any tangible personal property which is normally used for personal,
+ family, or household purposes, or (2) anything designed or sold for
+ incorporation into a dwelling. In determining whether a product
+ is a consumer product, doubtful cases shall be resolved in favor of
+ coverage. For a particular product received by a particular user,
+ "normally used" refers to a typical or common use of that class of
+ product, regardless of the status of the particular user or of the
+ way in which the particular user actually uses, or expects or is
+ expected to use, the product. A product is a consumer product
+ regardless of whether the product has substantial commercial,
+ industrial or non-consumer uses, unless such uses represent the
+ only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+ procedures, authorization keys, or other information required to
+ install and execute modified versions of a covered work in that
+ User Product from a modified version of its Corresponding Source.
+ The information must suffice to ensure that the continued
+ functioning of the modified object code is in no case prevented or
+ interfered with solely because modification has been made.
+
+ If you convey an object code work under this section in, or with,
+ or specifically for use in, a User Product, and the conveying
+ occurs as part of a transaction in which the right of possession
+ and use of the User Product is transferred to the recipient in
+ perpetuity or for a fixed term (regardless of how the transaction
+ is characterized), the Corresponding Source conveyed under this
+ section must be accompanied by the Installation Information. But
+ this requirement does not apply if neither you nor any third party
+ retains the ability to install modified object code on the User
+ Product (for example, the work has been installed in ROM).
+
+ The requirement to provide Installation Information does not
+ include a requirement to continue to provide support service,
+ warranty, or updates for a work that has been modified or
+ installed by the recipient, or for the User Product in which it
+ has been modified or installed. Access to a network may be denied
+ when the modification itself materially and adversely affects the
+ operation of the network or violates the rules and protocols for
+ communication across the network.
+
+ Corresponding Source conveyed, and Installation Information
+ provided, in accord with this section must be in a format that is
+ publicly documented (and with an implementation available to the
+ public in source code form), and must require no special password
+ or key for unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of
+ this License by making exceptions from one or more of its
+ conditions. Additional permissions that are applicable to the
+ entire Program shall be treated as though they were included in
+ this License, to the extent that they are valid under applicable
+ law. If additional permissions apply only to part of the Program,
+ that part may be used separately under those permissions, but the
+ entire Program remains governed by this License without regard to
+ the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+ remove any additional permissions from that copy, or from any part
+ of it. (Additional permissions may be written to require their own
+ removal in certain cases when you modify the work.) You may place
+ additional permissions on material, added by you to a covered work,
+ for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material
+ you add to a covered work, you may (if authorized by the copyright
+ holders of that material) supplement the terms of this License
+ with terms:
+
+ a. Disclaiming warranty or limiting liability differently from
+ the terms of sections 15 and 16 of this License; or
+
+ b. Requiring preservation of specified reasonable legal notices
+ or author attributions in that material or in the Appropriate
+ Legal Notices displayed by works containing it; or
+
+ c. Prohibiting misrepresentation of the origin of that material,
+ or requiring that modified versions of such material be
+ marked in reasonable ways as different from the original
+ version; or
+
+ d. Limiting the use for publicity purposes of names of licensors
+ or authors of the material; or
+
+ e. Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f. Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified
+ versions of it) with contractual assumptions of liability to
+ the recipient, for any liability that these contractual
+ assumptions directly impose on those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+ restrictions" within the meaning of section 10. If the Program as
+ you received it, or any part of it, contains a notice stating that
+ it is governed by this License along with a term that is a further
+ restriction, you may remove that term. If a license document
+ contains a further restriction but permits relicensing or
+ conveying under this License, you may add to a covered work
+ material governed by the terms of that license document, provided
+ that the further restriction does not survive such relicensing or
+ conveying.
+
+ If you add terms to a covered work in accord with this section, you
+ must place, in the relevant source files, a statement of the
+ additional terms that apply to those files, or a notice indicating
+ where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in
+ the form of a separately written license, or stated as exceptions;
+ the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+ provided under this License. Any attempt otherwise to propagate or
+ modify it is void, and will automatically terminate your rights
+ under this License (including any patent licenses granted under
+ the third paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+ license from a particular copyright holder is reinstated (a)
+ provisionally, unless and until the copyright holder explicitly
+ and finally terminates your license, and (b) permanently, if the
+ copyright holder fails to notify you of the violation by some
+ reasonable means prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+ reinstated permanently if the copyright holder notifies you of the
+ violation by some reasonable means, this is the first time you have
+ received notice of violation of this License (for any work) from
+ that copyright holder, and you cure the violation prior to 30 days
+ after your receipt of the notice.
+
+ Termination of your rights under this section does not terminate
+ the licenses of parties who have received copies or rights from
+ you under this License. If your rights have been terminated and
+ not permanently reinstated, you do not qualify to receive new
+ licenses for the same material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+ run a copy of the Program. Ancillary propagation of a covered work
+ occurring solely as a consequence of using peer-to-peer
+ transmission to receive a copy likewise does not require
+ acceptance. However, nothing other than this License grants you
+ permission to propagate or modify any covered work. These actions
+ infringe copyright if you do not accept this License. Therefore,
+ by modifying or propagating a covered work, you indicate your
+ acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+ receives a license from the original licensors, to run, modify and
+ propagate that work, subject to this License. You are not
+ responsible for enforcing compliance by third parties with this
+ License.
+
+ An "entity transaction" is a transaction transferring control of an
+ organization, or substantially all assets of one, or subdividing an
+ organization, or merging organizations. If propagation of a
+ covered work results from an entity transaction, each party to that
+ transaction who receives a copy of the work also receives whatever
+ licenses to the work the party's predecessor in interest had or
+ could give under the previous paragraph, plus a right to
+ possession of the Corresponding Source of the work from the
+ predecessor in interest, if the predecessor has it or can get it
+ with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+ rights granted or affirmed under this License. For example, you
+ may not impose a license fee, royalty, or other charge for
+ exercise of rights granted under this License, and you may not
+ initiate litigation (including a cross-claim or counterclaim in a
+ lawsuit) alleging that any patent claim is infringed by making,
+ using, selling, offering for sale, or importing the Program or any
+ portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+ License of the Program or a work on which the Program is based.
+ The work thus licensed is called the contributor's "contributor
+ version".
+
+ A contributor's "essential patent claims" are all patent claims
+ owned or controlled by the contributor, whether already acquired or
+ hereafter acquired, that would be infringed by some manner,
+ permitted by this License, of making, using, or selling its
+ contributor version, but do not include claims that would be
+ infringed only as a consequence of further modification of the
+ contributor version. For purposes of this definition, "control"
+ includes the right to grant patent sublicenses in a manner
+ consistent with the requirements of this License.
+
+ Each contributor grants you a non-exclusive, worldwide,
+ royalty-free patent license under the contributor's essential
+ patent claims, to make, use, sell, offer for sale, import and
+ otherwise run, modify and propagate the contents of its
+ contributor version.
+
+ In the following three paragraphs, a "patent license" is any
+ express agreement or commitment, however denominated, not to
+ enforce a patent (such as an express permission to practice a
+ patent or covenant not to sue for patent infringement). To
+ "grant" such a patent license to a party means to make such an
+ agreement or commitment not to enforce a patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent
+ license, and the Corresponding Source of the work is not available
+ for anyone to copy, free of charge and under the terms of this
+ License, through a publicly available network server or other
+ readily accessible means, then you must either (1) cause the
+ Corresponding Source to be so available, or (2) arrange to deprive
+ yourself of the benefit of the patent license for this particular
+ work, or (3) arrange, in a manner consistent with the requirements
+ of this License, to extend the patent license to downstream
+ recipients. "Knowingly relying" means you have actual knowledge
+ that, but for the patent license, your conveying the covered work
+ in a country, or your recipient's use of the covered work in a
+ country, would infringe one or more identifiable patents in that
+ country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+ arrangement, you convey, or propagate by procuring conveyance of, a
+ covered work, and grant a patent license to some of the parties
+ receiving the covered work authorizing them to use, propagate,
+ modify or convey a specific copy of the covered work, then the
+ patent license you grant is automatically extended to all
+ recipients of the covered work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+ the scope of its coverage, prohibits the exercise of, or is
+ conditioned on the non-exercise of one or more of the rights that
+ are specifically granted under this License. You may not convey a
+ covered work if you are a party to an arrangement with a third
+ party that is in the business of distributing software, under
+ which you make payment to the third party based on the extent of
+ your activity of conveying the work, and under which the third
+ party grants, to any of the parties who would receive the covered
+ work from you, a discriminatory patent license (a) in connection
+ with copies of the covered work conveyed by you (or copies made
+ from those copies), or (b) primarily for and in connection with
+ specific products or compilations that contain the covered work,
+ unless you entered into that arrangement, or that patent license
+ was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+ any implied license or other defenses to infringement that may
+ otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order,
+ agreement or otherwise) that contradict the conditions of this
+ License, they do not excuse you from the conditions of this
+ License. If you cannot convey a covered work so as to satisfy
+ simultaneously your obligations under this License and any other
+ pertinent obligations, then as a consequence you may not convey it
+ at all. For example, if you agree to terms that obligate you to
+ collect a royalty for further conveying from those to whom you
+ convey the Program, the only way you could satisfy both those
+ terms and this License would be to refrain entirely from conveying
+ the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+ permission to link or combine any covered work with a work licensed
+ under version 3 of the GNU Affero General Public License into a
+ single combined work, and to convey the resulting work. The terms
+ of this License will continue to apply to the part which is the
+ covered work, but the special requirements of the GNU Affero
+ General Public License, section 13, concerning interaction through
+ a network will apply to the combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new
+ versions of the GNU General Public License from time to time.
+ Such new versions will be similar in spirit to the present
+ version, but may differ in detail to address new problems or
+ concerns.
+
+ Each version is given a distinguishing version number. If the
+ Program specifies that a certain numbered version of the GNU
+ General Public License "or any later version" applies to it, you
+ have the option of following the terms and conditions either of
+ that numbered version or of any later version published by the
+ Free Software Foundation. If the Program does not specify a
+ version number of the GNU General Public License, you may choose
+ any version ever published by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+ versions of the GNU General Public License can be used, that
+ proxy's public statement of acceptance of a version permanently
+ authorizes you to choose that version for the Program.
+
+ Later license versions may give you additional or different
+ permissions. However, no additional obligations are imposed on any
+ author or copyright holder as a result of your choosing to follow a
+ later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+ APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE
+ COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS"
+ WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE
+ RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.
+ SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
+ NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+ WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES
+ AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU
+ FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+ CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE
+ THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA
+ BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+ PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF
+ THE POSSIBILITY OF SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+ above cannot be given local legal effect according to their terms,
+ reviewing courts shall apply local law that most closely
+ approximates an absolute waiver of all civil liability in
+ connection with the Program, unless a warranty or assumption of
+ liability accompanies a copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+How to Apply These Terms to Your New Programs
+=============================================
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these
+terms.
+
+ To do so, attach the following notices to the program. It is
+safest to attach them to the start of each source file to most
+effectively state the exclusion of warranty; and each file should have
+at least the "copyright" line and a pointer to where the full notice is
+found.
+ ONE LINE TO GIVE THE PROGRAM'S NAME AND A BRIEF IDEA OF WHAT IT DOES.
+ Copyright (C) YEAR NAME OF AUTHOR
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or (at
+ your option) any later version.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see `http://www.gnu.org/licenses/'.
+
+ Also add information on how to contact you by electronic and paper
+mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ PROGRAM Copyright (C) YEAR NAME OF AUTHOR
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.
+
+ The hypothetical commands `show w' and `show c' should show the
+appropriate parts of the General Public License. Of course, your
+program's commands might be different; for a GUI interface, you would
+use an "about box".
+
+ You should also get your employer (if you work as a programmer) or
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. For more information on this, and how to apply and follow
+the GNU GPL, see `http://www.gnu.org/licenses/'.
+
+ The GNU General Public License does not permit incorporating your
+program into proprietary programs. If your program is a subroutine
+library, you may consider it more useful to permit linking proprietary
+applications with the library. If this is what you want to do, use the
+GNU Lesser General Public License instead of this License. But first,
+please read `http://www.gnu.org/philosophy/why-not-lgpl.html'.
+
+
+
+File: gnupg.info, Node: Contributors, Next: Glossary, Prev: Copying, Up: Top
+
+Contributors to GnuPG
+*********************
+
+The GnuPG project would like to thank its many contributors. Without
+them the project would not have been nearly as successful as it has
+been. Any omissions in this list are accidental. Feel free to contact
+the maintainer if you have been left out or some of your contributions
+are not listed.
+
+ David Shaw, Matthew Skala, Michael Roth, Niklas Hernaeus, Nils
+Ellmenreich, Rémi Guyomarch, Stefan Bellon, Timo Schulz and Werner Koch
+wrote the code. Birger Langkjer, Daniel Resare, Dokianakis Theofanis,
+Edmund GRIMLEY EVANS, Gaël Quéri, Gregory Steuck, Nagy Ferenc László,
+Ivo Timmermans, Jacobo Tarri'o Barreiro, Janusz Aleksander Urbanowicz,
+Jedi Lin, Jouni Hiltunen, Laurentiu Buzdugan, Magda Procha'zkova',
+Michael Anckaert, Michal Majer, Marco d'Itri, Nilgun Belma Buguner,
+Pedro Morais, Tedi Heriyanto, Thiago Jung Bauermann, Rafael Caetano dos
+Santos, Toomas Soome, Urko Lusa, Walter Koch, Yosiaki IIDA did the
+official translations. Mike Ashley wrote and maintains the GNU Privacy
+Handbook. David Scribner is the current FAQ editor. Lorenzo
+Cappelletti maintains the web site.
+
+ The new modularized architecture of gnupg 1.9 as well as the
+X.509/CMS part has been developed as part of the Ägypten project.
+Direct contributors to this project are: Bernhard Herzog, who did
+extensive testing and tracked down a lot of bugs. Bernhard Reiter, who
+made sure that we met the specifications and the deadlines. He did
+extensive testing and came up with a lot of suggestions. Jan-Oliver
+Wagner made sure that we met the specifications and the deadlines. He
+also did extensive testing and came up with a lot of suggestions.
+Karl-Heinz Zimmer and Marc Mutz had to struggle with all the bugs and
+misconceptions while working on KDE integration. Marcus Brinkman
+extended GPGME, cleaned up the Assuan code and fixed bugs all over the
+place. Moritz Schulte took over Libgcrypt maintenance and developed it
+into a stable an useful library. Steffen Hansen had a hard time to
+write the dirmngr due to underspecified interfaces. Thomas Koester did
+extensive testing and tracked down a lot of bugs. Werner Koch designed
+the system and wrote most of the code.
+
+ The following people helped greatly by suggesting improvements,
+testing, fixing bugs, providing resources and doing other important
+tasks: Adam Mitchell, Albert Chin, Alec Habig, Allan Clark, Anand
+Kumria, Andreas Haumer, Anthony Mulcahy, Ariel T Glenn, Bob Mathews,
+Bodo Moeller, Brendan O'Dea, Brenno de Winter, Brian M. Carlson, Brian
+Moore, Brian Warner, Bryan Fullerton, Caskey L. Dickson, Cees van de
+Griend, Charles Levert, Chip Salzenberg, Chris Adams, Christian Biere,
+Christian Kurz, Christian von Roques, Christopher Oliver, Christian
+Recktenwald, Dan Winship, Daniel Eisenbud, Daniel Koening, Dave
+Dykstra, David C Niemi, David Champion, David Ellement, David Hallinan,
+David Hollenberg, David Mathog, David R. Bergstein, Detlef Lannert,
+Dimitri, Dirk Lattermann, Dirk Meyer, Disastry, Douglas Calvert, Ed
+Boraas, Edmund GRIMLEY EVANS, Edwin Woudt, Enzo Michelangeli, Ernst
+Molitor, Fabio Coatti, Felix von Leitner, fish stiqz, Florian Weimer,
+Francesco Potorti, Frank Donahoe, Frank Heckenbach, Frank Stajano,
+Frank Tobin, Gabriel Rosenkoetter, Gaël Quéri, Gene Carter, Geoff
+Keating, Georg Schwarz, Giampaolo Tomassoni, Gilbert Fernandes, Greg
+Louis, Greg Troxel, Gregory Steuck, Gregery Barton, Harald Denker,
+Holger Baust, Hendrik Buschkamp, Holger Schurig, Holger Smolinski,
+Holger Trapp, Hugh Daniel, Huy Le, Ian McKellar, Ivo Timmermans, Jan
+Krueger, Jan Niehusmann, Janusz A. Urbanowicz, James Troup, Jean-loup
+Gailly, Jeff Long, Jeffery Von Ronne, Jens Bachem, Jeroen C. van
+Gelderen, J Horacio MG, J. Michael Ashley, Jim Bauer, Jim Small,
+Joachim Backes, Joe Rhett, John A. Martin, Johnny Teveßen, Jörg
+Schilling, Jos Backus, Joseph Walton, Juan F. Codagnone, Jun Kuriyama,
+Kahil D. Jallad, Karl Fogel, Karsten Thygesen, Katsuhiro Kondou, Kazu
+Yamamoto, Keith Clayton, Kevin Ryde, Klaus Singvogel, Kurt Garloff,
+Lars Kellogg-Stedman, L. Sassaman, M Taylor, Marcel Waldvogel, Marco
+d'Itri, Marco Parrone, Marcus Brinkmann, Mark Adler, Mark Elbrecht,
+Mark Pettit, Markus Friedl, Martin Kahlert, Martin Hamilton, Martin
+Schulte, Matt Kraai, Matthew Skala, Matthew Wilcox, Matthias Urlichs,
+Max Valianskiy, Michael Engels, Michael Fischer v. Mollard, Michael
+Roth, Michael Sobolev, Michael Tokarev, Nicolas Graner, Mike McEwan,
+Neal H Walfield, Nelson H. F. Beebe, NIIBE Yutaka, Niklas Hernaeus,
+Nimrod Zimerman, N J Doye, Oliver Haakert, Oskari Jääskeläinen, Pascal
+Scheffers, Paul D. Smith, Per Cederqvist, Phil Blundell, Philippe
+Laliberte, Peter Fales, Peter Gutmann, Peter Marschall, Peter Valchev,
+Piotr Krukowiecki, QingLong, Ralph Gillen, Rat, Reinhard Wobst, Rémi
+Guyomarch, Reuben Sumner, Richard Outerbridge, Robert Joop, Roddy
+Strachan, Roger Sondermann, Roland Rosenfeld, Roman Pavlik, Ross
+Golder, Ryan Malayter, Sam Roberts, Sami Tolvanen, Sean MacLennan,
+Sebastian Klemke, Serge Munhoven, SL Baur, Stefan Bellon,
+Dr.Stefan.Dalibor, Stefan Karrmann, Stefan Keller, Steffen Ullrich,
+Steffen Zahn, Steven Bakker, Steven Murdoch, Susanne Schultz, Ted
+Cabeen, Thiago Jung Bauermann, Thijmen Klok, Thomas Roessler, Tim
+Mooney, Timo Schulz, Todd Vierling, TOGAWA Satoshi, Tom Spindler, Tom
+Zerucha, Tomas Fasth, Tommi Komulainen, Thomas Klausner, Tomasz
+Kozlowski, Thomas Mikkelsen, Ulf Möller, Urko Lusa, Vincent P. Broman,
+Volker Quetschke, W Lewis, Walter Hofmann, Walter Koch, Wayne
+Chapeskie, Wim Vandeputte, Winona Brown, Yosiaki IIDA, Yoshihiro Kajiki
+and Gerlinde Klaes.
+
+ This software has been made possible by the previous work of Chris
+Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin Hellmann
+Paul Kendall, Philip R. Zimmermann, Peter Gutmann, Philip A. Nelson,
+Taher Elgamal, Torbjorn Granlund, Whitfield Diffie, some unknown NSA
+mathematicians and all the folks who have worked hard to create
+complete and free operating systems.
+
+ And finally we'd like to thank everyone who uses these tools, submits
+bug reports and generally reminds us why we're doing this work in the
+first place.
+
+
+File: gnupg.info, Node: Glossary, Next: Option Index, Prev: Contributors, Up: Top
+
+Glossary
+********
+
+`ARL'
+ The _Authority Revocation List_ is technical identical to a CRL
+ but used for CAs and not for end user certificates.
+
+`Chain model'
+ Verification model for X.509 which uses the creation date of a
+ signature as the date the validation starts and in turn checks
+ that each certificate has been issued within the time frame, the
+ issuing certificate was valid. This allows the verification of
+ signatures after the CA's certificate expired. The validation
+ test also required an online check of the certificate status. The
+ chain model is required by the German signature law. See also
+ _Shell model_.
+
+`CMS'
+ The _Cryptographic Message Standard_ describes a message format
+ for encryption and digital signing. It is closely related to the
+ X.509 certificate format. CMS was formerly known under the name
+ `PKCS#7' and is described by `RFC3369'.
+
+`CRL'
+ The _Certificate Revocation List_ is a list containing
+ certificates revoked by the issuer.
+
+`CSR'
+ The _Certificate Signing Request_ is a message send to a CA to ask
+ them to issue a new certificate. The data format of such a signing
+ request is called PCKS#10.
+
+`OpenPGP'
+ A data format used to build a PKI and to exchange encrypted or
+ signed messages. In contrast to X.509, OpenPGP also includes the
+ message format but does not explicitly demand a specific PKI.
+ However any kind of PKI may be build upon the OpenPGP protocol.
+
+`Keygrip'
+ This term is used by GnuPG to describe a 20 byte hash value used
+ to identify a certain key without referencing to a concrete
+ protocol. It is used internally to access a private key. Usually
+ it is shown and entered as a 40 character hexadecimal formatted
+ string.
+
+`OCSP'
+ The _Online Certificate Status Protocol_ is used as an alternative
+ to a CRL. It is described in `RFC 2560'.
+
+`PSE'
+ The _Personal Security Environment_ describes a database to store
+ private keys. This is either a smartcard or a collection of files
+ on a disk; the latter is often called a Soft-PSE.
+
+`Shell model'
+ The standard model for validation of certificates under X.509. At
+ the time of the verification all certificates must be valid and
+ not expired. See also _Chain mode_.
+
+`X.509'
+ Description of a PKI used with CMS. It is for example defined by
+ `RFC3280'.
+
+
+
+File: gnupg.info, Node: Option Index, Next: Index, Prev: Glossary, Up: Top
+
+Option Index
+************
+
+
+* Menu:
+
+* agent-program <1>: Invoking gpg-connect-agent.
+ (line 30)
+* agent-program: Configuration Options.
+ (line 34)
+* allow-admin: Scdaemon Options. (line 184)
+* allow-freeform-uid: GPG Esoteric Options.
+ (line 312)
+* allow-mark-trusted: Agent Options. (line 147)
+* allow-multiple-messages: GPG Esoteric Options.
+ (line 429)
+* allow-non-selfsigned-uid: GPG Esoteric Options.
+ (line 307)
+* allow-secret-key-import: GPG Esoteric Options.
+ (line 424)
+* always-trust: GPG Esoteric Options.
+ (line 498)
+* armor <1>: Input and Output. (line 8)
+* armor: GPG Input and Output.
+ (line 8)
+* ask-cert-expire: GPG Esoteric Options.
+ (line 411)
+* ask-cert-level: GPG Configuration Options.
+ (line 302)
+* ask-sig-expire: GPG Esoteric Options.
+ (line 397)
+* assume-armor: Input and Output. (line 14)
+* assume-base64: Input and Output. (line 18)
+* assume-binary: Input and Output. (line 21)
+* attribute-fd: GPG Esoteric Options.
+ (line 85)
+* attribute-file: GPG Esoteric Options.
+ (line 91)
+* auto-check-trustdb: GPG Configuration Options.
+ (line 598)
+* auto-issuer-key-retrieve: Certificate Options. (line 51)
+* auto-key-locate: GPG Configuration Options.
+ (line 382)
+* base64: Input and Output. (line 11)
+* batch <1>: GPG Configuration Options.
+ (line 39)
+* batch: Agent Options. (line 33)
+* bzip2-compress-level: GPG Configuration Options.
+ (line 276)
+* bzip2-decompress-lowmem: GPG Configuration Options.
+ (line 286)
+* call-dirmngr: Operational GPGSM Commands.
+ (line 27)
+* call-protect-tool: Operational GPGSM Commands.
+ (line 41)
+* card-edit: Operational GPG Commands.
+ (line 157)
+* card-status: Operational GPG Commands.
+ (line 163)
+* card-timeout: Scdaemon Options. (line 168)
+* cert-digest-algo: GPG Esoteric Options.
+ (line 221)
+* cert-notation: GPG Esoteric Options.
+ (line 113)
+* cert-policy-url: GPG Esoteric Options.
+ (line 143)
+* change-pin: Operational GPG Commands.
+ (line 166)
+* check-passphrase-pattern: Agent Options. (line 191)
+* check-sigs: Operational GPG Commands.
+ (line 126)
+* check-trustdb: Operational GPG Commands.
+ (line 257)
+* cipher-algo <1>: CMS Options. (line 13)
+* cipher-algo: GPG Esoteric Options.
+ (line 181)
+* clearsign: Operational GPG Commands.
+ (line 17)
+* command-fd: GPG Esoteric Options.
+ (line 295)
+* command-file: GPG Esoteric Options.
+ (line 302)
+* comment: GPG Esoteric Options.
+ (line 96)
+* compliant-needed: GPG Configuration Options.
+ (line 557)
+* compress-algo: GPG Esoteric Options.
+ (line 198)
+* compress-level: GPG Configuration Options.
+ (line 276)
+* csh: Agent Options. (line 118)
+* ctapi-driver: Scdaemon Options. (line 146)
+* daemon <1>: Scdaemon Commands. (line 31)
+* daemon: Agent Commands. (line 27)
+* dearmor: Operational GPG Commands.
+ (line 312)
+* debug <1>: Scdaemon Options. (line 61)
+* debug <2>: Esoteric Options. (line 58)
+* debug <3>: GPG Esoteric Options.
+ (line 51)
+* debug: Agent Options. (line 71)
+* debug-all <1>: Scdaemon Options. (line 97)
+* debug-all <2>: Esoteric Options. (line 92)
+* debug-all <3>: GPG Esoteric Options.
+ (line 55)
+* debug-all: Agent Options. (line 103)
+* debug-allow-core-dump <1>: Scdaemon Options. (line 114)
+* debug-allow-core-dump: Esoteric Options. (line 95)
+* debug-assuan-log-cats: Scdaemon Options. (line 123)
+* debug-disable-ticker: Scdaemon Options. (line 110)
+* debug-ignore-expiration: Esoteric Options. (line 106)
+* debug-level <1>: Scdaemon Options. (line 28)
+* debug-level <2>: Esoteric Options. (line 29)
+* debug-level <3>: GPG Esoteric Options.
+ (line 22)
+* debug-level: Agent Options. (line 42)
+* debug-log-tid: Scdaemon Options. (line 120)
+* debug-no-chain-validation: Esoteric Options. (line 102)
+* debug-wait <1>: Scdaemon Options. (line 100)
+* debug-wait: Agent Options. (line 106)
+* decode: Invoking gpg-connect-agent.
+ (line 66)
+* decrypt <1>: gpg-zip. (line 22)
+* decrypt <2>: Operational GPGSM Commands.
+ (line 11)
+* decrypt: Operational GPG Commands.
+ (line 52)
+* decrypt-files: Operational GPG Commands.
+ (line 87)
+* default-cache-ttl: Agent Options. (line 158)
+* default-cert-expire: GPG Esoteric Options.
+ (line 417)
+* default-cert-level: GPG Configuration Options.
+ (line 310)
+* default-key <1>: Input and Output. (line 34)
+* default-key: GPG Configuration Options.
+ (line 10)
+* default-keyserver-url: GPG Esoteric Options.
+ (line 457)
+* default-preference-list: GPG Esoteric Options.
+ (line 452)
+* default-recipient: GPG Configuration Options.
+ (line 15)
+* default-recipient-self: GPG Configuration Options.
+ (line 19)
+* default-sig-expire: GPG Esoteric Options.
+ (line 403)
+* delete-key: Operational GPG Commands.
+ (line 171)
+* delete-keys: Certificate Management.
+ (line 57)
+* delete-secret-and-public-key: Operational GPG Commands.
+ (line 180)
+* delete-secret-key: Operational GPG Commands.
+ (line 176)
+* deny-admin: Scdaemon Options. (line 184)
+* desig-revoke: OpenPGP Key Management.
+ (line 21)
+* detach-sign: Operational GPG Commands.
+ (line 27)
+* digest-algo: GPG Esoteric Options.
+ (line 190)
+* dirmnr-program: Configuration Options.
+ (line 40)
+* disable-application: Scdaemon Options. (line 194)
+* disable-ccid: Scdaemon Options. (line 151)
+* disable-cipher-algo: GPG Esoteric Options.
+ (line 229)
+* disable-crl-checks: Certificate Options. (line 13)
+* disable-dsa2: GPG Configuration Options.
+ (line 167)
+* disable-keypad: Scdaemon Options. (line 181)
+* disable-mdc: OpenPGP Options. (line 40)
+* disable-ocsp: Certificate Options. (line 42)
+* disable-policy-checks: Certificate Options. (line 8)
+* disable-pubkey-algo: GPG Esoteric Options.
+ (line 234)
+* disable-scdaemon: Agent Options. (line 230)
+* disable-trusted-cert-crl-check: Certificate Options. (line 19)
+* display: Agent Options. (line 257)
+* display-charset: GPG Configuration Options.
+ (line 231)
+* display-charset:iso-8859-1: GPG Configuration Options.
+ (line 240)
+* display-charset:iso-8859-15: GPG Configuration Options.
+ (line 246)
+* display-charset:iso-8859-2: GPG Configuration Options.
+ (line 243)
+* display-charset:koi8-r: GPG Configuration Options.
+ (line 249)
+* display-charset:utf-8: GPG Configuration Options.
+ (line 252)
+* dry-run: GPG Esoteric Options.
+ (line 8)
+* dump-cert: Certificate Management.
+ (line 33)
+* dump-chain: Certificate Management.
+ (line 37)
+* dump-external-keys: Certificate Management.
+ (line 44)
+* dump-keys: Certificate Management.
+ (line 33)
+* dump-options <1>: Scdaemon Commands. (line 18)
+* dump-options <2>: General GPGSM Commands.
+ (line 19)
+* dump-options <3>: General GPG Commands.
+ (line 19)
+* dump-options: Agent Commands. (line 19)
+* dump-secret-keys: Certificate Management.
+ (line 40)
+* edit-key: OpenPGP Key Management.
+ (line 26)
+* emit-version: GPG Esoteric Options.
+ (line 107)
+* enable-crl-checks: Certificate Options. (line 13)
+* enable-dsa2: GPG Configuration Options.
+ (line 167)
+* enable-ocsp: Certificate Options. (line 42)
+* enable-passphrase-history: Agent Options. (line 210)
+* enable-policy-checks: Certificate Options. (line 8)
+* enable-progress-filter: GPG Esoteric Options.
+ (line 64)
+* enable-special-filenames: GPG Esoteric Options.
+ (line 439)
+* enable-ssh-support: Agent Options. (line 267)
+* enable-trusted-cert-crl-check: Certificate Options. (line 19)
+* enarmor: Operational GPG Commands.
+ (line 312)
+* encrypt <1>: gpg-zip. (line 17)
+* encrypt <2>: Operational GPGSM Commands.
+ (line 7)
+* encrypt: Operational GPG Commands.
+ (line 31)
+* encrypt-files: Operational GPG Commands.
+ (line 84)
+* encrypt-to: GPG Key related Options.
+ (line 21)
+* enforce-passphrase-constraints: Agent Options. (line 176)
+* escape-from-lines: GPG Esoteric Options.
+ (line 259)
+* exec: Invoking gpg-connect-agent.
+ (line 41)
+* exec-path: GPG Configuration Options.
+ (line 190)
+* exit-on-status-write-error: GPG Configuration Options.
+ (line 626)
+* expert: GPG Configuration Options.
+ (line 684)
+* export <1>: Certificate Management.
+ (line 66)
+* export: Operational GPG Commands.
+ (line 185)
+* export-options: GPG Input and Output.
+ (line 67)
+* export-ownertrust: Operational GPG Commands.
+ (line 272)
+* export-secret-keys: Operational GPG Commands.
+ (line 201)
+* export-secret-subkeys: Operational GPG Commands.
+ (line 201)
+* extra-digest-algo: Esoteric Options. (line 7)
+* faked-system-time <1>: Esoteric Options. (line 18)
+* faked-system-time <2>: GPG Esoteric Options.
+ (line 58)
+* faked-system-time: Agent Options. (line 37)
+* fast-list-mode: GPG Esoteric Options.
+ (line 362)
+* fetch-keys: Operational GPG Commands.
+ (line 242)
+* fingerprint: Operational GPG Commands.
+ (line 146)
+* fixed-list-mode: GPG Input and Output.
+ (line 118)
+* fixed-passphrase: Esoteric Options. (line 111)
+* for-your-eyes-only: GPG Esoteric Options.
+ (line 167)
+* force: watchgnupg. (line 22)
+* force-crl-refresh: Certificate Options. (line 31)
+* force-mdc: OpenPGP Options. (line 34)
+* force-v3-sigs: OpenPGP Options. (line 19)
+* force-v4-certs: OpenPGP Options. (line 29)
+* forget: Invoking gpg-preset-passphrase.
+ (line 24)
+* gen-key <1>: Certificate Management.
+ (line 7)
+* gen-key: OpenPGP Key Management.
+ (line 9)
+* gen-prime: Operational GPG Commands.
+ (line 306)
+* gen-random: Operational GPG Commands.
+ (line 299)
+* gen-revoke: OpenPGP Key Management.
+ (line 17)
+* gnupg: OpenPGP Options. (line 108)
+* gpg: gpg-zip. (line 50)
+* gpg-agent-info: GPG Configuration Options.
+ (line 608)
+* gpg-args: gpg-zip. (line 53)
+* gpgconf-list: GPG Esoteric Options.
+ (line 470)
+* gpgconf-test: GPG Esoteric Options.
+ (line 474)
+* group: GPG Key related Options.
+ (line 41)
+* help <1>: gpg-zip. (line 65)
+* help <2>: watchgnupg. (line 35)
+* help <3>: Scdaemon Commands. (line 14)
+* help <4>: General GPGSM Commands.
+ (line 11)
+* help <5>: General GPG Commands.
+ (line 12)
+* help: Agent Commands. (line 15)
+* hex: Invoking gpg-connect-agent.
+ (line 62)
+* hidden-encrypt-to: GPG Key related Options.
+ (line 29)
+* hidden-recipient: GPG Key related Options.
+ (line 14)
+* homedir <1>: Invoking symcryptrun.
+ (line 38)
+* homedir <2>: Invoking gpg-connect-agent.
+ (line 22)
+* homedir <3>: gpgv. (line 53)
+* homedir <4>: Scdaemon Options. (line 13)
+* homedir <5>: Configuration Options.
+ (line 16)
+* homedir <6>: GPG Configuration Options.
+ (line 223)
+* homedir: Agent Options. (line 13)
+* ignore-cache-for-signing: Agent Options. (line 152)
+* ignore-cert-extension: Certificate Options. (line 71)
+* ignore-crc-error: GPG Esoteric Options.
+ (line 332)
+* ignore-mdc-error: GPG Esoteric Options.
+ (line 339)
+* ignore-time-conflict <1>: gpgv. (line 47)
+* ignore-time-conflict: GPG Esoteric Options.
+ (line 318)
+* ignore-valid-from: GPG Esoteric Options.
+ (line 325)
+* import <1>: Certificate Management.
+ (line 87)
+* import: Operational GPG Commands.
+ (line 211)
+* import-options: GPG Input and Output.
+ (line 29)
+* import-ownertrust: Operational GPG Commands.
+ (line 278)
+* include-certs: CMS Options. (line 7)
+* interactive: GPG Esoteric Options.
+ (line 19)
+* keep-display: Agent Options. (line 262)
+* keep-tty: Agent Options. (line 262)
+* keydb-clear-some-cert-flags: Certificate Management.
+ (line 49)
+* keyedit:addcardkey: OpenPGP Key Management.
+ (line 166)
+* keyedit:addkey: OpenPGP Key Management.
+ (line 163)
+* keyedit:addphoto: OpenPGP Key Management.
+ (line 81)
+* keyedit:addrevoker: OpenPGP Key Management.
+ (line 215)
+* keyedit:adduid: OpenPGP Key Management.
+ (line 78)
+* keyedit:bkuptocard: OpenPGP Key Management.
+ (line 180)
+* keyedit:check: OpenPGP Key Management.
+ (line 75)
+* keyedit:clean: OpenPGP Key Management.
+ (line 227)
+* keyedit:cross-certify: OpenPGP Key Management.
+ (line 241)
+* keyedit:delkey: OpenPGP Key Management.
+ (line 191)
+* keyedit:delsig: OpenPGP Key Management.
+ (line 65)
+* keyedit:deluid: OpenPGP Key Management.
+ (line 92)
+* keyedit:disable: OpenPGP Key Management.
+ (line 211)
+* keyedit:enable: OpenPGP Key Management.
+ (line 211)
+* keyedit:expire: OpenPGP Key Management.
+ (line 200)
+* keyedit:key: OpenPGP Key Management.
+ (line 35)
+* keyedit:keyserver: OpenPGP Key Management.
+ (line 110)
+* keyedit:keytocard: OpenPGP Key Management.
+ (line 169)
+* keyedit:lsign: OpenPGP Key Management.
+ (line 46)
+* keyedit:minimize: OpenPGP Key Management.
+ (line 236)
+* keyedit:notation: OpenPGP Key Management.
+ (line 117)
+* keyedit:nrsign: OpenPGP Key Management.
+ (line 51)
+* keyedit:passwd: OpenPGP Key Management.
+ (line 221)
+* keyedit:pref: OpenPGP Key Management.
+ (line 125)
+* keyedit:primary: OpenPGP Key Management.
+ (line 101)
+* keyedit:quit: OpenPGP Key Management.
+ (line 252)
+* keyedit:revkey: OpenPGP Key Management.
+ (line 197)
+* keyedit:revsig: OpenPGP Key Management.
+ (line 70)
+* keyedit:revuid: OpenPGP Key Management.
+ (line 98)
+* keyedit:save: OpenPGP Key Management.
+ (line 249)
+* keyedit:setpref: OpenPGP Key Management.
+ (line 138)
+* keyedit:showphoto: OpenPGP Key Management.
+ (line 89)
+* keyedit:showpref: OpenPGP Key Management.
+ (line 130)
+* keyedit:sign: OpenPGP Key Management.
+ (line 39)
+* keyedit:toggle: OpenPGP Key Management.
+ (line 224)
+* keyedit:trust: OpenPGP Key Management.
+ (line 206)
+* keyedit:tsign: OpenPGP Key Management.
+ (line 55)
+* keyedit:uid: OpenPGP Key Management.
+ (line 31)
+* keyid-format: GPG Configuration Options.
+ (line 422)
+* keyring <1>: gpgv. (line 34)
+* keyring: GPG Configuration Options.
+ (line 197)
+* keyserver: GPG Configuration Options.
+ (line 429)
+* keyserver-options: GPG Configuration Options.
+ (line 449)
+* kill: Invoking gpgconf. (line 53)
+* lc-ctype: Agent Options. (line 257)
+* lc-messages: Agent Options. (line 257)
+* learn-card: Certificate Management.
+ (line 92)
+* limit-card-insert-tries: GPG Configuration Options.
+ (line 635)
+* list-archive: gpg-zip. (line 43)
+* list-chain: Certificate Management.
+ (line 29)
+* list-config: GPG Esoteric Options.
+ (line 462)
+* list-keys <1>: Certificate Management.
+ (line 14)
+* list-keys: Operational GPG Commands.
+ (line 92)
+* list-only: GPG Esoteric Options.
+ (line 11)
+* list-options: GPG Configuration Options.
+ (line 59)
+* list-options:show-keyring: GPG Configuration Options.
+ (line 102)
+* list-options:show-keyserver-urls: GPG Configuration Options.
+ (line 86)
+* list-options:show-notations: GPG Configuration Options.
+ (line 81)
+* list-options:show-photos: GPG Configuration Options.
+ (line 67)
+* list-options:show-policy-urls: GPG Configuration Options.
+ (line 75)
+* list-options:show-sig-expire: GPG Configuration Options.
+ (line 106)
+* list-options:show-sig-subpackets: GPG Configuration Options.
+ (line 110)
+* list-options:show-std-notations: GPG Configuration Options.
+ (line 81)
+* list-options:show-uid-validity: GPG Configuration Options.
+ (line 90)
+* list-options:show-unusable-subkeys: GPG Configuration Options.
+ (line 98)
+* list-options:show-unusable-uids: GPG Configuration Options.
+ (line 94)
+* list-options:show-user-notations: GPG Configuration Options.
+ (line 81)
+* list-packets: Operational GPG Commands.
+ (line 153)
+* list-secret-keys <1>: Certificate Management.
+ (line 21)
+* list-secret-keys: Operational GPG Commands.
+ (line 102)
+* list-sigs: Operational GPG Commands.
+ (line 108)
+* local-user <1>: gpg-zip. (line 40)
+* local-user <2>: Input and Output. (line 42)
+* local-user: GPG Key related Options.
+ (line 63)
+* locate-keys: Operational GPG Commands.
+ (line 139)
+* lock-multiple: GPG Configuration Options.
+ (line 615)
+* lock-never: GPG Configuration Options.
+ (line 619)
+* lock-once: GPG Configuration Options.
+ (line 611)
+* log-file <1>: Invoking symcryptrun.
+ (line 46)
+* log-file <2>: Scdaemon Options. (line 136)
+* log-file <3>: Configuration Options.
+ (line 59)
+* log-file <4>: GPG Esoteric Options.
+ (line 81)
+* log-file: Agent Options. (line 140)
+* logger-fd <1>: gpgv. (line 44)
+* logger-fd: GPG Esoteric Options.
+ (line 77)
+* lsign-key: OpenPGP Key Management.
+ (line 289)
+* mangle-dos-filenames: GPG Configuration Options.
+ (line 294)
+* marginals-needed: GPG Configuration Options.
+ (line 561)
+* max-cache-ttl: Agent Options. (line 166)
+* max-cache-ttl-ssh: Agent Options. (line 171)
+* max-cert-depth: GPG Configuration Options.
+ (line 565)
+* max-output: GPG Input and Output.
+ (line 19)
+* max-passphrase-days: Agent Options. (line 205)
+* min-cert-level: GPG Configuration Options.
+ (line 339)
+* min-passphrase-len: Agent Options. (line 180)
+* min-passphrase-nonalpha: Agent Options. (line 185)
+* multi-server: Scdaemon Commands. (line 26)
+* multifile: Operational GPG Commands.
+ (line 73)
+* no: GPG Configuration Options.
+ (line 56)
+* no-armor: GPG Input and Output.
+ (line 12)
+* no-batch: GPG Configuration Options.
+ (line 39)
+* no-common-certs-import: Esoteric Options. (line 116)
+* no-default-keyring: GPG Esoteric Options.
+ (line 347)
+* no-default-recipient: GPG Configuration Options.
+ (line 25)
+* no-detach <1>: Scdaemon Options. (line 132)
+* no-detach: Agent Options. (line 111)
+* no-encrypt-to: GPG Key related Options.
+ (line 37)
+* no-expensive-trust-checks: GPG Esoteric Options.
+ (line 444)
+* no-ext-connect: Invoking gpg-connect-agent.
+ (line 48)
+* no-grab: Agent Options. (line 136)
+* no-greeting: GPG Configuration Options.
+ (line 649)
+* no-groups: GPG Key related Options.
+ (line 59)
+* no-literal: GPG Esoteric Options.
+ (line 370)
+* no-mangle-dos-filenames: GPG Configuration Options.
+ (line 294)
+* no-mdc-warning: GPG Configuration Options.
+ (line 668)
+* no-options: GPG Configuration Options.
+ (line 269)
+* no-random-seed-file: GPG Configuration Options.
+ (line 643)
+* no-secmem-warning <1>: Configuration Options.
+ (line 55)
+* no-secmem-warning: GPG Configuration Options.
+ (line 652)
+* no-sig-cache: GPG Configuration Options.
+ (line 579)
+* no-sig-create-check: GPG Configuration Options.
+ (line 588)
+* no-skip-hidden-recipients: GPG Key related Options.
+ (line 75)
+* no-tty: GPG Configuration Options.
+ (line 48)
+* no-use-standard-socket: Agent Options. (line 237)
+* no-verbose: GPG Configuration Options.
+ (line 32)
+* not-dash-escaped: GPG Esoteric Options.
+ (line 249)
+* openpgp: OpenPGP Options. (line 116)
+* options <1>: Scdaemon Options. (line 7)
+* options <2>: Configuration Options.
+ (line 10)
+* options <3>: GPG Configuration Options.
+ (line 264)
+* options: Agent Options. (line 7)
+* output <1>: gpg-zip. (line 47)
+* output <2>: Input and Output. (line 52)
+* output: GPG Input and Output.
+ (line 16)
+* override-session-key: GPG Esoteric Options.
+ (line 388)
+* p12-charset: Input and Output. (line 24)
+* passphrase <1>: Invoking gpg-preset-passphrase.
+ (line 35)
+* passphrase: GPG Esoteric Options.
+ (line 288)
+* passphrase-fd: GPG Esoteric Options.
+ (line 271)
+* passphrase-file: GPG Esoteric Options.
+ (line 279)
+* passphrase-repeat: GPG Esoteric Options.
+ (line 266)
+* passwd <1>: Certificate Management.
+ (line 97)
+* passwd: OpenPGP Key Management.
+ (line 294)
+* pcsc-driver: Scdaemon Options. (line 140)
+* permission-warning: GPG Configuration Options.
+ (line 655)
+* personal-cipher-preferences: OpenPGP Options. (line 45)
+* personal-compress-preferences: OpenPGP Options. (line 64)
+* personal-digest-preferences: OpenPGP Options. (line 54)
+* pgp2: OpenPGP Options. (line 134)
+* pgp6: OpenPGP Options. (line 147)
+* pgp7: OpenPGP Options. (line 158)
+* pgp8: OpenPGP Options. (line 164)
+* photo-viewer: GPG Configuration Options.
+ (line 173)
+* pinentry-program: Agent Options. (line 213)
+* pinentry-touch-file: Agent Options. (line 217)
+* policy-file: Configuration Options.
+ (line 31)
+* prefer-system-dirmngr: Configuration Options.
+ (line 46)
+* preserve-permissions: GPG Esoteric Options.
+ (line 447)
+* preset: Invoking gpg-preset-passphrase.
+ (line 20)
+* primary-keyring: GPG Configuration Options.
+ (line 211)
+* print-md: Operational GPG Commands.
+ (line 294)
+* q <1>: Invoking symcryptrun.
+ (line 35)
+* q: Invoking gpg-connect-agent.
+ (line 19)
+* quiet <1>: Invoking symcryptrun.
+ (line 35)
+* quiet <2>: Invoking gpg-connect-agent.
+ (line 19)
+* quiet <3>: gpgv. (line 31)
+* quiet <4>: GPG Configuration Options.
+ (line 35)
+* quiet: Agent Options. (line 30)
+* raw-socket: Invoking gpg-connect-agent.
+ (line 34)
+* reader-port: Scdaemon Options. (line 157)
+* rebuild-keydb-caches: Operational GPG Commands.
+ (line 288)
+* recipient <1>: gpg-zip. (line 36)
+* recipient <2>: Input and Output. (line 47)
+* recipient: GPG Key related Options.
+ (line 8)
+* recv-keys: Operational GPG Commands.
+ (line 220)
+* refresh-keys: Operational GPG Commands.
+ (line 224)
+* reload: Invoking gpgconf. (line 48)
+* require-cross-certification: GPG Configuration Options.
+ (line 677)
+* require-secmem: GPG Configuration Options.
+ (line 672)
+* rfc1991: OpenPGP Options. (line 131)
+* rfc2440: OpenPGP Options. (line 127)
+* rfc4880: OpenPGP Options. (line 122)
+* run: Invoking gpg-connect-agent.
+ (line 53)
+* s2k-cipher-algo: OpenPGP Options. (line 74)
+* s2k-count: OpenPGP Options. (line 91)
+* s2k-digest-algo: OpenPGP Options. (line 80)
+* s2k-mode: OpenPGP Options. (line 84)
+* scdaemon-program: Agent Options. (line 226)
+* search-keys: Operational GPG Commands.
+ (line 233)
+* secret-keyring: GPG Configuration Options.
+ (line 208)
+* send-keys: Operational GPG Commands.
+ (line 192)
+* server <1>: Scdaemon Commands. (line 22)
+* server <2>: Operational GPGSM Commands.
+ (line 24)
+* server: Agent Commands. (line 23)
+* set-filename: GPG Esoteric Options.
+ (line 161)
+* set-filesize: GPG Esoteric Options.
+ (line 374)
+* set-notation: GPG Esoteric Options.
+ (line 113)
+* set-policy-url: GPG Esoteric Options.
+ (line 143)
+* sh: Agent Options. (line 118)
+* show-keyring: GPG Esoteric Options.
+ (line 493)
+* show-notation: GPG Esoteric Options.
+ (line 502)
+* show-photos: GPG Esoteric Options.
+ (line 485)
+* show-policy-url: GPG Esoteric Options.
+ (line 510)
+* show-session-key: GPG Esoteric Options.
+ (line 378)
+* sig-keyserver-url: GPG Esoteric Options.
+ (line 153)
+* sig-notation: GPG Esoteric Options.
+ (line 113)
+* sig-policy-url: GPG Esoteric Options.
+ (line 143)
+* sign <1>: Operational GPGSM Commands.
+ (line 16)
+* sign: Operational GPG Commands.
+ (line 8)
+* sign-key: OpenPGP Key Management.
+ (line 285)
+* simple-sk-checksum: GPG Configuration Options.
+ (line 568)
+* skip-hidden-recipients: GPG Key related Options.
+ (line 75)
+* skip-verify: GPG Esoteric Options.
+ (line 354)
+* status-fd <1>: gpgv. (line 40)
+* status-fd: GPG Esoteric Options.
+ (line 69)
+* status-file: GPG Esoteric Options.
+ (line 73)
+* store: Operational GPG Commands.
+ (line 48)
+* subst: Invoking gpg-connect-agent.
+ (line 59)
+* symmetric: Operational GPG Commands.
+ (line 39)
+* tar: gpg-zip. (line 56)
+* tar-args: gpg-zip. (line 59)
+* textmode: OpenPGP Options. (line 8)
+* throw-keyids: GPG Esoteric Options.
+ (line 240)
+* trust-mode:always: GPG Configuration Options.
+ (line 368)
+* trust-mode:auto: GPG Configuration Options.
+ (line 376)
+* trust-mode:classic: GPG Configuration Options.
+ (line 360)
+* trust-mode:direct: GPG Configuration Options.
+ (line 364)
+* trust-mode:pgp: GPG Configuration Options.
+ (line 355)
+* trust-model: GPG Configuration Options.
+ (line 352)
+* trustdb-name: GPG Configuration Options.
+ (line 216)
+* trusted-key: GPG Configuration Options.
+ (line 345)
+* try-all-secrets: GPG Key related Options.
+ (line 67)
+* ttyname: Agent Options. (line 257)
+* ttytype: Agent Options. (line 257)
+* ungroup: GPG Key related Options.
+ (line 56)
+* update-trustdb: Operational GPG Commands.
+ (line 247)
+* use-agent: GPG Configuration Options.
+ (line 605)
+* use-embedded-filename: GPG Esoteric Options.
+ (line 176)
+* use-standard-socket: Agent Options. (line 237)
+* utf8-strings: GPG Configuration Options.
+ (line 257)
+* v <1>: Scdaemon Options. (line 23)
+* v: Configuration Options.
+ (line 26)
+* validation-model: Certificate Options. (line 62)
+* verbose <1>: Invoking symcryptrun.
+ (line 30)
+* verbose <2>: Invoking gpg-connect-agent.
+ (line 14)
+* verbose <3>: Invoking gpg-preset-passphrase.
+ (line 31)
+* verbose <4>: gpgv. (line 26)
+* verbose <5>: watchgnupg. (line 29)
+* verbose <6>: Scdaemon Options. (line 23)
+* verbose <7>: Configuration Options.
+ (line 26)
+* verbose <8>: GPG Configuration Options.
+ (line 28)
+* verbose: Agent Options. (line 23)
+* verify <1>: Operational GPGSM Commands.
+ (line 20)
+* verify: Operational GPG Commands.
+ (line 60)
+* verify-files: Operational GPG Commands.
+ (line 81)
+* verify-options: GPG Configuration Options.
+ (line 118)
+* verify-options:pka-lookups: GPG Configuration Options.
+ (line 154)
+* verify-options:pka-trust-increase: GPG Configuration Options.
+ (line 161)
+* verify-options:show-keyserver-urls: GPG Configuration Options.
+ (line 137)
+* verify-options:show-notations: GPG Configuration Options.
+ (line 133)
+* verify-options:show-photos: GPG Configuration Options.
+ (line 123)
+* verify-options:show-policy-urls: GPG Configuration Options.
+ (line 127)
+* verify-options:show-primary-uid-only: GPG Configuration Options.
+ (line 149)
+* verify-options:show-std-notations: GPG Configuration Options.
+ (line 133)
+* verify-options:show-uid-validity: GPG Configuration Options.
+ (line 141)
+* verify-options:show-unusable-uids: GPG Configuration Options.
+ (line 145)
+* verify-options:show-user-notations: GPG Configuration Options.
+ (line 133)
+* version <1>: gpg-zip. (line 62)
+* version <2>: watchgnupg. (line 32)
+* version <3>: Scdaemon Commands. (line 10)
+* version <4>: General GPGSM Commands.
+ (line 7)
+* version <5>: General GPG Commands.
+ (line 7)
+* version: Agent Commands. (line 10)
+* warranty <1>: General GPGSM Commands.
+ (line 15)
+* warranty: General GPG Commands.
+ (line 16)
+* with-colons: GPG Input and Output.
+ (line 110)
+* with-ephemeral-keys: Esoteric Options. (line 24)
+* with-fingerprint: GPG Input and Output.
+ (line 124)
+* with-key-data <1>: Input and Output. (line 55)
+* with-key-data: GPG Esoteric Options.
+ (line 358)
+* with-validation: Input and Output. (line 61)
+* write-env-file: Agent Options. (line 124)
+* xauthority: Agent Options. (line 257)
+* yes: GPG Configuration Options.
+ (line 53)
+
+
+File: gnupg.info, Node: Index, Prev: Option Index, Up: Top
+
+Index
+*****
+
+
+* Menu:
+
+* com-certs.pem: GPGSM Configuration. (line 84)
+* command options <1>: Invoking SCDAEMON. (line 6)
+* command options <2>: Invoking GPGSM. (line 6)
+* command options <3>: Invoking GPG. (line 6)
+* command options: Invoking GPG-AGENT. (line 6)
+* contributors: Contributors. (line 6)
+* GPG command options: Invoking GPG. (line 6)
+* GPG-AGENT command options: Invoking GPG-AGENT. (line 6)
+* gpg-agent.conf: Agent Configuration. (line 11)
+* gpg.conf: GPG Configuration. (line 11)
+* gpgconf.conf: Files used by gpgconf.
+ (line 7)
+* GPGSM command options: Invoking GPGSM. (line 6)
+* gpgsm.conf: GPGSM Configuration. (line 11)
+* help.txt: GPGSM Configuration. (line 72)
+* options, GPG command: Invoking GPG. (line 6)
+* options, GPG-AGENT command: Invoking GPG-AGENT. (line 6)
+* options, GPGSM command: Invoking GPGSM. (line 6)
+* options, SCDAEMON command: Invoking SCDAEMON. (line 6)
+* policies.txt: GPGSM Configuration. (line 18)
+* pubring.kbx: GPGSM Configuration. (line 101)
+* qualified.txt: GPGSM Configuration. (line 33)
+* random_seed: GPGSM Configuration. (line 107)
+* relax: Agent Configuration. (line 63)
+* S.gpg-agent: GPGSM Configuration. (line 112)
+* scd-event: Scdaemon Configuration.
+ (line 18)
+* SCDAEMON command options: Invoking SCDAEMON. (line 6)
+* scdaemon.conf: Scdaemon Configuration.
+ (line 11)
+* SIGHUP: Agent Signals. (line 12)
+* SIGINT: Agent Signals. (line 28)
+* SIGTERM: Agent Signals. (line 23)
+* SIGUSR1: Agent Signals. (line 31)
+* SIGUSR2: Agent Signals. (line 34)
+* sshcontrol: Agent Configuration. (line 76)
+
+
diff --git a/doc/gnupg.texi b/doc/gnupg.texi
new file mode 100644
index 0000000..7bb54af
--- /dev/null
+++ b/doc/gnupg.texi
@@ -0,0 +1,222 @@
+\input texinfo @c -*-texinfo-*-
+@c %**start of header
+@setfilename gnupg.info
+@include version.texi
+@settitle Using the GNU Privacy Guard
+
+@c A couple of macros with no effect on texinfo
+@c but used by the yat2m processor.
+@macro manpage {a}
+@end macro
+@macro mansect {a}
+@end macro
+@macro manpause
+@end macro
+@macro mancont
+@end macro
+
+@c Create a separate index for command line options.
+@defcodeindex op
+@c Merge the standard indexes into a single one.
+@syncodeindex fn cp
+@syncodeindex vr cp
+@syncodeindex ky cp
+@syncodeindex pg cp
+@syncodeindex tp cp
+@c %**end of header
+@copying
+This is the @cite{The GNU Privacy Guard Manual} (version
+@value{VERSION}, @value{UPDATED-MONTH}).
+
+@iftex
+Published by the Free Software Foundation@*
+51 Franklin St, Fifth Floor@*
+Boston, MA 02110-1301 USA
+@end iftex
+
+Copyright @copyright{} 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.
+
+@quotation
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU General Public License as published by the
+Free Software Foundation; either version 3 of the License, or (at your
+option) any later version. The text of the license can be found in the
+section entitled ``Copying''.
+@end quotation
+@end copying
+
+
+@dircategory GNU Utilities
+@direntry
+* gpg2: (gnupg). OpenPGP encryption and signing tool.
+* gpgsm: (gnupg). S/MIME encryption and signing tool.
+* gpg-agent: (gnupg). The secret key daemon.
+@ifset gpgtwoone
+* dirmngr: (gnupg). X.509 CRL and OCSP server.
+* dirmngr-client: (gnupg). X.509 CRL and OCSP client.
+@end ifset
+@end direntry
+
+
+@c
+@c Printing stuff taken from gcc.
+@c
+@macro gnupgtabopt{body}
+@code{\body\}
+@end macro
+@macro gnupgoptlist{body}
+@smallexample
+\body\
+@end smallexample
+@end macro
+@c Makeinfo handles the above macro OK, TeX needs manual line breaks;
+@c they get lost at some point in handling the macro. But if @macro is
+@c used here rather than @alias, it produces double line breaks.
+@iftex
+@alias gol = *
+@end iftex
+@ifnottex
+@macro gol
+@end macro
+@end ifnottex
+
+
+@c
+@c Titlepage
+@c
+@setchapternewpage odd
+@titlepage
+@title Using the GNU Privacy Guard
+@subtitle Version @value{VERSION}
+@subtitle @value{UPDATED-MONTH}
+
+@sp 3
+
+@image{gnupg-logo,16cm,,The GnuPG Logo}
+
+@sp 3
+
+@author Werner Koch (@email{wk@@gnupg.org})
+
+@page
+@vskip 0pt plus 1filll
+@insertcopying
+@end titlepage
+
+@ifnothtml
+@summarycontents
+@contents
+@page
+@end ifnothtml
+
+@ifhtml
+@center @image{gnupg-logo,6cm,,The GnuPG Logo}
+@end ifhtml
+
+@ifnottex
+@node Top
+@top
+@insertcopying
+
+This manual documents how to use the GNU Privacy Guard system as well as
+the administration and the architecture.
+@end ifnottex
+
+@menu
+* Installation:: A short installation guide.
+
+* Invoking GPG-AGENT:: How to launch the secret key daemon.
+@ifset gpgtwoone
+* Invoking DIRMNGR:: How to launch the CRL and OCSP daemon.
+@end ifset
+* Invoking GPG:: Using the OpenPGP protocol.
+* Invoking GPGSM:: Using the S/MIME protocol.
+* Invoking SCDAEMON:: How to handle Smartcards.
+* Specify a User ID:: How to Specify a User Id.
+
+* Helper Tools:: Description of small helper tools
+
+* Howtos:: How to do certain things.
+* System Notes:: Notes pertaining to certain OSes.
+* Debugging:: How to solve problems
+
+* Copying:: GNU General Public License says
+ how you can copy and share GnuPG
+* Contributors:: People who have contributed to GnuPG.
+
+* Glossary:: Short description of terms used.
+* Option Index:: Index to command line options.
+* Index:: Index of concepts and symbol names.
+@end menu
+
+
+@ifhtml
+@page
+@summarycontents
+@contents
+@end ifhtml
+
+
+@include instguide.texi
+
+@include gpg-agent.texi
+@ifset gpgtwoone
+@include dirmngr.texi
+@end ifset
+@include gpg.texi
+@include gpgsm.texi
+@include scdaemon.texi
+
+@node Specify a User ID
+@chapter How to Specify a User Id
+@anchor{how-to-specify-a-user-id}
+@include specify-user-id.texi
+
+
+@include tools.texi
+
+@include howtos.texi
+
+@include sysnotes.texi
+
+@include debugging.texi
+
+@include gpl.texi
+
+@include contrib.texi
+
+@c ---------------------------------------------------------------------
+@c Indexes
+@c ---------------------------------------------------------------------
+
+@include glossary.texi
+
+@node Option Index
+@unnumbered Option Index
+
+@printindex op
+
+@node Index
+@unnumbered Index
+
+@printindex cp
+
+@c ---------------------------------------------------------------------
+@c Epilogue
+@c ---------------------------------------------------------------------
+
+@c @node History
+@c @unnumbered History
+@c
+@c Here are the notices from the old dirmngr manual:
+@c
+@c @itemize
+@c @item Using DirMngr, 2002, Steffen Hansen, Klar"alvdalens Datakonsult AB.
+@c @item Using DirMngr, 2004, 2005, 2006, 2008 Werner Koch, g10 Code GmbH.
+@c @end itemize
+@c
+
+
+@bye
+
+
diff --git a/doc/gnupg7.texi b/doc/gnupg7.texi
new file mode 100644
index 0000000..c48dca9
--- /dev/null
+++ b/doc/gnupg7.texi
@@ -0,0 +1,31 @@
+@c @c -*-texinfo-*-
+@c This is only used to create a man page, thus we don't need to care
+@c about actual texinfo stuff.
+
+@manpage gnupg.7
+@ifset manverb
+.B GnuPG
+\- The GNU Privacy Guard suite of programs
+@end ifset
+@mansect description
+@ifset isman
+GnuPG is a set of programs for public key encryption and digital
+signatures. The program most users will want to use is the OpenPGP
+command line tool, named @command{gpg2}. @command{gpgv}is a stripped
+down version of @command{gpg2} with no encryption functionality, used
+only to verify signatures against a trusted keyring. @command{gpgsm} is
+the X.509/CMS (for S/MIME) counterpart of
+@command{gpg2}. @command{gpg-agent} is a passphrase and private key
+daemon which may also emulate the @command{ssh-agent}.
+@mansect see also
+@command{gpg}(1),
+@command{gpg2}(1),
+@command{gpgv}(1),
+@command{gpgsm}(1),
+@command{gpg-agent}(1),
+@command{dirmngr}(8),
+@command{scdaemon}(1)
+@include see-also-note.texi
+@end ifset
+
+@bye
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
new file mode 100644
index 0000000..4c7f13f
--- /dev/null
+++ b/doc/gpg-agent.texi
@@ -0,0 +1,1386 @@
+@c Copyright (C) 2002 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@c Note that we use this texinfo file for all versions of GnuPG:
+@c 2.0 and 2.1. The macro "gpgtwoone" controls parts which are only
+@c valid for GnuPG 2.1 and later.
+
+
+@node Invoking GPG-AGENT
+@chapter Invoking GPG-AGENT
+@cindex GPG-AGENT command options
+@cindex command options
+@cindex options, GPG-AGENT command
+
+@manpage gpg-agent.1
+@ifset manverb
+.B gpg-agent
+\- Secret key management for GnuPG
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpg-agent
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.br
+.B gpg-agent
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.B \-\-server
+.br
+.B gpg-agent
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.B \-\-daemon
+.RI [ command_line ]
+@end ifset
+
+@mansect description
+@command{gpg-agent} is a daemon to manage secret (private) keys
+independently from any protocol. It is used as a backend for
+@command{gpg} and @command{gpgsm} as well as for a couple of other
+utilities.
+
+@ifset gpgtwoone
+The agent is usualy started on demand by @command{gpg}, @command{gpgsm},
+@command{gpgconf} or @command{gpg-connect-agent}. Thus there is no
+reason to start it manually. In case you want to use the included
+Secure Shell Agent you may start the agent using:
+
+@example
+gpg-connect-agent /bye
+@end example
+@end ifset
+
+@ifclear gpgtwoone
+@noindent
+The usual way to run the agent is from the @code{~/.xsession} file:
+
+@example
+eval $(gpg-agent --daemon)
+@end example
+@noindent
+If you don't use an X server, you can also put this into your regular
+startup file @code{~/.profile} or @code{.bash_profile}. It is best not
+to run multiple instance of the @command{gpg-agent}, so you should make
+sure that only one is running: @command{gpg-agent} uses an environment
+variable to inform clients about the communication parameters. You can
+write the content of this environment variable to a file so that you can
+test for a running agent. Here is an example using Bourne shell syntax:
+
+@smallexample
+gpg-agent --daemon --enable-ssh-support \
+ --write-env-file "$@{HOME@}/.gpg-agent-info"
+@end smallexample
+
+This code should only be run once per user session to initially fire up
+the agent. In the example the optional support for the included Secure
+Shell agent is enabled and the information about the agent is written to
+a file in the HOME directory. Note that by running gpg-agent without
+arguments you may test whether an agent is already running; however such
+a test may lead to a race condition, thus it is not suggested.
+
+@noindent
+The second script needs to be run for each interactive session:
+
+@smallexample
+if [ -f "$@{HOME@}/.gpg-agent-info" ]; then
+ . "$@{HOME@}/.gpg-agent-info"
+ export GPG_AGENT_INFO
+ export SSH_AUTH_SOCK
+fi
+@end smallexample
+
+@noindent
+It reads the data out of the file and exports the variables. If you
+don't use Secure Shell, you don't need the last two export statements.
+@end ifclear
+
+@noindent
+You should always add the following lines to your @code{.bashrc} or
+whatever initialization file is used for all shell invocations:
+
+@smallexample
+GPG_TTY=$(tty)
+export GPG_TTY
+@end smallexample
+
+@noindent
+It is important that this environment variable always reflects the
+output of the @code{tty} command. For W32 systems this option is not
+required.
+
+Please make sure that a proper pinentry program has been installed
+under the default filename (which is system dependant) or use the
+option @option{pinentry-program} to specify the full name of that program.
+It is often useful to install a symbolic link from the actual used
+pinentry (e.g. @file{/usr/bin/pinentry-gtk}) to the expected
+one (e.g. @file{/usr/bin/pinentry}).
+
+@manpause
+@noindent
+@xref{Option Index},for an index to @command{GPG-AGENT}'s commands and options.
+@mancont
+
+@menu
+* Agent Commands:: List of all commands.
+* Agent Options:: List of all options.
+* Agent Configuration:: Configuration files.
+* Agent Signals:: Use of some signals.
+* Agent Examples:: Some usage examples.
+* Agent Protocol:: The protocol the agent uses.
+@end menu
+
+@mansect commands
+@node Agent Commands
+@section Commands
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+@table @gnupgtabopt
+@item --version
+@opindex version
+Print the program version and licensing information. Note that you cannot
+abbreviate this command.
+
+@item --help
+@itemx -h
+@opindex help
+Print a usage message summarizing the most useful command-line options.
+Note that you cannot abbreviate this command.
+
+@item --dump-options
+@opindex dump-options
+Print a list of all available options and commands. Note that you cannot
+abbreviate this command.
+
+@item --server
+@opindex server
+Run in server mode and wait for commands on the @code{stdin}. The
+default mode is to create a socket and listen for commands there.
+
+@item --daemon [@var{command line}]
+@opindex daemon
+Start the gpg-agent as a daemon; that is, detach it from the console
+and run it in the background. Because @command{gpg-agent} prints out
+important information required for further use, a common way of
+invoking gpg-agent is: @code{eval $(gpg-agent --daemon)} to setup the
+environment variables. The option @option{--write-env-file} is
+another way commonly used to do this. Yet another way is creating
+a new process as a child of gpg-agent: @code{gpg-agent --daemon
+/bin/sh}. This way you get a new shell with the environment setup
+properly; if you exit from this shell, gpg-agent terminates as well.
+@end table
+
+@mansect options
+@node Agent Options
+@section Option Summary
+
+@table @gnupgtabopt
+
+@anchor{option --options}
+@item --options @var{file}
+@opindex options
+Reads configuration from @var{file} instead of from the default
+per-user configuration file. The default configuration file is named
+@file{gpg-agent.conf} and expected in the @file{.gnupg} directory directly
+below the home directory of the user.
+
+@anchor{option --homedir}
+@include opt-homedir.texi
+
+
+@item -v
+@item --verbose
+@opindex verbose
+Outputs additional information while running.
+You can increase the verbosity by giving several
+verbose commands to @command{gpgsm}, such as @samp{-vv}.
+
+@item -q
+@item --quiet
+@opindex quiet
+Try to be as quiet as possible.
+
+@item --batch
+@opindex batch
+Don't invoke a pinentry or do any other thing requiring human interaction.
+
+@item --faked-system-time @var{epoch}
+@opindex faked-system-time
+This option is only useful for testing; it sets the system time back or
+forth to @var{epoch} which is the number of seconds elapsed since the year
+1970.
+
+@item --debug-level @var{level}
+@opindex debug-level
+Select the debug level for investigating problems. @var{level} may be
+a numeric value or a keyword:
+
+@table @code
+@item none
+No debugging at all. A value of less than 1 may be used instead of
+the keyword.
+@item basic
+Some basic debug messages. A value between 1 and 2 may be used
+instead of the keyword.
+@item advanced
+More verbose debug messages. A value between 3 and 5 may be used
+instead of the keyword.
+@item expert
+Even more detailed messages. A value between 6 and 8 may be used
+instead of the keyword.
+@item guru
+All of the debug messages you can get. A value greater than 8 may be
+used instead of the keyword. The creation of hash tracing files is
+only enabled if the keyword is used.
+@end table
+
+How these messages are mapped to the actual debugging flags is not
+specified and may change with newer releases of this program. They are
+however carefully selected to best aid in debugging.
+
+@item --debug @var{flags}
+@opindex debug
+This option is only useful for debugging and the behaviour may change at
+any time without notice. FLAGS are bit encoded and may be given in
+usual C-Syntax. The currently defined bits are:
+
+@table @code
+@item 0 (1)
+X.509 or OpenPGP protocol related data
+@item 1 (2)
+values of big number integers
+@item 2 (4)
+low level crypto operations
+@item 5 (32)
+memory allocation
+@item 6 (64)
+caching
+@item 7 (128)
+show memory statistics.
+@item 9 (512)
+write hashed data to files named @code{dbgmd-000*}
+@item 10 (1024)
+trace Assuan protocol
+@item 12 (4096)
+bypass all certificate validation
+@end table
+
+@item --debug-all
+@opindex debug-all
+Same as @code{--debug=0xffffffff}
+
+@item --debug-wait @var{n}
+@opindex debug-wait
+When running in server mode, wait @var{n} seconds before entering the
+actual processing loop and print the pid. This gives time to attach a
+debugger.
+
+@item --no-detach
+@opindex no-detach
+Don't detach the process from the console. This is mainly useful for
+debugging.
+
+@item -s
+@itemx --sh
+@itemx -c
+@itemx --csh
+@opindex sh
+@opindex csh
+Format the info output in daemon mode for use with the standard Bourne
+shell or the C-shell respectively. The default is to guess it based on
+the environment variable @code{SHELL} which is correct in almost all
+cases.
+
+@item --write-env-file @var{file}
+@opindex write-env-file
+Often it is required to connect to the agent from a process not being an
+inferior of @command{gpg-agent} and thus the environment variable with
+the socket name is not available. To help setting up those variables in
+other sessions, this option may be used to write the information into
+@var{file}. If @var{file} is not specified the default name
+@file{$@{HOME@}/.gpg-agent-info} will be used. The format is suitable
+to be evaluated by a Bourne shell like in this simple example:
+
+@example
+eval $(cat @var{file})
+eval $(cut -d= -f 1 < @var{file} | xargs echo export)
+@end example
+
+
+
+@item --no-grab
+@opindex no-grab
+Tell the pinentry not to grab the keyboard and mouse. This option
+should in general not be used to avoid X-sniffing attacks.
+
+@anchor{option --log-file}
+@item --log-file @var{file}
+@opindex log-file
+Append all logging output to @var{file}. This is very helpful in seeing
+what the agent actually does. If neither a log file nor a log file
+descriptor has been set on a Windows platform, the Registry entry
+@code{HKCU\Software\GNU\GnuPG:DefaultLogFile}, if set, is used to specify
+the logging output.
+
+
+@anchor{option --allow-mark-trusted}
+@item --allow-mark-trusted
+@opindex allow-mark-trusted
+Allow clients to mark keys as trusted, i.e. put them into the
+@file{trustlist.txt} file. This is by default not allowed to make it
+harder for users to inadvertently accept Root-CA keys.
+
+@ifset gpgtwoone
+@anchor{option --allow-loopback-pinentry}
+@item --allow-loopback-pinentry
+@opindex allow-loopback-pinentry
+Allow clients to use the loopback pinentry features; see the option
+@option{pinentry-mode} for details.
+@end ifset
+
+@item --ignore-cache-for-signing
+@opindex ignore-cache-for-signing
+This option will let @command{gpg-agent} bypass the passphrase cache for all
+signing operation. Note that there is also a per-session option to
+control this behaviour but this command line option takes precedence.
+
+@item --default-cache-ttl @var{n}
+@opindex default-cache-ttl
+Set the time a cache entry is valid to @var{n} seconds. The default is
+600 seconds.
+
+@item --default-cache-ttl-ssh @var{n}
+@opindex default-cache-ttl
+Set the time a cache entry used for SSH keys is valid to @var{n}
+seconds. The default is 1800 seconds.
+
+@item --max-cache-ttl @var{n}
+@opindex max-cache-ttl
+Set the maximum time a cache entry is valid to @var{n} seconds. After
+this time a cache entry will be expired even if it has been accessed
+recently. The default is 2 hours (7200 seconds).
+
+@item --max-cache-ttl-ssh @var{n}
+@opindex max-cache-ttl-ssh
+Set the maximum time a cache entry used for SSH keys is valid to @var{n}
+seconds. After this time a cache entry will be expired even if it has
+been accessed recently. The default is 2 hours (7200 seconds).
+
+@item --enforce-passphrase-constraints
+@opindex enforce-passphrase-constraints
+Enforce the passphrase constraints by not allowing the user to bypass
+them using the ``Take it anyway'' button.
+
+@item --min-passphrase-len @var{n}
+@opindex min-passphrase-len
+Set the minimal length of a passphrase. When entering a new passphrase
+shorter than this value a warning will be displayed. Defaults to 8.
+
+@item --min-passphrase-nonalpha @var{n}
+@opindex min-passphrase-nonalpha
+Set the minimal number of digits or special characters required in a
+passphrase. When entering a new passphrase with less than this number
+of digits or special characters a warning will be displayed. Defaults
+to 1.
+
+@item --check-passphrase-pattern @var{file}
+@opindex check-passphrase-pattern
+Check the passphrase against the pattern given in @var{file}. When
+entering a new passphrase matching one of these pattern a warning will
+be displayed. @var{file} should be an absolute filename. The default is
+not to use any pattern file.
+
+Security note: It is known that checking a passphrase against a list of
+pattern or even against a complete dictionary is not very effective to
+enforce good passphrases. Users will soon figure up ways to bypass such
+a policy. A better policy is to educate users on good security
+behavior and optionally to run a passphrase cracker regularly on all
+users passphrases to catch the very simple ones.
+
+@item --max-passphrase-days @var{n}
+@opindex max-passphrase-days
+Ask the user to change the passphrase if @var{n} days have passed since
+the last change. With @option{--enforce-passphrase-constraints} set the
+user may not bypass this check.
+
+@item --enable-passphrase-history
+@opindex enable-passphrase-history
+This option does nothing yet.
+
+@item --pinentry-program @var{filename}
+@opindex pinentry-program
+Use program @var{filename} as the PIN entry. The default is installation
+dependent.
+
+@item --pinentry-touch-file @var{filename}
+@opindex pinentry-touch-file
+By default the filename of the socket gpg-agent is listening for
+requests is passed to Pinentry, so that it can touch that file before
+exiting (it does this only in curses mode). This option changes the
+file passed to Pinentry to @var{filename}. The special name
+@code{/dev/null} may be used to completely disable this feature. Note
+that Pinentry will not create that file, it will only change the
+modification and access time.
+
+
+@item --scdaemon-program @var{filename}
+@opindex scdaemon-program
+Use program @var{filename} as the Smartcard daemon. The default is
+installation dependent and can be shown with the @command{gpgconf}
+command.
+
+@item --disable-scdaemon
+@opindex disable-scdaemon
+Do not make use of the scdaemon tool. This option has the effect of
+disabling the ability to do smartcard operations. Note, that enabling
+this option at runtime does not kill an already forked scdaemon.
+
+@item --use-standard-socket
+@itemx --no-use-standard-socket
+@opindex use-standard-socket
+@opindex no-use-standard-socket
+By enabling this option @command{gpg-agent} will listen on the socket
+named @file{S.gpg-agent}, located in the home directory, and not create
+a random socket below a temporary directory. Tools connecting to
+@command{gpg-agent} should first try to connect to the socket given in
+environment variable @var{GPG_AGENT_INFO} and then fall back to this
+socket. This option may not be used if the home directory is mounted on
+a remote file system which does not support special files like fifos or
+sockets.
+@ifset gpgtwoone
+Note, that @option{--use-standard-socket} is the default on all
+systems since GnuPG 2.1.
+@end ifset
+@ifclear gpgtwoone
+Note, that @option{--use-standard-socket} is the default on
+Windows systems.
+@end ifclear
+The default may be changed at build time. It is
+possible to test at runtime whether the agent has been configured for
+use with the standard socket by issuing the command @command{gpg-agent
+--use-standard-socket-p} which returns success if the standard socket
+option has been enabled.
+
+@item --display @var{string}
+@itemx --ttyname @var{string}
+@itemx --ttytype @var{string}
+@itemx --lc-ctype @var{string}
+@itemx --lc-messages @var{string}
+@itemx --xauthority @var{string}
+@opindex display
+@opindex ttyname
+@opindex ttytype
+@opindex lc-ctype
+@opindex lc-messages
+@opindex xauthority
+These options are used with the server mode to pass localization
+information.
+
+@item --keep-tty
+@itemx --keep-display
+@opindex keep-tty
+@opindex keep-display
+Ignore requests to change the current @code{tty} or X window system's
+@code{DISPLAY} variable respectively. This is useful to lock the
+pinentry to pop up at the @code{tty} or display you started the agent.
+
+@anchor{option --enable-ssh-support}
+@item --enable-ssh-support
+@opindex enable-ssh-support
+
+Enable the OpenSSH Agent protocol.
+
+In this mode of operation, the agent does not only implement the
+gpg-agent protocol, but also the agent protocol used by OpenSSH
+(through a separate socket). Consequently, it should be possible to use
+the gpg-agent as a drop-in replacement for the well known ssh-agent.
+
+SSH Keys, which are to be used through the agent, need to be added to
+the gpg-agent initially through the ssh-add utility. When a key is
+added, ssh-add will ask for the password of the provided key file and
+send the unprotected key material to the agent; this causes the
+gpg-agent to ask for a passphrase, which is to be used for encrypting
+the newly received key and storing it in a gpg-agent specific
+directory.
+
+Once a key has been added to the gpg-agent this way, the gpg-agent
+will be ready to use the key.
+
+Note: in case the gpg-agent receives a signature request, the user might
+need to be prompted for a passphrase, which is necessary for decrypting
+the stored key. Since the ssh-agent protocol does not contain a
+mechanism for telling the agent on which display/terminal it is running,
+gpg-agent's ssh-support will use the TTY or X display where gpg-agent
+has been started. To switch this display to the current one, the
+following command may be used:
+
+@smallexample
+gpg-connect-agent updatestartuptty /bye
+@end smallexample
+
+Although all GnuPG components try to start the gpg-agent as needed, this
+is not possible for the ssh support because ssh does not know about it.
+Thus if no GnuPG tool which accesses the agent has been run, there is no
+guarantee that ssh is abale to use gpg-agent for authentication. To fix
+this you may start gpg-agent if needed using this simple command:
+
+@smallexample
+gpg-connect-agent /bye
+@end smallexample
+
+Adding the @option{--verbose} shows the progress of starting the agent.
+
+@end table
+
+All the long options may also be given in the configuration file after
+stripping off the two leading dashes.
+
+
+@mansect files
+@node Agent Configuration
+@section Configuration
+
+There are a few configuration files needed for the operation of the
+agent. By default they may all be found in the current home directory
+(@pxref{option --homedir}).
+
+@table @file
+
+@item gpg-agent.conf
+@cindex gpg-agent.conf
+ This is the standard configuration file read by @command{gpg-agent} on
+ startup. It may contain any valid long option; the leading
+ two dashes may not be entered and the option may not be abbreviated.
+ This file is also read after a @code{SIGHUP} however only a few
+ options will actually have an effect. This default name may be
+ changed on the command line (@pxref{option --options}).
+ You should backup this file.
+
+@item trustlist.txt
+ This is the list of trusted keys. You should backup this file.
+
+ Comment lines, indicated by a leading hash mark, as well as empty
+ lines are ignored. To mark a key as trusted you need to enter its
+ fingerprint followed by a space and a capital letter @code{S}. Colons
+ may optionally be used to separate the bytes of a fingerprint; this
+ allows to cut and paste the fingerprint from a key listing output. If
+ the line is prefixed with a @code{!} the key is explicitly marked as
+ not trusted.
+
+ Here is an example where two keys are marked as ultimately trusted
+ and one as not trusted:
+
+ @example
+ # CN=Wurzel ZS 3,O=Intevation GmbH,C=DE
+ A6935DD34EF3087973C706FC311AA2CCF733765B S
+
+ # CN=PCA-1-Verwaltung-02/O=PKI-1-Verwaltung/C=DE
+ DC:BD:69:25:48:BD:BB:7E:31:6E:BB:80:D3:00:80:35:D4:F8:A6:CD S
+
+ # CN=Root-CA/O=Schlapphuete/L=Pullach/C=DE
+ !14:56:98:D3:FE:9C:CA:5A:31:6E:BC:81:D3:11:4E:00:90:A3:44:C2 S
+ @end example
+
+Before entering a key into this file, you need to ensure its
+authenticity. How to do this depends on your organisation; your
+administrator might have already entered those keys which are deemed
+trustworthy enough into this file. Places where to look for the
+fingerprint of a root certificate are letters received from the CA or
+the website of the CA (after making 100% sure that this is indeed the
+website of that CA). You may want to consider allowing interactive
+updates of this file by using the @xref{option --allow-mark-trusted}.
+This is however not as secure as maintaining this file manually. It is
+even advisable to change the permissions to read-only so that this file
+can't be changed inadvertently.
+
+As a special feature a line @code{include-default} will include a global
+list of trusted certificates (e.g. @file{/etc/gnupg/trustlist.txt}).
+This global list is also used if the local list is not available.
+
+It is possible to add further flags after the @code{S} for use by the
+caller:
+
+@table @code
+
+@item relax
+@cindex relax
+Relax checking of some root certificate requirements. As of now this
+flag allows the use of root certificates with a missing basicConstraints
+attribute (despite that it is a MUST for CA certificates) and disables
+CRL checking for the root certificate.
+
+@item cm
+If validation of a certificate finally issued by a CA with this flag set
+fails, try again using the chain validation model.
+
+@end table
+
+
+@item sshcontrol
+@cindex sshcontrol
+This file is used when support for the secure shell agent protocol has
+been enabled (@pxref{option --enable-ssh-support}). Only keys present in
+this file are used in the SSH protocol. You should backup this file.
+
+The @command{ssh-add} tool may be used to add new entries to this file;
+you may also add them manually. Comment lines, indicated by a leading
+hash mark, as well as empty lines are ignored. An entry starts with
+optional whitespace, followed by the keygrip of the key given as 40 hex
+digits, optionally followed by the caching TTL in seconds and another
+optional field for arbitrary flags. A non-zero TTL overrides the global
+default as set by @option{--default-cache-ttl-ssh}.
+
+The only flag support is @code{confirm}. If this flag is found for a
+key, each use of the key will pop up a pinentry to confirm the use of
+that key. The flag is automatically set if a new key was loaded into
+@code{gpg-agent} using the option @option{-c} of the @code{ssh-add}
+command.
+
+The keygrip may be prefixed with a @code{!} to disable an entry entry.
+
+The following example lists exactly one key. Note that keys available
+through a OpenPGP smartcard in the active smartcard reader are
+implicitly added to this list; i.e. there is no need to list them.
+
+ @example
+ # Key added on: 2011-07-20 20:38:46
+ # Fingerprint: 5e:8d:c4:ad:e7:af:6e:27:8a:d6:13:e4:79:ad:0b:81
+ 34B62F25E277CF13D3C6BCEBFD3F85D08F0A864B 0 confirm
+ @end example
+
+@item private-keys-v1.d/
+
+ This is the directory where gpg-agent stores the private keys. Each
+ key is stored in a file with the name made up of the keygrip and the
+ suffix @file{key}. You should backup all files in this directory
+ and take great care to keep this backup closed away.
+
+
+@end table
+
+Note that on larger installations, it is useful to put predefined
+files into the directory @file{/etc/skel/.gnupg/} so that newly created
+users start up with a working configuration. For existing users the
+a small helper script is provided to create these files (@pxref{addgnupghome}).
+
+
+
+@c
+@c Agent Signals
+@c
+@mansect signals
+@node Agent Signals
+@section Use of some signals.
+A running @command{gpg-agent} may be controlled by signals, i.e. using
+the @command{kill} command to send a signal to the process.
+
+Here is a list of supported signals:
+
+@table @gnupgtabopt
+
+@item SIGHUP
+@cpindex SIGHUP
+This signal flushes all cached passphrases and if the program has been
+started with a configuration file, the configuration file is read again.
+Only certain options are honored: @code{quiet}, @code{verbose},
+@code{debug}, @code{debug-all}, @code{debug-level}, @code{no-grab},
+@code{pinentry-program}, @code{default-cache-ttl}, @code{max-cache-ttl},
+@code{ignore-cache-for-signing}, @code{allow-mark-trusted} and
+@code{disable-scdaemon}. @code{scdaemon-program} is also supported but
+due to the current implementation, which calls the scdaemon only once,
+it is not of much use unless you manually kill the scdaemon.
+
+
+@item SIGTERM
+@cpindex SIGTERM
+Shuts down the process but waits until all current requests are
+fulfilled. If the process has received 3 of these signals and requests
+are still pending, a shutdown is forced.
+
+@item SIGINT
+@cpindex SIGINT
+Shuts down the process immediately.
+
+@item SIGUSR1
+@cpindex SIGUSR1
+Dump internal information to the log file.
+
+@item SIGUSR2
+@cpindex SIGUSR2
+This signal is used for internal purposes.
+
+@end table
+
+@c
+@c Examples
+@c
+@mansect examples
+@node Agent Examples
+@section Examples
+
+The usual way to invoke @command{gpg-agent} is
+
+@example
+$ eval $(gpg-agent --daemon)
+@end example
+
+An alternative way is by replacing @command{ssh-agent} with
+@command{gpg-agent}. If for example @command{ssh-agent} is started as
+part of the Xsession initialization, you may simply replace
+@command{ssh-agent} by a script like:
+
+@cartouche
+@example
+#!/bin/sh
+
+exec /usr/local/bin/gpg-agent --enable-ssh-support --daemon \
+ --write-env-file $@{HOME@}/.gpg-agent-info "$@@"
+@end example
+@end cartouche
+
+@noindent
+and add something like (for Bourne shells)
+
+@cartouche
+@example
+ if [ -f "$@{HOME@}/.gpg-agent-info" ]; then
+ . "$@{HOME@}/.gpg-agent-info"
+ export GPG_AGENT_INFO
+ export SSH_AUTH_SOCK
+ fi
+@end example
+@end cartouche
+
+@noindent
+to your shell initialization file (e.g. @file{~/.bashrc}).
+
+@c
+@c Assuan Protocol
+@c
+@manpause
+@node Agent Protocol
+@section Agent's Assuan Protocol
+
+Note: this section does only document the protocol, which is used by
+GnuPG components; it does not deal with the ssh-agent protocol.
+
+The @command{gpg-agent} should be started by the login shell and set an
+environment variable to tell clients about the socket to be used.
+Clients should deny to access an agent with a socket name which does
+not match its own configuration. An application may choose to start
+an instance of the gpgagent if it does not figure that any has been
+started; it should not do this if a gpgagent is running but not
+usable. Because @command{gpg-agent} can only be used in background mode, no
+special command line option is required to activate the use of the
+protocol.
+
+To identify a key we use a thing called keygrip which is the SHA-1 hash
+of an canonical encoded S-Expression of the public key as used in
+Libgcrypt. For the purpose of this interface the keygrip is given as a
+hex string. The advantage of using this and not the hash of a
+certificate is that it will be possible to use the same keypair for
+different protocols, thereby saving space on the token used to keep the
+secret keys.
+
+@menu
+* Agent PKDECRYPT:: Decrypting a session key
+* Agent PKSIGN:: Signing a Hash
+* Agent GENKEY:: Generating a Key
+* Agent IMPORT:: Importing a Secret Key
+* Agent EXPORT:: Exporting a Secret Key
+* Agent ISTRUSTED:: Importing a Root Certificate
+* Agent GET_PASSPHRASE:: Ask for a passphrase
+* Agent GET_CONFIRMATION:: Ask for confirmation
+* Agent HAVEKEY:: Check whether a key is available
+* Agent LEARN:: Register a smartcard
+* Agent PASSWD:: Change a Passphrase
+* Agent UPDATESTARTUPTTY:: Change the Standard Display
+* Agent GETEVENTCOUNTER:: Get the Event Counters
+* Agent GETINFO:: Return information about the process
+* Agent OPTION:: Set options for the session
+@end menu
+
+@node Agent PKDECRYPT
+@subsection Decrypting a session key
+
+The client asks the server to decrypt a session key. The encrypted
+session key should have all information needed to select the
+appropriate secret key or to delegate it to a smartcard.
+
+@example
+ SETKEY <keyGrip>
+@end example
+
+Tell the server about the key to be used for decryption. If this is
+not used, @command{gpg-agent} may try to figure out the key by trying to
+decrypt the message with each key available.
+
+@example
+ PKDECRYPT
+@end example
+
+The agent checks whether this command is allowed and then does an
+INQUIRY to get the ciphertext the client should then send the cipher
+text.
+
+@example
+ S: INQUIRE CIPHERTEXT
+ C: D (xxxxxx
+ C: D xxxx)
+ C: END
+@end example
+
+Please note that the server may send status info lines while reading the
+data lines from the client. The data send is a SPKI like S-Exp with
+this structure:
+
+@example
+ (enc-val
+ (<algo>
+ (<param_name1> <mpi>)
+ ...
+ (<param_namen> <mpi>)))
+@end example
+
+Where algo is a string with the name of the algorithm; see the libgcrypt
+documentation for a list of valid algorithms. The number and names of
+the parameters depend on the algorithm. The agent does return an error
+if there is an inconsistency.
+
+If the decryption was successful the decrypted data is returned by
+means of "D" lines.
+
+Here is an example session:
+
+@example
+ C: PKDECRYPT
+ S: INQUIRE CIPHERTEXT
+ C: D (enc-val elg (a 349324324)
+ C: D (b 3F444677CA)))
+ C: END
+ S: # session key follows
+ S: D (value 1234567890ABCDEF0)
+ S: OK descryption successful
+@end example
+
+
+@node Agent PKSIGN
+@subsection Signing a Hash
+
+The client ask the agent to sign a given hash value. A default key
+will be chosen if no key has been set. To set a key a client first
+uses:
+
+@example
+ SIGKEY <keyGrip>
+@end example
+
+This can be used multiple times to create multiple signature, the list
+of keys is reset with the next PKSIGN command or a RESET. The server
+test whether the key is a valid key to sign something and responds with
+okay.
+
+@example
+ SETHASH --hash=<name>|<algo> <hexstring>
+@end example
+
+The client can use this command to tell the server about the data <hexstring>
+(which usually is a hash) to be signed. <algo> is the decimal encoded hash
+algorithm number as used by Libgcrypt. Either <algo> or --hash=<name>
+must be given. Valid names for <name> are:
+
+@table @code
+@item sha1
+@item sha256
+@item rmd160
+@item md5
+@item tls-md5sha1
+@end table
+
+@noindent
+The actual signing is done using
+
+@example
+ PKSIGN <options>
+@end example
+
+Options are not yet defined, but my later be used to choose among
+different algorithms. The agent does then some checks, asks for the
+passphrase and as a result the server returns the signature as an SPKI
+like S-expression in "D" lines:
+
+@example
+ (sig-val
+ (<algo>
+ (<param_name1> <mpi>)
+ ...
+ (<param_namen> <mpi>)))
+@end example
+
+
+The operation is affected by the option
+
+@example
+ OPTION use-cache-for-signing=0|1
+@end example
+
+The default of @code{1} uses the cache. Setting this option to @code{0}
+will lead @command{gpg-agent} to ignore the passphrase cache. Note, that there is
+also a global command line option for @command{gpg-agent} to globally disable the
+caching.
+
+
+Here is an example session:
+
+@example
+ C: SIGKEY <keyGrip>
+ S: OK key available
+ C: SIGKEY <keyGrip>
+ S: OK key available
+ C: PKSIGN
+ S: # I did ask the user whether he really wants to sign
+ S: # I did ask the user for the passphrase
+ S: INQUIRE HASHVAL
+ C: D ABCDEF012345678901234
+ C: END
+ S: # signature follows
+ S: D (sig-val rsa (s 45435453654612121212))
+ S: OK
+@end example
+
+
+@node Agent GENKEY
+@subsection Generating a Key
+
+This is used to create a new keypair and store the secret key inside the
+active PSE --- which is in most cases a Soft-PSE. An not yet defined
+option allows to choose the storage location. To get the secret key out
+of the PSE, a special export tool has to be used.
+
+@example
+ GENKEY
+@end example
+
+Invokes the key generation process and the server will then inquire
+on the generation parameters, like:
+
+@example
+ S: INQUIRE KEYPARM
+ C: D (genkey (rsa (nbits 1024)))
+ C: END
+@end example
+
+The format of the key parameters which depends on the algorithm is of
+the form:
+
+@example
+ (genkey
+ (algo
+ (parameter_name_1 ....)
+ ....
+ (parameter_name_n ....)))
+@end example
+
+If everything succeeds, the server returns the *public key* in a SPKI
+like S-Expression like this:
+
+@example
+ (public-key
+ (rsa
+ (n <mpi>)
+ (e <mpi>)))
+@end example
+
+Here is an example session:
+
+@example
+ C: GENKEY
+ S: INQUIRE KEYPARM
+ C: D (genkey (rsa (nbits 1024)))
+ C: END
+ S: D (public-key
+ S: D (rsa (n 326487324683264) (e 10001)))
+ S OK key created
+@end example
+
+@node Agent IMPORT
+@subsection Importing a Secret Key
+
+This operation is not yet supported by GpgAgent. Specialized tools
+are to be used for this.
+
+There is no actual need because we can expect that secret keys
+created by a 3rd party are stored on a smartcard. If we have
+generated the key ourself, we do not need to import it.
+
+@node Agent EXPORT
+@subsection Export a Secret Key
+
+Not implemented.
+
+Should be done by an extra tool.
+
+@node Agent ISTRUSTED
+@subsection Importing a Root Certificate
+
+Actually we do not import a Root Cert but provide a way to validate
+any piece of data by storing its Hash along with a description and
+an identifier in the PSE. Here is the interface description:
+
+@example
+ ISTRUSTED <fingerprint>
+@end example
+
+Check whether the OpenPGP primary key or the X.509 certificate with the
+given fingerprint is an ultimately trusted key or a trusted Root CA
+certificate. The fingerprint should be given as a hexstring (without
+any blanks or colons or whatever in between) and may be left padded with
+00 in case of an MD5 fingerprint. GPGAgent will answer with:
+
+@example
+ OK
+@end example
+
+The key is in the table of trusted keys.
+
+@example
+ ERR 304 (Not Trusted)
+@end example
+
+The key is not in this table.
+
+Gpg needs the entire list of trusted keys to maintain the web of
+trust; the following command is therefore quite helpful:
+
+@example
+ LISTTRUSTED
+@end example
+
+GpgAgent returns a list of trusted keys line by line:
+
+@example
+ S: D 000000001234454556565656677878AF2F1ECCFF P
+ S: D 340387563485634856435645634856438576457A P
+ S: D FEDC6532453745367FD83474357495743757435D S
+ S: OK
+@end example
+
+The first item on a line is the hexified fingerprint where MD5
+fingerprints are @code{00} padded to the left and the second item is a
+flag to indicate the type of key (so that gpg is able to only take care
+of PGP keys). P = OpenPGP, S = S/MIME. A client should ignore the rest
+of the line, so that we can extend the format in the future.
+
+Finally a client should be able to mark a key as trusted:
+
+@example
+ MARKTRUSTED @var{fingerprint} "P"|"S"
+@end example
+
+The server will then pop up a window to ask the user whether she
+really trusts this key. For this it will probably ask for a text to
+be displayed like this:
+
+@example
+ S: INQUIRE TRUSTDESC
+ C: D Do you trust the key with the fingerprint @@FPR@@
+ C: D bla fasel blurb.
+ C: END
+ S: OK
+@end example
+
+Known sequences with the pattern @@foo@@ are replaced according to this
+table:
+
+@table @code
+@item @@FPR16@@
+Format the fingerprint according to gpg rules for a v3 keys.
+@item @@FPR20@@
+Format the fingerprint according to gpg rules for a v4 keys.
+@item @@FPR@@
+Choose an appropriate format to format the fingerprint.
+@item @@@@
+Replaced by a single @code{@@}
+@end table
+
+@node Agent GET_PASSPHRASE
+@subsection Ask for a passphrase
+
+This function is usually used to ask for a passphrase to be used for
+conventional encryption, but may also be used by programs which need
+special handling of passphrases. This command uses a syntax which helps
+clients to use the agent with minimum effort.
+
+@example
+ GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]] [--qualitybar] @var{cache_id} [@var{error_message} @var{prompt} @var{description}]
+@end example
+
+@var{cache_id} is expected to be a string used to identify a cached
+passphrase. Use a @code{X} to bypass the cache. With no other
+arguments the agent returns a cached passphrase or an error. By
+convention either the hexified fingerprint of the key shall be used for
+@var{cache_id} or an arbitrary string prefixed with the name of the
+calling application and a colon: Like @code{gpg:somestring}.
+
+@var{error_message} is either a single @code{X} for no error message or
+a string to be shown as an error message like (e.g. "invalid
+passphrase"). Blanks must be percent escaped or replaced by @code{+}'.
+
+@var{prompt} is either a single @code{X} for a default prompt or the
+text to be shown as the prompt. Blanks must be percent escaped or
+replaced by @code{+}.
+
+@var{description} is a text shown above the entry field. Blanks must be
+percent escaped or replaced by @code{+}.
+
+The agent either returns with an error or with a OK followed by the hex
+encoded passphrase. Note that the length of the strings is implicitly
+limited by the maximum length of a command. If the option
+@option{--data} is used, the passphrase is not returned on the OK line
+but by regular data lines; this is the preferred method.
+
+If the option @option{--check} is used, the standard passphrase
+constraints checks are applied. A check is not done if the passphrase
+has been found in the cache.
+
+If the option @option{--no-ask} is used and the passphrase is not in the
+cache the user will not be asked to enter a passphrase but the error
+code @code{GPG_ERR_NO_DATA} is returned.
+
+If the option @option{--qualitybar} is used and a minimum passphrase
+length has been configured, a visual indication of the entered
+passphrase quality is shown.
+
+@example
+ CLEAR_PASSPHRASE @var{cache_id}
+@end example
+
+may be used to invalidate the cache entry for a passphrase. The
+function returns with OK even when there is no cached passphrase.
+
+
+@node Agent GET_CONFIRMATION
+@subsection Ask for confirmation
+
+This command may be used to ask for a simple confirmation by
+presenting a text and 2 buttons: Okay and Cancel.
+
+@example
+ GET_CONFIRMATION @var{description}
+@end example
+
+@var{description}is displayed along with a Okay and Cancel
+button. Blanks must be percent escaped or replaced by @code{+}. A
+@code{X} may be used to display confirmation dialog with a default
+text.
+
+The agent either returns with an error or with a OK. Note, that the
+length of @var{description} is implicitly limited by the maximum
+length of a command.
+
+
+
+@node Agent HAVEKEY
+@subsection Check whether a key is available
+
+This can be used to see whether a secret key is available. It does
+not return any information on whether the key is somehow protected.
+
+@example
+ HAVEKEY @var{keygrips}
+@end example
+
+The agent answers either with OK or @code{No_Secret_Key} (208). The
+caller may want to check for other error codes as well. More than one
+keygrip may be given. In this case the command returns success if at
+least one of the keygrips corresponds to an available secret key.
+
+
+@node Agent LEARN
+@subsection Register a smartcard
+
+@example
+ LEARN [--send]
+@end example
+
+This command is used to register a smartcard. With the --send
+option given the certificates are send back.
+
+
+@node Agent PASSWD
+@subsection Change a Passphrase
+
+@example
+ PASSWD @var{keygrip}
+@end example
+
+This command is used to interactively change the passphrase of the key
+identified by the hex string @var{keygrip}.
+
+
+@node Agent UPDATESTARTUPTTY
+@subsection Change the standard display
+
+@example
+ UPDATESTARTUPTTY
+@end example
+
+Set the startup TTY and X-DISPLAY variables to the values of this
+session. This command is useful to direct future pinentry invocations
+to another screen. It is only required because there is no way in the
+ssh-agent protocol to convey this information.
+
+
+@node Agent GETEVENTCOUNTER
+@subsection Get the Event Counters
+
+@example
+ GETEVENTCOUNTER
+@end example
+
+This function return one status line with the current values of the
+event counters. The event counters are useful to avoid polling by
+delaying a poll until something has changed. The values are decimal
+numbers in the range @code{0} to @code{UINT_MAX} and wrapping around to
+0. The actual values should not be relied upon; they shall only be used
+to detect a change.
+
+The currently defined counters are are:
+@table @code
+@item ANY
+Incremented with any change of any of the other counters.
+@item KEY
+Incremented for added or removed private keys.
+@item CARD
+Incremented for changes of the card readers stati.
+@end table
+
+@node Agent GETINFO
+@subsection Return information about the process
+
+This is a multipurpose function to return a variety of information.
+
+@example
+GETINFO @var{what}
+@end example
+
+The value of @var{what} specifies the kind of information returned:
+@table @code
+@item version
+Return the version of the program.
+@item pid
+Return the process id of the process.
+@item socket_name
+Return the name of the socket used to connect the agent.
+@item ssh_socket_name
+Return the name of the socket used for SSH connections. If SSH support
+has not been enabled the error @code{GPG_ERR_NO_DATA} will be returned.
+@end table
+
+@node Agent OPTION
+@subsection Set options for the session
+
+Here is a list of session options which are not yet described with
+other commands. The general syntax for an Assuan option is:
+
+@smallexample
+OPTION @var{key}=@var{value}
+@end smallexample
+
+@noindent
+Supported @var{key}s are:
+
+@table @code
+@item agent-awareness
+This may be used to tell gpg-agent of which gpg-agent version the
+client is aware of. gpg-agent uses this information to enable
+features which might break older clients.
+
+@item putenv
+Change the session's environment to be used for the
+Pinentry. Valid values are:
+
+ @table @code
+ @item @var{name}
+ Delete envvar @var{name}
+ @item @var{name}=
+ Set envvar @var{name} to the empty string
+ @item @var{name}=@var{value}
+ Set envvar @var{name} to the string @var{value}.
+ @end table
+
+@item use-cache-for-signing
+See Assuan command @code{PKSIGN}.
+
+@item allow-pinentry-notify
+This does not need any value. It is used to enable the
+PINENTRY_LAUNCHED inquiry.
+
+@ifset gpgtwoone
+@item pinentry-mode
+This option is used to change the operation mode of the pinentry. The
+following values are defined:
+
+ @table @code
+ @item ask
+ This is the default mode which pops up a pinentry as needed.
+
+ @item cancel
+ Instead of popping up a pinentry, return the error code
+ @code{GPG_ERR_CANCELED}.
+
+ @item error
+ Instead of popping up a pinentry, return the error code
+ @code{GPG_ERR_NO_PIN_ENTRY}.
+
+ @item loopback
+ Use a loopback pinentry. This fakes a pinentry by using inquiries
+ back to the caller to ask for a passphrase. This option may only be
+ set if the agent has been configured for that.
+ Use the @xref{option --allow-loopback-pinentry}.
+
+ @end table
+@end ifset
+
+@ifset gpgtwoone
+@item cache-ttl-opt-preset
+This option sets the cache TTL for new entries created by GENKEY and
+PASSWD commands when using the @option{--preset} option. It it is not
+used a default value is used.
+@end ifset
+
+@ifset gpgtwoone
+@item s2k-count
+Instead of using the standard S2K count (which is computed on the
+fly), the given S2K count is used for new keys or when changing the
+passphrase of a key. Values below 65536 are considered to be 0. This
+option is valid for the entire session or until reset to 0. This
+option is useful if the key is later used on boxes which are either
+much slower or faster than the actual box.
+@end ifset
+
+@end table
+
+
+@mansect see also
+@ifset isman
+@command{gpg2}(1),
+@command{gpgsm}(1),
+@command{gpg-connect-agent}(1),
+@command{scdaemon}(1)
+@end ifset
+@include see-also-note.texi
diff --git a/doc/gpg.texi b/doc/gpg.texi
new file mode 100644
index 0000000..420326b
--- /dev/null
+++ b/doc/gpg.texi
@@ -0,0 +1,3394 @@
+@c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+@c 2008, 2009, 2010 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@c Note that we use this texinfo file for all versions of GnuPG: 1.4.x,
+@c 2.0 and 2.1. The macro "gpgone" controls parts which are only valid
+@c for GnuPG 1.4, the macro "gpgtwoone" controls parts which are only
+@c valid for GnupG 2.1 and later.
+
+@node Invoking GPG
+@chapter Invoking GPG
+@cindex GPG command options
+@cindex command options
+@cindex options, GPG command
+
+@c Begin GnuPG 1.x specific stuff
+@ifset gpgone
+@macro gpgname
+gpg
+@end macro
+@manpage gpg.1
+@ifset manverb
+.B gpg
+\- OpenPGP encryption and signing tool
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpg
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.I command
+.RI [ args ]
+@end ifset
+@end ifset
+@c End GnuPG 1.x specific stuff
+
+@c Begin GnuPG 2 specific stuff
+@ifclear gpgone
+@macro gpgname
+gpg2
+@end macro
+@manpage gpg2.1
+@ifset manverb
+.B gpg2
+\- OpenPGP encryption and signing tool
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpg2
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.I command
+.RI [ args ]
+@end ifset
+@end ifclear
+@c Begin GnuPG 2 specific stuff
+
+@mansect description
+@command{@gpgname} is the OpenPGP part of the GNU Privacy Guard (GnuPG). It
+is a tool to provide digital encryption and signing services using the
+OpenPGP standard. @command{@gpgname} features complete key management and
+all bells and whistles you can expect from a decent OpenPGP
+implementation.
+
+@ifset gpgone
+This is the standalone version of @command{gpg}. For desktop use you
+should consider using @command{gpg2} @footnote{On some platforms gpg2 is
+installed under the name @command{gpg}}.
+@end ifset
+
+@ifclear gpgone
+In contrast to the standalone version @command{gpg}, which is more
+suited for server and embedded platforms, this version is commonly
+installed under the name @command{gpg2} and more targeted to the desktop
+as it requires several other modules to be installed. The standalone
+version will be kept maintained and it is possible to install both
+versions on the same system. If you need to use different configuration
+files, you should make use of something like @file{gpg.conf-2} instead
+of just @file{gpg.conf}.
+@end ifclear
+
+@manpause
+@ifclear gpgone
+Documentation for the old standard @command{gpg} is available as a man
+page and at @inforef{Top,GnuPG 1,gpg}.
+@end ifclear
+
+@xref{Option Index}, for an index to @command{@gpgname}'s commands and options.
+@mancont
+
+@menu
+* GPG Commands:: List of all commands.
+* GPG Options:: List of all options.
+* GPG Configuration:: Configuration files.
+* GPG Examples:: Some usage examples.
+
+Developer information:
+* Unattended Usage of GPG:: Using @command{gpg} from other programs.
+@end menu
+
+@c * GPG Protocol:: The protocol the server mode uses.
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** COMMANDS ****************
+@c *************** ****************
+@c *******************************************
+@mansect commands
+@node GPG Commands
+@section Commands
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+@command{@gpgname} may be run with no commands, in which case it will
+perform a reasonable action depending on the type of file it is given
+as input (an encrypted message is decrypted, a signature is verified,
+a file containing keys is listed).
+
+Please remember that option as well as command parsing stops as soon as
+a non-option is encountered, you can explicitly stop parsing by
+using the special option @option{--}.
+
+
+@menu
+* General GPG Commands:: Commands not specific to the functionality.
+* Operational GPG Commands:: Commands to select the type of operation.
+* OpenPGP Key Management:: How to manage your keys.
+@end menu
+
+
+@c *******************************************
+@c ********** GENERAL COMMANDS *************
+@c *******************************************
+@node General GPG Commands
+@subsection Commands not specific to the function
+
+@table @gnupgtabopt
+@item --version
+@opindex version
+Print the program version and licensing information. Note that you
+cannot abbreviate this command.
+
+@item --help
+@itemx -h
+@opindex help
+Print a usage message summarizing the most useful command line options.
+Note that you cannot abbreviate this command.
+
+@item --warranty
+@opindex warranty
+Print warranty information.
+
+@item --dump-options
+@opindex dump-options
+Print a list of all available options and commands. Note that you cannot
+abbreviate this command.
+@end table
+
+
+@c *******************************************
+@c ******** OPERATIONAL COMMANDS ***********
+@c *******************************************
+@node Operational GPG Commands
+@subsection Commands to select the type of operation
+
+
+@table @gnupgtabopt
+
+@item --sign
+@itemx -s
+@opindex sign
+Make a signature. This command may be combined with @option{--encrypt}
+(for a signed and encrypted message), @option{--symmetric} (for a
+signed and symmetrically encrypted message), or @option{--encrypt} and
+@option{--symmetric} together (for a signed message that may be
+decrypted via a secret key or a passphrase). The key to be used for
+signing is chosen by default or can be set with the
+@option{--local-user} and @option{--default-key} options.
+
+@item --clearsign
+@opindex clearsign
+Make a clear text signature. The content in a clear text signature is
+readable without any special software. OpenPGP software is only needed
+to verify the signature. Clear text signatures may modify end-of-line
+whitespace for platform independence and are not intended to be
+reversible. The key to be used for signing is chosen by default or
+can be set with the @option{--local-user} and @option{--default-key}
+options.
+
+
+@item --detach-sign
+@itemx -b
+@opindex detach-sign
+Make a detached signature.
+
+@item --encrypt
+@itemx -e
+@opindex encrypt
+Encrypt data. This option may be combined with @option{--sign} (for a
+signed and encrypted message), @option{--symmetric} (for a message that
+may be decrypted via a secret key or a passphrase), or @option{--sign}
+and @option{--symmetric} together (for a signed message that may be
+decrypted via a secret key or a passphrase).
+
+@item --symmetric
+@itemx -c
+@opindex symmetric
+Encrypt with a symmetric cipher using a passphrase. The default
+symmetric cipher used is CAST5, but may be chosen with the
+@option{--cipher-algo} option. This option may be combined with
+@option{--sign} (for a signed and symmetrically encrypted message),
+@option{--encrypt} (for a message that may be decrypted via a secret key
+or a passphrase), or @option{--sign} and @option{--encrypt} together
+(for a signed message that may be decrypted via a secret key or a
+passphrase).
+
+@item --store
+@opindex store
+Store only (make a simple RFC1991 literal data packet).
+
+@item --decrypt
+@itemx -d
+@opindex decrypt
+Decrypt the file given on the command line (or STDIN if no file
+is specified) and write it to STDOUT (or the file specified with
+@option{--output}). If the decrypted file is signed, the signature is also
+verified. This command differs from the default operation, as it never
+writes to the filename which is included in the file and it rejects
+files which don't begin with an encrypted message.
+
+@item --verify
+@opindex verify
+Assume that the first argument is a signed file or a detached signature
+and verify it without generating any output. With no arguments, the
+signature packet is read from STDIN. If only a sigfile is given, it may
+be a complete signature or a detached signature, in which case the
+signed stuff is expected in a file without the ".sig" or ".asc"
+extension. With more than 1 argument, the first should be a detached
+signature and the remaining files are the signed stuff. To read the
+signed stuff from STDIN, use @samp{-} as the second filename. For
+security reasons a detached signature cannot read the signed material
+from STDIN without denoting it in the above way.
+
+@item --multifile
+@opindex multifile
+This modifies certain other commands to accept multiple files for
+processing on the command line or read from STDIN with each filename on
+a separate line. This allows for many files to be processed at
+once. @option{--multifile} may currently be used along with
+@option{--verify}, @option{--encrypt}, and @option{--decrypt}. Note that
+@option{--multifile --verify} may not be used with detached signatures.
+
+@item --verify-files
+@opindex verify-files
+Identical to @option{--multifile --verify}.
+
+@item --encrypt-files
+@opindex encrypt-files
+Identical to @option{--multifile --encrypt}.
+
+@item --decrypt-files
+@opindex decrypt-files
+Identical to @option{--multifile --decrypt}.
+
+@item --list-keys
+@itemx -k
+@itemx --list-public-keys
+@opindex list-keys
+List all keys from the public keyrings, or just the keys given on the
+command line.
+@ifset gpgone
+@option{-k} is slightly different from @option{--list-keys} in that it
+allows only for one argument and takes the second argument as the
+keyring to search. This is for command line compatibility with PGP 2
+and has been removed in @command{gpg2}.
+@end ifset
+
+Avoid using the output of this command in scripts or other programs as
+it is likely to change as GnuPG changes. See @option{--with-colons} for a
+machine-parseable key listing command that is appropriate for use in
+scripts and other programs.
+
+@item --list-secret-keys
+@itemx -K
+@opindex list-secret-keys
+List all keys from the secret keyrings, or just the ones given on the
+command line. A @code{#} after the letters @code{sec} means that the
+secret key is not usable (for example, if it was created via
+@option{--export-secret-subkeys}).
+
+@item --list-sigs
+@opindex list-sigs
+Same as @option{--list-keys}, but the signatures are listed too.
+@ifclear gpgone
+This command has the same effect as
+using @option{--list-keys} with @option{--with-sig-list}.
+@end ifclear
+
+For each signature listed, there are several flags in between the "sig"
+tag and keyid. These flags give additional information about each
+signature. From left to right, they are the numbers 1-3 for certificate
+check level (see @option{--ask-cert-level}), "L" for a local or
+non-exportable signature (see @option{--lsign-key}), "R" for a
+nonRevocable signature (see the @option{--edit-key} command "nrsign"),
+"P" for a signature that contains a policy URL (see
+@option{--cert-policy-url}), "N" for a signature that contains a
+notation (see @option{--cert-notation}), "X" for an eXpired signature
+(see @option{--ask-cert-expire}), and the numbers 1-9 or "T" for 10 and
+above to indicate trust signature levels (see the @option{--edit-key}
+command "tsign").
+
+@item --check-sigs
+@opindex check-sigs
+Same as @option{--list-sigs}, but the signatures are verified. Note
+that for performance reasons the revocation status of a signing key is
+not shown.
+@ifclear gpgone
+This command has the same effect as
+using @option{--list-keys} with @option{--with-sig-check}.
+@end ifclear
+
+The status of the verification is indicated by a flag directly following
+the "sig" tag (and thus before the flags described above for
+@option{--list-sigs}). A "!" indicates that the signature has been
+successfully verified, a "-" denotes a bad signature and a "%" is used
+if an error occurred while checking the signature (e.g. a non supported
+algorithm).
+
+@ifclear gpgone
+@item --locate-keys
+@opindex locate-keys
+Locate the keys given as arguments. This command basically uses the
+same algorithm as used when locating keys for encryption or signing and
+may thus be used to see what keys @command{@gpgname} might use. In
+particular external methods as defined by @option{--auto-key-locate} may
+be used to locate a key. Only public keys are listed.
+@end ifclear
+
+
+@item --fingerprint
+@opindex fingerprint
+List all keys (or the specified ones) along with their
+fingerprints. This is the same output as @option{--list-keys} but with
+the additional output of a line with the fingerprint. May also be
+combined with @option{--list-sigs} or @option{--check-sigs}. If this
+command is given twice, the fingerprints of all secondary keys are
+listed too.
+
+@item --list-packets
+@opindex list-packets
+List only the sequence of packets. This is mainly
+useful for debugging.
+
+
+@item --card-edit
+@opindex card-edit
+Present a menu to work with a smartcard. The subcommand "help" provides
+an overview on available commands. For a detailed description, please
+see the Card HOWTO at
+http://www.gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO .
+
+@item --card-status
+@opindex card-status
+Show the content of the smart card.
+
+@item --change-pin
+@opindex change-pin
+Present a menu to allow changing the PIN of a smartcard. This
+functionality is also available as the subcommand "passwd" with the
+@option{--card-edit} command.
+
+@item --delete-key @code{name}
+@opindex delete-key
+Remove key from the public keyring. In batch mode either @option{--yes} is
+required or the key must be specified by fingerprint. This is a
+safeguard against accidental deletion of multiple keys.
+
+@item --delete-secret-key @code{name}
+@opindex delete-secret-key
+Remove key from the secret and public keyring. In batch mode the key
+must be specified by fingerprint.
+
+@item --delete-secret-and-public-key @code{name}
+@opindex delete-secret-and-public-key
+Same as @option{--delete-key}, but if a secret key exists, it will be
+removed first. In batch mode the key must be specified by fingerprint.
+
+@item --export
+@opindex export
+Either export all keys from all keyrings (default keyrings and those
+registered via option @option{--keyring}), or if at least one name is given,
+those of the given name. The new keyring is written to STDOUT or to the
+file given with option @option{--output}. Use together with
+@option{--armor} to mail those keys.
+
+@item --send-keys @code{key IDs}
+@opindex send-keys
+Similar to @option{--export} but sends the keys to a keyserver.
+Fingerprints may be used instead of key IDs. Option @option{--keyserver}
+must be used to give the name of this keyserver. Don't send your
+complete keyring to a keyserver --- select only those keys which are new
+or changed by you. If no key IDs are given, @command{gpg} does nothing.
+
+@item --export-secret-keys
+@itemx --export-secret-subkeys
+@opindex export-secret-keys
+@opindex export-secret-subkeys
+Same as @option{--export}, but exports the secret keys instead. This is
+normally not very useful and a security risk. The second form of the
+command has the special property to render the secret part of the
+primary key useless; this is a GNU extension to OpenPGP and other
+implementations can not be expected to successfully import such a key.
+@ifclear gpgtwoone
+See the option @option{--simple-sk-checksum} if you want to import such
+an exported key with an older OpenPGP implementation.
+@end ifclear
+
+@item --import
+@itemx --fast-import
+@opindex import
+Import/merge keys. This adds the given keys to the
+keyring. The fast version is currently just a synonym.
+
+There are a few other options which control how this command works.
+Most notable here is the @option{--import-options merge-only} option
+which does not insert new keys but does only the merging of new
+signatures, user-IDs and subkeys.
+
+@item --recv-keys @code{key IDs}
+@opindex recv-keys
+Import the keys with the given key IDs from a keyserver. Option
+@option{--keyserver} must be used to give the name of this keyserver.
+
+@item --refresh-keys
+@opindex refresh-keys
+Request updates from a keyserver for keys that already exist on the
+local keyring. This is useful for updating a key with the latest
+signatures, user IDs, etc. Calling this with no arguments will refresh
+the entire keyring. Option @option{--keyserver} must be used to give the
+name of the keyserver for all keys that do not have preferred keyservers
+set (see @option{--keyserver-options honor-keyserver-url}).
+
+@item --search-keys @code{names}
+@opindex search-keys
+Search the keyserver for the given names. Multiple names given here will
+be joined together to create the search string for the keyserver.
+Option @option{--keyserver} must be used to give the name of this
+keyserver. Keyservers that support different search methods allow using
+the syntax specified in "How to specify a user ID" below. Note that
+different keyserver types support different search methods. Currently
+only LDAP supports them all.
+
+@item --fetch-keys @code{URIs}
+@opindex fetch-keys
+Retrieve keys located at the specified URIs. Note that different
+installations of GnuPG may support different protocols (HTTP, FTP,
+LDAP, etc.)
+
+@item --update-trustdb
+@opindex update-trustdb
+Do trust database maintenance. This command iterates over all keys and
+builds the Web of Trust. This is an interactive command because it may
+have to ask for the "ownertrust" values for keys. The user has to give
+an estimation of how far she trusts the owner of the displayed key to
+correctly certify (sign) other keys. GnuPG only asks for the ownertrust
+value if it has not yet been assigned to a key. Using the
+@option{--edit-key} menu, the assigned value can be changed at any time.
+
+@item --check-trustdb
+@opindex check-trustdb
+Do trust database maintenance without user interaction. From time to
+time the trust database must be updated so that expired keys or
+signatures and the resulting changes in the Web of Trust can be
+tracked. Normally, GnuPG will calculate when this is required and do it
+automatically unless @option{--no-auto-check-trustdb} is set. This
+command can be used to force a trust database check at any time. The
+processing is identical to that of @option{--update-trustdb} but it
+skips keys with a not yet defined "ownertrust".
+
+For use with cron jobs, this command can be used together with
+@option{--batch} in which case the trust database check is done only if
+a check is needed. To force a run even in batch mode add the option
+@option{--yes}.
+
+@anchor{option --export-ownertrust}
+@item --export-ownertrust
+@opindex export-ownertrust
+Send the ownertrust values to STDOUT. This is useful for backup purposes
+as these values are the only ones which can't be re-created from a
+corrupted trustdb. Example:
+@c man:.RS
+@example
+ @gpgname{} --export-ownertrust > otrust.txt
+@end example
+@c man:.RE
+
+
+@item --import-ownertrust
+@opindex import-ownertrust
+Update the trustdb with the ownertrust values stored in @code{files} (or
+STDIN if not given); existing values will be overwritten. In case of a
+severely damaged trustdb and if you have a recent backup of the
+ownertrust values (e.g. in the file @file{otrust.txt}, you may re-create
+the trustdb using these commands:
+@c man:.RS
+@example
+ cd ~/.gnupg
+ rm trustdb.gpg
+ @gpgname{} --import-ownertrust < otrust.txt
+@end example
+@c man:.RE
+
+
+@item --rebuild-keydb-caches
+@opindex rebuild-keydb-caches
+When updating from version 1.0.6 to 1.0.7 this command should be used
+to create signature caches in the keyring. It might be handy in other
+situations too.
+
+@item --print-md @code{algo}
+@itemx --print-mds
+@opindex print-md
+Print message digest of algorithm ALGO for all given files or STDIN.
+With the second form (or a deprecated "*" as algo) digests for all
+available algorithms are printed.
+
+@item --gen-random @code{0|1|2} @code{count}
+@opindex gen-random
+Emit @var{count} random bytes of the given quality level 0, 1 or 2. If
+@var{count} is not given or zero, an endless sequence of random bytes
+will be emitted. If used with @option{--armor} the output will be
+base64 encoded. PLEASE, don't use this command unless you know what
+you are doing; it may remove precious entropy from the system!
+
+@item --gen-prime @code{mode} @code{bits}
+@opindex gen-prime
+Use the source, Luke :-). The output format is still subject to change.
+
+
+@item --enarmor
+@item --dearmor
+@opindex enarmor
+@opindex dearmor
+Pack or unpack an arbitrary input into/from an OpenPGP ASCII armor.
+This is a GnuPG extension to OpenPGP and in general not very useful.
+
+@end table
+
+
+@c *******************************************
+@c ******* KEY MANGEMENT COMMANDS **********
+@c *******************************************
+@node OpenPGP Key Management
+@subsection How to manage your keys
+
+This section explains the main commands for key management
+
+@table @gnupgtabopt
+
+@item --gen-key
+@opindex gen-key
+Generate a new key pair. This command is normally only used
+interactively.
+
+There is an experimental feature which allows you to create keys in
+batch mode. See the file @file{doc/DETAILS} in the source distribution
+on how to use this.
+
+@item --gen-revoke @code{name}
+@opindex gen-revoke
+Generate a revocation certificate for the complete key. To revoke
+a subkey or a signature, use the @option{--edit} command.
+
+@item --desig-revoke @code{name}
+@opindex desig-revoke
+Generate a designated revocation certificate for a key. This allows a
+user (with the permission of the keyholder) to revoke someone else's
+key.
+
+
+@item --edit-key
+@opindex edit-key
+Present a menu which enables you to do most of the key management
+related tasks. It expects the specification of a key on the command
+line.
+
+@c ******** Begin Edit-key Options **********
+@table @asis
+
+ @item uid @code{n}
+ @opindex keyedit:uid
+ Toggle selection of user ID or photographic user ID with index @code{n}.
+ Use @code{*} to select all and @code{0} to deselect all.
+
+ @item key @code{n}
+ @opindex keyedit:key
+ Toggle selection of subkey with index @code{n}.
+ Use @code{*} to select all and @code{0} to deselect all.
+
+ @item sign
+ @opindex keyedit:sign
+ Make a signature on key of user @code{name} If the key is not yet
+ signed by the default user (or the users given with -u), the program
+ displays the information of the key again, together with its
+ fingerprint and asks whether it should be signed. This question is
+ repeated for all users specified with
+ -u.
+
+ @item lsign
+ @opindex keyedit:lsign
+ Same as "sign" but the signature is marked as non-exportable and will
+ therefore never be used by others. This may be used to make keys
+ valid only in the local environment.
+
+ @item nrsign
+ @opindex keyedit:nrsign
+ Same as "sign" but the signature is marked as non-revocable and can
+ therefore never be revoked.
+
+ @item tsign
+ @opindex keyedit:tsign
+ Make a trust signature. This is a signature that combines the notions
+ of certification (like a regular signature), and trust (like the
+ "trust" command). It is generally only useful in distinct communities
+ or groups.
+@end table
+
+@c man:.RS
+Note that "l" (for local / non-exportable), "nr" (for non-revocable,
+and "t" (for trust) may be freely mixed and prefixed to "sign" to
+create a signature of any type desired.
+@c man:.RE
+
+@table @asis
+
+ @item delsig
+ @opindex keyedit:delsig
+ Delete a signature. Note that it is not possible to retract a signature,
+ once it has been send to the public (i.e. to a keyserver). In that case
+ you better use @code{revsig}.
+
+ @item revsig
+ @opindex keyedit:revsig
+ Revoke a signature. For every signature which has been generated by
+ one of the secret keys, GnuPG asks whether a revocation certificate
+ should be generated.
+
+ @item check
+ @opindex keyedit:check
+ Check the signatures on all selected user IDs.
+
+ @item adduid
+ @opindex keyedit:adduid
+ Create an additional user ID.
+
+ @item addphoto
+ @opindex keyedit:addphoto
+ Create a photographic user ID. This will prompt for a JPEG file that
+ will be embedded into the user ID. Note that a very large JPEG will make
+ for a very large key. Also note that some programs will display your
+ JPEG unchanged (GnuPG), and some programs will scale it to fit in a
+ dialog box (PGP).
+
+ @item showphoto
+ @opindex keyedit:showphoto
+ Display the selected photographic user ID.
+
+ @item deluid
+ @opindex keyedit:deluid
+ Delete a user ID or photographic user ID. Note that it is not
+ possible to retract a user id, once it has been send to the public
+ (i.e. to a keyserver). In that case you better use @code{revuid}.
+
+ @item revuid
+ @opindex keyedit:revuid
+ Revoke a user ID or photographic user ID.
+
+ @item primary
+ @opindex keyedit:primary
+ Flag the current user id as the primary one, removes the primary user
+ id flag from all other user ids and sets the timestamp of all affected
+ self-signatures one second ahead. Note that setting a photo user ID
+ as primary makes it primary over other photo user IDs, and setting a
+ regular user ID as primary makes it primary over other regular user
+ IDs.
+
+ @item keyserver
+ @opindex keyedit:keyserver
+ Set a preferred keyserver for the specified user ID(s). This allows
+ other users to know where you prefer they get your key from. See
+ @option{--keyserver-options honor-keyserver-url} for more on how this
+ works. Setting a value of "none" removes an existing preferred
+ keyserver.
+
+ @item notation
+ @opindex keyedit:notation
+ Set a name=value notation for the specified user ID(s). See
+ @option{--cert-notation} for more on how this works. Setting a value of
+ "none" removes all notations, setting a notation prefixed with a minus
+ sign (-) removes that notation, and setting a notation name (without the
+ =value) prefixed with a minus sign removes all notations with that name.
+
+ @item pref
+ @opindex keyedit:pref
+ List preferences from the selected user ID. This shows the actual
+ preferences, without including any implied preferences.
+
+ @item showpref
+ @opindex keyedit:showpref
+ More verbose preferences listing for the selected user ID. This shows
+ the preferences in effect by including the implied preferences of 3DES
+ (cipher), SHA-1 (digest), and Uncompressed (compression) if they are
+ not already included in the preference list. In addition, the
+ preferred keyserver and signature notations (if any) are shown.
+
+ @item setpref @code{string}
+ @opindex keyedit:setpref
+ Set the list of user ID preferences to @code{string} for all (or just
+ the selected) user IDs. Calling setpref with no arguments sets the
+ preference list to the default (either built-in or set via
+ @option{--default-preference-list}), and calling setpref with "none"
+ as the argument sets an empty preference list. Use @command{@gpgname
+ --version} to get a list of available algorithms. Note that while you
+ can change the preferences on an attribute user ID (aka "photo ID"),
+ GnuPG does not select keys via attribute user IDs so these preferences
+ will not be used by GnuPG.
+
+ When setting preferences, you should list the algorithms in the order
+ which you'd like to see them used by someone else when encrypting a
+ message to your key. If you don't include 3DES, it will be
+ automatically added at the end. Note that there are many factors that
+ go into choosing an algorithm (for example, your key may not be the
+ only recipient), and so the remote OpenPGP application being used to
+ send to you may or may not follow your exact chosen order for a given
+ message. It will, however, only choose an algorithm that is present
+ on the preference list of every recipient key. See also the
+ INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS section below.
+
+ @item addkey
+ @opindex keyedit:addkey
+ Add a subkey to this key.
+
+ @item addcardkey
+ @opindex keyedit:addcardkey
+ Generate a subkey on a card and add it to this key.
+
+ @item keytocard
+ @opindex keyedit:keytocard
+ Transfer the selected secret subkey (or the primary key if no subkey
+ has been selected) to a smartcard. The secret key in the keyring will
+ be replaced by a stub if the key could be stored successfully on the
+ card and you use the save command later. Only certain key types may be
+ transferred to the card. A sub menu allows you to select on what card
+ to store the key. Note that it is not possible to get that key back
+ from the card - if the card gets broken your secret key will be lost
+ unless you have a backup somewhere.
+
+ @item bkuptocard @code{file}
+ @opindex keyedit:bkuptocard
+ Restore the given file to a card. This command may be used to restore a
+ backup key (as generated during card initialization) to a new card. In
+ almost all cases this will be the encryption key. You should use this
+ command only with the corresponding public key and make sure that the
+ file given as argument is indeed the backup to restore. You should then
+ select 2 to restore as encryption key. You will first be asked to enter
+ the passphrase of the backup key and then for the Admin PIN of the card.
+
+ @item delkey
+ @opindex keyedit:delkey
+ Remove a subkey (secondart key). Note that it is not possible to retract
+ a subkey, once it has been send to the public (i.e. to a keyserver). In
+ that case you better use @code{revkey}.
+
+ @item revkey
+ @opindex keyedit:revkey
+ Revoke a subkey.
+
+ @item expire
+ @opindex keyedit:expire
+ Change the key or subkey expiration time. If a subkey is selected, the
+ expiration time of this subkey will be changed. With no selection, the
+ key expiration of the primary key is changed.
+
+ @item trust
+ @opindex keyedit:trust
+ Change the owner trust value for the key. This updates the trust-db
+ immediately and no save is required.
+
+ @item disable
+ @itemx enable
+ @opindex keyedit:disable
+ @opindex keyedit:enable
+ Disable or enable an entire key. A disabled key can not normally be
+ used for encryption.
+
+ @item addrevoker
+ @opindex keyedit:addrevoker
+ Add a designated revoker to the key. This takes one optional argument:
+ "sensitive". If a designated revoker is marked as sensitive, it will
+ not be exported by default (see export-options).
+
+ @item passwd
+ @opindex keyedit:passwd
+ Change the passphrase of the secret key.
+
+ @item toggle
+ @opindex keyedit:toggle
+ Toggle between public and secret key listing.
+
+ @item clean
+ @opindex keyedit:clean
+ Compact (by removing all signatures except the selfsig) any user ID
+ that is no longer usable (e.g. revoked, or expired). Then, remove any
+ signatures that are not usable by the trust calculations.
+ Specifically, this removes any signature that does not validate, any
+ signature that is superseded by a later signature, revoked signatures,
+ and signatures issued by keys that are not present on the keyring.
+
+ @item minimize
+ @opindex keyedit:minimize
+ Make the key as small as possible. This removes all signatures from
+ each user ID except for the most recent self-signature.
+
+ @item cross-certify
+ @opindex keyedit:cross-certify
+ Add cross-certification signatures to signing subkeys that may not
+ currently have them. Cross-certification signatures protect against a
+ subtle attack against signing subkeys. See
+ @option{--require-cross-certification}. All new keys generated have
+ this signature by default, so this option is only useful to bring
+ older keys up to date.
+
+ @item save
+ @opindex keyedit:save
+ Save all changes to the key rings and quit.
+
+ @item quit
+ @opindex keyedit:quit
+ Quit the program without updating the
+ key rings.
+@end table
+
+@c man:.RS
+The listing shows you the key with its secondary keys and all user
+ids. The primary user id is indicated by a dot, and selected keys or
+user ids are indicated by an asterisk. The trust
+value is displayed with the primary key: the first is the assigned owner
+trust and the second is the calculated trust value. Letters are used for
+the values:
+@c man:.RE
+
+@table @asis
+
+ @item -
+ No ownertrust assigned / not yet calculated.
+
+ @item e
+ Trust
+ calculation has failed; probably due to an expired key.
+
+ @item q
+ Not enough information for calculation.
+
+ @item n
+ Never trust this key.
+
+ @item m
+ Marginally trusted.
+
+ @item f
+ Fully trusted.
+
+ @item u
+ Ultimately trusted.
+
+@end table
+@c ******** End Edit-key Options **********
+
+@item --sign-key @code{name}
+@opindex sign-key
+Signs a public key with your secret key. This is a shortcut version of
+the subcommand "sign" from @option{--edit}.
+
+@item --lsign-key @code{name}
+@opindex lsign-key
+Signs a public key with your secret key but marks it as
+non-exportable. This is a shortcut version of the subcommand "lsign"
+from @option{--edit-key}.
+
+@ifclear gpgone
+@item --passwd @var{user_id}
+@opindex passwd
+Change the passphrase of the secret key belonging to the certificate
+specified as @var{user_id}. This is a shortcut for the sub-command
+@code{passwd} of the edit key menu.
+@end ifclear
+
+@end table
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** OPTIONS ****************
+@c *************** ****************
+@c *******************************************
+@mansect options
+@node GPG Options
+@section Option Summary
+
+@command{@gpgname} features a bunch of options to control the exact
+behaviour and to change the default configuration.
+
+@menu
+* GPG Configuration Options:: How to change the configuration.
+* GPG Key related Options:: Key related options.
+* GPG Input and Output:: Input and Output.
+* OpenPGP Options:: OpenPGP protocol specific options.
+* GPG Esoteric Options:: Doing things one usually don't want to do.
+@end menu
+
+Long options can be put in an options file (default
+"~/.gnupg/gpg.conf"). Short option names will not work - for example,
+"armor" is a valid option for the options file, while "a" is not. Do not
+write the 2 dashes, but simply the name of the option and any required
+arguments. Lines with a hash ('#') as the first non-white-space
+character are ignored. Commands may be put in this file too, but that is
+not generally useful as the command will execute automatically with
+every execution of gpg.
+
+Please remember that option parsing stops as soon as a non-option is
+encountered, you can explicitly stop parsing by using the special option
+@option{--}.
+
+@c *******************************************
+@c ******** CONFIGURATION OPTIONS **********
+@c *******************************************
+@node GPG Configuration Options
+@subsection How to change the configuration
+
+These options are used to change the configuration and are usually found
+in the option file.
+
+@table @gnupgtabopt
+
+@item --default-key @var{name}
+@opindex default-key
+Use @var{name} as the default key to sign with. If this option is not
+used, the default key is the first key found in the secret keyring.
+Note that @option{-u} or @option{--local-user} overrides this option.
+
+@item --default-recipient @var{name}
+@opindex default-recipient
+Use @var{name} as default recipient if option @option{--recipient} is
+not used and don't ask if this is a valid one. @var{name} must be
+non-empty.
+
+@item --default-recipient-self
+@opindex default-recipient-self
+Use the default key as default recipient if option @option{--recipient} is not
+used and don't ask if this is a valid one. The default key is the first
+one from the secret keyring or the one set with @option{--default-key}.
+
+@item --no-default-recipient
+@opindex no-default-recipient
+Reset @option{--default-recipient} and @option{--default-recipient-self}.
+
+@item -v, --verbose
+@opindex verbose
+Give more information during processing. If used
+twice, the input data is listed in detail.
+
+@item --no-verbose
+@opindex no-verbose
+Reset verbose level to 0.
+
+@item -q, --quiet
+@opindex quiet
+Try to be as quiet as possible.
+
+@item --batch
+@itemx --no-batch
+@opindex batch
+@opindex no-batch
+Use batch mode. Never ask, do not allow interactive commands.
+@option{--no-batch} disables this option. Note that even with a
+filename given on the command line, gpg might still need to read from
+STDIN (in particular if gpg figures that the input is a
+detached signature and no data file has been specified). Thus if you
+do not want to feed data via STDIN, you should connect STDIN to
+@file{/dev/null}.
+
+@item --no-tty
+@opindex no-tty
+Make sure that the TTY (terminal) is never used for any output.
+This option is needed in some cases because GnuPG sometimes prints
+warnings to the TTY even if @option{--batch} is used.
+
+@item --yes
+@opindex yes
+Assume "yes" on most questions.
+
+@item --no
+@opindex no
+Assume "no" on most questions.
+
+
+@item --list-options @code{parameters}
+@opindex list-options
+This is a space or comma delimited string that gives options used when
+listing keys and signatures (that is, @option{--list-keys},
+@option{--list-sigs}, @option{--list-public-keys},
+@option{--list-secret-keys}, and the @option{--edit-key} functions).
+Options can be prepended with a @option{no-} (after the two dashes) to
+give the opposite meaning. The options are:
+
+@table @asis
+
+ @item show-photos
+ @opindex list-options:show-photos
+ Causes @option{--list-keys}, @option{--list-sigs},
+ @option{--list-public-keys}, and @option{--list-secret-keys} to
+ display any photo IDs attached to the key. Defaults to no. See also
+ @option{--photo-viewer}. Does not work with @option{--with-colons}:
+ see @option{--attribute-fd} for the appropriate way to get photo data
+ for scripts and other frontends.
+
+ @item show-policy-urls
+ @opindex list-options:show-policy-urls
+ Show policy URLs in the @option{--list-sigs} or @option{--check-sigs}
+ listings. Defaults to no.
+
+ @item show-notations
+ @itemx show-std-notations
+ @itemx show-user-notations
+ @opindex list-options:show-notations
+ @opindex list-options:show-std-notations
+ @opindex list-options:show-user-notations
+ Show all, IETF standard, or user-defined signature notations in the
+ @option{--list-sigs} or @option{--check-sigs} listings. Defaults to no.
+
+ @item show-keyserver-urls
+ @opindex list-options:show-keyserver-urls
+ Show any preferred keyserver URL in the @option{--list-sigs} or
+ @option{--check-sigs} listings. Defaults to no.
+
+ @item show-uid-validity
+ @opindex list-options:show-uid-validity
+ Display the calculated validity of user IDs during key listings.
+ Defaults to no.
+
+ @item show-unusable-uids
+ @opindex list-options:show-unusable-uids
+ Show revoked and expired user IDs in key listings. Defaults to no.
+
+ @item show-unusable-subkeys
+ @opindex list-options:show-unusable-subkeys
+ Show revoked and expired subkeys in key listings. Defaults to no.
+
+ @item show-keyring
+ @opindex list-options:show-keyring
+ Display the keyring name at the head of key listings to show which
+ keyring a given key resides on. Defaults to no.
+
+ @item show-sig-expire
+ @opindex list-options:show-sig-expire
+ Show signature expiration dates (if any) during @option{--list-sigs} or
+ @option{--check-sigs} listings. Defaults to no.
+
+ @item show-sig-subpackets
+ @opindex list-options:show-sig-subpackets
+ Include signature subpackets in the key listing. This option can take an
+ optional argument list of the subpackets to list. If no argument is
+ passed, list all subpackets. Defaults to no. This option is only
+ meaningful when using @option{--with-colons} along with
+ @option{--list-sigs} or @option{--check-sigs}.
+
+@end table
+
+@item --verify-options @code{parameters}
+@opindex verify-options
+This is a space or comma delimited string that gives options used when
+verifying signatures. Options can be prepended with a `no-' to give
+the opposite meaning. The options are:
+
+@table @asis
+
+ @item show-photos
+ @opindex verify-options:show-photos
+ Display any photo IDs present on the key that issued the signature.
+ Defaults to no. See also @option{--photo-viewer}.
+
+ @item show-policy-urls
+ @opindex verify-options:show-policy-urls
+ Show policy URLs in the signature being verified. Defaults to no.
+
+ @item show-notations
+ @itemx show-std-notations
+ @itemx show-user-notations
+ @opindex verify-options:show-notations
+ @opindex verify-options:show-std-notations
+ @opindex verify-options:show-user-notations
+ Show all, IETF standard, or user-defined signature notations in the
+ signature being verified. Defaults to IETF standard.
+
+ @item show-keyserver-urls
+ @opindex verify-options:show-keyserver-urls
+ Show any preferred keyserver URL in the signature being verified.
+ Defaults to no.
+
+ @item show-uid-validity
+ @opindex verify-options:show-uid-validity
+ Display the calculated validity of the user IDs on the key that issued
+ the signature. Defaults to no.
+
+ @item show-unusable-uids
+ @opindex verify-options:show-unusable-uids
+ Show revoked and expired user IDs during signature verification.
+ Defaults to no.
+
+ @item show-primary-uid-only
+ @opindex verify-options:show-primary-uid-only
+ Show only the primary user ID during signature verification. That is
+ all the AKA lines as well as photo Ids are not shown with the signature
+ verification status.
+
+ @item pka-lookups
+ @opindex verify-options:pka-lookups
+ Enable PKA lookups to verify sender addresses. Note that PKA is based
+ on DNS, and so enabling this option may disclose information on when
+ and what signatures are verified or to whom data is encrypted. This
+ is similar to the "web bug" described for the auto-key-retrieve
+ feature.
+
+ @item pka-trust-increase
+ @opindex verify-options:pka-trust-increase
+ Raise the trust in a signature to full if the signature passes PKA
+ validation. This option is only meaningful if pka-lookups is set.
+@end table
+
+@item --enable-dsa2
+@itemx --disable-dsa2
+@opindex enable-dsa2
+@opindex disable-dsa2
+Enable hash truncation for all DSA keys even for old DSA Keys up to
+1024 bit. This is also the default with @option{--openpgp}. Note
+that older versions of GnuPG also required this flag to allow the
+generation of DSA larger than 1024 bit.
+
+@item --photo-viewer @code{string}
+@opindex photo-viewer
+This is the command line that should be run to view a photo ID. "%i"
+will be expanded to a filename containing the photo. "%I" does the
+same, except the file will not be deleted once the viewer exits.
+Other flags are "%k" for the key ID, "%K" for the long key ID, "%f"
+for the key fingerprint, "%t" for the extension of the image type
+(e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"),
+"%v" for the single-character calculated validity of the image being
+viewed (e.g. "f"), "%V" for the calculated validity as a string (e.g.
+"full"),
+and "%%" for an actual percent sign. If neither %i or %I are present,
+then the photo will be supplied to the viewer on standard input.
+
+The default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k'
+STDIN". Note that if your image viewer program is not secure, then
+executing it from GnuPG does not make it secure.
+
+@item --exec-path @code{string}
+@opindex exec-path
+Sets a list of directories to search for photo viewers and keyserver
+helpers. If not provided, keyserver helpers use the compiled-in
+default directory, and photo viewers use the $PATH environment
+variable.
+Note, that on W32 system this value is ignored when searching for
+keyserver helpers.
+
+@item --keyring @code{file}
+@opindex keyring
+Add @code{file} to the current list of keyrings. If @code{file} begins
+with a tilde and a slash, these are replaced by the $HOME directory. If
+the filename does not contain a slash, it is assumed to be in the GnuPG
+home directory ("~/.gnupg" if @option{--homedir} or $GNUPGHOME is not
+used).
+
+Note that this adds a keyring to the current list. If the intent is to
+use the specified keyring alone, use @option{--keyring} along with
+@option{--no-default-keyring}.
+
+@item --secret-keyring @code{file}
+@opindex secret-keyring
+Same as @option{--keyring} but for the secret keyrings.
+
+@item --primary-keyring @code{file}
+@opindex primary-keyring
+Designate @code{file} as the primary public keyring. This means that
+newly imported keys (via @option{--import} or keyserver
+@option{--recv-from}) will go to this keyring.
+
+@item --trustdb-name @code{file}
+@opindex trustdb-name
+Use @code{file} instead of the default trustdb. If @code{file} begins
+with a tilde and a slash, these are replaced by the $HOME directory. If
+the filename does not contain a slash, it is assumed to be in the GnuPG
+home directory (@file{~/.gnupg} if @option{--homedir} or $GNUPGHOME is
+not used).
+
+@ifset gpgone
+@anchor{option --homedir}
+@end ifset
+@include opt-homedir.texi
+
+
+@ifset gpgone
+@item --pcsc-driver @code{file}
+@opindex pcsc-driver
+Use @code{file} to access the smartcard reader. The current default is
+`libpcsclite.so.1' for GLIBC based systems,
+`/System/Library/Frameworks/PCSC.framework/PCSC' for MAC OS X,
+`winscard.dll' for Windows and `libpcsclite.so' for other systems.
+@end ifset
+
+@ifset gpgone
+@item --disable-ccid
+@opindex disable-ccid
+Disable the integrated support for CCID compliant readers. This
+allows to fall back to one of the other drivers even if the internal
+CCID driver can handle the reader. Note, that CCID support is only
+available if libusb was available at build time.
+@end ifset
+
+@ifset gpgone
+@item --reader-port @code{number_or_string}
+@opindex reader-port
+This option may be used to specify the port of the card terminal. A
+value of 0 refers to the first serial device; add 32768 to access USB
+devices. The default is 32768 (first USB device). PC/SC or CCID
+readers might need a string here; run the program in verbose mode to get
+a list of available readers. The default is then the first reader
+found.
+@end ifset
+
+@item --display-charset @code{name}
+@opindex display-charset
+Set the name of the native character set. This is used to convert
+some informational strings like user IDs to the proper UTF-8 encoding.
+Note that this has nothing to do with the character set of data to be
+encrypted or signed; GnuPG does not recode user-supplied data. If
+this option is not used, the default character set is determined from
+the current locale. A verbosity level of 3 shows the chosen set.
+Valid values for @code{name} are:
+
+@table @asis
+
+ @item iso-8859-1
+ @opindex display-charset:iso-8859-1
+ This is the Latin 1 set.
+
+ @item iso-8859-2
+ @opindex display-charset:iso-8859-2
+ The Latin 2 set.
+
+ @item iso-8859-15
+ @opindex display-charset:iso-8859-15
+ This is currently an alias for
+ the Latin 1 set.
+
+ @item koi8-r
+ @opindex display-charset:koi8-r
+ The usual Russian set (rfc1489).
+
+ @item utf-8
+ @opindex display-charset:utf-8
+ Bypass all translations and assume
+ that the OS uses native UTF-8 encoding.
+@end table
+
+@item --utf8-strings
+@itemx --no-utf8-strings
+@opindex utf8-strings
+Assume that command line arguments are given as UTF8 strings. The
+default (@option{--no-utf8-strings}) is to assume that arguments are
+encoded in the character set as specified by
+@option{--display-charset}. These options affect all following
+arguments. Both options may be used multiple times.
+
+@ifset gpgone
+@anchor{option --options}
+@end ifset
+@item --options @code{file}
+@opindex options
+Read options from @code{file} and do not try to read them from the
+default options file in the homedir (see @option{--homedir}). This
+option is ignored if used in an options file.
+
+@item --no-options
+@opindex no-options
+Shortcut for @option{--options /dev/null}. This option is detected
+before an attempt to open an option file. Using this option will also
+prevent the creation of a @file{~/.gnupg} homedir.
+
+@item -z @code{n}
+@itemx --compress-level @code{n}
+@itemx --bzip2-compress-level @code{n}
+@opindex compress-level
+@opindex bzip2-compress-level
+Set compression level to @code{n} for the ZIP and ZLIB compression
+algorithms. The default is to use the default compression level of zlib
+(normally 6). @option{--bzip2-compress-level} sets the compression level
+for the BZIP2 compression algorithm (defaulting to 6 as well). This is a
+different option from @option{--compress-level} since BZIP2 uses a
+significant amount of memory for each additional compression level.
+@option{-z} sets both. A value of 0 for @code{n} disables compression.
+
+@item --bzip2-decompress-lowmem
+@opindex bzip2-decompress-lowmem
+Use a different decompression method for BZIP2 compressed files. This
+alternate method uses a bit more than half the memory, but also runs
+at half the speed. This is useful under extreme low memory
+circumstances when the file was originally compressed at a high
+@option{--bzip2-compress-level}.
+
+
+@item --mangle-dos-filenames
+@itemx --no-mangle-dos-filenames
+@opindex mangle-dos-filenames
+@opindex no-mangle-dos-filenames
+Older version of Windows cannot handle filenames with more than one
+dot. @option{--mangle-dos-filenames} causes GnuPG to replace (rather
+than add to) the extension of an output filename to avoid this
+problem. This option is off by default and has no effect on non-Windows
+platforms.
+
+@item --ask-cert-level
+@itemx --no-ask-cert-level
+@opindex ask-cert-level
+When making a key signature, prompt for a certification level. If this
+option is not specified, the certification level used is set via
+@option{--default-cert-level}. See @option{--default-cert-level} for
+information on the specific levels and how they are
+used. @option{--no-ask-cert-level} disables this option. This option
+defaults to no.
+
+@item --default-cert-level @code{n}
+@opindex default-cert-level
+The default to use for the check level when signing a key.
+
+0 means you make no particular claim as to how carefully you verified
+the key.
+
+1 means you believe the key is owned by the person who claims to own
+it but you could not, or did not verify the key at all. This is
+useful for a "persona" verification, where you sign the key of a
+pseudonymous user.
+
+2 means you did casual verification of the key. For example, this
+could mean that you verified the key fingerprint and checked the
+user ID on the key against a photo ID.
+
+3 means you did extensive verification of the key. For example, this
+could mean that you verified the key fingerprint with the owner of the
+key in person, and that you checked, by means of a hard to forge
+document with a photo ID (such as a passport) that the name of the key
+owner matches the name in the user ID on the key, and finally that you
+verified (by exchange of email) that the email address on the key
+belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are just that:
+examples. In the end, it is up to you to decide just what "casual"
+and "extensive" mean to you.
+
+This option defaults to 0 (no particular claim).
+
+@item --min-cert-level
+@opindex min-cert-level
+When building the trust database, treat any signatures with a
+certification level below this as invalid. Defaults to 2, which
+disregards level 1 signatures. Note that level 0 "no particular
+claim" signatures are always accepted.
+
+@item --trusted-key @code{long key ID}
+@opindex trusted-key
+Assume that the specified key (which must be given
+as a full 8 byte key ID) is as trustworthy as one of
+your own secret keys. This option is useful if you
+don't want to keep your secret keys (or one of them)
+online but still want to be able to check the validity of a given
+recipient's or signator's key.
+
+@item --trust-model @code{pgp|classic|direct|always|auto}
+@opindex trust-model
+Set what trust model GnuPG should follow. The models are:
+
+@table @asis
+
+ @item pgp
+ @opindex trust-mode:pgp
+ This is the Web of Trust combined with trust signatures as used in PGP
+ 5.x and later. This is the default trust model when creating a new
+ trust database.
+
+ @item classic
+ @opindex trust-mode:classic
+ This is the standard Web of Trust as used in PGP 2.x and earlier.
+
+ @item direct
+ @opindex trust-mode:direct
+ Key validity is set directly by the user and not calculated via the
+ Web of Trust.
+
+ @item always
+ @opindex trust-mode:always
+ Skip key validation and assume that used keys are always fully
+ trusted. You generally won't use this unless you are using some
+ external validation scheme. This option also suppresses the
+ "[uncertain]" tag printed with signature checks when there is no
+ evidence that the user ID is bound to the key.
+
+ @item auto
+ @opindex trust-mode:auto
+ Select the trust model depending on whatever the internal trust
+ database says. This is the default model if such a database already
+ exists.
+@end table
+
+@item --auto-key-locate @code{parameters}
+@itemx --no-auto-key-locate
+@opindex auto-key-locate
+GnuPG can automatically locate and retrieve keys as needed using this
+option. This happens when encrypting to an email address (in the
+"user@@example.com" form), and there are no user@@example.com keys on
+the local keyring. This option takes any number of the following
+mechanisms, in the order they are to be tried:
+
+@table @asis
+
+ @item cert
+ Locate a key using DNS CERT, as specified in rfc4398.
+
+ @item pka
+ Locate a key using DNS PKA.
+
+ @item ldap
+ Using DNS Service Discovery, check the domain in question for any LDAP
+ keyservers to use. If this fails, attempt to locate the key using the
+ PGP Universal method of checking @samp{ldap://keys.(thedomain)}.
+
+ @item keyserver
+ Locate a key using whatever keyserver is defined using the
+ @option{--keyserver} option.
+
+ @item keyserver-URL
+ In addition, a keyserver URL as used in the @option{--keyserver} option
+ may be used here to query that particular keyserver.
+
+ @item local
+ Locate the key using the local keyrings. This mechanism allows to
+ select the order a local key lookup is done. Thus using
+ @samp{--auto-key-locate local} is identical to
+ @option{--no-auto-key-locate}.
+
+ @item nodefault
+ This flag disables the standard local key lookup, done before any of the
+ mechanisms defined by the @option{--auto-key-locate} are tried. The
+ position of this mechanism in the list does not matter. It is not
+ required if @code{local} is also used.
+
+@end table
+
+@item --keyid-format @code{short|0xshort|long|0xlong}
+@opindex keyid-format
+Select how to display key IDs. "short" is the traditional 8-character
+key ID. "long" is the more accurate (but less convenient)
+16-character key ID. Add an "0x" to either to include an "0x" at the
+beginning of the key ID, as in 0x99242560. Note that this option is
+ignored if the option --with-colons is used.
+
+@item --keyserver @code{name}
+@opindex keyserver
+Use @code{name} as your keyserver. This is the server that
+@option{--recv-keys}, @option{--send-keys}, and @option{--search-keys}
+will communicate with to receive keys from, send keys to, and search for
+keys on. The format of the @code{name} is a URI:
+`scheme:[//]keyservername[:port]' The scheme is the type of keyserver:
+"hkp" for the HTTP (or compatible) keyservers, "ldap" for the LDAP
+keyservers, or "mailto" for the Graff email keyserver. Note that your
+particular installation of GnuPG may have other keyserver types
+available as well. Keyserver schemes are case-insensitive. After the
+keyserver name, optional keyserver configuration options may be
+provided. These are the same as the global @option{--keyserver-options}
+from below, but apply only to this particular keyserver.
+
+Most keyservers synchronize with each other, so there is generally no
+need to send keys to more than one server. The keyserver
+@code{hkp://keys.gnupg.net} uses round robin DNS to give a different
+keyserver each time you use it.
+
+@item --keyserver-options @code{name=value1 }
+@opindex keyserver-options
+This is a space or comma delimited string that gives options for the
+keyserver. Options can be prefixed with a `no-' to give the opposite
+meaning. Valid import-options or export-options may be used here as
+well to apply to importing (@option{--recv-key}) or exporting
+(@option{--send-key}) a key from a keyserver. While not all options
+are available for all keyserver types, some common options are:
+
+@table @asis
+
+ @item include-revoked
+ When searching for a key with @option{--search-keys}, include keys that
+ are marked on the keyserver as revoked. Note that not all keyservers
+ differentiate between revoked and unrevoked keys, and for such
+ keyservers this option is meaningless. Note also that most keyservers do
+ not have cryptographic verification of key revocations, and so turning
+ this option off may result in skipping keys that are incorrectly marked
+ as revoked.
+
+ @item include-disabled
+ When searching for a key with @option{--search-keys}, include keys that
+ are marked on the keyserver as disabled. Note that this option is not
+ used with HKP keyservers.
+
+ @item auto-key-retrieve
+ This option enables the automatic retrieving of keys from a keyserver
+ when verifying signatures made by keys that are not on the local
+ keyring.
+
+ Note that this option makes a "web bug" like behavior possible.
+ Keyserver operators can see which keys you request, so by sending you
+ a message signed by a brand new key (which you naturally will not have
+ on your local keyring), the operator can tell both your IP address and
+ the time when you verified the signature.
+
+ @item honor-keyserver-url
+ When using @option{--refresh-keys}, if the key in question has a preferred
+ keyserver URL, then use that preferred keyserver to refresh the key
+ from. In addition, if auto-key-retrieve is set, and the signature
+ being verified has a preferred keyserver URL, then use that preferred
+ keyserver to fetch the key from. Defaults to yes.
+
+ @item honor-pka-record
+ If auto-key-retrieve is set, and the signature being verified has a
+ PKA record, then use the PKA information to fetch the key. Defaults
+ to yes.
+
+ @item include-subkeys
+ When receiving a key, include subkeys as potential targets. Note that
+ this option is not used with HKP keyservers, as they do not support
+ retrieving keys by subkey id.
+
+ @item use-temp-files
+ On most Unix-like platforms, GnuPG communicates with the keyserver
+ helper program via pipes, which is the most efficient method. This
+ option forces GnuPG to use temporary files to communicate. On some
+ platforms (such as Win32 and RISC OS), this option is always enabled.
+
+ @item keep-temp-files
+ If using `use-temp-files', do not delete the temp files after using
+ them. This option is useful to learn the keyserver communication
+ protocol by reading the temporary files.
+
+ @item verbose
+ Tell the keyserver helper program to be more verbose. This option can
+ be repeated multiple times to increase the verbosity level.
+
+ @item timeout
+ Tell the keyserver helper program how long (in seconds) to try and
+ perform a keyserver action before giving up. Note that performing
+ multiple actions at the same time uses this timeout value per action.
+ For example, when retrieving multiple keys via @option{--recv-keys}, the
+ timeout applies separately to each key retrieval, and not to the
+ @option{--recv-keys} command as a whole. Defaults to 30 seconds.
+
+ @item http-proxy=@code{value}
+ Set the proxy to use for HTTP and HKP keyservers. This overrides the
+ "http_proxy" environment variable, if any.
+
+
+@ifclear gpgtwoone
+ @item max-cert-size
+ When retrieving a key via DNS CERT, only accept keys up to this size.
+ Defaults to 16384 bytes.
+@end ifclear
+
+ @item debug
+ Turn on debug output in the keyserver helper program. Note that the
+ details of debug output depends on which keyserver helper program is
+ being used, and in turn, on any libraries that the keyserver helper
+ program uses internally (libcurl, openldap, etc).
+
+ @item check-cert
+ Enable certificate checking if the keyserver presents one (for hkps or
+ ldaps). Defaults to on.
+
+ @item ca-cert-file
+ Provide a certificate store to override the system default. Only
+ necessary if check-cert is enabled, and the keyserver is using a
+ certificate that is not present in a system default certificate list.
+
+ Note that depending on the SSL library that the keyserver helper is
+ built with, this may actually be a directory or a file.
+@end table
+
+@item --completes-needed @code{n}
+@opindex compliant-needed
+Number of completely trusted users to introduce a new
+key signer (defaults to 1).
+
+@item --marginals-needed @code{n}
+@opindex marginals-needed
+Number of marginally trusted users to introduce a new
+key signer (defaults to 3)
+
+@item --max-cert-depth @code{n}
+@opindex max-cert-depth
+Maximum depth of a certification chain (default is 5).
+
+@ifclear gpgtwoone
+@item --simple-sk-checksum
+@opindex simple-sk-checksum
+Secret keys are integrity protected by using a SHA-1 checksum. This
+method is part of the upcoming enhanced OpenPGP specification but
+GnuPG already uses it as a countermeasure against certain attacks.
+Old applications don't understand this new format, so this option may
+be used to switch back to the old behaviour. Using this option bears
+a security risk. Note that using this option only takes effect when
+the secret key is encrypted - the simplest way to make this happen is
+to change the passphrase on the key (even changing it to the same
+value is acceptable).
+@end ifclear
+
+@item --no-sig-cache
+@opindex no-sig-cache
+Do not cache the verification status of key signatures.
+Caching gives a much better performance in key listings. However, if
+you suspect that your public keyring is not save against write
+modifications, you can use this option to disable the caching. It
+probably does not make sense to disable it because all kind of damage
+can be done if someone else has write access to your public keyring.
+
+@item --no-sig-create-check
+@opindex no-sig-create-check
+GnuPG normally verifies each signature right after creation to protect
+against bugs and hardware malfunctions which could leak out bits from
+the secret key. This extra verification needs some time (about 115%
+for DSA keys), and so this option can be used to disable it.
+However, due to the fact that the signature creation needs manual
+interaction, this performance penalty does not matter in most settings.
+
+@item --auto-check-trustdb
+@itemx --no-auto-check-trustdb
+@opindex auto-check-trustdb
+If GnuPG feels that its information about the Web of Trust has to be
+updated, it automatically runs the @option{--check-trustdb} command
+internally. This may be a time consuming
+process. @option{--no-auto-check-trustdb} disables this option.
+
+@item --use-agent
+@itemx --no-use-agent
+@opindex use-agent
+@ifclear gpgone
+This is dummy option. @command{@gpgname} always requires the agent.
+@end ifclear
+@ifset gpgone
+Try to use the GnuPG-Agent. With this option, GnuPG first tries to
+connect to the agent before it asks for a
+passphrase. @option{--no-use-agent} disables this option.
+@end ifset
+
+@item --gpg-agent-info
+@opindex gpg-agent-info
+@ifclear gpgone
+This is dummy option. It has no effect when used with @command{gpg2}.
+@end ifclear
+@ifset gpgone
+Override the value of the environment variable
+@samp{GPG_AGENT_INFO}. This is only used when @option{--use-agent} has
+been given. Given that this option is not anymore used by
+@command{gpg2}, it should be avoided if possible.
+@end ifset
+
+@item --lock-once
+@opindex lock-once
+Lock the databases the first time a lock is requested
+and do not release the lock until the process
+terminates.
+
+@item --lock-multiple
+@opindex lock-multiple
+Release the locks every time a lock is no longer
+needed. Use this to override a previous @option{--lock-once}
+from a config file.
+
+@item --lock-never
+@opindex lock-never
+Disable locking entirely. This option should be used only in very
+special environments, where it can be assured that only one process
+is accessing those files. A bootable floppy with a stand-alone
+encryption system will probably use this. Improper usage of this
+option may lead to data and key corruption.
+
+@item --exit-on-status-write-error
+@opindex exit-on-status-write-error
+This option will cause write errors on the status FD to immediately
+terminate the process. That should in fact be the default but it never
+worked this way and thus we need an option to enable this, so that the
+change won't break applications which close their end of a status fd
+connected pipe too early. Using this option along with
+@option{--enable-progress-filter} may be used to cleanly cancel long
+running gpg operations.
+
+@item --limit-card-insert-tries @code{n}
+@opindex limit-card-insert-tries
+With @code{n} greater than 0 the number of prompts asking to insert a
+smartcard gets limited to N-1. Thus with a value of 1 gpg won't at
+all ask to insert a card if none has been inserted at startup. This
+option is useful in the configuration file in case an application does
+not know about the smartcard support and waits ad infinitum for an
+inserted card.
+
+@item --no-random-seed-file
+@opindex no-random-seed-file
+GnuPG uses a file to store its internal random pool over invocations.
+This makes random generation faster; however sometimes write operations
+are not desired. This option can be used to achieve that with the cost of
+slower random generation.
+
+@item --no-greeting
+@opindex no-greeting
+Suppress the initial copyright message.
+
+@item --no-secmem-warning
+@opindex no-secmem-warning
+Suppress the warning about "using insecure memory".
+
+@item --no-permission-warning
+@opindex permission-warning
+Suppress the warning about unsafe file and home directory (@option{--homedir})
+permissions. Note that the permission checks that GnuPG performs are
+not intended to be authoritative, but rather they simply warn about
+certain common permission problems. Do not assume that the lack of a
+warning means that your system is secure.
+
+Note that the warning for unsafe @option{--homedir} permissions cannot be
+suppressed in the gpg.conf file, as this would allow an attacker to
+place an unsafe gpg.conf file in place, and use this file to suppress
+warnings about itself. The @option{--homedir} permissions warning may only be
+suppressed on the command line.
+
+@item --no-mdc-warning
+@opindex no-mdc-warning
+Suppress the warning about missing MDC integrity protection.
+
+@item --require-secmem
+@itemx --no-require-secmem
+@opindex require-secmem
+Refuse to run if GnuPG cannot get secure memory. Defaults to no
+(i.e. run, but give a warning).
+
+
+@item --require-cross-certification
+@itemx --no-require-cross-certification
+@opindex require-cross-certification
+When verifying a signature made from a subkey, ensure that the cross
+certification "back signature" on the subkey is present and valid. This
+protects against a subtle attack against subkeys that can sign.
+Defaults to @option{--require-cross-certification} for
+@command{@gpgname}.
+
+@item --expert
+@itemx --no-expert
+@opindex expert
+Allow the user to do certain nonsensical or "silly" things like
+signing an expired or revoked key, or certain potentially incompatible
+things like generating unusual key types. This also disables certain
+warning messages about potentially incompatible actions. As the name
+implies, this option is for experts only. If you don't fully
+understand the implications of what it allows you to do, leave this
+off. @option{--no-expert} disables this option.
+
+@end table
+
+
+@c *******************************************
+@c ******** KEY RELATED OPTIONS ************
+@c *******************************************
+@node GPG Key related Options
+@subsection Key related options
+
+@table @gnupgtabopt
+
+@item --recipient @var{name}
+@itemx -r
+@opindex recipient
+Encrypt for user id @var{name}. If this option or
+@option{--hidden-recipient} is not specified, GnuPG asks for the user-id
+unless @option{--default-recipient} is given.
+
+@item --hidden-recipient @var{name}
+@itemx -R
+@opindex hidden-recipient
+Encrypt for user ID @var{name}, but hide the key ID of this user's
+key. This option helps to hide the receiver of the message and is a
+limited countermeasure against traffic analysis. If this option or
+@option{--recipient} is not specified, GnuPG asks for the user ID unless
+@option{--default-recipient} is given.
+
+@item --encrypt-to @code{name}
+@opindex encrypt-to
+Same as @option{--recipient} but this one is intended for use in the
+options file and may be used with your own user-id as an
+"encrypt-to-self". These keys are only used when there are other
+recipients given either by use of @option{--recipient} or by the asked
+user id. No trust checking is performed for these user ids and even
+disabled keys can be used.
+
+@item --hidden-encrypt-to @code{name}
+@opindex hidden-encrypt-to
+Same as @option{--hidden-recipient} but this one is intended for use in the
+options file and may be used with your own user-id as a hidden
+"encrypt-to-self". These keys are only used when there are other
+recipients given either by use of @option{--recipient} or by the asked user id.
+No trust checking is performed for these user ids and even disabled
+keys can be used.
+
+@item --no-encrypt-to
+@opindex no-encrypt-to
+Disable the use of all @option{--encrypt-to} and
+@option{--hidden-encrypt-to} keys.
+
+@item --group @code{name=value1 }
+@opindex group
+Sets up a named group, which is similar to aliases in email programs.
+Any time the group name is a recipient (@option{-r} or
+@option{--recipient}), it will be expanded to the values
+specified. Multiple groups with the same name are automatically merged
+into a single group.
+
+The values are @code{key IDs} or fingerprints, but any key description
+is accepted. Note that a value with spaces in it will be treated as
+two different values. Note also there is only one level of expansion
+--- you cannot make an group that points to another group. When used
+from the command line, it may be necessary to quote the argument to
+this option to prevent the shell from treating it as multiple
+arguments.
+
+@item --ungroup @code{name}
+@opindex ungroup
+Remove a given entry from the @option{--group} list.
+
+@item --no-groups
+@opindex no-groups
+Remove all entries from the @option{--group} list.
+
+@item --local-user @var{name}
+@itemx -u
+@opindex local-user
+Use @var{name} as the key to sign with. Note that this option overrides
+@option{--default-key}.
+
+@ifset gpgtwoone
+@item --try-secret-key @var{name}
+@opindex try-secret-key
+For hidden recipients GPG needs to know the keys to use for trial
+decryption. The key set with @option{--default-key} is always tried
+first, but this is often not sufficient. This option allows to set more
+keys to be used for trial decryption. Although any valid user-id
+specification may be used for @var{name} it makes sense to use at least
+the long keyid to avoid ambiguities. Note that gpg-agent might pop up a
+pinentry for a lot keys to do the trial decryption. If you want to stop
+all further trial decryption you may use close-window button instead of
+the cancel button.
+@end ifset
+
+@item --try-all-secrets
+@opindex try-all-secrets
+Don't look at the key ID as stored in the message but try all secret
+keys in turn to find the right decryption key. This option forces the
+behaviour as used by anonymous recipients (created by using
+@option{--throw-keyids} or @option{--hidden-recipient}) and might come
+handy in case where an encrypted message contains a bogus key ID.
+
+@item --skip-hidden-recipients
+@itemx --no-skip-hidden-recipients
+@opindex skip-hidden-recipients
+@opindex no-skip-hidden-recipients
+During decryption skip all anonymous recipients. This option helps in
+the case that people use the hidden recipients feature to hide there
+own encrypt-to key from others. If oneself has many secret keys this
+may lead to a major annoyance because all keys are tried in turn to
+decrypt soemthing which was not really intended for it. The drawback
+of this option is that it is currently not possible to decrypt a
+message which includes real anonymous recipients.
+
+
+@end table
+
+@c *******************************************
+@c ******** INPUT AND OUTPUT ***************
+@c *******************************************
+@node GPG Input and Output
+@subsection Input and Output
+
+@table @gnupgtabopt
+
+@item --armor
+@itemx -a
+@opindex armor
+Create ASCII armored output. The default is to create the binary
+OpenPGP format.
+
+@item --no-armor
+@opindex no-armor
+Assume the input data is not in ASCII armored format.
+
+@item --output @var{file}
+@itemx -o @var{file}
+@opindex output
+Write output to @var{file}.
+
+@item --max-output @code{n}
+@opindex max-output
+This option sets a limit on the number of bytes that will be generated
+when processing a file. Since OpenPGP supports various levels of
+compression, it is possible that the plaintext of a given message may be
+significantly larger than the original OpenPGP message. While GnuPG
+works properly with such messages, there is often a desire to set a
+maximum file size that will be generated before processing is forced to
+stop by the OS limits. Defaults to 0, which means "no limit".
+
+@item --import-options @code{parameters}
+@opindex import-options
+This is a space or comma delimited string that gives options for
+importing keys. Options can be prepended with a `no-' to give the
+opposite meaning. The options are:
+
+@table @asis
+
+ @item import-local-sigs
+ Allow importing key signatures marked as "local". This is not
+ generally useful unless a shared keyring scheme is being used.
+ Defaults to no.
+
+ @item repair-pks-subkey-bug
+ During import, attempt to repair the damage caused by the PKS keyserver
+ bug (pre version 0.9.6) that mangles keys with multiple subkeys. Note
+ that this cannot completely repair the damaged key as some crucial data
+ is removed by the keyserver, but it does at least give you back one
+ subkey. Defaults to no for regular @option{--import} and to yes for
+ keyserver @option{--recv-keys}.
+
+ @item merge-only
+ During import, allow key updates to existing keys, but do not allow
+ any new keys to be imported. Defaults to no.
+
+ @item import-clean
+ After import, compact (remove all signatures except the
+ self-signature) any user IDs from the new key that are not usable.
+ Then, remove any signatures from the new key that are not usable.
+ This includes signatures that were issued by keys that are not present
+ on the keyring. This option is the same as running the @option{--edit-key}
+ command "clean" after import. Defaults to no.
+
+ @item import-minimal
+ Import the smallest key possible. This removes all signatures except
+ the most recent self-signature on each user ID. This option is the
+ same as running the @option{--edit-key} command "minimize" after import.
+ Defaults to no.
+@end table
+
+@item --export-options @code{parameters}
+@opindex export-options
+This is a space or comma delimited string that gives options for
+exporting keys. Options can be prepended with a `no-' to give the
+opposite meaning. The options are:
+
+@table @asis
+
+ @item export-local-sigs
+ Allow exporting key signatures marked as "local". This is not
+ generally useful unless a shared keyring scheme is being used.
+ Defaults to no.
+
+ @item export-attributes
+ Include attribute user IDs (photo IDs) while exporting. This is
+ useful to export keys if they are going to be used by an OpenPGP
+ program that does not accept attribute user IDs. Defaults to yes.
+
+ @item export-sensitive-revkeys
+ Include designated revoker information that was marked as
+ "sensitive". Defaults to no.
+
+ @c Since GnuPG 2.1 gpg-agent manages the secret key and thus the
+ @c export-reset-subkey-passwd hack is not anymore justified. Such use
+ @c cases need to be implemented using a specialized secret key export
+ @c tool.
+@ifclear gpgtwoone
+ @item export-reset-subkey-passwd
+ When using the @option{--export-secret-subkeys} command, this option resets
+ the passphrases for all exported subkeys to empty. This is useful
+ when the exported subkey is to be used on an unattended machine where
+ a passphrase doesn't necessarily make sense. Defaults to no.
+@end ifclear
+
+ @item export-clean
+ Compact (remove all signatures from) user IDs on the key being
+ exported if the user IDs are not usable. Also, do not export any
+ signatures that are not usable. This includes signatures that were
+ issued by keys that are not present on the keyring. This option is
+ the same as running the @option{--edit-key} command "clean" before export
+ except that the local copy of the key is not modified. Defaults to
+ no.
+
+ @item export-minimal
+ Export the smallest key possible. This removes all signatures except the
+ most recent self-signature on each user ID. This option is the same as
+ running the @option{--edit-key} command "minimize" before export except
+ that the local copy of the key is not modified. Defaults to no.
+@end table
+
+@item --with-colons
+@opindex with-colons
+Print key listings delimited by colons. Note that the output will be
+encoded in UTF-8 regardless of any @option{--display-charset} setting. This
+format is useful when GnuPG is called from scripts and other programs
+as it is easily machine parsed. The details of this format are
+documented in the file @file{doc/DETAILS}, which is included in the GnuPG
+source distribution.
+
+@item --fixed-list-mode
+@opindex fixed-list-mode
+Do not merge primary user ID and primary key in @option{--with-colon}
+listing mode and print all timestamps as seconds since 1970-01-01.
+@ifclear gpgone
+Since GnuPG 2.0.10, this mode is always used and thus this option is
+obsolete; it does not harm to use it though.
+@end ifclear
+
+@item --with-fingerprint
+@opindex with-fingerprint
+Same as the command @option{--fingerprint} but changes only the format
+of the output and may be used together with another command.
+
+@ifset gpgtwoone
+@item --with-keygrip
+@opindex with-keygrip
+Include the keygrip in the key listings.
+@end ifset
+
+@end table
+
+@c *******************************************
+@c ******** OPENPGP OPTIONS ****************
+@c *******************************************
+@node OpenPGP Options
+@subsection OpenPGP protocol specific options.
+
+@table @gnupgtabopt
+
+@item -t, --textmode
+@itemx --no-textmode
+@opindex textmode
+Treat input files as text and store them in the OpenPGP canonical text
+form with standard "CRLF" line endings. This also sets the necessary
+flags to inform the recipient that the encrypted or signed data is text
+and may need its line endings converted back to whatever the local
+system uses. This option is useful when communicating between two
+platforms that have different line ending conventions (UNIX-like to Mac,
+Mac to Windows, etc). @option{--no-textmode} disables this option, and
+is the default.
+
+@ifset gpgone
+If @option{-t} (but not @option{--textmode}) is used together with
+armoring and signing, this enables clearsigned messages. This kludge is
+needed for command-line compatibility with command-line versions of PGP;
+normally you would use @option{--sign} or @option{--clearsign} to select
+the type of the signature.
+@end ifset
+
+@item --force-v3-sigs
+@itemx --no-force-v3-sigs
+@opindex force-v3-sigs
+OpenPGP states that an implementation should generate v4 signatures
+but PGP versions 5 through 7 only recognize v4 signatures on key
+material. This option forces v3 signatures for signatures on data.
+Note that this option implies @option{--no-ask-sig-expire}, and unsets
+@option{--sig-policy-url}, @option{--sig-notation}, and
+@option{--sig-keyserver-url}, as these features cannot be used with v3
+signatures. @option{--no-force-v3-sigs} disables this option.
+Defaults to no.
+
+@item --force-v4-certs
+@itemx --no-force-v4-certs
+@opindex force-v4-certs
+Always use v4 key signatures even on v3 keys. This option also
+changes the default hash algorithm for v3 RSA keys from MD5 to SHA-1.
+@option{--no-force-v4-certs} disables this option.
+
+@item --force-mdc
+@opindex force-mdc
+Force the use of encryption with a modification detection code. This
+is always used with the newer ciphers (those with a blocksize greater
+than 64 bits), or if all of the recipient keys indicate MDC support in
+their feature flags.
+
+@item --disable-mdc
+@opindex disable-mdc
+Disable the use of the modification detection code. Note that by
+using this option, the encrypted message becomes vulnerable to a
+message modification attack.
+
+@item --personal-cipher-preferences @code{string}
+@opindex personal-cipher-preferences
+Set the list of personal cipher preferences to @code{string}. Use
+@command{@gpgname --version} to get a list of available algorithms,
+and use @code{none} to set no preference at all. This allows the user
+to safely override the algorithm chosen by the recipient key
+preferences, as GPG will only select an algorithm that is usable by
+all recipients. The most highly ranked cipher in this list is also
+used for the @option{--symmetric} encryption command.
+
+@item --personal-digest-preferences @code{string}
+@opindex personal-digest-preferences
+Set the list of personal digest preferences to @code{string}. Use
+@command{@gpgname --version} to get a list of available algorithms,
+and use @code{none} to set no preference at all. This allows the user
+to safely override the algorithm chosen by the recipient key
+preferences, as GPG will only select an algorithm that is usable by
+all recipients. The most highly ranked digest algorithm in this list
+is also used when signing without encryption
+(e.g. @option{--clearsign} or @option{--sign}).
+
+@item --personal-compress-preferences @code{string}
+@opindex personal-compress-preferences
+Set the list of personal compression preferences to @code{string}.
+Use @command{@gpgname --version} to get a list of available
+algorithms, and use @code{none} to set no preference at all. This
+allows the user to safely override the algorithm chosen by the
+recipient key preferences, as GPG will only select an algorithm that
+is usable by all recipients. The most highly ranked compression
+algorithm in this list is also used when there are no recipient keys
+to consider (e.g. @option{--symmetric}).
+
+@item --s2k-cipher-algo @code{name}
+@opindex s2k-cipher-algo
+Use @code{name} as the cipher algorithm used to protect secret keys.
+The default cipher is CAST5. This cipher is also used for
+conventional encryption if @option{--personal-cipher-preferences} and
+@option{--cipher-algo} is not given.
+
+@item --s2k-digest-algo @code{name}
+@opindex s2k-digest-algo
+Use @code{name} as the digest algorithm used to mangle the passphrases.
+The default algorithm is SHA-1.
+
+@item --s2k-mode @code{n}
+@opindex s2k-mode
+Selects how passphrases are mangled. If @code{n} is 0 a plain
+passphrase (which is not recommended) will be used, a 1 adds a salt to
+the passphrase and a 3 (the default) iterates the whole process a
+number of times (see --s2k-count). Unless @option{--rfc1991} is used,
+this mode is also used for conventional encryption.
+
+@item --s2k-count @code{n}
+@opindex s2k-count
+Specify how many times the passphrase mangling is repeated. This
+value may range between 1024 and 65011712 inclusive. The default is
+inquired from gpg-agent. Note that not all values in the
+1024-65011712 range are legal and if an illegal value is selected,
+GnuPG will round up to the nearest legal value. This option is only
+meaningful if @option{--s2k-mode} is 3.
+
+
+@end table
+
+@c ***************************
+@c ******* Compliance ********
+@c ***************************
+@subsection Compliance options
+
+These options control what GnuPG is compliant to. Only one of these
+options may be active at a time. Note that the default setting of
+this is nearly always the correct one. See the INTEROPERABILITY WITH
+OTHER OPENPGP PROGRAMS section below before using one of these
+options.
+
+@table @gnupgtabopt
+
+@item --gnupg
+@opindex gnupg
+Use standard GnuPG behavior. This is essentially OpenPGP behavior
+(see @option{--openpgp}), but with some additional workarounds for common
+compatibility problems in different versions of PGP. This is the
+default option, so it is not generally needed, but it may be useful to
+override a different compliance option in the gpg.conf file.
+
+@item --openpgp
+@opindex openpgp
+Reset all packet, cipher and digest options to strict OpenPGP
+behavior. Use this option to reset all previous options like
+@option{--s2k-*}, @option{--cipher-algo}, @option{--digest-algo} and
+@option{--compress-algo} to OpenPGP compliant values. All PGP
+workarounds are disabled.
+
+@item --rfc4880
+@opindex rfc4880
+Reset all packet, cipher and digest options to strict RFC-4880
+behavior. Note that this is currently the same thing as
+@option{--openpgp}.
+
+@item --rfc2440
+@opindex rfc2440
+Reset all packet, cipher and digest options to strict RFC-2440
+behavior.
+
+@item --rfc1991
+@opindex rfc1991
+Try to be more RFC-1991 (PGP 2.x) compliant.
+
+@item --pgp2
+@opindex pgp2
+Set up all options to be as PGP 2.x compliant as possible, and warn if
+an action is taken (e.g. encrypting to a non-RSA key) that will create
+a message that PGP 2.x will not be able to handle. Note that `PGP
+2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x
+available, but the MIT release is a good common baseline.
+
+This option implies @option{--rfc1991 --disable-mdc
+--no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo
+IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables
+@option{--textmode} when encrypting.
+
+@item --pgp6
+@opindex pgp6
+Set up all options to be as PGP 6 compliant as possible. This
+restricts you to the ciphers IDEA (if the IDEA plugin is installed),
+3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160, and the
+compression algorithms none and ZIP. This also disables
+--throw-keyids, and making signatures with signing subkeys as PGP 6
+does not understand signatures made by signing subkeys.
+
+This option implies @option{--disable-mdc --escape-from-lines
+--force-v3-sigs}.
+
+@item --pgp7
+@opindex pgp7
+Set up all options to be as PGP 7 compliant as possible. This is
+identical to @option{--pgp6} except that MDCs are not disabled, and the
+list of allowable ciphers is expanded to add AES128, AES192, AES256, and
+TWOFISH.
+
+@item --pgp8
+@opindex pgp8
+Set up all options to be as PGP 8 compliant as possible. PGP 8 is a lot
+closer to the OpenPGP standard than previous versions of PGP, so all
+this does is disable @option{--throw-keyids} and set
+@option{--escape-from-lines}. All algorithms are allowed except for the
+SHA224, SHA384, and SHA512 digests.
+
+@end table
+
+
+@c *******************************************
+@c ******** ESOTERIC OPTIONS ***************
+@c *******************************************
+@node GPG Esoteric Options
+@subsection Doing things one usually doesn't want to do.
+
+@table @gnupgtabopt
+
+@item -n
+@itemx --dry-run
+@opindex dry-run
+Don't make any changes (this is not completely implemented).
+
+@item --list-only
+@opindex list-only
+Changes the behaviour of some commands. This is like @option{--dry-run} but
+different in some cases. The semantic of this command may be extended in
+the future. Currently it only skips the actual decryption pass and
+therefore enables a fast listing of the encryption keys.
+
+@item -i
+@itemx --interactive
+@opindex interactive
+Prompt before overwriting any files.
+
+@item --debug-level @var{level}
+@opindex debug-level
+Select the debug level for investigating problems. @var{level} may be
+a numeric value or by a keyword:
+
+@table @code
+ @item none
+ No debugging at all. A value of less than 1 may be used instead of
+ the keyword.
+ @item basic
+ Some basic debug messages. A value between 1 and 2 may be used
+ instead of the keyword.
+ @item advanced
+ More verbose debug messages. A value between 3 and 5 may be used
+ instead of the keyword.
+ @item expert
+ Even more detailed messages. A value between 6 and 8 may be used
+ instead of the keyword.
+ @item guru
+ All of the debug messages you can get. A value greater than 8 may be
+ used instead of the keyword. The creation of hash tracing files is
+ only enabled if the keyword is used.
+@end table
+
+How these messages are mapped to the actual debugging flags is not
+specified and may change with newer releases of this program. They are
+however carefully selected to best aid in debugging.
+
+@item --debug @var{flags}
+@opindex debug
+Set debugging flags. All flags are or-ed and @var{flags} may
+be given in C syntax (e.g. 0x0042).
+
+@item --debug-all
+@opindex debug-all
+Set all useful debugging flags.
+
+@ifset gpgone
+@item --debug-ccid-driver
+@opindex debug-ccid-driver
+Enable debug output from the included CCID driver for smartcards.
+Note that this option is only available on some system.
+@end ifset
+
+@item --faked-system-time @var{epoch}
+@opindex faked-system-time
+This option is only useful for testing; it sets the system time back or
+forth to @var{epoch} which is the number of seconds elapsed since the year
+1970. Alternatively @var{epoch} may be given as a full ISO time string
+(e.g. "20070924T154812").
+
+@item --enable-progress-filter
+@opindex enable-progress-filter
+Enable certain PROGRESS status outputs. This option allows frontends
+to display a progress indicator while gpg is processing larger files.
+There is a slight performance overhead using it.
+
+@item --status-fd @code{n}
+@opindex status-fd
+Write special status strings to the file descriptor @code{n}.
+See the file DETAILS in the documentation for a listing of them.
+
+@item --status-file @code{file}
+@opindex status-file
+Same as @option{--status-fd}, except the status data is written to file
+@code{file}.
+
+@item --logger-fd @code{n}
+@opindex logger-fd
+Write log output to file descriptor @code{n} and not to STDERR.
+
+@item --log-file @code{file}
+@itemx --logger-file @code{file}
+@opindex log-file
+Same as @option{--logger-fd}, except the logger data is written to file
+@code{file}. Note that @option{--log-file} is only implemented for
+GnuPG-2.
+
+@item --attribute-fd @code{n}
+@opindex attribute-fd
+Write attribute subpackets to the file descriptor @code{n}. This is most
+useful for use with @option{--status-fd}, since the status messages are
+needed to separate out the various subpackets from the stream delivered
+to the file descriptor.
+
+@item --attribute-file @code{file}
+@opindex attribute-file
+Same as @option{--attribute-fd}, except the attribute data is written to
+file @code{file}.
+
+@item --comment @code{string}
+@itemx --no-comments
+@opindex comment
+Use @code{string} as a comment string in clear text signatures and ASCII
+armored messages or keys (see @option{--armor}). The default behavior is
+not to use a comment string. @option{--comment} may be repeated multiple
+times to get multiple comment strings. @option{--no-comments} removes
+all comments. It is a good idea to keep the length of a single comment
+below 60 characters to avoid problems with mail programs wrapping such
+lines. Note that comment lines, like all other header lines, are not
+protected by the signature.
+
+@item --emit-version
+@itemx --no-emit-version
+@opindex emit-version
+Force inclusion of the version string in ASCII armored output.
+@option{--no-emit-version} disables this option.
+
+@item --sig-notation @code{name=value}
+@itemx --cert-notation @code{name=value}
+@itemx -N, --set-notation @code{name=value}
+@opindex sig-notation
+@opindex cert-notation
+@opindex set-notation
+Put the name value pair into the signature as notation data.
+@code{name} must consist only of printable characters or spaces, and
+must contain a '@@' character in the form keyname@@domain.example.com
+(substituting the appropriate keyname and domain name, of course). This
+is to help prevent pollution of the IETF reserved notation
+namespace. The @option{--expert} flag overrides the '@@'
+check. @code{value} may be any printable string; it will be encoded in
+UTF8, so you should check that your @option{--display-charset} is set
+correctly. If you prefix @code{name} with an exclamation mark (!), the
+notation data will be flagged as critical
+(rfc2440:5.2.3.15). @option{--sig-notation} sets a notation for data
+signatures. @option{--cert-notation} sets a notation for key signatures
+(certifications). @option{--set-notation} sets both.
+
+There are special codes that may be used in notation names. "%k" will
+be expanded into the key ID of the key being signed, "%K" into the
+long key ID of the key being signed, "%f" into the fingerprint of the
+key being signed, "%s" into the key ID of the key making the
+signature, "%S" into the long key ID of the key making the signature,
+"%g" into the fingerprint of the key making the signature (which might
+be a subkey), "%p" into the fingerprint of the primary key of the key
+making the signature, "%c" into the signature count from the OpenPGP
+smartcard, and "%%" results in a single "%". %k, %K, and %f are only
+meaningful when making a key signature (certification), and %c is only
+meaningful when using the OpenPGP smartcard.
+
+@item --sig-policy-url @code{string}
+@itemx --cert-policy-url @code{string}
+@itemx --set-policy-url @code{string}
+@opindex sig-policy-url
+@opindex cert-policy-url
+@opindex set-policy-url
+Use @code{string} as a Policy URL for signatures (rfc2440:5.2.3.19). If
+you prefix it with an exclamation mark (!), the policy URL packet will
+be flagged as critical. @option{--sig-policy-url} sets a policy url for
+data signatures. @option{--cert-policy-url} sets a policy url for key
+signatures (certifications). @option{--set-policy-url} sets both.
+
+The same %-expandos used for notation data are available here as well.
+
+@item --sig-keyserver-url @code{string}
+@opindex sig-keyserver-url
+Use @code{string} as a preferred keyserver URL for data signatures. If
+you prefix it with an exclamation mark (!), the keyserver URL packet
+will be flagged as critical.
+
+The same %-expandos used for notation data are available here as well.
+
+@item --set-filename @code{string}
+@opindex set-filename
+Use @code{string} as the filename which is stored inside messages.
+This overrides the default, which is to use the actual filename of the
+file being encrypted.
+
+@item --for-your-eyes-only
+@itemx --no-for-your-eyes-only
+@opindex for-your-eyes-only
+Set the `for your eyes only' flag in the message. This causes GnuPG to
+refuse to save the file unless the @option{--output} option is given,
+and PGP to use a "secure viewer" with a claimed Tempest-resistant font
+to display the message. This option overrides @option{--set-filename}.
+@option{--no-for-your-eyes-only} disables this option.
+
+@item --use-embedded-filename
+@itemx --no-use-embedded-filename
+@opindex use-embedded-filename
+Try to create a file with a name as embedded in the data. This can be
+a dangerous option as it allows to overwrite files. Defaults to no.
+
+@item --cipher-algo @code{name}
+@opindex cipher-algo
+Use @code{name} as cipher algorithm. Running the program with the
+command @option{--version} yields a list of supported algorithms. If
+this is not used the cipher algorithm is selected from the preferences
+stored with the key. In general, you do not want to use this option as
+it allows you to violate the OpenPGP standard.
+@option{--personal-cipher-preferences} is the safe way to accomplish the
+same thing.
+
+@item --digest-algo @code{name}
+@opindex digest-algo
+Use @code{name} as the message digest algorithm. Running the program
+with the command @option{--version} yields a list of supported algorithms. In
+general, you do not want to use this option as it allows you to
+violate the OpenPGP standard. @option{--personal-digest-preferences} is the
+safe way to accomplish the same thing.
+
+@item --compress-algo @code{name}
+@opindex compress-algo
+Use compression algorithm @code{name}. "zlib" is RFC-1950 ZLIB
+compression. "zip" is RFC-1951 ZIP compression which is used by PGP.
+"bzip2" is a more modern compression scheme that can compress some
+things better than zip or zlib, but at the cost of more memory used
+during compression and decompression. "uncompressed" or "none"
+disables compression. If this option is not used, the default
+behavior is to examine the recipient key preferences to see which
+algorithms the recipient supports. If all else fails, ZIP is used for
+maximum compatibility.
+
+ZLIB may give better compression results than ZIP, as the compression
+window size is not limited to 8k. BZIP2 may give even better
+compression results than that, but will use a significantly larger
+amount of memory while compressing and decompressing. This may be
+significant in low memory situations. Note, however, that PGP (all
+versions) only supports ZIP compression. Using any algorithm other
+than ZIP or "none" will make the message unreadable with PGP. In
+general, you do not want to use this option as it allows you to
+violate the OpenPGP standard. @option{--personal-compress-preferences} is the
+safe way to accomplish the same thing.
+
+@item --cert-digest-algo @code{name}
+@opindex cert-digest-algo
+Use @code{name} as the message digest algorithm used when signing a
+key. Running the program with the command @option{--version} yields a
+list of supported algorithms. Be aware that if you choose an algorithm
+that GnuPG supports but other OpenPGP implementations do not, then some
+users will not be able to use the key signatures you make, or quite
+possibly your entire key.
+
+@item --disable-cipher-algo @code{name}
+@opindex disable-cipher-algo
+Never allow the use of @code{name} as cipher algorithm.
+The given name will not be checked so that a later loaded algorithm
+will still get disabled.
+
+@item --disable-pubkey-algo @code{name}
+@opindex disable-pubkey-algo
+Never allow the use of @code{name} as public key algorithm.
+The given name will not be checked so that a later loaded algorithm
+will still get disabled.
+
+@item --throw-keyids
+@itemx --no-throw-keyids
+@opindex throw-keyids
+Do not put the recipient key IDs into encrypted messages. This helps to
+hide the receivers of the message and is a limited countermeasure
+against traffic analysis.@footnote{Using a little social engineering
+anyone who is able to decrypt the message can check whether one of the
+other recipients is the one he suspects.} On the receiving side, it may
+slow down the decryption process because all available secret keys must
+be tried. @option{--no-throw-keyids} disables this option. This option
+is essentially the same as using @option{--hidden-recipient} for all
+recipients.
+
+@item --not-dash-escaped
+@opindex not-dash-escaped
+This option changes the behavior of cleartext signatures
+so that they can be used for patch files. You should not
+send such an armored file via email because all spaces
+and line endings are hashed too. You can not use this
+option for data which has 5 dashes at the beginning of a
+line, patch files don't have this. A special armor header
+line tells GnuPG about this cleartext signature option.
+
+@item --escape-from-lines
+@itemx --no-escape-from-lines
+@opindex escape-from-lines
+Because some mailers change lines starting with "From " to ">From " it
+is good to handle such lines in a special way when creating cleartext
+signatures to prevent the mail system from breaking the signature. Note
+that all other PGP versions do it this way too. Enabled by
+default. @option{--no-escape-from-lines} disables this option.
+
+@item --passphrase-repeat @code{n}
+@opindex passphrase-repeat
+Specify how many times @command{@gpgname} will request a new
+passphrase be repeated. This is useful for helping memorize a
+passphrase. Defaults to 1 repetition.
+
+@item --passphrase-fd @code{n}
+@opindex passphrase-fd
+Read the passphrase from file descriptor @code{n}. Only the first line
+will be read from file descriptor @code{n}. If you use 0 for @code{n},
+the passphrase will be read from STDIN. This can only be used if only
+one passphrase is supplied.
+@ifclear gpgone
+Note that this passphrase is only used if the option @option{--batch}
+has also been given. This is different from @command{gpg}.
+@end ifclear
+
+@item --passphrase-file @code{file}
+@opindex passphrase-file
+Read the passphrase from file @code{file}. Only the first line will
+be read from file @code{file}. This can only be used if only one
+passphrase is supplied. Obviously, a passphrase stored in a file is
+of questionable security if other users can read this file. Don't use
+this option if you can avoid it.
+@ifclear gpgone
+Note that this passphrase is only used if the option @option{--batch}
+has also been given. This is different from @command{gpg}.
+@end ifclear
+
+@item --passphrase @code{string}
+@opindex passphrase
+Use @code{string} as the passphrase. This can only be used if only one
+passphrase is supplied. Obviously, this is of very questionable
+security on a multi-user system. Don't use this option if you can
+avoid it.
+@ifclear gpgone
+Note that this passphrase is only used if the option @option{--batch}
+has also been given. This is different from @command{gpg}.
+@end ifclear
+
+@item --command-fd @code{n}
+@opindex command-fd
+This is a replacement for the deprecated shared-memory IPC mode.
+If this option is enabled, user input on questions is not expected
+from the TTY but from the given file descriptor. It should be used
+together with @option{--status-fd}. See the file doc/DETAILS in the source
+distribution for details on how to use it.
+
+@item --command-file @code{file}
+@opindex command-file
+Same as @option{--command-fd}, except the commands are read out of file
+@code{file}
+
+@item --allow-non-selfsigned-uid
+@itemx --no-allow-non-selfsigned-uid
+@opindex allow-non-selfsigned-uid
+Allow the import and use of keys with user IDs which are not
+self-signed. This is not recommended, as a non self-signed user ID is
+trivial to forge. @option{--no-allow-non-selfsigned-uid} disables.
+
+@item --allow-freeform-uid
+@opindex allow-freeform-uid
+Disable all checks on the form of the user ID while generating a new
+one. This option should only be used in very special environments as
+it does not ensure the de-facto standard format of user IDs.
+
+@item --ignore-time-conflict
+@opindex ignore-time-conflict
+GnuPG normally checks that the timestamps associated with keys and
+signatures have plausible values. However, sometimes a signature
+seems to be older than the key due to clock problems. This option
+makes these checks just a warning. See also @option{--ignore-valid-from} for
+timestamp issues on subkeys.
+
+@item --ignore-valid-from
+@opindex ignore-valid-from
+GnuPG normally does not select and use subkeys created in the future.
+This option allows the use of such keys and thus exhibits the
+pre-1.0.7 behaviour. You should not use this option unless there
+is some clock problem. See also @option{--ignore-time-conflict} for timestamp
+issues with signatures.
+
+@item --ignore-crc-error
+@opindex ignore-crc-error
+The ASCII armor used by OpenPGP is protected by a CRC checksum against
+transmission errors. Occasionally the CRC gets mangled somewhere on
+the transmission channel but the actual content (which is protected by
+the OpenPGP protocol anyway) is still okay. This option allows GnuPG
+to ignore CRC errors.
+
+@item --ignore-mdc-error
+@opindex ignore-mdc-error
+This option changes a MDC integrity protection failure into a warning.
+This can be useful if a message is partially corrupt, but it is
+necessary to get as much data as possible out of the corrupt message.
+However, be aware that a MDC protection failure may also mean that the
+message was tampered with intentionally by an attacker.
+
+@item --no-default-keyring
+@opindex no-default-keyring
+Do not add the default keyrings to the list of keyrings. Note that
+GnuPG will not operate without any keyrings, so if you use this option
+and do not provide alternate keyrings via @option{--keyring} or
+@option{--secret-keyring}, then GnuPG will still use the default public or
+secret keyrings.
+
+@item --skip-verify
+@opindex skip-verify
+Skip the signature verification step. This may be
+used to make the decryption faster if the signature
+verification is not needed.
+
+@item --with-key-data
+@opindex with-key-data
+Print key listings delimited by colons (like @option{--with-colons}) and
+print the public key data.
+
+@item --fast-list-mode
+@opindex fast-list-mode
+Changes the output of the list commands to work faster; this is achieved
+by leaving some parts empty. Some applications don't need the user ID
+and the trust information given in the listings. By using this options
+they can get a faster listing. The exact behaviour of this option may
+change in future versions. If you are missing some information, don't
+use this option.
+
+@item --no-literal
+@opindex no-literal
+This is not for normal use. Use the source to see for what it might be useful.
+
+@item --set-filesize
+@opindex set-filesize
+This is not for normal use. Use the source to see for what it might be useful.
+
+@item --show-session-key
+@opindex show-session-key
+Display the session key used for one message. See
+@option{--override-session-key} for the counterpart of this option.
+
+We think that Key Escrow is a Bad Thing; however the user should have
+the freedom to decide whether to go to prison or to reveal the content
+of one specific message without compromising all messages ever
+encrypted for one secret key. DON'T USE IT UNLESS YOU ARE REALLY
+FORCED TO DO SO.
+
+@item --override-session-key @code{string}
+@opindex override-session-key
+Don't use the public key but the session key @code{string}. The format
+of this string is the same as the one printed by
+@option{--show-session-key}. This option is normally not used but comes
+handy in case someone forces you to reveal the content of an encrypted
+message; using this option you can do this without handing out the
+secret key.
+
+@item --ask-sig-expire
+@itemx --no-ask-sig-expire
+@opindex ask-sig-expire
+When making a data signature, prompt for an expiration time. If this
+option is not specified, the expiration time set via
+@option{--default-sig-expire} is used. @option{--no-ask-sig-expire}
+disables this option.
+
+@item --default-sig-expire
+@opindex default-sig-expire
+The default expiration time to use for signature expiration. Valid
+values are "0" for no expiration, a number followed by the letter d
+(for days), w (for weeks), m (for months), or y (for years) (for
+example "2m" for two months, or "5y" for five years), or an absolute
+date in the form YYYY-MM-DD. Defaults to "0".
+
+@item --ask-cert-expire
+@itemx --no-ask-cert-expire
+@opindex ask-cert-expire
+When making a key signature, prompt for an expiration time. If this
+option is not specified, the expiration time set via
+@option{--default-cert-expire} is used. @option{--no-ask-cert-expire}
+disables this option.
+
+@item --default-cert-expire
+@opindex default-cert-expire
+The default expiration time to use for key signature expiration.
+Valid values are "0" for no expiration, a number followed by the
+letter d (for days), w (for weeks), m (for months), or y (for years)
+(for example "2m" for two months, or "5y" for five years), or an
+absolute date in the form YYYY-MM-DD. Defaults to "0".
+
+@item --allow-secret-key-import
+@opindex allow-secret-key-import
+This is an obsolete option and is not used anywhere.
+
+@item --allow-multiple-messages
+@item --no-allow-multiple-messages
+@opindex allow-multiple-messages
+Allow processing of multiple OpenPGP messages contained in a single file
+or stream. Some programs that call GPG are not prepared to deal with
+multiple messages being processed together, so this option defaults to
+no. Note that versions of GPG prior to 1.4.7 always allowed multiple
+messages.
+
+Warning: Do not use this option unless you need it as a temporary
+workaround!
+
+
+@item --enable-special-filenames
+@opindex enable-special-filenames
+This options enables a mode in which filenames of the form
+@file{-&n}, where n is a non-negative decimal number,
+refer to the file descriptor n and not to a file with that name.
+
+@item --no-expensive-trust-checks
+@opindex no-expensive-trust-checks
+Experimental use only.
+
+@item --preserve-permissions
+@opindex preserve-permissions
+Don't change the permissions of a secret keyring back to user
+read/write only. Use this option only if you really know what you are doing.
+
+@item --default-preference-list @code{string}
+@opindex default-preference-list
+Set the list of default preferences to @code{string}. This preference
+list is used for new keys and becomes the default for "setpref" in the
+edit menu.
+
+@item --default-keyserver-url @code{name}
+@opindex default-keyserver-url
+Set the default keyserver URL to @code{name}. This keyserver will be
+used as the keyserver URL when writing a new self-signature on a key,
+which includes key generation and changing preferences.
+
+@item --list-config
+@opindex list-config
+Display various internal configuration parameters of GnuPG. This option
+is intended for external programs that call GnuPG to perform tasks, and
+is thus not generally useful. See the file @file{doc/DETAILS} in the
+source distribution for the details of which configuration items may be
+listed. @option{--list-config} is only usable with
+@option{--with-colons} set.
+
+@item --gpgconf-list
+@opindex gpgconf-list
+This command is similar to @option{--list-config} but in general only
+internally used by the @command{gpgconf} tool.
+
+@item --gpgconf-test
+@opindex gpgconf-test
+This is more or less dummy action. However it parses the configuration
+file and returns with failure if the configuration file would prevent
+@command{gpg} from startup. Thus it may be used to run a syntax check
+on the configuration file.
+
+@end table
+
+@c *******************************
+@c ******* Deprecated ************
+@c *******************************
+@subsection Deprecated options
+
+@table @gnupgtabopt
+
+@ifset gpgone
+@item --load-extension @code{name}
+@opindex load-extension
+Load an extension module. If @code{name} does not contain a slash it is
+searched for in the directory configured when GnuPG was built
+(generally "/usr/local/lib/gnupg"). Extensions are not generally
+useful anymore, and the use of this option is deprecated.
+@end ifset
+
+@item --show-photos
+@itemx --no-show-photos
+@opindex show-photos
+Causes @option{--list-keys}, @option{--list-sigs},
+@option{--list-public-keys}, @option{--list-secret-keys}, and verifying
+a signature to also display the photo ID attached to the key, if
+any. See also @option{--photo-viewer}. These options are deprecated. Use
+@option{--list-options [no-]show-photos} and/or @option{--verify-options
+[no-]show-photos} instead.
+
+@item --show-keyring
+@opindex show-keyring
+Display the keyring name at the head of key listings to show which
+keyring a given key resides on. This option is deprecated: use
+@option{--list-options [no-]show-keyring} instead.
+
+@ifset gpgone
+@item --ctapi-driver @code{file}
+@opindex ctapi-driver
+Use @code{file} to access the smartcard reader. The current default
+is `libtowitoko.so'. Note that the use of this interface is
+deprecated; it may be removed in future releases.
+@end ifset
+
+@item --always-trust
+@opindex always-trust
+Identical to @option{--trust-model always}. This option is deprecated.
+
+@item --show-notation
+@itemx --no-show-notation
+@opindex show-notation
+Show signature notations in the @option{--list-sigs} or @option{--check-sigs} listings
+as well as when verifying a signature with a notation in it. These
+options are deprecated. Use @option{--list-options [no-]show-notation}
+and/or @option{--verify-options [no-]show-notation} instead.
+
+@item --show-policy-url
+@itemx --no-show-policy-url
+@opindex show-policy-url
+Show policy URLs in the @option{--list-sigs} or @option{--check-sigs}
+listings as well as when verifying a signature with a policy URL in
+it. These options are deprecated. Use @option{--list-options
+[no-]show-policy-url} and/or @option{--verify-options
+[no-]show-policy-url} instead.
+
+
+@end table
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** FILES ****************
+@c *************** ****************
+@c *******************************************
+@mansect files
+@node GPG Configuration
+@section Configuration files
+
+There are a few configuration files to control certain aspects of
+@command{@gpgname}'s operation. Unless noted, they are expected in the
+current home directory (@pxref{option --homedir}).
+
+@table @file
+
+ @item gpg.conf
+ @cindex gpg.conf
+ This is the standard configuration file read by @command{@gpgname} on
+ startup. It may contain any valid long option; the leading two dashes
+ may not be entered and the option may not be abbreviated. This default
+ name may be changed on the command line (@pxref{option --options}).
+ You should backup this file.
+
+@end table
+
+@c man:.RE
+Note that on larger installations, it is useful to put predefined files
+into the directory @file{/etc/skel/.gnupg/} so that newly created users
+start up with a working configuration.
+@ifclear gpgone
+For existing users the a small
+helper script is provided to create these files (@pxref{addgnupghome}).
+@end ifclear
+
+For internal purposes @command{@gpgname} creates and maintains a few other
+files; They all live in in the current home directory (@pxref{option
+--homedir}). Only the @command{@gpgname} may modify these files.
+
+
+@table @file
+ @item ~/.gnupg/secring.gpg
+ The secret keyring. You should backup this file.
+
+ @item ~/.gnupg/secring.gpg.lock
+ The lock file for the secret keyring.
+
+ @item ~/.gnupg/pubring.gpg
+ The public keyring. You should backup this file.
+
+ @item ~/.gnupg/pubring.gpg.lock
+ The lock file for the public keyring.
+
+ @item ~/.gnupg/trustdb.gpg
+ The trust database. There is no need to backup this file; it is better
+ to backup the ownertrust values (@pxref{option --export-ownertrust}).
+
+ @item ~/.gnupg/trustdb.gpg.lock
+ The lock file for the trust database.
+
+ @item ~/.gnupg/random_seed
+ A file used to preserve the state of the internal random pool.
+
+ @item /usr[/local]/share/gnupg/options.skel
+ The skeleton options file.
+
+ @item /usr[/local]/lib/gnupg/
+ Default location for extensions.
+
+@end table
+
+@c man:.RE
+Operation is further controlled by a few environment variables:
+
+@table @asis
+
+ @item HOME
+ Used to locate the default home directory.
+
+ @item GNUPGHOME
+ If set directory used instead of "~/.gnupg".
+
+ @item GPG_AGENT_INFO
+ Used to locate the gpg-agent.
+ @ifset gpgone
+ This is only honored when @option{--use-agent} is set.
+ @end ifset
+ The value consists of 3 colon delimited fields: The first is the path
+ to the Unix Domain Socket, the second the PID of the gpg-agent and the
+ protocol version which should be set to 1. When starting the gpg-agent
+ as described in its documentation, this variable is set to the correct
+ value. The option @option{--gpg-agent-info} can be used to override it.
+
+ @item PINENTRY_USER_DATA
+ This value is passed via gpg-agent to pinentry. It is useful to convey
+ extra information to a custom pinentry.
+
+ @item COLUMNS
+ @itemx LINES
+ Used to size some displays to the full size of the screen.
+
+
+ @item LANGUAGE
+ Apart from its use by GNU, it is used in the W32 version to override the
+ language selection done through the Registry. If used and set to a
+ valid and available language name (@var{langid}), the file with the
+ translation is loaded from
+
+ @code{@var{gpgdir}/gnupg.nls/@var{langid}.mo}. Here @var{gpgdir} is the
+ directory out of which the gpg binary has been loaded. If it can't be
+ loaded the Registry is tried and as last resort the native Windows
+ locale system is used.
+
+@end table
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** EXAMPLES ****************
+@c *************** ****************
+@c *******************************************
+@mansect examples
+@node GPG Examples
+@section Examples
+
+@table @asis
+
+@item gpg -se -r @code{Bob} @code{file}
+sign and encrypt for user Bob
+
+@item gpg --clearsign @code{file}
+make a clear text signature
+
+@item gpg -sb @code{file}
+make a detached signature
+
+@item gpg -u 0x12345678 -sb @code{file}
+make a detached signature with the key 0x12345678
+
+@item gpg --list-keys @code{user_ID}
+show keys
+
+@item gpg --fingerprint @code{user_ID}
+show fingerprint
+
+@item gpg --verify @code{pgpfile}
+@itemx gpg --verify @code{sigfile}
+Verify the signature of the file but do not output the data. The
+second form is used for detached signatures, where @code{sigfile}
+is the detached signature (either ASCII armored or binary) and
+are the signed data; if this is not given, the name of
+the file holding the signed data is constructed by cutting off the
+extension (".asc" or ".sig") of @code{sigfile} or by asking the
+user for the filename.
+@end table
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** USER ID ****************
+@c *************** ****************
+@c *******************************************
+@mansect how to specify a user id
+@ifset isman
+@include specify-user-id.texi
+@end ifset
+
+@mansect return value
+@chapheading RETURN VALUE
+
+The program returns 0 if everything was fine, 1 if at least
+a signature was bad, and other error codes for fatal errors.
+
+@mansect warnings
+@chapheading WARNINGS
+
+Use a *good* password for your user account and a *good* passphrase
+to protect your secret key. This passphrase is the weakest part of the
+whole system. Programs to do dictionary attacks on your secret keyring
+are very easy to write and so you should protect your "~/.gnupg/"
+directory very well.
+
+Keep in mind that, if this program is used over a network (telnet), it
+is *very* easy to spy out your passphrase!
+
+If you are going to verify detached signatures, make sure that the
+program knows about it; either give both filenames on the command line
+or use @samp{-} to specify STDIN.
+
+@mansect interoperability
+@chapheading INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS
+
+GnuPG tries to be a very flexible implementation of the OpenPGP
+standard. In particular, GnuPG implements many of the optional parts
+of the standard, such as the SHA-512 hash, and the ZLIB and BZIP2
+compression algorithms. It is important to be aware that not all
+OpenPGP programs implement these optional algorithms and that by
+forcing their use via the @option{--cipher-algo},
+@option{--digest-algo}, @option{--cert-digest-algo}, or
+@option{--compress-algo} options in GnuPG, it is possible to create a
+perfectly valid OpenPGP message, but one that cannot be read by the
+intended recipient.
+
+There are dozens of variations of OpenPGP programs available, and each
+supports a slightly different subset of these optional algorithms.
+For example, until recently, no (unhacked) version of PGP supported
+the BLOWFISH cipher algorithm. A message using BLOWFISH simply could
+not be read by a PGP user. By default, GnuPG uses the standard
+OpenPGP preferences system that will always do the right thing and
+create messages that are usable by all recipients, regardless of which
+OpenPGP program they use. Only override this safe default if you
+really know what you are doing.
+
+If you absolutely must override the safe default, or if the preferences
+on a given key are invalid for some reason, you are far better off using
+the @option{--pgp6}, @option{--pgp7}, or @option{--pgp8} options. These
+options are safe as they do not force any particular algorithms in
+violation of OpenPGP, but rather reduce the available algorithms to a
+"PGP-safe" list.
+
+@mansect bugs
+@chapheading BUGS
+
+On older systems this program should be installed as setuid(root). This
+is necessary to lock memory pages. Locking memory pages prevents the
+operating system from writing memory pages (which may contain
+passphrases or other sensitive material) to disk. If you get no
+warning message about insecure memory your operating system supports
+locking without being root. The program drops root privileges as soon
+as locked memory is allocated.
+
+Note also that some systems (especially laptops) have the ability to
+``suspend to disk'' (also known as ``safe sleep'' or ``hibernate'').
+This writes all memory to disk before going into a low power or even
+powered off mode. Unless measures are taken in the operating system
+to protect the saved memory, passphrases or other sensitive material
+may be recoverable from it later.
+
+Before you report a bug you should first search the mailing list
+archives for similar problems and second check whether such a bug has
+already been reported to our bug tracker at http://bugs.gnupg.org .
+
+@c *******************************************
+@c *************** **************
+@c *************** UNATTENDED **************
+@c *************** **************
+@c *******************************************
+@manpause
+@node Unattended Usage of GPG
+@section Unattended Usage
+
+@command{gpg} is often used as a backend engine by other software. To help
+with this a machine interface has been defined to have an unambiguous
+way to do this. The options @option{--status-fd} and @option{--batch}
+are almost always required for this.
+
+@menu
+* Unattended GPG key generation:: Unattended key generation
+@end menu
+
+
+@node Unattended GPG key generation,,,Unattended Usage of GPG
+@section Unattended key generation
+
+The command @option{--gen-key} may be used along with the option
+@option{--batch} for unattended key generation. The parameters are
+either read from stdin or given as a file on the command line.
+The format of the parameter file is as follows:
+
+@itemize @bullet
+ @item Text only, line length is limited to about 1000 characters.
+ @item UTF-8 encoding must be used to specify non-ASCII characters.
+ @item Empty lines are ignored.
+ @item Leading and trailing while space is ignored.
+ @item A hash sign as the first non white space character indicates
+ a comment line.
+ @item Control statements are indicated by a leading percent sign, the
+ arguments are separated by white space from the keyword.
+ @item Parameters are specified by a keyword, followed by a colon. Arguments
+ are separated by white space.
+ @item
+ The first parameter must be @samp{Key-Type}; control statements may be
+ placed anywhere.
+ @item
+ The order of the parameters does not matter except for @samp{Key-Type}
+ which must be the first parameter. The parameters are only used for
+ the generated keyblock (primary and subkeys); parameters from previous
+ sets are not used. Some syntactically checks may be performed.
+ @item
+ Key generation takes place when either the end of the parameter file
+ is reached, the next @samp{Key-Type} parameter is encountered or at the
+ control statement @samp{%commit} is encountered.
+@end itemize
+
+@noindent
+Control statements:
+
+@table @asis
+
+@item %echo @var{text}
+Print @var{text} as diagnostic.
+
+@item %dry-run
+Suppress actual key generation (useful for syntax checking).
+
+@item %commit
+Perform the key generation. Note that an implicit commit is done at
+the next @asis{Key-Type} parameter.
+
+@item %pubring @var{filename}
+@itemx %secring @var{filename}
+Do not write the key to the default or commandline given keyring but
+to @var{filename}. This must be given before the first commit to take
+place, duplicate specification of the same filename is ignored, the
+last filename before a commit is used. The filename is used until a
+new filename is used (at commit points) and all keys are written to
+that file. If a new filename is given, this file is created (and
+overwrites an existing one). For GnuPG versions prior to 2.1, both
+control statements must be given. For GnuPG 2.1 and later
+@samp{%secring} is a no-op.
+
+@item %ask-passphrase
+@itemx %no-ask-passphrase
+Enable (or disable) a mode where the command @option{passphrase} is
+ignored and instead the usual passphrase dialog is used. This does
+not make sense for batch key generation; however the unattended key
+generation feature is also used by GUIs and this feature relinquishes
+the GUI from implementing its own passphrase entry code. These are
+global control statements and affect all future key genrations.
+
+@item %no-protection
+Since GnuPG version 2.1 it is not anymore possible to specify a
+passphrase for unattended key generation. The passphrase command is
+simply ignored and @samp{%ask-passpharse} is thus implicitly enabled.
+Using this option allows the creation of keys without any passphrase
+protection. This option is mainly intended for regression tests.
+
+@item %transient-key
+If given the keys are created using a faster and a somewhat less
+secure random number generator. This option may be used for keys
+which are only used for a short time and do not require full
+cryptographic strength. It takes only effect if used together with
+the control statement @samp{%no-protection}.
+
+@end table
+
+@noindent
+General Parameters:
+
+@table @asis
+
+@item Key-Type: @var{algo}
+Starts a new parameter block by giving the type of the primary
+key. The algorithm must be capable of signing. This is a required
+parameter. @var{algo} may either be an OpenPGP algorithm number or a
+string with the algorithm name. The special value @samp{default} may
+be used for @var{algo} to create the default key type; in this case a
+@samp{Key-Usage} shall not be given and @samp{default} also be used
+for @samp{Subkey-Type}.
+
+@item Key-Length: @var{nbits}
+The requested length of the generated key in bits. The default is
+returned by running the command @samp{gpg2 --gpgconf-list}.
+
+@item Key-Grip: @var{hexstring}
+This is optional and used to generate a CSR or certificate for an
+already existing key. Key-Length will be ignored when given.
+
+@item Key-Usage: @var{usage-list}
+Space or comma delimited list of key usages. Allowed values are
+@samp{encrypt}, @samp{sign}, and @samp{auth}. This is used to
+generate the key flags. Please make sure that the algorithm is
+capable of this usage. Note that OpenPGP requires that all primary
+keys are capable of certification, so no matter what usage is given
+here, the @samp{cert} flag will be on. If no @samp{Key-Usage} is
+specified and the @samp{Key-Type} is not @samp{default}, all allowed
+usages for that particular algorithm are used; if it is not given but
+@samp{default} is used the usage will be @samp{sign}.
+
+@item Subkey-Type: @var{algo}
+This generates a secondary key (subkey). Currently only one subkey
+can be handled. See also @samp{Key-Type} above.
+
+@item Subkey-Length: @var{nbits}
+Length of the secondary key (subkey) in bits. The default is returned
+by running the command @samp{gpg2 --gpgconf-list}".
+
+@item Subkey-Usage: @var{usage-list}
+Key usage lists for a subkey; similar to @samp{Key-Usage}.
+
+@item Passphrase: @var{string}
+If you want to specify a passphrase for the secret key,
+enter it here. Default is not to use any passphrase.
+
+@item Name-Real: @var{name}
+@itemx Name-Comment: @var{comment}
+@itemx Name-Email: @var{email}
+The three parts of a user name. Remember to use UTF-8 encoding here.
+If you don't give any of them, no user ID is created.
+
+@item Expire-Date: @var{iso-date}|(@var{number}[d|w|m|y])
+Set the expiration date for the key (and the subkey). It may either
+be entered in ISO date format (2000-08-15) or as number of days,
+weeks, month or years. The special notation "seconds=N" is also
+allowed to directly give an Epoch value. Without a letter days are
+assumed. Note that there is no check done on the overflow of the type
+used by OpenPGP for timestamps. Thus you better make sure that the
+given value make sense. Although OpenPGP works with time intervals,
+GnuPG uses an absolute value internally and thus the last year we can
+represent is 2105.
+
+@item Ceation-Date: @var{iso-date}
+Set the creation date of the key as stored in the key information and
+which is also part of the fingerprint calculation. Either a date like
+"1986-04-26" or a full timestamp like "19860426T042640" may be used.
+The time is considered to be UTC. If it is not given the current time
+is used.
+
+@item Preferences: @var{string}
+Set the cipher, hash, and compression preference values for this key.
+This expects the same type of string as the sub-command @samp{setpref}
+in the @option{--edit-key} menu.
+
+@item Revoker: @var{algo}:@var{fpr} [sensitive]
+Add a designated revoker to the generated key. Algo is the public key
+algorithm of the designated revoker (i.e. RSA=1, DSA=17, etc.)
+@var{fpr} is the fingerprint of the designated revoker. The optional
+@samp{sensitive} flag marks the designated revoker as sensitive
+information. Only v4 keys may be designated revokers.
+
+@item Keyserver: @var{string}
+This is an optional parameter that specifies the preferred keyserver
+URL for the key.
+
+@item Handle: @var{string}
+This is an optional parameter only used with the status lines
+KEY_CREATED and KEY_NOT_CREATED. @var{string} may be up to 100
+characters and should not contain spaces. It is useful for batch key
+generation to associate a key parameter block with a status line.
+
+@end table
+
+@noindent
+Here is an example on how to create a key:
+@smallexample
+$ cat >foo <<EOF
+ %echo Generating a basic OpenPGP key
+ Key-Type: DSA
+ Key-Length: 1024
+ Subkey-Type: ELG-E
+ Subkey-Length: 1024
+ Name-Real: Joe Tester
+ Name-Comment: with stupid passphrase
+ Name-Email: joe@@foo.bar
+ Expire-Date: 0
+ Passphrase: abc
+ %pubring foo.pub
+ %secring foo.sec
+ # Do a commit here, so that we can later print "done" :-)
+ %commit
+ %echo done
+EOF
+$ gpg2 --batch --gen-key foo
+ [...]
+$ gpg2 --no-default-keyring --secret-keyring ./foo.sec \
+ --keyring ./foo.pub --list-secret-keys
+/home/wk/work/gnupg-stable/scratch/foo.sec
+------------------------------------------
+sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe@@foo.bar>
+ssb 1024g/8F70E2C0 2000-03-09
+@end smallexample
+
+
+@noindent
+If you want to create a key with the default algorithms you would use
+these parameters:
+@smallexample
+ %echo Generating a default key
+ Key-Type: default
+ Subkey-Type: default
+ Name-Real: Joe Tester
+ Name-Comment: with stupid passphrase
+ Name-Email: joe@@foo.bar
+ Expire-Date: 0
+ Passphrase: abc
+ %pubring foo.pub
+ %secring foo.sec
+ # Do a commit here, so that we can later print "done" :-)
+ %commit
+ %echo done
+@end smallexample
+
+
+
+
+@mansect see also
+@ifset isman
+@command{gpgv}(1),
+@ifclear gpgone
+@command{gpgsm}(1),
+@command{gpg-agent}(1)
+@end ifclear
+@end ifset
+@include see-also-note.texi
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
new file mode 100644
index 0000000..bdb0378
--- /dev/null
+++ b/doc/gpgsm.texi
@@ -0,0 +1,1458 @@
+@c Copyright (C) 2002 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node Invoking GPGSM
+@chapter Invoking GPGSM
+@cindex GPGSM command options
+@cindex command options
+@cindex options, GPGSM command
+
+@manpage gpgsm.1
+@ifset manverb
+.B gpgsm
+\- CMS encryption and signing tool
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpgsm
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.I command
+.RI [ args ]
+@end ifset
+
+
+@mansect description
+@command{gpgsm} is a tool similar to @command{gpg} to provide digital
+encryption and signing services on X.509 certificates and the CMS
+protocol. It is mainly used as a backend for S/MIME mail processing.
+@command{gpgsm} includes a full featured certificate management and
+complies with all rules defined for the German Sphinx project.
+
+@manpause
+@xref{Option Index}, for an index to @command{GPGSM}'s commands and options.
+@mancont
+
+@menu
+* GPGSM Commands:: List of all commands.
+* GPGSM Options:: List of all options.
+* GPGSM Configuration:: Configuration files.
+* GPGSM Examples:: Some usage examples.
+
+Developer information:
+* Unattended Usage:: Using @command{gpgsm} from other programs.
+* GPGSM Protocol:: The protocol the server mode uses.
+@end menu
+
+@c *******************************************
+@c *************** ****************
+@c *************** COMMANDS ****************
+@c *************** ****************
+@c *******************************************
+@mansect commands
+@node GPGSM Commands
+@section Commands
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+@menu
+* General GPGSM Commands:: Commands not specific to the functionality.
+* Operational GPGSM Commands:: Commands to select the type of operation.
+* Certificate Management:: How to manage certificates.
+@end menu
+
+
+@c *******************************************
+@c ********** GENERAL COMMANDS *************
+@c *******************************************
+@node General GPGSM Commands
+@subsection Commands not specific to the function
+
+@table @gnupgtabopt
+@item --version
+@opindex version
+Print the program version and licensing information. Note that you
+cannot abbreviate this command.
+
+@item --help, -h
+@opindex help
+Print a usage message summarizing the most useful command-line options.
+Note that you cannot abbreviate this command.
+
+@item --warranty
+@opindex warranty
+Print warranty information. Note that you cannot abbreviate this
+command.
+
+@item --dump-options
+@opindex dump-options
+Print a list of all available options and commands. Note that you cannot
+abbreviate this command.
+@end table
+
+
+@c *******************************************
+@c ******** OPERATIONAL COMMANDS ***********
+@c *******************************************
+@node Operational GPGSM Commands
+@subsection Commands to select the type of operation
+
+@table @gnupgtabopt
+@item --encrypt
+@opindex encrypt
+Perform an encryption. The keys the data is encrypted too must be set
+using the option @option{--recipient}.
+
+@item --decrypt
+@opindex decrypt
+Perform a decryption; the type of input is automatically determined. It
+may either be in binary form or PEM encoded; automatic determination of
+base-64 encoding is not done.
+
+@item --sign
+@opindex sign
+Create a digital signature. The key used is either the fist one found
+in the keybox or those set with the @option{--local-user} option.
+
+@item --verify
+@opindex verify
+Check a signature file for validity. Depending on the arguments a
+detached signature may also be checked.
+
+@item --server
+@opindex server
+Run in server mode and wait for commands on the @code{stdin}.
+
+@item --call-dirmngr @var{command} [@var{args}]
+@opindex call-dirmngr
+Behave as a Dirmngr client issuing the request @var{command} with the
+optional list of @var{args}. The output of the Dirmngr is printed
+stdout. Please note that file names given as arguments should have an
+absolute file name (i.e. commencing with @code{/} because they are
+passed verbatim to the Dirmngr and the working directory of the
+Dirmngr might not be the same as the one of this client. Currently it
+is not possible to pass data via stdin to the Dirmngr. @var{command}
+should not contain spaces.
+
+This is command is required for certain maintaining tasks of the dirmngr
+where a dirmngr must be able to call back to @command{gpgsm}. See the Dirmngr
+manual for details.
+
+@item --call-protect-tool @var{arguments}
+@opindex call-protect-tool
+Certain maintenance operations are done by an external program call
+@command{gpg-protect-tool}; this is usually not installed in a directory
+listed in the PATH variable. This command provides a simple wrapper to
+access this tool. @var{arguments} are passed verbatim to this command;
+use @samp{--help} to get a list of supported operations.
+
+
+@end table
+
+
+@c *******************************************
+@c ******* CERTIFICATE MANAGEMENT **********
+@c *******************************************
+@node Certificate Management
+@subsection How to manage the certificates and keys
+
+@table @gnupgtabopt
+@item --gen-key
+@opindex gen-key
+@ifclear gpgtwoone
+-This command allows the creation of a certificate signing request. It
+-is commonly used along with the @option{--output} option to save the
+-created CSR into a file. If used with the @option{--batch} a parameter
+-file is used to create the CSR.
+@end ifclear
+@ifset gpgtwoone
+This command allows the creation of a certificate signing request or a
+self-signed certificate. It is commonly used along with the
+@option{--output} option to save the created CSR or certificate into a
+file. If used with the @option{--batch} a parameter file is used to
+create the CSR or certificate and it is further possible to create
+non-self-signed certificates.
+@end ifset
+
+@item --list-keys
+@itemx -k
+@opindex list-keys
+List all available certificates stored in the local key database.
+Note that the displayed data might be reformatted for better human
+readability and illegal characters are replaced by safe substitutes.
+
+@item --list-secret-keys
+@itemx -K
+@opindex list-secret-keys
+List all available certificates for which a corresponding a secret key
+is available.
+
+@item --list-external-keys @var{pattern}
+@opindex list-keys
+List certificates matching @var{pattern} using an external server. This
+utilizes the @code{dirmngr} service.
+
+@item --list-chain
+@opindex list-chain
+Same as @option{--list-keys} but also prints all keys making up the chain.
+
+
+@item --dump-cert
+@itemx --dump-keys
+@opindex dump-cert
+@opindex dump-keys
+List all available certificates stored in the local key database using a
+format useful mainly for debugging.
+
+@item --dump-chain
+@opindex dump-chain
+Same as @option{--dump-keys} but also prints all keys making up the chain.
+
+@item --dump-secret-keys
+@opindex dump-secret-keys
+List all available certificates for which a corresponding a secret key
+is available using a format useful mainly for debugging.
+
+@item --dump-external-keys @var{pattern}
+@opindex dump-external-keys
+List certificates matching @var{pattern} using an external server.
+This utilizes the @code{dirmngr} service. It uses a format useful
+mainly for debugging.
+
+@item --keydb-clear-some-cert-flags
+@opindex keydb-clear-some-cert-flags
+This is a debugging aid to reset certain flags in the key database
+which are used to cache certain certificate stati. It is especially
+useful if a bad CRL or a weird running OCSP responder did accidentally
+revoke certificate. There is no security issue with this command
+because @command{gpgsm} always make sure that the validity of a certificate is
+checked right before it is used.
+
+@item --delete-keys @var{pattern}
+@opindex delete-keys
+Delete the keys matching @var{pattern}. Note that there is no command
+to delete the secret part of the key directly. In case you need to do
+this, you should run the command @code{gpgsm --dump-secret-keys KEYID}
+before you delete the key, copy the string of hex-digits in the
+``keygrip'' line and delete the file consisting of these hex-digits
+and the suffix @code{.key} from the @file{private-keys-v1.d} directory
+below our GnuPG home directory (usually @file{~/.gnupg}).
+
+@item --export [@var{pattern}]
+@opindex export
+Export all certificates stored in the Keybox or those specified by the
+optional @var{pattern}. Those pattern consist of a list of user ids
+(@pxref{how-to-specify-a-user-id}). When used along with the
+@option{--armor} option a few informational lines are prepended before
+each block. There is one limitation: As there is no commonly agreed
+upon way to pack more than one certificate into an ASN.1 structure,
+the binary export (i.e. without using @option{armor}) works only for
+the export of one certificate. Thus it is required to specify a
+@var{pattern} which yields exactly one certificate. Ephemeral
+certificate are only exported if all @var{pattern} are given as
+fingerprints or keygrips.
+
+@item --export-secret-key-p12 @var{key-id}
+@opindex export
+Export the private key and the certificate identified by @var{key-id} in
+a PKCS#12 format. When using along with the @code{--armor} option a few
+informational lines are prepended to the output. Note, that the PKCS#12
+format is not very secure and this command is only provided if there is
+no other way to exchange the private key. (@pxref{option --p12-charset})
+
+@item --import [@var{files}]
+@opindex import
+Import the certificates from the PEM or binary encoded files as well as
+from signed-only messages. This command may also be used to import a
+secret key from a PKCS#12 file.
+
+@item --learn-card
+@opindex learn-card
+Read information about the private keys from the smartcard and import
+the certificates from there. This command utilizes the @command{gpg-agent}
+and in turn the @command{scdaemon}.
+
+@item --passwd @var{user_id}
+@opindex passwd
+Change the passphrase of the private key belonging to the certificate
+specified as @var{user_id}. Note, that changing the passphrase/PIN of a
+smartcard is not yet supported.
+
+@end table
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** OPTIONS ****************
+@c *************** ****************
+@c *******************************************
+@mansect options
+@node GPGSM Options
+@section Option Summary
+
+@command{GPGSM} features a bunch of options to control the exact behaviour
+and to change the default configuration.
+
+@menu
+* Configuration Options:: How to change the configuration.
+* Certificate Options:: Certificate related options.
+* Input and Output:: Input and Output.
+* CMS Options:: How to change how the CMS is created.
+* Esoteric Options:: Doing things one usually do not want to do.
+@end menu
+
+
+@c *******************************************
+@c ******** CONFIGURATION OPTIONS **********
+@c *******************************************
+@node Configuration Options
+@subsection How to change the configuration
+
+These options are used to change the configuration and are usually found
+in the option file.
+
+@table @gnupgtabopt
+
+@item --options @var{file}
+@opindex options
+Reads configuration from @var{file} instead of from the default
+per-user configuration file. The default configuration file is named
+@file{gpgsm.conf} and expected in the @file{.gnupg} directory directly
+below the home directory of the user.
+
+@include opt-homedir.texi
+
+
+@item -v
+@item --verbose
+@opindex v
+@opindex verbose
+Outputs additional information while running.
+You can increase the verbosity by giving several
+verbose commands to @command{gpgsm}, such as @samp{-vv}.
+
+@item --policy-file @var{filename}
+@opindex policy-file
+Change the default name of the policy file to @var{filename}.
+
+@item --agent-program @var{file}
+@opindex agent-program
+Specify an agent program to be used for secret key operations. The
+default value is the @file{/usr/local/bin/gpg-agent}. This is only used
+as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
+set or a running agent cannot be connected.
+
+@item --dirmngr-program @var{file}
+@opindex dirmnr-program
+Specify a dirmngr program to be used for @acronym{CRL} checks. The
+default value is @file{/usr/sbin/dirmngr}. This is only used as a
+fallback when the environment variable @code{DIRMNGR_INFO} is not set or
+a running dirmngr cannot be connected.
+
+@item --prefer-system-dirmngr
+@opindex prefer-system-dirmngr
+If a system wide @command{dirmngr} is running in daemon mode, first try
+to connect to this one. Fallback to a pipe based server if this does
+not work. Under Windows this option is ignored because the system dirmngr is
+always used.
+
+@item --disable-dirmngr
+Entirely disable the use of the Dirmngr.
+
+@item --no-secmem-warning
+@opindex no-secmem-warning
+Do not print a warning when the so called "secure memory" cannot be used.
+
+@item --log-file @var{file}
+@opindex log-file
+When running in server mode, append all logging output to @var{file}.
+
+@end table
+
+
+@c *******************************************
+@c ******** CERTIFICATE OPTIONS ************
+@c *******************************************
+@node Certificate Options
+@subsection Certificate related options
+
+@table @gnupgtabopt
+
+@item --enable-policy-checks
+@itemx --disable-policy-checks
+@opindex enable-policy-checks
+@opindex disable-policy-checks
+By default policy checks are enabled. These options may be used to
+change it.
+
+@item --enable-crl-checks
+@itemx --disable-crl-checks
+@opindex enable-crl-checks
+@opindex disable-crl-checks
+By default the @acronym{CRL} checks are enabled and the DirMngr is used
+to check for revoked certificates. The disable option is most useful
+with an off-line network connection to suppress this check.
+
+@item --enable-trusted-cert-crl-check
+@itemx --disable-trusted-cert-crl-check
+@opindex enable-trusted-cert-crl-check
+@opindex disable-trusted-cert-crl-check
+By default the @acronym{CRL} for trusted root certificates are checked
+like for any other certificates. This allows a CA to revoke its own
+certificates voluntary without the need of putting all ever issued
+certificates into a CRL. The disable option may be used to switch this
+extra check off. Due to the caching done by the Dirmngr, there will not be
+any noticeable performance gain. Note, that this also disables possible
+OCSP checks for trusted root certificates. A more specific way of
+disabling this check is by adding the ``relax'' keyword to the root CA
+line of the @file{trustlist.txt}
+
+
+@item --force-crl-refresh
+@opindex force-crl-refresh
+Tell the dirmngr to reload the CRL for each request. For better
+performance, the dirmngr will actually optimize this by suppressing
+the loading for short time intervals (e.g. 30 minutes). This option
+is useful to make sure that a fresh CRL is available for certificates
+hold in the keybox. The suggested way of doing this is by using it
+along with the option @option{--with-validation} for a key listing
+command. This option should not be used in a configuration file.
+
+@item --enable-ocsp
+@itemx --disable-ocsp
+@opindex enable-ocsp
+@opindex disable-ocsp
+By default @acronym{OCSP} checks are disabled. The enable option may
+be used to enable OCSP checks via Dirmngr. If @acronym{CRL} checks
+are also enabled, CRLs will be used as a fallback if for some reason an
+OCSP request will not succeed. Note, that you have to allow OCSP
+requests in Dirmngr's configuration too (option
+@option{--allow-ocsp}) and configure Dirmngr properly. If you do not do
+so you will get the error code @samp{Not supported}.
+
+@item --auto-issuer-key-retrieve
+@opindex auto-issuer-key-retrieve
+If a required certificate is missing while validating the chain of
+certificates, try to load that certificate from an external location.
+This usually means that Dirmngr is employed to search for the
+certificate. Note that this option makes a "web bug" like behavior
+possible. LDAP server operators can see which keys you request, so by
+sending you a message signed by a brand new key (which you naturally
+will not have on your local keybox), the operator can tell both your IP
+address and the time when you verified the signature.
+
+
+@item --validation-model @var{name}
+@opindex validation-model
+This option changes the default validation model. The only possible
+values are "shell" (which is the default), "chain" which forces the
+use of the chain model and "steed" for a new simplified model. The
+chain model is also used if an option in the @file{trustlist.txt} or
+an attribute of the certificate requests it. However the standard
+model (shell) is in that case always tried first.
+
+@item --ignore-cert-extension @var{oid}
+@opindex ignore-cert-extension
+Add @var{oid} to the list of ignored certificate extensions. The
+@var{oid} is expected to be in dotted decimal form, like
+@code{2.5.29.3}. This option may be used more than once. Critical
+flagged certificate extensions matching one of the OIDs in the list
+are treated as if they are actually handled and thus the certificate
+will not be rejected due to an unknown critical extension. Use this
+option with care because extensions are usually flagged as critical
+for a reason.
+
+@end table
+
+@c *******************************************
+@c *********** INPUT AND OUTPUT ************
+@c *******************************************
+@node Input and Output
+@subsection Input and Output
+
+@table @gnupgtabopt
+@item --armor
+@itemx -a
+@opindex armor
+Create PEM encoded output. Default is binary output.
+
+@item --base64
+@opindex base64
+Create Base-64 encoded output; i.e. PEM without the header lines.
+
+@item --assume-armor
+@opindex assume-armor
+Assume the input data is PEM encoded. Default is to autodetect the
+encoding but this is may fail.
+
+@item --assume-base64
+@opindex assume-base64
+Assume the input data is plain base-64 encoded.
+
+@item --assume-binary
+@opindex assume-binary
+Assume the input data is binary encoded.
+
+@anchor{option --p12-charset}
+@item --p12-charset @var{name}
+@opindex p12-charset
+@command{gpgsm} uses the UTF-8 encoding when encoding passphrases for
+PKCS#12 files. This option may be used to force the passphrase to be
+encoded in the specified encoding @var{name}. This is useful if the
+application used to import the key uses a different encoding and thus
+will not be able to import a file generated by @command{gpgsm}. Commonly
+used values for @var{name} are @code{Latin1} and @code{CP850}. Note
+that @command{gpgsm} itself automagically imports any file with a
+passphrase encoded to the most commonly used encodings.
+
+
+@item --default-key @var{user_id}
+@opindex default-key
+Use @var{user_id} as the standard key for signing. This key is used if
+no other key has been defined as a signing key. Note, that the first
+@option{--local-users} option also sets this key if it has not yet been
+set; however @option{--default-key} always overrides this.
+
+
+@item --local-user @var{user_id}
+@item -u @var{user_id}
+@opindex local-user
+Set the user(s) to be used for signing. The default is the first
+secret key found in the database.
+
+
+@item --recipient @var{name}
+@itemx -r
+@opindex recipient
+Encrypt to the user id @var{name}. There are several ways a user id
+may be given (@pxref{how-to-specify-a-user-id}).
+
+
+@item --output @var{file}
+@itemx -o @var{file}
+@opindex output
+Write output to @var{file}. The default is to write it to stdout.
+
+
+@item --with-key-data
+@opindex with-key-data
+Displays extra information with the @code{--list-keys} commands. Especially
+a line tagged @code{grp} is printed which tells you the keygrip of a
+key. This string is for example used as the file name of the
+secret key.
+
+@item --with-validation
+@opindex with-validation
+When doing a key listing, do a full validation check for each key and
+print the result. This is usually a slow operation because it
+requires a CRL lookup and other operations.
+
+When used along with --import, a validation of the certificate to
+import is done and only imported if it succeeds the test. Note that
+this does not affect an already available certificate in the DB.
+This option is therefore useful to simply verify a certificate.
+
+
+@item --with-md5-fingerprint
+For standard key listings, also print the MD5 fingerprint of the
+certificate.
+
+@item --with-keygrip
+Include the keygrip in standard key listings. Note that the keygrip is
+always listed in --with-colons mode.
+
+@end table
+
+@c *******************************************
+@c ************* CMS OPTIONS ***************
+@c *******************************************
+@node CMS Options
+@subsection How to change how the CMS is created.
+
+@table @gnupgtabopt
+@item --include-certs @var{n}
+@opindex include-certs
+Using @var{n} of -2 includes all certificate except for the root cert,
+-1 includes all certs, 0 does not include any certs, 1 includes only the
+signers cert and all other positive values include up to @var{n}
+certificates starting with the signer cert. The default is -2.
+
+@item --cipher-algo @var{oid}
+@opindex cipher-algo
+Use the cipher algorithm with the ASN.1 object identifier @var{oid} for
+encryption. For convenience the strings @code{3DES}, @code{AES} and
+@code{AES256} may be used instead of their OIDs. The default is
+@code{3DES} (1.2.840.113549.3.7).
+
+@item --digest-algo @code{name}
+Use @code{name} as the message digest algorithm. Usually this
+algorithm is deduced from the respective signing certificate. This
+option forces the use of the given algorithm and may lead to severe
+interoperability problems.
+
+@end table
+
+
+
+@c *******************************************
+@c ******** ESOTERIC OPTIONS ***************
+@c *******************************************
+@node Esoteric Options
+@subsection Doing things one usually do not want to do.
+
+
+@table @gnupgtabopt
+
+@item --extra-digest-algo @var{name}
+@opindex extra-digest-algo
+Sometimes signatures are broken in that they announce a different digest
+algorithm than actually used. @command{gpgsm} uses a one-pass data
+processing model and thus needs to rely on the announced digest
+algorithms to properly hash the data. As a workaround this option may
+be used to tell gpg to also hash the data using the algorithm
+@var{name}; this slows processing down a little bit but allows to verify
+such broken signatures. If @command{gpgsm} prints an error like
+``digest algo 8 has not been enabled'' you may want to try this option,
+with @samp{SHA256} for @var{name}.
+
+
+@item --faked-system-time @var{epoch}
+@opindex faked-system-time
+This option is only useful for testing; it sets the system time back or
+forth to @var{epoch} which is the number of seconds elapsed since the year
+1970. Alternatively @var{epoch} may be given as a full ISO time string
+(e.g. "20070924T154812").
+
+@item --with-ephemeral-keys
+@opindex with-ephemeral-keys
+Include ephemeral flagged keys in the output of key listings. Note
+that they are included anyway if the key specification for a listing
+is given as fingerprint or keygrip.
+
+@item --debug-level @var{level}
+@opindex debug-level
+Select the debug level for investigating problems. @var{level} may be
+a numeric value or by a keyword:
+
+@table @code
+@item none
+No debugging at all. A value of less than 1 may be used instead of
+the keyword.
+@item basic
+Some basic debug messages. A value between 1 and 2 may be used
+instead of the keyword.
+@item advanced
+More verbose debug messages. A value between 3 and 5 may be used
+instead of the keyword.
+@item expert
+Even more detailed messages. A value between 6 and 8 may be used
+instead of the keyword.
+@item guru
+All of the debug messages you can get. A value greater than 8 may be
+used instead of the keyword. The creation of hash tracing files is
+only enabled if the keyword is used.
+@end table
+
+How these messages are mapped to the actual debugging flags is not
+specified and may change with newer releases of this program. They are
+however carefully selected to best aid in debugging.
+
+@item --debug @var{flags}
+@opindex debug
+This option is only useful for debugging and the behaviour may change
+at any time without notice; using @code{--debug-levels} is the
+preferred method to select the debug verbosity. FLAGS are bit encoded
+and may be given in usual C-Syntax. The currently defined bits are:
+
+@table @code
+@item 0 (1)
+X.509 or OpenPGP protocol related data
+@item 1 (2)
+values of big number integers
+@item 2 (4)
+low level crypto operations
+@item 5 (32)
+memory allocation
+@item 6 (64)
+caching
+@item 7 (128)
+show memory statistics.
+@item 9 (512)
+write hashed data to files named @code{dbgmd-000*}
+@item 10 (1024)
+trace Assuan protocol
+@end table
+
+Note, that all flags set using this option may get overridden by
+@code{--debug-level}.
+
+@item --debug-all
+@opindex debug-all
+Same as @code{--debug=0xffffffff}
+
+@item --debug-allow-core-dump
+@opindex debug-allow-core-dump
+Usually @command{gpgsm} tries to avoid dumping core by well written code and by
+disabling core dumps for security reasons. However, bugs are pretty
+durable beasts and to squash them it is sometimes useful to have a core
+dump. This option enables core dumps unless the Bad Thing happened
+before the option parsing.
+
+@item --debug-no-chain-validation
+@opindex debug-no-chain-validation
+This is actually not a debugging option but only useful as such. It
+lets @command{gpgsm} bypass all certificate chain validation checks.
+
+@item --debug-ignore-expiration
+@opindex debug-ignore-expiration
+This is actually not a debugging option but only useful as such. It
+lets @command{gpgsm} ignore all notAfter dates, this is used by the regression
+tests.
+
+@item --fixed-passphrase @var{string}
+@opindex fixed-passphrase
+Supply the passphrase @var{string} to the gpg-protect-tool. This
+option is only useful for the regression tests included with this
+package and may be revised or removed at any time without notice.
+
+@item --no-common-certs-import
+@opindex no-common-certs-import
+Suppress the import of common certificates on keybox creation.
+
+@end table
+
+All the long options may also be given in the configuration file after
+stripping off the two leading dashes.
+
+@c *******************************************
+@c *************** ****************
+@c *************** USER ID ****************
+@c *************** ****************
+@c *******************************************
+@mansect how to specify a user id
+@ifset isman
+@include specify-user-id.texi
+@end ifset
+
+@c *******************************************
+@c *************** ****************
+@c *************** FILES ****************
+@c *************** ****************
+@c *******************************************
+@mansect files
+@node GPGSM Configuration
+@section Configuration files
+
+There are a few configuration files to control certain aspects of
+@command{gpgsm}'s operation. Unless noted, they are expected in the
+current home directory (@pxref{option --homedir}).
+
+@table @file
+
+@item gpgsm.conf
+@cindex gpgsm.conf
+This is the standard configuration file read by @command{gpgsm} on
+startup. It may contain any valid long option; the leading two dashes
+may not be entered and the option may not be abbreviated. This default
+name may be changed on the command line (@pxref{option
+ --options}). You should backup this file.
+
+
+@item policies.txt
+@cindex policies.txt
+This is a list of allowed CA policies. This file should list the
+object identifiers of the policies line by line. Empty lines and
+lines starting with a hash mark are ignored. Policies missing in this
+file and not marked as critical in the certificate will print only a
+warning; certificates with policies marked as critical and not listed
+in this file will fail the signature verification. You should backup
+this file.
+
+For example, to allow only the policy 2.289.9.9, the file should look
+like this:
+
+@c man:.RS
+@example
+# Allowed policies
+2.289.9.9
+@end example
+@c man:.RE
+
+@item qualified.txt
+@cindex qualified.txt
+This is the list of root certificates used for qualified certificates.
+They are defined as certificates capable of creating legally binding
+signatures in the same way as handwritten signatures are. Comments
+start with a hash mark and empty lines are ignored. Lines do have a
+length limit but this is not a serious limitation as the format of the
+entries is fixed and checked by gpgsm: A non-comment line starts with
+optional whitespace, followed by exactly 40 hex character, white space
+and a lowercased 2 letter country code. Additional data delimited with
+by a white space is current ignored but might late be used for other
+purposes.
+
+Note that even if a certificate is listed in this file, this does not
+mean that the certificate is trusted; in general the certificates listed
+in this file need to be listed also in @file{trustlist.txt}.
+
+This is a global file an installed in the data directory
+(e.g. @file{/usr/share/gnupg/qualified.txt}). GnuPG installs a suitable
+file with root certificates as used in Germany. As new Root-CA
+certificates may be issued over time, these entries may need to be
+updated; new distributions of this software should come with an updated
+list but it is still the responsibility of the Administrator to check
+that this list is correct.
+
+Everytime @command{gpgsm} uses a certificate for signing or verification
+this file will be consulted to check whether the certificate under
+question has ultimately been issued by one of these CAs. If this is the
+case the user will be informed that the verified signature represents a
+legally binding (``qualified'') signature. When creating a signature
+using such a certificate an extra prompt will be issued to let the user
+confirm that such a legally binding signature shall really be created.
+
+Because this software has not yet been approved for use with such
+certificates, appropriate notices will be shown to indicate this fact.
+
+@item help.txt
+@cindex help.txt
+This is plain text file with a few help entries used with
+@command{pinentry} as well as a large list of help items for
+@command{gpg} and @command{gpgsm}. The standard file has English help
+texts; to install localized versions use filenames like @file{help.LL.txt}
+with LL denoting the locale. GnuPG comes with a set of predefined help
+files in the data directory (e.g. @file{/usr/share/gnupg/help.de.txt})
+and allows overriding of any help item by help files stored in the
+system configuration directory (e.g. @file{/etc/gnupg/help.de.txt}).
+For a reference of the help file's syntax, please see the installed
+@file{help.txt} file.
+
+
+@item com-certs.pem
+@cindex com-certs.pem
+This file is a collection of common certificates used to populated a
+newly created @file{pubring.kbx}. An administrator may replace this
+file with a custom one. The format is a concatenation of PEM encoded
+X.509 certificates. This global file is installed in the data directory
+(e.g. @file{/usr/share/gnupg/com-certs.pem}).
+
+@end table
+
+@c man:.RE
+Note that on larger installations, it is useful to put predefined files
+into the directory @file{/etc/skel/.gnupg/} so that newly created users
+start up with a working configuration. For existing users a small
+helper script is provided to create these files (@pxref{addgnupghome}).
+
+For internal purposes gpgsm creates and maintains a few other files;
+they all live in in the current home directory (@pxref{option
+--homedir}). Only @command{gpgsm} may modify these files.
+
+
+@table @file
+@item pubring.kbx
+@cindex pubring.kbx
+This a database file storing the certificates as well as meta
+information. For debugging purposes the tool @command{kbxutil} may be
+used to show the internal structure of this file. You should backup
+this file.
+
+@item random_seed
+@cindex random_seed
+This content of this file is used to maintain the internal state of the
+random number generator across invocations. The same file is used by
+other programs of this software too.
+
+@item S.gpg-agent
+@cindex S.gpg-agent
+If this file exists and the environment variable @env{GPG_AGENT_INFO} is
+not set, @command{gpgsm} will first try to connect to this socket for
+accessing @command{gpg-agent} before starting a new @command{gpg-agent}
+instance. Under Windows this socket (which in reality be a plain file
+describing a regular TCP listening port) is the standard way of
+connecting the @command{gpg-agent}.
+
+@end table
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** EXAMPLES ****************
+@c *************** ****************
+@c *******************************************
+@mansect examples
+@node GPGSM Examples
+@section Examples
+
+@example
+$ gpgsm -er goo@@bar.net <plaintext >ciphertext
+@end example
+
+
+@c *******************************************
+@c *************** **************
+@c *************** UNATTENDED **************
+@c *************** **************
+@c *******************************************
+@manpause
+@node Unattended Usage
+@section Unattended Usage
+
+@command{gpgsm} is often used as a backend engine by other software. To help
+with this a machine interface has been defined to have an unambiguous
+way to do this. This is most likely used with the @code{--server} command
+but may also be used in the standard operation mode by using the
+@code{--status-fd} option.
+
+@menu
+* Automated signature checking:: Automated signature checking.
+* CSR and certificate creation:: CSR and certificate creation.
+@end menu
+
+@node Automated signature checking,,,Unattended Usage
+@section Automated signature checking
+
+It is very important to understand the semantics used with signature
+verification. Checking a signature is not as simple as it may sound and
+so the operation is a bit complicated. In most cases it is required
+to look at several status lines. Here is a table of all cases a signed
+message may have:
+
+@table @asis
+@item The signature is valid
+This does mean that the signature has been successfully verified, the
+certificates are all sane. However there are two subcases with
+important information: One of the certificates may have expired or a
+signature of a message itself as expired. It is a sound practise to
+consider such a signature still as valid but additional information
+should be displayed. Depending on the subcase @command{gpgsm} will issue
+these status codes:
+ @table @asis
+ @item signature valid and nothing did expire
+ @code{GOODSIG}, @code{VALIDSIG}, @code{TRUST_FULLY}
+ @item signature valid but at least one certificate has expired
+ @code{EXPKEYSIG}, @code{VALIDSIG}, @code{TRUST_FULLY}
+ @item signature valid but expired
+ @code{EXPSIG}, @code{VALIDSIG}, @code{TRUST_FULLY}
+ Note, that this case is currently not implemented.
+ @end table
+
+@item The signature is invalid
+This means that the signature verification failed (this is an indication
+of af a transfer error, a program error or tampering with the message).
+@command{gpgsm} issues one of these status codes sequences:
+ @table @code
+ @item @code{BADSIG}
+ @item @code{GOODSIG}, @code{VALIDSIG} @code{TRUST_NEVER}
+ @end table
+
+@item Error verifying a signature
+For some reason the signature could not be verified, i.e. it cannot be
+decided whether the signature is valid or invalid. A common reason for
+this is a missing certificate.
+
+@end table
+
+@node CSR and certificate creation,,,Unattended Usage
+@section CSR and certificate creation
+
+@ifclear gpgtwoone
+@strong{Please notice}: The immediate creation of certificates is only
+supported by GnuPG version 2.1 or later. With a 2.0 version you may
+only create a CSR.
+@end ifclear
+
+The command @option{--gen-key} may be used along with the option
+@option{--batch} to either create a certificate signing request (CSR)
+or an X.509 certificate. The is controlled by a parameter file; the
+format of this file is as follows:
+
+@itemize @bullet
+@item Text only, line length is limited to about 1000 characters.
+@item UTF-8 encoding must be used to specify non-ASCII characters.
+@item Empty lines are ignored.
+@item Leading and trailing while space is ignored.
+@item A hash sign as the first non white space character indicates
+a comment line.
+@item Control statements are indicated by a leading percent sign, the
+arguments are separated by white space from the keyword.
+@item Parameters are specified by a keyword, followed by a colon. Arguments
+are separated by white space.
+@item The first parameter must be @samp{Key-Type}, control statements
+may be placed anywhere.
+@item
+The order of the parameters does not matter except for @samp{Key-Type}
+which must be the first parameter. The parameters are only used for
+the generated CSR/certificate; parameters from previous sets are not
+used. Some syntactically checks may be performed.
+@item
+Key generation takes place when either the end of the parameter file
+is reached, the next @samp{Key-Type} parameter is encountered or at the
+control statement @samp{%commit} is encountered.
+@end itemize
+
+@noindent
+Control statements:
+
+@table @asis
+
+@item %echo @var{text}
+Print @var{text} as diagnostic.
+
+@item %dry-run
+Suppress actual key generation (useful for syntax checking).
+
+@item %commit
+Perform the key generation. Note that an implicit commit is done at
+the next @asis{Key-Type} parameter.
+
+@c %certfile <filename>
+@c [Not yet implemented!]
+@c Do not write the certificate to the keyDB but to <filename>.
+@c This must be given before the first
+@c commit to take place, duplicate specification of the same filename
+@c is ignored, the last filename before a commit is used.
+@c The filename is used until a new filename is used (at commit points)
+@c and all keys are written to that file. If a new filename is given,
+@c this file is created (and overwrites an existing one).
+@c Both control statements must be given.
+@end table
+
+@noindent
+General Parameters:
+
+@table @asis
+
+@item Key-Type: @var{algo}
+Starts a new parameter block by giving the type of the primary
+key. The algorithm must be capable of signing. This is a required
+parameter. The only supported value for @var{algo} is @samp{rsa}.
+
+@item Key-Length: @var{nbits}
+The requested length of a generated key in bits. Defaults to 2048.
+
+@item Key-Grip: @var{hexstring}
+This is optional and used to generate a CSR or certificatet for an
+already existing key. Key-Length will be ignored when given.
+
+@item Key-Usage: @var{usage-list}
+Space or comma delimited list of key usage, allowed values are
+@samp{encrypt}, @samp{sign} and @samp{cert}. This is used to generate
+the keyUsage extension. Please make sure that the algorithm is
+capable of this usage. Default is to allow encrypt and sign.
+
+@item Name-DN: @var{subject-name}
+This is the Distinguished Name (DN) of the subject in RFC-2253 format.
+
+@item Name-Email: @var{string}
+This is an email address for the altSubjectName. This parameter is
+optional but may occur several times to add several email addresses to
+a certificate.
+
+@item Name-DNS: @var{string}
+The is an DNS name for the altSubjectName. This parameter is optional
+but may occur several times to add several DNS names to a certificate.
+
+@item Name-URI: @var{string}
+This is an URI for the altSubjectName. This parameter is optional but
+may occur several times to add several URIs to a certificate.
+@end table
+
+@noindent
+Additional parameters used to create a certificate (in contrast to a
+certificate signing request):
+
+@table @asis
+
+@item Serial: @var{sn}
+If this parameter is given an X.509 certificate will be generated.
+@var{sn} is expected to be a hex string representing an unsigned
+integer of arbitary length. The special value @samp{random} can be
+used to create a 64 bit random serial number.
+
+@item Issuer-DN: @var{issuer-name}
+This is the DN name of the issuer in rfc2253 format. If it is not set
+it will default to the subject DN and a special GnuPG extension will
+be included in the certificate to mark it as a standalone certificate.
+
+@item Creation-Date: @var{iso-date}
+@itemx Not-Before: @var{iso-date}
+Set the notBefore date of the certificate. Either a date like
+@samp{1986-04-26} or @samp{1986-04-26 12:00} or a standard ISO
+timestamp like @samp{19860426T042640} may be used. The time is
+considered to be UTC. If it is not given the current date is used.
+
+@item Expire-Date: @var{iso-date}
+@itemx Not-After: @var{iso-date}
+Set the notAfter date of the certificate. Either a date like
+@samp{2063-04-05} or @samp{2063-04-05 17:00} or a standard ISO
+timestamp like @samp{20630405T170000} may be used. The time is
+considered to be UTC. If it is not given a default value in the not
+too far future is used.
+
+@item Signing-Key: @var{keygrip}
+This gives the keygrip of the key used to sign the certificate. If it
+is not given a self-signed certificate will be created. For
+compatibility with future versions, it is suggested to prefix the
+keygrip with a @samp{&}.
+
+@item Hash-Algo: @var{hash-algo}
+Use @var{hash-algo} for this CSR or certificate. The supported hash
+algorithms are: @samp{sha1}, @samp{sha256}, @samp{sha384} and
+@samp{sha512}; they may also be specified with uppercase letters. The
+default is @samp{sha1}.
+
+@end table
+
+@c *******************************************
+@c *************** *****************
+@c *************** ASSSUAN *****************
+@c *************** *****************
+@c *******************************************
+@node GPGSM Protocol
+@section The Protocol the Server Mode Uses.
+
+Description of the protocol used to access @command{GPGSM}.
+@command{GPGSM} does implement the Assuan protocol and in addition
+provides a regular command line interface which exhibits a full client
+to this protocol (but uses internal linking). To start
+@command{gpgsm} as a server the command line the option
+@code{--server} must be used. Additional options are provided to
+select the communication method (i.e. the name of the socket).
+
+We assume that the connection has already been established; see the
+Assuan manual for details.
+
+@menu
+* GPGSM ENCRYPT:: Encrypting a message.
+* GPGSM DECRYPT:: Decrypting a message.
+* GPGSM SIGN:: Signing a message.
+* GPGSM VERIFY:: Verifying a message.
+* GPGSM GENKEY:: Generating a key.
+* GPGSM LISTKEYS:: List available keys.
+* GPGSM EXPORT:: Export certificates.
+* GPGSM IMPORT:: Import certificates.
+* GPGSM DELETE:: Delete certificates.
+* GPGSM GETINFO:: Information about the process
+@end menu
+
+
+@node GPGSM ENCRYPT
+@subsection Encrypting a Message
+
+Before encryption can be done the recipient must be set using the
+command:
+
+@example
+ RECIPIENT @var{userID}
+@end example
+
+Set the recipient for the encryption. @var{userID} should be the
+internal representation of the key; the server may accept any other way
+of specification. If this is a valid and trusted recipient the server
+does respond with OK, otherwise the return is an ERR with the reason why
+the recipient cannot be used, the encryption will then not be done for
+this recipient. If the policy is not to encrypt at all if not all
+recipients are valid, the client has to take care of this. All
+@code{RECIPIENT} commands are cumulative until a @code{RESET} or an
+successful @code{ENCRYPT} command.
+
+@example
+ INPUT FD[=@var{n}] [--armor|--base64|--binary]
+@end example
+
+Set the file descriptor for the message to be encrypted to @var{n}.
+Obviously the pipe must be open at that point, the server establishes
+its own end. If the server returns an error the client should consider
+this session failed. If @var{n} is not given, this commands uses the
+last file descriptor passed to the application.
+@xref{fun-assuan_sendfd, ,the assuan_sendfd function,assuan,the Libassuan
+manual}, on how to do descriptor passing.
+
+The @code{--armor} option may be used to advice the server that the
+input data is in @acronym{PEM} format, @code{--base64} advices that a
+raw base-64 encoding is used, @code{--binary} advices of raw binary
+input (@acronym{BER}). If none of these options is used, the server
+tries to figure out the used encoding, but this may not always be
+correct.
+
+@example
+ OUTPUT FD[=@var{n}] [--armor|--base64]
+@end example
+
+Set the file descriptor to be used for the output (i.e. the encrypted
+message). Obviously the pipe must be open at that point, the server
+establishes its own end. If the server returns an error he client
+should consider this session failed.
+
+The option armor encodes the output in @acronym{PEM} format, the
+@code{--base64} option applies just a base 64 encoding. No option
+creates binary output (@acronym{BER}).
+
+The actual encryption is done using the command
+
+@example
+ ENCRYPT
+@end example
+
+It takes the plaintext from the @code{INPUT} command, writes to the
+ciphertext to the file descriptor set with the @code{OUTPUT} command,
+take the recipients from all the recipients set so far. If this command
+fails the clients should try to delete all output currently done or
+otherwise mark it as invalid. @command{GPGSM} does ensure that there
+will not be any
+security problem with leftover data on the output in this case.
+
+This command should in general not fail, as all necessary checks have
+been done while setting the recipients. The input and output pipes are
+closed.
+
+
+@node GPGSM DECRYPT
+@subsection Decrypting a message
+
+Input and output FDs are set the same way as in encryption, but
+@code{INPUT} refers to the ciphertext and output to the plaintext. There
+is no need to set recipients. @command{GPGSM} automatically strips any
+@acronym{S/MIME} headers from the input, so it is valid to pass an
+entire MIME part to the INPUT pipe.
+
+The encryption is done by using the command
+
+@example
+ DECRYPT
+@end example
+
+It performs the decrypt operation after doing some check on the internal
+state. (e.g. that all needed data has been set). Because it utilizes
+the GPG-Agent for the session key decryption, there is no need to ask
+the client for a protecting passphrase - GpgAgent takes care of this by
+requesting this from the user.
+
+
+@node GPGSM SIGN
+@subsection Signing a Message
+
+Signing is usually done with these commands:
+
+@example
+ INPUT FD[=@var{n}] [--armor|--base64|--binary]
+@end example
+
+This tells @command{GPGSM} to read the data to sign from file descriptor @var{n}.
+
+@example
+ OUTPUT FD[=@var{m}] [--armor|--base64]
+@end example
+
+Write the output to file descriptor @var{m}. If a detached signature is
+requested, only the signature is written.
+
+@example
+ SIGN [--detached]
+@end example
+
+Sign the data set with the INPUT command and write it to the sink set by
+OUTPUT. With @code{--detached}, a detached signature is created
+(surprise).
+
+The key used for signing is the default one or the one specified in
+the configuration file. To get finer control over the keys, it is
+possible to use the command
+
+@example
+ SIGNER @var{userID}
+@end example
+
+to the signer's key. @var{userID} should be the
+internal representation of the key; the server may accept any other way
+of specification. If this is a valid and trusted recipient the server
+does respond with OK, otherwise the return is an ERR with the reason why
+the key cannot be used, the signature will then not be created using
+this key. If the policy is not to sign at all if not all
+keys are valid, the client has to take care of this. All
+@code{SIGNER} commands are cumulative until a @code{RESET} is done.
+Note that a @code{SIGN} does not reset this list of signers which is in
+contrats to the @code{RECIPIENT} command.
+
+
+@node GPGSM VERIFY
+@subsection Verifying a Message
+
+To verify a mesage the command:
+
+@example
+ VERIFY
+@end example
+
+is used. It does a verify operation on the message send to the input FD.
+The result is written out using status lines. If an output FD was
+given, the signed text will be written to that. If the signature is a
+detached one, the server will inquire about the signed material and the
+client must provide it.
+
+@node GPGSM GENKEY
+@subsection Generating a Key
+
+This is used to generate a new keypair, store the secret part in the
+@acronym{PSE} and the public key in the key database. We will probably
+add optional commands to allow the client to select whether a hardware
+token is used to store the key. Configuration options to
+@command{GPGSM} can be used to restrict the use of this command.
+
+@example
+ GENKEY
+@end example
+
+@command{GPGSM} checks whether this command is allowed and then does an
+INQUIRY to get the key parameters, the client should then send the
+key parameters in the native format:
+
+@example
+ S: INQUIRE KEY_PARAM native
+ C: D foo:fgfgfg
+ C: D bar
+ C: END
+@end example
+
+Please note that the server may send Status info lines while reading the
+data lines from the client. After this the key generation takes place
+and the server eventually does send an ERR or OK response. Status lines
+may be issued as a progress indicator.
+
+
+@node GPGSM LISTKEYS
+@subsection List available keys
+
+To list the keys in the internal database or using an external key
+provider, the command:
+
+@example
+ LISTKEYS @var{pattern}
+@end example
+
+is used. To allow multiple patterns (which are ORed during the search)
+quoting is required: Spaces are to be translated into "+" or into "%20";
+in turn this requires that the usual escape quoting rules are done.
+
+@example
+ LISTSECRETKEYS @var{pattern}
+@end example
+
+Lists only the keys where a secret key is available.
+
+The list commands commands are affected by the option
+
+@example
+ OPTION list-mode=@var{mode}
+@end example
+
+where mode may be:
+@table @code
+@item 0
+Use default (which is usually the same as 1).
+@item 1
+List only the internal keys.
+@item 2
+List only the external keys.
+@item 3
+List internal and external keys.
+@end table
+
+Note that options are valid for the entire session.
+
+
+@node GPGSM EXPORT
+@subsection Export certificates
+
+To export certificate from the internal key database the command:
+
+@example
+ EXPORT [--data [--armor] [--base64]] [--] @var{pattern}
+@end example
+
+is used. To allow multiple patterns (which are ORed) quoting is
+required: Spaces are to be translated into "+" or into "%20"; in turn
+this requires that the usual escape quoting rules are done.
+
+If the @option{--data} option has not been given, the format of the
+output depends on what was set with the OUTPUT command. When using
+@acronym{PEM} encoding a few informational lines are prepended.
+
+If the @option{--data} has been given, a target set via OUTPUT is
+ignored and the data is returned inline using standard
+@code{D}-lines. This avoids the need for an extra file descriptor. In
+this case the options @option{--armor} and @option{--base64} may be used
+in the same way as with the OUTPUT command.
+
+
+@node GPGSM IMPORT
+@subsection Import certificates
+
+To import certificates into the internal key database, the command
+
+@example
+ IMPORT [--re-import]
+@end example
+
+is used. The data is expected on the file descriptor set with the
+@code{INPUT} command. Certain checks are performed on the
+certificate. Note that the code will also handle PKCS#12 files and
+import private keys; a helper program is used for that.
+
+With the option @option{--re-import} the input data is expected to a be
+a linefeed separated list of fingerprints. The command will re-import
+the corresponding certificates; that is they are made permanent by
+removing their ephemeral flag.
+
+
+@node GPGSM DELETE
+@subsection Delete certificates
+
+To delete a certificate the command
+
+@example
+ DELKEYS @var{pattern}
+@end example
+
+is used. To allow multiple patterns (which are ORed) quoting is
+required: Spaces are to be translated into "+" or into "%20"; in turn
+this requires that the usual escape quoting rules are done.
+
+The certificates must be specified unambiguously otherwise an error is
+returned.
+
+@node GPGSM GETINFO
+@subsection Return information about the process
+
+This is a multipurpose function to return a variety of information.
+
+@example
+GETINFO @var{what}
+@end example
+
+The value of @var{what} specifies the kind of information returned:
+@table @code
+@item version
+Return the version of the program.
+@item pid
+Return the process id of the process.
+@item agent-check
+Return success if the agent is running.
+@item cmd_has_option @var{cmd} @var{opt}
+Return success if the command @var{cmd} implements the option @var{opt}.
+The leading two dashes usually used with @var{opt} shall not be given.
+@end table
+
+@mansect see also
+@ifset isman
+@command{gpg2}(1),
+@command{gpg-agent}(1)
+@end ifset
+@include see-also-note.texi
diff --git a/doc/gpgv.texi b/doc/gpgv.texi
new file mode 100644
index 0000000..b6047f4
--- /dev/null
+++ b/doc/gpgv.texi
@@ -0,0 +1,163 @@
+@c Copyright (C) 2004 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file GnuPG.texi.
+
+@c
+@c This is included by tools.texi.
+@c
+
+@c Begin GnuPG 1.x specific stuff
+@ifset gpgone
+@macro gpgvname
+gpgv
+@end macro
+@manpage gpgv.1
+@node gpgv
+@section Verify OpenPGP signatures
+@ifset manverb
+.B gpgv
+\- Verify OpenPGP signatures
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpgv
+.RI [ options ]
+.I signed_files
+@end ifset
+@end ifset
+@c End GnuPG 1.x specific stuff
+
+@c Begin GnuPG 2 specific stuff
+@ifclear gpgone
+@macro gpgvname
+gpgv2
+@end macro
+@manpage gpgv2.1
+@node gpgv
+@section Verify OpenPGP signatures
+@ifset manverb
+.B gpgv2
+\- Verify OpenPGP signatures
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpgv2
+.RI [ options ]
+.I signed_files
+@end ifset
+@end ifclear
+@c End GnuPG 2 specific stuff
+
+
+
+@mansect description
+@code{@gpgvname} is an OpenPGP signature verification tool.
+
+This program is actually a stripped-down version of @code{gpg} which is
+only able to check signatures. It is somewhat smaller than the fully-blown
+@code{gpg} and uses a different (and simpler) way to check that
+the public keys used to make the signature are valid. There are
+no configuration files and only a few options are implemented.
+
+@code{@gpgvname} assumes that all keys in the keyring are trustworthy.
+By default it uses a keyring named @file{trustedkeys.gpg} which is
+assumed to be in the home directory as defined by GnuPG or set by an
+option or an environment variable. An option may be used to specify
+another keyring or even multiple keyrings.
+
+@noindent
+@mansect options
+@code{@gpgvname} recognizes these options:
+
+@table @gnupgtabopt
+
+@item --verbose
+@itemx -v
+@opindex verbose
+Gives more information during processing. If used
+twice, the input data is listed in detail.
+
+@item --quiet
+@itemx -q
+@opindex quiet
+Try to be as quiet as possible.
+
+@item --keyring @var{file}
+@opindex keyring
+Add @var{file} to the list of keyrings.
+If @var{file} begins with a tilde and a slash, these
+are replaced by the HOME directory. If the filename
+does not contain a slash, it is assumed to be in the
+home-directory ("~/.gnupg" if --homedir is not used).
+
+@item --status-fd @var{n}
+@opindex status-fd
+Write special status strings to the file descriptor @var{n}. See the
+file DETAILS in the documentation for a listing of them.
+
+@item --logger-fd @code{n}
+@opindex logger-fd
+Write log output to file descriptor @code{n} and not to stderr.
+
+@item --ignore-time-conflict
+@opindex ignore-time-conflict
+GnuPG normally checks that the timestamps associated with keys and
+signatures have plausible values. However, sometimes a signature seems to
+be older than the key due to clock problems. This option turns these
+checks into warnings.
+
+@include opt-homedir.texi
+
+@end table
+
+@mansect return value
+
+The program returns 0 if everything is fine, 1 if at least
+one signature was bad, and other error codes for fatal errors.
+
+@mansect examples
+@subsection Examples
+
+@table @asis
+
+@item @gpgvname @code{pgpfile}
+@itemx @gpgvname @code{sigfile} [@code{datafile}]
+Verify the signature of the file. The second form is used for detached
+signatures, where @code{sigfile} is the detached signature (either
+ASCII-armored or binary) and @code{datafile} contains the signed data;
+if @code{datafile} is "-" the signed data is expected on
+@code{stdin}; if @code{datafile} is not given the name of the file
+holding the signed data is constructed by cutting off the extension
+(".asc", ".sig" or ".sign") from @code{sigfile}.
+
+@end table
+
+@mansect environment
+@subsection Environment
+
+@table @asis
+
+@item HOME
+Used to locate the default home directory.
+
+@item GNUPGHOME
+If set directory used instead of "~/.gnupg".
+
+@end table
+
+@mansect files
+@subsection FILES
+
+@table @asis
+
+@item ~/.gnupg/trustedkeys.gpg
+The default keyring with the allowed keys.
+
+@end table
+
+@mansect see also
+@command{gpg2}(1)
+@include see-also-note.texi
+
diff --git a/doc/gpl.texi b/doc/gpl.texi
new file mode 100644
index 0000000..7f9a48a
--- /dev/null
+++ b/doc/gpl.texi
@@ -0,0 +1,725 @@
+@node Copying
+
+@unnumbered GNU General Public License
+@center Version 3, 29 June 2007
+
+@c This file is intended to be included in another file.
+
+@display
+Copyright @copyright{} 2007 Free Software Foundation, Inc. @url{http://fsf.org/}
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+@end display
+
+@unnumberedsec Preamble
+
+The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom
+to share and change all versions of a program--to make sure it remains
+free software for all its users. We, the Free Software Foundation,
+use the GNU General Public License for most of our software; it
+applies also to any other work released this way by its authors. You
+can apply it to your programs, too.
+
+When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you
+have certain responsibilities if you distribute copies of the
+software, or if you modify it: responsibilities to respect the freedom
+of others.
+
+For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too,
+receive or can get the source code. And you must show them these
+terms so they know their rights.
+
+Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the
+manufacturer can do so. This is fundamentally incompatible with the
+aim of protecting users' freedom to change the software. The
+systematic pattern of such abuse occurs in the area of products for
+individuals to use, which is precisely where it is most unacceptable.
+Therefore, we have designed this version of the GPL to prohibit the
+practice for those products. If such problems arise substantially in
+other domains, we stand ready to extend this provision to those
+domains in future versions of the GPL, as needed to protect the
+freedom of users.
+
+Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish
+to avoid the special danger that patents applied to a free program
+could make it effectively proprietary. To prevent this, the GPL
+assures that patents cannot be used to render the program non-free.
+
+The precise terms and conditions for copying, distribution and
+modification follow.
+
+@iftex
+@unnumberedsec TERMS AND CONDITIONS
+@end iftex
+@ifinfo
+@center TERMS AND CONDITIONS
+@end ifinfo
+
+@enumerate 0
+@item Definitions.
+
+``This License'' refers to version 3 of the GNU General Public License.
+
+``Copyright'' also means copyright-like laws that apply to other kinds
+of works, such as semiconductor masks.
+
+``The Program'' refers to any copyrightable work licensed under this
+License. Each licensee is addressed as ``you''. ``Licensees'' and
+``recipients'' may be individuals or organizations.
+
+To ``modify'' a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of
+an exact copy. The resulting work is called a ``modified version'' of
+the earlier work or a work ``based on'' the earlier work.
+
+A ``covered work'' means either the unmodified Program or a work based
+on the Program.
+
+To ``propagate'' a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+To ``convey'' a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user
+through a computer network, with no transfer of a copy, is not
+conveying.
+
+An interactive user interface displays ``Appropriate Legal Notices'' to
+the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+@item Source Code.
+
+The ``source code'' for a work means the preferred form of the work for
+making modifications to it. ``Object code'' means any non-source form
+of a work.
+
+A ``Standard Interface'' means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+The ``System Libraries'' of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+``Major Component'', in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+The ``Corresponding Source'' for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+The Corresponding Source need not include anything that users can
+regenerate automatically from other parts of the Corresponding Source.
+
+The Corresponding Source for a work in source code form is that same
+work.
+
+@item Basic Permissions.
+
+All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+You may make, run and propagate covered works that you do not convey,
+without conditions so long as your license otherwise remains in force.
+You may convey covered works to others for the sole purpose of having
+them make modifications exclusively for you, or provide you with
+facilities for running those works, provided that you comply with the
+terms of this License in conveying all material for which you do not
+control copyright. Those thus making or running the covered works for
+you must do so exclusively on your behalf, under your direction and
+control, on terms that prohibit them from making any copies of your
+copyrighted material outside their relationship with you.
+
+Conveying under any other circumstances is permitted solely under the
+conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+@item Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such
+circumvention is effected by exercising rights under this License with
+respect to the covered work, and you disclaim any intention to limit
+operation or modification of the work as a means of enforcing, against
+the work's users, your or third parties' legal rights to forbid
+circumvention of technological measures.
+
+@item Conveying Verbatim Copies.
+
+You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+@item Conveying Modified Source Versions.
+
+You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these
+conditions:
+
+@enumerate a
+@item
+The work must carry prominent notices stating that you modified it,
+and giving a relevant date.
+
+@item
+The work must carry prominent notices stating that it is released
+under this License and any conditions added under section 7. This
+requirement modifies the requirement in section 4 to ``keep intact all
+notices''.
+
+@item
+You must license the entire work, as a whole, under this License to
+anyone who comes into possession of a copy. This License will
+therefore apply, along with any applicable section 7 additional terms,
+to the whole of the work, and all its parts, regardless of how they
+are packaged. This License gives no permission to license the work in
+any other way, but it does not invalidate such permission if you have
+separately received it.
+
+@item
+If the work has interactive user interfaces, each must display
+Appropriate Legal Notices; however, if the Program has interactive
+interfaces that do not display Appropriate Legal Notices, your work
+need not make them do so.
+@end enumerate
+
+A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+``aggregate'' if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+@item Conveying Non-Source Forms.
+
+You may convey a covered work in object code form under the terms of
+sections 4 and 5, provided that you also convey the machine-readable
+Corresponding Source under the terms of this License, in one of these
+ways:
+
+@enumerate a
+@item
+Convey the object code in, or embodied in, a physical product
+(including a physical distribution medium), accompanied by the
+Corresponding Source fixed on a durable physical medium customarily
+used for software interchange.
+
+@item
+Convey the object code in, or embodied in, a physical product
+(including a physical distribution medium), accompanied by a written
+offer, valid for at least three years and valid for as long as you
+offer spare parts or customer support for that product model, to give
+anyone who possesses the object code either (1) a copy of the
+Corresponding Source for all the software in the product that is
+covered by this License, on a durable physical medium customarily used
+for software interchange, for a price no more than your reasonable
+cost of physically performing this conveying of source, or (2) access
+to copy the Corresponding Source from a network server at no charge.
+
+@item
+Convey individual copies of the object code with a copy of the written
+offer to provide the Corresponding Source. This alternative is
+allowed only occasionally and noncommercially, and only if you
+received the object code with such an offer, in accord with subsection
+6b.
+
+@item
+Convey the object code by offering access from a designated place
+(gratis or for a charge), and offer equivalent access to the
+Corresponding Source in the same way through the same place at no
+further charge. You need not require recipients to copy the
+Corresponding Source along with the object code. If the place to copy
+the object code is a network server, the Corresponding Source may be
+on a different server (operated by you or a third party) that supports
+equivalent copying facilities, provided you maintain clear directions
+next to the object code saying where to find the Corresponding Source.
+Regardless of what server hosts the Corresponding Source, you remain
+obligated to ensure that it is available for as long as needed to
+satisfy these requirements.
+
+@item
+Convey the object code using peer-to-peer transmission, provided you
+inform other peers where the object code and Corresponding Source of
+the work are being offered to the general public at no charge under
+subsection 6d.
+
+@end enumerate
+
+A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+A ``User Product'' is either (1) a ``consumer product'', which means any
+tangible personal property which is normally used for personal,
+family, or household purposes, or (2) anything designed or sold for
+incorporation into a dwelling. In determining whether a product is a
+consumer product, doubtful cases shall be resolved in favor of
+coverage. For a particular product received by a particular user,
+``normally used'' refers to a typical or common use of that class of
+product, regardless of the status of the particular user or of the way
+in which the particular user actually uses, or expects or is expected
+to use, the product. A product is a consumer product regardless of
+whether the product has substantial commercial, industrial or
+non-consumer uses, unless such uses represent the only significant
+mode of use of the product.
+
+``Installation Information'' for a User Product means any methods,
+procedures, authorization keys, or other information required to
+install and execute modified versions of a covered work in that User
+Product from a modified version of its Corresponding Source. The
+information must suffice to ensure that the continued functioning of
+the modified object code is in no case prevented or interfered with
+solely because modification has been made.
+
+If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or
+updates for a work that has been modified or installed by the
+recipient, or for the User Product in which it has been modified or
+installed. Access to a network may be denied when the modification
+itself materially and adversely affects the operation of the network
+or violates the rules and protocols for communication across the
+network.
+
+Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+@item Additional Terms.
+
+``Additional permissions'' are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders
+of that material) supplement the terms of this License with terms:
+
+@enumerate a
+@item
+Disclaiming warranty or limiting liability differently from the terms
+of sections 15 and 16 of this License; or
+
+@item
+Requiring preservation of specified reasonable legal notices or author
+attributions in that material or in the Appropriate Legal Notices
+displayed by works containing it; or
+
+@item
+Prohibiting misrepresentation of the origin of that material, or
+requiring that modified versions of such material be marked in
+reasonable ways as different from the original version; or
+
+@item
+Limiting the use for publicity purposes of names of licensors or
+authors of the material; or
+
+@item
+Declining to grant rights under trademark law for use of some trade
+names, trademarks, or service marks; or
+
+@item
+Requiring indemnification of licensors and authors of that material by
+anyone who conveys the material (or modified versions of it) with
+contractual assumptions of liability to the recipient, for any
+liability that these contractual assumptions directly impose on those
+licensors and authors.
+@end enumerate
+
+All other non-permissive additional terms are considered ``further
+restrictions'' within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions; the
+above requirements apply either way.
+
+@item Termination.
+
+You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+However, if you cease all violation of this License, then your license
+from a particular copyright holder is reinstated (a) provisionally,
+unless and until the copyright holder explicitly and finally
+terminates your license, and (b) permanently, if the copyright holder
+fails to notify you of the violation by some reasonable means prior to
+60 days after the cessation.
+
+Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+@item Acceptance Not Required for Having Copies.
+
+You are not required to accept this License in order to receive or run
+a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+@item Automatic Licensing of Downstream Recipients.
+
+Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+An ``entity transaction'' is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+@item Patents.
+
+A ``contributor'' is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's ``contributor version''.
+
+A contributor's ``essential patent claims'' are all patent claims owned
+or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, ``control'' includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+In the following three paragraphs, a ``patent license'' is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To ``grant'' such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. ``Knowingly relying'' means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+A patent license is ``discriminatory'' if it does not include within the
+scope of its coverage, prohibits the exercise of, or is conditioned on
+the non-exercise of one or more of the rights that are specifically
+granted under this License. You may not convey a covered work if you
+are a party to an arrangement with a third party that is in the
+business of distributing software, under which you make payment to the
+third party based on the extent of your activity of conveying the
+work, and under which the third party grants, to any of the parties
+who would receive the covered work from you, a discriminatory patent
+license (a) in connection with copies of the covered work conveyed by
+you (or copies made from those copies), or (b) primarily for and in
+connection with specific products or compilations that contain the
+covered work, unless you entered into that arrangement, or that patent
+license was granted, prior to 28 March 2007.
+
+Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+@item No Surrender of Others' Freedom.
+
+If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey
+a covered work so as to satisfy simultaneously your obligations under
+this License and any other pertinent obligations, then as a
+consequence you may not convey it at all. For example, if you agree
+to terms that obligate you to collect a royalty for further conveying
+from those to whom you convey the Program, the only way you could
+satisfy both those terms and this License would be to refrain entirely
+from conveying the Program.
+
+@item Use with the GNU Affero General Public License.
+
+Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+@item Revised Versions of this License.
+
+The Free Software Foundation may publish revised and/or new versions
+of the GNU General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies that a certain numbered version of the GNU General Public
+License ``or any later version'' applies to it, you have the option of
+following the terms and conditions either of that numbered version or
+of any later version published by the Free Software Foundation. If
+the Program does not specify a version number of the GNU General
+Public License, you may choose any version ever published by the Free
+Software Foundation.
+
+If the Program specifies that a proxy can decide which future versions
+of the GNU General Public License can be used, that proxy's public
+statement of acceptance of a version permanently authorizes you to
+choose that version for the Program.
+
+Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+@item Disclaimer of Warranty.
+
+THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM ``AS IS'' WITHOUT
+WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
+PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
+DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
+CORRECTION.
+
+@item Limitation of Liability.
+
+IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR
+CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
+ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT
+NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
+LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
+TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
+PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+@item Interpretation of Sections 15 and 16.
+
+If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+@iftex
+@heading END OF TERMS AND CONDITIONS
+@end iftex
+@ifinfo
+@center END OF TERMS AND CONDITIONS
+@end ifinfo
+@unnumberedsec How to Apply These Terms to Your New Programs
+
+If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these
+terms.
+
+To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the ``copyright'' line and a pointer to where the full notice is found.
+@smallexample
+@var{one line to give the program's name and a brief idea of what it does.}
+Copyright (C) @var{year} @var{name of author}
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or (at
+your option) any later version.
+
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see @url{http://www.gnu.org/licenses/}.
+@end smallexample
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+@smallexample
+@var{program} Copyright (C) @var{year} @var{name of author}
+This program comes with ABSOLUTELY NO WARRANTY; for details type @samp{show w}.
+This is free software, and you are welcome to redistribute it under certain conditions; type @samp{show c} for details.
+@end smallexample
+
+The hypothetical commands @samp{show w} and @samp{show c} should show
+the appropriate parts of the General Public License. Of course, your
+program's commands might be different; for a GUI interface, you would
+use an ``about box''.
+
+You should also get your employer (if you work as a programmer) or school,
+if any, to sign a ``copyright disclaimer'' for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+@url{http://www.gnu.org/licenses/}.
+
+The GNU General Public License does not permit incorporating your
+program into proprietary programs. If your program is a subroutine
+library, you may consider it more useful to permit linking proprietary
+applications with the library. If this is what you want to do, use
+the GNU Lesser General Public License instead of this License. But
+first, please read @url{http://www.gnu.org/philosophy/why-not-lgpl.html}.
+
+@end enumerate
diff --git a/doc/help.be.txt b/doc/help.be.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.be.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.ca.txt b/doc/help.ca.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.ca.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.cs.txt b/doc/help.cs.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.cs.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.da.txt b/doc/help.da.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.da.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.de.txt b/doc/help.de.txt
new file mode 100644
index 0000000..ea2a4e4
--- /dev/null
+++ b/doc/help.de.txt
@@ -0,0 +1,279 @@
+# help.de.txt - German GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+# Die Datei help.txt beschreibt das verwendete Format.
+# Diese Datei muß UTF-8 kodiert sein.
+
+
+.#pinentry.qualitybar.tooltip
+# Dies ist lediglich eine kommentiertes Beispiel. Es ist am sinnvolssten
+# einen individuellen Text in /etc/gnupg/help.de.txt zu erstellen.
+Die Qualität der Passphrase, die Sie oben eingegeben haben. Bitte
+fragen sie Ihren Systembeauftragten nach den Kriterien für die Messung
+der Qualität.
+.
+
+
+
+
+.gpg.edit_ownertrust.value
+Sie müssen selbst entscheiden, welchen Wert Sie hier eintragen; dieser Wert
+wird niemals an eine dritte Seite weitergegeben. Wir brauchen diesen Wert,
+um das "Netz des Vertrauens" aufzubauen. Dieses hat nichts mit dem
+(implizit erzeugten) "Netz der Zertifikate" zu tun.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Um das Web-of-Trust aufzubauen muß GnuPG wissen, welchen Schlüsseln
+uneingeschränkt vertraut wird. Das sind üblicherweise die Schlüssel
+auf deren geheimen Schlüssel Sie Zugruff haben.
+Antworten Sie mit "yes" um diesen Schlüssel uneingeschränkt zu vertrauen
+
+.
+
+.gpg.untrusted_key.override
+Wenn Sie diesen nicht vertrauenswürdigen Schlüssel trotzdem benutzen wollen,
+so antworten Sie mit "ja".
+.
+
+.gpg.pklist.user_id.enter
+Geben Sie die User-ID dessen ein, dem Sie die Botschaft senden wollen.
+.
+
+.gpg.keygen.algo
+Wählen Sie das zu verwendene Verfahren.
+
+DSA (alias DSS) ist der "Digital Signature Algorithm" und kann nur für
+Unterschriften genutzt werden.
+
+Elgamal ist ein Verfahren nur für Verschlüsselung.
+
+RSA kann sowohl für Unterschriften als auch für Verschlüsselung genutzt
+werden.
+
+Der erste Schlüssel (Hauptschlüssel) muß immer ein Schlüssel sein, mit dem
+unterschrieben werden kann.
+.
+
+.gpg.keygen.algo.rsa_se
+Normalerweise ist es nicht gut, denselben Schlüssel zum unterschreiben
+und verschlüsseln zu nutzen. Dieses Verfahren sollte in speziellen
+Anwendungsgebiten benutzt werden. Bitte lassen Sie sich zuerst von
+einem Sicherheistexperten beraten.
+.
+
+.gpg.keygen.size
+Wählen Sie die gewünschte Schlüssellänge
+.
+
+.gpg.keygen.size.huge.okay
+Geben Sie "ja" oder "nein" ein
+.
+
+.gpg.keygen.size.large.okay
+Geben Sie "ja" oder "nein" ein
+.
+
+.gpg.keygen.valid
+Geben Sie den benötigten Wert so an, wie er im Prompt erscheint.
+Es ist zwar möglich ein "ISO"-Datum (JJJJ-MM-DD) einzugeben, aber man
+erhält dann ggfs. keine brauchbaren Fehlermeldungen - stattdessen versucht
+der Rechner den Wert als Intervall (von-bis) zu deuten.
+.
+
+.gpg.keygen.valid.okay
+Geben Sie "ja" oder "nein" ein
+.
+
+.gpg.keygen.name
+Geben Sie den Namen des Schlüsselinhabers ein.
+Beispiel: Heinrich Heine.
+.
+
+.gpg.keygen.email
+Geben Sie eine Email-Adresse ein. Dies ist zwar nicht unbedingt notwendig,
+aber sehr empfehlenswert.
+Beispiel: heinrichh@duesseldorf.de
+.
+
+.gpg.keygen.comment
+Geben Sie - bei Bedarf - einen Kommentar ein.
+.
+
+.gpg.keygen.userid.cmd
+N um den Namen zu ändern.
+K um den Kommentar zu ändern.
+E um die Email-Adresse zu ändern.
+F um mit der Schlüsselerzeugung fortzusetzen.
+B um die Schlüsselerzeugung abbrechen.
+.
+
+.gpg.keygen.sub.okay
+Geben Sie "ja" (oder nur "j") ein, um den Unterschlüssel zu erzeugen.
+.
+
+.gpg.sign_uid.okay
+Geben Sie "ja" oder "nein" ein
+.
+
+.gpg.sign_uid.class
+Wenn Sie die User-ID eines Schlüssels beglaubigen wollen, sollten Sie zunächst
+sicherstellen, daß der Schlüssel demjenigen gehört, der in der User-ID genannt
+ist. Für Dritte ist es hilfreich zu wissen, wie gut diese Zuordnung überprüft
+wurde.
+
+"0" zeigt, daß Sie keine bestimmte Aussage über die Sorgfalt der
+ Schlüsselzuordnung machen.
+
+"1" Sie glauben, daß der Schlüssel der benannten Person gehört,
+ aber Sie konnten oder nahmen die Überpüfung überhaupt nicht vor.
+ Dies ist hilfreich für eine "persona"-Überprüfung, wobei man den
+ Schlüssel eines Pseudonym-Trägers beglaubigt
+
+"2" Sie nahmen eine flüchtige Überprüfung vor. Das heißt Sie haben z.B.
+ den Schlüsselfingerabdruck kontrolliert und die User-ID des Schlüssels
+ anhand des Fotos geprüft.
+
+"3" Sie haben eine ausführlich Kontrolle des Schlüssels vorgenommen.
+ Das kann z.B. die Kontrolle des Schlüsselfingerabdrucks mit dem
+ Schlüsselinhaber persönlich vorgenommen haben; daß Sie die User-ID des
+ Schlüssel anhand einer schwer zu fälschenden Urkunde mit Foto (wie z.B.
+ einem Paß) abgeglichen haben und schließlich per Email-Verkehr die
+ Email-Adresse als zum Schlüsselbesitzer gehörig erkannt haben.
+
+Beachten Sie, daß diese Beispiele für die Antworten 2 und 3 *nur* Beispiele
+sind. Schlußendlich ist es Ihre Sache, was Sie unter "flüchtig" oder
+ "ausführlich" verstehen, wenn Sie Schlüssel Dritter beglaubigen.
+
+Wenn Sie nicht wissen, wie Sie antworten sollen, wählen Sie "0".
+.
+
+.gpg.change_passwd.empty.okay
+Geben Sie "ja" oder "nein" ein
+.
+
+.gpg.keyedit.save.okay
+Geben Sie "ja" oder "nein" ein
+.
+
+.gpg.keyedit.cancel.okay
+Geben Sie "ja" oder "nein" ein
+.
+
+.gpg.keyedit.sign_all.okay
+Geben Sie "ja" (oder nur "j") ein, um alle User-IDs zu beglaubigen
+.
+
+.gpg.keyedit.remove.uid.okay
+Geben Sie "ja" (oder nur "j") ein, um diese User-ID zu LÖSCHEN.
+Alle Zertifikate werden dann auch weg sein!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Geben Sie "ja" (oder nur "j") ein, um diesen Unterschlüssel zu löschen
+.
+
+.gpg.keyedit.delsig.valid
+Dies ist eine gültige Beglaubigung für den Schlüssel. Es ist normalerweise
+unnötig sie zu löschen. Sie ist möglicherweise sogar notwendig, um einen
+Trust-Weg zu diesem oder einem durch diesen Schlüssel beglaubigten Schlüssel
+herzustellen.
+.
+
+.gpg.keyedit.delsig.unknown
+Diese Beglaubigung kann nicht geprüft werden, da Sie den passenden Schlüssel
+nicht besitzen. Sie sollten die Löschung der Beglaubigung verschieben, bis
+sie wissen, welcher Schlüssel verwendet wurde. Denn vielleicht würde genau
+diese Beglaubigung den "Trust"-Weg komplettieren.
+.
+
+.gpg.keyedit.delsig.invalid
+Diese Beglaubigung ist ungültig. Es ist sinnvoll sie aus Ihrem
+Schlüsselbund zu entfernen.
+.
+
+.gpg.keyedit.delsig.selfsig
+Diese Beglaubigung bindet die User-ID an den Schlüssel. Normalerweise ist
+es nicht gut, solche Beglaubigungen zu entfernen. Um ehrlich zu sein:
+Es könnte dann sein, daß GnuPG diesen Schlüssel gar nicht mehr benutzen kann.
+Sie sollten diese Eigenbeglaubigung also nur dann entfernen, wenn sie aus
+irgendeinem Grund nicht gültig ist und eine zweite Beglaubigung verfügbar ist.
+.
+
+.gpg.keyedit.updpref.okay
+Ändern der Voreinstellung aller User-IDs (oder nur der ausgewählten)
+auf die aktuelle Liste der Voreinstellung. Die Zeitangaben aller betroffenen
+Eigenbeglaubigungen werden um eine Sekunde vorgestellt.
+
+.
+
+.gpg.passphrase.enter
+Bitte geben Sie die Passphrase ein. Dies ist ein geheimer Satz
+
+.
+
+.gpg.passphrase.repeat
+Um sicher zu gehen, daß Sie sich bei der Eingabe der Passphrase nicht
+vertippt haben, geben Sie diese bitte nochmal ein. Nur wenn beide Eingaben
+übereinstimmen, wird die Passphrase akzeptiert.
+.
+
+.gpg.detached_signature.filename
+Geben Sie den Namen der Datei an, zu dem die abgetrennte Unterschrift gehört
+.
+
+.gpg.openfile.overwrite.okay
+Geben Sie "ja" ein, wenn Sie die Datei überschreiben möchten
+.
+
+.gpg.openfile.askoutname
+Geben Sie bitte einen neuen Dateinamen ein. Falls Sie nur die
+Eingabetaste betätigen, wird der (in Klammern angezeigte) Standarddateiname
+verwendet.
+.
+
+.gpg.ask_revocation_reason.code
+Sie sollten einen Grund für die Zertifizierung angeben. Je nach
+Zusammenhang können Sie aus dieser Liste auswählen:
+ "Schlüssel wurde kompromitiert"
+ Falls Sie Grund zu der Annahme haben, daß nicht berechtigte Personen
+ Zugriff zu Ihrem geheimen Schlüssel hatten
+ "Schlüssel ist überholt"
+ Falls Sie diesen Schlüssel durch einem neuen ersetzt haben.
+ "Schlüssel wird nicht mehr benutzt"
+ Falls Sie diesen Schlüssel zurückgezogen haben.
+ "User-ID ist nicht mehr gültig"
+ Um bekanntzugeben, daß die User-ID nicht mehr benutzt werden soll.
+ So weist man normalerweise auf eine ungültige Emailadresse hin.
+
+.
+
+.gpg.ask_revocation_reason.text
+Wenn Sie möchten, können Sie hier einen Text eingeben, der darlegt, warum
+Sie diesen Widerruf herausgeben. Der Text sollte möglichst knapp sein.
+Eine Leerzeile beendet die Eingabe.
+
+.
+
+
+
+# Local variables:
+# mode: default-generic
+# coding: utf-8
+# End:
diff --git a/doc/help.el.txt b/doc/help.el.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.el.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.eo.txt b/doc/help.eo.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.eo.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.es.txt b/doc/help.es.txt
new file mode 100644
index 0000000..42e531b
--- /dev/null
+++ b/doc/help.es.txt
@@ -0,0 +1,251 @@
+# help.es.txt - es GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Está en su mano asignar un valor aquí. Dicho valor nunca será exportado a
+terceros. Es necesario para implementar la red de confianza, no tiene nada
+que ver con la red de certificados (implícitamente creada).
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Para construir la Red-de-Confianza, GnuPG necesita saber qué claves
+tienen confianza absoluta - normalmente son las claves para las que usted
+puede acceder a la clave secreta. Conteste "sí" para hacer que esta
+clave se considere como de total confianza
+
+.
+
+.gpg.untrusted_key.override
+Si quiere usar esta clave no fiable de todos modos, conteste "sí".
+.
+
+.gpg.pklist.user_id.enter
+Introduzca el ID de usuario al que quiere enviar el mensaje.
+.
+
+.gpg.keygen.algo
+Seleccione el algoritmo que usar.
+
+DSA (alias DSS) es el Algoritmo de Firma Digital y sólo se usa para firmas.
+
+Elgamal es un algoritmo sólo para cifrar.
+
+RSA sirve tanto para firmar como para cifrar.
+
+La primera clave (clave primaria) debe ser siempre de tipo capaz de firmar.
+.
+
+.gpg.keygen.algo.rsa_se
+En general no es una buena idea usar la misma clave para firmar y
+cifrar. Este algoritmo debéria usarse solo en ciertos contextos.
+Por favor consulte primero a un experto en seguridad.
+.
+
+.gpg.keygen.size
+Introduzca la longitud de la clave
+.
+
+.gpg.keygen.size.huge.okay
+Responda "sí" o "no"
+.
+
+.gpg.keygen.size.large.okay
+Responda "sí" o "no"
+.
+
+.gpg.keygen.valid
+Introduzca el valor requerido conforme se muestra.
+Es posible introducir una fecha ISO (AAAA-MM-DD), pero no se obtendrá una
+buena respuesta a los errores; el sistema intentará interpretar el valor
+introducido como un intervalo.
+.
+
+.gpg.keygen.valid.okay
+Responda "sí" o "no"
+.
+
+.gpg.keygen.name
+Introduzca el nombre del dueño de la clave
+.
+
+.gpg.keygen.email
+Introduzca una dirección de correo electrónico (opcional pero muy
+recomendable)
+.
+
+.gpg.keygen.comment
+Introduzca un comentario opcional
+.
+
+.gpg.keygen.userid.cmd
+N para cambiar el nombre.
+C para cambiar el comentario.
+E para cambiar la dirección.
+O para continuar con la generación de clave.
+S para interrumpir la generación de clave.
+.
+
+.gpg.keygen.sub.okay
+Responda "sí" (o sólo "s") para generar la subclave.
+.
+
+.gpg.sign_uid.okay
+Responda "sí" o "no"
+.
+
+.gpg.sign_uid.class
+Cuando firme un ID de usuario en una clave, debería verificar que la clave
+pertenece a la persona que se nombra en el ID de usuario. Es útil para
+otros saber cómo de cuidadosamente lo ha verificado.
+
+"0" significa que no hace ninguna declaración concreta sobre como ha
+ comprobado la validez de la clave.
+
+"1" significa que cree que la clave pertenece a la persona que declara
+ poseerla pero no pudo o no verificó la clave en absoluto. Esto es útil
+ para una verificación en persona cuando firmas la clave de un usuario
+ pseudoanónimo.
+
+"2" significa que hizo una comprobación informal de la clave. Por ejemplo
+ podría querer decir que comprobó la huella dactilar de la clave y
+ comprobó el ID de usuario en la clave con un ID fotográfico.
+
+"3" significa que hizo una comprobación exhaustiva de la clave. Por
+ ejemplo verificando la huella dactilar de la clave con el propietario
+ de la clave, y que comprobó, mediante un documento difícil de falsificar
+ con ID fotográfico (como un pasaporte) que el nombre del poseedor de la
+ clave coincide con el ID de usuario en la clave y finalmente que verificó
+ (intercambiando email) que la dirección de email de la clave pertenece
+ al poseedor de la clave.
+
+Observe que los ejemplos dados en los niveles 2 y 3 son *solo* ejemplos.
+En definitiva, usted decide lo que significa "informal" y "exhaustivo"
+para usted cuando firma las claves de otros.
+
+Si no sabe qué contestar, conteste "0".
+.
+
+.gpg.change_passwd.empty.okay
+Responda "sí" o "no"
+.
+
+.gpg.keyedit.save.okay
+Responda "sí" o "no"
+.
+
+.gpg.keyedit.cancel.okay
+Responda "sí" o "no"
+.
+
+.gpg.keyedit.sign_all.okay
+Responda "sí" si quiere firmar TODOS los IDs de usuario
+.
+
+.gpg.keyedit.remove.uid.okay
+Responda "sí" si realmente quiere borrar este ID de usuario.
+¡También se perderán todos los certificados!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Responda "sí" si quiere borrar esta subclave
+.
+
+.gpg.keyedit.delsig.valid
+Esta es una firma válida de esta clave. Normalmente no será deseable
+borrar esta firma ya que puede ser importante para establecer una conexión
+de confianza con la clave o con otra clave certificada por ésta.
+.
+
+.gpg.keyedit.delsig.unknown
+Esta firma no puede ser comprobada porque no tiene Vd. la clave
+correspondiente. Debería posponer su borrado hasta conocer qué clave
+se usó, ya que dicha clave podría establecer una conexión de confianza
+a través de otra clave certificada.
+.
+
+.gpg.keyedit.delsig.invalid
+Esta firma no es válida. Tiene sentido borrarla de su anillo.
+.
+
+.gpg.keyedit.delsig.selfsig
+Esta es una firma que une el ID de usuario a la clave. No suele ser una
+buena idea borrar dichas firmas. De hecho, GnuPG podría no ser capaz de
+volver a usar esta clave. Así que bórrela tan sólo si esta autofirma no
+es válida por alguna razón y hay otra disponible.
+.
+
+.gpg.keyedit.updpref.okay
+Cambiar las preferencias de todos los IDs de usuario (o sólo los
+seleccionados) a la lista actual de preferencias. El sello de tiempo
+de todas las autofirmas afectadas se avanzará en un segundo.
+
+.
+
+.gpg.passphrase.enter
+Por favor introduzca la contraseña: una frase secreta
+
+.
+
+.gpg.passphrase.repeat
+Repita la última frase contraseña para asegurarse de lo que tecleó.
+.
+
+.gpg.detached_signature.filename
+Introduzca el nombre del fichero al que corresponde la firma
+.
+
+.gpg.openfile.overwrite.okay
+Responda "sí" para sobreescribir el fichero
+.
+
+.gpg.openfile.askoutname
+Introduzca un nuevo nombre de fichero. Si pulsa INTRO se usará el fichero
+por omisión (mostrado entre corchetes).
+.
+
+.gpg.ask_revocation_reason.code
+Debería especificar un motivo para la certificación. Dependiendo del
+contexto puede elegir una opción de esta lista:
+ "La clave ha sido comprometida"
+ Use esto si tiene razones para pensar que personas no autorizadas
+ tuvieron acceso a su clave secreta.
+ "La clave ha sido sustituida"
+ Use esto si ha reemplazado la clave por otra más nueva.
+ "La clave ya no está en uso"
+ Use esto si ha dejado de usar esta clave.
+ "La identificación de usuario ya no es válida"
+ Use esto para señalar que la identificación de usuario no debería
+ seguir siendo usada; esto se utiliza normalmente para marcar una
+ dirección de correo-e como inválida.
+
+.
+
+.gpg.ask_revocation_reason.text
+Si lo desea puede introducir un texto explicando por qué emite
+este certificado de revocación. Por favor, que el texto sea breve.
+Una línea vacía pone fin al texto.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.et.txt b/doc/help.et.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.et.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.fi.txt b/doc/help.fi.txt
new file mode 100644
index 0000000..9f92246
--- /dev/null
+++ b/doc/help.fi.txt
@@ -0,0 +1,256 @@
+# help.fi.txt - fi GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Tämän arvon määrittäminen on sinun tehtäväsi, tätä arvoa ei koskaan
+kerrota kolmansille osapuolille. Tarvitsemme sitä toteuttamaan
+luottamusverkko eikä sillä ei ole mitään tekemistä (epäsuorasti luotujen)
+varmenneverkkojen kanssa.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Rakentaakseen luottamusverkon, GnuPG:n täytyy tietää mihin avaimiin
+luotetaan ehdottomasti - nämä ovat tavallisesti ne avaimet, joiden salainen
+pari on sinulla. Vastaa "kyllä" luottaaksesi tähän avaimeen ehdoitta
+
+.
+
+.gpg.untrusted_key.override
+Vastaa "kyllä" jos haluat kaikesta huolimatta käyttää tätä epäluotettavaa
+avainta.
+.
+
+.gpg.pklist.user_id.enter
+Syötä vastaanottajan, jolle haluat lähettää viestin, käyttäjätunnus.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.gpg.keygen.algo.rsa_se
+Yleensä ei ole järkevää käyttää samaa avainta allekirjoitukseen
+ja salaamiseen. Tätä algorimiä tulisi käyttää vain määrätyissä ympäristöissä.
+Ole hyvä ja kysy tietoturva-asiantuntijaltasi ensin
+.
+
+.gpg.keygen.size
+Syötä avaimen koko
+.
+
+.gpg.keygen.size.huge.okay
+Vastaa "kyllä" tai " ei"
+.
+
+.gpg.keygen.size.large.okay
+Vastaa "kyllä" tai " ei"
+.
+
+.gpg.keygen.valid
+Syötä pyydetty arvo kuten näkyy kehotteessa.
+On mahdollista syöttää ISO-muotoinen päivä (VVVV-KK-PP),
+mutta sen seurauksena et saa kunnollista virheilmoitusta
+vaan järjestelmä yrittää tulkita arvon aikajaksona.
+.
+
+.gpg.keygen.valid.okay
+Vastaa "kyllä" tai " ei"
+.
+
+.gpg.keygen.name
+Anna avaimen haltijan nimi
+.
+
+.gpg.keygen.email
+anna vapaaehtoinen, mutta erittäin suositeltava sähköpostiosoite
+.
+
+.gpg.keygen.comment
+Kirjoita vapaaehtoinen huomautus
+.
+
+.gpg.keygen.userid.cmd
+N muuta nimeä
+C muuta kommenttia
+E muuta sähköpostiosoitetta
+O jatka avaimen luomista
+L lopeta
+.
+
+.gpg.keygen.sub.okay
+Vastaa "kyllä" (tai vain "k") jos haluat luoda aliavaimen.
+.
+
+.gpg.sign_uid.okay
+Vastaa "kyllä" tai " ei"
+.
+
+.gpg.sign_uid.class
+Allekirjoittaessasi avaimen käyttäjätunnuksen sinun tulisi varmista, että
+avain todella kuuluu henkilölle, joka mainitaan käyttäjätunnuksessa. Muiden
+on hyvä tietää kuinka huolellisesti olet varmistanut tämän.
+
+"0" tarkoittaa, että et väitä mitään siitä, kuinka huolellisesti olet
+ varmistanut avaimen.
+
+"1" tarkoittaa, että uskot avaimen kuuluvan henkilölle, joka väittää
+ hallitsevan sitä, mutta et voinut varmistaa tai et varmistanut avainta
+ lainkaan. Tämä on hyödyllinen "persoonan" varmistamiseen, jossa
+ allekirjoitat pseudonyymin käyttäjän avaimen.
+
+"2" tarkoittaa arkista varmistusta. Esimerkiksi olet varmistanut
+ avaimen sormenjäljen ja tarkistanut käyttäjätunnuksen ja
+ valokuvatunnisteen täsmäävän.
+
+"3" tarkoittaa syvällistä henkilöllisyyden varmistamista. Esimerkiksi
+ tämä voi tarkoittaa avaimen sormenjäljen tarkistamista avaimen haltijan
+ kanssa henkilökohtaisesti, ja että tarkistit nimen avaimessa täsmäävän
+ vaikeasti väärennettävän kuvallisen henkilöllisyystodistuksen (kuten
+ passi) kanssa, ja lopuksi varmistit (sähköpostin vaihtamisella), että
+ sähköpostiosoite kuuluu avaimen haltijalle.
+
+Huomaa, että yllä annetut esimerkit tasoille 2 ja 3 ovat todellakin *vain*
+esimerkkejä. Lopullisesti se on sinun päätöksesi mitä "arkinen" ja
+"syvällinen" tarkoittaa allekirjoittaessasi muita avaimia.
+
+Jos et tiedä mikä olisi sopiva vastaus, vastaa "0".
+.
+
+.gpg.change_passwd.empty.okay
+Vastaa "kyllä" tai " ei"
+.
+
+.gpg.keyedit.save.okay
+Vastaa "kyllä" tai " ei"
+.
+
+.gpg.keyedit.cancel.okay
+Vastaa "kyllä" tai " ei"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.gpg.keyedit.remove.uid.okay
+Vastaa "kyllä", jos haluat poistaa tämän käyttäjätunnuksen.
+Menetät samalla kaikki siihen liittyvät varmenteet!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Vastaa "kyllä", jos aliavaimen voi poistaa
+.
+
+.gpg.keyedit.delsig.valid
+Tämä on voimassa oleva allekirjoitus tälle avaimelle, tavallisesti ei
+kannata poistaa tätä allekirjoitusta koska se saattaa olla tarpeen
+luottamussuhteen luomiseksi avaimeen tai johonkin toiseen tämän avaimen
+varmentamaan avaimeen.
+.
+
+.gpg.keyedit.delsig.unknown
+Allekirjoitusta ei voida tarkistaa koska sinulla ei ole
+siihen liittyvää avainta. Lykkää sen poistamista kunnes
+ tiedät mitä avainta on käytetty, koska allekirjoitus
+avain saattaa luoda luottamusketjun toisen, jo ennalta
+varmennetun avaimen kautta.
+.
+
+.gpg.keyedit.delsig.invalid
+Allekirjoitus ei ole pätevä. Järkevintä olisi poistaa se
+avainrenkaastasi.
+.
+
+.gpg.keyedit.delsig.selfsig
+Tämä allekirjoitus takaa avaimen haltijan henkilöllisyyden.
+Tällaisen allekirjoituksen poistaminen on tavallisesti huono
+ajatus. GnuPG ei kenties voi käyttää avainta enää. Poista
+allekirjoitus vain, jos se ei ole jostain syystä pätevä, ja
+avaimella on jo toinen allekirjoitus.
+.
+
+.gpg.keyedit.updpref.okay
+Muuta valinnat kaikille käyttäjätunnuksille (tai vain valituille)
+nykyiseen luetteloon valinnoista. Kaikkien muutettujen
+oma-allekirjoitusten aikaleima siirretään yhdellä sekunnilla eteenpäin.
+
+.
+
+.gpg.passphrase.enter
+Ole hyvä ja syötä salasana, tämän on salainen lause
+
+.
+
+.gpg.passphrase.repeat
+Toista edellinen salasanasi varmistuaksesi siitä, mitä kirjoitit.
+.
+
+.gpg.detached_signature.filename
+Anna allekirjoitetun tiedoston nimi
+.
+
+.gpg.openfile.overwrite.okay
+Vastaa "kyllä", jos tiedoston voi ylikirjoittaa
+.
+
+.gpg.openfile.askoutname
+Syötä uusi tiedostonimi. Jos painat vain RETURN, käytetään
+oletustiedostoa (joka näkyy sulkeissa).
+.
+
+.gpg.ask_revocation_reason.code
+Sinun tulisi määrittää syy varmenteelle. Riippuen asiayhteydestä
+voit valita tästä listasta:
+ "Avain on paljastunut"
+ Käytä tätä, jos sinulla on syytä uskoa, että luvattomat henkilöt
+ ovat saaneet salaisen avaimesi käsiinsä.
+ "Avain on korvattu"
+ Käytä tätä, jos olet korvannut tämän uudemmalla avaimella.
+ "Avain ei ole enää käytössä"
+ Käytä tätä, jost ole lopettanut tämän avaimen käytön.
+ "Käyttäjätunnus ei ole enää voimassa"
+ Käytä tätä ilmoittamaan, että käyttäjätunnusta ei pitäisi käyttää;
+ tätä normaalisti käytetään merkitsemään sähköpostiosoite vanhenneeksi.
+
+.
+
+.gpg.ask_revocation_reason.text
+Halutessasi voit kirjoittaa tähän kuvauksen miksi julkaiset tämän
+mitätöintivarmenteen. Kirjoita lyhyesti.
+Tyhjä rivi päättää tekstin.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.fr.txt b/doc/help.fr.txt
new file mode 100644
index 0000000..c18fea0
--- /dev/null
+++ b/doc/help.fr.txt
@@ -0,0 +1,256 @@
+# help.fr.txt - fr GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+C'est à vous d'assigner une valeur ici; cette valeur ne sera jamais
+envoyée à une tierce personne. Nous en avons besoin pour créer le réseau
+de confiance (web-of-trust); cela n'a rien à voir avec le réseau des
+certificats (créé implicitement)
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Pour mettre en place le Réseau de confiance (Web of Trust), GnuPG a
+besoin de savoir en quelles clés votre confiance est ultime - ce sont
+en général les clés dont vous avez accès à la clé secrète. Répondez
+"oui" pour indiquer que votre confiance en cette clé est ultime
+
+.
+
+.gpg.untrusted_key.override
+Si vous voulez utiliser cette clé peu sûre quand-même, répondez «oui».
+.
+
+.gpg.pklist.user_id.enter
+Entrez le nom d'utilisateur de la personne à qui vous voulez envoyer
+le message.
+.
+
+.gpg.keygen.algo
+Sélectionnez l'algorithme à utiliser.
+
+DSA (connu également sous le nom de DSS) est un algorithme de signature
+digitale et ne peut être utilisé que pour des signatures.
+
+Elgamal est un algorithme pour le chiffrement seul.
+
+RSA peut être utilisé pour les signatures et le chiffrement.
+
+La première clé (clé principale) doit toujours être une clé capable
+de signer.
+.
+
+.gpg.keygen.algo.rsa_se
+En général ce n'est pas une bonne idée d'utiliser la même clé pour
+signer et pour chiffrer. Cet algorithme ne doit être utilisé que
+pour certains domaines.
+Consultez votre expert en sécurité d'abord.
+.
+
+.gpg.keygen.size
+Entrez la taille de la clé
+.
+
+.gpg.keygen.size.huge.okay
+Répondez «oui» ou «non»
+.
+
+.gpg.keygen.size.large.okay
+Répondez «oui» ou «non»
+.
+
+.gpg.keygen.valid
+Entrez la valeur demandée comme indiqué dans la ligne de commande.
+On peut entrer une date ISO (AAAA-MM-JJ) mais le résultat d'erreur sera
+mauvais - le système essaierait d'interpréter la valeur donnée comme un
+intervalle.
+.
+
+.gpg.keygen.valid.okay
+Répondez «oui» ou «non»
+.
+
+.gpg.keygen.name
+Entrez le nom du propriétaire de la clé
+.
+
+.gpg.keygen.email
+entrez une adresse e-mail optionnelle mais hautement recommandée
+.
+
+.gpg.keygen.comment
+Entrez un commentaire optionnel
+.
+
+.gpg.keygen.userid.cmd
+N pour changer le nom.
+C pour changer le commentaire.
+E pour changer l'adresse e-mail.
+O pour continuer à générer la clé.
+Q pour arrêter de générer de clé.
+.
+
+.gpg.keygen.sub.okay
+Répondez «oui» (ou simplement «o») pour générer la sous-clé
+.
+
+.gpg.sign_uid.okay
+Répondez «oui» ou «non»
+.
+
+.gpg.sign_uid.class
+Quand vous signez un nom d'utilisateur d'une clé, vous devriez d'abord
+vérifier que la clé appartient à la personne nommée. Il est utile que
+les autres personnes sachent avec quel soin vous l'avez vérifié.
+
+"0" signifie que vous n'avez pas d'opinon.
+
+"1" signifie que vous croyez que la clé appartient à la personne qui
+dit la posséder mais vous n'avez pas pu vérifier du tout la clé.
+C'est utile lorsque vous signez la clé d'un pseudonyme.
+
+"2" signifie que vous avez un peu vérifié la clé. Par exemple, cela
+pourrait être un vérification de l'empreinte et du nom de
+l'utilisateur avec la photo.
+
+"3" signifie que vous avez complètement vérifié la clé. Par exemple,
+cela pourrait être une vérification de l'empreinte, du nom de
+l'utilisateur avec un document difficile à contrefaire (comme un
+passeport) et de son adresse e-mail (vérifié par un échange de
+courrier électronique).
+
+Notez bien que les exemples donnés ci-dessus pour les niveaux 2 et
+3 ne sont *que* des exemples.
+C'est à vous de décider quelle valeur mettre quand vous signez
+les clés des autres personnes.
+
+Si vous ne savez pas quelle réponse est la bonne, répondez "0".
+.
+
+.gpg.change_passwd.empty.okay
+Répondez «oui» ou «non»
+.
+
+.gpg.keyedit.save.okay
+Répondez «oui» ou «non»
+.
+
+.gpg.keyedit.cancel.okay
+Répondez «oui» ou «non»
+.
+
+.gpg.keyedit.sign_all.okay
+Répondez «oui» si vous voulez signer TOUS les noms d'utilisateurs
+.
+
+.gpg.keyedit.remove.uid.okay
+Répondez «oui» si vous voulez vraiment supprimer ce nom
+d'utilisateur. Tous les certificats seront alors perdus en même temps !
+.
+
+.gpg.keyedit.remove.subkey.okay
+Répondez «oui» s'il faut vraiment supprimer la sous-clé
+.
+
+.gpg.keyedit.delsig.valid
+C'est une signature valide dans la clé; vous n'avez pas normalement
+intérêt à supprimer cette signature car elle peut être importante pour
+établir une connection de confiance vers la clé ou une autre clé certifiée
+par celle-là.
+.
+
+.gpg.keyedit.delsig.unknown
+Cette signature ne peut pas être vérifiée parce que vous n'avez pas la
+clé correspondante. Vous devriez remettre sa supression jusqu'à ce que
+vous soyez sûr de quelle clé a été utilisée car cette clé de signature
+peut établir une connection de confiance vers une autre clé déjà certifiée.
+.
+
+.gpg.keyedit.delsig.invalid
+Cette signature n'est pas valide. Vous devriez la supprimer de votre
+porte-clés.
+.
+
+.gpg.keyedit.delsig.selfsig
+Cette signature relie le nom d'utilisateur à la clé. Habituellement
+enlever une telle signature n'est pas une bonne idée. En fait GnuPG peut
+ne plus être capable d'utiliser cette clé. Donc faites ceci uniquement si
+cette auto-signature est invalide pour une certaine raison et si une autre
+est disponible.
+.
+
+.gpg.keyedit.updpref.okay
+Changer les préférences de tous les noms d'utilisateurs (ou juste
+ceux qui sont sélectionnés) vers la liste actuelle. La date de toutes
+les auto-signatures affectées seront avancées d'une seconde.
+
+.
+
+.gpg.passphrase.enter
+Entrez le mot de passe ; c'est une phrase secrète
+
+.
+
+.gpg.passphrase.repeat
+Répétez la dernière phrase de passe pour être sûr de ce que vous
+avez tapé.
+.
+
+.gpg.detached_signature.filename
+Donnez le nom du fichier auquel la signature se rapporte
+.
+
+.gpg.openfile.overwrite.okay
+Répondez «oui» s'il faut vraiment réécrire le fichier
+.
+
+.gpg.openfile.askoutname
+Entrez le nouveau nom de fichier. Si vous tapez simplement ENTRÉE le
+fichier par défaut (indiqué entre crochets) sera utilisé.
+.
+
+.gpg.ask_revocation_reason.code
+Vous devriez donner une raison pour la certification. Selon le contexte
+vous pouvez choisir dans cette liste:
+ «La clé a été compromise»
+ Utilisez cette option si vous avez une raison de croire que des
+ personnes ont pu accéder à votre clé secrète sans autorisation.
+ «La clé a été remplacée»
+ Utilisez cette option si vous avez remplacé la clé par une nouvelle.
+ «La clé n'est plus utilisée»
+ Utilisez cette option si cette clé n'a plus d'utilité.
+ «Le nom d'utilisateur n'est plus valide»
+ Utilisez cette option si le nom d'utilisateur ne doit plus être
+ utilisé. Cela sert généralement à indiquer qu'une adresse e-mail
+ est invalide.
+
+.
+
+.gpg.ask_revocation_reason.text
+Si vous le désirez, vous pouvez entrer un texte qui explique pourquoi vous
+avez émis ce certificat de révocation. Essayez de garder ce texte concis.
+Une ligne vide délimite la fin du texte.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.gl.txt b/doc/help.gl.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.gl.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.hu.txt b/doc/help.hu.txt
new file mode 100644
index 0000000..1440dae
--- /dev/null
+++ b/doc/help.hu.txt
@@ -0,0 +1,257 @@
+# help.hu.txt - hu GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Az Ön döntésén múlik, hogy milyen értéket ad meg itt. Ezt az értéket soha
+nem exportáljuk mások részére. Ez a bizalmak hálózatához (web-of-trust)
+szükséges, semmi köze az igazolások hálózatához (web-of-certificates).
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Hogy a bizalmak hálózatát felépítsük, a GnuPG-nek tudnia kell, hogy
+mely kulcsok alapvetően megbízhatóak - általában ezek azok a kulcsok,
+melyek titkos kulcsához hozzáfér. Válaszoljon "igen"-nel, ha kulcsot
+alapvetően megbízhatónak jelöli!
+
+.
+
+.gpg.untrusted_key.override
+Ha mégis használni akarja ezt a kulcsot, melyben nem bízunk,
+válaszoljon "igen"-nel!
+.
+
+.gpg.pklist.user_id.enter
+Adja meg a címzett felhasználói azonosítóját!
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.gpg.keygen.algo.rsa_se
+Ãltalában nem jó ötlet ugyanazt a kulcsot használni aláíráshoz és
+titkosításhoz. Ezt az algoritmust csak bizonyos területeken ajánlatos
+használni. Kérem, először konzultáljon a biztonsági szakértőjével!
+.
+
+.gpg.keygen.size
+Adja meg a kulcs méretét!
+.
+
+.gpg.keygen.size.huge.okay
+Kérem, adjon "igen" vagy "nem" választ!
+.
+
+.gpg.keygen.size.large.okay
+Kérem, adjon "igen" vagy "nem" választ!
+.
+
+.gpg.keygen.valid
+Adja meg a szükséges értéket, ahogy a prompt mutatja!
+Lehetséges ISO dátumot is beírni (ÉÉÉÉ-HH-NN), de nem fog rendes
+hibaüzenetet kapni, hanem a rendszer megpróbálja az értéket
+intervallumként értelmezni.
+.
+
+.gpg.keygen.valid.okay
+Kérem, adjon "igen" vagy "nem" választ!
+.
+
+.gpg.keygen.name
+Adja meg a kulcs tulajdonosának a nevét!
+.
+
+.gpg.keygen.email
+Kérem, adjon meg egy opcionális, de nagyon ajánlott e-mail címet!
+.
+
+.gpg.keygen.comment
+Kérem, adjon meg egy opcionális megjegyzést!
+.
+
+.gpg.keygen.userid.cmd
+N név változtatása
+M megjegyzés változtatása
+E e-mail változtatása
+R kulcsgenerálás folytatása
+Q kilépés a kulcsgenerálásból
+.
+
+.gpg.keygen.sub.okay
+Válaszoljon "igen"-nel (vagy csak "i"-vel), ha kezdhetjük az alkulcs
+létrehozását!
+.
+
+.gpg.sign_uid.okay
+Kérem, adjon "igen" vagy "nem" választ!
+.
+
+.gpg.sign_uid.class
+Mielőtt aláír egy felhasználói azonosítót egy kulcson, ellenőriznie kell,
+hogy a kulcs a felhasználói azonosítóban megnevezett személyhez tartozik.
+Mások számára hasznos lehet, ha tudják, hogy milyen gondosan ellenőrizte
+Ön ezt.
+
+"0" azt jelenti, hogy nem tesz az ellenőrzés gondosságára vonatkozó
+ kijelentést.
+
+"1" azt jelenti, hogy Ön hiszi, hogy a kulcs annak a személynek a
+ tulajdona, aki azt állítja, hogy az övé, de Ön nem tudta ezt
+ ellenőrizni, vagy egyszerűen nem ellenőrizte ezt. Ez hasznos egy
+ "persona" típusú ellenőrzéshez, mikor Ön egy pszeudonim felhasználó
+ kulcsát írja alá.
+
+"2" azt jelenti, hogy Ön a kulcsot hétköznapi alapossággal ellenőrizte.
+ Például ez azt jelentheti, hogy ellenőrizte a kulcs ujjlenyomatát, és
+ összevetette a kulcson szereplő felhasználóazonosítót egy fényképes
+ igazolvánnyal.
+
+"3" azt jelenti, hogy alaposan ellenőrizte a kulcsot. Például ez azt
+ jelentheti, hogy a kulcs ujjlenyomatát a tulajdonossal személyesen
+ találkozva ellenőrizte, egy nehezen hamisítható, fényképes igazolvánnyal
+ (mint az útlevél) meggyőződött arról, hogy a személy neve egyezik a
+ kulcson levővel, és végül (e-mail váltással) ellenőrizte, hogy a kulcson
+ szereplő e-mail cím a kulcs tulajdonosához tartozik.
+
+A 2-es és 3-as szintekhez adott példák *csak* példák. Végső soron Ön dönti
+el, hogy mit jelentenek Önnek a "hétköznapi" és "alapos" kifejezések,
+amikor mások kulcsát aláírja.
+
+Ha nem tudja, hogy mit válaszoljon, írjon "0"-t!
+.
+
+.gpg.change_passwd.empty.okay
+Kérem, adjon "igen" vagy "nem" választ!
+.
+
+.gpg.keyedit.save.okay
+Kérem, adjon "igen" vagy "nem" választ!
+.
+
+.gpg.keyedit.cancel.okay
+Kérem, adjon "igen" vagy "nem" választ!
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.gpg.keyedit.remove.uid.okay
+Válaszoljon "igen"-nel, ha valóban törölni akarja ezt a felhasználóazonosítót!
+Minden igazolás törlődik vele együtt!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Válaszoljon "igen"-nel, ha az alkulcs törölhető.
+.
+
+.gpg.keyedit.delsig.valid
+Ez egy érvényes aláírás a kulcson. Normál esetben nincs értelme
+törölni, mert fontos lehet ahhoz, hogy érvényesítse ezt a kulcsot,
+vagy egy másikat, melyet ezzel a kulccsal igazolnak.
+.
+
+.gpg.keyedit.delsig.unknown
+Ezt az aláírást nem tudom ellenőrizni, mert nincs meg a hozzá tartozó
+kulcs. Ajánlatos lenne elhalasztani a törlést addig, amíg meg nem tudja,
+hogy melyik kulcsot használták, mert ez az aláíró kulcs bizalmi
+kapcsolatot hozhat létre egy már hitelesített kulcson keresztül.
+.
+
+.gpg.keyedit.delsig.invalid
+Ez az aláírás nem érvényes. Értelmetlen eltávolítani a kulcskarikáról.
+.
+
+.gpg.keyedit.delsig.selfsig
+Ez egy olyan aláírás, amely összeköti a felhasználóazonosítót
+a kulccsal. Ãltalában nem jó ötlet egy ilyen aláírást eltávolítani.
+Az is lehetséges, hogy a GnuPG többé nem tudja használni ezt
+a kulcsot. Csak akkor tegye ezt, ha valami okból ez az önaláírás nem
+érvényes, és rendelkezésre áll egy másik!
+.
+
+.gpg.keyedit.updpref.okay
+Lecseréli az összes felhasználóazonosítóhoz (vagy csak a kijelöltekhez)
+tartozó preferenciákat az aktuális preferenciákra. Minden érintett
+önaláírás időpontját egy másodperccel növeli.
+
+.
+
+.gpg.passphrase.enter
+Kérem, adja meg a jelszót! Ezt egy titkos mondat.
+
+.
+
+.gpg.passphrase.repeat
+Kérem, ismételje meg az előző jelszót ellenőrzésképpen!
+.
+
+.gpg.detached_signature.filename
+Adja meg az állomány nevét, melyhez az aláírás tartozik!
+.
+
+.gpg.openfile.overwrite.okay
+Válaszoljon "igen"-nel, ha felülírható az állomány!
+.
+
+.gpg.openfile.askoutname
+Kérem, adjon meg egy új fájlnevet! Ha RETURN-t/ENTER-t nyom, akkor
+a szögletes zárójelben levő alapértelmezett nevet használom.
+.
+
+.gpg.ask_revocation_reason.code
+Ajánlatos megadni a visszavonás okát. A helyzettől függően válasszon
+a következő listából:
+ "A kulcs kompromittálódott."
+ Használja ezt akkor, ha oka van azt hinni, hogy titkos kulcsa
+ illetéktelen kezekbe került!
+ "A kulcsot lecserélték."
+ Használja ezt akkor, ha a kulcsot lecserélte egy újabbra!
+ "A kulcs már nem használatos."
+ Használja ezt akkor, ha már nem használja a kulcsot!
+ "A felhasználóazonosító már nem érvényes."
+ Használja ezt akkor, ha azt állítja, hogy a felhasználóazonosító
+ már nem használatos! Ãltalában érvénytelen e-mail címet jelent.
+
+.
+
+.gpg.ask_revocation_reason.text
+Ha akarja, megadhat egy szöveget, melyben megindokolja, hogy miért
+adta ki ezt a visszavonó igazolást. Kérem, fogalmazzon tömören!
+Egy üres sor jelzi a szöveg végét.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.id.txt b/doc/help.id.txt
new file mode 100644
index 0000000..ae9e808
--- /dev/null
+++ b/doc/help.id.txt
@@ -0,0 +1,251 @@
+# help.id.txt - id GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Terserah anda untuk memberi nilai baru di sini; nilai ini tidak akan diekspor
+ke pihak ketiga. Kami perlu untuk mengimplementasikan web-of-trust; tidak ada
+kaitan dengan (membuat secara implisit) web-of-certificates.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Untuk membuat Web-of-Trust, GnuPG perlu tahu kunci mana yang
+sangat dipercaya - mereka biasanya adalah kunci yang anda punya
+akses ke kunci rahasia. Jawab "yes" untuk menset kunci ini ke
+sangat dipercaya
+
+.
+
+.gpg.untrusted_key.override
+Jika anda ingin menggunakan kunci tidak terpercaya ini, jawab "ya".
+.
+
+.gpg.pklist.user_id.enter
+Masukkan ID user penerima pesan.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.gpg.keygen.algo.rsa_se
+Secara umum bukan ide baik untuk menggunakan kunci yang sama untuk menandai dan
+mengenkripsi. Algoritma ini seharusnya digunakan dalam domain tertentu.
+Silakan berkonsultasi dulu dengan ahli keamanan anda.
+.
+
+.gpg.keygen.size
+Masukkan ukuran kunci
+.
+
+.gpg.keygen.size.huge.okay
+Jawab "ya" atau "tidak"
+.
+
+.gpg.keygen.size.large.okay
+Jawab "ya" atau "tidak"
+.
+
+.gpg.keygen.valid
+Masukkan nilai yang diperlukan seperti pada prompt.
+Dapat digunakan format (YYYY-MM-DD) untuk mengisi tanggal ISO tetapi anda
+tidak akan mendapat respon kesalahan yang baik - sebaiknya sistem akan
+berusaha menginterprestasi nilai yang diberikan sebagai sebuah interval.
+.
+
+.gpg.keygen.valid.okay
+Jawab "ya" atau "tidak"
+.
+
+.gpg.keygen.name
+Masukkan nama pemegang kunci
+.
+
+.gpg.keygen.email
+silakan masukkan alamat email (pilihan namun sangat dianjurkan)
+.
+
+.gpg.keygen.comment
+Silakan masukkan komentar tambahan
+.
+
+.gpg.keygen.userid.cmd
+N untuk merubah nama.
+K untuk merubah komentar.
+E untuk merubah alamat email.
+O untuk melanjutkan dengan pembuatan kunci.
+K untuk menghentikan pembuatan kunci.
+.
+
+.gpg.keygen.sub.okay
+Jawab "ya" (atau "y") jika telah siap membuat subkey.
+.
+
+.gpg.sign_uid.okay
+Jawab "ya" atau "tidak"
+.
+
+.gpg.sign_uid.class
+Ketika anda menandai user ID pada kunci, anda perlu memverifikasi bahwa kunci
+milik orang yang disebut dalam user ID. Ini penting bagi orang lain untuk tahu
+seberapa cermat anda memverifikasi ini.
+
+"0" berarti anda tidak melakukan klaim tentang betapa cermat anda memverifikasi kunci.
+
+"1" berarti anda percaya bahwa kunci dimiliki oleh orang yang mengklaim memilikinya
+ namun anda tidak dapat, atau tidak memverifikasi kunci sama sekali. Hal ini bergunabagi
+ verifikasi "persona", yaitu anda menandai kunci user pseudonymous
+
+"2" berarti anda melakukan verifikasi kasual atas kunci. Sebagai contoh, halini dapat
+ berarti bahwa anda memverifikasi fingerprint kunci dan memeriksa user ID pada kunci
+ dengan photo ID.
+
+"3" berarti anda melakukan verifikasi ekstensif atas kunci. Sebagai contoh, hal ini
+ dapat berarti anda memverifikasi fingerprint kunci dengan pemilik kunci
+ secara personal, dan anda memeriksa, dengan menggunakan dokumen yang sulit dipalsukan yang memiliki
+ photo ID (seperti paspor) bahwa nama pemilik kunci cocok dengan
+ nama user ID kunci, dan bahwa anda telah memverifikasi (dengan pertukaran
+ email) bahwa alamat email pada kunci milik pemilik kunci.
+
+Contoh-contoh pada level 2 dan 3 hanyalah contoh.
+Pada akhirnya, terserah anda untuk memutuskan apa arti "kasual" dan "ekstensif"
+bagi anda ketika menandai kunci lain.
+
+Jika anda tidak tahu jawaban yang tepat, jawab "0".
+.
+
+.gpg.change_passwd.empty.okay
+Jawab "ya" atau "tidak"
+.
+
+.gpg.keyedit.save.okay
+Jawab "ya" atau "tidak"
+.
+
+.gpg.keyedit.cancel.okay
+Jawab "ya" atau "tidak"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.gpg.keyedit.remove.uid.okay
+Jawab "ya" jika anda benar-benar ingin menghapus ID user ini.
+Seluruh sertifikat juga akan hilang!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Jawab "ya" jika ingin menghapus subkey
+.
+
+.gpg.keyedit.delsig.valid
+Ini adalah signature valid untuk kunci; anda normalnya tdk ingin menghapus
+signature ini karena mungkin penting membangun koneksi trust ke kunci atau
+ke kunci tersertifikasi lain dengan kunci ini.
+.
+
+.gpg.keyedit.delsig.unknown
+Signature ini tidak dapat diperiksa karena anda tidak memiliki kunci
+korespondennya. Anda perlu menunda penghapusannya hingga anda tahu
+kunci yang digunakan karena kunci penanda ini mungkin membangun suatu
+koneksi trust melalui kunci yang telah tersertifikasi lain.
+.
+
+.gpg.keyedit.delsig.invalid
+Signature tidak valid. Adalah hal yang masuk akal untuk menghapusnya dari
+keyring anda
+.
+
+.gpg.keyedit.delsig.selfsig
+Ini adalah signature yang menghubungkan ID pemakai ke kunci. Biasanya
+bukan ide yang baik untuk menghapus signature semacam itu. Umumnya
+GnuPG tidak akan dapat menggunakan kunci ini lagi. Sehingga lakukan hal
+ini bila self-signature untuk beberapa alasan tidak valid dan
+tersedia yang kedua.
+.
+
+.gpg.keyedit.updpref.okay
+Rubah preferensi seluruh user ID (atau hanya yang terpilih)
+ke daftar preferensi saat ini. Timestamp seluruh self-signature
+yang terpengaruh akan bertambah satu detik.
+
+.
+
+.gpg.passphrase.enter
+Silakan masukkan passphrase; ini kalimat rahasia
+
+.
+
+.gpg.passphrase.repeat
+Silakan ulangi passphrase terakhir, sehingga anda yakin yang anda ketikkan.
+.
+
+.gpg.detached_signature.filename
+Beri nama file tempat berlakunya signature
+.
+
+.gpg.openfile.overwrite.okay
+Jawab "ya" jika tidak apa-apa menimpa file
+.
+
+.gpg.openfile.askoutname
+Silakan masukan nama file baru. Jika anda hanya menekan RETURN nama
+file baku (yang diapit tanda kurung) akan dipakai.
+.
+
+.gpg.ask_revocation_reason.code
+Anda harus menspesifikasikan alasan pembatalan. Semua ini tergantung
+konteks, anda dapat memilih dari daftar berikut:
+ "Key has been compromised"
+ Gunakan ini jika anda punya alasan untuk percaya bahwa orang yang tidak berhak
+ memiliki akses ke kunci pribadi anda.
+ "Key is superseded"
+ Gunakan ini bila anda mengganti kunci anda dengan yang baru.
+ "Key is no longer used"
+ Gunakan ini bila anda telah mempensiunkan kunci ini.
+ "User ID is no longer valid"
+ Gunakan ini untuk menyatakan user ID tidak boleh digunakan lagi;
+ normalnya digunakan untuk menandai bahwa alamat email tidak valid lagi.
+
+.
+
+.gpg.ask_revocation_reason.text
+Jika anda suka, anda dapat memasukkan teks menjelaskan mengapa anda
+mengeluarkan sertifikat pembatalan ini. Buatlah ringkas.
+Baris kosong mengakhiri teks.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.it.txt b/doc/help.it.txt
new file mode 100644
index 0000000..db6127f
--- /dev/null
+++ b/doc/help.it.txt
@@ -0,0 +1,251 @@
+# help.it.txt - Italian GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+E compito tuo assegnare un valore; questo valore non sarà mai esportato a
+terzi. Ci serve per implementare il web-of-trust; non ha nulla a che fare
+con il web-of-certificates (creato implicitamente).
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Per costruire il Web-Of-Trust, GnuPG ha bisogno di sapere quali chiavi sono
+definitivamente affidabili - di solito quelle per cui hai accesso alla chiave
+segreta.
+Rispondi "sì" per impostare questa chiave come definitivamente affidabile
+
+.
+
+.gpg.untrusted_key.override
+Se vuoi usare comunque questa chiave non fidata, rispondi "si".
+.
+
+.gpg.pklist.user_id.enter
+Inserisci l'user ID del destinatario a cui vuoi mandare il messaggio.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.gpg.keygen.algo.rsa_se
+In generale non è una buona idea usare la stessa chiave per le firme e la
+cifratura. Questo algoritmo dovrebbe solo essere usato in determinati campi.
+Per favore consulta prima il tuo esperto di sicurezza.
+.
+
+.gpg.keygen.size
+Inserisci le dimensioni della chiave
+.
+
+.gpg.keygen.size.huge.okay
+Rispondi "si" o "no"
+.
+
+.gpg.keygen.size.large.okay
+Rispondi "si" o "no"
+.
+
+.gpg.keygen.valid
+Inserisci il valore richiesto come indicato dal prompt.
+È possibile inserire una data in formato ISO (YYYY-MM-DD) ma non avrai un
+messaggio di errore corretto: il sistema cerca di interpretare il valore
+dato come un intervallo.
+.
+
+.gpg.keygen.valid.okay
+Rispondi "si" o "no"
+.
+
+.gpg.keygen.name
+Inserisci il nome del proprietario della chiave
+.
+
+.gpg.keygen.email
+Inserisci un indirizzo di email opzionale (ma fortemente suggerito)
+.
+
+.gpg.keygen.comment
+Inserisci un commento opzionale
+.
+
+.gpg.keygen.userid.cmd
+N per cambiare il nome.
+C per cambiare il commento.
+E per cambiare l'indirizzo di email.
+O per continuare con la generazione della chiave.
+Q per abbandonare il processo di generazione della chiave.
+.
+
+.gpg.keygen.sub.okay
+Rispondi "si" (o "y") se va bene generare la subchiave.
+.
+
+.gpg.sign_uid.okay
+Rispondi "si" o "no"
+.
+
+.gpg.sign_uid.class
+Quando firmi l'user ID di una chiave dovresti prima verificare che questa
+appartiene alla persona indicata nell'user ID. È utile agli altri sapere
+con quanta attenzione lo hai verificato.
+
+"0" significa che non fai particolari affermazioni sull'attenzione con cui
+ hai ferificato la chiave.
+
+"1" significa che credi che la chiave sia posseduta dalla persona che dice di
+ possederla, ma non hai o non hai potuto verificare per niente la chiave.
+
+"2" significa che hai fatto una verifica superficiale della chiave. Per esempio
+ potrebbe significare che hai verificato l'impronta digitale e confrontato
+ l'user ID della chiave con un documento di identità con fotografia.
+
+"3" significa che hai fatto una verifica approfondita della chiave. Per esempio
+ potrebbe significare che hai verificato di persona l'impronta digitale con
+ il possessore della chiave e hai controllato, per esempio per mezzo di
+ un documento di identità con fotografia difficile da falsificare (come
+ un passaporto), che il nome del proprietario della chiave corrisponde a
+ quello nell'user ID della chiave, e per finire che hai verificato
+ (scambiando dei messaggi) che l'indirizzo di email sulla chiave appartiene
+ al proprietario.
+
+Nota che gli esempi indicati per i livelli 2 e 3 sono *solo* esempi. Alla fine
+sta a te decidere cosa significano "superficiale" e "approfondita" quando
+firmi chiavi di altri.
+
+Se non sai cosa rispondere, rispondi "0".
+.
+
+.gpg.change_passwd.empty.okay
+Rispondi "si" o "no"
+.
+
+.gpg.keyedit.save.okay
+Rispondi "si" o "no"
+.
+
+.gpg.keyedit.cancel.okay
+Rispondi "si" o "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.gpg.keyedit.remove.uid.okay
+Rispondi "si" se vuoi davvero cancellare questo user ID.
+Tutti i certificati saranno persi!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Rispondi "si" se va bene cancellare la subchiave
+.
+
+.gpg.keyedit.delsig.valid
+Questa è una firma valida per la chiave. Normalmente non vorresti cancellare
+questa firma perchè può essere importante per stabilire una connessione di
+fiducia alla chiave o a un'altra chiave certificata da questa chiave.
+.
+
+.gpg.keyedit.delsig.unknown
+Questa firma non può essere verificata perchè non hai la chiave corrispondente.
+Dovresti rimandare la sua cancellazione finchè non saprai quale chiave è stata
+usata perchè questa chiave potrebbe stabilire una connessione di fiducia
+attraverso una chiave già certificata.
+.
+
+.gpg.keyedit.delsig.invalid
+La firma non è valida. Ha senso rimuoverla dal tuo portachiavi.
+.
+
+.gpg.keyedit.delsig.selfsig
+Questa è una firma che collega l'user id alla chiave. Solitamente non è una
+buona idea rimuovere questo tipo di firma. In realtà GnuPG potrebbe non essere
+più in grado di usare questa chiave. Quindi fallo solo se questa autofirma non
+è valida per qualche ragione e ne è disponibile un'altra.
+.
+
+.gpg.keyedit.updpref.okay
+Cambia le preferenze di tutti gli user ID (o solo di quelli selezionati) con
+la lista di preferenze corrente. L'orario di tutte le autofirme coinvolte
+sarà aumentato di un secondo.
+
+.
+
+.gpg.passphrase.enter
+Inserisci la passphrase, cioè una frase segreta
+
+.
+
+.gpg.passphrase.repeat
+Ripeti l'ultima passphrase per essere sicuro di cosa hai scritto.
+.
+
+.gpg.detached_signature.filename
+Inserisci il nome del file a cui si riferisce la firma.
+.
+
+.gpg.openfile.overwrite.okay
+Rispondi "si" se va bene sovrascrivere il file.
+.
+
+.gpg.openfile.askoutname
+Inserisci il nuovo nome del file. Se premi INVIO sarà usato il nome
+predefinito (quello indicato tra parentesi).
+.
+
+.gpg.ask_revocation_reason.code
+Dovresti specificare un motivo per questa certificazione. A seconda del
+contesto hai la possibilità di scegliere tra questa lista:
+ "Key has been compromised"
+ Usa questo se hai un motivo per credere che una persona non autorizzata
+ abbia avuto accesso alla tua chiave segreta.
+ "Key is superseded"
+ Usa questo se hai sostituito questa chiave con una più recente.
+ "Key is no longer used"
+ Usa questo se hai mandato in pensione questa chiave.
+ "User ID is no longer valid"
+ Usa questo per affermare che l'user ID non dovrebbe più essere usato;
+ solitamente è usato per indicare un indirizzo di email non valido.
+
+.
+
+.gpg.ask_revocation_reason.text
+Se vuoi, puoi digitare un testo che descrive perché hai emesso
+questo certificato di revoca. Per favore sii conciso.
+Una riga vuota termina il testo.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.ja.txt b/doc/help.ja.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.ja.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.nb.txt b/doc/help.nb.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.nb.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.pl.txt b/doc/help.pl.txt
new file mode 100644
index 0000000..ef719a8
--- /dev/null
+++ b/doc/help.pl.txt
@@ -0,0 +1,250 @@
+# help.pl.txt - pl GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Te wartości użytkownik przydziela wg swojego uznania; nie będą nigdy
+eksportowane poza ten system. Potrzebne sÄ… one do zbudowania sieci
+zaufania, i nie ma to nic wspólnego z tworzoną automatycznie siecią
+certyfikatów.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Aby zbudować Sieć Zaufania, GnuPG potrzebuje znać klucze do których
+masz absolutne zaufanie. Zwykle są to klucze do których masz klucze
+tajne. Odpowiedz ,,tak'', jeśli chcesz określić ten klucz jako klucz
+do którego masz absolutne zaufanie.
+
+.
+
+.gpg.untrusted_key.override
+Jeśli mimo wszystko chcesz użyć tego klucza, klucza, co do którego nie ma
+żadnej pewności do kogo należy, odpowiedz ,,tak''.
+.
+
+.gpg.pklist.user_id.enter
+Podaj adresatów tej wiadomości.
+.
+
+.gpg.keygen.algo
+Proszę wybrać algorytm.
+
+DSA (znany także jako DSS) to algorytm podpisu cyfrowego (Digital Signature
+Algorithm) i może być używany tylko do podpisów.
+
+Elgamal to algorytm tylko do szyfrowania.
+
+RSA może być używany do podpisów lub szyfrowania.
+
+Pierwszy (główny) klucz zawsze musi być kluczem nadającym się do podpisywania.
+.
+
+.gpg.keygen.algo.rsa_se
+Używanie tego samego klucza do podpisywania i szyfrowania nie jest dobrym
+pomysłem. Można tak postępować tylko w niektórych zastosowaniach. Proszę się
+najpierw skonsultować z ekspertem od bezpieczeństwa.
+.
+
+.gpg.keygen.size
+Wprowadź rozmiar klucza
+.
+
+.gpg.keygen.size.huge.okay
+Odpowiedz "tak" lub "nie".
+.
+
+.gpg.keygen.size.large.okay
+Odpowiedz "tak" lub "nie".
+.
+
+.gpg.keygen.valid
+Wprowadź żądaną wartość (jak w znaku zachęty).
+Można tu podać datę w formacie ISO (RRRR-MM-DD) ale nie da to
+właściwej obsługi błędów - system próbuje interpretować podaną wartość
+jako okres.
+.
+
+.gpg.keygen.valid.okay
+Odpowiedz "tak" lub "nie".
+.
+
+.gpg.keygen.name
+Nazwa właściciela klucza.
+.
+
+.gpg.keygen.email
+proszę wprowadzić opcjonalny ale wysoce doradzany adres e-mail
+.
+
+.gpg.keygen.comment
+Proszę wprowadzić opcjonalny komentarz
+.
+
+.gpg.keygen.userid.cmd
+N aby zmienić nazwę (nazwisko).
+C aby zmienić komentarz.<
+E aby zmienić adres e-mail.
+O aby kontynuować tworzenie klucza.
+Q aby zrezygnować z tworzenia klucza.
+.
+
+.gpg.keygen.sub.okay
+Jeśli ma zostać wygenerowany podklucz, należy odpowiedzieć "tak".
+.
+
+.gpg.sign_uid.okay
+Odpowiedz "tak" lub "nie".
+.
+
+.gpg.sign_uid.class
+Przy podpisywaniu identyfikatora użytkownika na kluczu należy sprawdzić,
+czy tożsamość użytkownika odpowiada temu, co jest wpisane w identyfikatorze.
+Innym użytkownikom przyda się informacja, jak dogłębnie zostało to przez
+Ciebie sprawdzone.
+
+"0" oznacza, że nie podajesz żadnych informacji na temat tego jak dogłębnie
+ tożsamość użytkownika została przez Ciebie potwierdzona.
+
+"1" oznacza, że masz przekonanie, że tożsamość użytkownika odpowiada
+ identyfikatorowi klucza, ale nie było możliwości sprawdzenia tego.
+ Taka sytuacja występuje też kiedy podpisujesz identyfikator będący
+ pseudonimem.
+
+"2" oznacza, że tożsamość użytkownika została przez Ciebie potwierdzona
+ pobieżnie - sprawdziliście odcisk klucza, sprawdziłaś/eś tożsamość
+ na okazanym dokumencie ze zdjęciem.
+
+"3" to dogłębna weryfikacja tożsamości. Na przykład sprawdzenie odcisku
+ klucza, sprawdzenie tożsamości z okazanego oficjalnego dokumentu ze
+ zdjęciem (np paszportu) i weryfikacja poprawności adresu poczty
+ elektronicznej przez wymianÄ™ poczty z tym adresem.
+
+Zauważ, że podane powyżej przykłady dla poziomów "2" i "3" to *tylko*
+przykłady. Do Ciebie należy decyzja co oznacza "pobieżny" i "dogłębny" w
+kontekście poświadczania i podpisywania kluczy.
+
+Jeśli nie wiesz co odpowiedzieć, podaj "0".
+.
+
+.gpg.change_passwd.empty.okay
+Odpowiedz "tak" lub "nie".
+.
+
+.gpg.keyedit.save.okay
+Odpowiedz "tak" lub "nie".
+.
+
+.gpg.keyedit.cancel.okay
+Odpowiedz "tak" lub "nie".
+.
+
+.gpg.keyedit.sign_all.okay
+Odpowiedz "tak", aby podpisać WSZYSTKIE identyfikatory użytkownika.
+.
+
+.gpg.keyedit.remove.uid.okay
+Aby skasować ten identyfikator użytkownika (co wiąże się ze utratą
+wszystkich jego poświadczeń!) należy odpowiedzieć ,,tak''.
+.
+
+.gpg.keyedit.remove.subkey.okay
+Aby skasować podklucz należy odpowiedzieć "tak".
+.
+
+.gpg.keyedit.delsig.valid
+To jest poprawny podpis na tym kluczu; normalnie nie należy go usuwać
+ponieważ może być ważny dla zestawienia połączenia zaufania do klucza
+którym go złożono lub do innego klucza nim poświadczonego.
+.
+
+.gpg.keyedit.delsig.unknown
+Ten podpis nie może zostać potwierdzony ponieważ nie ma
+odpowiadającego mu klucza publicznego. Należy odłożyć usunięcie tego
+podpisu do czasu, kiedy okaże się który klucz został użyty, ponieważ
+w momencie uzyskania tego klucza może pojawić się ścieżka zaufania
+pomiędzy tym a innym, już poświadczonym kluczem.
+.
+
+.gpg.keyedit.delsig.invalid
+Ten podpis jest niepoprawny. Można usunąć go ze zbioru kluczy.
+.
+
+.gpg.keyedit.delsig.selfsig
+To jest podpis wiążący identyfikator użytkownika z kluczem. Nie należy
+go usuwać - GnuPG może nie móc posługiwać się dalej kluczem bez
+takiego podpisu. Bezpiecznie można go usunąć tylko jeśli ten podpis
+klucza nim samym z jakichÅ› przyczyn nie jest poprawny, i klucz jest
+drugi raz podpisany w ten sam sposób.
+.
+
+.gpg.keyedit.updpref.okay
+Przestawienie wszystkich (lub tylko wybranych) identyfikatorów na aktualne
+ustawienia. Data na odpowiednich podpisach zostane przesunięta do przodu o
+jednÄ… sekundÄ™.
+
+.
+
+.gpg.passphrase.enter
+Podaj długie, skomplikowane hasło, np. całe zdanie.
+
+.
+
+.gpg.passphrase.repeat
+Proszę powtórzyć hasło, aby upewnić się że nie było pomyłki.
+.
+
+.gpg.detached_signature.filename
+Podaj nazwę pliku którego dotyczy ten podpis
+.
+
+.gpg.openfile.overwrite.okay
+Jeśli można nadpisać ten plik, należy odpowiedzieć ,,tak''
+.
+
+.gpg.openfile.askoutname
+Nazwa pliku. Naciśnięcie ENTER potwierdzi nazwę domyślną (w nawiasach).
+.
+
+.gpg.ask_revocation_reason.code
+Nalezy podać powód unieważnienia klucza. W zależności od kontekstu można
+go wybrać z listy:
+ "Klucz został skompromitowany"
+ Masz powody uważać że twój klucz tajny dostał się w niepowołane ręce.
+ "Klucz został zastąpiony"
+ Klucz został zastąpiony nowym.
+ "Klucz nie jest już używany"
+ Klucz został wycofany z użycia.
+ "Identyfikator użytkownika przestał być poprawny"
+ Identyfikator użytkownika (najczęściej adres e-mail przestał być
+ poprawny.
+
+.
+
+.gpg.ask_revocation_reason.text
+Jeśli chcesz, możesz podać opis powodu wystawienia certyfikatu
+unieważnienia. Opis powinien byc zwięzły.
+Pusta linia kończy wprowadzanie tekstu.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.pt.txt b/doc/help.pt.txt
new file mode 100644
index 0000000..dac17c0
--- /dev/null
+++ b/doc/help.pt.txt
@@ -0,0 +1,253 @@
+# help.pt.txt - pt GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Você decide que valor usar aqui; este valor nunca será exportado para
+terceiros. Precisamos dele implementar a rede de confiança, que não tem
+nada a ver com a rede de certificados (implicitamente criada).
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Para construir a Teia-de-Confiança ('Web-of-Trust'), o GnuPG precisa de
+saber quais são as chaves em que deposita confiança absoluta - normalmente
+estas são as chaves a que tem acesso à chave privada. Responda "sim" para
+que esta chave seja de confiança absoluta.
+
+.
+
+.gpg.untrusted_key.override
+Se você quiser usar esta chave, não de confiança, assim mesmo, responda "sim".
+.
+
+.gpg.pklist.user_id.enter
+Digite o ID de utilizador do destinatário para quem quer enviar a
+mensagem.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.gpg.keygen.algo.rsa_se
+Em geral não é uma boa ideia utilizar a mesma chave para assinar e para
+cifrar. Este algoritmo só deve ser utilizado em alguns domínios.
+Por favor consulte primeiro o seu perito em segurança.
+.
+
+.gpg.keygen.size
+Insira o tamanho da chave
+.
+
+.gpg.keygen.size.huge.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keygen.size.large.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keygen.valid
+Digite o valor necessário conforme pedido.
+É possível digitar uma data ISO (AAAA-MM-DD) mas você não terá uma boa
+reacção a erros - o sistema tentará interpretar o valor dado como um intervalo.
+.
+
+.gpg.keygen.valid.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keygen.name
+Digite o nome do possuidor da chave
+.
+
+.gpg.keygen.email
+por favor digite um endereço de email (opcional mas recomendado)
+.
+
+.gpg.keygen.comment
+Por favor digite um comentário (opcional)
+.
+
+.gpg.keygen.userid.cmd
+N para mudar o nome.
+C para mudar o comentário.
+E para mudar o endereço de email
+O para continuar a geração da chave.
+S para interromper a geração da chave.
+.
+
+.gpg.keygen.sub.okay
+Responda "sim" (ou apenas "s") se quiser gerar a subchave.
+.
+
+.gpg.sign_uid.okay
+Responda "sim" ou "não"
+.
+
+.gpg.sign_uid.class
+Quando assina uma chave de identificação de um utilizador, deve primeiro
+verificar que a chave pertence realmente à pessoa em questão. É útil para
+terceiros saberem com que cuidado é que efectuou esta verificação.
+
+"0" significa que não deseja declarar a forma com verificou a chave
+
+"1" significa que acredita que a chave pertence à pessoa em questão, mas
+ não conseguiu ou não tentou verificar. Este grau é útil para quando
+ assina a chave de uma utilizador pseudo-anónimo.
+
+"2" significa que efectuou uma verificação normal da chave. Por exemplo,
+ isto pode significar que verificou a impressão digital da chave e
+ verificou o identificador de utilizador da chave contra uma identificação
+ fotográfica.
+
+"3" significa que efectuou uma verificação exaustiva da chave. Por exemplo,
+ isto pode significar que efectuou a verificação pessoalmente, e que
+ utilizou um documento, com fotografia, difícil de falsificar
+ (como por exemplo um passaporte) que o nome do dono da chave é o
+ mesmo do que o identificador da chave, e que, finalmente, verificou
+ (através de troca de e-mail) que o endereço de email da chave pertence
+ ao done da chave.
+
+Atenção: os exemplos dados para os níveis 2 e 3 são *apenas* exemplos.
+Compete-lhe a si decidir o que considera, ao assinar chaves, uma verificação
+"normal" e uma verificação "exaustiva".
+
+Se não sabe qual é a resposta correcta, responda "0".
+.
+
+.gpg.change_passwd.empty.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keyedit.save.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keyedit.cancel.okay
+Responda "sim" ou "não"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.gpg.keyedit.remove.uid.okay
+Responda "sim" se quiser realmente remover este ID de utilizador.
+Todos os certificados também serão perdidos!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Responda "sim" se quiser remover a subchave
+.
+
+.gpg.keyedit.delsig.valid
+Esta é uma assinatura válida na chave; normalmente não é desejável
+remover esta assinatura porque ela pode ser importante para estabelecer
+uma conexão de confiança à chave ou a outra chave certificada por esta.
+.
+
+.gpg.keyedit.delsig.unknown
+Esta assinatura não pode ser verificada porque você não tem a chave
+correspondente. Você deve adiar sua remoção até saber que chave foi usada
+porque a chave desta assinatura pode estabelecer uma conexão de confiança
+através de outra chave já certificada.
+.
+
+.gpg.keyedit.delsig.invalid
+A assinatura não é válida. Faz sentido removê-la do seu porta-chaves.
+.
+
+.gpg.keyedit.delsig.selfsig
+Esta é uma assinatura que liga o ID de utilizador à chave. Geralmente
+não é uma boa idéia remover tal assinatura. É possível que o GnuPG
+não consiga mais usar esta chave. Faça isto apenas se por alguma
+razão esta auto-assinatura não for válida e há uma segunda disponível.
+.
+
+.gpg.keyedit.updpref.okay
+Muda as preferências de todos os identificadores de utilizadores
+(ou apenas dos seleccionados) para a lista actual de preferências.
+O 'timestamp' de todas as auto-assinaturas afectuadas será avançado
+em um segundo.
+
+.
+
+.gpg.passphrase.enter
+Por favor digite a frase secreta
+
+.
+
+.gpg.passphrase.repeat
+Por favor repita a frase secreta, para ter certeza do que digitou.
+.
+
+.gpg.detached_signature.filename
+Dê o nome para o ficheiro ao qual a assinatura se aplica
+.
+
+.gpg.openfile.overwrite.okay
+Responda "sim" se quiser escrever por cima do ficheiro
+.
+
+.gpg.openfile.askoutname
+Por favor digite um novo nome de ficheiro. Se você apenas carregar em RETURN
+o ficheiro por omissão (que é mostrado entre parênteses) será utilizado.
+.
+
+.gpg.ask_revocation_reason.code
+Deve especificar uma razão para a emissão do certificado. Dependendo no
+contexto, pode escolher as seguintes opções desta lista:
+ "A chave foi comprometida"
+ Utilize esta opção se tem razões para acreditar que indivíduos não
+ autorizados obtiveram acesso à sua chave secreta.
+ "A chave foi substituida"
+ Utilize esta opção se substituiu esta chave com uma mais recente.
+ "A chave já não é utilizada"
+ Utilize esta opção se já não utiliza a chave.
+ "O identificador do utilizador já não é válido"
+ Utilize esta opção para comunicar que o identificador do utilizador
+ não deve ser mais utilizado; normalmente utilizada para indicar
+ que um endereço de email é inválido.
+
+.
+
+.gpg.ask_revocation_reason.text
+Se desejar, pode inserir uma texto descrevendo a razão pela qual criou
+este certificado de revogação. Por favor mantenha este texto conciso.
+Uma linha vazia termina o texto.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.pt_BR.txt b/doc/help.pt_BR.txt
new file mode 100644
index 0000000..25a23c3
--- /dev/null
+++ b/doc/help.pt_BR.txt
@@ -0,0 +1,253 @@
+# help.pt_BR.txt - Brazilian GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Você decide que valor usar aqui; este valor nunca será exportado para
+terceiros. Precisamos dele implementar a rede de confiança, que não tem
+nada a ver com a rede de certificados (implicitamente criada).
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Para construir a Teia-de-Confiança ('Web-of-Trust'), o GnuPG precisa de
+saber quais são as chaves em que deposita confiança absoluta - normalmente
+estas são as chaves a que tem acesso à chave privada. Responda "sim" para
+que esta chave seja de confiança absoluta.
+
+.
+
+.gpg.untrusted_key.override
+Se você quiser usar esta chave não confiável assim mesmo, responda "sim".
+.
+
+.gpg.pklist.user_id.enter
+Digite o ID de usuário do destinatário para o qual você quer enviar a
+mensagem.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.gpg.keygen.algo.rsa_se
+Em geral não é uma boa ideia utilizar a mesma chave para assinar e para
+cifrar. Este algoritmo só deve ser utilizado em alguns domínios.
+Por favor consulte primeiro o seu perito em segurança.
+.
+
+.gpg.keygen.size
+Digite o tamanho da chave
+.
+
+.gpg.keygen.size.huge.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keygen.size.large.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keygen.valid
+Digite o valor necessário conforme pedido.
+É possível digitar uma data ISO (AAAA-MM-DD) mas você não terá uma boa
+reação a erros - o sistema tentará interpretar o valor dado como um intervalo.
+.
+
+.gpg.keygen.valid.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keygen.name
+Digite o nome do possuidor da chave
+.
+
+.gpg.keygen.email
+por favor digite um endereço de email (opcional mas recomendado)
+.
+
+.gpg.keygen.comment
+Por favor digite um comentário (opcional)
+.
+
+.gpg.keygen.userid.cmd
+N para mudar o nome.
+C para mudar o comentário.
+E para mudar o endereço de correio eletrônico.
+O para continuar a geração da chave.
+S para interromper a geração da chave.
+.
+
+.gpg.keygen.sub.okay
+Responda "sim" (ou apenas "s") se quiser gerar a subchave.
+.
+
+.gpg.sign_uid.okay
+Responda "sim" ou "não"
+.
+
+.gpg.sign_uid.class
+Quando assina uma chave de identificação de um utilizador, deve primeiro
+verificar que a chave pertence realmente à pessoa em questão. É útil para
+terceiros saberem com que cuidado é que efectuou esta verificação.
+
+"0" significa que não deseja declarar a forma com verificou a chave
+
+"1" significa que acredita que a chave pertence à pessoa em questão, mas
+ não conseguiu ou não tentou verificar. Este grau é útil para quando
+ assina a chave de uma utilizador pseudo-anónimo.
+
+"2" significa que efectuou uma verificação normal da chave. Por exemplo,
+ isto pode significar que verificou a impressão digital da chave e
+ verificou o identificador de utilizador da chave contra uma identificação
+ fotográfica.
+
+"3" significa que efectuou uma verificação exaustiva da chave. Por exemplo,
+ isto pode significar que efectuou a verificação pessoalmente, e que
+ utilizou um documento, com fotografia, difícil de falsificar
+ (como por exemplo um passaporte) que o nome do dono da chave é o
+ mesmo do que o identificador da chave, e que, finalmente, verificou
+ (através de troca de e-mail) que o endereço de email da chave pertence
+ ao done da chave.
+
+Atenção: os exemplos dados para os níveis 2 e 3 são *apenas* exemplos.
+Compete-lhe a si decidir o que considera, ao assinar chaves, uma verificação
+"normal" e uma verificação "exaustiva".
+
+Se não sabe qual é a resposta correcta, responda "0".
+.
+
+.gpg.change_passwd.empty.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keyedit.save.okay
+Responda "sim" ou "não"
+.
+
+.gpg.keyedit.cancel.okay
+Responda "sim" ou "não"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.gpg.keyedit.remove.uid.okay
+Responda "sim" se quiser realmente remover este ID de usuário.
+Todos os certificados também serão perdidos!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Responda "sim" se quiser remover a subchave
+.
+
+.gpg.keyedit.delsig.valid
+Esta é uma assinatura válida na chave; normalmente não é desejável
+remover esta assinatura porque ela pode ser importante para estabelecer
+uma conexão de confiança à chave ou a outra chave certificada por esta.
+.
+
+.gpg.keyedit.delsig.unknown
+Esta assinatura não pode ser verificada porque você não tem a chave
+correspondente. Você deve adiar sua remoção até saber que chave foi usada
+porque a chave desta assinatura pode estabelecer uma conexão de confiança
+através de outra chave já certificada.
+.
+
+.gpg.keyedit.delsig.invalid
+A assinatura não é válida. Faz sentido removê-la de seu chaveiro.
+.
+
+.gpg.keyedit.delsig.selfsig
+Esta é uma assinatura que liga o ID de usuário à chave. Geralmente
+não é uma boa idéia remover tal assinatura. É possível que o GnuPG
+não consiga mais usar esta chave. Faça isto apenas se por alguma
+razão esta auto-assinatura não for válida e há uma segunda disponível.
+.
+
+.gpg.keyedit.updpref.okay
+Muda as preferências de todos os identificadores de utilizadores
+(ou apenas dos seleccionados) para a lista actual de preferências.
+O 'timestamp' de todas as auto-assinaturas afectuadas será avançado
+em um segundo.
+
+.
+
+.gpg.passphrase.enter
+Por favor digite a frase secreta
+
+.
+
+.gpg.passphrase.repeat
+Por favor repita a última frase secreta, para ter certeza do que você digitou.
+.
+
+.gpg.detached_signature.filename
+Dê o nome para o arquivo ao qual a assinatura se aplica
+.
+
+.gpg.openfile.overwrite.okay
+Responda "sim" se quiser sobrescrever o arquivo
+.
+
+.gpg.openfile.askoutname
+Por favor digite um novo nome de arquivo. Se você apenas apertar RETURN o
+arquivo padrão (que é mostrado em colchetes) será usado.
+.
+
+.gpg.ask_revocation_reason.code
+Deve especificar uma razão para a emissão do certificado. Dependendo no
+contexto, pode escolher as seguintes opções desta lista:
+ "A chave foi comprometida"
+ Utilize esta opção se tem razões para acreditar que indivíduos não
+ autorizados obtiveram acesso à sua chave secreta.
+ "A chave foi substituida"
+ Utilize esta opção se substituiu esta chave com uma mais recente.
+ "A chave já não é utilizada"
+ Utilize esta opção se já não utiliza a chave.
+ "O identificador do utilizador já não é válido"
+ Utilize esta opção para comunicar que o identificador do utilizador
+ não deve ser mais utilizado; normalmente utilizada para indicar
+ que um endereço de email é inválido.
+
+.
+
+.gpg.ask_revocation_reason.text
+Se desejar, pode inserir uma texto descrevendo a razão pela qual criou
+este certificado de revogação. Por favor mantenha este texto conciso.
+Uma linha vazia termina o texto.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.ro.txt b/doc/help.ro.txt
new file mode 100644
index 0000000..f655fdf
--- /dev/null
+++ b/doc/help.ro.txt
@@ -0,0 +1,251 @@
+# help.ro.txt - ro GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Este sarcina d-voastră să atribuiţi o valoare aici; această valoare
+nu va fi niciodată exportată pentru o terţă parte. Trebuie să
+implementăm reţeaua-de-încredere; aceasta nu are nimic în comun cu
+certificatele-de-reţea (create implicit).
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Pentru a construi Reţeaua-de-Încredere, GnuPG trebuie să ştie care chei
+au nivel de încredere suprem - acestea de obicei sunt cheile pentru care
+aveţi acces la cheia secretă. Răspundeţi "da" pentru a seta
+această cheie cu nivel de încredere suprem
+
+.
+
+.gpg.untrusted_key.override
+Dacă doriţi oricum să folosiţi această cheie fără încredere, răspundeţi "da".
+.
+
+.gpg.pklist.user_id.enter
+Introduceţi ID-ul utilizator al destinatarului mesajului.
+.
+
+.gpg.keygen.algo
+Selectaţi algoritmul de folosit.
+
+DSA (aka DSS) este Digital Signature Algorithm ÅŸi poate fi folosit numai
+pentru semnături.
+
+Elgamal este un algoritm numai pentru cifrare.
+
+RSA poate fi folosit pentru semnături sau cifrare.
+
+Prima cheie (primară) trebuie să fie întotdeauna o cheie cu care se poate semna.
+.
+
+.gpg.keygen.algo.rsa_se
+În general nu este o idee bună să folosiţi aceeaşi cheie şi pentru
+semnare ÅŸi pentru cifrare. Acest algoritm ar trebui folosit numai
+în anumite domenii. Vă rugăm consultaţi mai întâi un expert în domeniu.
+.
+
+.gpg.keygen.size
+Introduceţi lungimea cheii
+.
+
+.gpg.keygen.size.huge.okay
+Răspundeţi "da" sau "nu"
+.
+
+.gpg.keygen.size.large.okay
+Răspundeţi "da" sau "nu"
+.
+
+.gpg.keygen.valid
+Introduceţi valoarea cerută precum a arătat la prompt.
+Este posibil să introduceţi o dată ISO (AAAA-LL-ZZ) dar nu veţi
+obţine un răspuns de eroare bun - în loc sistemul încearcă să
+interpreteze valoare dată ca un interval.
+.
+
+.gpg.keygen.valid.okay
+Răspundeţi "da" sau "nu"
+.
+
+.gpg.keygen.name
+Introduceţi numele deţinătorului cheii
+.
+
+.gpg.keygen.email
+vă rugăm introduceţi o adresă de email (opţională dar recomandată)
+.
+
+.gpg.keygen.comment
+Vă rugăm introduceţi un comentriu opţional
+.
+
+.gpg.keygen.userid.cmd
+N pentru a schimba numele.
+C pentru a schimba comentariul.
+E pentru a schimba adresa de email.
+O pentru a continua cu generarea cheii.
+T pentru a termina generarea cheii.
+.
+
+.gpg.keygen.sub.okay
+Răspundeţi "da" (sau numai "d") dacă sunteţi OK să generaţi subcheia.
+.
+
+.gpg.sign_uid.okay
+Răspundeţi "da" sau "nu"
+.
+
+.gpg.sign_uid.class
+Când semnaţi un ID utilizator pe o cheie ar trebui să verificaţi mai întâi
+că cheia aparţine persoanei numite în ID-ul utilizator. Este util şi altora
+să ştie cât de atent aţi verificat acest lucru.
+
+"0" înseamnă că nu pretindeţi nimic despre cât de atent aţi verificat cheia
+"1" înseamnă că credeţi că cheia este a persoanei ce pretinde că este
+ proprietarul ei, dar n-aţi putut, sau nu aţi verificat deloc cheia.
+ Aceasta este utilă pentru verificare "persona", unde semnaţi cheia
+ unui utilizator pseudonim.
+
+"2" înseamnă că aţi făcut o verificare supericială a cheii. De exemplu,
+ aceasta ar putea însemna că aţi verificat amprenta cheii şi aţi verificat
+ ID-ul utilizator de pe cheie cu un ID cu poză.
+
+"3" înseamnă că aţi făcut o verificare extensivă a cheii. De exemplu,
+ aceasta ar putea însemna că aţi verificat amprenta cheii cu proprietarul
+ cheii în persoană, că aţi verificat folosind un document dificil de
+ falsificat cu poză (cum ar fi un paşaport) că numele proprietarului cheii
+ este acelaşi cu numele ID-ului utilizator al cheii şi că aţi verificat
+ (schimbând emailuri) că adresa de email de pe cheie aparţine proprietarului
+cheii.
+
+De notat că exemplele date pentru nivelele 2 şi 3 ceva mai sus sunt *numai*
+exemple. La urma urmei, d-voastră decideţi ce înseamnă "superficial" şi
+"extensiv" pentru d-voastră când semnaţi alte chei.
+
+Dacă nu ştiţi care este răspunsul, răspundeţi "0".
+.
+
+.gpg.change_passwd.empty.okay
+Răspundeţi "da" sau "nu"
+.
+
+.gpg.keyedit.save.okay
+Răspundeţi "da" sau "nu"
+.
+
+.gpg.keyedit.cancel.okay
+Răspundeţi "da" sau "nu"
+.
+
+.gpg.keyedit.sign_all.okay
+Răspundeţi "da" dacă doriţi să semnaţi TOATE ID-urile utilizator
+.
+
+.gpg.keyedit.remove.uid.okay
+Răspundeţi "da" dacă într-adevăr doriţi să ştergeţi acest ID utilizator.
+Toate certificatele sunt de asemenea pierdute!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Răspundeţi "da" dacă este OK să ştergeţi subcheia
+.
+
+.gpg.keyedit.delsig.valid
+Aceasta este o semnătură validă pe cheie; în mod normal n-ar trebui
+să ştergeţi această semnătură pentru că aceasta ar putea fi importantăla stabilirea conexiunii de încredere la cheie sau altă cheie certificată
+de această cheie.
+.
+
+.gpg.keyedit.delsig.unknown
+Această semnătură nu poate fi verificată pentru că nu aveţi cheia
+corespunzătoare. Ar trebui să amânaţi ştergerea sa până ştiţi care
+cheie a fost folosită pentru că această cheie de semnare ar putea
+constitui o conexiune de încredere spre o altă cheie deja certificată.
+.
+
+.gpg.keyedit.delsig.invalid
+Semnătura nu este validă. Aceasta ar trebui ştearsă de pe inelul
+d-voastră de chei.
+.
+
+.gpg.keyedit.delsig.selfsig
+Aceasta este o semnătură care leagă ID-ul utilizator de cheie.
+De obicei nu este o idee bună să ştergeţi o asemenea semnătură.
+De fapt, GnuPG ar putea să nu mai poată folosi această cheie.
+Aşa că faceţi acest lucru numai dacă această auto-semnătură este
+dintr-o oarecare cauză invalidă şi o a doua este disponibilă.
+.
+
+.gpg.keyedit.updpref.okay
+Schimbaţi toate preferinţele ale tuturor ID-urilor utilizator (sau doar
+cele selectate) conform cu lista curentă de preferinţe. Timestamp-urile
+tuturor auto-semnăturilor afectate vor fi avansate cu o secundă.
+
+.
+
+.gpg.passphrase.enter
+Vă rugăm introduceţi fraza-parolă; aceasta este o propoziţie secretă
+
+.
+
+.gpg.passphrase.repeat
+Vă rugăm repetaţi ultima frază-parolă, pentru a fi sigur(ă) ce aţi tastat.
+.
+
+.gpg.detached_signature.filename
+Daţi numele fişierului la care se aplică semnătura
+.
+
+.gpg.openfile.overwrite.okay
+Răspundeţi "da" dacă este OK să suprascrieţi fişierul
+.
+
+.gpg.openfile.askoutname
+Vă rugăm introduceţi un nou nume-fişier. Dacă doar apăsaţi RETURN,
+va fi folosit fişierul implicit (arătat în paranteze).
+.
+
+.gpg.ask_revocation_reason.code
+Ar trebui să specificaţi un motiv pentru certificare. În funcţie de
+context aveţi posibilitatea să alegeţi din această listă:
+ "Cheia a fost compromisă"
+ Folosiţi această opţiune dacă aveţi un motiv să credeţi că persoane
+ neautorizate au avut acces la cheia d-voastră secretă.
+ "Cheia este înlocuită"
+ Folosiţi această opţiune dacă înlocuiţi cheia cu una nouă.
+ "Cheia nu mai este folosită"
+ Folosiţi această opţiune dacă pensionaţi cheia.
+ "ID-ul utilizator nu mai este valid"
+ Folosiţi această opţiune dacă ID-ul utilizator nu mai trebuie folosit;
+ de obicei folosită pentru a marca o adresă de email ca invalidă.
+
+.
+
+.gpg.ask_revocation_reason.text
+Dacă doriţi, puteţi introduce un text descriind de ce publicaţi acest
+certificat de revocare. Vă rugăm fiţi concis.
+O linie goală termină textul.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.ru.txt b/doc/help.ru.txt
new file mode 100644
index 0000000..bd4ae14
--- /dev/null
+++ b/doc/help.ru.txt
@@ -0,0 +1,250 @@
+# help.ru.txt - ru GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Ð’Ñ‹ должны ввеÑти здеÑÑŒ значение; оно никогда не будет ÑкÑпортировано
+третьей Ñтороне. Это необходимо Ð´Ð»Ñ Ñ€ÐµÐ°Ð»Ð¸Ð·Ð°Ñ†Ð¸Ð¸ Сети ДовериÑ;
+и не имеет ничего общего Ñ (неÑвно Ñозданной) Ñетью Ñертификатов.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Ð”Ð»Ñ Ð¿Ð¾ÑÑ‚Ñ€Ð¾ÐµÐ½Ð¸Ñ Ð¡ÐµÑ‚Ð¸ ДовериÑ, GnuPG должен знать, к каким ключам
+имеетÑÑ Ð°Ð±Ñолютное доверие - обычно Ñто ключи Ð´Ð»Ñ ÐºÐ¾Ñ‚Ð¾Ñ€Ñ‹Ñ… у Ð’Ð°Ñ ÐµÑÑ‚ÑŒ
+Ñекретный ключ. Ответьте "yes" Ð´Ð»Ñ Ð¿Ñ€Ð¸ÑÐ²Ð¾ÐµÐ½Ð¸Ñ Ð°Ð±Ñолютного довериÑ
+данному ключу
+
+.
+
+.gpg.untrusted_key.override
+ЕÑли хотите иÑпользовать данный недоверÑемый ключ - ответьте "yes".
+.
+
+.gpg.pklist.user_id.enter
+Введите User ID адреÑата, которому хотите отправить Ñообщение.
+.
+
+.gpg.keygen.algo
+Выберите алгоритм.
+
+DSA (aka DSS) - Digital Signature Algorithm может иÑпользоватьÑÑ
+только Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñей.
+
+Elgamal - алгоритм иÑпользуемый только Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ.
+
+RSA может иÑпользоватьÑÑ Ð¸ Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи, и Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ.
+
+Первый (он же главный) ключ вÑегда должен быть подпиÑывающим.
+.
+
+.gpg.keygen.algo.rsa_se
+Обычно не рекомендуетÑÑ Ð¸Ñпользовать один ключ и Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи, и Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ.
+Данный алгоритм Ñледует иÑпользовтаь только в некоторых ÑлучаÑÑ….
+ПроконÑультируйтеÑÑŒ Ñ Ð’Ð°ÑˆÐ¸Ð¼ ÑкÑпертом по безопаÑноÑти перед тем,
+как иÑпользовать данный ключ.
+.
+
+.gpg.keygen.size
+Введите размер ключа
+.
+
+.gpg.keygen.size.huge.okay
+Ответьте "yes" или "no"
+.
+
+.gpg.keygen.size.large.okay
+Ответьте "yes" или "no"
+.
+
+.gpg.keygen.valid
+Введите требуемое значение, как показано в подÑказке.
+Можно ввеÑти дату в ISO формате (YYYY-MM-DD), но Ð’Ñ‹ не получите
+уведомление при ошибке в формате - вмеÑто Ñтого ÑиÑтема попробует
+интерпретировать введенное значение как интервал.
+.
+
+.gpg.keygen.valid.okay
+Ответьте "yes" или "no"
+.
+
+.gpg.keygen.name
+Введите Ð¸Ð¼Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†Ð° ключа
+.
+
+.gpg.keygen.email
+введите необÑзательный, но очень рекомендуемый email адреÑ
+.
+
+.gpg.keygen.comment
+Введите необÑзательный комментарий
+.
+
+.gpg.keygen.userid.cmd
+N изменить имÑ.
+C изменить комментарий.
+E изменить email адреÑ.
+O продолжить Ñоздание ключа.
+Q выйти и прервать Ñоздание ключа.
+.
+
+.gpg.keygen.sub.okay
+Ответьте "yes" (или только "y"), еÑли готовы Ñоздавать подключ.
+.
+
+.gpg.sign_uid.okay
+Ответьте "yes" или "no"
+.
+
+.gpg.sign_uid.class
+Перед подпиÑыванием User ID ключа, Ñледует прежде удоÑтоверитьÑÑ, что
+ключ дейÑтвительно принадлежит человеку указанному в User ID. Это очень важно
+Ð´Ð»Ñ Ñ‚ÐµÑ…, кто учитывает как хорошо Ð’Ñ‹ проверÑете доÑтоверноÑÑ‚ÑŒ User ID.
+
+"0" означает, что Ð’Ñ‹ не можете Ñказать, как хорошо Ð’Ñ‹ проверили ключ.
+"1" означает, что Вы полагаете, что ключ принадлежит человеку, который
+ указан в нем, но Ð’Ñ‹ не могли или не проводили проверку ключа ÑовÑем.
+ Это полезно, когда Ð’Ñ‹ подпиÑываете ключ Ñ Ð¿Ñевдонимом человека.
+
+"2" означает, что Ð’Ñ‹ делали неаккуратную проверку ключа. Ðапример, Ñто может
+ означать, что Вы проверили отпечаток ключа и проверили User ID на
+ ключе на оÑновании фото ID.
+
+"3" означает, что Ð’Ñ‹ выполнили вÑеÑтороннюю проверку ключа. Ðапример, Ñто может
+ означать, что Ð’Ñ‹ Ñверили отпечаток ключа Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†ÐµÐ¼ ключа лично
+ и что Ð’Ñ‹ Ñверили вÑÑ‘ поÑредÑтвом трудноподделываемого документа Ñ
+ фотографией (таким как паÑпорт), что Ð¸Ð¼Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†Ð° ключа Ñовпадает Ñ
+ именем в User ID ключа и наконец, что Вы проверили (обменом шифрованными
+ пиÑьмами), что email Ð°Ð´Ñ€ÐµÑ Ð½Ð° ключе принадлежит владельцу ключа.
+
+Учтите, что примеры данные Ð´Ð»Ñ ÑƒÑ€Ð¾Ð²Ð½ÐµÐ¹ 2 и 3 - только примеры.
+Ð’ конечном итоге, Вам решать, как клаÑÑифицировать "неаккуратно" и "вÑеÑторонне",
+при подпиÑывании чужих ключей.
+
+ЕÑли Ð’Ñ‹ не можете определитьÑÑ Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»ÑŒÐ½Ñ‹Ð¼ ответом, ответьте "0".
+.
+
+.gpg.change_passwd.empty.okay
+Ответьте "yes" или "no"
+.
+
+.gpg.keyedit.save.okay
+Ответьте "yes" или "no"
+.
+
+.gpg.keyedit.cancel.okay
+Ответьте "yes" или "no"
+.
+
+.gpg.keyedit.sign_all.okay
+Ответьте "yes", еÑли хотите подпиÑать ВСЕ User ID
+.
+
+.gpg.keyedit.remove.uid.okay
+Ответьте "yes", еÑли дейÑтвительно хотите удалить данный User ID.
+Ð’Ñе Ñертификаты также будут потерÑны!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Ответьте "yes", еÑли готовы удалить подключ
+.
+
+.gpg.keyedit.delsig.valid
+Это дейÑÑ‚Ð²Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ на ключе; обычно не желательно
+удалÑÑ‚ÑŒ такие подпиÑи, потому, что она может быть важна Ð´Ð»Ñ ÑƒÑтановлениÑ
+доÑтоверноÑти ключа или других ключей подпиÑанных данным ключом.
+.
+
+.gpg.keyedit.delsig.unknown
+Ð”Ð°Ð½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ не может быть проверена потому, что Ð’Ñ‹ не имеете
+ÑоответÑтвующего ключа. Можете отложить ее удаление, пока не
+узнаете, какой ключ был иÑпользован, Ñ‚.к. Ñта подпиÑÑŒ может
+уÑтанавливать доÑтоверноÑÑ‚ÑŒ через другие уже удоÑтоверенные ключи.
+.
+
+.gpg.keyedit.delsig.invalid
+ПодпиÑÑŒ недейÑтвительна. Это дает оÑÐ½Ð¾Ð²Ð°Ð½Ð¸Ñ ÑƒÐ´Ð°Ð»Ð¸Ñ‚ÑŒ ее из
+ÑвÑзки ключей.
+.
+
+.gpg.keyedit.delsig.selfsig
+Ð”Ð°Ð½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ ÑвлÑетÑÑ ÑамоподпиÑью и привÑзывает User ID к ключу.
+Обычно Ñто Ð¿Ð»Ð¾Ñ…Ð°Ñ Ð¸Ð´ÐµÑ ÑƒÐ´Ð°Ð»Ð¸Ñ‚ÑŒ такую подпиÑÑŒ. Ðа Ñамом деле
+GnuPG может не позволить иÑпользовать такой ключ далее.
+Делайте Ñто только еÑли Ð´Ð°Ð½Ð½Ð°Ñ ÑамоподпиÑÑŒ не дейÑтвительна по
+каким-либо причинам и ÑущеÑтвует доÑÑ‚ÑƒÐ¿Ð½Ð°Ñ Ð²Ñ‚Ð¾Ñ€Ð°Ñ.
+.
+
+.gpg.keyedit.updpref.okay
+Изменение предпочтений Ð´Ð»Ñ Ð²Ñех User ID (или только Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ…)
+на текущий ÑпиÑок предпочтений. Отметка времени на вÑех затронутых
+ÑамоподпиÑÑÑ… будет увеличена на одну Ñекунду.
+
+.
+
+.gpg.passphrase.enter
+Введите фразу-пароль (Ñто ÑÐµÐºÑ€ÐµÑ‚Ð½Ð°Ñ Ñтрока)
+
+.
+
+.gpg.passphrase.repeat
+Повторите фразу-пароль, чтобы убедитьÑÑ Ð² том, что она набрана правильно.
+.
+
+.gpg.detached_signature.filename
+Введите Ð¸Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°, к которому отноÑитÑÑ Ð´Ð°Ð½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ
+.
+
+.gpg.openfile.overwrite.okay
+Ответьте "yes", еÑли хотите перезапиÑать файл
+.
+
+.gpg.openfile.askoutname
+Введите новое Ð¸Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°. ЕÑли нажмете только RETURN будет иÑпользован
+по умолчанию тот файл, который показан в квадратных Ñкобках.
+.
+
+.gpg.ask_revocation_reason.code
+Ð¡ÐµÐ¹Ñ‡Ð°Ñ Ñможете указать причину отзыва ключа. ОÑновываÑÑÑŒ на
+контекÑте отзыва - можете выбрать один из Ñледующих вариантов:
+ "Ключ был Ñкомпрометирован"
+ Выберите, еÑли предполагаете, что поÑторонний человек
+ получил доÑтуп к Вашему Ñекретному ключу.
+ "Ключ заменен другим"
+ Выберите, еÑли заменÑете данный ключ на другой.
+ "Ключ больше не иÑпользуетÑÑ"
+ Выберите, еÑли отказываетеÑÑŒ от иÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð´Ð°Ð½Ð½Ð¾Ð³Ð¾ ключа.
+ "User ID больше не дейÑтвителен"
+ Выберите, еÑли больше не ÑобираетеÑÑŒ иÑпользовать данный User ID.
+ Обычно иÑпользуетÑÑ, Ð´Ð»Ñ ÑƒÐºÐ°Ð·Ð°Ð½Ð¸Ñ, что данный e-mail больше
+ не иÑпользуетÑÑ
+
+.
+
+.gpg.ask_revocation_reason.text
+При необходимоÑти здеÑÑŒ можно прокомментировать причины
+ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ñертификата отзыва. Будьте кратки.
+Ð”Ð»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð¸Ñ Ð²Ð²ÐµÐ´Ð¸Ñ‚Ðµ пуÑтую Ñтроку.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.sk.txt b/doc/help.sk.txt
new file mode 100644
index 0000000..a0fa4aa
--- /dev/null
+++ b/doc/help.sk.txt
@@ -0,0 +1,254 @@
+# help.sk.txt - sk GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Je na Vás, aby ste sem priradili hodnotu; táto hodnota nebude nikdy
+exportovaná tretej strane. Potrebujeme ju k implementácii "pavuÄiny
+dôvery"; nemá to niÄ spoloÄné s (implicitne vytvorenou) "pavuÄinou
+certifikátov".
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Aby bolo možné vybudovaÅ¥ pavuÄinu dôvery, musí GnuPG vedieÅ¥, ktorým kľúÄom
+dôverujete absolútne - obyÄajne sú to tie kľúÄe, pre ktoré máte prístup
+k tajným kľúÄom. Odpovedzte "ano", aby ste nastavili tieto kľúÄe
+ako absolútne dôveryhodné
+
+.
+
+.gpg.untrusted_key.override
+Pokiaľ aj tak chcete použiÅ¥ tento nedôveryhodný kľúÄ, odpovedzte "ano".
+.
+
+.gpg.pklist.user_id.enter
+Vložte identifikátor adresáta, ktorému chcete poslať správu.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.gpg.keygen.algo.rsa_se
+VÅ¡ebecne nemožno odporúÄaÅ¥ používaÅ¥ rovnaký kÄ¾ÃºÄ na Å¡ifrovanie a podeisovanie
+Tento algoritmus je vhodné použiÅ¥ len za urÄitých podmienok.
+Kontaktujte prosím najprv bezpeÄnostného Å¡pecialistu.
+.
+
+.gpg.keygen.size
+Vložte dĺžku kľúÄa
+.
+
+.gpg.keygen.size.huge.okay
+Odpovedzte "ano" alebo "nie"
+.
+
+.gpg.keygen.size.large.okay
+Odpovedzte "ano" alebo "nie"
+.
+
+.gpg.keygen.valid
+Vložte požadovanú hodnotu tak, ako je uvedené v príkazovom riadku.
+Je možné vložiť dátum vo formáte ISO (RRRR-MM-DD), ale nedostanete
+správnu chybovú hlášku - miesto toho systém skúsi interpretovať
+zadanú hodnotu ako interval.
+.
+
+.gpg.keygen.valid.okay
+Odpovedzte "ano" alebo "nie"
+.
+
+.gpg.keygen.name
+Vložte meno držiteľa kľúÄa
+.
+
+.gpg.keygen.email
+prosím, vložte e-mailovú adresu (nepovinné, ale veľmi odporúÄané)
+.
+
+.gpg.keygen.comment
+Prosím, vložte nepovinný komentár
+.
+
+.gpg.keygen.userid.cmd
+N pre zmenu názvu.
+C pre zmenu komentára.
+E pre zmenu e-mailovej adresy.
+O pre pokraÄovanie generovania kľúÄa.
+Q pre ukonÄenie generovania kľúÄa.
+.
+
+.gpg.keygen.sub.okay
+Ak chcete generovaÅ¥ podkľúÄ, odpovedzte "ano" (alebo len "a").
+.
+
+.gpg.sign_uid.okay
+Odpovedzte "ano" alebo "nie"
+.
+
+.gpg.sign_uid.class
+Skôr ako podpíšete id užívateľa, mali by ste najprv overiÅ¥, Äi kľúÄ
+patrí osobe, ktorej meno je uvedené v identifikátore užívateľa.
+Je veľmi užitoÄné, keÄ ostatní vedia, ako dôsledne ste previedli
+takéto overenie.
+
+"0" znamená, že neuvádzate, ako dôsledne ste pravosÅ¥ kľúÄa overili
+
+"1" znamená, že veríte tomu, že kÄ¾ÃºÄ patrí osobe, ktorá je uvedená,
+ v užívateľskom ID, ale nemohli ste alebo jste nepreverili túto skutoÄnosÅ¥.
+ To je užitoÄné pre "osobnú" verifikáciu, keÄ podpisujete kľúÄe, ktoré
+ používajú pseudonym užívateľa.
+
+"2" znamená, že ste ÄiastoÄne overili pravosÅ¥ kľúÄa. Napr. ste overili
+ fingerprint kľúÄa a skontrolovali identifikátor užívateľa
+ uvedený na kľúÄi s fotografickým id.
+
+"3" Znamená, že ste vykonali veľmi dôkladné overenie pravosti kľúÄa.
+ To môže napríklad znamenaÅ¥, že ste overili fingerprint kľúÄa
+ jeho vlastníka osobne a Äalej ste pomocou tažko falÅ¡ovateľného
+ dokumentu s fotografiou (napríklad pasu) overili, že meno majiteľa
+ kľúÄa sa zhoduje s menom uvedeným v užívateľskom ID a Äalej ste
+ overili (výmenou elektronických dopisov), že elektronická adresa uvedená
+ v ID užívateľa patrí majiteľovi kľúÄa.
+
+Prosím nezabúdajte, že príklady uvedené pre úroveň 2 a 3 sú *len*
+príklady.
+Je len na VaÅ¡om rozhodnutí, Äo "ÄiastoÄné" a "dôkladné" overenie znamená
+keÄ budete podpisovaÅ¥ kľúÄe iným užívateľom.
+
+Pokiaľ neviete, aká je správna odpoveÄ, odpovedzte "0".
+.
+
+.gpg.change_passwd.empty.okay
+Odpovedzte "ano" alebo "nie"
+.
+
+.gpg.keyedit.save.okay
+Odpovedzte "ano" alebo "nie"
+.
+
+.gpg.keyedit.cancel.okay
+Odpovedzte "ano" alebo "nie"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.gpg.keyedit.remove.uid.okay
+Pokiaľ skutoÄne chcete zmazaÅ¥ tento identifikátor užívateľa, odpovedzte "ano".
+Všetky certifikáty budú tiež stratené!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Odpovedzte "ano", pokiaľ chcete zmazaÅ¥ podkľúÄ
+.
+
+.gpg.keyedit.delsig.valid
+Toto je platný podpis kľúÄa; normálne nechcete tento podpis zmazaÅ¥,
+pretože môže byÅ¥ dôležitý pri vytváraní dôvery kľúÄa alebo iného kľúÄa
+ceritifikovaného týmto kľúÄom.
+.
+
+.gpg.keyedit.delsig.unknown
+Tento podpis nemôže byÅ¥ overený, pretože nemáte zodpovedajúci verejný kľúÄ.
+Jeho zmazanie by ste mali odložiÅ¥ do Äasu, keÄ budete vedieÅ¥, ktorý kľúÄ
+bol použitý, pretože tento podpisovací kÄ¾ÃºÄ môže vytvoriÅ¥ dôveru
+prostredníctvom iného už certifikovaného kľúÄa.
+.
+
+.gpg.keyedit.delsig.invalid
+Podpis je neplatný. Je rozumné ho odstrániÅ¥ z Vášho súboru kľúÄov.
+.
+
+.gpg.keyedit.delsig.selfsig
+Toto je podpis, ktorý viaže identifikátor užívateľa ku kľúÄu. ZvyÄajne
+nie je dobré takýto podpis odstrániÅ¥. GnuPG nemôže tento kÄ¾ÃºÄ naÄalej
+používaÅ¥. Urobte to len v prípade, keÄ je tento podpis kľúÄa
+ním samým z nejakého dôvodu neplatný a keÄ je k dispozícii iný kľúÄ.
+.
+
+.gpg.keyedit.updpref.okay
+ZmeniÅ¥ predvoľby pre vÅ¡etky užívateľské ID (alebo len pre oznaÄené)
+na aktuálny zoznam predvolieb. Časové razítka všetkých dotknutých podpisov
+kľúÄov nimi samotnými budú posunuté o jednu sekundu dopredu.
+
+.
+
+.gpg.passphrase.enter
+Prosím, vložte heslo; toto je tajná veta
+
+.
+
+.gpg.passphrase.repeat
+Prosím, zopakujte posledné heslo, aby ste si boli istý, Äo ste napísali.
+.
+
+.gpg.detached_signature.filename
+Zadajte názov súboru, ku ktorému sa podpis vzťahuje
+.
+
+.gpg.openfile.overwrite.okay
+Ak si prajete prepísanie súboru, odpovedzte "ano"
+.
+
+.gpg.openfile.askoutname
+Prosím, vložte nový názov súboru. Ak len stlaÄíte RETURN, bude
+použitý implicitný súbor (ktorý je zobrazený v zátvorkách).
+.
+
+.gpg.ask_revocation_reason.code
+Mali by ste špecifikovať dôvod certifikácie. V závislosti na kontexte
+máte možnosť si vybrať zo zoznamu:
+ "kÄ¾ÃºÄ bol kompromitovaný"
+ Toto použite, pokiaľ si myslíte, že k Vášmu tajnému kľúÄu získali
+ prístup neoprávnené osoby.
+ "kÄ¾ÃºÄ je nahradený"
+ Toto použite, pokiaľ ste tento kÄ¾ÃºÄ nahradili novším kľúÄom.
+ "kÄ¾ÃºÄ sa už nepoužíva"
+ Toto použite, pokiaľ tento kÄ¾ÃºÄ už nepoužívate.
+ "Identifikátor užívateľa už nie je platný"
+ Toto použite, pokiaľ by sa identifikátor užívateľa už nemal používať;
+ normálne sa používa na oznaÄenie neplatnej e-mailové adresy.
+
+.
+
+.gpg.ask_revocation_reason.text
+Ak chcete, môžete vložiÅ¥ text popisujúcí pôvod vzniku tohto revokaÄného
+ceritifikátu. Prosím, struÄne.
+Text konÄí prázdnym riadkom.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.sv.txt b/doc/help.sv.txt
new file mode 100644
index 0000000..36c9ffb
--- /dev/null
+++ b/doc/help.sv.txt
@@ -0,0 +1,286 @@
+# help..txt - GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.#gpg.edit_ownertrust.value
+# fixme: Please translate and remove the hash mark from the key line.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.#gpg.edit_ownertrust.set_ultimate.okay
+# fixme: Please translate and remove the hash mark from the key line.
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted
+
+.
+
+.#gpg.untrusted_key.override
+# fixme: Please translate and remove the hash mark from the key line.
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.#gpg.pklist.user_id.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.#gpg.keygen.algo
+# fixme: Please translate and remove the hash mark from the key line.
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+.#gpg.keygen.algo.rsa_se
+# fixme: Please translate and remove the hash mark from the key line.
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+.#gpg.keygen.size
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the size of the key
+.
+
+.#gpg.keygen.size.huge.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.size.large.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.valid
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.#gpg.keygen.valid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keygen.name
+# fixme: Please translate and remove the hash mark from the key line.
+Enter the name of the key holder
+.
+
+.#gpg.keygen.email
+# fixme: Please translate and remove the hash mark from the key line.
+please enter an optional but highly suggested email address
+.
+
+.#gpg.keygen.comment
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter an optional comment
+.
+
+.#gpg.keygen.userid.cmd
+# fixme: Please translate and remove the hash mark from the key line.
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.#gpg.keygen.sub.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.#gpg.sign_uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.sign_uid.class
+# fixme: Please translate and remove the hash mark from the key line.
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.#gpg.change_passwd.empty.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.save.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.cancel.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" or "no"
+.
+
+.#gpg.keyedit.sign_all.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you want to sign ALL the user IDs
+.
+
+.#gpg.keyedit.remove.uid.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.#gpg.keyedit.remove.subkey.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to delete the subkey
+.
+
+.#gpg.keyedit.delsig.valid
+# fixme: Please translate and remove the hash mark from the key line.
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.#gpg.keyedit.delsig.unknown
+# fixme: Please translate and remove the hash mark from the key line.
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.#gpg.keyedit.delsig.invalid
+# fixme: Please translate and remove the hash mark from the key line.
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.#gpg.keyedit.delsig.selfsig
+# fixme: Please translate and remove the hash mark from the key line.
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.#gpg.keyedit.updpref.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+
+.
+
+.#gpg.passphrase.enter
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter the passhrase; this is a secret sentence
+
+.
+
+.#gpg.passphrase.repeat
+# fixme: Please translate and remove the hash mark from the key line.
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.#gpg.detached_signature.filename
+# fixme: Please translate and remove the hash mark from the key line.
+Give the name of the file to which the signature applies
+.
+
+.#gpg.openfile.overwrite.okay
+# fixme: Please translate and remove the hash mark from the key line.
+Answer "yes" if it is okay to overwrite the file
+.
+
+.#gpg.openfile.askoutname
+# fixme: Please translate and remove the hash mark from the key line.
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.#gpg.ask_revocation_reason.code
+# fixme: Please translate and remove the hash mark from the key line.
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+
+.
+
+.#gpg.ask_revocation_reason.text
+# fixme: Please translate and remove the hash mark from the key line.
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.tr.txt b/doc/help.tr.txt
new file mode 100644
index 0000000..15bdf8e
--- /dev/null
+++ b/doc/help.tr.txt
@@ -0,0 +1,242 @@
+# help.tr.txt - tr GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+Bir değeri buraya işaretlemek size kalmış; bu değer herhangi bir 3. şahsa
+gönderilmeyecek. Bir güvence ağı sağlamak için bizim buna ihtiyacımız var;
+bunun (açıkça belirtilmeden oluşturulmuş) sertifikalar ağıyla
+hiçbir alakası yok.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+Web-of-Trust oluşturulabilmesi için GnuPG'ye hangi anahtarların son derece
+güvenli (bunlar gizli anahtarlarına erişiminiz olan anahtarlardır) olduğunun
+bildirilmesi gerekir. "evet" yanıtı bu anahtarın son derece güvenli
+olduğunun belirtilmesi için yeterlidir.
+
+.
+
+.gpg.untrusted_key.override
+Bu güvencesiz anahtarı yine de kullanmak istiyorsanız cevap olarak
+ "evet" yazın.
+.
+
+.gpg.pklist.user_id.enter
+Bu iletiyi göndereceğiniz adresin kullanıcı kimliğini giriniz.
+.
+
+.gpg.keygen.algo
+Kullanılacak algoritmayı seçiniz.
+
+DSA (nam-ı diğer DSS) Sayısal İmza Algortimasıdır ve
+sadece imzalar için kullanılabilir.
+
+Elgamal sadece şifreleme amacıyla kullanılabilen bir algoritmadır.
+
+RSA hem imzalamak hem de şifrelemek amacıyla kullanılabilir.
+
+İlk (asıl) anahtar daima imzalama yeteneğine sahip bir anahtar olmalıdır.
+.
+
+.gpg.keygen.algo.rsa_se
+Genelde imzalama ve şifreleme için aynı anahtarı kullanmak iyi bir fikir
+değildir. Bu algoritma sadece belli alanlarda kullanılabilir.
+Lütfen güvenlik uzmanınıza danışın.
+.
+
+.gpg.keygen.size
+Anahtar uzunluÄŸunu giriniz
+.
+
+.gpg.keygen.size.huge.okay
+Cevap "evet" ya da "hayır"
+.
+
+.gpg.keygen.size.large.okay
+Cevap "evet" ya da "hayır"
+.
+
+.gpg.keygen.valid
+İstenen değeri girin. ISO tarihi (YYYY-AA-GG) girmeniz mümkündür fakat
+iyi bir hata cevabı alamazsınız -- onun yerine sistem verilen değeri
+bir zaman aralığı olarak çözümlemeyi dener.
+.
+
+.gpg.keygen.valid.okay
+Cevap "evet" ya da "hayır"
+.
+
+.gpg.keygen.name
+Anahtar tutucunun ismini giriniz
+.
+
+.gpg.keygen.email
+lütfen bir E-posta adresi girin (isteğe bağlı ancak kuvvetle tavsiye edilir)
+.
+
+.gpg.keygen.comment
+Lütfen önbilgi girin (isteğe bağlı)
+.
+
+.gpg.keygen.userid.cmd
+S iSim değiştirmek için.
+B önBilgiyi değiştirmek için.
+P e-Posta adresini değiştirmek için.
+D anahtar üretimine Devam etmek için.
+K anahtar üretiminden çıKmak için.
+.
+
+.gpg.keygen.sub.okay
+Yardımcı anahtarı üretmek istiyorsanız "evet" ya da "e" girin.
+.
+
+.gpg.sign_uid.okay
+Cevap "evet" ya da "hayır"
+.
+
+.gpg.sign_uid.class
+Bir anahtarı bir kullanıcı kimlikle imzalamadan önce kullanıcı kimliğin
+içindeki ismin, anahtarın sahibine ait olup olmadığını kontrol etmelisiniz.
+
+"0" bu kontrolu yapmadığınız ve yapmayı da bilmediğiniz anlamındadır.
+"1" anahtar size sahibi tarafından gönderildi ama siz bu anahtarı başka
+ kaynaklardan doğrulamadınız anlamındadır. Bu kişisel doğrulama için
+ yeterlidir. En azında yarı anonim bir anahtar imzalaması yapmış
+ olursunuz.
+"2" ayrıntılı bir inceleme yapıldığı anlamındadır. Örneğin parmakizi ve
+ bir anahtarın foto kimliğiyle kullanıcı kimliğini karşılaştırmak
+ gibi denetimleri yapmışsınızdır.
+"3" inceden inceye bir doğrulama anlatır. Örneğin, şahıstaki anahtarın
+ sahibi ile anahtar parmak izini karşılaştırmışsınızdır ve anahtardaki
+ kullanıcı kimlikte belirtilen isme ait bir basılı kimlik belgesindeki
+ bir fotoğrafla şahsı karşılaştırmışsınızdır ve son olarak anahtar
+ sahibinin e-posta adresini kendisinin kullanmakta olduÄŸunu da
+ denetlemiÅŸsinizdir.
+Burada 2 ve 3 için verilen örnekler *sadece* örnektir.
+Eninde sonunda bir anahtarı imzalarken "ayrıntılı" ve "inceden inceye" kontroller arasındaki ayrıma siz karar vereceksiniz.
+Bu kararı verebilecek durumda değilseniz "0" cevabını verin.
+.
+
+.gpg.change_passwd.empty.okay
+Cevap "evet" ya da "hayır"
+.
+
+.gpg.keyedit.save.okay
+Cevap "evet" ya da "hayır"
+.
+
+.gpg.keyedit.cancel.okay
+Cevap "evet" ya da "hayır"
+.
+
+.gpg.keyedit.sign_all.okay
+Kullanıcı kimliklerinin TÜMünü imzalamak istiyorsanız "evet" ya da "yes" yazın
+.
+
+.gpg.keyedit.remove.uid.okay
+Bu kullanıcı kimliğini gerçekten silmek istiyorsanız "evet" girin.
+Böylece bütün sertifikaları kaybedeceksiniz!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Bu yardımcı anahtarı silme izni vermek istiyorsanız "evet" girin
+.
+
+.gpg.keyedit.delsig.valid
+Bu, anahtar üzerinde geçerli bir imzadır; anahtara ya da bu anahtarla
+sertifikalanmış bir diğer anahtara bir güvence bağlantısı sağlamakta
+önemli olabileceğinden normalde bu imzayı silmek istemezsiniz.
+.
+
+.gpg.keyedit.delsig.unknown
+Bu imza, anahtarına sahip olmadığınızdan, kontrol edilemez. Bu imzanın
+silinmesini hangi anahtarın kullanıldığını bilene kadar
+ertelemelisiniz çünkü bu imzalama anahtarı başka bir sertifikalı
+anahtar vasıtası ile bir güvence bağlantısı sağlayabilir.
+.
+
+.gpg.keyedit.delsig.invalid
+İmza geçersiz. Anahtarlıktan kaldırmak uygun olacak.
+.
+
+.gpg.keyedit.delsig.selfsig
+Bu imza kullanıcı kimliğini anahtara bağlar. Öz-imzayı silmek hiç iyi
+bir fikir değil. GnuPG bu anahtarı bir daha hiç kullanamayabilir.
+Bunu sadece, eğer bu öz-imza bazı durumlarda geçerli değilse ya da
+kullanılabilir bir ikincisi var ise yapın.
+.
+
+.gpg.keyedit.updpref.okay
+Tüm kullanıcı kimlik tercihlerini (ya da seçilen birini) mevcut tercihler
+listesine çevirir. Tüm etkilenen öz-imzaların zaman damgaları bir sonraki
+tarafından öne alınacaktır.
+
+.
+
+.gpg.passphrase.enter
+Lütfen bir anahtar parolası giriniz; yazdıklarınız görünmeyecek
+
+.
+
+.gpg.passphrase.repeat
+Lütfen son parolayı tekrarlayarak ne yazdığınızdan emin olun.
+.
+
+.gpg.detached_signature.filename
+İmzanın uygulanacağı dosyanın ismini verin
+.
+
+.gpg.openfile.overwrite.okay
+Dosyanın üzerine yazılacaksa lütfen "evet" yazın
+.
+
+.gpg.openfile.askoutname
+Lütfen yeni dosya ismini girin. Dosya ismini yazmadan RETURN tuşlarsanız
+parantez içinde gösterilen öntanımlı dosya kullanılacak.
+.
+
+.gpg.ask_revocation_reason.code
+Sertifikalama için bir sebep belirtmelisiniz. İçeriğine bağlı olarak
+bu listeden seçebilirsiniz:
+ "Anahtar tehlikede"
+ Yetkisiz kişilerin gizli anahtarınıza erişebildiğine inanıyorsanız
+ bunu seçin.
+ "Anahtar geçici"
+ Mevcut anahtarı daha yeni bir anahtar ile değiştirmişseniz bunu seçin.
+ "Anahtar artık kullanılmayacak"
+ Anahtarı emekliye ayıracaksanız bunu seçin.
+ "Kullanıcı kimliği artık geçersiz"
+ Kullanıcı kimliği artık kullanılamayacak durumdaysa bunu
+ seçin; genelde Eposta adresi geçersiz olduğunda kullanılır.
+
+.
+
+.gpg.ask_revocation_reason.text
+İsterseniz, neden bu yürürlükten kaldırma sertifikasını
+verdiğinizi açıklayan bir metin girebilirsiniz.
+Lütfen bu metin kısa olsun. Bir boş satır metni bitirir.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.txt b/doc/help.txt
new file mode 100644
index 0000000..36b993d
--- /dev/null
+++ b/doc/help.txt
@@ -0,0 +1,372 @@
+# help.txt - English GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+# Note that this help file needs to be UTF-8 encoded. When looking
+# for a help item, GnuPG scans the help files in the following order
+# (assuming a GNU or Unix system):
+#
+# /etc/gnupg/help.LL_TT.txt
+# /etc/gnupg/help.LL.txt
+# /etc/gnupg/help.txt
+# /usr/share/gnupg/help.LL_TT.txt
+# /usr/share/gnupg/help.LL.txt
+# /usr/share/gnupg/help.txt
+#
+# Here LL_TT denotes the full name of the current locale with the
+# territory (.e.g. "de_DE"), LL denotes just the locale name
+# (e.g. "de"). The first matching item is returned. To put a dot or
+# a hash mark at the beginning of a help text line, it needs to be
+# prefixed with ". ". A single dot may be used to terminated ahelp
+# entry.
+
+.#pinentry.qualitybar.tooltip
+# [remove the hash mark from the key to enable this text]
+# This entry is just an example on how to customize the tooltip shown
+# when hovering over the quality bar of the pinentry. We don't
+# install this text so that the hardcoded translation takes
+# precedence. An administrator should write up a short help to tell
+# the users about the configured passphrase constraints and save that
+# to /etc/gnupg/help.txt. The help text should not be longer than
+# about 800 characters.
+This bar indicates the quality of the passphrase entered above.
+
+As long as the bar is shown in red, GnuPG considers the passphrase too
+weak to accept. Please ask your administrator for details about the
+configured passphrase constraints.
+.
+
+
+.gnupg.agent-problem
+# There was a problem accessing or starting the agent.
+It was either not possible to connect to a running Gpg-Agent or a
+communication problem with a running agent occurred.
+
+The system uses a background process, called Gpg-Agent, for processing
+private keys and to ask for passphrases. The agent is usually started
+when the user logs in and runs as long the user is logged in. In case
+that no agent is available, the system tries to start one on the fly
+but that version of the agent is somewhat limited in functionality and
+thus may lead to little problems.
+
+You probably need to ask your administrator on how to solve the
+problem. As a workaround you might try to log out and in to your
+session and see whether this helps. If this helps please tell the
+administrator anyway because this indicates a bug in the software.
+.
+
+
+.gnupg.dirmngr-problem
+# There was a problen accessing the dirmngr.
+It was either not possible to connect to a running Dirmngr or a
+communication problem with a running Dirmngr occurred.
+
+To lookup certificate revocation lists (CRLs), performing OCSP
+validation and to lookup keys through LDAP servers, the system uses an
+external service program named Dirmngr. The Dirmngr is usually running
+as a system service (daemon) and does not need any attention by the
+user. In case of problems the system might start its own copy of the
+Dirmngr on a per request base; this is a workaround and yields limited
+performance.
+
+If you encounter this problem, you should ask your system
+administrator how to proceed. As an interim solution you may try to
+disable CRL checking in gpgsm's configuration.
+.
+
+
+.gpg.edit_ownertrust.value
+# The help identies prefixed with "gpg." used to be hard coded in gpg
+# but may now be overridden by help texts from this file.
+It's up to you to assign a value here; this value will never be exported
+to any 3rd party. We need it to implement the web-of-trust; it has nothing
+to do with the (implicitly created) web-of-certificates.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+To build the Web-of-Trust, GnuPG needs to know which keys are
+ultimately trusted - those are usually the keys for which you have
+access to the secret key. Answer "yes" to set this key to
+ultimately trusted.
+
+
+.gpg.untrusted_key.override
+If you want to use this untrusted key anyway, answer "yes".
+.
+
+.gpg.pklist.user_id.enter
+Enter the user ID of the addressee to whom you want to send the message.
+.
+
+.gpg.keygen.algo
+Select the algorithm to use.
+
+DSA (aka DSS) is the Digital Signature Algorithm and can only be used
+for signatures.
+
+Elgamal is an encrypt-only algorithm.
+
+RSA may be used for signatures or encryption.
+
+The first (primary) key must always be a key which is capable of signing.
+.
+
+
+.gpg.keygen.algo.rsa_se
+In general it is not a good idea to use the same key for signing and
+encryption. This algorithm should only be used in certain domains.
+Please consult your security expert first.
+.
+
+
+.gpg.keygen.size
+Enter the size of the key.
+
+The suggested default is usually a good choice.
+
+If you want to use a large key size, for example 4096 bit, please
+think again whether it really makes sense for you. You may want
+to view the web page http://www.xkcd.com/538/ .
+.
+
+.gpg.keygen.size.huge.okay
+Answer "yes" or "no".
+.
+
+
+.gpg.keygen.size.large.okay
+Answer "yes" or "no".
+.
+
+
+.gpg.keygen.valid
+Enter the required value as shown in the prompt.
+It is possible to enter a ISO date (YYYY-MM-DD) but you won't
+get a good error response - instead the system tries to interpret
+the given value as an interval.
+.
+
+.gpg.keygen.valid.okay
+Answer "yes" or "no".
+.
+
+
+.gpg.keygen.name
+Enter the name of the key holder.
+The characters "<" and ">" are not allowed.
+Example: Heinrich Heine
+.
+
+
+.gpg.keygen.email
+Please enter an optional but highly suggested email address.
+Example: heinrichh@duesseldorf.de
+.
+
+.gpg.keygen.comment
+Please enter an optional comment.
+The characters "(" and ")" are not allowed.
+In general there is no need for a comment.
+.
+
+
+.gpg.keygen.userid.cmd
+# (Keep a leading empty line)
+
+N to change the name.
+C to change the comment.
+E to change the email address.
+O to continue with key generation.
+Q to to quit the key generation.
+.
+
+.gpg.keygen.sub.okay
+Answer "yes" (or just "y") if it is okay to generate the sub key.
+.
+
+.gpg.sign_uid.okay
+Answer "yes" or "no".
+.
+
+.gpg.sign_uid.class
+When you sign a user ID on a key, you should first verify that the key
+belongs to the person named in the user ID. It is useful for others to
+know how carefully you verified this.
+
+"0" means you make no particular claim as to how carefully you verified the
+ key.
+
+"1" means you believe the key is owned by the person who claims to own it
+ but you could not, or did not verify the key at all. This is useful for
+ a "persona" verification, where you sign the key of a pseudonymous user.
+
+"2" means you did casual verification of the key. For example, this could
+ mean that you verified the key fingerprint and checked the user ID on the
+ key against a photo ID.
+
+"3" means you did extensive verification of the key. For example, this could
+ mean that you verified the key fingerprint with the owner of the key in
+ person, and that you checked, by means of a hard to forge document with a
+ photo ID (such as a passport) that the name of the key owner matches the
+ name in the user ID on the key, and finally that you verified (by exchange
+ of email) that the email address on the key belongs to the key owner.
+
+Note that the examples given above for levels 2 and 3 are *only* examples.
+In the end, it is up to you to decide just what "casual" and "extensive"
+mean to you when you sign other keys.
+
+If you don't know what the right answer is, answer "0".
+.
+
+.gpg.change_passwd.empty.okay
+Answer "yes" or "no".
+.
+
+
+.gpg.keyedit.save.okay
+Answer "yes" or "no".
+.
+
+
+.gpg.keyedit.cancel.okay
+Answer "yes" or "no".
+.
+
+.gpg.keyedit.sign_all.okay
+Answer "yes" if you want to sign ALL the user IDs.
+.
+
+.gpg.keyedit.remove.uid.okay
+Answer "yes" if you really want to delete this user ID.
+All certificates are then also lost!
+.
+
+.gpg.keyedit.remove.subkey.okay
+Answer "yes" if it is okay to delete the subkey.
+.
+
+
+.gpg.keyedit.delsig.valid
+This is a valid signature on the key; you normally don't want
+to delete this signature because it may be important to establish a
+trust connection to the key or another key certified by this key.
+.
+
+.gpg.keyedit.delsig.unknown
+This signature can't be checked because you don't have the
+corresponding key. You should postpone its deletion until you
+know which key was used because this signing key might establish
+a trust connection through another already certified key.
+.
+
+.gpg.keyedit.delsig.invalid
+The signature is not valid. It does make sense to remove it from
+your keyring.
+.
+
+.gpg.keyedit.delsig.selfsig
+This is a signature which binds the user ID to the key. It is
+usually not a good idea to remove such a signature. Actually
+GnuPG might not be able to use this key anymore. So do this
+only if this self-signature is for some reason not valid and
+a second one is available.
+.
+
+.gpg.keyedit.updpref.okay
+Change the preferences of all user IDs (or just of the selected ones)
+to the current list of preferences. The timestamp of all affected
+self-signatures will be advanced by one second.
+.
+
+
+.gpg.passphrase.enter
+# (keep a leading empty line)
+
+Please enter the passhrase; this is a secret sentence.
+.
+
+
+.gpg.passphrase.repeat
+Please repeat the last passphrase, so you are sure what you typed in.
+.
+
+.gpg.detached_signature.filename
+Give the name of the file to which the signature applies.
+.
+
+.gpg.openfile.overwrite.okay
+# openfile.c (overwrite_filep)
+Answer "yes" if it is okay to overwrite the file.
+.
+
+.gpg.openfile.askoutname
+# openfile.c (ask_outfile_name)
+Please enter a new filename. If you just hit RETURN the default
+file (which is shown in brackets) will be used.
+.
+
+.gpg.ask_revocation_reason.code
+# revoke.c (ask_revocation_reason)
+You should specify a reason for the certification. Depending on the
+context you have the ability to choose from this list:
+ "Key has been compromised"
+ Use this if you have a reason to believe that unauthorized persons
+ got access to your secret key.
+ "Key is superseded"
+ Use this if you have replaced this key with a newer one.
+ "Key is no longer used"
+ Use this if you have retired this key.
+ "User ID is no longer valid"
+ Use this to state that the user ID should not longer be used;
+ this is normally used to mark an email address invalid.
+.
+
+.gpg.ask_revocation_reason.text
+# revoke.c (ask_revocation_reason)
+If you like, you can enter a text describing why you issue this
+revocation certificate. Please keep this text concise.
+An empty line ends the text.
+.
+
+
+
+
+.gpgsm.root-cert-not-trusted
+# This text gets displayed by the audit log if
+# a root certificates was not trusted.
+The root certificate (the trust-anchor) is not trusted. Depending on
+the configuration you may have been prompted to mark that root
+certificate as trusted or you need to manually tell GnuPG to trust that
+certificate. Trusted certificates are configured in the file
+trustlist.txt in GnuPG's home directory. If you are in doubt, ask
+your system administrator whether you should trust this certificate.
+
+
+.gpgsm.crl-problem
+# This tex is displayed by the audit log for problems with
+# the CRL or OCSP checking.
+Depending on your configuration a problem retrieving the CRL or
+performing an OCSP check occurred. There are a great variety of
+reasons why this did not work. Check the manual for possible
+solutions.
+
+
+# Local variables:
+# mode: default-generic
+# coding: utf-8
+# End:
diff --git a/doc/help.zh_CN.txt b/doc/help.zh_CN.txt
new file mode 100644
index 0000000..e000fa0
--- /dev/null
+++ b/doc/help.zh_CN.txt
@@ -0,0 +1,233 @@
+# help.zh_CN.txt - zh_CN GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+在这里指定的数值完全由您自己决定;这些数值永远ä¸ä¼šè¢«è¾“出给任何第三方。
+我们需è¦å®ƒæ¥å®žçŽ°â€œä¿¡ä»»ç½‘络â€ï¼›è¿™è·Ÿéšå«å»ºç«‹èµ·æ¥çš„“验è¯ç½‘络â€æ— å…³ã€‚
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+è¦å»ºç«‹èµ·ä¿¡ä»»ç½‘络,GnuPG 需è¦çŸ¥é“哪些密钥是å¯ç»å¯¹ä¿¡ä»»çš„――通常
+就是您拥有ç§é’¥çš„那些密钥。回答“yesâ€å°†æ­¤å¯†é’¥è®¾æˆå¯ç»å¯¹ä¿¡ä»»çš„
+
+.
+
+.gpg.untrusted_key.override
+如果您无论如何è¦ä½¿ç”¨è¿™æŠŠæœªè¢«ä¿¡ä»»çš„密钥,请回答“yesâ€ã€‚
+.
+
+.gpg.pklist.user_id.enter
+输入您è¦é€’é€çš„报文的接收者的用户标识。
+.
+
+.gpg.keygen.algo
+选择使用的算法。
+
+DSA (ä¹Ÿå« DSS)å³â€œæ•°å­—ç­¾å算法â€(美国国家标准),åªèƒ½å¤Ÿç”¨ä½œç­¾å。
+
+Elgamal 是一ç§åªèƒ½ç”¨ä½œåŠ å¯†çš„算法。
+
+RSA å¯ä»¥ç”¨ä½œç­¾å或加密。
+
+第一把密钥(主钥)必须具有签å的能力。
+.
+
+.gpg.keygen.algo.rsa_se
+通常æ¥è¯´ç”¨åŒä¸€æŠŠå¯†é’¥ç­¾ååŠåŠ å¯†å¹¶ä¸æ˜¯ä¸ªå¥½ä¸»æ„。这个算法åªåœ¨ç‰¹å®šçš„情况
+下使用。请先咨询安全方é¢çš„专家。
+.
+
+.gpg.keygen.size
+请输入密钥的尺寸
+.
+
+.gpg.keygen.size.huge.okay
+请回答“yesâ€æˆ–“noâ€
+.
+
+.gpg.keygen.size.large.okay
+请回答“yesâ€æˆ–“noâ€
+.
+
+.gpg.keygen.valid
+请输入æ示所è¦æ±‚的数值。
+您å¯ä»¥è¾“å…¥ ISO 日期格å¼(YYYY-MM-DD),但是出错时您ä¸ä¼šå¾—到å‹å¥½çš„å“应
+――系统会å°è¯•å°†ç»™å®šå€¼è§£é‡Šä¸ºæ—¶é—´é—´éš”。
+.
+
+.gpg.keygen.valid.okay
+请回答“yesâ€æˆ–“noâ€
+.
+
+.gpg.keygen.name
+请输入密钥æŒæœ‰äººçš„åå­—
+.
+
+.gpg.keygen.email
+请输入电å­é‚®ä»¶åœ°å€(å¯é€‰é¡¹ï¼Œä½†å¼ºçƒˆæŽ¨è使用)
+.
+
+.gpg.keygen.comment
+请输入注释(å¯é€‰é¡¹)
+.
+
+.gpg.keygen.userid.cmd
+N 修改姓å。
+C 修改注释。
+E 修改电å­é‚®ä»¶åœ°å€ã€‚
+O 继续产生密钥。
+Q 中止产生密钥。
+.
+
+.gpg.keygen.sub.okay
+如果您å…许生æˆå­é’¥ï¼Œè¯·å›žç­”“yesâ€(或者“yâ€)。
+.
+
+.gpg.sign_uid.okay
+请回答“yesâ€æˆ–“noâ€
+.
+
+.gpg.sign_uid.class
+当您为æŸæŠŠå¯†é’¥ä¸ŠæŸä¸ªç”¨æˆ·æ ‡è¯†æ·»åŠ ç­¾å时,您必须首先验è¯è¿™æŠŠå¯†é’¥ç¡®å®žå±žäºŽ
+ç½²å于它的用户标识上的那个人。了解到您曾多么谨慎地对此进行过验è¯ï¼Œå¯¹å…¶
+他人是éžå¸¸æœ‰ç”¨çš„
+
+“0†表示您对您有多么仔细地验è¯è¿™æŠŠå¯†é’¥çš„问题ä¸è¡¨æ€ã€‚
+
+“1†表示您相信这把密钥属于那个声明是主人的人,但是您ä¸èƒ½æˆ–根本没有验
+ è¯è¿‡ã€‚如果您为一把属于类似虚拟人物的密钥签å,这个选择很有用。
+
+“2†表示您éšæ„地验è¯äº†é‚£æŠŠå¯†é’¥ã€‚例如,您验è¯äº†è¿™æŠŠå¯†é’¥çš„指纹,或比对
+ 照片验è¯äº†ç”¨æˆ·æ ‡è¯†ã€‚
+
+“3†表示您åšäº†å¤§é‡è€Œè¯¦å°½çš„验è¯å¯†é’¥å·¥ä½œã€‚例如,您åŒå¯†é’¥æŒæœ‰äººéªŒè¯äº†å¯†
+ 钥指纹,而且通过查验附带照片而难以伪造的è¯ä»¶(如护照)确认了密钥æŒ
+ 有人的姓å与密钥上的用户标识一致,最åŽæ‚¨è¿˜(通过电å­é‚®ä»¶å¾€æ¥)验è¯
+ 了密钥上的电å­é‚®ä»¶åœ°å€ç¡®å®žå±žäºŽå¯†é’¥æŒæœ‰äººã€‚
+
+请注æ„上述关于验è¯çº§åˆ« 2 å’Œ 3 的说明仅是例å­è€Œå·²ã€‚最终还是由您自己决定
+当您为其他密钥签å时,什么是“éšæ„â€ï¼Œè€Œä»€ä¹ˆæ˜¯â€œå¤§é‡è€Œè¯¦å°½â€ã€‚
+
+如果您ä¸çŸ¥é“应该选什么答案的è¯ï¼Œå°±é€‰â€œ0â€ã€‚
+.
+
+.gpg.change_passwd.empty.okay
+请回答“yesâ€æˆ–“noâ€
+.
+
+.gpg.keyedit.save.okay
+请回答“yesâ€æˆ–“noâ€
+.
+
+.gpg.keyedit.cancel.okay
+请回答“yesâ€æˆ–“noâ€
+.
+
+.gpg.keyedit.sign_all.okay
+如果您想è¦ä¸ºæ‰€æœ‰ç”¨æˆ·æ ‡è¯†ç­¾åçš„è¯å°±é€‰â€œyesâ€
+.
+
+.gpg.keyedit.remove.uid.okay
+如果您真的想è¦åˆ é™¤è¿™ä¸ªç”¨æˆ·æ ‡è¯†çš„è¯å°±å›žç­”“yesâ€ã€‚
+所有相关认è¯åœ¨æ­¤ä¹‹åŽä¹Ÿä¼šä¸¢å¤±ï¼
+.
+
+.gpg.keyedit.remove.subkey.okay
+如果å¯ä»¥åˆ é™¤è¿™æŠŠå­é’¥ï¼Œè¯·å›žç­”“yesâ€
+.
+
+.gpg.keyedit.delsig.valid
+这是一份在这把密钥上有效的签å;通常您ä¸ä¼šæƒ³è¦åˆ é™¤è¿™ä»½ç­¾å,
+因为è¦ä¸Žè¿™æŠŠå¯†é’¥æˆ–拥有这把密钥的签å的密钥建立认è¯å…³ç³»å¯èƒ½
+相当é‡è¦ã€‚
+.
+
+.gpg.keyedit.delsig.unknown
+这份签å无法被检验,因为您没有相应的密钥。您应该暂缓删除它,
+直到您知é“此签å使用了哪一把密钥;因为用æ¥ç­¾å的密钥å¯èƒ½ä¸Ž
+其他已ç»éªŒè¯çš„密钥存在信任关系。
+.
+
+.gpg.keyedit.delsig.invalid
+这份签å无效。应当把它从您的钥匙环里删除。
+.
+
+.gpg.keyedit.delsig.selfsig
+这是一份将密钥与用户标识相è”系的签å。通常ä¸åº”删除这样的签å。
+事实上,一旦删除,GnuPGå¯èƒ½ä»Žæ­¤å°±ä¸èƒ½å†ä½¿ç”¨è¿™æŠŠå¯†é’¥äº†ã€‚因此,
+åªæœ‰åœ¨è¿™æŠŠå¯†é’¥çš„第一个自身签åå› æŸäº›åŽŸå› å¤±æ•ˆï¼Œè€Œæœ‰ç¬¬äºŒä¸ªè‡ªèº«ç­¾
+å­—å¯ç”¨çš„情况下æ‰è¿™ä¹ˆåšã€‚
+.
+
+.gpg.keyedit.updpref.okay
+用现有的首选项更新所有(或选定的)用户标识的首选项。所有å—å½±å“的自身签
+字的时间戳都会增加一秒钟。
+
+.
+
+.gpg.passphrase.enter
+请输入密ç ï¼šè¿™æ˜¯ä¸€ä¸ªç§˜å¯†çš„å¥å­
+
+.
+
+.gpg.passphrase.repeat
+请å†æ¬¡è¾“入上次的密ç ï¼Œä»¥ç¡®å®šæ‚¨åˆ°åº•é”®å…¥äº†äº›ä»€ä¹ˆã€‚
+.
+
+.gpg.detached_signature.filename
+请给定è¦æ·»åŠ ç­¾å的文件å
+.
+
+.gpg.openfile.overwrite.okay
+如果å¯ä»¥è¦†ç›–这个文件,请回答“yesâ€
+.
+
+.gpg.openfile.askoutname
+请输入一个新的文件å。如果您直接按下了回车,那么就会使用显示在括
+å·ä¸­çš„默认的文件å。
+.
+
+.gpg.ask_revocation_reason.code
+您应该为这份åŠé”€è¯ä¹¦æŒ‡å®šä¸€ä¸ªåŽŸå› ã€‚æ ¹æ®æƒ…境的ä¸åŒï¼Œæ‚¨å¯ä»¥ä»Žä¸‹åˆ—清å•ä¸­
+选出一项:
+ “密钥已泄æ¼â€
+ 如果您相信有æŸä¸ªæœªç»è®¸å¯çš„人已å–得了您的ç§é’¥ï¼Œè¯·é€‰æ­¤é¡¹ã€‚
+ “密钥已替æ¢â€
+ 如果您已用一把新密钥代替旧的,请选此项。
+ “密钥ä¸å†è¢«ä½¿ç”¨â€
+ 如果您已决定让这把密钥退休,请选此项
+ “用户标识ä¸å†æœ‰æ•ˆâ€
+ 如果这个用户标识ä¸å†è¢«ä½¿ç”¨äº†ï¼Œè¯·é€‰æ­¤é¡¹ï¼›è¿™é€šå¸¸ç”¨è¡¨æ˜ŽæŸä¸ªç”µå­é‚®
+ 件地å€å·²ä¸å†æœ‰æ•ˆã€‚
+
+.
+
+.gpg.ask_revocation_reason.text
+您也å¯ä»¥è¾“入一串文字,æè¿°å‘布这份åŠé”€è¯ä¹¦çš„ç†ç”±ã€‚请尽é‡ä½¿è¿™æ®µæ–‡
+字简明扼è¦ã€‚
+键入一空行以结æŸè¾“入。
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/help.zh_TW.txt b/doc/help.zh_TW.txt
new file mode 100644
index 0000000..800dad9
--- /dev/null
+++ b/doc/help.zh_TW.txt
@@ -0,0 +1,245 @@
+# help.zh_TW.txt - zh_TW GnuPG online help
+# Copyright (C) 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+.gpg.edit_ownertrust.value
+在這裡指派的數值完全是看妳自己決定; 這些數值永é ä¸æœƒè¢«åŒ¯å‡ºçµ¦å…¶ä»–人.
+我們需è¦å®ƒä¾†å¯¦æ–½ä¿¡ä»»ç¶²çµ¡; 這跟 (自動建立起的) 憑證網絡一點關係也沒有.
+.
+
+.gpg.edit_ownertrust.set_ultimate.okay
+è¦å»ºç«‹èµ·ä¿¡ä»»ç¶²çµ¡, GnuPG 需è¦çŸ¥é“哪些金鑰是被徹底信任的 -
+那些金鑰通常就是妳有辦法存å–到ç§é‘°çš„. 回答 "yes" 來將這些
+金鑰設æˆè¢«å¾¹åº•ä¿¡ä»»çš„
+
+.
+
+.gpg.untrusted_key.override
+如果妳無論如何想è¦ä½¿ç”¨é€™æŠŠæœªè¢«ä¿¡ä»»çš„金鑰, 請回答 "yes".
+.
+
+.gpg.pklist.user_id.enter
+輸入妳è¦éžé€çš„訊æ¯æŽ¥æ”¶è€…的使用者 ID.
+.
+
+.gpg.keygen.algo
+è«‹é¸æ“‡è¦ä½¿ç”¨çš„演算法.
+
+DSA (äº¦å³ DSS) 是數ä½ç°½ç« æ¼”算法 (Digital Signature Algorithm),
+祇能用於簽署.
+
+Elgamal 是祇能用於加密的演算法.
+
+RSA å¯ä»¥è¢«ç”¨ä¾†ç°½ç½²åŠåŠ å¯†.
+
+第一把 (主è¦çš„) 金鑰一定è¦å«æœ‰èƒ½ç”¨æ–¼ç°½ç½²çš„金鑰.
+.
+
+.gpg.keygen.algo.rsa_se
+通常來說用åŒä¸€æŠŠé‡‘鑰簽署åŠåŠ å¯†ä¸¦ä¸æ˜¯å€‹å¥½ä¸»æ„.
+這個演算法應該祇被用於特定的情æ³ä¸‹.
+è«‹å…ˆè¯çµ¡å¦³çš„安全專家.
+.
+
+.gpg.keygen.size
+請輸入金鑰的尺寸
+.
+
+.gpg.keygen.size.huge.okay
+請回答 "yes" 或 "no"
+.
+
+.gpg.keygen.size.large.okay
+請回答 "yes" 或 "no"
+.
+
+.gpg.keygen.valid
+請輸入æ示裡所è¦æ±‚的數值.
+妳å¯ä»¥è¼¸å…¥ ISO æ—¥æœŸæ ¼å¼ (YYYY-MM-DD), 但是ä¸æœƒå¾—到良好的錯誤回應 -
+å之, 系統會試著把給定的數值中斷æˆè‹¥å¹²ç‰‡æ®µ.
+.
+
+.gpg.keygen.valid.okay
+請回答 "yes" 或 "no"
+.
+
+.gpg.keygen.name
+請輸入金鑰æŒæœ‰äººçš„åå­—
+.
+
+.gpg.keygen.email
+請輸入é¸ç”¨ (但強烈建議使用) çš„é›»å­éƒµä»¶ä½å€
+.
+
+.gpg.keygen.comment
+請輸入é¸ç”¨çš„註釋
+.
+
+.gpg.keygen.userid.cmd
+N 修改姓å.
+C 修改註釋.
+E 修改電å­éƒµä»¶ä½å€.
+O 繼續產生金鑰.
+Q 中止產生金鑰.
+.
+
+.gpg.keygen.sub.okay
+如果妳覺得產生å­é‘°å¯ä»¥çš„話, 就回答 "yes" (æˆ–è€…ç¥‡è¦ "y").
+.
+
+.gpg.sign_uid.okay
+請回答 "yes" 或 "no"
+.
+
+.gpg.sign_uid.class
+當妳在æŸæŠŠé‡‘鑰上簽署æŸå€‹ä½¿ç”¨è€… ID, 妳首先必須先驗證那把
+金鑰確實屬於那個使用者 ID 上å«é‚£å€‹å字的人. 這å°é‚£äº›çŸ¥é“
+妳多å°å¿ƒé©—證的人來說很有用.
+
+"0" 表示妳ä¸èƒ½æ出任何特別的主張來表明
+ 妳多仔細驗證那把金鑰
+
+"1" 表示妳相信這把金鑰屬於那個主張是主人的人,
+ 但是妳ä¸èƒ½æˆ–沒有驗證那把金鑰.
+ 這å°é‚£äº›ç¥‡æƒ³è¦ "個人的" 驗證的人來說很有用,
+ 因為妳簽署了一把擬似匿å使用者的金鑰.
+
+"2" 表示妳真的仔細驗證了那把金鑰.
+ 例如說, 這能表示妳驗證了這把金鑰的指紋和
+ 使用者 ID, 並比å°äº†ç…§ç‰‡ ID.
+
+"3" 表示妳真的åšäº†å¤§è¦æ¨¡çš„驗證金鑰工作.
+ 例如說, 這能表示妳å‘金鑰æŒæœ‰äººé©—證了金鑰指紋,
+ 而且妳é€éŽé™„帶照片而難以å½é€ çš„文件 (åƒæ˜¯è­·ç…§)
+ 確èªäº†é‡‘é‘°æŒæœ‰äººçš„姓å與金鑰上使用者 ID 的一致,
+ 最後妳還 (é€éŽé›»å­éƒµä»¶å¾€ä¾†) 驗證了金鑰上的
+ é›»å­éƒµä»¶ä½å€ç¢ºå¯¦å±¬æ–¼é‡‘é‘°æŒæœ‰äºº.
+
+請注æ„上述關於等級 2 å’Œ 3 çš„ä¾‹å­ "祇是" 例å­è€Œå·².
+最後, 還是得由妳自己決定當妳簽署其他金鑰時,
+甚麼是 "漫ä¸ç¶“心", 而甚麼是 "超級謹慎".
+
+如果妳ä¸çŸ¥é“應該é¸ç”šéº¼ç­”案的話, å°±é¸ "0".
+.
+
+.gpg.change_passwd.empty.okay
+請回答 "yes" 或 "no"
+.
+
+.gpg.keyedit.save.okay
+請回答 "yes" 或 "no"
+.
+
+.gpg.keyedit.cancel.okay
+請回答 "yes" 或 "no"
+.
+
+.gpg.keyedit.sign_all.okay
+如果妳想è¦ç°½ç½² *所有* 使用者 ID 的話就回答 "yes"
+.
+
+.gpg.keyedit.remove.uid.okay
+如果妳真的想è¦åˆªé™¤é€™å€‹ä½¿ç”¨è€… ID 的話就回答 "yes".
+所有的憑證在那之後也都會失去!
+.
+
+.gpg.keyedit.remove.subkey.okay
+如果刪除這把å­é‘°æ²’å•é¡Œçš„話就回答 "yes"
+.
+
+.gpg.keyedit.delsig.valid
+這是一份在這把金鑰上有效的簽章; 通常妳ä¸æœƒæƒ³è¦åˆªé™¤é€™ä»½ç°½ç« ,
+因為è¦è·Ÿåˆ¥çš„金鑰建立起信任連çµ, 或由這把金鑰所簽署的金鑰憑證
+會是一件相當é‡è¦çš„事.
+.
+
+.gpg.keyedit.delsig.unknown
+這份簽章無法被檢驗, 因為妳沒有符åˆçš„金鑰. 妳應該延緩刪除它,
+直到妳知é“哪一把金鑰被使用了; 因為這把來簽署的金鑰å¯èƒ½é€éŽ
+其他已經驗證的金鑰建立了一個信任連çµ.
+.
+
+.gpg.keyedit.delsig.invalid
+這份簽章無效. 把它從妳的鑰匙圈裡移去相當åˆç†.
+.
+
+.gpg.keyedit.delsig.selfsig
+這是一份和這個金鑰使用者 ID 相繫的簽章. 通常
+把這樣的簽章移除ä¸æœƒæ˜¯å€‹å¥½é»žå­. 事實上 GnuPG
+å¯èƒ½å¾žæ­¤å°±ä¸èƒ½å†ä½¿ç”¨é€™æŠŠé‡‘鑰了. 所以祇有在這
+把金鑰的第一個自我簽章因æŸäº›åŽŸå› ç„¡æ•ˆ, 而第二
+個還å¯ç”¨çš„情æ³ä¸‹çº”這麼åš.
+.
+
+.gpg.keyedit.updpref.okay
+變更所有 (或祇有被é¸å–的那幾個) 使用者 ID çš„å好æˆç¾ç”¨çš„å好清單.
+所有å—到影響的自我簽章的時間戳記都會增加一秒é˜.
+
+.
+
+.gpg.passphrase.enter
+請輸入密語; 這是一個秘密的å¥å­
+
+.
+
+.gpg.passphrase.repeat
+è«‹å†æ¬¡è¼¸å…¥æœ€å¾Œçš„密語, 以確定妳到底éµé€²äº†äº›ç”šéº¼.
+.
+
+.gpg.detached_signature.filename
+請給定簽章所è¦å¥—用的檔案å稱
+.
+
+.gpg.openfile.overwrite.okay
+如果覆寫這個檔案沒有å•é¡Œçš„話就回答 "yes"
+.
+
+.gpg.openfile.askoutname
+請輸入一個新的檔å. 如果妳直接按下了 Enter, 那麼
+就會使用é è¨­çš„檔案 (顯示在括號中).
+.
+
+.gpg.ask_revocation_reason.code
+妳應該為這份憑證指定一個原因.
+根據情境的ä¸åŒ, 妳應該å¯ä»¥å¾žé€™å€‹æ¸…單中é¸å‡ºä¸€é …:
+ "金鑰已經被洩æ¼äº†"
+ 如果妳相信有æŸå€‹æœªç¶“許å¯çš„傢伙å–得了妳的ç§é‘°çš„話,
+ å°±é¸é€™å€‹.
+ "金鑰被代æ›äº†"
+ 如果妳把妳的金鑰æ›æˆæ–°çš„了, å°±é¸é€™å€‹.
+ "金鑰ä¸å†è¢«ä½¿ç”¨äº†"
+ 如果妳已經撤回了這把金鑰, å°±é¸é€™å€‹.
+ "使用者 ID ä¸å†æœ‰æ•ˆäº†"
+ 如果這個使用者 ID ä¸å†è¢«ä½¿ç”¨äº†, å°±é¸é€™å€‹;
+ 這通常用來表示æŸå€‹é›»å­éƒµä»¶ä½å€ä¸å†æœ‰æ•ˆäº†.
+
+.
+
+.gpg.ask_revocation_reason.text
+妳也å¯ä»¥è¼¸å…¥ä¸€ä¸²æ–‡å­—來æ述為甚麼發佈這份撤銷憑證的ç†ç”±.
+請讓這段文字ä¿æŒç°¡æ˜Žæ‰¼è¦.
+éµå…¥ç©ºç™½åˆ—以çµæŸé€™æ®µæ–‡å­—.
+
+.
+
+
+
+# Local variables:
+# mode: fundamental
+# coding: utf-8
+# End:
diff --git a/doc/howto-create-a-server-cert.texi b/doc/howto-create-a-server-cert.texi
new file mode 100644
index 0000000..ce6dd2f
--- /dev/null
+++ b/doc/howto-create-a-server-cert.texi
@@ -0,0 +1,288 @@
+@node Howto Create a Server Cert
+@section Creating a TLS server certificate
+
+
+Here is a brief run up on how to create a server certificate. It has
+actually been done this way to get a certificate from CAcert to be used
+on a real server. It has only been tested with this CA, but there
+shouldn't be any problem to run this against any other CA.
+
+Before you start, make sure that gpg-agent is running. As there is no
+need for a configuration file, you may simply enter:
+
+@cartouche
+@example
+ $ gpgsm-gencert.sh >a.p10
+ Key type
+ [1] RSA
+ [2] Existing key
+ [3] Direct from card
+ Your selection: 1
+ You selected: RSA
+@end example
+@end cartouche
+
+I opted for creating a new RSA key. The other option is to use an
+already existing key, by selecting @kbd{2} and entering the so-called
+keygrip. Running the command @samp{gpgsm --dump-secret-key USERID}
+shows you this keygrip. Using @kbd{3} offers another menu to create a
+certificate directly from a smart card based key.
+
+Let's continue:
+
+@cartouche
+@example
+ Key length
+ [1] 1024
+ [2] 2048
+ Your selection: 1
+ You selected: 1024
+@end example
+@end cartouche
+
+The script offers two common key sizes. With the current setup of
+CAcert, it does not make much sense to use a 2k key; their policies need
+to be revised anyway (a CA root key valid for 30 years is not really
+serious).
+
+@cartouche
+@example
+ Key usage
+ [1] sign, encrypt
+ [2] sign
+ [3] encrypt
+ Your selection: 1
+ You selected: sign, encrypt
+@end example
+@end cartouche
+
+We want to sign and encrypt using this key. This is just a suggestion
+and the CA may actually assign other key capabilities.
+
+Now for some real data:
+
+@cartouche
+@example
+ Name (DN)
+ > CN=kerckhoffs.g10code.com
+@end example
+@end cartouche
+
+This is the most important value for a server certificate. Enter here
+the canonical name of your server machine. You may add other virtual
+server names later.
+
+@cartouche
+@example
+ E-Mail addresses (end with an empty line)
+ >
+@end example
+@end cartouche
+
+We don't need email addresses in a server certificate and CAcert would
+anyway ignore such a request. Thus just hit enter.
+
+If you want to create a client certificate for email encryption, this
+would be the place to enter your mail address
+(e.g. @email{joe@@example.org}). You may enter as many addresses as you like,
+however the CA may not accept them all or reject the entire request.
+
+@cartouche
+@example
+ DNS Names (optional; end with an empty line)
+ > www.g10code.com
+ DNS Names (optional; end with an empty line)
+ > ftp.g10code.com
+ DNS Names (optional; end with an empty line)
+ >
+@end example
+@end cartouche
+
+Here I entered the names of the servers which actually run on the
+machine given in the DN above. The browser will accept a certificate for
+any of these names. As usual the CA must approve all of these names.
+
+@cartouche
+@example
+ URIs (optional; end with an empty line)
+ >
+@end example
+@end cartouche
+
+It is possible to insert arbitrary URIs into a certificate; for a server
+certificate this does not make sense.
+
+We have now entered all required information and @command{gpgsm} will
+display what it has gathered and ask whether to create the certificate
+request:
+
+@cartouche
+@example
+ Parameters for certificate request to create:
+ 1 Key-Type: RSA
+ 2 Key-Length: 1024
+ 3 Key-Usage: sign, encrypt
+ 4 Name-DN: CN=kerckhoffs.g10code.com
+ 5 Name-DNS: www.g10code.com
+ 6 Name-DNS: ftp.g10code.com
+
+ Really create such a CSR?
+ [1] yes
+ [2] no
+ Your selection: 1
+ You selected: yes
+@end example
+@end cartouche
+
+@command{gpgsm} will now start working on creating the request. As this
+includes the creation of an RSA key it may take a while. During this
+time you will be asked 3 times for a passphrase to protect the created
+private key on your system. A pop up window will appear to ask for
+it. The first two prompts are for the new passphrase and for re-entering it;
+the third one is required to actually create the certificate signing request.
+
+When it is ready, you should see the final notice:
+
+@cartouche
+@example
+ gpgsm: certificate request created
+@end example
+@end cartouche
+
+Now, you may look at the created request:
+
+@cartouche
+@example
+ $ cat a.p10
+ -----BEGIN CERTIFICATE REQUEST-----
+ MIIBnzCCAQgCAQAwITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCB
+ nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVyg
+ HtB7kr+YISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlS
+ wFTALLX78GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkm
+ Bj5cNy+YMbGVldECAwEAAaA+MDwGCSqGSIb3DQEJDjEvMC0wKwYDVR0RBCQwIoIP
+ d3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5jb20wDQYJKoZIhvcNAQEFBQAD
+ gYEAzBRIi8KTfKyebOlMtDN6oDYBOv+r9A4w3u/Z1ikjffaiN1Bmd2o9Ez9KXKHA
+ IezLeSEA/rGUPN5Ur5qIJnRNQ8xrS+iLftr8msWQSZppVnA/vnqMrtqBUpitqAr0
+ eYBmt1Uem2Y3UFABrKPglv2xzgGkrKX6AqmFoOnJWQ0QcTw=
+ -----END CERTIFICATE REQUEST-----
+ $
+@end example
+@end cartouche
+
+You may now proceed by logging into your account at the CAcert website,
+choose @code{Server Certificates - New}, check @code{sign by class 3 root
+certificate}, paste the above request block into the text field and
+click on @code{Submit}.
+
+If everything works out fine, a certificate will be shown. Now run
+
+@cartouche
+@example
+$ gpgsm --import
+@end example
+@end cartouche
+
+and paste the certificate from the CAcert page into your terminal
+followed by a Ctrl-D
+
+@cartouche
+@example
+ -----BEGIN CERTIFICATE-----
+ MIIEIjCCAgqgAwIBAgIBTDANBgkqhkiG9w0BAQQFADBUMRQwEgYDVQQKEwtDQWNl
+ cnQgSW5jLjEeMBwGA1UECxMVaHR0cDovL3d3dy5DQWNlcnQub3JnMRwwGgYDVQQD
+ ExNDQWNlcnQgQ2xhc3MgMyBSb290MB4XDTA1MTAyODE2MjA1MVoXDTA3MTAyODE2
+ MjA1MVowITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCBnzANBgkq
+ hkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVygHtB7kr+Y
+ ISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlSwFTALLX7
+ 8GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkmBj5cNy+Y
+ MbGVldECAwEAAaOBtTCBsjAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUF
+ BwMCBggrBgEFBQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIF
+ oDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy
+ dC5vcmcwKwYDVR0RBCQwIoIPd3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5j
+ b20wDQYJKoZIhvcNAQEEBQADggIBAAj5XAHCtzQR8PV6PkQBgZqUCbcfxGO/ZIp9
+ aIT6J2z0Jo1OZI6KmConbqnZG9WyDlV5P7msQXW/Z9nBfoj4KSmNR8G/wtb8ClJn
+ W8s75+K3ZLq1UgEyxBDrS7GjtbVaj7gsfZsuiQzxmk9lbl1gbkpJ3VEMjwVCTMlM
+ fpjp8etyPhUZqOZaoKVaq//KTOsjhPMwz7TcfOkHvXketPrWTcefJQU7NKLH16D3
+ mZAwnBxp3P51H6E6VG8AoJO8xCBuVwsbXKEf/FW+tmKG9pog6CaZQ9WibROTtnKj
+ NJjSBsrUk5C+JowO/EyZRGm6R1tlok8iFXj+2aimyeBqDcxozNmFgh9F3S5u0wK0
+ 6cfYgkPVMHxgwV3f3Qh+tJkgLExN7KfO9hvpZqAh+CLQtxVmvpxEVEXKR6nwBI5U
+ BaseulvVy3wUfg2daPkG17kDDBzQlsWC0BRF8anH+FWSrvseC3nS0a9g3sXF1Ic3
+ gIqeAMhkant1Ac3RR6YCWtJKr2rcQNdDAxXK35/gUSQNCi9dclEzoOgjziuA1Mha
+ 94jYcvGKcwThn0iITVS5hOsCfaySBLxTzfIruLbPxXlpWuCW/6I/7YyivppKgEZU
+ rUTFlNElRXCwIl0YcJkIaYYqWf7+A/aqYJCi8+51usZwMy3Jsq3hJ6MA3h1BgwZs
+ Rtct3tIX
+ -----END CERTIFICATE-----
+ gpgsm: issuer certificate (#/CN=CAcert Class 3 Ro[...]) not found
+ gpgsm: certificate imported
+
+ gpgsm: total number processed: 1
+ gpgsm: imported: 1
+@end example
+@end cartouche
+
+gpgsm tells you that it has imported the certificate. It is now
+associated with the key you used when creating the request. The root
+certificate has not been found, so you may want to import it from the
+CACert website.
+
+To see the content of your certificate, you may now enter:
+
+@cartouche
+@example
+ $ gpgsm -K kerckhoffs.g10code.com
+ /home/foo/.gnupg/pubring.kbx
+ ---------------------------
+ Serial number: 4C
+ Issuer: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.[...]
+ Subject: /CN=kerckhoffs.g10code.com
+ aka: (dns-name www.g10code.com)
+ aka: (dns-name ftp.g10code.com)
+ validity: 2005-10-28 16:20:51 through 2007-10-28 16:20:51
+ key type: 1024 bit RSA
+ key usage: digitalSignature keyEncipherment
+ ext key usage: clientAuth (suggested), serverAuth (suggested), [...]
+ fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:19:D8:E9:65:B9:BD:4F:B1:98:CC:57
+@end example
+@end cartouche
+
+I used @option{-K} above because this will only list certificates for
+which a private key is available. To see more details, you may use
+@option{--dump-secret-keys} instead of @option{-K}.
+
+
+To make actual use of the certificate you need to install it on your
+server. Server software usually expects a PKCS\#12 file with key and
+certificate. To create such a file, run:
+
+@cartouche
+@example
+ $ gpgsm --export-secret-key-p12 -a >kerckhoffs-cert.pem
+@end example
+@end cartouche
+
+You will be asked for the passphrase as well as for a new passphrase to
+be used to protect the PKCS\#12 file. The file now contains the
+certificate as well as the private key:
+
+@cartouche
+@example
+ $ cat kerckhoffs-cert.pem
+ Issuer ...: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.CA[...]
+ Serial ...: 4C
+ Subject ..: /CN=kerckhoffs.g10code.com
+ aka ..: (dns-name www.g10code.com)
+ aka ..: (dns-name ftp.g10code.com)
+
+ -----BEGIN PKCS12-----
+ MIIHlwIBAzCCB5AGCSqGSIb37QdHAaCCB4EEggd9MIIHeTk1BJ8GCSqGSIb3DQEu
+ [...many more lines...]
+ -----END PKCS12-----
+ $
+@end example
+@end cartouche
+
+Copy this file in a secure way to the server, install it there and
+delete the file then. You may export the file again at any time as long
+as it is available in GnuPG's private key database.
+
+
diff --git a/doc/howtos.texi b/doc/howtos.texi
new file mode 100644
index 0000000..bd48de0
--- /dev/null
+++ b/doc/howtos.texi
@@ -0,0 +1,15 @@
+@c Copyright (C) 2007 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node Howtos
+@chapter How to do certain things
+
+This is a collection of small howto documents.
+
+@menu
+* Howto Create a Server Cert:: Creating a TLS server certificate.
+@end menu
+
+
+@include howto-create-a-server-cert.texi
diff --git a/doc/instguide.texi b/doc/instguide.texi
new file mode 100644
index 0000000..d6815e2
--- /dev/null
+++ b/doc/instguide.texi
@@ -0,0 +1,91 @@
+@c instguide.texi - Installation guide for GnuPG
+@c Copyright (C) 2006 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node Installation
+@chapter A short installation guide.
+
+Unfortunately the installation guide has not been finished in time.
+Instead of delaying the release of GnuPG 2.0 even further, I decided to
+release without that guide. The chapter on gpg-agent and gpgsm do
+include brief information on how to set up the whole thing. Please
+watch the GnuPG website for updates of the documentation. In the
+meantime you may search the GnuPG mailing list archives or ask on the
+gnupg-users mailing listsfor advise on how to solve problems or how to
+get that whole thing up and running.
+
+** Building the software
+
+Building the software is decribed in the file @file{INSTALL}. Given
+that you are already reading this documentation we can only give some
+extra hints
+
+To comply with the rules on GNU systems you should have build time
+configured @command{dirmngr} using:
+
+@example
+./configure --sysconfdir=/etc --localstatedir=/var
+@end example
+
+This is to make sure that system wide configuration files are searched
+in the directory @file{/etc/gnupg} and variable data below @file{/var};
+the default would be to also install them below @file{/usr/local} where
+the binaries get installed. If you selected to use the
+@option{--prefix=/} you obviously don't need those option as they are
+the default then.
+
+
+
+** Explain how to setup a root CA key as trusted
+
+
+Such questions may also help to write a proper installation guide.
+
+[to be written]
+
+
+XXX Tell how to setup the system, install certificates, how dirmngr relates
+to GnuPG etc.
+
+** Explain how to setup a root CA key as trusted
+
+X.509 is based on a hierarchical key infrastructure. At the root of the
+tree a trusted anchor (root certificate) is required. There are usually
+no other means of verifying whether this root certificate is trustworthy
+than looking it up in a list. GnuPG uses a file (@file{trustlist.txt})
+to keep track of all root certificates it knows about. There are 3 ways
+to get certificates into this list:
+
+@itemize
+@item
+Use the list which comes with GnuPG. However this list only
+contains a few root certificates. Most installations will need more.
+
+@item
+Let @command{gpgsm} ask you whether you want to insert a new root
+certificate. To enable this feature you need to set the option
+@option{allow-mark-trusted} into @file{gpg-agent.conf}. In general it
+is not a good idea to do it this way. Checking whether a root
+certificate is really trustworthy requires decisions, which casual
+users are not up to. Thus, by default this option is not enabled.
+
+@item
+Manually maintain the list of trusted root certificates. For a multi
+user installation this can be done once for all users on a machine.
+Specific changes on a per-user base are also possible.
+@end itemize
+
+XXX decribe how to maintain trustlist.txt and /etc/gnupg/trustlist.txt.
+
+
+** How to get the ssh support running
+
+XXX How to use the ssh support.
+
+
+@section Installation Overview
+
+XXXX
+
+
diff --git a/doc/opt-homedir.texi b/doc/opt-homedir.texi
new file mode 100644
index 0000000..e382f63
--- /dev/null
+++ b/doc/opt-homedir.texi
@@ -0,0 +1,10 @@
+@c This option is included at several places.
+@item --homedir @var{dir}
+@opindex homedir
+Set the name of the home directory to @var{dir}. If this option is not
+used, the home directory defaults to @file{~/.gnupg}. It is only
+recognized when given on the command line. It also overrides any home
+directory stated through the environment variable @env{GNUPGHOME} or
+(on W32 systems) by means of the Registry entry
+@var{HKCU\Software\GNU\GnuPG:HomeDir}.
+
diff --git a/doc/qualified.txt b/doc/qualified.txt
new file mode 100644
index 0000000..c0e4da5
--- /dev/null
+++ b/doc/qualified.txt
@@ -0,0 +1,243 @@
+# This is the list of root certificates used for qualified
+# certificates. They are defined as certificates capable of creating
+# legally binding signatures in the same way as a handwritten
+# signatures are. Comments like this one and empty lines are allowed
+# Lines do have a length limit but this is not a serious limitation as
+# the format of the entries is fixed and checked by gpgsm: A
+# non-comment line starts with optional whitespaces, followed by
+# exactly 40 hex character, whitespace and a lowercased 2 letter
+# country code. Additional data delimited with by a whitespace is
+# current ignored but might late be used for other purposes.
+#
+# Note: The subversion copy of this file carries a gpg:signature
+# property with its OpenPGP signature. Check this signature before
+# adding entries:
+# svn pg gpg:signature qualified.txt | gpg --verify - qualified.txt
+# to create a new signature:
+# f=qualified.txt; gpg -sba $f && svn ps gpg:signature -F $f.asc $f
+
+#*******************************************
+#
+# Belgium
+#
+# Need to figure out a reliable source.
+#*******************************************
+
+
+
+#*******************************************
+#
+# Germany
+#
+# The information for Germany is available
+# at http://www.bundesnetzagentur.de
+#*******************************************
+
+#Serial number: 32D18D
+# Issuer: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
+# fÈur Telekommunikation und Post/C=DE
+# Subject: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
+# fÈur Telekommunikation und Post/C=DE
+# validity: 2001-02-01 09:52:17 through 2005-06-01 09:52:17
+# key type: 1024 bit RSA
+# key usage: certSign crlSign
+#[checked: 2005-11-14]
+EA:8D:99:DD:36:AA:2D:07:1A:3C:7B:69:00:9E:51:B9:4A:2E:E7:60 de
+
+
+#Serial number: 00C48C8D
+# Issuer: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
+# fÈur Telekommunikation und Post/C=DE
+# Subject: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde
+# fÈur Telekommunikation und Post/C=DE
+# validity: 2001-10-15 11:15:15 through 2006-02-15 11:15:15
+# key type: 1024 bit RSA
+# key usage: certSign crlSign
+#[checked: 2005-11-14]
+DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B de
+
+
+#Serial number: 01
+# Issuer: /CN=8R-CA 1:PN/O=Regulierungsbehörde für
+# Telekommunikation und Post/C=DE
+# Subject: /CN=8R-CA 1:PN/O=Regulierungsbehörde für
+# Telekommunikation und Post/C=DE
+# validity: 2004-11-25 14:10:37 through 2007-12-31 14:04:03
+# key type: 1024 bit RSA
+# key usage: certSign
+# policies: 1.3.36.8.1.1:N:
+# chain length: unlimited
+#[checked: 2005-11-14]
+42:6A:F6:78:30:E9:CE:24:5B:EF:41:A2:C1:A8:51:DA:C5:0A:6D:F5 de
+
+
+#Serial number: 02
+# Issuer: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
+# Telekommunikation und Post/C=DE
+# Subject: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
+# Telekommunikation und Post/C=DE
+# validity: 2004-11-25 14:59:11 through 2007-12-31 14:56:59
+# key type: 1024 bit RSA
+# key usage: certSign
+# policies: 1.3.36.8.1.1:N:
+# chain length: unlimited
+#[checked: 2005-11-14]
+75:9A:4A:CE:7C:DA:7E:89:1B:B2:72:4B:E3:76:EA:47:3A:96:97:24 de
+
+
+#Serial number: 2A
+# Issuer: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# Subject: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# validity: 2005-08-03 15:30:36 through 2007-12-31 15:09:23
+# key type: 1024 bit RSA
+# key usage: certSign
+# policies: 1.3.36.8.1.1:N:
+# chain length: unlimited
+#[checked: 2005-11-14]
+31:C9:D2:E6:31:4D:0B:CC:2C:1A:45:00:A6:6B:97:98:27:18:8E:CD de
+
+
+#Serial number: 2D
+# Issuer: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# Subject: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# validity: 2005-08-03 18:09:49 through 2007-12-31 18:04:28
+# key type: 1024 bit RSA
+# key usage: certSign
+# policies: 1.3.36.8.1.1:N:
+# chain length: unlimited
+#[checked: 2005-11-14]
+A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D de
+
+
+# ID: 0x5B4757B0
+# S/N: 0139
+# Issuer: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# Subject: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# validity: 2007-05-25 11:01:44 through 2012-05-25 10:56:07
+# key type: 2048 bit RSA
+# key usage: certSign
+# policies: 1.3.36.8.1.1:N:
+# chain length: unlimited
+# [checked: 2008-06-25]
+44:7E:D4:E3:9A:D7:92:E2:07:FA:53:1A:2E:F5:B8:02:5B:47:57:B0 de
+
+# ID: 0x46A2CC8A
+# S/N: 013C
+# Issuer: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# Subject: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE
+# validity: 2007-05-29 11:02:37 through 2012-05-29 10:55:54
+# key type: 2048 bit RSA
+# key usage: certSign
+# policies: 1.3.36.8.1.1:N:
+# chain length: unlimited
+# [checked: 2008-06-25]
+AC:A7:BE:45:1F:A6:BF:09:F2:D1:3F:08:7B:BC:EB:7F:46:A2:CC:8A de
+
+
+#
+# D-Trust root certificates. Probably by shifting a lot of Euros to
+# laywer companies, German CAs achieved to get the permission to
+# create their own legally binding root certificates - independent of
+# the Bundesnetzagentur. The main problem with this is that it is
+# hard to figure out what qualified root certificates are actually
+# active. There is now no way to be sure whether a signature is a
+# qualified one. A pettifogger's way of validating certificates.
+#
+
+#Serial number: 00B95F
+# Issuer: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
+# Subject: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
+# aka: info@d-trust.net
+# aka: (uri http://www.d-trust.net)
+# validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54
+# key type: 2048 bit RSA
+# key usage: certSign crlSign
+# policies: 1.3.6.1.4.1.4788.2.30.1:N:
+# chain length: unlimited
+#[checked: 2007-01-31 by phone 030-259391-0 and callback by Mrs. Enke]
+E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:37:23:96:B1:4A:2E:5C de
+
+
+#Serial number: 00B960
+# Issuer: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
+# Subject: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
+# aka: info@d-trust.net
+# aka: (uri http://www.d-trust.net)
+# validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54
+# key type: 2048 bit RSA
+# key usage: certSign crlSign
+# policies: 1.3.6.1.4.1.4788.2.30.1:N:
+# chain length: unlimited
+#[checked: 2007-01-31 by phone 030-259391-0 and callback by Mrs. Enke]
+98:2A:75:67:0F:F8:28:4A:94:E0:9D:23:D8:E7:62:C8:BD:A4:54:04 de
+
+
+#
+# S-Trust root certificates.
+#
+
+#Serial number: 00DF749F80AA51F0EDC0CB1FC183E97EE2
+# Issuer: /CN=S-TRUST Qualified Root CA 2006-001:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+# /ST=Baden-Wuerttemberg (BW)/C=DE
+# Subject: /CN=S-TRUST Qualified Root CA 2006-001:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+# /ST=Baden-Wuerttemberg (BW)/C=DE
+# validity: 2006-01-01 00:00:00 through 2010-12-30 23:59:59
+# key type: 2048 bit RSA
+# key usage: certSign crlSign
+# chain length: 1
+#[checked: 2007-01-31 by phone 0711-782-0 Mr. Brommer]
+7D:DC:76:1C:FD:AF:4C:E0:3A:B5:3A:DD:C9:FA:13:35:19:A3:DE:C9 de
+
+#Serial number: 00BC098E0402E92956B8D7DE74977E26F7
+# Issuer: /CN=S-TRUST Qualified Root CA 2007-001:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+# /ST=Baden-Wuerttemberg (BW)/C=DE
+# Subject: /CN=S-TRUST Qualified Root CA 2007-001:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+# /ST=Baden-Wuerttemberg (BW)/C=DE
+# validity: 2007-01-01 00:00:00 through 2011-12-30 23:59:59
+# key type: 2048 bit RSA
+# key usage: certSign crlSign
+# chain length: 1
+#[checked: 2007-01-31 by phone 0711-782-0 Mr. Brommer]
+7A:3C:1B:60:2E:BD:A4:A1:E0:EB:AD:7A:BA:4F:D1:43:69:A9:39:FC de
+
+
+# ID: 0xA8FEA3CA
+# S/N: 00B3963E0E6C2D65125853E970665402E5
+# Issuer: /CN=S-TRUST Qualified Root CA 2008-001:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+# Subject: /CN=S-TRUST Qualified Root CA 2008-001:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+# validity: 2008-01-01 00:00:00 through 2012-12-30 23:59:59
+# key type: 2048 bit RSA
+# key usage: certSign crlSign
+# chain length: 1
+#[checked: 2007-12-13 via received ZIP file with qualified signature from
+# /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
+# /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg]
+C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA de
+
+# ID: 0x3A7D979B
+# S/N: 00C4216083F35C54F67B09A80C3C55FE7D
+# Issuer: /CN=S-TRUST Qualified Root CA 2008-002:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+# Subject: /CN=S-TRUST Qualified Root CA 2008-002:PN
+# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+# validity: 2008-01-01 00:00:00 through 2012-12-30 23:59:59
+# key type: 2048 bit RSA
+# key usage: certSign crlSign
+# chain length: 1
+#[checked: 2007-12-13 via received ZIP file with qualified signature from
+# /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
+# /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg"]
+D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B de
+
+
+#*******************************************
+#
+# End of file
+#
+#*******************************************
diff --git a/doc/samplekeys.asc b/doc/samplekeys.asc
new file mode 100644
index 0000000..34eea8d
--- /dev/null
+++ b/doc/samplekeys.asc
@@ -0,0 +1,939 @@
+ pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31]
+ uid Werner Koch <wk@gnupg.org>
+ uid Werner Koch <wk@g10code.com>
+ sub 1024D/77F95F95 2011-11-02
+ sub 2048R/C193565B 2011-11-07 [expires: 2013-12-31]
+
+ pub 4096R/99242560 2002-01-28
+ uid David M. Shaw <dshaw@jabberwocky.com>
+
+ pub 1024D/87978569 1999-05-13
+ uid Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
+ uid Marcus Brinkmann
+ uid Marcus Brinkmann <brinkmd@debian.org>
+ uid Marcus Brinkmann <mb@g10code.de>
+ uid Marcus Brinkmann <mb@g10code.com>
+ sub 2048g/C3AF90C1 1999-05-13
+ sub 1024R/08AEA692 2006-04-14
+ sub 1024R/FCD2A293 2006-04-14
+ sub 1024R/233A942F 2006-04-14
+
+ pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
+ uid Werner Koch (dist sig)
+ sub 2048R/AC87C71A 2011-01-12 [expires: 2019-12-31]
+
+ pub 1024D/5B0358A2 1999-03-15 [expired: 2011-07-11]
+ uid Werner Koch <wk@gnupg.org>
+ uid Werner Koch <wk@g10code.com>
+ uid Werner Koch
+ uid Werner Koch <werner@fsfe.org>
+
+ pub 1024D/57548DCD 1998-07-07 [expired: 2005-12-31]
+ uid Werner Koch (gnupg sig) <dd9jn@gnu.org>
+
+ pub 1024D/B2D7795E 2001-01-04
+ uid Philip R. Zimmermann <prz@mit.edu>
+ uid Philip R. Zimmermann <prz@acm.org>
+ uid [jpeg image of size 3369]
+ uid [jpeg image of size 3457]
+ uid Philip R. Zimmermann <prz@philzimmermann.com>
+ sub 3072g/A8E92834 2001-01-04
+
+ pub 1024R/1CE0C630 2006-01-01 [expired: 2011-06-30]
+ uid Werner Koch (dist sig) <dd9jn@gnu.org>
+
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+mQGiBDWiHh4RBAD+l0rg5p9rW4M3sKvmeyzhs2mDxhRKDTVVUnTwpMIR2kIA9pT4
+3No/coPajDvhZTaDM/vSz25IZDZWJ7gEu86RpoEdtr/eK8GuDcgsWvFs5+YpCDwW
+G2dx39ME7DN+SRvEE1xUm4E9G2Nnd2UNtLgg82wgi/ZK4Ih9CYDyo0a9awCgisn3
+RvZ/MREJmQq1+SjJgDx+c2sEAOEnxGYisqIKcOTdPOTTie7o7x+nem2uac7uOW68
+N+wRWxhGPIxsOdueMIa7U94Wg/Ydn4f2WngJpBvKNaHYmW8j1Q5zvZXXpIWRXSvy
+TR641BceGHNdYiR/PiDBJsGQ3ac7n7pwhV4qex3IViRDJWz5Dzr88x+Oju63KtxY
+urUIBACi7d1rUlHr4ok7iBRlWHYXU2hpUIQ8C+UOE1XXT+HB7mZLSRONQnWMyXnq
+bAAW+EUUX2xpb54CevAg4eOilt0es8GZMmU6c0wdUsnMWWqOKHBFFlDIvyI27aZ9
+quf0yvby63kFCanQKc0QnqGXQKzuXbFqBYW2UQrYgjXji8rd8bQnV2VybmVyIEtv
+Y2ggKGdudXBnIHNpZykgPGRkOWpuQGdudS5vcmc+iGEEExECACECF4AFCQ4Uh/0F
+AkG8aF4GCwkIBwMCAxUCAwMWAgECHgEACgkQaLeriVdUjc0EkwCfTXfXdqDS2COs
+ZRm0OUphuY0h4x4AnRSlWyPGnKUFxKOw8TwwCSLsdvZHmQGiBDbtSOkRBACURhKn
+GIFyXIeX61GAY9hJA5FgG4UalV55ohdz4whBgDzDGLE3XYlO8HCn4ggKilll6MOw
+Y0yZeg6PEU9Y3SqTzpQSV6qj2M7MgcS8xOpi6bNCu0iyZUik0KklUXMdI8e/CVmB
+pQJT9CofbD1dsP6z4dC6z3jil0+5Wbfw6yIXzwCgy/7Fagq5mN0H760/JEiiXILS
+1n0D/3H26lTaxo1vGput9Td1FQN7Vn6YDP0/To5ipsOODROV3zyUwF5QleY+8zTF
+JA3qD5KxRfA726WELOF1mB6Mw44UdkPniOoGdMH5oSx6qnNnlVZBBu3U+e1qfQwL
+QjHu0WX4Z2q00DKpWLThGv7Loh5NKi6OfTbMhfHoevCAzQnmA/wKc6J8GqthENTh
+KXxZaei3Ep0t+PlBmbUzuAYCXZhI6/0KyD6emyQ7LYIaPv9qEfMkMLhxicG0v/AA
+wOCBRKS3bkqc6wAYaO0bjUHJvem3HkWPux82t83+6YPyRnVjm/mwt0uEyKSvt7Md
+2DVrO3lEcKRkRHiYuf0nonPhl5Rs5bQaV2VybmVyIEtvY2ggPHdrQGdudXBnLm9y
+Zz6IawQTEQIAIwIXgAIZAQULBwoDAgMVAgMDFgIBAh4BBQJGtcWFBQkXLil/ABIH
+ZUdQRwABAQkQXeJJllsDWKJBTACfQI8TnuVIxE88u2napOMyUfoWZSMAn2t47LUM
+uyDEHRcYvEBiP/SRVvsrtBxXZXJuZXIgS29jaCA8d2tAZzEwY29kZS5jb20+iGME
+ExECACMCGwMCHgECF4AFCwcKAwIDFQIDAxYCAQUCRrXFkQUJFy4pfwAKCRBd4kmW
+WwNYomksAJ4q+Lv3fDvzDJl4JcOmzWHPsPg2QQCdHcj5DwCCM7YnRLiE58ApHdrg
+11S0C1dlcm5lciBLb2NoiGMEExECABsDCwoDAxUDAgMWAgECF4AFAka1xZEFCRcu
+KX8AEgdlR1BHAAEBCRBd4kmWWwNYokHUAKCKSLq+i1yHrG8ZXqJRk+d4SyanGwCe
+KFwqqRr3tbae+m4iK+EcyY+BR2a0HVdlcm5lciBLb2NoIDx3ZXJuZXJAZnNmZS5v
+cmc+iGMEExECACMCGwMCHgECF4AFCwcKAwIDFQIDAxYCAQUCRrXFkQUJFy4pfwAK
+CRBd4kmWWwNYomC9AKCOTnRhGus67gV2k+8K2SwytYDqVQCfcaEJKu8EBd0sx3F0
+24GX/RNwnZq5AQsEQF3bKQEIANEoVLSVnD/YxrBL3s/edXK3YUX1dZvyyLtP0mCX
+41EX3e6pQ4gLXmze7lJU9zB0iGgbTjBgodMsqHIECMWnhrN8uaIgEMOnfsNjdIC0
+lPpOyBQtH7IWRdtG+4g5Tk3/RbHOsroknCUVUTJo9fvOZZUowKP5IyPYWuaW25VL
+RoJ/SKjef3ttQC+5Td2CNMWgepbjTXuyZ9sThUzCctiLf/VJL2zTKwozo/HnIQze
+hCI5b/2lLjzBIV+zeVeLw3UGKSA91TkUUD7kEZJSHHIV/6Wp2PBwHIELstPd0KsV
+5ZA4vRR5WHrAbjw7rePyO57uZ9Ob7nn25ecP8nrk+IdxlOcABimITwQYEQIADwUC
+QF3bKQIbDAUJA1jvAAAKCRBd4kmWWwNYohLWAKCgnbPg6cDR1W3tkz894CwpcDQo
+VQCfcBXfK5kpfhYfDk+d/mwuYXktSSW5AQsEQ7gWIgEIANFah4LB/iVUglBqEzvK
+0VG88yuRJlDLTvb8jr/hA8qxocj4eegHw+NOYGnIEMsrxjo5/djWE1vvvF76baD7
+xar8FQoe9SLUX7HOzOmeLG0yv5A6LLpTuQIkDp8a+rSqbOtcZy/mteka9bDJl/KZ
+MtbhfZYqA0vxuE4PLS4n1lH9+GMTuecgeAhuhKcEBQ8cKwj0EW6axtTwUqwokI4G
+rOIcTIMduLHu4/oHJiyUfa1TD1Z1BTxjOjaZaiOCFemMTtRPS0BvhA1N3C6suCIQ
+gfm6awzjd6WvX/ad3ToqKBBf41HgyrK1H7bwm0QQq9QvAlmmYTGzgH44HjHyX7ot
+zT8ABimITwQYEQIADwUCQ7gWIgIbDAUJA8EVgAAKCRBd4kmWWwNYol3LAJ43JG07
+X/IjKI2Si1hF87nLfG4ehwCcDIDiNrFrvTaxGziI9H9ZYmQyASq5AaIER3ko1BEE
+AITOSpTeW3g46dEaTnGDrre9/WrhXvHzL7kP1TpzYC4jig7C2t63xUgLCgmv17ie
+C9j+VqiK6olGPIL8y5RdHjJgStNAL+psZ0kjx2yGACUpgDky49hRtfxWGuohJnBH
+Upsp/2DGOCyL0nlzkvJRIVdIZAMgYYmnGu8atilHpHb/AKD/aYLuxeQfHRjylB8y
+Od7iHEE7VwP/QSxhwtSQWXdgz/KyTwjAjN69JGNx6iUKrwNiPLphEufYi0EzdKkr
+xltkTLuZYmd+yoxMKvoKHAOgLe+RcnF9ZZDc2XUjujIlu0lDIe0/2xUXJYQ3zKza
+St1qbzuk414SzRjkisVUne/GuJNuM2wAwTSmeGXhO/fgc++1MiuLdr8D/j/T8lfN
+S48czJ0eF+/VG2FG5l+JVucRbvmBWilVWFXWOTWyoFuqQ+8t6uHAdlyyxZlgt3rZ
+WsU6r2vQ+ayELJ3nny4zZdxlBA8O2XbpV3fXf5NlUsZWY3/tifySOwHIQRvJX0NA
+Sz2Ao4qXBKF7CM6sZzlbXja6XHZyUG5p3anAiJcEGBECAA8FAkd5KNQCGwIFCQah
+TGwAUgkQXeJJllsDWKJHIAQZEQIABgUCR3ko1AAKCRDNP81ePVLCghD5AJ46ond0
+H0ny3nPQrXI5/CQxk12YzACfR+j9+k0y+vLYfzuDCWoSuLeWuvBYygCePPYlR8Tt
+yegne86Z/xquxNFgFjsAoL6wDuo4gsI+6/bzSNlyrkUYmLO7uQENBEd5KWMBCADe
+LY1DPSaB2NyWLeaLLTa1G0QTIXp2y6FpLvgC/PIzR8InRxNhkBDaswFBPuc/oASN
+QCvXTCjFsgPvc1jS6UpTHY3NnZlxB6s5NbW1YDPQE1CklJ73uNU9r8aBxMhsrzoq
+VO/PzLqUhcwWp/6sBjyFz5Zb+WNip4Id9J+ej537r2UJo/GiMh3JOWgp5/SqUTWz
+wowtU111eROlURVh6wrG11ZbQqFo7qMY1lAut8Vt4vJxKvjTdlls7fhRfPwmcxBD
+XxZycPOKO8VF3XJPI3bVxkoKFRuOJZK/fHnghgEYwrviKiG0vDISUOTqOE63haot
+a72gUUlDTJGrorvNO8C/ABEBAAGITwQYEQIADwUCR3kpYwIbDAUJBp/6XQAKCRBd
+4kmWWwNYohbBAKDA1ZUpbI3OWd+5Efnj482Urmv47gCgtXRryMuxJZ8MWhfBZ0Yq
+vH7DeKC5AaIEQF3aTxEEAP9SgfIbIPL6BQ1nqoblsTYoiwWPL48uBZPjkDfy8XsV
+R5V9aRQlggC4x4/MD3Ip5AUgReI7PcHnp4m3vcVLXPl+/7i7hAwd84iKzgN8I8VW
+0EevflcNm7nbWEnpjaGxJWFbhSLI1DmqnafoU8nZgGp2QoE+flgGDd559C3SiHRT
+AKDbqgS3EDhTbwfS+bAhW5Xi8/2CPwP9HueeuW9M/cyt8UvliLsj2eYMEIy7CeSL
+O13XfnqCjcnHK+b59/ADd99dpMaq3gKj7Aj1RIsRV2qWDJpDNXVxP7Cy+FzxelQs
+ytPQOV8H8AkB+RgmSyfxlNRUkC3sQU6jR9IwmPD4iB5fp/SqUpn++77TAArXqsfH
+bmlnwcuU1EAD/i7CEhxLBYS1N77hwxL8DWCqjpi+1PKG+6dc0BQFIU3uUhbzLGfq
+EobUDhveqgtlsvoEZ/lR8RgMv/uOjXEgiATQyTEa7s3M2vjXlpLjXjzklma3Lqmc
+am3dEf/5OR02yZif6hPU/x8f/VQle0kKNKdOCV1+dlo8aJH2UIZRRIvtiJcEGBEC
+AA8CGwIFCQcbVgAFAkR1rB0AUkcgBBkRAgAGBQJEdawTAAoJEGB4TpQBClft2RMA
+n1XiL/bC9hByZInCJTaCd8WS8kYCAKCfpAWwLIxkfwAeD/RI+2p00nQfvAkQXeJJ
+llsDWKKx7QCguc4/HiEs64Ey5p6Yihy67X8E0YsAnRXMFdXVP7ww8uldljPiD1Tg
+yurpiEYEEBECAAYFAjc3I8UACgkQ9u7fIBhLxNmHZQCglWbPDznIcnOxdDW+k7Yg
+A9+/n00An1ZjSiJipverUxLEFHAbSBWI0IntiEYEEBECAAYFAjc6+aMACgkQdQ9k
+lcidkz6GiwCdGe0KSP/vSyEZM/GClQXvjMD4RvMAoJwyTIdcjPZbQizDeAO3btn2
+CCwTiEYEEBECAAYFAjgUDhkACgkQYAeQgHPH80+I2gCdHeTAPusmEfN2bdkijpW1
+gpxBvGoAn1kzL7Mg7tC4pqlqw2fV3kRUy1a5iEYEEBECAAYFAjgqYh4ACgkQ4/JY
+VBKPDnkPkACgmzk7HMlJ1h0qw6OHyMtDE4RI4ToAni+Cm+01pHfzh0EnFQTvLE1M
+9PtoiEYEEBECAAYFAjnKOw4ACgkQK7tDpvCerwquXwCfbW9xGF2AHQakBPakh61x
+KmC8WEEAn3TytfY5qrTjxIj2HZFKN5QuQpYSiEYEEBECAAYFAjnKiy8ACgkQF6ZB
+bfeUj9ombQCfYQYxpipdMGBxbNd8jbL9RDmH3nMAoITmZnDJwXzpHNuSLY8o3c5Y
+hHXziEYEEBECAAYFAjnKnXcACgkQNfZhfFE679le7gCggQjsjFhjaIO1lWHfPusn
+0dqdhRYAn3rOW0XSeh64V9o+VItH2LZngmNAiEYEEBECAAYFAjnLMigACgkQUaz2
+rXW+gJcIVgCfRRq0G2fCcZOFoey9uZGAkWctKsQAoLw6lUhdeZDgULrDC7OQRIk7
+CnMtiEYEEBECAAYFAjnPp1IACgkQkVrMRaj0wv0IqwCfWGMeiZ58ysuZCAP9IsX3
+aKcSPtcAoJno1COOjAMhoWjUiHctgLZX9+gTiEYEEBECAAYFAjnQ39UACgkQbyOL
+wk/aWgxfIwCfb/GeMAD8w84hq5/aUQMCvVqUYqAAn07SKuWYsZLEUuPWIgYY0yoB
+yJxviEYEEBECAAYFAjnSCrEACgkQv+EgZWshSJq8jACfdf20dqs3IWOPHgFMdYb5
+VF+WkJUAn05quvyHB3Xug8csxWg6RwSfQBTBiEYEEBECAAYFAjpMy0UACgkQ7UaB
+yb89+bRUrQCg6aozpYiCEDPVAHe54/8/q48FLP8AniviG9fjxInPaSKB+LXRmQjc
+2jLZiEYEEBECAAYFAjqJgd8ACgkQYogE2yD8bPYGagCggMsqGJN61JuOQkY5MiKb
+4UPQpBwAniNYwQb+hlEzJF7qnPECh0MAxq8OiEYEEBECAAYFAjrBCNQACgkQt1an
+jIgqbEu30gCdEsSeFtJ5KziD5l/CvAhVZt9lnQUAnRrmbV8HkndXp3+DNoREgscZ
+k/rliEYEEBECAAYFAjrB0SkACgkQ0vCiU5+ISsiPkgCeOFayt7NkcymwTC2UKNjj
+yukNDvAAoLq/bOTNZECtztYIMDQ2VrzZ3m6KiEYEEBECAAYFAjr1eYsACgkQ7A6v
+cTZ3gCXdrQCgllIx6G2DkKSGKBhYCgsyywFBXLUAn2PJGrCOov0LS8jCMD2Xo4T7
+qfsjiEYEEBECAAYFAjr1mwEACgkQLBigKrTF83+E4ACffa4yaJ6Pj4uFZY7dVuiO
+fkuoTE8AniIdw0DVkHBuxlNp9PAglhztyE+oiEYEEBECAAYFAjtFbTsACgkQ53Xj
+JNtBs4ex3wCfXLPNscM4Uxtmy0/t5Ygg9lDWEQAAnR39P9eJtEeBtMPfbEGYc10A
+BqjkiEYEEBECAAYFAjtF2QAACgkQI/q1+wgWzBuJgACeIak+A98IheVSowXG4J6j
+zBA439MAn2IFA8EB/EkQ1rn7OEmFNX++PNZyiEYEEBECAAYFAjtF8RYACgkQJ4bC
+RH+KQBfSwgCaAvm7pL+LioYj/oKDBQ1pJAj+UqMAn10W8RKrYblMZ4L11R2TO9xO
+vFn6iEYEEBECAAYFAjtIDxYACgkQBgac8paUV/DLWACgifbHtSi50JxmSr18Wofe
+VcVcAXUAoJs99aH6/t9gkO34ajXjiIQxc0qMiEYEEBECAAYFAjtIJ18ACgkQ11ld
+N0tyliUx5gCggbhG1uzvdgHNY8oCt4cc6TfHUREAoJuRw8q2kbztnt8TQ4mjiTIN
+cBXziEYEEBECAAYFAjtJwaAACgkQUI/TY7yTaDkPjgCcDSJQUZBBP/5OvW48Q3BU
+kUkRSQkAn1Mjqe4WTFEEA8HK5h+KDcqR0aZIiEYEEBECAAYFAjtKFVcACgkQliSD
+4VZixzSYCgCeJpt98LMq02q9W1bK5iPUvCkcsSYAn1dqFcoXctXVnMj53z8zfAaW
+0BcwiEYEEBECAAYFAjtLFwcACgkQDqdWtRRIQ/XMGQCdH1u9tmtUYY3ExVLdT/H2
+IIQCU3MAoI69Y4Z17RDh4Bj2gmJwmEAmfDwbiEYEEBECAAYFAjtMF8oACgkQ1w1f
+WGA80Hj2mwCfazudYZSMmQWO85xZvg0uTB3rhZQAn3DSyrvXxIpmv0CcnBtUQu5N
+21kSiEYEEBECAAYFAjtRuWUACgkQ5DsVPMtGficbLACeNpRJOS9AZ7q7bhX2sBJg
+lKLloTsAoLm5FTnY6iAySfPZZlwAVeE6zMJwiEYEEBECAAYFAjtSxD8ACgkQO/YJ
+xouvzb1F7ACfVp8vhxAWCeRZN3InlvYLrxFTng4An1QO6+D3QUjX+0YRNZ3tpZDT
+Sd6QiEYEEBECAAYFAjtXQl8ACgkQeRYvNvf2qtklNwCfcg4Tss3C9Nf6NiyOAHhX
+O4JLhtkAn055IHb4i2IO5TQLSQi0tk4ktZVfiEYEEBECAAYFAjtnOlkACgkQwAsN
+NiHlPr2cagCg07IN1/MaXn+8yd4Ncp9/723gEBgAnjNCoGAAccbvCCVE29sXBNAv
+Uo8MiEYEEBECAAYFAjuYRI4ACgkQkC29kYw4qQpqwACfcyB4krJFqyeHoKzRYDqW
+8JDUdvcAn2pa3UDeKM7FVe8LgCQyz0McM4JqiEYEEBECAAYFAjwH+10ACgkQ2tKw
+XV88MYVF8gCeMoYaFN7v/VDmuYt+G1BXDxzcuusAnR8fAcIyBjSffB0yEIwaA7O9
+X7ZxiEYEEBECAAYFAjwIEdIACgkQaliC34RARgJ9zgCfS1K0bROVSB+9wX4g+xEE
+0phEAToAn3etSLME5hzsisIRMjUsGbBDe7+aiEYEEBECAAYFAjwjtVQACgkQRHJT
+9Ar9DKjv+QCbBE3lRMzyKxTbPUd9v+nB8EVqv4cAn0DxPkAIkuriAuwtOjCypTDN
+ydyxiEYEEBECAAYFAjxdq0AACgkQ7vDbNLMhJgNwvwCeMc0QmOS0ctJOX1J9a3DW
+kMyUdf4An3iIslZ7stkMOi1VdyE5fR2YDvNFiEYEEBECAAYFAjxw4+MACgkQGM0l
+pSLzivNlngCeLdkkRkcyHVKttl6Z9IQExE+gaNsAnRko+7BQOu5jXMfGarg1rE2z
+DhsFiEYEEBECAAYFAjxxJxIACgkQscRzFz57S3PkJwCg3qepdTsiNKuGYC6a1RlJ
+ZTBqkiEAn2G6ypvCpWAL43LWbMbyyf/rYxSoiEYEEBECAAYFAjxxQYIACgkQOhqm
+NZCaVAYvbACgz9mXzo/nC64mx03IFgL8oFuBAhIAoL91NILXxGYrkaOnM+2Ci20U
+vA3ZiEYEEBECAAYFAjxzeIMACgkQo+C50no0+t5J7QCgpSCgGQ8eMefvsDsF0DlE
+ZzuAHNoAoK1TFwuK7ZowUQJyWp1tKDtNDbx3iEYEEBECAAYFAjx+gfMACgkQjjtz
+nt0rzJ3/dgCgnDMnLna3yPskxeVf32wDbTHLxf0AnjWCw4lfYauS0LumGv9uHN9P
+aErhiEYEEBECAAYFAjyAY8EACgkQ14NrbAzZIOdEPgCgt5DiZfRFkvzAPecRDCIp
+3pOdUwkAnjj1CDE+Kzg2RiK9Z73QM8B0J4driEYEEBECAAYFAjyBd5kACgkQ/3vb
+rZlD49+lmwCfS9apz+gEHsRV6ELS4NtCLvrJsRkAn3AexpisdP+8KwolieJwaVPi
+tN2giEYEEBECAAYFAjyMzCQACgkQhbmQdcKRDkGoiACaAqrwXn6kf3aD7wss1rgQ
+mrCtJKIAoIU6uifoxBubp2+YjW6kjbnkFMD0iEYEEBECAAYFAjyXNDoACgkQoegC
+cNp0M5aGrgCeLBRQ8CAVzPO8OTz2TMFqYLIbFrcAoK2qJqojmF2+THtFCHz0hhiB
+AekNiEYEEBECAAYFAjyXNjgACgkQg2i7WWb7wYxzxwCfcrZ5yTwjn9Sh1S/yL3MB
+KBs8uxUAn0pC4GgIsbbaxcf1QA5AYwFiPcPEiEYEEBECAAYFAjyxODEACgkQJXt5
+TsZsoD0pVgCfTIJ88OFNFlnUFoNZemDdbd4ZqEsAn1y5ZyCl5SYkqFTGiVtkgtII
+EhK7iEYEEBECAAYFAjyxguAACgkQeuuK7Uc6ScnBgACfUlQrrDUb78b93JEvThA/
+f1ZankIAni448ZxagzPjnj/vH33yK14agnq0iEYEEBECAAYFAjyxj4MACgkQocWS
+fM5dzg4qigCdHrjYquNu2aphWggG5E0G6zCW5MEAn1NQJmKkTEUsbanbVOBx1G5w
+vYkeiEYEEBECAAYFAjyyhzsACgkQVlEzpFDUq7k99gCeMJc5KvC2gAHgCVjv6Hn7
+AKgY+rMAnRFIrjunb1Sh77542URoWAVmuPN0iEYEEBECAAYFAjzyIFQACgkQX180
+7qC7Pev9PgCfcW15D2cS4UTkn11BSqn+pgrA4KIAoKzLDc78X3OFDzVXTOvk8V89
+OshGiEYEEBECAAYFAj1uHIwACgkQKMb1a4F8NWhPPQCaAprFvggEHBTVR+KWzm0Z
+3l9ijLIAnAw2QtJ1Mlnz0ctNwSJwORM87/ARiEYEEBECAAYFAj2ERksACgkQ1Dyz
+BZX+yjSzyACgjUKL3CH2UYciEAarZU9H0ZYIIWQAnA6I1aJ0FgWiF2bd/jgWaBL2
+jtd4iEYEEBECAAYFAj2F5U4ACgkQdZc6ENbQhKbt/gCfblKSqJohqhaFawtXPs8T
+X1UqY/sAnjqwumhFN4YAAez36gItTB9BxcmJiEYEEBECAAYFAj43BmIACgkQkQgh
+ntzeiQqeGACfSyyIi1vPniQOq8xLfgjDxFkkVEYAoJSFbH8uhrwBMa8aOIRkjN9u
+RdY2iEYEEBECAAYFAj+Q/gMACgkQdt8qX2QD4/2lhwCgnv3QSQPCGbmTI67mtAxl
+9d4rZ4UAn1WXmoSknE2WYeqRUb6d4wAhG/jViEYEEBECAAYFAkCnUpQACgkQt+hx
+Iz4tn22gnwCfTWoR3vhEv0yp1Ks/vz7jow0Tw6QAn3YXgQn0DS9/9u7AyG5gjh18
+VLtuiEYEEBECAAYFAkCnUqEACgkQt+hxIz4tn22dOACgjeYArERuayyqZmozCahs
+gUyPihMAn0PkgZDTwKgSw690xdLuR2rWJrPQiEYEEBECAAYFAkGD05gACgkQ9oi/
+YaVie2EkhgCg582nMvFSTXDb/PdF0+kZTBQTCGQAmwSEka7EMzOzoCxEefZd+GQm
+EdcXiEYEEBECAAYFAkGGD60ACgkQ6gnEQD//YGyIWQCgruyF9KSG2GuqPVQIsizC
+CV8rjPcAnRQsBzfw9QLM960FP64YWUCqhYkYiEYEEhECAAYFAj0EW94ACgkQj/Ea
+xd/oD7Lv2ACfUACXl0hDfGeEdbGjhIa/hSaZCrkAmwV4SdeJnBoXV22VBEekmTfz
+HKHEiEYEExECAAYFAjyvU4oACgkQ6pxm6rn41tmEewCbB4FZ6z6dmSJ2epBIdeoS
+8KHLNhEAn2ZcUDKfuFpVVDuV/bMhpjbbHJRIiEYEExECAAYFAj0FswMACgkQoWMM
+j3Tgt2a46gCdFwSWzfEmyuvfjnmNPzCyvdO2R2cAoJRl1Ibl/2hPXjenl1f08pQL
+ThZAiEYEExECAAYFAj0GRB8ACgkQKb5dImj9VJ8FHACcDjdyCPMWjSbrXKCVFjDt
+uapl428AnRSI7e1VYRJcVdGmrAtmu360GrQpiEYEExECAAYFAj2J/ScACgkQ74J3
+yv6ZHpg4ogCgj8BllYTJEQ5sF62Qd2q9o2FNJ8cAn2K/7zpy9M/Oig+yIYofaN+5
+fnUUiEYEExECAAYFAj4ykiMACgkQaqtaJwF/Vr1MmgCfcNfOOm6/woHpEtuFVgYX
+vUh0tG4AnRTPBwdemHFViOojNJ0glWck/84ciEYEExECAAYFAkDa3nAACgkQRTxF
+SQIw1gIZCQCg/jjaczO/s9GkLq/kftPN8A6kLr8AoPwGlVzoq5yWxhgCkEMfV+KI
+tmDViEYEExECAAYFAkGE+RcACgkQ3ZHkUS+VgsFX/ACfRYBeswRWTHOdc4gLefxU
+VSGbj8wAnA3CWEF3MQOIpJQ5KSFLE2104h5riEYEExECAAYFAkGNFPwACgkQ+C5c
+wEsrK56k8QCguxJO7l5effxWbaYOgeVko8HiQ80AoKSJGsOZGx1nvQRKeRK/7DrZ
+bB2piEYEExECAAYFAkGqFTYACgkQztt/8ZMtg2MVMgCfZevJcAcVXa4hUUJSjkWo
+0j/b9MkAn2HZC4sNs9nMN1PvX95Ge39wfBEKiEYEExECAAYFAkIrN0cACgkQi0rE
+gawecV4jeQCdF+GUDJuQnCaFZqw6sNgZtol0UncAn1/VQvGDB0Or+JItHnUlCU98
+URNXiEkEExECAAkFAkGD3AUCBwAACgkQQSganqDijRh6lQCgmgm1rqgdF3qYuDQn
+/S1vFxggwpIAn1htaL3fD6o4LnT/8BIm6K6tPGPWiEwEEBECAAwFAj0BE/8Fgwa1
+sWoACgkQFBE43aPkXWatjQCdF96DM2kdreTGbWTKjTMTuwB3AtYAoOxTFERoyUCn
+7nTsufD4QpxIkJCiiEwEEBECAAwFAj2GAuUFgwYwwoQACgkQU+KFTgvh8OP+lgCf
+TLjRfVihRNQQ/MVIuHttesX/s/4An1ZBth8G2EvCfiOU2KoOjl3MZUJ4iEwEEBEC
+AAwFAj+ObrAFgwQoVrkACgkQCmLlNDenkUkzjQCeIR3z4h7TMEeNI9Sy5/4Sgclj
+9WsAoK9yVbdDuWQJQh/ZBUpx0GjxMSW1iEwEEBECAAwFAj+SeAcFgwQkTWIACgkQ
+78vN/2HwW4xfggCgg+yTSXldBhvFoDXoAeOwcC74YqkAn0b+tC5AZ2BQkg0vJXZ6
+tFXuOvhaiEwEEBECAAwFAkCoZL4FgwmwcCoACgkQEgljnRFKqFxfngCfbXYSsBtM
+M5hcUCsnm9IvyCmMhgAAnjtDe7q+5cW/JmzE3illB+u8fc9DiEwEEBECAAwFAkC/
+Rz8FgwmZjakACgkQ2S0k392WXIP5uwCfTlmW1u9U3nck5mCo6DeTHNTmUvkAn2jn
+jXhvqKoLfS2ERRwQlFFAw6NRiEwEEBECAAwFAkDbVF4Fgwl9gIoACgkQ9ijrk0dD
+IGxiBQCeJIrdN0kFT16KL4COSILMmcjVxygAni6OinWWNJqCk+k+BNIvKpm+QKm2
+iEwEEBECAAwFAkDxIncFgwlnsnEACgkQkvv9V4b8pZK7gACgwOU8kI9ZBzryS+Hx
+AeWEo4WjeC8Anjl67/wgPGr4XAS/XA1xmWzRwZiPiEwEEBECAAwFAkGsm40Fgwis
+OVsACgkQLEmBxMM0hsB4NgCeLxvQw1g9MSpWY9+2VbSK/4vNd4EAnicGGKdS3Zy4
+8E4GBZr62ZmWjr/iiEwEEBECAAwFAkHCEoIFgwiWwmYACgkQGFnQH2d7oezd+QCe
+JzuPIHb2H/PX1R9NYqC6z+63wFsAmgJUX4Ei+WzKGs2r8LVtIo03nc/niEwEEBEC
+AAwFAkHCKOAFgwiWrAgACgkQgcL36+ITtpJ6eQCfQ5aTW9WLJNVWTdp4fi618YDd
+nNEAn36Vz84EsZ0gpO0Je9S+geCrffj6iEwEEBECAAwFAkHCKTAFgwiWq7gACgkQ
+a3Ds2V3D9HOXdgCg91Pqo7tiv00Je9XoTIJq82ug6gsAn2Q37v0WzuggX1xyzDSR
+7oxz77owiEwEEBECAAwFAkIi82wFgwg14XwACgkQ2KgHx8zsInvpsgCfdHcjOaK7
+aK1MBAYBaWwkK4rfd7kAoKxblxsQzllz7sLvFbK7xG2ipuNJiEwEEBECAAwFAkIo
+ngEFgwgwNucACgkQLADuUthSlVgXawCcCbstExBnVkd/fHvatuzJ3sJ0g0gAn1t1
+CmnaMwV/HVQlUhfqefYlVN3giEwEEBECAAwFAkJTjYsFgwgFR10ACgkQlvNNek/0
+hjUNPgCfRJZleAq/j/4tbek4A3/lhgXJha0An1aToz0bp8HSf2NBjW1euvf/4VZC
+iEwEEBECAAwFAkKYjoAFgwfARmgACgkQTbbnG4BhqDBuUgCgyBpzBy8k7OKzjiYr
+KMGIWZqiMiYAnjHdHdzo6dKcV+J3ef4hl3VcLqDfiEwEEBECAAwFAkK9MmEFgweb
+oocACgkQr2QksT29OyBNEACfbNEfltwRZ1RmZEkt9ZTwOJSli5gAn3brUt3vc1JI
+xs8dlkwHV1fSJpH8iEwEEBECAAwFAkK9RW4Fgwebj3oACgkQ62zWxYk/rQd1UACg
+wJNmfL/Cs6bYMFPC1dRrNsf2GtAAnR6K37k2u63FX1lbg4aSMLCcNviCiEwEEBEC
+AAwFAkLinZ0Fgwd2N0sACgkQ9D5yZjzIjAkhqgCgj/Uy+2Xvfw9FAwPdWSaC+o4A
+VUEAoIvJ06LeJppo5EQqEt1mc8bYV1UjiEwEEBECAAwFAkLlBZcFgwdzz1EACgkQ
+g2E6UBaCfQMWAwCgk0N+XcWaLDssH7wYu0EtOFW1kKUAn3Vq83yrmg+F4TvieNmP
+hhqTP6W2iEwEEhECAAwFAj5ecYsFgwVYU94ACgkQUF6IRyLnX0ugAwCgnZ5NnBWJ
+3j9/7slzg5Iy/pU6UesAoLaNJiUgVfg+h3uP4vUJhum91P/biEwEEhECAAwFAj97
+CToFgwQ7vC8ACgkQW7P1GVgWeRq/ZACeL6lVKkE1iFiC/YonlBzLqNAdVkgAoIBH
+8VYDXLRIgBpyfSdwc1YxTeDDiEwEEhECAAwFAj+P7j8FgwQm1yoACgkQKLKVw/Ru
+rbuqxACfb1X6tBq7g3z5HgfCXv2sm2gQI5sAn1JLb8gDxuSRcWMHulGZY0hZJfvy
+iEwEEhECAAwFAkCn2cEFgwmw+ycACgkQt5wosOl/hW1B0wCgiQGkFQEonh2cRtw1
+xXowakWqx/EAnjp2Du5T+xpOdf4O+JwV5DmtKqW+iEwEEhECAAwFAkGE6LYFgwjT
+7DIACgkQGKDMjVcGpLQO+QCgsc+A/SO9bY78+ul2KU+7SCcztq8AnRbnT0G0HnJd
+QYMffrLF5Ing2fP5iEwEEhECAAwFAkGxhHAFgwinUHgACgkQAVLWA9/qxLltoQCg
+24DNLxMnSOcPFPCNLTPkyyjyQu4AoIe0tZDEDS7mvM6RQaHREvCuFIOZiEwEEhEC
+AAwFAkKWAqQFgwfC0kQACgkQi5YpQ/wkPzzhMQCgj+rrxz3tJgTrmh3g3+5rIcWE
+EUYAnjKOFjzGL/7SyFlpehh0Xa3oO69WiEwEEhECAAwFAkLrbeoFgwdtZv4ACgkQ
+wm9wFgHGy4MQfQCffyaecfqcThyxP9FNgZ2Uz4pBwAEAnjMFgtk5JN6gZ+Ztgqe+
+YyYrGvvuiEwEEhECAAwFAkLw+X4Fgwdn22oACgkQWNqWrwuQEUHBCgCgn3XtRj5q
+JxudfYkec540HnkoerEAnR2x0A8LAA49rsbhCiLZlmTaaD67iEwEExECAAwFAj0H
+TRcFgwaveFIACgkQPGLK2OTUMk2IMgCfUXkZfmZrMFIiYO8F/naQMBs/94UAn2Xr
+f2uaISYrPudIbRkxYm+R2NrZiEwEExECAAwFAj14eLIFgwY+TLcACgkQ0BqcGU12
+bN6ruACgi2uFjh4Sy0Kjyd760dvfpa/9jtMAnjHyPQ0tHYSqSZDD9qaQvb/F3PlM
+iEwEExECAAwFAj15MRMFgwY9lFYACgkQcFxTidXBs1halQCgiR5GTSx4fSCqkikz
+rOOOXAonDVcAnRFQ13dmkjLcRy4E8bxLtm8xPyAdiEwEExECAAwFAj2DrfMFgwYz
+F3YACgkQAtbtIeMsT0ugzQCaA50Snyeu82nth0ikNVnzHD4W0eAAnA9WxGBmmpvW
+YOq5LOTy2fVe2P+EiEwEExECAAwFAj2F/AoFgwYwyV8ACgkQ9Wsmo6Y5nnPZcgCf
+UvxNXjoWYEsAYJz3z+MWDeGrfJQAn3slXF9ced2OAN3YgYZNTlIC7UUaiEwEExEC
+AAwFAj2IEOQFgwYutIUACgkQg2XL3N1NTv7QVACgr+C/P7gqGDupYTC21jl07mPf
+G/cAoLZ9zkmr1YF6Br7szUKksSan6fwtiEwEExECAAwFAj2IOwAFgwYuimkACgkQ
+Hb1edYOZ4buWMwCff0YYdFZ7gdc1qjCaeXDhCfLe0OAAn1OJuZ/eKGk+i0V/ScLp
+OMLn/SCCiEwEExECAAwFAj22wZ4FgwYAA8sACgkQVkEm8inxm9HyigCfaNbjyIlH
+YA9cAv8sLkz5uHRoTe4AnRyDPfAFiBPZZhwJNDlmTEColXL/iEwEExECAAwFAj72
+Ip0FgwTAoswACgkQofbulCQLTD21TQCfcKuy3MEjJRrikDBgKtpIP1at2cQAmwRl
+ZNeKOT0UJ4RNt2piAHqTD47giEwEExECAAwFAj72z7wFgwS/9a0ACgkQBYtazUQc
+X4H/jgCfaQXW+LvjoJacVNYrdxhXUYx2a+4AoMQV/y+zjcnaNRbZTH6unq4fBDB5
+iEwEExECAAwFAj8AnloFgwS2Jw8ACgkQMozWs+vCdRW8xQCeJLRNfZLO7twP4DnA
+saP9wNdsI+AAoKChEzuM19HrksvckWmBVafawaPRiEwEExECAAwFAj8Fq5cFgwSx
+GdIACgkQTrg06OLM8A+J1wCgmucpP9rc1NjzPHDFNcQokRbp/REAnRvctW/8AwDa
+H/btQjPtXgQGCbrPiEwEExECAAwFAj+PlHgFgwQnMPEACgkQbHYXjKDtmC0gWwCg
+rfQwM+i6i82wTcXx8LRPVHm//88AnjOiqMYKpGj4cpkwdX2nhUlZEyGOiEwEExEC
+AAwFAj+QUxgFgwQmclEACgkQnQioDO2QjWrbcwCeNw1qkRaDRy3/fl41K0F7fbCq
+q58AnRXqq6031t7zmMdmZDvFlB5M6uFXiEwEExECAAwFAj+Qbb4FgwQmV6sACgkQ
+lSxWI2ynbPR51wCgkZpbx8pnoqj6mmXrUQgJSce7eRMAoJcbGZ0ls3JXAJRD5y0P
+YzznxLIriEwEExECAAwFAj+RGicFgwQlq0IACgkQ46aNyqaY2pkmnQCeLsrSrn63
+Mnhc7lwklc3UHlYHQLwAniZuyemrUEsU0fdQKHdafHg471iPiEwEExECAAwFAj+S
+mrkFgwQkKrAACgkQtamfe9tFLSc5AwCfaA0hJcLIfm1Eek+X2hs01q3f2lMAn04y
+qK1H85hZ+77goaEBj2YEEiYsiEwEExECAAwFAj+TKtsFgwQjmo4ACgkQrSAagZQ6
+Xw5tYQCbBE8yHKPJrUivqIYiVJL8y7voOqAAoJc/HBTNTrRSxyjK7nPmyBYlbY8m
+iEwEExECAAwFAj+UBecFgwQiv4IACgkQOiUrvZ0kS1UvJwCg2Lw5xCu5/pUTEFEr
+cShPUDM3uDIAoNLDQt61O5Wego+ez43N2N8doSqFiEwEExECAAwFAj+VCZoFgwQh
+u88ACgkQTDL5CJndlGiZvgCgiM3ez6j21lBLfJnMIKhGMrMhW/gAn0WLirWDnek/
+f9iDEMVcGMEnwOOciEwEExECAAwFAj+cMmsFgwQakv4ACgkQNgJWU6vgsQY8MQCc
+DE5hjYq9uHuyC7ZnBg47a5BkVdsAoNxLfUY6DeCekwPu3e+3qJsbwib7iEwEExEC
+AAwFAj/UdIUFgwPiUOQACgkQW5ql+IAeqTKRqACfd21FYGEziCv14kLK2bD6ghb8
+0jUAni5XNqaFLg8i+0bg/MSQVf88ZQKziEwEExECAAwFAkDcUg4Fgwl8gtoACgkQ
+zQ+com69o1nN6gCfUXjD5LUESFXa08Px3pbfXidXAuAAoMJ1/H/oFgcer7t+tACN
+2vC8GGYsiEwEExECAAwFAkDkGbAFgwl0uzgACgkQHckf8471INHpVQCfV67np1ke
+Bn20I5JABN5Swm51B+EAnRxMBVbypQcppBhdWnxQadrjhHVqiEwEExECAAwFAkDu
+oKIFgwlqNEYACgkQyA90Wa3Cns2o+wCgjBXhs2mEn9HFs5F8WR4AdTpWp0UAnj/Q
+ls/ZRkcy/RAfAN12XgHOkpyciEwEExECAAwFAkENp5kFgwlLLU8ACgkQK6gmAsLO
+gJlWDQCfe7E7rcFCn9xuL5Rh9MDVVueAJY4AoIL6CdZIlgg9Lt/HG2dDFgwPwbkG
+iEwEExECAAwFAkEYu4wFgwlAGVwACgkQ1W4oD4nfjasGFACgyTFOT3NMOo7DObxu
+lYi+WtYriqUAn1Y740hi4fWeByAn5qoUj8brf24piEwEExECAAwFAkEiMZoFgwk2
+o04ACgkQ+FmQsCSK63O7vwCePBtM5gchuVC3gXAMO7r1A/le76AAoIMM0oq6wuiH
+nT/dUAG858Cw09t0iEwEExECAAwFAkGA8OwFgwjX4/wACgkQsYn2tNI6QchEuQCe
+N/pbbqMBzHuAfWO/g9QfmlmVIW0An2WQXrXoE3xnVp2C85BtML2phOWPiEwEExEC
+AAwFAkGEAf8FgwjU0ukACgkQTjypAm4rQ9yB6ACfYnJx27fjxYsq+5UfQEemQt2V
+O3cAnApE8yUw0B3ZpqCyfRo8JQIb/cJUiEwEExECAAwFAkGEkIoFgwjURF4ACgkQ
+lPH09zrL0iMiigCcCIbdWZPauTvF4Pn724WxH6Qed5EAmwcodEzOE/rElE7fqScR
+mudd8Ur7iEwEExECAAwFAkGEvnwFgwjUFmwACgkQTbPZ7n9FhNqFGgCeNgwyzTJY
+1OABEu/EoBXEUOENxdMAnA6Ul/yxKQihc39VvKQfpdwPGUhRiEwEExECAAwFAkGE
+6B8FgwjT7MkACgkQLMilaHDIrOVJxQCeIJI+GgF1UfUOjkYsjkq260Q72OUAoL0e
+kc/ixpvh4Vs0j1q9Wx0fpQUwiEwEExECAAwFAkGFRwQFgwjTjeQACgkQDecnbV4F
+d/JDbACfW5h+kLB3Y0wokkr/sxy8RFXwp9kAnjMs2yoVbG2ZbkHQV2ZODRF66zuM
+iEwEExECAAwFAkGFVkIFgwjTfqYACgkQqI/9z8xhHubw1wCfWLT8UnjyRQIuxGPP
+WjtGVeezdP4An2GJa9XsZW3yv2eOPAsP93+npZtdiEwEExECAAwFAkGFXLkFgwjT
+eC8ACgkQT6RVPNdrU1mZHgCgq9+wyMgDr96Ism0gY9OxSqMA+88Ani8EIVnKhI6t
+rTzgZLZDrZ5pdzDuiEwEExECAAwFAkGG8eAFgwjR4wgACgkQbHYXjKDtmC3wYACg
+1f05WHi83tg/PMHoBkqlngdDIuIAoK7KZ/to5FrkfNphn6Zo0fozB1n0iEwEExEC
+AAwFAkGHwbsFgwjREy0ACgkQVm02LO4Jd+iS0wCfbUWuTf4DZrjdua5kNdfvk65g
+ojgAoLHPPvTdAlVKacX/rnPD7c36LfuYiEwEExECAAwFAkGH6+oFgwjQ6P4ACgkQ
+TTx8oVVPtMYoQQCfXmZAzk9EjL3qPz50zZgSUO8l3m4An0Xoqn603NHFaHfbBKdt
+WGijlgl5iEwEExECAAwFAkGMPFkFgwjMmI8ACgkQiSG13M0VqIMbDQCfSxC8XNls
+eJ9VQ50GJ66KwSDljmMAn33ApYFWTs8qa/EBIQSgqPlVEBO/iEwEExECAAwFAkGS
+MFkFgwjGpI8ACgkQ/2R3A0yRcenRkgCbB5vYhB0cv0S9X1y54Ci1KmaMDNkAnjeO
+H5rAZQsOQZXoDJPzHNrjYpLciEwEExECAAwFAkGTrb0FgwjFJysACgkQ1mvqN8E/
+x7b7ygCaAyFqMIKTMqQYuQ7hnGpMTx7FPmoAoJtfYoL1pFmVZ5Mhwkv9GFUee+HH
+iEwEExECAAwFAkGZWWUFgwi/e4MACgkQSvFUKpY6VLAkgACgiL8te7hejTXfDXRI
+OAZeVzd76/cAoJbmj0tdYt2QGc3j/4yMnmXrKPC/iEwEExECAAwFAkGc8GEFgwi7
+5IcACgkQV5nlLYTPmpDPdACfbASh9WQ47r2zzcVcjlfbvsz2VvgAn0KtwOo73pm3
+e7aPO/mYlLsP4V9iiEwEExECAAwFAkGqMckFgwiuox8ACgkQdDpVTOTwh9cWbgCf
+aMETpI9v6LZgWuTCzE7DceGsuW8AoIcBSwWGF0XkXpRYcvXfjvAg57+piEwEExEC
+AAwFAkGrJUQFgwitr6QACgkQzop515gBbccEhwCfZhBXUVoNKDbW5mpYGxfKrMfS
+cIgAnj0XoOlYmWWNN1hlKoSQrZSvh4FFiEwEExECAAwFAkG3PJoFgwihmE4ACgkQ
+EfLcQ8rmNEIRiwCgpAzSttJZSiGIffSr4/dixsFUVxAAoIwnyzPthchrUSMR10Av
+PAu8Czm9iEwEExECAAwFAkG4HyoFgwigtb4ACgkQ5Vyxg0d4n7u8mQCfdQ++3anp
+pXuhZp6cQIp1DCCz56AAnRA9B/n9ah1wL+IMjoBhFvgSW7JLiEwEExECAAwFAkG4
+K9cFgwigqREACgkQ4We9YdVB4USYCgCeLsm06Ov/Yoi9lfn4UB0IX3qwBFgAoIPE
+VT2gGxQYua51y70pjVYG6t4eiEwEExECAAwFAkG4Wg0FgwigetsACgkQBMQfNs0k
+hKmYzACfZgUeTlimmFrhBDEV6SsslxvVIGUAoKZR9c4+kfE0+BJ069AUZBkkeRKG
+iEwEExECAAwFAkG5dt4FgwifXgoACgkQPrq84hvwIdMBbgCeJhjUvC1klrCPhWqK
+hyfoKJE+hWYAnitsOnNDnjkKDdKta+mrdL23iPD5iEwEExECAAwFAkHCqnIFgwiW
+KnYACgkQPG1Ayb4vCvZS9ACfROLs6kU6Z93eoFUJl5H1M3U/L3sAoIgAGfCxQ3sA
+DvFiYg11GTGnDzffiEwEExECAAwFAkHq47IFgwht8TYACgkQvdkzt4X+wX/UgACf
+eM81+Z/SliH++ZzOmy5ZR9ljTo8AnA5DGAsPAbdU7j1NN0NXUg53dNvkiEwEExEC
+AAwFAkIIjHoFgwhQSG4ACgkQIqUcje1P4MASOwCeLyBkToAQ+3Bvup4B9POq1xip
+ZNgAnAui9pLAdwaGAZ8w5PFxuS2GoXxEiEwEExECAAwFAkI2qnwFgwgiKmwACgkQ
+1cW3Q8Sn6j4gRACfQWmnt2z+J0tB79JQ50hNEVrYuKEAoNAe1Y5xlLlDTSKJmnwj
+qnN0qaeriFsEExECABsFAjbtSOoFCQzJfIADCwoDAxUDAgMWAgECF4AACgkQXeJJ
+llsDWKK11gCfUgltInjqS+wGOrxfjiGjJsNmVtYAoJLaNHln4KYwLlYOo16kdcB7
+dqUDiF4EExECAB4DCwoDAxUDAgMWAgECF4ACGQEFAkBd2egFCRNri/8ACgkQXeJJ
+llsDCRDs0gCgy5RdOqhFvwUFYWj+dHb4LGt7xi0AoKduFxGMuM/loPShQnjvk/VV
+FesAiIMEExECAEMFAkKVnMMFgwfDOCU2Gmh0dHA6Ly93d3cudmFuaGV1c2Rlbi5j
+b20vcGdwLWtleS1zaWduaW5nLXBvbGljeS5odG1sAAoJEDAZDowfKNiuNUAAnjPH
+ZE2+qGvOkOkRYAmqCFMXw9euAJ4lr8dHPg0y8xeNH8M6rSswZaeHT4kAlQMFEDuB
+4BNSrOsu06QsYQEB6AYD/iRZgJ2U+hTGt879PPwLW1y7dQFbjMHqbyyM7eml9ZbC
++m+jqNvMsniFCR5qvStMgbXuUZGGpd41mL5+vqF0wwM00nBQe+rr5grY2oMPCSEJ
+RNtHEamOsbc4GP59nrwbUhA7MKPSrPCvh9bvh+XQ7MSlar9eVBkqvnYmKdaKI1io
+iKIEEwECAAwFAj+WOcoFgwQgi58ACgkQ4WdUde/jR61yvQQAghvUxGu+fWc6RUEZ
+nrQ8n69FOPRq+od8fiYNF5iSWfBon3hmT8IQi3vRFbqCcKsd7fn+rl2zZjFU5f7S
+uzaF8+hODuH7B/jK+bW/dnhpgDRZyvmZMtLpeAOPh3IkrGEeknV1LeTZcRJnbGTZ
+iSu3LS8E/AVuSXmmj+2tXXBzSFKJARUDBRA3Q97TUoBXRHZTQB0BAchxB/9iTH4O
+9RoIshiUysQgMpncn9o9snx+sCO/NiSuAVleHNBP1d/Kvo6SGLJYoVfbfLPMNVyu
+Z4jGi8JQjsgVjpAz93nIevhjz7Xwd3JpS9oUvPej1mdWnUB4AnkKQfN+5+eso9Gk
+7OC9cWq20lU9tpVMDIlOj8GHR9kYfJ4fBbzdCGbG5Z9pzo+96gDUMzX5ZrHlChdV
+4eHJPMi60XeK+mpocQFQH3GBUSTeM3Sy93JoYJLdAA2ZcwMF5xI8HRx8u0rwCZNX
+nDTgPaRbDiW7587n3dWn7Pwmxu/CPtCQ4YO+WdjcKvHio7CqojtM8/7xuclkp3Wb
+1pE1s9w929ca9SHdiQEVAwUQOcqYVhpPhku+30gxAQGDOwgAjoKCGePm8h7g2edN
+YGosrPTMcZ8PNCMETXMZozgCbEd5oWvotRaZnta2CZyj/u5gOrE7z8XR2PNttenu
+HVDii5y0KwaaTR12/wrp9VJ61wLy/4zncnx/C9Nwg/Mu9Y2bMS8EuL16yWNrm6Yx
+prWsaaYy7G251NI7cseXcVnuAowzm6k8ovEwCAqVl4s7EUibNQQCuDgH4idUdr41
+0fDnpUalpvsGYf1wqhs93RbjU7pNEaLmnlz8zESHYaev+JpMVAfnw/jjWp97xyCu
+al75xrc/aj93anrobvU/sSKCDbteDzW9xYyjqZGu2npn+rBR4iUHZf9j/glwT0PV
+nH/jf4kBHAQTAQIABgUCQQm8qwAKCRAz/XFX/s5mTm10B/wK4tRztfYKQVVYYl3r
+duOE1rEntFEP3yV0H5qkIlPrXNi3j2hgOiUEBNDgFpuJ9rSz7IZ3GcIGlP2IlT9O
+icGwpabAtoB81S8rJKkzI+bBLCK2J1xJslIdjk2FO1u+KjLu1gu3RZYaYPc3bETX
+XmtECI2h5hNazvDw+QS1JTIkqr/vhl3TY9JAxiLwNBWn30phh8kRzvRJh1EI584v
+RVb7nTSd6PYpnpoEskJbXyAc+BV2QLPk95oj52MweGADFNv3uuyUq2WH9H1KP3Mn
+wNReTy++woQfLzobHHMyBr4ccC4uKlqOmBcZ+kkmEjxrJTRALelu2quUhpR7a0tc
+qFxSiQGiBBMBAgAMBQJBhRYSBYMI077WAAoJENJkZhEZk6qtGSkL/0qaizY3Ix+h
+wNj+UAN8sGhPLYNGSnPCgLyLMceByJP7fpF96Try6wIYsVAsXdltuC6wEsDNjIc7
+4FCduAc0HfhnJ5Yu3ciJ/DvR//vlbnE1pp+RysVf7V3CVNxLgOdfSBd76tgktcfb
+sh+R+qKR4JtWjojkET+XAOrCDYNj8P3nNxHzzYO9UHSBsNzrm46RBFNxtETh0nDx
+mgzfu6i2vpSwoRMbi/39VGlHJNYoA7itVZfZx8FebJA9KcirRDGtWcofsUhWWfnQ
+A2K+ahPIx+N0xVzuxjKZoXbkSC+LFwzaoYFUE6OcFsBkUY40QhCNKIWUX3kSZVUW
+ro6WuwMltQAkXG+03awShgpciqzZ3o+Oro8zmMoESJl9c5oUWuIfJwHpvrw7UrAr
+cZLdf6bcOjHlJqGv2XSRJIxeiUtLghPrZF8pqN7j58yL94QC7PsQLsRkcgGLp9aS
+v87O7XzGU9nlyOS7wR56pQPClpTO8tm6ckquKh7T5jIqnszVh2t4yYkCIgQQAQIA
+DAUCQcIpbgWDCJaregAKCRCq4+bOZqFEaCX4D/4kRmZ8eDsYuKrw8OS0yUK3PI9k
+4wyBGxUQmuJKgXFRAbCkUpATHvRh6ZXquWFSVbgkay3cfbGLfZWiT7TAz+k3eiVS
+tm/Mk88pqlTfu2pUq0/5bpqJF9zt/L/i2aY/030A4l5gsEccCsdy5F1FXQPbYGFT
+vjtPJx8hMstAG761HhaOib/A2O8jd7f8elZMGSTubtsFJ1/K2Po6sy/3ylJlfo/F
+zgvqTJYju4IPsIrq44D3k4kQDMahU2W4k6crQncV7w2wqC0zxmuZIuCio1wyvYG3
+ey/pjNfrOemSuA/gmmN38uBJM+vEQIPnUdJslc9H2eH4rVKFEQZuqUk+HUdwVQhJ
+KfwaMmSiGj4PeXphtFc6a3lqfhsiN+7lOnzk0dRMCxZEMgLjIC6pGquJ610zsYGR
+b/viXDUliNBJod7CeOHRH653/00U9aaqh1Km2He+BWmtZt+Kzw10YUm8oox0/E6X
+lE4EL8p/LP1uv8vbaGzTVxX5NIr9gVhrnOVDHHXtlFZxatg7ZLuSNkK6oiqsR2yn
+xk2ysmTQEzyi20UFxnH8ICsUyRyEDbJlbewQPtJRnknpV6QhsUA6bVytyYYA3RkJ
+qSDojEgAgz5LL+Zhm1Ttz9ccwxJY6/ZevzlScNrFxPnzmaotfWPgFis0yF+PLZGT
+uf/gssj8yYMAWhhtBJkBogQ3OvfdEQQAw/+RYsI0gH0jpxd1Y6dsbupdOX+dmT/U
+5Hha81a/nTrEP/vOIjx83r26zigtSXBDr+zrMTh18Xu2CYLOogsLcE6ayhdzMes6
+OSd57S7WmoWufFEQOB1+28aaLFyzI0XW6MpnCPYJVS3mVrMr48My2jWL0jitpZMs
+cjGy5i4afSsAoIwpCTjZRgFmv7Gflb+BGVUuEnOlBADBZ0X//+VHI1zZTApL8VhG
+n7bt2EB/u5INdQ2wc29m1zqQB8T3rU5//5csVlTvW6i2w4gDHIAlIRNxvvdPNIPX
+t/jYIXQwM//UDAc5IN0DEOXT5rMklel/mw7yVYfejiY5W4SxYhiGW3D4ybwKYQ7l
+atQBBHYmGWLPE/YAjxdKFgP+LqWWdZ5KV6clKp43AkUk73hDMvGnl8Z/Vv2M+waj
+66/MbJJdBgUW/Pu2NJGasxVSK8q36EXj9pNB0K8FVrx6u2eANEdrWj9MO/cchQ3s
+C3I3et1N568qqnXOu/7mV1yVHJfS8sQc2tptMTneb7usmXAF5+OziUOcS7ukwSEX
+nJy0Nk1hcmN1cyBCcmlua21hbm4gPE1hcmN1cy5Ccmlua21hbm5AcnVoci11bmkt
+Ym9jaHVtLmRlPohgBBMRAgAYAwsKAwMVAwIDFgIBAheABQI/gWcwAhkBABIHZUdQ
+RwABAQkQwKTLuYeXhWkpeQCdGJrYN/uT05T+grdci+zzNebybfYAmgK2OjM0TLkD
+SZeSjVgKEx6tG7wltBBNYXJjdXMgQnJpbmttYW5uiFUEExECABUFAjc6990DCwoD
+AxUDAgMWAgECF4AACgkQwKTLuYeXhWlAywCdGYJpwUWVH0GGNZ39SAt5NzOerMcA
+n2Nfqz0v/sdr0mMPNbSziGNUevyBtCVNYXJjdXMgQnJpbmttYW5uIDxicmlua21k
+QGRlYmlhbi5vcmc+iF0EExECABUFAjc6+dkDCwoDAxUDAgMWAgECF4AAEgkQwKTL
+uYeXhWkHZUdQRwABAbX/AJ47R66dq4o3vobMe3LqOHhXEdWeUACfTvV0bshBX3MI
+bIY53lhOnqkNvVS0IE1hcmN1cyBCcmlua21hbm4gPG1iQGcxMGNvZGUuZGU+iF8E
+ExECABcFAjxw+b0FCwcKAwQDFQMCAxYCAQIXgAASCRDApMu5h5eFaQdlR1BHAAEB
+jmYAni0grvGxgcgSuXK3vzLErIkfFK+jAJ9OfvRc1QinOAydyujUX5roXM/opLQh
+TWFyY3VzIEJyaW5rbWFubiA8bWJAZzEwY29kZS5jb20+iGYEExECAB4FAjx7ebMC
+GwMGCwcKAwQCAxUDAgMWAgECHgECF4AAEgkQwKTLuYeXhWkHZUdQRwABAZRBAJ4o
+xvVUX6skfJud8oKoYvy0l/ArGQCePXVckzHYxtiuH7NsDTesxWN2Jx25Ag0ENzr5
+dhAIAKcsu8SB0lBBOxYbd/oX0mirpH6wmQCE9p+GAsUA84pj9xE+beb7hWlBLGeD
+mfDWLoel7AsD7vVCciK7u/3I5XDPWE57TIJht0F4pfQ58p90EK2qqIxrVkmj8L51
+ohy0rot2VuklO/+2SlYj7a+wApfwPU9hkBCKmoQKbMNbkeX1C9O6cAOwa3bLyhd+
+5ZwVKtbsFXO08dkEmR0g7i0+jOzKVZdTAzE2uLg/3m58Uy9g3UMxhg4tbWZrS0Hs
+cWdZXoAjo/cw3nC6utaZSy582gxpGXf4D7DjmUOW9AwkDbPZFuHCyYRrpO/Q+4kQ
+vKTkDIi6m3w1P9eGm7eq7ds3Wu8AAwUH/j8DBqWtXC2m1G+9nsj9bUuYtC5OMKyi
+9MRiwbrCdlkR/q7hRgpvojxiui6M69s5raBIDa+3k2mAHVHqfR+7QC+n4KTXIXHO
+rN4GHD6jlEDwnVrylqawMFAgCRutD7ipTPffJ9G5cHqPLuBJo57P49uR+DZ+lpng
+qr4XTRMW9k95RkM5I7GnUU+13Tj54AzThi4se1leKYQjWBYQLbi//MOFZ8EpPeAd
+P4nNCULHRNj0wix4U7hwEBWKHndFSrQKypwotIsTnoyfme2JdArcr532tD8+3miV
+NHqd2BiRYInQRCGsVaLKzEs79sxMreBpv2qp+LCLWZ6V4QMaInonLdmITgQYEQIA
+BgUCNzr5dgASCRDApMu5h5eFaQdlR1BHAAEBnD0Anif1Vuv+XbRwwHOnUyvytsWJ
+WeMYAJ9+8bxaWB4D8NDgqzYSzcgpCWdF1biOBERAD/ABBAClEc+ggo3tKaaLNJSQ
+E+C6sUQjjqXQnFgOengMBFio5Ur7+si8DK9iKolgk6HuIYFH6MeCmFvURicKoclY
+MVGKGx8mc3iq7awBIrU4j74Rj5XiXjeMui/jHggH90bf/ouHNcTTsHX5kziweTdq
+WVYo7Agjdh5ckv6cYqlg8/+DSQAg/KqjY4hJBBgRAgAJBQJEQA/wAhsgAAoJEMCk
+y7mHl4VpGNgAn2cLCf57hXUddxvbPBgtWX4WyPxDAJ9fg38QhJrqfK9+z+zL2pZ7
+GqGrdIhGBBARAgAGBQI3eHY0AAoJEHEtyVg9xXb3TzMAnR0w/cs3O5FAaFw+aVSD
+k9uUJP6yAJ9loILfam+WveF+MrGnusXsDvf93YhGBBARAgAGBQI3eRy6AAoJEDdA
+fgkueqrNIqgAniqrGi+nLmBPc/iORHs3j8yMnN2oAJ9xp5U/RAYg2iPtlROY0EXk
+pvqYL4hGBBARAgAGBQI3jxN5AAoJEKnmZ/8mzHhTgkgAoNlFm5PawxyMGlXB0yNN
+tWu7iGuHAJ9gH6O2TKuIj7fYloIoBLke1F3uXIhGBBARAgAGBQI7QP/MAAoJEHkW
+Lzb39qrZZMgAn04SZfDYEEO0H8+5/pkG3Z1J68AbAJ9hyy44uuT9q+5pvcEllbkl
+yEYtaIhGBBARAgAGBQI7QQXvAAoJEDv2CcaLr829DjAAoNQfXgbkxwImu4O3D53P
+p6Yw+dn9AKCoXLfEm6zS+k3dDRiulTpJ94NMSIhGBBARAgAGBQI7SG89AAoJEOd1
+4yTbQbOHoFoAoJxye0ZLZnOzejGbaAjddDnFFrRFAJ9JiefttTviGzVcZNYi6x9m
+IU3uKYhGBBARAgAGBQI7SzZQAAoJEA6nVrUUSEP1/PAAn1fjkC9n6gLfWZFiD9h2
+5rtlx8NqAJ9+GN3xGvYw5oJkrkK6E/hyJKcI+YhGBBARAgAGBQI7S1hbAAoJECtK
+7KmxIjWtboYAniB0KO+NBf7tH6jfR4atZfB9oJEYAKDUsALj1UN3GoCKQVxBPYWy
+nYA9w4hGBBARAgAGBQI7UsBUAAoJEPHSzMhJehdtJRwAn1ZW50Mgvhp5Eo6mt+rM
+Mgwy2cJ5AJsEuWt5hQhJBhn704ZjghvziiAfoIhGBBARAgAGBQI7Yxq8AAoJEI8f
+38m84JQ2t9wAnR9xQ46nFf/hQzZZCLVWNvtKuxN3AJ0bCgAa4eqwqB5hg/yuNPEz
+FbwhqIhGBBARAgAGBQI8bmBGAAoJEIeVOB4bvrhK6WMAn3ZhE2bM5T2GaF/Fh8Tp
+EIVVQ3FKAJ0Q9Uwjr/Epn/57Yit+lmbMfnVijIhGBBARAgAGBQI8cRerAAoJEJss
+h2hy8fIND28An1Z5Hls+Jskp6DbiIfGErYHYcjaPAKCW1DtpYhFK2uV4Pza37KWi
+lvx4cYhGBBARAgAGBQI8cUClAAoJEDoapjWQmlQG7xkAn0bSTKB3BHl66795wtmR
+doFKZ614AJ42rgO2IJG5XRh/+/jrcGjztvsBSYhGBBARAgAGBQI8dK6yAAoJENGj
+7q+v0QrPm3wAoIe0Co9vlKf6gwjz4Yky9BiXvYyCAJ9m923YzjngFMGB47gqKmS3
+U4IIYohGBBARAgAGBQI8e3KdAAoJEG74r8KGV0rKYiwAniujSnXrQZ2eNGC+mXTS
+oLBEWmzjAJ0Zk27daFO6GUgfwM92bu6XW3ZeT4hGBBARAgAGBQI8fUKyAAoJECwY
+oCq0xfN/PrQAniShB8M6BMHsw3rOuIvxOc3XbAv5AKCYx7ubF1eWysuTN7GyrUZB
+44Z8QIhGBBARAgAGBQI8jL2vAAoJEIW5kHXCkQ5BtCIAoInMgQPBUeS3wW2kq6/H
+Cv5f+S/iAKCrl00OZZomz14dgloHRsz8169iKIhGBBARAgAGBQI9Bsd9AAoJEIy7
+QVMRS68RLqIAniJuMJxQyTaBG1jqO1WN78OXrBMNAJ95cE8pmb0CEMax3jmm3qwJ
+ReaZj4hGBBARAgAGBQI9KMbSAAoJEHw7eXCIx8H3MKoAnj8ejnMUKjC5koe6wJtc
+9LVJT0RpAKCIzW4B7a9CLQ5fz8hPQRvsWRP/o4hGBBARAgAGBQI9KMbdAAoJECdl
+aNdcYVOt6iUAoJuvqfjsSHKGO49j2NrKZMJ67CRdAJ0fnfurvWJ3uQIqruDSQZWH
+p8KYu4hGBBARAgAGBQI9MZAnAAoJEBjNJaUi84rziG0Anj2uvYByl0PC5AdxzFLk
+XXp5dk8pAJ49YzZVnhkMBMPAO0Sm/QI63vBvs4hGBBARAgAGBQI9MuXOAAoJEFCP
+02O8k2g5ZSMAoN4H5EETb1cMQs17fGuL1joMtVLuAJ45UH/ZE+AZLSWAdfe9dDFO
+ZQnkAIhGBBARAgAGBQI9Noz9AAoJEJEIIZ7c3okKP0MAn0EOq7NUy8WKGo1KV/EZ
+n5xqKUiUAJwLjZ+oDrBSqK0DUiyLjjOEIU9VmIhGBBARAgAGBQI9PHAWAAoJEIRj
+NbghwGWY11AAoInXmR/k8Ne9PdwnYSFOE5E4qmmRAJsG+HisIophbRek8Gv/+JJU
+Kua4fohGBBARAgAGBQI9T4h+AAoJEFSPWeucFDVdf0UAniptwdlWlYCFFfKW/pnz
+Dd8FHGWyAKCHM7EKGExVSBggS85+fw4SfBooJohGBBARAgAGBQI9UvZFAAoJEJUz
+dHX4v2Q6fr8An1koj58GE8xW9THsD+MWOUQ7mCC8AJ0ZmZKZ2SLfkPiabIMT2SzF
+w1pivohGBBARAgAGBQI9tOMPAAoJEFKS90Pr1ZNrDF8AoJSdILy4qjGGbQlliBCq
+pWE2shTdAJ0bMLGPV22bdiCAb+ClRTUf+N30zYhGBBARAgAGBQI9vAmLAAoJEKjd
+nYDckq4wdJ0An2EyKrDlGADPuTxalNV9Jl3lk3LzAJ99srXCSn1Q/yiZ4QRN09bG
++E3QMohGBBARAgAGBQI9vJT9AAoJEDbPukR4kWuEUlgAn38GC0wC5e52psalECLX
+tbhSe5TPAJ94pkrDtmSHfiDzc4wcTHZyTkBx4IhGBBARAgAGBQI9yzuyAAoJEAmU
+kfeRsNO3mSAAnAhDCThzCLAeYLmJuaqEdgUsXuBMAJ9CqoF4TxYaGjLCrvi1BNwm
+k1WsS4hGBBARAgAGBQI+MbfNAAoJEO7w2zSzISYDinoAn0oHAHeQNngKkgOzsYWa
+0yylqnLZAJ0Uw/vXC85jTknV0mnQVdq2gPjK6YhGBBARAgAGBQI+SvTqAAoJEJh2
+iWGe0QG/ozEAoMCIqXaTTFCIxKnv4F+EbB80OdkSAJ97SDPfLqiJzAMXG6lvjHDa
+rw3XdIhGBBARAgAGBQI/UOXyAAoJEJFazEWo9ML9ZBMAn35HFpq2xA/wWHM7Xu4S
+roXw4R4fAJ4lFCPx04BnsgssRiaE031lZQuv0YhGBBARAgAGBQJBfAG5AAoJEBhZ
+0B9ne6HsqnEAn3HyxNjfzzEVjzLoy0XZ+ZQ5hP9/AJoDLUzLUkc2fLXnjVzBlm8g
+ZkAcQ4hGBBARAgAGBQJBfBJgAAoJEIHC9+viE7aSrCgAn2EuRkEC/AiVvXodTQWk
+S5YS3DclAJ0ZkaSD/AB1dfba4ew+eJq1ZhFH1ohGBBARAgAGBQJBfBK4AAoJEGtw
+7Nldw/RzcSoAnRvnV5SsgKsmKVogURBP10GMeWz/AJ44hk9u/COHiSetWHPT6PIH
+72vUeohGBBARAgAGBQJCKNAAAAoJELZr9ntxA8Xa4A8AoLOrStPezgIdnhfSDc53
+3a6f3krSAJ9zJFv7eYIDceXsrBNAVGbKXiEA9IhGBBARAgAGBQJCXCq4AAoJECqL
+xADARsA5ez0AnjIC2fOR4A4laWtCc8DeaeCv+luuAKDhzoNo0SdivuqPXvMYZTZ7
+LFixiIhGBBARAgAGBQJEEXJjAAoJEBJ2JBfPBQjsGUYAnArkZVd+f8AsuxVJJ2/Z
+6HmWOEGpAKCj6YVSBxQBpyoX3dl5TH98CHnbkohGBBIRAgAGBQI9J19CAAoJEAsP
+KSnfge6DXRsAoIDfyLevFYw2Nyfp4OZlB9IUZH5tAJ9bSlzv7sZ7vBiiVgYbYddy
+6U6+hIhGBBIRAgAGBQI/GXHjAAoJEDMLA4tsY3Rt3AIAoLCm358o91ksXqe9TEgy
+qEouaO+YAJoC7eKWbnMe+zOncqmkIe92+3RIeohGBBIRAgAGBQJBi+CkAAoJENvD
+6/wz4/5WsSQAni0OEioU1TqooxTW2d6FocGs+eZ+AJ9byIvaBCapruL0gLAxejwd
+FIrU+ohGBBMRAgAGBQI9BOe4AAoJEHFe1qB+e4rJCI4Ani/RIDLie4DJBD5vcOQl
+XkQ/B0boAJ9Gs8lCM5RJ5Md1WIlPvaLLff6YpYhGBBMRAgAGBQI9NJl7AAoJEDm2
+Yqiv44FpnHcAn2RrMkIIuRwWS+olbhI29rqLOYQcAJ96OTzBv9HnLQk97MgrIk0u
+MTEoC4hGBBMRAgAGBQI9tWUKAAoJEMuWmJRMxwhdbz8An0jDzVqVBr3R8Paca3YG
+rkg/B57VAJ42uzjJS7+2gWdvSCIPbfNqyzJUM4hGBBMRAgAGBQI9tkNMAAoJELLT
+fwi1TAkwUw8An0XpAx/1YVEIAl/bBUh8vQNVfXQ+AJ9ZqEEth2Qm/btpLG21+9PN
+CQimwohGBBMRAgAGBQI9vG9/AAoJEC4s9nt3lqYLkZwAoKliHAv9tlFYFquFB6Uo
+NyJYRRVeAJ9/askE+TClHgOeX/tAutVWTeVgyohGBBMRAgAGBQI9vczLAAoJECn4
+5GVniJZfCtUAn3fwEjTyMPsSkMACHZlRwTKJTn+MAJ9RJGFw+H4SOfcFyzQl26OQ
+xUDla4hGBBMRAgAGBQI9zVX8AAoJEO9n+8dii45pisgAoIlvGenK8VWdjEHdJ9Iq
+zbsVQybaAJ9fR0pBQQF/VSq0iLz0UNfitcs4F4hGBBMRAgAGBQI+SY57AAoJEN56
+r26UwJx/9lYAoOVoRTgMTEI2mPFriutraU32X23OAJ9JwE+eS9nTIOmicFcKL3Nu
+tCQTUIhGBBMRAgAGBQI/hFB8AAoJEMUUr45LpAHDePsAoNyxJbmjCjwi4sPKFF3B
+0Mf2gn2xAKCtEVTTWYUILahVdnjru7PmlHlCIohGBBMRAgAGBQJBcnkMAAoJEE97
+8oSv+wwXC/8AnigNNsG2wTGZSPyaEwk2hYwNxzvhAJ49XlqwWx0yp3NRxzR3R7lo
+cjcozYhGBBMRAgAGBQJCM5T6AAoJEOSLZbVLOU9+BAEAoJmB1Ghp0atCi86bnLcr
+vxLBVJQOAJ47shbjSakiqp7V89s45voH0JZUdYhGBBMRAgAGBQJEEK6PAAoJEL7C
+TATaqJiSTCIAoIE+Fx+fKPJYDhl2YoDdFKyJub3OAJ9IGj6D2KN4UMhhYhBMXEMR
+7pAFmIhdBBMRAgAVBQI3OvnBAwsKAwMVAwIDFgIBAheAABIJEMCky7mHl4VpB2VH
+UEcAAQG3FQCfZy6nZ6K2JJ3p8jnNjP+KnCgBf6IAn3WumBB9RjfvYCPL7EkOWhGR
+J21NiQCVAwUQOHtkh0wn7WU2580JAQHcGQQAij9e1yHjYezeVWVhWhjg07qEfc/V
+5PVQ5u5KW7zW0ztS8RtTIaaJaI8lLnJMV6gj5cx991GzaL4+nD0Hn+XpDacNGnO6
+vTlel4xrvcRJetC5dD6kd/vvb+mKiVwHbK+bF4hiBzbsreJ2T0HUEVKoSz1Wpbhr
+EO2h5N3fPdHKDh6JASIEEAECAAwFAkKczAUFAwASdQAACgkQlxC4m8pXrXzJaQf+
+Nn46e4Gu7Jsj0iBOECOFTHCYwvCtBXYSiAJ2qNbVQ4G9zHCW25nMcmnCxoT5LISX
+buvTpw5wSvDOlIsJtDvAfVK48SXXqoMJ5S/0oj6nJKJllMCGHEIhjCHyvWWVk79Z
+pit5glaUBfG/mYqs07fm6KuYQ8Zt6kB0Sl8igdE/fozRkoUgeIjNUbVqLvr0JXz1
+TCRjQmlwzqc0Pgi/Hb5dbVBh6v3hXK0ELN6jvaNenxz2yDGIgJsI7g2etofHLGQj
+g/pKkAnoHHs7/EeteY94Owz/5SwM7U3dfQ2rKq0Ff+U1UNpnnyQOjMc/xSODFA5R
+q2vB0HeoGmoxBXQjvB+Pi4kCHAQQAQIABgUCQXwTXwAKCRCq4+bOZqFEaJ8SEACo
+zWbFSR5Va3uz7ycxX8Ca6CT0RUyPFXgGfOH1TbvSKsW1Mfbqv/TL1RNI1yHZtAd5
+i8NGLCBsr/bJDZ/HYNdvGjWGKjklcFFjMDiGF/Q4c3CYSLl3JbFyovIX2Vd2FWxf
+PoLFdBRQL8AJkcZSXgkSFUPaqkZ2HUGDbzoCM9H7u9tScmDYjhBnhlWQuFoy5wjp
+baxAidZtcG4yccXfQtuJZKvyPwEp0TFUb1w2hKW7akS0i+wHcZpXlS2qqs2z/Bsy
+0YqNYR2K6qBmbbVkuWiBGYatDyuSBD0XyoE1hcuFX92qt6KfMYgV5sjcwiGE/di7
+Bw1KbZfW4UKhvlJMYtCLncfkR/6qPNA2W4xAh2QDklSeR+W0gsTe2H817y9ud7+7
+xOnMC0u+QGFqXLzRA2O77oMfNFvi+3BvxS9kI+8PBP/aU/e7iGYGnOguvsZqv8NL
+IbEX37AfK03w7G+WdhW8WuseXIjQzshpsE4JNY0vRyfaKCsaVjqkS4Nm3fXsC3KL
+72FzZBLAhZ+650xce11DwshqffGPYrz9WDRC545AdTp2dzw3/XnH/GMJyjZs9mSB
+zUsJ4MkLo+zO0tAguNnL2Olr1H34fmAJkgDT1C1ieLBmRlSiujyfd/xNEnugKAzJ
+4qworARVplLRhhYtuTD+txWkxDUmOnu26DMnulpQSriOBERAEBQBBADTb0UqApeh
+0QVKA86Vdw0FcbCj7//sD2EtgMYWFm6pQx/9j/7om2gMkaEFaJ/qylQci0P35Vdj
+lBTuwt7a4bnLHqdcMMImfI1RiziGrGnU4dXupizQ/jkgZZs+De9JKM3G0u0Tl20+
+Nuqz/rIyDkhxRqu3uRD7CkzYb6sG3EnJkQAgwuBLPYhJBBgRAgAJBQJEQBAUAhsC
+AAoJEMCky7mHl4Vp/3EAn3lLjZHnh5J8vDPX0EfXTiaCxcRwAJ9mXDiOfaSXENw+
+uZGLREwJhEeZxIjnBBgRAgAJAhsCBQJGlKAIAKidIAQZAQIABgUCRpSgAQAKCRD7
+iGK9/NKik3GsA/9kPscavUwGxHQuxeY8DpMF/kYBxY2cupj/JCEymaxZpA5ErBt0
+k3y0P2mNPy1FLmAO8zmr8M7/ehrwinMzYZuNY6o7pc7ldxtRsLnTcM4pRfM/9LKq
+hXz4vFx5W5Qulb92uUnt4qBmepSikFAIajfEDGRjl91b37Sa8/nfkXWZxAkQwKTL
+uYeXhWkzwgCfQaaSyjLGy3WIyGuMVzLdlmuaHtQAn21yptlhrgcvevUDTI6gLyom
+emvvuI4EREAQLgEEANcDmpVzzww3xczTgL8ekK+Tr9hiwvEhtLkUtPtCQVxEVri7
+HvF0U78T5ep59Ex9I8lfGjBmUtJ1T1cFXRnbYys/+HMO8DEbUdoiRTLet3+mR/ek
+2own7avqokaCSO1xr3n6Km02drp7H9HyUlOC+QKhP6FvtdhIpd4Hi7WQyJUdACD1
+VIwTiEkEGBECAAkFAkRAEC4CGwwACgkQwKTLuYeXhWmi1wCeIyRDSxYXMi2CmZYR
+SkmOdAtG+tkAn0KyfLD/DbjXYGLUqIAU3fvZ88UWmQGiBDpU6CcRBADCT/tGpBu0
+EHpjd3G11QtkTWYnihZDBdenjYV2EvotgRZAj5h4ewprq1u/zqzGBYpiYL/9j+5X
+DFcoWF24bzsUmHXsbDSiv+XEyQND1GUdx4wVcEY5rNjkArX06XuZzObvXFXOvqRj
+6LskePtw3xLf5uj8jPN0Nf6YKnhfGIHRWQCg/0UAr3hMK6zcA/egvWRGsm9dJecD
+/18XWekzt5JJeK3febJO/3Mwe43O6VNOxmMpGWOYTrhivyOb/ZLgLedqX+MeXHGd
+GroARZ+kxYq/a9y5jNcivD+EyN+IiNDPD64rl00FNZksx7dijD89PbIULDCtUpps
+2J0gk5inR+yzinf+jDyFnn5UEHI2rPFLUbXWHJXJcp0UBACBkzDdesPjEVXZdTRT
+Lk0sfiWEdcBM/5GpNswMlK4A7A6iqJoSNJ4pO5Qq6PYOwDFqGir19WEfoTyHW0kx
+ipnVbvq4q2vAhSIKOqNEJGxg4DTEKecf3xCdJ0kW8dVSogHDH/c+Q4+RFQq/31ae
+v3HDy20YayxAE94BWIsKkhaMyohhBB8RAgAhBQI6VPBbAgcAFwyAET/HMgQdI+nq
+Zt21AJydvCHfdNxhAAoJEMdGNjmy13leV7gAoKHV2q0XEP8GJkyp0/V5lgbwBmBM
+AJ9TtVfw2khoaZ3LNV2tINSjj0Alp7QiUGhpbGlwIFIuIFppbW1lcm1hbm4gPHBy
+ekBtaXQuZWR1PohdBBARAgAVBQI6VOgnBQsJCAcDAhkBBRsDAAAAABIJEMdGNjmy
+13leB2VHUEcAAQFWUQCfWWfTDHzSezrDawgN2Z4Qb7dHKooAoJyVnm61utdRsdLr
+2e6QnV5Z0yjjtCJQaGlsaXAgUi4gWmltbWVybWFubiA8cHJ6QGFjbS5vcmc+iE4E
+EBECAAYFAjpU6LcAEgkQx0Y2ObLXeV4HZUdQRwABARPJAKDmKL2Aeo6OWwcZKyqS
+WLD4drQxfgCguJ7k7XEuQr+tL0ndoin0RSQTkCHRzH//AAANOgEQAAEBAAAAAAAA
+AAAAAAAA/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQ
+Dg0NDh0VFhEYIx8lJCIfIiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESUM8SDc9Pjv/
+2wBDAQoLCw4NDhwQEBw7KCIoOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7
+Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozv/wAARCACQAHgDASIAAhEBAxEB/8QAHwAAAQUB
+AQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQID
+AAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0
+NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKT
+lJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl
+5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL
+/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHB
+CSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpj
+ZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
+uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIR
+AxEAPwDqKXFKDSEgDJOBXSeeHaoJrqKIfMwqleanyUi/Osi4udqNLM+EUZJNNIlv
+sakuqjnYazbzxKlopLOHYfwqa5S/8QvOxjtyY1z17msqWZpGAzuz1wP61LmuhrGk
+3udHceO9RL4gSNB6EbjVU+Ndd3YEir9UFc+nLYC49jWhbt5UW0RIGbpyKzuzbliu
+huWfjnUw377ypQv3vk2/rXVaV4o07VFCiUQzd43P8j3rzVpnLESIgHoopZJIYIxP
+Dg89Vb7tNSZLppnsIIYAggj1FKa4XQ/G7r5dvexI0R4WVTgj6jpXbxyrNGskZ3Iw
+yCD1FWncxaa3F24oNLRTJIyKKecUUwHjrWbql2Y/3KHk9a084HPauZu7gTXLseme
+KEgkyLmuS8TaqXmNlG3yofnweprp7qdba1lnbpGhavPH3yN5rH55DuJNKo9LF0Y3
+d2T2sTt+8dflPQYzk1twaJK8AeVCxfkKOMVBo1qJLmJSPkHzH3ru4bRJlXjFc7Z2
+JXOBudBlIyEYAevaq8FkLRsld5J69xXpDaNC5PByffAqlJ4b8wkFiPTjpSci/ZnA
+3cXDbmcsRkEmoILGWYkpu9zXfjwkzgGUqVHtWhbaFbWyjEa7vYUlIfszy+e1uLEh
+njfY3Xjiu28EeJZJ3XSpxuVUzFJ3Hsa0dU02IwMCgI78VxEcB0nxAnlOUDfPGfQ1
+pF6mNSN0eu0lQ2c4ubOKYfxoGqatjjG0UtFMQTsFgdj2U1zGB2OfwroNTcrZPjvx
+XP5pxJkZniF9miz5/iwv61xA+aUDOR3x3rq/F0hWwhjH8cmT+ArmIIvNmSJeD61l
+U3OqivdOn0KNTPuU5xxgdBXZ2TAIOe1YGj2ItLYYGTitSK7ghchpBk9hWD1OqKsb
+Ccke1WkdcYIFUYZo3I2uDn0q2FIIx3pGy1JHAJAAHNVpCu4kcCpFJaZgOiioJm2v
+t6E9KQzPvZAUIHNcL4jjC3Fq/cOR+FdtdHnHrXH+JSjMmexP8qqLMah1vgq4kuPD
+NuZc5jLRgnuAeK3s+lYng2PZ4YtAeSdx5/3jW5XUtjzpbsaTRSniimSUdZmCwrF3
+bmsWtDWj/pKD/ZrNzVLYh7lTVbCG8tQ1wGKKTgoeR71yGmWNzPdpLb/NsfOG4yK7
+2+XfoU20Y8uJmJPucf41geG38wSMRwpCiuVu8nc9JRUYRSNoXqiHywjJOy/LH1J9
+hWcraeFBup0jnI3FVXcfyrYvoEmsSdoLqQQ2ORyKVdDRcmNEORz2P51m20aRjcy5
+L0mKIWmpWpVc8mHa2M8c960NP1q9hjYSSJMy85wentg/zph0OSCJ47UCNJAA4JBz
++lVv7NayUlV3DG04bGc1Dl2NIxstTootVaMFlaEmY4UEkZ9hVPUtZS2lU3Aj3DjC
+PnH8qp60vkWVrDHkMoULjocVizRXDxB41aSbJLh1BUjtjvmmmEtDVk8QWLLuD89g
+3Ga5bxDceY0Ei5AJY4PrV9mit40juNPXbIPneNSNp+hrLvdO86SGCJsB5Pl3N68Y
+FXFmMr9T0vw2mzw7YjrmEH8+a06itYkhto4kXasaBQPoKkNdR57EPSig0UyTH1sE
+XSHsVrNzW7q1uZoBIvVKwqtbEvcfefPoN1GpADR4ye3P/wBesDQEaJHU93PFbNzP
+5em3K7S25OlZumxFGXBGc5I9zya5ZRs2ehCfMkdJbqs0LRN91hg1pQQtDCBKPMI4
+3L396yLeTax7VdGrJbqRlWfsDWLZ1xWhPcXFvEhZoZRj8vzqghM9woMe1B8yoe3u
+feo5pDcobiW4Tcpyq54H1qGDW0aXeFUhOCVOaSa6ltE2twubZZlHzQsGA9aW1WC6
+gVwVdT09foaj1PXbaeLy1CqzcbV706ygiZQs4aFnGUkjOD9D60SaYK4XenW5iJ2c
+/WucVJX1qzEfOJlUH6cmupeJY1w11Iw9OP8ACsSNgNegRFyC/AA6Zq6aVznr6RO3
+4Hako5PUYorrPMENFIaKACQZiYY6iuWcFZCp7Gur61z+qQ+TclscNzTiTIoyLvjZ
+emQRVLTTifyygUr156VezmsbUDLY3YlDYSQ8H0qaqujWhK0jo2woDk8DrXOs8l9e
+TeQHI3EgjkYqpca4fLMcbEMoxyeM07RL42t+vmk7W6iuJxaPRTTdh10bpVMDu0eT
+yDnp9aq2drdfaFaNhgckKwBxXaXKwtH52wEDuRWNJqVgGKPbINo5YDrSTNuWK3Zg
+38N48m9iS2SQA2cYq9aapdJCIblnjKn5WHar32GzuxvjTAPYHFJq7W1qkEPAbpgU
+eRMlbZlqHUjdW2cguDg46fWl0KJ7jxIWIysEe4nHeq1oYYrNSD0GcVueFICIbi6Y
+YM0mVz/d7VtSWpy15e6dATSGkJpO2a6ThFJoppNFAhj3MUf3mFZGqXUdy6BMELU8
+GiXExDXcu0d1Xk1p2+nQWw/cwgH+83JqrWFqznorC7nGUgYL/ebgfrVfVdGa80h1
+UZlQFlx3xXXT7RE67yXI7dKrImxAw7c090C0dzxIFkk2SZznByav2skk0qFDzjLH
+0xXVeLvBzMx1CxA2Ocso7E1xdtI9rO6SDb2NcjXQ9BSuro7bT74y2z2rNkA4znNS
+tpNreyGZTtJTHXpXJR3ptFUhyNwzx61oQeIvs8flocnGCcVm1Y3jNPc04mTSRKGc
+Nj7g+lc5qN897dPcHg54x2FNu9Qku5Bu4XJp+m6Re61MIrZDsj5eRuFH1pxjqROf
+3Gr4etLnVL0LyE6s3YCvRLeFLW3SFOFRQBVHQ9Ihs7IxIoL5yzdCTV4xvE3D/g4r
+qjCyPPnPmdyQkH8aCaZv28suPXHNKGBGQc07MgDn6UUhNFAGmqHkscewpjnJ4qZh
+lKZjJ/CmXYrtFhSzDkn+lMWPAGOhHFXJUypHr/hUUe0t5ZHJGV/qKLisJDtKmNgC
+p4wen0rl/EPgS0ut09rFjOSUX7y+49R7V1DJ5b5/hNVtb1mHRdHlvJ2xtwqcZyx6
+Cs5JM0hJpnkWoaBeW0525aMHA/wqrBoWoXMwSOI7mOABySa6ifW9W1KASBLe3twe
+bhgCfwNNi8XQ6XgpKbmXp+7iChvbNYdTp5tNCzpHw6uSY5dRnVVz80SHJI9zXZix
+tdOsRDaQpDHnhVHU+tSWFyL6yjnG5RIPmRuGQ91PuDQd1zc4AyqV0xSRySk5bkcc
+eyMHkHOanWN2HJyOvNSiIAHPvUuAAvvxVXJsVli4IBwR1HrTXtznrjPtVhky+fUU
+7naCfUU7isUGhZejZ9sUVcdCxxjt1op6CsWs/u/ypFHzfhS9Bj3pT1yKg0FwGB/G
+q7Aq4YdRyKtIMg1E69PUYpDB8MgbsaxtZ05NYhXTp8i3kzvI6j0x/OtUuBGUP1qj
+JJ5CvczSrGicszHhR70xdTy7XLS60y8bR5jmKGMNERwHH96r3gfR7aZ5NZvFL/Z3
+2wRkcbgMlj9M8VDqeo22t+JZL2V3Fq37qM9DtAxn8Sa6fwtAunatPprOJLe5Tzrd
+/cDDD8ufwrFW5rGzb5Tb0xwLad1BCtIWAIx1AqzCjIAwOGPWoogzyunyhSR90VfE
+f9DW2xh1IP3jORk9anVG8sbjyKfgA09edwouFiJ+GH4il2ZUjvQ/b609SN2KYC4A
+GexopkzHyyB1ooSBs//ZiE4EEBECAAYFAjpWjyIAEgkQx0Y2ObLXeV4HZUdQRwAB
+AQfRAKCSnx3toHhFsCAaIsCRkmFdI4Hn9gCbBDKIqvBEjybcnaBW+iZufcjAzsfR
+zNf/AAANkgEQAAEBAAAAAAAAAAAAAAAA/9j/4AAQSkZJRgABAQAAAQABAAD/2wBD
+AAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIfIiEmKzcvJik0KSEiMEEx
+NDk7Pj4+JS5ESUM8SDc9Pjv/2wBDAQoLCw4NDhwQEBw7KCIoOzs7Ozs7Ozs7Ozs7
+Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozv/wAARCACPAHUD
+ASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAA
+AgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAk
+M2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlq
+c3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXG
+x8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEB
+AQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
+BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5
+OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaX
+mJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq
+8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD2aiiigAooooAKyNb8S6boUZN1Lulx8sS/
+eP8Ah+NZXjbxcdCt/sdjh7+UdcjES+p968fvLyW6leaa4mmlY5kkL4AP1qXLsaQh
+fVnc6l8TdSncrYRRW6Zx03t/L+lYsvjjXnA8zUZY8nI2kr/QVzlu0b8+S2R/HvJN
+WFgAYuwDFuvJ/lzms2/M2UbdDrLPxlrETK51CRxn7sm1gfzrs9F8b2d8ix3v+jyn
++Ij5T/hXkQj8gZX5hnlCMZq9YShm8vzDt7HuDQm0KUUz3ZHWRQ6MGU9CDkGnV5VZ
+6xf6FJ5qTlY8/Mh5Vh9K77QNfi1uEkJskUZI7EeorRSuYyjY16KKKogKKKKACiii
+gArO17VU0XR575sFkXCKf4mPQVo1wHxXvfJ0yztw+N8hdh3IHA/nSew4q7PNdT1G
+a9vpLi4kaaaRyWY8KDRYWCXkuG5Qc+gzWe8mWAUYz19TW9pbGJAScZ6msJuyO2nG
+7NOPTrcxhAMdOmOKp3eg36OWsw0qY4x2rVgkynIyfrite0bKDBrBNo3aOOtvDWr3
+dwPPjEKDOS1dJbeFJYY/3UqKxGC5TJ/Wt+Fdx4HNaMUSlM9yK1TbMJ2RwWo+GtXe
+MiaZLlByCo2mpvCOpTaDrKpdEmA/KxIwVz612rR4PPWue13T4RcwXBUBWYI5A6Z6
+GmpNMmyasejghgCDkHkGlrD8J3ck+lfZ5m3SWreXu/vL/Cfy/lW5XQnc5GrMKKKK
+YgooooAK8j+LF4ZNchtmACQQjGDySefy6V6jqeowaVp099cnEcK7j7+grwXxjq1x
+r2ovqYRUV8DaCTtA7VMmtjWnBv3jMgjM0wAUnFbcCtHGFHOevtUek2RisUmkwS3O
+4HIqeWTaP3e0HPzMemfwrmk7s7oWSuatk7BQG71v28OFUpjHt2rj7XWreH91NLGW
+PQ7W/qK6bTdYs5IgFuI8njGajlsPmubtrmMGVuAo5q7GxWMcZBH51nmVDaIqMpEr
+DJB7VcWf98Y+wXg9jVowlqTtIpGP6Vj+KNv/AAj1y4xuUAr9cjFajHnHWsvxG6DS
+ij8h3H6c0yUW/Aju/n7xg7Rn6gkV2Fc14Lg22MszD53IBPf1rpa6I7HNLcKKKKok
+KKKKAOQ+JchHhuOIMR5twufoATXkjOkjqqAHLYAzxXq3xLikl0uzKAkCYg49SvFe
+YR2htbqKJyN3JODnNc837zO6l/DSNOLeijyuy7cEZzVG50jUbsmWKTamTny1GRzV
+4TAPtUZ+la2nyJbBWmZogScBhgfnWN7G9jmrfR7/AM7ZJdq8GDw8Suf6VRtXubfU
+FjMZR8jATjP0r0jfbMM7ULHvgVyl3BFPreICruTglTwvPr60+buKK1NeKe5S3W5l
+iaNmHBTgKfU//WpJ/E13bYVJxM+MnEYyK25LKNtPtkPCK4U/TNYF94IinuWfcUVj
+uDxnBBpITa7GppvitLnalxZzRseN6pkE/TtUviOVbmC0jhdSGk+b26VlGz1PSpkE
+Vz9sthgGN/vr7hq6PT7Qajq9os4ZI0BfYB1AOcH/AD3rSOrsYzVlc6bQrZrXR4Ed
+drldzD3P+RWjRRXUcQUUUUAFFFFAGN4r06bU9Blhtl3TIQ6qOrY7D8K8fvraW31J
+VmR0ZQPlYYI/Cvea8q+IVi0PiFrgnImjBUY/P+VZTj1OijP7JyP2n/SMnPB9eldX
+pV/5kIRsbfQ9K4yTMbhmyMnvUg1FoGYyI4THAXoPT+dYONztckkb2v69ZwSJa29q
+gLf6ybYPlHt7+9Q6JdWA1NWgYBMdBXOzTf2id0aFg3anW+l3Fkv2tmcL1A/wo5VY
+Sl9x6+ghnswgcEOOcdvemWs7zQHgSMjFGK+oNcZpd/Kl5Ct1JMIVAOA+M/WtGzu1
+0nXHWObdbXZ8xCT3PVTSuRyHTymN1QeUSwYcba1dHt1W5Z2xvVOg9z/9YVmC583G
+OM9BWtoTectzN/CZNi+4H/661p2uc9S6ia1FFFdBzBRRRQAUUVi6x4v0HQwft2ox
+K4/5ZodzfkOn40AbVcX8SrHdo6akg+e2ba2P7p/+v/OsDVvjhYws0elaZLO3Z5m2
+g/gM/wA6525+I+t+IQ+n3ywQ290rDy0jwQMZHJOetS9jSKdzm7i+USAlhkZ56Dr1
+rd0vy5o9r4cuvzcg54rjLzNvcFMY55xW3od8FKx4GR8zMemazlG6N4zfMap02KC6
+bEcTJ6Nx+tbumPYyRrb/AL+Jc/dBEig+wYcU20FtqSguuMcZ7mtCx8PrDMZGkJVG
+yB/Kuf1Oly7Ej6XcyebgQ3IZTtdl2OD26cViw2lxeSrayYTyzklTnbg9veun1LUU
+021IDb5Dwi+vvXOaVfIJZJN4LF8YHuadmTzHTqZEt/3eTIFwg7lu1dnpdn9g06K3
+7gZb6nrXn0mvWujeVqOoI8ltG6/LHyS3b/Gu20TxRo3iCMNp16kj4yYm+Vx/wE10
+U1ZHJWd3oa9FFFamAUUUUAeF+KPijqurI0Fq32K3PaJvmP1avPbi5kuZCWJOTyfW
+mzOzNinwxBRuPXtSNCe3hSIBiMv/ACp1vcbdThkbp5gz9KYzEL9agcE7vXND1Hex
+s6raecSVA3jkZ71nWdy1qWjkG3sQRWlBdi8tQ+cuvyuPcVFMsc3yyrz2P/16yi2t
+GdE4p+8jWsfEMNsU3H7vf+92rdt/FyiI4Zcnt6GvPmsyv3HB46k4zUiQTRKF3gAH
+Od3ehwi9SVOSVrHT6nrjzSYMgJUjknOKgsZnS4MrMVRerY/zk1mafAly2W3SAclg
+NoNWPNaW+kUDbFF8qovQHufr/hVqFkTzXNG+v3v5T5oxGq4WM9AKxlMlheCS1leN
+kO5CrYI59a0XOPvAfX1rN1OPPIB5TB+lUSekeF/ipNEqWutKbhBwJ1Hzj6jv/nrX
+pWnaxp2rRCSxu4pwRnCtyPqOor5ht5G3Dca2bW+mtXEkEzxsDkMuQaCeVM+kqK8W
+sPiPr1rB5bXImx0MqbiPxoouTyM80jh8xyxHyg1KVx1qxEEeNfK5FI6euKZViq5I
+FJDGZA+Occ0sik9BVaYMqZUkFecjjFIksQtJZT7+iEjcPSt63W1mUNIRjFc9ZXhu
+D5FwQSwwre/oa3raW3+xlGwWPr1FRUj1RtSl0GmW1jdlWCNz2Y/40yCBNQZijq0a
+NtKp/X/P51nXk4RJdqYBPJJHJq74a2x6XM4I3NJyM46f5NaQgkyZVG9DRv7hNPsW
+8pQP4VA7k/8A66g06Hy7dcnJbkk9yetU9TZpr+KHnKfO2fXoK0LYqYh1x6ZqpPUm
+JKy45z+XaqV8AUQ89x06VeccHA6896rXSbrZj3Ug1JRjYKsQfXrVxX+Xg+4qCVQQ
+D0NOhJYcdTSEtGWVkIyFU/gtFJGEywbA568c0UFmUomil/dAtk9B3q/nzBjHTqKW
+BVjIPU45NMPDn3pkLQY6jBwRxTIoxJIE7HjmpW4/OmQcXC+maBdTG2FHdckFDxWp
+p7yyyu+eMcD/AGj3qpdLsvpAMdTWxpkQjsVfpn5j+NVFXZCIL6N5YhG5GeWA6laT
+w/c+TJLYy4Al5TI/iHb8v5VYlwblAW6qMZ9c1mztgSleCzAKR26c1T0dwL1sDNPN
+Oed7HafYcCr8MnlSAZwrdSfWobSLZCij0xRLlXHHDVBojSLZGSTz29KYFDK6nncM
+VHbTCSMqx+739RUJvWz+5A4/jbp+VIZSnGFOAOKbC3zZzjr0pbjvnkk9qihyZAB3
+4oFfU0IEO05BH9f0oq1hIkXIySKKBn//2YhGBBARAgAGBQI8ZiQyAAoJEMdGNjmy
+13leJSIAoIx0Ql/m4Gf4ZZeFQ1Of+zq6499DAKCHBzmIEtE740kuUl5HGNvCJ4Qb
+MLQtUGhpbGlwIFIuIFppbW1lcm1hbm4gPHByekBwaGlsemltbWVybWFubi5jb20+
+iEwEEBECAAwFAj6+zxoFCwkIBwMACgkQx0Y2ObLXeV4M5gCgnemzKjFcpG5MpeFC
+TjVg24ptLhsAn03rO14zwfdxKS9ZSuGLeBG+d/eUuQMNBDpU6CcQDADMHXdXJDhK
+4sTw6I4TZ5dOkhNh9tvrJQ4X/faY98h8ebByHTh1+/bBc8SDESYrQ2DD4+jWCv2h
+KCYLrqmus2UPogBTAaB81qujEh76DyrOH3SET8rzF/OkQOnX0ne2Qi0CNsEmy2he
+nXyYCQqNfi3t5F159dSST5sYjvwqp0t8MvZCV7cIfwgXcqK61qlC8wXo+VMROU+2
+8W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZS
+Tz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI6
+1Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/Cl
+WxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgH
+KXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVelMMm8AAgIMAI1R
+XgrY9LqHnvhnc1oGwhB7mORU7jwxKiGMLqzb0KM+GVTv1xAhhaYGm41/CuhnrOW3
+LPpjYWbrlXQh+9WJxHvO8UUI6FqEy6TVyv5Cn3fo4wSr2wtkbFOMKWDCscZLtikx
+JmsQLtuk6YRGOjgX+fliYIckIfxDMI5z37zSCNUSweIlUAGsLzLKSMovnHVX89IC
+sThC0wtuQE8aZBg7DxvHqMIeg7jdCNTNupF8EwdmpZUnKgghkKn6fXdczj4079wN
+WxnxuNyHQsg7IytPzmfbjJ9dGU/SzsEWMubn0mOF/h2O4laKQlrBYROXKkDLzo5h
+FG7AJsjI1q4F5MrL5q9m8Xagu+nAfhSe52kLTr87SOSPaVCmf0QRTDXVHA7qyr3N
+hPABTIp6s3TRxsJ/KJmXTUIijRu1xM7qFArdzrs9qWgn2VUfz+Yfsu6qQwsMfm6C
+SnOZ53/xKit+pWRqSd7pviZHJIUIFdpVmgqYMfNwfahJIyEz17HKHp3OLVsa7ohU
+BBgRAgAMBQI6VOgnBRsMAAAAABIJEMdGNjmy13leB2VHUEcAAQHlbQCg+N+fI3bz
+qF9+fB50J5sFHVHM7hYAn0+9AfDl5ncnr4D7ReMDlYoIZwRRmQILBDxUyXkBEACg
+g6vxNPigg9FQz14CkPtR/dEq3sCjK1r4+2oyeoRno+pqZ6Z7ZfphgA/q5woweFAG
+Og17KD2WXegoQ5pXbFvP+w9j9zm3g59XzTRSzZgScelTibPnKy6g8r8GDAY6IQra
+R6pxe4297/NznqvRvKpTt5g1XP5LyjVBsEv9HAYJE1vyy10qSQRtEz3QunUzfELN
+C4kiYNMZOnmgaFeW4APIIhWDtrrxqW3Ofjp1K4DAhqcnayrfvYbOtqh0sxJ246kv
+Vc3Bc9pH6wDw/yub2deuPq6BZBLBJwrtu/20qD0nsZ9is/5j0aL1MZuVmr7xKYqe
+ehyzJ1WdpJK52qng9natYedS+GefKDIw1Jq7ppQNWfVduTNITFTF0JswggjQuPqK
+T8Td5GCywQWN/kGHbp6EdybiUXZ+9fp4eek0UB5M+srSwbkF4hQ0mBrqlsaoji4C
+uXjc0c+Zx1D0pGfqqBCmvEV1tLul3U8h0TzR4opUA8mLKegQp5cjh/dHz7zTPDxV
+gSr3blJ9FxI1Z69th/+jJj3q6joo3uW/5y8qQCrzdSCzs+TDEWwucZtJIuIhTct8
+AMPY/Ayt+Pf9jXfI+xSQgz3r7Eu5o+rEu02/cthaOc4b3KYDtNkjLKszgiext1BY
+Oq06R+Yyh2qgsg9azzkfudvvpwhCpJ7EOxcdaP3bxwAGKbQlRGF2aWQgTS4gU2hh
+dyA8ZHNoYXdAamFiYmVyd29ja3kuY29tPokCNAQTAQIAHgUCPFTJfAIbAwYLBwoD
+BAIDFQMCAxYCAQIeAQIXgAAKCRDbaY1xmSQlYCQ7D/9MCQd8s1ueGLy81tlxq5LB
+qnSo2cuNQsssxjnskxjbOJId08RdiOAh23fdKXm6T05vTAUAN8oJDsXoaI9jTPjo
+avQ8o/wj94zTm8ni1OoQkTw5wDOte0qbw1B4msSfmeImdC0opJoYz6Nyp+4OXHCW
+fhvmOvAbBvwuchC726NyhGXCzDlfNqFysphgc/epR93AbOHiNKQ0/oJTWaxR0KeG
+j2K+ihOsKx/Tl/0pXVfo7zobAzO+UelHpvH4VMcnaxo2pjIn6eMyDxP4WuiyiqdL
+D3PZI6R6PotPfIdtzCmKJzAXBW4SIBp9ZHdFXs8P5E8oYKBbnO1TDSAtYG8EnqGk
+bbZvCVfd0Utz4miEpvv0EukdoAoqSLz7ZKStrM2jlQNIVVRFbA89srSAZYSGN3s4
+TA3LSxmDaw4Z6gRWBhOtuAeIfhLQ+QTC9h8aqyfWt2nP+4qA8du0FHJANopeBfJo
+vz/4sSx4z0PkbQqUS9lnPxqoNqyqUzP1Ocpg7f8yFYvY28Xsc25c4ImI4ADxlo4r
+/sK00k/vxcGUhg7wE0Xy9r+Rp31GMyUpMd3zF5uD2/qNhd9vVxKM7sWDZuDjczOJ
+yodWjp2DdZWqe+AOvapAvPCQIwWc++Y/xOgina1V8uqadA+Ntc0+jhTM/E3smOfL
+3A0cJIMKSYaU4kfTts6h2rkCDQQ8VMsEEAgA7lKuNHz6iYb+2pAZbxrjp5AHV86p
+btVJQBWpGWkGLERGb6w2hYTL8YXr7JgteBmy1a/+l5ZYjnZFQ8603eZRC1g+/krr
+uWmfiJxE/HtHVcVSDUxXNJiE67DpSdGPf8icIx3c91Xkui9ifS3VMSj1ezWLm5/O
+YF1utTQ5QiwrvzTuaCs8jWDUzxI77FczQYQELuDmHevde4Ke66MeWCJabs9OQ6i6
+1vurJrj1WQQ9pvXOzcbdoQFtAF/vGK82rnr0p5cDyes3S5lCKC4nIhvokHotCf63
+YUU6afG9OLp/ASlcp2h21vmtDp7xSg6D7Ivn5cHtHnBvChG6vjQ9IO5gdwADBQgA
+nNF7z5VcV00LbYQxN1vX77iKwJ1aEZVSYMrJnvthtJPM5alAsOQRRe85pgZsBfd2
+xgKbDZFsQaPei+n59nMPTxl68YsrYOWaBe9IRnEKBYIHSVwDAGsEdxyOKgphNO7c
+QKcpRWdeqi9FQ11cWVLZrSqChmT9Z6uYGLDabKwAhYl6TrEQ2J9OzM586LARZHb8
+m2MOcGrla+XZZannjEVfaei5on8IuhOLalx/vx74C1qLi9B1fI/JyCsJlMQujkDr
+pz80hwIyavutLB9TdQZn8TuNqL/m7cpU1YMbNIa/1Ow2Cio7zrhr/FvTX4KgMaGq
+6ukx7qWDDbME96BF57IMtIkCIgQYAQIADAUCPFTLBAUJEswDAAAKCRDbaY1xmSQl
+YPGsD/40gsxyQv4M8BFfPgnPEOYlSEBwpibr+XRdq7q98n3F9ZlXjJHq74RhX6ao
+tL10wpeMb6fcFKhmaMu8Nhx4PUP9+h11I7EwmMeLn2prG/sSbsgCY4tsEW08NbDz
+cXdj6+KvekpE6lYmOa4ORQTEODx81d9R8DxcqUCYHYn+iYMbEDnBZmHgPc5hkGvB
+Nj2F+dGs4n0iBvxFSBoTSzHb9XksG3/cq8DdW59McJw1/nTyN2kLIvGjNqSeV+2P
+2oeh5NRJAHs9X5W+Zar+sqvlHDa1e0jq2SrMhWdOD1qgTX3BzFyuhWW3IJLdcyFE
+p6NsC/L2eJdkWwclT1xhEvm8LEsB21ndE2UNpIjOUcdFvEnYa84Di8ZpIvEvngG6
+q9tm5K14DXZYQczsN+rrOXgTYfxbEuCzpFCg1DZaRQmWkXcywzo7F2YUgw1nFe9T
+lIrLJgXZcjg+ho3UNmquVr+qNV1IzYCkE6I70J/Q3fuXOfVdM2V0JQTaWfBOUFow
+wVNyzI5XSl8TTwslsGN8roEAGBR33JwhBy6TldhErnR1pvIOVt0kkGXbEqIIYONv
+fsdd2LIFZUfyegh8oFCJNDmKObKnuVyZH53Q3bgTn06D5TdBaCK9usVqUe+JZ1K4
+VLy+20kSiBqaLkel3417o+bqdpL3Uu8gXy1bsOhyo9m79ug8ookCIgQYAQIADAUC
+PFTLCAUJEswDAAAKCRDbaY1xmSQlYGW9D/9ZQP1N5o7Ndm0Nh3WJ6oqSmjhWUQ2f
+AZJqD/4U+z2fqOCQwI5QodSN/DJPRfbx4JnibPkui/8YBktB8SxhoqyD0W7oE5h0
+Xvj0+LeJ/ByhdZCgR/a2RAPu9D64xxh5p/7oyutI2sdLrsTs1OCeCMdaMz5ptrdb
+oGpk4Wv94m1TOC+bztrRhEjDLrEJIPotpOYdSbq+moipSVJBMv9NrxfdeVb40Y4D
+GGqtfsggarquJu9Lnq7PfrCdmdSzQcLI28yP1s6V0f3MZxH+stzTxtCCIsFjTsgx
+Ubuxa/WYiW3qM+At+B6B3HDhBvjFdg2OBP12/2I/2ZiDQdZbUZJ42ND7oi1k34Pd
+fExpCZRMWGr4UTJgtGqlCqSlTLTKmzxkI8d7Z+PHt7uQbew/GnFkzsU+VKtpfpIl
+m3ym+0CgP6ap/nn5B2kSvf77p9iQQXHarl0L3cW7sQMlnPy8L5AqPWkg5+C/ihZW
+gJWT7ujwnbrkrzddJxdBGEBvPNWEoCGzKBp6E0TXxgKfsp4dbszXcGLaaK/cUV2x
+MgVLogjCPnAwaP3l60rc2nb3gV4JfVP9ogoI/Ikbf9nVeruT9dhVWZgNmvj7rRBV
+VN7XjF0VN9ou7N3xuEiRaetd5pmr+Fme0HDCsSlVQuEOcP5LCGQpcwHMdz+DFGvW
+OyACu33k12k2prkBogQ8VMvbEQQA9YjnqxRaPgKrbhTQqrzGMYBuP4QlbsQeEDA3
+y94jlPK++edfyUGUTnquXHDKmPnLwsqszYZCsC35nVP8FOsg0eATYYAj5A9uPDUX
+GQkW1eNQFGoh5p4SxBQZKlVJCAJyVgMxXDtUwDbjQ9CkOONrv1YlajDz9h9yHfFU
+jQrC47sAoOX8LBxMJVdAqGMOQGcI2lTWTfq1BACabalqZ3571+ePoAEsqSxZelhH
+A/Se6oxlfxWNQilDGsgUSm53l7yeJn+8qZuiRm49wMlPZnzLA5isMAh0UyoTSnPs
+8lnZDLbo4/s4H2Jz0+MahJSYtNtSKTNhuJv7Fh/kQGVltAaniUQeecoJK7YxhKbn
+vsXKzg7YEL2DLKDA4AP/RDeDRhK7ehXbkeONeJsOPjvjdATxSa7Io+GIUFB1CSLg
+aHfC43b8j7S5pEiZ8MOW+kwnP35G89h1K89nFpC47Xt8y/5DH4Z/tw3SdaEIr8TS
+L3u/UOK4gZEc5uVhCGBAX/BdIYFWdO2UUjEaO3ox38lgH0HfNscqgN5zCEEc6lmJ
+AiIEGAECAAwFAjxUy9sFCRLMAwAACgkQ22mNcZkkJWAthQ//QCSN1sFaeqFQEki7
+fg6E0n+t7mO+V1llNymp7G8Pq3iSI2d99oijVk2BQnrbhdLy+wjl9LyyzfvvaQ04
+QwAUvJNRgIaOpxkYb3z2tc31ho9eOYsQRmKxVzGWw1ii1OEnMBylsAaG58GpFI/5
+MTfucIlJBvXoESkHSoiyov2Pd1c3hJ/6OuFYbn5dvYplBi2K3pAq12OCmWticFvP
+TBpVlvTED0h+I133oO1e1Rx999u1/PQgLem5qfuz3wLv9r8qkXgy1AqdOEBNsvXS
+o09yWaDTKaZWb6k7viOq6k2aDOi4mr8qgrf8obs6fpOfg6WQw+DRL/T9KUHF0EUS
+PVEMkbMc1V2iHURqXBGnIsa5JAi1eV1cMrp9T25DXWHlEfXRnPPjzTSJyJh2FmL9
+NnQrsmHf8f7DiR7uzCgA8+SZqRmr6o2j0FAPUrV4EmMYB7wTYPwPT7EXXmYs8m0o
+vamXwGbIwT2Z/EGhOc3UdAQF232o156m097tib5HMbTT+8AcjX3TaeXDJpjI35Wy
+bfJ8F2LEWmJsQwPC9MMCfy7SlW8BUqTBaelPvSYoKdLT6FOxtnoAVYn10WRIF7LE
+SySJqENspSpv3ACJ/q1jZN6cXYKFlvKLR5Be/MWtnZ2AXqwHmR/XYGtXI6FRmNd6
+xrb+mP2QwkihMezVT+y2Q/EogXSJAmoEGAECAAwFCRLMAwAFAkQS4BkAUkcgBBkR
+AgAGBQJEEuACAAoJEOJmXIdJ4cvJKsUAn3R2myTGfaAyxiDwL9l3ObofNnX9AJ46
+M4YTuhT9ETVc15IOaHY5VCLcUQkQ22mNcZkkJWCOtg//RVzC6tHMnmZXXA6jslgc
+a2yf/q0zJIULR9azhcraU3yy8OzjVorX1i5Xh5Rr3SmZkHiNUMrOK0jCzyM9ykBa
+58WOwwN1sZoNUQpUtmYja9kj/y444Atf0iIFW9TT4O31j25qEjz7cLZtmv+TnzcS
+IaZekJrIZ/8D74eDqNrfy/WaAi0JK2iMiw4dqwLtIc2W7UTtXfSgiAtNrkp4smrO
+6AUI2Xas7D+3zZiMlIv//W3ZSTF0vHtyBdmvcEPrs6DdjhsM+L7QHLnxD7HD86cv
+Vh+9SzHelc5erhSWbwKMcZKykQ3uHhU9XCt60MYdbc8HHW92g0e9nEipZ7iS23uD
+mzoKvfihtho2+j1w5uKM/S6N/fditlWJ9qHvLHVPLNKPp4DEHo4ns56LCY1cRUX7
+N4TOWu2iVSdtzg8NFvhfnKyWkUTCYFuU64Jiq9XcJLMAn2AY02RzQcF8LwbgzdyI
+NK9pC0y0lH9ZrN6QyGinxILPVtwLsWO17JpDvKQf4+rmR9nHQSsvGJ/FjCDydMx5
+HaT+TfC4KRR8BBgTDgZkq6cllbeC1qgCz3LXgai9pIlvT9httrVcpOL0QHnKM5jd
+7R8JZ1dt5qlltuWsC8Dw52kEGiBn095qmY1FFd02BxL7y7sxHp81m31yTErho+HQ
+lcXTIscl65wt2LwowPG0n2iYjgRDt/rHAQQA0JkZeitcyQMqk2xGd/5mGoc4+YNw
+Qo8OSmVwIvY8UAI3tBorhF6ha9niaqZU4vdldTnXMU0j1oPckAhOgRPaOvaEZhYU
+TF0F/15piAF5dkZQ6dsmXVUkPNYMZTpkc2nA+IACBiOmygGBkLFuXvHRW1i6SNz2
+8iRH/UZcYLi/2iEAIIFWUJm0Jldlcm5lciBLb2NoIChkaXN0IHNpZykgPGRkOWpu
+QGdudS5vcmc+iLwEEwECACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCTS2M
+twUJClROYQAKCRBTtiDQHODGMPB4A/0U1DJR9LbkWuBs8Ko6KJoKLMVI6iYNJBhA
+tm3dxWeUxA16eYDWW/b9Lk5KnjtSWuGOeqa7MCsXnkyHkO88KE9IcM3mFnhfFN2q
+agd/nRchl9MPsdOgf/ug7j72Alv2V8s28R10HTjfwySe/omXWwK3qn8ou6N7ID+E
+wCV7i2e2u5kDKgRHeRfDEQgAnwKxwiRUep5JsTYlvlBODwFt20JWvSVhagsLuFai
+5DyP5R2+acR33/Bc8tjvPQcQ/+oV0g8dkpVZgBhzgiYUocdb3zRlWDbCZ9qDSudI
+p/ZBrw9PplQAn8uTMj1fJrTHDjNqdfMFlbjHdoHmG3TWIAK35/wzaVP+fTOnglKY
+V5GBA3BAgamUSo0gdSTRJ6hwDPoHOX3OFZWHWfh2AaxGU1/2Sz2YOZH30e18gOiI
+Klj0mND62MQzsRro8nkracmYZpE+3s1c6CgSPspY926Sjq5Lii4wd1uU54Aiy2L0
+0f4O8szcoLf/rq6czTvOSrBiwVQ5JEoUrMIjyHrbdGRQfwDg/A2sKSzVE19nOszO
+ndICn0vPw068V+j0uQOWcwf+MRAaZ45wq9kY5204uJXDS4Pm9uXPZa209Ul8ra1I
+n1EG3DhJAnn5Pl+yT6FP8dw29Q7gveCwGjBX1NqOhlj08wTbRAQbRqYODLOUNcNY
+NYA0RKSjN5hiD8nCyl4QfiX4vKRfqrwakYgN8Z1mQC2T9NPWXy2PvJzAdOrv+fcy
+nC8s/of84wpqSCXRa+cUKLZus7SvEJrNRhtTDlT0NbwlAh4ksCGu1dSrZZWCCLB6
+ke7CF7k0poiyePE6tTWOfZxNYQ+yYnHHIIcj3l+dqJxXxMOahxDyaF4XDo8Urmts
+fVPYu3KSZ8yypyAYXWWu00Ibe/4y+Au+UsvnxMXhEp4PDwgAlAU/s1FMwC3sxjmR
+r8Z/NjjOq0f5dplfVl3qShAfiAzxtSQcKn5dX/NP5iPIYcJK9i2K8oXebvnHnEcu
+9ffd3T0pwGA2srBv/rCFcWM/TOHaFkFYUnvRDiZ4FnL2D+Wwlg8m5pQWECYApKxV
+KjL0EyTgpJaam40Jv7sV2lrpvXUgMaeWHhwiqgSC1J4wVS6Gq5ldG3Fl8KLWYlxX
+d1qZwR4xP0Ep8nBYd9+Pm60fCk0p5kvr+iPgelvlTnMsx7fvFqV7qNWEuKJApmb+
+n8yJX+h3FSTiU/Haaqc8jIap+GGE9C20QvaK3NiqMdIc2oqLPStBKCn+TEUBDLAB
+wHTNDLQcV2VybmVyIEtvY2ggPHdrQGcxMGNvZGUuY29tPohxBBMRCwAhAhsDBQkU
+sIqNAh4BAheABQsHCgkCBRUIAgoDBQJHeR6AAAoJEPKthaweQrNn+kQA33yabKyY
+9z1ujVoxcLF7ROc0mSsX75srRXIjxTgA4NKwgnV1GN1QL6bKH4G7AFTgmJMQjWLy
+wpguY3G0Gldlcm5lciBLb2NoIDx3a0BnbnVwZy5vcmc+iHQEExELACQCGwMFCRSw
+io0CHgECF4AFCwcKCQIFFQgCCgMFAkd5HpcCGQEACgkQ8q2FrB5Cs2eXYwDfUNqv
+I0xrFP47l0+sBBD5j8Z9H9FygT4ZuVZOxwDePf9XYQuNja+MQUqZEtZbvilME5zf
+5wUMo3sVtLkBDQRH47TPAQgArMK+fv08+pw2sCF0DQtk717TSyHmcmn8e7ndGXEB
+xZWy/sQWoZrKKr5/gmkCH3O0p/sSZhijfCzTeElFO0ASFaSAvaXcQqhUnjEcI4ic
+3KLbI7fSqoqgvkJ8qwfIFovb8jMO/tBQgNmYAODTBlnLq5zJIvTvpqEAePBZdd90
+SGiC6vNADZ04D5Pbl3ZdXNwakv1y+eLc4jnYPcAkqsf8U7/ClpGcaADPLC0Kp1lN
+6lYBXRV6QXpEa0qh2JT4PGu7981hFVvKjBdvClbz6E8I3aSny8acUF6bBRV+/H9k
+2lW9xrD7+E3obBXJ55CWOL4ynoS69ii2XyVQxyWz+a7ZlwARAQABiF8EGBELAA8F
+AkfjtM8CGwwFCQcajaEACgkQ8q2FrB5Cs2cuqQDfYDr3l9GbFNxAZSv/HSXKcZ5M
+Jys5TLffQYPQXwDfRzV6imKyGJmI6tAaDVAgLDNld64LDP2wrcOezLkBogROsUyG
+EQQAlCMDC6m1nkcdAK3MV884airO5/akCJhT0CWjd6LxbM27SremsW7HSaUoOSNX
+SXpPgktdDcA7y6Y8cXteGm9+/ZHwNoXgYWnTpWjk50qLre0iCNLcpT1V0cMEev5B
+/2YXOiog/7obnI+tjG/y7V41bNzAceKehSFbSi5hyz7EAZMAoIbBb88QRdsh1RKm
+tHdVXsjuvldpA/0cp/wmWwWEfWMGKvtCk5i6Ayl8T6YHRjtqZwnMFrNbjEssulkQ
+0XpDGRcAyO92utp12sl7h8DWl4OSEFh6rnFVJPrII8YQXahrAchB7Mtc5AzDFFmg
+JqvJdp8WEVnx+nLl9shaRifHUSdLwdt909p+1CFm8ChDl7+eZE7YbvEWGQP+JNA0
+DHFqNSxCFzs667Cnic7op3BkaUN13zNuR1aVpepxUEhkk6LfiiHmQON7QHVAqvtq
+/TO0svyy8nAeFhlWqcXX84tuoobmnsCowa137CXYV/SD7JVjy5X/b6cbs2sIty37
+eJLjoffnxQHvN+azf+JtxtTXhMTedhBQAgdlBGaIoQQYEQgACQUCTrgQCQIbAgBS
+CRDyrYWsHkKzZ0cgBBkRCAAGBQJOuBAJAAoJEE8FQNV3+V+VkpoAnA5MTmFbkcoM
+4N4OYwb3YGMfoAD0AJ9j2e0iEo9fhMfcSoKG9xssLopUTOj0AODNadm6ajGAly1I
+oam+eLSbqxHfSkQEHOxhMiFjAN9q4LuirSOu65uR1bnTmF+Z92++qMIuEkH4/LnN
+uQENBE64FVgBCAChkCmMrdCKW/PWuBQs2/lcTqz3i33KOUCynyj1aOzen9HUJVHy
+mJnN4dZTjq3ARlSTuCSoJmQwcmom0wjDS2L9qqCnUctdyIoFxTetnMP3JkBhJ4j5
+IxtwkTznWa0SgEjvBdNUkLTBG/3lgfMFoqlQNh1or07wsHS+LlvaxvFnqMozssKq
+YLC9mTVqWfXvTeRsCzYLvZ6jy4rqbJnDIJzHgqV3K6cyqA5NcZqoWj8OQNUbS+sV
+CU8nkYkDYQA7wm2nwolEfROSdFtSTmL49PNQS1V3MUdLUb7SfsDmwfm59SDmJUp4
+iw3F535P/ei+G5cBYzHO0jN0nzUH/sfM7njjABEBAAGIXwQYEQgADwUCTrgVWAIb
+DAUJBAqORwAKCRDyrYWsHkKzZ6TKAN0WMNFzexmPvciaqa2LyUVUI/ht3suw/tlV
+SGDCAN9tCWF1UFBrQORgcrpgQBfNKPkUdAxxyiDrXfZ1mQENBE0ti4EBCACqGtKl
+X9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3IUe8TuDrGT742XFncG9Po
+MBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjgjvDAH8cZ+fkIayWtObTx
+wqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7KRw6B5ucs4qSzp5VH4Cq
+Dr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8uqA35ZiyczUvvJSLYvf7S
+TO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB1BAY5s3FKqrkaxZr3BBj
+euGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChkaXN0IHNpZymJAT4EEwEC
+ACgFAk0ti4ECGwMFCRDdnwIGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECSb
+OdJPJeO2PlMIAJxPtFXf5yozPpFjRbSkSdjsk9eru05shKZOAKw3RUePTU80SRLP
+dg4AH+vkm1JMWFFpwvHlgfxqnE9rp13o7L/4UwNUwqH85zCwu7SHz9cX3d4UUwzc
+P6qQP4BQEH9/xlpQS9eTK9b2RMyggqwd/J8mxjvoWzL8Klf/wl6jXHn/yP92xG9/
+YA86lNOL1N3/PhlZzLuJ6bdD9WzsEp/+kh3UDfjkIrOcWkqwupB+d01R4bHPu9tv
+Xy8Xut8Sok2zku2xVkEOsV2TXHbwuHO2AGC5pWDX6wgCE4F5XeCB/0ovao2/bk22
+w1TxzP6PMxo6sLkmaF6D0frhM2bl4C/uSsq5AQ0ETS2LgQEIAKHwucgbaRj0V7Ht
+0FnM6RmbqwZ7IFV2lR+YN1gkZaWRRCaJoPEZFKhhPEBX1bDVwr/iTPaPPEtpi7oQ
+oHk65yeLrhtOmXXpNVkV/5WQjAJIrWn+JQ3z/ZejxHULhzKsGg5FC6pRYcEyzRXH
+tv4BO9kBIKNVirZjEkQG4BnIrQgl6e2YFa47GNMqcQH7nJdwG1cGQOZOIDQQM41g
+BzwoSrStMA6DjHkukFegKfcSbSLArBtYNAwTwmW7RqOMEJwlo0+NYx2Yn75x66bY
+wdlsP0FLOgez/O/IxoPRxXr0l4e+uj6dFHqvBi04dx6JsPmXEyeAyLiCWSh7Rwq8
+uIhBUBUAEQEAAYkBJQQYAQIADwUCTS2LgQIbIAUJEN2fAgAKCRAkmznSTyXjtrsS
+CACRNgfGkD0OqOiwYo1/+KyWnrQLusVvSYOw8hN66geU3BO8iQ0Koy+m0QKY1kWj
+aHwewpg8ZebY4E2sHbNIC9Spyiyz29sAJ2invf4/4MepTgpxNiw4+XmykCkN1AfV
+hvMTQXMzRbO5ZwRtPpjsMr1j5vX1s6U3/RxSAItpAkCu1GGTTOH0r12Ochc/um+Q
+GAyO6WUj/IiZ1MX7toXW0SCo8DSl8z5Q7KmJWF6TQLK1Lku4bIVG1Huwo1/0WHc2
+vCad5BxHjgoy8TsKLTmvYQZWtnjWvQGV2UOABYWcacutZXQQ2PPCIY7LlpuS/45C
+XWbT5Y+mxY3y7dbz4aF+8uyCiJwEEAECAAYFAk0tjQQACgkQU7Yg0BzgxjBGTwQA
+i5qzI6cJslbyOl+TeDZVnLV0FmPuDg8dojvQrVDPxfemIjxZZoMLCVM8ly8AC2JP
+rIYfN040C343saIc0tTtOwwmVMuy7G/Uex22CdWH/0HBMpG4gFuOuQmW9QQDjEdh
+1DgwU2gAWonX54ZlMybWss+2NCikRwMflVUupH57Bas=
+=WK93
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi
new file mode 100644
index 0000000..200fed8
--- /dev/null
+++ b/doc/scdaemon.texi
@@ -0,0 +1,731 @@
+@c Copyright (C) 2002 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node Invoking SCDAEMON
+@chapter Invoking the SCDAEMON
+@cindex SCDAEMON command options
+@cindex command options
+@cindex options, SCDAEMON command
+
+@manpage scdaemon.1
+@ifset manverb
+.B scdaemon
+\- Smartcard daemon for the GnuPG system
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B scdaemon
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.B \-\-server
+.br
+.B scdaemon
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.B \-\-daemon
+.RI [ command_line ]
+@end ifset
+
+
+@mansect description
+The @command{scdaemon} is a daemon to manage smartcards. It is usually
+invoked by @command{gpg-agent} and in general not used directly.
+
+@manpause
+@xref{Option Index}, for an index to @command{scdaemon}'s commands and
+options.
+@mancont
+
+@menu
+* Scdaemon Commands:: List of all commands.
+* Scdaemon Options:: List of all options.
+* Card applications:: Description of card applications.
+* Scdaemon Configuration:: Configuration files.
+* Scdaemon Examples:: Some usage examples.
+* Scdaemon Protocol:: The protocol the daemon uses.
+@end menu
+
+@mansect commands
+
+@node Scdaemon Commands
+@section Commands
+
+Commands are not distinguished from options except for the fact that
+only one command is allowed.
+
+@table @gnupgtabopt
+@item --version
+@opindex version
+Print the program version and licensing information. Not that you can
+abbreviate this command.
+
+@item --help, -h
+@opindex help
+Print a usage message summarizing the most useful command-line options.
+Not that you can abbreviate this command.
+
+@item --dump-options
+@opindex dump-options
+Print a list of all available options and commands. Not that you can
+abbreviate this command.
+
+@item --server
+@opindex server
+Run in server mode and wait for commands on the @code{stdin}. This is
+default mode is to create a socket and listen for commands there.
+
+@item --multi-server
+@opindex multi-server
+Run in server mode and wait for commands on the @code{stdin} as well as
+on an additional Unix Domain socket. The server command @code{GETINFO}
+may be used to get the name of that extra socket.
+
+@item --daemon
+@opindex daemon
+Run the program in the background. This option is required to prevent
+it from being accidentally running in the background.
+
+@end table
+
+
+@mansect options
+
+@node Scdaemon Options
+@section Option Summary
+
+@table @gnupgtabopt
+
+@item --options @var{file}
+@opindex options
+Reads configuration from @var{file} instead of from the default
+per-user configuration file. The default configuration file is named
+@file{scdaemon.conf} and expected in the @file{.gnupg} directory directly
+below the home directory of the user.
+
+@include opt-homedir.texi
+
+
+@item -v
+@item --verbose
+@opindex v
+@opindex verbose
+Outputs additional information while running.
+You can increase the verbosity by giving several
+verbose commands to @command{gpgsm}, such as @samp{-vv}.
+
+@item --debug-level @var{level}
+@opindex debug-level
+Select the debug level for investigating problems. @var{level} may be
+a numeric value or a keyword:
+
+@table @code
+@item none
+No debugging at all. A value of less than 1 may be used instead of
+the keyword.
+@item basic
+Some basic debug messages. A value between 1 and 2 may be used
+instead of the keyword.
+@item advanced
+More verbose debug messages. A value between 3 and 5 may be used
+instead of the keyword.
+@item expert
+Even more detailed messages. A value between 6 and 8 may be used
+instead of the keyword.
+@item guru
+All of the debug messages you can get. A value greater than 8 may be
+used instead of the keyword. The creation of hash tracing files is
+only enabled if the keyword is used.
+@end table
+
+How these messages are mapped to the actual debugging flags is not
+specified and may change with newer releases of this program. They are
+however carefully selected to best aid in debugging.
+
+@quotation Note
+All debugging options are subject to change and thus should not be used
+by any application program. As the name says, they are only used as
+helpers to debug problems.
+@end quotation
+
+
+@item --debug @var{flags}
+@opindex debug
+This option is only useful for debugging and the behaviour may change at
+any time without notice. FLAGS are bit encoded and may be given in
+usual C-Syntax. The currently defined bits are:
+
+@table @code
+@item 0 (1)
+command I/O
+@item 1 (2)
+values of big number integers
+@item 2 (4)
+low level crypto operations
+@item 5 (32)
+memory allocation
+@item 6 (64)
+caching
+@item 7 (128)
+show memory statistics.
+@item 9 (512)
+write hashed data to files named @code{dbgmd-000*}
+@item 10 (1024)
+trace Assuan protocol. See also option @option{--debug-assuan-log-cats}.
+@item 11 (2048)
+trace APDU I/O to the card. This may reveal sensitive data.
+@item 12 (4096)
+trace some card reader related function calls.
+@end table
+
+@item --debug-all
+@opindex debug-all
+Same as @code{--debug=0xffffffff}
+
+@item --debug-wait @var{n}
+@opindex debug-wait
+When running in server mode, wait @var{n} seconds before entering the
+actual processing loop and print the pid. This gives time to attach a
+debugger.
+
+@item --debug-ccid-driver
+@opindex debug-wait
+Enable debug output from the included CCID driver for smartcards.
+Using this option twice will also enable some tracing of the T=1
+protocol. Note that this option may reveal sensitive data.
+
+@item --debug-disable-ticker
+@opindex debug-disable-ticker
+This option disables all ticker functions like checking for card
+insertions.
+
+@item --debug-allow-core-dump
+@opindex debug-allow-core-dump
+For security reasons we won't create a core dump when the process
+aborts. For debugging purposes it is sometimes better to allow core
+dump. This options enables it and also changes the working directory to
+@file{/tmp} when running in @option{--server} mode.
+
+@item --debug-log-tid
+@opindex debug-log-tid
+This option appends a thread ID to the PID in the log output.
+
+@item --debug-assuan-log-cats @var{cats}
+@opindex debug-assuan-log-cats
+Changes the active Libassuan logging categories to @var{cats}. The
+value for @var{cats} is an unsigned integer given in usual C-Syntax.
+A value of of 0 switches to a default category. If this option is not
+used the categories are taken from the environment variable
+@samp{ASSUAN_DEBUG}. Note that this option has only an effect if the
+Assuan debug flag has also been with the option @option{--debug}. For
+a list of categories see the Libassuan manual.
+
+@item --no-detach
+@opindex no-detach
+Don't detach the process from the console. This is mainly useful for
+debugging.
+
+@item --log-file @var{file}
+@opindex log-file
+Append all logging output to @var{file}. This is very helpful in
+seeing what the agent actually does.
+
+
+@item --pcsc-driver @var{library}
+@opindex pcsc-driver
+Use @var{library} to access the smartcard reader. The current default
+is @file{libpcsclite.so}. Instead of using this option you might also
+want to install a symbolic link to the default file name
+(e.g. from @file{libpcsclite.so.1}).
+
+@item --ctapi-driver @var{library}
+@opindex ctapi-driver
+Use @var{library} to access the smartcard reader. The current default
+is @file{libtowitoko.so}. Note that the use of this interface is
+deprecated; it may be removed in future releases.
+
+@item --disable-ccid
+@opindex disable-ccid
+Disable the integrated support for CCID compliant readers. This
+allows to fall back to one of the other drivers even if the internal
+CCID driver can handle the reader. Note, that CCID support is only
+available if libusb was available at build time.
+
+@item --reader-port @var{number_or_string}
+@opindex reader-port
+This option may be used to specify the port of the card terminal. A
+value of 0 refers to the first serial device; add 32768 to access USB
+devices. The default is 32768 (first USB device). PC/SC or CCID
+readers might need a string here; run the program in verbose mode to get
+a list of available readers. The default is then the first reader
+found.
+
+To get a list of available CCID readers you may use this command:
+@smallexample
+echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ @{print $2@}'
+@end smallexample
+
+
+@item --card-timeout @var{n}
+@opindex card-timeout
+If @var{n} is not 0 and no client is actively using the card, the card
+will be powered down after @var{n} seconds. Powering down the card
+avoids a potential risk of damaging a card when used with certain
+cheap readers. This also allows non Scdaemon aware applications to
+access the card. The disadvantage of using a card timeout is that
+accessing the card takes longer and that the user needs to enter the
+PIN again after the next power up.
+
+Note that with the current version of Scdaemon the card is powered
+down immediately at the next timer tick for any value of @var{n} other
+than 0.
+
+
+@item --disable-keypad
+@opindex disable-keypad
+Even if a card reader features a keypad, do not try to use it.
+
+
+@item --deny-admin
+@opindex deny-admin
+@opindex allow-admin
+This option disables the use of admin class commands for card
+applications where this is supported. Currently we support it for the
+OpenPGP card. This commands is useful to inhibit accidental access to
+admin class command which could ultimately lock the card through wrong
+PIN numbers. Note that GnuPG versions older than 2.0.11 featured an
+@option{--allow-admin} command which was required to use such admin
+commands. This option has no more effect today because the default is
+now to allow admin commands.
+
+@item --disable-application @var{name}
+@opindex disable-application
+This option disables the use of the card application named
+@var{name}. This is mainly useful for debugging or if a application
+with lower priority should be used by default.
+
+@end table
+
+All the long options may also be given in the configuration file after
+stripping off the two leading dashes.
+
+
+@mansect card applications
+@node Card applications
+@section Description of card applications
+
+@command{scdaemon} supports the card applications as described below.
+
+@menu
+* OpenPGP Card:: The OpenPGP card application
+* NKS Card:: The Telesec NetKey card application
+* DINSIG Card:: The DINSIG card application
+* PKCS#15 Card:: The PKCS#15 card application
+* Geldkarte Card:: The Geldkarte application
+* Undefined Card:: The Undefined stub application
+@end menu
+
+@node OpenPGP Card
+@subsection The OpenPGP card application ``openpgp''
+
+This application is currently only used by @command{gpg} but may in
+future also be useful with @command{gpgsm}. Version 1 and version 2 of
+the card is supported.
+
+The specifications for these cards are available at
+@uref{http://g10code.com/docs/openpgp-card-1.0.pdf} and
+@uref{http://g10code.com/docs/openpgp-card-2.0.pdf}.
+
+@node NKS Card
+@subsection The Telesec NetKey card ``nks''
+
+This is the main application of the Telesec cards as available in
+Germany. It is a superset of the German DINSIG card. The card is
+used by @command{gpgsm}.
+
+@node DINSIG Card
+@subsection The DINSIG card application ``dinsig''
+
+This is an application as described in the German draft standard
+@emph{DIN V 66291-1}. It is intended to be used by cards supporting
+the German signature law and its bylaws (SigG and SigV).
+
+@node PKCS#15 Card
+@subsection The PKCS#15 card application ``p15''
+
+This is common framework for smart card applications. It is used by
+@command{gpgsm}.
+
+@node Geldkarte Card
+@subsection The Geldkarte card application ``geldkarte''
+
+This is a simple application to display information of a German
+Geldkarte. The Geldkarte is a small amount debit card application which
+comes with almost all German banking cards.
+
+@node Undefined Card
+@subsection The Undefined card application ``undefined''
+
+This is a stub application to allow the use of the APDU command even
+if no supported application is found on the card. This application is
+not used automatically but must be explicitly requested using the
+SERIALNO command.
+
+
+@c *******************************************
+@c *************** ****************
+@c *************** FILES ****************
+@c *************** ****************
+@c *******************************************
+@mansect files
+@node Scdaemon Configuration
+@section Configuration files
+
+There are a few configuration files to control certain aspects of
+@command{scdaemons}'s operation. Unless noted, they are expected in the
+current home directory (@pxref{option --homedir}).
+
+@table @file
+
+@item scdaemon.conf
+@cindex scdaemon.conf
+This is the standard configuration file read by @command{scdaemon} on
+startup. It may contain any valid long option; the leading two dashes
+may not be entered and the option may not be abbreviated. This default
+name may be changed on the command line (@pxref{option --options}).
+
+@item scd-event
+@cindex scd-event
+If this file is present and executable, it will be called on veyer card
+reader's status changed. An example of this script is provided with the
+distribution
+
+@item reader_@var{n}.status
+This file is created by @command{sdaemon} to let other applications now
+about reader status changes. Its use is now deprecated in favor of
+@file{scd-event}.
+
+@end table
+
+
+@c
+@c Examples
+@c
+@mansect examples
+@node Scdaemon Examples
+@section Examples
+
+@c man begin EXAMPLES
+
+@example
+$ scdaemon --server -v
+@end example
+
+@c man end
+
+@c
+@c Assuan Protocol
+@c
+@manpause
+@node Scdaemon Protocol
+@section Scdaemon's Assuan Protocol
+
+The SC-Daemon should be started by the system to provide access to
+external tokens. Using Smartcards on a multi-user system does not
+make much sense expect for system services, but in this case no
+regular user accounts are hosted on the machine.
+
+A client connects to the SC-Daemon by connecting to the socket named
+@file{/var/run/scdaemon/socket}, configuration information is read from
+@var{/etc/scdaemon.conf}
+
+Each connection acts as one session, SC-Daemon takes care of
+synchronizing access to a token between sessions.
+
+@menu
+* Scdaemon SERIALNO:: Return the serial number.
+* Scdaemon LEARN:: Read all useful information from the card.
+* Scdaemon READCERT:: Return a certificate.
+* Scdaemon READKEY:: Return a public key.
+* Scdaemon PKSIGN:: Signing data with a Smartcard.
+* Scdaemon PKDECRYPT:: Decrypting data with a Smartcard.
+* Scdaemon GETATTR:: Read an attribute's value.
+* Scdaemon SETATTR:: Update an attribute's value.
+* Scdaemon WRITEKEY:: Write a key to a card.
+* Scdaemon GENKEY:: Generate a new key on-card.
+* Scdaemon RANDOM:: Return random bytes generate on-card.
+* Scdaemon PASSWD:: Change PINs.
+* Scdaemon CHECKPIN:: Perform a VERIFY operation.
+* Scdaemon RESTART:: Restart connection
+* Scdaemon APDU:: Send a verbatim APDU to the card
+@end menu
+
+@node Scdaemon SERIALNO
+@subsection Return the serial number
+
+This command should be used to check for the presence of a card. It is
+special in that it can be used to reset the card. Most other commands
+will return an error when a card change has been detected and the use of
+this function is therefore required.
+
+Background: We want to keep the client clear of handling card changes
+between operations; i.e. the client can assume that all operations are
+done on the same card unless he call this function.
+
+@example
+ SERIALNO
+@end example
+
+Return the serial number of the card using a status response like:
+
+@example
+ S SERIALNO D27600000000000000000000 0
+@end example
+
+The trailing 0 should be ignored for now, it is reserved for a future
+extension. The serial number is the hex encoded value identified by
+the @code{0x5A} tag in the GDO file (FIX=0x2F02).
+
+
+
+@node Scdaemon LEARN
+@subsection Read all useful information from the card
+
+@example
+ LEARN [--force]
+@end example
+
+Learn all useful information of the currently inserted card. When
+used without the force options, the command might do an INQUIRE
+like this:
+
+@example
+ INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp>
+@end example
+
+The client should just send an @code{END} if the processing should go on
+or a @code{CANCEL} to force the function to terminate with a cancel
+error message. The response of this command is a list of status lines
+formatted as this:
+
+@example
+ S KEYPAIRINFO @var{hexstring_with_keygrip} @var{hexstring_with_id}
+@end example
+
+If there is no certificate yet stored on the card a single "X" is
+returned in @var{hexstring_with_keygrip}.
+
+@node Scdaemon READCERT
+@subsection Return a certificate
+
+@example
+ READCERT @var{hexified_certid}|@var{keyid}
+@end example
+
+This function is used to read a certificate identified by
+@var{hexified_certid} from the card. With OpenPGP cards the keyid
+@code{OpenPGP.3} may be used to rad the certificate of version 2 cards.
+
+
+@node Scdaemon READKEY
+@subsection Return a public key
+
+@example
+READKEY @var{hexified_certid}
+@end example
+
+Return the public key for the given cert or key ID as an standard
+S-Expression.
+
+
+
+@node Scdaemon PKSIGN
+@subsection Signing data with a Smartcard
+
+To sign some data the caller should use the command
+
+@example
+ SETDATA @var{hexstring}
+@end example
+
+to tell @command{scdaemon} about the data to be signed. The data must be given in
+hex notation. The actual signing is done using the command
+
+@example
+ PKSIGN @var{keyid}
+@end example
+
+where @var{keyid} is the hexified ID of the key to be used. The key id
+may have been retrieved using the command @code{LEARN}. If another
+hash algorithm than SHA-1 is used, that algorithm may be given like:
+
+@example
+ PKSIGN --hash=@var{algoname} @var{keyid}
+@end example
+
+With @var{algoname} are one of @code{sha1}, @code{rmd160} or @code{md5}.
+
+
+@node Scdaemon PKDECRYPT
+@subsection Decrypting data with a Smartcard
+
+To decrypt some data the caller should use the command
+
+@example
+ SETDATA @var{hexstring}
+@end example
+
+to tell @command{scdaemon} about the data to be decrypted. The data
+must be given in hex notation. The actual decryption is then done
+using the command
+
+@example
+ PKDECRYPT @var{keyid}
+@end example
+
+where @var{keyid} is the hexified ID of the key to be used.
+
+
+@node Scdaemon GETATTR
+@subsection Read an attribute's value.
+
+TO BE WRITTEN.
+
+@node Scdaemon SETATTR
+@subsection Update an attribute's value.
+
+TO BE WRITTEN.
+
+@node Scdaemon WRITEKEY
+@subsection Write a key to a card.
+
+@example
+ WRITEKEY [--force] @var{keyid}
+@end example
+
+This command is used to store a secret key on a smartcard. The
+allowed keyids depend on the currently selected smartcard
+application. The actual keydata is requested using the inquiry
+@code{KEYDATA} and need to be provided without any protection. With
+@option{--force} set an existing key under this @var{keyid} will get
+overwritten. The key data is expected to be the usual canonical encoded
+S-expression.
+
+A PIN will be requested in most cases. This however depends on the
+actual card application.
+
+
+@node Scdaemon GENKEY
+@subsection Generate a new key on-card.
+
+TO BE WRITTEN.
+
+@node Scdaemon RANDOM
+@subsection Return random bytes generate on-card.
+
+TO BE WRITTEN.
+
+
+@node Scdaemon PASSWD
+@subsection Change PINs.
+
+@example
+ PASSWD [--reset] [--nullpin] @var{chvno}
+@end example
+
+Change the PIN or reset the retry counter of the card holder
+verification vector number @var{chvno}. The option @option{--nullpin}
+is used to initialize the PIN of TCOS cards (6 byte NullPIN only).
+
+
+@node Scdaemon CHECKPIN
+@subsection Perform a VERIFY operation.
+
+@example
+ CHECKPIN @var{idstr}
+@end example
+
+Perform a VERIFY operation without doing anything else. This may be
+used to initialize a the PIN cache earlier to long lasting
+operations. Its use is highly application dependent:
+
+@table @strong
+@item OpenPGP
+
+Perform a simple verify operation for CHV1 and CHV2, so that further
+operations won't ask for CHV2 and it is possible to do a cheap check on
+the PIN: If there is something wrong with the PIN entry system, only the
+regular CHV will get blocked and not the dangerous CHV3. @var{idstr} is
+the usual card's serial number in hex notation; an optional fingerprint
+part will get ignored.
+
+There is however a special mode if @var{idstr} is suffixed with the
+literal string @code{[CHV3]}: In this case the Admin PIN is checked if
+and only if the retry counter is still at 3.
+
+@end table
+
+
+
+@node Scdaemon RESTART
+@subsection Perform a RESTART operation.
+
+@example
+ RESTART
+@end example
+
+Restart the current connection; this is a kind of warm reset. It
+deletes the context used by this connection but does not actually
+reset the card.
+
+This is used by gpg-agent to reuse a primary pipe connection and
+may be used by clients to backup from a conflict in the serial
+command; i.e. to select another application.
+
+
+
+
+@node Scdaemon APDU
+@subsection Send a verbatim APDU to the card.
+
+@example
+ APDU [--atr] [--more] [--exlen[=@var{n}]] [@var{hexstring}]
+@end example
+
+
+Send an APDU to the current reader. This command bypasses the high
+level functions and sends the data directly to the card.
+@var{hexstring} is expected to be a proper APDU. If @var{hexstring} is
+not given no commands are send to the card; However the command will
+implicitly check whether the card is ready for use.
+
+Using the option @code{--atr} returns the ATR of the card as a status
+message before any data like this:
+@example
+ S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1
+@end example
+
+Using the option @code{--more} handles the card status word MORE_DATA
+(61xx) and concatenate all responses to one block.
+
+Using the option @code{--exlen} the returned APDU may use extended
+length up to N bytes. If N is not given a default value is used
+(currently 4096).
+
+
+
+@mansect see also
+@ifset isman
+@command{gpg-agent}(1),
+@command{gpgsm}(1),
+@command{gpg2}(1)
+@end ifset
+@include see-also-note.texi
+
diff --git a/doc/see-also-note.texi b/doc/see-also-note.texi
new file mode 100644
index 0000000..b18efc3
--- /dev/null
+++ b/doc/see-also-note.texi
@@ -0,0 +1,14 @@
+@c We append this note to all ``see also'' sections of the man pages
+
+@ifset isman
+The full documentation for this tool is maintained as a Texinfo manual.
+If GnuPG and the info program are properly installed at your site, the
+command
+
+@example
+info gnupg
+@end example
+
+should give you access to the complete manual including a menu structure
+and an index.
+@end ifset
diff --git a/doc/specify-user-id.texi b/doc/specify-user-id.texi
new file mode 100644
index 0000000..7d23ed8
--- /dev/null
+++ b/doc/specify-user-id.texi
@@ -0,0 +1,171 @@
+@c Include file to allow for different placements in man pages and the manual
+
+There are different ways to specify a user ID to GnuPG. Some of them
+are only valid for @command{gpg} others are only good for
+@command{gpgsm}. Here is the entire list of ways to specify a key:
+
+@itemize @bullet
+
+@item By key Id.
+This format is deduced from the length of the string and its content or
+@code{0x} prefix. The key Id of an X.509 certificate are the low 64 bits
+of its SHA-1 fingerprint. The use of key Ids is just a shortcut, for
+all automated processing the fingerprint should be used.
+
+When using @command{gpg} an exclamation mark (!) may be appended to
+force using the specified primary or secondary key and not to try and
+calculate which primary or secondary key to use.
+
+The last four lines of the example give the key ID in their long form as
+internally used by the OpenPGP protocol. You can see the long key ID
+using the option @option{--with-colons}.
+
+@cartouche
+@example
+234567C4
+0F34E556E
+01347A56A
+0xAB123456
+
+234AABBCC34567C4
+0F323456784E56EAB
+01AB3FED1347A5612
+0x234AABBCC34567C4
+@end example
+@end cartouche
+
+
+
+@item By fingerprint.
+This format is deduced from the length of the string and its content or
+the @code{0x} prefix. Note, that only the 20 byte version fingerprint
+is available with @command{gpgsm} (i.e. the SHA-1 hash of the
+certificate).
+
+When using @command{gpg} an exclamation mark (!) may be appended to
+force using the specified primary or secondary key and not to try and
+calculate which primary or secondary key to use.
+
+The best way to specify a key Id is by using the fingerprint. This
+avoids any ambiguities in case that there are duplicated key IDs.
+
+@cartouche
+@example
+1234343434343434C434343434343434
+123434343434343C3434343434343734349A3434
+0E12343434343434343434EAB3484343434343434
+0xE12343434343434343434EAB3484343434343434
+@end example
+@end cartouche
+
+@noindent
+(@command{gpgsm} also accepts colons between each pair of hexadecimal
+digits because this is the de-facto standard on how to present X.509
+fingerprints.)
+
+@item By exact match on OpenPGP user ID.
+This is denoted by a leading equal sign. It does not make sense for
+X.509 certificates.
+
+@cartouche
+@example
+=Heinrich Heine <heinrichh@@uni-duesseldorf.de>
+@end example
+@end cartouche
+
+@item By exact match on an email address.
+This is indicated by enclosing the email address in the usual way
+with left and right angles.
+
+@cartouche
+@example
+<heinrichh@@uni-duesseldorf.de>
+@end example
+@end cartouche
+
+
+@item By word match.
+All words must match exactly (not case sensitive) but can appear in any
+order in the user ID or a subjects name. Words are any sequences of
+letters, digits, the underscore and all characters with bit 7 set.
+
+@cartouche
+@example
++Heinrich Heine duesseldorf
+@end example
+@end cartouche
+
+@item By exact match on the subject's DN.
+This is indicated by a leading slash, directly followed by the RFC-2253
+encoded DN of the subject. Note that you can't use the string printed
+by "gpgsm --list-keys" because that one as been reordered and modified
+for better readability; use --with-colons to print the raw (but standard
+escaped) RFC-2253 string
+
+@cartouche
+@example
+/CN=Heinrich Heine,O=Poets,L=Paris,C=FR
+@end example
+@end cartouche
+
+@item By exact match on the issuer's DN.
+This is indicated by a leading hash mark, directly followed by a slash
+and then directly followed by the rfc2253 encoded DN of the issuer.
+This should return the Root cert of the issuer. See note above.
+
+@cartouche
+@example
+#/CN=Root Cert,O=Poets,L=Paris,C=FR
+@end example
+@end cartouche
+
+
+@item By exact match on serial number and issuer's DN.
+This is indicated by a hash mark, followed by the hexadecimal
+representation of the serial number, then followed by a slash and the
+RFC-2253 encoded DN of the issuer. See note above.
+
+@cartouche
+@example
+#4F03/CN=Root Cert,O=Poets,L=Paris,C=FR
+@end example
+@end cartouche
+
+@item By keygrip
+This is indicated by an ampersand followed by the 40 hex digits of a
+keygrip. @command{gpgsm} prints the keygrip when using the command
+@option{--dump-cert}. It does not yet work for OpenPGP keys.
+
+@cartouche
+@example
+&D75F22C3F86E355877348498CDC92BD21010A480
+@end example
+@end cartouche
+
+
+@item By substring match.
+This is the default mode but applications may want to explicitly
+indicate this by putting the asterisk in front. Match is not case
+sensitive.
+
+@cartouche
+@example
+Heine
+*Heine
+@end example
+@end cartouche
+
+@end itemize
+
+
+Please note that we have reused the hash mark identifier which was used
+in old GnuPG versions to indicate the so called local-id. It is not
+anymore used and there should be no conflict when used with X.509 stuff.
+
+Using the RFC-2253 format of DNs has the drawback that it is not
+possible to map them back to the original encoding, however we don't
+have to do this because our key database stores this encoding as meta
+data.
+
+
+
diff --git a/doc/stamp-vti b/doc/stamp-vti
new file mode 100644
index 0000000..8f6243a
--- /dev/null
+++ b/doc/stamp-vti
@@ -0,0 +1,4 @@
+@set UPDATED 27 March 2012
+@set UPDATED-MONTH March 2012
+@set EDITION 2.0.19
+@set VERSION 2.0.19
diff --git a/doc/sysnotes.texi b/doc/sysnotes.texi
new file mode 100644
index 0000000..a8cea87
--- /dev/null
+++ b/doc/sysnotes.texi
@@ -0,0 +1,86 @@
+@c Copyright (C) 2004 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file gnupg.texi.
+
+@node System Notes
+@chapter Notes pertaining to certain OSes.
+
+GnuPG has been developed on GNU/Linux systems and is know to work on
+almost all Free OSes. All modern POSIX systems should be supported
+right now, however there are probably a lot of smaller glitches we need
+to fix first. The major problem areas are:
+
+@itemize
+@item
+For logging to sockets and other internal operations the
+@code{fopencookie} function (@code{funopen} under *BSD) is used. This
+is a very convenient function which makes it possible to create outputs in
+a structures and easy maintainable way. The drawback however is that
+most proprietary OSes don't support this function. At g10@tie{}Code we
+have looked into several ways on how to overcome this limitation but no
+sufficiently easy and maintainable way has been found. Porting
+@emph{glibc} to a general POSIX system is of course an option and would
+make writing portable software much easier; this it has not yet been
+done and the system administrator would need to cope with the GNU
+specific admin things in addition to the generic ones of his system.
+
+We have now settled to use explicit stdio wrappers with a functionality
+similar to funopen. Although the code for this has already been written
+(@emph{libestream}), we have not yet changed GnuPG to use it.
+
+This means that on systems not supporting either @code{funopen} or
+@code{fopencookie}, logging to a socket won't work, prompts are not
+formatted as pretty as they should be and @command{gpgsm}'s
+@code{LISTKEYS} Assuan command does not work.
+
+@item
+We are planning to use file descriptor passing for interprocess
+communication. This will allow us save a lot of resources and improve
+performance of certain operations a lot. Systems not supporting this
+won't gain these benefits but we try to keep them working the standard
+way as it is done today.
+
+@item
+We require more or less full POSIX compatibility. This has been
+around for 15 years now and thus we don't believe it makes sense to
+support non POSIX systems anymore. Well, we of course the usual
+workarounds for near POSIX systems well be applied.
+
+There is one exception of this rule: Systems based the Microsoft Windows
+API (called here @emph{W32}) will be supported to some extend.
+
+@end itemize
+
+
+@menu
+* W32 Notes:: Microsoft Windows Notes
+@end menu
+
+
+@node W32 Notes
+@section Microsoft Windows Notes
+
+@noindent
+Current limitations are:
+
+@itemize
+
+@item
+@command{gpgconf} does not create backup files, so in case of trouble
+your configuration file might get lost.
+
+@item
+@command{watchgnupg} is not available. Logging to sockets is not
+possible.
+
+@item
+The periodical smartcard status checking done by @command{scdaemon} is
+not yet supported.
+
+@end itemize
+
+
+
+
+
+
diff --git a/doc/texi.css b/doc/texi.css
new file mode 100644
index 0000000..a369abc
--- /dev/null
+++ b/doc/texi.css
@@ -0,0 +1,6 @@
+/* The gnupg.org standard stylesheet. */
+ @import url(/share/site.css);
+
+
+
+
diff --git a/doc/tools.texi b/doc/tools.texi
new file mode 100644
index 0000000..be1233b
--- /dev/null
+++ b/doc/tools.texi
@@ -0,0 +1,1899 @@
+@c Copyright (C) 2004, 2008 Free Software Foundation, Inc.
+@c This is part of the GnuPG manual.
+@c For copying conditions, see the file GnuPG.texi.
+
+@node Helper Tools
+@chapter Helper Tools
+
+GnuPG comes with a couple of smaller tools:
+
+@menu
+* watchgnupg:: Read logs from a socket.
+* gpgv:: Verify OpenPGP signatures.
+* addgnupghome:: Create .gnupg home directories.
+* gpgconf:: Modify .gnupg home directories.
+* applygnupgdefaults:: Run gpgconf for all users.
+* gpgsm-gencert.sh:: Generate an X.509 certificate request.
+* gpg-preset-passphrase:: Put a passphrase into the cache.
+* gpg-connect-agent:: Communicate with a running agent.
+@ifset gpgtwoone
+* dirmngr-client:: How to use the Dirmngr client tool.
+@end ifset
+* gpgparsemail:: Parse a mail message into an annotated format
+* symcryptrun:: Call a simple symmetric encryption tool.
+* gpg-zip:: Encrypt or sign files into an archive.
+@end menu
+
+@c
+@c WATCHGNUPG
+@c
+@manpage watchgnupg.1
+@node watchgnupg
+@section Read logs from a socket
+@ifset manverb
+.B watchgnupg
+\- Read and print logs from a socket
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B watchgnupg
+.RB [ \-\-force ]
+.RB [ \-\-verbose ]
+.I socketname
+@end ifset
+
+@mansect description
+Most of the main utilities are able to write their log files to a Unix
+Domain socket if configured that way. @command{watchgnupg} is a simple
+listener for such a socket. It ameliorates the output with a time stamp
+and makes sure that long lines are not interspersed with log output from
+other utilities. This tool is not available for Windows.
+
+
+@noindent
+@command{watchgnupg} is commonly invoked as
+
+@example
+watchgnupg --force ~/.gnupg/S.log
+@end example
+@manpause
+
+@noindent
+This starts it on the current terminal for listening on the socket
+@file{~/.gnupg/S.log}.
+
+@mansect options
+@noindent
+@command{watchgnupg} understands these options:
+
+@table @gnupgtabopt
+
+@item --force
+@opindex force
+Delete an already existing socket file.
+
+@anchor{option watchgnupg --tcp}
+@item --tcp @var{n}
+Instead of reading from a local socket, listen for connects on TCP port
+@var{n}.
+
+@item --verbose
+@opindex verbose
+Enable extra informational output.
+
+@item --version
+@opindex version
+Print version of the program and exit.
+
+@item --help
+@opindex help
+Display a brief help page and exit.
+
+@end table
+
+@noindent
+@mansect examples
+@chapheading Examples
+
+@example
+$ watchgnupg --force /home/foo/.gnupg/S.log
+@end example
+
+This waits for connections on the local socket
+@file{/home/foo/.gnupg/S.log} and shows all log entries. To make this
+work the option @option{log-file} needs to be used with all modules
+which logs are to be shown. The value for that option must be given
+with a special prefix (e.g. in the conf file):
+
+@example
+log-file socket:///home/foo/.gnupg/S.log
+@end example
+
+For debugging purposes it is also possible to do remote logging. Take
+care if you use this feature because the information is send in the
+clear over the network. Use this syntax in the conf files:
+
+@example
+log-file tcp://192.168.1.1:4711
+@end example
+
+You may use any port and not just 4711 as shown above; only IP addresses
+are supported (v4 and v6) and no host names. You need to start
+@command{watchgnupg} with the @option{tcp} option. Note that under
+Windows the registry entry @var{HKCU\Software\GNU\GnuPG:DefaultLogFile}
+can be used to change the default log output from @code{stderr} to
+whatever is given by that entry. However the only useful entry is a TCP
+name for remote debugging.
+
+
+@mansect see also
+@ifset isman
+@command{gpg}(1),
+@command{gpgsm}(1),
+@command{gpg-agent}(1),
+@command{scdaemon}(1)
+@end ifset
+@include see-also-note.texi
+
+
+@c
+@c GPGV
+@c
+@include gpgv.texi
+
+
+@c
+@c ADDGNUPGHOME
+@c
+@manpage addgnupghome.8
+@node addgnupghome
+@section Create .gnupg home directories.
+@ifset manverb
+.B addgnupghome
+\- Create .gnupg home directories
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B addgnupghome
+.I account_1
+.IR account_2 ... account_n
+@end ifset
+
+@mansect description
+If GnuPG is installed on a system with existing user accounts, it is
+sometimes required to populate the GnuPG home directory with existing
+files. Especially a @file{trustlist.txt} and a keybox with some
+initial certificates are often desired. This scripts help to do this
+by copying all files from @file{/etc/skel/.gnupg} to the home
+directories of the accounts given on the command line. It takes care
+not to overwrite existing GnuPG home directories.
+
+@noindent
+@command{addgnupghome} is invoked by root as:
+
+@example
+addgnupghome account1 account2 ... accountn
+@end example
+
+
+@c
+@c GPGCONF
+@c
+@manpage gpgconf.1
+@node gpgconf
+@section Modify .gnupg home directories.
+@ifset manverb
+.B gpgconf
+\- Modify .gnupg home directories
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpgconf
+.RI [ options ]
+.B \-\-list-components
+.br
+.B gpgconf
+.RI [ options ]
+.B \-\-list-options
+.I component
+.br
+.B gpgconf
+.RI [ options ]
+.B \-\-change-options
+.I component
+@end ifset
+
+
+@mansect description
+The @command{gpgconf} is a utility to automatically and reasonable
+safely query and modify configuration files in the @file{.gnupg} home
+directory. It is designed not to be invoked manually by the user, but
+automatically by graphical user interfaces (GUI).@footnote{Please note
+that currently no locking is done, so concurrent access should be
+avoided. There are some precautions to avoid corruption with
+concurrent usage, but results may be inconsistent and some changes may
+get lost. The stateless design makes it difficult to provide more
+guarantees.}
+
+@command{gpgconf} provides access to the configuration of one or more
+components of the GnuPG system. These components correspond more or
+less to the programs that exist in the GnuPG framework, like GnuPG,
+GPGSM, DirMngr, etc. But this is not a strict one-to-one
+relationship. Not all configuration options are available through
+@command{gpgconf}. @command{gpgconf} provides a generic and abstract
+method to access the most important configuration options that can
+feasibly be controlled via such a mechanism.
+
+@command{gpgconf} can be used to gather and change the options
+available in each component, and can also provide their default
+values. @command{gpgconf} will give detailed type information that
+can be used to restrict the user's input without making an attempt to
+commit the changes.
+
+@command{gpgconf} provides the backend of a configuration editor. The
+configuration editor would usually be a graphical user interface
+program, that allows to display the current options, their default
+values, and allows the user to make changes to the options. These
+changes can then be made active with @command{gpgconf} again. Such a
+program that uses @command{gpgconf} in this way will be called GUI
+throughout this section.
+
+@menu
+* Invoking gpgconf:: List of all commands and options.
+* Format conventions:: Formatting conventions relevant for all commands.
+* Listing components:: List all gpgconf components.
+* Checking programs:: Check all programs know to gpgconf.
+* Listing options:: List all options of a component.
+* Changing options:: Changing options of a component.
+* Listing global options:: List all global options.
+* Files used by gpgconf:: What files are used by gpgconf.
+@end menu
+
+@manpause
+@node Invoking gpgconf
+@subsection Invoking gpgconf
+
+@mansect commands
+One of the following commands must be given:
+
+@table @gnupgtabopt
+
+@item --list-components
+List all components. This is the default command used if none is
+specified.
+
+@item --check-programs
+List all available backend programs and test whether they are runnable.
+
+@item --list-options @var{component}
+List all options of the component @var{component}.
+
+@item --change-options @var{component}
+Change the options of the component @var{component}.
+
+@item --check-options @var{component}
+Check the options for the component @var{component}.
+
+@item --apply-defaults
+Update all configuration files with values taken from the global
+configuration file (usually @file{/etc/gnupg/gpgconf.conf}).
+
+@item --list-dirs
+Lists the directories used by @command{gpgconf}. One directory is
+listed per line, and each line consists of a colon-separated list where
+the first field names the directory type (for example @code{sysconfdir})
+and the second field contains the percent-escaped directory. Although
+they are not directories, the socket file names used by
+@command{gpg-agent} and @command{dirmngr} are printed as well. Note
+that the socket file names and the @code{homedir} lines are the default
+names and they may be overridden by command line switches.
+
+@item --list-config [@var{filename}]
+List the global configuration file in a colon separated format. If
+@var{filename} is given, check that file instead.
+
+@item --check-config [@var{filename}]
+Run a syntax check on the global configuration file. If @var{filename}
+is given, check that file instead.
+
+@item --reload [@var{component}]
+@opindex reload
+Reload all or the given component. This is basically the same as sending
+a SIGHUP to the component. Components which don't support reloading are
+ignored.
+
+@item --kill [@var{component}]
+@opindex kill
+Kill the given component. Components which support killing are
+gpg-agent and scdaemon. Components which don't support reloading are
+ignored. Note that as of now reload and kill have the same effect for
+scdaemon.
+
+@end table
+
+
+@mansect options
+
+The following options may be used:
+
+@table @gnupgtabopt
+@c FIXME: Not yet supported.
+@c @item -o @var{file}
+@c @itemx --output @var{file}
+@c Use @var{file} as output file.
+
+@item -v
+@itemx --verbose
+Outputs additional information while running. Specifically, this
+extends numerical field values by human-readable descriptions.
+
+@item -n
+@itemx --dry-run
+Do not actually change anything. This is currently only implemented
+for @code{--change-options} and can be used for testing purposes.
+
+@item -r
+@itemx --runtime
+Only used together with @code{--change-options}. If one of the
+modified options can be changed in a running daemon process, signal
+the running daemon to ask it to reparse its configuration file after
+changing.
+
+This means that the changes will take effect at run-time, as far as
+this is possible. Otherwise, they will take effect at the next start
+of the respective backend programs.
+@manpause
+@end table
+
+
+@node Format conventions
+@subsection Format conventions
+
+Some lines in the output of @command{gpgconf} contain a list of
+colon-separated fields. The following conventions apply:
+
+@itemize @bullet
+@item
+The GUI program is required to strip off trailing newline and/or
+carriage return characters from the output.
+
+@item
+@command{gpgconf} will never leave out fields. If a certain version
+provides a certain field, this field will always be present in all
+@command{gpgconf} versions from that time on.
+
+@item
+Future versions of @command{gpgconf} might append fields to the list.
+New fields will always be separated from the previously last field by
+a colon separator. The GUI should be prepared to parse the last field
+it knows about up until a colon or end of line.
+
+@item
+Not all fields are defined under all conditions. You are required to
+ignore the content of undefined fields.
+@end itemize
+
+There are several standard types for the content of a field:
+
+@table @asis
+@item verbatim
+Some fields contain strings that are not escaped in any way. Such
+fields are described to be used @emph{verbatim}. These fields will
+never contain a colon character (for obvious reasons). No de-escaping
+or other formatting is required to use the field content. This is for
+easy parsing of the output, when it is known that the content can
+never contain any special characters.
+
+@item percent-escaped
+Some fields contain strings that are described to be
+@emph{percent-escaped}. Such strings need to be de-escaped before
+their content can be presented to the user. A percent-escaped string
+is de-escaped by replacing all occurrences of @code{%XY} by the byte
+that has the hexadecimal value @code{XY}. @code{X} and @code{Y} are
+from the set @code{0-9a-f}.
+
+@item localised
+Some fields contain strings that are described to be @emph{localised}.
+Such strings are translated to the active language and formatted in
+the active character set.
+
+@item @w{unsigned number}
+Some fields contain an @emph{unsigned number}. This number will
+always fit into a 32-bit unsigned integer variable. The number may be
+followed by a space, followed by a human readable description of that
+value (if the verbose option is used). You should ignore everything
+in the field that follows the number.
+
+@item @w{signed number}
+Some fields contain a @emph{signed number}. This number will always
+fit into a 32-bit signed integer variable. The number may be followed
+by a space, followed by a human readable description of that value (if
+the verbose option is used). You should ignore everything in the
+field that follows the number.
+
+@item @w{boolean value}
+Some fields contain a @emph{boolean value}. This is a number with
+either the value 0 or 1. The number may be followed by a space,
+followed by a human readable description of that value (if the verbose
+option is used). You should ignore everything in the field that follows
+the number; checking just the first character is sufficient in this
+case.
+
+@item option
+Some fields contain an @emph{option} argument. The format of an
+option argument depends on the type of the option and on some flags:
+
+@table @asis
+@item no argument
+The simplest case is that the option does not take an argument at all
+(@var{type} @code{0}). Then the option argument is an unsigned number
+that specifies how often the option occurs. If the @code{list} flag
+is not set, then the only valid number is @code{1}. Options that do
+not take an argument never have the @code{default} or @code{optional
+arg} flag set.
+
+@item number
+If the option takes a number argument (@var{alt-type} is @code{2} or
+@code{3}), and it can only occur once (@code{list} flag is not set),
+then the option argument is either empty (only allowed if the argument
+is optional), or it is a number. A number is a string that begins
+with an optional minus character, followed by one or more digits. The
+number must fit into an integer variable (unsigned or signed,
+depending on @var{alt-type}).
+
+@item number list
+If the option takes a number argument and it can occur more than once,
+then the option argument is either empty, or it is a comma-separated
+list of numbers as described above.
+
+@item string
+If the option takes a string argument (@var{alt-type} is 1), and it
+can only occur once (@code{list} flag is not set) then the option
+argument is either empty (only allowed if the argument is optional),
+or it starts with a double quote character (@code{"}) followed by a
+percent-escaped string that is the argument value. Note that there is
+only a leading double quote character, no trailing one. The double
+quote character is only needed to be able to differentiate between no
+value and the empty string as value.
+
+@item string list
+If the option takes a number argument and it can occur more than once,
+then the option argument is either empty, or it is a comma-separated
+list of string arguments as described above.
+@end table
+@end table
+
+The active language and character set are currently determined from
+the locale environment of the @command{gpgconf} program.
+
+@c FIXME: Document the active language and active character set. Allow
+@c to change it via the command line?
+
+
+@mansect usage
+@node Listing components
+@subsection Listing components
+
+The command @code{--list-components} will list all components that can
+be configured with @command{gpgconf}. Usually, one component will
+correspond to one GnuPG-related program and contain the options of
+that programs configuration file that can be modified using
+@command{gpgconf}. However, this is not necessarily the case. A
+component might also be a group of selected options from several
+programs, or contain entirely virtual options that have a special
+effect rather than changing exactly one option in one configuration
+file.
+
+A component is a set of configuration options that semantically belong
+together. Furthermore, several changes to a component can be made in
+an atomic way with a single operation. The GUI could for example
+provide a menu with one entry for each component, or a window with one
+tabulator sheet per component.
+
+The command argument @code{--list-components} lists all available
+components, one per line. The format of each line is:
+
+@code{@var{name}:@var{description}:@var{pgmname}:}
+
+@table @var
+@item name
+This field contains a name tag of the component. The name tag is used
+to specify the component in all communication with @command{gpgconf}.
+The name tag is to be used @emph{verbatim}. It is thus not in any
+escaped format.
+
+@item description
+The @emph{string} in this field contains a human-readable description
+of the component. It can be displayed to the user of the GUI for
+informational purposes. It is @emph{percent-escaped} and
+@emph{localized}.
+
+@item pgmname
+The @emph{string} in this field contains the absolute name of the
+program's file. It can be used to unambiguously invoke that program.
+It is @emph{percent-escaped}.
+@end table
+
+Example:
+@example
+$ gpgconf --list-components
+gpg:GPG for OpenPGP:/usr/local/bin/gpg2:
+gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:
+scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:
+gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:
+dirmngr:Directory Manager:/usr/local/bin/dirmngr:
+@end example
+
+
+
+@node Checking programs
+@subsection Checking programs
+
+The command @code{--check-programs} is similar to
+@code{--list-components} but works on backend programs and not on
+components. It runs each program to test whether it is installed and
+runnable. This also includes a syntax check of all config file options
+of the program.
+
+The command argument @code{--check-programs} lists all available
+programs, one per line. The format of each line is:
+
+@code{@var{name}:@var{description}:@var{pgmname}:@var{avail}:@var{okay}:@var{cfgfile}:@var{line}:@var{error}:}
+
+@table @var
+@item name
+This field contains a name tag of the program which is identical to the
+name of the component. The name tag is to be used @emph{verbatim}. It
+is thus not in any escaped format. This field may be empty to indicate
+a continuation of error descriptions for the last name. The description
+and pgmname fields are then also empty.
+
+@item description
+The @emph{string} in this field contains a human-readable description
+of the component. It can be displayed to the user of the GUI for
+informational purposes. It is @emph{percent-escaped} and
+@emph{localized}.
+
+@item pgmname
+The @emph{string} in this field contains the absolute name of the
+program's file. It can be used to unambiguously invoke that program.
+It is @emph{percent-escaped}.
+
+@item avail
+The @emph{boolean value} in this field indicates whether the program is
+installed and runnable.
+
+@item okay
+The @emph{boolean value} in this field indicates whether the program's
+config file is syntactically okay.
+
+@item cfgfile
+If an error occurred in the configuration file (as indicated by a false
+value in the field @code{okay}), this field has the name of the failing
+configuration file. It is @emph{percent-escaped}.
+
+@item line
+If an error occurred in the configuration file, this field has the line
+number of the failing statement in the configuration file.
+It is an @emph{unsigned number}.
+
+@item error
+If an error occurred in the configuration file, this field has the error
+text of the failing statement in the configuration file. It is
+@emph{percent-escaped} and @emph{localized}.
+
+@end table
+
+@noindent
+In the following example the @command{dirmngr} is not runnable and the
+configuration file of @command{scdaemon} is not okay.
+
+@example
+$ gpgconf --check-programs
+gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1:
+gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:1:1:
+scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:1:0:
+gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:1:1:
+dirmngr:Directory Manager:/usr/local/bin/dirmngr:0:0:
+@end example
+
+@noindent
+The command @w{@code{--check-options @var{component}}} will verify the
+configuration file in the same manner as @code{--check-programs}, but
+only for the component @var{component}.
+
+
+@node Listing options
+@subsection Listing options
+
+Every component contains one or more options. Options may be gathered
+into option groups to allow the GUI to give visual hints to the user
+about which options are related.
+
+The command argument @code{@w{--list-options @var{component}}} lists
+all options (and the groups they belong to) in the component
+@var{component}, one per line. @var{component} must be the string in
+the field @var{name} in the output of the @code{--list-components}
+command.
+
+There is one line for each option and each group. First come all
+options that are not in any group. Then comes a line describing a
+group. Then come all options that belong into each group. Then comes
+the next group and so on. There does not need to be any group (and in
+this case the output will stop after the last non-grouped option).
+
+The format of each line is:
+
+@code{@var{name}:@var{flags}:@var{level}:@var{description}:@var{type}:@var{alt-type}:@var{argname}:@var{default}:@var{argdef}:@var{value}}
+
+@table @var
+@item name
+This field contains a name tag for the group or option. The name tag
+is used to specify the group or option in all communication with
+@command{gpgconf}. The name tag is to be used @emph{verbatim}. It is
+thus not in any escaped format.
+
+@item flags
+The flags field contains an @emph{unsigned number}. Its value is the
+OR-wise combination of the following flag values:
+
+@table @code
+@item group (1)
+If this flag is set, this is a line describing a group and not an
+option.
+@end table
+
+The following flag values are only defined for options (that is, if
+the @code{group} flag is not used).
+
+@table @code
+@item optional arg (2)
+If this flag is set, the argument is optional. This is never set for
+@var{type} @code{0} (none) options.
+
+@item list (4)
+If this flag is set, the option can be given multiple times.
+
+@item runtime (8)
+If this flag is set, the option can be changed at runtime.
+
+@item default (16)
+If this flag is set, a default value is available.
+
+@item default desc (32)
+If this flag is set, a (runtime) default is available. This and the
+@code{default} flag are mutually exclusive.
+
+@item no arg desc (64)
+If this flag is set, and the @code{optional arg} flag is set, then the
+option has a special meaning if no argument is given.
+
+@item no change (128)
+If this flag is set, gpgconf ignores requests to change the value. GUI
+frontends should grey out this option. Note, that manual changes of the
+configuration files are still possible.
+@end table
+
+@item level
+This field is defined for options and for groups. It contains an
+@emph{unsigned number} that specifies the expert level under which
+this group or option should be displayed. The following expert levels
+are defined for options (they have analogous meaning for groups):
+
+@table @code
+@item basic (0)
+This option should always be offered to the user.
+
+@item advanced (1)
+This option may be offered to advanced users.
+
+@item expert (2)
+This option should only be offered to expert users.
+
+@item invisible (3)
+This option should normally never be displayed, not even to expert
+users.
+
+@item internal (4)
+This option is for internal use only. Ignore it.
+@end table
+
+The level of a group will always be the lowest level of all options it
+contains.
+
+@item description
+This field is defined for options and groups. The @emph{string} in
+this field contains a human-readable description of the option or
+group. It can be displayed to the user of the GUI for informational
+purposes. It is @emph{percent-escaped} and @emph{localized}.
+
+@item type
+This field is only defined for options. It contains an @emph{unsigned
+number} that specifies the type of the option's argument, if any. The
+following types are defined:
+
+Basic types:
+
+@table @code
+@item none (0)
+No argument allowed.
+
+@item string (1)
+An @emph{unformatted string}.
+
+@item int32 (2)
+A @emph{signed number}.
+
+@item uint32 (3)
+An @emph{unsigned number}.
+@end table
+
+Complex types:
+
+@table @code
+@item pathname (32)
+A @emph{string} that describes the pathname of a file. The file does
+not necessarily need to exist.
+
+@item ldap server (33)
+A @emph{string} that describes an LDAP server in the format:
+
+@code{@var{hostname}:@var{port}:@var{username}:@var{password}:@var{base_dn}}
+
+@item key fingerprint (34)
+A @emph{string} with a 40 digit fingerprint specifying a certificate.
+
+@item pub key (35)
+A @emph{string} that describes a certificate by user ID, key ID or
+fingerprint.
+
+@item sec key (36)
+A @emph{string} that describes a certificate with a key by user ID,
+key ID or fingerprint.
+
+@item alias list (37)
+A @emph{string} that describes an alias list, like the one used with
+gpg's group option. The list consists of a key, an equal sign and space
+separated values.
+@end table
+
+More types will be added in the future. Please see the @var{alt-type}
+field for information on how to cope with unknown types.
+
+@item alt-type
+This field is identical to @var{type}, except that only the types
+@code{0} to @code{31} are allowed. The GUI is expected to present the
+user the option in the format specified by @var{type}. But if the
+argument type @var{type} is not supported by the GUI, it can still
+display the option in the more generic basic type @var{alt-type}. The
+GUI must support all the defined basic types to be able to display all
+options. More basic types may be added in future versions. If the
+GUI encounters a basic type it doesn't support, it should report an
+error and abort the operation.
+
+@item argname
+This field is only defined for options with an argument type
+@var{type} that is not @code{0}. In this case it may contain a
+@emph{percent-escaped} and @emph{localised string} that gives a short
+name for the argument. The field may also be empty, though, in which
+case a short name is not known.
+
+@item default
+This field is defined only for options for which the @code{default} or
+@code{default desc} flag is set. If the @code{default} flag is set,
+its format is that of an @emph{option argument} (@xref{Format
+conventions}, for details). If the default value is empty, then no
+default is known. Otherwise, the value specifies the default value
+for this option. If the @code{default desc} flag is set, the field is
+either empty or contains a description of the effect if the option is
+not given.
+
+@item argdef
+This field is defined only for options for which the @code{optional
+arg} flag is set. If the @code{no arg desc} flag is not set, its
+format is that of an @emph{option argument} (@xref{Format
+conventions}, for details). If the default value is empty, then no
+default is known. Otherwise, the value specifies the default argument
+for this option. If the @code{no arg desc} flag is set, the field is
+either empty or contains a description of the effect of this option if
+no argument is given.
+
+@item value
+This field is defined only for options. Its format is that of an
+@emph{option argument}. If it is empty, then the option is not
+explicitly set in the current configuration, and the default applies
+(if any). Otherwise, it contains the current value of the option.
+Note that this field is also meaningful if the option itself does not
+take a real argument (in this case, it contains the number of times
+the option appears).
+@end table
+
+
+@node Changing options
+@subsection Changing options
+
+The command @w{@code{--change-options @var{component}}} will attempt
+to change the options of the component @var{component} to the
+specified values. @var{component} must be the string in the field
+@var{name} in the output of the @code{--list-components} command. You
+have to provide the options that shall be changed in the following
+format on standard input:
+
+@code{@var{name}:@var{flags}:@var{new-value}}
+
+@table @var
+@item name
+This is the name of the option to change. @var{name} must be the
+string in the field @var{name} in the output of the
+@code{--list-options} command.
+
+@item flags
+The flags field contains an @emph{unsigned number}. Its value is the
+OR-wise combination of the following flag values:
+
+@table @code
+@item default (16)
+If this flag is set, the option is deleted and the default value is
+used instead (if applicable).
+@end table
+
+@item new-value
+The new value for the option. This field is only defined if the
+@code{default} flag is not set. The format is that of an @emph{option
+argument}. If it is empty (or the field is omitted), the default
+argument is used (only allowed if the argument is optional for this
+option). Otherwise, the option will be set to the specified value.
+@end table
+
+@noindent
+The output of the command is the same as that of
+@code{--check-options} for the modified configuration file.
+
+Examples:
+
+To set the force option, which is of basic type @code{none (0)}:
+
+@example
+$ echo 'force:0:1' | gpgconf --change-options dirmngr
+@end example
+
+To delete the force option:
+
+@example
+$ echo 'force:16:' | gpgconf --change-options dirmngr
+@end example
+
+The @code{--runtime} option can influence when the changes take
+effect.
+
+
+@node Listing global options
+@subsection Listing global options
+
+Sometimes it is useful for applications to look at the global options
+file @file{gpgconf.conf}.
+The colon separated listing format is record oriented and uses the first
+field to identify the record type:
+
+@table @code
+@item k
+This describes a key record to start the definition of a new ruleset for
+a user/group. The format of a key record is:
+
+ @code{k:@var{user}:@var{group}:}
+
+@table @var
+@item user
+This is the user field of the key. It is percent escaped. See the
+definition of the gpgconf.conf format for details.
+
+@item group
+This is the group field of the key. It is percent escaped.
+@end table
+
+@item r
+This describes a rule record. All rule records up to the next key record
+make up a rule set for that key. The format of a rule record is:
+
+ @code{r:::@var{component}:@var{option}:@var{flags}:@var{value}:}
+
+@table @var
+@item component
+This is the component part of a rule. It is a plain string.
+
+@item option
+This is the option part of a rule. It is a plain string.
+
+@item flag
+This is the flags part of a rule. There may be only one flag per rule
+but by using the same component and option, several flags may be
+assigned to an option. It is a plain string.
+
+@item value
+This is the optional value for the option. It is a percent escaped
+string with a single quotation mark to indicate a string. The quotation
+mark is only required to distinguish between no value specified and an
+empty string.
+@end table
+
+@end table
+
+@noindent
+Unknown record types should be ignored. Note that there is intentionally
+no feature to change the global option file through @command{gpgconf}.
+
+
+
+@mansect files
+@node Files used by gpgconf
+@subsection Files used by gpgconf
+
+@table @file
+
+@item /etc/gnupg/gpgconf.conf
+@cindex gpgconf.conf
+ If this file exists, it is processed as a global configuration file.
+ A commented example can be found in the @file{examples} directory of
+ the distribution.
+@end table
+
+
+@mansect see also
+@ifset isman
+@command{gpg}(1),
+@command{gpgsm}(1),
+@command{gpg-agent}(1),
+@command{scdaemon}(1),
+@command{dirmngr}(1)
+@end ifset
+@include see-also-note.texi
+
+
+
+@c
+@c APPLYGNUPGDEFAULTS
+@c
+@manpage applygnupgdefaults.8
+@node applygnupgdefaults
+@section Run gpgconf for all users.
+@ifset manverb
+.B applygnupgdefaults
+\- Run gpgconf --apply-defaults for all users.
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B applygnupgdefaults
+@end ifset
+
+@mansect description
+This script is a wrapper around @command{gpgconf} to run it with the
+command @code{--apply-defaults} for all real users with an existing
+GnuPG home directory. Admins might want to use this script to update he
+GnuPG configuration files for all users after
+@file{/etc/gnupg/gpgconf.conf} has been changed. This allows to enforce
+certain policies for all users. Note, that this is not a bulletproof of
+forcing a user to use certain options. A user may always directly edit
+the configuration files and bypass gpgconf.
+
+@noindent
+@command{applygnupgdefaults} is invoked by root as:
+
+@example
+applygnupgdefaults
+@end example
+
+
+@c
+@c GPGSM-GENCERT.SH
+@c
+@node gpgsm-gencert.sh
+@section Generate an X.509 certificate request
+@manpage gpgsm-gencert.sh.1
+@ifset manverb
+.B gpgsm-gencert.sh
+\- Generate an X.509 certificate request
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpgsm-gencert.sh
+@end ifset
+
+@mansect description
+This is a simple tool to interactively generate a certificate request
+which will be printed to stdout.
+
+@manpause
+@noindent
+@command{gpgsm-gencert.sh} is invoked as:
+
+@samp{gpgsm-cencert.sh}
+
+@mansect see also
+@ifset isman
+@command{gpgsm}(1),
+@command{gpg-agent}(1),
+@command{scdaemon}(1)
+@end ifset
+@include see-also-note.texi
+
+
+
+@c
+@c GPG-PRESET-PASSPHRASE
+@c
+@node gpg-preset-passphrase
+@section Put a passphrase into the cache.
+@manpage gpg-preset-passphrase.1
+@ifset manverb
+.B gpg-preset-passphrase
+\- Put a passphrase into gpg-agent's cache
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpg-preset-passphrase
+.RI [ options ]
+.RI [ command ]
+.I cache-id
+@end ifset
+
+@mansect description
+The @command{gpg-preset-passphrase} is a utility to seed the internal
+cache of a running @command{gpg-agent} with passphrases. It is mainly
+useful for unattended machines, where the usual @command{pinentry} tool
+may not be used and the passphrases for the to be used keys are given at
+machine startup.
+
+Passphrases set with this utility don't expire unless the
+@option{--forget} option is used to explicitly clear them from the cache
+--- or @command{gpg-agent} is either restarted or reloaded (by sending a
+SIGHUP to it). It is necessary to allow this passphrase presetting by
+starting @command{gpg-agent} with the
+@option{--allow-preset-passphrase}.
+
+@menu
+* Invoking gpg-preset-passphrase:: List of all commands and options.
+@end menu
+
+@manpause
+@node Invoking gpg-preset-passphrase
+@subsection List of all commands and options.
+@mancont
+
+@noindent
+@command{gpg-preset-passphrase} is invoked this way:
+
+@example
+gpg-preset-passphrase [options] [command] @var{cacheid}
+@end example
+
+@var{cacheid} is either a 40 character keygrip of hexadecimal
+characters identifying the key for which the passphrase should be set
+or cleared. The keygrip is listed along with the key when running the
+command: @code{gpgsm --dump-secret-keys}. Alternatively an arbitrary
+string may be used to identify a passphrase; it is suggested that such
+a string is prefixed with the name of the application (e.g
+@code{foo:12346}).
+
+@noindent
+One of the following command options must be given:
+
+@table @gnupgtabopt
+@item --preset
+@opindex preset
+Preset a passphrase. This is what you usually will
+use. @command{gpg-preset-passphrase} will then read the passphrase from
+@code{stdin}.
+
+@item --forget
+@opindex forget
+Flush the passphrase for the given cache ID from the cache.
+
+@end table
+
+@noindent
+The following additional options may be used:
+
+@table @gnupgtabopt
+@item -v
+@itemx --verbose
+@opindex verbose
+Output additional information while running.
+
+@item -P @var{string}
+@itemx --passphrase @var{string}
+@opindex passphrase
+Instead of reading the passphrase from @code{stdin}, use the supplied
+@var{string} as passphrase. Note that this makes the passphrase visible
+for other users.
+@end table
+
+@mansect see also
+@ifset isman
+@command{gpg}(1),
+@command{gpgsm}(1),
+@command{gpg-agent}(1),
+@command{scdaemon}(1)
+@end ifset
+@include see-also-note.texi
+
+
+
+
+@c
+@c GPG-CONNECT-AGENT
+@c
+@node gpg-connect-agent
+@section Communicate with a running agent.
+@manpage gpg-connect-agent.1
+@ifset manverb
+.B gpg-connect-agent
+\- Communicate with a running agent
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpg-connect-agent
+.RI [ options ] [commands]
+@end ifset
+
+@mansect description
+The @command{gpg-connect-agent} is a utility to communicate with a
+running @command{gpg-agent}. It is useful to check out the commands
+gpg-agent provides using the Assuan interface. It might also be useful
+for scripting simple applications. Input is expected at stdin and out
+put gets printed to stdout.
+
+It is very similar to running @command{gpg-agent} in server mode; but
+here we connect to a running instance.
+
+@menu
+* Invoking gpg-connect-agent:: List of all options.
+* Controlling gpg-connect-agent:: Control commands.
+@end menu
+
+@manpause
+@node Invoking gpg-connect-agent
+@subsection List of all options.
+
+@noindent
+@command{gpg-connect-agent} is invoked this way:
+
+@example
+gpg-connect-agent [options] [commands]
+@end example
+@mancont
+
+@noindent
+The following options may be used:
+
+@table @gnupgtabopt
+@item -v
+@itemx --verbose
+@opindex verbose
+Output additional information while running.
+
+@item -q
+@item --quiet
+@opindex q
+@opindex quiet
+Try to be as quiet as possible.
+
+@include opt-homedir.texi
+
+@item --agent-program @var{file}
+@opindex agent-program
+Specify the agent program to be started if none is running.
+
+
+@item -S
+@itemx --raw-socket @var{name}
+@opindex raw-socket
+Connect to socket @var{name} assuming this is an Assuan style server.
+Do not run any special initializations or environment checks. This may
+be used to directly connect to any Assuan style socket server.
+
+@item -E
+@itemx --exec
+@opindex exec
+Take the rest of the command line as a program and it's arguments and
+execute it as an assuan server. Here is how you would run @command{gpgsm}:
+@smallexample
+ gpg-connect-agent --exec gpgsm --server
+@end smallexample
+Note that you may not use options on the command line in this case.
+
+@item --no-ext-connect
+@opindex no-ext-connect
+When using @option{-S} or @option{--exec}, @command{gpg-connect-agent}
+connects to the assuan server in extended mode to allow descriptor
+passing. This option makes it use the old mode.
+
+@item --run @var{file}
+@opindex run
+Run the commands from @var{file} at startup and then continue with the
+regular input method. Note, that commands given on the command line are
+executed after this file.
+
+@item -s
+@itemx --subst
+@opindex subst
+Run the command @code{/subst} at startup.
+
+@item --hex
+@opindex hex
+Print data lines in a hex format and the ASCII representation of
+non-control characters.
+
+@item --decode
+@opindex decode
+Decode data lines. That is to remove percent escapes but make sure that
+a new line always starts with a D and a space.
+
+@end table
+
+@mansect control commands
+@node Controlling gpg-connect-agent
+@subsection Control commands.
+
+While reading Assuan commands, gpg-agent also allows a few special
+commands to control its operation. These control commands all start
+with a slash (@code{/}).
+
+@table @code
+
+@item /echo @var{args}
+Just print @var{args}.
+
+@item /let @var{name} @var{value}
+Set the variable @var{name} to @var{value}. Variables are only
+substituted on the input if the @command{/subst} has been used.
+Variables are referenced by prefixing the name with a dollar sign and
+optionally include the name in curly braces. The rules for a valid name
+are identically to those of the standard bourne shell. This is not yet
+enforced but may be in the future. When used with curly braces no
+leading or trailing white space is allowed.
+
+If a variable is not found, it is searched in the environment and if
+found copied to the table of variables.
+
+Variable functions are available: The name of the function must be
+followed by at least one space and the at least one argument. The
+following functions are available:
+
+@table @code
+@item get
+Return a value described by the argument. Available arguments are:
+
+@table @code
+@item cwd
+The current working directory.
+@item homedir
+The gnupg homedir.
+@item sysconfdir
+GnuPG's system configuration directory.
+@item bindir
+GnuPG's binary directory.
+@item libdir
+GnuPG's library directory.
+@item libexecdir
+GnuPG's library directory for executable files.
+@item datadir
+GnuPG's data directory.
+@item serverpid
+The PID of the current server. Command @command{/serverpid} must
+have been given to return a useful value.
+@end table
+
+@item unescape @var{args}
+Remove C-style escapes from @var{args}. Note that @code{\0} and
+@code{\x00} terminate the returned string implicitly. The string to be
+converted are the entire arguments right behind the delimiting space of
+the function name.
+
+@item unpercent @var{args}
+@itemx unpercent+ @var{args}
+Remove percent style escaping from @var{args}. Note that @code{%00}
+terminates the string implicitly. The string to be converted are the
+entire arguments right behind the delimiting space of the function
+name. @code{unpercent+} also maps plus signs to a spaces.
+
+@item percent @var{args}
+@itemx percent+ @var{args}
+Escape the @var{args} using percent style escaping. Tabs, formfeeds,
+linefeeds, carriage returns and colons are escaped. @code{percent+} also
+maps spaces to plus signs.
+
+@item errcode @var{arg}
+@itemx errsource @var{arg}
+@itemx errstring @var{arg}
+Assume @var{arg} is an integer and evaluate it using @code{strtol}. Return
+the gpg-error error code, error source or a formatted string with the
+error code and error source.
+
+
+@item +
+@itemx -
+@itemx *
+@itemx /
+@itemx %
+Evaluate all arguments as long integers using @code{strtol} and apply
+this operator. A division by zero yields an empty string.
+
+@item !
+@itemx |
+@itemx &
+Evaluate all arguments as long integers using @code{strtol} and apply
+the logical oeprators NOT, OR or AND. The NOT operator works on the
+last argument only.
+
+
+@end table
+
+
+@item /definq @var{name} @var{var}
+Use content of the variable @var{var} for inquiries with @var{name}.
+@var{name} may be an asterisk (@code{*}) to match any inquiry.
+
+
+@item /definqfile @var{name} @var{file}
+Use content of @var{file} for inquiries with @var{name}.
+@var{name} may be an asterisk (@code{*}) to match any inquiry.
+
+@item /definqprog @var{name} @var{prog}
+Run @var{prog} for inquiries matching @var{name} and pass the
+entire line to it as command line arguments.
+
+@item /datafile @var{name}
+Write all data lines from the server to the file @var{name}. The file
+is opened for writing and created if it does not exists. An existing
+file is first truncated to 0. The data written to the file fully
+decoded. Using a single dash for @var{name} writes to stdout. The
+file is kept open until a new file is set using this command or this
+command is used without an argument.
+
+@item /showdef
+Print all definitions
+
+@item /cleardef
+Delete all definitions
+
+@item /sendfd @var{file} @var{mode}
+Open @var{file} in @var{mode} (which needs to be a valid @code{fopen}
+mode string) and send the file descriptor to the server. This is
+usually followed by a command like @code{INPUT FD} to set the
+input source for other commands.
+
+@item /recvfd
+Not yet implemented.
+
+@item /open @var{var} @var{file} [@var{mode}]
+Open @var{file} and assign the file descriptor to @var{var}. Warning:
+This command is experimental and might change in future versions.
+
+@item /close @var{fd}
+Close the file descriptor @var{fd}. Warning: This command is
+experimental and might change in future versions.
+
+@item /showopen
+Show a list of open files.
+
+@item /serverpid
+Send the Assuan command @command{GETINFO pid} to the server and store
+the returned PID for internal purposes.
+
+@item /sleep
+Sleep for a second.
+
+@item /hex
+@itemx /nohex
+Same as the command line option @option{--hex}.
+
+@item /decode
+@itemx /nodecode
+Same as the command line option @option{--decode}.
+
+@item /subst
+@itemx /nosubst
+Enable and disable variable substitution. It defaults to disabled
+unless the command line option @option{--subst} has been used.
+If /subst as been enabled once, leading whitespace is removed from
+input lines which makes scripts easier to read.
+
+@item /while @var{condition}
+@itemx /end
+These commands provide a way for executing loops. All lines between
+the @code{while} and the corresponding @code{end} are executed as long
+as the evaluation of @var{condition} yields a non-zero value or is the
+string @code{true} or @code{yes}. The evaluation is done by passing
+@var{condition} to the @code{strtol} function. Example:
+
+@smallexample
+ /subst
+ /let i 3
+ /while $i
+ /echo loop couter is $i
+ /let i $@{- $i 1@}
+ /end
+@end smallexample
+
+@item /if @var{condition}
+@itemx /end
+These commands provide a way for conditional execution. All lines between
+the @code{if} and the corresponding @code{end} are executed only if
+the evaluation of @var{condition} yields a non-zero value or is the
+string @code{true} or @code{yes}. The evaluation is done by passing
+@var{condition} to the @code{strtol} function.
+
+@item /run @var{file}
+Run commands from @var{file}.
+
+@item /bye
+Terminate the connection and the program
+
+@item /help
+Print a list of available control commands.
+
+@end table
+
+
+@ifset isman
+@mansect see also
+@command{gpg-agent}(1),
+@command{scdaemon}(1)
+@include see-also-note.texi
+@end ifset
+
+@ifset gpgtwoone
+@c
+@c DIRMNGR-CLIENT
+@c
+@node dirmngr-client
+@section The Dirmngr Client Tool
+
+@manpage dirmngr-client.1
+@ifset manverb
+.B dirmngr-client
+\- Tool to access the Dirmngr services
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B dirmngr-client
+.RI [ options ]
+.RI [ certfile | pattern ]
+@end ifset
+
+@mansect description
+The @command{dirmngr-client} is a simple tool to contact a running
+dirmngr and test whether a certificate has been revoked --- either by
+being listed in the corresponding CRL or by running the OCSP protocol.
+If no dirmngr is running, a new instances will be started but this is
+in general not a good idea due to the huge performance overhead.
+
+@noindent
+The usual way to run this tool is either:
+
+@example
+dirmngr-client @var{acert}
+@end example
+
+@noindent
+or
+
+@example
+dirmngr-client <@var{acert}
+@end example
+
+Where @var{acert} is one DER encoded (binary) X.509 certificates to be
+tested.
+@ifclear isman
+The return value of this command is
+@end ifclear
+
+@mansect return value
+@ifset isman
+@command{dirmngr-client} returns these values:
+@end ifset
+@table @code
+
+@item 0
+The certificate under question is valid; i.e. there is a valid CRL
+available and it is not listed tehre or teh OCSP request returned that
+that certificate is valid.
+
+@item 1
+The certificate has been revoked
+
+@item 2 (and other values)
+There was a problem checking the revocation state of the certificate.
+A message to stderr has given more detailed information. Most likely
+this is due to a missing or expired CRL or due to a network problem.
+
+@end table
+
+@mansect options
+@noindent
+@command{dirmngr-client} may be called with the following options:
+
+
+@table @gnupgtabopt
+@item --version
+@opindex version
+Print the program version and licensing information. Note that you cannot
+abbreviate this command.
+
+@item --help, -h
+@opindex help
+Print a usage message summarizing the most useful command-line options.
+Note that you cannot abbreviate this command.
+
+@item --quiet, -q
+@opindex quiet
+Make the output extra brief by suppressing any informational messages.
+
+@item -v
+@item --verbose
+@opindex v
+@opindex verbose
+Outputs additional information while running.
+You can increase the verbosity by giving several
+verbose commands to @sc{dirmngr}, such as @samp{-vv}.
+
+@item --pem
+@opindex pem
+Assume that the given certificate is in PEM (armored) format.
+
+@item --ocsp
+@opindex ocsp
+Do the check using the OCSP protocol and ignore any CRLs.
+
+@item --force-default-responder
+@opindex force-default-responder
+When checking using the OCSP protocl, force the use of the default OCSP
+responder. That is not to use the Reponder as given by the certificate.
+
+@item --ping
+@opindex ping
+Check whether the dirmngr daemon is up and running.
+
+@item --cache-cert
+@opindex cache-cert
+Put the given certificate into the cache of a running dirmngr. This is
+mainly useful for debugging.
+
+@item --validate
+@opindex validate
+Validate the given certificate using dirmngr's internal validation code.
+This is mainly useful for debugging.
+
+@item --load-crl
+@opindex load-crl
+This command expects a list of filenames with DER encoded CRL files.
+With the option @option{--url} URLs are expected in place of filenames
+and they are loaded directly from the given location. All CRLs will be
+validated and then loaded into dirmngr's cache.
+
+@item --lookup
+@opindex lookup
+Take the remaining arguments and run a lookup command on each of them.
+The results are Base-64 encoded outputs (without header lines). This
+may be used to retrieve certificates from a server. However the output
+format is not very well suited if more than one certificate is returned.
+
+@item --url
+@itemx -u
+@opindex url
+Modify the @command{lookup} and @command{load-crl} commands to take an URL.
+
+@item --local
+@itemx -l
+@opindex url
+Let the @command{lookup} command only search the local cache.
+
+@item --squid-mode
+@opindex squid-mode
+Run @sc{dirmngr-client} in a mode suitable as a helper program for
+Squid's @option{external_acl_type} option.
+
+
+@end table
+
+@ifset isman
+@mansect see also
+@command{dirmngr}(8),
+@command{gpgsm}(1)
+@include see-also-note.texi
+@end ifset
+@end ifset
+
+@c
+@c GPGPARSEMAIL
+@c
+@node gpgparsemail
+@section Parse a mail message into an annotated format
+
+@manpage gpgparsemail.1
+@ifset manverb
+.B gpgparsemail
+\- Parse a mail message into an annotated format
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpgparsemail
+.RI [ options ]
+.RI [ file ]
+@end ifset
+
+@mansect description
+The @command{gpgparsemail} is a utility currently only useful for
+debugging. Run it with @code{--help} for usage information.
+
+
+
+@c
+@c SYMCRYPTRUN
+@c
+@node symcryptrun
+@section Call a simple symmetric encryption tool.
+@manpage symcryptrun.1
+@ifset manverb
+.B symcryptrun
+\- Call a simple symmetric encryption tool
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B symcryptrun
+.B \-\-class
+.I class
+.B \-\-program
+.I program
+.B \-\-keyfile
+.I keyfile
+.RB [ --decrypt | --encrypt ]
+.RI [ inputfile ]
+@end ifset
+
+@mansect description
+Sometimes simple encryption tools are already in use for a long time and
+there might be a desire to integrate them into the GnuPG framework. The
+protocols and encryption methods might be non-standard or not even
+properly documented, so that a full-fledged encryption tool with an
+interface like gpg is not doable. @command{symcryptrun} provides a
+solution: It operates by calling the external encryption/decryption
+module and provides a passphrase for a key using the standard
+@command{pinentry} based mechanism through @command{gpg-agent}.
+
+Note, that @command{symcryptrun} is only available if GnuPG has been
+configured with @samp{--enable-symcryptrun} at build time.
+
+@menu
+* Invoking symcryptrun:: List of all commands and options.
+@end menu
+
+@manpause
+@node Invoking symcryptrun
+@subsection List of all commands and options.
+
+@noindent
+@command{symcryptrun} is invoked this way:
+
+@example
+symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE
+ [--decrypt | --encrypt] [inputfile]
+@end example
+@mancont
+
+For encryption, the plain text must be provided on STDIN or as the
+argument @var{inputfile}, and the ciphertext will be output to STDOUT.
+For decryption vice versa.
+
+@var{CLASS} describes the calling conventions of the external tool.
+Currently it must be given as @samp{confucius}. @var{PROGRAM} is
+the full filename of that external tool.
+
+For the class @samp{confucius} the option @option{--keyfile} is
+required; @var{keyfile} is the name of a file containing the secret key,
+which may be protected by a passphrase. For detailed calling
+conventions, see the source code.
+
+@noindent
+Note, that @command{gpg-agent} must be running before starting
+@command{symcryptrun}.
+
+@noindent
+The following additional options may be used:
+
+@table @gnupgtabopt
+@item -v
+@itemx --verbose
+@opindex verbose
+Output additional information while running.
+
+@item -q
+@item --quiet
+@opindex q
+@opindex quiet
+Try to be as quiet as possible.
+
+@include opt-homedir.texi
+
+
+@item --log-file @var{file}
+@opindex log-file
+Append all logging output to @var{file}. Default is to write logging
+information to STDERR.
+
+@end table
+
+@noindent
+The possible exit status codes of @command{symcryptrun} are:
+
+@table @code
+@item 0
+ Success.
+@item 1
+ Some error occured.
+@item 2
+ No valid passphrase was provided.
+@item 3
+ The operation was canceled by the user.
+
+@end table
+
+@mansect see also
+@ifset isman
+@command{gpg}(1),
+@command{gpgsm}(1),
+@command{gpg-agent}(1),
+@end ifset
+@include see-also-note.texi
+
+
+@c
+@c GPG-ZIP
+@c
+@c The original manpage on which this section is based was written
+@c by Colin Tuckley <colin@tuckley.org> and Daniel Leidert
+@c <daniel.leidert@wgdd.de> for the Debian distribution (but may be used by
+@c others).
+@manpage gpg-zip.1
+@node gpg-zip
+@section Encrypt or sign files into an archive
+@ifset manverb
+.B gpg-zip \- Encrypt or sign files into an archive
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B gpg-zip
+.RI [ options ]
+.I filename1
+.I [ filename2, ... ]
+.I directory1
+.I [ directory2, ... ]
+@end ifset
+
+@mansect description
+@command{gpg-zip} encrypts or signs files into an archive. It is an
+gpg-ized tar using the same format as used by PGP's PGP Zip.
+
+@manpause
+@noindent
+@command{gpg-zip} is invoked this way:
+
+@example
+gpg-zip [options] @var{filename1} [@var{filename2}, ...] @var{directory} [@var{directory2}, ...]
+@end example
+
+@mansect options
+@noindent
+@command{gpg-zip} understands these options:
+
+@table @gnupgtabopt
+
+@item --encrypt
+@itemx -e
+@opindex encrypt
+Encrypt data. This option may be combined with @option{--symmetric} (for output that may be decrypted via a secret key or a passphrase).
+
+@item --decrypt
+@itemx -d
+@opindex decrypt
+Decrypt data.
+
+@item --symmetric
+@itemx -c
+Encrypt with a symmetric cipher using a passphrase. The default
+symmetric cipher used is CAST5, but may be chosen with the
+@option{--cipher-algo} option to @command{gpg}.
+
+@item --sign
+@itemx -s
+Make a signature. See @command{gpg}.
+
+@item --recipient @var{user}
+@itemx -r @var{user}
+@opindex recipient
+Encrypt for user id @var{user}. See @command{gpg}.
+
+@item --local-user @var{user}
+@itemx -u @var{user}
+@opindex local-user
+Use @var{user} as the key to sign with. See @command{gpg}.
+
+@item --list-archive
+@opindex list-archive
+List the contents of the specified archive.
+
+@item --output @var{file}
+@itemx -o @var{file}
+@opindex output
+Write output to specified file @var{file}.
+
+@item --gpg @var{gpgcmd}
+@opindex gpg
+Use the specified command @var{gpgcmd} instead of @command{gpg}.
+
+@item --gpg-args @var{args}
+@opindex gpg-args
+Pass the specified options to @command{gpg}.
+
+@item --tar @var{tarcmd}
+@opindex tar
+Use the specified command @var{tarcmd} instead of @command{tar}.
+
+@item --tar-args @var{args}
+@opindex tar-args
+Pass the specified options to @command{tar}.
+
+@item --version
+@opindex version
+Print version of the program and exit.
+
+@item --help
+@opindex help
+Display a brief help page and exit.
+
+@end table
+
+@mansect diagnostics
+@noindent
+The program returns 0 if everything was fine, 1 otherwise.
+
+
+@mansect examples
+@ifclear isman
+@noindent
+Some examples:
+
+@end ifclear
+@noindent
+Encrypt the contents of directory @file{mydocs} for user Bob to file
+@file{test1}:
+
+@example
+gpg-zip --encrypt --output test1 --gpg-args -r Bob mydocs
+@end example
+
+@noindent
+List the contents of archive @file{test1}:
+
+@example
+gpg-zip --list-archive test1
+@end example
+
+
+@mansect see also
+@ifset isman
+@command{gpg}(1),
+@command{tar}(1),
+@end ifset
+@include see-also-note.texi
diff --git a/doc/version.texi b/doc/version.texi
new file mode 100644
index 0000000..8f6243a
--- /dev/null
+++ b/doc/version.texi
@@ -0,0 +1,4 @@
+@set UPDATED 27 March 2012
+@set UPDATED-MONTH March 2012
+@set EDITION 2.0.19
+@set VERSION 2.0.19
diff --git a/doc/yat2m.c b/doc/yat2m.c
new file mode 100644
index 0000000..a22176c
--- /dev/null
+++ b/doc/yat2m.c
@@ -0,0 +1,1360 @@
+/* yat2m.c - Yet Another Texi 2 Man converter
+ * Copyright (C) 2005 g10 Code GmbH
+ * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ This is a simple textinfo to man page converter. It needs some
+ special markup in th e texinfo and tries best to get a create man
+ page. It has been designed for the GnuPG man pages and thus only
+ a few texinfo commands are supported.
+
+ To use this you need to add the following macros into your texinfo
+ source:
+
+ @macro manpage {a}
+ @end macro
+ @macro mansect {a}
+ @end macro
+ @macro manpause
+ @end macro
+ @macro mancont
+ @end macro
+
+ They are used by yat2m to select parts of the Texinfo which should
+ go into the man page. These macros need to be used without leading
+ left space. Processing starts after a "manpage" macro has been
+ seen. "mansect" identifies the section and yat2m make sure to
+ emit the sections in the proper order. Note that @mansect skips
+ the next input line if that line begins with @section, @subsection or
+ @chapheading.
+
+ To insert verbatim troff markup, the following texinfo code may be
+ used:
+
+ @ifset manverb
+ .B whateever you want
+ @end ifset
+
+ alternativly a special comment may be used:
+
+ @c man:.B whatever you want
+
+ This is useful in case you need just one line. If you want to
+ include parts only in the man page but keep the texinfo
+ translation you may use:
+
+ @ifset isman
+ stuff to be rendered only on man pages
+ @end ifset
+
+ or to exclude stuff from man pages:
+
+ @ifclear isman
+ stuff not to be rendered on man pages
+ @end ifclear
+
+ the keyword @section is ignored, however @subsection gets rendered
+ as ".SS". @menu is completely skipped. Several man pages may be
+ extracted from one file, either using the --store or the --select
+ option.
+
+ If you want to indent tables in the source use this style:
+
+ @table foo
+ @item
+ @item
+ @table
+ @item
+ @end
+ @end
+
+ Don't change the indentation within a table and keep the same
+ number of white space at the start of the line. yat2m simply
+ detects the number of white spaces in front of an @item and remove
+ this number of spaces from all following lines until a new @item
+ is found or there are less spaces than for the last @item.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <ctype.h>
+#include <time.h>
+
+
+#define PGM "yat2m"
+#define VERSION "1.0"
+
+/* The maximum length of a line including the linefeed and one extra
+ character. */
+#define LINESIZE 1024
+
+/* Option flags. */
+static int verbose;
+static int quiet;
+static int debug;
+static const char *opt_source;
+static const char *opt_release;
+static const char *opt_select;
+static const char *opt_include;
+static int opt_store;
+
+/* The only define we understand is -D gpgone. Thus we need a simple
+ boolean tro track it. */
+static int gpgone_defined;
+
+/* Flag to keep track whether any error occurred. */
+static int any_error;
+
+
+/* Object to keep macro definitions. */
+struct macro_s
+{
+ struct macro_s *next;
+ char *value; /* Malloced value. */
+ char name[1];
+};
+typedef struct macro_s *macro_t;
+
+/* List of all defined macros. */
+static macro_t macrolist;
+
+
+/* Object to store one line of content. */
+struct line_buffer_s
+{
+ struct line_buffer_s *next;
+ int verbatim; /* True if LINE contains verbatim data. The default
+ is Texinfo source. */
+ char *line;
+};
+typedef struct line_buffer_s *line_buffer_t;
+
+
+/* Object to collect the data of a section. */
+struct section_buffer_s
+{
+ char *name; /* Malloced name of the section. This may be
+ NULL to indicate this slot is not used. */
+ line_buffer_t lines; /* Linked list with the lines of the section. */
+ line_buffer_t *lines_tail; /* Helper for faster appending to the
+ linked list. */
+ line_buffer_t last_line; /* Points to the last line appended. */
+};
+typedef struct section_buffer_s *section_buffer_t;
+
+/* Variable to keep info about the current page together. */
+static struct
+{
+ /* Filename of the current page or NULL if no page is active. Malloced. */
+ char *name;
+
+ /* Number of allocated elements in SECTIONS below. */
+ size_t n_sections;
+ /* Array with the data of the sections. */
+ section_buffer_t sections;
+
+} thepage;
+
+
+/* The list of standard section names. COMMANDS and ASSUAN are GnuPG
+ specific. */
+static const char * const standard_sections[] =
+ { "NAME", "SYNOPSIS", "DESCRIPTION",
+ "RETURN VALUE", "EXIT STATUS", "ERROR HANDLING", "ERRORS",
+ "COMMANDS", "OPTIONS", "USAGE", "EXAMPLES", "FILES",
+ "ENVIRONMENT", "DIAGNOSTICS", "SECURITY", "CONFORMING TO",
+ "ASSUAN", "NOTES", "BUGS", "AUTHOR", "SEE ALSO", NULL };
+
+
+/*-- Local prototypes. --*/
+static void proc_texi_buffer (FILE *fp, const char *line, size_t len,
+ int *table_level, int *eol_action);
+
+
+
+/* Print diagnostic message and exit with failure. */
+static void
+die (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ fflush (stdout);
+ fprintf (stderr, "%s: ", PGM);
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+ putc ('\n', stderr);
+
+ exit (1);
+}
+
+
+/* Print diagnostic message. */
+static void
+err (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ fflush (stdout);
+ if (strncmp (format, "%s:%d:", 6))
+ fprintf (stderr, "%s: ", PGM);
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+ putc ('\n', stderr);
+ any_error = 1;
+}
+
+/* Print diagnostic message. */
+static void
+inf (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ fflush (stdout);
+ fprintf (stderr, "%s: ", PGM);
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+ putc ('\n', stderr);
+}
+
+
+static void *
+xmalloc (size_t n)
+{
+ void *p = malloc (n);
+ if (!p)
+ die ("out of core: %s", strerror (errno));
+ return p;
+}
+
+static void *
+xcalloc (size_t n, size_t m)
+{
+ void *p = calloc (n, m);
+ if (!p)
+ die ("out of core: %s", strerror (errno));
+ return p;
+}
+
+static void *
+xrealloc (void *old, size_t n)
+{
+ void *p = realloc (old, n);
+ if (!p)
+ die ("out of core: %s", strerror (errno));
+ return p;
+}
+
+static char *
+xstrdup (const char *string)
+{
+ void *p = malloc (strlen (string)+1);
+ if (!p)
+ die ("out of core: %s", strerror (errno));
+ strcpy (p, string);
+ return p;
+}
+
+
+/* Uppercase the ascii characters in STRING. */
+static char *
+ascii_strupr (char *string)
+{
+ char *p;
+
+ for (p = string; *p; p++)
+ if (!(*p & 0x80))
+ *p = toupper (*p);
+ return string;
+}
+
+
+/* Return the current date as an ISO string. */
+const char *
+isodatestring (void)
+{
+ static char buffer[11+5];
+ struct tm *tp;
+ time_t atime = time (NULL);
+
+ if (atime < 0)
+ strcpy (buffer, "????" "-??" "-??");
+ else
+ {
+ tp = gmtime (&atime);
+ sprintf (buffer,"%04d-%02d-%02d",
+ 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
+ }
+ return buffer;
+}
+
+
+
+/* Return a section buffer for the section NAME. Allocate a new buffer
+ if this is a new section. Keep track of the sections in THEPAGE.
+ This function may reallocate the section array in THEPAGE. */
+static section_buffer_t
+get_section_buffer (const char *name)
+{
+ int i;
+ section_buffer_t sect;
+
+ /* If there is no section we put everything into the required NAME
+ section. Given that this is the first one listed it is likely
+ that error are easily visible. */
+ if (!name)
+ name = "NAME";
+
+ for (i=0; i < thepage.n_sections; i++)
+ {
+ sect = thepage.sections + i;
+ if (sect->name && !strcmp (name, sect->name))
+ return sect;
+ }
+ for (i=0; i < thepage.n_sections; i++)
+ if (!thepage.sections[i].name)
+ break;
+ if (i < thepage.n_sections)
+ sect = thepage.sections + i;
+ else
+ {
+ /* We need to allocate or reallocate the section array. */
+ size_t old_n = thepage.n_sections;
+ size_t new_n = 20;
+
+ if (!old_n)
+ thepage.sections = xcalloc (new_n, sizeof *thepage.sections);
+ else
+ {
+ thepage.sections = xrealloc (thepage.sections,
+ ((old_n + new_n)
+ * sizeof *thepage.sections));
+ memset (thepage.sections + old_n, 0,
+ new_n * sizeof *thepage.sections);
+ }
+ thepage.n_sections += new_n;
+
+ /* Setup the tail pointers. */
+ for (i=old_n; i < thepage.n_sections; i++)
+ {
+ sect = thepage.sections + i;
+ sect->lines_tail = &sect->lines;
+ }
+ sect = thepage.sections + old_n;
+ }
+
+ /* Store the name. */
+ assert (!sect->name);
+ sect->name = xstrdup (name);
+ return sect;
+}
+
+
+
+/* Add the content of LINE to the section named SECTNAME. */
+static void
+add_content (const char *sectname, char *line, int verbatim)
+{
+ section_buffer_t sect;
+ line_buffer_t lb;
+
+ sect = get_section_buffer (sectname);
+ if (sect->last_line && !sect->last_line->verbatim == !verbatim)
+ {
+ /* Lets append that line to the last one. We do this to keep
+ all lines of the same kind (i.e.verbatim or not) together in
+ one large buffer. */
+ size_t n1, n;
+
+ lb = sect->last_line;
+ n1 = strlen (lb->line);
+ n = n1 + 1 + strlen (line) + 1;
+ lb->line = xrealloc (lb->line, n);
+ strcpy (lb->line+n1, "\n");
+ strcpy (lb->line+n1+1, line);
+ }
+ else
+ {
+ lb = xcalloc (1, sizeof *lb);
+ lb->verbatim = verbatim;
+ lb->line = xstrdup (line);
+ sect->last_line = lb;
+ *sect->lines_tail = lb;
+ sect->lines_tail = &lb->next;
+ }
+}
+
+
+/* Prepare for a new man page using the filename NAME. */
+static void
+start_page (char *name)
+{
+ if (verbose)
+ inf ("starting page `%s'", name);
+ assert (!thepage.name);
+ thepage.name = xstrdup (name);
+ thepage.n_sections = 0;
+}
+
+
+/* Write the .TH entry of the current page. Return -1 if there is a
+ problem with the page. */
+static int
+write_th (FILE *fp)
+{
+ char *name, *p;
+
+ fputs (".\\\" Created from Texinfo source by yat2m " VERSION "\n", fp);
+
+ name = ascii_strupr (xstrdup (thepage.name));
+ p = strrchr (name, '.');
+ if (!p || !p[1])
+ {
+ err ("no section name in man page `%s'", thepage.name);
+ free (name);
+ return -1;
+ }
+ *p++ = 0;
+ fprintf (fp, ".TH %s %s %s \"%s\" \"%s\"\n",
+ name, p, isodatestring (), opt_release, opt_source);
+ return 0;
+}
+
+
+/* Process the texinfo command COMMAND (without the leading @) and
+ write output if needed to FP. REST is the remainer of the line
+ which should either point to an opening brace or to a white space.
+ The function returns the number of characters already processed
+ from REST. LEN is the usable length of REST. TABLE_LEVEL is used to
+ control the indentation of tables. */
+static size_t
+proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
+ int *table_level, int *eol_action)
+{
+ static struct {
+ const char *name; /* Name of the command. */
+ int what; /* What to do with this command. */
+ const char *lead_in; /* String to print with a opening brace. */
+ const char *lead_out;/* String to print with the closing brace. */
+ } cmdtbl[] = {
+ { "command", 0, "\\fB", "\\fR" },
+ { "code", 0, "\\fB", "\\fR" },
+ { "sc", 0, "\\fB", "\\fR" },
+ { "var", 0, "\\fI", "\\fR" },
+ { "samp", 0, "\\(aq", "\\(aq" },
+ { "file", 0, "\\(oq\\fI","\\fR\\(cq" },
+ { "env", 0, "\\(oq\\fI","\\fR\\(cq" },
+ { "acronym", 0 },
+ { "dfn", 0 },
+ { "option", 0, "\\fB", "\\fR" },
+ { "example", 1, ".RS 2\n.nf\n" },
+ { "smallexample", 1, ".RS 2\n.nf\n" },
+ { "asis", 7 },
+ { "anchor", 7 },
+ { "cartouche", 1 },
+ { "xref", 0, "see: [", "]" },
+ { "pxref", 0, "see: [", "]" },
+ { "uref", 0, "(\\fB", "\\fR)" },
+ { "footnote",0, " ([", "])" },
+ { "emph", 0, "\\fI", "\\fR" },
+ { "w", 1 },
+ { "c", 5 },
+ { "opindex", 1 },
+ { "cpindex", 1 },
+ { "cindex", 1 },
+ { "noindent", 0 },
+ { "section", 1 },
+ { "chapter", 1 },
+ { "subsection", 6, "\n.SS " },
+ { "chapheading", 0},
+ { "item", 2, ".TP\n.B " },
+ { "itemx", 2, ".TP\n.B " },
+ { "table", 3 },
+ { "itemize", 3 },
+ { "bullet", 0, "* " },
+ { "end", 4 },
+ { "quotation",1, ".RS\n\\fB" },
+ { NULL }
+ };
+ size_t n;
+ int i;
+ const char *s;
+ const char *lead_out = NULL;
+ int ignore_args = 0;
+
+ for (i=0; cmdtbl[i].name && strcmp (cmdtbl[i].name, command); i++)
+ ;
+ if (cmdtbl[i].name)
+ {
+ s = cmdtbl[i].lead_in;
+ if (s)
+ fputs (s, fp);
+ lead_out = cmdtbl[i].lead_out;
+ switch (cmdtbl[i].what)
+ {
+ case 1: /* Throw away the entire line. */
+ s = memchr (rest, '\n', len);
+ return s? (s-rest)+1 : len;
+ case 2: /* Handle @item. */
+ break;
+ case 3: /* Handle table. */
+ if (++(*table_level) > 1)
+ fputs (".RS\n", fp);
+ /* Now throw away the entire line. */
+ s = memchr (rest, '\n', len);
+ return s? (s-rest)+1 : len;
+ break;
+ case 4: /* Handle end. */
+ for (s=rest, n=len; n && (*s == ' ' || *s == '\t'); s++, n--)
+ ;
+ if (n >= 5 && !memcmp (s, "table", 5)
+ && (!n || s[5] == ' ' || s[5] == '\t' || s[5] == '\n'))
+ {
+ if ((*table_level)-- > 1)
+ fputs (".RE\n", fp);
+ }
+ else if (n >= 7 && !memcmp (s, "example", 7)
+ && (!n || s[7] == ' ' || s[7] == '\t' || s[7] == '\n'))
+ {
+ fputs (".fi\n.RE\n", fp);
+ }
+ else if (n >= 12 && !memcmp (s, "smallexample", 12)
+ && (!n || s[12] == ' ' || s[12] == '\t' || s[12] == '\n'))
+ {
+ fputs (".fi\n.RE\n", fp);
+ }
+ else if (n >= 9 && !memcmp (s, "quotation", 9)
+ && (!n || s[9] == ' ' || s[9] == '\t' || s[9] == '\n'))
+ {
+ fputs ("\\fR\n.RE\n", fp);
+ }
+ /* Now throw away the entire line. */
+ s = memchr (rest, '\n', len);
+ return s? (s-rest)+1 : len;
+ case 5: /* Handle special comments. */
+ for (s=rest, n=len; n && (*s == ' ' || *s == '\t'); s++, n--)
+ ;
+ if (n >= 4 && !memcmp (s, "man:", 4))
+ {
+ for (s+=4, n-=4; n && *s != '\n'; n--, s++)
+ putc (*s, fp);
+ putc ('\n', fp);
+ }
+ /* Now throw away the entire line. */
+ s = memchr (rest, '\n', len);
+ return s? (s-rest)+1 : len;
+ case 6:
+ *eol_action = 1;
+ break;
+ case 7:
+ ignore_args = 1;
+ break;
+ default:
+ break;
+ }
+ }
+ else
+ {
+ macro_t m;
+
+ for (m = macrolist; m ; m = m->next)
+ if (!strcmp (m->name, command))
+ break;
+ if (m)
+ {
+ proc_texi_buffer (fp, m->value, strlen (m->value),
+ table_level, eol_action);
+ ignore_args = 1; /* Parameterized macros are not yet supported. */
+ }
+ else
+ inf ("texinfo command `%s' not supported (%.*s)", command,
+ ((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest);
+ }
+
+ if (*rest == '{')
+ {
+ /* Find matching closing brace. */
+ for (s=rest+1, n=1, i=1; i && *s && n < len; s++, n++)
+ if (*s == '{')
+ i++;
+ else if (*s == '}')
+ i--;
+ if (i)
+ {
+ err ("closing brace for command `%s' not found", command);
+ return len;
+ }
+ if (n > 2 && !ignore_args)
+ proc_texi_buffer (fp, rest+1, n-2, table_level, eol_action);
+ }
+ else
+ n = 0;
+
+ if (lead_out)
+ fputs (lead_out, fp);
+
+ return n;
+}
+
+
+
+/* Process the string LINE with LEN bytes of Texinfo content. */
+static void
+proc_texi_buffer (FILE *fp, const char *line, size_t len,
+ int *table_level, int *eol_action)
+{
+ const char *s;
+ char cmdbuf[256];
+ int cmdidx = 0;
+ int in_cmd = 0;
+ size_t n;
+
+ for (s=line; *s && len; s++, len--)
+ {
+ if (in_cmd)
+ {
+ if (in_cmd == 1)
+ {
+ switch (*s)
+ {
+ case '@': case '{': case '}':
+ putc (*s, fp); in_cmd = 0;
+ break;
+ case ':': /* Not ending a sentence flag. */
+ in_cmd = 0;
+ break;
+ case '.': case '!': case '?': /* Ending a sentence. */
+ putc (*s, fp); in_cmd = 0;
+ break;
+ case ' ': case '\t': case '\n': /* Non collapsing spaces. */
+ putc (*s, fp); in_cmd = 0;
+ break;
+ default:
+ cmdidx = 0;
+ cmdbuf[cmdidx++] = *s;
+ in_cmd++;
+ break;
+ }
+ }
+ else if (*s == '{' || *s == ' ' || *s == '\t' || *s == '\n')
+ {
+ cmdbuf[cmdidx] = 0;
+ n = proc_texi_cmd (fp, cmdbuf, s, len, table_level, eol_action);
+ assert (n <= len);
+ s += n; len -= n;
+ s--; len++;
+ in_cmd = 0;
+ }
+ else if (cmdidx < sizeof cmdbuf -1)
+ cmdbuf[cmdidx++] = *s;
+ else
+ {
+ err ("texinfo command too long - ignored");
+ in_cmd = 0;
+ }
+ }
+ else if (*s == '@')
+ in_cmd = 1;
+ else if (*s == '\n')
+ {
+ switch (*eol_action)
+ {
+ case 1: /* Create a dummy paragraph. */
+ fputs ("\n\\ \n", fp);
+ break;
+ default:
+ putc (*s, fp);
+ }
+ *eol_action = 0;
+ }
+ else if (*s == '\\')
+ fputs ("\\\\", fp);
+ else
+ putc (*s, fp);
+ }
+
+ if (in_cmd > 1)
+ {
+ cmdbuf[cmdidx] = 0;
+ n = proc_texi_cmd (fp, cmdbuf, s, len, table_level, eol_action);
+ assert (n <= len);
+ s += n; len -= n;
+ s--; len++;
+ in_cmd = 0;
+ }
+}
+
+
+/* Do something with the Texinfo line LINE. */
+static void
+parse_texi_line (FILE *fp, const char *line, int *table_level)
+{
+ int eol_action = 0;
+
+ /* A quick test whether there are any texinfo commands. */
+ if (!strchr (line, '@'))
+ {
+ fputs (line, fp);
+ putc ('\n', fp);
+ return;
+ }
+ proc_texi_buffer (fp, line, strlen (line), table_level, &eol_action);
+ putc ('\n', fp);
+}
+
+
+/* Write all the lines LINES to FP. */
+static void
+write_content (FILE *fp, line_buffer_t lines)
+{
+ line_buffer_t line;
+ int table_level = 0;
+
+ for (line = lines; line; line = line->next)
+ {
+ if (line->verbatim)
+ {
+ fputs (line->line, fp);
+ putc ('\n', fp);
+ }
+ else
+ {
+/* fputs ("TEXI---", fp); */
+/* fputs (line->line, fp); */
+/* fputs ("---\n", fp); */
+ parse_texi_line (fp, line->line, &table_level);
+ }
+ }
+}
+
+
+
+static int
+is_standard_section (const char *name)
+{
+ int i;
+ const char *s;
+
+ for (i=0; (s=standard_sections[i]); i++)
+ if (!strcmp (s, name))
+ return 1;
+ return 0;
+}
+
+
+/* Finish a page; that is sort the data and write it out to the file. */
+static void
+finish_page (void)
+{
+ FILE *fp;
+ section_buffer_t sect = NULL;
+ int idx;
+ const char *s;
+ int i;
+
+ if (!thepage.name)
+ return; /* No page active. */
+
+ if (verbose)
+ inf ("finishing page `%s'", thepage.name);
+
+ if (opt_select)
+ {
+ if (!strcmp (opt_select, thepage.name))
+ {
+ inf ("selected `%s'", thepage.name );
+ fp = stdout;
+ }
+ else
+ {
+ fp = fopen ( "/dev/null", "w" );
+ if (!fp)
+ die ("failed to open /dev/null: %s\n", strerror (errno));
+ }
+ }
+ else if (opt_store)
+ {
+ inf ("writing `%s'", thepage.name );
+ fp = fopen ( thepage.name, "w" );
+ if (!fp)
+ die ("failed to create `%s': %s\n", thepage.name, strerror (errno));
+ }
+ else
+ fp = stdout;
+
+ if (write_th (fp))
+ goto leave;
+
+ for (idx=0; (s=standard_sections[idx]); idx++)
+ {
+ for (i=0; i < thepage.n_sections; i++)
+ {
+ sect = thepage.sections + i;
+ if (sect->name && !strcmp (s, sect->name))
+ break;
+ }
+ if (i == thepage.n_sections)
+ sect = NULL;
+
+ if (sect)
+ {
+ fprintf (fp, ".SH %s\n", sect->name);
+ write_content (fp, sect->lines);
+ /* Now continue with all non standard sections directly
+ following this one. */
+ for (i++; i < thepage.n_sections; i++)
+ {
+ sect = thepage.sections + i;
+ if (sect->name && is_standard_section (sect->name))
+ break;
+ if (sect->name)
+ {
+ fprintf (fp, ".SH %s\n", sect->name);
+ write_content (fp, sect->lines);
+ }
+ }
+
+ }
+ }
+
+
+ leave:
+ if (fp != stdout)
+ fclose (fp);
+ free (thepage.name);
+ thepage.name = NULL;
+ /* FIXME: Cleanup the content. */
+}
+
+
+
+
+/* Parse one Texinfo file and create manpages according to the
+ embedded instructions. */
+static void
+parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
+{
+ char *line;
+ int lnr = 0;
+ /* Fixme: The following state variables don't carry over to include
+ files. */
+ int in_verbatim = 0;
+ int skip_to_end = 0; /* Used to skip over menu entries. */
+ int skip_sect_line = 0; /* Skip after @mansect. */
+ int ifset_nesting = 0; /* How often a ifset has been seen. */
+ int ifclear_nesting = 0; /* How often a ifclear has been seen. */
+ int in_gpgone = 0; /* Keep track of "@ifset gpgone" parts. */
+ int not_in_gpgone = 0; /* Keep track of "@ifclear gpgone" parts. */
+ int not_in_man = 0; /* Keep track of "@ifclear isman" parts. */
+ int item_indent = 0; /* How far is the current @item indented. */
+
+ /* Helper to define a macro. */
+ char *macroname = NULL;
+ char *macrovalue = NULL;
+ size_t macrovaluesize = 0;
+ size_t macrovalueused = 0;
+
+ line = xmalloc (LINESIZE);
+ while (fgets (line, LINESIZE, fp))
+ {
+ size_t n = strlen (line);
+ int got_line = 0;
+ char *p;
+
+ lnr++;
+ if (!n || line[n-1] != '\n')
+ {
+ err ("%s:%d: trailing linefeed missing, line too long or "
+ "embedded Nul character", fname, lnr);
+ break;
+ }
+ line[--n] = 0;
+
+ /* Kludge to allow indentation of tables. */
+ for (p=line; *p == ' ' || *p == '\t'; p++)
+ ;
+ if (*p)
+ {
+ if (*p == '@' && !strncmp (p+1, "item", 4))
+ item_indent = p - line; /* Set a new indent level. */
+ else if (p - line < item_indent)
+ item_indent = 0; /* Switch off indention. */
+
+ if (item_indent)
+ {
+ memmove (line, line+item_indent, n - item_indent + 1);
+ n -= item_indent;
+ }
+ }
+
+
+ if (*line == '@')
+ {
+ for (p=line+1, n=1; *p && *p != ' ' && *p != '\t'; p++)
+ n++;
+ while (*p == ' ' || *p == '\t')
+ p++;
+ }
+ else
+ p = line;
+
+ /* Take action on macro. */
+ if (macroname)
+ {
+ if (n == 4 && !memcmp (line, "@end", 4)
+ && (line[4]==' '||line[4]=='\t'||!line[4])
+ && !strncmp (p, "macro", 5)
+ && (p[5]==' '||p[5]=='\t'||!p[5]))
+ {
+ macro_t m;
+
+ if (macrovalueused)
+ macrovalue[--macrovalueused] = 0; /* Kill the last LF. */
+ macrovalue[macrovalueused] = 0; /* Terminate macro. */
+ macrovalue = xrealloc (macrovalue, macrovalueused+1);
+
+ for (m= macrolist; m; m = m->next)
+ if (!strcmp (m->name, macroname))
+ break;
+ if (m)
+ free (m->value);
+ else
+ {
+ m = xcalloc (1, sizeof *m + strlen (macroname));
+ strcpy (m->name, macroname);
+ m->next = macrolist;
+ macrolist = m;
+ }
+ m->value = macrovalue;
+ macrovalue = NULL;
+ free (macroname);
+ macroname = NULL;
+ }
+ else
+ {
+ if (macrovalueused + strlen (line) + 2 >= macrovaluesize)
+ {
+ macrovaluesize += strlen (line) + 256;
+ macrovalue = xrealloc (macrovalue, macrovaluesize);
+ }
+ strcpy (macrovalue+macrovalueused, line);
+ macrovalueused += strlen (line);
+ macrovalue[macrovalueused++] = '\n';
+ }
+ continue;
+ }
+
+
+ if (n >= 5 && !memcmp (line, "@node", 5)
+ && (line[5]==' '||line[5]=='\t'||!line[5]))
+ {
+ /* Completey ignore @node lines. */
+ continue;
+ }
+
+
+ if (skip_sect_line)
+ {
+ skip_sect_line = 0;
+ if (!strncmp (line, "@section", 8)
+ || !strncmp (line, "@subsection", 11)
+ || !strncmp (line, "@chapheading", 12))
+ continue;
+ }
+
+ /* We only parse lines we need and ignore the rest. There are a
+ few macros used to control this as well as one @ifset
+ command. Parts we know about are saved away into containers
+ separate for each section. */
+
+ /* First process ifset/ifclear commands. */
+ if (*line == '@')
+ {
+ if (n == 6 && !memcmp (line, "@ifset", 6)
+ && (line[6]==' '||line[6]=='\t'))
+ {
+ ifset_nesting++;
+
+ if (!strncmp (p, "manverb", 7) && (p[7]==' '||p[7]=='\t'||!p[7]))
+ {
+ if (in_verbatim)
+ err ("%s:%d: nested \"@ifset manverb\"", fname, lnr);
+ else
+ in_verbatim = ifset_nesting;
+ }
+ else if (!strncmp (p, "gpgone", 6)
+ && (p[6]==' '||p[6]=='\t'||!p[6]))
+ {
+ if (in_gpgone)
+ err ("%s:%d: nested \"@ifset gpgone\"", fname, lnr);
+ else
+ in_gpgone = ifset_nesting;
+ }
+ continue;
+ }
+ else if (n == 4 && !memcmp (line, "@end", 4)
+ && (line[4]==' '||line[4]=='\t')
+ && !strncmp (p, "ifset", 5)
+ && (p[5]==' '||p[5]=='\t'||!p[5]))
+ {
+ if (in_verbatim && ifset_nesting == in_verbatim)
+ in_verbatim = 0;
+ if (in_gpgone && ifset_nesting == in_gpgone)
+ in_gpgone = 0;
+
+ if (ifset_nesting)
+ ifset_nesting--;
+ else
+ err ("%s:%d: unbalanced \"@end ifset\"", fname, lnr);
+ continue;
+ }
+ else if (n == 8 && !memcmp (line, "@ifclear", 8)
+ && (line[8]==' '||line[8]=='\t'))
+ {
+ ifclear_nesting++;
+
+ if (!strncmp (p, "gpgone", 6)
+ && (p[6]==' '||p[6]=='\t'||!p[6]))
+ {
+ if (not_in_gpgone)
+ err ("%s:%d: nested \"@ifclear gpgone\"", fname, lnr);
+ else
+ not_in_gpgone = ifclear_nesting;
+ }
+
+ else if (!strncmp (p, "isman", 5)
+ && (p[5]==' '||p[5]=='\t'||!p[5]))
+ {
+ if (not_in_man)
+ err ("%s:%d: nested \"@ifclear isman\"", fname, lnr);
+ else
+ not_in_man = ifclear_nesting;
+ }
+
+ continue;
+ }
+ else if (n == 4 && !memcmp (line, "@end", 4)
+ && (line[4]==' '||line[4]=='\t')
+ && !strncmp (p, "ifclear", 7)
+ && (p[7]==' '||p[7]=='\t'||!p[7]))
+ {
+ if (not_in_gpgone && ifclear_nesting == not_in_gpgone)
+ not_in_gpgone = 0;
+ if (not_in_man && ifclear_nesting == not_in_man)
+ not_in_man = 0;
+
+ if (ifclear_nesting)
+ ifclear_nesting--;
+ else
+ err ("%s:%d: unbalanced \"@end ifclear\"", fname, lnr);
+ continue;
+ }
+ }
+
+ /* Take action on ifset/ifclear. */
+ if ( (in_gpgone && !gpgone_defined)
+ || (not_in_gpgone && gpgone_defined)
+ || not_in_man)
+ continue;
+
+ /* Process commands. */
+ if (*line == '@')
+ {
+ if (skip_to_end
+ && n == 4 && !memcmp (line, "@end", 4)
+ && (line[4]==' '||line[4]=='\t'||!line[4]))
+ {
+ skip_to_end = 0;
+ }
+ else if (in_verbatim)
+ {
+ got_line = 1;
+ }
+ else if (n == 6 && !memcmp (line, "@macro", 6))
+ {
+ macroname = xstrdup (p);
+ macrovalue = xmalloc ((macrovaluesize = 1024));
+ macrovalueused = 0;
+ }
+ else if (n == 8 && !memcmp (line, "@manpage", 8))
+ {
+ free (*section_name);
+ *section_name = NULL;
+ finish_page ();
+ start_page (p);
+ in_pause = 0;
+ }
+ else if (n == 8 && !memcmp (line, "@mansect", 8))
+ {
+ if (!thepage.name)
+ err ("%s:%d: section outside of a man page", fname, lnr);
+ else
+ {
+ free (*section_name);
+ *section_name = ascii_strupr (xstrdup (p));
+ in_pause = 0;
+ skip_sect_line = 1;
+ }
+ }
+ else if (n == 9 && !memcmp (line, "@manpause", 9))
+ {
+ if (!*section_name)
+ err ("%s:%d: pausing outside of a man section", fname, lnr);
+ else if (in_pause)
+ err ("%s:%d: already pausing", fname, lnr);
+ else
+ in_pause = 1;
+ }
+ else if (n == 8 && !memcmp (line, "@mancont", 8))
+ {
+ if (!*section_name)
+ err ("%s:%d: continue outside of a man section", fname, lnr);
+ else if (!in_pause)
+ err ("%s:%d: continue while not pausing", fname, lnr);
+ else
+ in_pause = 0;
+ }
+ else if (n == 5 && !memcmp (line, "@menu", 5)
+ && (line[5]==' '||line[5]=='\t'||!line[5]))
+ {
+ skip_to_end = 1;
+ }
+ else if (n == 8 && !memcmp (line, "@include", 8)
+ && (line[8]==' '||line[8]=='\t'||!line[8]))
+ {
+ char *incname = xstrdup (p);
+ FILE *incfp = fopen (incname, "r");
+
+ if (!incfp && opt_include && *opt_include && *p != '/')
+ {
+ free (incname);
+ incname = xmalloc (strlen (opt_include) + 1
+ + strlen (p) + 1);
+ strcpy (incname, opt_include);
+ if ( incname[strlen (incname)-1] != '/' )
+ strcat (incname, "/");
+ strcat (incname, p);
+ incfp = fopen (incname, "r");
+ }
+
+ if (!incfp)
+ err ("can't open include file `%s':%s",
+ incname, strerror (errno));
+ else
+ {
+ parse_file (incname, incfp, section_name, in_pause);
+ fclose (incfp);
+ }
+ free (incname);
+ }
+ else if (n == 4 && !memcmp (line, "@bye", 4)
+ && (line[4]==' '||line[4]=='\t'||!line[4]))
+ {
+ break;
+ }
+ else if (!skip_to_end)
+ got_line = 1;
+ }
+ else if (!skip_to_end)
+ got_line = 1;
+
+ if (got_line && in_verbatim)
+ add_content (*section_name, line, 1);
+ else if (got_line && thepage.name && *section_name && !in_pause)
+ add_content (*section_name, line, 0);
+
+ }
+ if (ferror (fp))
+ err ("%s:%d: read error: %s", fname, lnr, strerror (errno));
+ free (macroname);
+ free (macrovalue);
+ free (line);
+}
+
+
+static void
+top_parse_file (const char *fname, FILE *fp)
+{
+ char *section_name = NULL; /* Name of the current section or NULL
+ if not in a section. */
+ while (macrolist)
+ {
+ macro_t next = macrolist->next;
+ free (macrolist->value);
+ free (macrolist);
+ macrolist = next;
+ }
+
+ parse_file (fname, fp, &section_name, 0);
+ free (section_name);
+ finish_page ();
+}
+
+
+int
+main (int argc, char **argv)
+{
+ int last_argc = -1;
+
+ opt_source = "GNU";
+ opt_release = "";
+
+ if (argc)
+ {
+ argc--; argv++;
+ }
+ while (argc && last_argc != argc )
+ {
+ last_argc = argc;
+ if (!strcmp (*argv, "--"))
+ {
+ argc--; argv++;
+ break;
+ }
+ else if (!strcmp (*argv, "--help"))
+ {
+ puts (
+ "Usage: " PGM " [OPTION] [FILE]\n"
+ "Extract man pages from a Texinfo source.\n\n"
+ " --source NAME use NAME as source field\n"
+ " --release STRING use STRING as the release field\n"
+ " --store write output using @manpage name\n"
+ " --select NAME only output pages with @manpage NAME\n"
+ " --verbose enable extra informational output\n"
+ " --debug enable additional debug output\n"
+ " --help display this help and exit\n"
+ " -I DIR also search in include DIR\n"
+ " -D gpgone the only useable define\n\n"
+ "With no FILE, or when FILE is -, read standard input.\n\n"
+ "Report bugs to <bugs@g10code.com>.");
+ exit (0);
+ }
+ else if (!strcmp (*argv, "--version"))
+ {
+ puts (PGM " " VERSION "\n"
+ "Copyright (C) 2005 g10 Code GmbH\n"
+ "This program comes with ABSOLUTELY NO WARRANTY.\n"
+ "This is free software, and you are welcome to redistribute it\n"
+ "under certain conditions. See the file COPYING for details.");
+ exit (0);
+ }
+ else if (!strcmp (*argv, "--verbose"))
+ {
+ verbose = 1;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--quiet"))
+ {
+ quiet = 1;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--debug"))
+ {
+ verbose = debug = 1;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--source"))
+ {
+ argc--; argv++;
+ if (argc)
+ {
+ opt_source = *argv;
+ argc--; argv++;
+ }
+ }
+ else if (!strcmp (*argv, "--release"))
+ {
+ argc--; argv++;
+ if (argc)
+ {
+ opt_release = *argv;
+ argc--; argv++;
+ }
+ }
+ else if (!strcmp (*argv, "--store"))
+ {
+ opt_store = 1;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--select"))
+ {
+ argc--; argv++;
+ if (argc)
+ {
+ opt_select = strrchr (*argv, '/');
+ if (opt_select)
+ opt_select++;
+ else
+ opt_select = *argv;
+ argc--; argv++;
+ }
+ }
+ else if (!strcmp (*argv, "-I"))
+ {
+ argc--; argv++;
+ if (argc)
+ {
+ opt_include = *argv;
+ argc--; argv++;
+ }
+ }
+ else if (!strcmp (*argv, "-D"))
+ {
+ argc--; argv++;
+ if (argc)
+ {
+ if (!strcmp (*argv, "gpgone"))
+ gpgone_defined = 1;
+ argc--; argv++;
+ }
+ }
+ }
+
+ if (argc > 1)
+ die ("usage: " PGM " [OPTION] [FILE] (try --help for more information)\n");
+
+ /* Start processing. */
+ if (argc && strcmp (*argv, "-"))
+ {
+ FILE *fp = fopen (*argv, "rb");
+ if (!fp)
+ die ("%s:0: can't open file: %s", *argv, strerror (errno));
+ top_parse_file (*argv, fp);
+ fclose (fp);
+ }
+ else
+ top_parse_file ("-", stdin);
+
+ return !!any_error;
+}
+
+
+/*
+Local Variables:
+compile-command: "gcc -Wall -g -Wall -o yat2m yat2m.c"
+End:
+*/
diff --git a/g10/ChangeLog-2011 b/g10/ChangeLog-2011
new file mode 100644
index 0000000..48a05ad
--- /dev/null
+++ b/g10/ChangeLog-2011
@@ -0,0 +1,11041 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2011-08-04 Werner Koch <wk@g10code.com>
+
+ * keyedit.c (show_key_with_all_names): Remove set but unused var
+ PK_VERION.
+ * sig-check.c (do_check): Remove set but unused var CTX.
+
+ * build-packet.c (do_user_id): Return RC.
+
+2011-07-29 Werner Koch <wk@g10code.com>
+
+ * tdbio.c (open_db): Do not print read-only warning in quiet mode.
+
+2011-07-22 Werner Koch <wk@g10code.com>
+
+ * parse-packet.c (parse_key): Print the decoded iteration count.
+ Fixes bug#1355.
+
+2011-07-01 Werner Koch <wk@g10code.com>
+
+ * keyid.c (pubkey_letter): Add letters e and E.
+
+2011-06-13 Werner Koch <wk@g10code.com>
+
+ * pkglue.c (mpi_from_sexp, pk_decrypt): Use GCRYMPI_FMT_USG for
+ gcry_sexp_nth_mpi. This fixes a problem with a recent bug fix in
+ Libgcrypt.
+
+2011-01-10 Werner Koch <wk@g10code.com>
+
+ * keygen.c (ask_user_id): Fix duplicate test for AMAIL by correct
+ ANAME. See bug#1307. Reported by Steve Grubb.
+
+ * import.c (import_keys_internal): Make loop code a bit more
+ readable. See bug#1307. Reported by Steve Grubb.
+
+ * sign.c (sign_file): Fix TEMP_HASHLEN computation. See bug#1307.
+ Reported by Steve Grubb.
+
+2010-10-29 David Shaw <dshaw@jabberwocky.com>
+
+ * pkclist.c (select_algo_from_prefs): Make sure the scores can't
+ overflow when picking an algorithm (not a security issue since we
+ can't pick something not present in all preference lists, but we
+ might pick something that isn't scored first choice).
+
+ * pkclist.c (select_algo_from_prefs): Slightly improve the
+ handling of MD5 in preference lists. Instead of replacing MD5
+ with SHA-1, just remove MD5 from the list altogether, and let the
+ next-highest ranked algorithm be chosen.
+
+2010-09-29 Werner Koch <wk@g10code.com>
+
+ * keygen.c (key_from_sexp): Fix memory leak in the error case.
+
+ * call-agent.c (agent_scd_pksign): Add missing space.
+
+2010-09-28 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ * options.skel: Make the example for force-v3-sigs match
+ reality (it has defaulted to off since 2007-10-25).
+
+2010-09-28 Werner Koch <wk@g10code.com>
+
+ * keyedit.c (show_key_with_all_names): Make revocation hint
+ more clear. Fixes bug#1234.
+
+ * call-agent.c (hash_algo_option): New.
+ (agent_scd_pksign): Use it.
+
+2010-07-20 Werner Koch <wk@g10code.com>
+
+ * mainproc.c (print_pkenc_list): Print a STATUS_ERROR. Fixes
+ bug#1255.
+
+2010-06-18 Werner Koch <wk@g10code.com>
+
+ * parse-packet.c (skip_packet, parse_gpg_control): Take care of
+ premature EOFs. Backport from trunk.
+
+2010-06-17 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main): Use CAST5 as default s2k algo. The macro
+ USE_CAST5 was only used with GnuPG 1.x.
+
+2010-05-12 Werner Koch <wk@g10code.com>
+
+ * armor.c (radix64_read): Change fix 2006-04-28 to fix bug#1179.
+
+ * plaintext.c (handle_plaintext): Check return code of fflush.
+ Fixes bug#1207.
+
+2010-05-07 Werner Koch <wk@g10code.com>
+
+ * import.c (chk_self_sigs): Check direct key signatures. Fixes
+ bug#1223.
+ (fix_bad_direct_key_sigs): New.
+ (import_one): Use it here.
+
+ * import.c (chk_self_sigs): Re-indent and slighly re-arrange code.
+ Use test macros for the sig class.
+
+2010-03-12 Werner Koch <wk@g10code.com>
+
+ * plaintext.c (setup_plaintext_name): Do not encode pipe like
+ filenames. This helps with bug#1201.
+
+ * seckey-cert.c (do_check): Return GPG_ERR_CANCELED.
+ * keyedit.c (change_passphrase): Add arg R_ERR.
+ (keyedit_passwd): Return the correct error or emit a success
+ status message.
+
+2010-02-25 Werner Koch <wk@g10code.com>
+
+ * sign.c (hash_for): Force SHA1 only for v1 OpenPGP cards. Fixes
+ bug#1194.
+
+2010-02-17 Werner Koch <wk@g10code.com>
+
+ * keygen.c (ask_user_id): Avoid infinite loop in case of invalid
+ data. Fixes bug#1186.
+
+2010-02-11 Marcus Brinkmann <marcus@g10code.de>
+
+ From trunk 2009-09-23, 2009-11-02, 2009-11-25:
+
+ * call-agent.c: Include "scdaemon.h" before <assuan.h> because of
+ GPG_ERR_SOURCE_DEFAULT check.
+ (learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
+ (learn_status_cb, inq_writecert_parms, inq_writekey_parms)
+ (scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
+ int.
+ * gpg.c: Include "scdaemon.h" before <assuan.h> because of
+ GPG_ERR_SOURCE_DEFAULT check.
+ (main): Update to new Assuan API.
+ * server.c: Include "scdaemon.h" before <assuan.h> because of
+ GPG_ERR_SOURCE_DEFAULT check.
+ (reset_notify, input_notify, output_notify): Update to
+ new assuan interface.
+ (option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
+ (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
+ (cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
+ (cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
+ instead of int.
+ (register_commands): Allocate assuan context before starting
+ server. Use assuan_handler_t. Add NULL arg to
+ assuan_register_command.
+ (gpg_server): Allocate assuan_context before starting server.
+ Use assuan_fd_t and assuan_fdopen on fds.
+
+2010-02-02 Werner Koch <wk@g10code.com>
+
+ * card-util.c (card_edit): Change prompt to "gpg/card".
+ * keyedit.c (keyedit_menu): Change prompt to "gpg".
+
+2010-01-11 Werner Koch <wk@g10code.com>
+
+ * gpg.c: Add option --passwd.
+ (aPasswd): New.
+ (main): Implement.
+ * keyedit.c (keyedit_passwd): New.
+
+ * gpg.c (oPasswd, oPasswdFD, oPasswdFile, oPasswdRepeat): Change
+ to oPassphrase, oPassphraseFD, oPassphraseFile, oPassphraseRepeat.
+ * options.h (struct): s/passwd_repeat/passphrase_repeat/.
+ * gpg.c (main): Ditto.
+ * passphrase.c (passphrase_to_dek_ext): Ditto.
+
+2009-12-21 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main): Add dummy options --skip-hidden-recipients and no
+ variant.
+
+ * call-agent.c (agent_get_s2k_count): New.
+ * gpg.c (main): Set s2k_count to 0.
+ * (encode_s2k_iterations): Move ...
+ * passphrase.c (encode_s2k_iterations): ... here. Call
+ agent_get_s2k_count if called with a 0 arg.
+ (passphrase_to_dek_ext): Set S2K_COUNT via encode_s2k_iterations.
+
+2009-12-17 Werner Koch <wk@g10code.com>
+
+ * sig-check.c (do_check_messages): Evaluate the HAS_EXPIRED flag.
+ Fixes bug#1059.
+
+2009-12-15 Werner Koch <wk@g10code.com>
+
+ * tdbio.c (tdbio_set_dbname): Do not call log_fatal after creating
+ the directory. Fixes bug#1169. Reported by Daniel Leidert.
+
+2009-12-04 Werner Koch <wk@g10code.com>
+
+ * keygen.c (DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE): New.
+ (ask_keysize): Use new macro.
+ (gen_rsa): Set default size if NBITS is 0.
+ (get_parameter_algo): Add algo name "default". Add arg R_DEFAULT.
+ (proc_parameter_file): Process default flag.
+
+2009-12-03 Werner Koch <wk@g10code.com>
+
+ * gpg.c (set_debug): Allow for numerical debug levels. Print
+ active debug flags.
+
+ * gpg.c (gpgconf_list): Add key "default_pubkey_algo".
+
+2009-09-28 Werner Koch <wk@g10code.com>
+
+ * trustdb.c (get_validity_info): Take care of a NULL PK. Fixes
+ bug#1138.
+ (get_validity_string): Ditto.
+
+2009-09-25 Werner Koch <wk@g10code.com>
+
+ * pkglue.c (pk_sign, pk_verify, pk_encrypt, pk_decrypt)
+ (pk_check_secret_key): Allow deprecated RSA identifiers 2 and 3.
+ Fixes bug#1139.
+
+2009-09-04 Werner Koch <wk@g10code.com>
+
+ * keyedit.c (menu_select_uid): Use IDX ==-1 t select all.
+ (menu_select_key): Ditto.
+ (keyedit_menu) <cmdSELKEY, cmdSELUID>: Allow '*' to select all.
+
+2009-09-03 Werner Koch <wk@g10code.com>
+
+ * keyedit.c (menu_adduid): Pass keyblock to generate_user_id.
+ * keygen.c (generate_user_id): Add arg KEYBLOCK. Factor code out
+ to ...
+ (uid_from_string): ... new.
+ (ask_user_id): Add arg KEYBLOCK and check for duplicates. Fix
+ bug#1122.
+
+ * Makefile.am (uninstall-local): New.
+
+ * compress-bz2.c (do_uncompress): Detect unexpected EOF. Fix
+ bug#1011.
+
+2009-08-26 Werner Koch <wk@g10code.com>
+
+ * keyedit.c (menu_revsig): Check for signature right away. Fix
+ Debian-bug#543530.
+
+2009-08-20 Daiki Ueno <ueno@unixuser.org>
+
+ * mainproc.c (proc_encrypted): Clear passphrase cached with S2K
+ cache ID if decryption failed.
+ * passphrase.c (passphrase_to_dek_ext): Set dek->s2k_cacheid.
+ * gpgv.c (passphrase_clear_cache): New stub.
+
+2009-08-11 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (get_serialno_cb): New. From ../agent/call-scd.c.
+ (gpg_agent_get_confirmation): New.
+ (select_openpgp): New.
+ (agent_scd_pkdecrypt, agent_scd_pksign): Use it here.
+
+2009-08-06 Werner Koch <wk@g10code.com>
+
+ * skclist.c (build_sk_list): Print INV_SGNR status line.
+ * seckey-cert.c (do_check): Return G10ERR_UNU_SECKEY instead of
+ general error.
+
+2009-08-05 Werner Koch <wk@g10code.com>
+
+ * card-util.c: Enable readline support also in GnuPG-2.
+
+ * call-agent.c (agent_learn): Always select the card first.
+
+ * gpg.c: Add --key-edit alias.
+
+ * call-agent.c (scd_genkey_cb): Forward progress status lines.
+
+ * card-util.c (generate_card_keys): Remove special case for
+ GnuPG-2. Ask for the keysize and change it.
+ (card_generate_subkey): Ask for the keysize and change it.
+ (get_info_for_key_operation): Read KEY-ATTR.
+ (show_keysize_warning, ask_card_keysize): New.
+ (do_change_keysize): New.
+
+2009-07-31 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.c (main): --pgp6 includes --disable-mdc.
+
+2009-07-23 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (keyserver_import_ldap): Try a DNS-SD lookup to find
+ a domain-specific LDAP server before resorting to keys.{domain}.
+
+2009-07-22 Werner Koch <wk@g10code.com>
+
+ * card-util.c (generate_card_keys): Ask for off-card keys only if
+ the card supports it.
+ (get_info_for_key_operation): Read EXTCAP.
+ (card_store_subkey): Check for non matching sizes.
+
+ * call-agent.h (struct agent_card_info_s): Add field EXTCAP.
+ * call-agent.c (agent_learn): Use a direct SCD command.
+ (did_early_card_test): New.
+ (start_agent): Perform an early test for the card. Add arg FOR_CARD.
+ (status_sc_op_failure): New.
+ (agent_scd_setattr, agent_scd_writekey, agent_scd_genkey)
+ (agent_scd_pksign, agent_scd_pkdecrypt, agent_scd_change_pin)
+ (agent_scd_checkpin): Call new function.
+ (learn_status_cb): Parse KEY_TIME and EXTCAP.
+
+ * gpg.c (main) <aFixTrustDB>: Show commands to run.
+ * trustdb.c (how_to_fix_the_trustdb): New.
+ * tdbio.c (tdbio_invalid): Show commands to re-create the trustdb.
+ Fixes bug#929.
+
+2009-07-20 Werner Koch <wk@g10code.com>
+
+ * keygen.c (generate_keypair): Allow Elgamal > 3072 in BOTH mode.
+ Reported by Jeroen Schot. Fixes bug#1091.
+
+2009-07-17 Werner Koch <wk@g10code.com>
+
+ * keyring.c (keyring_rebuild_cache): Replace the assert by a
+ proper error message and allow to delete a bad keyblock.
+
+2009-07-13 Werner Koch <wk@g10code.com>
+
+ * exec.c: Fix function name indentation.
+ (expand_args): Simplify by using membuf functions.
+ (exec_write): Fix memory leak on error.
+ (w32_system): Use DETACHED_PROCESS so that a new console is not
+ created.
+
+2009-07-09 Werner Koch <wk@g10code.com>
+
+ * card-util.c (card_store_subkey): Do not restrict to 1024 bit keys.
+ Print an error message on write errors.
+
+ * gpg.c (main): Remove the SHA-1 default from the personal digest
+ list. This was used in the past as a hack to avoid preferring
+ RMD-160.
+
+ * keygen.c (keygen_set_std_prefs): Remove RMD-160 from the list.
+ Change order to SHA-256, SHA-1, SHA-384, SHA-512, SHA-224.
+ (gen_dsa): Use a 256 bit Q for 2048 bit P. Round to FIPS allowed
+ values in non-expert mode.
+
+2009-07-07 Werner Koch <wk@g10code.com>
+
+ * gpg.c (set_opt_session_env): New.
+ (main): Allocate opt.session_env. Use it for oDisplay, oTTYname,
+ oTTYtype and oXauthority.
+
+ * options.h: Include session_env.h.
+ (opt): Add field SESSION_ENV, remove obsolete fields.
+
+ * call-agent.c (start_agent): Adjust start_new_gpg_agent for
+ changed args.
+
+2009-06-24 Werner Koch <wk@g10code.com>
+
+ * keyedit.c (menu_select_key): Remove dead assign to I.
+ (menu_select_uid): Ditto.
+ * keyring.c (keyring_search): Remove dead assign to NAME.
+ * card-util.c (card_edit): Remove useless DID_CHECKPIN.
+ * call-agent.c (unhexify_fpr): Remove dead op on N.
+ * passphrase.c (passphrase_to_dek_ext): Do not deref a NULL PW.
+ * revoke.c (gen_revoke): Remove unused malloc of PK.
+ * parse-packet.c (mpi_read): Init NREAD.
+ Reported by Fabian Keil.
+
+2009-06-17 Werner Koch <wk@g10code.com>
+
+ * parse-packet.c (parse): Use a casted -1 instead of a 32 bit
+ constant to check for a garbled package. Fixes bug#1040.
+
+ * card-util.c (put_data_to_file, read_cert): New.
+ (card_edit): Add command "readcert".
+ (fetch_url): Allow code also for this gnupg major version 2.
+ * call-agent.c (agent_scd_readcert): New.
+
+2009-06-15 Werner Koch <wk@g10code.com>
+
+ * keyserver.c (keyserver_search_prompt): No prompt in batch+colons
+ mode.
+
+2009-06-09 Werner Koch <wk@g10code.com>
+
+ * card-util.c (write_sc_op_status): New.
+ (change_pin): Use it.
+ (change_url, change_login, change_private_do, change_cert)
+ (change_lang, change_sex, change_cafpr, toggle_forcesig)
+ (check_pin_for_key_operation): Ditto.
+
+2009-06-05 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.c (main), misc.c (openpgp_cipher_test_algo): Remove Camellia
+ restriction.
+
+ * misc.c (map_cipher_openpgp_to_gcry), main.h: Add macros for
+ openpgp_cipher_open, openpgp_cipher_get_algo_keylen, and
+ openpgp_cipher_get_algo_blklen to wrap around the corresponding
+ gcry_* functions, but pass the algorithm number through
+ map_cipher_openpgp_to_gcry. This is needed in case the gcry
+ algorithm number doesn't match the OpenPGP number (c.f. Camellia).
+
+ * encr-data.c, pubkey-enc.c, mainproc.c, cipher.c, encode.c,
+ seskey.c, passphrase.c, seckey-cert.c: Use new openpgp_cipher_*
+ macros here.
+
+2009-06-02 Werner Koch <wk@g10code.com>
+
+ * card-util.c (get_manufacturer): Add new manufacturer.
+
+2009-05-26 Werner Koch <wk@g10code.com>
+
+ * parse-packet.c (mpi_read): Workaround for zero-length MPI bug in
+ libgcrypt<1.5.0.
+
+2009-05-22 Werner Koch <wk@g10code.com>
+
+ * signal.c (got_fatal_signal): Call new function
+ tty_cleanup_after_signal.
+
+2009-05-20 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main): Fix --fingerprint/--with-fingerprint command
+ detection. Fixes bug#1044.
+
+ * keygen.c (ask_keysize): Allow selection of DSA key size even
+ without --enable-dsa2.
+ (gen_dsa): Remove size check.
+
+ * keygen.c (ask_key_flags): Fix bug in the translation check.
+ Fixes bug#1056.
+
+2009-05-18 Daiki Ueno <ueno@unixuser.org> (wk)
+
+ * encode.c (encode_simple): Tell passphrase_to_dek to cache
+ the passphrase.
+ (setup_symkey): Ditto.
+ * mainproc.c (proc_symkey_enc): Tell passphrase_to_dek to cache
+ the passphrase.
+ (proc_encrypted): Ditto.
+ * passphrase.c (hash_passphrase): Remove arg CREATE.
+ (passphrase_to_dek): New mode 3 and 4 for caching passphrase for
+ symmetric encryption.
+
+2009-05-17 Werner Koch <wk@g10code.com>
+
+ * keygen.c (ask_algo): Add arg R_SUBKEY_ALGO. Change return value
+ semantics. Change presented order of algorithms. Make RSA+RSA
+ the default.
+ (generate_keypair): Adjust for change.
+ (ask_keysize): Add arg PRIMARY_KEYSIZE for subkey creation.
+ Change callers.
+
+2009-05-15 Werner Koch <wk@g10code.com>
+
+ * keygen.c (gen_card_key_with_backup): Get the size of the key
+ from the card.
+ * call-agent.h (struct agent_card_info_s): Add field KEY_ATTR.
+ * call-agent.c (learn_status_cb): Support KEY-ATTR.
+ * card-util.c (card_status): Print key attributes.
+
+2009-05-15 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpg.c (gpgconf_list): Remove dead entry "allow-pka-lookup" (a
+ verify option for a couple of years now).
+
+2009-05-14 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (agent_get_passphrase): Add arg CHECK.
+ * passphrase.c (passphrase_get): Pass new arg.
+
+ * keygen.c (gen_card_key_with_backup): Print a status error.
+ (do_generate_keypair): Ditto.
+ (do_ask_passphrase): Add arg MODE.
+ (generate_raw_key): Call with mode 1.
+ * passphrase.c (ask_passphrase): Remove becuase it is not used.
+ (passphrase_to_dek): Factor code out to ...
+ (passphrase_to_dek_ext): .. New. Add args CUSTDESC and CUSTPROMPT.
+
+2009-05-13 Werner Koch <wk@g10code.com>
+
+ * keygen.c (parse_expire_string): Base ISO date string at noon.
+ Also allow full ISO timestamp.
+
+2009-05-11 Werner Koch <wk@g10code.com>
+
+ * parse-packet.c (parse_key): Print the key id in list mode.
+
+ * skclist.c (build_sk_list): Use log_info for "duplicated entry".
+ Fixes bug#1045.
+
+ * encode.c (encode_simple): Print empty file warning only in
+ verbose mode. Closes bug#1039.
+ (encode_crypt): Ditto.
+ * sign.c (write_plaintext_packet): Ditto.
+
+2009-05-10 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (keyserver_typemap): gpgkeys_hkp handles hkps as
+ well. From 1.4.
+
+2009-05-06 Werner Koch <wk@g10code.com>
+
+ * getkey.c (finish_lookup): Remove dead code.
+
+ * keyring.c (keyring_get_keyblock): Fix memory leak due to ring
+ trust packets. Fixes bug#1034.
+
+2009-04-03 Werner Koch <wk@g10code.com>
+
+ * gpgv.c (main): Open keyrings readonly.
+ * keydb.c (keydb_add_resource): Add readonly flag bit.
+ (keydb_rebuild_caches): Don't act on readonly resources.
+
+ * keyring.c (keyring_register_filename): Add arg READONLY.
+ (struct keyring_name): Add field READONLY.
+ (keyring_is_writable): Implement readonly feature.
+ (keyring_update_keyblock): Return GPG_ERR_EACCES for readonly
+ keyrings.
+ (keyring_insert_keyblock, keyring_delete_keyblock):
+
+2009-04-01 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main): Properly handle UTF8 usernames with --sign-key and
+ --lsign-key. From 1.4, David 2008-12-21.
+
+2009-03-20 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ * keyring.c (rename_tmp_file): Force a fsync (via iobuf_ioctl) on
+ secret keyring files to be extra safe on filesystems that may not
+ sync data and metadata together (ext4). Also check return code
+ from the cache invalidation to make sure we're safe over NFS and
+ similar.
+
+2009-03-31 Werner Koch <wk@g10code.com>
+
+ * passphrase.c (ask_passphrase): Use percent_plus_unescape.
+ * misc.c (unescape_percent_string): Remove.
+
+ * call-agent.c (unescape_status_string): Chnage to use
+ percent_plus_unescape.
+
+2009-03-25 Werner Koch <wk@g10code.com>
+
+ * mainproc.c (print_pkenc_list): Use snprintf.
+
+2009-03-17 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (my_percent_plus_escape): Remove.
+ (agent_get_passphrase): Rewrite using percent_plus_escape.
+
+2009-03-17 Daiki Ueno <ueno@unixuser.org>
+
+ * passphrase.c (passphrase_get): Add extra arg REPEAT and adjust
+ callers; remove special treatment for MODE==2.
+ (passphrase_to_dek): Move --passphrase-repeat handling to
+ gpg-agent.
+
+ * call-agent.c (agent_get_passphrase): Add extra arg REPEAT.
+ * call-agent.h: Ditto.
+
+2009-03-16 Werner Koch <wk@g10code.com>
+
+ * gpg.c (my_strusage): Revert last change. Systems w/o a gpg1 may,
+ and actually do, install gpg2 as gpg.
+ * gpgv.c (my_strusage): Ditto.
+
+2009-03-14 David Shaw <dshaw@jabberwocky.com>
+
+ * gpg.c (my_strusage): gpg2 and gpgv2 (not gpg and gpgv).
+ * gpgv.c (my_strusage): Same.
+
+ * gpgv.c (my_strusage): Fix name of program in "Syntax" line.
+
+2009-02-27 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (agent_scd_pksign, agent_scd_pkdecrypt): First send
+ the SERIALNO command.
+
+2009-02-24 Werner Koch <wk@g10code.com>
+
+ * pkglue.c (pk_verify): Return an error for improper DATA instead
+ of calling BUG().
+
+2009-02-09 Werner Koch <wk@g10code.com>
+
+ * keylist.c (print_capabilities): Take care of cert-only keys.
+ Fixes bug#998.
+ * keyedit.c (show_key_with_all_names_colon): Print the capabilities.
+
+2009-01-26 Werner Koch <wk@g10code.com>
+
+ * card-util.c (card_status): Detect a Geldkarte.
+
+2009-01-13 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (dummy_data_cb): New.
+ (agent_learn): Use it.
+ * card-util.c (card_status): Print type of non-OpenPGP card.
+ * call-agent.h (agent_card_info_s): Add field APPTYPE.
+
+2009-01-12 Werner Koch <wk@g10code.com>
+
+ * getkey.c (finish_lookup): Take care of keys with a zero
+ timestamp. Reported by Peter Gutmann.
+
+2009-01-08 Werner Koch <wk@g10code.com>
+
+ * misc.c (has_invalid_email_chars): Let non-ascii pass through.
+
+ * cpr.c [USE_SHM_COPROCESSING]: Remove this code.
+
+2008-12-12 Werner Koch <wk@g10code.com>
+
+ * passphrase.c (passphrase_get): Write a STATUS_ERROR.
+ * cpr.c (write_status_error): New.
+
+ * Makefile.am (common_source): Add rmd160.h.
+
+2008-12-11 Werner Koch <wk@g10code.com>
+
+ * sig-check.c (signature_check2): Change algorithm used to compute
+ the SIG_ID.
+ (check_revocation_keys): Close message digest.
+
+ * rmd160.c, rmd160.h: New. Based on code from GnuPG-1.4.
+ * t-rmd160.c: New.
+ * Makefile.am: Add support to run tests.
+ * keyid.c (namehash_from_uid): Use rmd160_hash_buffer.
+
+2008-12-10 Werner Koch <wk@g10code.com>
+
+ * trustdb.h (NAMEHASH_HASH): Remove unsued constant.
+
+ * gpg.c (print_mds): Print RMD160 only is enabled.
+
+ * keygen.c (keygen_set_std_prefs): Include RMD160 only if
+ available.
+
+2008-12-09 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main) [IS_DEVELOPMENT_VERSION]: Fix strusage use.
+
+2008-12-09 Werner Koch <wk@g10code.com>
+
+ * keygen.c (proc_parameter_file): Check that key and subkey usages
+ are allowed.
+
+2008-12-09 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ * trustdb.c (validate_one_keyblock): Fix the trust signature
+ calculations so that we lower the trust depth of signatures to fit
+ within the current chain, rather than discarding any signature
+ that does not fit within the trust depth.
+
+2008-12-09 Werner Koch <wk@g10code.com>
+
+ * keyserver.c (show_prompt): Flush stdout.
+
+ * gpg.c (open_info_file): Add arg BINARY and adjust callers.
+
+ * gpg.c (main): Call i18n_init before init_common_subsystems.
+ * gpgv.c (main): Ditto.
+
+ * keylist.c (set_attrib_fd): Do not close ATTRIB_FP if it is the
+ log stream.
+ (set_attrib_fd) [W32]: Set to binary mode.
+ (dump_attribs): Flush the stream after writing.
+
+2008-12-05 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (percent_plus_escape): Rename to
+ my_percent_plus_escape and also escape the percent character.
+ Change all callers.
+
+2008-11-18 Werner Koch <wk@g10code.com>
+
+ * gpg.c (build_lib_list): Remove.
+ (make_libversion): New.
+ (my_strusage): Use it.
+ * gpgv.c (make_libversion): New.
+ (my_strusage): Print libgcrypt version.
+
+2008-11-13 Werner Koch <wk@g10code.com>
+
+ * gpgv.c: Use new ARGPARSE macros and re-indent.
+
+2008-11-11 Werner Koch <wk@g10code.com>
+
+ * gpg.c (opts): Use new ARGPARSE macros for clarity.
+
+2008-10-24 Werner Koch <wk@g10code.com>
+
+ * keyedit.c (change_passphrase): Clear passphrase cache.
+
+2008-10-20 Werner Koch <wk@g10code.com>
+
+ * gpgv.c: Mark all args of the stub fucntions as unused.
+
+ * card-util.c (generate_card_keys): Remove unused arg SERIALNO and
+ adjust caller.
+
+ * build-packet.c (write_sign_packet_header): Mark unused arg.
+ * gpg.c (gpg_init_default_ctrl, gpg_deinit_default_ctrl): Ditto.
+ * getkey.c (skip_unusable): Ditto.
+ (write_version): Ditto.
+ * keydb.c (keydb_locate_writable): Ditto.
+ * keyring.c (update_offset_hash_table): Ditto.
+ (keyring_lock): Ditto.
+ * misc.c (register_secured_file): Ditto.
+ (unregister_secured_file): Ditto.
+ (is_secured_file): Ditto.
+ (is_secured_filename): Ditto.
+ * parse-packet.c (parse_marker): Ditto.
+ (parse_key, parse_attribute): Ditto.
+ (parse_trust, parse_compressed, parse_mdc, parse_gpg_control): Ditto.
+ * cpr.c (progress_cb): Ditto.
+ * passphrase.c (passphrase_clear_cache): Ditto.
+ (ask_passphrase): Ditto.
+ * keyedit.c (keyedit_completion): Ditto.
+ * import.c (import_revoke_cert): Ditto.
+ (chk_self_sigs, delete_inv_parts, append_uid): Ditto.
+ (merge_sigs, merge_keysigs, append_key): Ditto.
+ * trustdb.c (list_trust_path): Ditto.
+ (enum_cert_paths, enum_cert_paths_print): Ditto.
+ * tdbdump.c (list_trustdb): Ditto.
+ * keygen.c (keygen_upd_std_prefs): Ditto.
+ (genhelp_factors): Ditto.
+ * call-agent.c (agent_scd_setattr): Ditto.
+ (agent_scd_writekey, agent_scd_change_pin, agent_scd_genkey): Ditto.
+ (agent_clear_pin_cache): Ditto.
+
+ * server.c (option_handler): Mark non yet used arg.
+ (input_notify, output_notify): Ditto.
+ (cmd_recipient, cmd_signer, cmd_encrypt, cmd_decrypt, cmd_verify)
+ (cmd_sign, cmd_import, cmd_export, cmd_delkeys, do_listkeys)
+ (cmd_genkey): Ditto.
+ * verify.c (gpg_verify): Ditto.
+
+2008-10-17 Werner Koch <wk@g10code.com>
+
+ * main.h (idea_cipher_warn): Use do while construct in place of an
+ empty definition.
+
+2008-10-03 David Shaw <dshaw@jabberwocky.com>
+
+ * main.h, mainproc.c (check_sig_and_print)
+ * keylist.c (list_keyblock_print)
+ * pkclist.c (do_edit_ownertrust)
+ * keyedit.c (menu_showphoto)
+ * photoid.c (generate_photo_id, show_photos)
+ * misc.c (pct_expando): Add %v and %V expandos so
+ that displaying photo IDs can show the attribute validity
+ tag (%v) and string (%V). Originally by Daniel Gillmor.
+
+2008-09-29 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main): Remove -sat kludge. Note that we printed a
+ warning for two years.
+
+ * seskey.c (encode_md_value): Remove extra gcry_md_test_algo since
+ it is not needed with Libgcrypt 1.4.
+ * skclist.c (random_is_faked): Simplify.
+ * sign.c (match_dsa_hash): Remove runtime check for SHA224.
+ * gpg.c (print_mds): Use GCRY_MD_SHA224 constant.
+
+2008-09-25 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (keyedit_menu): Fix bug where a modified keyring loses
+ its modified status after a "clean" or "minimize" that doesn't
+ need to do anything.
+
+2008-09-25 Werner Koch <wk@g10code.com>
+
+ * parse-packet.c (parse): Remove special treatment for compressed
+ new style packets. Fixes bug#931.
+
+ * card-util.c (change_pin): Support setting of the reset code.
+
+2008-09-24 Werner Koch <wk@g10code.com>
+
+ * call-agent.h (struct agent_card_info_s): Add field IS_V2.
+ * call-agent.c (learn_status_cb): That that field.
+
+ * card-util.c (change_pin): Rename first arg to UNBLOCK_v2 and use
+ it this way.
+ (card_edit): Add new command UNBLOCK.
+
+2008-09-23 David Shaw <dshaw@jabberwocky.com>
+
+ * pkclist.c (select_algo_from_prefs): Redo function to rank prefs
+ and pick a consensus winner across all keys.
+
+2008-09-16 Werner Koch <wk@g10code.com>
+
+ * card-util.c (fpr_is_ff): New.
+ (card_status): Do not print general key info for an all-ff fpr.
+ (change_login, change_private_do): Factor common code out to ...
+ (get_data_from_file): .. new.
+ (change_cert): New.
+ (card_edit): Add command "writecert".
+ * call-agent.c (writecert_parm_s): New.
+ (inq_writecert_parms, agent_scd_writecert): New.
+
+2008-09-04 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (keyserver_import_cert): Allow keyserver URLs in
+ addition to full URLs in CERT records.
+
+2008-08-11 Werner Koch <wk@g10code.com>
+
+ * keygen.c (ask_expire_interval): Check for time overflow of an
+ u32. Fixes bug #947.
+
+2008-08-01 Werner Koch <wk@g10code.com>
+
+ * tdbio.c (open_db) [!EROFS]: Move closing parens out of the
+ ifdef. Reported by Ken Takusagawa.
+
+2008-06-25 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpg.c (enum cmd_and_opt_values): Remove option
+ oEnableW32HandleTranslation.
+ (opts): Remove option --enable-w32-handle-translation.
+ (main): Remove variable w32_handle_translation.
+
+2008-06-19 Werner Koch <wk@g10code.com>
+
+ * gpg.c (gpgconf_list): Add "group".
+
+2008-06-18 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpg.c (enum cmd_and_opt_values): New option
+ oEnableW32HandleTranslation.
+ (opts): New option --enable-w32-handle-translation.
+ (main): New variable w32_handle_translation to keep track of
+ option.
+
+2008-06-16 Werner Koch <wk@g10code.com>
+
+ * keygen.c (output_control_s): Add ASK_PASSPHRASE.
+ (read_parameter_file): Add commands %ask-passphrase and
+ %no-ask-passphrase.
+
+2008-06-11 Werner Koch <wk@g10code.com>
+
+ * gpg.c: Make --fixed-list-mode a dummy.
+ * options.h (struct): Removed FIXED_LIST_MODE.
+ * keyid.c (colon_strtime, colon_datestr_from_pk)
+ (colon_datestr_from_sk, colon_datestr_from_sig)
+ (colon_expirestr_from_sig): Remove fixed_list_mode case.
+ * keylist.c (list_keyblock_colon): Ditto. Remove all now unsed
+ code and reindent.
+
+2008-05-31 Werner Koch <wk@g10code.com>
+
+ * keygen.c (ask_user_id): Change the string printed as header of
+ the user ID generation. Use code to not break existing
+ translations. Suggested by Eric Tetz.
+
+2008-05-08 Werner Koch <wk@g10code.com>
+
+ * sig-check.c (do_check_messages): Print a revocation diagnostic
+ in verbose mode.
+
+2008-05-07 Werner Koch <wk@g10code.com>
+
+ * gpg.c: New command --locate-keys. New options --with-sig-list
+ and --with-sig-check.
+ * keylist.c (locate_one): New.
+ (public_key_list): Add arg LOCATE_MODE and use locate_one.
+ * getkey.c (get_pubkey_byname): Fix nodefault case. Add option
+ RETCTX, change all callers.
+ (struct getkey_ctx_s): Add field extra_ptr;
+ (get_pubkey_end): Free it.
+
+2008-04-18 Werner Koch <wk@g10code.com>
+
+ * misc.c (map_cipher_openpgp_to_gcry, map_cipher_gcry_to_openpgp)
+ (openpgp_cipher_test_algo): Add camellia-192.
+ (openpgp_cipher_blocklen): New.
+ * parse-packet.c (parse_key): Use new function here.
+
+2008-04-15 David Shaw <dshaw@jabberwocky.com>
+
+ * getkey.c (merge_selfsigs_subkey): If there are multiple 0x19
+ backsigs, take the most recent one.
+
+2008-04-08 Werner Koch <wk@g10code.com>
+
+ * options.h (opt): Add AKL_NODEFAULT and AKL_LOCAL.
+ * getkey.c (parse_auto_key_locate): Parse them.
+ (get_pubkey_byname): Implement them. Add arg NO_AKL and use that
+ in all cases where a local key is expected.
+ * import.c (import_one): Fill in the fingerprint in all cases.
+ Use log_get_stream.
+ * keyserver.c (keyserver_import_pka): Set FPR to NULL on error.
+ Return G10ERR_NO_PUBKEY if no PKA info is available or no key URI
+ is given in the PKA record..
+ (keyserver_import_cert): Return G10ERR_NO_PUBKEY if a CERT record
+ was not found.
+
+ * getkey.c (get_pubkey_byname): Release FPR in the error case.
+ Continue with next mechanism on error. Better diagnostics.
+
+2008-04-07 Werner Koch <wk@g10code.com>
+
+ * keyserver.c (parse_keyserver_uri): Allow a default host name.
+
+ * getkey.c (get_pubkey_byname): Replace sprintf by bin2hex.
+
+2008-04-02 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main): Do not allow DSA2 with a too old Libgcrypt.
+
+2008-03-26 Werner Koch <wk@g10code.com>
+
+ * tdbio.c (lookup_hashtable): Make cmp args const.
+ (cmp_trec_fpr): Make FPR const.
+ (tdbio_search_trust_byfpr): Remove cast.
+
+2008-03-25 Werner Koch <wk@g10code.com>
+
+ * keyserver.c (parse_keyrec): Take care of char defaulting to
+ unsigned when using hextobyte.
+
+2008-03-25 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ * import.c (collapse_uids): Fix bug 894: possible memory
+ corruption around deduplication of user IDs.
+
+2008-03-25 Werner Koch <wk@g10code.com>
+
+ * parse-packet.c (parse_key): Parse a secret key encrypted with
+ Camellia.
+
+ * options.skel: Make the default keyserver keys.gnupg.net.
+
+2008-03-18 Werner Koch <wk@g10code.com>
+
+ * seckey-cert.c (do_check): Use GCRYMPI_FMT_PGP for v3 keys.
+ Reported by Petr Cerny.
+
+2008-03-13 Werner Koch <wk@g10code.com>
+
+ * passphrase.c (PROMPTSTRING): Change string to me more similar to
+ the X.509 prompt.
+
+2008-02-26 Werner Koch <wk@g10code.com>
+
+ * getkey.c (get_pubkey_byname): Fix comment.
+
+2008-02-14 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (default_inq_cb): New.
+ (agent_learn, agent_scd_getattr, agent_scd_pksign)
+ (agent_scd_pkdecrypt, agent_scd_change_pin, agent_scd_checkpin)
+ (agent_get_passphrase, agent_clear_passphrase): Use new callback.
+ (inq_writekey_parms): Fall back to the new callback for other
+ inquiries.
+ (start_agent): Tell agent that we accept pinentry notifications.
+
+2008-02-11 Werner Koch <wk@g10code.com>
+
+ * server.c (cmd_getinfo): New.
+ (register_commands): Register GETINFO.
+
+2008-02-09 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpg.c (main): New variable default_configname. Use it if
+ save_configname is NULL (can happen if default configfile does
+ not exist). Move default configname determination to ...
+ (get_default_configname): ... this new function.
+
+2008-01-30 Werner Koch <wk@g10code.com>
+
+ * keydb.c (maybe_create_keyring): Fixed last change.
+ * tdbio.c (tdbio_set_dbname): Also test for forward slash.
+
+2008-01-29 Werner Koch <wk@g10code.com>
+
+ * keydb.c (maybe_create_keyring): Take care of a missing slash.
+ (maybe_create_keyring) [W32]: Also test for forward slash.
+
+2008-01-26 Werner Koch <wk@g10code.com>
+
+ * card-util.c (get_manufacturer): Add vendor 0004.
+
+2008-01-02 Werner Koch <wk@g10code.com>
+
+ * gpg.c: Add --logger-file as an alias for log-file.
+
+2007-12-14 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main): Set opt.no_homedir_creation during the first option
+ parsing pass.
+
+2007-12-12 Werner Koch <wk@g10code.com>
+
+ * misc.c (print_pubkey_algo_note): Print a warning if a type 20
+ key is used.
+ (openpgp_pk_test_algo, openpgp_pk_test_algo2)
+ (openpgp_pk_algo_usage): Allow type 20 keys only in rfc2440 mode.
+
+2007-12-12 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ * trustdb.c (sanitize_regexp): New. Protect against dangerous
+ regexps (malloc bombs) by force-commenting any characters aside
+ from the ones we explicitly want.
+ (check_regexp): Use it here before passing the regexp to
+ regcomp().
+
+2007-12-12 Werner Koch <wk@g10code.com>
+
+ * misc.c (map_cipher_openpgp_to_gcry): New. Used to map Camellia
+ algorithms to Gcrypt.
+ (openpgp_cipher_test_algo): Call new map function. Replace
+ all remaining calls to gcry_cipher_test_algo by a call to this.
+ (openpgp_cipher_algo_name): New. Replace all remaining calls to
+ gcry_cipher_algo_name by a call to this.
+ (map_cipher_gcry_to_openpgp): New.
+ (string_to_cipher_algo): Use it.
+ * gpg.c (main): Print a warning if Camellia support is build in.
+
+ * gpg.c (print_algo_names): New. From the 1.4 branch by David.
+ (list_config): Use it here for the "ciphername" and "digestname"
+ config items so we can get a script-parseable list of the names.
+
+ * parse-packet.c (parse_onepass_sig): Sigclass is hex, so include
+ the 0x.
+
+ * sign.c (match_dsa_hash): Remove conditional builds dending on
+ USE_SHAxxx. We don't need this becuase it can be expected that
+ libgcrypt provides it. However we need to runtime test for SHA244
+ becuase that is only available with libgcrypt 2.4.
+
+2007-12-11 Werner Koch <wk@g10code.com>
+
+ * mainproc.c (proc_pubkey_enc): Allow type 20 Elgamal key for
+ decryption.
+
+2007-12-10 Werner Koch <wk@g10code.com>
+
+ * import.c (auto_create_card_key_stub): Do not clear the entire
+ fingerprint. This finally makes the stub creation work. My past
+ tests seemed to work because there was a key with a all zero
+ fingerprint available (Elgamal signing keys).
+
+2007-12-08 Werner Koch <wk@g10code.com>
+
+ * misc.c (openpgp_pk_algo_usage): Allow Elgamal type 20 for
+ encryption.
+
+2007-12-04 Werner Koch <wk@g10code.com>
+
+ * helptext.c (get_help_from_file): New.
+ (display_online_help): Use it to geting the help through a file.
+ (helptexts): Remove.
+
+2007-12-03 Werner Koch <wk@g10code.com>
+
+ * keygen.c (ask_key_flags): Add a translation remark and implement
+ a workaround.
+
+ * gpg.c (reopen_std): Moved to ../common and renamed to
+ gnupg_reopen_std.
+
+ * gpg.c: Remove second inclusion of fcntl.h.
+
+2007-11-19 Werner Koch <wk@g10code.com>
+
+ * keyedit.c (keyedit_menu): String grammar fix.
+
+2007-11-15 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main): New option --xauthority.
+ * call-agent.c (start_agent): Adjust changed start_new_gpg_agent.
+
+2007-11-12 Werner Koch <wk@g10code.com>
+
+ * cpr.c (do_get_from_fd): s/bool/getbool/ to overcome problems
+ with Mac OS 10.5 which seems to include stdbool.h silently.
+
+2007-11-07 Werner Koch <wk@g10code.com>
+
+ Replace all includes of errors.h by status.h (found in common/).
+
+ * status.h: Remove.
+ * status.h: Move prototypes to main.h.
+ * status.c: Rename to ..
+ * cpr.c: .. this.
+ (get_status_string): Remove. We take this now from common/.
+
+2007-10-25 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ From 1.4 (October):
+
+ * gpg.c (main): Add --require-cross-certification to
+ --openpgp/--rfc4880 mode.
+
+ * gpg.c (main): Disable --rfc2440-text and --force-v3-sigs by
+ default. Enable --require-cross-certification by default.
+ --openpgp (--rfc4880) is the same as --rfc2440 except with
+ "--enable-dsa2 --no-rfc2440-text --escape-from-lines".
+
+ * misc.c (compliance_option_string, compliance_failure): Minor
+ cleanup.
+
+ * armor.c (is_armor_header): Comment about 4880.
+
+ * options.h, gpg.c (main): Add --rfc4880, and make --openpgp an
+ alias to it. --rfc2440 now stands alone. For now, use the old
+ 2440 defaults for 4880.
+ * misc.c (compliance_option_string): Ditto.
+
+ * keyedit.c (keyedit_menu): Use compliance_option_string() instead
+ of printing the compliance modes here.
+
+2007-10-25 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ From 1.4 (September):
+
+ * import.c (collapse_uids): Significant speedup for de-duping user
+ IDs.
+
+2007-10-25 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ From 1.4 (July):
+
+ * armor.c (parse_header_line): Improve test so that the header
+ test only allows "Hash" in the signed data section.
+
+ * armor.c (is_armor_tag): New. Detect if an armor header matches
+ 2440bis-21.
+ (parse_header_line): Call it here, as bis-21 requires warning the
+ user (but continuing to process the message) when seeing an
+ unknown header.
+
+ * encode.c (encode_crypt): Missed one call to
+ setup_plaintext_name(). This is bug#809.
+
+ * sign.c (mk_notation_policy_etc): Expect all sigs that this is
+ called for are >=v4.
+ (write_signature_packets, make_keysig_packet): Only call it for
+ >=v4 sigs. This allows --force-v3-sigs and --force-v4-certs to
+ enable or disable notations, policies, and keyserver URLs. This
+ is bug#800.
+
+2007-10-19 Werner Koch <wk@g10code.com>
+
+ * passphrase.c (passphrase_get): Use new utf8 switching fucntions.
+
+2007-09-14 Werner Koch <wk@g10code.com>
+
+ * gpg.c (build_lib_list): New.
+ (my_strusage): Print lib info.
+
+2007-08-27 Werner Koch <wk@g10code.com>
+
+ * trustdb.c (USE_INTERNAL_REGEX): Remove support.
+
+2007-08-24 Werner Koch <wk@g10code.com>
+
+ * keyring.c (keyring_register_filename): Use same_file_p().
+
+2007-08-21 Werner Koch <wk@g10code.com>
+
+ * misc.c (openpgp_md_test_algo): Remove rfc2440bis hash algorithms.
+ (openpgp_cipher_test_algo): Likewise for algos 5 and 6.
+
+2007-08-02 Werner Koch <wk@g10code.com>
+
+ * gpg.c: Include gc-opt-flags.h and remove their definition here.
+
+2007-07-17 Werner Koch <wk@g10code.com>
+
+ * gpg.c (gpgconf_list): Declare --encrypt-to and --default-key.
+
+ * card-util.c (get_manufacturer): Add the unmanaged S/N range.
+
+2007-07-12 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main): Use translate_sys2libc_fd_int when passing an int
+ value.
+ * gpgv.c (main): Ditto.
+
+2007-07-05 Werner Koch <wk@g10code.com>
+
+ * card-util.c (card_generate_subkey, card_store_subkey): Enable
+ the code also for GnuPG-2.
+
+ * keygen.c (make_backsig): Add arg TIMESTAMP.
+ (write_keybinding): Add arg TIMESTAMP, pass it to make_backsig.
+ (write_direct_sig, write_selfsigs): Add arg TIMESTAMP.
+ (gen_elg, gen_dsa, gen_rsa): Add arg TIMESTAMP.
+ (do_create): Ditto.
+ (do_generate_keypair): Use the same timestamp for key creation
+ time and all key signatures. Return an error if write_direct_sig
+ for the secret key fails.
+ (generate_subkeypair): Ditto.
+ (gen_card_key): New arg TIMESTAMP.
+ (generate_card_subkeypair): Pass current time to gen_card_key.
+ (gen_card_key_with_backup): New arg TIMESTAMP.
+ (read_parameter_file): Add option Creation-Date.
+ (parse_creation_string): New.
+ (do_generate_keypair): Use the Creation-Date if available.
+ (save_unprotected_key_to_card): Use P for P and not D.
+ * call-agent.c (agent_scd_genkey): Add arg CREATETIME.
+ * keyedit.c (menu_backsign): Use the same timestamp for all backsigs.
+
+2007-06-26 Werner Koch <wk@g10code.com>
+
+ * openfile.c (try_make_homedir): Support W32; use standard_homedir.
+
+2007-06-25 Werner Koch <wk@g10code.com>
+
+ * gpg.c, gpgv.c: Include sysutils.h.
+ (main): Replace iobuf_translate_file_handle by
+ translate_sys2libc_fd.
+
+2007-06-21 Werner Koch <wk@g10code.com>
+
+ * main.h: Include util.h.
+
+ * call-agent.c (start_agent): Factored almost all code out to
+ ../common/asshelp.c.
+
+ * gpg.h (ctrl_t): Remove. It is now declared in ../common/util.h.
+
+2007-06-20 Werner Koch <wk@g10code.com>
+
+ * misc.c (setsysinfo, trap_unaligned): Remove. It is also in
+ common/sysutils.c.
+ (disable_core_dumps, get_session_marker):
+
+ * sign.c (sleep): Remove sleep wrapper.
+
+2007-06-18 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpg.c (gpgconf_list): Percent escape output of --gpgconf-list.
+
+2007-06-14 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (start_agent): Use gnupg_module_name.
+
+2007-06-12 Werner Koch <wk@g10code.com>
+
+ * openfile.c (copy_options_file): Use gnupg_datadir.
+ * misc.c (get_libexecdir): Remove. Changed all callers to use
+ gnupg_libexecdir.
+ * gpg.c (check_permissions): Use gnupg_libdir.
+
+ * gpg.c (main): Replace some calls by init_common_subsystems.
+ * gpgv.c (main): Ditto.
+
+2007-06-11 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (needed_libs): Use libcommonstd macro.
+
+ * gpgv.c (main) [W32]: Call pth_init.
+ * gpg.c (main) [W32]: Call pth_init.
+
+2007-06-08 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (gpg2_LDADD): Syntax fix.
+
+2007-06-06 Werner Koch <wk@g10code.com>
+
+ * passphrase.c (passphrase_get) [!ENABLE_NLS]: Do not define
+ orig_codeset.
+
+ * Makefile.am (gpgv2_LDADD, gpg2_LDADD): Include LDADD before
+ libgcrypt.
+
+ * plaintext.c (handle_plaintext): Replace eof by eof_seen as W32's
+ io.h has a symbol with that name.
+
+ * misc.c: Do not include dynload.h.
+ (w32_shgetfolderpath): Remove. It is now in common/homedir.c.
+
+ * gpgv.c (i18n_init): Remove.
+ * gpg.c (i18n_init): Remove.
+ (main): Make --load-extension a dummy
+
+2007-05-19 Marcus Brinkmann <marcus@g10code.de>
+
+ * passphrase.c (passphrase_get): Use PACKAGE_GT, not PACKAGE.
+
+ * passphrase.c (passphrase_get): Free ORIG_CODESET on error.
+
+2007-05-16 Werner Koch <wk@g10code.com>
+
+ * sig-check.c (check_backsig): Check the digest algorithm before
+ using it. Fixed bug 797.
+
+2007-05-09 Werner Koch <wk@g10code.com>
+
+ * openfile.c (overwrite_filep, open_outfile) [W32]: Need to use
+ just "nul". Though, I am pretty sure that some MSDOS versions
+ grok the extra /dev/.
+
+2007-05-07 Werner Koch <wk@g10code.com>
+
+ * openfile.c (open_outfile, overwrite_filep) [W32]: Use "/dev/nul".
+
+2007-05-02 David Shaw <dshaw@jabberwocky.com>
+
+ * packet.h, mainproc.c (reset_literals_seen): New function to
+ reset the literals count.
+
+ * verify.c (verify_one_file), decrypt.c (decrypt_messages): Call
+ it here so we allow multiple literals in --multifile mode (in
+ different files - not concatenated together).
+
+2007-04-26 Marcus Brinkmann <marcus@g10code.de>
+
+ * passphrase.c (passphrase_to_dek): Write missing passphrase
+ status message in case of cancellation.
+
+2007-04-16 Werner Koch <wk@g10code.com>
+
+ * build-packet.c (mpi_write): Made buffer a bit larger. Reported
+ by Alexander Feigl.
+
+2007-04-13 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (start_agent): Don't use log_error when using the
+ fallback hack to start the agent. This is bug 782.
+
+2007-04-05 David Shaw <dshaw@jabberwocky.com>
+
+ From STABLE-BRANCH-1-4
+
+ * parse-packet.c (parse_marker): New. Enforce that the marker
+ contains 'P', 'G', 'P', and nothing but.
+ (parse): Call it here.
+ (skip_packet): No longer need to handle marker packets here.
+
+2007-03-14 David Shaw <dshaw@jabberwocky.com>
+
+ From STABLE-BRANCH-1-4
+
+ * keyserver.c: Windows Vista doesn't grok X_OK and so fails
+ access() tests. Previous versions interpreted X_OK as F_OK
+ anyway, so we'll just use F_OK directly.
+
+2007-03-09 David Shaw <dshaw@jabberwocky.com>
+
+ From STABLE-BRANCH-1-4
+
+ * parse-packet.c (parse_signature): It's hex.
+
+ * getkey.c (merge_selfsigs_subkey): Avoid listing the contents of
+ a backsig when list mode is on. Noted by Timo Schulz.
+
+2007-03-08 Werner Koch <wk@g10code.com>
+
+ * plaintext.c (handle_plaintext): Add two extra fflush for stdout.
+
+2007-03-08 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ * keyedit.c (keyedit_menu): If we modify the keyblock (via
+ fix_keyblock() or collapse_uids()) make sure we reprocess the
+ keyblock so the flags are correct. Noted by Robin H. Johnson.
+
+ * getkey.c (fixup_uidnode): Properly clear flags that don't apply
+ to us (revoked, expired) so that we can reprocess a uid.
+
+2007-03-05 Werner Koch <wk@g10code.com>
+
+ Converted this file to UTF-8.
+
+ Ported David and my multiple messages changes from 1.4.7.
+
+ * options.h, gpg.c (main), mainproc.c (check_sig_and_print): Allow
+ multiple sig verification again as this is protected via the
+ multiple-messages code. New option --allow-multiple-messages and
+ --no variant.
+ * status.h (STATUS_ERROR): New status code.
+ * status.c (get_status_string): Ditto.
+ * mainproc.c (proc_plaintext): Emit it if multiple messages are
+ detected. Error out if more than one plaintext packet is
+ encountered.
+ * mainproc.c (literals_seen): New.
+
+2007-02-26 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main): Add verify option show-primary-uid-only.
+ * options.h (VERIFY_SHOW_PRIMARY_UID_ONLY): New.
+ * mainproc.c (check_sig_and_print): Implement it.
+
+2007-02-22 Werner Koch <wk@g10code.com>
+
+ * encr-data.c (decrypt_data): Correctly test for unknown algorithm.
+ * import.c (check_prefs): Ditto.
+ * keyedit.c (show_prefs): Ditto.
+ * mainproc.c (proc_symkey_enc): Ditto.
+
+2007-02-06 Werner Koch <wk@g10code.com>
+
+ * export.c (do_export_stream): Allow reset-subkey-passwd along
+ with sexp-format.
+
+2007-02-04 Werner Koch <wk@g10code.com>
+
+ * parse-packet.c (parse_signature): Limit bytes read for an
+ unknown alogorithm. Fixes Debian bug#402592.
+
+2007-01-31 Werner Koch <wk@g10code.com>
+
+ * verify.c (verify_signatures): Do no dereference a NULL afx.
+
+ * passphrase.c (passphrase_get): Set the cancel flag on all error
+ from the agent. Fixes a bug reported by Tom Duerbusch.
+
+2007-01-30 Werner Koch <wk@g10code.com>
+
+ * status.c (write_status_begin_signing): New.
+ * sign.c (sign_file, sign_symencrypt_file): Call it.
+ * textfilter.c (copy_clearsig_text): Call it.
+
+ * call-agent.c (agent_scd_pksign): Pass --hash-rmd160 to SCD if
+ required.
+
+ * gpg.c (main): Let --no-use-agent and --gpg-agent-info print a
+ warning.
+ * misc.c (obsolete_option): New.
+
+2007-01-29 Werner Koch <wk@g10code.com>
+
+ * pkclist.c (do_we_trust_pre): Issue a user-id-hint status code.
+
+2007-01-15 Werner Koch <wk@g10code.com>
+
+ * parse-packet.c (read_protected_v3_mpi): Make sure to stop
+ reading even for corrupted packets.
+ * keygen.c (generate_user_id): Need to allocate one byte more.
+ Reported by Felix von Leitner.
+
+2006-12-21 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main): New command --server.
+ * gpg.h (struct server_control_s, ctrl_t): New.
+ * server.c: New.
+ * verify.c (gpg_verify): New.
+ * mainproc.c (mainproc_context): Made SIGNED_DATA a structure.
+ (proc_signature_packets_by_fd): New.
+ (proc_compressed_cb): Divert depending on SIGNED_DATA.
+ * plaintext.c (hash_datafile_by_fd): New.
+ * mainproc.c (proc_tree): Use it here.
+
+ * verify.c (verify_signatures): Init AFX only when needed.
+ Don't leak a context on error.
+ (verify_one_file): Don't leak a context on error.
+
+2006-12-07 Werner Koch <wk@g10code.com>
+
+ * openfile.c (copy_options_file): Use log_info instead of
+ log_error to avoid an error return of gpg due to a missing
+ skeleton file.
+
+2006-12-07 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: Link to iconv for jnlib dependency.
+
+2006-12-05 Werner Koch <wk@g10code.com>
+
+ * passphrase.c (passphrase_to_dek): Handle a Cancel request
+ correctly. [Bug#737]
+ * mainproc.c (proc_symkey_enc): Removed workaround for bogus cancel
+ processing.
+ * encode.c (encode_simple): Distinguish error message between
+ cancel and invalid passphrase.
+ (setup_symkey): Ditto.
+ * sign.c (sign_symencrypt_file): Ditto
+ * keyedit.c (change_passphrase): Allow cancellation.
+ * keygen.c (do_ask_passphrase): New arg R_CANCELED.
+ (generate_keypair): Handle a passphrase cancellation.
+ (generate_raw_key): Ditto.
+ (generate_subkeypair): Ditto.
+
+2006-12-04 Werner Koch <wk@g10code.com>
+
+ * filter.h (armor_filter_context_t): New element REFCOUNT.
+ * armor.c (armor_filter): Made static.
+ (push_armor_filter, release_armor_context, new_armor_context): New.
+ (armor_filter): Release the context.
+ * gpg.c (main): Use new armor context functions and
+ push_armor_filter.
+ * export.c (do_export): Ditto.
+ * encode.c (encode_simple, encode_crypt): Ditto.
+ * decrypt.c (decrypt_message, decrypt_messages): Ditto.
+ * dearmor.c (dearmor_file, enarmor_file): Ditto.
+ * verify.c (verify_signatures, verify_one_file): Ditto.
+ * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto.
+ * revoke.c (gen_desig_revoke, gen_revoke): Ditto.
+ * keyserver.c (keyserver_spawn): Ditto.
+ * keygen.c (output_control_s): Turn AFX fields into pointers.
+ (read_parameter_file): Allocate and release AFX fields.
+ (do_generate_keypair): Use push_armor_filter.
+ * import.c (import): Replace iobuf_push_filter2 hack by the new
+ armor context stuff.
+
+2006-12-03 Werner Koch <wk@g10code.com>
+
+ * filter.h: New element REFCOUNT.
+ (handle_progress): Remove prototype.
+ * progress.c (new_progress_context, release_progress_context): New.
+ (progress_filter): Use new function to release context. Made static.
+ (handle_progress): Bumb reference counter. No more check for
+ enabled progress as this is handled by new_progress_context.
+ * verify.c (verify_signatures, verify_one_file): Replace stack
+ based progress context by a heap based one.
+ * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto.
+ * plaintext.c (ask_for_detached_datafile, hash_datafiles): Ditto.
+ * encode.c (encode_simple, encode_crypt): Ditto.
+ * decrypt.c (decrypt_message, decrypt_messages): Ditto.
+
+ * keyedit.c (menu_clean): Made strings translatable.
+
+2006-12-03 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (menu_clean): Show "already minimized" rather than
+ "already clean" when a minimized key is minimized again. From
+ Dirk Traulsen.
+
+2006-12-02 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, gpg.c (main), passphrase.c (passphrase_to_dek): Add
+ --passphrase-repeat option to control how many times gpg will
+ re-prompt for a passphrase to ensure the user has typed it
+ correctly. Defaults to 1.
+
+2006-12-02 Werner Koch <wk@g10code.com>
+
+ * encr-data.c: Allocate DFX context on the heap and not on the
+ stack. Changes at several places. Fixes CVE-2006-6235.
+
+2006-11-27 Werner Koch <wk@g10code.com>
+
+ * openfile.c (ask_outfile_name): Fixed buffer overflow occurring
+ if make_printable_string returns a longer string. Fixes bug 728.
+
+2006-11-21 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (needed_libs): libgnu needs to come after libcommon.
+
+ * keygen.c (ask_expire_interval): Print y2038 warning only for 32
+ bit time_t.
+ (save_unprotected_key_to_card): Made RSA_N_LEN et al a size_t.
+ Cast printf args.
+ (get_parameter_algo): Allow "ELG" as alias for "ELG-E".
+
+ * seckey-cert.c (do_check): Made NBYTES a size_t.
+ (do_check): Made NDATA a size_t.
+ (protect_secret_key): Made NARR a size_t.
+ (protect_secret_key): Made NVYES a size_t.
+ * pubkey-enc.c (get_it): Made INDATALEN a size_t.
+ (get_it): Made NFRAME a size_t.
+ * keyid.c (hash_public_key): Made NBITS an unsigned int.
+ * misc.c (checksum_mpi): Made NBYTES a size_t.
+ (openpgp_pk_test_algo2): Made USE_BUF a size_t.
+ * seskey.c (encode_session_key): Made NFRAME a size_t.
+ (do_encode_md): Ditto.
+ (encode_md_value): Cast size_t argument of printf.
+ (encode_md_value): Ditto.
+
+2006-11-10 Werner Koch <wk@g10code.com>
+
+ * parse-packet.c (mpi_read): Changed NREAD to size_t to match the
+ gcry_mpi-scan prototype.
+ (mpi_read): Fixed double increment of bytes read to correctly
+ detect overlong MPIs.
+
+2006-11-05 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main): Remove the default --require-cross-certification.
+ * options.skel: Enable require-cross-certification.
+
+2006-10-31 Werner Koch <wk@g10code.com>
+
+ * pkclist.c (warn_missing_aes_from_pklist): New.
+ * encode.c (encrypt_filter, encode_crypt): Use it here.
+
+2006-10-27 Werner Koch <wk@g10code.com>
+
+ * pkclist.c (warn_missing_mdc_from_pklist): New.
+ * encode.c (use_mdc): Use it here.
+
+2006-10-24 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).
+
+2006-10-23 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main): New command --gpgconf-test.
+
+ * Makefile.am (bzip2_source): New.
+
+2006-10-20 Werner Koch <wk@g10code.com>
+
+ * getkey.c (classify_user_id): Reserve '&' for search by keygrip.
+
+2006-10-19 Werner Koch <wk@g10code.com>
+
+ * keygen.c (get_parameter_algo): Add special case for ELG_E which
+ is not supported by libgcrypt's mapping function.
+
+2006-10-18 Werner Koch <wk@g10code.com>
+
+ * keyid.c (v3_keyid): Don't use mempcy as we need to hold the
+ keyids in the native endian format.
+
+ * import.c (import_print_stats): Use log_printf.
+
+ * build-packet.c (do_public_key): Care about mpi_write errors.
+ (do_secret_key, do_pubkey_enc, do_signature): Ditto.
+ (mpi_write): Print an extra warning on error.
+
+2006-10-17 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (LDADD): Replaced W32LIBS by NETLIBS.
+
+2006-10-12 David Shaw <dshaw@jabberwocky.com>
+
+ * parse-packet.c (parse_symkeyenc): Show the unpacked as well as
+ the packed s2k iteration count.
+
+ * main.h, options.h, gpg.c (encode_s2k_iterations, main),
+ passphrase.c (hash_passphrase): Add --s2k-count option to specify
+ the number of s2k hash iterations.
+
+2006-10-08 Werner Koch <wk@g10code.com>
+
+ * gpgv.c: Remove the tty stubs as we are now required to link to
+ tty anyway (it is included in libcommand and has dependencies to
+ other modules as well).
+
+ * keyedit.c (keyedit_menu): Use keyedit_completion only if
+ readline is available. It would be better to move this code into
+ gpgrlhelp.c
+
+2006-10-06 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (AM_CFLAGS): Use PTH version of libassuan.
+
+2006-10-06 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (keyserver_spawn): Write the 16-digit keyid rather
+ than whatever key selector the user used on the command line.
+
+2006-10-05 Werner Koch <wk@g10code.com>
+
+ * status.c (progress_cb): Changed to libgcrypt API.
+ (set_status_fd): Register the progress cb.
+
+ * seskey.c (encode_md_value): Check that the hash algo is valid
+ before getting the OID.
+
+2006-10-04 Werner Koch <wk@g10code.com>
+
+ * passphrase.c: Allow for a static passphrase in batch mode.
+
+ * call-agent.c (agent_havekey): Removed.
+ (percent_plus_escape): New.
+ (agent_get_passphrase): New.
+ (agent_clear_passphrase): New.
+
+ * passphrase.c: Changed so that we always require the agent.
+ (agent_send_option, agent_send_all_options, agent_open): Removed.
+ (agent_get_passphrase): Cleaned up. Does now use the call-agent
+ functions. Renamed to
+ (passphrase_get): .. this. Changed all callers.
+ (passphrase_clear_cache): Rewritten.
+ (passphrase_to_dek, hash_passphrase): Re-indented.
+
+ * gpg.c (main): Made --use-agent a dummy option.
+ * seckey-cert.c (check_secret_key): We require the agent, so always
+ allow for 3 tries.
+
+ * gpg.c (main): Print a warning if -sat has been used.
+ (main): Removed the special treatment of the -k option. -k is now
+ an alias for --list-keys.
+ (main): Removed --list-ownertrust.
+
+2006-10-02 Werner Koch <wk@g10code.com>
+
+ * encr-data.c (decrypt_data, mdc_decode_filter): Check the MDC
+ right here and don't let parse-packet handle the MDC.
+
+2006-09-29 Werner Koch <wk@g10code.com>
+
+ * compress.c (do_uncompress): Removed use of Z_PARTIAL_FLUSH.
+ This is outdated and old zlib versions which still require it have
+ security problems.
+
+2006-09-27 Werner Koch <wk@g10code.com>
+
+ Replaced all STRLIST by strlist_t.
+
+2006-09-21 Werner Koch <wk@g10code.com>
+
+ * signal.c (got_fatal_signal): Replaced readline stuff by a tty
+ function.
+
+ * Makefile.am (LDADD): Include libgpgrl.a.
+
+ * gpg.c (main): Call gpg_rl_initialize.
+
+ * keyedit.c: Removed double inclusion of stdio.h.
+
+2006-09-20 Werner Koch <wk@g10code.com>
+
+ * call-agent.c: Include asshelp.h.
+ (start_agent): Use send_pinentry_environment.
+
+2006-09-14 Werner Koch <wk@g10code.com>
+
+ Replaced all call gpg_error_from_errno(errno) by
+ gpg_error_from_syserror().
+
+2006-09-13 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main): Made --require-cross-certification the default.
+
+2006-09-06 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (gpg2_LDADD, gpgv2_LDADD): Replace -lassuan and
+ -lgpg-error with $(LIBASSUAN_LIBS) and $(GPG_ERROR_LIBS).
+ (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS) and $(GPG_ERROR_CFLAGS).
+
+2006-09-06 Werner Koch <wk@g10code.com>
+
+ * gpg.c (main): Enable new assuan API.
+ * call-agent.c: Changed to new Assuan API.
+
+2006-09-01 Werner Koch <wk@g10code.com>
+
+ * call-agent.c: Do not force using the pipe server.
+
+ * gpg.c (main): Enable card related commands.
+
+2006-08-22 Werner Koch <wk@g10code.com>
+
+ * mainproc.c (proc_plaintext): Fixed a #warning
+
+2006-08-21 Werner Koch <wk@g10code.com>
+
+ * skclist.c (random_is_faked): Implemented.
+ (is_insecure): Also test for the old uppercase version of the
+ insecure string.
+ * gpg.c (main): Renamed --quick-random to debug-quick-quick-random.
+
+ * gpg.c (print_mds): Do not use the USE_SHA macros.
+
+ * mainproc.c (proc_encrypted): Remove assign inside condition for
+ better readibility.
+
+ * packet.h: Moved consts to new header ../common/openpgpdefs.h.
+
+2006-08-16 Werner Koch <wk@g10code.com>
+
+ * keyserver.c (GPGKEYS_PREFIX): Rename to gpg2keys_. This is so
+ that we can install helpers from 1.4 and 2 without conflicts and
+ first of all don't get lost with weird bug reports.
+
+ * keyid.c (serialno_and_fpr_from_sk): New. Actually lost during
+ the last 1.4 to 1.9 merge.
+
+ * gpg.c (list_config): Output ccid-reader-id only for gnupg 1.
+
+ * call-agent.c (agent_scd_writekey): New.
+ (inq_writekey_parms): New.
+
+ * gpgv.c: Include call-agent.h for use by stubs.
+
+ * misc.c: Include call-agent.h for use by get_signature_count.
+
+2006-07-27 Werner Koch <wk@g10code.com>
+
+ * parse-packet.c (parse_comment): Cap comments at 65k.
+ (parse_gpg_control): Skip too large control packets.
+
+2006-07-24 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ * keydb.h, pkclist.c (select_algo_from_prefs, algo_available):
+ Pass a union for preference hints rather than doing void * games.
+
+ * sign.c (sign_file): Use it here.
+
+ * sign.c (sign_file): When signing with multiple DSA keys, one
+ being DSA1 and one being DSA2 and encrypting at the same time, if
+ the recipient preferences give a hash that can work with the DSA2
+ key, then allow the DSA1 key to be promoted rather than giving up
+ and using hash_for().
+
+ * pkclist.c (algo_available): Automatically enable DSA2 mode when
+ handling a key that clearly isn't DSA1 (i.e. q!=160).
+
+2006-06-30 Werner Koch <wk@g10code.com>
+
+ * misc.c (checksum_mpi): No need for nbits as they are alredy
+ included in the buffer.
+
+2006-06-29 Werner Koch <wk@g10code.com>
+
+ * parse-packet.c (parse_signature, parse_key): Need store the
+ length of opaque data as number of bits.
+ * card-util.c (card_store_subkey): Ditto.
+
+ * mainproc.c (print_pkenc_list, check_sig_and_print): Replaced
+ log_get_stream by calls to log_printf. This avoids the extra LFs
+ inserted by the logging function. They are a bit too smart
+ sometimes.
+ * pkclist.c (do_show_revocation_reason): Print final LF through
+ log_printf to avoid extra LFs.
+ * pubkey-enc.c (get_it): Ditto.
+
+ * seskey.c (encode_md_value): Fix call to gcry.
+
+2006-06-27 Werner Koch <wk@g10code.com>
+
+ Applied patches from 1.4.x (2006-05-22 to 2006-06-23) from David:
+
+ * keygen.c (keygen_upd_std_prefs, keygen_add_std_prefs)
+ (proc_parameter_file): Add --default-keyserver-url to specify a
+ keyserver URL at key generation time, and "Keyserver:" keyword for
+ doing the same through a batch file.
+ * options.h, gpg.c (main): Ditto.
+
+ * sign.c (do_sign): For now don't accept a truncated hash even
+ for DSA1 keys (be liberal in what you accept, etc).
+
+ * import.c (import_one): Add a flag (from_sk) so we don't check
+ prefs on an autoconverted public key. The check should only
+ happen on the sk side. Noted by Dirk Traulsen.
+
+ * keygen.c (gen_card_key): Add optional argument to return a
+ pointer (not a copy) of the stub secret key for the secret key we
+ just generated on the card.
+ (generate_card_subkeypair): Use it here so that the signing key on
+ the card can use the card to generate the 0x19 backsig on the
+ primary key. Noted by Janko Heilgeist and Jonas Oberg.
+
+ * parse-packet.c (parse_user_id): Cap the user ID size at 2048
+ bytes. This prevents a memory allocation attack with a very large
+ user ID. A very large packet length could even cause the
+ allocation (a u32) to wrap around to a small number. Noted by
+ Evgeny Legerov on full-disclosure.
+
+ * keygen.c (gen_dsa): Allow generating DSA2 keys. Allow
+ specifying sizes > 1024 when --enable-dsa2 is set. The size of q
+ is set automatically based on the key size.
+ (ask_keysize, generate_keypair): Ask for DSA size when
+ --enable-dsa2 is set.
+
+ * exec.c (make_tempdir) [W32]: Fix bug with a temporary directory
+ on W32 that is over 256 bytes long. Noted by Israel G. Lugo.
+
+ * gpg.c (reopen_std): New function to reopen fd 0, 1, or 2 if we
+ are called with them closed. This is to protect our
+ keyring/trustdb files from corruption if they get attached to one
+ of the standard fds. Print a warning if possible that this has
+ happened, and fail completely if we cannot reopen (should never
+ happen).
+ (main): Call it here.
+
+ * parse-packet.c (dump_sig_subpkt, parse_signature): Fix meaning
+ of key expiration and sig expiration subpackets - zero means
+ "never expire" according to 2440, not "expire instantly".
+ * build-packet.c (build_sig_subpkt_from_sig): Ditto.
+ * getkey.c (fixup_uidnode, merge_selfsigs_main)
+ (merge_selfsigs_subkey): Ditto.
+ * keygen.c (keygen_add_key_expire): Ditto.
+
+ * getkey.c (get_pubkey_byname)
+ * import.c (import_one): Fix key selection problem when
+ auto-key-locate returns a list of keys, not all of which are
+ usable (revoked, expired, etc). Noted by Simon Josefsson.
+
+2006-05-24 Werner Koch <wk@g10code.com>
+
+ * keyid.c (hash_public_key): Do not double hash the length bytes,
+ they are already included by mpi_print.
+
+ * misc.c (openpgp_pk_test_algo2): Get test call right.
+
+ * misc.c (string_to_cipher_algo, string_to_digest_algo): New.
+ * keygen.c (keygen_set_std_prefs): use them here.
+ * gpg.c (main): and here.
+
+2006-05-23 Werner Koch <wk@g10code.com>
+
+ * card-util.c (generate_card_keys): Removed temporary kludge for
+ generate_keypair.
+
+ * call-agent.c (agent_scd_setattr): Add arg SERIALNO.
+ (agent_scd_genkey): Ditto.
+ (agent_scd_change_pin): Ditto.
+
+ * call-agent.h (struct agent_card_info_s): Updated to match the
+ one of 1.4.3.
+
+ * Makefile.am (LDADD): Include ZLIBS.
+
+ * gpgv.c: Removed stubs not anymore useful due to libgcrypt.
+
+2006-05-22 Werner Koch <wk@g10code.com>
+
+ * keyserver.c (keyidlist): Replaced mpi_get_keyid by v3_keyid.
+ * keydb.h (v3_keyid): Added.
+
+ * import.c (import): Better initialize KEYBLOCK as to quiet
+ compiler warning.
+
+ * skclist.c (random_is_faked): New.
+
+ * mainproc.c: Include pka.h.
+
+2006-05-19 Werner Koch <wk@g10code.com>
+
+ * misc.c (openpgp_pk_test_algo2): Need to use gcry_pk_algo_info
+ directly.
+ (string_count_chr): New.
+
+ * armor.c (parse_header_line): Use renamed function
+ length_sans_trailing_ws.
+
+ * options.h, gpg.c: Option --strict is not used thus removed code
+ but kept option.
+
+2006-04-28 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ * keyserver.c (direct_uri_map): New.
+ (keyserver_spawn): Used here to add "_uri" to certain gpgkeys_xxx
+ helpers when the meaning is different if a path is provided (i.e.
+ ldap).
+ (keyserver_import_cert): Show warning if there is a CERT
+ fingerprint, but no --keyserver set.
+
+ * keyserver.c: Fix build problem with platforms that stick libcurl
+ in a place not in the regular include search path.
+
+ * options.h, gpg.c (main): Add --enable-dsa2 and --disable-dsa2.
+ Defaults to disable.
+
+ * pkclist.c (algo_available): If --enable-dsa2 is set, we're
+ allowed to truncate hashes to fit DSA keys.
+
+ * sign.c (match_dsa_hash): New. Return the best match hash for a
+ given q size.
+ (do_sign, hash_for, sign_file): When signing with a DSA key, if it
+ has q==160, assume it is an old DSA key and don't allow truncation
+ unless --enable-dsa2 is also set. q!=160 always allows truncation
+ since they must be DSA2 keys.
+ (make_keysig_packet): If the user doesn't specify a
+ --cert-digest-algo, use match_dsa_hash to pick the best hash for
+ key signatures.
+
+ * gpg.c (print_mds): Add SHA-224.
+ * armor.c (armor_filter, parse_hash_header): Add SHA-224.
+
+ * sign.c (write_plaintext_packet):
+ Factor common literal packet setup code from here, to...
+ * encode.c (encode_simple): .. there.
+
+ * main.h, plaintext.c (setup_plaintext_name): Here. New. Make sure
+ the literal packet filename field is UTF-8 encoded.
+
+ * options.h, gpg.c (main): Make sure --set-filename is UTF-8
+ encoded and note when filenames are already UTF-8.
+
+ * keyedit.c (menu_backsign): Give some more verbose errors when we
+ have no need to backsign.
+
+ * getkey.c (parse_auto_key_locate): Fix dupe-removal code.
+
+ * keyedit.c (menu_backsign): Allow backsigning even if the secret
+ subkey doesn't have a binding signature.
+
+ * armor.c (radix64_read): Don't report EOF when reading only a pad
+ (=) character. The EOF actually starts after the pad.
+
+ * gpg.c (main): Make --export, --send-keys, --recv-keys,
+ --refresh-keys, and --fetch-keys follow their arguments from left
+ to right. Suggested by Peter Palfrader.
+
+2006-04-18 Werner Koch <wk@g10code.com>
+
+ * tdbio.c (open_db, migrate_from_v2): Removed feature to migration
+ from old trustdb version 2.
+
+ * gpg.c, mainproc.c: Removed pipemode feature.
+
+ * status.c: Removed shared memory coprocess stuff
+
+ Merged with current gpg 1.4.3 code.
+
+ * keygen.c, keyid.c, misc.c, openfile.c, verify.c, trustdb.c
+ * textfilter.c, tdbio.c, tdbdump.c, status.c, skclist.c, signal.c
+ * sign.c, sig-check.c, seskey.c, seckey-cert.c, revoke.c
+ * pubkey-enc.c, progress.c, plaintext.c, pkclist.c, photoid.c
+ * passphrase.c, parse-packet.c, mdfilter.c, mainproc.c
+ * keyserver.c, keyring.c, keylist.c, keyedit.c, keydb.c, kbnode.c
+ * import.c, getkey.c, gpgv.c, helptext.c, free-packet.c
+ * build-packet.c, cipher.c, compress.c, dearmor.c, decrypt.c
+ * delkey.c, encr-data.c, encode.c, exec.c, export.c
+ * gpg.c, armor.c: Updated from gnupg-1.4.3 and merged back gcry and
+ gnupg-1.9 related changes.
+ * trustdb.h, tdbio.h, status.h, photoid.h, packet.h, options.h
+ * main.h, keyserver-internal.h, keyring.h, keydb.h, filter.h
+ * exec.h: Ditto.
+ * global.h: Removed after merging constants with gpg.h.
+ * comment.c, pipemode.c: Removed.
+ * card-util.c: Updated from gnupg-1.4.3.
+ * compress-bz2.c: New.
+
+2005-06-15 Werner Koch <wk@g10code.com>
+
+ * g10.c (print_hashline, add_group): Fixes for signed/unsigned
+ pointer mismatch warnings.
+
+2005-06-01 Werner Koch <wk@g10code.com>
+
+ * mkdtemp.c: Removed.
+ * exec.c: Include mkdtemp.h
+
+2004-12-21 Werner Koch <wk@g10code.com>
+
+ * gpgv.c, g10.c (main): Use default_hoemdir ().
+
+2004-12-18 Werner Koch <wk@g10code.com>
+
+ * gpg.h (map_assuan_err): Define in terms of
+ map_assuan_err_with_source.
+
+2004-12-15 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (LDADD): Remove ZLIBS.
+
+2004-10-22 Werner Koch <wk@g10code.com>
+
+ * g10.c (main): Display a bit fat warning that this gpg should not
+ be used.
+
+ * card-util.c (fetch_url): Disable for gnupg 1.9
+ (card_generate_subkey): Ditto.
+ (card_store_subkey): Ditto.
+
+2004-09-30 Werner Koch <wk@g10code.com>
+
+ * gpgv.c (i18n_init): Always use LC_ALL.
+
+ * Makefile.am (LDADD): Adjusted for gettext 0.14.
+
+2004-09-20 Werner Koch <wk@g10code.com>
+
+ * keyedit.c (show_key_with_all_names): Print the card S/N.
+
+2004-09-11 Moritz Schulte <moritz@g10code.com>
+
+ * openfile.c (copy_options_file): Fixed last commit (added a `+').
+
+2004-08-31 Werner Koch <wk@g10code.de>
+
+ * openfile.c (copy_options_file): Use gpg-conf.skel. Better take
+ the length of SKELEXT into account, someone might make it larger.
+ * Makefile.am: Install options.skel as gpg-conf.skel.
+
+2004-08-18 Marcus Brinkmann <marcus@g10code.de>
+
+ * passphrase.c (agent_get_passphrase): Fix detection of gpg-agent
+ cancellation.
+
+2004-07-01 Werner Koch <wk@gnupg.org>
+
+ * card-util.c (change_login): Kludge to allow reading data from a
+ file.
+ (card_edit): Pass ARG_STRING to change_login.
+ (card_status): Print CA fingerprints.
+ (change_cafpr): New.
+ (card_edit): New command CAFPR.
+
+ * call-agent.h: Add members for CA fingerprints.
+ * call-agent.c (agent_release_card_info): Invalid them.
+ (learn_status_cb): Store them.
+
+2004-04-30 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main) <gpgconf>: Use gpg.conf and not /dev/null as
+ default filename.
+
+2004-04-28 Werner Koch <wk@gnupg.org>
+
+ * card-util.c (card_edit): Remove PIN verification.
+ (generate_card_keys): New arg SERIALNO. Do PIN verification here
+ after resetting forced_chv1.
+
+2004-04-26 Werner Koch <wk@gnupg.org>
+
+ * card-util.c (change_name): Check that the NAME is not too long.
+ (change_url): Likewise.
+ (change_login): Likewise.
+
+2004-03-23 Werner Koch <wk@gnupg.org>
+
+ * g10.c: New options --gpgconf-list, --debug-level and --log-file
+ (set_debug): Add arg DEBUG_LEVEL.
+ (main): Look at less and less version specific config files. From
+ gnupg 1.3.
+
+2004-02-17 Werner Koch <wk@gnupg.org>
+
+ * call-agent.c (start_agent): Ignore an empty GPG_AGENT_INFO.
+ * passphrase.c (agent_open): Ditto.
+
+2004-02-12 Werner Koch <wk@gnupg.org>
+
+ * gpgv.c: Removed g10defs.h.
+
+ * Makefile.am: Include cmacros.am for common flags.
+
+2004-02-11 Werner Koch <wk@gnupg.org>
+
+ * openfile.c (try_make_homedir): Use GNUPG_DEFAULT_HOMEDIR.
+ * gpgv.c (main): Ditto.
+ * g10.c (main): Ditto.
+
+2004-01-19 Moritz Schulte <mo@g10code.com>
+
+ * keygen.c (do_generate_keypair): Print member fname, instead of
+ newfname, again.
+ (do_generate_keypair): Don't try to execute certain pieces of code
+ in case an error occured.
+ (gen_card_key): Don't print out a message, which is already
+ printed by do_generate_keypair().
+
+2004-01-18 Moritz Schulte <mo@g10code.com>
+
+ * keygen.c (do_generate_keypair): Print member fname, instead of
+ newfname.
+
+2003-12-17 Werner Koch <wk@gnupg.org>
+
+ * card-util.c (print_name): Fixed bad format string usage.
+ (print_isoname): Ditto.
+
+ * trustdb.c (check_regexp): s/exp/expr/.
+
+ * keyedit.c (trustsig_prompt): Removed a "> 255" term; it is
+ always false due to the data type.
+
+ * passphrase.c (agent_get_passphrase): Use xasprintf and avoid
+ non-literal format strings.
+
+ * tdbio.c (upd_hashtable, drop_from_hashtable, lookup_hashtable):
+ Fixed log_error format string bugs. Kudos to the now working
+ gcc-3.3 -Wformat-nonliteral and Florian Weimer's investigations in
+ gnupg 1.2.3.
+
+2003-12-15 Werner Koch <wk@gnupg.org>
+
+ * seckey-cert.c (protect_secret_key): Use gry_create_nonce for the
+ IV; there is not need for real strong random here and it even
+ better protect the random bits used for the key.
+
+2003-11-16 Moritz Schulte <mo@g10code.com>
+
+ * signal.c: Removed unused file.
+
+2003-11-10 Moritz Schulte <mo@g10code.com>
+
+ * Makefile.am (INCLUDES): Added: @LIBGCRYPT_CFLAGS@.
+
+2003-10-25 Werner Koch <wk@gnupg.org>
+
+ * call-agent.c (learn_status_cb, scd_genkey_cb): Fixed faulty use
+ of !spacep().
+
+2003-10-20 Werner Koch <wk@gnupg.org>
+
+ * card-util.c (card_edit): New command "passwd". Add logic to
+ check the PIN in advance.
+ (card_status): Add new args to return the serial number. Changed
+ all callers.
+ * call-agent.c (agent_scd_checkpin): New.
+
+2003-10-08 Werner Koch <wk@gnupg.org>
+
+ * call-agent.c (agent_scd_getattr): Don't clear the passed info
+ structure, so that it can indeed be updated.
+
+ * card-util.c (fpr_is_zero): New.
+ (generate_card_keys): New.
+ (card_edit): New command "generate".
+ * keygen.c (generate_keypair): New arg CARD_SERIALNO, removed call
+ to check_smartcard.
+ (check_smartcard,show_smartcard): Removed.
+ (show_sha1_fpr,fpr_is_zero): Removed.
+
+2003-10-01 Werner Koch <wk@gnupg.org>
+
+ * card-util.c: Tweaked to use this source also under 1.3.
+
+2003-09-30 Werner Koch <wk@gnupg.org>
+
+ * keylist.c (print_card_serialno): New.
+ (list_keyblock_print): Use it here.
+
+ * card-util.c (toggle_forcesig): New.
+ (card_edit): New command "forcesig".
+
+ * card-util.c (print_name, print_isoname): Use 0 and not LF fro
+ the max_n arg of tty_print_utf8_string2.
+
+ * call-agent.c (agent_scd_getattr): New.
+ (learn_status_cb): Release values before assignment so that it can
+ be used by getattr to update the structure.
+
+ * card-util.c (change_pin): Simplified. We now have only a PIN
+ and an Admin PIN.
+
+2003-09-27 Werner Koch <wk@gnupg.org>
+
+ * sign.c (do_sign): Removed disabled testcode.
+
+2003-09-26 Timo Schulz <twoaday@freakmail.de>
+
+ * card_status (card_status): Do not use fputs since the fp
+ parameter can be NULL. This fixes a segv.
+
+2003-09-24 Werner Koch <wk@gnupg.org>
+
+ * card-util.c (print_isoname,card_status): Handle opt.with_colons.
+ (print_sha1_fpr_colon): New.
+
+2003-09-23 Werner Koch <wk@gnupg.org>
+
+ Merged most of David Shaw's changes in 1.3 since 2003-06-03.
+
+ * Makefile.am: Include W32LIBS where appropriate.
+
+ * armor.c (parse_hash_header,armor_filter): Drop TIGER/192 support.
+ * g10.c (print_hex,print_mds): Ditto.
+ * pkclist.c (algo_available): Ditto.
+
+ * armor.c (armor_filter): Allow using --comment multiple times to
+ get multiple Comment header lines. --no-comments resets list.
+ * options.h, g10.c (main): Ditto. Deprecate --default-comment in
+ favor of --no-comments.
+
+ * g10.c (main): Trim --help to commonly used options. Remove -f.
+
+ * g10.c (main): Add --multifile as an alias to turn --encrypt into
+ --encrypt-files (plus --verify-files, --decrypt-files). Error out
+ if --multifile is used with the commands that don't support it yet.
+
+ * encode.c (use_mdc), g10.c (main): Use RFC1991 and RFC2440
+ directly to check for MDC usability. Do not set the force_mdc or
+ disable_mdc flags since there is no point any longer.
+
+ * g10.c (main): Use "keyserver-url" instead of
+ "preferred-keyserver" for the sake of short and simple commands.
+ (add_keyserver_url): Clarify a few strings. It's a
+ "preferred keyserver URL".
+ * keyedit.c (keyedit_menu): Ditto.
+ * sign.c (mk_notation_policy_etc): Ditto.
+
+ * main.h, keygen.c (keygen_add_keyserver_url): Signature callback
+ for adding a keyserver URL.
+ * keyedit.c (keyedit_menu, menu_set_keyserver_url): New command to
+ set preferred keyserver to specified (or all) user IDs.
+ * build-packet.c (build_sig_subpkt): Set preferred keyserver flag
+ while building a preferred keyserver subpacket.
+
+ * keylist.c (show_policy_url, show_keyserver_url): URLs might be
+ UTF8.
+
+ * keyedit.c (menu_addrevoker): Fix leaking a few bytes.
+
+ * keyedit.c (show_key_with_all_names): Use list-option
+ show-long-keyid in main --edit-key display.
+
+ * keyedit.c (print_and_check_one_sig): Use list-option
+ show-long-keyid in --edit-key "check" function.
+
+ * passphrase.c (agent_send_all_options): Make use of $GPG_TTY.
+
+ * g10.c (main): Disable use-agent if passphrase-fd is given
+ later. Suggested by Kurt Garloff.
+
+ * exec.c, g10.c, gpgv.c, passphrase.c, photoid.c:
+ s/__MINGW32__/_WIN32/ to help building on native Windows
+ compilers. Requested by Brian Gladman. From Werner on stable
+ branch.
+
+ * options.h, g10.c (main): Add list-option
+ list-preferred-keyserver.
+
+ * keyedit.c (change_passphrase): When responding 'no' to the blank
+ passphrase question, re-prompt for a new passphrase. This is bug
+ #202.
+
+ * mainproc.c (check_sig_and_print): Use two different preferred
+ keyserver displays - one if the key is not present (to tell the
+ user where to get the key), the other if it is present (to tell
+ the user where the key can be refreshed).
+
+ * packet.h, parse-packet.c (parse_signature): Set flag if a
+ preferred keyserver is present.
+
+ * keylist.c (list_keyblock_print): Show keyserver url in listings
+ with list-option show-keyserver-url.
+
+ * mainproc.c (check_sig_and_print): Get the uid validity before
+ printing any sig results to avoid munging the output with trustdb
+ warnings.
+
+ * g10.c (main): Don't include --show-keyring in --help as it is
+ deprecated.
+
+ * options.skel: Note that keyserver.pgp.com isn't synchronized,
+ and explain the roundrobin a bit better.
+
+ * sig-check.c (check_key_signature2), import.c (import_one,
+ import_revoke_cert, chk_self_sigs, delete_inv_parts,
+ collapse_uids, merge_blocks): Make much quieter during import of
+ slightly munged, but recoverable, keys. Use log_error for
+ unrecoverable import failures.
+
+ * keyring.c (keyring_rebuild_cache): Comment.
+
+ * sign.c (mk_notation_and_policy): Making a v3 signature with
+ notations or policy urls is an error, not an info (i.e. increment
+ the errorcount). Don't print the notation or policy url to stdout
+ since it can be mixed into the output stream when piping and munge
+ the stream.
+
+ * packet.h, sig-check.c (signature_check2, do_check,
+ do_check_messages): Provide a signing-key-is-revoked flag. Change
+ all callers.
+
+ * status.h, status.c (get_status_string): New REVKEYSIG status tag
+ for a good signature from a revoked key.
+
+ * mainproc.c (do_check_sig, check_sig_and_print): Use it here.
+
+ * import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare
+ actual signatures on import rather than using keyid or class
+ matching. This does not change actual behavior with a key, but
+ does mean that all sigs are imported whether they will be used or
+ not.
+
+ * parse-packet.c (parse_signature): Don't give "signature packet
+ without xxxx" warnings for experimental pk algorithms. An
+ experimental algorithm may not have a notion of (for example) a
+ keyid (i.e. PGP's x.509 stuff).
+
+ * options.h, g10.c (main), keylist.c (list_keyblock_print),
+ keyedit.c (print_and_check_one_sig): New "show-sig-expire"
+ list-option to show signature expiration dates (if any).
+
+ * options.h, g10.c (main, add_keyserver_url): Add
+ --sig-preferred-keyserver to implant a "where to get my key"
+ subpacket into a signature.
+
+ * sign.c (mk_notation_and_policy): Rename to
+ mk_notation_policy_etc and add preferred keyserver support for
+ signatures.
+
+ * keygen.c (do_add_key_flags): Don't set the certify flag for
+ subkeys.
+ (ask_algo): Provide key flags for DSA, Elgamal_e, and Elgamal
+ subkeys.
+ (generate_keypair): Provide key flags for the default DSA/Elgamal
+ keys.
+
+ * sig-check.c (signature_check, signature_check2,
+ check_key_signature, check_key_signature2): Allow passing NULLs
+ for unused parameters in the x2 form of each function to avoid the
+ need for dummy variables. getkey.c, mainproc.c: Change all
+ callers.
+
+ * trustdb.h, trustdb.c (read_trust_options): New. Returns items
+ from the trustdb version record.
+ * keylist.c (public_key_list): Use it here for the new "tru"
+ record.
+ * gpgv.c (read_trust_options): Stub.
+
+ * keyedit.c (show_key_with_all_names): Use list-option
+ show-validity in --edit-key interface as well.
+
+ * options.h, g10.c (main), mainproc.c (check_sig_and_print): Add
+ verify-options "show-validity" and "show-long-keyid" to show
+ trustdb validity and long keyids during (file) signature
+ verification.
+
+ * packet.h, main.h, sig-check.c (signature_check2)
+ (check_key_signature2, do_check): If ret_pk is set, fill in the pk
+ used to verify the signature. Change all callers in getkey.c,
+ mainproc.c, and sig-check.c.
+
+ * keylist.c (list_keyblock_colon): Use the ret_pk from above to
+ put the fingerprint of the signing key in "sig" records during a
+ --with-colons --check-sigs. This requires --no-sig-cache as well
+ since we don't cache fingerprints.
+
+ * parse-packet.c (parse_signature): No need to reserve 8 bytes for
+ the unhashed signature cache any longer.
+
+ * misc.c (pct_expando): Add two new expandos - signer's
+ fingerprint (%g), and signer's primary fingerprint (%p).
+
+ * g10.c (main): Add --rfc2440 alias for --openpgp since in a few
+ months, they won't be the same thing.
+
+ * keyserver.c (parse_keyserver_uri): Accept "http" as an alias for
+ "hkp", since it is occasionally written that way.
+ (keyserver_spawn): Use ascii_isspace to avoid locale issues.
+
+ * keygen.c (ask_user_id): Make --allow-freeform-uid apply to the
+ email field as well as the name field, and allow mixing fields
+ when it is set.
+
+ * trustdb.c (validate_one_keyblock): Certifications on revoked or
+ expired uids do not count in the web of trust.
+
+ * signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
+ sigprocmask() if we have sigset_t, and only use sigaction() if we
+ have struct sigaction. This is for Forte c89 on Solaris which
+ seems to define only the function call half of the two pairs by
+ default.
+ (pause_on_sigusr): Typo.
+ (do_block): If we can't use sigprocmask() and sigset_t, try to get
+ the number of signals from NSIG as well as MAXSIG, and if we
+ can't, fail with an explanation.
+
+ * signal.c, tdbio.c: Comment out the transaction code. It was not
+ used in this version, and was causing some build problems on
+ quasi-posix platforms (Solaris and Forte c89).
+
+ * keylist.c (list_keyblock_colon): Don't include validity values
+ when listing secret keys since they can be incorrect and/or
+ misleading. This is a temporary kludge, and will be handled
+ properly in 1.9/2.0.
+
+ * mainproc.c (check_sig_and_print): Only show the "key available
+ from" preferred keyserver line if the key is not currently
+ present.
+
+ * keyedit.c (sign_uids): Do not sign expired uids without --expert
+ (same behavior as revoked uids). Do not allow signing a user ID
+ without a self-signature. --expert overrides. Add additional
+ prompt to the signature level question.
+ (menu_expire): When changing expiration dates, don't replace
+ selfsigs on revoked uids since this would effectively unrevoke
+ them. There is also no point in replacing expired selfsigs. This
+ is bug #181
+
+ * g10.c (add_notation_data): Make sure that only ascii is passed
+ to iscntrl. Noted by Christian Biere.
+ * getkey.c (classify_user_id2): Replaced isspace by spacep
+ * keygen.c (ask_user_id): Ditto.
+ (get_parameter_algo): Ditto.
+ * keyedit.c (keyedit_menu): Ditto.
+ * tdbdump.c (import_ownertrust): Ditto. s/isxdigit/hexdigitp/.
+ * revoke.c (ask_revocation_reason):
+ * keyserver.c (keyserver_spawn): Dito.
+
+ * parse-packet.c (parse): Disallow old style partial length for
+ all key material packets to avoid possible corruption of keyrings.
+
+ * import.c (import_keys_internal): Invalidate the cache so that
+ the file descriptor gets closed. Fixes bug reported by Juan
+ F. Codagnone.
+
+ * options.h, g10.c (main), main.h, keylist.c (show_keyserver_url),
+ mainproc.c (check_sig_and_print), parse-packet.c (dump_sig_subpkt,
+ parse_one_sig_subpkt, can_handle_critical): Add read-only support
+ for preferred keyserver subpackets. They're basically policy URLs
+ with a different name. Add a verify-option
+ "show-preferred-keyserver" to turn them on and off (on by default,
+ as per stable branch).
+
+ * g10.c (main): Add "--set-notation" as alias to "--notation-data"
+ this is to make things consistent with --set-policy-url meaning
+ both sigs and certs.
+
+ * options.h, g10.c (main), keylist.c (list_keyblock_print): Add
+ "show-validity" and "show-long-keyid" list-options.
+
+ * gpgv.c (get_validity, trust_value_to_string): Stubs.
+
+ * g10.c (main): Use SAFE_VERSION instead of VERSION in the
+ version-specific gpg.conf file so it can be overridden on RISCOS.
+
+ * keyedit.c (show_key_with_all_names): Fix assertion failure when
+ using toggle to see a secret key. Reported by Maxim Britov.
+
+
+2003-09-22 Timo Schulz <twoaday@freakmail.de>
+
+ * card-util.c (card_status): Free pk in case of an error
+ and return if the card is no OpenPGP card.
+
+2003-09-18 Werner Koch <wk@gnupg.org>
+
+ * g10.c: New command --card-edit.
+ * card-util.c (card_status): Use tty_fprintf for all output.
+ (print_sha1_fpr, print_isoname): Ditto.
+ (get_one_name,change_name, change_url, change_login,change_lang)
+ (change_sex): New; taken from keygen.c.
+ * keygen.c (smartcard_get_one_name, smartcard_change_name)
+ (smartcard_change_url, smartcard_change_login_data)
+ (smartcard_change_lang, smartcard_change_sex): Removed.
+ (check_smartcard): Removed most menu items.
+
+2003-09-06 Werner Koch <wk@gnupg.org>
+
+ * misc.c (openpgp_pk_algo_usage): Allow AUTH where SIGN is allowed.
+
+ * keygen.c (ask_passphrase): No need to allocated S2K in secure
+ memory.
+
+2003-09-04 Werner Koch <wk@gnupg.org>
+
+ * keygen.c (do_add_key_flags, parse_parameter_usage)
+ (do_generate_keypair): Add support the proposed AUTH key flag.
+ * getkey.c (fixup_uidnode, merge_selfsigs_main)
+ (merge_selfsigs_subkey, premerge_public_with_secret): Ditto.
+ * keylist.c (print_capabilities): Ditto.
+
+2003-08-25 Timo Schulz <twoaday@freakmail.de>
+
+ * pkglue.c (mpi_from_sexp): New. Used to factor out
+ some common code.
+
+2003-08-24 Werner Koch <wk@gnupg.org>
+
+ * keygen.c (do_generate_keypair): Print a reminder to use --gen-revoke.
+
+2003-08-18 Timo Schulz <twoaday@freakmail.de>
+
+ * encode.c (encode_sesskey): Checked the code and removed
+ the warning since all compatibility checks with PGP succeeded.
+ * mainproc.c (symkey_decrypt_sesskey): Better check for the
+ algorithm and check the return values of some functions.
+ * mdc.c (use_mdc): Simplified.
+
+2003-08-07 Werner Koch <wk@gnupg.org>
+
+ * pkglue.c (pk_sign): Fix last change.
+ (pk_verify): Check for valid DATA array so that we don't segv in
+ Libgcrypt.
+ (pk_verify): Ditto.
+
+2003-08-06 Werner Koch <wk@gnupg.org>
+
+ * pkglue.c (pk_sign): Allow signing using RSA.
+
+2003-08-05 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (install-data-local): Dropped check for the ancient
+ gpgm tool.
+ (bin_PROGRAMS): Renamed gpg to gpg2 and gpgv to gpgv2. This is so
+ that it won't conflict with the current stable version of gpg.
+
+ * pkglue.c (pk_check_secret_key): New.
+ * seckey-cert.c (do_check): Reenable this test here again.
+
+ * g10.c (main): Add command -K as an alias for
+ --list-secret-keys. Command "-k" is now an alias to --list-keys.
+ Remove special treatment of -kv and -kvv.
+ (set_cmd): Ditto.
+ (main): Strip a "-cvs" suffix when testing for a version specific
+ config file.
+
+ * status.h, status.c, g10.c [USE_SHM_COPROCESSING]: Removed. This
+ is not any longer available.
+
+2003-07-29 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main): Add secmem features and set the random seed file.
+ (g10_exit): Update the random seed file.
+
+ * parse-packet.c (parse_signature,read_protected_v3_mpi)
+ (parse_key): Fixed use of mpi_set_opaque.
+ * keygen.c (gen_card_key): Ditto.
+
+2003-07-28 Werner Koch <wk@gnupg.org>
+
+ * status.c (progress_cb): Adjusted for use with Libcgrypt.
+ (set_status_fd): Register that callback.
+
+ * keygen.c (smartcard_change_login_data): New.
+ (smartcard_change_lang): New.
+ (smartcard_change_sex): New.
+ (check_smartcard): Add menu entries to edit the above.
+ (gen_elg,gen_dsa,gen_rsa): Reimplemented in terms of Libgcrypt.
+ (genhelp_protect, genhelp_factors, key_from_sexp): New.
+ * comment.c (make_comment_node_from_buffer): New.
+ (make_comment_node): Reimplemented in terms of above.
+
+2003-07-27 Werner Koch <wk@gnupg.org>
+
+ Adjusted for gcry_mpi_print and gcry_mpi_scan API change.
+
+2003-07-24 Werner Koch <wk@gnupg.org>
+
+ * g10.c: New command --card-status.
+ * card-util.c (card_status): New.
+ * call-agent.c (learn_status_cb): Parse more information.
+
+ * keylist.c (print_pubkey_info): Add FP arg for optional printing
+ to a stream. Changed all callers.
+
+2003-07-23 Werner Koch <wk@gnupg.org>
+
+ * keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards.
+ (do_generate_keypair): Abd generate the authkey.
+ (check_smartcard): Changed menu accordingly.
+
+2003-07-22 Werner Koch <wk@gnupg.org>
+
+ * g10.c: New command --change-pin.
+ * card-util.c: New.
+ * call-agent.c (agent_scd_change_pin): New.
+ (agent_release_card_info): New.
+ * keygen.c (check_smartcard): Use it here.
+
+2003-07-16 Werner Koch <wk@gnupg.org>
+
+ * export.c (parse_export_options): New option sexp-format.
+ (export_seckeys,export_secsubkeys): Check sexp-format option.
+ (do_export): Ignore armor for sexp format.
+ (do_export_stream): Handle sexp-format.
+ (write_sexp_line,write_sexp_keyparm, build_sexp_seckey): New.
+ (build_sexp): New.
+
+2003-07-03 Werner Koch <wk@gnupg.org>
+
+ * options.h (DBG_CIPHER): Reintroduced it.
+ * seskey.c (encode_session_key): Debug output of the session key.
+
+ * pubkey-enc.c (get_it): Handle card case.
+ * call-agent.c (agent_scd_pkdecrypt): New.
+ * pkglue.c (pk_encrypt): Add RSA support.
+
+ * g10.c (main): Default to --use-agent.
+
+ * keygen.c (show_smartcard): Print info about the public key.
+ (check_smartcard): Check for existing key here.
+ (gen_card_key): And not anymore here.
+ (fpr_is_zero): New.
+ (generate_keypair): Generate both keys for a card.
+ (smartcard_change_url): Nw.
+
+2003-07-02 Werner Koch <wk@gnupg.org>
+
+ * seckey-cert.c (is_secret_key_protected): Let it handle mode 1002.
+
+2003-07-01 Werner Koch <wk@gnupg.org>
+
+ * keygen.c (gen_card_key): Obviously we should use the creation
+ date received from SCDAEMON, so that the fingerprints will match.
+ * sign.c (do_sign): Pass the serialno to the sign code.
+ * keyid.c (serialno_and_fpr_from_sk): New.
+
+2003-06-30 Werner Koch <wk@gnupg.org>
+
+ * call-agent.h (agent_card_info_s): Add field serialno.
+ * call-agent.c (store_serialno): New.
+ (learn_status_cb): Store the serial number.
+ * keygen.c (gen_card_key): Store the serial number
+ (check_smartcard): New argument to return the serial number.
+ (generate_keypair): Get the serial number from check_smartcard and
+ store it as a parameter.
+ * parse-packet.c (parse_key): Use the protect.iv field to store the
+ serial number.
+ * build-packet.c (do_secret_key): Write the serial number.
+
+2003-06-27 Werner Koch <wk@gnupg.org>
+
+ * seckey-cert.c (check_secret_key): Bypass the unprotection for
+ mode 1002.
+ * sign.c (do_sign): Handle card case (i.e. mode 1002).
+
+2003-06-26 Werner Koch <wk@gnupg.org>
+
+ * build-packet.c (do_secret_key): Implement special protection
+ mode 1002.
+ * parse-packet.c (parse_key): Likewise.
+
+ * keygen.c (smartcard_gen_key): New.
+ * call-agent.c (agent_scd_setattr): New.
+
+2003-06-24 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am: Removed signal.c
+
+ * g10.c (emergency_cleanup): New.
+ (main): Use gnupg_init_signals and register malloc for assuan.
+
+2003-06-23 Werner Koch <wk@gnupg.org>
+
+ * keyid.c (do_fingerprint_md): Made it work again.
+
+2003-06-19 Werner Koch <wk@gnupg.org>
+
+ Fixed all "==" comparisons against error code constants to use
+ gpg_err_code().
+
+ * import.c (import_secret_one):
+ (import_revoke_cert):
+ (chk_self_sigs):
+
+ * misc.c (openpgp_md_map_name): Check also for the Hx format.
+ (openpgp_cipher_map_name): Check also for the Sx format.
+ (pubkey_get_npkey): Adjusted for changed gcrypt API.
+ (pubkey_get_nskey): Ditto.
+ (pubkey_get_nsig): Ditto.
+ (pubkey_get_nenc): Ditto.
+
+2003-06-18 Werner Koch <wk@gnupg.org>
+
+ Finished the bulk of changes for gnupg 1.9. This included
+ switching to libgcrypt functions, using shared error codes from
+ libgpg-error, replacing the old functions we used to have in
+ ../util by those in ../jnlib and ../common, renaming the malloc
+ functions and a couple of types. Note, that not all changes are
+ listed below becuause they are too similar and done at far too
+ many places. As of today the code builds using the current
+ libgcrypt from CVS but it is very unlikely that it actually works.
+
+ * sig-check.c (cmp_help): Removed. Was never used.
+
+ * pkglue.c: New. Most stuff taken from gnupg 1.1.2.
+ * pkglue.h: New.
+
+ * misc.c (pull_in_libs): Removed.
+
+ * keygen.c (count_chr): New.
+ (ask_user_id): Removed faked RNG support.
+
+ * misc.c (openpgp_md_map_name,openpgp_cipher_map_name)
+ (openpgp_pk_map_name): New.
+
+ * skclist.c (build_sk_list): Removed faked RNG support.
+ (is_insecure): Removed.
+
+ * comment.c (make_mpi_comment_node): Use gcry MPI print function.
+
+ * keyid.c (v3_keyid): New.
+
+ * misc.c (mpi_write,mpi_write_opaque,mpi_read,mpi_read_opaque)
+ (mpi_print): New. Taken from gnupg 1.1.2.
+ (checksum_mpi): Replaced by implementation from 1.1.2.
+
+ * g10.c (my_strusage): Renamed from strusage and return NULL
+ instead calling a default function.
+ (add_to_strlist2): New. Taken from ../util/strgutil.c of gnupg 1.2.
+
+ * plaintext.c (handle_plaintext): New arg CREATE_FILE to cope with
+ the fact that gpg-error does not have this error code anymore.
+
+ * mainproc.c (symkey_decrypt_sesskey): Ditto.
+
+ * seskey.c (make_session_key): Adjusted for use with libgcrypt.
+ (encode_session_key): Ditto.
+ (do_encode_md): Ditto.
+ (encode_md_value): Ditto.
+
+ * keyring.c: Use libgpg-error instead of READ_ERROR etc.
+
+ * g10.c: Adjusted all algorithm name/id mapping functions.
+ (set_debug): Pass MPI and CRYPTO debug values to libgcrypt.
+
+ * Makefile.am (INCLUDES): Define LOCALEDIR and the default error
+ source.
+
+ * g10.c (i18n_init): s/G10_LOCALEDIR/LOCALEDIR/.
+
+ Renamed m_alloc et al to xmalloc et al.
+ s/g10_errstr/gpg_strerror/
+ s/MPI/gcry_mpi_t/
+ Adjusted all md_open calls to the libgcrypt API.
+
+ * build-packet.c (do_comment): Return error code from iobuf write
+ function.
+ (do_user_id): Ditto.
+ (do_public_key): Ditto.
+
+ * Makefile.am: Add new files, link gpg with libgpg-error.
+ * g10.c, options.h: New option --agent-program.
+ * call-agent.c: New.
+ * gpg.h, call-agent.h: New.
+
+2003-06-03 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, g10.c (main), keylist.c (list_keyblock_print): Add
+ "show-validity" and "show-long-keyid" list-options.
+
+ * gpgv.c (get_validity, trust_value_to_string): Stubs.
+
+ * g10.c (main): Use SAFE_VERSION instead of VERSION in the
+ version-specific gpg.conf file so it can be overridden on RISCOS.
+
+2003-06-01 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (main), keylist.c (show_policy_url, show_notation),
+ mainproc.c (check_sig_and_print): Emulate the old policy and
+ notation behavior (display by default). Send to status-fd whether
+ it is displayed on the screen or not.
+
+ * g10.c (main): Since we now have some options in devel that won't
+ work in a stable branch gpg.conf file, try for a version-specific
+ gpg.conf-VERSION file before falling back to gpg.conf.
+
+ * main.h, options.h: Move various option flags to options.h.
+
+2003-05-31 David Shaw <dshaw@jabberwocky.com>
+
+ * mainproc.c (check_sig_and_print), main.h, keylist.c
+ (show_policy, show_notation): Collapse the old print_notation_data
+ into show_policy() and show_notation() so there is only one
+ function to print notations and policy URLs.
+
+ * options.h, main.h, g10.c (main), keyedit.c
+ (print_and_check_one_sig), keylist.c (list_one,
+ list_keyblock_print), pkclist.c (do_edit_ownertrust), sign.c
+ (mk_notation_and_policy): New "list-options" and "verify-options"
+ commands. These replace the existing
+ --show-photos/--no-show-photos,
+ --show-notation/--no-show-notation,
+ --show-policy-url/--no-show-policy-url, and --show-keyring
+ options. The new method is more flexible since a user can specify
+ (for example) showing photos during sig verification, but not in
+ key listings. The old options are emulated.
+
+ * main.h, misc.c (parse_options): New general option line
+ parser. Fix the bug in the old version that did not handle report
+ syntax errors after a valid entry.
+
+ * import.c (parse_import_options), export.c
+ (parse_export_options): Call it here instead of duplicating the
+ code.
+
+2003-05-30 David Shaw <dshaw@jabberwocky.com>
+
+ * keylist.c (list_one): Don't show the keyring filename when in
+ --with-colons mode. Actually translate "Keyring" string.
+
+ * mainproc.c (proc_tree): We can't currently handle multiple
+ signatures of different classes or digests (we'd pretty much have
+ to run a different hash context for each), but if they are all the
+ same, make an exception. This is Debian bug #194292.
+
+ * sig-check.c (check_key_signature2): Make string translatable.
+
+ * packet.h, getkey.c (fixup_uidnode): Mark real primary uids
+ differently than assumed primaries.
+
+ * keyedit.c (no_primary_warning): Use the differently marked
+ primaries here in a new function to warn when an --edit-key
+ command might rearrange the self-sig dates enough to change which
+ uid is primary.
+ (menu_expire, menu_set_preferences): Use no_primary_warning()
+ here.
+
+ * Makefile.am: Use @DLLIBS@ for -ldl.
+
+2003-05-26 David Shaw <dshaw@jabberwocky.com>
+
+ * getkey.c (premerge_public_with_secret): Made "no secret subkey
+ for" warning a verbose item and translatable. (From wk on stable
+ branch)
+
+ * sig-check.c (check_key_signature2): Made "no subkey for subkey
+ binding packet" a verbose item instead of a !quiet one. There are
+ too many garbled keys out in the wild. (From wk on stable branch)
+
+ * filter.h: Remove const from WHAT. (From wk on stable branch)
+
+ * progress.c (handle_progress): Store a copy of
+ NAME. (progress_filter): Release WHAT, make sure not to print a
+ NULL WHAT. (From wk on stable branch)
+
+ * openfile.c (open_sigfile): Adjust free for new progress
+ semantics. (From wk on stable branch)
+
+ * plaintext.c (ask_for_detached_datafile): Don't dealloc
+ pfx->WHAT. (From wk on stable branch)
+
+ * seckey-cert.c (do_check): Issue the RSA_OR_IDEA status when the
+ cipher algo is IDEA to make it easier to track down the
+ problem. (From twoaday on stable branch)
+
+2003-05-24 David Shaw <dshaw@jabberwocky.com>
+
+ * armor.c, g10.c, kbnode.c, misc.c, pkclist.c, sign.c,
+ build-packet.c, getkey.c, keydb.c, openfile.c, plaintext.c,
+ status.c, gpgv.c, keygen.c, options.h, sig-check.c, tdbio.h,
+ encode.c, mainproc.c, parse-packet.c, signal.c, textfilter.c: Edit
+ all preprocessor instructions to remove whitespace before the '#'.
+ This is not required by C89, but there are some compilers out
+ there that don't like it.
+
+2003-05-21 David Shaw <dshaw@jabberwocky.com>
+
+ * trustdb.h, trustdb.c (is_disabled), gpgv.c (is_disabled): Rename
+ is_disabled to cache_disabled_value, which now takes a pk and not
+ just the keyid. This is for speed since there is no need to
+ re-fetch a key when we already have that key handy. Cache the
+ result of the check so we don't need to hit the trustdb more than
+ once.
+
+ * getkey.c (skip_disabled): New function to get a pk and call
+ is_disabled on it. (key_byname): Use it here.
+
+ * packet.h, getkey.c (skip_disabled), keylist.c
+ (print_capabilities): New "pk_is_disabled" macro to retrieve the
+ cached disabled value if available, and fill it in via
+ cache_disabled_value if not available.
+
+ * trustdb.c (get_validity): Cache the disabled value since we have
+ it handy and it might be useful later.
+
+ * parse-packet.c (parse_key): Clear disabled flag when parsing a
+ new key. Just in case someone forgets to clear the whole key.
+
+ * getkey.c (merge_selfsigs_main): Add an "if all else fails" path
+ for setting a single user ID primary when there are multiple set
+ primaries all at the same second, or no primaries set and the most
+ recent user IDs are at the same second, or no signed user IDs at
+ all. This is arbitrary, but deterministic.
+
+ * exec.h, photoid.h: Add copyright message.
+
+ * keylist.c (list_keyblock_print): Don't dump attribs for
+ revoked/expired/etc uids for non-colon key listings. This is for
+ consistency with --show-photos.
+
+ * main.h, keylist.c (dump_attribs), mainproc.c
+ (check_sig_and_print): Dump attribs if --attrib-fd is set when
+ verifying signatures.
+
+ * g10.c (main): New --gnupg option to disable the various
+ --openpgp, --pgpX, etc. options. This is the same as --no-XXXX
+ for those options.
+
+ * revoke.c (ask_revocation_reason): Clear old reason if user
+ elects to repeat question. This is bug 153.
+
+ * keyedit.c (sign_uids): Show keyid of the key making the
+ signature.
+
+2003-05-21 Werner Koch <wk@gnupg.org>
+
+ * progress.c (handle_progress)
+ * sign.c (write_plaintext_packet)
+ * encode.c (encode_simple,encode_crypt): Make sure that a filename
+ of "-" is considered to be stdin so that iobuf_get_filelength
+ won't get called. This fixes bug 156 reported by Gregery Barton.
+
+2003-05-02 David Shaw <dshaw@jabberwocky.com>
+
+ * packet.h, build-packet.c (build_sig_subpkt), export.c
+ (do_export_stream), import.c (remove_bad_stuff, import),
+ parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt): Remove
+ vestigal code for the old sig cache subpacket. This wasn't
+ completely harmless as it caused subpacket 101 to disappear on
+ import and export.
+
+ * options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c,
+ sign.c, encode.c, getkey.c, revoke.c: The current flags for
+ different levels of PGP-ness are massively complex. This is step
+ one in simplifying them. No functional change yet, just use a
+ macro to check for compliance level.
+
+ * sign.c (sign_file): Fix bug that causes spurious compression
+ preference warning.
+
+ * sign.c (clearsign_file): Fix bug that prevents proper warning
+ message from appearing when clearsigning in --pgp2 mode with a
+ non-v3 RSA key.
+
+ * main.h, misc.c (compliance_option_string, compliance_string,
+ compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file,
+ clearsign_file), encode.c (encode_crypt,
+ write_pubkey_enc_from_list): New functions to put the "this
+ message may not be usable...." warning in one place.
+
+ * options.h, g10.c (main): Part two of the simplification. Use a
+ single enum to indicate what we are compliant to (1991, 2440,
+ PGPx, etc.)
+
+ * g10.c (main): Show errors for failure in export, send-keys,
+ recv-keys, and refresh-keys.
+
+ * options.h, g10.c (main): Give algorithm warnings for algorithms
+ chosen against the --pgpX and --openpgp rules.
+
+ * keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in
+ --openpgp mode.
+
+ * sign.c (sign_file), pkclist.c (algo_available): Allow passing a
+ hint of 0.
+
+2003-05-01 David Shaw <dshaw@jabberwocky.com>
+
+ * tdbio.c (create_version_record): Only create new trustdbs with
+ TM_CLASSIC or TM_PGP.
+
+ * trustdb.h, trustdb.c (trust_string, get_ownertrust_string,
+ get_validity_string, ask_ownertrust, validate_keys), pkclist.c
+ (do_edit_ownertrust): Rename trust_string to trust_value_to_string
+ for naming consistency.
+
+ * trustdb.h, trustdb.c (string_to_trust_value): New function to
+ translate a string to a trust value.
+
+ * g10.c (main): Use string_to_trust_value here for
+ --force-ownertrust.
+
+ * options.h, g10.c (main), trustdb.c (trust_model_string,
+ init_trustdb, check_trustdb, update_trustdb, get_validity,
+ validate_one_keyblock): An "OpenPGP" trust model is misleading
+ since there is no official OpenPGP trust model. Use "PGP"
+ instead.
+
+2003-04-30 David Shaw <dshaw@jabberwocky.com>
+
+ * build-packet.c (build_sig_subpkt): Comments.
+
+ * exec.c (exec_write): Cast NULL to void* to properly terminate
+ varargs list.
+
+ * keyedit.c (show_key_with_all_names): Just for safety, catch an
+ invalid pk algorithm.
+
+ * sign.c (make_keysig_packet): Crucial that the call to mksubpkt
+ comes LAST before the calls to finalize the sig as that makes it
+ possible for the mksubpkt function to get a reliable pointer to
+ the subpacket area.
+
+ * pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a
+ particular user ID, use that ID as the one to ask about when
+ prompting whether to use the key anyway.
+ (build_pk_list): Similar change here when adding keys to the
+ recipient list.
+
+ * trustdb.c (update_validity): Fix bug that prevented more than
+ one validity record per trust record.
+ (get_validity): When retrieving validity for a (user) supplied
+ user ID, return the validity for that user ID only, and do not
+ fall back to the general key validity.
+ (validate_one_keyblock): Some commentary on whether
+ non-self-signed user IDs belong in the web of trust (arguably,
+ they do).
+
+2003-04-27 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (main): Add --no-textmode.
+
+ * export.c (do_export_stream), keyedit.c (show_key_with_all_names,
+ menu_addrevoker), mainproc.c (check_sig_and_print), photoid.c
+ (show_photos), sign.c (mk_notation_and_policy), trustdb.c
+ (get_validity, reset_trust_records, validate_keys): Make some
+ strings translatable.
+
+ * mainproc.c (check_sig_and_print): Show digest algorithm and sig
+ class when verifying a sig with --verbose on, and add version, pk
+ and hash algorithms and sig class to VALIDSIG.
+
+ * parse-packet.c (enum_sig_subpkt): Make a warning message a
+ --verbose warning message since we don't need to warn every time
+ we see an unknown critical (we only need to invalidate the
+ signature).
+
+ * trustdb.c (init_trustdb): Check the trustdb options even with
+ TM_AUTO since the auto may become TM_CLASSIC or TM_OPENPGP.
+
+2003-04-26 David Shaw <dshaw@jabberwocky.com>
+
+ * sign.c (do_sign): Show the hash used when making a signature in
+ verbose mode.
+
+ * tdbio.h, tdbio.c (tdbio_read_model): New function to return the
+ trust model used in a given trustdb.
+
+ * options.h, g10.c (main), trustdb.c (init_trustdb, check_trustdb,
+ update_trustdb): Use tdbio_read_model to implement an "auto" trust
+ model which is set via the trustdb.
+
+2003-04-23 David Shaw <dshaw@jabberwocky.com>
+
+ * import.c (import_revoke_cert): Remove ultimate trust when
+ revoking an ultimately trusted key.
+
+ * keyedit.c (sign_uids): Allow replacing expired signatures.
+ Allow duplicate signatures with --expert.
+
+ * pkclist.c (check_signatures_trust): Don't display a null
+ fingerprint when checking a signature with --always-trust enabled.
+
+ * filter.h (progress_filter_context_t), progress.c
+ (handle_progress), plaintext.c (ask_for_detached_datafile,
+ hash_datafiles): Fix compiler warnings. Make "what" constant.
+
+ * build-packet.c (do_plaintext): Do not create invalid literal
+ packets with >255-byte names.
+
+2003-04-15 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (AM_CFLAGS): Make use of AM_CFLAGS and AM_LDFLAGS.
+
+ * g10.c, options.h: New option --enable-progress-filter.
+ * progress.c (handle_progress): Make use of it.
+
+2003-04-15 Marcus Brinkmann <marcus@g10code.de>
+
+ * progress.c: New file.
+ * Makefile.am (common_source): Add progress.c.
+ * filter.h (progress_filter_context_t): New type.
+ (progress_filter, handle_progress): New prototypes.
+ * main.h (open_sigfile): New argument for prototype.
+ * openfile.c (open_sigfile): New argument to install progress
+ filter.
+ * encode.c (encode_simple): New variable PFX. Register
+ progress filter. Install text_filter after that.
+ (encode_crypt): Likewise.
+ * sign.c (sign_file): Likewise.
+ (clearsign_file): Likewise.
+ * decrypt.c (decrypt_message): Likewise.
+ (decrypt_messages): Likewise.
+ * verify.c (verify_signatures): Likewise.
+ (verify_one_file): Likewise.
+ * plaintext.c (hash_datafiles): Likewise.
+ (ask_for_detached_datafile): Likewise.
+
+2003-04-10 Werner Koch <wk@gnupg.org>
+
+ * passphrase.c (read_passphrase_from_fd): Do a dummy read if the
+ agent is to be used. Noted by Ingo Klöcker.
+ (agent_get_passphrase): Inhibit caching when we have no
+ fingerprint. This is required for key generation as well as for
+ symmetric only encryption.
+
+ * passphrase .c (agent_get_passphrase): New arg CANCELED.
+ (passphrase_to_dek): Ditto. Passed to above. Changed all
+ callers to pass NULL.
+ * seckey-cert.c (do_check): New arg CANCELED.
+ (check_secret_key): Terminate loop when canceled.
+
+ * keyedit.c (change_passphrase): Pass ERRTEXT untranslated to
+ passphrase_to_dek and translate where appropriate.
+ * seckey-cert.c (check_secret_key): Ditto.
+ * keygen.c (ask_passphrase): Ditto.
+ * passphrase.c (agent_get_passphrase): Translate the TRYAGAIN_TEXT.
+ Switch the codeset to utf-8.
+
+2003-04-09 Werner Koch <wk@gnupg.org>
+
+ * decrypt.c (decrypt_messages): Fixed error handling; the function
+ used to re-loop with same file after an error. Reported by Joseph
+ Walton.
+
+2003-04-08 David Shaw <dshaw@jabberwocky.com>
+
+ * main.h, g10.c (main), import.c (parse_import_options,
+ fix_pks_corruption): It's really PKS corruption, not HKP
+ corruption. Keep the old repair-hkp-subkey-bug command as an
+ alias.
+
+ * g10.c (main): Rename --no-version to --no-emit-version for
+ consistency. Keep --no-version as an alias.
+
+2003-04-04 David Shaw <dshaw@jabberwocky.com>
+
+ * pkclist.c (algo_available): PGP 8 can use the SHA-256 hash.
+
+ * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Remove
+ unused code.
+
+2003-04-01 Werner Koch <wk@gnupg.org>
+
+ * mainproc.c (check_sig_and_print): Add primary key fpr to VALIDSIG
+ status.
+
+2003-03-24 David Shaw <dshaw@jabberwocky.com>
+
+ * keydb.h: Err on the side of making an unknown signature a SIG
+ rather than a CERT.
+
+ * import.c (delete_inv_parts): Discard any key signatures that
+ aren't key types (i.e. 0x00, 0x01, etc.)
+
+ * g10.c (main): Add deprecated option warning for
+ --list-ownertrust. Add --compression-algo alias for
+ --compress-algo. Change --version output strings to match
+ "showpref" strings, and make translatable.
+
+ * status.c (do_get_from_fd): Accept 'y' as well as 'Y' for
+ --command-fd boolean input.
+
+ * trustdb.c: Fix typo (DISABLE_REGEXP -> DISABLE_REGEX)
+
+ * keyedit.c (show_key_with_all_names_colon): Show no-ks-modify
+ flag.
+
+2003-03-11 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, g10.c (main), keyserver.c (kopts): Add "try-dns-srv"
+ keyserver option. Defaults to on.
+
+ * passphrase.c (agent_get_passphrase): Fix memory leak with
+ symmetric messages. Fix segfault with symmetric messages. Fix
+ incorrect prompt with symmetric messages.
+
+2003-03-10 Werner Koch <wk@gnupg.org>
+
+ * compress.c (init_uncompress): Use a 15 bit window size so that
+ the output of implementations which don't run for PGP 2
+ compatibility won't get garbled.
+
+2003-03-04 David Shaw <dshaw@jabberwocky.com>
+
+ * trustdb.c (validate_keys): Mask the ownertrust when building the
+ list of fully valid keys so that disabled keys are still counted
+ in the web of trust.
+ (get_ownertrust_with_min): Do the same for the minimum ownertrust
+ calculation.
+
+ * parse-packet.c (dump_sig_subpkt): Show the notation names for
+ not-human-readable notations. Fix cosmetic off-by-one length
+ counter.
+
+ * options.skel: Add explantion and commented-out
+ "no-mangle-dos-filenames".
+
+ * mainproc.c (proc_encrypted): Make string translatable.
+
+ * keyserver.c (keyserver_spawn): Quote ':', '%', and any 8-bit
+ characters in the uid strings sent to the keyserver helper.
+
+ * keyring.c (keyring_rebuild_cache): Lock the keyring while
+ rebuilding the signature caches to prevent another gpg from
+ tampering with the temporary copy.
+
+ * keygen.c (keygen_set_std_prefs): Include AES192 and AES256 in
+ default prefs.
+
+ * keyedit.c (show_prefs): Make strings translatable.
+
+ * keydb.c: Double the maximum number of keyrings to 40.
+
+ * gpgv.c (main): Fix bug #113 - gpgv should accept the
+ --ignore-time-conflict option.
+
+ * g10.c (main): --openpgp disables --pgpX. Double the amount of
+ secure memory to 32k (keys are getting bigger these days).
+
+ * Makefile.am: Makefile.am: Use @CAPLIBS@ to link in -lcap if we
+ are using capabilities.
+
+2003-02-26 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (keyserver_spawn): Include various pieces of
+ information about the key in the data sent to the keyserver
+ helper. This allows the helper to use it in instructing a remote
+ server which may not have any actual OpenPGP smarts in parsing
+ keys.
+
+ * main.h, export.c (export_pubkeys_stream, do_export_stream): Add
+ ability to return only the first match in an exported keyblock for
+ keyserver usage. This should be replaced at some point with a
+ more flexible solution where each key can be armored seperately.
+
+2003-02-22 David Shaw <dshaw@jabberwocky.com>
+
+ * sign.c (sign_file): Do not push textmode filter onto an unopened
+ IOBUF (segfault). Noted by Marcus Brinkmann. Push and
+ reinitialize textmode filter for each file in a multiple file
+ list.
+
+ * packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Set
+ and show the keyserver no-modify flag.
+
+ * keygen.c (add_keyserver_modify): New.
+ (keygen_upd_std_prefs): Call it here.
+ (keygen_set_std_prefs): Accept "ks-modify" and "no-ks-modify" as
+ prefs to set and unset keyserver modify flag.
+
+ * g10.c (main): Accept "s1" in addition to "idea" to match the
+ other ciphers.
+
+ * main.h, misc.c (idea_cipher_warn): We don't need this if IDEA
+ has been disabled.
+
+2003-02-21 David Shaw <dshaw@jabberwocky.com>
+
+ * keygen.c (keygen_set_std_prefs): Don't put AES or CAST5 in
+ default prefs if they are disabled.
+
+ * g10.c (main): Use 3DES instead of CAST5 if we don't have CAST5
+ support. Use 3DES for the s2k cipher in --openpgp mode.
+ (print_mds): #ifdef all of the optional digest algorithms.
+
+2003-02-12 David Shaw <dshaw@jabberwocky.com>
+
+ * keydb.h, getkey.c (classify_user_id, classify_user_id2): Make
+ 'exact' a per-desc item. Merge into one function since
+ 'force_exact' is no longer needed.
+ (key_byname): Use new classify_user_id function, and new exact
+ flag in KEYDB_SEARCH_DESC.
+
+ * keyring.h, keyring.c (keyring_search): Return an optional index
+ to show which KEYDB_SEARCH_DESC was the matching one.
+
+ * keydb.h, keydb.c (keydb_search): Rename to keydb_search2, and
+ pass the optional index to keyring_search. Add a macro version of
+ keydb_search that calls this new function.
+
+ * export.c (do_export_stream): If the keyid! syntax is used,
+ export only that specified key. If the key in question is a
+ subkey, export the primary plus that subkey only.
+
+2003-02-11 David Shaw <dshaw@jabberwocky.com>
+
+ * exec.c (set_exec_path): Add debugging line.
+
+ * g10.c (print_hex, print_mds): Print long hash strings a lot
+ neater. This assumes at least an 80-character display, as there
+ are a few other similar assumptions here and there. Users who
+ need unformatted hashes can still use with-colons. Check that
+ SHA384 and 512 are available before using them as they are no
+ longer always available.
+
+ * Makefile.am: Use a local copy of libexecdir along with @PACKAGE@
+ as GNUPG_LIBEXECDIR so it can be easily overridden at make time.
+
+2003-02-04 David Shaw <dshaw@jabberwocky.com>
+
+ * armor.c (parse_hash_header, armor_filter): Accept the new SHAs
+ in the armor Hash: header.
+
+ * g10.c (print_hex): Print long hash strings a little neater.
+ (print_mds): Add the new SHAs to the hash list.
+
+2003-02-02 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (menu_revuid): Properly handle a nonselfsigned uid on
+ a v4 key (treat as a v4 revocation).
+
+ * import.c (print_import_check): Do not re-utf8 convert user IDs.
+
+2003-01-27 David Shaw <dshaw@jabberwocky.com>
+
+ * mainproc.c (list_node): Show signature expiration date in
+ with-colons sig records.
+
+ * keylist.c (list_keyblock_colon), mainproc.c (list_node): Show
+ trust sig information in with-colons sig records.
+
+2003-01-16 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (add_group): Trim whitespace after a group name so it does
+ not matter where the user puts the = sign.
+
+ * options.skel: Comment out the first three lines in case someone
+ manually copies the skel file to their homedir.
+
+ * sign.c (clearsign_file): Only use pgp2mode with v3 keys and
+ MD5. This matches what we do when decoding such messages and
+ prevents creating a message (v3+RIPEMD/160) that we can't verify.
+
+ * sig-check.c (signature_check2): Use G10ERR_GENERAL as the error
+ for signature digest conflict. BAD_SIGN implies that a signature
+ was checked and we may try and print out a user ID for a key that
+ doesn't exist.
+
+2003-01-15 David Shaw <dshaw@jabberwocky.com>
+
+ * trustdb.c (init_trustdb, get_validity): Don't use a changed
+ trust model to indicate a dirty trustdb, and never auto-rebuild a
+ dirty trustdb with the "always" trust model.
+
+ * g10.c (add_group): Last commit missed the \t ;)
+
+2003-01-14 David Shaw <dshaw@jabberwocky.com>
+
+ * packet.h, parse-packet.c (setup_user_id), free-packet.c
+ (free_user_id), keydb.h, keyid.c (namehash_from_uid): New function
+ to rmd160-hash the contents of a user ID packet and cache it in
+ the uid object.
+
+ * keylist.c (list_keyblock_colon): Use namehash in field 8 of
+ uids. Show dates for creation (selfsig date), and expiration in
+ fields 6 and 7.
+
+ * trustdb.c (get_validity, get_validity_counts, update_validity):
+ Use new namehash function rather than hashing it locally.
+
+2003-01-14 Werner Koch <wk@gnupg.org>
+
+ * g10.c (add_group): Fixed group parsing to allow more than one
+ delimiter in a row and also allow tab as delimiter.
+
+2003-01-12 David Shaw <dshaw@jabberwocky.com>
+
+ * tdbio.c (tdbio_set_dbname): Fix assertion failure with
+ non-fully-qualified trustdb names.
+
+2003-01-11 David Shaw <dshaw@jabberwocky.com>
+
+ * trustdb.c (get_validity_info, get_ownertrust_info,
+ trust_letter): Simplify by returning a ? for error directly.
+
+ * keyedit.c (show_key_with_all_names): Use get_validity_string and
+ get_ownertrust_string to show full word versions of trust
+ (i.e. "full" instead of 'f').
+
+ * trustdb.h, trustdb.c (get_ownertrust_string,
+ get_validity_string): Same as get_ownertrust_info, and
+ get_validity_info, except returns a full string.
+
+ * trustdb.c (get_ownertrust_with_min): New. Same as
+ 'get_ownertrust' but takes the min_ownertrust value into account.
+
+2003-01-10 David Shaw <dshaw@jabberwocky.com>
+
+ * armor.c (armor_filter): Comment about PGP's end of line tab
+ problem.
+
+ * trustdb.h, trustdb.c (trust_letter): Make
+ static. (get_ownertrust_info, get_validity_info): Don't mask the
+ trust level twice.
+
+ * trustdb.h, gpgv.c, trustdb.c (get_validity, get_validity_info),
+ keylist.c (list_keyblock_colon), keyedit.c
+ (show_key_with_all_names_colon, menu_revuid): Pass a user ID in
+ rather than a namehash, so we only have to do the hashing in one
+ place.
+
+ * packet.h, pkclist.c (build_pk_list), free-packet.c
+ (release_public_key_parts): Remove unused namehash element for
+ public keys.
+
+2003-01-07 David Shaw <dshaw@jabberwocky.com>
+
+ * keygen.c (keygen_set_std_prefs): Warn when setting an IDEA
+ preference when IDEA is not available.
+
+2003-01-06 David Shaw <dshaw@jabberwocky.com>
+
+ * trustdb.c (get_validity_info): 'd' for disabled is not a
+ validity value any more.
+
+ * packet.h, tdbio.h, tdbio.c (tdbio_read_record,
+ tdbio_write_record), trustdb.c (update_validity): Store temporary
+ full & marginal counts in the trustdb.
+ (clear_validity, get_validity_counts): Return and clear temp
+ counts.
+ (store_validation_status): Keep track of which keyids have been
+ stored.
+ (validate_one_keyblock, validate_key_list): Use per-uid copies of
+ the full & marginal counts so they can be recalled for multiple
+ levels.
+ (validate_keys): Only use unused keys for each new round.
+ (reset_unconnected_keys): Rename to reset_trust_records, and only
+ skip specifically excluded records.
+
+ * keylist.c (print_capabilities): Show 'D' for disabled keys in
+ capabilities section.
+
+ * trustdb.c (is_disabled): Remove incorrect comment.
+
+2003-01-03 David Shaw <dshaw@jabberwocky.com>
+
+ * import.c (import_one): Only do the work to create the status
+ display for interactive import if status is enabled.
+
+ * keyring.c (keyring_search): skipfnc didn't work properly with
+ non-keyid searches. Noted by Stefan Bellon.
+
+ * getkey.c (merge_selfsigs_main): Remove some unused code and make
+ sure that the pk selfsigversion member accounts for 1F direct
+ sigs.
+
+2003-01-02 Werner Koch <wk@gnupg.org>
+
+ * keydb.c (keydb_add_resource): Don't assume that try_make_homedir
+ terminates but check again for the existence of the directory and
+ continue then.
+ * openfile.c (copy_options_file): Print a warning if the skeleton
+ file has active options.
+
+2002-12-29 David Shaw <dshaw@jabberwocky.com>
+
+ * getkey.c (merge_selfsigs_main), main.h, sig-check.c
+ (check_key_signature2): Pass the ultimately trusted pk directly to
+ check_key_signature2 to avoid going through the key selection
+ mechanism. This prevents a deadly embrace when two keys without
+ selfsigs each sign the other.
+
+2002-12-27 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (keyserver_refresh): Don't print the "refreshing..."
+ line if there are no keys to refresh or if there is no keyserver
+ set.
+
+ * getkey.c (merge_selfsigs_main): Any valid user ID should make a
+ key valid, not just the last one. This also fixes Debian bug
+ #174276.
+
+2002-12-27 Stefan Bellon <sbellon@sbellon.de>
+
+ * import.c (print_import_check): Changed int to size_t.
+
+2002-12-27 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (keyedit_menu, menu_revuid): Add "revuid" feature to
+ revoke a user ID. This is the same as issuing a revocation for
+ the self-signature, but a much simpler interface to do it.
+
+2002-12-26 David Shaw <dshaw@jabberwocky.com>
+
+ * keydb.h, getkey.c (key_byname): Flag to enable or disable
+ including disabled keys. Keys specified via keyid (i.e. 0x...)
+ are always included.
+
+ * getkey.c (get_pubkey_byname, get_seckey_byname2,
+ get_seckey_bynames), keyedit.c (keyedit_menu, menu_addrevoker):
+ Include disabled keys in these functions.
+
+ * pkclist.c (build_pk_list): Do not include disabled keys for -r
+ or the key prompt. Do include disabled keys for the default key
+ and --encrypt-to.
+
+ * trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping
+ disabled keys.
+
+ * gpgv.c (is_disabled): Stub.
+
+ * keygen.c (keygen_add_key_expire): Properly handle updating a key
+ expiration to a no-expiration value.
+
+ * keyedit.c (enable_disable_key): Comment.
+
+ * import.c (import_one): When in interactive mode and --verbose,
+ don't repeat some key information twice.
+
+2002-12-22 Timo Schulz <ts@winpt.org>
+
+ * import.c (print_import_check): New.
+ (import_one): Use it here.
+ Use merge_keys_and_selfsig in the interactive mode to avoid
+ wrong key information.
+ * status.h: Add new status code.
+ * status.c: Ditto.
+
+2002-12-13 David Shaw <dshaw@jabberwocky.com>
+
+ * pkclist.c (do_we_trust): Tweak language to refer to the "named
+ user" rather than "owner". Noted by Stefan Bellon.
+
+ * trustdb.h, trustdb.c (trustdb_pending_check): New function to
+ check if the trustdb needs a check.
+
+ * import.c (import_keys_internal): Used here so we don't rebuild
+ the trustdb if it is still clean.
+ (import_one, chk_self_sigs): Only mark trustdb dirty if the key
+ that is being imported has any sigs other than self-sigs.
+ Suggested by Adrian von Bidder.
+
+ * options.skel: Include the required '=' sign in the sample
+ 'group' option. Noted by Stefan Bellon.
+
+ * import.c (chk_self_sigs): Don't try and check a subkey as if it
+ was a signature.
+
+2002-12-11 David Shaw <dshaw@jabberwocky.com>
+
+ * tdbio.c (tdbio_read_record, tdbio_write_record): Compact the
+ RECTYPE_TRUST records a bit.
+
+ * g10.c (main): Comment out --list-trust-path until it can be
+ implemented.
+
+ * import.c (import_one): Warn when importing an Elgamal primary
+ that this may take some time (to verify self-sigs).
+ (chk_self_sigs): Try and cache all self-sigs so the keyblock is
+ written to the keyring with a good rich cache.
+
+ * keygen.c (ask_algo): Make the Elgamal sign+encrypt warning
+ stronger, and remove the RSA sign+encrypt warning.
+
+2002-12-06 Stefan Bellon <sbellon@sbellon.de>
+
+ * options.h: Fixed typo (mangle_dos_names instead of
+ mangle_dos_filenames).
+
+2002-12-05 Werner Koch <wk@gnupg.org>
+
+ * g10.c: New options --[no-]mangle-dos-filenames.
+ * options.h (opt): Added mangle-dos-filenames.
+ * openfile.c (open_outfile) [USE_ONLY_8DOT3]: Truncate the
+ filename only when this option is set; this is the default.
+
+2002-12-04 David Shaw <dshaw@jabberwocky.com>
+
+ * main.h, keyedit.c, keygen.c: Back out previous (2002-12-01)
+ change. Minimal isn't always best.
+
+ * sign.c (update_keysig_packet): Use the current time rather then
+ a modification of the original signature time. Make sure that
+ this doesn't cause a time warp.
+
+ * keygen.c (keygen_add_key_expire): Properly handle a key
+ expiration date in the past (use a duration of 0).
+
+ * keyedit.c (menu_expire): Use update_keysig_packet so any sig
+ subpackets are maintained during the update.
+
+ * build-packet.c (build_sig_subpkt): Mark sig expired or unexpired
+ when the sig expiration subpacket is added.
+ (build_sig_subpkt_from_sig): Handle making an expiration subpacket
+ from a sig that has already expired (use a duration of 0).
+
+ * packet.h, sign.c (update_keysig_packet), keyedit.c
+ (menu_set_primary_uid, menu_set_preferences): Add ability to issue
+ 0x18 subkey binding sigs to update_keysig_packet and change all
+ callers.
+
+ * trustdb.c (validate_keys): Show trust parameters when building
+ the trustdb, and make sure that the version record update was
+ successful.
+ (init_trustdb): If the current parameters aren't what was used for
+ building the trustdb, the trustdb is invalid.
+
+ * tbio.c (tdbio_db_matches_options): Update to work with new
+ trustdbs.
+
+2002-12-03 David Shaw <dshaw@jabberwocky.com>
+
+ * tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Store
+ trust model in the trustdb version record.
+ (tdbio_update_version_record): New function to update version
+ record values during a trustdb check or update.
+ (tdbio_dump_record): Show trust model in dump.
+
+ * trustdb.c (validate_keys): Call tdbio_update_version_record on
+ success so that the correct options are stored in the trustdb.
+
+ * options.h: rearrange trust models so that CLASSIC is 0 and
+ OPENPGP is 1.
+
+ * options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
+ pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8
+ mode. This is basically identical to --pgp7 in all ways except
+ that signing subkeys, v4 data sigs (including expiration), and SK
+ comments are allowed.
+
+ * getkey.c (finish_lookup): Comment.
+
+ * main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu):
+ Reorder user ID display in the --edit-key menu to match that of
+ the --list-keys display.
+
+ * g10.c (add_notation_data): Fix initialization.
+
+2002-12-01 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (menu_expire): Don't lose key flags when changing the
+ expiration date of a subkey. This is not the most optimal
+ solution, but it is minimal change on the stable branch.
+
+ * main.h, keygen.c (do_copy_key_flags): New function to copy key
+ flags, if any, from one sig to another.
+ (do_add_key_expire): New function to add key expiration to a sig.
+ (keygen_copy_flags_add_expire): New version of
+ keygen_add_key_expire that also copies key flags.
+ (keygen_add_key_flags_and_expire): Use do_add_key_expire.
+
+ * import.c (fix_hkp_corruption): Comment.
+
+2002-11-25 Stefan Bellon <sbellon@sbellon.de>
+
+ * plaintext.c (handle_plaintext) [__riscos__]: If nooutput is set,
+ no filetype is needed obviously.
+
+2002-11-24 David Shaw <dshaw@jabberwocky.com>
+
+ * main.h, misc.c (default_cipher_algo, default_compress_algo):
+ New. Return the default algorithm by trying
+ --cipher-algo/--compress-algo, then the first item in the pref
+ list, then s2k-cipher-algo or ZIP.
+
+ * sign.c (sign_file, sign_symencrypt_file), encode.c
+ (encode_simple, encode_crypt): Call default_cipher_algo and
+ default_compress_algo to get algorithms.
+
+ * g10.c (main): Allow pref selection for compress algo with
+ --openpgp.
+
+ * mainproc.c (proc_encrypted): Use --s2k-digest-algo for
+ passphrase mangling rather than --digest-algo.
+
+ * sign.c (hash_for): If --digest-algo is not set, but
+ --personal-digest-preferences is, then use the first hash
+ algorithm in the personal list. If the signing algorithm is DSA,
+ then use the first 160-bit hash algorithm in the personal list.
+ If --pgp2 is set and it's a v3 RSA key, use MD5.
+
+ * g10.c (main), keydb.c (keydb_add_resource,
+ keydb_locate_writable): Rename --default-keyring as
+ --primary-keyring. Stefan wins the naming contest.
+
+2002-11-23 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (add_notation_data): Disallow notation names that do not
+ contain a '@', unless --expert is set. This is to help prevent
+ people from polluting the (as yet unused) IETF namespace.
+
+ * main.h: Comments about default algorithms.
+
+ * photoid.c (image_type_to_string): Comments about 3-letter file
+ extensions.
+
+ * encode.c (encode_simple), passphrase.c (passphrase_to_dek),
+ sign.c (sign_symencrypt_file): Use --s2k-digest-algo for
+ passphrase mangling rather than --digest-algo.
+
+2002-11-21 David Shaw <dshaw@jabberwocky.com>
+
+ * keygen.c (keygen_set_std_prefs): Properly handle an empty
+ preference string.
+
+ * misc.c (string_to_compress_algo): "none" is a bad choice since
+ it conflicts with the "none" in setpref.
+
+2002-11-14 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (main): Allow compression algorithm names as the argument
+ to --compress-algo. The old algorithm names still work for
+ backwards compatibility.
+
+ * misc.c (string_to_compress_algo): Allow "none" as an alias for
+ "uncompressed".
+
+2002-11-13 Stefan Bellon <sbellon@sbellon.de>
+
+ * getkey.c (get_pubkey_byfprint_fast): Fixed type incompatibility,
+ was unsigned char instead of byte.
+
+2002-11-13 David Shaw <dshaw@jabberwocky.com>
+
+ * encode.c (encode_simple): Make sure that files larger than about
+ 4G use partial length encoding. This is required because OpenPGP
+ allows only for 32 bit length fields. From Werner on stable
+ branch.
+
+ * getkey.c (get_pubkey_direct): Renamed to...
+ (get_pubkey_fast): this and made extern.
+ (get_pubkey_byfprint_fast): New. From Werner on stable branch.
+
+ * keydb.h, import.c (import_one): Use get_pubkey_fast instead of
+ get_pubkey. We don't need a merged key and actually this might
+ lead to recursions.
+ (revocation_present): Likewise for search by fingerprint. From
+ Werner on stable branch.
+
+ * g10.c (main): Try to create the trustdb even for non-colon-mode
+ list-key operations. This is required because getkey needs to
+ know whether a a key is ultimately trusted. From Werner on stable
+ branch.
+
+ * exec.c [__CYGWIN32__]: Keep cygwin separate from Mingw32;
+ we don't need it here as it behaves more like a Posix system.
+ From Werner on stable branch.
+
+ * passphrase.c (agent_get_passphrase): Ditto. From Werner on
+ stable branch.
+
+ * tdbio.c (MY_O_BINARY): Need binary mode with Cygwin. From
+ Werner on stable branch.
+
+ * g10.c, gpgv.c (main) [__CYGWIN32__]: Don't get the homedir from
+ the registry. From Werner on stable branch.
+
+ * keyedit.c (show_key_with_all_names_colon): Make --with-colons
+ --edit display match the validity and trust of --with-colons
+ --list-keys.
+
+ * passphrase.c (agent_send_all_options): Fix compile warning.
+
+ * keylist.c (list_keyblock_colon): Validity for subkeys should
+ match that of the primary key, and not that of the last user ID.
+
+ * getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys
+ carry these facts onto all their subkeys, but only after the
+ subkey has a chance to be marked valid. This is to fix an
+ incorrect "invalid public key" error verifying a signature made by
+ a revoked signing subkey, with a valid unrevoked primary key.
+
+2002-11-09 Werner Koch <wk@gnupg.org>
+
+ * passphrase.c (agent_send_all_options): Use tty_get_ttyname to
+ get the default ttyname.
+
+2002-11-07 David Shaw <dshaw@jabberwocky.com>
+
+ * keyring.h, keyring.c (keyring_register_filename): Return the
+ pointer if a given keyring is registered twice.
+
+ * keydb.h, keydb.c (keydb_add_resource): Use flags to indicate a
+ default keyring.
+ (keydb_locate_writable): Prefer the default keyring if possible.
+
+ * g10.c (main): Add --default-keyring option.
+
+2002-11-06 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, g10.c (main), trustdb.c (ask_ownertrust): Add
+ --force-ownertrust option for debugging purposes. This allows
+ setting a whole keyring to a given trust during an
+ --update-trustdb. Not for normal use - it's just easier than
+ hitting "4" all the time to test a large trustdb.
+
+ * pubkey-enc.c (get_session_key): With hidden recipients or try a
+ given passphrase against all secret keys rather than trying all
+ secret keys in turn. Don't if --try-all-secrets or --status-fd is
+ enabled.
+
+ * passphrase.c (passphrase_to_dek): Mode 1 means do a regular
+ passphrase query, but don't prompt with the key info.
+
+ * seckey-cert.c (do_check, check_secret_key): A negative ask count
+ means to enable passphrase mode 1.
+
+ * keydb.h, getkey.c (enum_secret_keys): Add flag to include
+ secret-parts-missing keys (or not) in the list.
+
+2002-11-05 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (keyserver_search_prompt): When --with-colons is
+ enabled, don't try and fit the search output to the screen size -
+ just dump the whole list.
+
+2002-11-04 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (keyserver_search_prompt): When --with-colons is
+ enabled, just dump the raw keyserver protocol to stdout and don't
+ print the menu.
+
+ * keyserver.c (show_prompt): Don't show a prompt when command-fd
+ is being used.
+
+ * trustdb.c (trust_model_string, check_trustdb, update_trustdb,
+ validate_one_keyblock): It's not clear what a trustdb rebuild or
+ check means with a trust model other than "classic" or "openpgp",
+ so disallow this.
+
+2002-11-03 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, g10.c (main): Add --trust-model option. Current
+ models are "openpgp" which is classic+trustsigs, "classic" which
+ is classic only, and "always" which is the same as the current
+ option --always-trust (which still works). Default is "openpgp".
+
+ * trustdb.c (validate_one_keyblock): Use "openpgp" trust model to
+ enable trust sigs.
+
+ * gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c
+ (do_we_trust, do_we_trust_pre, check_signatures_trust): Use new
+ --trust-model option in place of --always-trust.
+
+ * keyedit.c (sign_mk_attrib, trustsig_prompt, sign_uids,
+ keyedit_menu): Prompt for and create a trust signature with
+ "tsign". This is functional, but needs better UI text.
+
+ * build-packet.c (build_sig_subpkt): Able to build trust and
+ regexp subpackets.
+
+ * pkclist.c (do_edit_ownertrust): Comment.
+
+2002-11-02 David Shaw <dshaw@jabberwocky.com>
+
+ * keygen.c (set_one_pref, keygen_set_std_prefs): Allow using the
+ full algorithm name (CAST5, SHA1) rather than the short form (S3,
+ H2).
+
+ * main.h, keygen.c (keygen_get_std_prefs), keyedit.c
+ (keyedit_menu): Return and use a fake uid packet rather than a
+ string since we already have a nice parser/printer in
+ keyedit.c:show_prefs.
+
+ * main.h, misc.c (string_to_compress_algo): New.
+
+2002-11-01 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (main): Add --no-throw-keyid.
+
+ * keydb.h, encode.c (write_pubkey_enc_from_list), g10.c (main),
+ pkclist.c (build_pk_list): Add --hidden-recipient (-R) and
+ --hidden-encrypt-to, which do a single-user variation on
+ --throw-keyid. The "hide this key" flag is carried in bit 0 of
+ the pk_list flags field.
+
+ * keyserver.c (parse_keyrec): Fix shadowing warning.
+
+2002-10-31 Stefan Bellon <sbellon@sbellon.de>
+
+ * compress.c (init_compress) [__riscos__]: Use
+ riscos_load_module() to load ZLib module.
+
+ * g10.c (main) [__riscos__]: Renames due to changes in riscos.c
+ (e.g. prefixes all RISC OS specific functions with riscos_*).
+ * photoid.c (show_photos) [__riscos__]: Likewise.
+ * signal.c (got_fatal_signal) [__riscos__]: Likewise.
+
+ * trustdb.c (check_regexp) [__riscos__]: Branch to RISC OS RegEx
+ handling.
+
+2002-10-31 David Shaw <dshaw@jabberwocky.com>
+
+ * build-packet.c (do_plaintext), encode.c (encode_sesskey,
+ encode_simple, encode_crypt), sign.c (write_plaintext_packet): Use
+ wipememory() instead of memset() to wipe sensitive memory as the
+ memset() might be optimized away.
+
+2002-10-30 David Shaw <dshaw@jabberwocky.com>
+
+ * trustdb.c (check_regexp): Modern regexps require REG_EXTENDED.
+
+2002-10-29 David Shaw <dshaw@jabberwocky.com>
+
+ * packet.h, trustdb.h, trustdb.c (trust_string): New. Return a
+ string like "fully trusted", "marginally trusted", etc.
+ (get_min_ownertrust): New. Return minimum ownertrust.
+ (update_min_ownertrust): New. Set minimum ownertrust.
+ (check_regexp): New. Check a regular epression against a user ID.
+ (ask_ownertrust): Allow specifying a minimum value.
+ (get_ownertrust_info): Follow the minimum ownertrust when
+ returning a letter.
+ (clear_validity): Remove minimum ownertrust when a key becomes
+ invalid.
+ (release_key_items): Release regexp along with the rest of the
+ info.
+ (validate_one_keyblock, validate_keys): Build a trust sig chain
+ while validating. Call check_regexp for regexps. Use the minimum
+ ownertrust if the user does not specify a genuine ownertrust.
+
+ * pkclist.c (do_edit_ownertrust): Only allow user to select a
+ trust level greater than the minimum value.
+
+ * parse-packet.c (can_handle_critical): Can handle critical trust
+ and regexp subpackets.
+
+ * trustdb.h, trustdb.c (clear_ownertrusts), delkey.c
+ (do_delete_key), import.c (import_one): Rename clear_ownertrust to
+ clear_ownertrusts and have it clear the min_ownertrust value as
+ well.
+
+ * keylist.c (list_keyblock_print): Indent uid to match pub and
+ sig.
+
+ * keyedit.c (print_and_check_one_sig, show_key_and_fingerprint,
+ menu_addrevoker), keylist.c (list_keyblock_print,
+ print_fingerprint): Show "T" or the trust depth for trust
+ signatures, and add spaces to some strings to make room for it.
+
+ * packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
+ parse_signature): Parse trust signature values.
+
+ * tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record):
+ Reserve a byte for the minimum ownertrust value (for use with
+ trust signatures).
+
+2002-10-29 Stefan Bellon <sbellon@sbellon.de>
+
+ * build-packet.c (calc_plaintext, do_plaintext): Removed RISC OS
+ specific filetype parts (it's now done in make_basename()).
+
+ * plaintext.c (handle_plaintext): Tidied up RISC OS specific
+ filetype parts.
+
+ * encode.c (encode_simple, encode_crypt): Added argument to
+ make_basename() call.
+
+ * sign.c (write_plaintext_packet): Added argument to
+ make_basename() call.
+
+2002-10-28 Stefan Bellon <sbellon@sbellon.de>
+
+ * build-packet.c (calc_plaintext, do_plaintext): Added filetype
+ handling for RISC OS' file types.
+
+ * plaintext.c (handle_plaintext) [__riscos__]: Added filetype
+ handling for RISC OS' file types.
+
+2002-10-23 David Shaw <dshaw@jabberwocky.com>
+
+ * main.h, import.c (sec_to_pub_keyblock, import_secret_one,
+ parse_import_options), g10.c (main): New import-option
+ "convert-sk-to-pk" to convert a secret key into a public key
+ during import. It is on by default.
+
+2002-10-23 Werner Koch <wk@gnupg.org>
+
+ * pubkey-enc.c (get_it): Fix segv, test for revoked only when PK
+ has been assigned.
+
+2002-10-18 Timo Schulz <ts@winpt.org>
+
+ * keylist.c: (print_pubkey_info): New.
+ (print_seckey_info): New.
+ * main.h: Prototypes for the new functions.
+ * delkey.c (do_delete_key): Use it here.
+ * revoke.c (gen_desig_revoke): Ditto.
+
+2002-10-17 Werner Koch <wk@gnupg.org>
+
+ * pkclist.c (do_edit_ownertrust): Show all user IDs. This should
+ be enhanced to also show the current trust level. Suggested by
+ Florian Weimer.
+
+2002-10-17 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (main): Handle --strict and --no-strict from the command
+ line before the options file is loaded.
+
+2002-10-15 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (main): Disable --textmode when encrypting (symmetric or
+ pk) in --pgp2 mode as PGP 2 can't handle the unknown length
+ literal packet. Reported by Michael Richardson.
+
+2002-10-14 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver-internal.h, keyserver.c (print_keyrec, parse_keyrec,
+ show_prompt, keyserver_search_prompt, keyserver_spawn): Go to
+ version 1 of the keyserver protocol. This is a better design,
+ similar to --with-colons, that allows for keys with multiple user
+ IDs rather than using multiple keys. It also matches the machine
+ readable pksd format. Also use a prettier --search-keys listing
+ format that can fill different size windows (currently set at 24
+ lines).
+
+2002-10-12 Werner Koch <wk@gnupg.org>
+
+ * keygen.c (print_status_key_created): New.
+ (do_generate_keypair): Use it to print the fingerprint.
+ (generate_subkeypair): Likewise.
+
+2002-10-11 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (menu_addrevoker): Properly back out if the signature
+ fails. Also, do not allow appointing the same revoker twice, and
+ report ALREADY_SIGNED if the user tries it.
+
+2002-10-07 David Shaw <dshaw@jabberwocky.com>
+
+ * import.c (import_keys_internal): Missed one s/inp/inp2/.
+
+ * keylist.c (print_capabilities): Properly indicate per-key
+ capabilities of sign&encrypt primary keys that have
+ secret-parts-missing (i.e. no capabilities at all)
+
+ * mainproc.c (symkey_decrypt_sesskey): Fix compiler warning.
+
+2002-10-04 David Shaw <dshaw@jabberwocky.com>
+
+ * getkey.c (get_pubkey_direct): Don't cache keys retrieved via
+ this function as they may not have all their fields filled in.
+
+ * sig-check.c (signature_check2): Use new is_primary flag to check
+ rather than comparing main_keyid with keyid as this still works in
+ the case of a not fully filled in pk.
+
+2002-10-04 Werner Koch <wk@gnupg.org>
+
+ * import.c (import_keys_internal): s/inp/inp2/ to avoid shadowing
+ warning.
+
+ * passphrase.c (agent_get_passphrase): Fixed signed/unsigned char
+ problem in %-escaping. Noted by Ingo Klöcker.
+
+2002-10-03 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, g10.c (main): Add --strict and --no-strict to switch
+ the log_warning severity level from info to error.
+
+ * keylist.c (print_capabilities): Secret-parts-missing keys should
+ show that fact in the capabilities, and only primary signing keys
+ can certify other keys.
+
+ * packet.h, parse_packet.c (parse_key): Add is_primary flag for
+ public keys (it already exists for secret keys).
+
+2002-10-02 David Shaw <dshaw@jabberwocky.com>
+
+ * import.c (import_secret_one): Check for an illegal (>110)
+ protection cipher when importing a secret key.
+
+ * keylist.c (list_keyblock_print): Show a '#' for a
+ secret-parts-missing key.
+
+ * parse_packet.c (parse_key): Some comments.
+
+ * revoke.c (gen_revoke): Remove some debugging code.
+
+ * trustdb.c (verify_own_keys): Make trusted-key a non-deprecated
+ option again.
+
+ * seckey-cert.c (do_check): Don't give the IDEA warning unless the
+ cipher in question is in fact IDEA.
+
+2002-10-01 David Shaw <dshaw@jabberwocky.com>
+
+ * import.c (import_one): Make sure that a newly imported key
+ starts with a clean ownertrust.
+
+2002-10-01 Werner Koch <wk@gnupg.org>
+
+ * getkey.c (get_pubkey_direct): New.
+ (merge_selfsigs_main): Use it here to look for an ultimately
+ trusted key. Using the full get_pubkey might lead to an
+ infinitive recursion.
+
+2002-09-29 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (parse_keyserver_uri): Force the keyserver URI
+ scheme to lowercase to be case-insensitive.
+
+2002-09-28 David Shaw <dshaw@jabberwocky.com>
+
+ * export.c (do_export_stream): Comment.
+
+ * sig-check.c (check_key_signature2): Properly handle a
+ non-designated revocation import.
+
+2002-09-26 Werner Koch <wk@gnupg.org>
+
+ * g10.c (set_homedir): New. Changed all direct assignments to use
+ this.
+ * gpgv.c (set_homedir): Ditto.
+
+2002-09-25 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: Link gpg with EGDLIBS (i.e. NETLIBS) as EGD uses
+ sockets. Remove the old NETLIBS variable since the keyserver
+ stuff is no longer internal.
+
+2002-09-24 David Shaw <dshaw@jabberwocky.com>
+
+ * import.c (import_keys_stream): Fix compiler type warning.
+
+ * keyring.c (keyring_rebuild_cache), sig-check.c
+ (check_key_signature2), import.c (import, chk_self_sigs): Minor
+ language cleanups.
+
+2002-09-23 Stefan Bellon <sbellon@sbellon.de>
+
+ * main.h: Introduced fast-import as import option. Removed
+ fast as separate option from prototypes.
+ * import.c (parse_import_options): Added fast-import option.
+ (import_*): Removed fast as separate option.
+ * g10.c (main): Added option fast-import, removed old fast
+ as separate argument.
+ * keyserver.c (keyserver_spawn): Removed old fast as separate
+ argument.
+
+2002-09-22 Stefan Bellon <sbellon@sbellon.de>
+
+ * import.c (import_keys, import_keys_stream,
+ import_keys_internal): Added trustdb update/check to key import if
+ not fast-import and interactive set/no-auto-check-trustdb unset.
+ Avoided function clone by introducing import_keys_internal.
+
+2002-09-19 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (keyserver_spawn): Properly handle line truncation.
+ Don't leak memory (~10-20 bytes) on searches.
+ (keyserver_search_prompt): Cleanup.
+
+ * keylist.c (list_keyblock_colon): Show 1F direct key signatures
+ in --with-colons listing.
+
+2002-09-16 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (menu_addrevoker): The direct key signature for
+ revocation keys must be at least v4 to carry the revocation key
+ subpacket. Add a PGP 2.x warning for revocation keys.
+
+2002-09-14 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (check_permissions): Rearrange strings to make translating
+ easier (don't incorporate string parts).
+
+ * keyedit.c (sign_uids): Make strings translatable.
+
+ * sig-check.c (check_key_signature2): Make string translatable.
+
+2002-09-13 David Shaw <dshaw@jabberwocky.com>
+
+ * getkey.c (check_revocation_keys): Move....
+ * main.h, sig-check.c (check_revocation_keys): to here. Also
+ return the signature_check error code rather than 0/1 and cache
+ the sig result.
+
+ * sig-check.c (check_key_signature2): Divert to
+ check_revocation_keys if a revocation sig is made by someone other
+ than the pk owner.
+
+ * getkey.c (merge_selfsigs_main): Tidy.
+
+2002-09-13 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main) [__MINGW32__]: Activate oLoadExtension.
+
+2002-09-12 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am, hkp.c, hkp.h, keyserver.c (keyserver_work): Remove
+ internal HKP support.
+
+ * keyserver.c (keyserver_spawn): Remove whitespace after keyserver
+ commands.
+
+2002-09-10 David Shaw <dshaw@jabberwocky.com>
+
+ * exec.c (expand_args): Remove loop left over from earlier
+ implementation.
+ (exec_write): Missed one tick.
+
+2002-09-10 Werner Koch <wk@gnupg.org>
+
+ * g10.c, options.h: Removed option --emulate-checksum-bug.
+ * misc.c (checksum_u16_nobug): Removed.
+ (checksum_u16): Removed the bug emulation.
+ (checksum_mpi): Ditto.
+ (checksum_mpi_counted_nbits): Removed and replaced all calls
+ with checksum_mpi.
+
+ * parse-packet.c (read_protected_v3_mpi): New.
+ (parse_key): Use it here to store it as an opaque MPI.
+ * seckey-cert.c (do_check): Changed the v3 unprotection to the new
+ why to store these keys.
+ (protect_secret_key): Likewise.
+ * build-packet.c (do_secret_key): And changed the writing.
+
+ * tdbio.c (tdbio_set_dbname, open_db): Use new macro MY_O_BINARY
+ to avoid silly ifdefs.
+ (open_db): Fallback to RDONLY so that gpg may be used from a
+ RO-medium.
+
+ * encode.c (encode_simple): Make sure we don't use an ESK packet
+ when we don't have a salt in the S2K.
+
+ * misc.c (pct_expando) <case f>: Make sure that LEN is initialized.
+
+ * exec.c (exec_finish): Use ticks to denote filenames in messages.
+ (make_tempdir, exec_write): Changed format of messages.
+
+ * keyserver.c (print_keyinfo): Release USERID in on error.
+ (keyserver_work) [!DISABLE_KEYSERVER_HELPERS]: Exclude the unused
+ code.
+
+2002-09-09 Werner Koch <wk@gnupg.org>
+
+ * parse-packet.c (make_attribute_uidname): Add new ar MAX_NAMELEN
+ for sanity checks. Changed both callers. Limit the size of an %s.
+
+ * options.skel: Comment lock-once out, so that this file does not
+ change anything when copied to a new home directory.
+ * openfile.c (try_make_homedir): Don't exit after copying the
+ option skeleton.
+
+ * options.h: Don't use a comma when declaring variables over more
+ than one line.
+
+ * mainproc.c (symkey_decrypt_sesskey): Check length of the session
+ key.
+
+ * hkp.c (dehtmlize): Use ascii_tolower to protect against weird
+ locales. Cast the argument for isspace for the sake of broken
+ HP/UXes.
+ (parse_hkp_index): s/ascii_memcasecmp/ascii_strncasecmp/.
+
+ * g10.c: Removed option --emulate-3des-s2k-bug.
+
+ * passphrase.c (hash_passphrase): Was used here.
+
+ * export.c (parse_export_options)
+ * keyserver.c (parse_keyserver_options)
+ * import.c (parse_import_options)
+ * g10.c (check_permissions): s/ascii_memcasecmp/ascii_strncasecmp/.
+
+2002-09-09 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (add_group): Use '=' to separate group name from group
+ members. Use a better error message for when no = is found.
+
+ * hkp.c (hkp_export): Use CRLF in headers.
+
+2002-09-03 David Shaw <dshaw@jabberwocky.com>
+
+ * mainproc.c (print_pkenc_list): Don't increment the error counter
+ when printing the list of keys a message was encrypted to. This
+ would make gpg give a non-zero exit code even for completely valid
+ messages if the message was encrypted to more than one key that
+ the user owned.
+
+2002-09-02 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main): Try to set a default character set. Print the
+ used one in verbosity level 3.
+ * gpgv.c (main): Try to set a default character set.
+
+ * status.c, status.h (STATUS_IMPORT_OK): New.
+ * import.c (import_one,import_secret_one): Print new status.
+
+2002-08-30 David Shaw <dshaw@jabberwocky.com>
+
+ * pkclist.c (build_pk_list): Add new status code to indicate an
+ untrusted user. This (or a disabled key) fail with "unavailable
+ pubkey" (G10ERR_UNU_PUBKEY).
+
+ * pkclist.c (build_pk_list): Fail if any recipient keys are
+ unusable.
+
+ * options.skel: The PGP LDAP keyserver is back. Use MIT keyserver
+ as a sample rather than cryptnet as cryptnet does not support
+ searching yet.
+
+ * keyedit.c (show_key_with_all_names): Fix error message
+ (preferences are userid/selfsig and not key specific).
+
+2002-08-30 Werner Koch <wk@gnupg.org>
+
+ * pkclist.c (do_we_trust_pre): Changed the wording of a warning.
+
+ * encode.c (encode_simple,encode_crypt): Use new style CTB for
+ compressssed packets when using MDC. We need to do this so that
+ concatenated messages are properly decrypted. Old style
+ compression assumes that it is the last packet; given that we
+ can't determine the length in advance, the uncompressor does not
+ know where to start. Actually we should use the new CTB always
+ but this would break PGP 2 compatibility.
+
+ * parse-packet.c (parse): Special treatment for new style CTB
+ compressed packets.
+
+ * build-packet.c (do_mdc): Removed. Was not used.
+ (do_encrypted_mdc): Count in the version number and the MDC packet.
+
+2002-08-28 David Shaw <dshaw@jabberwocky.com>
+
+ * sig-check.c (do_check_messages, do_check): Show keyid in error
+ messages.
+
+ * keyserver.c (print_keyinfo): More readable key listings for
+ --search-keys responses.
+
+2002-08-26 David Shaw <dshaw@jabberwocky.com>
+
+ * hkp.c (parse_hkp_index, dehtmlize): Move HTML functionality into
+ new "dehtmlize" function. Remove HTML before trying to parse each
+ line from the keyserver. If the keyserver provides key type
+ information in the listing, use it.
+
+2002-08-23 David Shaw <dshaw@jabberwocky.com>
+
+ * sig-check.c (do_check, do_check_messages): Emit the usual sig
+ warnings even for cached sigs. This also serves to protect
+ against missing a sig expiring while cached.
+
+ * getkey.c (merge_selfsigs_main): Don't check UID self-sigs twice.
+
+2002-08-22 David Shaw <dshaw@jabberwocky.com>
+
+ * import.c (clean_subkeys, chk_self_sigs): Merge clean_subkeys
+ into chk_self_sigs. This improves efficiency as the same
+ signatures are not checked multiple times. Clarify when a subkey
+ is revoked (any revocation signature, even if it is dated before
+ the binding signature).
+
+ * getkey.c (merge_selfsigs_subkey): Subkey revocation comments.
+
+ * keylist.c (list_one): Stats are only for public key listings.
+
+ * g10.c (main), options.skel: Default should be include-revoked
+ for keyserver operations.
+
+2002-08-21 Werner Koch <wk@gnupg.org>
+
+ * import.c (import_print_stats): Print new non_imported counter
+ which is currently not used because we terminate on errors.
+
+2002-08-20 David Shaw <dshaw@jabberwocky.com>
+
+ * options.skel: Document no-include-attributes for
+ keyserver-options.
+
+ * keylist.c, keyedit.c, keyserver.c, sign.c: Some TODOs and
+ comments.
+
+ * export.c (do_export_stream): Fix noop bug in exporting sensitive
+ revocation keys.
+
+ * pkclist.c (do_edit_ownertrust): Comment out the option for
+ showing trust paths until it can be implemented.
+
+2002-08-19 Werner Koch <wk@gnupg.org>
+
+ * getkey.c (get_user_id_native): Renamed to ..
+ (get_user_id_printable): this. Filter out all dangerous
+ characters. Checked all usages.
+ (get_user_id_string_native): Renamed to..
+ (get_user_id_string_printable): this. Filter out all dangerous
+ characters. Checked all usages.
+ * keyedit.c (show_basic_key_info): New.
+ * keylist.c (print_fingerprint): New mode 3.
+ * import.c (import_one): Use new function to display the user ID.
+
+2002-08-16 Timo Schulz <ts@winpt.org>
+
+ * g10.c (main): Enable opt.interactive.
+
+ * import.c (import_one): Ask the user if the key shall be
+ imported when the interactive mode is used. Useful to extract
+ selected keys from a file.
+
+2002-08-16 Werner Koch <wk@gnupg.org>
+
+ * seckey-cert.c: Workaround to allow decryption of v3 keys created
+ with a bug in the mpi_get_secure_buffer.
+
+2002-08-14 David Shaw <dshaw@jabberwocky.com>
+
+ * hkp.c (parse_hkp_index): Properly handle really large keys
+ (5 digit key length) in HKP searches.
+
+2002-08-13 David Shaw <dshaw@jabberwocky.com>
+
+ * encode.c (encode_simple): Fix problem with using compression
+ algo 2 and symmetric compressed files.
+
+ * encode.c (encode_simple, encode_crypt): If we are not using a
+ MDC, compress even if a file is already compressed. This is to
+ help against the chosen ciphertext attack.
+
+ * pkclist.c (select_algo_from_prefs): Fix requested algorithm bug
+ so the request succeeds even if the requested algorithm is not the
+ first found.
+
+ * cipher.c (write_header), encode.c (use_mdc, encode_simple,
+ encode_crypt, encrypt_filter), g10.c (main): Be more eager to use
+ a MDC. We use a MDC if the keys directly support it, if the keys
+ list AES (any) or TWOFISH anywhere in the prefs, or if the cipher
+ chosen does not have a 64 bit blocksize.
+
+2002-08-08 David Shaw <dshaw@jabberwocky.com>
+
+ * options.skel: Some language tweaks, and remove the
+ load-extension section for random gatherers.
+
+ * keyring.c (create_tmp_file, rename_tmp_file): Create tmp files
+ with user-only permissions, but restore the original permissions
+ if the user has something special set.
+
+ * openfile.c (copy_options_file): Create new options file
+ (gpg.conf) with user-only permissions.
+
+ * keydb.c (keydb_add_resource): Create new keyrings with user-only
+ permissions.
+
+ * tdbio.c (tdbio_set_dbname): Create new trustdbs with user-only
+ permissions.
+
+2002-08-07 David Shaw <dshaw@jabberwocky.com>
+
+ * sig-check.c (signature_check2): Sanity check that the md has a
+ context for the hash that the sig is expecting. This can happen
+ if a onepass sig header does not match the actual sig, and also if
+ the clearsign "Hash:" header is missing or does not match the
+ actual sig.
+
+ * keyedit.c (menu_revsig): Properly show a uid is revoked without
+ restarting gpg. This is Debian bug 124219, though their supplied
+ patch will not do the right thing.
+
+ * main.h, tdbio.c (tdbio_set_dbname), misc.c (removed
+ check_permissions), keydb.c (keydb_add_resource), g10.c (main,
+ check_permissions): Significant reworking of the permission check
+ mechanism. The new behavior is to check everything in the homedir
+ by checking the homedir itself. If the user wants to put
+ (possibly shared) keyrings outside the homedir, they are not
+ checked. The options file and any extension files are checked
+ wherever they are, as well as their enclosing directories. This
+ is Debian bug 147760.
+
+2002-08-06 Stefan Bellon <sbellon@sbellon.de>
+
+ * g10.c (main): Use of EXTSEP_S in new gpg.conf string.
+ * openfile.c (copy_options_file): Ditto.
+
+2002-08-06 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, g10.c (main), mainproc.c (proc_encrypted):
+ --ignore-mdc-error option to turn a MDC check error into a
+ warning.
+
+ * encode.c (encode_crypt), g10.c (main), sign.c (sign_file,
+ clearsign_file): Use the same --pgpX warning string everywhere to
+ ease translations.
+
+ * encode.c (write_pubkey_enc_from_list): Warn when using
+ --throw-keyid with --pgpX. Noted by Vedaal Nistar.
+
+ * revoke.c (export_minimal_pk, gen_desig_revoke, gen_revoke):
+ Export a minimal pk along with the revocation cert when in --pgpX
+ mode so that PGP can import it.
+
+2002-08-06 Werner Koch <wk@gnupg.org>
+
+ * options.skel: Changed comments.
+
+ * g10.c (main): Try to use "gpg.conf" as default option file.
+ * openfile.c (copy_options_file): Changed name of created file.
+
+2002-08-02 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (LDFLAGS): Removed DYNLINK_LDFLAGS.
+
+2002-07-30 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, g10.c (main), mainproc.c (proc_encrypted): Return a
+ decryption failed error if a MDC does not verify. Warn if a MDC
+ is not present (can disable via --no-mdc-warning).
+
+ * exec.c (exec_write), g10.c (main), keyserver.c
+ (keyserver_spawn): Use new DISABLE_KEYSERVER_PATH rather than
+ FIXED_EXEC_PATH.
+
+2002-07-28 David Shaw <dshaw@jabberwocky.com>
+
+ * sig-check.c (do_check): Properly validate v4 sigs with no hashed
+ section at all.
+
+2002-07-25 Werner Koch <wk@gnupg.org>
+
+ * delkey.c (do_delete_key): Always allow to delete a key in batch mode
+ when specified by fingerprint. Suggested by Enzo Michelangeli.
+
+2002-07-25 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (menu_revsig): Change "revsig" to honor selected uids
+ so the user can revoke sigs from particular uids only.
+
+ * keylist.c (list_keyblock_print): Don't display expired uids in
+ --list-keys unless -v and not --list-sigs (just like revoked
+ uids).
+
+ * exec.c, export.c, import.c, keyedit.c, keyserver.c, misc.c:
+ "Warning" -> "WARNING"
+
+2002-07-24 David Shaw <dshaw@jabberwocky.com>
+
+ * main.h, import.c (parse_import_options, fix_hkp_corruption,
+ import_one, delete_inv_parts), g10.c (main): New import-option
+ "repair-hkp-subkey-bug", which repairs as much as possible the HKP
+ mangling multiple subkeys bug. It is on by default for keyserver
+ receives, and off by default for regular --import.
+
+ * main.h, import.c (import, import_one, delete_inv_parts), hkp.c
+ (hkp_ask_import), keyserver.c (keyserver_spawn): Use keyserver
+ import options when doing keyserver receives.
+
+ * options.h, exec.h, exec.c (set_exec_path, exec_write), g10.c
+ (main), keyserver.c (keyserver_spawn): If the user does not use
+ "exec-path", completely replace $PATH with GNUPG_LIBEXECDIR before
+ calling the keyserver helper. If the user does use "exec-path",
+ append GNUPG_LIBEXECDIR after the specified path.
+
+2002-07-23 David Shaw <dshaw@jabberwocky.com>
+
+ * import.c (parse_import_options), export.c
+ (parse_export_options): Fix offset problem with reversed ("no-")
+ meanings.
+
+ * import.c (delete_inv_parts): Discard subkey signatures (0x18 and
+ 0x28) if found in the userid section of the key.
+
+ * sig-check.c (signature_check2): Signatures made by invalid
+ subkeys (bad/missing binding sig) are also invalid.
+
+ * keylist.c (print_fingerprint): Show the primary as well as the
+ secondary key fingerprint in modes 1 & 2.
+
+2002-07-22 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, main.h, g10.c (main), import.c
+ (parse_import_options, delete_inv_parts), keyserver.c
+ (parse_keyserver_options): add new --import-options option. The
+ only current flag is "allow-local-sigs".
+
+ * g10.c (main): Don't disable MDC in pgp7 mode.
+
+ * options.h, g10.c (main), keyserver.c (parse_keyserver_options):
+ Remove old keyserver-option include-attributes now that there is
+ an export-option for the same thing.
+
+ * options.h, main.h, export.c (parse_export_options,
+ do_export_stream), g10.c (main): add new --export-options option.
+ Current flags are "include-non-rfc", "include-local-sigs",
+ "include-attributes", and "include-sensitive-revkeys".
+
+ * options.h, hkp.c (hkp_export), keyserver.c
+ (parse_keyserver_options, keyserver_spawn): try passing unknown
+ keyserver options to export options, and if successful, use them
+ when doing a keyserver --send-key.
+
+ * build-packet.c (build_sig_subpkt): We do not generate
+ SIGSUBPKT_PRIV_VERIFY_CACHE anymore.
+
+ * revoke.c (gen_desig_revoke): Lots more comments about including
+ sensitive revkeys along with the revocation sig itself.
+
+ * keyserver.c (parse_keyserver_options): Simpler implementation
+ that can skip one pass over the options.
+
+2002-07-18 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (keyedit_menu, menu_addrevoker): Allow specifying
+ "sensitive" as an argument to an addrevoker command. This sets
+ the 0x40 sensitive revoker flag.
+
+ * revoke.c (gen_desig_revoke): When generating a designated
+ revocation, include the direct key sig that contains the
+ designated revoker subpacket. This allows sensitive designated
+ revocation subpackets to be exported. Also indicate which
+ revokers are sensitive in the first place.
+
+2002-07-17 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (show_key_with_all_names_colon): The 0x40 class bit in
+ a designated revoker means "sensitive", not "local". It's
+ exportable under the right circumstances.
+
+ * main.h, options.h, export.c (do_export_stream), g10.c (main),
+ hkp.c (hkp_export), keyserver.c (keyserver_spawn: Add a flag to
+ skip attribute packets and their signatures while exporting. This
+ is to accomodate keyservers (pksd again) that choke on attributes.
+ Use keyserver-option "include-attributes" to control it. This
+ defaults to ON (i.e. don't skip).
+
+2002-07-09 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, keyserver.c (parse_keyserver_uri, keyserver_spawn,
+ keyserver_work), hkp.c (hkp_ask_import, hkp_export, hkp_search):
+ Use a much more strict reading of RFC-2396 for the keyserver URIs.
+ Specifically, don't try and be smart about checking the value of
+ ":port" so long as it is all digits, and properly handle opaque
+ data (those scheme specific parts that do not start with "//").
+
+2002-07-04 David Shaw <dshaw@jabberwocky.com>
+
+ * photoid.c (get_default_photo_command, show_photos): Honor
+ FIXED_PHOTO_VIEWER and DISABLE_PHOTO_VIEWER.
+
+ * mainproc.c (check_sig_and_print): Use --show-photos to show
+ photos when verifying a sig made by a key with a photo.
+
+ * keyserver.c (parse_keyserver_uri): Properly parse a URI with no
+ :port section and an empty file path, but with a terminating '/'.
+ (keyserver_work): Honor DISABLE_KEYSERVER_HELPERS.
+
+ * hkp.c (hkp_ask_import): Display keyserver URI as a URI, but only
+ if verbose.
+
+ * exec.c, g10.c: USE_EXEC_PATH -> FIXED_EXEC_PATH
+
+2002-07-03 David Shaw <dshaw@jabberwocky.com>
+
+ * exec.h, exec.c (set_exec_path, exec_write), g10.c (main): If
+ USE_EXEC_PATH is defined at compile time, use it to lock the
+ exec-path and not allow the user to change it.
+
+2002-07-02 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, g10.c (main), keyserver.c (keyserver_refresh):
+ Maintain and use the original keyserver URI for cosmetics rather
+ than trying to recreate it when needed.
+
+ * mainproc.c (check_sig_and_print): Properly disregard expired
+ uids. Make sure that the first uid listed is a real uid and not
+ an attribute (attributes should only be listed in the "aka"
+ section). When there are no valid textual userids, try for an
+ invalid textual userid before using any attribute uid.
+
+2002-07-01 David Shaw <dshaw@jabberwocky.com>
+
+ * options.skel: Fix a few typos, clarify "group", and remove
+ sample photo viewers for Win32 since they are the defaults now.
+
+ * parse-packet.c (make_attribute_uidname), keylist.c
+ (dump_attribs): Fix two typecast warnings.
+
+ * packet.h, build-packet.c (build_attribute_subpkt), exec.c
+ (expand_args), mkdtemp.c (mkdtemp), photoid.c
+ (parse_image_header): Fix some signedness compiler warnings.
+
+2002-07-01 Werner Koch <wk@gnupg.org>
+
+ * photoid.c (get_default_photo_command): Also use __MINGW32__
+ instead of HAVE_DOSISH_SYSTEM.
+
+ * encode.c (encode_symmetric): Do not use the new encryption code.
+
+2002-06-30 Werner Koch <wk@gnupg.org>
+
+ * photoid.c: Use __MINGW32__ to include windows because
+ HAVE_DOSISH_SYSTEM is also set for OS/2 and plain DOS. Provide
+ constant missing in older mingw installations.
+
+2002-06-21 Stefan Bellon <sbellon@sbellon.de>
+
+ * g10.c [__riscos__]: Moved RISC OS specific stuff to util/riscos.c
+ and include/util.h.
+
+ * gpgv.c [__riscos__]: Likewise.
+
+2002-06-20 David Shaw <dshaw@jabberwocky.com>
+
+ * keydb.h, pkclist.c (select_algo_from_prefs): Allow passing a
+ suggested algorithm which will be used if available.
+
+ * encode.c (encode_crypt, encrypt_filter), sign.c (sign_file): Use
+ new select_algo_from_prefs feature to check if forcing an
+ algorithm would violate the recipient preferences.
+
+ * photoid.c (get_default_photo_command, show_photos): Use
+ different default viewers on different platforms. Currently we
+ have Win 9x, Win NT (2k, xp), Mac OSX, RISC OS, and "everybody
+ else". These are #ifdefs as much as possible to avoid clutter.
+
+ * g10.c (strusage, build_list), keyedit.c (show_prefs), main.h,
+ misc.c (compress_algo_to_string, check_compress_algo), pkclist.c
+ (algo_available), keygen.c (keygen_set_std_prefs): New
+ algo_to_string and check functions for compress algorithms.
+
+2002-06-20 Werner Koch <wk@gnupg.org>
+
+ * misc.c (setsysinfo): Removed a #warning for Alpha's uniligedn
+ trap disabling - it is quite possible that this is a debug relict.
+
+2002-06-20 Stefan Bellon <sbellon@sbellon.de>
+
+ * g10.c [__riscos__]: Added image file system feature.
+
+ * gpgv.c [__riscos__]: Added image file system feature.
+
+ * photoid.c (show_photos) [__riscos__]: Set RISC OS filetype of
+ photo id according to MIME type.
+
+2002-06-19 David Shaw <dshaw@jabberwocky.com>
+
+ * hkp.c (parse_hkp_index): Don't leak memory when failing out of a
+ bad HKP keyserver.
+
+ * g10.c (add_notation_data): Relax slightly the rules as to what
+ can go into a notation name - 2440 allows "@", for example.
+
+2002-06-17 David Shaw <dshaw@jabberwocky.com>
+
+ * import.c (clean_subkeys, import_one): Only allow at most 1
+ binding sig and at most 1 revocation sig on a subkey, as per
+ 2440:11.1.
+
+ * hkp.c (parse_hkp_index, hkp_search): Error if the keyserver
+ returns an unparseable HKP response.
+
+2002-06-15 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (show_key_with_all_names), keylist.c
+ (list_keyblock_print): Show "[expired]" before expired uids.
+
+ * keyedit.c (show_key_with_all_names_colon), mainproc.c
+ (list_node), keylist.c (list_keyblock_colon): Show flag 'e' for
+ expired user ids. Use "uat" for user attribute packets instead of
+ "uid". Also use '<count> <length>' rather than the fake user id
+ string on attributes.
+
+ * keygen.c (keygen_add_revkey): Remove unused code.
+
+ * misc.c (check_permissions): Check directory permissions
+ properly - they are not special files.
+
+ * pkclist.c (expand_id, expand_group, build_pk_list): When
+ expanding groups before building a pk list, inherit flags from the
+ original pre-expanded string.
+
+ * pubkey-enc.c (is_algo_in_prefs): Don't use prefs from expired
+ uids.
+
+2002-06-14 David Shaw <dshaw@jabberwocky.com>
+
+ * free-packet.c (copy_signature): Properly copy a signature that
+ carries a revocation key on it.
+
+ * pkclist.c (expand_id, expand_group, build_pk_list): Groups now
+ work properly when used in the "Enter the user ID" prompt.
+
+2002-06-14 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (show_key_with_all_names): Display warning if a user
+ tries to show prefs on a v3 key with a v3 selfsig.
+
+ * kbnode.c (dump_kbnode): Show if a uid is expired.
+
+ * import.c (merge_blocks, import_revoke_cert): Show user ID
+ receiving a revocation certificate.
+
+ * free-packet.c (cmp_user_ids): Properly compare attribute ids.
+
+ * pkclist.c (expand_groups): Maintain the strlist flags while
+ expanding. Members of an expansion inherit their flags from the
+ expansion key.
+
+ * options.h, cipher.c (write_header), g10.c (main), keygen.c
+ (keygen_set_std_prefs): remove the personal_mdc flag. It no
+ longer serves a purpose now that the personal preference lists are
+ split into cipher/digest/zip.
+
+2002-06-14 Timo Schulz <ts@winpt.org>
+
+ * skclist.c (is_insecure): Implemented.
+
+2002-06-12 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (keyserver_spawn): Properly handle PROGRAM responses
+ when they have a CRLF ending. Noted by Keith Ray.
+
+ * keyserver.c (keyserver_spawn): Handle CRLF endings from
+ keyserver helpers. Also don't leak the last line worth of memory
+ from the keyserver response.
+
+ * main.h, misc.c (deprecated_warning): New function to warn about
+ deprecated options and commands.
+
+ * g10.c (main), keyserver-internal.h, keyserver.c
+ (parse_keyserver_uri): Use new deprecated function to warn about
+ honor-http-proxy, auto-key-retrieve, and x-broken-hkp.
+
+2002-06-11 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: link gpg with NETLIBS for the built-in HKP access.
+
+2002-06-10 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, keyserver.c (keyserver_opts), g10.c (main): New
+ keyserver option "include-subkeys". This feature already existed,
+ but now can be turned off. It defaults to on.
+
+ * options.h, keyserver.c (parse_keyserver_options,
+ keyserver_spawn): There are now enough options to justify making a
+ structure for the keyserver options rather than a page of
+ if-then-else-if-then-etc.
+
+ * getkey.c (merge_keys_and_selfsig, merge_selfsigs_main): Fix bug
+ in calculating key expiration dates.
+
+2002-06-09 David Shaw <dshaw@jabberwocky.com>
+
+ * keydb.h, getkey.c (get_user_id_native), import.c (import_one):
+ Display user ID while importing a key. Note this applies to both
+ --import and keyserver --recv-keys.
+
+ * exec.c (exec_finish): Log unnatural exit (core dump, killed
+ manually, etc) for fork/exec/pipe child processes.
+
+2002-06-08 Timo Schulz <ts@winpt.org>
+
+ * encode.c (encode_symmetric): Disable the compat flag
+ when the expert mode is enabled.
+
+2002-06-07 David Shaw <dshaw@jabberwocky.com>
+
+ * options.skel, options.h, main.h, keydb.h, pkclist.c
+ (build_pk_list, expand_groups), g10.c (main, add_group): Add new
+ "group" command to allow one name to expand into multiple keys.
+ For simplicity, and to avoid potential loops, we only expand once
+ - you can't make an alias that points to an alias.
+
+ * main.h, g10.c (main), keygen.c (build_personal_digest_list):
+ Simplify the default digest list - there is really no need for the
+ other hashes since they will never be used after SHA-1 in the
+ list.
+
+ * options.skel, options.h, g10.c (main), hkp.c (hkp_ask_import,
+ hkp_export, hkp_search), keyserver.c (parse_keyserver_options,
+ parse_keyserver_uri, keyserver_work, keyserver_refresh): Make the
+ "x-broken-hkp" keyserver scheme into keyserver-option
+ "broken-http-proxy". Move honor_http_proxy into
+ keyserver_options. Canonicalize the three variations of "hkp",
+ "x-hkp", and "x-broken-hkp" into "hkp".
+
+2002-06-07 Stefan Bellon <sbellon@sbellon.de>
+
+ * g10.c [__riscos__]: Added --attribute-file to do the same as
+ --attribute-fd, but with a filename not a fd as argument.
+ Added magic symbol for RISC OS to use different memory management.
+
+ * gpgv.c [__riscos__]: Added magic symbol for RISC OS to use
+ different memory management.
+
+2002-06-06 David Shaw <dshaw@jabberwocky.com>
+
+ * main.h, g10.c (main), keygen.c (build_personal_digest_list): Put
+ in a default digest preference list consisting of SHA-1, followed
+ by every other installed digest except MD5. Note this is the same
+ as having no digest preference at all except for SHA-1 being
+ favored.
+
+ * options.h, g10.c (main), keygen.c (keygen_set_std_prefs),
+ pkclist.c (select_algo_from_prefs): Split
+ --personal-preference-list into three:
+ --personal-{cipher|digest|compress}-preferences. This allows a
+ user to set one without affecting another (i.e. setting only a
+ digest pref doesn't imply an empty cipher pref).
+
+ * exec.c (exec_read): This is a safer way of guessing the return
+ value of system(). Noted by Stefan Bellon.
+
+2002-06-05 David Shaw <dshaw@jabberwocky.com>
+
+ * hkp.c (parse_hkp_index): Be more robust with keyservers
+ returning very unparseable responses.
+
+ * exec.c (exec_read): Catch and display an error when the remote
+ process exits unnaturally (i.e. segfault) so the user knows what
+ happened. Also fix exec_write stub which has a different number
+ of arguments now.
+
+2002-06-05 Timo Schulz <ts@winpt.org>
+
+ * encode.c (encode_simple): Ignore the new mode for RFC1991.
+ * mainproc.c (symkey_decrypt_sesskey): Better check for weird
+ keysizes.
+
+2002-06-05 Timo Schulz <ts@winpt.org>
+
+ * encode.c (encode_sesskey): New.
+ (encode_simple): Use it here. But by default we use the compat
+ mode which supress to generate encrypted session keys.
+
+2002-06-05 Timo Schulz <ts@winpt.org>
+
+ * mainproc.c (symkey_decrypt_sesskey): New.
+ (proc_symkey_enc): Support for encrypted session keys.
+
+2002-06-04 David Shaw <dshaw@jabberwocky.com>
+
+ * sign.c (hash_for, sign_file): When encrypting and signing at the
+ same time, consult the various hash prefs to pick a hash algorithm
+ to use. Pass in a 160-bit hint if any of the signing keys are
+ DSA.
+
+ * keydb.h, pkclist.c (select_algo_from_prefs, algo_available):
+ Pass a "hints" opaque pointer in to let the caller give hints as
+ to what algorithms would be acceptable. The only current hint is
+ for PREFTYPE_HASH to require a 160-bit hash for DSA. Change all
+ callers in encode.c (encode_crypt, encrypt_filter) and sign.c
+ (sign_file). If we settle on MD5 as the best algorithm based
+ solely on recepient keys and SHA1 is also a possibility, use SHA1
+ unless the user intentionally chose MD5. This is as per 2440:13.
+
+ * exec.c (make_tempdir): Fix duplicated filename problem.
+
+2002-06-03 David Shaw <dshaw@jabberwocky.com>
+
+ * packet.h, parse-packet.c (enum_sig_subpkt): Report back from
+ enum_sig_subpkt when a subpacket is critical and change all
+ callers in keylist.c (show_policy_url, show_notation), mainproc.c
+ (print_notation_data), and pkclist.c (do_show_revocation_reason).
+
+ * keylist.c (show_policy_url, show_notation): Display if the
+ policy or notation is critical.
+
+2002-06-03 David Shaw <dshaw@jabberwocky.com>
+
+ * main.h, g10.c (main), keylist.c (dump_attribs, set_attrib_fd,
+ list_keyblock_print, list_keyblock_colon), status.h, status.c
+ (get_status_string): New --attribute-fd feature to dump the
+ contents of attribute subpackets for frontends. If --status-fd is
+ also used, then a new status tag ATTRIBUTE is provided for each
+ subpacket.
+
+ * packet.h, getkey.c (fixup_uidnode, merge_selfsigs_main,
+ merge_selfsigs_subkey), parse-packet.c (setup_user_id): Keep track
+ of the expiration time of a user ID, and while we're at it, use
+ the expired flag from the selfsig rather than reparsing the
+ SIG_EXPIRE subpacket.
+
+ * photoid.c (generate_photo_id): When adding a new photo ID,
+ showing the photo for confirmation is not safe when noninteractive
+ since the "user" may not be able to dismiss a viewer window.
+ Noted by Timo Schulz.
+
+2002-06-03 David Shaw <dshaw@jabberwocky.com>
+
+ * options.skel: Sample photo viewers for Win32.
+
+ * misc.c (pct_expando): Use the seckey for %k/%K if the pubkey is
+ not available.
+
+ * photoid.h, photoid.c (show_photos): Include the seckey in case a
+ user tries to view a photo on a secret key, and change all callers
+ in keyedit.c (menu_showphoto), keylist.c (list_keyblock_print),
+ and photoid.c (generate_photo_id).
+
+2002-06-02 David Shaw <dshaw@jabberwocky.com>
+
+ * photoid.c (show_photos): Work properly when not called with a
+ public key.
+
+2002-05-31 David Shaw <dshaw@jabberwocky.com>
+
+ * sign.c (mk_notation_and_policy): Free unneeded buffer.
+
+ * hkp.c (parse_hkp_index): Properly handle the '&' character
+ (i.e. "&amp;") in HKP responses.
+
+ * getkey.c (merge_selfsigs_main): Fix reversed expiration time
+ check with self-sigs.
+
+ * keyedit.c (sign_uids): When making a new self-sig on a v3 key,
+ make a v3 self-sig unless it is currently a v3 self-sig being
+ promoted to v4.
+
+2002-05-31 Timo Schulz <ts@winpt.org>
+
+ * pkclist.c (do_show_revocation_reason): Don't use capital
+ letters for non-interactive output.
+ (show_revocation_reason): Now it is global.
+ * pubkey-enc.c (get_it): Show if the key has been revoked.
+
+2002-05-30 David Shaw <dshaw@jabberwocky.com>
+
+ * sign.c (write_signature_packets, sign_file, clearsign_file,
+ sign_symencrypt_file): Make a v4 signature if a policy URL or
+ notation is set, unless v3 sigs are forced via rfc1991 or
+ force-v3-sigs. Also remove some doubled code and clarify an error
+ message (we don't sign in PGP2 mode - just detach-sign).
+
+ * parse-packet.c (parse_one_sig_subpkt): Add KS_FLAGS to the "any
+ size" section.
+
+2002-05-29 David Shaw <dshaw@jabberwocky.com>
+
+ * keygen.c (keygen_set_std_prefs, add_feature_mdc): Use "mdc" and
+ "no-mdc" in the prefs string to allow switching on and off the MDC
+ feature. This is needed to properly export a key from GnuPG for
+ use on PGP which does not support MDC - without this, MDC-capable
+ implementations will still try and generate MDCs which will break
+ PGP.
+
+ * keygen.c (keygen_get_std_prefs): Show "[mdc]" in prefs string if
+ it is enabled.
+
+ * options.h, g10.c (main), cipher.c (write_header), keygen.c
+ (keygen_set_std_prefs): For consistency, allow the user to specify
+ mdc/no-mdc in the --personal-preference-list. If disabled, it
+ acts just like --disable-mdc.
+
+2002-05-29 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, exec.c: Add some debugging info, using the 1024 debug
+ flag.
+
+ * exec.c (win_system): New system()-like function for win32 that
+ does not return until the child process terminates. Of course,
+ this doesn't help if the process itself exits before it is
+ finished.
+
+2002-05-29 Werner Koch <wk@gnupg.org>
+
+ * encode.c (encode_simple): Intialize PKT when --no-literal is used.
+
+ * keyedit.c (show_key_with_all_names_colon): Renamed the record
+ for revocation keys to "rvk".
+
+2002-05-27 Werner Koch <wk@gnupg.org>
+
+ * keyedit.c (show_key_with_all_names_colon): New.
+ (show_key_with_all_names): Divert to new function when required.
+ Sanitize printing of revoker name.
+
+2002-05-27 David Shaw <dshaw@jabberwocky.com>
+
+ * build-packet.c (build_sig_subpkt): Handle setting sig flags for
+ certain subpacket types (notation, policy url, exportable,
+ revocable). keyedit.c (sign_mk_attrib): Flags no longer need to
+ be set here.
+
+ * packet.h, parse-packet.c (parse_one_sig_subpkt), build-packet.c
+ (build_sig_subpkt): Call parse_one_sig_subpkt to sanity check
+ buffer lengths before building a sig subpacket.
+
+2002-05-26 David Shaw <dshaw@jabberwocky.com>
+
+ * sign.c (mk_notation_and_policy): Include secret key to enable %s
+ expandos, and pass notations through pct_expando as well.
+
+ * main.h, misc.c (pct_expando): Add %s and %S expandos for
+ signer's keyid.
+
+2002-05-25 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (strusage, build_list): Add compress algorithms to
+ --version list. Show algorithm numbers when --verbose --version
+ is done.
+
+2002-05-22 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, main.h, keygen.c (keygen_set_set_prefs,
+ keygen_get_std_prefs, keygen_upd_std_prefs), keyedit.c
+ (keyedit_menu), g10.c (main), pkclist.c (select_algo_from_prefs):
+ Add --personal-preference-list which allows the user to factor in
+ their own preferred algorithms when the preference lists are
+ consulted. Obviously, this does not let the user violate a
+ recepient's preferences (and the RFC) - this only influences the
+ ranking of the agreed-on (and available) algorithms from the
+ recepients. Suggested by David Hollenberg.
+
+ * options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename
+ --preference-list to --default-preference-list (as that is what it
+ really is), and make it a true default in that if the user selects
+ "default" they get this list and not the compiled-in list.
+
+2002-05-22 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main): Add missing LF in a info printout and made it
+ translatable. Noted by Michael Tokarev.
+
+2002-05-21 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main): Removed the undef of USE_SHM_COPROCESSING which
+ was erroneously introduced on 2002-01-09.
+
+ * signal.c (got_fatal_signal): Don't write the Nul to stderr.
+ Reported by David Hollenberg.
+
+2002-05-18 David Shaw <dshaw@jabberwocky.com>
+
+ * main.h, g10.c (main), revoke.c (gen_desig_revoke): Generate a
+ designated revocation via --desig-revoke
+
+ * keyedit.c (keyedit_menu, menu_addrevoker): New "addrevoker"
+ command to add a designated revoker to a key.
+
+2002-05-17 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgv.c: Add stub for get_ownertrust().
+
+ * g10.c (main): --allow-freeform-uid should be implied by
+ OpenPGP. Add --no-allow-freeform-uid.
+
+ * keyedit.c (sign_uids): Issue a warning when signing a
+ non-selfsigned uid.
+
+ * getkey.c (merge_selfsigs_main): If a key has no selfsigs, and
+ allow-non-selfsigned-uid is not set, still try and make the key
+ valid by checking all uids for a signature from an ultimately
+ trusted key.
+
+2002-05-16 David Shaw <dshaw@jabberwocky.com>
+
+ * main.h, keygen.c (keygen_add_revkey): Add revocation key
+ subpackets to a signature (callable by
+ make_keysig_packet). (write_direct_sig): Write a 1F direct key
+ signature. (parse_revocation_key): Parse a string in
+ algo:fpr:sensitive format into a revocation
+ key. (get_parameter_revkey, do_generate_keypair): Call above
+ functions when prompted from a batch key generation file.
+
+ * build-packet.c (build_sig_subpkt): Allow multiple revocation key
+ subpackets in a single sig.
+
+ * keydb.h, getkey.c (get_seckey_byfprint): Same as
+ get_pubkey_byfprint, except for secret keys. We only know the
+ fingerprint of a revocation key, so this is needed to retrieve the
+ secret key needed to issue a revokation.
+
+ * packet.h, parse-packet.c (parse_signature, parse_revkeys): Split
+ revkey parsing off into a new function that can be used to reparse
+ after manipulating the revkey list.
+
+ * sign.c (make_keysig_packet): Ability to make 1F direct key
+ signatures.
+
+2002-05-15 David Shaw <dshaw@jabberwocky.com>
+
+ * options.skel: keyserver.pgp.com is gone, so list pgp.surfnet.nl
+ as a sample LDAP server instead.
+
+ * getkey.c (merge_selfsigs_main): Properly handle multiple
+ revocation keys in a single packet. Properly handle revocation
+ keys that are in out-of-order packets. Remove duplicates in
+ revocation key list.
+
+2002-05-14 Timo Schulz <ts@winpt.org>
+
+ * exec.c (make_tempdir) [MINGW32]: Added missing '\'.
+
+2002-05-14 Stefan Bellon <sbellon@sbellon.de>
+
+ * exec.c (make_tempdir): Make use of EXTSEP_S instead of hardcoded
+ dot as extension separator.
+
+2002-05-13 David Shaw <dshaw@jabberwocky.com>
+
+ * photoid.c (show_photos): Use the long keyid as the filename for
+ the photo. Use the short keyid as the filename on 8.3 systems.
+
+ * exec.h, exec.c (make_tempdir, exec_write, exec_finish): Allow
+ caller to specify filename. This should make things easier on
+ windows and macs where the file extension is required, but a whole
+ filename is even better.
+
+ * keyedit.c (show_key_with_all_names, show_prefs): Show proper
+ prefs for a v4 key uid with no selfsig at all.
+
+ * misc.c (check_permissions): Don't check permissions on
+ non-normal files (pipes, character devices, etc.)
+
+2002-05-11 Werner Koch <wk@gnupg.org>
+
+ * mainproc.c (proc_symkey_enc): Avoid segv in case the parser
+ encountered an invalid packet.
+
+ * keyserver.c (keyserver_export): Get confirmation before sending
+ all keys.
+
+2002-05-10 Stefan Bellon <sbellon@sbellon.de>
+
+ * g10.c, hkp.c, keyedit.c, keyserver.c: Replaced all occurrances
+ of strcasecmp with ascii_strcasecmp and all occurrances of
+ strncasecmp with ascii_memcasecmp.
+
+2002-05-10 David Shaw <dshaw@jabberwocky.com>
+
+ * packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Show
+ assumed prefs for hash and compression as well as the cipher pref.
+ Show assumed prefs if there are no prefs at all on a v4
+ self-signed key.
+
+ * options.h, g10.c (main), sign.c (make_keysig_packet): New
+ --cert-digest-algo function to override the default key signing
+ hash algorithm.
+
+2002-05-09 David Shaw <dshaw@jabberwocky.com>
+
+ * getkey.c (merge_selfsigs_main): Make sure the revocation key
+ list starts clean as this function may be called more than once
+ (e.g. from functions in --edit).
+
+ * g10.c, encode.c (encode_crypt), sign.c (sign_file,
+ sign_symencrypt_file): Make --compress-algo work like the
+ documentation says. It should be like --cipher-algo and
+ --digest-algo in that it can override the preferences calculation
+ and impose the setting the user wants. No --compress-algo setting
+ allows the usual preferences calculation to take place.
+
+ * main.h, compress.c (compress_filter): use new
+ DEFAULT_COMPRESS_ALGO define, and add a sanity check for compress
+ algo value.
+
+2002-05-08 David Shaw <dshaw@jabberwocky.com>
+
+ * pkclist.c (select_algo_from_prefs): There is an assumed
+ compression preference for uncompressed data.
+
+2002-05-07 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, g10.c (main), getkey.c (finish_lookup), pkclist.c
+ (algo_available): --pgp7, identical to --pgp6 except that it
+ permits a few algorithms that PGP 7 added: AES128, AES192, AES256,
+ and TWOFISH. Any more of these --pgpX flags, and it'll be time to
+ start looking at a generic --emulate-pgp X option.
+
+ * export.c (do_export_stream): Warn the user when exporting a
+ secret key if it or any of its secret subkeys are protected with
+ SHA1 while simple_sk_checksum is set.
+
+ * parse-packet.c (parse_key): Show when the SHA1 protection is
+ used in --list-packets.
+
+ * options.h, build-packet.c (do_comment), g10.c (main): Rename
+ --no-comment as --sk-comments/--no-sk-comments (--no-comment still
+ works) and make the default be --no-sk-comments.
+
+2002-05-07 Werner Koch <wk@gnupg.org>
+
+ * keygen.c (get_parameter_algo): Never allow generation of the
+ deprecated RSA-E or RSA-S flavors of PGP RSA.
+ (ask_algo): Allow generation of RSA sign and encrypt in expert
+ mode. Don't allow ElGamal S+E unless in expert mode.
+ * helptext.c: Added entry keygen.algo.rsa_se.
+
+2002-05-07 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (sign_uids): If --expert is set, allow re-signing a
+ uid to promote a v3 self-sig to a v4 one. This essentially
+ deletes the old v3 self-sig and replaces it with a v4 one.
+
+ * packet.h, parse-packet.c (parse_key), getkey.c
+ (merge_keys_and_selfsig, merge_selfsigs_main): a v3 key with a v4
+ self-sig must never let the v4 self-sig express a key expiration
+ time that extends beyond the original v3 expiration time.
+
+2002-05-06 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (sign_uids): When making a self-signature via "sign"
+ don't ask about sig level or expiration, and include the usual
+ preferences and such for v4 self-sigs. (menu_set_preferences):
+ Convert uids from UTF8 to native before printing.
+
+ * keyedit.c (sign_uids): Convert uids from UTF8 to native before
+ printing. (menu_set_primary_uid): Show error if the user tries to
+ make a uid with a v3 self-sig primary.
+
+2002-05-05 David Shaw <dshaw@jabberwocky.com>
+
+ * import.c (import_one): When merging with a key we already have,
+ don't let a key conflict (same keyid but different key) stop the
+ import: just skip the bad key and continue.
+
+ * exec.c (make_tempdir): Under Win32, don't try environment
+ variables for temp directories - GetTempDir tries environment
+ variables internally, and it's better not to second-guess it in
+ case MS adds some sort of temp dir handling to Windows at some
+ point.
+
+2002-05-05 Timo Schulz <ts@winpt.org>
+
+ * mainproc.c (proc_symkey_enc): Don't ask for a passphrase
+ in the list only mode.
+
+2002-05-05 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (keyserver_refresh): --refresh-keys implies
+ --merge-only so as not to import keys with keyids that match the
+ ones being refreshed. Noted by Florian Weimer.
+
+2002-05-04 Stefan Bellon <sbellon@sbellon.de>
+
+ * free-packet.c (copy_public_key): Don't call m_alloc(0), therefore
+ added consistency check for revkey and numrefkeys.
+
+ * getkey.c (check_revocation_keys): Added consistency check for
+ revkey and numrefkeys.
+
+ * keyedit.c (show_key_with_all_names): Likewise.
+
+2002-05-03 David Shaw <dshaw@jabberwocky.com>
+
+ * photoid.c: Provide default image viewer for Win32.
+
+ * misc.c (pct_expando): %t means extension, not name ("jpg", not
+ "jpeg").
+
+ * keyserver.c (keyserver_spawn), photoid.c (show_photos), exec.h,
+ exec.c: Allow the caller to determine the temp file extension when
+ starting an exec_write and change all callers.
+
+ * keyedit.c (sign_uids): Nonrevocable key signatures cause an
+ automatic promotion to v4.
+
+ * exec.c: Provide stubs for exec_ functions when NO_EXEC is
+ defined.
+
+2002-05-02 David Shaw <dshaw@jabberwocky.com>
+
+ * photoid.h, photoid.c (parse_image_header, image_type_to_string):
+ Useful functions to return data about an image.
+
+ * packet.h, parse-packet.c (make_attribute_uidname,
+ parse_attribute_subpkts, parse_attribute), photoid.h, photoid.c
+ (show_photos): Handle multiple images in a single attribute
+ packet.
+
+ * main.h, misc.c (pct_expando), sign.c (mk_notation_and_policy),
+ photoid.c (show_photos): Simpler expando code that does not
+ require using compile-time string sizes. Call
+ image_type_to_string to get image strings (i.e. "jpg",
+ "image/jpeg"). Change all callers.
+
+ * keyedit.c (menu_showphoto), keylist.c (list_keyblock_print):
+ Allow viewing multiple images within a single attribute packet.
+
+ * gpgv.c: Various stubs for link happiness.
+
+2002-05-02 David Shaw <dshaw@jabberwocky.com>
+
+ * build-packet.c (build_sig_subpkt), keyedit.c (sign_uids),
+ options.h, sign.c (mk_notation_and_policy), g10.c (main,
+ add_notation_data, add_policy_url (new), check_policy_url
+ (removed)): Allow multiple policy URLs on a given signature.
+ Split "--notation-data" into "--cert-notation" and
+ "--sig-notation" so the user can set different policies for key
+ and data signing. For backwards compatibility, "--notation-data"
+ sets both, as before.
+
+2002-05-02 Werner Koch <wk@gnupg.org>
+
+ * options.skel: Removed the comment on trusted-keys because this
+ option is now deprecated.
+
+2002-05-01 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (menu_adduid): 2440bis04 says that multiple attribute
+ packets on a given key are legal.
+
+ * keyserver.c (keyserver_refresh): the fake v3 keyid hack applies
+ to "mailto" URLs as well since they are also served by pksd.
+
+2002-04-29 Werner Koch <wk@gnupg.org>
+
+ Added a copyright year for files changed this year.
+
+2002-04-25 Werner Koch <wk@gnupg.org>
+
+ * g10.c, options.h: New options --display, --ttyname, --ttytype,
+ --lc-ctype, --lc-messages to be used with future versions of the
+ gpg-agent.
+ * passphrase.c (agent_send_option,agent_send_all_options): New.
+ (agent_open): Send options to the agent.
+
+ * trustdb.c (update_ownertrust, clear_ownertrust): Do an explicit
+ do_sync because revalidation_mark does it only if when the
+ timestamp actually changes.
+
+2002-04-23 David Shaw <dshaw@jabberwocky.com>
+
+ * main.h, keygen.c (do_generate_keypair), keylist.c
+ (print_signature_stats, list_all, list_one, list_keyblock,
+ list_keyblock_print, list_keyblock_colon): After generating a new
+ key, show the key information (name, keyid, fingerprint, etc.)
+ Also do not print uncheckable signatures (missing key..) in
+ --check-sigs. Print statistics (N missing keys, etc.) after
+ --check-sigs.
+
+ * keyedit.c (sign_uids): When signing a key with an expiration
+ date on it, the "Do you want your signature to expire at the same
+ time?" question should default to YES.
+
+2002-04-22 David Shaw <dshaw@jabberwocky.com>
+
+ * parse-packet.c (parse_plaintext), packet.h, plaintext.c
+ (handle_plaintext): Fix bug in handling literal packets with
+ zero-length data (no data was being confused with partial body
+ length).
+
+ * misc.c (pct_expando), options.skel: %t means extension ("jpg").
+ %T means MIME type ("image/jpeg").
+
+ * import.c (import_one): Only trigger trust update if the keyring
+ is actually changed.
+
+ * export.c (do_export_stream): Missing a m_free.
+
+2002-04-22 Stefan Bellon <sbellon@sbellon.de>
+
+ * keyid.c (expirestr_from_sk, expirestr_from_sig): Added _() to
+ string constant.
+
+ * exec.c (make_tempdir) [__riscos__]: Better placement of
+ temporary file.
+
+2002-04-20 David Shaw <dshaw@jabberwocky.com>
+
+ * keygen.c (generate_subkeypair): 2440bis04 adds that creating
+ subkeys on v3 keys is a MUST NOT.
+
+ * getkey.c (finish_lookup): The --pgp6 "use the primary key"
+ behavior should only apply while data signing and not encryption.
+ Noted by Roger Sondermann.
+
+2002-04-19 Werner Koch <wk@gnupg.org>
+
+ * keygen.c (keygen_set_std_prefs): Put back 3DES because the RFC
+ says it is good form to do so.
+
+2002-04-19 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (menu_deluid): Only cause a trust update if we delete
+ a non-revoked user id.
+
+ * hkp.c (hkp_ask_import), keyserver.c (parse_keyserver_options,
+ keyserver_spawn), options.h: Remove fast-import keyserver option
+ (no longer meaningful).
+
+ * g10.c (main), keyedit.c (sign_uids), options.h: Change
+ --default-check-level to --default-cert-check-level as it makes
+ clear what it operates on.
+
+ * g10.c (main): --pgp6 also implies --no-ask-sig-expire.
+
+ * delkey.c (do_delete_key): Comment.
+
+ * keyedit.c (sign_uids, keyedit_menu, menu_deluid, menu_delsig,
+ menu_expire, menu_revsig, menu_revkey): Only force a trustdb check
+ if we did something that changes it.
+
+ * g10.c: add "--auto-check-trustdb" to override a
+ "--no-auto-check-trustdb"
+
+2002-04-19 Werner Koch <wk@gnupg.org>
+
+ * tdbio.c (tdbio_write_nextcheck): Return a status whether the
+ stamp was actually changed.
+ * trustdb.c (revalidation_mark): Sync the changes. Removed the
+ sync operation done by its callers.
+ (get_validity): Add logic for maintaining a pending_check flag.
+ (clear_ownertrust): New.
+
+ * keyedit.c (sign_uids): Don't call revalidation_mark depending on
+ primary_pk.
+ (keyedit_menu): Call revalidation_mark after "trust".
+ (show_key_with_all_names): Print a warning on the wrong listed key
+ validity.
+
+ * delkey.c (do_delete_key): Clear the owenertrust information when
+ deleting a public key.
+
+2002-04-18 Werner Koch <wk@gnupg.org>
+
+ * seskey.c (encode_md_value): Print an error message if a wrong
+ digest algorithm is used with DSA. Changed all callers to cope
+ with a NULL return. Problem noted by Imad R. Faiad.
+
+2002-04-18 David Shaw <dshaw@jabberwocky.com>
+
+ * trustdb.c (mark_usable_uid_certs): Properly handle nonrevocable
+ signatures that can expire. In short, the only thing that can
+ override an unexpired nonrevocable signature is another unexpired
+ nonrevocable signature.
+
+ * getkey.c (finish_lookup): Always use primary signing key for
+ signatures when --pgp6 is on since pgp6 and 7 do not understand
+ signatures made by signing subkeys.
+
+2002-04-18 Werner Koch <wk@gnupg.org>
+
+ * trustdb.c (validate_keys): Never schedule a nextcheck into the
+ past.
+ (validate_key_list): New arg curtime use it to set next_expire.
+ (validate_one_keyblock): Take the current time from the caller.
+ (clear_validity, reset_unconnected_keys): New.
+ (validate_keys): Reset all unconnected keys.
+
+ * getkey.c (premerge_public_with_secret): Fixed 0x12345678! syntax
+ for use with secret keys.
+ (lookup): Advance the searchmode after a search FIRST.
+
+ * seckey-cert.c (do_check): Always calculate the old checksum for
+ use after unprotection.
+
+ * g10.c, options.skel: New option --no-escape-from. Made
+ --escape-from and --force-v3-sigs the default and removed them
+ from the options skeleton.
+
+2002-04-16 Werner Koch <wk@gnupg.org>
+
+ * parse-packet.c (parse_key): Support a SHA1 checksum as per
+ draft-rfc2440-bis04.
+ * packet.h (PKT_secret_key): Add field sha1chk.
+ * seckey-cert.c (do_check): Check the SHA1 checksum
+ (protect_secret_key): And create it.
+ * build-packet.c (do_secret_key): Mark it as sha-1 protected.
+ * g10.c, options.h: New option --simple-sk-checksum.
+
+2002-04-13 David Shaw <dshaw@jabberwocky.com>
+
+ * parse-packet.c (parse_signature): Minor fix - signatures should
+ expire at their expiration time and not one second later.
+
+ * keygen.c (proc_parameter_file): Allow specifying preferences
+ string (i.e. "s5 s2 z1 z2", etc) in a batchmode key generation
+ file.
+
+ * keyedit.c (keyedit_menu): Print standard error message when
+ signing a revoked key (no new translation).
+
+ * getkey.c (merge_selfsigs): Get the default set of key prefs from
+ the real (not attribute) primary uid.
+
+2002-04-12 David Shaw <dshaw@jabberwocky.com>
+
+ * pkclist.c (build_pk_list): Fix bug that allowed a key to be
+ selected twice in batch mode if one instance was the default
+ recipient and the other was an encrypt-to. Noted by Stefan
+ Bellon.
+
+ * parse-packet.c (dump_sig_subpkt): Show data in trust and regexp
+ sig subpackets.
+
+ * keyedit.c (keyedit_menu): Use new function real_uids_left to
+ prevent deleting the last real (i.e. non-attribute) uid. Again,
+ according to the attribute draft. (menu_showphoto): Make another
+ string translatable.
+
+2002-04-11 David Shaw <dshaw@jabberwocky.com>
+
+ * build-packet.c (build_sig_subpkt): Delete subpackets from both
+ hashed and unhashed area on update. (find_subpkt): No longer
+ needed.
+
+ * keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key
+ with a v4 signature. As usual, --expert overrides. Try to tweak
+ some strings to a closer match so they can all be translated in
+ one place. Use different helptext keys to allow different help
+ text for different questions.
+
+ * keygen.c (keygen_upd_std_prefs): Remove preferences from both
+ hashed and unhashed areas if they are not going to be used.
+
+2002-04-10 David Shaw <dshaw@jabberwocky.com>
+
+ * misc.c (pct_expando), options.skel: Use %t to indicate type of a
+ photo ID (in this version, it's always "jpeg"). Also tweak string
+ expansion loop to minimize reallocs.
+
+ * mainproc.c (do_check_sig): Variable type fix.
+
+ * keyedit.c (menu_set_primary_uid): Differentiate between true
+ user IDs and attribute user IDs when making one of them primary.
+ That is, if we are making a user ID primary, we alter user IDs.
+ If we are making an attribute packet primary, we alter attribute
+ packets. This matches the language in the latest attribute packet
+ draft.
+
+ * keyedit.c (sign_uids): No need for the empty string hack.
+
+ * getkey.c (fixup_uidnode): Only accept preferences from the
+ hashed segment of the self-sig.
+
+2002-04-10 Werner Koch <wk@gnupg.org>
+
+ * tdbio.c (migrate_from_v2): Fixed the offset to read the old
+ ownertrust value and only add entries to the table if we really
+ have a value.
+
+2002-04-08 David Shaw <dshaw@jabberwocky.com>
+
+ * status.h, status.c (get_status_string): Add KEYEXPIRED, EXPSIG,
+ and EXPKEYSIG. Add "deprecated-use-keyexpired-instead" to
+ SIGEXPIRED.
+
+ * sig-check.c (do_check): Start transition from SIGEXPIRED to
+ KEYEXPIRED, since the actual event is signature verification by an
+ expired key and not an expired signature. (do_signature_check,
+ packet.h): Rename as signature_check2, make public, and change all
+ callers.
+
+ * mainproc.c (check_sig_and_print, do_check_sig): Use status
+ EXPSIG for an expired, but good, signature. Add the expiration
+ time (or 0) to the VALIDSIG status line. Use status KEYEXPSIG for
+ a good signature from an expired key.
+
+ * g10.c (main): remove checks for no arguments now that argparse
+ does it.
+
+2002-04-06 Werner Koch <wk@gnupg.org>
+
+ * keyring.c (keyring_get_keyblock): Disable the keylist mode here.
+
+ * encode.c (encode_simple, encode_crypt): Only test on compressed
+ files if a compress level was not explicity set.
+
+ * keygen.c (keygen_set_std_prefs): Removed Blowfish and Twofish
+ from the list of default preferences, swapped the preferences of
+ RMD160 and SHA1. Don't include a preference to 3DES unless the
+ IDEA kludge gets used.
+
+ * free-packet.c (free_packet): call free_encrypted also for
+ PKT_ENCRYPTED_MDC.
+
+ * compress.c (release_context): New.
+ (handle_compressed): Allocate the context and setup a closure to
+ release the context. This is required because there is no
+ guarantee that the filter gets popped from the chain at the end
+ of the function. Problem noted by Timo and probably also the
+ cause for a couple of other reports.
+ (compress_filter): Use the release function if set.
+
+ * tdbio.c [__CYGWIN32__]: Don't rename ftruncate. Noted by
+ Disastry.
+
+ * parse-packet.c (parse_signature): Put parens around a bit test.
+
+ * exec.c (make_tempdir): Double backslash for TMP directory
+ creation under Windows. Better strlen the DIRSEP_S constants for
+ allocation measurements.
+
+ * decrypt.c (decrypt_messages): Release the passphrase aquired
+ by get_last_passphrase.
+
+2002-04-02 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (EXTRA_DIST): Removed OPTIONS an pubring.asc - they
+ are no longer of any use.
+
+2002-04-03 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (parse_keyserver_options): fix auto-key-retrieve to
+ actually work as a keyserver-option (noted by Roger Sondermann).
+
+ * keylist.c (reorder_keyblock): do not reorder the primary
+ attribute packet - the first user ID must be a genuine one.
+
+2002-03-31 David Shaw <dshaw@jabberwocky.com>
+
+ * keylist.c (list_keyblock_colon): Fix ownertrust display with
+ --with-colons.
+
+ * keygen.c (generate_user_id), photoid.c (generate_photo_id):
+ Properly initialize the user ID refcount. A few more "y/n" ->
+ "y/N" in photoid.c.
+
+ * keyedit.c (ask_revoke_sig): Warn the user if they are about to
+ revoke an expired sig (not a problem, but they should know). Also
+ tweak a few prompts to change "y/n" to "y/N", which is how most
+ other prompts are written.
+
+ * keyserver.c (keyserver_search_prompt): Control-d escapes the
+ keyserver search prompt.
+
+ * pkclist.c (show_revocation_reason & callers): If a subkey is
+ considered revoked solely because the parent key is revoked, print
+ the revocation reason from the parent key.
+
+ * trustdb.c (get_validity): Allow revocation/expiration to apply
+ to a uid/key with no entry in the trustdb.
+
+2002-03-29 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (printunquoted): unquote backslashes from keyserver
+ searches
+
+ * hkp.c (write_quoted): quote backslashes from keyserver searches
+
+2002-03-26 Werner Koch <wk@gnupg.org>
+
+ * keygen.c (ask_keysize): Removed the warning for key sizes > 1536.
+
+2002-03-25 Werner Koch <wk@gnupg.org>
+
+ * keyedit.c (sign_uids): Use 2 strings and not a %s so that
+ translations can be done the right way.
+ * helptext.c: Fixed small typo.
+
+2002-03-23 David Shaw <dshaw@jabberwocky.com>
+
+ * import.c (append_uid, merge_sigs): it is okay to import
+ completely non-signed uids now (with --allow-non-selfsigned-uid).
+
+ * getkey.c (get_primary_uid, merge_selfsigs_main): do not choose
+ an attribute packet (i.e. photo) as primary uid. This prevents
+ oddities like "Good signature from [image of size 2671]". This is
+ still not perfect (one can still select an attribute packet as
+ primary in --edit), but is closer to the way the draft is going.
+
+ * g10.c (build_list): algorithms should include 110.
+
+ * g10.c (main): --pgp2 implies --no-ask-sig-expire and
+ --no-ask-cert-expire as those would cause a v4 sig/cert.
+
+ * armor.c (is_armor_header): be more lenient in what constitutes a
+ valid armor header (i.e. -----BEGIN blah blah-----) as some
+ Windows programs seem to add spaces at the end. --openpgp makes
+ it strict again.
+
+2002-03-18 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (keyserver_search_prompt): Properly handle a "no
+ keys found" case from the internal HKP code (external HKP is ok).
+ Also, make a COUNT -1 (i.e. streamed) keyserver response a little
+ more efficient.
+
+ * g10.c (main): Add --no-allow-non-selfsigned-uid
+
+2002-03-17 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (main): --openpgp implies --allow-non-selfsigned-uid.
+
+ * getkey.c (merge_selfsigs_main): If none of the uids are primary
+ (because none are valid) then pick the first to be primary (but
+ still invalid). This is for cosmetics in case some display needs
+ to print a user ID from a non-selfsigned key. Also use
+ --allow-non-selfsigned-uid to make such a key valid and not
+ --always-trust. The key is *not* automatically trusted via
+ --allow-non-selfsigned-uid.
+
+ * mainproc.c (check_sig_and_print): Make sure non-selfsigned uids
+ print [uncertain] on verification even though one is primary now.
+
+ * getkey.c (merge_selfsigs): If the main key is not valid, then
+ neither are the subkeys.
+
+ * import.c (import_one): Allow --allow-non-selfsigned-uid to work
+ on completely unsigned keys. Print the uids in UTF8. Remove
+ mark_non_selfsigned_uids_valid().
+
+ * keyedit.c (show_key_with_all_names): Show revocation key as
+ UTF8.
+
+ * sign.c (clearsign_file): Allow --not-dash-escaped to work with
+ v3 keys.
+
+2002-03-14 Werner Koch <wk@gnupg.org>
+
+ * main.h: Changed the default algorithms to CAST5 and SHA1.
+
+2002-03-13 David Shaw <dshaw@jabberwocky.com>
+
+ * import.c (chk_self_sigs): Show which user ID a bad self-sig
+ (invald sig or unsupported public key algorithm) resides on.
+
+ * import.c (chk_self_sigs): any valid self-sig should mark a user
+ ID or subkey as valid - otherwise, an attacker could DoS the user
+ by inventing a bogus invalid self-signature.
+
+2002-03-07 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (main): make a few more strings translatable.
+
+ * options.h, options.skel, g10.c (main), gpgv.c, mainproc.c
+ (check_sig_and_print), keyserver.c (parse_keyserver_options):
+ --auto-key-retrieve should really be a keyserver-option variable.
+
+ * import.c (revocation_present): new function to print a warning
+ if a key is imported that has been revoked by designated revoker,
+ but the designated revoker is not present to verify the
+ revocation. If keyserver-options auto-key-retrieve is set, try
+ and fetch the designated revoker from the keyserver.
+
+ * import.c (import_one): call revocation_present after importing a
+ new key. Note that this applies to --import, --recv-keys, and
+ --search-keys.
+
+ * keyserver-internal.h, keyserver.c (keyserver_import_fprint):
+ import via fingerprint (for revocation keys).
+
+ * keyserver.c (keyserver_import_keyid): much simpler
+ implementation now that we're using KEYDB_SEARCH_DESC internally.
+
+2002-03-04 David Shaw <dshaw@jabberwocky.com>
+
+ * revoke.c (gen_revoke): do not prompt for revocation reason for
+ v3 revocations (unless force-v4-certs is on) since they wouldn't
+ be used anyway.
+
+ * keyedit.c (menu_revsig): show the status of the sigs
+ (exportable? revocable?) to the user before prompting for which
+ sig to revoke. Also, make sure that local signatures get local
+ revocations.
+
+ * keyedit.c (ask_revoke_sig): remind the user which sigs are
+ local.
+
+ * g10.c (main): Add "exec-path" variable to override PATH for
+ execing programs.
+
+ * export.c (do_export_stream): properly check return code from
+ classify_user_id to catch unclassifiable keys.
+
+2002-03-03 David Shaw <dshaw@jabberwocky.com>
+
+ * parse-packet.c (parse_signature): variable type tweak for RISC
+ OS (from Stefan)
+
+2002-02-28 David Shaw <dshaw@jabberwocky.com>
+
+ * getkey.c (check_revocation_keys): New function to check a
+ revocation against a list of potential revocation keys. Note the
+ loop-breaking code here. This is to prevent blowing up if A is
+ B's revocation key, while B is also A's. Note also that this is
+ written so that a revoked revoker can still issue revocations:
+ i.e. If A revokes B, but A is revoked, B is still revoked. I'm
+ not completely convinced this is the proper behavior, but it
+ matches how PGP does it. It does at least have the advantage of
+ much simpler code - my first version of this had lots of loop
+ maintaining code so you could chain revokers many levels deep and
+ if D was revoked, C was not, which meant that B was, and so on.
+ It was sort of scary, actually.
+
+ * getkey.c (merge_selfsigs_main): Add any revocation keys onto the
+ pk. This is particularly interesting since we normally only get
+ data from the most recent 1F signature, but you need multiple 1F
+ sigs to properly handle revocation keys (PGP does it this way, and
+ a revocation key could be marked "sensitive" and hence in a
+ different signature). Also, if a pk has a revocation key set,
+ check for revocation sigs that were not made by us - if made by a
+ valid revocation key, mark the pk revoked.
+
+ * packet.h, getkey.c (cache_public_key): do not cache key if
+ "dont_cache" is set. This allows the revocation key code to look
+ up a key and return information that may be inaccurate to prevent
+ loops without caching the fake data.
+
+ * packet.h, sig-check.c (do_signature_check): Record if a
+ signature was made by a revoked pk.
+
+ * packet.h, parse-packet.c (parse_one_sig_subpkt,
+ can_handle_critical, parse_signature): Get revocation key
+ information out of direct sigs.
+
+ * keylist.c (list_keyblock_print): don't assume that the presence
+ of a 0x20 signature means the key is revoked. With revocation
+ keys, this may not be true if the revocation key is not around to
+ verify it or if verification failed. Also, 0x1F should get listed
+ as "sig", and not "unexpected signature class".
+
+ * keyedit.c (show_key_with_all_names): Add a flag for printing
+ revoker information and change all callers.
+
+ * import.c (merge_blocks): merge in any new direct key (0x1F)
+ sigs.
+
+ * import.c (import_revoke_cert): don't keep processing after a
+ revocation is rejected.
+
+ * import.c (delete_inv_parts): Allow importing a revocation
+ signature even if it was not issued by the key. This allows a
+ revocation key to issue it. Of course, the sig still needs to be
+ checked before we trust it.
+
+ * free-packet.c (copy_public_key): Include a new copy of the
+ revocation keys when duping a pk.
+
+ * free-packet.c (free_seckey_enc, release_public_key_parts): Free
+ any revocation keys that are attached to a sig or pk.
+
+ * export.c (do_export_stream): Do not export signatures with
+ "sensitive" revocation keys in them.
+
+2002-02-27 David Shaw <dshaw@jabberwocky.com>
+
+ * export.c (do_export_stream): Do not include v3 keys in a
+ --export-secret-subkeys export.
+
+ * getkey.c (merge_selfsigs_main): If a key isn't valid (say,
+ because of no self-signature), allow --always-trust to force it
+ valid so it can be trusted.
+
+2002-02-25 David Shaw <dshaw@jabberwocky.com>
+
+ * hkp.c (hkp_ask_import), hkp.h, keyserver.c (all): treat key
+ lists internally as fingerprints when possible. All this is via
+ KEYDB_SEARCH_DESC - no point in reinventing the wheel. This allows
+ the helper program to search the keyserver by fingerprint if
+ desired (and the keyserver supports it). Note that automatic
+ fingerprint promotion during refresh only applies to v4 keys as a
+ v4 fingerprint can be easily changed into a long or short key id,
+ and a v3 cannot.
+
+ * pubkey-enc.c, getkey.c, misc.c, main.h: Take two copies of
+ hextobyte() from pubkey-enc.c and getkey.c and make them into one
+ copy in misc.c.
+
+2002-02-22 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (keyserver_search_prompt): Detect a "no keys found"
+ case even if the helper program does not explicitly say how many
+ keys were found.
+
+ * hkp.c (parse_hkp_index): Bug fix - don't report non-revoked keys
+ as revoked in HKP key searches.
+
+2002-02-19 Werner Koch <wk@gnupg.org>
+
+ * parse-packet.c (parse_trust): Made parsing more robust.
+
+2002-02-19 David Shaw <dshaw@jabberwocky.com>
+
+ * hkp.c (parse_hkp_index): Catch corruption in HKP index lines
+ (can be caused by broken or malicious keyservers).
+
+ * keyserver.c (keyserver_work): Add KEYSERVER_NOT_SUPPORTED for
+ unsupported actions (say, a keyserver that has no way to search,
+ or a readonly keyserver that has no way to add). Also add a
+ USE_EXTERNAL_HKP define to disable the internal HKP keyserver
+ code.
+
+2002-02-14 Werner Koch <wk@gnupg.org>
+
+ * g10.c: New option --no-use-agent.
+
+ * pkclist.c (check_signatures_trust): Always print the warning for
+ unknown and undefined trust. Removed the did_add cruft. Reported
+ by Janusz A. Urbanowicz.
+
+2002-02-11 David Shaw <dshaw@jabberwocky.com>
+
+ * hkp.c (parse_hkp_index): Bug fix - properly handle user IDs with
+ colons (":") in them while HKP searching.
+
+2002-02-09 David Shaw <dshaw@jabberwocky.com>
+
+ * misc.c (pct_expando): More comments.
+
+ * keydb.h, sign.c (mk_notation_and_policy): Clarify what is a sig
+ and what is a cert. A sig has sigclass 0x00, 0x01, 0x02, or 0x40,
+ and everything else is a cert.
+
+ * g10.c (main), keyedit.c (keyedit_menu): Add a "nrlsign" for
+ nonrevocable and local key signatures.
+
+ * g10.c (main): Add a --no-force-mdc to undo --force-mdc.
+
+ * options.h, g10.c (main), cipher.c (write_header): Add a knob to
+ --disable-mdc/--no-disable-mdc. Off by default, of course, but is
+ used in --pgp2 and --pgp6 modes.
+
+ * pkclist.c (build_pk_list): Allow specifying multiple users in
+ the "Enter the user ID" loop. Enter a blank line to stop. Show
+ each key+id as it is added.
+
+ * keylist.c (show_policy_url), mainproc.c (print_notation_data):
+ It is not illegal (though possibly silly) to have multiple policy
+ URLs in a given signature, so print all that are present.
+
+ * hkp.c (hkp_search): More efficient implementation of URL-ifying
+ code.
+
+2002-02-04 David Shaw <dshaw@jabberwocky.com>
+
+ * main.h, misc.c (pct_expando): New function to generalize
+ %-expando processing in any arbitrary string.
+
+ * photoid.c (show_photo): Call the new pct_expando function rather
+ than expand strings internally.
+
+ * sign.c (mk_notation_and_policy): Show policy URLs and notations
+ when making a signature if show-policy/show-notation is on.
+ %-expand policy URLs during generation. This lets the user have
+ policy URLs of the form "http://notary.jabberwocky.com/keysign/%K"
+ which will generate a per-signature policy URL.
+
+ * main.h, keylist.c (show_policy_url, show_notation): Add amount
+ to indent so the same function can be used in key listings as well
+ as during sig generation. Change all callers.
+
+2002-02-04 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c, options.h (parse_keyserver_options, keyidlist):
+ Workaround for the pksd and OKS keyserver bug that calculates v4
+ RSA keyids as if they were v3. The workaround/hack is to fetch
+ both the v4 (e.g. 99242560) and v3 (e.g. 68FDDBC7) keyids. This
+ only happens for key refresh while using the HKP scheme and the
+ refresh-add-fake-v3-keyids keyserver option must be set. This
+ should stay off by default.
+
+2002-02-03 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (keyserver_spawn): Bug fix - do not append keys to
+ each other when --sending more than one.
+
+2002-02-02 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, g10.c (main), keyedit.c (sign_uids), sign.c
+ (mk_notation_and_policy): Split "--set-policy-url" into
+ "--cert-policy-url" and "--sig-policy-url" so the user can set
+ different policies for key and data signing. For backwards
+ compatibility, "--set-policy-url" sets both, as before.
+
+2002-01-30 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main): --gen-random --armor does now output a base64
+ encoded string.
+
+2002-01-28 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (main), options.h, pkclist.c (algo_available): --pgp6
+ flag. This is not nearly as involved as --pgp2. In short, it
+ turns off force_mdc, turns on no_comment, escape_from, and
+ force_v3_sigs, and sets compression to 1. It also restricts the
+ user to IDEA (if present), 3DES, CAST5, MD5, SHA1, and RIPEMD160.
+ See the comments above algo_available() for lots of discussion on
+ why you would want to do this.
+
+2002-01-27 David Shaw <dshaw@jabberwocky.com>
+
+ * keygen.c (keygen_set_std_prefs): Comment
+
+ * keyedit.c (sign_uids): Bug fix - when signing with multiple
+ secret keys at the same time, make sure each key gets the sigclass
+ prompt.
+
+ * exec.c (exec_finish): Close the iobuf and FILE before trying to
+ waitpid, so the remote process will get a SIGPIPE and exit. This
+ is only a factor when using a pipe to communicate.
+
+ * exec.c (exec_write): Disable cache-on-close of the fd iobuf (is
+ this right? Why is a fd iobuf cached at all?)
+
+2002-01-26 Werner Koch <wk@gnupg.org>
+
+ * g10.c, options.h: New option --gpg-agent-info
+ * passphrase.c (agent_open): Let it override the environment info.
+ * seckey-cert.c (check_secret_key): Always try 3 times when the
+ agent is enabled.
+ * options.skel: Describe --use-agent.
+
+2002-01-24 David Shaw <dshaw@jabberwocky.com>
+
+ * pubkey-enc.c (is_algo_in_prefs, get_it): Only check preferences
+ against keys with v4 self sigs - there is really little point in
+ warning for every single non-IDEA message encrypted to an old key.
+
+ * pkclist.c (select_algo_from_prefs): Only put in the fake IDEA
+ preference if --pgp2 is on.
+
+ * mainproc.c (check_sig_and_print): Print "Expired" for expired
+ but good signatures (this still prints "BAD" for expired but bad
+ signatures).
+
+2002-01-23 David Shaw <dshaw@jabberwocky.com>
+
+ * keygen.c (ask_keysize): Cosmetic: don't present a RSA signing
+ key as a "keypair" which can be 768 bits long (as RSA minimum is
+ 1024).
+
+ * pubkey-enc.c (is_algo_in_prefs): Allow IDEA as a fake preference
+ for v3 keys with v3 selfsigs.
+
+2002-01-22 David Shaw <dshaw@jabberwocky.com>
+
+ * packet.h, getkey.c (merge_selfsigs_main), pkclist.c
+ (select_algo_from_prefs): Implement the fake IDEA preference as
+ per RFC2440:12.1. This doesn't mean that IDEA will be used (the
+ plugin may not be present), but it does mean that a v3 key with a
+ v3 selfsig has an implicit IDEA preference instead of 3DES. v3
+ keys with v4 selfsigs use preferences as normal.
+
+ * encode.c (encode_crypt): if select_algo_from_prefs fails, this
+ means that we could not find a cipher that both keys like. Since
+ all v4 keys have an implicit 3DES preference, this means there is
+ a v3 key with a v3 selfsig in the list. Use 3DES in this case as
+ it is the safest option (we know the v4 key can handle it, and
+ we'll just hope the v3 key is being used in an implementation that
+ can handle it). If --pgp2 is on, warn the user what we're doing
+ since it'll probably break PGP2 compatibility.
+
+ * g10.c (main): Do not force using IDEA for encrypted files in
+ --pgp2 mode - let the fake IDEA preference choose this for us for
+ better compatibility when encrypting to multiple keys, only some
+ of which are v3.
+
+ * keygen.c (keygen_set_std_prefs): Put 3DES on the end of the
+ default cipher pref list (RFC2440: "...it is good form to place it
+ there explicitly."). If the user has the IDEA plugin installed,
+ put a preference for IDEA *after* 3DES to effectively disable its
+ use for everything except encrypting along with v3 keys.
+
+ * encode.c, g10.c, sign.c: Change the PGP2 warning line from
+ "... will not be usable ..." to "... may not be usable ..." as the
+ user could be using one of the enhanced PGP2 variations.
+
+ * helptext.c: Revise the sign_uid.class help text as suggested by
+ Stefan.
+
+2002-01-20 Werner Koch <wk@gnupg.org>
+
+ * passphrase.c (passphrase_to_dek): Add tryagain_text arg to be
+ used with the agent. Changed all callers.
+ (agent_get_passphrase): Likewise and send it to the agent
+ * seckey-cert.c (do_check): New arg tryagain_text.
+ (check_secret_key): Pass the string to do_check.
+ * keygen.c (ask_passphrase): Set the error text is required.
+ * keyedit.c (change_passphrase): Ditto.
+
+ * passphrase.c (agent_open): Disable opt.use_agent in case of a
+ problem with the agent.
+ (agent_get_passphrase): Ditto.
+ (passphrase_clear_cache): Ditto.
+
+2002-01-19 Werner Koch <wk@gnupg.org>
+
+ * passphrase.c (agent_open): Add support for the new Assuan based
+ gpg-agent. New arg to return the used protocol version.
+ (agent_get_passphrase): Implemented new protocol here.
+ (passphrase_clear_cache): Ditto.
+ (readline): New.
+
+2002-01-15 Timo Schulz <ts@winpt.org>
+
+ * encode.c (encode_crypt_files): Fail if --output is used.
+
+ * g10.c: New command --decrypt-files.
+
+ * decrypt.c (decrypt_messages): New.
+
+2002-01-09 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c, misc.c, gpgv.c: move idea_cipher_warn to misc.c so gpgv.c
+ doesn't need a stub for it any longer.
+
+ * g10.c (get_temp_dir), main.h: no longer used (it's in exec.c now)
+
+ * g10.c (main), delkey.c (delete_keys), main.h : Allow
+ --delete-key (now --delete-keys, though --delete-key still works,
+ of course) to delete multiple keys in one go. This applies to
+ --delete-secret-key(s) and --delete-secret-and-public-key(s) as
+ well.
+
+2002-01-09 Timo Schulz <ts@winpt.org>
+
+ * encode.c (encode_crypt_files): Now it behaves like verify_files.
+
+ * g10.c (main): We don't need to check argc for encode_crypt_files
+ any longer.
+
+2002-01-09 Timo Schulz <ts@winpt.org>
+
+ * exec.c: Include windows.h for dosish systems.
+
+2002-01-08 Timo Schulz <ts@winpt.org>
+
+ * g10.c (main): New description for --encrypt-files.
+
+2002-01-08 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main): Must register the secring for encryption because
+ it is needed to figure out the default recipient. Reported by
+ Roger Sondermann.
+
+2002-01-05 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (menu_adduid): Require --expert before adding a photo
+ ID to a v3 key, and before adding a second photo ID to any key.
+
+ * keyedit.c (keyedit_menu): Don't allow adding photo IDs in
+ rfc1991 or pgp2 mode.
+
+ * getkey.c (merge_selfsigs_subkey): Permit v3 subkeys. Believe it
+ or not, this is allowed by rfc 2440, and both PGP 6 and PGP 7 work
+ fine with them.
+
+ * g10.c, options.h, keyedit.c, sign.c: Move the "ask for
+ expiration" switch off of --expert, which was getting quite
+ overloaded, and onto ask-sig-expire and ask-cert-expire. Both
+ default to off.
+
+ * g10.c (main): Change the default compression algo to 1, to be
+ more OpenPGP compliant (PGP also uses this, so it'll help with
+ interoperability problems as well).
+
+ * encode.c (encode_crypt): Handle compression algo 2, since the
+ default is now 1.
+
+ * build-packet.c (build_attribute_subpkt): Fix off-by-one error.
+
+2002-01-05 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main): Do not register the secret keyrings for certain
+ commands.
+
+ * keydb.c (keydb_add_resource): Use access to test for keyring
+ existence. This avoids cached opened files which are bad under
+ RISC OS.
+
+2002-01-04 David Shaw <dshaw@jabberwocky.com>
+
+ * sign.c (sign_file, sign_symencrypt_file): always use one-pass
+ packets unless rfc1991 is enabled. This allows a signature made
+ with a v3 key to work in PGP 6 and 7. Signatures made with v4
+ keys are unchanged.
+
+ * g10.c (main): Disallow non-detached signatures in PGP2 mode.
+ Move the "you must use files and not pipes" PGP2 warning up so all
+ the PGP2 stuff is together.
+
+ * encode.c (encode_simple): Use the actual filesize instead of
+ partial length packets in the internal literal packet from a
+ symmetric message. This breaks PGP5(?), but fixes PGP2, 6, and 7.
+ It's a decent tradeoff. Note there was only an issue with
+ old-style RFC1991 symmetric messages. 2440-style messages in 6
+ and 7 work with or without partial length packets.
+
+2002-01-03 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (main): Removed --no-default-check-level option, as it is
+ not consistent with other "default" options. Plus, it is the same
+ as saying --default-check-level 0.
+
+ * exec.c (exec_read): Disallow caching tempfile from child
+ process, as this keeps the file handle open and can cause unlink
+ problems on some platforms.
+
+ * keyserver.c (keyserver_search_prompt): Minor tweak - don't
+ bother to transform keyids into textual form if they're just going
+ to be transformed back to numbers.
+
+2002-01-03 Timo Schulz <ts@winpt.org>
+
+ * g10.c: New command --encrypt-files.
+
+ * verify.c (print_file_status): Removed the static because
+ encode_crypt_files also uses this function.
+
+ * main.h (print_files_status): New.
+ (encode_crypt_files): New.
+
+ * encode.c (encode_crypt_files): New.
+
+2002-01-02 Stefan Bellon <sbellon@sbellon.de>
+
+ * keyserver.c: Moved util.h include down in order to avoid
+ redefinition problems on RISC OS.
+
+ * keyring.c (keyring_lock): Only lock keyrings that are writable.
+
+ * keyring.c (keyring_update_keyblock): Close unused iobuf.
+
+ * hkp.c (parse_hkp_index, hkp_search) [__riscos__]: Changed
+ unsigned char* to char* because of compiler issues.
+
+ * exec.c (exec_finish) [__riscos__]: Invalidate close cache so
+ that file can be unlinked.
+
+2001-12-28 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (main): Use a different strlist to check extensions since
+ they need to be handled seperately now.
+
+ * misc.c,main.h (check_permissions): Properly handle permission
+ and ownership checks on files in the lib directory
+ (e.g. /usr/local/lib/gnupg), which are owned by root and are
+ world-readable, and change all callers to specify extension or
+ per-user file.
+
+ * photoid.c (show_photo), keyserver.c (keyserver_spawn): Bug fix -
+ don't call exec_finish if exec_write fails.
+
+ * keyserver.c (keyserver_spawn): Look for OPTIONS from the
+ keyserver helper - specifically, a "OUTOFBAND" option for the
+ email keyserver.
+
+ * mainproc.c (list_node), keylist.c (list_keyblock_colon),
+ import.c (delete_inv_parts), export.c (do_export_stream): Use
+ signature flags for exportability check rather than re-parsing the
+ subpacket.
+
+ * keyid.c, keydb.h (get_lsign_letter): No longer needed.
+
+2001-12-27 David Shaw <dshaw@jabberwocky.com>
+
+ * exec.c (exec_finish): Show errors when temp files cannot be
+ deleted for whatever reason.
+
+ * exec.c (exec_read): Don't rely on WEXITSTATUS being present.
+
+ * exec.c (make_tempdir): Add temp file creator for win32. Don't
+ create an incoming temp file if the exec is write-only.
+
+ * keyserver.c (keyserver_spawn): Clean up error handling, for when
+ the spawn fails.
+
+ * photoid.c (show_photo): Clean up error handling.
+
+ * misc.c (check_permissions): Neaten.
+
+2001-12-25 David Shaw <dshaw@jabberwocky.com>
+
+ * mkdtemp.c (mkdtemp): Add copyleft info and tweak the 'X' counter
+ to be a bit simpler.
+
+ * keyserver.c, photoid.c: Remove unused headers left over from
+ when the exec functions lived there.
+
+2001-12-23 Timo Schulz <ts@winpt.org>
+
+ * misc.c (check_permissions): Do not use it for W32 systems.
+
+ * tdbio.c (migrate_from_v2): Define ftruncate as chsize() for W32.
+
+ * mkdtemp.c: W32 support.
+
+ * photoid.c: Ditto.
+
+ * exec.c: Ditto.
+
+2001-12-22 David Shaw <dshaw@jabberwocky.com>
+
+ * exec.c (make_tempdir): avoid compiler warning with const
+
+ * mkdtemp.c (mkdtemp): catch the empty ("") string case in case
+ someone repurposes mkdtemp at some point.
+
+ * photoid.c (generate_photo_id, show_photo): some type changes
+ from Stefan Bellon.
+
+ * exec.c (make_tempdir): handle Win32 systems, suggested by Timo
+ Schulz.
+
+2001-12-22 Werner Koch <wk@gnupg.org>
+
+ * encode.c (encode_simple, encode_crypt): i18n 2 strings.
+
+2001-12-22 Timo Schulz <ts@winpt.org>
+
+ * encode.c (encode_simple, encode_crypt): Use is_file_compressed
+ to avoid to compress compressed files.
+
+2001-12-22 Werner Koch <wk@gnupg.org>
+
+ * keyserver.c (keyserver_spawn): Removed some variables
+ declaration due to shadowing warnings.
+
+ * build-packet.c (build_attribute_subpkt): s/index/idx/ to avoid
+ compiler warnig due to index(3).
+
+ * getkey.c (get_ctx_handle): Use KEYDB_HANDLE as return value.
+ * keylist.c (list_one): Made resname const.
+
+ * keyedit.c (keyedit_menu): Allow "addphoto" only when --openpgp is
+ not used.
+
+ * options.skel: Changed one example photo viewer to qiv.
+
+2001-12-21 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: add exec.c, exec.h, photoid.c, and photoid.h
+
+ * build-packet.c (build_attribute_subpkt): new function to build
+ the raw attribute subpacket. Note that attribute subpackets have
+ the same format as signature subpackets.
+
+ * exec.c: new file with generic exec-a-program functionality.
+ Used by both photo IDs and keyserver helpers. This is pretty much
+ the same code that used to be keyserver specific, with some
+ changes to be usable generically.
+
+ * free-packet.c (free_attributes (new)): function to free an
+ attribute packet.
+
+ * gpgv.c: added stub show_photo
+
+ * keyedit.c (keyedit_menu, menu_adduid, menu_showphoto): can add a
+ photo (calls generate_photo_id), or display a photo (calls
+ show_photo) from the --edit menu. New commands are "addphoto",
+ and "delphoto" (same as "deluid").
+
+ * keylist.c (list_keyblock_print): show photos during key list if
+ --show-photos enabled.
+
+ * keyserver.c (keyserver_spawn): use the generic exec_xxx
+ functions to call keyserver helper.
+
+ * g10.c, options.h: three new options - --{no-}show-photos, and
+ --photo-viewer to give the command line to display a picture.
+
+ * options.skel: instructions for the photo viewer
+
+ * parse-packet.c (parse_user_id, setup_user_id (new)): common code
+ for both user IDs and attribute IDs moved to setup_user_id.
+
+ * parse-packet.c (make_attribute_uidname (new)): constructs a fake
+ "name" for attribute packets (e.g. "[image of size ...]")
+
+ * parse-packet.c (parse_attribute (replaces parse_photo_id),
+ parse_attribute_subpkts): Builds an array of individual
+ attributes. Currently only handles attribute image / type jpeg
+ subpackets.
+
+ * sign.c (hash_uid): Fix bug in signing attribute (formerly
+ photo_id) packets.
+
+ * packet.h, and callers: globally change "photo_id" to "attribute"
+ and add structures for attributes. The packet format is generic
+ attributes, even though the only attribute type thus far defined
+ is jpeg.
+
+2001-12-21 David Shaw <dshaw@jabberwocky.com>
+
+ * parse-packet.c (can_handle_critical): Can handle critical
+ revocation subpackets now.
+
+ * trustdb.c (mark_usable_uid_certs): Disregard revocations for
+ nonrevocable sigs. Note that this allows a newer revocable
+ signature to override an older nonrevocable signature.
+
+ * sign.c (make_keysig_packet): add a duration field and change all
+ callers. This makes make_keysig_packet closer to
+ write_signature_packets and removes some duplicated expiration
+ code.
+
+ * keyedit.c (keyedit_menu, menu_revsig, sign_uids,
+ sign_mk_attrib): Add nrsign command, don't allow revoking a
+ nonrevocable signature,
+
+ * g10.c (main): Add --nrsign option to nonrevocably sign a key
+ from the command line.
+
+ * build-packet.c (build_sig_subpkt_from_sig): Comment to explain
+ the use of CRITICAL.
+
+2001-12-21 Werner Koch <wk@gnupg.org>
+
+ * g10.c. options.h : New option --show-keyring
+ * getkey.c (get_ctx_handle): New.
+ * keylist.c (list_one): Implement option here. By David Champion.
+
+2001-12-20 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (keyserver_spawn): Use mkdtemp() to make temp
+ directory.
+
+ * mkdtemp.c: replacement function for those platforms that don't
+ have mkdtemp (make a temp directory securely).
+
+2001-12-19 David Shaw <dshaw@jabberwocky.com>
+
+ * misc.c (check_permissions): New function to stat() and ensure
+ the permissions of GNUPGHOME and the files have safe permissions.
+
+ * keydb.c (keydb_add_resource): Check keyring permissions.
+
+ * tdbio.c (tdbio_set_dbname): Check permissions of trustdb.gpg
+
+ * keyserver.c (keyserver_spawn): Disable keyserver schemes that
+ involve running external programs if the options file has unsafe
+ permissions or ownership.
+
+ * g10.c, options.h: New option --no-permission-warning to disable
+ the permission warning message(s). This also permits use of the
+ keyserver if it had been disabled (see above). Also check the
+ permissions/ownership of random_seed.
+
+ * keyserver.c (keyserver_spawn): The new glibc prints a warning
+ when using mktemp() (the code was already secure, but the warning
+ was bound to cause confusion). Use a different implementation
+ based on get_random_bits() instead. Also try a few times to get
+ the temp dir before giving up.
+
+2001-12-19 Werner Koch <wk@gnupg.org>
+
+ * g10.c, passphrase.c [CYGWIN32]: Allow this as an alias for MINGW32.
+
+2001-12-18 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c (idea_cipher_warn): Add a flag to show the warning always
+ or once per session and change all callers (show always except for
+ the secret key protection and unknown cipher from an encrypted
+ message errors). Also make the strings translatable.
+
+ * pubkey-enc.c (get_it): Add the IDEA cipher warning if the user
+ tries to decrypt an IDEA encrypted message without the IDEA
+ plugin.
+
+ * keyserver.c (parse_keyserver_uri): More strict checking of the
+ keyserver URI. Specifically, fail if the ":port" section is
+ anything except a number between 1 and 65535.
+
+2001-12-17 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.c (print_keyinfo): No need to check for
+ control/illegal characters, as utf8_to_native does this for us.
+
+ * mainproc.c (proc_encrypted): Use generic IDEA warning.
+
+ * gpgv.c: add stub for idea_cipher_warn
+
+ * g10.c, hkp.c, keyserver.c: Fix capitalization and plural issues.
+
+ * encode.c (encode_crypt), sign.c (sign_file, clearsign_file):
+ disable pgp2 mode after the message is no longer pgp2 compatible.
+
+ * g10.c (main): Tweak the PGP2.x IDEA warning to use the generic
+ warning, and not merely fail if the IDEA plugin isn't there.
+
+ * g10.c (main, idea_cipher_warn), keygen.c (set_one_pref),
+ seckey-cert.c (do_check): Add a generic IDEA warning for when the
+ IDEA plugin is not present. This pops up when the user uses
+ "--cipher-algo idea", when setpref is used to set a "S1"
+ preference, and when a secret key protected with IDEA is used.
+
+2001-12-15 Werner Koch <wk@gnupg.org>
+
+ * keyserver.c (keyserver_spawn): Assert that we have dropped privs.
+
+2001-12-13 Werner Koch <wk@gnupg.org>
+
+ * pubkey-enc.c (get_session_key): Check that the public key
+ algorithm is indeed usable for en/decryption. This avoid a
+ strange error message from pubkey_decrypt if for some reasons a
+ bad algorithm indentifier is passed.
+
+2001-12-12 David Shaw <dshaw@jabberwocky.com>
+
+ * Fixed some types for portability. Noted by Stefan Bellon.
+
+2001-12-11 Werner Koch <wk@gnupg.org>
+
+ * hkp.c (hkp_export): Do not print possible control characters
+ from a keyserver response.
+ (parse_hkp_index): Made uid an unsigned char* because it is passed to
+ isspace().
+ (hkp_search): Ditto for the char* vars.
+
+ * g10.c (main): Print the IDEA warning also for -c and -se.
+
+ * g10.c (get_temp_dir): Assert that we have dropped privs
+
+ * encode.c (encode_crypt): Include the first key into the --pgp2
+ check.
+
+2001-12-07 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c, options.h: New option --pgp2. This is identical to
+ "--rfc1991 --cipher-algo idea --compress-algo 1 --digest-algo md5
+ --force_v3_sigs" with the addition of an warning to advise the
+ user not to use a pipe (which would break pgp2 compatibility).
+
+ * encode.c (encode_crypt): warn if the user tries to encrypt to
+ any key that is not RSA and <= 2048 bits when the --pgp2 option is
+ used.
+
+ * sign.c (sign_file, clearsign_file): When using --pgp2, make a v3
+ sig, and warn if the signature is made with a non-v3 key.
+
+2001-12-05 David Shaw <dshaw@jabberwocky.com>
+
+ * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Prompt
+ for sig expiration if --expert is set and --force-v3-sigs is not
+ set (v3 sigs cannot expire).
+
+ * mainproc.c (check_sig_and_print): After checking a sig, print
+ expiration status. This causes a error return if the sig is
+ expired.
+
+ * build-packet.c (build_sig_subpkt_from_sig): Include a critical
+ sig expiration subpacket if the sig is to expire.
+
+ * keyedit.c (sign_uids): Do not sign an expired key unless
+ --expert is set, in which case prompt. Also, offer to expire a
+ signature when the key the user is signing expires.
+
+ * keygen.c (ask_expire_interval): Add a value to determine whether
+ to prompt for a key or sig expiration and change all callers.
+
+ * keyid.c: New functions: expirestr_from_sig and
+ colon_expirestr_from_sig.
+
+ * keylist.c (list_keyblock_colon): Show sig expiration date in the
+ --with-colons listing.
+
+ * sign.c (make_keysig_packet, write_signature_packets): Pass in an
+ optional timestamp for the signature packet, and change all
+ callers.
+
+ * keyedit.c (sign_mk_attrib): Include a critical expiration
+ subpacket in the signature if an expiration date is given.
+
+2001-12-04 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (sign_uids): If the user tries to sign a
+ locally-signed key, allow the cert to be promoted to a full
+ exportable signature. This essentially deletes the old
+ non-exportable sig, and replaces it with a new exportable one.
+
+2001-12-04 David Shaw <dshaw@jabberwocky.com>
+
+ * keyedit.c (keyedit_menu): Do not allow signing a revoked key
+ unless --expert is set, and ask even then.
+
+ * keyedit.c (sign_uids): Do not allow signing a revoked UID unless
+ --expert is set, and ask even then.
+
+ * g10.c, options.h : New option --expert
+
+2001-11-16 David Shaw <dshaw@jabberwocky.com>
+
+ * Allow the user to select no compression via "--compress-algo 0"
+ on the command line.
+
+ * keyedit.c (show_prefs): Show compression preferences in the
+ long-form "showpref" style.
+
+ * keygen.c (set_one_pref): Permit setting a no-compression ("Z0")
+ preference.
+
+ * getkey.c (fixup_uidnode): Fix compression preference corruption
+ bug.
+
+2001-12-02 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c: Add advisory --for-your-eyes-only option as per section
+ 5.9 of 2440.
+
+2001-12-05 David Shaw <dshaw@jabberwocky.com>
+
+ * Force a V4 sig if the user has a notation or policy URL set.
+
+2001-12-04 David Shaw <dshaw@jabberwocky.com>
+
+ * g10.c: Add options --keyserver-options, --temp-directory, and
+ auto-key-retrieve (the opposite of no-auto-key-retrieve).
+
+ * hkp.c (hkp_search): New function to handle searching a HKP
+ keyserver for a key
+
+ * hkp.c (hkp_ask_import, hkp_export): Pretty large changes to make
+ them communicate via the generic functions in keyserver.c
+
+ * keyserver.c: new file with generic keyserver routines for
+ getting keys from a keyserver, sending keys to a keyserver, and
+ searching for keys on a keyserver. Calls the internal HKP stuff
+ in hkp.c for HKP keyserver functions. Other calls are handled by
+ an external program which is spawned and written to and read from
+ via pipes. Platforms that don't have pipes use temp files.
+
+2001-11-20 David Shaw <dshaw@jabberwocky.com>
+
+ * options.h, g10.c: New options show-notation, no-show-notation,
+ default-check-level, no-default-check-level, show-policy-url,
+ no-show-policy-url.
+
+ * packet.h, sign.c (make_keysig_packet), parse-packet.c
+ (parse_signature), free-packet.c (free_seckey_enc): Fill in
+ structures for notation, policy, sig class, exportability, etc.
+
+ * keyedit.c, keylist.c (print_and_check_one_sig,
+ list_keyblock_print): Show flags in signature display for cert
+ details (class, local, notation, policy, revocable). If selected,
+ show the notation and policy url.
+
+ * keyedit.c (sign_uids): Prompt for and use different key sig
+ classes.
+
+ * helptext.c (helptexts): Add help text to explain different
+ key signature classes
+
+2001-11-26 David Shaw <dshaw@jabberwocky.com>
+
+ * trustdb.c (mark_usable_uid_certs): Fix segfault from bad
+ initialization and fix reversed key signature expiration check.
+
+2001-11-09 Werner Koch <wk@gnupg.org>
+
+ * export.c (do_export_stream): Put all given names into a search
+ description and change the loop so that all matching names are
+ returned.
+
+2001-11-08 Werner Koch <wk@gnupg.org>
+
+ * pubkey-enc.c (get_it): To reduce the number of questions on the
+ MLs print the the name of cipher algorithm 1 with the error message.
+
+ * mainproc.c: Changed the way old rfc1991 encryption cipher is
+ selected. Based on a patch by W Lewis.
+
+ * pkclist.c (do_edit_ownertrust): Allow to skip over keys, the non
+ working "show info" is now assigned to "i"
+ * trustdb.c (ask_ownertrust, validate_keys): Implement a real quit
+ here. Both are by David Shaw.
+
+ * trustdb.c (validate_keys): Make sure next_exipire is initialized.
+
+ * sign.c (make_keysig_packet): Use SHA-1 with v4 RSA keys.
+
+ * g10.c, options.h : New option --[no-]froce-v4-certs.
+ * sign.c (make_keysig_packet): Create v4 sigs on v4 keys even with
+ a v3 key. Use that new option. By David Shaw
+
+ * revoke.c (ask_revocation_reason): Allow to select "no reason".
+ By David Shaw.
+
+ * keyid.c (fingerprint_from_sk): Calculation of an v3 fpr was
+ plain wrong - nearly the same code in fingerprint_from_pk is correct.
+
+ * build-packet.c (do_secret_key): Added a few comments to the code.
+
+2001-11-07 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main): Print a warning when -r is used w/o encryption.
+ Suggested by Pascal Scheffers.
+
+2001-10-23 Werner Koch <wk@gnupg.org>
+
+ * keyedit.c (keyedit_menu): Changed helptext for showpref
+ command. Suggested by Reinhard Wobst.
+
+ * keyring.c (keyring_search): When marking the offtbl ready, take
+ into account that we may have more than one keyring.
+
+2001-10-22 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am: Do not use OMIT_DEPENDENCIES
+
+ * build-packet.c (build_sig_subpkt): Default is now to put all
+ types of subpackets into the hashed area and only list those which
+ should go into the unhashed area.
+
+2001-10-18 Werner Koch <wk@gnupg.org>
+
+ * keydb.c (keydb_add_resource): Rearranged the way we keep track
+ of the resource. There will now be an entry for each keyring here
+ and not in keyring.c itself. Store a token to allow creation of a
+ keyring handle. Changed all functions to utilize this new design.
+ (keydb_locate_writable): Make a real implementation.
+ * keyring.c (next_kr): Removed and changed all callers to set the
+ resource directly from the one given with the handle.
+ (keyring_is_writable): New.
+ (keyring_rebuild_cache): Add an arg to pass the token from keydb.
+
+2001-10-17 Werner Koch <wk@gnupg.org>
+
+ * keyring.c (keyring_search): Enabled word search mode but print a
+ warning that it is buggy.
+
+2001-10-11 Werner Koch <wk@gnupg.org>
+
+ * hkp.c (hkp_ask_import): No more need to set the port number for
+ the x-hkp scheme.
+ (hkp_export): Ditto.
+
+2001-10-06 Stefan Bellon <sbellon@sbellon.de>
+
+ * passphrase.c [__riscos__]: Disabled agent specific stuff.
+ * g10.c: New option --no-force-v3-sigs.
+
+2001-10-04 Werner Koch <wk@gnupg.org>
+
+ * export.c (do_export_stream): Do not push the compress filter
+ here because the context would run out of scope due to the
+ iobuf_close done by the caller.
+ (do_export): Do it here instead.
+
+2001-09-28 Werner Koch <wk@gnupg.org>
+
+ * keyedit.c (sign_uids): Always use the primary key to sign keys.
+ * getkey.c (finish_lookup): Hack to return only the primary key if
+ a certification key has been requested.
+
+ * trustdb.c (cmp_kid_for_make_key_array): Renamed to
+ (validate_one_keyblock): this and changed arg for direct calling.
+ (make_key_array): Renamed to
+ (validate_one_keyblock): this and changed args for direct calling.
+ (mark_usable_uid_certs, validate_one_keyblock)
+ (validate_key_list): Add next_expire arg to keep track of
+ expiration times.
+ (validate_keys): Ditto for UTKs and write the stamp.
+
+ * tdbio.c (migrate_from_v2): Check return code of tbdio_sync.
+
+ * tdbdump.c (import_ownertrust): Do a tdbio_sync().
+
+ * keyring.c: Made the offtbl an global object.
+
+2001-09-27 Werner Koch <wk@gnupg.org>
+
+ * pkclist.c (do_edit_ownertrust): Allow settin of ultimate trust.
+
+ * trustdb.c (mark_keyblock_seen): New.
+ (make_key_array): Use it to mark the subkeys too.
+ (validate_keys): Store validity for ultimatly trusted keys.
+
+2001-09-26 Werner Koch <wk@gnupg.org>
+
+ * pkclist.c (check_signatures_trust, do_we_trust): Removed the
+ invocation of add_ownertrust. Minor changes to the wording.
+ (add_ownertrust, add_ownertrust_cb): Removed.
+
+ * trustdb.c (get_validity): Allow to lookup the validity using a
+ subkey.
+
+ * trustdb.c (new_key_hash_table): Increased the table size to 1024
+ and changed the masks accordingly.
+ (validate): Changed stats printing.
+ (mark_usable_uid_certs): New.
+ (cmp_kid_for_make_key_array): Does now check the signatures and
+ figures out a usable one.
+
+2001-09-25 Werner Koch <wk@gnupg.org>
+
+ * keyring.c (new_offset_item,release_offset_items)
+ (new_offset_hash_table, lookup_offset_hash_table)
+ (update_offset_hash_table, update_offset_hash_table_from_kb): New.
+ (keyring_search): Use a offset table to optimize search for
+ unknown keys.
+ (keyring_update_keyblock, keyring_insert_keyblock): Insert new
+ offsets.
+ * getkey.c (MAX_UNK_CACHE_ENTRIES): Removed the unknown keys
+ caching code.
+
+ * g10.c, options.h, import.c: Removed the entire
+ allow-secret-key-import stuff because the validity is now
+ controlled by other means.
+
+ * g10.c: New command --rebuild-keydb-caches.
+ * keydb.c (keydb_rebuild_caches): New.
+ * keyring.c (do_copy): Moved some code to
+ (create_tmp_file, rename_tmp_file, write_keyblock): new functions.
+ (keyring_rebuild_cache): New.
+
+ * packet.h (PKT_ring_trust): Add sigcache field.
+ * parse-packet.c (parse_trust): Parse sigcache.
+ * keyring.c (do_copy): Always insert a sigcache packet.
+ (keyring_get_keyblock): Copy the sigcache packet to the signature.
+ * sig-check.c (cache_sig_result): Renamed from
+ cache_selfsig_result. Changed implementation to use the flag bits
+ and changed all callers.
+ (mdc_kludge_check): Removed this unused code.
+ (do_check): Do not set the sig flags here.
+
+ * import.c (read_block): Make sure that ring_trust packets are
+ never imported.
+ * export.c (do_export_stream): and never export them.
+
+ * trustdb.c (make_key_array): Skip revoked and expired keys.
+
+2001-09-24 Werner Koch <wk@gnupg.org>
+
+ * g10.c, options.h: New option --no-auto-check-trustdb.
+
+ * keygen.c (do_generate_keypair): Set newly created keys to
+ ultimately trusted.
+
+ * tdbio.h, tdbio.c: Removed all support for records DIR, KEY, UID,
+ PREF, SIG, SDIR and CACH. Changed migration function to work
+ direct on the file.
+ (tdbio_read_nextcheck): New.
+ (tdbio_write_nextcheck): New.
+
+2001-09-21 Werner Koch <wk@gnupg.org>
+
+ Revamped the entire key validation system.
+ * trustdb.c: Complete rewrite. No more validation on demand,
+ removed some functions, adjusted to all callers to use the new
+ and much simpler interface. Does not use the LID anymore.
+ * tdbio.c, tdbio.h: Add new record types trust and valid. Wrote a
+ migration function to convert to the new trustdb layout.
+ * getkey.c (classify_user_id2): Do not allow the use of the "#"
+ prefix.
+ * keydb.h: Removed the TDBIDX mode add a skipfnc to the
+ descriptor.
+ * keyring.c (keyring_search): Implemented skipfnc.
+
+ * passphrase.c (agent_open): Add missing bracket. Include windows.h.
+
+2001-09-19 Werner Koch <wk@gnupg.org>
+
+ * keylist.c (print_fingerprint): Renamed from fingerprint, made
+ global available. Added new arg to control the print style.
+ * mainproc.c (print_fingerprint): Removed.
+ * pkclist.c (print_fpr, fpr_info): Removed and changed callers to
+ use print_fingerprint.
+ * keyedit.c (show_fingerprint): Ditto.
+
+ * passphrase.c (writen, readn)
+ (agent_open, agent_close)
+ (agent_get_passphrase)
+ (passphrase_clear_cache): Support for W32. Contributed by Timo.
+
+ * import.c (import_one): Release keydb handles at 2 more places.
+
+ * keyring.c (keyring_release): Close the iobuf.
+ (keyring_get_keyblock): Init ret_kb to NULL and store error contidion.
+
+ * import.c (import_new_stats_handle): New.
+ (import_release_stats_handle): New.
+ (import_print_stats): Renamed from static fnc print_stats.
+ (import_keys, import_keys_stream): Add an optional status handle
+ arg and changed all callers.
+ * hkp.c (hkp_ask_import): Add an stats_handle arg and changed all
+ callers.
+
+ * mainproc.c (print_pkenc_list): Use print_utf8_string2().
+
+2001-09-18 Werner Koch <wk@gnupg.org>
+
+ * g10.c: New command --refresh-keys.
+ * hkp.c (hkp_refresh_keys): New. Contributed by Timo Schulz.
+
+ * parse-packet.c (parse): Stop on impossible packet lengths.
+
+2001-09-17 Werner Koch <wk@gnupg.org>
+
+ * mainproc.c (print_notation_data): Wrap notation data status lines
+ after 50 chars.
+
+ * mainproc.c (proc_pubkey_enc): Make option try-all-secrets work.
+ By disastry@saiknes.lv.
+
+2001-09-14 Werner Koch <wk@gnupg.org>
+
+ * parse-packet.c (dump_sig_subpkt): List key server preferences
+ and show the revocable flag correctly. Contributed by David Shaw.
+
+2001-09-09 Werner Koch <wk@gnupg.org>
+
+ * keyedit.c (keyedit_menu): No need to define another p.
+
+ * keylist.c (print_capabilities): s/used/use/ so that it
+ does not shadow a global.
+ * sign.c (sign_file): Renamed arg encrypt to encryptflag
+ * keygen.c: Replaced all "usage" by "use".
+ * misc.c (openpgp_pk_algo_usage): Ditto.
+
+ * pubkey-enc.c (get_it): Renamed arg k to enc so that the later
+ defined k does not shadow it.
+
+ * parse-packet.c (parse_gpg_control): No need to define another i.
+
+ * getkey.c (get_pubkey_byfprint): Must use the enum values and not
+ the fprint_len.
+ * keyring.c (keyring_search): Removed a non-sense break. Both
+ bugs pointed out by Stefan.
+
+2001-09-07 Werner Koch <wk@gnupg.org>
+
+ * status.c, status.h: Added NO_RECP and ALREADY_SIGNED.
+ * pkclist.c (build_pk_list): Issue NO_RECP.
+ * keyedit.c (sign_uids): Added experimental ALREADY_SIGNED
+
+ * hkp.c (hkp_import): Use log_error. Bug reported by Neal H
+ Walfield.
+
+ * getkey.c (classify_user_id2): Change args to take the desc union
+ direct. It was a stupid idea to pass the individual fields of an
+ union to this function. Changed all callers.
+ (classify_user_id): Ditto and allow to pass NULL as the description.
+
+2001-09-06 Werner Koch <wk@gnupg.org>
+
+ * getkey.c (fixup_uidnode): Features flag is now a bit vector.
+ * keygen.c (add_feature_mdc): Ditto.
+
+ Revamped the entire key I/O code to be prepared for other ways of
+ key storages and to get rid of the existing shit. GDBM support has
+ gone.
+ * keydb.c: New
+ * keyring.c, keyring.h: New.
+ * ringedit.c: Removed. Moved some stuff to keyring.c
+ * getkey.c: Changed everything related to the key retrieving
+ functions which are now using the keydb_ functions.
+ (prepare_search, word_match_chars, word_match)
+ (prepare_word_match, compare_name): Moved to keyring.c
+ (get_pubkey_byname): Removed ctx arg and add ret_kdbhd
+ arg. Changed all callers.
+ (key_byname): Use get_pubkey_end to release the context and take
+ new ret_kbdhd arg. Changed all callers.
+ (classify_user_id2): Fill the 16 byte fingerprint up with 4 null
+ bytes not with zero bytes of value 4, tsss.
+ * import.c (import_one): Updated to use the new keydb interface.
+ (import_secret_one): Ditto.
+ (import_revoke_cert): Ditto.
+ * delkey.c (do_delete_key): Ditto.
+ * keyedit.c (keyedit_menu): Ditto.
+ (get_keyblock_byname): Removed.
+ * revoke.c (gen_revoke): Ditto.
+ * export.c (do_export_stream): Ditto.
+ * trustdb.c (update_trustdb): Ditto.
+ * g10.c, gpgv.c (main): Renamed add_keyblock_resource to
+ keydb_add_resource.
+ * Makefile.am: Added and removed files.
+
+ * keydb.h: Moved KBNODE typedef and MAX_FINGERPRINT_LEN to
+ * global.h: this new header.
+
+2001-09-03 Werner Koch <wk@gnupg.org>
+
+ * passphrase.c (agent_get_passphrase): Changed nread to size_t.
+ (passphrase_clear_cache): Ditto.
+
+ * keyid.c (mk_datestr): Avoid trigraphs.
+ (fingerprint_from_pk): Cache the keyid in the pk.
+
+ * options.h: Add opt.with_fingerprint so that we know whether the
+ corresponding options was used.
+ * g10.c (main): Set it here.
+ * pkclist.c (check_signatures_trust): Always print fingerprint
+ when this option is used. Mixed a minor memory leak.
+
+ * status.c, status.h: New status INV_RECP.
+ * pkclist.c (build_pk_list): Issue this status.
+
+2001-08-31 Werner Koch <wk@gnupg.org>
+
+ * parse-packet.c (parse_key,parse_pubkeyenc)
+ (parse_signature): Return error on reading bad MPIs.
+
+ * mainproc.c (check_sig_and_print): Always print the user ID even
+ if it is not bound by a signature. Use the primary UID in the
+ status messages and encode them in UTF-8
+ * status.c (write_status_text_and_buffer): New.
+
+2001-08-30 Werner Koch <wk@gnupg.org>
+
+ * packet.h (sigsubpkttype_t): Add SIGSUBPKT_FEATURES.
+ (PKT_public_key, PKT_user_id): Add a flag for it.
+ * parse-packet.c, build-packet.c: Add support for them.
+ * getkey.c (fixup_uidnode, merge_selfsigs): Set the MDC flags.
+ * keygen.c (add_feature_mdc): New.
+ (keygen_upd_std_prefs): Always set the MDC feature.
+ * keyedit.c (show_prefs): List the MDC flag
+ * pkclist.c (select_mdc_from_pklist): New.
+ * encode.c (encode_crypt, encrypt_filter): Test whether MDC
+ should be used.
+ * cipher.c (write_header): Set MDC use depending on the above test.
+ Print more status info.
+
+ * delkey.c (do_delete_key): Kludge to delete a secret key with no
+ public key available.
+
+ * ringedit.c (find_secret_keyblock_direct): New.
+ * getkey.c (seckey_available): Simplified.
+
+ * ringedit.c (cmp_seckey): Now compares the secret key against the
+ public key while ignoring all secret parts.
+ (keyring_search): Use a public key packet as arg. Allow to search
+ for subnkeys
+ (search): Likewise. Changed all callers.
+ (find_secret_keyblock_bypk): New.
+ (find_secret_keyblock_byname): First locate the pubkey and then
+ find the correponding secret key.
+ * parse-packet.c (parse): Renamed pkttype arg to onlykeypkts and
+ changed code accordingly. Changed all callers.
+ (search_packet): Removed pkttype arg.
+ * keyedit.c (keyedit_menu): First locate the public key and then
+ try to locate a secret key.
+
+ * ringedit.c (locate_keyblock_by_fpr): Removed.
+ (locate_keyblock_by_keyid): Removed.
+ (find_keyblock_bysk): Removed.
+
+ * sig-check.c (check_key_signature2): Print the keyid along with
+ the wrong sig class errors.
+
+2001-08-24 Werner Koch <wk@gnupg.org>
+
+ * sign.c (sign_file): Stripped the disabled comment packet code.
+ (sign_file, sign_symencrypt_file): Moved common code to ..
+ (write_onepass_sig_packets): .. this new function.
+ (sign_file, clearsign_file, sign_symencrypt_file): Moved common
+ code to
+ (write_signature_packets): this new function.
+ (write_signature_packets, make_keysig_packet)
+ (update_keysig_packet): Moved common code to
+ (hash_uid, hash_sigclass_to_magic): these new functions
+ (sign_file, sign_symencrypt_file): Moved common code to
+ (write_plaintext_packet): this new function.
+
+2001-08-21 Stefan Bellon <sbellon@sbellon.de>
+
+ * trustdb.c (query_trust_info): Changed trustlevel to signed int.
+ * g10.c [__riscos__]: Fixed handling of --use-agent --lock-multiple.
+
+2001-08-20 Werner Koch <wk@gnupg.org>
+
+ * encr-data.c (decrypt_data): Keep track on whether we already
+ printed information about the used algorithm.
+ * mainproc.c (proc_encrypted): Removed the non-working IDEA hack
+ and print a message about the assumed algorithm.
+ * passphrase.c (passphrase_to_dek): Use the same algorithm as above.
+ (proc_symkey_enc): Print the algorithm, so that the user knows it
+ before entering the passphrase.
+ (proc_pubkey_enc, proc_pubkey_enc): Zero the DEK out.
+ * encode.c (encode_crypt, encrypt_filter): Ditto.
+
+ * g10.c: Allow for --sign --symmetric.
+ * sign.c (sign_and_symencrypt): New.
+
+ Applied patches from Stefan Bellon <sbellon@sbellon.de> to support
+ RISC OS. Nearly all of these patches are identified by the
+ __riscos__ macro.
+ * compress.c: Added a couple of casts.
+ * g10.c [__riscos__]: Some patches and new options foo-file similar
+ to all foo-fd options.
+ * gpgv.c, openfile.c, ringedit.c, tdbio.c: Minor fixes. Mainly
+ replaced hardcoded path separators with EXTSEP_S like macros.
+ * passprase.c [__riscos__]: Disabled agent stuff
+ * trustdb.c (check_trust): Changed r_trustlevel to signed int to
+ avoid mismatch problems in pkclist.c
+ * pkclist.c (add_ownertrust): Ditto.
+ * plaintext.c (handle_plaintext) [__riscos__]: Print a note when
+ file can't be created.
+ * options.h [__riscos__]: Use an extern unless included from the
+ main module.
+ * signal.c (got_fatal_signal) [__riscos__]: Close all files.
+
+2001-08-14 Werner Koch <wk@gnupg.org>
+
+ * keygen.c (ask_algo): New arg r_usage. Allow for RSA keys.
+ (gen_rsa): Enabled the code.
+ (do_create): Enabled RSA branch.
+ (parse_parameter_usage): New.
+ (proc_parameter_file): Handle usage parameter.
+ (read_parameter_file): Ditto.
+ (generate_keypair): Ditto.
+ (generate_subkeypair): Ditto.
+ (do_generate_keypair): Ditto.
+ (do_add_key_flags): New.
+ (keygen_add_std_prefs): Use the new function.
+ (keygen_add_key_flags_and_expire): New.
+ (write_selfsig, write_keybinding): Handle new usage arg.
+ * build-packet.c (build_sig_subpkt): Make sure that key flags go
+ into the hashed area.
+
+ * keygen.c (write_uid): Initialize the reference cunter.
+
+ * keyedit.c (keyedit_menu): No more need to update the trustdb for
+ preferences. Added calls to merge keblock.
+
+ * kbnode.c (dump_kbnode): Print some more flags.
+
+2001-08-10 Werner Koch <wk@gnupg.org>
+
+ Revamped the preference handling.
+
+ * packet.h (prefitem_t, preftype_t): New.
+ (PKT_public_key): Added a uid field.
+ (PKT_user_id): Added field to store preferences and a reference
+ counter.
+ * parse-packet.c (parse_user_id,parse_photo_id): Initialize them
+ * free-packet.c (free_user_id): Free them.
+ (copy_user_id): Removed.
+ (scopy_user_id): New.
+ (cmp_user_ids): Optimized for identical pointers.
+ (release_public_key_parts): Release the uid.
+ (copy_public_key_with_new_namehash): Removed.
+ (copy_prefs): New.
+ * keyedit.c (menu_adduid): Use the new shallow copy user id.
+ (show_prefs): Adjusted implementation.
+ (keyedit_menu): No more need to update the trustdb after changing
+ preferences.
+ * getkey.c (fixup_uidnode): Store preferences.
+ (find_by_name): Return a user id packet and remove namehash stuff.
+ (lookup): Removed the unused namehash stuff.
+ (finish_lookup): Added foundu arg.
+ (pk_from_block): Removed the namehash arg and changed all callers.
+ (merge_selfsigs): Copy prefs to all keys.
+ * trustdb.c (get_pref_data): Removed.
+ (is_algo_in_prefs): Removed.
+ (make_pref_record): Deleted and removed all class.
+ * pkclist.c (select_algo_from_prefs): Adjusted for the new
+ preference implementation.
+ * pubkey-enc.c (is_algo_in_prefs): New.
+ (get_it): Use that new function.
+
+2001-08-09 Werner Koch <wk@gnupg.org>
+
+ * build-packet.c (build_sig_subpkt): Fixed calculation of
+ newarea->size.
+
+ * g10.c (main): New option "--preference-list"
+ * keyedit.c (keyedit_menu): New commands "setpref" and "updpref".
+ (menu_set_preferences): New.
+ * keygen.c (keygen_set_std_prefs): New.
+ (set_one_pref): New.
+ (check_zip_algo): New.
+ (keygen_get_std_prefs): New.
+ (keygen_upd_std_prefs): New
+ (keygen_add_std_prefs): Move the pref setting code into the above fnc.
+ * build-packet.c (build_sig_subpkt): Updated the list of allowed
+ to update subpackets.
+
+2001-08-08 Werner Koch <wk@gnupg.org>
+
+ * packet.h (subpktarea_t): New.
+ (PKT_signature): Use that type for hashed_data and unhashed_data and
+ removed the _data prefix from those fields. Changed all users.
+ * parse-packet.c (parse_signature): Changed allocation for that.
+ (parse_sig_subpkt): Changed declaration
+ (enum_sig_subpkt): Ditto and changed implementation accordingly.
+ * free-packet.c (cp_subpktarea): Renamed from cp_data_block and
+ adjusted implementation. Changed caller.
+ * sig-check.c (mdc_kludge_check): Adjusted the hashing.
+ (do_check): Ditto.
+ * sign.c (sign_file, clearsign_file, make_keysig_packet,
+ update_keysig_packet): Ditto.
+ * build-packet.c (build_sig_subpkt): Partial rewrite.
+ (find_subpkt): Adjusted and made static.
+ (delete_sig_subpkt): Adjusted.
+ (do_signature): Ditto.
+
+ * keygen.c (ask_keysize): Do not print the notes about suggested
+ key sizes if just a DSA key is generated.
+
+ * trustdb.c (add_ultimate_key): s/log_error/log_info/ for
+ duplicated inserted trusted keys.
+
+2001-08-07 Werner Koch <wk@gnupg.org>
+
+ * sign.c (sleep): Redefine for W32.
+
+ * g10.c, options.h: Set new flag opt.no_homedir_creation when
+ --no-options is given.
+ * openfile.c (try_make_homedir): Don't create the homedir in that case.
+
+2001-08-03 Werner Koch <wk@gnupg.org>
+
+ * armor.c (armor_filter): Removed the default comment string
+ because it could get us in trouble due to translations using non
+ ascii characters.
+
+2001-08-01 Werner Koch <wk@gnupg.org>
+
+ * keylist.c (list_keyblock_print): Do not list revoked UIDs unless
+ in verbose mode and we do no signature listing.
+
+ * getkey.c (finish_lookup): Skip subkeys which are not yet valid.
+ * g10.c, options.h: New option --ignore-valid-from.
+
+ * sign.c (make_keysig_packet): Added new sigversion argument to
+ allow the caller to force generation of required signature
+ version. Changed all callers. Suggested by Thomas Roessler.
+
+ * keyedit.c (sign_uids): Force v4 signature generation for local
+ sigs. Removed the check for local signature and pre-v4 keys.
+
+2001-07-27 Werner Koch <wk@gnupg.org>
+
+ * keyedit.c (sign_uids): Check that we are not trying to to a
+ lsign with a pre-v4 key. Bug noticed by Thomas Roessler.
+
+2001-07-26 Werner Koch <wk@gnupg.org>
+
+ * parse-packet.c (parse_photo_id): Reset all variables.
+ * getkey.c (merge_selfsigs_main): Removed checks on PHOTO_ID
+ because this is handled identically to a user ID.
+
+2001-07-06 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (write_header): Don't use MDC with --rfc1991. Suggested
+ by disastry@saiknes.lv.
+
+2001-07-05 Werner Koch <wk@gnupg.org>
+
+ * g10.c, options.h: New option --preserve-permissions.
+ * ringedit.c (add_keyblock_resource): Use it here
+ (keyring_copy): and here.
+
+ * trustdb.c (verify_own_keys): Be more silent on --quiet.
+ Suggested by Thomas Roessler.
+ * sig-check.c (check_key_signature2): Ditto.
+ * mainproc.c (proc_encrypted, proc_tree): Ditto
+ * getkey.c (lookup): Ditto.
+
+2001-07-04 Werner Koch <wk@gnupg.org>
+
+ * ringedit.c (add_keyblock_resource): Restore filename in case of error.
+
+2001-06-25 Werner Koch <wk@gnupg.org>
+
+ * kbnode.c (dump_kbnode): Print the signature timestamp.
+
+ * keyedit.c (keyedit_menu): New menu point "primary".
+ (change_primary_uid_cb): New.
+ (menu_set_primary_uid): New.
+ * sign.c (update_keysig_packet): New.
+ * build-packet.c (build_sig_subpkt): Put the primary UID flag into
+ the hashed area. Allow update of some more packets.
+
+2001-06-15 Werner Koch <wk@gnupg.org>
+
+ * getkey.c (merge_selfsigs): Exit gracefully when a secret key is
+ encountered. May happen if a secret key is in public keyring.
+ Reported by Francesco Potorti.
+
+2001-06-12 Werner Koch <wk@gnupg.org>
+
+ * getkey.c (compare_name): Use ascii_memistr(), ascii_memcasecmp()
+ * keyedit.c (keyedit_menu): Use ascii_strcasecmp().
+ * armor.c (radix64_read): Use ascii_toupper().
+ * ringedit.c (do_bm_search): Ditto.
+ * keygen.c (read_parameter_file): Ditto.
+ * openfile.c (CMP_FILENAME): Ditto.
+ * g10.c (i18n_init): We can now use just LC_ALL.
+
+2001-05-29 Werner Koch <wk@gnupg.org>
+
+ * keygen.c (generate_subkeypair): Print a warning if a subkey is
+ created on a v3 key. Suggested by Brian M. Carlson.
+
+2001-05-27 Werner Koch <wk@gnupg.org>
+
+ * keyid.c (get_lsign_letter): New.
+ * keylist.c (list_keyblock_colon): Use it here.
+ * mainproc.c (list_node): and here.
+
+ * getkey.c, packet.h, free-packet.c: Removed that useless key
+ created field; I dunno why I introducded this at all - the
+ creation time is always bound to the key packet and subject to
+ fingerprint calculation etc.
+
+ * getkey.c (fixup_uidnode): Add keycreated arg and use this
+ instead of the signature timestamp to calculate the
+ help_key_expire. Bug reported by David R. Bergstein.
+ (merge_selfsigs_main): Correct key expiration time calculation.
+ (merge_selfsigs_subkey): Ditto.
+
+2001-05-25 Werner Koch <wk@gnupg.org>
+
+ * revoke.c (gen_revoke): Add a cast to a tty_printf arg.
+ * delkey.c (do_delete_key): Ditto.
+ * keyedit.c (print_and_check_one_sig): Ditto.
+ (ask_revoke_sig): Ditto.
+ (menu_revsig): Ditto.
+ (check_all_keysigs): Removed unused arg.
+
+2001-05-23 Werner Koch <wk@gnupg.org>
+
+ * g10.c (opts): Typo fix by Robert C. Ames.
+
+2001-05-06 Werner Koch <wk@gnupg.org>
+
+ * revoke.c: Small typo fix
+
+2001-05-04 Werner Koch <wk@gnupg.org>
+
+ * passphrase.c (passphrase_clear_cache): Shortcut if agent usage
+ is not enabled.
+
+2001-05-01 Werner Koch <wk@gnupg.org>
+
+ * passphrase.c (writen): Replaced ssize_t by int. Thanks to
+ to Robert Joop for reporting that SunOS 4.1.4 does not have it.
+
+2001-04-28 Werner Koch <wk@gnupg.org>
+
+ * getkey.c (merge_public_with_secret): pkttype was not set to subkey.
+
+2001-04-27 Werner Koch <wk@gnupg.org>
+
+ * skclist.c (build_sk_list): Changed one log_debug to log_info.
+
+2001-04-25 Werner Koch <wk@gnupg.org>
+
+ * keyedit.c (show_prefs): Add a verbose mode.
+ (show_key_with_all_names): Pass verbose flag for special value of
+ with_pref.
+ (keyedit_menu): New command "showpref"
+ (show_key_with_all_names): Mark revoked uids and the primary key.
+
+2001-04-24 Werner Koch <wk@gnupg.org>
+
+ * getkey.c (get_primary_uid): Return a different string in case of
+ error and made it translatable.
+
+ * build-packet.c (do_secret_key): Ugly, we wrote a zero
+ instead of the computed ndays. Thanks to M Taylor for complaining
+ about a secret key import problem.
+
+2001-04-23 Werner Koch <wk@gnupg.org>
+
+ * hkp.c (hkp_ask_import): Allow to specify a port number for the
+ keyserver. Add a kudge to set the no_shutdown flag.
+ (hkp_export): Ditto.
+ * options.skel: Document the changes
+
+2001-04-20 Werner Koch <wk@gnupg.org>
+
+ * options.skel: Add some more comments.
+
+2001-04-19 Werner Koch <wk@gnupg.org>
+
+ * keyid.c (mk_datestr): New. Handles negative times. We must do
+ this because Windoze segvs on negative times passed to gmtime().
+ Changed all datestr_from function to use this one.
+
+ * keyid.c, keyid.h (colon_strtime): New. To implement the
+ fixed-list-mode.
+ (colon_datestr_from_pk): New.
+ (colon_datestr_from_sk): New.
+ (colon_datestr_from_sig): New.
+ * keylist.c (list_keyblock_colon): Use these functions here.
+ * mainproc.c (list_node): Ditto.
+
+2001-04-18 Werner Koch <wk@gnupg.org>
+
+ * openfile.c (open_sigfile): Fixed the handling of ".sign".
+ * mainproc.c (proc_tree): Use iobuf_get_real_fname.
+ Both are by Vincent Broman.
+
+2001-04-14 Werner Koch <wk@gnupg.org>
+
+ * getkey.c (fixup_uidnode): Removed check for !sig which is
+ pointless here. Thanks to Jan Niehusmann.
+
+2001-04-10 Werner Koch <wk@gnupg.org>
+
+ * sig-check.c (check_key_signature2): Use log_info instead of
+ log_error so that messed up keys do not let gpg return an error.
+ Suggested by Christian Kurz.
+
+ * getkey.c (merge_selfsigs_main): Do a fixup_uidnode only if we
+ have both, uid and sig. Thanks to M Taylor.
+
+2001-04-05 Werner Koch <wk@gnupg.org>
+
+ * armor.c (unarmor_pump_new,unarmor_pump_release): New.
+ (unarmor_pump): New.
+ * pipemode.c (pipemode_filter): Use the unarmor_pump to handle
+ armored or non-armored detached signatures. We can't use the
+ regular armor_filter because this does only check for armored
+ signatures the very first time. In pipemode we may have a mix of
+ armored and binary detached signatures.
+ * mainproc.c (proc_tree): Do not print the "old style" notice when
+ this is a pipemode processes detached signature.
+ (proc_plaintext): Special handling of pipemode detached sigs.
+
+ * packet.h (CTRLPKT_PLAINTEXT_MARK): New.
+ * parse-packet.c (create_gpg_control): New.
+ * kbnode.c (dump_kbnode): Support it here.
+ * mainproc.c (check_sig_and_print): Fixed the check for bad
+ sequences of multiple signatures.
+ (proc_plaintext): Add the marker packet.
+ (proc_tree): We can now check multiple detached signatures.
+
+2001-04-02 Werner Koch <wk@gnupg.org>
+
+ The length of encrypted packets for blocksizes != 8 was not
+ correct encoded. I think this is a minor problem, because we
+ usually use partial length packets. Kudos to Kahil D. Jallad for
+ pointing this out.
+ * packet.h: Add extralen to PKT_encrypted.
+ * cipher.c (write_header): Set extralen.
+ * build-packet.c (do_encrypted): Use extralen instead of const 10.
+ (do_encrypted_mdc): Ditto.
+ * parse-packet.c (parse_encrypted): Set extralen to 0 because we
+ don't know it here.
+
+2001-03-30 Werner Koch <wk@gnupg.org>
+
+ * getkey.c (premerge_public_with_secret): Changed wording an add
+ the keyID to the info message.
+
+2001-03-29 Werner Koch <wk@gnupg.org>
+
+ * getkey.c (premerge_public_with_secret): Use log_info instead of
+ log_error when no secret key was found for a public one.
+ Fix the usage if the secret parts of a key are not available.
+
+ * openfile.c (ask_outfile_name): Trim spaces.
+ (open_outfile): Allow to enter an alternate filename. Thanks to
+ Stefan Bellon.
+ * plaintext.c (handle_plaintext): Ditto.
+
+2001-03-28 Werner Koch <wk@gnupg.org>
+
+ * mainproc.c (do_check_sig): Allow direct key and subkey
+ revocation signature.
+ * sig-check.c (check_key_signature2): Check direct key signatures.
+ Print the signature class along with an error.
+
+2001-03-27 Werner Koch <wk@gnupg.org>
+
+ * packet.h: Add a missing typedef to an enum. Thanks to Stefan Bellon.
+
+ * g10.c: New option --no-sig-create-check.
+ * sign.c (do_sign): Implement it here.
+ * g10.c: New option --no-sig-cache.
+ * sig-check.c (check_key_signature2): Implement it here.
+ (cache_selfsig_result): and here.
+
+ * keylist.c (list_keyblock): Removed debugging stuff.
+
+ * getkey.c (cache_public_key): Made global.
+ * keygen.c (write_selfsig, write_keybinding): Cache the new key.
+
+ * getkey.c (key_byname): Add new arg secmode and changed all
+ callers to request explicitly the mode. Deriving this information
+ from the other supplied parameters does not work if neither pk nor
+ sk are supplied.
+
+2001-03-25 Werner Koch <wk@gnupg.org>
+
+ * packet.h (ctrlpkttype_t): New.
+ * mainproc.c (add_gpg_control,proc_plaintext,proc_tree): Use the
+ new enum values.
+ * pipemode.c (make_control): Ditto.
+ * armor.c (armor_filter): Ditto.
+
+2001-03-24 Werner Koch <wk@gnupg.org>
+
+ * sign.c (do_sign): Verify the signature right after creation.
+
+2001-03-23 Werner Koch <wk@gnupg.org>
+
+ * status.c, status.h (STATUS_UNEXPECTED): New.
+ * mainproc.c (do_proc_packets): And emit it here.
+
+2001-03-21 Werner Koch <wk@gnupg.org>
+
+ * status.c: Add sys/types.h so that it runs on Ultrix. Reported
+ by Georg Schwarz.x
+
+ * build-packet.c (build_sig_subpkt): Fixed generaton of packet
+ length header in case where 2 bytes headers are needed. Thanks to
+ Piotr Krukowiecki.
+
+2001-03-19 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main): the default keyring is no always used unless
+ --no-default-keyring is given.
+
+ * ringedit.c (add_keyblock_resource): invalidate cache after file
+ creation.
+
+2001-03-15 Werner Koch <wk@gnupg.org>
+
+ * keygen.c (ask_algo): Changed the warning of the ElGamal S+E Algo.
+
+ * keylist.c (print_capabilities): New.
+ (list_keyblock_colon): and use it here.
+
+2001-03-13 Werner Koch <wk@gnupg.org>
+
+ * main.c, options.h: New option --fixed_list_mode.
+ * keylist.c (list_keyblock_colon): use it here.
+
+ * getkey.c (merge_keys_and_selfsig): Divert merging of public keys
+ to the function used in key selection..
+ * keylist.c (is_uid_valid): Removed.
+ (list_keyblock): Splitted into ..
+ (list_keyblock_print, list_keyblock_colon): .. these.
+ functions. Changed them to use the flags set in the key lookup code.
+ (reorder_keyblock): New, so that primary user IDs are listed first.
+
+ * ringedit.c (keyring_copy): flush the new iobuf chaces before
+ rename or remove operations. This is mainly needed for W32.
+
+ * hkp.c [HAVE_DOSISH_SYSTEM]: Removed the disabled code because we
+ have now W32 socket support in ../util/http.c
+
+ * skclist.c (key_present_in_sk_list): New.
+ (is_duplicated_entry): New.
+ (build_sk_list): Check for duplicates and do that before unlocking.
+
+2001-03-12 Werner Koch <wk@gnupg.org>
+
+ * armor.c (parse_header_line): Removed double empty line check.
+ (parse_header_line): Replaced trim_trailing_ws with a counting
+ function so that we can adjust for the next read.
+
+ * options.skel: Fixed 3 typos. By Thomas Klausner. Replaced the
+ keyserver example by a better working server.
+
+ * parse-packet.c (parse_symkeyenc): Return Invalid_Packet on error.
+ (parse_pubkeyenc): Ditto.
+ (parse_onepass_sig): Ditto.
+ (parse_plaintext): Ditto.
+ (parse_encrypted): Ditto.
+ (parse_signature): Return error at other places too.
+ (parse_key): Ditto.
+ * g10.c (main): Set opt.list_packets to another value when invoked
+ with the --list-packets command.
+ * mainproc.c (do_proc_packets): Don's stop processing when running
+ under --list-packets command.
+
+ * signal.c (do_sigaction): Removed.
+ (init_one_signal): New to replace the above. Needed to support
+ systems without sigactions. Suggested by Dave Dykstra.
+ (got_fatal_signal,init_signals): Use the above here.
+ (do_block): Use sigset() if sigprocmask() is not available.
+
+ * armor.c (parse_hash_header): Test on TIGER192, which is the
+ correct value as per rfc2440. By Edwin Woudt.
+
+2001-03-08 Werner Koch <wk@gnupg.org>
+
+ * misc.c: Include time.h. By James Troup.
+
+ * getkey.c: Re-enabled the unknown user Id and PK caches and
+ increased their sizes.
+
+ * getkey.c (merge_selfsigs_main): Set expire date and continue
+ processing even if we found a revoked key.
+ (merge_selfsigs_subkeys): Ditto.
+
+ * packet.h: Add an is_revoked flag to the user_id packet.
+ * getkey.c (fixup_uidnode): Set that flag here.
+ (merge_selfsigs_main): Fix so that the latest signature is used to
+ find the self-signature for an UID.
+ * parse-packet.c (parse_user_id): Zero out all fields.
+ * mainproc.c (check_sig_and_print): Print the primary user ID
+ according the the node flag and then all other non-revoked user IDs.
+ (is_uid_revoked): Removed; it is now handled by the key selection code.
+
+ Changed the year list of all copyright notices.
+
+2001-03-07 Werner Koch <wk@gnupg.org>
+
+ * getkey.c (finish_lookup): Print an info message only in verbose mode.
+
+2001-03-05 Werner Koch <wk@gnupg.org>
+
+ * packet.h: Replaced sigsubpkt_t value 101 by PRIV_VERIFY_CACHE.
+ We have never used the old value, so we can do this without any harm.
+ * parse-packet.c (dump_sig_subpkt): Ditto.
+ (parse_one_sig_subpkt): Parse that new sub packet.
+ * build-packet.c (build_sig_subpkt): Removed the old one from the
+ hashed area.
+ (delete_sig_subpkt): New.
+ (build_sig_subpkt): Allow an update of that new subpkt.
+ * sig-check.c (check_key_signature2): Add verification caching
+ (cache_selfsig_result): New.
+ * export.c (do_export_stream): Delete that sig subpkt before exporting.
+ * import.c (remove_bad_stuff): New.
+ (import): Apply that function to all imported data
+
+2001-03-03 Werner Koch <wk@gnupg.org>
+
+ * getkey.c: Introduced a new lookup context flag "exact" and used
+ it in all place where we once used primary.
+ (classify_user_id2): Replaced the old function and add an extra
+ argument to return whether an exact keyID has been requested.
+ (key_byname): Removed the unused ctx.primary flag
+ (get_seckey_byname2): Ditto.
+ (finish_lookup): Changed debugging output.
+
+2001-03-02 Werner Koch <wk@gnupg.org>
+
+ * keylist.c (list_one): Remove the merge key calls.
+
+2001-03-01 Werner Koch <wk@gnupg.org>
+
+ * getkey.c (finish_lookup): Don't use it if we no specific usage
+ has been requested.
+ (merge_selfsigs_main): fix UID only if we have an signature.
+ (lookup): Return UNU_PUBKEY etc. instead of NO_PUBKEY if we found
+ a key but the requested usage does not allow this key.
+ * import.c (import_one): Take UNU_PUBKEY into account.
+ * mainproc.c (list_node): Ditto.
+ * keylist.c (list_keyblock): Ditto.
+ * keyedit.c (print_and_check_one_sig): Ditto.
+
+2001-02-09 Werner Koch <wk@gnupg.org>
+
+ * delkey.c (delete_key): Removed that silly assert which rendered
+ the whole new stuff meaningless.
+
+2001-02-08 Werner Koch <wk@gnupg.org>
+
+ * getkey.c (key_byname): It can happen that we have both, sk and pk
+ NULL, fix for that.
+
+ * parse-packet.c (parse_one_sig_subpkt): Add support for
+ primary_uid and key_flags.
+ (can_handle_critical): Ditto
+
+ * parse-packet.c (parse_encrypted): Fixed listing of pktlen for
+ MDC packets.
+
+ * getkey.c: Backported the version of this file from gpg 1.1. this
+ involved some changes in other files too.
+ * parse-packet.c (parse_key): Clear req_usage.
+ * skclist.c (build_sk_list): Use req_usage to pass the usage
+ information to the lookup function.
+ * pkclist.c (build_pk_list): Ditto.
+ * free-packet.c (copy_public_parts_to_secret_key): New.
+ * keydb.h: Add IS_* macros to check the sig_class.
+ * misc.c (openpgp_cipher_test_algo): New.
+ (openpgp_pk_test_algo): New.
+ (openpgp_pk_algo_usage): New.
+ (openpgp_md_test_algo): New.
+ * packet.h: Add a few fields to PKT_{public,secret}_key and
+ PKT_user_id.
+ * seckey-cert.c (do_check): Use the new main_keyid field.
+
+2001-02-04 Werner Koch <wk@gnupg.org>
+
+ * encr-data.c (decrypt_data): Catch error when we had problems to
+ parse the encrypted packet. By Timo.
+
+2001-01-29 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main): --batch does now set nogreeting.
+
+ * delkey.c (do_delete_key): Fixed delete-both functionality.
+
+2001-01-22 Werner Koch <wk@gnupg.org>
+
+ * g10.c: New command --delete-secret-and-public-key.
+ * delkey.c (delete_key): Add new arg allow_both.
+ (do_delete_key): Move most stuff from above to this new function.
+
+2001-01-12 Werner Koch <wk@gnupg.org>
+
+ * passphrase.c (passphrase_to_dek): Use MD5 when IDEA is installed
+ and we have no S2K.
+ * mainproc.c (proc_encrypted): Likewise
+
+2001-01-11 Werner Koch <wk@gnupg.org>
+
+ * sig-check.c (do_check): Print the signature key expire message
+ only in verbose mode and added the keyID.
+
+2001-01-09 Werner Koch <wk@gnupg.org>
+
+ * status.c, status.h: New status USERID_HINT.
+ (write_status_text): Replace LF and CR int text by C-escape sequence.
+
+ * passphrase.c (passphrase_to_dek): Fixed the NEED_PASSPHRASE
+ output. It does now always print 2 keyIDs. Emit the new
+ USERID_HINT.
+
+2001-01-08 Werner Koch <wk@gnupg.org>
+
+ * g10.c, options.h: New option --no-expensive-trust-checks.
+ * keylist.c (list_keyblock): Act on this option.
+
+2001-01-04 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main): Set homedir only in the pre-parsing phase and
+ replace backslashes in the W32 version.
+
+2001-01-03 Werner Koch <wk@gnupg.org>
+
+ * status.c, status.h : New status KEY_CREATED
+ * keygen.c (do_generate_keypair,generate_subkeypair): Emit it.
+
+2000-12-28 Werner Koch <wk@gnupg.org>
+
+ * signal.c (got_fatal_signal): Remove lockfiles here because the
+ atexit stuff does not work due to the use of raise. Suggested by
+ Peter Fales.
+ * gpgv.c (remove_lockfiles): New stub.
+
+2000-12-19 Werner Koch <wk@gnupg.org>
+
+ * status.c, status.h (cpr_get_no_help): New.
+ * keyedit.c (keyedit_menu): Use it here because we have our own
+ help list here.
+
+2000-12-18 Werner Koch <wk@gnupg.org>
+
+ * mainproc.c (print_failed_pkenc): Don't print the sometimes
+ confusing message about unavailabe secret key. Renamed ...
+ (print_pkenc_list): ... to this and introduced failed arg.
+ (proc_encrypted): Print the failed encryption keys and then
+ the one to be used.
+ (proc_pubkey_enc): Store also the key we are going to use.
+
+ * mainproc.c (check_sig_and_print): Don't list revoked user IDs.
+ (is_uid_revoked): New.
+
+2000-12-08 Werner Koch <wk@gnupg.org>
+
+ * pipemode.c: Made the command work. Currently only for
+ non-armored detached signatures.
+ * mainproc.c (release_list): Reset the new pipemode vars.
+ (add_gpg_control): Handle the control packets for pipemode
+ * status.c, status.h: New stati {BEGIN,END}_STREAM.
+
+2000-12-07 Werner Koch <wk@gnupg.org>
+
+ * g10.c: New option --allow-secret-key-import.
+ * import.c (import_keys,import_keys_stream): Honor this option.
+ (import): New arg allow_secret and pass that arg down to ...
+ (import_secret_one): to this and print a warning if secret key
+ importing is not allowed.
+
+2000-12-05 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (cipher_filter): Moved the end_encryption status ...
+ * encode.c (encode_simple,encode_crypt): to here
+ * sign.c (sign_file): and here.
+
+ * status.c (mywrite): Removed.
+ (get_status_string): Removed the LFs from the strings.
+ (set_status_fd,is_status_enabed,write_status_text,
+ write_status_buffer): Replaced all mywrite by stdio calls and use
+ fdopen to create a strem. This is needed to make things smoother
+ in the W32 version.
+
+2000-12-04 Werner Koch <wk@gnupg.org>
+
+ * import.c (merge_blocks): Increment n_sigs for revocations.
+
+2000-11-30 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main): Use iobuf_translate_file_handle for all options
+ with filehandles as arguments. This is function does some magic
+ for the W32 API.
+
+ * verify.c (verify_signatures): Add a comment rant about the
+ detached signature problem.
+ * mainproc.c (proc_tree): Issue an error if a detached signature
+ is assumed but a standard one was found.
+ * plaintext.c (hash_datafiles): Don't fall back to read signature
+ from stdin.
+ * openfile.c (open_sigfile): Print verbose message only if the
+ file could be accessed.
+
+2000-11-24 Werner Koch <wk@gnupg.org>
+
+ * passphrase.c [HAVE_DOSISH_SYSTEM]: Disabled all the agent stuff.
+
+2000-11-16 Werner Koch <wk@gnupg.org>
+
+ * g10.c: New option --use-agent
+ * passphrase.c (agent_open,agent_close): New.
+ (agent_get_passphrase,agent_clear_passphrase): New.
+ (passphrase_clear_cache): New.
+ (passphrase_to_dek): Use the agent here.
+ * seckey-cert.c (do_check): Clear cached passphrases.
+
+2000-11-15 Werner Koch <wk@gnupg.org>
+
+ * status.c (write_status_text): Moved the big switch to ...
+ (get_status_string): ... new function.
+ (write_status_buffer): New.
+
+ * status.c (mywrite): New and replaced all write() by this.
+
+ * status.c, status.h: Add 3 status lcodes for notaions and policy.
+ * mainproc.c (print_notation_data): Do status output of notations.
+
+2000-11-13 Werner Koch <wk@gnupg.org>
+
+ * sign.c (clearsign_file): Use LF macro to print linefeed.
+
+2000-11-11 Paul Eggert <eggert@twinsun.com>
+
+ Clean up the places in the code that incorrectly use "long" or
+ "unsigned long" for file offsets. The correct type to use is
+ "off_t". The difference is important on large-file hosts,
+ where "off_t" is longer than "long".
+
+ * keydb.h (struct keyblock_pos_struct.offset):
+ Use off_t, not ulong, for file offsets.
+ * packet.h (dbg_search_packet, dbg_copy_some_packets,
+ search_packet, copy_some_packets): Likewise.
+ * parse-packet.c (parse, dbg_search_packet, search_packet,
+ dbg_copy_some_packets, copy_some_packets): Likewise.
+ * ringedit.c (keyring_search): Likewise.
+
+ * parse-packet.c (parse): Do not use %lu to report file
+ offsets in error diagnostics; it's not portable.
+ * ringedit.c (keyring_search): Likewise.
+
+2000-11-09 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main): New option --enable-special-filenames.
+
+2000-11-07 Werner Koch <wk@gnupg.org>
+
+ * g10.c (main): New command --pipemode.
+ * pipemode.c: New.
+
+2000-10-23 Werner Koch <wk@gnupg.org>
+
+ * armor.c (armor_filter): Changed output of hdrlines, so that a CR
+ is emitted for DOS systems.
+
+ * keygen.c (read_parameter_file): Add a cast for isspace().
+
+ * status.c (myread): Use SIGINT instead of SIGHUP for DOS.
+
+2000-10-19 Werner Koch <wk@gnupg.org>
+
+ * g10.c: New option --ignore-crc-error
+ * armor.c (invalid_crc): New.
+ (radix64_read): Act on new option.
+
+ * openfile.c (try_make_homedir): Klaus Singvogel fixed a stupid
+ error introduced on Sep 6th.
+
+2000-10-18 Werner Koch <wk@gnupg.org>
+
+ * misc.c (print_cipher_algo_note): Don't print the note for AES.
+ Changed wording.
+
+2000-10-16 Werner Koch <wk@gnupg.org>
+
+ * mainproc.c (do_proc_packets): Hack to fix the problem that
+ signatures are not detected when there is a MDC packet but no
+ compression packet.
+
+ * g10.c (print_hashline): New.
+ (print_mds): Use above func with --with-colons.
+
+ * mainproc.c (check_sig_and_print): Detect multiple signatures
+ and don't verify them.
+
+2000-10-14 Werner Koch <wk@gnupg.org>
+
+ * mainproc.c (add_onepass_sig): There is an easier solution to the
+ error fixed yesterday; just check that we only have onepass
+ packets. However, the other solution provides an cleaner
+ interface and opens the path to get access to other information
+ from the armore headers.
+ (release_list): Reset some more variables.
+
+2000-10-13 Werner Koch <wk@gnupg.org>
+
+ * mainproc.c (add_gpg_control): New.
+ (do_proc_packets): use it.
+ (proc_plaintext): Changed logic to detect clearsigns.
+ (proc_tree): Check the cleartext sig with some new code.
+
+ * packet.h: New packet PKT_GPG_CONTROL.
+ * parse-packet.c (parse_gpg_control): New.
+ * misc.c (get_session_marker): New.
+ * armor.c (armor_filter): Replaced the faked 1-pass packet by the
+ new control packet.
+
+ * keyedit.c (keyedit_menu): Allow batchmode with a command_fd.
+ * status.c (my_read): New.
+ (do_get_from_fd): use it.
+
+2000-10-12 Werner Koch <wk@gnupg.org>
+
+ * keygen.c (keygen_add_std_prefs): Add Rijndael to the prefs.
+
+2000-10-07 Werner Koch <wk@gnupg.org>
+
+ * gpgv.c: Add more stubs for ununsed code to make the binary smaller.
+
+Wed Oct 4 15:50:18 CEST 2000 Werner Koch <wk@openit.de>
+
+ * sign.c (hash_for): New arg to take packet version in account, changed
+ call callers.
+
+ * gpgv.c: New.
+ * Makefile.am: Rearranged source files so that gpgv can be build with
+ at least files as possible.
+
+Mon Sep 18 12:13:52 CEST 2000 Werner Koch <wk@openit.de>
+
+ * hkp.c (not_implemented): Print a notice for W32
+
+Fri Sep 15 18:40:36 CEST 2000 Werner Koch <wk@openit.de>
+
+ * keygen.c (keygen_add_std_prefs): Changed order of preferences to
+ twofish, cast5, blowfish.
+
+ * pkclist.c (algo_available): Removed hack to disable Twofish.
+
+Thu Sep 14 17:45:11 CEST 2000 Werner Koch <wk@openit.de>
+
+ * parse-packet.c (dump_sig_subpkt): Dump key flags. Print special
+ warning in case of faked ARRs.
+
+ * getkey.c (finsih_lookup): Hack so that for v4 RSA keys the subkey
+ is used for encryption.
+
+Thu Sep 14 14:20:38 CEST 2000 Werner Koch <wk@openit.de>
+
+ * g10.c (main): Default S2K algorithms are now SHA1 and CAST5 - this
+ should solve a lot of compatibility problems with other OpenPGP
+ apps because those algorithms are SHOULD and not optional. The old
+ way to force it was by using the --openpgp option whith the drawback
+ that this would disable a couple of workarounds for PGP.
+
+ * g10.c (main): Don't set --quite along with --no-tty. By Frank Tobin.
+
+ * misc.c (disable_core_dump): Don't display a warning here but a return
+ a status value and ...
+ * g10.c (main): ...print warnining here. Suggested by Sam Roberts.
+
+Wed Sep 13 18:12:34 CEST 2000 Werner Koch <wk@openit.de>
+
+ * keyedit.c (keyedit_menu): Allow to use "debug" on the secret key.
+
+ * ringedit.c (cmp_seckey): Fix for v4 RSA keys.
+ * seckey-cert.c (do_check): Workaround for PGP 7 bug.
+
+Wed Sep 6 17:55:47 CEST 2000 Werner Koch <wk@openit.de>
+
+ * misc.c (print_pubkey_algo_note): Do not print the RSA notice.
+ * sig-check.c (do_signature_check): Do not emit the RSA status message.
+ * pubkey-enc.c (get_session_key): Ditto.
+
+ * encode.c (encode_simple, encode_crypt): Fix for large files.
+ * sign.c (sign_file): Ditto.
+
+Wed Sep 6 14:59:09 CEST 2000 Werner Koch <wk@openit.de>
+
+ * passphrase.c (hash_passphrase): Removed funny assert. Reported by
+ David Mathog.
+
+ * openfile.c (try_make_homedir): Changes for non-Posix systems.
+ * g10.c (main): Take the default homedir from macro.
+
+ * g10.c: The --trusted-key option is back.
+ * trustdb.c (verify_own_key): Handle this option.
+ (add_ultimate_key): Moved stuff from verify_own_key to this new func.
+ (register_trusted_key): New.
+
+Fri Aug 25 16:05:38 CEST 2000 Werner Koch <wk@openit.de>
+
+ * parse-packet.c (dump_sig_subpkt): Print info about the ARR.
+
+ * openfile.c (overwrite_filep): Always return okay if the file is
+ called /dev/null.
+ (make_outfile_name): Add ".sign" to the list of know extensions.
+ (open_sigfile): Ditto.
+
+Wed Aug 23 19:52:51 CEST 2000 Werner Koch <wk@openit.de>
+
+ * g10.c: New option --allow-freeform-uid. By Jeroen C. van Gelderen.
+ * keygen.c (ask_user_id): Implemented here.
+
+Fri Aug 4 14:23:05 CEST 2000 Werner Koch <wk@openit.de>
+
+ * status.c (do_get_from_fd): Ooops, we used fd instead of opt.command_fd.
+ Thanks to Michael Tokarev.
+
+Tue Aug 1 20:06:23 CEST 2000 Werner Koch <wk@openit.de>
+
+ * g10.c: New opttion --try-all-secrets on suggestion from Matthias Urlichs.
+ * pubkey-enc.c (get_session_key): Quite easy to implement here.
+
+Thu Jul 27 17:33:04 CEST 2000 Werner Koch <wk@openit.de>
+
+ * g10.c: New option --merge-only. Suggested by Brendan O'Dea.
+ * import.c (import_one): Implemented it here
+ (import_secret_one): Ditto.
+ (print_stats): and give some stats.
+
+Thu Jul 27 12:01:00 CEST 2000 Werner Koch <wk@openit.de>
+
+ * g10.c: New options --show-session-key and --override-session-key
+ * pubkey-enc.c (hextobyte): New.
+ (get_override_session_key): New.
+ * mainproc.c (proc_pubkey_enc): Add session-key stuff.
+ * status.h, status.c (STATUS_SESSION_KEY): New.
+
+Thu Jul 27 10:02:38 CEST 2000 Werner Koch <wk@openit.de>
+
+ * g10.c (main): Use setmode(O_BINARY) for MSDOS while generating random bytes
+ (print_mds): Likewise for stdin.
+ * plaintext.c (handle_plaintext): Likewise for stdout.
+
+Mon Jul 24 10:30:17 CEST 2000 Werner Koch <wk@openit.de>
+
+ * keyedit.c (menu_expire): expire date for primary key can be set again.
+
+Wed Jul 19 11:26:43 CEST 2000 Werner Koch <wk@openit.de>
+
+ * keylist.c (is_uid_valid): New.
+ (list_keyblock): Print validity information for all user IDs. Note, this
+ has to be done at other places too; for now we have only minimal support.
+
+Wed Jul 12 13:32:06 CEST 2000 Werner Koch <wk@openit.de>
+
+ * helptext.c, pkclist.c: s/superseeded/superseded/
+
+Mon Jul 10 16:08:57 CEST 2000 Werner Koch <wk@openit.de>
+
+ * parse-packet.c (enum_sig_subpkt): Fixed testing on crtitical bit in case
+ of a NULL buffer. Reported by Peter Marschall.
+
+Wed Jul 5 13:28:45 CEST 2000 Werner Koch <wk@openit.de>
+
+ * keyedit.c, keyid.c: Add some _()
+
+ * argparse.c: Changed the flag to suppress --version handling to also
+ suppress --help.
+
+Wed Jun 28 11:54:44 CEST 2000 Werner Koch <wk@openit.de>
+
+ * armor.c (armor_filter): Set sigclass to 0 in case of non-dash-escaped
+ clearsig. This makes this mode work again.
+
+ * mainproc.c (proc_tree): Fixed handling of one-pass-sig packets in textmode.
+ Disabled the ugly workaround for PGP 5 - let's see whether thi breaks less
+ cases. Found by Ted Cabeen.
+
+ * options.h (DBG_HASHING): New. All commented md_start_debug are now
+ controlled by this debug option.
+
+ * sign.c (print_status_sig_created): New and called from 2 places.
+
+ * keygen.c (gen_rsa): New, but commented.
+ (ask_algo): Commented support for RSA.
+
+ * seckey-cert.c (protect_secret_key): Started to fix the code for v4 RSA
+ keys - it is not solved yet. However, we have time until, Sep 20th ;)
+
+Wed Jun 14 12:27:09 CEST 2000 Werner Koch <wk@openit.de>
+
+ * status.c (init_shm_coprocessing): Changed the sequence of the get,attach
+ to cope with the changes in newer Linux kernels. This bug has been found
+ by <dmitri@advantrix.com> who also proposed this solution. Hopefully
+ this does not break gpg on to many systems.
+
+ * cipher.c (write_header): Protect the IV with the MDC too.
+ * encr-data.c (decrypt_data): Likewise.
+
+Fri Jun 9 10:09:52 CEST 2000 Werner Koch <wk@openit.de>
+
+ * g10.c: New options --no-auto-key-retrieve
+ * options.h (auto_key_retrieve): New.
+ * mainproc.c (check_sig_and_print): Implemented that.
+
+Wed Jun 7 19:19:09 CEST 2000 Werner Koch <wk@openit.de>
+
+ * sig-check.c (do_check): Use EMULATE_MDENCODE also on v4 packets.
+
+Wed Jun 7 17:25:38 CEST 2000 Werner Koch <wk@openit.de>
+
+ * cipher.c (write_header): Use plain CFB mode for MDC encrypted packets.
+ * encr-data.c (decrypt_data): Ditto.
+
+Mon Jun 5 23:41:54 CEST 2000 Werner Koch <wk@openit.de>
+
+ * seskey.c (do_encode_md, encode_md_value): Add new arg v3compathack to work
+ around a bug in old versions.
+ * sig-check.c (do_check): use the aboved workaround when enabled.
+ * g10.c: New option --emulate-md-decode-bug
+
+Mon Jun 5 12:37:43 CEST 2000 Werner Koch <wk@openit.de>
+
+ * build-packet.c (do_mdc): New.
+ (do_encrypted_mdc): Changed for the new proposal.
+ * parse-packet.c (parse_mdc): New.
+ (parse_encrypted): Fixed for the new proposal.
+ * packet.h (PKT_MDC): New.
+ * cipher.c (cipher_filter): Build the MDC packet here.
+ * g10.c (main): Enable --force-mdc.
+ * encr-data.c (mdc_decode_filter): Fixed for new MDC method
+
+ * options.h(rfc2440): New.
+ * g10.c (main): Changed the selected values for --openpgp to not include
+ optional algorithms.
+
+Thu May 18 11:38:54 CEST 2000 Werner Koch <wk@openit.de>
+
+ * keyedit.c (keyedit_menu): Add a keyword arg to the prompt.
+
+ * status.c, status.h: Added 3 new status tokens.
+ * status.c (do_get_from_fd): New.
+ (cpr_enabled,cpr_get,cpr_get_hidden,cpr_kill_prompt,
+ cpr_get_answer_is_yes,cpr_get_answer_yes_no_quit): Modified to work
+ with the new function.
+ * g10.c: Add new option --command-fd.
+
+ * status.c (progress_cb): New.
+ (set_status_fd): Register progress functions
+
+Fri May 12 14:01:20 CEST 2000 Werner Koch <wk@openit.de>
+
+ * delkey.c (delete_key): Add 2 new status messages
+ * status.c, status.h (STATUS_DELETE_PROBLEM): New.
+
+ Fixed years of copyright in all source files.
+
+Mon May 1 17:08:14 CEST 2000 Werner Koch <wk@openit.de>
+
+ * trustdb.c (propagate_validity): Fixed the bug that only one uid
+ gets fully trusted even when all are signed by an ultimate key.
+
+Mon May 1 15:38:04 CEST 2000 Werner Koch <wk@openit.de>
+
+ * getkey.c (key_byname): Always returned a defined context. Fixed
+ a segv for invalid user id specifications. Reported by Walter Koch.
+
+ * getkey.c (get_user_id): I18ned "no user id" string. By Walter.
+
+ * pkclist.c (do_show_revocation_reason): Typo fixes.
+ * helptext.c: Ditto.
+
+ * armor.c (armor_filter): Fixed some CRLF issues. By Mike McEwan.
+
+Fri Apr 14 19:37:08 CEST 2000 Werner Koch <wk@openit.de>
+
+ * pkclist.c (do_show_revocation_reason): New.
+ (show_revocation_reason): New and called at various places.
+
+ * g10.c (main): Fixed small typo.
+
+ * pkclist.c (do_we_trust): Act on always_trust but not for revoked
+ keys. Suggested by Chip Salzenberg.
+
+ * g10.c: New option --lock-never.
+
+ * ringedit.c (get_writable_keyblock_file): New.
+ * keygen.c (do_generate_keypair): Use this instead of the hardwired one.
+
+ * keygen.c (ask_user_id): Check that the email address is in the
+ correct field. Suggested by Christian Kurz.
+
+Mon Apr 10 13:34:19 CEST 2000 Werner Koch <wk@openit.de>
+
+ * keyedit.c (show_key_with_all_names): s/sbb/ssb/
+
+Tue Mar 28 14:26:58 CEST 2000 Werner Koch <wk@openit.de>
+
+ * trustdb.c (verify_own_keys): Do not print warning about unprotected
+ key when in quiet mode.
+
+Wed Mar 22 13:50:24 CET 2000 Werner Koch <wk@openit.de>
+
+ * mainproc.c (print_userid): Do UTF8 conversion before printing.
+ * import.c (import_one): Ditto.
+ (import_secret_one): Ditto.
+ (delete_inv_parts): Ditto.
+
+Thu Mar 16 16:20:23 CET 2000 Werner Koch <wk@openit.de>
+
+ * keylist.c (print_key_data): Handle a NULL pk gracefully.
+
+ * getkey.c (merge_one_pk_and_selfsig): Fixed silly code for
+ getting the primary keys keyID but kept using the one from the
+ subkey.
+ * pubkey-enc.c (get_it): Print a note for expired subkeys.
+
+ * getkey.c (has_expired): New.
+ (subkeys_expiretime): New.
+ (finish_lookup): Check for expired subkeys needed for encryption.
+ (merge_keys_and_selfsig): Fixed expiration date merging for subkeys.
+
+ * keylist.c (list_keyblock): Print expiration time for "sub".
+ (list_one): Add missing merging for public keys.
+ * mainproc.c (list_node): Ditto.
+
+2000-03-14 13:49:38 Werner Koch (wk@habibti.openit.de)
+
+ * keygen.c (keyedit_menu): Do not allow to use certain commands
+ while the secret key is selected.
+
+2000-03-09 12:53:09 Werner Koch (wk@habibti.openit.de)
+
+ * keygen.c (ask_expire_interval): Movede parsig to ...
+ (parse_expire_string): ... this new function. And some new control
+ commands.
+ (proc_parameter_file): Add expire date parsing.
+ (do_generate_keypair): Allow the use of specified output files.
+
+2000-03-08 10:38:38 Werner Koch (wk@habibti.openit.de)
+
+ * keygen.c (ask_algo): Removed is_v4 return value and the commented
+ code to create Elg keys in a v3 packet. Removed the rounding
+ of key sizes here.
+ (do_create): Likewise removed arg v4_packet.
+ (gen_elg): Likewise removed arg version. Now rounding keysizes here.
+ (gen_dsa): Rounding keysize now here.
+ (release_parameter_list): New
+ (get_parameter*): New.
+ (proc_parameter_file): New.
+ (read_parameter_file): New.
+ (generate_keypair): Splitted. Now uses read_parameter_file when in
+ batch mode. Additional argument to specify a parameter file.
+ (do_generate_keypair): Main bulk of above fucntion and uses the
+ parameter list.
+ (do_create): Don't print long notice in batch mode.
+ * g10.c (main): Allow batched key generation.
+
+Thu Mar 2 15:37:46 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * pubkey-enc.c (get_it): Print a note about unknown cipher algos.
+
+ * g10.c (opts): Add a note to the help listing about the man page
+ and removed some options from the help listing.
+
+ * keyedit.c (print_and_check_one_sig): Use a new function to truncate
+ the output of the user ID. Suggested by Jan-Benedict Glaw.
+
+Wed Feb 23 10:07:57 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * helptext.c: typo fix.
+
+Thu Feb 17 13:39:32 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * revoke.c: Removed a bunch of commented code.
+
+ * packet.h (SIGSUBPKT_REVOC_REASON): New.
+ * build-packet.c (build_sig_subpkt): Support new sub packet.
+ * parse-packet.c (parse_one_sig_subpkt): Ditto.
+ (dump_sig_subpkt): Ditto.
+ * revoke.c (ask_revocation_reason): New.
+ (release_revocation_reason_info): New.
+ (revocation_reason_build_cb): New.
+ (gen_revoke): Ask for reason.
+ * main.h (struct revocation_reason_info): Add declaration.
+ * keyedit.c (menu_revsig): Add support for revocation reason.
+ (menu_revkey): Ditto.
+ (sign_uid_mk_attrib): Renamed to ...
+ (sign_mk_attrib): ... this, made static and add support for reasons.
+
+Tue Feb 15 08:48:13 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * build-packet.c (build_packet): Fixed fixing of old comment packets.
+
+ * import.c (import_keys): Fixed importing from stdin when called with
+ nnames set to zero as it normally happens.
+
+Mon Feb 14 14:30:20 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * sig-check.c (check_key_signature2): Add new arg r_expired.
+ (do_signature_check): New arg to pass it down to ...
+ (do_check): New arg r-expire which is set when the signature
+ has expired.
+ * trustdb.c (check_sig_record): Set SIGF_EXPIRED flag and set
+ the expiretime to zero so that thi signature will not be checked
+ anymore.
+
+Fri Feb 11 17:44:40 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * g10.c (g10_exit): Update the random seed_file.
+ (main): Set the random seed file. New option --no-random-seed-file.
+
+Thu Feb 10 17:39:44 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * keyedit.c (menu_expire): Fixed segv due to unitialized sub_pk.
+ By Rémi.
+
+Thu Feb 10 11:39:41 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * keylist.c (list_keyblock): Don't print warnings in the middle of
+ regulat output lines. By Rémi.
+
+ * sig-check.c: Include options.h
+
+Wed Feb 9 15:33:44 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * gpg.c: New option --ignore-time-conflict
+ * sig-check.c (do_check): Implemented this option.
+ * trustdb.c (check_trust): Ditto.
+ * sign.c (do_sign): Ditto.
+ * keygen.c (generate_subkeypair): Ditto.
+
+ * encode.c (encode_simple): use iobuf_cancel after open failure.
+ Reported by Huy Le.
+
+Fri Jan 14 18:32:01 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * packet.h (STRING2KEY): Changed mode from byte to int.
+ * parse-packet.c (parse_key): Add the special GNU protection stuff
+ * build-packet.c (so_secret_key): Ditto.
+ * seckey-cert.c (do_check): Ditto.
+ * keyedit.c (change_passphrase): Ditto.
+ * export.c (export_secsubkeys): New.
+ (do_export_stream): Hack to export the primary key using mode 1001.
+ * g10.c: New command --export-secret-subkeys
+
+Thu Jan 13 19:31:58 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * armor.c (is_armored): Check for 1-pass-sig packets. Reported by
+ David Hallinan <hallinan@rtd.com>.
+ (armor_filter): Replaced one LF by the LF macro. Reported by
+ Wolfgang Redtenbacher.
+
+Wed Jan 5 11:51:17 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * g10.c (main): Reset new global flag opt.pgp2_workarounds
+ when --openpgp is used.
+ * mainproc.c (proc_plaintext): Do the PGP2,5 workarounds only
+ when the global flag is set.
+ (proc_tree): Ditto.
+ * textfilter.c (copy_clearsig_text): Ditto.
+ * armor.c (armor_filter): Ditto.
+
+ * g10.c: New option --list-only
+ * mainproc.c (proc_tree): Don't do it if opt.list_only is active.
+ (proc_pubkey_enc): Implement option.
+
+ * status.h, status.c ({BEGIN,END}_{EN,DE}CRYPTION): New.
+ * cipher.c (cipher_filter): New status outputs.
+ * mainproc.c (proc_encrypted): New status outputs.
+
+Fri Dec 31 14:08:15 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * armor.c (armor_filter): Made the "Comment:" header translatable.
+
+ * hkp.c (hkp_import): Make sure that the program does not return
+ success when there is a connection problem. Reported by Phillip Jones.
+
+Sun Dec 19 15:22:26 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * armor.c (LF): Use this new macro at all places where a line LF
+ is needed. This way DOSish textfiles should be created when the
+ input data is also in dos mode.
+ * sign.c (LF): Ditto.
+ * textfilter.c (LF): Ditto.
+ (copy_clearsig_text): Disabled the forcing of CR,LF sequences
+ for DOS systems.
+
+ * plaintext.c (handle_plaintext): Fixes for line endings on DOS.
+ and react on a LF in cleartext.
+ * armor.c (fake_packet): Restore the original line ending after
+ removing trailing spaces.
+
+ * signal.c (got_fatal_signal): DOS fix.
+
+Thu Dec 16 10:07:58 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * mainproc.c (print_failed_pkenc): Fix for unknown algorithm.
+ Found by fygrave@epr0.org.
+
+Thu Dec 9 10:31:05 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * hkp.c: i18n the strings.
+
+Sat Dec 4 15:32:20 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * trustdb.c (verify_key): Shortcut for ultimately trusted keys.
+
+Sat Dec 4 12:30:28 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * pkclist.c (build_pk_list): Validate the trust using the namehash
+ if this one has been set by the key lookup.
+
+ * g10.c: Add --delete-secret-key to the help page.
+
+ * openfile.c (copy_options_file): Made static.
+ (try_make_homedir): New.
+ * ringedit.c (add_keyblock_resource): Use the try_make_hoemdir logic.
+ * tdbio.c (tdbio_set_dbname): Likewise.
+
+ * keygen.c (generate_user_id): Use m_alloc_clear() here. We should
+ better use an allocation function specific to the user_id packet.
+
+ * keygen.c (keygen_add_std_prefs): Changed symmetric preferences
+ to include Blowfish again. This is due to it's better speed compared
+ to CAST5.
+
+ * g10.c (strusage): Print the home directory.
+
+ * armor.c (armor_filter): Take action on the cancel control msg.
+ * filter.h (armor_filter_context_t): Add cancel flag.
+
+Mon Nov 29 21:52:11 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * g10.c: New option --fast-list-mode ..
+ * keylist.c (list_keyblock): .. and implemented.
+ * mainproc.c (list_node): Ditto.
+
+ * import.c (mark_non_selfsigned_uids_valid): Fixed the case that there
+ is a uid without any packet following.
+
+Mon Nov 22 11:14:53 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * mainproc.c (proc_plaintext): Never enable the hash processing
+ when skip_verify is active.
+
+ * armor.c (parse_header_line): Stop parsing on a WS line too.
+ Suggested by Aric Cyr.
+
+ * tdbdump.c (HEXTOBIN): Changed the name of the argument, so that
+ traditional cpp don't mess up the macros. Suggested by Jos Backus.
+
+ * mainproc.c (list_node): Print the PK algo in the --with-colon mode.
+ * keylist.c (list_keyblock): Ditto.
+
+ * signal.c (got_fatal_signal): Found the reason why exit(8) did not
+ work - it is better to set the disposition back to default before
+ raising the signal. Print the notice on stderr always.
+
+Fri Nov 12 20:33:19 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * g10.c (make_username): Swapped the logic.
+ * keylist.c (public_key_list): Now takes a STRLIST as arg and moved
+ the creation ot this list to the caller, so that he can copy with
+ UTF-conversion of user IDs. Changed all callers.
+ (secret_key_list): Likewise.
+
+ * getkey.c (get_user_id_string_native): New and ...
+ * encode.c (write_pubkey_enc_from_list): ... use it here.
+
+ * pubring.asc: Updated.
+
+ * packet.h (PKT_PHOTO_ID): New.
+ * parse-packet.c (parse_photo_id): New.
+ * build-packet.c (do_user_id: Handle photo IDs.
+ (build_packet): Change CTB for photo IDs
+ * free-packet.c (free_user_id): Release memory used for photo IDs
+ * sig-check.c (hash_uid_node): Handle photo IDs too.
+ * trustdb.c (print_uid_from_keyblock): Hash photo ID.
+ (make_uid_records): Ditto.
+ * getkey.c (find_by_name): Ditto.
+ * keyedit.c (show_prefs): Ditto.
+ * keylist.c (list_keyblock): Ditto.
+
+Thu Oct 28 16:08:20 CEST 1999 Werner Koch <wk@gnupg.de>
+
+ * keygen.c (ask_expire_interval): Print a warning for systems
+ with a signed 32 time_t if the exiration time is beyoind 2038.
+
+Fri Oct 8 20:40:50 CEST 1999 Werner Koch <wk@gnupg.de>
+
+ * ringedit.c (enum_keyblocks): The last fix way really stupid;
+ reverted and set rt to Unknown.
+
+Fri Oct 8 20:32:01 CEST 1999 Werner Koch <wk@gnupg.de>
+
+ * ringedit.c (enum_keyblocks): Zero the entire kbpos out on open.
+
+ * g10.c (oEntropyDLL): Removed option.
+ (main): Made the warning on development versions more verbose.
+
+ * g10.c (oHonorHttpProxy): New option.
+ * hkp.c (hkp_ask_import,hkp_export): Implement this option.
+ * options.skel: Enable this option for new installations
+
+Mon Oct 4 21:23:04 CEST 1999 Werner Koch <wk@gnupg.de>
+
+ * import.c (import_keys): Changed calling interface, adjusted caller.
+ (import): Moved printing of stats out ...
+ (print_stats): New. ... to here.
+ (import_keys_stream): Call stats print here.
+ (import_keys): Print stats as totals for all files.
+
+ * tdbio.h (DIRF_NEWKEYS): New
+ * tdbio.c (tdbio_dump_record): Print the new flag.
+ * trustdb.c (check_trust_record): New arg sigs_only. Adapted all
+ callers.
+ (do_update_trust_record): Removed recheck arg and add a new sigs_only
+ do we can later improve on the performance. Changed all callers too.
+ (check_trustdb): Evalutate the new flag and add a status output.
+ Do a check when the dir record has not been checked.
+ (build_cert_tree): Evaluate the new flag.
+ (check_trust): Ditto. Do a trust_record check, when the dir record
+ is not marked as checked.
+ (mark_fresh_keys): New.
+ (clear_lid_table): New.
+ (sync_trustdb): New.
+ * import.c (import_keys): Call sync_trustdb() after processing.
+ (import_keys_stream): Ditto.
+ * tdbdump.c (import_ownertrust): Ditto.
+
+ * import.c (import_revoke_cert): Notify the trust DB.
+ (do_update_trust_record): Use |= to set the REVOKED bit and not &=;
+ shame on me for this bad copy+paste introduced bug.
+ (do_we_trust): Add trustmask to allow revoked key override to work.
+ Chnaged are to allow return of a mofified trustlevel. Adapted the
+ one caller.
+
+ * g10.c: New options --emulate-3des-s2k-bug
+ * passphrase.c (hash_passphrase): Implemented above.
+
+ * mainproc.c (proc_tree): Check for standalone signatures.
+ (do_check_sig): Print a notice for a standalone revocation
+ (check_sig_and_print): Do not print an error for unchecked standalone
+ revocations.
+
+Tue Sep 28 20:54:37 CEST 1999 Werner Koch <wk@gnupg.de>
+
+ * encode.c (encode_simple): Use new CTB when we don't have the
+ length of the file. This is somewhat strange as the comment above
+ indicates that this part is actually fixed for PGP 5 - maybe I simply
+ lost the source line, tsss.
+
+ * armor.c (armor_filter): Set a flag if no OpenPGP data has been found.
+ * verify.c (verify_signatures): Add an error helptext.
+
+Thu Sep 23 19:24:30 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * openfile.c (open_outfile): Fixed the 8dot3 handling.
+
+ * passphrase.c (passphrase_to_dek): Print uid using utf8 func.
+ * delkey.c (delete_key): Ditto.
+ * pkclist.c (show_paths,do_edit_ownertrust,do_we_trust): Ditto
+ (do_we_trust_pre): Ditto.
+ * trustdb.c (print_user_id,check_uidsigs): Ditto.
+ * revoke.c (gen_revoke,ask_revoke_sig): Ditto.
+
+Thu Sep 23 09:52:58 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * verify.c (print_file_status): New.
+ (verify_one_file): Moved status print to th new fnc. Add error status.
+ * status.c, status.h (STATUS_FILE_ERROR): New
+
+Wed Sep 22 10:14:17 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * openfile.c (make_outfile_name): Use case-insenstive compare for
+ DOS systems. Add ".pgp" to the list of know extensions.
+ (open_outfile): For DOS systems try to replace the suffiy instead of
+ appending it.
+
+ * status.c, status.h: Add STATUS_FILE_{START,DONE}.
+ * verify.c (verify_one_file): Emit these new stati.
+
+ * sign.c (clearsign_file): Avoid duplicated Entries in the "Hash:"
+ line. Those headers are now only _not_ printed when there are
+ only old-style keys _and_ all hashs are MD5.
+
+Mon Sep 20 12:24:41 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+
+ * verify.c (verify_files, ferify_one_file): New.
+ * g10.c: New command --verify-files
+
+Fri Sep 17 12:56:42 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * g10.c: Add UK spelling as alias for armor options ;-)
+
+ * import.c (append_uid): Fixed a SEGV when there is no selfsig and
+ no subkey.
+ (merge_sigs): Ditto. Removed the assertion.
+
+Wed Sep 15 16:22:17 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * g10.c: New option --entropy-dll-name
+
+Mon Sep 13 10:51:29 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * signal.c (got_fatal_signal): Print message using write(2) and
+ only for development versions.
+
+Mon Sep 6 19:59:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * tdbio.c (tdbio_set_dbname): Use mkdir macro
+ * ringedit.c (add_keyblock_resource): Ditto.
+
+Fri Sep 3 10:04:45 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * pkclist.c (build_pk_list): Skip keys set with --encrypt-to also
+ when asking for a key.
+
+ * plaintext.c (handle_plaintext): Make sure that we don't read a
+ second EOF in the read loop for partial length packets.
+
+ * mainproc.c (check_sig_and_print): print user ID as utf-8.
+
+Thu Sep 2 16:40:55 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * import.c (merge_blocks): First add new subkeys, then merge subkey
+ certificates.
+ (merge_sigs): Don't merge subkey signatures here.
+
+Wed Sep 1 15:30:44 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * keygen.c (ask_expire_interval): Fixed bug related to cpr_xx (tnx
+ Francis J. Lacoste).
+
+Tue Aug 31 17:20:44 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * plaintext.c (do_hash): Hash CR,LF for a single CR.
+ (ask_for_detached_datafile): Changed arguments to be closer to
+ those of hash_datafiles and cleanup the code a bit.
+ * mainproc.c (proc_tree): Workaround for pgp5 textmode detached
+ signatures. Changed behavior of asking for data file to be the same
+ as with provided data files.
+
+ * keylist.c (list_keyblock): Use UTF8 print functions.
+
+Mon Aug 30 20:38:33 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * import.c (chk_self_sigs): some s/log_error/log_info/ so that gpg
+ does not return an error if a key has some invalid packets.
+
+ * helptext.c: Fixed some typos and changed the way the
+ translation works. The english text is now the keyword for gettext
+ and not anymore the keyword supplied to the function. Done after
+ some discussion with Walter who thinks this is much easier for the
+ translators.
+
+ * misc.c (disable_core_dumps): Don't do it for DOSish systems.
+
+ * signal.c (signal_name): Bounds check on signum.
+
+Wed Aug 4 10:34:18 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * pubring.asc: Updated.
+
+ * pkclist.c (do_we_trust_pre,check_signatures_trust): Do not print
+ the warning about --always_trust when --quiet is used.
+
+ * pkclist.c (fpr_info): New and called at several places.
+
+ * parse-packet.c (dump_sig_subpkt): List revocation key contents.
+
+Mon Jul 26 09:34:46 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * pkclist.c (build_pk_list): Fixed typo in format string.
+
+ * trustdb.c (create_shadow_dir): Don't translate the error string.
+
+ * g10.c (main): Fixed spelling of user-id.
+ * getkey.c (find_by_name_pk,find_by_name_sk,
+ find_by_keyid,find_by_keyid_sk): Ditto and translate it.
+ * import.c (mark_non_selfsigned_uids_valid,delete_inv_parts): Ditto.
+
+
+Mon Jul 26 01:01:39 CEST 1999 Michael Roth <mroth@nessie.de>
+
+ * g10.c, options.h: New options --no-literal and --set-filesize
+
+ * encode.c (encode_simple, encode_crypt): Support for the options
+ --no-literal and --set-filesize.
+
+ * sign.c (sign_file): ditto.
+
+Fri Jul 23 13:53:03 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+
+ * ringedit.c (enum_keyblocks): Removed annoying error message in cases
+ when we have no keyring at all to enum.
+
+ * getkey.c (classify_user_id): Rewrote to relax the recognition of
+ keyIDs and fingerprints (Michael).
+
+ * mainproc.c (check_sig_and_print): Print status NO_PUBKEY.
+ (print_failed_pkenc): Print status NO_SECKEY.
+
+ * import.c (mark_non_selfsigned_uids_valid): New.
+ * g10.c: New option --allow-non-selfsigned-uid.
+
+ * pkclist.c (print_fpr): New.
+ (do_we_trust_pre): Print the fpr before asking whether to use the key
+ anyway.
+ (do_edit_ownertrust): Likewise.
+
+Thu Jul 22 20:03:03 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+
+ * ringedit.c (enum_keyblocks): Removed annoying error message in cases
+ when we have no keyring at all to enum.
+
+ * getkey.c (classify_user_id): Rewrote to relax the recognition of
+ keyIDs and fingerprints (Michael).
+
+ * mainproc.c (check_sig_and_print): Print status NO_PUBKEY.
+ (print_failed_pkenc): Print status NO_SECKEY.
+
+ * import.c (mark_non_selfsigned_uids_valid): New.
+ * g10.c: New option --allow-non-selfsigned-uid.
+
+Thu Jul 15 10:15:35 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * g10.c: New options --disable-{cipher,pubkey}-algo.
+
+Wed Jul 14 19:42:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * status.h (STATUS_IMPORTED): New.
+ * import.c (import): Print some status information (Holger Schurig).
+
+ * g10.c (main): Make --no-greeting work again. Add a warning when
+ --force-mds is used.
+
+Tue Jul 13 17:39:25 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * pkclist.c (do_edit_ownertrust): Changed the way help works.
+ (build_pk_list): Implemented default recipient stuff.
+ * g10.c: New options --default-recipient[-self]
+ (main): Suppress greeting in most cases, entering a passphrase or
+ a missing value is not considered to be interactive use.
+ Merged --print-md and --print-mds; the latter is now obsolete.
+ Changed the way --gen-random works and documented it.
+ Changed the way --gen-prime works and add a man entry.
+ * g10.c (MAINTAINER_OPTIONS): Removed.
+
+Mon Jul 12 18:45:57 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * keyedit.c (keyedit_menu): Add arg sign_mode and changed callers
+ * g10.c (main): New command --lsign-key.
+
+Mon Jul 12 14:55:34 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * mainproc.c (kidlist_item): New.
+ (release_list): Release failed pk-enc-list.
+ (print_failed_pkenc): New
+ (proc_encrypted): Print info about failed PK enc.
+
+ * openfile.c (make_outfile_name): s/error/info/
+
+ * passphrase.c (passphrase_to_dek): Return an empty passphrase when
+ in batch mode and don't make the warning message fatal
+ * seckey-cert.c (check_secret_key): Try only once when in batch mode.
+
+ * g10.c (make_username): New.
+
+Thu Jul 8 16:21:27 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+
+ * packet.h (PKT_ring_trust): New
+ * parse-packet.c (parse_trust): Store trust value
+ * build-packet (build_packet): Ignore ring trust packets.
+ * mainproc.c (add_ring_trust): New.
+ (list_node): Print "rtv" records.
+ * g10.c: New option --with-fingerprint.
+
+ * trustdb.c (verify_own_keys): Don't insert if we are dry running
+ (check_trust): Ditto.
+
+Wed Jul 7 13:08:40 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * Makefile.am: Support for libtool.
+
+ * keygen.c (ask_expire_interval): Hack to allow for an expire date.
+
+ * trustdb.c (do_update_trust_record,update_trust_record): Splitted.
+ (check_trust_record): New.
+ (check_trust,build_cert_tree): Check the dir record as needed.
+ (upd_pref_record): Removed.
+ (make_pref_record): New.
+ (propagate_validity): Stop as soon as we have enough validity.
+
+ * tbdio.c (MAX_CACHE_ENTRIES_HARD): Increased the limit.
+
+
+Fri Jul 2 11:45:54 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * g10.c (g10_exit): Dump random stats.
+
+ * sig-check.c (check_key_signature,check_key_signature2): Enhanced
+ version and wrapper for old function.
+ (do_signature_check,signature_check): Ditto.
+
+Thu Jul 1 12:47:31 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+
+ * keyedit.c (show_key_with_all_names): Print a notice for disabled keys.
+ (enable_disable_keys): Add functionality
+ * pkclist.c (edit_ownertrust): preserve disabled state.
+ (build_pk_list): Skip disabled keys.
+ * trustdb.c (upd_one_ownertrust): Ditto.
+ (build_cert_tree): Mask the ownertrust.
+ (trust_letter): Mask the value.
+ (do_check): Take disabled flag into account.
+
+ * passphrase.c (passphrase_to_dek): Add a pubkey_algo arg and changed
+ all callers.
+
+ * g10.c (utf8_strings): 2 new options.
+
+ * trustdb.c (insert_trust_record_by_pk): New, replaces the next one.
+ (insert_trust_record): Now takes a keyblock as arg. Changed all
+ callers to use the appropritae function.
+
+ * openfile.c (ask_outfile_name): New.
+ * plaintext.c (handle_plaintext): Ask for filename if there is
+ no valid syntax. Don't use fname varbatim but filter it.
+
+Tue Jun 29 21:44:25 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+
+ * trustdb.h (TRUST_FLAG_DISABLED): New.
+
+ * status.c (USE_CAPABILITIES): Capabilities support (Remi).
+
+ * tdbio.c : Added new fields to the DIR record.
+ (tdbio_write_record): Fixed the update of the hash tables.
+ (tdbio_delete_record): Drop the record from the hash tables.
+ (drop_from_hashtbl): New.
+
+ * status.c (cpr_get): Special online help mode.
+ * helptext.c ("keyedit.cmd"): Removed.
+ * keyedit.c (keyedit_menu): Use only help system.
+ (enable_disable_key): New bit doies not yet work.
+
+Sat Jun 26 12:15:59 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+
+ * dearmor.c (enarmor_file): Fixed comment string.
+ * tdbdump.c (export_ownertrust): Text fix.
+ * tbio.c (tdbio_invalid): Ditto.
+
+ * parse-packet.c (parse_key): Made temp buffer larger.
+
+ * Makefile.am (install-data-local): Add missing backslashes
+
+Tue Jun 15 12:21:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * g10.c (main): Made iterated+salted the default S2K method.
+
+ * Makefile.am (install-data-local): Use DESTDIR.
+
+ * passphrase.c (passphrase_to_dek): Emit missing-passphrase while in
+ batchmode.
+
+ * parse-packet.c (parse_pubkeyenc): Fixed a SEGV.
+
+Mon Jun 14 21:18:54 CEST 1999 Michael Roth <mroth@nessie.de>
+
+ * g10.c: New options --openpgp, --no-tty, --emit-version,
+ --default-comment and --lock-multiple
+
+Thu Jun 10 14:18:23 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * free-packet.c (free_encrypted): Fixed EOF case (Remi).
+ (free_plaintext): Ditto.
+
+ * helptext.c (keyedit.delsig.unknown): New (Remi).
+ * keyedit.c (print_and_check_one_sig): Add arg print_without_key and
+ changed all callers to make use of it (Remi):
+
+Tue Jun 8 13:36:25 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * keylist.c (print_key_data): New and called elsewhere.
+ * g10.c: New option --with-key-data
+
+Wed Jun 2 14:17:19 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * mainproc.c (proc_tree): Yet another bad hack to cope with
+ broken pgp2 created detached messages in textmode.
+
+Tue Jun 1 16:01:46 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * openfile.c (make_outfile_name): New.
+ * plaintext.c (handle_plaintext): Outputfile is now the inputfile
+ without the suffix.
+ * g10.c: New option --use-embedded-filename
+
+Mon May 31 19:41:10 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * g10.c (main): Fix for SHM init (Michael).
+
+ * compress.c, encr-data.c, mdfilter.c,
+ plaintext.c, free-packet.c: Speed patches (Rémi).
+
+Thu May 27 09:40:55 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * status.c (cpr_get_answer_yes_no_quit): New.
+ * keyedit.c (menu_delsig): New.
+ (check_all_keysigs): Splitted.
+ (print_and_check_one_sig): New.
+
+Wed May 26 14:36:29 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * build-packet.c (build_sig_subpkt): Support large packets.
+ * parse-packet.c (enum_sig_subpkt): Replaces parse_sig_subpkt.
+ * mainproc.c (print_notation_data): Print all notation packets.
+ * g10.c (add_notation_data): Add a way to specify the critical flag.
+ (main): Add option --set-policy-url.
+ (check_policy_url): Basic checks.
+ * sign.c (mk_notation_and_policy): Replaces mk_notation.
+
+ * parse-packet.c (can_handle_critical): Moved decision whether we can
+ handle critical subpacket to an extra function.
+
+Tue May 25 19:50:32 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * sign.c (sign_file): Always use compression algo 1 for signed
+ onyl file becuase we can´ be sure the the verifier supports other
+ algorithms.
+
+ * build-packet.c (build_sig_subpkt): Support for notation data.
+ * sign.c (sign_file,clearsign_file,make_keysig_packet): Ditto.
+ (mk_notation): New.
+ * g10.c (add_notation_data): New and add option -N
+ * mainproc.c (print_notation_data): New.
+ (check_sig_and_print): Print any notation data of the signed text.
+
+Sun May 23 14:20:22 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * pkclist.c (check_signatures_trust): Print a warning and return
+ immediateley if opt.always_trust is true.
+
+ * g10.c (main): Corrected handling of no-default-keyring
+
+ * pkclist.c (algo_available): Disable Twofish until we have settled
+ how to do the MDC.
+
+ * hkp.c: Disable everything for mingw32
+
+Sat May 22 22:47:26 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * mainproc.c (check_sig_and_print): Add sig creation time to the
+ VALIDSIG status output. Add more info to the ERRSIG output.
+ * sig-check.c (signature_check): Add sig time after epoch to SIG_ID.
+
+ * import.c (import_one): Merge duplicate user IDs.
+ (collapse_uids): New.
+ * kbnode.c (move_kbnode): New.
+ (remove_kbnode): New.
+ * keyedit.c (keyedit_menu): Call collapse_uids.
+
+ * g10.c: new option --logger-fd.
+
+ * import.c: s/log_*_f/log_*/
+
+Thu May 20 14:04:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * misc.c (pull_in_libs): do the volatile only for gcc
+
+ * sig-check (signature_check): Emit SIG_iD only for classes 0 and 1.
+
+ * armor.c (armor_filter): Add detection of PGP2 created clearsigs.
+ (fake_packet): A tab is not a WS for pgp2 - handle this.
+ * textfilter.c (len_without_trailing_chars): New.
+ (copy_clearsig_text): Add pgp2mode arg.
+ * sign.c (clearsign_file): pass old_style to the above fnc.
+
+
+Wed May 19 16:04:30 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * g10.c: New option --interactive.
+
+ * mainproc.c (proc_plaintext): Add workaround for pgp2 bug
+ (do_check_sig): Ditto.
+ (proc_tree): Ditto.
+ * plaintext.c (do_hash): Ditto.
+ (hash_datafiles): Ditto, add an arg, changed all callers.
+ * mdfilter.c (md_filter): Add support for the alternate hash context.
+
+Mon May 17 21:54:43 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * parse-packet.c (parse_encrypted): Support for PKT_ENCRYPTED_MDC.
+ * build-packet.c (do_encrypted_mdc): Ditto.
+ * cipher.c (write_header): Add mdc hashing.
+ (cipher_filter): write out the hash.
+ * mainproc.c (do_proc_packets): Add PKT_ENCRYPTED_MDC.
+ * encr-data.c (decrypt_data): Add mdc hashing.
+ (mdc_decode_filter): New.
+
+ * parse-packet.c (parse_sig_subpkt): Fixed stupid bug for subpkt
+ length calculation
+ (parse_signature): Fixed even more stupid bug.
+
+Sat May 8 19:28:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * build-packet.c (do_signature): Removed MDC hack.
+ * encode.c (encode_crypt_mdc): Removed.
+ * mainproc.c (do_check_sig): Removed MDC hack.
+ (check_sig_and_print): Ditto.
+ * parse-packet.c (parse_signature): Ditto.
+ * sig-check.c (mdc_kludge_check): Ditto.
+ * free-packte.c (copy_signature, free_seckey_enc): Ditto.
+
+ * parse-packet.c (parse_signature,parse_key): Store data of
+ unknown algorithms with mpi_set_opaque inseatd of the old
+ faked data stuff.
+ (read_rest): Removed.
+ (read_rest2): Renamed to read_rest
+ * build-packet.c (write_fake_data): Use mpi_get_opaque.
+ * free-packet.c (cp_fake_data): Removed and cahnged all callers
+ to use mpi_copy.
+ (free_pubkey_enc,free_seckey_enc,release_public_key_parts,
+ release_secret_key_parts): Use mpi_free for opaque data.
+
+Thu May 6 14:18:17 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * trustdb.c (check_trust): Check for revoked subkeys.
+ * pkclist.c (do_we_trust): Handled revoked subkeys.
+ (do_we_trust_pre): Ditto.
+ (check_signatures_trust): Ditto.
+
+ * build-packet.c (hash_public_key): Fix for ancient g10 keys.
+
+ * mainproc.c (do_proc_packets): Return EOF if no data has been read.
+ * g10.c (main): Catch errors for default operation.
+
+Thu Apr 29 12:29:22 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * sign.c (sign_file): Fixed hashing in case of no subpackets.
+ (clearsign_file): Ditto.
+ (make_keysig_packet): Ditto.
+
+Wed Apr 28 13:03:03 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * keyedit.c (keyedit_menu): Add new command revkey.
+ * (menu_revkey): New.
+
+
+Mon Apr 26 17:48:15 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * parse-packet.c (parse_signature): Add the MDC hack.
+ * build-packet.c (do_signature): Ditto.
+ * free-packet.c (free_seckey_enc,copy_signature,cmp_signatures): Ditto.
+ * mainproc.c (do_check_sig): Ditto.
+ * sig-check.c (mdc_kludge_check): New.
+ * encode.c (encrypt_mdc_file): New.
+
+ * keyedit.c (check_all_keysigs): List revocations.
+ * (menu_revsig): New.
+ * sign (make_keysig_packet): Support for class 0x30.
+
+Sun Apr 18 20:48:15 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * pkclist.c (select_algo_from_prefs): Fixed the case that one key
+ has no preferences (Remi Guyomarch).
+
+ keylist.c (list_keyblock): ulti_hack to propagate trust to all uids.
+
+Sun Apr 18 10:11:28 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * seckey-cert.c (do_check): Use real IV instead of a 0 one, so that
+ it works even if the length of the IV doesn't match the blocksize.
+ Removed the save_iv stuff.
+ (protect_secret_key): Likewise. Create the IV here.
+ * packet.h (PKT_secret_key): Increased size of IV field and add a
+ ivlen field.
+ * parse-packet.c (parse_key): Use the len protect.ivlen.
+ * build-packet.c (do_secret_key). Ditto.
+
+ * getkey.c (key_byname): Close keyblocks.
+
+ * Makefile.am (gpgm): Removed this
+ * g10.c: Merged gpg and gpgm
+
+ * import.c (import): Utilize option quiet.
+ * tdbio.c (tdbio_set_dbname): Ditto.
+ * ringedit.c (add_keyblock_resource,keyring_copy): Ditto.
+
+ * keyedit.c (sign_uids): Add some batch support.
+
+ * g10.c (main): add call to tty_batchmode.
+
+Fri Apr 9 12:26:25 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * status.c (write_status_text): Some more status codes.
+ * passphrase_to_dek (passphrase_to_dek): add a status code.
+ * seckey_cert.c (check_secret_key): Likewise.
+
+ * encr-data.c (decrypt_data): Reverse the last changes
+ * cipher.c (write_header): Ditto.
+
+ * parse-packet.c (parse_key): Dropped kludge for ancient blowfish mode.
+
+Thu Apr 8 09:35:53 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * mainproc.c (proc_encrypted): Add a new status output
+ * passphrase.c (passphrase_to_dek): Ditto.
+ * status.h status.c: Add new status tokens.
+
+Wed Apr 7 20:51:39 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * encr-data.c (decrypt_data): Fixes for 128 bit blocksize
+ * cipher.c (write_header): Ditto.
+ * seckey-cert.c (do_check): Ditto.
+ (protect_secret_key). Ditto.
+ * misc.c (print_cipher_algo_note): Twofish is now a standard algo.
+
+ * keygen.c (do_create): Fixed spelling (Gaël Quéri)
+ (ask_keysize): Only allow keysizes up to 4096
+
+ * ringedit.c (add_keyblock_resource): chmod newly created secrings.
+
+ * import.c (delete_inv_parts): Fixed accidently deleted subkeys.
+
+Tue Apr 6 19:58:12 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * armor.c: Removed duped include (John Bley)
+ * mainproc.c: Ditto.
+
+ * build-packet.c (hash_public_key): Fixed hashing of the header.
+
+ * import.c (delete_inv_parts): Allow import of own non-exportable sigs.
+
+Sat Mar 20 13:59:47 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * armor.c (fake_packet): Fix for not not-dash-escaped
+
+Sat Mar 20 11:44:21 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * g10.c (main): Added command --recv-keys
+ * hkp.c (hkp_import): New.
+
+Wed Mar 17 13:09:03 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * trustdb.c (check_trust): add new arg add_fnc and changed all callers.
+ (do_check): Ditto.
+ (verify_key): Ditto.
+ (propagate_validity): Use the new add_fnc arg.
+ (print_user_id): Add the FILE arg.
+ (propagate_ownertrust): New.
+ * pkclist.c (add_ownertrust_cb): New and changed the add_ownertrust
+ logic.
+
+ * getkey.c (get_keyblock_bylid): New.
+ * trustdb.c (print_uid_from_keyblock): New.
+ (dump_tn_tree_with_colons): New.
+ (list_trust_path): Add colon print mode.
+
+ * trustdb.c (insert_trust_record): Always use the primary key.
+
+ * encode.c (encode_simple): Added text_mode filter (Rémi Guyomarch)
+ (encode_crypt): Ditto.
+
+ * mainproc.c (proc_pubkey_enc): Added status ENC_TO.
+ * armor.c (armor_filter): Added status NODATA.
+ * passphrase.c (passphrase_to_dek): Always print NEED_PASSPHRASE
+ * seckey_cert.c (check_secret_key): Added BAD_PASS status.
+
+ * g10.c (main): Set g10_opt_homedir.
+
+Sun Mar 14 19:34:36 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * keygen.c (do_create): Changed wording of the note (Hugh Daniel)
+
+Thu Mar 11 16:39:46 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * tdbdump.c: New
+
+ * trustdb.c (walk_sigrecs,do_list_sigs,list_sigs,
+ list_records,list_trustdb,export_ownertrust,import_ownertrust): Moved
+ to tdbdump.c
+ (init_trustdb): renamed to setup_trustdb. Changed all callers.
+ (do_init_trustdb): renamed to init_trustdb().
+ * trustdb.c (die_invalid_db): replaced by tdbio_invalid.
+ * tdbio.c (tdbio_invalid): New.
+
+ * import.c (delete_inv_parts): Skip non exportable signatures.
+ * keyedit.c (sign_uid_mk_attrib): New.
+ (sign_uids): Add the local argument.
+ (keyedit_menu): New "lsign" command.
+ * trustdb.c (register_trusted_key): Removed this and all related stuff.
+ * g10.c (oTrustedKey): Removed option.
+
+ * tdbio.h (dir.valcheck): New trustdb field.
+ * tdbio.c: Add support for this field
+ (tdbio_read_modify_stamp): New.
+ (tdbio_write_modify_stamp): New.
+ * trustdb.c (do_check): Check against this field. Removed cache update.
+ (verify_key): Add cache update.
+ (upd_uid_record): Some functional changes.
+ (upd_cert_record): Ditto
+
+Wed Mar 10 11:26:18 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * keylist.c (list_keyblock): Fixed segv in uid. Print 'u' as
+ validity of sks.
+
+Mon Mar 8 20:47:17 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * getkey.c (classify_user_id): Add new mode 12 (#<lid>).
+
+ * seckey-cert.c (check_secret_key): replaced error by info.
+
+ * trustdb.c (query_trust_info): Add another arg, changed all callers.
+ (check_trust): Ditto.
+ (do_check): Ditto.
+ (verify_key): Handle namehash.
+ * keylist.c (list_keyblock): print trust info for user ids.
+
+ * sig-check.c (signature_check): Add sig-created to status output.
+
+Tue Mar 2 16:44:57 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * textfilter.c (copy_clearsig_text): New.
+ (clearsign): Removed.
+ * sign.c (clearsign_file): does not use textfiler anymore.
+
+ * keygen.c (ask_user_id): print a note about the used charset.
+
+Tue Mar 2 10:38:42 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * sig-check.c (signature_check): sig-id now works for all algos.
+
+ * armor.c (armor_filter): Fixed armor bypassing.
+
+Sun Feb 28 19:11:00 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * keygen.c (ask_user_id): Don't change the case of email addresses.
+ (has_invalid_email_chars): Adjusted.
+
+ * keylist.c (list_one): Really list serect keys (Remi Guyomarch)
+
+ * keyedit.c (menu_select_uid): Add some braces to make egcs happy.
+ (menu_select_key): Ditto.
+
+ * mainproc.c (do_proc_packets): List sym-enc packets (Remi Guyomarch)
+
+Fri Feb 26 17:55:41 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * pkclist.c (build_pk_list): Return error if there are no recipients.
+
+ * sig-check.c (signature_check): New signature id feature.
+ * armor.c (make_radic64_string): New.
+
+ * mainproc.c (proc_pubkey_enc): early check for seckey availability.
+
+ * pkclist.c (do_we_trust_pre): print user id before asking.
+
+ * ringedit.c (add_keyblock_resource,get_keyblock_handle): Cleaner
+ handling of default resource.
+
+
+Thu Feb 25 18:47:39 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * pkclist.c (algo_available): New.
+ (select_algo_from_prefs): Check whether algo is available.
+
+ * ringedit.c (keyring_copy): Take care of opt.dry_run.
+ (do_gdbm_store): Ditto.
+ * openfile.c (open_outfile). Ditto.
+ (copy_options_file): Ditto.
+ * trustdb.c (update_trustdb): Ditto.
+ (clear_trust_checked_flag): Ditto.
+ (update_trust_record): Ditto.
+ (insert_trust_record): Ditto.
+
+Wed Feb 24 11:07:27 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * keylist.c (secret_key_list): Now really list the secret key.
+
+ * trustdb.c (do_init_trustdb): New. Init is now deferred.
+
+Mon Feb 22 20:04:00 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * getkey.c (lookup_sk): Return G10ERR_NO_SECKEY and not x_PUBKEY.
+
+Fri Feb 19 15:49:15 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * pkclist.c (select_algo_from_prefs): retrieve LID if not there.
+
+ * armor.c (fake_packet): Replaced ugly lineending handling.
+
+ * g10.c (oNoEncryptTo): New.
+ * pkclist.c (build_pk_list): Implemented this option.
+
+ * g10.c (main): Greeting is now printed to stderr and not to tty.
+ Use add_to_strlist() instead of direct coding.
+
+ * import.c (import): Use iobuf_push_filter2.
+
+ * mainproc.c (check_sig_and_print): Print all user ids
+ for good signatures.
+ * getkey.c (get_pubkeyblock): New.
+
+ * import.c (chk_self_sigs): Fixed SEGV for unbounded class 0x18 keys.
+ (delete_inv_parts): Delete special marked packets.
+
+Tue Feb 16 14:10:02 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * g10.c (main): New option --encrypt-to
+
+ * pkclist.c (build_pk_list): Implemented encrypt-to.
+
+ * parse-packet.c (parse_user_id): Removed the hack to work with
+ utf-8 strings.
+
+ * g10.c (main): Install lockfile cleanup handler.
+ * tdbio.c (cleanup): Removed: this is now handled by dotlock.
+
+Sat Feb 13 14:13:04 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * tdbio.c (tdbio_set_dbname): Init lockhandle for a new trustdb
+
+Wed Feb 10 17:15:39 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * g10.c (main): check for development version now in configure
+
+ * tdbio.c (tdbio_write_record): Add uid.validity
+ (tdbio_read_record) : Ditto.
+ (tdbio_dump_record) : Ditto.
+
+ * keygen.c (keygen_add_std_prefs): Replaced Blowfish by Twofish,
+ removed MD5 and Tiger.
+ * pubkey-enc.c (get_it): Suppress warning about missing Blowfish
+ in preferences in certain cases.
+
+ * ringedit.c (lock_rentry,unlock_rentry): New.
+
+ * getkey.c (key_byname): Pass ret_kb down to lookup_xx.
+
+ * armor.c (armor_filter): No output of of empty comment lines.
+ Add option --no-version to suppress the output of the version string.
+
+ * getkey.c: Release the getkey context for auto context variables.
+
+Sun Jan 24 18:16:26 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * getkey.c: Changed the internal design to allow simultaneous
+ lookup of multible user ids
+ (get_pubkey_bynames): New.
+ (get_seckey_bynames): New.
+ (get_seckey_next): New.
+ (get_seckey_end): New.
+ * keylist.c (list_one): Use the new functions.
+
+ * keylist.c (list_keyblock): add a newline for normal listings.
+
+ * g10.c (--recipient): New option name to replace --remote-user
+
+
+Wed Jan 20 18:59:49 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * textfilter.c: Mostly rewritten
+ * plaintext.c (handle_plaintext): Use now text_filter semantics.
+
+Tue Jan 19 19:34:58 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * export.c (export_pubkeys_stream): New.
+ (do_export_stream): New.
+ * g10.c (aSendKeys): New command.
+ * hkp.c (hkp_export): New.
+
+ * compress.c (do_uncompress): Hack for algo 1 and 1.1.3
+
+Sun Jan 17 11:04:33 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * textfilter.c (text_filter): Now uses iobuf_read_line().
+ (read_line): Removed.
+
+ * armor.c (trim_trailing_spaces): Removed and replaced
+ by trim_trailing_ws from libutil
+
+Sat Jan 16 12:03:27 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * hkp.c (hkp_ask_import): Use only the short keyid
+
+Sat Jan 16 09:27:30 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * import.c (import_key_stream): New
+ (import): New, moved most of import_keys here.
+ * g10.c: New option --keyserver
+ * mainproc.c (check_sig_and_print): Hook to import a pubkey.
+
+ * pref.c pref.h : Removed
+
+ * hkp.c hkp.h: New
+
+Wed Jan 13 14:10:15 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * armor.c (radix64_read): Print an error if a bad armor was detected.
+
+Wed Jan 13 12:49:36 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * armor.c (radix64_read): Now handles malformed armors produced
+ by some buggy MUAs.
+
+Tue Jan 12 11:17:18 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * ringedit.c (find_keyblock_bysk): New.
+
+ * skc_list.c (is_insecure): New.
+ (build_sk_list): usage check for insecure keys.
+
+ * import.c (chk_self_sigs): Add handling for subkeys.
+ (delete_inv_parts): Skip unsigned subkeys
+
+ * sig-check.c (do_check): Print info if the signature is older
+ than the key.
+ * keygen.c (generate_subkeypair): Fail on time warp.
+ * sign.c (do_sign): Ditto.
+
+Sun Jan 10 15:10:02 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * armor.c (fake_packet): Fixed not-dash-escaped bug.
+
+Sat Jan 9 16:02:23 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * sig-check.c (do_check): Output time diff on error
+
+ * status.c (STATUS_VALIDSIG): New.
+ (is_status_enabled): New.
+ * mainproc.c (check_sig_and_print): Issue that status message.
+
+ * plaintext.c (special_md_putc): Removed
+
+ * armor.c (armor_filter): print error for truncated lines.
+
+ * free-packet.c (free_encrypted): Revomed call to set_block_mode.
+ (free_plaintext): Ditto.
+
+Thu Jan 7 18:00:58 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * pkclist.c (add_ownertrust): Fixed return value.
+
+ * encr-data.c (decrypt_data): Disabled iobuf_set_limit and
+ iobuf_pop_filter stuff.
+ * compress.c (handle_compressed): Disabled iobuf_pop_filter.
+
+ * packet.h (PKT_secret_key): Add is_primary flag.
+ * parse-packet.c (parse_key): Set this flag.
+ * passphrase.c (passphrase_to_dek): Kludge to print the primary
+ keyid - changed the API: keyid must now hold 2 keyids.
+ * getkey.c (get_primary_seckey): New.
+ * seckey-cert.c (do_check): pass primary keyid to passphrase query
+
+ * tbdio.c (open_db): removed the atexit
+ (tdbio_set_dbname): and moved it to here.
+
+ * armor.c: Rewrote large parts.
+
+Tue Dec 29 19:55:38 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * revoke.c (gen_revoke): Removed compression.
+
+ * pkclist.c (do_we_trust_pre): special check for revoked keys
+
+ * trustdb.c (update_trust_record): Fixed revoke flag.
+
+Tue Dec 29 14:41:47 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * misc.c (disable_core_dumps): Check for EINVAL (Atari)
+
+ * getkey (merge_one_pk_and_selfsig): Fixed search of expiredate.
+ (merge_keys_and_selfsig): Ditto.
+
+ * free-packet.c (cmp_public_keys): cmp expire only for v3 packets
+ (cmp_secret_keys): Ditto.
+ (cmp_public_secret_key): Ditto.
+
+Wed Dec 23 17:12:24 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * armor.c (find_header): Reset not_dashed at every header
+
+Wed Dec 23 13:18:14 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * pkclist.c (add_ownertrust): Refresh validity values.
+
+ * trustdb.c (enum_cert_paths_print): New arg refresh.
+
+ * ringedit.c: Fixed problems fix keyrings
+ * parse-packet.c (dbg_parse_packet): New debug functions.
+
+ * getkey.c (getkey_disable_caches): New.
+ * import.c (import_keys): Disable caches.
+
+Thu Dec 17 18:31:15 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * misc.c (trap_unaligned): Only for glibc 1
+
+ * sign.c (write_dash_escaped): Now escapes "From " lines
+ * g10.c: New option --escape-from-lines
+
+ * trustdb.c (sort_tsl_list): New
+ (list_trust_path): Now prints sorted list.
+ (enum_cert_paths): Likewise.
+ (enum_cert_paths_print): New.
+ (print_paths): New printing format.
+ * pkclist.c (add_ownertrust): New arg quit.
+ (edit_ownertrust): New quit selection and does not query
+ the recipients ownertrust anymore.
+ (add_ownertrust): Print the ceritficate path.
+
+
+Mon Dec 14 21:18:49 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * parse-packet.c (parse_signature): Now checks for critical bit
+ (parse_sig_subpkt): Splitted.
+ (parse_one_sig_subpkt): New.
+ * sig-check.c (do_check): handle critical bit.
+
+Sun Dec 13 14:10:56 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * pcklist.c (select_algo_from_prefs): Preferences should
+ now work (lost the != ? )
+
+Thu Dec 10 20:15:36 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * ringedit.c (gdbm_store): Fix for inserts
+
+ * g10.c (main): New option --export-all
+ * export.c (export_pubkeys): New arg.
+ (do_export): Now may skip old keys.
+
+ * status.c: Minor patches for Sun's cc
+
+ * keygen.c (ask_algo): Disabled v3 ElGamal choice, rearranged
+ the numbers. Add a warning question when a sign+encrypt key
+ is selected.
+
+ * g10.c (do_not_use_RSA): Removed.
+ * misc.c (print_pubkey_algo_note): New as replacement for the
+ do_not_use_RSA() and chnaged all callers.
+ (print_cipher_algo_note): New.
+ (print_hash_algo_note): New.
+
+ * cipher.c (write_header): Add a call to print_cipher_algo_note.
+ * seckey-cert.c (protect_secret_key): Ditto
+ * sign.c (do_sign): Add a call to print_digest_algo_note.
+
+ * getkey.c (get_long_user_id_string): New.
+ * mainproc.c (check_sig_and_print): Changed the format of the
+ status output.
+
+ * encrypt.c (write_pubkey_enc_from_list): print used symmetric cipher.
+
+ * pkclist.c (do_we_trust): Changed a message.
+
+Wed Dec 9 13:41:06 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * misc.c (trap_unaligned) [ALPHA]: Only if UAC_SIGBUS is defined.
+
+ * sign.c (write_dash_escaped): Add the forgotten patch by Brian Moore.
+
+ * compress.c (do_uncompress): Fixed the inflating bug.
+
+
+Tue Dec 8 13:15:16 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * trustdb.c (upd_uid_record): Now uses the newest self-signature
+ (insert_trust_record): Now calls update with recheck set to true.
+ (register_trusted_key): New.
+ (verify_own_keys): Enhanced by list of trusted keys.
+
+ * g10.c (main): Print a warning when a devel version is used.
+ (main): New option --trusted-key
+
+ * import.c (merge_blocks): Fixed merging of new user ids and
+ added merging of subkeys.
+ (append_uid): Ditto.
+ (merge_keysig): New.
+ (append_key): New.
+ * getkey.c (merge_one_pk_and_selfsig): Get the expiration time
+ from the newest self-signature.
+ (merge_keys_and_selfsig): Ditto.
+
+ * free-packet.c (cmp_secret_key): New.
+
+
+Fri Nov 27 21:37:41 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * g10.c: New option --lock-once
+ * tdbio.c (open_db): Add an atexit
+ (cleanup): New.
+ (tdbio_sync): Add locking.
+ (tdbio_end_transaction): Ditto.
+ (put_record_into_cache): Ditto.
+ * ringedit.c (keyring_copy): Ditto.
+ (cleanup): New.
+ (add_keyblock_resource): Add an atexit.
+
+Fri Nov 27 15:30:24 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * armor.c (find_header): Another fix for clearsigs.
+
+Fri Nov 27 12:39:29 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+
+ * status.c (display_help): Removed.
+ * helptext.c: New and removed the N_() from all cpr_gets.
+
+
+Fri Nov 20 16:54:52 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (main): New option --not-dash-escaped
+ * sign.c (write_dashed_escaped): Ditto.
+ * armor.c (find_header): Support for NotDashEscaped header.
+
+ * getkey.c: print "disabled cache.." only if verbose is used.
+
+Thu Nov 19 07:17:31 1998 Werner Koch <werner.koch@guug.de>
+
+ * parse-packet.c (dump_sig_subpkt): Fixed expire listing
+ * getkey.c (merge_keys_and_selfsig): Fixed expire calculation.
+ (merge_one_pk_and_selfsig): Ditto.
+ * keyedit.c (menu_expire). Ditto.
+ * keygen.c (keygen_add_key_expire): Ditto.
+ (ask_expire_interval): New and changed all local function to use
+ this instead.
+ (keygen_add_key_expire): Opaque should now be a public key;
+ changed all callers.
+
+ * parse.packet.c (parse): use skip_rest to skip packets.
+
+ * keyedit.c (keyedit_menu): New arg for cmdline cmds.
+
+Wed Nov 18 20:33:50 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * trustdb.c (check_trustdb): Now rechecks all gived userids.
+ (collect_paths): Some fixes.
+ (upd_pref_records): Skips empty items, evaluate all items.
+
+ * parse-packet.c (dump_sig_subpkt): Better listing of prefs.
+ (skip_packet): Now knows about marker packet
+
+ * g10.c: removed cmd "--edit-sig".
+
+ * pubring.asc: Updated.
+
+Sat Nov 14 14:01:29 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (main): Changed syntax of --list-trust-path
+ * trustdb.c (list_trust_path): Replaced max_depth by
+ opt.max_cert_depth
+
+Fri Nov 13 07:39:58 1998 Werner Koch <werner.koch@guug.de>
+
+ * trustdb.c (collect_paths): Removed a warning message.
+ (enum_trust_web): Removed.
+ (enum_cert_paths): New.
+ * pkclist.c (add_ownertrust): Changed to use enum_cert_paths.
+ (edit_ownertrust): Now list ceritficates on request.
+ (show_paths): New.
+
+Wed Nov 11 18:05:44 1998 Werner Koch <werner.koch@guug.de>
+
+ * g10.c (main): New option --max-cert-depth
+ * tdbio.h: add new fields to ver and dir record.
+ * tdbio.c: read/write/dump of these fields.
+ (tdbio_db_matches_options): New.
+ * trustdb.c: replaced MAC_CERT_DEPTH by opt.max_cert_depth.
+ (do_check): cache validity and changed other functions
+ to reset the cached value.
+
+ * keylist.c (list_one): Now lists the ownertrust.
+ * mainproc.c (list_node): Ditto.
+
+Tue Nov 10 10:08:59 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (g10_exit): Now looks at the new g10_errors_seen.
+ * mainproc.c (check_sig_and_print): Sets g10_errors_seen.
+
+ * *.c : i18n many more strings.
+
+ * ringedit.c (locate_keyblock_by_keyid): Add HAVE_LIBGDBM
+ (locate_keyblock_by_fpr): Ditto.
+
+ * g10.c (main): removed unsused "int errors".
+ (main): Add new option --charset.
+
+ * g10.c (main): special message for the unix newbie.
+
+Mon Nov 9 07:17:42 1998 Werner Koch <werner.koch@guug.de>
+
+ * getkey.c (finish_lookup): Kludge to prefere algo 16.
+
+ * trustdb.c (new_lid_table): Clear cached item.
+
+ * status.c (cpr_get_utf8): New.
+ * pkclist.c (build_pk_list): Uses this.
+
+Sun Nov 8 17:20:39 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * mainproc.c (check_sig_and_print): Why did I use strlen()-1
+ in the printf? - This truncated the TZ.
+
+Sat Nov 7 15:57:28 1998 me,,, (wk@tobold)
+
+ * getkey.c (lookup): Changes to support a read_next.
+ (get_pubkey): Fixed a memory leak.
+
+ * keylist.c (list_one): Now lists all matching user IDs.
+
+Tue Nov 3 16:19:21 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * keygen.c (ask_user_id): Now converted to UTF-8
+
+ * g10.c (main): Kludge for pgp clearsigs and textmode.
+
+Fri Oct 30 16:40:39 1998 me,,, (wk@tobold)
+
+ * signal.c (block_all_signals): New.
+ (unblock_all_signals): New
+ * tdbio.c (tdbio_end_transaction): Now blocks all signals.
+
+ * trustdb.c (new_lid_table): Changed the representation of the
+ former local_lid_info stuff.
+
+ * trustdb.c (update_trust_record): Reorganized the whole thing.
+ * sig-check.c (check_key_signature): Now handles class 0x28
+
+
+Wed Oct 28 18:56:33 1998 me,,, (wk@tobold)
+
+ * export.c (do_export): Takes care of the exportable sig flag.
+
+Tue Oct 27 14:53:04 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * trustdb.c (update_trust_record): New "fast" parameter.
+
+Sun Oct 25 19:32:05 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * openfile.c (copy_options_File): New.
+ * ringedit.c (add_keyblock_resource): Creates options file
+ * tdbio.c (tdbio_set_dbname): Ditto.
+
+Sat Oct 24 14:10:53 1998 brian moore <bem@cmc.net>
+
+ * mainproc.c (proc_pubkey_enc): Don't release the DEK
+ (do_proc_packets): Ditto.
+
+Fri Oct 23 06:49:38 1998 me,,, (wk@tobold)
+
+ * keyedit.c (keyedit_menu): Comments are now allowed
+
+ * trustdb.c: Rewrote large parts.
+
+
+Thu Oct 22 15:56:45 1998 Michael Roth (mroth@nessie.de)
+
+ * encode.c: (encode_simple): Only the plain filename without
+ a given directory is stored in generated packets.
+ (encode_crypt): Ditto.
+
+ * sign.c: (sign_file) Ditto.
+
+
+Thu Oct 22 10:53:41 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * trustdb.c (update_trust_record): Add new optional arg.
+
+ * import.c (import_keys): Add statistics output
+ * trustdb.c (update_trustdb): Ditto.
+ (insert_trustdb): Ditto.
+
+ * tdbio.c (tdbio_begin_transaction): New.
+ (tdbio_end_transaction): New.
+ (tdbio_cancel_transaction): New.
+
+ * g10.c (main): New option --quit.
+
+ * trustdb.c (check_hint_sig): No tests for user-id w/o sig.
+ This caused an assert while checking the sigs.
+
+ * trustdb.c (upd_sig_record): Splitted into several functions.
+
+ * import.c (import_keys): New arg "fast".
+ * g10.c (main): New command --fast-import.
+
+Wed Oct 21 18:19:36 1998 Michael Roth <mroth@nessie.de>
+
+ * ringedit.c (add_keyblock_resource): Directory is now created.
+ * tdbio.c (tdbio_set_dbname): New info message.
+
+Wed Oct 21 11:52:04 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * trustdb.c (update_trustdb): released keyblock in loop.
+
+ * keylist.c (list_block): New.
+ (list_all): Changed to use list_block.
+
+ * trustdb.c: Completed support for GDBM
+
+ * sign.c (only_old_style): Changed the way force_v3 is handled
+ (sign_file): Ditto.
+ (clearsign_file): Ditto.
+
+ * keygen.c (has_invalid_email_chars): Splitted into mailbox and
+ host part.
+
+ * keylist.c (list_one): Add a merge_keys_and_selfsig.
+ * mainproc.c (proc_tree): Ditto.
+
+Sun Oct 18 11:49:03 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * sign.c (only_old_style): Add option force_v3_sigs
+ (sign_file): Fixed a bug in sig->version
+ (clearsign_file): Ditto.
+
+ * parse-packet.c (dump_sig_subpkt): New
+
+ * keyedit.c (menu_expire): New.
+ * free-packet.c (cmp_signatures): New
+
+
+Sat Oct 17 10:22:39 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * armor.c: changed output line length from 72 to 64.
+
+ * keyedit.c (fix_keyblock): New.
+
+Fri Oct 16 10:24:47 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * trustdb.c: Rewrote most.
+ * tdbio.c: Add cache and generalized hash tables.
+
+ * options.h (ENABLE_COMMENT_PACKETS): New but undef'ed.
+ * encode.c, sign.c, keygen.c: Disabled comment packets.
+ * export.c (do_export): Comment packets are never exported,
+ except for those in the secret keyring.
+
+ * g10.c (main): Removed option do-no-export-rsa; should be
+ be replaced by a secpial tool.
+ * export.c (do_export): Removed the code for the above option.
+
+ * armor.c (find_header): Support for new only_keyblocks.
+ * import.c (import_keys): Only looks for keyblock armors.
+
+ * packet.h: replaced valid_days by expiredate and changed all users.
+ * build-packet.c (do_public_key): calculates valid-days
+ (do_secret_key): Ditto.
+ * parse-packet.c (parse_key): expiredate is calucated from the
+ valid_period in v3 packets.
+ * keyid.c (do_fingerprint_md): calculates valid_dates.
+
+ * keygen.c (add_key_expire): fixed key expiration time for v4 packets.
+
+ * armor.c (find_header): A LF in the first 28 bytes
+ was skipped for non-armored data.
+
+Thu Oct 8 11:35:51 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * armor.c (is_armored): Add test on old comment packets.
+
+ * tdbio.c (tdbio_search_dir_bypk): fixed memory leak.
+
+ * getkey.c: Changed the caching algorithms.
+
+Wed Oct 7 19:33:28 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * kbnodes.c (unused_nodes): New.
+
+Wed Oct 7 11:15:36 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * keyedit.c (sign_uids): Fixed a problem with SK which could caused
+ a save of an unprotected key.
+ (menu_adduid): Ditto.
+
+ * keyedit.c (keyedit_menu): Prefs are now correctly listed for
+ new user ids.
+
+ * trustdb.c (update_trust_record): New.
+ (insert_trust_record): Now makes use of update_trust_record.
+
+Tue Oct 6 16:18:03 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * trustdb.c (read_record): replaces most of the tdbio_read_records.
+ (write_record): Ditto.
+
+Sat Oct 3 11:01:21 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * keygen.c (ask_alogo): enable ElGamal enc-only only for addmode.
+
+Wed Sep 30 10:15:33 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * import.c (import_one): Fixed update of wrong keyblock.
+
+Tue Sep 29 08:32:08 1998 me,,, (wk@tobold)
+
+ * mainproc.c (proc_plaintext): Display note for special filename.
+ * plaintext.c (handle_plaintext): Suppress output of special file.
+
+Mon Sep 28 12:57:12 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (verify_own_keys): Add warning if a key is not protected.
+
+ * passphrase (hash_passphrase): Fixed iterated+salted mode and
+ setup for keysizes > hashsize.
+
+ * g10.c (main): New options: --s2k-{cipher,digest,mode}.
+
+Fri Sep 25 09:34:23 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c: Chnaged some help texts.
+
+Tue Sep 22 19:34:39 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * passphrase.c (read_passphrase_from_fd): fixed bug for long
+ passphrases.
+
+Mon Sep 21 11:28:05 1998 Werner Koch (wk@(none))
+
+ * getkey.c (lookup): Add code to use the sub key if the primary one
+ does not match the usage.
+
+ * armor.c (armor_filter): New error message: no valid data found.
+ (radix64_read): Changes to support multiple messages.
+ (i18n.h): New.
+ * mainproc.c (add_onepass_sig): bug fix.
+
+Mon Sep 21 08:03:16 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * pkclist.c (do_we_trust): Add keyid to most messages.
+
+ * passphrase.c (read_passphrase_from_fd): New.
+ (have_static_passphrase): New
+ (get_passphrase_fd): Removed.
+ (set_passphrase_fd): Removed.
+ * g10.c (main): passphrase is now read here.
+
+ * keyedit.c (keyedit_menu): "help" texts should now translate fine.
+
+Mon Sep 21 06:40:02 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * encode.c (encode_simple): Now disables compression
+ when --rfc1991 is used.
+ (encode_crypt): Ditto.
+
+Fri Sep 18 16:50:32 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * getkey.c (merge_key_and_selfsig): New.
+
+Fri Sep 18 10:20:11 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * pkclist.c (select_algo_from_prefs): Removed 3DES kludge.
+
+ * seskey.c (make_session_key): Fixed SERIOUS bug introduced
+ by adding the weak key detection code.
+
+ * sign.c (sign_file): Changed aremor header in certain cases.
+
+Tue Sep 15 17:52:55 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * mainproc.c (check_sig_and_print): Replaced ascime by asctimestamp.
+
+Mon Sep 14 11:40:52 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * seskey.c (make_session_key): Now detects weak keys.
+
+ * trustdb (clear_trust_checked_flag): New.
+
+ * plaintext.c (handle_plaintext): Does no anymore suppress CR from
+ cleartext signed messages.
+
+Sun Sep 13 12:54:29 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * trustdb.c (insert_trust_record): Fixed a stupid bug in the free
+ liunked list loops.
+
+Sat Sep 12 15:49:16 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * status.c (remove_shmid): New.
+ (init_shm_comprocess): Now sets permission to the real uid.
+
+Wed Sep 9 11:15:03 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * packet.h (PKT_pubkey_enc): New flah throw_keyid, and add logic to
+ implement it.
+ * g10.c (main): New Option --throw-keyid
+
+ * getkey.c (enum_secret_keys): Add new ar and changed all callers.
+
+Tue Sep 8 20:04:09 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * delkey.c (delete_key): Moved from keyedit.c.
+
+Mon Sep 7 16:37:52 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * build-packet.c (calc_length_header): New arg new_ctb to correctly
+ calculate the length of new style packets.
+
+ * armor.c (is_armored): Checks for symkey_enc packets.
+
+ * pkclist.c (select_algo_from_prefs): 3DEs substitute is now CAST5.
+
+Tue Aug 11 17:54:50 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * build-packet.c (do_secret_key): Fixed handling of old keys.
+
+ * getkey.c (compare_name): Fixed exact and email matching
+
+ * openfile.c (open_outfile): Changed arguments and all callers.
+
+Tue Aug 11 09:14:35 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * encode.c (encode_simple): Applied option set-filename and comment.
+ (encode_crypt): Ditto.
+ * sign.c (sign_file): Ditto.
+ * armor.c (armor_filter): Applied option comment.
+
+ * encode.c (encode_crypt): Moved init_packet to the begin.
+ (encode_simple): add an init_packet().
+
+ * comment (write_comment): Now enforces a hash sign as the 1st byte.
+
+ * import.c (import_one): Add explanation for "no user ids".
+
+ * compress.c (do_uncompress): Applied Brian Warner's patch to support
+ zlib 1.1.3 etc.
+
+ * trustdb.c (check_trust): Fixed a problem after inserting new keys.
+
+ * getkey (lookup): do not return the primary key if usage is given
+ (lookup_sk): Ditto and take usage into account.
+
+ * status.c (cpr_get_answer_is_yes): add display_help.
+
+Mon Aug 10 10:11:28 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * getkey.c (lookup_sk): Now always returns the primary if arg
+ primary is true.
+ (lookup): Likewise.
+ (get_pubkey_byname): Now returns the primary key
+ (get_seckey_byname): Ditto.
+
+
+Mon Aug 10 08:34:03 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * keyid.c (pubkey_letter): ELG_E is now a small g.
+
+Sat Aug 8 17:26:12 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * openfile (overwrite_filep): Changed semantics and all callers.
+
+Sat Aug 8 12:17:07 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * status.c (display_help): New.
+
+Thu Aug 6 16:30:41 1998 Werner Koch,mobil,,, (wk@tobold)
+
+ * seskey.c (encode_session_key): Now uses get_random_bits().
+
+Thu Aug 6 07:34:56 1998 Werner Koch,mobil,,, (wk@tobold)
+
+ * ringedit.c (keyring_copy): No more backupfiles for
+ secret keyrings and add additional warning in case of
+ a failed secret keyring operation.
+
+Wed Aug 5 11:54:37 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (check_opts): Moved to main. Changed def_cipher_algo
+ semantics and chnaged all users.
+
+ * pubkey-enc.c (get_sssion_key): New informational output
+ about preferences.
+
+ * parse-packet.c (parse_symkeyenc): Fixed salted+iterated S2K
+ (parse_key): Ditto.
+ * build-packet.c (do_secret_key): Ditto.
+ (do_symkey_enc): Ditto.
+
+Tue Aug 4 08:59:10 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * getkey.c (enum_secret_keys): Now returns only primary keys.
+
+ * getkey (lookup): Now sets the new namehash field.
+
+ * parse-packet.c (parse_sig_subpkt2): New.
+
+ * sign.c (sign_file): one-pass sigs are now emiited reverse.
+ Preference data is considered when selecting the compress algo.
+
+Wed Jul 29 12:53:03 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * free-packet.c (copy_signature): New.
+
+ * keygen.c (generate_subkeypair): rewritten
+ * g10.c (aKeyadd): Removed option --add-key
+
+Mon Jul 27 10:37:28 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * seckey-cert.c (do_check): Additional check on cipher blocksize.
+ (protect_secret_key): Ditto.
+ * encr-data.c: Support for other blocksizes.
+ * cipher.c (write_header): Ditto.
+
+Fri Jul 24 16:47:59 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * kbnode.c (insert_kbnode): Changed semantics and all callers.
+ * keyedit.c : More or less a complete rewrite
+
+Wed Jul 22 17:10:04 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * build-packet.c (write_sign_packet_header): New.
+
+Tue Jul 21 14:37:09 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * import.c (import_one): Now creates a trustdb record.
+
+ * g10.c (main): New command --check-trustdb
+
+Mon Jul 20 11:15:07 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * genkey.c (generate_keypair): Default key is now DSA with
+ encryption only ElGamal subkey.
+
+Thu Jul 16 10:58:33 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * keyid.c (keyid_from_fingerprint): New.
+ * getkey.c (get_pubkey_byfprint): New.
+
+Tue Jul 14 18:09:51 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * keyid.c (fingerprint_from_pk): Add argument and changed all callers.
+ (fingerprint_from_sk): Ditto.
+
+Tue Jul 14 10:10:03 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * plaintext.c (handle_plaintext): Now returns create error if
+ the file could not be created or the user responded not to overwrite
+ the file.
+ * mainproc.c (proc_plaintext): Tries again if the file could not
+ be created to check the signature without output.
+
+ * misc.c (disable_core_dumps): New.
+ * g10.c (main): disable coredumps for gpg
+
+ * g10.c (MAINTAINER_OPTIONS): New to disable some options
+
+Mon Jul 13 16:47:54 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * plaintext.c (hash_datafiles): New arg for better support of
+ detached sigs. Changed all callers.
+ * mainproc.c (proc_signature_packets): Ditto.
+
+ * g10.c (main): New option "compress-sigs"
+ * sig.c (sign_file): detached signatures are not anymore compressed
+ unless the option --compress-sigs is used.
+
+Thu Jul 9 19:54:54 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * armor.c: Fixes to allow zero length cleartext signatures
+
+Thu Jul 9 14:52:47 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (build_list): Now drops setuid.
+ (main): Changed the way keyrings and algorithms are registered .
+
+Wed Jul 8 14:17:30 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * packet.h (PKT_public_key): Add field keyid.
+ * parse-packet.c (parse_key): Reset the above field.
+ * keyid.c (keyid_from_pk): Use above field as cache.
+
+ * tdbio.c, tdbio.h: New
+ * trustdb.c: Moved some functions to tdbio.c.
+ (print_keyid): New.
+
+ * pkclist.c (check_signatures_trust): New.
+
+Wed Jul 8 10:45:28 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * plaintext.c (special_md_putc): New.
+ (handle_plaintext): add clearsig argument
+ * mainproc.c (proc_plaintext): detection of clearsig
+ * sign.c (write_dased_escaped): Changed clearsig format
+
+Tue Jul 7 18:56:19 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * armor.c (find_header): Now makes sure that there is only one
+ empty line for clearsigs, as this is what OP now says.
+
+Mon Jul 6 13:09:07 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (main): New option default-secret-key
+ * getkey.c (get_seckey_byname): support for this option.
+
+Mon Jul 6 09:03:49 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * getkey.c (add_keyring): Keyrings are now added to end of the
+ list of keyrings. The first added keyringwill be created.
+ (add_secret_keyring): Likewise.
+
+ * ringedit.c (add_keyblock_resource): Files are created here.
+
+ * g10.c (aNOP): Removed
+
+ * getkey.c (lookup): Add checking of usage for name lookups
+ * packet.h (pubkey_usage): Add a field which may be used to store
+ usage capabilities.
+ * pkclist.c (build_pk_list): getkey now called with usage arg.
+ * skclist.c (build_sk_list): Ditto.
+
+ * sign.c (clearsign_file): Fixed "Hash:" headers
+
+Sat Jul 4 13:33:31 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * trustdb.c (list_ownertrust): New.
+ * g10.c (aListOwnerTrust): New.
+
+ * g10.c (def_pubkey_algo): Removed.
+
+ * trustdb.c (verify_private_data): Removed and also the call to it.
+ (sign_private_data): Removed.
+
+Fri Jul 3 13:26:10 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (aEditKey): was aEditSig. Changed usage msg.
+
+ * keyedit.c: Done some i18n stuff.
+
+ * g10.c (do_not_use_RSA): New.
+ * sign.c (do_sign): Add call to above function.
+ * encode.c (write_pubkey_enc_from_list): Ditto.
+
+Thu Jul 2 21:01:25 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * parse-packet.c: Now is able sto store data of unknown
+ algorithms.
+ * free-packet.c: Support for this.
+ * build-packet.c: Can write data of packet with unknown algos.
+
+Thu Jul 2 11:46:36 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * parse-packet.c (parse): fixed 4 byte length header
+
+Wed Jul 1 12:36:55 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * packet.h (new_ctb): New field for some packets
+ * build-packet.c (build_packet): Support for new_ctb
+ * parse-packet.c (parse): Ditto.
+
+Mon Jun 29 12:54:45 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * packet.h: changed all "_cert" to "_key", "subcert" to "subkey".
+
+ * free-packet.c (free_packet): Removed memory leak for subkeys.
+
+Sun Jun 28 18:32:27 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * import.c (import_keys): Renamed from import_pubkeys.
+ (import_secret_one): New.
+
+ * g10.c (aExportSecret): New.
+
+ * export.c (export_seckeys): New.
+
+ * parse-packet.c (parse_certificate): Cleaned up.
+ (parse_packet): Trust packets are now considered as unknown.
+ (parse_pubkey_warning): New.
+
+Fri Jun 26 10:37:35 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * keygen.c (has_invalid_email_chars): New.
+
+Wed Jun 24 16:40:22 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * armor.c (armor_filter): Now creates valid onepass_sig packets
+ with all detected hash algorithms.
+ * mainproc.c (proc_plaintext): Now uses the hash algos as specified
+ in the onepass_sig packets (if there are any)
+
+Mon Jun 22 11:54:08 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * plaintext.c (handle_plaintext): add arg to disable outout
+ * mainproc.c (proc_plaintext): disable output when in sigs_only mode.
+
+Thu Jun 18 13:17:27 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * keygen.c: Removed all rsa packet stuff, chnaged defaults
+ for key generation.
+
+Sun Jun 14 21:28:31 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * misc.c (checksum_u16): Fixed a stupid bug which caused a
+ wrong checksum calculation for the secret key protection and
+ add a backward compatibility option.
+ * g10.c (main): Add option --emulate-checksum-bug.
+
+Thu Jun 11 13:26:44 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * packet.h: Major changes to the structure of public key material
+ which is now stored in an array and not anaymore in a union of
+ algorithm specific structures. These is needed to make the system
+ more extendable and makes a lot of stuff much simpler. Changed
+ all over the system.
+
+ * dsa.c, rsa.c, elg.c: Removed.
+
+Wed Jun 10 07:22:02 1998 Werner Koch,mobil,,, (wk@tobold)
+
+ * g10.c ("load-extension"): New option.
+
+Mon Jun 8 22:23:37 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * seckey-cert.c (do_check): Removed cipher constants
+ (protect_secret_key): Ditto.
+
+Fri May 29 10:00:28 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * trustdb.c (query_trust_info): New.
+ * keylist.c (list_one): Add output of trust info
+ * mainproc (list_node): ditto.
+ * g10.c (main): full trustdb init if -with-colons and any of the
+ key list modes.
+
+Thu May 28 10:34:42 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * status.c (STATUS_RSA_OR_IDEA): New.
+ * sig-check.c (check_signature): Output special status message.
+ * pubkey-enc.c (get_session_key): Ditto.
+
+ * mainproc.c (check_sig_and_print): Changed format of output.
+ * passpharse.c (passphrase_to_dek): Likewise.
+
+Wed May 27 13:46:48 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (aListSecretKeys): New option --list-secret-keys
+ * keylist.c (std_key_list): Renamed to public_key_list.
+ (secret_key_list): New
+ (list_one, list_all): Add support for secret keys.
+ * getkey.c (get_secret_keyring): New.
+ * mainproc.c (list_node): Add option --with-colons for secret keys
+
+ * sig-check.c (check_key_signature): detection of selfsigs
+ * mainproc.c (list_node): fixed listing.
+
+ * g10.c (aListSecretKeys): New option --always-trust
+ * pkclist.c (do_we_trust): Override per option added
+
+ * status.c (write_status_text): Add a prefix to every output line.
+
+Wed May 27 07:49:21 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10 (--compress-keys): New.
+ * options.h (compress_keys): New.
+ * export.c (export_pubkeys): Only compresses with the new option.
+
+Tue May 26 11:24:33 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * passphrase.c (get_last_passphrase): New
+ (set_next_passphrase): New.
+ (passphrase_to_dek): add support for the above functions.
+ * keyedit.c (make_keysig_packet): Add sigclass 0x18,
+ changed all callers due to a new argument.
+ * keygen.c (write_keybinding): New
+ (generate_subkeypair): Add functionality
+ (ask_algo, ask_keysize, ask_valid_days): Broke out of generate_keypair
+ (ask_user_id, ask_passphrase): Ditto.
+
+Thu May 21 11:26:13 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c,gpgd.c (main): Does now return an int, so that egcs does
+ not complain.
+
+ * armor.c (fake_packet): Removed erro message and add a noticed
+ that this part should be fixed.
+
+ * sign.c (sign_file): Compression now comes in front of encryption.
+ * encode.c (encode_simple): Ditto.
+ (encode_crypt): Ditto.
+
+Tue May 19 16:18:19 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * armor.c (fake_packet): Changed assertion to log_error
+
+Sat May 16 16:02:06 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * build-packet.c (build_packet): Add SUBKEY packets.
+
+Fri May 15 17:57:23 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * sign.c (hash_for): New and used in all places here.
+ * main.h (DEFAULT_): new macros.
+ * g10.c (opt.def_digest_algo): Now set to 0
+
+ * compress.c (init_compress): Add support for algo 1
+ * options.h (def_compress_algo): New
+ * g10.c (main): New option --compress-algo
+
+Fri May 15 13:23:59 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (print_mds): New feature to print only one hash,
+ chnaged formatting.
+
+Thu May 14 15:36:24 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * misc.c (trap_unaligned) [__alpha__]: New
+ * g10.c (trap_unaligned): Add call to this to track down SIGBUS
+ on Alphas (to avoid the slow emulation code).
+
+Wed May 13 11:48:27 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * build-packet.c (do_signature): Support for v4 pakets.
+ * keyedit.c (make_keysig_packet): Ditto.
+ * build-packet.c (build_sig_subpkt_from_sig): New.
+ (build_sig_subpkt): New.
+
+ * elg.c (g10_elg_sign): removed keyid_from_skc.
+ * dsa.c (g10_dsa_sign): Ditto.
+ * rsa.c (g10_rsa_sign): Ditto.
+ * keyedit.c (make_keysig_packet): Add call to keyid_from_skc
+
+ * sign.c (clearsign_file): Support for v4 signatures.
+ (sign_file): Ditto.
+
+Wed May 6 09:31:24 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * parse-packet.c (do_parse): add support for 5 byte length leader.
+ (parse_subpkt): Ditto.
+ * build-packet.c (write_new_header): Ditto.
+
+ * packet.h (SIGSUBPKT_): New constants.
+ * parse-packet.c (parse_sig_subpkt): Changed name, made global,
+ and arg to return packet length, chnaged all callers
+
+
+Tue May 5 22:11:59 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * keygen.c (gen_dsa): New.
+ * build_packet.c (do_secret_cert): Support for DSA
+
+Mon May 4 19:01:25 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * compress.c: doubled buffer sizes
+ * parse-packet.c (do_plaintext): now uses iobuf_read/write.
+
+Mon May 4 09:35:53 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * seskey.c (encode_md_value): Add optional argument hash_algo,
+ changed all callers.
+
+ * passphrase.c (make_dek_from_passphrase): Removed
+ * (get_passhrase_hash): Changed name to passphrase_to_dek, add arg,
+ changed all callers.
+
+ * all: Introduced the new ELG identifier and added support for the
+ encryption only one (which is okay to use by GNUPG for signatures).
+
+Sun May 3 17:50:26 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * packet.h (PKT_OLD_COMMENT): New name for type 16.
+ * parse-packet.c (parse_comment): Now uses type 61
+
+Fri May 1 12:44:39 1998 Werner Koch,mobil,,, (wk@tobold)
+
+ * packet.h (count): Chnaged s2k count from byte to u32.
+ * seckey-cert.c (do_check): Changed s2k algo 3 to 4, changed
+ reading of count.
+ * build-packet.c (do_secret_cert): ditto.
+ * parse-packet.c (parse_certificate): ditto.
+
+ * parse-packet.c (parse_symkeyenc): New.
+ * build-packet.c (do_symkey_enc): New.
+
+Thu Apr 30 16:33:34 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * sign.c (clearsign_file): Fixed "Hash: " armor line.
+
+Tue Apr 28 14:27:42 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * parse-packet.c (parse_subpkt): Some new types.
+
+Mon Apr 27 12:53:59 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (main): Add option --skip-verify.
+ * mainproc.c (check_sig_and_print): Ditto.
+
+ * g10.c (print_mds): Add output for Tiger.
+
+ * sign.c (sign_file): Now uses partial length headers if used
+ in canonical textmode (kludge to fix a bug).
+
+ * parse-packet.c (parse_certificate): Changed BLOWFISH id.
+ * pubkey-enc.c (get_session_key): Ditto.
+ * seskey.c (make_session_key): Ditto.
+ * seckey-cert.c (protect_secret_key,do_check): Add BLOWFISH160.
+
+Fri Apr 24 17:38:48 1998 Werner Koch,mobil,,, (wk@tobold)
+
+ * sig-check.c (check_key_signature): Add sig-class 0x14..0x17
+ * keyedit.c (sign-key): Some changes to start with support of
+ the above new sig-classes.
+
+Wed Apr 22 09:01:57 1998 Werner Koch,mobil,,, (wk@tobold)
+
+ * getkey.c (compare_name): add email matching
+
+Tue Apr 21 16:17:12 1998 Werner Koch,mobil,,, (wk@tobold)
+
+ * armor.c (armor_filter): fixed missing last LF before CSUM.
+
+Thu Apr 9 11:35:22 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * seckey-cert.c (do_check): New; combines all the check functions
+ into one.
+
+ * sign.c: removed all key management functions
+ * keyedit.c: New.
+
+Thu Apr 9 09:49:36 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * import.c (chk_self_sigs): Changed an error message.
+
+Wed Apr 8 16:19:39 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * packet.h: packet structs now uses structs from the pubkey,
+ removed all copy operations from packet to pubkey structs.
+
+Wed Apr 8 13:40:33 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * trustdb.c (verify_own_certs): Fixed "public key not found".
+
+ * getkey.c (key_byname): New, combines public and secret key search.
+
+ * pkclist.c (build_pkc_list): Add new arg usage, changed all callers.
+ * skclist.c (build_skc_list): Likewise.
+
+ * ringedit.c (find_keyblock, keyring_search2): Removed.
+
+Wed Apr 8 09:47:21 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * sig-check.c (do_check): Applied small fix from Ulf Möller.
+
+Tue Apr 7 19:28:07 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.c, encr-data.c, seckey-cert.c: Now uses cipher_xxxx
+ functions instead of blowfish_xxx or cast_xxx
+
+Tue Apr 7 11:04:02 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * Makefile.am (g10maint.o): Changed the way it is created.
+
+Mon Apr 6 11:17:08 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * misc.c: New.
+ * keygen.c (checksum,checksum_u16,checksum_mpi): Moved to misc.c
+ * seckey-cert.c: Kludge for wrong ELG checksum implementation.
+
+Sat Apr 4 20:07:01 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.c (cipher_filter): Support for CAST5
+ * encr-data.c (decode_filter): Ditto.
+ (decrypt_data): Ditto.
+ * seskey.c (make_session_key): Ditto.
+ * seckey-cert.c (check_elg, check_dsa): Ditto,
+ (protect_secret_key): Ditto.
+ * pubkey-enc.c (get_session_key): Ditto.
+ * passphrase.c (hash_passphrase): Ditto.
+
+Thu Apr 2 20:22:35 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * gpgd.c: New
+
+Thu Apr 2 10:38:16 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * keygen.c (generate_keypair): Add valid_days stuff.
+ * trustdb.c (check_trust): Add check for valid_days.
+
+Wed Apr 1 16:15:58 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * keygen.c (generate_keypair): Addional question whether the
+ selected large keysize is really needed.
+
+Wed Apr 1 15:56:33 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * seckey-cert.c (protect_secret_key): merged protect_xxx to here.
+
+Wed Apr 1 10:34:46 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * Makefile.am (g10maint.c): Changed creation rule, so that it works
+ on FreeBSD (missing CFLAGS).
+
+ * parse-packet.c (parse_subkey): Removed.
+
+Thu Mar 19 15:22:36 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * ringedit.c (keyring_enum): Fixed problem with reading too
+ many packets. Add support to read secret keyrings.
+
+ * getkey.c (scan_keyring): Removed
+ (lookup): New to replace scan_keyring.
+ (scan_secret_keyring): Removed.
+ (lookup_skc): New.
+
+Wed Mar 18 11:47:34 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * ringedit.c (enum_keyblocks): New read mode 11.
+
+ * keyid.c (elg_fingerprint_md): New and changed all other functions
+ to call this if the packet version is 4 or above.
+
+Tue Mar 17 20:46:16 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * parse-packet.c (parse_certificate): Add listing support for subkeys.
+
+Tue Mar 17 20:32:22 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * armor.c (is_armored): Allow marker packet.
+
+Thu Mar 12 13:36:49 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * trustdb.c (check_trust): Checks timestamp of pubkey.
+ * sig-check. (do_check): Compares timestamps.
+
+Tue Mar 10 17:01:56 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (main): Add call to init_signals.
+ * signal.c: New.
+
+Mon Mar 9 12:43:42 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * dsa.c: New
+ * packet.h, free-packet.c, parse-packet.c : Add support for DSA
+ * sig-check.c, getkey.c, keyid.c, ringedit.c: Ditto.
+ * seckey-cert.c: Ditto.
+
+ * packet.h : Moved .digest_algo of signature packets to outer
+ structure. Changed all references
+
+Sun Mar 8 13:06:42 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * openfile.c : Support for stdout filename "-".
+
+ * mainproc.c (check_sig_and_print): Enhanced status output:
+ * status.c (write_status_text): New.
+
+Fri Mar 6 16:10:54 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * kbnode.c (clone_kbnode): Fixed private_flag.
+
+ * mainproc.c (list_node): Output of string "Revoked" as user-id.
+
+Fri Mar 6 14:26:39 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (main): Add userids to "-kv" and cleaned up this stuff.
+
+Fri Mar 6 12:45:58 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (main): Changed semantics of the list-... commands
+ and added a new one. Removed option "-d"
+
+ * decrypt.c: New.
+
+ * trustdb.c (init_trustdb): Autocreate directory only if it ends
+ in "/.gnupg".
+
+Thu Mar 5 12:12:11 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * mainproc.c (do_proc_packets): New. Common part of proc_packet.
+ (proc_signature_packets): special version to handle signature data.
+ * verify.c: New.
+ * g10.c (aVerify): New.
+ * plaintext.c (hash_datafiles): New.
+ * compress.c (handle_compressed): Add callback arg, changed caller.
+
+Thu Mar 5 10:20:06 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c: Is nom the common source for gpg and gpgm
+ * g10maint.c: Removed
+ * Makefile.am: Add rule to build g10maint.c
+
+Thu Mar 5 08:43:59 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (main): Changed the way clear text sigs are faked.
+
+Wed Mar 4 19:47:37 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10maint.c (aMuttKeyList): New
+ * keylist.c: New.
+
+Wed Mar 4 17:20:33 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * getkey.c (get_pubkey_byname): Kludge to allow 0x prefix.
+
+Tue Mar 3 13:46:55 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10maint.c (main): New option --gen-random.
+
+Tue Mar 3 09:50:08 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (aDeleteSecretKey): New.
+ (aEditSig): Add option "--edit-key" as synonym for "--edit-sig".
+ (aDeleteSecretKey): New.
+ * getkey.c (seckey_available): New.
+ * sign.c (delete_key): Enhanced to delete secret keys, changed all
+ callers.
+
+Mon Mar 2 21:23:48 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * pkc_list.c (build_pkc_list): Add interactive input of user ID.
+
+Mon Mar 2 20:54:05 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * pkclist.c (do_we_trust_pre): New.
+ (add_ownertrust): Add message.
+ * trustdb.c (enum_trust_web): Quick fix.
+
+Mon Mar 2 13:50:53 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (main): New action aDeleteKey
+ * sign.c (delete_key): New.
+
+Sun Mar 1 16:38:58 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * trustdb.c (do_check): No returns TRUST_UNDEFINED instead of
+ eof error.
+
+Fri Feb 27 18:14:03 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * armor.c (find_header): Removed trailing CR on headers.
+
+Fri Feb 27 18:02:48 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * ringedit.c (keyring_search) [MINGW32]: Open and close file here
+ because rename does not work on open files. Chnaged callers.
+
+Fri Feb 27 16:43:11 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * sig-check.c (do_check): Add an md_enable.
+ * mainproc.c (do_check_sig): Use md_open in case of detached sig
+ (proc_tree): Take detached sigs into account.
+
+Fri Feb 27 15:22:46 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (main): Make use of GNUPGHOME envvar.
+ * g10main.c (main): Ditto.
+
+Wed Feb 25 11:40:04 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * plaintext.c (ask_for_detached_datafile): add opt.verbose to
+ info output.
+
+ * openfile.c (open_sigfile): Try also name ending in ".asc"
+
+Wed Feb 25 08:41:00 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * keygen.c (generate_keypair): Fixed memory overflow.
+
+Tue Feb 24 15:51:55 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * parse-packet.c (parse_certificate): Support for S2K.
+ * build-packet.c (do_secret_cert): Ditto.
+ * keygen.c (gen_elg): Ditto.
+ * seckey-cert.c (check_elg): Ditto
+ (protect_elg): Ditto.
+ * sign.c (chnage_passphrase): Ditto.
+ * passphrase.c (get_passphrase_hash): Support for a salt and
+ changed all callers.
+ (make_dek_from_passphrase): Ditto.
+
+Tue Feb 24 12:30:56 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * build-packet.c (hash_public_cert): Disabled debug output.
+
+Fri Feb 20 17:22:28 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * trustdb.c (init_trustdb) [MINGW32]: Removed 2nd mkdir arg.
+ (keyring_copy) [MINGW32]: Add a remove prior to the renames.
+
+Wed Feb 18 18:39:02 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * Makefile.am (OMIT_DEPENDENCIES): New.
+
+ * rsa.c: Replaced log_bug by BUG.
+
+Wed Feb 18 13:35:58 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * mainproc.c (do_check_sig): Now uses hash_public_cert.
+ * parse-packet.c (parse_certificate): Removed hashing.
+ * packet.h (public_cert): Removed hash variable.
+ * free-packet.c (copy_public_cert, free_public_cert): Likewise.
+
+ * sig-check.c (check_key_signatures): Changed semantics.
+
+Wed Feb 18 12:11:28 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * trustdb.c (do_check): Add handling for revocation certificates.
+ (build_sigrecs): Ditto.
+ (check_sigs): Ditto.
+
+Wed Feb 18 09:31:04 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * armor.c (armor_filter): Add afx->hdrlines.
+ * revoke.c (gen_revoke): Add comment line.
+ * dearmor.c (enarmor_file): Ditto.
+
+ * sig-check.c (check_key_signature): Add handling for class 0x20.
+ * mainproc.c : Ditto.
+
+Tue Feb 17 21:24:17 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * armor.c : Add header lines "...ARMORED FILE .."
+ * dearmor.c (enarmor_file): New.
+ * g10maint.c (main): New option "--enarmor"
+
+Tue Feb 17 19:03:33 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * mainproc.c : Changed a lot, because the packets are now stored
+ a simple linlked list and not anymore in a complicatd tree structure.
+
+Tue Feb 17 10:14:48 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * free_packet.c (cmp_public_certs): New.
+ (cmp_user_ids): New.
+
+ * kbnode.c (clone_kbnode): New.
+ (release_kbnode): Add clone support.
+
+ * ringedit.c (find_keyblock_bypkc): New.
+
+ * sign.c (remove_keysigs): Self signatures are now skipped,
+ changed arguments and all callers.
+
+ * import.c : Add functionality.
+
+Tue Feb 17 09:31:40 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * options.h (homedir): New option.
+ * g10.c, g10maint.c, getkey.c, keygen.c, trustdb.c (opt.homedir): New.
+
+ * trustdb.c (init_trustdb): mkdir for hoem directory
+ (sign_private_data): Renamed "sig" to "g10.sig"
+
+Mon Feb 16 20:02:03 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * kbnode.c (commit_kbnode): New.
+ (delete_kbnode): removed unused first arg. Changed all Callers.
+
+ * ringedit.c (keyblock_resource_name): New.
+ (get_keyblock_handle): NULL for filename returns default resource.
+
+Mon Feb 16 19:38:48 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * sig-check.s (check_key_signature): Now uses the supplied
+ public key to check the signature and not any more the one
+ from the getkey.c
+ (do_check): New.
+ (check_signature): Most work moved to do_check.
+
+Mon Feb 16 14:48:57 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * armor.c (find_header): Fixed another bug.
+
+Mon Feb 16 12:18:34 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * getkey.c (scan_keyring): Add handling of compressed keyrings.
+
+Mon Feb 16 10:44:51 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c, g10maint.c (strusage): Rewrote.
+ (build_list): New
+
+Mon Feb 16 08:58:41 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * armor.c (use_armor): New.
+
+Sat Feb 14 14:30:57 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * mainproc.c (proc_tree): Sigclass fix.
+
+Sat Feb 14 14:16:33 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * armor.c (armor_filter): Changed version and comment string.
+ * encode.c, sign.c, keygen.c: Changed all comment packet strings.
+
+Sat Feb 14 12:39:24 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (aGenRevoke): New command.
+ * revoke.c: New.
+ * sign.c (make_keysig_packet): Add support for sigclass 0x20.
+
+Fri Feb 13 20:18:14 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * ringedit.c (enum_keyblocks, keyring_enum): New.
+
+Fri Feb 13 19:33:40 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * export.c: Add functionality.
+
+ * keygen.c (generate_keypair): Moved the leading comment behind the
+ key packet.
+ * kbnode.c (walk_kbnode): Fixed.
+
+ * g10.c (main): listing armored keys now work.
+
+Fri Feb 13 16:17:43 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * parse-packet.c (parse_publickey, parse_signature): Fixed calls
+ to mpi_read used for ELG b.
+
+Fri Feb 13 15:13:23 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (main): changed formatting of help output.
+
+Thu Feb 12 22:24:42 1998 Werner Koch (wk@frodo)
+
+ * pubkey-enc.c (get_session_key): rewritten
+
+
+ Copyright 1998,1999,2000,2001,2002,2003,2004,2005,
+ 2006,2007,2008,2009,2010 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/g10/Makefile.am b/g10/Makefile.am
new file mode 100644
index 0000000..126c55c
--- /dev/null
+++ b/g10/Makefile.am
@@ -0,0 +1,141 @@
+# Copyright (C) 1998, 1999, 2000, 2001, 2002,
+# 2003, 2006 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+## Process this file with automake to produce Makefile.in
+
+EXTRA_DIST = options.skel ChangeLog-2011
+
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common \
+ -I$(top_srcdir)/include -I$(top_srcdir)/intl
+
+include $(top_srcdir)/am/cmacros.am
+
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
+
+needed_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a
+
+bin_PROGRAMS = gpg2 gpgv2
+noinst_PROGRAMS = $(module_tests)
+TESTS = $(module_tests)
+
+if ENABLE_BZIP2_SUPPORT
+bzip2_source = compress-bz2.c
+else
+bzip2_source =
+endif
+
+
+common_source = \
+ gpg.h \
+ build-packet.c \
+ compress.c \
+ $(bzip2_source) \
+ filter.h \
+ free-packet.c \
+ getkey.c \
+ keydb.c keydb.h \
+ keyring.c keyring.h \
+ seskey.c \
+ kbnode.c \
+ main.h \
+ mainproc.c \
+ armor.c \
+ mdfilter.c \
+ textfilter.c \
+ progress.c \
+ misc.c \
+ rmd160.c rmd160.h \
+ options.h \
+ openfile.c \
+ keyid.c \
+ packet.h \
+ parse-packet.c \
+ cpr.c \
+ plaintext.c \
+ sig-check.c \
+ keylist.c \
+ pkglue.c pkglue.h
+
+gpg2_SOURCES = gpg.c \
+ server.c \
+ $(common_source) \
+ pkclist.c \
+ skclist.c \
+ pubkey-enc.c \
+ passphrase.c \
+ seckey-cert.c \
+ encr-data.c \
+ cipher.c \
+ encode.c \
+ sign.c \
+ verify.c \
+ revoke.c \
+ decrypt.c \
+ keyedit.c \
+ dearmor.c \
+ import.c \
+ export.c \
+ trustdb.c \
+ trustdb.h \
+ tdbdump.c \
+ tdbio.c \
+ tdbio.h \
+ delkey.c \
+ keygen.c \
+ helptext.c \
+ keyserver.c \
+ keyserver-internal.h \
+ photoid.c photoid.h \
+ call-agent.c call-agent.h \
+ card-util.c \
+ exec.c exec.h
+
+gpgv2_SOURCES = gpgv.c \
+ $(common_source) \
+ verify.c
+
+#gpgd_SOURCES = gpgd.c \
+# ks-proto.h \
+# ks-proto.c \
+# ks-db.c \
+# ks-db.h \
+# $(common_source)
+
+LDADD = $(needed_libs) ../common/libgpgrl.a \
+ $(ZLIBS) $(DNSLIBS) $(LIBREADLINE) \
+ $(LIBINTL) $(CAPLIBS) $(NETLIBS)
+gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
+ $(LIBICONV)
+gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
+ $(LIBICONV)
+
+t_common_ldadd =
+module_tests = t-rmd160
+t_rmd160_SOURCES = t-rmd160.c rmd160.c
+t_rmd160_LDADD = $(t_common_ldadd)
+
+
+$(PROGRAMS): $(needed_libs) ../common/libgpgrl.a
+
+install-data-local:
+ $(mkinstalldirs) $(DESTDIR)$(pkgdatadir)
+ $(INSTALL_DATA) $(srcdir)/options.skel \
+ $(DESTDIR)$(pkgdatadir)/gpg-conf.skel
+
+uninstall-local:
+ -@rm $(DESTDIR)$(pkgdatadir)/gpg-conf.skel
diff --git a/g10/Makefile.in b/g10/Makefile.in
new file mode 100644
index 0000000..a919b88
--- /dev/null
+++ b/g10/Makefile.in
@@ -0,0 +1,962 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 1998, 1999, 2000, 2001, 2002,
+# 2003, 2006 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+# cmacros.am - C macro definitions
+# Copyright (C) 2004 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/am/cmacros.am
+@HAVE_DOSISH_SYSTEM_FALSE@am__append_1 = -DGNUPG_BINDIR="\"$(bindir)\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBEXECDIR="\"$(libexecdir)\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_DATADIR="\"$(datadir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\""
+
+
+# If a specific protect tool program has been defined, pass its name
+# to cc. Note that these macros should not be used directly but via
+# the gnupg_module_name function.
+@GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
+@GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
+@GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+bin_PROGRAMS = gpg2$(EXEEXT) gpgv2$(EXEEXT)
+noinst_PROGRAMS = $(am__EXEEXT_1)
+TESTS = $(am__EXEEXT_1)
+subdir = g10
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)"
+am__EXEEXT_1 = t-rmd160$(EXEEXT)
+PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
+am__gpg2_SOURCES_DIST = gpg.c server.c gpg.h build-packet.c compress.c \
+ compress-bz2.c filter.h free-packet.c getkey.c keydb.c keydb.h \
+ keyring.c keyring.h seskey.c kbnode.c main.h mainproc.c \
+ armor.c mdfilter.c textfilter.c progress.c misc.c rmd160.c \
+ rmd160.h options.h openfile.c keyid.c packet.h parse-packet.c \
+ cpr.c plaintext.c sig-check.c keylist.c pkglue.c pkglue.h \
+ pkclist.c skclist.c pubkey-enc.c passphrase.c seckey-cert.c \
+ encr-data.c cipher.c encode.c sign.c verify.c revoke.c \
+ decrypt.c keyedit.c dearmor.c import.c export.c trustdb.c \
+ trustdb.h tdbdump.c tdbio.c tdbio.h delkey.c keygen.c \
+ helptext.c keyserver.c keyserver-internal.h photoid.c \
+ photoid.h call-agent.c call-agent.h card-util.c exec.c exec.h
+@ENABLE_BZIP2_SUPPORT_TRUE@am__objects_1 = compress-bz2.$(OBJEXT)
+am__objects_2 = build-packet.$(OBJEXT) compress.$(OBJEXT) \
+ $(am__objects_1) free-packet.$(OBJEXT) getkey.$(OBJEXT) \
+ keydb.$(OBJEXT) keyring.$(OBJEXT) seskey.$(OBJEXT) \
+ kbnode.$(OBJEXT) mainproc.$(OBJEXT) armor.$(OBJEXT) \
+ mdfilter.$(OBJEXT) textfilter.$(OBJEXT) progress.$(OBJEXT) \
+ misc.$(OBJEXT) rmd160.$(OBJEXT) openfile.$(OBJEXT) \
+ keyid.$(OBJEXT) parse-packet.$(OBJEXT) cpr.$(OBJEXT) \
+ plaintext.$(OBJEXT) sig-check.$(OBJEXT) keylist.$(OBJEXT) \
+ pkglue.$(OBJEXT)
+am_gpg2_OBJECTS = gpg.$(OBJEXT) server.$(OBJEXT) $(am__objects_2) \
+ pkclist.$(OBJEXT) skclist.$(OBJEXT) pubkey-enc.$(OBJEXT) \
+ passphrase.$(OBJEXT) seckey-cert.$(OBJEXT) encr-data.$(OBJEXT) \
+ cipher.$(OBJEXT) encode.$(OBJEXT) sign.$(OBJEXT) \
+ verify.$(OBJEXT) revoke.$(OBJEXT) decrypt.$(OBJEXT) \
+ keyedit.$(OBJEXT) dearmor.$(OBJEXT) import.$(OBJEXT) \
+ export.$(OBJEXT) trustdb.$(OBJEXT) tdbdump.$(OBJEXT) \
+ tdbio.$(OBJEXT) delkey.$(OBJEXT) keygen.$(OBJEXT) \
+ helptext.$(OBJEXT) keyserver.$(OBJEXT) photoid.$(OBJEXT) \
+ call-agent.$(OBJEXT) card-util.$(OBJEXT) exec.$(OBJEXT)
+gpg2_OBJECTS = $(am_gpg2_OBJECTS)
+am__DEPENDENCIES_1 =
+am__DEPENDENCIES_2 = $(needed_libs) ../common/libgpgrl.a \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+gpg2_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am__gpgv2_SOURCES_DIST = gpgv.c gpg.h build-packet.c compress.c \
+ compress-bz2.c filter.h free-packet.c getkey.c keydb.c keydb.h \
+ keyring.c keyring.h seskey.c kbnode.c main.h mainproc.c \
+ armor.c mdfilter.c textfilter.c progress.c misc.c rmd160.c \
+ rmd160.h options.h openfile.c keyid.c packet.h parse-packet.c \
+ cpr.c plaintext.c sig-check.c keylist.c pkglue.c pkglue.h \
+ verify.c
+am_gpgv2_OBJECTS = gpgv.$(OBJEXT) $(am__objects_2) verify.$(OBJEXT)
+gpgv2_OBJECTS = $(am_gpgv2_OBJECTS)
+gpgv2_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am_t_rmd160_OBJECTS = t-rmd160.$(OBJEXT) rmd160.$(OBJEXT)
+t_rmd160_OBJECTS = $(am_t_rmd160_OBJECTS)
+t_rmd160_DEPENDENCIES = $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/scripts/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(gpg2_SOURCES) $(gpgv2_SOURCES) $(t_rmd160_SOURCES)
+DIST_SOURCES = $(am__gpg2_SOURCES_DIST) $(am__gpgv2_SOURCES_DIST) \
+ $(t_rmd160_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors = \
+red=; grn=; lgn=; blu=; std=
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = $(datadir)/locale
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+EXTRA_DIST = options.skel ChangeLog-2011
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common \
+ -I$(top_srcdir)/include -I$(top_srcdir)/intl \
+ -DLOCALEDIR=\"$(localedir)\" $(am__append_1) $(am__append_2) \
+ $(am__append_3) $(am__append_4) $(am__append_5) \
+ $(am__append_6)
+
+# Convenience macros
+libcommon = ../common/libcommon.a
+libcommonpth = ../common/libcommonpth.a
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
+needed_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a
+@ENABLE_BZIP2_SUPPORT_FALSE@bzip2_source =
+@ENABLE_BZIP2_SUPPORT_TRUE@bzip2_source = compress-bz2.c
+common_source = \
+ gpg.h \
+ build-packet.c \
+ compress.c \
+ $(bzip2_source) \
+ filter.h \
+ free-packet.c \
+ getkey.c \
+ keydb.c keydb.h \
+ keyring.c keyring.h \
+ seskey.c \
+ kbnode.c \
+ main.h \
+ mainproc.c \
+ armor.c \
+ mdfilter.c \
+ textfilter.c \
+ progress.c \
+ misc.c \
+ rmd160.c rmd160.h \
+ options.h \
+ openfile.c \
+ keyid.c \
+ packet.h \
+ parse-packet.c \
+ cpr.c \
+ plaintext.c \
+ sig-check.c \
+ keylist.c \
+ pkglue.c pkglue.h
+
+gpg2_SOURCES = gpg.c \
+ server.c \
+ $(common_source) \
+ pkclist.c \
+ skclist.c \
+ pubkey-enc.c \
+ passphrase.c \
+ seckey-cert.c \
+ encr-data.c \
+ cipher.c \
+ encode.c \
+ sign.c \
+ verify.c \
+ revoke.c \
+ decrypt.c \
+ keyedit.c \
+ dearmor.c \
+ import.c \
+ export.c \
+ trustdb.c \
+ trustdb.h \
+ tdbdump.c \
+ tdbio.c \
+ tdbio.h \
+ delkey.c \
+ keygen.c \
+ helptext.c \
+ keyserver.c \
+ keyserver-internal.h \
+ photoid.c photoid.h \
+ call-agent.c call-agent.h \
+ card-util.c \
+ exec.c exec.h
+
+gpgv2_SOURCES = gpgv.c \
+ $(common_source) \
+ verify.c
+
+
+#gpgd_SOURCES = gpgd.c \
+# ks-proto.h \
+# ks-proto.c \
+# ks-db.c \
+# ks-db.h \
+# $(common_source)
+LDADD = $(needed_libs) ../common/libgpgrl.a \
+ $(ZLIBS) $(DNSLIBS) $(LIBREADLINE) \
+ $(LIBINTL) $(CAPLIBS) $(NETLIBS)
+
+gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
+ $(LIBICONV)
+
+gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
+ $(LIBICONV)
+
+t_common_ldadd =
+module_tests = t-rmd160
+t_rmd160_SOURCES = t-rmd160.c rmd160.c
+t_rmd160_LDADD = $(t_common_ldadd)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/am/cmacros.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu g10/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu g10/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(bindir)" && rm -f $$files
+
+clean-binPROGRAMS:
+ -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
+
+clean-noinstPROGRAMS:
+ -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
+gpg2$(EXEEXT): $(gpg2_OBJECTS) $(gpg2_DEPENDENCIES)
+ @rm -f gpg2$(EXEEXT)
+ $(LINK) $(gpg2_OBJECTS) $(gpg2_LDADD) $(LIBS)
+gpgv2$(EXEEXT): $(gpgv2_OBJECTS) $(gpgv2_DEPENDENCIES)
+ @rm -f gpgv2$(EXEEXT)
+ $(LINK) $(gpgv2_OBJECTS) $(gpgv2_LDADD) $(LIBS)
+t-rmd160$(EXEEXT): $(t_rmd160_OBJECTS) $(t_rmd160_DEPENDENCIES)
+ @rm -f t-rmd160$(EXEEXT)
+ $(LINK) $(t_rmd160_OBJECTS) $(t_rmd160_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/armor.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/build-packet.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/call-agent.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/card-util.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/compress-bz2.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/compress.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cpr.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dearmor.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/decrypt.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delkey.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encode.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encr-data.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/exec.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/export.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/free-packet.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getkey.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgv.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/helptext.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/import.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kbnode.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keydb.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyedit.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keygen.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyid.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keylist.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyring.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyserver.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mainproc.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mdfilter.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/misc.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openfile.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parse-packet.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/passphrase.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/photoid.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkclist.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkglue.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plaintext.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/progress.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey-enc.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/revoke.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rmd160.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/seckey-cert.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/server.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/seskey.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sig-check.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sign.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/skclist.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-rmd160.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tdbdump.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tdbio.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/textfilter.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/trustdb.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verify.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ echo "$$grn$$dashes"; \
+ else \
+ echo "$$red$$dashes"; \
+ fi; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes$$std"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-data-local
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-binPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-local
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
+ clean-binPROGRAMS clean-generic clean-noinstPROGRAMS ctags \
+ distclean distclean-compile distclean-generic distclean-tags \
+ distdir dvi dvi-am html html-am info info-am install \
+ install-am install-binPROGRAMS install-data install-data-am \
+ install-data-local install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+ uninstall-am uninstall-binPROGRAMS uninstall-local
+
+
+$(PROGRAMS): $(needed_libs) ../common/libgpgrl.a
+
+install-data-local:
+ $(mkinstalldirs) $(DESTDIR)$(pkgdatadir)
+ $(INSTALL_DATA) $(srcdir)/options.skel \
+ $(DESTDIR)$(pkgdatadir)/gpg-conf.skel
+
+uninstall-local:
+ -@rm $(DESTDIR)$(pkgdatadir)/gpg-conf.skel
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/g10/armor.c b/g10/armor.c
new file mode 100644
index 0000000..652ef3a
--- /dev/null
+++ b/g10/armor.c
@@ -0,0 +1,1498 @@
+/* armor.c - Armor filter
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
+ * 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <ctype.h>
+
+#include "gpg.h"
+#include "status.h"
+#include "iobuf.h"
+#include "util.h"
+#include "filter.h"
+#include "packet.h"
+#include "options.h"
+#include "main.h"
+#include "status.h"
+#include "i18n.h"
+
+#define MAX_LINELEN 20000
+
+#define CRCINIT 0xB704CE
+#define CRCPOLY 0X864CFB
+#define CRCUPDATE(a,c) do { \
+ a = ((a) << 8) ^ crc_table[((a)&0xff >> 16) ^ (c)]; \
+ a &= 0x00ffffff; \
+ } while(0)
+static u32 crc_table[256];
+static byte bintoasc[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789+/";
+static byte asctobin[256]; /* runtime initialized */
+static int is_initialized;
+
+
+typedef enum {
+ fhdrHASArmor = 0,
+ fhdrNOArmor,
+ fhdrINIT,
+ fhdrINITCont,
+ fhdrINITSkip,
+ fhdrCHECKBegin,
+ fhdrWAITHeader,
+ fhdrWAITClearsig,
+ fhdrSKIPHeader,
+ fhdrCLEARSIG,
+ fhdrREADClearsig,
+ fhdrNullClearsig,
+ fhdrEMPTYClearsig,
+ fhdrCHECKClearsig,
+ fhdrCHECKClearsig2,
+ fhdrCHECKDashEscaped,
+ fhdrCHECKDashEscaped2,
+ fhdrCHECKDashEscaped3,
+ fhdrREADClearsigNext,
+ fhdrENDClearsig,
+ fhdrENDClearsigHelp,
+ fhdrTESTSpaces,
+ fhdrCLEARSIGSimple,
+ fhdrCLEARSIGSimpleNext,
+ fhdrTEXT,
+ fhdrTEXTSimple,
+ fhdrERROR,
+ fhdrERRORShow,
+ fhdrEOF
+} fhdr_state_t;
+
+
+/* if we encounter this armor string with this index, go
+ * into a mode which fakes packets and wait for the next armor */
+#define BEGIN_SIGNATURE 2
+#define BEGIN_SIGNED_MSG_IDX 3
+static char *head_strings[] = {
+ "BEGIN PGP MESSAGE",
+ "BEGIN PGP PUBLIC KEY BLOCK",
+ "BEGIN PGP SIGNATURE",
+ "BEGIN PGP SIGNED MESSAGE",
+ "BEGIN PGP ARMORED FILE", /* gnupg extension */
+ "BEGIN PGP PRIVATE KEY BLOCK",
+ "BEGIN PGP SECRET KEY BLOCK", /* only used by pgp2 */
+ NULL
+};
+static char *tail_strings[] = {
+ "END PGP MESSAGE",
+ "END PGP PUBLIC KEY BLOCK",
+ "END PGP SIGNATURE",
+ "END dummy",
+ "END PGP ARMORED FILE",
+ "END PGP PRIVATE KEY BLOCK",
+ "END PGP SECRET KEY BLOCK",
+ NULL
+};
+
+
+static int armor_filter ( void *opaque, int control,
+ iobuf_t chain, byte *buf, size_t *ret_len);
+
+
+
+
+/* Create a new context for armor filters. */
+armor_filter_context_t *
+new_armor_context (void)
+{
+ armor_filter_context_t *afx;
+
+ afx = xcalloc (1, sizeof *afx);
+ afx->refcount = 1;
+
+ return afx;
+}
+
+/* Release an armor filter context. Passing NULL is explicitly
+ allowed and a no-op. */
+void
+release_armor_context (armor_filter_context_t *afx)
+{
+ if (!afx)
+ return;
+ assert (afx->refcount);
+ if ( --afx->refcount )
+ return;
+ xfree (afx);
+}
+
+/* Push the armor filter onto the iobuf stream IOBUF. */
+int
+push_armor_filter (armor_filter_context_t *afx, iobuf_t iobuf)
+{
+ int rc;
+
+ afx->refcount++;
+ rc = iobuf_push_filter (iobuf, armor_filter, afx);
+ if (rc)
+ afx->refcount--;
+ return rc;
+}
+
+
+
+
+
+static void
+initialize(void)
+{
+ int i, j;
+ u32 t;
+ byte *s;
+
+ /* init the crc lookup table */
+ crc_table[0] = 0;
+ for(i=j=0; j < 128; j++ ) {
+ t = crc_table[j];
+ if( t & 0x00800000 ) {
+ t <<= 1;
+ crc_table[i++] = t ^ CRCPOLY;
+ crc_table[i++] = t;
+ }
+ else {
+ t <<= 1;
+ crc_table[i++] = t;
+ crc_table[i++] = t ^ CRCPOLY;
+ }
+ }
+ /* build the helptable for radix64 to bin conversion */
+ for(i=0; i < 256; i++ )
+ asctobin[i] = 255; /* used to detect invalid characters */
+ for(s=bintoasc,i=0; *s; s++,i++ )
+ asctobin[*s] = i;
+
+ is_initialized=1;
+}
+
+/****************
+ * Check whether this is an armored file or not See also
+ * parse-packet.c for details on this code For unknown historic
+ * reasons we use a string here but only the first byte will be used.
+ * Returns: True if it seems to be armored
+ */
+static int
+is_armored( const byte *buf )
+{
+ int ctb, pkttype;
+
+ ctb = *buf;
+ if( !(ctb & 0x80) )
+ return 1; /* invalid packet: assume it is armored */
+ pkttype = ctb & 0x40 ? (ctb & 0x3f) : ((ctb>>2)&0xf);
+ switch( pkttype ) {
+ case PKT_MARKER:
+ case PKT_SYMKEY_ENC:
+ case PKT_ONEPASS_SIG:
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_KEY:
+ case PKT_PUBKEY_ENC:
+ case PKT_SIGNATURE:
+ case PKT_COMMENT:
+ case PKT_OLD_COMMENT:
+ case PKT_PLAINTEXT:
+ case PKT_COMPRESSED:
+ case PKT_ENCRYPTED:
+ return 0; /* seems to be a regular packet: not armored */
+ }
+
+ return 1;
+}
+
+
+/****************
+ * Try to check whether the iobuf is armored
+ * Returns true if this may be the case; the caller should use the
+ * filter to do further processing.
+ */
+int
+use_armor_filter( IOBUF a )
+{
+ byte buf[1];
+ int n;
+
+ /* fixme: there might be a problem with iobuf_peek */
+ n = iobuf_peek(a, buf, 1 );
+ if( n == -1 )
+ return 0; /* EOF, doesn't matter whether armored or not */
+ if( !n )
+ return 1; /* can't check it: try armored */
+ return is_armored(buf);
+}
+
+
+
+
+static void
+invalid_armor(void)
+{
+ write_status(STATUS_BADARMOR);
+ g10_exit(1); /* stop here */
+}
+
+
+/****************
+ * check whether the armor header is valid on a signed message.
+ * this is for security reasons: the header lines are not included in the
+ * hash and by using some creative formatting rules, Mallory could fake
+ * any text at the beginning of a document; assuming it is read with
+ * a simple viewer. We only allow the Hash Header.
+ */
+static int
+parse_hash_header( const char *line )
+{
+ const char *s, *s2;
+ unsigned found = 0;
+
+ if( strlen(line) < 6 || strlen(line) > 60 )
+ return 0; /* too short or too long */
+ if( memcmp( line, "Hash:", 5 ) )
+ return 0; /* invalid header */
+ s = line+5;
+ for(s=line+5;;s=s2) {
+ for(; *s && (*s==' ' || *s == '\t'); s++ )
+ ;
+ if( !*s )
+ break;
+ for(s2=s+1; *s2 && *s2!=' ' && *s2 != '\t' && *s2 != ','; s2++ )
+ ;
+ if( !strncmp( s, "RIPEMD160", s2-s ) )
+ found |= 1;
+ else if( !strncmp( s, "SHA1", s2-s ) )
+ found |= 2;
+ else if( !strncmp( s, "MD5", s2-s ) )
+ found |= 4;
+ else if( !strncmp( s, "SHA224", s2-s ) )
+ found |= 8;
+ else if( !strncmp( s, "SHA256", s2-s ) )
+ found |= 16;
+ else if( !strncmp( s, "SHA384", s2-s ) )
+ found |= 32;
+ else if( !strncmp( s, "SHA512", s2-s ) )
+ found |= 64;
+ else
+ return 0;
+ for(; *s2 && (*s2==' ' || *s2 == '\t'); s2++ )
+ ;
+ if( *s2 && *s2 != ',' )
+ return 0;
+ if( *s2 )
+ s2++;
+ }
+ return found;
+}
+
+/* Returns true if this is a valid armor tag as per RFC-2440bis-21. */
+static int
+is_armor_tag(const char *line)
+{
+ if(strncmp(line,"Version",7)==0
+ || strncmp(line,"Comment",7)==0
+ || strncmp(line,"MessageID",9)==0
+ || strncmp(line,"Hash",4)==0
+ || strncmp(line,"Charset",7)==0)
+ return 1;
+
+ return 0;
+}
+
+/****************
+ * Check whether this is a armor line.
+ * returns: -1 if it is not a armor header or the index number of the
+ * armor header.
+ */
+static int
+is_armor_header( byte *line, unsigned len )
+{
+ const char *s;
+ byte *save_p, *p;
+ int save_c;
+ int i;
+
+ if( len < 15 )
+ return -1; /* too short */
+ if( memcmp( line, "-----", 5 ) )
+ return -1; /* no */
+ p = strstr( line+5, "-----");
+ if( !p )
+ return -1;
+ save_p = p;
+ p += 5;
+
+ /* Some Windows environments seem to add whitespace to the end of
+ the line, so we strip it here. This becomes strict if
+ --rfc2440 is set since 2440 reads "The header lines, therefore,
+ MUST start at the beginning of a line, and MUST NOT have text
+ following them on the same line." It is unclear whether "text"
+ refers to all text or just non-whitespace text. 4880 clarified
+ this was only non-whitespace text. */
+
+ if(RFC2440)
+ {
+ if( *p == '\r' )
+ p++;
+ if( *p == '\n' )
+ p++;
+ }
+ else
+ while(*p==' ' || *p=='\r' || *p=='\n' || *p=='\t')
+ p++;
+
+ if( *p )
+ return -1; /* garbage after dashes */
+ save_c = *save_p; *save_p = 0;
+ p = line+5;
+ for(i=0; (s=head_strings[i]); i++ )
+ if( !strcmp(s, p) )
+ break;
+ *save_p = save_c;
+ if( !s )
+ return -1; /* unknown armor line */
+
+ if( opt.verbose > 1 )
+ log_info(_("armor: %s\n"), head_strings[i]);
+ return i;
+}
+
+
+
+/****************
+ * Parse a header lines
+ * Return 0: Empty line (end of header lines)
+ * -1: invalid header line
+ * >0: Good header line
+ */
+static int
+parse_header_line( armor_filter_context_t *afx, byte *line, unsigned int len )
+{
+ byte *p;
+ int hashes=0;
+ unsigned int len2;
+
+ len2 = length_sans_trailing_ws ( line, len );
+ if( !len2 ) {
+ afx->buffer_pos = len2; /* (it is not the fine way to do it here) */
+ return 0; /* WS only: same as empty line */
+ }
+
+ /*
+ This is fussy. The spec says that a header line is delimited
+ with a colon-space pair. This means that a line such as
+ "Comment: " (with nothing else) is actually legal as an empty
+ string comment. However, email and cut-and-paste being what it
+ is, that trailing space may go away. Therefore, we accept empty
+ headers delimited with only a colon. --rfc2440, as always,
+ makes this strict and enforces the colon-space pair. -dms
+ */
+
+ p = strchr( line, ':');
+ if( !p || (RFC2440 && p[1]!=' ')
+ || (!RFC2440 && p[1]!=' ' && p[1]!='\n' && p[1]!='\r'))
+ {
+ log_error(_("invalid armor header: "));
+ print_string( stderr, line, len, 0 );
+ putc('\n', stderr);
+ return -1;
+ }
+
+ /* Chop off the whitespace we detected before */
+ len=len2;
+ line[len2]='\0';
+
+ if( opt.verbose ) {
+ log_info(_("armor header: "));
+ print_string( stderr, line, len, 0 );
+ putc('\n', stderr);
+ }
+
+ if( afx->in_cleartext )
+ {
+ if( (hashes=parse_hash_header( line )) )
+ afx->hashes |= hashes;
+ else if( strlen(line) > 15 && !memcmp( line, "NotDashEscaped:", 15 ) )
+ afx->not_dash_escaped = 1;
+ else
+ {
+ log_error(_("invalid clearsig header\n"));
+ return -1;
+ }
+ }
+ else if(!is_armor_tag(line))
+ {
+ /* Section 6.2: "Unknown keys should be reported to the user,
+ but OpenPGP should continue to process the message." Note
+ that in a clearsigned message this applies to the signature
+ part (i.e. "BEGIN PGP SIGNATURE") and not the signed data
+ ("BEGIN PGP SIGNED MESSAGE"). The only key allowed in the
+ signed data section is "Hash". */
+
+ log_info(_("unknown armor header: "));
+ print_string( stderr, line, len, 0 );
+ putc('\n', stderr);
+ }
+
+ return 1;
+}
+
+
+
+/* figure out whether the data is armored or not */
+static int
+check_input( armor_filter_context_t *afx, IOBUF a )
+{
+ int rc = 0;
+ int i;
+ byte *line;
+ unsigned len;
+ unsigned maxlen;
+ int hdr_line = -1;
+
+ /* read the first line to see whether this is armored data */
+ maxlen = MAX_LINELEN;
+ len = afx->buffer_len = iobuf_read_line( a, &afx->buffer,
+ &afx->buffer_size, &maxlen );
+ line = afx->buffer;
+ if( !maxlen ) {
+ /* line has been truncated: assume not armored */
+ afx->inp_checked = 1;
+ afx->inp_bypass = 1;
+ return 0;
+ }
+
+ if( !len ) {
+ return -1; /* eof */
+ }
+
+ /* (the line is always a C string but maybe longer) */
+ if( *line == '\n' || ( len && (*line == '\r' && line[1]=='\n') ) )
+ ;
+ else if( !is_armored( line ) ) {
+ afx->inp_checked = 1;
+ afx->inp_bypass = 1;
+ return 0;
+ }
+
+ /* find the armor header */
+ while(len) {
+ i = is_armor_header( line, len );
+ if( i >= 0 && !(afx->only_keyblocks && i != 1 && i != 5 && i != 6 )) {
+ hdr_line = i;
+ if( hdr_line == BEGIN_SIGNED_MSG_IDX ) {
+ if( afx->in_cleartext ) {
+ log_error(_("nested clear text signatures\n"));
+ rc = gpg_error (GPG_ERR_INV_ARMOR);
+ }
+ afx->in_cleartext = 1;
+ }
+ break;
+ }
+ /* read the next line (skip all truncated lines) */
+ do {
+ maxlen = MAX_LINELEN;
+ afx->buffer_len = iobuf_read_line( a, &afx->buffer,
+ &afx->buffer_size, &maxlen );
+ line = afx->buffer;
+ len = afx->buffer_len;
+ } while( !maxlen );
+ }
+
+ /* Parse the header lines. */
+ while(len) {
+ /* Read the next line (skip all truncated lines). */
+ do {
+ maxlen = MAX_LINELEN;
+ afx->buffer_len = iobuf_read_line( a, &afx->buffer,
+ &afx->buffer_size, &maxlen );
+ line = afx->buffer;
+ len = afx->buffer_len;
+ } while( !maxlen );
+
+ i = parse_header_line( afx, line, len );
+ if( i <= 0 ) {
+ if (i && RFC2440)
+ rc = G10ERR_INVALID_ARMOR;
+ break;
+ }
+ }
+
+
+ if( rc )
+ invalid_armor();
+ else if( afx->in_cleartext )
+ afx->faked = 1;
+ else {
+ afx->inp_checked = 1;
+ afx->crc = CRCINIT;
+ afx->idx = 0;
+ afx->radbuf[0] = 0;
+ }
+
+ return rc;
+}
+
+#define PARTIAL_CHUNK 512
+#define PARTIAL_POW 9
+
+/****************
+ * Fake a literal data packet and wait for the next armor line
+ * fixme: empty line handling and null length clear text signature are
+ * not implemented/checked.
+ */
+static int
+fake_packet( armor_filter_context_t *afx, IOBUF a,
+ size_t *retn, byte *buf, size_t size )
+{
+ int rc = 0;
+ size_t len = 0;
+ int lastline = 0;
+ unsigned maxlen, n;
+ byte *p;
+ byte tempbuf[PARTIAL_CHUNK];
+ size_t tempbuf_len=0;
+
+ while( !rc && size-len>=(PARTIAL_CHUNK+1)) {
+ /* copy what we have in the line buffer */
+ if( afx->faked == 1 )
+ afx->faked++; /* skip the first (empty) line */
+ else
+ {
+ /* It's full, so write this partial chunk */
+ if(tempbuf_len==PARTIAL_CHUNK)
+ {
+ buf[len++]=0xE0+PARTIAL_POW;
+ memcpy(&buf[len],tempbuf,PARTIAL_CHUNK);
+ len+=PARTIAL_CHUNK;
+ tempbuf_len=0;
+ continue;
+ }
+
+ while( tempbuf_len < PARTIAL_CHUNK
+ && afx->buffer_pos < afx->buffer_len )
+ tempbuf[tempbuf_len++] = afx->buffer[afx->buffer_pos++];
+ if( tempbuf_len==PARTIAL_CHUNK )
+ continue;
+ }
+
+ /* read the next line */
+ maxlen = MAX_LINELEN;
+ afx->buffer_pos = 0;
+ afx->buffer_len = iobuf_read_line( a, &afx->buffer,
+ &afx->buffer_size, &maxlen );
+ if( !afx->buffer_len ) {
+ rc = -1; /* eof (should not happen) */
+ continue;
+ }
+ if( !maxlen )
+ afx->truncated++;
+
+ p = afx->buffer;
+ n = afx->buffer_len;
+
+ /* Armor header or dash-escaped line? */
+ if(p[0]=='-')
+ {
+ /* 2440bis-10: When reversing dash-escaping, an
+ implementation MUST strip the string "- " if it occurs
+ at the beginning of a line, and SHOULD warn on "-" and
+ any character other than a space at the beginning of a
+ line. */
+
+ if(p[1]==' ' && !afx->not_dash_escaped)
+ {
+ /* It's a dash-escaped line, so skip over the
+ escape. */
+ afx->buffer_pos = 2;
+ }
+ else if(p[1]=='-' && p[2]=='-' && p[3]=='-' && p[4]=='-')
+ {
+ /* Five dashes in a row mean it's probably armor
+ header. */
+ int type = is_armor_header( p, n );
+ if( afx->not_dash_escaped && type != BEGIN_SIGNATURE )
+ ; /* this is okay */
+ else
+ {
+ if( type != BEGIN_SIGNATURE )
+ {
+ log_info(_("unexpected armor: "));
+ print_string( stderr, p, n, 0 );
+ putc('\n', stderr);
+ }
+
+ lastline = 1;
+ rc = -1;
+ }
+ }
+ else if(!afx->not_dash_escaped)
+ {
+ /* Bad dash-escaping. */
+ log_info(_("invalid dash escaped line: "));
+ print_string( stderr, p, n, 0 );
+ putc('\n', stderr);
+ }
+ }
+
+ /* Now handle the end-of-line canonicalization */
+ if( !afx->not_dash_escaped )
+ {
+ int crlf = n > 1 && p[n-2] == '\r' && p[n-1]=='\n';
+
+ /* PGP2 does not treat a tab as white space character */
+ afx->buffer_len=
+ trim_trailing_chars( &p[afx->buffer_pos], n-afx->buffer_pos,
+ afx->pgp2mode ? " \r\n" : " \t\r\n");
+ afx->buffer_len+=afx->buffer_pos;
+ /* the buffer is always allocated with enough space to append
+ * the removed [CR], LF and a Nul
+ * The reason for this complicated procedure is to keep at least
+ * the original type of lineending - handling of the removed
+ * trailing spaces seems to be impossible in our method
+ * of faking a packet; either we have to use a temporary file
+ * or calculate the hash here in this module and somehow find
+ * a way to send the hash down the processing line (well, a special
+ * faked packet could do the job).
+ */
+ if( crlf )
+ afx->buffer[afx->buffer_len++] = '\r';
+ afx->buffer[afx->buffer_len++] = '\n';
+ afx->buffer[afx->buffer_len] = '\0';
+ }
+ }
+
+ if( lastline ) { /* write last (ending) length header */
+ if(tempbuf_len<192)
+ buf[len++]=tempbuf_len;
+ else
+ {
+ buf[len++]=((tempbuf_len-192)/256) + 192;
+ buf[len++]=(tempbuf_len-192) % 256;
+ }
+ memcpy(&buf[len],tempbuf,tempbuf_len);
+ len+=tempbuf_len;
+
+ rc = 0;
+ afx->faked = 0;
+ afx->in_cleartext = 0;
+ /* and now read the header lines */
+ afx->buffer_pos = 0;
+ for(;;) {
+ int i;
+
+ /* read the next line (skip all truncated lines) */
+ do {
+ maxlen = MAX_LINELEN;
+ afx->buffer_len = iobuf_read_line( a, &afx->buffer,
+ &afx->buffer_size, &maxlen );
+ } while( !maxlen );
+ p = afx->buffer;
+ n = afx->buffer_len;
+ if( !n ) {
+ rc = -1;
+ break; /* eof */
+ }
+ i = parse_header_line( afx, p , n );
+ if( i <= 0 ) {
+ if( i )
+ invalid_armor();
+ break;
+ }
+ }
+ afx->inp_checked = 1;
+ afx->crc = CRCINIT;
+ afx->idx = 0;
+ afx->radbuf[0] = 0;
+ }
+
+ *retn = len;
+ return rc;
+}
+
+
+static int
+invalid_crc(void)
+{
+ if ( opt.ignore_crc_error )
+ return 0;
+ log_inc_errorcount();
+ return gpg_error (GPG_ERR_INV_ARMOR);
+}
+
+
+static int
+radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
+ byte *buf, size_t size )
+{
+ byte val;
+ int c=0, c2; /*init c because gcc is not clever enough for the continue*/
+ int checkcrc=0;
+ int rc = 0;
+ size_t n = 0;
+ int idx, i, onlypad=0;
+ u32 crc;
+
+ crc = afx->crc;
+ idx = afx->idx;
+ val = afx->radbuf[0];
+ for( n=0; n < size; ) {
+
+ if( afx->buffer_pos < afx->buffer_len )
+ c = afx->buffer[afx->buffer_pos++];
+ else { /* read the next line */
+ unsigned maxlen = MAX_LINELEN;
+ afx->buffer_pos = 0;
+ afx->buffer_len = iobuf_read_line( a, &afx->buffer,
+ &afx->buffer_size, &maxlen );
+ if( !maxlen )
+ afx->truncated++;
+ if( !afx->buffer_len )
+ break; /* eof */
+ continue;
+ }
+
+ again:
+ if( c == '\n' || c == ' ' || c == '\r' || c == '\t' )
+ continue;
+ else if( c == '=' ) { /* pad character: stop */
+ /* some mailers leave quoted-printable encoded characters
+ * so we try to workaround this */
+ if( afx->buffer_pos+2 < afx->buffer_len ) {
+ int cc1, cc2, cc3;
+ cc1 = afx->buffer[afx->buffer_pos];
+ cc2 = afx->buffer[afx->buffer_pos+1];
+ cc3 = afx->buffer[afx->buffer_pos+2];
+ if( isxdigit(cc1) && isxdigit(cc2)
+ && strchr( "=\n\r\t ", cc3 )) {
+ /* well it seems to be the case - adjust */
+ c = isdigit(cc1)? (cc1 - '0'): (ascii_toupper(cc1)-'A'+10);
+ c <<= 4;
+ c |= isdigit(cc2)? (cc2 - '0'): (ascii_toupper(cc2)-'A'+10);
+ afx->buffer_pos += 2;
+ afx->qp_detected = 1;
+ goto again;
+ }
+ }
+
+ if (!n)
+ onlypad = 1;
+
+ if( idx == 1 )
+ buf[n++] = val;
+ checkcrc++;
+ break;
+ }
+ else if( (c = asctobin[(c2=c)]) == 255 ) {
+ log_error(_("invalid radix64 character %02X skipped\n"), c2);
+ continue;
+ }
+ switch(idx) {
+ case 0: val = c << 2; break;
+ case 1: val |= (c>>4)&3; buf[n++]=val;val=(c<<4)&0xf0;break;
+ case 2: val |= (c>>2)&15; buf[n++]=val;val=(c<<6)&0xc0;break;
+ case 3: val |= c&0x3f; buf[n++] = val; break;
+ }
+ idx = (idx+1) % 4;
+ }
+
+ for(i=0; i < n; i++ )
+ crc = (crc << 8) ^ crc_table[((crc >> 16)&0xff) ^ buf[i]];
+ crc &= 0x00ffffff;
+ afx->crc = crc;
+ afx->idx = idx;
+ afx->radbuf[0] = val;
+
+ if( checkcrc ) {
+ afx->any_data = 1;
+ afx->inp_checked=0;
+ afx->faked = 0;
+ for(;;) { /* skip lf and pad characters */
+ if( afx->buffer_pos < afx->buffer_len )
+ c = afx->buffer[afx->buffer_pos++];
+ else { /* read the next line */
+ unsigned maxlen = MAX_LINELEN;
+ afx->buffer_pos = 0;
+ afx->buffer_len = iobuf_read_line( a, &afx->buffer,
+ &afx->buffer_size, &maxlen );
+ if( !maxlen )
+ afx->truncated++;
+ if( !afx->buffer_len )
+ break; /* eof */
+ continue;
+ }
+ if( c == '\n' || c == ' ' || c == '\r'
+ || c == '\t' || c == '=' )
+ continue;
+ break;
+ }
+ if( c == -1 )
+ log_error(_("premature eof (no CRC)\n"));
+ else {
+ u32 mycrc = 0;
+ idx = 0;
+ do {
+ if( (c = asctobin[c]) == 255 )
+ break;
+ switch(idx) {
+ case 0: val = c << 2; break;
+ case 1: val |= (c>>4)&3; mycrc |= val << 16;val=(c<<4)&0xf0;break;
+ case 2: val |= (c>>2)&15; mycrc |= val << 8;val=(c<<6)&0xc0;break;
+ case 3: val |= c&0x3f; mycrc |= val; break;
+ }
+ for(;;) {
+ if( afx->buffer_pos < afx->buffer_len )
+ c = afx->buffer[afx->buffer_pos++];
+ else { /* read the next line */
+ unsigned maxlen = MAX_LINELEN;
+ afx->buffer_pos = 0;
+ afx->buffer_len = iobuf_read_line( a, &afx->buffer,
+ &afx->buffer_size,
+ &maxlen );
+ if( !maxlen )
+ afx->truncated++;
+ if( !afx->buffer_len )
+ break; /* eof */
+ continue;
+ }
+ break;
+ }
+ if( !afx->buffer_len )
+ break; /* eof */
+ } while( ++idx < 4 );
+ if( c == -1 ) {
+ log_info(_("premature eof (in CRC)\n"));
+ rc = invalid_crc();
+ }
+ else if( idx == 0 ) {
+ /* No CRC at all is legal ("MAY") */
+ rc=0;
+ }
+ else if( idx != 4 ) {
+ log_info(_("malformed CRC\n"));
+ rc = invalid_crc();
+ }
+ else if( mycrc != afx->crc ) {
+ log_info (_("CRC error; %06lX - %06lX\n"),
+ (ulong)afx->crc, (ulong)mycrc);
+ rc = invalid_crc();
+ }
+ else {
+ rc = 0;
+ /* FIXME: Here we should emit another control packet,
+ * so that we know in mainproc that we are processing
+ * a clearsign message */
+#if 0
+ for(rc=0;!rc;) {
+ rc = 0 /*check_trailer( &fhdr, c )*/;
+ if( !rc ) {
+ if( (c=iobuf_get(a)) == -1 )
+ rc = 2;
+ }
+ }
+ if( rc == -1 )
+ rc = 0;
+ else if( rc == 2 ) {
+ log_error(_("premature eof (in trailer)\n"));
+ rc = G10ERR_INVALID_ARMOR;
+ }
+ else {
+ log_error(_("error in trailer line\n"));
+ rc = G10ERR_INVALID_ARMOR;
+ }
+#endif
+ }
+ }
+ }
+
+ if( !n && !onlypad )
+ rc = -1;
+
+ *retn = n;
+ return rc;
+}
+
+/****************
+ * This filter is used to handle the armor stuff
+ */
+static int
+armor_filter( void *opaque, int control,
+ IOBUF a, byte *buf, size_t *ret_len)
+{
+ size_t size = *ret_len;
+ armor_filter_context_t *afx = opaque;
+ int rc=0, i, c;
+ byte radbuf[3];
+ int idx, idx2;
+ size_t n=0;
+ u32 crc;
+#if 0
+ static FILE *fp ;
+
+ if( !fp ) {
+ fp = fopen("armor.out", "w");
+ assert(fp);
+ }
+#endif
+
+ if( DBG_FILTER )
+ log_debug("armor-filter: control: %d\n", control );
+ if( control == IOBUFCTRL_UNDERFLOW && afx->inp_bypass ) {
+ n = 0;
+ if( afx->buffer_len ) {
+ for(; n < size && afx->buffer_pos < afx->buffer_len; n++ )
+ buf[n++] = afx->buffer[afx->buffer_pos++];
+ if( afx->buffer_pos >= afx->buffer_len )
+ afx->buffer_len = 0;
+ }
+ for(; n < size; n++ ) {
+ if( (c=iobuf_get(a)) == -1 )
+ break;
+ buf[n] = c & 0xff;
+ }
+ if( !n )
+ rc = -1;
+ *ret_len = n;
+ }
+ else if( control == IOBUFCTRL_UNDERFLOW ) {
+ /* We need some space for the faked packet. The minmum
+ * required size is the PARTIAL_CHUNK size plus a byte for the
+ * length itself */
+ if( size < PARTIAL_CHUNK+1 )
+ BUG(); /* supplied buffer too short */
+
+ if( afx->faked )
+ rc = fake_packet( afx, a, &n, buf, size );
+ else if( !afx->inp_checked ) {
+ rc = check_input( afx, a );
+ if( afx->inp_bypass ) {
+ for(n=0; n < size && afx->buffer_pos < afx->buffer_len; )
+ buf[n++] = afx->buffer[afx->buffer_pos++];
+ if( afx->buffer_pos >= afx->buffer_len )
+ afx->buffer_len = 0;
+ if( !n )
+ rc = -1;
+ }
+ else if( afx->faked ) {
+ unsigned int hashes = afx->hashes;
+ const byte *sesmark;
+ size_t sesmarklen;
+
+ sesmark = get_session_marker( &sesmarklen );
+ if ( sesmarklen > 20 )
+ BUG();
+
+ /* the buffer is at least 15+n*15 bytes long, so it
+ * is easy to construct the packets */
+
+ hashes &= 1|2|4|8|16|32|64;
+ if( !hashes ) {
+ hashes |= 4; /* default to MD 5 */
+ /* This is non-ideal since PGP 5-8 have the same
+ end-of-line bugs as PGP 2. However, we only
+ enable pgp2mode if there is no Hash: header. */
+ if( opt.pgp2_workarounds )
+ afx->pgp2mode = 1;
+ }
+ n=0;
+ /* First a gpg control packet... */
+ buf[n++] = 0xff; /* new format, type 63, 1 length byte */
+ n++; /* see below */
+ memcpy(buf+n, sesmark, sesmarklen ); n+= sesmarklen;
+ buf[n++] = CTRLPKT_CLEARSIGN_START;
+ buf[n++] = afx->not_dash_escaped? 0:1; /* sigclass */
+ if( hashes & 1 )
+ buf[n++] = DIGEST_ALGO_RMD160;
+ if( hashes & 2 )
+ buf[n++] = DIGEST_ALGO_SHA1;
+ if( hashes & 4 )
+ buf[n++] = DIGEST_ALGO_MD5;
+ if( hashes & 8 )
+ buf[n++] = DIGEST_ALGO_SHA224;
+ if( hashes & 16 )
+ buf[n++] = DIGEST_ALGO_SHA256;
+ if( hashes & 32 )
+ buf[n++] = DIGEST_ALGO_SHA384;
+ if( hashes & 64 )
+ buf[n++] = DIGEST_ALGO_SHA512;
+ buf[1] = n - 2;
+
+ /* ...followed by an invented plaintext packet.
+ Amusingly enough, this packet is not compliant with
+ 2440 as the initial partial length is less than 512
+ bytes. Of course, we'll accept it anyway ;) */
+
+ buf[n++] = 0xCB; /* new packet format, type 11 */
+ buf[n++] = 0xE1; /* 2^1 == 2 bytes */
+ buf[n++] = 't'; /* canonical text mode */
+ buf[n++] = 0; /* namelength */
+ buf[n++] = 0xE2; /* 2^2 == 4 more bytes */
+ memset(buf+n, 0, 4); /* timestamp */
+ n += 4;
+ }
+ else if( !rc )
+ rc = radix64_read( afx, a, &n, buf, size );
+ }
+ else
+ rc = radix64_read( afx, a, &n, buf, size );
+#if 0
+ if( n )
+ if( fwrite(buf, n, 1, fp ) != 1 )
+ BUG();
+#endif
+ *ret_len = n;
+ }
+ else if( control == IOBUFCTRL_FLUSH && !afx->cancel ) {
+ if( !afx->status ) { /* write the header line */
+ const char *s;
+ strlist_t comment=opt.comments;
+
+ if( afx->what >= DIM(head_strings) )
+ log_bug("afx->what=%d", afx->what);
+ iobuf_writestr(a, "-----");
+ iobuf_writestr(a, head_strings[afx->what] );
+ iobuf_writestr(a, "-----" );
+ iobuf_writestr(a,afx->eol);
+ if( !opt.no_version )
+ {
+ iobuf_writestr(a, "Version: GnuPG v" VERSION " ("
+ PRINTABLE_OS_NAME ")" );
+ iobuf_writestr(a,afx->eol);
+ }
+
+ /* write the comment strings */
+ for(s=comment->d;comment;comment=comment->next,s=comment->d)
+ {
+ iobuf_writestr(a, "Comment: " );
+ for( ; *s; s++ )
+ {
+ if( *s == '\n' )
+ iobuf_writestr(a, "\\n" );
+ else if( *s == '\r' )
+ iobuf_writestr(a, "\\r" );
+ else if( *s == '\v' )
+ iobuf_writestr(a, "\\v" );
+ else
+ iobuf_put(a, *s );
+ }
+
+ iobuf_writestr(a,afx->eol);
+ }
+
+ if ( afx->hdrlines ) {
+ for ( s = afx->hdrlines; *s; s++ ) {
+#ifdef HAVE_DOSISH_SYSTEM
+ if ( *s == '\n' )
+ iobuf_put( a, '\r');
+#endif
+ iobuf_put(a, *s );
+ }
+ }
+
+ iobuf_writestr(a,afx->eol);
+ afx->status++;
+ afx->idx = 0;
+ afx->idx2 = 0;
+ afx->crc = CRCINIT;
+
+ }
+ crc = afx->crc;
+ idx = afx->idx;
+ idx2 = afx->idx2;
+ for(i=0; i < idx; i++ )
+ radbuf[i] = afx->radbuf[i];
+
+ for(i=0; i < size; i++ )
+ crc = (crc << 8) ^ crc_table[((crc >> 16)&0xff) ^ buf[i]];
+ crc &= 0x00ffffff;
+
+ for( ; size; buf++, size-- ) {
+ radbuf[idx++] = *buf;
+ if( idx > 2 ) {
+ idx = 0;
+ c = bintoasc[(*radbuf >> 2) & 077];
+ iobuf_put(a, c);
+ c = bintoasc[(((*radbuf<<4)&060)|((radbuf[1] >> 4)&017))&077];
+ iobuf_put(a, c);
+ c = bintoasc[(((radbuf[1]<<2)&074)|((radbuf[2]>>6)&03))&077];
+ iobuf_put(a, c);
+ c = bintoasc[radbuf[2]&077];
+ iobuf_put(a, c);
+ if( ++idx2 >= (64/4) )
+ { /* pgp doesn't like 72 here */
+ iobuf_writestr(a,afx->eol);
+ idx2=0;
+ }
+ }
+ }
+ for(i=0; i < idx; i++ )
+ afx->radbuf[i] = radbuf[i];
+ afx->idx = idx;
+ afx->idx2 = idx2;
+ afx->crc = crc;
+ }
+ else if( control == IOBUFCTRL_INIT )
+ {
+ if( !is_initialized )
+ initialize();
+
+ /* Figure out what we're using for line endings if the caller
+ didn't specify. */
+ if(afx->eol[0]==0)
+ {
+#ifdef HAVE_DOSISH_SYSTEM
+ afx->eol[0]='\r';
+ afx->eol[1]='\n';
+#else
+ afx->eol[0]='\n';
+#endif
+ }
+ }
+ else if( control == IOBUFCTRL_CANCEL ) {
+ afx->cancel = 1;
+ }
+ else if( control == IOBUFCTRL_FREE ) {
+ if( afx->cancel )
+ ;
+ else if( afx->status ) { /* pad, write cecksum, and bottom line */
+ crc = afx->crc;
+ idx = afx->idx;
+ idx2 = afx->idx2;
+ for(i=0; i < idx; i++ )
+ radbuf[i] = afx->radbuf[i];
+ if( idx ) {
+ c = bintoasc[(*radbuf>>2)&077];
+ iobuf_put(a, c);
+ if( idx == 1 ) {
+ c = bintoasc[((*radbuf << 4) & 060) & 077];
+ iobuf_put(a, c);
+ iobuf_put(a, '=');
+ iobuf_put(a, '=');
+ }
+ else { /* 2 */
+ c = bintoasc[(((*radbuf<<4)&060)|((radbuf[1]>>4)&017))&077];
+ iobuf_put(a, c);
+ c = bintoasc[((radbuf[1] << 2) & 074) & 077];
+ iobuf_put(a, c);
+ iobuf_put(a, '=');
+ }
+ if( ++idx2 >= (64/4) )
+ { /* pgp doesn't like 72 here */
+ iobuf_writestr(a,afx->eol);
+ idx2=0;
+ }
+ }
+ /* may need a linefeed */
+ if( idx2 )
+ iobuf_writestr(a,afx->eol);
+ /* write the CRC */
+ iobuf_put(a, '=');
+ radbuf[0] = crc >>16;
+ radbuf[1] = crc >> 8;
+ radbuf[2] = crc;
+ c = bintoasc[(*radbuf >> 2) & 077];
+ iobuf_put(a, c);
+ c = bintoasc[(((*radbuf<<4)&060)|((radbuf[1] >> 4)&017))&077];
+ iobuf_put(a, c);
+ c = bintoasc[(((radbuf[1]<<2)&074)|((radbuf[2]>>6)&03))&077];
+ iobuf_put(a, c);
+ c = bintoasc[radbuf[2]&077];
+ iobuf_put(a, c);
+ iobuf_writestr(a,afx->eol);
+ /* and the the trailer */
+ if( afx->what >= DIM(tail_strings) )
+ log_bug("afx->what=%d", afx->what);
+ iobuf_writestr(a, "-----");
+ iobuf_writestr(a, tail_strings[afx->what] );
+ iobuf_writestr(a, "-----" );
+ iobuf_writestr(a,afx->eol);
+ }
+ else if( !afx->any_data && !afx->inp_bypass ) {
+ log_error(_("no valid OpenPGP data found.\n"));
+ afx->no_openpgp_data = 1;
+ write_status_text( STATUS_NODATA, "1" );
+ }
+ if( afx->truncated )
+ log_info(_("invalid armor: line longer than %d characters\n"),
+ MAX_LINELEN );
+ /* issue an error to enforce dissemination of correct software */
+ if( afx->qp_detected )
+ log_error(_("quoted printable character in armor - "
+ "probably a buggy MTA has been used\n") );
+ xfree( afx->buffer );
+ afx->buffer = NULL;
+ release_armor_context (afx);
+ }
+ else if( control == IOBUFCTRL_DESC )
+ *(char**)buf = "armor_filter";
+ return rc;
+}
+
+
+/****************
+ * create a radix64 encoded string.
+ */
+char *
+make_radix64_string( const byte *data, size_t len )
+{
+ char *buffer, *p;
+
+ buffer = p = xmalloc( (len+2)/3*4 + 1 );
+ for( ; len >= 3 ; len -= 3, data += 3 ) {
+ *p++ = bintoasc[(data[0] >> 2) & 077];
+ *p++ = bintoasc[(((data[0] <<4)&060)|((data[1] >> 4)&017))&077];
+ *p++ = bintoasc[(((data[1]<<2)&074)|((data[2]>>6)&03))&077];
+ *p++ = bintoasc[data[2]&077];
+ }
+ if( len == 2 ) {
+ *p++ = bintoasc[(data[0] >> 2) & 077];
+ *p++ = bintoasc[(((data[0] <<4)&060)|((data[1] >> 4)&017))&077];
+ *p++ = bintoasc[((data[1]<<2)&074)];
+ }
+ else if( len == 1 ) {
+ *p++ = bintoasc[(data[0] >> 2) & 077];
+ *p++ = bintoasc[(data[0] <<4)&060];
+ }
+ *p = 0;
+ return buffer;
+}
+
+
+/***********************************************
+ * For the pipemode command we can't use the armor filter for various
+ * reasons, so we use this new unarmor_pump stuff to remove the armor
+ */
+
+enum unarmor_state_e {
+ STA_init = 0,
+ STA_bypass,
+ STA_wait_newline,
+ STA_wait_dash,
+ STA_first_dash,
+ STA_compare_header,
+ STA_found_header_wait_newline,
+ STA_skip_header_lines,
+ STA_skip_header_lines_non_ws,
+ STA_read_data,
+ STA_wait_crc,
+ STA_read_crc,
+ STA_ready
+};
+
+struct unarmor_pump_s {
+ enum unarmor_state_e state;
+ byte val;
+ int checkcrc;
+ int pos; /* counts from 0..3 */
+ u32 crc;
+ u32 mycrc; /* the one store in the data */
+};
+
+
+
+UnarmorPump
+unarmor_pump_new (void)
+{
+ UnarmorPump x;
+
+ if( !is_initialized )
+ initialize();
+ x = xmalloc_clear (sizeof *x);
+ return x;
+}
+
+void
+unarmor_pump_release (UnarmorPump x)
+{
+ xfree (x);
+}
+
+/*
+ * Get the next character from the ascii armor taken from the IOBUF
+ * created earlier by unarmor_pump_new().
+ * Return: c = Character
+ * 256 = ignore this value
+ * -1 = End of current armor
+ * -2 = Premature EOF (not used)
+ * -3 = Invalid armor
+ */
+int
+unarmor_pump (UnarmorPump x, int c)
+{
+ int rval = 256; /* default is to ignore the return value */
+
+ switch (x->state) {
+ case STA_init:
+ {
+ byte tmp[1];
+ tmp[0] = c;
+ if ( is_armored (tmp) )
+ x->state = c == '-'? STA_first_dash : STA_wait_newline;
+ else {
+ x->state = STA_bypass;
+ return c;
+ }
+ }
+ break;
+ case STA_bypass:
+ return c; /* return here to avoid crc calculation */
+ case STA_wait_newline:
+ if (c == '\n')
+ x->state = STA_wait_dash;
+ break;
+ case STA_wait_dash:
+ x->state = c == '-'? STA_first_dash : STA_wait_newline;
+ break;
+ case STA_first_dash: /* just need for initalization */
+ x->pos = 0;
+ x->state = STA_compare_header;
+ case STA_compare_header:
+ if ( "-----BEGIN PGP SIGNATURE-----"[++x->pos] == c ) {
+ if ( x->pos == 28 )
+ x->state = STA_found_header_wait_newline;
+ }
+ else
+ x->state = c == '\n'? STA_wait_dash : STA_wait_newline;
+ break;
+ case STA_found_header_wait_newline:
+ /* to make CR,LF issues easier we simply allow for white space
+ behind the 5 dashes */
+ if ( c == '\n' )
+ x->state = STA_skip_header_lines;
+ else if ( c != '\r' && c != ' ' && c != '\t' )
+ x->state = STA_wait_dash; /* garbage after the header line */
+ break;
+ case STA_skip_header_lines:
+ /* i.e. wait for one empty line */
+ if ( c == '\n' ) {
+ x->state = STA_read_data;
+ x->crc = CRCINIT;
+ x->val = 0;
+ x->pos = 0;
+ }
+ else if ( c != '\r' && c != ' ' && c != '\t' )
+ x->state = STA_skip_header_lines_non_ws;
+ break;
+ case STA_skip_header_lines_non_ws:
+ /* like above but we already encountered non white space */
+ if ( c == '\n' )
+ x->state = STA_skip_header_lines;
+ break;
+ case STA_read_data:
+ /* fixme: we don't check for the trailing dash lines but rely
+ * on the armor stop characters */
+ if( c == '\n' || c == ' ' || c == '\r' || c == '\t' )
+ break; /* skip all kind of white space */
+
+ if( c == '=' ) { /* pad character: stop */
+ if( x->pos == 1 ) /* in this case val has some value */
+ rval = x->val;
+ x->state = STA_wait_crc;
+ break;
+ }
+
+ {
+ int c2;
+ if( (c = asctobin[(c2=c)]) == 255 ) {
+ log_error(_("invalid radix64 character %02X skipped\n"), c2);
+ break;
+ }
+ }
+
+ switch(x->pos) {
+ case 0:
+ x->val = c << 2;
+ break;
+ case 1:
+ x->val |= (c>>4)&3;
+ rval = x->val;
+ x->val = (c<<4)&0xf0;
+ break;
+ case 2:
+ x->val |= (c>>2)&15;
+ rval = x->val;
+ x->val = (c<<6)&0xc0;
+ break;
+ case 3:
+ x->val |= c&0x3f;
+ rval = x->val;
+ break;
+ }
+ x->pos = (x->pos+1) % 4;
+ break;
+ case STA_wait_crc:
+ if( c == '\n' || c == ' ' || c == '\r' || c == '\t' || c == '=' )
+ break; /* skip ws and pad characters */
+ /* assume that we are at the next line */
+ x->state = STA_read_crc;
+ x->pos = 0;
+ x->mycrc = 0;
+ case STA_read_crc:
+ if( (c = asctobin[c]) == 255 ) {
+ rval = -1; /* ready */
+ if( x->crc != x->mycrc ) {
+ log_info (_("CRC error; %06lX - %06lX\n"),
+ (ulong)x->crc, (ulong)x->mycrc);
+ if ( invalid_crc() )
+ rval = -3;
+ }
+ x->state = STA_ready; /* not sure whether this is correct */
+ break;
+ }
+
+ switch(x->pos) {
+ case 0:
+ x->val = c << 2;
+ break;
+ case 1:
+ x->val |= (c>>4)&3;
+ x->mycrc |= x->val << 16;
+ x->val = (c<<4)&0xf0;
+ break;
+ case 2:
+ x->val |= (c>>2)&15;
+ x->mycrc |= x->val << 8;
+ x->val = (c<<6)&0xc0;
+ break;
+ case 3:
+ x->val |= c&0x3f;
+ x->mycrc |= x->val;
+ break;
+ }
+ x->pos = (x->pos+1) % 4;
+ break;
+ case STA_ready:
+ rval = -1;
+ break;
+ }
+
+ if ( !(rval & ~255) ) { /* compute the CRC */
+ x->crc = (x->crc << 8) ^ crc_table[((x->crc >> 16)&0xff) ^ rval];
+ x->crc &= 0x00ffffff;
+ }
+
+ return rval;
+}
diff --git a/g10/build-packet.c b/g10/build-packet.c
new file mode 100644
index 0000000..2e6dfc0
--- /dev/null
+++ b/g10/build-packet.c
@@ -0,0 +1,1362 @@
+/* build-packet.c - assemble packets and write them
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+ * 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <ctype.h>
+
+#include "gpg.h"
+#include "packet.h"
+#include "status.h"
+#include "iobuf.h"
+#include "util.h"
+#include "cipher.h"
+#include "i18n.h"
+#include "options.h"
+
+static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid );
+static int do_public_key( IOBUF out, int ctb, PKT_public_key *pk );
+static int do_secret_key( IOBUF out, int ctb, PKT_secret_key *pk );
+static int do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc );
+static int do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc );
+static u32 calc_plaintext( PKT_plaintext *pt );
+static int do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt );
+static int do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed );
+static int do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed );
+static int do_compressed( IOBUF out, int ctb, PKT_compressed *cd );
+static int do_signature( IOBUF out, int ctb, PKT_signature *sig );
+static int do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops );
+
+static int calc_header_length( u32 len, int new_ctb );
+static int write_16(IOBUF inp, u16 a);
+static int write_32(IOBUF inp, u32 a);
+static int write_header( IOBUF out, int ctb, u32 len );
+static int write_sign_packet_header( IOBUF out, int ctb, u32 len );
+static int write_header2( IOBUF out, int ctb, u32 len, int hdrlen );
+static int write_new_header( IOBUF out, int ctb, u32 len, int hdrlen );
+static int write_version( IOBUF out, int ctb );
+
+/****************
+ * Build a packet and write it to INP
+ * Returns: 0 := okay
+ * >0 := error
+ * Note: Caller must free the packet
+ */
+int
+build_packet( IOBUF out, PACKET *pkt )
+{
+ int new_ctb=0, rc=0, ctb;
+ int pkttype;
+
+ if( DBG_PACKET )
+ log_debug("build_packet() type=%d\n", pkt->pkttype );
+ assert( pkt->pkt.generic );
+
+ switch( (pkttype = pkt->pkttype) )
+ {
+ case PKT_PLAINTEXT: new_ctb = pkt->pkt.plaintext->new_ctb; break;
+ case PKT_ENCRYPTED:
+ case PKT_ENCRYPTED_MDC: new_ctb = pkt->pkt.encrypted->new_ctb; break;
+ case PKT_COMPRESSED:new_ctb = pkt->pkt.compressed->new_ctb; break;
+ case PKT_USER_ID:
+ if( pkt->pkt.user_id->attrib_data )
+ pkttype = PKT_ATTRIBUTE;
+ break;
+ default: break;
+ }
+
+ if( new_ctb || pkttype > 15 ) /* new format */
+ ctb = 0xc0 | (pkttype & 0x3f);
+ else
+ ctb = 0x80 | ((pkttype & 15)<<2);
+ switch( pkttype )
+ {
+ case PKT_ATTRIBUTE:
+ case PKT_USER_ID:
+ rc = do_user_id( out, ctb, pkt->pkt.user_id );
+ break;
+ case PKT_OLD_COMMENT:
+ case PKT_COMMENT:
+ /*
+ Ignore these. Theoretically, this will never be called as
+ we have no way to output comment packets any longer, but
+ just in case there is some code path that would end up
+ outputting a comment that was written before comments were
+ dropped (in the public key?) this is a no-op.
+ */
+ break;
+ case PKT_PUBLIC_SUBKEY:
+ case PKT_PUBLIC_KEY:
+ rc = do_public_key( out, ctb, pkt->pkt.public_key );
+ break;
+ case PKT_SECRET_SUBKEY:
+ case PKT_SECRET_KEY:
+ rc = do_secret_key( out, ctb, pkt->pkt.secret_key );
+ break;
+ case PKT_SYMKEY_ENC:
+ rc = do_symkey_enc( out, ctb, pkt->pkt.symkey_enc );
+ break;
+ case PKT_PUBKEY_ENC:
+ rc = do_pubkey_enc( out, ctb, pkt->pkt.pubkey_enc );
+ break;
+ case PKT_PLAINTEXT:
+ rc = do_plaintext( out, ctb, pkt->pkt.plaintext );
+ break;
+ case PKT_ENCRYPTED:
+ rc = do_encrypted( out, ctb, pkt->pkt.encrypted );
+ break;
+ case PKT_ENCRYPTED_MDC:
+ rc = do_encrypted_mdc( out, ctb, pkt->pkt.encrypted );
+ break;
+ case PKT_COMPRESSED:
+ rc = do_compressed( out, ctb, pkt->pkt.compressed );
+ break;
+ case PKT_SIGNATURE:
+ rc = do_signature( out, ctb, pkt->pkt.signature );
+ break;
+ case PKT_ONEPASS_SIG:
+ rc = do_onepass_sig( out, ctb, pkt->pkt.onepass_sig );
+ break;
+ case PKT_RING_TRUST:
+ break; /* ignore it (keyring.c does write it directly)*/
+ case PKT_MDC: /* we write it directly, so we should never see it here. */
+ default:
+ log_bug("invalid packet type in build_packet()\n");
+ break;
+ }
+
+ return rc;
+}
+
+
+/*
+ * Write the mpi A to OUT.
+ */
+static int
+mpi_write (iobuf_t out, gcry_mpi_t a)
+{
+ char buffer[(MAX_EXTERN_MPI_BITS+7)/8+2]; /* 2 is for the mpi length. */
+ size_t nbytes;
+ int rc;
+
+ nbytes = DIM(buffer);
+ rc = gcry_mpi_print (GCRYMPI_FMT_PGP, buffer, nbytes, &nbytes, a );
+ if( !rc )
+ rc = iobuf_write( out, buffer, nbytes );
+ else if (gpg_err_code(rc) == GPG_ERR_TOO_SHORT )
+ {
+ log_info ("mpi too large (%u bits)\n", gcry_mpi_get_nbits (a));
+ /* The buffer was too small. We better tell the user about the MPI. */
+ rc = gpg_error (GPG_ERR_TOO_LARGE);
+ }
+
+ return rc;
+}
+
+
+
+/****************
+ * calculate the length of a packet described by PKT
+ */
+u32
+calc_packet_length( PACKET *pkt )
+{
+ u32 n=0;
+ int new_ctb = 0;
+
+ assert( pkt->pkt.generic );
+ switch( pkt->pkttype ) {
+ case PKT_PLAINTEXT:
+ n = calc_plaintext( pkt->pkt.plaintext );
+ new_ctb = pkt->pkt.plaintext->new_ctb;
+ break;
+ case PKT_ATTRIBUTE:
+ case PKT_USER_ID:
+ case PKT_COMMENT:
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_KEY:
+ case PKT_SYMKEY_ENC:
+ case PKT_PUBKEY_ENC:
+ case PKT_ENCRYPTED:
+ case PKT_SIGNATURE:
+ case PKT_ONEPASS_SIG:
+ case PKT_RING_TRUST:
+ case PKT_COMPRESSED:
+ default:
+ log_bug("invalid packet type in calc_packet_length()");
+ break;
+ }
+
+ n += calc_header_length(n, new_ctb);
+ return n;
+}
+
+static void
+write_fake_data (IOBUF out, gcry_mpi_t a)
+{
+ if (a)
+ {
+ unsigned int n;
+ void *p;
+
+ p = gcry_mpi_get_opaque ( a, &n );
+ iobuf_write (out, p, (n+7)/8 );
+ }
+}
+
+static int
+do_user_id( IOBUF out, int ctb, PKT_user_id *uid )
+{
+ int rc;
+
+ if( uid->attrib_data )
+ {
+ write_header(out, ctb, uid->attrib_len);
+ rc = iobuf_write( out, uid->attrib_data, uid->attrib_len );
+ }
+ else
+ {
+ write_header2( out, ctb, uid->len, 2 );
+ rc = iobuf_write( out, uid->name, uid->len );
+ }
+ return rc;
+}
+
+static int
+do_public_key( IOBUF out, int ctb, PKT_public_key *pk )
+{
+ int rc = 0;
+ int n, i;
+ IOBUF a = iobuf_temp();
+
+ if ( !pk->version )
+ iobuf_put( a, 3 );
+ else
+ iobuf_put( a, pk->version );
+ write_32(a, pk->timestamp );
+ if ( pk->version < 4 )
+ {
+ u16 ndays;
+ if ( pk->expiredate )
+ ndays = (u16)((pk->expiredate - pk->timestamp) / 86400L);
+ else
+ ndays = 0;
+ write_16(a, ndays );
+ }
+ iobuf_put (a, pk->pubkey_algo );
+ n = pubkey_get_npkey ( pk->pubkey_algo );
+ if ( !n )
+ write_fake_data( a, pk->pkey[0] );
+ for (i=0; i < n && !rc ; i++ )
+ rc = mpi_write(a, pk->pkey[i] );
+
+ if (!rc)
+ {
+ write_header2 (out, ctb, iobuf_get_temp_length(a), pk->hdrbytes);
+ rc = iobuf_write_temp ( out, a );
+ }
+
+ iobuf_close(a);
+ return rc;
+}
+
+
+static int
+do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
+{
+ int rc = 0;
+ int i, nskey, npkey;
+ IOBUF a = iobuf_temp(); /* Build in a self-enlarging buffer. */
+
+ /* Write the version number - if none is specified, use 3 */
+ if ( !sk->version )
+ iobuf_put ( a, 3 );
+ else
+ iobuf_put ( a, sk->version );
+ write_32 (a, sk->timestamp );
+
+ /* v3 needs the expiration time. */
+ if ( sk->version < 4 )
+ {
+ u16 ndays;
+ if ( sk->expiredate )
+ ndays = (u16)((sk->expiredate - sk->timestamp) / 86400L);
+ else
+ ndays = 0;
+ write_16(a, ndays);
+ }
+
+ iobuf_put (a, sk->pubkey_algo );
+
+ /* Get number of secret and public parameters. They are held in one
+ array first the public ones, then the secret ones. */
+ nskey = pubkey_get_nskey ( sk->pubkey_algo );
+ npkey = pubkey_get_npkey ( sk->pubkey_algo );
+
+ /* If we don't have any public parameters - which is the case if we
+ don't know the algorithm used - the parameters are stored as one
+ blob in a faked (opaque) MPI. */
+ if ( !npkey )
+ {
+ write_fake_data( a, sk->skey[0] );
+ goto leave;
+ }
+ assert ( npkey < nskey );
+
+ /* Writing the public parameters is easy. */
+ for (i=0; i < npkey; i++ )
+ if ((rc = mpi_write (a, sk->skey[i])))
+ goto leave;
+
+ /* Build the header for protected (encrypted) secret parameters. */
+ if ( sk->is_protected )
+ {
+ if ( is_RSA(sk->pubkey_algo)
+ && sk->version < 4
+ && !sk->protect.s2k.mode )
+ {
+ /* The simple rfc1991 (v3) way. */
+ iobuf_put (a, sk->protect.algo );
+ iobuf_write (a, sk->protect.iv, sk->protect.ivlen );
+ }
+ else
+ {
+ /* OpenPGP protection according to rfc2440. */
+ iobuf_put(a, sk->protect.sha1chk? 0xfe : 0xff );
+ iobuf_put(a, sk->protect.algo );
+ if ( sk->protect.s2k.mode >= 1000 )
+ {
+ /* These modes are not possible in OpenPGP, we use them
+ to implement our extensions, 101 can be seen as a
+ private/experimental extension (this is not specified
+ in rfc2440 but the same scheme is used for all other
+ algorithm identifiers) */
+ iobuf_put(a, 101 );
+ iobuf_put(a, sk->protect.s2k.hash_algo );
+ iobuf_write(a, "GNU", 3 );
+ iobuf_put(a, sk->protect.s2k.mode - 1000 );
+ }
+ else
+ {
+ iobuf_put(a, sk->protect.s2k.mode );
+ iobuf_put(a, sk->protect.s2k.hash_algo );
+ }
+ if ( sk->protect.s2k.mode == 1
+ || sk->protect.s2k.mode == 3 )
+ iobuf_write (a, sk->protect.s2k.salt, 8 );
+
+ if ( sk->protect.s2k.mode == 3 )
+ iobuf_put (a, sk->protect.s2k.count );
+
+ /* For our special modes 1001, 1002 we do not need an IV. */
+ if ( sk->protect.s2k.mode != 1001
+ && sk->protect.s2k.mode != 1002 )
+ iobuf_write (a, sk->protect.iv, sk->protect.ivlen );
+ }
+ }
+ else
+ iobuf_put (a, 0 );
+
+ if ( sk->protect.s2k.mode == 1001 )
+ ; /* GnuPG extension - don't write a secret key at all. */
+ else if ( sk->protect.s2k.mode == 1002 )
+ {
+ /* GnuPG extension - divert to OpenPGP smartcard. */
+ iobuf_put(a, sk->protect.ivlen ); /* Length of the serial number
+ or 0 for no serial
+ number. */
+ /* The serial number gets stored in the IV field. */
+ iobuf_write(a, sk->protect.iv, sk->protect.ivlen);
+ }
+ else if ( sk->is_protected && sk->version >= 4 )
+ {
+ /* The secret key is protected - write it out as it is. */
+ byte *p;
+ unsigned int ndatabits;
+
+ assert (gcry_mpi_get_flag (sk->skey[npkey], GCRYMPI_FLAG_OPAQUE));
+ p = gcry_mpi_get_opaque (sk->skey[npkey], &ndatabits );
+ iobuf_write (a, p, (ndatabits+7)/8 );
+ }
+ else if ( sk->is_protected )
+ {
+ /* The secret key is protected the old v4 way. */
+ for ( ; i < nskey; i++ )
+ {
+ byte *p;
+ unsigned int ndatabits;
+
+ assert (gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE));
+ p = gcry_mpi_get_opaque (sk->skey[i], &ndatabits);
+ iobuf_write (a, p, (ndatabits+7)/8);
+ }
+ write_16(a, sk->csum );
+ }
+ else
+ {
+ /* Non-protected key. */
+ for ( ; i < nskey; i++ )
+ if ( (rc = mpi_write (a, sk->skey[i])))
+ goto leave;
+ write_16 (a, sk->csum );
+ }
+
+ leave:
+ if (!rc)
+ {
+ /* Build the header of the packet - which we must do after
+ writing all the other stuff, so that we know the length of
+ the packet */
+ write_header2(out, ctb, iobuf_get_temp_length(a), sk->hdrbytes);
+ /* And finally write it out the real stream */
+ rc = iobuf_write_temp( out, a );
+ }
+
+ iobuf_close(a); /* Close the remporary buffer */
+ return rc;
+}
+
+static int
+do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc )
+{
+ int rc = 0;
+ IOBUF a = iobuf_temp();
+
+ assert( enc->version == 4 );
+ switch( enc->s2k.mode ) {
+ case 0: case 1: case 3: break;
+ default: log_bug("do_symkey_enc: s2k=%d\n", enc->s2k.mode );
+ }
+ iobuf_put( a, enc->version );
+ iobuf_put( a, enc->cipher_algo );
+ iobuf_put( a, enc->s2k.mode );
+ iobuf_put( a, enc->s2k.hash_algo );
+ if( enc->s2k.mode == 1 || enc->s2k.mode == 3 ) {
+ iobuf_write(a, enc->s2k.salt, 8 );
+ if( enc->s2k.mode == 3 )
+ iobuf_put(a, enc->s2k.count);
+ }
+ if( enc->seskeylen )
+ iobuf_write(a, enc->seskey, enc->seskeylen );
+
+ write_header(out, ctb, iobuf_get_temp_length(a) );
+ rc = iobuf_write_temp( out, a );
+
+ iobuf_close(a);
+ return rc;
+}
+
+
+static int
+do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc )
+{
+ int rc = 0;
+ int n, i;
+ IOBUF a = iobuf_temp();
+
+ write_version( a, ctb );
+ if ( enc->throw_keyid )
+ {
+ write_32(a, 0 ); /* Don't tell Eve who can decrypt the message. */
+ write_32(a, 0 );
+ }
+ else
+ {
+ write_32(a, enc->keyid[0] );
+ write_32(a, enc->keyid[1] );
+ }
+ iobuf_put(a,enc->pubkey_algo );
+ n = pubkey_get_nenc( enc->pubkey_algo );
+ if ( !n )
+ write_fake_data( a, enc->data[0] );
+ for (i=0; i < n && !rc ; i++ )
+ rc = mpi_write(a, enc->data[i] );
+
+ if (!rc)
+ {
+ write_header(out, ctb, iobuf_get_temp_length(a) );
+ rc = iobuf_write_temp( out, a );
+ }
+ iobuf_close(a);
+ return rc;
+}
+
+
+static u32
+calc_plaintext( PKT_plaintext *pt )
+{
+ /* Truncate namelen to the maximum 255 characters. Note this means
+ that a function that calls build_packet with an illegal literal
+ packet will get it back legalized. */
+
+ if(pt->namelen>255)
+ pt->namelen=255;
+
+ return pt->len? (1 + 1 + pt->namelen + 4 + pt->len) : 0;
+}
+
+static int
+do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt )
+{
+ int i, rc = 0;
+ u32 n;
+ byte buf[1000]; /* this buffer has the plaintext! */
+ int nbytes;
+
+ write_header(out, ctb, calc_plaintext( pt ) );
+ iobuf_put(out, pt->mode );
+ iobuf_put(out, pt->namelen );
+ for(i=0; i < pt->namelen; i++ )
+ iobuf_put(out, pt->name[i] );
+ rc = write_32(out, pt->timestamp );
+ if (rc)
+ return rc;
+
+ n = 0;
+ while( (nbytes=iobuf_read(pt->buf, buf, 1000)) != -1 ) {
+ rc = iobuf_write (out, buf, nbytes);
+ if (rc)
+ break;
+ n += nbytes;
+ }
+ wipememory(buf,1000); /* burn the buffer */
+ if( (ctb&0x40) && !pt->len )
+ iobuf_set_partial_block_mode(out, 0 ); /* turn off partial */
+ if( pt->len && n != pt->len )
+ log_error("do_plaintext(): wrote %lu bytes but expected %lu bytes\n",
+ (ulong)n, (ulong)pt->len );
+
+ return rc;
+}
+
+
+
+static int
+do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed )
+{
+ int rc = 0;
+ u32 n;
+
+ n = ed->len ? (ed->len + ed->extralen) : 0;
+ write_header(out, ctb, n );
+
+ /* This is all. The caller has to write the real data */
+
+ return rc;
+}
+
+static int
+do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed )
+{
+ int rc = 0;
+ u32 n;
+
+ assert( ed->mdc_method );
+
+ /* Take version number and the following MDC packet in account. */
+ n = ed->len ? (ed->len + ed->extralen + 1 + 22) : 0;
+ write_header(out, ctb, n );
+ iobuf_put(out, 1 ); /* version */
+
+ /* This is all. The caller has to write the real data */
+
+ return rc;
+}
+
+
+static int
+do_compressed( IOBUF out, int ctb, PKT_compressed *cd )
+{
+ int rc = 0;
+
+ /* We must use the old convention and don't use blockmode for the
+ sake of PGP 2 compatibility. However if the new_ctb flag was
+ set, CTB is already formatted as new style and write_header2
+ does create a partial length encoding using new the new
+ style. */
+ write_header2(out, ctb, 0, 0);
+ iobuf_put(out, cd->algorithm );
+
+ /* This is all. The caller has to write the real data */
+
+ return rc;
+}
+
+
+/****************
+ * Delete all subpackets of type REQTYPE and return a bool whether a packet
+ * was deleted.
+ */
+int
+delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype )
+{
+ int buflen;
+ sigsubpkttype_t type;
+ byte *buffer, *bufstart;
+ size_t n;
+ size_t unused = 0;
+ int okay = 0;
+
+ if( !area )
+ return 0;
+ buflen = area->len;
+ buffer = area->data;
+ for(;;) {
+ if( !buflen ) {
+ okay = 1;
+ break;
+ }
+ bufstart = buffer;
+ n = *buffer++; buflen--;
+ if( n == 255 ) {
+ if( buflen < 4 )
+ break;
+ n = (buffer[0] << 24) | (buffer[1] << 16)
+ | (buffer[2] << 8) | buffer[3];
+ buffer += 4;
+ buflen -= 4;
+ }
+ else if( n >= 192 ) {
+ if( buflen < 2 )
+ break;
+ n = (( n - 192 ) << 8) + *buffer + 192;
+ buffer++;
+ buflen--;
+ }
+ if( buflen < n )
+ break;
+
+ type = *buffer & 0x7f;
+ if( type == reqtype ) {
+ buffer++;
+ buflen--;
+ n--;
+ if( n > buflen )
+ break;
+ buffer += n; /* point to next subpkt */
+ buflen -= n;
+ memmove (bufstart, buffer, buflen); /* shift */
+ unused += buffer - bufstart;
+ buffer = bufstart;
+ }
+ else {
+ buffer += n; buflen -=n;
+ }
+ }
+
+ if (!okay)
+ log_error ("delete_subpkt: buffer shorter than subpacket\n");
+ assert (unused <= area->len);
+ area->len -= unused;
+ return !!unused;
+}
+
+
+/****************
+ * Create or update a signature subpacket for SIG of TYPE. This
+ * functions knows where to put the data (hashed or unhashed). The
+ * function may move data from the unhashed part to the hashed one.
+ * Note: All pointers into sig->[un]hashed (e.g. returned by
+ * parse_sig_subpkt) are not valid after a call to this function. The
+ * data to put into the subpaket should be in a buffer with a length
+ * of buflen.
+ */
+void
+build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
+ const byte *buffer, size_t buflen )
+{
+ byte *p;
+ int critical, hashed;
+ subpktarea_t *oldarea, *newarea;
+ size_t nlen, n, n0;
+
+ critical = (type & SIGSUBPKT_FLAG_CRITICAL);
+ type &= ~SIGSUBPKT_FLAG_CRITICAL;
+
+ /* Sanity check buffer sizes */
+ if(parse_one_sig_subpkt(buffer,buflen,type)<0)
+ BUG();
+
+ switch(type)
+ {
+ case SIGSUBPKT_NOTATION:
+ case SIGSUBPKT_POLICY:
+ case SIGSUBPKT_REV_KEY:
+ case SIGSUBPKT_SIGNATURE:
+ /* we do allow multiple subpackets */
+ break;
+
+ default:
+ /* we don't allow multiple subpackets */
+ delete_sig_subpkt(sig->hashed,type);
+ delete_sig_subpkt(sig->unhashed,type);
+ break;
+ }
+
+ /* Any special magic that needs to be done for this type so the
+ packet doesn't need to be reparsed? */
+ switch(type)
+ {
+ case SIGSUBPKT_NOTATION:
+ sig->flags.notation=1;
+ break;
+
+ case SIGSUBPKT_POLICY:
+ sig->flags.policy_url=1;
+ break;
+
+ case SIGSUBPKT_PREF_KS:
+ sig->flags.pref_ks=1;
+ break;
+
+ case SIGSUBPKT_EXPORTABLE:
+ if(buffer[0])
+ sig->flags.exportable=1;
+ else
+ sig->flags.exportable=0;
+ break;
+
+ case SIGSUBPKT_REVOCABLE:
+ if(buffer[0])
+ sig->flags.revocable=1;
+ else
+ sig->flags.revocable=0;
+ break;
+
+ case SIGSUBPKT_TRUST:
+ sig->trust_depth=buffer[0];
+ sig->trust_value=buffer[1];
+ break;
+
+ case SIGSUBPKT_REGEXP:
+ sig->trust_regexp=buffer;
+ break;
+
+ /* This should never happen since we don't currently allow
+ creating such a subpacket, but just in case... */
+ case SIGSUBPKT_SIG_EXPIRE:
+ if(buffer_to_u32(buffer)+sig->timestamp<=make_timestamp())
+ sig->flags.expired=1;
+ else
+ sig->flags.expired=0;
+ break;
+
+ default:
+ break;
+ }
+
+ if( (buflen+1) >= 8384 )
+ nlen = 5; /* write 5 byte length header */
+ else if( (buflen+1) >= 192 )
+ nlen = 2; /* write 2 byte length header */
+ else
+ nlen = 1; /* just a 1 byte length header */
+
+ switch( type )
+ {
+ /* The issuer being unhashed is a historical oddity. It
+ should work equally as well hashed. Of course, if even an
+ unhashed issuer is tampered with, it makes it awfully hard
+ to verify the sig... */
+ case SIGSUBPKT_ISSUER:
+ case SIGSUBPKT_SIGNATURE:
+ hashed = 0;
+ break;
+ default:
+ hashed = 1;
+ break;
+ }
+
+ if( critical )
+ type |= SIGSUBPKT_FLAG_CRITICAL;
+
+ oldarea = hashed? sig->hashed : sig->unhashed;
+
+ /* Calculate new size of the area and allocate */
+ n0 = oldarea? oldarea->len : 0;
+ n = n0 + nlen + 1 + buflen; /* length, type, buffer */
+ if (oldarea && n <= oldarea->size) { /* fits into the unused space */
+ newarea = oldarea;
+ /*log_debug ("updating area for type %d\n", type );*/
+ }
+ else if (oldarea) {
+ newarea = xrealloc (oldarea, sizeof (*newarea) + n - 1);
+ newarea->size = n;
+ /*log_debug ("reallocating area for type %d\n", type );*/
+ }
+ else {
+ newarea = xmalloc (sizeof (*newarea) + n - 1);
+ newarea->size = n;
+ /*log_debug ("allocating area for type %d\n", type );*/
+ }
+ newarea->len = n;
+
+ p = newarea->data + n0;
+ if (nlen == 5) {
+ *p++ = 255;
+ *p++ = (buflen+1) >> 24;
+ *p++ = (buflen+1) >> 16;
+ *p++ = (buflen+1) >> 8;
+ *p++ = (buflen+1);
+ *p++ = type;
+ memcpy (p, buffer, buflen);
+ }
+ else if (nlen == 2) {
+ *p++ = (buflen+1-192) / 256 + 192;
+ *p++ = (buflen+1-192) % 256;
+ *p++ = type;
+ memcpy (p, buffer, buflen);
+ }
+ else {
+ *p++ = buflen+1;
+ *p++ = type;
+ memcpy (p, buffer, buflen);
+ }
+
+ if (hashed)
+ sig->hashed = newarea;
+ else
+ sig->unhashed = newarea;
+}
+
+/****************
+ * Put all the required stuff from SIG into subpackets of sig.
+ * Hmmm, should we delete those subpackets which are in a wrong area?
+ */
+void
+build_sig_subpkt_from_sig( PKT_signature *sig )
+{
+ u32 u;
+ byte buf[8];
+
+ u = sig->keyid[0];
+ buf[0] = (u >> 24) & 0xff;
+ buf[1] = (u >> 16) & 0xff;
+ buf[2] = (u >> 8) & 0xff;
+ buf[3] = u & 0xff;
+ u = sig->keyid[1];
+ buf[4] = (u >> 24) & 0xff;
+ buf[5] = (u >> 16) & 0xff;
+ buf[6] = (u >> 8) & 0xff;
+ buf[7] = u & 0xff;
+ build_sig_subpkt( sig, SIGSUBPKT_ISSUER, buf, 8 );
+
+ u = sig->timestamp;
+ buf[0] = (u >> 24) & 0xff;
+ buf[1] = (u >> 16) & 0xff;
+ buf[2] = (u >> 8) & 0xff;
+ buf[3] = u & 0xff;
+ build_sig_subpkt( sig, SIGSUBPKT_SIG_CREATED, buf, 4 );
+
+ if(sig->expiredate)
+ {
+ if(sig->expiredate>sig->timestamp)
+ u=sig->expiredate-sig->timestamp;
+ else
+ u=1; /* A 1-second expiration time is the shortest one
+ OpenPGP has */
+
+ buf[0] = (u >> 24) & 0xff;
+ buf[1] = (u >> 16) & 0xff;
+ buf[2] = (u >> 8) & 0xff;
+ buf[3] = u & 0xff;
+
+ /* Mark this CRITICAL, so if any implementation doesn't
+ understand sigs that can expire, it'll just disregard this
+ sig altogether. */
+
+ build_sig_subpkt( sig, SIGSUBPKT_SIG_EXPIRE | SIGSUBPKT_FLAG_CRITICAL,
+ buf, 4 );
+ }
+}
+
+void
+build_attribute_subpkt(PKT_user_id *uid,byte type,
+ const void *buf,u32 buflen,
+ const void *header,u32 headerlen)
+{
+ byte *attrib;
+ int idx;
+
+ if(1+headerlen+buflen>8383)
+ idx=5;
+ else if(1+headerlen+buflen>191)
+ idx=2;
+ else
+ idx=1;
+
+ /* realloc uid->attrib_data to the right size */
+
+ uid->attrib_data=xrealloc(uid->attrib_data,
+ uid->attrib_len+idx+1+headerlen+buflen);
+
+ attrib=&uid->attrib_data[uid->attrib_len];
+
+ if(idx==5)
+ {
+ attrib[0]=255;
+ attrib[1]=(1+headerlen+buflen) >> 24;
+ attrib[2]=(1+headerlen+buflen) >> 16;
+ attrib[3]=(1+headerlen+buflen) >> 8;
+ attrib[4]=1+headerlen+buflen;
+ }
+ else if(idx==2)
+ {
+ attrib[0]=(1+headerlen+buflen-192) / 256 + 192;
+ attrib[1]=(1+headerlen+buflen-192) % 256;
+ }
+ else
+ attrib[0]=1+headerlen+buflen; /* Good luck finding a JPEG this small! */
+
+ attrib[idx++]=type;
+
+ /* Tack on our data at the end */
+
+ if(headerlen>0)
+ memcpy(&attrib[idx],header,headerlen);
+ memcpy(&attrib[idx+headerlen],buf,buflen);
+ uid->attrib_len+=idx+headerlen+buflen;
+}
+
+struct notation *
+string_to_notation(const char *string,int is_utf8)
+{
+ const char *s;
+ int saw_at=0;
+ struct notation *notation;
+
+ notation=xmalloc_clear(sizeof(*notation));
+
+ if(*string=='-')
+ {
+ notation->flags.ignore=1;
+ string++;
+ }
+
+ if(*string=='!')
+ {
+ notation->flags.critical=1;
+ string++;
+ }
+
+ /* If and when the IETF assigns some official name tags, we'll have
+ to add them here. */
+
+ for( s=string ; *s != '='; s++ )
+ {
+ if( *s=='@')
+ saw_at++;
+
+ /* -notationname is legal without an = sign */
+ if(!*s && notation->flags.ignore)
+ break;
+
+ if( !*s || !isascii (*s) || (!isgraph(*s) && !isspace(*s)) )
+ {
+ log_error(_("a notation name must have only printable characters"
+ " or spaces, and end with an '='\n") );
+ goto fail;
+ }
+ }
+
+ notation->name=xmalloc((s-string)+1);
+ strncpy(notation->name,string,s-string);
+ notation->name[s-string]='\0';
+
+ if(!saw_at && !opt.expert)
+ {
+ log_error(_("a user notation name must contain the '@' character\n"));
+ goto fail;
+ }
+
+ if (saw_at > 1)
+ {
+ log_error(_("a notation name must not contain more than"
+ " one '@' character\n"));
+ goto fail;
+ }
+
+ if(*s)
+ {
+ const char *i=s+1;
+ int highbit=0;
+
+ /* we only support printable text - therefore we enforce the use
+ of only printable characters (an empty value is valid) */
+ for(s++; *s ; s++ )
+ {
+ if ( !isascii (*s) )
+ highbit=1;
+ else if (iscntrl(*s))
+ {
+ log_error(_("a notation value must not use any"
+ " control characters\n"));
+ goto fail;
+ }
+ }
+
+ if(!highbit || is_utf8)
+ notation->value=xstrdup(i);
+ else
+ notation->value=native_to_utf8(i);
+ }
+
+ return notation;
+
+ fail:
+ free_notation(notation);
+ return NULL;
+}
+
+struct notation *
+sig_to_notation(PKT_signature *sig)
+{
+ const byte *p;
+ size_t len;
+ int seq=0,crit;
+ struct notation *list=NULL;
+
+ while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq,&crit)))
+ {
+ int n1,n2;
+ struct notation *n=NULL;
+
+ if(len<8)
+ {
+ log_info(_("WARNING: invalid notation data found\n"));
+ continue;
+ }
+
+ n1=(p[4]<<8)|p[5];
+ n2=(p[6]<<8)|p[7];
+
+ if(8+n1+n2!=len)
+ {
+ log_info(_("WARNING: invalid notation data found\n"));
+ continue;
+ }
+
+ n=xmalloc_clear(sizeof(*n));
+ n->name=xmalloc(n1+1);
+
+ memcpy(n->name,&p[8],n1);
+ n->name[n1]='\0';
+
+ if(p[0]&0x80)
+ {
+ n->value=xmalloc(n2+1);
+ memcpy(n->value,&p[8+n1],n2);
+ n->value[n2]='\0';
+ }
+ else
+ {
+ n->bdat=xmalloc(n2);
+ n->blen=n2;
+ memcpy(n->bdat,&p[8+n1],n2);
+
+ n->value=xmalloc(2+strlen(_("not human readable"))+2+1);
+ strcpy(n->value,"[ ");
+ strcat(n->value,_("not human readable"));
+ strcat(n->value," ]");
+ }
+
+ n->flags.critical=crit;
+
+ n->next=list;
+ list=n;
+ }
+
+ return list;
+}
+
+void
+free_notation(struct notation *notation)
+{
+ while(notation)
+ {
+ struct notation *n=notation;
+
+ xfree(n->name);
+ xfree(n->value);
+ xfree(n->altvalue);
+ xfree(n->bdat);
+ notation=n->next;
+ xfree(n);
+ }
+}
+
+static int
+do_signature( IOBUF out, int ctb, PKT_signature *sig )
+{
+ int rc = 0;
+ int n, i;
+ IOBUF a = iobuf_temp();
+
+ if ( !sig->version )
+ iobuf_put( a, 3 );
+ else
+ iobuf_put( a, sig->version );
+ if ( sig->version < 4 )
+ iobuf_put (a, 5 ); /* Constant */
+ iobuf_put (a, sig->sig_class );
+ if ( sig->version < 4 )
+ {
+ write_32(a, sig->timestamp );
+ write_32(a, sig->keyid[0] );
+ write_32(a, sig->keyid[1] );
+ }
+ iobuf_put(a, sig->pubkey_algo );
+ iobuf_put(a, sig->digest_algo );
+ if ( sig->version >= 4 )
+ {
+ size_t nn;
+ /* Timestamp and keyid must have been packed into the subpackets
+ prior to the call of this function, because these subpackets
+ are hashed. */
+ nn = sig->hashed? sig->hashed->len : 0;
+ write_16(a, nn);
+ if (nn)
+ iobuf_write( a, sig->hashed->data, nn );
+ nn = sig->unhashed? sig->unhashed->len : 0;
+ write_16(a, nn);
+ if (nn)
+ iobuf_write( a, sig->unhashed->data, nn );
+ }
+ iobuf_put(a, sig->digest_start[0] );
+ iobuf_put(a, sig->digest_start[1] );
+ n = pubkey_get_nsig( sig->pubkey_algo );
+ if ( !n )
+ write_fake_data( a, sig->data[0] );
+ for (i=0; i < n && !rc ; i++ )
+ rc = mpi_write(a, sig->data[i] );
+
+ if (!rc)
+ {
+ if ( is_RSA(sig->pubkey_algo) && sig->version < 4 )
+ write_sign_packet_header(out, ctb, iobuf_get_temp_length(a) );
+ else
+ write_header(out, ctb, iobuf_get_temp_length(a) );
+ rc = iobuf_write_temp( out, a );
+ }
+
+ iobuf_close(a);
+ return rc;
+}
+
+
+static int
+do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops )
+{
+ int rc = 0;
+ IOBUF a = iobuf_temp();
+
+ write_version( a, ctb );
+ iobuf_put(a, ops->sig_class );
+ iobuf_put(a, ops->digest_algo );
+ iobuf_put(a, ops->pubkey_algo );
+ write_32(a, ops->keyid[0] );
+ write_32(a, ops->keyid[1] );
+ iobuf_put(a, ops->last );
+
+ write_header(out, ctb, iobuf_get_temp_length(a) );
+ rc = iobuf_write_temp( out, a );
+
+ iobuf_close(a);
+ return rc;
+}
+
+
+static int
+write_16(IOBUF out, u16 a)
+{
+ iobuf_put(out, a>>8);
+ if( iobuf_put(out,a) )
+ return -1;
+ return 0;
+}
+
+static int
+write_32(IOBUF out, u32 a)
+{
+ iobuf_put(out, a>> 24);
+ iobuf_put(out, a>> 16);
+ iobuf_put(out, a>> 8);
+ return iobuf_put(out, a);
+}
+
+
+/****************
+ * calculate the length of a header
+ */
+static int
+calc_header_length( u32 len, int new_ctb )
+{
+ if( !len )
+ return 1; /* only the ctb */
+
+ if( new_ctb ) {
+ if( len < 192 )
+ return 2;
+ if( len < 8384 )
+ return 3;
+ else
+ return 6;
+ }
+ if( len < 256 )
+ return 2;
+ if( len < 65536 )
+ return 3;
+
+ return 5;
+}
+
+/****************
+ * Write the CTB and the packet length
+ */
+static int
+write_header( IOBUF out, int ctb, u32 len )
+{
+ return write_header2( out, ctb, len, 0 );
+}
+
+
+static int
+write_sign_packet_header (IOBUF out, int ctb, u32 len)
+{
+ (void)ctb;
+
+ /* Work around a bug in the pgp read function for signature packets,
+ which are not correctly coded and silently assume at some point 2
+ byte length headers.*/
+ iobuf_put (out, 0x89 );
+ iobuf_put (out, len >> 8 );
+ return iobuf_put (out, len) == -1 ? -1:0;
+}
+
+/****************
+ * If HDRLEN is > 0, try to build a header of this length. We need
+ * this so that we can hash packets without reading them again. If
+ * len is 0, write a partial or indeterminate length header, unless
+ * hdrlen is specified in which case write an actual zero length
+ * (using the specified hdrlen).
+ */
+static int
+write_header2( IOBUF out, int ctb, u32 len, int hdrlen )
+{
+ if( ctb & 0x40 )
+ return write_new_header( out, ctb, len, hdrlen );
+
+ if( hdrlen )
+ {
+ if( hdrlen == 2 && len < 256 )
+ ;
+ else if( hdrlen == 3 && len < 65536 )
+ ctb |= 1;
+ else
+ ctb |= 2;
+ }
+ else
+ {
+ if( !len )
+ ctb |= 3;
+ else if( len < 256 )
+ ;
+ else if( len < 65536 )
+ ctb |= 1;
+ else
+ ctb |= 2;
+ }
+
+ if( iobuf_put(out, ctb ) )
+ return -1;
+
+ if( len || hdrlen )
+ {
+ if( ctb & 2 )
+ {
+ if(iobuf_put(out, len >> 24 ))
+ return -1;
+ if(iobuf_put(out, len >> 16 ))
+ return -1;
+ }
+
+ if( ctb & 3 )
+ if(iobuf_put(out, len >> 8 ))
+ return -1;
+
+ if( iobuf_put(out, len ) )
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int
+write_new_header( IOBUF out, int ctb, u32 len, int hdrlen )
+{
+ if( hdrlen )
+ log_bug("can't cope with hdrlen yet\n");
+
+ if( iobuf_put(out, ctb ) )
+ return -1;
+ if( !len ) {
+ iobuf_set_partial_block_mode(out, 512 );
+ }
+ else {
+ if( len < 192 ) {
+ if( iobuf_put(out, len ) )
+ return -1;
+ }
+ else if( len < 8384 ) {
+ len -= 192;
+ if( iobuf_put( out, (len / 256) + 192) )
+ return -1;
+ if( iobuf_put( out, (len % 256) ) )
+ return -1;
+ }
+ else {
+ if( iobuf_put( out, 0xff ) )
+ return -1;
+ if( iobuf_put( out, (len >> 24)&0xff ) )
+ return -1;
+ if( iobuf_put( out, (len >> 16)&0xff ) )
+ return -1;
+ if( iobuf_put( out, (len >> 8)&0xff ) )
+ return -1;
+ if( iobuf_put( out, len & 0xff ) )
+ return -1;
+ }
+ }
+ return 0;
+}
+
+static int
+write_version (IOBUF out, int ctb)
+{
+ (void)ctb;
+
+ if (iobuf_put (out, 3))
+ return -1;
+ return 0;
+}
diff --git a/g10/call-agent.c b/g10/call-agent.c
new file mode 100644
index 0000000..cded773
--- /dev/null
+++ b/g10/call-agent.c
@@ -0,0 +1,1369 @@
+/* call-agent.c - Divert GPG operations to the agent.
+ * Copyright (C) 2001, 2002, 2003, 2006, 2007,
+ * 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+#ifdef HAVE_LOCALE_H
+#include <locale.h>
+#endif
+
+#include "gpg.h"
+#include <assuan.h>
+#include "util.h"
+#include "membuf.h"
+#include "options.h"
+#include "i18n.h"
+#include "asshelp.h"
+#include "sysutils.h"
+#include "call-agent.h"
+#include "status.h"
+
+#ifndef DBG_ASSUAN
+# define DBG_ASSUAN 1
+#endif
+
+static assuan_context_t agent_ctx = NULL;
+static int did_early_card_test;
+
+struct cipher_parm_s
+{
+ assuan_context_t ctx;
+ const char *ciphertext;
+ size_t ciphertextlen;
+};
+
+struct writecert_parm_s
+{
+ assuan_context_t ctx;
+ const unsigned char *certdata;
+ size_t certdatalen;
+};
+
+struct writekey_parm_s
+{
+ assuan_context_t ctx;
+ const unsigned char *keydata;
+ size_t keydatalen;
+};
+
+struct genkey_parm_s
+{
+ assuan_context_t ctx;
+ const char *sexp;
+ size_t sexplen;
+};
+
+struct scd_genkey_parm_s
+{
+ struct agent_card_genkey_s *cgk;
+ char *savedbytes; /* Malloced space to save key parameter chunks. */
+};
+
+
+static gpg_error_t learn_status_cb (void *opaque, const char *line);
+
+
+
+/* If RC is not 0, write an appropriate status message. */
+static void
+status_sc_op_failure (int rc)
+{
+ switch (gpg_err_code (rc))
+ {
+ case 0:
+ break;
+ case GPG_ERR_CANCELED:
+ write_status_text (STATUS_SC_OP_FAILURE, "1");
+ break;
+ case GPG_ERR_BAD_PIN:
+ write_status_text (STATUS_SC_OP_FAILURE, "2");
+ break;
+ default:
+ write_status (STATUS_SC_OP_FAILURE);
+ break;
+ }
+}
+
+
+
+
+/* Try to connect to the agent via socket or fork it off and work by
+ pipes. Handle the server's initial greeting */
+static int
+start_agent (int for_card)
+{
+ int rc;
+
+ /* Fixme: We need a context for each thread or serialize the access
+ to the agent. */
+ if (agent_ctx)
+ rc = 0;
+ else
+ {
+ rc = start_new_gpg_agent (&agent_ctx,
+ GPG_ERR_SOURCE_DEFAULT,
+ opt.homedir,
+ opt.agent_program,
+ opt.lc_ctype, opt.lc_messages,
+ opt.session_env,
+ opt.verbose, DBG_ASSUAN,
+ NULL, NULL);
+ if (!rc)
+ {
+ /* Tell the agent that we support Pinentry notifications.
+ No error checking so that it will work also with older
+ agents. */
+ assuan_transact (agent_ctx, "OPTION allow-pinentry-notify",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ }
+ }
+
+ if (!rc && for_card && !did_early_card_test)
+ {
+ /* Request the serial number of the card for an early test. */
+ struct agent_card_info_s info;
+
+ memset (&info, 0, sizeof info);
+ rc = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
+ NULL, NULL, NULL, NULL,
+ learn_status_cb, &info);
+ if (rc)
+ {
+ switch (gpg_err_code (rc))
+ {
+ case GPG_ERR_NOT_SUPPORTED:
+ case GPG_ERR_NO_SCDAEMON:
+ write_status_text (STATUS_CARDCTRL, "6");
+ break;
+ default:
+ write_status_text (STATUS_CARDCTRL, "4");
+ log_info ("selecting openpgp failed: %s\n", gpg_strerror (rc));
+ break;
+ }
+ }
+
+ if (!rc && is_status_enabled () && info.serialno)
+ {
+ char *buf;
+
+ buf = xasprintf ("3 %s", info.serialno);
+ write_status_text (STATUS_CARDCTRL, buf);
+ xfree (buf);
+ }
+
+ agent_release_card_info (&info);
+
+ if (!rc)
+ did_early_card_test = 1;
+ }
+
+
+ return rc;
+}
+
+
+/* Return a new malloced string by unescaping the string S. Escaping
+ is percent escaping and '+'/space mapping. A binary nul will
+ silently be replaced by a 0xFF. Function returns NULL to indicate
+ an out of memory status. */
+static char *
+unescape_status_string (const unsigned char *s)
+{
+ return percent_plus_unescape (s, 0xff);
+}
+
+
+/* Take a 20 byte hexencoded string and put it into the the provided
+ 20 byte buffer FPR in binary format. */
+static int
+unhexify_fpr (const char *hexstr, unsigned char *fpr)
+{
+ const char *s;
+ int n;
+
+ for (s=hexstr, n=0; hexdigitp (s); s++, n++)
+ ;
+ if (*s || (n != 40))
+ return 0; /* no fingerprint (invalid or wrong length). */
+ for (s=hexstr, n=0; *s; s += 2, n++)
+ fpr[n] = xtoi_2 (s);
+ return 1; /* okay */
+}
+
+/* Take the serial number from LINE and return it verbatim in a newly
+ allocated string. We make sure that only hex characters are
+ returned. */
+static char *
+store_serialno (const char *line)
+{
+ const char *s;
+ char *p;
+
+ for (s=line; hexdigitp (s); s++)
+ ;
+ p = xtrymalloc (s + 1 - line);
+ if (p)
+ {
+ memcpy (p, line, s-line);
+ p[s-line] = 0;
+ }
+ return p;
+}
+
+
+
+/* This is a dummy data line callback. */
+static gpg_error_t
+dummy_data_cb (void *opaque, const void *buffer, size_t length)
+{
+ (void)opaque;
+ (void)buffer;
+ (void)length;
+ return 0;
+}
+
+/* A simple callback used to return the serialnumber of a card. */
+static gpg_error_t
+get_serialno_cb (void *opaque, const char *line)
+{
+ char **serialno = opaque;
+ const char *keyword = line;
+ const char *s;
+ int keywordlen, n;
+
+ for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+ ;
+ while (spacep (line))
+ line++;
+
+ if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
+ {
+ if (*serialno)
+ return gpg_error (GPG_ERR_CONFLICT); /* Unexpected status line. */
+ for (n=0,s=line; hexdigitp (s); s++, n++)
+ ;
+ if (!n || (n&1)|| !(spacep (s) || !*s) )
+ return gpg_error (GPG_ERR_ASS_PARAMETER);
+ *serialno = xtrymalloc (n+1);
+ if (!*serialno)
+ return out_of_core ();
+ memcpy (*serialno, line, n);
+ (*serialno)[n] = 0;
+ }
+
+ return 0;
+}
+
+
+/* This is the default inquiry callback. It mainly handles the
+ Pinentry notifications. */
+static gpg_error_t
+default_inq_cb (void *opaque, const char *line)
+{
+ (void)opaque;
+
+ if (!strncmp (line, "PINENTRY_LAUNCHED", 17) && (line[17]==' '||!line[17]))
+ {
+ /* There is no working server mode yet thus we use
+ AllowSetForegroundWindow window right here. We might want to
+ do this anyway in case gpg is called on the console. */
+ gnupg_allow_set_foregound_window ((pid_t)strtoul (line+17, NULL, 10));
+ /* We do not pass errors to avoid breaking other code. */
+ }
+ else
+ log_debug ("ignoring gpg-agent inquiry `%s'\n", line);
+
+ return 0;
+}
+
+
+
+/* Release the card info structure INFO. */
+void
+agent_release_card_info (struct agent_card_info_s *info)
+{
+ if (!info)
+ return;
+
+ xfree (info->serialno); info->serialno = NULL;
+ xfree (info->apptype); info->apptype = NULL;
+ xfree (info->disp_name); info->disp_name = NULL;
+ xfree (info->disp_lang); info->disp_lang = NULL;
+ xfree (info->pubkey_url); info->pubkey_url = NULL;
+ xfree (info->login_data); info->login_data = NULL;
+ info->cafpr1valid = info->cafpr2valid = info->cafpr3valid = 0;
+ info->fpr1valid = info->fpr2valid = info->fpr3valid = 0;
+}
+
+static gpg_error_t
+learn_status_cb (void *opaque, const char *line)
+{
+ struct agent_card_info_s *parm = opaque;
+ const char *keyword = line;
+ int keywordlen;
+ int i;
+
+ for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+ ;
+ while (spacep (line))
+ line++;
+
+ if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
+ {
+ xfree (parm->serialno);
+ parm->serialno = store_serialno (line);
+ parm->is_v2 = (strlen (parm->serialno) >= 16
+ && xtoi_2 (parm->serialno+12) >= 2 );
+ }
+ else if (keywordlen == 7 && !memcmp (keyword, "APPTYPE", keywordlen))
+ {
+ xfree (parm->apptype);
+ parm->apptype = unescape_status_string (line);
+ }
+ else if (keywordlen == 9 && !memcmp (keyword, "DISP-NAME", keywordlen))
+ {
+ xfree (parm->disp_name);
+ parm->disp_name = unescape_status_string (line);
+ }
+ else if (keywordlen == 9 && !memcmp (keyword, "DISP-LANG", keywordlen))
+ {
+ xfree (parm->disp_lang);
+ parm->disp_lang = unescape_status_string (line);
+ }
+ else if (keywordlen == 8 && !memcmp (keyword, "DISP-SEX", keywordlen))
+ {
+ parm->disp_sex = *line == '1'? 1 : *line == '2' ? 2: 0;
+ }
+ else if (keywordlen == 10 && !memcmp (keyword, "PUBKEY-URL", keywordlen))
+ {
+ xfree (parm->pubkey_url);
+ parm->pubkey_url = unescape_status_string (line);
+ }
+ else if (keywordlen == 10 && !memcmp (keyword, "LOGIN-DATA", keywordlen))
+ {
+ xfree (parm->login_data);
+ parm->login_data = unescape_status_string (line);
+ }
+ else if (keywordlen == 11 && !memcmp (keyword, "SIG-COUNTER", keywordlen))
+ {
+ parm->sig_counter = strtoul (line, NULL, 0);
+ }
+ else if (keywordlen == 10 && !memcmp (keyword, "CHV-STATUS", keywordlen))
+ {
+ char *p, *buf;
+
+ buf = p = unescape_status_string (line);
+ if (buf)
+ {
+ while (spacep (p))
+ p++;
+ parm->chv1_cached = atoi (p);
+ while (*p && !spacep (p))
+ p++;
+ while (spacep (p))
+ p++;
+ for (i=0; *p && i < 3; i++)
+ {
+ parm->chvmaxlen[i] = atoi (p);
+ while (*p && !spacep (p))
+ p++;
+ while (spacep (p))
+ p++;
+ }
+ for (i=0; *p && i < 3; i++)
+ {
+ parm->chvretry[i] = atoi (p);
+ while (*p && !spacep (p))
+ p++;
+ while (spacep (p))
+ p++;
+ }
+ xfree (buf);
+ }
+ }
+ else if (keywordlen == 6 && !memcmp (keyword, "EXTCAP", keywordlen))
+ {
+ char *p, *p2, *buf;
+ int abool;
+
+ buf = p = unescape_status_string (line);
+ if (buf)
+ {
+ for (p = strtok (buf, " "); p; p = strtok (NULL, " "))
+ {
+ p2 = strchr (p, '=');
+ if (p2)
+ {
+ *p2++ = 0;
+ abool = (*p2 == '1');
+ if (!strcmp (p, "ki"))
+ parm->extcap.ki = abool;
+ else if (!strcmp (p, "aac"))
+ parm->extcap.aac = abool;
+ }
+ }
+ xfree (buf);
+ }
+ }
+ else if (keywordlen == 7 && !memcmp (keyword, "KEY-FPR", keywordlen))
+ {
+ int no = atoi (line);
+ while (*line && !spacep (line))
+ line++;
+ while (spacep (line))
+ line++;
+ if (no == 1)
+ parm->fpr1valid = unhexify_fpr (line, parm->fpr1);
+ else if (no == 2)
+ parm->fpr2valid = unhexify_fpr (line, parm->fpr2);
+ else if (no == 3)
+ parm->fpr3valid = unhexify_fpr (line, parm->fpr3);
+ }
+ else if (keywordlen == 8 && !memcmp (keyword, "KEY-TIME", keywordlen))
+ {
+ int no = atoi (line);
+ while (* line && !spacep (line))
+ line++;
+ while (spacep (line))
+ line++;
+ if (no == 1)
+ parm->fpr1time = strtoul (line, NULL, 10);
+ else if (no == 2)
+ parm->fpr2time = strtoul (line, NULL, 10);
+ else if (no == 3)
+ parm->fpr3time = strtoul (line, NULL, 10);
+ }
+ else if (keywordlen == 6 && !memcmp (keyword, "CA-FPR", keywordlen))
+ {
+ int no = atoi (line);
+ while (*line && !spacep (line))
+ line++;
+ while (spacep (line))
+ line++;
+ if (no == 1)
+ parm->cafpr1valid = unhexify_fpr (line, parm->cafpr1);
+ else if (no == 2)
+ parm->cafpr2valid = unhexify_fpr (line, parm->cafpr2);
+ else if (no == 3)
+ parm->cafpr3valid = unhexify_fpr (line, parm->cafpr3);
+ }
+ else if (keywordlen == 8 && !memcmp (keyword, "KEY-ATTR", keywordlen))
+ {
+ int keyno, algo, nbits;
+
+ sscanf (line, "%d %d %d", &keyno, &algo, &nbits);
+ keyno--;
+ if (keyno >= 0 && keyno < DIM (parm->key_attr))
+ {
+ parm->key_attr[keyno].algo = algo;
+ parm->key_attr[keyno].nbits = nbits;
+ }
+ }
+
+ return 0;
+}
+
+/* Call the agent to learn about a smartcard */
+int
+agent_learn (struct agent_card_info_s *info)
+{
+ int rc;
+
+ rc = start_agent (1);
+ if (rc)
+ return rc;
+
+ /* Send the serialno command to initialize the connection. We don't
+ care about the data returned. If the card has already been
+ initialized, this is a very fast command. The main reason we
+ need to do this here is to handle a card removed case so that an
+ "l" command in --card-edit can be used to show ta newly inserted
+ card. We request the openpgp card because that is what we
+ expect. */
+ rc = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return rc;
+
+
+ memset (info, 0, sizeof *info);
+ rc = assuan_transact (agent_ctx, "SCD LEARN --force",
+ dummy_data_cb, NULL, default_inq_cb, NULL,
+ learn_status_cb, info);
+ /* Also try to get the key attributes. */
+ if (!rc)
+ agent_scd_getattr ("KEY-ATTR", info);
+
+ return rc;
+}
+
+/* Call the agent to retrieve a data object. This function returns
+ the data in the same structure as used by the learn command. It is
+ allowed to update such a structure using this commmand. */
+int
+agent_scd_getattr (const char *name, struct agent_card_info_s *info)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+
+ if (!*name)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ /* We assume that NAME does not need escaping. */
+ if (12 + strlen (name) > DIM(line)-1)
+ return gpg_error (GPG_ERR_TOO_LARGE);
+ stpcpy (stpcpy (line, "SCD GETATTR "), name);
+
+ rc = start_agent (1);
+ if (rc)
+ return rc;
+
+ rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, NULL,
+ learn_status_cb, info);
+
+ return rc;
+}
+
+
+/* Send an setattr command to the SCdaemon. SERIALNO is not actually
+ used here but required by gpg 1.4's implementation of this code in
+ cardglue.c. */
+int
+agent_scd_setattr (const char *name,
+ const unsigned char *value, size_t valuelen,
+ const char *serialno)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+ char *p;
+
+ (void)serialno;
+
+ if (!*name || !valuelen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ /* We assume that NAME does not need escaping. */
+ if (12 + strlen (name) > DIM(line)-1)
+ return gpg_error (GPG_ERR_TOO_LARGE);
+
+ p = stpcpy (stpcpy (line, "SCD SETATTR "), name);
+ *p++ = ' ';
+ for (; valuelen; value++, valuelen--)
+ {
+ if (p >= line + DIM(line)-5 )
+ return gpg_error (GPG_ERR_TOO_LARGE);
+ if (*value < ' ' || *value == '+' || *value == '%')
+ {
+ sprintf (p, "%%%02X", *value);
+ p += 3;
+ }
+ else if (*value == ' ')
+ *p++ = '+';
+ else
+ *p++ = *value;
+ }
+ *p = 0;
+
+ rc = start_agent (1);
+ if (!rc)
+ {
+ rc = assuan_transact (agent_ctx, line, NULL, NULL,
+ default_inq_cb, NULL, NULL, NULL);
+ }
+
+ status_sc_op_failure (rc);
+ return rc;
+}
+
+
+
+/* Handle a CERTDATA inquiry. Note, we only send the data,
+ assuan_transact takes care of flushing and writing the END
+ command. */
+static gpg_error_t
+inq_writecert_parms (void *opaque, const char *line)
+{
+ int rc;
+ struct writecert_parm_s *parm = opaque;
+
+ if (!strncmp (line, "CERTDATA", 8) && (line[8]==' '||!line[8]))
+ {
+ rc = assuan_send_data (parm->ctx, parm->certdata, parm->certdatalen);
+ }
+ else
+ rc = default_inq_cb (opaque, line);
+
+ return rc;
+}
+
+
+/* Send a WRITECERT command to the SCdaemon. */
+int
+agent_scd_writecert (const char *certidstr,
+ const unsigned char *certdata, size_t certdatalen)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+ struct writecert_parm_s parms;
+
+ rc = start_agent (1);
+ if (rc)
+ return rc;
+
+ memset (&parms, 0, sizeof parms);
+
+ snprintf (line, DIM(line)-1, "SCD WRITECERT %s", certidstr);
+ line[DIM(line)-1] = 0;
+ parms.ctx = agent_ctx;
+ parms.certdata = certdata;
+ parms.certdatalen = certdatalen;
+
+ rc = assuan_transact (agent_ctx, line, NULL, NULL,
+ inq_writecert_parms, &parms, NULL, NULL);
+
+ return rc;
+}
+
+
+
+/* Handle a KEYDATA inquiry. Note, we only send the data,
+ assuan_transact takes care of flushing and writing the end */
+static gpg_error_t
+inq_writekey_parms (void *opaque, const char *line)
+{
+ int rc;
+ struct writekey_parm_s *parm = opaque;
+
+ if (!strncmp (line, "KEYDATA", 7) && (line[7]==' '||!line[7]))
+ {
+ rc = assuan_send_data (parm->ctx, parm->keydata, parm->keydatalen);
+ }
+ else
+ rc = default_inq_cb (opaque, line);
+
+ return rc;
+}
+
+
+/* Send a WRITEKEY command to the SCdaemon. */
+int
+agent_scd_writekey (int keyno, const char *serialno,
+ const unsigned char *keydata, size_t keydatalen)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+ struct writekey_parm_s parms;
+
+ (void)serialno;
+
+ rc = start_agent (1);
+ if (rc)
+ return rc;
+
+ memset (&parms, 0, sizeof parms);
+
+ snprintf (line, DIM(line)-1, "SCD WRITEKEY --force OPENPGP.%d", keyno);
+ line[DIM(line)-1] = 0;
+ parms.ctx = agent_ctx;
+ parms.keydata = keydata;
+ parms.keydatalen = keydatalen;
+
+ rc = assuan_transact (agent_ctx, line, NULL, NULL,
+ inq_writekey_parms, &parms, NULL, NULL);
+
+ status_sc_op_failure (rc);
+ return rc;
+}
+
+
+
+static gpg_error_t
+scd_genkey_cb_append_savedbytes (struct scd_genkey_parm_s *parm,
+ const char *line)
+{
+ gpg_error_t err = 0;
+ char *p;
+
+ if (!parm->savedbytes)
+ {
+ parm->savedbytes = xtrystrdup (line);
+ if (!parm->savedbytes)
+ err = gpg_error_from_syserror ();
+ }
+ else
+ {
+ p = xtrymalloc (strlen (parm->savedbytes) + strlen (line) + 1);
+ if (!p)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ strcpy (stpcpy (p, parm->savedbytes), line);
+ xfree (parm->savedbytes);
+ parm->savedbytes = p;
+ }
+ }
+
+ return err;
+}
+
+
+/* Status callback for the SCD GENKEY command. */
+static gpg_error_t
+scd_genkey_cb (void *opaque, const char *line)
+{
+ struct scd_genkey_parm_s *parm = opaque;
+ const char *keyword = line;
+ int keywordlen;
+ gpg_error_t rc = 0;
+
+ for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+ ;
+ while (spacep (line))
+ line++;
+
+ if (keywordlen == 7 && !memcmp (keyword, "KEY-FPR", keywordlen))
+ {
+ parm->cgk->fprvalid = unhexify_fpr (line, parm->cgk->fpr);
+ }
+ else if (keywordlen == 8 && !memcmp (keyword, "KEY-DATA", keywordlen))
+ {
+ gcry_mpi_t a;
+ const char *name = line;
+
+ while (*line && !spacep (line))
+ line++;
+ while (spacep (line))
+ line++;
+
+ if (*name == '-' && spacep (name+1))
+ rc = scd_genkey_cb_append_savedbytes (parm, line);
+ else
+ {
+ if (parm->savedbytes)
+ {
+ rc = scd_genkey_cb_append_savedbytes (parm, line);
+ if (!rc)
+ rc = gcry_mpi_scan (&a, GCRYMPI_FMT_HEX,
+ parm->savedbytes, 0, NULL);
+ }
+ else
+ rc = gcry_mpi_scan (&a, GCRYMPI_FMT_HEX, line, 0, NULL);
+ if (rc)
+ log_error ("error parsing received key data: %s\n",
+ gpg_strerror (rc));
+ else if (*name == 'n' && spacep (name+1))
+ parm->cgk->n = a;
+ else if (*name == 'e' && spacep (name+1))
+ parm->cgk->e = a;
+ else
+ {
+ log_info ("unknown parameter name in received key data\n");
+ gcry_mpi_release (a);
+ rc = gpg_error (GPG_ERR_INV_PARAMETER);
+ }
+
+ xfree (parm->savedbytes);
+ parm->savedbytes = NULL;
+ }
+ }
+ else if (keywordlen == 14 && !memcmp (keyword,"KEY-CREATED-AT", keywordlen))
+ {
+ parm->cgk->created_at = (u32)strtoul (line, NULL, 10);
+ }
+ else if (keywordlen == 8 && !memcmp (keyword, "PROGRESS", keywordlen))
+ {
+ write_status_text (STATUS_PROGRESS, line);
+ }
+
+ return rc;
+}
+
+/* Send a GENKEY command to the SCdaemon. SERIALNO is not used in
+ this implementation. If CREATEDATE has been given, it will be
+ passed to SCDAEMON so that the key can be created with this
+ timestamp; note the user needs to use the returned timestamp as old
+ versions of scddaemon don't support this option. */
+int
+agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
+ const char *serialno, u32 createtime)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+ gnupg_isotime_t tbuf;
+ struct scd_genkey_parm_s parms;
+
+ (void)serialno;
+
+ memset (&parms, 0, sizeof parms);
+ parms.cgk = info;
+
+ rc = start_agent (1);
+ if (rc)
+ return rc;
+
+ if (createtime)
+ epoch2isotime (tbuf, createtime);
+ else
+ *tbuf = 0;
+
+ memset (info, 0, sizeof *info);
+ snprintf (line, DIM(line)-1, "SCD GENKEY %s%s %s %d",
+ *tbuf? "--timestamp=":"", tbuf,
+ force? "--force":"",
+ keyno);
+ line[DIM(line)-1] = 0;
+
+ memset (info, 0, sizeof *info);
+ rc = assuan_transact (agent_ctx, line,
+ NULL, NULL, default_inq_cb, NULL,
+ scd_genkey_cb, &parms);
+
+ xfree (parms.savedbytes);
+
+ status_sc_op_failure (rc);
+ return rc;
+}
+
+
+
+
+/* Issue an SCD SERIALNO openpgp command and if SERIALNO is not NULL
+ ask the user to insert the requested card. */
+gpg_error_t
+select_openpgp (const char *serialno)
+{
+ gpg_error_t err;
+
+ /* Send the serialno command to initialize the connection. Without
+ a given S/N we don't care about the data returned. If the card
+ has already been initialized, this is a very fast command. We
+ request the openpgp card because that is what we expect.
+
+ Note that an opt.limit_card_insert_tries of 1 means: No tries at
+ all whereas 0 means do not limit the number of tries. Due to the
+ sue of a pinentry prompt with a cancel option we use it here in a
+ boolean sense. */
+ if (!serialno || opt.limit_card_insert_tries == 1)
+ err = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ else
+ {
+ char *this_sn = NULL;
+ char *desc;
+ int ask;
+ char *want_sn;
+ char *p;
+
+ want_sn = xtrystrdup (serialno);
+ if (!want_sn)
+ return gpg_error_from_syserror ();
+ p = strchr (want_sn, '/');
+ if (p)
+ *p = 0;
+
+ do
+ {
+ ask = 0;
+ err = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
+ NULL, NULL, NULL, NULL,
+ get_serialno_cb, &this_sn);
+ if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
+ ask = 1;
+ else if (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED)
+ ask = 2;
+ else if (err)
+ ;
+ else if (this_sn)
+ {
+ if (strcmp (want_sn, this_sn))
+ ask = 2;
+ }
+
+ xfree (this_sn);
+ this_sn = NULL;
+
+ if (ask)
+ {
+ char *formatted = NULL;
+ char *ocodeset = i18n_switchto_utf8 ();
+
+ if (!strncmp (want_sn, "D27600012401", 12)
+ && strlen (want_sn) == 32 )
+ formatted = xtryasprintf ("(%.4s) %.8s",
+ want_sn + 16, want_sn + 20);
+
+ err = 0;
+ desc = xtryasprintf
+ ("%s:\n\n"
+ " \"%s\"",
+ ask == 1
+ ? _("Please insert the card with serial number")
+ : _("Please remove the current card and "
+ "insert the one with serial number"),
+ formatted? formatted : want_sn);
+ if (!desc)
+ err = gpg_error_from_syserror ();
+ xfree (formatted);
+ i18n_switchback (ocodeset);
+ if (!err)
+ err = gpg_agent_get_confirmation (desc);
+ xfree (desc);
+ }
+ }
+ while (ask && !err);
+ xfree (want_sn);
+ }
+
+ return err;
+}
+
+
+
+static gpg_error_t
+membuf_data_cb (void *opaque, const void *buffer, size_t length)
+{
+ membuf_t *data = opaque;
+
+ if (buffer)
+ put_membuf (data, buffer, length);
+ return 0;
+}
+
+
+/* Helper returning a command option to describe the used hash
+ algorithm. See scd/command.c:cmd_pksign. */
+static const char *
+hash_algo_option (int algo)
+{
+ switch (algo)
+ {
+ case GCRY_MD_RMD160: return "--hash=rmd160";
+ case GCRY_MD_SHA1 : return "--hash=sha1";
+ case GCRY_MD_SHA224: return "--hash=sha224";
+ case GCRY_MD_SHA256: return "--hash=sha256";
+ case GCRY_MD_SHA384: return "--hash=sha384";
+ case GCRY_MD_SHA512: return "--hash=sha512";
+ case GCRY_MD_MD5 : return "--hash=md5";
+ default: return "";
+ }
+}
+
+/* Send a sign command to the scdaemon via gpg-agent's pass thru
+ mechanism. */
+int
+agent_scd_pksign (const char *serialno, int hashalgo,
+ const unsigned char *indata, size_t indatalen,
+ unsigned char **r_buf, size_t *r_buflen)
+{
+ int rc, i;
+ char *p, line[ASSUAN_LINELENGTH];
+ membuf_t data;
+ size_t len;
+
+ /* Note, hashalgo is not yet used but hardwired to SHA1 in SCdaemon. */
+
+ *r_buf = NULL;
+ *r_buflen = 0;
+
+ rc = start_agent (1);
+ if (gpg_err_code (rc) == GPG_ERR_CARD_NOT_PRESENT
+ || gpg_err_code (rc) == GPG_ERR_NOT_SUPPORTED)
+ rc = 0; /* We check later. */
+ if (rc)
+ return rc;
+
+ if (indatalen*2 + 50 > DIM(line))
+ return gpg_error (GPG_ERR_GENERAL);
+
+ rc = select_openpgp (serialno);
+ if (rc)
+ return rc;
+
+ sprintf (line, "SCD SETDATA ");
+ p = line + strlen (line);
+ for (i=0; i < indatalen ; i++, p += 2 )
+ sprintf (p, "%02X", indata[i]);
+ rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return rc;
+
+ init_membuf (&data, 1024);
+#if 0
+ if (!hashalgo) /* Temporary test hack. */
+ snprintf (line, DIM(line)-1, "SCD PKAUTH %s", serialno);
+ else
+#endif
+ snprintf (line, DIM(line)-1, "SCD PKSIGN %s %s",
+ hash_algo_option (hashalgo), serialno);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (agent_ctx, line, membuf_data_cb, &data,
+ default_inq_cb, NULL, NULL, NULL);
+ if (rc)
+ {
+ xfree (get_membuf (&data, &len));
+ }
+ else
+ *r_buf = get_membuf (&data, r_buflen);
+
+ status_sc_op_failure (rc);
+ return rc;
+}
+
+
+/* Decrypt INDATA of length INDATALEN using the card identified by
+ SERIALNO. Return the plaintext in a nwly allocated buffer stored
+ at the address of R_BUF.
+
+ Note, we currently support only RSA or more exactly algorithms
+ taking one input data element. */
+int
+agent_scd_pkdecrypt (const char *serialno,
+ const unsigned char *indata, size_t indatalen,
+ unsigned char **r_buf, size_t *r_buflen)
+{
+ int rc, i;
+ char *p, line[ASSUAN_LINELENGTH];
+ membuf_t data;
+ size_t len;
+
+ *r_buf = NULL;
+ rc = start_agent (1);
+ if (gpg_err_code (rc) == GPG_ERR_CARD_NOT_PRESENT
+ || gpg_err_code (rc) == GPG_ERR_NOT_SUPPORTED)
+ rc = 0; /* We check later. */
+ if (rc)
+ return rc;
+
+ /* FIXME: use secure memory where appropriate */
+ if (indatalen*2 + 50 > DIM(line))
+ return gpg_error (GPG_ERR_GENERAL);
+
+ rc = select_openpgp (serialno);
+ if (rc)
+ return rc;
+
+ sprintf (line, "SCD SETDATA ");
+ p = line + strlen (line);
+ for (i=0; i < indatalen ; i++, p += 2 )
+ sprintf (p, "%02X", indata[i]);
+ rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return rc;
+
+ init_membuf (&data, 1024);
+ snprintf (line, DIM(line)-1, "SCD PKDECRYPT %s", serialno);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (agent_ctx, line,
+ membuf_data_cb, &data,
+ default_inq_cb, NULL, NULL, NULL);
+ if (rc)
+ {
+ xfree (get_membuf (&data, &len));
+ }
+ else
+ {
+ *r_buf = get_membuf (&data, r_buflen);
+ if (!*r_buf)
+ rc = gpg_error (GPG_ERR_ENOMEM);
+ }
+
+ status_sc_op_failure (rc);
+ return rc;
+}
+
+
+
+/* Send a READCERT command to the SCdaemon. */
+int
+agent_scd_readcert (const char *certidstr,
+ void **r_buf, size_t *r_buflen)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+ membuf_t data;
+ size_t len;
+
+ *r_buf = NULL;
+ rc = start_agent (1);
+ if (rc)
+ return rc;
+
+ init_membuf (&data, 2048);
+
+ snprintf (line, DIM(line)-1, "SCD READCERT %s", certidstr);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (agent_ctx, line,
+ membuf_data_cb, &data,
+ default_inq_cb, NULL, NULL, NULL);
+ if (rc)
+ {
+ xfree (get_membuf (&data, &len));
+ return rc;
+ }
+ *r_buf = get_membuf (&data, r_buflen);
+ if (!*r_buf)
+ return gpg_error (GPG_ERR_ENOMEM);
+
+ return 0;
+}
+
+
+
+/* Change the PIN of an OpenPGP card or reset the retry counter.
+ CHVNO 1: Change the PIN
+ 2: For v1 cards: Same as 1.
+ For v2 cards: Reset the PIN using the Reset Code.
+ 3: Change the admin PIN
+ 101: Set a new PIN and reset the retry counter
+ 102: For v1 cars: Same as 101.
+ For v2 cards: Set a new Reset Code.
+ SERIALNO is not used.
+ */
+int
+agent_scd_change_pin (int chvno, const char *serialno)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+ const char *reset = "";
+
+ (void)serialno;
+
+ if (chvno >= 100)
+ reset = "--reset";
+ chvno %= 100;
+
+ rc = start_agent (1);
+ if (rc)
+ return rc;
+
+ snprintf (line, DIM(line)-1, "SCD PASSWD %s %d", reset, chvno);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (agent_ctx, line, NULL, NULL,
+ default_inq_cb, NULL, NULL, NULL);
+ status_sc_op_failure (rc);
+ return rc;
+}
+
+
+/* Perform a CHECKPIN operation. SERIALNO should be the serial
+ number of the card - optionally followed by the fingerprint;
+ however the fingerprint is ignored here. */
+int
+agent_scd_checkpin (const char *serialno)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+
+ rc = start_agent (1);
+ if (rc)
+ return rc;
+
+ snprintf (line, DIM(line)-1, "SCD CHECKPIN %s", serialno);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (agent_ctx, line,
+ NULL, NULL,
+ default_inq_cb, NULL, NULL, NULL);
+ status_sc_op_failure (rc);
+ return rc;
+}
+
+
+/* Dummy function, only used by the gpg 1.4 implementation. */
+void
+agent_clear_pin_cache (const char *sn)
+{
+ (void)sn;
+}
+
+
+
+
+/* Note: All strings shall be UTF-8. On success the caller needs to
+ free the string stored at R_PASSPHRASE. On error NULL will be
+ stored at R_PASSPHRASE and an appropriate fpf error code
+ returned. */
+gpg_error_t
+agent_get_passphrase (const char *cache_id,
+ const char *err_msg,
+ const char *prompt,
+ const char *desc_msg,
+ int repeat,
+ int check,
+ char **r_passphrase)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+ char *arg1 = NULL;
+ char *arg2 = NULL;
+ char *arg3 = NULL;
+ char *arg4 = NULL;
+ membuf_t data;
+
+ *r_passphrase = NULL;
+
+ rc = start_agent (0);
+ if (rc)
+ return rc;
+
+ /* Check that the gpg-agent understands the repeat option. */
+ if (assuan_transact (agent_ctx,
+ "GETINFO cmd_has_option GET_PASSPHRASE repeat",
+ NULL, NULL, NULL, NULL, NULL, NULL))
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ if (cache_id && *cache_id)
+ if (!(arg1 = percent_plus_escape (cache_id)))
+ goto no_mem;
+ if (err_msg && *err_msg)
+ if (!(arg2 = percent_plus_escape (err_msg)))
+ goto no_mem;
+ if (prompt && *prompt)
+ if (!(arg3 = percent_plus_escape (prompt)))
+ goto no_mem;
+ if (desc_msg && *desc_msg)
+ if (!(arg4 = percent_plus_escape (desc_msg)))
+ goto no_mem;
+
+ snprintf (line, DIM(line)-1,
+ "GET_PASSPHRASE --data --repeat=%d%s -- %s %s %s %s",
+ repeat,
+ check? " --check --qualitybar":"",
+ arg1? arg1:"X",
+ arg2? arg2:"X",
+ arg3? arg3:"X",
+ arg4? arg4:"X");
+ line[DIM(line)-1] = 0;
+ xfree (arg1);
+ xfree (arg2);
+ xfree (arg3);
+ xfree (arg4);
+
+ init_membuf_secure (&data, 64);
+ rc = assuan_transact (agent_ctx, line,
+ membuf_data_cb, &data,
+ default_inq_cb, NULL, NULL, NULL);
+
+ if (rc)
+ xfree (get_membuf (&data, NULL));
+ else
+ {
+ put_membuf (&data, "", 1);
+ *r_passphrase = get_membuf (&data, NULL);
+ if (!*r_passphrase)
+ rc = gpg_error_from_syserror ();
+ }
+ return rc;
+ no_mem:
+ rc = gpg_error_from_syserror ();
+ xfree (arg1);
+ xfree (arg2);
+ xfree (arg3);
+ xfree (arg4);
+ return rc;
+}
+
+
+gpg_error_t
+agent_clear_passphrase (const char *cache_id)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+
+ if (!cache_id || !*cache_id)
+ return 0;
+
+ rc = start_agent (0);
+ if (rc)
+ return rc;
+
+ snprintf (line, DIM(line)-1, "CLEAR_PASSPHRASE %s", cache_id);
+ line[DIM(line)-1] = 0;
+ return assuan_transact (agent_ctx, line, NULL, NULL,
+ default_inq_cb, NULL, NULL, NULL);
+}
+
+
+/* Ask the agent to pop up a confirmation dialog with the text DESC
+ and an okay and cancel button. */
+gpg_error_t
+gpg_agent_get_confirmation (const char *desc)
+{
+ int rc;
+ char *tmp;
+ char line[ASSUAN_LINELENGTH];
+
+ rc = start_agent (0);
+ if (rc)
+ return rc;
+
+ tmp = percent_plus_escape (desc);
+ if (!tmp)
+ return gpg_error_from_syserror ();
+ snprintf (line, DIM(line)-1, "GET_CONFIRMATION %s", tmp);
+ line[DIM(line)-1] = 0;
+ xfree (tmp);
+
+ rc = assuan_transact (agent_ctx, line, NULL, NULL,
+ default_inq_cb, NULL, NULL, NULL);
+ return rc;
+}
+
+
+/* Return the S2K iteration count as computed by gpg-agent. */
+gpg_error_t
+agent_get_s2k_count (unsigned long *r_count)
+{
+ gpg_error_t err;
+ membuf_t data;
+ char *buf;
+
+ *r_count = 0;
+
+ err = start_agent (0);
+ if (err)
+ return err;
+
+ init_membuf (&data, 32);
+ err = assuan_transact (agent_ctx, "GETINFO s2k_count",
+ membuf_data_cb, &data,
+ NULL, NULL, NULL, NULL);
+ if (err)
+ xfree (get_membuf (&data, NULL));
+ else
+ {
+ put_membuf (&data, "", 1);
+ buf = get_membuf (&data, NULL);
+ if (!buf)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ *r_count = strtoul (buf, NULL, 10);
+ xfree (buf);
+ }
+ }
+ return err;
+}
+
diff --git a/g10/call-agent.h b/g10/call-agent.h
new file mode 100644
index 0000000..9088e4a
--- /dev/null
+++ b/g10/call-agent.h
@@ -0,0 +1,145 @@
+/* call-agent.h - Divert operations to the agent
+ * Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef GNUPG_G10_CALL_AGENT_H
+#define GNUPG_G10_CALL_AGENT_H
+
+
+struct agent_card_info_s
+{
+ int error; /* private. */
+ char *apptype; /* Malloced application type string. */
+ char *serialno; /* malloced hex string. */
+ char *disp_name; /* malloced. */
+ char *disp_lang; /* malloced. */
+ int disp_sex; /* 0 = unspecified, 1 = male, 2 = female */
+ char *pubkey_url; /* malloced. */
+ char *login_data; /* malloced. */
+ char *private_do[4]; /* malloced. */
+ char cafpr1valid;
+ char cafpr2valid;
+ char cafpr3valid;
+ char cafpr1[20];
+ char cafpr2[20];
+ char cafpr3[20];
+ char fpr1valid;
+ char fpr2valid;
+ char fpr3valid;
+ char fpr1[20];
+ char fpr2[20];
+ char fpr3[20];
+ u32 fpr1time;
+ u32 fpr2time;
+ u32 fpr3time;
+ unsigned long sig_counter;
+ int chv1_cached; /* True if a PIN is not required for each
+ signing. Note that the gpg-agent might cache
+ it anyway. */
+ int is_v2; /* True if this is a v2 card. */
+ int chvmaxlen[3]; /* Maximum allowed length of a CHV. */
+ int chvretry[3]; /* Allowed retries for the CHV; 0 = blocked. */
+ struct { /* Array with key attributes. */
+ int algo; /* Algorithm identifier. */
+ unsigned int nbits; /* Supported keysize. */
+ } key_attr[3];
+ struct {
+ unsigned int ki:1; /* Key import available. */
+ unsigned int aac:1; /* Algorithm attributes are changeable. */
+ } extcap;
+};
+
+struct agent_card_genkey_s {
+ char fprvalid;
+ char fpr[20];
+ u32 created_at;
+ gcry_mpi_t n;
+ gcry_mpi_t e;
+};
+
+
+/* Release the card info structure. */
+void agent_release_card_info (struct agent_card_info_s *info);
+
+/* Return card info. */
+int agent_learn (struct agent_card_info_s *info);
+
+/* Update INFO with the attribute NAME. */
+int agent_scd_getattr (const char *name, struct agent_card_info_s *info);
+
+/* Send a SETATTR command to the SCdaemon. */
+int agent_scd_setattr (const char *name,
+ const unsigned char *value, size_t valuelen,
+ const char *serialno);
+
+/* Send a WRITECERT command to the SCdaemon. */
+int agent_scd_writecert (const char *certidstr,
+ const unsigned char *certdata, size_t certdatalen);
+
+/* Send a WRITEKEY command to the SCdaemon. */
+int agent_scd_writekey (int keyno, const char *serialno,
+ const unsigned char *keydata, size_t keydatalen);
+
+/* Send a GENKEY command to the SCdaemon. */
+int agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
+ const char *serialno, u32 createtime);
+
+/* Send a PKSIGN command to the SCdaemon. */
+int agent_scd_pksign (const char *keyid, int hashalgo,
+ const unsigned char *indata, size_t indatalen,
+ unsigned char **r_buf, size_t *r_buflen);
+
+/* Send a PKDECRYPT command to the SCdaemon. */
+int agent_scd_pkdecrypt (const char *serialno,
+ const unsigned char *indata, size_t indatalen,
+ unsigned char **r_buf, size_t *r_buflen);
+
+/* Send a READKEY command to the SCdaemon. */
+int agent_scd_readcert (const char *certidstr,
+ void **r_buf, size_t *r_buflen);
+
+/* Change the PIN of an OpenPGP card or reset the retry counter. */
+int agent_scd_change_pin (int chvno, const char *serialno);
+
+/* Send the CHECKPIN command to the SCdaemon. */
+int agent_scd_checkpin (const char *serialno);
+
+/* Dummy function, only implemented by gpg 1.4. */
+void agent_clear_pin_cache (const char *sn);
+
+
+/* Send the GET_PASSPHRASE command to the agent. */
+gpg_error_t agent_get_passphrase (const char *cache_id,
+ const char *err_msg,
+ const char *prompt,
+ const char *desc_msg,
+ int repeat,
+ int check,
+ char **r_passphrase);
+
+/* Send the CLEAR_PASSPHRASE command to the agent. */
+gpg_error_t agent_clear_passphrase (const char *cache_id);
+
+/* Present the prompt DESC and ask the user to confirm. */
+gpg_error_t gpg_agent_get_confirmation (const char *desc);
+
+/* Return the S2K iteration count as computed by gpg-agent. */
+gpg_error_t agent_get_s2k_count (unsigned long *r_count);
+
+
+#endif /*GNUPG_G10_CALL_AGENT_H*/
+
diff --git a/g10/card-util.c b/g10/card-util.c
new file mode 100644
index 0000000..801de57
--- /dev/null
+++ b/g10/card-util.c
@@ -0,0 +1,1996 @@
+/* card-util.c - Utility functions for the OpenPGP card.
+ * Copyright (C) 2003, 2004, 2005, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#ifdef HAVE_LIBREADLINE
+# define GNUPG_LIBREADLINE_H_INCLUDED
+# include <readline/readline.h>
+#endif /*HAVE_LIBREADLINE*/
+
+#if GNUPG_MAJOR_VERSION != 1
+# include "gpg.h"
+#endif /*GNUPG_MAJOR_VERSION != 1*/
+#include "util.h"
+#include "i18n.h"
+#include "ttyio.h"
+#include "status.h"
+#include "options.h"
+#include "main.h"
+#include "keyserver-internal.h"
+
+#if GNUPG_MAJOR_VERSION == 1
+# include "cardglue.h"
+#else /*GNUPG_MAJOR_VERSION!=1*/
+# include "call-agent.h"
+#endif /*GNUPG_MAJOR_VERSION!=1*/
+
+#define CONTROL_D ('D' - 'A' + 1)
+
+
+static void
+write_sc_op_status (gpg_error_t err)
+{
+ switch (gpg_err_code (err))
+ {
+ case 0:
+ write_status (STATUS_SC_OP_SUCCESS);
+ break;
+#if GNUPG_MAJOR_VERSION != 1
+ case GPG_ERR_CANCELED:
+ write_status_text (STATUS_SC_OP_FAILURE, "1");
+ break;
+ case GPG_ERR_BAD_PIN:
+ write_status_text (STATUS_SC_OP_FAILURE, "2");
+ break;
+ default:
+ write_status (STATUS_SC_OP_FAILURE);
+ break;
+#endif /* GNUPG_MAJOR_VERSION != 1 */
+ }
+}
+
+
+/* Change the PIN of a an OpenPGP card. This is an interactive
+ function. */
+void
+change_pin (int unblock_v2, int allow_admin)
+{
+ struct agent_card_info_s info;
+ int rc;
+
+ rc = agent_learn (&info);
+ if (rc)
+ {
+ log_error (_("OpenPGP card not available: %s\n"),
+ gpg_strerror (rc));
+ return;
+ }
+
+ log_info (_("OpenPGP card no. %s detected\n"),
+ info.serialno? info.serialno : "[none]");
+
+ agent_clear_pin_cache (info.serialno);
+
+ if (opt.batch)
+ {
+ agent_release_card_info (&info);
+ log_error (_("can't do this in batch mode\n"));
+ return;
+ }
+
+
+ if (unblock_v2)
+ {
+ if (!info.is_v2)
+ log_error (_("This command is only available for version 2 cards\n"));
+ else if (!info.chvretry[1])
+ log_error (_("Reset Code not or not anymore available\n"));
+ else
+ {
+ rc = agent_scd_change_pin (2, info.serialno);
+ write_sc_op_status (rc);
+ if (rc)
+ tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
+ else
+ tty_printf ("PIN changed.\n");
+ }
+ }
+ else if (!allow_admin)
+ {
+ rc = agent_scd_change_pin (1, info.serialno);
+ write_sc_op_status (rc);
+ if (rc)
+ tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
+ else
+ tty_printf ("PIN changed.\n");
+ }
+ else
+ for (;;)
+ {
+ char *answer;
+
+ tty_printf ("\n");
+ tty_printf ("1 - change PIN\n"
+ "2 - unblock PIN\n"
+ "3 - change Admin PIN\n"
+ "4 - set the Reset Code\n"
+ "Q - quit\n");
+ tty_printf ("\n");
+
+ answer = cpr_get("cardutil.change_pin.menu",_("Your selection? "));
+ cpr_kill_prompt();
+ if (strlen (answer) != 1)
+ continue;
+
+ rc = 0;
+ if (*answer == '1')
+ {
+ /* Change PIN. */
+ rc = agent_scd_change_pin (1, info.serialno);
+ write_sc_op_status (rc);
+ if (rc)
+ tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
+ else
+ tty_printf ("PIN changed.\n");
+ }
+ else if (*answer == '2')
+ {
+ /* Unblock PIN. */
+ rc = agent_scd_change_pin (101, info.serialno);
+ write_sc_op_status (rc);
+ if (rc)
+ tty_printf ("Error unblocking the PIN: %s\n", gpg_strerror (rc));
+ else
+ tty_printf ("PIN unblocked and new PIN set.\n");
+ }
+ else if (*answer == '3')
+ {
+ /* Change Admin PIN. */
+ rc = agent_scd_change_pin (3, info.serialno);
+ write_sc_op_status (rc);
+ if (rc)
+ tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
+ else
+ tty_printf ("PIN changed.\n");
+ }
+ else if (*answer == '4')
+ {
+ /* Set a new Reset Code. */
+ rc = agent_scd_change_pin (102, info.serialno);
+ write_sc_op_status (rc);
+ if (rc)
+ tty_printf ("Error setting the Reset Code: %s\n",
+ gpg_strerror (rc));
+ else
+ tty_printf ("Reset Code set.\n");
+ }
+ else if (*answer == 'q' || *answer == 'Q')
+ {
+ break;
+ }
+ }
+
+ agent_release_card_info (&info);
+}
+
+static const char *
+get_manufacturer (unsigned int no)
+{
+ /* Note: Make sure that there is no colon or linefeed in the string. */
+ switch (no)
+ {
+ case 0x0001: return "PPC Card Systems";
+ case 0x0002: return "Prism";
+ case 0x0003: return "OpenFortress";
+ case 0x0004: return "Wewid AB";
+ case 0x0005: return "ZeitControl";
+
+ case 0x002A: return "Magrathea";
+
+ case 0xF517: return "FSIJ";
+
+ /* 0x00000 and 0xFFFF are defined as test cards per spec,
+ 0xFFF00 to 0xFFFE are assigned for use with randomly created
+ serial numbers. */
+ case 0x0000:
+ case 0xffff: return "test card";
+ default: return (no & 0xff00) == 0xff00? "unmanaged S/N range":"unknown";
+ }
+}
+
+
+static void
+print_sha1_fpr (FILE *fp, const unsigned char *fpr)
+{
+ int i;
+
+ if (fpr)
+ {
+ for (i=0; i < 20 ; i+=2, fpr += 2 )
+ {
+ if (i == 10 )
+ tty_fprintf (fp, " ");
+ tty_fprintf (fp, " %02X%02X", *fpr, fpr[1]);
+ }
+ }
+ else
+ tty_fprintf (fp, " [none]");
+ tty_fprintf (fp, "\n");
+}
+
+
+static void
+print_sha1_fpr_colon (FILE *fp, const unsigned char *fpr)
+{
+ int i;
+
+ if (fpr)
+ {
+ for (i=0; i < 20 ; i++, fpr++)
+ fprintf (fp, "%02X", *fpr);
+ }
+ putc (':', fp);
+}
+
+
+static void
+print_name (FILE *fp, const char *text, const char *name)
+{
+ tty_fprintf (fp, "%s", text);
+
+ /* FIXME: tty_printf_utf8_string2 eats everything after and
+ including an @ - e.g. when printing an url. */
+ if (name && *name)
+ {
+ if (fp)
+ print_utf8_string2 (fp, name, strlen (name), '\n');
+ else
+ tty_print_utf8_string2 (name, strlen (name), 0);
+ }
+ else
+ tty_fprintf (fp, _("[not set]"));
+ tty_fprintf (fp, "\n");
+}
+
+static void
+print_isoname (FILE *fp, const char *text, const char *tag, const char *name)
+{
+ if (opt.with_colons)
+ fprintf (fp, "%s:", tag);
+ else
+ tty_fprintf (fp, "%s", text);
+
+ if (name && *name)
+ {
+ char *p, *given, *buf = xstrdup (name);
+
+ given = strstr (buf, "<<");
+ for (p=buf; *p; p++)
+ if (*p == '<')
+ *p = ' ';
+ if (given && given[2])
+ {
+ *given = 0;
+ given += 2;
+ if (opt.with_colons)
+ print_string (fp, given, strlen (given), ':');
+ else if (fp)
+ print_utf8_string2 (fp, given, strlen (given), '\n');
+ else
+ tty_print_utf8_string2 (given, strlen (given), 0);
+
+ if (opt.with_colons)
+ putc (':', fp);
+ else if (*buf)
+ tty_fprintf (fp, " ");
+ }
+
+ if (opt.with_colons)
+ print_string (fp, buf, strlen (buf), ':');
+ else if (fp)
+ print_utf8_string2 (fp, buf, strlen (buf), '\n');
+ else
+ tty_print_utf8_string2 (buf, strlen (buf), 0);
+ xfree (buf);
+ }
+ else
+ {
+ if (opt.with_colons)
+ putc (':', fp);
+ else
+ tty_fprintf (fp, _("[not set]"));
+ }
+
+ if (opt.with_colons)
+ fputs (":\n", fp);
+ else
+ tty_fprintf (fp, "\n");
+}
+
+/* Return true if the SHA1 fingerprint FPR consists only of zeroes. */
+static int
+fpr_is_zero (const char *fpr)
+{
+ int i;
+
+ for (i=0; i < 20 && !fpr[i]; i++)
+ ;
+ return (i == 20);
+}
+
+
+/* Return true if the SHA1 fingerprint FPR consists only of 0xFF. */
+static int
+fpr_is_ff (const char *fpr)
+{
+ int i;
+
+ for (i=0; i < 20 && fpr[i] == '\xff'; i++)
+ ;
+ return (i == 20);
+}
+
+
+/* Print all available information about the current card. */
+void
+card_status (FILE *fp, char *serialno, size_t serialnobuflen)
+{
+ struct agent_card_info_s info;
+ PKT_public_key *pk = xcalloc (1, sizeof *pk);
+ int rc;
+ unsigned int uval;
+ const unsigned char *thefpr;
+ int i;
+
+ if (serialno && serialnobuflen)
+ *serialno = 0;
+
+ rc = agent_learn (&info);
+ if (rc)
+ {
+ if (opt.with_colons)
+ fputs ("AID:::\n", fp);
+ log_error (_("OpenPGP card not available: %s\n"),
+ gpg_strerror (rc));
+ xfree (pk);
+ return;
+ }
+
+ if (opt.with_colons)
+ fprintf (fp, "AID:%s:", info.serialno? info.serialno : "");
+ else
+ tty_fprintf (fp, "Application ID ...: %s\n",
+ info.serialno? info.serialno : "[none]");
+ if (!info.serialno || strncmp (info.serialno, "D27600012401", 12)
+ || strlen (info.serialno) != 32 )
+ {
+ if (info.apptype && !strcmp (info.apptype, "NKS"))
+ {
+ if (opt.with_colons)
+ fputs ("netkey-card:\n", fp);
+ log_info ("this is a NetKey card\n");
+ }
+ else if (info.apptype && !strcmp (info.apptype, "DINSIG"))
+ {
+ if (opt.with_colons)
+ fputs ("dinsig-card:\n", fp);
+ log_info ("this is a DINSIG compliant card\n");
+ }
+ else if (info.apptype && !strcmp (info.apptype, "P15"))
+ {
+ if (opt.with_colons)
+ fputs ("pkcs15-card:\n", fp);
+ log_info ("this is a PKCS#15 compliant card\n");
+ }
+ else if (info.apptype && !strcmp (info.apptype, "GELDKARTE"))
+ {
+ if (opt.with_colons)
+ fputs ("geldkarte-card:\n", fp);
+ log_info ("this is a Geldkarte compliant card\n");
+ }
+ else
+ {
+ if (opt.with_colons)
+ fputs ("unknown:\n", fp);
+ }
+ log_info ("not an OpenPGP card\n");
+ agent_release_card_info (&info);
+ xfree (pk);
+ return;
+ }
+
+ if (!serialno)
+ ;
+ else if (strlen (serialno)+1 > serialnobuflen)
+ log_error ("serial number longer than expected\n");
+ else
+ strcpy (serialno, info.serialno);
+
+ if (opt.with_colons)
+ fputs ("openpgp-card:\n", fp);
+
+
+ if (opt.with_colons)
+ {
+ fprintf (fp, "version:%.4s:\n", info.serialno+12);
+ uval = xtoi_2(info.serialno+16)*256 + xtoi_2 (info.serialno+18);
+ fprintf (fp, "vendor:%04x:%s:\n", uval, get_manufacturer (uval));
+ fprintf (fp, "serial:%.8s:\n", info.serialno+20);
+
+ print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
+
+ fputs ("lang:", fp);
+ if (info.disp_lang)
+ print_string (fp, info.disp_lang, strlen (info.disp_lang), ':');
+ fputs (":\n", fp);
+
+ fprintf (fp, "sex:%c:\n", (info.disp_sex == 1? 'm':
+ info.disp_sex == 2? 'f' : 'u'));
+
+ fputs ("url:", fp);
+ if (info.pubkey_url)
+ print_string (fp, info.pubkey_url, strlen (info.pubkey_url), ':');
+ fputs (":\n", fp);
+
+ fputs ("login:", fp);
+ if (info.login_data)
+ print_string (fp, info.login_data, strlen (info.login_data), ':');
+ fputs (":\n", fp);
+
+ fprintf (fp, "forcepin:%d:::\n", !info.chv1_cached);
+ for (i=0; i < DIM (info.key_attr); i++)
+ if (info.key_attr[0].algo)
+ fprintf (fp, "keyattr:%d:%d:%u:\n", i+1,
+ info.key_attr[i].algo, info.key_attr[i].nbits);
+ fprintf (fp, "maxpinlen:%d:%d:%d:\n",
+ info.chvmaxlen[0], info.chvmaxlen[1], info.chvmaxlen[2]);
+ fprintf (fp, "pinretry:%d:%d:%d:\n",
+ info.chvretry[0], info.chvretry[1], info.chvretry[2]);
+ fprintf (fp, "sigcount:%lu:::\n", info.sig_counter);
+
+ for (i=0; i < 4; i++)
+ {
+ if (info.private_do[i])
+ {
+ fprintf (fp, "private_do:%d:", i+1);
+ print_string (fp, info.private_do[i],
+ strlen (info.private_do[i]), ':');
+ fputs (":\n", fp);
+ }
+ }
+
+ fputs ("cafpr:", fp);
+ print_sha1_fpr_colon (fp, info.cafpr1valid? info.cafpr1:NULL);
+ print_sha1_fpr_colon (fp, info.cafpr2valid? info.cafpr2:NULL);
+ print_sha1_fpr_colon (fp, info.cafpr3valid? info.cafpr3:NULL);
+ putc ('\n', fp);
+ fputs ("fpr:", fp);
+ print_sha1_fpr_colon (fp, info.fpr1valid? info.fpr1:NULL);
+ print_sha1_fpr_colon (fp, info.fpr2valid? info.fpr2:NULL);
+ print_sha1_fpr_colon (fp, info.fpr3valid? info.fpr3:NULL);
+ putc ('\n', fp);
+ fprintf (fp, "fprtime:%lu:%lu:%lu:\n",
+ (unsigned long)info.fpr1time, (unsigned long)info.fpr2time,
+ (unsigned long)info.fpr3time);
+ }
+ else
+ {
+ tty_fprintf (fp, "Version ..........: %.1s%c.%.1s%c\n",
+ info.serialno[12] == '0'?"":info.serialno+12,
+ info.serialno[13],
+ info.serialno[14] == '0'?"":info.serialno+14,
+ info.serialno[15]);
+ tty_fprintf (fp, "Manufacturer .....: %s\n",
+ get_manufacturer (xtoi_2(info.serialno+16)*256
+ + xtoi_2 (info.serialno+18)));
+ tty_fprintf (fp, "Serial number ....: %.8s\n", info.serialno+20);
+
+ print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
+ print_name (fp, "Language prefs ...: ", info.disp_lang);
+ tty_fprintf (fp, "Sex ..............: %s\n",
+ info.disp_sex == 1? _("male"):
+ info.disp_sex == 2? _("female") : _("unspecified"));
+ print_name (fp, "URL of public key : ", info.pubkey_url);
+ print_name (fp, "Login data .......: ", info.login_data);
+ if (info.private_do[0])
+ print_name (fp, "Private DO 1 .....: ", info.private_do[0]);
+ if (info.private_do[1])
+ print_name (fp, "Private DO 2 .....: ", info.private_do[1]);
+ if (info.private_do[2])
+ print_name (fp, "Private DO 3 .....: ", info.private_do[2]);
+ if (info.private_do[3])
+ print_name (fp, "Private DO 4 .....: ", info.private_do[3]);
+ if (info.cafpr1valid)
+ {
+ tty_fprintf (fp, "CA fingerprint %d .:", 1);
+ print_sha1_fpr (fp, info.cafpr1);
+ }
+ if (info.cafpr2valid)
+ {
+ tty_fprintf (fp, "CA fingerprint %d .:", 2);
+ print_sha1_fpr (fp, info.cafpr2);
+ }
+ if (info.cafpr3valid)
+ {
+ tty_fprintf (fp, "CA fingerprint %d .:", 3);
+ print_sha1_fpr (fp, info.cafpr3);
+ }
+ tty_fprintf (fp, "Signature PIN ....: %s\n",
+ info.chv1_cached? _("not forced"): _("forced"));
+ if (info.key_attr[0].algo)
+ {
+ tty_fprintf (fp, "Key attributes ...:");
+ for (i=0; i < DIM (info.key_attr); i++)
+ tty_fprintf (fp, " %u%c",
+ info.key_attr[i].nbits,
+ info.key_attr[i].algo == 1? 'R':
+ info.key_attr[i].algo == 17? 'D': '?');
+ tty_fprintf (fp, "\n");
+ }
+ tty_fprintf (fp, "Max. PIN lengths .: %d %d %d\n",
+ info.chvmaxlen[0], info.chvmaxlen[1], info.chvmaxlen[2]);
+ tty_fprintf (fp, "PIN retry counter : %d %d %d\n",
+ info.chvretry[0], info.chvretry[1], info.chvretry[2]);
+ tty_fprintf (fp, "Signature counter : %lu\n", info.sig_counter);
+ tty_fprintf (fp, "Signature key ....:");
+ print_sha1_fpr (fp, info.fpr1valid? info.fpr1:NULL);
+ if (info.fpr1valid && info.fpr1time)
+ tty_fprintf (fp, " created ....: %s\n",
+ isotimestamp (info.fpr1time));
+ tty_fprintf (fp, "Encryption key....:");
+ print_sha1_fpr (fp, info.fpr2valid? info.fpr2:NULL);
+ if (info.fpr2valid && info.fpr2time)
+ tty_fprintf (fp, " created ....: %s\n",
+ isotimestamp (info.fpr2time));
+ tty_fprintf (fp, "Authentication key:");
+ print_sha1_fpr (fp, info.fpr3valid? info.fpr3:NULL);
+ if (info.fpr3valid && info.fpr3time)
+ tty_fprintf (fp, " created ....: %s\n",
+ isotimestamp (info.fpr3time));
+ tty_fprintf (fp, "General key info..: ");
+
+ thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 :
+ info.fpr3valid? info.fpr3 : NULL);
+ /* If the fingerprint is all 0xff, the key has no asssociated
+ OpenPGP certificate. */
+ if ( thefpr && !fpr_is_ff (thefpr)
+ && !get_pubkey_byfprint (pk, thefpr, 20))
+ {
+ KBNODE keyblock = NULL;
+
+ print_pubkey_info (fp, pk);
+
+ if ( !get_seckeyblock_byfprint (&keyblock, thefpr, 20) )
+ print_card_key_info (fp, keyblock);
+ else if ( !get_keyblock_byfprint (&keyblock, thefpr, 20) )
+ {
+ release_kbnode (keyblock);
+ keyblock = NULL;
+
+ if (!auto_create_card_key_stub (info.serialno,
+ info.fpr1valid? info.fpr1:NULL,
+ info.fpr2valid? info.fpr2:NULL,
+ info.fpr3valid? info.fpr3:NULL))
+ {
+ if ( !get_seckeyblock_byfprint (&keyblock, thefpr, 20) )
+ print_card_key_info (fp, keyblock);
+ }
+ }
+
+ release_kbnode (keyblock);
+ }
+ else
+ tty_fprintf (fp, "[none]\n");
+ }
+
+ free_public_key (pk);
+ agent_release_card_info (&info);
+}
+
+
+static char *
+get_one_name (const char *prompt1, const char *prompt2)
+{
+ char *name;
+ int i;
+
+ for (;;)
+ {
+ name = cpr_get (prompt1, prompt2);
+ if (!name)
+ return NULL;
+ trim_spaces (name);
+ cpr_kill_prompt ();
+ for (i=0; name[i] && name[i] >= ' ' && name[i] <= 126; i++)
+ ;
+
+ /* The name must be in Latin-1 and not UTF-8 - lacking the code
+ to ensure this we restrict it to ASCII. */
+ if (name[i])
+ tty_printf (_("Error: Only plain ASCII is currently allowed.\n"));
+ else if (strchr (name, '<'))
+ tty_printf (_("Error: The \"<\" character may not be used.\n"));
+ else if (strstr (name, " "))
+ tty_printf (_("Error: Double spaces are not allowed.\n"));
+ else
+ return name;
+ xfree (name);
+ }
+}
+
+
+
+static int
+change_name (void)
+{
+ char *surname = NULL, *givenname = NULL;
+ char *isoname, *p;
+ int rc;
+
+ surname = get_one_name ("keygen.smartcard.surname",
+ _("Cardholder's surname: "));
+ givenname = get_one_name ("keygen.smartcard.givenname",
+ _("Cardholder's given name: "));
+ if (!surname || !givenname || (!*surname && !*givenname))
+ {
+ xfree (surname);
+ xfree (givenname);
+ return -1; /*canceled*/
+ }
+
+ isoname = xmalloc ( strlen (surname) + 2 + strlen (givenname) + 1);
+ strcpy (stpcpy (stpcpy (isoname, surname), "<<"), givenname);
+ xfree (surname);
+ xfree (givenname);
+ for (p=isoname; *p; p++)
+ if (*p == ' ')
+ *p = '<';
+
+ if (strlen (isoname) > 39 )
+ {
+ tty_printf (_("Error: Combined name too long "
+ "(limit is %d characters).\n"), 39);
+ xfree (isoname);
+ return -1;
+ }
+
+ rc = agent_scd_setattr ("DISP-NAME", isoname, strlen (isoname), NULL );
+ if (rc)
+ log_error ("error setting Name: %s\n", gpg_strerror (rc));
+
+ xfree (isoname);
+ return rc;
+}
+
+
+static int
+change_url (void)
+{
+ char *url;
+ int rc;
+
+ url = cpr_get ("cardedit.change_url", _("URL to retrieve public key: "));
+ if (!url)
+ return -1;
+ trim_spaces (url);
+ cpr_kill_prompt ();
+
+ if (strlen (url) > 254 )
+ {
+ tty_printf (_("Error: URL too long "
+ "(limit is %d characters).\n"), 254);
+ xfree (url);
+ return -1;
+ }
+
+ rc = agent_scd_setattr ("PUBKEY-URL", url, strlen (url), NULL );
+ if (rc)
+ log_error ("error setting URL: %s\n", gpg_strerror (rc));
+ xfree (url);
+ write_sc_op_status (rc);
+ return rc;
+}
+
+
+/* Fetch the key from the URL given on the card or try to get it from
+ the default keyserver. */
+static int
+fetch_url(void)
+{
+ int rc;
+ struct agent_card_info_s info;
+
+ memset(&info,0,sizeof(info));
+
+ rc=agent_scd_getattr("PUBKEY-URL",&info);
+ if(rc)
+ log_error("error retrieving URL from card: %s\n",gpg_strerror(rc));
+ else
+ {
+ struct keyserver_spec *spec=NULL;
+
+ rc=agent_scd_getattr("KEY-FPR",&info);
+ if(rc)
+ log_error("error retrieving key fingerprint from card: %s\n",
+ gpg_strerror(rc));
+ else if (info.pubkey_url && *info.pubkey_url)
+ {
+ spec=parse_keyserver_uri(info.pubkey_url,1,NULL,0);
+ if(spec && info.fpr1valid)
+ {
+ /* This is not perfectly right. Currently, all card
+ fingerprints are 20 digits, but what about
+ fingerprints for a future v5 key? We should get the
+ length from somewhere lower in the code. In any
+ event, the fpr/keyid is not meaningful for straight
+ HTTP fetches, but using it allows the card to point
+ to HKP and LDAP servers as well. */
+ rc=keyserver_import_fprint(info.fpr1,20,spec);
+ free_keyserver_spec(spec);
+ }
+ }
+ else if (info.fpr1valid)
+ {
+ rc = keyserver_import_fprint (info.fpr1, 20, opt.keyserver);
+ }
+ }
+
+ return rc;
+}
+
+
+/* Read data from file FNAME up to MAXLEN characters. On error return
+ -1 and store NULL at R_BUFFER; on success return the number of
+ bytes read and store the address of a newly allocated buffer at
+ R_BUFFER. */
+static int
+get_data_from_file (const char *fname, size_t maxlen, char **r_buffer)
+{
+ FILE *fp;
+ char *data;
+ int n;
+
+ *r_buffer = NULL;
+
+ fp = fopen (fname, "rb");
+#if GNUPG_MAJOR_VERSION == 1
+ if (fp && is_secured_file (fileno (fp)))
+ {
+ fclose (fp);
+ fp = NULL;
+ errno = EPERM;
+ }
+#endif
+ if (!fp)
+ {
+ tty_printf (_("can't open `%s': %s\n"), fname, strerror (errno));
+ return -1;
+ }
+
+ data = xtrymalloc (maxlen? maxlen:1);
+ if (!data)
+ {
+ tty_printf (_("error allocating enough memory: %s\n"), strerror (errno));
+ fclose (fp);
+ return -1;
+ }
+
+ if (maxlen)
+ n = fread (data, 1, maxlen, fp);
+ else
+ n = 0;
+ fclose (fp);
+ if (n < 0)
+ {
+ tty_printf (_("error reading `%s': %s\n"), fname, strerror (errno));
+ xfree (data);
+ return -1;
+ }
+ *r_buffer = data;
+ return n;
+}
+
+
+/* Write LENGTH bytes from BUFFER to file FNAME. Return 0 on
+ success. */
+static int
+put_data_to_file (const char *fname, const void *buffer, size_t length)
+{
+ FILE *fp;
+
+ fp = fopen (fname, "wb");
+#if GNUPG_MAJOR_VERSION == 1
+ if (fp && is_secured_file (fileno (fp)))
+ {
+ fclose (fp);
+ fp = NULL;
+ errno = EPERM;
+ }
+#endif
+ if (!fp)
+ {
+ tty_printf (_("can't create `%s': %s\n"), fname, strerror (errno));
+ return -1;
+ }
+
+ if (length && fwrite (buffer, length, 1, fp) != 1)
+ {
+ tty_printf (_("error writing `%s': %s\n"), fname, strerror (errno));
+ fclose (fp);
+ return -1;
+ }
+ fclose (fp);
+ return 0;
+}
+
+
+static int
+change_login (const char *args)
+{
+ char *data;
+ int n;
+ int rc;
+
+ if (args && *args == '<') /* Read it from a file */
+ {
+ for (args++; spacep (args); args++)
+ ;
+ n = get_data_from_file (args, 254, &data);
+ if (n < 0)
+ return -1;
+ }
+ else
+ {
+ data = cpr_get ("cardedit.change_login",
+ _("Login data (account name): "));
+ if (!data)
+ return -1;
+ trim_spaces (data);
+ cpr_kill_prompt ();
+ n = strlen (data);
+ }
+
+ if (n > 254 )
+ {
+ tty_printf (_("Error: Login data too long "
+ "(limit is %d characters).\n"), 254);
+ xfree (data);
+ return -1;
+ }
+
+ rc = agent_scd_setattr ("LOGIN-DATA", data, n, NULL );
+ if (rc)
+ log_error ("error setting login data: %s\n", gpg_strerror (rc));
+ xfree (data);
+ write_sc_op_status (rc);
+ return rc;
+}
+
+static int
+change_private_do (const char *args, int nr)
+{
+ char do_name[] = "PRIVATE-DO-X";
+ char *data;
+ int n;
+ int rc;
+
+ assert (nr >= 1 && nr <= 4);
+ do_name[11] = '0' + nr;
+
+ if (args && (args = strchr (args, '<'))) /* Read it from a file */
+ {
+ for (args++; spacep (args); args++)
+ ;
+ n = get_data_from_file (args, 254, &data);
+ if (n < 0)
+ return -1;
+ }
+ else
+ {
+ data = cpr_get ("cardedit.change_private_do",
+ _("Private DO data: "));
+ if (!data)
+ return -1;
+ trim_spaces (data);
+ cpr_kill_prompt ();
+ n = strlen (data);
+ }
+
+ if (n > 254 )
+ {
+ tty_printf (_("Error: Private DO too long "
+ "(limit is %d characters).\n"), 254);
+ xfree (data);
+ return -1;
+ }
+
+ rc = agent_scd_setattr (do_name, data, n, NULL );
+ if (rc)
+ log_error ("error setting private DO: %s\n", gpg_strerror (rc));
+ xfree (data);
+ write_sc_op_status (rc);
+ return rc;
+}
+
+
+static int
+change_cert (const char *args)
+{
+ char *data;
+ int n;
+ int rc;
+
+ if (args && *args == '<') /* Read it from a file */
+ {
+ for (args++; spacep (args); args++)
+ ;
+ n = get_data_from_file (args, 16384, &data);
+ if (n < 0)
+ return -1;
+ }
+ else
+ {
+ tty_printf ("usage error: redirection to file required\n");
+ return -1;
+ }
+
+ rc = agent_scd_writecert ("OPENPGP.3", data, n);
+ if (rc)
+ log_error ("error writing certificate to card: %s\n", gpg_strerror (rc));
+ xfree (data);
+ write_sc_op_status (rc);
+ return rc;
+}
+
+
+static int
+read_cert (const char *args)
+{
+ const char *fname;
+ void *buffer;
+ size_t length;
+ int rc;
+
+ if (args && *args == '>') /* Write it to a file */
+ {
+ for (args++; spacep (args); args++)
+ ;
+ fname = args;
+ }
+ else
+ {
+ tty_printf ("usage error: redirection to file required\n");
+ return -1;
+ }
+
+ rc = agent_scd_readcert ("OPENPGP.3", &buffer, &length);
+ if (rc)
+ log_error ("error reading certificate from card: %s\n", gpg_strerror (rc));
+ else
+ rc = put_data_to_file (fname, buffer, length);
+ xfree (buffer);
+ write_sc_op_status (rc);
+ return rc;
+}
+
+
+static int
+change_lang (void)
+{
+ char *data, *p;
+ int rc;
+
+ data = cpr_get ("cardedit.change_lang",
+ _("Language preferences: "));
+ if (!data)
+ return -1;
+ trim_spaces (data);
+ cpr_kill_prompt ();
+
+ if (strlen (data) > 8 || (strlen (data) & 1))
+ {
+ tty_printf (_("Error: invalid length of preference string.\n"));
+ xfree (data);
+ return -1;
+ }
+
+ for (p=data; *p && *p >= 'a' && *p <= 'z'; p++)
+ ;
+ if (*p)
+ {
+ tty_printf (_("Error: invalid characters in preference string.\n"));
+ xfree (data);
+ return -1;
+ }
+
+ rc = agent_scd_setattr ("DISP-LANG", data, strlen (data), NULL );
+ if (rc)
+ log_error ("error setting lang: %s\n", gpg_strerror (rc));
+ xfree (data);
+ write_sc_op_status (rc);
+ return rc;
+}
+
+
+static int
+change_sex (void)
+{
+ char *data;
+ const char *str;
+ int rc;
+
+ data = cpr_get ("cardedit.change_sex",
+ _("Sex ((M)ale, (F)emale or space): "));
+ if (!data)
+ return -1;
+ trim_spaces (data);
+ cpr_kill_prompt ();
+
+ if (!*data)
+ str = "9";
+ else if ((*data == 'M' || *data == 'm') && !data[1])
+ str = "1";
+ else if ((*data == 'F' || *data == 'f') && !data[1])
+ str = "2";
+ else
+ {
+ tty_printf (_("Error: invalid response.\n"));
+ xfree (data);
+ return -1;
+ }
+
+ rc = agent_scd_setattr ("DISP-SEX", str, 1, NULL );
+ if (rc)
+ log_error ("error setting sex: %s\n", gpg_strerror (rc));
+ xfree (data);
+ write_sc_op_status (rc);
+ return rc;
+}
+
+
+static int
+change_cafpr (int fprno)
+{
+ char *data;
+ const char *s;
+ int i, c, rc;
+ unsigned char fpr[20];
+
+ data = cpr_get ("cardedit.change_cafpr", _("CA fingerprint: "));
+ if (!data)
+ return -1;
+ trim_spaces (data);
+ cpr_kill_prompt ();
+
+ for (i=0, s=data; i < 20 && *s; )
+ {
+ while (spacep(s))
+ s++;
+ if (*s == ':')
+ s++;
+ while (spacep(s))
+ s++;
+ c = hextobyte (s);
+ if (c == -1)
+ break;
+ fpr[i++] = c;
+ s += 2;
+ }
+ xfree (data);
+ if (i != 20 || *s)
+ {
+ tty_printf (_("Error: invalid formatted fingerprint.\n"));
+ return -1;
+ }
+
+ rc = agent_scd_setattr (fprno==1?"CA-FPR-1":
+ fprno==2?"CA-FPR-2":
+ fprno==3?"CA-FPR-3":"x", fpr, 20, NULL );
+ if (rc)
+ log_error ("error setting cafpr: %s\n", gpg_strerror (rc));
+ write_sc_op_status (rc);
+ return rc;
+}
+
+
+
+static void
+toggle_forcesig (void)
+{
+ struct agent_card_info_s info;
+ int rc;
+ int newstate;
+
+ memset (&info, 0, sizeof info);
+ rc = agent_scd_getattr ("CHV-STATUS", &info);
+ if (rc)
+ {
+ log_error ("error getting current status: %s\n", gpg_strerror (rc));
+ return;
+ }
+ newstate = !info.chv1_cached;
+ agent_release_card_info (&info);
+
+ rc = agent_scd_setattr ("CHV-STATUS-1", newstate? "\x01":"", 1, NULL);
+ if (rc)
+ log_error ("error toggling signature PIN flag: %s\n", gpg_strerror (rc));
+ write_sc_op_status (rc);
+}
+
+
+/* Helper for the key generation/edit functions. */
+static int
+get_info_for_key_operation (struct agent_card_info_s *info)
+{
+ int rc;
+
+ memset (info, 0, sizeof *info);
+ rc = agent_scd_getattr ("SERIALNO", info);
+ if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12)
+ || strlen (info->serialno) != 32 )
+ {
+ log_error (_("key operation not possible: %s\n"),
+ rc ? gpg_strerror (rc) : _("not an OpenPGP card"));
+ return rc? rc: -1;
+ }
+ rc = agent_scd_getattr ("KEY-FPR", info);
+ if (!rc)
+ rc = agent_scd_getattr ("CHV-STATUS", info);
+ if (!rc)
+ rc = agent_scd_getattr ("DISP-NAME", info);
+ if (!rc)
+ rc = agent_scd_getattr ("EXTCAP", info);
+ if (!rc)
+ rc = agent_scd_getattr ("KEY-ATTR", info);
+ if (rc)
+ log_error (_("error getting current key info: %s\n"), gpg_strerror (rc));
+ return rc;
+}
+
+
+/* Helper for the key generation/edit functions. */
+static int
+check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1)
+{
+ int rc = 0;
+
+ agent_clear_pin_cache (info->serialno);
+
+ *forced_chv1 = !info->chv1_cached;
+ if (*forced_chv1)
+ { /* Switch off the forced mode so that during key generation we
+ don't get bothered with PIN queries for each
+ self-signature. */
+ rc = agent_scd_setattr ("CHV-STATUS-1", "\x01", 1, info->serialno);
+ if (rc)
+ {
+ log_error ("error clearing forced signature PIN flag: %s\n",
+ gpg_strerror (rc));
+ *forced_chv1 = 0;
+ }
+ }
+
+ if (!rc)
+ {
+ /* Check the PIN now, so that we won't get asked later for each
+ binding signature. */
+ rc = agent_scd_checkpin (info->serialno);
+ if (rc)
+ {
+ log_error ("error checking the PIN: %s\n", gpg_strerror (rc));
+ write_sc_op_status (rc);
+ }
+ }
+ return rc;
+}
+
+/* Helper for the key generation/edit functions. */
+static void
+restore_forced_chv1 (int *forced_chv1)
+{
+ int rc;
+
+ if (*forced_chv1)
+ { /* Switch back to forced state. */
+ rc = agent_scd_setattr ("CHV-STATUS-1", "", 1, NULL);
+ if (rc)
+ {
+ log_error ("error setting forced signature PIN flag: %s\n",
+ gpg_strerror (rc));
+ }
+ }
+}
+
+
+/* Helper for the key generation/edit functions. */
+static void
+show_card_key_info (struct agent_card_info_s *info)
+{
+ tty_fprintf (NULL, "Signature key ....:");
+ print_sha1_fpr (NULL, info->fpr1valid? info->fpr1:NULL);
+ tty_fprintf (NULL, "Encryption key....:");
+ print_sha1_fpr (NULL, info->fpr2valid? info->fpr2:NULL);
+ tty_fprintf (NULL, "Authentication key:");
+ print_sha1_fpr (NULL, info->fpr3valid? info->fpr3:NULL);
+ tty_printf ("\n");
+}
+
+
+/* Helper for the key generation/edit functions. */
+static int
+replace_existing_key_p (struct agent_card_info_s *info, int keyno)
+{
+ assert (keyno >= 0 && keyno <= 3);
+
+ if ((keyno == 1 && info->fpr1valid)
+ || (keyno == 2 && info->fpr2valid)
+ || (keyno == 3 && info->fpr3valid))
+ {
+ tty_printf ("\n");
+ log_info ("WARNING: such a key has already been stored on the card!\n");
+ tty_printf ("\n");
+ if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_key",
+ _("Replace existing key? (y/N) ")))
+ return -1;
+ }
+ return 0;
+}
+
+
+static void
+show_keysize_warning (void)
+{
+ static int shown;
+
+ if (shown)
+ return;
+ shown = 1;
+ tty_printf
+ (_("NOTE: There is no guarantee that the card "
+ "supports the requested size.\n"
+ " If the key generation does not succeed, "
+ "please check the\n"
+ " documentation of your card to see what "
+ "sizes are allowed.\n"));
+}
+
+
+/* Ask for the size of a card key. NBITS is the current size
+ configured for the card. KEYNO is the number of the key used to
+ select the prompt. Returns 0 to use the default size (i.e. NBITS)
+ or the selected size. */
+static unsigned int
+ask_card_keysize (int keyno, unsigned int nbits)
+{
+ unsigned int min_nbits = 1024;
+ unsigned int max_nbits = 4096;
+ char *prompt, *answer;
+ unsigned int req_nbits;
+
+ for (;;)
+ {
+ prompt = xasprintf
+ (keyno == 0?
+ _("What keysize do you want for the Signature key? (%u) "):
+ keyno == 1?
+ _("What keysize do you want for the Encryption key? (%u) "):
+ _("What keysize do you want for the Authentication key? (%u) "),
+ nbits);
+ answer = cpr_get ("cardedit.genkeys.size", prompt);
+ cpr_kill_prompt ();
+ req_nbits = *answer? atoi (answer): nbits;
+ xfree (prompt);
+ xfree (answer);
+
+ if (req_nbits != nbits && (req_nbits % 32) )
+ {
+ req_nbits = ((req_nbits + 31) / 32) * 32;
+ tty_printf (_("rounded up to %u bits\n"), req_nbits);
+ }
+
+ if (req_nbits == nbits)
+ return 0; /* Use default. */
+
+ if (req_nbits < min_nbits || req_nbits > max_nbits)
+ {
+ tty_printf (_("%s keysizes must be in the range %u-%u\n"),
+ "RSA", min_nbits, max_nbits);
+ }
+ else
+ {
+ tty_printf (_("The card will now be re-configured "
+ "to generate a key of %u bits\n"), req_nbits);
+ show_keysize_warning ();
+ return req_nbits;
+ }
+ }
+}
+
+
+/* Change the size of key KEYNO (0..2) to NBITS and show an error
+ message if that fails. */
+static gpg_error_t
+do_change_keysize (int keyno, unsigned int nbits)
+{
+ gpg_error_t err;
+ char args[100];
+
+ snprintf (args, sizeof args, "--force %d 1 %u", keyno+1, nbits);
+ err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL);
+ if (err)
+ log_error (_("error changing size of key %d to %u bits: %s\n"),
+ keyno+1, nbits, gpg_strerror (err));
+ return err;
+}
+
+
+static void
+generate_card_keys (void)
+{
+ struct agent_card_info_s info;
+ int forced_chv1;
+ int want_backup;
+ int keyno;
+
+ if (get_info_for_key_operation (&info))
+ return;
+
+ if (info.extcap.ki)
+ {
+ char *answer;
+
+ answer = cpr_get ("cardedit.genkeys.backup_enc",
+ _("Make off-card backup of encryption key? (Y/n) "));
+
+ want_backup = answer_is_yes_no_default (answer, 1/*(default to Yes)*/);
+ cpr_kill_prompt ();
+ xfree (answer);
+ }
+ else
+ want_backup = 0;
+
+ if ( (info.fpr1valid && !fpr_is_zero (info.fpr1))
+ || (info.fpr2valid && !fpr_is_zero (info.fpr2))
+ || (info.fpr3valid && !fpr_is_zero (info.fpr3)))
+ {
+ tty_printf ("\n");
+ log_info (_("NOTE: keys are already stored on the card!\n"));
+ tty_printf ("\n");
+ if ( !cpr_get_answer_is_yes ("cardedit.genkeys.replace_keys",
+ _("Replace existing keys? (y/N) ")))
+ {
+ agent_release_card_info (&info);
+ return;
+ }
+ }
+
+ /* If no displayed name has been set, we assume that this is a fresh
+ card and print a hint about the default PINs. */
+ if (!info.disp_name || !*info.disp_name)
+ {
+ tty_printf ("\n");
+ tty_printf (_("Please note that the factory settings of the PINs are\n"
+ " PIN = `%s' Admin PIN = `%s'\n"
+ "You should change them using the command --change-pin\n"),
+ "123456", "12345678");
+ tty_printf ("\n");
+ }
+
+ if (check_pin_for_key_operation (&info, &forced_chv1))
+ goto leave;
+
+ /* If the cards features changeable key attributes, we ask for the
+ key size. */
+ if (info.is_v2 && info.extcap.aac)
+ {
+ unsigned int nbits;
+
+ for (keyno = 0; keyno < DIM (info.key_attr); keyno++)
+ {
+ nbits = ask_card_keysize (keyno, info.key_attr[keyno].nbits);
+ if (nbits && do_change_keysize (keyno, nbits))
+ {
+ /* Error: Better read the default key size again. */
+ agent_release_card_info (&info);
+ if (get_info_for_key_operation (&info))
+ goto leave;
+ /* Ask again for this key size. */
+ keyno--;
+ }
+ }
+ /* Note that INFO has not be synced. However we will only use
+ the serialnumber and thus it won't harm. */
+ }
+
+ generate_keypair (NULL, info.serialno, want_backup? opt.homedir:NULL);
+
+ leave:
+ agent_release_card_info (&info);
+ restore_forced_chv1 (&forced_chv1);
+}
+
+
+/* This function is used by the key edit menu to generate an arbitrary
+ subkey. */
+int
+card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock)
+{
+ struct agent_card_info_s info;
+ int okay = 0;
+ int forced_chv1 = 0;
+ int keyno;
+
+ if (get_info_for_key_operation (&info))
+ return 0;
+
+ show_card_key_info (&info);
+
+ tty_printf (_("Please select the type of key to generate:\n"));
+
+ tty_printf (_(" (1) Signature key\n"));
+ tty_printf (_(" (2) Encryption key\n"));
+ tty_printf (_(" (3) Authentication key\n"));
+
+ for (;;)
+ {
+ char *answer = cpr_get ("cardedit.genkeys.subkeytype",
+ _("Your selection? "));
+ cpr_kill_prompt();
+ if (*answer == CONTROL_D)
+ {
+ xfree (answer);
+ goto leave;
+ }
+ keyno = *answer? atoi(answer): 0;
+ xfree(answer);
+ if (keyno >= 1 && keyno <= 3)
+ break; /* Okay. */
+ tty_printf(_("Invalid selection.\n"));
+ }
+
+ if (replace_existing_key_p (&info, keyno))
+ goto leave;
+
+ if (check_pin_for_key_operation (&info, &forced_chv1))
+ goto leave;
+
+ /* If the cards features changeable key attributes, we ask for the
+ key size. */
+ if (info.is_v2 && info.extcap.aac)
+ {
+ unsigned int nbits;
+
+ ask_again:
+ nbits = ask_card_keysize (keyno-1, info.key_attr[keyno-1].nbits);
+ if (nbits && do_change_keysize (keyno-1, nbits))
+ {
+ /* Error: Better read the default key size again. */
+ agent_release_card_info (&info);
+ if (get_info_for_key_operation (&info))
+ goto leave;
+ goto ask_again;
+ }
+ /* Note that INFO has not be synced. However we will only use
+ the serialnumber and thus it won't harm. */
+ }
+
+ okay = generate_card_subkeypair (pub_keyblock, sec_keyblock,
+ keyno, info.serialno);
+
+ leave:
+ agent_release_card_info (&info);
+ restore_forced_chv1 (&forced_chv1);
+ return okay;
+}
+
+
+/* Store the key at NODE into the smartcard and modify NODE to
+ carry the serialno stuff instead of the actual secret key
+ parameters. USE is the usage for that key; 0 means any
+ usage. */
+int
+card_store_subkey (KBNODE node, int use)
+{
+ struct agent_card_info_s info;
+ int okay = 0;
+ int rc;
+ int keyno, i;
+ PKT_secret_key *copied_sk = NULL;
+ PKT_secret_key *sk;
+ size_t n;
+ const char *s;
+ int allow_keyno[3];
+ unsigned int nbits;
+
+
+ assert (node->pkt->pkttype == PKT_SECRET_KEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY);
+ sk = node->pkt->pkt.secret_key;
+
+ if (get_info_for_key_operation (&info))
+ return 0;
+
+ if (!info.extcap.ki)
+ {
+ tty_printf ("The card does not support the import of keys\n");
+ tty_printf ("\n");
+ goto leave;
+ }
+
+ show_card_key_info (&info);
+
+ nbits = nbits_from_sk (sk);
+
+ if (!is_RSA (sk->pubkey_algo) || (!info.is_v2 && nbits != 1024) )
+ {
+ tty_printf ("You may only store a 1024 bit RSA key on the card\n");
+ tty_printf ("\n");
+ goto leave;
+ }
+
+ allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG)));
+ allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC)));
+ allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH)));
+
+ tty_printf (_("Please select where to store the key:\n"));
+
+ if (allow_keyno[0])
+ tty_printf (_(" (1) Signature key\n"));
+ if (allow_keyno[1])
+ tty_printf (_(" (2) Encryption key\n"));
+ if (allow_keyno[2])
+ tty_printf (_(" (3) Authentication key\n"));
+
+ for (;;)
+ {
+ char *answer = cpr_get ("cardedit.genkeys.storekeytype",
+ _("Your selection? "));
+ cpr_kill_prompt();
+ if (*answer == CONTROL_D || !*answer)
+ {
+ xfree (answer);
+ goto leave;
+ }
+ keyno = *answer? atoi(answer): 0;
+ xfree(answer);
+ if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1])
+ {
+ if (info.is_v2 && !info.extcap.aac
+ && info.key_attr[keyno-1].nbits != nbits)
+ {
+ tty_printf ("Key does not match the card's capability.\n");
+ }
+ else
+ break; /* Okay. */
+ }
+ else
+ tty_printf(_("Invalid selection.\n"));
+ }
+
+ if (replace_existing_key_p (&info, keyno))
+ goto leave;
+
+ /* Unprotect key. */
+ switch (is_secret_key_protected (sk) )
+ {
+ case 0: /* Not protected. */
+ break;
+ case -1:
+ log_error (_("unknown key protection algorithm\n"));
+ goto leave;
+ default:
+ if (sk->protect.s2k.mode == 1001)
+ {
+ log_error (_("secret parts of key are not available\n"));
+ goto leave;
+ }
+ if (sk->protect.s2k.mode == 1002)
+ {
+ log_error (_("secret key already stored on a card\n"));
+ goto leave;
+ }
+ /* We better copy the key before we unprotect it. */
+ copied_sk = sk = copy_secret_key (NULL, sk);
+ rc = check_secret_key (sk, 0);
+ if (rc)
+ goto leave;
+ }
+
+ rc = save_unprotected_key_to_card (sk, keyno);
+ if (rc)
+ {
+ log_error (_("error writing key to card: %s\n"), gpg_strerror (rc));
+ goto leave;
+ }
+
+ /* Get back to the maybe protected original secret key. */
+ if (copied_sk)
+ {
+ free_secret_key (copied_sk);
+ copied_sk = NULL;
+ }
+ sk = node->pkt->pkt.secret_key;
+
+ /* Get rid of the secret key parameters and store the serial numer. */
+ n = pubkey_get_nskey (sk->pubkey_algo);
+ for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++)
+ {
+ gcry_mpi_release (sk->skey[i]);
+ sk->skey[i] = NULL;
+ }
+ i = pubkey_get_npkey (sk->pubkey_algo);
+ sk->skey[i] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8);
+ sk->is_protected = 1;
+ sk->protect.s2k.mode = 1002;
+ s = info.serialno;
+ for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
+ sk->protect.ivlen++, s += 2)
+ sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
+
+ okay = 1;
+
+ leave:
+ if (copied_sk)
+ free_secret_key (copied_sk);
+ agent_release_card_info (&info);
+ return okay;
+}
+
+
+
+/* Data used by the command parser. This needs to be outside of the
+ function scope to allow readline based command completion. */
+enum cmdids
+ {
+ cmdNOP = 0,
+ cmdQUIT, cmdADMIN, cmdHELP, cmdLIST, cmdDEBUG, cmdVERIFY,
+ cmdNAME, cmdURL, cmdFETCH, cmdLOGIN, cmdLANG, cmdSEX, cmdCAFPR,
+ cmdFORCESIG, cmdGENERATE, cmdPASSWD, cmdPRIVATEDO, cmdWRITECERT,
+ cmdREADCERT, cmdUNBLOCK,
+ cmdINVCMD
+ };
+
+static struct
+{
+ const char *name;
+ enum cmdids id;
+ int admin_only;
+ const char *desc;
+} cmds[] =
+ {
+ { "quit" , cmdQUIT , 0, N_("quit this menu")},
+ { "q" , cmdQUIT , 0, NULL },
+ { "admin" , cmdADMIN , 0, N_("show admin commands")},
+ { "help" , cmdHELP , 0, N_("show this help")},
+ { "?" , cmdHELP , 0, NULL },
+ { "list" , cmdLIST , 0, N_("list all available data")},
+ { "l" , cmdLIST , 0, NULL },
+ { "debug" , cmdDEBUG , 0, NULL },
+ { "name" , cmdNAME , 1, N_("change card holder's name")},
+ { "url" , cmdURL , 1, N_("change URL to retrieve key")},
+ { "fetch" , cmdFETCH , 0, N_("fetch the key specified in the card URL")},
+ { "login" , cmdLOGIN , 1, N_("change the login name")},
+ { "lang" , cmdLANG , 1, N_("change the language preferences")},
+ { "sex" , cmdSEX , 1, N_("change card holder's sex")},
+ { "cafpr" , cmdCAFPR , 1, N_("change a CA fingerprint")},
+ { "forcesig", cmdFORCESIG, 1, N_("toggle the signature force PIN flag")},
+ { "generate", cmdGENERATE, 1, N_("generate new keys")},
+ { "passwd" , cmdPASSWD, 0, N_("menu to change or unblock the PIN")},
+ { "verify" , cmdVERIFY, 0, N_("verify the PIN and list all data")},
+ { "unblock" , cmdUNBLOCK,0, N_("unblock the PIN using a Reset Code") },
+ /* Note, that we do not announce these command yet. */
+ { "privatedo", cmdPRIVATEDO, 0, NULL },
+ { "readcert", cmdREADCERT, 0, NULL },
+ { "writecert", cmdWRITECERT, 1, NULL },
+ { NULL, cmdINVCMD, 0, NULL }
+ };
+
+
+#ifdef HAVE_LIBREADLINE
+
+/* These two functions are used by readline for command completion. */
+
+static char *
+command_generator(const char *text,int state)
+{
+ static int list_index,len;
+ const char *name;
+
+ /* If this is a new word to complete, initialize now. This includes
+ saving the length of TEXT for efficiency, and initializing the
+ index variable to 0. */
+ if(!state)
+ {
+ list_index=0;
+ len=strlen(text);
+ }
+
+ /* Return the next partial match */
+ while((name=cmds[list_index].name))
+ {
+ /* Only complete commands that have help text */
+ if(cmds[list_index++].desc && strncmp(name,text,len)==0)
+ return strdup(name);
+ }
+
+ return NULL;
+}
+
+static char **
+card_edit_completion(const char *text, int start, int end)
+{
+ (void)end;
+ /* If we are at the start of a line, we try and command-complete.
+ If not, just do nothing for now. */
+
+ if(start==0)
+ return rl_completion_matches(text,command_generator);
+
+ rl_attempted_completion_over=1;
+
+ return NULL;
+}
+#endif /*HAVE_LIBREADLINE*/
+
+/* Menu to edit all user changeable values on an OpenPGP card. Only
+ Key creation is not handled here. */
+void
+card_edit (strlist_t commands)
+{
+ enum cmdids cmd = cmdNOP;
+ int have_commands = !!commands;
+ int redisplay = 1;
+ char *answer = NULL;
+ int allow_admin=0;
+ char serialnobuf[50];
+
+
+ if (opt.command_fd != -1)
+ ;
+ else if (opt.batch && !have_commands)
+ {
+ log_error(_("can't do this in batch mode\n"));
+ goto leave;
+ }
+
+ for (;;)
+ {
+ int arg_number;
+ const char *arg_string = "";
+ const char *arg_rest = "";
+ char *p;
+ int i;
+ int cmd_admin_only;
+
+ tty_printf("\n");
+ if (redisplay )
+ {
+ if (opt.with_colons)
+ {
+ card_status (stdout, serialnobuf, DIM (serialnobuf));
+ fflush (stdout);
+ }
+ else
+ {
+ card_status (NULL, serialnobuf, DIM (serialnobuf));
+ tty_printf("\n");
+ }
+ redisplay = 0;
+ }
+
+ do
+ {
+ xfree (answer);
+ if (have_commands)
+ {
+ if (commands)
+ {
+ answer = xstrdup (commands->d);
+ commands = commands->next;
+ }
+ else if (opt.batch)
+ {
+ answer = xstrdup ("quit");
+ }
+ else
+ have_commands = 0;
+ }
+
+ if (!have_commands)
+ {
+ tty_enable_completion (card_edit_completion);
+ answer = cpr_get_no_help("cardedit.prompt", _("gpg/card> "));
+ cpr_kill_prompt();
+ tty_disable_completion ();
+ }
+ trim_spaces(answer);
+ }
+ while ( *answer == '#' );
+
+ arg_number = 0; /* Yes, here is the init which egcc complains about */
+ cmd_admin_only = 0;
+ if (!*answer)
+ cmd = cmdLIST; /* Default to the list command */
+ else if (*answer == CONTROL_D)
+ cmd = cmdQUIT;
+ else
+ {
+ if ((p=strchr (answer,' ')))
+ {
+ *p++ = 0;
+ trim_spaces (answer);
+ trim_spaces (p);
+ arg_number = atoi(p);
+ arg_string = p;
+ arg_rest = p;
+ while (digitp (arg_rest))
+ arg_rest++;
+ while (spacep (arg_rest))
+ arg_rest++;
+ }
+
+ for (i=0; cmds[i].name; i++ )
+ if (!ascii_strcasecmp (answer, cmds[i].name ))
+ break;
+
+ cmd = cmds[i].id;
+ cmd_admin_only = cmds[i].admin_only;
+ }
+
+ if (!allow_admin && cmd_admin_only)
+ {
+ tty_printf ("\n");
+ tty_printf (_("Admin-only command\n"));
+ continue;
+ }
+
+ switch (cmd)
+ {
+ case cmdHELP:
+ for (i=0; cmds[i].name; i++ )
+ if(cmds[i].desc
+ && (!cmds[i].admin_only || (cmds[i].admin_only && allow_admin)))
+ tty_printf("%-10s %s\n", cmds[i].name, _(cmds[i].desc) );
+ break;
+
+ case cmdADMIN:
+ if ( !strcmp (arg_string, "on") )
+ allow_admin = 1;
+ else if ( !strcmp (arg_string, "off") )
+ allow_admin = 0;
+ else if ( !strcmp (arg_string, "verify") )
+ {
+ /* Force verification of the Admin Command. However,
+ this is only done if the retry counter is at initial
+ state. */
+ char *tmp = xmalloc (strlen (serialnobuf) + 6 + 1);
+ strcpy (stpcpy (tmp, serialnobuf), "[CHV3]");
+ allow_admin = !agent_scd_checkpin (tmp);
+ xfree (tmp);
+ }
+ else /* Toggle. */
+ allow_admin=!allow_admin;
+ if(allow_admin)
+ tty_printf(_("Admin commands are allowed\n"));
+ else
+ tty_printf(_("Admin commands are not allowed\n"));
+ break;
+
+ case cmdVERIFY:
+ agent_scd_checkpin (serialnobuf);
+ redisplay = 1;
+ break;
+
+ case cmdLIST:
+ redisplay = 1;
+ break;
+
+ case cmdNAME:
+ change_name ();
+ break;
+
+ case cmdURL:
+ change_url ();
+ break;
+
+ case cmdFETCH:
+ fetch_url();
+ break;
+
+ case cmdLOGIN:
+ change_login (arg_string);
+ break;
+
+ case cmdLANG:
+ change_lang ();
+ break;
+
+ case cmdSEX:
+ change_sex ();
+ break;
+
+ case cmdCAFPR:
+ if ( arg_number < 1 || arg_number > 3 )
+ tty_printf ("usage: cafpr N\n"
+ " 1 <= N <= 3\n");
+ else
+ change_cafpr (arg_number);
+ break;
+
+ case cmdPRIVATEDO:
+ if ( arg_number < 1 || arg_number > 4 )
+ tty_printf ("usage: privatedo N\n"
+ " 1 <= N <= 4\n");
+ else
+ change_private_do (arg_string, arg_number);
+ break;
+
+ case cmdWRITECERT:
+ if ( arg_number != 3 )
+ tty_printf ("usage: writecert 3 < FILE\n");
+ else
+ change_cert (arg_rest);
+ break;
+
+ case cmdREADCERT:
+ if ( arg_number != 3 )
+ tty_printf ("usage: readcert 3 > FILE\n");
+ else
+ read_cert (arg_rest);
+ break;
+
+ case cmdFORCESIG:
+ toggle_forcesig ();
+ break;
+
+ case cmdGENERATE:
+ generate_card_keys ();
+ break;
+
+ case cmdPASSWD:
+ change_pin (0, allow_admin);
+ break;
+
+ case cmdUNBLOCK:
+ change_pin (1, allow_admin);
+ break;
+
+ case cmdQUIT:
+ goto leave;
+
+ case cmdNOP:
+ break;
+
+ case cmdINVCMD:
+ default:
+ tty_printf ("\n");
+ tty_printf (_("Invalid command (try \"help\")\n"));
+ break;
+ } /* End command switch. */
+ } /* End of main menu loop. */
+
+ leave:
+ xfree (answer);
+}
+
diff --git a/g10/cipher.c b/g10/cipher.c
new file mode 100644
index 0000000..f0dc577
--- /dev/null
+++ b/g10/cipher.c
@@ -0,0 +1,163 @@
+/* cipher.c - En-/De-ciphering filter
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003,
+ * 2006, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "status.h"
+#include "iobuf.h"
+#include "util.h"
+#include "filter.h"
+#include "packet.h"
+#include "options.h"
+#include "main.h"
+#include "status.h"
+
+
+#define MIN_PARTIAL_SIZE 512
+
+
+static void
+write_header( cipher_filter_context_t *cfx, IOBUF a )
+{
+ gcry_error_t err;
+ PACKET pkt;
+ PKT_encrypted ed;
+ byte temp[18];
+ unsigned int blocksize;
+ unsigned int nprefix;
+
+ blocksize = openpgp_cipher_get_algo_blklen (cfx->dek->algo);
+ if ( blocksize < 8 || blocksize > 16 )
+ log_fatal("unsupported blocksize %u\n", blocksize );
+
+ memset( &ed, 0, sizeof ed );
+ ed.len = cfx->datalen;
+ ed.extralen = blocksize+2;
+ ed.new_ctb = !ed.len && !RFC1991;
+ if( cfx->dek->use_mdc ) {
+ ed.mdc_method = DIGEST_ALGO_SHA1;
+ gcry_md_open (&cfx->mdc_hash, DIGEST_ALGO_SHA1, 0);
+ if ( DBG_HASHING )
+ gcry_md_start_debug (cfx->mdc_hash, "creatmdc");
+ }
+
+ {
+ char buf[20];
+
+ sprintf (buf, "%d %d", ed.mdc_method, cfx->dek->algo);
+ write_status_text (STATUS_BEGIN_ENCRYPTION, buf);
+ }
+
+ init_packet( &pkt );
+ pkt.pkttype = cfx->dek->use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED;
+ pkt.pkt.encrypted = &ed;
+ if( build_packet( a, &pkt ))
+ log_bug("build_packet(ENCR_DATA) failed\n");
+ nprefix = blocksize;
+ gcry_randomize (temp, nprefix, GCRY_STRONG_RANDOM );
+ temp[nprefix] = temp[nprefix-2];
+ temp[nprefix+1] = temp[nprefix-1];
+ print_cipher_algo_note( cfx->dek->algo );
+ err = openpgp_cipher_open (&cfx->cipher_hd,
+ cfx->dek->algo,
+ GCRY_CIPHER_MODE_CFB,
+ (GCRY_CIPHER_SECURE
+ | ((cfx->dek->use_mdc || cfx->dek->algo >= 100)?
+ 0 : GCRY_CIPHER_ENABLE_SYNC)));
+ if (err) {
+ /* We should never get an error here cause we already checked,
+ * that the algorithm is available. */
+ BUG();
+ }
+
+
+/* log_hexdump( "thekey", cfx->dek->key, cfx->dek->keylen );*/
+ gcry_cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen );
+ gcry_cipher_setiv( cfx->cipher_hd, NULL, 0 );
+/* log_hexdump( "prefix", temp, nprefix+2 ); */
+ if (cfx->mdc_hash) /* Hash the "IV". */
+ gcry_md_write (cfx->mdc_hash, temp, nprefix+2 );
+ gcry_cipher_encrypt (cfx->cipher_hd, temp, nprefix+2, NULL, 0);
+ gcry_cipher_sync (cfx->cipher_hd);
+ iobuf_write(a, temp, nprefix+2);
+ cfx->header=1;
+}
+
+
+
+/****************
+ * This filter is used to en/de-cipher data with a conventional algorithm
+ */
+int
+cipher_filter( void *opaque, int control,
+ IOBUF a, byte *buf, size_t *ret_len)
+{
+ size_t size = *ret_len;
+ cipher_filter_context_t *cfx = opaque;
+ int rc=0;
+
+ if( control == IOBUFCTRL_UNDERFLOW ) { /* decrypt */
+ rc = -1; /* not yet used */
+ }
+ else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */
+ assert(a);
+ if( !cfx->header ) {
+ write_header( cfx, a );
+ }
+ if (cfx->mdc_hash)
+ gcry_md_write (cfx->mdc_hash, buf, size);
+ gcry_cipher_encrypt (cfx->cipher_hd, buf, size, NULL, 0);
+ rc = iobuf_write( a, buf, size );
+ }
+ else if( control == IOBUFCTRL_FREE ) {
+ if( cfx->mdc_hash ) {
+ byte *hash;
+ int hashlen = gcry_md_get_algo_dlen (gcry_md_get_algo
+ (cfx->mdc_hash));
+ byte temp[22];
+
+ assert( hashlen == 20 );
+ /* We must hash the prefix of the MDC packet here. */
+ temp[0] = 0xd3;
+ temp[1] = 0x14;
+ gcry_md_putc (cfx->mdc_hash, temp[0]);
+ gcry_md_putc (cfx->mdc_hash, temp[1]);
+
+ gcry_md_final (cfx->mdc_hash);
+ hash = gcry_md_read (cfx->mdc_hash, 0);
+ memcpy(temp+2, hash, 20);
+ gcry_cipher_encrypt (cfx->cipher_hd, temp, 22, NULL, 0);
+ gcry_md_close (cfx->mdc_hash); cfx->mdc_hash = NULL;
+ if( iobuf_write( a, temp, 22 ) )
+ log_error("writing MDC packet failed\n" );
+ }
+ gcry_cipher_close (cfx->cipher_hd);
+ }
+ else if( control == IOBUFCTRL_DESC ) {
+ *(char**)buf = "cipher_filter";
+ }
+ return rc;
+}
diff --git a/g10/compress-bz2.c b/g10/compress-bz2.c
new file mode 100644
index 0000000..1dabca1
--- /dev/null
+++ b/g10/compress-bz2.c
@@ -0,0 +1,253 @@
+/* compress.c - bzip2 compress filter
+ * Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <string.h>
+#include <stdio.h> /* Early versions of bzlib (1.0) require stdio.h */
+#include <bzlib.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "packet.h"
+#include "filter.h"
+#include "main.h"
+#include "options.h"
+
+/* Note that the code in compress.c is nearly identical to the code
+ here, so if you fix a bug here, look there to see if a matching bug
+ needs to be fixed. I tried to have one set of functions that could
+ do ZIP, ZLIB, and BZIP2, but it became dangerously unreadable with
+ #ifdefs and if(algo) -dshaw */
+
+static void
+init_compress( compress_filter_context_t *zfx, bz_stream *bzs )
+{
+ int rc;
+ int level;
+
+ if( opt.bz2_compress_level >= 1 && opt.bz2_compress_level <= 9 )
+ level = opt.bz2_compress_level;
+ else if( opt.bz2_compress_level == -1 )
+ level = 6; /* no particular reason, but it seems reasonable */
+ else
+ {
+ log_error("invalid compression level; using default level\n");
+ level = 6;
+ }
+
+ if((rc=BZ2_bzCompressInit(bzs,level,0,0))!=BZ_OK)
+ log_fatal("bz2lib problem: %d\n",rc);
+
+ zfx->outbufsize = 8192;
+ zfx->outbuf = xmalloc( zfx->outbufsize );
+}
+
+static int
+do_compress(compress_filter_context_t *zfx, bz_stream *bzs, int flush, IOBUF a)
+{
+ int rc;
+ int zrc;
+ unsigned n;
+
+ do
+ {
+ bzs->next_out = zfx->outbuf;
+ bzs->avail_out = zfx->outbufsize;
+ if( DBG_FILTER )
+ log_debug("enter bzCompress: avail_in=%u, avail_out=%u, flush=%d\n",
+ (unsigned)bzs->avail_in, (unsigned)bzs->avail_out, flush );
+ zrc = BZ2_bzCompress( bzs, flush );
+ if( zrc == BZ_STREAM_END && flush == BZ_FINISH )
+ ;
+ else if( zrc != BZ_RUN_OK && zrc != BZ_FINISH_OK )
+ log_fatal("bz2lib deflate problem: rc=%d\n", zrc );
+
+ n = zfx->outbufsize - bzs->avail_out;
+ if( DBG_FILTER )
+ log_debug("leave bzCompress:"
+ " avail_in=%u, avail_out=%u, n=%u, zrc=%d\n",
+ (unsigned)bzs->avail_in, (unsigned)bzs->avail_out,
+ (unsigned)n, zrc );
+
+ if( (rc=iobuf_write( a, zfx->outbuf, n )) )
+ {
+ log_debug("bzCompress: iobuf_write failed\n");
+ return rc;
+ }
+ }
+ while( bzs->avail_in || (flush == BZ_FINISH && zrc != BZ_STREAM_END) );
+
+ return 0;
+}
+
+static void
+init_uncompress( compress_filter_context_t *zfx, bz_stream *bzs )
+{
+ int rc;
+
+ if((rc=BZ2_bzDecompressInit(bzs,0,opt.bz2_decompress_lowmem))!=BZ_OK)
+ log_fatal("bz2lib problem: %d\n",rc);
+
+ zfx->inbufsize = 2048;
+ zfx->inbuf = xmalloc( zfx->inbufsize );
+ bzs->avail_in = 0;
+}
+
+static int
+do_uncompress( compress_filter_context_t *zfx, bz_stream *bzs,
+ IOBUF a, size_t *ret_len )
+{
+ int zrc;
+ int rc=0;
+ size_t n;
+ int nread, count;
+ int refill = !bzs->avail_in;
+ int eofseen = 0;
+
+ if( DBG_FILTER )
+ log_debug("begin bzDecompress: avail_in=%u, avail_out=%u, inbuf=%u\n",
+ (unsigned)bzs->avail_in, (unsigned)bzs->avail_out,
+ (unsigned)zfx->inbufsize );
+ do
+ {
+ if( bzs->avail_in < zfx->inbufsize && refill )
+ {
+ n = bzs->avail_in;
+ if( !n )
+ bzs->next_in = zfx->inbuf;
+ count = zfx->inbufsize - n;
+ nread = iobuf_read( a, zfx->inbuf + n, count );
+ if( nread == -1 )
+ {
+ eofseen = 1;
+ nread = 0;
+ }
+ n += nread;
+ bzs->avail_in = n;
+ }
+ if (!eofseen)
+ refill = 1;
+
+ if( DBG_FILTER )
+ log_debug("enter bzDecompress: avail_in=%u, avail_out=%u\n",
+ (unsigned)bzs->avail_in, (unsigned)bzs->avail_out);
+
+ zrc=BZ2_bzDecompress(bzs);
+ if( DBG_FILTER )
+ log_debug("leave bzDecompress: avail_in=%u, avail_out=%u, zrc=%d\n",
+ (unsigned)bzs->avail_in, (unsigned)bzs->avail_out, zrc);
+ if( zrc == BZ_STREAM_END )
+ rc = -1; /* eof */
+ else if( zrc != BZ_OK && zrc != BZ_PARAM_ERROR )
+ log_fatal("bz2lib inflate problem: rc=%d\n", zrc );
+ else if (zrc == BZ_OK && eofseen
+ && !bzs->avail_in && bzs->avail_out > 0)
+ {
+ log_error ("unexpected EOF in bz2lib\n");
+ rc = GPG_ERR_BAD_DATA;
+ break;
+ }
+ }
+ while( bzs->avail_out && zrc != BZ_STREAM_END && zrc != BZ_PARAM_ERROR );
+
+ /* I'm not completely happy with the two uses of BZ_PARAM_ERROR
+ here. The corresponding zlib function is Z_BUF_ERROR, which
+ covers a narrower scope than BZ_PARAM_ERROR. -dshaw */
+
+ *ret_len = zfx->outbufsize - bzs->avail_out;
+ if( DBG_FILTER )
+ log_debug("do_uncompress: returning %u bytes\n", (unsigned)*ret_len );
+ return rc;
+}
+
+int
+compress_filter_bz2( void *opaque, int control,
+ IOBUF a, byte *buf, size_t *ret_len)
+{
+ size_t size = *ret_len;
+ compress_filter_context_t *zfx = opaque;
+ bz_stream *bzs = zfx->opaque;
+ int rc=0;
+
+ if( control == IOBUFCTRL_UNDERFLOW )
+ {
+ if( !zfx->status )
+ {
+ bzs = zfx->opaque = xmalloc_clear( sizeof *bzs );
+ init_uncompress( zfx, bzs );
+ zfx->status = 1;
+ }
+
+ bzs->next_out = buf;
+ bzs->avail_out = size;
+ zfx->outbufsize = size; /* needed only for calculation */
+ rc = do_uncompress( zfx, bzs, a, ret_len );
+ }
+ else if( control == IOBUFCTRL_FLUSH )
+ {
+ if( !zfx->status )
+ {
+ PACKET pkt;
+ PKT_compressed cd;
+
+ if( zfx->algo != COMPRESS_ALGO_BZIP2 )
+ BUG();
+ memset( &cd, 0, sizeof cd );
+ cd.len = 0;
+ cd.algorithm = zfx->algo;
+ init_packet( &pkt );
+ pkt.pkttype = PKT_COMPRESSED;
+ pkt.pkt.compressed = &cd;
+ if( build_packet( a, &pkt ))
+ log_bug("build_packet(PKT_COMPRESSED) failed\n");
+ bzs = zfx->opaque = xmalloc_clear( sizeof *bzs );
+ init_compress( zfx, bzs );
+ zfx->status = 2;
+ }
+
+ bzs->next_in = buf;
+ bzs->avail_in = size;
+ rc = do_compress( zfx, bzs, BZ_RUN, a );
+ }
+ else if( control == IOBUFCTRL_FREE )
+ {
+ if( zfx->status == 1 )
+ {
+ BZ2_bzDecompressEnd(bzs);
+ xfree(bzs);
+ zfx->opaque = NULL;
+ xfree(zfx->outbuf); zfx->outbuf = NULL;
+ }
+ else if( zfx->status == 2 )
+ {
+ bzs->next_in = buf;
+ bzs->avail_in = 0;
+ do_compress( zfx, bzs, BZ_FINISH, a );
+ BZ2_bzCompressEnd(bzs);
+ xfree(bzs);
+ zfx->opaque = NULL;
+ xfree(zfx->outbuf); zfx->outbuf = NULL;
+ }
+ if (zfx->release)
+ zfx->release (zfx);
+ }
+ else if( control == IOBUFCTRL_DESC )
+ *(char**)buf = "compress_filter";
+ return rc;
+}
diff --git a/g10/compress.c b/g10/compress.c
new file mode 100644
index 0000000..a91dd23
--- /dev/null
+++ b/g10/compress.c
@@ -0,0 +1,351 @@
+/* compress.c - compress filter
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002,
+ * 2003, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* Note that the code in compress-bz2.c is nearly identical to the
+ code here, so if you fix a bug here, look there to see if a
+ matching bug needs to be fixed. I tried to have one set of
+ functions that could do ZIP, ZLIB, and BZIP2, but it became
+ dangerously unreadable with #ifdefs and if(algo) -dshaw */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <assert.h>
+#include <errno.h>
+#include <zlib.h>
+#if defined(__riscos__) && defined(USE_ZLIBRISCOS)
+# include "zlib-riscos.h"
+#endif
+
+#include "gpg.h"
+#include "util.h"
+#include "packet.h"
+#include "filter.h"
+#include "main.h"
+#include "options.h"
+
+
+#ifdef __riscos__
+#define BYTEF_CAST(a) ((Bytef *)(a))
+#else
+#define BYTEF_CAST(a) (a)
+#endif
+
+
+
+int compress_filter_bz2( void *opaque, int control,
+ IOBUF a, byte *buf, size_t *ret_len);
+
+static void
+init_compress( compress_filter_context_t *zfx, z_stream *zs )
+{
+ int rc;
+ int level;
+
+#if defined(__riscos__) && defined(USE_ZLIBRISCOS)
+ static int zlib_initialized = 0;
+
+ if (!zlib_initialized)
+ zlib_initialized = riscos_load_module("ZLib", zlib_path, 1);
+#endif
+
+ if( opt.compress_level >= 1 && opt.compress_level <= 9 )
+ level = opt.compress_level;
+ else if( opt.compress_level == -1 )
+ level = Z_DEFAULT_COMPRESSION;
+ else {
+ log_error("invalid compression level; using default level\n");
+ level = Z_DEFAULT_COMPRESSION;
+ }
+
+ if( (rc = zfx->algo == 1? deflateInit2( zs, level, Z_DEFLATED,
+ -13, 8, Z_DEFAULT_STRATEGY)
+ : deflateInit( zs, level )
+ ) != Z_OK ) {
+ log_fatal("zlib problem: %s\n", zs->msg? zs->msg :
+ rc == Z_MEM_ERROR ? "out of core" :
+ rc == Z_VERSION_ERROR ? "invalid lib version" :
+ "unknown error" );
+ }
+
+ zfx->outbufsize = 8192;
+ zfx->outbuf = xmalloc( zfx->outbufsize );
+}
+
+static int
+do_compress( compress_filter_context_t *zfx, z_stream *zs, int flush, IOBUF a )
+{
+ int rc;
+ int zrc;
+ unsigned n;
+
+ do {
+ zs->next_out = BYTEF_CAST (zfx->outbuf);
+ zs->avail_out = zfx->outbufsize;
+ if( DBG_FILTER )
+ log_debug("enter deflate: avail_in=%u, avail_out=%u, flush=%d\n",
+ (unsigned)zs->avail_in, (unsigned)zs->avail_out, flush );
+ zrc = deflate( zs, flush );
+ if( zrc == Z_STREAM_END && flush == Z_FINISH )
+ ;
+ else if( zrc != Z_OK ) {
+ if( zs->msg )
+ log_fatal("zlib deflate problem: %s\n", zs->msg );
+ else
+ log_fatal("zlib deflate problem: rc=%d\n", zrc );
+ }
+ n = zfx->outbufsize - zs->avail_out;
+ if( DBG_FILTER )
+ log_debug("leave deflate: "
+ "avail_in=%u, avail_out=%u, n=%u, zrc=%d\n",
+ (unsigned)zs->avail_in, (unsigned)zs->avail_out,
+ (unsigned)n, zrc );
+
+ if( (rc=iobuf_write( a, zfx->outbuf, n )) ) {
+ log_debug("deflate: iobuf_write failed\n");
+ return rc;
+ }
+ } while( zs->avail_in || (flush == Z_FINISH && zrc != Z_STREAM_END) );
+ return 0;
+}
+
+static void
+init_uncompress( compress_filter_context_t *zfx, z_stream *zs )
+{
+ int rc;
+
+ /****************
+ * PGP uses a windowsize of 13 bits. Using a negative value for
+ * it forces zlib not to expect a zlib header. This is a
+ * undocumented feature Peter Gutmann told me about.
+ *
+ * We must use 15 bits for the inflator because CryptoEx uses 15
+ * bits thus the output would get scrambled w/o error indication
+ * if we would use 13 bits. For the uncompressing this does not
+ * matter at all.
+ */
+ if( (rc = zfx->algo == 1? inflateInit2( zs, -15)
+ : inflateInit( zs )) != Z_OK ) {
+ log_fatal("zlib problem: %s\n", zs->msg? zs->msg :
+ rc == Z_MEM_ERROR ? "out of core" :
+ rc == Z_VERSION_ERROR ? "invalid lib version" :
+ "unknown error" );
+ }
+
+ zfx->inbufsize = 2048;
+ zfx->inbuf = xmalloc( zfx->inbufsize );
+ zs->avail_in = 0;
+}
+
+static int
+do_uncompress( compress_filter_context_t *zfx, z_stream *zs,
+ IOBUF a, size_t *ret_len )
+{
+ int zrc;
+ int rc=0;
+ size_t n;
+ int nread, count;
+ int refill = !zs->avail_in;
+
+ if( DBG_FILTER )
+ log_debug("begin inflate: avail_in=%u, avail_out=%u, inbuf=%u\n",
+ (unsigned)zs->avail_in, (unsigned)zs->avail_out,
+ (unsigned)zfx->inbufsize );
+ do {
+ if( zs->avail_in < zfx->inbufsize && refill ) {
+ n = zs->avail_in;
+ if( !n )
+ zs->next_in = BYTEF_CAST (zfx->inbuf);
+ count = zfx->inbufsize - n;
+ nread = iobuf_read( a, zfx->inbuf + n, count );
+ if( nread == -1 ) nread = 0;
+ n += nread;
+ /* If we use the undocumented feature to suppress
+ * the zlib header, we have to give inflate an
+ * extra dummy byte to read */
+ if( nread < count && zfx->algo == 1 ) {
+ *(zfx->inbuf + n) = 0xFF; /* is it really needed ? */
+ zfx->algo1hack = 1;
+ n++;
+ }
+ zs->avail_in = n;
+ }
+ refill = 1;
+ if( DBG_FILTER )
+ log_debug("enter inflate: avail_in=%u, avail_out=%u\n",
+ (unsigned)zs->avail_in, (unsigned)zs->avail_out);
+ zrc = inflate ( zs, Z_SYNC_FLUSH );
+ if( DBG_FILTER )
+ log_debug("leave inflate: avail_in=%u, avail_out=%u, zrc=%d\n",
+ (unsigned)zs->avail_in, (unsigned)zs->avail_out, zrc);
+ if( zrc == Z_STREAM_END )
+ rc = -1; /* eof */
+ else if( zrc != Z_OK && zrc != Z_BUF_ERROR ) {
+ if( zs->msg )
+ log_fatal("zlib inflate problem: %s\n", zs->msg );
+ else
+ log_fatal("zlib inflate problem: rc=%d\n", zrc );
+ }
+ } while( zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR );
+
+ *ret_len = zfx->outbufsize - zs->avail_out;
+ if( DBG_FILTER )
+ log_debug("do_uncompress: returning %u bytes (%u ignored)\n",
+ (unsigned int)*ret_len, (unsigned int)zs->avail_in );
+ return rc;
+}
+
+static int
+compress_filter( void *opaque, int control,
+ IOBUF a, byte *buf, size_t *ret_len)
+{
+ size_t size = *ret_len;
+ compress_filter_context_t *zfx = opaque;
+ z_stream *zs = zfx->opaque;
+ int rc=0;
+
+ if( control == IOBUFCTRL_UNDERFLOW ) {
+ if( !zfx->status ) {
+ zs = zfx->opaque = xmalloc_clear( sizeof *zs );
+ init_uncompress( zfx, zs );
+ zfx->status = 1;
+ }
+
+ zs->next_out = BYTEF_CAST (buf);
+ zs->avail_out = size;
+ zfx->outbufsize = size; /* needed only for calculation */
+ rc = do_uncompress( zfx, zs, a, ret_len );
+ }
+ else if( control == IOBUFCTRL_FLUSH ) {
+ if( !zfx->status ) {
+ PACKET pkt;
+ PKT_compressed cd;
+ if(zfx->algo != COMPRESS_ALGO_ZIP
+ && zfx->algo != COMPRESS_ALGO_ZLIB)
+ BUG();
+ memset( &cd, 0, sizeof cd );
+ cd.len = 0;
+ cd.algorithm = zfx->algo;
+ init_packet( &pkt );
+ pkt.pkttype = PKT_COMPRESSED;
+ pkt.pkt.compressed = &cd;
+ if( build_packet( a, &pkt ))
+ log_bug("build_packet(PKT_COMPRESSED) failed\n");
+ zs = zfx->opaque = xmalloc_clear( sizeof *zs );
+ init_compress( zfx, zs );
+ zfx->status = 2;
+ }
+
+ zs->next_in = BYTEF_CAST (buf);
+ zs->avail_in = size;
+ rc = do_compress( zfx, zs, Z_NO_FLUSH, a );
+ }
+ else if( control == IOBUFCTRL_FREE ) {
+ if( zfx->status == 1 ) {
+ inflateEnd(zs);
+ xfree(zs);
+ zfx->opaque = NULL;
+ xfree(zfx->outbuf); zfx->outbuf = NULL;
+ }
+ else if( zfx->status == 2 ) {
+ zs->next_in = BYTEF_CAST (buf);
+ zs->avail_in = 0;
+ do_compress( zfx, zs, Z_FINISH, a );
+ deflateEnd(zs);
+ xfree(zs);
+ zfx->opaque = NULL;
+ xfree(zfx->outbuf); zfx->outbuf = NULL;
+ }
+ if (zfx->release)
+ zfx->release (zfx);
+ }
+ else if( control == IOBUFCTRL_DESC )
+ *(char**)buf = "compress_filter";
+ return rc;
+}
+
+
+static void
+release_context (compress_filter_context_t *ctx)
+{
+ xfree (ctx);
+}
+
+/****************
+ * Handle a compressed packet
+ */
+int
+handle_compressed( void *procctx, PKT_compressed *cd,
+ int (*callback)(IOBUF, void *), void *passthru )
+{
+ compress_filter_context_t *cfx;
+ int rc;
+
+ if(check_compress_algo(cd->algorithm))
+ return G10ERR_COMPR_ALGO;
+ cfx = xmalloc_clear (sizeof *cfx);
+ cfx->release = release_context;
+ cfx->algo = cd->algorithm;
+ push_compress_filter(cd->buf,cfx,cd->algorithm);
+ if( callback )
+ rc = callback(cd->buf, passthru );
+ else
+ rc = proc_packets(procctx, cd->buf);
+ cd->buf = NULL;
+ return rc;
+}
+
+void
+push_compress_filter(IOBUF out,compress_filter_context_t *zfx,int algo)
+{
+ push_compress_filter2(out,zfx,algo,0);
+}
+
+void
+push_compress_filter2(IOBUF out,compress_filter_context_t *zfx,
+ int algo,int rel)
+{
+ if(algo>=0)
+ zfx->algo=algo;
+ else
+ zfx->algo=DEFAULT_COMPRESS_ALGO;
+
+ switch(zfx->algo)
+ {
+ case COMPRESS_ALGO_NONE:
+ break;
+
+ case COMPRESS_ALGO_ZIP:
+ case COMPRESS_ALGO_ZLIB:
+ iobuf_push_filter2(out,compress_filter,zfx,rel);
+ break;
+
+#ifdef HAVE_BZIP2
+ case COMPRESS_ALGO_BZIP2:
+ iobuf_push_filter2(out,compress_filter_bz2,zfx,rel);
+ break;
+#endif
+
+ default:
+ BUG();
+ }
+}
diff --git a/g10/cpr.c b/g10/cpr.c
new file mode 100644
index 0000000..1533ac6
--- /dev/null
+++ b/g10/cpr.c
@@ -0,0 +1,526 @@
+/* status.c - Status message and command-fd interface
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+ * 2004, 2005, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "status.h"
+#include "ttyio.h"
+#include "options.h"
+#include "main.h"
+#include "i18n.h"
+#include "cipher.h" /* for progress functions */
+
+#define CONTROL_D ('D' - 'A' + 1)
+
+
+
+static FILE *statusfp;
+
+
+static void
+progress_cb (void *ctx, const char *what, int printchar,
+ int current, int total)
+{
+ char buf[50];
+
+ (void)ctx;
+
+ if ( printchar == '\n' && !strcmp (what, "primegen") )
+ snprintf (buf, sizeof buf -1, "%.20s X 100 100", what );
+ else
+ snprintf (buf, sizeof buf -1, "%.20s %c %d %d",
+ what, printchar=='\n'?'X':printchar, current, total );
+ write_status_text (STATUS_PROGRESS, buf);
+}
+
+
+/* Return true if the status message NO may currently be issued. We
+ need this to avoid syncronisation problem while auto retrieving a
+ key. There it may happen that a status NODATA is issued for a non
+ available key and the user may falsely interpret this has a missing
+ signature. */
+static int
+status_currently_allowed (int no)
+{
+ if (!glo_ctrl.in_auto_key_retrieve)
+ return 1; /* Yes. */
+
+ /* We allow some statis anyway, so that import statistics are
+ correct and to avoid problems if the retriebval subsystem will
+ prompt the user. */
+ switch (no)
+ {
+ case STATUS_GET_BOOL:
+ case STATUS_GET_LINE:
+ case STATUS_GET_HIDDEN:
+ case STATUS_GOT_IT:
+ case STATUS_IMPORTED:
+ case STATUS_IMPORT_OK:
+ case STATUS_IMPORT_CHECK:
+ case STATUS_IMPORT_RES:
+ return 1; /* Yes. */
+ default:
+ break;
+ }
+ return 0; /* No. */
+}
+
+
+void
+set_status_fd ( int fd )
+{
+ static int last_fd = -1;
+
+ if ( fd != -1 && last_fd == fd )
+ return;
+
+ if ( statusfp && statusfp != stdout && statusfp != stderr )
+ fclose (statusfp);
+ statusfp = NULL;
+ if ( fd == -1 )
+ return;
+
+ if( fd == 1 )
+ statusfp = stdout;
+ else if( fd == 2 )
+ statusfp = stderr;
+ else
+ statusfp = fdopen( fd, "w" );
+ if( !statusfp ) {
+ log_fatal("can't open fd %d for status output: %s\n",
+ fd, strerror(errno));
+ }
+ last_fd = fd;
+
+ gcry_set_progress_handler ( progress_cb, NULL );
+}
+
+int
+is_status_enabled()
+{
+ return !!statusfp;
+}
+
+void
+write_status ( int no )
+{
+ write_status_text( no, NULL );
+}
+
+void
+write_status_text ( int no, const char *text)
+{
+ if( !statusfp || !status_currently_allowed (no) )
+ return; /* Not enabled or allowed. */
+
+ fputs ( "[GNUPG:] ", statusfp );
+ fputs ( get_status_string (no), statusfp );
+ if( text ) {
+ putc ( ' ', statusfp );
+ for (; *text; text++) {
+ if (*text == '\n')
+ fputs ( "\\n", statusfp );
+ else if (*text == '\r')
+ fputs ( "\\r", statusfp );
+ else
+ putc ( *(const byte *)text, statusfp );
+ }
+ }
+ putc ('\n',statusfp);
+ if ( fflush (statusfp) && opt.exit_on_status_write_error )
+ g10_exit (0);
+}
+
+
+void
+write_status_error (const char *where, int errcode)
+{
+ if (!statusfp || !status_currently_allowed (STATUS_ERROR))
+ return; /* Not enabled or allowed. */
+
+ fprintf (statusfp, "[GNUPG:] %s %s %u\n",
+ get_status_string (STATUS_ERROR), where, gpg_err_code (errcode));
+ if (fflush (statusfp) && opt.exit_on_status_write_error)
+ g10_exit (0);
+}
+
+
+/*
+ * Write a status line with a buffer using %XX escapes. If WRAP is >
+ * 0 wrap the line after this length. If STRING is not NULL it will
+ * be prepended to the buffer, no escaping is done for string.
+ * A wrap of -1 forces spaces not to be encoded as %20.
+ */
+void
+write_status_text_and_buffer ( int no, const char *string,
+ const char *buffer, size_t len, int wrap )
+{
+ const char *s, *text;
+ int esc, first;
+ int lower_limit = ' ';
+ size_t n, count, dowrap;
+
+ if( !statusfp || !status_currently_allowed (no) )
+ return; /* Not enabled or allowed. */
+
+ if (wrap == -1) {
+ lower_limit--;
+ wrap = 0;
+ }
+
+ text = get_status_string (no);
+ count = dowrap = first = 1;
+ do {
+ if (dowrap) {
+ fprintf (statusfp, "[GNUPG:] %s ", text );
+ count = dowrap = 0;
+ if (first && string) {
+ fputs (string, statusfp);
+ count += strlen (string);
+ /* Make sure that there is space after the string. */
+ if (*string && string[strlen (string)-1] != ' ')
+ {
+ putc (' ', statusfp);
+ count++;
+ }
+ }
+ first = 0;
+ }
+ for (esc=0, s=buffer, n=len; n && !esc; s++, n-- ) {
+ if ( *s == '%' || *(const byte*)s <= lower_limit
+ || *(const byte*)s == 127 )
+ esc = 1;
+ if ( wrap && ++count > wrap ) {
+ dowrap=1;
+ break;
+ }
+ }
+ if (esc) {
+ s--; n++;
+ }
+ if (s != buffer)
+ fwrite (buffer, s-buffer, 1, statusfp );
+ if ( esc ) {
+ fprintf (statusfp, "%%%02X", *(const byte*)s );
+ s++; n--;
+ }
+ buffer = s;
+ len = n;
+ if ( dowrap && len )
+ putc ( '\n', statusfp );
+ } while ( len );
+
+ putc ('\n',statusfp);
+ if ( fflush (statusfp) && opt.exit_on_status_write_error )
+ g10_exit (0);
+}
+
+void
+write_status_buffer ( int no, const char *buffer, size_t len, int wrap )
+{
+ write_status_text_and_buffer (no, NULL, buffer, len, wrap);
+}
+
+
+/* Print the BEGIN_SIGNING status message. If MD is not NULL it is
+ used to retrieve the hash algorithms used for the message. */
+void
+write_status_begin_signing (gcry_md_hd_t md)
+{
+ if (md)
+ {
+ char buf[100];
+ size_t buflen;
+ int i;
+
+ /* We use a hard coded list of possible algorithms. Using other
+ algorithms than specified by OpenPGP does not make sense
+ anyway. We do this out of performance reasons: Walking all
+ the 110 allowed Ids is not a good idea given the way the
+ check is implemented in libgcrypt. Recall that the only use
+ of this status code is to create the micalg algorithm for
+ PGP/MIME. */
+ buflen = 0;
+ for (i=1; i <= 11; i++)
+ if (i < 4 || i > 7)
+ if ( gcry_md_is_enabled (md, i) && buflen < DIM(buf) )
+ {
+ snprintf (buf+buflen, DIM(buf) - buflen - 1,
+ "%sH%d", buflen? " ":"",i);
+ buflen += strlen (buf+buflen);
+ }
+ write_status_text ( STATUS_BEGIN_SIGNING, buf );
+ }
+ else
+ write_status ( STATUS_BEGIN_SIGNING );
+}
+
+
+static int
+myread(int fd, void *buf, size_t count)
+{
+ int rc;
+ do {
+ rc = read( fd, buf, count );
+ } while ( rc == -1 && errno == EINTR );
+ if ( !rc && count ) {
+ static int eof_emmited=0;
+ if ( eof_emmited < 3 ) {
+ *(char*)buf = CONTROL_D;
+ rc = 1;
+ eof_emmited++;
+ }
+ else { /* Ctrl-D not caught - do something reasonable */
+#ifdef HAVE_DOSISH_SYSTEM
+ raise (SIGINT); /* nothing to hangup under DOS */
+#else
+ raise (SIGHUP); /* no more input data */
+#endif
+ }
+ }
+ return rc;
+}
+
+
+
+/* Request a string from the client over the command-fd. If GETBOOL
+ is set the function returns a static string (do not free) if the
+ netered value was true or NULL if the entered value was false. */
+static char *
+do_get_from_fd ( const char *keyword, int hidden, int getbool )
+{
+ int i, len;
+ char *string;
+
+ if (statusfp != stdout)
+ fflush (stdout);
+
+ write_status_text (getbool? STATUS_GET_BOOL :
+ hidden? STATUS_GET_HIDDEN : STATUS_GET_LINE, keyword);
+
+ for (string = NULL, i = len = 200; ; i++ )
+ {
+ if (i >= len-1 )
+ {
+ char *save = string;
+ len += 100;
+ string = hidden? xmalloc_secure ( len ) : xmalloc ( len );
+ if (save)
+ memcpy (string, save, i );
+ else
+ i = 0;
+ }
+ /* Fixme: why not use our read_line function here? */
+ if ( myread( opt.command_fd, string+i, 1) != 1 || string[i] == '\n' )
+ break;
+ else if ( string[i] == CONTROL_D )
+ {
+ /* Found ETX - Cancel the line and return a sole ETX. */
+ string[0] = CONTROL_D;
+ i = 1;
+ break;
+ }
+ }
+ string[i] = 0;
+
+ write_status (STATUS_GOT_IT);
+
+ if (getbool) /* Fixme: is this correct??? */
+ return (string[0] == 'Y' || string[0] == 'y') ? "" : NULL;
+
+ return string;
+}
+
+
+
+int
+cpr_enabled()
+{
+ if( opt.command_fd != -1 )
+ return 1;
+ return 0;
+}
+
+char *
+cpr_get_no_help( const char *keyword, const char *prompt )
+{
+ char *p;
+
+ if( opt.command_fd != -1 )
+ return do_get_from_fd ( keyword, 0, 0 );
+ for(;;) {
+ p = tty_get( prompt );
+ return p;
+ }
+}
+
+char *
+cpr_get( const char *keyword, const char *prompt )
+{
+ char *p;
+
+ if( opt.command_fd != -1 )
+ return do_get_from_fd ( keyword, 0, 0 );
+ for(;;) {
+ p = tty_get( prompt );
+ if( *p=='?' && !p[1] && !(keyword && !*keyword)) {
+ xfree(p);
+ display_online_help( keyword );
+ }
+ else
+ return p;
+ }
+}
+
+
+char *
+cpr_get_utf8( const char *keyword, const char *prompt )
+{
+ char *p;
+ p = cpr_get( keyword, prompt );
+ if( p ) {
+ char *utf8 = native_to_utf8( p );
+ xfree( p );
+ p = utf8;
+ }
+ return p;
+}
+
+char *
+cpr_get_hidden( const char *keyword, const char *prompt )
+{
+ char *p;
+
+ if( opt.command_fd != -1 )
+ return do_get_from_fd ( keyword, 1, 0 );
+ for(;;) {
+ p = tty_get_hidden( prompt );
+ if( *p == '?' && !p[1] ) {
+ xfree(p);
+ display_online_help( keyword );
+ }
+ else
+ return p;
+ }
+}
+
+void
+cpr_kill_prompt(void)
+{
+ if( opt.command_fd != -1 )
+ return;
+ tty_kill_prompt();
+ return;
+}
+
+int
+cpr_get_answer_is_yes( const char *keyword, const char *prompt )
+{
+ int yes;
+ char *p;
+
+ if( opt.command_fd != -1 )
+ return !!do_get_from_fd ( keyword, 0, 1 );
+ for(;;) {
+ p = tty_get( prompt );
+ trim_spaces(p); /* it is okay to do this here */
+ if( *p == '?' && !p[1] ) {
+ xfree(p);
+ display_online_help( keyword );
+ }
+ else {
+ tty_kill_prompt();
+ yes = answer_is_yes(p);
+ xfree(p);
+ return yes;
+ }
+ }
+}
+
+int
+cpr_get_answer_yes_no_quit( const char *keyword, const char *prompt )
+{
+ int yes;
+ char *p;
+
+ if( opt.command_fd != -1 )
+ return !!do_get_from_fd ( keyword, 0, 1 );
+ for(;;) {
+ p = tty_get( prompt );
+ trim_spaces(p); /* it is okay to do this here */
+ if( *p == '?' && !p[1] ) {
+ xfree(p);
+ display_online_help( keyword );
+ }
+ else {
+ tty_kill_prompt();
+ yes = answer_is_yes_no_quit(p);
+ xfree(p);
+ return yes;
+ }
+ }
+}
+
+
+int
+cpr_get_answer_okay_cancel (const char *keyword,
+ const char *prompt,
+ int def_answer)
+{
+ int yes;
+ char *answer = NULL;
+ char *p;
+
+ if( opt.command_fd != -1 )
+ answer = do_get_from_fd ( keyword, 0, 0 );
+
+ if (answer)
+ {
+ yes = answer_is_okay_cancel (answer, def_answer);
+ xfree (answer);
+ return yes;
+ }
+
+ for(;;)
+ {
+ p = tty_get( prompt );
+ trim_spaces(p); /* it is okay to do this here */
+ if (*p == '?' && !p[1])
+ {
+ xfree(p);
+ display_online_help (keyword);
+ }
+ else
+ {
+ tty_kill_prompt();
+ yes = answer_is_okay_cancel (p, def_answer);
+ xfree(p);
+ return yes;
+ }
+ }
+}
diff --git a/g10/dearmor.c b/g10/dearmor.c
new file mode 100644
index 0000000..da888ad
--- /dev/null
+++ b/g10/dearmor.c
@@ -0,0 +1,134 @@
+/* dearmor.c - Armor utility
+ * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "status.h"
+#include "iobuf.h"
+#include "util.h"
+#include "filter.h"
+#include "packet.h"
+#include "options.h"
+#include "main.h"
+#include "i18n.h"
+
+/****************
+ * Take an armor file and write it out without armor
+ */
+int
+dearmor_file( const char *fname )
+{
+ armor_filter_context_t *afx;
+ IOBUF inp = NULL, out = NULL;
+ int rc = 0;
+ int c;
+
+ afx = new_armor_context ();
+
+ /* prepare iobufs */
+ inp = iobuf_open(fname);
+ if (inp && is_secured_file (iobuf_get_fd (inp)))
+ {
+ iobuf_close (inp);
+ inp = NULL;
+ errno = EPERM;
+ }
+ if (!inp) {
+ rc = gpg_error_from_syserror ();
+ log_error(_("can't open `%s': %s\n"), fname? fname: "[stdin]",
+ strerror(errno) );
+ goto leave;
+ }
+
+ push_armor_filter ( afx, inp );
+
+ if( (rc = open_outfile( fname, 0, &out )) )
+ goto leave;
+
+ while( (c = iobuf_get(inp)) != -1 )
+ iobuf_put( out, c );
+
+ leave:
+ if( rc )
+ iobuf_cancel(out);
+ else
+ iobuf_close(out);
+ iobuf_close(inp);
+ release_armor_context (afx);
+ return rc;
+}
+
+
+/****************
+ * Take file and write it out with armor
+ */
+int
+enarmor_file( const char *fname )
+{
+ armor_filter_context_t *afx;
+ IOBUF inp = NULL, out = NULL;
+ int rc = 0;
+ int c;
+
+ afx = new_armor_context ();
+
+ /* prepare iobufs */
+ inp = iobuf_open(fname);
+ if (inp && is_secured_file (iobuf_get_fd (inp)))
+ {
+ iobuf_close (inp);
+ inp = NULL;
+ errno = EPERM;
+ }
+ if (!inp) {
+ rc = gpg_error_from_syserror ();
+ log_error(_("can't open `%s': %s\n"), fname? fname: "[stdin]",
+ strerror(errno) );
+ goto leave;
+ }
+
+
+ if( (rc = open_outfile( fname, 1, &out )) )
+ goto leave;
+
+ afx->what = 4;
+ afx->hdrlines = "Comment: Use \"gpg --dearmor\" for unpacking\n";
+ push_armor_filter ( afx, out );
+
+ while( (c = iobuf_get(inp)) != -1 )
+ iobuf_put( out, c );
+
+
+ leave:
+ if( rc )
+ iobuf_cancel(out);
+ else
+ iobuf_close(out);
+ iobuf_close(inp);
+ release_armor_context (afx);
+ return rc;
+}
+
+
diff --git a/g10/decrypt.c b/g10/decrypt.c
new file mode 100644
index 0000000..ce400b0
--- /dev/null
+++ b/g10/decrypt.c
@@ -0,0 +1,199 @@
+/* decrypt.c - verify signed data
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
+ * 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "packet.h"
+#include "status.h"
+#include "iobuf.h"
+#include "keydb.h"
+#include "util.h"
+#include "main.h"
+#include "status.h"
+#include "i18n.h"
+
+
+
+/****************
+ * Assume that the input is an encrypted message and decrypt
+ * (and if signed, verify the signature on) it.
+ * This command differs from the default operation, as it never
+ * writes to the filename which is included in the file and it
+ * rejects files which don't begin with an encrypted message.
+ */
+
+int
+decrypt_message( const char *filename )
+{
+ IOBUF fp;
+ armor_filter_context_t *afx = NULL;
+ progress_filter_context_t *pfx;
+ int rc;
+ int no_out = 0;
+
+ pfx = new_progress_context ();
+
+ /* Open the message file. */
+ fp = iobuf_open(filename);
+ if (fp && is_secured_file (iobuf_get_fd (fp)))
+ {
+ iobuf_close (fp);
+ fp = NULL;
+ errno = EPERM;
+ }
+ if( !fp ) {
+ rc = gpg_error_from_syserror ();
+ log_error (_("can't open `%s': %s\n"), print_fname_stdin(filename),
+ gpg_strerror (rc));
+ release_progress_context (pfx);
+ return rc;
+ }
+
+ handle_progress (pfx, fp, filename);
+
+ if( !opt.no_armor ) {
+ if( use_armor_filter( fp ) ) {
+ afx = new_armor_context ();
+ push_armor_filter ( afx, fp );
+ }
+ }
+
+ if( !opt.outfile ) {
+ no_out = 1;
+ opt.outfile = "-";
+ }
+ rc = proc_encryption_packets( NULL, fp );
+ if( no_out )
+ opt.outfile = NULL;
+ iobuf_close(fp);
+ release_armor_context (afx);
+ release_progress_context (pfx);
+ return rc;
+}
+
+void
+decrypt_messages(int nfiles, char *files[])
+{
+ IOBUF fp;
+ armor_filter_context_t *afx = NULL;
+ progress_filter_context_t *pfx;
+ char *p, *output = NULL;
+ int rc=0,use_stdin=0;
+ unsigned int lno=0;
+
+ if (opt.outfile)
+ {
+ log_error(_("--output doesn't work for this command\n"));
+ return;
+ }
+
+ pfx = new_progress_context ();
+
+ if(!nfiles)
+ use_stdin=1;
+
+ for(;;)
+ {
+ char line[2048];
+ char *filename=NULL;
+
+ if(use_stdin)
+ {
+ if(fgets(line, DIM(line), stdin))
+ {
+ lno++;
+ if (!*line || line[strlen(line)-1] != '\n')
+ log_error("input line %u too long or missing LF\n", lno);
+ else
+ {
+ line[strlen(line)-1] = '\0';
+ filename=line;
+ }
+ }
+ }
+ else
+ {
+ if(nfiles)
+ {
+ filename=*files;
+ nfiles--;
+ files++;
+ }
+ }
+
+ if(filename==NULL)
+ break;
+
+ print_file_status(STATUS_FILE_START, filename, 3);
+ output = make_outfile_name(filename);
+ if (!output)
+ goto next_file;
+ fp = iobuf_open(filename);
+ if (fp)
+ iobuf_ioctl (fp,3,1,NULL); /* disable fd caching */
+ if (fp && is_secured_file (iobuf_get_fd (fp)))
+ {
+ iobuf_close (fp);
+ fp = NULL;
+ errno = EPERM;
+ }
+ if (!fp)
+ {
+ log_error(_("can't open `%s'\n"), print_fname_stdin(filename));
+ goto next_file;
+ }
+
+ handle_progress (pfx, fp, filename);
+
+ if (!opt.no_armor)
+ {
+ if (use_armor_filter(fp))
+ {
+ afx = new_armor_context ();
+ push_armor_filter ( afx, fp );
+ }
+ }
+ rc = proc_packets(NULL, fp);
+ iobuf_close(fp);
+ if (rc)
+ log_error("%s: decryption failed: %s\n", print_fname_stdin(filename),
+ g10_errstr(rc));
+ p = get_last_passphrase();
+ set_next_passphrase(p);
+ xfree (p);
+
+ next_file:
+ /* Note that we emit file_done even after an error. */
+ write_status( STATUS_FILE_DONE );
+ xfree(output);
+ reset_literals_seen();
+ }
+
+ set_next_passphrase(NULL);
+ release_armor_context (afx);
+ release_progress_context (pfx);
+}
diff --git a/g10/delkey.c b/g10/delkey.c
new file mode 100644
index 0000000..fe29d52
--- /dev/null
+++ b/g10/delkey.c
@@ -0,0 +1,219 @@
+/* delkey.c - delete keys
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2004,
+ * 2005, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <ctype.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "packet.h"
+#include "status.h"
+#include "iobuf.h"
+#include "keydb.h"
+#include "util.h"
+#include "main.h"
+#include "trustdb.h"
+#include "filter.h"
+#include "ttyio.h"
+#include "status.h"
+#include "i18n.h"
+
+
+/****************
+ * Delete a public or secret key from a keyring.
+ * r_sec_avail will be set if a secret key is available and the public
+ * key can't be deleted for that reason.
+ */
+static int
+do_delete_key( const char *username, int secret, int force, int *r_sec_avail )
+{
+ int rc = 0;
+ KBNODE keyblock = NULL;
+ KBNODE node;
+ KEYDB_HANDLE hd = keydb_new (secret);
+ PKT_public_key *pk = NULL;
+ PKT_secret_key *sk = NULL;
+ u32 keyid[2];
+ int okay=0;
+ int yes;
+ KEYDB_SEARCH_DESC desc;
+ int exactmatch;
+
+ *r_sec_avail = 0;
+
+ /* search the userid */
+ classify_user_id (username, &desc);
+ exactmatch = (desc.mode == KEYDB_SEARCH_MODE_FPR
+ || desc.mode == KEYDB_SEARCH_MODE_FPR16
+ || desc.mode == KEYDB_SEARCH_MODE_FPR20);
+ rc = desc.mode? keydb_search (hd, &desc, 1):G10ERR_INV_USER_ID;
+ if (rc) {
+ log_error (_("key \"%s\" not found: %s\n"), username, g10_errstr (rc));
+ write_status_text( STATUS_DELETE_PROBLEM, "1" );
+ goto leave;
+ }
+
+ /* read the keyblock */
+ rc = keydb_get_keyblock (hd, &keyblock );
+ if (rc) {
+ log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
+ goto leave;
+ }
+
+ /* get the keyid from the keyblock */
+ node = find_kbnode( keyblock, secret? PKT_SECRET_KEY:PKT_PUBLIC_KEY );
+ if( !node ) {
+ log_error("Oops; key not found anymore!\n");
+ rc = G10ERR_GENERAL;
+ goto leave;
+ }
+
+ if( secret )
+ {
+ sk = node->pkt->pkt.secret_key;
+ keyid_from_sk( sk, keyid );
+ }
+ else
+ {
+ /* public */
+ pk = node->pkt->pkt.public_key;
+ keyid_from_pk( pk, keyid );
+
+ if(!force)
+ {
+ rc = seckey_available( keyid );
+ if( !rc )
+ {
+ *r_sec_avail = 1;
+ rc = -1;
+ goto leave;
+ }
+ else if( rc != G10ERR_NO_SECKEY )
+ log_error("%s: get secret key: %s\n", username, g10_errstr(rc) );
+ else
+ rc = 0;
+ }
+ }
+
+ if( rc )
+ rc = 0;
+ else if (opt.batch && exactmatch)
+ okay++;
+ else if( opt.batch && secret )
+ {
+ log_error(_("can't do this in batch mode\n"));
+ log_info (_("(unless you specify the key by fingerprint)\n"));
+ }
+ else if( opt.batch && opt.answer_yes )
+ okay++;
+ else if( opt.batch )
+ {
+ log_error(_("can't do this in batch mode without \"--yes\"\n"));
+ log_info (_("(unless you specify the key by fingerprint)\n"));
+ }
+ else {
+ if( secret )
+ print_seckey_info( sk );
+ else
+ print_pubkey_info(NULL, pk );
+ tty_printf( "\n" );
+
+ yes = cpr_get_answer_is_yes( secret? "delete_key.secret.okay"
+ : "delete_key.okay",
+ _("Delete this key from the keyring? (y/N) "));
+ if( !cpr_enabled() && secret && yes ) {
+ /* I think it is not required to check a passphrase; if
+ * the user is so stupid as to let others access his secret keyring
+ * (and has no backup) - it is up him to read some very
+ * basic texts about security.
+ */
+ yes = cpr_get_answer_is_yes("delete_key.secret.okay",
+ _("This is a secret key! - really delete? (y/N) "));
+ }
+ if( yes )
+ okay++;
+ }
+
+
+ if( okay ) {
+ rc = keydb_delete_keyblock (hd);
+ if (rc) {
+ log_error (_("deleting keyblock failed: %s\n"), g10_errstr(rc) );
+ goto leave;
+ }
+
+ /* Note that the ownertrust being cleared will trigger a
+ revalidation_mark(). This makes sense - only deleting keys
+ that have ownertrust set should trigger this. */
+
+ if (!secret && pk && clear_ownertrusts (pk)) {
+ if (opt.verbose)
+ log_info (_("ownertrust information cleared\n"));
+ }
+ }
+
+ leave:
+ keydb_release (hd);
+ release_kbnode (keyblock);
+ return rc;
+}
+
+/****************
+ * Delete a public or secret key from a keyring.
+ */
+int
+delete_keys( strlist_t names, int secret, int allow_both )
+{
+ int rc, avail, force=(!allow_both && !secret && opt.expert);
+
+ /* Force allows us to delete a public key even if a secret key
+ exists. */
+
+ for(;names;names=names->next) {
+ rc = do_delete_key (names->d, secret, force, &avail );
+ if ( rc && avail ) {
+ if ( allow_both ) {
+ rc = do_delete_key (names->d, 1, 0, &avail );
+ if ( !rc )
+ rc = do_delete_key (names->d, 0, 0, &avail );
+ }
+ else {
+ log_error(_(
+ "there is a secret key for public key \"%s\"!\n"),names->d);
+ log_info(_(
+ "use option \"--delete-secret-keys\" to delete it first.\n"));
+ write_status_text( STATUS_DELETE_PROBLEM, "2" );
+ return rc;
+ }
+ }
+
+ if(rc) {
+ log_error("%s: delete key failed: %s\n", names->d, g10_errstr(rc) );
+ return rc;
+ }
+ }
+
+ return 0;
+}
diff --git a/g10/encode.c b/g10/encode.c
new file mode 100644
index 0000000..3c4e0a2
--- /dev/null
+++ b/g10/encode.c
@@ -0,0 +1,912 @@
+/* encode.c - encode data
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+ * 2006, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "packet.h"
+#include "status.h"
+#include "iobuf.h"
+#include "keydb.h"
+#include "util.h"
+#include "main.h"
+#include "filter.h"
+#include "trustdb.h"
+#include "i18n.h"
+#include "status.h"
+#include "pkglue.h"
+
+
+static int encode_simple( const char *filename, int mode, int use_seskey );
+static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out );
+
+/****************
+ * Encode FILENAME with only the symmetric cipher. Take input from
+ * stdin if FILENAME is NULL.
+ */
+int
+encode_symmetric( const char *filename )
+{
+ return encode_simple( filename, 1, 0 );
+}
+
+/****************
+ * Encode FILENAME as a literal data packet only. Take input from
+ * stdin if FILENAME is NULL.
+ */
+int
+encode_store( const char *filename )
+{
+ return encode_simple( filename, 0, 0 );
+}
+
+
+static void
+encode_seskey( DEK *dek, DEK **seskey, byte *enckey )
+{
+ gcry_cipher_hd_t hd;
+ byte buf[33];
+
+ assert ( dek->keylen <= 32 );
+ if(!*seskey)
+ {
+ *seskey=xmalloc_clear(sizeof(DEK));
+ (*seskey)->keylen=dek->keylen;
+ (*seskey)->algo=dek->algo;
+ make_session_key(*seskey);
+ /*log_hexdump( "thekey", c->key, c->keylen );*/
+ }
+
+ /* The encrypted session key is prefixed with a one-octet algorithm id. */
+ buf[0] = (*seskey)->algo;
+ memcpy( buf + 1, (*seskey)->key, (*seskey)->keylen );
+
+ /* We only pass already checked values to the following fucntion,
+ thus we consider any failure as fatal. */
+ if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
+ BUG ();
+ if (gcry_cipher_setkey (hd, dek->key, dek->keylen))
+ BUG ();
+ gcry_cipher_setiv (hd, NULL, 0);
+ gcry_cipher_encrypt (hd, buf, (*seskey)->keylen + 1, NULL, 0);
+ gcry_cipher_close (hd);
+
+ memcpy( enckey, buf, (*seskey)->keylen + 1 );
+ wipememory( buf, sizeof buf ); /* burn key */
+}
+
+/* We try very hard to use a MDC */
+static int
+use_mdc(PK_LIST pk_list,int algo)
+{
+ /* RFC-1991 and 2440 don't have MDC */
+ if(RFC1991 || RFC2440)
+ return 0;
+
+ /* --force-mdc overrides --disable-mdc */
+ if(opt.force_mdc)
+ return 1;
+
+ if(opt.disable_mdc)
+ return 0;
+
+ /* Do the keys really support MDC? */
+
+ if(select_mdc_from_pklist(pk_list))
+ return 1;
+
+ /* The keys don't support MDC, so now we do a bit of a hack - if any
+ of the AESes or TWOFISH are in the prefs, we assume that the user
+ can handle a MDC. This is valid for PGP 7, which can handle MDCs
+ though it will not generate them. 2440bis allows this, by the
+ way. */
+
+ if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
+ CIPHER_ALGO_AES,NULL)==CIPHER_ALGO_AES)
+ return 1;
+
+ if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
+ CIPHER_ALGO_AES192,NULL)==CIPHER_ALGO_AES192)
+ return 1;
+
+ if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
+ CIPHER_ALGO_AES256,NULL)==CIPHER_ALGO_AES256)
+ return 1;
+
+ if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
+ CIPHER_ALGO_TWOFISH,NULL)==CIPHER_ALGO_TWOFISH)
+ return 1;
+
+ /* Last try. Use MDC for the modern ciphers. */
+
+ if (openpgp_cipher_get_algo_blklen (algo) != 8)
+ return 1;
+
+ if (opt.verbose)
+ warn_missing_mdc_from_pklist (pk_list);
+
+ return 0; /* No MDC */
+}
+
+/* We don't want to use use_seskey yet because older gnupg versions
+ can't handle it, and there isn't really any point unless we're
+ making a message that can be decrypted by a public key or
+ passphrase. */
+static int
+encode_simple( const char *filename, int mode, int use_seskey )
+{
+ IOBUF inp, out;
+ PACKET pkt;
+ PKT_plaintext *pt = NULL;
+ STRING2KEY *s2k = NULL;
+ byte enckey[33];
+ int rc = 0;
+ int seskeylen = 0;
+ u32 filesize;
+ cipher_filter_context_t cfx;
+ armor_filter_context_t *afx = NULL;
+ compress_filter_context_t zfx;
+ text_filter_context_t tfx;
+ progress_filter_context_t *pfx;
+ int do_compress = !RFC1991 && default_compress_algo();
+
+ pfx = new_progress_context ();
+ memset( &cfx, 0, sizeof cfx);
+ memset( &zfx, 0, sizeof zfx);
+ memset( &tfx, 0, sizeof tfx);
+ init_packet(&pkt);
+
+ /* prepare iobufs */
+ inp = iobuf_open(filename);
+ if (inp)
+ iobuf_ioctl (inp,3,1,NULL); /* disable fd caching */
+ if (inp && is_secured_file (iobuf_get_fd (inp)))
+ {
+ iobuf_close (inp);
+ inp = NULL;
+ errno = EPERM;
+ }
+ if( !inp ) {
+ rc = gpg_error_from_syserror ();
+ log_error(_("can't open `%s': %s\n"), filename? filename: "[stdin]",
+ strerror(errno) );
+ release_progress_context (pfx);
+ return rc;
+ }
+
+ handle_progress (pfx, inp, filename);
+
+ if( opt.textmode )
+ iobuf_push_filter( inp, text_filter, &tfx );
+
+ /* Due the the fact that we use don't use an IV to encrypt the
+ session key we can't use the new mode with RFC1991 because
+ it has no S2K salt. RFC1991 always uses simple S2K. */
+ if ( RFC1991 && use_seskey )
+ use_seskey = 0;
+
+ cfx.dek = NULL;
+ if( mode ) {
+ int canceled;
+
+ s2k = xmalloc_clear( sizeof *s2k );
+ s2k->mode = RFC1991? 0:opt.s2k_mode;
+ s2k->hash_algo=S2K_DIGEST_ALGO;
+ cfx.dek = passphrase_to_dek( NULL, 0,
+ default_cipher_algo(), s2k, 4,
+ NULL, &canceled);
+ if( !cfx.dek || !cfx.dek->keylen ) {
+ rc = gpg_error (canceled? GPG_ERR_CANCELED:GPG_ERR_INV_PASSPHRASE);
+ xfree(cfx.dek);
+ xfree(s2k);
+ iobuf_close(inp);
+ log_error(_("error creating passphrase: %s\n"), gpg_strerror (rc));
+ release_progress_context (pfx);
+ return rc;
+ }
+ if (use_seskey && s2k->mode != 1 && s2k->mode != 3) {
+ use_seskey = 0;
+ log_info (_("can't use a symmetric ESK packet "
+ "due to the S2K mode\n"));
+ }
+
+ if ( use_seskey )
+ {
+ DEK *dek = NULL;
+
+ seskeylen = openpgp_cipher_get_algo_keylen (default_cipher_algo ());
+ encode_seskey( cfx.dek, &dek, enckey );
+ xfree( cfx.dek ); cfx.dek = dek;
+ }
+
+ if(opt.verbose)
+ log_info(_("using cipher %s\n"),
+ openpgp_cipher_algo_name (cfx.dek->algo));
+
+ cfx.dek->use_mdc=use_mdc(NULL,cfx.dek->algo);
+ }
+
+ if (do_compress && cfx.dek && cfx.dek->use_mdc
+ && is_file_compressed(filename, &rc))
+ {
+ if (opt.verbose)
+ log_info(_("`%s' already compressed\n"), filename);
+ do_compress = 0;
+ }
+
+ if( rc || (rc = open_outfile( filename, opt.armor? 1:0, &out )) ) {
+ iobuf_cancel(inp);
+ xfree(cfx.dek);
+ xfree(s2k);
+ release_progress_context (pfx);
+ return rc;
+ }
+
+ if ( opt.armor )
+ {
+ afx = new_armor_context ();
+ push_armor_filter (afx, out);
+ }
+
+ if( s2k && !RFC1991 ) {
+ PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc + seskeylen + 1 );
+ enc->version = 4;
+ enc->cipher_algo = cfx.dek->algo;
+ enc->s2k = *s2k;
+ if ( use_seskey && seskeylen ) {
+ enc->seskeylen = seskeylen + 1; /* algo id */
+ memcpy( enc->seskey, enckey, seskeylen + 1 );
+ }
+ pkt.pkttype = PKT_SYMKEY_ENC;
+ pkt.pkt.symkey_enc = enc;
+ if( (rc = build_packet( out, &pkt )) )
+ log_error("build symkey packet failed: %s\n", g10_errstr(rc) );
+ xfree(enc);
+ }
+
+ if (!opt.no_literal)
+ pt=setup_plaintext_name(filename,inp);
+
+ /* Note that PGP 5 has problems decrypting symmetrically encrypted
+ data if the file length is in the inner packet. It works when
+ only partial length headers are use. In the past, we always
+ used partial body length here, but since PGP 2, PGP 6, and PGP
+ 7 need the file length, and nobody should be using PGP 5
+ nowadays anyway, this is now set to the file length. Note also
+ that this only applies to the RFC-1991 style symmetric
+ messages, and not the RFC-2440 style. PGP 6 and 7 work with
+ either partial length or fixed length with the new style
+ messages. */
+
+ if ( !iobuf_is_pipe_filename (filename) && *filename && !opt.textmode )
+ {
+ off_t tmpsize;
+ int overflow;
+
+ if ( !(tmpsize = iobuf_get_filelength(inp, &overflow))
+ && !overflow && opt.verbose)
+ log_info(_("WARNING: `%s' is an empty file\n"), filename );
+ /* We can't encode the length of very large files because
+ OpenPGP uses only 32 bit for file sizes. So if the the
+ size of a file is larger than 2^32 minus some bytes for
+ packet headers, we switch to partial length encoding. */
+ if ( tmpsize < (IOBUF_FILELENGTH_LIMIT - 65536) )
+ filesize = tmpsize;
+ else
+ filesize = 0;
+ }
+ else
+ filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */
+
+ if (!opt.no_literal) {
+ pt->timestamp = make_timestamp();
+ pt->mode = opt.textmode? 't' : 'b';
+ pt->len = filesize;
+ pt->new_ctb = !pt->len && !RFC1991;
+ pt->buf = inp;
+ pkt.pkttype = PKT_PLAINTEXT;
+ pkt.pkt.plaintext = pt;
+ cfx.datalen = filesize && !do_compress ? calc_packet_length( &pkt ) : 0;
+ }
+ else
+ {
+ cfx.datalen = filesize && !do_compress ? filesize : 0;
+ pkt.pkttype = 0;
+ pkt.pkt.generic = NULL;
+ }
+
+ /* register the cipher filter */
+ if( mode )
+ iobuf_push_filter( out, cipher_filter, &cfx );
+ /* register the compress filter */
+ if( do_compress )
+ {
+ if (cfx.dek && cfx.dek->use_mdc)
+ zfx.new_ctb = 1;
+ push_compress_filter(out,&zfx,default_compress_algo());
+ }
+
+ /* do the work */
+ if (!opt.no_literal) {
+ if( (rc = build_packet( out, &pkt )) )
+ log_error("build_packet failed: %s\n", g10_errstr(rc) );
+ }
+ else {
+ /* user requested not to create a literal packet,
+ * so we copy the plain data */
+ byte copy_buffer[4096];
+ int bytes_copied;
+ while ((bytes_copied = iobuf_read(inp, copy_buffer, 4096)) != -1)
+ if ( (rc=iobuf_write(out, copy_buffer, bytes_copied)) ) {
+ log_error ("copying input to output failed: %s\n",
+ gpg_strerror (rc) );
+ break;
+ }
+ wipememory(copy_buffer, 4096); /* burn buffer */
+ }
+
+ /* finish the stuff */
+ iobuf_close(inp);
+ if (rc)
+ iobuf_cancel(out);
+ else {
+ iobuf_close(out); /* fixme: check returncode */
+ if (mode)
+ write_status( STATUS_END_ENCRYPTION );
+ }
+ if (pt)
+ pt->buf = NULL;
+ free_packet(&pkt);
+ xfree(cfx.dek);
+ xfree(s2k);
+ release_armor_context (afx);
+ release_progress_context (pfx);
+ return rc;
+}
+
+int
+setup_symkey(STRING2KEY **symkey_s2k,DEK **symkey_dek)
+{
+ int canceled;
+
+ *symkey_s2k=xmalloc_clear(sizeof(STRING2KEY));
+ (*symkey_s2k)->mode = opt.s2k_mode;
+ (*symkey_s2k)->hash_algo = S2K_DIGEST_ALGO;
+
+ *symkey_dek=passphrase_to_dek(NULL,0,opt.s2k_cipher_algo,
+ *symkey_s2k, 4, NULL, &canceled);
+ if(!*symkey_dek || !(*symkey_dek)->keylen)
+ {
+ xfree(*symkey_dek);
+ xfree(*symkey_s2k);
+ return gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_BAD_PASSPHRASE);
+ }
+
+ return 0;
+}
+
+static int
+write_symkey_enc(STRING2KEY *symkey_s2k,DEK *symkey_dek,DEK *dek,IOBUF out)
+{
+ int rc, seskeylen = openpgp_cipher_get_algo_keylen (dek->algo);
+
+ PKT_symkey_enc *enc;
+ byte enckey[33];
+ PACKET pkt;
+
+ enc=xmalloc_clear(sizeof(PKT_symkey_enc)+seskeylen+1);
+ encode_seskey(symkey_dek,&dek,enckey);
+
+ enc->version = 4;
+ enc->cipher_algo = opt.s2k_cipher_algo;
+ enc->s2k = *symkey_s2k;
+ enc->seskeylen = seskeylen + 1; /* algo id */
+ memcpy( enc->seskey, enckey, seskeylen + 1 );
+
+ pkt.pkttype = PKT_SYMKEY_ENC;
+ pkt.pkt.symkey_enc = enc;
+
+ if((rc=build_packet(out,&pkt)))
+ log_error("build symkey_enc packet failed: %s\n",g10_errstr(rc));
+
+ xfree(enc);
+ return rc;
+}
+
+/****************
+ * Encrypt the file with the given userids (or ask if none
+ * is supplied).
+ */
+int
+encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
+{
+ IOBUF inp = NULL, out = NULL;
+ PACKET pkt;
+ PKT_plaintext *pt = NULL;
+ DEK *symkey_dek = NULL;
+ STRING2KEY *symkey_s2k = NULL;
+ int rc = 0, rc2 = 0;
+ u32 filesize;
+ cipher_filter_context_t cfx;
+ armor_filter_context_t *afx = NULL;
+ compress_filter_context_t zfx;
+ text_filter_context_t tfx;
+ progress_filter_context_t *pfx;
+ PK_LIST pk_list,work_list;
+ int do_compress = opt.compress_algo && !RFC1991;
+
+ pfx = new_progress_context ();
+ memset( &cfx, 0, sizeof cfx);
+ memset( &zfx, 0, sizeof zfx);
+ memset( &tfx, 0, sizeof tfx);
+ init_packet(&pkt);
+
+ if(use_symkey
+ && (rc=setup_symkey(&symkey_s2k,&symkey_dek)))
+ {
+ release_progress_context (pfx);
+ return rc;
+ }
+
+ if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
+ {
+ release_progress_context (pfx);
+ return rc;
+ }
+
+ if(PGP2) {
+ for(work_list=pk_list; work_list; work_list=work_list->next)
+ if(!(is_RSA(work_list->pk->pubkey_algo) &&
+ nbits_from_pk(work_list->pk)<=2048))
+ {
+ log_info(_("you can only encrypt to RSA keys of 2048 bits or "
+ "less in --pgp2 mode\n"));
+ compliance_failure();
+ break;
+ }
+ }
+
+ /* prepare iobufs */
+ inp = iobuf_open(filename);
+ if (inp)
+ iobuf_ioctl (inp,3,1,NULL); /* disable fd caching */
+ if (inp && is_secured_file (iobuf_get_fd (inp)))
+ {
+ iobuf_close (inp);
+ inp = NULL;
+ errno = EPERM;
+ }
+ if( !inp ) {
+ rc = gpg_error_from_syserror ();
+ log_error(_("can't open `%s': %s\n"),
+ filename? filename: "[stdin]",
+ gpg_strerror (rc) );
+ goto leave;
+ }
+ else if( opt.verbose )
+ log_info(_("reading from `%s'\n"), filename? filename: "[stdin]");
+
+ handle_progress (pfx, inp, filename);
+
+ if( opt.textmode )
+ iobuf_push_filter( inp, text_filter, &tfx );
+
+ if( (rc = open_outfile( filename, opt.armor? 1:0, &out )) )
+ goto leave;
+
+ if ( opt.armor )
+ {
+ afx = new_armor_context ();
+ push_armor_filter (afx, out);
+ }
+
+ /* create a session key */
+ cfx.dek = xmalloc_secure_clear (sizeof *cfx.dek);
+ if( !opt.def_cipher_algo ) { /* try to get it from the prefs */
+ cfx.dek->algo = select_algo_from_prefs(pk_list,PREFTYPE_SYM,-1,NULL);
+ /* The only way select_algo_from_prefs can fail here is when
+ mixing v3 and v4 keys, as v4 keys have an implicit
+ preference entry for 3DES, and the pk_list cannot be empty.
+ In this case, use 3DES anyway as it's the safest choice -
+ perhaps the v3 key is being used in an OpenPGP
+ implementation and we know that the implementation behind
+ any v4 key can handle 3DES. */
+ if( cfx.dek->algo == -1 ) {
+ cfx.dek->algo = CIPHER_ALGO_3DES;
+
+ if( PGP2 ) {
+ log_info(_("unable to use the IDEA cipher for all of the keys "
+ "you are encrypting to.\n"));
+ compliance_failure();
+ }
+ }
+
+ /* In case 3DES has been selected, print a warning if
+ any key does not have a preference for AES. This
+ should help to indentify why encrypting to several
+ recipients falls back to 3DES. */
+ if (opt.verbose
+ && cfx.dek->algo == CIPHER_ALGO_3DES)
+ warn_missing_aes_from_pklist (pk_list);
+ }
+ else {
+ if(!opt.expert &&
+ select_algo_from_prefs(pk_list,PREFTYPE_SYM,
+ opt.def_cipher_algo,NULL)!=opt.def_cipher_algo)
+ log_info(_("WARNING: forcing symmetric cipher %s (%d)"
+ " violates recipient preferences\n"),
+ openpgp_cipher_algo_name (opt.def_cipher_algo),
+ opt.def_cipher_algo);
+
+ cfx.dek->algo = opt.def_cipher_algo;
+ }
+
+ cfx.dek->use_mdc=use_mdc(pk_list,cfx.dek->algo);
+
+ /* Only do the is-file-already-compressed check if we are using a
+ MDC. This forces compressed files to be re-compressed if we do
+ not have a MDC to give some protection against chosen
+ ciphertext attacks. */
+
+ if (do_compress && cfx.dek->use_mdc && is_file_compressed(filename, &rc2) )
+ {
+ if (opt.verbose)
+ log_info(_("`%s' already compressed\n"), filename);
+ do_compress = 0;
+ }
+ if (rc2)
+ {
+ rc = rc2;
+ goto leave;
+ }
+
+ make_session_key( cfx.dek );
+ if( DBG_CIPHER )
+ log_printhex ("DEK is: ", cfx.dek->key, cfx.dek->keylen );
+
+ rc = write_pubkey_enc_from_list( pk_list, cfx.dek, out );
+ if( rc )
+ goto leave;
+
+ /* We put the passphrase (if any) after any public keys as this
+ seems to be the most useful on the recipient side - there is no
+ point in prompting a user for a passphrase if they have the
+ secret key needed to decrypt. */
+ if(use_symkey && (rc=write_symkey_enc(symkey_s2k,symkey_dek,cfx.dek,out)))
+ goto leave;
+
+ if (!opt.no_literal)
+ pt=setup_plaintext_name(filename,inp);
+
+ if (!iobuf_is_pipe_filename (filename) && *filename && !opt.textmode )
+ {
+ off_t tmpsize;
+ int overflow;
+
+ if ( !(tmpsize = iobuf_get_filelength(inp, &overflow))
+ && !overflow && opt.verbose)
+ log_info(_("WARNING: `%s' is an empty file\n"), filename );
+ /* We can't encode the length of very large files because
+ OpenPGP uses only 32 bit for file sizes. So if the the
+ size of a file is larger than 2^32 minus some bytes for
+ packet headers, we switch to partial length encoding. */
+ if (tmpsize < (IOBUF_FILELENGTH_LIMIT - 65536) )
+ filesize = tmpsize;
+ else
+ filesize = 0;
+ }
+ else
+ filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */
+
+ if (!opt.no_literal) {
+ pt->timestamp = make_timestamp();
+ pt->mode = opt.textmode ? 't' : 'b';
+ pt->len = filesize;
+ pt->new_ctb = !pt->len && !RFC1991;
+ pt->buf = inp;
+ pkt.pkttype = PKT_PLAINTEXT;
+ pkt.pkt.plaintext = pt;
+ cfx.datalen = filesize && !do_compress? calc_packet_length( &pkt ) : 0;
+ }
+ else
+ cfx.datalen = filesize && !do_compress ? filesize : 0;
+
+ /* register the cipher filter */
+ iobuf_push_filter( out, cipher_filter, &cfx );
+
+ /* register the compress filter */
+ if( do_compress ) {
+ int compr_algo = opt.compress_algo;
+
+ if(compr_algo==-1)
+ {
+ if((compr_algo=
+ select_algo_from_prefs(pk_list,PREFTYPE_ZIP,-1,NULL))==-1)
+ compr_algo=DEFAULT_COMPRESS_ALGO;
+ /* Theoretically impossible to get here since uncompressed
+ is implicit. */
+ }
+ else if(!opt.expert &&
+ select_algo_from_prefs(pk_list,PREFTYPE_ZIP,
+ compr_algo,NULL)!=compr_algo)
+ log_info(_("WARNING: forcing compression algorithm %s (%d)"
+ " violates recipient preferences\n"),
+ compress_algo_to_string(compr_algo),compr_algo);
+
+ /* algo 0 means no compression */
+ if( compr_algo )
+ {
+ if (cfx.dek && cfx.dek->use_mdc)
+ zfx.new_ctb = 1;
+ push_compress_filter(out,&zfx,compr_algo);
+ }
+ }
+
+ /* do the work */
+ if (!opt.no_literal) {
+ if( (rc = build_packet( out, &pkt )) )
+ log_error("build_packet failed: %s\n", g10_errstr(rc) );
+ }
+ else {
+ /* user requested not to create a literal packet, so we copy
+ the plain data */
+ byte copy_buffer[4096];
+ int bytes_copied;
+ while ((bytes_copied = iobuf_read(inp, copy_buffer, 4096)) != -1)
+ if ( (rc=iobuf_write(out, copy_buffer, bytes_copied)) ) {
+ log_error ("copying input to output failed: %s\n",
+ gpg_strerror (rc));
+ break;
+ }
+ wipememory(copy_buffer, 4096); /* burn buffer */
+ }
+
+ /* finish the stuff */
+ leave:
+ iobuf_close(inp);
+ if( rc )
+ iobuf_cancel(out);
+ else {
+ iobuf_close(out); /* fixme: check returncode */
+ write_status( STATUS_END_ENCRYPTION );
+ }
+ if( pt )
+ pt->buf = NULL;
+ free_packet(&pkt);
+ xfree(cfx.dek);
+ xfree(symkey_dek);
+ xfree(symkey_s2k);
+ release_pk_list( pk_list );
+ release_armor_context (afx);
+ release_progress_context (pfx);
+ return rc;
+}
+
+
+
+
+/****************
+ * Filter to do a complete public key encryption.
+ */
+int
+encrypt_filter( void *opaque, int control,
+ IOBUF a, byte *buf, size_t *ret_len)
+{
+ size_t size = *ret_len;
+ encrypt_filter_context_t *efx = opaque;
+ int rc=0;
+
+ if( control == IOBUFCTRL_UNDERFLOW ) { /* decrypt */
+ BUG(); /* not used */
+ }
+ else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */
+ if( !efx->header_okay ) {
+ efx->cfx.dek = xmalloc_secure_clear( sizeof *efx->cfx.dek );
+
+ if( !opt.def_cipher_algo ) { /* try to get it from the prefs */
+ efx->cfx.dek->algo =
+ select_algo_from_prefs(efx->pk_list,PREFTYPE_SYM,-1,NULL);
+ if( efx->cfx.dek->algo == -1 ) {
+ /* because 3DES is implicitly in the prefs, this can only
+ * happen if we do not have any public keys in the list */
+ efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO;
+ }
+
+ /* In case 3DES has been selected, print a warning if
+ any key does not have a preference for AES. This
+ should help to indentify why encrypting to several
+ recipients falls back to 3DES. */
+ if (opt.verbose
+ && efx->cfx.dek->algo == CIPHER_ALGO_3DES)
+ warn_missing_aes_from_pklist (efx->pk_list);
+ }
+ else {
+ if(!opt.expert &&
+ select_algo_from_prefs(efx->pk_list,PREFTYPE_SYM,
+ opt.def_cipher_algo,
+ NULL)!=opt.def_cipher_algo)
+ log_info(_("forcing symmetric cipher %s (%d) "
+ "violates recipient preferences\n"),
+ openpgp_cipher_algo_name (opt.def_cipher_algo),
+ opt.def_cipher_algo);
+
+ efx->cfx.dek->algo = opt.def_cipher_algo;
+ }
+
+ efx->cfx.dek->use_mdc = use_mdc(efx->pk_list,efx->cfx.dek->algo);
+
+ make_session_key( efx->cfx.dek );
+ if( DBG_CIPHER )
+ log_printhex ("DEK is: ",
+ efx->cfx.dek->key, efx->cfx.dek->keylen );
+
+ rc = write_pubkey_enc_from_list( efx->pk_list, efx->cfx.dek, a );
+ if( rc )
+ return rc;
+
+ if(efx->symkey_s2k && efx->symkey_dek)
+ {
+ rc=write_symkey_enc(efx->symkey_s2k,efx->symkey_dek,
+ efx->cfx.dek,a);
+ if(rc)
+ return rc;
+ }
+
+ iobuf_push_filter( a, cipher_filter, &efx->cfx );
+
+ efx->header_okay = 1;
+ }
+ rc = iobuf_write( a, buf, size );
+
+ }
+ else if( control == IOBUFCTRL_FREE )
+ {
+ xfree(efx->symkey_dek);
+ xfree(efx->symkey_s2k);
+ }
+ else if( control == IOBUFCTRL_DESC ) {
+ *(char**)buf = "encrypt_filter";
+ }
+ return rc;
+}
+
+
+/****************
+ * Write pubkey-enc packets from the list of PKs to OUT.
+ */
+static int
+write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
+{
+ PACKET pkt;
+ PKT_public_key *pk;
+ PKT_pubkey_enc *enc;
+ int rc;
+
+ for( ; pk_list; pk_list = pk_list->next ) {
+ gcry_mpi_t frame;
+
+ pk = pk_list->pk;
+
+ print_pubkey_algo_note( pk->pubkey_algo );
+ enc = xmalloc_clear( sizeof *enc );
+ enc->pubkey_algo = pk->pubkey_algo;
+ keyid_from_pk( pk, enc->keyid );
+ enc->throw_keyid = (opt.throw_keyid || (pk_list->flags&1));
+
+ if(opt.throw_keyid && (PGP2 || PGP6 || PGP7 || PGP8))
+ {
+ log_info(_("you may not use %s while in %s mode\n"),
+ "--throw-keyid",compliance_option_string());
+ compliance_failure();
+ }
+
+ /* Okay, what's going on: We have the session key somewhere in
+ * the structure DEK and want to encode this session key in
+ * an integer value of n bits. pubkey_nbits gives us the
+ * number of bits we have to use. We then encode the session
+ * key in some way and we get it back in the big intger value
+ * FRAME. Then we use FRAME, the public key PK->PKEY and the
+ * algorithm number PK->PUBKEY_ALGO and pass it to pubkey_encrypt
+ * which returns the encrypted value in the array ENC->DATA.
+ * This array has a size which depends on the used algorithm
+ * (e.g. 2 for Elgamal). We don't need frame anymore because we
+ * have everything now in enc->data which is the passed to
+ * build_packet()
+ */
+ frame = encode_session_key (dek, pubkey_nbits (pk->pubkey_algo,
+ pk->pkey) );
+ rc = pk_encrypt (pk->pubkey_algo, enc->data, frame, pk->pkey);
+ gcry_mpi_release (frame);
+ if( rc )
+ log_error ("pubkey_encrypt failed: %s\n", gpg_strerror (rc) );
+ else {
+ if( opt.verbose ) {
+ char *ustr = get_user_id_string_native (enc->keyid);
+ log_info(_("%s/%s encrypted for: \"%s\"\n"),
+ gcry_pk_algo_name (enc->pubkey_algo),
+ openpgp_cipher_algo_name (dek->algo),
+ ustr );
+ xfree(ustr);
+ }
+ /* and write it */
+ init_packet(&pkt);
+ pkt.pkttype = PKT_PUBKEY_ENC;
+ pkt.pkt.pubkey_enc = enc;
+ rc = build_packet( out, &pkt );
+ if( rc )
+ log_error("build_packet(pubkey_enc) failed: %s\n", g10_errstr(rc));
+ }
+ free_pubkey_enc(enc);
+ if( rc )
+ return rc;
+ }
+ return 0;
+}
+
+void
+encode_crypt_files(int nfiles, char **files, strlist_t remusr)
+{
+ int rc = 0;
+
+ if (opt.outfile)
+ {
+ log_error(_("--output doesn't work for this command\n"));
+ return;
+ }
+
+ if (!nfiles)
+ {
+ char line[2048];
+ unsigned int lno = 0;
+ while ( fgets(line, DIM(line), stdin) )
+ {
+ lno++;
+ if (!*line || line[strlen(line)-1] != '\n')
+ {
+ log_error("input line %u too long or missing LF\n", lno);
+ return;
+ }
+ line[strlen(line)-1] = '\0';
+ print_file_status(STATUS_FILE_START, line, 2);
+ if ( (rc = encode_crypt(line, remusr, 0)) )
+ log_error("encryption of `%s' failed: %s\n",
+ print_fname_stdin(line), g10_errstr(rc) );
+ write_status( STATUS_FILE_DONE );
+ }
+ }
+ else
+ {
+ while (nfiles--)
+ {
+ print_file_status(STATUS_FILE_START, *files, 2);
+ if ( (rc = encode_crypt(*files, remusr, 0)) )
+ log_error("encryption of `%s' failed: %s\n",
+ print_fname_stdin(*files), g10_errstr(rc) );
+ write_status( STATUS_FILE_DONE );
+ files++;
+ }
+ }
+}
diff --git a/g10/encr-data.c b/g10/encr-data.c
new file mode 100644
index 0000000..602ae55
--- /dev/null
+++ b/g10/encr-data.c
@@ -0,0 +1,373 @@
+/* encr-data.c - process an encrypted data packet
+ * Copyright (C) 1998, 1999, 2000, 2001, 2005,
+ * 2006, 2009, 2012 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "packet.h"
+#include "cipher.h"
+#include "options.h"
+#include "i18n.h"
+#include "status.h"
+
+
+static int mdc_decode_filter ( void *opaque, int control, IOBUF a,
+ byte *buf, size_t *ret_len);
+static int decode_filter ( void *opaque, int control, IOBUF a,
+ byte *buf, size_t *ret_len);
+
+typedef struct decode_filter_context_s
+{
+ gcry_cipher_hd_t cipher_hd;
+ gcry_md_hd_t mdc_hash;
+ char defer[22];
+ int defer_filled;
+ int eof_seen;
+ int refcount;
+} *decode_filter_ctx_t;
+
+
+/* Helper to release the decode context. */
+static void
+release_dfx_context (decode_filter_ctx_t dfx)
+{
+ if (!dfx)
+ return;
+
+ assert (dfx->refcount);
+ if ( !--dfx->refcount )
+ {
+ gcry_cipher_close (dfx->cipher_hd);
+ dfx->cipher_hd = NULL;
+ gcry_md_close (dfx->mdc_hash);
+ dfx->mdc_hash = NULL;
+ xfree (dfx);
+ }
+}
+
+
+
+/****************
+ * Decrypt the data, specified by ED with the key DEK.
+ */
+int
+decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
+{
+ decode_filter_ctx_t dfx;
+ byte *p;
+ int rc=0, c, i;
+ byte temp[32];
+ unsigned blocksize;
+ unsigned nprefix;
+
+ dfx = xtrycalloc (1, sizeof *dfx);
+ if (!dfx)
+ return gpg_error_from_syserror ();
+ dfx->refcount = 1;
+
+ if ( opt.verbose && !dek->algo_info_printed )
+ {
+ if (!openpgp_cipher_test_algo (dek->algo))
+ log_info (_("%s encrypted data\n"),
+ openpgp_cipher_algo_name (dek->algo));
+ else
+ log_info (_("encrypted with unknown algorithm %d\n"), dek->algo );
+ dek->algo_info_printed = 1;
+ }
+
+ {
+ char buf[20];
+
+ snprintf (buf, sizeof buf, "%d %d", ed->mdc_method, dek->algo);
+ write_status_text (STATUS_DECRYPTION_INFO, buf);
+ }
+
+ rc = openpgp_cipher_test_algo (dek->algo);
+ if (rc)
+ goto leave;
+ blocksize = openpgp_cipher_get_algo_blklen (dek->algo);
+ if ( !blocksize || blocksize > 16 )
+ log_fatal ("unsupported blocksize %u\n", blocksize );
+ nprefix = blocksize;
+ if ( ed->len && ed->len < (nprefix+2) )
+ BUG();
+
+ if ( ed->mdc_method )
+ {
+ if (gcry_md_open (&dfx->mdc_hash, ed->mdc_method, 0 ))
+ BUG ();
+ if ( DBG_HASHING )
+ gcry_md_start_debug (dfx->mdc_hash, "checkmdc");
+ }
+
+ rc = openpgp_cipher_open (&dfx->cipher_hd, dek->algo,
+ GCRY_CIPHER_MODE_CFB,
+ (GCRY_CIPHER_SECURE
+ | ((ed->mdc_method || dek->algo >= 100)?
+ 0 : GCRY_CIPHER_ENABLE_SYNC)));
+ if (rc)
+ {
+ /* We should never get an error here cause we already checked
+ * that the algorithm is available. */
+ BUG();
+ }
+
+
+ /* log_hexdump( "thekey", dek->key, dek->keylen );*/
+ rc = gcry_cipher_setkey (dfx->cipher_hd, dek->key, dek->keylen);
+ if ( gpg_err_code (rc) == GPG_ERR_WEAK_KEY )
+ {
+ log_info(_("WARNING: message was encrypted with"
+ " a weak key in the symmetric cipher.\n"));
+ rc=0;
+ }
+ else if( rc )
+ {
+ log_error("key setup failed: %s\n", g10_errstr(rc) );
+ goto leave;
+ }
+
+ if (!ed->buf)
+ {
+ log_error(_("problem handling encrypted packet\n"));
+ goto leave;
+ }
+
+ gcry_cipher_setiv (dfx->cipher_hd, NULL, 0);
+
+ if ( ed->len )
+ {
+ for (i=0; i < (nprefix+2) && ed->len; i++, ed->len-- )
+ {
+ if ( (c=iobuf_get(ed->buf)) == -1 )
+ break;
+ else
+ temp[i] = c;
+ }
+ }
+ else
+ {
+ for (i=0; i < (nprefix+2); i++ )
+ if ( (c=iobuf_get(ed->buf)) == -1 )
+ break;
+ else
+ temp[i] = c;
+ }
+
+ gcry_cipher_decrypt (dfx->cipher_hd, temp, nprefix+2, NULL, 0);
+ gcry_cipher_sync (dfx->cipher_hd);
+ p = temp;
+ /* log_hexdump( "prefix", temp, nprefix+2 ); */
+ if (dek->symmetric
+ && (p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1]) )
+ {
+ rc = gpg_error (GPG_ERR_BAD_KEY);
+ goto leave;
+ }
+
+ if ( dfx->mdc_hash )
+ gcry_md_write (dfx->mdc_hash, temp, nprefix+2);
+
+ dfx->refcount++;
+ if ( ed->mdc_method )
+ iobuf_push_filter ( ed->buf, mdc_decode_filter, dfx );
+ else
+ iobuf_push_filter ( ed->buf, decode_filter, dfx );
+
+ proc_packets ( procctx, ed->buf );
+ ed->buf = NULL;
+ if ( ed->mdc_method && dfx->eof_seen == 2 )
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ else if ( ed->mdc_method )
+ {
+ /* We used to let parse-packet.c handle the MDC packet but this
+ turned out to be a problem with compressed packets: With old
+ style packets there is no length information available and
+ the decompressor uses an implicit end. However we can't know
+ this implicit end beforehand (:-) and thus may feed the
+ decompressor with more bytes than actually needed. It would
+ be possible to unread the extra bytes but due to our weird
+ iobuf system any unread is non reliable due to filters
+ already popped off. The easy and sane solution is to care
+ about the MDC packet only here and never pass it to the
+ packet parser. Fortunatley the OpenPGP spec requires a
+ strict format for the MDC packet so that we know that 22
+ bytes are appended. */
+ int datalen = gcry_md_get_algo_dlen (ed->mdc_method);
+
+ assert (dfx->cipher_hd);
+ assert (dfx->mdc_hash);
+ gcry_cipher_decrypt (dfx->cipher_hd, dfx->defer, 22, NULL, 0);
+ gcry_md_write (dfx->mdc_hash, dfx->defer, 2);
+ gcry_md_final (dfx->mdc_hash);
+
+ if (dfx->defer[0] != '\xd3' || dfx->defer[1] != '\x14' )
+ {
+ log_error("mdc_packet with invalid encoding\n");
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ }
+ else if (datalen != 20
+ || memcmp (gcry_md_read (dfx->mdc_hash, 0),
+ dfx->defer+2,datalen ))
+ rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
+ /* log_printhex("MDC message:", dfx->defer, 22); */
+ /* log_printhex("MDC calc:", gcry_md_read (dfx->mdc_hash,0), datalen); */
+ }
+
+
+ leave:
+ release_dfx_context (dfx);
+ return rc;
+}
+
+
+
+/* I think we should merge this with cipher_filter */
+static int
+mdc_decode_filter (void *opaque, int control, IOBUF a,
+ byte *buf, size_t *ret_len)
+{
+ decode_filter_ctx_t dfx = opaque;
+ size_t n, size = *ret_len;
+ int rc = 0;
+ int c;
+
+ if ( control == IOBUFCTRL_UNDERFLOW && dfx->eof_seen )
+ {
+ *ret_len = 0;
+ rc = -1;
+ }
+ else if( control == IOBUFCTRL_UNDERFLOW )
+ {
+ assert (a);
+ assert ( size > 44 );
+
+ /* Get at least 22 bytes and put it somewhere ahead in the buffer. */
+ for (n=22; n < 44 ; n++ )
+ {
+ if( (c = iobuf_get(a)) == -1 )
+ break;
+ buf[n] = c;
+ }
+ if ( n == 44 )
+ {
+ /* We have enough stuff - flush the deferred stuff. */
+ /* (we asserted that the buffer is large enough) */
+ if ( !dfx->defer_filled ) /* First time. */
+ {
+ memcpy (buf, buf+22, 22 );
+ n = 22;
+ }
+ else
+ {
+ memcpy (buf, dfx->defer, 22 );
+ }
+ /* Now fill up. */
+ for (; n < size; n++ )
+ {
+ if ( (c = iobuf_get(a)) == -1 )
+ break;
+ buf[n] = c;
+ }
+ /* Move the last 22 bytes back to the defer buffer. */
+ /* (right, we are wasting 22 bytes of the supplied buffer.) */
+ n -= 22;
+ memcpy (dfx->defer, buf+n, 22 );
+ dfx->defer_filled = 1;
+ }
+ else if ( !dfx->defer_filled ) /* EOF seen but empty defer buffer. */
+ {
+ /* This is bad because it means an incomplete hash. */
+ n -= 22;
+ memcpy (buf, buf+22, n );
+ dfx->eof_seen = 2; /* EOF with incomplete hash. */
+ }
+ else /* EOF seen (i.e. read less than 22 bytes). */
+ {
+ memcpy (buf, dfx->defer, 22 );
+ n -= 22;
+ memcpy (dfx->defer, buf+n, 22 );
+ dfx->eof_seen = 1; /* Normal EOF. */
+ }
+
+ if ( n )
+ {
+ if ( dfx->cipher_hd )
+ gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0);
+ if ( dfx->mdc_hash )
+ gcry_md_write (dfx->mdc_hash, buf, n);
+ }
+ else
+ {
+ assert ( dfx->eof_seen );
+ rc = -1; /* eof */
+ }
+ *ret_len = n;
+ }
+ else if ( control == IOBUFCTRL_FREE )
+ {
+ release_dfx_context (dfx);
+ }
+ else if ( control == IOBUFCTRL_DESC )
+ {
+ *(char**)buf = "mdc_decode_filter";
+ }
+ return rc;
+}
+
+
+static int
+decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len)
+{
+ decode_filter_ctx_t fc = opaque;
+ size_t n, size = *ret_len;
+ int rc = 0;
+
+ if ( control == IOBUFCTRL_UNDERFLOW )
+ {
+ assert(a);
+ n = iobuf_read ( a, buf, size );
+ if ( n == -1 )
+ n = 0;
+ if ( n )
+ {
+ if (fc->cipher_hd)
+ gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0);
+ }
+ else
+ rc = -1; /* EOF */
+ *ret_len = n;
+ }
+ else if ( control == IOBUFCTRL_FREE )
+ {
+ release_dfx_context (fc);
+ }
+ else if ( control == IOBUFCTRL_DESC )
+ {
+ *(char**)buf = "decode_filter";
+ }
+ return rc;
+}
+
diff --git a/g10/exec.c b/g10/exec.c
new file mode 100644
index 0000000..6ab2479
--- /dev/null
+++ b/g10/exec.c
@@ -0,0 +1,624 @@
+/* exec.c - generic call-a-program code
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ FIXME: We should replace most code in this module by our
+ spawn implementation from common/exechelp.c.
+ */
+
+
+#include <config.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#ifndef EXEC_TEMPFILE_ONLY
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_DOSISH_SYSTEM
+#include <windows.h>
+#endif
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "i18n.h"
+#include "iobuf.h"
+#include "util.h"
+#include "mkdtemp.h" /* From gnulib. */
+#include "membuf.h"
+#include "exec.h"
+
+#ifdef NO_EXEC
+int
+exec_write(struct exec_info **info,const char *program,
+ const char *args_in,const char *name,int writeonly,int binary)
+{
+ log_error(_("no remote program execution supported\n"));
+ return G10ERR_GENERAL;
+}
+
+int
+exec_read(struct exec_info *info) { return G10ERR_GENERAL; }
+int
+exec_finish(struct exec_info *info) { return G10ERR_GENERAL; }
+int
+set_exec_path(const char *path) { return G10ERR_GENERAL; }
+
+#else /* ! NO_EXEC */
+
+#if defined (_WIN32)
+/* This is a nicer system() for windows that waits for programs to
+ return before returning control to the caller. I hate helpful
+ computers. */
+static int
+w32_system(const char *command)
+{
+ PROCESS_INFORMATION pi;
+ STARTUPINFO si;
+ char *string;
+
+ /* We must use a copy of the command as CreateProcess modifies this
+ argument. */
+ string=xstrdup(command);
+
+ memset(&pi,0,sizeof(pi));
+ memset(&si,0,sizeof(si));
+ si.cb=sizeof(si);
+
+ if(!CreateProcess(NULL,string,NULL,NULL,FALSE,
+ DETACHED_PROCESS,
+ NULL,NULL,&si,&pi))
+ return -1;
+
+ /* Wait for the child to exit */
+ WaitForSingleObject(pi.hProcess,INFINITE);
+
+ CloseHandle(pi.hProcess);
+ CloseHandle(pi.hThread);
+ xfree(string);
+
+ return 0;
+}
+#endif
+
+/* Replaces current $PATH */
+int
+set_exec_path(const char *path)
+{
+ char *p;
+
+ p=xmalloc(5+strlen(path)+1);
+ strcpy(p,"PATH=");
+ strcat(p,path);
+
+ if(DBG_EXTPROG)
+ log_debug("set_exec_path: %s\n",p);
+
+ /* Notice that path is never freed. That is intentional due to the
+ way putenv() works. This leaks a few bytes if we call
+ set_exec_path multiple times. */
+
+ if(putenv(p)!=0)
+ return G10ERR_GENERAL;
+ else
+ return 0;
+}
+
+/* Makes a temp directory and filenames */
+static int
+make_tempdir(struct exec_info *info)
+{
+ char *tmp=opt.temp_dir,*namein=info->name,*nameout;
+
+ if(!namein)
+ namein=info->flags.binary?"tempin" EXTSEP_S "bin":"tempin" EXTSEP_S "txt";
+
+ nameout=info->flags.binary?"tempout" EXTSEP_S "bin":"tempout" EXTSEP_S "txt";
+
+ /* Make up the temp dir and files in case we need them */
+
+ if(tmp==NULL)
+ {
+#if defined (_WIN32)
+ int err;
+
+ tmp=xmalloc(MAX_PATH+2);
+ err=GetTempPath(MAX_PATH+1,tmp);
+ if(err==0 || err>MAX_PATH+1)
+ strcpy(tmp,"c:\\windows\\temp");
+ else
+ {
+ int len=strlen(tmp);
+
+ /* GetTempPath may return with \ on the end */
+ while(len>0 && tmp[len-1]=='\\')
+ {
+ tmp[len-1]='\0';
+ len--;
+ }
+ }
+#else /* More unixish systems */
+ tmp=getenv("TMPDIR");
+ if(tmp==NULL)
+ {
+ tmp=getenv("TMP");
+ if(tmp==NULL)
+ {
+#ifdef __riscos__
+ tmp="<Wimp$ScrapDir>.GnuPG";
+ mkdir(tmp,0700); /* Error checks occur later on */
+#else
+ tmp="/tmp";
+#endif
+ }
+ }
+#endif
+ }
+
+ info->tempdir=xmalloc(strlen(tmp)+strlen(DIRSEP_S)+10+1);
+
+ sprintf(info->tempdir,"%s" DIRSEP_S "gpg-XXXXXX",tmp);
+
+#if defined (_WIN32)
+ xfree(tmp);
+#endif
+
+ if(mkdtemp(info->tempdir)==NULL)
+ log_error(_("can't create directory `%s': %s\n"),
+ info->tempdir,strerror(errno));
+ else
+ {
+ info->flags.madedir=1;
+
+ info->tempfile_in=xmalloc(strlen(info->tempdir)+
+ strlen(DIRSEP_S)+strlen(namein)+1);
+ sprintf(info->tempfile_in,"%s" DIRSEP_S "%s",info->tempdir,namein);
+
+ if(!info->flags.writeonly)
+ {
+ info->tempfile_out=xmalloc(strlen(info->tempdir)+
+ strlen(DIRSEP_S)+strlen(nameout)+1);
+ sprintf(info->tempfile_out,"%s" DIRSEP_S "%s",info->tempdir,nameout);
+ }
+ }
+
+ return info->flags.madedir?0:G10ERR_GENERAL;
+}
+
+/* Expands %i and %o in the args to the full temp files within the
+ temp directory. */
+static int
+expand_args(struct exec_info *info,const char *args_in)
+{
+ const char *ch = args_in;
+ membuf_t command;
+
+ info->flags.use_temp_files=0;
+ info->flags.keep_temp_files=0;
+
+ if(DBG_EXTPROG)
+ log_debug("expanding string \"%s\"\n",args_in);
+
+ init_membuf (&command, 100);
+
+ while(*ch!='\0')
+ {
+ if(*ch=='%')
+ {
+ char *append=NULL;
+
+ ch++;
+
+ switch(*ch)
+ {
+ case 'O':
+ info->flags.keep_temp_files=1;
+ /* fall through */
+
+ case 'o': /* out */
+ if(!info->flags.madedir)
+ {
+ if(make_tempdir(info))
+ goto fail;
+ }
+ append=info->tempfile_out;
+ info->flags.use_temp_files=1;
+ break;
+
+ case 'I':
+ info->flags.keep_temp_files=1;
+ /* fall through */
+
+ case 'i': /* in */
+ if(!info->flags.madedir)
+ {
+ if(make_tempdir(info))
+ goto fail;
+ }
+ append=info->tempfile_in;
+ info->flags.use_temp_files=1;
+ break;
+
+ case '%':
+ append="%";
+ break;
+ }
+
+ if(append)
+ put_membuf_str (&command, append);
+ }
+ else
+ put_membuf (&command, ch, 1);
+
+ ch++;
+ }
+
+ put_membuf (&command, "", 1); /* Terminate string. */
+
+ info->command = get_membuf (&command, NULL);
+ if (!info->command)
+ return gpg_error_from_syserror ();
+
+ if(DBG_EXTPROG)
+ log_debug("args expanded to \"%s\", use %u, keep %u\n",info->command,
+ info->flags.use_temp_files,info->flags.keep_temp_files);
+
+ return 0;
+
+ fail:
+ xfree (get_membuf (&command, NULL));
+ return G10ERR_GENERAL;
+}
+
+/* Either handles the tempfile creation, or the fork/exec. If it
+ returns ok, then info->tochild is a FILE * that can be written to.
+ The rules are: if there are no args, then it's a fork/exec/pipe.
+ If there are args, but no tempfiles, then it's a fork/exec/pipe via
+ shell -c. If there are tempfiles, then it's a system. */
+
+int
+exec_write(struct exec_info **info,const char *program,
+ const char *args_in,const char *name,int writeonly,int binary)
+{
+ int ret=G10ERR_GENERAL;
+
+ if(opt.exec_disable && !opt.no_perm_warn)
+ {
+ log_info(_("external program calls are disabled due to unsafe "
+ "options file permissions\n"));
+
+ return ret;
+ }
+
+#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
+ /* There should be no way to get to this spot while still carrying
+ setuid privs. Just in case, bomb out if we are. */
+ if ( getuid () != geteuid ())
+ BUG ();
+#endif
+
+ if(program==NULL && args_in==NULL)
+ BUG();
+
+ *info=xmalloc_clear(sizeof(struct exec_info));
+
+ if(name)
+ (*info)->name=xstrdup(name);
+ (*info)->flags.binary=binary;
+ (*info)->flags.writeonly=writeonly;
+
+ /* Expand the args, if any */
+ if(args_in && expand_args(*info,args_in))
+ goto fail;
+
+#ifdef EXEC_TEMPFILE_ONLY
+ if(!(*info)->flags.use_temp_files)
+ {
+ log_error(_("this platform requires temporary files when calling"
+ " external programs\n"));
+ goto fail;
+ }
+
+#else /* !EXEC_TEMPFILE_ONLY */
+
+ /* If there are no args, or there are args, but no temp files, we
+ can use fork/exec/pipe */
+ if(args_in==NULL || (*info)->flags.use_temp_files==0)
+ {
+ int to[2],from[2];
+
+ if(pipe(to)==-1)
+ goto fail;
+
+ if(pipe(from)==-1)
+ {
+ close(to[0]);
+ close(to[1]);
+ goto fail;
+ }
+
+ if(((*info)->child=fork())==-1)
+ {
+ close(to[0]);
+ close(to[1]);
+ close(from[0]);
+ close(from[1]);
+ goto fail;
+ }
+
+ if((*info)->child==0)
+ {
+ char *shell=getenv("SHELL");
+
+ if(shell==NULL)
+ shell="/bin/sh";
+
+ /* I'm the child */
+
+ /* If the program isn't going to respond back, they get to
+ keep their stdout/stderr */
+ if(!(*info)->flags.writeonly)
+ {
+ /* implied close of STDERR */
+ if(dup2(STDOUT_FILENO,STDERR_FILENO)==-1)
+ _exit(1);
+
+ /* implied close of STDOUT */
+ close(from[0]);
+ if(dup2(from[1],STDOUT_FILENO)==-1)
+ _exit(1);
+ }
+
+ /* implied close of STDIN */
+ close(to[1]);
+ if(dup2(to[0],STDIN_FILENO)==-1)
+ _exit(1);
+
+ if(args_in==NULL)
+ {
+ if(DBG_EXTPROG)
+ log_debug("execlp: %s\n",program);
+
+ execlp(program,program,(void *)NULL);
+ }
+ else
+ {
+ if(DBG_EXTPROG)
+ log_debug("execlp: %s -c %s\n",shell,(*info)->command);
+
+ execlp(shell,shell,"-c",(*info)->command,(void *)NULL);
+ }
+
+ /* If we get this far the exec failed. Clean up and return. */
+
+ if(args_in==NULL)
+ log_error(_("unable to execute program `%s': %s\n"),
+ program,strerror(errno));
+ else
+ log_error(_("unable to execute shell `%s': %s\n"),
+ shell,strerror(errno));
+
+ /* This mimics the POSIX sh behavior - 127 means "not found"
+ from the shell. */
+ if(errno==ENOENT)
+ _exit(127);
+
+ _exit(1);
+ }
+
+ /* I'm the parent */
+
+ close(to[0]);
+
+ (*info)->tochild=fdopen(to[1],binary?"wb":"w");
+ if((*info)->tochild==NULL)
+ {
+ ret = gpg_error_from_syserror ();
+ close(to[1]);
+ goto fail;
+ }
+
+ close(from[1]);
+
+ (*info)->fromchild=iobuf_fdopen(from[0],"r");
+ if((*info)->fromchild==NULL)
+ {
+ ret = gpg_error_from_syserror ();
+ close(from[0]);
+ goto fail;
+ }
+
+ /* fd iobufs are cached?! */
+ iobuf_ioctl((*info)->fromchild,3,1,NULL);
+
+ return 0;
+ }
+#endif /* !EXEC_TEMPFILE_ONLY */
+
+ if(DBG_EXTPROG)
+ log_debug("using temp file `%s'\n",(*info)->tempfile_in);
+
+ /* It's not fork/exec/pipe, so create a temp file */
+ if( is_secured_filename ((*info)->tempfile_in) )
+ {
+ (*info)->tochild = NULL;
+ errno = EPERM;
+ }
+ else
+ (*info)->tochild=fopen((*info)->tempfile_in,binary?"wb":"w");
+ if((*info)->tochild==NULL)
+ {
+ ret = gpg_error_from_syserror ();
+ log_error(_("can't create `%s': %s\n"),
+ (*info)->tempfile_in,strerror(errno));
+ goto fail;
+ }
+
+ ret=0;
+
+ fail:
+ if (ret)
+ {
+ xfree (*info);
+ *info = NULL;
+ }
+ return ret;
+}
+
+int
+exec_read(struct exec_info *info)
+{
+ int ret=G10ERR_GENERAL;
+
+ fclose(info->tochild);
+ info->tochild=NULL;
+
+ if(info->flags.use_temp_files)
+ {
+ if(DBG_EXTPROG)
+ log_debug("system() command is %s\n",info->command);
+
+#if defined (_WIN32)
+ info->progreturn=w32_system(info->command);
+#else
+ info->progreturn=system(info->command);
+#endif
+
+ if(info->progreturn==-1)
+ {
+ log_error(_("system error while calling external program: %s\n"),
+ strerror(errno));
+ info->progreturn=127;
+ goto fail;
+ }
+
+#if defined(WIFEXITED) && defined(WEXITSTATUS)
+ if(WIFEXITED(info->progreturn))
+ info->progreturn=WEXITSTATUS(info->progreturn);
+ else
+ {
+ log_error(_("unnatural exit of external program\n"));
+ info->progreturn=127;
+ goto fail;
+ }
+#else
+ /* If we don't have the macros, do the best we can. */
+ info->progreturn = (info->progreturn & 0xff00) >> 8;
+#endif
+
+ /* 127 is the magic value returned from system() to indicate
+ that the shell could not be executed, or from /bin/sh to
+ indicate that the program could not be executed. */
+
+ if(info->progreturn==127)
+ {
+ log_error(_("unable to execute external program\n"));
+ goto fail;
+ }
+
+ if(!info->flags.writeonly)
+ {
+ info->fromchild=iobuf_open(info->tempfile_out);
+ if (info->fromchild
+ && is_secured_file (iobuf_get_fd (info->fromchild)))
+ {
+ iobuf_close (info->fromchild);
+ info->fromchild = NULL;
+ errno = EPERM;
+ }
+ if(info->fromchild==NULL)
+ {
+ ret = gpg_error_from_syserror ();
+ log_error(_("unable to read external program response: %s\n"),
+ strerror(errno));
+ goto fail;
+ }
+
+ /* Do not cache this iobuf on close */
+ iobuf_ioctl(info->fromchild,3,1,NULL);
+ }
+ }
+
+ ret=0;
+
+ fail:
+ return ret;
+}
+
+int
+exec_finish(struct exec_info *info)
+{
+ int ret=info->progreturn;
+
+ if(info->fromchild)
+ iobuf_close(info->fromchild);
+
+ if(info->tochild)
+ fclose(info->tochild);
+
+#ifndef EXEC_TEMPFILE_ONLY
+ if(info->child>0)
+ {
+ if(waitpid(info->child,&info->progreturn,0)!=0 &&
+ WIFEXITED(info->progreturn))
+ ret=WEXITSTATUS(info->progreturn);
+ else
+ {
+ log_error(_("unnatural exit of external program\n"));
+ ret=127;
+ }
+ }
+#endif
+
+ if(info->flags.madedir && !info->flags.keep_temp_files)
+ {
+ if(info->tempfile_in)
+ {
+ if(unlink(info->tempfile_in)==-1)
+ log_info(_("WARNING: unable to remove tempfile (%s) `%s': %s\n"),
+ "in",info->tempfile_in,strerror(errno));
+ }
+
+ if(info->tempfile_out)
+ {
+ if(unlink(info->tempfile_out)==-1)
+ log_info(_("WARNING: unable to remove tempfile (%s) `%s': %s\n"),
+ "out",info->tempfile_out,strerror(errno));
+ }
+
+ if(rmdir(info->tempdir)==-1)
+ log_info(_("WARNING: unable to remove temp directory `%s': %s\n"),
+ info->tempdir,strerror(errno));
+ }
+
+ xfree(info->command);
+ xfree(info->name);
+ xfree(info->tempdir);
+ xfree(info->tempfile_in);
+ xfree(info->tempfile_out);
+ xfree(info);
+
+ return ret;
+}
+#endif /* ! NO_EXEC */
diff --git a/g10/exec.h b/g10/exec.h
new file mode 100644
index 0000000..51304ad
--- /dev/null
+++ b/g10/exec.h
@@ -0,0 +1,51 @@
+/* exec.h
+ * Copyright (C) 2001, 2002, 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _EXEC_H_
+#define _EXEC_H_
+
+#include <unistd.h>
+#include <stdio.h>
+
+#include "../common/iobuf.h"
+
+struct exec_info
+{
+ int progreturn;
+ struct
+ {
+ unsigned int binary:1;
+ unsigned int writeonly:1;
+ unsigned int madedir:1;
+ unsigned int use_temp_files:1;
+ unsigned int keep_temp_files:1;
+ } flags;
+ pid_t child;
+ FILE *tochild;
+ iobuf_t fromchild;
+ char *command,*name,*tempdir,*tempfile_in,*tempfile_out;
+};
+
+int exec_write(struct exec_info **info,const char *program,
+ const char *args_in,const char *name,int writeonly,int binary);
+int exec_read(struct exec_info *info);
+int exec_finish(struct exec_info *info);
+int set_exec_path(const char *path);
+
+#endif /* !_EXEC_H_ */
diff --git a/g10/export.c b/g10/export.c
new file mode 100644
index 0000000..09faa03
--- /dev/null
+++ b/g10/export.c
@@ -0,0 +1,756 @@
+/* export.c
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ * 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "packet.h"
+#include "status.h"
+#include "keydb.h"
+#include "util.h"
+#include "main.h"
+#include "i18n.h"
+#include "trustdb.h"
+
+
+/* An object to keep track of subkeys. */
+struct subkey_list_s
+{
+ struct subkey_list_s *next;
+ u32 kid[2];
+};
+typedef struct subkey_list_s *subkey_list_t;
+
+
+static int do_export( strlist_t users, int secret, unsigned int options );
+static int do_export_stream( IOBUF out, strlist_t users, int secret,
+ KBNODE *keyblock_out, unsigned int options,
+ int *any );
+static int build_sexp (iobuf_t out, PACKET *pkt, int *indent);
+
+
+int
+parse_export_options(char *str,unsigned int *options,int noisy)
+{
+ struct parse_options export_opts[]=
+ {
+ {"export-local-sigs",EXPORT_LOCAL_SIGS,NULL,
+ N_("export signatures that are marked as local-only")},
+ {"export-attributes",EXPORT_ATTRIBUTES,NULL,
+ N_("export attribute user IDs (generally photo IDs)")},
+ {"export-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL,
+ N_("export revocation keys marked as \"sensitive\"")},
+ {"export-reset-subkey-passwd",EXPORT_RESET_SUBKEY_PASSWD,NULL,
+ N_("remove the passphrase from exported subkeys")},
+ {"export-clean",EXPORT_CLEAN,NULL,
+ N_("remove unusable parts from key during export")},
+ {"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN,NULL,
+ N_("remove as much as possible from key during export")},
+ {"export-sexp-format",EXPORT_SEXP_FORMAT, NULL,
+ N_("export keys in an S-expression based format")},
+ /* Aliases for backward compatibility */
+ {"include-local-sigs",EXPORT_LOCAL_SIGS,NULL,NULL},
+ {"include-attributes",EXPORT_ATTRIBUTES,NULL,NULL},
+ {"include-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL,NULL},
+ /* dummy */
+ {"export-unusable-sigs",0,NULL,NULL},
+ {"export-clean-sigs",0,NULL,NULL},
+ {"export-clean-uids",0,NULL,NULL},
+ {NULL,0,NULL,NULL}
+ /* add tags for include revoked and disabled? */
+ };
+
+ return parse_options(str,options,export_opts,noisy);
+}
+
+
+/****************
+ * Export the public keys (to standard out or --output).
+ * Depending on opt.armor the output is armored.
+ * options are defined in main.h.
+ * If USERS is NULL, the complete ring will be exported. */
+int
+export_pubkeys( strlist_t users, unsigned int options )
+{
+ return do_export( users, 0, options );
+}
+
+/****************
+ * Export to an already opened stream; return -1 if no keys have
+ * been exported
+ */
+int
+export_pubkeys_stream( IOBUF out, strlist_t users,
+ KBNODE *keyblock_out, unsigned int options )
+{
+ int any, rc;
+
+ rc = do_export_stream( out, users, 0, keyblock_out, options, &any );
+ if( !rc && !any )
+ rc = -1;
+ return rc;
+}
+
+int
+export_seckeys( strlist_t users )
+{
+ /* Use only relevant options for the secret key. */
+ unsigned int options = (opt.export_options & EXPORT_SEXP_FORMAT);
+ return do_export( users, 1, options );
+}
+
+int
+export_secsubkeys( strlist_t users )
+{
+ /* Use only relevant options for the secret key. */
+ unsigned int options = (opt.export_options & EXPORT_SEXP_FORMAT);
+ return do_export( users, 2, options );
+}
+
+static int
+do_export( strlist_t users, int secret, unsigned int options )
+{
+ IOBUF out = NULL;
+ int any, rc;
+ armor_filter_context_t *afx = NULL;
+ compress_filter_context_t zfx;
+
+ memset( &zfx, 0, sizeof zfx);
+
+ rc = open_outfile( NULL, 0, &out );
+ if (rc)
+ return rc;
+
+ if (!(options & EXPORT_SEXP_FORMAT))
+ {
+ if ( opt.armor )
+ {
+ afx = new_armor_context ();
+ afx->what = secret? 5 : 1;
+ push_armor_filter (afx, out);
+ }
+ if ( opt.compress_keys )
+ push_compress_filter (out,&zfx,default_compress_algo());
+ }
+
+ rc = do_export_stream ( out, users, secret, NULL, options, &any );
+
+ if ( rc || !any )
+ iobuf_cancel (out);
+ else
+ iobuf_close (out);
+ release_armor_context (afx);
+ return rc;
+}
+
+
+
+/* Release an entire subkey list. */
+static void
+release_subkey_list (subkey_list_t list)
+{
+ while (list)
+ {
+ subkey_list_t tmp = list->next;;
+ xfree (list);
+ list = tmp;
+ }
+}
+
+
+/* Returns true if NODE is a subkey and contained in LIST. */
+static int
+subkey_in_list_p (subkey_list_t list, KBNODE node)
+{
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY )
+ {
+ u32 kid[2];
+
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ keyid_from_pk (node->pkt->pkt.public_key, kid);
+ else
+ keyid_from_sk (node->pkt->pkt.secret_key, kid);
+
+ for (; list; list = list->next)
+ if (list->kid[0] == kid[0] && list->kid[1] == kid[1])
+ return 1;
+ }
+ return 0;
+}
+
+/* Allocate a new subkey list item from NODE. */
+static subkey_list_t
+new_subkey_list_item (KBNODE node)
+{
+ subkey_list_t list = xcalloc (1, sizeof *list);
+
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ keyid_from_pk (node->pkt->pkt.public_key, list->kid);
+ else if (node->pkt->pkttype == PKT_SECRET_SUBKEY)
+ keyid_from_sk (node->pkt->pkt.secret_key, list->kid);
+
+ return list;
+}
+
+
+/* Helper function to check whether the subkey at NODE actually
+ matches the description at DESC. The function returns true if the
+ key under question has been specified by an exact specification
+ (keyID or fingerprint) and does match the one at NODE. It is
+ assumed that the packet at NODE is either a public or secret
+ subkey. */
+static int
+exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, KBNODE node)
+{
+ u32 kid[2];
+ byte fpr[MAX_FINGERPRINT_LEN];
+ size_t fprlen;
+ int result = 0;
+
+ switch(desc->mode)
+ {
+ case KEYDB_SEARCH_MODE_SHORT_KID:
+ case KEYDB_SEARCH_MODE_LONG_KID:
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ keyid_from_pk (node->pkt->pkt.public_key, kid);
+ else
+ keyid_from_sk (node->pkt->pkt.secret_key, kid);
+ break;
+
+ case KEYDB_SEARCH_MODE_FPR16:
+ case KEYDB_SEARCH_MODE_FPR20:
+ case KEYDB_SEARCH_MODE_FPR:
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ fingerprint_from_pk (node->pkt->pkt.public_key, fpr,&fprlen);
+ else
+ fingerprint_from_sk (node->pkt->pkt.secret_key, fpr,&fprlen);
+ break;
+
+ default:
+ break;
+ }
+
+ switch(desc->mode)
+ {
+ case KEYDB_SEARCH_MODE_SHORT_KID:
+ if (desc->u.kid[1] == kid[1])
+ result = 1;
+ break;
+
+ case KEYDB_SEARCH_MODE_LONG_KID:
+ if (desc->u.kid[0] == kid[0] && desc->u.kid[1] == kid[1])
+ result = 1;
+ break;
+
+ case KEYDB_SEARCH_MODE_FPR16:
+ if (!memcmp (desc->u.fpr, fpr, 16))
+ result = 1;
+ break;
+
+ case KEYDB_SEARCH_MODE_FPR20:
+ case KEYDB_SEARCH_MODE_FPR:
+ if (!memcmp (desc->u.fpr, fpr, 20))
+ result = 1;
+ break;
+
+ default:
+ break;
+ }
+
+ return result;
+}
+
+
+/* If keyblock_out is non-NULL, AND the exit code is zero, then it
+ contains a pointer to the first keyblock found and exported. No
+ other keyblocks are exported. The caller must free it. */
+static int
+do_export_stream( IOBUF out, strlist_t users, int secret,
+ KBNODE *keyblock_out, unsigned int options, int *any )
+{
+ int rc = 0;
+ PACKET pkt;
+ KBNODE keyblock = NULL;
+ KBNODE kbctx, node;
+ size_t ndesc, descindex;
+ KEYDB_SEARCH_DESC *desc = NULL;
+ subkey_list_t subkey_list = NULL; /* Track alreay processed subkeys. */
+ KEYDB_HANDLE kdbhd;
+ strlist_t sl;
+ int indent = 0;
+
+ *any = 0;
+ init_packet( &pkt );
+ kdbhd = keydb_new (secret);
+
+ if (!users) {
+ ndesc = 1;
+ desc = xcalloc ( ndesc, sizeof *desc );
+ desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
+ }
+ else {
+ for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
+ ;
+ desc = xmalloc ( ndesc * sizeof *desc);
+
+ for (ndesc=0, sl=users; sl; sl = sl->next) {
+ if (classify_user_id (sl->d, desc+ndesc))
+ ndesc++;
+ else
+ log_error (_("key \"%s\" not found: %s\n"),
+ sl->d, g10_errstr (G10ERR_INV_USER_ID));
+ }
+
+ /* It would be nice to see which of the given users did
+ actually match one in the keyring. To implement this we
+ need to have a found flag for each entry in desc and to set
+ this we must check all those entries after a match to mark
+ all matched one - currently we stop at the first match. To
+ do this we need an extra flag to enable this feature so */
+ }
+
+#ifdef ENABLE_SELINUX_HACKS
+ if (secret) {
+ log_error (_("exporting secret keys not allowed\n"));
+ rc = G10ERR_GENERAL;
+ goto leave;
+ }
+#endif
+
+ while (!(rc = keydb_search2 (kdbhd, desc, ndesc, &descindex))) {
+ int sha1_warned=0,skip_until_subkey=0;
+ u32 sk_keyid[2];
+
+ if (!users)
+ desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
+
+ /* Read the keyblock. */
+ rc = keydb_get_keyblock (kdbhd, &keyblock );
+ if( rc ) {
+ log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
+ goto leave;
+ }
+
+ if((node=find_kbnode(keyblock,PKT_SECRET_KEY)))
+ {
+ PKT_secret_key *sk=node->pkt->pkt.secret_key;
+
+ keyid_from_sk(sk,sk_keyid);
+
+ /* We can't apply GNU mode 1001 on an unprotected key. */
+ if( secret == 2 && !sk->is_protected )
+ {
+ log_info(_("key %s: not protected - skipped\n"),
+ keystr(sk_keyid));
+ continue;
+ }
+
+ /* No v3 keys with GNU mode 1001. */
+ if( secret == 2 && sk->version == 3 )
+ {
+ log_info(_("key %s: PGP 2.x style key - skipped\n"),
+ keystr(sk_keyid));
+ continue;
+ }
+
+ /* It does not make sense to export a key with a primary
+ key on card using a non-key stub. We simply skip those
+ keys when used with --export-secret-subkeys. */
+ if (secret == 2 && sk->is_protected
+ && sk->protect.s2k.mode == 1002 )
+ {
+ log_info(_("key %s: key material on-card - skipped\n"),
+ keystr(sk_keyid));
+ continue;
+ }
+ }
+ else
+ {
+ /* It's a public key export, so do the cleaning if
+ requested. Note that both export-clean and
+ export-minimal only apply to UID sigs (0x10, 0x11,
+ 0x12, and 0x13). A designated revocation is never
+ stripped, even with export-minimal set. */
+
+ if(options&EXPORT_CLEAN)
+ clean_key(keyblock,opt.verbose,options&EXPORT_MINIMAL,NULL,NULL);
+ }
+
+ /* And write it. */
+ for( kbctx=NULL; (node = walk_kbnode( keyblock, &kbctx, 0 )); ) {
+ if( skip_until_subkey )
+ {
+ if(node->pkt->pkttype==PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype==PKT_SECRET_SUBKEY)
+ skip_until_subkey=0;
+ else
+ continue;
+ }
+
+ /* We used to use comment packets, but not any longer. In
+ case we still have comments on a key, strip them here
+ before we call build_packet(). */
+ if( node->pkt->pkttype == PKT_COMMENT )
+ continue;
+
+ /* Make sure that ring_trust packets never get exported. */
+ if (node->pkt->pkttype == PKT_RING_TRUST)
+ continue;
+
+ /* If exact is set, then we only export what was requested
+ (plus the primary key, if the user didn't specifically
+ request it). */
+ if(desc[descindex].exact
+ && (node->pkt->pkttype==PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype==PKT_SECRET_SUBKEY))
+ {
+ if (!exact_subkey_match_p (desc+descindex, node))
+ {
+ /* Before skipping this subkey, check whether any
+ other description wants an exact match on a
+ subkey and include that subkey into the output
+ too. Need to add this subkey to a list so that
+ it won't get processed a second time.
+
+ So the first step here is to check that list and
+ skip in any case if the key is in that list.
+
+ We need this whole mess because the import
+ function is not able to merge secret keys and
+ thus it is useless to output them as two
+ separate keys and have import merge them. */
+ if (subkey_in_list_p (subkey_list, node))
+ skip_until_subkey = 1; /* Already processed this one. */
+ else
+ {
+ size_t j;
+
+ for (j=0; j < ndesc; j++)
+ if (j != descindex && desc[j].exact
+ && exact_subkey_match_p (desc+j, node))
+ break;
+ if (!(j < ndesc))
+ skip_until_subkey = 1; /* No other one matching. */
+ }
+ }
+
+ if(skip_until_subkey)
+ continue;
+
+ /* Mark this one as processed. */
+ {
+ subkey_list_t tmp = new_subkey_list_item (node);
+ tmp->next = subkey_list;
+ subkey_list = tmp;
+ }
+ }
+
+ if(node->pkt->pkttype==PKT_SIGNATURE)
+ {
+ /* do not export packets which are marked as not
+ exportable */
+ if(!(options&EXPORT_LOCAL_SIGS)
+ && !node->pkt->pkt.signature->flags.exportable)
+ continue; /* not exportable */
+
+ /* Do not export packets with a "sensitive" revocation
+ key unless the user wants us to. Note that we do
+ export these when issuing the actual revocation
+ (see revoke.c). */
+ if(!(options&EXPORT_SENSITIVE_REVKEYS)
+ && node->pkt->pkt.signature->revkey)
+ {
+ int i;
+
+ for(i=0;i<node->pkt->pkt.signature->numrevkeys;i++)
+ if(node->pkt->pkt.signature->revkey[i]->class & 0x40)
+ break;
+
+ if(i<node->pkt->pkt.signature->numrevkeys)
+ continue;
+ }
+ }
+
+ /* Don't export attribs? */
+ if( !(options&EXPORT_ATTRIBUTES) &&
+ node->pkt->pkttype == PKT_USER_ID &&
+ node->pkt->pkt.user_id->attrib_data ) {
+ /* Skip until we get to something that is not an attrib
+ or a signature on an attrib */
+ while(kbctx->next && kbctx->next->pkt->pkttype==PKT_SIGNATURE) {
+ kbctx=kbctx->next;
+ }
+
+ continue;
+ }
+
+ if( secret == 2 && node->pkt->pkttype == PKT_SECRET_KEY )
+ {
+ /* We don't want to export the secret parts of the
+ * primary key, this is done by using GNU protection mode 1001
+ */
+ int save_mode = node->pkt->pkt.secret_key->protect.s2k.mode;
+ node->pkt->pkt.secret_key->protect.s2k.mode = 1001;
+ if ((options&EXPORT_SEXP_FORMAT))
+ rc = build_sexp (out, node->pkt, &indent);
+ else
+ rc = build_packet (out, node->pkt);
+ node->pkt->pkt.secret_key->protect.s2k.mode = save_mode;
+ }
+ else if (secret == 2 && node->pkt->pkttype == PKT_SECRET_SUBKEY
+ && (opt.export_options&EXPORT_RESET_SUBKEY_PASSWD))
+ {
+ /* If the subkey is protected reset the passphrase to
+ export an unprotected subkey. This feature is
+ useful in cases of a subkey copied to an unattended
+ machine where a passphrase is not required. */
+ PKT_secret_key *sk_save, *sk;
+
+ sk_save = node->pkt->pkt.secret_key;
+ sk = copy_secret_key (NULL, sk_save);
+ node->pkt->pkt.secret_key = sk;
+
+ log_info (_("about to export an unprotected subkey\n"));
+ switch (is_secret_key_protected (sk))
+ {
+ case -1:
+ rc = G10ERR_PUBKEY_ALGO;
+ break;
+ case 0:
+ break;
+ default:
+ if (sk->protect.s2k.mode == 1001)
+ ; /* No secret parts. */
+ else if( sk->protect.s2k.mode == 1002 )
+ ; /* Card key stub. */
+ else
+ {
+ rc = check_secret_key( sk, 0 );
+ }
+ break;
+ }
+ if (rc)
+ {
+ node->pkt->pkt.secret_key = sk_save;
+ free_secret_key (sk);
+ log_error (_("failed to unprotect the subkey: %s\n"),
+ g10_errstr (rc));
+ goto leave;
+ }
+
+ if ((options&EXPORT_SEXP_FORMAT))
+ rc = build_sexp (out, node->pkt, &indent);
+ else
+ rc = build_packet (out, node->pkt);
+
+ node->pkt->pkt.secret_key = sk_save;
+ free_secret_key (sk);
+ }
+ else
+ {
+ /* Warn the user if the secret key or any of the secret
+ subkeys are protected with SHA1 and we have
+ simple_sk_checksum set. */
+ if(!sha1_warned && opt.simple_sk_checksum &&
+ (node->pkt->pkttype==PKT_SECRET_KEY ||
+ node->pkt->pkttype==PKT_SECRET_SUBKEY) &&
+ node->pkt->pkt.secret_key->protect.sha1chk)
+ {
+ /* I hope this warning doesn't confuse people. */
+ log_info(_("WARNING: secret key %s does not have a "
+ "simple SK checksum\n"),keystr(sk_keyid));
+
+ sha1_warned=1;
+ }
+
+ if ((options&EXPORT_SEXP_FORMAT))
+ rc = build_sexp (out, node->pkt, &indent);
+ else
+ rc = build_packet (out, node->pkt);
+ }
+
+ if( rc ) {
+ log_error("build_packet(%d) failed: %s\n",
+ node->pkt->pkttype, g10_errstr(rc) );
+ goto leave;
+ }
+ }
+
+ if ((options&EXPORT_SEXP_FORMAT) && indent)
+ {
+ for (; indent; indent--)
+ iobuf_put (out, ')');
+ iobuf_put (out, '\n');
+ }
+
+ ++*any;
+ if(keyblock_out)
+ {
+ *keyblock_out=keyblock;
+ break;
+ }
+ }
+ if ((options&EXPORT_SEXP_FORMAT) && indent)
+ {
+ for (; indent; indent--)
+ iobuf_put (out, ')');
+ iobuf_put (out, '\n');
+ }
+ if( rc == -1 )
+ rc = 0;
+
+ leave:
+ release_subkey_list (subkey_list);
+ xfree(desc);
+ keydb_release (kdbhd);
+ if(rc || keyblock_out==NULL)
+ release_kbnode( keyblock );
+ if( !*any )
+ log_info(_("WARNING: nothing exported\n"));
+ return rc;
+}
+
+
+
+static int
+write_sexp_line (iobuf_t out, int *indent, const char *text)
+{
+ int i;
+
+ for (i=0; i < *indent; i++)
+ iobuf_put (out, ' ');
+ iobuf_writestr (out, text);
+ return 0;
+}
+
+static int
+write_sexp_keyparm (iobuf_t out, int *indent, const char *name, gcry_mpi_t a)
+{
+ int rc;
+ unsigned char *buffer;
+
+ write_sexp_line (out, indent, "(");
+ iobuf_writestr (out, name);
+ iobuf_writestr (out, " #");
+
+ rc = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, a);
+ assert (!rc);
+ iobuf_writestr (out, buffer);
+ iobuf_writestr (out, "#)");
+ gcry_free (buffer);
+ return 0;
+}
+
+static int
+build_sexp_seckey (iobuf_t out, PACKET *pkt, int *indent)
+{
+ PKT_secret_key *sk = pkt->pkt.secret_key;
+ char tmpbuf[100];
+
+ if (pkt->pkttype == PKT_SECRET_KEY)
+ {
+ iobuf_writestr (out, "(openpgp-key\n");
+ (*indent)++;
+ }
+ else
+ {
+ iobuf_writestr (out, " (subkey\n");
+ (*indent)++;
+ }
+ (*indent)++;
+ write_sexp_line (out, indent, "(private-key\n");
+ (*indent)++;
+ if (is_RSA (sk->pubkey_algo) && !sk->is_protected)
+ {
+ write_sexp_line (out, indent, "(rsa\n");
+ (*indent)++;
+ write_sexp_keyparm (out, indent, "n", sk->skey[0]); iobuf_put (out,'\n');
+ write_sexp_keyparm (out, indent, "e", sk->skey[1]); iobuf_put (out,'\n');
+ write_sexp_keyparm (out, indent, "d", sk->skey[2]); iobuf_put (out,'\n');
+ write_sexp_keyparm (out, indent, "p", sk->skey[3]); iobuf_put (out,'\n');
+ write_sexp_keyparm (out, indent, "q", sk->skey[4]); iobuf_put (out,'\n');
+ write_sexp_keyparm (out, indent, "u", sk->skey[5]);
+ iobuf_put (out,')'); iobuf_put (out,'\n');
+ (*indent)--;
+ }
+ else if (sk->pubkey_algo == PUBKEY_ALGO_DSA && !sk->is_protected)
+ {
+ write_sexp_line (out, indent, "(dsa\n");
+ (*indent)++;
+ write_sexp_keyparm (out, indent, "p", sk->skey[0]); iobuf_put (out,'\n');
+ write_sexp_keyparm (out, indent, "q", sk->skey[1]); iobuf_put (out,'\n');
+ write_sexp_keyparm (out, indent, "g", sk->skey[2]); iobuf_put (out,'\n');
+ write_sexp_keyparm (out, indent, "y", sk->skey[3]); iobuf_put (out,'\n');
+ write_sexp_keyparm (out, indent, "x", sk->skey[4]);
+ iobuf_put (out,')'); iobuf_put (out,'\n');
+ (*indent)--;
+ }
+ else if (is_ELGAMAL (sk->pubkey_algo) && !sk->is_protected)
+ {
+ write_sexp_line (out, indent, "(elg\n");
+ (*indent)++;
+ write_sexp_keyparm (out, indent, "p", sk->skey[0]); iobuf_put (out,'\n');
+ write_sexp_keyparm (out, indent, "g", sk->skey[2]); iobuf_put (out,'\n');
+ write_sexp_keyparm (out, indent, "y", sk->skey[3]); iobuf_put (out,'\n');
+ write_sexp_keyparm (out, indent, "x", sk->skey[4]);
+ iobuf_put (out,')'); iobuf_put (out,'\n');
+ (*indent)--;
+ }
+ write_sexp_line (out, indent, "(attrib\n"); (*indent)++;
+ sprintf (tmpbuf, "(created \"%lu\"", (unsigned long)sk->timestamp);
+ write_sexp_line (out, indent, tmpbuf);
+ iobuf_put (out,')'); (*indent)--; /* close created */
+ iobuf_put (out,')'); (*indent)--; /* close attrib */
+ iobuf_put (out,')'); (*indent)--; /* close private-key */
+ if (pkt->pkttype != PKT_SECRET_KEY)
+ iobuf_put (out,')'), (*indent)--; /* close subkey */
+ iobuf_put (out,'\n');
+
+ return 0;
+}
+
+
+/* For some packet types we write them in a S-expression format. This
+ is still EXPERIMENTAL and subject to change. */
+static int
+build_sexp (iobuf_t out, PACKET *pkt, int *indent)
+{
+ int rc;
+
+ switch (pkt->pkttype)
+ {
+ case PKT_SECRET_KEY:
+ case PKT_SECRET_SUBKEY:
+ rc = build_sexp_seckey (out, pkt, indent);
+ break;
+ default:
+ rc = 0;
+ break;
+ }
+ return rc;
+}
+
diff --git a/g10/filter.h b/g10/filter.h
new file mode 100644
index 0000000..923cfda
--- /dev/null
+++ b/g10/filter.h
@@ -0,0 +1,163 @@
+/* filter.h
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003,
+ * 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef G10_FILTER_H
+#define G10_FILTER_H
+
+#include "types.h"
+#include "cipher.h"
+
+typedef struct {
+ gcry_md_hd_t md; /* catch all */
+ gcry_md_hd_t md2; /* if we want to calculate an alternate hash */
+ size_t maxbuf_size;
+} md_filter_context_t;
+
+typedef struct {
+ int refcount; /* Initialized to 1. */
+
+ /* these fields may be initialized */
+ int what; /* what kind of armor headers to write */
+ int only_keyblocks; /* skip all headers but ".... key block" */
+ const char *hdrlines; /* write these headerlines */
+
+ /* these fields must be initialized to zero */
+ int no_openpgp_data; /* output flag: "No valid OpenPGP data found" */
+
+ /* the following fields must be initialized to zero */
+ int inp_checked; /* set if the input has been checked */
+ int inp_bypass; /* set if the input is not armored */
+ int in_cleartext; /* clear text message */
+ int not_dash_escaped; /* clear text is not dash escaped */
+ int hashes; /* detected hash algorithms */
+ int faked; /* we are faking a literal data packet */
+ int truncated; /* number of truncated lines */
+ int qp_detected;
+ int pgp2mode;
+ byte eol[3]; /* The end of line characters as a
+ zero-terminated string. Defaults
+ (eol[0]=='\0') to whatever the local
+ platform uses. */
+
+ byte *buffer; /* malloced buffer */
+ unsigned buffer_size; /* and size of this buffer */
+ unsigned buffer_len; /* used length of the buffer */
+ unsigned buffer_pos; /* read position */
+
+ byte radbuf[4];
+ int idx, idx2;
+ u32 crc;
+
+ int status; /* an internal state flag */
+ int cancel;
+ int any_data; /* any valid armored data seen */
+ int pending_lf; /* used together with faked */
+} armor_filter_context_t;
+
+struct unarmor_pump_s;
+typedef struct unarmor_pump_s *UnarmorPump;
+
+
+struct compress_filter_context_s {
+ int status;
+ void *opaque; /* (used for z_stream) */
+ byte *inbuf;
+ unsigned inbufsize;
+ byte *outbuf;
+ unsigned outbufsize;
+ int algo; /* compress algo */
+ int algo1hack;
+ int new_ctb;
+ void (*release)(struct compress_filter_context_s*);
+};
+typedef struct compress_filter_context_s compress_filter_context_t;
+
+
+typedef struct {
+ DEK *dek;
+ u32 datalen;
+ gcry_cipher_hd_t cipher_hd;
+ int header;
+ gcry_md_hd_t mdc_hash;
+ byte enchash[20];
+ int create_mdc; /* flag will be set by the cipher filter */
+} cipher_filter_context_t;
+
+
+
+typedef struct {
+ byte *buffer; /* malloced buffer */
+ unsigned buffer_size; /* and size of this buffer */
+ unsigned buffer_len; /* used length of the buffer */
+ unsigned buffer_pos; /* read position */
+ int truncated; /* number of truncated lines */
+ int not_dash_escaped;
+ int escape_from;
+ gcry_md_hd_t md;
+ int pending_lf;
+ int pending_esc;
+} text_filter_context_t;
+
+
+typedef struct {
+ char *what; /* description */
+ u32 last_time; /* last time reported */
+ unsigned long last; /* last amount reported */
+ unsigned long offset; /* current amount */
+ unsigned long total; /* total amount */
+ int refcount;
+} progress_filter_context_t;
+
+/* encrypt_filter_context_t defined in main.h */
+
+/*-- mdfilter.c --*/
+int md_filter( void *opaque, int control, iobuf_t a, byte *buf, size_t *ret_len);
+void free_md_filter_context( md_filter_context_t *mfx );
+
+/*-- armor.c --*/
+armor_filter_context_t *new_armor_context (void);
+void release_armor_context (armor_filter_context_t *afx);
+int push_armor_filter (armor_filter_context_t *afx, iobuf_t iobuf);
+int use_armor_filter( iobuf_t a );
+UnarmorPump unarmor_pump_new (void);
+void unarmor_pump_release (UnarmorPump x);
+int unarmor_pump (UnarmorPump x, int c);
+
+/*-- compress.c --*/
+void push_compress_filter(iobuf_t out,compress_filter_context_t *zfx,int algo);
+void push_compress_filter2(iobuf_t out,compress_filter_context_t *zfx,
+ int algo,int rel);
+
+/*-- cipher.c --*/
+int cipher_filter( void *opaque, int control,
+ iobuf_t chain, byte *buf, size_t *ret_len);
+
+/*-- textfilter.c --*/
+int text_filter( void *opaque, int control,
+ iobuf_t chain, byte *buf, size_t *ret_len);
+int copy_clearsig_text (iobuf_t out, iobuf_t inp, gcry_md_hd_t md,
+ int escape_dash, int escape_from, int pgp2mode);
+
+/*-- progress.c --*/
+progress_filter_context_t *new_progress_context (void);
+void release_progress_context (progress_filter_context_t *pfx);
+void handle_progress (progress_filter_context_t *pfx,
+ iobuf_t inp, const char *name);
+
+#endif /*G10_FILTER_H*/
diff --git a/g10/free-packet.c b/g10/free-packet.c
new file mode 100644
index 0000000..85f23ce
--- /dev/null
+++ b/g10/free-packet.c
@@ -0,0 +1,567 @@
+/* free-packet.c - cleanup stuff for packets
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+ * 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "packet.h"
+#include "../common/iobuf.h"
+#include "util.h"
+#include "cipher.h"
+#include "options.h"
+
+
+void
+free_symkey_enc( PKT_symkey_enc *enc )
+{
+ xfree(enc);
+}
+
+void
+free_pubkey_enc( PKT_pubkey_enc *enc )
+{
+ int n, i;
+ n = pubkey_get_nenc( enc->pubkey_algo );
+ if( !n )
+ mpi_release(enc->data[0]);
+ for(i=0; i < n; i++ )
+ mpi_release( enc->data[i] );
+ xfree(enc);
+}
+
+void
+free_seckey_enc( PKT_signature *sig )
+{
+ int n, i;
+
+ n = pubkey_get_nsig( sig->pubkey_algo );
+ if( !n )
+ mpi_release(sig->data[0]);
+ for(i=0; i < n; i++ )
+ mpi_release( sig->data[i] );
+
+ xfree(sig->revkey);
+ xfree(sig->hashed);
+ xfree(sig->unhashed);
+
+ if (sig->pka_info)
+ {
+ xfree (sig->pka_info->uri);
+ xfree (sig->pka_info);
+ }
+
+ xfree(sig);
+}
+
+
+void
+release_public_key_parts( PKT_public_key *pk )
+{
+ int n, i;
+ n = pubkey_get_npkey( pk->pubkey_algo );
+ if( !n )
+ mpi_release(pk->pkey[0]);
+ for(i=0; i < n; i++ ) {
+ mpi_release( pk->pkey[i] );
+ pk->pkey[i] = NULL;
+ }
+ if (pk->prefs) {
+ xfree (pk->prefs);
+ pk->prefs = NULL;
+ }
+ if (pk->user_id) {
+ free_user_id (pk->user_id);
+ pk->user_id = NULL;
+ }
+ if (pk->revkey) {
+ xfree(pk->revkey);
+ pk->revkey=NULL;
+ pk->numrevkeys=0;
+ }
+}
+
+
+void
+free_public_key( PKT_public_key *pk )
+{
+ release_public_key_parts( pk );
+ xfree(pk);
+}
+
+
+static subpktarea_t *
+cp_subpktarea (subpktarea_t *s )
+{
+ subpktarea_t *d;
+
+ if( !s )
+ return NULL;
+ d = xmalloc (sizeof (*d) + s->size - 1 );
+ d->size = s->size;
+ d->len = s->len;
+ memcpy (d->data, s->data, s->len);
+ return d;
+}
+
+/*
+ * Return a copy of the preferences
+ */
+prefitem_t *
+copy_prefs (const prefitem_t *prefs)
+{
+ size_t n;
+ prefitem_t *new;
+
+ if (!prefs)
+ return NULL;
+
+ for (n=0; prefs[n].type; n++)
+ ;
+ new = xmalloc ( sizeof (*new) * (n+1));
+ for (n=0; prefs[n].type; n++) {
+ new[n].type = prefs[n].type;
+ new[n].value = prefs[n].value;
+ }
+ new[n].type = PREFTYPE_NONE;
+ new[n].value = 0;
+
+ return new;
+}
+
+
+PKT_public_key *
+copy_public_key ( PKT_public_key *d, PKT_public_key *s)
+{
+ int n, i;
+
+ if( !d )
+ d = xmalloc(sizeof *d);
+ memcpy( d, s, sizeof *d );
+ d->user_id = scopy_user_id (s->user_id);
+ d->prefs = copy_prefs (s->prefs);
+ n = pubkey_get_npkey( s->pubkey_algo );
+ if( !n )
+ d->pkey[0] = mpi_copy(s->pkey[0]);
+ else {
+ for(i=0; i < n; i++ )
+ d->pkey[i] = mpi_copy( s->pkey[i] );
+ }
+ if( !s->revkey && s->numrevkeys )
+ BUG();
+ if( s->numrevkeys ) {
+ d->revkey = xmalloc(sizeof(struct revocation_key)*s->numrevkeys);
+ memcpy(d->revkey,s->revkey,sizeof(struct revocation_key)*s->numrevkeys);
+ }
+ else
+ d->revkey = NULL;
+ return d;
+}
+
+/****************
+ * Replace all common parts of a sk by the one from the public key.
+ * This is a hack and a better solution will be to just store the real secret
+ * parts somewhere and don't duplicate all the other stuff.
+ */
+void
+copy_public_parts_to_secret_key( PKT_public_key *pk, PKT_secret_key *sk )
+{
+ sk->expiredate = pk->expiredate;
+ sk->pubkey_algo = pk->pubkey_algo;
+ sk->pubkey_usage= pk->pubkey_usage;
+ sk->req_usage = pk->req_usage;
+ sk->req_algo = pk->req_algo;
+ sk->has_expired = pk->has_expired;
+ sk->is_revoked = pk->is_revoked;
+ sk->is_valid = pk->is_valid;
+ sk->main_keyid[0]= pk->main_keyid[0];
+ sk->main_keyid[1]= pk->main_keyid[1];
+ sk->keyid[0] = pk->keyid[0];
+ sk->keyid[1] = pk->keyid[1];
+}
+
+
+static pka_info_t *
+cp_pka_info (const pka_info_t *s)
+{
+ pka_info_t *d = xmalloc (sizeof *s + strlen (s->email));
+
+ d->valid = s->valid;
+ d->checked = s->checked;
+ d->uri = s->uri? xstrdup (s->uri):NULL;
+ memcpy (d->fpr, s->fpr, sizeof s->fpr);
+ strcpy (d->email, s->email);
+ return d;
+}
+
+
+PKT_signature *
+copy_signature( PKT_signature *d, PKT_signature *s )
+{
+ int n, i;
+
+ if( !d )
+ d = xmalloc(sizeof *d);
+ memcpy( d, s, sizeof *d );
+ n = pubkey_get_nsig( s->pubkey_algo );
+ if( !n )
+ d->data[0] = mpi_copy(s->data[0]);
+ else {
+ for(i=0; i < n; i++ )
+ d->data[i] = mpi_copy( s->data[i] );
+ }
+ d->pka_info = s->pka_info? cp_pka_info (s->pka_info) : NULL;
+ d->hashed = cp_subpktarea (s->hashed);
+ d->unhashed = cp_subpktarea (s->unhashed);
+ if(s->numrevkeys)
+ {
+ d->revkey=NULL;
+ d->numrevkeys=0;
+ parse_revkeys(d);
+ }
+ return d;
+}
+
+
+/*
+ * shallow copy of the user ID
+ */
+PKT_user_id *
+scopy_user_id (PKT_user_id *s)
+{
+ if (s)
+ s->ref++;
+ return s;
+}
+
+
+
+void
+release_secret_key_parts( PKT_secret_key *sk )
+{
+ int n, i;
+
+ n = pubkey_get_nskey( sk->pubkey_algo );
+ if( !n )
+ mpi_release(sk->skey[0]);
+ for(i=0; i < n; i++ ) {
+ mpi_release( sk->skey[i] );
+ sk->skey[i] = NULL;
+ }
+}
+
+void
+free_secret_key( PKT_secret_key *sk )
+{
+ release_secret_key_parts( sk );
+ xfree(sk);
+}
+
+PKT_secret_key *
+copy_secret_key( PKT_secret_key *d, PKT_secret_key *s )
+{
+ int n, i;
+
+ if( !d )
+ d = xmalloc_secure(sizeof *d);
+ else
+ release_secret_key_parts (d);
+ memcpy( d, s, sizeof *d );
+ n = pubkey_get_nskey( s->pubkey_algo );
+ if( !n )
+ d->skey[0] = mpi_copy(s->skey[0]);
+ else {
+ for(i=0; i < n; i++ )
+ d->skey[i] = mpi_copy( s->skey[i] );
+ }
+
+ return d;
+}
+
+void
+free_comment( PKT_comment *rem )
+{
+ xfree(rem);
+}
+
+void
+free_attributes(PKT_user_id *uid)
+{
+ xfree(uid->attribs);
+ xfree(uid->attrib_data);
+
+ uid->attribs=NULL;
+ uid->attrib_data=NULL;
+ uid->attrib_len=0;
+}
+
+void
+free_user_id (PKT_user_id *uid)
+{
+ assert (uid->ref > 0);
+ if (--uid->ref)
+ return;
+
+ free_attributes(uid);
+ xfree (uid->prefs);
+ xfree (uid->namehash);
+ xfree (uid);
+}
+
+void
+free_compressed( PKT_compressed *zd )
+{
+ if( zd->buf ) { /* have to skip some bytes */
+ /* don't have any information about the length, so
+ * we assume this is the last packet */
+ while( iobuf_read( zd->buf, NULL, 1<<30 ) != -1 )
+ ;
+ }
+ xfree(zd);
+}
+
+void
+free_encrypted( PKT_encrypted *ed )
+{
+ if( ed->buf ) { /* have to skip some bytes */
+ if( ed->is_partial ) {
+ while( iobuf_read( ed->buf, NULL, 1<<30 ) != -1 )
+ ;
+ }
+ else {
+ while( ed->len ) { /* skip the packet */
+ int n = iobuf_read( ed->buf, NULL, ed->len );
+ if( n == -1 )
+ ed->len = 0;
+ else
+ ed->len -= n;
+ }
+ }
+ }
+ xfree(ed);
+}
+
+
+void
+free_plaintext( PKT_plaintext *pt )
+{
+ if( pt->buf ) { /* have to skip some bytes */
+ if( pt->is_partial ) {
+ while( iobuf_read( pt->buf, NULL, 1<<30 ) != -1 )
+ ;
+ }
+ else {
+ while( pt->len ) { /* skip the packet */
+ int n = iobuf_read( pt->buf, NULL, pt->len );
+ if( n == -1 )
+ pt->len = 0;
+ else
+ pt->len -= n;
+ }
+ }
+ }
+ xfree(pt);
+}
+
+/****************
+ * Free the packet in pkt.
+ */
+void
+free_packet( PACKET *pkt )
+{
+ if( !pkt || !pkt->pkt.generic )
+ return;
+
+ if( DBG_MEMORY )
+ log_debug("free_packet() type=%d\n", pkt->pkttype );
+
+ switch( pkt->pkttype ) {
+ case PKT_SIGNATURE:
+ free_seckey_enc( pkt->pkt.signature );
+ break;
+ case PKT_PUBKEY_ENC:
+ free_pubkey_enc( pkt->pkt.pubkey_enc );
+ break;
+ case PKT_SYMKEY_ENC:
+ free_symkey_enc( pkt->pkt.symkey_enc );
+ break;
+ case PKT_PUBLIC_KEY:
+ case PKT_PUBLIC_SUBKEY:
+ free_public_key( pkt->pkt.public_key );
+ break;
+ case PKT_SECRET_KEY:
+ case PKT_SECRET_SUBKEY:
+ free_secret_key( pkt->pkt.secret_key );
+ break;
+ case PKT_COMMENT:
+ free_comment( pkt->pkt.comment );
+ break;
+ case PKT_USER_ID:
+ free_user_id( pkt->pkt.user_id );
+ break;
+ case PKT_COMPRESSED:
+ free_compressed( pkt->pkt.compressed);
+ break;
+ case PKT_ENCRYPTED:
+ case PKT_ENCRYPTED_MDC:
+ free_encrypted( pkt->pkt.encrypted );
+ break;
+ case PKT_PLAINTEXT:
+ free_plaintext( pkt->pkt.plaintext );
+ break;
+ default:
+ xfree( pkt->pkt.generic );
+ break;
+ }
+ pkt->pkt.generic = NULL;
+}
+
+/****************
+ * returns 0 if they match.
+ */
+int
+cmp_public_keys( PKT_public_key *a, PKT_public_key *b )
+{
+ int n, i;
+
+ if( a->timestamp != b->timestamp )
+ return -1;
+ if( a->version < 4 && a->expiredate != b->expiredate )
+ return -1;
+ if( a->pubkey_algo != b->pubkey_algo )
+ return -1;
+
+ n = pubkey_get_npkey( b->pubkey_algo );
+ if( !n )
+ return -1; /* can't compare due to unknown algorithm */
+ for(i=0; i < n; i++ ) {
+ if( mpi_cmp( a->pkey[i], b->pkey[i] ) )
+ return -1;
+ }
+
+ return 0;
+}
+
+/****************
+ * Returns 0 if they match.
+ * We only compare the public parts.
+ */
+int
+cmp_secret_keys( PKT_secret_key *a, PKT_secret_key *b )
+{
+ int n, i;
+
+ if( a->timestamp != b->timestamp )
+ return -1;
+ if( a->version < 4 && a->expiredate != b->expiredate )
+ return -1;
+ if( a->pubkey_algo != b->pubkey_algo )
+ return -1;
+
+ n = pubkey_get_npkey( b->pubkey_algo );
+ if( !n )
+ return -1; /* can't compare due to unknown algorithm */
+ for(i=0; i < n; i++ ) {
+ if( mpi_cmp( a->skey[i], b->skey[i] ) )
+ return -1;
+ }
+
+ return 0;
+}
+
+/****************
+ * Returns 0 if they match.
+ */
+int
+cmp_public_secret_key( PKT_public_key *pk, PKT_secret_key *sk )
+{
+ int n, i;
+
+ if( pk->timestamp != sk->timestamp )
+ return -1;
+ if( pk->version < 4 && pk->expiredate != sk->expiredate )
+ return -1;
+ if( pk->pubkey_algo != sk->pubkey_algo )
+ return -1;
+
+ n = pubkey_get_npkey( pk->pubkey_algo );
+ if( !n )
+ return -1; /* can't compare due to unknown algorithm */
+ for(i=0; i < n; i++ ) {
+ if( mpi_cmp( pk->pkey[i] , sk->skey[i] ) )
+ return -1;
+ }
+ return 0;
+}
+
+
+
+int
+cmp_signatures( PKT_signature *a, PKT_signature *b )
+{
+ int n, i;
+
+ if( a->keyid[0] != b->keyid[0] )
+ return -1;
+ if( a->keyid[1] != b->keyid[1] )
+ return -1;
+ if( a->pubkey_algo != b->pubkey_algo )
+ return -1;
+
+ n = pubkey_get_nsig( a->pubkey_algo );
+ if( !n )
+ return -1; /* can't compare due to unknown algorithm */
+ for(i=0; i < n; i++ ) {
+ if( mpi_cmp( a->data[i] , b->data[i] ) )
+ return -1;
+ }
+ return 0;
+}
+
+
+/****************
+ * Returns: true if the user ids do not match
+ */
+int
+cmp_user_ids( PKT_user_id *a, PKT_user_id *b )
+{
+ int res=1;
+
+ if( a == b )
+ return 0;
+
+ if( a->attrib_data && b->attrib_data )
+ {
+ res = a->attrib_len - b->attrib_len;
+ if( !res )
+ res = memcmp( a->attrib_data, b->attrib_data, a->attrib_len );
+ }
+ else if( !a->attrib_data && !b->attrib_data )
+ {
+ res = a->len - b->len;
+ if( !res )
+ res = memcmp( a->name, b->name, a->len );
+ }
+
+ return res;
+}
diff --git a/g10/getkey.c b/g10/getkey.c
new file mode 100644
index 0000000..54843cf
--- /dev/null
+++ b/g10/getkey.c
@@ -0,0 +1,3156 @@
+/* getkey.c - Get a key from the database
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
+ * 2007, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <ctype.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "packet.h"
+#include "iobuf.h"
+#include "keydb.h"
+#include "options.h"
+#include "main.h"
+#include "trustdb.h"
+#include "i18n.h"
+#include "keyserver-internal.h"
+
+#define MAX_PK_CACHE_ENTRIES PK_UID_CACHE_SIZE
+#define MAX_UID_CACHE_ENTRIES PK_UID_CACHE_SIZE
+
+#if MAX_PK_CACHE_ENTRIES < 2
+#error We need the cache for key creation
+#endif
+
+struct getkey_ctx_s {
+ int exact;
+ KBNODE keyblock;
+ KBPOS kbpos;
+ KBNODE found_key; /* Pointer into some keyblock. */
+ strlist_t extra_list; /* Will be freed when releasing the context. */
+ int last_rc;
+ int req_usage;
+ int req_algo;
+ KEYDB_HANDLE kr_handle;
+ int not_allocated;
+ int nitems;
+ KEYDB_SEARCH_DESC items[1];
+};
+
+#if 0
+static struct {
+ int any;
+ int okay_count;
+ int nokey_count;
+ int error_count;
+} lkup_stats[21];
+#endif
+
+typedef struct keyid_list {
+ struct keyid_list *next;
+ u32 keyid[2];
+} *keyid_list_t;
+
+
+#if MAX_PK_CACHE_ENTRIES
+ typedef struct pk_cache_entry {
+ struct pk_cache_entry *next;
+ u32 keyid[2];
+ PKT_public_key *pk;
+ } *pk_cache_entry_t;
+ static pk_cache_entry_t pk_cache;
+ static int pk_cache_entries; /* number of entries in pk cache */
+ static int pk_cache_disabled;
+#endif
+
+#if MAX_UID_CACHE_ENTRIES < 5
+#error we really need the userid cache
+#endif
+typedef struct user_id_db {
+ struct user_id_db *next;
+ keyid_list_t keyids;
+ int len;
+ char name[1];
+} *user_id_db_t;
+static user_id_db_t user_id_db;
+static int uid_cache_entries; /* number of entries in uid cache */
+
+static void merge_selfsigs( KBNODE keyblock );
+static int lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode );
+
+#if 0
+static void
+print_stats()
+{
+ int i;
+ for(i=0; i < DIM(lkup_stats); i++ ) {
+ if( lkup_stats[i].any )
+ fprintf(stderr,
+ "lookup stats: mode=%-2d ok=%-6d nokey=%-6d err=%-6d\n",
+ i,
+ lkup_stats[i].okay_count,
+ lkup_stats[i].nokey_count,
+ lkup_stats[i].error_count );
+ }
+}
+#endif
+
+
+void
+cache_public_key( PKT_public_key *pk )
+{
+#if MAX_PK_CACHE_ENTRIES
+ pk_cache_entry_t ce;
+ u32 keyid[2];
+
+ if( pk_cache_disabled )
+ return;
+
+ if( pk->dont_cache )
+ return;
+
+ if( is_ELGAMAL(pk->pubkey_algo)
+ || pk->pubkey_algo == PUBKEY_ALGO_DSA
+ || is_RSA(pk->pubkey_algo) ) {
+ keyid_from_pk( pk, keyid );
+ }
+ else
+ return; /* don't know how to get the keyid */
+
+ for( ce = pk_cache; ce; ce = ce->next )
+ if( ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1] ) {
+ if( DBG_CACHE )
+ log_debug("cache_public_key: already in cache\n");
+ return;
+ }
+
+ if( pk_cache_entries >= MAX_PK_CACHE_ENTRIES ) {
+ /* fixme: use another algorithm to free some cache slots */
+ pk_cache_disabled=1;
+ if( opt.verbose > 1 )
+ log_info(_("too many entries in pk cache - disabled\n"));
+ return;
+ }
+ pk_cache_entries++;
+ ce = xmalloc( sizeof *ce );
+ ce->next = pk_cache;
+ pk_cache = ce;
+ ce->pk = copy_public_key( NULL, pk );
+ ce->keyid[0] = keyid[0];
+ ce->keyid[1] = keyid[1];
+#endif
+}
+
+
+/* Return a const utf-8 string with the text "[User ID not found]".
+ This fucntion is required so that we don't need to switch gettext's
+ encoding temporary. */
+static const char *
+user_id_not_found_utf8 (void)
+{
+ static char *text;
+
+ if (!text)
+ text = native_to_utf8 (_("[User ID not found]"));
+ return text;
+}
+
+
+
+/*
+ * Return the user ID from the given keyblock.
+ * We use the primary uid flag which has been set by the merge_selfsigs
+ * function. The returned value is only valid as long as then given
+ * keyblock is not changed
+ */
+static const char *
+get_primary_uid ( KBNODE keyblock, size_t *uidlen )
+{
+ KBNODE k;
+ const char *s;
+
+ for (k=keyblock; k; k=k->next ) {
+ if ( k->pkt->pkttype == PKT_USER_ID
+ && !k->pkt->pkt.user_id->attrib_data
+ && k->pkt->pkt.user_id->is_primary ) {
+ *uidlen = k->pkt->pkt.user_id->len;
+ return k->pkt->pkt.user_id->name;
+ }
+ }
+ s = user_id_not_found_utf8 ();
+ *uidlen = strlen (s);
+ return s;
+}
+
+
+static void
+release_keyid_list ( keyid_list_t k )
+{
+ while ( k ) {
+ keyid_list_t k2 = k->next;
+ xfree (k);
+ k = k2;
+ }
+}
+
+/****************
+ * Store the association of keyid and userid
+ * Feed only public keys to this function.
+ */
+static void
+cache_user_id( KBNODE keyblock )
+{
+ user_id_db_t r;
+ const char *uid;
+ size_t uidlen;
+ keyid_list_t keyids = NULL;
+ KBNODE k;
+
+ for (k=keyblock; k; k = k->next ) {
+ if ( k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ keyid_list_t a = xmalloc_clear ( sizeof *a );
+ /* Hmmm: For a long list of keyids it might be an advantage
+ * to append the keys */
+ keyid_from_pk( k->pkt->pkt.public_key, a->keyid );
+ /* first check for duplicates */
+ for(r=user_id_db; r; r = r->next ) {
+ keyid_list_t b = r->keyids;
+ for ( b = r->keyids; b; b = b->next ) {
+ if( b->keyid[0] == a->keyid[0]
+ && b->keyid[1] == a->keyid[1] ) {
+ if( DBG_CACHE )
+ log_debug("cache_user_id: already in cache\n");
+ release_keyid_list ( keyids );
+ xfree ( a );
+ return;
+ }
+ }
+ }
+ /* now put it into the cache */
+ a->next = keyids;
+ keyids = a;
+ }
+ }
+ if ( !keyids )
+ BUG (); /* No key no fun */
+
+
+ uid = get_primary_uid ( keyblock, &uidlen );
+
+ if( uid_cache_entries >= MAX_UID_CACHE_ENTRIES ) {
+ /* fixme: use another algorithm to free some cache slots */
+ r = user_id_db;
+ user_id_db = r->next;
+ release_keyid_list ( r->keyids );
+ xfree(r);
+ uid_cache_entries--;
+ }
+ r = xmalloc( sizeof *r + uidlen-1 );
+ r->keyids = keyids;
+ r->len = uidlen;
+ memcpy(r->name, uid, r->len);
+ r->next = user_id_db;
+ user_id_db = r;
+ uid_cache_entries++;
+}
+
+
+void
+getkey_disable_caches()
+{
+#if MAX_PK_CACHE_ENTRIES
+ {
+ pk_cache_entry_t ce, ce2;
+
+ for( ce = pk_cache; ce; ce = ce2 ) {
+ ce2 = ce->next;
+ free_public_key( ce->pk );
+ xfree( ce );
+ }
+ pk_cache_disabled=1;
+ pk_cache_entries = 0;
+ pk_cache = NULL;
+ }
+#endif
+ /* fixme: disable user id cache ? */
+}
+
+
+static void
+pk_from_block ( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE keyblock )
+{
+ KBNODE a = ctx->found_key ? ctx->found_key : keyblock;
+
+ assert ( a->pkt->pkttype == PKT_PUBLIC_KEY
+ || a->pkt->pkttype == PKT_PUBLIC_SUBKEY );
+
+ copy_public_key ( pk, a->pkt->pkt.public_key );
+}
+
+static void
+sk_from_block ( GETKEY_CTX ctx,
+ PKT_secret_key *sk, KBNODE keyblock )
+{
+ KBNODE a = ctx->found_key ? ctx->found_key : keyblock;
+
+ assert ( a->pkt->pkttype == PKT_SECRET_KEY
+ || a->pkt->pkttype == PKT_SECRET_SUBKEY );
+
+ copy_secret_key( sk, a->pkt->pkt.secret_key);
+}
+
+
+/****************
+ * Get a public key and store it into the allocated pk
+ * can be called with PK set to NULL to just read it into some
+ * internal structures.
+ */
+int
+get_pubkey( PKT_public_key *pk, u32 *keyid )
+{
+ int internal = 0;
+ int rc = 0;
+
+#if MAX_PK_CACHE_ENTRIES
+ if(pk)
+ {
+ /* Try to get it from the cache. We don't do this when pk is
+ NULL as it does not guarantee that the user IDs are
+ cached. */
+ pk_cache_entry_t ce;
+ for( ce = pk_cache; ce; ce = ce->next )
+ {
+ if( ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1] )
+ {
+ copy_public_key( pk, ce->pk );
+ return 0;
+ }
+ }
+ }
+#endif
+ /* more init stuff */
+ if( !pk ) {
+ pk = xmalloc_clear( sizeof *pk );
+ internal++;
+ }
+
+
+ /* do a lookup */
+ { struct getkey_ctx_s ctx;
+ KBNODE kb = NULL;
+ memset( &ctx, 0, sizeof ctx );
+ ctx.exact = 1; /* use the key ID exactly as given */
+ ctx.not_allocated = 1;
+ ctx.kr_handle = keydb_new (0);
+ ctx.nitems = 1;
+ ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
+ ctx.items[0].u.kid[0] = keyid[0];
+ ctx.items[0].u.kid[1] = keyid[1];
+ ctx.req_algo = pk->req_algo;
+ ctx.req_usage = pk->req_usage;
+ rc = lookup( &ctx, &kb, 0 );
+ if ( !rc ) {
+ pk_from_block ( &ctx, pk, kb );
+ }
+ get_pubkey_end( &ctx );
+ release_kbnode ( kb );
+ }
+ if( !rc )
+ goto leave;
+
+ rc = G10ERR_NO_PUBKEY;
+
+ leave:
+ if( !rc )
+ cache_public_key( pk );
+ if( internal )
+ free_public_key(pk);
+ return rc;
+}
+
+
+/* Get a public key and store it into the allocated pk. This function
+ differs from get_pubkey() in that it does not do a check of the key
+ to avoid recursion. It should be used only in very certain cases.
+ It will only retrieve primary keys. */
+int
+get_pubkey_fast (PKT_public_key *pk, u32 *keyid)
+{
+ int rc = 0;
+ KEYDB_HANDLE hd;
+ KBNODE keyblock;
+ u32 pkid[2];
+
+ assert (pk);
+#if MAX_PK_CACHE_ENTRIES
+ { /* Try to get it from the cache */
+ pk_cache_entry_t ce;
+
+ for (ce = pk_cache; ce; ce = ce->next)
+ {
+ if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1])
+ {
+ if (pk)
+ copy_public_key (pk, ce->pk);
+ return 0;
+ }
+ }
+ }
+#endif
+
+ hd = keydb_new (0);
+ rc = keydb_search_kid (hd, keyid);
+ if (rc == -1)
+ {
+ keydb_release (hd);
+ return G10ERR_NO_PUBKEY;
+ }
+ rc = keydb_get_keyblock (hd, &keyblock);
+ keydb_release (hd);
+ if (rc)
+ {
+ log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
+ return G10ERR_NO_PUBKEY;
+ }
+
+ assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY
+ || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY );
+
+ keyid_from_pk(keyblock->pkt->pkt.public_key,pkid);
+ if(keyid[0]==pkid[0] && keyid[1]==pkid[1])
+ copy_public_key (pk, keyblock->pkt->pkt.public_key );
+ else
+ rc=G10ERR_NO_PUBKEY;
+
+ release_kbnode (keyblock);
+
+ /* Not caching key here since it won't have all of the fields
+ properly set. */
+
+ return rc;
+}
+
+
+KBNODE
+get_pubkeyblock( u32 *keyid )
+{
+ struct getkey_ctx_s ctx;
+ int rc = 0;
+ KBNODE keyblock = NULL;
+
+ memset( &ctx, 0, sizeof ctx );
+ /* no need to set exact here because we want the entire block */
+ ctx.not_allocated = 1;
+ ctx.kr_handle = keydb_new (0);
+ ctx.nitems = 1;
+ ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
+ ctx.items[0].u.kid[0] = keyid[0];
+ ctx.items[0].u.kid[1] = keyid[1];
+ rc = lookup( &ctx, &keyblock, 0 );
+ get_pubkey_end( &ctx );
+
+ return rc ? NULL : keyblock;
+}
+
+
+
+
+/****************
+ * Get a secret key and store it into sk
+ */
+int
+get_seckey( PKT_secret_key *sk, u32 *keyid )
+{
+ int rc;
+ struct getkey_ctx_s ctx;
+ KBNODE kb = NULL;
+
+ memset( &ctx, 0, sizeof ctx );
+ ctx.exact = 1; /* use the key ID exactly as given */
+ ctx.not_allocated = 1;
+ ctx.kr_handle = keydb_new (1);
+ ctx.nitems = 1;
+ ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
+ ctx.items[0].u.kid[0] = keyid[0];
+ ctx.items[0].u.kid[1] = keyid[1];
+ ctx.req_algo = sk->req_algo;
+ ctx.req_usage = sk->req_usage;
+ rc = lookup( &ctx, &kb, 1 );
+ if ( !rc ) {
+ sk_from_block ( &ctx, sk, kb );
+ }
+ get_seckey_end( &ctx );
+ release_kbnode ( kb );
+
+ if( !rc ) {
+ /* check the secret key (this may prompt for a passprase to
+ * unlock the secret key
+ */
+ rc = check_secret_key( sk, 0 );
+ }
+
+ return rc;
+}
+
+
+/****************
+ * Check whether the secret key is available. This is just a fast
+ * check and does not tell us whether the secret key is valid. It
+ * merely tells other whether there is some secret key.
+ * Returns: 0 := key is available
+ * G10ERR_NO_SECKEY := not availabe
+ */
+int
+seckey_available( u32 *keyid )
+{
+ int rc;
+ KEYDB_HANDLE hd = keydb_new (1);
+
+ rc = keydb_search_kid (hd, keyid);
+ if ( rc == -1 )
+ rc = G10ERR_NO_SECKEY;
+ keydb_release (hd);
+ return rc;
+}
+
+
+/****************
+ * Return the type of the user id:
+ *
+ * Please use the constants KEYDB_SERCH_MODE_xxx
+ * 0 = Invalid user ID
+ * 1 = exact match
+ * 2 = match a substring
+ * 3 = match an email address
+ * 4 = match a substring of an email address
+ * 5 = match an email address, but compare from end
+ * 6 = word match mode
+ * 10 = it is a short KEYID (don't care about keyid[0])
+ * 11 = it is a long KEYID
+ * 12 = it is a trustdb index (keyid is looked up)
+ * 16 = it is a 16 byte fingerprint
+ * 20 = it is a 20 byte fingerprint
+ * 21 = Unified fingerprint :fpr:pk_algo:
+ * (We don't use pk_algo yet)
+ *
+ * Rules used:
+ * - If the username starts with 8,9,16 or 17 hex-digits (the first one
+ * must be in the range 0..9), this is considered a keyid; depending
+ * on the length a short or complete one.
+ * - If the username starts with 32,33,40 or 41 hex-digits (the first one
+ * must be in the range 0..9), this is considered a fingerprint.
+ * - If the username starts with a left angle, we assume it is a complete
+ * email address and look only at this part.
+ * - If the username starts with a colon we assume it is a unified
+ * key specfification.
+ * - If the username starts with a '.', we assume it is the ending
+ * part of an email address
+ * - If the username starts with an '@', we assume it is a part of an
+ * email address
+ * - If the userid start with an '=' an exact compare is done.
+ * - If the userid starts with a '*' a case insensitive substring search is
+ * done (This is the default).
+ * - If the userid starts with a '+' we will compare individual words
+ * and a match requires that all the words are in the userid.
+ * Words are delimited by white space or "()<>[]{}.@-+_,;/&!"
+ * (note that you can't search for these characters). Compare
+ * is not case sensitive.
+ * - If the userid starts with a '&' a 40 hex digits keygrip is expected.
+ */
+
+int
+classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc )
+{
+ const char *s;
+ int hexprefix = 0;
+ int hexlength;
+ int mode = 0;
+ KEYDB_SEARCH_DESC dummy_desc;
+
+ if (!desc)
+ desc = &dummy_desc;
+
+ /* clear the structure so that the mode field is set to zero unless
+ * we set it to the correct value right at the end of this function */
+ memset (desc, 0, sizeof *desc);
+
+ /* skip leading spaces. Fixme: what is with trailing spaces? */
+ for(s = name; *s && spacep (s); s++ )
+ ;
+
+ switch (*s) {
+ case 0: /* empty string is an error */
+ return 0;
+
+#if 0
+ case '.': /* an email address, compare from end */
+ mode = KEYDB_SEARCH_MODE_MAILEND;
+ s++;
+ desc->u.name = s;
+ break;
+#endif
+
+ case '<': /* an email address */
+ mode = KEYDB_SEARCH_MODE_MAIL;
+ desc->u.name = s;
+ break;
+
+ case '@': /* part of an email address */
+ mode = KEYDB_SEARCH_MODE_MAILSUB;
+ s++;
+ desc->u.name = s;
+ break;
+
+ case '=': /* exact compare */
+ mode = KEYDB_SEARCH_MODE_EXACT;
+ s++;
+ desc->u.name = s;
+ break;
+
+ case '*': /* case insensitive substring search */
+ mode = KEYDB_SEARCH_MODE_SUBSTR;
+ s++;
+ desc->u.name = s;
+ break;
+
+#if 0
+ case '+': /* compare individual words */
+ mode = KEYDB_SEARCH_MODE_WORDS;
+ s++;
+ desc->u.name = s;
+ break;
+#endif
+
+ case '#': /* local user id */
+ return 0; /* This is now obsolete and can't not be used anymore*/
+
+ case ':': /*Unified fingerprint */
+ {
+ const char *se, *si;
+ int i;
+
+ se = strchr( ++s,':');
+ if ( !se )
+ return 0;
+ for (i=0,si=s; si < se; si++, i++ ) {
+ if ( !strchr("01234567890abcdefABCDEF", *si ) )
+ return 0; /* invalid digit */
+ }
+ if (i != 32 && i != 40)
+ return 0; /* invalid length of fpr*/
+ for (i=0,si=s; si < se; i++, si +=2)
+ desc->u.fpr[i] = hextobyte(si);
+ for ( ; i < 20; i++)
+ desc->u.fpr[i]= 0;
+ s = se + 1;
+ mode = KEYDB_SEARCH_MODE_FPR;
+ }
+ break;
+
+ case '&': /* keygrip */
+ return 0; /* Not yet implememted. */
+
+ default:
+ if (s[0] == '0' && s[1] == 'x') {
+ hexprefix = 1;
+ s += 2;
+ }
+
+ hexlength = strspn(s, "0123456789abcdefABCDEF");
+ if (hexlength >= 8 && s[hexlength] =='!') {
+ desc->exact = 1;
+ hexlength++; /* just for the following check */
+ }
+
+ /* check if a hexadecimal number is terminated by EOS or blank */
+ if (hexlength && s[hexlength] && !spacep(s+hexlength)) {
+ if (hexprefix) /* a "0x" prefix without correct */
+ return 0; /* termination is an error */
+ else /* The first chars looked like */
+ hexlength = 0; /* a hex number, but really were not. */
+ }
+
+ if (desc->exact)
+ hexlength--;
+
+ if (hexlength == 8
+ || (!hexprefix && hexlength == 9 && *s == '0')){
+ /* short keyid */
+ if (hexlength == 9)
+ s++;
+ desc->u.kid[0] = 0;
+ desc->u.kid[1] = strtoul( s, NULL, 16 );
+ mode = KEYDB_SEARCH_MODE_SHORT_KID;
+ }
+ else if (hexlength == 16
+ || (!hexprefix && hexlength == 17 && *s == '0')) {
+ /* complete keyid */
+ char buf[9];
+ if (hexlength == 17)
+ s++;
+ mem2str(buf, s, 9 );
+ desc->u.kid[0] = strtoul( buf, NULL, 16 );
+ desc->u.kid[1] = strtoul( s+8, NULL, 16 );
+ mode = KEYDB_SEARCH_MODE_LONG_KID;
+ }
+ else if (hexlength == 32 || (!hexprefix && hexlength == 33
+ && *s == '0')) {
+ /* md5 fingerprint */
+ int i;
+ if (hexlength == 33)
+ s++;
+ memset(desc->u.fpr+16, 0, 4);
+ for (i=0; i < 16; i++, s+=2) {
+ int c = hextobyte(s);
+ if (c == -1)
+ return 0;
+ desc->u.fpr[i] = c;
+ }
+ mode = KEYDB_SEARCH_MODE_FPR16;
+ }
+ else if (hexlength == 40 || (!hexprefix && hexlength == 41
+ && *s == '0')) {
+ /* sha1/rmd160 fingerprint */
+ int i;
+ if (hexlength == 41)
+ s++;
+ for (i=0; i < 20; i++, s+=2) {
+ int c = hextobyte(s);
+ if (c == -1)
+ return 0;
+ desc->u.fpr[i] = c;
+ }
+ mode = KEYDB_SEARCH_MODE_FPR20;
+ }
+ else {
+ if (hexprefix) /* This was a hex number with a prefix */
+ return 0; /* and a wrong length */
+
+ desc->exact = 0;
+ desc->u.name = s;
+ mode = KEYDB_SEARCH_MODE_SUBSTR; /* default mode */
+ }
+ }
+
+ desc->mode = mode;
+ return mode;
+}
+
+
+static int
+skip_unusable (void *dummy, u32 *keyid, PKT_user_id *uid)
+{
+ int unusable=0;
+ KBNODE keyblock;
+
+ (void)dummy;
+
+ keyblock=get_pubkeyblock(keyid);
+ if(!keyblock)
+ {
+ log_error("error checking usability status of %s\n",keystr(keyid));
+ goto leave;
+ }
+
+ /* Is the user ID in question revoked/expired? */
+ if(uid)
+ {
+ KBNODE node;
+
+ for(node=keyblock;node;node=node->next)
+ {
+ if(node->pkt->pkttype==PKT_USER_ID)
+ {
+ if(cmp_user_ids(uid,node->pkt->pkt.user_id)==0
+ && (node->pkt->pkt.user_id->is_revoked
+ || node->pkt->pkt.user_id->is_expired))
+ {
+ unusable=1;
+ break;
+ }
+ }
+ }
+ }
+
+ if(!unusable)
+ unusable=pk_is_disabled(keyblock->pkt->pkt.public_key);
+
+ leave:
+ release_kbnode(keyblock);
+ return unusable;
+}
+
+/****************
+ * Try to get the pubkey by the userid. This function looks for the
+ * first pubkey certificate which has the given name in a user_id. if
+ * pk/sk has the pubkey algo set, the function will only return a
+ * pubkey with that algo. If namelist is NULL, the first key is
+ * returned. The caller should provide storage for either the pk or
+ * the sk. If ret_kb is not NULL the function will return the
+ * keyblock there.
+ */
+
+static int
+key_byname( GETKEY_CTX *retctx, strlist_t namelist,
+ PKT_public_key *pk, PKT_secret_key *sk,
+ int secmode, int include_unusable,
+ KBNODE *ret_kb, KEYDB_HANDLE *ret_kdbhd )
+{
+ int rc = 0;
+ int n;
+ strlist_t r;
+ GETKEY_CTX ctx;
+ KBNODE help_kb = NULL;
+
+ if( retctx ) {/* reset the returned context in case of error */
+ assert (!ret_kdbhd); /* not allowed because the handle is
+ stored in the context */
+ *retctx = NULL;
+ }
+ if (ret_kdbhd)
+ *ret_kdbhd = NULL;
+
+ if(!namelist)
+ {
+ ctx = xmalloc_clear (sizeof *ctx);
+ ctx->nitems = 1;
+ ctx->items[0].mode=KEYDB_SEARCH_MODE_FIRST;
+ if(!include_unusable)
+ ctx->items[0].skipfnc=skip_unusable;
+ }
+ else
+ {
+ /* build the search context */
+ for(n=0, r=namelist; r; r = r->next )
+ n++;
+
+ ctx = xmalloc_clear (sizeof *ctx + (n-1)*sizeof ctx->items );
+ ctx->nitems = n;
+
+ for(n=0, r=namelist; r; r = r->next, n++ )
+ {
+ classify_user_id (r->d, &ctx->items[n]);
+
+ if (ctx->items[n].exact)
+ ctx->exact = 1;
+ if (!ctx->items[n].mode)
+ {
+ xfree (ctx);
+ return G10ERR_INV_USER_ID;
+ }
+ if(!include_unusable
+ && ctx->items[n].mode!=KEYDB_SEARCH_MODE_SHORT_KID
+ && ctx->items[n].mode!=KEYDB_SEARCH_MODE_LONG_KID
+ && ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR16
+ && ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR20
+ && ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR)
+ ctx->items[n].skipfnc=skip_unusable;
+ }
+ }
+
+ ctx->kr_handle = keydb_new (secmode);
+ if ( !ret_kb )
+ ret_kb = &help_kb;
+
+ if( secmode ) {
+ if (sk) {
+ ctx->req_algo = sk->req_algo;
+ ctx->req_usage = sk->req_usage;
+ }
+ rc = lookup( ctx, ret_kb, 1 );
+ if ( !rc && sk ) {
+ sk_from_block ( ctx, sk, *ret_kb );
+ }
+ }
+ else {
+ if (pk) {
+ ctx->req_algo = pk->req_algo;
+ ctx->req_usage = pk->req_usage;
+ }
+ rc = lookup( ctx, ret_kb, 0 );
+ if ( !rc && pk ) {
+ pk_from_block ( ctx, pk, *ret_kb );
+ }
+ }
+
+ release_kbnode ( help_kb );
+
+ if (retctx) /* caller wants the context */
+ *retctx = ctx;
+ else {
+ if (ret_kdbhd) {
+ *ret_kdbhd = ctx->kr_handle;
+ ctx->kr_handle = NULL;
+ }
+ get_pubkey_end (ctx);
+ }
+
+ return rc;
+}
+
+
+
+/* Find a public key from NAME and return the keyblock or the key. If
+ ret_kdb is not NULL, the KEYDB handle used to locate this keyblock
+ is returned and the caller is responsible for closing it. If a key
+ was not found (or if local search has been disabled) and NAME is a
+ valid RFC822 mailbox and --auto-key-locate has been enabled, we try
+ to import the key via the online mechanisms defined by
+ --auto-key-locate. */
+int
+get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk,
+ const char *name, KBNODE *ret_keyblock,
+ KEYDB_HANDLE *ret_kdbhd, int include_unusable,
+ int no_akl)
+{
+ int rc;
+ strlist_t namelist = NULL;
+ struct akl *akl;
+ int is_mbox;
+ int nodefault = 0;
+ int anylocalfirst = 0;
+
+ if (retctx)
+ *retctx = NULL;
+
+ is_mbox = is_valid_mailbox (name);
+
+ /* Check whether we the default local search has been disabled.
+ This is the case if either the "nodefault" or the "local" keyword
+ are in the list of auto key locate mechanisms.
+
+ ANYLOCALFIRST is set if the search order has the local method
+ before any other or if "local" is used first by default. This
+ makes sure that if a RETCTX is used it gets only set if a local
+ search has precedence over the other search methods and only then
+ a followup call to get_pubkey_next shall succeed. */
+ if (!no_akl)
+ {
+ for (akl=opt.auto_key_locate; akl; akl=akl->next)
+ if (akl->type == AKL_NODEFAULT || akl->type == AKL_LOCAL)
+ {
+ nodefault = 1;
+ break;
+ }
+ for (akl=opt.auto_key_locate; akl; akl=akl->next)
+ if (akl->type != AKL_NODEFAULT)
+ {
+ if (akl->type == AKL_LOCAL)
+ anylocalfirst = 1;
+ break;
+ }
+ }
+
+ if (!nodefault)
+ anylocalfirst = 1;
+
+ if (nodefault && is_mbox)
+ {
+ /* Nodefault but a mailbox - let the AKL locate the key. */
+ rc = G10ERR_NO_PUBKEY;
+ }
+ else
+ {
+ add_to_strlist (&namelist, name);
+ rc = key_byname (retctx, namelist, pk, NULL, 0,
+ include_unusable, ret_keyblock, ret_kdbhd);
+ }
+
+ /* If the requested name resembles a valid mailbox and automatic
+ retrieval has been enabled, we try to import the key. */
+ if (gpg_err_code (rc) == G10ERR_NO_PUBKEY && !no_akl && is_mbox)
+ {
+ for (akl=opt.auto_key_locate; akl; akl=akl->next)
+ {
+ unsigned char *fpr = NULL;
+ size_t fpr_len;
+ int did_key_byname = 0;
+ int no_fingerprint = 0;
+ const char *mechanism = "?";
+
+ switch(akl->type)
+ {
+ case AKL_NODEFAULT:
+ /* This is a dummy mechanism. */
+ mechanism = "None";
+ rc = G10ERR_NO_PUBKEY;
+ break;
+
+ case AKL_LOCAL:
+ mechanism = "Local";
+ did_key_byname = 1;
+ if (retctx)
+ {
+ get_pubkey_end (*retctx);
+ *retctx = NULL;
+ }
+ add_to_strlist (&namelist, name);
+ rc = key_byname (anylocalfirst? retctx:NULL,
+ namelist, pk, NULL, 0,
+ include_unusable, ret_keyblock, ret_kdbhd);
+ break;
+
+ case AKL_CERT:
+ mechanism = "DNS CERT";
+ glo_ctrl.in_auto_key_retrieve++;
+ rc=keyserver_import_cert(name,&fpr,&fpr_len);
+ glo_ctrl.in_auto_key_retrieve--;
+ break;
+
+ case AKL_PKA:
+ mechanism = "PKA";
+ glo_ctrl.in_auto_key_retrieve++;
+ rc=keyserver_import_pka(name,&fpr,&fpr_len);
+ glo_ctrl.in_auto_key_retrieve--;
+ break;
+
+ case AKL_LDAP:
+ mechanism = "LDAP";
+ glo_ctrl.in_auto_key_retrieve++;
+ rc=keyserver_import_ldap(name,&fpr,&fpr_len);
+ glo_ctrl.in_auto_key_retrieve--;
+ break;
+
+ case AKL_KEYSERVER:
+ /* Strictly speaking, we don't need to only use a valid
+ mailbox for the getname search, but it helps cut down
+ on the problem of searching for something like "john"
+ and getting a whole lot of keys back. */
+ if(opt.keyserver)
+ {
+ mechanism = opt.keyserver->uri;
+ glo_ctrl.in_auto_key_retrieve++;
+ rc=keyserver_import_name(name,&fpr,&fpr_len,opt.keyserver);
+ glo_ctrl.in_auto_key_retrieve--;
+ }
+ else
+ {
+ mechanism = "Unconfigured keyserver";
+ rc = G10ERR_NO_PUBKEY;
+ }
+ break;
+
+ case AKL_SPEC:
+ {
+ struct keyserver_spec *keyserver;
+
+ mechanism = akl->spec->uri;
+ keyserver=keyserver_match(akl->spec);
+ glo_ctrl.in_auto_key_retrieve++;
+ rc=keyserver_import_name(name,&fpr,&fpr_len,keyserver);
+ glo_ctrl.in_auto_key_retrieve--;
+ }
+ break;
+ }
+
+ /* Use the fingerprint of the key that we actually fetched.
+ This helps prevent problems where the key that we fetched
+ doesn't have the same name that we used to fetch it. In
+ the case of CERT and PKA, this is an actual security
+ requirement as the URL might point to a key put in by an
+ attacker. By forcing the use of the fingerprint, we
+ won't use the attacker's key here. */
+ if (!rc && fpr)
+ {
+ char fpr_string[MAX_FINGERPRINT_LEN*2+1];
+
+ assert(fpr_len<=MAX_FINGERPRINT_LEN);
+
+ free_strlist(namelist);
+ namelist=NULL;
+
+ bin2hex (fpr, fpr_len, fpr_string);
+
+ if(opt.verbose)
+ log_info("auto-key-locate found fingerprint %s\n",fpr_string);
+
+ add_to_strlist( &namelist, fpr_string );
+ }
+ else if (!rc && !fpr && !did_key_byname)
+ {
+ no_fingerprint = 1;
+ rc = G10ERR_NO_PUBKEY;
+ }
+ xfree (fpr);
+ fpr = NULL;
+
+ if (!rc && !did_key_byname)
+ {
+ if (retctx)
+ {
+ get_pubkey_end (*retctx);
+ *retctx = NULL;
+ }
+ rc = key_byname (anylocalfirst?retctx:NULL,
+ namelist, pk, NULL, 0,
+ include_unusable, ret_keyblock, ret_kdbhd);
+ }
+ if (!rc)
+ {
+ /* Key found. */
+ log_info (_("automatically retrieved `%s' via %s\n"),
+ name, mechanism);
+ break;
+ }
+ if (rc != G10ERR_NO_PUBKEY || opt.verbose || no_fingerprint)
+ log_info (_("error retrieving `%s' via %s: %s\n"),
+ name, mechanism,
+ no_fingerprint? _("No fingerprint"):g10_errstr(rc));
+ }
+ }
+
+
+ if (rc && retctx)
+ {
+ get_pubkey_end (*retctx);
+ *retctx = NULL;
+ }
+
+ if (retctx && *retctx)
+ {
+ assert (!(*retctx)->extra_list);
+ (*retctx)->extra_list = namelist;
+ }
+ else
+ free_strlist (namelist);
+ return rc;
+}
+
+
+int
+get_pubkey_bynames( GETKEY_CTX *retctx, PKT_public_key *pk,
+ strlist_t names, KBNODE *ret_keyblock )
+{
+ return key_byname( retctx, names, pk, NULL, 0, 1, ret_keyblock, NULL);
+}
+
+int
+get_pubkey_next( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock )
+{
+ int rc;
+
+ rc = lookup( ctx, ret_keyblock, 0 );
+ if ( !rc && pk && ret_keyblock )
+ pk_from_block ( ctx, pk, *ret_keyblock );
+
+ return rc;
+}
+
+void
+get_pubkey_end( GETKEY_CTX ctx )
+{
+ if( ctx ) {
+ memset (&ctx->kbpos, 0, sizeof ctx->kbpos);
+ keydb_release (ctx->kr_handle);
+ free_strlist (ctx->extra_list);
+ if( !ctx->not_allocated )
+ xfree( ctx );
+ }
+}
+
+
+/****************
+ * Search for a key with the given fingerprint.
+ * FIXME:
+ * We should replace this with the _byname function. Thiscsan be done
+ * by creating a userID conforming to the unified fingerprint style.
+ */
+int
+get_pubkey_byfprint( PKT_public_key *pk,
+ const byte *fprint, size_t fprint_len)
+{
+ int rc;
+
+ if( fprint_len == 20 || fprint_len == 16 ) {
+ struct getkey_ctx_s ctx;
+ KBNODE kb = NULL;
+
+ memset( &ctx, 0, sizeof ctx );
+ ctx.exact = 1 ;
+ ctx.not_allocated = 1;
+ ctx.kr_handle = keydb_new (0);
+ ctx.nitems = 1;
+ ctx.items[0].mode = fprint_len==16? KEYDB_SEARCH_MODE_FPR16
+ : KEYDB_SEARCH_MODE_FPR20;
+ memcpy( ctx.items[0].u.fpr, fprint, fprint_len );
+ rc = lookup( &ctx, &kb, 0 );
+ if (!rc && pk )
+ pk_from_block ( &ctx, pk, kb );
+ release_kbnode ( kb );
+ get_pubkey_end( &ctx );
+ }
+ else
+ rc = G10ERR_GENERAL; /* Oops */
+ return rc;
+}
+
+
+/* Get a public key and store it into the allocated pk. This function
+ differs from get_pubkey_byfprint() in that it does not do a check
+ of the key to avoid recursion. It should be used only in very
+ certain cases. PK may be NULL to check just for the existance of
+ the key. */
+int
+get_pubkey_byfprint_fast (PKT_public_key *pk,
+ const byte *fprint, size_t fprint_len)
+{
+ int rc = 0;
+ KEYDB_HANDLE hd;
+ KBNODE keyblock;
+ byte fprbuf[MAX_FINGERPRINT_LEN];
+ int i;
+
+ for (i=0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++)
+ fprbuf[i] = fprint[i];
+ while (i < MAX_FINGERPRINT_LEN)
+ fprbuf[i++] = 0;
+
+ hd = keydb_new (0);
+ rc = keydb_search_fpr (hd, fprbuf);
+ if (rc == -1)
+ {
+ keydb_release (hd);
+ return G10ERR_NO_PUBKEY;
+ }
+ rc = keydb_get_keyblock (hd, &keyblock);
+ keydb_release (hd);
+ if (rc)
+ {
+ log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
+ return G10ERR_NO_PUBKEY;
+ }
+
+ assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY
+ || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY );
+ if (pk)
+ copy_public_key (pk, keyblock->pkt->pkt.public_key );
+ release_kbnode (keyblock);
+
+ /* Not caching key here since it won't have all of the fields
+ properly set. */
+
+ return 0;
+}
+
+/****************
+ * Search for a key with the given fingerprint and return the
+ * complete keyblock which may have more than only this key.
+ */
+int
+get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
+ size_t fprint_len )
+{
+ int rc;
+
+ if( fprint_len == 20 || fprint_len == 16 ) {
+ struct getkey_ctx_s ctx;
+
+ memset( &ctx, 0, sizeof ctx );
+ ctx.not_allocated = 1;
+ ctx.kr_handle = keydb_new (0);
+ ctx.nitems = 1;
+ ctx.items[0].mode = fprint_len==16? KEYDB_SEARCH_MODE_FPR16
+ : KEYDB_SEARCH_MODE_FPR20;
+ memcpy( ctx.items[0].u.fpr, fprint, fprint_len );
+ rc = lookup( &ctx, ret_keyblock, 0 );
+ get_pubkey_end( &ctx );
+ }
+ else
+ rc = G10ERR_GENERAL; /* Oops */
+
+ return rc;
+}
+
+
+/****************
+ * Get a secret key by name and store it into sk
+ * If NAME is NULL use the default key
+ */
+static int
+get_seckey_byname2( GETKEY_CTX *retctx,
+ PKT_secret_key *sk, const char *name, int unprotect,
+ KBNODE *retblock )
+{
+ strlist_t namelist = NULL;
+ int rc,include_unusable=1;
+
+ /* If we have no name, try to use the default secret key. If we
+ have no default, we'll use the first usable one. */
+
+ if( !name && opt.def_secret_key && *opt.def_secret_key )
+ add_to_strlist( &namelist, opt.def_secret_key );
+ else if(name)
+ add_to_strlist( &namelist, name );
+ else
+ include_unusable=0;
+
+ rc = key_byname( retctx, namelist, NULL, sk, 1, include_unusable,
+ retblock, NULL );
+
+ free_strlist( namelist );
+
+ if( !rc && unprotect )
+ rc = check_secret_key( sk, 0 );
+
+ return rc;
+}
+
+int
+get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock )
+{
+ return get_seckey_byname2 ( NULL, sk, name, unlock, NULL );
+}
+
+
+int
+get_seckey_bynames( GETKEY_CTX *retctx, PKT_secret_key *sk,
+ strlist_t names, KBNODE *ret_keyblock )
+{
+ return key_byname( retctx, names, NULL, sk, 1, 1, ret_keyblock, NULL );
+}
+
+
+int
+get_seckey_next( GETKEY_CTX ctx, PKT_secret_key *sk, KBNODE *ret_keyblock )
+{
+ int rc;
+
+ rc = lookup( ctx, ret_keyblock, 1 );
+ if ( !rc && sk && ret_keyblock )
+ sk_from_block ( ctx, sk, *ret_keyblock );
+
+ return rc;
+}
+
+
+void
+get_seckey_end( GETKEY_CTX ctx )
+{
+ get_pubkey_end( ctx );
+}
+
+
+/****************
+ * Search for a key with the given fingerprint.
+ * FIXME:
+ * We should replace this with the _byname function. Thiscsan be done
+ * by creating a userID conforming to the unified fingerprint style.
+ */
+int
+get_seckey_byfprint( PKT_secret_key *sk,
+ const byte *fprint, size_t fprint_len)
+{
+ int rc;
+
+ if( fprint_len == 20 || fprint_len == 16 ) {
+ struct getkey_ctx_s ctx;
+ KBNODE kb = NULL;
+
+ memset( &ctx, 0, sizeof ctx );
+ ctx.exact = 1 ;
+ ctx.not_allocated = 1;
+ ctx.kr_handle = keydb_new (1);
+ ctx.nitems = 1;
+ ctx.items[0].mode = fprint_len==16? KEYDB_SEARCH_MODE_FPR16
+ : KEYDB_SEARCH_MODE_FPR20;
+ memcpy( ctx.items[0].u.fpr, fprint, fprint_len );
+ rc = lookup( &ctx, &kb, 1 );
+ if (!rc && sk )
+ sk_from_block ( &ctx, sk, kb );
+ release_kbnode ( kb );
+ get_seckey_end( &ctx );
+ }
+ else
+ rc = G10ERR_GENERAL; /* Oops */
+ return rc;
+}
+
+
+/* Search for a secret key with the given fingerprint and return the
+ complete keyblock which may have more than only this key. */
+int
+get_seckeyblock_byfprint (KBNODE *ret_keyblock, const byte *fprint,
+ size_t fprint_len )
+{
+ int rc;
+ struct getkey_ctx_s ctx;
+
+ if (fprint_len != 20 && fprint_len == 16)
+ return G10ERR_GENERAL; /* Oops */
+
+ memset (&ctx, 0, sizeof ctx);
+ ctx.not_allocated = 1;
+ ctx.kr_handle = keydb_new (1);
+ ctx.nitems = 1;
+ ctx.items[0].mode = (fprint_len==16
+ ? KEYDB_SEARCH_MODE_FPR16
+ : KEYDB_SEARCH_MODE_FPR20);
+ memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
+ rc = lookup (&ctx, ret_keyblock, 1);
+ get_seckey_end (&ctx);
+
+ return rc;
+}
+
+
+
+/************************************************
+ ************* Merging stuff ********************
+ ************************************************/
+
+/****************
+ * merge all selfsignatures with the keys.
+ * FIXME: replace this at least for the public key parts
+ * by merge_selfsigs.
+ * It is still used in keyedit.c and
+ * at 2 or 3 other places - check whether it is really needed.
+ * It might be needed by the key edit and import stuff because
+ * the keylock is changed.
+ */
+void
+merge_keys_and_selfsig( KBNODE keyblock )
+{
+ PKT_public_key *pk = NULL;
+ PKT_secret_key *sk = NULL;
+ PKT_signature *sig;
+ KBNODE k;
+ u32 kid[2] = { 0, 0 };
+ u32 sigdate = 0;
+
+ if (keyblock && keyblock->pkt->pkttype == PKT_PUBLIC_KEY ) {
+ /* divert to our new function */
+ merge_selfsigs (keyblock);
+ return;
+ }
+ /* still need the old one because the new one can't handle secret keys */
+
+ for(k=keyblock; k; k = k->next ) {
+ if( k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ pk = k->pkt->pkt.public_key; sk = NULL;
+ if( pk->version < 4 )
+ pk = NULL; /* not needed for old keys */
+ else if( k->pkt->pkttype == PKT_PUBLIC_KEY )
+ keyid_from_pk( pk, kid );
+ else if( !pk->expiredate ) { /* and subkey */
+ /* insert the expiration date here */
+ /*FIXME!!! pk->expiredate = subkeys_expiretime( k, kid );*/
+ }
+ sigdate = 0;
+ }
+ else if( k->pkt->pkttype == PKT_SECRET_KEY
+ || k->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ pk = NULL; sk = k->pkt->pkt.secret_key;
+ if( sk->version < 4 )
+ sk = NULL;
+ else if( k->pkt->pkttype == PKT_SECRET_KEY )
+ keyid_from_sk( sk, kid );
+ sigdate = 0;
+ }
+ else if( (pk || sk ) && k->pkt->pkttype == PKT_SIGNATURE
+ && (sig=k->pkt->pkt.signature)->sig_class >= 0x10
+ && sig->sig_class <= 0x30 && sig->version > 3
+ && !(sig->sig_class == 0x18 || sig->sig_class == 0x28)
+ && sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1] ) {
+ /* okay this is a self-signature which can be used.
+ * This is not used for subkey binding signature, becuase this
+ * is done above.
+ * FIXME: We should only use this if the signature is valid
+ * but this is time consuming - we must provide another
+ * way to handle this
+ */
+ const byte *p;
+ u32 ed;
+
+ p = parse_sig_subpkt( sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL );
+ if( pk ) {
+ ed = p? pk->timestamp + buffer_to_u32(p):0;
+ if( sig->timestamp > sigdate ) {
+ pk->expiredate = ed;
+ sigdate = sig->timestamp;
+ }
+ }
+ else {
+ ed = p? sk->timestamp + buffer_to_u32(p):0;
+ if( sig->timestamp > sigdate ) {
+ sk->expiredate = ed;
+ sigdate = sig->timestamp;
+ }
+ }
+ }
+
+ if(pk && (pk->expiredate==0 ||
+ (pk->max_expiredate && pk->expiredate>pk->max_expiredate)))
+ pk->expiredate=pk->max_expiredate;
+
+ if(sk && (sk->expiredate==0 ||
+ (sk->max_expiredate && sk->expiredate>sk->max_expiredate)))
+ sk->expiredate=sk->max_expiredate;
+ }
+}
+
+static int
+parse_key_usage(PKT_signature *sig)
+{
+ int key_usage=0;
+ const byte *p;
+ size_t n;
+ byte flags;
+
+ p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_KEY_FLAGS,&n);
+ if(p && n)
+ {
+ /* first octet of the keyflags */
+ flags=*p;
+
+ if(flags & 1)
+ {
+ key_usage |= PUBKEY_USAGE_CERT;
+ flags&=~1;
+ }
+
+ if(flags & 2)
+ {
+ key_usage |= PUBKEY_USAGE_SIG;
+ flags&=~2;
+ }
+
+ /* We do not distinguish between encrypting communications and
+ encrypting storage. */
+ if(flags & (0x04|0x08))
+ {
+ key_usage |= PUBKEY_USAGE_ENC;
+ flags&=~(0x04|0x08);
+ }
+
+ if(flags & 0x20)
+ {
+ key_usage |= PUBKEY_USAGE_AUTH;
+ flags&=~0x20;
+ }
+
+ if(flags)
+ key_usage |= PUBKEY_USAGE_UNKNOWN;
+ }
+
+ /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
+ capability that we do not handle. This serves to distinguish
+ between a zero key usage which we handle as the default
+ capabilities for that algorithm, and a usage that we do not
+ handle. */
+
+ return key_usage;
+}
+
+/*
+ * Apply information from SIGNODE (which is the valid self-signature
+ * associated with that UID) to the UIDNODE:
+ * - wether the UID has been revoked
+ * - assumed creation date of the UID
+ * - temporary store the keyflags here
+ * - temporary store the key expiration time here
+ * - mark whether the primary user ID flag hat been set.
+ * - store the preferences
+ */
+static void
+fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
+{
+ PKT_user_id *uid = uidnode->pkt->pkt.user_id;
+ PKT_signature *sig = signode->pkt->pkt.signature;
+ const byte *p, *sym, *hash, *zip;
+ size_t n, nsym, nhash, nzip;
+
+ sig->flags.chosen_selfsig = 1; /* we chose this one */
+ uid->created = 0; /* not created == invalid */
+ if ( IS_UID_REV ( sig ) )
+ {
+ uid->is_revoked = 1;
+ return; /* has been revoked */
+ }
+ else
+ uid->is_revoked = 0;
+
+ uid->expiredate = sig->expiredate;
+
+ if (sig->flags.expired)
+ {
+ uid->is_expired = 1;
+ return; /* has expired */
+ }
+ else
+ uid->is_expired = 0;
+
+ uid->created = sig->timestamp; /* this one is okay */
+ uid->selfsigversion = sig->version;
+ /* If we got this far, it's not expired :) */
+ uid->is_expired = 0;
+
+ /* store the key flags in the helper variable for later processing */
+ uid->help_key_usage=parse_key_usage(sig);
+
+ /* ditto for the key expiration */
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+ if( p && buffer_to_u32(p) )
+ uid->help_key_expire = keycreated + buffer_to_u32(p);
+ else
+ uid->help_key_expire = 0;
+
+ /* Set the primary user ID flag - we will later wipe out some
+ * of them to only have one in our keyblock */
+ uid->is_primary = 0;
+ p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL );
+ if ( p && *p )
+ uid->is_primary = 2;
+ /* We could also query this from the unhashed area if it is not in
+ * the hased area and then later try to decide which is the better
+ * there should be no security problem with this.
+ * For now we only look at the hashed one.
+ */
+
+ /* Now build the preferences list. These must come from the
+ hashed section so nobody can modify the ciphers a key is
+ willing to accept. */
+ p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_SYM, &n );
+ sym = p; nsym = p?n:0;
+ p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_HASH, &n );
+ hash = p; nhash = p?n:0;
+ p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_COMPR, &n );
+ zip = p; nzip = p?n:0;
+ if (uid->prefs)
+ xfree (uid->prefs);
+ n = nsym + nhash + nzip;
+ if (!n)
+ uid->prefs = NULL;
+ else {
+ uid->prefs = xmalloc (sizeof (*uid->prefs) * (n+1));
+ n = 0;
+ for (; nsym; nsym--, n++) {
+ uid->prefs[n].type = PREFTYPE_SYM;
+ uid->prefs[n].value = *sym++;
+ }
+ for (; nhash; nhash--, n++) {
+ uid->prefs[n].type = PREFTYPE_HASH;
+ uid->prefs[n].value = *hash++;
+ }
+ for (; nzip; nzip--, n++) {
+ uid->prefs[n].type = PREFTYPE_ZIP;
+ uid->prefs[n].value = *zip++;
+ }
+ uid->prefs[n].type = PREFTYPE_NONE; /* end of list marker */
+ uid->prefs[n].value = 0;
+ }
+
+ /* see whether we have the MDC feature */
+ uid->flags.mdc = 0;
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n);
+ if (p && n && (p[0] & 0x01))
+ uid->flags.mdc = 1;
+
+ /* and the keyserver modify flag */
+ uid->flags.ks_modify = 1;
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n);
+ if (p && n && (p[0] & 0x80))
+ uid->flags.ks_modify = 0;
+}
+
+static void
+sig_to_revoke_info(PKT_signature *sig,struct revoke_info *rinfo)
+{
+ rinfo->date = sig->timestamp;
+ rinfo->algo = sig->pubkey_algo;
+ rinfo->keyid[0] = sig->keyid[0];
+ rinfo->keyid[1] = sig->keyid[1];
+}
+
+static void
+merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
+{
+ PKT_public_key *pk = NULL;
+ KBNODE k;
+ u32 kid[2];
+ u32 sigdate, uiddate, uiddate2;
+ KBNODE signode, uidnode, uidnode2;
+ u32 curtime = make_timestamp ();
+ unsigned int key_usage = 0;
+ u32 keytimestamp = 0;
+ u32 key_expire = 0;
+ int key_expire_seen = 0;
+ byte sigversion = 0;
+
+ *r_revoked = 0;
+ memset(rinfo,0,sizeof(*rinfo));
+
+ if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY )
+ BUG ();
+ pk = keyblock->pkt->pkt.public_key;
+ keytimestamp = pk->timestamp;
+
+ keyid_from_pk( pk, kid );
+ pk->main_keyid[0] = kid[0];
+ pk->main_keyid[1] = kid[1];
+
+ if ( pk->version < 4 ) {
+ /* before v4 the key packet itself contains the expiration
+ * date and there was no way to change it, so we start with
+ * the one from the key packet */
+ key_expire = pk->max_expiredate;
+ key_expire_seen = 1;
+ }
+
+ /* first pass: find the latest direct key self-signature.
+ * We assume that the newest one overrides all others
+ */
+
+ /* In case this key was already merged */
+ xfree(pk->revkey);
+ pk->revkey=NULL;
+ pk->numrevkeys=0;
+
+ signode = NULL;
+ sigdate = 0; /* helper to find the latest signature */
+ for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next ) {
+ if ( k->pkt->pkttype == PKT_SIGNATURE ) {
+ PKT_signature *sig = k->pkt->pkt.signature;
+ if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) {
+ if ( check_key_signature( keyblock, k, NULL ) )
+ ; /* signature did not verify */
+ else if ( IS_KEY_REV (sig) ){
+ /* key has been revoked - there is no way to override
+ * such a revocation, so we theoretically can stop now.
+ * We should not cope with expiration times for revocations
+ * here because we have to assume that an attacker can
+ * generate all kinds of signatures. However due to the
+ * fact that the key has been revoked it does not harm
+ * either and by continuing we gather some more info on
+ * that key.
+ */
+ *r_revoked = 1;
+ sig_to_revoke_info(sig,rinfo);
+ }
+ else if ( IS_KEY_SIG (sig) ) {
+ /* Add any revocation keys onto the pk. This is
+ particularly interesting since we normally only
+ get data from the most recent 1F signature, but
+ you need multiple 1F sigs to properly handle
+ revocation keys (PGP does it this way, and a
+ revocation key could be sensitive and hence in a
+ different signature). */
+ if(sig->revkey) {
+ int i;
+
+ pk->revkey=
+ xrealloc(pk->revkey,sizeof(struct revocation_key)*
+ (pk->numrevkeys+sig->numrevkeys));
+
+ for(i=0;i<sig->numrevkeys;i++)
+ memcpy(&pk->revkey[pk->numrevkeys++],
+ sig->revkey[i],
+ sizeof(struct revocation_key));
+ }
+
+ if( sig->timestamp >= sigdate ) {
+ if(sig->flags.expired)
+ ; /* signature has expired - ignore it */
+ else {
+ sigdate = sig->timestamp;
+ signode = k;
+ if( sig->version > sigversion )
+ sigversion = sig->version;
+
+ }
+ }
+ }
+ }
+ }
+ }
+
+ /* Remove dupes from the revocation keys */
+
+ if(pk->revkey)
+ {
+ int i,j,x,changed=0;
+
+ for(i=0;i<pk->numrevkeys;i++)
+ {
+ for(j=i+1;j<pk->numrevkeys;j++)
+ {
+ if(memcmp(&pk->revkey[i],&pk->revkey[j],
+ sizeof(struct revocation_key))==0)
+ {
+ /* remove j */
+
+ for(x=j;x<pk->numrevkeys-1;x++)
+ pk->revkey[x]=pk->revkey[x+1];
+
+ pk->numrevkeys--;
+ j--;
+ changed=1;
+ }
+ }
+ }
+
+ if(changed)
+ pk->revkey=xrealloc(pk->revkey,
+ pk->numrevkeys*sizeof(struct revocation_key));
+ }
+
+ if ( signode )
+ {
+ /* some information from a direct key signature take precedence
+ * over the same information given in UID sigs.
+ */
+ PKT_signature *sig = signode->pkt->pkt.signature;
+ const byte *p;
+
+ key_usage=parse_key_usage(sig);
+
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+ if( p && buffer_to_u32(p) )
+ {
+ key_expire = keytimestamp + buffer_to_u32(p);
+ key_expire_seen = 1;
+ }
+
+ /* mark that key as valid: one direct key signature should
+ * render a key as valid */
+ pk->is_valid = 1;
+ }
+
+ /* pass 1.5: look for key revocation signatures that were not made
+ by the key (i.e. did a revocation key issue a revocation for
+ us?). Only bother to do this if there is a revocation key in
+ the first place and we're not revoked already. */
+
+ if(!*r_revoked && pk->revkey)
+ for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next )
+ {
+ if ( k->pkt->pkttype == PKT_SIGNATURE )
+ {
+ PKT_signature *sig = k->pkt->pkt.signature;
+
+ if(IS_KEY_REV(sig) &&
+ (sig->keyid[0]!=kid[0] || sig->keyid[1]!=kid[1]))
+ {
+ int rc=check_revocation_keys(pk,sig);
+ if(rc==0)
+ {
+ *r_revoked=2;
+ sig_to_revoke_info(sig,rinfo);
+ /* don't continue checking since we can't be any
+ more revoked than this */
+ break;
+ }
+ else if(rc==G10ERR_NO_PUBKEY)
+ pk->maybe_revoked=1;
+
+ /* A failure here means the sig did not verify, was
+ not issued by a revocation key, or a revocation
+ key loop was broken. If a revocation key isn't
+ findable, however, the key might be revoked and
+ we don't know it. */
+
+ /* TODO: In the future handle subkey and cert
+ revocations? PGP doesn't, but it's in 2440. */
+ }
+ }
+ }
+
+ /* second pass: look at the self-signature of all user IDs */
+ signode = uidnode = NULL;
+ sigdate = 0; /* helper to find the latest signature in one user ID */
+ for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next ) {
+ if ( k->pkt->pkttype == PKT_USER_ID ) {
+ if ( uidnode && signode )
+ {
+ fixup_uidnode ( uidnode, signode, keytimestamp );
+ pk->is_valid=1;
+ }
+ uidnode = k;
+ signode = NULL;
+ sigdate = 0;
+ }
+ else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode ) {
+ PKT_signature *sig = k->pkt->pkt.signature;
+ if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) {
+ if ( check_key_signature( keyblock, k, NULL ) )
+ ; /* signature did not verify */
+ else if ( (IS_UID_SIG (sig) || IS_UID_REV (sig))
+ && sig->timestamp >= sigdate )
+ {
+ /* Note: we allow to invalidate cert revocations
+ * by a newer signature. An attacker can't use this
+ * because a key should be revoced with a key revocation.
+ * The reason why we have to allow for that is that at
+ * one time an email address may become invalid but later
+ * the same email address may become valid again (hired,
+ * fired, hired again).
+ */
+
+ sigdate = sig->timestamp;
+ signode = k;
+ signode->pkt->pkt.signature->flags.chosen_selfsig=0;
+ if( sig->version > sigversion )
+ sigversion = sig->version;
+ }
+ }
+ }
+ }
+ if ( uidnode && signode ) {
+ fixup_uidnode ( uidnode, signode, keytimestamp );
+ pk->is_valid = 1;
+ }
+
+ /* If the key isn't valid yet, and we have
+ --allow-non-selfsigned-uid set, then force it valid. */
+ if(!pk->is_valid && opt.allow_non_selfsigned_uid)
+ {
+ if(opt.verbose)
+ log_info(_("Invalid key %s made valid by"
+ " --allow-non-selfsigned-uid\n"),keystr_from_pk(pk));
+ pk->is_valid = 1;
+ }
+
+ /* The key STILL isn't valid, so try and find an ultimately
+ trusted signature. */
+ if(!pk->is_valid)
+ {
+ uidnode=NULL;
+
+ for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k=k->next)
+ {
+ if ( k->pkt->pkttype == PKT_USER_ID )
+ uidnode = k;
+ else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode )
+ {
+ PKT_signature *sig = k->pkt->pkt.signature;
+
+ if(sig->keyid[0] != kid[0] || sig->keyid[1]!=kid[1])
+ {
+ PKT_public_key *ultimate_pk;
+
+ ultimate_pk=xmalloc_clear(sizeof(*ultimate_pk));
+
+ /* We don't want to use the full get_pubkey to
+ avoid infinite recursion in certain cases.
+ There is no reason to check that an ultimately
+ trusted key is still valid - if it has been
+ revoked or the user should also renmove the
+ ultimate trust flag. */
+ if(get_pubkey_fast(ultimate_pk,sig->keyid)==0
+ && check_key_signature2(keyblock,k,ultimate_pk,
+ NULL,NULL,NULL,NULL)==0
+ && get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
+ {
+ free_public_key(ultimate_pk);
+ pk->is_valid=1;
+ break;
+ }
+
+ free_public_key(ultimate_pk);
+ }
+ }
+ }
+ }
+
+ /* Record the highest selfsig version so we know if this is a v3
+ key through and through, or a v3 key with a v4 selfsig
+ somewhere. This is useful in a few places to know if the key
+ must be treated as PGP2-style or OpenPGP-style. Note that a
+ selfsig revocation with a higher version number will also raise
+ this value. This is okay since such a revocation must be
+ issued by the user (i.e. it cannot be issued by someone else to
+ modify the key behavior.) */
+
+ pk->selfsigversion=sigversion;
+
+ /* Now that we had a look at all user IDs we can now get some information
+ * from those user IDs.
+ */
+
+ if ( !key_usage ) {
+ /* find the latest user ID with key flags set */
+ uiddate = 0; /* helper to find the latest user ID */
+ for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ k = k->next ) {
+ if ( k->pkt->pkttype == PKT_USER_ID ) {
+ PKT_user_id *uid = k->pkt->pkt.user_id;
+ if ( uid->help_key_usage && uid->created > uiddate ) {
+ key_usage = uid->help_key_usage;
+ uiddate = uid->created;
+ }
+ }
+ }
+ }
+ if ( !key_usage ) { /* no key flags at all: get it from the algo */
+ key_usage = openpgp_pk_algo_usage ( pk->pubkey_algo );
+ }
+ else { /* check that the usage matches the usage as given by the algo */
+ int x = openpgp_pk_algo_usage ( pk->pubkey_algo );
+ if ( x ) /* mask it down to the actual allowed usage */
+ key_usage &= x;
+ }
+
+ /* Whatever happens, it's a primary key, so it can certify. */
+ pk->pubkey_usage = key_usage|PUBKEY_USAGE_CERT;
+
+ if ( !key_expire_seen ) {
+ /* find the latest valid user ID with a key expiration set
+ * Note, that this may be a different one from the above because
+ * some user IDs may have no expiration date set */
+ uiddate = 0;
+ for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ k = k->next ) {
+ if ( k->pkt->pkttype == PKT_USER_ID ) {
+ PKT_user_id *uid = k->pkt->pkt.user_id;
+ if ( uid->help_key_expire && uid->created > uiddate ) {
+ key_expire = uid->help_key_expire;
+ uiddate = uid->created;
+ }
+ }
+ }
+ }
+
+ /* Currently only v3 keys have a maximum expiration date, but I'll
+ bet v5 keys get this feature again. */
+ if(key_expire==0 || (pk->max_expiredate && key_expire>pk->max_expiredate))
+ key_expire=pk->max_expiredate;
+
+ pk->has_expired = key_expire >= curtime? 0 : key_expire;
+ pk->expiredate = key_expire;
+
+ /* Fixme: we should see how to get rid of the expiretime fields but
+ * this needs changes at other places too. */
+
+ /* and now find the real primary user ID and delete all others */
+ uiddate = uiddate2 = 0;
+ uidnode = uidnode2 = NULL;
+ for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next ) {
+ if ( k->pkt->pkttype == PKT_USER_ID &&
+ !k->pkt->pkt.user_id->attrib_data) {
+ PKT_user_id *uid = k->pkt->pkt.user_id;
+ if (uid->is_primary)
+ {
+ if(uid->created > uiddate)
+ {
+ uiddate = uid->created;
+ uidnode = k;
+ }
+ else if(uid->created==uiddate && uidnode)
+ {
+ /* The dates are equal, so we need to do a
+ different (and arbitrary) comparison. This
+ should rarely, if ever, happen. It's good to
+ try and guarantee that two different GnuPG
+ users with two different keyrings at least pick
+ the same primary. */
+ if(cmp_user_ids(uid,uidnode->pkt->pkt.user_id)>0)
+ uidnode=k;
+ }
+ }
+ else
+ {
+ if(uid->created > uiddate2)
+ {
+ uiddate2 = uid->created;
+ uidnode2 = k;
+ }
+ else if(uid->created==uiddate2 && uidnode2)
+ {
+ if(cmp_user_ids(uid,uidnode2->pkt->pkt.user_id)>0)
+ uidnode2=k;
+ }
+ }
+ }
+ }
+ if ( uidnode ) {
+ for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ k = k->next ) {
+ if ( k->pkt->pkttype == PKT_USER_ID &&
+ !k->pkt->pkt.user_id->attrib_data) {
+ PKT_user_id *uid = k->pkt->pkt.user_id;
+ if ( k != uidnode )
+ uid->is_primary = 0;
+ }
+ }
+ }
+ else if( uidnode2 ) {
+ /* none is flagged primary - use the latest user ID we have,
+ and disambiguate with the arbitrary packet comparison. */
+ uidnode2->pkt->pkt.user_id->is_primary = 1;
+ }
+ else
+ {
+ /* None of our uids were self-signed, so pick the one that
+ sorts first to be the primary. This is the best we can do
+ here since there are no self sigs to date the uids. */
+
+ uidnode = NULL;
+
+ for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ k = k->next )
+ {
+ if(k->pkt->pkttype==PKT_USER_ID
+ && !k->pkt->pkt.user_id->attrib_data)
+ {
+ if(!uidnode)
+ {
+ uidnode=k;
+ uidnode->pkt->pkt.user_id->is_primary=1;
+ continue;
+ }
+ else
+ {
+ if(cmp_user_ids(k->pkt->pkt.user_id,
+ uidnode->pkt->pkt.user_id)>0)
+ {
+ uidnode->pkt->pkt.user_id->is_primary=0;
+ uidnode=k;
+ uidnode->pkt->pkt.user_id->is_primary=1;
+ }
+ else
+ k->pkt->pkt.user_id->is_primary=0; /* just to be
+ safe */
+ }
+ }
+ }
+ }
+}
+
+/* Convert a buffer to a signature. Useful for 0x19 embedded sigs.
+ Caller must free the signature when they are done. */
+static PKT_signature *
+buf_to_sig(const byte *buf,size_t len)
+{
+ PKT_signature *sig=xmalloc_clear(sizeof(PKT_signature));
+ IOBUF iobuf=iobuf_temp_with_content(buf,len);
+ int save_mode=set_packet_list_mode(0);
+
+ if(parse_signature(iobuf,PKT_SIGNATURE,len,sig)!=0)
+ {
+ xfree(sig);
+ sig=NULL;
+ }
+
+ set_packet_list_mode(save_mode);
+ iobuf_close(iobuf);
+
+ return sig;
+}
+
+static void
+merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
+{
+ PKT_public_key *mainpk = NULL, *subpk = NULL;
+ PKT_signature *sig;
+ KBNODE k;
+ u32 mainkid[2];
+ u32 sigdate = 0;
+ KBNODE signode;
+ u32 curtime = make_timestamp ();
+ unsigned int key_usage = 0;
+ u32 keytimestamp = 0;
+ u32 key_expire = 0;
+ const byte *p;
+
+ if ( subnode->pkt->pkttype != PKT_PUBLIC_SUBKEY )
+ BUG ();
+ mainpk = keyblock->pkt->pkt.public_key;
+ if ( mainpk->version < 4 )
+ return; /* (actually this should never happen) */
+ keyid_from_pk( mainpk, mainkid );
+ subpk = subnode->pkt->pkt.public_key;
+ keytimestamp = subpk->timestamp;
+
+ subpk->is_valid = 0;
+ subpk->main_keyid[0] = mainpk->main_keyid[0];
+ subpk->main_keyid[1] = mainpk->main_keyid[1];
+
+ /* find the latest key binding self-signature. */
+ signode = NULL;
+ sigdate = 0; /* helper to find the latest signature */
+ for(k=subnode->next; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ k = k->next ) {
+ if ( k->pkt->pkttype == PKT_SIGNATURE ) {
+ sig = k->pkt->pkt.signature;
+ if ( sig->keyid[0] == mainkid[0] && sig->keyid[1]==mainkid[1] ) {
+ if ( check_key_signature( keyblock, k, NULL ) )
+ ; /* signature did not verify */
+ else if ( IS_SUBKEY_REV (sig) ) {
+ /* Note that this means that the date on a
+ revocation sig does not matter - even if the
+ binding sig is dated after the revocation sig,
+ the subkey is still marked as revoked. This
+ seems ok, as it is just as easy to make new
+ subkeys rather than re-sign old ones as the
+ problem is in the distribution. Plus, PGP (7)
+ does this the same way. */
+ subpk->is_revoked = 1;
+ sig_to_revoke_info(sig,&subpk->revoked);
+ /* although we could stop now, we continue to
+ * figure out other information like the old expiration
+ * time */
+ }
+ else if ( IS_SUBKEY_SIG (sig) && sig->timestamp >= sigdate )
+ {
+ if(sig->flags.expired)
+ ; /* signature has expired - ignore it */
+ else
+ {
+ sigdate = sig->timestamp;
+ signode = k;
+ signode->pkt->pkt.signature->flags.chosen_selfsig=0;
+ }
+ }
+ }
+ }
+ }
+
+ /* no valid key binding */
+ if ( !signode )
+ return;
+
+ sig = signode->pkt->pkt.signature;
+ sig->flags.chosen_selfsig=1; /* so we know which selfsig we chose later */
+
+ key_usage=parse_key_usage(sig);
+ if ( !key_usage )
+ {
+ /* no key flags at all: get it from the algo */
+ key_usage = openpgp_pk_algo_usage ( subpk->pubkey_algo );
+ }
+ else
+ {
+ /* check that the usage matches the usage as given by the algo */
+ int x = openpgp_pk_algo_usage ( subpk->pubkey_algo );
+ if ( x ) /* mask it down to the actual allowed usage */
+ key_usage &= x;
+ }
+
+ subpk->pubkey_usage = key_usage;
+
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+ if ( p && buffer_to_u32(p) )
+ key_expire = keytimestamp + buffer_to_u32(p);
+ else
+ key_expire = 0;
+ subpk->has_expired = key_expire >= curtime? 0 : key_expire;
+ subpk->expiredate = key_expire;
+
+ /* algo doesn't exist */
+ if(openpgp_pk_test_algo(subpk->pubkey_algo))
+ return;
+
+ subpk->is_valid = 1;
+
+ /* Find the most recent 0x19 embedded signature on our self-sig. */
+ if(subpk->backsig==0)
+ {
+ int seq=0;
+ size_t n;
+ PKT_signature *backsig=NULL;
+
+ sigdate=0;
+
+ /* We do this while() since there may be other embedded
+ signatures in the future. We only want 0x19 here. */
+
+ while((p=enum_sig_subpkt(sig->hashed,
+ SIGSUBPKT_SIGNATURE,&n,&seq,NULL)))
+ if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))
+ {
+ PKT_signature *tempsig=buf_to_sig(p,n);
+ if(tempsig)
+ {
+ if(tempsig->timestamp>sigdate)
+ {
+ if(backsig)
+ free_seckey_enc(backsig);
+
+ backsig=tempsig;
+ sigdate=backsig->timestamp;
+ }
+ else
+ free_seckey_enc(tempsig);
+ }
+ }
+
+ seq=0;
+
+ /* It is safe to have this in the unhashed area since the 0x19
+ is located on the selfsig for convenience, not security. */
+
+ while((p=enum_sig_subpkt(sig->unhashed,SIGSUBPKT_SIGNATURE,
+ &n,&seq,NULL)))
+ if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))
+ {
+ PKT_signature *tempsig=buf_to_sig(p,n);
+ if(tempsig)
+ {
+ if(tempsig->timestamp>sigdate)
+ {
+ if(backsig)
+ free_seckey_enc(backsig);
+
+ backsig=tempsig;
+ sigdate=backsig->timestamp;
+ }
+ else
+ free_seckey_enc(tempsig);
+ }
+ }
+
+ if(backsig)
+ {
+ /* At ths point, backsig contains the most recent 0x19 sig.
+ Let's see if it is good. */
+
+ /* 2==valid, 1==invalid, 0==didn't check */
+ if(check_backsig(mainpk,subpk,backsig)==0)
+ subpk->backsig=2;
+ else
+ subpk->backsig=1;
+
+ free_seckey_enc(backsig);
+ }
+ }
+}
+
+
+/*
+ * Merge information from the self-signatures with the key, so that
+ * we can later use them more easy.
+ * The function works by first applying the self signatures to the
+ * primary key and the to each subkey.
+ * Here are the rules we use to decide which inormation from which
+ * self-signature is used:
+ * We check all self signatures or validity and ignore all invalid signatures.
+ * All signatures are then ordered by their creation date ....
+ * For the primary key:
+ * FIXME the docs
+ */
+static void
+merge_selfsigs( KBNODE keyblock )
+{
+ KBNODE k;
+ int revoked;
+ struct revoke_info rinfo;
+ PKT_public_key *main_pk;
+ prefitem_t *prefs;
+ int mdc_feature;
+
+ if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY ) {
+ if (keyblock->pkt->pkttype == PKT_SECRET_KEY ) {
+ log_error ("expected public key but found secret key "
+ "- must stop\n");
+ /* we better exit here becuase a public key is expected at
+ other places too. FIXME: Figure this out earlier and
+ don't get to here at all */
+ g10_exit (1);
+ }
+ BUG ();
+ }
+
+ merge_selfsigs_main ( keyblock, &revoked, &rinfo );
+
+ /* now merge in the data from each of the subkeys */
+ for(k=keyblock; k; k = k->next ) {
+ if ( k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ merge_selfsigs_subkey ( keyblock, k );
+ }
+ }
+
+ main_pk = keyblock->pkt->pkt.public_key;
+ if ( revoked || main_pk->has_expired || !main_pk->is_valid ) {
+ /* if the primary key is revoked, expired, or invalid we
+ * better set the appropriate flags on that key and all
+ * subkeys */
+ for(k=keyblock; k; k = k->next ) {
+ if ( k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ PKT_public_key *pk = k->pkt->pkt.public_key;
+ if(!main_pk->is_valid)
+ pk->is_valid = 0;
+ if(revoked && !pk->is_revoked)
+ {
+ pk->is_revoked = revoked;
+ memcpy(&pk->revoked,&rinfo,sizeof(rinfo));
+ }
+ if(main_pk->has_expired)
+ pk->has_expired = main_pk->has_expired;
+ }
+ }
+ return;
+ }
+
+ /* set the preference list of all keys to those of the primary real
+ * user ID. Note: we use these preferences when we don't know by
+ * which user ID the key has been selected.
+ * fixme: we should keep atoms of commonly used preferences or
+ * use reference counting to optimize the preference lists storage.
+ * FIXME: it might be better to use the intersection of
+ * all preferences.
+ * Do a similar thing for the MDC feature flag.
+ */
+ prefs = NULL;
+ mdc_feature = 0;
+ for (k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next) {
+ if (k->pkt->pkttype == PKT_USER_ID
+ && !k->pkt->pkt.user_id->attrib_data
+ && k->pkt->pkt.user_id->is_primary) {
+ prefs = k->pkt->pkt.user_id->prefs;
+ mdc_feature = k->pkt->pkt.user_id->flags.mdc;
+ break;
+ }
+ }
+ for(k=keyblock; k; k = k->next ) {
+ if ( k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ PKT_public_key *pk = k->pkt->pkt.public_key;
+ if (pk->prefs)
+ xfree (pk->prefs);
+ pk->prefs = copy_prefs (prefs);
+ pk->mdc_feature = mdc_feature;
+ }
+ }
+}
+
+
+/*
+ * Merge the secret keys from secblock into the pubblock thereby
+ * replacing the public (sub)keys with their secret counterparts Hmmm:
+ * It might be better to get away from the concept of entire secret
+ * keys at all and have a way to store just the real secret parts
+ * from the key.
+ */
+static void
+merge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
+{
+ KBNODE pub;
+
+ assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY );
+ assert ( secblock->pkt->pkttype == PKT_SECRET_KEY );
+
+ for (pub=pubblock; pub; pub = pub->next ) {
+ if ( pub->pkt->pkttype == PKT_PUBLIC_KEY ) {
+ PKT_public_key *pk = pub->pkt->pkt.public_key;
+ PKT_secret_key *sk = secblock->pkt->pkt.secret_key;
+ assert ( pub == pubblock ); /* only in the first node */
+ /* there is nothing to compare in this case, so just replace
+ * some information */
+ copy_public_parts_to_secret_key ( pk, sk );
+ free_public_key ( pk );
+ pub->pkt->pkttype = PKT_SECRET_KEY;
+ pub->pkt->pkt.secret_key = copy_secret_key (NULL, sk);
+ }
+ else if ( pub->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ KBNODE sec;
+ PKT_public_key *pk = pub->pkt->pkt.public_key;
+
+ /* this is more complicated: it may happen that the sequence
+ * of the subkeys dosn't match, so we have to find the
+ * appropriate secret key */
+ for (sec=secblock->next; sec; sec = sec->next ) {
+ if ( sec->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ PKT_secret_key *sk = sec->pkt->pkt.secret_key;
+ if ( !cmp_public_secret_key ( pk, sk ) ) {
+ copy_public_parts_to_secret_key ( pk, sk );
+ free_public_key ( pk );
+ pub->pkt->pkttype = PKT_SECRET_SUBKEY;
+ pub->pkt->pkt.secret_key = copy_secret_key (NULL, sk);
+ break;
+ }
+ }
+ }
+ if ( !sec )
+ BUG(); /* already checked in premerge */
+ }
+ }
+}
+
+/* This function checks that for every public subkey a corresponding
+ * secret subkey is available and deletes the public subkey otherwise.
+ * We need this function because we can't delete it later when we
+ * actually merge the secret parts into the pubring.
+ * The function also plays some games with the node flags.
+ */
+static void
+premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
+{
+ KBNODE last, pub;
+
+ assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY );
+ assert ( secblock->pkt->pkttype == PKT_SECRET_KEY );
+
+ for (pub=pubblock,last=NULL; pub; last = pub, pub = pub->next ) {
+ pub->flag &= ~3; /* reset bits 0 and 1 */
+ if ( pub->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ KBNODE sec;
+ PKT_public_key *pk = pub->pkt->pkt.public_key;
+
+ for (sec=secblock->next; sec; sec = sec->next ) {
+ if ( sec->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ PKT_secret_key *sk = sec->pkt->pkt.secret_key;
+ if ( !cmp_public_secret_key ( pk, sk ) ) {
+ if ( sk->protect.s2k.mode == 1001 ) {
+ /* The secret parts are not available so
+ we can't use that key for signing etc.
+ Fix the pubkey usage */
+ pk->pubkey_usage &= ~(PUBKEY_USAGE_SIG
+ |PUBKEY_USAGE_AUTH);
+ }
+ /* transfer flag bits 0 and 1 to the pubblock */
+ pub->flag |= (sec->flag &3);
+ break;
+ }
+ }
+ }
+ if ( !sec ) {
+ KBNODE next, ll;
+
+ if (opt.verbose)
+ log_info (_("no secret subkey"
+ " for public subkey %s - ignoring\n"),
+ keystr_from_pk (pk));
+ /* we have to remove the subkey in this case */
+ assert ( last );
+ /* find the next subkey */
+ for (next=pub->next,ll=pub;
+ next && next->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ ll = next, next = next->next )
+ ;
+ /* make new link */
+ last->next = next;
+ /* release this public subkey with all sigs */
+ ll->next = NULL;
+ release_kbnode( pub );
+ /* let the loop continue */
+ pub = last;
+ }
+ }
+ }
+ /* We need to copy the found bits (0 and 1) from the secret key to
+ the public key. This has already been done for the subkeys but
+ got lost on the primary key - fix it here *. */
+ pubblock->flag |= (secblock->flag & 3);
+}
+
+
+
+
+/* See see whether the key fits
+ * our requirements and in case we do not
+ * request the primary key, we should select
+ * a suitable subkey.
+ * FIXME: Check against PGP 7 whether we still need a kludge
+ * to favor type 16 keys over type 20 keys when type 20
+ * has not been explitely requested.
+ * Returns: True when a suitable key has been found.
+ *
+ * We have to distinguish four cases: FIXME!
+ * 1. No usage and no primary key requested
+ * Examples for this case are that we have a keyID to be used
+ * for decrytion or verification.
+ * 2. No usage but primary key requested
+ * This is the case for all functions which work on an
+ * entire keyblock, e.g. for editing or listing
+ * 3. Usage and primary key requested
+ * FXME
+ * 4. Usage but no primary key requested
+ * FIXME
+ * FIXME: Tell what is going to happen here and something about the rationale
+ * Note: We don't use this function if no specific usage is requested;
+ * This way the getkey functions can be used for plain key listings.
+ *
+ * CTX ist the keyblock we are investigating, if FOUNDK is not NULL this
+ * is the key we actually found by looking at the keyid or a fingerprint and
+ * may eitehr point to the primary or one of the subkeys.
+ */
+
+static int
+finish_lookup (GETKEY_CTX ctx)
+{
+ KBNODE keyblock = ctx->keyblock;
+ KBNODE k;
+ KBNODE foundk = NULL;
+ PKT_user_id *foundu = NULL;
+#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT)
+ unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
+ /* Request the primary if we're certifying another key, and also
+ if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
+ do not understand signatures made by a signing subkey. PGP 8
+ does. */
+ int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
+ ((PGP6 || PGP7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
+ u32 latest_date;
+ KBNODE latest_key;
+ u32 curtime = make_timestamp ();
+
+ assert( keyblock->pkt->pkttype == PKT_PUBLIC_KEY );
+
+ ctx->found_key = NULL;
+
+ if (ctx->exact) {
+ for (k=keyblock; k; k = k->next) {
+ if ( (k->flag & 1) ) {
+ assert ( k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY );
+ foundk = k;
+ break;
+ }
+ }
+ }
+
+ for (k=keyblock; k; k = k->next) {
+ if ( (k->flag & 2) ) {
+ assert (k->pkt->pkttype == PKT_USER_ID);
+ foundu = k->pkt->pkt.user_id;
+ break;
+ }
+ }
+
+ if ( DBG_CACHE )
+ log_debug( "finish_lookup: checking key %08lX (%s)(req_usage=%x)\n",
+ (ulong)keyid_from_pk( keyblock->pkt->pkt.public_key, NULL),
+ foundk? "one":"all", req_usage);
+
+ if (!req_usage) {
+ latest_key = foundk? foundk:keyblock;
+ goto found;
+ }
+
+ latest_date = 0;
+ latest_key = NULL;
+ /* do not look at subkeys if a certification key is requested */
+ if ((!foundk || foundk->pkt->pkttype == PKT_PUBLIC_SUBKEY) && !req_prim) {
+ KBNODE nextk;
+ /* either start a loop or check just this one subkey */
+ for (k=foundk?foundk:keyblock; k; k = nextk ) {
+ PKT_public_key *pk;
+ nextk = k->next;
+ if ( k->pkt->pkttype != PKT_PUBLIC_SUBKEY )
+ continue;
+ if ( foundk )
+ nextk = NULL; /* what a hack */
+ pk = k->pkt->pkt.public_key;
+ if (DBG_CACHE)
+ log_debug( "\tchecking subkey %08lX\n",
+ (ulong)keyid_from_pk( pk, NULL));
+ if ( !pk->is_valid ) {
+ if (DBG_CACHE)
+ log_debug( "\tsubkey not valid\n");
+ continue;
+ }
+ if ( pk->is_revoked ) {
+ if (DBG_CACHE)
+ log_debug( "\tsubkey has been revoked\n");
+ continue;
+ }
+ if ( pk->has_expired ) {
+ if (DBG_CACHE)
+ log_debug( "\tsubkey has expired\n");
+ continue;
+ }
+ if ( pk->timestamp > curtime && !opt.ignore_valid_from ) {
+ if (DBG_CACHE)
+ log_debug( "\tsubkey not yet valid\n");
+ continue;
+ }
+
+ if ( !((pk->pubkey_usage&USAGE_MASK) & req_usage) ) {
+ if (DBG_CACHE)
+ log_debug( "\tusage does not match: want=%x have=%x\n",
+ req_usage, pk->pubkey_usage );
+ continue;
+ }
+
+ if (DBG_CACHE)
+ log_debug( "\tsubkey might be fine\n");
+ /* In case a key has a timestamp of 0 set, we make sure
+ that it is used. A better change would be to compare
+ ">=" but that might also change the selected keys and
+ is as such a more intrusive change. */
+ if ( pk->timestamp > latest_date
+ || (!pk->timestamp && !latest_date)) {
+ latest_date = pk->timestamp;
+ latest_key = k;
+ }
+ }
+ }
+
+ /* Okay now try the primary key unless we want an exact
+ * key ID match on a subkey */
+ if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_prim) {
+ PKT_public_key *pk;
+ if (DBG_CACHE && !foundk && !req_prim )
+ log_debug( "\tno suitable subkeys found - trying primary\n");
+ pk = keyblock->pkt->pkt.public_key;
+ if ( !pk->is_valid ) {
+ if (DBG_CACHE)
+ log_debug( "\tprimary key not valid\n");
+ }
+ else if ( pk->is_revoked ) {
+ if (DBG_CACHE)
+ log_debug( "\tprimary key has been revoked\n");
+ }
+ else if ( pk->has_expired ) {
+ if (DBG_CACHE)
+ log_debug( "\tprimary key has expired\n");
+ }
+ else if ( !((pk->pubkey_usage&USAGE_MASK) & req_usage) ) {
+ if (DBG_CACHE)
+ log_debug( "\tprimary key usage does not match: "
+ "want=%x have=%x\n",
+ req_usage, pk->pubkey_usage );
+ }
+ else { /* okay */
+ if (DBG_CACHE)
+ log_debug( "\tprimary key may be used\n");
+ latest_key = keyblock;
+ latest_date = pk->timestamp;
+ }
+ }
+
+ if ( !latest_key ) {
+ if (DBG_CACHE)
+ log_debug("\tno suitable key found - giving up\n");
+ return 0;
+ }
+
+ found:
+ if (DBG_CACHE)
+ log_debug( "\tusing key %08lX\n",
+ (ulong)keyid_from_pk( latest_key->pkt->pkt.public_key, NULL) );
+
+ if (latest_key) {
+ PKT_public_key *pk = latest_key->pkt->pkt.public_key;
+ if (pk->user_id)
+ free_user_id (pk->user_id);
+ pk->user_id = scopy_user_id (foundu);
+ }
+
+ ctx->found_key = latest_key;
+
+ if (latest_key != keyblock && opt.verbose)
+ {
+ char *tempkeystr=
+ xstrdup(keystr_from_pk(latest_key->pkt->pkt.public_key));
+ log_info(_("using subkey %s instead of primary key %s\n"),
+ tempkeystr, keystr_from_pk(keyblock->pkt->pkt.public_key));
+ xfree(tempkeystr);
+ }
+
+ cache_user_id( keyblock );
+
+ return 1; /* found */
+}
+
+
+static int
+lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
+{
+ int rc;
+ KBNODE secblock = NULL; /* helper */
+ int no_suitable_key = 0;
+
+ rc = 0;
+ while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems))) {
+ /* If we are searching for the first key we have to make sure
+ that the next iteration does not do an implicit reset.
+ This can be triggered by an empty key ring. */
+ if (ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST)
+ ctx->items->mode = KEYDB_SEARCH_MODE_NEXT;
+
+ rc = keydb_get_keyblock (ctx->kr_handle, &ctx->keyblock);
+ if (rc) {
+ log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
+ rc = 0;
+ goto skip;
+ }
+
+ if ( secmode ) {
+ /* find the correspondig public key and use this
+ * this one for the selection process */
+ u32 aki[2];
+ KBNODE k = ctx->keyblock;
+
+ if (k->pkt->pkttype != PKT_SECRET_KEY)
+ BUG();
+
+ keyid_from_sk (k->pkt->pkt.secret_key, aki);
+ k = get_pubkeyblock (aki);
+ if( !k )
+ {
+ if (!opt.quiet)
+ log_info(_("key %s: secret key without public key"
+ " - skipped\n"), keystr(aki));
+ goto skip;
+ }
+ secblock = ctx->keyblock;
+ ctx->keyblock = k;
+
+ premerge_public_with_secret ( ctx->keyblock, secblock );
+ }
+
+ /* warning: node flag bits 0 and 1 should be preserved by
+ * merge_selfsigs. For secret keys, premerge did tranfer the
+ * keys to the keyblock */
+ merge_selfsigs ( ctx->keyblock );
+ if ( finish_lookup (ctx) ) {
+ no_suitable_key = 0;
+ if ( secmode ) {
+ merge_public_with_secret ( ctx->keyblock,
+ secblock);
+ release_kbnode (secblock);
+ secblock = NULL;
+ }
+ goto found;
+ }
+ else
+ no_suitable_key = 1;
+
+ skip:
+ /* release resources and continue search */
+ if ( secmode ) {
+ release_kbnode( secblock );
+ secblock = NULL;
+ }
+ release_kbnode( ctx->keyblock );
+ ctx->keyblock = NULL;
+ }
+
+ found:
+ if( rc && rc != -1 )
+ log_error("keydb_search failed: %s\n", g10_errstr(rc));
+
+ if( !rc ) {
+ *ret_keyblock = ctx->keyblock; /* return the keyblock */
+ ctx->keyblock = NULL;
+ }
+ else if (rc == -1 && no_suitable_key)
+ rc = secmode ? G10ERR_UNU_SECKEY : G10ERR_UNU_PUBKEY;
+ else if( rc == -1 )
+ rc = secmode ? G10ERR_NO_SECKEY : G10ERR_NO_PUBKEY;
+
+ if ( secmode ) {
+ release_kbnode( secblock );
+ secblock = NULL;
+ }
+ release_kbnode( ctx->keyblock );
+ ctx->keyblock = NULL;
+
+ ctx->last_rc = rc;
+ return rc;
+}
+
+
+
+
+/****************
+ * FIXME: Replace by the generic function
+ * It does not work as it is right now - it is used at
+ * 2 places: a) to get the key for an anonyous recipient
+ * b) to get the ultimately trusted keys.
+ * The a) usage might have some problems.
+ *
+ * set with_subkeys true to include subkeys
+ * set with_spm true to include secret-parts-missing keys
+ *
+ * Enumerate all primary secret keys. Caller must use these procedure:
+ * 1) create a void pointer and initialize it to NULL
+ * 2) pass this void pointer by reference to this function
+ * and provide space for the secret key (pass a buffer for sk)
+ * 3) call this function as long as it does not return -1
+ * to indicate EOF.
+ * 4) Always call this function a last time with SK set to NULL,
+ * so that can free it's context.
+ */
+int
+enum_secret_keys( void **context, PKT_secret_key *sk,
+ int with_subkeys, int with_spm )
+{
+ int rc=0;
+ struct {
+ int eof;
+ int first;
+ KEYDB_HANDLE hd;
+ KBNODE keyblock;
+ KBNODE node;
+ } *c = *context;
+
+
+ if( !c ) { /* make a new context */
+ c = xmalloc_clear( sizeof *c );
+ *context = c;
+ c->hd = keydb_new (1);
+ c->first = 1;
+ c->keyblock = NULL;
+ c->node = NULL;
+ }
+
+ if( !sk ) { /* free the context */
+ keydb_release (c->hd);
+ release_kbnode (c->keyblock);
+ xfree( c );
+ *context = NULL;
+ return 0;
+ }
+
+ if( c->eof )
+ return -1;
+
+ do {
+ /* get the next secret key from the current keyblock */
+ for (; c->node; c->node = c->node->next) {
+ if ((c->node->pkt->pkttype == PKT_SECRET_KEY
+ || (with_subkeys
+ && c->node->pkt->pkttype == PKT_SECRET_SUBKEY) )
+ && !(c->node->pkt->pkt.secret_key->protect.s2k.mode==1001
+ && !with_spm)) {
+ copy_secret_key (sk, c->node->pkt->pkt.secret_key );
+ c->node = c->node->next;
+ return 0; /* found */
+ }
+ }
+ release_kbnode (c->keyblock);
+ c->keyblock = c->node = NULL;
+
+ rc = c->first? keydb_search_first (c->hd) : keydb_search_next (c->hd);
+ c->first = 0;
+ if (rc) {
+ keydb_release (c->hd); c->hd = NULL;
+ c->eof = 1;
+ return -1; /* eof */
+ }
+
+ rc = keydb_get_keyblock (c->hd, &c->keyblock);
+ c->node = c->keyblock;
+ } while (!rc);
+
+ return rc; /* error */
+}
+
+
+
+/*********************************************
+ *********** user ID printing helpers *******
+ *********************************************/
+
+/****************
+ * Return a string with a printable representation of the user_id.
+ * this string must be freed by xfree.
+ */
+char*
+get_user_id_string( u32 *keyid )
+{
+ user_id_db_t r;
+ char *p;
+ int pass=0;
+ /* try it two times; second pass reads from key resources */
+ do
+ {
+ for(r=user_id_db; r; r = r->next )
+ {
+ keyid_list_t a;
+ for (a=r->keyids; a; a= a->next )
+ {
+ if( a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1] )
+ {
+ p = xmalloc( keystrlen() + 1 + r->len + 1 );
+ sprintf(p, "%s %.*s", keystr(keyid), r->len, r->name );
+ return p;
+ }
+ }
+ }
+ } while( ++pass < 2 && !get_pubkey( NULL, keyid ) );
+ p = xmalloc( keystrlen() + 5 );
+ sprintf(p, "%s [?]", keystr(keyid));
+ return p;
+}
+
+
+char*
+get_user_id_string_native ( u32 *keyid )
+{
+ char *p = get_user_id_string( keyid );
+ char *p2 = utf8_to_native( p, strlen(p), 0 );
+ xfree(p);
+ return p2;
+}
+
+
+char*
+get_long_user_id_string( u32 *keyid )
+{
+ user_id_db_t r;
+ char *p;
+ int pass=0;
+ /* try it two times; second pass reads from key resources */
+ do {
+ for(r=user_id_db; r; r = r->next ) {
+ keyid_list_t a;
+ for (a=r->keyids; a; a= a->next ) {
+ if( a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1] ) {
+ p = xmalloc( r->len + 20 );
+ sprintf(p, "%08lX%08lX %.*s",
+ (ulong)keyid[0], (ulong)keyid[1],
+ r->len, r->name );
+ return p;
+ }
+ }
+ }
+ } while( ++pass < 2 && !get_pubkey( NULL, keyid ) );
+ p = xmalloc( 25 );
+ sprintf(p, "%08lX%08lX [?]", (ulong)keyid[0], (ulong)keyid[1] );
+ return p;
+}
+
+char*
+get_user_id( u32 *keyid, size_t *rn )
+{
+ user_id_db_t r;
+ char *p;
+ int pass=0;
+
+ /* try it two times; second pass reads from key resources */
+ do {
+ for(r=user_id_db; r; r = r->next ) {
+ keyid_list_t a;
+ for (a=r->keyids; a; a= a->next ) {
+ if( a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1] ) {
+ p = xmalloc( r->len );
+ memcpy(p, r->name, r->len );
+ *rn = r->len;
+ return p;
+ }
+ }
+ }
+ } while( ++pass < 2 && !get_pubkey( NULL, keyid ) );
+ p = xstrdup( user_id_not_found_utf8 () );
+ *rn = strlen(p);
+ return p;
+}
+
+char*
+get_user_id_native( u32 *keyid )
+{
+ size_t rn;
+ char *p = get_user_id( keyid, &rn );
+ char *p2 = utf8_to_native( p, rn, 0 );
+ xfree(p);
+ return p2;
+}
+
+KEYDB_HANDLE
+get_ctx_handle(GETKEY_CTX ctx)
+{
+ return ctx->kr_handle;
+}
+
+static void
+free_akl(struct akl *akl)
+{
+ if(akl->spec)
+ free_keyserver_spec(akl->spec);
+
+ xfree(akl);
+}
+
+void
+release_akl(void)
+{
+ while(opt.auto_key_locate)
+ {
+ struct akl *akl2=opt.auto_key_locate;
+ opt.auto_key_locate=opt.auto_key_locate->next;
+ free_akl(akl2);
+ }
+}
+
+/* Returns false on error. */
+int
+parse_auto_key_locate(char *options)
+{
+ char *tok;
+
+ while((tok=optsep(&options)))
+ {
+ struct akl *akl,*check,*last=NULL;
+ int dupe=0;
+
+ if(tok[0]=='\0')
+ continue;
+
+ akl=xmalloc_clear(sizeof(*akl));
+
+ if(ascii_strcasecmp(tok,"nodefault")==0)
+ akl->type=AKL_NODEFAULT;
+ else if(ascii_strcasecmp(tok,"local")==0)
+ akl->type=AKL_LOCAL;
+ else if(ascii_strcasecmp(tok,"ldap")==0)
+ akl->type=AKL_LDAP;
+ else if(ascii_strcasecmp(tok,"keyserver")==0)
+ akl->type=AKL_KEYSERVER;
+#ifdef USE_DNS_CERT
+ else if(ascii_strcasecmp(tok,"cert")==0)
+ akl->type=AKL_CERT;
+#endif
+#ifdef USE_DNS_PKA
+ else if(ascii_strcasecmp(tok,"pka")==0)
+ akl->type=AKL_PKA;
+#endif
+ else if((akl->spec=parse_keyserver_uri(tok,1,NULL,0)))
+ akl->type=AKL_SPEC;
+ else
+ {
+ free_akl(akl);
+ return 0;
+ }
+
+ /* We must maintain the order the user gave us */
+ for(check=opt.auto_key_locate;check;last=check,check=check->next)
+ {
+ /* Check for duplicates */
+ if(check->type==akl->type
+ && (akl->type!=AKL_SPEC
+ || (akl->type==AKL_SPEC
+ && strcmp(check->spec->uri,akl->spec->uri)==0)))
+ {
+ dupe=1;
+ free_akl(akl);
+ break;
+ }
+ }
+
+ if(!dupe)
+ {
+ if(last)
+ last->next=akl;
+ else
+ opt.auto_key_locate=akl;
+ }
+ }
+
+ return 1;
+}
diff --git a/g10/gpg.c b/g10/gpg.c
new file mode 100644
index 0000000..7e648fb
--- /dev/null
+++ b/g10/gpg.c
@@ -0,0 +1,4368 @@
+/* gpg.c - The GnuPG utility (main for gpg)
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+ * 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#include <assert.h>
+#ifdef HAVE_STAT
+#include <sys/stat.h> /* for stat() */
+#endif
+#include <fcntl.h>
+#ifdef HAVE_W32_SYSTEM
+#include <windows.h>
+#endif
+
+#define INCLUDED_BY_MAIN_MODULE 1
+#include "gpg.h"
+#include <assuan.h>
+#include "packet.h"
+#include "../common/iobuf.h"
+#include "util.h"
+#include "main.h"
+#include "options.h"
+#include "keydb.h"
+#include "trustdb.h"
+#include "cipher.h"
+#include "filter.h"
+#include "ttyio.h"
+#include "i18n.h"
+#include "sysutils.h"
+#include "status.h"
+#include "keyserver-internal.h"
+#include "exec.h"
+#include "gc-opt-flags.h"
+
+#if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
+#define MY_O_BINARY O_BINARY
+#ifndef S_IRGRP
+# define S_IRGRP 0
+# define S_IWGRP 0
+#endif
+#else
+#define MY_O_BINARY 0
+#endif
+
+
+enum cmd_and_opt_values
+ {
+ aNull = 0,
+ oArmor = 'a',
+ aDetachedSign = 'b',
+ aSym = 'c',
+ aDecrypt = 'd',
+ aEncr = 'e',
+ oInteractive = 'i',
+ aListKeys = 'k',
+ oDryRun = 'n',
+ oOutput = 'o',
+ oQuiet = 'q',
+ oRecipient = 'r',
+ oHiddenRecipient = 'R',
+ aSign = 's',
+ oTextmodeShort= 't',
+ oLocalUser = 'u',
+ oVerbose = 'v',
+ oCompress = 'z',
+ oSetNotation = 'N',
+ aListSecretKeys = 'K',
+ oBatch = 500,
+ oMaxOutput,
+ oSigNotation,
+ oCertNotation,
+ oShowNotation,
+ oNoShowNotation,
+ aEncrFiles,
+ aEncrSym,
+ aDecryptFiles,
+ aClearsign,
+ aStore,
+ aKeygen,
+ aSignEncr,
+ aSignEncrSym,
+ aSignSym,
+ aSignKey,
+ aLSignKey,
+ aListConfig,
+ aGPGConfList,
+ aGPGConfTest,
+ aListPackets,
+ aEditKey,
+ aDeleteKeys,
+ aDeleteSecretKeys,
+ aDeleteSecretAndPublicKeys,
+ aImport,
+ aFastImport,
+ aVerify,
+ aVerifyFiles,
+ aListSigs,
+ aSendKeys,
+ aRecvKeys,
+ aLocateKeys,
+ aSearchKeys,
+ aRefreshKeys,
+ aFetchKeys,
+ aExport,
+ aExportSecret,
+ aExportSecretSub,
+ aCheckKeys,
+ aGenRevoke,
+ aDesigRevoke,
+ aPrimegen,
+ aPrintMD,
+ aPrintMDs,
+ aCheckTrustDB,
+ aUpdateTrustDB,
+ aFixTrustDB,
+ aListTrustDB,
+ aListTrustPath,
+ aExportOwnerTrust,
+ aImportOwnerTrust,
+ aDeArmor,
+ aEnArmor,
+ aGenRandom,
+ aRebuildKeydbCaches,
+ aCardStatus,
+ aCardEdit,
+ aChangePIN,
+ aPasswd,
+ aServer,
+
+ oTextmode,
+ oNoTextmode,
+ oExpert,
+ oNoExpert,
+ oDefSigExpire,
+ oAskSigExpire,
+ oNoAskSigExpire,
+ oDefCertExpire,
+ oAskCertExpire,
+ oNoAskCertExpire,
+ oDefCertLevel,
+ oMinCertLevel,
+ oAskCertLevel,
+ oNoAskCertLevel,
+ oFingerprint,
+ oWithFingerprint,
+ oAnswerYes,
+ oAnswerNo,
+ oKeyring,
+ oPrimaryKeyring,
+ oSecretKeyring,
+ oShowKeyring,
+ oDefaultKey,
+ oDefRecipient,
+ oDefRecipientSelf,
+ oNoDefRecipient,
+ oOptions,
+ oDebug,
+ oDebugLevel,
+ oDebugAll,
+ oDebugCCIDDriver,
+ oStatusFD,
+ oStatusFile,
+ oAttributeFD,
+ oAttributeFile,
+ oEmitVersion,
+ oNoEmitVersion,
+ oCompletesNeeded,
+ oMarginalsNeeded,
+ oMaxCertDepth,
+ oLoadExtension,
+ oGnuPG,
+ oRFC1991,
+ oRFC2440,
+ oRFC4880,
+ oOpenPGP,
+ oPGP2,
+ oPGP6,
+ oPGP7,
+ oPGP8,
+ oRFC2440Text,
+ oNoRFC2440Text,
+ oCipherAlgo,
+ oDigestAlgo,
+ oCertDigestAlgo,
+ oCompressAlgo,
+ oCompressLevel,
+ oBZ2CompressLevel,
+ oBZ2DecompressLowmem,
+ oPassphrase,
+ oPassphraseFD,
+ oPassphraseFile,
+ oPassphraseRepeat,
+ oCommandFD,
+ oCommandFile,
+ oQuickRandom,
+ oNoVerbose,
+ oTrustDBName,
+ oNoSecmemWarn,
+ oRequireSecmem,
+ oNoRequireSecmem,
+ oNoPermissionWarn,
+ oNoMDCWarn,
+ oNoArmor,
+ oNoDefKeyring,
+ oNoGreeting,
+ oNoTTY,
+ oNoOptions,
+ oNoBatch,
+ oHomedir,
+ oWithColons,
+ oWithKeyData,
+ oWithSigList,
+ oWithSigCheck,
+ oSkipVerify,
+ oSkipHiddenRecipients,
+ oNoSkipHiddenRecipients,
+ oCompressKeys,
+ oCompressSigs,
+ oAlwaysTrust,
+ oTrustModel,
+ oForceOwnertrust,
+ oSetFilename,
+ oForYourEyesOnly,
+ oNoForYourEyesOnly,
+ oSetPolicyURL,
+ oSigPolicyURL,
+ oCertPolicyURL,
+ oShowPolicyURL,
+ oNoShowPolicyURL,
+ oSigKeyserverURL,
+ oUseEmbeddedFilename,
+ oNoUseEmbeddedFilename,
+ oComment,
+ oDefaultComment,
+ oNoComments,
+ oThrowKeyids,
+ oNoThrowKeyids,
+ oShowPhotos,
+ oNoShowPhotos,
+ oPhotoViewer,
+ oForceV3Sigs,
+ oNoForceV3Sigs,
+ oForceV4Certs,
+ oNoForceV4Certs,
+ oForceMDC,
+ oNoForceMDC,
+ oDisableMDC,
+ oNoDisableMDC,
+ oS2KMode,
+ oS2KDigest,
+ oS2KCipher,
+ oS2KCount,
+ oSimpleSKChecksum,
+ oDisplayCharset,
+ oNotDashEscaped,
+ oEscapeFrom,
+ oNoEscapeFrom,
+ oLockOnce,
+ oLockMultiple,
+ oLockNever,
+ oKeyServer,
+ oKeyServerOptions,
+ oImportOptions,
+ oExportOptions,
+ oListOptions,
+ oVerifyOptions,
+ oTempDir,
+ oExecPath,
+ oEncryptTo,
+ oHiddenEncryptTo,
+ oNoEncryptTo,
+ oLoggerFD,
+ oLoggerFile,
+ oUtf8Strings,
+ oNoUtf8Strings,
+ oDisableCipherAlgo,
+ oDisablePubkeyAlgo,
+ oAllowNonSelfsignedUID,
+ oNoAllowNonSelfsignedUID,
+ oAllowFreeformUID,
+ oNoAllowFreeformUID,
+ oAllowSecretKeyImport,
+ oEnableSpecialFilenames,
+ oNoLiteral,
+ oSetFilesize,
+ oHonorHttpProxy,
+ oFastListMode,
+ oListOnly,
+ oIgnoreTimeConflict,
+ oIgnoreValidFrom,
+ oIgnoreCrcError,
+ oIgnoreMDCError,
+ oShowSessionKey,
+ oOverrideSessionKey,
+ oNoRandomSeedFile,
+ oAutoKeyRetrieve,
+ oNoAutoKeyRetrieve,
+ oUseAgent,
+ oNoUseAgent,
+ oGpgAgentInfo,
+ oMergeOnly,
+ oTryAllSecrets,
+ oTrustedKey,
+ oNoExpensiveTrustChecks,
+ oFixedListMode,
+ oNoSigCache,
+ oNoSigCreateCheck,
+ oAutoCheckTrustDB,
+ oNoAutoCheckTrustDB,
+ oPreservePermissions,
+ oDefaultPreferenceList,
+ oDefaultKeyserverURL,
+ oPersonalCipherPreferences,
+ oPersonalDigestPreferences,
+ oPersonalCompressPreferences,
+ oAgentProgram,
+ oDisplay,
+ oTTYname,
+ oTTYtype,
+ oLCctype,
+ oLCmessages,
+ oXauthority,
+ oGroup,
+ oUnGroup,
+ oNoGroups,
+ oStrict,
+ oNoStrict,
+ oMangleDosFilenames,
+ oNoMangleDosFilenames,
+ oEnableProgressFilter,
+ oMultifile,
+ oKeyidFormat,
+ oExitOnStatusWriteError,
+ oLimitCardInsertTries,
+ oRequireCrossCert,
+ oNoRequireCrossCert,
+ oAutoKeyLocate,
+ oNoAutoKeyLocate,
+ oAllowMultisigVerification,
+ oEnableDSA2,
+ oDisableDSA2,
+ oAllowMultipleMessages,
+ oNoAllowMultipleMessages,
+
+ oNoop
+ };
+
+
+static ARGPARSE_OPTS opts[] = {
+
+ ARGPARSE_group (300, N_("@Commands:\n ")),
+
+ ARGPARSE_c (aSign, "sign", N_("make a signature")),
+ ARGPARSE_c (aClearsign, "clearsign", N_("make a clear text signature")),
+ ARGPARSE_c (aDetachedSign, "detach-sign", N_("make a detached signature")),
+ ARGPARSE_c (aEncr, "encrypt", N_("encrypt data")),
+ ARGPARSE_c (aEncrFiles, "encrypt-files", "@"),
+ ARGPARSE_c (aSym, "symmetric", N_("encryption only with symmetric cipher")),
+ ARGPARSE_c (aStore, "store", "@"),
+ ARGPARSE_c (aDecrypt, "decrypt", N_("decrypt data (default)")),
+ ARGPARSE_c (aDecryptFiles, "decrypt-files", "@"),
+ ARGPARSE_c (aVerify, "verify" , N_("verify a signature")),
+ ARGPARSE_c (aVerifyFiles, "verify-files" , "@" ),
+ ARGPARSE_c (aListKeys, "list-keys", N_("list keys")),
+ ARGPARSE_c (aListKeys, "list-public-keys", "@" ),
+ ARGPARSE_c (aListSigs, "list-sigs", N_("list keys and signatures")),
+ ARGPARSE_c (aCheckKeys, "check-sigs",N_("list and check key signatures")),
+ ARGPARSE_c (oFingerprint, "fingerprint", N_("list keys and fingerprints")),
+ ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")),
+ ARGPARSE_c (aKeygen, "gen-key", N_("generate a new key pair")),
+ ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
+ ARGPARSE_c (aDeleteKeys,"delete-keys",
+ N_("remove keys from the public keyring")),
+ ARGPARSE_c (aDeleteSecretKeys, "delete-secret-keys",
+ N_("remove keys from the secret keyring")),
+ ARGPARSE_c (aSignKey, "sign-key" ,N_("sign a key")),
+ ARGPARSE_c (aLSignKey, "lsign-key" ,N_("sign a key locally")),
+ ARGPARSE_c (aEditKey, "edit-key" ,N_("sign or edit a key")),
+ ARGPARSE_c (aEditKey, "key-edit" ,"@"),
+ ARGPARSE_c (aPasswd, "passwd", N_("change a passphrase")),
+ ARGPARSE_c (aDesigRevoke, "desig-revoke","@" ),
+ ARGPARSE_c (aExport, "export" , N_("export keys") ),
+ ARGPARSE_c (aSendKeys, "send-keys" , N_("export keys to a key server") ),
+ ARGPARSE_c (aRecvKeys, "recv-keys" , N_("import keys from a key server") ),
+ ARGPARSE_c (aSearchKeys, "search-keys" ,
+ N_("search for keys on a key server") ),
+ ARGPARSE_c (aRefreshKeys, "refresh-keys",
+ N_("update all keys from a keyserver")),
+ ARGPARSE_c (aLocateKeys, "locate-keys", "@"),
+ ARGPARSE_c (aFetchKeys, "fetch-keys" , "@" ),
+ ARGPARSE_c (aExportSecret, "export-secret-keys" , "@" ),
+ ARGPARSE_c (aExportSecretSub, "export-secret-subkeys" , "@" ),
+ ARGPARSE_c (aImport, "import", N_("import/merge keys")),
+ ARGPARSE_c (aFastImport, "fast-import", "@"),
+#ifdef ENABLE_CARD_SUPPORT
+ ARGPARSE_c (aCardStatus, "card-status", N_("print the card status")),
+ ARGPARSE_c (aCardEdit, "card-edit", N_("change data on a card")),
+ ARGPARSE_c (aChangePIN, "change-pin", N_("change a card's PIN")),
+#endif
+ ARGPARSE_c (aListConfig, "list-config", "@"),
+ ARGPARSE_c (aGPGConfList, "gpgconf-list", "@" ),
+ ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@" ),
+ ARGPARSE_c (aListPackets, "list-packets","@"),
+ ARGPARSE_c (aExportOwnerTrust, "export-ownertrust", "@"),
+ ARGPARSE_c (aImportOwnerTrust, "import-ownertrust", "@"),
+ ARGPARSE_c (aUpdateTrustDB,"update-trustdb",
+ N_("update the trust database")),
+ ARGPARSE_c (aCheckTrustDB, "check-trustdb", "@"),
+ ARGPARSE_c (aFixTrustDB, "fix-trustdb", "@"),
+ ARGPARSE_c (aDeArmor, "dearmor", "@"),
+ ARGPARSE_c (aDeArmor, "dearmour", "@"),
+ ARGPARSE_c (aEnArmor, "enarmor", "@"),
+ ARGPARSE_c (aEnArmor, "enarmour", "@"),
+ ARGPARSE_c (aPrintMD, "print-md", N_("print message digests")),
+ ARGPARSE_c (aPrimegen, "gen-prime", "@" ),
+ ARGPARSE_c (aGenRandom,"gen-random", "@" ),
+ ARGPARSE_c (aServer, "server", N_("run in server mode")),
+
+ ARGPARSE_group (301, N_("@\nOptions:\n ")),
+
+ ARGPARSE_s_n (oArmor, "armor", N_("create ascii armored output")),
+ ARGPARSE_s_n (oArmor, "armour", "@"),
+
+ ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")),
+ ARGPARSE_s_s (oHiddenRecipient, "hidden-recipient", "@"),
+ ARGPARSE_s_s (oRecipient, "remote-user", "@"), /* (old option name) */
+ ARGPARSE_s_s (oDefRecipient, "default-recipient", "@"),
+ ARGPARSE_s_n (oDefRecipientSelf, "default-recipient-self", "@"),
+ ARGPARSE_s_n (oNoDefRecipient, "no-default-recipient", "@"),
+
+ ARGPARSE_s_s (oTempDir, "temp-directory", "@"),
+ ARGPARSE_s_s (oExecPath, "exec-path", "@"),
+ ARGPARSE_s_s (oEncryptTo, "encrypt-to", "@"),
+ ARGPARSE_s_n (oNoEncryptTo, "no-encrypt-to", "@"),
+ ARGPARSE_s_s (oHiddenEncryptTo, "hidden-encrypt-to", "@"),
+ ARGPARSE_s_s (oLocalUser, "local-user",
+ N_("|USER-ID|use USER-ID to sign or decrypt")),
+
+ ARGPARSE_s_i (oCompress, NULL,
+ N_("|N|set compress level to N (0 disables)")),
+ ARGPARSE_s_i (oCompressLevel, "compress-level", "@"),
+ ARGPARSE_s_i (oBZ2CompressLevel, "bzip2-compress-level", "@"),
+ ARGPARSE_s_n (oBZ2DecompressLowmem, "bzip2-decompress-lowmem", "@"),
+
+ ARGPARSE_s_n (oTextmodeShort, NULL, "@"),
+ ARGPARSE_s_n (oTextmode, "textmode", N_("use canonical text mode")),
+ ARGPARSE_s_n (oNoTextmode, "no-textmode", "@"),
+
+ ARGPARSE_s_n (oExpert, "expert", "@"),
+ ARGPARSE_s_n (oNoExpert, "no-expert", "@"),
+
+ ARGPARSE_s_s (oDefSigExpire, "default-sig-expire", "@"),
+ ARGPARSE_s_n (oAskSigExpire, "ask-sig-expire", "@"),
+ ARGPARSE_s_n (oNoAskSigExpire, "no-ask-sig-expire", "@"),
+ ARGPARSE_s_s (oDefCertExpire, "default-cert-expire", "@"),
+ ARGPARSE_s_n (oAskCertExpire, "ask-cert-expire", "@"),
+ ARGPARSE_s_n (oNoAskCertExpire, "no-ask-cert-expire", "@"),
+ ARGPARSE_s_i (oDefCertLevel, "default-cert-level", "@"),
+ ARGPARSE_s_i (oMinCertLevel, "min-cert-level", "@"),
+ ARGPARSE_s_n (oAskCertLevel, "ask-cert-level", "@"),
+ ARGPARSE_s_n (oNoAskCertLevel, "no-ask-cert-level", "@"),
+
+ ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")),
+ ARGPARSE_p_u (oMaxOutput, "max-output", "@"),
+
+ ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
+ ARGPARSE_s_n (oQuiet, "quiet", "@"),
+ ARGPARSE_s_n (oNoTTY, "no-tty", "@"),
+
+ ARGPARSE_s_n (oForceV3Sigs, "force-v3-sigs", "@"),
+ ARGPARSE_s_n (oNoForceV3Sigs, "no-force-v3-sigs", "@"),
+ ARGPARSE_s_n (oForceV4Certs, "force-v4-certs", "@"),
+ ARGPARSE_s_n (oNoForceV4Certs, "no-force-v4-certs", "@"),
+ ARGPARSE_s_n (oForceMDC, "force-mdc", "@"),
+ ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"),
+ ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
+ ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
+
+ ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
+ ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")),
+
+ ARGPARSE_s_n (oUseAgent, "use-agent", "@"),
+ ARGPARSE_s_n (oNoUseAgent, "no-use-agent", "@"),
+ ARGPARSE_s_s (oGpgAgentInfo, "gpg-agent-info", "@"),
+
+ ARGPARSE_s_n (oBatch, "batch", "@"),
+ ARGPARSE_s_n (oAnswerYes, "yes", "@"),
+ ARGPARSE_s_n (oAnswerNo, "no", "@"),
+ ARGPARSE_s_s (oKeyring, "keyring", "@"),
+ ARGPARSE_s_s (oPrimaryKeyring, "primary-keyring", "@"),
+ ARGPARSE_s_s (oSecretKeyring, "secret-keyring", "@"),
+ ARGPARSE_s_n (oShowKeyring, "show-keyring", "@"),
+ ARGPARSE_s_s (oDefaultKey, "default-key", "@"),
+
+ ARGPARSE_s_s (oKeyServer, "keyserver", "@"),
+ ARGPARSE_s_s (oKeyServerOptions, "keyserver-options", "@"),
+ ARGPARSE_s_s (oImportOptions, "import-options", "@"),
+ ARGPARSE_s_s (oExportOptions, "export-options", "@"),
+ ARGPARSE_s_s (oListOptions, "list-options", "@"),
+ ARGPARSE_s_s (oVerifyOptions, "verify-options", "@"),
+
+ ARGPARSE_s_s (oDisplayCharset, "display-charset", "@"),
+ ARGPARSE_s_s (oDisplayCharset, "charset", "@"),
+ ARGPARSE_s_s (oOptions, "options", "@"),
+
+ ARGPARSE_p_u (oDebug, "debug", "@"),
+ ARGPARSE_s_s (oDebugLevel, "debug-level", "@"),
+ ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
+ ARGPARSE_s_i (oStatusFD, "status-fd", "@"),
+ ARGPARSE_s_s (oStatusFile, "status-file", "@"),
+ ARGPARSE_s_i (oAttributeFD, "attribute-fd", "@"),
+ ARGPARSE_s_s (oAttributeFile, "attribute-file", "@"),
+
+ ARGPARSE_s_n (oNoop, "sk-comments", "@"),
+ ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
+
+ ARGPARSE_s_i (oCompletesNeeded, "completes-needed", "@"),
+ ARGPARSE_s_i (oMarginalsNeeded, "marginals-needed", "@"),
+ ARGPARSE_s_i (oMaxCertDepth, "max-cert-depth", "@" ),
+ ARGPARSE_s_s (oTrustedKey, "trusted-key", "@"),
+
+ ARGPARSE_s_s (oLoadExtension, "load-extension", "@"), /* Dummy. */
+
+ ARGPARSE_s_n (oGnuPG, "gnupg", "@"),
+ ARGPARSE_s_n (oGnuPG, "no-pgp2", "@"),
+ ARGPARSE_s_n (oGnuPG, "no-pgp6", "@"),
+ ARGPARSE_s_n (oGnuPG, "no-pgp7", "@"),
+ ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
+ ARGPARSE_s_n (oRFC1991, "rfc1991", "@"),
+ ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
+ ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
+ ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
+ ARGPARSE_s_n (oPGP2, "pgp2", "@"),
+ ARGPARSE_s_n (oPGP6, "pgp6", "@"),
+ ARGPARSE_s_n (oPGP7, "pgp7", "@"),
+ ARGPARSE_s_n (oPGP8, "pgp8", "@"),
+
+ ARGPARSE_s_n (oRFC2440Text, "rfc2440-text", "@"),
+ ARGPARSE_s_n (oNoRFC2440Text, "no-rfc2440-text", "@"),
+ ARGPARSE_s_i (oS2KMode, "s2k-mode", "@"),
+ ARGPARSE_s_s (oS2KDigest, "s2k-digest-algo", "@"),
+ ARGPARSE_s_s (oS2KCipher, "s2k-cipher-algo", "@"),
+ ARGPARSE_s_i (oS2KCount, "s2k-count", "@"),
+ ARGPARSE_s_n (oSimpleSKChecksum, "simple-sk-checksum", "@"),
+ ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
+ ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
+ ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
+ ARGPARSE_s_s (oCompressAlgo,"compress-algo", "@"),
+ ARGPARSE_s_s (oCompressAlgo, "compression-algo", "@"), /* Alias */
+ ARGPARSE_s_n (oThrowKeyids, "throw-keyid", "@"),
+ ARGPARSE_s_n (oThrowKeyids, "throw-keyids", "@"),
+ ARGPARSE_s_n (oNoThrowKeyids, "no-throw-keyid", "@"),
+ ARGPARSE_s_n (oNoThrowKeyids, "no-throw-keyids", "@"),
+ ARGPARSE_s_n (oShowPhotos, "show-photos", "@"),
+ ARGPARSE_s_n (oNoShowPhotos, "no-show-photos", "@"),
+ ARGPARSE_s_s (oPhotoViewer, "photo-viewer", "@"),
+ ARGPARSE_s_s (oSetNotation, "set-notation", "@"),
+ ARGPARSE_s_s (oSetNotation, "notation-data", "@"), /* Alias */
+ ARGPARSE_s_s (oSigNotation, "sig-notation", "@"),
+ ARGPARSE_s_s (oCertNotation, "cert-notation", "@"),
+
+ ARGPARSE_group (302, N_(
+ "@\n(See the man page for a complete listing of all commands and options)\n"
+ )),
+
+ ARGPARSE_group (303, N_("@\nExamples:\n\n"
+ " -se -r Bob [file] sign and encrypt for user Bob\n"
+ " --clearsign [file] make a clear text signature\n"
+ " --detach-sign [file] make a detached signature\n"
+ " --list-keys [names] show keys\n"
+ " --fingerprint [names] show fingerprints\n")),
+
+ /* More hidden commands and options. */
+ ARGPARSE_c (aPrintMDs, "print-mds", "@"), /* old */
+ ARGPARSE_c (aListTrustDB, "list-trustdb", "@"),
+ /* Not yet used:
+ ARGPARSE_c (aListTrustPath, "list-trust-path", "@"), */
+ ARGPARSE_c (aDeleteSecretAndPublicKeys,
+ "delete-secret-and-public-keys", "@"),
+ ARGPARSE_c (aRebuildKeydbCaches, "rebuild-keydb-caches", "@"),
+
+ ARGPARSE_s_s (oPassphrase, "passphrase", "@"),
+ ARGPARSE_s_i (oPassphraseFD, "passphrase-fd", "@"),
+ ARGPARSE_s_s (oPassphraseFile, "passphrase-file", "@"),
+ ARGPARSE_s_i (oPassphraseRepeat,"passphrase-repeat", "@"),
+ ARGPARSE_s_i (oCommandFD, "command-fd", "@"),
+ ARGPARSE_s_s (oCommandFile, "command-file", "@"),
+ ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"),
+ ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
+ ARGPARSE_s_s (oTrustDBName, "trustdb-name", "@"),
+ ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
+ ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"),
+ ARGPARSE_s_n (oNoRequireSecmem, "no-require-secmem", "@"),
+ ARGPARSE_s_n (oNoPermissionWarn, "no-permission-warning", "@"),
+ ARGPARSE_s_n (oNoMDCWarn, "no-mdc-warning", "@"),
+ ARGPARSE_s_n (oNoArmor, "no-armor", "@"),
+ ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
+ ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
+ ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
+ ARGPARSE_s_n (oNoOptions, "no-options", "@"),
+ ARGPARSE_s_s (oHomedir, "homedir", "@"),
+ ARGPARSE_s_n (oNoBatch, "no-batch", "@"),
+ ARGPARSE_s_n (oWithColons, "with-colons", "@"),
+ ARGPARSE_s_n (oWithKeyData,"with-key-data", "@"),
+ ARGPARSE_s_n (oWithSigList,"with-sig-list", "@"),
+ ARGPARSE_s_n (oWithSigCheck,"with-sig-check", "@"),
+ ARGPARSE_s_n (aListKeys, "list-key", "@"), /* alias */
+ ARGPARSE_s_n (aListSigs, "list-sig", "@"), /* alias */
+ ARGPARSE_s_n (aCheckKeys, "check-sig", "@"), /* alias */
+ ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
+ ARGPARSE_s_n (oSkipHiddenRecipients, "skip-hidden-recipients", "@"),
+ ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
+ ARGPARSE_s_n (oCompressKeys, "compress-keys", "@"),
+ ARGPARSE_s_n (oCompressSigs, "compress-sigs", "@"),
+ ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
+ ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"),
+ ARGPARSE_s_s (oTrustModel, "trust-model", "@"),
+ ARGPARSE_s_s (oForceOwnertrust, "force-ownertrust", "@"),
+ ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
+ ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"),
+ ARGPARSE_s_n (oNoForYourEyesOnly, "no-for-your-eyes-only", "@"),
+ ARGPARSE_s_s (oSetPolicyURL, "set-policy-url", "@"),
+ ARGPARSE_s_s (oSigPolicyURL, "sig-policy-url", "@"),
+ ARGPARSE_s_s (oCertPolicyURL, "cert-policy-url", "@"),
+ ARGPARSE_s_n (oShowPolicyURL, "show-policy-url", "@"),
+ ARGPARSE_s_n (oNoShowPolicyURL, "no-show-policy-url", "@"),
+ ARGPARSE_s_s (oSigKeyserverURL, "sig-keyserver-url", "@"),
+ ARGPARSE_s_n (oShowNotation, "show-notation", "@"),
+ ARGPARSE_s_n (oNoShowNotation, "no-show-notation", "@"),
+ ARGPARSE_s_s (oComment, "comment", "@"),
+ ARGPARSE_s_n (oDefaultComment, "default-comment", "@"),
+ ARGPARSE_s_n (oNoComments, "no-comments", "@"),
+ ARGPARSE_s_n (oEmitVersion, "emit-version", "@"),
+ ARGPARSE_s_n (oNoEmitVersion, "no-emit-version", "@"),
+ ARGPARSE_s_n (oNoEmitVersion, "no-version", "@"), /* alias */
+ ARGPARSE_s_n (oNotDashEscaped, "not-dash-escaped", "@"),
+ ARGPARSE_s_n (oEscapeFrom, "escape-from-lines", "@"),
+ ARGPARSE_s_n (oNoEscapeFrom, "no-escape-from-lines", "@"),
+ ARGPARSE_s_n (oLockOnce, "lock-once", "@"),
+ ARGPARSE_s_n (oLockMultiple, "lock-multiple", "@"),
+ ARGPARSE_s_n (oLockNever, "lock-never", "@"),
+ ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
+ ARGPARSE_s_s (oLoggerFile, "log-file", "@"),
+ ARGPARSE_s_s (oLoggerFile, "logger-file", "@"), /* 1.4 compatibility. */
+ ARGPARSE_s_n (oUseEmbeddedFilename, "use-embedded-filename", "@"),
+ ARGPARSE_s_n (oNoUseEmbeddedFilename, "no-use-embedded-filename", "@"),
+ ARGPARSE_s_n (oUtf8Strings, "utf8-strings", "@"),
+ ARGPARSE_s_n (oNoUtf8Strings, "no-utf8-strings", "@"),
+ ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"),
+ ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"),
+ ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"),
+ ARGPARSE_s_n (oAllowNonSelfsignedUID, "allow-non-selfsigned-uid", "@"),
+ ARGPARSE_s_n (oNoAllowNonSelfsignedUID, "no-allow-non-selfsigned-uid", "@"),
+ ARGPARSE_s_n (oAllowFreeformUID, "allow-freeform-uid", "@"),
+ ARGPARSE_s_n (oNoAllowFreeformUID, "no-allow-freeform-uid", "@"),
+ ARGPARSE_s_n (oNoLiteral, "no-literal", "@"),
+ ARGPARSE_p_u (oSetFilesize, "set-filesize", "@"),
+ ARGPARSE_s_n (oHonorHttpProxy, "honor-http-proxy", "@"),
+ ARGPARSE_s_n (oFastListMode, "fast-list-mode", "@"),
+ ARGPARSE_s_n (oFixedListMode, "fixed-list-mode", "@"),
+ ARGPARSE_s_n (oListOnly, "list-only", "@"),
+ ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
+ ARGPARSE_s_n (oIgnoreValidFrom, "ignore-valid-from", "@"),
+ ARGPARSE_s_n (oIgnoreCrcError, "ignore-crc-error", "@"),
+ ARGPARSE_s_n (oIgnoreMDCError, "ignore-mdc-error", "@"),
+ ARGPARSE_s_n (oShowSessionKey, "show-session-key", "@"),
+ ARGPARSE_s_s (oOverrideSessionKey, "override-session-key", "@"),
+ ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"),
+ ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
+ ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
+ ARGPARSE_s_n (oNoSigCache, "no-sig-cache", "@"),
+ ARGPARSE_s_n (oNoSigCreateCheck, "no-sig-create-check", "@"),
+ ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"),
+ ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"),
+ ARGPARSE_s_n (oMergeOnly, "merge-only", "@" ),
+ ARGPARSE_s_n (oAllowSecretKeyImport, "allow-secret-key-import", "@"),
+ ARGPARSE_s_n (oTryAllSecrets, "try-all-secrets", "@"),
+ ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
+ ARGPARSE_s_n (oNoExpensiveTrustChecks, "no-expensive-trust-checks", "@"),
+ ARGPARSE_s_n (oPreservePermissions, "preserve-permissions", "@"),
+ ARGPARSE_s_s (oDefaultPreferenceList, "default-preference-list", "@"),
+ ARGPARSE_s_s (oDefaultKeyserverURL, "default-keyserver-url", "@"),
+ ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-preferences","@"),
+ ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"),
+ ARGPARSE_s_s (oPersonalCompressPreferences,
+ "personal-compress-preferences", "@"),
+
+ /* Aliases. I constantly mistype these, and assume other people do
+ as well. */
+ ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-prefs", "@"),
+ ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-prefs", "@"),
+ ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-prefs", "@"),
+ ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
+ ARGPARSE_s_s (oDisplay, "display", "@"),
+ ARGPARSE_s_s (oTTYname, "ttyname", "@"),
+ ARGPARSE_s_s (oTTYtype, "ttytype", "@"),
+ ARGPARSE_s_s (oLCctype, "lc-ctype", "@"),
+ ARGPARSE_s_s (oLCmessages, "lc-messages","@"),
+ ARGPARSE_s_s (oXauthority, "xauthority", "@"),
+ ARGPARSE_s_s (oGroup, "group", "@"),
+ ARGPARSE_s_s (oUnGroup, "ungroup", "@"),
+ ARGPARSE_s_n (oNoGroups, "no-groups", "@"),
+ ARGPARSE_s_n (oStrict, "strict", "@"),
+ ARGPARSE_s_n (oNoStrict, "no-strict", "@"),
+ ARGPARSE_s_n (oMangleDosFilenames, "mangle-dos-filenames", "@"),
+ ARGPARSE_s_n (oNoMangleDosFilenames, "no-mangle-dos-filenames", "@"),
+ ARGPARSE_s_n (oEnableProgressFilter, "enable-progress-filter", "@"),
+ ARGPARSE_s_n (oMultifile, "multifile", "@"),
+ ARGPARSE_s_s (oKeyidFormat, "keyid-format", "@"),
+ ARGPARSE_s_n (oExitOnStatusWriteError, "exit-on-status-write-error", "@"),
+ ARGPARSE_s_i (oLimitCardInsertTries, "limit-card-insert-tries", "@"),
+
+ ARGPARSE_s_n (oAllowMultisigVerification,
+ "allow-multisig-verification", "@"),
+ ARGPARSE_s_n (oEnableDSA2, "enable-dsa2", "@"),
+ ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
+ ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
+ ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
+
+ /* These two are aliases to help users of the PGP command line
+ product use gpg with minimal pain. Many commands are common
+ already as they seem to have borrowed commands from us. Now I'm
+ returning the favor. */
+ ARGPARSE_s_s (oLocalUser, "sign-with", "@"),
+ ARGPARSE_s_s (oRecipient, "user", "@"),
+
+ ARGPARSE_s_n (oRequireCrossCert, "require-backsigs", "@"),
+ ARGPARSE_s_n (oRequireCrossCert, "require-cross-certification", "@"),
+ ARGPARSE_s_n (oNoRequireCrossCert, "no-require-backsigs", "@"),
+ ARGPARSE_s_n (oNoRequireCrossCert, "no-require-cross-certification", "@"),
+
+ /* New options. Fixme: Should go more to the top. */
+ ARGPARSE_s_s (oAutoKeyLocate, "auto-key-locate", "@"),
+ ARGPARSE_s_n (oNoAutoKeyLocate, "no-auto-key-locate", "@"),
+
+ ARGPARSE_end ()
+};
+
+
+#ifdef ENABLE_SELINUX_HACKS
+#define ALWAYS_ADD_KEYRINGS 1
+#else
+#define ALWAYS_ADD_KEYRINGS 0
+#endif
+
+
+int g10_errors_seen = 0;
+
+static int utf8_strings = 0;
+static int maybe_setuid = 1;
+
+static char *build_list( const char *text, char letter,
+ const char *(*mapf)(int), int (*chkf)(int) );
+static void set_cmd( enum cmd_and_opt_values *ret_cmd,
+ enum cmd_and_opt_values new_cmd );
+static void print_mds( const char *fname, int algo );
+static void add_notation_data( const char *string, int which );
+static void add_policy_url( const char *string, int which );
+static void add_keyserver_url( const char *string, int which );
+static void emergency_cleanup (void);
+
+
+static char *
+make_libversion (const char *libname, const char *(*getfnc)(const char*))
+{
+ const char *s;
+ char *result;
+
+ if (maybe_setuid)
+ {
+ gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ maybe_setuid = 0;
+ }
+ s = getfnc (NULL);
+ result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
+ strcpy (stpcpy (stpcpy (result, libname), " "), s);
+ return result;
+}
+
+
+static const char *
+my_strusage( int level )
+{
+ static char *digests, *pubkeys, *ciphers, *zips, *ver_gcry;
+ const char *p;
+
+ switch( level ) {
+ case 11: p = "gpg (GnuPG)";
+ break;
+ case 13: p = VERSION; break;
+ case 17: p = PRINTABLE_OS_NAME; break;
+ case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+ case 20:
+ if (!ver_gcry)
+ ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
+ p = ver_gcry;
+ break;
+
+#ifdef IS_DEVELOPMENT_VERSION
+ case 25:
+ p="NOTE: THIS IS A DEVELOPMENT VERSION!";
+ break;
+ case 26:
+ p="It is only intended for test purposes and should NOT be";
+ break;
+ case 27:
+ p="used in a production environment or with production keys!";
+ break;
+#endif
+
+ case 1:
+ case 40: p =
+ _("Usage: gpg [options] [files] (-h for help)");
+ break;
+ case 41: p =
+ _("Syntax: gpg [options] [files]\n"
+ "sign, check, encrypt or decrypt\n"
+ "default operation depends on the input data\n");
+ break;
+
+ case 31: p = "\nHome: "; break;
+#ifndef __riscos__
+ case 32: p = opt.homedir; break;
+#else /* __riscos__ */
+ case 32: p = make_filename(opt.homedir, NULL); break;
+#endif /* __riscos__ */
+ case 33: p = _("\nSupported algorithms:\n"); break;
+ case 34:
+ if (!pubkeys)
+ pubkeys = build_list (_("Pubkey: "), 0,
+ gcry_pk_algo_name,
+ openpgp_pk_test_algo );
+ p = pubkeys;
+ break;
+ case 35:
+ if( !ciphers )
+ ciphers = build_list(_("Cipher: "), 'S',
+ openpgp_cipher_algo_name,
+ openpgp_cipher_test_algo );
+ p = ciphers;
+ break;
+ case 36:
+ if( !digests )
+ digests = build_list(_("Hash: "), 'H',
+ gcry_md_algo_name,
+ openpgp_md_test_algo );
+ p = digests;
+ break;
+ case 37:
+ if( !zips )
+ zips = build_list(_("Compression: "),'Z',
+ compress_algo_to_string,
+ check_compress_algo);
+ p = zips;
+ break;
+
+ default: p = NULL;
+ }
+ return p;
+}
+
+
+static char *
+build_list( const char *text, char letter,
+ const char * (*mapf)(int), int (*chkf)(int) )
+{
+ int i;
+ const char *s;
+ size_t n=strlen(text)+2;
+ char *list, *p, *line=NULL;
+
+ if (maybe_setuid)
+ gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+
+ for(i=0; i <= 110; i++ )
+ if( !chkf(i) && (s=mapf(i)) )
+ n += strlen(s) + 7 + 2;
+ list = xmalloc( 21 + n ); *list = 0;
+ for(p=NULL, i=0; i <= 110; i++ ) {
+ if( !chkf(i) && (s=mapf(i)) ) {
+ if( !p ) {
+ p = stpcpy( list, text );
+ line=p;
+ }
+ else
+ p = stpcpy( p, ", ");
+
+ if(strlen(line)>60) {
+ int spaces=strlen(text);
+
+ list=xrealloc(list,n+spaces+1);
+ /* realloc could move the block, so find the end again */
+ p=list;
+ while(*p)
+ p++;
+
+ p=stpcpy(p, "\n");
+ line=p;
+ for(;spaces;spaces--)
+ p=stpcpy(p, " ");
+ }
+
+ p = stpcpy(p, s );
+ if(opt.verbose && letter)
+ {
+ char num[8];
+ sprintf(num," (%c%d)",letter,i);
+ p = stpcpy(p,num);
+ }
+ }
+ }
+ if( p )
+ p = stpcpy(p, "\n" );
+ return list;
+}
+
+
+static void
+wrong_args( const char *text)
+{
+ fputs(_("usage: gpg [options] "),stderr);
+ fputs(text,stderr);
+ putc('\n',stderr);
+ g10_exit(2);
+}
+
+
+static char *
+make_username( const char *string )
+{
+ char *p;
+ if( utf8_strings )
+ p = xstrdup(string);
+ else
+ p = native_to_utf8( string );
+ return p;
+}
+
+
+static void
+set_opt_session_env (const char *name, const char *value)
+{
+ gpg_error_t err;
+
+ err = session_env_setenv (opt.session_env, name, value);
+ if (err)
+ log_fatal ("error setting session environment: %s\n",
+ gpg_strerror (err));
+}
+
+/* Setup the debugging. With a LEVEL of NULL only the active debug
+ flags are propagated to the subsystems. With LEVEL set, a specific
+ set of debug flags is set; thus overriding all flags already
+ set. */
+static void
+set_debug (const char *level)
+{
+ int numok = (level && digitp (level));
+ int numlvl = numok? atoi (level) : 0;
+
+ if (!level)
+ ;
+ else if (!strcmp (level, "none") || (numok && numlvl < 1))
+ opt.debug = 0;
+ else if (!strcmp (level, "basic") || (numok && numlvl <= 2))
+ opt.debug = DBG_MEMSTAT_VALUE;
+ else if (!strcmp (level, "advanced") || (numok && numlvl <= 5))
+ opt.debug = DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE;
+ else if (!strcmp (level, "expert") || (numok && numlvl <= 8))
+ opt.debug = (DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE
+ |DBG_CACHE_VALUE|DBG_FILTER_VALUE|DBG_PACKET_VALUE);
+ else if (!strcmp (level, "guru") || numok)
+ {
+ opt.debug = ~0;
+ /* Unless the "guru" string has been used we don't want to allow
+ hashing debugging. The rationale is that people tend to
+ select the highest debug value and would then clutter their
+ disk with debug files which may reveal confidential data. */
+ if (numok)
+ opt.debug &= ~(DBG_HASHING_VALUE);
+ }
+ else
+ {
+ log_error (_("invalid debug-level `%s' given\n"), level);
+ g10_exit (2);
+ }
+
+ if (opt.debug & DBG_MEMORY_VALUE )
+ memory_debug_mode = 1;
+ if (opt.debug & DBG_MEMSTAT_VALUE )
+ memory_stat_debug_mode = 1;
+ if (opt.debug & DBG_MPI_VALUE)
+ gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
+ if (opt.debug & DBG_CIPHER_VALUE )
+ gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
+ if (opt.debug & DBG_IOBUF_VALUE )
+ iobuf_debug_mode = 1;
+ gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
+
+ if (opt.debug)
+ log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
+ (opt.debug & DBG_PACKET_VALUE )? " packet":"",
+ (opt.debug & DBG_MPI_VALUE )? " mpi":"",
+ (opt.debug & DBG_CIPHER_VALUE )? " cipher":"",
+ (opt.debug & DBG_FILTER_VALUE )? " filter":"",
+ (opt.debug & DBG_IOBUF_VALUE )? " iobuf":"",
+ (opt.debug & DBG_MEMORY_VALUE )? " memory":"",
+ (opt.debug & DBG_CACHE_VALUE )? " cache":"",
+ (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
+ (opt.debug & DBG_TRUST_VALUE )? " trust":"",
+ (opt.debug & DBG_HASHING_VALUE)? " hashing":"",
+ (opt.debug & DBG_EXTPROG_VALUE)? " extprog":"",
+ (opt.debug & DBG_CARD_IO_VALUE)? " cardio":"",
+ (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"");
+}
+
+
+
+/* We need the home directory also in some other directories, so make
+ sure that both variables are always in sync. */
+static void
+set_homedir (const char *dir)
+{
+ if (!dir)
+ dir = "";
+ opt.homedir = dir;
+}
+
+
+/* We set the screen dimensions for UI purposes. Do not allow screens
+ smaller than 80x24 for the sake of simplicity. */
+static void
+set_screen_dimensions(void)
+{
+#ifndef HAVE_W32_SYSTEM
+ char *str;
+
+ str=getenv("COLUMNS");
+ if(str)
+ opt.screen_columns=atoi(str);
+
+ str=getenv("LINES");
+ if(str)
+ opt.screen_lines=atoi(str);
+#endif
+
+ if(opt.screen_columns<80 || opt.screen_columns>255)
+ opt.screen_columns=80;
+
+ if(opt.screen_lines<24 || opt.screen_lines>255)
+ opt.screen_lines=24;
+}
+
+
+/* Helper to open a file FNAME either for reading or writing to be
+ used with --status-file etc functions. Not generally useful but it
+ avoids the riscos specific functions and well some Windows people
+ might like it too. Prints an error message and returns -1 on
+ error. On success the file descriptor is returned. */
+static int
+open_info_file (const char *fname, int for_write, int binary)
+{
+#ifdef __riscos__
+ return riscos_fdopenfile (fname, for_write);
+#elif defined (ENABLE_SELINUX_HACKS)
+ /* We can't allow these even when testing for a secured filename
+ because files to be secured might not yet been secured. This is
+ similar to the option file but in that case it is unlikely that
+ sensitive information may be retrieved by means of error
+ messages. */
+ (void)fname;
+ (void)for_write;
+ (void)binary;
+ return -1;
+#else
+ int fd;
+
+ if (binary)
+ binary = MY_O_BINARY;
+
+/* if (is_secured_filename (fname)) */
+/* { */
+/* fd = -1; */
+/* errno = EPERM; */
+/* } */
+/* else */
+/* { */
+ do
+ {
+ if (for_write)
+ fd = open (fname, O_CREAT | O_TRUNC | O_WRONLY | binary,
+ S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
+ else
+ fd = open (fname, O_RDONLY | binary);
+ }
+ while (fd == -1 && errno == EINTR);
+/* } */
+ if ( fd == -1)
+ log_error ( for_write? _("can't create `%s': %s\n")
+ : _("can't open `%s': %s\n"), fname, strerror(errno));
+
+ return fd;
+#endif
+}
+
+static void
+set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd )
+{
+ enum cmd_and_opt_values cmd = *ret_cmd;
+
+ if( !cmd || cmd == new_cmd )
+ cmd = new_cmd;
+ else if( cmd == aSign && new_cmd == aEncr )
+ cmd = aSignEncr;
+ else if( cmd == aEncr && new_cmd == aSign )
+ cmd = aSignEncr;
+ else if( cmd == aSign && new_cmd == aSym )
+ cmd = aSignSym;
+ else if( cmd == aSym && new_cmd == aSign )
+ cmd = aSignSym;
+ else if( cmd == aSym && new_cmd == aEncr )
+ cmd = aEncrSym;
+ else if( cmd == aEncr && new_cmd == aSym )
+ cmd = aEncrSym;
+ else if (cmd == aSignEncr && new_cmd == aSym)
+ cmd = aSignEncrSym;
+ else if (cmd == aSignSym && new_cmd == aEncr)
+ cmd = aSignEncrSym;
+ else if (cmd == aEncrSym && new_cmd == aSign)
+ cmd = aSignEncrSym;
+ else if( ( cmd == aSign && new_cmd == aClearsign )
+ || ( cmd == aClearsign && new_cmd == aSign ) )
+ cmd = aClearsign;
+ else {
+ log_error(_("conflicting commands\n"));
+ g10_exit(2);
+ }
+
+ *ret_cmd = cmd;
+}
+
+
+static void
+add_group(char *string)
+{
+ char *name,*value;
+ struct groupitem *item;
+
+ /* Break off the group name */
+ name=strsep(&string,"=");
+ if(string==NULL)
+ {
+ log_error(_("no = sign found in group definition `%s'\n"),name);
+ return;
+ }
+
+ trim_trailing_ws(name,strlen(name));
+
+ /* Does this group already exist? */
+ for(item=opt.grouplist;item;item=item->next)
+ if(strcasecmp(item->name,name)==0)
+ break;
+
+ if(!item)
+ {
+ item=xmalloc(sizeof(struct groupitem));
+ item->name=name;
+ item->next=opt.grouplist;
+ item->values=NULL;
+ opt.grouplist=item;
+ }
+
+ /* Break apart the values */
+ while ((value= strsep(&string," \t")))
+ {
+ if (*value)
+ add_to_strlist2(&item->values,value,utf8_strings);
+ }
+}
+
+
+static void
+rm_group(char *name)
+{
+ struct groupitem *item,*last=NULL;
+
+ trim_trailing_ws(name,strlen(name));
+
+ for(item=opt.grouplist;item;last=item,item=item->next)
+ {
+ if(strcasecmp(item->name,name)==0)
+ {
+ if(last)
+ last->next=item->next;
+ else
+ opt.grouplist=item->next;
+
+ free_strlist(item->values);
+ xfree(item);
+ break;
+ }
+ }
+}
+
+
+/* We need to check three things.
+
+ 0) The homedir. It must be x00, a directory, and owned by the
+ user.
+
+ 1) The options/gpg.conf file. Okay unless it or its containing
+ directory is group or other writable or not owned by us. Disable
+ exec in this case.
+
+ 2) Extensions. Same as #1.
+
+ Returns true if the item is unsafe. */
+static int
+check_permissions(const char *path,int item)
+{
+#if defined(HAVE_STAT) && !defined(HAVE_DOSISH_SYSTEM)
+ static int homedir_cache=-1;
+ char *tmppath,*dir;
+ struct stat statbuf,dirbuf;
+ int homedir=0,ret=0,checkonly=0;
+ int perm=0,own=0,enc_dir_perm=0,enc_dir_own=0;
+
+ if(opt.no_perm_warn)
+ return 0;
+
+ assert(item==0 || item==1 || item==2);
+
+ /* extensions may attach a path */
+ if(item==2 && path[0]!=DIRSEP_C)
+ {
+ if(strchr(path,DIRSEP_C))
+ tmppath=make_filename(path,NULL);
+ else
+ tmppath=make_filename(gnupg_libdir (),path,NULL);
+ }
+ else
+ tmppath=xstrdup(path);
+
+ /* If the item is located in the homedir, but isn't the homedir,
+ don't continue if we already checked the homedir itself. This is
+ to avoid user confusion with an extra options file warning which
+ could be rectified if the homedir itself had proper
+ permissions. */
+ if(item!=0 && homedir_cache>-1
+ && ascii_strncasecmp(opt.homedir,tmppath,strlen(opt.homedir))==0)
+ {
+ ret=homedir_cache;
+ goto end;
+ }
+
+ /* It's okay if the file or directory doesn't exist */
+ if(stat(tmppath,&statbuf)!=0)
+ {
+ ret=0;
+ goto end;
+ }
+
+ /* Now check the enclosing directory. Theoretically, we could walk
+ this test up to the root directory /, but for the sake of sanity,
+ I'm stopping at one level down. */
+ dir=make_dirname(tmppath);
+
+ if(stat(dir,&dirbuf)!=0 || !S_ISDIR(dirbuf.st_mode))
+ {
+ /* Weird error */
+ ret=1;
+ goto end;
+ }
+
+ xfree(dir);
+
+ /* Assume failure */
+ ret=1;
+
+ if(item==0)
+ {
+ /* The homedir must be x00, a directory, and owned by the user. */
+
+ if(S_ISDIR(statbuf.st_mode))
+ {
+ if(statbuf.st_uid==getuid())
+ {
+ if((statbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
+ ret=0;
+ else
+ perm=1;
+ }
+ else
+ own=1;
+
+ homedir_cache=ret;
+ }
+ }
+ else if(item==1 || item==2)
+ {
+ /* The options or extension file. Okay unless it or its
+ containing directory is group or other writable or not owned
+ by us or root. */
+
+ if(S_ISREG(statbuf.st_mode))
+ {
+ if(statbuf.st_uid==getuid() || statbuf.st_uid==0)
+ {
+ if((statbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
+ {
+ /* it's not writable, so make sure the enclosing
+ directory is also not writable */
+ if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
+ {
+ if((dirbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
+ ret=0;
+ else
+ enc_dir_perm=1;
+ }
+ else
+ enc_dir_own=1;
+ }
+ else
+ {
+ /* it's writable, so the enclosing directory had
+ better not let people get to it. */
+ if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
+ {
+ if((dirbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
+ ret=0;
+ else
+ perm=enc_dir_perm=1; /* unclear which one to fix! */
+ }
+ else
+ enc_dir_own=1;
+ }
+ }
+ else
+ own=1;
+ }
+ }
+ else
+ BUG();
+
+ if(!checkonly)
+ {
+ if(own)
+ {
+ if(item==0)
+ log_info(_("WARNING: unsafe ownership on"
+ " homedir `%s'\n"),tmppath);
+ else if(item==1)
+ log_info(_("WARNING: unsafe ownership on"
+ " configuration file `%s'\n"),tmppath);
+ else
+ log_info(_("WARNING: unsafe ownership on"
+ " extension `%s'\n"),tmppath);
+ }
+ if(perm)
+ {
+ if(item==0)
+ log_info(_("WARNING: unsafe permissions on"
+ " homedir `%s'\n"),tmppath);
+ else if(item==1)
+ log_info(_("WARNING: unsafe permissions on"
+ " configuration file `%s'\n"),tmppath);
+ else
+ log_info(_("WARNING: unsafe permissions on"
+ " extension `%s'\n"),tmppath);
+ }
+ if(enc_dir_own)
+ {
+ if(item==0)
+ log_info(_("WARNING: unsafe enclosing directory ownership on"
+ " homedir `%s'\n"),tmppath);
+ else if(item==1)
+ log_info(_("WARNING: unsafe enclosing directory ownership on"
+ " configuration file `%s'\n"),tmppath);
+ else
+ log_info(_("WARNING: unsafe enclosing directory ownership on"
+ " extension `%s'\n"),tmppath);
+ }
+ if(enc_dir_perm)
+ {
+ if(item==0)
+ log_info(_("WARNING: unsafe enclosing directory permissions on"
+ " homedir `%s'\n"),tmppath);
+ else if(item==1)
+ log_info(_("WARNING: unsafe enclosing directory permissions on"
+ " configuration file `%s'\n"),tmppath);
+ else
+ log_info(_("WARNING: unsafe enclosing directory permissions on"
+ " extension `%s'\n"),tmppath);
+ }
+ }
+
+ end:
+ xfree(tmppath);
+
+ if(homedir)
+ homedir_cache=ret;
+
+ return ret;
+
+#endif /* HAVE_STAT && !HAVE_DOSISH_SYSTEM */
+
+ return 0;
+}
+
+
+/* Print the OpenPGP defined algo numbers. */
+static void
+print_algo_numbers(int (*checker)(int))
+{
+ int i,first=1;
+
+ for(i=0;i<=110;i++)
+ {
+ if(!checker(i))
+ {
+ if(first)
+ first=0;
+ else
+ printf(";");
+ printf("%d",i);
+ }
+ }
+}
+
+
+static void
+print_algo_names(int (*checker)(int),const char *(*mapper)(int))
+{
+ int i,first=1;
+
+ for(i=0;i<=110;i++)
+ {
+ if(!checker(i))
+ {
+ if(first)
+ first=0;
+ else
+ printf(";");
+ printf("%s",mapper(i));
+ }
+ }
+}
+
+/* In the future, we can do all sorts of interesting configuration
+ output here. For now, just give "group" as the Enigmail folks need
+ it, and pubkey, cipher, hash, and compress as they may be useful
+ for frontends. */
+static void
+list_config(char *items)
+{
+ int show_all=(items==NULL);
+ char *name=NULL;
+
+ if(!opt.with_colons)
+ return;
+
+ while(show_all || (name=strsep(&items," ")))
+ {
+ int any=0;
+
+ if(show_all || ascii_strcasecmp(name,"group")==0)
+ {
+ struct groupitem *iter;
+
+ for(iter=opt.grouplist;iter;iter=iter->next)
+ {
+ strlist_t sl;
+
+ printf("cfg:group:");
+ print_string(stdout,iter->name,strlen(iter->name),':');
+ printf(":");
+
+ for(sl=iter->values;sl;sl=sl->next)
+ {
+ print_sanitized_string2 (stdout, sl->d, ':',';');
+ if(sl->next)
+ printf(";");
+ }
+
+ printf("\n");
+ }
+
+ any=1;
+ }
+
+ if(show_all || ascii_strcasecmp(name,"version")==0)
+ {
+ printf("cfg:version:");
+ print_string(stdout,VERSION,strlen(VERSION),':');
+ printf("\n");
+ any=1;
+ }
+
+ if(show_all || ascii_strcasecmp(name,"pubkey")==0)
+ {
+ printf("cfg:pubkey:");
+ print_algo_numbers (openpgp_pk_test_algo);
+ printf("\n");
+ any=1;
+ }
+
+ if(show_all || ascii_strcasecmp(name,"cipher")==0)
+ {
+ printf("cfg:cipher:");
+ print_algo_numbers(openpgp_cipher_test_algo);
+ printf("\n");
+ any=1;
+ }
+
+ if (show_all || !ascii_strcasecmp (name,"ciphername"))
+ {
+ printf ("cfg:ciphername:");
+ print_algo_names (openpgp_cipher_test_algo,openpgp_cipher_algo_name);
+ printf ("\n");
+ any = 1;
+ }
+
+ if(show_all
+ || ascii_strcasecmp(name,"digest")==0
+ || ascii_strcasecmp(name,"hash")==0)
+ {
+ printf("cfg:digest:");
+ print_algo_numbers(openpgp_md_test_algo);
+ printf("\n");
+ any=1;
+ }
+
+ if (show_all
+ || !ascii_strcasecmp(name,"digestname")
+ || !ascii_strcasecmp(name,"hashname"))
+ {
+ printf ("cfg:digestname:");
+ print_algo_names (openpgp_md_test_algo, gcry_md_algo_name);
+ printf("\n");
+ any=1;
+ }
+
+ if(show_all || ascii_strcasecmp(name,"compress")==0)
+ {
+ printf("cfg:compress:");
+ print_algo_numbers(check_compress_algo);
+ printf("\n");
+ any=1;
+ }
+
+ if(show_all || ascii_strcasecmp(name,"ccid-reader-id")==0)
+ {
+#if defined(ENABLE_CARD_SUPPORT) && defined(HAVE_LIBUSB) \
+ && GNUPG_MAJOR_VERSION == 1
+
+ char *p, *p2, *list = ccid_get_reader_list ();
+
+ for (p=list; p && (p2 = strchr (p, '\n')); p = p2+1)
+ {
+ *p2 = 0;
+ printf("cfg:ccid-reader-id:%s\n", p);
+ }
+ free (list);
+#endif
+ any=1;
+ }
+
+ if(show_all)
+ break;
+
+ if(!any)
+ log_error(_("unknown configuration item `%s'\n"),name);
+ }
+}
+
+
+/* List options and default values in the GPG Conf format. This is a
+ new tool distributed with gnupg 1.9.x but we also want some limited
+ support in older gpg versions. The output is the name of the
+ configuration file and a list of options available for editing by
+ gpgconf. */
+static void
+gpgconf_list (const char *configfile)
+{
+ char *configfile_esc = percent_escape (configfile, NULL);
+
+ printf ("gpgconf-gpg.conf:%lu:\"%s\n",
+ GC_OPT_FLAG_DEFAULT, configfile_esc ? configfile_esc : "/dev/null");
+ printf ("verbose:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("quiet:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("default-key:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("auto-key-locate:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("log-file:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
+ printf ("group:%lu:\n", GC_OPT_FLAG_NONE);
+
+ /* The next one is an info only item and should match the macros at
+ the top of keygen.c. */
+ printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
+ "RSA-2048");
+
+ xfree (configfile_esc);
+}
+
+
+static int
+parse_subpacket_list(char *list)
+{
+ char *tok;
+ byte subpackets[128],i;
+ int count=0;
+
+ if(!list)
+ {
+ /* No arguments means all subpackets */
+ memset(subpackets+1,1,sizeof(subpackets)-1);
+ count=127;
+ }
+ else
+ {
+ memset(subpackets,0,sizeof(subpackets));
+
+ /* Merge with earlier copy */
+ if(opt.show_subpackets)
+ {
+ byte *in;
+
+ for(in=opt.show_subpackets;*in;in++)
+ {
+ if(*in>127 || *in<1)
+ BUG();
+
+ if(!subpackets[*in])
+ count++;
+ subpackets[*in]=1;
+ }
+ }
+
+ while((tok=strsep(&list," ,")))
+ {
+ if(!*tok)
+ continue;
+
+ i=atoi(tok);
+ if(i>127 || i<1)
+ return 0;
+
+ if(!subpackets[i])
+ count++;
+ subpackets[i]=1;
+ }
+ }
+
+ xfree(opt.show_subpackets);
+ opt.show_subpackets=xmalloc(count+1);
+ opt.show_subpackets[count--]=0;
+
+ for(i=1;i<128 && count>=0;i++)
+ if(subpackets[i])
+ opt.show_subpackets[count--]=i;
+
+ return 1;
+}
+
+
+static int
+parse_list_options(char *str)
+{
+ char *subpackets=""; /* something that isn't NULL */
+ struct parse_options lopts[]=
+ {
+ {"show-photos",LIST_SHOW_PHOTOS,NULL,
+ N_("display photo IDs during key listings")},
+ {"show-policy-urls",LIST_SHOW_POLICY_URLS,NULL,
+ N_("show policy URLs during signature listings")},
+ {"show-notations",LIST_SHOW_NOTATIONS,NULL,
+ N_("show all notations during signature listings")},
+ {"show-std-notations",LIST_SHOW_STD_NOTATIONS,NULL,
+ N_("show IETF standard notations during signature listings")},
+ {"show-standard-notations",LIST_SHOW_STD_NOTATIONS,NULL,
+ NULL},
+ {"show-user-notations",LIST_SHOW_USER_NOTATIONS,NULL,
+ N_("show user-supplied notations during signature listings")},
+ {"show-keyserver-urls",LIST_SHOW_KEYSERVER_URLS,NULL,
+ N_("show preferred keyserver URLs during signature listings")},
+ {"show-uid-validity",LIST_SHOW_UID_VALIDITY,NULL,
+ N_("show user ID validity during key listings")},
+ {"show-unusable-uids",LIST_SHOW_UNUSABLE_UIDS,NULL,
+ N_("show revoked and expired user IDs in key listings")},
+ {"show-unusable-subkeys",LIST_SHOW_UNUSABLE_SUBKEYS,NULL,
+ N_("show revoked and expired subkeys in key listings")},
+ {"show-keyring",LIST_SHOW_KEYRING,NULL,
+ N_("show the keyring name in key listings")},
+ {"show-sig-expire",LIST_SHOW_SIG_EXPIRE,NULL,
+ N_("show expiration dates during signature listings")},
+ {"show-sig-subpackets",LIST_SHOW_SIG_SUBPACKETS,NULL,
+ NULL},
+ {NULL,0,NULL,NULL}
+ };
+
+ /* C99 allows for non-constant initializers, but we'd like to
+ compile everywhere, so fill in the show-sig-subpackets argument
+ here. Note that if the parse_options array changes, we'll have
+ to change the subscript here. */
+ lopts[12].value=&subpackets;
+
+ if(parse_options(str,&opt.list_options,lopts,1))
+ {
+ if(opt.list_options&LIST_SHOW_SIG_SUBPACKETS)
+ {
+ /* Unset so users can pass multiple lists in. */
+ opt.list_options&=~LIST_SHOW_SIG_SUBPACKETS;
+ if(!parse_subpacket_list(subpackets))
+ return 0;
+ }
+ else if(subpackets==NULL && opt.show_subpackets)
+ {
+ /* User did 'no-show-subpackets' */
+ xfree(opt.show_subpackets);
+ opt.show_subpackets=NULL;
+ }
+
+ return 1;
+ }
+ else
+ return 0;
+}
+
+
+/* Collapses argc/argv into a single string that must be freed */
+static char *
+collapse_args(int argc,char *argv[])
+{
+ char *str=NULL;
+ int i,first=1,len=0;
+
+ for(i=0;i<argc;i++)
+ {
+ len+=strlen(argv[i])+2;
+ str=xrealloc(str,len);
+ if(first)
+ {
+ str[0]='\0';
+ first=0;
+ }
+ else
+ strcat(str," ");
+
+ strcat(str,argv[i]);
+ }
+
+ return str;
+}
+
+static void
+parse_trust_model(const char *model)
+{
+ if(ascii_strcasecmp(model,"pgp")==0)
+ opt.trust_model=TM_PGP;
+ else if(ascii_strcasecmp(model,"classic")==0)
+ opt.trust_model=TM_CLASSIC;
+ else if(ascii_strcasecmp(model,"always")==0)
+ opt.trust_model=TM_ALWAYS;
+ else if(ascii_strcasecmp(model,"direct")==0)
+ opt.trust_model=TM_DIRECT;
+ else if(ascii_strcasecmp(model,"auto")==0)
+ opt.trust_model=TM_AUTO;
+ else
+ log_error("unknown trust model `%s'\n",model);
+}
+
+
+/* This fucntion called to initialized a new control object. It is
+ assumed that this object has been zeroed out before calling this
+ function. */
+static void
+gpg_init_default_ctrl (ctrl_t ctrl)
+{
+ (void)ctrl;
+}
+
+
+/* This function is called to deinitialize a control object. It is
+ not deallocated. */
+static void
+gpg_deinit_default_ctrl (ctrl_t ctrl)
+{
+ (void)ctrl;
+}
+
+
+char *
+get_default_configname (void)
+{
+ char *configname = NULL;
+ char *name = xstrdup ("gpg" EXTSEP_S "conf-" SAFE_VERSION);
+ char *ver = &name[strlen ("gpg" EXTSEP_S "conf-")];
+
+ do
+ {
+ if (configname)
+ {
+ char *tok;
+
+ xfree (configname);
+ configname = NULL;
+
+ if ((tok = strrchr (ver, SAFE_VERSION_DASH)))
+ *tok='\0';
+ else if ((tok = strrchr (ver, SAFE_VERSION_DOT)))
+ *tok='\0';
+ else
+ break;
+ }
+
+ configname = make_filename (opt.homedir, name, NULL);
+ }
+ while (access (configname, R_OK));
+
+ xfree(name);
+
+ if (! configname)
+ configname = make_filename (opt.homedir, "gpg" EXTSEP_S "conf", NULL);
+ if (! access (configname, R_OK))
+ {
+ /* Print a warning when both config files are present. */
+ char *p = make_filename (opt.homedir, "options", NULL);
+ if (! access (p, R_OK))
+ log_info (_("NOTE: old default options file `%s' ignored\n"), p);
+ xfree (p);
+ }
+ else
+ {
+ /* Use the old default only if it exists. */
+ char *p = make_filename (opt.homedir, "options", NULL);
+ if (!access (p, R_OK))
+ {
+ xfree (configname);
+ configname = p;
+ }
+ else
+ xfree (p);
+ }
+
+ return configname;
+}
+
+
+int
+main (int argc, char **argv)
+{
+ ARGPARSE_ARGS pargs;
+ IOBUF a;
+ int rc=0;
+ int orig_argc;
+ char **orig_argv;
+ const char *fname;
+ char *username;
+ int may_coredump;
+ strlist_t sl, remusr= NULL, locusr=NULL;
+ strlist_t nrings=NULL, sec_nrings=NULL;
+ armor_filter_context_t *afx = NULL;
+ int detached_sig = 0;
+ FILE *configfp = NULL;
+ char *configname = NULL;
+ char *save_configname = NULL;
+ char *default_configname = NULL;
+ unsigned configlineno;
+ int parse_debug = 0;
+ int default_config = 1;
+ int default_keyring = 1;
+ int greeting = 0;
+ int nogreeting = 0;
+ char *logfile = NULL;
+ int use_random_seed = 1;
+ enum cmd_and_opt_values cmd = 0;
+ const char *debug_level = NULL;
+ const char *trustdb_name = NULL;
+ char *def_cipher_string = NULL;
+ char *def_digest_string = NULL;
+ char *compress_algo_string = NULL;
+ char *cert_digest_string = NULL;
+ char *s2k_cipher_string = NULL;
+ char *s2k_digest_string = NULL;
+ char *pers_cipher_list = NULL;
+ char *pers_digest_list = NULL;
+ char *pers_compress_list = NULL;
+ int eyes_only=0;
+ int multifile=0;
+ int pwfd = -1;
+ int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
+ int any_explicit_recipient = 0;
+ int require_secmem=0,got_secmem=0;
+ struct assuan_malloc_hooks malloc_hooks;
+
+#ifdef __riscos__
+ opt.lock_once = 1;
+#endif /* __riscos__ */
+
+
+ /* Please note that we may running SUID(ROOT), so be very CAREFUL
+ when adding any stuff between here and the call to
+ secmem_init() somewhere after the option parsing. */
+ gnupg_reopen_std ("gpg");
+ trap_unaligned ();
+ gnupg_rl_initialize ();
+ set_strusage (my_strusage);
+ gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
+ /* We don't need any locking in libgcrypt unless we use any kind of
+ threading. */
+ gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING);
+ log_set_prefix ("gpg", 1);
+
+ /* Make sure that our subsystems are ready. */
+ i18n_init();
+ init_common_subsystems ();
+
+ /* Check that the libraries are suitable. Do it right here because the
+ option parsing may need services of the library. */
+ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
+ {
+ log_fatal ( _("libgcrypt is too old (need %s, have %s)\n"),
+ NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
+ }
+
+ /* Put random number into secure memory */
+ gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
+
+ may_coredump = disable_core_dumps();
+
+ gnupg_init_signals (0, emergency_cleanup);
+
+ create_dotlock(NULL); /* Register locking cleanup. */
+
+ opt.session_env = session_env_new ();
+ if (!opt.session_env)
+ log_fatal ("error allocating session environment block: %s\n",
+ strerror (errno));
+
+ opt.command_fd = -1; /* no command fd */
+ opt.compress_level = -1; /* defaults to standard compress level */
+ opt.bz2_compress_level = -1; /* defaults to standard compress level */
+ /* note: if you change these lines, look at oOpenPGP */
+ opt.def_cipher_algo = 0;
+ opt.def_digest_algo = 0;
+ opt.cert_digest_algo = 0;
+ opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
+ opt.s2k_mode = 3; /* iterated+salted */
+ opt.s2k_count = 0; /* Auto-calibrate when needed. */
+ opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
+ opt.completes_needed = 1;
+ opt.marginals_needed = 3;
+ opt.max_cert_depth = 5;
+ opt.pgp2_workarounds = 1;
+ opt.escape_from = 1;
+ opt.flags.require_cross_cert = 1;
+ opt.import_options=IMPORT_SK2PK;
+ opt.export_options=EXPORT_ATTRIBUTES;
+ opt.keyserver_options.import_options=IMPORT_REPAIR_PKS_SUBKEY_BUG;
+ opt.keyserver_options.export_options=EXPORT_ATTRIBUTES;
+ opt.keyserver_options.options=
+ KEYSERVER_HONOR_KEYSERVER_URL|KEYSERVER_HONOR_PKA_RECORD;
+ opt.verify_options=
+ VERIFY_SHOW_POLICY_URLS|VERIFY_SHOW_STD_NOTATIONS|VERIFY_SHOW_KEYSERVER_URLS;
+ opt.trust_model=TM_AUTO;
+ opt.mangle_dos_filenames=0;
+ opt.min_cert_level=2;
+ set_screen_dimensions();
+ opt.keyid_format=KF_SHORT;
+ opt.def_sig_expire="0";
+ opt.def_cert_expire="0";
+ set_homedir ( default_homedir () );
+ opt.passphrase_repeat=1;
+
+ /* Check whether we have a config file on the command line. */
+ orig_argc = argc;
+ orig_argv = argv;
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags= 1|(1<<6); /* do not remove the args, ignore version */
+ while( arg_parse( &pargs, opts) ) {
+ if( pargs.r_opt == oDebug || pargs.r_opt == oDebugAll )
+ parse_debug++;
+ else if( pargs.r_opt == oOptions ) {
+ /* yes there is one, so we do not try the default one, but
+ * read the option file when it is encountered at the commandline
+ */
+ default_config = 0;
+ }
+ else if( pargs.r_opt == oNoOptions )
+ {
+ default_config = 0; /* --no-options */
+ opt.no_homedir_creation = 1;
+ }
+ else if( pargs.r_opt == oHomedir )
+ set_homedir ( pargs.r.ret_str );
+ else if( pargs.r_opt == oNoPermissionWarn )
+ opt.no_perm_warn=1;
+ else if (pargs.r_opt == oStrict )
+ {
+ /* Not used */
+ }
+ else if (pargs.r_opt == oNoStrict )
+ {
+ /* Not used */
+ }
+ }
+
+#ifdef HAVE_DOSISH_SYSTEM
+ if ( strchr (opt.homedir,'\\') ) {
+ char *d, *buf = xmalloc (strlen (opt.homedir)+1);
+ const char *s = opt.homedir;
+ for (d=buf,s=opt.homedir; *s; s++)
+ {
+ *d++ = *s == '\\'? '/': *s;
+#ifdef HAVE_W32_SYSTEM
+ if (s[1] && IsDBCSLeadByte (*s))
+ *d++ = *++s;
+#endif
+ }
+ *d = 0;
+ set_homedir (buf);
+ }
+#endif
+
+ /* Initialize the secure memory. */
+ if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0))
+ got_secmem = 1;
+#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
+ /* There should be no way to get to this spot while still carrying
+ setuid privs. Just in case, bomb out if we are. */
+ if ( getuid () != geteuid () )
+ BUG ();
+#endif
+ maybe_setuid = 0;
+
+ /* Okay, we are now working under our real uid */
+
+ /* malloc hooks go here ... */
+ malloc_hooks.malloc = gcry_malloc;
+ malloc_hooks.realloc = gcry_realloc;
+ malloc_hooks.free = gcry_free;
+ assuan_set_malloc_hooks (&malloc_hooks);
+ assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
+
+
+ /* Try for a version specific config file first */
+ default_configname = get_default_configname ();
+ if (default_config)
+ configname = xstrdup (default_configname);
+
+ argc = orig_argc;
+ argv = orig_argv;
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags= 1; /* do not remove the args */
+
+ /* By this point we have a homedir, and cannot change it. */
+ check_permissions(opt.homedir,0);
+
+ next_pass:
+ if( configname ) {
+ if(check_permissions(configname,1))
+ {
+ /* If any options file is unsafe, then disable any external
+ programs for keyserver calls or photo IDs. Since the
+ external program to call is set in the options file, a
+ unsafe options file can lead to an arbitrary program
+ being run. */
+
+ opt.exec_disable=1;
+ }
+
+ configlineno = 0;
+ configfp = fopen( configname, "r" );
+ if (configfp && is_secured_file (fileno (configfp)))
+ {
+ fclose (configfp);
+ configfp = NULL;
+ errno = EPERM;
+ }
+ if( !configfp ) {
+ if( default_config ) {
+ if( parse_debug )
+ log_info(_("NOTE: no default option file `%s'\n"),
+ configname );
+ }
+ else {
+ log_error(_("option file `%s': %s\n"),
+ configname, strerror(errno) );
+ g10_exit(2);
+ }
+ xfree(configname); configname = NULL;
+ }
+ if( parse_debug && configname )
+ log_info(_("reading options from `%s'\n"), configname );
+ default_config = 0;
+ }
+
+ while( optfile_parse( configfp, configname, &configlineno,
+ &pargs, opts) )
+ {
+ switch( pargs.r_opt )
+ {
+ case aCheckKeys:
+ case aListConfig:
+ case aGPGConfList:
+ case aGPGConfTest:
+ case aListPackets:
+ case aImport:
+ case aFastImport:
+ case aSendKeys:
+ case aRecvKeys:
+ case aSearchKeys:
+ case aRefreshKeys:
+ case aFetchKeys:
+ case aExport:
+#ifdef ENABLE_CARD_SUPPORT
+ case aCardStatus:
+ case aCardEdit:
+ case aChangePIN:
+#endif /* ENABLE_CARD_SUPPORT*/
+ case aListKeys:
+ case aLocateKeys:
+ case aListSigs:
+ case aExportSecret:
+ case aExportSecretSub:
+ case aSym:
+ case aClearsign:
+ case aGenRevoke:
+ case aDesigRevoke:
+ case aPrimegen:
+ case aGenRandom:
+ case aPrintMD:
+ case aPrintMDs:
+ case aListTrustDB:
+ case aCheckTrustDB:
+ case aUpdateTrustDB:
+ case aFixTrustDB:
+ case aListTrustPath:
+ case aDeArmor:
+ case aEnArmor:
+ case aSign:
+ case aSignKey:
+ case aLSignKey:
+ case aStore:
+ case aExportOwnerTrust:
+ case aImportOwnerTrust:
+ case aRebuildKeydbCaches:
+ set_cmd (&cmd, pargs.r_opt);
+ break;
+
+ case aKeygen:
+ case aEditKey:
+ case aDeleteSecretKeys:
+ case aDeleteSecretAndPublicKeys:
+ case aDeleteKeys:
+ case aPasswd:
+ set_cmd (&cmd, pargs.r_opt);
+ greeting=1;
+ break;
+
+ case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break;
+
+ case aDecryptFiles: multifile=1; /* fall through */
+ case aDecrypt: set_cmd( &cmd, aDecrypt); break;
+
+ case aEncrFiles: multifile=1; /* fall through */
+ case aEncr: set_cmd( &cmd, aEncr); break;
+
+ case aVerifyFiles: multifile=1; /* fall through */
+ case aVerify: set_cmd( &cmd, aVerify); break;
+
+ case aServer:
+ set_cmd (&cmd, pargs.r_opt);
+ opt.batch = 1;
+ break;
+
+ case oArmor: opt.armor = 1; opt.no_armor=0; break;
+ case oOutput: opt.outfile = pargs.r.ret_str; break;
+ case oMaxOutput: opt.max_output = pargs.r.ret_ulong; break;
+ case oQuiet: opt.quiet = 1; break;
+ case oNoTTY: tty_no_terminal(1); break;
+ case oDryRun: opt.dry_run = 1; break;
+ case oInteractive: opt.interactive = 1; break;
+ case oVerbose:
+ opt.verbose++;
+ gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
+ opt.list_options|=LIST_SHOW_UNUSABLE_UIDS;
+ opt.list_options|=LIST_SHOW_UNUSABLE_SUBKEYS;
+ break;
+
+ case oBatch:
+ opt.batch = 1;
+ nogreeting = 1;
+ break;
+
+ case oUseAgent: /* Dummy. */
+ break;
+ case oNoUseAgent:
+ obsolete_option (configname, configlineno, "--no-use-agent");
+ break;
+ case oGpgAgentInfo:
+ obsolete_option (configname, configlineno, "--gpg-agent-info");
+ break;
+
+ case oAnswerYes: opt.answer_yes = 1; break;
+ case oAnswerNo: opt.answer_no = 1; break;
+ case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
+ case oPrimaryKeyring:
+ sl=append_to_strlist( &nrings, pargs.r.ret_str);
+ sl->flags=2;
+ break;
+ case oShowKeyring:
+ deprecated_warning(configname,configlineno,"--show-keyring",
+ "--list-options ","show-keyring");
+ opt.list_options|=LIST_SHOW_KEYRING;
+ break;
+
+ case oDebug: opt.debug |= pargs.r.ret_ulong; break;
+ case oDebugAll: opt.debug = ~0; break;
+ case oDebugLevel: debug_level = pargs.r.ret_str; break;
+
+ case oStatusFD:
+ set_status_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
+ break;
+ case oStatusFile:
+ set_status_fd ( open_info_file (pargs.r.ret_str, 1, 0) );
+ break;
+ case oAttributeFD:
+ set_attrib_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
+ break;
+ case oAttributeFile:
+ set_attrib_fd ( open_info_file (pargs.r.ret_str, 1, 1) );
+ break;
+ case oLoggerFD:
+ log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
+ break;
+ case oLoggerFile:
+ logfile = pargs.r.ret_str;
+ break;
+
+ case oWithFingerprint:
+ opt.with_fingerprint = 1;
+ opt.fingerprint++;
+ break;
+ case oFingerprint:
+ opt.fingerprint++;
+ fpr_maybe_cmd = 1;
+ break;
+
+ case oSecretKeyring:
+ append_to_strlist( &sec_nrings, pargs.r.ret_str);
+ break;
+ case oOptions:
+ /* config files may not be nested (silently ignore them) */
+ if( !configfp ) {
+ xfree(configname);
+ configname = xstrdup(pargs.r.ret_str);
+ goto next_pass;
+ }
+ break;
+ case oNoArmor: opt.no_armor=1; opt.armor=0; break;
+ case oNoDefKeyring: default_keyring = 0; break;
+ case oNoGreeting: nogreeting = 1; break;
+ case oNoVerbose:
+ opt.verbose = 0;
+ gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
+ opt.list_sigs=0;
+ break;
+ case oQuickRandom:
+ gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+ break;
+ case oEmitVersion: opt.no_version=0; break;
+ case oNoEmitVersion: opt.no_version=1; break;
+ case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break;
+ case oMarginalsNeeded: opt.marginals_needed = pargs.r.ret_int; break;
+ case oMaxCertDepth: opt.max_cert_depth = pargs.r.ret_int; break;
+ case oTrustDBName: trustdb_name = pargs.r.ret_str; break;
+ case oDefaultKey: opt.def_secret_key = pargs.r.ret_str; break;
+ case oDefRecipient:
+ if( *pargs.r.ret_str )
+ opt.def_recipient = make_username(pargs.r.ret_str);
+ break;
+ case oDefRecipientSelf:
+ xfree(opt.def_recipient); opt.def_recipient = NULL;
+ opt.def_recipient_self = 1;
+ break;
+ case oNoDefRecipient:
+ xfree(opt.def_recipient); opt.def_recipient = NULL;
+ opt.def_recipient_self = 0;
+ break;
+ case oNoOptions: opt.no_homedir_creation = 1; break; /* no-options */
+ case oHomedir: break;
+ case oNoBatch: opt.batch = 0; break;
+
+ case oWithKeyData: opt.with_key_data=1; /*FALLTHRU*/
+ case oWithColons: opt.with_colons=':'; break;
+
+ case oWithSigCheck: opt.check_sigs = 1; /*FALLTHRU*/
+ case oWithSigList: opt.list_sigs = 1; break;
+
+ case oSkipVerify: opt.skip_verify=1; break;
+
+ case oSkipHiddenRecipients:
+ case oNoSkipHiddenRecipients:
+ /* Dummies for options to be used in 2.1. */
+ break;
+
+ case oCompressKeys: opt.compress_keys = 1; break;
+ case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
+ /* There are many programs (like mutt) that call gpg with
+ --always-trust so keep this option around for a long
+ time. */
+ case oAlwaysTrust: opt.trust_model=TM_ALWAYS; break;
+ case oTrustModel:
+ parse_trust_model(pargs.r.ret_str);
+ break;
+ case oForceOwnertrust:
+ log_info(_("NOTE: %s is not for normal use!\n"),
+ "--force-ownertrust");
+ opt.force_ownertrust=string_to_trust_value(pargs.r.ret_str);
+ if(opt.force_ownertrust==-1)
+ {
+ log_error("invalid ownertrust `%s'\n",pargs.r.ret_str);
+ opt.force_ownertrust=0;
+ }
+ break;
+ case oLoadExtension:
+ /* Dummy so that gpg 1.4 conf files can work. Should
+ eventually be removed. */
+ break;
+ case oRFC1991:
+ opt.compliance = CO_RFC1991;
+ opt.force_v4_certs = 0;
+ opt.escape_from = 1;
+ break;
+ case oOpenPGP:
+ case oRFC4880:
+ /* This is effectively the same as RFC2440, but with
+ "--enable-dsa2 --no-rfc2440-text --escape-from-lines
+ --require-cross-certification". */
+ opt.compliance = CO_RFC4880;
+ opt.flags.dsa2 = 1;
+ opt.flags.require_cross_cert = 1;
+ opt.rfc2440_text = 0;
+ opt.allow_non_selfsigned_uid = 1;
+ opt.allow_freeform_uid = 1;
+ opt.pgp2_workarounds = 0;
+ opt.escape_from = 1;
+ opt.force_v3_sigs = 0;
+ opt.compress_keys = 0; /* not mandated, but we do it */
+ opt.compress_sigs = 0; /* ditto. */
+ opt.not_dash_escaped = 0;
+ opt.def_cipher_algo = 0;
+ opt.def_digest_algo = 0;
+ opt.cert_digest_algo = 0;
+ opt.compress_algo = -1;
+ opt.s2k_mode = 3; /* iterated+salted */
+ opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
+ opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
+ break;
+ case oRFC2440:
+ opt.compliance = CO_RFC2440;
+ opt.flags.dsa2 = 0;
+ opt.rfc2440_text = 1;
+ opt.allow_non_selfsigned_uid = 1;
+ opt.allow_freeform_uid = 1;
+ opt.pgp2_workarounds = 0;
+ opt.escape_from = 0;
+ opt.force_v3_sigs = 0;
+ opt.compress_keys = 0; /* not mandated, but we do it */
+ opt.compress_sigs = 0; /* ditto. */
+ opt.not_dash_escaped = 0;
+ opt.def_cipher_algo = 0;
+ opt.def_digest_algo = 0;
+ opt.cert_digest_algo = 0;
+ opt.compress_algo = -1;
+ opt.s2k_mode = 3; /* iterated+salted */
+ opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
+ opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
+ break;
+ case oPGP2: opt.compliance = CO_PGP2; break;
+ case oPGP6: opt.compliance = CO_PGP6; break;
+ case oPGP7: opt.compliance = CO_PGP7; break;
+ case oPGP8: opt.compliance = CO_PGP8; break;
+ case oGnuPG: opt.compliance = CO_GNUPG; break;
+ case oCompressSigs: opt.compress_sigs = 1; break;
+ case oRFC2440Text: opt.rfc2440_text=1; break;
+ case oNoRFC2440Text: opt.rfc2440_text=0; break;
+ case oSetFilename:
+ if(utf8_strings)
+ opt.set_filename = pargs.r.ret_str;
+ else
+ opt.set_filename = native_to_utf8(pargs.r.ret_str);
+ break;
+ case oForYourEyesOnly: eyes_only = 1; break;
+ case oNoForYourEyesOnly: eyes_only = 0; break;
+ case oSetPolicyURL:
+ add_policy_url(pargs.r.ret_str,0);
+ add_policy_url(pargs.r.ret_str,1);
+ break;
+ case oSigPolicyURL: add_policy_url(pargs.r.ret_str,0); break;
+ case oCertPolicyURL: add_policy_url(pargs.r.ret_str,1); break;
+ case oShowPolicyURL:
+ deprecated_warning(configname,configlineno,"--show-policy-url",
+ "--list-options ","show-policy-urls");
+ deprecated_warning(configname,configlineno,"--show-policy-url",
+ "--verify-options ","show-policy-urls");
+ opt.list_options|=LIST_SHOW_POLICY_URLS;
+ opt.verify_options|=VERIFY_SHOW_POLICY_URLS;
+ break;
+ case oNoShowPolicyURL:
+ deprecated_warning(configname,configlineno,"--no-show-policy-url",
+ "--list-options ","no-show-policy-urls");
+ deprecated_warning(configname,configlineno,"--no-show-policy-url",
+ "--verify-options ","no-show-policy-urls");
+ opt.list_options&=~LIST_SHOW_POLICY_URLS;
+ opt.verify_options&=~VERIFY_SHOW_POLICY_URLS;
+ break;
+ case oSigKeyserverURL: add_keyserver_url(pargs.r.ret_str,0); break;
+ case oUseEmbeddedFilename:
+ opt.flags.use_embedded_filename=1;
+ break;
+ case oNoUseEmbeddedFilename:
+ opt.flags.use_embedded_filename=0;
+ break;
+ case oComment:
+ if(pargs.r.ret_str[0])
+ append_to_strlist(&opt.comments,pargs.r.ret_str);
+ break;
+ case oDefaultComment:
+ deprecated_warning(configname,configlineno,
+ "--default-comment","--no-comments","");
+ /* fall through */
+ case oNoComments:
+ free_strlist(opt.comments);
+ opt.comments=NULL;
+ break;
+ case oThrowKeyids: opt.throw_keyid = 1; break;
+ case oNoThrowKeyids: opt.throw_keyid = 0; break;
+ case oShowPhotos:
+ deprecated_warning(configname,configlineno,"--show-photos",
+ "--list-options ","show-photos");
+ deprecated_warning(configname,configlineno,"--show-photos",
+ "--verify-options ","show-photos");
+ opt.list_options|=LIST_SHOW_PHOTOS;
+ opt.verify_options|=VERIFY_SHOW_PHOTOS;
+ break;
+ case oNoShowPhotos:
+ deprecated_warning(configname,configlineno,"--no-show-photos",
+ "--list-options ","no-show-photos");
+ deprecated_warning(configname,configlineno,"--no-show-photos",
+ "--verify-options ","no-show-photos");
+ opt.list_options&=~LIST_SHOW_PHOTOS;
+ opt.verify_options&=~VERIFY_SHOW_PHOTOS;
+ break;
+ case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
+ case oForceV3Sigs: opt.force_v3_sigs = 1; break;
+ case oNoForceV3Sigs: opt.force_v3_sigs = 0; break;
+ case oForceV4Certs: opt.force_v4_certs = 1; break;
+ case oNoForceV4Certs: opt.force_v4_certs = 0; break;
+ case oForceMDC: opt.force_mdc = 1; break;
+ case oNoForceMDC: opt.force_mdc = 0; break;
+ case oDisableMDC: opt.disable_mdc = 1; break;
+ case oNoDisableMDC: opt.disable_mdc = 0; break;
+ case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
+ case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
+ case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
+ case oS2KCount:
+ if (pargs.r.ret_int)
+ opt.s2k_count = encode_s2k_iterations (pargs.r.ret_int);
+ else
+ opt.s2k_count = 0; /* Auto-calibrate when needed. */
+ break;
+ case oSimpleSKChecksum: opt.simple_sk_checksum = 1; break;
+ case oNoEncryptTo: opt.no_encrypt_to = 1; break;
+ case oEncryptTo: /* store the recipient in the second list */
+ sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
+ sl->flags = 1;
+ break;
+ case oHiddenEncryptTo: /* store the recipient in the second list */
+ sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
+ sl->flags = 1|2;
+ break;
+ case oRecipient: /* store the recipient */
+ add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
+ any_explicit_recipient = 1;
+ break;
+ case oHiddenRecipient: /* store the recipient with a flag */
+ sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
+ sl->flags = 2;
+ any_explicit_recipient = 1;
+ break;
+ case oTextmodeShort: opt.textmode = 2; break;
+ case oTextmode: opt.textmode=1; break;
+ case oNoTextmode: opt.textmode=0; break;
+ case oExpert: opt.expert = 1; break;
+ case oNoExpert: opt.expert = 0; break;
+ case oDefSigExpire:
+ if(*pargs.r.ret_str!='\0')
+ {
+ if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
+ log_error(_("`%s' is not a valid signature expiration\n"),
+ pargs.r.ret_str);
+ else
+ opt.def_sig_expire=pargs.r.ret_str;
+ }
+ break;
+ case oAskSigExpire: opt.ask_sig_expire = 1; break;
+ case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
+ case oDefCertExpire:
+ if(*pargs.r.ret_str!='\0')
+ {
+ if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
+ log_error(_("`%s' is not a valid signature expiration\n"),
+ pargs.r.ret_str);
+ else
+ opt.def_cert_expire=pargs.r.ret_str;
+ }
+ break;
+ case oAskCertExpire: opt.ask_cert_expire = 1; break;
+ case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
+ case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
+ case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
+ case oAskCertLevel: opt.ask_cert_level = 1; break;
+ case oNoAskCertLevel: opt.ask_cert_level = 0; break;
+ case oLocalUser: /* store the local users */
+ add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
+ break;
+ case oCompress:
+ /* this is the -z command line option */
+ opt.compress_level = opt.bz2_compress_level = pargs.r.ret_int;
+ break;
+ case oCompressLevel: opt.compress_level = pargs.r.ret_int; break;
+ case oBZ2CompressLevel: opt.bz2_compress_level = pargs.r.ret_int; break;
+ case oBZ2DecompressLowmem: opt.bz2_decompress_lowmem=1; break;
+ case oPassphrase:
+ set_passphrase_from_string(pargs.r.ret_str);
+ break;
+ case oPassphraseFD:
+ pwfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
+ break;
+ case oPassphraseFile:
+ pwfd = open_info_file (pargs.r.ret_str, 0, 1);
+ break;
+ case oPassphraseRepeat: opt.passphrase_repeat=pargs.r.ret_int; break;
+ case oCommandFD:
+ opt.command_fd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
+ break;
+ case oCommandFile:
+ opt.command_fd = open_info_file (pargs.r.ret_str, 0, 1);
+ break;
+ case oCipherAlgo:
+ def_cipher_string = xstrdup(pargs.r.ret_str);
+ break;
+ case oDigestAlgo:
+ def_digest_string = xstrdup(pargs.r.ret_str);
+ break;
+ case oCompressAlgo:
+ /* If it is all digits, stick a Z in front of it for
+ later. This is for backwards compatibility with
+ versions that took the compress algorithm number. */
+ {
+ char *pt=pargs.r.ret_str;
+ while(*pt)
+ {
+ if (!isascii (*pt) || !isdigit (*pt))
+ break;
+
+ pt++;
+ }
+
+ if(*pt=='\0')
+ {
+ compress_algo_string=xmalloc(strlen(pargs.r.ret_str)+2);
+ strcpy(compress_algo_string,"Z");
+ strcat(compress_algo_string,pargs.r.ret_str);
+ }
+ else
+ compress_algo_string = xstrdup(pargs.r.ret_str);
+ }
+ break;
+ case oCertDigestAlgo:
+ cert_digest_string = xstrdup(pargs.r.ret_str);
+ break;
+
+ case oNoSecmemWarn:
+ gcry_control (GCRYCTL_DISABLE_SECMEM_WARN);
+ break;
+
+ case oRequireSecmem: require_secmem=1; break;
+ case oNoRequireSecmem: require_secmem=0; break;
+ case oNoPermissionWarn: opt.no_perm_warn=1; break;
+ case oNoMDCWarn: opt.no_mdc_warn=1; break;
+ case oDisplayCharset:
+ if( set_native_charset( pargs.r.ret_str ) )
+ log_error(_("`%s' is not a valid character set\n"),
+ pargs.r.ret_str);
+ break;
+ case oNotDashEscaped: opt.not_dash_escaped = 1; break;
+ case oEscapeFrom: opt.escape_from = 1; break;
+ case oNoEscapeFrom: opt.escape_from = 0; break;
+ case oLockOnce: opt.lock_once = 1; break;
+ case oLockNever:
+ disable_dotlock ();
+ break;
+ case oLockMultiple:
+#ifndef __riscos__
+ opt.lock_once = 0;
+#else /* __riscos__ */
+ riscos_not_implemented("lock-multiple");
+#endif /* __riscos__ */
+ break;
+ case oKeyServer:
+ {
+ struct keyserver_spec *keyserver;
+ keyserver=parse_keyserver_uri(pargs.r.ret_str,0,
+ configname,configlineno);
+ if(!keyserver)
+ log_error(_("could not parse keyserver URL\n"));
+ else
+ {
+ keyserver->next=opt.keyserver;
+ opt.keyserver=keyserver;
+ }
+ }
+ break;
+ case oKeyServerOptions:
+ if(!parse_keyserver_options(pargs.r.ret_str))
+ {
+ if(configname)
+ log_error(_("%s:%d: invalid keyserver options\n"),
+ configname,configlineno);
+ else
+ log_error(_("invalid keyserver options\n"));
+ }
+ break;
+ case oImportOptions:
+ if(!parse_import_options(pargs.r.ret_str,&opt.import_options,1))
+ {
+ if(configname)
+ log_error(_("%s:%d: invalid import options\n"),
+ configname,configlineno);
+ else
+ log_error(_("invalid import options\n"));
+ }
+ break;
+ case oExportOptions:
+ if(!parse_export_options(pargs.r.ret_str,&opt.export_options,1))
+ {
+ if(configname)
+ log_error(_("%s:%d: invalid export options\n"),
+ configname,configlineno);
+ else
+ log_error(_("invalid export options\n"));
+ }
+ break;
+ case oListOptions:
+ if(!parse_list_options(pargs.r.ret_str))
+ {
+ if(configname)
+ log_error(_("%s:%d: invalid list options\n"),
+ configname,configlineno);
+ else
+ log_error(_("invalid list options\n"));
+ }
+ break;
+ case oVerifyOptions:
+ {
+ struct parse_options vopts[]=
+ {
+ {"show-photos",VERIFY_SHOW_PHOTOS,NULL,
+ N_("display photo IDs during signature verification")},
+ {"show-policy-urls",VERIFY_SHOW_POLICY_URLS,NULL,
+ N_("show policy URLs during signature verification")},
+ {"show-notations",VERIFY_SHOW_NOTATIONS,NULL,
+ N_("show all notations during signature verification")},
+ {"show-std-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
+ N_("show IETF standard notations during signature verification")},
+ {"show-standard-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
+ NULL},
+ {"show-user-notations",VERIFY_SHOW_USER_NOTATIONS,NULL,
+ N_("show user-supplied notations during signature verification")},
+ {"show-keyserver-urls",VERIFY_SHOW_KEYSERVER_URLS,NULL,
+ N_("show preferred keyserver URLs during signature verification")},
+ {"show-uid-validity",VERIFY_SHOW_UID_VALIDITY,NULL,
+ N_("show user ID validity during signature verification")},
+ {"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
+ N_("show revoked and expired user IDs in signature verification")},
+ {"show-primary-uid-only",VERIFY_SHOW_PRIMARY_UID_ONLY,NULL,
+ N_("show only the primary user ID in signature verification")},
+ {"pka-lookups",VERIFY_PKA_LOOKUPS,NULL,
+ N_("validate signatures with PKA data")},
+ {"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
+ N_("elevate the trust of signatures with valid PKA data")},
+ {NULL,0,NULL,NULL}
+ };
+
+ if(!parse_options(pargs.r.ret_str,&opt.verify_options,vopts,1))
+ {
+ if(configname)
+ log_error(_("%s:%d: invalid verify options\n"),
+ configname,configlineno);
+ else
+ log_error(_("invalid verify options\n"));
+ }
+ }
+ break;
+ case oTempDir: opt.temp_dir=pargs.r.ret_str; break;
+ case oExecPath:
+ if(set_exec_path(pargs.r.ret_str))
+ log_error(_("unable to set exec-path to %s\n"),pargs.r.ret_str);
+ else
+ opt.exec_path_set=1;
+ break;
+ case oSetNotation:
+ add_notation_data( pargs.r.ret_str, 0 );
+ add_notation_data( pargs.r.ret_str, 1 );
+ break;
+ case oSigNotation: add_notation_data( pargs.r.ret_str, 0 ); break;
+ case oCertNotation: add_notation_data( pargs.r.ret_str, 1 ); break;
+ case oShowNotation:
+ deprecated_warning(configname,configlineno,"--show-notation",
+ "--list-options ","show-notations");
+ deprecated_warning(configname,configlineno,"--show-notation",
+ "--verify-options ","show-notations");
+ opt.list_options|=LIST_SHOW_NOTATIONS;
+ opt.verify_options|=VERIFY_SHOW_NOTATIONS;
+ break;
+ case oNoShowNotation:
+ deprecated_warning(configname,configlineno,"--no-show-notation",
+ "--list-options ","no-show-notations");
+ deprecated_warning(configname,configlineno,"--no-show-notation",
+ "--verify-options ","no-show-notations");
+ opt.list_options&=~LIST_SHOW_NOTATIONS;
+ opt.verify_options&=~VERIFY_SHOW_NOTATIONS;
+ break;
+ case oUtf8Strings: utf8_strings = 1; break;
+ case oNoUtf8Strings: utf8_strings = 0; break;
+ case oDisableCipherAlgo:
+ {
+ int algo = string_to_cipher_algo (pargs.r.ret_str);
+ gcry_cipher_ctl (NULL, GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
+ }
+ break;
+ case oDisablePubkeyAlgo:
+ {
+ int algo = gcry_pk_map_name (pargs.r.ret_str);
+ gcry_pk_ctl (GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
+ }
+ break;
+ case oNoSigCache: opt.no_sig_cache = 1; break;
+ case oNoSigCreateCheck: opt.no_sig_create_check = 1; break;
+ case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
+ case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
+ case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
+ case oNoAllowFreeformUID: opt.allow_freeform_uid = 0; break;
+ case oNoLiteral: opt.no_literal = 1; break;
+ case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
+ case oHonorHttpProxy:
+ add_to_strlist(&opt.keyserver_options.other,"http-proxy");
+ deprecated_warning(configname,configlineno,
+ "--honor-http-proxy",
+ "--keyserver-options ","http-proxy");
+ break;
+ case oFastListMode: opt.fast_list_mode = 1; break;
+ case oFixedListMode: /* Dummy */ break;
+ case oListOnly: opt.list_only=1; break;
+ case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
+ case oIgnoreValidFrom: opt.ignore_valid_from = 1; break;
+ case oIgnoreCrcError: opt.ignore_crc_error = 1; break;
+ case oIgnoreMDCError: opt.ignore_mdc_error = 1; break;
+ case oNoRandomSeedFile: use_random_seed = 0; break;
+ case oAutoKeyRetrieve:
+ case oNoAutoKeyRetrieve:
+ if(pargs.r_opt==oAutoKeyRetrieve)
+ opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
+ else
+ opt.keyserver_options.options&=~KEYSERVER_AUTO_KEY_RETRIEVE;
+
+ deprecated_warning(configname,configlineno,
+ pargs.r_opt==oAutoKeyRetrieve?"--auto-key-retrieve":
+ "--no-auto-key-retrieve","--keyserver-options ",
+ pargs.r_opt==oAutoKeyRetrieve?"auto-key-retrieve":
+ "no-auto-key-retrieve");
+ break;
+ case oShowSessionKey: opt.show_session_key = 1; break;
+ case oOverrideSessionKey:
+ opt.override_session_key = pargs.r.ret_str;
+ break;
+ case oMergeOnly:
+ deprecated_warning(configname,configlineno,"--merge-only",
+ "--import-options ","merge-only");
+ opt.import_options|=IMPORT_MERGE_ONLY;
+ break;
+ case oAllowSecretKeyImport: /* obsolete */ break;
+ case oTryAllSecrets: opt.try_all_secrets = 1; break;
+ case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
+ case oEnableSpecialFilenames:
+ iobuf_enable_special_filenames (1);
+ break;
+ case oNoExpensiveTrustChecks: opt.no_expensive_trust_checks=1; break;
+ case oAutoCheckTrustDB: opt.no_auto_check_trustdb=0; break;
+ case oNoAutoCheckTrustDB: opt.no_auto_check_trustdb=1; break;
+ case oPreservePermissions: opt.preserve_permissions=1; break;
+ case oDefaultPreferenceList:
+ opt.def_preference_list = pargs.r.ret_str;
+ break;
+ case oDefaultKeyserverURL:
+ {
+ struct keyserver_spec *keyserver;
+ keyserver=parse_keyserver_uri(pargs.r.ret_str,1,
+ configname,configlineno);
+ if(!keyserver)
+ log_error(_("could not parse keyserver URL\n"));
+ else
+ free_keyserver_spec(keyserver);
+
+ opt.def_keyserver_url = pargs.r.ret_str;
+ }
+ break;
+ case oPersonalCipherPreferences:
+ pers_cipher_list=pargs.r.ret_str;
+ break;
+ case oPersonalDigestPreferences:
+ pers_digest_list=pargs.r.ret_str;
+ break;
+ case oPersonalCompressPreferences:
+ pers_compress_list=pargs.r.ret_str;
+ break;
+ case oAgentProgram: opt.agent_program = pargs.r.ret_str; break;
+
+ case oDisplay:
+ set_opt_session_env ("DISPLAY", pargs.r.ret_str);
+ break;
+ case oTTYname:
+ set_opt_session_env ("GPG_TTY", pargs.r.ret_str);
+ break;
+ case oTTYtype:
+ set_opt_session_env ("TERM", pargs.r.ret_str);
+ break;
+ case oXauthority:
+ set_opt_session_env ("XAUTHORITY", pargs.r.ret_str);
+ break;
+
+ case oLCctype: opt.lc_ctype = pargs.r.ret_str; break;
+ case oLCmessages: opt.lc_messages = pargs.r.ret_str; break;
+
+ case oGroup: add_group(pargs.r.ret_str); break;
+ case oUnGroup: rm_group(pargs.r.ret_str); break;
+ case oNoGroups:
+ while(opt.grouplist)
+ {
+ struct groupitem *iter=opt.grouplist;
+ free_strlist(iter->values);
+ opt.grouplist=opt.grouplist->next;
+ xfree(iter);
+ }
+ break;
+
+ case oStrict:
+ case oNoStrict:
+ /* Not used */
+ break;
+
+ case oMangleDosFilenames: opt.mangle_dos_filenames = 1; break;
+ case oNoMangleDosFilenames: opt.mangle_dos_filenames = 0; break;
+ case oEnableProgressFilter: opt.enable_progress_filter = 1; break;
+ case oMultifile: multifile=1; break;
+ case oKeyidFormat:
+ if(ascii_strcasecmp(pargs.r.ret_str,"short")==0)
+ opt.keyid_format=KF_SHORT;
+ else if(ascii_strcasecmp(pargs.r.ret_str,"long")==0)
+ opt.keyid_format=KF_LONG;
+ else if(ascii_strcasecmp(pargs.r.ret_str,"0xshort")==0)
+ opt.keyid_format=KF_0xSHORT;
+ else if(ascii_strcasecmp(pargs.r.ret_str,"0xlong")==0)
+ opt.keyid_format=KF_0xLONG;
+ else
+ log_error("unknown keyid-format `%s'\n",pargs.r.ret_str);
+ break;
+
+ case oExitOnStatusWriteError:
+ opt.exit_on_status_write_error = 1;
+ break;
+
+ case oLimitCardInsertTries:
+ opt.limit_card_insert_tries = pargs.r.ret_int;
+ break;
+
+ case oRequireCrossCert: opt.flags.require_cross_cert=1; break;
+ case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
+
+ case oAutoKeyLocate:
+ if(!parse_auto_key_locate(pargs.r.ret_str))
+ {
+ if(configname)
+ log_error(_("%s:%d: invalid auto-key-locate list\n"),
+ configname,configlineno);
+ else
+ log_error(_("invalid auto-key-locate list\n"));
+ }
+ break;
+ case oNoAutoKeyLocate:
+ release_akl();
+ break;
+
+ case oEnableDSA2: opt.flags.dsa2=1; break;
+ case oDisableDSA2: opt.flags.dsa2=0; break;
+
+ case oAllowMultisigVerification:
+ case oAllowMultipleMessages:
+ opt.flags.allow_multiple_messages=1;
+ break;
+
+ case oNoAllowMultipleMessages:
+ opt.flags.allow_multiple_messages=0;
+ break;
+
+ case oNoop: break;
+
+ default:
+ pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
+ break;
+ }
+ }
+
+
+ if( configfp ) {
+ fclose( configfp );
+ configfp = NULL;
+ /* Remember the first config file name. */
+ if (!save_configname)
+ save_configname = configname;
+ else
+ xfree(configname);
+ configname = NULL;
+ goto next_pass;
+ }
+ xfree( configname ); configname = NULL;
+ if( log_get_errorcount(0) )
+ g10_exit(2);
+
+ /* The command --gpgconf-list is pretty simple and may be called
+ directly after the option parsing. */
+ if (cmd == aGPGConfList)
+ {
+ gpgconf_list (save_configname ? save_configname : default_configname);
+ g10_exit (0);
+ }
+ xfree (save_configname);
+ xfree (default_configname);
+
+ if( nogreeting )
+ greeting = 0;
+
+ if( greeting ) {
+ fprintf(stderr, "%s %s; %s\n",
+ strusage(11), strusage(13), strusage(14) );
+ fprintf(stderr, "%s\n", strusage(15) );
+ }
+#ifdef IS_DEVELOPMENT_VERSION
+ if (!opt.batch)
+ {
+ const char *s;
+
+ if((s=strusage(25)))
+ log_info("%s\n",s);
+ if((s=strusage(26)))
+ log_info("%s\n",s);
+ if((s=strusage(27)))
+ log_info("%s\n",s);
+ }
+#endif
+
+ /* FIXME: We should use logging to a file only in server mode;
+ however we have not yet implemetyed that. Thus we try to get
+ away with --batch as indication for logging to file
+ required. */
+ if (logfile && opt.batch)
+ {
+ log_set_file (logfile);
+ log_set_prefix (NULL, 1|2|4);
+ }
+
+ /* Older Libgcrypts fail with an assertion during DSA key
+ generation. Better disable DSA2 entirely. */
+ if (opt.flags.dsa2 && !gcry_check_version ("1.4.0") )
+ {
+ log_info ("WARNING: "
+ "DSA2 is only available with Libgcrypt 1.4 and later\n");
+ opt.flags.dsa2 = 0;
+ }
+
+ if (opt.verbose > 2)
+ log_info ("using character set `%s'\n", get_native_charset ());
+
+ if( may_coredump && !opt.quiet )
+ log_info(_("WARNING: program may create a core file!\n"));
+
+ if (eyes_only) {
+ if (opt.set_filename)
+ log_info(_("WARNING: %s overrides %s\n"),
+ "--for-your-eyes-only","--set-filename");
+
+ opt.set_filename="_CONSOLE";
+ }
+
+ if (opt.no_literal) {
+ log_info(_("NOTE: %s is not for normal use!\n"), "--no-literal");
+ if (opt.textmode)
+ log_error(_("%s not allowed with %s!\n"),
+ "--textmode", "--no-literal" );
+ if (opt.set_filename)
+ log_error(_("%s makes no sense with %s!\n"),
+ eyes_only?"--for-your-eyes-only":"--set-filename",
+ "--no-literal" );
+ }
+
+
+ if (opt.set_filesize)
+ log_info(_("NOTE: %s is not for normal use!\n"), "--set-filesize");
+ if( opt.batch )
+ tty_batchmode( 1 );
+
+ gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
+
+ if(require_secmem && !got_secmem)
+ {
+ log_info(_("will not run with insecure memory due to %s\n"),
+ "--require-secmem");
+ g10_exit(2);
+ }
+
+ set_debug (debug_level);
+
+ /* Do these after the switch(), so they can override settings. */
+ if(PGP2)
+ {
+ int unusable=0;
+
+ if(cmd==aSign && !detached_sig)
+ {
+ log_info(_("you can only make detached or clear signatures "
+ "while in --pgp2 mode\n"));
+ unusable=1;
+ }
+ else if(cmd==aSignEncr || cmd==aSignSym)
+ {
+ log_info(_("you can't sign and encrypt at the "
+ "same time while in --pgp2 mode\n"));
+ unusable=1;
+ }
+ else if(argc==0 && (cmd==aSign || cmd==aEncr || cmd==aSym))
+ {
+ log_info(_("you must use files (and not a pipe) when "
+ "working with --pgp2 enabled.\n"));
+ unusable=1;
+ }
+ else if(cmd==aEncr || cmd==aSym)
+ {
+ /* Everything else should work without IDEA (except using
+ a secret key encrypted with IDEA and setting an IDEA
+ preference, but those have their own error
+ messages). */
+
+ if (openpgp_cipher_test_algo(CIPHER_ALGO_IDEA))
+ {
+ log_info(_("encrypting a message in --pgp2 mode requires "
+ "the IDEA cipher\n"));
+ idea_cipher_warn(1);
+ unusable=1;
+ }
+ else if(cmd==aSym)
+ {
+ /* This only sets IDEA for symmetric encryption
+ since it is set via select_algo_from_prefs for
+ pk encryption. */
+ xfree(def_cipher_string);
+ def_cipher_string = xstrdup("idea");
+ }
+
+ /* PGP2 can't handle the output from the textmode
+ filter, so we disable it for anything that could
+ create a literal packet (only encryption and
+ symmetric encryption, since we disable signing
+ above). */
+ if(!unusable)
+ opt.textmode=0;
+ }
+
+ if(unusable)
+ compliance_failure();
+ else
+ {
+ opt.force_v4_certs = 0;
+ opt.escape_from = 1;
+ opt.force_v3_sigs = 1;
+ opt.pgp2_workarounds = 1;
+ opt.ask_sig_expire = 0;
+ opt.ask_cert_expire = 0;
+ xfree(def_digest_string);
+ def_digest_string = xstrdup("md5");
+ xfree(s2k_digest_string);
+ s2k_digest_string = xstrdup("md5");
+ opt.compress_algo = COMPRESS_ALGO_ZIP;
+ }
+ }
+ else if(PGP6)
+ {
+ opt.disable_mdc=1;
+ opt.escape_from=1;
+ opt.force_v3_sigs=1;
+ opt.ask_sig_expire=0;
+ }
+ else if(PGP7)
+ {
+ opt.escape_from=1;
+ opt.force_v3_sigs=1;
+ opt.ask_sig_expire=0;
+ }
+ else if(PGP8)
+ {
+ opt.escape_from=1;
+ }
+
+
+ if( def_cipher_string ) {
+ opt.def_cipher_algo = string_to_cipher_algo (def_cipher_string);
+ if(opt.def_cipher_algo==0 &&
+ (ascii_strcasecmp(def_cipher_string,"idea")==0
+ || ascii_strcasecmp(def_cipher_string,"s1")==0))
+ idea_cipher_warn(1);
+ xfree(def_cipher_string); def_cipher_string = NULL;
+ if ( openpgp_cipher_test_algo (opt.def_cipher_algo) )
+ log_error(_("selected cipher algorithm is invalid\n"));
+ }
+ if( def_digest_string ) {
+ opt.def_digest_algo = string_to_digest_algo (def_digest_string);
+ xfree(def_digest_string); def_digest_string = NULL;
+ if ( openpgp_md_test_algo (opt.def_digest_algo) )
+ log_error(_("selected digest algorithm is invalid\n"));
+ }
+ if( compress_algo_string ) {
+ opt.compress_algo = string_to_compress_algo(compress_algo_string);
+ xfree(compress_algo_string); compress_algo_string = NULL;
+ if( check_compress_algo(opt.compress_algo) )
+ log_error(_("selected compression algorithm is invalid\n"));
+ }
+ if( cert_digest_string ) {
+ opt.cert_digest_algo = string_to_digest_algo (cert_digest_string);
+ xfree(cert_digest_string); cert_digest_string = NULL;
+ if (openpgp_md_test_algo(opt.cert_digest_algo))
+ log_error(_("selected certification digest algorithm is invalid\n"));
+ }
+ if( s2k_cipher_string ) {
+ opt.s2k_cipher_algo = string_to_cipher_algo (s2k_cipher_string);
+ xfree(s2k_cipher_string); s2k_cipher_string = NULL;
+ if (openpgp_cipher_test_algo (opt.s2k_cipher_algo))
+ log_error(_("selected cipher algorithm is invalid\n"));
+ }
+ if( s2k_digest_string ) {
+ opt.s2k_digest_algo = string_to_digest_algo (s2k_digest_string);
+ xfree(s2k_digest_string); s2k_digest_string = NULL;
+ if (openpgp_md_test_algo(opt.s2k_digest_algo))
+ log_error(_("selected digest algorithm is invalid\n"));
+ }
+ if( opt.completes_needed < 1 )
+ log_error(_("completes-needed must be greater than 0\n"));
+ if( opt.marginals_needed < 2 )
+ log_error(_("marginals-needed must be greater than 1\n"));
+ if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 )
+ log_error(_("max-cert-depth must be in the range from 1 to 255\n"));
+ if(opt.def_cert_level<0 || opt.def_cert_level>3)
+ log_error(_("invalid default-cert-level; must be 0, 1, 2, or 3\n"));
+ if( opt.min_cert_level < 1 || opt.min_cert_level > 3 )
+ log_error(_("invalid min-cert-level; must be 1, 2, or 3\n"));
+ switch( opt.s2k_mode ) {
+ case 0:
+ log_info(_("NOTE: simple S2K mode (0) is strongly discouraged\n"));
+ break;
+ case 1: case 3: break;
+ default:
+ log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
+ }
+
+ /* This isn't actually needed, but does serve to error out if the
+ string is invalid. */
+ if(opt.def_preference_list &&
+ keygen_set_std_prefs(opt.def_preference_list,0))
+ log_error(_("invalid default preferences\n"));
+
+ if(pers_cipher_list &&
+ keygen_set_std_prefs(pers_cipher_list,PREFTYPE_SYM))
+ log_error(_("invalid personal cipher preferences\n"));
+
+ if(pers_digest_list &&
+ keygen_set_std_prefs(pers_digest_list,PREFTYPE_HASH))
+ log_error(_("invalid personal digest preferences\n"));
+
+ if(pers_compress_list &&
+ keygen_set_std_prefs(pers_compress_list,PREFTYPE_ZIP))
+ log_error(_("invalid personal compress preferences\n"));
+
+ /* We don't support all possible commands with multifile yet */
+ if(multifile)
+ {
+ char *cmdname;
+
+ switch(cmd)
+ {
+ case aSign:
+ cmdname="--sign";
+ break;
+ case aClearsign:
+ cmdname="--clearsign";
+ break;
+ case aDetachedSign:
+ cmdname="--detach-sign";
+ break;
+ case aSym:
+ cmdname="--symmetric";
+ break;
+ case aEncrSym:
+ cmdname="--symmetric --encrypt";
+ break;
+ case aStore:
+ cmdname="--store";
+ break;
+ default:
+ cmdname=NULL;
+ break;
+ }
+
+ if(cmdname)
+ log_error(_("%s does not yet work with %s\n"),cmdname,"--multifile");
+ }
+
+ if( log_get_errorcount(0) )
+ g10_exit(2);
+
+ if(opt.compress_level==0)
+ opt.compress_algo=COMPRESS_ALGO_NONE;
+
+ /* Check our chosen algorithms against the list of legal
+ algorithms. */
+
+ if(!GNUPG)
+ {
+ const char *badalg=NULL;
+ preftype_t badtype=PREFTYPE_NONE;
+
+ if(opt.def_cipher_algo
+ && !algo_available(PREFTYPE_SYM,opt.def_cipher_algo,NULL))
+ {
+ badalg = openpgp_cipher_algo_name (opt.def_cipher_algo);
+ badtype = PREFTYPE_SYM;
+ }
+ else if(opt.def_digest_algo
+ && !algo_available(PREFTYPE_HASH,opt.def_digest_algo,NULL))
+ {
+ badalg = gcry_md_algo_name (opt.def_digest_algo);
+ badtype = PREFTYPE_HASH;
+ }
+ else if(opt.cert_digest_algo
+ && !algo_available(PREFTYPE_HASH,opt.cert_digest_algo,NULL))
+ {
+ badalg = gcry_md_algo_name (opt.cert_digest_algo);
+ badtype = PREFTYPE_HASH;
+ }
+ else if(opt.compress_algo!=-1
+ && !algo_available(PREFTYPE_ZIP,opt.compress_algo,NULL))
+ {
+ badalg = compress_algo_to_string(opt.compress_algo);
+ badtype = PREFTYPE_ZIP;
+ }
+
+ if(badalg)
+ {
+ switch(badtype)
+ {
+ case PREFTYPE_SYM:
+ log_info(_("you may not use cipher algorithm `%s'"
+ " while in %s mode\n"),
+ badalg,compliance_option_string());
+ break;
+ case PREFTYPE_HASH:
+ log_info(_("you may not use digest algorithm `%s'"
+ " while in %s mode\n"),
+ badalg,compliance_option_string());
+ break;
+ case PREFTYPE_ZIP:
+ log_info(_("you may not use compression algorithm `%s'"
+ " while in %s mode\n"),
+ badalg,compliance_option_string());
+ break;
+ default:
+ BUG();
+ }
+
+ compliance_failure();
+ }
+ }
+
+ /* Set the random seed file. */
+ if( use_random_seed ) {
+ char *p = make_filename(opt.homedir, "random_seed", NULL );
+ gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
+ if (!access (p, F_OK))
+ register_secured_file (p);
+ xfree(p);
+ }
+
+ /* If there is no command but the --fingerprint is given, default
+ to the --list-keys command. */
+ if (!cmd && fpr_maybe_cmd)
+ {
+ set_cmd (&cmd, aListKeys);
+ }
+
+
+ if( opt.verbose > 1 )
+ set_packet_list_mode(1);
+
+ /* Add the keyrings, but not for some special commands. Also
+ avoid adding the secret keyring for a couple of commands to
+ avoid unneeded access in case the secrings are stored on a
+ floppy.
+
+ We always need to add the keyrings if we are running under
+ SELinux, this is so that the rings are added to the list of
+ secured files. */
+ if( ALWAYS_ADD_KEYRINGS
+ || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) )
+ {
+ if (ALWAYS_ADD_KEYRINGS
+ || (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys
+ && cmd != aVerify && cmd != aSym && cmd != aLocateKeys))
+ {
+ if (!sec_nrings || default_keyring) /* add default secret rings */
+ keydb_add_resource ("secring" EXTSEP_S "gpg", 4, 1);
+ for (sl = sec_nrings; sl; sl = sl->next)
+ keydb_add_resource ( sl->d, 0, 1 );
+ }
+ if( !nrings || default_keyring ) /* add default ring */
+ keydb_add_resource ("pubring" EXTSEP_S "gpg", 4, 0);
+ for(sl = nrings; sl; sl = sl->next )
+ keydb_add_resource ( sl->d, sl->flags, 0 );
+ }
+ FREE_STRLIST(nrings);
+ FREE_STRLIST(sec_nrings);
+
+ if (cmd == aGPGConfTest)
+ g10_exit(0);
+
+
+ if( pwfd != -1 ) /* Read the passphrase now. */
+ read_passphrase_from_fd( pwfd );
+
+ fname = argc? *argv : NULL;
+
+ if(fname && utf8_strings)
+ opt.flags.utf8_filename=1;
+
+ switch( cmd ) {
+ case aPrimegen:
+ case aPrintMD:
+ case aPrintMDs:
+ case aGenRandom:
+ case aDeArmor:
+ case aEnArmor:
+ break;
+ case aFixTrustDB:
+ case aExportOwnerTrust: rc = setup_trustdb( 0, trustdb_name ); break;
+ case aListTrustDB: rc = setup_trustdb( argc? 1:0, trustdb_name ); break;
+ default: rc = setup_trustdb(1, trustdb_name ); break;
+ }
+ if( rc )
+ log_error(_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc));
+
+
+ switch (cmd)
+ {
+ case aStore:
+ case aSym:
+ case aSign:
+ case aSignSym:
+ case aClearsign:
+ if (!opt.quiet && any_explicit_recipient)
+ log_info (_("WARNING: recipients (-r) given "
+ "without using public key encryption\n"));
+ break;
+ default:
+ break;
+ }
+
+ switch( cmd )
+ {
+ case aServer:
+ {
+ ctrl_t ctrl = xtrycalloc (1, sizeof *ctrl);
+ gpg_init_default_ctrl (ctrl);
+ gpg_server (ctrl);
+ gpg_deinit_default_ctrl (ctrl);
+ xfree (ctrl);
+ }
+ break;
+
+ case aStore: /* only store the file */
+ if( argc > 1 )
+ wrong_args(_("--store [filename]"));
+ if( (rc = encode_store(fname)) )
+ log_error ("storing `%s' failed: %s\n",
+ print_fname_stdin(fname),g10_errstr(rc) );
+ break;
+ case aSym: /* encrypt the given file only with the symmetric cipher */
+ if( argc > 1 )
+ wrong_args(_("--symmetric [filename]"));
+ if( (rc = encode_symmetric(fname)) )
+ log_error (_("symmetric encryption of `%s' failed: %s\n"),
+ print_fname_stdin(fname),g10_errstr(rc) );
+ break;
+
+ case aEncr: /* encrypt the given file */
+ if(multifile)
+ encode_crypt_files(argc, argv, remusr);
+ else
+ {
+ if( argc > 1 )
+ wrong_args(_("--encrypt [filename]"));
+ if( (rc = encode_crypt(fname,remusr,0)) )
+ log_error("%s: encryption failed: %s\n",
+ print_fname_stdin(fname), g10_errstr(rc) );
+ }
+ break;
+
+ case aEncrSym:
+ /* This works with PGP 8 in the sense that it acts just like a
+ symmetric message. It doesn't work at all with 2 or 6. It
+ might work with 7, but alas, I don't have a copy to test
+ with right now. */
+ if( argc > 1 )
+ wrong_args(_("--symmetric --encrypt [filename]"));
+ else if(opt.s2k_mode==0)
+ log_error(_("you cannot use --symmetric --encrypt"
+ " with --s2k-mode 0\n"));
+ else if(PGP2 || PGP6 || PGP7 || RFC1991)
+ log_error(_("you cannot use --symmetric --encrypt"
+ " while in %s mode\n"),compliance_option_string());
+ else
+ {
+ if( (rc = encode_crypt(fname,remusr,1)) )
+ log_error("%s: encryption failed: %s\n",
+ print_fname_stdin(fname), g10_errstr(rc) );
+ }
+ break;
+
+ case aSign: /* sign the given file */
+ sl = NULL;
+ if( detached_sig ) { /* sign all files */
+ for( ; argc; argc--, argv++ )
+ add_to_strlist( &sl, *argv );
+ }
+ else {
+ if( argc > 1 )
+ wrong_args(_("--sign [filename]"));
+ if( argc ) {
+ sl = xmalloc_clear( sizeof *sl + strlen(fname));
+ strcpy(sl->d, fname);
+ }
+ }
+ if( (rc = sign_file( sl, detached_sig, locusr, 0, NULL, NULL)) )
+ log_error("signing failed: %s\n", g10_errstr(rc) );
+ free_strlist(sl);
+ break;
+
+ case aSignEncr: /* sign and encrypt the given file */
+ if( argc > 1 )
+ wrong_args(_("--sign --encrypt [filename]"));
+ if( argc ) {
+ sl = xmalloc_clear( sizeof *sl + strlen(fname));
+ strcpy(sl->d, fname);
+ }
+ else
+ sl = NULL;
+ if( (rc = sign_file(sl, detached_sig, locusr, 1, remusr, NULL)) )
+ log_error("%s: sign+encrypt failed: %s\n",
+ print_fname_stdin(fname), g10_errstr(rc) );
+ free_strlist(sl);
+ break;
+
+ case aSignEncrSym: /* sign and encrypt the given file */
+ if( argc > 1 )
+ wrong_args(_("--symmetric --sign --encrypt [filename]"));
+ else if(opt.s2k_mode==0)
+ log_error(_("you cannot use --symmetric --sign --encrypt"
+ " with --s2k-mode 0\n"));
+ else if(PGP2 || PGP6 || PGP7 || RFC1991)
+ log_error(_("you cannot use --symmetric --sign --encrypt"
+ " while in %s mode\n"),compliance_option_string());
+ else
+ {
+ if( argc )
+ {
+ sl = xmalloc_clear( sizeof *sl + strlen(fname));
+ strcpy(sl->d, fname);
+ }
+ else
+ sl = NULL;
+ if( (rc = sign_file(sl, detached_sig, locusr, 2, remusr, NULL)) )
+ log_error("%s: symmetric+sign+encrypt failed: %s\n",
+ print_fname_stdin(fname), g10_errstr(rc) );
+ free_strlist(sl);
+ }
+ break;
+
+ case aSignSym: /* sign and conventionally encrypt the given file */
+ if (argc > 1)
+ wrong_args(_("--sign --symmetric [filename]"));
+ rc = sign_symencrypt_file (fname, locusr);
+ if (rc)
+ log_error("%s: sign+symmetric failed: %s\n",
+ print_fname_stdin(fname), g10_errstr(rc) );
+ break;
+
+ case aClearsign: /* make a clearsig */
+ if( argc > 1 )
+ wrong_args(_("--clearsign [filename]"));
+ if( (rc = clearsign_file(fname, locusr, NULL)) )
+ log_error("%s: clearsign failed: %s\n",
+ print_fname_stdin(fname), g10_errstr(rc) );
+ break;
+
+ case aVerify:
+ if(multifile)
+ {
+ if( (rc = verify_files( argc, argv ) ))
+ log_error("verify files failed: %s\n", g10_errstr(rc) );
+ }
+ else
+ {
+ if( (rc = verify_signatures( argc, argv ) ))
+ log_error("verify signatures failed: %s\n", g10_errstr(rc) );
+ }
+ break;
+
+ case aDecrypt:
+ if(multifile)
+ decrypt_messages(argc, argv);
+ else
+ {
+ if( argc > 1 )
+ wrong_args(_("--decrypt [filename]"));
+ if( (rc = decrypt_message( fname ) ))
+ log_error("decrypt_message failed: %s\n", g10_errstr(rc) );
+ }
+ break;
+
+ case aSignKey:
+ if( argc != 1 )
+ wrong_args(_("--sign-key user-id"));
+ /* fall through */
+ case aLSignKey:
+ if( argc != 1 )
+ wrong_args(_("--lsign-key user-id"));
+ /* fall through */
+
+ sl=NULL;
+
+ if(cmd==aSignKey)
+ append_to_strlist(&sl,"sign");
+ else if(cmd==aLSignKey)
+ append_to_strlist(&sl,"lsign");
+ else
+ BUG();
+
+ append_to_strlist( &sl, "save" );
+ username = make_username( fname );
+ keyedit_menu (username, locusr, sl, 0, 0 );
+ xfree(username);
+ free_strlist(sl);
+ break;
+
+ case aEditKey: /* Edit a key signature */
+ if( !argc )
+ wrong_args(_("--edit-key user-id [commands]"));
+ username = make_username( fname );
+ if( argc > 1 ) {
+ sl = NULL;
+ for( argc--, argv++ ; argc; argc--, argv++ )
+ append_to_strlist( &sl, *argv );
+ keyedit_menu( username, locusr, sl, 0, 1 );
+ free_strlist(sl);
+ }
+ else
+ keyedit_menu(username, locusr, NULL, 0, 1 );
+ xfree(username);
+ break;
+
+ case aPasswd:
+ if (argc != 1)
+ wrong_args (_("--passwd <user-id>"));
+ else
+ {
+ username = make_username (fname);
+ keyedit_passwd (username);
+ xfree (username);
+ }
+ break;
+
+ case aDeleteKeys:
+ case aDeleteSecretKeys:
+ case aDeleteSecretAndPublicKeys:
+ sl = NULL;
+ /* I'm adding these in reverse order as add_to_strlist2
+ reverses them again, and it's easier to understand in the
+ proper order :) */
+ for( ; argc; argc-- )
+ add_to_strlist2( &sl, argv[argc-1], utf8_strings );
+ delete_keys(sl,cmd==aDeleteSecretKeys,cmd==aDeleteSecretAndPublicKeys);
+ free_strlist(sl);
+ break;
+
+ case aCheckKeys:
+ opt.check_sigs = 1;
+ case aListSigs:
+ opt.list_sigs = 1;
+ case aListKeys:
+ sl = NULL;
+ for( ; argc; argc--, argv++ )
+ add_to_strlist2( &sl, *argv, utf8_strings );
+ public_key_list( sl, 0 );
+ free_strlist(sl);
+ break;
+ case aListSecretKeys:
+ sl = NULL;
+ for( ; argc; argc--, argv++ )
+ add_to_strlist2( &sl, *argv, utf8_strings );
+ secret_key_list( sl );
+ free_strlist(sl);
+ break;
+ case aLocateKeys:
+ sl = NULL;
+ for (; argc; argc--, argv++)
+ add_to_strlist2( &sl, *argv, utf8_strings );
+ public_key_list (sl, 1);
+ free_strlist (sl);
+ break;
+
+ case aKeygen: /* generate a key */
+ if( opt.batch ) {
+ if( argc > 1 )
+ wrong_args("--gen-key [parameterfile]");
+ generate_keypair( argc? *argv : NULL, NULL, NULL );
+ }
+ else {
+ if( argc )
+ wrong_args("--gen-key");
+ generate_keypair(NULL, NULL, NULL);
+ }
+ break;
+
+ case aFastImport:
+ opt.import_options |= IMPORT_FAST;
+ case aImport:
+ import_keys( argc? argv:NULL, argc, NULL, opt.import_options );
+ break;
+
+ /* TODO: There are a number of command that use this same
+ "make strlist, call function, report error, free strlist"
+ pattern. Join them together here and avoid all that
+ duplicated code. */
+
+ case aExport:
+ case aSendKeys:
+ case aRecvKeys:
+ sl = NULL;
+ for( ; argc; argc--, argv++ )
+ append_to_strlist2( &sl, *argv, utf8_strings );
+ if( cmd == aSendKeys )
+ rc=keyserver_export( sl );
+ else if( cmd == aRecvKeys )
+ rc=keyserver_import( sl );
+ else
+ rc=export_pubkeys( sl, opt.export_options );
+ if(rc)
+ {
+ if(cmd==aSendKeys)
+ log_error(_("keyserver send failed: %s\n"),g10_errstr(rc));
+ else if(cmd==aRecvKeys)
+ log_error(_("keyserver receive failed: %s\n"),g10_errstr(rc));
+ else
+ log_error(_("key export failed: %s\n"),g10_errstr(rc));
+ }
+ free_strlist(sl);
+ break;
+
+ case aSearchKeys:
+ sl = NULL;
+ for( ; argc; argc--, argv++ )
+ append_to_strlist2( &sl, *argv, utf8_strings );
+ rc=keyserver_search( sl );
+ if(rc)
+ log_error(_("keyserver search failed: %s\n"),g10_errstr(rc));
+ free_strlist(sl);
+ break;
+
+ case aRefreshKeys:
+ sl = NULL;
+ for( ; argc; argc--, argv++ )
+ append_to_strlist2( &sl, *argv, utf8_strings );
+ rc=keyserver_refresh(sl);
+ if(rc)
+ log_error(_("keyserver refresh failed: %s\n"),g10_errstr(rc));
+ free_strlist(sl);
+ break;
+
+ case aFetchKeys:
+ sl = NULL;
+ for( ; argc; argc--, argv++ )
+ append_to_strlist2( &sl, *argv, utf8_strings );
+ rc=keyserver_fetch(sl);
+ if(rc)
+ log_error("key fetch failed: %s\n",g10_errstr(rc));
+ free_strlist(sl);
+ break;
+
+ case aExportSecret:
+ sl = NULL;
+ for( ; argc; argc--, argv++ )
+ add_to_strlist2( &sl, *argv, utf8_strings );
+ export_seckeys( sl );
+ free_strlist(sl);
+ break;
+
+ case aExportSecretSub:
+ sl = NULL;
+ for( ; argc; argc--, argv++ )
+ add_to_strlist2( &sl, *argv, utf8_strings );
+ export_secsubkeys( sl );
+ free_strlist(sl);
+ break;
+
+ case aGenRevoke:
+ if( argc != 1 )
+ wrong_args("--gen-revoke user-id");
+ username = make_username(*argv);
+ gen_revoke( username );
+ xfree( username );
+ break;
+
+ case aDesigRevoke:
+ if( argc != 1 )
+ wrong_args("--desig-revoke user-id");
+ username = make_username(*argv);
+ gen_desig_revoke( username, locusr );
+ xfree( username );
+ break;
+
+ case aDeArmor:
+ if( argc > 1 )
+ wrong_args("--dearmor [file]");
+ rc = dearmor_file( argc? *argv: NULL );
+ if( rc )
+ log_error(_("dearmoring failed: %s\n"), g10_errstr(rc));
+ break;
+
+ case aEnArmor:
+ if( argc > 1 )
+ wrong_args("--enarmor [file]");
+ rc = enarmor_file( argc? *argv: NULL );
+ if( rc )
+ log_error(_("enarmoring failed: %s\n"), g10_errstr(rc));
+ break;
+
+
+ case aPrimegen:
+#if 0 /*FIXME*/
+ { int mode = argc < 2 ? 0 : atoi(*argv);
+
+ if( mode == 1 && argc == 2 ) {
+ mpi_print( stdout, generate_public_prime( atoi(argv[1]) ), 1);
+ }
+ else if( mode == 2 && argc == 3 ) {
+ mpi_print( stdout, generate_elg_prime(
+ 0, atoi(argv[1]),
+ atoi(argv[2]), NULL,NULL ), 1);
+ }
+ else if( mode == 3 && argc == 3 ) {
+ MPI *factors;
+ mpi_print( stdout, generate_elg_prime(
+ 1, atoi(argv[1]),
+ atoi(argv[2]), NULL,&factors ), 1);
+ putchar('\n');
+ mpi_print( stdout, factors[0], 1 ); /* print q */
+ }
+ else if( mode == 4 && argc == 3 ) {
+ MPI g = mpi_alloc(1);
+ mpi_print( stdout, generate_elg_prime(
+ 0, atoi(argv[1]),
+ atoi(argv[2]), g, NULL ), 1);
+ putchar('\n');
+ mpi_print( stdout, g, 1 );
+ mpi_free(g);
+ }
+ else
+ wrong_args("--gen-prime mode bits [qbits] ");
+ putchar('\n');
+ }
+#endif
+ wrong_args("--gen-prime not yet supported ");
+ break;
+
+ case aGenRandom:
+ {
+ int level = argc ? atoi(*argv):0;
+ int count = argc > 1 ? atoi(argv[1]): 0;
+ int endless = !count;
+
+ if( argc < 1 || argc > 2 || level < 0 || level > 2 || count < 0 )
+ wrong_args("--gen-random 0|1|2 [count]");
+
+ while( endless || count ) {
+ byte *p;
+ /* Wee need a multiple of 3, so that in case of
+ armored output we get a correct string. No
+ linefolding is done, as it is best to levae this to
+ other tools */
+ size_t n = !endless && count < 99? count : 99;
+
+ p = gcry_random_bytes (n, level);
+#ifdef HAVE_DOSISH_SYSTEM
+ setmode ( fileno(stdout), O_BINARY );
+#endif
+ if (opt.armor) {
+ char *tmp = make_radix64_string (p, n);
+ fputs (tmp, stdout);
+ xfree (tmp);
+ if (n%3 == 1)
+ putchar ('=');
+ if (n%3)
+ putchar ('=');
+ } else {
+ fwrite( p, n, 1, stdout );
+ }
+ xfree(p);
+ if( !endless )
+ count -= n;
+ }
+ if (opt.armor)
+ putchar ('\n');
+ }
+ break;
+
+ case aPrintMD:
+ if( argc < 1)
+ wrong_args("--print-md algo [files]");
+ {
+ int all_algos = (**argv=='*' && !(*argv)[1]);
+ int algo = all_algos? 0 : gcry_md_map_name (*argv);
+
+ if( !algo && !all_algos )
+ log_error(_("invalid hash algorithm `%s'\n"), *argv );
+ else {
+ argc--; argv++;
+ if( !argc )
+ print_mds(NULL, algo);
+ else {
+ for(; argc; argc--, argv++ )
+ print_mds(*argv, algo);
+ }
+ }
+ }
+ break;
+
+ case aPrintMDs: /* old option */
+ if( !argc )
+ print_mds(NULL,0);
+ else {
+ for(; argc; argc--, argv++ )
+ print_mds(*argv,0);
+ }
+ break;
+
+ case aListTrustDB:
+ if( !argc )
+ list_trustdb(NULL);
+ else {
+ for( ; argc; argc--, argv++ )
+ list_trustdb( *argv );
+ }
+ break;
+
+ case aUpdateTrustDB:
+ if( argc )
+ wrong_args("--update-trustdb");
+ update_trustdb();
+ break;
+
+ case aCheckTrustDB:
+ /* Old versions allowed for arguments - ignore them */
+ check_trustdb();
+ break;
+
+ case aFixTrustDB:
+ how_to_fix_the_trustdb ();
+ break;
+
+ case aListTrustPath:
+ if( !argc )
+ wrong_args("--list-trust-path <user-ids>");
+ for( ; argc; argc--, argv++ ) {
+ username = make_username( *argv );
+ list_trust_path( username );
+ xfree(username);
+ }
+ break;
+
+ case aExportOwnerTrust:
+ if( argc )
+ wrong_args("--export-ownertrust");
+ export_ownertrust();
+ break;
+
+ case aImportOwnerTrust:
+ if( argc > 1 )
+ wrong_args("--import-ownertrust [file]");
+ import_ownertrust( argc? *argv:NULL );
+ break;
+
+ case aRebuildKeydbCaches:
+ if (argc)
+ wrong_args ("--rebuild-keydb-caches");
+ keydb_rebuild_caches (1);
+ break;
+
+#ifdef ENABLE_CARD_SUPPORT
+ case aCardStatus:
+ if (argc)
+ wrong_args ("--card-status");
+ card_status (stdout, NULL, 0);
+ break;
+
+ case aCardEdit:
+ if (argc) {
+ sl = NULL;
+ for (argc--, argv++ ; argc; argc--, argv++)
+ append_to_strlist (&sl, *argv);
+ card_edit (sl);
+ free_strlist (sl);
+ }
+ else
+ card_edit (NULL);
+ break;
+
+ case aChangePIN:
+ if (!argc)
+ change_pin (0,1);
+ else if (argc == 1)
+ change_pin (atoi (*argv),1);
+ else
+ wrong_args ("--change-pin [no]");
+ break;
+#endif /* ENABLE_CARD_SUPPORT*/
+
+ case aListConfig:
+ {
+ char *str=collapse_args(argc,argv);
+ list_config(str);
+ xfree(str);
+ }
+ break;
+
+ case aListPackets:
+ opt.list_packets=2;
+ default:
+ if( argc > 1 )
+ wrong_args(_("[filename]"));
+ /* Issue some output for the unix newbie */
+ if( !fname && !opt.outfile && isatty( fileno(stdin) )
+ && isatty( fileno(stdout) ) && isatty( fileno(stderr) ) )
+ log_info(_("Go ahead and type your message ...\n"));
+
+ a = iobuf_open(fname);
+ if (a && is_secured_file (iobuf_get_fd (a)))
+ {
+ iobuf_close (a);
+ a = NULL;
+ errno = EPERM;
+ }
+ if( !a )
+ log_error(_("can't open `%s'\n"), print_fname_stdin(fname));
+ else {
+
+ if( !opt.no_armor ) {
+ if( use_armor_filter( a ) ) {
+ afx = new_armor_context ();
+ push_armor_filter (afx, a);
+ }
+ }
+ if( cmd == aListPackets ) {
+ set_packet_list_mode(1);
+ opt.list_packets=1;
+ }
+ rc = proc_packets(NULL, a );
+ if( rc )
+ log_error("processing message failed: %s\n", g10_errstr(rc) );
+ iobuf_close(a);
+ }
+ break;
+ }
+
+ /* cleanup */
+ release_armor_context (afx);
+ FREE_STRLIST(remusr);
+ FREE_STRLIST(locusr);
+ g10_exit(0);
+ return 8; /*NEVER REACHED*/
+}
+
+
+/* Note: This function is used by signal handlers!. */
+static void
+emergency_cleanup (void)
+{
+ gcry_control (GCRYCTL_TERM_SECMEM );
+}
+
+
+void
+g10_exit( int rc )
+{
+ gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
+ if ( (opt.debug & DBG_MEMSTAT_VALUE) )
+ {
+ gcry_control (GCRYCTL_DUMP_MEMORY_STATS);
+ gcry_control (GCRYCTL_DUMP_RANDOM_STATS);
+ }
+ if (opt.debug)
+ gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
+
+ emergency_cleanup ();
+
+ rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0;
+ exit (rc);
+}
+
+
+/* Pretty-print hex hashes. This assumes at least an 80-character
+ display, but there are a few other similar assumptions in the
+ display code. */
+static void
+print_hex( gcry_md_hd_t md, int algo, const char *fname )
+{
+ int i,n,count,indent=0;
+ const byte *p;
+
+ if(fname)
+ indent=printf("%s: ",fname);
+
+ if(indent>40)
+ {
+ printf("\n");
+ indent=0;
+ }
+
+ if(algo==DIGEST_ALGO_RMD160)
+ indent+=printf("RMD160 = ");
+ else if(algo>0)
+ indent+=printf("%6s = ", gcry_md_algo_name (algo));
+ else
+ algo=abs(algo);
+
+ count=indent;
+
+ p = gcry_md_read (md, algo);
+ n = gcry_md_get_algo_dlen (algo);
+
+ count += printf ("%02X",*p++);
+
+ for(i=1;i<n;i++,p++)
+ {
+ if(n==16)
+ {
+ if(count+2>79)
+ {
+ printf("\n%*s",indent," ");
+ count=indent;
+ }
+ else
+ count+=printf(" ");
+
+ if(!(i%8))
+ count+=printf(" ");
+ }
+ else if (n==20)
+ {
+ if(!(i%2))
+ {
+ if(count+4>79)
+ {
+ printf("\n%*s",indent," ");
+ count=indent;
+ }
+ else
+ count+=printf(" ");
+ }
+
+ if(!(i%10))
+ count+=printf(" ");
+ }
+ else
+ {
+ if(!(i%4))
+ {
+ if(count+8>79)
+ {
+ printf("\n%*s",indent," ");
+ count=indent;
+ }
+ else
+ count+=printf(" ");
+ }
+ }
+
+ count+=printf("%02X",*p);
+ }
+
+ printf("\n");
+}
+
+static void
+print_hashline( gcry_md_hd_t md, int algo, const char *fname )
+{
+ int i, n;
+ const byte *p;
+
+ if ( fname ) {
+ for (p = fname; *p; p++ ) {
+ if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' )
+ printf("%%%02X", *p );
+ else
+ putchar( *p );
+ }
+ }
+ putchar(':');
+ printf("%d:", algo );
+ p = gcry_md_read (md, algo);
+ n = gcry_md_get_algo_dlen (algo);
+ for(i=0; i < n ; i++, p++ )
+ printf("%02X", *p );
+ putchar(':');
+ putchar('\n');
+}
+
+static void
+print_mds( const char *fname, int algo )
+{
+ FILE *fp;
+ char buf[1024];
+ size_t n;
+ gcry_md_hd_t md;
+
+ if( !fname ) {
+ fp = stdin;
+#ifdef HAVE_DOSISH_SYSTEM
+ setmode ( fileno(fp) , O_BINARY );
+#endif
+ }
+ else {
+ fp = fopen( fname, "rb" );
+ if (fp && is_secured_file (fileno (fp)))
+ {
+ fclose (fp);
+ fp = NULL;
+ errno = EPERM;
+ }
+ }
+ if( !fp ) {
+ log_error("%s: %s\n", fname?fname:"[stdin]", strerror(errno) );
+ return;
+ }
+
+ gcry_md_open (&md, 0, 0);
+ if( algo )
+ gcry_md_enable (md, algo);
+ else {
+ gcry_md_enable (md, GCRY_MD_MD5);
+ gcry_md_enable (md, GCRY_MD_SHA1);
+ gcry_md_enable (md, GCRY_MD_RMD160);
+ if (!openpgp_md_test_algo (GCRY_MD_SHA224))
+ gcry_md_enable (md, GCRY_MD_SHA224);
+ if (!openpgp_md_test_algo (GCRY_MD_SHA256))
+ gcry_md_enable (md, GCRY_MD_SHA256);
+ if (!openpgp_md_test_algo (GCRY_MD_SHA384))
+ gcry_md_enable (md, GCRY_MD_SHA384);
+ if (!openpgp_md_test_algo (GCRY_MD_SHA512))
+ gcry_md_enable (md, GCRY_MD_SHA512);
+ }
+
+ while( (n=fread( buf, 1, DIM(buf), fp )) )
+ gcry_md_write (md, buf, n);
+ if( ferror(fp) )
+ log_error("%s: %s\n", fname?fname:"[stdin]", strerror(errno) );
+ else {
+ gcry_md_final (md);
+ if ( opt.with_colons ) {
+ if ( algo )
+ print_hashline( md, algo, fname );
+ else {
+ print_hashline( md, GCRY_MD_MD5, fname );
+ print_hashline( md, GCRY_MD_SHA1, fname );
+ if (!gcry_md_test_algo (GCRY_MD_RMD160))
+ print_hashline( md, GCRY_MD_RMD160, fname );
+ if (!gcry_md_test_algo (GCRY_MD_SHA224))
+ print_hashline (md, GCRY_MD_SHA224, fname);
+ if (!gcry_md_test_algo (GCRY_MD_SHA256))
+ print_hashline( md, GCRY_MD_SHA256, fname );
+ if (!gcry_md_test_algo (GCRY_MD_SHA384))
+ print_hashline ( md, GCRY_MD_SHA384, fname );
+ if (!gcry_md_test_algo (GCRY_MD_SHA512))
+ print_hashline ( md, GCRY_MD_SHA512, fname );
+ }
+ }
+ else {
+ if( algo )
+ print_hex(md,-algo,fname);
+ else {
+ print_hex( md, GCRY_MD_MD5, fname );
+ print_hex( md, GCRY_MD_SHA1, fname );
+ if (!gcry_md_test_algo (GCRY_MD_RMD160))
+ print_hex( md, GCRY_MD_RMD160, fname );
+ if (!gcry_md_test_algo (GCRY_MD_SHA224))
+ print_hex (md, GCRY_MD_SHA224, fname);
+ if (!gcry_md_test_algo (GCRY_MD_SHA256))
+ print_hex( md, GCRY_MD_SHA256, fname );
+ if (!gcry_md_test_algo (GCRY_MD_SHA384))
+ print_hex( md, GCRY_MD_SHA384, fname );
+ if (!gcry_md_test_algo (GCRY_MD_SHA512))
+ print_hex( md, GCRY_MD_SHA512, fname );
+ }
+ }
+ }
+ gcry_md_close(md);
+
+ if( fp != stdin )
+ fclose(fp);
+}
+
+
+/****************
+ * Check the supplied name,value string and add it to the notation
+ * data to be used for signatures. which==0 for sig notations, and 1
+ * for cert notations.
+*/
+static void
+add_notation_data( const char *string, int which )
+{
+ struct notation *notation;
+
+ notation=string_to_notation(string,utf8_strings);
+ if(notation)
+ {
+ if(which)
+ {
+ notation->next=opt.cert_notations;
+ opt.cert_notations=notation;
+ }
+ else
+ {
+ notation->next=opt.sig_notations;
+ opt.sig_notations=notation;
+ }
+ }
+}
+
+static void
+add_policy_url( const char *string, int which )
+{
+ unsigned int i,critical=0;
+ strlist_t sl;
+
+ if(*string=='!')
+ {
+ string++;
+ critical=1;
+ }
+
+ for(i=0;i<strlen(string);i++)
+ if( !isascii (string[i]) || iscntrl(string[i]))
+ break;
+
+ if(i==0 || i<strlen(string))
+ {
+ if(which)
+ log_error(_("the given certification policy URL is invalid\n"));
+ else
+ log_error(_("the given signature policy URL is invalid\n"));
+ }
+
+ if(which)
+ sl=add_to_strlist( &opt.cert_policy_url, string );
+ else
+ sl=add_to_strlist( &opt.sig_policy_url, string );
+
+ if(critical)
+ sl->flags |= 1;
+}
+
+static void
+add_keyserver_url( const char *string, int which )
+{
+ unsigned int i,critical=0;
+ strlist_t sl;
+
+ if(*string=='!')
+ {
+ string++;
+ critical=1;
+ }
+
+ for(i=0;i<strlen(string);i++)
+ if( !isascii (string[i]) || iscntrl(string[i]))
+ break;
+
+ if(i==0 || i<strlen(string))
+ {
+ if(which)
+ BUG();
+ else
+ log_error(_("the given preferred keyserver URL is invalid\n"));
+ }
+
+ if(which)
+ BUG();
+ else
+ sl=add_to_strlist( &opt.sig_keyserver_url, string );
+
+ if(critical)
+ sl->flags |= 1;
+}
diff --git a/g10/gpg.h b/g10/gpg.h
new file mode 100644
index 0000000..e152b27
--- /dev/null
+++ b/g10/gpg.h
@@ -0,0 +1,122 @@
+/* gpg.h - top level include file for gpg etc.
+ * Copyright (C) 2003, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef GNUPG_G10_GPG_H
+#define GNUPG_G10_GPG_H
+
+/* Note, that this file should be the first one after the system
+ header files. This is required to set the error source to the
+ correct value and may be of advantage if we ever have to do
+ special things. */
+
+#ifdef GPG_ERR_SOURCE_DEFAULT
+#error GPG_ERR_SOURCE_DEFAULT already defined
+#endif
+#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GPG
+#define map_assuan_err(a) \
+ map_assuan_err_with_source (GPG_ERR_SOURCE_DEFAULT, (a))
+#include <gpg-error.h>
+#include <gcrypt.h>
+
+
+/* Number of bits we accept when reading or writing MPIs. */
+#define MAX_EXTERN_MPI_BITS 16384
+
+/* The maximum length of a binary fingerprints. */
+#define MAX_FINGERPRINT_LEN 20
+
+
+/*
+ Forward declarations.
+ */
+
+/* Object used to keep state locally to server.c . */
+struct server_local_s;
+
+/* Object used to describe a keyblok node. */
+typedef struct kbnode_struct *KBNODE;
+/* Object used for looking ob keys. */
+typedef struct keydb_search_desc KEYDB_SEARCH_DESC;
+
+
+
+/* Session control object. This object is passed to most functions to
+ convey the status of a session. Note that the defaults are set by
+ gpg_init_default_ctrl(). */
+struct server_control_s
+{
+ struct server_local_s *server_local;
+};
+
+
+
+
+
+/*
+ Compatibility stuff to be faded out over time.
+ */
+
+/* Simple wrappers. */
+#define g10_errstr(a) gpg_strerror ((a))
+
+
+/* Mapping of the old error codes to the gpg-error ones. Fixme: This
+ is just a temporary solution: We need to do all these gpg_error()
+ calls in the code. */
+#define G10ERR_BAD_KEY GPG_ERR_BAD_KEY
+#define G10ERR_BAD_PASS GPG_ERR_BAD_PASS
+#define G10ERR_BAD_PUBKEY GPG_ERR_BAD_PUBKEY
+#define G10ERR_BAD_SIGN GPG_ERR_BAD_SIGNATURE
+#define G10ERR_BAD_URI GPG_ERR_BAD_URI
+#define G10ERR_CHECKSUM GPG_ERR_CHECKSUM
+#define G10ERR_CIPHER_ALGO GPG_ERR_CIPHER_ALGO
+#define G10ERR_CLOSE_FILE GPG_ERR_CLOSE_FILE
+#define G10ERR_COMPR_ALGO GPG_ERR_COMPR_ALGO
+#define G10ERR_CREATE_FILE GPG_ERR_CREATE_FILE
+#define G10ERR_DIGEST_ALGO GPG_ERR_DIGEST_ALGO
+#define G10ERR_FILE_EXISTS GPG_ERR_EEXIST
+#define G10ERR_GENERAL GPG_ERR_GENERAL
+#define G10ERR_INV_ARG GPG_ERR_INV_ARG
+#define G10ERR_INV_KEYRING GPG_ERR_INV_KEYRING
+#define G10ERR_INV_USER_ID GPG_ERR_INV_USER_ID
+#define G10ERR_INVALID_ARMOR GPG_ERR_INV_ARMOR
+#define G10ERR_INVALID_PACKET GPG_ERR_INV_PACKET
+#define G10ERR_KEYRING_OPEN GPG_ERR_KEYRING_OPEN
+#define G10ERR_KEYSERVER GPG_ERR_KEYSERVER
+#define G10ERR_NO_DATA GPG_ERR_NO_DATA
+#define G10ERR_NO_PUBKEY GPG_ERR_NO_PUBKEY
+#define G10ERR_NO_SECKEY GPG_ERR_NO_SECKEY
+#define G10ERR_NO_USER_ID GPG_ERR_NO_USER_ID
+#define G10ERR_NOT_PROCESSED GPG_ERR_NOT_PROCESSED
+#define G10ERR_OPEN_FILE GPG_ERR_OPEN_FILE
+#define G10ERR_PASSPHRASE GPG_ERR_PASSPHRASE
+#define G10ERR_PUBKEY_ALGO GPG_ERR_PUBKEY_ALGO
+#define G10ERR_READ_FILE GPG_ERR_READ_FILE
+#define G10ERR_RENAME_FILE GPG_ERR_RENAME_FILE
+#define G10ERR_RESOURCE_LIMIT GPG_ERR_RESOURCE_LIMIT
+#define G10ERR_SIG_CLASS GPG_ERR_SIG_CLASS
+#define G10ERR_TIME_CONFLICT GPG_ERR_TIME_CONFLICT
+#define G10ERR_TRUSTDB GPG_ERR_TRUSTDB
+#define G10ERR_UNEXPECTED GPG_ERR_UNEXPECTED
+#define G10ERR_UNKNOWN_PACKET GPG_ERR_UNKNOWN_PACKET
+#define G10ERR_UNSUPPORTED GPG_ERR_UNSUPPORTED
+#define G10ERR_UNU_PUBKEY GPG_ERR_UNUSABLE_PUBKEY
+#define G10ERR_UNU_SECKEY GPG_ERR_UNUSABLE_SECKEY
+#define G10ERR_WRONG_SECKEY GPG_ERR_WRONG_SECKEY
+
+#endif /*GNUPG_G10_GPG_H*/
diff --git a/g10/gpgv.c b/g10/gpgv.c
new file mode 100644
index 0000000..42452b7
--- /dev/null
+++ b/g10/gpgv.c
@@ -0,0 +1,537 @@
+/* gpgv.c - The GnuPG signature verify utility
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2005, 2006,
+ * 2008, 2009, 2012 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#ifdef HAVE_DOSISH_SYSTEM
+#include <fcntl.h> /* for setmode() */
+#endif
+#ifdef HAVE_LIBREADLINE
+#define GNUPG_LIBREADLINE_H_INCLUDED
+#include <readline/readline.h>
+#endif
+
+#define INCLUDED_BY_MAIN_MODULE 1
+#include "gpg.h"
+#include "packet.h"
+#include "iobuf.h"
+#include "util.h"
+#include "main.h"
+#include "options.h"
+#include "keydb.h"
+#include "trustdb.h"
+#include "cipher.h"
+#include "filter.h"
+#include "ttyio.h"
+#include "i18n.h"
+#include "sysutils.h"
+#include "status.h"
+#include "call-agent.h"
+
+
+enum cmd_and_opt_values {
+ aNull = 0,
+ oQuiet = 'q',
+ oVerbose = 'v',
+ oBatch = 500,
+ oKeyring,
+ oIgnoreTimeConflict,
+ oStatusFD,
+ oLoggerFD,
+ oHomedir,
+ aTest
+};
+
+
+static ARGPARSE_OPTS opts[] = {
+ ARGPARSE_group (300, N_("@\nOptions:\n ")),
+
+ ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
+ ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
+ ARGPARSE_s_s (oKeyring, "keyring",
+ N_("|FILE|take the keys from the keyring FILE")),
+ ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict",
+ N_("make timestamp conflicts only a warning")),
+ ARGPARSE_s_i (oStatusFD, "status-fd",
+ N_("|FD|write status info to this FD")),
+ ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
+ ARGPARSE_s_s (oHomedir, "homedir", "@"),
+
+ ARGPARSE_end ()
+};
+
+
+
+int g10_errors_seen = 0;
+
+
+static char *
+make_libversion (const char *libname, const char *(*getfnc)(const char*))
+{
+ const char *s;
+ char *result;
+
+ s = getfnc (NULL);
+ result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
+ strcpy (stpcpy (stpcpy (result, libname), " "), s);
+ return result;
+}
+
+static const char *
+my_strusage( int level )
+{
+ static char *ver_gcry;
+ const char *p;
+
+ switch (level)
+ {
+ case 11: p = "gpgv (GnuPG)";
+ break;
+ case 13: p = VERSION; break;
+ case 17: p = PRINTABLE_OS_NAME; break;
+ case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+ case 1:
+ case 40: p = _("Usage: gpgv [options] [files] (-h for help)");
+ break;
+ case 41: p = _("Syntax: gpgv [options] [files]\n"
+ "Check signatures against known trusted keys\n");
+ break;
+
+ case 20:
+ if (!ver_gcry)
+ ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
+ p = ver_gcry;
+ break;
+
+
+ default: p = NULL;
+ }
+ return p;
+}
+
+
+
+int
+main( int argc, char **argv )
+{
+ ARGPARSE_ARGS pargs;
+ int rc=0;
+ strlist_t sl;
+ strlist_t nrings=NULL;
+ unsigned configlineno;
+
+ set_strusage (my_strusage);
+ log_set_prefix ("gpgv", 1);
+
+ /* Make sure that our subsystems are ready. */
+ i18n_init();
+ init_common_subsystems ();
+
+ gnupg_init_signals (0, NULL);
+
+ opt.command_fd = -1; /* no command fd */
+ opt.pgp2_workarounds = 1;
+ opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
+ opt.trust_model = TM_ALWAYS;
+ opt.batch = 1;
+
+ opt.homedir = default_homedir ();
+
+ tty_no_terminal(1);
+ tty_batchmode(1);
+ disable_dotlock();
+
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags= 1; /* do not remove the args */
+ while (optfile_parse( NULL, NULL, &configlineno, &pargs, opts))
+ {
+ switch (pargs.r_opt)
+ {
+ case oQuiet: opt.quiet = 1; break;
+ case oVerbose:
+ opt.verbose++;
+ opt.list_sigs=1;
+ gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
+ break;
+ case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
+ case oStatusFD: set_status_fd( pargs.r.ret_int ); break;
+ case oLoggerFD:
+ log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
+ break;
+ case oHomedir: opt.homedir = pargs.r.ret_str; break;
+ case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
+ default : pargs.err = ARGPARSE_PRINT_ERROR; break;
+ }
+ }
+
+ if (log_get_errorcount (0))
+ g10_exit(2);
+
+ if (opt.verbose > 1)
+ set_packet_list_mode(1);
+
+ /* Note: We open all keyrings in read-only mode (flag value: 8). */
+ if (!nrings) /* No keyring given: use default one. */
+ keydb_add_resource ("trustedkeys" EXTSEP_S "gpg", 8, 0);
+ for (sl = nrings; sl; sl = sl->next)
+ keydb_add_resource (sl->d, 8, 0 );
+
+ FREE_STRLIST (nrings);
+
+ if ( (rc = verify_signatures( argc, argv ) ))
+ log_error("verify signatures failed: %s\n", g10_errstr(rc) );
+
+ /* cleanup */
+ g10_exit (0);
+ return 8; /*NOTREACHED*/
+}
+
+
+void
+g10_exit( int rc )
+{
+ rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0;
+ exit(rc );
+}
+
+
+/* Stub:
+ * We have to override the trustcheck from pkclist.c becuase
+ * this utility assumes that all keys in the keyring are trustworthy
+ */
+int
+check_signatures_trust( PKT_signature *sig )
+{
+ (void)sig;
+ return 0;
+}
+
+void
+read_trust_options(byte *trust_model, ulong *created, ulong *nextcheck,
+ byte *marginals, byte *completes, byte *cert_depth,
+ byte *min_cert_level)
+{
+ (void)trust_model;
+ (void)created;
+ (void)nextcheck;
+ (void)marginals;
+ (void)completes;
+ (void)cert_depth;
+ (void)min_cert_level;
+}
+
+/* Stub:
+ * We don't have the trustdb , so we have to provide some stub functions
+ * instead
+ */
+
+int
+cache_disabled_value(PKT_public_key *pk)
+{
+ (void)pk;
+ return 0;
+}
+
+void
+check_trustdb_stale(void)
+{
+}
+
+int
+get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
+{
+ (void)pk;
+ (void)uid;
+ return '?';
+}
+
+unsigned int
+get_validity (PKT_public_key *pk, PKT_user_id *uid)
+{
+ (void)pk;
+ (void)uid;
+ return 0;
+}
+
+const char *
+trust_value_to_string (unsigned int value)
+{
+ (void)value;
+ return "err";
+}
+
+const char *
+uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid)
+{
+ (void)key;
+ (void)uid;
+ return "err";
+}
+
+int
+get_ownertrust_info (PKT_public_key *pk)
+{
+ (void)pk;
+ return '?';
+}
+
+unsigned int
+get_ownertrust (PKT_public_key *pk)
+{
+ (void)pk;
+ return TRUST_UNKNOWN;
+}
+
+
+/* Stubs:
+ * Because we only work with trusted keys, it does not make sense to
+ * get them from a keyserver
+ */
+
+struct keyserver_spec *
+keyserver_match (struct keyserver_spec *spec)
+{
+ (void)spec;
+ return NULL;
+}
+
+int
+keyserver_import_keyid (u32 *keyid, void *dummy)
+{
+ (void)keyid;
+ (void)dummy;
+ return -1;
+}
+
+int
+keyserver_import_cert (const char *name)
+{
+ (void)name;
+ return -1;
+}
+
+int
+keyserver_import_pka (const char *name,unsigned char *fpr)
+{
+ (void)name;
+ (void)fpr;
+ return -1;
+}
+
+int
+keyserver_import_name (const char *name,struct keyserver_spec *spec)
+{
+ (void)name;
+ (void)spec;
+ return -1;
+}
+
+int
+keyserver_import_ldap (const char *name)
+{
+ (void)name;
+ return -1;
+}
+
+/* Stub:
+ * No encryption here but mainproc links to these functions.
+ */
+int
+get_session_key (PKT_pubkey_enc *k, DEK *dek)
+{
+ (void)k;
+ (void)dek;
+ return G10ERR_GENERAL;
+}
+
+/* Stub: */
+int
+get_override_session_key (DEK *dek, const char *string)
+{
+ (void)dek;
+ (void)string;
+ return G10ERR_GENERAL;
+}
+
+/* Stub: */
+int
+decrypt_data (void *procctx, PKT_encrypted *ed, DEK *dek)
+{
+ (void)procctx;
+ (void)ed;
+ (void)dek;
+ return G10ERR_GENERAL;
+}
+
+
+/* Stub:
+ * No interactive commands, so we don't need the helptexts
+ */
+void
+display_online_help (const char *keyword)
+{
+ (void)keyword;
+}
+
+/* Stub:
+ * We don't use secret keys, but getkey.c links to this
+ */
+int
+check_secret_key (PKT_secret_key *sk, int n)
+{
+ (void)sk;
+ (void)n;
+ return G10ERR_GENERAL;
+}
+
+/* Stub:
+ * No secret key, so no passphrase needed
+ */
+DEK *
+passphrase_to_dek (u32 *keyid, int pubkey_algo,
+ int cipher_algo, STRING2KEY *s2k, int mode,
+ const char *tmp, int *canceled)
+{
+ (void)keyid;
+ (void)pubkey_algo;
+ (void)cipher_algo;
+ (void)s2k;
+ (void)mode;
+ (void)tmp;
+
+ if (canceled)
+ *canceled = 0;
+ return NULL;
+}
+
+void
+passphrase_clear_cache (u32 *keyid, const char *cacheid, int algo)
+{
+ (void)keyid;
+ (void)cacheid;
+ (void)algo;
+}
+
+struct keyserver_spec *
+parse_preferred_keyserver(PKT_signature *sig)
+{
+ (void)sig;
+ return NULL;
+}
+
+struct keyserver_spec *
+parse_keyserver_uri (const char *uri, int require_scheme,
+ const char *configname, unsigned int configlineno)
+{
+ (void)uri;
+ (void)require_scheme;
+ (void)configname;
+ (void)configlineno;
+ return NULL;
+}
+
+void
+free_keyserver_spec (struct keyserver_spec *keyserver)
+{
+ (void)keyserver;
+}
+
+/* Stubs to avoid linking to photoid.c */
+void
+show_photos (const struct user_attribute *attrs, int count, PKT_public_key *pk)
+{
+ (void)attrs;
+ (void)count;
+ (void)pk;
+}
+
+int
+parse_image_header (const struct user_attribute *attr, byte *type, u32 *len)
+{
+ (void)attr;
+ (void)type;
+ (void)len;
+ return 0;
+}
+
+char *
+image_type_to_string (byte type, int string)
+{
+ (void)type;
+ (void)string;
+ return NULL;
+}
+
+#ifdef ENABLE_CARD_SUPPORT
+int
+agent_scd_getattr (const char *name, struct agent_card_info_s *info)
+{
+ (void)name;
+ (void)info;
+ return 0;
+}
+#endif /* ENABLE_CARD_SUPPORT */
+
+/* We do not do any locking, so use these stubs here */
+void
+disable_dotlock (void)
+{
+}
+
+DOTLOCK
+create_dotlock (const char *file_to_lock)
+{
+ (void)file_to_lock;
+ return NULL;
+}
+
+void
+destroy_dotlock (DOTLOCK h)
+{
+ (void)h;
+}
+
+int
+make_dotlock (DOTLOCK h, long timeout)
+{
+ (void)h;
+ (void)timeout;
+ return 0;
+}
+
+int
+release_dotlock (DOTLOCK h)
+{
+ (void)h;
+ return 0;
+}
+
+void
+remove_lockfiles (void)
+{
+}
+
diff --git a/g10/helptext.c b/g10/helptext.c
new file mode 100644
index 0000000..bf818fa
--- /dev/null
+++ b/g10/helptext.c
@@ -0,0 +1,88 @@
+/* helptext.c - English help texts
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002,
+ * 2004, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "ttyio.h"
+#include "main.h"
+#include "i18n.h"
+
+
+
+
+/* Helper to get the help through the configurable GnuPG help
+ system. */
+static char *
+get_help_from_file (const char *keyword)
+{
+ char *key, *result;
+
+ key = xtrymalloc (4 + strlen (keyword) + 1);
+ if (key)
+ {
+ strcpy (stpcpy (key, "gpg."), keyword);
+ result = gnupg_get_help_string (key, 0);
+ xfree (key);
+ if (result && !is_native_utf8 ())
+ {
+ char *tmp = utf8_to_native (result, strlen (result), -1);
+ if (tmp)
+ {
+ xfree (result);
+ result = tmp;
+ }
+ }
+ }
+ else
+ result = NULL;
+ return result;
+}
+
+
+void
+display_online_help( const char *keyword )
+{
+ char *result;
+ int need_final_lf = 1;
+
+ tty_kill_prompt();
+ if ( !keyword )
+ tty_printf (_("No help available") );
+ else if ( (result = get_help_from_file (keyword)) )
+ {
+ tty_printf ("%s", result);
+ if (*result && result[strlen (result)-1] == '\n')
+ need_final_lf = 0;
+ xfree (result);
+ }
+ else
+ {
+ tty_printf (_("No help available for `%s'"), keyword );
+ }
+ if (need_final_lf)
+ tty_printf("\n");
+}
+
+
diff --git a/g10/import.c b/g10/import.c
new file mode 100644
index 0000000..ba2439d
--- /dev/null
+++ b/g10/import.c
@@ -0,0 +1,2525 @@
+/* import.c - import a key into our key storage.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
+ * 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "packet.h"
+#include "status.h"
+#include "keydb.h"
+#include "util.h"
+#include "trustdb.h"
+#include "main.h"
+#include "i18n.h"
+#include "ttyio.h"
+#include "status.h"
+#include "keyserver-internal.h"
+
+struct stats_s {
+ ulong count;
+ ulong no_user_id;
+ ulong imported;
+ ulong imported_rsa;
+ ulong n_uids;
+ ulong n_sigs;
+ ulong n_subk;
+ ulong unchanged;
+ ulong n_revoc;
+ ulong secret_read;
+ ulong secret_imported;
+ ulong secret_dups;
+ ulong skipped_new_keys;
+ ulong not_imported;
+ ulong n_sigs_cleaned;
+ ulong n_uids_cleaned;
+};
+
+
+static int import( IOBUF inp, const char* fname,struct stats_s *stats,
+ unsigned char **fpr,size_t *fpr_len,unsigned int options );
+static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root );
+static void revocation_present(KBNODE keyblock);
+static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats,
+ unsigned char **fpr,size_t *fpr_len,
+ unsigned int options,int from_sk);
+static int import_secret_one( const char *fname, KBNODE keyblock,
+ struct stats_s *stats, unsigned int options);
+static int import_revoke_cert( const char *fname, KBNODE node,
+ struct stats_s *stats);
+static int chk_self_sigs( const char *fname, KBNODE keyblock,
+ PKT_public_key *pk, u32 *keyid, int *non_self );
+static int delete_inv_parts( const char *fname, KBNODE keyblock,
+ u32 *keyid, unsigned int options );
+static int merge_blocks( const char *fname, KBNODE keyblock_orig,
+ KBNODE keyblock, u32 *keyid,
+ int *n_uids, int *n_sigs, int *n_subk );
+static int append_uid( KBNODE keyblock, KBNODE node, int *n_sigs,
+ const char *fname, u32 *keyid );
+static int append_key( KBNODE keyblock, KBNODE node, int *n_sigs,
+ const char *fname, u32 *keyid );
+static int merge_sigs( KBNODE dst, KBNODE src, int *n_sigs,
+ const char *fname, u32 *keyid );
+static int merge_keysigs( KBNODE dst, KBNODE src, int *n_sigs,
+ const char *fname, u32 *keyid );
+
+int
+parse_import_options(char *str,unsigned int *options,int noisy)
+{
+ struct parse_options import_opts[]=
+ {
+ {"import-local-sigs",IMPORT_LOCAL_SIGS,NULL,
+ N_("import signatures that are marked as local-only")},
+ {"repair-pks-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,
+ N_("repair damage from the pks keyserver during import")},
+ {"fast-import",IMPORT_FAST,NULL,
+ N_("do not update the trustdb after import")},
+ {"convert-sk-to-pk",IMPORT_SK2PK,NULL,
+ N_("create a public key when importing a secret key")},
+ {"merge-only",IMPORT_MERGE_ONLY,NULL,
+ N_("only accept updates to existing keys")},
+ {"import-clean",IMPORT_CLEAN,NULL,
+ N_("remove unusable parts from key after import")},
+ {"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL,
+ N_("remove as much as possible from key after import")},
+ /* Aliases for backward compatibility */
+ {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
+ {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL},
+ /* dummy */
+ {"import-unusable-sigs",0,NULL,NULL},
+ {"import-clean-sigs",0,NULL,NULL},
+ {"import-clean-uids",0,NULL,NULL},
+ {NULL,0,NULL,NULL}
+ };
+
+ return parse_options(str,options,import_opts,noisy);
+}
+
+void *
+import_new_stats_handle (void)
+{
+ return xmalloc_clear ( sizeof (struct stats_s) );
+}
+
+void
+import_release_stats_handle (void *p)
+{
+ xfree (p);
+}
+
+/****************
+ * Import the public keys from the given filename. Input may be armored.
+ * This function rejects all keys which are not validly self signed on at
+ * least one userid. Only user ids which are self signed will be imported.
+ * Other signatures are not checked.
+ *
+ * Actually this function does a merge. It works like this:
+ *
+ * - get the keyblock
+ * - check self-signatures and remove all userids and their signatures
+ * without/invalid self-signatures.
+ * - reject the keyblock, if we have no valid userid.
+ * - See whether we have this key already in one of our pubrings.
+ * If not, simply add it to the default keyring.
+ * - Compare the key and the self-signatures of the new and the one in
+ * our keyring. If they are different something weird is going on;
+ * ask what to do.
+ * - See whether we have only non-self-signature on one user id; if not
+ * ask the user what to do.
+ * - compare the signatures: If we already have this signature, check
+ * that they compare okay; if not, issue a warning and ask the user.
+ * (consider looking at the timestamp and use the newest?)
+ * - Simply add the signature. Can't verify here because we may not have
+ * the signature's public key yet; verification is done when putting it
+ * into the trustdb, which is done automagically as soon as this pubkey
+ * is used.
+ * - Proceed with next signature.
+ *
+ * Key revocation certificates have special handling.
+ *
+ */
+static int
+import_keys_internal( IOBUF inp, char **fnames, int nnames,
+ void *stats_handle, unsigned char **fpr, size_t *fpr_len,
+ unsigned int options )
+{
+ int i, rc = 0;
+ struct stats_s *stats = stats_handle;
+
+ if (!stats)
+ stats = import_new_stats_handle ();
+
+ if (inp) {
+ rc = import( inp, "[stream]", stats, fpr, fpr_len, options);
+ }
+ else {
+ int once = (!fnames && !nnames);
+
+ for(i=0; once || i < nnames; once=0, i++ ) {
+ const char *fname = fnames? fnames[i] : NULL;
+ IOBUF inp2 = iobuf_open(fname);
+ if( !fname )
+ fname = "[stdin]";
+ if (inp2 && is_secured_file (iobuf_get_fd (inp2)))
+ {
+ iobuf_close (inp2);
+ inp2 = NULL;
+ errno = EPERM;
+ }
+ if( !inp2 )
+ log_error(_("can't open `%s': %s\n"), fname, strerror(errno) );
+ else
+ {
+ rc = import( inp2, fname, stats, fpr, fpr_len, options );
+ iobuf_close(inp2);
+ /* Must invalidate that ugly cache to actually close it. */
+ iobuf_ioctl (NULL, 2, 0, (char*)fname);
+ if( rc )
+ log_error("import from `%s' failed: %s\n", fname,
+ g10_errstr(rc) );
+ }
+ }
+ }
+ if (!stats_handle) {
+ import_print_stats (stats);
+ import_release_stats_handle (stats);
+ }
+
+ /* If no fast import and the trustdb is dirty (i.e. we added a key
+ or userID that had something other than a selfsig, a signature
+ that was other than a selfsig, or any revocation), then
+ update/check the trustdb if the user specified by setting
+ interactive or by not setting no-auto-check-trustdb */
+
+ if(!(options&IMPORT_FAST))
+ trustdb_check_or_update();
+
+ return rc;
+}
+
+void
+import_keys( char **fnames, int nnames,
+ void *stats_handle, unsigned int options )
+{
+ import_keys_internal(NULL,fnames,nnames,stats_handle,NULL,NULL,options);
+}
+
+int
+import_keys_stream( IOBUF inp, void *stats_handle,
+ unsigned char **fpr, size_t *fpr_len,unsigned int options )
+{
+ return import_keys_internal(inp,NULL,0,stats_handle,fpr,fpr_len,options);
+}
+
+static int
+import( IOBUF inp, const char* fname,struct stats_s *stats,
+ unsigned char **fpr,size_t *fpr_len,unsigned int options )
+{
+ PACKET *pending_pkt = NULL;
+ KBNODE keyblock = NULL; /* Need to initialize because gcc can't
+ grasp the return semantics of
+ read_block. */
+ int rc = 0;
+
+ getkey_disable_caches();
+
+ if( !opt.no_armor ) { /* armored reading is not disabled */
+ armor_filter_context_t *afx;
+
+ afx = new_armor_context ();
+ afx->only_keyblocks = 1;
+ push_armor_filter (afx, inp);
+ release_armor_context (afx);
+ }
+
+ while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) {
+ if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
+ rc = import_one( fname, keyblock, stats, fpr, fpr_len, options, 0);
+ else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
+ rc = import_secret_one( fname, keyblock, stats, options );
+ else if( keyblock->pkt->pkttype == PKT_SIGNATURE
+ && keyblock->pkt->pkt.signature->sig_class == 0x20 )
+ rc = import_revoke_cert( fname, keyblock, stats );
+ else {
+ log_info( _("skipping block of type %d\n"),
+ keyblock->pkt->pkttype );
+ }
+ release_kbnode(keyblock);
+ /* fixme: we should increment the not imported counter but this
+ does only make sense if we keep on going despite of errors. */
+ if( rc )
+ break;
+ if( !(++stats->count % 100) && !opt.quiet )
+ log_info(_("%lu keys processed so far\n"), stats->count );
+ }
+ if( rc == -1 )
+ rc = 0;
+ else if( rc && rc != G10ERR_INV_KEYRING )
+ log_error( _("error reading `%s': %s\n"), fname, g10_errstr(rc));
+
+ return rc;
+}
+
+
+void
+import_print_stats (void *hd)
+{
+ struct stats_s *stats = hd;
+
+ if( !opt.quiet ) {
+ log_info(_("Total number processed: %lu\n"), stats->count );
+ if( stats->skipped_new_keys )
+ log_info(_(" skipped new keys: %lu\n"),
+ stats->skipped_new_keys );
+ if( stats->no_user_id )
+ log_info(_(" w/o user IDs: %lu\n"), stats->no_user_id );
+ if( stats->imported || stats->imported_rsa ) {
+ log_info(_(" imported: %lu"), stats->imported );
+ if (stats->imported_rsa)
+ log_printf (" (RSA: %lu)", stats->imported_rsa );
+ log_printf ("\n");
+ }
+ if( stats->unchanged )
+ log_info(_(" unchanged: %lu\n"), stats->unchanged );
+ if( stats->n_uids )
+ log_info(_(" new user IDs: %lu\n"), stats->n_uids );
+ if( stats->n_subk )
+ log_info(_(" new subkeys: %lu\n"), stats->n_subk );
+ if( stats->n_sigs )
+ log_info(_(" new signatures: %lu\n"), stats->n_sigs );
+ if( stats->n_revoc )
+ log_info(_(" new key revocations: %lu\n"), stats->n_revoc );
+ if( stats->secret_read )
+ log_info(_(" secret keys read: %lu\n"), stats->secret_read );
+ if( stats->secret_imported )
+ log_info(_(" secret keys imported: %lu\n"), stats->secret_imported );
+ if( stats->secret_dups )
+ log_info(_(" secret keys unchanged: %lu\n"), stats->secret_dups );
+ if( stats->not_imported )
+ log_info(_(" not imported: %lu\n"), stats->not_imported );
+ if( stats->n_sigs_cleaned)
+ log_info(_(" signatures cleaned: %lu\n"),stats->n_sigs_cleaned);
+ if( stats->n_uids_cleaned)
+ log_info(_(" user IDs cleaned: %lu\n"),stats->n_uids_cleaned);
+ }
+
+ if( is_status_enabled() ) {
+ char buf[14*20];
+ sprintf(buf, "%lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu",
+ stats->count,
+ stats->no_user_id,
+ stats->imported,
+ stats->imported_rsa,
+ stats->unchanged,
+ stats->n_uids,
+ stats->n_subk,
+ stats->n_sigs,
+ stats->n_revoc,
+ stats->secret_read,
+ stats->secret_imported,
+ stats->secret_dups,
+ stats->skipped_new_keys,
+ stats->not_imported );
+ write_status_text( STATUS_IMPORT_RES, buf );
+ }
+}
+
+
+/****************
+ * Read the next keyblock from stream A.
+ * PENDING_PKT should be initialzed to NULL
+ * and not chnaged form the caller.
+ * Retunr: 0 = okay, -1 no more blocks or another errorcode.
+ */
+static int
+read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+{
+ int rc;
+ PACKET *pkt;
+ KBNODE root = NULL;
+ int in_cert;
+
+ if( *pending_pkt ) {
+ root = new_kbnode( *pending_pkt );
+ *pending_pkt = NULL;
+ in_cert = 1;
+ }
+ else
+ in_cert = 0;
+ pkt = xmalloc( sizeof *pkt );
+ init_packet(pkt);
+ while( (rc=parse_packet(a, pkt)) != -1 ) {
+ if( rc ) { /* ignore errors */
+ if( rc != G10ERR_UNKNOWN_PACKET ) {
+ log_error("read_block: read error: %s\n", g10_errstr(rc) );
+ rc = G10ERR_INV_KEYRING;
+ goto ready;
+ }
+ free_packet( pkt );
+ init_packet(pkt);
+ continue;
+ }
+
+ if( !root && pkt->pkttype == PKT_SIGNATURE
+ && pkt->pkt.signature->sig_class == 0x20 ) {
+ /* this is a revocation certificate which is handled
+ * in a special way */
+ root = new_kbnode( pkt );
+ pkt = NULL;
+ goto ready;
+ }
+
+ /* make a linked list of all packets */
+ switch( pkt->pkttype ) {
+ case PKT_COMPRESSED:
+ if(check_compress_algo(pkt->pkt.compressed->algorithm))
+ {
+ rc = G10ERR_COMPR_ALGO;
+ goto ready;
+ }
+ else
+ {
+ compress_filter_context_t *cfx = xmalloc_clear( sizeof *cfx );
+ pkt->pkt.compressed->buf = NULL;
+ push_compress_filter2(a,cfx,pkt->pkt.compressed->algorithm,1);
+ }
+ free_packet( pkt );
+ init_packet(pkt);
+ break;
+
+ case PKT_RING_TRUST:
+ /* skip those packets */
+ free_packet( pkt );
+ init_packet(pkt);
+ break;
+
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_KEY:
+ if( in_cert ) { /* store this packet */
+ *pending_pkt = pkt;
+ pkt = NULL;
+ goto ready;
+ }
+ in_cert = 1;
+ default:
+ if( in_cert ) {
+ if( !root )
+ root = new_kbnode( pkt );
+ else
+ add_kbnode( root, new_kbnode( pkt ) );
+ pkt = xmalloc( sizeof *pkt );
+ }
+ init_packet(pkt);
+ break;
+ }
+ }
+ ready:
+ if( rc == -1 && root )
+ rc = 0;
+
+ if( rc )
+ release_kbnode( root );
+ else
+ *ret_root = root;
+ free_packet( pkt );
+ xfree( pkt );
+ return rc;
+}
+
+/* Walk through the subkeys on a pk to find if we have the PKS
+ disease: multiple subkeys with their binding sigs stripped, and the
+ sig for the first subkey placed after the last subkey. That is,
+ instead of "pk uid sig sub1 bind1 sub2 bind2 sub3 bind3" we have
+ "pk uid sig sub1 sub2 sub3 bind1". We can't do anything about sub2
+ and sub3, as they are already lost, but we can try and rescue sub1
+ by reordering the keyblock so that it reads "pk uid sig sub1 bind1
+ sub2 sub3". Returns TRUE if the keyblock was modified. */
+
+static int
+fix_pks_corruption(KBNODE keyblock)
+{
+ int changed=0,keycount=0;
+ KBNODE node,last=NULL,sknode=NULL;
+
+ /* First determine if we have the problem at all. Look for 2 or
+ more subkeys in a row, followed by a single binding sig. */
+ for(node=keyblock;node;last=node,node=node->next)
+ {
+ if(node->pkt->pkttype==PKT_PUBLIC_SUBKEY)
+ {
+ keycount++;
+ if(!sknode)
+ sknode=node;
+ }
+ else if(node->pkt->pkttype==PKT_SIGNATURE &&
+ node->pkt->pkt.signature->sig_class==0x18 &&
+ keycount>=2 && node->next==NULL)
+ {
+ /* We might have the problem, as this key has two subkeys in
+ a row without any intervening packets. */
+
+ /* Sanity check */
+ if(last==NULL)
+ break;
+
+ /* Temporarily attach node to sknode. */
+ node->next=sknode->next;
+ sknode->next=node;
+ last->next=NULL;
+
+ /* Note we aren't checking whether this binding sig is a
+ selfsig. This is not necessary here as the subkey and
+ binding sig will be rejected later if that is the
+ case. */
+ if(check_key_signature(keyblock,node,NULL))
+ {
+ /* Not a match, so undo the changes. */
+ sknode->next=node->next;
+ last->next=node;
+ node->next=NULL;
+ break;
+ }
+ else
+ {
+ sknode->flag |= 1; /* Mark it good so we don't need to
+ check it again */
+ changed=1;
+ break;
+ }
+ }
+ else
+ keycount=0;
+ }
+
+ return changed;
+}
+
+
+/* Versions of GnuPG before 1.4.11 and 2.0.16 allowed to import bogus
+ direct key signatures. A side effect of this was that a later
+ import of the same good direct key signatures was not possible
+ because the cmp_signature check in merge_blocks considered them
+ equal. Although direct key signatures are now checked during
+ import, there might still be bogus signatures sitting in a keyring.
+ We need to detect and delete them before doing a merge. This
+ fucntion returns the number of removed sigs. */
+static int
+fix_bad_direct_key_sigs (KBNODE keyblock, u32 *keyid)
+{
+ gpg_error_t err;
+ KBNODE node;
+ int count = 0;
+
+ for (node = keyblock->next; node; node=node->next)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID)
+ break;
+ if (node->pkt->pkttype == PKT_SIGNATURE
+ && IS_KEY_SIG (node->pkt->pkt.signature))
+ {
+ err = check_key_signature (keyblock, node, NULL);
+ if (err && gpg_err_code (err) != GPG_ERR_PUBKEY_ALGO )
+ {
+ /* If we don't know the error, we can't decide; this is
+ not a problem because cmp_signature can't compare the
+ signature either. */
+ log_info ("key %s: invalid direct key signature removed\n",
+ keystr (keyid));
+ delete_kbnode (node);
+ count++;
+ }
+ }
+ }
+
+ return count;
+}
+
+
+static void
+print_import_ok (PKT_public_key *pk, PKT_secret_key *sk, unsigned int reason)
+{
+ byte array[MAX_FINGERPRINT_LEN], *s;
+ char buf[MAX_FINGERPRINT_LEN*2+30], *p;
+ size_t i, n;
+
+ sprintf (buf, "%u ", reason);
+ p = buf + strlen (buf);
+
+ if (pk)
+ fingerprint_from_pk (pk, array, &n);
+ else
+ fingerprint_from_sk (sk, array, &n);
+ s = array;
+ for (i=0; i < n ; i++, s++, p += 2)
+ sprintf (p, "%02X", *s);
+
+ write_status_text (STATUS_IMPORT_OK, buf);
+}
+
+static void
+print_import_check (PKT_public_key * pk, PKT_user_id * id)
+{
+ char * buf;
+ byte fpr[24];
+ u32 keyid[2];
+ size_t i, pos = 0, n;
+
+ buf = xmalloc (17+41+id->len+32);
+ keyid_from_pk (pk, keyid);
+ sprintf (buf, "%08X%08X ", keyid[0], keyid[1]);
+ pos = 17;
+ fingerprint_from_pk (pk, fpr, &n);
+ for (i = 0; i < n; i++, pos += 2)
+ sprintf (buf+pos, "%02X", fpr[i]);
+ strcat (buf, " ");
+ pos += 1;
+ strcat (buf, id->name);
+ write_status_text (STATUS_IMPORT_CHECK, buf);
+ xfree (buf);
+}
+
+static void
+check_prefs_warning(PKT_public_key *pk)
+{
+ log_info(_("WARNING: key %s contains preferences for unavailable\n"
+ "algorithms on these user IDs:\n"), keystr_from_pk(pk));
+}
+
+static void
+check_prefs(KBNODE keyblock)
+{
+ KBNODE node;
+ PKT_public_key *pk;
+ int problem=0;
+
+ merge_keys_and_selfsig(keyblock);
+ pk=keyblock->pkt->pkt.public_key;
+
+ for(node=keyblock;node;node=node->next)
+ {
+ if(node->pkt->pkttype==PKT_USER_ID
+ && node->pkt->pkt.user_id->created
+ && node->pkt->pkt.user_id->prefs)
+ {
+ PKT_user_id *uid=node->pkt->pkt.user_id;
+ prefitem_t *prefs=uid->prefs;
+ char *user=utf8_to_native(uid->name,strlen(uid->name),0);
+
+ for(;prefs->type;prefs++)
+ {
+ char num[10]; /* prefs->value is a byte, so we're over
+ safe here */
+
+ sprintf(num,"%u",prefs->value);
+
+ if(prefs->type==PREFTYPE_SYM)
+ {
+ if (openpgp_cipher_test_algo (prefs->value))
+ {
+ const char *algo =
+ (openpgp_cipher_test_algo (prefs->value)
+ ? num
+ : openpgp_cipher_algo_name (prefs->value));
+ if(!problem)
+ check_prefs_warning(pk);
+ log_info(_(" \"%s\": preference for cipher"
+ " algorithm %s\n"), user, algo);
+ problem=1;
+ }
+ }
+ else if(prefs->type==PREFTYPE_HASH)
+ {
+ if(openpgp_md_test_algo(prefs->value))
+ {
+ const char *algo =
+ (gcry_md_test_algo (prefs->value)
+ ? num
+ : gcry_md_algo_name (prefs->value));
+ if(!problem)
+ check_prefs_warning(pk);
+ log_info(_(" \"%s\": preference for digest"
+ " algorithm %s\n"), user, algo);
+ problem=1;
+ }
+ }
+ else if(prefs->type==PREFTYPE_ZIP)
+ {
+ if(check_compress_algo (prefs->value))
+ {
+ const char *algo=compress_algo_to_string(prefs->value);
+ if(!problem)
+ check_prefs_warning(pk);
+ log_info(_(" \"%s\": preference for compression"
+ " algorithm %s\n"),user,algo?algo:num);
+ problem=1;
+ }
+ }
+ }
+
+ xfree(user);
+ }
+ }
+
+ if(problem)
+ {
+ log_info(_("it is strongly suggested that you update"
+ " your preferences and\n"));
+ log_info(_("re-distribute this key to avoid potential algorithm"
+ " mismatch problems\n"));
+
+ if(!opt.batch)
+ {
+ strlist_t sl=NULL,locusr=NULL;
+ size_t fprlen=0;
+ byte fpr[MAX_FINGERPRINT_LEN],*p;
+ char username[(MAX_FINGERPRINT_LEN*2)+1];
+ unsigned int i;
+
+ p=fingerprint_from_pk(pk,fpr,&fprlen);
+ for(i=0;i<fprlen;i++,p++)
+ sprintf(username+2*i,"%02X",*p);
+ add_to_strlist(&locusr,username);
+
+ append_to_strlist(&sl,"updpref");
+ append_to_strlist(&sl,"save");
+
+ keyedit_menu( username, locusr, sl, 1, 1 );
+ free_strlist(sl);
+ free_strlist(locusr);
+ }
+ else if(!opt.quiet)
+ log_info(_("you can update your preferences with:"
+ " gpg --edit-key %s updpref save\n"),keystr_from_pk(pk));
+ }
+}
+
+/****************
+ * Try to import one keyblock. Return an error only in serious cases, but
+ * never for an invalid keyblock. It uses log_error to increase the
+ * internal errorcount, so that invalid input can be detected by programs
+ * which called gpg.
+ */
+static int
+import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
+ unsigned char **fpr,size_t *fpr_len,unsigned int options,
+ int from_sk )
+{
+ PKT_public_key *pk;
+ PKT_public_key *pk_orig;
+ KBNODE node, uidnode;
+ KBNODE keyblock_orig = NULL;
+ u32 keyid[2];
+ int rc = 0;
+ int new_key = 0;
+ int mod_key = 0;
+ int same_key = 0;
+ int non_self = 0;
+
+ /* get the key and print some info about it */
+ node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
+ if( !node )
+ BUG();
+
+ pk = node->pkt->pkt.public_key;
+
+ keyid_from_pk( pk, keyid );
+ uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
+
+ if( opt.verbose && !opt.interactive )
+ {
+ log_info( "pub %4u%c/%s %s ",
+ nbits_from_pk( pk ),
+ pubkey_letter( pk->pubkey_algo ),
+ keystr_from_pk(pk), datestr_from_pk(pk) );
+ if (uidnode)
+ print_utf8_string (log_get_stream (),
+ uidnode->pkt->pkt.user_id->name,
+ uidnode->pkt->pkt.user_id->len );
+ log_printf ("\n");
+ }
+
+
+ if( !uidnode )
+ {
+ log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
+ return 0;
+ }
+
+ if (opt.interactive) {
+ if(is_status_enabled())
+ print_import_check (pk, uidnode->pkt->pkt.user_id);
+ merge_keys_and_selfsig (keyblock);
+ tty_printf ("\n");
+ show_basic_key_info (keyblock);
+ tty_printf ("\n");
+ if (!cpr_get_answer_is_yes ("import.okay",
+ "Do you want to import this key? (y/N) "))
+ return 0;
+ }
+
+ collapse_uids(&keyblock);
+
+ /* Clean the key that we're about to import, to cut down on things
+ that we have to clean later. This has no practical impact on
+ the end result, but does result in less logging which might
+ confuse the user. */
+ if(options&IMPORT_CLEAN)
+ clean_key(keyblock,opt.verbose,options&IMPORT_MINIMAL,NULL,NULL);
+
+ clear_kbnode_flags( keyblock );
+
+ if((options&IMPORT_REPAIR_PKS_SUBKEY_BUG) && fix_pks_corruption(keyblock)
+ && opt.verbose)
+ log_info(_("key %s: PKS subkey corruption repaired\n"),
+ keystr_from_pk(pk));
+
+ rc = chk_self_sigs( fname, keyblock , pk, keyid, &non_self );
+ if( rc )
+ return rc== -1? 0:rc;
+
+ /* If we allow such a thing, mark unsigned uids as valid */
+ if( opt.allow_non_selfsigned_uid )
+ for( node=keyblock; node; node = node->next )
+ if( node->pkt->pkttype == PKT_USER_ID && !(node->flag & 1) )
+ {
+ char *user=utf8_to_native(node->pkt->pkt.user_id->name,
+ node->pkt->pkt.user_id->len,0);
+ node->flag |= 1;
+ log_info( _("key %s: accepted non self-signed user ID \"%s\"\n"),
+ keystr_from_pk(pk),user);
+ xfree(user);
+ }
+
+ if( !delete_inv_parts( fname, keyblock, keyid, options ) ) {
+ log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
+ if( !opt.quiet )
+ log_info(_("this may be caused by a missing self-signature\n"));
+ stats->no_user_id++;
+ return 0;
+ }
+
+ /* do we have this key already in one of our pubrings ? */
+ pk_orig = xmalloc_clear( sizeof *pk_orig );
+ rc = get_pubkey_fast ( pk_orig, keyid );
+ if( rc && rc != G10ERR_NO_PUBKEY && rc != G10ERR_UNU_PUBKEY )
+ {
+ log_error( _("key %s: public key not found: %s\n"),
+ keystr(keyid), g10_errstr(rc));
+ }
+ else if ( rc && (opt.import_options&IMPORT_MERGE_ONLY) )
+ {
+ if( opt.verbose )
+ log_info( _("key %s: new key - skipped\n"), keystr(keyid));
+ rc = 0;
+ stats->skipped_new_keys++;
+ }
+ else if( rc ) { /* insert this key */
+ KEYDB_HANDLE hd = keydb_new (0);
+
+ rc = keydb_locate_writable (hd, NULL);
+ if (rc) {
+ log_error (_("no writable keyring found: %s\n"), g10_errstr (rc));
+ keydb_release (hd);
+ return G10ERR_GENERAL;
+ }
+ if( opt.verbose > 1 )
+ log_info (_("writing to `%s'\n"), keydb_get_resource_name (hd) );
+
+ rc = keydb_insert_keyblock (hd, keyblock );
+ if (rc)
+ log_error (_("error writing keyring `%s': %s\n"),
+ keydb_get_resource_name (hd), g10_errstr(rc));
+ else
+ {
+ /* This should not be possible since we delete the
+ ownertrust when a key is deleted, but it can happen if
+ the keyring and trustdb are out of sync. It can also
+ be made to happen with the trusted-key command. */
+
+ clear_ownertrusts (pk);
+ if(non_self)
+ revalidation_mark ();
+ }
+ keydb_release (hd);
+
+ /* we are ready */
+ if( !opt.quiet )
+ {
+ char *p=get_user_id_native (keyid);
+ log_info( _("key %s: public key \"%s\" imported\n"),
+ keystr(keyid),p);
+ xfree(p);
+ }
+ if( is_status_enabled() )
+ {
+ char *us = get_long_user_id_string( keyid );
+ write_status_text( STATUS_IMPORTED, us );
+ xfree(us);
+ print_import_ok (pk,NULL, 1);
+ }
+ stats->imported++;
+ if( is_RSA( pk->pubkey_algo ) )
+ stats->imported_rsa++;
+ new_key = 1;
+ }
+ else { /* merge */
+ KEYDB_HANDLE hd;
+ int n_uids, n_sigs, n_subk, n_sigs_cleaned, n_uids_cleaned;
+
+ /* Compare the original against the new key; just to be sure nothing
+ * weird is going on */
+ if( cmp_public_keys( pk_orig, pk ) )
+ {
+ log_error( _("key %s: doesn't match our copy\n"),keystr(keyid));
+ goto leave;
+ }
+
+ /* now read the original keyblock */
+ hd = keydb_new (0);
+ {
+ byte afp[MAX_FINGERPRINT_LEN];
+ size_t an;
+
+ fingerprint_from_pk (pk_orig, afp, &an);
+ while (an < MAX_FINGERPRINT_LEN)
+ afp[an++] = 0;
+ rc = keydb_search_fpr (hd, afp);
+ }
+ if( rc )
+ {
+ log_error (_("key %s: can't locate original keyblock: %s\n"),
+ keystr(keyid), g10_errstr(rc));
+ keydb_release (hd);
+ goto leave;
+ }
+ rc = keydb_get_keyblock (hd, &keyblock_orig );
+ if (rc)
+ {
+ log_error (_("key %s: can't read original keyblock: %s\n"),
+ keystr(keyid), g10_errstr(rc));
+ keydb_release (hd);
+ goto leave;
+ }
+
+ /* Make sure the original direct key sigs are all sane. */
+ n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid);
+ if (n_sigs_cleaned)
+ commit_kbnode (&keyblock_orig);
+
+ /* and try to merge the block */
+ clear_kbnode_flags( keyblock_orig );
+ clear_kbnode_flags( keyblock );
+ n_uids = n_sigs = n_subk = n_uids_cleaned = 0;
+ rc = merge_blocks( fname, keyblock_orig, keyblock,
+ keyid, &n_uids, &n_sigs, &n_subk );
+ if( rc )
+ {
+ keydb_release (hd);
+ goto leave;
+ }
+
+ if(options&IMPORT_CLEAN)
+ clean_key(keyblock_orig,opt.verbose,options&IMPORT_MINIMAL,
+ &n_uids_cleaned,&n_sigs_cleaned);
+
+ if( n_uids || n_sigs || n_subk || n_sigs_cleaned || n_uids_cleaned) {
+ mod_key = 1;
+ /* keyblock_orig has been updated; write */
+ rc = keydb_update_keyblock (hd, keyblock_orig);
+ if (rc)
+ log_error (_("error writing keyring `%s': %s\n"),
+ keydb_get_resource_name (hd), g10_errstr(rc) );
+ else if(non_self)
+ revalidation_mark ();
+
+ /* we are ready */
+ if( !opt.quiet )
+ {
+ char *p=get_user_id_native(keyid);
+ if( n_uids == 1 )
+ log_info( _("key %s: \"%s\" 1 new user ID\n"),
+ keystr(keyid),p);
+ else if( n_uids )
+ log_info( _("key %s: \"%s\" %d new user IDs\n"),
+ keystr(keyid),p,n_uids);
+ if( n_sigs == 1 )
+ log_info( _("key %s: \"%s\" 1 new signature\n"),
+ keystr(keyid), p);
+ else if( n_sigs )
+ log_info( _("key %s: \"%s\" %d new signatures\n"),
+ keystr(keyid), p, n_sigs );
+ if( n_subk == 1 )
+ log_info( _("key %s: \"%s\" 1 new subkey\n"),
+ keystr(keyid), p);
+ else if( n_subk )
+ log_info( _("key %s: \"%s\" %d new subkeys\n"),
+ keystr(keyid), p, n_subk );
+ if(n_sigs_cleaned==1)
+ log_info(_("key %s: \"%s\" %d signature cleaned\n"),
+ keystr(keyid),p,n_sigs_cleaned);
+ else if(n_sigs_cleaned)
+ log_info(_("key %s: \"%s\" %d signatures cleaned\n"),
+ keystr(keyid),p,n_sigs_cleaned);
+ if(n_uids_cleaned==1)
+ log_info(_("key %s: \"%s\" %d user ID cleaned\n"),
+ keystr(keyid),p,n_uids_cleaned);
+ else if(n_uids_cleaned)
+ log_info(_("key %s: \"%s\" %d user IDs cleaned\n"),
+ keystr(keyid),p,n_uids_cleaned);
+ xfree(p);
+ }
+
+ stats->n_uids +=n_uids;
+ stats->n_sigs +=n_sigs;
+ stats->n_subk +=n_subk;
+ stats->n_sigs_cleaned +=n_sigs_cleaned;
+ stats->n_uids_cleaned +=n_uids_cleaned;
+
+ if (is_status_enabled ())
+ print_import_ok (pk, NULL,
+ ((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0)));
+ }
+ else
+ {
+ same_key = 1;
+ if (is_status_enabled ())
+ print_import_ok (pk, NULL, 0);
+
+ if( !opt.quiet )
+ {
+ char *p=get_user_id_native(keyid);
+ log_info( _("key %s: \"%s\" not changed\n"),keystr(keyid),p);
+ xfree(p);
+ }
+
+ stats->unchanged++;
+ }
+
+ keydb_release (hd); hd = NULL;
+ }
+
+ leave:
+ if (mod_key || new_key || same_key)
+ {
+ /* A little explanation for this: we fill in the fingerprint
+ when importing keys as it can be useful to know the
+ fingerprint in certain keyserver-related cases (a keyserver
+ asked for a particular name, but the key doesn't have that
+ name). However, in cases where we're importing more than
+ one key at a time, we cannot know which key to fingerprint.
+ In these cases, rather than guessing, we do not
+ fingerprinting at all, and we must hope the user ID on the
+ keys are useful. Note that we need to do this for new
+ keys, merged keys and even for unchanged keys. This is
+ required because for example the --auto-key-locate feature
+ may import an already imported key and needs to know the
+ fingerprint of the key in all cases. */
+ if (fpr)
+ {
+ xfree (*fpr);
+ /* Note that we need to compare against 0 here because
+ COUNT gets only incremented after returning form this
+ function. */
+ if (stats->count == 0)
+ *fpr = fingerprint_from_pk (pk, NULL, fpr_len);
+ else
+ *fpr = NULL;
+ }
+ }
+
+ /* Now that the key is definitely incorporated into the keydb, we
+ need to check if a designated revocation is present or if the
+ prefs are not rational so we can warn the user. */
+
+ if(mod_key)
+ {
+ revocation_present(keyblock_orig);
+ if(!from_sk && seckey_available(keyid)==0)
+ check_prefs(keyblock_orig);
+ }
+ else if(new_key)
+ {
+ revocation_present(keyblock);
+ if(!from_sk && seckey_available(keyid)==0)
+ check_prefs(keyblock);
+ }
+
+ release_kbnode( keyblock_orig );
+ free_public_key( pk_orig );
+
+ return rc;
+}
+
+/* Walk a secret keyblock and produce a public keyblock out of it. */
+static KBNODE
+sec_to_pub_keyblock(KBNODE sec_keyblock)
+{
+ KBNODE secnode,pub_keyblock=NULL,ctx=NULL;
+
+ while((secnode=walk_kbnode(sec_keyblock,&ctx,0)))
+ {
+ KBNODE pubnode;
+
+ if(secnode->pkt->pkttype==PKT_SECRET_KEY ||
+ secnode->pkt->pkttype==PKT_SECRET_SUBKEY)
+ {
+ /* Make a public key. We only need to convert enough to
+ write the keyblock out. */
+
+ PKT_secret_key *sk=secnode->pkt->pkt.secret_key;
+ PACKET *pkt=xmalloc_clear(sizeof(PACKET));
+ PKT_public_key *pk=xmalloc_clear(sizeof(PKT_public_key));
+ int n;
+
+ if(secnode->pkt->pkttype==PKT_SECRET_KEY)
+ pkt->pkttype=PKT_PUBLIC_KEY;
+ else
+ pkt->pkttype=PKT_PUBLIC_SUBKEY;
+
+ pkt->pkt.public_key=pk;
+
+ pk->version=sk->version;
+ pk->timestamp=sk->timestamp;
+ pk->expiredate=sk->expiredate;
+ pk->pubkey_algo=sk->pubkey_algo;
+
+ n=pubkey_get_npkey(pk->pubkey_algo);
+ if(n==0)
+ {
+ /* we can't properly extract the pubkey without knowing
+ the number of MPIs */
+ release_kbnode(pub_keyblock);
+ return NULL;
+ }
+ else
+ {
+ int i;
+
+ for(i=0;i<n;i++)
+ pk->pkey[i]=mpi_copy(sk->skey[i]);
+ }
+
+ pubnode=new_kbnode(pkt);
+ }
+ else
+ {
+ pubnode=clone_kbnode(secnode);
+ }
+
+ if(pub_keyblock==NULL)
+ pub_keyblock=pubnode;
+ else
+ add_kbnode(pub_keyblock,pubnode);
+ }
+
+ return pub_keyblock;
+}
+
+/****************
+ * Ditto for secret keys. Handling is simpler than for public keys.
+ * We allow secret key importing only when allow is true, this is so
+ * that a secret key can not be imported accidently and thereby tampering
+ * with the trust calculation.
+ */
+static int
+import_secret_one( const char *fname, KBNODE keyblock,
+ struct stats_s *stats, unsigned int options)
+{
+ PKT_secret_key *sk;
+ KBNODE node, uidnode;
+ u32 keyid[2];
+ int rc = 0;
+
+ /* get the key and print some info about it */
+ node = find_kbnode( keyblock, PKT_SECRET_KEY );
+ if( !node )
+ BUG();
+
+ sk = node->pkt->pkt.secret_key;
+ keyid_from_sk( sk, keyid );
+ uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
+
+ if( opt.verbose )
+ {
+ log_info( "sec %4u%c/%s %s ",
+ nbits_from_sk( sk ),
+ pubkey_letter( sk->pubkey_algo ),
+ keystr_from_sk(sk), datestr_from_sk(sk) );
+ if( uidnode )
+ print_utf8_string( stderr, uidnode->pkt->pkt.user_id->name,
+ uidnode->pkt->pkt.user_id->len );
+ log_printf ("\n");
+ }
+ stats->secret_read++;
+
+ if( !uidnode )
+ {
+ log_error( _("key %s: no user ID\n"), keystr_from_sk(sk));
+ return 0;
+ }
+
+ if(sk->protect.algo>110)
+ {
+ log_error(_("key %s: secret key with invalid cipher %d"
+ " - skipped\n"),keystr_from_sk(sk),sk->protect.algo);
+ return 0;
+ }
+
+#ifdef ENABLE_SELINUX_HACKS
+ if (1)
+ {
+ /* We don't allow to import secret keys because that may be used
+ to put a secret key into the keyring and the user might later
+ be tricked into signing stuff with that key. */
+ log_error (_("importing secret keys not allowed\n"));
+ return 0;
+ }
+#endif
+
+ clear_kbnode_flags( keyblock );
+
+ /* do we have this key already in one of our secrings ? */
+ rc = seckey_available( keyid );
+ if( rc == G10ERR_NO_SECKEY && !(opt.import_options&IMPORT_MERGE_ONLY) )
+ {
+ /* simply insert this key */
+ KEYDB_HANDLE hd = keydb_new (1);
+
+ /* get default resource */
+ rc = keydb_locate_writable (hd, NULL);
+ if (rc) {
+ log_error (_("no default secret keyring: %s\n"), g10_errstr (rc));
+ keydb_release (hd);
+ return G10ERR_GENERAL;
+ }
+ rc = keydb_insert_keyblock (hd, keyblock );
+ if (rc)
+ log_error (_("error writing keyring `%s': %s\n"),
+ keydb_get_resource_name (hd), g10_errstr(rc) );
+ keydb_release (hd);
+ /* we are ready */
+ if( !opt.quiet )
+ log_info( _("key %s: secret key imported\n"), keystr_from_sk(sk));
+ stats->secret_imported++;
+ if (is_status_enabled ())
+ print_import_ok (NULL, sk, 1|16);
+
+ if(options&IMPORT_SK2PK)
+ {
+ /* Try and make a public key out of this. */
+
+ KBNODE pub_keyblock=sec_to_pub_keyblock(keyblock);
+ if(pub_keyblock)
+ {
+ import_one(fname,pub_keyblock,stats,
+ NULL,NULL,opt.import_options,1);
+ release_kbnode(pub_keyblock);
+ }
+ }
+
+ /* Now that the key is definitely incorporated into the keydb,
+ if we have the public part of this key, we need to check if
+ the prefs are rational. */
+ node=get_pubkeyblock(keyid);
+ if(node)
+ {
+ check_prefs(node);
+ release_kbnode(node);
+ }
+ }
+ else if( !rc )
+ { /* we can't merge secret keys */
+ log_error( _("key %s: already in secret keyring\n"),
+ keystr_from_sk(sk));
+ stats->secret_dups++;
+ if (is_status_enabled ())
+ print_import_ok (NULL, sk, 16);
+
+ /* TODO: if we ever do merge secret keys, make sure to handle
+ the sec_to_pub_keyblock feature as well. */
+ }
+ else
+ log_error( _("key %s: secret key not found: %s\n"),
+ keystr_from_sk(sk), g10_errstr(rc));
+
+ return rc;
+}
+
+
+/****************
+ * Import a revocation certificate; this is a single signature packet.
+ */
+static int
+import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
+{
+ PKT_public_key *pk=NULL;
+ KBNODE onode, keyblock = NULL;
+ KEYDB_HANDLE hd = NULL;
+ u32 keyid[2];
+ int rc = 0;
+
+ (void)fname;
+
+ assert( !node->next );
+ assert( node->pkt->pkttype == PKT_SIGNATURE );
+ assert( node->pkt->pkt.signature->sig_class == 0x20 );
+
+ keyid[0] = node->pkt->pkt.signature->keyid[0];
+ keyid[1] = node->pkt->pkt.signature->keyid[1];
+
+ pk = xmalloc_clear( sizeof *pk );
+ rc = get_pubkey( pk, keyid );
+ if( rc == G10ERR_NO_PUBKEY )
+ {
+ log_error(_("key %s: no public key -"
+ " can't apply revocation certificate\n"), keystr(keyid));
+ rc = 0;
+ goto leave;
+ }
+ else if( rc )
+ {
+ log_error(_("key %s: public key not found: %s\n"),
+ keystr(keyid), g10_errstr(rc));
+ goto leave;
+ }
+
+ /* read the original keyblock */
+ hd = keydb_new (0);
+ {
+ byte afp[MAX_FINGERPRINT_LEN];
+ size_t an;
+
+ fingerprint_from_pk (pk, afp, &an);
+ while (an < MAX_FINGERPRINT_LEN)
+ afp[an++] = 0;
+ rc = keydb_search_fpr (hd, afp);
+ }
+ if (rc)
+ {
+ log_error (_("key %s: can't locate original keyblock: %s\n"),
+ keystr(keyid), g10_errstr(rc));
+ goto leave;
+ }
+ rc = keydb_get_keyblock (hd, &keyblock );
+ if (rc)
+ {
+ log_error (_("key %s: can't read original keyblock: %s\n"),
+ keystr(keyid), g10_errstr(rc));
+ goto leave;
+ }
+
+ /* it is okay, that node is not in keyblock because
+ * check_key_signature works fine for sig_class 0x20 in this
+ * special case. */
+ rc = check_key_signature( keyblock, node, NULL);
+ if( rc )
+ {
+ log_error( _("key %s: invalid revocation certificate"
+ ": %s - rejected\n"), keystr(keyid), g10_errstr(rc));
+ goto leave;
+ }
+
+ /* check whether we already have this */
+ for(onode=keyblock->next; onode; onode=onode->next ) {
+ if( onode->pkt->pkttype == PKT_USER_ID )
+ break;
+ else if( onode->pkt->pkttype == PKT_SIGNATURE
+ && !cmp_signatures(node->pkt->pkt.signature,
+ onode->pkt->pkt.signature))
+ {
+ rc = 0;
+ goto leave; /* yes, we already know about it */
+ }
+ }
+
+
+ /* insert it */
+ insert_kbnode( keyblock, clone_kbnode(node), 0 );
+
+ /* and write the keyblock back */
+ rc = keydb_update_keyblock (hd, keyblock );
+ if (rc)
+ log_error (_("error writing keyring `%s': %s\n"),
+ keydb_get_resource_name (hd), g10_errstr(rc) );
+ keydb_release (hd); hd = NULL;
+ /* we are ready */
+ if( !opt.quiet )
+ {
+ char *p=get_user_id_native (keyid);
+ log_info( _("key %s: \"%s\" revocation certificate imported\n"),
+ keystr(keyid),p);
+ xfree(p);
+ }
+ stats->n_revoc++;
+
+ /* If the key we just revoked was ultimately trusted, remove its
+ ultimate trust. This doesn't stop the user from putting the
+ ultimate trust back, but is a reasonable solution for now. */
+ if(get_ownertrust(pk)==TRUST_ULTIMATE)
+ clear_ownertrusts(pk);
+
+ revalidation_mark ();
+
+ leave:
+ keydb_release (hd);
+ release_kbnode( keyblock );
+ free_public_key( pk );
+ return rc;
+}
+
+
+/*
+ * Loop over the keyblock and check all self signatures.
+ * Mark all user-ids with a self-signature by setting flag bit 0.
+ * Mark all user-ids with an invalid self-signature by setting bit 1.
+ * This works also for subkeys, here the subkey is marked. Invalid or
+ * extra subkey sigs (binding or revocation) are marked for deletion.
+ * non_self is set to true if there are any sigs other than self-sigs
+ * in this keyblock.
+ */
+static int
+chk_self_sigs( const char *fname, KBNODE keyblock,
+ PKT_public_key *pk, u32 *keyid, int *non_self )
+{
+ KBNODE n, knode = NULL;
+ PKT_signature *sig;
+ int rc;
+ u32 bsdate=0,rsdate=0;
+ KBNODE bsnode = NULL, rsnode = NULL;
+
+ (void)fname;
+ (void)pk;
+
+ for (n=keyblock; (n = find_next_kbnode (n, 0)); )
+ {
+ if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ knode = n;
+ bsdate = 0;
+ rsdate = 0;
+ bsnode = NULL;
+ rsnode = NULL;
+ continue;
+ }
+
+ if ( n->pkt->pkttype != PKT_SIGNATURE )
+ continue;
+
+ sig = n->pkt->pkt.signature;
+ if ( keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1] )
+ {
+ *non_self = 1;
+ continue;
+ }
+
+ /* This just caches the sigs for later use. That way we
+ import a fully-cached key which speeds things up. */
+ if (!opt.no_sig_cache)
+ check_key_signature (keyblock, n, NULL);
+
+ if ( IS_UID_SIG(sig) || IS_UID_REV(sig) )
+ {
+ KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
+ if ( !unode )
+ {
+ log_error( _("key %s: no user ID for signature\n"),
+ keystr(keyid));
+ return -1; /* The complete keyblock is invalid. */
+ }
+
+ /* If it hasn't been marked valid yet, keep trying. */
+ if (!(unode->flag&1))
+ {
+ rc = check_key_signature (keyblock, n, NULL);
+ if ( rc )
+ {
+ if ( opt.verbose )
+ {
+ char *p = utf8_to_native
+ (unode->pkt->pkt.user_id->name,
+ strlen (unode->pkt->pkt.user_id->name),0);
+ log_info (gpg_err_code(rc) == G10ERR_PUBKEY_ALGO ?
+ _("key %s: unsupported public key "
+ "algorithm on user ID \"%s\"\n"):
+ _("key %s: invalid self-signature "
+ "on user ID \"%s\"\n"),
+ keystr (keyid),p);
+ xfree (p);
+ }
+ }
+ else
+ unode->flag |= 1; /* Mark that signature checked. */
+ }
+ }
+ else if (IS_KEY_SIG (sig))
+ {
+ rc = check_key_signature (keyblock, n, NULL);
+ if ( rc )
+ {
+ if (opt.verbose)
+ log_info (gpg_err_code (rc) == G10ERR_PUBKEY_ALGO ?
+ _("key %s: unsupported public key algorithm\n"):
+ _("key %s: invalid direct key signature\n"),
+ keystr (keyid));
+ n->flag |= 4;
+ }
+ }
+ else if ( IS_SUBKEY_SIG (sig) )
+ {
+ /* Note that this works based solely on the timestamps like
+ the rest of gpg. If the standard gets revocation
+ targets, this may need to be revised. */
+
+ if ( !knode )
+ {
+ if (opt.verbose)
+ log_info (_("key %s: no subkey for key binding\n"),
+ keystr (keyid));
+ n->flag |= 4; /* delete this */
+ }
+ else
+ {
+ rc = check_key_signature (keyblock, n, NULL);
+ if ( rc )
+ {
+ if (opt.verbose)
+ log_info (gpg_err_code (rc) == G10ERR_PUBKEY_ALGO ?
+ _("key %s: unsupported public key"
+ " algorithm\n"):
+ _("key %s: invalid subkey binding\n"),
+ keystr (keyid));
+ n->flag |= 4;
+ }
+ else
+ {
+ /* It's valid, so is it newer? */
+ if (sig->timestamp >= bsdate)
+ {
+ knode->flag |= 1; /* The subkey is valid. */
+ if (bsnode)
+ {
+ /* Delete the last binding sig since this
+ one is newer */
+ bsnode->flag |= 4;
+ if (opt.verbose)
+ log_info (_("key %s: removed multiple subkey"
+ " binding\n"),keystr(keyid));
+ }
+
+ bsnode = n;
+ bsdate = sig->timestamp;
+ }
+ else
+ n->flag |= 4; /* older */
+ }
+ }
+ }
+ else if ( IS_SUBKEY_REV (sig) )
+ {
+ /* We don't actually mark the subkey as revoked right now,
+ so just check that the revocation sig is the most recent
+ valid one. Note that we don't care if the binding sig is
+ newer than the revocation sig. See the comment in
+ getkey.c:merge_selfsigs_subkey for more. */
+ if ( !knode )
+ {
+ if (opt.verbose)
+ log_info (_("key %s: no subkey for key revocation\n"),
+ keystr(keyid));
+ n->flag |= 4; /* delete this */
+ }
+ else
+ {
+ rc = check_key_signature (keyblock, n, NULL);
+ if ( rc )
+ {
+ if(opt.verbose)
+ log_info (gpg_err_code (rc) == G10ERR_PUBKEY_ALGO ?
+ _("key %s: unsupported public"
+ " key algorithm\n"):
+ _("key %s: invalid subkey revocation\n"),
+ keystr(keyid));
+ n->flag |= 4;
+ }
+ else
+ {
+ /* It's valid, so is it newer? */
+ if (sig->timestamp >= rsdate)
+ {
+ if (rsnode)
+ {
+ /* Delete the last revocation sig since
+ this one is newer. */
+ rsnode->flag |= 4;
+ if (opt.verbose)
+ log_info (_("key %s: removed multiple subkey"
+ " revocation\n"),keystr(keyid));
+ }
+
+ rsnode = n;
+ rsdate = sig->timestamp;
+ }
+ else
+ n->flag |= 4; /* older */
+ }
+ }
+ }
+ }
+
+ return 0;
+}
+
+/****************
+ * delete all parts which are invalid and those signatures whose
+ * public key algorithm is not available in this implemenation;
+ * but consider RSA as valid, because parse/build_packets knows
+ * about it.
+ * returns: true if at least one valid user-id is left over.
+ */
+static int
+delete_inv_parts( const char *fname, KBNODE keyblock,
+ u32 *keyid, unsigned int options)
+{
+ KBNODE node;
+ int nvalid=0, uid_seen=0, subkey_seen=0;
+
+ (void)fname;
+
+ for(node=keyblock->next; node; node = node->next ) {
+ if( node->pkt->pkttype == PKT_USER_ID ) {
+ uid_seen = 1;
+ if( (node->flag & 2) || !(node->flag & 1) ) {
+ if( opt.verbose )
+ {
+ char *p=utf8_to_native(node->pkt->pkt.user_id->name,
+ node->pkt->pkt.user_id->len,0);
+ log_info( _("key %s: skipped user ID \"%s\"\n"),
+ keystr(keyid),p);
+ xfree(p);
+ }
+ delete_kbnode( node ); /* the user-id */
+ /* and all following packets up to the next user-id */
+ while( node->next
+ && node->next->pkt->pkttype != PKT_USER_ID
+ && node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY
+ && node->next->pkt->pkttype != PKT_SECRET_SUBKEY ){
+ delete_kbnode( node->next );
+ node = node->next;
+ }
+ }
+ else
+ nvalid++;
+ }
+ else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ if( (node->flag & 2) || !(node->flag & 1) ) {
+ if( opt.verbose )
+ log_info( _("key %s: skipped subkey\n"),keystr(keyid));
+
+ delete_kbnode( node ); /* the subkey */
+ /* and all following signature packets */
+ while( node->next
+ && node->next->pkt->pkttype == PKT_SIGNATURE ) {
+ delete_kbnode( node->next );
+ node = node->next;
+ }
+ }
+ else
+ subkey_seen = 1;
+ }
+ else if (node->pkt->pkttype == PKT_SIGNATURE
+ && openpgp_pk_test_algo (node->pkt->pkt.signature->pubkey_algo)
+ && node->pkt->pkt.signature->pubkey_algo != PUBKEY_ALGO_RSA )
+ delete_kbnode( node ); /* build_packet() can't handle this */
+ else if( node->pkt->pkttype == PKT_SIGNATURE &&
+ !node->pkt->pkt.signature->flags.exportable &&
+ !(options&IMPORT_LOCAL_SIGS) &&
+ seckey_available( node->pkt->pkt.signature->keyid ) )
+ {
+ /* here we violate the rfc a bit by still allowing
+ * to import non-exportable signature when we have the
+ * the secret key used to create this signature - it
+ * seems that this makes sense */
+ if(opt.verbose)
+ log_info( _("key %s: non exportable signature"
+ " (class 0x%02X) - skipped\n"),
+ keystr(keyid), node->pkt->pkt.signature->sig_class );
+ delete_kbnode( node );
+ }
+ else if( node->pkt->pkttype == PKT_SIGNATURE
+ && node->pkt->pkt.signature->sig_class == 0x20 ) {
+ if( uid_seen )
+ {
+ if(opt.verbose)
+ log_info( _("key %s: revocation certificate"
+ " at wrong place - skipped\n"),keystr(keyid));
+ delete_kbnode( node );
+ }
+ else {
+ /* If the revocation cert is from a different key than
+ the one we're working on don't check it - it's
+ probably from a revocation key and won't be
+ verifiable with this key anyway. */
+
+ if(node->pkt->pkt.signature->keyid[0]==keyid[0] &&
+ node->pkt->pkt.signature->keyid[1]==keyid[1])
+ {
+ int rc = check_key_signature( keyblock, node, NULL);
+ if( rc )
+ {
+ if(opt.verbose)
+ log_info( _("key %s: invalid revocation"
+ " certificate: %s - skipped\n"),
+ keystr(keyid), g10_errstr(rc));
+ delete_kbnode( node );
+ }
+ }
+ }
+ }
+ else if( node->pkt->pkttype == PKT_SIGNATURE &&
+ (node->pkt->pkt.signature->sig_class == 0x18 ||
+ node->pkt->pkt.signature->sig_class == 0x28) &&
+ !subkey_seen )
+ {
+ if(opt.verbose)
+ log_info( _("key %s: subkey signature"
+ " in wrong place - skipped\n"), keystr(keyid));
+ delete_kbnode( node );
+ }
+ else if( node->pkt->pkttype == PKT_SIGNATURE
+ && !IS_CERT(node->pkt->pkt.signature))
+ {
+ if(opt.verbose)
+ log_info(_("key %s: unexpected signature class (0x%02X) -"
+ " skipped\n"),keystr(keyid),
+ node->pkt->pkt.signature->sig_class);
+ delete_kbnode(node);
+ }
+ else if( (node->flag & 4) ) /* marked for deletion */
+ delete_kbnode( node );
+ }
+
+ /* note: because keyblock is the public key, it is never marked
+ * for deletion and so keyblock cannot change */
+ commit_kbnode( &keyblock );
+ return nvalid;
+}
+
+
+/****************
+ * It may happen that the imported keyblock has duplicated user IDs.
+ * We check this here and collapse those user IDs together with their
+ * sigs into one.
+ * Returns: True if the keyblock has changed.
+ */
+int
+collapse_uids( KBNODE *keyblock )
+{
+ KBNODE uid1;
+ int any=0;
+
+ for(uid1=*keyblock;uid1;uid1=uid1->next)
+ {
+ KBNODE uid2;
+
+ if(is_deleted_kbnode(uid1))
+ continue;
+
+ if(uid1->pkt->pkttype!=PKT_USER_ID)
+ continue;
+
+ for(uid2=uid1->next;uid2;uid2=uid2->next)
+ {
+ if(is_deleted_kbnode(uid2))
+ continue;
+
+ if(uid2->pkt->pkttype!=PKT_USER_ID)
+ continue;
+
+ if(cmp_user_ids(uid1->pkt->pkt.user_id,
+ uid2->pkt->pkt.user_id)==0)
+ {
+ /* We have a duplicated uid */
+ KBNODE sig1,last;
+
+ any=1;
+
+ /* Now take uid2's signatures, and attach them to
+ uid1 */
+ for(last=uid2;last->next;last=last->next)
+ {
+ if(is_deleted_kbnode(last))
+ continue;
+
+ if(last->next->pkt->pkttype==PKT_USER_ID
+ || last->next->pkt->pkttype==PKT_PUBLIC_SUBKEY
+ || last->next->pkt->pkttype==PKT_SECRET_SUBKEY)
+ break;
+ }
+
+ /* Snip out uid2 */
+ (find_prev_kbnode(*keyblock,uid2,0))->next=last->next;
+
+ /* Now put uid2 in place as part of uid1 */
+ last->next=uid1->next;
+ uid1->next=uid2;
+ delete_kbnode(uid2);
+
+ /* Now dedupe uid1 */
+ for(sig1=uid1->next;sig1;sig1=sig1->next)
+ {
+ KBNODE sig2;
+
+ if(is_deleted_kbnode(sig1))
+ continue;
+
+ if(sig1->pkt->pkttype==PKT_USER_ID
+ || sig1->pkt->pkttype==PKT_PUBLIC_SUBKEY
+ || sig1->pkt->pkttype==PKT_SECRET_SUBKEY)
+ break;
+
+ if(sig1->pkt->pkttype!=PKT_SIGNATURE)
+ continue;
+
+ for(sig2=sig1->next,last=sig1;sig2;last=sig2,sig2=sig2->next)
+ {
+ if(is_deleted_kbnode(sig2))
+ continue;
+
+ if(sig2->pkt->pkttype==PKT_USER_ID
+ || sig2->pkt->pkttype==PKT_PUBLIC_SUBKEY
+ || sig2->pkt->pkttype==PKT_SECRET_SUBKEY)
+ break;
+
+ if(sig2->pkt->pkttype!=PKT_SIGNATURE)
+ continue;
+
+ if(cmp_signatures(sig1->pkt->pkt.signature,
+ sig2->pkt->pkt.signature)==0)
+ {
+ /* We have a match, so delete the second
+ signature */
+ delete_kbnode(sig2);
+ sig2=last;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ commit_kbnode(keyblock);
+
+ if(any && !opt.quiet)
+ {
+ const char *key="???";
+
+ if( (uid1=find_kbnode( *keyblock, PKT_PUBLIC_KEY )) )
+ key=keystr_from_pk(uid1->pkt->pkt.public_key);
+ else if( (uid1 = find_kbnode( *keyblock, PKT_SECRET_KEY )) )
+ key=keystr_from_sk(uid1->pkt->pkt.secret_key);
+
+ log_info(_("key %s: duplicated user ID detected - merged\n"),key);
+ }
+
+ return any;
+}
+
+/* Check for a 0x20 revocation from a revocation key that is not
+ present. This may be called without the benefit of merge_xxxx so
+ you can't rely on pk->revkey and friends. */
+static void
+revocation_present(KBNODE keyblock)
+{
+ KBNODE onode,inode;
+ PKT_public_key *pk=keyblock->pkt->pkt.public_key;
+
+ for(onode=keyblock->next;onode;onode=onode->next)
+ {
+ /* If we reach user IDs, we're done. */
+ if(onode->pkt->pkttype==PKT_USER_ID)
+ break;
+
+ if(onode->pkt->pkttype==PKT_SIGNATURE &&
+ onode->pkt->pkt.signature->sig_class==0x1F &&
+ onode->pkt->pkt.signature->revkey)
+ {
+ int idx;
+ PKT_signature *sig=onode->pkt->pkt.signature;
+
+ for(idx=0;idx<sig->numrevkeys;idx++)
+ {
+ u32 keyid[2];
+
+ keyid_from_fingerprint(sig->revkey[idx]->fpr,
+ MAX_FINGERPRINT_LEN,keyid);
+
+ for(inode=keyblock->next;inode;inode=inode->next)
+ {
+ /* If we reach user IDs, we're done. */
+ if(inode->pkt->pkttype==PKT_USER_ID)
+ break;
+
+ if(inode->pkt->pkttype==PKT_SIGNATURE &&
+ inode->pkt->pkt.signature->sig_class==0x20 &&
+ inode->pkt->pkt.signature->keyid[0]==keyid[0] &&
+ inode->pkt->pkt.signature->keyid[1]==keyid[1])
+ {
+ /* Okay, we have a revocation key, and a
+ revocation issued by it. Do we have the key
+ itself? */
+ int rc;
+
+ rc=get_pubkey_byfprint_fast (NULL,sig->revkey[idx]->fpr,
+ MAX_FINGERPRINT_LEN);
+ if(rc==G10ERR_NO_PUBKEY || rc==G10ERR_UNU_PUBKEY)
+ {
+ char *tempkeystr=xstrdup(keystr_from_pk(pk));
+
+ /* No, so try and get it */
+ if(opt.keyserver
+ && (opt.keyserver_options.options
+ & KEYSERVER_AUTO_KEY_RETRIEVE))
+ {
+ log_info(_("WARNING: key %s may be revoked:"
+ " fetching revocation key %s\n"),
+ tempkeystr,keystr(keyid));
+ keyserver_import_fprint(sig->revkey[idx]->fpr,
+ MAX_FINGERPRINT_LEN,
+ opt.keyserver);
+
+ /* Do we have it now? */
+ rc=get_pubkey_byfprint_fast (NULL,
+ sig->revkey[idx]->fpr,
+ MAX_FINGERPRINT_LEN);
+ }
+
+ if(rc==G10ERR_NO_PUBKEY || rc==G10ERR_UNU_PUBKEY)
+ log_info(_("WARNING: key %s may be revoked:"
+ " revocation key %s not present.\n"),
+ tempkeystr,keystr(keyid));
+
+ xfree(tempkeystr);
+ }
+ }
+ }
+ }
+ }
+ }
+}
+
+/****************
+ * compare and merge the blocks
+ *
+ * o compare the signatures: If we already have this signature, check
+ * that they compare okay; if not, issue a warning and ask the user.
+ * o Simply add the signature. Can't verify here because we may not have
+ * the signature's public key yet; verification is done when putting it
+ * into the trustdb, which is done automagically as soon as this pubkey
+ * is used.
+ * Note: We indicate newly inserted packets with flag bit 0
+ */
+static int
+merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock,
+ u32 *keyid, int *n_uids, int *n_sigs, int *n_subk )
+{
+ KBNODE onode, node;
+ int rc, found;
+
+ /* 1st: handle revocation certificates */
+ for(node=keyblock->next; node; node=node->next ) {
+ if( node->pkt->pkttype == PKT_USER_ID )
+ break;
+ else if( node->pkt->pkttype == PKT_SIGNATURE
+ && node->pkt->pkt.signature->sig_class == 0x20 ) {
+ /* check whether we already have this */
+ found = 0;
+ for(onode=keyblock_orig->next; onode; onode=onode->next ) {
+ if( onode->pkt->pkttype == PKT_USER_ID )
+ break;
+ else if( onode->pkt->pkttype == PKT_SIGNATURE
+ && onode->pkt->pkt.signature->sig_class == 0x20
+ && !cmp_signatures(onode->pkt->pkt.signature,
+ node->pkt->pkt.signature))
+ {
+ found = 1;
+ break;
+ }
+ }
+ if( !found ) {
+ KBNODE n2 = clone_kbnode(node);
+ insert_kbnode( keyblock_orig, n2, 0 );
+ n2->flag |= 1;
+ ++*n_sigs;
+ if(!opt.quiet)
+ {
+ char *p=get_user_id_native (keyid);
+ log_info(_("key %s: \"%s\" revocation"
+ " certificate added\n"), keystr(keyid),p);
+ xfree(p);
+ }
+ }
+ }
+ }
+
+ /* 2nd: merge in any direct key (0x1F) sigs */
+ for(node=keyblock->next; node; node=node->next ) {
+ if( node->pkt->pkttype == PKT_USER_ID )
+ break;
+ else if( node->pkt->pkttype == PKT_SIGNATURE
+ && node->pkt->pkt.signature->sig_class == 0x1F ) {
+ /* check whether we already have this */
+ found = 0;
+ for(onode=keyblock_orig->next; onode; onode=onode->next ) {
+ if( onode->pkt->pkttype == PKT_USER_ID )
+ break;
+ else if( onode->pkt->pkttype == PKT_SIGNATURE
+ && onode->pkt->pkt.signature->sig_class == 0x1F
+ && !cmp_signatures(onode->pkt->pkt.signature,
+ node->pkt->pkt.signature)) {
+ found = 1;
+ break;
+ }
+ }
+ if( !found )
+ {
+ KBNODE n2 = clone_kbnode(node);
+ insert_kbnode( keyblock_orig, n2, 0 );
+ n2->flag |= 1;
+ ++*n_sigs;
+ if(!opt.quiet)
+ log_info( _("key %s: direct key signature added\n"),
+ keystr(keyid));
+ }
+ }
+ }
+
+ /* 3rd: try to merge new certificates in */
+ for(onode=keyblock_orig->next; onode; onode=onode->next ) {
+ if( !(onode->flag & 1) && onode->pkt->pkttype == PKT_USER_ID) {
+ /* find the user id in the imported keyblock */
+ for(node=keyblock->next; node; node=node->next )
+ if( node->pkt->pkttype == PKT_USER_ID
+ && !cmp_user_ids( onode->pkt->pkt.user_id,
+ node->pkt->pkt.user_id ) )
+ break;
+ if( node ) { /* found: merge */
+ rc = merge_sigs( onode, node, n_sigs, fname, keyid );
+ if( rc )
+ return rc;
+ }
+ }
+ }
+
+ /* 4th: add new user-ids */
+ for(node=keyblock->next; node; node=node->next ) {
+ if( node->pkt->pkttype == PKT_USER_ID) {
+ /* do we have this in the original keyblock */
+ for(onode=keyblock_orig->next; onode; onode=onode->next )
+ if( onode->pkt->pkttype == PKT_USER_ID
+ && !cmp_user_ids( onode->pkt->pkt.user_id,
+ node->pkt->pkt.user_id ) )
+ break;
+ if( !onode ) { /* this is a new user id: append */
+ rc = append_uid( keyblock_orig, node, n_sigs, fname, keyid);
+ if( rc )
+ return rc;
+ ++*n_uids;
+ }
+ }
+ }
+
+ /* 5th: add new subkeys */
+ for(node=keyblock->next; node; node=node->next ) {
+ onode = NULL;
+ if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ /* do we have this in the original keyblock? */
+ for(onode=keyblock_orig->next; onode; onode=onode->next )
+ if( onode->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ && !cmp_public_keys( onode->pkt->pkt.public_key,
+ node->pkt->pkt.public_key ) )
+ break;
+ if( !onode ) { /* this is a new subkey: append */
+ rc = append_key( keyblock_orig, node, n_sigs, fname, keyid);
+ if( rc )
+ return rc;
+ ++*n_subk;
+ }
+ }
+ else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ /* do we have this in the original keyblock? */
+ for(onode=keyblock_orig->next; onode; onode=onode->next )
+ if( onode->pkt->pkttype == PKT_SECRET_SUBKEY
+ && !cmp_secret_keys( onode->pkt->pkt.secret_key,
+ node->pkt->pkt.secret_key ) )
+ break;
+ if( !onode ) { /* this is a new subkey: append */
+ rc = append_key( keyblock_orig, node, n_sigs, fname, keyid);
+ if( rc )
+ return rc;
+ ++*n_subk;
+ }
+ }
+ }
+
+ /* 6th: merge subkey certificates */
+ for(onode=keyblock_orig->next; onode; onode=onode->next ) {
+ if( !(onode->flag & 1)
+ && ( onode->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || onode->pkt->pkttype == PKT_SECRET_SUBKEY) ) {
+ /* find the subkey in the imported keyblock */
+ for(node=keyblock->next; node; node=node->next ) {
+ if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ && !cmp_public_keys( onode->pkt->pkt.public_key,
+ node->pkt->pkt.public_key ) )
+ break;
+ else if( node->pkt->pkttype == PKT_SECRET_SUBKEY
+ && !cmp_secret_keys( onode->pkt->pkt.secret_key,
+ node->pkt->pkt.secret_key ) )
+ break;
+ }
+ if( node ) { /* found: merge */
+ rc = merge_keysigs( onode, node, n_sigs, fname, keyid );
+ if( rc )
+ return rc;
+ }
+ }
+ }
+
+
+ return 0;
+}
+
+
+/****************
+ * append the userid starting with NODE and all signatures to KEYBLOCK.
+ */
+static int
+append_uid (KBNODE keyblock, KBNODE node, int *n_sigs,
+ const char *fname, u32 *keyid )
+{
+ KBNODE n, n_where=NULL;
+
+ (void)fname;
+ (void)keyid;
+
+ assert(node->pkt->pkttype == PKT_USER_ID );
+
+ /* find the position */
+ for( n = keyblock; n; n_where = n, n = n->next ) {
+ if( n->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || n->pkt->pkttype == PKT_SECRET_SUBKEY )
+ break;
+ }
+ if( !n )
+ n_where = NULL;
+
+ /* and append/insert */
+ while( node ) {
+ /* we add a clone to the original keyblock, because this
+ * one is released first */
+ n = clone_kbnode(node);
+ if( n_where ) {
+ insert_kbnode( n_where, n, 0 );
+ n_where = n;
+ }
+ else
+ add_kbnode( keyblock, n );
+ n->flag |= 1;
+ node->flag |= 1;
+ if( n->pkt->pkttype == PKT_SIGNATURE )
+ ++*n_sigs;
+
+ node = node->next;
+ if( node && node->pkt->pkttype != PKT_SIGNATURE )
+ break;
+ }
+
+ return 0;
+}
+
+
+/****************
+ * Merge the sigs from SRC onto DST. SRC and DST are both a PKT_USER_ID.
+ * (how should we handle comment packets here?)
+ */
+static int
+merge_sigs( KBNODE dst, KBNODE src, int *n_sigs,
+ const char *fname, u32 *keyid )
+{
+ KBNODE n, n2;
+ int found=0;
+
+ (void)fname;
+ (void)keyid;
+
+ assert(dst->pkt->pkttype == PKT_USER_ID );
+ assert(src->pkt->pkttype == PKT_USER_ID );
+
+ for(n=src->next; n && n->pkt->pkttype != PKT_USER_ID; n = n->next ) {
+ if( n->pkt->pkttype != PKT_SIGNATURE )
+ continue;
+ if( n->pkt->pkt.signature->sig_class == 0x18
+ || n->pkt->pkt.signature->sig_class == 0x28 )
+ continue; /* skip signatures which are only valid on subkeys */
+ found = 0;
+ for(n2=dst->next; n2 && n2->pkt->pkttype != PKT_USER_ID; n2 = n2->next)
+ if(!cmp_signatures(n->pkt->pkt.signature,n2->pkt->pkt.signature))
+ {
+ found++;
+ break;
+ }
+ if( !found ) {
+ /* This signature is new or newer, append N to DST.
+ * We add a clone to the original keyblock, because this
+ * one is released first */
+ n2 = clone_kbnode(n);
+ insert_kbnode( dst, n2, PKT_SIGNATURE );
+ n2->flag |= 1;
+ n->flag |= 1;
+ ++*n_sigs;
+ }
+ }
+
+ return 0;
+}
+
+/****************
+ * Merge the sigs from SRC onto DST. SRC and DST are both a PKT_xxx_SUBKEY.
+ */
+static int
+merge_keysigs (KBNODE dst, KBNODE src, int *n_sigs,
+ const char *fname, u32 *keyid)
+{
+ KBNODE n, n2;
+ int found=0;
+
+ (void)fname;
+ (void)keyid;
+
+ assert( dst->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || dst->pkt->pkttype == PKT_SECRET_SUBKEY );
+
+ for(n=src->next; n ; n = n->next ) {
+ if( n->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || n->pkt->pkttype == PKT_PUBLIC_KEY )
+ break;
+ if( n->pkt->pkttype != PKT_SIGNATURE )
+ continue;
+ found = 0;
+ for(n2=dst->next; n2; n2 = n2->next){
+ if( n2->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || n2->pkt->pkttype == PKT_PUBLIC_KEY )
+ break;
+ if( n2->pkt->pkttype == PKT_SIGNATURE
+ && n->pkt->pkt.signature->keyid[0]
+ == n2->pkt->pkt.signature->keyid[0]
+ && n->pkt->pkt.signature->keyid[1]
+ == n2->pkt->pkt.signature->keyid[1]
+ && n->pkt->pkt.signature->timestamp
+ <= n2->pkt->pkt.signature->timestamp
+ && n->pkt->pkt.signature->sig_class
+ == n2->pkt->pkt.signature->sig_class ) {
+ found++;
+ break;
+ }
+ }
+ if( !found ) {
+ /* This signature is new or newer, append N to DST.
+ * We add a clone to the original keyblock, because this
+ * one is released first */
+ n2 = clone_kbnode(n);
+ insert_kbnode( dst, n2, PKT_SIGNATURE );
+ n2->flag |= 1;
+ n->flag |= 1;
+ ++*n_sigs;
+ }
+ }
+
+ return 0;
+}
+
+/****************
+ * append the subkey starting with NODE and all signatures to KEYBLOCK.
+ * Mark all new and copied packets by setting flag bit 0.
+ */
+static int
+append_key (KBNODE keyblock, KBNODE node, int *n_sigs,
+ const char *fname, u32 *keyid)
+{
+ KBNODE n;
+
+ (void)fname;
+ (void)keyid;
+
+ assert( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY );
+
+ while( node ) {
+ /* we add a clone to the original keyblock, because this
+ * one is released first */
+ n = clone_kbnode(node);
+ add_kbnode( keyblock, n );
+ n->flag |= 1;
+ node->flag |= 1;
+ if( n->pkt->pkttype == PKT_SIGNATURE )
+ ++*n_sigs;
+
+ node = node->next;
+ if( node && node->pkt->pkttype != PKT_SIGNATURE )
+ break;
+ }
+
+ return 0;
+}
+
+
+
+/* Walk a public keyblock and produce a secret keyblock out of it.
+ Instead of inserting the secret key parameters (which we don't
+ have), we insert a stub. */
+static KBNODE
+pub_to_sec_keyblock (KBNODE pub_keyblock)
+{
+ KBNODE pubnode, secnode;
+ KBNODE sec_keyblock = NULL;
+ KBNODE walkctx = NULL;
+
+ while((pubnode = walk_kbnode (pub_keyblock,&walkctx,0)))
+ {
+ if (pubnode->pkt->pkttype == PKT_PUBLIC_KEY
+ || pubnode->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ /* Make a secret key. We only need to convert enough to
+ write the keyblock out. */
+ PKT_public_key *pk = pubnode->pkt->pkt.public_key;
+ PACKET *pkt = xmalloc_clear (sizeof *pkt);
+ PKT_secret_key *sk = xmalloc_clear (sizeof *sk);
+ int i, n;
+
+ if (pubnode->pkt->pkttype == PKT_PUBLIC_KEY)
+ pkt->pkttype = PKT_SECRET_KEY;
+ else
+ pkt->pkttype = PKT_SECRET_SUBKEY;
+
+ pkt->pkt.secret_key = sk;
+
+ copy_public_parts_to_secret_key ( pk, sk );
+ sk->version = pk->version;
+ sk->timestamp = pk->timestamp;
+
+ n = pubkey_get_npkey (pk->pubkey_algo);
+ if (!n)
+ n = 1; /* Unknown number of parameters, however the data
+ is stored in the first mpi. */
+ for (i=0; i < n; i++ )
+ sk->skey[i] = mpi_copy (pk->pkey[i]);
+
+ sk->is_protected = 1;
+ sk->protect.s2k.mode = 1001;
+
+ secnode = new_kbnode (pkt);
+ }
+ else
+ {
+ secnode = clone_kbnode (pubnode);
+ }
+
+ if(!sec_keyblock)
+ sec_keyblock = secnode;
+ else
+ add_kbnode (sec_keyblock, secnode);
+ }
+
+ return sec_keyblock;
+}
+
+
+/* Walk over the secret keyring SEC_KEYBLOCK and update any simple
+ stub keys with the serial number SNNUM of the card if one of the
+ fingerprints FPR1, FPR2 or FPR3 match. Print a note if the key is
+ a duplicate (may happen in case of backed uped keys).
+
+ Returns: True if anything changed.
+*/
+static int
+update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock,
+ const unsigned char *fpr1,
+ const unsigned char *fpr2,
+ const unsigned char *fpr3,
+ const char *serialnostr)
+{
+ KBNODE node;
+ KBNODE walkctx = NULL;
+ PKT_secret_key *sk;
+ byte array[MAX_FINGERPRINT_LEN];
+ size_t n;
+ int result = 0;
+ const char *s;
+
+ while((node = walk_kbnode (sec_keyblock, &walkctx, 0)))
+ {
+ if (node->pkt->pkttype != PKT_SECRET_KEY
+ && node->pkt->pkttype != PKT_SECRET_SUBKEY)
+ continue;
+ sk = node->pkt->pkt.secret_key;
+
+ fingerprint_from_sk (sk, array, &n);
+ if (n != 20)
+ continue; /* Can't be a card key. */
+ if ( !((fpr1 && !memcmp (array, fpr1, 20))
+ || (fpr2 && !memcmp (array, fpr2, 20))
+ || (fpr3 && !memcmp (array, fpr3, 20))) )
+ continue; /* No match. */
+
+ if (sk->is_protected == 1 && sk->protect.s2k.mode == 1001)
+ {
+ /* Standard case: migrate that stub to a key stub. */
+ sk->protect.s2k.mode = 1002;
+ s = serialnostr;
+ for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
+ sk->protect.ivlen++, s += 2)
+ sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
+ result = 1;
+ }
+ else if (sk->is_protected == 1 && sk->protect.s2k.mode == 1002)
+ {
+ s = serialnostr;
+ for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
+ sk->protect.ivlen++, s += 2)
+ if (sk->protect.iv[sk->protect.ivlen] != xtoi_2 (s))
+ {
+ log_info (_("NOTE: a key's S/N does not "
+ "match the card's one\n"));
+ break;
+ }
+ }
+ else
+ {
+ if (node->pkt->pkttype != PKT_SECRET_KEY)
+ log_info (_("NOTE: primary key is online and stored on card\n"));
+ else
+ log_info (_("NOTE: secondary key is online and stored on card\n"));
+ }
+ }
+
+ return result;
+}
+
+
+
+/* Check whether a secret key stub exists for the public key PK. If
+ not create such a stub key and store it into the secring. If it
+ exists, add appropriate subkey stubs and update the secring.
+ Return 0 if the key could be created. */
+int
+auto_create_card_key_stub ( const char *serialnostr,
+ const unsigned char *fpr1,
+ const unsigned char *fpr2,
+ const unsigned char *fpr3)
+{
+ KBNODE pub_keyblock;
+ KBNODE sec_keyblock;
+ KEYDB_HANDLE hd;
+ int rc;
+
+ /* We only want to do this for an OpenPGP card. */
+ if (!serialnostr || strncmp (serialnostr, "D27600012401", 12)
+ || strlen (serialnostr) != 32 )
+ return G10ERR_GENERAL;
+
+ /* First get the public keyring from any of the provided fingerprints. */
+ if ( (fpr1 && !get_keyblock_byfprint (&pub_keyblock, fpr1, 20))
+ || (fpr2 && !get_keyblock_byfprint (&pub_keyblock, fpr2, 20))
+ || (fpr3 && !get_keyblock_byfprint (&pub_keyblock, fpr3, 20)))
+ ;
+ else
+ return G10ERR_GENERAL;
+
+ hd = keydb_new (1);
+
+ /* Now check whether there is a secret keyring. */
+ {
+ PKT_public_key *pk = pub_keyblock->pkt->pkt.public_key;
+ byte afp[MAX_FINGERPRINT_LEN];
+ size_t an;
+
+ fingerprint_from_pk (pk, afp, &an);
+ if (an < MAX_FINGERPRINT_LEN)
+ memset (afp+an, 0, MAX_FINGERPRINT_LEN-an);
+ rc = keydb_search_fpr (hd, afp);
+ }
+
+ if (!rc)
+ {
+ rc = keydb_get_keyblock (hd, &sec_keyblock);
+ if (rc)
+ {
+ log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
+ rc = G10ERR_GENERAL;
+ }
+ else
+ {
+ merge_keys_and_selfsig (sec_keyblock);
+
+ /* FIXME: We need to add new subkeys first. */
+ if (update_sec_keyblock_with_cardinfo (sec_keyblock,
+ fpr1, fpr2, fpr3,
+ serialnostr))
+ {
+ rc = keydb_update_keyblock (hd, sec_keyblock );
+ if (rc)
+ log_error (_("error writing keyring `%s': %s\n"),
+ keydb_get_resource_name (hd), g10_errstr(rc) );
+ }
+ }
+ }
+ else /* A secret key does not exists - create it. */
+ {
+ sec_keyblock = pub_to_sec_keyblock (pub_keyblock);
+ update_sec_keyblock_with_cardinfo (sec_keyblock,
+ fpr1, fpr2, fpr3,
+ serialnostr);
+
+ rc = keydb_locate_writable (hd, NULL);
+ if (rc)
+ {
+ log_error (_("no default secret keyring: %s\n"), g10_errstr (rc));
+ rc = G10ERR_GENERAL;
+ }
+ else
+ {
+ rc = keydb_insert_keyblock (hd, sec_keyblock );
+ if (rc)
+ log_error (_("error writing keyring `%s': %s\n"),
+ keydb_get_resource_name (hd), g10_errstr(rc) );
+ }
+ }
+
+ release_kbnode (sec_keyblock);
+ release_kbnode (pub_keyblock);
+ keydb_release (hd);
+ return rc;
+}
diff --git a/g10/kbnode.c b/g10/kbnode.c
new file mode 100644
index 0000000..3d7d9be
--- /dev/null
+++ b/g10/kbnode.c
@@ -0,0 +1,398 @@
+/* kbnode.c - keyblock node utility functions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002,
+ * 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "packet.h"
+#include "keydb.h"
+
+#define USE_UNUSED_NODES 1
+
+static KBNODE unused_nodes;
+
+static KBNODE
+alloc_node(void)
+{
+ KBNODE n;
+
+ n = unused_nodes;
+ if( n )
+ unused_nodes = n->next;
+ else
+ n = xmalloc( sizeof *n );
+ n->next = NULL;
+ n->pkt = NULL;
+ n->flag = 0;
+ n->private_flag=0;
+ n->recno = 0;
+ return n;
+}
+
+static void
+free_node( KBNODE n )
+{
+ if( n ) {
+#if USE_UNUSED_NODES
+ n->next = unused_nodes;
+ unused_nodes = n;
+#else
+ xfree( n );
+#endif
+ }
+}
+
+
+
+KBNODE
+new_kbnode( PACKET *pkt )
+{
+ KBNODE n = alloc_node();
+ n->pkt = pkt;
+ return n;
+}
+
+
+KBNODE
+clone_kbnode( KBNODE node )
+{
+ KBNODE n = alloc_node();
+
+ n->pkt = node->pkt;
+ n->private_flag = node->private_flag | 2; /* mark cloned */
+ return n;
+}
+
+
+void
+release_kbnode( KBNODE n )
+{
+ KBNODE n2;
+
+ while( n ) {
+ n2 = n->next;
+ if( !is_cloned_kbnode(n) ) {
+ free_packet( n->pkt );
+ xfree( n->pkt );
+ }
+ free_node( n );
+ n = n2;
+ }
+}
+
+
+/****************
+ * Delete NODE.
+ * Note: This only works with walk_kbnode!!
+ */
+void
+delete_kbnode( KBNODE node )
+{
+ node->private_flag |= 1;
+}
+
+/****************
+ * Append NODE to ROOT. ROOT must exist!
+ */
+void
+add_kbnode( KBNODE root, KBNODE node )
+{
+ KBNODE n1;
+
+ for(n1=root; n1->next; n1 = n1->next)
+ ;
+ n1->next = node;
+}
+
+/****************
+ * Insert NODE into the list after root but before a packet which is not of
+ * type PKTTYPE
+ * (only if PKTTYPE != 0)
+ */
+void
+insert_kbnode( KBNODE root, KBNODE node, int pkttype )
+{
+ if( !pkttype ) {
+ node->next = root->next;
+ root->next = node;
+ }
+ else {
+ KBNODE n1;
+
+ for(n1=root; n1->next; n1 = n1->next)
+ if( pkttype != n1->next->pkt->pkttype ) {
+ node->next = n1->next;
+ n1->next = node;
+ return;
+ }
+ /* no such packet, append */
+ node->next = NULL;
+ n1->next = node;
+ }
+}
+
+
+/****************
+ * Find the previous node (if PKTTYPE = 0) or the previous node
+ * with pkttype PKTTYPE in the list starting with ROOT of NODE.
+ */
+KBNODE
+find_prev_kbnode( KBNODE root, KBNODE node, int pkttype )
+{
+ KBNODE n1;
+
+ for (n1=NULL; root && root != node; root = root->next ) {
+ if (!pkttype ||root->pkt->pkttype == pkttype)
+ n1 = root;
+ }
+ return n1;
+}
+
+/****************
+ * Ditto, but find the next packet. The behaviour is trivial if
+ * PKTTYPE is 0 but if it is specified, the next node with a packet
+ * of this type is returned. The function has some knowledge about
+ * the valid ordering of packets: e.g. if the next signature packet
+ * is requested, the function will not return one if it encounters
+ * a user-id.
+ */
+KBNODE
+find_next_kbnode( KBNODE node, int pkttype )
+{
+ for( node=node->next ; node; node = node->next ) {
+ if( !pkttype )
+ return node;
+ else if( pkttype == PKT_USER_ID
+ && ( node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_SECRET_KEY ) )
+ return NULL;
+ else if( pkttype == PKT_SIGNATURE
+ && ( node->pkt->pkttype == PKT_USER_ID
+ || node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_SECRET_KEY ) )
+ return NULL;
+ else if( node->pkt->pkttype == pkttype )
+ return node;
+ }
+ return NULL;
+}
+
+
+KBNODE
+find_kbnode( KBNODE node, int pkttype )
+{
+ for( ; node; node = node->next ) {
+ if( node->pkt->pkttype == pkttype )
+ return node;
+ }
+ return NULL;
+}
+
+
+
+/****************
+ * Walk through a list of kbnodes. This function returns
+ * the next kbnode for each call; before using the function the first
+ * time, the caller must set CONTEXT to NULL (This has simply the effect
+ * to start with ROOT).
+ */
+KBNODE
+walk_kbnode( KBNODE root, KBNODE *context, int all )
+{
+ KBNODE n;
+
+ do {
+ if( !*context ) {
+ *context = root;
+ n = root;
+ }
+ else {
+ n = (*context)->next;
+ *context = n;
+ }
+ } while( !all && n && is_deleted_kbnode(n) );
+
+ return n;
+}
+
+void
+clear_kbnode_flags( KBNODE n )
+{
+ for( ; n; n = n->next ) {
+ n->flag = 0;
+ }
+}
+
+
+/****************
+ * Commit changes made to the kblist at ROOT. Note that ROOT my change,
+ * and it is therefore passed by reference.
+ * The function has the effect of removing all nodes marked as deleted.
+ * returns true if any node has been changed
+ */
+int
+commit_kbnode( KBNODE *root )
+{
+ KBNODE n, nl;
+ int changed = 0;
+
+ for( n = *root, nl=NULL; n; n = nl->next ) {
+ if( is_deleted_kbnode(n) ) {
+ if( n == *root )
+ *root = nl = n->next;
+ else
+ nl->next = n->next;
+ if( !is_cloned_kbnode(n) ) {
+ free_packet( n->pkt );
+ xfree( n->pkt );
+ }
+ free_node( n );
+ changed = 1;
+ }
+ else
+ nl = n;
+ }
+ return changed;
+}
+
+void
+remove_kbnode( KBNODE *root, KBNODE node )
+{
+ KBNODE n, nl;
+
+ for( n = *root, nl=NULL; n; n = nl->next ) {
+ if( n == node ) {
+ if( n == *root )
+ *root = nl = n->next;
+ else
+ nl->next = n->next;
+ if( !is_cloned_kbnode(n) ) {
+ free_packet( n->pkt );
+ xfree( n->pkt );
+ }
+ free_node( n );
+ }
+ else
+ nl = n;
+ }
+}
+
+
+/****************
+ * Move NODE behind right after WHERE or to the beginning if WHERE is NULL.
+ */
+void
+move_kbnode( KBNODE *root, KBNODE node, KBNODE where )
+{
+ KBNODE tmp, prev;
+
+ if( !root || !*root || !node )
+ return; /* sanity check */
+ for( prev = *root; prev && prev->next != node; prev = prev->next )
+ ;
+ if( !prev )
+ return; /* node is not in the list */
+
+ if( !where ) { /* move node before root */
+ if( node == *root ) /* move to itself */
+ return;
+ prev->next = node->next;
+ node->next = *root;
+ *root = node;
+ return;
+ }
+ /* move it after where */
+ if( node == where )
+ return;
+ tmp = node->next;
+ node->next = where->next;
+ where->next = node;
+ prev->next = tmp;
+}
+
+
+
+
+void
+dump_kbnode( KBNODE node )
+{
+ for(; node; node = node->next ) {
+ const char *s;
+ switch( node->pkt->pkttype ) {
+ case 0: s="empty"; break;
+ case PKT_PUBLIC_KEY: s="public-key"; break;
+ case PKT_SECRET_KEY: s="secret-key"; break;
+ case PKT_SECRET_SUBKEY: s= "secret-subkey"; break;
+ case PKT_PUBKEY_ENC: s="public-enc"; break;
+ case PKT_SIGNATURE: s="signature"; break;
+ case PKT_ONEPASS_SIG: s="onepass-sig"; break;
+ case PKT_USER_ID: s="user-id"; break;
+ case PKT_PUBLIC_SUBKEY: s="public-subkey"; break;
+ case PKT_COMMENT: s="comment"; break;
+ case PKT_RING_TRUST: s="trust"; break;
+ case PKT_PLAINTEXT: s="plaintext"; break;
+ case PKT_COMPRESSED: s="compressed"; break;
+ case PKT_ENCRYPTED: s="encrypted"; break;
+ case PKT_GPG_CONTROL: s="gpg-control"; break;
+ default: s="unknown"; break;
+ }
+ fprintf(stderr, "node %p %02x/%02x type=%s",
+ node, node->flag, node->private_flag, s);
+ if( node->pkt->pkttype == PKT_USER_ID ) {
+ PKT_user_id *uid = node->pkt->pkt.user_id;
+ fputs(" \"", stderr);
+ print_string( stderr, uid->name, uid->len, 0 );
+ fprintf (stderr, "\" %c%c%c%c\n",
+ uid->is_expired? 'e':'.',
+ uid->is_revoked? 'r':'.',
+ uid->created? 'v':'.',
+ uid->is_primary? 'p':'.' );
+ }
+ else if( node->pkt->pkttype == PKT_SIGNATURE ) {
+ fprintf(stderr, " class=%02x keyid=%08lX ts=%lu\n",
+ node->pkt->pkt.signature->sig_class,
+ (ulong)node->pkt->pkt.signature->keyid[1],
+ (ulong)node->pkt->pkt.signature->timestamp);
+ }
+ else if( node->pkt->pkttype == PKT_GPG_CONTROL ) {
+ fprintf(stderr, " ctrl=%d len=%u\n",
+ node->pkt->pkt.gpg_control->control,
+ (unsigned int)node->pkt->pkt.gpg_control->datalen);
+ }
+ else if( node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ PKT_public_key *pk = node->pkt->pkt.public_key;
+ fprintf(stderr, " keyid=%08lX a=%d u=%d %c%c%c%c\n",
+ (ulong)keyid_from_pk( pk, NULL ),
+ pk->pubkey_algo, pk->pubkey_usage,
+ pk->has_expired? 'e':'.',
+ pk->is_revoked? 'r':'.',
+ pk->is_valid? 'v':'.',
+ pk->mdc_feature? 'm':'.');
+ }
+ else
+ fputs("\n", stderr);
+ }
+}
diff --git a/g10/keydb.c b/g10/keydb.c
new file mode 100644
index 0000000..398be19
--- /dev/null
+++ b/g10/keydb.c
@@ -0,0 +1,828 @@
+/* keydb.c - key database dispatcher
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005,
+ * 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "options.h"
+#include "main.h" /*try_make_homedir ()*/
+#include "packet.h"
+#include "keyring.h"
+#include "keydb.h"
+#include "i18n.h"
+
+static int active_handles;
+
+typedef enum {
+ KEYDB_RESOURCE_TYPE_NONE = 0,
+ KEYDB_RESOURCE_TYPE_KEYRING
+} KeydbResourceType;
+#define MAX_KEYDB_RESOURCES 40
+
+struct resource_item {
+ KeydbResourceType type;
+ union {
+ KEYRING_HANDLE kr;
+ } u;
+ void *token;
+ int secret;
+};
+
+static struct resource_item all_resources[MAX_KEYDB_RESOURCES];
+static int used_resources;
+static void *primary_keyring=NULL;
+
+struct keydb_handle {
+ int locked;
+ int found;
+ int current;
+ int used; /* items in active */
+ struct resource_item active[MAX_KEYDB_RESOURCES];
+};
+
+
+static int lock_all (KEYDB_HANDLE hd);
+static void unlock_all (KEYDB_HANDLE hd);
+
+
+/* Handle the creation of a keyring if it does not yet exist. Take
+ into acount that other processes might have the keyring already
+ locked. This lock check does not work if the directory itself is
+ not yet available. */
+static int
+maybe_create_keyring (char *filename, int force)
+{
+ DOTLOCK lockhd = NULL;
+ IOBUF iobuf;
+ int rc;
+ mode_t oldmask;
+ char *last_slash_in_filename;
+ int save_slash;
+
+ /* A quick test whether the filename already exists. */
+ if (!access (filename, F_OK))
+ return 0;
+
+ /* If we don't want to create a new file at all, there is no need to
+ go any further - bail out right here. */
+ if (!force)
+ return gpg_error (GPG_ERR_ENOENT);
+
+ /* First of all we try to create the home directory. Note, that we
+ don't do any locking here because any sane application of gpg
+ would create the home directory by itself and not rely on gpg's
+ tricky auto-creation which is anyway only done for some home
+ directory name patterns. */
+ last_slash_in_filename = strrchr (filename, DIRSEP_C);
+#if HAVE_W32_SYSTEM
+ {
+ /* Windows may either have a slash or a backslash. Take care of it. */
+ char *p = strrchr (filename, '/');
+ if (!last_slash_in_filename || p > last_slash_in_filename)
+ last_slash_in_filename = p;
+ }
+#endif /*HAVE_W32_SYSTEM*/
+ if (!last_slash_in_filename)
+ return gpg_error (GPG_ERR_ENOENT); /* No slash at all - should
+ not happen though. */
+ save_slash = *last_slash_in_filename;
+ *last_slash_in_filename = 0;
+ if (access(filename, F_OK))
+ {
+ static int tried;
+
+ if (!tried)
+ {
+ tried = 1;
+ try_make_homedir (filename);
+ }
+ if (access (filename, F_OK))
+ {
+ rc = gpg_error_from_syserror ();
+ *last_slash_in_filename = save_slash;
+ goto leave;
+ }
+ }
+ *last_slash_in_filename = save_slash;
+
+ /* To avoid races with other instances of gpg trying to create or
+ update the keyring (it is removed during an update for a short
+ time), we do the next stuff in a locked state. */
+ lockhd = create_dotlock (filename);
+ if (!lockhd)
+ {
+ /* A reason for this to fail is that the directory is not
+ writable. However, this whole locking stuff does not make
+ sense if this is the case. An empty non-writable directory
+ with no keyring is not really useful at all. */
+ if (opt.verbose)
+ log_info ("can't allocate lock for `%s'\n", filename );
+
+ if (!force)
+ return gpg_error (GPG_ERR_ENOENT);
+ else
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+
+ if ( make_dotlock (lockhd, -1) )
+ {
+ /* This is something bad. Probably a stale lockfile. */
+ log_info ("can't lock `%s'\n", filename );
+ rc = G10ERR_GENERAL;
+ goto leave;
+ }
+
+ /* Now the real test while we are locked. */
+ if (!access(filename, F_OK))
+ {
+ rc = 0; /* Okay, we may access the file now. */
+ goto leave;
+ }
+
+ /* The file does not yet exist, create it now. */
+ oldmask = umask (077);
+ if (is_secured_filename (filename))
+ {
+ iobuf = NULL;
+ errno = EPERM;
+ }
+ else
+ iobuf = iobuf_create (filename);
+ umask (oldmask);
+ if (!iobuf)
+ {
+ rc = gpg_error_from_syserror ();
+ log_error ( _("error creating keyring `%s': %s\n"),
+ filename, strerror(errno));
+ goto leave;
+ }
+
+ if (!opt.quiet)
+ log_info (_("keyring `%s' created\n"), filename);
+
+ iobuf_close (iobuf);
+ /* Must invalidate that ugly cache */
+ iobuf_ioctl (NULL, 2, 0, filename);
+ rc = 0;
+
+ leave:
+ if (lockhd)
+ {
+ release_dotlock (lockhd);
+ destroy_dotlock (lockhd);
+ }
+ return rc;
+}
+
+
+/*
+ * Register a resource (which currently may only be a keyring file).
+ * The first keyring which is added by this function is
+ * created if it does not exist.
+ * Note: this function may be called before secure memory is
+ * available.
+ * Flag 1 - Force.
+ * Flag 2 - Mark resource as primary.
+ * Flag 4 - This is a default resources.
+ * Flag 8 - Open as read-only.
+ */
+int
+keydb_add_resource (const char *url, int flags, int secret)
+{
+ static int any_secret, any_public;
+ const char *resname = url;
+ char *filename = NULL;
+ int force = (flags&1);
+ int readonly = !!(flags&8);
+ int rc = 0;
+ KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE;
+ void *token;
+
+ if (readonly)
+ force = 0;
+
+ /* Do we have an URL?
+ * gnupg-ring:filename := this is a plain keyring
+ * filename := See what is is, but create as plain keyring.
+ */
+ if (strlen (resname) > 11) {
+ if (!strncmp( resname, "gnupg-ring:", 11) ) {
+ rt = KEYDB_RESOURCE_TYPE_KEYRING;
+ resname += 11;
+ }
+#if !defined(HAVE_DRIVE_LETTERS) && !defined(__riscos__)
+ else if (strchr (resname, ':')) {
+ log_error ("invalid key resource URL `%s'\n", url );
+ rc = G10ERR_GENERAL;
+ goto leave;
+ }
+#endif /* !HAVE_DRIVE_LETTERS && !__riscos__ */
+ }
+
+ if (*resname != DIRSEP_C ) { /* do tilde expansion etc */
+ if (strchr(resname, DIRSEP_C) )
+ filename = make_filename (resname, NULL);
+ else
+ filename = make_filename (opt.homedir, resname, NULL);
+ }
+ else
+ filename = xstrdup (resname);
+
+ if (!force && !readonly)
+ force = secret? !any_secret : !any_public;
+
+ /* See whether we can determine the filetype. */
+ if (rt == KEYDB_RESOURCE_TYPE_NONE) {
+ FILE *fp = fopen( filename, "rb" );
+
+ if (fp) {
+ u32 magic;
+
+ if (fread( &magic, 4, 1, fp) == 1 ) {
+ if (magic == 0x13579ace || magic == 0xce9a5713)
+ ; /* GDBM magic - no more support */
+ else
+ rt = KEYDB_RESOURCE_TYPE_KEYRING;
+ }
+ else /* maybe empty: assume ring */
+ rt = KEYDB_RESOURCE_TYPE_KEYRING;
+ fclose( fp );
+ }
+ else /* no file yet: create ring */
+ rt = KEYDB_RESOURCE_TYPE_KEYRING;
+ }
+
+ switch (rt) {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ log_error ("unknown type of key resource `%s'\n", url );
+ rc = G10ERR_GENERAL;
+ goto leave;
+
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ rc = maybe_create_keyring (filename, force);
+ if (rc)
+ goto leave;
+
+ if(keyring_register_filename (filename, secret, readonly, &token))
+ {
+ if (used_resources >= MAX_KEYDB_RESOURCES)
+ rc = G10ERR_RESOURCE_LIMIT;
+ else
+ {
+ if(flags&2)
+ primary_keyring=token;
+ all_resources[used_resources].type = rt;
+ all_resources[used_resources].u.kr = NULL; /* Not used here */
+ all_resources[used_resources].token = token;
+ all_resources[used_resources].secret = secret;
+ used_resources++;
+ }
+ }
+ else
+ {
+ /* This keyring was already registered, so ignore it.
+ However, we can still mark it as primary even if it was
+ already registered. */
+ if(flags&2)
+ primary_keyring=token;
+ }
+ break;
+
+ default:
+ log_error ("resource type of `%s' not supported\n", url);
+ rc = G10ERR_GENERAL;
+ goto leave;
+ }
+
+ /* fixme: check directory permissions and print a warning */
+
+ leave:
+ if (rc)
+ {
+ /* Secret keyrings are not required in all cases. To avoid
+ having gpg return failure we use log_info here if the
+ rewsource is a secret one and marked as default
+ resource. */
+ if ((flags&4) && secret)
+ log_info (_("keyblock resource `%s': %s\n"),
+ filename, g10_errstr(rc));
+ else
+ log_error (_("keyblock resource `%s': %s\n"),
+ filename, g10_errstr(rc));
+ }
+ else if (secret)
+ any_secret = 1;
+ else
+ any_public = 1;
+ xfree (filename);
+ return rc;
+}
+
+
+
+
+KEYDB_HANDLE
+keydb_new (int secret)
+{
+ KEYDB_HANDLE hd;
+ int i, j;
+
+ hd = xmalloc_clear (sizeof *hd);
+ hd->found = -1;
+
+ assert (used_resources <= MAX_KEYDB_RESOURCES);
+ for (i=j=0; i < used_resources; i++)
+ {
+ if (!all_resources[i].secret != !secret)
+ continue;
+ switch (all_resources[i].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ hd->active[j].type = all_resources[i].type;
+ hd->active[j].token = all_resources[i].token;
+ hd->active[j].secret = all_resources[i].secret;
+ hd->active[j].u.kr = keyring_new (all_resources[i].token, secret);
+ if (!hd->active[j].u.kr) {
+ xfree (hd);
+ return NULL; /* fixme: release all previously allocated handles*/
+ }
+ j++;
+ break;
+ }
+ }
+ hd->used = j;
+
+ active_handles++;
+ return hd;
+}
+
+void
+keydb_release (KEYDB_HANDLE hd)
+{
+ int i;
+
+ if (!hd)
+ return;
+ assert (active_handles > 0);
+ active_handles--;
+
+ unlock_all (hd);
+ for (i=0; i < hd->used; i++) {
+ switch (hd->active[i].type) {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ keyring_release (hd->active[i].u.kr);
+ break;
+ }
+ }
+
+ xfree (hd);
+}
+
+
+/*
+ * Return the name of the current resource. This is function first
+ * looks for the last found found, then for the current search
+ * position, and last returns the first available resource. The
+ * returned string is only valid as long as the handle exists. This
+ * function does only return NULL if no handle is specified, in all
+ * other error cases an empty string is returned.
+ */
+const char *
+keydb_get_resource_name (KEYDB_HANDLE hd)
+{
+ int idx;
+ const char *s = NULL;
+
+ if (!hd)
+ return NULL;
+
+ if ( hd->found >= 0 && hd->found < hd->used)
+ idx = hd->found;
+ else if ( hd->current >= 0 && hd->current < hd->used)
+ idx = hd->current;
+ else
+ idx = 0;
+
+ switch (hd->active[idx].type) {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ s = NULL;
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ s = keyring_get_resource_name (hd->active[idx].u.kr);
+ break;
+ }
+
+ return s? s: "";
+}
+
+
+
+static int
+lock_all (KEYDB_HANDLE hd)
+{
+ int i, rc = 0;
+
+ for (i=0; !rc && i < hd->used; i++) {
+ switch (hd->active[i].type) {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ rc = keyring_lock (hd->active[i].u.kr, 1);
+ break;
+ }
+ }
+
+ if (rc) {
+ /* revert the already set locks */
+ for (i--; i >= 0; i--) {
+ switch (hd->active[i].type) {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ keyring_lock (hd->active[i].u.kr, 0);
+ break;
+ }
+ }
+ }
+ else
+ hd->locked = 1;
+
+ return rc;
+}
+
+static void
+unlock_all (KEYDB_HANDLE hd)
+{
+ int i;
+
+ if (!hd->locked)
+ return;
+
+ for (i=hd->used-1; i >= 0; i--) {
+ switch (hd->active[i].type) {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ keyring_lock (hd->active[i].u.kr, 0);
+ break;
+ }
+ }
+ hd->locked = 0;
+}
+
+
+/*
+ * Return the last found keyring. Caller must free it.
+ * The returned keyblock has the kbode flag bit 0 set for the node with
+ * the public key used to locate the keyblock or flag bit 1 set for
+ * the user ID node.
+ */
+int
+keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
+{
+ int rc = 0;
+
+ if (!hd)
+ return G10ERR_INV_ARG;
+
+ if ( hd->found < 0 || hd->found >= hd->used)
+ return -1; /* nothing found */
+
+ switch (hd->active[hd->found].type) {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ rc = G10ERR_GENERAL; /* oops */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ rc = keyring_get_keyblock (hd->active[hd->found].u.kr, ret_kb);
+ break;
+ }
+
+ return rc;
+}
+
+/*
+ * update the current keyblock with KB
+ */
+int
+keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb)
+{
+ int rc = 0;
+
+ if (!hd)
+ return G10ERR_INV_ARG;
+
+ if ( hd->found < 0 || hd->found >= hd->used)
+ return -1; /* nothing found */
+
+ if( opt.dry_run )
+ return 0;
+
+ rc = lock_all (hd);
+ if (rc)
+ return rc;
+
+ switch (hd->active[hd->found].type) {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ rc = G10ERR_GENERAL; /* oops */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ rc = keyring_update_keyblock (hd->active[hd->found].u.kr, kb);
+ break;
+ }
+
+ unlock_all (hd);
+ return rc;
+}
+
+
+/*
+ * Insert a new KB into one of the resources.
+ */
+int
+keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
+{
+ int rc = -1;
+ int idx;
+
+ if (!hd)
+ return G10ERR_INV_ARG;
+
+ if( opt.dry_run )
+ return 0;
+
+ if ( hd->found >= 0 && hd->found < hd->used)
+ idx = hd->found;
+ else if ( hd->current >= 0 && hd->current < hd->used)
+ idx = hd->current;
+ else
+ return G10ERR_GENERAL;
+
+ rc = lock_all (hd);
+ if (rc)
+ return rc;
+
+ switch (hd->active[idx].type) {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ rc = G10ERR_GENERAL; /* oops */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ rc = keyring_insert_keyblock (hd->active[idx].u.kr, kb);
+ break;
+ }
+
+ unlock_all (hd);
+ return rc;
+}
+
+
+/*
+ * The current keyblock will be deleted.
+ */
+int
+keydb_delete_keyblock (KEYDB_HANDLE hd)
+{
+ int rc = -1;
+
+ if (!hd)
+ return G10ERR_INV_ARG;
+
+ if ( hd->found < 0 || hd->found >= hd->used)
+ return -1; /* nothing found */
+
+ if( opt.dry_run )
+ return 0;
+
+ rc = lock_all (hd);
+ if (rc)
+ return rc;
+
+ switch (hd->active[hd->found].type) {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ rc = G10ERR_GENERAL; /* oops */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ rc = keyring_delete_keyblock (hd->active[hd->found].u.kr);
+ break;
+ }
+
+ unlock_all (hd);
+ return rc;
+}
+
+
+/*
+ * Locate the default writable key resource, so that the next
+ * operation (which is only relevant for inserts) will be done on this
+ * resource.
+ */
+int
+keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
+{
+ int rc;
+
+ (void)reserved;
+
+ if (!hd)
+ return G10ERR_INV_ARG;
+
+ rc = keydb_search_reset (hd); /* this does reset hd->current */
+ if (rc)
+ return rc;
+
+ /* If we have a primary set, try that one first */
+ if(primary_keyring)
+ {
+ for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++)
+ {
+ if(hd->active[hd->current].token==primary_keyring)
+ {
+ if(keyring_is_writable (hd->active[hd->current].token))
+ return 0;
+ else
+ break;
+ }
+ }
+
+ rc = keydb_search_reset (hd); /* this does reset hd->current */
+ if (rc)
+ return rc;
+ }
+
+ for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++)
+ {
+ switch (hd->active[hd->current].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ BUG();
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ if (keyring_is_writable (hd->active[hd->current].token))
+ return 0; /* found (hd->current is set to it) */
+ break;
+ }
+ }
+
+ return -1;
+}
+
+/*
+ * Rebuild the caches of all key resources.
+ */
+void
+keydb_rebuild_caches (int noisy)
+{
+ int i, rc;
+
+ for (i=0; i < used_resources; i++)
+ {
+ if (all_resources[i].secret)
+ continue;
+ if (!keyring_is_writable (all_resources[i].token))
+ continue;
+ switch (all_resources[i].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ rc = keyring_rebuild_cache (all_resources[i].token,noisy);
+ if (rc)
+ log_error (_("failed to rebuild keyring cache: %s\n"),
+ g10_errstr (rc));
+ break;
+ }
+ }
+}
+
+
+
+/*
+ * Start the next search on this handle right at the beginning
+ */
+int
+keydb_search_reset (KEYDB_HANDLE hd)
+{
+ int i, rc = 0;
+
+ if (!hd)
+ return G10ERR_INV_ARG;
+
+ hd->current = 0;
+ hd->found = -1;
+ /* and reset all resources */
+ for (i=0; !rc && i < hd->used; i++) {
+ switch (hd->active[i].type) {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ rc = keyring_search_reset (hd->active[i].u.kr);
+ break;
+ }
+ }
+ return rc;
+}
+
+
+/*
+ * Search through all keydb resources, starting at the current position,
+ * for a keyblock which contains one of the keys described in the DESC array.
+ */
+int
+keydb_search2 (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+ size_t ndesc, size_t *descindex)
+{
+ int rc = -1;
+
+ if (!hd)
+ return G10ERR_INV_ARG;
+
+ while (rc == -1 && hd->current >= 0 && hd->current < hd->used) {
+ switch (hd->active[hd->current].type) {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ BUG(); /* we should never see it here */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ rc = keyring_search (hd->active[hd->current].u.kr, desc,
+ ndesc, descindex);
+ break;
+ }
+ if (rc == -1) /* EOF -> switch to next resource */
+ hd->current++;
+ else if (!rc)
+ hd->found = hd->current;
+ }
+
+ return rc;
+}
+
+int
+keydb_search_first (KEYDB_HANDLE hd)
+{
+ KEYDB_SEARCH_DESC desc;
+
+ memset (&desc, 0, sizeof desc);
+ desc.mode = KEYDB_SEARCH_MODE_FIRST;
+ return keydb_search (hd, &desc, 1);
+}
+
+int
+keydb_search_next (KEYDB_HANDLE hd)
+{
+ KEYDB_SEARCH_DESC desc;
+
+ memset (&desc, 0, sizeof desc);
+ desc.mode = KEYDB_SEARCH_MODE_NEXT;
+ return keydb_search (hd, &desc, 1);
+}
+
+int
+keydb_search_kid (KEYDB_HANDLE hd, u32 *kid)
+{
+ KEYDB_SEARCH_DESC desc;
+
+ memset (&desc, 0, sizeof desc);
+ desc.mode = KEYDB_SEARCH_MODE_LONG_KID;
+ desc.u.kid[0] = kid[0];
+ desc.u.kid[1] = kid[1];
+ return keydb_search (hd, &desc, 1);
+}
+
+int
+keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr)
+{
+ KEYDB_SEARCH_DESC desc;
+
+ memset (&desc, 0, sizeof desc);
+ desc.mode = KEYDB_SEARCH_MODE_FPR;
+ memcpy (desc.u.fpr, fpr, MAX_FINGERPRINT_LEN);
+ return keydb_search (hd, &desc, 1);
+}
diff --git a/g10/keydb.h b/g10/keydb.h
new file mode 100644
index 0000000..52ede16
--- /dev/null
+++ b/g10/keydb.h
@@ -0,0 +1,317 @@
+/* keydb.h - Key database
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+ * 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef G10_KEYDB_H
+#define G10_KEYDB_H
+
+#include <assuan.h>
+
+#include "types.h"
+#include "packet.h"
+#include "cipher.h"
+
+/* What qualifies as a certification (rather than a signature?) */
+#define IS_CERT(s) (IS_KEY_SIG(s) || IS_UID_SIG(s) || IS_SUBKEY_SIG(s) \
+ || IS_KEY_REV(s) || IS_UID_REV(s) || IS_SUBKEY_REV(s))
+#define IS_SIG(s) (!IS_CERT(s))
+#define IS_KEY_SIG(s) ((s)->sig_class == 0x1f)
+#define IS_UID_SIG(s) (((s)->sig_class & ~3) == 0x10)
+#define IS_SUBKEY_SIG(s) ((s)->sig_class == 0x18)
+#define IS_KEY_REV(s) ((s)->sig_class == 0x20)
+#define IS_UID_REV(s) ((s)->sig_class == 0x30)
+#define IS_SUBKEY_REV(s) ((s)->sig_class == 0x28)
+
+struct getkey_ctx_s;
+typedef struct getkey_ctx_s *GETKEY_CTX;
+
+/****************
+ * A Keyblock is all packets which form an entire certificate;
+ * i.e. the public key, certificate, trust packets, user ids,
+ * signatures, and subkey.
+ *
+ * This structure is also used to bind arbitrary packets together.
+ */
+
+struct kbnode_struct {
+ KBNODE next;
+ PACKET *pkt;
+ int flag;
+ int private_flag;
+ ulong recno; /* used while updating the trustdb */
+};
+
+#define is_deleted_kbnode(a) ((a)->private_flag & 1)
+#define is_cloned_kbnode(a) ((a)->private_flag & 2)
+
+
+enum resource_type {
+ rt_UNKNOWN = 0,
+ rt_RING = 1
+};
+
+
+/****************
+ * A data structre to hold information about the external position
+ * of a keyblock.
+ */
+struct keyblock_pos_struct {
+ int resno; /* resource number */
+ enum resource_type rt;
+ off_t offset; /* position information */
+ unsigned count; /* length of the keyblock in packets */
+ iobuf_t fp; /* Used by enum_keyblocks. */
+ int secret; /* working on a secret keyring */
+ PACKET *pkt; /* ditto */
+ int valid;
+};
+typedef struct keyblock_pos_struct KBPOS;
+
+/* structure to hold a couple of public key certificates */
+typedef struct pk_list *PK_LIST;
+struct pk_list {
+ PK_LIST next;
+ PKT_public_key *pk;
+ int flags; /* flag bit 1==throw_keyid */
+};
+
+/* structure to hold a couple of secret key certificates */
+typedef struct sk_list *SK_LIST;
+struct sk_list {
+ SK_LIST next;
+ PKT_secret_key *sk;
+ int mark; /* not used */
+};
+
+/* structure to collect all information which can be used to
+ * identify a public key */
+typedef struct pubkey_find_info *PUBKEY_FIND_INFO;
+struct pubkey_find_info {
+ u32 keyid[2];
+ unsigned nbits;
+ byte pubkey_algo;
+ byte fingerprint[MAX_FINGERPRINT_LEN];
+ char userid[1];
+};
+
+
+typedef struct keydb_handle *KEYDB_HANDLE;
+
+typedef enum {
+ KEYDB_SEARCH_MODE_NONE,
+ KEYDB_SEARCH_MODE_EXACT,
+ KEYDB_SEARCH_MODE_SUBSTR,
+ KEYDB_SEARCH_MODE_MAIL,
+ KEYDB_SEARCH_MODE_MAILSUB,
+ KEYDB_SEARCH_MODE_MAILEND,
+ KEYDB_SEARCH_MODE_WORDS,
+ KEYDB_SEARCH_MODE_SHORT_KID,
+ KEYDB_SEARCH_MODE_LONG_KID,
+ KEYDB_SEARCH_MODE_FPR16,
+ KEYDB_SEARCH_MODE_FPR20,
+ KEYDB_SEARCH_MODE_FPR,
+ KEYDB_SEARCH_MODE_FIRST,
+ KEYDB_SEARCH_MODE_NEXT
+} KeydbSearchMode;
+
+struct keydb_search_desc {
+ KeydbSearchMode mode;
+ int (*skipfnc)(void *,u32*,PKT_user_id*);
+ void *skipfncvalue;
+ union {
+ const char *name;
+ byte fpr[MAX_FINGERPRINT_LEN];
+ u32 kid[2];
+ } u;
+ int exact;
+};
+
+
+/* Helper type for preference fucntions. */
+union pref_hint
+{
+ int digest_length;
+};
+
+
+/*-- keydb.c --*/
+
+/*
+ Flag 1 == force
+ Flag 2 == default
+*/
+int keydb_add_resource (const char *url, int flags, int secret);
+KEYDB_HANDLE keydb_new (int secret);
+void keydb_release (KEYDB_HANDLE hd);
+const char *keydb_get_resource_name (KEYDB_HANDLE hd);
+int keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb);
+int keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb);
+int keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb);
+int keydb_delete_keyblock (KEYDB_HANDLE hd);
+int keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved);
+void keydb_rebuild_caches (int noisy);
+int keydb_search_reset (KEYDB_HANDLE hd);
+#define keydb_search(a,b,c) keydb_search2((a),(b),(c),NULL)
+int keydb_search2 (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+ size_t ndesc, size_t *descindex);
+int keydb_search_first (KEYDB_HANDLE hd);
+int keydb_search_next (KEYDB_HANDLE hd);
+int keydb_search_kid (KEYDB_HANDLE hd, u32 *kid);
+int keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr);
+
+
+/*-- pkclist.c --*/
+void show_revocation_reason( PKT_public_key *pk, int mode );
+int check_signatures_trust( PKT_signature *sig );
+void release_pk_list( PK_LIST pk_list );
+int build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned use );
+int algo_available( preftype_t preftype, int algo,
+ const union pref_hint *hint );
+int select_algo_from_prefs( PK_LIST pk_list, int preftype,
+ int request, const union pref_hint *hint);
+int select_mdc_from_pklist (PK_LIST pk_list);
+void warn_missing_mdc_from_pklist (PK_LIST pk_list);
+void warn_missing_aes_from_pklist (PK_LIST pk_list);
+
+/*-- skclist.c --*/
+int random_is_faked (void);
+void release_sk_list( SK_LIST sk_list );
+int build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
+ int unlock, unsigned use );
+
+/*-- passphrase.h --*/
+unsigned char encode_s2k_iterations (int iterations);
+assuan_context_t agent_open (int try, const char *orig_codeset);
+void agent_close (assuan_context_t ctx);
+int have_static_passphrase(void);
+void set_passphrase_from_string(const char *pass);
+void read_passphrase_from_fd( int fd );
+void passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo );
+DEK *passphrase_to_dek_ext(u32 *keyid, int pubkey_algo,
+ int cipher_algo, STRING2KEY *s2k, int mode,
+ const char *tryagain_text,
+ const char *custdesc, const char *custprompt,
+ int *canceled);
+DEK *passphrase_to_dek( u32 *keyid, int pubkey_algo,
+ int cipher_algo, STRING2KEY *s2k, int mode,
+ const char *tryagain_text, int *canceled);
+void set_next_passphrase( const char *s );
+char *get_last_passphrase(void);
+void next_to_last_passphrase(void);
+
+/*-- getkey.c --*/
+int classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc);
+void cache_public_key( PKT_public_key *pk );
+void getkey_disable_caches(void);
+int get_pubkey( PKT_public_key *pk, u32 *keyid );
+int get_pubkey_fast ( PKT_public_key *pk, u32 *keyid );
+KBNODE get_pubkeyblock( u32 *keyid );
+int get_pubkey_byname (GETKEY_CTX *rx, PKT_public_key *pk, const char *name,
+ KBNODE *ret_keyblock, KEYDB_HANDLE *ret_kdbhd,
+ int include_unusable, int no_akl );
+int get_pubkey_bynames( GETKEY_CTX *rx, PKT_public_key *pk,
+ strlist_t names, KBNODE *ret_keyblock );
+int get_pubkey_next( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock );
+void get_pubkey_end( GETKEY_CTX ctx );
+int get_seckey( PKT_secret_key *sk, u32 *keyid );
+int get_primary_seckey( PKT_secret_key *sk, u32 *keyid );
+int get_pubkey_byfprint( PKT_public_key *pk, const byte *fprint,
+ size_t fprint_len );
+int get_pubkey_byfprint_fast (PKT_public_key *pk,
+ const byte *fprint, size_t fprint_len);
+int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
+ size_t fprint_len );
+int get_keyblock_bylid( KBNODE *ret_keyblock, ulong lid );
+int seckey_available( u32 *keyid );
+int get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock );
+int get_seckey_bynames( GETKEY_CTX *rx, PKT_secret_key *sk,
+ strlist_t names, KBNODE *ret_keyblock );
+int get_seckey_next (GETKEY_CTX ctx, PKT_secret_key *sk, KBNODE *ret_keyblock);
+void get_seckey_end( GETKEY_CTX ctx );
+
+int get_seckey_byfprint( PKT_secret_key *sk,
+ const byte *fprint, size_t fprint_len);
+int get_seckeyblock_byfprint (KBNODE *ret_keyblock, const byte *fprint,
+ size_t fprint_len );
+
+
+int enum_secret_keys( void **context, PKT_secret_key *sk,
+ int with_subkeys, int with_spm );
+void merge_keys_and_selfsig( KBNODE keyblock );
+char*get_user_id_string( u32 *keyid );
+char*get_user_id_string_native( u32 *keyid );
+char*get_long_user_id_string( u32 *keyid );
+char*get_user_id( u32 *keyid, size_t *rn );
+char*get_user_id_native( u32 *keyid );
+KEYDB_HANDLE get_ctx_handle(GETKEY_CTX ctx);
+void release_akl(void);
+int parse_auto_key_locate(char *options);
+
+/*-- keyid.c --*/
+int pubkey_letter( int algo );
+u32 v3_keyid (gcry_mpi_t a, u32 *ki);
+void hash_public_key( gcry_md_hd_t md, PKT_public_key *pk );
+size_t keystrlen(void);
+const char *keystr(u32 *keyid);
+const char *keystr_from_pk(PKT_public_key *pk);
+const char *keystr_from_sk(PKT_secret_key *sk);
+const char *keystr_from_desc(KEYDB_SEARCH_DESC *desc);
+u32 keyid_from_sk( PKT_secret_key *sk, u32 *keyid );
+u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid );
+u32 keyid_from_sig( PKT_signature *sig, u32 *keyid );
+u32 keyid_from_fingerprint(const byte *fprint, size_t fprint_len, u32 *keyid);
+byte *namehash_from_uid(PKT_user_id *uid);
+unsigned nbits_from_pk( PKT_public_key *pk );
+unsigned nbits_from_sk( PKT_secret_key *sk );
+const char *datestr_from_pk( PKT_public_key *pk );
+const char *datestr_from_sk( PKT_secret_key *sk );
+const char *datestr_from_sig( PKT_signature *sig );
+const char *expirestr_from_pk( PKT_public_key *pk );
+const char *expirestr_from_sk( PKT_secret_key *sk );
+const char *expirestr_from_sig( PKT_signature *sig );
+const char *revokestr_from_pk( PKT_public_key *pk );
+const char *usagestr_from_pk( PKT_public_key *pk );
+const char *colon_strtime (u32 t);
+const char *colon_datestr_from_pk (PKT_public_key *pk);
+const char *colon_datestr_from_sk (PKT_secret_key *sk);
+const char *colon_datestr_from_sig (PKT_signature *sig);
+const char *colon_expirestr_from_sig (PKT_signature *sig);
+byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf, size_t *ret_len );
+byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
+char *serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen,
+ PKT_secret_key *sk);
+
+/*-- kbnode.c --*/
+KBNODE new_kbnode( PACKET *pkt );
+KBNODE clone_kbnode( KBNODE node );
+void release_kbnode( KBNODE n );
+void delete_kbnode( KBNODE node );
+void add_kbnode( KBNODE root, KBNODE node );
+void insert_kbnode( KBNODE root, KBNODE node, int pkttype );
+void move_kbnode( KBNODE *root, KBNODE node, KBNODE where );
+void remove_kbnode( KBNODE *root, KBNODE node );
+KBNODE find_prev_kbnode( KBNODE root, KBNODE node, int pkttype );
+KBNODE find_next_kbnode( KBNODE node, int pkttype );
+KBNODE find_kbnode( KBNODE node, int pkttype );
+KBNODE walk_kbnode( KBNODE root, KBNODE *context, int all );
+void clear_kbnode_flags( KBNODE n );
+int commit_kbnode( KBNODE *root );
+void dump_kbnode( KBNODE node );
+
+#endif /*G10_KEYDB_H*/
diff --git a/g10/keyedit.c b/g10/keyedit.c
new file mode 100644
index 0000000..76830f0
--- /dev/null
+++ b/g10/keyedit.c
@@ -0,0 +1,5271 @@
+/* keyedit.c - keyedit stuff
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ * 2008, 2009, 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <ctype.h>
+#ifdef HAVE_LIBREADLINE
+#define GNUPG_LIBREADLINE_H_INCLUDED
+#include <readline/readline.h>
+#endif
+
+#include "gpg.h"
+#include "options.h"
+#include "packet.h"
+#include "status.h"
+#include "iobuf.h"
+#include "keydb.h"
+#include "photoid.h"
+#include "util.h"
+#include "main.h"
+#include "trustdb.h"
+#include "filter.h"
+#include "ttyio.h"
+#include "status.h"
+#include "i18n.h"
+#include "keyserver-internal.h"
+
+static void show_prefs( PKT_user_id *uid, PKT_signature *selfsig, int verbose);
+static void show_names(KBNODE keyblock,PKT_public_key *pk,
+ unsigned int flag,int with_prefs);
+static void show_key_with_all_names( KBNODE keyblock, int only_marked,
+ int with_revoker, int with_fpr, int with_subkeys, int with_prefs );
+static void show_key_and_fingerprint( KBNODE keyblock );
+static int menu_adduid( KBNODE keyblock, KBNODE sec_keyblock,
+ int photo, const char *photo_name );
+static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock );
+static int menu_delsig( KBNODE pub_keyblock );
+static int menu_clean(KBNODE keyblock,int self_only);
+static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
+static int menu_addrevoker( KBNODE pub_keyblock,
+ KBNODE sec_keyblock, int sensitive );
+static int menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock );
+static int menu_backsign(KBNODE pub_keyblock,KBNODE sec_keyblock);
+static int menu_set_primary_uid( KBNODE pub_keyblock, KBNODE sec_keyblock );
+static int menu_set_preferences( KBNODE pub_keyblock, KBNODE sec_keyblock );
+static int menu_set_keyserver_url (const char *url,
+ KBNODE pub_keyblock, KBNODE sec_keyblock );
+static int menu_set_notation(const char *string,
+ KBNODE pub_keyblock,KBNODE sec_keyblock);
+static int menu_select_uid( KBNODE keyblock, int idx );
+static int menu_select_uid_namehash( KBNODE keyblock, const char *namehash );
+static int menu_select_key( KBNODE keyblock, int idx );
+static int count_uids( KBNODE keyblock );
+static int count_uids_with_flag( KBNODE keyblock, unsigned flag );
+static int count_keys_with_flag( KBNODE keyblock, unsigned flag );
+static int count_selected_uids( KBNODE keyblock );
+static int real_uids_left( KBNODE keyblock );
+static int count_selected_keys( KBNODE keyblock );
+static int menu_revsig( KBNODE keyblock );
+static int menu_revuid( KBNODE keyblock, KBNODE sec_keyblock );
+static int menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
+static int menu_revsubkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
+static int enable_disable_key( KBNODE keyblock, int disable );
+static void menu_showphoto( KBNODE keyblock );
+
+static int update_trust=0;
+
+#define CONTROL_D ('D' - 'A' + 1)
+
+#define NODFLG_BADSIG (1<<0) /* bad signature */
+#define NODFLG_NOKEY (1<<1) /* no public key */
+#define NODFLG_SIGERR (1<<2) /* other sig error */
+
+#define NODFLG_MARK_A (1<<4) /* temporary mark */
+#define NODFLG_DELSIG (1<<5) /* to be deleted */
+
+#define NODFLG_SELUID (1<<8) /* indicate the selected userid */
+#define NODFLG_SELKEY (1<<9) /* indicate the selected key */
+#define NODFLG_SELSIG (1<<10) /* indicate a selected signature */
+
+struct sign_attrib {
+ int non_exportable,non_revocable;
+ struct revocation_reason_info *reason;
+ byte trust_depth,trust_value;
+ char *trust_regexp;
+};
+
+
+#ifdef ENABLE_CARD_SUPPORT
+/* Given a node SEC_NODE with a secret key or subkey, locate the
+ corresponding public key from pub_keyblock. */
+static PKT_public_key *
+find_pk_from_sknode (KBNODE pub_keyblock, KBNODE sec_node)
+{
+ KBNODE node = pub_keyblock;
+ PKT_secret_key *sk;
+ PKT_public_key *pk;
+
+ if (sec_node->pkt->pkttype == PKT_SECRET_KEY
+ && node->pkt->pkttype == PKT_PUBLIC_KEY)
+ return node->pkt->pkt.public_key;
+ if (sec_node->pkt->pkttype != PKT_SECRET_SUBKEY)
+ return NULL;
+ sk = sec_node->pkt->pkt.secret_key;
+ for (; node; node = node->next)
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ pk = node->pkt->pkt.public_key;
+ if (pk->keyid[0] == sk->keyid[0] && pk->keyid[1] == sk->keyid[1])
+ return pk;
+ }
+
+ return NULL;
+}
+#endif /* ENABLE_CARD_SUPPORT */
+
+
+/* TODO: Fix duplicated code between here and the check-sigs/list-sigs
+ code in keylist.c. */
+static int
+print_and_check_one_sig_colon( KBNODE keyblock, KBNODE node,
+ int *inv_sigs, int *no_key, int *oth_err,
+ int *is_selfsig, int print_without_key )
+{
+ PKT_signature *sig = node->pkt->pkt.signature;
+ int rc, sigrc;
+
+ /* TODO: Make sure a cached sig record here still has the pk that
+ issued it. See also keylist.c:list_keyblock_print */
+
+ switch((rc=check_key_signature(keyblock,node,is_selfsig)))
+ {
+ case 0:
+ node->flag &= ~(NODFLG_BADSIG|NODFLG_NOKEY|NODFLG_SIGERR);
+ sigrc = '!';
+ break;
+ case G10ERR_BAD_SIGN:
+ node->flag = NODFLG_BADSIG;
+ sigrc = '-';
+ if( inv_sigs )
+ ++*inv_sigs;
+ break;
+ case G10ERR_NO_PUBKEY:
+ case G10ERR_UNU_PUBKEY:
+ node->flag = NODFLG_NOKEY;
+ sigrc = '?';
+ if( no_key )
+ ++*no_key;
+ break;
+ default:
+ node->flag = NODFLG_SIGERR;
+ sigrc = '%';
+ if( oth_err )
+ ++*oth_err;
+ break;
+ }
+
+ if( sigrc != '?' || print_without_key )
+ {
+ printf("sig:%c::%d:%08lX%08lX:%lu:%lu:",
+ sigrc,sig->pubkey_algo,(ulong)sig->keyid[0],(ulong)sig->keyid[1],
+ (ulong)sig->timestamp,(ulong)sig->expiredate);
+
+ if(sig->trust_depth || sig->trust_value)
+ printf("%d %d",sig->trust_depth,sig->trust_value);
+
+ printf(":");
+
+ if(sig->trust_regexp)
+ print_string(stdout,sig->trust_regexp,strlen(sig->trust_regexp),':');
+
+ printf("::%02x%c\n",sig->sig_class,sig->flags.exportable?'x':'l');
+
+ if(opt.show_subpackets)
+ print_subpackets_colon(sig);
+ }
+
+ return (sigrc == '!');
+}
+
+
+/****************
+ * Print information about a signature, check it and return true
+ * if the signature is okay. NODE must be a signature packet.
+ */
+static int
+print_and_check_one_sig( KBNODE keyblock, KBNODE node,
+ int *inv_sigs, int *no_key, int *oth_err,
+ int *is_selfsig, int print_without_key )
+{
+ PKT_signature *sig = node->pkt->pkt.signature;
+ int rc, sigrc;
+ int is_rev = sig->sig_class == 0x30;
+
+ /* TODO: Make sure a cached sig record here still has the pk that
+ issued it. See also keylist.c:list_keyblock_print */
+
+ switch( (rc = check_key_signature( keyblock, node, is_selfsig)) ) {
+ case 0:
+ node->flag &= ~(NODFLG_BADSIG|NODFLG_NOKEY|NODFLG_SIGERR);
+ sigrc = '!';
+ break;
+ case G10ERR_BAD_SIGN:
+ node->flag = NODFLG_BADSIG;
+ sigrc = '-';
+ if( inv_sigs )
+ ++*inv_sigs;
+ break;
+ case G10ERR_NO_PUBKEY:
+ case G10ERR_UNU_PUBKEY:
+ node->flag = NODFLG_NOKEY;
+ sigrc = '?';
+ if( no_key )
+ ++*no_key;
+ break;
+ default:
+ node->flag = NODFLG_SIGERR;
+ sigrc = '%';
+ if( oth_err )
+ ++*oth_err;
+ break;
+ }
+ if( sigrc != '?' || print_without_key ) {
+ tty_printf("%s%c%c %c%c%c%c%c%c %s %s",
+ is_rev? "rev":"sig",sigrc,
+ (sig->sig_class-0x10>0 &&
+ sig->sig_class-0x10<4)?'0'+sig->sig_class-0x10:' ',
+ sig->flags.exportable?' ':'L',
+ sig->flags.revocable?' ':'R',
+ sig->flags.policy_url?'P':' ',
+ sig->flags.notation?'N':' ',
+ sig->flags.expired?'X':' ',
+ (sig->trust_depth>9)?'T':
+ (sig->trust_depth>0)?'0'+sig->trust_depth:' ',
+ keystr(sig->keyid),datestr_from_sig(sig));
+ if(opt.list_options&LIST_SHOW_SIG_EXPIRE)
+ tty_printf(" %s",expirestr_from_sig(sig));
+ tty_printf(" ");
+ if( sigrc == '%' )
+ tty_printf("[%s] ", g10_errstr(rc) );
+ else if( sigrc == '?' )
+ ;
+ else if( *is_selfsig ) {
+ tty_printf( is_rev? _("[revocation]")
+ : _("[self-signature]") );
+ }
+ else
+ {
+ size_t n;
+ char *p = get_user_id( sig->keyid, &n );
+ tty_print_utf8_string2(p, n, opt.screen_columns-keystrlen()-26-
+ ((opt.list_options&LIST_SHOW_SIG_EXPIRE)?11:0));
+ xfree(p);
+ }
+ tty_printf("\n");
+
+ if(sig->flags.policy_url && (opt.list_options&LIST_SHOW_POLICY_URLS))
+ show_policy_url(sig,3,0);
+
+ if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATIONS))
+ show_notation(sig,3,0,
+ ((opt.list_options&LIST_SHOW_STD_NOTATIONS)?1:0)+
+ ((opt.list_options&LIST_SHOW_USER_NOTATIONS)?2:0));
+
+ if(sig->flags.pref_ks && (opt.list_options&LIST_SHOW_KEYSERVER_URLS))
+ show_keyserver_url(sig,3,0);
+ }
+
+ return (sigrc == '!');
+}
+
+
+
+/****************
+ * Check the keysigs and set the flags to indicate errors.
+ * Returns true if error found.
+ */
+static int
+check_all_keysigs( KBNODE keyblock, int only_selected )
+{
+ KBNODE kbctx;
+ KBNODE node;
+ int inv_sigs = 0;
+ int no_key = 0;
+ int oth_err = 0;
+ int has_selfsig = 0;
+ int mis_selfsig = 0;
+ int selected = !only_selected;
+ int anyuid = 0;
+
+ for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
+ if( node->pkt->pkttype == PKT_USER_ID ) {
+ PKT_user_id *uid = node->pkt->pkt.user_id;
+
+ if( only_selected )
+ selected = (node->flag & NODFLG_SELUID);
+ if( selected ) {
+ tty_printf("uid ");
+ tty_print_utf8_string( uid->name, uid->len );
+ tty_printf("\n");
+ if( anyuid && !has_selfsig )
+ mis_selfsig++;
+ has_selfsig = 0;
+ anyuid = 1;
+ }
+ }
+ else if( selected && node->pkt->pkttype == PKT_SIGNATURE
+ && ( (node->pkt->pkt.signature->sig_class&~3) == 0x10
+ || node->pkt->pkt.signature->sig_class == 0x30 ) ) {
+ int selfsig;
+
+ if( print_and_check_one_sig( keyblock, node, &inv_sigs,
+ &no_key, &oth_err, &selfsig, 0 ) ) {
+ if( selfsig )
+ has_selfsig = 1;
+ }
+ /* Hmmm: should we update the trustdb here? */
+ }
+ }
+ if( !has_selfsig )
+ mis_selfsig++;
+ if( inv_sigs == 1 )
+ tty_printf(_("1 bad signature\n") );
+ else if( inv_sigs )
+ tty_printf(_("%d bad signatures\n"), inv_sigs );
+ if( no_key == 1 )
+ tty_printf(_("1 signature not checked due to a missing key\n") );
+ else if( no_key )
+ tty_printf(_("%d signatures not checked due to missing keys\n"), no_key );
+ if( oth_err == 1 )
+ tty_printf(_("1 signature not checked due to an error\n") );
+ else if( oth_err )
+ tty_printf(_("%d signatures not checked due to errors\n"), oth_err );
+ if( mis_selfsig == 1 )
+ tty_printf(_("1 user ID without valid self-signature detected\n"));
+ else if( mis_selfsig )
+ tty_printf(_("%d user IDs without valid self-signatures detected\n"),
+ mis_selfsig);
+
+ return inv_sigs || no_key || oth_err || mis_selfsig;
+}
+
+
+static int
+sign_mk_attrib( PKT_signature *sig, void *opaque )
+{
+ struct sign_attrib *attrib = opaque;
+ byte buf[8];
+
+ if( attrib->non_exportable ) {
+ buf[0] = 0; /* not exportable */
+ build_sig_subpkt( sig, SIGSUBPKT_EXPORTABLE, buf, 1 );
+ }
+
+ if( attrib->non_revocable ) {
+ buf[0] = 0; /* not revocable */
+ build_sig_subpkt( sig, SIGSUBPKT_REVOCABLE, buf, 1 );
+ }
+
+ if( attrib->reason )
+ revocation_reason_build_cb( sig, attrib->reason );
+
+ if(attrib->trust_depth)
+ {
+ /* Not critical. If someone doesn't understand trust sigs,
+ this can still be a valid regular signature. */
+ buf[0] = attrib->trust_depth;
+ buf[1] = attrib->trust_value;
+ build_sig_subpkt(sig,SIGSUBPKT_TRUST,buf,2);
+
+ /* Critical. If someone doesn't understands regexps, this
+ whole sig should be invalid. Note the +1 for the length -
+ regexps are null terminated. */
+ if(attrib->trust_regexp)
+ build_sig_subpkt(sig,SIGSUBPKT_FLAG_CRITICAL|SIGSUBPKT_REGEXP,
+ attrib->trust_regexp,
+ strlen(attrib->trust_regexp)+1);
+ }
+
+ return 0;
+}
+
+static void
+trustsig_prompt(byte *trust_value,byte *trust_depth,char **regexp)
+{
+ char *p;
+
+ *trust_value=0;
+ *trust_depth=0;
+ *regexp=NULL;
+
+ /* Same string as pkclist.c:do_edit_ownertrust */
+ tty_printf(_("Please decide how far you trust this user to correctly verify"
+ " other users' keys\n(by looking at passports, checking"
+ " fingerprints from different sources, etc.)\n"));
+ tty_printf("\n");
+ tty_printf (_(" %d = I trust marginally\n"), 1);
+ tty_printf (_(" %d = I trust fully\n"), 2);
+ tty_printf("\n");
+
+ while(*trust_value==0)
+ {
+ p = cpr_get("trustsig_prompt.trust_value",_("Your selection? "));
+ trim_spaces(p);
+ cpr_kill_prompt();
+ /* 60 and 120 are as per RFC2440 */
+ if(p[0]=='1' && !p[1])
+ *trust_value=60;
+ else if(p[0]=='2' && !p[1])
+ *trust_value=120;
+ xfree(p);
+ }
+
+ tty_printf("\n");
+
+ tty_printf(_(
+ "Please enter the depth of this trust signature.\n"
+ "A depth greater than 1 allows the key you are signing to make\n"
+ "trust signatures on your behalf.\n"));
+ tty_printf("\n");
+
+ while(*trust_depth==0)
+ {
+ p = cpr_get("trustsig_prompt.trust_depth",_("Your selection? "));
+ trim_spaces(p);
+ cpr_kill_prompt();
+ *trust_depth=atoi(p);
+ xfree(p);
+ }
+
+ tty_printf("\n");
+
+ tty_printf(_("Please enter a domain to restrict this signature, "
+ "or enter for none.\n"));
+
+ tty_printf("\n");
+
+ p=cpr_get("trustsig_prompt.trust_regexp",_("Your selection? "));
+ trim_spaces(p);
+ cpr_kill_prompt();
+
+ if(strlen(p)>0)
+ {
+ char *q=p;
+ int regexplen=100,ind;
+
+ *regexp=xmalloc(regexplen);
+
+ /* Now mangle the domain the user entered into a regexp. To do
+ this, \-escape everything that isn't alphanumeric, and attach
+ "<[^>]+[@.]" to the front, and ">$" to the end. */
+
+ strcpy(*regexp,"<[^>]+[@.]");
+ ind=strlen(*regexp);
+
+ while(*q)
+ {
+ if(!((*q>='A' && *q<='Z')
+ || (*q>='a' && *q<='z') || (*q>='0' && *q<='9')))
+ (*regexp)[ind++]='\\';
+
+ (*regexp)[ind++]=*q;
+
+ if((regexplen-ind)<3)
+ {
+ regexplen+=100;
+ *regexp=xrealloc(*regexp,regexplen);
+ }
+
+ q++;
+ }
+
+ (*regexp)[ind]='\0';
+ strcat(*regexp,">$");
+ }
+
+ xfree(p);
+ tty_printf("\n");
+}
+
+/****************
+ * Loop over all locusr and and sign the uids after asking.
+ * If no user id is marked, all user ids will be signed;
+ * if some user_ids are marked those will be signed.
+ */
+static int
+sign_uids( KBNODE keyblock, strlist_t locusr, int *ret_modified,
+ int local, int nonrevocable, int trust, int interactive )
+{
+ int rc = 0;
+ SK_LIST sk_list = NULL;
+ SK_LIST sk_rover = NULL;
+ PKT_secret_key *sk = NULL;
+ KBNODE node, uidnode;
+ PKT_public_key *primary_pk=NULL;
+ int select_all = !count_selected_uids(keyblock) || interactive;
+ int all_v3=1;
+
+ /* Are there any non-v3 sigs on this key already? */
+ if(PGP2)
+ for(node=keyblock;node;node=node->next)
+ if(node->pkt->pkttype==PKT_SIGNATURE &&
+ node->pkt->pkt.signature->version>3)
+ {
+ all_v3=0;
+ break;
+ }
+
+ /* build a list of all signators.
+ *
+ * We use the CERT flag to request the primary which must always
+ * be one which is capable of signing keys. I can't see a reason
+ * why to sign keys using a subkey. Implementation of USAGE_CERT
+ * is just a hack in getkey.c and does not mean that a subkey
+ * marked as certification capable will be used. */
+ rc=build_sk_list( locusr, &sk_list, 0, PUBKEY_USAGE_CERT);
+ if( rc )
+ goto leave;
+
+ /* loop over all signators */
+ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+ u32 sk_keyid[2],pk_keyid[2];
+ char *p,*trust_regexp=NULL;
+ int force_v4=0,class=0,selfsig=0;
+ u32 duration=0,timestamp=0;
+ byte trust_depth=0,trust_value=0;
+
+ if(local || nonrevocable || trust ||
+ opt.cert_policy_url || opt.cert_notations)
+ force_v4=1;
+
+ /* we have to use a copy of the sk, because make_keysig_packet
+ * may remove the protection from sk and if we did other
+ * changes to the secret key, we would save the unprotected
+ * version */
+ if( sk )
+ free_secret_key(sk);
+ sk = copy_secret_key( NULL, sk_rover->sk );
+ keyid_from_sk( sk, sk_keyid );
+ /* set mark A for all selected user ids */
+ for( node=keyblock; node; node = node->next ) {
+ if( select_all || (node->flag & NODFLG_SELUID) )
+ node->flag |= NODFLG_MARK_A;
+ else
+ node->flag &= ~NODFLG_MARK_A;
+ }
+ /* reset mark for uids which are already signed */
+ uidnode = NULL;
+ for( node=keyblock; node; node = node->next ) {
+ if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
+ primary_pk=node->pkt->pkt.public_key;
+ keyid_from_pk( primary_pk, pk_keyid );
+
+ /* Is this a self-sig? */
+ if(pk_keyid[0]==sk_keyid[0] && pk_keyid[1]==sk_keyid[1])
+ {
+ selfsig=1;
+ /* Do not force a v4 sig here, otherwise it would
+ be difficult to remake a v3 selfsig. If this
+ is a v3->v4 promotion case, then we set
+ force_v4 later anyway. */
+ force_v4=0;
+ }
+ }
+ else if( node->pkt->pkttype == PKT_USER_ID )
+ {
+ uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
+ if(uidnode)
+ {
+ int yesreally=0;
+ char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
+ uidnode->pkt->pkt.user_id->len,
+ 0);
+
+ if(uidnode->pkt->pkt.user_id->is_revoked)
+ {
+ tty_printf(_("User ID \"%s\" is revoked."),user);
+
+ if(selfsig)
+ tty_printf("\n");
+ else if(opt.expert)
+ {
+ tty_printf("\n");
+ /* No, so remove the mark and continue */
+ if(!cpr_get_answer_is_yes("sign_uid.revoke_okay",
+ _("Are you sure you "
+ "still want to sign "
+ "it? (y/N) ")))
+ {
+ uidnode->flag &= ~NODFLG_MARK_A;
+ uidnode=NULL;
+ }
+ else if(interactive)
+ yesreally=1;
+ }
+ else
+ {
+ uidnode->flag &= ~NODFLG_MARK_A;
+ uidnode=NULL;
+ tty_printf(_(" Unable to sign.\n"));
+ }
+ }
+ else if(uidnode->pkt->pkt.user_id->is_expired)
+ {
+ tty_printf(_("User ID \"%s\" is expired."),user);
+
+ if(selfsig)
+ tty_printf("\n");
+ else if(opt.expert)
+ {
+ tty_printf("\n");
+ /* No, so remove the mark and continue */
+ if(!cpr_get_answer_is_yes("sign_uid.expire_okay",
+ _("Are you sure you "
+ "still want to sign "
+ "it? (y/N) ")))
+ {
+ uidnode->flag &= ~NODFLG_MARK_A;
+ uidnode=NULL;
+ }
+ else if(interactive)
+ yesreally=1;
+ }
+ else
+ {
+ uidnode->flag &= ~NODFLG_MARK_A;
+ uidnode=NULL;
+ tty_printf(_(" Unable to sign.\n"));
+ }
+ }
+ else if(!uidnode->pkt->pkt.user_id->created && !selfsig)
+ {
+ tty_printf(_("User ID \"%s\" is not self-signed."),
+ user);
+
+ if(opt.expert)
+ {
+ tty_printf("\n");
+ /* No, so remove the mark and continue */
+ if(!cpr_get_answer_is_yes("sign_uid.nosig_okay",
+ _("Are you sure you "
+ "still want to sign "
+ "it? (y/N) ")))
+ {
+ uidnode->flag &= ~NODFLG_MARK_A;
+ uidnode=NULL;
+ }
+ else if(interactive)
+ yesreally=1;
+ }
+ else
+ {
+ uidnode->flag &= ~NODFLG_MARK_A;
+ uidnode=NULL;
+ tty_printf(_(" Unable to sign.\n"));
+ }
+ }
+
+ if(uidnode && interactive && !yesreally)
+ {
+ tty_printf(_("User ID \"%s\" is signable. "),user);
+ if(!cpr_get_answer_is_yes("sign_uid.sign_okay",
+ _("Sign it? (y/N) ")))
+ {
+ uidnode->flag &= ~NODFLG_MARK_A;
+ uidnode=NULL;
+ }
+ }
+
+ xfree(user);
+ }
+ }
+ else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
+ && (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
+ if( sk_keyid[0] == node->pkt->pkt.signature->keyid[0]
+ && sk_keyid[1] == node->pkt->pkt.signature->keyid[1] ) {
+ char buf[50];
+ char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
+ uidnode->pkt->pkt.user_id->len,
+ 0);
+
+ /* It's a v3 self-sig. Make it into a v4 self-sig? */
+ if(node->pkt->pkt.signature->version<4 && selfsig)
+ {
+ tty_printf(_("The self-signature on \"%s\"\n"
+ "is a PGP 2.x-style signature.\n"),user);
+
+ /* Note that the regular PGP2 warning below
+ still applies if there are no v4 sigs on
+ this key at all. */
+
+ if(opt.expert)
+ if(cpr_get_answer_is_yes("sign_uid.v4_promote_okay",
+ _("Do you want to promote "
+ "it to an OpenPGP self-"
+ "signature? (y/N) ")))
+ {
+ force_v4=1;
+ node->flag|=NODFLG_DELSIG;
+ xfree(user);
+ continue;
+ }
+ }
+
+ /* Is the current signature expired? */
+ if(node->pkt->pkt.signature->flags.expired)
+ {
+ tty_printf(_("Your current signature on \"%s\"\n"
+ "has expired.\n"),user);
+
+ if(cpr_get_answer_is_yes("sign_uid.replace_expired_okay",
+ _("Do you want to issue a "
+ "new signature to replace "
+ "the expired one? (y/N) ")))
+ {
+ /* Mark these for later deletion. We
+ don't want to delete them here, just in
+ case the replacement signature doesn't
+ happen for some reason. We only delete
+ these after the replacement is already
+ in place. */
+
+ node->flag|=NODFLG_DELSIG;
+ xfree(user);
+ continue;
+ }
+ }
+
+ if(!node->pkt->pkt.signature->flags.exportable && !local)
+ {
+ /* It's a local sig, and we want to make a
+ exportable sig. */
+ tty_printf(_("Your current signature on \"%s\"\n"
+ "is a local signature.\n"),user);
+
+ if(cpr_get_answer_is_yes("sign_uid.local_promote_okay",
+ _("Do you want to promote "
+ "it to a full exportable "
+ "signature? (y/N) ")))
+ {
+ /* Mark these for later deletion. We
+ don't want to delete them here, just in
+ case the replacement signature doesn't
+ happen for some reason. We only delete
+ these after the replacement is already
+ in place. */
+
+ node->flag|=NODFLG_DELSIG;
+ xfree(user);
+ continue;
+ }
+ }
+
+ /* Fixme: see whether there is a revocation in which
+ * case we should allow to sign it again. */
+ if (!node->pkt->pkt.signature->flags.exportable && local)
+ tty_printf(_(
+ "\"%s\" was already locally signed by key %s\n"),
+ user,keystr_from_sk(sk));
+ else
+ tty_printf(_("\"%s\" was already signed by key %s\n"),
+ user,keystr_from_sk(sk));
+
+ if(opt.expert
+ && cpr_get_answer_is_yes("sign_uid.dupe_okay",
+ _("Do you want to sign it "
+ "again anyway? (y/N) ")))
+ {
+ /* Don't delete the old sig here since this is
+ an --expert thing. */
+ xfree(user);
+ continue;
+ }
+
+ sprintf (buf, "%08lX%08lX",
+ (ulong)sk->keyid[0], (ulong)sk->keyid[1] );
+ write_status_text (STATUS_ALREADY_SIGNED, buf);
+ uidnode->flag &= ~NODFLG_MARK_A; /* remove mark */
+
+ xfree(user);
+ }
+ }
+ }
+
+ /* check whether any uids are left for signing */
+ if( !count_uids_with_flag(keyblock, NODFLG_MARK_A) )
+ {
+ tty_printf(_("Nothing to sign with key %s\n"),keystr_from_sk(sk));
+ continue;
+ }
+
+ /* Ask whether we really should sign these user id(s) */
+ tty_printf("\n");
+ show_key_with_all_names( keyblock, 1, 0, 1, 0, 0 );
+ tty_printf("\n");
+
+ if(primary_pk->expiredate && !selfsig)
+ {
+ u32 now=make_timestamp();
+
+ if(primary_pk->expiredate<=now)
+ {
+ tty_printf(_("This key has expired!"));
+
+ if(opt.expert)
+ {
+ tty_printf(" ");
+ if(!cpr_get_answer_is_yes("sign_uid.expired_okay",
+ _("Are you sure you still "
+ "want to sign it? (y/N) ")))
+ continue;
+ }
+ else
+ {
+ tty_printf(_(" Unable to sign.\n"));
+ continue;
+ }
+ }
+ else
+ {
+ tty_printf(_("This key is due to expire on %s.\n"),
+ expirestr_from_pk(primary_pk));
+
+ if(opt.ask_cert_expire)
+ {
+ char *answer=cpr_get("sign_uid.expire",
+ _("Do you want your signature to "
+ "expire at the same time? (Y/n) "));
+ if(answer_is_yes_no_default(answer,1))
+ {
+ /* This fixes the signature timestamp we're
+ going to make as now. This is so the
+ expiration date is exactly correct, and not
+ a few seconds off (due to the time it takes
+ to answer the questions, enter the
+ passphrase, etc). */
+ timestamp=now;
+ duration=primary_pk->expiredate-now;
+ force_v4=1;
+ }
+
+ cpr_kill_prompt();
+ xfree(answer);
+ }
+ }
+ }
+
+ /* Only ask for duration if we haven't already set it to match
+ the expiration of the pk */
+ if(!duration && !selfsig)
+ {
+ if(opt.ask_cert_expire)
+ duration=ask_expire_interval(1,opt.def_cert_expire);
+ else
+ duration=parse_expire_string(opt.def_cert_expire);
+ }
+
+ if(duration)
+ force_v4=1;
+
+ /* Is --pgp2 on, it's a v3 key, all the sigs on the key are
+ currently v3 and we're about to sign it with a v4 sig? If
+ so, danger! */
+ if(PGP2 && all_v3 &&
+ (sk->version>3 || force_v4) && primary_pk->version<=3)
+ {
+ tty_printf(_("You may not make an OpenPGP signature on a "
+ "PGP 2.x key while in --pgp2 mode.\n"));
+ tty_printf(_("This would make the key unusable in PGP 2.x.\n"));
+
+ if(opt.expert)
+ {
+ if(!cpr_get_answer_is_yes("sign_uid.v4_on_v3_okay",
+ _("Are you sure you still "
+ "want to sign it? (y/N) ")))
+ continue;
+
+ all_v3=0;
+ }
+ else
+ continue;
+ }
+
+ if(selfsig)
+ ;
+ else
+ {
+ if(opt.batch || !opt.ask_cert_level)
+ class=0x10+opt.def_cert_level;
+ else
+ {
+ char *answer;
+
+ tty_printf(_("How carefully have you verified the key you are "
+ "about to sign actually belongs\nto the person "
+ "named above? If you don't know what to "
+ "answer, enter \"0\".\n"));
+ tty_printf("\n");
+ tty_printf(_(" (0) I will not answer.%s\n"),
+ opt.def_cert_level==0?" (default)":"");
+ tty_printf(_(" (1) I have not checked at all.%s\n"),
+ opt.def_cert_level==1?" (default)":"");
+ tty_printf(_(" (2) I have done casual checking.%s\n"),
+ opt.def_cert_level==2?" (default)":"");
+ tty_printf(_(" (3) I have done very careful checking.%s\n"),
+ opt.def_cert_level==3?" (default)":"");
+ tty_printf("\n");
+
+ while(class==0)
+ {
+ answer = cpr_get("sign_uid.class",_("Your selection? "
+ "(enter `?' for more information): "));
+ if(answer[0]=='\0')
+ class=0x10+opt.def_cert_level; /* Default */
+ else if(ascii_strcasecmp(answer,"0")==0)
+ class=0x10; /* Generic */
+ else if(ascii_strcasecmp(answer,"1")==0)
+ class=0x11; /* Persona */
+ else if(ascii_strcasecmp(answer,"2")==0)
+ class=0x12; /* Casual */
+ else if(ascii_strcasecmp(answer,"3")==0)
+ class=0x13; /* Positive */
+ else
+ tty_printf(_("Invalid selection.\n"));
+
+ xfree(answer);
+ }
+ }
+
+ if(trust)
+ trustsig_prompt(&trust_value,&trust_depth,&trust_regexp);
+ }
+
+ p=get_user_id_native(sk_keyid);
+ tty_printf(_("Are you sure that you want to sign this key with your\n"
+ "key \"%s\" (%s)\n"),p,keystr_from_sk(sk));
+ xfree(p);
+
+ if(selfsig)
+ {
+ tty_printf("\n");
+ tty_printf(_("This will be a self-signature.\n"));
+
+ if( local )
+ {
+ tty_printf("\n");
+ tty_printf(
+ _("WARNING: the signature will not be marked "
+ "as non-exportable.\n"));
+ }
+
+ if( nonrevocable )
+ {
+ tty_printf("\n");
+ tty_printf(
+ _("WARNING: the signature will not be marked "
+ "as non-revocable.\n"));
+ }
+ }
+ else
+ {
+ if( local )
+ {
+ tty_printf("\n");
+ tty_printf(
+ _("The signature will be marked as non-exportable.\n"));
+ }
+
+ if( nonrevocable )
+ {
+ tty_printf("\n");
+ tty_printf(
+ _("The signature will be marked as non-revocable.\n"));
+ }
+
+ switch(class)
+ {
+ case 0x11:
+ tty_printf("\n");
+ tty_printf(_("I have not checked this key at all.\n"));
+ break;
+
+ case 0x12:
+ tty_printf("\n");
+ tty_printf(_("I have checked this key casually.\n"));
+ break;
+
+ case 0x13:
+ tty_printf("\n");
+ tty_printf(_("I have checked this key very carefully.\n"));
+ break;
+ }
+ }
+
+ tty_printf("\n");
+
+ if( opt.batch && opt.answer_yes )
+ ;
+ else if( !cpr_get_answer_is_yes("sign_uid.okay",
+ _("Really sign? (y/N) ")) )
+ continue;
+
+ /* now we can sign the user ids */
+ reloop: /* (must use this, because we are modifing the list) */
+ primary_pk = NULL;
+ for( node=keyblock; node; node = node->next ) {
+ if( node->pkt->pkttype == PKT_PUBLIC_KEY )
+ primary_pk = node->pkt->pkt.public_key;
+ else if( node->pkt->pkttype == PKT_USER_ID
+ && (node->flag & NODFLG_MARK_A) ) {
+ PACKET *pkt;
+ PKT_signature *sig;
+ struct sign_attrib attrib;
+
+ assert( primary_pk );
+ memset( &attrib, 0, sizeof attrib );
+ attrib.non_exportable = local;
+ attrib.non_revocable = nonrevocable;
+ attrib.trust_depth = trust_depth;
+ attrib.trust_value = trust_value;
+ attrib.trust_regexp = trust_regexp;
+ node->flag &= ~NODFLG_MARK_A;
+
+ /* we force creation of a v4 signature for local
+ * signatures, otherwise we would not generate the
+ * subpacket with v3 keys and the signature becomes
+ * exportable */
+
+ if(selfsig)
+ rc = make_keysig_packet( &sig, primary_pk,
+ node->pkt->pkt.user_id,
+ NULL,
+ sk,
+ 0x13, 0, force_v4?4:0, 0, 0,
+ keygen_add_std_prefs, primary_pk);
+ else
+ rc = make_keysig_packet( &sig, primary_pk,
+ node->pkt->pkt.user_id,
+ NULL,
+ sk,
+ class, 0, force_v4?4:0,
+ timestamp, duration,
+ sign_mk_attrib, &attrib );
+ if( rc ) {
+ log_error(_("signing failed: %s\n"), g10_errstr(rc));
+ goto leave;
+ }
+
+ *ret_modified = 1; /* we changed the keyblock */
+ update_trust = 1;
+
+ pkt = xmalloc_clear( sizeof *pkt );
+ pkt->pkttype = PKT_SIGNATURE;
+ pkt->pkt.signature = sig;
+ insert_kbnode( node, new_kbnode(pkt), PKT_SIGNATURE );
+ goto reloop;
+ }
+ }
+
+ /* Delete any sigs that got promoted */
+ for( node=keyblock; node; node = node->next )
+ if( node->flag & NODFLG_DELSIG)
+ delete_kbnode(node);
+ } /* end loop over signators */
+
+ leave:
+ release_sk_list( sk_list );
+ if( sk )
+ free_secret_key(sk);
+ return rc;
+}
+
+
+
+/****************
+ * Change the passphrase of the primary and all secondary keys.
+ * We use only one passphrase for all keys.
+ */
+static int
+change_passphrase (KBNODE keyblock, int *r_err)
+{
+ int rc = 0;
+ int changed=0;
+ KBNODE node;
+ PKT_secret_key *sk;
+ char *passphrase = NULL;
+ int no_primary_secrets = 0;
+ int any;
+
+ node = find_kbnode( keyblock, PKT_SECRET_KEY );
+ if( !node ) {
+ log_error("Oops; secret key not found anymore!\n");
+ goto leave;
+ }
+ sk = node->pkt->pkt.secret_key;
+
+ for (any = 0, node=keyblock; node; node = node->next) {
+ if (node->pkt->pkttype == PKT_SECRET_KEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY) {
+ PKT_secret_key *tmpsk = node->pkt->pkt.secret_key;
+ if (!(tmpsk->is_protected
+ && (tmpsk->protect.s2k.mode == 1001
+ || tmpsk->protect.s2k.mode == 1002))) {
+ any = 1;
+ break;
+ }
+ }
+ }
+ if (!any) {
+ tty_printf (_("Key has only stub or on-card key items - "
+ "no passphrase to change.\n"));
+ goto leave;
+ }
+
+ /* See how to handle this key. */
+ switch( is_secret_key_protected( sk ) ) {
+ case -1:
+ rc = G10ERR_PUBKEY_ALGO;
+ break;
+ case 0:
+ tty_printf(_("This key is not protected.\n"));
+ break;
+ default:
+ if( sk->protect.s2k.mode == 1001 ) {
+ tty_printf(_("Secret parts of primary key are not available.\n"));
+ no_primary_secrets = 1;
+ }
+ else if( sk->protect.s2k.mode == 1002 ) {
+ tty_printf(_("Secret parts of primary key are stored on-card.\n"));
+ no_primary_secrets = 1;
+ }
+ else {
+ u32 keyid[2];
+
+ tty_printf(_("Key is protected.\n"));
+
+ /* Clear the passphrase cache so that the user is required
+ to enter the old passphrase. */
+ keyid_from_sk (sk, keyid);
+ passphrase_clear_cache (keyid, NULL, 0);
+
+ rc = check_secret_key( sk, 0 );
+ if( !rc )
+ passphrase = get_last_passphrase();
+ }
+ break;
+ }
+
+ /* Unprotect all subkeys (use the supplied passphrase or ask)*/
+ for(node=keyblock; !rc && node; node = node->next ) {
+ if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ PKT_secret_key *subsk = node->pkt->pkt.secret_key;
+ if ( !(subsk->is_protected
+ && (subsk->protect.s2k.mode == 1001
+ || subsk->protect.s2k.mode == 1002))) {
+ set_next_passphrase( passphrase );
+ rc = check_secret_key( subsk, 0 );
+ if( !rc && !passphrase )
+ passphrase = get_last_passphrase();
+ }
+ }
+ }
+
+ if( rc )
+ tty_printf(_("Can't edit this key: %s\n"), g10_errstr(rc));
+ else {
+ DEK *dek = NULL;
+ STRING2KEY *s2k = xmalloc_secure( sizeof *s2k );
+ const char *errtext = NULL;
+
+ tty_printf(_("Enter the new passphrase for this secret key.\n\n") );
+
+ set_next_passphrase( NULL );
+ for(;;) {
+ int canceled;
+
+ s2k->mode = opt.s2k_mode;
+ s2k->hash_algo = S2K_DIGEST_ALGO;
+ dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo,
+ s2k, 2, errtext, &canceled);
+ if (!dek && canceled) {
+ rc = GPG_ERR_CANCELED;
+ break;
+ }
+ else if( !dek ) {
+ errtext = N_("passphrase not correctly repeated; try again");
+ tty_printf ("%s.\n", _(errtext));
+ }
+ else if( !dek->keylen ) {
+ rc = 0;
+ tty_printf(_( "You don't want a passphrase -"
+ " this is probably a *bad* idea!\n\n"));
+ if( cpr_get_answer_is_yes("change_passwd.empty.okay",
+ _("Do you really want to do this? (y/N) ")))
+ {
+ changed++;
+ break;
+ }
+ }
+ else { /* okay */
+ rc = 0;
+ if( !no_primary_secrets ) {
+ sk->protect.algo = dek->algo;
+ sk->protect.s2k = *s2k;
+ rc = protect_secret_key( sk, dek );
+ }
+ for(node=keyblock; !rc && node; node = node->next ) {
+ if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ PKT_secret_key *subsk = node->pkt->pkt.secret_key;
+ if ( !(subsk->is_protected
+ && (subsk->protect.s2k.mode == 1001
+ || subsk->protect.s2k.mode == 1002))) {
+ subsk->protect.algo = dek->algo;
+ subsk->protect.s2k = *s2k;
+ rc = protect_secret_key( subsk, dek );
+ }
+ }
+ }
+ if( rc )
+ log_error("protect_secret_key failed: %s\n",
+ g10_errstr(rc) );
+ else
+ {
+ u32 keyid[2];
+
+ /* Clear the cahce again so that the user is
+ required to enter the new passphrase at the
+ next operation. */
+ keyid_from_sk (sk, keyid);
+ passphrase_clear_cache (keyid, NULL, 0);
+
+ changed++;
+ }
+ break;
+ }
+ }
+ xfree(s2k);
+ xfree(dek);
+ }
+
+ leave:
+ xfree( passphrase );
+ set_next_passphrase( NULL );
+ if (r_err)
+ *r_err = rc;
+ return changed && !rc;
+}
+
+
+/****************
+ * There are some keys out (due to a bug in gnupg), where the sequence
+ * of the packets is wrong. This function fixes that.
+ * Returns: true if the keyblock has been fixed.
+ *
+ * Note: This function does not work if there is more than one user ID.
+ */
+static int
+fix_keyblock( KBNODE keyblock )
+{
+ KBNODE node, last, subkey;
+ int fixed=0;
+
+ /* locate key signatures of class 0x10..0x13 behind sub key packets */
+ for( subkey=last=NULL, node = keyblock; node;
+ last=node, node = node->next ) {
+ switch( node->pkt->pkttype ) {
+ case PKT_PUBLIC_SUBKEY:
+ case PKT_SECRET_SUBKEY:
+ if( !subkey )
+ subkey = last; /* actually it is the one before the subkey */
+ break;
+ case PKT_SIGNATURE:
+ if( subkey ) {
+ PKT_signature *sig = node->pkt->pkt.signature;
+ if( sig->sig_class >= 0x10 && sig->sig_class <= 0x13 ) {
+ log_info(_(
+ "moving a key signature to the correct place\n"));
+ last->next = node->next;
+ node->next = subkey->next;
+ subkey->next = node;
+ node = last;
+ fixed=1;
+ }
+ }
+ break;
+ default: break;
+ }
+ }
+
+ return fixed;
+}
+
+static int
+parse_sign_type(const char *str,int *localsig,int *nonrevokesig,int *trustsig)
+{
+ const char *p=str;
+
+ while(*p)
+ {
+ if(ascii_strncasecmp(p,"l",1)==0)
+ {
+ *localsig=1;
+ p++;
+ }
+ else if(ascii_strncasecmp(p,"nr",2)==0)
+ {
+ *nonrevokesig=1;
+ p+=2;
+ }
+ else if(ascii_strncasecmp(p,"t",1)==0)
+ {
+ *trustsig=1;
+ p++;
+ }
+ else
+ return 0;
+ }
+
+ return 1;
+}
+
+
+/****************
+ * Menu driven key editor. If seckey_check is true, then a secret key
+ * that matches username will be looked for. If it is false, not all
+ * commands will be available.
+ *
+ * Note: to keep track of some selection we use node->mark MARKBIT_xxxx.
+ */
+
+/* Need an SK for this command */
+#define KEYEDIT_NEED_SK 1
+/* Cannot be viewing the SK for this command */
+#define KEYEDIT_NOT_SK 2
+/* Must be viewing the SK for this command */
+#define KEYEDIT_ONLY_SK 4
+/* Match the tail of the string */
+#define KEYEDIT_TAIL_MATCH 8
+
+enum cmdids
+ {
+ cmdNONE = 0,
+ cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
+ cmdREVSIG, cmdREVKEY, cmdREVUID, cmdDELSIG, cmdPRIMARY, cmdDEBUG,
+ cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY,
+ cmdADDREVOKER, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF,
+ cmdEXPIRE, cmdBACKSIGN, cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF,
+ cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST,
+ cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdCLEAN,
+ cmdMINIMIZE, cmdNOP
+ };
+
+static struct
+{
+ const char *name;
+ enum cmdids id;
+ int flags;
+ const char *desc;
+} cmds[] =
+ {
+ { "quit" , cmdQUIT , 0, N_("quit this menu") },
+ { "q" , cmdQUIT , 0, NULL },
+ { "save" , cmdSAVE , 0, N_("save and quit") },
+ { "help" , cmdHELP , 0, N_("show this help") },
+ { "?" , cmdHELP , 0, NULL },
+ { "fpr" , cmdFPR , 0, N_("show key fingerprint") },
+ { "list" , cmdLIST , 0, N_("list key and user IDs") },
+ { "l" , cmdLIST , 0, NULL },
+ { "uid" , cmdSELUID , 0, N_("select user ID N") },
+ { "key" , cmdSELKEY , 0, N_("select subkey N") },
+ { "check" , cmdCHECK , 0, N_("check signatures") },
+ { "c" , cmdCHECK , 0, NULL },
+ { "cross-certify", cmdBACKSIGN , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
+ { "backsign", cmdBACKSIGN , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
+ { "sign" , cmdSIGN , KEYEDIT_NOT_SK|KEYEDIT_TAIL_MATCH,
+ N_("sign selected user IDs [* see below for related commands]") },
+ { "s" , cmdSIGN , KEYEDIT_NOT_SK, NULL },
+ /* "lsign" and friends will never match since "sign" comes first
+ and it is a tail match. They are just here so they show up in
+ the help menu. */
+ { "lsign" , cmdNOP , 0, N_("sign selected user IDs locally") },
+ { "tsign" , cmdNOP , 0,
+ N_("sign selected user IDs with a trust signature") },
+ { "nrsign" , cmdNOP , 0,
+ N_("sign selected user IDs with a non-revocable signature") },
+
+ { "debug" , cmdDEBUG , 0, NULL },
+ { "adduid" , cmdADDUID , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+ N_("add a user ID") },
+ { "addphoto", cmdADDPHOTO , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+ N_("add a photo ID") },
+ { "deluid" , cmdDELUID , KEYEDIT_NOT_SK,
+ N_("delete selected user IDs") },
+ /* delphoto is really deluid in disguise */
+ { "delphoto", cmdDELUID , KEYEDIT_NOT_SK, NULL },
+
+ { "addkey" , cmdADDKEY , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+ N_("add a subkey") },
+
+#ifdef ENABLE_CARD_SUPPORT
+ { "addcardkey", cmdADDCARDKEY , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+ N_("add a key to a smartcard") },
+ { "keytocard", cmdKEYTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK,
+ N_("move a key to a smartcard")},
+ { "bkuptocard", cmdBKUPTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK,
+ N_("move a backup key to a smartcard")},
+#endif /*ENABLE_CARD_SUPPORT*/
+
+ { "delkey" , cmdDELKEY , KEYEDIT_NOT_SK,
+ N_("delete selected subkeys") },
+ { "addrevoker",cmdADDREVOKER,KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+ N_("add a revocation key") },
+ { "delsig" , cmdDELSIG , KEYEDIT_NOT_SK,
+ N_("delete signatures from the selected user IDs") },
+ { "expire" , cmdEXPIRE , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+ N_("change the expiration date for the key or selected subkeys") },
+ { "primary" , cmdPRIMARY , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+ N_("flag the selected user ID as primary")},
+ { "toggle" , cmdTOGGLE , KEYEDIT_NEED_SK,
+ N_("toggle between the secret and public key listings") },
+ { "t" , cmdTOGGLE , KEYEDIT_NEED_SK, NULL },
+ { "pref" , cmdPREF , KEYEDIT_NOT_SK,
+ N_("list preferences (expert)")},
+ { "showpref", cmdSHOWPREF , KEYEDIT_NOT_SK,
+ N_("list preferences (verbose)") },
+ { "setpref" , cmdSETPREF , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+ N_("set preference list for the selected user IDs") },
+ /* Alias */
+ { "updpref" , cmdSETPREF , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
+
+ { "keyserver",cmdPREFKS , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+ N_("set the preferred keyserver URL for the selected user IDs")},
+ { "notation", cmdNOTATION , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+ N_("set a notation for the selected user IDs")},
+ { "passwd" , cmdPASSWD , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+ N_("change the passphrase") },
+ /* Alias */
+ { "password", cmdPASSWD , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
+
+ { "trust" , cmdTRUST , KEYEDIT_NOT_SK, N_("change the ownertrust") },
+ { "revsig" , cmdREVSIG , KEYEDIT_NOT_SK,
+ N_("revoke signatures on the selected user IDs") },
+ { "revuid" , cmdREVUID , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+ N_("revoke selected user IDs") },
+ /* Alias */
+ { "revphoto", cmdREVUID , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
+
+ { "revkey" , cmdREVKEY , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+ N_("revoke key or selected subkeys") },
+ { "enable" , cmdENABLEKEY , KEYEDIT_NOT_SK, N_("enable key") },
+ { "disable" , cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key") },
+ { "showphoto",cmdSHOWPHOTO , 0, N_("show selected photo IDs") },
+ { "clean", cmdCLEAN , KEYEDIT_NOT_SK,
+ N_("compact unusable user IDs and remove unusable signatures from key")},
+ { "minimize", cmdMINIMIZE , KEYEDIT_NOT_SK,
+ N_("compact unusable user IDs and remove all signatures from key") },
+ { NULL, cmdNONE, 0, NULL }
+ };
+
+#ifdef HAVE_LIBREADLINE
+
+/* These two functions are used by readline for command completion. */
+
+static char *
+command_generator(const char *text,int state)
+{
+ static int list_index,len;
+ const char *name;
+
+ /* If this is a new word to complete, initialize now. This includes
+ saving the length of TEXT for efficiency, and initializing the
+ index variable to 0. */
+ if(!state)
+ {
+ list_index=0;
+ len=strlen(text);
+ }
+
+ /* Return the next partial match */
+ while((name=cmds[list_index].name))
+ {
+ /* Only complete commands that have help text */
+ if(cmds[list_index++].desc && strncmp(name,text,len)==0)
+ return strdup(name);
+ }
+
+ return NULL;
+}
+
+static char **
+keyedit_completion(const char *text, int start, int end)
+{
+ /* If we are at the start of a line, we try and command-complete.
+ If not, just do nothing for now. */
+
+ (void)end;
+
+ if(start==0)
+ return rl_completion_matches(text,command_generator);
+
+ rl_attempted_completion_over=1;
+
+ return NULL;
+}
+#endif /* HAVE_LIBREADLINE */
+
+
+void
+keyedit_menu( const char *username, strlist_t locusr,
+ strlist_t commands, int quiet, int seckey_check )
+{
+ enum cmdids cmd = 0;
+ int rc = 0;
+ KBNODE keyblock = NULL;
+ KEYDB_HANDLE kdbhd = NULL;
+ KBNODE sec_keyblock = NULL;
+ KEYDB_HANDLE sec_kdbhd = NULL;
+ KBNODE cur_keyblock;
+ char *answer = NULL;
+ int redisplay = 1;
+ int modified = 0;
+ int sec_modified = 0;
+ int toggle;
+ int have_commands = !!commands;
+
+ if ( opt.command_fd != -1 )
+ ;
+ else if( opt.batch && !have_commands )
+ {
+ log_error(_("can't do this in batch mode\n"));
+ goto leave;
+ }
+
+#ifdef HAVE_W32_SYSTEM
+ /* Due to Windows peculiarities we need to make sure that the
+ trustdb stale check is done before we open another file
+ (i.e. by searching for a key). In theory we could make sure
+ that the files are closed after use but the open/close caches
+ inhibits that and flushing the cache right before the stale
+ check is not easy to implement. Thus we take the easy way out
+ and run the stale check as early as possible. Note, that for
+ non- W32 platforms it is run indirectly trough a call to
+ get_validity (). */
+ check_trustdb_stale ();
+#endif
+
+ /* Get the public key */
+ rc = get_pubkey_byname (NULL, NULL, username, &keyblock, &kdbhd, 1, 1);
+ if( rc )
+ goto leave;
+ if( fix_keyblock( keyblock ) )
+ modified++;
+ if( collapse_uids( &keyblock ) )
+ modified++;
+ reorder_keyblock(keyblock);
+ /* We modified the keyblock, so let's make sure the flags are
+ right. */
+ if (modified)
+ merge_keys_and_selfsig (keyblock);
+
+ if(seckey_check)
+ {/* see whether we have a matching secret key */
+ PKT_public_key *pk = keyblock->pkt->pkt.public_key;
+
+ sec_kdbhd = keydb_new (1);
+ {
+ byte afp[MAX_FINGERPRINT_LEN];
+ size_t an;
+
+ fingerprint_from_pk (pk, afp, &an);
+ while (an < MAX_FINGERPRINT_LEN)
+ afp[an++] = 0;
+ rc = keydb_search_fpr (sec_kdbhd, afp);
+ }
+ if (!rc)
+ {
+ rc = keydb_get_keyblock (sec_kdbhd, &sec_keyblock);
+ if (rc)
+ {
+ log_error (_("error reading secret keyblock \"%s\": %s\n"),
+ username, g10_errstr(rc));
+ }
+ else
+ {
+ merge_keys_and_selfsig( sec_keyblock );
+ if( fix_keyblock( sec_keyblock ) )
+ sec_modified++;
+ }
+ }
+
+ if (rc) {
+ sec_keyblock = NULL;
+ keydb_release (sec_kdbhd); sec_kdbhd = NULL;
+ rc = 0;
+ }
+
+ if( sec_keyblock && !quiet )
+ tty_printf(_("Secret key is available.\n"));
+ }
+
+ toggle = 0;
+ cur_keyblock = keyblock;
+ for(;;) { /* main loop */
+ int i, arg_number, photo;
+ const char *arg_string = "";
+ char *p;
+ PKT_public_key *pk=keyblock->pkt->pkt.public_key;
+
+ tty_printf("\n");
+
+ if( redisplay && !quiet )
+ {
+ show_key_with_all_names( cur_keyblock, 0, 1, 0, 1, 0 );
+ tty_printf("\n");
+ redisplay = 0;
+ }
+ do {
+ xfree(answer);
+ if( have_commands ) {
+ if( commands ) {
+ answer = xstrdup( commands->d );
+ commands = commands->next;
+ }
+ else if( opt.batch ) {
+ answer = xstrdup("quit");
+ }
+ else
+ have_commands = 0;
+ }
+ if( !have_commands )
+ {
+#ifdef HAVE_LIBREADLINE
+ tty_enable_completion(keyedit_completion);
+#endif
+ answer = cpr_get_no_help("keyedit.prompt", "gpg> ");
+ cpr_kill_prompt();
+ tty_disable_completion();
+ }
+ trim_spaces(answer);
+ } while( *answer == '#' );
+
+ arg_number = 0; /* Yes, here is the init which egcc complains about */
+ photo = 0; /* This too */
+ if( !*answer )
+ cmd = cmdLIST;
+ else if( *answer == CONTROL_D )
+ cmd = cmdQUIT;
+ else if( digitp(answer ) ) {
+ cmd = cmdSELUID;
+ arg_number = atoi(answer);
+ }
+ else {
+ if( (p=strchr(answer,' ')) ) {
+ *p++ = 0;
+ trim_spaces(answer);
+ trim_spaces(p);
+ arg_number = atoi(p);
+ arg_string = p;
+ }
+
+ for(i=0; cmds[i].name; i++ )
+ {
+ if(cmds[i].flags & KEYEDIT_TAIL_MATCH)
+ {
+ size_t l=strlen(cmds[i].name);
+ size_t a=strlen(answer);
+ if(a>=l)
+ {
+ if(ascii_strcasecmp(&answer[a-l],cmds[i].name)==0)
+ {
+ answer[a-l]='\0';
+ break;
+ }
+ }
+ }
+ else if( !ascii_strcasecmp( answer, cmds[i].name ) )
+ break;
+ }
+ if((cmds[i].flags & KEYEDIT_NEED_SK) && !sec_keyblock )
+ {
+ tty_printf(_("Need the secret key to do this.\n"));
+ cmd = cmdNOP;
+ }
+ else if(((cmds[i].flags & KEYEDIT_NOT_SK) && sec_keyblock
+ && toggle)
+ ||((cmds[i].flags & KEYEDIT_ONLY_SK) && sec_keyblock
+ && !toggle))
+ {
+ tty_printf(_("Please use the command \"toggle\" first.\n"));
+ cmd = cmdNOP;
+ }
+ else
+ cmd = cmds[i].id;
+ }
+ switch( cmd )
+ {
+ case cmdHELP:
+ for(i=0; cmds[i].name; i++ )
+ {
+ if((cmds[i].flags & KEYEDIT_NEED_SK) && !sec_keyblock )
+ ; /* skip if we do not have the secret key */
+ else if( cmds[i].desc )
+ tty_printf("%-11s %s\n", cmds[i].name, _(cmds[i].desc) );
+ }
+
+ tty_printf("\n");
+ tty_printf(_(
+"* The `sign' command may be prefixed with an `l' for local "
+"signatures (lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"));
+
+ break;
+
+ case cmdLIST:
+ redisplay = 1;
+ break;
+
+ case cmdFPR:
+ show_key_and_fingerprint( keyblock );
+ break;
+
+ case cmdSELUID:
+ if(strlen(arg_string)==NAMEHASH_LEN*2)
+ redisplay=menu_select_uid_namehash(cur_keyblock,arg_string);
+ else
+ {
+ if (*arg_string == '*'
+ && (!arg_string[1] || spacep (arg_string+1)))
+ arg_number = -1; /* Select all. */
+ redisplay = menu_select_uid (cur_keyblock, arg_number);
+ }
+ break;
+
+ case cmdSELKEY:
+ {
+ if (*arg_string == '*'
+ && (!arg_string[1] || spacep (arg_string+1)))
+ arg_number = -1; /* Select all. */
+ if (menu_select_key( cur_keyblock, arg_number))
+ redisplay = 1;
+ }
+ break;
+
+ case cmdCHECK:
+ /* we can only do this with the public key becuase the
+ * check functions can't cope with secret keys and it
+ * is questionable whether this would make sense at all */
+ check_all_keysigs( keyblock, count_selected_uids(keyblock) );
+ break;
+
+ case cmdSIGN: /* sign (only the public key) */
+ {
+ int localsig=0,nonrevokesig=0,trustsig=0,interactive=0;
+
+ if( pk->is_revoked )
+ {
+ tty_printf(_("Key is revoked."));
+
+ if(opt.expert)
+ {
+ tty_printf(" ");
+ if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
+ _("Are you sure you still want"
+ " to sign it? (y/N) ")))
+ break;
+ }
+ else
+ {
+ tty_printf(_(" Unable to sign.\n"));
+ break;
+ }
+ }
+
+ if(count_uids(keyblock) > 1 && !count_selected_uids(keyblock)
+ && !cpr_get_answer_is_yes("keyedit.sign_all.okay",
+ _("Really sign all user IDs?"
+ " (y/N) ")))
+ {
+ if(opt.interactive)
+ interactive=1;
+ else
+ {
+ tty_printf(_("Hint: Select the user IDs to sign\n"));
+ have_commands = 0;
+ break;
+ }
+
+ }
+ /* What sort of signing are we doing? */
+ if(!parse_sign_type(answer,&localsig,&nonrevokesig,&trustsig))
+ {
+ tty_printf(_("Unknown signature type `%s'\n"),answer);
+ break;
+ }
+
+ sign_uids(keyblock, locusr, &modified,
+ localsig, nonrevokesig, trustsig, interactive);
+ }
+ break;
+
+ case cmdDEBUG:
+ dump_kbnode( cur_keyblock );
+ break;
+
+ case cmdTOGGLE:
+ toggle = !toggle;
+ cur_keyblock = toggle? sec_keyblock : keyblock;
+ redisplay = 1;
+ break;
+
+ case cmdADDPHOTO:
+ if (RFC2440 || RFC1991 || PGP2)
+ {
+ tty_printf(
+ _("This command is not allowed while in %s mode.\n"),
+ compliance_option_string());
+ break;
+ }
+ photo=1;
+ /* fall through */
+
+ case cmdADDUID:
+ if( menu_adduid( keyblock, sec_keyblock, photo, arg_string ) )
+ {
+ update_trust = 1;
+ redisplay = 1;
+ sec_modified = modified = 1;
+ merge_keys_and_selfsig( sec_keyblock );
+ merge_keys_and_selfsig( keyblock );
+ }
+ break;
+
+ case cmdDELUID: {
+ int n1;
+
+ if( !(n1=count_selected_uids(keyblock)) )
+ tty_printf(_("You must select at least one user ID.\n"));
+ else if( real_uids_left(keyblock) < 1 )
+ tty_printf(_("You can't delete the last user ID!\n"));
+ else if( cpr_get_answer_is_yes("keyedit.remove.uid.okay",
+ n1 > 1? _("Really remove all selected user IDs? (y/N) ")
+ : _("Really remove this user ID? (y/N) ")
+ ) ) {
+ menu_deluid( keyblock, sec_keyblock );
+ redisplay = 1;
+ modified = 1;
+ if( sec_keyblock )
+ sec_modified = 1;
+ }
+ }
+ break;
+
+ case cmdDELSIG: {
+ int n1;
+
+ if( !(n1=count_selected_uids(keyblock)) )
+ tty_printf(_("You must select at least one user ID.\n"));
+ else if( menu_delsig( keyblock ) ) {
+ /* no redisplay here, because it may scroll away some
+ * status output of delsig */
+ modified = 1;
+ }
+ }
+ break;
+
+ case cmdADDKEY:
+ if( generate_subkeypair( keyblock, sec_keyblock ) ) {
+ redisplay = 1;
+ sec_modified = modified = 1;
+ merge_keys_and_selfsig( sec_keyblock );
+ merge_keys_and_selfsig( keyblock );
+ }
+ break;
+
+#ifdef ENABLE_CARD_SUPPORT
+ case cmdADDCARDKEY:
+ if (card_generate_subkey (keyblock, sec_keyblock)) {
+ redisplay = 1;
+ sec_modified = modified = 1;
+ merge_keys_and_selfsig( sec_keyblock );
+ merge_keys_and_selfsig( keyblock );
+ }
+ break;
+
+ case cmdKEYTOCARD:
+ {
+ KBNODE node=NULL;
+ switch ( count_selected_keys (sec_keyblock) )
+ {
+ case 0:
+ if (cpr_get_answer_is_yes
+ ("keyedit.keytocard.use_primary",
+ /* TRANSLATORS: Please take care: This is about
+ moving the key and not about removing it. */
+ _("Really move the primary key? (y/N) ")))
+ node = sec_keyblock;
+ break;
+ case 1:
+ for (node = sec_keyblock; node; node = node->next )
+ {
+ if (node->pkt->pkttype == PKT_SECRET_SUBKEY
+ && node->flag & NODFLG_SELKEY)
+ break;
+ }
+ break;
+ default:
+ tty_printf(_("You must select exactly one key.\n"));
+ break;
+ }
+ if (node)
+ {
+ PKT_public_key *xxpk = find_pk_from_sknode (keyblock, node);
+ if (card_store_subkey (node, xxpk?xxpk->pubkey_usage:0))
+ {
+ redisplay = 1;
+ sec_modified = 1;
+ }
+ }
+ }
+ break;
+
+ case cmdBKUPTOCARD:
+ {
+ /* Ask for a filename, check whether this is really a
+ backup key as generated by the card generation, parse
+ that key and store it on card. */
+ KBNODE node;
+ const char *fname;
+ PACKET *pkt;
+ IOBUF a;
+
+ fname = arg_string;
+ if (!*fname)
+ {
+ tty_printf (_("Command expects a filename argument\n"));
+ break;
+ }
+
+ /* Open that file. */
+ a = iobuf_open (fname);
+ if (a && is_secured_file (iobuf_get_fd (a)))
+ {
+ iobuf_close (a);
+ a = NULL;
+ errno = EPERM;
+ }
+ if (!a)
+ {
+ tty_printf (_("Can't open `%s': %s\n"),
+ fname, strerror(errno));
+ break;
+ }
+
+ /* Parse and check that file. */
+ pkt = xmalloc (sizeof *pkt);
+ init_packet (pkt);
+ rc = parse_packet (a, pkt);
+ iobuf_close (a);
+ iobuf_ioctl (NULL, 2, 0, (char*)fname); /* (invalidate cache). */
+ if (!rc
+ && pkt->pkttype != PKT_SECRET_KEY
+ && pkt->pkttype != PKT_SECRET_SUBKEY)
+ rc = G10ERR_NO_SECKEY;
+ if (rc)
+ {
+ tty_printf(_("Error reading backup key from `%s': %s\n"),
+ fname, g10_errstr (rc));
+ free_packet (pkt);
+ xfree (pkt);
+ break;
+ }
+ node = new_kbnode (pkt);
+
+ /* Store it. */
+ if (card_store_subkey (node, 0))
+ {
+ redisplay = 1;
+ sec_modified = 1;
+ }
+ release_kbnode (node);
+ }
+ break;
+
+#endif /* ENABLE_CARD_SUPPORT */
+
+ case cmdDELKEY: {
+ int n1;
+
+ if( !(n1=count_selected_keys( keyblock )) )
+ tty_printf(_("You must select at least one key.\n"));
+ else if( !cpr_get_answer_is_yes( "keyedit.remove.subkey.okay",
+ n1 > 1?
+ _("Do you really want to delete the selected keys? (y/N) "):
+ _("Do you really want to delete this key? (y/N) ")
+ ))
+ ;
+ else {
+ menu_delkey( keyblock, sec_keyblock );
+ redisplay = 1;
+ modified = 1;
+ if( sec_keyblock )
+ sec_modified = 1;
+ }
+ }
+ break;
+
+ case cmdADDREVOKER:
+ {
+ int sensitive=0;
+
+ if(ascii_strcasecmp(arg_string,"sensitive")==0)
+ sensitive=1;
+ if( menu_addrevoker( keyblock, sec_keyblock, sensitive ) ) {
+ redisplay = 1;
+ sec_modified = modified = 1;
+ merge_keys_and_selfsig( sec_keyblock );
+ merge_keys_and_selfsig( keyblock );
+ }
+ }
+ break;
+
+ case cmdREVUID: {
+ int n1;
+
+ if( !(n1=count_selected_uids(keyblock)) )
+ tty_printf(_("You must select at least one user ID.\n"));
+ else if( cpr_get_answer_is_yes(
+ "keyedit.revoke.uid.okay",
+ n1 > 1? _("Really revoke all selected user IDs? (y/N) ")
+ : _("Really revoke this user ID? (y/N) ")
+ ) ) {
+ if(menu_revuid(keyblock,sec_keyblock))
+ {
+ modified=1;
+ redisplay=1;
+ }
+ }
+ }
+ break;
+
+ case cmdREVKEY:
+ {
+ int n1;
+
+ if( !(n1=count_selected_keys( keyblock )) )
+ {
+ if(cpr_get_answer_is_yes("keyedit.revoke.subkey.okay",
+ _("Do you really want to revoke"
+ " the entire key? (y/N) ")))
+ {
+ if(menu_revkey(keyblock,sec_keyblock))
+ modified=1;
+
+ redisplay=1;
+ }
+ }
+ else if(cpr_get_answer_is_yes("keyedit.revoke.subkey.okay",
+ n1 > 1?
+ _("Do you really want to revoke"
+ " the selected subkeys? (y/N) "):
+ _("Do you really want to revoke"
+ " this subkey? (y/N) ")))
+ {
+ if( menu_revsubkey( keyblock, sec_keyblock ) )
+ modified = 1;
+
+ redisplay = 1;
+ }
+
+ if(modified)
+ merge_keys_and_selfsig( keyblock );
+ }
+ break;
+
+ case cmdEXPIRE:
+ if( menu_expire( keyblock, sec_keyblock ) )
+ {
+ merge_keys_and_selfsig( sec_keyblock );
+ merge_keys_and_selfsig( keyblock );
+ sec_modified = 1;
+ modified = 1;
+ redisplay = 1;
+ }
+ break;
+
+ case cmdBACKSIGN:
+ if(menu_backsign(keyblock,sec_keyblock))
+ {
+ sec_modified = 1;
+ modified = 1;
+ redisplay = 1;
+ }
+ break;
+
+ case cmdPRIMARY:
+ if( menu_set_primary_uid ( keyblock, sec_keyblock ) ) {
+ merge_keys_and_selfsig( keyblock );
+ modified = 1;
+ redisplay = 1;
+ }
+ break;
+
+ case cmdPASSWD:
+ if (change_passphrase (sec_keyblock, NULL))
+ sec_modified = 1;
+ break;
+
+ case cmdTRUST:
+ if(opt.trust_model==TM_EXTERNAL)
+ {
+ tty_printf (_("Owner trust may not be set while "
+ "using a user provided trust database\n"));
+ break;
+ }
+
+ show_key_with_all_names( keyblock, 0, 0, 0, 1, 0 );
+ tty_printf("\n");
+ if( edit_ownertrust( find_kbnode( keyblock,
+ PKT_PUBLIC_KEY )->pkt->pkt.public_key, 1 ) ) {
+ redisplay = 1;
+ /* No real need to set update_trust here as
+ edit_ownertrust() calls revalidation_mark()
+ anyway. */
+ update_trust=1;
+ }
+ break;
+
+ case cmdPREF:
+ {
+ int count=count_selected_uids(keyblock);
+ assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
+ show_names(keyblock,keyblock->pkt->pkt.public_key,
+ count?NODFLG_SELUID:0,1);
+ }
+ break;
+
+ case cmdSHOWPREF:
+ {
+ int count=count_selected_uids(keyblock);
+ assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
+ show_names(keyblock,keyblock->pkt->pkt.public_key,
+ count?NODFLG_SELUID:0,2);
+ }
+ break;
+
+ case cmdSETPREF:
+ {
+ PKT_user_id *tempuid;
+
+ keygen_set_std_prefs(!*arg_string?"default" : arg_string, 0);
+
+ tempuid=keygen_get_std_prefs();
+ tty_printf(_("Set preference list to:\n"));
+ show_prefs(tempuid,NULL,1);
+ free_user_id(tempuid);
+
+ if(cpr_get_answer_is_yes("keyedit.setpref.okay",
+ count_selected_uids (keyblock)?
+ _("Really update the preferences"
+ " for the selected user IDs? (y/N) "):
+ _("Really update the preferences? (y/N) ")))
+ {
+ if ( menu_set_preferences (keyblock, sec_keyblock) )
+ {
+ merge_keys_and_selfsig (keyblock);
+ modified = 1;
+ redisplay = 1;
+ }
+ }
+ }
+ break;
+
+ case cmdPREFKS:
+ if( menu_set_keyserver_url ( *arg_string?arg_string:NULL,
+ keyblock, sec_keyblock ) )
+ {
+ merge_keys_and_selfsig( keyblock );
+ modified = 1;
+ redisplay = 1;
+ }
+ break;
+
+ case cmdNOTATION:
+ if( menu_set_notation ( *arg_string?arg_string:NULL,
+ keyblock, sec_keyblock ) )
+ {
+ merge_keys_and_selfsig( keyblock );
+ modified = 1;
+ redisplay = 1;
+ }
+ break;
+
+ case cmdNOP:
+ break;
+
+ case cmdREVSIG:
+ if( menu_revsig( keyblock ) ) {
+ redisplay = 1;
+ modified = 1;
+ }
+ break;
+
+ case cmdENABLEKEY:
+ case cmdDISABLEKEY:
+ if( enable_disable_key( keyblock, cmd == cmdDISABLEKEY ) ) {
+ redisplay = 1;
+ modified = 1;
+ }
+ break;
+
+ case cmdSHOWPHOTO:
+ menu_showphoto(keyblock);
+ break;
+
+ case cmdCLEAN:
+ if(menu_clean(keyblock,0))
+ redisplay=modified=1;
+ break;
+
+ case cmdMINIMIZE:
+ if(menu_clean(keyblock,1))
+ redisplay=modified=1;
+ break;
+
+ case cmdQUIT:
+ if( have_commands )
+ goto leave;
+ if( !modified && !sec_modified )
+ goto leave;
+ if( !cpr_get_answer_is_yes("keyedit.save.okay",
+ _("Save changes? (y/N) ")) ) {
+ if( cpr_enabled()
+ || cpr_get_answer_is_yes("keyedit.cancel.okay",
+ _("Quit without saving? (y/N) ")))
+ goto leave;
+ break;
+ }
+ /* fall thru */
+ case cmdSAVE:
+ if( modified || sec_modified ) {
+ if( modified ) {
+ rc = keydb_update_keyblock (kdbhd, keyblock);
+ if( rc ) {
+ log_error(_("update failed: %s\n"), g10_errstr(rc) );
+ break;
+ }
+ }
+ if( sec_modified ) {
+ rc = keydb_update_keyblock (sec_kdbhd, sec_keyblock );
+ if( rc ) {
+ log_error( _("update secret failed: %s\n"),
+ g10_errstr(rc) );
+ break;
+ }
+ }
+ }
+ else
+ tty_printf(_("Key not changed so no update needed.\n"));
+
+ if( update_trust )
+ {
+ revalidation_mark ();
+ update_trust=0;
+ }
+ goto leave;
+
+ case cmdINVCMD:
+ default:
+ tty_printf("\n");
+ tty_printf(_("Invalid command (try \"help\")\n"));
+ break;
+ }
+ } /* end main loop */
+
+ leave:
+ release_kbnode( keyblock );
+ release_kbnode( sec_keyblock );
+ keydb_release (kdbhd);
+ xfree(answer);
+}
+
+
+/* Change the passphrase of the secret key identified by USERNAME. */
+void
+keyedit_passwd (const char *username)
+{
+ gpg_error_t err;
+ PKT_public_key *pk;
+ unsigned char fpr[MAX_FINGERPRINT_LEN];
+ size_t fprlen;
+ KEYDB_HANDLE kdh = NULL;
+ KBNODE keyblock = NULL;
+
+ pk = xtrycalloc (1, sizeof *pk);
+ if (!pk)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ err = get_pubkey_byname (NULL, pk, username, NULL, NULL, 1, 1);
+ if (err)
+ goto leave;
+ fingerprint_from_pk (pk, fpr, &fprlen);
+ while (fprlen < MAX_FINGERPRINT_LEN)
+ fpr[fprlen++] = 0;
+
+ kdh = keydb_new (1);
+ if (!kdh)
+ {
+ err = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+ err = keydb_search_fpr (kdh, fpr);
+ if (err == -1 || gpg_err_code (err) == GPG_ERR_EOF)
+ err = gpg_error (GPG_ERR_NO_SECKEY);
+ if (err)
+ goto leave;
+
+ err = keydb_get_keyblock (kdh, &keyblock);
+ if (err)
+ goto leave;
+
+ if (!change_passphrase (keyblock, &err))
+ goto leave;
+
+ err = keydb_update_keyblock (kdh, keyblock);
+ if (err)
+ log_error( _("update secret failed: %s\n"), gpg_strerror (err));
+
+ leave:
+ release_kbnode (keyblock);
+ if (pk)
+ free_public_key (pk);
+ keydb_release (kdh);
+ if (err)
+ {
+ log_info ("error changing the passphrase for `%s': %s\n",
+ username, gpg_strerror (err));
+ write_status_error ("keyedit.passwd", gpg_err_code (err));
+ }
+ else
+ write_status_text (STATUS_SUCCESS, "keyedit.passwd");
+}
+
+
+static void
+tty_print_notations(int indent,PKT_signature *sig)
+{
+ int first=1;
+ struct notation *notation,*nd;
+
+ if(indent<0)
+ {
+ first=0;
+ indent=-indent;
+ }
+
+ notation=sig_to_notation(sig);
+
+ for(nd=notation;nd;nd=nd->next)
+ {
+ if(!first)
+ tty_printf("%*s",indent,"");
+ else
+ first=0;
+
+ tty_print_utf8_string(nd->name,strlen(nd->name));
+ tty_printf("=");
+ tty_print_utf8_string(nd->value,strlen(nd->value));
+ tty_printf("\n");
+ }
+
+ free_notation(notation);
+}
+
+/****************
+ * show preferences of a public keyblock.
+ */
+static void
+show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
+{
+ const prefitem_t fake={0,0};
+ const prefitem_t *prefs;
+ int i;
+
+ if( !uid )
+ return;
+
+ if( uid->prefs )
+ prefs=uid->prefs;
+ else if(verbose)
+ prefs=&fake;
+ else
+ return;
+
+ if (verbose) {
+ int any, des_seen=0, sha1_seen=0, uncomp_seen=0;
+
+ tty_printf (" ");
+ tty_printf (_("Cipher: "));
+ for(i=any=0; prefs[i].type; i++ ) {
+ if( prefs[i].type == PREFTYPE_SYM ) {
+ if (any)
+ tty_printf (", ");
+ any = 1;
+ /* We don't want to display strings for experimental algos */
+ if (!openpgp_cipher_test_algo (prefs[i].value)
+ && prefs[i].value < 100 )
+ tty_printf ("%s",
+ openpgp_cipher_algo_name (prefs[i].value));
+ else
+ tty_printf ("[%d]", prefs[i].value);
+ if (prefs[i].value == CIPHER_ALGO_3DES )
+ des_seen = 1;
+ }
+ }
+ if (!des_seen) {
+ if (any)
+ tty_printf (", ");
+ tty_printf ("%s", openpgp_cipher_algo_name (CIPHER_ALGO_3DES));
+ }
+ tty_printf ("\n ");
+ tty_printf (_("Digest: "));
+ for(i=any=0; prefs[i].type; i++ ) {
+ if( prefs[i].type == PREFTYPE_HASH ) {
+ if (any)
+ tty_printf (", ");
+ any = 1;
+ /* We don't want to display strings for experimental algos */
+ if (!gcry_md_test_algo (prefs[i].value)
+ && prefs[i].value < 100 )
+ tty_printf ("%s", gcry_md_algo_name (prefs[i].value) );
+ else
+ tty_printf ("[%d]", prefs[i].value);
+ if (prefs[i].value == DIGEST_ALGO_SHA1 )
+ sha1_seen = 1;
+ }
+ }
+ if (!sha1_seen) {
+ if (any)
+ tty_printf (", ");
+ tty_printf ("%s", gcry_md_algo_name (DIGEST_ALGO_SHA1));
+ }
+ tty_printf ("\n ");
+ tty_printf (_("Compression: "));
+ for(i=any=0; prefs[i].type; i++ ) {
+ if( prefs[i].type == PREFTYPE_ZIP ) {
+ const char *s=compress_algo_to_string(prefs[i].value);
+
+ if (any)
+ tty_printf (", ");
+ any = 1;
+ /* We don't want to display strings for experimental algos */
+ if (s && prefs[i].value < 100 )
+ tty_printf ("%s", s );
+ else
+ tty_printf ("[%d]", prefs[i].value);
+ if (prefs[i].value == COMPRESS_ALGO_NONE )
+ uncomp_seen = 1;
+ }
+ }
+ if (!uncomp_seen) {
+ if (any)
+ tty_printf (", ");
+ else {
+ tty_printf ("%s",compress_algo_to_string(COMPRESS_ALGO_ZIP));
+ tty_printf (", ");
+ }
+ tty_printf ("%s",compress_algo_to_string(COMPRESS_ALGO_NONE));
+ }
+ if(uid->flags.mdc || !uid->flags.ks_modify)
+ {
+ tty_printf ("\n ");
+ tty_printf (_("Features: "));
+ any=0;
+ if(uid->flags.mdc)
+ {
+ tty_printf ("MDC");
+ any=1;
+ }
+ if(!uid->flags.ks_modify)
+ {
+ if(any)
+ tty_printf (", ");
+ tty_printf (_("Keyserver no-modify"));
+ }
+ }
+ tty_printf("\n");
+
+ if(selfsig)
+ {
+ const byte *pref_ks;
+ size_t pref_ks_len;
+
+ pref_ks=parse_sig_subpkt(selfsig->hashed,
+ SIGSUBPKT_PREF_KS,&pref_ks_len);
+ if(pref_ks && pref_ks_len)
+ {
+ tty_printf (" ");
+ tty_printf(_("Preferred keyserver: "));
+ tty_print_utf8_string(pref_ks,pref_ks_len);
+ tty_printf("\n");
+ }
+
+ if(selfsig->flags.notation)
+ {
+ tty_printf (" ");
+ tty_printf(_("Notations: "));
+ tty_print_notations(5+strlen(_("Notations: ")),selfsig);
+ }
+ }
+ }
+ else {
+ tty_printf(" ");
+ for(i=0; prefs[i].type; i++ ) {
+ tty_printf( " %c%d", prefs[i].type == PREFTYPE_SYM ? 'S' :
+ prefs[i].type == PREFTYPE_HASH ? 'H' :
+ prefs[i].type == PREFTYPE_ZIP ? 'Z':'?',
+ prefs[i].value);
+ }
+ if (uid->flags.mdc)
+ tty_printf (" [mdc]");
+ if (!uid->flags.ks_modify)
+ tty_printf (" [no-ks-modify]");
+ tty_printf("\n");
+ }
+}
+
+/* This is the version of show_key_with_all_names used when
+ opt.with_colons is used. It prints all available data in a easy to
+ parse format and does not translate utf8 */
+static void
+show_key_with_all_names_colon (KBNODE keyblock)
+{
+ KBNODE node;
+ int i, j, ulti_hack=0;
+ byte pk_version=0;
+ PKT_public_key *primary=NULL;
+
+ /* the keys */
+ for ( node = keyblock; node; node = node->next )
+ {
+ if (node->pkt->pkttype == PKT_PUBLIC_KEY
+ || (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) )
+ {
+ PKT_public_key *pk = node->pkt->pkt.public_key;
+ u32 keyid[2];
+
+ if (node->pkt->pkttype == PKT_PUBLIC_KEY)
+ {
+ pk_version = pk->version;
+ primary=pk;
+ }
+
+ keyid_from_pk (pk, keyid);
+
+ fputs (node->pkt->pkttype == PKT_PUBLIC_KEY?"pub:":"sub:", stdout);
+ if (!pk->is_valid)
+ putchar ('i');
+ else if (pk->is_revoked)
+ putchar ('r');
+ else if (pk->has_expired)
+ putchar ('e');
+ else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks ))
+ {
+ int trust = get_validity_info (pk, NULL);
+ if(trust=='u')
+ ulti_hack=1;
+ putchar (trust);
+ }
+
+ printf (":%u:%d:%08lX%08lX:%lu:%lu::",
+ nbits_from_pk (pk),
+ pk->pubkey_algo,
+ (ulong)keyid[0], (ulong)keyid[1],
+ (ulong)pk->timestamp,
+ (ulong)pk->expiredate );
+ if (node->pkt->pkttype==PKT_PUBLIC_KEY
+ && !(opt.fast_list_mode || opt.no_expensive_trust_checks ))
+ putchar(get_ownertrust_info (pk));
+ putchar(':');
+ putchar (':');
+ putchar (':');
+ /* Print capabilities. */
+ if ( (pk->pubkey_usage & PUBKEY_USAGE_ENC) )
+ putchar ('e');
+ if ( (pk->pubkey_usage & PUBKEY_USAGE_SIG) )
+ putchar ('s');
+ if ( (pk->pubkey_usage & PUBKEY_USAGE_CERT) )
+ putchar ('c');
+ if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) )
+ putchar ('a');
+ putchar('\n');
+
+ print_fingerprint (pk, NULL, 0);
+ print_revokers(pk);
+ }
+ }
+
+ /* the user ids */
+ i = 0;
+ for (node = keyblock; node; node = node->next)
+ {
+ if ( node->pkt->pkttype == PKT_USER_ID )
+ {
+ PKT_user_id *uid = node->pkt->pkt.user_id;
+
+ ++i;
+
+ if(uid->attrib_data)
+ printf("uat:");
+ else
+ printf("uid:");
+
+ if ( uid->is_revoked )
+ printf("r::::::::");
+ else if ( uid->is_expired )
+ printf("e::::::::");
+ else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
+ printf("::::::::");
+ else
+ {
+ int uid_validity;
+
+ if( primary && !ulti_hack )
+ uid_validity = get_validity_info( primary, uid );
+ else
+ uid_validity = 'u';
+ printf("%c::::::::",uid_validity);
+ }
+
+ if(uid->attrib_data)
+ printf ("%u %lu",uid->numattribs,uid->attrib_len);
+ else
+ print_string (stdout, uid->name, uid->len, ':');
+
+ putchar (':');
+ /* signature class */
+ putchar (':');
+ /* capabilities */
+ putchar (':');
+ /* preferences */
+ if (pk_version>3 || uid->selfsigversion>3)
+ {
+ const prefitem_t *prefs = uid->prefs;
+
+ for (j=0; prefs && prefs[j].type; j++)
+ {
+ if (j)
+ putchar (' ');
+ printf ("%c%d", prefs[j].type == PREFTYPE_SYM ? 'S' :
+ prefs[j].type == PREFTYPE_HASH ? 'H' :
+ prefs[j].type == PREFTYPE_ZIP ? 'Z':'?',
+ prefs[j].value);
+ }
+ if (uid->flags.mdc)
+ printf (",mdc");
+ if (!uid->flags.ks_modify)
+ printf (",no-ks-modify");
+ }
+ putchar (':');
+ /* flags */
+ printf ("%d,", i);
+ if (uid->is_primary)
+ putchar ('p');
+ if (uid->is_revoked)
+ putchar ('r');
+ if (uid->is_expired)
+ putchar ('e');
+ if ((node->flag & NODFLG_SELUID))
+ putchar ('s');
+ if ((node->flag & NODFLG_MARK_A))
+ putchar ('m');
+ putchar (':');
+ putchar('\n');
+ }
+ }
+}
+
+static void
+show_names(KBNODE keyblock,PKT_public_key *pk,unsigned int flag,int with_prefs)
+{
+ KBNODE node;
+ int i=0;
+
+ for( node = keyblock; node; node = node->next )
+ {
+ if( node->pkt->pkttype == PKT_USER_ID
+ && !is_deleted_kbnode(node))
+ {
+ PKT_user_id *uid = node->pkt->pkt.user_id;
+ ++i;
+ if(!flag || (flag && (node->flag & flag)))
+ {
+ if(!(flag&NODFLG_MARK_A) && pk)
+ tty_printf("%s ",uid_trust_string_fixed(pk,uid));
+
+ if( flag & NODFLG_MARK_A )
+ tty_printf(" ");
+ else if( node->flag & NODFLG_SELUID )
+ tty_printf("(%d)* ", i);
+ else if( uid->is_primary )
+ tty_printf("(%d). ", i);
+ else
+ tty_printf("(%d) ", i);
+ tty_print_utf8_string( uid->name, uid->len );
+ tty_printf("\n");
+ if(with_prefs && pk)
+ {
+ if(pk->version>3 || uid->selfsigversion>3)
+ {
+ PKT_signature *selfsig=NULL;
+ KBNODE signode;
+
+ for(signode=node->next;
+ signode && signode->pkt->pkttype==PKT_SIGNATURE;
+ signode=signode->next)
+ {
+ if(signode->pkt->pkt.signature->
+ flags.chosen_selfsig)
+ {
+ selfsig=signode->pkt->pkt.signature;
+ break;
+ }
+ }
+
+ show_prefs (uid, selfsig, with_prefs == 2);
+ }
+ else
+ tty_printf(_("There are no preferences on a"
+ " PGP 2.x-style user ID.\n"));
+ }
+ }
+ }
+ }
+}
+
+/****************
+ * Display the key a the user ids, if only_marked is true, do only
+ * so for user ids with mark A flag set and dont display the index number
+ */
+static void
+show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
+ int with_fpr, int with_subkeys, int with_prefs )
+{
+ KBNODE node;
+ int i;
+ int do_warn = 0;
+ PKT_public_key *primary=NULL;
+
+ if (opt.with_colons)
+ {
+ show_key_with_all_names_colon (keyblock);
+ return;
+ }
+
+ /* the keys */
+ for( node = keyblock; node; node = node->next ) {
+ if( node->pkt->pkttype == PKT_PUBLIC_KEY
+ || (with_subkeys && node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ && !is_deleted_kbnode(node)) ) {
+ PKT_public_key *pk = node->pkt->pkt.public_key;
+ const char *otrust="err",*trust="err";
+
+ if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
+ /* do it here, so that debug messages don't clutter the
+ * output */
+ static int did_warn = 0;
+
+ trust = get_validity_string (pk, NULL);
+ otrust = get_ownertrust_string (pk);
+
+ /* Show a warning once */
+ if (!did_warn
+ && (get_validity (pk, NULL) & TRUST_FLAG_PENDING_CHECK)) {
+ did_warn = 1;
+ do_warn = 1;
+ }
+
+ primary=pk;
+ }
+
+ if(pk->is_revoked)
+ {
+ char *user=get_user_id_string_native(pk->revoked.keyid);
+ const char *algo = gcry_pk_algo_name (pk->revoked.algo);
+ tty_printf (_("The following key was revoked on"
+ " %s by %s key %s\n"),
+ revokestr_from_pk(pk),algo?algo:"?",user);
+ xfree(user);
+ }
+
+ if(with_revoker)
+ {
+ if( !pk->revkey && pk->numrevkeys )
+ BUG();
+ else
+ for(i=0;i<pk->numrevkeys;i++)
+ {
+ u32 r_keyid[2];
+ char *user;
+ const char *algo;
+
+ algo = gcry_pk_algo_name (pk->revkey[i].algid);
+ keyid_from_fingerprint(pk->revkey[i].fpr,
+ MAX_FINGERPRINT_LEN,r_keyid);
+
+ user=get_user_id_string_native(r_keyid);
+ tty_printf(_("This key may be revoked by %s key %s"),
+ algo?algo:"?",user);
+
+ if(pk->revkey[i].class&0x40)
+ {
+ tty_printf(" ");
+ tty_printf(_("(sensitive)"));
+ }
+
+ tty_printf ("\n");
+ xfree(user);
+ }
+ }
+
+ keyid_from_pk(pk,NULL);
+ tty_printf("%s%c %4u%c/%s ",
+ node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
+ (node->flag & NODFLG_SELKEY)? '*':' ',
+ nbits_from_pk( pk ),
+ pubkey_letter( pk->pubkey_algo ),
+ keystr(pk->keyid));
+
+ tty_printf(_("created: %s"),datestr_from_pk(pk));
+ tty_printf(" ");
+ if(pk->is_revoked)
+ tty_printf(_("revoked: %s"),revokestr_from_pk(pk));
+ else if(pk->has_expired)
+ tty_printf(_("expired: %s"),expirestr_from_pk(pk));
+ else
+ tty_printf(_("expires: %s"),expirestr_from_pk(pk));
+ tty_printf(" ");
+ tty_printf(_("usage: %s"),usagestr_from_pk(pk));
+ tty_printf("\n");
+
+ if( node->pkt->pkttype == PKT_PUBLIC_KEY )
+ {
+ if(opt.trust_model!=TM_ALWAYS)
+ {
+ tty_printf("%*s", (int)keystrlen()+13,"");
+ /* Ownertrust is only meaningful for the PGP or
+ classic trust models */
+ if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
+ {
+ int width=14-strlen(otrust);
+ if(width<=0)
+ width=1;
+ tty_printf(_("trust: %s"), otrust);
+ tty_printf("%*s",width,"");
+ }
+
+ tty_printf(_("validity: %s"), trust );
+ tty_printf("\n");
+ }
+ if( node->pkt->pkttype == PKT_PUBLIC_KEY
+ && (get_ownertrust (pk)&TRUST_FLAG_DISABLED))
+ {
+ tty_printf("*** ");
+ tty_printf(_("This key has been disabled"));
+ tty_printf("\n");
+ }
+ }
+
+ if( node->pkt->pkttype == PKT_PUBLIC_KEY && with_fpr )
+ {
+ print_fingerprint ( pk, NULL, 2 );
+ tty_printf("\n");
+ }
+ }
+ else if( node->pkt->pkttype == PKT_SECRET_KEY
+ || (with_subkeys && node->pkt->pkttype == PKT_SECRET_SUBKEY) )
+ {
+ PKT_secret_key *sk = node->pkt->pkt.secret_key;
+ tty_printf("%s%c %4u%c/%s ",
+ node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
+ (node->flag & NODFLG_SELKEY)? '*':' ',
+ nbits_from_sk( sk ),
+ pubkey_letter( sk->pubkey_algo ),
+ keystr_from_sk(sk));
+ tty_printf(_("created: %s"),datestr_from_sk(sk));
+ tty_printf(" ");
+ tty_printf(_("expires: %s"),expirestr_from_sk(sk));
+ tty_printf("\n");
+ if (sk->is_protected && sk->protect.s2k.mode == 1002)
+ {
+ tty_printf(" ");
+ tty_printf(_("card-no: "));
+ if (sk->protect.ivlen == 16
+ && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
+ { /* This is an OpenPGP card. */
+ for (i=8; i < 14; i++)
+ {
+ if (i == 10)
+ tty_printf (" ");
+ tty_printf ("%02X", sk->protect.iv[i]);
+ }
+ }
+ else
+ { /* Something is wrong: Print all. */
+ for (i=0; i < sk->protect.ivlen; i++)
+ tty_printf ("%02X", sk->protect.iv[i]);
+ }
+ tty_printf ("\n");
+ }
+ }
+ }
+
+ show_names(keyblock,primary,only_marked?NODFLG_MARK_A:0,with_prefs);
+
+ if (do_warn)
+ tty_printf (_("Please note that the shown key validity"
+ " is not necessarily correct\n"
+ "unless you restart the program.\n"));
+}
+
+
+/* Display basic key information. This function is suitable to show
+ information on the key without any dependencies on the trustdb or
+ any other internal GnuPG stuff. KEYBLOCK may either be a public or
+ a secret key.*/
+void
+show_basic_key_info ( KBNODE keyblock )
+{
+ KBNODE node;
+ int i;
+
+ /* The primary key */
+ for (node = keyblock; node; node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_PUBLIC_KEY)
+ {
+ PKT_public_key *pk = node->pkt->pkt.public_key;
+
+ /* Note, we use the same format string as in other show
+ functions to make the translation job easier. */
+ tty_printf ("%s %4u%c/%s ",
+ node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
+ nbits_from_pk( pk ),
+ pubkey_letter( pk->pubkey_algo ),
+ keystr_from_pk(pk));
+ tty_printf(_("created: %s"),datestr_from_pk(pk));
+ tty_printf(" ");
+ tty_printf(_("expires: %s"),expirestr_from_pk(pk));
+ tty_printf("\n");
+ print_fingerprint ( pk, NULL, 3 );
+ tty_printf("\n");
+ }
+ else if (node->pkt->pkttype == PKT_SECRET_KEY)
+ {
+ PKT_secret_key *sk = node->pkt->pkt.secret_key;
+ tty_printf("%s %4u%c/%s",
+ node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
+ nbits_from_sk( sk ),
+ pubkey_letter( sk->pubkey_algo ),
+ keystr_from_sk(sk));
+ tty_printf(_("created: %s"),datestr_from_sk(sk));
+ tty_printf(" ");
+ tty_printf(_("expires: %s"),expirestr_from_sk(sk));
+ tty_printf("\n");
+ print_fingerprint (NULL, sk, 3 );
+ tty_printf("\n");
+ }
+ }
+
+ /* The user IDs. */
+ for (i=0, node = keyblock; node; node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID)
+ {
+ PKT_user_id *uid = node->pkt->pkt.user_id;
+ ++i;
+
+ tty_printf (" ");
+ if (uid->is_revoked)
+ tty_printf("[%s] ",_("revoked"));
+ else if ( uid->is_expired )
+ tty_printf("[%s] ",_("expired"));
+ tty_print_utf8_string (uid->name, uid->len);
+ tty_printf ("\n");
+ }
+ }
+}
+
+static void
+show_key_and_fingerprint( KBNODE keyblock )
+{
+ KBNODE node;
+ PKT_public_key *pk = NULL;
+
+ for( node = keyblock; node; node = node->next )
+ {
+ if( node->pkt->pkttype == PKT_PUBLIC_KEY )
+ {
+ pk = node->pkt->pkt.public_key;
+ tty_printf("pub %4u%c/%s %s ",
+ nbits_from_pk( pk ),
+ pubkey_letter( pk->pubkey_algo ),
+ keystr_from_pk(pk),
+ datestr_from_pk(pk) );
+ }
+ else if( node->pkt->pkttype == PKT_USER_ID )
+ {
+ PKT_user_id *uid = node->pkt->pkt.user_id;
+ tty_print_utf8_string( uid->name, uid->len );
+ break;
+ }
+ }
+ tty_printf("\n");
+ if( pk )
+ print_fingerprint( pk, NULL, 2 );
+}
+
+
+/* Show a warning if no uids on the key have the primary uid flag
+ set. */
+static void
+no_primary_warning(KBNODE keyblock)
+{
+ KBNODE node;
+ int have_primary=0,uid_count=0;
+
+ /* TODO: if we ever start behaving differently with a primary or
+ non-primary attribute ID, we will need to check for attributes
+ here as well. */
+
+ for(node=keyblock; node; node = node->next)
+ {
+ if(node->pkt->pkttype==PKT_USER_ID
+ && node->pkt->pkt.user_id->attrib_data==NULL)
+ {
+ uid_count++;
+
+ if(node->pkt->pkt.user_id->is_primary==2)
+ {
+ have_primary=1;
+ break;
+ }
+ }
+ }
+
+ if(uid_count>1 && !have_primary)
+ log_info(_("WARNING: no user ID has been marked as primary. This command"
+ " may\n cause a different user ID to become"
+ " the assumed primary.\n"));
+}
+
+/****************
+ * Ask for a new user id, do the selfsignature and put it into
+ * both keyblocks.
+ * Return true if there is a new user id
+ */
+static int
+menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock,
+ int photo, const char *photo_name)
+{
+ PKT_user_id *uid;
+ PKT_public_key *pk=NULL;
+ PKT_secret_key *sk=NULL;
+ PKT_signature *sig=NULL;
+ PACKET *pkt;
+ KBNODE node;
+ KBNODE pub_where=NULL, sec_where=NULL;
+ int rc;
+
+ for( node = pub_keyblock; node; pub_where = node, node = node->next ) {
+ if( node->pkt->pkttype == PKT_PUBLIC_KEY )
+ pk = node->pkt->pkt.public_key;
+ else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ break;
+ }
+ if( !node ) /* no subkey */
+ pub_where = NULL;
+ for( node = sec_keyblock; node; sec_where = node, node = node->next ) {
+ if( node->pkt->pkttype == PKT_SECRET_KEY )
+ sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
+ else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
+ break;
+ }
+ if( !node ) /* no subkey */
+ sec_where = NULL;
+ assert(pk && sk);
+
+ if(photo) {
+ int hasattrib=0;
+
+ for( node = pub_keyblock; node; node = node->next )
+ if( node->pkt->pkttype == PKT_USER_ID &&
+ node->pkt->pkt.user_id->attrib_data!=NULL)
+ {
+ hasattrib=1;
+ break;
+ }
+
+ /* It is legal but bad for compatibility to add a photo ID to a
+ v3 key as it means that PGP2 will not be able to use that key
+ anymore. Also, PGP may not expect a photo on a v3 key.
+ Don't bother to ask this if the key already has a photo - any
+ damage has already been done at that point. -dms */
+ if(pk->version==3 && !hasattrib)
+ {
+ if(opt.expert)
+ {
+ tty_printf(_("WARNING: This is a PGP2-style key. "
+ "Adding a photo ID may cause some versions\n"
+ " of PGP to reject this key.\n"));
+
+ if(!cpr_get_answer_is_yes("keyedit.v3_photo.okay",
+ _("Are you sure you still want "
+ "to add it? (y/N) ")))
+ return 0;
+ }
+ else
+ {
+ tty_printf(_("You may not add a photo ID to "
+ "a PGP2-style key.\n"));
+ return 0;
+ }
+ }
+
+ uid = generate_photo_id(pk,photo_name);
+ } else
+ uid = generate_user_id (pub_keyblock);
+ if( !uid )
+ return 0;
+
+ rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, 0, 0, 0,
+ keygen_add_std_prefs, pk );
+ free_secret_key( sk );
+ if( rc ) {
+ log_error("signing failed: %s\n", g10_errstr(rc) );
+ free_user_id(uid);
+ return 0;
+ }
+
+ /* insert/append to secret keyblock */
+ pkt = xmalloc_clear( sizeof *pkt );
+ pkt->pkttype = PKT_USER_ID;
+ pkt->pkt.user_id = scopy_user_id(uid);
+ node = new_kbnode(pkt);
+ if( sec_where )
+ insert_kbnode( sec_where, node, 0 );
+ else
+ add_kbnode( sec_keyblock, node );
+ pkt = xmalloc_clear( sizeof *pkt );
+ pkt->pkttype = PKT_SIGNATURE;
+ pkt->pkt.signature = copy_signature(NULL, sig);
+ if( sec_where )
+ insert_kbnode( node, new_kbnode(pkt), 0 );
+ else
+ add_kbnode( sec_keyblock, new_kbnode(pkt) );
+ /* insert/append to public keyblock */
+ pkt = xmalloc_clear( sizeof *pkt );
+ pkt->pkttype = PKT_USER_ID;
+ pkt->pkt.user_id = uid;
+ node = new_kbnode(pkt);
+ if( pub_where )
+ insert_kbnode( pub_where, node, 0 );
+ else
+ add_kbnode( pub_keyblock, node );
+ pkt = xmalloc_clear( sizeof *pkt );
+ pkt->pkttype = PKT_SIGNATURE;
+ pkt->pkt.signature = copy_signature(NULL, sig);
+ if( pub_where )
+ insert_kbnode( node, new_kbnode(pkt), 0 );
+ else
+ add_kbnode( pub_keyblock, new_kbnode(pkt) );
+ return 1;
+}
+
+
+/****************
+ * Remove all selected userids from the keyrings
+ */
+static void
+menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock )
+{
+ KBNODE node;
+ int selected=0;
+
+ for( node = pub_keyblock; node; node = node->next ) {
+ if( node->pkt->pkttype == PKT_USER_ID ) {
+ selected = node->flag & NODFLG_SELUID;
+ if( selected ) {
+ /* Only cause a trust update if we delete a
+ non-revoked user id */
+ if(!node->pkt->pkt.user_id->is_revoked)
+ update_trust=1;
+ delete_kbnode( node );
+ if( sec_keyblock ) {
+ KBNODE snode;
+ int s_selected = 0;
+ PKT_user_id *uid = node->pkt->pkt.user_id;
+ for( snode = sec_keyblock; snode; snode = snode->next ) {
+ if( snode->pkt->pkttype == PKT_USER_ID ) {
+ PKT_user_id *suid = snode->pkt->pkt.user_id;
+
+ s_selected =
+ (uid->len == suid->len
+ && !memcmp( uid->name, suid->name, uid->len));
+ if( s_selected )
+ delete_kbnode( snode );
+ }
+ else if( s_selected
+ && snode->pkt->pkttype == PKT_SIGNATURE )
+ delete_kbnode( snode );
+ else if( snode->pkt->pkttype == PKT_SECRET_SUBKEY )
+ s_selected = 0;
+ }
+ }
+ }
+ }
+ else if( selected && node->pkt->pkttype == PKT_SIGNATURE )
+ delete_kbnode( node );
+ else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ selected = 0;
+ }
+ commit_kbnode( &pub_keyblock );
+ if( sec_keyblock )
+ commit_kbnode( &sec_keyblock );
+}
+
+
+static int
+menu_delsig( KBNODE pub_keyblock )
+{
+ KBNODE node;
+ PKT_user_id *uid = NULL;
+ int changed=0;
+
+ for( node = pub_keyblock; node; node = node->next ) {
+ if( node->pkt->pkttype == PKT_USER_ID ) {
+ uid = (node->flag & NODFLG_SELUID)? node->pkt->pkt.user_id : NULL;
+ }
+ else if( uid && node->pkt->pkttype == PKT_SIGNATURE ) {
+ int okay, valid, selfsig, inv_sig, no_key, other_err;
+
+ tty_printf("uid ");
+ tty_print_utf8_string( uid->name, uid->len );
+ tty_printf("\n");
+
+ okay = inv_sig = no_key = other_err = 0;
+ if(opt.with_colons)
+ valid = print_and_check_one_sig_colon( pub_keyblock, node,
+ &inv_sig, &no_key, &other_err,
+ &selfsig, 1 );
+ else
+ valid = print_and_check_one_sig( pub_keyblock, node,
+ &inv_sig, &no_key, &other_err,
+ &selfsig, 1 );
+
+ if( valid ) {
+ okay = cpr_get_answer_yes_no_quit(
+ "keyedit.delsig.valid",
+ _("Delete this good signature? (y/N/q)"));
+
+ /* Only update trust if we delete a good signature.
+ The other two cases do not affect trust. */
+ if(okay)
+ update_trust=1;
+ }
+ else if( inv_sig || other_err )
+ okay = cpr_get_answer_yes_no_quit(
+ "keyedit.delsig.invalid",
+ _("Delete this invalid signature? (y/N/q)"));
+ else if( no_key )
+ okay = cpr_get_answer_yes_no_quit(
+ "keyedit.delsig.unknown",
+ _("Delete this unknown signature? (y/N/q)"));
+
+ if( okay == -1 )
+ break;
+ if( okay && selfsig && !cpr_get_answer_is_yes(
+ "keyedit.delsig.selfsig",
+ _("Really delete this self-signature? (y/N)") ))
+ okay = 0;
+ if( okay ) {
+ delete_kbnode( node );
+ changed++;
+ }
+
+ }
+ else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ uid = NULL;
+ }
+
+ if( changed ) {
+ commit_kbnode( &pub_keyblock );
+ tty_printf( changed == 1? _("Deleted %d signature.\n")
+ : _("Deleted %d signatures.\n"), changed );
+ }
+ else
+ tty_printf( _("Nothing deleted.\n") );
+
+ return changed;
+}
+
+static int
+menu_clean(KBNODE keyblock,int self_only)
+{
+ KBNODE uidnode;
+ int modified=0,select_all=!count_selected_uids(keyblock);
+
+ for(uidnode=keyblock->next;
+ uidnode && uidnode->pkt->pkttype!=PKT_PUBLIC_SUBKEY;
+ uidnode=uidnode->next)
+ {
+ if(uidnode->pkt->pkttype==PKT_USER_ID
+ && (uidnode->flag&NODFLG_SELUID || select_all))
+ {
+ int uids=0,sigs=0;
+ char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
+ uidnode->pkt->pkt.user_id->len,
+ 0);
+
+ clean_one_uid(keyblock,uidnode,opt.verbose,self_only,&uids,&sigs);
+ if(uids)
+ {
+ const char *reason;
+
+ if(uidnode->pkt->pkt.user_id->is_revoked)
+ reason=_("revoked");
+ else if(uidnode->pkt->pkt.user_id->is_expired)
+ reason=_("expired");
+ else
+ reason=_("invalid");
+
+ tty_printf (_("User ID \"%s\" compacted: %s\n"), user, reason);
+
+ modified=1;
+ }
+ else if(sigs)
+ {
+ tty_printf(sigs==1?
+ _("User ID \"%s\": %d signature removed\n") :
+ _("User ID \"%s\": %d signatures removed\n"),
+ user,sigs);
+
+ modified=1;
+ }
+ else
+ {
+ tty_printf (self_only==1?
+ _("User ID \"%s\": already minimized\n") :
+ _("User ID \"%s\": already clean\n"),
+ user);
+ }
+
+ xfree(user);
+ }
+ }
+
+ return modified;
+}
+
+/****************
+ * Remove some of the secondary keys
+ */
+static void
+menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
+{
+ KBNODE node;
+ int selected=0;
+
+ for( node = pub_keyblock; node; node = node->next ) {
+ if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ selected = node->flag & NODFLG_SELKEY;
+ if( selected ) {
+ delete_kbnode( node );
+ if( sec_keyblock ) {
+ KBNODE snode;
+ int s_selected = 0;
+ u32 ki[2];
+
+ keyid_from_pk( node->pkt->pkt.public_key, ki );
+ for( snode = sec_keyblock; snode; snode = snode->next ) {
+ if( snode->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ u32 ki2[2];
+
+ keyid_from_sk( snode->pkt->pkt.secret_key, ki2 );
+ s_selected = (ki[0] == ki2[0] && ki[1] == ki2[1]);
+ if( s_selected )
+ delete_kbnode( snode );
+ }
+ else if( s_selected
+ && snode->pkt->pkttype == PKT_SIGNATURE )
+ delete_kbnode( snode );
+ else
+ s_selected = 0;
+ }
+ }
+ }
+ }
+ else if( selected && node->pkt->pkttype == PKT_SIGNATURE )
+ delete_kbnode( node );
+ else
+ selected = 0;
+ }
+ commit_kbnode( &pub_keyblock );
+ if( sec_keyblock )
+ commit_kbnode( &sec_keyblock );
+
+ /* No need to set update_trust here since signing keys are no
+ longer used to certify other keys, so there is no change in
+ trust when revoking/removing them */
+}
+
+
+/****************
+ * Ask for a new revoker, do the selfsignature and put it into
+ * both keyblocks.
+ * Return true if there is a new revoker
+ */
+static int
+menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
+{
+ PKT_public_key *pk=NULL,*revoker_pk=NULL;
+ PKT_secret_key *sk=NULL;
+ PKT_signature *sig=NULL;
+ PACKET *pkt;
+ struct revocation_key revkey;
+ size_t fprlen;
+ int rc;
+
+ assert(pub_keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
+ assert(sec_keyblock->pkt->pkttype==PKT_SECRET_KEY);
+
+ pk=pub_keyblock->pkt->pkt.public_key;
+
+ if(pk->numrevkeys==0 && pk->version==3)
+ {
+ /* It is legal but bad for compatibility to add a revoker to a
+ v3 key as it means that PGP2 will not be able to use that key
+ anymore. Also, PGP may not expect a revoker on a v3 key.
+ Don't bother to ask this if the key already has a revoker -
+ any damage has already been done at that point. -dms */
+ if(opt.expert)
+ {
+ tty_printf(_("WARNING: This is a PGP 2.x-style key. "
+ "Adding a designated revoker may cause\n"
+ " some versions of PGP to reject this key.\n"));
+
+ if(!cpr_get_answer_is_yes("keyedit.v3_revoker.okay",
+ _("Are you sure you still want "
+ "to add it? (y/N) ")))
+ return 0;
+ }
+ else
+ {
+ tty_printf(_("You may not add a designated revoker to "
+ "a PGP 2.x-style key.\n"));
+ return 0;
+ }
+ }
+
+ sk=copy_secret_key(NULL,sec_keyblock->pkt->pkt.secret_key);
+
+ for(;;)
+ {
+ char *answer;
+
+ if(revoker_pk)
+ free_public_key(revoker_pk);
+
+ revoker_pk=xmalloc_clear(sizeof(*revoker_pk));
+
+ tty_printf("\n");
+
+ answer=cpr_get_utf8("keyedit.add_revoker",
+ _("Enter the user ID of the designated revoker: "));
+ if(answer[0]=='\0' || answer[0]=='\004')
+ {
+ xfree(answer);
+ goto fail;
+ }
+
+ /* Note that I'm requesting CERT here, which usually implies
+ primary keys only, but some casual testing shows that PGP and
+ GnuPG both can handle a designated revokation from a
+ subkey. */
+ revoker_pk->req_usage=PUBKEY_USAGE_CERT;
+ rc=get_pubkey_byname (NULL, revoker_pk,answer,NULL,NULL,1, 1);
+ if(rc)
+ {
+ log_error (_("key \"%s\" not found: %s\n"),answer,g10_errstr(rc));
+ xfree(answer);
+ continue;
+ }
+
+ xfree(answer);
+
+ fingerprint_from_pk(revoker_pk,revkey.fpr,&fprlen);
+ if(fprlen!=20)
+ {
+ log_error(_("cannot appoint a PGP 2.x style key as a "
+ "designated revoker\n"));
+ continue;
+ }
+
+ revkey.class=0x80;
+ if(sensitive)
+ revkey.class|=0x40;
+ revkey.algid=revoker_pk->pubkey_algo;
+
+ if(cmp_public_keys(revoker_pk,pk)==0)
+ {
+ /* This actually causes no harm (after all, a key that
+ designates itself as a revoker is the same as a
+ regular key), but it's easy enough to check. */
+ log_error(_("you cannot appoint a key as its own "
+ "designated revoker\n"));
+
+ continue;
+ }
+
+ keyid_from_pk(pk,NULL);
+
+ /* Does this revkey already exist? */
+ if(!pk->revkey && pk->numrevkeys)
+ BUG();
+ else
+ {
+ int i;
+
+ for(i=0;i<pk->numrevkeys;i++)
+ {
+ if(memcmp(&pk->revkey[i],&revkey,
+ sizeof(struct revocation_key))==0)
+ {
+ char buf[50];
+
+ log_error(_("this key has already been designated "
+ "as a revoker\n"));
+
+ sprintf(buf,"%08lX%08lX",
+ (ulong)pk->keyid[0],(ulong)pk->keyid[1]);
+ write_status_text(STATUS_ALREADY_SIGNED,buf);
+
+ break;
+ }
+ }
+
+ if(i<pk->numrevkeys)
+ continue;
+ }
+
+ print_pubkey_info(NULL,revoker_pk);
+ print_fingerprint(revoker_pk,NULL,2);
+ tty_printf("\n");
+
+ tty_printf(_("WARNING: appointing a key as a designated revoker "
+ "cannot be undone!\n"));
+
+ tty_printf("\n");
+
+ if(!cpr_get_answer_is_yes("keyedit.add_revoker.okay",
+ _("Are you sure you want to appoint this "
+ "key as a designated revoker? (y/N) ")))
+ continue;
+
+ free_public_key(revoker_pk);
+ revoker_pk=NULL;
+ break;
+ }
+
+ /* The 1F signature must be at least v4 to carry the revocation key
+ subpacket. */
+ rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x1F, 0, 4, 0, 0,
+ keygen_add_revkey,&revkey );
+ if( rc )
+ {
+ log_error("signing failed: %s\n", g10_errstr(rc) );
+ goto fail;
+ }
+
+ free_secret_key(sk);
+ sk=NULL;
+
+ /* insert into secret keyblock */
+ pkt = xmalloc_clear( sizeof *pkt );
+ pkt->pkttype = PKT_SIGNATURE;
+ pkt->pkt.signature = copy_signature(NULL, sig);
+ insert_kbnode( sec_keyblock, new_kbnode(pkt), PKT_SIGNATURE );
+
+ /* insert into public keyblock */
+ pkt = xmalloc_clear( sizeof *pkt );
+ pkt->pkttype = PKT_SIGNATURE;
+ pkt->pkt.signature = sig;
+ insert_kbnode( pub_keyblock, new_kbnode(pkt), PKT_SIGNATURE );
+
+ return 1;
+
+ fail:
+ if(sk)
+ free_secret_key(sk);
+ if(sig)
+ free_seckey_enc(sig);
+ if(revoker_pk)
+ free_public_key(revoker_pk);
+
+ return 0;
+}
+
+
+static int
+menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
+{
+ int n1, signumber, rc;
+ u32 expiredate;
+ int mainkey=0;
+ PKT_secret_key *sk; /* copy of the main sk */
+ PKT_public_key *main_pk, *sub_pk;
+ PKT_user_id *uid;
+ KBNODE node;
+ u32 keyid[2];
+
+ if( count_selected_keys( sec_keyblock ) ) {
+ tty_printf(_("Please remove selections from the secret keys.\n"));
+ return 0;
+ }
+
+ n1 = count_selected_keys( pub_keyblock );
+ if( n1 > 1 ) {
+ tty_printf(_("Please select at most one subkey.\n"));
+ return 0;
+ }
+ else if( n1 )
+ tty_printf(_("Changing expiration time for a subkey.\n"));
+ else
+ {
+ tty_printf(_("Changing expiration time for the primary key.\n"));
+ mainkey=1;
+ no_primary_warning(pub_keyblock);
+ }
+
+ expiredate = ask_expiredate();
+ node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
+ sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
+
+ /* Now we can actually change the self signature(s) */
+ main_pk = sub_pk = NULL;
+ uid = NULL;
+ signumber = 0;
+ for( node=pub_keyblock; node; node = node->next ) {
+ if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
+ main_pk = node->pkt->pkt.public_key;
+ keyid_from_pk( main_pk, keyid );
+ main_pk->expiredate = expiredate;
+ }
+ else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ && (node->flag & NODFLG_SELKEY ) ) {
+ sub_pk = node->pkt->pkt.public_key;
+ sub_pk->expiredate = expiredate;
+ }
+ else if( node->pkt->pkttype == PKT_USER_ID )
+ uid = node->pkt->pkt.user_id;
+ else if( main_pk && node->pkt->pkttype == PKT_SIGNATURE
+ && ( mainkey || sub_pk ) ) {
+ PKT_signature *sig = node->pkt->pkt.signature;
+ if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
+ && ( (mainkey && uid
+ && uid->created && (sig->sig_class&~3) == 0x10)
+ || (!mainkey && sig->sig_class == 0x18) )
+ && sig->flags.chosen_selfsig )
+ {
+ /* this is a selfsignature which is to be replaced */
+ PKT_signature *newsig;
+ PACKET *newpkt;
+ KBNODE sn;
+ int signumber2 = 0;
+
+ signumber++;
+
+ if( (mainkey && main_pk->version < 4)
+ || (!mainkey && sub_pk->version < 4 ) ) {
+ log_info(_(
+ "You can't change the expiration date of a v3 key\n"));
+ free_secret_key( sk );
+ return 0;
+ }
+
+ /* find the corresponding secret self-signature */
+ for( sn=sec_keyblock; sn; sn = sn->next ) {
+ if( sn->pkt->pkttype == PKT_SIGNATURE ) {
+ PKT_signature *b = sn->pkt->pkt.signature;
+ if( keyid[0] == b->keyid[0] && keyid[1] == b->keyid[1]
+ && sig->sig_class == b->sig_class
+ && ++signumber2 == signumber )
+ break;
+ }
+ }
+ if( !sn )
+ log_info(_("No corresponding signature in secret ring\n"));
+
+ if( mainkey )
+ rc = update_keysig_packet(&newsig, sig, main_pk, uid, NULL,
+ sk, keygen_add_key_expire, main_pk);
+ else
+ rc = update_keysig_packet(&newsig, sig, main_pk, NULL, sub_pk,
+ sk, keygen_add_key_expire, sub_pk );
+ if( rc ) {
+ log_error("make_keysig_packet failed: %s\n",
+ g10_errstr(rc));
+ free_secret_key( sk );
+ return 0;
+ }
+ /* replace the packet */
+ newpkt = xmalloc_clear( sizeof *newpkt );
+ newpkt->pkttype = PKT_SIGNATURE;
+ newpkt->pkt.signature = newsig;
+ free_packet( node->pkt );
+ xfree( node->pkt );
+ node->pkt = newpkt;
+ if( sn ) {
+ newpkt = xmalloc_clear( sizeof *newpkt );
+ newpkt->pkttype = PKT_SIGNATURE;
+ newpkt->pkt.signature = copy_signature( NULL, newsig );
+ free_packet( sn->pkt );
+ xfree( sn->pkt );
+ sn->pkt = newpkt;
+ }
+ sub_pk = NULL;
+ }
+ }
+ }
+
+ free_secret_key( sk );
+ update_trust=1;
+ return 1;
+}
+
+static int
+menu_backsign(KBNODE pub_keyblock,KBNODE sec_keyblock)
+{
+ int rc,modified=0;
+ PKT_public_key *main_pk;
+ PKT_secret_key *main_sk,*sub_sk=NULL;
+ KBNODE node;
+ u32 timestamp;
+
+ assert(pub_keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
+ assert(sec_keyblock->pkt->pkttype==PKT_SECRET_KEY);
+
+ merge_keys_and_selfsig(pub_keyblock);
+ main_pk=pub_keyblock->pkt->pkt.public_key;
+ main_sk=copy_secret_key(NULL,sec_keyblock->pkt->pkt.secret_key);
+ keyid_from_pk(main_pk,NULL);
+
+ /* We use the same timestamp for all backsigs so that we don't
+ reveal information about the used machine. */
+ timestamp = make_timestamp ();
+
+ for(node=pub_keyblock;node;node=node->next)
+ {
+ PKT_public_key *sub_pk=NULL;
+ KBNODE node2,sig_pk=NULL,sig_sk=NULL;
+ char *passphrase;
+
+ if(sub_sk)
+ {
+ free_secret_key(sub_sk);
+ sub_sk=NULL;
+ }
+
+ /* Find a signing subkey with no backsig */
+ if(node->pkt->pkttype==PKT_PUBLIC_SUBKEY)
+ {
+ if(node->pkt->pkt.public_key->pubkey_usage&PUBKEY_USAGE_SIG)
+ {
+ if(node->pkt->pkt.public_key->backsig)
+ tty_printf(_("signing subkey %s is already cross-certified\n"),
+ keystr_from_pk(node->pkt->pkt.public_key));
+ else
+ sub_pk=node->pkt->pkt.public_key;
+ }
+ else
+ tty_printf(_("subkey %s does not sign and so does"
+ " not need to be cross-certified\n"),
+ keystr_from_pk(node->pkt->pkt.public_key));
+ }
+
+ if(!sub_pk)
+ continue;
+
+ /* Find the selected selfsig on this subkey */
+ for(node2=node->next;
+ node2 && node2->pkt->pkttype==PKT_SIGNATURE;
+ node2=node2->next)
+ if(node2->pkt->pkt.signature->version>=4
+ && node2->pkt->pkt.signature->flags.chosen_selfsig)
+ {
+ sig_pk=node2;
+ break;
+ }
+
+ if(!sig_pk)
+ continue;
+
+ /* Find the secret subkey that matches the public subkey */
+ for(node2=sec_keyblock;node2;node2=node2->next)
+ if(node2->pkt->pkttype==PKT_SECRET_SUBKEY
+ && !cmp_public_secret_key(sub_pk,node2->pkt->pkt.secret_key))
+ {
+ sub_sk=copy_secret_key(NULL,node2->pkt->pkt.secret_key);
+ break;
+ }
+
+ if(!sub_sk)
+ {
+ tty_printf(_("no secret subkey for public subkey %s - ignoring\n"),
+ keystr_from_pk(sub_pk));
+ continue;
+ }
+
+ /* Now finally find the matching selfsig on the secret subkey.
+ We can't use chosen_selfsig here (it's not set for secret
+ keys), so we just pick the selfsig with the right class.
+ This is what menu_expire does as well. */
+ for(node2=node2->next;
+ node2 && node2->pkt->pkttype!=PKT_SECRET_SUBKEY;
+ node2=node2->next)
+ if(node2->pkt->pkttype==PKT_SIGNATURE
+ && node2->pkt->pkt.signature->version>=4
+ && node2->pkt->pkt.signature->keyid[0]==sig_pk->pkt->pkt.signature->keyid[0]
+ && node2->pkt->pkt.signature->keyid[1]==sig_pk->pkt->pkt.signature->keyid[1]
+ && node2->pkt->pkt.signature->sig_class==sig_pk->pkt->pkt.signature->sig_class)
+ {
+ sig_sk=node2;
+ break;
+ }
+
+ /* Now we can get to work. We have a main key and secret part,
+ a signing subkey with signature and secret part possibly with
+ signature. */
+
+ passphrase=get_last_passphrase();
+ set_next_passphrase(passphrase);
+ xfree(passphrase);
+
+ rc = make_backsig (sig_pk->pkt->pkt.signature, main_pk, sub_pk, sub_sk,
+ timestamp);
+ if(rc==0)
+ {
+ PKT_signature *newsig;
+ PACKET *newpkt;
+
+ passphrase=get_last_passphrase();
+ set_next_passphrase(passphrase);
+ xfree(passphrase);
+
+ rc=update_keysig_packet(&newsig,sig_pk->pkt->pkt.signature,main_pk,
+ NULL,sub_pk,main_sk,NULL,NULL);
+ if(rc==0)
+ {
+ /* Put the new sig into place on the pubkey */
+ newpkt=xmalloc_clear(sizeof(*newpkt));
+ newpkt->pkttype=PKT_SIGNATURE;
+ newpkt->pkt.signature=newsig;
+ free_packet(sig_pk->pkt);
+ xfree(sig_pk->pkt);
+ sig_pk->pkt=newpkt;
+
+ if(sig_sk)
+ {
+ /* Put the new sig into place on the seckey */
+ newpkt=xmalloc_clear(sizeof(*newpkt));
+ newpkt->pkttype=PKT_SIGNATURE;
+ newpkt->pkt.signature=copy_signature(NULL,newsig);
+ free_packet(sig_sk->pkt);
+ xfree(sig_sk->pkt);
+ sig_sk->pkt=newpkt;
+ }
+
+ modified=1;
+ }
+ else
+ {
+ log_error("update_keysig_packet failed: %s\n",g10_errstr(rc));
+ break;
+ }
+ }
+ else
+ {
+ log_error("make_backsig failed: %s\n",g10_errstr(rc));
+ break;
+ }
+ }
+
+ set_next_passphrase(NULL);
+
+ free_secret_key(main_sk);
+ if(sub_sk)
+ free_secret_key(sub_sk);
+
+ return modified;
+}
+
+
+static int
+change_primary_uid_cb ( PKT_signature *sig, void *opaque )
+{
+ byte buf[1];
+
+ /* first clear all primary uid flags so that we are sure none are
+ * lingering around */
+ delete_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID);
+ delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PRIMARY_UID);
+
+ /* if opaque is set,we want to set the primary id */
+ if (opaque) {
+ buf[0] = 1;
+ build_sig_subpkt (sig, SIGSUBPKT_PRIMARY_UID, buf, 1 );
+ }
+
+ return 0;
+}
+
+
+/*
+ * Set the primary uid flag for the selected UID. We will also reset
+ * all other primary uid flags. For this to work with have to update
+ * all the signature timestamps. If we would do this with the current
+ * time, we lose quite a lot of information, so we use a a kludge to
+ * do this: Just increment the timestamp by one second which is
+ * sufficient to updated a signature during import.
+ */
+static int
+menu_set_primary_uid ( KBNODE pub_keyblock, KBNODE sec_keyblock )
+{
+ PKT_secret_key *sk; /* copy of the main sk */
+ PKT_public_key *main_pk;
+ PKT_user_id *uid;
+ KBNODE node;
+ u32 keyid[2];
+ int selected;
+ int attribute = 0;
+ int modified = 0;
+
+ if ( count_selected_uids (pub_keyblock) != 1 ) {
+ tty_printf(_("Please select exactly one user ID.\n"));
+ return 0;
+ }
+
+ node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
+ sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
+
+ /* Now we can actually change the self signature(s) */
+ main_pk = NULL;
+ uid = NULL;
+ selected = 0;
+
+ /* Is our selected uid an attribute packet? */
+ for ( node=pub_keyblock; node; node = node->next )
+ if (node->pkt->pkttype == PKT_USER_ID && node->flag & NODFLG_SELUID)
+ attribute = (node->pkt->pkt.user_id->attrib_data!=NULL);
+
+ for ( node=pub_keyblock; node; node = node->next ) {
+ if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ break; /* ready */
+
+ if ( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
+ main_pk = node->pkt->pkt.public_key;
+ keyid_from_pk( main_pk, keyid );
+ }
+ else if ( node->pkt->pkttype == PKT_USER_ID ) {
+ uid = node->pkt->pkt.user_id;
+ selected = node->flag & NODFLG_SELUID;
+ }
+ else if ( main_pk && uid && node->pkt->pkttype == PKT_SIGNATURE ) {
+ PKT_signature *sig = node->pkt->pkt.signature;
+ if ( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
+ && (uid && (sig->sig_class&~3) == 0x10)
+ && attribute == (uid->attrib_data!=NULL)
+ && sig->flags.chosen_selfsig )
+ {
+ if(sig->version < 4) {
+ char *user=utf8_to_native(uid->name,strlen(uid->name),0);
+
+ log_info(_("skipping v3 self-signature on user ID \"%s\"\n"),
+ user);
+ xfree(user);
+ }
+ else {
+ /* This is a selfsignature which is to be replaced.
+ We can just ignore v3 signatures because they are
+ not able to carry the primary ID flag. We also
+ ignore self-sigs on user IDs that are not of the
+ same type that we are making primary. That is, if
+ we are making a user ID primary, we alter user IDs.
+ If we are making an attribute packet primary, we
+ alter attribute packets. */
+
+ /* FIXME: We must make sure that we only have one
+ self-signature per user ID here (not counting
+ revocations) */
+ PKT_signature *newsig;
+ PACKET *newpkt;
+ const byte *p;
+ int action;
+
+ /* see whether this signature has the primary UID flag */
+ p = parse_sig_subpkt (sig->hashed,
+ SIGSUBPKT_PRIMARY_UID, NULL );
+ if ( !p )
+ p = parse_sig_subpkt (sig->unhashed,
+ SIGSUBPKT_PRIMARY_UID, NULL );
+ if ( p && *p ) /* yes */
+ action = selected? 0 : -1;
+ else /* no */
+ action = selected? 1 : 0;
+
+ if (action) {
+ int rc = update_keysig_packet (&newsig, sig,
+ main_pk, uid, NULL,
+ sk,
+ change_primary_uid_cb,
+ action > 0? "x":NULL );
+ if( rc ) {
+ log_error ("update_keysig_packet failed: %s\n",
+ g10_errstr(rc));
+ free_secret_key( sk );
+ return 0;
+ }
+ /* replace the packet */
+ newpkt = xmalloc_clear( sizeof *newpkt );
+ newpkt->pkttype = PKT_SIGNATURE;
+ newpkt->pkt.signature = newsig;
+ free_packet( node->pkt );
+ xfree( node->pkt );
+ node->pkt = newpkt;
+ modified = 1;
+ }
+ }
+ }
+ }
+ }
+
+ free_secret_key( sk );
+ return modified;
+}
+
+
+/*
+ * Set preferences to new values for the selected user IDs
+ */
+static int
+menu_set_preferences (KBNODE pub_keyblock, KBNODE sec_keyblock )
+{
+ PKT_secret_key *sk; /* copy of the main sk */
+ PKT_public_key *main_pk;
+ PKT_user_id *uid;
+ KBNODE node;
+ u32 keyid[2];
+ int selected, select_all;
+ int modified = 0;
+
+ no_primary_warning(pub_keyblock);
+
+ select_all = !count_selected_uids (pub_keyblock);
+
+ node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
+ sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
+
+ /* Now we can actually change the self signature(s) */
+ main_pk = NULL;
+ uid = NULL;
+ selected = 0;
+ for ( node=pub_keyblock; node; node = node->next ) {
+ if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ break; /* ready */
+
+ if ( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
+ main_pk = node->pkt->pkt.public_key;
+ keyid_from_pk( main_pk, keyid );
+ }
+ else if ( node->pkt->pkttype == PKT_USER_ID ) {
+ uid = node->pkt->pkt.user_id;
+ selected = select_all || (node->flag & NODFLG_SELUID);
+ }
+ else if ( main_pk && uid && selected
+ && node->pkt->pkttype == PKT_SIGNATURE ) {
+ PKT_signature *sig = node->pkt->pkt.signature;
+ if ( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
+ && (uid && (sig->sig_class&~3) == 0x10)
+ && sig->flags.chosen_selfsig ) {
+ if( sig->version < 4 ) {
+ char *user=utf8_to_native(uid->name,strlen(uid->name),0);
+
+ log_info(_("skipping v3 self-signature on user ID \"%s\"\n"),
+ user);
+ xfree(user);
+ }
+ else {
+ /* This is a selfsignature which is to be replaced
+ * We have to ignore v3 signatures because they are
+ * not able to carry the preferences */
+ PKT_signature *newsig;
+ PACKET *newpkt;
+ int rc;
+
+ rc = update_keysig_packet (&newsig, sig,
+ main_pk, uid, NULL,
+ sk,
+ keygen_upd_std_prefs,
+ NULL );
+ if( rc ) {
+ log_error ("update_keysig_packet failed: %s\n",
+ g10_errstr(rc));
+ free_secret_key( sk );
+ return 0;
+ }
+ /* replace the packet */
+ newpkt = xmalloc_clear( sizeof *newpkt );
+ newpkt->pkttype = PKT_SIGNATURE;
+ newpkt->pkt.signature = newsig;
+ free_packet( node->pkt );
+ xfree( node->pkt );
+ node->pkt = newpkt;
+ modified = 1;
+ }
+ }
+ }
+ }
+
+ free_secret_key( sk );
+ return modified;
+}
+
+
+static int
+menu_set_keyserver_url (const char *url,
+ KBNODE pub_keyblock, KBNODE sec_keyblock )
+{
+ PKT_secret_key *sk; /* copy of the main sk */
+ PKT_public_key *main_pk;
+ PKT_user_id *uid;
+ KBNODE node;
+ u32 keyid[2];
+ int selected, select_all;
+ int modified = 0;
+ char *answer,*uri;
+
+ no_primary_warning(pub_keyblock);
+
+ if(url)
+ answer=xstrdup(url);
+ else
+ {
+ answer=cpr_get_utf8("keyedit.add_keyserver",
+ _("Enter your preferred keyserver URL: "));
+ if(answer[0]=='\0' || answer[0]=='\004')
+ {
+ xfree(answer);
+ return 0;
+ }
+ }
+
+ if(ascii_strcasecmp(answer,"none")==0)
+ uri=NULL;
+ else
+ {
+ struct keyserver_spec *keyserver=NULL;
+ /* Sanity check the format */
+ keyserver=parse_keyserver_uri(answer,1,NULL,0);
+ xfree(answer);
+ if(!keyserver)
+ {
+ log_info(_("could not parse keyserver URL\n"));
+ return 0;
+ }
+ uri=xstrdup(keyserver->uri);
+ free_keyserver_spec(keyserver);
+ }
+
+ select_all = !count_selected_uids (pub_keyblock);
+
+ node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
+ sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
+
+ /* Now we can actually change the self signature(s) */
+ main_pk = NULL;
+ uid = NULL;
+ selected = 0;
+ for ( node=pub_keyblock; node; node = node->next )
+ {
+ if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ break; /* ready */
+
+ if ( node->pkt->pkttype == PKT_PUBLIC_KEY )
+ {
+ main_pk = node->pkt->pkt.public_key;
+ keyid_from_pk( main_pk, keyid );
+ }
+ else if ( node->pkt->pkttype == PKT_USER_ID )
+ {
+ uid = node->pkt->pkt.user_id;
+ selected = select_all || (node->flag & NODFLG_SELUID);
+ }
+ else if ( main_pk && uid && selected
+ && node->pkt->pkttype == PKT_SIGNATURE )
+ {
+ PKT_signature *sig = node->pkt->pkt.signature;
+ if ( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
+ && (uid && (sig->sig_class&~3) == 0x10)
+ && sig->flags.chosen_selfsig)
+ {
+ char *user=utf8_to_native(uid->name,strlen(uid->name),0);
+ if( sig->version < 4 )
+ log_info(_("skipping v3 self-signature on user ID \"%s\"\n"),
+ user);
+ else
+ {
+ /* This is a selfsignature which is to be replaced
+ * We have to ignore v3 signatures because they are
+ * not able to carry the subpacket. */
+ PKT_signature *newsig;
+ PACKET *newpkt;
+ int rc;
+ const byte *p;
+ size_t plen;
+
+ p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
+ if(p && plen)
+ {
+ tty_printf("Current preferred keyserver for user"
+ " ID \"%s\": ",user);
+ tty_print_utf8_string(p,plen);
+ tty_printf("\n");
+ if(!cpr_get_answer_is_yes("keyedit.confirm_keyserver",
+ uri?_("Are you sure you want to replace it? (y/N) "):
+ _("Are you sure you want to delete it? (y/N) ")))
+ continue;
+ }
+ else if(uri==NULL)
+ {
+ /* There is no current keyserver URL, so there
+ is no point in trying to un-set it. */
+ continue;
+ }
+
+ rc = update_keysig_packet (&newsig, sig,
+ main_pk, uid, NULL,
+ sk,
+ keygen_add_keyserver_url, uri );
+ if( rc )
+ {
+ log_error ("update_keysig_packet failed: %s\n",
+ g10_errstr(rc));
+ free_secret_key( sk );
+ xfree(uri);
+ return 0;
+ }
+ /* replace the packet */
+ newpkt = xmalloc_clear( sizeof *newpkt );
+ newpkt->pkttype = PKT_SIGNATURE;
+ newpkt->pkt.signature = newsig;
+ free_packet( node->pkt );
+ xfree( node->pkt );
+ node->pkt = newpkt;
+ modified = 1;
+ }
+
+ xfree(user);
+ }
+ }
+ }
+
+ xfree(uri);
+ free_secret_key( sk );
+ return modified;
+}
+
+static int
+menu_set_notation(const char *string,KBNODE pub_keyblock,KBNODE sec_keyblock)
+{
+ PKT_secret_key *sk; /* copy of the main sk */
+ PKT_public_key *main_pk;
+ PKT_user_id *uid;
+ KBNODE node;
+ u32 keyid[2];
+ int selected, select_all;
+ int modified = 0;
+ char *answer;
+ struct notation *notation;
+
+ no_primary_warning(pub_keyblock);
+
+ if(string)
+ answer=xstrdup(string);
+ else
+ {
+ answer=cpr_get_utf8("keyedit.add_notation",
+ _("Enter the notation: "));
+ if(answer[0]=='\0' || answer[0]=='\004')
+ {
+ xfree(answer);
+ return 0;
+ }
+ }
+
+ if(ascii_strcasecmp(answer,"none")==0
+ || ascii_strcasecmp(answer,"-")==0)
+ notation=NULL; /* delete them all */
+ else
+ {
+ notation=string_to_notation(answer,0);
+ if(!notation)
+ {
+ xfree(answer);
+ return 0;
+ }
+ }
+
+ xfree(answer);
+
+ select_all = !count_selected_uids (pub_keyblock);
+
+ node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
+ sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
+
+ /* Now we can actually change the self signature(s) */
+ main_pk = NULL;
+ uid = NULL;
+ selected = 0;
+ for ( node=pub_keyblock; node; node = node->next )
+ {
+ if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ break; /* ready */
+
+ if ( node->pkt->pkttype == PKT_PUBLIC_KEY )
+ {
+ main_pk = node->pkt->pkt.public_key;
+ keyid_from_pk( main_pk, keyid );
+ }
+ else if ( node->pkt->pkttype == PKT_USER_ID )
+ {
+ uid = node->pkt->pkt.user_id;
+ selected = select_all || (node->flag & NODFLG_SELUID);
+ }
+ else if ( main_pk && uid && selected
+ && node->pkt->pkttype == PKT_SIGNATURE )
+ {
+ PKT_signature *sig = node->pkt->pkt.signature;
+ if ( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
+ && (uid && (sig->sig_class&~3) == 0x10)
+ && sig->flags.chosen_selfsig)
+ {
+ char *user=utf8_to_native(uid->name,strlen(uid->name),0);
+ if( sig->version < 4 )
+ log_info(_("skipping v3 self-signature on user ID \"%s\"\n"),
+ user);
+ else
+ {
+ PKT_signature *newsig;
+ PACKET *newpkt;
+ int rc,skip=0,addonly=1;
+
+ if(sig->flags.notation)
+ {
+ tty_printf("Current notations for user ID \"%s\":\n",
+ user);
+ tty_print_notations(-9,sig);
+ }
+ else
+ {
+ tty_printf("No notations on user ID \"%s\"\n",user);
+ if(notation==NULL)
+ {
+ /* There are no current notations, so there
+ is no point in trying to un-set them. */
+ continue;
+ }
+ }
+
+ if(notation)
+ {
+ struct notation *n;
+ int deleting=0;
+
+ notation->next=sig_to_notation(sig);
+
+ for(n=notation->next;n;n=n->next)
+ if(strcmp(n->name,notation->name)==0)
+ {
+ if(notation->value)
+ {
+ if(strcmp(n->value,notation->value)==0)
+ {
+ if(notation->flags.ignore)
+ {
+ /* Value match with a delete
+ flag. */
+ n->flags.ignore=1;
+ deleting=1;
+ }
+ else
+ {
+ /* Adding the same notation
+ twice, so don't add it at
+ all. */
+ skip=1;
+ tty_printf("Skipping notation:"
+ " %s=%s\n",
+ notation->name,
+ notation->value);
+ break;
+ }
+ }
+ }
+ else
+ {
+ /* No value, so it means delete. */
+ n->flags.ignore=1;
+ deleting=1;
+ }
+
+ if(n->flags.ignore)
+ {
+ tty_printf("Removing notation: %s=%s\n",
+ n->name,n->value);
+ addonly=0;
+ }
+ }
+
+ if(!notation->flags.ignore && !skip)
+ tty_printf("Adding notation: %s=%s\n",
+ notation->name,notation->value);
+
+ /* We tried to delete, but had no matches */
+ if(notation->flags.ignore && !deleting)
+ continue;
+ }
+ else
+ {
+ tty_printf("Removing all notations\n");
+ addonly=0;
+ }
+
+ if(skip
+ || (!addonly
+ && !cpr_get_answer_is_yes("keyedit.confirm_notation",
+ _("Proceed? (y/N) "))))
+ continue;
+
+ rc = update_keysig_packet (&newsig, sig,
+ main_pk, uid, NULL,
+ sk,
+ keygen_add_notations, notation );
+ if( rc )
+ {
+ log_error ("update_keysig_packet failed: %s\n",
+ g10_errstr(rc));
+ free_secret_key( sk );
+ free_notation(notation);
+ xfree(user);
+ return 0;
+ }
+
+ /* replace the packet */
+ newpkt = xmalloc_clear( sizeof *newpkt );
+ newpkt->pkttype = PKT_SIGNATURE;
+ newpkt->pkt.signature = newsig;
+ free_packet( node->pkt );
+ xfree( node->pkt );
+ node->pkt = newpkt;
+ modified = 1;
+
+ if(notation)
+ {
+ /* Snip off the notation list from the sig */
+ free_notation(notation->next);
+ notation->next=NULL;
+ }
+
+ xfree(user);
+ }
+ }
+ }
+ }
+
+ free_notation(notation);
+ free_secret_key( sk );
+ return modified;
+}
+
+
+/*
+ * Select one user id or remove all selection if IDX is 0 or select
+ * all if IDX is -1. Returns: True if the selection changed.
+ */
+static int
+menu_select_uid (KBNODE keyblock, int idx)
+{
+ KBNODE node;
+ int i;
+
+ if (idx == -1) /* Select all. */
+ {
+ for (node = keyblock; node; node = node->next)
+ if (node->pkt->pkttype == PKT_USER_ID)
+ node->flag |= NODFLG_SELUID;
+ return 1;
+ }
+ else if (idx) /* Toggle. */
+ {
+ for (i=0, node = keyblock; node; node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID)
+ if (++i == idx)
+ break;
+ }
+ if (!node)
+ {
+ tty_printf (_("No user ID with index %d\n"), idx );
+ return 0;
+ }
+
+ for (i=0, node = keyblock; node; node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID)
+ {
+ if (++i == idx)
+ {
+ if ((node->flag & NODFLG_SELUID))
+ node->flag &= ~NODFLG_SELUID;
+ else
+ node->flag |= NODFLG_SELUID;
+ }
+ }
+ }
+ }
+ else /* Unselect all */
+ {
+ for (node = keyblock; node; node = node->next)
+ if (node->pkt->pkttype == PKT_USER_ID)
+ node->flag &= ~NODFLG_SELUID;
+ }
+
+ return 1;
+}
+
+
+/* Search in the keyblock for a uid that matches namehash */
+static int
+menu_select_uid_namehash( KBNODE keyblock, const char *namehash )
+{
+ byte hash[NAMEHASH_LEN];
+ KBNODE node;
+ int i;
+
+ assert(strlen(namehash)==NAMEHASH_LEN*2);
+
+ for(i=0;i<NAMEHASH_LEN;i++)
+ hash[i]=hextobyte(&namehash[i*2]);
+
+ for(node=keyblock->next;node;node=node->next)
+ {
+ if(node->pkt->pkttype==PKT_USER_ID)
+ {
+ namehash_from_uid(node->pkt->pkt.user_id);
+ if(memcmp(node->pkt->pkt.user_id->namehash,hash,NAMEHASH_LEN)==0)
+ {
+ if(node->flag&NODFLG_SELUID)
+ node->flag &= ~NODFLG_SELUID;
+ else
+ node->flag |= NODFLG_SELUID;
+
+ break;
+ }
+ }
+ }
+
+ if(!node)
+ {
+ tty_printf(_("No user ID with hash %s\n"),namehash);
+ return 0;
+ }
+
+ return 1;
+}
+
+/****************
+ * Select secondary keys
+ * Returns: True if the selection changed.
+ */
+static int
+menu_select_key (KBNODE keyblock, int idx)
+{
+ KBNODE node;
+ int i;
+
+ if (idx == -1) /* Select all. */
+ {
+ for (node = keyblock; node; node = node->next)
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY)
+ node->flag |= NODFLG_SELKEY;
+ }
+ else if (idx) /* Toggle selection. */
+ {
+ for (i=0, node = keyblock; node; node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY)
+ if (++i == idx)
+ break;
+ }
+ if (!node)
+ {
+ tty_printf (_("No subkey with index %d\n"), idx );
+ return 0;
+ }
+
+ for (i=0, node = keyblock; node; node = node->next)
+ {
+ if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY )
+ if (++i == idx)
+ {
+ if ((node->flag & NODFLG_SELKEY))
+ node->flag &= ~NODFLG_SELKEY;
+ else
+ node->flag |= NODFLG_SELKEY;
+ }
+ }
+ }
+ else /* Unselect all. */
+ {
+ for (node = keyblock; node; node = node->next)
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY)
+ node->flag &= ~NODFLG_SELKEY;
+ }
+
+ return 1;
+}
+
+
+static int
+count_uids_with_flag( KBNODE keyblock, unsigned flag )
+{
+ KBNODE node;
+ int i=0;
+
+ for( node = keyblock; node; node = node->next )
+ if( node->pkt->pkttype == PKT_USER_ID && (node->flag & flag) )
+ i++;
+ return i;
+}
+
+static int
+count_keys_with_flag( KBNODE keyblock, unsigned flag )
+{
+ KBNODE node;
+ int i=0;
+
+ for( node = keyblock; node; node = node->next )
+ if( ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY)
+ && (node->flag & flag) )
+ i++;
+ return i;
+}
+
+static int
+count_uids( KBNODE keyblock )
+{
+ KBNODE node;
+ int i=0;
+
+ for( node = keyblock; node; node = node->next )
+ if( node->pkt->pkttype == PKT_USER_ID )
+ i++;
+ return i;
+}
+
+
+/****************
+ * Returns true if there is at least one selected user id
+ */
+static int
+count_selected_uids( KBNODE keyblock )
+{
+ return count_uids_with_flag( keyblock, NODFLG_SELUID);
+}
+
+static int
+count_selected_keys( KBNODE keyblock )
+{
+ return count_keys_with_flag( keyblock, NODFLG_SELKEY);
+}
+
+/* returns how many real (i.e. not attribute) uids are unmarked */
+static int
+real_uids_left( KBNODE keyblock )
+{
+ KBNODE node;
+ int real=0;
+
+ for(node=keyblock;node;node=node->next)
+ if(node->pkt->pkttype==PKT_USER_ID && !(node->flag&NODFLG_SELUID) &&
+ !node->pkt->pkt.user_id->attrib_data)
+ real++;
+
+ return real;
+}
+
+/*
+ * Ask whether the signature should be revoked. If the user commits this,
+ * flag bit MARK_A is set on the signature and the user ID.
+ */
+static void
+ask_revoke_sig( KBNODE keyblock, KBNODE node )
+{
+ int doit=0;
+ PKT_user_id *uid;
+ PKT_signature *sig = node->pkt->pkt.signature;
+ KBNODE unode = find_prev_kbnode( keyblock, node, PKT_USER_ID );
+
+ if( !unode ) {
+ log_error("Oops: no user ID for signature\n");
+ return;
+ }
+
+ uid=unode->pkt->pkt.user_id;
+
+ if(opt.with_colons)
+ {
+ if(uid->attrib_data)
+ printf("uat:::::::::%u %lu",uid->numattribs,uid->attrib_len);
+ else
+ {
+ printf("uid:::::::::");
+ print_string (stdout, uid->name, uid->len, ':');
+ }
+
+ printf("\n");
+
+ print_and_check_one_sig_colon(keyblock,node,NULL,NULL,NULL,NULL,1);
+ }
+ else
+ {
+ char *p=utf8_to_native(unode->pkt->pkt.user_id->name,
+ unode->pkt->pkt.user_id->len,0);
+ tty_printf(_("user ID: \"%s\"\n"),p);
+ xfree(p);
+
+ tty_printf(_("signed by your key %s on %s%s%s\n"),
+ keystr(sig->keyid),datestr_from_sig(sig),
+ sig->flags.exportable?"":_(" (non-exportable)"),"");
+ }
+ if(sig->flags.expired)
+ {
+ tty_printf(_("This signature expired on %s.\n"),
+ expirestr_from_sig(sig));
+ /* Use a different question so we can have different help text */
+ doit=cpr_get_answer_is_yes("ask_revoke_sig.expired",
+ _("Are you sure you still want to revoke it? (y/N) "));
+ }
+ else
+ doit=cpr_get_answer_is_yes("ask_revoke_sig.one",
+ _("Create a revocation certificate for this signature? (y/N) "));
+
+ if(doit) {
+ node->flag |= NODFLG_MARK_A;
+ unode->flag |= NODFLG_MARK_A;
+ }
+}
+
+/****************
+ * Display all user ids of the current public key together with signatures
+ * done by one of our keys. Then walk over all this sigs and ask the user
+ * whether he wants to revoke this signature.
+ * Return: True when the keyblock has changed.
+ */
+static int
+menu_revsig( KBNODE keyblock )
+{
+ PKT_signature *sig;
+ PKT_public_key *primary_pk;
+ KBNODE node;
+ int changed = 0;
+ int rc, any, skip=1, all=!count_selected_uids(keyblock);
+ struct revocation_reason_info *reason = NULL;
+
+ assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
+
+ /* First check whether we have any signatures at all. */
+ any = 0;
+ for (node = keyblock; node; node = node->next )
+ {
+ node->flag &= ~(NODFLG_SELSIG | NODFLG_MARK_A);
+ if (node->pkt->pkttype == PKT_USER_ID) {
+ if (node->flag&NODFLG_SELUID || all)
+ skip = 0;
+ else
+ skip = 1;
+ }
+ else if (!skip && node->pkt->pkttype == PKT_SIGNATURE
+ && ((sig = node->pkt->pkt.signature),
+ !seckey_available(sig->keyid) ))
+ {
+ if ((sig->sig_class&~3) == 0x10)
+ {
+ any = 1;
+ break;
+ }
+ }
+ }
+
+ if (!any)
+ {
+ tty_printf (_("Not signed by you.\n"));
+ return 0;
+ }
+
+
+ /* FIXME: detect duplicates here */
+ tty_printf(_("You have signed these user IDs on key %s:\n"),
+ keystr_from_pk(keyblock->pkt->pkt.public_key));
+ for( node = keyblock; node; node = node->next ) {
+ node->flag &= ~(NODFLG_SELSIG | NODFLG_MARK_A);
+ if( node->pkt->pkttype == PKT_USER_ID ) {
+ if( node->flag&NODFLG_SELUID || all ) {
+ PKT_user_id *uid = node->pkt->pkt.user_id;
+ /* Hmmm: Should we show only UIDs with a signature? */
+ tty_printf(" ");
+ tty_print_utf8_string( uid->name, uid->len );
+ tty_printf("\n");
+ skip=0;
+ }
+ else
+ skip=1;
+ }
+ else if( !skip && node->pkt->pkttype == PKT_SIGNATURE
+ && ((sig = node->pkt->pkt.signature),
+ !seckey_available(sig->keyid) ) )
+ {
+ if( (sig->sig_class&~3) == 0x10 )
+ {
+ tty_printf(" ");
+ tty_printf(_("signed by your key %s on %s%s%s\n"),
+ keystr(sig->keyid), datestr_from_sig(sig),
+ sig->flags.exportable?"":_(" (non-exportable)"),
+ sig->flags.revocable?"":_(" (non-revocable)"));
+ if(sig->flags.revocable)
+ node->flag |= NODFLG_SELSIG;
+ }
+ else if( sig->sig_class == 0x30 )
+ {
+ tty_printf(" ");
+ tty_printf(_("revoked by your key %s on %s\n"),
+ keystr(sig->keyid),datestr_from_sig(sig));
+ }
+ }
+ }
+
+ tty_printf("\n");
+
+ /* ask */
+ for( node = keyblock; node; node = node->next ) {
+ if( !(node->flag & NODFLG_SELSIG) )
+ continue;
+ ask_revoke_sig( keyblock, node );
+ }
+
+ /* present selected */
+ any = 0;
+ for( node = keyblock; node; node = node->next ) {
+ if( !(node->flag & NODFLG_MARK_A) )
+ continue;
+ if( !any ) {
+ any = 1;
+ tty_printf(_("You are about to revoke these signatures:\n"));
+ }
+ if( node->pkt->pkttype == PKT_USER_ID ) {
+ PKT_user_id *uid = node->pkt->pkt.user_id;
+ tty_printf(" ");
+ tty_print_utf8_string( uid->name, uid->len );
+ tty_printf("\n");
+ }
+ else if( node->pkt->pkttype == PKT_SIGNATURE ) {
+ sig = node->pkt->pkt.signature;
+ tty_printf(" ");
+ tty_printf(_("signed by your key %s on %s%s%s\n"),
+ keystr(sig->keyid), datestr_from_sig(sig),"",
+ sig->flags.exportable?"":_(" (non-exportable)") );
+ }
+ }
+ if( !any )
+ return 0; /* none selected */
+
+ if( !cpr_get_answer_is_yes("ask_revoke_sig.okay",
+ _("Really create the revocation certificates? (y/N) ")) )
+ return 0; /* forget it */
+
+ reason = ask_revocation_reason( 0, 1, 0 );
+ if( !reason ) { /* user decided to cancel */
+ return 0;
+ }
+
+ /* now we can sign the user ids */
+ reloop: /* (must use this, because we are modifing the list) */
+ primary_pk = keyblock->pkt->pkt.public_key;
+ for( node=keyblock; node; node = node->next ) {
+ KBNODE unode;
+ PACKET *pkt;
+ struct sign_attrib attrib;
+ PKT_secret_key *sk;
+
+ if( !(node->flag & NODFLG_MARK_A)
+ || node->pkt->pkttype != PKT_SIGNATURE )
+ continue;
+ unode = find_prev_kbnode( keyblock, node, PKT_USER_ID );
+ assert( unode ); /* we already checked this */
+
+ memset( &attrib, 0, sizeof attrib );
+ attrib.reason = reason;
+ attrib.non_exportable=!node->pkt->pkt.signature->flags.exportable;
+
+ node->flag &= ~NODFLG_MARK_A;
+ sk = xmalloc_secure_clear( sizeof *sk );
+ if( get_seckey( sk, node->pkt->pkt.signature->keyid ) ) {
+ log_info(_("no secret key\n"));
+ continue;
+ }
+ rc = make_keysig_packet( &sig, primary_pk,
+ unode->pkt->pkt.user_id,
+ NULL,
+ sk,
+ 0x30, 0, 0, 0, 0,
+ sign_mk_attrib,
+ &attrib );
+ free_secret_key(sk);
+ if( rc ) {
+ log_error(_("signing failed: %s\n"), g10_errstr(rc));
+ release_revocation_reason_info( reason );
+ return changed;
+ }
+ changed = 1; /* we changed the keyblock */
+ update_trust = 1;
+ /* Are we revoking our own uid? */
+ if(primary_pk->keyid[0]==sig->keyid[0] &&
+ primary_pk->keyid[1]==sig->keyid[1])
+ unode->pkt->pkt.user_id->is_revoked=1;
+ pkt = xmalloc_clear( sizeof *pkt );
+ pkt->pkttype = PKT_SIGNATURE;
+ pkt->pkt.signature = sig;
+ insert_kbnode( unode, new_kbnode(pkt), 0 );
+ goto reloop;
+ }
+
+ release_revocation_reason_info( reason );
+ return changed;
+}
+
+/* Revoke a user ID (i.e. revoke a user ID selfsig). Return true if
+ keyblock changed. */
+static int
+menu_revuid( KBNODE pub_keyblock, KBNODE sec_keyblock )
+{
+ PKT_public_key *pk = pub_keyblock->pkt->pkt.public_key;
+ PKT_secret_key *sk = copy_secret_key( NULL,
+ sec_keyblock->pkt->pkt.secret_key );
+ KBNODE node;
+ int changed = 0;
+ int rc;
+ struct revocation_reason_info *reason = NULL;
+
+ /* Note that this is correct as per the RFCs, but nevertheless
+ somewhat meaningless in the real world. 1991 did define the 0x30
+ sig class, but PGP 2.x did not actually implement it, so it would
+ probably be safe to use v4 revocations everywhere. -ds */
+
+ for( node = pub_keyblock; node; node = node->next )
+ if(pk->version>3 || (node->pkt->pkttype==PKT_USER_ID &&
+ node->pkt->pkt.user_id->selfsigversion>3))
+ {
+ if((reason = ask_revocation_reason( 0, 1, 4 )))
+ break;
+ else
+ goto leave;
+ }
+
+ reloop: /* (better this way because we are modifing the keyring) */
+ for( node = pub_keyblock; node; node = node->next )
+ if(node->pkt->pkttype == PKT_USER_ID && (node->flag & NODFLG_SELUID))
+ {
+ PKT_user_id *uid=node->pkt->pkt.user_id;
+
+ if(uid->is_revoked)
+ {
+ char *user=utf8_to_native(uid->name,uid->len,0);
+ log_info(_("user ID \"%s\" is already revoked\n"),user);
+ xfree(user);
+ }
+ else
+ {
+ PACKET *pkt;
+ PKT_signature *sig;
+ struct sign_attrib attrib;
+ u32 timestamp=make_timestamp();
+
+ if(uid->created>=timestamp)
+ {
+ /* Okay, this is a problem. The user ID selfsig was
+ created in the future, so we need to warn the user and
+ set our revocation timestamp one second after that so
+ everything comes out clean. */
+
+ log_info(_("WARNING: a user ID signature is dated %d"
+ " seconds in the future\n"),uid->created-timestamp);
+
+ timestamp=uid->created+1;
+ }
+
+ memset( &attrib, 0, sizeof attrib );
+ attrib.reason = reason;
+
+ node->flag &= ~NODFLG_SELUID;
+
+ rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x30, 0,
+ (reason==NULL)?3:0, timestamp, 0,
+ sign_mk_attrib, &attrib );
+ if( rc )
+ {
+ log_error(_("signing failed: %s\n"), g10_errstr(rc));
+ goto leave;
+ }
+ else
+ {
+ pkt = xmalloc_clear( sizeof *pkt );
+ pkt->pkttype = PKT_SIGNATURE;
+ pkt->pkt.signature = sig;
+ insert_kbnode( node, new_kbnode(pkt), 0 );
+
+ /* If the trustdb has an entry for this key+uid then the
+ trustdb needs an update. */
+ if(!update_trust
+ && (get_validity(pk,uid)&TRUST_MASK)>=TRUST_UNDEFINED)
+ update_trust=1;
+
+ changed = 1;
+ node->pkt->pkt.user_id->is_revoked=1;
+
+ goto reloop;
+ }
+ }
+ }
+
+ if(changed)
+ commit_kbnode( &pub_keyblock );
+
+ leave:
+ free_secret_key(sk);
+ release_revocation_reason_info( reason );
+ return changed;
+}
+
+/****************
+ * Revoke the whole key.
+ */
+static int
+menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
+{
+ PKT_public_key *pk=pub_keyblock->pkt->pkt.public_key;
+ PKT_secret_key *sk;
+ int rc,changed = 0;
+ struct revocation_reason_info *reason;
+ PACKET *pkt;
+ PKT_signature *sig;
+
+ if(pk->is_revoked)
+ {
+ tty_printf(_("Key %s is already revoked.\n"),keystr_from_pk(pk));
+ return 0;
+ }
+
+ reason = ask_revocation_reason( 1, 0, 0 );
+ /* user decided to cancel */
+ if( !reason )
+ return 0;
+
+ sk = copy_secret_key( NULL, sec_keyblock->pkt->pkt.secret_key );
+ rc = make_keysig_packet( &sig, pk, NULL, NULL, sk,
+ 0x20, 0, opt.force_v4_certs?4:0, 0, 0,
+ revocation_reason_build_cb, reason );
+ free_secret_key(sk);
+ if( rc )
+ {
+ log_error(_("signing failed: %s\n"), g10_errstr(rc));
+ goto scram;
+ }
+
+ changed = 1; /* we changed the keyblock */
+
+ pkt = xmalloc_clear( sizeof *pkt );
+ pkt->pkttype = PKT_SIGNATURE;
+ pkt->pkt.signature = sig;
+ insert_kbnode( pub_keyblock, new_kbnode(pkt), 0 );
+ commit_kbnode( &pub_keyblock );
+
+ update_trust=1;
+
+ scram:
+ release_revocation_reason_info( reason );
+ return changed;
+}
+
+static int
+menu_revsubkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
+{
+ PKT_public_key *mainpk;
+ KBNODE node;
+ int changed = 0;
+ int rc;
+ struct revocation_reason_info *reason = NULL;
+
+ reason = ask_revocation_reason( 1, 0, 0 );
+ if( !reason ) { /* user decided to cancel */
+ return 0;
+ }
+
+ reloop: /* (better this way because we are modifing the keyring) */
+ mainpk = pub_keyblock->pkt->pkt.public_key;
+ for( node = pub_keyblock; node; node = node->next ) {
+ if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ && (node->flag & NODFLG_SELKEY) ) {
+ PACKET *pkt;
+ PKT_signature *sig;
+ PKT_secret_key *sk;
+ PKT_public_key *subpk = node->pkt->pkt.public_key;
+ struct sign_attrib attrib;
+
+ if(subpk->is_revoked)
+ {
+ tty_printf(_("Subkey %s is already revoked.\n"),
+ keystr_from_pk(subpk));
+ continue;
+ }
+
+ memset( &attrib, 0, sizeof attrib );
+ attrib.reason = reason;
+
+ node->flag &= ~NODFLG_SELKEY;
+ sk = copy_secret_key( NULL, sec_keyblock->pkt->pkt.secret_key );
+ rc = make_keysig_packet( &sig, mainpk, NULL, subpk, sk,
+ 0x28, 0, 0, 0, 0,
+ sign_mk_attrib, &attrib );
+ free_secret_key(sk);
+ if( rc ) {
+ log_error(_("signing failed: %s\n"), g10_errstr(rc));
+ release_revocation_reason_info( reason );
+ return changed;
+ }
+ changed = 1; /* we changed the keyblock */
+
+ pkt = xmalloc_clear( sizeof *pkt );
+ pkt->pkttype = PKT_SIGNATURE;
+ pkt->pkt.signature = sig;
+ insert_kbnode( node, new_kbnode(pkt), 0 );
+ goto reloop;
+ }
+ }
+ commit_kbnode( &pub_keyblock );
+ /*commit_kbnode( &sec_keyblock );*/
+
+ /* No need to set update_trust here since signing keys no longer
+ are used to certify other keys, so there is no change in trust
+ when revoking/removing them */
+
+ release_revocation_reason_info( reason );
+ return changed;
+}
+
+/* Note that update_ownertrust is going to mark the trustdb dirty when
+ enabling or disabling a key. This is arguably sub-optimal as
+ disabled keys are still counted in the web of trust, but perhaps
+ not worth adding extra complexity to change. -ds */
+static int
+enable_disable_key( KBNODE keyblock, int disable )
+{
+ PKT_public_key *pk = find_kbnode( keyblock, PKT_PUBLIC_KEY )
+ ->pkt->pkt.public_key;
+ unsigned int trust, newtrust;
+
+ trust = newtrust = get_ownertrust (pk);
+ newtrust &= ~TRUST_FLAG_DISABLED;
+ if( disable )
+ newtrust |= TRUST_FLAG_DISABLED;
+ if( trust == newtrust )
+ return 0; /* already in that state */
+ update_ownertrust(pk, newtrust );
+ return 0;
+}
+
+
+static void
+menu_showphoto( KBNODE keyblock )
+{
+ KBNODE node;
+ int select_all = !count_selected_uids(keyblock);
+ int count=0;
+ PKT_public_key *pk=NULL;
+
+ /* Look for the public key first. We have to be really, really,
+ explicit as to which photo this is, and what key it is a UID on
+ since people may want to sign it. */
+
+ for( node = keyblock; node; node = node->next )
+ {
+ if( node->pkt->pkttype == PKT_PUBLIC_KEY )
+ pk = node->pkt->pkt.public_key;
+ else if( node->pkt->pkttype == PKT_USER_ID )
+ {
+ PKT_user_id *uid = node->pkt->pkt.user_id;
+ count++;
+
+ if((select_all || (node->flag & NODFLG_SELUID)) &&
+ uid->attribs!=NULL)
+ {
+ int i;
+
+ for(i=0;i<uid->numattribs;i++)
+ {
+ byte type;
+ u32 size;
+
+ if(uid->attribs[i].type==ATTRIB_IMAGE &&
+ parse_image_header(&uid->attribs[i],&type,&size))
+ {
+ tty_printf(_("Displaying %s photo ID of size %ld for "
+ "key %s (uid %d)\n"),
+ image_type_to_string(type,1),
+ (ulong)size,keystr_from_pk(pk),count);
+ show_photos(&uid->attribs[i],1,pk,NULL,uid);
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/g10/keygen.c b/g10/keygen.c
new file mode 100644
index 0000000..8c3e9f6
--- /dev/null
+++ b/g10/keygen.c
@@ -0,0 +1,4316 @@
+/* keygen.c - generate a key pair
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+ * 2006, 2007, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <assert.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "main.h"
+#include "packet.h"
+#include "cipher.h"
+#include "ttyio.h"
+#include "options.h"
+#include "keydb.h"
+#include "trustdb.h"
+#include "status.h"
+#include "i18n.h"
+#include "keyserver-internal.h"
+#include "call-agent.h"
+
+/* The default algorithms. If you change them remember to change them
+ also in gpg.c:gpgconf_list. You should also check that the value
+ is inside the bounds enforced by ask_keysize and gen_xxx. */
+#define DEFAULT_STD_ALGO GCRY_PK_RSA
+#define DEFAULT_STD_KEYSIZE 2048
+
+
+#define MAX_PREFS 30
+
+enum para_name {
+ pKEYTYPE,
+ pKEYLENGTH,
+ pKEYUSAGE,
+ pSUBKEYTYPE,
+ pSUBKEYLENGTH,
+ pSUBKEYUSAGE,
+ pAUTHKEYTYPE,
+ pNAMEREAL,
+ pNAMEEMAIL,
+ pNAMECOMMENT,
+ pPREFERENCES,
+ pREVOKER,
+ pUSERID,
+ pCREATIONDATE,
+ pKEYCREATIONDATE, /* Same in seconds since epoch. */
+ pEXPIREDATE,
+ pKEYEXPIRE, /* in n seconds */
+ pSUBKEYEXPIRE, /* in n seconds */
+ pPASSPHRASE,
+ pPASSPHRASE_DEK,
+ pPASSPHRASE_S2K,
+ pSERIALNO,
+ pBACKUPENCDIR,
+ pHANDLE,
+ pKEYSERVER
+};
+
+struct para_data_s {
+ struct para_data_s *next;
+ int lnr;
+ enum para_name key;
+ union {
+ DEK *dek;
+ STRING2KEY *s2k;
+ u32 expire;
+ u32 creation;
+ unsigned int usage;
+ struct revocation_key revkey;
+ char value[1];
+ } u;
+};
+
+struct output_control_s {
+ int lnr;
+ int dryrun;
+ int ask_passphrase;
+ int use_files;
+ struct {
+ char *fname;
+ char *newfname;
+ IOBUF stream;
+ armor_filter_context_t *afx;
+ } pub;
+ struct {
+ char *fname;
+ char *newfname;
+ IOBUF stream;
+ armor_filter_context_t *afx;
+ } sec;
+};
+
+
+struct opaque_data_usage_and_pk {
+ unsigned int usage;
+ PKT_public_key *pk;
+};
+
+
+static int prefs_initialized = 0;
+static byte sym_prefs[MAX_PREFS];
+static int nsym_prefs;
+static byte hash_prefs[MAX_PREFS];
+static int nhash_prefs;
+static byte zip_prefs[MAX_PREFS];
+static int nzip_prefs;
+static int mdc_available,ks_modify;
+
+static void do_generate_keypair( struct para_data_s *para,
+ struct output_control_s *outctrl, int card );
+static int write_keyblock( IOBUF out, KBNODE node );
+static int gen_card_key (int algo, int keyno, int is_primary,
+ KBNODE pub_root, KBNODE sec_root,
+ PKT_secret_key **ret_sk,
+ u32 *timestamp,
+ u32 expireval, struct para_data_s *para);
+static int gen_card_key_with_backup (int algo, int keyno, int is_primary,
+ KBNODE pub_root, KBNODE sec_root,
+ u32 timestamp,
+ u32 expireval, struct para_data_s *para,
+ const char *backup_dir);
+
+
+static void
+print_status_key_created (int letter, PKT_public_key *pk, const char *handle)
+{
+ byte array[MAX_FINGERPRINT_LEN], *s;
+ char *buf, *p;
+ size_t i, n;
+
+ if (!handle)
+ handle = "";
+
+ buf = xmalloc (MAX_FINGERPRINT_LEN*2+31 + strlen (handle) + 1);
+
+ p = buf;
+ if (letter || pk)
+ {
+ *p++ = letter;
+ *p++ = ' ';
+ fingerprint_from_pk (pk, array, &n);
+ s = array;
+ for (i=0; i < n ; i++, s++, p += 2)
+ sprintf (p, "%02X", *s);
+ }
+ if (*handle)
+ {
+ *p++ = ' ';
+ for (i=0; handle[i] && i < 100; i++)
+ *p++ = isspace ((unsigned int)handle[i])? '_':handle[i];
+ }
+ *p = 0;
+ write_status_text ((letter || pk)?STATUS_KEY_CREATED:STATUS_KEY_NOT_CREATED,
+ buf);
+ xfree (buf);
+}
+
+static void
+print_status_key_not_created (const char *handle)
+{
+ print_status_key_created (0, NULL, handle);
+}
+
+
+
+static void
+write_uid( KBNODE root, const char *s )
+{
+ PACKET *pkt = xmalloc_clear(sizeof *pkt );
+ size_t n = strlen(s);
+
+ pkt->pkttype = PKT_USER_ID;
+ pkt->pkt.user_id = xmalloc_clear( sizeof *pkt->pkt.user_id + n - 1 );
+ pkt->pkt.user_id->len = n;
+ pkt->pkt.user_id->ref = 1;
+ strcpy(pkt->pkt.user_id->name, s);
+ add_kbnode( root, new_kbnode( pkt ) );
+}
+
+static void
+do_add_key_flags (PKT_signature *sig, unsigned int use)
+{
+ byte buf[1];
+
+ buf[0] = 0;
+
+ /* The spec says that all primary keys MUST be able to certify. */
+ if(sig->sig_class!=0x18)
+ buf[0] |= 0x01;
+
+ if (use & PUBKEY_USAGE_SIG)
+ buf[0] |= 0x02;
+ if (use & PUBKEY_USAGE_ENC)
+ buf[0] |= 0x04 | 0x08;
+ if (use & PUBKEY_USAGE_AUTH)
+ buf[0] |= 0x20;
+
+ if (!buf[0])
+ return;
+
+ build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
+}
+
+
+int
+keygen_add_key_expire( PKT_signature *sig, void *opaque )
+{
+ PKT_public_key *pk = opaque;
+ byte buf[8];
+ u32 u;
+
+ if( pk->expiredate ) {
+ if(pk->expiredate > pk->timestamp)
+ u= pk->expiredate - pk->timestamp;
+ else
+ u= 1;
+
+ buf[0] = (u >> 24) & 0xff;
+ buf[1] = (u >> 16) & 0xff;
+ buf[2] = (u >> 8) & 0xff;
+ buf[3] = u & 0xff;
+ build_sig_subpkt( sig, SIGSUBPKT_KEY_EXPIRE, buf, 4 );
+ }
+ else
+ {
+ /* Make sure we don't leave a key expiration subpacket lying
+ around */
+ delete_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE);
+ }
+
+ return 0;
+}
+
+static int
+keygen_add_key_flags_and_expire (PKT_signature *sig, void *opaque)
+{
+ struct opaque_data_usage_and_pk *oduap = opaque;
+
+ do_add_key_flags (sig, oduap->usage);
+ return keygen_add_key_expire (sig, oduap->pk);
+}
+
+static int
+set_one_pref (int val, int type, const char *item, byte *buf, int *nbuf)
+{
+ int i;
+
+ for (i=0; i < *nbuf; i++ )
+ if (buf[i] == val)
+ {
+ log_info (_("preference `%s' duplicated\n"), item);
+ return -1;
+ }
+
+ if (*nbuf >= MAX_PREFS)
+ {
+ if(type==1)
+ log_info(_("too many cipher preferences\n"));
+ else if(type==2)
+ log_info(_("too many digest preferences\n"));
+ else if(type==3)
+ log_info(_("too many compression preferences\n"));
+ else
+ BUG();
+
+ return -1;
+ }
+
+ buf[(*nbuf)++] = val;
+ return 0;
+}
+
+/*
+ * Parse the supplied string and use it to set the standard
+ * preferences. The string may be in a form like the one printed by
+ * "pref" (something like: "S10 S3 H3 H2 Z2 Z1") or the actual
+ * cipher/hash/compress names. Use NULL to set the default
+ * preferences. Returns: 0 = okay
+ */
+int
+keygen_set_std_prefs (const char *string,int personal)
+{
+ byte sym[MAX_PREFS], hash[MAX_PREFS], zip[MAX_PREFS];
+ int nsym=0, nhash=0, nzip=0, val, rc=0;
+ int mdc=1, modify=0; /* mdc defaults on, modify defaults off. */
+ char dummy_string[20*4+1]; /* Enough for 20 items. */
+
+ if (!string || !ascii_strcasecmp (string, "default"))
+ {
+ if (opt.def_preference_list)
+ string=opt.def_preference_list;
+ else
+ {
+ dummy_string[0]='\0';
+
+ /* The rationale why we use the order AES256,192,128 is
+ for compatibility reasons with PGP. If gpg would
+ define AES128 first, we would get the somewhat
+ confusing situation:
+
+ gpg -r pgpkey -r gpgkey ---gives--> AES256
+ gpg -r gpgkey -r pgpkey ---gives--> AES
+
+ Note that by using --personal-cipher-preferences it is
+ possible to prefer AES128.
+ */
+
+ /* Make sure we do not add more than 15 items here, as we
+ could overflow the size of dummy_string. We currently
+ have at most 12. */
+ if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES256) )
+ strcat(dummy_string,"S9 ");
+ if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES192) )
+ strcat(dummy_string,"S8 ");
+ if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES) )
+ strcat(dummy_string,"S7 ");
+ if ( !openpgp_cipher_test_algo (CIPHER_ALGO_CAST5) )
+ strcat(dummy_string,"S3 ");
+ strcat(dummy_string,"S2 "); /* 3DES */
+ /* If we have it, IDEA goes *after* 3DES so it won't be
+ used unless we're encrypting along with a V3 key.
+ Ideally, we would only put the S1 preference in if the
+ key was RSA and <=2048 bits, as that is what won't
+ break PGP2, but that is difficult with the current
+ code, and not really worth checking as a non-RSA <=2048
+ bit key wouldn't be usable by PGP2 anyway. -dms */
+ if ( !openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) )
+ strcat(dummy_string,"S1 ");
+
+
+ /* The default hash algo order is:
+ SHA-256, SHA-1, SHA-384, SHA-512, SHA-224.
+ Ordering SHA-1 before SHA-384 might be viewed as a bit
+ strange; it is done because we expect that soon enough
+ SHA-3 will be available and at that point there should
+ be no more need for SHA-384 etc. Anyway this order is
+ just a default and can easily be changed by a config
+ option. */
+ if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
+ strcat (dummy_string, "H8 ");
+
+ strcat (dummy_string, "H2 "); /* SHA-1 */
+
+ if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384))
+ strcat (dummy_string, "H9 ");
+
+ if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
+ strcat (dummy_string, "H10 ");
+
+ if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224))
+ strcat (dummy_string, "H11 ");
+
+
+ /* ZLIB */
+ strcat(dummy_string,"Z2 ");
+
+ if(!check_compress_algo(COMPRESS_ALGO_BZIP2))
+ strcat(dummy_string,"Z3 ");
+
+ /* ZIP */
+ strcat(dummy_string,"Z1");
+
+ string=dummy_string;
+ }
+ }
+ else if (!ascii_strcasecmp (string, "none"))
+ string = "";
+
+ if(strlen(string))
+ {
+ char *tok,*prefstring;
+
+ prefstring=xstrdup(string); /* need a writable string! */
+
+ while((tok=strsep(&prefstring," ,")))
+ {
+ if((val=string_to_cipher_algo (tok)))
+ {
+ if(set_one_pref(val,1,tok,sym,&nsym))
+ rc=-1;
+ }
+ else if((val=string_to_digest_algo (tok)))
+ {
+ if(set_one_pref(val,2,tok,hash,&nhash))
+ rc=-1;
+ }
+ else if((val=string_to_compress_algo(tok))>-1)
+ {
+ if(set_one_pref(val,3,tok,zip,&nzip))
+ rc=-1;
+ }
+ else if (ascii_strcasecmp(tok,"mdc")==0)
+ mdc=1;
+ else if (ascii_strcasecmp(tok,"no-mdc")==0)
+ mdc=0;
+ else if (ascii_strcasecmp(tok,"ks-modify")==0)
+ modify=1;
+ else if (ascii_strcasecmp(tok,"no-ks-modify")==0)
+ modify=0;
+ else
+ {
+ log_info (_("invalid item `%s' in preference string\n"),tok);
+
+ /* Complain if IDEA is not available. */
+ if(ascii_strcasecmp(tok,"s1")==0
+ || ascii_strcasecmp(tok,"idea")==0)
+ idea_cipher_warn(1);
+
+ rc=-1;
+ }
+ }
+
+ xfree(prefstring);
+ }
+
+ if(!rc)
+ {
+ if(personal)
+ {
+ if(personal==PREFTYPE_SYM)
+ {
+ xfree(opt.personal_cipher_prefs);
+
+ if(nsym==0)
+ opt.personal_cipher_prefs=NULL;
+ else
+ {
+ int i;
+
+ opt.personal_cipher_prefs=
+ xmalloc(sizeof(prefitem_t *)*(nsym+1));
+
+ for (i=0; i<nsym; i++)
+ {
+ opt.personal_cipher_prefs[i].type = PREFTYPE_SYM;
+ opt.personal_cipher_prefs[i].value = sym[i];
+ }
+
+ opt.personal_cipher_prefs[i].type = PREFTYPE_NONE;
+ opt.personal_cipher_prefs[i].value = 0;
+ }
+ }
+ else if(personal==PREFTYPE_HASH)
+ {
+ xfree(opt.personal_digest_prefs);
+
+ if(nhash==0)
+ opt.personal_digest_prefs=NULL;
+ else
+ {
+ int i;
+
+ opt.personal_digest_prefs=
+ xmalloc(sizeof(prefitem_t *)*(nhash+1));
+
+ for (i=0; i<nhash; i++)
+ {
+ opt.personal_digest_prefs[i].type = PREFTYPE_HASH;
+ opt.personal_digest_prefs[i].value = hash[i];
+ }
+
+ opt.personal_digest_prefs[i].type = PREFTYPE_NONE;
+ opt.personal_digest_prefs[i].value = 0;
+ }
+ }
+ else if(personal==PREFTYPE_ZIP)
+ {
+ xfree(opt.personal_compress_prefs);
+
+ if(nzip==0)
+ opt.personal_compress_prefs=NULL;
+ else
+ {
+ int i;
+
+ opt.personal_compress_prefs=
+ xmalloc(sizeof(prefitem_t *)*(nzip+1));
+
+ for (i=0; i<nzip; i++)
+ {
+ opt.personal_compress_prefs[i].type = PREFTYPE_ZIP;
+ opt.personal_compress_prefs[i].value = zip[i];
+ }
+
+ opt.personal_compress_prefs[i].type = PREFTYPE_NONE;
+ opt.personal_compress_prefs[i].value = 0;
+ }
+ }
+ }
+ else
+ {
+ memcpy (sym_prefs, sym, (nsym_prefs=nsym));
+ memcpy (hash_prefs, hash, (nhash_prefs=nhash));
+ memcpy (zip_prefs, zip, (nzip_prefs=nzip));
+ mdc_available = mdc;
+ ks_modify = modify;
+ prefs_initialized = 1;
+ }
+ }
+
+ return rc;
+}
+
+/* Return a fake user ID containing the preferences. Caller must
+ free. */
+PKT_user_id *
+keygen_get_std_prefs(void)
+{
+ int i,j=0;
+ PKT_user_id *uid=xmalloc_clear(sizeof(PKT_user_id));
+
+ if(!prefs_initialized)
+ keygen_set_std_prefs(NULL,0);
+
+ uid->ref=1;
+
+ uid->prefs=xmalloc((sizeof(prefitem_t *)*
+ (nsym_prefs+nhash_prefs+nzip_prefs+1)));
+
+ for(i=0;i<nsym_prefs;i++,j++)
+ {
+ uid->prefs[j].type=PREFTYPE_SYM;
+ uid->prefs[j].value=sym_prefs[i];
+ }
+
+ for(i=0;i<nhash_prefs;i++,j++)
+ {
+ uid->prefs[j].type=PREFTYPE_HASH;
+ uid->prefs[j].value=hash_prefs[i];
+ }
+
+ for(i=0;i<nzip_prefs;i++,j++)
+ {
+ uid->prefs[j].type=PREFTYPE_ZIP;
+ uid->prefs[j].value=zip_prefs[i];
+ }
+
+ uid->prefs[j].type=PREFTYPE_NONE;
+ uid->prefs[j].value=0;
+
+ uid->flags.mdc=mdc_available;
+ uid->flags.ks_modify=ks_modify;
+
+ return uid;
+}
+
+static void
+add_feature_mdc (PKT_signature *sig,int enabled)
+{
+ const byte *s;
+ size_t n;
+ int i;
+ char *buf;
+
+ s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n );
+ /* Already set or cleared */
+ if (s && n &&
+ ((enabled && (s[0] & 0x01)) || (!enabled && !(s[0] & 0x01))))
+ return;
+
+ if (!s || !n) { /* create a new one */
+ n = 1;
+ buf = xmalloc_clear (n);
+ }
+ else {
+ buf = xmalloc (n);
+ memcpy (buf, s, n);
+ }
+
+ if(enabled)
+ buf[0] |= 0x01; /* MDC feature */
+ else
+ buf[0] &= ~0x01;
+
+ /* Are there any bits set? */
+ for(i=0;i<n;i++)
+ if(buf[i]!=0)
+ break;
+
+ if(i==n)
+ delete_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES);
+ else
+ build_sig_subpkt (sig, SIGSUBPKT_FEATURES, buf, n);
+
+ xfree (buf);
+}
+
+static void
+add_keyserver_modify (PKT_signature *sig,int enabled)
+{
+ const byte *s;
+ size_t n;
+ int i;
+ char *buf;
+
+ /* The keyserver modify flag is a negative flag (i.e. no-modify) */
+ enabled=!enabled;
+
+ s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n );
+ /* Already set or cleared */
+ if (s && n &&
+ ((enabled && (s[0] & 0x80)) || (!enabled && !(s[0] & 0x80))))
+ return;
+
+ if (!s || !n) { /* create a new one */
+ n = 1;
+ buf = xmalloc_clear (n);
+ }
+ else {
+ buf = xmalloc (n);
+ memcpy (buf, s, n);
+ }
+
+ if(enabled)
+ buf[0] |= 0x80; /* no-modify flag */
+ else
+ buf[0] &= ~0x80;
+
+ /* Are there any bits set? */
+ for(i=0;i<n;i++)
+ if(buf[i]!=0)
+ break;
+
+ if(i==n)
+ delete_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS);
+ else
+ build_sig_subpkt (sig, SIGSUBPKT_KS_FLAGS, buf, n);
+
+ xfree (buf);
+}
+
+
+int
+keygen_upd_std_prefs (PKT_signature *sig, void *opaque)
+{
+ (void)opaque;
+
+ if (!prefs_initialized)
+ keygen_set_std_prefs (NULL, 0);
+
+ if (nsym_prefs)
+ build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM, sym_prefs, nsym_prefs);
+ else
+ {
+ delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM);
+ delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM);
+ }
+
+ if (nhash_prefs)
+ build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs);
+ else
+ {
+ delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH);
+ delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_HASH);
+ }
+
+ if (nzip_prefs)
+ build_sig_subpkt (sig, SIGSUBPKT_PREF_COMPR, zip_prefs, nzip_prefs);
+ else
+ {
+ delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR);
+ delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_COMPR);
+ }
+
+ /* Make sure that the MDC feature flag is set if needed. */
+ add_feature_mdc (sig,mdc_available);
+ add_keyserver_modify (sig,ks_modify);
+ keygen_add_keyserver_url(sig,NULL);
+
+ return 0;
+}
+
+
+/****************
+ * Add preference to the self signature packet.
+ * This is only called for packets with version > 3.
+
+ */
+int
+keygen_add_std_prefs( PKT_signature *sig, void *opaque )
+{
+ PKT_public_key *pk = opaque;
+
+ do_add_key_flags (sig, pk->pubkey_usage);
+ keygen_add_key_expire( sig, opaque );
+ keygen_upd_std_prefs (sig, opaque);
+ keygen_add_keyserver_url(sig,NULL);
+
+ return 0;
+}
+
+int
+keygen_add_keyserver_url(PKT_signature *sig, void *opaque)
+{
+ const char *url=opaque;
+
+ if(!url)
+ url=opt.def_keyserver_url;
+
+ if(url)
+ build_sig_subpkt(sig,SIGSUBPKT_PREF_KS,url,strlen(url));
+ else
+ delete_sig_subpkt (sig->hashed,SIGSUBPKT_PREF_KS);
+
+ return 0;
+}
+
+int
+keygen_add_notations(PKT_signature *sig,void *opaque)
+{
+ struct notation *notation;
+
+ /* We always start clean */
+ delete_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION);
+ delete_sig_subpkt(sig->unhashed,SIGSUBPKT_NOTATION);
+ sig->flags.notation=0;
+
+ for(notation=opaque;notation;notation=notation->next)
+ if(!notation->flags.ignore)
+ {
+ unsigned char *buf;
+ unsigned int n1,n2;
+
+ n1=strlen(notation->name);
+ if(notation->altvalue)
+ n2=strlen(notation->altvalue);
+ else if(notation->bdat)
+ n2=notation->blen;
+ else
+ n2=strlen(notation->value);
+
+ buf = xmalloc( 8 + n1 + n2 );
+
+ /* human readable or not */
+ buf[0] = notation->bdat?0:0x80;
+ buf[1] = buf[2] = buf[3] = 0;
+ buf[4] = n1 >> 8;
+ buf[5] = n1;
+ buf[6] = n2 >> 8;
+ buf[7] = n2;
+ memcpy(buf+8, notation->name, n1 );
+ if(notation->altvalue)
+ memcpy(buf+8+n1, notation->altvalue, n2 );
+ else if(notation->bdat)
+ memcpy(buf+8+n1, notation->bdat, n2 );
+ else
+ memcpy(buf+8+n1, notation->value, n2 );
+ build_sig_subpkt( sig, SIGSUBPKT_NOTATION |
+ (notation->flags.critical?SIGSUBPKT_FLAG_CRITICAL:0),
+ buf, 8+n1+n2 );
+ xfree(buf);
+ }
+
+ return 0;
+}
+
+int
+keygen_add_revkey(PKT_signature *sig, void *opaque)
+{
+ struct revocation_key *revkey=opaque;
+ byte buf[2+MAX_FINGERPRINT_LEN];
+
+ buf[0]=revkey->class;
+ buf[1]=revkey->algid;
+ memcpy(&buf[2],revkey->fpr,MAX_FINGERPRINT_LEN);
+
+ build_sig_subpkt(sig,SIGSUBPKT_REV_KEY,buf,2+MAX_FINGERPRINT_LEN);
+
+ /* All sigs with revocation keys set are nonrevocable */
+ sig->flags.revocable=0;
+ buf[0] = 0;
+ build_sig_subpkt( sig, SIGSUBPKT_REVOCABLE, buf, 1 );
+
+ parse_revkeys(sig);
+
+ return 0;
+}
+
+
+
+/* Create a back-signature. If TIMESTAMP is not NULL, use it for the
+ signature creation time. */
+int
+make_backsig (PKT_signature *sig,PKT_public_key *pk,
+ PKT_public_key *sub_pk,PKT_secret_key *sub_sk,
+ u32 timestamp)
+{
+ PKT_signature *backsig;
+ int rc;
+
+ cache_public_key(sub_pk);
+
+ rc = make_keysig_packet (&backsig, pk, NULL, sub_pk, sub_sk, 0x19,
+ 0, 0, timestamp, 0, NULL, NULL);
+ if(rc)
+ log_error("make_keysig_packet failed for backsig: %s\n",g10_errstr(rc));
+ else
+ {
+ /* Get it into a binary packed form. */
+ IOBUF backsig_out=iobuf_temp();
+ PACKET backsig_pkt;
+
+ init_packet(&backsig_pkt);
+ backsig_pkt.pkttype=PKT_SIGNATURE;
+ backsig_pkt.pkt.signature=backsig;
+ rc=build_packet(backsig_out,&backsig_pkt);
+ free_packet(&backsig_pkt);
+ if(rc)
+ log_error("build_packet failed for backsig: %s\n",g10_errstr(rc));
+ else
+ {
+ size_t pktlen=0;
+ byte *buf=iobuf_get_temp_buffer(backsig_out);
+
+ /* Remove the packet header */
+ if(buf[0]&0x40)
+ {
+ if(buf[1]<192)
+ {
+ pktlen=buf[1];
+ buf+=2;
+ }
+ else if(buf[1]<224)
+ {
+ pktlen=(buf[1]-192)*256;
+ pktlen+=buf[2]+192;
+ buf+=3;
+ }
+ else if(buf[1]==255)
+ {
+ pktlen =buf[2] << 24;
+ pktlen|=buf[3] << 16;
+ pktlen|=buf[4] << 8;
+ pktlen|=buf[5];
+ buf+=6;
+ }
+ else
+ BUG();
+ }
+ else
+ {
+ int mark=1;
+
+ switch(buf[0]&3)
+ {
+ case 3:
+ BUG();
+ break;
+
+ case 2:
+ pktlen =buf[mark++] << 24;
+ pktlen|=buf[mark++] << 16;
+
+ case 1:
+ pktlen|=buf[mark++] << 8;
+
+ case 0:
+ pktlen|=buf[mark++];
+ }
+
+ buf+=mark;
+ }
+
+ /* Now make the binary blob into a subpacket. */
+ build_sig_subpkt(sig,SIGSUBPKT_SIGNATURE,buf,pktlen);
+
+ iobuf_close(backsig_out);
+ }
+ }
+
+ return rc;
+}
+
+
+static int
+write_direct_sig (KBNODE root, KBNODE pub_root, PKT_secret_key *sk,
+ struct revocation_key *revkey, u32 timestamp)
+{
+ PACKET *pkt;
+ PKT_signature *sig;
+ int rc=0;
+ KBNODE node;
+ PKT_public_key *pk;
+
+ if( opt.verbose )
+ log_info(_("writing direct signature\n"));
+
+ /* Get the pk packet from the pub_tree. */
+ node = find_kbnode( pub_root, PKT_PUBLIC_KEY );
+ if( !node )
+ BUG();
+ pk = node->pkt->pkt.public_key;
+
+ /* We have to cache the key, so that the verification of the
+ signature creation is able to retrieve the public key. */
+ cache_public_key (pk);
+
+ /* Make the signature. */
+ rc = make_keysig_packet (&sig,pk,NULL,NULL,sk,0x1F,
+ 0, 0, timestamp, 0,
+ keygen_add_revkey, revkey);
+ if( rc )
+ {
+ log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
+ return rc;
+ }
+
+ pkt = xmalloc_clear( sizeof *pkt );
+ pkt->pkttype = PKT_SIGNATURE;
+ pkt->pkt.signature = sig;
+ add_kbnode( root, new_kbnode( pkt ) );
+ return rc;
+}
+
+
+static int
+write_selfsigs( KBNODE sec_root, KBNODE pub_root, PKT_secret_key *sk,
+ unsigned int use, u32 timestamp )
+{
+ PACKET *pkt;
+ PKT_signature *sig;
+ PKT_user_id *uid;
+ int rc=0;
+ KBNODE node;
+ PKT_public_key *pk;
+
+ if( opt.verbose )
+ log_info(_("writing self signature\n"));
+
+ /* Get the uid packet from the list. */
+ node = find_kbnode( pub_root, PKT_USER_ID );
+ if( !node )
+ BUG(); /* No user id packet in tree. */
+ uid = node->pkt->pkt.user_id;
+
+ /* Get the pk packet from the pub_tree. */
+ node = find_kbnode( pub_root, PKT_PUBLIC_KEY );
+ if( !node )
+ BUG();
+ pk = node->pkt->pkt.public_key;
+ pk->pubkey_usage = use;
+
+ /* We have to cache the key, so that the verification of the
+ signature creation is able to retrieve the public key. */
+ cache_public_key (pk);
+
+ /* Make the signature. */
+ rc = make_keysig_packet (&sig, pk, uid, NULL, sk, 0x13,
+ 0, 0, timestamp, 0,
+ keygen_add_std_prefs, pk);
+ if( rc )
+ {
+ log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
+ return rc;
+ }
+
+ pkt = xmalloc_clear( sizeof *pkt );
+ pkt->pkttype = PKT_SIGNATURE;
+ pkt->pkt.signature = sig;
+ add_kbnode( sec_root, new_kbnode( pkt ) );
+
+ pkt = xmalloc_clear( sizeof *pkt );
+ pkt->pkttype = PKT_SIGNATURE;
+ pkt->pkt.signature = copy_signature(NULL,sig);
+ add_kbnode( pub_root, new_kbnode( pkt ) );
+ return rc;
+}
+
+
+/* Write the key binding signature. If TIMESTAMP is not NULL use the
+ signature creation times. */
+static int
+write_keybinding (KBNODE root, KBNODE pub_root,
+ PKT_secret_key *pri_sk, PKT_secret_key *sub_sk,
+ unsigned int use, u32 timestamp)
+{
+ PACKET *pkt;
+ PKT_signature *sig;
+ int rc=0;
+ KBNODE node;
+ PKT_public_key *pri_pk, *sub_pk;
+ struct opaque_data_usage_and_pk oduap;
+
+ if ( opt.verbose )
+ log_info(_("writing key binding signature\n"));
+
+ /* Get the pk packet from the pub_tree. */
+ node = find_kbnode ( pub_root, PKT_PUBLIC_KEY );
+ if ( !node )
+ BUG();
+ pri_pk = node->pkt->pkt.public_key;
+
+ /* We have to cache the key, so that the verification of the
+ * signature creation is able to retrieve the public key. */
+ cache_public_key (pri_pk);
+
+ /* Find the last subkey. */
+ sub_pk = NULL;
+ for (node=pub_root; node; node = node->next )
+ {
+ if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ sub_pk = node->pkt->pkt.public_key;
+ }
+ if (!sub_pk)
+ BUG();
+
+ /* Make the signature. */
+ oduap.usage = use;
+ oduap.pk = sub_pk;
+ rc = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_sk, 0x18,
+ 0, 0, timestamp, 0,
+ keygen_add_key_flags_and_expire, &oduap );
+ if (rc)
+ {
+ log_error ("make_keysig_packet failed: %s\n", g10_errstr(rc) );
+ return rc;
+ }
+
+ /* Make a backsig. */
+ if (use&PUBKEY_USAGE_SIG)
+ {
+ rc = make_backsig (sig, pri_pk, sub_pk, sub_sk, timestamp);
+ if (rc)
+ return rc;
+ }
+
+ pkt = xmalloc_clear ( sizeof *pkt );
+ pkt->pkttype = PKT_SIGNATURE;
+ pkt->pkt.signature = sig;
+ add_kbnode (root, new_kbnode (pkt) );
+ return rc;
+}
+
+
+
+static int
+key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp,
+ const char *topname, const char *elems)
+{
+ gcry_sexp_t list, l2;
+ const char *s;
+ int i, idx;
+ int rc = 0;
+
+ list = gcry_sexp_find_token (sexp, topname, 0);
+ if (!list)
+ return gpg_error (GPG_ERR_INV_OBJ);
+ l2 = gcry_sexp_cadr (list);
+ gcry_sexp_release (list);
+ list = l2;
+ if (!list)
+ return gpg_error (GPG_ERR_NO_OBJ);
+
+ for (idx=0,s=elems; *s; s++, idx++)
+ {
+ l2 = gcry_sexp_find_token (list, s, 1);
+ if (!l2)
+ {
+ rc = gpg_error (GPG_ERR_NO_OBJ); /* required parameter not found */
+ goto leave;
+ }
+ array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (l2);
+ if (!array[idx])
+ {
+ rc = gpg_error (GPG_ERR_INV_OBJ); /* required parameter invalid */
+ goto leave;
+ }
+ }
+ gcry_sexp_release (list);
+
+ leave:
+ if (rc)
+ {
+ for (i=0; i<idx; i++)
+ {
+ gcry_mpi_release (array[i]);
+ array[i] = NULL;
+ }
+ gcry_sexp_release (list);
+ }
+ return rc;
+}
+
+
+static int
+genhelp_protect (DEK *dek, STRING2KEY *s2k, PKT_secret_key *sk)
+{
+ int rc = 0;
+
+ if (dek)
+ {
+ sk->protect.algo = dek->algo;
+ sk->protect.s2k = *s2k;
+ rc = protect_secret_key (sk, dek);
+ if (rc)
+ log_error ("protect_secret_key failed: %s\n", gpg_strerror (rc) );
+ }
+
+ return rc;
+}
+
+static void
+genhelp_factors (gcry_sexp_t misc_key_info, KBNODE sec_root)
+{
+ (void)misc_key_info;
+ (void)sec_root;
+#if 0 /* Not used anymore */
+ size_t n;
+ char *buf;
+
+ if (misc_key_info)
+ {
+ /* DSA: don't know whether it makes sense to have the factors, so for now
+ we store them in the secret keyring (but they are not secret)
+ p = 2 * q * f1 * f2 * ... * fn
+ We store only f1 to f_n-1; fn can be calculated because p and q
+ are known. */
+ n = gcry_sexp_sprint (misc_key_info, 0, NULL, 0);
+ buf = xmalloc (n+4);
+ strcpy (buf, "#::");
+ n = gcry_sexp_sprint (misc_key_info, 0, buf+3, n);
+ if (n)
+ {
+ n += 3;
+ add_kbnode (sec_root, make_comment_node_from_buffer (buf, n));
+ }
+ xfree (buf);
+ gcry_sexp_release (misc_key_info);
+ }
+#endif
+}
+
+
+/* Generate an Elgamal encryption key pair. TIMESTAMP is the creatuion
+ time to be put into the key structure. */
+static int
+gen_elg (int algo, unsigned int nbits,
+ KBNODE pub_root, KBNODE sec_root, DEK *dek,
+ STRING2KEY *s2k, PKT_secret_key **ret_sk,
+ u32 timestamp, u32 expireval, int is_subkey)
+{
+ int rc;
+ PACKET *pkt;
+ PKT_secret_key *sk;
+ PKT_public_key *pk;
+ gcry_sexp_t s_parms, s_key;
+ gcry_sexp_t misc_key_info;
+
+ assert( is_ELGAMAL(algo) );
+
+ if (nbits < 512)
+ {
+ nbits = 1024;
+ log_info (_("keysize invalid; using %u bits\n"), nbits );
+ }
+
+ if ((nbits % 32))
+ {
+ nbits = ((nbits + 31) / 32) * 32;
+ log_info (_("keysize rounded up to %u bits\n"), nbits );
+ }
+
+
+ rc = gcry_sexp_build ( &s_parms, NULL,
+ "(genkey(%s(nbits %d)))",
+ algo == GCRY_PK_ELG_E ? "openpgp-elg" :
+ algo == GCRY_PK_ELG ? "elg" : "x-oops" ,
+ (int)nbits);
+ if (rc)
+ log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));
+
+ rc = gcry_pk_genkey (&s_key, s_parms);
+ gcry_sexp_release (s_parms);
+ if (rc)
+ {
+ log_error ("gcry_pk_genkey failed: %s\n", gpg_strerror (rc) );
+ return rc;
+ }
+
+ sk = xmalloc_clear( sizeof *sk );
+ pk = xmalloc_clear( sizeof *pk );
+ sk->timestamp = pk->timestamp = timestamp;
+ sk->version = pk->version = 4;
+ if (expireval)
+ {
+ sk->expiredate = pk->expiredate = sk->timestamp + expireval;
+ }
+ sk->pubkey_algo = pk->pubkey_algo = algo;
+
+ rc = key_from_sexp (pk->pkey, s_key, "public-key", "pgy");
+ if (rc)
+ {
+ log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );
+ gcry_sexp_release (s_key);
+ free_secret_key (sk);
+ free_public_key (pk);
+ return rc;
+ }
+ rc = key_from_sexp (sk->skey, s_key, "private-key", "pgyx");
+ if (rc)
+ {
+ log_error("key_from_sexp failed: %s\n", gpg_strerror (rc) );
+ gcry_sexp_release (s_key);
+ free_secret_key (sk);
+ free_public_key (pk);
+ return rc;
+ }
+ misc_key_info = gcry_sexp_find_token (s_key, "misc-key-info", 0);
+ gcry_sexp_release (s_key);
+
+ sk->is_protected = 0;
+ sk->protect.algo = 0;
+
+ sk->csum = checksum_mpi (sk->skey[3]);
+ if (ret_sk) /* Return an unprotected version of the sk. */
+ *ret_sk = copy_secret_key ( NULL, sk );
+
+ rc = genhelp_protect (dek, s2k, sk);
+ if (rc)
+ {
+ free_public_key (pk);
+ free_secret_key (sk);
+ gcry_sexp_release (misc_key_info);
+ return rc;
+ }
+
+ pkt = xmalloc_clear (sizeof *pkt);
+ pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;
+ pkt->pkt.public_key = pk;
+ add_kbnode (pub_root, new_kbnode( pkt ));
+
+ /* Don't know whether it makes sense to have access to the factors,
+ so for now we store them in the secret keyring (but they are not
+ secret). */
+ pkt = xmalloc_clear (sizeof *pkt);
+ pkt->pkttype = is_subkey ? PKT_SECRET_SUBKEY : PKT_SECRET_KEY;
+ pkt->pkt.secret_key = sk;
+ add_kbnode (sec_root, new_kbnode( pkt ));
+
+ genhelp_factors (misc_key_info, sec_root);
+
+ return 0;
+}
+
+
+/****************
+ * Generate a DSA key
+ */
+static int
+gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
+ STRING2KEY *s2k, PKT_secret_key **ret_sk,
+ u32 timestamp, u32 expireval, int is_subkey)
+{
+ int rc;
+ PACKET *pkt;
+ PKT_secret_key *sk;
+ PKT_public_key *pk;
+ gcry_sexp_t s_parms, s_key;
+ gcry_sexp_t misc_key_info;
+ unsigned int qbits;
+
+ if ( nbits < 512)
+ {
+ nbits = 1024;
+ log_info(_("keysize invalid; using %u bits\n"), nbits );
+ }
+ else if ( nbits > 3072 )
+ {
+ nbits = 3072;
+ log_info(_("keysize invalid; using %u bits\n"), nbits );
+ }
+
+ if( (nbits % 64) )
+ {
+ nbits = ((nbits + 63) / 64) * 64;
+ log_info(_("keysize rounded up to %u bits\n"), nbits );
+ }
+
+ /* To comply with FIPS rules we round up to the next value unless in
+ expert mode. */
+ if (!opt.expert && nbits > 1024 && (nbits % 1024))
+ {
+ nbits = ((nbits + 1023) / 1024) * 1024;
+ log_info(_("keysize rounded up to %u bits\n"), nbits );
+ }
+
+ /*
+ Figure out a q size based on the key size. FIPS 180-3 says:
+
+ L = 1024, N = 160
+ L = 2048, N = 224
+ L = 2048, N = 256
+ L = 3072, N = 256
+
+ 2048/256 is an odd pair since there is also a 2048/224 and
+ 3072/256. Matching sizes is not a very exact science.
+
+ We'll do 256 qbits for nbits over 2047, 224 for nbits over 1024
+ but less than 2048, and 160 for 1024 (DSA1).
+ */
+
+ if (nbits > 2047)
+ qbits = 256;
+ else if ( nbits > 1024)
+ qbits = 224;
+ else
+ qbits = 160;
+
+ if (qbits != 160 )
+ log_info (_("WARNING: some OpenPGP programs can't"
+ " handle a DSA key with this digest size\n"));
+
+ rc = gcry_sexp_build (&s_parms, NULL,
+ "(genkey(dsa(nbits %d)(qbits %d)))",
+ (int)nbits, (int)qbits);
+ if (rc)
+ log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));
+
+ rc = gcry_pk_genkey (&s_key, s_parms);
+ gcry_sexp_release (s_parms);
+ if (rc)
+ {
+ log_error ("gcry_pk_genkey failed: %s\n", gpg_strerror (rc) );
+ return rc;
+ }
+
+ sk = xmalloc_clear( sizeof *sk );
+ pk = xmalloc_clear( sizeof *pk );
+ sk->timestamp = pk->timestamp = timestamp;
+ sk->version = pk->version = 4;
+ if (expireval)
+ sk->expiredate = pk->expiredate = sk->timestamp + expireval;
+ sk->pubkey_algo = pk->pubkey_algo = PUBKEY_ALGO_DSA;
+
+ rc = key_from_sexp (pk->pkey, s_key, "public-key", "pqgy");
+ if (rc)
+ {
+ log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc));
+ gcry_sexp_release (s_key);
+ free_public_key(pk);
+ free_secret_key(sk);
+ return rc;
+ }
+ rc = key_from_sexp (sk->skey, s_key, "private-key", "pqgyx");
+ if (rc)
+ {
+ log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );
+ gcry_sexp_release (s_key);
+ free_public_key(pk);
+ free_secret_key(sk);
+ return rc;
+ }
+ misc_key_info = gcry_sexp_find_token (s_key, "misc-key-info", 0);
+ gcry_sexp_release (s_key);
+
+ sk->is_protected = 0;
+ sk->protect.algo = 0;
+
+ sk->csum = checksum_mpi ( sk->skey[4] );
+ if( ret_sk ) /* return an unprotected version of the sk */
+ *ret_sk = copy_secret_key( NULL, sk );
+
+ rc = genhelp_protect (dek, s2k, sk);
+ if (rc)
+ {
+ free_public_key (pk);
+ free_secret_key (sk);
+ gcry_sexp_release (misc_key_info);
+ return rc;
+ }
+
+ pkt = xmalloc_clear(sizeof *pkt);
+ pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;
+ pkt->pkt.public_key = pk;
+ add_kbnode(pub_root, new_kbnode( pkt ));
+
+ /* Don't know whether it makes sense to have the factors, so for now
+ * we store them in the secret keyring (but they are not secret)
+ * p = 2 * q * f1 * f2 * ... * fn
+ * We store only f1 to f_n-1; fn can be calculated because p and q
+ * are known.
+ */
+ pkt = xmalloc_clear(sizeof *pkt);
+ pkt->pkttype = is_subkey ? PKT_SECRET_SUBKEY : PKT_SECRET_KEY;
+ pkt->pkt.secret_key = sk;
+ add_kbnode(sec_root, new_kbnode( pkt ));
+
+ genhelp_factors (misc_key_info, sec_root);
+
+ return 0;
+}
+
+
+/*
+ * Generate an RSA key.
+ */
+static int
+gen_rsa (int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
+ STRING2KEY *s2k, PKT_secret_key **ret_sk,
+ u32 timestamp, u32 expireval, int is_subkey)
+{
+ int rc;
+ PACKET *pkt;
+ PKT_secret_key *sk;
+ PKT_public_key *pk;
+ gcry_sexp_t s_parms, s_key;
+
+ assert (is_RSA(algo));
+
+ if (!nbits)
+ nbits = DEFAULT_STD_KEYSIZE;
+
+ if (nbits < 1024)
+ {
+ nbits = 1024;
+ log_info (_("keysize invalid; using %u bits\n"), nbits );
+ }
+
+ if ((nbits % 32))
+ {
+ nbits = ((nbits + 31) / 32) * 32;
+ log_info (_("keysize rounded up to %u bits\n"), nbits );
+ }
+
+ rc = gcry_sexp_build (&s_parms, NULL,
+ "(genkey(rsa(nbits %d)))",
+ (int)nbits);
+ if (rc)
+ log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));
+
+ rc = gcry_pk_genkey (&s_key, s_parms);
+ gcry_sexp_release (s_parms);
+ if (rc)
+ {
+ log_error ("gcry_pk_genkey failed: %s\n", gpg_strerror (rc) );
+ return rc;
+ }
+
+ sk = xmalloc_clear( sizeof *sk );
+ pk = xmalloc_clear( sizeof *pk );
+ sk->timestamp = pk->timestamp = timestamp;
+ sk->version = pk->version = 4;
+ if (expireval)
+ {
+ sk->expiredate = pk->expiredate = sk->timestamp + expireval;
+ }
+ sk->pubkey_algo = pk->pubkey_algo = algo;
+
+ rc = key_from_sexp (pk->pkey, s_key, "public-key", "ne");
+ if (rc)
+ {
+ log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc));
+ gcry_sexp_release (s_key);
+ free_public_key(pk);
+ free_secret_key(sk);
+ return rc;
+ }
+ rc = key_from_sexp (sk->skey, s_key, "private-key", "nedpqu");
+ if (rc)
+ {
+ log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );
+ gcry_sexp_release (s_key);
+ free_public_key(pk);
+ free_secret_key(sk);
+ return rc;
+ }
+ gcry_sexp_release (s_key);
+
+ sk->is_protected = 0;
+ sk->protect.algo = 0;
+
+ sk->csum = checksum_mpi (sk->skey[2] );
+ sk->csum += checksum_mpi (sk->skey[3] );
+ sk->csum += checksum_mpi (sk->skey[4] );
+ sk->csum += checksum_mpi (sk->skey[5] );
+ if( ret_sk ) /* return an unprotected version of the sk */
+ *ret_sk = copy_secret_key( NULL, sk );
+
+ rc = genhelp_protect (dek, s2k, sk);
+ if (rc)
+ {
+ free_public_key (pk);
+ free_secret_key (sk);
+ return rc;
+ }
+
+ pkt = xmalloc_clear(sizeof *pkt);
+ pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;
+ pkt->pkt.public_key = pk;
+ add_kbnode(pub_root, new_kbnode( pkt ));
+
+ pkt = xmalloc_clear(sizeof *pkt);
+ pkt->pkttype = is_subkey ? PKT_SECRET_SUBKEY : PKT_SECRET_KEY;
+ pkt->pkt.secret_key = sk;
+ add_kbnode(sec_root, new_kbnode( pkt ));
+
+ return 0;
+}
+
+
+/****************
+ * check valid days:
+ * return 0 on error or the multiplier
+ */
+static int
+check_valid_days( const char *s )
+{
+ if( !digitp(s) )
+ return 0;
+ for( s++; *s; s++)
+ if( !digitp(s) )
+ break;
+ if( !*s )
+ return 1;
+ if( s[1] )
+ return 0; /* e.g. "2323wc" */
+ if( *s == 'd' || *s == 'D' )
+ return 1;
+ if( *s == 'w' || *s == 'W' )
+ return 7;
+ if( *s == 'm' || *s == 'M' )
+ return 30;
+ if( *s == 'y' || *s == 'Y' )
+ return 365;
+ return 0;
+}
+
+
+static void
+print_key_flags(int flags)
+{
+ if(flags&PUBKEY_USAGE_SIG)
+ tty_printf("%s ",_("Sign"));
+
+ if(flags&PUBKEY_USAGE_CERT)
+ tty_printf("%s ",_("Certify"));
+
+ if(flags&PUBKEY_USAGE_ENC)
+ tty_printf("%s ",_("Encrypt"));
+
+ if(flags&PUBKEY_USAGE_AUTH)
+ tty_printf("%s ",_("Authenticate"));
+}
+
+
+/* Returns the key flags */
+static unsigned int
+ask_key_flags(int algo,int subkey)
+{
+ /* TRANSLATORS: Please use only plain ASCII characters for the
+ translation. If this is not possible use single digits. The
+ string needs to 8 bytes long. Here is a description of the
+ functions:
+
+ s = Toggle signing capability
+ e = Toggle encryption capability
+ a = Toggle authentication capability
+ q = Finish
+ */
+ const char *togglers=_("SsEeAaQq");
+ char *answer=NULL;
+ unsigned int current=0;
+ unsigned int possible=openpgp_pk_algo_usage(algo);
+
+ if ( strlen(togglers) != 8 )
+ {
+ tty_printf ("NOTE: Bad translation at %s:%d. "
+ "Please report.\n", __FILE__, __LINE__);
+ togglers = "11223300";
+ }
+
+ /* Only primary keys may certify. */
+ if(subkey)
+ possible&=~PUBKEY_USAGE_CERT;
+
+ /* Preload the current set with the possible set, minus
+ authentication, since nobody really uses auth yet. */
+ current=possible&~PUBKEY_USAGE_AUTH;
+
+ for(;;)
+ {
+ tty_printf("\n");
+ tty_printf(_("Possible actions for a %s key: "),
+ gcry_pk_algo_name (algo));
+ print_key_flags(possible);
+ tty_printf("\n");
+ tty_printf(_("Current allowed actions: "));
+ print_key_flags(current);
+ tty_printf("\n\n");
+
+ if(possible&PUBKEY_USAGE_SIG)
+ tty_printf(_(" (%c) Toggle the sign capability\n"),
+ togglers[0]);
+ if(possible&PUBKEY_USAGE_ENC)
+ tty_printf(_(" (%c) Toggle the encrypt capability\n"),
+ togglers[2]);
+ if(possible&PUBKEY_USAGE_AUTH)
+ tty_printf(_(" (%c) Toggle the authenticate capability\n"),
+ togglers[4]);
+
+ tty_printf(_(" (%c) Finished\n"),togglers[6]);
+ tty_printf("\n");
+
+ xfree(answer);
+ answer = cpr_get("keygen.flags",_("Your selection? "));
+ cpr_kill_prompt();
+
+ if(strlen(answer)>1)
+ tty_printf(_("Invalid selection.\n"));
+ else if(*answer=='\0' || *answer==togglers[6] || *answer==togglers[7])
+ break;
+ else if((*answer==togglers[0] || *answer==togglers[1])
+ && possible&PUBKEY_USAGE_SIG)
+ {
+ if(current&PUBKEY_USAGE_SIG)
+ current&=~PUBKEY_USAGE_SIG;
+ else
+ current|=PUBKEY_USAGE_SIG;
+ }
+ else if((*answer==togglers[2] || *answer==togglers[3])
+ && possible&PUBKEY_USAGE_ENC)
+ {
+ if(current&PUBKEY_USAGE_ENC)
+ current&=~PUBKEY_USAGE_ENC;
+ else
+ current|=PUBKEY_USAGE_ENC;
+ }
+ else if((*answer==togglers[4] || *answer==togglers[5])
+ && possible&PUBKEY_USAGE_AUTH)
+ {
+ if(current&PUBKEY_USAGE_AUTH)
+ current&=~PUBKEY_USAGE_AUTH;
+ else
+ current|=PUBKEY_USAGE_AUTH;
+ }
+ else
+ tty_printf(_("Invalid selection.\n"));
+ }
+
+ xfree(answer);
+
+ return current;
+}
+
+
+/* Ask for an algorithm. The function returns the algorithm id to
+ * create. If ADDMODE is false the function won't show an option to
+ * create the primary and subkey combined and won't set R_USAGE
+ * either. If a combined algorithm has been selected, the subkey
+ * algorithm is stored at R_SUBKEY_ALGO. */
+static int
+ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage)
+{
+ char *answer;
+ int algo;
+ int dummy_algo;
+
+ if (!r_subkey_algo)
+ r_subkey_algo = &dummy_algo;
+
+ tty_printf (_("Please select what kind of key you want:\n"));
+
+ if (!addmode)
+ tty_printf (_(" (%d) RSA and RSA (default)\n"), 1 );
+ if (!addmode)
+ tty_printf (_(" (%d) DSA and Elgamal\n"), 2 );
+
+ tty_printf (_(" (%d) DSA (sign only)\n"), 3 );
+ tty_printf (_(" (%d) RSA (sign only)\n"), 4 );
+
+ if (addmode)
+ {
+ tty_printf (_(" (%d) Elgamal (encrypt only)\n"), 5 );
+ tty_printf (_(" (%d) RSA (encrypt only)\n"), 6 );
+ }
+ if (opt.expert)
+ {
+ tty_printf (_(" (%d) DSA (set your own capabilities)\n"), 7 );
+ tty_printf (_(" (%d) RSA (set your own capabilities)\n"), 8 );
+ }
+
+ for(;;)
+ {
+ *r_usage = 0;
+ *r_subkey_algo = 0;
+ answer = cpr_get ("keygen.algo", _("Your selection? "));
+ cpr_kill_prompt ();
+ algo = *answer? atoi (answer) : 1;
+ xfree(answer);
+ if (algo == 1 && !addmode)
+ {
+ algo = PUBKEY_ALGO_RSA;
+ *r_subkey_algo = PUBKEY_ALGO_RSA;
+ break;
+ }
+ else if (algo == 2 && !addmode)
+ {
+ algo = PUBKEY_ALGO_DSA;
+ *r_subkey_algo = PUBKEY_ALGO_ELGAMAL_E;
+ break;
+ }
+ else if (algo == 3)
+ {
+ algo = PUBKEY_ALGO_DSA;
+ *r_usage = PUBKEY_USAGE_SIG;
+ break;
+ }
+ else if (algo == 4)
+ {
+ algo = PUBKEY_ALGO_RSA;
+ *r_usage = PUBKEY_USAGE_SIG;
+ break;
+ }
+ else if (algo == 5 && addmode)
+ {
+ algo = PUBKEY_ALGO_ELGAMAL_E;
+ *r_usage = PUBKEY_USAGE_ENC;
+ break;
+ }
+ else if (algo == 6 && addmode)
+ {
+ algo = PUBKEY_ALGO_RSA;
+ *r_usage = PUBKEY_USAGE_ENC;
+ break;
+ }
+ else if (algo == 7 && opt.expert)
+ {
+ algo = PUBKEY_ALGO_DSA;
+ *r_usage = ask_key_flags (algo, addmode);
+ break;
+ }
+ else if (algo == 8 && opt.expert)
+ {
+ algo = PUBKEY_ALGO_RSA;
+ *r_usage = ask_key_flags (algo, addmode);
+ break;
+ }
+ else
+ tty_printf (_("Invalid selection.\n"));
+ }
+
+ return algo;
+}
+
+
+/* Ask for the key size. ALGO is the algorithm. If PRIMARY_KEYSIZE
+ is not 0, the function asks for the size of the encryption
+ subkey. */
+static unsigned
+ask_keysize (int algo, unsigned int primary_keysize)
+{
+ unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;
+ int for_subkey = !!primary_keysize;
+ int autocomp = 0;
+
+ if(opt.expert)
+ min=512;
+ else
+ min=1024;
+
+ if (primary_keysize && !opt.expert)
+ {
+ /* Deduce the subkey size from the primary key size. */
+ if (algo == PUBKEY_ALGO_DSA && primary_keysize > 3072)
+ nbits = 3072; /* For performance reasons we don't support more
+ than 3072 bit DSA. However we won't see this
+ case anyway because DSA can't be used as an
+ encryption subkey ;-). */
+ else
+ nbits = primary_keysize;
+ autocomp = 1;
+ goto leave;
+ }
+
+ switch(algo)
+ {
+ case PUBKEY_ALGO_DSA:
+ def=2048;
+ max=3072;
+ break;
+
+ case PUBKEY_ALGO_RSA:
+ min=1024;
+ break;
+ }
+
+ tty_printf(_("%s keys may be between %u and %u bits long.\n"),
+ gcry_pk_algo_name (algo), min, max);
+
+ for(;;)
+ {
+ char *prompt, *answer;
+
+ if (for_subkey)
+ prompt = xasprintf (_("What keysize do you want "
+ "for the subkey? (%u) "), def);
+ else
+ prompt = xasprintf (_("What keysize do you want? (%u) "), def);
+ answer = cpr_get ("keygen.size", prompt);
+ cpr_kill_prompt ();
+ nbits = *answer? atoi (answer): def;
+ xfree(prompt);
+ xfree(answer);
+
+ if(nbits<min || nbits>max)
+ tty_printf(_("%s keysizes must be in the range %u-%u\n"),
+ gcry_pk_algo_name (algo), min, max);
+ else
+ break;
+ }
+
+ tty_printf(_("Requested keysize is %u bits\n"), nbits );
+
+ leave:
+ if( algo == PUBKEY_ALGO_DSA && (nbits % 64) )
+ {
+ nbits = ((nbits + 63) / 64) * 64;
+ if (!autocomp)
+ tty_printf(_("rounded up to %u bits\n"), nbits );
+ }
+ else if( (nbits % 32) )
+ {
+ nbits = ((nbits + 31) / 32) * 32;
+ if (!autocomp)
+ tty_printf(_("rounded up to %u bits\n"), nbits );
+ }
+
+ return nbits;
+}
+
+
+/****************
+ * Parse an expire string and return its value in seconds.
+ * Returns (u32)-1 on error.
+ * This isn't perfect since scan_isodatestr returns unix time, and
+ * OpenPGP actually allows a 32-bit time *plus* a 32-bit offset.
+ * Because of this, we only permit setting expirations up to 2106, but
+ * OpenPGP could theoretically allow up to 2242. I think we'll all
+ * just cope for the next few years until we get a 64-bit time_t or
+ * similar.
+ */
+u32
+parse_expire_string( const char *string )
+{
+ int mult;
+ u32 seconds;
+ u32 abs_date = 0;
+ u32 curtime = make_timestamp ();
+ time_t tt;
+
+ if (!*string)
+ seconds = 0;
+ else if (!strncmp (string, "seconds=", 8))
+ seconds = atoi (string+8);
+ else if ((abs_date = scan_isodatestr(string))
+ && (abs_date+86400/2) > curtime)
+ seconds = (abs_date+86400/2) - curtime;
+ else if ((tt = isotime2epoch (string)) != (time_t)(-1))
+ seconds = (u32)tt - curtime;
+ else if ((mult = check_valid_days (string)))
+ seconds = atoi (string) * 86400L * mult;
+ else
+ seconds = (u32)(-1);
+
+ return seconds;
+}
+
+/* Parsean Creation-Date string which is either "1986-04-26" or
+ "19860426T042640". Returns 0 on error. */
+static u32
+parse_creation_string (const char *string)
+{
+ u32 seconds;
+
+ if (!*string)
+ seconds = 0;
+ else if ( !strncmp (string, "seconds=", 8) )
+ seconds = atoi (string+8);
+ else if ( !(seconds = scan_isodatestr (string)))
+ {
+ time_t tmp = isotime2epoch (string);
+ seconds = (tmp == (time_t)(-1))? 0 : tmp;
+ }
+ return seconds;
+}
+
+
+/* object == 0 for a key, and 1 for a sig */
+u32
+ask_expire_interval(int object,const char *def_expire)
+{
+ u32 interval;
+ char *answer;
+
+ switch(object)
+ {
+ case 0:
+ if(def_expire)
+ BUG();
+ tty_printf(_("Please specify how long the key should be valid.\n"
+ " 0 = key does not expire\n"
+ " <n> = key expires in n days\n"
+ " <n>w = key expires in n weeks\n"
+ " <n>m = key expires in n months\n"
+ " <n>y = key expires in n years\n"));
+ break;
+
+ case 1:
+ if(!def_expire)
+ BUG();
+ tty_printf(_("Please specify how long the signature should be valid.\n"
+ " 0 = signature does not expire\n"
+ " <n> = signature expires in n days\n"
+ " <n>w = signature expires in n weeks\n"
+ " <n>m = signature expires in n months\n"
+ " <n>y = signature expires in n years\n"));
+ break;
+
+ default:
+ BUG();
+ }
+
+ /* Note: The elgamal subkey for DSA has no expiration date because
+ * it must be signed with the DSA key and this one has the expiration
+ * date */
+
+ answer = NULL;
+ for(;;)
+ {
+ u32 curtime=make_timestamp();
+
+ xfree(answer);
+ if(object==0)
+ answer = cpr_get("keygen.valid",_("Key is valid for? (0) "));
+ else
+ {
+ char *prompt;
+
+#define PROMPTSTRING _("Signature is valid for? (%s) ")
+ /* This will actually end up larger than necessary because
+ of the 2 bytes for '%s' */
+ prompt=xmalloc(strlen(PROMPTSTRING)+strlen(def_expire)+1);
+ sprintf(prompt,PROMPTSTRING,def_expire);
+#undef PROMPTSTRING
+
+ answer = cpr_get("siggen.valid",prompt);
+ xfree(prompt);
+
+ if(*answer=='\0')
+ answer=xstrdup(def_expire);
+ }
+ cpr_kill_prompt();
+ trim_spaces(answer);
+ interval = parse_expire_string( answer );
+ if( interval == (u32)-1 )
+ {
+ tty_printf(_("invalid value\n"));
+ continue;
+ }
+
+ if( !interval )
+ {
+ tty_printf((object==0)
+ ? _("Key does not expire at all\n")
+ : _("Signature does not expire at all\n"));
+ }
+ else
+ {
+ tty_printf(object==0
+ ? _("Key expires at %s\n")
+ : _("Signature expires at %s\n"),
+ asctimestamp((ulong)(curtime + interval) ) );
+#if SIZEOF_TIME_T <= 4
+ if ( (time_t)((ulong)(curtime+interval)) < 0 )
+ tty_printf (_("Your system can't display dates beyond 2038.\n"
+ "However, it will be correctly handled up to"
+ " 2106.\n"));
+ else
+#endif /*SIZEOF_TIME_T*/
+ if ( (time_t)((unsigned long)(curtime+interval)) < curtime )
+ {
+ tty_printf (_("invalid value\n"));
+ continue;
+ }
+ }
+
+ if( cpr_enabled() || cpr_get_answer_is_yes("keygen.valid.okay",
+ _("Is this correct? (y/N) ")) )
+ break;
+ }
+
+ xfree(answer);
+ return interval;
+}
+
+u32
+ask_expiredate()
+{
+ u32 x = ask_expire_interval(0,NULL);
+ return x? make_timestamp() + x : 0;
+}
+
+
+
+static PKT_user_id *
+uid_from_string (const char *string)
+{
+ size_t n;
+ PKT_user_id *uid;
+
+ n = strlen (string);
+ uid = xmalloc_clear (sizeof *uid + n);
+ uid->len = n;
+ strcpy (uid->name, string);
+ uid->ref = 1;
+ return uid;
+}
+
+
+/* Ask for a user ID. With a MODE of 1 an extra help prompt is
+ printed for use during a new key creation. If KEYBLOCK is not NULL
+ the function prevents the creation of an already existing user
+ ID. */
+static char *
+ask_user_id (int mode, KBNODE keyblock)
+{
+ char *answer;
+ char *aname, *acomment, *amail, *uid;
+
+ if ( !mode )
+ {
+ /* TRANSLATORS: This is the new string telling the user what
+ gpg is now going to do (i.e. ask for the parts of the user
+ ID). Note that if you do not tyranslated this string, a
+ different string will be used used, which might still have
+ a correct transaltion. */
+ const char *s1 =
+ N_("\n"
+ "GnuPG needs to construct a user ID to identify your key.\n"
+ "\n");
+ const char *s2 = _(s1);
+
+ if (!strcmp (s1, s2))
+ {
+ /* There is no translation for the string thus we to use
+ the old info text. gettext has no way to tell whether
+ a translation is actually available, thus we need to
+ to compare again. */
+ /* TRANSLATORS: This string is in general not anymore used
+ but you should keep your existing translation. In case
+ the new string is not translated this old string will
+ be used. */
+ const char *s3 = N_("\n"
+"You need a user ID to identify your key; "
+ "the software constructs the user ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n\n");
+ const char *s4 = _(s3);
+ if (strcmp (s3, s4))
+ s2 = s3; /* A translation exists - use it. */
+ }
+ tty_printf ("%s", s2) ;
+ }
+ uid = aname = acomment = amail = NULL;
+ for(;;) {
+ char *p;
+ int fail=0;
+
+ if( !aname ) {
+ for(;;) {
+ xfree(aname);
+ aname = cpr_get("keygen.name",_("Real name: "));
+ trim_spaces(aname);
+ cpr_kill_prompt();
+
+ if( opt.allow_freeform_uid )
+ break;
+
+ if( strpbrk( aname, "<>" ) )
+ tty_printf(_("Invalid character in name\n"));
+ else if( digitp(aname) )
+ tty_printf(_("Name may not start with a digit\n"));
+ else if( strlen(aname) < 5 )
+ tty_printf(_("Name must be at least 5 characters long\n"));
+ else
+ break;
+ }
+ }
+ if( !amail ) {
+ for(;;) {
+ xfree(amail);
+ amail = cpr_get("keygen.email",_("Email address: "));
+ trim_spaces(amail);
+ cpr_kill_prompt();
+ if( !*amail || opt.allow_freeform_uid )
+ break; /* no email address is okay */
+ else if ( !is_valid_mailbox (amail) )
+ tty_printf(_("Not a valid email address\n"));
+ else
+ break;
+ }
+ }
+ if( !acomment ) {
+ for(;;) {
+ xfree(acomment);
+ acomment = cpr_get("keygen.comment",_("Comment: "));
+ trim_spaces(acomment);
+ cpr_kill_prompt();
+ if( !*acomment )
+ break; /* no comment is okay */
+ else if( strpbrk( acomment, "()" ) )
+ tty_printf(_("Invalid character in comment\n"));
+ else
+ break;
+ }
+ }
+
+
+ xfree(uid);
+ uid = p = xmalloc(strlen(aname)+strlen(amail)+strlen(acomment)+12+10);
+ p = stpcpy(p, aname );
+ if( *acomment )
+ p = stpcpy(stpcpy(stpcpy(p," ("), acomment),")");
+ if( *amail )
+ p = stpcpy(stpcpy(stpcpy(p," <"), amail),">");
+
+ /* Append a warning if the RNG is switched into fake mode. */
+ if ( random_is_faked () )
+ strcpy(p, " (insecure!)" );
+
+ /* print a note in case that UTF8 mapping has to be done */
+ for(p=uid; *p; p++ ) {
+ if( *p & 0x80 ) {
+ tty_printf(_("You are using the `%s' character set.\n"),
+ get_native_charset() );
+ break;
+ }
+ }
+
+ tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid);
+
+ if( !*amail && !opt.allow_freeform_uid
+ && (strchr( aname, '@' ) || strchr( acomment, '@'))) {
+ fail = 1;
+ tty_printf(_("Please don't put the email address "
+ "into the real name or the comment\n") );
+ }
+
+ if (!fail && keyblock)
+ {
+ PKT_user_id *uidpkt = uid_from_string (uid);
+ KBNODE node;
+
+ for (node=keyblock; node && !fail; node=node->next)
+ if (!is_deleted_kbnode (node)
+ && node->pkt->pkttype == PKT_USER_ID
+ && !cmp_user_ids (uidpkt, node->pkt->pkt.user_id))
+ fail = 1;
+ if (fail)
+ tty_printf (_("Such a user ID already exists on this key!\n"));
+ free_user_id (uidpkt);
+ }
+
+ for(;;) {
+ /* TRANSLATORS: These are the allowed answers in
+ lower and uppercase. Below you will find the matching
+ string which should be translated accordingly and the
+ letter changed to match the one in the answer string.
+
+ n = Change name
+ c = Change comment
+ e = Change email
+ o = Okay (ready, continue)
+ q = Quit
+ */
+ const char *ansstr = _("NnCcEeOoQq");
+
+ if( strlen(ansstr) != 10 )
+ BUG();
+ if( cpr_enabled() ) {
+ answer = xstrdup (ansstr + (fail?8:6));
+ answer[1] = 0;
+ }
+ else {
+ answer = cpr_get("keygen.userid.cmd", fail?
+ _("Change (N)ame, (C)omment, (E)mail or (Q)uit? ") :
+ _("Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "));
+ cpr_kill_prompt();
+ }
+ if( strlen(answer) > 1 )
+ ;
+ else if( *answer == ansstr[0] || *answer == ansstr[1] ) {
+ xfree(aname); aname = NULL;
+ break;
+ }
+ else if( *answer == ansstr[2] || *answer == ansstr[3] ) {
+ xfree(acomment); acomment = NULL;
+ break;
+ }
+ else if( *answer == ansstr[4] || *answer == ansstr[5] ) {
+ xfree(amail); amail = NULL;
+ break;
+ }
+ else if( *answer == ansstr[6] || *answer == ansstr[7] ) {
+ if( fail ) {
+ tty_printf(_("Please correct the error first\n"));
+ }
+ else {
+ xfree(aname); aname = NULL;
+ xfree(acomment); acomment = NULL;
+ xfree(amail); amail = NULL;
+ break;
+ }
+ }
+ else if( *answer == ansstr[8] || *answer == ansstr[9] ) {
+ xfree(aname); aname = NULL;
+ xfree(acomment); acomment = NULL;
+ xfree(amail); amail = NULL;
+ xfree(uid); uid = NULL;
+ break;
+ }
+ xfree(answer);
+ }
+ xfree(answer);
+ if( !aname && !acomment && !amail )
+ break;
+ xfree(uid); uid = NULL;
+ }
+ if( uid ) {
+ char *p = native_to_utf8( uid );
+ xfree( uid );
+ uid = p;
+ }
+ return uid;
+}
+
+
+/* MODE 0 - standard
+ 1 - Ask for passphrase of the card backup key. */
+static DEK *
+do_ask_passphrase (STRING2KEY **ret_s2k, int mode, int *r_canceled)
+{
+ DEK *dek = NULL;
+ STRING2KEY *s2k;
+ const char *errtext = NULL;
+ const char *custdesc = NULL;
+
+ tty_printf(_("You need a Passphrase to protect your secret key.\n\n") );
+
+ if (mode == 1)
+ custdesc = _("Please enter a passphrase to protect the off-card "
+ "backup of the new encryption key.");
+
+ s2k = xmalloc_secure( sizeof *s2k );
+ for(;;) {
+ s2k->mode = opt.s2k_mode;
+ s2k->hash_algo = S2K_DIGEST_ALGO;
+ dek = passphrase_to_dek_ext (NULL, 0, opt.s2k_cipher_algo, s2k, 2,
+ errtext, custdesc, NULL, r_canceled);
+ if (!dek && *r_canceled) {
+ xfree(dek); dek = NULL;
+ xfree(s2k); s2k = NULL;
+ break;
+ }
+ else if( !dek ) {
+ errtext = N_("passphrase not correctly repeated; try again");
+ tty_printf(_("%s.\n"), _(errtext));
+ }
+ else if( !dek->keylen ) {
+ xfree(dek); dek = NULL;
+ xfree(s2k); s2k = NULL;
+ tty_printf(_(
+ "You don't want a passphrase - this is probably a *bad* idea!\n"
+ "I will do it anyway. You can change your passphrase at any time,\n"
+ "using this program with the option \"--edit-key\".\n\n"));
+ break;
+ }
+ else
+ break; /* okay */
+ }
+ *ret_s2k = s2k;
+ return dek;
+}
+
+
+/* Basic key generation. Here we divert to the actual generation
+ routines based on the requested algorithm. */
+static int
+do_create (int algo, unsigned int nbits, KBNODE pub_root, KBNODE sec_root,
+ DEK *dek, STRING2KEY *s2k, PKT_secret_key **sk,
+ u32 timestamp, u32 expiredate, int is_subkey )
+{
+ int rc=0;
+
+ if( !opt.batch )
+ tty_printf(_(
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n") );
+
+ if( algo == PUBKEY_ALGO_ELGAMAL_E )
+ rc = gen_elg(algo, nbits, pub_root, sec_root, dek, s2k, sk,
+ timestamp, expiredate, is_subkey);
+ else if( algo == PUBKEY_ALGO_DSA )
+ rc = gen_dsa(nbits, pub_root, sec_root, dek, s2k, sk,
+ timestamp, expiredate, is_subkey);
+ else if( algo == PUBKEY_ALGO_RSA )
+ rc = gen_rsa(algo, nbits, pub_root, sec_root, dek, s2k, sk,
+ timestamp, expiredate, is_subkey);
+ else
+ BUG();
+
+ return rc;
+}
+
+
+/* Generate a new user id packet or return NULL if canceled. If
+ KEYBLOCK is not NULL the function prevents the creation of an
+ already existing user ID. */
+PKT_user_id *
+generate_user_id (KBNODE keyblock)
+{
+ char *p;
+
+ p = ask_user_id (1, keyblock);
+ if (!p)
+ return NULL; /* Canceled. */
+ return uid_from_string (p);
+}
+
+
+static void
+release_parameter_list( struct para_data_s *r )
+{
+ struct para_data_s *r2;
+
+ for( ; r ; r = r2 ) {
+ r2 = r->next;
+ if( r->key == pPASSPHRASE_DEK )
+ xfree( r->u.dek );
+ else if( r->key == pPASSPHRASE_S2K )
+ xfree( r->u.s2k );
+
+ xfree(r);
+ }
+}
+
+static struct para_data_s *
+get_parameter( struct para_data_s *para, enum para_name key )
+{
+ struct para_data_s *r;
+
+ for( r = para; r && r->key != key; r = r->next )
+ ;
+ return r;
+}
+
+static const char *
+get_parameter_value( struct para_data_s *para, enum para_name key )
+{
+ struct para_data_s *r = get_parameter( para, key );
+ return (r && *r->u.value)? r->u.value : NULL;
+}
+
+static int
+get_parameter_algo( struct para_data_s *para, enum para_name key,
+ int *r_default)
+{
+ int i;
+ struct para_data_s *r = get_parameter( para, key );
+
+ if (r_default)
+ *r_default = 0;
+
+ if (!r)
+ return -1;
+
+ if (!ascii_strcasecmp (r->u.value, "default"))
+ {
+ /* Note: If you change this default algo, remember to change it
+ also in gpg.c:gpgconf_list. */
+ i = DEFAULT_STD_ALGO;
+ if (r_default)
+ *r_default = 1;
+ }
+ else if (digitp (r->u.value))
+ i = atoi( r->u.value );
+ else if (!strcmp (r->u.value, "ELG-E")
+ || !strcmp (r->u.value, "ELG"))
+ i = GCRY_PK_ELG_E;
+ else
+ i = gcry_pk_map_name (r->u.value);
+
+ if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S)
+ i = 0; /* we don't want to allow generation of these algorithms */
+ return i;
+}
+
+/*
+ * Parse the usage parameter and set the keyflags. Returns -1 on
+ * error, 0 for no usage given or 1 for usage available.
+ */
+static int
+parse_parameter_usage (const char *fname,
+ struct para_data_s *para, enum para_name key)
+{
+ struct para_data_s *r = get_parameter( para, key );
+ char *p, *pn;
+ unsigned int use;
+
+ if( !r )
+ return 0; /* none (this is an optional parameter)*/
+
+ use = 0;
+ pn = r->u.value;
+ while ( (p = strsep (&pn, " \t,")) ) {
+ if ( !*p)
+ ;
+ else if ( !ascii_strcasecmp (p, "sign") )
+ use |= PUBKEY_USAGE_SIG;
+ else if ( !ascii_strcasecmp (p, "encrypt") )
+ use |= PUBKEY_USAGE_ENC;
+ else if ( !ascii_strcasecmp (p, "auth") )
+ use |= PUBKEY_USAGE_AUTH;
+ else {
+ log_error("%s:%d: invalid usage list\n", fname, r->lnr );
+ return -1; /* error */
+ }
+ }
+ r->u.usage = use;
+ return 1;
+}
+
+static int
+parse_revocation_key (const char *fname,
+ struct para_data_s *para, enum para_name key)
+{
+ struct para_data_s *r = get_parameter( para, key );
+ struct revocation_key revkey;
+ char *pn;
+ int i;
+
+ if( !r )
+ return 0; /* none (this is an optional parameter) */
+
+ pn = r->u.value;
+
+ revkey.class=0x80;
+ revkey.algid=atoi(pn);
+ if(!revkey.algid)
+ goto fail;
+
+ /* Skip to the fpr */
+ while(*pn && *pn!=':')
+ pn++;
+
+ if(*pn!=':')
+ goto fail;
+
+ pn++;
+
+ for(i=0;i<MAX_FINGERPRINT_LEN && *pn;i++,pn+=2)
+ {
+ int c=hextobyte(pn);
+ if(c==-1)
+ goto fail;
+
+ revkey.fpr[i]=c;
+ }
+
+ /* skip to the tag */
+ while(*pn && *pn!='s' && *pn!='S')
+ pn++;
+
+ if(ascii_strcasecmp(pn,"sensitive")==0)
+ revkey.class|=0x40;
+
+ memcpy(&r->u.revkey,&revkey,sizeof(struct revocation_key));
+
+ return 0;
+
+ fail:
+ log_error("%s:%d: invalid revocation key\n", fname, r->lnr );
+ return -1; /* error */
+}
+
+
+static u32
+get_parameter_u32( struct para_data_s *para, enum para_name key )
+{
+ struct para_data_s *r = get_parameter( para, key );
+
+ if( !r )
+ return 0;
+ if( r->key == pKEYCREATIONDATE )
+ return r->u.creation;
+ if( r->key == pKEYEXPIRE || r->key == pSUBKEYEXPIRE )
+ return r->u.expire;
+ if( r->key == pKEYUSAGE || r->key == pSUBKEYUSAGE )
+ return r->u.usage;
+
+ return (unsigned int)strtoul( r->u.value, NULL, 10 );
+}
+
+static unsigned int
+get_parameter_uint( struct para_data_s *para, enum para_name key )
+{
+ return get_parameter_u32( para, key );
+}
+
+static DEK *
+get_parameter_dek( struct para_data_s *para, enum para_name key )
+{
+ struct para_data_s *r = get_parameter( para, key );
+ return r? r->u.dek : NULL;
+}
+
+static STRING2KEY *
+get_parameter_s2k( struct para_data_s *para, enum para_name key )
+{
+ struct para_data_s *r = get_parameter( para, key );
+ return r? r->u.s2k : NULL;
+}
+
+static struct revocation_key *
+get_parameter_revkey( struct para_data_s *para, enum para_name key )
+{
+ struct para_data_s *r = get_parameter( para, key );
+ return r? &r->u.revkey : NULL;
+}
+
+static int
+proc_parameter_file( struct para_data_s *para, const char *fname,
+ struct output_control_s *outctrl, int card )
+{
+ struct para_data_s *r;
+ const char *s1, *s2, *s3;
+ size_t n;
+ char *p;
+ int is_default = 0;
+ int have_user_id = 0;
+ int err, algo;
+
+ /* Check that we have all required parameters. */
+ r = get_parameter( para, pKEYTYPE );
+ if(r)
+ {
+ algo = get_parameter_algo (para, pKEYTYPE, &is_default);
+ if (openpgp_pk_test_algo2 (algo, PUBKEY_USAGE_SIG))
+ {
+ log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
+ return -1;
+ }
+ }
+ else
+ {
+ log_error ("%s: no Key-Type specified\n",fname);
+ return -1;
+ }
+
+ err = parse_parameter_usage (fname, para, pKEYUSAGE);
+ if (!err)
+ {
+ /* Default to algo capabilities if key-usage is not provided and
+ no default algorithm has been requested. */
+ r = xmalloc_clear(sizeof(*r));
+ r->key = pKEYUSAGE;
+ r->u.usage = (is_default
+ ? (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG)
+ : openpgp_pk_algo_usage(algo));
+ r->next = para;
+ para = r;
+ }
+ else if (err == -1)
+ return -1;
+ else
+ {
+ r = get_parameter (para, pKEYUSAGE);
+ if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo)))
+ {
+ log_error ("%s:%d: specified Key-Usage not allowed for algo %d\n",
+ fname, r->lnr, algo);
+ return -1;
+ }
+ }
+
+ is_default = 0;
+ r = get_parameter( para, pSUBKEYTYPE );
+ if(r)
+ {
+ algo = get_parameter_algo (para, pSUBKEYTYPE, &is_default);
+ if (openpgp_pk_test_algo (algo))
+ {
+ log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
+ return -1;
+ }
+
+ err = parse_parameter_usage (fname, para, pSUBKEYUSAGE);
+ if (!err)
+ {
+ /* Default to algo capabilities if subkey-usage is not
+ provided */
+ r = xmalloc_clear (sizeof(*r));
+ r->key = pSUBKEYUSAGE;
+ r->u.usage = (is_default
+ ? PUBKEY_USAGE_ENC
+ : openpgp_pk_algo_usage (algo));
+ r->next = para;
+ para = r;
+ }
+ else if (err == -1)
+ return -1;
+ else
+ {
+ r = get_parameter (para, pSUBKEYUSAGE);
+ if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo)))
+ {
+ log_error ("%s:%d: specified Subkey-Usage not allowed"
+ " for algo %d\n", fname, r->lnr, algo);
+ return -1;
+ }
+ }
+ }
+
+
+ if( get_parameter_value( para, pUSERID ) )
+ have_user_id=1;
+ else
+ {
+ /* create the formatted user ID */
+ s1 = get_parameter_value( para, pNAMEREAL );
+ s2 = get_parameter_value( para, pNAMECOMMENT );
+ s3 = get_parameter_value( para, pNAMEEMAIL );
+ if( s1 || s2 || s3 )
+ {
+ n = (s1?strlen(s1):0) + (s2?strlen(s2):0) + (s3?strlen(s3):0);
+ r = xmalloc_clear( sizeof *r + n + 20 );
+ r->key = pUSERID;
+ p = r->u.value;
+ if( s1 )
+ p = stpcpy(p, s1 );
+ if( s2 )
+ p = stpcpy(stpcpy(stpcpy(p," ("), s2 ),")");
+ if( s3 )
+ p = stpcpy(stpcpy(stpcpy(p," <"), s3 ),">");
+ r->next = para;
+ para = r;
+ have_user_id=1;
+ }
+ }
+
+ if(!have_user_id)
+ {
+ log_error("%s: no User-ID specified\n",fname);
+ return -1;
+ }
+
+ /* Set preferences, if any. */
+ keygen_set_std_prefs(get_parameter_value( para, pPREFERENCES ), 0);
+
+ /* Set keyserver, if any. */
+ s1=get_parameter_value( para, pKEYSERVER );
+ if(s1)
+ {
+ struct keyserver_spec *spec;
+
+ spec=parse_keyserver_uri(s1,1,NULL,0);
+ if(spec)
+ {
+ free_keyserver_spec(spec);
+ opt.def_keyserver_url=s1;
+ }
+ else
+ {
+ log_error("%s:%d: invalid keyserver url\n", fname, r->lnr );
+ return -1;
+ }
+ }
+
+ /* Set revoker, if any. */
+ if (parse_revocation_key (fname, para, pREVOKER))
+ return -1;
+
+ /* Make DEK and S2K from the Passphrase. */
+ if (outctrl->ask_passphrase)
+ {
+ /* %ask-passphrase is active - ignore pPASSPRASE and ask. This
+ feature is required so that GUIs are able to do a key
+ creation but have gpg-agent ask for the passphrase. */
+ int canceled = 0;
+ STRING2KEY *s2k;
+ DEK *dek;
+
+ dek = do_ask_passphrase (&s2k, 0, &canceled);
+ if (dek)
+ {
+ r = xmalloc_clear( sizeof *r );
+ r->key = pPASSPHRASE_DEK;
+ r->u.dek = dek;
+ r->next = para;
+ para = r;
+ r = xmalloc_clear( sizeof *r );
+ r->key = pPASSPHRASE_S2K;
+ r->u.s2k = s2k;
+ r->next = para;
+ para = r;
+ }
+
+ if (canceled)
+ {
+ log_error ("%s:%d: key generation canceled\n", fname, r->lnr );
+ return -1;
+ }
+ }
+ else
+ {
+ r = get_parameter( para, pPASSPHRASE );
+ if ( r && *r->u.value )
+ {
+ /* We have a plain text passphrase - create a DEK from it.
+ * It is a little bit ridiculous to keep it in secure memory
+ * but because we do this always, why not here. */
+ STRING2KEY *s2k;
+ DEK *dek;
+
+ s2k = xmalloc_secure ( sizeof *s2k );
+ s2k->mode = opt.s2k_mode;
+ s2k->hash_algo = S2K_DIGEST_ALGO;
+ set_next_passphrase ( r->u.value );
+ dek = passphrase_to_dek (NULL, 0, opt.s2k_cipher_algo, s2k, 2,
+ NULL, NULL);
+ set_next_passphrase (NULL );
+ assert (dek);
+ memset (r->u.value, 0, strlen(r->u.value));
+
+ r = xmalloc_clear (sizeof *r);
+ r->key = pPASSPHRASE_S2K;
+ r->u.s2k = s2k;
+ r->next = para;
+ para = r;
+ r = xmalloc_clear (sizeof *r);
+ r->key = pPASSPHRASE_DEK;
+ r->u.dek = dek;
+ r->next = para;
+ para = r;
+ }
+ }
+
+ /* Make KEYCREATIONDATE from Creation-Date. */
+ r = get_parameter (para, pCREATIONDATE);
+ if (r && *r->u.value)
+ {
+ u32 seconds;
+
+ seconds = parse_creation_string (r->u.value);
+ if (!seconds)
+ {
+ log_error ("%s:%d: invalid creation date\n", fname, r->lnr );
+ return -1;
+ }
+ r->u.creation = seconds;
+ r->key = pKEYCREATIONDATE; /* Change that entry. */
+ }
+
+ /* Make KEYEXPIRE from Expire-Date. */
+ r = get_parameter( para, pEXPIREDATE );
+ if( r && *r->u.value )
+ {
+ u32 seconds;
+
+ seconds = parse_expire_string( r->u.value );
+ if( seconds == (u32)-1 )
+ {
+ log_error("%s:%d: invalid expire date\n", fname, r->lnr );
+ return -1;
+ }
+ r->u.expire = seconds;
+ r->key = pKEYEXPIRE; /* change hat entry */
+ /* also set it for the subkey */
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pSUBKEYEXPIRE;
+ r->u.expire = seconds;
+ r->next = para;
+ para = r;
+ }
+
+ if( !!outctrl->pub.newfname ^ !!outctrl->sec.newfname ) {
+ log_error("%s:%d: only one ring name is set\n", fname, outctrl->lnr );
+ return -1;
+ }
+
+ do_generate_keypair( para, outctrl, card );
+ return 0;
+}
+
+
+/****************
+ * Kludge to allow non interactive key generation controlled
+ * by a parameter file.
+ * Note, that string parameters are expected to be in UTF-8
+ */
+static void
+read_parameter_file( const char *fname )
+{
+ static struct { const char *name;
+ enum para_name key;
+ } keywords[] = {
+ { "Key-Type", pKEYTYPE},
+ { "Key-Length", pKEYLENGTH },
+ { "Key-Usage", pKEYUSAGE },
+ { "Subkey-Type", pSUBKEYTYPE },
+ { "Subkey-Length", pSUBKEYLENGTH },
+ { "Subkey-Usage", pSUBKEYUSAGE },
+ { "Name-Real", pNAMEREAL },
+ { "Name-Email", pNAMEEMAIL },
+ { "Name-Comment", pNAMECOMMENT },
+ { "Expire-Date", pEXPIREDATE },
+ { "Creation-Date", pCREATIONDATE },
+ { "Passphrase", pPASSPHRASE },
+ { "Preferences", pPREFERENCES },
+ { "Revoker", pREVOKER },
+ { "Handle", pHANDLE },
+ { "Keyserver", pKEYSERVER },
+ { NULL, 0 }
+ };
+ IOBUF fp;
+ byte *line;
+ unsigned int maxlen, nline;
+ char *p;
+ int lnr;
+ const char *err = NULL;
+ struct para_data_s *para, *r;
+ int i;
+ struct output_control_s outctrl;
+
+ memset( &outctrl, 0, sizeof( outctrl ) );
+ outctrl.pub.afx = new_armor_context ();
+ outctrl.sec.afx = new_armor_context ();
+
+ if( !fname || !*fname)
+ fname = "-";
+
+ fp = iobuf_open (fname);
+ if (fp && is_secured_file (iobuf_get_fd (fp)))
+ {
+ iobuf_close (fp);
+ fp = NULL;
+ errno = EPERM;
+ }
+ if (!fp) {
+ log_error (_("can't open `%s': %s\n"), fname, strerror(errno) );
+ return;
+ }
+ iobuf_ioctl (fp, 3, 1, NULL); /* No file caching. */
+
+ lnr = 0;
+ err = NULL;
+ para = NULL;
+ maxlen = 1024;
+ line = NULL;
+ while ( iobuf_read_line (fp, &line, &nline, &maxlen) ) {
+ char *keyword, *value;
+
+ lnr++;
+ if( !maxlen ) {
+ err = "line too long";
+ break;
+ }
+ for( p = line; isspace(*(byte*)p); p++ )
+ ;
+ if( !*p || *p == '#' )
+ continue;
+ keyword = p;
+ if( *keyword == '%' ) {
+ for( ; !isspace(*(byte*)p); p++ )
+ ;
+ if( *p )
+ *p++ = 0;
+ for( ; isspace(*(byte*)p); p++ )
+ ;
+ value = p;
+ trim_trailing_ws( value, strlen(value) );
+ if( !ascii_strcasecmp( keyword, "%echo" ) )
+ log_info("%s\n", value );
+ else if( !ascii_strcasecmp( keyword, "%dry-run" ) )
+ outctrl.dryrun = 1;
+ else if( !ascii_strcasecmp( keyword, "%ask-passphrase" ) )
+ outctrl.ask_passphrase = 1;
+ else if( !ascii_strcasecmp( keyword, "%no-ask-passphrase" ) )
+ outctrl.ask_passphrase = 0;
+ else if( !ascii_strcasecmp( keyword, "%commit" ) ) {
+ outctrl.lnr = lnr;
+ if (proc_parameter_file( para, fname, &outctrl, 0 ))
+ print_status_key_not_created
+ (get_parameter_value (para, pHANDLE));
+ release_parameter_list( para );
+ para = NULL;
+ }
+ else if( !ascii_strcasecmp( keyword, "%pubring" ) ) {
+ if( outctrl.pub.fname && !strcmp( outctrl.pub.fname, value ) )
+ ; /* still the same file - ignore it */
+ else {
+ xfree( outctrl.pub.newfname );
+ outctrl.pub.newfname = xstrdup( value );
+ outctrl.use_files = 1;
+ }
+ }
+ else if( !ascii_strcasecmp( keyword, "%secring" ) ) {
+ if( outctrl.sec.fname && !strcmp( outctrl.sec.fname, value ) )
+ ; /* still the same file - ignore it */
+ else {
+ xfree( outctrl.sec.newfname );
+ outctrl.sec.newfname = xstrdup( value );
+ outctrl.use_files = 1;
+ }
+ }
+ else
+ log_info("skipping control `%s' (%s)\n", keyword, value );
+
+
+ continue;
+ }
+
+
+ if( !(p = strchr( p, ':' )) || p == keyword ) {
+ err = "missing colon";
+ break;
+ }
+ if( *p )
+ *p++ = 0;
+ for( ; isspace(*(byte*)p); p++ )
+ ;
+ if( !*p ) {
+ err = "missing argument";
+ break;
+ }
+ value = p;
+ trim_trailing_ws( value, strlen(value) );
+
+ for(i=0; keywords[i].name; i++ ) {
+ if( !ascii_strcasecmp( keywords[i].name, keyword ) )
+ break;
+ }
+ if( !keywords[i].name ) {
+ err = "unknown keyword";
+ break;
+ }
+ if( keywords[i].key != pKEYTYPE && !para ) {
+ err = "parameter block does not start with \"Key-Type\"";
+ break;
+ }
+
+ if( keywords[i].key == pKEYTYPE && para ) {
+ outctrl.lnr = lnr;
+ if (proc_parameter_file( para, fname, &outctrl, 0 ))
+ print_status_key_not_created
+ (get_parameter_value (para, pHANDLE));
+ release_parameter_list( para );
+ para = NULL;
+ }
+ else {
+ for( r = para; r; r = r->next ) {
+ if( r->key == keywords[i].key )
+ break;
+ }
+ if( r ) {
+ err = "duplicate keyword";
+ break;
+ }
+ }
+ r = xmalloc_clear( sizeof *r + strlen( value ) );
+ r->lnr = lnr;
+ r->key = keywords[i].key;
+ strcpy( r->u.value, value );
+ r->next = para;
+ para = r;
+ }
+ if( err )
+ log_error("%s:%d: %s\n", fname, lnr, err );
+ else if( iobuf_error (fp) ) {
+ log_error("%s:%d: read error\n", fname, lnr);
+ }
+ else if( para ) {
+ outctrl.lnr = lnr;
+ if (proc_parameter_file( para, fname, &outctrl, 0 ))
+ print_status_key_not_created (get_parameter_value (para, pHANDLE));
+ }
+
+ if( outctrl.use_files ) { /* close open streams */
+ iobuf_close( outctrl.pub.stream );
+ iobuf_close( outctrl.sec.stream );
+
+ /* Must invalidate that ugly cache to actually close it. */
+ if (outctrl.pub.fname)
+ iobuf_ioctl (NULL, 2, 0, (char*)outctrl.pub.fname);
+ if (outctrl.sec.fname)
+ iobuf_ioctl (NULL, 2, 0, (char*)outctrl.sec.fname);
+
+ xfree( outctrl.pub.fname );
+ xfree( outctrl.pub.newfname );
+ xfree( outctrl.sec.fname );
+ xfree( outctrl.sec.newfname );
+ }
+
+ release_parameter_list( para );
+ iobuf_close (fp);
+ release_armor_context (outctrl.pub.afx);
+ release_armor_context (outctrl.sec.afx);
+}
+
+
+/*
+ * Generate a keypair (fname is only used in batch mode) If
+ * CARD_SERIALNO is not NULL the function will create the keys on an
+ * OpenPGP Card. If BACKUP_ENCRYPTION_DIR has been set and
+ * CARD_SERIALNO is NOT NULL, the encryption key for the card gets
+ * generate in software, imported to the card and a backup file
+ * written to directory given by this argument .
+ */
+void
+generate_keypair (const char *fname, const char *card_serialno,
+ const char *backup_encryption_dir)
+{
+ unsigned int nbits;
+ char *uid = NULL;
+ DEK *dek;
+ STRING2KEY *s2k;
+ int algo;
+ unsigned int use;
+ int both = 0;
+ u32 expire;
+ struct para_data_s *para = NULL;
+ struct para_data_s *r;
+ struct output_control_s outctrl;
+ int canceled;
+
+ memset( &outctrl, 0, sizeof( outctrl ) );
+
+ if (opt.batch && card_serialno)
+ {
+ /* We don't yet support unattended key generation. */
+ log_error (_("can't do this in batch mode\n"));
+ return;
+ }
+
+ if (opt.batch)
+ {
+ read_parameter_file( fname );
+ return;
+ }
+
+ if (card_serialno)
+ {
+#ifdef ENABLE_CARD_SUPPORT
+ r = xcalloc (1, sizeof *r + strlen (card_serialno) );
+ r->key = pSERIALNO;
+ strcpy( r->u.value, card_serialno);
+ r->next = para;
+ para = r;
+
+ algo = PUBKEY_ALGO_RSA;
+
+ r = xcalloc (1, sizeof *r + 20 );
+ r->key = pKEYTYPE;
+ sprintf( r->u.value, "%d", algo );
+ r->next = para;
+ para = r;
+ r = xcalloc (1, sizeof *r + 20 );
+ r->key = pKEYUSAGE;
+ strcpy (r->u.value, "sign");
+ r->next = para;
+ para = r;
+
+ r = xcalloc (1, sizeof *r + 20 );
+ r->key = pSUBKEYTYPE;
+ sprintf( r->u.value, "%d", algo );
+ r->next = para;
+ para = r;
+ r = xcalloc (1, sizeof *r + 20 );
+ r->key = pSUBKEYUSAGE;
+ strcpy (r->u.value, "encrypt");
+ r->next = para;
+ para = r;
+
+ r = xcalloc (1, sizeof *r + 20 );
+ r->key = pAUTHKEYTYPE;
+ sprintf( r->u.value, "%d", algo );
+ r->next = para;
+ para = r;
+
+ if (backup_encryption_dir)
+ {
+ r = xcalloc (1, sizeof *r + strlen (backup_encryption_dir) );
+ r->key = pBACKUPENCDIR;
+ strcpy (r->u.value, backup_encryption_dir);
+ r->next = para;
+ para = r;
+ }
+#endif /*ENABLE_CARD_SUPPORT*/
+ }
+ else
+ {
+ int subkey_algo;
+
+ algo = ask_algo (0, &subkey_algo, &use);
+ if (subkey_algo)
+ {
+ /* Create primary and subkey at once. */
+ both = 1;
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pKEYTYPE;
+ sprintf( r->u.value, "%d", algo );
+ r->next = para;
+ para = r;
+ nbits = ask_keysize (algo, 0);
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pKEYLENGTH;
+ sprintf( r->u.value, "%u", nbits);
+ r->next = para;
+ para = r;
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pKEYUSAGE;
+ strcpy( r->u.value, "sign" );
+ r->next = para;
+ para = r;
+
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pSUBKEYTYPE;
+ sprintf( r->u.value, "%d", subkey_algo);
+ r->next = para;
+ para = r;
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pSUBKEYUSAGE;
+ strcpy( r->u.value, "encrypt" );
+ r->next = para;
+ para = r;
+ }
+ else
+ {
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pKEYTYPE;
+ sprintf( r->u.value, "%d", algo );
+ r->next = para;
+ para = r;
+
+ if (use)
+ {
+ r = xmalloc_clear( sizeof *r + 25 );
+ r->key = pKEYUSAGE;
+ sprintf( r->u.value, "%s%s%s",
+ (use & PUBKEY_USAGE_SIG)? "sign ":"",
+ (use & PUBKEY_USAGE_ENC)? "encrypt ":"",
+ (use & PUBKEY_USAGE_AUTH)? "auth":"" );
+ r->next = para;
+ para = r;
+ }
+ nbits = 0;
+ }
+
+ nbits = ask_keysize (both? subkey_algo : algo, nbits);
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = both? pSUBKEYLENGTH : pKEYLENGTH;
+ sprintf( r->u.value, "%u", nbits);
+ r->next = para;
+ para = r;
+ }
+
+ expire = ask_expire_interval(0,NULL);
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pKEYEXPIRE;
+ r->u.expire = expire;
+ r->next = para;
+ para = r;
+ r = xmalloc_clear( sizeof *r + 20 );
+ r->key = pSUBKEYEXPIRE;
+ r->u.expire = expire;
+ r->next = para;
+ para = r;
+
+ uid = ask_user_id (0, NULL);
+ if( !uid )
+ {
+ log_error(_("Key generation canceled.\n"));
+ release_parameter_list( para );
+ return;
+ }
+ r = xmalloc_clear( sizeof *r + strlen(uid) );
+ r->key = pUSERID;
+ strcpy( r->u.value, uid );
+ r->next = para;
+ para = r;
+
+ canceled = 0;
+ dek = card_serialno? NULL : do_ask_passphrase (&s2k, 0, &canceled);
+ if( dek )
+ {
+ r = xmalloc_clear( sizeof *r );
+ r->key = pPASSPHRASE_DEK;
+ r->u.dek = dek;
+ r->next = para;
+ para = r;
+ r = xmalloc_clear( sizeof *r );
+ r->key = pPASSPHRASE_S2K;
+ r->u.s2k = s2k;
+ r->next = para;
+ para = r;
+ }
+
+ if (canceled)
+ log_error (_("Key generation canceled.\n"));
+ else
+ proc_parameter_file( para, "[internal]", &outctrl, !!card_serialno);
+ release_parameter_list( para );
+}
+
+
+#ifdef ENABLE_CARD_SUPPORT
+/* Generate a raw key and return it as a secret key packet. The
+ function will ask for the passphrase and return a protected as well
+ as an unprotected copy of a new secret key packet. 0 is returned
+ on success and the caller must then free the returned values. */
+static int
+generate_raw_key (int algo, unsigned int nbits, u32 created_at,
+ PKT_secret_key **r_sk_unprotected,
+ PKT_secret_key **r_sk_protected)
+{
+ int rc;
+ DEK *dek = NULL;
+ STRING2KEY *s2k = NULL;
+ PKT_secret_key *sk = NULL;
+ int i;
+ size_t nskey, npkey;
+ gcry_sexp_t s_parms, s_key;
+ int canceled;
+
+ npkey = pubkey_get_npkey (algo);
+ nskey = pubkey_get_nskey (algo);
+ assert (nskey <= PUBKEY_MAX_NSKEY && npkey < nskey);
+
+ if (nbits < 512)
+ {
+ nbits = 512;
+ log_info (_("keysize invalid; using %u bits\n"), nbits );
+ }
+
+ if ((nbits % 32))
+ {
+ nbits = ((nbits + 31) / 32) * 32;
+ log_info(_("keysize rounded up to %u bits\n"), nbits );
+ }
+
+ dek = do_ask_passphrase (&s2k, 1, &canceled);
+ if (canceled)
+ {
+ rc = gpg_error (GPG_ERR_CANCELED);
+ goto leave;
+ }
+
+ sk = xmalloc_clear (sizeof *sk);
+ sk->timestamp = created_at;
+ sk->version = 4;
+ sk->pubkey_algo = algo;
+
+ if ( !is_RSA (algo) )
+ {
+ log_error ("only RSA is supported for offline generated keys\n");
+ rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ goto leave;
+ }
+ rc = gcry_sexp_build (&s_parms, NULL,
+ "(genkey(rsa(nbits %d)))",
+ (int)nbits);
+ if (rc)
+ log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));
+ rc = gcry_pk_genkey (&s_key, s_parms);
+ gcry_sexp_release (s_parms);
+ if (rc)
+ {
+ log_error ("gcry_pk_genkey failed: %s\n", gpg_strerror (rc) );
+ goto leave;
+ }
+ rc = key_from_sexp (sk->skey, s_key, "private-key", "nedpqu");
+ gcry_sexp_release (s_key);
+ if (rc)
+ {
+ log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );
+ goto leave;
+ }
+
+ for (i=npkey; i < nskey; i++)
+ sk->csum += checksum_mpi (sk->skey[i]);
+
+ if (r_sk_unprotected)
+ *r_sk_unprotected = copy_secret_key (NULL, sk);
+
+ rc = genhelp_protect (dek, s2k, sk);
+ if (rc)
+ goto leave;
+
+ if (r_sk_protected)
+ {
+ *r_sk_protected = sk;
+ sk = NULL;
+ }
+
+ leave:
+ if (sk)
+ free_secret_key (sk);
+ xfree (dek);
+ xfree (s2k);
+ return rc;
+}
+#endif /* ENABLE_CARD_SUPPORT */
+
+/* Create and delete a dummy packet to start off a list of kbnodes. */
+static void
+start_tree(KBNODE *tree)
+{
+ PACKET *pkt;
+
+ pkt=xmalloc_clear(sizeof(*pkt));
+ pkt->pkttype=PKT_NONE;
+ *tree=new_kbnode(pkt);
+ delete_kbnode(*tree);
+}
+
+
+static void
+do_generate_keypair (struct para_data_s *para,
+ struct output_control_s *outctrl, int card)
+{
+ KBNODE pub_root = NULL;
+ KBNODE sec_root = NULL;
+ PKT_secret_key *pri_sk = NULL, *sub_sk = NULL;
+ const char *s;
+ struct revocation_key *revkey;
+ int rc;
+ int did_sub = 0;
+ u32 timestamp;
+
+ if( outctrl->dryrun )
+ {
+ log_info("dry-run mode - key generation skipped\n");
+ return;
+ }
+
+ if ( outctrl->use_files )
+ {
+ if ( outctrl->pub.newfname )
+ {
+ iobuf_close(outctrl->pub.stream);
+ outctrl->pub.stream = NULL;
+ if (outctrl->pub.fname)
+ iobuf_ioctl (NULL, 2, 0, (char*)outctrl->pub.fname);
+ xfree( outctrl->pub.fname );
+ outctrl->pub.fname = outctrl->pub.newfname;
+ outctrl->pub.newfname = NULL;
+
+ if (is_secured_filename (outctrl->pub.fname) )
+ {
+ outctrl->pub.stream = NULL;
+ errno = EPERM;
+ }
+ else
+ outctrl->pub.stream = iobuf_create( outctrl->pub.fname );
+ if (!outctrl->pub.stream)
+ {
+ log_error(_("can't create `%s': %s\n"), outctrl->pub.newfname,
+ strerror(errno) );
+ return;
+ }
+ if (opt.armor)
+ {
+ outctrl->pub.afx->what = 1;
+ push_armor_filter (outctrl->pub.afx, outctrl->pub.stream);
+ }
+ }
+ if (outctrl->sec.newfname)
+ {
+ mode_t oldmask;
+
+ iobuf_close(outctrl->sec.stream);
+ outctrl->sec.stream = NULL;
+ if (outctrl->sec.fname)
+ iobuf_ioctl (NULL, 2, 0, (char*)outctrl->sec.fname);
+ xfree( outctrl->sec.fname );
+ outctrl->sec.fname = outctrl->sec.newfname;
+ outctrl->sec.newfname = NULL;
+
+ oldmask = umask (077);
+ if (is_secured_filename (outctrl->sec.fname) )
+ {
+ outctrl->sec.stream = NULL;
+ errno = EPERM;
+ }
+ else
+ outctrl->sec.stream = iobuf_create( outctrl->sec.fname );
+ umask (oldmask);
+ if (!outctrl->sec.stream)
+ {
+ log_error(_("can't create `%s': %s\n"), outctrl->sec.newfname,
+ strerror(errno) );
+ return;
+ }
+ if (opt.armor)
+ {
+ outctrl->sec.afx->what = 5;
+ push_armor_filter (outctrl->sec.afx, outctrl->sec.stream);
+ }
+ }
+ assert( outctrl->pub.stream );
+ assert( outctrl->sec.stream );
+ if (opt.verbose)
+ {
+ log_info (_("writing public key to `%s'\n"), outctrl->pub.fname );
+ if (card)
+ log_info (_("writing secret key stub to `%s'\n"),
+ outctrl->sec.fname);
+ else
+ log_info(_("writing secret key to `%s'\n"), outctrl->sec.fname );
+ }
+ }
+
+
+ /* We create the packets as a tree of kbnodes. Because the
+ structure we create is known in advance we simply generate a
+ linked list. The first packet is a dummy packet which we flag as
+ deleted. The very first packet must always be a KEY packet. */
+
+ start_tree (&pub_root);
+ start_tree (&sec_root);
+
+ timestamp = get_parameter_u32 (para, pKEYCREATIONDATE);
+ if (!timestamp)
+ timestamp = make_timestamp ();
+
+ /* Note that, depending on the backend (i.e. the used scdaemon
+ version), the card key generation may update TIMESTAMP for each
+ key. Thus we need to pass TIMESTAMP to all signing function to
+ make sure that the binding signature is done using the timestamp
+ of the corresponding (sub)key and not that of the primary key.
+ An alternative implementation could tell the signing function the
+ node of the subkey but that is more work than just to pass the
+ current timestamp. */
+
+ if (!card)
+ {
+ rc = do_create (get_parameter_algo( para, pKEYTYPE, NULL ),
+ get_parameter_uint( para, pKEYLENGTH ),
+ pub_root, sec_root,
+ get_parameter_dek( para, pPASSPHRASE_DEK ),
+ get_parameter_s2k( para, pPASSPHRASE_S2K ),
+ &pri_sk,
+ timestamp,
+ get_parameter_u32( para, pKEYEXPIRE ), 0 );
+ }
+ else
+ {
+ rc = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root, sec_root, NULL,
+ &timestamp,
+ get_parameter_u32 (para, pKEYEXPIRE), para);
+ if (!rc)
+ {
+ pri_sk = sec_root->next->pkt->pkt.secret_key;
+ assert (pri_sk);
+ }
+ }
+
+ if(!rc && (revkey=get_parameter_revkey(para,pREVOKER)))
+ {
+ rc = write_direct_sig (pub_root, pub_root, pri_sk, revkey, timestamp);
+ if (!rc)
+ rc = write_direct_sig (sec_root, pub_root, pri_sk, revkey, timestamp);
+ }
+
+ if( !rc && (s=get_parameter_value(para, pUSERID)) )
+ {
+ write_uid (pub_root, s );
+ write_uid (sec_root, s );
+
+ rc = write_selfsigs (sec_root, pub_root, pri_sk,
+ get_parameter_uint (para, pKEYUSAGE), timestamp);
+ }
+
+ /* Write the auth key to the card before the encryption key. This
+ is a partial workaround for a PGP bug (as of this writing, all
+ versions including 8.1), that causes it to try and encrypt to
+ the most recent subkey regardless of whether that subkey is
+ actually an encryption type. In this case, the auth key is an
+ RSA key so it succeeds. */
+
+ if (!rc && card && get_parameter (para, pAUTHKEYTYPE))
+ {
+ rc = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root, sec_root, NULL,
+ &timestamp,
+ get_parameter_u32 (para, pKEYEXPIRE), para);
+
+ if (!rc)
+ rc = write_keybinding (pub_root, pub_root, pri_sk, sub_sk,
+ PUBKEY_USAGE_AUTH, timestamp);
+ if (!rc)
+ rc = write_keybinding (sec_root, pub_root, pri_sk, sub_sk,
+ PUBKEY_USAGE_AUTH, timestamp);
+ }
+
+ if( !rc && get_parameter( para, pSUBKEYTYPE ) )
+ {
+ if (!card)
+ {
+ rc = do_create( get_parameter_algo( para, pSUBKEYTYPE, NULL ),
+ get_parameter_uint( para, pSUBKEYLENGTH ),
+ pub_root, sec_root,
+ get_parameter_dek( para, pPASSPHRASE_DEK ),
+ get_parameter_s2k( para, pPASSPHRASE_S2K ),
+ &sub_sk,
+ timestamp,
+ get_parameter_u32( para, pSUBKEYEXPIRE ), 1 );
+ }
+ else
+ {
+ if ((s = get_parameter_value (para, pBACKUPENCDIR)))
+ {
+ /* A backup of the encryption key has been requested.
+ Generate the key in software and import it then to
+ the card. Write a backup file. */
+ rc = gen_card_key_with_backup (PUBKEY_ALGO_RSA, 2, 0,
+ pub_root, sec_root,
+ timestamp,
+ get_parameter_u32 (para,
+ pKEYEXPIRE),
+ para, s);
+ }
+ else
+ {
+ rc = gen_card_key (PUBKEY_ALGO_RSA, 2, 0, pub_root, sec_root,
+ NULL,
+ &timestamp,
+ get_parameter_u32 (para, pKEYEXPIRE), para);
+ }
+ }
+
+ if( !rc )
+ rc = write_keybinding(pub_root, pub_root, pri_sk, sub_sk,
+ get_parameter_uint (para, pSUBKEYUSAGE),
+ timestamp);
+ if( !rc )
+ rc = write_keybinding(sec_root, pub_root, pri_sk, sub_sk,
+ get_parameter_uint (para, pSUBKEYUSAGE),
+ timestamp);
+ did_sub = 1;
+ }
+
+ if (!rc && outctrl->use_files) /* Direct write to specified files. */
+ {
+ rc = write_keyblock( outctrl->pub.stream, pub_root );
+ if (rc)
+ log_error ("can't write public key: %s\n", g10_errstr(rc) );
+ if (!rc)
+ {
+ rc = write_keyblock( outctrl->sec.stream, sec_root );
+ if(rc)
+ log_error ("can't write secret key: %s\n", g10_errstr(rc) );
+ }
+ }
+ else if (!rc) /* Write to the standard keyrings. */
+ {
+ KEYDB_HANDLE pub_hd = keydb_new (0);
+ KEYDB_HANDLE sec_hd = keydb_new (1);
+
+ rc = keydb_locate_writable (pub_hd, NULL);
+ if (rc)
+ log_error (_("no writable public keyring found: %s\n"),
+ g10_errstr (rc));
+
+ if (!rc)
+ {
+ rc = keydb_locate_writable (sec_hd, NULL);
+ if (rc)
+ log_error (_("no writable secret keyring found: %s\n"),
+ g10_errstr (rc));
+ }
+
+ if (!rc && opt.verbose)
+ {
+ log_info (_("writing public key to `%s'\n"),
+ keydb_get_resource_name (pub_hd));
+ if (card)
+ log_info (_("writing secret key stub to `%s'\n"),
+ keydb_get_resource_name (sec_hd));
+ else
+ log_info (_("writing secret key to `%s'\n"),
+ keydb_get_resource_name (sec_hd));
+ }
+
+ if (!rc)
+ {
+ rc = keydb_insert_keyblock (pub_hd, pub_root);
+ if (rc)
+ log_error (_("error writing public keyring `%s': %s\n"),
+ keydb_get_resource_name (pub_hd), g10_errstr(rc));
+ }
+
+ if (!rc)
+ {
+ rc = keydb_insert_keyblock (sec_hd, sec_root);
+ if (rc)
+ log_error (_("error writing secret keyring `%s': %s\n"),
+ keydb_get_resource_name (pub_hd), g10_errstr(rc));
+ }
+
+ keydb_release (pub_hd);
+ keydb_release (sec_hd);
+
+ if (!rc)
+ {
+ int no_enc_rsa;
+ PKT_public_key *pk;
+
+ no_enc_rsa = ((get_parameter_algo (para, pKEYTYPE, NULL)
+ == PUBKEY_ALGO_RSA)
+ && get_parameter_uint (para, pKEYUSAGE)
+ && !((get_parameter_uint (para, pKEYUSAGE)
+ & PUBKEY_USAGE_ENC)) );
+
+ pk = find_kbnode (pub_root, PKT_PUBLIC_KEY)->pkt->pkt.public_key;
+
+ keyid_from_pk(pk,pk->main_keyid);
+ register_trusted_keyid(pk->main_keyid);
+
+ update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK)
+ | TRUST_ULTIMATE ));
+
+ if (!opt.batch)
+ {
+ tty_printf (_("public and secret key created and signed.\n") );
+ tty_printf ("\n");
+ list_keyblock(pub_root,0,1,NULL);
+ }
+
+
+ if (!opt.batch
+ && (get_parameter_algo (para, pKEYTYPE, NULL) == PUBKEY_ALGO_DSA
+ || no_enc_rsa )
+ && !get_parameter (para, pSUBKEYTYPE) )
+ {
+ tty_printf(_("Note that this key cannot be used for "
+ "encryption. You may want to use\n"
+ "the command \"--edit-key\" to generate a "
+ "subkey for this purpose.\n") );
+ }
+ }
+ }
+
+ if (rc)
+ {
+ if (opt.batch)
+ log_error ("key generation failed: %s\n", g10_errstr(rc) );
+ else
+ tty_printf (_("Key generation failed: %s\n"), g10_errstr(rc) );
+ write_status_error (card? "card_key_generate":"key_generate", rc);
+ print_status_key_not_created ( get_parameter_value (para, pHANDLE) );
+ }
+ else
+ {
+ PKT_public_key *pk = find_kbnode (pub_root,
+ PKT_PUBLIC_KEY)->pkt->pkt.public_key;
+ print_status_key_created (did_sub? 'B':'P', pk,
+ get_parameter_value (para, pHANDLE));
+ }
+ release_kbnode( pub_root );
+ release_kbnode( sec_root );
+
+ if (pri_sk && !card) /* The unprotected secret key unless we */
+ free_secret_key (pri_sk); /* have a shallow copy in card mode. */
+ if (sub_sk)
+ free_secret_key(sub_sk);
+}
+
+
+/* Add a new subkey to an existing key. Returns true if a new key has
+ been generated and put into the keyblocks. */
+int
+generate_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock)
+{
+ int okay=0, rc=0;
+ KBNODE node;
+ PKT_secret_key *pri_sk = NULL, *sub_sk = NULL;
+ int algo;
+ unsigned int use;
+ u32 expire;
+ unsigned nbits;
+ char *passphrase = NULL;
+ DEK *dek = NULL;
+ STRING2KEY *s2k = NULL;
+ u32 cur_time;
+ int ask_pass = 0;
+ int canceled;
+
+ /* Break out the primary secret key. */
+ node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
+ if( !node )
+ {
+ log_error ("Oops; secret key not found anymore!\n");
+ goto leave;
+ }
+
+ /* Make a copy of the sk to keep the protected one in the keyblock. */
+ pri_sk = copy_secret_key (NULL, node->pkt->pkt.secret_key);
+
+ cur_time = make_timestamp();
+
+ if (pri_sk->timestamp > cur_time)
+ {
+ ulong d = pri_sk->timestamp - cur_time;
+ log_info ( d==1 ? _("key has been created %lu second "
+ "in future (time warp or clock problem)\n")
+ : _("key has been created %lu seconds "
+ "in future (time warp or clock problem)\n"), d );
+ if (!opt.ignore_time_conflict)
+ {
+ rc = G10ERR_TIME_CONFLICT;
+ goto leave;
+ }
+ }
+
+ if (pri_sk->version < 4)
+ {
+ log_info (_("NOTE: creating subkeys for v3 keys "
+ "is not OpenPGP compliant\n"));
+ goto leave;
+ }
+
+ if (pri_sk->is_protected && pri_sk->protect.s2k.mode == 1001)
+ {
+ tty_printf (_("Secret parts of primary key are not available.\n"));
+ rc = G10ERR_NO_SECKEY;
+ goto leave;
+ }
+
+
+ /* Unprotect to get the passphrase. */
+ switch (is_secret_key_protected (pri_sk) )
+ {
+ case -1:
+ rc = G10ERR_PUBKEY_ALGO;
+ break;
+ case 0:
+ tty_printf (_("This key is not protected.\n"));
+ break;
+ case -2:
+ tty_printf (_("Secret parts of primary key are stored on-card.\n"));
+ ask_pass = 1;
+ break;
+ default:
+ tty_printf (_("Key is protected.\n"));
+ rc = check_secret_key ( pri_sk, 0 );
+ if (!rc)
+ passphrase = get_last_passphrase();
+ break;
+ }
+ if (rc)
+ goto leave;
+
+ algo = ask_algo (1, NULL, &use);
+ assert (algo);
+ nbits = ask_keysize (algo, 0);
+ expire = ask_expire_interval (0, NULL);
+ if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay",
+ _("Really create? (y/N) ")))
+ goto leave;
+
+ canceled = 0;
+ if (ask_pass)
+ dek = do_ask_passphrase (&s2k, 0, &canceled);
+ else if (passphrase)
+ {
+ s2k = xmalloc_secure ( sizeof *s2k );
+ s2k->mode = opt.s2k_mode;
+ s2k->hash_algo = S2K_DIGEST_ALGO;
+ set_next_passphrase ( passphrase );
+ dek = passphrase_to_dek (NULL, 0, opt.s2k_cipher_algo, s2k, 2,
+ NULL, NULL );
+ }
+
+ if (canceled)
+ rc = GPG_ERR_CANCELED;
+
+ if (!rc)
+ rc = do_create (algo, nbits, pub_keyblock, sec_keyblock,
+ dek, s2k, &sub_sk, cur_time, expire, 1 );
+ if (!rc)
+ rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, sub_sk,
+ use, cur_time);
+ if (!rc)
+ rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, sub_sk,
+ use, cur_time);
+ if (!rc)
+ {
+ okay = 1;
+ write_status_text (STATUS_KEY_CREATED, "S");
+ }
+
+ leave:
+ if (rc)
+ log_error (_("Key generation failed: %s\n"), g10_errstr(rc) );
+ xfree (passphrase);
+ xfree (dek);
+ xfree (s2k);
+ /* Release the copy of the (now unprotected) secret keys. */
+ if (pri_sk)
+ free_secret_key (pri_sk);
+ if (sub_sk)
+ free_secret_key (sub_sk);
+ set_next_passphrase (NULL);
+ return okay;
+}
+
+
+#ifdef ENABLE_CARD_SUPPORT
+/* Generate a subkey on a card. */
+int
+generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock,
+ int keyno, const char *serialno)
+{
+ int okay=0, rc=0;
+ KBNODE node;
+ PKT_secret_key *pri_sk = NULL, *sub_sk;
+ int algo;
+ unsigned int use;
+ u32 expire;
+ char *passphrase = NULL;
+ u32 cur_time;
+ struct para_data_s *para = NULL;
+
+ assert (keyno >= 1 && keyno <= 3);
+
+ para = xcalloc (1, sizeof *para + strlen (serialno) );
+ para->key = pSERIALNO;
+ strcpy (para->u.value, serialno);
+
+ /* Break out the primary secret key */
+ node = find_kbnode (sec_keyblock, PKT_SECRET_KEY);
+ if (!node)
+ {
+ log_error("Oops; secret key not found anymore!\n");
+ goto leave;
+ }
+
+ /* Make a copy of the sk to keep the protected one in the keyblock */
+ pri_sk = copy_secret_key (NULL, node->pkt->pkt.secret_key);
+
+ cur_time = make_timestamp();
+ if (pri_sk->timestamp > cur_time)
+ {
+ ulong d = pri_sk->timestamp - cur_time;
+ log_info (d==1 ? _("key has been created %lu second "
+ "in future (time warp or clock problem)\n")
+ : _("key has been created %lu seconds "
+ "in future (time warp or clock problem)\n"), d );
+ if (!opt.ignore_time_conflict)
+ {
+ rc = G10ERR_TIME_CONFLICT;
+ goto leave;
+ }
+ }
+
+ if (pri_sk->version < 4)
+ {
+ log_info (_("NOTE: creating subkeys for v3 keys "
+ "is not OpenPGP compliant\n"));
+ goto leave;
+ }
+
+ /* Unprotect to get the passphrase. */
+ switch( is_secret_key_protected (pri_sk) )
+ {
+ case -1:
+ rc = G10ERR_PUBKEY_ALGO;
+ break;
+ case 0:
+ tty_printf("This key is not protected.\n");
+ break;
+ default:
+ tty_printf("Key is protected.\n");
+ rc = check_secret_key( pri_sk, 0 );
+ if (!rc)
+ passphrase = get_last_passphrase();
+ break;
+ }
+ if (rc)
+ goto leave;
+
+ algo = PUBKEY_ALGO_RSA;
+ expire = ask_expire_interval (0,NULL);
+ if (keyno == 1)
+ use = PUBKEY_USAGE_SIG;
+ else if (keyno == 2)
+ use = PUBKEY_USAGE_ENC;
+ else
+ use = PUBKEY_USAGE_AUTH;
+ if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.cardsub.okay",
+ _("Really create? (y/N) ")))
+ goto leave;
+
+ if (passphrase)
+ set_next_passphrase (passphrase);
+
+ /* Note, that depending on the backend, the card key generation may
+ update CUR_TIME. */
+ rc = gen_card_key (algo, keyno, 0, pub_keyblock, sec_keyblock,
+ &sub_sk, &cur_time, expire, para);
+ if (!rc)
+ rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, sub_sk,
+ use, cur_time);
+ if (!rc)
+ rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, sub_sk,
+ use, cur_time);
+ if (!rc)
+ {
+ okay = 1;
+ write_status_text (STATUS_KEY_CREATED, "S");
+ }
+
+ leave:
+ if (rc)
+ log_error (_("Key generation failed: %s\n"), g10_errstr(rc) );
+ xfree (passphrase);
+ /* Release the copy of the (now unprotected) secret keys. */
+ if (pri_sk)
+ free_secret_key (pri_sk);
+ set_next_passphrase( NULL );
+ release_parameter_list (para);
+ return okay;
+}
+#endif /* !ENABLE_CARD_SUPPORT */
+
+
+/*
+ * Write a keyblock to an output stream
+ */
+static int
+write_keyblock( IOBUF out, KBNODE node )
+{
+ for( ; node ; node = node->next )
+ {
+ if(!is_deleted_kbnode(node))
+ {
+ int rc = build_packet( out, node->pkt );
+ if( rc )
+ {
+ log_error("build_packet(%d) failed: %s\n",
+ node->pkt->pkttype, g10_errstr(rc) );
+ return rc;
+ }
+ }
+ }
+
+ return 0;
+}
+
+
+/* Note that timestamp is an in/out arg. */
+static int
+gen_card_key (int algo, int keyno, int is_primary,
+ KBNODE pub_root, KBNODE sec_root, PKT_secret_key **ret_sk,
+ u32 *timestamp, u32 expireval, struct para_data_s *para)
+{
+#ifdef ENABLE_CARD_SUPPORT
+ int rc;
+ const char *s;
+ struct agent_card_genkey_s info;
+ PACKET *pkt;
+ PKT_secret_key *sk;
+ PKT_public_key *pk;
+
+ assert (algo == PUBKEY_ALGO_RSA);
+
+ /* Fixme: We don't have the serialnumber available, thus passing NULL. */
+ rc = agent_scd_genkey (&info, keyno, 1, NULL, *timestamp);
+/* if (gpg_err_code (rc) == GPG_ERR_EEXIST) */
+/* { */
+/* tty_printf ("\n"); */
+/* log_error ("WARNING: key does already exists!\n"); */
+/* tty_printf ("\n"); */
+/* if ( cpr_get_answer_is_yes( "keygen.card.replace_key", */
+/* _("Replace existing key? "))) */
+/* rc = agent_scd_genkey (&info, keyno, 1); */
+/* } */
+
+ if (rc)
+ {
+ log_error ("key generation failed: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+ if ( !info.n || !info.e )
+ {
+ log_error ("communication error with SCD\n");
+ gcry_mpi_release (info.n);
+ gcry_mpi_release (info.e);
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+
+ if (*timestamp != info.created_at)
+ log_info ("Note that the key does not use the suggested creation date\n");
+ *timestamp = info.created_at;
+
+ pk = xcalloc (1, sizeof *pk );
+ sk = xcalloc (1, sizeof *sk );
+ sk->timestamp = pk->timestamp = info.created_at;
+ sk->version = pk->version = 4;
+ if (expireval)
+ sk->expiredate = pk->expiredate = pk->timestamp + expireval;
+ sk->pubkey_algo = pk->pubkey_algo = algo;
+ pk->pkey[0] = info.n;
+ pk->pkey[1] = info.e;
+ sk->skey[0] = gcry_mpi_copy (pk->pkey[0]);
+ sk->skey[1] = gcry_mpi_copy (pk->pkey[1]);
+ sk->skey[2] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8);
+ sk->is_protected = 1;
+ sk->protect.s2k.mode = 1002;
+ s = get_parameter_value (para, pSERIALNO);
+ if (s)
+ {
+ for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
+ sk->protect.ivlen++, s += 2)
+ sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
+ }
+
+ if( ret_sk )
+ *ret_sk = sk;
+
+ pkt = xcalloc (1,sizeof *pkt);
+ pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
+ pkt->pkt.public_key = pk;
+ add_kbnode(pub_root, new_kbnode( pkt ));
+
+ pkt = xcalloc (1,sizeof *pkt);
+ pkt->pkttype = is_primary ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY;
+ pkt->pkt.secret_key = sk;
+ add_kbnode(sec_root, new_kbnode( pkt ));
+
+ return 0;
+#else
+ return -1;
+#endif /*!ENABLE_CARD_SUPPORT*/
+}
+
+
+
+static int
+gen_card_key_with_backup (int algo, int keyno, int is_primary,
+ KBNODE pub_root, KBNODE sec_root,
+ u32 timestamp,
+ u32 expireval, struct para_data_s *para,
+ const char *backup_dir)
+{
+#ifdef ENABLE_CARD_SUPPORT
+ int rc;
+ const char *s;
+ PACKET *pkt;
+ PKT_secret_key *sk, *sk_unprotected = NULL, *sk_protected = NULL;
+ PKT_public_key *pk;
+ size_t n;
+ int i;
+ unsigned int nbits;
+
+ /* Get the size of the key directly from the card. */
+ {
+ struct agent_card_info_s info;
+
+ memset (&info, 0, sizeof info);
+ if (!agent_scd_getattr ("KEY-ATTR", &info)
+ && info.key_attr[1].algo)
+ nbits = info.key_attr[1].nbits;
+ else
+ nbits = 1024; /* All pre-v2.0 cards. */
+ agent_release_card_info (&info);
+ }
+
+ /* Create a key of this size in memory. */
+ rc = generate_raw_key (algo, nbits, timestamp,
+ &sk_unprotected, &sk_protected);
+ if (rc)
+ return rc;
+
+ /* Store the key to the card. */
+ rc = save_unprotected_key_to_card (sk_unprotected, keyno);
+ if (rc)
+ {
+ log_error (_("storing key onto card failed: %s\n"), g10_errstr (rc));
+ free_secret_key (sk_unprotected);
+ free_secret_key (sk_protected);
+ write_status_error ("save_key_to_card", rc);
+ return rc;
+ }
+
+ /* Get rid of the secret key parameters and store the serial numer. */
+ sk = sk_unprotected;
+ n = pubkey_get_nskey (sk->pubkey_algo);
+ for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++)
+ {
+ gcry_mpi_release (sk->skey[i]);
+ sk->skey[i] = NULL;
+ }
+ i = pubkey_get_npkey (sk->pubkey_algo);
+ sk->skey[i] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8);
+ sk->is_protected = 1;
+ sk->protect.s2k.mode = 1002;
+ s = get_parameter_value (para, pSERIALNO);
+ assert (s);
+ for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
+ sk->protect.ivlen++, s += 2)
+ sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
+
+ /* Now write the *protected* secret key to the file. */
+ {
+ char name_buffer[50];
+ char *fname;
+ IOBUF fp;
+ mode_t oldmask;
+
+ keyid_from_sk (sk, NULL);
+ snprintf (name_buffer, sizeof name_buffer, "sk_%08lX%08lX.gpg",
+ (ulong)sk->keyid[0], (ulong)sk->keyid[1]);
+
+ fname = make_filename (backup_dir, name_buffer, NULL);
+ oldmask = umask (077);
+ if (is_secured_filename (fname))
+ {
+ fp = NULL;
+ errno = EPERM;
+ }
+ else
+ fp = iobuf_create (fname);
+ umask (oldmask);
+ if (!fp)
+ {
+ rc = gpg_error_from_syserror ();
+ log_error (_("can't create backup file `%s': %s\n"),
+ fname, strerror(errno) );
+ xfree (fname);
+ free_secret_key (sk_unprotected);
+ free_secret_key (sk_protected);
+ return rc;
+ }
+
+ pkt = xcalloc (1, sizeof *pkt);
+ pkt->pkttype = PKT_SECRET_KEY;
+ pkt->pkt.secret_key = sk_protected;
+ sk_protected = NULL;
+
+ rc = build_packet (fp, pkt);
+ if (rc)
+ {
+ log_error("build packet failed: %s\n", g10_errstr(rc) );
+ iobuf_cancel (fp);
+ }
+ else
+ {
+ unsigned char array[MAX_FINGERPRINT_LEN];
+ char *fprbuf, *p;
+
+ iobuf_close (fp);
+ iobuf_ioctl (NULL, 2, 0, (char*)fname);
+ log_info (_("NOTE: backup of card key saved to `%s'\n"), fname);
+
+ fingerprint_from_sk (sk, array, &n);
+ p = fprbuf = xmalloc (MAX_FINGERPRINT_LEN*2 + 1 + 1);
+ for (i=0; i < n ; i++, p += 2)
+ sprintf (p, "%02X", array[i]);
+ *p++ = ' ';
+ *p = 0;
+
+ write_status_text_and_buffer (STATUS_BACKUP_KEY_CREATED,
+ fprbuf,
+ fname, strlen (fname),
+ 0);
+ xfree (fprbuf);
+ }
+ free_packet (pkt);
+ xfree (pkt);
+ xfree (fname);
+ if (rc)
+ {
+ free_secret_key (sk_unprotected);
+ return rc;
+ }
+ }
+
+ /* Create the public key from the secret key. */
+ pk = xcalloc (1, sizeof *pk );
+ pk->timestamp = sk->timestamp;
+ pk->version = sk->version;
+ if (expireval)
+ pk->expiredate = sk->expiredate = sk->timestamp + expireval;
+ pk->pubkey_algo = sk->pubkey_algo;
+ n = pubkey_get_npkey (sk->pubkey_algo);
+ for (i=0; i < n; i++)
+ pk->pkey[i] = mpi_copy (sk->skey[i]);
+
+ /* Build packets and add them to the node lists. */
+ pkt = xcalloc (1,sizeof *pkt);
+ pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
+ pkt->pkt.public_key = pk;
+ add_kbnode(pub_root, new_kbnode( pkt ));
+
+ pkt = xcalloc (1,sizeof *pkt);
+ pkt->pkttype = is_primary ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY;
+ pkt->pkt.secret_key = sk;
+ add_kbnode(sec_root, new_kbnode( pkt ));
+
+ return 0;
+#else
+ return -1;
+#endif /*!ENABLE_CARD_SUPPORT*/
+}
+
+
+#ifdef ENABLE_CARD_SUPPORT
+int
+save_unprotected_key_to_card (PKT_secret_key *sk, int keyno)
+{
+ int rc;
+ unsigned char *rsa_n = NULL;
+ unsigned char *rsa_e = NULL;
+ unsigned char *rsa_p = NULL;
+ unsigned char *rsa_q = NULL;
+ size_t rsa_n_len, rsa_e_len, rsa_p_len, rsa_q_len;
+ unsigned char *sexp = NULL;
+ unsigned char *p;
+ char numbuf[55], numbuf2[50];
+
+ assert (is_RSA (sk->pubkey_algo));
+ assert (!sk->is_protected);
+
+ /* Copy the parameters into straight buffers. */
+ gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_n, &rsa_n_len, sk->skey[0]);
+ gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_e, &rsa_e_len, sk->skey[1]);
+ gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_p, &rsa_p_len, sk->skey[3]);
+ gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_q, &rsa_q_len, sk->skey[4]);
+ if (!rsa_n || !rsa_e || !rsa_p || !rsa_q)
+ {
+ rc = G10ERR_INV_ARG;
+ goto leave;
+ }
+
+ /* Put the key into an S-expression. */
+ sexp = p = xmalloc_secure (30
+ + rsa_n_len + rsa_e_len + rsa_p_len + rsa_q_len
+ + 4*sizeof (numbuf) + 25 + sizeof(numbuf) + 20);
+
+ p = stpcpy (p,"(11:private-key(3:rsa(1:n");
+ sprintf (numbuf, "%u:", (unsigned int)rsa_n_len);
+ p = stpcpy (p, numbuf);
+ memcpy (p, rsa_n, rsa_n_len);
+ p += rsa_n_len;
+
+ sprintf (numbuf, ")(1:e%u:", (unsigned int)rsa_e_len);
+ p = stpcpy (p, numbuf);
+ memcpy (p, rsa_e, rsa_e_len);
+ p += rsa_e_len;
+
+ sprintf (numbuf, ")(1:p%u:", (unsigned int)rsa_p_len);
+ p = stpcpy (p, numbuf);
+ memcpy (p, rsa_p, rsa_p_len);
+ p += rsa_p_len;
+
+ sprintf (numbuf, ")(1:q%u:", (unsigned int)rsa_q_len);
+ p = stpcpy (p, numbuf);
+ memcpy (p, rsa_q, rsa_q_len);
+ p += rsa_q_len;
+
+ p = stpcpy (p,"))(10:created-at");
+ sprintf (numbuf2, "%lu", (unsigned long)sk->timestamp);
+ sprintf (numbuf, "%lu:", (unsigned long)strlen (numbuf2));
+ p = stpcpy (stpcpy (stpcpy (p, numbuf), numbuf2), "))");
+
+ /* Fixme: Unfortunately we don't have the serialnumber available -
+ thus we can't pass it down to the agent. */
+ rc = agent_scd_writekey (keyno, NULL, sexp, p - sexp);
+
+ leave:
+ xfree (sexp);
+ xfree (rsa_n);
+ xfree (rsa_e);
+ xfree (rsa_p);
+ xfree (rsa_q);
+ return rc;
+}
+#endif /*ENABLE_CARD_SUPPORT*/
diff --git a/g10/keyid.c b/g10/keyid.c
new file mode 100644
index 0000000..d7a877b
--- /dev/null
+++ b/g10/keyid.c
@@ -0,0 +1,831 @@
+/* keyid.c - key ID and fingerprint handling
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003,
+ * 2004, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <time.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "main.h"
+#include "packet.h"
+#include "options.h"
+#include "keydb.h"
+#include "i18n.h"
+#include "rmd160.h"
+
+int
+pubkey_letter( int algo )
+{
+ switch( algo ) {
+ case PUBKEY_ALGO_RSA: return 'R' ;
+ case PUBKEY_ALGO_RSA_E: return 'r' ;
+ case PUBKEY_ALGO_RSA_S: return 's' ;
+ case PUBKEY_ALGO_ELGAMAL_E: return 'g';
+ case PUBKEY_ALGO_ELGAMAL: return 'G' ;
+ case PUBKEY_ALGO_DSA: return 'D' ;
+ case PUBKEY_ALGO_ECDSA: return 'E' ; /* ECC DSA (sign only) */
+ case PUBKEY_ALGO_ECDH: return 'e' ; /* ECC DH (encrypt only) */
+ default: return '?';
+ }
+}
+
+/* This function is useful for v4 fingerprints and v3 or v4 key
+ signing. */
+void
+hash_public_key( gcry_md_hd_t md, PKT_public_key *pk )
+{
+ unsigned int n = 6;
+ unsigned int nn[PUBKEY_MAX_NPKEY];
+ byte *pp[PUBKEY_MAX_NPKEY];
+ int i;
+ unsigned int nbits;
+ size_t nbytes;
+ int npkey = pubkey_get_npkey (pk->pubkey_algo);
+
+ /* Two extra bytes for the expiration date in v3 */
+ if(pk->version<4)
+ n+=2;
+
+ if (npkey==0 && pk->pkey[0]
+ && gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE))
+ {
+ pp[0] = gcry_mpi_get_opaque (pk->pkey[0], &nbits);
+ nn[0] = (nbits+7)/8;
+ n+=nn[0];
+ }
+ else
+ for(i=0; i < npkey; i++ )
+ {
+ if (gcry_mpi_print (GCRYMPI_FMT_PGP, NULL, 0, &nbytes, pk->pkey[i]))
+ BUG ();
+ pp[i] = xmalloc (nbytes);
+ if (gcry_mpi_print (GCRYMPI_FMT_PGP, pp[i], nbytes,
+ &nbytes, pk->pkey[i]))
+ BUG ();
+ nn[i] = nbytes;
+ n += nn[i];
+ }
+
+ gcry_md_putc ( md, 0x99 ); /* ctb */
+ /* What does it mean if n is greater than than 0xFFFF ? */
+ gcry_md_putc ( md, n >> 8 ); /* 2 byte length header */
+ gcry_md_putc ( md, n );
+ gcry_md_putc ( md, pk->version );
+
+ gcry_md_putc ( md, pk->timestamp >> 24 );
+ gcry_md_putc ( md, pk->timestamp >> 16 );
+ gcry_md_putc ( md, pk->timestamp >> 8 );
+ gcry_md_putc ( md, pk->timestamp );
+
+ if(pk->version<4)
+ {
+ u16 days=0;
+ if(pk->expiredate)
+ days=(u16)((pk->expiredate - pk->timestamp) / 86400L);
+
+ gcry_md_putc ( md, days >> 8 );
+ gcry_md_putc ( md, days );
+ }
+
+ gcry_md_putc ( md, pk->pubkey_algo );
+
+ if(npkey==0 && pk->pkey[0]
+ && gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE))
+ {
+ gcry_md_write (md, pp[0], nn[0]);
+ }
+ else
+ for(i=0; i < npkey; i++ )
+ {
+ gcry_md_write ( md, pp[i], nn[i] );
+ xfree(pp[i]);
+ }
+}
+
+static gcry_md_hd_t
+do_fingerprint_md( PKT_public_key *pk )
+{
+ gcry_md_hd_t md;
+
+ if (gcry_md_open (&md, DIGEST_ALGO_SHA1, 0))
+ BUG ();
+ hash_public_key(md,pk);
+ gcry_md_final( md );
+
+ return md;
+}
+
+static gcry_md_hd_t
+do_fingerprint_md_sk( PKT_secret_key *sk )
+{
+ PKT_public_key pk;
+ int npkey = pubkey_get_npkey( sk->pubkey_algo ); /* npkey is correct! */
+ int i;
+
+ if(npkey==0)
+ return NULL;
+
+ pk.pubkey_algo = sk->pubkey_algo;
+ pk.version = sk->version;
+ pk.timestamp = sk->timestamp;
+ pk.expiredate = sk->expiredate;
+ pk.pubkey_algo = sk->pubkey_algo;
+ for( i=0; i < npkey; i++ )
+ pk.pkey[i] = sk->skey[i];
+ return do_fingerprint_md( &pk );
+}
+
+
+u32
+v3_keyid (gcry_mpi_t a, u32 *ki)
+{
+ byte *buffer, *p;
+ size_t nbytes;
+
+ if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &nbytes, a ))
+ BUG ();
+ /* fixme: allocate it on the stack */
+ buffer = xmalloc (nbytes);
+ if (gcry_mpi_print( GCRYMPI_FMT_USG, buffer, nbytes, NULL, a ))
+ BUG ();
+ if (nbytes < 8) /* oops */
+ ki[0] = ki[1] = 0;
+ else
+ {
+ p = buffer + nbytes - 8;
+ ki[0] = (p[0] << 24) | (p[1] <<16) | (p[2] << 8) | p[3];
+ p += 4;
+ ki[1] = (p[0] << 24) | (p[1] <<16) | (p[2] << 8) | p[3];
+ }
+ xfree (buffer);
+ return ki[1];
+}
+
+
+size_t
+keystrlen(void)
+{
+ switch(opt.keyid_format)
+ {
+ case KF_SHORT:
+ return 8;
+
+ case KF_LONG:
+ return 16;
+
+ case KF_0xSHORT:
+ return 10;
+
+ case KF_0xLONG:
+ return 18;
+
+ default:
+ BUG();
+ }
+}
+
+const char *
+keystr(u32 *keyid)
+{
+ static char keyid_str[19];
+
+ switch(opt.keyid_format)
+ {
+ case KF_SHORT:
+ sprintf(keyid_str,"%08lX",(ulong)keyid[1]);
+ break;
+
+ case KF_LONG:
+ if(keyid[0])
+ sprintf(keyid_str,"%08lX%08lX",(ulong)keyid[0],(ulong)keyid[1]);
+ else
+ sprintf(keyid_str,"%08lX",(ulong)keyid[1]);
+ break;
+
+ case KF_0xSHORT:
+ sprintf(keyid_str,"0x%08lX",(ulong)keyid[1]);
+ break;
+
+ case KF_0xLONG:
+ if(keyid[0])
+ sprintf(keyid_str,"0x%08lX%08lX",(ulong)keyid[0],(ulong)keyid[1]);
+ else
+ sprintf(keyid_str,"0x%08lX",(ulong)keyid[1]);
+ break;
+
+ default:
+ BUG();
+ }
+
+ return keyid_str;
+}
+
+const char *
+keystr_from_pk(PKT_public_key *pk)
+{
+ keyid_from_pk(pk,NULL);
+
+ return keystr(pk->keyid);
+}
+
+const char *
+keystr_from_sk(PKT_secret_key *sk)
+{
+ keyid_from_sk(sk,NULL);
+
+ return keystr(sk->keyid);
+}
+
+const char *
+keystr_from_desc(KEYDB_SEARCH_DESC *desc)
+{
+ switch(desc->mode)
+ {
+ case KEYDB_SEARCH_MODE_LONG_KID:
+ case KEYDB_SEARCH_MODE_SHORT_KID:
+ return keystr(desc->u.kid);
+
+ case KEYDB_SEARCH_MODE_FPR20:
+ {
+ u32 keyid[2];
+
+ keyid[0] = ((unsigned char)desc->u.fpr[12] << 24
+ | (unsigned char)desc->u.fpr[13] << 16
+ | (unsigned char)desc->u.fpr[14] << 8
+ | (unsigned char)desc->u.fpr[15]);
+ keyid[1] = ((unsigned char)desc->u.fpr[16] << 24
+ | (unsigned char)desc->u.fpr[17] << 16
+ | (unsigned char)desc->u.fpr[18] << 8
+ | (unsigned char)desc->u.fpr[19]);
+
+ return keystr(keyid);
+ }
+
+ case KEYDB_SEARCH_MODE_FPR16:
+ return "?v3 fpr?";
+
+ default:
+ BUG();
+ }
+}
+
+/****************
+ * Get the keyid from the secret key and put it into keyid
+ * if this is not NULL. Return the 32 low bits of the keyid.
+ */
+u32
+keyid_from_sk( PKT_secret_key *sk, u32 *keyid )
+{
+ u32 lowbits;
+ u32 dummy_keyid[2];
+
+ if( !keyid )
+ keyid = dummy_keyid;
+
+ if( sk->keyid[0] || sk->keyid[1] )
+ {
+ keyid[0] = sk->keyid[0];
+ keyid[1] = sk->keyid[1];
+ lowbits = keyid[1];
+ }
+ else if( sk->version < 4 )
+ {
+ if( is_RSA(sk->pubkey_algo) )
+ {
+ lowbits = (pubkey_get_npkey (sk->pubkey_algo) ?
+ v3_keyid( sk->skey[0], keyid ) : 0); /* Take n. */
+ sk->keyid[0]=keyid[0];
+ sk->keyid[1]=keyid[1];
+ }
+ else
+ sk->keyid[0]=sk->keyid[1]=keyid[0]=keyid[1]=lowbits=0xFFFFFFFF;
+ }
+ else
+ {
+ const byte *dp;
+ gcry_md_hd_t md;
+
+ md = do_fingerprint_md_sk(sk);
+ if(md)
+ {
+ dp = gcry_md_read (md, 0);
+ keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
+ keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
+ lowbits = keyid[1];
+ gcry_md_close (md);
+ sk->keyid[0] = keyid[0];
+ sk->keyid[1] = keyid[1];
+ }
+ else
+ sk->keyid[0]=sk->keyid[1]=keyid[0]=keyid[1]=lowbits=0xFFFFFFFF;
+ }
+
+ return lowbits;
+}
+
+
+/****************
+ * Get the keyid from the public key and put it into keyid
+ * if this is not NULL. Return the 32 low bits of the keyid.
+ */
+u32
+keyid_from_pk( PKT_public_key *pk, u32 *keyid )
+{
+ u32 lowbits;
+ u32 dummy_keyid[2];
+
+ if( !keyid )
+ keyid = dummy_keyid;
+
+ if( pk->keyid[0] || pk->keyid[1] )
+ {
+ keyid[0] = pk->keyid[0];
+ keyid[1] = pk->keyid[1];
+ lowbits = keyid[1];
+ }
+ else if( pk->version < 4 )
+ {
+ if( is_RSA(pk->pubkey_algo) )
+ {
+ lowbits = (pubkey_get_npkey (pk->pubkey_algo) ?
+ v3_keyid ( pk->pkey[0], keyid ) : 0); /* From n. */
+ pk->keyid[0] = keyid[0];
+ pk->keyid[1] = keyid[1];
+ }
+ else
+ pk->keyid[0]=pk->keyid[1]=keyid[0]=keyid[1]=lowbits=0xFFFFFFFF;
+ }
+ else
+ {
+ const byte *dp;
+ gcry_md_hd_t md;
+
+ md = do_fingerprint_md(pk);
+ if(md)
+ {
+ dp = gcry_md_read ( md, 0 );
+ keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
+ keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
+ lowbits = keyid[1];
+ gcry_md_close (md);
+ pk->keyid[0] = keyid[0];
+ pk->keyid[1] = keyid[1];
+ }
+ else
+ pk->keyid[0]=pk->keyid[1]=keyid[0]=keyid[1]=lowbits=0xFFFFFFFF;
+ }
+
+ return lowbits;
+}
+
+
+/****************
+ * Get the keyid from the fingerprint. This function is simple for most
+ * keys, but has to do a keylookup for old stayle keys.
+ */
+u32
+keyid_from_fingerprint( const byte *fprint, size_t fprint_len, u32 *keyid )
+{
+ u32 dummy_keyid[2];
+
+ if( !keyid )
+ keyid = dummy_keyid;
+
+ if( fprint_len != 20 ) {
+ /* This is special as we have to lookup the key first */
+ PKT_public_key pk;
+ int rc;
+
+ memset( &pk, 0, sizeof pk );
+ rc = get_pubkey_byfprint( &pk, fprint, fprint_len );
+ if( rc ) {
+ log_error("Oops: keyid_from_fingerprint: no pubkey\n");
+ keyid[0] = 0;
+ keyid[1] = 0;
+ }
+ else
+ keyid_from_pk( &pk, keyid );
+ }
+ else {
+ const byte *dp = fprint;
+ keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
+ keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
+ }
+
+ return keyid[1];
+}
+
+
+u32
+keyid_from_sig( PKT_signature *sig, u32 *keyid )
+{
+ if( keyid ) {
+ keyid[0] = sig->keyid[0];
+ keyid[1] = sig->keyid[1];
+ }
+ return sig->keyid[1];
+}
+
+byte *
+namehash_from_uid(PKT_user_id *uid)
+{
+ if (!uid->namehash)
+ {
+ uid->namehash = xmalloc (20);
+
+ if(uid->attrib_data)
+ rmd160_hash_buffer (uid->namehash, uid->attrib_data, uid->attrib_len);
+ else
+ rmd160_hash_buffer (uid->namehash, uid->name, uid->len);
+ }
+
+ return uid->namehash;
+}
+
+/****************
+ * return the number of bits used in the pk
+ */
+unsigned
+nbits_from_pk( PKT_public_key *pk )
+{
+ return pubkey_nbits( pk->pubkey_algo, pk->pkey );
+}
+
+/****************
+ * return the number of bits used in the sk
+ */
+unsigned
+nbits_from_sk( PKT_secret_key *sk )
+{
+ return pubkey_nbits( sk->pubkey_algo, sk->skey );
+}
+
+static const char *
+mk_datestr (char *buffer, time_t atime)
+{
+ struct tm *tp;
+
+ if ( atime < 0 ) /* 32 bit time_t and after 2038-01-19 */
+ strcpy (buffer, "????" "-??" "-??"); /* mark this as invalid */
+ else {
+ tp = gmtime (&atime);
+ sprintf (buffer,"%04d-%02d-%02d",
+ 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
+ }
+ return buffer;
+}
+
+/****************
+ * return a string with the creation date of the pk
+ * Note: this is alloced in a static buffer.
+ * Format is: yyyy-mm-dd
+ */
+const char *
+datestr_from_pk( PKT_public_key *pk )
+{
+ static char buffer[11+5];
+ time_t atime = pk->timestamp;
+
+ return mk_datestr (buffer, atime);
+}
+
+const char *
+datestr_from_sk( PKT_secret_key *sk )
+{
+ static char buffer[11+5];
+ time_t atime = sk->timestamp;
+
+ return mk_datestr (buffer, atime);
+}
+
+const char *
+datestr_from_sig( PKT_signature *sig )
+{
+ static char buffer[11+5];
+ time_t atime = sig->timestamp;
+
+ return mk_datestr (buffer, atime);
+}
+
+const char *
+expirestr_from_pk( PKT_public_key *pk )
+{
+ static char buffer[11+5];
+ time_t atime;
+
+ if( !pk->expiredate )
+ return _("never ");
+ atime = pk->expiredate;
+ return mk_datestr (buffer, atime);
+}
+
+const char *
+expirestr_from_sk( PKT_secret_key *sk )
+{
+ static char buffer[11+5];
+ time_t atime;
+
+ if( !sk->expiredate )
+ return _("never ");
+ atime = sk->expiredate;
+ return mk_datestr (buffer, atime);
+}
+
+const char *
+expirestr_from_sig( PKT_signature *sig )
+{
+ static char buffer[11+5];
+ time_t atime;
+
+ if(!sig->expiredate)
+ return _("never ");
+ atime=sig->expiredate;
+ return mk_datestr (buffer, atime);
+}
+
+const char *
+revokestr_from_pk( PKT_public_key *pk )
+{
+ static char buffer[11+5];
+ time_t atime;
+
+ if(!pk->revoked.date)
+ return _("never ");
+ atime=pk->revoked.date;
+ return mk_datestr (buffer, atime);
+}
+
+
+const char *
+usagestr_from_pk( PKT_public_key *pk )
+{
+ static char buffer[10];
+ int i = 0;
+ unsigned int use = pk->pubkey_usage;
+
+ if ( use & PUBKEY_USAGE_SIG )
+ buffer[i++] = 'S';
+
+ if ( use & PUBKEY_USAGE_CERT )
+ buffer[i++] = 'C';
+
+ if ( use & PUBKEY_USAGE_ENC )
+ buffer[i++] = 'E';
+
+ if ( (use & PUBKEY_USAGE_AUTH) )
+ buffer[i++] = 'A';
+
+ while (i < 4)
+ buffer[i++] = ' ';
+
+ buffer[i] = 0;
+ return buffer;
+}
+
+
+const char *
+colon_strtime (u32 t)
+{
+ static char buf[20];
+
+ if (!t)
+ return "";
+ snprintf (buf, sizeof buf, "%lu", (ulong)t);
+ return buf;
+}
+
+const char *
+colon_datestr_from_pk (PKT_public_key *pk)
+{
+ static char buf[20];
+
+ snprintf (buf, sizeof buf, "%lu", (ulong)pk->timestamp);
+ return buf;
+}
+
+const char *
+colon_datestr_from_sk (PKT_secret_key *sk)
+{
+ static char buf[20];
+
+ snprintf (buf, sizeof buf, "%lu", (ulong)sk->timestamp);
+ return buf;
+}
+
+const char *
+colon_datestr_from_sig (PKT_signature *sig)
+{
+ static char buf[20];
+
+ snprintf (buf, sizeof buf, "%lu", (ulong)sig->timestamp);
+ return buf;
+}
+
+const char *
+colon_expirestr_from_sig (PKT_signature *sig)
+{
+ static char buf[20];
+
+ if (!sig->expiredate)
+ return "";
+
+ snprintf (buf, sizeof buf,"%lu", (ulong)sig->expiredate);
+ return buf;
+}
+
+
+/**************** .
+ * Return a byte array with the fingerprint for the given PK/SK
+ * The length of the array is returned in ret_len. Caller must free
+ * the array or provide an array of length MAX_FINGERPRINT_LEN.
+ */
+
+byte *
+fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len )
+{
+ byte *buf;
+ const byte *dp;
+ size_t len, nbytes;
+ int i;
+
+ if ( pk->version < 4 )
+ {
+ if ( is_RSA(pk->pubkey_algo) )
+ {
+ /* RSA in version 3 packets is special. */
+ gcry_md_hd_t md;
+
+ if (gcry_md_open (&md, DIGEST_ALGO_MD5, 0))
+ BUG ();
+ if ( pubkey_get_npkey (pk->pubkey_algo) > 1 )
+ {
+ for (i=0; i < 2; i++)
+ {
+ if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0,
+ &nbytes, pk->pkey[i]))
+ BUG ();
+ /* fixme: Better allocate BUF on the stack */
+ buf = xmalloc (nbytes);
+ if (gcry_mpi_print (GCRYMPI_FMT_USG, buf, nbytes,
+ NULL, pk->pkey[i]))
+ BUG ();
+ gcry_md_write (md, buf, nbytes);
+ xfree (buf);
+ }
+ }
+ gcry_md_final (md);
+ if (!array)
+ array = xmalloc (16);
+ len = 16;
+ memcpy (array, gcry_md_read (md, DIGEST_ALGO_MD5), 16);
+ gcry_md_close(md);
+ }
+ else
+ {
+ if (!array)
+ array = xmalloc(16);
+ len = 16;
+ memset (array,0,16);
+ }
+ }
+ else
+ {
+ gcry_md_hd_t md;
+
+ md = do_fingerprint_md(pk);
+ dp = gcry_md_read( md, 0 );
+ len = gcry_md_get_algo_dlen (gcry_md_get_algo (md));
+ assert( len <= MAX_FINGERPRINT_LEN );
+ if (!array)
+ array = xmalloc ( len );
+ memcpy (array, dp, len );
+ pk->keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
+ pk->keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
+ gcry_md_close( md);
+ }
+
+ *ret_len = len;
+ return array;
+}
+
+byte *
+fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len )
+{
+ byte *buf;
+ const char *dp;
+ size_t len, nbytes;
+ int i;
+
+ if (sk->version < 4)
+ {
+ if ( is_RSA(sk->pubkey_algo) )
+ {
+ /* RSA in version 3 packets is special. */
+ gcry_md_hd_t md;
+
+ if (gcry_md_open (&md, DIGEST_ALGO_MD5, 0))
+ BUG ();
+ if (pubkey_get_npkey( sk->pubkey_algo ) > 1)
+ {
+ for (i=0; i < 2; i++)
+ {
+ if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0,
+ &nbytes, sk->skey[i]))
+ BUG ();
+ /* fixme: Better allocate BUF on the stack */
+ buf = xmalloc (nbytes);
+ if (gcry_mpi_print (GCRYMPI_FMT_USG, buf, nbytes,
+ NULL, sk->skey[i]))
+ BUG ();
+ gcry_md_write (md, buf, nbytes);
+ xfree (buf);
+ }
+ }
+ gcry_md_final(md);
+ if (!array)
+ array = xmalloc (16);
+ len = 16;
+ memcpy (array, gcry_md_read (md, DIGEST_ALGO_MD5), 16);
+ gcry_md_close (md);
+ }
+ else
+ {
+ if (!array)
+ array = xmalloc (16);
+ len=16;
+ memset (array,0,16);
+ }
+ }
+ else
+ {
+ gcry_md_hd_t md;
+
+ md = do_fingerprint_md_sk(sk);
+ if (md)
+ {
+ dp = gcry_md_read ( md, 0 );
+ len = gcry_md_get_algo_dlen ( gcry_md_get_algo (md) );
+ assert ( len <= MAX_FINGERPRINT_LEN );
+ if (!array)
+ array = xmalloc( len );
+ memcpy (array, dp, len);
+ gcry_md_close (md);
+ }
+ else
+ {
+ len = MAX_FINGERPRINT_LEN;
+ if (!array)
+ array = xmalloc (len);
+ memset (array, 0, len);
+ }
+ }
+
+ *ret_len = len;
+ return array;
+}
+
+
+/* Create a serialno/fpr string from the serial number and the secret
+ key. Caller must free the returned string. There is no error
+ return. */
+char *
+serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen,
+ PKT_secret_key *sk)
+{
+ unsigned char fpr[MAX_FINGERPRINT_LEN];
+ size_t fprlen;
+ char *buffer, *p;
+ int i;
+
+ fingerprint_from_sk (sk, fpr, &fprlen);
+ buffer = p = xmalloc (snlen*2 + 1 + fprlen*2 + 1);
+ for (i=0; i < snlen; i++, p+=2)
+ sprintf (p, "%02X", sn[i]);
+ *p++ = '/';
+ for (i=0; i < fprlen; i++, p+=2)
+ sprintf (p, "%02X", fpr[i]);
+ *p = 0;
+ return buffer;
+}
diff --git a/g10/keylist.c b/g10/keylist.c
new file mode 100644
index 0000000..8201260
--- /dev/null
+++ b/g10/keylist.c
@@ -0,0 +1,1665 @@
+/* keylist.c - print keys
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
+ * 2008, 2012 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#ifdef HAVE_DOSISH_SYSTEM
+#include <fcntl.h> /* for setmode() */
+#endif
+
+#include "gpg.h"
+#include "options.h"
+#include "packet.h"
+#include "status.h"
+#include "keydb.h"
+#include "photoid.h"
+#include "util.h"
+#include "ttyio.h"
+#include "trustdb.h"
+#include "main.h"
+#include "i18n.h"
+#include "status.h"
+
+static void list_all(int);
+static void list_one( strlist_t names, int secret);
+static void locate_one (strlist_t names);
+static void print_card_serialno (PKT_secret_key *sk);
+
+struct sig_stats
+{
+ int inv_sigs;
+ int no_key;
+ int oth_err;
+};
+
+/* The stream used to write attribute packets to. */
+static FILE *attrib_fp = NULL;
+
+/****************
+ * List the keys
+ * If list is NULL, all available keys are listed
+ */
+void
+public_key_list( strlist_t list, int locate_mode )
+{
+ if (opt.with_colons)
+ {
+ byte trust_model,marginals,completes,cert_depth,min_cert_level;
+ ulong created,nextcheck;
+
+ read_trust_options(&trust_model,&created,&nextcheck,
+ &marginals,&completes,&cert_depth,&min_cert_level);
+
+ printf("tru:");
+
+ if(nextcheck && nextcheck <= make_timestamp())
+ printf("o");
+ if(trust_model!=opt.trust_model)
+ printf("t");
+ if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
+ {
+ if(marginals!=opt.marginals_needed)
+ printf("m");
+ if(completes!=opt.completes_needed)
+ printf("c");
+ if(cert_depth!=opt.max_cert_depth)
+ printf("d");
+ if(min_cert_level!=opt.min_cert_level)
+ printf("l");
+ }
+
+ printf(":%d:%lu:%lu",trust_model,created,nextcheck);
+
+ /* Only show marginals, completes, and cert_depth in the classic
+ or PGP trust models since they are not meaningful
+ otherwise. */
+
+ if(trust_model==TM_PGP || trust_model==TM_CLASSIC)
+ printf(":%d:%d:%d",marginals,completes,cert_depth);
+
+ printf("\n");
+ }
+
+ /* We need to do the stale check right here because it might need to
+ update the keyring while we already have the keyring open. This
+ is very bad for W32 because of a sharing violation. For real OSes
+ it might lead to false results if we are later listing a keyring
+ which is associated with the inode of a deleted file. */
+ check_trustdb_stale ();
+
+ if (locate_mode)
+ locate_one (list);
+ else if (!list)
+ list_all (0);
+ else
+ list_one (list, 0);
+}
+
+
+void
+secret_key_list( strlist_t list )
+{
+ check_trustdb_stale ();
+
+ if( !list )
+ list_all(1);
+ else /* List by user id */
+ list_one( list, 1 );
+}
+
+void
+print_seckey_info (PKT_secret_key *sk)
+{
+ u32 keyid[2];
+ char *p;
+
+ keyid_from_sk (sk, keyid);
+ p=get_user_id_native(keyid);
+
+ tty_printf ("\nsec %4u%c/%s %s %s\n",
+ nbits_from_sk (sk),
+ pubkey_letter (sk->pubkey_algo),
+ keystr(keyid), datestr_from_sk (sk), p);
+
+ xfree (p);
+}
+
+/* Print information about the public key. With FP passed as NULL,
+ the tty output interface is used, otherwise output is directted to
+ the given stream. */
+void
+print_pubkey_info (FILE *fp, PKT_public_key *pk)
+{
+ u32 keyid[2];
+ char *p;
+
+ keyid_from_pk (pk, keyid);
+
+ /* If the pk was chosen by a particular user ID, that is the one to
+ print. */
+ if(pk->user_id)
+ p=utf8_to_native(pk->user_id->name,pk->user_id->len,0);
+ else
+ p=get_user_id_native(keyid);
+
+ if (fp)
+ fprintf (fp, "pub %4u%c/%s %s %s\n",
+ nbits_from_pk (pk),
+ pubkey_letter (pk->pubkey_algo),
+ keystr(keyid), datestr_from_pk (pk), p);
+ else
+ tty_printf ("\npub %4u%c/%s %s %s\n",
+ nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
+ keystr(keyid), datestr_from_pk (pk), p);
+
+ xfree (p);
+}
+
+
+/* Print basic information of a secret key including the card serial
+ number information. */
+void
+print_card_key_info (FILE *fp, KBNODE keyblock)
+{
+ KBNODE node;
+ int i;
+
+ for (node = keyblock; node; node = node->next )
+ {
+ if (node->pkt->pkttype == PKT_SECRET_KEY
+ || (node->pkt->pkttype == PKT_SECRET_SUBKEY) )
+ {
+ PKT_secret_key *sk = node->pkt->pkt.secret_key;
+
+ tty_fprintf (fp, "%s%c %4u%c/%s ",
+ node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
+ (sk->protect.s2k.mode==1001)?'#':
+ (sk->protect.s2k.mode==1002)?'>':' ',
+ nbits_from_sk (sk),
+ pubkey_letter (sk->pubkey_algo),
+ keystr_from_sk(sk));
+ tty_fprintf (fp, _("created: %s"), datestr_from_sk (sk));
+ tty_fprintf (fp, " ");
+ tty_fprintf (fp, _("expires: %s"), expirestr_from_sk (sk));
+ if (sk->is_protected && sk->protect.s2k.mode == 1002)
+ {
+ tty_fprintf (fp, "\n ");
+ tty_fprintf (fp, _("card-no: "));
+ if (sk->protect.ivlen == 16
+ && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
+ {
+ /* This is an OpenPGP card. */
+ for (i=8; i < 14; i++)
+ {
+ if (i == 10)
+ tty_fprintf (fp, " ");
+ tty_fprintf (fp, "%02X", sk->protect.iv[i]);
+ }
+ }
+ else
+ { /* Something is wrong: Print all. */
+ for (i=0; i < sk->protect.ivlen; i++)
+ tty_fprintf (fp, "%02X", sk->protect.iv[i]);
+ }
+ }
+ tty_fprintf (fp, "\n");
+ }
+ }
+}
+
+
+
+/* Flags = 0x01 hashed 0x02 critical */
+static void
+status_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
+{
+ char status[40];
+
+ /* Don't print these. */
+ if(len>256)
+ return;
+
+ sprintf(status,"%d %u %u ",type,flags,(unsigned int)len);
+
+ write_status_text_and_buffer(STATUS_SIG_SUBPACKET,status,buf,len,0);
+}
+
+/*
+ mode=0 for stdout.
+ mode=1 for log_info + status messages
+ mode=2 for status messages only
+*/
+
+void
+show_policy_url(PKT_signature *sig,int indent,int mode)
+{
+ const byte *p;
+ size_t len;
+ int seq=0,crit;
+ FILE *fp=mode?log_get_stream():stdout;
+
+ while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY,&len,&seq,&crit)))
+ {
+ if(mode!=2)
+ {
+ int i;
+ const char *str;
+
+ for(i=0;i<indent;i++)
+ putchar(' ');
+
+ if(crit)
+ str=_("Critical signature policy: ");
+ else
+ str=_("Signature policy: ");
+ if(mode)
+ log_info("%s",str);
+ else
+ printf("%s",str);
+ print_utf8_string(fp,p,len);
+ fprintf(fp,"\n");
+ }
+
+ if(mode)
+ write_status_buffer ( STATUS_POLICY_URL, p, len, 0 );
+ }
+}
+
+/*
+ mode=0 for stdout.
+ mode=1 for log_info + status messages
+ mode=2 for status messages only
+*/
+/* TODO: use this */
+void
+show_keyserver_url(PKT_signature *sig,int indent,int mode)
+{
+ const byte *p;
+ size_t len;
+ int seq=0,crit;
+ FILE *fp=mode?log_get_stream():stdout;
+
+ while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&len,&seq,&crit)))
+ {
+ if(mode!=2)
+ {
+ int i;
+ const char *str;
+
+ for(i=0;i<indent;i++)
+ putchar(' ');
+
+ if(crit)
+ str=_("Critical preferred keyserver: ");
+ else
+ str=_("Preferred keyserver: ");
+ if(mode)
+ log_info("%s",str);
+ else
+ printf("%s",str);
+ print_utf8_string(fp,p,len);
+ fprintf(fp,"\n");
+ }
+
+ if(mode)
+ status_one_subpacket(SIGSUBPKT_PREF_KS,len,(crit?0x02:0)|0x01,p);
+ }
+}
+
+/*
+ mode=0 for stdout.
+ mode=1 for log_info + status messages
+ mode=2 for status messages only
+
+ which bits:
+ 1 == standard notations
+ 2 == user notations
+*/
+
+void
+show_notation(PKT_signature *sig,int indent,int mode,int which)
+{
+ FILE *fp=mode?log_get_stream():stdout;
+ struct notation *nd,*notations;
+
+ if(which==0)
+ which=3;
+
+ notations=sig_to_notation(sig);
+
+ /* There may be multiple notations in the same sig. */
+ for(nd=notations;nd;nd=nd->next)
+ {
+ if(mode!=2)
+ {
+ int has_at=!!strchr(nd->name,'@');
+
+ if((which&1 && !has_at) || (which&2 && has_at))
+ {
+ int i;
+ const char *str;
+
+ for(i=0;i<indent;i++)
+ putchar(' ');
+
+ if(nd->flags.critical)
+ str=_("Critical signature notation: ");
+ else
+ str=_("Signature notation: ");
+ if(mode)
+ log_info("%s",str);
+ else
+ printf("%s",str);
+ /* This is all UTF8 */
+ print_utf8_string(fp,nd->name,strlen(nd->name));
+ fprintf(fp,"=");
+ print_utf8_string(fp,nd->value,strlen(nd->value));
+ fprintf(fp,"\n");
+ }
+ }
+
+ if(mode)
+ {
+ write_status_buffer(STATUS_NOTATION_NAME,
+ nd->name,strlen(nd->name),0);
+ write_status_buffer(STATUS_NOTATION_DATA,
+ nd->value,strlen(nd->value),50);
+ }
+ }
+
+ free_notation(notations);
+}
+
+static void
+print_signature_stats(struct sig_stats *s)
+{
+ if( s->inv_sigs == 1 )
+ tty_printf(_("1 bad signature\n") );
+ else if( s->inv_sigs )
+ tty_printf(_("%d bad signatures\n"), s->inv_sigs );
+ if( s->no_key == 1 )
+ tty_printf(_("1 signature not checked due to a missing key\n") );
+ else if( s->no_key )
+ tty_printf(_("%d signatures not checked due to missing keys\n"),s->no_key);
+ if( s->oth_err == 1 )
+ tty_printf(_("1 signature not checked due to an error\n") );
+ else if( s->oth_err )
+ tty_printf(_("%d signatures not checked due to errors\n"), s->oth_err );
+}
+
+static void
+list_all( int secret )
+{
+ KEYDB_HANDLE hd;
+ KBNODE keyblock = NULL;
+ int rc=0;
+ const char *lastresname, *resname;
+ struct sig_stats stats;
+
+ memset(&stats,0,sizeof(stats));
+
+ hd = keydb_new (secret);
+ if (!hd)
+ rc = G10ERR_GENERAL;
+ else
+ rc = keydb_search_first (hd);
+ if( rc ) {
+ if( rc != -1 )
+ log_error("keydb_search_first failed: %s\n", g10_errstr(rc) );
+ goto leave;
+ }
+
+ lastresname = NULL;
+ do {
+ rc = keydb_get_keyblock (hd, &keyblock);
+ if (rc) {
+ log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
+ goto leave;
+ }
+ if(!opt.with_colons)
+ {
+ resname = keydb_get_resource_name (hd);
+ if (lastresname != resname )
+ {
+ int i;
+
+ printf("%s\n", resname );
+ for(i=strlen(resname); i; i-- )
+ putchar('-');
+ putchar('\n');
+ lastresname = resname;
+ }
+ }
+ merge_keys_and_selfsig( keyblock );
+ list_keyblock( keyblock, secret, opt.fingerprint,
+ opt.check_sigs?&stats:NULL);
+ release_kbnode( keyblock );
+ keyblock = NULL;
+ } while (!(rc = keydb_search_next (hd)));
+ if( rc && rc != -1 )
+ log_error ("keydb_search_next failed: %s\n", g10_errstr(rc));
+
+ if(opt.check_sigs && !opt.with_colons)
+ print_signature_stats(&stats);
+
+ leave:
+ release_kbnode (keyblock);
+ keydb_release (hd);
+}
+
+
+static void
+list_one( strlist_t names, int secret )
+{
+ int rc = 0;
+ KBNODE keyblock = NULL;
+ GETKEY_CTX ctx;
+ const char *resname;
+ const char *keyring_str = _("Keyring");
+ int i;
+ struct sig_stats stats;
+
+ memset(&stats,0,sizeof(stats));
+
+ /* fixme: using the bynames function has the disadvantage that we
+ * don't know wether one of the names given was not found. OTOH,
+ * this function has the advantage to list the names in the
+ * sequence as defined by the keyDB and does not duplicate
+ * outputs. A solution could be do test whether all given have
+ * been listed (this needs a way to use the keyDB search
+ * functions) or to have the search function return indicators for
+ * found names. Yet another way is to use the keydb search
+ * facilities directly. */
+ if( secret ) {
+ rc = get_seckey_bynames( &ctx, NULL, names, &keyblock );
+ if( rc ) {
+ log_error("error reading key: %s\n", g10_errstr(rc) );
+ get_seckey_end( ctx );
+ return;
+ }
+ do {
+ if ((opt.list_options&LIST_SHOW_KEYRING) && !opt.with_colons) {
+ resname = keydb_get_resource_name (get_ctx_handle(ctx));
+ printf("%s: %s\n", keyring_str, resname);
+ for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- )
+ putchar('-');
+ putchar('\n');
+ }
+ list_keyblock( keyblock, 1, opt.fingerprint, NULL );
+ release_kbnode( keyblock );
+ } while( !get_seckey_next( ctx, NULL, &keyblock ) );
+ get_seckey_end( ctx );
+ }
+ else {
+ rc = get_pubkey_bynames( &ctx, NULL, names, &keyblock );
+ if( rc ) {
+ log_error("error reading key: %s\n", g10_errstr(rc) );
+ get_pubkey_end( ctx );
+ return;
+ }
+ do {
+ if ((opt.list_options&LIST_SHOW_KEYRING) && !opt.with_colons) {
+ resname = keydb_get_resource_name (get_ctx_handle(ctx));
+ printf("%s: %s\n", keyring_str, resname);
+ for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- )
+ putchar('-');
+ putchar('\n');
+ }
+ list_keyblock( keyblock, 0, opt.fingerprint,
+ opt.check_sigs?&stats:NULL );
+ release_kbnode( keyblock );
+ } while( !get_pubkey_next( ctx, NULL, &keyblock ) );
+ get_pubkey_end( ctx );
+ }
+
+ if(opt.check_sigs && !opt.with_colons)
+ print_signature_stats(&stats);
+}
+
+
+static void
+locate_one (strlist_t names)
+{
+ int rc = 0;
+ strlist_t sl;
+ GETKEY_CTX ctx = NULL;
+ KBNODE keyblock = NULL;
+ struct sig_stats stats;
+
+ memset (&stats,0,sizeof(stats));
+
+ for (sl=names; sl; sl = sl->next)
+ {
+ rc = get_pubkey_byname (&ctx, NULL, sl->d, &keyblock, NULL, 1, 0);
+ if (rc)
+ {
+ if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
+ log_error ("error reading key: %s\n", g10_errstr(rc) );
+ }
+ else
+ {
+ do
+ {
+ list_keyblock (keyblock, 0, opt.fingerprint,
+ opt.check_sigs? &stats : NULL );
+ release_kbnode (keyblock);
+ }
+ while ( ctx && !get_pubkey_next (ctx, NULL, &keyblock));
+ get_pubkey_end (ctx);
+ ctx = NULL;
+ }
+ }
+
+ if (opt.check_sigs && !opt.with_colons)
+ print_signature_stats (&stats);
+}
+
+
+static void
+print_key_data( PKT_public_key *pk )
+{
+ int n = pk ? pubkey_get_npkey( pk->pubkey_algo ) : 0;
+ int i;
+
+ for(i=0; i < n; i++ ) {
+ printf("pkd:%d:%u:", i, mpi_get_nbits( pk->pkey[i] ) );
+ mpi_print(stdout, pk->pkey[i], 1 );
+ putchar(':');
+ putchar('\n');
+ }
+}
+
+static void
+print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
+{
+ if(pk || (sk && sk->protect.s2k.mode!=1001))
+ {
+ unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage;
+ int c_printed = 0;
+
+ if ( use & PUBKEY_USAGE_ENC )
+ putchar ('e');
+
+ if ( use & PUBKEY_USAGE_SIG )
+ {
+ putchar ('s');
+ if( pk? pk->is_primary : sk->is_primary )
+ {
+ putchar ('c');
+ /* The PUBKEY_USAGE_CERT flag was introduced later and
+ we used to always print 'c' for a primary key. To
+ avoid any regression here we better track whether we
+ printed 'c' already. */
+ c_printed = 1;
+ }
+ }
+
+ if ( (use & PUBKEY_USAGE_CERT) && !c_printed )
+ putchar ('c');
+
+ if ( (use & PUBKEY_USAGE_AUTH) )
+ putchar ('a');
+ }
+
+ if ( keyblock ) { /* figure out the usable capabilities */
+ KBNODE k;
+ int enc=0, sign=0, cert=0, auth=0, disabled=0;
+
+ for (k=keyblock; k; k = k->next ) {
+ if ( k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ pk = k->pkt->pkt.public_key;
+
+ if(pk->is_primary)
+ disabled=pk_is_disabled(pk);
+
+ if ( pk->is_valid && !pk->is_revoked && !pk->has_expired ) {
+ if ( pk->pubkey_usage & PUBKEY_USAGE_ENC )
+ enc = 1;
+ if ( pk->pubkey_usage & PUBKEY_USAGE_SIG )
+ {
+ sign = 1;
+ if(pk->is_primary)
+ cert = 1;
+ }
+ if ( pk->pubkey_usage & PUBKEY_USAGE_CERT )
+ cert = 1;
+ if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) )
+ auth = 1;
+ }
+ }
+ else if ( k->pkt->pkttype == PKT_SECRET_KEY
+ || k->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ sk = k->pkt->pkt.secret_key;
+ if ( sk->is_valid && !sk->is_revoked && !sk->has_expired
+ && sk->protect.s2k.mode!=1001 ) {
+ if ( sk->pubkey_usage & PUBKEY_USAGE_ENC )
+ enc = 1;
+ if ( sk->pubkey_usage & PUBKEY_USAGE_SIG )
+ {
+ sign = 1;
+ if(sk->is_primary)
+ cert = 1;
+ }
+ if ( (sk->pubkey_usage & PUBKEY_USAGE_CERT) )
+ cert = 1;
+ if ( (sk->pubkey_usage & PUBKEY_USAGE_AUTH) )
+ auth = 1;
+ }
+ }
+ }
+ if (enc)
+ putchar ('E');
+ if (sign)
+ putchar ('S');
+ if (cert)
+ putchar ('C');
+ if (auth)
+ putchar ('A');
+ if (disabled)
+ putchar ('D');
+ }
+
+ putchar(':');
+}
+
+/* Flags = 0x01 hashed 0x02 critical */
+static void
+print_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
+{
+ size_t i;
+
+ printf("spk:%d:%u:%u:",type,flags,(unsigned int)len);
+
+ for(i=0;i<len;i++)
+ {
+ /* printable ascii other than : and % */
+ if(buf[i]>=32 && buf[i]<=126 && buf[i]!=':' && buf[i]!='%')
+ printf("%c",buf[i]);
+ else
+ printf("%%%02X",buf[i]);
+ }
+
+ printf("\n");
+}
+
+void
+print_subpackets_colon(PKT_signature *sig)
+{
+ byte *i;
+
+ assert(opt.show_subpackets);
+
+ for(i=opt.show_subpackets;*i;i++)
+ {
+ const byte *p;
+ size_t len;
+ int seq,crit;
+
+ seq=0;
+
+ while((p=enum_sig_subpkt(sig->hashed,*i,&len,&seq,&crit)))
+ print_one_subpacket(*i,len,0x01|(crit?0x02:0),p);
+
+ seq=0;
+
+ while((p=enum_sig_subpkt(sig->unhashed,*i,&len,&seq,&crit)))
+ print_one_subpacket(*i,len,0x00|(crit?0x02:0),p);
+ }
+}
+
+void
+dump_attribs(const PKT_user_id *uid,PKT_public_key *pk,PKT_secret_key *sk)
+{
+ int i;
+
+ if(!attrib_fp)
+ return;
+
+ for(i=0;i<uid->numattribs;i++)
+ {
+ if(is_status_enabled())
+ {
+ byte array[MAX_FINGERPRINT_LEN], *p;
+ char buf[(MAX_FINGERPRINT_LEN*2)+90];
+ size_t j,n;
+
+ if(pk)
+ fingerprint_from_pk( pk, array, &n );
+ else if(sk)
+ fingerprint_from_sk( sk, array, &n );
+ else
+ BUG();
+
+ p = array;
+ for(j=0; j < n ; j++, p++ )
+ sprintf(buf+2*j, "%02X", *p );
+
+ sprintf(buf+strlen(buf)," %lu %u %u %u %lu %lu %u",
+ (ulong)uid->attribs[i].len,uid->attribs[i].type,i+1,
+ uid->numattribs,(ulong)uid->created,(ulong)uid->expiredate,
+ ((uid->is_primary?0x01:0)|
+ (uid->is_revoked?0x02:0)|
+ (uid->is_expired?0x04:0)));
+ write_status_text(STATUS_ATTRIBUTE,buf);
+ }
+
+ fwrite(uid->attribs[i].data,uid->attribs[i].len,1,attrib_fp);
+ fflush (attrib_fp);
+ }
+}
+
+static void
+list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
+{
+ int rc = 0;
+ KBNODE kbctx;
+ KBNODE node;
+ PKT_public_key *pk;
+ PKT_secret_key *sk;
+ struct sig_stats *stats=opaque;
+ int skip_sigs=0;
+
+ /* get the keyid from the keyblock */
+ node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
+ if( !node ) {
+ log_error("Oops; key lost!\n");
+ dump_kbnode( keyblock );
+ return;
+ }
+
+ if( secret )
+ {
+ pk = NULL;
+ sk = node->pkt->pkt.secret_key;
+
+ printf("sec%c %4u%c/%s %s",(sk->protect.s2k.mode==1001)?'#':
+ (sk->protect.s2k.mode==1002)?'>':' ',
+ nbits_from_sk( sk ),pubkey_letter( sk->pubkey_algo ),
+ keystr_from_sk(sk),datestr_from_sk( sk ));
+
+ if(sk->has_expired)
+ {
+ printf(" [");
+ printf(_("expired: %s"),expirestr_from_sk(sk));
+ printf("]");
+ }
+ else if(sk->expiredate )
+ {
+ printf(" [");
+ printf(_("expires: %s"),expirestr_from_sk(sk));
+ printf("]");
+ }
+
+ printf("\n");
+ }
+ else
+ {
+ pk = node->pkt->pkt.public_key;
+ sk = NULL;
+
+ check_trustdb_stale();
+
+ printf("pub %4u%c/%s %s",
+ nbits_from_pk(pk),pubkey_letter(pk->pubkey_algo),
+ keystr_from_pk(pk),datestr_from_pk( pk ));
+
+ /* We didn't include this before in the key listing, but there
+ is room in the new format, so why not? */
+
+ if(pk->is_revoked)
+ {
+ printf(" [");
+ printf(_("revoked: %s"),revokestr_from_pk(pk));
+ printf("]");
+ }
+ else if(pk->has_expired)
+ {
+ printf(" [");
+ printf(_("expired: %s"),expirestr_from_pk(pk));
+ printf("]");
+ }
+ else if(pk->expiredate)
+ {
+ printf(" [");
+ printf(_("expires: %s"),expirestr_from_pk(pk));
+ printf("]");
+ }
+
+#if 0
+ /* I need to think about this some more. It's easy enough to
+ include, but it looks sort of confusing in the
+ listing... */
+ if(opt.list_options&LIST_SHOW_VALIDITY)
+ {
+ int validity=get_validity(pk,NULL);
+ printf(" [%s]",trust_value_to_string(validity));
+ }
+#endif
+
+ printf("\n");
+ }
+
+ if( fpr )
+ print_fingerprint( pk, sk, 0 );
+ print_card_serialno (sk);
+ if( opt.with_key_data )
+ print_key_data( pk );
+
+ for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
+ if( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode ) {
+ PKT_user_id *uid=node->pkt->pkt.user_id;
+
+ if(pk && (uid->is_expired || uid->is_revoked)
+ && !(opt.list_options&LIST_SHOW_UNUSABLE_UIDS))
+ {
+ skip_sigs=1;
+ continue;
+ }
+ else
+ skip_sigs=0;
+
+ if(attrib_fp && uid->attrib_data!=NULL)
+ dump_attribs(uid,pk,sk);
+
+ if((uid->is_revoked || uid->is_expired)
+ || ((opt.list_options&LIST_SHOW_UID_VALIDITY) && pk))
+ {
+ const char *validity;
+ int indent;
+
+ validity=uid_trust_string_fixed(pk,uid);
+ indent=(keystrlen()+9)-atoi(uid_trust_string_fixed(NULL,NULL));
+
+ if(indent<0 || indent>40)
+ indent=0;
+
+ printf("uid%*s%s ",indent,"",validity);
+ }
+ else
+ printf("uid%*s", (int)keystrlen()+10,"");
+
+ print_utf8_string( stdout, uid->name, uid->len );
+ putchar('\n');
+
+ if((opt.list_options&LIST_SHOW_PHOTOS) && uid->attribs!=NULL)
+ show_photos(uid->attribs,uid->numattribs,pk,sk,uid);
+ }
+ else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ {
+ PKT_public_key *pk2 = node->pkt->pkt.public_key;
+
+ if((pk2->is_revoked || pk2->has_expired)
+ && !(opt.list_options&LIST_SHOW_UNUSABLE_SUBKEYS))
+ {
+ skip_sigs=1;
+ continue;
+ }
+ else
+ skip_sigs=0;
+
+ printf("sub %4u%c/%s %s",
+ nbits_from_pk( pk2 ),pubkey_letter( pk2->pubkey_algo ),
+ keystr_from_pk(pk2),datestr_from_pk(pk2));
+ if( pk2->is_revoked )
+ {
+ printf(" [");
+ printf(_("revoked: %s"),revokestr_from_pk(pk2));
+ printf("]");
+ }
+ else if( pk2->has_expired )
+ {
+ printf(" [");
+ printf(_("expired: %s"),expirestr_from_pk(pk2));
+ printf("]");
+ }
+ else if( pk2->expiredate )
+ {
+ printf(" [");
+ printf(_("expires: %s"),expirestr_from_pk(pk2));
+ printf("]");
+ }
+ putchar('\n');
+ if( fpr > 1 )
+ print_fingerprint( pk2, NULL, 0 );
+ if( opt.with_key_data )
+ print_key_data( pk2 );
+ }
+ else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
+ {
+ PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
+
+ printf("ssb%c %4u%c/%s %s",
+ (sk2->protect.s2k.mode==1001)?'#':
+ (sk2->protect.s2k.mode==1002)?'>':' ',
+ nbits_from_sk( sk2 ),pubkey_letter( sk2->pubkey_algo ),
+ keystr_from_sk(sk2),datestr_from_sk( sk2 ) );
+ if( sk2->expiredate )
+ {
+ printf(" [");
+ printf(_("expires: %s"),expirestr_from_sk(sk2));
+ printf("]");
+ }
+ putchar('\n');
+ if( fpr > 1 )
+ {
+ print_fingerprint( NULL, sk2, 0 );
+ print_card_serialno (sk2);
+ }
+ }
+ else if( opt.list_sigs
+ && node->pkt->pkttype == PKT_SIGNATURE
+ && !skip_sigs ) {
+ PKT_signature *sig = node->pkt->pkt.signature;
+ int sigrc;
+ char *sigstr;
+
+ if( stats ) {
+ /*fflush(stdout);*/
+ rc = check_key_signature( keyblock, node, NULL );
+ switch( gpg_err_code (rc) ) {
+ case 0: sigrc = '!'; break;
+ case GPG_ERR_BAD_SIGNATURE:
+ stats->inv_sigs++; sigrc = '-'; break;
+ case GPG_ERR_NO_PUBKEY:
+ case GPG_ERR_UNUSABLE_PUBKEY: stats->no_key++; continue;
+ default: stats->oth_err++; sigrc = '%'; break;
+ }
+
+ /* TODO: Make sure a cached sig record here still has
+ the pk that issued it. See also
+ keyedit.c:print_and_check_one_sig */
+ }
+ else {
+ rc = 0;
+ sigrc = ' ';
+ }
+
+ if( sig->sig_class == 0x20 || sig->sig_class == 0x28
+ || sig->sig_class == 0x30 )
+ sigstr = "rev";
+ else if( (sig->sig_class&~3) == 0x10 )
+ sigstr = "sig";
+ else if( sig->sig_class == 0x18 )
+ sigstr = "sig";
+ else if( sig->sig_class == 0x1F )
+ sigstr = "sig";
+ else {
+ printf("sig "
+ "[unexpected signature class 0x%02x]\n",sig->sig_class );
+ continue;
+ }
+
+ fputs( sigstr, stdout );
+ printf("%c%c %c%c%c%c%c%c %s %s",
+ sigrc,(sig->sig_class-0x10>0 &&
+ sig->sig_class-0x10<4)?'0'+sig->sig_class-0x10:' ',
+ sig->flags.exportable?' ':'L',
+ sig->flags.revocable?' ':'R',
+ sig->flags.policy_url?'P':' ',
+ sig->flags.notation?'N':' ',
+ sig->flags.expired?'X':' ',
+ (sig->trust_depth>9)?'T':
+ (sig->trust_depth>0)?'0'+sig->trust_depth:' ',
+ keystr(sig->keyid),datestr_from_sig(sig));
+ if(opt.list_options&LIST_SHOW_SIG_EXPIRE)
+ printf(" %s", expirestr_from_sig(sig));
+ printf(" ");
+ if( sigrc == '%' )
+ printf("[%s] ", g10_errstr(rc) );
+ else if( sigrc == '?' )
+ ;
+ else if ( !opt.fast_list_mode ) {
+ size_t n;
+ char *p = get_user_id( sig->keyid, &n );
+ print_utf8_string( stdout, p, n );
+ xfree(p);
+ }
+ putchar('\n');
+
+ if(sig->flags.policy_url
+ && (opt.list_options&LIST_SHOW_POLICY_URLS))
+ show_policy_url(sig,3,0);
+
+ if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATIONS))
+ show_notation(sig,3,0,
+ ((opt.list_options&LIST_SHOW_STD_NOTATIONS)?1:0)+
+ ((opt.list_options&LIST_SHOW_USER_NOTATIONS)?2:0));
+
+ if(sig->flags.pref_ks
+ && (opt.list_options&LIST_SHOW_KEYSERVER_URLS))
+ show_keyserver_url(sig,3,0);
+
+ /* fixme: check or list other sigs here */
+ }
+ }
+ putchar('\n');
+}
+
+void
+print_revokers(PKT_public_key *pk)
+{
+ /* print the revoker record */
+ if( !pk->revkey && pk->numrevkeys )
+ BUG();
+ else
+ {
+ int i,j;
+
+ for (i=0; i < pk->numrevkeys; i++)
+ {
+ byte *p;
+
+ printf ("rvk:::%d::::::", pk->revkey[i].algid);
+ p = pk->revkey[i].fpr;
+ for (j=0; j < 20; j++, p++ )
+ printf ("%02X", *p);
+ printf (":%02x%s:\n", pk->revkey[i].class,
+ (pk->revkey[i].class&0x40)?"s":"");
+ }
+ }
+}
+
+static void
+list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
+{
+ int rc = 0;
+ KBNODE kbctx;
+ KBNODE node;
+ PKT_public_key *pk;
+ PKT_secret_key *sk;
+ u32 keyid[2];
+ int trustletter = 0;
+ int ulti_hack = 0;
+ int i;
+
+ /* get the keyid from the keyblock */
+ node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
+ if ( !node )
+ {
+ log_error("Oops; key lost!\n");
+ dump_kbnode( keyblock );
+ return;
+ }
+
+ if ( secret )
+ {
+ pk = NULL;
+ sk = node->pkt->pkt.secret_key;
+ keyid_from_sk ( sk, keyid );
+ printf ("sec::%u:%d:%08lX%08lX:%s:%s:::",
+ nbits_from_sk( sk ),
+ sk->pubkey_algo,
+ (ulong)keyid[0],(ulong)keyid[1],
+ colon_datestr_from_sk( sk ),
+ colon_strtime (sk->expiredate)
+ /* fixme: add LID here */ );
+ }
+ else
+ {
+ pk = node->pkt->pkt.public_key;
+ sk = NULL;
+ keyid_from_pk( pk, keyid );
+ fputs( "pub:", stdout );
+ if ( !pk->is_valid )
+ putchar ('i');
+ else if ( pk->is_revoked )
+ putchar ('r');
+ else if ( pk->has_expired )
+ putchar ('e');
+ else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
+ ;
+ else
+ {
+ trustletter = get_validity_info ( pk, NULL );
+ if ( trustletter == 'u' )
+ ulti_hack = 1;
+ putchar(trustletter);
+ }
+ printf (":%u:%d:%08lX%08lX:%s:%s::",
+ nbits_from_pk( pk ),
+ pk->pubkey_algo,
+ (ulong)keyid[0],(ulong)keyid[1],
+ colon_datestr_from_pk( pk ),
+ colon_strtime (pk->expiredate) );
+ if ( !opt.fast_list_mode && !opt.no_expensive_trust_checks )
+ putchar( get_ownertrust_info(pk) );
+ putchar(':');
+ }
+
+ putchar (':');
+ putchar (':');
+ print_capabilities (pk, sk, keyblock);
+ if (secret)
+ {
+ putchar (':'); /* End of field 13. */
+ putchar (':'); /* End of field 14. */
+ if (sk->protect.s2k.mode == 1001)
+ putchar ('#'); /* Key is just a stub. */
+ else if (sk->protect.s2k.mode == 1002)
+ {
+ /* Key is stored on an external token (card) or handled by
+ the gpg-agent. Print the serial number of that token
+ here. */
+ for (i=0; i < sk->protect.ivlen; i++)
+ printf ("%02X", sk->protect.iv[i]);
+ }
+ putchar (':'); /* End of field 15. */
+ }
+ putchar('\n');
+ if (pk)
+ print_revokers (pk);
+ if (fpr)
+ print_fingerprint (pk, sk, 0);
+ if (opt.with_key_data)
+ print_key_data (pk);
+
+
+ for ( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; )
+ {
+ if ( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode )
+ {
+ char *str;
+ PKT_user_id *uid=node->pkt->pkt.user_id;
+
+ if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL)
+ dump_attribs (node->pkt->pkt.user_id,pk,sk);
+ /*
+ * Fixme: We need a is_valid flag here too
+ */
+ str = uid->attrib_data? "uat":"uid";
+ /* If we're listing a secret key, leave out the validity
+ values for now. This is handled better in 1.9. */
+ if (sk)
+ printf ("%s:::::",str);
+ else if ( uid->is_revoked )
+ printf ("%s:r::::",str);
+ else if ( uid->is_expired )
+ printf ("%s:e::::",str);
+ else if ( opt.no_expensive_trust_checks )
+ printf ("%s:::::",str);
+ else
+ {
+ int uid_validity;
+
+ if ( pk && !ulti_hack )
+ uid_validity=get_validity_info (pk, uid);
+ else
+ uid_validity = 'u';
+ printf ("%s:%c::::",str,uid_validity);
+ }
+
+ printf ("%s:", colon_strtime (uid->created));
+ printf ("%s:", colon_strtime (uid->expiredate));
+
+ namehash_from_uid (uid);
+
+ for (i=0; i < 20; i++ )
+ printf ("%02X",uid->namehash[i]);
+
+ printf ("::");
+
+ if (uid->attrib_data)
+ printf ("%u %lu",uid->numattribs,uid->attrib_len);
+ else
+ print_string (stdout,uid->name,uid->len, ':' );
+ putchar (':');
+ putchar ('\n');
+ }
+ else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ {
+ u32 keyid2[2];
+ PKT_public_key *pk2 = node->pkt->pkt.public_key;
+
+ keyid_from_pk ( pk2, keyid2 );
+ fputs ("sub:", stdout );
+ if ( !pk2->is_valid )
+ putchar ('i');
+ else if ( pk2->is_revoked )
+ putchar ('r');
+ else if ( pk2->has_expired )
+ putchar ('e');
+ else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
+ ;
+ else
+ {
+ /* TRUSTLETTER should always be defined here. */
+ if (trustletter)
+ printf ("%c", trustletter );
+ }
+ printf(":%u:%d:%08lX%08lX:%s:%s:::::",
+ nbits_from_pk( pk2 ),
+ pk2->pubkey_algo,
+ (ulong)keyid2[0],(ulong)keyid2[1],
+ colon_datestr_from_pk( pk2 ),
+ colon_strtime (pk2->expiredate)
+ /* fixme: add LID and ownertrust here */
+ );
+ print_capabilities (pk2, NULL, NULL);
+ putchar ('\n');
+ if ( fpr > 1 )
+ print_fingerprint ( pk2, NULL, 0 );
+ if ( opt.with_key_data )
+ print_key_data( pk2 );
+ }
+ else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
+ {
+ u32 keyid2[2];
+ PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
+
+ keyid_from_sk ( sk2, keyid2 );
+ printf ("ssb::%u:%d:%08lX%08lX:%s:%s:::::",
+ nbits_from_sk( sk2 ),
+ sk2->pubkey_algo,
+ (ulong)keyid2[0],(ulong)keyid2[1],
+ colon_datestr_from_sk( sk2 ),
+ colon_strtime (sk2->expiredate)
+ /* fixme: add LID */ );
+ print_capabilities (NULL, sk2, NULL);
+ putchar(':'); /* End of field 13. */
+ putchar(':'); /* End of field 14. */
+ if (sk2->protect.s2k.mode == 1001)
+ putchar ('#'); /* Key is just a stub. */
+ else if (sk2->protect.s2k.mode == 1002)
+ {
+ /* Key is stored on an external token (card) or handled by
+ the gpg-agent. Print the serial number of that token
+ here. */
+ for (i=0; i < sk2->protect.ivlen; i++)
+ printf ("%02X", sk2->protect.iv[i]);
+ }
+ putchar(':'); /* End of field 15. */
+ putchar ('\n');
+
+ if ( fpr > 1 )
+ print_fingerprint ( NULL, sk2, 0 );
+ }
+ else if ( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE )
+ {
+ PKT_signature *sig = node->pkt->pkt.signature;
+ int sigrc,fprokay=0;
+ char *sigstr;
+ size_t fplen;
+ byte fparray[MAX_FINGERPRINT_LEN];
+
+ if ( sig->sig_class == 0x20 || sig->sig_class == 0x28
+ || sig->sig_class == 0x30 )
+ sigstr = "rev";
+ else if ( (sig->sig_class&~3) == 0x10 )
+ sigstr = "sig";
+ else if ( sig->sig_class == 0x18 )
+ sigstr = "sig";
+ else if ( sig->sig_class == 0x1F )
+ sigstr = "sig";
+ else
+ {
+ printf ("sig::::::::::%02x%c:\n",
+ sig->sig_class, sig->flags.exportable?'x':'l');
+ continue;
+ }
+
+ if ( opt.check_sigs )
+ {
+ PKT_public_key *signer_pk=NULL;
+
+ fflush (stdout);
+ if (opt.no_sig_cache)
+ signer_pk = xmalloc_clear (sizeof(PKT_public_key));
+
+ rc = check_key_signature2 ( keyblock, node, NULL, signer_pk,
+ NULL, NULL, NULL );
+ switch ( gpg_err_code (rc) )
+ {
+ case 0: sigrc = '!'; break;
+ case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
+ case GPG_ERR_NO_PUBKEY:
+ case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
+ default: sigrc = '%'; break;
+ }
+
+ if (opt.no_sig_cache)
+ {
+ if (!rc)
+ {
+ fingerprint_from_pk (signer_pk, fparray, &fplen);
+ fprokay = 1;
+ }
+ free_public_key(signer_pk);
+ }
+ }
+ else
+ {
+ rc = 0;
+ sigrc = ' ';
+ }
+ fputs ( sigstr, stdout );
+ putchar (':');
+ if ( sigrc != ' ' )
+ putchar (sigrc);
+ printf ("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
+ (ulong)sig->keyid[0], (ulong)sig->keyid[1],
+ colon_datestr_from_sig(sig),
+ colon_expirestr_from_sig(sig));
+
+ if (sig->trust_depth || sig->trust_value)
+ printf("%d %d",sig->trust_depth,sig->trust_value);
+ printf (":");
+
+ if (sig->trust_regexp)
+ print_string (stdout,sig->trust_regexp,
+ strlen(sig->trust_regexp),':');
+ printf(":");
+
+ if ( sigrc == '%' )
+ printf("[%s] ", g10_errstr(rc) );
+ else if ( sigrc == '?' )
+ ;
+ else if ( !opt.fast_list_mode )
+ {
+ size_t n;
+ char *p = get_user_id( sig->keyid, &n );
+ print_string( stdout, p, n, ':' );
+ xfree(p);
+ }
+ printf (":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l');
+
+ if (opt.no_sig_cache && opt.check_sigs && fprokay)
+ {
+ putchar (':');
+
+ for (i=0; i < fplen ; i++ )
+ printf ("%02X", fparray[i] );
+
+ putchar (':');
+ }
+
+ printf ("\n");
+
+ if (opt.show_subpackets)
+ print_subpackets_colon (sig);
+
+ /* fixme: check or list other sigs here */
+ }
+ }
+}
+
+/*
+ * Reorder the keyblock so that the primary user ID (and not attribute
+ * packet) comes first. Fixme: Replace this by a generic sort
+ * function. */
+static void
+do_reorder_keyblock (KBNODE keyblock,int attr)
+{
+ KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
+ KBNODE last, node;
+
+ for (node=keyblock; node; primary0=node, node = node->next) {
+ if( node->pkt->pkttype == PKT_USER_ID &&
+ ((attr && node->pkt->pkt.user_id->attrib_data) ||
+ (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
+ node->pkt->pkt.user_id->is_primary ) {
+ primary = primary2 = node;
+ for (node=node->next; node; primary2=node, node = node->next ) {
+ if( node->pkt->pkttype == PKT_USER_ID
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ break;
+ }
+ }
+ break;
+ }
+ }
+ if ( !primary )
+ return; /* no primary key flag found (should not happen) */
+
+ for (last=NULL, node=keyblock; node; last = node, node = node->next) {
+ if( node->pkt->pkttype == PKT_USER_ID )
+ break;
+ }
+ assert (node);
+ assert (last); /* the user ID is never the first packet */
+ assert (primary0); /* ditto (this is the node before primary) */
+ if ( node == primary )
+ return; /* already the first one */
+
+ last->next = primary;
+ primary0->next = primary2->next;
+ primary2->next = node;
+}
+
+void
+reorder_keyblock (KBNODE keyblock)
+{
+ do_reorder_keyblock(keyblock,1);
+ do_reorder_keyblock(keyblock,0);
+}
+
+void
+list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque )
+{
+ reorder_keyblock (keyblock);
+ if (opt.with_colons)
+ list_keyblock_colon (keyblock, secret, fpr );
+ else
+ list_keyblock_print (keyblock, secret, fpr, opaque );
+}
+
+/*
+ * standard function to print the finperprint.
+ * mode 0: as used in key listings, opt.with_colons is honored
+ * 1: print using log_info ()
+ * 2: direct use of tty
+ * 3: direct use of tty but only primary key.
+ * modes 1 and 2 will try and print both subkey and primary key fingerprints
+ */
+void
+print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
+{
+ byte array[MAX_FINGERPRINT_LEN], *p;
+ size_t i, n;
+ FILE *fp;
+ const char *text;
+ int primary=0;
+
+ if(sk)
+ {
+ if(sk->main_keyid[0]==sk->keyid[0] && sk->main_keyid[1]==sk->keyid[1])
+ primary=1;
+ }
+ else
+ {
+ if(pk->main_keyid[0]==pk->keyid[0] && pk->main_keyid[1]==pk->keyid[1])
+ primary=1;
+ }
+
+ /* Just to be safe */
+ if(mode&0x80 && !primary)
+ {
+ log_error("primary key is not really primary!\n");
+ return;
+ }
+
+ mode&=~0x80;
+
+ if(!primary && (mode==1 || mode==2))
+ {
+ if(sk)
+ {
+ PKT_secret_key *primary_sk=xmalloc_clear(sizeof(*primary_sk));
+ get_seckey(primary_sk,sk->main_keyid);
+ print_fingerprint(NULL,primary_sk,mode|0x80);
+ free_secret_key(primary_sk);
+ }
+ else
+ {
+ PKT_public_key *primary_pk=xmalloc_clear(sizeof(*primary_pk));
+ get_pubkey(primary_pk,pk->main_keyid);
+ print_fingerprint(primary_pk,NULL,mode|0x80);
+ free_public_key(primary_pk);
+ }
+ }
+
+ if (mode == 1) {
+ fp = log_get_stream ();
+ if(primary)
+ text = _("Primary key fingerprint:");
+ else
+ text = _(" Subkey fingerprint:");
+ }
+ else if (mode == 2) {
+ fp = NULL; /* use tty */
+ if(primary)
+ /* TRANSLATORS: this should fit into 24 bytes to that the
+ * fingerprint data is properly aligned with the user ID */
+ text = _(" Primary key fingerprint:");
+ else
+ text = _(" Subkey fingerprint:");
+ }
+ else if (mode == 3) {
+ fp = NULL; /* use tty */
+ text = _(" Key fingerprint =");
+ }
+ else {
+ fp = stdout;
+ text = _(" Key fingerprint =");
+ }
+
+ if (sk)
+ fingerprint_from_sk (sk, array, &n);
+ else
+ fingerprint_from_pk (pk, array, &n);
+ p = array;
+ if (opt.with_colons && !mode) {
+ fprintf (fp, "fpr:::::::::");
+ for (i=0; i < n ; i++, p++ )
+ fprintf (fp, "%02X", *p );
+ putc(':', fp);
+ }
+ else {
+ if (fp)
+ fputs (text, fp);
+ else
+ tty_printf ("%s", text);
+ if (n == 20) {
+ for (i=0; i < n ; i++, i++, p += 2 ) {
+ if (fp) {
+ if (i == 10 )
+ putc(' ', fp);
+ fprintf (fp, " %02X%02X", *p, p[1] );
+ }
+ else {
+ if (i == 10 )
+ tty_printf (" ");
+ tty_printf (" %02X%02X", *p, p[1]);
+ }
+ }
+ }
+ else {
+ for (i=0; i < n ; i++, p++ ) {
+ if (fp) {
+ if (i && !(i%8) )
+ putc (' ', fp);
+ fprintf (fp, " %02X", *p );
+ }
+ else {
+ if (i && !(i%8) )
+ tty_printf (" ");
+ tty_printf (" %02X", *p );
+ }
+ }
+ }
+ }
+ if (fp)
+ putc ('\n', fp);
+ else
+ tty_printf ("\n");
+}
+
+/* Print the serial number of an OpenPGP card if available. */
+static void
+print_card_serialno (PKT_secret_key *sk)
+{
+ int i;
+
+ if (!sk)
+ return;
+ if (!sk->is_protected || sk->protect.s2k.mode != 1002)
+ return; /* Not a card. */
+ if (opt.with_colons)
+ return; /* Handled elsewhere. */
+
+ fputs (_(" Card serial no. ="), stdout);
+ putchar (' ');
+ if (sk->protect.ivlen == 16
+ && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6) )
+ { /* This is an OpenPGP card. Just print the relevant part. */
+ for (i=8; i < 14; i++)
+ {
+ if (i == 10)
+ putchar (' ');
+ printf ("%02X", sk->protect.iv[i]);
+ }
+ }
+ else
+ { /* Something is wrong: Print all. */
+ for (i=0; i < sk->protect.ivlen; i++)
+ printf ("%02X", sk->protect.iv[i]);
+ }
+ putchar ('\n');
+}
+
+
+
+void
+set_attrib_fd (int fd)
+{
+ static int last_fd=-1;
+
+ if ( fd != -1 && last_fd == fd )
+ return;
+
+ if ( attrib_fp && attrib_fp != stdout && attrib_fp != stderr
+ && attrib_fp != log_get_stream () )
+ fclose (attrib_fp);
+ attrib_fp = NULL;
+ if ( fd == -1 )
+ return;
+
+#ifdef HAVE_DOSISH_SYSTEM
+ setmode (fd, O_BINARY);
+#endif
+ if( fd == 1 )
+ attrib_fp = stdout;
+ else if( fd == 2 )
+ attrib_fp = stderr;
+ else
+ attrib_fp = fdopen (fd, "wb");
+ if (!attrib_fp)
+ {
+ log_fatal("can't open fd %d for attribute output: %s\n",
+ fd, strerror(errno));
+ }
+
+ last_fd = fd;
+}
diff --git a/g10/keyring.c b/g10/keyring.c
new file mode 100644
index 0000000..7482724
--- /dev/null
+++ b/g10/keyring.c
@@ -0,0 +1,1693 @@
+/* keyring.c - keyring file handling
+ * Copyright (C) 2001, 2004, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "keyring.h"
+#include "packet.h"
+#include "keydb.h"
+#include "options.h"
+#include "main.h" /*for check_key_signature()*/
+#include "i18n.h"
+
+/* off_item is a funny named for an object used to keep track of known
+ * keys. The idea was to use the offset to seek to the known keyblock, but
+ * this is not possible if more than one process is using the keyring.
+ */
+struct off_item {
+ struct off_item *next;
+ u32 kid[2];
+ /*off_t off;*/
+};
+
+typedef struct off_item **OffsetHashTable;
+
+
+typedef struct keyring_name *KR_NAME;
+struct keyring_name
+{
+ struct keyring_name *next;
+ int secret;
+ int readonly;
+ DOTLOCK lockhd;
+ int is_locked;
+ int did_full_scan;
+ char fname[1];
+};
+typedef struct keyring_name const * CONST_KR_NAME;
+
+static KR_NAME kr_names;
+static int active_handles;
+
+static OffsetHashTable kr_offtbl;
+static int kr_offtbl_ready;
+
+
+struct keyring_handle {
+ CONST_KR_NAME resource;
+ int secret; /* this is for a secret keyring */
+ struct {
+ CONST_KR_NAME kr;
+ IOBUF iobuf;
+ int eof;
+ int error;
+ } current;
+ struct {
+ CONST_KR_NAME kr;
+ off_t offset;
+ size_t pk_no;
+ size_t uid_no;
+ unsigned int n_packets; /*used for delete and update*/
+ } found;
+ struct {
+ char *name;
+ char *pattern;
+ } word_match;
+};
+
+
+
+static int do_copy (int mode, const char *fname, KBNODE root, int secret,
+ off_t start_offset, unsigned int n_packets );
+
+
+
+static struct off_item *
+new_offset_item (void)
+{
+ struct off_item *k;
+
+ k = xmalloc_clear (sizeof *k);
+ return k;
+}
+
+#if 0
+static void
+release_offset_items (struct off_item *k)
+{
+ struct off_item *k2;
+
+ for (; k; k = k2)
+ {
+ k2 = k->next;
+ xfree (k);
+ }
+}
+#endif
+
+static OffsetHashTable
+new_offset_hash_table (void)
+{
+ struct off_item **tbl;
+
+ tbl = xmalloc_clear (2048 * sizeof *tbl);
+ return tbl;
+}
+
+#if 0
+static void
+release_offset_hash_table (OffsetHashTable tbl)
+{
+ int i;
+
+ if (!tbl)
+ return;
+ for (i=0; i < 2048; i++)
+ release_offset_items (tbl[i]);
+ xfree (tbl);
+}
+#endif
+
+static struct off_item *
+lookup_offset_hash_table (OffsetHashTable tbl, u32 *kid)
+{
+ struct off_item *k;
+
+ for (k = tbl[(kid[1] & 0x07ff)]; k; k = k->next)
+ if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
+ return k;
+ return NULL;
+}
+
+static void
+update_offset_hash_table (OffsetHashTable tbl, u32 *kid, off_t off)
+{
+ struct off_item *k;
+
+ (void)off;
+
+ for (k = tbl[(kid[1] & 0x07ff)]; k; k = k->next)
+ {
+ if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
+ {
+ /*k->off = off;*/
+ return;
+ }
+ }
+
+ k = new_offset_item ();
+ k->kid[0] = kid[0];
+ k->kid[1] = kid[1];
+ /*k->off = off;*/
+ k->next = tbl[(kid[1] & 0x07ff)];
+ tbl[(kid[1] & 0x07ff)] = k;
+}
+
+static void
+update_offset_hash_table_from_kb (OffsetHashTable tbl, KBNODE node, off_t off)
+{
+ for (; node; node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ u32 aki[2];
+ keyid_from_pk (node->pkt->pkt.public_key, aki);
+ update_offset_hash_table (tbl, aki, off);
+ }
+ }
+}
+
+/*
+ * Register a filename for plain keyring files. ptr is set to a
+ * pointer to be used to create a handles etc, or the already-issued
+ * pointer if it has already been registered. The function returns 1
+ * if a new keyring was registered.
+*/
+int
+keyring_register_filename (const char *fname, int secret, int readonly,
+ void **ptr)
+{
+ KR_NAME kr;
+
+ if (active_handles)
+ BUG (); /* We don't allow that */
+
+ for (kr=kr_names; kr; kr = kr->next)
+ {
+ if (same_file_p (kr->fname, fname))
+ {
+ /* Already registered. */
+ if (readonly)
+ kr->readonly = 1;
+ *ptr=kr;
+ return 0;
+ }
+ }
+
+ if (secret)
+ register_secured_file (fname);
+
+ kr = xmalloc (sizeof *kr + strlen (fname));
+ strcpy (kr->fname, fname);
+ kr->secret = !!secret;
+ kr->readonly = readonly;
+ kr->lockhd = NULL;
+ kr->is_locked = 0;
+ kr->did_full_scan = 0;
+ /* keep a list of all issued pointers */
+ kr->next = kr_names;
+ kr_names = kr;
+
+ /* create the offset table the first time a function here is used */
+ if (!kr_offtbl)
+ kr_offtbl = new_offset_hash_table ();
+
+ *ptr=kr;
+
+ return 1;
+}
+
+int
+keyring_is_writable (void *token)
+{
+ KR_NAME r = token;
+
+ return r? (r->readonly || !access (r->fname, W_OK)) : 0;
+}
+
+
+
+/* Create a new handle for the resource associated with TOKEN. SECRET
+ is just just as a cross-check.
+
+ The returned handle must be released using keyring_release (). */
+KEYRING_HANDLE
+keyring_new (void *token, int secret)
+{
+ KEYRING_HANDLE hd;
+ KR_NAME resource = token;
+
+ assert (resource && !resource->secret == !secret);
+
+ hd = xmalloc_clear (sizeof *hd);
+ hd->resource = resource;
+ hd->secret = !!secret;
+ active_handles++;
+ return hd;
+}
+
+void
+keyring_release (KEYRING_HANDLE hd)
+{
+ if (!hd)
+ return;
+ assert (active_handles > 0);
+ active_handles--;
+ xfree (hd->word_match.name);
+ xfree (hd->word_match.pattern);
+ iobuf_close (hd->current.iobuf);
+ xfree (hd);
+}
+
+
+const char *
+keyring_get_resource_name (KEYRING_HANDLE hd)
+{
+ if (!hd || !hd->resource)
+ return NULL;
+ return hd->resource->fname;
+}
+
+
+/*
+ * Lock the keyring with the given handle, or unlock if YES is false.
+ * We ignore the handle and lock all registered files.
+ */
+int
+keyring_lock (KEYRING_HANDLE hd, int yes)
+{
+ KR_NAME kr;
+ int rc = 0;
+
+ (void)hd;
+
+ if (yes) {
+ /* first make sure the lock handles are created */
+ for (kr=kr_names; kr; kr = kr->next) {
+ if (!keyring_is_writable(kr))
+ continue;
+ if (!kr->lockhd) {
+ kr->lockhd = create_dotlock( kr->fname );
+ if (!kr->lockhd) {
+ log_info ("can't allocate lock for `%s'\n", kr->fname );
+ rc = G10ERR_GENERAL;
+ }
+ }
+ }
+ if (rc)
+ return rc;
+
+ /* and now set the locks */
+ for (kr=kr_names; kr; kr = kr->next) {
+ if (!keyring_is_writable(kr))
+ continue;
+ if (kr->is_locked)
+ ;
+ else if (make_dotlock (kr->lockhd, -1) ) {
+ log_info ("can't lock `%s'\n", kr->fname );
+ rc = G10ERR_GENERAL;
+ }
+ else
+ kr->is_locked = 1;
+ }
+ }
+
+ if (rc || !yes) {
+ for (kr=kr_names; kr; kr = kr->next) {
+ if (!keyring_is_writable(kr))
+ continue;
+ if (!kr->is_locked)
+ ;
+ else if (release_dotlock (kr->lockhd))
+ log_info ("can't unlock `%s'\n", kr->fname );
+ else
+ kr->is_locked = 0;
+ }
+ }
+
+ return rc;
+}
+
+
+
+/*
+ * Return the last found keyring. Caller must free it.
+ * The returned keyblock has the kbode flag bit 0 set for the node with
+ * the public key used to locate the keyblock or flag bit 1 set for
+ * the user ID node.
+ */
+int
+keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
+{
+ PACKET *pkt;
+ int rc;
+ KBNODE keyblock = NULL, node, lastnode;
+ IOBUF a;
+ int in_cert = 0;
+ int pk_no = 0;
+ int uid_no = 0;
+ int save_mode;
+
+ if (ret_kb)
+ *ret_kb = NULL;
+
+ if (!hd->found.kr)
+ return -1; /* no successful search */
+
+ a = iobuf_open (hd->found.kr->fname);
+ if (!a)
+ {
+ log_error(_("can't open `%s'\n"), hd->found.kr->fname);
+ return G10ERR_KEYRING_OPEN;
+ }
+
+ if (iobuf_seek (a, hd->found.offset) ) {
+ log_error ("can't seek `%s'\n", hd->found.kr->fname);
+ iobuf_close(a);
+ return G10ERR_KEYRING_OPEN;
+ }
+
+ pkt = xmalloc (sizeof *pkt);
+ init_packet (pkt);
+ hd->found.n_packets = 0;;
+ lastnode = NULL;
+ save_mode = set_packet_list_mode(0);
+ while ((rc=parse_packet (a, pkt)) != -1) {
+ hd->found.n_packets++;
+ if (rc == G10ERR_UNKNOWN_PACKET) {
+ free_packet (pkt);
+ init_packet (pkt);
+ continue;
+ }
+ if (rc) {
+ log_error ("keyring_get_keyblock: read error: %s\n",
+ g10_errstr(rc) );
+ rc = G10ERR_INV_KEYRING;
+ break;
+ }
+ if (pkt->pkttype == PKT_COMPRESSED) {
+ log_error ("skipped compressed packet in keyring\n");
+ free_packet(pkt);
+ init_packet(pkt);
+ continue;
+ }
+
+ if (in_cert && (pkt->pkttype == PKT_PUBLIC_KEY
+ || pkt->pkttype == PKT_SECRET_KEY)) {
+ hd->found.n_packets--; /* fix counter */
+ break; /* ready */
+ }
+
+ in_cert = 1;
+ if (pkt->pkttype == PKT_RING_TRUST)
+ {
+ /*(this code is duplicated after the loop)*/
+ if ( lastnode
+ && lastnode->pkt->pkttype == PKT_SIGNATURE
+ && (pkt->pkt.ring_trust->sigcache & 1) ) {
+ /* This is a ring trust packet with a checked signature
+ * status cache following directly a signature paket.
+ * Set the cache status into that signature packet. */
+ PKT_signature *sig = lastnode->pkt->pkt.signature;
+
+ sig->flags.checked = 1;
+ sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2);
+ }
+ /* Reset LASTNODE, so that we set the cache status only from
+ * the ring trust packet immediately following a signature. */
+ lastnode = NULL;
+ free_packet(pkt);
+ init_packet(pkt);
+ continue;
+ }
+
+
+ node = lastnode = new_kbnode (pkt);
+ if (!keyblock)
+ keyblock = node;
+ else
+ add_kbnode (keyblock, node);
+ switch (pkt->pkttype)
+ {
+ case PKT_PUBLIC_KEY:
+ case PKT_PUBLIC_SUBKEY:
+ case PKT_SECRET_KEY:
+ case PKT_SECRET_SUBKEY:
+ if (++pk_no == hd->found.pk_no)
+ node->flag |= 1;
+ break;
+
+ case PKT_USER_ID:
+ if (++uid_no == hd->found.uid_no)
+ node->flag |= 2;
+ break;
+
+ default:
+ break;
+ }
+
+ pkt = xmalloc (sizeof *pkt);
+ init_packet(pkt);
+ }
+ set_packet_list_mode(save_mode);
+
+ if (rc == -1 && keyblock)
+ rc = 0; /* got the entire keyblock */
+
+ if (rc || !ret_kb)
+ release_kbnode (keyblock);
+ else {
+ /*(duplicated form the loop body)*/
+ if ( pkt && pkt->pkttype == PKT_RING_TRUST
+ && lastnode
+ && lastnode->pkt->pkttype == PKT_SIGNATURE
+ && (pkt->pkt.ring_trust->sigcache & 1) ) {
+ PKT_signature *sig = lastnode->pkt->pkt.signature;
+ sig->flags.checked = 1;
+ sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2);
+ }
+ *ret_kb = keyblock;
+ }
+ free_packet (pkt);
+ xfree (pkt);
+ iobuf_close(a);
+
+ /* Make sure that future search operations fail immediately when
+ * we know that we are working on a invalid keyring
+ */
+ if (rc == G10ERR_INV_KEYRING)
+ hd->current.error = rc;
+
+ return rc;
+}
+
+int
+keyring_update_keyblock (KEYRING_HANDLE hd, KBNODE kb)
+{
+ int rc;
+
+ if (!hd->found.kr)
+ return -1; /* no successful prior search */
+
+ if (hd->found.kr->readonly)
+ return gpg_error (GPG_ERR_EACCES);
+
+ if (!hd->found.n_packets) {
+ /* need to know the number of packets - do a dummy get_keyblock*/
+ rc = keyring_get_keyblock (hd, NULL);
+ if (rc) {
+ log_error ("re-reading keyblock failed: %s\n", g10_errstr (rc));
+ return rc;
+ }
+ if (!hd->found.n_packets)
+ BUG ();
+ }
+
+ /* The open iobuf isn't needed anymore and in fact is a problem when
+ it comes to renaming the keyring files on some operating systems,
+ so close it here */
+ iobuf_close(hd->current.iobuf);
+ hd->current.iobuf = NULL;
+
+ /* do the update */
+ rc = do_copy (3, hd->found.kr->fname, kb, hd->secret,
+ hd->found.offset, hd->found.n_packets );
+ if (!rc) {
+ if (!hd->secret && kr_offtbl)
+ {
+ update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
+ }
+ /* better reset the found info */
+ hd->found.kr = NULL;
+ hd->found.offset = 0;
+ }
+ return rc;
+}
+
+int
+keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb)
+{
+ int rc;
+ const char *fname;
+
+ if (!hd)
+ fname = NULL;
+ else if (hd->found.kr)
+ {
+ fname = hd->found.kr->fname;
+ if (hd->found.kr->readonly)
+ return gpg_error (GPG_ERR_EACCES);
+ }
+ else if (hd->current.kr)
+ {
+ fname = hd->current.kr->fname;
+ if (hd->current.kr->readonly)
+ return gpg_error (GPG_ERR_EACCES);
+ }
+ else
+ fname = hd->resource? hd->resource->fname:NULL;
+
+ if (!fname)
+ return G10ERR_GENERAL;
+
+ /* Close this one otherwise we will lose the position for
+ * a next search. Fixme: it would be better to adjust the position
+ * after the write opertions.
+ */
+ iobuf_close (hd->current.iobuf);
+ hd->current.iobuf = NULL;
+
+ /* do the insert */
+ rc = do_copy (1, fname, kb, hd->secret, 0, 0 );
+ if (!rc && !hd->secret && kr_offtbl)
+ {
+ update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
+ }
+
+ return rc;
+}
+
+
+int
+keyring_delete_keyblock (KEYRING_HANDLE hd)
+{
+ int rc;
+
+ if (!hd->found.kr)
+ return -1; /* no successful prior search */
+
+ if (hd->found.kr->readonly)
+ return gpg_error (GPG_ERR_EACCES);
+
+ if (!hd->found.n_packets) {
+ /* need to know the number of packets - do a dummy get_keyblock*/
+ rc = keyring_get_keyblock (hd, NULL);
+ if (rc) {
+ log_error ("re-reading keyblock failed: %s\n", g10_errstr (rc));
+ return rc;
+ }
+ if (!hd->found.n_packets)
+ BUG ();
+ }
+
+ /* close this one otherwise we will lose the position for
+ * a next search. Fixme: it would be better to adjust the position
+ * after the write opertions.
+ */
+ iobuf_close (hd->current.iobuf);
+ hd->current.iobuf = NULL;
+
+ /* do the delete */
+ rc = do_copy (2, hd->found.kr->fname, NULL, hd->secret,
+ hd->found.offset, hd->found.n_packets );
+ if (!rc) {
+ /* better reset the found info */
+ hd->found.kr = NULL;
+ hd->found.offset = 0;
+ /* Delete is a rare operations, so we don't remove the keys
+ * from the offset table */
+ }
+ return rc;
+}
+
+
+
+/*
+ * Start the next search on this handle right at the beginning
+ */
+int
+keyring_search_reset (KEYRING_HANDLE hd)
+{
+ assert (hd);
+
+ hd->current.kr = NULL;
+ iobuf_close (hd->current.iobuf);
+ hd->current.iobuf = NULL;
+ hd->current.eof = 0;
+ hd->current.error = 0;
+
+ hd->found.kr = NULL;
+ hd->found.offset = 0;
+ return 0;
+}
+
+
+static int
+prepare_search (KEYRING_HANDLE hd)
+{
+ if (hd->current.error)
+ return hd->current.error; /* still in error state */
+
+ if (hd->current.kr && !hd->current.eof) {
+ if ( !hd->current.iobuf )
+ return G10ERR_GENERAL; /* position invalid after a modify */
+ return 0; /* okay */
+ }
+
+ if (!hd->current.kr && hd->current.eof)
+ return -1; /* still EOF */
+
+ if (!hd->current.kr) { /* start search with first keyring */
+ hd->current.kr = hd->resource;
+ if (!hd->current.kr) {
+ hd->current.eof = 1;
+ return -1; /* keyring not available */
+ }
+ assert (!hd->current.iobuf);
+ }
+ else { /* EOF */
+ iobuf_close (hd->current.iobuf);
+ hd->current.iobuf = NULL;
+ hd->current.kr = NULL;
+ hd->current.eof = 1;
+ return -1;
+ }
+
+ hd->current.eof = 0;
+ hd->current.iobuf = iobuf_open (hd->current.kr->fname);
+ if (!hd->current.iobuf)
+ {
+ hd->current.error = gpg_error_from_syserror ();
+ log_error(_("can't open `%s'\n"), hd->current.kr->fname );
+ return hd->current.error;
+ }
+
+ return 0;
+}
+
+
+/* A map of the all characters valid used for word_match()
+ * Valid characters are in in this table converted to uppercase.
+ * because the upper 128 bytes have special meaning, we assume
+ * that they are all valid.
+ * Note: We must use numerical values here in case that this program
+ * will be converted to those little blue HAL9000s with their strange
+ * EBCDIC character set (user ids are UTF-8).
+ * wk 2000-04-13: Hmmm, does this really make sense, given the fact that
+ * we can run gpg now on a S/390 running GNU/Linux, where the code
+ * translation is done by the device drivers?
+ */
+static const byte word_match_chars[256] = {
+ /* 00 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ /* 08 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ /* 10 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ /* 18 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ /* 20 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ /* 28 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ /* 30 */ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+ /* 38 */ 0x38, 0x39, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ /* 40 */ 0x00, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+ /* 48 */ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+ /* 50 */ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+ /* 58 */ 0x58, 0x59, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00,
+ /* 60 */ 0x00, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+ /* 68 */ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+ /* 70 */ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+ /* 78 */ 0x58, 0x59, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00,
+ /* 80 */ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ /* 88 */ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+ /* 90 */ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+ /* 98 */ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+ /* a0 */ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+ /* a8 */ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+ /* b0 */ 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+ /* b8 */ 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+ /* c0 */ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+ /* c8 */ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+ /* d0 */ 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+ /* d8 */ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+ /* e0 */ 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+ /* e8 */ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+ /* f0 */ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ /* f8 */ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+};
+
+/****************
+ * Do a word match (original user id starts with a '+').
+ * The pattern is already tokenized to a more suitable format:
+ * There are only the real words in it delimited by one space
+ * and all converted to uppercase.
+ *
+ * Returns: 0 if all words match.
+ *
+ * Note: This algorithm is a straightforward one and not very
+ * fast. It works for UTF-8 strings. The uidlen should
+ * be removed but due to the fact that old versions of
+ * pgp don't use UTF-8 we still use the length; this should
+ * be fixed in parse-packet (and replace \0 by some special
+ * UTF-8 encoding)
+ */
+static int
+word_match( const byte *uid, size_t uidlen, const byte *pattern )
+{
+ size_t wlen, n;
+ const byte *p;
+ const byte *s;
+
+ for( s=pattern; *s; ) {
+ do {
+ /* skip leading delimiters */
+ while( uidlen && !word_match_chars[*uid] )
+ uid++, uidlen--;
+ /* get length of the word */
+ n = uidlen; p = uid;
+ while( n && word_match_chars[*p] )
+ p++, n--;
+ wlen = p - uid;
+ /* and compare against the current word from pattern */
+ for(n=0, p=uid; n < wlen && s[n] != ' ' && s[n] ; n++, p++ ) {
+ if( word_match_chars[*p] != s[n] )
+ break;
+ }
+ if( n == wlen && (s[n] == ' ' || !s[n]) )
+ break; /* found */
+ uid += wlen;
+ uidlen -= wlen;
+ } while( uidlen );
+ if( !uidlen )
+ return -1; /* not found */
+
+ /* advance to next word in pattern */
+ for(; *s != ' ' && *s ; s++ )
+ ;
+ if( *s )
+ s++ ;
+ }
+ return 0; /* found */
+}
+
+/****************
+ * prepare word word_match; that is parse the name and
+ * build the pattern.
+ * caller has to free the returned pattern
+ */
+static char*
+prepare_word_match (const byte *name)
+{
+ byte *pattern, *p;
+ int c;
+
+ /* the original length is always enough for the pattern */
+ p = pattern = xmalloc(strlen(name)+1);
+ do {
+ /* skip leading delimiters */
+ while( *name && !word_match_chars[*name] )
+ name++;
+ /* copy as long as we don't have a delimiter and convert
+ * to uppercase.
+ * fixme: how can we handle utf8 uppercasing */
+ for( ; *name && (c=word_match_chars[*name]); name++ )
+ *p++ = c;
+ *p++ = ' '; /* append pattern delimiter */
+ } while( *name );
+ p[-1] = 0; /* replace last pattern delimiter by EOS */
+
+ return pattern;
+}
+
+
+
+
+static int
+compare_name (int mode, const char *name, const char *uid, size_t uidlen)
+{
+ int i;
+ const char *s, *se;
+
+ if (mode == KEYDB_SEARCH_MODE_EXACT) {
+ for (i=0; name[i] && uidlen; i++, uidlen--)
+ if (uid[i] != name[i])
+ break;
+ if (!uidlen && !name[i])
+ return 0; /* found */
+ }
+ else if (mode == KEYDB_SEARCH_MODE_SUBSTR) {
+ if (ascii_memistr( uid, uidlen, name ))
+ return 0;
+ }
+ else if ( mode == KEYDB_SEARCH_MODE_MAIL
+ || mode == KEYDB_SEARCH_MODE_MAILSUB
+ || mode == KEYDB_SEARCH_MODE_MAILEND) {
+ for (i=0, s= uid; i < uidlen && *s != '<'; s++, i++)
+ ;
+ if (i < uidlen) {
+ /* skip opening delim and one char and look for the closing one*/
+ s++; i++;
+ for (se=s+1, i++; i < uidlen && *se != '>'; se++, i++)
+ ;
+ if (i < uidlen) {
+ i = se - s;
+ if (mode == KEYDB_SEARCH_MODE_MAIL) {
+ if( strlen(name)-2 == i
+ && !ascii_memcasecmp( s, name+1, i) )
+ return 0;
+ }
+ else if (mode == KEYDB_SEARCH_MODE_MAILSUB) {
+ if( ascii_memistr( s, i, name ) )
+ return 0;
+ }
+ else { /* email from end */
+ /* nyi */
+ }
+ }
+ }
+ }
+ else if (mode == KEYDB_SEARCH_MODE_WORDS)
+ return word_match (uid, uidlen, name);
+ else
+ BUG();
+
+ return -1; /* not found */
+}
+
+
+/*
+ * Search through the keyring(s), starting at the current position,
+ * for a keyblock which contains one of the keys described in the DESC array.
+ */
+int
+keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+ size_t ndesc, size_t *descindex)
+{
+ int rc;
+ PACKET pkt;
+ int save_mode;
+ off_t offset, main_offset;
+ size_t n;
+ int need_uid, need_words, need_keyid, need_fpr, any_skip;
+ int pk_no, uid_no;
+ int initial_skip;
+ int use_offtbl;
+ PKT_user_id *uid = NULL;
+ PKT_public_key *pk = NULL;
+ PKT_secret_key *sk = NULL;
+ u32 aki[2];
+
+ /* figure out what information we need */
+ need_uid = need_words = need_keyid = need_fpr = any_skip = 0;
+ for (n=0; n < ndesc; n++)
+ {
+ switch (desc[n].mode)
+ {
+ case KEYDB_SEARCH_MODE_EXACT:
+ case KEYDB_SEARCH_MODE_SUBSTR:
+ case KEYDB_SEARCH_MODE_MAIL:
+ case KEYDB_SEARCH_MODE_MAILSUB:
+ case KEYDB_SEARCH_MODE_MAILEND:
+ need_uid = 1;
+ break;
+ case KEYDB_SEARCH_MODE_WORDS:
+ need_uid = 1;
+ need_words = 1;
+ break;
+ case KEYDB_SEARCH_MODE_SHORT_KID:
+ case KEYDB_SEARCH_MODE_LONG_KID:
+ need_keyid = 1;
+ break;
+ case KEYDB_SEARCH_MODE_FPR16:
+ case KEYDB_SEARCH_MODE_FPR20:
+ case KEYDB_SEARCH_MODE_FPR:
+ need_fpr = 1;
+ break;
+ case KEYDB_SEARCH_MODE_FIRST:
+ /* always restart the search in this mode */
+ keyring_search_reset (hd);
+ break;
+ default: break;
+ }
+ if (desc[n].skipfnc)
+ {
+ any_skip = 1;
+ need_keyid = 1;
+ }
+ }
+
+ rc = prepare_search (hd);
+ if (rc)
+ return rc;
+
+ use_offtbl = !hd->secret && kr_offtbl;
+ if (!use_offtbl)
+ ;
+ else if (!kr_offtbl_ready)
+ need_keyid = 1;
+ else if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID)
+ {
+ struct off_item *oi;
+
+ oi = lookup_offset_hash_table (kr_offtbl, desc[0].u.kid);
+ if (!oi)
+ { /* We know that we don't have this key */
+ hd->found.kr = NULL;
+ hd->current.eof = 1;
+ return -1;
+ }
+ /* We could now create a positive search status and return.
+ * However the problem is that another instance of gpg may
+ * have changed the keyring so that the offsets are not valid
+ * anymore - therefore we don't do it
+ */
+ }
+
+ if (need_words)
+ {
+ const char *name = NULL;
+
+ log_debug ("word search mode does not yet work\n");
+ /* FIXME: here is a long standing bug in our function and in addition we
+ just use the first search description */
+ for (n=0; n < ndesc && !name; n++)
+ {
+ if (desc[n].mode == KEYDB_SEARCH_MODE_WORDS)
+ name = desc[n].u.name;
+ }
+ assert (name);
+ if ( !hd->word_match.name || strcmp (hd->word_match.name, name) )
+ {
+ /* name changed */
+ xfree (hd->word_match.name);
+ xfree (hd->word_match.pattern);
+ hd->word_match.name = xstrdup (name);
+ hd->word_match.pattern = prepare_word_match (name);
+ }
+ /* name = hd->word_match.pattern; */
+ }
+
+ init_packet(&pkt);
+ save_mode = set_packet_list_mode(0);
+
+ hd->found.kr = NULL;
+ main_offset = 0;
+ pk_no = uid_no = 0;
+ initial_skip = 1; /* skip until we see the start of a keyblock */
+ while (!(rc=search_packet (hd->current.iobuf, &pkt, &offset, need_uid)))
+ {
+ byte afp[MAX_FINGERPRINT_LEN];
+ size_t an;
+
+ if (pkt.pkttype == PKT_PUBLIC_KEY || pkt.pkttype == PKT_SECRET_KEY)
+ {
+ main_offset = offset;
+ pk_no = uid_no = 0;
+ initial_skip = 0;
+ }
+ if (initial_skip)
+ {
+ free_packet (&pkt);
+ continue;
+ }
+
+ pk = NULL;
+ sk = NULL;
+ uid = NULL;
+ if ( pkt.pkttype == PKT_PUBLIC_KEY
+ || pkt.pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ pk = pkt.pkt.public_key;
+ ++pk_no;
+
+ if (need_fpr) {
+ fingerprint_from_pk (pk, afp, &an);
+ while (an < 20) /* fill up to 20 bytes */
+ afp[an++] = 0;
+ }
+ if (need_keyid)
+ keyid_from_pk (pk, aki);
+
+ if (use_offtbl && !kr_offtbl_ready)
+ update_offset_hash_table (kr_offtbl, aki, main_offset);
+ }
+ else if (pkt.pkttype == PKT_USER_ID)
+ {
+ uid = pkt.pkt.user_id;
+ ++uid_no;
+ }
+ else if ( pkt.pkttype == PKT_SECRET_KEY
+ || pkt.pkttype == PKT_SECRET_SUBKEY)
+ {
+ sk = pkt.pkt.secret_key;
+ ++pk_no;
+
+ if (need_fpr) {
+ fingerprint_from_sk (sk, afp, &an);
+ while (an < 20) /* fill up to 20 bytes */
+ afp[an++] = 0;
+ }
+ if (need_keyid)
+ keyid_from_sk (sk, aki);
+
+ }
+
+ for (n=0; n < ndesc; n++)
+ {
+ switch (desc[n].mode) {
+ case KEYDB_SEARCH_MODE_NONE:
+ BUG ();
+ break;
+ case KEYDB_SEARCH_MODE_EXACT:
+ case KEYDB_SEARCH_MODE_SUBSTR:
+ case KEYDB_SEARCH_MODE_MAIL:
+ case KEYDB_SEARCH_MODE_MAILSUB:
+ case KEYDB_SEARCH_MODE_MAILEND:
+ case KEYDB_SEARCH_MODE_WORDS:
+ if ( uid && !compare_name (desc[n].mode,
+ desc[n].u.name,
+ uid->name, uid->len))
+ goto found;
+ break;
+
+ case KEYDB_SEARCH_MODE_SHORT_KID:
+ if ((pk||sk) && desc[n].u.kid[1] == aki[1])
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_LONG_KID:
+ if ((pk||sk) && desc[n].u.kid[0] == aki[0]
+ && desc[n].u.kid[1] == aki[1])
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_FPR16:
+ if ((pk||sk) && !memcmp (desc[n].u.fpr, afp, 16))
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_FPR20:
+ case KEYDB_SEARCH_MODE_FPR:
+ if ((pk||sk) && !memcmp (desc[n].u.fpr, afp, 20))
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_FIRST:
+ if (pk||sk)
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_NEXT:
+ if (pk||sk)
+ goto found;
+ break;
+ default:
+ rc = G10ERR_INV_ARG;
+ goto found;
+ }
+ }
+ free_packet (&pkt);
+ continue;
+ found:
+ /* Record which desc we matched on. Note this value is only
+ meaningful if this function returns with no errors. */
+ if(descindex)
+ *descindex=n;
+ for (n=any_skip?0:ndesc; n < ndesc; n++)
+ {
+ if (desc[n].skipfnc
+ && desc[n].skipfnc (desc[n].skipfncvalue, aki, uid))
+ break;
+ }
+ if (n == ndesc)
+ goto real_found;
+ free_packet (&pkt);
+ }
+ real_found:
+ if (!rc)
+ {
+ hd->found.offset = main_offset;
+ hd->found.kr = hd->current.kr;
+ hd->found.pk_no = (pk||sk)? pk_no : 0;
+ hd->found.uid_no = uid? uid_no : 0;
+ }
+ else if (rc == -1)
+ {
+ hd->current.eof = 1;
+ /* if we scanned all keyrings, we are sure that
+ * all known key IDs are in our offtbl, mark that. */
+ if (use_offtbl && !kr_offtbl_ready)
+ {
+ KR_NAME kr;
+
+ /* First set the did_full_scan flag for this keyring (ignore
+ secret keyrings) */
+ for (kr=kr_names; kr; kr = kr->next)
+ {
+ if (!kr->secret && hd->resource == kr)
+ {
+ kr->did_full_scan = 1;
+ break;
+ }
+ }
+ /* Then check whether all flags are set and if so, mark the
+ offtbl ready */
+ for (kr=kr_names; kr; kr = kr->next)
+ {
+ if (!kr->secret && !kr->did_full_scan)
+ break;
+ }
+ if (!kr)
+ kr_offtbl_ready = 1;
+ }
+ }
+ else
+ hd->current.error = rc;
+
+ free_packet(&pkt);
+ set_packet_list_mode(save_mode);
+ return rc;
+}
+
+
+static int
+create_tmp_file (const char *template,
+ char **r_bakfname, char **r_tmpfname, IOBUF *r_fp)
+{
+ char *bakfname, *tmpfname;
+ mode_t oldmask;
+
+ *r_bakfname = NULL;
+ *r_tmpfname = NULL;
+
+# ifdef USE_ONLY_8DOT3
+ /* Here is another Windoze bug?:
+ * you cant rename("pubring.gpg.tmp", "pubring.gpg");
+ * but rename("pubring.gpg.tmp", "pubring.aaa");
+ * works. So we replace .gpg by .bak or .tmp
+ */
+ if (strlen (template) > 4
+ && !strcmp (template+strlen(template)-4, EXTSEP_S "gpg") )
+ {
+ bakfname = xmalloc (strlen (template) + 1);
+ strcpy (bakfname, template);
+ strcpy (bakfname+strlen(template)-4, EXTSEP_S "bak");
+
+ tmpfname = xmalloc (strlen( template ) + 1 );
+ strcpy (tmpfname,template);
+ strcpy (tmpfname+strlen(template)-4, EXTSEP_S "tmp");
+ }
+ else
+ { /* file does not end with gpg; hmmm */
+ bakfname = xmalloc (strlen( template ) + 5);
+ strcpy (stpcpy(bakfname, template), EXTSEP_S "bak");
+
+ tmpfname = xmalloc (strlen( template ) + 5);
+ strcpy (stpcpy(tmpfname, template), EXTSEP_S "tmp");
+ }
+# else /* Posix file names */
+ bakfname = xmalloc (strlen( template ) + 2);
+ strcpy (stpcpy (bakfname,template),"~");
+
+ tmpfname = xmalloc (strlen( template ) + 5);
+ strcpy (stpcpy(tmpfname,template), EXTSEP_S "tmp");
+# endif /* Posix filename */
+
+ /* Create the temp file with limited access */
+ oldmask=umask(077);
+ if (is_secured_filename (tmpfname))
+ {
+ *r_fp = NULL;
+ errno = EPERM;
+ }
+ else
+ *r_fp = iobuf_create (tmpfname);
+ umask(oldmask);
+ if (!*r_fp)
+ {
+ int rc = gpg_error_from_syserror ();
+ log_error(_("can't create `%s': %s\n"), tmpfname, strerror(errno) );
+ xfree (tmpfname);
+ xfree (bakfname);
+ return rc;
+ }
+
+ *r_bakfname = bakfname;
+ *r_tmpfname = tmpfname;
+ return 0;
+}
+
+
+static int
+rename_tmp_file (const char *bakfname, const char *tmpfname,
+ const char *fname, int secret )
+{
+ int rc = 0;
+
+ /* It's a secret keyring, so let's force a fsync just to be safe on
+ filesystems that may not sync data and metadata together
+ (e.g. ext4). */
+ if (secret && iobuf_ioctl (NULL, 4, 0, (char*)tmpfname))
+ {
+ rc = gpg_error_from_syserror ();
+ goto fail;
+ }
+
+ /* Invalidate close caches. */
+ if (iobuf_ioctl (NULL, 2, 0, (char*)tmpfname ))
+ {
+ rc = gpg_error_from_syserror ();
+ goto fail;
+ }
+ iobuf_ioctl (NULL, 2, 0, (char*)bakfname );
+ iobuf_ioctl (NULL, 2, 0, (char*)fname );
+
+ /* first make a backup file except for secret keyrings */
+ if (!secret)
+ {
+#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
+ remove (bakfname);
+#endif
+ if (rename (fname, bakfname) )
+ {
+ rc = gpg_error_from_syserror ();
+ log_error ("renaming `%s' to `%s' failed: %s\n",
+ fname, bakfname, strerror(errno) );
+ return rc;
+ }
+ }
+
+ /* then rename the file */
+#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
+ remove( fname );
+#endif
+ if (secret)
+ unregister_secured_file (fname);
+ if (rename (tmpfname, fname) )
+ {
+ rc = gpg_error_from_syserror ();
+ log_error (_("renaming `%s' to `%s' failed: %s\n"),
+ tmpfname, fname, strerror(errno) );
+ register_secured_file (fname);
+ goto fail;
+ }
+
+ /* Now make sure the file has the same permissions as the original */
+
+#ifndef HAVE_DOSISH_SYSTEM
+ {
+ struct stat statbuf;
+
+ statbuf.st_mode=S_IRUSR | S_IWUSR;
+
+ if (((secret && !opt.preserve_permissions)
+ || !stat (bakfname,&statbuf))
+ && !chmod (fname,statbuf.st_mode))
+ ;
+ else
+ log_error ("WARNING: unable to restore permissions to `%s': %s",
+ fname, strerror(errno));
+ }
+#endif
+
+ return 0;
+
+ fail:
+ if (secret)
+ {
+ log_info(_("WARNING: 2 files with confidential information exists.\n"));
+ log_info(_("%s is the unchanged one\n"), fname );
+ log_info(_("%s is the new one\n"), tmpfname );
+ log_info(_("Please fix this possible security flaw\n"));
+ }
+ return rc;
+}
+
+
+static int
+write_keyblock (IOBUF fp, KBNODE keyblock)
+{
+ KBNODE kbctx = NULL, node;
+ int rc;
+
+ while ( (node = walk_kbnode (keyblock, &kbctx, 0)) )
+ {
+ if (node->pkt->pkttype == PKT_RING_TRUST)
+ continue; /* we write it later on our own */
+
+ if ( (rc = build_packet (fp, node->pkt) ))
+ {
+ log_error ("build_packet(%d) failed: %s\n",
+ node->pkt->pkttype, g10_errstr(rc) );
+ return rc;
+ }
+ if (node->pkt->pkttype == PKT_SIGNATURE)
+ { /* always write a signature cache packet */
+ PKT_signature *sig = node->pkt->pkt.signature;
+ unsigned int cacheval = 0;
+
+ if (sig->flags.checked)
+ {
+ cacheval |= 1;
+ if (sig->flags.valid)
+ cacheval |= 2;
+ }
+ iobuf_put (fp, 0xb0); /* old style packet 12, 1 byte len*/
+ iobuf_put (fp, 2); /* 2 bytes */
+ iobuf_put (fp, 0); /* unused */
+ if (iobuf_put (fp, cacheval))
+ {
+ rc = gpg_error_from_syserror ();
+ log_error ("writing sigcache packet failed\n");
+ return rc;
+ }
+ }
+ }
+ return 0;
+}
+
+/*
+ * Walk over all public keyrings, check the signatures and replace the
+ * keyring with a new one where the signature cache is then updated.
+ * This is only done for the public keyrings.
+ */
+int
+keyring_rebuild_cache (void *token,int noisy)
+{
+ KEYRING_HANDLE hd;
+ KEYDB_SEARCH_DESC desc;
+ KBNODE keyblock = NULL, node;
+ const char *lastresname = NULL, *resname;
+ IOBUF tmpfp = NULL;
+ char *tmpfilename = NULL;
+ char *bakfilename = NULL;
+ int rc;
+ ulong count = 0, sigcount = 0;
+
+ hd = keyring_new (token, 0);
+ memset (&desc, 0, sizeof desc);
+ desc.mode = KEYDB_SEARCH_MODE_FIRST;
+
+ rc=keyring_lock (hd, 1);
+ if(rc)
+ goto leave;
+
+ while ( !(rc = keyring_search (hd, &desc, 1, NULL)) )
+ {
+ desc.mode = KEYDB_SEARCH_MODE_NEXT;
+ resname = keyring_get_resource_name (hd);
+ if (lastresname != resname )
+ { /* we have switched to a new keyring - commit changes */
+ if (tmpfp)
+ {
+ if (iobuf_close (tmpfp))
+ {
+ rc = gpg_error_from_syserror ();
+ log_error ("error closing `%s': %s\n",
+ tmpfilename, strerror (errno));
+ goto leave;
+ }
+ /* because we have switched resources, we can be sure that
+ * the original file is closed */
+ tmpfp = NULL;
+ }
+ rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
+ lastresname, 0) : 0;
+ xfree (tmpfilename); tmpfilename = NULL;
+ xfree (bakfilename); bakfilename = NULL;
+ if (rc)
+ goto leave;
+ lastresname = resname;
+ if (noisy && !opt.quiet)
+ log_info (_("caching keyring `%s'\n"), resname);
+ rc = create_tmp_file (resname, &bakfilename, &tmpfilename, &tmpfp);
+ if (rc)
+ goto leave;
+ }
+
+ release_kbnode (keyblock);
+ rc = keyring_get_keyblock (hd, &keyblock);
+ if (rc)
+ {
+ log_error ("keyring_get_keyblock failed: %s\n", g10_errstr(rc));
+ goto leave;
+ }
+ if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
+ {
+ /* We had a few reports about corrupted keyrings; if we have
+ been called directly from the command line we delete such
+ a keyblock instead of bailing out. */
+ log_error ("unexpected keyblock found (pkttype=%d)%s\n",
+ keyblock->pkt->pkttype, noisy? " - deleted":"");
+ if (noisy)
+ continue;
+ log_info ("Hint: backup your keys and try running `%s'\n",
+ "gpg --rebuild-keydb-caches");
+ rc = gpg_error (GPG_ERR_INV_KEYRING);
+ goto leave;
+ }
+
+ /* check all signature to set the signature's cache flags */
+ for (node=keyblock; node; node=node->next)
+ {
+ /* Note that this doesn't cache the result of a revocation
+ issued by a designated revoker. This is because the pk
+ in question does not carry the revkeys as we haven't
+ merged the key and selfsigs. It is questionable whether
+ this matters very much since there are very very few
+ designated revoker revocation packets out there. */
+
+ if (node->pkt->pkttype == PKT_SIGNATURE)
+ {
+ PKT_signature *sig=node->pkt->pkt.signature;
+
+ if(!opt.no_sig_cache && sig->flags.checked && sig->flags.valid
+ && (openpgp_md_test_algo(sig->digest_algo)
+ || openpgp_pk_test_algo(sig->pubkey_algo)))
+ sig->flags.checked=sig->flags.valid=0;
+ else
+ check_key_signature (keyblock, node, NULL);
+
+ sigcount++;
+ }
+ }
+
+ /* write the keyblock to the temporary file */
+ rc = write_keyblock (tmpfp, keyblock);
+ if (rc)
+ goto leave;
+
+ if ( !(++count % 50) && noisy && !opt.quiet)
+ log_info(_("%lu keys cached so far (%lu signatures)\n"),
+ count, sigcount );
+
+ } /* end main loop */
+ if (rc == -1)
+ rc = 0;
+ if (rc)
+ {
+ log_error ("keyring_search failed: %s\n", g10_errstr(rc));
+ goto leave;
+ }
+ if(noisy || opt.verbose)
+ log_info(_("%lu keys cached (%lu signatures)\n"), count, sigcount );
+ if (tmpfp)
+ {
+ if (iobuf_close (tmpfp))
+ {
+ rc = gpg_error_from_syserror ();
+ log_error ("error closing `%s': %s\n",
+ tmpfilename, strerror (errno));
+ goto leave;
+ }
+ /* because we have switched resources, we can be sure that
+ * the original file is closed */
+ tmpfp = NULL;
+ }
+ rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
+ lastresname, 0) : 0;
+ xfree (tmpfilename); tmpfilename = NULL;
+ xfree (bakfilename); bakfilename = NULL;
+
+ leave:
+ if (tmpfp)
+ iobuf_cancel (tmpfp);
+ xfree (tmpfilename);
+ xfree (bakfilename);
+ release_kbnode (keyblock);
+ keyring_lock (hd, 0);
+ keyring_release (hd);
+ return rc;
+}
+
+
+/****************
+ * Perform insert/delete/update operation.
+ * mode 1 = insert
+ * 2 = delete
+ * 3 = update
+ */
+static int
+do_copy (int mode, const char *fname, KBNODE root, int secret,
+ off_t start_offset, unsigned int n_packets )
+{
+ IOBUF fp, newfp;
+ int rc=0;
+ char *bakfname = NULL;
+ char *tmpfname = NULL;
+
+ /* Open the source file. Because we do a rename, we have to check the
+ permissions of the file */
+ if (access (fname, W_OK))
+ return gpg_error_from_syserror ();
+
+ fp = iobuf_open (fname);
+ if (mode == 1 && !fp && errno == ENOENT) {
+ /* insert mode but file does not exist: create a new file */
+ KBNODE kbctx, node;
+ mode_t oldmask;
+
+ oldmask=umask(077);
+ if (!secret && is_secured_filename (fname)) {
+ newfp = NULL;
+ errno = EPERM;
+ }
+ else
+ newfp = iobuf_create (fname);
+ umask(oldmask);
+ if( !newfp )
+ {
+ rc = gpg_error_from_syserror ();
+ log_error (_("can't create `%s': %s\n"), fname, strerror(errno));
+ return rc;
+ }
+ if( !opt.quiet )
+ log_info(_("%s: keyring created\n"), fname );
+
+ kbctx=NULL;
+ while ( (node = walk_kbnode( root, &kbctx, 0 )) ) {
+ if( (rc = build_packet( newfp, node->pkt )) ) {
+ log_error("build_packet(%d) failed: %s\n",
+ node->pkt->pkttype, g10_errstr(rc) );
+ iobuf_cancel(newfp);
+ return rc;
+ }
+ }
+ if( iobuf_close(newfp) ) {
+ rc = gpg_error_from_syserror ();
+ log_error ("%s: close failed: %s\n", fname, strerror(errno));
+ return rc;
+ }
+ return 0; /* ready */
+ }
+
+ if( !fp )
+ {
+ rc = gpg_error_from_syserror ();
+ log_error(_("can't open `%s': %s\n"), fname, strerror(errno) );
+ goto leave;
+ }
+
+ /* Create the new file. */
+ rc = create_tmp_file (fname, &bakfname, &tmpfname, &newfp);
+ if (rc) {
+ iobuf_close(fp);
+ goto leave;
+ }
+ if (secret)
+ register_secured_file (tmpfname);
+
+ if( mode == 1 ) { /* insert */
+ /* copy everything to the new file */
+ rc = copy_all_packets (fp, newfp);
+ if( rc != -1 ) {
+ log_error("%s: copy to `%s' failed: %s\n",
+ fname, tmpfname, g10_errstr(rc) );
+ iobuf_close(fp);
+ if (secret)
+ unregister_secured_file (tmpfname);
+ iobuf_cancel(newfp);
+ goto leave;
+ }
+ rc = 0;
+ }
+
+ if( mode == 2 || mode == 3 ) { /* delete or update */
+ /* copy first part to the new file */
+ rc = copy_some_packets( fp, newfp, start_offset );
+ if( rc ) { /* should never get EOF here */
+ log_error ("%s: copy to `%s' failed: %s\n",
+ fname, tmpfname, g10_errstr(rc) );
+ iobuf_close(fp);
+ if (secret)
+ unregister_secured_file (tmpfname);
+ iobuf_cancel(newfp);
+ goto leave;
+ }
+ /* skip this keyblock */
+ assert( n_packets );
+ rc = skip_some_packets( fp, n_packets );
+ if( rc ) {
+ log_error("%s: skipping %u packets failed: %s\n",
+ fname, n_packets, g10_errstr(rc));
+ iobuf_close(fp);
+ if (secret)
+ unregister_secured_file (tmpfname);
+ iobuf_cancel(newfp);
+ goto leave;
+ }
+ }
+
+ if( mode == 1 || mode == 3 ) { /* insert or update */
+ rc = write_keyblock (newfp, root);
+ if (rc) {
+ iobuf_close(fp);
+ if (secret)
+ unregister_secured_file (tmpfname);
+ iobuf_cancel(newfp);
+ goto leave;
+ }
+ }
+
+ if( mode == 2 || mode == 3 ) { /* delete or update */
+ /* copy the rest */
+ rc = copy_all_packets( fp, newfp );
+ if( rc != -1 ) {
+ log_error("%s: copy to `%s' failed: %s\n",
+ fname, tmpfname, g10_errstr(rc) );
+ iobuf_close(fp);
+ if (secret)
+ unregister_secured_file (tmpfname);
+ iobuf_cancel(newfp);
+ goto leave;
+ }
+ rc = 0;
+ }
+
+ /* close both files */
+ if( iobuf_close(fp) ) {
+ rc = gpg_error_from_syserror ();
+ log_error("%s: close failed: %s\n", fname, strerror(errno) );
+ goto leave;
+ }
+ if( iobuf_close(newfp) ) {
+ rc = gpg_error_from_syserror ();
+ log_error("%s: close failed: %s\n", tmpfname, strerror(errno) );
+ goto leave;
+ }
+
+ rc = rename_tmp_file (bakfname, tmpfname, fname, secret);
+
+ leave:
+ xfree(bakfname);
+ xfree(tmpfname);
+ return rc;
+}
diff --git a/g10/keyring.h b/g10/keyring.h
new file mode 100644
index 0000000..928605c
--- /dev/null
+++ b/g10/keyring.h
@@ -0,0 +1,44 @@
+/* keyring.h - Keyring operations
+ * Copyright (C) 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GPG_KEYRING_H
+#define GPG_KEYRING_H 1
+
+
+typedef struct keyring_handle *KEYRING_HANDLE;
+
+int keyring_register_filename (const char *fname, int secret, int readonly,
+ void **ptr);
+int keyring_is_writable (void *token);
+
+KEYRING_HANDLE keyring_new (void *token, int secret);
+void keyring_release (KEYRING_HANDLE hd);
+const char *keyring_get_resource_name (KEYRING_HANDLE hd);
+int keyring_lock (KEYRING_HANDLE hd, int yes);
+int keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb);
+int keyring_update_keyblock (KEYRING_HANDLE hd, KBNODE kb);
+int keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb);
+int keyring_locate_writable (KEYRING_HANDLE hd);
+int keyring_delete_keyblock (KEYRING_HANDLE hd);
+int keyring_search_reset (KEYRING_HANDLE hd);
+int keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+ size_t ndesc, size_t *descindex);
+int keyring_rebuild_cache (void *token,int noisy);
+
+#endif /*GPG_KEYRING_H*/
diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h
new file mode 100644
index 0000000..9f05c18
--- /dev/null
+++ b/g10/keyserver-internal.h
@@ -0,0 +1,52 @@
+/* keyserver-internal.h - Keyserver internals
+ * Copyright (C) 2001, 2002, 2004, 2005, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _KEYSERVER_INTERNAL_H_
+#define _KEYSERVER_INTERNAL_H_
+
+#include <time.h>
+#include "../common/keyserver.h"
+#include "../common/iobuf.h"
+#include "types.h"
+
+int parse_keyserver_options(char *options);
+void free_keyserver_spec(struct keyserver_spec *keyserver);
+struct keyserver_spec *keyserver_match(struct keyserver_spec *spec);
+struct keyserver_spec *parse_keyserver_uri(const char *string,
+ int require_scheme,
+ const char *configname,
+ unsigned int configlineno);
+struct keyserver_spec *parse_preferred_keyserver(PKT_signature *sig);
+int keyserver_export(strlist_t users);
+int keyserver_import(strlist_t users);
+int keyserver_import_fprint(const byte *fprint,size_t fprint_len,
+ struct keyserver_spec *keyserver);
+int keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver);
+int keyserver_refresh(strlist_t users);
+int keyserver_search(strlist_t tokens);
+int keyserver_fetch(strlist_t urilist);
+int keyserver_import_cert(const char *name,
+ unsigned char **fpr,size_t *fpr_len);
+int keyserver_import_pka(const char *name,unsigned char **fpr,size_t *fpr_len);
+int keyserver_import_name(const char *name,unsigned char **fpr,size_t *fpr_len,
+ struct keyserver_spec *keyserver);
+int keyserver_import_ldap(const char *name,
+ unsigned char **fpr,size_t *fpr_len);
+
+#endif /* !_KEYSERVER_INTERNAL_H_ */
diff --git a/g10/keyserver.c b/g10/keyserver.c
new file mode 100644
index 0000000..36c52f0
--- /dev/null
+++ b/g10/keyserver.c
@@ -0,0 +1,2203 @@
+/* keyserver.c - generic keyserver code
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+ * 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+
+#include "gpg.h"
+#include "iobuf.h"
+#include "filter.h"
+#include "keydb.h"
+#include "status.h"
+#include "exec.h"
+#include "main.h"
+#include "i18n.h"
+#include "ttyio.h"
+#include "options.h"
+#include "packet.h"
+#include "trustdb.h"
+#include "keyserver-internal.h"
+#include "util.h"
+#include "dns-cert.h"
+#include "pka.h"
+#ifdef USE_DNS_SRV
+#include "srv.h"
+#endif
+
+#ifdef HAVE_W32_SYSTEM
+/* It seems Vista doesn't grok X_OK and so fails access() tests.
+ Previous versions interpreted X_OK as F_OK anyway, so we'll just
+ use F_OK directly. */
+#undef X_OK
+#define X_OK F_OK
+#endif /* HAVE_W32_SYSTEM */
+
+struct keyrec
+{
+ KEYDB_SEARCH_DESC desc;
+ u32 createtime,expiretime;
+ int size,flags;
+ byte type;
+ IOBUF uidbuf;
+ unsigned int lines;
+};
+
+enum ks_action {KS_UNKNOWN=0,KS_GET,KS_GETNAME,KS_SEND,KS_SEARCH};
+
+static struct parse_options keyserver_opts[]=
+ {
+ /* some of these options are not real - just for the help
+ message */
+ {"max-cert-size",0,NULL,NULL},
+ {"include-revoked",0,NULL,N_("include revoked keys in search results")},
+ {"include-subkeys",0,NULL,N_("include subkeys when searching by key ID")},
+ {"use-temp-files",0,NULL,
+ N_("use temporary files to pass data to keyserver helpers")},
+ {"keep-temp-files",KEYSERVER_KEEP_TEMP_FILES,NULL,
+ N_("do not delete temporary files after using them")},
+ {"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL,
+ NULL},
+ {"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL,
+ N_("automatically retrieve keys when verifying signatures")},
+ {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL,
+ N_("honor the preferred keyserver URL set on the key")},
+ {"honor-pka-record",KEYSERVER_HONOR_PKA_RECORD,NULL,
+ N_("honor the PKA record set on a key when retrieving keys")},
+ {NULL,0,NULL,NULL}
+ };
+
+static int keyserver_work(enum ks_action action,strlist_t list,
+ KEYDB_SEARCH_DESC *desc,int count,
+ unsigned char **fpr,size_t *fpr_len,
+ struct keyserver_spec *keyserver);
+
+/* Reasonable guess */
+#define DEFAULT_MAX_CERT_SIZE 16384
+
+static size_t max_cert_size=DEFAULT_MAX_CERT_SIZE;
+
+static void
+add_canonical_option(char *option,strlist_t *list)
+{
+ char *arg=argsplit(option);
+
+ if(arg)
+ {
+ char *joined;
+
+ joined=xmalloc(strlen(option)+1+strlen(arg)+1);
+ /* Make a canonical name=value form with no spaces */
+ strcpy(joined,option);
+ strcat(joined,"=");
+ strcat(joined,arg);
+ append_to_strlist(list,joined);
+ xfree(joined);
+ }
+ else
+ append_to_strlist(list,option);
+}
+
+int
+parse_keyserver_options(char *options)
+{
+ int ret=1;
+ char *tok;
+ char *max_cert=NULL;
+
+ keyserver_opts[0].value=&max_cert;
+
+ while((tok=optsep(&options)))
+ {
+ if(tok[0]=='\0')
+ continue;
+
+ /* For backwards compatibility. 1.2.x used honor-http-proxy and
+ there are a good number of documents published that recommend
+ it. */
+ if(ascii_strcasecmp(tok,"honor-http-proxy")==0)
+ tok="http-proxy";
+ else if(ascii_strcasecmp(tok,"no-honor-http-proxy")==0)
+ tok="no-http-proxy";
+
+ /* We accept quite a few possible options here - some options to
+ handle specially, the keyserver_options list, and import and
+ export options that pertain to keyserver operations. Note
+ that you must use strncasecmp here as there might be an
+ =argument attached which will foil the use of strcasecmp. */
+
+#ifdef EXEC_TEMPFILE_ONLY
+ if(ascii_strncasecmp(tok,"use-temp-files",14)==0 ||
+ ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
+ log_info(_("WARNING: keyserver option `%s' is not used"
+ " on this platform\n"),tok);
+#else
+ if(ascii_strncasecmp(tok,"use-temp-files",14)==0)
+ opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
+ else if(ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
+ opt.keyserver_options.options&=~KEYSERVER_USE_TEMP_FILES;
+#endif
+ else if(!parse_options(tok,&opt.keyserver_options.options,
+ keyserver_opts,0)
+ && !parse_import_options(tok,
+ &opt.keyserver_options.import_options,0)
+ && !parse_export_options(tok,
+ &opt.keyserver_options.export_options,0))
+ {
+ /* All of the standard options have failed, so the option is
+ destined for a keyserver plugin. */
+ add_canonical_option(tok,&opt.keyserver_options.other);
+ }
+ }
+
+ if(max_cert)
+ {
+ max_cert_size=strtoul(max_cert,(char **)NULL,10);
+
+ if(max_cert_size==0)
+ max_cert_size=DEFAULT_MAX_CERT_SIZE;
+ }
+
+ return ret;
+}
+
+void
+free_keyserver_spec(struct keyserver_spec *keyserver)
+{
+ xfree(keyserver->uri);
+ xfree(keyserver->scheme);
+ xfree(keyserver->auth);
+ xfree(keyserver->host);
+ xfree(keyserver->port);
+ xfree(keyserver->path);
+ xfree(keyserver->opaque);
+ free_strlist(keyserver->options);
+ xfree(keyserver);
+}
+
+/* Return 0 for match */
+static int
+cmp_keyserver_spec(struct keyserver_spec *one,struct keyserver_spec *two)
+{
+ if(ascii_strcasecmp(one->scheme,two->scheme)==0)
+ {
+ if(one->host && two->host && ascii_strcasecmp(one->host,two->host)==0)
+ {
+ if((one->port && two->port
+ && ascii_strcasecmp(one->port,two->port)==0)
+ || (!one->port && !two->port))
+ return 0;
+ }
+ else if(one->opaque && two->opaque
+ && ascii_strcasecmp(one->opaque,two->opaque)==0)
+ return 0;
+ }
+
+ return 1;
+}
+
+/* Try and match one of our keyservers. If we can, return that. If
+ we can't, return our input. */
+struct keyserver_spec *
+keyserver_match(struct keyserver_spec *spec)
+{
+ struct keyserver_spec *ks;
+
+ for(ks=opt.keyserver;ks;ks=ks->next)
+ if(cmp_keyserver_spec(spec,ks)==0)
+ return ks;
+
+ return spec;
+}
+
+/* TODO: once we cut over to an all-curl world, we don't need this
+ parser any longer so it can be removed, or at least moved to
+ keyserver/ksutil.c for limited use in gpgkeys_ldap or the like. */
+
+struct keyserver_spec *
+parse_keyserver_uri(const char *string,int require_scheme,
+ const char *configname,unsigned int configlineno)
+{
+ int assume_hkp=0;
+ struct keyserver_spec *keyserver;
+ const char *idx;
+ int count;
+ char *uri,*options;
+
+ assert(string!=NULL);
+
+ keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
+
+ uri=xstrdup(string);
+
+ options=strchr(uri,' ');
+ if(options)
+ {
+ char *tok;
+
+ *options='\0';
+ options++;
+
+ while((tok=optsep(&options)))
+ add_canonical_option(tok,&keyserver->options);
+ }
+
+ /* Get the scheme */
+
+ for(idx=uri,count=0;*idx && *idx!=':';idx++)
+ {
+ count++;
+
+ /* Do we see the start of an RFC-2732 ipv6 address here? If so,
+ there clearly isn't a scheme so get out early. */
+ if(*idx=='[')
+ {
+ /* Was the '[' the first thing in the string? If not, we
+ have a mangled scheme with a [ in it so fail. */
+ if(count==1)
+ break;
+ else
+ goto fail;
+ }
+ }
+
+ if(count==0)
+ goto fail;
+
+ if(*idx=='\0' || *idx=='[')
+ {
+ if(require_scheme)
+ return NULL;
+
+ /* Assume HKP if there is no scheme */
+ assume_hkp=1;
+ keyserver->scheme=xstrdup("hkp");
+
+ keyserver->uri=xmalloc(strlen(keyserver->scheme)+3+strlen(uri)+1);
+ strcpy(keyserver->uri,keyserver->scheme);
+ strcat(keyserver->uri,"://");
+ strcat(keyserver->uri,uri);
+ }
+ else
+ {
+ int i;
+
+ keyserver->uri=xstrdup(uri);
+
+ keyserver->scheme=xmalloc(count+1);
+
+ /* Force to lowercase */
+ for(i=0;i<count;i++)
+ keyserver->scheme[i]=ascii_tolower(uri[i]);
+
+ keyserver->scheme[i]='\0';
+
+ /* Skip past the scheme and colon */
+ uri+=count+1;
+ }
+
+ if(ascii_strcasecmp(keyserver->scheme,"x-broken-hkp")==0)
+ {
+ deprecated_warning(configname,configlineno,"x-broken-hkp",
+ "--keyserver-options ","broken-http-proxy");
+ xfree(keyserver->scheme);
+ keyserver->scheme=xstrdup("hkp");
+ append_to_strlist(&opt.keyserver_options.other,"broken-http-proxy");
+ }
+ else if(ascii_strcasecmp(keyserver->scheme,"x-hkp")==0)
+ {
+ /* Canonicalize this to "hkp" so it works with both the internal
+ and external keyserver interface. */
+ xfree(keyserver->scheme);
+ keyserver->scheme=xstrdup("hkp");
+ }
+
+ if (uri[0]=='/' && uri[1]=='/' && uri[2] == '/')
+ {
+ /* Three slashes means network path with a default host name.
+ This is a hack because it does not crok all possible
+ combiantions. We should better repalce all code bythe parser
+ from http.c. */
+ keyserver->path = xstrdup (uri+2);
+ }
+ else if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
+ {
+ /* Two slashes means network path. */
+
+ /* Skip over the "//", if any */
+ if(!assume_hkp)
+ uri+=2;
+
+ /* Do we have userinfo auth data present? */
+ for(idx=uri,count=0;*idx && *idx!='@' && *idx!='/';idx++)
+ count++;
+
+ /* We found a @ before the slash, so that means everything
+ before the @ is auth data. */
+ if(*idx=='@')
+ {
+ if(count==0)
+ goto fail;
+
+ keyserver->auth=xmalloc(count+1);
+ strncpy(keyserver->auth,uri,count);
+ keyserver->auth[count]='\0';
+ uri+=count+1;
+ }
+
+ /* Is it an RFC-2732 ipv6 [literal address] ? */
+ if(*uri=='[')
+ {
+ for(idx=uri+1,count=1;*idx
+ && ((isascii (*idx) && isxdigit(*idx))
+ || *idx==':' || *idx=='.');idx++)
+ count++;
+
+ /* Is the ipv6 literal address terminated? */
+ if(*idx==']')
+ count++;
+ else
+ goto fail;
+ }
+ else
+ for(idx=uri,count=0;*idx && *idx!=':' && *idx!='/';idx++)
+ count++;
+
+ if(count==0)
+ goto fail;
+
+ keyserver->host=xmalloc(count+1);
+ strncpy(keyserver->host,uri,count);
+ keyserver->host[count]='\0';
+
+ /* Skip past the host */
+ uri+=count;
+
+ if(*uri==':')
+ {
+ /* It would seem to be reasonable to limit the range of the
+ ports to values between 1-65535, but RFC 1738 and 1808
+ imply there is no limit. Of course, the real world has
+ limits. */
+
+ for(idx=uri+1,count=0;*idx && *idx!='/';idx++)
+ {
+ count++;
+
+ /* Ports are digits only */
+ if(!digitp(idx))
+ goto fail;
+ }
+
+ keyserver->port=xmalloc(count+1);
+ strncpy(keyserver->port,uri+1,count);
+ keyserver->port[count]='\0';
+
+ /* Skip past the colon and port number */
+ uri+=1+count;
+ }
+
+ /* Everything else is the path */
+ if(*uri)
+ keyserver->path=xstrdup(uri);
+ else
+ keyserver->path=xstrdup("/");
+
+ if(keyserver->path[1])
+ keyserver->flags.direct_uri=1;
+ }
+ else if(uri[0]!='/')
+ {
+ /* No slash means opaque. Just record the opaque blob and get
+ out. */
+ keyserver->opaque=xstrdup(uri);
+ }
+ else
+ {
+ /* One slash means absolute path. We don't need to support that
+ yet. */
+ goto fail;
+ }
+
+ return keyserver;
+
+ fail:
+ free_keyserver_spec(keyserver);
+
+ return NULL;
+}
+
+struct keyserver_spec *
+parse_preferred_keyserver(PKT_signature *sig)
+{
+ struct keyserver_spec *spec=NULL;
+ const byte *p;
+ size_t plen;
+
+ p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
+ if(p && plen)
+ {
+ byte *dupe=xmalloc(plen+1);
+
+ memcpy(dupe,p,plen);
+ dupe[plen]='\0';
+ spec=parse_keyserver_uri(dupe,1,NULL,0);
+ xfree(dupe);
+ }
+
+ return spec;
+}
+
+static void
+print_keyrec(int number,struct keyrec *keyrec)
+{
+ int i;
+
+ iobuf_writebyte(keyrec->uidbuf,0);
+ iobuf_flush_temp(keyrec->uidbuf);
+ printf("(%d)\t%s ",number,iobuf_get_temp_buffer(keyrec->uidbuf));
+
+ if(keyrec->size>0)
+ printf("%d bit ",keyrec->size);
+
+ if(keyrec->type)
+ {
+ const char *str = gcry_pk_algo_name (keyrec->type);
+
+ if(str)
+ printf("%s ",str);
+ else
+ printf("unknown ");
+ }
+
+ switch(keyrec->desc.mode)
+ {
+ /* If the keyserver helper gave us a short keyid, we have no
+ choice but to use it. Do check --keyid-format to add a 0x if
+ needed. */
+ case KEYDB_SEARCH_MODE_SHORT_KID:
+ printf("key %s%08lX",
+ (opt.keyid_format==KF_0xSHORT
+ || opt.keyid_format==KF_0xLONG)?"0x":"",
+ (ulong)keyrec->desc.u.kid[1]);
+ break;
+
+ /* However, if it gave us a long keyid, we can honor
+ --keyid-format */
+ case KEYDB_SEARCH_MODE_LONG_KID:
+ printf("key %s",keystr(keyrec->desc.u.kid));
+ break;
+
+ case KEYDB_SEARCH_MODE_FPR16:
+ printf("key ");
+ for(i=0;i<16;i++)
+ printf("%02X",keyrec->desc.u.fpr[i]);
+ break;
+
+ case KEYDB_SEARCH_MODE_FPR20:
+ printf("key ");
+ for(i=0;i<20;i++)
+ printf("%02X",keyrec->desc.u.fpr[i]);
+ break;
+
+ default:
+ BUG();
+ break;
+ }
+
+ if(keyrec->createtime>0)
+ {
+ printf(", ");
+ printf(_("created: %s"),strtimestamp(keyrec->createtime));
+ }
+
+ if(keyrec->expiretime>0)
+ {
+ printf(", ");
+ printf(_("expires: %s"),strtimestamp(keyrec->expiretime));
+ }
+
+ if(keyrec->flags&1)
+ printf(" (%s)",_("revoked"));
+ if(keyrec->flags&2)
+ printf(" (%s)",_("disabled"));
+ if(keyrec->flags&4)
+ printf(" (%s)",_("expired"));
+
+ printf("\n");
+}
+
+/* Returns a keyrec (which must be freed) once a key is complete, and
+ NULL otherwise. Call with a NULL keystring once key parsing is
+ complete to return any unfinished keys. */
+static struct keyrec *
+parse_keyrec(char *keystring)
+{
+ static struct keyrec *work=NULL;
+ struct keyrec *ret=NULL;
+ char *record;
+ int i;
+
+ if(keystring==NULL)
+ {
+ if(work==NULL)
+ return NULL;
+ else if(work->desc.mode==KEYDB_SEARCH_MODE_NONE)
+ {
+ xfree(work);
+ return NULL;
+ }
+ else
+ {
+ ret=work;
+ work=NULL;
+ return ret;
+ }
+ }
+
+ if(work==NULL)
+ {
+ work=xmalloc_clear(sizeof(struct keyrec));
+ work->uidbuf=iobuf_temp();
+ }
+
+ /* Remove trailing whitespace */
+ for(i=strlen(keystring);i>0;i--)
+ if(ascii_isspace(keystring[i-1]))
+ keystring[i-1]='\0';
+ else
+ break;
+
+ if((record=strsep(&keystring,":"))==NULL)
+ return ret;
+
+ if(ascii_strcasecmp("pub",record)==0)
+ {
+ char *tok;
+
+ if(work->desc.mode)
+ {
+ ret=work;
+ work=xmalloc_clear(sizeof(struct keyrec));
+ work->uidbuf=iobuf_temp();
+ }
+
+ if((tok=strsep(&keystring,":"))==NULL)
+ return ret;
+
+ classify_user_id(tok,&work->desc);
+ if(work->desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID
+ && work->desc.mode!=KEYDB_SEARCH_MODE_LONG_KID
+ && work->desc.mode!=KEYDB_SEARCH_MODE_FPR16
+ && work->desc.mode!=KEYDB_SEARCH_MODE_FPR20)
+ {
+ work->desc.mode=KEYDB_SEARCH_MODE_NONE;
+ return ret;
+ }
+
+ /* Note all items after this are optional. This allows us to
+ have a pub line as simple as pub:keyid and nothing else. */
+
+ work->lines++;
+
+ if((tok=strsep(&keystring,":"))==NULL)
+ return ret;
+
+ work->type=atoi(tok);
+
+ if((tok=strsep(&keystring,":"))==NULL)
+ return ret;
+
+ work->size=atoi(tok);
+
+ if((tok=strsep(&keystring,":"))==NULL)
+ return ret;
+
+ if(atoi(tok)<=0)
+ work->createtime=0;
+ else
+ work->createtime=atoi(tok);
+
+ if((tok=strsep(&keystring,":"))==NULL)
+ return ret;
+
+ if(atoi(tok)<=0)
+ work->expiretime=0;
+ else
+ {
+ work->expiretime=atoi(tok);
+ /* Force the 'e' flag on if this key is expired. */
+ if(work->expiretime<=make_timestamp())
+ work->flags|=4;
+ }
+
+ if((tok=strsep(&keystring,":"))==NULL)
+ return ret;
+
+ while(*tok)
+ switch(*tok++)
+ {
+ case 'r':
+ case 'R':
+ work->flags|=1;
+ break;
+
+ case 'd':
+ case 'D':
+ work->flags|=2;
+ break;
+
+ case 'e':
+ case 'E':
+ work->flags|=4;
+ break;
+ }
+ }
+ else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
+ {
+ char *userid,*tok,*decoded;
+
+ if((tok=strsep(&keystring,":"))==NULL)
+ return ret;
+
+ if(strlen(tok)==0)
+ return ret;
+
+ userid=tok;
+
+ /* By definition, de-%-encoding is always smaller than the
+ original string so we can decode in place. */
+
+ i=0;
+
+ while(*tok)
+ if(tok[0]=='%' && tok[1] && tok[2])
+ {
+ int c;
+
+ userid[i] = (c=hextobyte(&tok[1])) == -1 ? '?' : c;
+ i++;
+ tok+=3;
+ }
+ else
+ userid[i++]=*tok++;
+
+ /* We don't care about the other info provided in the uid: line
+ since no keyserver supports marking userids with timestamps
+ or revoked/expired/disabled yet. */
+
+ /* No need to check for control characters, as utf8_to_native
+ does this for us. */
+
+ decoded=utf8_to_native(userid,i,0);
+ if(strlen(decoded)>opt.screen_columns-10)
+ decoded[opt.screen_columns-10]='\0';
+ iobuf_writestr(work->uidbuf,decoded);
+ xfree(decoded);
+ iobuf_writestr(work->uidbuf,"\n\t");
+ work->lines++;
+ }
+
+ /* Ignore any records other than "pri" and "uid" for easy future
+ growth. */
+
+ return ret;
+}
+
+/* TODO: do this as a list sent to keyserver_work rather than calling
+ it once for each key to get the correct counts after the import
+ (cosmetics, really) and to better take advantage of the keyservers
+ that can do multiple fetches in one go (LDAP). */
+static int
+show_prompt(KEYDB_SEARCH_DESC *desc,int numdesc,int count,const char *search)
+{
+ char *answer;
+
+ fflush (stdout);
+
+ if(count && opt.command_fd==-1)
+ {
+ static int from=1;
+ tty_printf("Keys %d-%d of %d for \"%s\". ",from,numdesc,count,search);
+ from=numdesc+1;
+ }
+
+ answer=cpr_get_no_help("keysearch.prompt",
+ _("Enter number(s), N)ext, or Q)uit > "));
+ /* control-d */
+ if(answer[0]=='\x04')
+ {
+ printf("Q\n");
+ answer[0]='q';
+ }
+
+ if(answer[0]=='q' || answer[0]=='Q')
+ {
+ xfree(answer);
+ return 1;
+ }
+ else if(atoi(answer)>=1 && atoi(answer)<=numdesc)
+ {
+ char *split=answer,*num;
+
+ while((num=strsep(&split," ,"))!=NULL)
+ if(atoi(num)>=1 && atoi(num)<=numdesc)
+ keyserver_work(KS_GET,NULL,&desc[atoi(num)-1],1,
+ NULL,NULL,opt.keyserver);
+
+ xfree(answer);
+ return 1;
+ }
+
+ return 0;
+}
+
+/* Count and searchstr are just for cosmetics. If the count is too
+ small, it will grow safely. If negative it disables the "Key x-y
+ of z" messages. searchstr should be UTF-8 (rather than native). */
+static void
+keyserver_search_prompt(IOBUF buffer,const char *searchstr)
+{
+ int i=0,validcount=0,started=0,header=0,count=1;
+ unsigned int maxlen,buflen,numlines=0;
+ KEYDB_SEARCH_DESC *desc;
+ byte *line=NULL;
+ char *localstr=NULL;
+
+ if(searchstr)
+ localstr=utf8_to_native(searchstr,strlen(searchstr),0);
+
+ desc=xmalloc(count*sizeof(KEYDB_SEARCH_DESC));
+
+ for(;;)
+ {
+ struct keyrec *keyrec;
+ int rl;
+
+ maxlen=1024;
+ rl=iobuf_read_line(buffer,&line,&buflen,&maxlen);
+
+ if(opt.with_colons)
+ {
+ if(!header && ascii_strncasecmp("SEARCH ",line,7)==0
+ && ascii_strncasecmp(" BEGIN",&line[strlen(line)-7],6)==0)
+ {
+ header=1;
+ continue;
+ }
+ else if(ascii_strncasecmp("SEARCH ",line,7)==0
+ && ascii_strncasecmp(" END",&line[strlen(line)-5],4)==0)
+ continue;
+
+ printf("%s",line);
+ }
+
+ /* Look for an info: line. The only current info: values
+ defined are the version and key count. */
+ if(!started && rl>0 && ascii_strncasecmp("info:",line,5)==0)
+ {
+ char *tok,*str=&line[5];
+
+ if((tok=strsep(&str,":"))!=NULL)
+ {
+ int version;
+
+ if(sscanf(tok,"%d",&version)!=1)
+ version=1;
+
+ if(version!=1)
+ {
+ log_error(_("invalid keyserver protocol "
+ "(us %d!=handler %d)\n"),1,version);
+ break;
+ }
+ }
+
+ if((tok=strsep(&str,":"))!=NULL && sscanf(tok,"%d",&count)==1)
+ {
+ if(count==0)
+ goto notfound;
+ else if(count<0)
+ count=10;
+ else
+ validcount=1;
+
+ desc=xrealloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
+ }
+
+ started=1;
+ continue;
+ }
+
+ if(rl==0)
+ {
+ keyrec=parse_keyrec(NULL);
+
+ if(keyrec==NULL)
+ {
+ if(i==0)
+ {
+ count=0;
+ break;
+ }
+
+ if(i!=count)
+ validcount=0;
+
+ if (opt.with_colons && opt.batch)
+ break;
+
+ for(;;)
+ {
+ if(show_prompt(desc,i,validcount?count:0,localstr))
+ break;
+ validcount=0;
+ }
+
+ break;
+ }
+ }
+ else
+ keyrec=parse_keyrec(line);
+
+ if(i==count)
+ {
+ /* keyserver helper sent more keys than they claimed in the
+ info: line. */
+ count+=10;
+ desc=xrealloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
+ validcount=0;
+ }
+
+ if(keyrec)
+ {
+ desc[i]=keyrec->desc;
+
+ if(!opt.with_colons)
+ {
+ /* screen_lines - 1 for the prompt. */
+ if(numlines+keyrec->lines>opt.screen_lines-1)
+ {
+ if(show_prompt(desc,i,validcount?count:0,localstr))
+ break;
+ else
+ numlines=0;
+ }
+
+ print_keyrec(i+1,keyrec);
+ }
+
+ numlines+=keyrec->lines;
+ iobuf_close(keyrec->uidbuf);
+ xfree(keyrec);
+
+ started=1;
+ i++;
+ }
+ }
+
+ notfound:
+ /* Leave this commented out or now, and perhaps for a very long
+ time. All HKPish servers return HTML error messages for
+ no-key-found. */
+ /*
+ if(!started)
+ log_info(_("keyserver does not support searching\n"));
+ else
+ */
+ if(count==0)
+ {
+ if(localstr)
+ log_info(_("key \"%s\" not found on keyserver\n"),localstr);
+ else
+ log_info(_("key not found on keyserver\n"));
+ }
+
+ xfree(localstr);
+ xfree(desc);
+ xfree(line);
+}
+
+/* We sometimes want to use a different gpgkeys_xxx for a given
+ protocol (for example, ldaps is handled by gpgkeys_ldap). Map
+ these here. */
+static const char *
+keyserver_typemap(const char *type)
+{
+ if(strcmp(type,"ldaps")==0)
+ return "ldap";
+ else if(strcmp(type,"hkps")==0)
+ return "hkp";
+ else
+ return type;
+}
+
+/* The PGP LDAP and the curl fetch-a-LDAP-object methodologies are
+ sufficiently different that we can't use curl to do LDAP. */
+static int
+direct_uri_map(const char *scheme,unsigned int is_direct)
+{
+ if(is_direct && strcmp(scheme,"ldap")==0)
+ return 1;
+
+ return 0;
+}
+
+#if GNUPG_MAJOR_VERSION == 2
+#define GPGKEYS_PREFIX "gpg2keys_"
+#else
+#define GPGKEYS_PREFIX "gpgkeys_"
+#endif
+#define GPGKEYS_CURL GPGKEYS_PREFIX "curl" EXEEXT
+#define GPGKEYS_PREFIX_LEN (strlen(GPGKEYS_CURL))
+#define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
+#define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
+
+static int
+keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
+ int count,int *prog,unsigned char **fpr,size_t *fpr_len,
+ struct keyserver_spec *keyserver)
+{
+ int ret=0,i,gotversion=0,outofband=0;
+ strlist_t temp;
+ unsigned int maxlen,buflen;
+ char *command,*end,*searchstr=NULL;
+ byte *line=NULL;
+ struct exec_info *spawn;
+ const char *scheme;
+ const char *libexecdir = gnupg_libexecdir ();
+
+ assert(keyserver);
+
+#ifdef EXEC_TEMPFILE_ONLY
+ opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
+#endif
+
+ /* Build the filename for the helper to execute */
+ scheme=keyserver_typemap(keyserver->scheme);
+
+#ifdef DISABLE_KEYSERVER_PATH
+ /* Destroy any path we might have. This is a little tricky,
+ portability-wise. It's not correct to delete the PATH
+ environment variable, as that may fall back to a system built-in
+ PATH. Similarly, it is not correct to set PATH to the null
+ string (PATH="") since this actually deletes the PATH environment
+ variable under MinGW. The safest thing to do here is to force
+ PATH to be GNUPG_LIBEXECDIR. All this is not that meaningful on
+ Unix-like systems (since we're going to give a full path to
+ gpgkeys_foo), but on W32 it prevents loading any DLLs from
+ directories in %PATH%.
+
+ After some more thinking about this we came to the conclusion
+ that it is better to load the helpers from the directory where
+ the program of this process lives. Fortunately Windows provides
+ a way to retrieve this and our gnupg_libexecdir function has been
+ modified to return just this. Setting the exec-path is not
+ anymore required.
+ set_exec_path(libexecdir);
+ */
+#else
+ if(opt.exec_path_set)
+ {
+ /* If exec-path was set, and DISABLE_KEYSERVER_PATH is
+ undefined, then don't specify a full path to gpgkeys_foo, so
+ that the PATH can work. */
+ command=xmalloc(GPGKEYS_PREFIX_LEN+strlen(scheme)+3+strlen(EXEEXT)+1);
+ command[0]='\0';
+ }
+ else
+#endif
+ {
+ /* Specify a full path to gpgkeys_foo. */
+ command=xmalloc(strlen(libexecdir)+strlen(DIRSEP_S)+
+ GPGKEYS_PREFIX_LEN+strlen(scheme)+3+strlen(EXEEXT)+1);
+ strcpy(command,libexecdir);
+ strcat(command,DIRSEP_S);
+ }
+
+ end=command+strlen(command);
+
+ /* Build a path for the keyserver helper. If it is direct_uri
+ (i.e. an object fetch and not a keyserver), then add "_uri" to
+ the end to distinguish the keyserver helper from an object
+ fetcher that can speak that protocol (this is a problem for
+ LDAP). */
+
+ strcat(command,GPGKEYS_PREFIX);
+ strcat(command,scheme);
+
+ /* This "_uri" thing is in case we need to call a direct handler
+ instead of the keyserver handler. This lets us use gpgkeys_curl
+ or gpgkeys_ldap_uri (we don't provide it, but a user might)
+ instead of gpgkeys_ldap to fetch things like
+ ldap://keyserver.pgp.com/o=PGP%20keys?pgpkey?sub?pgpkeyid=99242560 */
+
+ if(direct_uri_map(scheme,keyserver->flags.direct_uri))
+ strcat(command,"_uri");
+
+ strcat(command,EXEEXT);
+
+ /* Can we execute it? If not, try curl as our catchall. */
+ if(path_access(command,X_OK)!=0)
+ strcpy(end,GPGKEYS_CURL);
+
+ if(opt.keyserver_options.options&KEYSERVER_USE_TEMP_FILES)
+ {
+ if(opt.keyserver_options.options&KEYSERVER_KEEP_TEMP_FILES)
+ {
+ command=xrealloc(command,strlen(command)+
+ strlen(KEYSERVER_ARGS_KEEP)+1);
+ strcat(command,KEYSERVER_ARGS_KEEP);
+ }
+ else
+ {
+ command=xrealloc(command,strlen(command)+
+ strlen(KEYSERVER_ARGS_NOKEEP)+1);
+ strcat(command,KEYSERVER_ARGS_NOKEEP);
+ }
+
+ ret=exec_write(&spawn,NULL,command,NULL,0,0);
+ }
+ else
+ ret=exec_write(&spawn,command,NULL,NULL,0,0);
+
+ xfree(command);
+
+ if(ret)
+ return ret;
+
+ fprintf(spawn->tochild,
+ "# This is a GnuPG %s keyserver communications file\n",VERSION);
+ fprintf(spawn->tochild,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
+ fprintf(spawn->tochild,"PROGRAM %s\n",VERSION);
+ fprintf(spawn->tochild,"SCHEME %s\n",keyserver->scheme);
+
+ if(keyserver->opaque)
+ fprintf(spawn->tochild,"OPAQUE %s\n",keyserver->opaque);
+ else
+ {
+ if(keyserver->auth)
+ fprintf(spawn->tochild,"AUTH %s\n",keyserver->auth);
+
+ if(keyserver->host)
+ fprintf(spawn->tochild,"HOST %s\n",keyserver->host);
+
+ if(keyserver->port)
+ fprintf(spawn->tochild,"PORT %s\n",keyserver->port);
+
+ if(keyserver->path)
+ fprintf(spawn->tochild,"PATH %s\n",keyserver->path);
+ }
+
+ /* Write global options */
+
+ for(temp=opt.keyserver_options.other;temp;temp=temp->next)
+ fprintf(spawn->tochild,"OPTION %s\n",temp->d);
+
+ /* Write per-keyserver options */
+
+ for(temp=keyserver->options;temp;temp=temp->next)
+ fprintf(spawn->tochild,"OPTION %s\n",temp->d);
+
+ switch(action)
+ {
+ case KS_GET:
+ {
+ fprintf(spawn->tochild,"COMMAND GET\n\n");
+
+ /* Which keys do we want? */
+
+ for(i=0;i<count;i++)
+ {
+ int quiet=0;
+
+ if(desc[i].mode==KEYDB_SEARCH_MODE_FPR20)
+ {
+ int f;
+
+ fprintf(spawn->tochild,"0x");
+
+ for(f=0;f<MAX_FINGERPRINT_LEN;f++)
+ fprintf(spawn->tochild,"%02X",desc[i].u.fpr[f]);
+
+ fprintf(spawn->tochild,"\n");
+ }
+ else if(desc[i].mode==KEYDB_SEARCH_MODE_FPR16)
+ {
+ int f;
+
+ fprintf(spawn->tochild,"0x");
+
+ for(f=0;f<16;f++)
+ fprintf(spawn->tochild,"%02X",desc[i].u.fpr[f]);
+
+ fprintf(spawn->tochild,"\n");
+ }
+ else if(desc[i].mode==KEYDB_SEARCH_MODE_LONG_KID)
+ fprintf(spawn->tochild,"0x%08lX%08lX\n",
+ (ulong)desc[i].u.kid[0],
+ (ulong)desc[i].u.kid[1]);
+ else if(desc[i].mode==KEYDB_SEARCH_MODE_SHORT_KID)
+ fprintf(spawn->tochild,"0x%08lX\n",
+ (ulong)desc[i].u.kid[1]);
+ else if(desc[i].mode==KEYDB_SEARCH_MODE_EXACT)
+ {
+ fprintf(spawn->tochild,"0x0000000000000000\n");
+ quiet=1;
+ }
+ else if(desc[i].mode==KEYDB_SEARCH_MODE_NONE)
+ continue;
+ else
+ BUG();
+
+ if(!quiet)
+ {
+ if(keyserver->host)
+ log_info(_("requesting key %s from %s server %s\n"),
+ keystr_from_desc(&desc[i]),
+ keyserver->scheme,keyserver->host);
+ else
+ log_info(_("requesting key %s from %s\n"),
+ keystr_from_desc(&desc[i]),keyserver->uri);
+ }
+ }
+
+ fprintf(spawn->tochild,"\n");
+
+ break;
+ }
+
+ case KS_GETNAME:
+ {
+ strlist_t key;
+
+ fprintf(spawn->tochild,"COMMAND GETNAME\n\n");
+
+ /* Which names do we want? */
+
+ for(key=list;key!=NULL;key=key->next)
+ fprintf(spawn->tochild,"%s\n",key->d);
+
+ fprintf(spawn->tochild,"\n");
+
+ if(keyserver->host)
+ log_info(_("searching for names from %s server %s\n"),
+ keyserver->scheme,keyserver->host);
+ else
+ log_info(_("searching for names from %s\n"),keyserver->uri);
+
+ break;
+ }
+
+ case KS_SEND:
+ {
+ strlist_t key;
+
+ /* Note the extra \n here to send an empty keylist block */
+ fprintf(spawn->tochild,"COMMAND SEND\n\n\n");
+
+ for(key=list;key!=NULL;key=key->next)
+ {
+ armor_filter_context_t *afx;
+ IOBUF buffer = iobuf_temp ();
+ KBNODE block;
+
+ temp=NULL;
+ add_to_strlist(&temp,key->d);
+
+ afx = new_armor_context ();
+ afx->what = 1;
+ /* Tell the armor filter to use Unix-style \n line
+ endings, since we're going to fprintf this to a file
+ that (on Win32) is open in text mode. The win32 stdio
+ will transform the \n to \r\n and we'll end up with the
+ proper line endings on win32. This is a no-op on
+ Unix. */
+ afx->eol[0] = '\n';
+ push_armor_filter (afx, buffer);
+ release_armor_context (afx);
+
+ /* TODO: Remove Comment: lines from keys exported this
+ way? */
+
+ if(export_pubkeys_stream(buffer,temp,&block,
+ opt.keyserver_options.export_options)==-1)
+ iobuf_close(buffer);
+ else
+ {
+ KBNODE node;
+
+ iobuf_flush_temp(buffer);
+
+ merge_keys_and_selfsig(block);
+
+ fprintf(spawn->tochild,"INFO %08lX%08lX BEGIN\n",
+ (ulong)block->pkt->pkt.public_key->keyid[0],
+ (ulong)block->pkt->pkt.public_key->keyid[1]);
+
+ for(node=block;node;node=node->next)
+ {
+ switch(node->pkt->pkttype)
+ {
+ default:
+ continue;
+
+ case PKT_PUBLIC_KEY:
+ case PKT_PUBLIC_SUBKEY:
+ {
+ PKT_public_key *pk=node->pkt->pkt.public_key;
+
+ keyid_from_pk(pk,NULL);
+
+ fprintf(spawn->tochild,"%sb:%08lX%08lX:%u:%u:%u:%u:",
+ node->pkt->pkttype==PKT_PUBLIC_KEY?"pu":"su",
+ (ulong)pk->keyid[0],(ulong)pk->keyid[1],
+ pk->pubkey_algo,
+ nbits_from_pk(pk),
+ pk->timestamp,
+ pk->expiredate);
+
+ if(pk->is_revoked)
+ fprintf(spawn->tochild,"r");
+ if(pk->has_expired)
+ fprintf(spawn->tochild,"e");
+
+ fprintf(spawn->tochild,"\n");
+ }
+ break;
+
+ case PKT_USER_ID:
+ {
+ PKT_user_id *uid=node->pkt->pkt.user_id;
+ int r;
+
+ if(uid->attrib_data)
+ continue;
+
+ fprintf(spawn->tochild,"uid:");
+
+ /* Quote ':', '%', and any 8-bit
+ characters */
+ for(r=0;r<uid->len;r++)
+ {
+ if(uid->name[r]==':' || uid->name[r]=='%'
+ || uid->name[r]&0x80)
+ fprintf(spawn->tochild,"%%%02X",
+ (byte)uid->name[r]);
+ else
+ fprintf(spawn->tochild,"%c",uid->name[r]);
+ }
+
+ fprintf(spawn->tochild,":%u:%u:",
+ uid->created,uid->expiredate);
+
+ if(uid->is_revoked)
+ fprintf(spawn->tochild,"r");
+ if(uid->is_expired)
+ fprintf(spawn->tochild,"e");
+
+ fprintf(spawn->tochild,"\n");
+ }
+ break;
+
+ /* This bit is really for the benefit of
+ people who store their keys in LDAP
+ servers. It makes it easy to do queries
+ for things like "all keys signed by
+ Isabella". */
+ case PKT_SIGNATURE:
+ {
+ PKT_signature *sig=node->pkt->pkt.signature;
+
+ if(!IS_UID_SIG(sig))
+ continue;
+
+ fprintf(spawn->tochild,"sig:%08lX%08lX:%X:%u:%u\n",
+ (ulong)sig->keyid[0],(ulong)sig->keyid[1],
+ sig->sig_class,sig->timestamp,
+ sig->expiredate);
+ }
+ break;
+ }
+ }
+
+ fprintf(spawn->tochild,"INFO %08lX%08lX END\n",
+ (ulong)block->pkt->pkt.public_key->keyid[0],
+ (ulong)block->pkt->pkt.public_key->keyid[1]);
+
+ fprintf(spawn->tochild,"KEY %08lX%08lX BEGIN\n",
+ (ulong)block->pkt->pkt.public_key->keyid[0],
+ (ulong)block->pkt->pkt.public_key->keyid[1]);
+ fwrite(iobuf_get_temp_buffer(buffer),
+ iobuf_get_temp_length(buffer),1,spawn->tochild);
+ fprintf(spawn->tochild,"KEY %08lX%08lX END\n",
+ (ulong)block->pkt->pkt.public_key->keyid[0],
+ (ulong)block->pkt->pkt.public_key->keyid[1]);
+
+ iobuf_close(buffer);
+
+ if(keyserver->host)
+ log_info(_("sending key %s to %s server %s\n"),
+ keystr(block->pkt->pkt.public_key->keyid),
+ keyserver->scheme,keyserver->host);
+ else
+ log_info(_("sending key %s to %s\n"),
+ keystr(block->pkt->pkt.public_key->keyid),
+ keyserver->uri);
+
+ release_kbnode(block);
+ }
+
+ free_strlist(temp);
+ }
+
+ break;
+ }
+
+ case KS_SEARCH:
+ {
+ strlist_t key;
+
+ fprintf(spawn->tochild,"COMMAND SEARCH\n\n");
+
+ /* Which keys do we want? Remember that the gpgkeys_ program
+ is going to lump these together into a search string. */
+
+ for(key=list;key!=NULL;key=key->next)
+ {
+ fprintf(spawn->tochild,"%s\n",key->d);
+ if(key!=list)
+ {
+ searchstr=xrealloc(searchstr,
+ strlen(searchstr)+strlen(key->d)+2);
+ strcat(searchstr," ");
+ }
+ else
+ {
+ searchstr=xmalloc(strlen(key->d)+1);
+ searchstr[0]='\0';
+ }
+
+ strcat(searchstr,key->d);
+ }
+
+ fprintf(spawn->tochild,"\n");
+
+ if(keyserver->host)
+ log_info(_("searching for \"%s\" from %s server %s\n"),
+ searchstr,keyserver->scheme,keyserver->host);
+ else
+ log_info(_("searching for \"%s\" from %s\n"),
+ searchstr,keyserver->uri);
+
+ break;
+ }
+
+ default:
+ log_fatal(_("no keyserver action!\n"));
+ break;
+ }
+
+ /* Done sending, so start reading. */
+ ret=exec_read(spawn);
+ if(ret)
+ goto fail;
+
+ /* Now handle the response */
+
+ for(;;)
+ {
+ int plen;
+ char *ptr;
+
+ maxlen=1024;
+ if(iobuf_read_line(spawn->fromchild,&line,&buflen,&maxlen)==0)
+ {
+ ret = gpg_error_from_syserror ();
+ goto fail; /* i.e. EOF */
+ }
+
+ ptr=line;
+
+ /* remove trailing whitespace */
+ plen=strlen(ptr);
+ while(plen>0 && ascii_isspace(ptr[plen-1]))
+ plen--;
+ plen[ptr]='\0';
+
+ if(*ptr=='\0')
+ break;
+
+ if(ascii_strncasecmp(ptr,"VERSION ",8)==0)
+ {
+ gotversion=1;
+
+ if(atoi(&ptr[8])!=KEYSERVER_PROTO_VERSION)
+ {
+ log_error(_("invalid keyserver protocol (us %d!=handler %d)\n"),
+ KEYSERVER_PROTO_VERSION,atoi(&ptr[8]));
+ goto fail;
+ }
+ }
+ else if(ascii_strncasecmp(ptr,"PROGRAM ",8)==0)
+ {
+ if(ascii_strncasecmp(&ptr[8],VERSION,strlen(VERSION))!=0)
+ log_info(_("WARNING: keyserver handler from a different"
+ " version of GnuPG (%s)\n"),&ptr[8]);
+ }
+ else if(ascii_strncasecmp(ptr,"OPTION OUTOFBAND",16)==0)
+ outofband=1; /* Currently the only OPTION */
+ }
+
+ if(!gotversion)
+ {
+ log_error(_("keyserver did not send VERSION\n"));
+ goto fail;
+ }
+
+ if(!outofband)
+ switch(action)
+ {
+ case KS_GET:
+ case KS_GETNAME:
+ {
+ void *stats_handle;
+
+ stats_handle=import_new_stats_handle();
+
+ /* Slurp up all the key data. In the future, it might be
+ nice to look for KEY foo OUTOFBAND and FAILED indicators.
+ It's harmless to ignore them, but ignoring them does make
+ gpg complain about "no valid OpenPGP data found". One
+ way to do this could be to continue parsing this
+ line-by-line and make a temp iobuf for each key. */
+
+ import_keys_stream(spawn->fromchild,stats_handle,fpr,fpr_len,
+ opt.keyserver_options.import_options);
+
+ import_print_stats(stats_handle);
+ import_release_stats_handle(stats_handle);
+
+ break;
+ }
+
+ /* Nothing to do here */
+ case KS_SEND:
+ break;
+
+ case KS_SEARCH:
+ keyserver_search_prompt(spawn->fromchild,searchstr);
+ break;
+
+ default:
+ log_fatal(_("no keyserver action!\n"));
+ break;
+ }
+
+ fail:
+ xfree(line);
+ xfree(searchstr);
+
+
+ *prog=exec_finish(spawn);
+
+ return ret;
+}
+
+static int
+keyserver_work(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
+ int count,unsigned char **fpr,size_t *fpr_len,
+ struct keyserver_spec *keyserver)
+{
+ int rc=0,ret=0;
+
+ if(!keyserver)
+ {
+ log_error(_("no keyserver known (use option --keyserver)\n"));
+ return G10ERR_BAD_URI;
+ }
+
+#ifdef DISABLE_KEYSERVER_HELPERS
+
+ log_error(_("external keyserver calls are not supported in this build\n"));
+ return G10ERR_KEYSERVER;
+
+#else
+ /* Spawn a handler */
+
+ rc=keyserver_spawn(action,list,desc,count,&ret,fpr,fpr_len,keyserver);
+ if(ret)
+ {
+ switch(ret)
+ {
+ case KEYSERVER_SCHEME_NOT_FOUND:
+ log_error(_("no handler for keyserver scheme `%s'\n"),
+ keyserver->scheme);
+ break;
+
+ case KEYSERVER_NOT_SUPPORTED:
+ log_error(_("action `%s' not supported with keyserver "
+ "scheme `%s'\n"),
+ action==KS_GET?"get":action==KS_SEND?"send":
+ action==KS_SEARCH?"search":"unknown",
+ keyserver->scheme);
+ break;
+
+ case KEYSERVER_VERSION_ERROR:
+ log_error(_(GPGKEYS_PREFIX "%s does not support"
+ " handler version %d\n"),
+ keyserver_typemap(keyserver->scheme),
+ KEYSERVER_PROTO_VERSION);
+ break;
+
+ case KEYSERVER_TIMEOUT:
+ log_error(_("keyserver timed out\n"));
+ break;
+
+ case KEYSERVER_INTERNAL_ERROR:
+ default:
+ log_error(_("keyserver internal error\n"));
+ break;
+ }
+
+ return G10ERR_KEYSERVER;
+ }
+
+ if(rc)
+ {
+ log_error(_("keyserver communications error: %s\n"),g10_errstr(rc));
+
+ return rc;
+ }
+
+ return 0;
+#endif /* ! DISABLE_KEYSERVER_HELPERS*/
+}
+
+int
+keyserver_export(strlist_t users)
+{
+ strlist_t sl=NULL;
+ KEYDB_SEARCH_DESC desc;
+ int rc=0;
+
+ /* Weed out descriptors that we don't support sending */
+ for(;users;users=users->next)
+ {
+ classify_user_id (users->d, &desc);
+ if(desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
+ desc.mode!=KEYDB_SEARCH_MODE_LONG_KID &&
+ desc.mode!=KEYDB_SEARCH_MODE_FPR16 &&
+ desc.mode!=KEYDB_SEARCH_MODE_FPR20)
+ {
+ log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
+ continue;
+ }
+ else
+ append_to_strlist(&sl,users->d);
+ }
+
+ if(sl)
+ {
+ rc=keyserver_work(KS_SEND,sl,NULL,0,NULL,NULL,opt.keyserver);
+ free_strlist(sl);
+ }
+
+ return rc;
+}
+
+int
+keyserver_import(strlist_t users)
+{
+ KEYDB_SEARCH_DESC *desc;
+ int num=100,count=0;
+ int rc=0;
+
+ /* Build a list of key ids */
+ desc=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
+
+ for(;users;users=users->next)
+ {
+ classify_user_id (users->d, &desc[count]);
+ if(desc[count].mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
+ desc[count].mode!=KEYDB_SEARCH_MODE_LONG_KID &&
+ desc[count].mode!=KEYDB_SEARCH_MODE_FPR16 &&
+ desc[count].mode!=KEYDB_SEARCH_MODE_FPR20)
+ {
+ log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
+ continue;
+ }
+
+ count++;
+ if(count==num)
+ {
+ num+=100;
+ desc=xrealloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
+ }
+ }
+
+ if(count>0)
+ rc=keyserver_work(KS_GET,NULL,desc,count,NULL,NULL,opt.keyserver);
+
+ xfree(desc);
+
+ return rc;
+}
+
+int
+keyserver_import_fprint(const byte *fprint,size_t fprint_len,
+ struct keyserver_spec *keyserver)
+{
+ KEYDB_SEARCH_DESC desc;
+
+ memset(&desc,0,sizeof(desc));
+
+ if(fprint_len==16)
+ desc.mode=KEYDB_SEARCH_MODE_FPR16;
+ else if(fprint_len==20)
+ desc.mode=KEYDB_SEARCH_MODE_FPR20;
+ else
+ return -1;
+
+ memcpy(desc.u.fpr,fprint,fprint_len);
+
+ /* TODO: Warn here if the fingerprint we got doesn't match the one
+ we asked for? */
+ return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver);
+}
+
+int
+keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
+{
+ KEYDB_SEARCH_DESC desc;
+
+ memset(&desc,0,sizeof(desc));
+
+ desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
+ desc.u.kid[0]=keyid[0];
+ desc.u.kid[1]=keyid[1];
+
+ return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver);
+}
+
+/* code mostly stolen from do_export_stream */
+static int
+keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
+{
+ int rc=0,ndesc,num=100;
+ KBNODE keyblock=NULL,node;
+ KEYDB_HANDLE kdbhd;
+ KEYDB_SEARCH_DESC *desc;
+ strlist_t sl;
+
+ *count=0;
+
+ *klist=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
+
+ kdbhd=keydb_new(0);
+
+ if(!users)
+ {
+ ndesc = 1;
+ desc = xmalloc_clear ( ndesc * sizeof *desc);
+ desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
+ }
+ else
+ {
+ for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
+ ;
+ desc = xmalloc ( ndesc * sizeof *desc);
+
+ for (ndesc=0, sl=users; sl; sl = sl->next)
+ {
+ if(classify_user_id (sl->d, desc+ndesc))
+ ndesc++;
+ else
+ log_error (_("key \"%s\" not found: %s\n"),
+ sl->d, g10_errstr (G10ERR_INV_USER_ID));
+ }
+ }
+
+ while (!(rc = keydb_search (kdbhd, desc, ndesc)))
+ {
+ if (!users)
+ desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
+
+ /* read the keyblock */
+ rc = keydb_get_keyblock (kdbhd, &keyblock );
+ if( rc )
+ {
+ log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
+ goto leave;
+ }
+
+ if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
+ {
+ /* This is to work around a bug in some keyservers (pksd and
+ OKS) that calculate v4 RSA keyids as if they were v3 RSA.
+ The answer is to refresh both the correct v4 keyid
+ (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
+ This only happens for key refresh using the HKP scheme
+ and if the refresh-add-fake-v3-keyids keyserver option is
+ set. */
+ if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
+ node->pkt->pkt.public_key->version>=4)
+ {
+ (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
+ v3_keyid (node->pkt->pkt.public_key->pkey[0],
+ (*klist)[*count].u.kid);
+ (*count)++;
+
+ if(*count==num)
+ {
+ num+=100;
+ *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
+ }
+ }
+
+ /* v4 keys get full fingerprints. v3 keys get long keyids.
+ This is because it's easy to calculate any sort of keyid
+ from a v4 fingerprint, but not a v3 fingerprint. */
+
+ if(node->pkt->pkt.public_key->version<4)
+ {
+ (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
+ keyid_from_pk(node->pkt->pkt.public_key,
+ (*klist)[*count].u.kid);
+ }
+ else
+ {
+ size_t dummy;
+
+ (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
+ fingerprint_from_pk(node->pkt->pkt.public_key,
+ (*klist)[*count].u.fpr,&dummy);
+ }
+
+ /* This is a little hackish, using the skipfncvalue as a
+ void* pointer to the keyserver spec, but we don't need
+ the skipfnc here, and it saves having an additional field
+ for this (which would be wasted space most of the
+ time). */
+
+ (*klist)[*count].skipfncvalue=NULL;
+
+ /* Are we honoring preferred keyservers? */
+ if(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
+ {
+ PKT_user_id *uid=NULL;
+ PKT_signature *sig=NULL;
+
+ merge_keys_and_selfsig(keyblock);
+
+ for(node=node->next;node;node=node->next)
+ {
+ if(node->pkt->pkttype==PKT_USER_ID
+ && node->pkt->pkt.user_id->is_primary)
+ uid=node->pkt->pkt.user_id;
+ else if(node->pkt->pkttype==PKT_SIGNATURE
+ && node->pkt->pkt.signature->
+ flags.chosen_selfsig && uid)
+ {
+ sig=node->pkt->pkt.signature;
+ break;
+ }
+ }
+
+ /* Try and parse the keyserver URL. If it doesn't work,
+ then we end up writing NULL which indicates we are
+ the same as any other key. */
+ if(sig)
+ (*klist)[*count].skipfncvalue=parse_preferred_keyserver(sig);
+ }
+
+ (*count)++;
+
+ if(*count==num)
+ {
+ num+=100;
+ *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
+ }
+ }
+ }
+
+ if(rc==-1)
+ rc=0;
+
+ leave:
+ if(rc)
+ xfree(*klist);
+ xfree(desc);
+ keydb_release(kdbhd);
+ release_kbnode(keyblock);
+
+ return rc;
+}
+
+/* Note this is different than the original HKP refresh. It allows
+ usernames to refresh only part of the keyring. */
+
+int
+keyserver_refresh(strlist_t users)
+{
+ int rc,count,numdesc,fakev3=0;
+ KEYDB_SEARCH_DESC *desc;
+ unsigned int options=opt.keyserver_options.import_options;
+
+ /* We switch merge-only on during a refresh, as 'refresh' should
+ never import new keys, even if their keyids match. */
+ opt.keyserver_options.import_options|=IMPORT_MERGE_ONLY;
+
+ /* Similarly, we switch on fast-import, since refresh may make
+ multiple import sets (due to preferred keyserver URLs). We don't
+ want each set to rebuild the trustdb. Instead we do it once at
+ the end here. */
+ opt.keyserver_options.import_options|=IMPORT_FAST;
+
+ /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
+ scheme, then enable fake v3 keyid generation. */
+ if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
+ && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
+ ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
+ fakev3=1;
+
+ rc=keyidlist(users,&desc,&numdesc,fakev3);
+ if(rc)
+ return rc;
+
+ count=numdesc;
+ if(count>0)
+ {
+ int i;
+
+ /* Try to handle preferred keyserver keys first */
+ for(i=0;i<numdesc;i++)
+ {
+ if(desc[i].skipfncvalue)
+ {
+ struct keyserver_spec *keyserver=desc[i].skipfncvalue;
+
+ /* We use the keyserver structure we parsed out before.
+ Note that a preferred keyserver without a scheme://
+ will be interpreted as hkp:// */
+
+ rc=keyserver_work(KS_GET,NULL,&desc[i],1,NULL,NULL,keyserver);
+ if(rc)
+ log_info(_("WARNING: unable to refresh key %s"
+ " via %s: %s\n"),keystr_from_desc(&desc[i]),
+ keyserver->uri,g10_errstr(rc));
+ else
+ {
+ /* We got it, so mark it as NONE so we don't try and
+ get it again from the regular keyserver. */
+
+ desc[i].mode=KEYDB_SEARCH_MODE_NONE;
+ count--;
+ }
+
+ free_keyserver_spec(keyserver);
+ }
+ }
+ }
+
+ if(count>0)
+ {
+ if(opt.keyserver)
+ {
+ if(count==1)
+ log_info(_("refreshing 1 key from %s\n"),opt.keyserver->uri);
+ else
+ log_info(_("refreshing %d keys from %s\n"),
+ count,opt.keyserver->uri);
+ }
+
+ rc=keyserver_work(KS_GET,NULL,desc,numdesc,NULL,NULL,opt.keyserver);
+ }
+
+ xfree(desc);
+
+ opt.keyserver_options.import_options=options;
+
+ /* If the original options didn't have fast import, and the trustdb
+ is dirty, rebuild. */
+ if(!(opt.keyserver_options.import_options&IMPORT_FAST))
+ trustdb_check_or_update();
+
+ return rc;
+}
+
+int
+keyserver_search(strlist_t tokens)
+{
+ if(tokens)
+ return keyserver_work(KS_SEARCH,tokens,NULL,0,NULL,NULL,opt.keyserver);
+ else
+ return 0;
+}
+
+int
+keyserver_fetch(strlist_t urilist)
+{
+ KEYDB_SEARCH_DESC desc;
+ strlist_t sl;
+ unsigned int options=opt.keyserver_options.import_options;
+
+ /* Switch on fast-import, since fetch can handle more than one
+ import and we don't want each set to rebuild the trustdb.
+ Instead we do it once at the end. */
+ opt.keyserver_options.import_options|=IMPORT_FAST;
+
+ /* A dummy desc since we're not actually fetching a particular key
+ ID */
+ memset(&desc,0,sizeof(desc));
+ desc.mode=KEYDB_SEARCH_MODE_EXACT;
+
+ for(sl=urilist;sl;sl=sl->next)
+ {
+ struct keyserver_spec *spec;
+
+ spec=parse_keyserver_uri(sl->d,1,NULL,0);
+ if(spec)
+ {
+ int rc;
+
+ rc=keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,spec);
+ if(rc)
+ log_info (_("WARNING: unable to fetch URI %s: %s\n"),
+ sl->d,g10_errstr(rc));
+
+ free_keyserver_spec(spec);
+ }
+ else
+ log_info (_("WARNING: unable to parse URI %s\n"),sl->d);
+ }
+
+ opt.keyserver_options.import_options=options;
+
+ /* If the original options didn't have fast import, and the trustdb
+ is dirty, rebuild. */
+ if(!(opt.keyserver_options.import_options&IMPORT_FAST))
+ trustdb_check_or_update();
+
+ return 0;
+}
+
+/* Import key in a CERT or pointed to by a CERT */
+int
+keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
+{
+ char *domain,*look,*url;
+ IOBUF key;
+ int type,rc=G10ERR_GENERAL;
+
+ look=xstrdup(name);
+
+ domain=strrchr(look,'@');
+ if(domain)
+ *domain='.';
+
+ type=get_dns_cert(look,max_cert_size,&key,fpr,fpr_len,&url);
+ if (!type || type == -1)
+ {
+ /* There might be an error in res_query which leads to an error
+ return (-1) in the case that nothing was found. Thus we take
+ all errors as key not found. */
+ rc = G10ERR_NO_PUBKEY;
+ }
+ else if (type==1)
+ {
+ int armor_status=opt.no_armor;
+
+ /* CERTs are always in binary format */
+ opt.no_armor=1;
+
+ rc=import_keys_stream(key,NULL,fpr,fpr_len,
+ opt.keyserver_options.import_options);
+
+ opt.no_armor=armor_status;
+
+ iobuf_close(key);
+ }
+ else if(type==2 && *fpr)
+ {
+ /* We only consider the IPGP type if a fingerprint was provided.
+ This lets us select the right key regardless of what a URL
+ points to, or get the key from a keyserver. */
+ if(url)
+ {
+ struct keyserver_spec *spec;
+
+ spec=parse_keyserver_uri(url,1,NULL,0);
+ if(spec)
+ {
+ rc=keyserver_import_fprint(*fpr,*fpr_len,spec);
+ free_keyserver_spec(spec);
+ }
+ }
+ else if(opt.keyserver)
+ {
+ /* If only a fingerprint is provided, try and fetch it from
+ our --keyserver */
+
+ rc=keyserver_import_fprint(*fpr,*fpr_len,opt.keyserver);
+ }
+ else
+ log_info(_("no keyserver known (use option --keyserver)\n"));
+
+ /* Give a better string here? "CERT fingerprint for \"%s\"
+ found, but no keyserver" " known (use option
+ --keyserver)\n" ? */
+
+ xfree(url);
+ }
+
+ xfree(look);
+
+ return rc;
+}
+
+/* Import key pointed to by a PKA record. Return the requested
+ fingerprint in fpr. */
+int
+keyserver_import_pka(const char *name,unsigned char **fpr,size_t *fpr_len)
+{
+ char *uri;
+ int rc = G10ERR_NO_PUBKEY;
+
+ *fpr = xmalloc (20);
+ *fpr_len = 20;
+
+ uri = get_pka_info (name, *fpr);
+ if (uri && *uri)
+ {
+ /* An URI is available. Lookup the key. */
+ struct keyserver_spec *spec;
+ spec = parse_keyserver_uri (uri, 1, NULL, 0);
+ if (spec)
+ {
+ rc = keyserver_import_fprint (*fpr, 20, spec);
+ free_keyserver_spec (spec);
+ }
+ xfree (uri);
+ }
+
+ if (rc)
+ {
+ xfree(*fpr);
+ *fpr = NULL;
+ }
+
+ return rc;
+}
+
+/* Import all keys that match name */
+int
+keyserver_import_name(const char *name,unsigned char **fpr,size_t *fpr_len,
+ struct keyserver_spec *keyserver)
+{
+ strlist_t list=NULL;
+ int rc;
+
+ append_to_strlist(&list,name);
+
+ rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver);
+
+ free_strlist(list);
+
+ return rc;
+}
+
+/* Import a key by name using LDAP */
+int
+keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len)
+{
+ char *domain;
+ struct keyserver_spec *keyserver;
+ strlist_t list=NULL;
+ int rc,hostlen=1;
+#ifdef USE_DNS_SRV
+ struct srventry *srvlist=NULL;
+ int srvcount,i;
+ char srvname[MAXDNAME];
+#endif
+
+ /* Parse out the domain */
+ domain=strrchr(name,'@');
+ if(!domain)
+ return G10ERR_GENERAL;
+
+ domain++;
+
+ keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
+ keyserver->scheme=xstrdup("ldap");
+ keyserver->host=xmalloc(1);
+ keyserver->host[0]='\0';
+
+#ifdef USE_DNS_SRV
+ snprintf(srvname,MAXDNAME,"_pgpkey-ldap._tcp.%s",domain);
+
+ srvcount=getsrv(srvname,&srvlist);
+
+ for(i=0;i<srvcount;i++)
+ {
+ hostlen+=strlen(srvlist[i].target)+1;
+ keyserver->host=xrealloc(keyserver->host,hostlen);
+
+ strcat(keyserver->host,srvlist[i].target);
+
+ if(srvlist[i].port!=389)
+ {
+ char port[7];
+
+ hostlen+=6; /* a colon, plus 5 digits (unsigned 16-bit value) */
+ keyserver->host=xrealloc(keyserver->host,hostlen);
+
+ snprintf(port,7,":%u",srvlist[i].port);
+ strcat(keyserver->host,port);
+ }
+
+ strcat(keyserver->host," ");
+ }
+
+ free(srvlist);
+#endif
+
+ /* If all else fails, do the PGP Universal trick of
+ ldap://keys.(domain) */
+
+ hostlen+=5+strlen(domain);
+ keyserver->host=xrealloc(keyserver->host,hostlen);
+ strcat(keyserver->host,"keys.");
+ strcat(keyserver->host,domain);
+
+ append_to_strlist(&list,name);
+
+ rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver);
+
+ free_strlist(list);
+
+ free_keyserver_spec(keyserver);
+
+ return rc;
+}
diff --git a/g10/main.h b/g10/main.h
new file mode 100644
index 0000000..3a42137
--- /dev/null
+++ b/g10/main.h
@@ -0,0 +1,350 @@
+/* main.h
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ * 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef G10_MAIN_H
+#define G10_MAIN_H
+
+#include "types.h"
+#include "iobuf.h"
+#include "cipher.h"
+#include "keydb.h"
+#include "util.h"
+
+
+/* It could be argued that the default cipher should be 3DES rather
+ than CAST5, and the default compression should be 0
+ (i.e. uncompressed) rather than 1 (zip). However, the real world
+ issues of speed and size come into play here. */
+
+#define DEFAULT_CIPHER_ALGO CIPHER_ALGO_CAST5
+#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_SHA1
+#define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP
+#define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
+
+#define S2K_DIGEST_ALGO (opt.s2k_digest_algo?opt.s2k_digest_algo:DEFAULT_S2K_DIGEST_ALGO)
+
+typedef struct
+{
+ int header_okay;
+ PK_LIST pk_list;
+ DEK *symkey_dek;
+ STRING2KEY *symkey_s2k;
+ cipher_filter_context_t cfx;
+} encrypt_filter_context_t;
+
+struct groupitem
+{
+ char *name;
+ strlist_t values;
+ struct groupitem *next;
+};
+
+/*-- gpg.c --*/
+extern int g10_errors_seen;
+
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
+ void g10_exit(int rc) __attribute__ ((noreturn));
+#else
+ void g10_exit(int rc);
+#endif
+void print_pubkey_algo_note( int algo );
+void print_cipher_algo_note( int algo );
+void print_digest_algo_note( int algo );
+
+/*-- armor.c --*/
+char *make_radix64_string( const byte *data, size_t len );
+
+/*-- misc.c --*/
+void trap_unaligned(void);
+int disable_core_dumps(void);
+void register_secured_file (const char *fname);
+void unregister_secured_file (const char *fname);
+int is_secured_file (int fd);
+int is_secured_filename (const char *fname);
+u16 checksum_u16( unsigned n );
+u16 checksum( byte *p, unsigned n );
+u16 checksum_mpi( gcry_mpi_t a );
+u32 buffer_to_u32( const byte *buffer );
+const byte *get_session_marker( size_t *rlen );
+int map_cipher_openpgp_to_gcry (int algo);
+#define openpgp_cipher_open(_a,_b,_c,_d) gcry_cipher_open((_a),map_cipher_openpgp_to_gcry((_b)),(_c),(_d))
+#define openpgp_cipher_get_algo_keylen(_a) gcry_cipher_get_algo_keylen(map_cipher_openpgp_to_gcry((_a)))
+#define openpgp_cipher_get_algo_blklen(_a) gcry_cipher_get_algo_blklen(map_cipher_openpgp_to_gcry((_a)))
+int openpgp_cipher_blocklen (int algo);
+int openpgp_cipher_test_algo( int algo );
+const char *openpgp_cipher_algo_name (int algo);
+int openpgp_pk_test_algo( int algo );
+int openpgp_pk_test_algo2 ( int algo, unsigned int use );
+int openpgp_pk_algo_usage ( int algo );
+int openpgp_md_test_algo( int algo );
+
+#ifdef USE_IDEA
+void idea_cipher_warn( int show );
+#else
+#define idea_cipher_warn(a) do { } while (0)
+#endif
+
+struct expando_args
+{
+ PKT_public_key *pk;
+ PKT_secret_key *sk;
+ byte imagetype;
+ int validity_info;
+ const char *validity_string;
+};
+
+char *pct_expando(const char *string,struct expando_args *args);
+void deprecated_warning(const char *configname,unsigned int configlineno,
+ const char *option,const char *repl1,const char *repl2);
+void deprecated_command (const char *name);
+void obsolete_option (const char *configname, unsigned int configlineno,
+ const char *name);
+
+int string_to_cipher_algo (const char *string);
+int string_to_digest_algo (const char *string);
+
+const char *compress_algo_to_string(int algo);
+int string_to_compress_algo(const char *string);
+int check_compress_algo(int algo);
+int default_cipher_algo(void);
+int default_compress_algo(void);
+const char *compliance_option_string(void);
+void compliance_failure(void);
+
+struct parse_options
+{
+ char *name;
+ unsigned int bit;
+ char **value;
+ char *help;
+};
+
+char *optsep(char **stringp);
+char *argsplit(char *string);
+int parse_options(char *str,unsigned int *options,
+ struct parse_options *opts,int noisy);
+int has_invalid_email_chars (const char *s);
+int is_valid_mailbox (const char *name);
+const char *get_libexecdir (void);
+int path_access(const char *file,int mode);
+
+/* Temporary helpers. */
+int pubkey_get_npkey( int algo );
+int pubkey_get_nskey( int algo );
+int pubkey_get_nsig( int algo );
+int pubkey_get_nenc( int algo );
+unsigned int pubkey_nbits( int algo, gcry_mpi_t *pkey );
+int mpi_print( FILE *fp, gcry_mpi_t a, int mode );
+
+/*-- status.c --*/
+void set_status_fd ( int fd );
+int is_status_enabled ( void );
+void write_status ( int no );
+void write_status_error (const char *where, int errcode);
+void write_status_text ( int no, const char *text );
+void write_status_buffer ( int no,
+ const char *buffer, size_t len, int wrap );
+void write_status_text_and_buffer ( int no, const char *text,
+ const char *buffer, size_t len, int wrap );
+
+void write_status_begin_signing (gcry_md_hd_t md);
+
+
+int cpr_enabled(void);
+char *cpr_get( const char *keyword, const char *prompt );
+char *cpr_get_no_help( const char *keyword, const char *prompt );
+char *cpr_get_utf8( const char *keyword, const char *prompt );
+char *cpr_get_hidden( const char *keyword, const char *prompt );
+void cpr_kill_prompt(void);
+int cpr_get_answer_is_yes( const char *keyword, const char *prompt );
+int cpr_get_answer_yes_no_quit( const char *keyword, const char *prompt );
+int cpr_get_answer_okay_cancel (const char *keyword,
+ const char *prompt,
+ int def_answer);
+
+/*-- helptext.c --*/
+void display_online_help( const char *keyword );
+
+/*-- encode.c --*/
+int setup_symkey(STRING2KEY **symkey_s2k,DEK **symkey_dek);
+int encode_symmetric( const char *filename );
+int encode_store( const char *filename );
+int encode_crypt( const char *filename, strlist_t remusr, int use_symkey );
+void encode_crypt_files(int nfiles, char **files, strlist_t remusr);
+int encrypt_filter( void *opaque, int control,
+ iobuf_t a, byte *buf, size_t *ret_len);
+
+
+/*-- sign.c --*/
+int complete_sig( PKT_signature *sig, PKT_secret_key *sk, gcry_md_hd_t md );
+int sign_file( strlist_t filenames, int detached, strlist_t locusr,
+ int do_encrypt, strlist_t remusr, const char *outfile );
+int clearsign_file( const char *fname, strlist_t locusr, const char *outfile );
+int sign_symencrypt_file (const char *fname, strlist_t locusr);
+
+/*-- sig-check.c --*/
+int check_revocation_keys (PKT_public_key *pk, PKT_signature *sig);
+int check_backsig(PKT_public_key *main_pk,PKT_public_key *sub_pk,
+ PKT_signature *backsig);
+int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
+int check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
+ PKT_public_key *ret_pk, int *is_selfsig,
+ u32 *r_expiredate, int *r_expired );
+
+/*-- delkey.c --*/
+int delete_keys( strlist_t names, int secret, int allow_both );
+
+/*-- keyedit.c --*/
+void keyedit_menu( const char *username, strlist_t locusr,
+ strlist_t commands, int quiet, int seckey_check );
+void keyedit_passwd (const char *username);
+void show_basic_key_info (KBNODE keyblock);
+
+/*-- keygen.c --*/
+u32 parse_expire_string(const char *string);
+u32 ask_expire_interval(int object,const char *def_expire);
+u32 ask_expiredate(void);
+void generate_keypair( const char *fname, const char *card_serialno,
+ const char *backup_encryption_dir );
+int keygen_set_std_prefs (const char *string,int personal);
+PKT_user_id *keygen_get_std_prefs (void);
+int keygen_add_key_expire( PKT_signature *sig, void *opaque );
+int keygen_add_std_prefs( PKT_signature *sig, void *opaque );
+int keygen_upd_std_prefs( PKT_signature *sig, void *opaque );
+int keygen_add_keyserver_url(PKT_signature *sig, void *opaque);
+int keygen_add_notations(PKT_signature *sig,void *opaque);
+int keygen_add_revkey(PKT_signature *sig, void *opaque);
+int make_backsig(PKT_signature *sig,PKT_public_key *pk,
+ PKT_public_key *sub_pk,PKT_secret_key *sub_sk,
+ u32 timestamp);
+int generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock );
+#ifdef ENABLE_CARD_SUPPORT
+int generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock,
+ int keyno, const char *serialno);
+int save_unprotected_key_to_card (PKT_secret_key *sk, int keyno);
+#endif
+
+/*-- openfile.c --*/
+int overwrite_filep( const char *fname );
+char *make_outfile_name( const char *iname );
+char *ask_outfile_name( const char *name, size_t namelen );
+int open_outfile( const char *iname, int mode, iobuf_t *a );
+iobuf_t open_sigfile( const char *iname, progress_filter_context_t *pfx );
+void try_make_homedir( const char *fname );
+
+/*-- seskey.c --*/
+void make_session_key( DEK *dek );
+gcry_mpi_t encode_session_key( DEK *dek, unsigned nbits );
+gcry_mpi_t encode_md_value( PKT_public_key *pk, PKT_secret_key *sk,
+ gcry_md_hd_t md, int hash_algo );
+
+/*-- import.c --*/
+int parse_import_options(char *str,unsigned int *options,int noisy);
+void import_keys( char **fnames, int nnames,
+ void *stats_hd, unsigned int options );
+int import_keys_stream( iobuf_t inp,void *stats_hd,unsigned char **fpr,
+ size_t *fpr_len,unsigned int options );
+void *import_new_stats_handle (void);
+void import_release_stats_handle (void *p);
+void import_print_stats (void *hd);
+
+int collapse_uids( KBNODE *keyblock );
+
+int auto_create_card_key_stub ( const char *serialnostr,
+ const unsigned char *fpr1,
+ const unsigned char *fpr2,
+ const unsigned char *fpr3);
+
+/*-- export.c --*/
+int parse_export_options(char *str,unsigned int *options,int noisy);
+int export_pubkeys( strlist_t users, unsigned int options );
+int export_pubkeys_stream( iobuf_t out, strlist_t users,
+ KBNODE *keyblock_out, unsigned int options );
+int export_seckeys( strlist_t users );
+int export_secsubkeys( strlist_t users );
+
+/* dearmor.c --*/
+int dearmor_file( const char *fname );
+int enarmor_file( const char *fname );
+
+/*-- revoke.c --*/
+struct revocation_reason_info;
+int gen_revoke( const char *uname );
+int gen_desig_revoke( const char *uname, strlist_t locusr);
+int revocation_reason_build_cb( PKT_signature *sig, void *opaque );
+struct revocation_reason_info *
+ ask_revocation_reason( int key_rev, int cert_rev, int hint );
+void release_revocation_reason_info( struct revocation_reason_info *reason );
+
+/*-- keylist.c --*/
+void public_key_list( strlist_t list, int locate_mode );
+void secret_key_list( strlist_t list );
+void print_subpackets_colon(PKT_signature *sig);
+void reorder_keyblock (KBNODE keyblock);
+void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque );
+void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode);
+void print_revokers(PKT_public_key *pk);
+void show_policy_url(PKT_signature *sig,int indent,int mode);
+void show_keyserver_url(PKT_signature *sig,int indent,int mode);
+void show_notation(PKT_signature *sig,int indent,int mode,int which);
+void dump_attribs(const PKT_user_id *uid,
+ PKT_public_key *pk,PKT_secret_key *sk);
+void set_attrib_fd(int fd);
+void print_seckey_info (PKT_secret_key *sk);
+void print_pubkey_info (FILE *fp, PKT_public_key *pk);
+void print_card_key_info (FILE *fp, KBNODE keyblock);
+
+/*-- verify.c --*/
+void print_file_status( int status, const char *name, int what );
+int verify_signatures( int nfiles, char **files );
+int verify_files( int nfiles, char **files );
+int gpg_verify (ctrl_t ctrl, int sig_fd, int data_fd, FILE *out_fp);
+
+/*-- decrypt.c --*/
+int decrypt_message( const char *filename );
+void decrypt_messages(int nfiles, char *files[]);
+
+/*-- plaintext.c --*/
+int hash_datafiles( gcry_md_hd_t md, gcry_md_hd_t md2,
+ strlist_t files, const char *sigfilename, int textmode );
+int hash_datafile_by_fd ( gcry_md_hd_t md, gcry_md_hd_t md2, int data_fd,
+ int textmode );
+PKT_plaintext *setup_plaintext_name(const char *filename,IOBUF iobuf);
+
+/*-- signal.c --*/
+void init_signals(void);
+void pause_on_sigusr( int which );
+void block_all_signals(void);
+void unblock_all_signals(void);
+
+/*-- server.c --*/
+int gpg_server (ctrl_t);
+
+#ifdef ENABLE_CARD_SUPPORT
+/*-- card-util.c --*/
+void change_pin (int no, int allow_admin);
+void card_status (FILE *fp, char *serialno, size_t serialnobuflen);
+void card_edit (strlist_t commands);
+int card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock);
+int card_store_subkey (KBNODE node, int use);
+#endif
+
+#define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6))
+
+#endif /*G10_MAIN_H*/
diff --git a/g10/mainproc.c b/g10/mainproc.c
new file mode 100644
index 0000000..c7df113
--- /dev/null
+++ b/g10/mainproc.c
@@ -0,0 +1,2184 @@
+/* mainproc.c - handle packets
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ * 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <time.h>
+
+#include "gpg.h"
+#include "packet.h"
+#include "iobuf.h"
+#include "options.h"
+#include "util.h"
+#include "cipher.h"
+#include "keydb.h"
+#include "filter.h"
+#include "main.h"
+#include "status.h"
+#include "i18n.h"
+#include "trustdb.h"
+#include "keyserver-internal.h"
+#include "photoid.h"
+#include "pka.h"
+
+
+struct kidlist_item {
+ struct kidlist_item *next;
+ u32 kid[2];
+ int pubkey_algo;
+ int reason;
+};
+
+
+/****************
+ * Structure to hold the context
+ */
+typedef struct mainproc_context *CTX;
+struct mainproc_context
+{
+ struct mainproc_context *anchor; /* May be useful in the future. */
+ PKT_public_key *last_pubkey;
+ PKT_secret_key *last_seckey;
+ PKT_user_id *last_user_id;
+ md_filter_context_t mfx;
+ int sigs_only; /* Process only signatures and reject all other stuff. */
+ int encrypt_only; /* Process only encryption messages. */
+
+ /* Name of the file with the complete signature or the file with the
+ detached signature. This is currently only used to deduce the
+ file name of the data file if that has not been given. */
+ const char *sigfilename;
+
+ /* A structure to describe the signed data in case of a detached
+ signature. */
+ struct
+ {
+ /* A file descriptor of the the signed data. Only used if not -1. */
+ int data_fd;
+ /* A list of filenames with the data files or NULL. This is only
+ used if DATA_FD is -1. */
+ strlist_t data_names;
+ /* Flag to indicated that either one of the next previous fieldss
+ is used. This is only needed for better readability. */
+ int used;
+ } signed_data;
+
+ DEK *dek;
+ int last_was_session_key;
+ KBNODE list; /* The current list of packets. */
+ int have_data;
+ IOBUF iobuf; /* Used to get the filename etc. */
+ int trustletter; /* Temporary usage in list_node. */
+ ulong symkeys;
+ struct kidlist_item *pkenc_list; /* List of encryption packets. */
+ int any_sig_seen; /* Set to true if a signature packet has been seen. */
+};
+
+
+static int do_proc_packets( CTX c, IOBUF a );
+static void list_node( CTX c, KBNODE node );
+static void proc_tree( CTX c, KBNODE node );
+static int literals_seen;
+
+void
+reset_literals_seen(void)
+{
+ literals_seen=0;
+}
+
+static void
+release_list( CTX c )
+{
+ if( !c->list )
+ return;
+ proc_tree(c, c->list );
+ release_kbnode( c->list );
+ while( c->pkenc_list ) {
+ struct kidlist_item *tmp = c->pkenc_list->next;
+ xfree( c->pkenc_list );
+ c->pkenc_list = tmp;
+ }
+ c->pkenc_list = NULL;
+ c->list = NULL;
+ c->have_data = 0;
+ c->last_was_session_key = 0;
+ xfree(c->dek); c->dek = NULL;
+}
+
+
+static int
+add_onepass_sig( CTX c, PACKET *pkt )
+{
+ KBNODE node;
+
+ if ( c->list ) /* add another packet */
+ add_kbnode( c->list, new_kbnode( pkt ));
+ else /* insert the first one */
+ c->list = node = new_kbnode( pkt );
+
+ return 1;
+}
+
+
+static int
+add_gpg_control( CTX c, PACKET *pkt )
+{
+ if ( pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START ) {
+ /* New clear text signature.
+ * Process the last one and reset everything */
+ release_list(c);
+ }
+
+ if( c->list ) /* add another packet */
+ add_kbnode( c->list, new_kbnode( pkt ));
+ else /* insert the first one */
+ c->list = new_kbnode( pkt );
+
+ return 1;
+}
+
+
+
+static int
+add_user_id( CTX c, PACKET *pkt )
+{
+ if( !c->list ) {
+ log_error("orphaned user ID\n" );
+ return 0;
+ }
+ add_kbnode( c->list, new_kbnode( pkt ) );
+ return 1;
+}
+
+static int
+add_subkey( CTX c, PACKET *pkt )
+{
+ if( !c->list ) {
+ log_error("subkey w/o mainkey\n" );
+ return 0;
+ }
+ add_kbnode( c->list, new_kbnode( pkt ) );
+ return 1;
+}
+
+static int
+add_ring_trust( CTX c, PACKET *pkt )
+{
+ if( !c->list ) {
+ log_error("ring trust w/o key\n" );
+ return 0;
+ }
+ add_kbnode( c->list, new_kbnode( pkt ) );
+ return 1;
+}
+
+
+static int
+add_signature( CTX c, PACKET *pkt )
+{
+ KBNODE node;
+
+ c->any_sig_seen = 1;
+ if( pkt->pkttype == PKT_SIGNATURE && !c->list ) {
+ /* This is the first signature for the following datafile.
+ * GPG does not write such packets; instead it always uses
+ * onepass-sig packets. The drawback of PGP's method
+ * of prepending the signature to the data is
+ * that it is not possible to make a signature from data read
+ * from stdin. (GPG is able to read PGP stuff anyway.) */
+ node = new_kbnode( pkt );
+ c->list = node;
+ return 1;
+ }
+ else if( !c->list )
+ return 0; /* oops (invalid packet sequence)*/
+ else if( !c->list->pkt )
+ BUG(); /* so nicht */
+
+ /* add a new signature node id at the end */
+ node = new_kbnode( pkt );
+ add_kbnode( c->list, node );
+ return 1;
+}
+
+static int
+symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen )
+{
+ gcry_cipher_hd_t hd;
+
+ if(slen < 17 || slen > 33)
+ {
+ log_error ( _("weird size for an encrypted session key (%d)\n"),
+ (int)slen);
+ return G10ERR_BAD_KEY;
+ }
+
+ if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
+ BUG ();
+ if (gcry_cipher_setkey ( hd, dek->key, dek->keylen ))
+ BUG ();
+ gcry_cipher_setiv ( hd, NULL, 0 );
+ gcry_cipher_decrypt ( hd, seskey, slen, NULL, 0 );
+ gcry_cipher_close ( hd );
+
+ /* Now we replace the dek components with the real session key to
+ decrypt the contents of the sequencing packet. */
+
+ dek->keylen=slen-1;
+ dek->algo=seskey[0];
+
+ if(dek->keylen > DIM(dek->key))
+ BUG ();
+
+ /* This is not completely accurate, since a bad passphrase may have
+ resulted in a garbage algorithm byte, but it's close enough since
+ a bogus byte here will fail later. */
+ if(dek->algo==CIPHER_ALGO_IDEA)
+ idea_cipher_warn(0);
+
+ memcpy(dek->key, seskey + 1, dek->keylen);
+
+ /*log_hexdump( "thekey", dek->key, dek->keylen );*/
+
+ return 0;
+}
+
+static void
+proc_symkey_enc( CTX c, PACKET *pkt )
+{
+ PKT_symkey_enc *enc;
+
+ enc = pkt->pkt.symkey_enc;
+ if (!enc)
+ log_error ("invalid symkey encrypted packet\n");
+ else if(!c->dek)
+ {
+ int algo = enc->cipher_algo;
+ const char *s = openpgp_cipher_algo_name (algo);
+
+ if (!openpgp_cipher_test_algo (algo))
+ {
+ if(!opt.quiet)
+ {
+ if(enc->seskeylen)
+ log_info(_("%s encrypted session key\n"), s );
+ else
+ log_info(_("%s encrypted data\n"), s );
+ }
+ }
+ else
+ log_error(_("encrypted with unknown algorithm %d\n"), algo );
+
+ if(openpgp_md_test_algo (enc->s2k.hash_algo))
+ {
+ log_error(_("passphrase generated with unknown digest"
+ " algorithm %d\n"),enc->s2k.hash_algo);
+ s=NULL;
+ }
+
+ c->last_was_session_key = 2;
+ if(!s || opt.list_only)
+ goto leave;
+
+ if(opt.override_session_key)
+ {
+ c->dek = xmalloc_clear( sizeof *c->dek );
+ if(get_override_session_key(c->dek, opt.override_session_key))
+ {
+ xfree(c->dek);
+ c->dek = NULL;
+ }
+ }
+ else
+ {
+ c->dek = passphrase_to_dek (NULL, 0, algo, &enc->s2k, 3,
+ NULL, NULL);
+ if(c->dek)
+ {
+ c->dek->symmetric=1;
+
+ /* FIXME: This doesn't work perfectly if a symmetric
+ key comes before a public key in the message - if
+ the user doesn't know the passphrase, then there is
+ a chance that the "decrypted" algorithm will happen
+ to be a valid one, which will make the returned dek
+ appear valid, so we won't try any public keys that
+ come later. */
+ if(enc->seskeylen)
+ {
+ if(symkey_decrypt_seskey(c->dek, enc->seskey,
+ enc->seskeylen))
+ {
+ xfree(c->dek);
+ c->dek=NULL;
+ }
+ }
+ else
+ c->dek->algo_info_printed = 1;
+ }
+ }
+ }
+
+ leave:
+ c->symkeys++;
+ free_packet(pkt);
+}
+
+static void
+proc_pubkey_enc( CTX c, PACKET *pkt )
+{
+ PKT_pubkey_enc *enc;
+ int result = 0;
+
+ /* check whether the secret key is available and store in this case */
+ c->last_was_session_key = 1;
+ enc = pkt->pkt.pubkey_enc;
+ /*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/
+ /* Hmmm: why do I have this algo check here - anyway there is
+ * function to check it. */
+ if( opt.verbose )
+ log_info(_("public key is %s\n"), keystr(enc->keyid) );
+
+ if( is_status_enabled() ) {
+ char buf[50];
+ sprintf(buf, "%08lX%08lX %d 0",
+ (ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo );
+ write_status_text( STATUS_ENC_TO, buf );
+ }
+
+ if( !opt.list_only && opt.override_session_key ) {
+ /* It does not make much sense to store the session key in
+ * secure memory because it has already been passed on the
+ * command line and the GCHQ knows about it. */
+ c->dek = xmalloc_clear( sizeof *c->dek );
+ result = get_override_session_key ( c->dek, opt.override_session_key );
+ if ( result ) {
+ xfree(c->dek); c->dek = NULL;
+ }
+ }
+ else if( is_ELGAMAL(enc->pubkey_algo)
+ || enc->pubkey_algo == PUBKEY_ALGO_DSA
+ || is_RSA(enc->pubkey_algo)
+ || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL) {
+ /* Note that we also allow type 20 Elgamal keys for decryption.
+ There are still a couple of those keys in active use as a
+ subkey. */
+
+ /* FIXME: Store this all in a list and process it later so that
+ we can prioritize what key to use. This gives a better user
+ experience if wildcard keyids are used. */
+ if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1])
+ || opt.try_all_secrets
+ || !seckey_available( enc->keyid )) ) {
+ if( opt.list_only )
+ result = -1;
+ else {
+ c->dek = xmalloc_secure_clear( sizeof *c->dek );
+ if( (result = get_session_key( enc, c->dek )) ) {
+ /* error: delete the DEK */
+ xfree(c->dek); c->dek = NULL;
+ }
+ }
+ }
+ else
+ result = G10ERR_NO_SECKEY;
+ }
+ else
+ result = G10ERR_PUBKEY_ALGO;
+
+ if( result == -1 )
+ ;
+ else
+ {
+ /* store it for later display */
+ struct kidlist_item *x = xmalloc( sizeof *x );
+ x->kid[0] = enc->keyid[0];
+ x->kid[1] = enc->keyid[1];
+ x->pubkey_algo = enc->pubkey_algo;
+ x->reason = result;
+ x->next = c->pkenc_list;
+ c->pkenc_list = x;
+
+ if( !result && opt.verbose > 1 )
+ log_info( _("public key encrypted data: good DEK\n") );
+ }
+
+ free_packet(pkt);
+}
+
+
+
+/****************
+ * Print the list of public key encrypted packets which we could
+ * not decrypt.
+ */
+static void
+print_pkenc_list( struct kidlist_item *list, int failed )
+{
+ for( ; list; list = list->next ) {
+ PKT_public_key *pk;
+ const char *algstr;
+
+ if ( failed && !list->reason )
+ continue;
+ if ( !failed && list->reason )
+ continue;
+
+ algstr = gcry_pk_algo_name ( list->pubkey_algo );
+ pk = xmalloc_clear( sizeof *pk );
+
+ if( !algstr )
+ algstr = "[?]";
+ pk->pubkey_algo = list->pubkey_algo;
+ if( !get_pubkey( pk, list->kid ) )
+ {
+ char *p;
+ log_info( _("encrypted with %u-bit %s key, ID %s, created %s\n"),
+ nbits_from_pk( pk ), algstr, keystr_from_pk(pk),
+ strtimestamp(pk->timestamp) );
+ p=get_user_id_native(list->kid);
+ log_printf (_(" \"%s\"\n"),p);
+ xfree(p);
+ }
+ else
+ log_info(_("encrypted with %s key, ID %s\n"),
+ algstr,keystr(list->kid));
+
+ free_public_key( pk );
+
+ if( list->reason == G10ERR_NO_SECKEY ) {
+ if( is_status_enabled() ) {
+ char buf[20];
+ snprintf (buf, sizeof buf, "%08lX%08lX",
+ (ulong)list->kid[0], (ulong)list->kid[1]);
+ write_status_text( STATUS_NO_SECKEY, buf );
+ }
+ }
+ else if (list->reason)
+ {
+ log_info(_("public key decryption failed: %s\n"),
+ g10_errstr(list->reason));
+ write_status_error ("pkdecrypt_failed", list->reason);
+ }
+ }
+}
+
+
+static void
+proc_encrypted( CTX c, PACKET *pkt )
+{
+ int result = 0;
+
+ if (!opt.quiet)
+ {
+ if(c->symkeys>1)
+ log_info(_("encrypted with %lu passphrases\n"),c->symkeys);
+ else if(c->symkeys==1)
+ log_info(_("encrypted with 1 passphrase\n"));
+ print_pkenc_list ( c->pkenc_list, 1 );
+ print_pkenc_list ( c->pkenc_list, 0 );
+ }
+
+ /* FIXME: Figure out the session key by looking at all pkenc packets. */
+
+
+ write_status( STATUS_BEGIN_DECRYPTION );
+
+ /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
+ if( opt.list_only )
+ result = -1;
+ else if( !c->dek && !c->last_was_session_key ) {
+ int algo;
+ STRING2KEY s2kbuf, *s2k = NULL;
+
+ if(opt.override_session_key)
+ {
+ c->dek = xmalloc_clear( sizeof *c->dek );
+ result=get_override_session_key(c->dek, opt.override_session_key);
+ if(result)
+ {
+ xfree(c->dek);
+ c->dek = NULL;
+ }
+ }
+ else
+ {
+ /* Assume this is old style conventional encrypted data. */
+ algo = opt.def_cipher_algo;
+ if ( algo )
+ log_info (_("assuming %s encrypted data\n"),
+ openpgp_cipher_algo_name (algo));
+ else if ( openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) )
+ {
+ algo = opt.def_cipher_algo;
+ if (!algo)
+ algo = opt.s2k_cipher_algo;
+ idea_cipher_warn(1);
+ log_info (_("IDEA cipher unavailable, "
+ "optimistically attempting to use %s instead\n"),
+ openpgp_cipher_algo_name (algo));
+ }
+ else
+ {
+ algo = CIPHER_ALGO_IDEA;
+ if (!opt.s2k_digest_algo)
+ {
+ /* If no digest is given we assume MD5 */
+ s2kbuf.mode = 0;
+ s2kbuf.hash_algo = DIGEST_ALGO_MD5;
+ s2k = &s2kbuf;
+ }
+ log_info (_("assuming %s encrypted data\n"), "IDEA");
+ }
+
+ c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL, NULL );
+ if (c->dek)
+ c->dek->algo_info_printed = 1;
+ }
+ }
+ else if( !c->dek )
+ result = G10ERR_NO_SECKEY;
+ if( !result )
+ result = decrypt_data( c, pkt->pkt.encrypted, c->dek );
+
+ if( result == -1 )
+ ;
+ else if( !result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
+ && opt.ignore_mdc_error)) {
+ write_status( STATUS_DECRYPTION_OKAY );
+ if( opt.verbose > 1 )
+ log_info(_("decryption okay\n"));
+ if( pkt->pkt.encrypted->mdc_method && !result )
+ write_status( STATUS_GOODMDC );
+ else if(!opt.no_mdc_warn)
+ log_info (_("WARNING: message was not integrity protected\n"));
+ if(opt.show_session_key)
+ {
+ int i;
+ char *buf = xmalloc ( c->dek->keylen*2 + 20 );
+ sprintf ( buf, "%d:", c->dek->algo );
+ for(i=0; i < c->dek->keylen; i++ )
+ sprintf(buf+strlen(buf), "%02X", c->dek->key[i] );
+ log_info( "session key: `%s'\n", buf );
+ write_status_text ( STATUS_SESSION_KEY, buf );
+ }
+ }
+ else if( result == G10ERR_BAD_SIGN ) {
+ log_error(_("WARNING: encrypted message has been manipulated!\n"));
+ write_status( STATUS_BADMDC );
+ write_status( STATUS_DECRYPTION_FAILED );
+ }
+ else {
+ if (gpg_err_code (result) == GPG_ERR_BAD_KEY
+ && *c->dek->s2k_cacheid != '\0')
+ {
+ log_debug(_("cleared passphrase cached with ID: %s\n"),
+ c->dek->s2k_cacheid);
+ passphrase_clear_cache (NULL, c->dek->s2k_cacheid, 0);
+ }
+ write_status( STATUS_DECRYPTION_FAILED );
+ log_error(_("decryption failed: %s\n"), g10_errstr(result));
+ /* Hmmm: does this work when we have encrypted using multiple
+ * ways to specify the session key (symmmetric and PK)*/
+ }
+ xfree(c->dek); c->dek = NULL;
+ free_packet(pkt);
+ c->last_was_session_key = 0;
+ write_status( STATUS_END_DECRYPTION );
+}
+
+
+static void
+proc_plaintext( CTX c, PACKET *pkt )
+{
+ PKT_plaintext *pt = pkt->pkt.plaintext;
+ int any, clearsig, only_md5, rc;
+ KBNODE n;
+
+ literals_seen++;
+
+ if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
+ log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n"));
+ else if( opt.verbose )
+ log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name);
+ free_md_filter_context( &c->mfx );
+ if (gcry_md_open (&c->mfx.md, 0, 0))
+ BUG ();
+ /* fixme: we may need to push the textfilter if we have sigclass 1
+ * and no armoring - Not yet tested
+ * Hmmm, why don't we need it at all if we have sigclass 1
+ * Should we assume that plaintext in mode 't' has always sigclass 1??
+ * See: Russ Allbery's mail 1999-02-09
+ */
+ any = clearsig = only_md5 = 0;
+ for(n=c->list; n; n = n->next )
+ {
+ if( n->pkt->pkttype == PKT_ONEPASS_SIG )
+ {
+ /* For the onepass signature case */
+ if( n->pkt->pkt.onepass_sig->digest_algo )
+ {
+ gcry_md_enable (c->mfx.md,
+ n->pkt->pkt.onepass_sig->digest_algo);
+ if( !any && n->pkt->pkt.onepass_sig->digest_algo
+ == DIGEST_ALGO_MD5 )
+ only_md5 = 1;
+ else
+ only_md5 = 0;
+ any = 1;
+ }
+ if( n->pkt->pkt.onepass_sig->sig_class != 0x01 )
+ only_md5 = 0;
+ }
+ else if( n->pkt->pkttype == PKT_GPG_CONTROL
+ && n->pkt->pkt.gpg_control->control
+ == CTRLPKT_CLEARSIGN_START )
+ {
+ /* For the clearsigned message case */
+ size_t datalen = n->pkt->pkt.gpg_control->datalen;
+ const byte *data = n->pkt->pkt.gpg_control->data;
+
+ /* check that we have at least the sigclass and one hash */
+ if ( datalen < 2 )
+ log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n");
+ /* Note that we don't set the clearsig flag for not-dash-escaped
+ * documents */
+ clearsig = (*data == 0x01);
+ for( data++, datalen--; datalen; datalen--, data++ )
+ gcry_md_enable (c->mfx.md, *data);
+ any = 1;
+ break; /* Stop here as one-pass signature packets are not
+ expected. */
+ }
+ else if(n->pkt->pkttype==PKT_SIGNATURE)
+ {
+ /* For the SIG+LITERAL case that PGP used to use. */
+ gcry_md_enable ( c->mfx.md, n->pkt->pkt.signature->digest_algo );
+ any=1;
+ }
+ }
+
+ if( !any && !opt.skip_verify )
+ {
+ /* This is for the old GPG LITERAL+SIG case. It's not legal
+ according to 2440, so hopefully it won't come up that
+ often. There is no good way to specify what algorithms to
+ use in that case, so these three are the historical
+ answer. */
+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
+ }
+ if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) {
+ /* This is a kludge to work around a bug in pgp2. It does only
+ * catch those mails which are armored. To catch the non-armored
+ * pgp mails we could see whether there is the signature packet
+ * in front of the plaintext. If someone needs this, send me a patch.
+ */
+ if ( gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0) )
+ BUG ();
+ }
+ if ( DBG_HASHING ) {
+ gcry_md_start_debug ( c->mfx.md, "verify" );
+ if ( c->mfx.md2 )
+ gcry_md_start_debug ( c->mfx.md2, "verify2" );
+ }
+
+ rc=0;
+
+ if (literals_seen>1)
+ {
+ log_info (_("WARNING: multiple plaintexts seen\n"));
+
+ if (!opt.flags.allow_multiple_messages)
+ {
+ write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
+ log_inc_errorcount ();
+ rc = gpg_error (GPG_ERR_UNEXPECTED);
+ }
+ }
+
+ if(!rc)
+ {
+ rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
+ if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only )
+ {
+ /* Can't write output but we hash it anyway to check the
+ signature. */
+ rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
+ }
+ }
+
+ if( rc )
+ log_error( "handle plaintext failed: %s\n", g10_errstr(rc));
+ free_packet(pkt);
+ c->last_was_session_key = 0;
+
+ /* We add a marker control packet instead of the plaintext packet.
+ * This is so that we can later detect invalid packet sequences.
+ */
+ n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
+ if (c->list)
+ add_kbnode (c->list, n);
+ else
+ c->list = n;
+}
+
+
+static int
+proc_compressed_cb( IOBUF a, void *info )
+{
+ if ( ((CTX)info)->signed_data.used
+ && ((CTX)info)->signed_data.data_fd != -1)
+ return proc_signature_packets_by_fd (info, a,
+ ((CTX)info)->signed_data.data_fd);
+ else
+ return proc_signature_packets (info, a,
+ ((CTX)info)->signed_data.data_names,
+ ((CTX)info)->sigfilename );
+}
+
+static int
+proc_encrypt_cb( IOBUF a, void *info )
+{
+ return proc_encryption_packets( info, a );
+}
+
+static void
+proc_compressed( CTX c, PACKET *pkt )
+{
+ PKT_compressed *zd = pkt->pkt.compressed;
+ int rc;
+
+ /*printf("zip: compressed data packet\n");*/
+ if (c->sigs_only)
+ rc = handle_compressed( c, zd, proc_compressed_cb, c );
+ else if( c->encrypt_only )
+ rc = handle_compressed( c, zd, proc_encrypt_cb, c );
+ else
+ rc = handle_compressed( c, zd, NULL, NULL );
+ if( rc )
+ log_error("uncompressing failed: %s\n", g10_errstr(rc));
+ free_packet(pkt);
+ c->last_was_session_key = 0;
+}
+
+/****************
+ * check the signature
+ * Returns: 0 = valid signature or an error code
+ */
+static int
+do_check_sig( CTX c, KBNODE node, int *is_selfsig,
+ int *is_expkey, int *is_revkey )
+{
+ PKT_signature *sig;
+ gcry_md_hd_t md = NULL, md2 = NULL;
+ int algo, rc;
+
+ assert( node->pkt->pkttype == PKT_SIGNATURE );
+ if( is_selfsig )
+ *is_selfsig = 0;
+ sig = node->pkt->pkt.signature;
+
+ algo = sig->digest_algo;
+ rc = openpgp_md_test_algo(algo);
+ if (rc)
+ return rc;
+
+ if( sig->sig_class == 0x00 ) {
+ if( c->mfx.md )
+ {
+ if (gcry_md_copy (&md, c->mfx.md ))
+ BUG ();
+ }
+ else /* detached signature */
+ {
+ /* signature_check() will enable the md*/
+ if (gcry_md_open (&md, 0, 0 ))
+ BUG ();
+ }
+ }
+ else if( sig->sig_class == 0x01 ) {
+ /* how do we know that we have to hash the (already hashed) text
+ * in canonical mode ??? (calculating both modes???) */
+ if( c->mfx.md ) {
+ if (gcry_md_copy (&md, c->mfx.md ))
+ BUG ();
+ if( c->mfx.md2 && gcry_md_copy (&md2, c->mfx.md2 ))
+ BUG ();
+ }
+ else { /* detached signature */
+ log_debug("Do we really need this here?");
+ /* signature_check() will enable the md*/
+ if (gcry_md_open (&md, 0, 0 ))
+ BUG ();
+ if (gcry_md_open (&md2, 0, 0 ))
+ BUG ();
+ }
+ }
+ else if( (sig->sig_class&~3) == 0x10
+ || sig->sig_class == 0x18
+ || sig->sig_class == 0x1f
+ || sig->sig_class == 0x20
+ || sig->sig_class == 0x28
+ || sig->sig_class == 0x30 ) {
+ if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
+ || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ return check_key_signature( c->list, node, is_selfsig );
+ }
+ else if( sig->sig_class == 0x20 ) {
+ log_error (_("standalone revocation - "
+ "use \"gpg --import\" to apply\n"));
+ return G10ERR_NOT_PROCESSED;
+ }
+ else {
+ log_error("invalid root packet for sigclass %02x\n",
+ sig->sig_class);
+ return G10ERR_SIG_CLASS;
+ }
+ }
+ else
+ return G10ERR_SIG_CLASS;
+ rc = signature_check2( sig, md, NULL, is_expkey, is_revkey, NULL );
+ if( gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2 )
+ rc = signature_check2( sig, md2, NULL, is_expkey, is_revkey, NULL );
+ gcry_md_close(md);
+ gcry_md_close(md2);
+
+ return rc;
+}
+
+
+static void
+print_userid( PACKET *pkt )
+{
+ if( !pkt )
+ BUG();
+ if( pkt->pkttype != PKT_USER_ID ) {
+ printf("ERROR: unexpected packet type %d", pkt->pkttype );
+ return;
+ }
+ if( opt.with_colons )
+ {
+ if(pkt->pkt.user_id->attrib_data)
+ printf("%u %lu",
+ pkt->pkt.user_id->numattribs,
+ pkt->pkt.user_id->attrib_len);
+ else
+ print_string( stdout, pkt->pkt.user_id->name,
+ pkt->pkt.user_id->len, ':');
+ }
+ else
+ print_utf8_string( stdout, pkt->pkt.user_id->name,
+ pkt->pkt.user_id->len );
+}
+
+
+/****************
+ * List the certificate in a user friendly way
+ */
+
+static void
+list_node( CTX c, KBNODE node )
+{
+ int any=0;
+ int mainkey;
+
+ if( !node )
+ ;
+ else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY) )
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ PKT_public_key *pk = node->pkt->pkt.public_key;
+
+ if( opt.with_colons )
+ {
+ u32 keyid[2];
+ keyid_from_pk( pk, keyid );
+ if( mainkey )
+ c->trustletter = opt.fast_list_mode?
+ 0 : get_validity_info( pk, NULL );
+ printf("%s:", mainkey? "pub":"sub" );
+ if( c->trustletter )
+ putchar( c->trustletter );
+ printf(":%u:%d:%08lX%08lX:%s:%s::",
+ nbits_from_pk( pk ),
+ pk->pubkey_algo,
+ (ulong)keyid[0],(ulong)keyid[1],
+ colon_datestr_from_pk( pk ),
+ colon_strtime (pk->expiredate) );
+ if( mainkey && !opt.fast_list_mode )
+ putchar( get_ownertrust_info (pk) );
+ putchar(':');
+ if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) {
+ putchar('\n'); any=1;
+ if( opt.fingerprint )
+ print_fingerprint( pk, NULL, 0 );
+ printf("rtv:1:%u:\n",
+ node->next->pkt->pkt.ring_trust->trustval );
+ }
+ }
+ else
+ printf("%s %4u%c/%s %s%s",
+ mainkey? "pub":"sub", nbits_from_pk( pk ),
+ pubkey_letter( pk->pubkey_algo ), keystr_from_pk( pk ),
+ datestr_from_pk( pk ), mainkey?" ":"");
+
+ if( mainkey ) {
+ /* and now list all userids with their signatures */
+ for( node = node->next; node; node = node->next ) {
+ if( node->pkt->pkttype == PKT_SIGNATURE ) {
+ if( !any ) {
+ if( node->pkt->pkt.signature->sig_class == 0x20 )
+ puts("[revoked]");
+ else
+ putchar('\n');
+ any = 1;
+ }
+ list_node(c, node );
+ }
+ else if( node->pkt->pkttype == PKT_USER_ID ) {
+ if( any ) {
+ if( opt.with_colons )
+ printf("%s:::::::::",
+ node->pkt->pkt.user_id->attrib_data?"uat":"uid");
+ else
+ printf( "uid%*s", 28, "" );
+ }
+ print_userid( node->pkt );
+ if( opt.with_colons )
+ putchar(':');
+ putchar('\n');
+ if( opt.fingerprint && !any )
+ print_fingerprint( pk, NULL, 0 );
+ if( opt.with_colons
+ && node->next
+ && node->next->pkt->pkttype == PKT_RING_TRUST ) {
+ printf("rtv:2:%u:\n",
+ node->next->pkt->pkt.ring_trust?
+ node->next->pkt->pkt.ring_trust->trustval : 0);
+ }
+ any=1;
+ }
+ else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ if( !any ) {
+ putchar('\n');
+ any = 1;
+ }
+ list_node(c, node );
+ }
+ }
+ }
+ else
+ {
+ /* of subkey */
+ if( pk->is_revoked )
+ {
+ printf(" [");
+ printf(_("revoked: %s"),revokestr_from_pk(pk));
+ printf("]");
+ }
+ else if( pk->expiredate )
+ {
+ printf(" [");
+ printf(_("expires: %s"),expirestr_from_pk(pk));
+ printf("]");
+ }
+ }
+
+ if( !any )
+ putchar('\n');
+ if( !mainkey && opt.fingerprint > 1 )
+ print_fingerprint( pk, NULL, 0 );
+ }
+ else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ PKT_secret_key *sk = node->pkt->pkt.secret_key;
+
+ if( opt.with_colons )
+ {
+ u32 keyid[2];
+ keyid_from_sk( sk, keyid );
+ printf("%s::%u:%d:%08lX%08lX:%s:%s:::",
+ mainkey? "sec":"ssb",
+ nbits_from_sk( sk ),
+ sk->pubkey_algo,
+ (ulong)keyid[0],(ulong)keyid[1],
+ colon_datestr_from_sk( sk ),
+ colon_strtime (sk->expiredate)
+ /* fixme: add LID */ );
+ }
+ else
+ printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb",
+ nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ),
+ keystr_from_sk( sk ), datestr_from_sk( sk ));
+ if( mainkey ) {
+ /* and now list all userids with their signatures */
+ for( node = node->next; node; node = node->next ) {
+ if( node->pkt->pkttype == PKT_SIGNATURE ) {
+ if( !any ) {
+ if( node->pkt->pkt.signature->sig_class == 0x20 )
+ puts("[revoked]");
+ else
+ putchar('\n');
+ any = 1;
+ }
+ list_node(c, node );
+ }
+ else if( node->pkt->pkttype == PKT_USER_ID ) {
+ if( any ) {
+ if( opt.with_colons )
+ printf("%s:::::::::",
+ node->pkt->pkt.user_id->attrib_data?"uat":"uid");
+ else
+ printf( "uid%*s", 28, "" );
+ }
+ print_userid( node->pkt );
+ if( opt.with_colons )
+ putchar(':');
+ putchar('\n');
+ if( opt.fingerprint && !any )
+ print_fingerprint( NULL, sk, 0 );
+ any=1;
+ }
+ else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ if( !any ) {
+ putchar('\n');
+ any = 1;
+ }
+ list_node(c, node );
+ }
+ }
+ }
+ if( !any )
+ putchar('\n');
+ if( !mainkey && opt.fingerprint > 1 )
+ print_fingerprint( NULL, sk, 0 );
+ }
+ else if( node->pkt->pkttype == PKT_SIGNATURE ) {
+ PKT_signature *sig = node->pkt->pkt.signature;
+ int is_selfsig = 0;
+ int rc2=0;
+ size_t n;
+ char *p;
+ int sigrc = ' ';
+
+ if( !opt.verbose )
+ return;
+
+ if( sig->sig_class == 0x20 || sig->sig_class == 0x30 )
+ fputs("rev", stdout);
+ else
+ fputs("sig", stdout);
+ if( opt.check_sigs ) {
+ fflush(stdout);
+ rc2=do_check_sig( c, node, &is_selfsig, NULL, NULL );
+ switch (gpg_err_code (rc2)) {
+ case 0: sigrc = '!'; break;
+ case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
+ case GPG_ERR_NO_PUBKEY:
+ case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
+ default: sigrc = '%'; break;
+ }
+ }
+ else { /* check whether this is a self signature */
+ u32 keyid[2];
+
+ if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
+ || c->list->pkt->pkttype == PKT_SECRET_KEY ) {
+ if( c->list->pkt->pkttype == PKT_PUBLIC_KEY )
+ keyid_from_pk( c->list->pkt->pkt.public_key, keyid );
+ else
+ keyid_from_sk( c->list->pkt->pkt.secret_key, keyid );
+
+ if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
+ is_selfsig = 1;
+ }
+ }
+ if( opt.with_colons ) {
+ putchar(':');
+ if( sigrc != ' ' )
+ putchar(sigrc);
+ printf("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
+ (ulong)sig->keyid[0], (ulong)sig->keyid[1],
+ colon_datestr_from_sig(sig),
+ colon_expirestr_from_sig(sig));
+
+ if(sig->trust_depth || sig->trust_value)
+ printf("%d %d",sig->trust_depth,sig->trust_value);
+ printf(":");
+
+ if(sig->trust_regexp)
+ print_string(stdout,sig->trust_regexp,
+ strlen(sig->trust_regexp),':');
+ printf(":");
+ }
+ else
+ printf("%c %s %s ",
+ sigrc, keystr(sig->keyid), datestr_from_sig(sig));
+ if( sigrc == '%' )
+ printf("[%s] ", g10_errstr(rc2) );
+ else if( sigrc == '?' )
+ ;
+ else if( is_selfsig ) {
+ if( opt.with_colons )
+ putchar(':');
+ fputs( sig->sig_class == 0x18? "[keybind]":"[selfsig]", stdout);
+ if( opt.with_colons )
+ putchar(':');
+ }
+ else if( !opt.fast_list_mode ) {
+ p = get_user_id( sig->keyid, &n );
+ print_string( stdout, p, n, opt.with_colons );
+ xfree(p);
+ }
+ if( opt.with_colons )
+ printf(":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
+ putchar('\n');
+ }
+ else
+ log_error("invalid node with packet of type %d\n", node->pkt->pkttype);
+}
+
+
+
+int
+proc_packets( void *anchor, IOBUF a )
+{
+ int rc;
+ CTX c = xmalloc_clear( sizeof *c );
+
+ c->anchor = anchor;
+ rc = do_proc_packets( c, a );
+ xfree( c );
+ return rc;
+}
+
+
+
+int
+proc_signature_packets( void *anchor, IOBUF a,
+ strlist_t signedfiles, const char *sigfilename )
+{
+ CTX c = xmalloc_clear( sizeof *c );
+ int rc;
+
+ c->anchor = anchor;
+ c->sigs_only = 1;
+
+ c->signed_data.data_fd = -1;
+ c->signed_data.data_names = signedfiles;
+ c->signed_data.used = !!signedfiles;
+
+ c->sigfilename = sigfilename;
+ rc = do_proc_packets( c, a );
+
+ /* If we have not encountered any signature we print an error
+ messages, send a NODATA status back and return an error code.
+ Using log_error is required because verify_files does not check
+ error codes for each file but we want to terminate the process
+ with an error. */
+ if (!rc && !c->any_sig_seen)
+ {
+ write_status_text (STATUS_NODATA, "4");
+ log_error (_("no signature found\n"));
+ rc = G10ERR_NO_DATA;
+ }
+
+ /* Propagate the signature seen flag upward. Do this only on
+ success so that we won't issue the nodata status several
+ times. */
+ if (!rc && c->anchor && c->any_sig_seen)
+ c->anchor->any_sig_seen = 1;
+
+ xfree( c );
+ return rc;
+}
+
+int
+proc_signature_packets_by_fd (void *anchor, IOBUF a, int signed_data_fd )
+{
+ int rc;
+ CTX c = xcalloc (1, sizeof *c);
+
+ c->anchor = anchor;
+ c->sigs_only = 1;
+
+ c->signed_data.data_fd = signed_data_fd;
+ c->signed_data.data_names = NULL;
+ c->signed_data.used = (signed_data_fd != -1);
+
+ rc = do_proc_packets ( c, a );
+
+ /* If we have not encountered any signature we print an error
+ messages, send a NODATA status back and return an error code.
+ Using log_error is required because verify_files does not check
+ error codes for each file but we want to terminate the process
+ with an error. */
+ if (!rc && !c->any_sig_seen)
+ {
+ write_status_text (STATUS_NODATA, "4");
+ log_error (_("no signature found\n"));
+ rc = gpg_error (GPG_ERR_NO_DATA);
+ }
+
+ /* Propagate the signature seen flag upward. Do this only on success
+ so that we won't issue the nodata status several times. */
+ if (!rc && c->anchor && c->any_sig_seen)
+ c->anchor->any_sig_seen = 1;
+
+ xfree ( c );
+ return rc;
+}
+
+
+int
+proc_encryption_packets( void *anchor, IOBUF a )
+{
+ CTX c = xmalloc_clear( sizeof *c );
+ int rc;
+
+ c->anchor = anchor;
+ c->encrypt_only = 1;
+ rc = do_proc_packets( c, a );
+ xfree( c );
+ return rc;
+}
+
+
+int
+do_proc_packets( CTX c, IOBUF a )
+{
+ PACKET *pkt = xmalloc( sizeof *pkt );
+ int rc=0;
+ int any_data=0;
+ int newpkt;
+
+ c->iobuf = a;
+ init_packet(pkt);
+ while( (rc=parse_packet(a, pkt)) != -1 ) {
+ any_data = 1;
+ if( rc ) {
+ free_packet(pkt);
+ /* stop processing when an invalid packet has been encountered
+ * but don't do so when we are doing a --list-packets. */
+ if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
+ && opt.list_packets != 2 )
+ break;
+ continue;
+ }
+ newpkt = -1;
+ if( opt.list_packets ) {
+ switch( pkt->pkttype ) {
+ case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
+ case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
+ case PKT_ENCRYPTED:
+ case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
+ case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
+ default: newpkt = 0; break;
+ }
+ }
+ else if( c->sigs_only ) {
+ switch( pkt->pkttype ) {
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_KEY:
+ case PKT_USER_ID:
+ case PKT_SYMKEY_ENC:
+ case PKT_PUBKEY_ENC:
+ case PKT_ENCRYPTED:
+ case PKT_ENCRYPTED_MDC:
+ write_status_text( STATUS_UNEXPECTED, "0" );
+ rc = G10ERR_UNEXPECTED;
+ goto leave;
+ case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
+ case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
+ case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
+ case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
+ case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
+ default: newpkt = 0; break;
+ }
+ }
+ else if( c->encrypt_only ) {
+ switch( pkt->pkttype ) {
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_KEY:
+ case PKT_USER_ID:
+ write_status_text( STATUS_UNEXPECTED, "0" );
+ rc = G10ERR_UNEXPECTED;
+ goto leave;
+ case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
+ case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
+ case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
+ case PKT_ENCRYPTED:
+ case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
+ case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
+ case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
+ case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
+ case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
+ default: newpkt = 0; break;
+ }
+ }
+ else {
+ switch( pkt->pkttype ) {
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_KEY:
+ release_list( c );
+ c->list = new_kbnode( pkt );
+ newpkt = 1;
+ break;
+ case PKT_PUBLIC_SUBKEY:
+ case PKT_SECRET_SUBKEY:
+ newpkt = add_subkey( c, pkt );
+ break;
+ case PKT_USER_ID: newpkt = add_user_id( c, pkt ); break;
+ case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
+ case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
+ case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
+ case PKT_ENCRYPTED:
+ case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
+ case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
+ case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
+ case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
+ case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
+ case PKT_RING_TRUST: newpkt = add_ring_trust( c, pkt ); break;
+ default: newpkt = 0; break;
+ }
+ }
+ /* This is a very ugly construct and frankly, I don't remember why
+ * I used it. Adding the MDC check here is a hack.
+ * The right solution is to initiate another context for encrypted
+ * packet and not to reuse the current one ... It works right
+ * when there is a compression packet inbetween which adds just
+ * an extra layer.
+ * Hmmm: Rewrite this whole module here??
+ */
+ if( pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC )
+ c->have_data = pkt->pkttype == PKT_PLAINTEXT;
+
+ if( newpkt == -1 )
+ ;
+ else if( newpkt ) {
+ pkt = xmalloc( sizeof *pkt );
+ init_packet(pkt);
+ }
+ else
+ free_packet(pkt);
+ }
+ if( rc == G10ERR_INVALID_PACKET )
+ write_status_text( STATUS_NODATA, "3" );
+ if( any_data )
+ rc = 0;
+ else if( rc == -1 )
+ write_status_text( STATUS_NODATA, "2" );
+
+
+ leave:
+ release_list( c );
+ xfree(c->dek);
+ free_packet( pkt );
+ xfree( pkt );
+ free_md_filter_context( &c->mfx );
+ return rc;
+}
+
+
+/* Helper for pka_uri_from_sig to parse the to-be-verified address out
+ of the notation data. */
+static pka_info_t *
+get_pka_address (PKT_signature *sig)
+{
+ pka_info_t *pka = NULL;
+ struct notation *nd,*notation;
+
+ notation=sig_to_notation(sig);
+
+ for(nd=notation;nd;nd=nd->next)
+ {
+ if(strcmp(nd->name,"pka-address@gnupg.org")!=0)
+ continue; /* Not the notation we want. */
+
+ /* For now we only use the first valid PKA notation. In future
+ we might want to keep additional PKA notations in a linked
+ list. */
+ if (is_valid_mailbox (nd->value))
+ {
+ pka = xmalloc (sizeof *pka + strlen(nd->value));
+ pka->valid = 0;
+ pka->checked = 0;
+ pka->uri = NULL;
+ strcpy (pka->email, nd->value);
+ break;
+ }
+ }
+
+ free_notation(notation);
+
+ return pka;
+}
+
+
+/* Return the URI from a DNS PKA record. If this record has already
+ be retrieved for the signature we merely return it; if not we go
+ out and try to get that DNS record. */
+static const char *
+pka_uri_from_sig (PKT_signature *sig)
+{
+ if (!sig->flags.pka_tried)
+ {
+ assert (!sig->pka_info);
+ sig->flags.pka_tried = 1;
+ sig->pka_info = get_pka_address (sig);
+ if (sig->pka_info)
+ {
+ char *uri;
+
+ uri = get_pka_info (sig->pka_info->email, sig->pka_info->fpr);
+ if (uri)
+ {
+ sig->pka_info->valid = 1;
+ if (!*uri)
+ xfree (uri);
+ else
+ sig->pka_info->uri = uri;
+ }
+ }
+ }
+ return sig->pka_info? sig->pka_info->uri : NULL;
+}
+
+
+static int
+check_sig_and_print( CTX c, KBNODE node )
+{
+ PKT_signature *sig = node->pkt->pkt.signature;
+ const char *astr;
+ int rc, is_expkey=0, is_revkey=0;
+
+ if (opt.skip_verify)
+ {
+ log_info(_("signature verification suppressed\n"));
+ return 0;
+ }
+
+ /* Check that the message composition is valid.
+
+ Per RFC-2440bis (-15) allowed:
+
+ S{1,n} -- detached signature.
+ S{1,n} P -- old style PGP2 signature
+ O{1,n} P S{1,n} -- standard OpenPGP signature.
+ C P S{1,n} -- cleartext signature.
+
+
+ O = One-Pass Signature packet.
+ S = Signature packet.
+ P = OpenPGP Message packet (Encrypted | Compressed | Literal)
+ (Note that the current rfc2440bis draft also allows
+ for a signed message but that does not work as it
+ introduces ambiguities.)
+ We keep track of these packages using the marker packet
+ CTRLPKT_PLAINTEXT_MARK.
+ C = Marker packet for cleartext signatures.
+
+ We reject all other messages.
+
+ Actually we are calling this too often, i.e. for verification of
+ each message but better have some duplicate work than to silently
+ introduce a bug here.
+ */
+ {
+ KBNODE n;
+ int n_onepass, n_sig;
+
+/* log_debug ("checking signature packet composition\n"); */
+/* dump_kbnode (c->list); */
+
+ n = c->list;
+ assert (n);
+ if ( n->pkt->pkttype == PKT_SIGNATURE )
+ {
+ /* This is either "S{1,n}" case (detached signature) or
+ "S{1,n} P" (old style PGP2 signature). */
+ for (n = n->next; n; n = n->next)
+ if (n->pkt->pkttype != PKT_SIGNATURE)
+ break;
+ if (!n)
+ ; /* Okay, this is a detached signature. */
+ else if (n->pkt->pkttype == PKT_GPG_CONTROL
+ && (n->pkt->pkt.gpg_control->control
+ == CTRLPKT_PLAINTEXT_MARK) )
+ {
+ if (n->next)
+ goto ambiguous; /* We only allow one P packet. */
+ }
+ else
+ goto ambiguous;
+ }
+ else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
+ {
+ /* This is the "O{1,n} P S{1,n}" case (standard signature). */
+ for (n_onepass=1, n = n->next;
+ n && n->pkt->pkttype == PKT_ONEPASS_SIG; n = n->next)
+ n_onepass++;
+ if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
+ && (n->pkt->pkt.gpg_control->control
+ == CTRLPKT_PLAINTEXT_MARK)))
+ goto ambiguous;
+ for (n_sig=0, n = n->next;
+ n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
+ n_sig++;
+ if (!n_sig)
+ goto ambiguous;
+
+ /* If we wanted to disallow multiple sig verification, we'd do
+ something like this:
+
+ if (n && !opt.allow_multisig_verification)
+ goto ambiguous;
+
+ However, now that we have --allow-multiple-messages, this
+ can stay allowable as we can't get here unless multiple
+ messages (i.e. multiple literals) are allowed. */
+
+ if (n_onepass != n_sig)
+ {
+ log_info ("number of one-pass packets does not match "
+ "number of signature packets\n");
+ goto ambiguous;
+ }
+ }
+ else if (n->pkt->pkttype == PKT_GPG_CONTROL
+ && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
+ {
+ /* This is the "C P S{1,n}" case (clear text signature). */
+ n = n->next;
+ if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
+ && (n->pkt->pkt.gpg_control->control
+ == CTRLPKT_PLAINTEXT_MARK)))
+ goto ambiguous;
+ for (n_sig=0, n = n->next;
+ n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
+ n_sig++;
+ if (n || !n_sig)
+ goto ambiguous;
+ }
+ else
+ {
+ ambiguous:
+ log_error(_("can't handle this ambiguous signature data\n"));
+ return 0;
+ }
+
+ }
+
+ /* (Indendation below not yet changed to GNU style.) */
+
+ astr = gcry_pk_algo_name ( sig->pubkey_algo );
+ if(keystrlen()>8)
+ {
+ log_info(_("Signature made %s\n"),asctimestamp(sig->timestamp));
+ log_info(_(" using %s key %s\n"),
+ astr? astr: "?",keystr(sig->keyid));
+ }
+ else
+ log_info(_("Signature made %s using %s key ID %s\n"),
+ asctimestamp(sig->timestamp), astr? astr: "?",
+ keystr(sig->keyid));
+
+ rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
+
+ /* If the key isn't found, check for a preferred keyserver */
+
+ if(rc==G10ERR_NO_PUBKEY && sig->flags.pref_ks)
+ {
+ const byte *p;
+ int seq=0;
+ size_t n;
+
+ while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
+ {
+ /* According to my favorite copy editor, in English
+ grammar, you say "at" if the key is located on a web
+ page, but "from" if it is located on a keyserver. I'm
+ not going to even try to make two strings here :) */
+ log_info(_("Key available at: ") );
+ print_utf8_string( log_get_stream(), p, n );
+ log_printf ("\n");
+
+ if(opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
+ && opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
+ {
+ struct keyserver_spec *spec;
+
+ spec=parse_preferred_keyserver(sig);
+ if(spec)
+ {
+ int res;
+
+ glo_ctrl.in_auto_key_retrieve++;
+ res=keyserver_import_keyid(sig->keyid,spec);
+ glo_ctrl.in_auto_key_retrieve--;
+ if(!res)
+ rc=do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
+ free_keyserver_spec(spec);
+
+ if(!rc)
+ break;
+ }
+ }
+ }
+ }
+
+ /* If the preferred keyserver thing above didn't work, our second
+ try is to use the URI from a DNS PKA record. */
+ if ( rc == G10ERR_NO_PUBKEY
+ && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
+ && opt.keyserver_options.options&KEYSERVER_HONOR_PKA_RECORD)
+ {
+ const char *uri = pka_uri_from_sig (sig);
+
+ if (uri)
+ {
+ /* FIXME: We might want to locate the key using the
+ fingerprint instead of the keyid. */
+ int res;
+ struct keyserver_spec *spec;
+
+ spec = parse_keyserver_uri (uri, 1, NULL, 0);
+ if (spec)
+ {
+ glo_ctrl.in_auto_key_retrieve++;
+ res = keyserver_import_keyid (sig->keyid, spec);
+ glo_ctrl.in_auto_key_retrieve--;
+ free_keyserver_spec (spec);
+ if (!res)
+ rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
+ }
+ }
+ }
+
+ /* If the preferred keyserver thing above didn't work and we got
+ no information from the DNS PKA, this is a third try. */
+
+ if( rc == G10ERR_NO_PUBKEY && opt.keyserver
+ && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
+ {
+ int res;
+
+ glo_ctrl.in_auto_key_retrieve++;
+ res=keyserver_import_keyid ( sig->keyid, opt.keyserver );
+ glo_ctrl.in_auto_key_retrieve--;
+ if(!res)
+ rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
+ }
+
+ if( !rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE ) {
+ KBNODE un, keyblock;
+ int count=0, statno;
+ char keyid_str[50];
+ PKT_public_key *pk=NULL;
+
+ if(rc)
+ statno=STATUS_BADSIG;
+ else if(sig->flags.expired)
+ statno=STATUS_EXPSIG;
+ else if(is_expkey)
+ statno=STATUS_EXPKEYSIG;
+ else if(is_revkey)
+ statno=STATUS_REVKEYSIG;
+ else
+ statno=STATUS_GOODSIG;
+
+ keyblock = get_pubkeyblock( sig->keyid );
+
+ sprintf (keyid_str, "%08lX%08lX [uncertain] ",
+ (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
+
+ /* find and print the primary user ID */
+ for( un=keyblock; un; un = un->next ) {
+ char *p;
+ int valid;
+ if(un->pkt->pkttype==PKT_PUBLIC_KEY)
+ {
+ pk=un->pkt->pkt.public_key;
+ continue;
+ }
+ if( un->pkt->pkttype != PKT_USER_ID )
+ continue;
+ if ( !un->pkt->pkt.user_id->created )
+ continue;
+ if ( un->pkt->pkt.user_id->is_revoked )
+ continue;
+ if ( un->pkt->pkt.user_id->is_expired )
+ continue;
+ if ( !un->pkt->pkt.user_id->is_primary )
+ continue;
+ /* We want the textual primary user ID here */
+ if ( un->pkt->pkt.user_id->attrib_data )
+ continue;
+
+ assert(pk);
+
+ /* Get it before we print anything to avoid interrupting
+ the output with the "please do a --check-trustdb"
+ line. */
+ valid=get_validity(pk,un->pkt->pkt.user_id);
+
+ keyid_str[17] = 0; /* cut off the "[uncertain]" part */
+ write_status_text_and_buffer (statno, keyid_str,
+ un->pkt->pkt.user_id->name,
+ un->pkt->pkt.user_id->len,
+ -1 );
+
+ p=utf8_to_native(un->pkt->pkt.user_id->name,
+ un->pkt->pkt.user_id->len,0);
+
+ if(rc)
+ log_info(_("BAD signature from \"%s\""),p);
+ else if(sig->flags.expired)
+ log_info(_("Expired signature from \"%s\""),p);
+ else
+ log_info(_("Good signature from \"%s\""),p);
+
+ xfree(p);
+
+ if(opt.verify_options&VERIFY_SHOW_UID_VALIDITY)
+ log_printf (" [%s]\n",trust_value_to_string(valid));
+ else
+ log_printf ("\n");
+ count++;
+ }
+ if( !count ) { /* just in case that we have no valid textual
+ userid */
+ char *p;
+
+ /* Try for an invalid textual userid */
+ for( un=keyblock; un; un = un->next ) {
+ if( un->pkt->pkttype == PKT_USER_ID &&
+ !un->pkt->pkt.user_id->attrib_data )
+ break;
+ }
+
+ /* Try for any userid at all */
+ if(!un) {
+ for( un=keyblock; un; un = un->next ) {
+ if( un->pkt->pkttype == PKT_USER_ID )
+ break;
+ }
+ }
+
+ if (opt.trust_model==TM_ALWAYS || !un)
+ keyid_str[17] = 0; /* cut off the "[uncertain]" part */
+
+ write_status_text_and_buffer (statno, keyid_str,
+ un? un->pkt->pkt.user_id->name:"[?]",
+ un? un->pkt->pkt.user_id->len:3,
+ -1 );
+
+ if(un)
+ p=utf8_to_native(un->pkt->pkt.user_id->name,
+ un->pkt->pkt.user_id->len,0);
+ else
+ p=xstrdup("[?]");
+
+ if(rc)
+ log_info(_("BAD signature from \"%s\""),p);
+ else if(sig->flags.expired)
+ log_info(_("Expired signature from \"%s\""),p);
+ else
+ log_info(_("Good signature from \"%s\""),p);
+ if (opt.trust_model!=TM_ALWAYS && un)
+ log_printf (" %s",_("[uncertain]") );
+ log_printf ("\n");
+ }
+
+ /* If we have a good signature and already printed
+ * the primary user ID, print all the other user IDs */
+ if ( count && !rc
+ && !(opt.verify_options&VERIFY_SHOW_PRIMARY_UID_ONLY)) {
+ char *p;
+ for( un=keyblock; un; un = un->next ) {
+ if( un->pkt->pkttype != PKT_USER_ID )
+ continue;
+ if((un->pkt->pkt.user_id->is_revoked
+ || un->pkt->pkt.user_id->is_expired)
+ && !(opt.verify_options&VERIFY_SHOW_UNUSABLE_UIDS))
+ continue;
+ /* Only skip textual primaries */
+ if ( un->pkt->pkt.user_id->is_primary &&
+ !un->pkt->pkt.user_id->attrib_data )
+ continue;
+
+ if(un->pkt->pkt.user_id->attrib_data)
+ {
+ dump_attribs(un->pkt->pkt.user_id,pk,NULL);
+
+ if(opt.verify_options&VERIFY_SHOW_PHOTOS)
+ show_photos(un->pkt->pkt.user_id->attribs,
+ un->pkt->pkt.user_id->numattribs,
+ pk,NULL,un->pkt->pkt.user_id);
+ }
+
+ p=utf8_to_native(un->pkt->pkt.user_id->name,
+ un->pkt->pkt.user_id->len,0);
+ log_info(_(" aka \"%s\""),p);
+ xfree(p);
+
+ if(opt.verify_options&VERIFY_SHOW_UID_VALIDITY)
+ {
+ const char *valid;
+ if(un->pkt->pkt.user_id->is_revoked)
+ valid=_("revoked");
+ else if(un->pkt->pkt.user_id->is_expired)
+ valid=_("expired");
+ else
+ valid=trust_value_to_string(get_validity(pk,
+ un->pkt->
+ pkt.user_id));
+ log_printf (" [%s]\n",valid);
+ }
+ else
+ log_printf ("\n");
+ }
+ }
+ release_kbnode( keyblock );
+
+ if( !rc )
+ {
+ if(opt.verify_options&VERIFY_SHOW_POLICY_URLS)
+ show_policy_url(sig,0,1);
+ else
+ show_policy_url(sig,0,2);
+
+ if(opt.verify_options&VERIFY_SHOW_KEYSERVER_URLS)
+ show_keyserver_url(sig,0,1);
+ else
+ show_keyserver_url(sig,0,2);
+
+ if(opt.verify_options&VERIFY_SHOW_NOTATIONS)
+ show_notation(sig,0,1,
+ ((opt.verify_options&VERIFY_SHOW_STD_NOTATIONS)?1:0)+
+ ((opt.verify_options&VERIFY_SHOW_USER_NOTATIONS)?2:0));
+ else
+ show_notation(sig,0,2,0);
+ }
+
+ if( !rc && is_status_enabled() ) {
+ /* print a status response with the fingerprint */
+ PKT_public_key *vpk = xmalloc_clear( sizeof *vpk );
+
+ if( !get_pubkey( vpk, sig->keyid ) ) {
+ byte array[MAX_FINGERPRINT_LEN], *p;
+ char buf[MAX_FINGERPRINT_LEN*4+90], *bufp;
+ size_t i, n;
+
+ bufp = buf;
+ fingerprint_from_pk( vpk, array, &n );
+ p = array;
+ for(i=0; i < n ; i++, p++, bufp += 2)
+ sprintf(bufp, "%02X", *p );
+ /* TODO: Replace the reserved '0' in the field below
+ with bits for status flags (policy url, notation,
+ etc.). Remember to make the buffer larger to
+ match! */
+ sprintf(bufp, " %s %lu %lu %d 0 %d %d %02X ",
+ strtimestamp( sig->timestamp ),
+ (ulong)sig->timestamp,(ulong)sig->expiredate,
+ sig->version,sig->pubkey_algo,sig->digest_algo,
+ sig->sig_class);
+ bufp = bufp + strlen (bufp);
+ if (!vpk->is_primary) {
+ u32 akid[2];
+
+ akid[0] = vpk->main_keyid[0];
+ akid[1] = vpk->main_keyid[1];
+ free_public_key (vpk);
+ vpk = xmalloc_clear( sizeof *vpk );
+ if (get_pubkey (vpk, akid)) {
+ /* impossible error, we simply return a zeroed out fpr */
+ n = MAX_FINGERPRINT_LEN < 20? MAX_FINGERPRINT_LEN : 20;
+ memset (array, 0, n);
+ }
+ else
+ fingerprint_from_pk( vpk, array, &n );
+ }
+ p = array;
+ for(i=0; i < n ; i++, p++, bufp += 2)
+ sprintf(bufp, "%02X", *p );
+ write_status_text( STATUS_VALIDSIG, buf );
+ }
+ free_public_key( vpk );
+ }
+
+ if (!rc)
+ {
+ if(opt.verify_options&VERIFY_PKA_LOOKUPS)
+ pka_uri_from_sig (sig); /* Make sure PKA info is available. */
+ rc = check_signatures_trust( sig );
+ }
+
+ if(sig->flags.expired)
+ {
+ log_info(_("Signature expired %s\n"),
+ asctimestamp(sig->expiredate));
+ rc=G10ERR_GENERAL; /* need a better error here? */
+ }
+ else if(sig->expiredate)
+ log_info(_("Signature expires %s\n"),asctimestamp(sig->expiredate));
+
+ if(opt.verbose)
+ log_info(_("%s signature, digest algorithm %s\n"),
+ sig->sig_class==0x00?_("binary"):
+ sig->sig_class==0x01?_("textmode"):_("unknown"),
+ gcry_md_algo_name (sig->digest_algo));
+
+ if( rc )
+ g10_errors_seen = 1;
+ if( opt.batch && rc )
+ g10_exit(1);
+ }
+ else {
+ char buf[50];
+ sprintf(buf, "%08lX%08lX %d %d %02x %lu %d",
+ (ulong)sig->keyid[0], (ulong)sig->keyid[1],
+ sig->pubkey_algo, sig->digest_algo,
+ sig->sig_class, (ulong)sig->timestamp, rc );
+ write_status_text( STATUS_ERRSIG, buf );
+ if( rc == G10ERR_NO_PUBKEY ) {
+ buf[16] = 0;
+ write_status_text( STATUS_NO_PUBKEY, buf );
+ }
+ if( rc != G10ERR_NOT_PROCESSED )
+ log_error(_("Can't check signature: %s\n"), g10_errstr(rc) );
+ }
+ return rc;
+}
+
+
+/****************
+ * Process the tree which starts at node
+ */
+static void
+proc_tree( CTX c, KBNODE node )
+{
+ KBNODE n1;
+ int rc;
+
+ if( opt.list_packets || opt.list_only )
+ return;
+
+ /* we must skip our special plaintext marker packets here becuase
+ they may be the root packet. These packets are only used in
+ addionla checks and skipping them here doesn't matter */
+ while ( node
+ && node->pkt->pkttype == PKT_GPG_CONTROL
+ && node->pkt->pkt.gpg_control->control
+ == CTRLPKT_PLAINTEXT_MARK ) {
+ node = node->next;
+ }
+ if (!node)
+ return;
+
+ c->trustletter = ' ';
+ if( node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ merge_keys_and_selfsig( node );
+ list_node( c, node );
+ }
+ else if( node->pkt->pkttype == PKT_SECRET_KEY ) {
+ merge_keys_and_selfsig( node );
+ list_node( c, node );
+ }
+ else if( node->pkt->pkttype == PKT_ONEPASS_SIG ) {
+ /* check all signatures */
+ if( !c->have_data ) {
+ int use_textmode = 0;
+
+ free_md_filter_context( &c->mfx );
+ /* prepare to create all requested message digests */
+ if (gcry_md_open (&c->mfx.md, 0, 0))
+ BUG ();
+
+ /* fixme: why looking for the signature packet and not the
+ one-pass packet? */
+ for ( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
+ {
+ gcry_md_enable (c->mfx.md,
+ n1->pkt->pkt.signature->digest_algo);
+ }
+
+ if (n1 && n1->pkt->pkt.onepass_sig->sig_class == 0x01)
+ use_textmode = 1;
+
+ /* Ask for file and hash it. */
+ if( c->sigs_only ) {
+ if (c->signed_data.used && c->signed_data.data_fd != -1)
+ rc = hash_datafile_by_fd (c->mfx.md, NULL,
+ c->signed_data.data_fd,
+ use_textmode);
+ else
+ rc = hash_datafiles (c->mfx.md, NULL,
+ c->signed_data.data_names,
+ c->sigfilename,
+ use_textmode );
+ }
+ else {
+ rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
+ iobuf_get_real_fname(c->iobuf),
+ use_textmode );
+ }
+ if( rc ) {
+ log_error("can't hash datafile: %s\n", g10_errstr(rc));
+ return;
+ }
+ }
+ else if ( c->signed_data.used ) {
+ log_error (_("not a detached signature\n") );
+ return;
+ }
+
+ for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
+ check_sig_and_print( c, n1 );
+ }
+ else if( node->pkt->pkttype == PKT_GPG_CONTROL
+ && node->pkt->pkt.gpg_control->control
+ == CTRLPKT_CLEARSIGN_START ) {
+ /* clear text signed message */
+ if( !c->have_data ) {
+ log_error("cleartext signature without data\n" );
+ return;
+ }
+ else if ( c->signed_data.used ) {
+ log_error (_("not a detached signature\n") );
+ return;
+ }
+
+ for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
+ check_sig_and_print( c, n1 );
+ }
+ else if( node->pkt->pkttype == PKT_SIGNATURE ) {
+ PKT_signature *sig = node->pkt->pkt.signature;
+ int multiple_ok=1;
+
+ n1=find_next_kbnode(node, PKT_SIGNATURE);
+ if(n1)
+ {
+ byte class=sig->sig_class;
+ byte hash=sig->digest_algo;
+
+ for(; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
+ {
+ /* We can't currently handle multiple signatures of
+ different classes or digests (we'd pretty much have
+ to run a different hash context for each), but if
+ they are all the same, make an exception. */
+ if(n1->pkt->pkt.signature->sig_class!=class
+ || n1->pkt->pkt.signature->digest_algo!=hash)
+ {
+ multiple_ok=0;
+ log_info(_("WARNING: multiple signatures detected. "
+ "Only the first will be checked.\n"));
+ break;
+ }
+ }
+ }
+
+ if( sig->sig_class != 0x00 && sig->sig_class != 0x01 )
+ log_info(_("standalone signature of class 0x%02x\n"),
+ sig->sig_class);
+ else if( !c->have_data ) {
+ /* detached signature */
+ free_md_filter_context( &c->mfx );
+ if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0))
+ BUG ();
+
+ if( !opt.pgp2_workarounds )
+ ;
+ else if( sig->digest_algo == DIGEST_ALGO_MD5
+ && is_RSA( sig->pubkey_algo ) ) {
+ /* enable a workaround for a pgp2 bug */
+ if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0))
+ BUG ();
+ }
+ else if( sig->digest_algo == DIGEST_ALGO_SHA1
+ && sig->pubkey_algo == PUBKEY_ALGO_DSA
+ && sig->sig_class == 0x01 ) {
+ /* enable the workaround also for pgp5 when the detached
+ * signature has been created in textmode */
+ if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 ))
+ BUG ();
+ }
+#if 0 /* workaround disabled */
+ /* Here we have another hack to work around a pgp 2 bug
+ * It works by not using the textmode for detached signatures;
+ * this will let the first signature check (on md) fail
+ * but the second one (on md2) which adds an extra CR should
+ * then produce the "correct" hash. This is very, very ugly
+ * hack but it may help in some cases (and break others)
+ */
+ /* c->mfx.md2? 0 :(sig->sig_class == 0x01) */
+#endif
+ if ( DBG_HASHING ) {
+ gcry_md_start_debug( c->mfx.md, "verify" );
+ if ( c->mfx.md2 )
+ gcry_md_start_debug( c->mfx.md2, "verify2" );
+ }
+ if( c->sigs_only ) {
+ if (c->signed_data.used && c->signed_data.data_fd != -1)
+ rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2,
+ c->signed_data.data_fd,
+ (sig->sig_class == 0x01));
+ else
+ rc = hash_datafiles (c->mfx.md, c->mfx.md2,
+ c->signed_data.data_names,
+ c->sigfilename,
+ (sig->sig_class == 0x01));
+ }
+ else {
+ rc = ask_for_detached_datafile( c->mfx.md, c->mfx.md2,
+ iobuf_get_real_fname(c->iobuf),
+ (sig->sig_class == 0x01) );
+ }
+ if( rc ) {
+ log_error("can't hash datafile: %s\n", g10_errstr(rc));
+ return;
+ }
+ }
+ else if ( c->signed_data.used ) {
+ log_error (_("not a detached signature\n") );
+ return;
+ }
+ else if (!opt.quiet)
+ log_info(_("old style (PGP 2.x) signature\n"));
+
+ if(multiple_ok)
+ for( n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )) )
+ check_sig_and_print( c, n1 );
+ else
+ check_sig_and_print( c, node );
+ }
+ else {
+ dump_kbnode (c->list);
+ log_error(_("invalid root packet detected in proc_tree()\n"));
+ dump_kbnode (node);
+ }
+}
diff --git a/g10/mdfilter.c b/g10/mdfilter.c
new file mode 100644
index 0000000..a005164
--- /dev/null
+++ b/g10/mdfilter.c
@@ -0,0 +1,75 @@
+/* mdfilter.c - filter data and calculate a message digest
+ * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "status.h"
+#include "iobuf.h"
+#include "util.h"
+#include "filter.h"
+
+
+
+/****************
+ * This filter is used to collect a message digest
+ */
+int
+md_filter( void *opaque, int control,
+ IOBUF a, byte *buf, size_t *ret_len)
+{
+ size_t size = *ret_len;
+ md_filter_context_t *mfx = opaque;
+ int i, rc=0;
+
+ if( control == IOBUFCTRL_UNDERFLOW ) {
+ if( mfx->maxbuf_size && size > mfx->maxbuf_size )
+ size = mfx->maxbuf_size;
+ i = iobuf_read( a, buf, size );
+ if( i == -1 ) i = 0;
+ if( i ) {
+ gcry_md_write(mfx->md, buf, i );
+ if( mfx->md2 )
+ gcry_md_write(mfx->md2, buf, i );
+ }
+ else
+ rc = -1; /* eof */
+ *ret_len = i;
+ }
+ else if( control == IOBUFCTRL_DESC )
+ *(char**)buf = "md_filter";
+ return rc;
+}
+
+
+void
+free_md_filter_context( md_filter_context_t *mfx )
+{
+ gcry_md_close(mfx->md);
+ gcry_md_close(mfx->md2);
+ mfx->md = NULL;
+ mfx->md2 = NULL;
+ mfx->maxbuf_size = 0;
+}
+
diff --git a/g10/misc.c b/g10/misc.c
new file mode 100644
index 0000000..8cc63ba
--- /dev/null
+++ b/g10/misc.c
@@ -0,0 +1,1415 @@
+/* misc.c - miscellaneous functions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ * 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#if defined(__linux__) && defined(__alpha__) && __GLIBC__ < 2
+#include <asm/sysinfo.h>
+#include <asm/unistd.h>
+#endif
+#ifdef HAVE_SETRLIMIT
+#include <time.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#endif
+#ifdef ENABLE_SELINUX_HACKS
+#include <sys/stat.h>
+#endif
+
+#ifdef HAVE_W32_SYSTEM
+#include <time.h>
+#include <process.h>
+#include <windows.h>
+#include <shlobj.h>
+#ifndef CSIDL_APPDATA
+#define CSIDL_APPDATA 0x001a
+#endif
+#ifndef CSIDL_LOCAL_APPDATA
+#define CSIDL_LOCAL_APPDATA 0x001c
+#endif
+#ifndef CSIDL_FLAG_CREATE
+#define CSIDL_FLAG_CREATE 0x8000
+#endif
+#endif /*HAVE_W32_SYSTEM*/
+
+#include "gpg.h"
+#ifdef HAVE_W32_SYSTEM
+# include "status.h"
+#endif /*HAVE_W32_SYSTEM*/
+#include "util.h"
+#include "main.h"
+#include "photoid.h"
+#include "options.h"
+#include "call-agent.h"
+#include "i18n.h"
+
+
+static int
+string_count_chr (const char *string, int c)
+{
+ int count;
+
+ for (count=0; *string; string++ )
+ if ( *string == c )
+ count++;
+ return count;
+}
+
+
+
+#ifdef ENABLE_SELINUX_HACKS
+/* A object and a global variable to keep track of files marked as
+ secured. */
+struct secured_file_item
+{
+ struct secured_file_item *next;
+ ino_t ino;
+ dev_t dev;
+};
+static struct secured_file_item *secured_files;
+#endif /*ENABLE_SELINUX_HACKS*/
+
+
+
+
+/* For the sake of SELinux we want to restrict access through gpg to
+ certain files we keep under our own control. This function
+ registers such a file and is_secured_file may then be used to
+ check whether a file has ben registered as secured. */
+void
+register_secured_file (const char *fname)
+{
+#ifdef ENABLE_SELINUX_HACKS
+ struct stat buf;
+ struct secured_file_item *sf;
+
+ /* Note that we stop immediatley if something goes wrong here. */
+ if (stat (fname, &buf))
+ log_fatal (_("fstat of `%s' failed in %s: %s\n"), fname,
+ "register_secured_file", strerror (errno));
+/* log_debug ("registering `%s' i=%lu.%lu\n", fname, */
+/* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
+ for (sf=secured_files; sf; sf = sf->next)
+ {
+ if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
+ return; /* Already registered. */
+ }
+
+ sf = xmalloc (sizeof *sf);
+ sf->ino = buf.st_ino;
+ sf->dev = buf.st_dev;
+ sf->next = secured_files;
+ secured_files = sf;
+#else /*!ENABLE_SELINUX_HACKS*/
+ (void)fname;
+#endif /*!ENABLE_SELINUX_HACKS*/
+}
+
+/* Remove a file registered as secure. */
+void
+unregister_secured_file (const char *fname)
+{
+#ifdef ENABLE_SELINUX_HACKS
+ struct stat buf;
+ struct secured_file_item *sf, *sfprev;
+
+ if (stat (fname, &buf))
+ {
+ log_error (_("fstat of `%s' failed in %s: %s\n"), fname,
+ "unregister_secured_file", strerror (errno));
+ return;
+ }
+/* log_debug ("unregistering `%s' i=%lu.%lu\n", fname, */
+/* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
+ for (sfprev=NULL,sf=secured_files; sf; sfprev=sf, sf = sf->next)
+ {
+ if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
+ {
+ if (sfprev)
+ sfprev->next = sf->next;
+ else
+ secured_files = sf->next;
+ xfree (sf);
+ return;
+ }
+ }
+#else /*!ENABLE_SELINUX_HACKS*/
+ (void)fname;
+#endif /*!ENABLE_SELINUX_HACKS*/
+}
+
+/* Return true if FD is corresponds to a secured file. Using -1 for
+ FS is allowed and will return false. */
+int
+is_secured_file (int fd)
+{
+#ifdef ENABLE_SELINUX_HACKS
+ struct stat buf;
+ struct secured_file_item *sf;
+
+ if (fd == -1)
+ return 0; /* No file descriptor so it can't be secured either. */
+
+ /* Note that we print out a error here and claim that a file is
+ secure if something went wrong. */
+ if (fstat (fd, &buf))
+ {
+ log_error (_("fstat(%d) failed in %s: %s\n"), fd,
+ "is_secured_file", strerror (errno));
+ return 1;
+ }
+/* log_debug ("is_secured_file (%d) i=%lu.%lu\n", fd, */
+/* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
+ for (sf=secured_files; sf; sf = sf->next)
+ {
+ if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
+ return 1; /* Yes. */
+ }
+#else /*!ENABLE_SELINUX_HACKS*/
+ (void)fd;
+#endif /*!ENABLE_SELINUX_HACKS*/
+ return 0; /* No. */
+}
+
+/* Return true if FNAME is corresponds to a secured file. Using NULL,
+ "" or "-" for FS is allowed and will return false. This function is
+ used before creating a file, thus it won't fail if the file does
+ not exist. */
+int
+is_secured_filename (const char *fname)
+{
+#ifdef ENABLE_SELINUX_HACKS
+ struct stat buf;
+ struct secured_file_item *sf;
+
+ if (iobuf_is_pipe_filename (fname) || !*fname)
+ return 0;
+
+ /* Note that we print out a error here and claim that a file is
+ secure if something went wrong. */
+ if (stat (fname, &buf))
+ {
+ if (errno == ENOENT || errno == EPERM || errno == EACCES)
+ return 0;
+ log_error (_("fstat of `%s' failed in %s: %s\n"), fname,
+ "is_secured_filename", strerror (errno));
+ return 1;
+ }
+/* log_debug ("is_secured_filename (%s) i=%lu.%lu\n", fname, */
+/* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
+ for (sf=secured_files; sf; sf = sf->next)
+ {
+ if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
+ return 1; /* Yes. */
+ }
+#else /*!ENABLE_SELINUX_HACKS*/
+ (void)fname;
+#endif /*!ENABLE_SELINUX_HACKS*/
+ return 0; /* No. */
+}
+
+
+
+u16
+checksum_u16( unsigned n )
+{
+ u16 a;
+
+ a = (n >> 8) & 0xff;
+ a += n & 0xff;
+ return a;
+}
+
+
+u16
+checksum( byte *p, unsigned n )
+{
+ u16 a;
+
+ for(a=0; n; n-- )
+ a += *p++;
+ return a;
+}
+
+u16
+checksum_mpi (gcry_mpi_t a)
+{
+ u16 csum;
+ byte *buffer;
+ size_t nbytes;
+
+ if ( gcry_mpi_print (GCRYMPI_FMT_PGP, NULL, 0, &nbytes, a) )
+ BUG ();
+ /* Fixme: For numbers not in secure memory we should use a stack
+ * based buffer and only allocate a larger one if mpi_print returns
+ * an error. */
+ buffer = (gcry_is_secure(a)?
+ gcry_xmalloc_secure (nbytes) : gcry_xmalloc (nbytes));
+ if ( gcry_mpi_print (GCRYMPI_FMT_PGP, buffer, nbytes, NULL, a) )
+ BUG ();
+ csum = checksum (buffer, nbytes);
+ xfree (buffer);
+ return csum;
+}
+
+u32
+buffer_to_u32( const byte *buffer )
+{
+ unsigned long a;
+ a = *buffer << 24;
+ a |= buffer[1] << 16;
+ a |= buffer[2] << 8;
+ a |= buffer[3];
+ return a;
+}
+
+void
+print_pubkey_algo_note( int algo )
+{
+ if(algo >= 100 && algo <= 110)
+ {
+ static int warn=0;
+ if(!warn)
+ {
+ warn=1;
+ log_info (_("WARNING: using experimental public key algorithm %s\n"),
+ gcry_pk_algo_name (algo));
+ }
+ }
+ else if (algo == 20)
+ {
+ log_info (_("WARNING: Elgamal sign+encrypt keys are deprecated\n"));
+ }
+}
+
+void
+print_cipher_algo_note( int algo )
+{
+ if(algo >= 100 && algo <= 110)
+ {
+ static int warn=0;
+ if(!warn)
+ {
+ warn=1;
+ log_info (_("WARNING: using experimental cipher algorithm %s\n"),
+ openpgp_cipher_algo_name (algo));
+ }
+ }
+}
+
+void
+print_digest_algo_note( int algo )
+{
+ if(algo >= 100 && algo <= 110)
+ {
+ static int warn=0;
+ if(!warn)
+ {
+ warn=1;
+ log_info (_("WARNING: using experimental digest algorithm %s\n"),
+ gcry_md_algo_name (algo));
+ }
+ }
+ else if(algo==DIGEST_ALGO_MD5)
+ log_info (_("WARNING: digest algorithm %s is deprecated\n"),
+ gcry_md_algo_name (algo));
+}
+
+
+/* Map OpenPGP algo numbers to those used by Libgcrypt. We need to do
+ this for algorithms we implemented in Libgcrypt after they become
+ part of OpenPGP. */
+int
+map_cipher_openpgp_to_gcry (int algo)
+{
+ switch (algo)
+ {
+ case CIPHER_ALGO_CAMELLIA128: return 310;
+ case CIPHER_ALGO_CAMELLIA192: return 311;
+ case CIPHER_ALGO_CAMELLIA256: return 312;
+ default: return algo;
+ }
+}
+
+/* The inverse fucntion of above. */
+static int
+map_cipher_gcry_to_openpgp (int algo)
+{
+ switch (algo)
+ {
+ case 310: return CIPHER_ALGO_CAMELLIA128;
+ case 311: return CIPHER_ALGO_CAMELLIA192;
+ case 312: return CIPHER_ALGO_CAMELLIA256;
+ default: return algo;
+ }
+}
+
+
+/* Return the block length of an OpenPGP cipher algorithm. */
+int
+openpgp_cipher_blocklen (int algo)
+{
+ /* We use the numbers from OpenPGP to be sure that we get the right
+ block length. This is so that the packet parsing code works even
+ for unknown algorithms (for which we assume 8 due to tradition).
+
+ NOTE: If you change the the returned blocklen above 16, check
+ the callers because they may use a fixed size buffer of that
+ size. */
+ switch (algo)
+ {
+ case 7: case 8: case 9: /* AES */
+ case 10: /* Twofish */
+ case 11: case 12: case 13: /* Camellia */
+ return 16;
+
+ default:
+ return 8;
+ }
+}
+
+/****************
+ * Wrapper around the libgcrypt function with additonal checks on
+ * the OpenPGP contraints for the algo ID.
+ */
+int
+openpgp_cipher_test_algo( int algo )
+{
+ /* (5 and 6 are marked reserved by rfc4880.) */
+ if ( algo < 0 || algo > 110 || algo == 5 || algo == 6 )
+ return gpg_error (GPG_ERR_CIPHER_ALGO);
+
+ return gcry_cipher_test_algo (map_cipher_openpgp_to_gcry (algo));
+}
+
+/* Map the OpenPGP cipher algorithm whose ID is contained in ALGORITHM to a
+ string representation of the algorithm name. For unknown algorithm
+ IDs this function returns "?". */
+const char *
+openpgp_cipher_algo_name (int algo)
+{
+ return gcry_cipher_algo_name (map_cipher_openpgp_to_gcry (algo));
+}
+
+int
+openpgp_pk_test_algo( int algo )
+{
+ /* Dont't allow type 20 keys unless in rfc2440 mode. */
+ if (!RFC2440 && algo == 20)
+ return gpg_error (GPG_ERR_PUBKEY_ALGO);
+
+ if (algo == GCRY_PK_ELG_E)
+ algo = GCRY_PK_ELG;
+
+ if (algo < 0 || algo > 110)
+ return gpg_error (GPG_ERR_PUBKEY_ALGO);
+ return gcry_pk_test_algo (algo);
+}
+
+int
+openpgp_pk_test_algo2( int algo, unsigned int use )
+{
+ size_t use_buf = use;
+
+ /* Dont't allow type 20 keys unless in rfc2440 mode. */
+ if (!RFC2440 && algo == 20)
+ return gpg_error (GPG_ERR_PUBKEY_ALGO);
+
+ if (algo == GCRY_PK_ELG_E)
+ algo = GCRY_PK_ELG;
+
+ if (algo < 0 || algo > 110)
+ return gpg_error (GPG_ERR_PUBKEY_ALGO);
+
+ return gcry_pk_algo_info (algo, GCRYCTL_TEST_ALGO, NULL, &use_buf);
+}
+
+int
+openpgp_pk_algo_usage ( int algo )
+{
+ int use = 0;
+
+ /* They are hardwired in gpg 1.0. */
+ switch ( algo ) {
+ case PUBKEY_ALGO_RSA:
+ use = (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG
+ | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH);
+ break;
+ case PUBKEY_ALGO_RSA_E:
+ use = PUBKEY_USAGE_ENC;
+ break;
+ case PUBKEY_ALGO_RSA_S:
+ use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG;
+ break;
+ case PUBKEY_ALGO_ELGAMAL:
+ if (RFC2440)
+ use = PUBKEY_USAGE_ENC;
+ break;
+ case PUBKEY_ALGO_ELGAMAL_E:
+ use = PUBKEY_USAGE_ENC;
+ break;
+ case PUBKEY_ALGO_DSA:
+ use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
+ break;
+ default:
+ break;
+ }
+ return use;
+}
+
+int
+openpgp_md_test_algo( int algo )
+{
+ /* Note: If the list of actual supported OpenPGP algorithms changes,
+ make sure that our hard coded values at
+ print_status_begin_signing() gets updated. */
+ /* 4, 5, 6, 7 are defined by rfc2440 but will be removed from the
+ next revision of the standard. */
+ if (algo < 0 || algo > 110 || (algo >= 4 && algo <= 7))
+ return gpg_error (GPG_ERR_DIGEST_ALGO);
+ return gcry_md_test_algo (algo);
+}
+
+#ifdef USE_IDEA
+/* Special warning for the IDEA cipher */
+void
+idea_cipher_warn(int show)
+{
+ static int warned=0;
+
+ if(!warned || show)
+ {
+ log_info(_("the IDEA cipher plugin is not present\n"));
+ log_info(_("please see %s for more information\n"),
+ "http://www.gnupg.org/faq/why-not-idea.html");
+ warned=1;
+ }
+}
+#endif
+
+
+static unsigned long
+get_signature_count (PKT_secret_key *sk)
+{
+#ifdef ENABLE_CARD_SUPPORT
+ if(sk && sk->is_protected && sk->protect.s2k.mode==1002)
+ {
+ struct agent_card_info_s info;
+ if(agent_scd_getattr("SIG-COUNTER",&info)==0)
+ return info.sig_counter;
+ }
+#endif
+
+ /* How to do this without a card? */
+
+ return 0;
+}
+
+/* Expand %-strings. Returns a string which must be xfreed. Returns
+ NULL if the string cannot be expanded (too large). */
+char *
+pct_expando(const char *string,struct expando_args *args)
+{
+ const char *ch=string;
+ int idx=0,maxlen=0,done=0;
+ u32 pk_keyid[2]={0,0},sk_keyid[2]={0,0};
+ char *ret=NULL;
+
+ if(args->pk)
+ keyid_from_pk(args->pk,pk_keyid);
+
+ if(args->sk)
+ keyid_from_sk(args->sk,sk_keyid);
+
+ /* This is used so that %k works in photoid command strings in
+ --list-secret-keys (which of course has a sk, but no pk). */
+ if(!args->pk && args->sk)
+ keyid_from_sk(args->sk,pk_keyid);
+
+ while(*ch!='\0')
+ {
+ if(!done)
+ {
+ /* 8192 is way bigger than we'll need here */
+ if(maxlen>=8192)
+ goto fail;
+
+ maxlen+=1024;
+ ret=xrealloc(ret,maxlen);
+ }
+
+ done=0;
+
+ if(*ch=='%')
+ {
+ switch(*(ch+1))
+ {
+ case 's': /* short key id */
+ if(idx+8<maxlen)
+ {
+ sprintf(&ret[idx],"%08lX",(ulong)sk_keyid[1]);
+ idx+=8;
+ done=1;
+ }
+ break;
+
+ case 'S': /* long key id */
+ if(idx+16<maxlen)
+ {
+ sprintf(&ret[idx],"%08lX%08lX",
+ (ulong)sk_keyid[0],(ulong)sk_keyid[1]);
+ idx+=16;
+ done=1;
+ }
+ break;
+
+ case 'k': /* short key id */
+ if(idx+8<maxlen)
+ {
+ sprintf(&ret[idx],"%08lX",(ulong)pk_keyid[1]);
+ idx+=8;
+ done=1;
+ }
+ break;
+
+ case 'K': /* long key id */
+ if(idx+16<maxlen)
+ {
+ sprintf(&ret[idx],"%08lX%08lX",
+ (ulong)pk_keyid[0],(ulong)pk_keyid[1]);
+ idx+=16;
+ done=1;
+ }
+ break;
+
+ case 'c': /* signature count from card, if any. */
+ if(idx+10<maxlen)
+ {
+ sprintf(&ret[idx],"%lu",get_signature_count(args->sk));
+ idx+=strlen(&ret[idx]);
+ done=1;
+ }
+ break;
+
+ case 'p': /* primary pk fingerprint of a sk */
+ case 'f': /* pk fingerprint */
+ case 'g': /* sk fingerprint */
+ {
+ byte array[MAX_FINGERPRINT_LEN];
+ size_t len;
+ int i;
+
+ if((*(ch+1))=='p' && args->sk)
+ {
+ if(args->sk->is_primary)
+ fingerprint_from_sk(args->sk,array,&len);
+ else if(args->sk->main_keyid[0] || args->sk->main_keyid[1])
+ {
+ PKT_public_key *pk=
+ xmalloc_clear(sizeof(PKT_public_key));
+
+ if(get_pubkey_fast(pk,args->sk->main_keyid)==0)
+ fingerprint_from_pk(pk,array,&len);
+ else
+ memset(array,0,(len=MAX_FINGERPRINT_LEN));
+ free_public_key(pk);
+ }
+ else
+ memset(array,0,(len=MAX_FINGERPRINT_LEN));
+ }
+ else if((*(ch+1))=='f' && args->pk)
+ fingerprint_from_pk(args->pk,array,&len);
+ else if((*(ch+1))=='g' && args->sk)
+ fingerprint_from_sk(args->sk,array,&len);
+ else
+ memset(array,0,(len=MAX_FINGERPRINT_LEN));
+
+ if(idx+(len*2)<maxlen)
+ {
+ for(i=0;i<len;i++)
+ {
+ sprintf(&ret[idx],"%02X",array[i]);
+ idx+=2;
+ }
+ done=1;
+ }
+ }
+ break;
+
+ case 'v': /* validity letters */
+ if(args->validity_info && idx+1<maxlen)
+ {
+ ret[idx++]=args->validity_info;
+ ret[idx]='\0';
+ done=1;
+ }
+ break;
+
+ /* The text string types */
+ case 't':
+ case 'T':
+ case 'V':
+ {
+ const char *str=NULL;
+
+ switch(*(ch+1))
+ {
+ case 't': /* e.g. "jpg" */
+ str=image_type_to_string(args->imagetype,0);
+ break;
+
+ case 'T': /* e.g. "image/jpeg" */
+ str=image_type_to_string(args->imagetype,2);
+ break;
+
+ case 'V': /* e.g. "full", "expired", etc. */
+ str=args->validity_string;
+ break;
+ }
+
+ if(str && idx+strlen(str)<maxlen)
+ {
+ strcpy(&ret[idx],str);
+ idx+=strlen(str);
+ done=1;
+ }
+ }
+ break;
+
+ case '%':
+ if(idx+1<maxlen)
+ {
+ ret[idx++]='%';
+ ret[idx]='\0';
+ done=1;
+ }
+ break;
+
+ /* Any unknown %-keys (like %i, %o, %I, and %O) are
+ passed through for later expansion. Note this also
+ handles the case where the last character in the
+ string is a '%' - the terminating \0 will end up here
+ and properly terminate the string. */
+ default:
+ if(idx+2<maxlen)
+ {
+ ret[idx++]='%';
+ ret[idx++]=*(ch+1);
+ ret[idx]='\0';
+ done=1;
+ }
+ break;
+ }
+
+ if(done)
+ ch++;
+ }
+ else
+ {
+ if(idx+1<maxlen)
+ {
+ ret[idx++]=*ch;
+ ret[idx]='\0';
+ done=1;
+ }
+ }
+
+ if(done)
+ ch++;
+ }
+
+ return ret;
+
+ fail:
+ xfree(ret);
+ return NULL;
+}
+
+void
+deprecated_warning(const char *configname,unsigned int configlineno,
+ const char *option,const char *repl1,const char *repl2)
+{
+ if(configname)
+ {
+ if(strncmp("--",option,2)==0)
+ option+=2;
+
+ if(strncmp("--",repl1,2)==0)
+ repl1+=2;
+
+ log_info(_("%s:%d: deprecated option \"%s\"\n"),
+ configname,configlineno,option);
+ }
+ else
+ log_info(_("WARNING: \"%s\" is a deprecated option\n"),option);
+
+ log_info(_("please use \"%s%s\" instead\n"),repl1,repl2);
+}
+
+
+void
+deprecated_command (const char *name)
+{
+ log_info(_("WARNING: \"%s\" is a deprecated command - do not use it\n"),
+ name);
+}
+
+
+void
+obsolete_option (const char *configname, unsigned int configlineno,
+ const char *name)
+{
+ if(configname)
+ log_info (_("%s:%u: obsolete option \"%s\" - it has no effect\n"),
+ configname, configlineno, name);
+ else
+ log_info (_("WARNING: \"%s\" is an obsolete option - it has no effect\n"),
+ name);
+}
+
+
+/*
+ * Wrapper around gcry_cipher_map_name to provide a fallback using the
+ * "Sn" syntax as used by the preference strings.
+ */
+int
+string_to_cipher_algo (const char *string)
+{
+ int val;
+
+ val = map_cipher_gcry_to_openpgp (gcry_cipher_map_name (string));
+ if (!val && string && (string[0]=='S' || string[0]=='s'))
+ {
+ char *endptr;
+
+ string++;
+ val = strtol (string, &endptr, 10);
+ if (!*string || *endptr || openpgp_cipher_test_algo (val))
+ val = 0;
+ }
+
+ return val;
+}
+
+/*
+ * Wrapper around gcry_md_map_name to provide a fallback using the
+ * "Hn" syntax as used by the preference strings.
+ */
+int
+string_to_digest_algo (const char *string)
+{
+ int val;
+
+ val = gcry_md_map_name (string);
+ if (!val && string && (string[0]=='H' || string[0]=='h'))
+ {
+ char *endptr;
+
+ string++;
+ val = strtol (string, &endptr, 10);
+ if (!*string || *endptr || openpgp_md_test_algo (val))
+ val = 0;
+ }
+
+ return val;
+}
+
+
+
+const char *
+compress_algo_to_string(int algo)
+{
+ const char *s=NULL;
+
+ switch(algo)
+ {
+ case COMPRESS_ALGO_NONE:
+ s=_("Uncompressed");
+ break;
+
+ case COMPRESS_ALGO_ZIP:
+ s="ZIP";
+ break;
+
+ case COMPRESS_ALGO_ZLIB:
+ s="ZLIB";
+ break;
+
+#ifdef HAVE_BZIP2
+ case COMPRESS_ALGO_BZIP2:
+ s="BZIP2";
+ break;
+#endif
+ }
+
+ return s;
+}
+
+int
+string_to_compress_algo(const char *string)
+{
+ /* TRANSLATORS: See doc/TRANSLATE about this string. */
+ if(match_multistr(_("uncompressed|none"),string))
+ return 0;
+ else if(ascii_strcasecmp(string,"uncompressed")==0)
+ return 0;
+ else if(ascii_strcasecmp(string,"none")==0)
+ return 0;
+ else if(ascii_strcasecmp(string,"zip")==0)
+ return 1;
+ else if(ascii_strcasecmp(string,"zlib")==0)
+ return 2;
+#ifdef HAVE_BZIP2
+ else if(ascii_strcasecmp(string,"bzip2")==0)
+ return 3;
+#endif
+ else if(ascii_strcasecmp(string,"z0")==0)
+ return 0;
+ else if(ascii_strcasecmp(string,"z1")==0)
+ return 1;
+ else if(ascii_strcasecmp(string,"z2")==0)
+ return 2;
+#ifdef HAVE_BZIP2
+ else if(ascii_strcasecmp(string,"z3")==0)
+ return 3;
+#endif
+ else
+ return -1;
+}
+
+int
+check_compress_algo(int algo)
+{
+#ifdef HAVE_BZIP2
+ if(algo>=0 && algo<=3)
+ return 0;
+#else
+ if(algo>=0 && algo<=2)
+ return 0;
+#endif
+
+ return G10ERR_COMPR_ALGO;
+}
+
+int
+default_cipher_algo(void)
+{
+ if(opt.def_cipher_algo)
+ return opt.def_cipher_algo;
+ else if(opt.personal_cipher_prefs)
+ return opt.personal_cipher_prefs[0].value;
+ else
+ return opt.s2k_cipher_algo;
+}
+
+/* There is no default_digest_algo function, but see
+ sign.c:hash_for() */
+
+int
+default_compress_algo(void)
+{
+ if(opt.compress_algo!=-1)
+ return opt.compress_algo;
+ else if(opt.personal_compress_prefs)
+ return opt.personal_compress_prefs[0].value;
+ else
+ return DEFAULT_COMPRESS_ALGO;
+}
+
+const char *
+compliance_option_string(void)
+{
+ char *ver="???";
+
+ switch(opt.compliance)
+ {
+ case CO_GNUPG: return "--gnupg";
+ case CO_RFC4880: return "--openpgp";
+ case CO_RFC2440: return "--rfc2440";
+ case CO_RFC1991: return "--rfc1991";
+ case CO_PGP2: return "--pgp2";
+ case CO_PGP6: return "--pgp6";
+ case CO_PGP7: return "--pgp7";
+ case CO_PGP8: return "--pgp8";
+ }
+
+ return ver;
+}
+
+void
+compliance_failure(void)
+{
+ char *ver="???";
+
+ switch(opt.compliance)
+ {
+ case CO_GNUPG:
+ ver="GnuPG";
+ break;
+
+ case CO_RFC4880:
+ ver="OpenPGP";
+ break;
+
+ case CO_RFC2440:
+ ver="OpenPGP (older)";
+ break;
+
+ case CO_RFC1991:
+ ver="old PGP";
+ break;
+
+ case CO_PGP2:
+ ver="PGP 2.x";
+ break;
+
+ case CO_PGP6:
+ ver="PGP 6.x";
+ break;
+
+ case CO_PGP7:
+ ver="PGP 7.x";
+ break;
+
+ case CO_PGP8:
+ ver="PGP 8.x";
+ break;
+ }
+
+ log_info(_("this message may not be usable by %s\n"),ver);
+ opt.compliance=CO_GNUPG;
+}
+
+/* Break a string into successive option pieces. Accepts single word
+ options and key=value argument options. */
+char *
+optsep(char **stringp)
+{
+ char *tok,*end;
+
+ tok=*stringp;
+ if(tok)
+ {
+ end=strpbrk(tok," ,=");
+ if(end)
+ {
+ int sawequals=0;
+ char *ptr=end;
+
+ /* what we need to do now is scan along starting with *end,
+ If the next character we see (ignoring spaces) is an =
+ sign, then there is an argument. */
+
+ while(*ptr)
+ {
+ if(*ptr=='=')
+ sawequals=1;
+ else if(*ptr!=' ')
+ break;
+ ptr++;
+ }
+
+ /* There is an argument, so grab that too. At this point,
+ ptr points to the first character of the argument. */
+ if(sawequals)
+ {
+ /* Is it a quoted argument? */
+ if(*ptr=='"')
+ {
+ ptr++;
+ end=strchr(ptr,'"');
+ if(end)
+ end++;
+ }
+ else
+ end=strpbrk(ptr," ,");
+ }
+
+ if(end && *end)
+ {
+ *end='\0';
+ *stringp=end+1;
+ }
+ else
+ *stringp=NULL;
+ }
+ else
+ *stringp=NULL;
+ }
+
+ return tok;
+}
+
+/* Breaks an option value into key and value. Returns NULL if there
+ is no value. Note that "string" is modified to remove the =value
+ part. */
+char *
+argsplit(char *string)
+{
+ char *equals,*arg=NULL;
+
+ equals=strchr(string,'=');
+ if(equals)
+ {
+ char *quote,*space;
+
+ *equals='\0';
+ arg=equals+1;
+
+ /* Quoted arg? */
+ quote=strchr(arg,'"');
+ if(quote)
+ {
+ arg=quote+1;
+
+ quote=strchr(arg,'"');
+ if(quote)
+ *quote='\0';
+ }
+ else
+ {
+ size_t spaces;
+
+ /* Trim leading spaces off of the arg */
+ spaces=strspn(arg," ");
+ arg+=spaces;
+ }
+
+ /* Trim tailing spaces off of the tag */
+ space=strchr(string,' ');
+ if(space)
+ *space='\0';
+ }
+
+ return arg;
+}
+
+/* Return the length of the initial token, leaving off any
+ argument. */
+static size_t
+optlen(const char *s)
+{
+ char *end=strpbrk(s," =");
+
+ if(end)
+ return end-s;
+ else
+ return strlen(s);
+}
+
+int
+parse_options(char *str,unsigned int *options,
+ struct parse_options *opts,int noisy)
+{
+ char *tok;
+
+ if (str && !strcmp (str, "help"))
+ {
+ int i,maxlen=0;
+
+ /* Figure out the longest option name so we can line these up
+ neatly. */
+ for(i=0;opts[i].name;i++)
+ if(opts[i].help && maxlen<strlen(opts[i].name))
+ maxlen=strlen(opts[i].name);
+
+ for(i=0;opts[i].name;i++)
+ if(opts[i].help)
+ printf("%s%*s%s\n",opts[i].name,
+ maxlen+2-(int)strlen(opts[i].name),"",_(opts[i].help));
+
+ g10_exit(0);
+ }
+
+ while((tok=optsep(&str)))
+ {
+ int i,rev=0;
+ char *otok=tok;
+
+ if(tok[0]=='\0')
+ continue;
+
+ if(ascii_strncasecmp("no-",tok,3)==0)
+ {
+ rev=1;
+ tok+=3;
+ }
+
+ for(i=0;opts[i].name;i++)
+ {
+ size_t toklen=optlen(tok);
+
+ if(ascii_strncasecmp(opts[i].name,tok,toklen)==0)
+ {
+ /* We have a match, but it might be incomplete */
+ if(toklen!=strlen(opts[i].name))
+ {
+ int j;
+
+ for(j=i+1;opts[j].name;j++)
+ {
+ if(ascii_strncasecmp(opts[j].name,tok,toklen)==0)
+ {
+ if(noisy)
+ log_info(_("ambiguous option `%s'\n"),otok);
+ return 0;
+ }
+ }
+ }
+
+ if(rev)
+ {
+ *options&=~opts[i].bit;
+ if(opts[i].value)
+ *opts[i].value=NULL;
+ }
+ else
+ {
+ *options|=opts[i].bit;
+ if(opts[i].value)
+ *opts[i].value=argsplit(tok);
+ }
+ break;
+ }
+ }
+
+ if(!opts[i].name)
+ {
+ if(noisy)
+ log_info(_("unknown option `%s'\n"),otok);
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+
+/* Check whether the string has characters not valid in an RFC-822
+ address. To cope with OpenPGP we ignore non-ascii characters
+ so that for example umlauts are legal in an email address. An
+ OpenPGP user ID must be utf-8 encoded but there is no strict
+ requirement for RFC-822. Thus to avoid IDNA encoding we put the
+ address verbatim as utf-8 into the user ID under the assumption
+ that mail programs handle IDNA at a lower level and take OpenPGP
+ user IDs as utf-8. Note that we can't do an utf-8 encoding
+ checking here because in keygen.c this function is called with the
+ native encoding and native to utf-8 encoding is only done later. */
+int
+has_invalid_email_chars (const char *s)
+{
+ int at_seen=0;
+ const char *valid_chars=
+ "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+
+ for ( ; *s; s++ )
+ {
+ if ( (*s & 0x80) )
+ continue; /* We only care about ASCII. */
+ if ( *s == '@' )
+ at_seen=1;
+ else if ( !at_seen && !( !!strchr( valid_chars, *s ) || *s == '+' ) )
+ return 1;
+ else if ( at_seen && !strchr( valid_chars, *s ) )
+ return 1;
+ }
+ return 0;
+}
+
+
+/* Check whether NAME represents a valid mailbox according to
+ RFC822. Returns true if so. */
+int
+is_valid_mailbox (const char *name)
+{
+ return !( !name
+ || !*name
+ || has_invalid_email_chars (name)
+ || string_count_chr (name,'@') != 1
+ || *name == '@'
+ || name[strlen(name)-1] == '@'
+ || name[strlen(name)-1] == '.'
+ || strstr (name, "..") );
+}
+
+
+/* Similar to access(2), but uses PATH to find the file. */
+int
+path_access(const char *file,int mode)
+{
+ char *envpath;
+ int ret=-1;
+
+ envpath=getenv("PATH");
+
+ if(!envpath
+#ifdef HAVE_DRIVE_LETTERS
+ || (((file[0]>='A' && file[0]<='Z')
+ || (file[0]>='a' && file[0]<='z'))
+ && file[1]==':')
+#else
+ || file[0]=='/'
+#endif
+ )
+ return access(file,mode);
+ else
+ {
+ /* At least as large as, but most often larger than we need. */
+ char *buffer=xmalloc(strlen(envpath)+1+strlen(file)+1);
+ char *split,*item,*path=xstrdup(envpath);
+
+ split=path;
+
+ while((item=strsep(&split,PATHSEP_S)))
+ {
+ strcpy(buffer,item);
+ strcat(buffer,"/");
+ strcat(buffer,file);
+ ret=access(buffer,mode);
+ if(ret==0)
+ break;
+ }
+
+ xfree(path);
+ xfree(buffer);
+ }
+
+ return ret;
+}
+
+
+
+/* Temporary helper. */
+int
+pubkey_get_npkey( int algo )
+{
+ size_t n;
+
+ if (algo == GCRY_PK_ELG_E)
+ algo = GCRY_PK_ELG;
+ if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &n))
+ n = 0;
+ return n;
+}
+
+/* Temporary helper. */
+int
+pubkey_get_nskey( int algo )
+{
+ size_t n;
+
+ if (algo == GCRY_PK_ELG_E)
+ algo = GCRY_PK_ELG;
+ if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &n ))
+ n = 0;
+ return n;
+}
+
+/* Temporary helper. */
+int
+pubkey_get_nsig( int algo )
+{
+ size_t n;
+
+ if (algo == GCRY_PK_ELG_E)
+ algo = GCRY_PK_ELG;
+ if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSIGN, NULL, &n))
+ n = 0;
+ return n;
+}
+
+/* Temporary helper. */
+int
+pubkey_get_nenc( int algo )
+{
+ size_t n;
+
+ if (algo == GCRY_PK_ELG_E)
+ algo = GCRY_PK_ELG;
+ if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NENCR, NULL, &n ))
+ n = 0;
+ return n;
+}
+
+
+/* Temporary helper. */
+unsigned int
+pubkey_nbits( int algo, gcry_mpi_t *key )
+{
+ int rc, nbits;
+ gcry_sexp_t sexp;
+
+ if( algo == GCRY_PK_DSA ) {
+ rc = gcry_sexp_build ( &sexp, NULL,
+ "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ key[0], key[1], key[2], key[3] );
+ }
+ else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) {
+ rc = gcry_sexp_build ( &sexp, NULL,
+ "(public-key(elg(p%m)(g%m)(y%m)))",
+ key[0], key[1], key[2] );
+ }
+ else if( algo == GCRY_PK_RSA ) {
+ rc = gcry_sexp_build ( &sexp, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ key[0], key[1] );
+ }
+ else
+ return 0;
+
+ if ( rc )
+ BUG ();
+
+ nbits = gcry_pk_get_nbits( sexp );
+ gcry_sexp_release( sexp );
+ return nbits;
+}
+
+
+
+/* FIXME: Use gcry_mpi_print directly. */
+int
+mpi_print( FILE *fp, gcry_mpi_t a, int mode )
+{
+ int n=0;
+
+ if( !a )
+ return fprintf(fp, "[MPI_NULL]");
+ if( !mode ) {
+ unsigned int n1;
+ n1 = gcry_mpi_get_nbits(a);
+ n += fprintf(fp, "[%u bits]", n1);
+ }
+ else {
+ unsigned char *buffer;
+
+ if (gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, a))
+ BUG ();
+ fputs( buffer, fp );
+ n += strlen(buffer);
+ gcry_free( buffer );
+ }
+ return n;
+}
+
diff --git a/g10/openfile.c b/g10/openfile.c
new file mode 100644
index 0000000..55dd42c
--- /dev/null
+++ b/g10/openfile.c
@@ -0,0 +1,436 @@
+/* openfile.c
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ * 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "ttyio.h"
+#include "options.h"
+#include "main.h"
+#include "status.h"
+#include "i18n.h"
+
+#ifdef USE_ONLY_8DOT3
+#define SKELEXT ".skl"
+#else
+#define SKELEXT EXTSEP_S "skel"
+#endif
+
+#if defined (HAVE_DRIVE_LETTERS) || defined (__riscos__)
+#define CMP_FILENAME(a,b) ascii_strcasecmp( (a), (b) )
+#else
+#define CMP_FILENAME(a,b) strcmp( (a), (b) )
+#endif
+
+#ifdef MKDIR_TAKES_ONE_ARG
+#undef mkdir
+#define mkdir(a,b) mkdir(a)
+#endif
+
+/* FIXME: Implement opt.interactive. */
+
+/****************
+ * Check whether FNAME exists and ask if it's okay to overwrite an
+ * existing one.
+ * Returns: True: it's okay to overwrite or the file does not exist
+ * False: Do not overwrite
+ */
+int
+overwrite_filep( const char *fname )
+{
+ if( iobuf_is_pipe_filename (fname) )
+ return 1; /* Writing to stdout is always okay */
+
+ if( access( fname, F_OK ) )
+ return 1; /* does not exist */
+
+#ifndef HAVE_DOSISH_SYSTEM
+ if ( !strcmp ( fname, "/dev/null" ) )
+ return 1; /* does not do any harm */
+#endif
+#ifdef HAVE_W32_SYSTEM
+ if ( !strcmp ( fname, "nul" ) )
+ return 1;
+#endif
+
+ /* fixme: add some backup stuff in case of overwrite */
+ if( opt.answer_yes )
+ return 1;
+ if( opt.answer_no || opt.batch )
+ return 0; /* do not overwrite */
+
+ tty_printf(_("File `%s' exists. "), fname);
+ if( cpr_enabled () )
+ tty_printf ("\n");
+ if( cpr_get_answer_is_yes("openfile.overwrite.okay",
+ _("Overwrite? (y/N) ")) )
+ return 1;
+ return 0;
+}
+
+
+/****************
+ * Strip known extensions from iname and return a newly allocated
+ * filename. Return NULL if we can't do that.
+ */
+char *
+make_outfile_name( const char *iname )
+{
+ size_t n;
+
+ if ( iobuf_is_pipe_filename (iname) )
+ return xstrdup("-");
+
+ n = strlen(iname);
+ if( n > 4 && ( !CMP_FILENAME(iname+n-4, EXTSEP_S "gpg")
+ || !CMP_FILENAME(iname+n-4, EXTSEP_S "pgp")
+ || !CMP_FILENAME(iname+n-4, EXTSEP_S "sig")
+ || !CMP_FILENAME(iname+n-4, EXTSEP_S "asc") ) ) {
+ char *buf = xstrdup( iname );
+ buf[n-4] = 0;
+ return buf;
+ }
+ else if( n > 5 && !CMP_FILENAME(iname+n-5, EXTSEP_S "sign") ) {
+ char *buf = xstrdup( iname );
+ buf[n-5] = 0;
+ return buf;
+ }
+
+ log_info(_("%s: unknown suffix\n"), iname );
+ return NULL;
+}
+
+
+/* Ask for an output filename; use the given one as default. Return
+ NULL if no file has been given or if it is not possible to ask the
+ user. NAME is the template len which might conatin enbedded Nuls.
+ NAMELEN is its actual length.
+ */
+char *
+ask_outfile_name( const char *name, size_t namelen )
+{
+ size_t n;
+ const char *s;
+ char *prompt;
+ char *fname;
+ char *defname;
+
+ if ( opt.batch )
+ return NULL;
+
+ defname = name && namelen? make_printable_string (name, namelen, 0) : NULL;
+
+ s = _("Enter new filename");
+ n = strlen(s) + (defname?strlen (defname):0) + 10;
+ prompt = xmalloc (n);
+ if (defname)
+ snprintf (prompt, n-1, "%s [%s]: ", s, defname );
+ else
+ snprintf (prompt, n-1, "%s: ", s );
+ tty_enable_completion(NULL);
+ fname = cpr_get ("openfile.askoutname", prompt );
+ cpr_kill_prompt ();
+ tty_disable_completion ();
+ xfree (prompt);
+ if ( !*fname )
+ {
+ xfree (fname);
+ fname = defname;
+ defname = NULL;
+ }
+ xfree (defname);
+ if (fname)
+ trim_spaces (fname);
+ return fname;
+}
+
+
+/****************
+ * Make an output filename for the inputfile INAME.
+ * Returns an IOBUF and an errorcode
+ * Mode 0 = use ".gpg"
+ * 1 = use ".asc"
+ * 2 = use ".sig"
+ */
+int
+open_outfile( const char *iname, int mode, IOBUF *a )
+{
+ int rc = 0;
+
+ *a = NULL;
+ if( iobuf_is_pipe_filename (iname) && !opt.outfile ) {
+ *a = iobuf_create(NULL);
+ if( !*a ) {
+ rc = gpg_error_from_syserror ();
+ log_error(_("can't open `%s': %s\n"), "[stdout]", strerror(errno) );
+ }
+ else if( opt.verbose )
+ log_info(_("writing to stdout\n"));
+ }
+ else {
+ char *buf = NULL;
+ const char *name;
+
+ if ( opt.dry_run )
+ {
+#ifdef HAVE_W32_SYSTEM
+ name = "nul";
+#else
+ name = "/dev/null";
+#endif
+ }
+ else if( opt.outfile )
+ name = opt.outfile;
+ else {
+#ifdef USE_ONLY_8DOT3
+ if (opt.mangle_dos_filenames)
+ {
+ /* It is quite common DOS system to have only one dot in a
+ * a filename So if we have something like this, we simple
+ * replace the suffix execpt in cases where the suffix is
+ * larger than 3 characters and not the same as.
+ * We should really map the filenames to 8.3 but this tends to
+ * be more complicated and is probaly a duty of the filesystem
+ */
+ char *dot;
+ const char *newsfx = mode==1 ? ".asc" :
+ mode==2 ? ".sig" : ".gpg";
+
+ buf = xmalloc(strlen(iname)+4+1);
+ strcpy(buf,iname);
+ dot = strchr(buf, '.' );
+ if ( dot && dot > buf && dot[1] && strlen(dot) <= 4
+ && CMP_FILENAME(newsfx, dot) )
+ {
+ strcpy(dot, newsfx );
+ }
+ else if ( dot && !dot[1] ) /* don't duplicate a dot */
+ strcpy( dot, newsfx+1 );
+ else
+ strcat ( buf, newsfx );
+ }
+ if (!buf)
+#endif /* USE_ONLY_8DOT3 */
+ {
+ buf = xmalloc(strlen(iname)+4+1);
+ strcpy(stpcpy(buf,iname), mode==1 ? EXTSEP_S "asc" :
+ mode==2 ? EXTSEP_S "sig" : EXTSEP_S "gpg");
+ }
+ name = buf;
+ }
+
+ rc = 0;
+ while( !overwrite_filep (name) )
+ {
+ char *tmp = ask_outfile_name (NULL, 0);
+ if ( !tmp || !*tmp )
+ {
+ xfree (tmp);
+ rc = gpg_error (GPG_ERR_EEXIST);
+ break;
+ }
+ xfree (buf);
+ name = buf = tmp;
+ }
+
+ if( !rc )
+ {
+ if (is_secured_filename (name) )
+ {
+ *a = NULL;
+ errno = EPERM;
+ }
+ else
+ *a = iobuf_create( name );
+ if( !*a )
+ {
+ rc = gpg_error_from_syserror ();
+ log_error(_("can't create `%s': %s\n"), name, strerror(errno) );
+ }
+ else if( opt.verbose )
+ log_info(_("writing to `%s'\n"), name );
+ }
+ xfree(buf);
+ }
+
+ if (*a)
+ iobuf_ioctl (*a,3,1,NULL); /* disable fd caching */
+
+ return rc;
+}
+
+
+/****************
+ * Try to open a file without the extension ".sig" or ".asc"
+ * Return NULL if such a file is not available.
+ */
+IOBUF
+open_sigfile( const char *iname, progress_filter_context_t *pfx )
+{
+ IOBUF a = NULL;
+ size_t len;
+
+ if( !iobuf_is_pipe_filename (iname) ) {
+ len = strlen(iname);
+ if( len > 4 && ( !strcmp(iname + len - 4, EXTSEP_S "sig")
+ || ( len > 5 && !strcmp(iname + len - 5, EXTSEP_S "sign") )
+ || !strcmp(iname + len - 4, EXTSEP_S "asc")) ) {
+ char *buf;
+ buf = xstrdup(iname);
+ buf[len-(buf[len-1]=='n'?5:4)] = 0 ;
+ a = iobuf_open( buf );
+ if (a && is_secured_file (iobuf_get_fd (a)))
+ {
+ iobuf_close (a);
+ a = NULL;
+ errno = EPERM;
+ }
+ if( a && opt.verbose )
+ log_info(_("assuming signed data in `%s'\n"), buf );
+ if (a && pfx)
+ handle_progress (pfx, a, buf);
+ xfree(buf);
+ }
+ }
+ return a;
+}
+
+/****************
+ * Copy the option file skeleton to the given directory.
+ */
+static void
+copy_options_file( const char *destdir )
+{
+ const char *datadir = gnupg_datadir ();
+ char *fname;
+ FILE *src, *dst;
+ int linefeeds=0;
+ int c;
+ mode_t oldmask;
+ int esc = 0;
+ int any_option = 0;
+
+ if( opt.dry_run )
+ return;
+
+ fname = xmalloc( strlen(datadir) + strlen(destdir) + 15 );
+ strcpy(stpcpy(fname, datadir), DIRSEP_S "gpg-conf" SKELEXT );
+ src = fopen( fname, "r" );
+ if (src && is_secured_file (fileno (src)))
+ {
+ fclose (src);
+ src = NULL;
+ errno = EPERM;
+ }
+ if( !src ) {
+ log_info (_("can't open `%s': %s\n"), fname, strerror(errno) );
+ xfree(fname);
+ return;
+ }
+ strcpy(stpcpy(fname, destdir), DIRSEP_S "gpg" EXTSEP_S "conf" );
+ oldmask=umask(077);
+ if ( is_secured_filename (fname) )
+ {
+ dst = NULL;
+ errno = EPERM;
+ }
+ else
+ dst = fopen( fname, "w" );
+ umask(oldmask);
+ if( !dst ) {
+ log_info (_("can't create `%s': %s\n"), fname, strerror(errno) );
+ fclose( src );
+ xfree(fname);
+ return;
+ }
+
+ while( (c=getc(src)) != EOF ) {
+ if( linefeeds < 3 ) {
+ if( c == '\n' )
+ linefeeds++;
+ }
+ else {
+ putc( c, dst );
+ if (c== '\n')
+ esc = 1;
+ else if (esc == 1) {
+ if (c == ' ' || c == '\t')
+ ;
+ else if (c == '#')
+ esc = 2;
+ else
+ any_option = 1;
+ }
+ }
+ }
+ fclose( dst );
+ fclose( src );
+ log_info(_("new configuration file `%s' created\n"), fname );
+ if (any_option)
+ log_info (_("WARNING: options in `%s'"
+ " are not yet active during this run\n"),
+ fname);
+ xfree(fname);
+}
+
+
+void
+try_make_homedir (const char *fname)
+{
+ const char *defhome = standard_homedir ();
+
+ /* Create the directory only if the supplied directory name is the
+ same as the default one. This way we avoid to create arbitrary
+ directories when a non-default home directory is used. To cope
+ with HOME, we do compare only the suffix if we see that the
+ default homedir does start with a tilde. */
+ if ( opt.dry_run || opt.no_homedir_creation )
+ return;
+
+ if (
+#ifdef HAVE_W32_SYSTEM
+ ( !compare_filenames (fname, defhome) )
+#else
+ ( *defhome == '~'
+ && (strlen(fname) >= strlen (defhome+1)
+ && !strcmp(fname+strlen(fname)-strlen(defhome+1), defhome+1 ) ))
+ || (*defhome != '~' && !compare_filenames( fname, defhome ) )
+#endif
+ )
+ {
+ if ( mkdir (fname, S_IRUSR|S_IWUSR|S_IXUSR) )
+ log_fatal ( _("can't create directory `%s': %s\n"),
+ fname, strerror(errno) );
+ else if (!opt.quiet )
+ log_info ( _("directory `%s' created\n"), fname );
+ copy_options_file( fname );
+
+ }
+}
diff --git a/g10/options.h b/g10/options.h
new file mode 100644
index 0000000..46f746d
--- /dev/null
+++ b/g10/options.h
@@ -0,0 +1,361 @@
+/* options.h
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
+ * 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef G10_OPTIONS_H
+#define G10_OPTIONS_H
+
+#include <sys/types.h>
+#include <types.h>
+#include "main.h"
+#include "packet.h"
+#include "../common/session-env.h"
+
+#ifndef EXTERN_UNLESS_MAIN_MODULE
+/* Norcraft can't cope with common symbols */
+#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE)
+#define EXTERN_UNLESS_MAIN_MODULE extern
+#else
+#define EXTERN_UNLESS_MAIN_MODULE
+#endif
+#endif
+
+EXTERN_UNLESS_MAIN_MODULE
+struct
+{
+ int verbose;
+ int quiet;
+ unsigned debug;
+ int armor;
+ char *outfile;
+ off_t max_output;
+ int dry_run;
+ int list_only;
+ int textmode;
+ int expert;
+ const char *def_sig_expire;
+ int ask_sig_expire;
+ const char *def_cert_expire;
+ int ask_cert_expire;
+ int batch; /* run in batch mode */
+ int answer_yes; /* answer yes on most questions */
+ int answer_no; /* answer no on most questions */
+ int check_sigs; /* check key signatures */
+ int with_colons;
+ int with_key_data;
+ int with_fingerprint; /* opt --with-fingerprint active */
+ int fingerprint; /* list fingerprints */
+ int list_sigs; /* list signatures */
+ int no_armor;
+ int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/
+ int def_cipher_algo;
+ int force_v3_sigs;
+ int force_v4_certs;
+ int force_mdc;
+ int disable_mdc;
+ int def_digest_algo;
+ int cert_digest_algo;
+ int compress_algo;
+ int compress_level;
+ int bz2_compress_level;
+ int bz2_decompress_lowmem;
+ const char *def_secret_key;
+ char *def_recipient;
+ int def_recipient_self;
+ int def_cert_level;
+ int min_cert_level;
+ int ask_cert_level;
+ int no_version;
+ int marginals_needed;
+ int completes_needed;
+ int max_cert_depth;
+ const char *homedir;
+ const char *agent_program;
+
+ /* Options to be passed to the gpg-agent */
+ session_env_t session_env;
+ char *lc_ctype;
+ char *lc_messages;
+
+ int skip_verify;
+ int compress_keys;
+ int compress_sigs;
+ /* TM_CLASSIC must be zero to accomodate trustdbs generated before
+ we started storing the trust model inside the trustdb. */
+ enum
+ {
+ TM_CLASSIC=0, TM_PGP=1, TM_EXTERNAL=2, TM_ALWAYS, TM_DIRECT, TM_AUTO
+ } trust_model;
+ int force_ownertrust;
+ enum
+ {
+ CO_GNUPG, CO_RFC4880, CO_RFC2440, CO_RFC1991, CO_PGP2,
+ CO_PGP6, CO_PGP7, CO_PGP8
+ } compliance;
+ enum
+ {
+ KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG
+ } keyid_format;
+ int pgp2_workarounds;
+ int shm_coprocess;
+ const char *set_filename;
+ strlist_t comments;
+ int throw_keyid;
+ const char *photo_viewer;
+ int s2k_mode;
+ int s2k_digest_algo;
+ int s2k_cipher_algo;
+ unsigned char s2k_count; /* This is the encoded form, not the raw
+ count */
+ int simple_sk_checksum; /* create the deprecated rfc2440 secret key
+ protection */
+ int not_dash_escaped;
+ int escape_from;
+ int lock_once;
+ struct keyserver_spec
+ {
+ char *uri;
+ char *scheme;
+ char *auth;
+ char *host;
+ char *port;
+ char *path;
+ char *opaque;
+ strlist_t options;
+ struct
+ {
+ unsigned int direct_uri:1;
+ } flags;
+ struct keyserver_spec *next;
+ } *keyserver;
+ struct
+ {
+ unsigned int options;
+ unsigned int import_options;
+ unsigned int export_options;
+ strlist_t other;
+ } keyserver_options;
+ int exec_disable;
+ int exec_path_set;
+ unsigned int import_options;
+ unsigned int export_options;
+ unsigned int list_options;
+ unsigned int verify_options;
+ const char *def_preference_list;
+ const char *def_keyserver_url;
+ prefitem_t *personal_cipher_prefs;
+ prefitem_t *personal_digest_prefs;
+ prefitem_t *personal_compress_prefs;
+ int no_perm_warn;
+ int no_mdc_warn;
+ char *temp_dir;
+ int no_encrypt_to;
+ int interactive;
+ struct notation *sig_notations;
+ struct notation *cert_notations;
+ strlist_t sig_policy_url;
+ strlist_t cert_policy_url;
+ strlist_t sig_keyserver_url;
+ strlist_t cert_subpackets;
+ strlist_t sig_subpackets;
+ int allow_non_selfsigned_uid;
+ int allow_freeform_uid;
+ int no_literal;
+ ulong set_filesize;
+ int fast_list_mode;
+ int ignore_time_conflict;
+ int ignore_valid_from;
+ int ignore_crc_error;
+ int ignore_mdc_error;
+ int command_fd;
+ const char *override_session_key;
+ int show_session_key;
+
+ const char *gpg_agent_info;
+ int try_all_secrets;
+ int no_expensive_trust_checks;
+ int no_sig_cache;
+ int no_sig_create_check;
+ int no_auto_check_trustdb;
+ int preserve_permissions;
+ int no_homedir_creation;
+ struct groupitem *grouplist;
+ int mangle_dos_filenames;
+ int enable_progress_filter;
+ unsigned int screen_columns;
+ unsigned int screen_lines;
+ byte *show_subpackets;
+ int rfc2440_text;
+
+ /* If true, let write failures on the status-fd exit the process. */
+ int exit_on_status_write_error;
+
+ /* If > 0, limit the number of card insertion prompts to this
+ value. */
+ int limit_card_insert_tries;
+
+#ifdef ENABLE_CARD_SUPPORT
+ /* FIXME: We don't needs this here as it is done in scdaemon. */
+ const char *ctapi_driver; /* Library to access the ctAPI. */
+ const char *pcsc_driver; /* Library to access the PC/SC system. */
+ int disable_ccid; /* Disable the use of the internal CCID driver. */
+#endif /*ENABLE_CARD_SUPPORT*/
+
+ struct
+ {
+ /* If set, require an 0x19 backsig to be present on signatures
+ made by signing subkeys. If not set, a missing backsig is not
+ an error (but an invalid backsig still is). */
+ unsigned int require_cross_cert:1;
+
+ unsigned int use_embedded_filename:1;
+ unsigned int utf8_filename:1;
+ unsigned int dsa2:1;
+ unsigned int allow_multiple_messages:1;
+ } flags;
+
+ /* Linked list of ways to find a key if the key isn't on the local
+ keyring. */
+ struct akl
+ {
+ enum {
+ AKL_NODEFAULT,
+ AKL_LOCAL,
+ AKL_CERT,
+ AKL_PKA,
+ AKL_LDAP,
+ AKL_KEYSERVER,
+ AKL_SPEC
+ } type;
+ struct keyserver_spec *spec;
+ struct akl *next;
+ } *auto_key_locate;
+
+ int passphrase_repeat;
+} opt;
+
+/* CTRL is used to keep some global variables we currently can't
+ avoid. Future concurrent versions of gpg will put it into a per
+ request structure CTRL. */
+EXTERN_UNLESS_MAIN_MODULE
+struct {
+ int in_auto_key_retrieve; /* True if we are doing an
+ auto_key_retrieve. */
+} glo_ctrl;
+
+#define DBG_PACKET_VALUE 1 /* debug packet reading/writing */
+#define DBG_MPI_VALUE 2 /* debug mpi details */
+#define DBG_CIPHER_VALUE 4 /* debug cipher handling */
+ /* (may reveal sensitive data) */
+#define DBG_FILTER_VALUE 8 /* debug internal filter handling */
+#define DBG_IOBUF_VALUE 16 /* debug iobuf stuff */
+#define DBG_MEMORY_VALUE 32 /* debug memory allocation stuff */
+#define DBG_CACHE_VALUE 64 /* debug the cacheing */
+#define DBG_MEMSTAT_VALUE 128 /* show memory statistics */
+#define DBG_TRUST_VALUE 256 /* debug the trustdb */
+#define DBG_HASHING_VALUE 512 /* debug hashing operations */
+#define DBG_EXTPROG_VALUE 1024 /* debug external program calls */
+#define DBG_CARD_IO_VALUE 2048 /* debug smart card I/O. */
+
+/* Fixme: For now alias this value. */
+#define DBG_ASSUAN_VALUE DBG_EXTPROG_VALUE
+
+
+/* Tests for the debugging flags. */
+#define DBG_PACKET (opt.debug & DBG_PACKET_VALUE)
+#define DBG_CIPHER (opt.debug & DBG_CIPHER_VALUE)
+#define DBG_FILTER (opt.debug & DBG_FILTER_VALUE)
+#define DBG_CACHE (opt.debug & DBG_CACHE_VALUE)
+#define DBG_TRUST (opt.debug & DBG_TRUST_VALUE)
+#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
+#define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE)
+#define DBG_CARD_IO (opt.debug & DBG_CARD_IO_VALUE)
+#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE)
+
+/* FIXME: We need to check whey we did not put this into opt. */
+#define DBG_MEMORY memory_debug_mode
+#define DBG_MEMSTAT memory_stat_debug_mode
+
+EXTERN_UNLESS_MAIN_MODULE int memory_debug_mode;
+EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
+
+
+
+#define GNUPG (opt.compliance==CO_GNUPG)
+#define RFC1991 (opt.compliance==CO_RFC1991 || opt.compliance==CO_PGP2)
+#define RFC2440 (opt.compliance==CO_RFC2440)
+#define RFC4880 (opt.compliance==CO_RFC4880)
+#define PGP2 (opt.compliance==CO_PGP2)
+#define PGP6 (opt.compliance==CO_PGP6)
+#define PGP7 (opt.compliance==CO_PGP7)
+#define PGP8 (opt.compliance==CO_PGP8)
+#define PGPX (PGP2 || PGP6 || PGP7 || PGP8)
+
+/* Various option flags. Note that there should be no common string
+ names between the IMPORT_ and EXPORT_ flags as they can be mixed in
+ the keyserver-options option. */
+
+#define IMPORT_LOCAL_SIGS (1<<0)
+#define IMPORT_REPAIR_PKS_SUBKEY_BUG (1<<1)
+#define IMPORT_FAST (1<<2)
+#define IMPORT_SK2PK (1<<3)
+#define IMPORT_MERGE_ONLY (1<<4)
+#define IMPORT_MINIMAL (1<<5)
+#define IMPORT_CLEAN (1<<6)
+
+#define EXPORT_LOCAL_SIGS (1<<0)
+#define EXPORT_ATTRIBUTES (1<<1)
+#define EXPORT_SENSITIVE_REVKEYS (1<<2)
+#define EXPORT_RESET_SUBKEY_PASSWD (1<<3)
+#define EXPORT_MINIMAL (1<<4)
+#define EXPORT_CLEAN (1<<5)
+#define EXPORT_SEXP_FORMAT (1<<6)
+
+#define LIST_SHOW_PHOTOS (1<<0)
+#define LIST_SHOW_POLICY_URLS (1<<1)
+#define LIST_SHOW_STD_NOTATIONS (1<<2)
+#define LIST_SHOW_USER_NOTATIONS (1<<3)
+#define LIST_SHOW_NOTATIONS (LIST_SHOW_STD_NOTATIONS|LIST_SHOW_USER_NOTATIONS)
+#define LIST_SHOW_KEYSERVER_URLS (1<<4)
+#define LIST_SHOW_UID_VALIDITY (1<<5)
+#define LIST_SHOW_UNUSABLE_UIDS (1<<6)
+#define LIST_SHOW_UNUSABLE_SUBKEYS (1<<7)
+#define LIST_SHOW_KEYRING (1<<8)
+#define LIST_SHOW_SIG_EXPIRE (1<<9)
+#define LIST_SHOW_SIG_SUBPACKETS (1<<10)
+
+#define VERIFY_SHOW_PHOTOS (1<<0)
+#define VERIFY_SHOW_POLICY_URLS (1<<1)
+#define VERIFY_SHOW_STD_NOTATIONS (1<<2)
+#define VERIFY_SHOW_USER_NOTATIONS (1<<3)
+#define VERIFY_SHOW_NOTATIONS (VERIFY_SHOW_STD_NOTATIONS|VERIFY_SHOW_USER_NOTATIONS)
+#define VERIFY_SHOW_KEYSERVER_URLS (1<<4)
+#define VERIFY_SHOW_UID_VALIDITY (1<<5)
+#define VERIFY_SHOW_UNUSABLE_UIDS (1<<6)
+#define VERIFY_PKA_LOOKUPS (1<<7)
+#define VERIFY_PKA_TRUST_INCREASE (1<<8)
+#define VERIFY_SHOW_PRIMARY_UID_ONLY (1<<9)
+
+#define KEYSERVER_USE_TEMP_FILES (1<<0)
+#define KEYSERVER_KEEP_TEMP_FILES (1<<1)
+#define KEYSERVER_ADD_FAKE_V3 (1<<2)
+#define KEYSERVER_AUTO_KEY_RETRIEVE (1<<3)
+#define KEYSERVER_HONOR_KEYSERVER_URL (1<<4)
+#define KEYSERVER_HONOR_PKA_RECORD (1<<5)
+
+#endif /*G10_OPTIONS_H*/
diff --git a/g10/options.skel b/g10/options.skel
new file mode 100644
index 0000000..534affc
--- /dev/null
+++ b/g10/options.skel
@@ -0,0 +1,206 @@
+# These first three lines are not copied to the gpg.conf file in
+# the users home directory.
+# $Id$
+# Options for GnuPG
+# Copyright 1998, 1999, 2000, 2001, 2002, 2003,
+# 2010 Free Software Foundation, Inc.
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Unless you specify which option file to use (with the command line
+# option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf
+# by default.
+#
+# An options file can contain any long options which are available in
+# GnuPG. If the first non white space character of a line is a '#',
+# this line is ignored. Empty lines are also ignored.
+#
+# See the man page for a list of options.
+
+# Uncomment the following option to get rid of the copyright notice
+
+#no-greeting
+
+# If you have more than 1 secret key in your keyring, you may want to
+# uncomment the following option and set your preferred keyid.
+
+#default-key 621CC013
+
+# If you do not pass a recipient to gpg, it will ask for one. Using
+# this option you can encrypt to a default key. Key validation will
+# not be done in this case. The second form uses the default key as
+# default recipient.
+
+#default-recipient some-user-id
+#default-recipient-self
+
+# By default GnuPG creates version 4 signatures for data files as
+# specified by OpenPGP. Some earlier (PGP 6, PGP 7) versions of PGP
+# require the older version 3 signatures. Setting this option forces
+# GnuPG to create version 3 signatures.
+
+#force-v3-sigs
+
+# Because some mailers change lines starting with "From " to ">From "
+# it is good to handle such lines in a special way when creating
+# cleartext signatures; all other PGP versions do it this way too.
+# To enable full OpenPGP compliance you may want to use this option.
+
+#no-escape-from-lines
+
+# When verifying a signature made from a subkey, ensure that the cross
+# certification "back signature" on the subkey is present and valid.
+# This protects against a subtle attack against subkeys that can sign.
+# Defaults to --no-require-cross-certification. However for new
+# installations it should be enabled.
+
+require-cross-certification
+
+
+# If you do not use the Latin-1 (ISO-8859-1) charset, you should tell
+# GnuPG which is the native character set. Please check the man page
+# for supported character sets. This character set is only used for
+# metadata and not for the actual message which does not undergo any
+# translation. Note that future version of GnuPG will change to UTF-8
+# as default character set.
+
+#charset utf-8
+
+# Group names may be defined like this:
+# group mynames = paige 0x12345678 joe patti
+#
+# Any time "mynames" is a recipient (-r or --recipient), it will be
+# expanded to the names "paige", "joe", and "patti", and the key ID
+# "0x12345678". Note there is only one level of expansion - you
+# cannot make an group that points to another group. Note also that
+# if there are spaces in the recipient name, this will appear as two
+# recipients. In these cases it is better to use the key ID.
+
+#group mynames = paige 0x12345678 joe patti
+
+# Some old Windows platforms require 8.3 filenames. If your system
+# can handle long filenames, uncomment this.
+
+#no-mangle-dos-filenames
+
+# Lock the file only once for the lifetime of a process. If you do
+# not define this, the lock will be obtained and released every time
+# it is needed - normally this is not needed.
+
+#lock-once
+
+# GnuPG can send and receive keys to and from a keyserver. These
+# servers can be HKP, email, or LDAP (if GnuPG is built with LDAP
+# support).
+#
+# Example HKP keyservers:
+# hkp://keys.gnupg.net
+# hkp://subkeys.pgp.net
+#
+# Example email keyserver:
+# mailto:pgp-public-keys@keys.pgp.net
+#
+# Example LDAP keyservers:
+# ldap://pgp.surfnet.nl:11370
+# ldap://keyserver.pgp.com
+#
+# Regular URL syntax applies, and you can set an alternate port
+# through the usual method:
+# hkp://keyserver.example.net:22742
+#
+# If you have problems connecting to a HKP server through a buggy http
+# proxy, you can use keyserver option broken-http-proxy (see below),
+# but first you should make sure that you have read the man page
+# regarding proxies (keyserver option honor-http-proxy)
+#
+# Most users just set the name and type of their preferred keyserver.
+# Note that most servers (with the notable exception of
+# ldap://keyserver.pgp.com) synchronize changes with each other. Note
+# also that a single server name may actually point to multiple
+# servers via DNS round-robin. hkp://keys.gnupg.net is an example of
+# such a "server", which spreads the load over a number of physical
+# servers. To see the IP address of the server actually used, you may use
+# the "--keyserver-options debug".
+
+keyserver hkp://keys.gnupg.net
+#keyserver http://http-keys.gnupg.net
+#keyserver mailto:pgp-public-keys@keys.nl.pgp.net
+#keyserver ldap://pgp.surfnet.nl:11370
+#keyserver ldap://keyserver.pgp.com
+
+# Common options for keyserver functions:
+#
+# include-disabled = when searching, include keys marked as "disabled"
+# on the keyserver (not all keyservers support this).
+#
+# no-include-revoked = when searching, do not include keys marked as
+# "revoked" on the keyserver.
+#
+# verbose = show more information as the keys are fetched.
+# Can be used more than once to increase the amount
+# of information shown.
+#
+# use-temp-files = use temporary files instead of a pipe to talk to the
+# keyserver. Some platforms (Win32 for one) always
+# have this on.
+#
+# keep-temp-files = do not delete temporary files after using them
+# (really only useful for debugging)
+#
+# honor-http-proxy = if the keyserver uses HTTP, honor the http_proxy
+# environment variable
+#
+# broken-http-proxy = try to work around a buggy HTTP proxy
+#
+# auto-key-retrieve = automatically fetch keys as needed from the keyserver
+# when verifying signatures or when importing keys that
+# have been revoked by a revocation key that is not
+# present on the keyring.
+#
+# no-include-attributes = do not include attribute IDs (aka "photo IDs")
+# when sending keys to the keyserver.
+
+#keyserver-options auto-key-retrieve
+
+# Uncomment this line to display photo user IDs in key listings and
+# when a signature from a key with a photo is verified.
+
+#show-photos
+
+# Use this program to display photo user IDs
+#
+# %i is expanded to a temporary file that contains the photo.
+# %I is the same as %i, but the file isn't deleted afterwards by GnuPG.
+# %k is expanded to the key ID of the key.
+# %K is expanded to the long OpenPGP key ID of the key.
+# %t is expanded to the extension of the image (e.g. "jpg").
+# %T is expanded to the MIME type of the image (e.g. "image/jpeg").
+# %f is expanded to the fingerprint of the key.
+# %% is %, of course.
+#
+# If %i or %I are not present, then the photo is supplied to the
+# viewer on standard input. If your platform supports it, standard
+# input is the best way to do this as it avoids the time and effort in
+# generating and then cleaning up a secure temp file.
+#
+# The default program is "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin"
+# On Mac OS X and Windows, the default is to use your regular JPEG image
+# viewer.
+#
+# Some other viewers:
+# photo-viewer "qiv %i"
+# photo-viewer "ee %i"
+# photo-viewer "display -title 'KeyID 0x%k'"
+#
+# This one saves a copy of the photo ID in your home directory:
+# photo-viewer "cat > ~/photoid-for-key-%k.%t"
+#
+# Use your MIME handler to view photos:
+# photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"
+
diff --git a/g10/packet.h b/g10/packet.h
new file mode 100644
index 0000000..cb2f0c9
--- /dev/null
+++ b/g10/packet.h
@@ -0,0 +1,514 @@
+/* packet.h - OpenPGP packet definitions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
+ * 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef G10_PACKET_H
+#define G10_PACKET_H
+
+#include "types.h"
+#include "../common/iobuf.h"
+#include "../jnlib/strlist.h"
+#include "cipher.h"
+#include "filter.h"
+#include "../common/openpgpdefs.h"
+
+#define DEBUG_PARSE_PACKET 1
+
+
+typedef struct packet_struct PACKET;
+
+/* PKT_GPG_CONTROL types */
+typedef enum {
+ CTRLPKT_CLEARSIGN_START = 1,
+ CTRLPKT_PIPEMODE = 2,
+ CTRLPKT_PLAINTEXT_MARK =3
+} ctrlpkttype_t;
+
+typedef enum {
+ PREFTYPE_NONE = 0,
+ PREFTYPE_SYM = 1,
+ PREFTYPE_HASH = 2,
+ PREFTYPE_ZIP = 3
+} preftype_t;
+
+typedef struct {
+ byte type;
+ byte value;
+} prefitem_t;
+
+typedef struct {
+ int mode;
+ byte hash_algo;
+ byte salt[8];
+ u32 count;
+} STRING2KEY;
+
+typedef struct {
+ byte version;
+ byte cipher_algo; /* cipher algorithm used */
+ STRING2KEY s2k;
+ byte seskeylen; /* keylength in byte or 0 for no seskey */
+ byte seskey[1];
+} PKT_symkey_enc;
+
+typedef struct {
+ u32 keyid[2]; /* 64 bit keyid */
+ byte version;
+ byte pubkey_algo; /* algorithm used for public key scheme */
+ byte throw_keyid;
+ gcry_mpi_t data[PUBKEY_MAX_NENC];
+} PKT_pubkey_enc;
+
+
+typedef struct {
+ u32 keyid[2]; /* 64 bit keyid */
+ byte sig_class; /* sig classification */
+ byte digest_algo; /* algorithm used for digest */
+ byte pubkey_algo; /* algorithm used for public key scheme */
+ byte last; /* a stupid flag */
+} PKT_onepass_sig;
+
+
+typedef struct {
+ size_t size; /* allocated */
+ size_t len; /* used */
+ byte data[1];
+} subpktarea_t;
+
+struct revocation_key {
+ byte class;
+ byte algid;
+ byte fpr[MAX_FINGERPRINT_LEN];
+};
+
+
+/* Object to keep information about a PKA DNS record. */
+typedef struct
+{
+ int valid; /* An actual PKA record exists for EMAIL. */
+ int checked; /* Set to true if the FPR has been checked against the
+ actual key. */
+ char *uri; /* Malloced string with the URI. NULL if the URI is
+ not available.*/
+ unsigned char fpr[20]; /* The fingerprint as stored in the PKA RR. */
+ char email[1];/* The email address from the notation data. */
+} pka_info_t;
+
+
+/* Object to keep information pertaining to a signature. */
+typedef struct
+{
+ struct
+ {
+ unsigned checked:1; /* Signature has been checked. */
+ unsigned valid:1; /* Signature is good (if checked is set). */
+ unsigned chosen_selfsig:1; /* A selfsig that is the chosen one. */
+ unsigned unknown_critical:1;
+ unsigned exportable:1;
+ unsigned revocable:1;
+ unsigned policy_url:1; /* At least one policy URL is present */
+ unsigned notation:1; /* At least one notation is present */
+ unsigned pref_ks:1; /* At least one preferred keyserver is present */
+ unsigned expired:1;
+ unsigned pka_tried:1; /* Set if we tried to retrieve the PKA record. */
+ } flags;
+ u32 keyid[2]; /* 64 bit keyid */
+ u32 timestamp; /* Signature made (seconds since Epoch). */
+ u32 expiredate; /* Expires at this date or 0 if not at all. */
+ byte version;
+ byte sig_class; /* Sig classification, append for MD calculation. */
+ byte pubkey_algo; /* Algorithm used for public key scheme */
+ /* (PUBKEY_ALGO_xxx) */
+ byte digest_algo; /* Algorithm used for digest (DIGEST_ALGO_xxxx). */
+ byte trust_depth;
+ byte trust_value;
+ const byte *trust_regexp;
+ struct revocation_key **revkey;
+ int numrevkeys;
+ pka_info_t *pka_info; /* Malloced PKA data or NULL if not
+ available. See also flags.pka_tried. */
+ subpktarea_t *hashed; /* All subpackets with hashed data (v4 only). */
+ subpktarea_t *unhashed; /* Ditto for unhashed data. */
+ byte digest_start[2]; /* First 2 bytes of the digest. */
+ gcry_mpi_t data[PUBKEY_MAX_NSIG];
+} PKT_signature;
+
+#define ATTRIB_IMAGE 1
+
+/* This is the cooked form of attributes */
+struct user_attribute {
+ byte type;
+ const byte *data;
+ u32 len;
+};
+
+typedef struct
+{
+ int ref; /* reference counter */
+ int len; /* length of the name */
+ struct user_attribute *attribs;
+ int numattribs;
+ byte *attrib_data; /* if this is not NULL, the packet is an attribute */
+ unsigned long attrib_len;
+ byte *namehash;
+ int help_key_usage;
+ u32 help_key_expire;
+ int help_full_count;
+ int help_marginal_count;
+ int is_primary; /* 2 if set via the primary flag, 1 if calculated */
+ int is_revoked;
+ int is_expired;
+ u32 expiredate; /* expires at this date or 0 if not at all */
+ prefitem_t *prefs; /* list of preferences (may be NULL)*/
+ u32 created; /* according to the self-signature */
+ byte selfsigversion;
+ struct
+ {
+ /* TODO: Move more flags here */
+ unsigned mdc:1;
+ unsigned ks_modify:1;
+ unsigned compacted:1;
+ } flags;
+ char name[1];
+} PKT_user_id;
+
+struct revoke_info
+{
+ /* revoked at this date */
+ u32 date;
+ /* the keyid of the revoking key (selfsig or designated revoker) */
+ u32 keyid[2];
+ /* the algo of the revoking key */
+ byte algo;
+};
+
+/****************
+ * Note about the pkey/skey elements: We assume that the secret keys
+ * has the same elemts as the public key at the begin of the array, so
+ * that npkey < nskey and it is possible to compare the secret and
+ * public keys by comparing the first npkey elements of pkey againts skey.
+ */
+typedef struct {
+ u32 timestamp; /* key made */
+ u32 expiredate; /* expires at this date or 0 if not at all */
+ u32 max_expiredate; /* must not expire past this date */
+ struct revoke_info revoked;
+ byte hdrbytes; /* number of header bytes */
+ byte version;
+ byte selfsigversion; /* highest version of all of the self-sigs */
+ byte pubkey_algo; /* algorithm used for public key scheme */
+ byte pubkey_usage; /* for now only used to pass it to getkey() */
+ byte req_usage; /* hack to pass a request to getkey() */
+ byte req_algo; /* Ditto */
+ u32 has_expired; /* set to the expiration date if expired */
+ int is_revoked; /* key has been revoked, 1 if by the
+ owner, 2 if by a designated revoker */
+ int maybe_revoked; /* a designated revocation is present, but
+ without the key to check it */
+ int is_valid; /* key (especially subkey) is valid */
+ int dont_cache; /* do not cache this */
+ byte backsig; /* 0=none, 1=bad, 2=good */
+ u32 main_keyid[2]; /* keyid of the primary key */
+ u32 keyid[2]; /* calculated by keyid_from_pk() */
+ byte is_primary;
+ byte is_disabled; /* 0 for unset, 1 for enabled, 2 for disabled. */
+ prefitem_t *prefs; /* list of preferences (may be NULL) */
+ int mdc_feature; /* mdc feature set */
+ PKT_user_id *user_id; /* if != NULL: found by that uid */
+ struct revocation_key *revkey;
+ int numrevkeys;
+ u32 trust_timestamp;
+ byte trust_depth;
+ byte trust_value;
+ const byte *trust_regexp;
+ gcry_mpi_t pkey[PUBKEY_MAX_NPKEY];
+} PKT_public_key;
+
+/* Evaluates as true if the pk is disabled, and false if it isn't. If
+ there is no disable value cached, fill one in. */
+#define pk_is_disabled(a) (((a)->is_disabled)?((a)->is_disabled==2):(cache_disabled_value((a))))
+
+typedef struct {
+ u32 timestamp; /* key made */
+ u32 expiredate; /* expires at this date or 0 if not at all */
+ u32 max_expiredate; /* must not expire past this date */
+ byte hdrbytes; /* number of header bytes */
+ byte version;
+ byte pubkey_algo; /* algorithm used for public key scheme */
+ byte pubkey_usage;
+ byte req_usage;
+ byte req_algo;
+ u32 has_expired; /* set to the expiration date if expired */
+ int is_revoked; /* key has been revoked */
+ int is_valid; /* key (especially subkey) is valid */
+ u32 main_keyid[2]; /* keyid of the primary key */
+ u32 keyid[2];
+ byte is_primary;
+ byte is_protected; /* The secret info is protected and must */
+ /* be decrypted before use, the protected */
+ /* MPIs are simply (void*) pointers to memory */
+ /* and should never be passed to a mpi_xxx() */
+ struct {
+ byte algo; /* cipher used to protect the secret information*/
+ byte sha1chk; /* SHA1 is used instead of a 16 bit checksum */
+ STRING2KEY s2k;
+ byte ivlen; /* used length of the iv */
+ byte iv[16]; /* initialization vector for CFB mode */
+ } protect;
+ gcry_mpi_t skey[PUBKEY_MAX_NSKEY];
+ u16 csum; /* checksum */
+} PKT_secret_key;
+
+
+typedef struct {
+ int len; /* length of data */
+ char data[1];
+} PKT_comment;
+
+typedef struct {
+ u32 len; /* reserved */
+ byte new_ctb;
+ byte algorithm;
+ iobuf_t buf; /* IOBUF reference */
+} PKT_compressed;
+
+typedef struct {
+ u32 len; /* length of encrypted data */
+ int extralen; /* this is (blocksize+2) */
+ byte new_ctb; /* uses a new CTB */
+ byte is_partial; /* partial length encoded */
+ byte mdc_method; /* > 0: integrity protected encrypted data packet */
+ iobuf_t buf; /* IOBUF reference */
+} PKT_encrypted;
+
+typedef struct {
+ byte hash[20];
+} PKT_mdc;
+
+typedef struct {
+ unsigned int trustval;
+ unsigned int sigcache;
+} PKT_ring_trust;
+
+typedef struct {
+ u32 len; /* length of encrypted data */
+ iobuf_t buf; /* IOBUF reference */
+ byte new_ctb;
+ byte is_partial; /* partial length encoded */
+ int mode;
+ u32 timestamp;
+ int namelen;
+ char name[1];
+} PKT_plaintext;
+
+typedef struct {
+ int control;
+ size_t datalen;
+ char data[1];
+} PKT_gpg_control;
+
+/* combine all packets into a union */
+struct packet_struct {
+ pkttype_t pkttype;
+ union {
+ void *generic;
+ PKT_symkey_enc *symkey_enc; /* PKT_SYMKEY_ENC */
+ PKT_pubkey_enc *pubkey_enc; /* PKT_PUBKEY_ENC */
+ PKT_onepass_sig *onepass_sig; /* PKT_ONEPASS_SIG */
+ PKT_signature *signature; /* PKT_SIGNATURE */
+ PKT_public_key *public_key; /* PKT_PUBLIC_[SUB)KEY */
+ PKT_secret_key *secret_key; /* PKT_SECRET_[SUB]KEY */
+ PKT_comment *comment; /* PKT_COMMENT */
+ PKT_user_id *user_id; /* PKT_USER_ID */
+ PKT_compressed *compressed; /* PKT_COMPRESSED */
+ PKT_encrypted *encrypted; /* PKT_ENCRYPTED[_MDC] */
+ PKT_mdc *mdc; /* PKT_MDC */
+ PKT_ring_trust *ring_trust; /* PKT_RING_TRUST */
+ PKT_plaintext *plaintext; /* PKT_PLAINTEXT */
+ PKT_gpg_control *gpg_control; /* PKT_GPG_CONTROL */
+ } pkt;
+};
+
+#define init_packet(a) do { (a)->pkttype = 0; \
+ (a)->pkt.generic = NULL; \
+ } while(0)
+
+
+struct notation
+{
+ char *name;
+ char *value;
+ char *altvalue;
+ unsigned char *bdat;
+ size_t blen;
+ struct
+ {
+ unsigned int critical:1;
+ unsigned int ignore:1;
+ } flags;
+ struct notation *next;
+};
+
+/*-- mainproc.c --*/
+void reset_literals_seen(void);
+int proc_packets( void *ctx, iobuf_t a );
+int proc_signature_packets( void *ctx, iobuf_t a,
+ strlist_t signedfiles, const char *sigfile );
+int proc_signature_packets_by_fd ( void *anchor, IOBUF a, int signed_data_fd );
+int proc_encryption_packets( void *ctx, iobuf_t a );
+int list_packets( iobuf_t a );
+
+/*-- parse-packet.c --*/
+int set_packet_list_mode( int mode );
+
+#if DEBUG_PARSE_PACKET
+int dbg_search_packet( iobuf_t inp, PACKET *pkt, off_t *retpos, int with_uid,
+ const char* file, int lineno );
+int dbg_parse_packet( iobuf_t inp, PACKET *ret_pkt,
+ const char* file, int lineno );
+int dbg_copy_all_packets( iobuf_t inp, iobuf_t out,
+ const char* file, int lineno );
+int dbg_copy_some_packets( iobuf_t inp, iobuf_t out, off_t stopoff,
+ const char* file, int lineno );
+int dbg_skip_some_packets( iobuf_t inp, unsigned n,
+ const char* file, int lineno );
+#define search_packet( a,b,c,d ) \
+ dbg_search_packet( (a), (b), (c), (d), __FILE__, __LINE__ )
+#define parse_packet( a, b ) \
+ dbg_parse_packet( (a), (b), __FILE__, __LINE__ )
+#define copy_all_packets( a,b ) \
+ dbg_copy_all_packets((a),(b), __FILE__, __LINE__ )
+#define copy_some_packets( a,b,c ) \
+ dbg_copy_some_packets((a),(b),(c), __FILE__, __LINE__ )
+#define skip_some_packets( a,b ) \
+ dbg_skip_some_packets((a),(b), __FILE__, __LINE__ )
+#else
+int search_packet( iobuf_t inp, PACKET *pkt, off_t *retpos, int with_uid );
+int parse_packet( iobuf_t inp, PACKET *ret_pkt);
+int copy_all_packets( iobuf_t inp, iobuf_t out );
+int copy_some_packets( iobuf_t inp, iobuf_t out, off_t stopoff );
+int skip_some_packets( iobuf_t inp, unsigned n );
+#endif
+
+int parse_signature( iobuf_t inp, int pkttype, unsigned long pktlen,
+ PKT_signature *sig );
+const byte *enum_sig_subpkt ( const subpktarea_t *subpkts,
+ sigsubpkttype_t reqtype,
+ size_t *ret_n, int *start, int *critical );
+const byte *parse_sig_subpkt ( const subpktarea_t *buffer,
+ sigsubpkttype_t reqtype,
+ size_t *ret_n );
+const byte *parse_sig_subpkt2 ( PKT_signature *sig,
+ sigsubpkttype_t reqtype,
+ size_t *ret_n );
+int parse_one_sig_subpkt( const byte *buffer, size_t n, int type );
+void parse_revkeys(PKT_signature *sig);
+int parse_attribute_subpkts(PKT_user_id *uid);
+void make_attribute_uidname(PKT_user_id *uid, size_t max_namelen);
+PACKET *create_gpg_control ( ctrlpkttype_t type,
+ const byte *data,
+ size_t datalen );
+
+/*-- build-packet.c --*/
+int build_packet( iobuf_t inp, PACKET *pkt );
+u32 calc_packet_length( PACKET *pkt );
+void build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type,
+ const byte *buffer, size_t buflen );
+void build_sig_subpkt_from_sig( PKT_signature *sig );
+int delete_sig_subpkt(subpktarea_t *buffer, sigsubpkttype_t type );
+void build_attribute_subpkt(PKT_user_id *uid,byte type,
+ const void *buf,u32 buflen,
+ const void *header,u32 headerlen);
+struct notation *string_to_notation(const char *string,int is_utf8);
+struct notation *sig_to_notation(PKT_signature *sig);
+void free_notation(struct notation *notation);
+
+/*-- free-packet.c --*/
+void free_symkey_enc( PKT_symkey_enc *enc );
+void free_pubkey_enc( PKT_pubkey_enc *enc );
+void free_seckey_enc( PKT_signature *enc );
+int digest_algo_from_sig( PKT_signature *sig );
+void release_public_key_parts( PKT_public_key *pk );
+void free_public_key( PKT_public_key *key );
+void release_secret_key_parts( PKT_secret_key *sk );
+void free_secret_key( PKT_secret_key *sk );
+void free_attributes(PKT_user_id *uid);
+void free_user_id( PKT_user_id *uid );
+void free_comment( PKT_comment *rem );
+void free_packet( PACKET *pkt );
+prefitem_t *copy_prefs (const prefitem_t *prefs);
+PKT_public_key *copy_public_key( PKT_public_key *d, PKT_public_key *s );
+void copy_public_parts_to_secret_key( PKT_public_key *pk, PKT_secret_key *sk );
+PKT_secret_key *copy_secret_key( PKT_secret_key *d, PKT_secret_key *s );
+PKT_signature *copy_signature( PKT_signature *d, PKT_signature *s );
+PKT_user_id *scopy_user_id (PKT_user_id *sd );
+int cmp_public_keys( PKT_public_key *a, PKT_public_key *b );
+int cmp_secret_keys( PKT_secret_key *a, PKT_secret_key *b );
+int cmp_signatures( PKT_signature *a, PKT_signature *b );
+int cmp_public_secret_key( PKT_public_key *pk, PKT_secret_key *sk );
+int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
+
+
+/*-- sig-check.c --*/
+int signature_check( PKT_signature *sig, gcry_md_hd_t digest );
+int signature_check2( PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
+ int *r_expired, int *r_revoked, PKT_public_key *ret_pk );
+
+/*-- seckey-cert.c --*/
+int is_secret_key_protected( PKT_secret_key *sk );
+int check_secret_key( PKT_secret_key *sk, int retries );
+int protect_secret_key( PKT_secret_key *sk, DEK *dek );
+
+/*-- pubkey-enc.c --*/
+int get_session_key( PKT_pubkey_enc *k, DEK *dek );
+int get_override_session_key( DEK *dek, const char *string );
+
+/*-- compress.c --*/
+int handle_compressed( void *ctx, PKT_compressed *cd,
+ int (*callback)(iobuf_t, void *), void *passthru );
+
+/*-- encr-data.c --*/
+int decrypt_data( void *ctx, PKT_encrypted *ed, DEK *dek );
+
+/*-- plaintext.c --*/
+int handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
+ int nooutput, int clearsig );
+int ask_for_detached_datafile( gcry_md_hd_t md, gcry_md_hd_t md2,
+ const char *inname, int textmode );
+
+/*-- sign.c --*/
+int make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
+ PKT_user_id *uid, PKT_public_key *subpk,
+ PKT_secret_key *sk, int sigclass, int digest_algo,
+ int sigversion, u32 timestamp, u32 duration,
+ int (*mksubpkt)(PKT_signature *, void *),
+ void *opaque );
+int update_keysig_packet( PKT_signature **ret_sig,
+ PKT_signature *orig_sig,
+ PKT_public_key *pk,
+ PKT_user_id *uid,
+ PKT_public_key *subpk,
+ PKT_secret_key *sk,
+ int (*mksubpkt)(PKT_signature *, void *),
+ void *opaque );
+
+/*-- keygen.c --*/
+PKT_user_id *generate_user_id (KBNODE keyblock);
+
+#endif /*G10_PACKET_H*/
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
new file mode 100644
index 0000000..11480dd
--- /dev/null
+++ b/g10/parse-packet.c
@@ -0,0 +1,2569 @@
+/* parse-packet.c - read packets
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
+ * 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "packet.h"
+#include "iobuf.h"
+#include "util.h"
+#include "cipher.h"
+#include "filter.h"
+#include "photoid.h"
+#include "options.h"
+#include "main.h"
+#include "i18n.h"
+
+static int mpi_print_mode;
+static int list_mode;
+static FILE *listfp;
+
+static int parse( IOBUF inp, PACKET *pkt, int onlykeypkts,
+ off_t *retpos, int *skip, IOBUF out, int do_skip
+#ifdef DEBUG_PARSE_PACKET
+ ,const char *dbg_w, const char *dbg_f, int dbg_l
+#endif
+ );
+static int copy_packet( IOBUF inp, IOBUF out, int pkttype,
+ unsigned long pktlen, int partial );
+static void skip_packet( IOBUF inp, int pkttype,
+ unsigned long pktlen, int partial );
+static void *read_rest( IOBUF inp, size_t pktlen, int partial );
+static int parse_marker( IOBUF inp, int pkttype, unsigned long pktlen );
+static int parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *packet );
+static int parse_pubkeyenc( IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *packet );
+static int parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen,
+ PKT_onepass_sig *ops );
+static int parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
+ byte *hdr, int hdrlen, PACKET *packet );
+static int parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *packet );
+static int parse_attribute( IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *packet );
+static int parse_comment( IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *packet );
+static void parse_trust( IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *packet );
+static int parse_plaintext( IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *packet, int new_ctb, int partial);
+static int parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *packet, int new_ctb );
+static int parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *packet, int new_ctb, int partial);
+static int parse_mdc( IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *packet, int new_ctb);
+static int parse_gpg_control( IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *packet, int partial );
+
+static unsigned short
+read_16(IOBUF inp)
+{
+ unsigned short a;
+ a = iobuf_get_noeof(inp) << 8;
+ a |= iobuf_get_noeof(inp);
+ return a;
+}
+
+static unsigned long
+read_32(IOBUF inp)
+{
+ unsigned long a;
+ a = iobuf_get_noeof(inp) << 24;
+ a |= iobuf_get_noeof(inp) << 16;
+ a |= iobuf_get_noeof(inp) << 8;
+ a |= iobuf_get_noeof(inp);
+ return a;
+}
+
+
+/* Read an external representation of an mpi and return the MPI. The
+ * external format is a 16 bit unsigned value stored in network byte
+ * order, giving the number of bits for the following integer. The
+ * integer is stored with MSB first (left padded with zeroes to align
+ * on a byte boundary).
+ */
+static gcry_mpi_t
+mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
+{
+ /*FIXME: Needs to be synced with gnupg14/mpi/mpicoder.c*/
+
+ int c, c1, c2, i;
+ unsigned int nbits, nbytes;
+ size_t nread = 0;
+ gcry_mpi_t a = NULL;
+ byte *buf = NULL;
+ byte *p;
+
+ if ( (c = c1 = iobuf_get (inp)) == -1 )
+ goto leave;
+ nbits = c << 8;
+ if ( (c = c2 = iobuf_get (inp)) == -1 )
+ goto leave;
+ nbits |= c;
+ if ( nbits > MAX_EXTERN_MPI_BITS )
+ {
+ log_error("mpi too large (%u bits)\n", nbits);
+ goto leave;
+ }
+ nread = 2;
+ nbytes = (nbits+7) / 8;
+ buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2);
+ p = buf;
+ p[0] = c1;
+ p[1] = c2;
+ for ( i=0 ; i < nbytes; i++ )
+ {
+ p[i+2] = iobuf_get(inp) & 0xff;
+ nread++;
+ }
+
+ if (nread >= 2 && !(buf[0] << 8 | buf[1]))
+ {
+ /* Libgcrypt < 1.5.0 accidently rejects zero-length (i.e. zero)
+ MPIs. We fix this here. */
+ a = gcry_mpi_new (0);
+ }
+ else
+ {
+ if ( gcry_mpi_scan( &a, GCRYMPI_FMT_PGP, buf, nread, &nread ) )
+ a = NULL;
+ }
+
+ leave:
+ gcry_free(buf);
+ if ( nread > *ret_nread )
+ log_bug ("mpi larger than packet");
+ else
+ *ret_nread = nread;
+ return a;
+}
+
+
+
+
+int
+set_packet_list_mode( int mode )
+{
+ int old = list_mode;
+ list_mode = mode;
+ /* FIXME(gcrypt) mpi_print_mode = DBG_MPI; */
+ /* We use stdout print only if invoked by the --list-packets
+ command but switch to stderr in all otehr cases. This breaks
+ the previous behaviour but that seems to be more of a bug than
+ intentional. I don't believe that any application makes use of
+ this long standing annoying way of printing to stdout except
+ when doing a --list-packets. If this assumption fails, it will
+ be easy to add an option for the listing stream. Note that we
+ initialize it only once; mainly because some code may switch
+ the option value later back to 1 and we want to have all output
+ to the same stream.
+
+ Using stderr is not actually very clean because it bypasses the
+ logging code but it is a special thing anyay. I am not sure
+ whether using log_stream() would be better. Perhaps we should
+ enable the list mdoe only with a special option. */
+ if (!listfp)
+ listfp = opt.list_packets == 2 ? stdout : stderr;
+ return old;
+}
+
+static void
+unknown_pubkey_warning( int algo )
+{
+ static byte unknown_pubkey_algos[256];
+
+ algo &= 0xff;
+ if( !unknown_pubkey_algos[algo] ) {
+ if( opt.verbose )
+ log_info(_("can't handle public key algorithm %d\n"), algo );
+ unknown_pubkey_algos[algo] = 1;
+ }
+}
+
+/****************
+ * Parse a Packet and return it in packet
+ * Returns: 0 := valid packet in pkt
+ * -1 := no more packets
+ * >0 := error
+ * Note: The function may return an error and a partly valid packet;
+ * caller must free this packet.
+ */
+#ifdef DEBUG_PARSE_PACKET
+int
+dbg_parse_packet( IOBUF inp, PACKET *pkt, const char *dbg_f, int dbg_l )
+{
+ int skip, rc;
+
+ do {
+ rc = parse( inp, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l );
+ } while( skip );
+ return rc;
+}
+#else
+int
+parse_packet( IOBUF inp, PACKET *pkt )
+{
+ int skip, rc;
+
+ do {
+ rc = parse( inp, pkt, 0, NULL, &skip, NULL, 0 );
+ } while( skip );
+ return rc;
+}
+#endif
+
+/****************
+ * Like parse packet, but only return secret or public (sub)key packets.
+ */
+#ifdef DEBUG_PARSE_PACKET
+int
+dbg_search_packet( IOBUF inp, PACKET *pkt, off_t *retpos, int with_uid,
+ const char *dbg_f, int dbg_l )
+{
+ int skip, rc;
+
+ do {
+ rc = parse( inp, pkt, with_uid?2:1, retpos, &skip, NULL, 0, "search", dbg_f, dbg_l );
+ } while( skip );
+ return rc;
+}
+#else
+int
+search_packet( IOBUF inp, PACKET *pkt, off_t *retpos, int with_uid )
+{
+ int skip, rc;
+
+ do {
+ rc = parse( inp, pkt, with_uid?2:1, retpos, &skip, NULL, 0 );
+ } while( skip );
+ return rc;
+}
+#endif
+
+/****************
+ * Copy all packets from INP to OUT, thereby removing unused spaces.
+ */
+#ifdef DEBUG_PARSE_PACKET
+int
+dbg_copy_all_packets( IOBUF inp, IOBUF out,
+ const char *dbg_f, int dbg_l )
+{
+ PACKET pkt;
+ int skip, rc=0;
+ do {
+ init_packet(&pkt);
+ } while( !(rc = parse( inp, &pkt, 0, NULL, &skip, out, 0, "copy", dbg_f, dbg_l )));
+ return rc;
+}
+#else
+int
+copy_all_packets( IOBUF inp, IOBUF out )
+{
+ PACKET pkt;
+ int skip, rc=0;
+ do {
+ init_packet(&pkt);
+ } while( !(rc = parse( inp, &pkt, 0, NULL, &skip, out, 0 )));
+ return rc;
+}
+#endif
+
+/****************
+ * Copy some packets from INP to OUT, thereby removing unused spaces.
+ * Stop at offset STOPoff (i.e. don't copy packets at this or later offsets)
+ */
+#ifdef DEBUG_PARSE_PACKET
+int
+dbg_copy_some_packets( IOBUF inp, IOBUF out, off_t stopoff,
+ const char *dbg_f, int dbg_l )
+{
+ PACKET pkt;
+ int skip, rc=0;
+ do {
+ if( iobuf_tell(inp) >= stopoff )
+ return 0;
+ init_packet(&pkt);
+ } while( !(rc = parse( inp, &pkt, 0, NULL, &skip, out, 0,
+ "some", dbg_f, dbg_l )) );
+ return rc;
+}
+#else
+int
+copy_some_packets( IOBUF inp, IOBUF out, off_t stopoff )
+{
+ PACKET pkt;
+ int skip, rc=0;
+ do {
+ if( iobuf_tell(inp) >= stopoff )
+ return 0;
+ init_packet(&pkt);
+ } while( !(rc = parse( inp, &pkt, 0, NULL, &skip, out, 0 )) );
+ return rc;
+}
+#endif
+
+/****************
+ * Skip over N packets
+ */
+#ifdef DEBUG_PARSE_PACKET
+int
+dbg_skip_some_packets( IOBUF inp, unsigned n,
+ const char *dbg_f, int dbg_l )
+{
+ int skip, rc=0;
+ PACKET pkt;
+
+ for( ;n && !rc; n--) {
+ init_packet(&pkt);
+ rc = parse( inp, &pkt, 0, NULL, &skip, NULL, 1, "skip", dbg_f, dbg_l );
+ }
+ return rc;
+}
+#else
+int
+skip_some_packets( IOBUF inp, unsigned n )
+{
+ int skip, rc=0;
+ PACKET pkt;
+
+ for( ;n && !rc; n--) {
+ init_packet(&pkt);
+ rc = parse( inp, &pkt, 0, NULL, &skip, NULL, 1 );
+ }
+ return rc;
+}
+#endif
+
+
+/****************
+ * Parse packet. Set the variable skip points to 1 if the packet
+ * should be skipped; this is the case if either ONLYKEYPKTS is set
+ * and the parsed packet isn't one or the
+ * packet-type is 0, indicating deleted stuff.
+ * if OUT is not NULL, a special copymode is used.
+ */
+static int
+parse( IOBUF inp, PACKET *pkt, int onlykeypkts, off_t *retpos,
+ int *skip, IOBUF out, int do_skip
+#ifdef DEBUG_PARSE_PACKET
+ ,const char *dbg_w, const char *dbg_f, int dbg_l
+#endif
+ )
+{
+ int rc=0, c, ctb, pkttype, lenbytes;
+ unsigned long pktlen;
+ byte hdr[8];
+ int hdrlen;
+ int new_ctb = 0, partial=0;
+ int with_uid = (onlykeypkts == 2);
+
+ *skip = 0;
+ assert( !pkt->pkt.generic );
+ if( retpos )
+ *retpos = iobuf_tell(inp);
+
+ if( (ctb = iobuf_get(inp)) == -1 ) {
+ rc = -1;
+ goto leave;
+ }
+ hdrlen=0;
+ hdr[hdrlen++] = ctb;
+ if( !(ctb & 0x80) ) {
+ log_error("%s: invalid packet (ctb=%02x)\n", iobuf_where(inp), ctb );
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ pktlen = 0;
+ new_ctb = !!(ctb & 0x40);
+ if( new_ctb ) {
+ pkttype = ctb & 0x3f;
+ if( (c = iobuf_get(inp)) == -1 ) {
+ log_error("%s: 1st length byte missing\n", iobuf_where(inp) );
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+
+/* The follwing code has been here for ages (2002-08-30) but it is
+ clearly wrong: For example passing a 0 as second argument to
+ iobuf_set_partial_block_mode stops the partial block mode which we
+ definitely do not want. Also all values < 224 or 255 are not
+ valid. Let's disable it and put PKT_COMPRESSED into the list of
+ allowed packets with partial header until someone complains. */
+/* if (pkttype == PKT_COMPRESSED) { */
+/* iobuf_set_partial_block_mode(inp, c & 0xff); */
+/* pktlen = 0; /\* to indicate partial length *\/ */
+/* partial=1; */
+/* } */
+/* else */
+ {
+ hdr[hdrlen++] = c;
+ if( c < 192 )
+ pktlen = c;
+ else if( c < 224 )
+ {
+ pktlen = (c - 192) * 256;
+ if( (c = iobuf_get(inp)) == -1 )
+ {
+ log_error("%s: 2nd length byte missing\n",
+ iobuf_where(inp) );
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ hdr[hdrlen++] = c;
+ pktlen += c + 192;
+ }
+ else if( c == 255 )
+ {
+ pktlen = (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 24;
+ pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 16;
+ pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 8;
+ if( (c = iobuf_get(inp)) == -1 )
+ {
+ log_error("%s: 4 byte length invalid\n",
+ iobuf_where(inp) );
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ pktlen |= (hdr[hdrlen++] = c );
+ }
+ else
+ {
+ /* Partial body length. */
+ switch (pkttype)
+ {
+ case PKT_PLAINTEXT:
+ case PKT_ENCRYPTED:
+ case PKT_ENCRYPTED_MDC:
+ case PKT_COMPRESSED:
+ iobuf_set_partial_block_mode(inp, c & 0xff);
+ pktlen = 0;/* To indicate partial length. */
+ partial=1;
+ break;
+
+ default:
+ log_error("%s: partial length for invalid"
+ " packet type %d\n", iobuf_where(inp),pkttype);
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ }
+ }
+ }
+ else
+ {
+ pkttype = (ctb>>2)&0xf;
+ lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
+ if( !lenbytes )
+ {
+ pktlen = 0; /* don't know the value */
+ /* This isn't really partial, but we can treat it the same
+ in a "read until the end" sort of way. */
+ partial=1;
+ if(pkttype!=PKT_ENCRYPTED && pkttype!=PKT_PLAINTEXT
+ && pkttype!=PKT_COMPRESSED)
+ {
+ log_error ("%s: indeterminate length for invalid"
+ " packet type %d\n", iobuf_where(inp), pkttype );
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ }
+ else
+ {
+ for( ; lenbytes; lenbytes-- )
+ {
+ pktlen <<= 8;
+ pktlen |= hdr[hdrlen++] = iobuf_get_noeof(inp);
+ }
+ }
+ }
+
+ if (pktlen == (unsigned long)(-1)) {
+ /* With some probability this is caused by a problem in the
+ * the uncompressing layer - in some error cases it just loops
+ * and spits out 0xff bytes. */
+ log_error ("%s: garbled packet detected\n", iobuf_where(inp) );
+ g10_exit (2);
+ }
+
+ if( out && pkttype ) {
+ rc = iobuf_write (out, hdr, hdrlen);
+ if (!rc)
+ rc = copy_packet(inp, out, pkttype, pktlen, partial );
+ goto leave;
+ }
+
+ if (with_uid && pkttype == PKT_USER_ID)
+ ;
+ else if( do_skip
+ || !pkttype
+ || (onlykeypkts && pkttype != PKT_PUBLIC_SUBKEY
+ && pkttype != PKT_PUBLIC_KEY
+ && pkttype != PKT_SECRET_SUBKEY
+ && pkttype != PKT_SECRET_KEY ) ) {
+ iobuf_skip_rest(inp, pktlen, partial);
+ *skip = 1;
+ rc = 0;
+ goto leave;
+ }
+
+ if( DBG_PACKET ) {
+#ifdef DEBUG_PARSE_PACKET
+ log_debug("parse_packet(iob=%d): type=%d length=%lu%s (%s.%s.%d)\n",
+ iobuf_id(inp), pkttype, pktlen, new_ctb?" (new_ctb)":"",
+ dbg_w, dbg_f, dbg_l );
+#else
+ log_debug("parse_packet(iob=%d): type=%d length=%lu%s\n",
+ iobuf_id(inp), pkttype, pktlen, new_ctb?" (new_ctb)":"" );
+#endif
+ }
+ pkt->pkttype = pkttype;
+ rc = G10ERR_UNKNOWN_PACKET; /* default error */
+ switch( pkttype ) {
+ case PKT_PUBLIC_KEY:
+ case PKT_PUBLIC_SUBKEY:
+ pkt->pkt.public_key = xmalloc_clear(sizeof *pkt->pkt.public_key );
+ rc = parse_key(inp, pkttype, pktlen, hdr, hdrlen, pkt );
+ break;
+ case PKT_SECRET_KEY:
+ case PKT_SECRET_SUBKEY:
+ pkt->pkt.secret_key = xmalloc_clear(sizeof *pkt->pkt.secret_key );
+ rc = parse_key(inp, pkttype, pktlen, hdr, hdrlen, pkt );
+ break;
+ case PKT_SYMKEY_ENC:
+ rc = parse_symkeyenc( inp, pkttype, pktlen, pkt );
+ break;
+ case PKT_PUBKEY_ENC:
+ rc = parse_pubkeyenc(inp, pkttype, pktlen, pkt );
+ break;
+ case PKT_SIGNATURE:
+ pkt->pkt.signature = xmalloc_clear(sizeof *pkt->pkt.signature );
+ rc = parse_signature(inp, pkttype, pktlen, pkt->pkt.signature );
+ break;
+ case PKT_ONEPASS_SIG:
+ pkt->pkt.onepass_sig = xmalloc_clear(sizeof *pkt->pkt.onepass_sig );
+ rc = parse_onepass_sig(inp, pkttype, pktlen, pkt->pkt.onepass_sig );
+ break;
+ case PKT_USER_ID:
+ rc = parse_user_id(inp, pkttype, pktlen, pkt );
+ break;
+ case PKT_ATTRIBUTE:
+ pkt->pkttype = pkttype = PKT_USER_ID; /* we store it in the userID */
+ rc = parse_attribute(inp, pkttype, pktlen, pkt);
+ break;
+ case PKT_OLD_COMMENT:
+ case PKT_COMMENT:
+ rc = parse_comment(inp, pkttype, pktlen, pkt);
+ break;
+ case PKT_RING_TRUST:
+ parse_trust(inp, pkttype, pktlen, pkt);
+ rc = 0;
+ break;
+ case PKT_PLAINTEXT:
+ rc = parse_plaintext(inp, pkttype, pktlen, pkt, new_ctb, partial );
+ break;
+ case PKT_COMPRESSED:
+ rc = parse_compressed(inp, pkttype, pktlen, pkt, new_ctb );
+ break;
+ case PKT_ENCRYPTED:
+ case PKT_ENCRYPTED_MDC:
+ rc = parse_encrypted(inp, pkttype, pktlen, pkt, new_ctb, partial );
+ break;
+ case PKT_MDC:
+ rc = parse_mdc(inp, pkttype, pktlen, pkt, new_ctb );
+ break;
+ case PKT_GPG_CONTROL:
+ rc = parse_gpg_control(inp, pkttype, pktlen, pkt, partial );
+ break;
+ case PKT_MARKER:
+ rc = parse_marker(inp,pkttype,pktlen);
+ break;
+ default:
+ skip_packet(inp, pkttype, pktlen, partial);
+ break;
+ }
+
+ leave:
+ if( !rc && iobuf_error(inp) )
+ rc = G10ERR_INV_KEYRING;
+ return rc;
+}
+
+static void
+dump_hex_line( int c, int *i )
+{
+ if( *i && !(*i%8) ) {
+ if( *i && !(*i%24) )
+ fprintf (listfp, "\n%4d:", *i );
+ else
+ putc (' ', listfp);
+ }
+ if( c == -1 )
+ fprintf (listfp, " EOF" );
+ else
+ fprintf (listfp, " %02x", c );
+ ++*i;
+}
+
+
+static int
+copy_packet( IOBUF inp, IOBUF out, int pkttype,
+ unsigned long pktlen, int partial )
+{
+ int rc;
+ int n;
+ char buf[100];
+
+ if( partial ) {
+ while( (n = iobuf_read( inp, buf, 100 )) != -1 )
+ if( (rc=iobuf_write(out, buf, n )) )
+ return rc; /* write error */
+ }
+ else if( !pktlen && pkttype == PKT_COMPRESSED ) {
+ log_debug("copy_packet: compressed!\n");
+ /* compressed packet, copy till EOF */
+ while( (n = iobuf_read( inp, buf, 100 )) != -1 )
+ if( (rc=iobuf_write(out, buf, n )) )
+ return rc; /* write error */
+ }
+ else {
+ for( ; pktlen; pktlen -= n ) {
+ n = pktlen > 100 ? 100 : pktlen;
+ n = iobuf_read( inp, buf, n );
+ if( n == -1 )
+ return gpg_error (GPG_ERR_EOF);
+ if( (rc=iobuf_write(out, buf, n )) )
+ return rc; /* write error */
+ }
+ }
+ return 0;
+}
+
+
+static void
+skip_packet( IOBUF inp, int pkttype, unsigned long pktlen, int partial )
+{
+ if( list_mode )
+ {
+ fprintf (listfp, ":unknown packet: type %2d, length %lu\n",
+ pkttype, pktlen);
+ if( pkttype )
+ {
+ int c, i=0 ;
+ fputs("dump:", listfp );
+ if( partial )
+ {
+ while( (c=iobuf_get(inp)) != -1 )
+ dump_hex_line(c, &i);
+ }
+ else
+ {
+ for( ; pktlen; pktlen-- )
+ {
+ dump_hex_line ((c=iobuf_get(inp)), &i);
+ if (c == -1)
+ break;
+ }
+ }
+ putc ('\n', listfp);
+ return;
+ }
+ }
+ iobuf_skip_rest(inp,pktlen,partial);
+}
+
+static void *
+read_rest( IOBUF inp, size_t pktlen, int partial )
+{
+ byte *p;
+ int i;
+
+ if( partial ) {
+ log_error("read_rest: can't store stream data\n");
+ p = NULL;
+ }
+ else {
+ p = xmalloc( pktlen );
+ for(i=0; pktlen; pktlen--, i++ )
+ p[i] = iobuf_get(inp);
+ }
+ return p;
+}
+
+static int
+parse_marker( IOBUF inp, int pkttype, unsigned long pktlen )
+{
+ (void)pkttype;
+
+ if(pktlen!=3)
+ goto fail;
+
+ if(iobuf_get(inp)!='P')
+ {
+ pktlen--;
+ goto fail;
+ }
+
+ if(iobuf_get(inp)!='G')
+ {
+ pktlen--;
+ goto fail;
+ }
+
+ if(iobuf_get(inp)!='P')
+ {
+ pktlen--;
+ goto fail;
+ }
+
+ if(list_mode)
+ fputs(":marker packet: PGP\n", listfp );
+
+ return 0;
+
+ fail:
+ log_error("invalid marker packet\n");
+ iobuf_skip_rest(inp,pktlen,0);
+ return G10ERR_INVALID_PACKET;
+}
+
+static int
+parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
+{
+ PKT_symkey_enc *k;
+ int rc = 0;
+ int i, version, s2kmode, cipher_algo, hash_algo, seskeylen, minlen;
+
+ if( pktlen < 4 ) {
+ log_error("packet(%d) too short\n", pkttype);
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ version = iobuf_get_noeof(inp); pktlen--;
+ if( version != 4 ) {
+ log_error("packet(%d) with unknown version %d\n", pkttype, version);
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ if( pktlen > 200 ) { /* (we encode the seskeylen in a byte) */
+ log_error("packet(%d) too large\n", pkttype);
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ cipher_algo = iobuf_get_noeof(inp); pktlen--;
+ s2kmode = iobuf_get_noeof(inp); pktlen--;
+ hash_algo = iobuf_get_noeof(inp); pktlen--;
+ switch( s2kmode ) {
+ case 0: /* simple s2k */
+ minlen = 0;
+ break;
+ case 1: /* salted s2k */
+ minlen = 8;
+ break;
+ case 3: /* iterated+salted s2k */
+ minlen = 9;
+ break;
+ default:
+ log_error("unknown S2K %d\n", s2kmode );
+ goto leave;
+ }
+ if( minlen > pktlen ) {
+ log_error("packet with S2K %d too short\n", s2kmode );
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ seskeylen = pktlen - minlen;
+ k = packet->pkt.symkey_enc = xmalloc_clear( sizeof *packet->pkt.symkey_enc
+ + seskeylen - 1 );
+ k->version = version;
+ k->cipher_algo = cipher_algo;
+ k->s2k.mode = s2kmode;
+ k->s2k.hash_algo = hash_algo;
+ if( s2kmode == 1 || s2kmode == 3 ) {
+ for(i=0; i < 8 && pktlen; i++, pktlen-- )
+ k->s2k.salt[i] = iobuf_get_noeof(inp);
+ }
+ if( s2kmode == 3 ) {
+ k->s2k.count = iobuf_get(inp); pktlen--;
+ }
+ k->seskeylen = seskeylen;
+ if(k->seskeylen)
+ {
+ for(i=0; i < seskeylen && pktlen; i++, pktlen-- )
+ k->seskey[i] = iobuf_get_noeof(inp);
+
+ /* What we're watching out for here is a session key decryptor
+ with no salt. The RFC says that using salt for this is a
+ MUST. */
+ if(s2kmode!=1 && s2kmode!=3)
+ log_info(_("WARNING: potentially insecure symmetrically"
+ " encrypted session key\n"));
+ }
+ assert( !pktlen );
+
+ if( list_mode ) {
+ fprintf (listfp, ":symkey enc packet: version %d, cipher %d, s2k %d, hash %d",
+ version, cipher_algo, s2kmode, hash_algo);
+ if(seskeylen)
+ fprintf (listfp, ", seskey %d bits",(seskeylen-1)*8);
+ fprintf (listfp, "\n");
+ if( s2kmode == 1 || s2kmode == 3 ) {
+ fprintf (listfp, "\tsalt ");
+ for(i=0; i < 8; i++ )
+ fprintf (listfp, "%02x", k->s2k.salt[i]);
+ if( s2kmode == 3 )
+ fprintf (listfp, ", count %lu (%lu)",
+ S2K_DECODE_COUNT((ulong)k->s2k.count),
+ (ulong)k->s2k.count );
+ fprintf (listfp, "\n");
+ }
+ }
+
+ leave:
+ iobuf_skip_rest(inp, pktlen, 0);
+ return rc;
+}
+
+static int
+parse_pubkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
+{
+ unsigned int n;
+ int rc = 0;
+ int i, ndata;
+ PKT_pubkey_enc *k;
+
+ k = packet->pkt.pubkey_enc = xmalloc_clear(sizeof *packet->pkt.pubkey_enc);
+ if( pktlen < 12 ) {
+ log_error("packet(%d) too short\n", pkttype);
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ k->version = iobuf_get_noeof(inp); pktlen--;
+ if( k->version != 2 && k->version != 3 ) {
+ log_error("packet(%d) with unknown version %d\n", pkttype, k->version);
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ k->keyid[0] = read_32(inp); pktlen -= 4;
+ k->keyid[1] = read_32(inp); pktlen -= 4;
+ k->pubkey_algo = iobuf_get_noeof(inp); pktlen--;
+ k->throw_keyid = 0; /* only used as flag for build_packet */
+ if( list_mode )
+ fprintf (listfp, ":pubkey enc packet: version %d, algo %d, keyid %08lX%08lX\n",
+ k->version, k->pubkey_algo, (ulong)k->keyid[0], (ulong)k->keyid[1]);
+
+ ndata = pubkey_get_nenc(k->pubkey_algo);
+ if( !ndata ) {
+ if( list_mode )
+ fprintf (listfp, "\tunsupported algorithm %d\n", k->pubkey_algo );
+ unknown_pubkey_warning( k->pubkey_algo );
+ k->data[0] = NULL; /* no need to store the encrypted data */
+ }
+ else {
+ for( i=0; i < ndata; i++ ) {
+ n = pktlen;
+ k->data[i] = mpi_read(inp, &n, 0); pktlen -=n;
+ if( list_mode ) {
+ fprintf (listfp, "\tdata: ");
+ mpi_print(listfp, k->data[i], mpi_print_mode );
+ putc ('\n', listfp);
+ }
+ if (!k->data[i])
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ }
+ }
+
+ leave:
+ iobuf_skip_rest(inp, pktlen, 0);
+ return rc;
+}
+
+
+static void
+dump_sig_subpkt( int hashed, int type, int critical,
+ const byte *buffer, size_t buflen, size_t length )
+{
+ const char *p=NULL;
+ int i;
+
+ /* The CERT has warning out with explains how to use GNUPG to
+ * detect the ARRs - we print our old message here when it is a faked
+ * ARR and add an additional notice */
+ if ( type == SIGSUBPKT_ARR && !hashed ) {
+ fprintf (listfp,
+ "\tsubpkt %d len %u (additional recipient request)\n"
+ "WARNING: PGP versions > 5.0 and < 6.5.8 will automagically "
+ "encrypt to this key and thereby reveal the plaintext to "
+ "the owner of this ARR key. Detailed info follows:\n",
+ type, (unsigned)length );
+ }
+
+ buffer++;
+ length--;
+
+ fprintf (listfp, "\t%s%ssubpkt %d len %u (", /*)*/
+ critical ? "critical ":"",
+ hashed ? "hashed ":"", type, (unsigned)length );
+ if( length > buflen ) {
+ fprintf (listfp, "too short: buffer is only %u)\n", (unsigned)buflen );
+ return;
+ }
+ switch( type ) {
+ case SIGSUBPKT_SIG_CREATED:
+ if( length >= 4 )
+ fprintf (listfp, "sig created %s", strtimestamp( buffer_to_u32(buffer) ) );
+ break;
+ case SIGSUBPKT_SIG_EXPIRE:
+ if( length >= 4 )
+ {
+ if(buffer_to_u32(buffer))
+ fprintf (listfp, "sig expires after %s",
+ strtimevalue( buffer_to_u32(buffer) ) );
+ else
+ fprintf (listfp, "sig does not expire");
+ }
+ break;
+ case SIGSUBPKT_EXPORTABLE:
+ if( length )
+ fprintf (listfp, "%sexportable", *buffer? "":"not ");
+ break;
+ case SIGSUBPKT_TRUST:
+ if(length!=2)
+ p="[invalid trust subpacket]";
+ else
+ fprintf (listfp, "trust signature of depth %d, value %d",buffer[0],buffer[1]);
+ break;
+ case SIGSUBPKT_REGEXP:
+ if(!length)
+ p="[invalid regexp subpacket]";
+ else
+ fprintf (listfp, "regular expression: \"%s\"",buffer);
+ break;
+ case SIGSUBPKT_REVOCABLE:
+ if( length )
+ fprintf (listfp, "%srevocable", *buffer? "":"not ");
+ break;
+ case SIGSUBPKT_KEY_EXPIRE:
+ if( length >= 4 )
+ {
+ if(buffer_to_u32(buffer))
+ fprintf (listfp, "key expires after %s",
+ strtimevalue( buffer_to_u32(buffer) ) );
+ else
+ fprintf (listfp, "key does not expire");
+ }
+ break;
+ case SIGSUBPKT_PREF_SYM:
+ fputs("pref-sym-algos:", listfp );
+ for( i=0; i < length; i++ )
+ fprintf (listfp, " %d", buffer[i] );
+ break;
+ case SIGSUBPKT_REV_KEY:
+ fputs("revocation key: ", listfp );
+ if( length < 22 )
+ p = "[too short]";
+ else {
+ fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1] );
+ for( i=2; i < length; i++ )
+ fprintf (listfp, "%02X", buffer[i] );
+ }
+ break;
+ case SIGSUBPKT_ISSUER:
+ if( length >= 8 )
+ fprintf (listfp, "issuer key ID %08lX%08lX",
+ (ulong)buffer_to_u32(buffer),
+ (ulong)buffer_to_u32(buffer+4) );
+ break;
+ case SIGSUBPKT_NOTATION:
+ {
+ fputs("notation: ", listfp );
+ if( length < 8 )
+ p = "[too short]";
+ else {
+ const byte *s = buffer;
+ size_t n1, n2;
+
+ n1 = (s[4] << 8) | s[5];
+ n2 = (s[6] << 8) | s[7];
+ s += 8;
+ if( 8+n1+n2 != length )
+ p = "[error]";
+ else {
+ print_string( listfp, s, n1, ')' );
+ putc( '=', listfp );
+
+ if( *buffer & 0x80 )
+ print_string( listfp, s+n1, n2, ')' );
+ else
+ p = "[not human readable]";
+ }
+ }
+ }
+ break;
+ case SIGSUBPKT_PREF_HASH:
+ fputs("pref-hash-algos:", listfp );
+ for( i=0; i < length; i++ )
+ fprintf (listfp, " %d", buffer[i] );
+ break;
+ case SIGSUBPKT_PREF_COMPR:
+ fputs("pref-zip-algos:", listfp );
+ for( i=0; i < length; i++ )
+ fprintf (listfp, " %d", buffer[i] );
+ break;
+ case SIGSUBPKT_KS_FLAGS:
+ fputs("key server preferences:",listfp);
+ for(i=0;i<length;i++)
+ fprintf (listfp, " %02X", buffer[i]);
+ break;
+ case SIGSUBPKT_PREF_KS:
+ fputs("preferred key server: ", listfp );
+ print_string( listfp, buffer, length, ')' );
+ break;
+ case SIGSUBPKT_PRIMARY_UID:
+ p = "primary user ID";
+ break;
+ case SIGSUBPKT_POLICY:
+ fputs("policy: ", listfp );
+ print_string( listfp, buffer, length, ')' );
+ break;
+ case SIGSUBPKT_KEY_FLAGS:
+ fputs ( "key flags:", listfp );
+ for( i=0; i < length; i++ )
+ fprintf (listfp, " %02X", buffer[i] );
+ break;
+ case SIGSUBPKT_SIGNERS_UID:
+ p = "signer's user ID";
+ break;
+ case SIGSUBPKT_REVOC_REASON:
+ if( length ) {
+ fprintf (listfp, "revocation reason 0x%02x (", *buffer );
+ print_string( listfp, buffer+1, length-1, ')' );
+ p = ")";
+ }
+ break;
+ case SIGSUBPKT_ARR:
+ fputs("Big Brother's key (ignored): ", listfp );
+ if( length < 22 )
+ p = "[too short]";
+ else {
+ fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1] );
+ for( i=2; i < length; i++ )
+ fprintf (listfp, "%02X", buffer[i] );
+ }
+ break;
+ case SIGSUBPKT_FEATURES:
+ fputs ( "features:", listfp );
+ for( i=0; i < length; i++ )
+ fprintf (listfp, " %02x", buffer[i] );
+ break;
+ case SIGSUBPKT_SIGNATURE:
+ fputs("signature: ",listfp);
+ if(length<17)
+ p="[too short]";
+ else
+ fprintf (listfp, "v%d, class 0x%02X, algo %d, digest algo %d",
+ buffer[0],
+ buffer[0]==3?buffer[2]:buffer[1],
+ buffer[0]==3?buffer[15]:buffer[2],
+ buffer[0]==3?buffer[16]:buffer[3]);
+ break;
+ default:
+ if(type>=100 && type<=110)
+ p="experimental / private subpacket";
+ else
+ p = "?";
+ break;
+ }
+
+ fprintf (listfp, "%s)\n", p? p: "");
+}
+
+/****************
+ * Returns: >= 0 use this offset into buffer
+ * -1 explicitly reject returning this type
+ * -2 subpacket too short
+ */
+int
+parse_one_sig_subpkt( const byte *buffer, size_t n, int type )
+{
+ switch( type )
+ {
+ case SIGSUBPKT_REV_KEY:
+ if(n < 22)
+ break;
+ return 0;
+ case SIGSUBPKT_SIG_CREATED:
+ case SIGSUBPKT_SIG_EXPIRE:
+ case SIGSUBPKT_KEY_EXPIRE:
+ if( n < 4 )
+ break;
+ return 0;
+ case SIGSUBPKT_KEY_FLAGS:
+ case SIGSUBPKT_KS_FLAGS:
+ case SIGSUBPKT_PREF_SYM:
+ case SIGSUBPKT_PREF_HASH:
+ case SIGSUBPKT_PREF_COMPR:
+ case SIGSUBPKT_POLICY:
+ case SIGSUBPKT_PREF_KS:
+ case SIGSUBPKT_FEATURES:
+ case SIGSUBPKT_REGEXP:
+ return 0;
+ case SIGSUBPKT_SIGNATURE:
+ case SIGSUBPKT_EXPORTABLE:
+ case SIGSUBPKT_REVOCABLE:
+ case SIGSUBPKT_REVOC_REASON:
+ if( !n )
+ break;
+ return 0;
+ case SIGSUBPKT_ISSUER: /* issuer key ID */
+ if( n < 8 )
+ break;
+ return 0;
+ case SIGSUBPKT_NOTATION:
+ /* minimum length needed, and the subpacket must be well-formed
+ where the name length and value length all fit inside the
+ packet. */
+ if(n<8 || 8+((buffer[4]<<8)|buffer[5])+((buffer[6]<<8)|buffer[7]) != n)
+ break;
+ return 0;
+ case SIGSUBPKT_PRIMARY_UID:
+ if ( n != 1 )
+ break;
+ return 0;
+ case SIGSUBPKT_TRUST:
+ if ( n != 2 )
+ break;
+ return 0;
+ default: return 0;
+ }
+ return -2;
+}
+
+/* Not many critical notations we understand yet... */
+static int
+can_handle_critical_notation(const byte *name,size_t len)
+{
+ if(len==32 && memcmp(name,"preferred-email-encoding@pgp.com",32)==0)
+ return 1;
+ if(len==21 && memcmp(name,"pka-address@gnupg.org",21)==0)
+ return 1;
+
+ return 0;
+}
+
+static int
+can_handle_critical( const byte *buffer, size_t n, int type )
+{
+ switch( type )
+ {
+ case SIGSUBPKT_NOTATION:
+ if(n>=8)
+ return can_handle_critical_notation(buffer+8,(buffer[4]<<8)|buffer[5]);
+ else
+ return 0;
+ case SIGSUBPKT_SIGNATURE:
+ case SIGSUBPKT_SIG_CREATED:
+ case SIGSUBPKT_SIG_EXPIRE:
+ case SIGSUBPKT_KEY_EXPIRE:
+ case SIGSUBPKT_EXPORTABLE:
+ case SIGSUBPKT_REVOCABLE:
+ case SIGSUBPKT_REV_KEY:
+ case SIGSUBPKT_ISSUER:/* issuer key ID */
+ case SIGSUBPKT_PREF_SYM:
+ case SIGSUBPKT_PREF_HASH:
+ case SIGSUBPKT_PREF_COMPR:
+ case SIGSUBPKT_KEY_FLAGS:
+ case SIGSUBPKT_PRIMARY_UID:
+ case SIGSUBPKT_FEATURES:
+ case SIGSUBPKT_TRUST:
+ case SIGSUBPKT_REGEXP:
+ /* Is it enough to show the policy or keyserver? */
+ case SIGSUBPKT_POLICY:
+ case SIGSUBPKT_PREF_KS:
+ return 1;
+
+ default:
+ return 0;
+ }
+}
+
+
+const byte *
+enum_sig_subpkt( const subpktarea_t *pktbuf, sigsubpkttype_t reqtype,
+ size_t *ret_n, int *start, int *critical )
+{
+ const byte *buffer;
+ int buflen;
+ int type;
+ int critical_dummy;
+ int offset;
+ size_t n;
+ int seq = 0;
+ int reqseq = start? *start: 0;
+
+ if(!critical)
+ critical=&critical_dummy;
+
+ if( !pktbuf || reqseq == -1 ) {
+ /* return some value different from NULL to indicate that
+ * there is no critical bit we do not understand. The caller
+ * will never use the value. Yes I know, it is an ugly hack */
+ return reqtype == SIGSUBPKT_TEST_CRITICAL? (const byte*)&pktbuf : NULL;
+ }
+ buffer = pktbuf->data;
+ buflen = pktbuf->len;
+ while( buflen ) {
+ n = *buffer++; buflen--;
+ if( n == 255 ) { /* 4 byte length header */
+ if( buflen < 4 )
+ goto too_short;
+ n = (buffer[0] << 24) | (buffer[1] << 16)
+ | (buffer[2] << 8) | buffer[3];
+ buffer += 4;
+ buflen -= 4;
+ }
+ else if( n >= 192 ) { /* 2 byte special encoded length header */
+ if( buflen < 2 )
+ goto too_short;
+ n = (( n - 192 ) << 8) + *buffer + 192;
+ buffer++;
+ buflen--;
+ }
+ if( buflen < n )
+ goto too_short;
+ type = *buffer;
+ if( type & 0x80 ) {
+ type &= 0x7f;
+ *critical = 1;
+ }
+ else
+ *critical = 0;
+ if( !(++seq > reqseq) )
+ ;
+ else if( reqtype == SIGSUBPKT_TEST_CRITICAL ) {
+ if( *critical ) {
+ if( n-1 > buflen+1 )
+ goto too_short;
+ if( !can_handle_critical(buffer+1, n-1, type ) )
+ {
+ if(opt.verbose)
+ log_info(_("subpacket of type %d has "
+ "critical bit set\n"),type);
+ if( start )
+ *start = seq;
+ return NULL; /* this is an error */
+ }
+ }
+ }
+ else if( reqtype < 0 ) /* list packets */
+ dump_sig_subpkt( reqtype == SIGSUBPKT_LIST_HASHED,
+ type, *critical, buffer, buflen, n );
+ else if( type == reqtype ) { /* found */
+ buffer++;
+ n--;
+ if( n > buflen )
+ goto too_short;
+ if( ret_n )
+ *ret_n = n;
+ offset = parse_one_sig_subpkt(buffer, n, type );
+ switch( offset ) {
+ case -2:
+ log_error("subpacket of type %d too short\n", type);
+ return NULL;
+ case -1:
+ return NULL;
+ default:
+ break;
+ }
+ if( start )
+ *start = seq;
+ return buffer+offset;
+ }
+ buffer += n; buflen -=n;
+ }
+ if( reqtype == SIGSUBPKT_TEST_CRITICAL )
+ return buffer; /* as value true to indicate that there is no */
+ /* critical bit we don't understand */
+ if( start )
+ *start = -1;
+ return NULL; /* end of packets; not found */
+
+ too_short:
+ if(opt.verbose)
+ log_info("buffer shorter than subpacket\n");
+ if( start )
+ *start = -1;
+ return NULL;
+}
+
+
+const byte *
+parse_sig_subpkt (const subpktarea_t *buffer, sigsubpkttype_t reqtype,
+ size_t *ret_n)
+{
+ return enum_sig_subpkt( buffer, reqtype, ret_n, NULL, NULL );
+}
+
+const byte *
+parse_sig_subpkt2 (PKT_signature *sig, sigsubpkttype_t reqtype,
+ size_t *ret_n )
+{
+ const byte *p;
+
+ p = parse_sig_subpkt (sig->hashed, reqtype, ret_n );
+ if( !p )
+ p = parse_sig_subpkt (sig->unhashed, reqtype, ret_n );
+ return p;
+}
+
+/* Find all revocation keys. Look in hashed area only. */
+void parse_revkeys(PKT_signature *sig)
+{
+ struct revocation_key *revkey;
+ int seq=0;
+ size_t len;
+
+ if(sig->sig_class!=0x1F)
+ return;
+
+ while((revkey=
+ (struct revocation_key *)enum_sig_subpkt(sig->hashed,
+ SIGSUBPKT_REV_KEY,
+ &len,&seq,NULL)))
+ {
+ if(len==sizeof(struct revocation_key) &&
+ (revkey->class&0x80)) /* 0x80 bit must be set */
+ {
+ sig->revkey=xrealloc(sig->revkey,
+ sizeof(struct revocation_key *)*(sig->numrevkeys+1));
+ sig->revkey[sig->numrevkeys]=revkey;
+ sig->numrevkeys++;
+ }
+ }
+}
+
+int
+parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
+ PKT_signature *sig )
+{
+ int md5_len=0;
+ unsigned n;
+ int is_v4=0;
+ int rc=0;
+ int i, ndata;
+
+ if( pktlen < 16 ) {
+ log_error("packet(%d) too short\n", pkttype);
+ goto leave;
+ }
+ sig->version = iobuf_get_noeof(inp); pktlen--;
+ if( sig->version == 4 )
+ is_v4=1;
+ else if( sig->version != 2 && sig->version != 3 ) {
+ log_error("packet(%d) with unknown version %d\n",
+ pkttype, sig->version);
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+
+ if( !is_v4 ) {
+ md5_len = iobuf_get_noeof(inp); pktlen--;
+ }
+ sig->sig_class = iobuf_get_noeof(inp); pktlen--;
+ if( !is_v4 ) {
+ sig->timestamp = read_32(inp); pktlen -= 4;
+ sig->keyid[0] = read_32(inp); pktlen -= 4;
+ sig->keyid[1] = read_32(inp); pktlen -= 4;
+ }
+ sig->pubkey_algo = iobuf_get_noeof(inp); pktlen--;
+ sig->digest_algo = iobuf_get_noeof(inp); pktlen--;
+ sig->flags.exportable=1;
+ sig->flags.revocable=1;
+ if( is_v4 ) { /* read subpackets */
+ n = read_16(inp); pktlen -= 2; /* length of hashed data */
+ if( n > 10000 ) {
+ log_error("signature packet: hashed data too long\n");
+ rc = G10ERR_INVALID_PACKET;
+ goto leave;
+ }
+ if( n ) {
+ sig->hashed = xmalloc (sizeof (*sig->hashed) + n - 1 );
+ sig->hashed->size = n;
+ sig->hashed->len = n;
+ if( iobuf_read (inp, sig->hashed->data, n ) != n ) {
+ log_error ("premature eof while reading "
+ "hashed signature data\n");
+ rc = -1;
+ goto leave;
+ }
+ pktlen -= n;
+ }
+ n = read_16(inp); pktlen -= 2; /* length of unhashed data */
+ if( n > 10000 ) {
+ log_error("signature packet: unhashed data too long\n");
+ rc = G10ERR_INVALID_PACKET;
+ goto leave;
+ }
+ if( n ) {
+ sig->unhashed = xmalloc (sizeof(*sig->unhashed) + n - 1 );
+ sig->unhashed->size = n;
+ sig->unhashed->len = n;
+ if( iobuf_read(inp, sig->unhashed->data, n ) != n ) {
+ log_error("premature eof while reading "
+ "unhashed signature data\n");
+ rc = -1;
+ goto leave;
+ }
+ pktlen -= n;
+ }
+ }
+
+ if( pktlen < 5 ) { /* sanity check */
+ log_error("packet(%d) too short\n", pkttype);
+ rc = G10ERR_INVALID_PACKET;
+ goto leave;
+ }
+
+ sig->digest_start[0] = iobuf_get_noeof(inp); pktlen--;
+ sig->digest_start[1] = iobuf_get_noeof(inp); pktlen--;
+
+ if( is_v4 && sig->pubkey_algo )
+ { /*extract required information */
+ const byte *p;
+ size_t len;
+
+ /* set sig->flags.unknown_critical if there is a
+ * critical bit set for packets which we do not understand */
+ if( !parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL)
+ || !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL,
+ NULL) )
+ sig->flags.unknown_critical = 1;
+
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL );
+ if(p)
+ sig->timestamp = buffer_to_u32(p);
+ else if(!(sig->pubkey_algo>=100 && sig->pubkey_algo<=110)
+ && opt.verbose)
+ log_info ("signature packet without timestamp\n");
+
+ p = parse_sig_subpkt2( sig, SIGSUBPKT_ISSUER, NULL );
+ if(p)
+ {
+ sig->keyid[0] = buffer_to_u32(p);
+ sig->keyid[1] = buffer_to_u32(p+4);
+ }
+ else if(!(sig->pubkey_algo>=100 && sig->pubkey_algo<=110)
+ && opt.verbose)
+ log_info ("signature packet without keyid\n");
+
+ p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_SIG_EXPIRE,NULL);
+ if(p && buffer_to_u32(p))
+ sig->expiredate=sig->timestamp+buffer_to_u32(p);
+ if(sig->expiredate && sig->expiredate<=make_timestamp())
+ sig->flags.expired=1;
+
+ p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY,NULL);
+ if(p)
+ sig->flags.policy_url=1;
+
+ p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,NULL);
+ if(p)
+ sig->flags.pref_ks=1;
+
+ p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,NULL);
+ if(p)
+ sig->flags.notation=1;
+
+ p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_REVOCABLE,NULL);
+ if(p && *p==0)
+ sig->flags.revocable=0;
+
+ p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_TRUST,&len);
+ if(p && len==2)
+ {
+ sig->trust_depth=p[0];
+ sig->trust_value=p[1];
+
+ /* Only look for a regexp if there is also a trust
+ subpacket. */
+ sig->trust_regexp=
+ parse_sig_subpkt(sig->hashed,SIGSUBPKT_REGEXP,&len);
+
+ /* If the regular expression is of 0 length, there is no
+ regular expression. */
+ if(len==0)
+ sig->trust_regexp=NULL;
+ }
+
+ /* We accept the exportable subpacket from either the hashed
+ or unhashed areas as older versions of gpg put it in the
+ unhashed area. In theory, anyway, we should never see this
+ packet off of a local keyring. */
+
+ p=parse_sig_subpkt2(sig,SIGSUBPKT_EXPORTABLE,NULL);
+ if(p && *p==0)
+ sig->flags.exportable=0;
+
+ /* Find all revocation keys. */
+ if(sig->sig_class==0x1F)
+ parse_revkeys(sig);
+ }
+
+ if( list_mode ) {
+ fprintf (listfp, ":signature packet: algo %d, keyid %08lX%08lX\n"
+ "\tversion %d, created %lu, md5len %d, sigclass 0x%02x\n"
+ "\tdigest algo %d, begin of digest %02x %02x\n",
+ sig->pubkey_algo,
+ (ulong)sig->keyid[0], (ulong)sig->keyid[1],
+ sig->version, (ulong)sig->timestamp, md5_len, sig->sig_class,
+ sig->digest_algo,
+ sig->digest_start[0], sig->digest_start[1] );
+ if( is_v4 ) {
+ parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL );
+ parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);
+ }
+ }
+
+ ndata = pubkey_get_nsig(sig->pubkey_algo);
+ if( !ndata ) {
+ if( list_mode )
+ fprintf (listfp, "\tunknown algorithm %d\n", sig->pubkey_algo );
+ unknown_pubkey_warning( sig->pubkey_algo );
+ /* We store the plain material in data[0], so that we are able
+ * to write it back with build_packet() */
+ if (pktlen > (5 * MAX_EXTERN_MPI_BITS/8))
+ {
+ /* However we include a limit to avoid too trivial DoS
+ attacks by having gpg allocate too much memory. */
+ log_error ("signature packet: too much data\n");
+ rc = G10ERR_INVALID_PACKET;
+ }
+ else
+ {
+ sig->data[0]= gcry_mpi_set_opaque (NULL, read_rest(inp, pktlen, 0),
+ pktlen*8 );
+ pktlen = 0;
+ }
+ }
+ else {
+ for( i=0; i < ndata; i++ ) {
+ n = pktlen;
+ sig->data[i] = mpi_read(inp, &n, 0 );
+ pktlen -=n;
+ if( list_mode ) {
+ fprintf (listfp, "\tdata: ");
+ mpi_print(listfp, sig->data[i], mpi_print_mode );
+ putc ('\n', listfp);
+ }
+ if (!sig->data[i])
+ rc = G10ERR_INVALID_PACKET;
+ }
+ }
+
+ leave:
+ iobuf_skip_rest(inp, pktlen, 0);
+ return rc;
+}
+
+
+static int
+parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen,
+ PKT_onepass_sig *ops )
+{
+ int version;
+ int rc = 0;
+
+ if( pktlen < 13 ) {
+ log_error("packet(%d) too short\n", pkttype);
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ version = iobuf_get_noeof(inp); pktlen--;
+ if( version != 3 ) {
+ log_error("onepass_sig with unknown version %d\n", version);
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ ops->sig_class = iobuf_get_noeof(inp); pktlen--;
+ ops->digest_algo = iobuf_get_noeof(inp); pktlen--;
+ ops->pubkey_algo = iobuf_get_noeof(inp); pktlen--;
+ ops->keyid[0] = read_32(inp); pktlen -= 4;
+ ops->keyid[1] = read_32(inp); pktlen -= 4;
+ ops->last = iobuf_get_noeof(inp); pktlen--;
+ if( list_mode )
+ fprintf (listfp,
+ ":onepass_sig packet: keyid %08lX%08lX\n"
+ "\tversion %d, sigclass 0x%02x, digest %d, pubkey %d, "
+ "last=%d\n",
+ (ulong)ops->keyid[0], (ulong)ops->keyid[1],
+ version, ops->sig_class,
+ ops->digest_algo, ops->pubkey_algo, ops->last );
+
+
+ leave:
+ iobuf_skip_rest(inp, pktlen, 0);
+ return rc;
+}
+
+
+static gcry_mpi_t
+read_protected_v3_mpi (IOBUF inp, unsigned long *length)
+{
+ int c;
+ unsigned int nbits, nbytes;
+ unsigned char *buf, *p;
+ gcry_mpi_t val;
+
+ if (*length < 2)
+ {
+ log_error ("mpi too small\n");
+ return NULL;
+ }
+
+ if ((c=iobuf_get (inp)) == -1)
+ return NULL;
+ --*length;
+ nbits = c << 8;
+ if ((c=iobuf_get(inp)) == -1)
+ return NULL;
+ --*length;
+ nbits |= c;
+
+ if (nbits > 16384)
+ {
+ log_error ("mpi too large (%u bits)\n", nbits);
+ return NULL;
+ }
+ nbytes = (nbits+7) / 8;
+ buf = p = xmalloc (2 + nbytes);
+ *p++ = nbits >> 8;
+ *p++ = nbits;
+ for (; nbytes && *length; nbytes--, --*length)
+ *p++ = iobuf_get (inp);
+ if (nbytes)
+ {
+ log_error ("packet shorter than mpi\n");
+ xfree (buf);
+ return NULL;
+ }
+
+ /* convert buffer into an opaque MPI */
+ val = gcry_mpi_set_opaque (NULL, buf, (p-buf)*8);
+ return val;
+}
+
+
+static int
+parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
+ byte *hdr, int hdrlen, PACKET *pkt)
+{
+ int i, version, algorithm;
+ unsigned n;
+ unsigned long timestamp, expiredate, max_expiredate;
+ int npkey, nskey;
+ int is_v4=0;
+ int rc=0;
+ u32 keyid[2];
+
+ (void)hdr;
+
+ version = iobuf_get_noeof(inp); pktlen--;
+ if( pkttype == PKT_PUBLIC_SUBKEY && version == '#' ) {
+ /* early versions of G10 use old PGP comments packets;
+ * luckily all those comments are started by a hash */
+ if( list_mode ) {
+ fprintf (listfp, ":rfc1991 comment packet: \"" );
+ for( ; pktlen; pktlen-- ) {
+ int c;
+ c = iobuf_get_noeof(inp);
+ if( c >= ' ' && c <= 'z' )
+ putc (c, listfp);
+ else
+ fprintf (listfp, "\\x%02x", c );
+ }
+ fprintf (listfp, "\"\n");
+ }
+ iobuf_skip_rest(inp, pktlen, 0);
+ return 0;
+ }
+ else if( version == 4 )
+ is_v4=1;
+ else if( version != 2 && version != 3 ) {
+ log_error("packet(%d) with unknown version %d\n", pkttype, version);
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+
+ if( pktlen < 11 ) {
+ log_error("packet(%d) too short\n", pkttype);
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+
+ timestamp = read_32(inp); pktlen -= 4;
+ if( is_v4 ) {
+ expiredate = 0; /* have to get it from the selfsignature */
+ max_expiredate = 0;
+ }
+ else {
+ unsigned short ndays;
+ ndays = read_16(inp); pktlen -= 2;
+ if( ndays )
+ expiredate = timestamp + ndays * 86400L;
+ else
+ expiredate = 0;
+
+ max_expiredate=expiredate;
+ }
+ algorithm = iobuf_get_noeof(inp); pktlen--;
+ if( list_mode )
+ fprintf (listfp, ":%s key packet:\n"
+ "\tversion %d, algo %d, created %lu, expires %lu\n",
+ pkttype == PKT_PUBLIC_KEY? "public" :
+ pkttype == PKT_SECRET_KEY? "secret" :
+ pkttype == PKT_PUBLIC_SUBKEY? "public sub" :
+ pkttype == PKT_SECRET_SUBKEY? "secret sub" : "??",
+ version, algorithm, timestamp, expiredate );
+
+ if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY ) {
+ PKT_secret_key *sk = pkt->pkt.secret_key;
+
+ sk->timestamp = timestamp;
+ sk->expiredate = expiredate;
+ sk->max_expiredate = max_expiredate;
+ sk->hdrbytes = hdrlen;
+ sk->version = version;
+ sk->is_primary = pkttype == PKT_SECRET_KEY;
+ sk->pubkey_algo = algorithm;
+ sk->req_usage = 0;
+ sk->pubkey_usage = 0; /* not yet used */
+ }
+ else {
+ PKT_public_key *pk = pkt->pkt.public_key;
+
+ pk->timestamp = timestamp;
+ pk->expiredate = expiredate;
+ pk->max_expiredate = max_expiredate;
+ pk->hdrbytes = hdrlen;
+ pk->version = version;
+ pk->is_primary = pkttype == PKT_PUBLIC_KEY;
+ pk->pubkey_algo = algorithm;
+ pk->req_usage = 0;
+ pk->pubkey_usage = 0; /* not yet used */
+ pk->is_revoked = 0;
+ pk->is_disabled = 0;
+ pk->keyid[0] = 0;
+ pk->keyid[1] = 0;
+ }
+ nskey = pubkey_get_nskey( algorithm );
+ npkey = pubkey_get_npkey( algorithm );
+ if( !npkey ) {
+ if( list_mode )
+ fprintf (listfp, "\tunknown algorithm %d\n", algorithm );
+ unknown_pubkey_warning( algorithm );
+ }
+
+
+ if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY ) {
+ PKT_secret_key *sk = pkt->pkt.secret_key;
+ byte temp[16];
+ size_t snlen = 0;
+
+ if( !npkey ) {
+ sk->skey[0] = gcry_mpi_set_opaque (NULL, read_rest(inp, pktlen, 0),
+ pktlen*8 );
+ pktlen = 0;
+ goto leave;
+ }
+
+ for(i=0; i < npkey; i++ ) {
+ n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
+ if( list_mode ) {
+ fprintf (listfp, "\tskey[%d]: ", i);
+ mpi_print(listfp, sk->skey[i], mpi_print_mode );
+ putc ('\n', listfp);
+ }
+ if (!sk->skey[i])
+ rc = G10ERR_INVALID_PACKET;
+ }
+ if (rc) /* one of the MPIs were bad */
+ goto leave;
+ sk->protect.algo = iobuf_get_noeof(inp); pktlen--;
+ sk->protect.sha1chk = 0;
+ if( sk->protect.algo ) {
+ sk->is_protected = 1;
+ sk->protect.s2k.count = 0;
+ if( sk->protect.algo == 254 || sk->protect.algo == 255 ) {
+ if( pktlen < 3 ) {
+ rc = G10ERR_INVALID_PACKET;
+ goto leave;
+ }
+ sk->protect.sha1chk = (sk->protect.algo == 254);
+ sk->protect.algo = iobuf_get_noeof(inp); pktlen--;
+ /* Note that a sk->protect.algo > 110 is illegal, but
+ I'm not erroring on it here as otherwise there
+ would be no way to delete such a key. */
+ sk->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--;
+ sk->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--;
+ /* check for the special GNU extension */
+ if( is_v4 && sk->protect.s2k.mode == 101 ) {
+ for(i=0; i < 4 && pktlen; i++, pktlen-- )
+ temp[i] = iobuf_get_noeof(inp);
+ if( i < 4 || memcmp( temp, "GNU", 3 ) ) {
+ if( list_mode )
+ fprintf (listfp, "\tunknown S2K %d\n",
+ sk->protect.s2k.mode );
+ rc = G10ERR_INVALID_PACKET;
+ goto leave;
+ }
+ /* here we know that it is a gnu extension
+ * What follows is the GNU protection mode:
+ * All values have special meanings
+ * and they are mapped in the mode with a base of 1000.
+ */
+ sk->protect.s2k.mode = 1000 + temp[3];
+ }
+ switch( sk->protect.s2k.mode ) {
+ case 1:
+ case 3:
+ for(i=0; i < 8 && pktlen; i++, pktlen-- )
+ temp[i] = iobuf_get_noeof(inp);
+ memcpy(sk->protect.s2k.salt, temp, 8 );
+ break;
+ }
+ switch( sk->protect.s2k.mode ) {
+ case 0: if( list_mode ) fprintf (listfp, "\tsimple S2K" );
+ break;
+ case 1: if( list_mode ) fprintf (listfp, "\tsalted S2K" );
+ break;
+ case 3: if( list_mode ) fprintf (listfp, "\titer+salt S2K" );
+ break;
+ case 1001: if( list_mode ) fprintf (listfp,
+ "\tgnu-dummy S2K" );
+ break;
+ case 1002: if (list_mode) fprintf (listfp,
+ "\tgnu-divert-to-card S2K");
+ break;
+ default:
+ if( list_mode )
+ fprintf (listfp, "\tunknown %sS2K %d\n",
+ sk->protect.s2k.mode < 1000? "":"GNU ",
+ sk->protect.s2k.mode );
+ rc = G10ERR_INVALID_PACKET;
+ goto leave;
+ }
+
+ if( list_mode ) {
+ fprintf (listfp, ", algo: %d,%s hash: %d",
+ sk->protect.algo,
+ sk->protect.sha1chk?" SHA1 protection,"
+ :" simple checksum,",
+ sk->protect.s2k.hash_algo );
+ if( sk->protect.s2k.mode == 1
+ || sk->protect.s2k.mode == 3 ) {
+ fprintf (listfp, ", salt: ");
+ for(i=0; i < 8; i++ )
+ fprintf (listfp, "%02x", sk->protect.s2k.salt[i]);
+ }
+ putc ('\n', listfp);
+ }
+
+ if( sk->protect.s2k.mode == 3 ) {
+ if( pktlen < 1 ) {
+ rc = G10ERR_INVALID_PACKET;
+ goto leave;
+ }
+ sk->protect.s2k.count = iobuf_get(inp);
+ pktlen--;
+ if( list_mode )
+ fprintf (listfp, "\tprotect count: %lu (%lu)\n",
+ (ulong)S2K_DECODE_COUNT
+ ((ulong)sk->protect.s2k.count),
+ (ulong)sk->protect.s2k.count);
+ }
+ else if( sk->protect.s2k.mode == 1002 ) {
+ /* Read the serial number. */
+ if (pktlen < 1) {
+ rc = G10ERR_INVALID_PACKET;
+ goto leave;
+ }
+ snlen = iobuf_get (inp);
+ pktlen--;
+ if (pktlen < snlen || snlen == -1) {
+ rc = G10ERR_INVALID_PACKET;
+ goto leave;
+ }
+ }
+ }
+ /* Note that a sk->protect.algo > 110 is illegal, but I'm
+ not erroring on it here as otherwise there would be no
+ way to delete such a key. */
+ else { /* old version; no S2K, so we set mode to 0, hash MD5 */
+ sk->protect.s2k.mode = 0;
+ sk->protect.s2k.hash_algo = DIGEST_ALGO_MD5;
+ if( list_mode )
+ fprintf (listfp, "\tprotect algo: %d (hash algo: %d)\n",
+ sk->protect.algo, sk->protect.s2k.hash_algo );
+ }
+ /* It is really ugly that we don't know the size
+ * of the IV here in cases we are not aware of the algorithm.
+ * so a
+ * sk->protect.ivlen = cipher_get_blocksize(sk->protect.algo);
+ * won't work. The only solution I see is to hardwire it.
+ * NOTE: if you change the ivlen above 16, don't forget to
+ * enlarge temp.
+ */
+ sk->protect.ivlen = openpgp_cipher_blocklen (sk->protect.algo);
+ assert (sk->protect.ivlen <= sizeof (temp));
+
+ if( sk->protect.s2k.mode == 1001 )
+ sk->protect.ivlen = 0;
+ else if( sk->protect.s2k.mode == 1002 )
+ sk->protect.ivlen = snlen < 16? snlen : 16;
+
+ if( pktlen < sk->protect.ivlen ) {
+ rc = G10ERR_INVALID_PACKET;
+ goto leave;
+ }
+ for(i=0; i < sk->protect.ivlen && pktlen; i++, pktlen-- )
+ temp[i] = iobuf_get_noeof(inp);
+ if( list_mode ) {
+ fprintf (listfp,
+ sk->protect.s2k.mode == 1002? "\tserial-number: "
+ : "\tprotect IV: ");
+ for(i=0; i < sk->protect.ivlen; i++ )
+ fprintf (listfp, " %02x", temp[i] );
+ putc ('\n', listfp);
+ }
+ memcpy(sk->protect.iv, temp, sk->protect.ivlen );
+ }
+ else
+ sk->is_protected = 0;
+ /* It does not make sense to read it into secure memory.
+ * If the user is so careless, not to protect his secret key,
+ * we can assume, that he operates an open system :=(.
+ * So we put the key into secure memory when we unprotect it. */
+ if( sk->protect.s2k.mode == 1001
+ || sk->protect.s2k.mode == 1002 ) {
+ /* better set some dummy stuff here */
+ sk->skey[npkey] = gcry_mpi_set_opaque(NULL,
+ xstrdup("dummydata"), 10*8);
+ pktlen = 0;
+ }
+ else if( is_v4 && sk->is_protected ) {
+ /* ugly; the length is encrypted too, so we read all
+ * stuff up to the end of the packet into the first
+ * skey element */
+ sk->skey[npkey] = gcry_mpi_set_opaque (NULL,
+ read_rest(inp, pktlen, 0),
+ pktlen*8);
+ pktlen = 0;
+ if( list_mode ) {
+ fprintf (listfp, "\tencrypted stuff follows\n");
+ }
+ }
+ else { /* v3 method: the mpi length is not encrypted */
+ for(i=npkey; i < nskey; i++ ) {
+ if ( sk->is_protected ) {
+ sk->skey[i] = read_protected_v3_mpi (inp, &pktlen);
+ if( list_mode )
+ fprintf (listfp, "\tskey[%d]: [encrypted]\n", i);
+ }
+ else {
+ n = pktlen;
+ sk->skey[i] = mpi_read(inp, &n, 0 );
+ pktlen -=n;
+ if( list_mode ) {
+ fprintf (listfp, "\tskey[%d]: ", i);
+ mpi_print(listfp, sk->skey[i], mpi_print_mode );
+ putc ('\n', listfp);
+ }
+ }
+
+ if (!sk->skey[i])
+ rc = G10ERR_INVALID_PACKET;
+ }
+ if (rc)
+ goto leave;
+
+ sk->csum = read_16(inp); pktlen -= 2;
+ if( list_mode ) {
+ fprintf (listfp, "\tchecksum: %04hx\n", sk->csum);
+ }
+ }
+
+ if (list_mode)
+ keyid_from_sk (sk, keyid);
+ }
+ else {
+ PKT_public_key *pk = pkt->pkt.public_key;
+
+ if( !npkey ) {
+ pk->pkey[0] = gcry_mpi_set_opaque ( NULL,
+ read_rest(inp, pktlen, 0),
+ pktlen*8 );
+ pktlen = 0;
+ goto leave;
+ }
+
+ for(i=0; i < npkey; i++ ) {
+ n = pktlen; pk->pkey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
+ if( list_mode ) {
+ fprintf (listfp, "\tpkey[%d]: ", i);
+ mpi_print(listfp, pk->pkey[i], mpi_print_mode );
+ putc ('\n', listfp);
+ }
+ if (!pk->pkey[i])
+ rc = G10ERR_INVALID_PACKET;
+ }
+ if (rc)
+ goto leave;
+ if (list_mode)
+ keyid_from_pk (pk, keyid);
+ }
+
+ if (list_mode)
+ fprintf (listfp, "\tkeyid: %08lX%08lX\n",
+ (ulong)keyid[0], (ulong)keyid[1]);
+
+ leave:
+ iobuf_skip_rest(inp, pktlen, 0);
+ return rc;
+}
+
+/* Attribute subpackets have the same format as v4 signature
+ subpackets. This is not part of OpenPGP, but is done in several
+ versions of PGP nevertheless. */
+int
+parse_attribute_subpkts(PKT_user_id *uid)
+{
+ size_t n;
+ int count=0;
+ struct user_attribute *attribs=NULL;
+ const byte *buffer=uid->attrib_data;
+ int buflen=uid->attrib_len;
+ byte type;
+
+ xfree(uid->attribs);
+
+ while(buflen)
+ {
+ n = *buffer++; buflen--;
+ if( n == 255 ) { /* 4 byte length header */
+ if( buflen < 4 )
+ goto too_short;
+ n = (buffer[0] << 24) | (buffer[1] << 16)
+ | (buffer[2] << 8) | buffer[3];
+ buffer += 4;
+ buflen -= 4;
+ }
+ else if( n >= 192 ) { /* 2 byte special encoded length header */
+ if( buflen < 2 )
+ goto too_short;
+ n = (( n - 192 ) << 8) + *buffer + 192;
+ buffer++;
+ buflen--;
+ }
+ if( buflen < n )
+ goto too_short;
+
+ attribs=xrealloc(attribs,(count+1)*sizeof(struct user_attribute));
+ memset(&attribs[count],0,sizeof(struct user_attribute));
+
+ type=*buffer;
+ buffer++;
+ buflen--;
+ n--;
+
+ attribs[count].type=type;
+ attribs[count].data=buffer;
+ attribs[count].len=n;
+ buffer+=n;
+ buflen-=n;
+ count++;
+ }
+
+ uid->attribs=attribs;
+ uid->numattribs=count;
+ return count;
+
+ too_short:
+ if(opt.verbose)
+ log_info("buffer shorter than attribute subpacket\n");
+ uid->attribs=attribs;
+ uid->numattribs=count;
+ return count;
+}
+
+
+static int
+parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
+{
+ byte *p;
+
+ /* Cap the size of a user ID at 2k: a value absurdly large enough
+ that there is no sane user ID string (which is printable text
+ as of RFC2440bis) that won't fit in it, but yet small enough to
+ avoid allocation problems. A large pktlen may not be
+ allocatable, and a very large pktlen could actually cause our
+ allocation to wrap around in xmalloc to a small number. */
+
+ if (pktlen > 2048)
+ {
+ log_error ("packet(%d) too large\n", pkttype);
+ iobuf_skip_rest(inp, pktlen, 0);
+ return G10ERR_INVALID_PACKET;
+ }
+
+ packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id + pktlen);
+ packet->pkt.user_id->len = pktlen;
+ packet->pkt.user_id->ref=1;
+
+ p = packet->pkt.user_id->name;
+ for( ; pktlen; pktlen--, p++ )
+ *p = iobuf_get_noeof(inp);
+ *p = 0;
+
+ if( list_mode ) {
+ int n = packet->pkt.user_id->len;
+ fprintf (listfp, ":user ID packet: \"");
+ /* fixme: Hey why don't we replace this with print_string?? */
+ for(p=packet->pkt.user_id->name; n; p++, n-- ) {
+ if( *p >= ' ' && *p <= 'z' )
+ putc (*p, listfp);
+ else
+ fprintf (listfp, "\\x%02x", *p );
+ }
+ fprintf (listfp, "\"\n");
+ }
+ return 0;
+}
+
+
+void
+make_attribute_uidname(PKT_user_id *uid, size_t max_namelen)
+{
+ assert ( max_namelen > 70 );
+ if(uid->numattribs<=0)
+ sprintf(uid->name,"[bad attribute packet of size %lu]",uid->attrib_len);
+ else if(uid->numattribs>1)
+ sprintf(uid->name,"[%d attributes of size %lu]",
+ uid->numattribs,uid->attrib_len);
+ else
+ {
+ /* Only one attribute, so list it as the "user id" */
+
+ if(uid->attribs->type==ATTRIB_IMAGE)
+ {
+ u32 len;
+ byte type;
+
+ if(parse_image_header(uid->attribs,&type,&len))
+ sprintf(uid->name,"[%.20s image of size %lu]",
+ image_type_to_string(type,1),(ulong)len);
+ else
+ sprintf(uid->name,"[invalid image]");
+ }
+ else
+ sprintf(uid->name,"[unknown attribute of size %lu]",
+ (ulong)uid->attribs->len);
+ }
+
+ uid->len = strlen(uid->name);
+}
+
+static int
+parse_attribute( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
+{
+ byte *p;
+
+ (void)pkttype;
+
+#define EXTRA_UID_NAME_SPACE 71
+ packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id
+ + EXTRA_UID_NAME_SPACE);
+ packet->pkt.user_id->ref=1;
+ packet->pkt.user_id->attrib_data = xmalloc(pktlen);
+ packet->pkt.user_id->attrib_len = pktlen;
+
+ p = packet->pkt.user_id->attrib_data;
+ for( ; pktlen; pktlen--, p++ )
+ *p = iobuf_get_noeof(inp);
+
+ /* Now parse out the individual attribute subpackets. This is
+ somewhat pointless since there is only one currently defined
+ attribute type (jpeg), but it is correct by the spec. */
+ parse_attribute_subpkts(packet->pkt.user_id);
+
+ make_attribute_uidname(packet->pkt.user_id, EXTRA_UID_NAME_SPACE);
+
+ if( list_mode ) {
+ fprintf (listfp, ":attribute packet: %s\n", packet->pkt.user_id->name );
+ }
+ return 0;
+}
+
+
+static int
+parse_comment( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
+{
+ byte *p;
+
+ /* Cap comment packet at a reasonable value to avoid an integer
+ overflow in the malloc below. Comment packets are actually not
+ anymore define my OpenPGP and we even stopped to use our
+ private comment packet. */
+ if (pktlen>65536)
+ {
+ log_error ("packet(%d) too large\n", pkttype);
+ iobuf_skip_rest (inp, pktlen, 0);
+ return G10ERR_INVALID_PACKET;
+ }
+ packet->pkt.comment = xmalloc(sizeof *packet->pkt.comment + pktlen - 1);
+ packet->pkt.comment->len = pktlen;
+ p = packet->pkt.comment->data;
+ for( ; pktlen; pktlen--, p++ )
+ *p = iobuf_get_noeof(inp);
+
+ if( list_mode ) {
+ int n = packet->pkt.comment->len;
+ fprintf (listfp, ":%scomment packet: \"", pkttype == PKT_OLD_COMMENT?
+ "OpenPGP draft " : "" );
+ for(p=packet->pkt.comment->data; n; p++, n-- ) {
+ if( *p >= ' ' && *p <= 'z' )
+ putc (*p, listfp);
+ else
+ fprintf (listfp, "\\x%02x", *p );
+ }
+ fprintf (listfp, "\"\n");
+ }
+ return 0;
+}
+
+
+static void
+parse_trust( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt )
+{
+ int c;
+
+ (void)pkttype;
+
+ if (pktlen)
+ {
+ c = iobuf_get_noeof(inp);
+ pktlen--;
+ pkt->pkt.ring_trust = xmalloc( sizeof *pkt->pkt.ring_trust );
+ pkt->pkt.ring_trust->trustval = c;
+ pkt->pkt.ring_trust->sigcache = 0;
+ if (!c && pktlen==1)
+ {
+ c = iobuf_get_noeof (inp);
+ pktlen--;
+ /* we require that bit 7 of the sigcache is 0 (easier eof handling)*/
+ if ( !(c & 0x80) )
+ pkt->pkt.ring_trust->sigcache = c;
+ }
+ if( list_mode )
+ fprintf (listfp, ":trust packet: flag=%02x sigcache=%02x\n",
+ pkt->pkt.ring_trust->trustval,
+ pkt->pkt.ring_trust->sigcache);
+ }
+ else
+ {
+ if( list_mode )
+ fprintf (listfp, ":trust packet: empty\n");
+ }
+ iobuf_skip_rest (inp, pktlen, 0);
+}
+
+
+static int
+parse_plaintext( IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *pkt, int new_ctb, int partial )
+{
+ int rc = 0;
+ int mode, namelen;
+ PKT_plaintext *pt;
+ byte *p;
+ int c, i;
+
+ if( !partial && pktlen < 6 ) {
+ log_error("packet(%d) too short (%lu)\n", pkttype, (ulong)pktlen);
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ mode = iobuf_get_noeof(inp); if( pktlen ) pktlen--;
+ namelen = iobuf_get_noeof(inp); if( pktlen ) pktlen--;
+ /* Note that namelen will never exceed 255 bytes. */
+ pt = pkt->pkt.plaintext = xmalloc(sizeof *pkt->pkt.plaintext + namelen -1);
+ pt->new_ctb = new_ctb;
+ pt->mode = mode;
+ pt->namelen = namelen;
+ pt->is_partial = partial;
+ if( pktlen ) {
+ for( i=0; pktlen > 4 && i < namelen; pktlen--, i++ )
+ pt->name[i] = iobuf_get_noeof(inp);
+ }
+ else {
+ for( i=0; i < namelen; i++ )
+ if( (c=iobuf_get(inp)) == -1 )
+ break;
+ else
+ pt->name[i] = c;
+ }
+ pt->timestamp = read_32(inp); if( pktlen) pktlen -= 4;
+ pt->len = pktlen;
+ pt->buf = inp;
+ pktlen = 0;
+
+ if( list_mode ) {
+ fprintf (listfp, ":literal data packet:\n"
+ "\tmode %c (%X), created %lu, name=\"",
+ mode >= ' ' && mode <'z'? mode : '?', mode,
+ (ulong)pt->timestamp );
+ for(p=pt->name,i=0; i < namelen; p++, i++ ) {
+ if( *p >= ' ' && *p <= 'z' )
+ putc (*p, listfp);
+ else
+ fprintf (listfp, "\\x%02x", *p );
+ }
+ fprintf (listfp, "\",\n\traw data: ");
+ if(partial)
+ fprintf (listfp, "unknown length\n");
+ else
+ fprintf (listfp, "%lu bytes\n", (ulong)pt->len );
+ }
+
+ leave:
+ return rc;
+}
+
+
+static int
+parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *pkt, int new_ctb )
+{
+ PKT_compressed *zd;
+
+ /* PKTLEN is here 0, but data follows (this should be the last
+ object in a file or the compress algorithm should know the
+ length). */
+ (void)pkttype;
+ (void)pktlen;
+
+ zd = pkt->pkt.compressed = xmalloc (sizeof *pkt->pkt.compressed);
+ zd->algorithm = iobuf_get_noeof(inp);
+ zd->len = 0; /* not used */
+ zd->new_ctb = new_ctb;
+ zd->buf = inp;
+ if (list_mode)
+ fprintf (listfp, ":compressed packet: algo=%d\n", zd->algorithm);
+ return 0;
+}
+
+
+static int
+parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *pkt, int new_ctb, int partial )
+{
+ int rc = 0;
+ PKT_encrypted *ed;
+ unsigned long orig_pktlen = pktlen;
+
+ ed = pkt->pkt.encrypted = xmalloc(sizeof *pkt->pkt.encrypted );
+ ed->len = pktlen;
+ /* we don't know the extralen which is (cipher_blocksize+2)
+ because the algorithm ist not specified in this packet.
+ However, it is only important to know this for some sanity
+ checks on the packet length - it doesn't matter that we can't
+ do it */
+ ed->extralen = 0;
+ ed->buf = NULL;
+ ed->new_ctb = new_ctb;
+ ed->is_partial = partial;
+ ed->mdc_method = 0;
+ if( pkttype == PKT_ENCRYPTED_MDC ) {
+ /* fixme: add some pktlen sanity checks */
+ int version;
+
+ version = iobuf_get_noeof(inp);
+ if (orig_pktlen)
+ pktlen--;
+ if( version != 1 ) {
+ log_error("encrypted_mdc packet with unknown version %d\n",
+ version);
+ /*skip_rest(inp, pktlen); should we really do this? */
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ ed->mdc_method = DIGEST_ALGO_SHA1;
+ }
+ if( orig_pktlen && pktlen < 10 ) { /* actually this is blocksize+2 */
+ log_error("packet(%d) too short\n", pkttype);
+ rc = G10ERR_INVALID_PACKET;
+ iobuf_skip_rest(inp, pktlen, partial);
+ goto leave;
+ }
+ if( list_mode ) {
+ if( orig_pktlen )
+ fprintf (listfp, ":encrypted data packet:\n\tlength: %lu\n",
+ orig_pktlen);
+ else
+ fprintf (listfp, ":encrypted data packet:\n\tlength: unknown\n");
+ if( ed->mdc_method )
+ fprintf (listfp, "\tmdc_method: %d\n", ed->mdc_method );
+ }
+
+ ed->buf = inp;
+
+ leave:
+ return rc;
+}
+
+
+/* Note, that this code is not anymore used in real life because now
+ the MDC checking is done right after the encryption in
+ decrypt_data. */
+static int
+parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *pkt, int new_ctb)
+{
+ int rc = 0;
+ PKT_mdc *mdc;
+ byte *p;
+
+ (void)pkttype;
+
+ mdc = pkt->pkt.mdc = xmalloc(sizeof *pkt->pkt.mdc );
+ if (list_mode)
+ fprintf (listfp, ":mdc packet: length=%lu\n", pktlen);
+ if (!new_ctb || pktlen != 20)
+ {
+ log_error("mdc_packet with invalid encoding\n");
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ p = mdc->hash;
+ for (; pktlen; pktlen--, p++)
+ *p = iobuf_get_noeof(inp);
+
+ leave:
+ return rc;
+}
+
+
+/*
+ * This packet is internally generated by PGG (by armor.c) to
+ * transfer some information to the lower layer. To make sure that
+ * this packet is really a GPG faked one and not one comming from outside,
+ * we first check that tehre is a unique tag in it.
+ * The format of such a control packet is:
+ * n byte session marker
+ * 1 byte control type CTRLPKT_xxxxx
+ * m byte control data
+ */
+
+static int
+parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
+ PACKET *packet, int partial)
+{
+ byte *p;
+ const byte *sesmark;
+ size_t sesmarklen;
+ int i;
+
+ (void)pkttype;
+
+ if ( list_mode )
+ fprintf (listfp, ":packet 63: length %lu ", pktlen);
+
+ sesmark = get_session_marker ( &sesmarklen );
+ if ( pktlen < sesmarklen+1 ) /* 1 is for the control bytes */
+ goto skipit;
+ for( i=0; i < sesmarklen; i++, pktlen-- ) {
+ if ( sesmark[i] != iobuf_get_noeof(inp) )
+ goto skipit;
+ }
+ if (pktlen > 4096)
+ goto skipit; /* Definitely too large. We skip it to avoid an
+ overflow in the malloc. */
+ if ( list_mode )
+ puts ("- gpg control packet");
+
+ packet->pkt.gpg_control = xmalloc(sizeof *packet->pkt.gpg_control
+ + pktlen - 1);
+ packet->pkt.gpg_control->control = iobuf_get_noeof(inp); pktlen--;
+ packet->pkt.gpg_control->datalen = pktlen;
+ p = packet->pkt.gpg_control->data;
+ for( ; pktlen; pktlen--, p++ )
+ *p = iobuf_get_noeof(inp);
+
+ return 0;
+
+ skipit:
+ if ( list_mode ) {
+ int c;
+
+ i=0;
+ fprintf (listfp, "- private (rest length %lu)\n", pktlen);
+ if( partial ) {
+ while( (c=iobuf_get(inp)) != -1 )
+ dump_hex_line(c, &i);
+ }
+ else {
+ for( ; pktlen; pktlen-- )
+ {
+ dump_hex_line ((c=iobuf_get (inp)), &i);
+ if (c == -1)
+ break;
+ }
+ }
+ putc ('\n', listfp);
+ }
+ iobuf_skip_rest(inp,pktlen, 0);
+ return gpg_error (GPG_ERR_INV_PACKET);
+}
+
+/* create a gpg control packet to be used internally as a placeholder */
+PACKET *
+create_gpg_control( ctrlpkttype_t type, const byte *data, size_t datalen )
+{
+ PACKET *packet;
+ byte *p;
+
+ packet = xmalloc( sizeof *packet );
+ init_packet(packet);
+ packet->pkttype = PKT_GPG_CONTROL;
+ packet->pkt.gpg_control = xmalloc(sizeof *packet->pkt.gpg_control
+ + datalen - 1);
+ packet->pkt.gpg_control->control = type;
+ packet->pkt.gpg_control->datalen = datalen;
+ p = packet->pkt.gpg_control->data;
+ for( ; datalen; datalen--, p++ )
+ *p = *data++;
+
+ return packet;
+}
diff --git a/g10/passphrase.c b/g10/passphrase.c
new file mode 100644
index 0000000..2133de5
--- /dev/null
+++ b/g10/passphrase.c
@@ -0,0 +1,685 @@
+/* passphrase.c - Get a passphrase
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ * 2005, 2006, 2007, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <assert.h>
+#include <errno.h>
+#ifdef HAVE_LOCALE_H
+#include <locale.h>
+#endif
+#ifdef HAVE_LANGINFO_CODESET
+#include <langinfo.h>
+#endif
+
+#include "gpg.h"
+#include "util.h"
+#include "options.h"
+#include "ttyio.h"
+#include "cipher.h"
+#include "keydb.h"
+#include "main.h"
+#include "i18n.h"
+#include "status.h"
+#include "call-agent.h"
+
+
+static char *fd_passwd = NULL;
+static char *next_pw = NULL;
+static char *last_pw = NULL;
+
+
+
+/* Pack an s2k iteration count into the form specified in 2440. If
+ we're in between valid values, round up. With value 0 return the
+ old default. */
+unsigned char
+encode_s2k_iterations (int iterations)
+{
+ gpg_error_t err;
+ unsigned char c=0;
+ unsigned char result;
+ unsigned int count;
+
+ if (!iterations)
+ {
+ unsigned long mycnt;
+
+ /* Ask the gpg-agent for a useful iteration count. */
+ err = agent_get_s2k_count (&mycnt);
+ if (err || mycnt < 65536)
+ {
+ /* Don't print an error if an older agent is used. */
+ if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
+ log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
+ /* Default to 65536 which we used up to 2.0.13. */
+ return 96;
+ }
+ else if (mycnt >= 65011712)
+ return 255; /* Largest possible value. */
+ else
+ return encode_s2k_iterations ((int)mycnt);
+ }
+
+ if (iterations <= 1024)
+ return 0; /* Command line arg compatibility. */
+
+ if (iterations >= 65011712)
+ return 255;
+
+ /* Need count to be in the range 16-31 */
+ for (count=iterations>>6; count>=32; count>>=1)
+ c++;
+
+ result = (c<<4)|(count-16);
+
+ if (S2K_DECODE_COUNT(result) < iterations)
+ result++;
+
+ return result;
+}
+
+
+
+/* Hash a passphrase using the supplied s2k.
+ Always needs: dek->algo, s2k->mode, s2k->hash_algo. */
+static void
+hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
+{
+ gcry_md_hd_t md;
+ int pass, i;
+ int used = 0;
+ int pwlen = strlen(pw);
+
+ assert ( s2k->hash_algo );
+ dek->keylen = openpgp_cipher_get_algo_keylen (dek->algo);
+ if ( !(dek->keylen > 0 && dek->keylen <= DIM(dek->key)) )
+ BUG();
+
+ if (gcry_md_open (&md, s2k->hash_algo, 1))
+ BUG ();
+ for (pass=0; used < dek->keylen ; pass++ )
+ {
+ if ( pass )
+ {
+ gcry_md_reset (md);
+ for (i=0; i < pass; i++ ) /* Preset the hash context. */
+ gcry_md_putc (md, 0 );
+ }
+
+ if ( s2k->mode == 1 || s2k->mode == 3 )
+ {
+ int len2 = pwlen + 8;
+ ulong count = len2;
+
+ if ( s2k->mode == 3 )
+ {
+ count = S2K_DECODE_COUNT(s2k->count);
+ if ( count < len2 )
+ count = len2;
+ }
+
+ /* Fixme: To avoid DoS attacks by sending an sym-encrypted
+ packet with a very high S2K count, we should either cap
+ the iteration count or CPU seconds based timeout. */
+
+ /* A little bit complicated because we need a ulong for count. */
+ while ( count > len2 ) /* maybe iterated+salted */
+ {
+ gcry_md_write ( md, s2k->salt, 8 );
+ gcry_md_write ( md, pw, pwlen );
+ count -= len2;
+ }
+ if ( count < 8 )
+ gcry_md_write ( md, s2k->salt, count );
+ else
+ {
+ gcry_md_write ( md, s2k->salt, 8 );
+ count -= 8;
+ gcry_md_write ( md, pw, count );
+ }
+ }
+ else
+ gcry_md_write ( md, pw, pwlen );
+ gcry_md_final( md );
+
+ i = gcry_md_get_algo_dlen ( s2k->hash_algo );
+ if ( i > dek->keylen - used )
+ i = dek->keylen - used;
+
+ memcpy (dek->key+used, gcry_md_read (md, s2k->hash_algo), i);
+ used += i;
+ }
+ gcry_md_close(md);
+}
+
+
+
+int
+have_static_passphrase()
+{
+ return !!fd_passwd && opt.batch;
+}
+
+/****************
+ * Set the passphrase to be used for the next query and only for the next
+ * one.
+ */
+void
+set_next_passphrase( const char *s )
+{
+ xfree(next_pw);
+ next_pw = NULL;
+ if ( s )
+ {
+ next_pw = xmalloc_secure( strlen(s)+1 );
+ strcpy (next_pw, s );
+ }
+}
+
+/****************
+ * Get the last passphrase used in passphrase_to_dek.
+ * Note: This removes the passphrase from this modules and
+ * the caller must free the result. May return NULL:
+ */
+char *
+get_last_passphrase()
+{
+ char *p = last_pw;
+ last_pw = NULL;
+ return p;
+}
+
+/* As if we had used the passphrase - make it the last_pw. */
+void
+next_to_last_passphrase(void)
+{
+ if (next_pw)
+ {
+ last_pw=next_pw;
+ next_pw=NULL;
+ }
+}
+
+/* Here's an interesting question: since this passphrase was passed in
+ on the command line, is there really any point in using secure
+ memory for it? I'm going with 'yes', since it doesn't hurt, and
+ might help in some small way (swapping). */
+
+void
+set_passphrase_from_string(const char *pass)
+{
+ xfree (fd_passwd);
+ fd_passwd = xmalloc_secure(strlen(pass)+1);
+ strcpy (fd_passwd, pass);
+}
+
+
+void
+read_passphrase_from_fd( int fd )
+{
+ int i, len;
+ char *pw;
+
+ if ( !opt.batch )
+ { /* Not used but we have to do a dummy read, so that it won't end
+ up at the begin of the message if the quite usual trick to
+ prepend the passphtrase to the message is used. */
+ char buf[1];
+
+ while (!(read (fd, buf, 1) != 1 || *buf == '\n' ))
+ ;
+ *buf = 0;
+ return;
+ }
+
+ for (pw = NULL, i = len = 100; ; i++ )
+ {
+ if (i >= len-1 )
+ {
+ char *pw2 = pw;
+ len += 100;
+ pw = xmalloc_secure( len );
+ if( pw2 )
+ {
+ memcpy(pw, pw2, i );
+ xfree (pw2);
+ }
+ else
+ i=0;
+ }
+ if (read( fd, pw+i, 1) != 1 || pw[i] == '\n' )
+ break;
+ }
+ pw[i] = 0;
+ if (!opt.batch)
+ tty_printf("\b\b\b \n" );
+
+ xfree ( fd_passwd );
+ fd_passwd = pw;
+}
+
+
+/*
+ * Ask the GPG Agent for the passphrase.
+ * Mode 0: Allow cached passphrase
+ * 1: No cached passphrase; that is we are asking for a new passphrase
+ * FIXME: Only partially implemented
+ *
+ * Note that TRYAGAIN_TEXT must not be translated. If CANCELED is not
+ * NULL, the function does set it to 1 if the user canceled the
+ * operation. If CACHEID is not NULL, it will be used as the cacheID
+ * for the gpg-agent; if is NULL and a key fingerprint can be
+ * computed, this will be used as the cacheid.
+ */
+static char *
+passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
+ const char *tryagain_text,
+ const char *custom_description,
+ const char *custom_prompt, int *canceled)
+{
+ int rc;
+ char *atext = NULL;
+ char *pw = NULL;
+ PKT_public_key *pk = xmalloc_clear( sizeof *pk );
+ byte fpr[MAX_FINGERPRINT_LEN];
+ int have_fpr = 0;
+ char *orig_codeset;
+ char *my_prompt;
+ char hexfprbuf[20*2+1];
+ const char *my_cacheid;
+ int check = (mode == 1);
+
+ if (canceled)
+ *canceled = 0;
+
+#if MAX_FINGERPRINT_LEN < 20
+#error agent needs a 20 byte fingerprint
+#endif
+
+ memset (fpr, 0, MAX_FINGERPRINT_LEN );
+ if( keyid && get_pubkey( pk, keyid ) )
+ {
+ if (pk)
+ free_public_key( pk );
+ pk = NULL; /* oops: no key for some reason */
+ }
+
+ orig_codeset = i18n_switchto_utf8 ();
+
+ if (custom_description)
+ atext = native_to_utf8 (custom_description);
+ else if ( !mode && pk && keyid )
+ {
+ char *uid;
+ size_t uidlen;
+ const char *algo_name = gcry_pk_algo_name ( pk->pubkey_algo );
+ const char *timestr;
+ char *maink;
+
+ if ( !algo_name )
+ algo_name = "?";
+
+#define KEYIDSTRING _(" (main key ID %s)")
+
+ maink = xmalloc ( strlen (KEYIDSTRING) + keystrlen() + 20 );
+ if( keyid[2] && keyid[3] && keyid[0] != keyid[2]
+ && keyid[1] != keyid[3] )
+ sprintf( maink, KEYIDSTRING, keystr(&keyid[2]) );
+ else
+ *maink = 0;
+
+ uid = get_user_id ( keyid, &uidlen );
+ timestr = strtimestamp (pk->timestamp);
+
+#undef KEYIDSTRING
+
+#define PROMPTSTRING _("Please enter the passphrase to unlock the" \
+ " secret key for the OpenPGP certificate:\n" \
+ "\"%.*s\"\n" \
+ "%u-bit %s key, ID %s,\n" \
+ "created %s%s.\n" )
+
+ atext = xmalloc ( 100 + strlen (PROMPTSTRING)
+ + uidlen + 15 + strlen(algo_name) + keystrlen()
+ + strlen (timestr) + strlen (maink) );
+ sprintf (atext, PROMPTSTRING,
+ (int)uidlen, uid,
+ nbits_from_pk (pk), algo_name, keystr(&keyid[0]), timestr,
+ maink );
+ xfree (uid);
+ xfree (maink);
+
+#undef PROMPTSTRING
+
+ {
+ size_t dummy;
+ fingerprint_from_pk( pk, fpr, &dummy );
+ have_fpr = 1;
+ }
+
+ }
+ else
+ atext = xstrdup ( _("Enter passphrase\n") );
+
+
+ if (!mode && cacheid)
+ my_cacheid = cacheid;
+ else if (!mode && have_fpr)
+ my_cacheid = bin2hex (fpr, 20, hexfprbuf);
+ else
+ my_cacheid = NULL;
+
+ if (tryagain_text)
+ tryagain_text = _(tryagain_text);
+
+ my_prompt = custom_prompt ? native_to_utf8 (custom_prompt): NULL;
+
+ rc = agent_get_passphrase (my_cacheid, tryagain_text, my_prompt, atext,
+ repeat, check, &pw);
+
+ xfree (my_prompt);
+ xfree (atext); atext = NULL;
+
+ i18n_switchback (orig_codeset);
+
+
+ if (!rc)
+ ;
+ else if ( gpg_err_code (rc) == GPG_ERR_CANCELED )
+ {
+ log_info (_("cancelled by user\n") );
+ if (canceled)
+ *canceled = 1;
+ }
+ else
+ {
+ log_error (_("problem with the agent: %s\n"), gpg_strerror (rc));
+ /* Due to limitations in the API of the upper layers they
+ consider an error as no passphrase entered. This works in
+ most cases but not during key creation where this should
+ definitely not happen and let it continue without requiring a
+ passphrase. Given that now all the upper layers handle a
+ cancel correctly, we simply set the cancel flag now for all
+ errors from the agent. */
+ if (canceled)
+ *canceled = 1;
+
+ write_status_error ("get_passphrase", rc);
+ }
+
+ if (pk)
+ free_public_key( pk );
+ if (rc)
+ {
+ xfree (pw);
+ return NULL;
+ }
+ return pw;
+}
+
+
+/*
+ * Clear the cached passphrase. If CACHEID is not NULL, it will be
+ * used instead of a cache ID derived from KEYID.
+ */
+void
+passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
+{
+ int rc;
+
+ (void)algo;
+
+ if (!cacheid)
+ {
+ PKT_public_key *pk;
+# if MAX_FINGERPRINT_LEN < 20
+# error agent needs a 20 byte fingerprint
+# endif
+ byte fpr[MAX_FINGERPRINT_LEN];
+ char hexfprbuf[2*20+1];
+ size_t dummy;
+
+ pk = xcalloc (1, sizeof *pk);
+ if ( !keyid || get_pubkey( pk, keyid ) )
+ {
+ log_error ("key not found in passphrase_clear_cache\n");
+ free_public_key (pk);
+ return;
+ }
+ memset (fpr, 0, MAX_FINGERPRINT_LEN );
+ fingerprint_from_pk ( pk, fpr, &dummy );
+ bin2hex (fpr, 20, hexfprbuf);
+ rc = agent_clear_passphrase (hexfprbuf);
+ free_public_key ( pk );
+ }
+ else
+ rc = agent_clear_passphrase (cacheid);
+
+ if (rc)
+ log_error (_("problem with the agent: %s\n"), gpg_strerror (rc));
+}
+
+
+/* Return a new DEK object Using the string-to-key sepcifier S2K. Use
+ KEYID and PUBKEY_ALGO to prompt the user. Returns NULL is the user
+ selected to cancel the passphrase entry and if CANCELED is not
+ NULL, sets it to true.
+
+ MODE 0: Allow cached passphrase
+ 1: Ignore cached passphrase
+ 2: Ditto, but create a new key
+ 3: Allow cached passphrase; use the S2K salt as the cache ID
+ 4: Ditto, but create a new key
+*/
+DEK *
+passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
+ int cipher_algo, STRING2KEY *s2k, int mode,
+ const char *tryagain_text,
+ const char *custdesc, const char *custprompt,
+ int *canceled)
+{
+ char *pw = NULL;
+ DEK *dek;
+ STRING2KEY help_s2k;
+ int dummy_canceled;
+ char s2k_cacheidbuf[1+16+1], *s2k_cacheid = NULL;
+
+ if (!canceled)
+ canceled = &dummy_canceled;
+ *canceled = 0;
+
+ if ( !s2k )
+ {
+ assert (mode != 3 && mode != 4);
+ /* This is used for the old rfc1991 mode
+ * Note: This must match the code in encode.c with opt.rfc1991 set */
+ s2k = &help_s2k;
+ s2k->mode = 0;
+ s2k->hash_algo = S2K_DIGEST_ALGO;
+ }
+
+ /* Create a new salt or what else to be filled into the s2k for a
+ new key. */
+ if ((mode == 2 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3))
+ {
+ gcry_randomize (s2k->salt, 8, GCRY_STRONG_RANDOM);
+ if ( s2k->mode == 3 )
+ {
+ /* We delay the encoding until it is really needed. This is
+ if we are going to dynamically calibrate it, we need to
+ call out to gpg-agent and that should not be done during
+ option processing in main(). */
+ if (!opt.s2k_count)
+ opt.s2k_count = encode_s2k_iterations (0);
+ s2k->count = opt.s2k_count;
+ }
+ }
+
+ /* If we do not have a passphrase available in NEXT_PW and status
+ information are request, we print them now. */
+ if ( !next_pw && is_status_enabled() )
+ {
+ char buf[50];
+
+ if ( keyid )
+ {
+ u32 used_kid[2];
+ char *us;
+
+ if ( keyid[2] && keyid[3] )
+ {
+ used_kid[0] = keyid[2];
+ used_kid[1] = keyid[3];
+ }
+ else
+ {
+ used_kid[0] = keyid[0];
+ used_kid[1] = keyid[1];
+ }
+
+ us = get_long_user_id_string ( keyid );
+ write_status_text ( STATUS_USERID_HINT, us );
+ xfree(us);
+
+ snprintf (buf, sizeof buf -1, "%08lX%08lX %08lX%08lX %d 0",
+ (ulong)keyid[0], (ulong)keyid[1],
+ (ulong)used_kid[0], (ulong)used_kid[1],
+ pubkey_algo );
+
+ write_status_text ( STATUS_NEED_PASSPHRASE, buf );
+ }
+ else
+ {
+ snprintf (buf, sizeof buf -1, "%d %d %d",
+ cipher_algo, s2k->mode, s2k->hash_algo );
+ write_status_text ( STATUS_NEED_PASSPHRASE_SYM, buf );
+ }
+ }
+
+ /* If we do have a keyID, we do not have a passphrase available in
+ NEXT_PW, we are not running in batch mode and we do not want to
+ ignore the passphrase cache (mode!=1), print a prompt with
+ information on that key. */
+ if ( keyid && !opt.batch && !next_pw && mode!=1 )
+ {
+ PKT_public_key *pk = xmalloc_clear( sizeof *pk );
+ char *p;
+
+ p = get_user_id_native(keyid);
+ tty_printf ("\n");
+ tty_printf (_("You need a passphrase to unlock the secret key for\n"
+ "user: \"%s\"\n"),p);
+ xfree(p);
+
+ if ( !get_pubkey( pk, keyid ) )
+ {
+ const char *s = gcry_pk_algo_name ( pk->pubkey_algo );
+
+ tty_printf (_("%u-bit %s key, ID %s, created %s"),
+ nbits_from_pk( pk ), s?s:"?", keystr(keyid),
+ strtimestamp(pk->timestamp) );
+ if ( keyid[2] && keyid[3]
+ && keyid[0] != keyid[2] && keyid[1] != keyid[3] )
+ {
+ if ( keystrlen () > 10 )
+ {
+ tty_printf ("\n");
+ tty_printf (_(" (subkey on main key ID %s)"),
+ keystr(&keyid[2]) );
+ }
+ else
+ tty_printf ( _(" (main key ID %s)"), keystr(&keyid[2]) );
+ }
+ tty_printf("\n");
+ }
+
+ tty_printf("\n");
+ if (pk)
+ free_public_key( pk );
+ }
+
+ if ( next_pw )
+ {
+ /* Simply return the passphrase we already have in NEXT_PW. */
+ pw = next_pw;
+ next_pw = NULL;
+ }
+ else if ( have_static_passphrase () )
+ {
+ /* Return the passphrase we have stored in FD_PASSWD. */
+ pw = xmalloc_secure ( strlen(fd_passwd)+1 );
+ strcpy ( pw, fd_passwd );
+ }
+ else
+ {
+ if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3))
+ {
+ memset (s2k_cacheidbuf, 0, sizeof s2k_cacheidbuf);
+ *s2k_cacheidbuf = 'S';
+ bin2hex (s2k->salt, 8, s2k_cacheidbuf + 1);
+ s2k_cacheid = s2k_cacheidbuf;
+ }
+
+ /* Divert to the gpg-agent. */
+ pw = passphrase_get (keyid, mode == 2, s2k_cacheid,
+ (mode == 2 || mode == 4)? opt.passphrase_repeat : 0,
+ tryagain_text, custdesc, custprompt, canceled);
+ if (*canceled)
+ {
+ xfree (pw);
+ write_status( STATUS_MISSING_PASSPHRASE );
+ return NULL;
+ }
+ }
+
+ if ( !pw || !*pw )
+ write_status( STATUS_MISSING_PASSPHRASE );
+
+ /* Hash the passphrase and store it in a newly allocated DEK object.
+ Keep a copy of the passphrase in LAST_PW for use by
+ get_last_passphrase(). */
+ dek = xmalloc_secure_clear ( sizeof *dek );
+ dek->algo = cipher_algo;
+ if ( (!pw || !*pw) && (mode == 2 || mode == 4))
+ dek->keylen = 0;
+ else
+ hash_passphrase (dek, pw, s2k);
+ if (s2k_cacheid)
+ memcpy (dek->s2k_cacheid, s2k_cacheid, sizeof dek->s2k_cacheid);
+ xfree(last_pw);
+ last_pw = pw;
+ return dek;
+}
+
+
+DEK *
+passphrase_to_dek (u32 *keyid, int pubkey_algo,
+ int cipher_algo, STRING2KEY *s2k, int mode,
+ const char *tryagain_text, int *canceled)
+{
+ return passphrase_to_dek_ext (keyid, pubkey_algo, cipher_algo,
+ s2k, mode, tryagain_text, NULL, NULL,
+ canceled);
+}
diff --git a/g10/photoid.c b/g10/photoid.c
new file mode 100644
index 0000000..37156f2
--- /dev/null
+++ b/g10/photoid.c
@@ -0,0 +1,375 @@
+/* photoid.c - photo ID handling code
+ * Copyright (C) 2001, 2002, 2005, 2006, 2008, 2011 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#ifdef _WIN32
+# include <windows.h>
+# ifndef VER_PLATFORM_WIN32_WINDOWS
+# define VER_PLATFORM_WIN32_WINDOWS 1
+# endif
+#endif
+
+#include "gpg.h"
+#include "packet.h"
+#include "status.h"
+#include "exec.h"
+#include "keydb.h"
+#include "util.h"
+#include "i18n.h"
+#include "iobuf.h"
+#include "options.h"
+#include "main.h"
+#include "photoid.h"
+#include "ttyio.h"
+#include "trustdb.h"
+
+/* Generate a new photo id packet, or return NULL if canceled.
+ FIXME: Should we add a duplicates check similar to generate_user_id? */
+PKT_user_id *
+generate_photo_id(PKT_public_key *pk,const char *photo_name)
+{
+ PKT_user_id *uid;
+ int error=1,i;
+ unsigned int len;
+ char *filename;
+ byte *photo=NULL;
+ byte header[16];
+ IOBUF file;
+ int overflow;
+
+ header[0]=0x10; /* little side of photo header length */
+ header[1]=0; /* big side of photo header length */
+ header[2]=1; /* 1 == version of photo header */
+ header[3]=1; /* 1 == JPEG */
+
+ for(i=4;i<16;i++) /* The reserved bytes */
+ header[i]=0;
+
+#define EXTRA_UID_NAME_SPACE 71
+ uid=xmalloc_clear(sizeof(*uid)+71);
+
+ if(photo_name && *photo_name)
+ filename=make_filename(photo_name,(void *)NULL);
+ else
+ {
+ tty_printf(_("\nPick an image to use for your photo ID."
+ " The image must be a JPEG file.\n"
+ "Remember that the image is stored within your public key."
+ " If you use a\n"
+ "very large picture, your key will become very large"
+ " as well!\n"
+ "Keeping the image close to 240x288 is a good size"
+ " to use.\n"));
+ filename=NULL;
+ }
+
+ while(photo==NULL)
+ {
+ if(filename==NULL)
+ {
+ char *tempname;
+
+ tty_printf("\n");
+
+ tty_enable_completion(NULL);
+
+ tempname=cpr_get("photoid.jpeg.add",
+ _("Enter JPEG filename for photo ID: "));
+
+ tty_disable_completion();
+
+ filename=make_filename(tempname,(void *)NULL);
+
+ xfree(tempname);
+
+ if(strlen(filename)==0)
+ goto scram;
+ }
+
+ file=iobuf_open(filename);
+ if (file && is_secured_file (iobuf_get_fd (file)))
+ {
+ iobuf_close (file);
+ file = NULL;
+ errno = EPERM;
+ }
+ if(!file)
+ {
+ log_error(_("unable to open JPEG file `%s': %s\n"),
+ filename,strerror(errno));
+ xfree(filename);
+ filename=NULL;
+ continue;
+ }
+
+
+ len=iobuf_get_filelength(file, &overflow);
+ if(len>6144 || overflow)
+ {
+ tty_printf( _("This JPEG is really large (%d bytes) !\n"),len);
+ if(!cpr_get_answer_is_yes("photoid.jpeg.size",
+ _("Are you sure you want to use it? (y/N) ")))
+ {
+ iobuf_close(file);
+ xfree(filename);
+ filename=NULL;
+ continue;
+ }
+ }
+
+ photo=xmalloc(len);
+ iobuf_read(file,photo,len);
+ iobuf_close(file);
+
+ /* Is it a JPEG? */
+ if(photo[0]!=0xFF || photo[1]!=0xD8)
+ {
+ log_error(_("`%s' is not a JPEG file\n"),filename);
+ xfree(photo);
+ photo=NULL;
+ xfree(filename);
+ filename=NULL;
+ continue;
+ }
+
+ /* Build the packet */
+ build_attribute_subpkt(uid,1,photo,len,header,16);
+ parse_attribute_subpkts(uid);
+ make_attribute_uidname(uid, EXTRA_UID_NAME_SPACE);
+
+ /* Showing the photo is not safe when noninteractive since the
+ "user" may not be able to dismiss a viewer window! */
+ if(opt.command_fd==-1)
+ {
+ show_photos(uid->attribs,uid->numattribs,pk,NULL,uid);
+ switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay",
+ _("Is this photo correct (y/N/q)? ")))
+ {
+ case -1:
+ goto scram;
+ case 0:
+ free_attributes(uid);
+ xfree(photo);
+ photo=NULL;
+ xfree(filename);
+ filename=NULL;
+ continue;
+ }
+ }
+ }
+
+ error=0;
+ uid->ref=1;
+
+ scram:
+ xfree(filename);
+ xfree(photo);
+
+ if(error)
+ {
+ free_attributes(uid);
+ xfree(uid);
+ return NULL;
+ }
+
+ return uid;
+}
+
+/* Returns 0 for error, 1 for valid */
+int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len)
+{
+ u16 headerlen;
+
+ if(attr->len<3)
+ return 0;
+
+ /* For historical reasons (i.e. "oops!"), the header length is
+ little endian. */
+ headerlen=(attr->data[1]<<8) | attr->data[0];
+
+ if(headerlen>attr->len)
+ return 0;
+
+ if(type && attr->len>=4)
+ {
+ if(attr->data[2]==1) /* header version 1 */
+ *type=attr->data[3];
+ else
+ *type=0;
+ }
+
+ *len=attr->len-headerlen;
+
+ if(*len==0)
+ return 0;
+
+ return 1;
+}
+
+/* style==0 for extension, 1 for name, 2 for MIME type. Remember that
+ the "name" style string could be used in a user ID name field, so
+ make sure it is not too big (see parse-packet.c:parse_attribute).
+ Extensions should be 3 characters long for the best cross-platform
+ compatibility. */
+char *image_type_to_string(byte type,int style)
+{
+ char *string;
+
+ switch(type)
+ {
+ case 1: /* jpeg */
+ if(style==0)
+ string="jpg";
+ else if(style==1)
+ string="jpeg";
+ else
+ string="image/jpeg";
+ break;
+
+ default:
+ if(style==0)
+ string="bin";
+ else if(style==1)
+ string="unknown";
+ else
+ string="image/x-unknown";
+ break;
+ }
+
+ return string;
+}
+
+#if !defined(FIXED_PHOTO_VIEWER) && !defined(DISABLE_PHOTO_VIEWER)
+static const char *get_default_photo_command(void)
+{
+#if defined(_WIN32)
+ OSVERSIONINFO osvi;
+
+ memset(&osvi,0,sizeof(osvi));
+ osvi.dwOSVersionInfoSize=sizeof(osvi);
+ GetVersionEx(&osvi);
+
+ if(osvi.dwPlatformId==VER_PLATFORM_WIN32_WINDOWS)
+ return "start /w %i";
+ else
+ return "cmd /c start /w %i";
+#elif defined(__APPLE__)
+ /* OS X. This really needs more than just __APPLE__. */
+ return "open %I";
+#elif defined(__riscos__)
+ return "Filer_Run %I";
+#else
+ return "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin";
+#endif
+}
+#endif
+
+void
+show_photos(const struct user_attribute *attrs,
+ int count,PKT_public_key *pk,PKT_secret_key *sk,
+ PKT_user_id *uid)
+{
+#ifndef DISABLE_PHOTO_VIEWER
+ int i;
+ struct expando_args args;
+ u32 len;
+ u32 kid[2]={0,0};
+
+ memset(&args,0,sizeof(args));
+ args.pk=pk;
+ args.sk=sk;
+ args.validity_info=get_validity_info(pk,uid);
+ args.validity_string=get_validity_string(pk,uid);
+
+ if(pk)
+ keyid_from_pk(pk,kid);
+ else if(sk)
+ keyid_from_sk(sk,kid);
+
+ for(i=0;i<count;i++)
+ if(attrs[i].type==ATTRIB_IMAGE &&
+ parse_image_header(&attrs[i],&args.imagetype,&len))
+ {
+ char *command,*name;
+ struct exec_info *spawn;
+ int offset=attrs[i].len-len;
+
+#ifdef FIXED_PHOTO_VIEWER
+ opt.photo_viewer=FIXED_PHOTO_VIEWER;
+#else
+ if(!opt.photo_viewer)
+ opt.photo_viewer=get_default_photo_command();
+#endif
+
+ /* make command grow */
+ command=pct_expando(opt.photo_viewer,&args);
+ if(!command)
+ goto fail;
+
+ name=xmalloc(16+strlen(EXTSEP_S)+
+ strlen(image_type_to_string(args.imagetype,0))+1);
+
+ /* Make the filename. Notice we are not using the image
+ encoding type for more than cosmetics. Most external image
+ viewers can handle a multitude of types, and even if one
+ cannot understand a particular type, we have no way to know
+ which. The spec permits this, by the way. -dms */
+
+#ifdef USE_ONLY_8DOT3
+ sprintf(name,"%08lX" EXTSEP_S "%s",(ulong)kid[1],
+ image_type_to_string(args.imagetype,0));
+#else
+ sprintf(name,"%08lX%08lX" EXTSEP_S "%s",(ulong)kid[0],(ulong)kid[1],
+ image_type_to_string(args.imagetype,0));
+#endif
+
+ if(exec_write(&spawn,NULL,command,name,1,1)!=0)
+ {
+ xfree(name);
+ goto fail;
+ }
+
+#ifdef __riscos__
+ riscos_set_filetype_by_mimetype(spawn->tempfile_in,
+ image_type_to_string(args.imagetype,2));
+#endif
+
+ xfree(name);
+
+ fwrite(&attrs[i].data[offset],attrs[i].len-offset,1,spawn->tochild);
+
+ if(exec_read(spawn)!=0)
+ {
+ exec_finish(spawn);
+ goto fail;
+ }
+
+ if(exec_finish(spawn)!=0)
+ goto fail;
+ }
+
+ return;
+
+ fail:
+ log_error(_("unable to display photo ID!\n"));
+#endif
+}
diff --git a/g10/photoid.h b/g10/photoid.h
new file mode 100644
index 0000000..58728ed
--- /dev/null
+++ b/g10/photoid.h
@@ -0,0 +1,33 @@
+/* photoid.h
+ * Copyright (C) 2001, 2002, 2005, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* Photo ID functions */
+
+#ifndef _PHOTOID_H_
+#define _PHOTOID_H_
+
+#include "packet.h"
+
+PKT_user_id *generate_photo_id(PKT_public_key *pk,const char *filename);
+int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len);
+char *image_type_to_string(byte type,int style);
+void show_photos(const struct user_attribute *attrs,int count,
+ PKT_public_key *pk,PKT_secret_key *sk,PKT_user_id *uid);
+
+#endif /* !_PHOTOID_H_ */
diff --git a/g10/pkclist.c b/g10/pkclist.c
new file mode 100644
index 0000000..7ad9755
--- /dev/null
+++ b/g10/pkclist.c
@@ -0,0 +1,1531 @@
+/* pkclist.c - create a list of public keys
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ * 2008, 2009, 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "packet.h"
+#include "status.h"
+#include "keydb.h"
+#include "util.h"
+#include "main.h"
+#include "trustdb.h"
+#include "ttyio.h"
+#include "status.h"
+#include "photoid.h"
+#include "i18n.h"
+
+#define CONTROL_D ('D' - 'A' + 1)
+
+/****************
+ * Show the revocation reason as it is stored with the given signature
+ */
+static void
+do_show_revocation_reason( PKT_signature *sig )
+{
+ size_t n, nn;
+ const byte *p, *pp;
+ int seq = 0;
+ const char *text;
+
+ while( (p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON,
+ &n, &seq, NULL )) ) {
+ if( !n )
+ continue; /* invalid - just skip it */
+
+ if( *p == 0 )
+ text = _("No reason specified");
+ else if( *p == 0x01 )
+ text = _("Key is superseded");
+ else if( *p == 0x02 )
+ text = _("Key has been compromised");
+ else if( *p == 0x03 )
+ text = _("Key is no longer used");
+ else if( *p == 0x20 )
+ text = _("User ID is no longer valid");
+ else
+ text = NULL;
+
+ log_info( _("reason for revocation: ") );
+ if( text )
+ fputs( text, log_get_stream() );
+ else
+ fprintf( log_get_stream(), "code=%02x", *p );
+ log_printf ("\n");
+ n--; p++;
+ pp = NULL;
+ do {
+ /* We don't want any empty lines, so skip them */
+ while( n && *p == '\n' ) {
+ p++;
+ n--;
+ }
+ if( n ) {
+ pp = memchr( p, '\n', n );
+ nn = pp? pp - p : n;
+ log_info ( _("revocation comment: ") );
+ print_string ( log_get_stream(), p, nn, 0 );
+ log_printf ("\n");
+ p += nn; n -= nn;
+ }
+ } while( pp );
+ }
+}
+
+/* Mode 0: try and find the revocation based on the pk (i.e. check
+ subkeys, etc.) Mode 1: use only the revocation on the main pk */
+
+void
+show_revocation_reason( PKT_public_key *pk, int mode )
+{
+ /* Hmmm, this is not so easy becuase we have to duplicate the code
+ * used in the trustbd to calculate the keyflags. We need to find
+ * a clean way to check revocation certificates on keys and
+ * signatures. And there should be no duplicate code. Because we
+ * enter this function only when the trustdb told us that we have
+ * a revoked key, we could simply look for a revocation cert and
+ * display this one, when there is only one. Let's try to do this
+ * until we have a better solution. */
+ KBNODE node, keyblock = NULL;
+ byte fingerprint[MAX_FINGERPRINT_LEN];
+ size_t fingerlen;
+ int rc;
+
+ /* get the keyblock */
+ fingerprint_from_pk( pk, fingerprint, &fingerlen );
+ rc = get_keyblock_byfprint( &keyblock, fingerprint, fingerlen );
+ if( rc ) { /* that should never happen */
+ log_debug( "failed to get the keyblock\n");
+ return;
+ }
+
+ for( node=keyblock; node; node = node->next ) {
+ if( (mode && node->pkt->pkttype == PKT_PUBLIC_KEY) ||
+ ( ( node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ && !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) )
+ break;
+ }
+ if( !node ) {
+ log_debug("Oops, PK not in keyblock\n");
+ release_kbnode( keyblock );
+ return;
+ }
+ /* now find the revocation certificate */
+ for( node = node->next; node ; node = node->next ) {
+ if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ break;
+ if( node->pkt->pkttype == PKT_SIGNATURE
+ && (node->pkt->pkt.signature->sig_class == 0x20
+ || node->pkt->pkt.signature->sig_class == 0x28 ) ) {
+ /* FIXME: we should check the signature here */
+ do_show_revocation_reason ( node->pkt->pkt.signature );
+ break;
+ }
+ }
+
+ /* We didn't find it, so check if the whole key is revoked */
+ if(!node && !mode)
+ show_revocation_reason(pk,1);
+
+ release_kbnode( keyblock );
+}
+
+
+/****************
+ * mode: 0 = standard
+ * 1 = Without key info and additional menu option 'm'
+ * this does also add an option to set the key to ultimately trusted.
+ * Returns:
+ * -2 = nothing changed - caller should show some additional info
+ * -1 = quit operation
+ * 0 = nothing changed
+ * 1 = new ownertrust now in new_trust
+ */
+static int
+do_edit_ownertrust (PKT_public_key *pk, int mode,
+ unsigned *new_trust, int defer_help )
+{
+ char *p;
+ u32 keyid[2];
+ int changed=0;
+ int quit=0;
+ int show=0;
+ int min_num;
+ int did_help=defer_help;
+ unsigned int minimum=get_min_ownertrust(pk);
+
+ switch(minimum)
+ {
+ default:
+ case TRUST_UNDEFINED: min_num=1; break;
+ case TRUST_NEVER: min_num=2; break;
+ case TRUST_MARGINAL: min_num=3; break;
+ case TRUST_FULLY: min_num=4; break;
+ }
+
+ keyid_from_pk (pk, keyid);
+ for(;;) {
+ /* A string with valid answers.
+
+ Note to translators: These are the allowed answers in lower and
+ uppercase. Below you will find the matching strings which
+ should be translated accordingly and the letter changed to
+ match the one in the answer string.
+
+ i = please show me more information
+ m = back to the main menu
+ s = skip this key
+ q = quit
+ */
+ const char *ans = _("iImMqQsS");
+
+ if( !did_help )
+ {
+ if( !mode )
+ {
+ KBNODE keyblock, un;
+
+ tty_printf(_("No trust value assigned to:\n"));
+ tty_printf("%4u%c/%s %s\n",nbits_from_pk( pk ),
+ pubkey_letter( pk->pubkey_algo ),
+ keystr(keyid), datestr_from_pk( pk ) );
+ p=get_user_id_native(keyid);
+ tty_printf(_(" \"%s\"\n"),p);
+ xfree(p);
+
+ keyblock = get_pubkeyblock (keyid);
+ if (!keyblock)
+ BUG ();
+ for (un=keyblock; un; un = un->next)
+ {
+ if (un->pkt->pkttype != PKT_USER_ID )
+ continue;
+ if (un->pkt->pkt.user_id->is_revoked )
+ continue;
+ if (un->pkt->pkt.user_id->is_expired )
+ continue;
+ /* Only skip textual primaries */
+ if (un->pkt->pkt.user_id->is_primary
+ && !un->pkt->pkt.user_id->attrib_data )
+ continue;
+
+ if((opt.verify_options&VERIFY_SHOW_PHOTOS)
+ && un->pkt->pkt.user_id->attrib_data)
+ show_photos(un->pkt->pkt.user_id->attribs,
+ un->pkt->pkt.user_id->numattribs,pk,NULL,
+ un->pkt->pkt.user_id);
+
+ p=utf8_to_native(un->pkt->pkt.user_id->name,
+ un->pkt->pkt.user_id->len,0);
+
+ tty_printf(_(" aka \"%s\"\n"),p);
+ }
+
+ print_fingerprint (pk, NULL, 2);
+ tty_printf("\n");
+ release_kbnode (keyblock);
+ }
+
+ if(opt.trust_model==TM_DIRECT)
+ {
+ tty_printf(_("How much do you trust that this key actually "
+ "belongs to the named user?\n"));
+ tty_printf("\n");
+ }
+ else
+ {
+ /* This string also used in keyedit.c:trustsig_prompt */
+ tty_printf(_("Please decide how far you trust this user to"
+ " correctly verify other users' keys\n"
+ "(by looking at passports, checking fingerprints from"
+ " different sources, etc.)\n"));
+ tty_printf("\n");
+ }
+
+ if(min_num<=1)
+ tty_printf (_(" %d = I don't know or won't say\n"), 1);
+ if(min_num<=2)
+ tty_printf (_(" %d = I do NOT trust\n"), 2);
+ if(min_num<=3)
+ tty_printf (_(" %d = I trust marginally\n"), 3);
+ if(min_num<=4)
+ tty_printf (_(" %d = I trust fully\n"), 4);
+ if (mode)
+ tty_printf (_(" %d = I trust ultimately\n"), 5);
+#if 0
+ /* not yet implemented */
+ tty_printf (" i = please show me more information\n");
+#endif
+ if( mode )
+ tty_printf(_(" m = back to the main menu\n"));
+ else
+ {
+ tty_printf(_(" s = skip this key\n"));
+ tty_printf(_(" q = quit\n"));
+ }
+ tty_printf("\n");
+ if(minimum)
+ tty_printf(_("The minimum trust level for this key is: %s\n\n"),
+ trust_value_to_string(minimum));
+ did_help = 1;
+ }
+ if( strlen(ans) != 8 )
+ BUG();
+ p = cpr_get("edit_ownertrust.value",_("Your decision? "));
+ trim_spaces(p);
+ cpr_kill_prompt();
+ if( !*p )
+ did_help = 0;
+ else if( *p && p[1] )
+ ;
+ else if( !p[1] && ((*p >= '0'+min_num) && *p <= (mode?'5':'4')) )
+ {
+ unsigned int trust;
+ switch( *p )
+ {
+ case '1': trust = TRUST_UNDEFINED; break;
+ case '2': trust = TRUST_NEVER ; break;
+ case '3': trust = TRUST_MARGINAL ; break;
+ case '4': trust = TRUST_FULLY ; break;
+ case '5': trust = TRUST_ULTIMATE ; break;
+ default: BUG();
+ }
+ if (trust == TRUST_ULTIMATE
+ && !cpr_get_answer_is_yes ("edit_ownertrust.set_ultimate.okay",
+ _("Do you really want to set this key"
+ " to ultimate trust? (y/N) ")))
+ ; /* no */
+ else
+ {
+ *new_trust = trust;
+ changed = 1;
+ break;
+ }
+ }
+#if 0
+ /* not yet implemented */
+ else if( *p == ans[0] || *p == ans[1] )
+ {
+ tty_printf(_("Certificates leading to an ultimately trusted key:\n"));
+ show = 1;
+ break;
+ }
+#endif
+ else if( mode && (*p == ans[2] || *p == ans[3] || *p == CONTROL_D ) )
+ {
+ break ; /* back to the menu */
+ }
+ else if( !mode && (*p == ans[6] || *p == ans[7] ) )
+ {
+ break; /* skip */
+ }
+ else if( !mode && (*p == ans[4] || *p == ans[5] ) )
+ {
+ quit = 1;
+ break ; /* back to the menu */
+ }
+ xfree(p); p = NULL;
+ }
+ xfree(p);
+ return show? -2: quit? -1 : changed;
+}
+
+/*
+ * Display a menu to change the ownertrust of the key PK (which should
+ * be a primary key).
+ * For mode values see do_edit_ownertrust ()
+ */
+int
+edit_ownertrust (PKT_public_key *pk, int mode )
+{
+ unsigned int trust = 0;
+ int no_help = 0;
+
+ for(;;)
+ {
+ switch ( do_edit_ownertrust (pk, mode, &trust, no_help ) )
+ {
+ case -1: /* quit */
+ return -1;
+ case -2: /* show info */
+ no_help = 1;
+ break;
+ case 1: /* trust value set */
+ trust &= ~TRUST_FLAG_DISABLED;
+ trust |= get_ownertrust (pk) & TRUST_FLAG_DISABLED;
+ update_ownertrust (pk, trust );
+ return 1;
+ default:
+ return 0;
+ }
+ }
+}
+
+
+/****************
+ * Check whether we can trust this pk which has a trustlevel of TRUSTLEVEL
+ * Returns: true if we trust.
+ */
+static int
+do_we_trust( PKT_public_key *pk, unsigned int trustlevel )
+{
+ /* We should not be able to get here with a revoked or expired
+ key */
+ if(trustlevel & TRUST_FLAG_REVOKED
+ || trustlevel & TRUST_FLAG_SUB_REVOKED
+ || (trustlevel & TRUST_MASK) == TRUST_EXPIRED)
+ BUG();
+
+ if( opt.trust_model==TM_ALWAYS )
+ {
+ if( opt.verbose )
+ log_info("No trust check due to `--trust-model always' option\n");
+ return 1;
+ }
+
+ switch(trustlevel & TRUST_MASK)
+ {
+ default:
+ log_error ("invalid trustlevel %u returned from validation layer\n",
+ trustlevel);
+ /* fall thru */
+ case TRUST_UNKNOWN:
+ case TRUST_UNDEFINED:
+ log_info(_("%s: There is no assurance this key belongs"
+ " to the named user\n"),keystr_from_pk(pk));
+ return 0; /* no */
+
+ case TRUST_MARGINAL:
+ log_info(_("%s: There is limited assurance this key belongs"
+ " to the named user\n"),keystr_from_pk(pk));
+ return 1; /* yes */
+
+ case TRUST_FULLY:
+ if( opt.verbose )
+ log_info(_("This key probably belongs to the named user\n"));
+ return 1; /* yes */
+
+ case TRUST_ULTIMATE:
+ if( opt.verbose )
+ log_info(_("This key belongs to us\n"));
+ return 1; /* yes */
+ }
+
+ return 1; /*NOTREACHED*/
+}
+
+
+/****************
+ * wrapper around do_we_trust, so we can ask whether to use the
+ * key anyway.
+ */
+static int
+do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
+{
+ int rc;
+
+ rc = do_we_trust( pk, trustlevel );
+
+ if( !opt.batch && !rc )
+ {
+ print_pubkey_info(NULL,pk);
+ print_fingerprint (pk, NULL, 2);
+ tty_printf("\n");
+
+ tty_printf(
+ _("It is NOT certain that the key belongs to the person named\n"
+ "in the user ID. If you *really* know what you are doing,\n"
+ "you may answer the next question with yes.\n"));
+
+ tty_printf("\n");
+
+
+ if (is_status_enabled ())
+ {
+ u32 kid[2];
+ char *hint_str;
+
+ keyid_from_pk (pk, kid);
+ hint_str = get_long_user_id_string ( kid );
+ write_status_text ( STATUS_USERID_HINT, hint_str );
+ xfree (hint_str);
+ }
+
+ if( cpr_get_answer_is_yes("untrusted_key.override",
+ _("Use this key anyway? (y/N) ")) )
+ rc = 1;
+
+ /* Hmmm: Should we set a flag to tell the user about
+ * his decision the next time he encrypts for this recipient?
+ */
+ }
+
+ return rc;
+}
+
+
+/****************
+ * Check whether we can trust this signature.
+ * Returns: Error if we shall not trust this signatures.
+ */
+int
+check_signatures_trust( PKT_signature *sig )
+{
+ PKT_public_key *pk = xmalloc_clear( sizeof *pk );
+ unsigned int trustlevel;
+ int rc=0;
+
+ rc = get_pubkey( pk, sig->keyid );
+ if (rc)
+ { /* this should not happen */
+ log_error("Ooops; the key vanished - can't check the trust\n");
+ rc = G10ERR_NO_PUBKEY;
+ goto leave;
+ }
+
+ if ( opt.trust_model==TM_ALWAYS )
+ {
+ if( !opt.quiet )
+ log_info(_("WARNING: Using untrusted key!\n"));
+ if (opt.with_fingerprint)
+ print_fingerprint (pk, NULL, 1);
+ goto leave;
+ }
+
+ if(pk->maybe_revoked && !pk->is_revoked)
+ log_info(_("WARNING: this key might be revoked (revocation key"
+ " not present)\n"));
+
+ trustlevel = get_validity (pk, NULL);
+
+ if ( (trustlevel & TRUST_FLAG_REVOKED) )
+ {
+ write_status( STATUS_KEYREVOKED );
+ if(pk->is_revoked==2)
+ log_info(_("WARNING: This key has been revoked by its"
+ " designated revoker!\n"));
+ else
+ log_info(_("WARNING: This key has been revoked by its owner!\n"));
+ log_info(_(" This could mean that the signature is forged.\n"));
+ show_revocation_reason( pk, 0 );
+ }
+ else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) )
+ {
+ write_status( STATUS_KEYREVOKED );
+ log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
+ show_revocation_reason( pk, 0 );
+ }
+
+ if ((trustlevel & TRUST_FLAG_DISABLED))
+ log_info (_("Note: This key has been disabled.\n"));
+
+ /* If we have PKA information adjust the trustlevel. */
+ if (sig->pka_info && sig->pka_info->valid)
+ {
+ unsigned char fpr[MAX_FINGERPRINT_LEN];
+ PKT_public_key *primary_pk;
+ size_t fprlen;
+ int okay;
+
+
+ primary_pk = xmalloc_clear (sizeof *primary_pk);
+ get_pubkey (primary_pk, pk->main_keyid);
+ fingerprint_from_pk (primary_pk, fpr, &fprlen);
+ free_public_key (primary_pk);
+
+ if ( fprlen == 20 && !memcmp (sig->pka_info->fpr, fpr, 20) )
+ {
+ okay = 1;
+ write_status_text (STATUS_PKA_TRUST_GOOD, sig->pka_info->email);
+ log_info (_("Note: Verified signer's address is `%s'\n"),
+ sig->pka_info->email);
+ }
+ else
+ {
+ okay = 0;
+ write_status_text (STATUS_PKA_TRUST_BAD, sig->pka_info->email);
+ log_info (_("Note: Signer's address `%s' "
+ "does not match DNS entry\n"), sig->pka_info->email);
+ }
+
+ switch ( (trustlevel & TRUST_MASK) )
+ {
+ case TRUST_UNKNOWN:
+ case TRUST_UNDEFINED:
+ case TRUST_MARGINAL:
+ if (okay && opt.verify_options&VERIFY_PKA_TRUST_INCREASE)
+ {
+ trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_FULLY);
+ log_info (_("trustlevel adjusted to FULL"
+ " due to valid PKA info\n"));
+ }
+ /* (fall through) */
+ case TRUST_FULLY:
+ if (!okay)
+ {
+ trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_NEVER);
+ log_info (_("trustlevel adjusted to NEVER"
+ " due to bad PKA info\n"));
+ }
+ break;
+ }
+ }
+
+ /* Now let the user know what up with the trustlevel. */
+ switch ( (trustlevel & TRUST_MASK) )
+ {
+ case TRUST_EXPIRED:
+ log_info(_("Note: This key has expired!\n"));
+ print_fingerprint (pk, NULL, 1);
+ break;
+
+ default:
+ log_error ("invalid trustlevel %u returned from validation layer\n",
+ trustlevel);
+ /* fall thru */
+ case TRUST_UNKNOWN:
+ case TRUST_UNDEFINED:
+ write_status( STATUS_TRUST_UNDEFINED );
+ log_info(_("WARNING: This key is not certified with"
+ " a trusted signature!\n"));
+ log_info(_(" There is no indication that the "
+ "signature belongs to the owner.\n" ));
+ print_fingerprint (pk, NULL, 1);
+ break;
+
+ case TRUST_NEVER:
+ /* currently we won't get that status */
+ write_status( STATUS_TRUST_NEVER );
+ log_info(_("WARNING: We do NOT trust this key!\n"));
+ log_info(_(" The signature is probably a FORGERY.\n"));
+ if (opt.with_fingerprint)
+ print_fingerprint (pk, NULL, 1);
+ rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
+ break;
+
+ case TRUST_MARGINAL:
+ write_status( STATUS_TRUST_MARGINAL );
+ log_info(_("WARNING: This key is not certified with"
+ " sufficiently trusted signatures!\n"));
+ log_info(_(" It is not certain that the"
+ " signature belongs to the owner.\n" ));
+ print_fingerprint (pk, NULL, 1);
+ break;
+
+ case TRUST_FULLY:
+ write_status( STATUS_TRUST_FULLY );
+ if (opt.with_fingerprint)
+ print_fingerprint (pk, NULL, 1);
+ break;
+
+ case TRUST_ULTIMATE:
+ write_status( STATUS_TRUST_ULTIMATE );
+ if (opt.with_fingerprint)
+ print_fingerprint (pk, NULL, 1);
+ break;
+ }
+
+ leave:
+ free_public_key( pk );
+ return rc;
+}
+
+
+void
+release_pk_list( PK_LIST pk_list )
+{
+ PK_LIST pk_rover;
+
+ for( ; pk_list; pk_list = pk_rover ) {
+ pk_rover = pk_list->next;
+ free_public_key( pk_list->pk );
+ xfree( pk_list );
+ }
+}
+
+
+static int
+key_present_in_pk_list(PK_LIST pk_list, PKT_public_key *pk)
+{
+ for( ; pk_list; pk_list = pk_list->next)
+ if (cmp_public_keys(pk_list->pk, pk) == 0)
+ return 0;
+
+ return -1;
+}
+
+
+/****************
+ * Return a malloced string with a default reciepient if there is any
+ */
+static char *
+default_recipient(void)
+{
+ PKT_secret_key *sk;
+ byte fpr[MAX_FINGERPRINT_LEN+1];
+ size_t n;
+ char *p;
+ int i;
+
+ if( opt.def_recipient )
+ return xstrdup( opt.def_recipient );
+ if( !opt.def_recipient_self )
+ return NULL;
+ sk = xmalloc_clear( sizeof *sk );
+ i = get_seckey_byname( sk, NULL, 0 );
+ if( i ) {
+ free_secret_key( sk );
+ return NULL;
+ }
+ n = MAX_FINGERPRINT_LEN;
+ fingerprint_from_sk( sk, fpr, &n );
+ free_secret_key( sk );
+ p = xmalloc( 2*n+3 );
+ *p++ = '0';
+ *p++ = 'x';
+ for(i=0; i < n; i++ )
+ sprintf( p+2*i, "%02X", fpr[i] );
+ p -= 2;
+ return p;
+}
+
+static int
+expand_id(const char *id,strlist_t *into,unsigned int flags)
+{
+ struct groupitem *groups;
+ int count=0;
+
+ for(groups=opt.grouplist;groups;groups=groups->next)
+ {
+ /* need strcasecmp() here, as this should be localized */
+ if(strcasecmp(groups->name,id)==0)
+ {
+ strlist_t each,sl;
+
+ /* this maintains the current utf8-ness */
+ for(each=groups->values;each;each=each->next)
+ {
+ sl=add_to_strlist(into,each->d);
+ sl->flags=flags;
+ count++;
+ }
+
+ break;
+ }
+ }
+
+ return count;
+}
+
+/* For simplicity, and to avoid potential loops, we only expand once -
+ you can't make an alias that points to an alias. */
+static strlist_t
+expand_group(strlist_t input)
+{
+ strlist_t sl,output=NULL,rover;
+
+ for(rover=input;rover;rover=rover->next)
+ if(expand_id(rover->d,&output,rover->flags)==0)
+ {
+ /* Didn't find any groups, so use the existing string */
+ sl=add_to_strlist(&output,rover->d);
+ sl->flags=rover->flags;
+ }
+
+ return output;
+}
+
+
+/* This is the central function to collect the keys for recipients.
+ It is thus used to prepare a public key encryption. encrypt-to
+ keys, default keys and the keys for the actual recipients are all
+ collected here. When not in batch mode and no recipient has been
+ passed on the commandline, the function will also ask for
+ recipients.
+
+ RCPTS is a string list with the recipients; NULL is an allowed
+ value but not very useful. Group expansion is done on these names;
+ they may be in any of the user Id formats we can handle. The flags
+ bits for each string in the string list are used for:
+ Bit 0: This is an encrypt-to recipient.
+ Bit 1: This is a hidden recipient.
+
+ USE is the desired use for the key - usually PUBKEY_USAGE_ENC.
+
+ On success a list of keys is stored at the address RET_PK_LIST; the
+ caller must free this list. On error the value at this address is
+ not changed.
+ */
+int
+build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
+{
+ PK_LIST pk_list = NULL;
+ PKT_public_key *pk=NULL;
+ int rc=0;
+ int any_recipients=0;
+ strlist_t rov,remusr;
+ char *def_rec = NULL;
+
+ /* Try to expand groups if any have been defined. */
+ if (opt.grouplist)
+ remusr = expand_group (rcpts);
+ else
+ remusr = rcpts;
+
+ /* Check whether there are any recipients in the list and build the
+ * list of the encrypt-to ones (we always trust them). */
+ for ( rov = remusr; rov; rov = rov->next )
+ {
+ if ( !(rov->flags & 1) )
+ {
+ /* This is a regular recipient; i.e. not an encrypt-to
+ one. */
+ any_recipients = 1;
+
+ /* Hidden recipients are not allowed while in PGP mode,
+ issue a warning and switch into GnuPG mode. */
+ if ((rov->flags&2) && (PGP2 || PGP6 || PGP7 || PGP8))
+ {
+ log_info(_("you may not use %s while in %s mode\n"),
+ "--hidden-recipient",
+ compliance_option_string());
+
+ compliance_failure();
+ }
+ }
+ else if ( (use & PUBKEY_USAGE_ENC) && !opt.no_encrypt_to )
+ {
+ /* Encryption has been requested and --encrypt-to has not
+ been disabled. Check this encrypt-to key. */
+ pk = xmalloc_clear( sizeof *pk );
+ pk->req_usage = use;
+
+ /* We explicitly allow encrypt-to to an disabled key; thus
+ we pass 1for the second last argument and 1 as the last
+ argument to disable AKL. */
+ if ( (rc = get_pubkey_byname (NULL, pk, rov->d, NULL, NULL, 1, 1)) )
+ {
+ free_public_key ( pk ); pk = NULL;
+ log_error (_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) );
+ write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
+ rov->d, strlen (rov->d), -1);
+ goto fail;
+ }
+ else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo, use)) )
+ {
+ /* Skip the actual key if the key is already present
+ * in the list. Add it to our list if not. */
+ if (key_present_in_pk_list(pk_list, pk) == 0)
+ {
+ free_public_key (pk); pk = NULL;
+ log_info (_("%s: skipped: public key already present\n"),
+ rov->d);
+ }
+ else
+ {
+ PK_LIST r;
+ r = xmalloc( sizeof *r );
+ r->pk = pk; pk = NULL;
+ r->next = pk_list;
+ r->flags = (rov->flags&2)?1:0;
+ pk_list = r;
+
+ /* Hidden encrypt-to recipients are not allowed while
+ in PGP mode, issue a warning and switch into
+ GnuPG mode. */
+ if ((r->flags&1) && (PGP2 || PGP6 || PGP7 || PGP8))
+ {
+ log_info(_("you may not use %s while in %s mode\n"),
+ "--hidden-encrypt-to",
+ compliance_option_string());
+
+ compliance_failure();
+ }
+ }
+ }
+ else
+ {
+ /* The public key is not usable for encryption or not
+ available. */
+ free_public_key( pk ); pk = NULL;
+ log_error(_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) );
+ write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
+ rov->d, strlen (rov->d), -1);
+ goto fail;
+ }
+ }
+ }
+
+ /* If we don't have any recipients yet and we are not in batch mode
+ drop into interactive selection mode. */
+ if ( !any_recipients && !opt.batch )
+ {
+ int have_def_rec;
+ char *answer = NULL;
+ strlist_t backlog = NULL;
+
+ if (pk_list)
+ any_recipients = 1;
+ def_rec = default_recipient();
+ have_def_rec = !!def_rec;
+ if ( !have_def_rec )
+ tty_printf(_("You did not specify a user ID. (you may use \"-r\")\n"));
+
+ for (;;)
+ {
+ rc = 0;
+ xfree(answer);
+ if ( have_def_rec )
+ {
+ /* A default recipient is taken as the first entry. */
+ answer = def_rec;
+ def_rec = NULL;
+ }
+ else if (backlog)
+ {
+ /* This is part of our trick to expand and display groups. */
+ answer = strlist_pop (&backlog);
+ }
+ else
+ {
+ /* Show the list of already collected recipients and ask
+ for more. */
+ PK_LIST iter;
+
+ tty_printf("\n");
+ tty_printf(_("Current recipients:\n"));
+ for (iter=pk_list;iter;iter=iter->next)
+ {
+ u32 keyid[2];
+
+ keyid_from_pk(iter->pk,keyid);
+ tty_printf("%4u%c/%s %s \"",
+ nbits_from_pk(iter->pk),
+ pubkey_letter(iter->pk->pubkey_algo),
+ keystr(keyid),
+ datestr_from_pk(iter->pk));
+
+ if (iter->pk->user_id)
+ tty_print_utf8_string(iter->pk->user_id->name,
+ iter->pk->user_id->len);
+ else
+ {
+ size_t n;
+ char *p = get_user_id( keyid, &n );
+ tty_print_utf8_string( p, n );
+ xfree(p);
+ }
+ tty_printf("\"\n");
+ }
+
+ answer = cpr_get_utf8("pklist.user_id.enter",
+ _("\nEnter the user ID. "
+ "End with an empty line: "));
+ trim_spaces(answer);
+ cpr_kill_prompt();
+ }
+
+ if ( !answer || !*answer )
+ {
+ xfree(answer);
+ break; /* No more recipients entered - get out of loop. */
+ }
+
+ /* Do group expand here too. The trick here is to continue
+ the loop if any expansion occured. The code above will
+ then list all expanded keys. */
+ if (expand_id(answer,&backlog,0))
+ continue;
+
+ /* Get and check key for the current name. */
+ if (pk)
+ free_public_key (pk);
+ pk = xmalloc_clear( sizeof *pk );
+ pk->req_usage = use;
+ rc = get_pubkey_byname (NULL, pk, answer, NULL, NULL, 0, 0 );
+ if (rc)
+ tty_printf(_("No such user ID.\n"));
+ else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo, use)) )
+ {
+ if ( have_def_rec )
+ {
+ /* No validation for a default recipient. */
+ if (!key_present_in_pk_list(pk_list, pk))
+ {
+ free_public_key (pk); pk = NULL;
+ log_info (_("skipped: public key "
+ "already set as default recipient\n") );
+ }
+ else
+ {
+ PK_LIST r = xmalloc (sizeof *r);
+ r->pk = pk; pk = NULL;
+ r->next = pk_list;
+ r->flags = 0; /* No throwing default ids. */
+ pk_list = r;
+ }
+ any_recipients = 1;
+ continue;
+ }
+ else
+ { /* Check validity of this key. */
+ int trustlevel;
+
+ trustlevel = get_validity (pk, pk->user_id);
+ if ( (trustlevel & TRUST_FLAG_DISABLED) )
+ {
+ tty_printf (_("Public key is disabled.\n") );
+ }
+ else if ( do_we_trust_pre (pk, trustlevel) )
+ {
+ /* Skip the actual key if the key is already
+ * present in the list */
+ if (!key_present_in_pk_list(pk_list, pk))
+ {
+ free_public_key(pk); pk = NULL;
+ log_info(_("skipped: public key already set\n") );
+ }
+ else
+ {
+ PK_LIST r;
+ r = xmalloc( sizeof *r );
+ r->pk = pk; pk = NULL;
+ r->next = pk_list;
+ r->flags = 0; /* No throwing interactive ids. */
+ pk_list = r;
+ }
+ any_recipients = 1;
+ continue;
+ }
+ }
+ }
+ xfree(def_rec); def_rec = NULL;
+ have_def_rec = 0;
+ }
+ if ( pk )
+ {
+ free_public_key( pk );
+ pk = NULL;
+ }
+ }
+ else if ( !any_recipients && (def_rec = default_recipient()) )
+ {
+ /* We are in batch mode and have only a default recipient. */
+ pk = xmalloc_clear( sizeof *pk );
+ pk->req_usage = use;
+
+ /* The default recipient is allowed to be disabled; thus pass 1
+ as second last argument. We also don't want an AKL. */
+ rc = get_pubkey_byname (NULL, pk, def_rec, NULL, NULL, 1, 1);
+ if (rc)
+ log_error(_("unknown default recipient \"%s\"\n"), def_rec );
+ else if ( !(rc=openpgp_pk_test_algo2(pk->pubkey_algo, use)) )
+ {
+ /* Mark any_recipients here since the default recipient
+ would have been used if it wasn't already there. It
+ doesn't really matter if we got this key from the default
+ recipient or an encrypt-to. */
+ any_recipients = 1;
+ if (!key_present_in_pk_list(pk_list, pk))
+ log_info (_("skipped: public key already set "
+ "as default recipient\n"));
+ else
+ {
+ PK_LIST r = xmalloc( sizeof *r );
+ r->pk = pk; pk = NULL;
+ r->next = pk_list;
+ r->flags = 0; /* No throwing default ids. */
+ pk_list = r;
+ }
+ }
+ if ( pk )
+ {
+ free_public_key( pk );
+ pk = NULL;
+ }
+ xfree(def_rec); def_rec = NULL;
+ }
+ else
+ {
+ /* General case: Check all keys. */
+ any_recipients = 0;
+ for (; remusr; remusr = remusr->next )
+ {
+ if ( (remusr->flags & 1) )
+ continue; /* encrypt-to keys are already handled. */
+
+ pk = xmalloc_clear( sizeof *pk );
+ pk->req_usage = use;
+ if ((rc = get_pubkey_byname (NULL, pk, remusr->d, NULL, NULL, 0, 0)))
+ {
+ /* Key not found or other error. */
+ free_public_key( pk ); pk = NULL;
+ log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) );
+ write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
+ remusr->d, strlen (remusr->d),
+ -1);
+ goto fail;
+ }
+ else if ( !(rc=openpgp_pk_test_algo2(pk->pubkey_algo, use )) )
+ {
+ /* Key found and usable. Check validity. */
+ int trustlevel;
+
+ trustlevel = get_validity (pk, pk->user_id);
+ if ( (trustlevel & TRUST_FLAG_DISABLED) )
+ {
+ /*Key has been disabled. */
+ free_public_key(pk); pk = NULL;
+ log_info(_("%s: skipped: public key is disabled\n"),
+ remusr->d);
+ write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
+ remusr->d,
+ strlen (remusr->d),
+ -1);
+ rc=G10ERR_UNU_PUBKEY;
+ goto fail;
+ }
+ else if ( do_we_trust_pre( pk, trustlevel ) )
+ {
+ /* Note: do_we_trust may have changed the trustlevel */
+
+ /* We have at least one valid recipient. It doesn't
+ * matters if this recipient is already present. */
+ any_recipients = 1;
+
+ /* Skip the actual key if the key is already present
+ * in the list */
+ if (!key_present_in_pk_list(pk_list, pk))
+ {
+ free_public_key(pk); pk = NULL;
+ log_info(_("%s: skipped: public key already present\n"),
+ remusr->d);
+ }
+ else
+ {
+ PK_LIST r;
+ r = xmalloc( sizeof *r );
+ r->pk = pk; pk = NULL;
+ r->next = pk_list;
+ r->flags = (remusr->flags&2)?1:0;
+ pk_list = r;
+ }
+ }
+ else
+ { /* We don't trust this key. */
+ free_public_key( pk ); pk = NULL;
+ write_status_text_and_buffer (STATUS_INV_RECP, "10 ",
+ remusr->d,
+ strlen (remusr->d),
+ -1);
+ rc=G10ERR_UNU_PUBKEY;
+ goto fail;
+ }
+ }
+ else
+ {
+ /* Key found but not usable for us (e.g. sign-only key). */
+ free_public_key( pk ); pk = NULL;
+ write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
+ remusr->d,
+ strlen (remusr->d),
+ -1);
+ log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) );
+ goto fail;
+ }
+ }
+ }
+
+ if ( !rc && !any_recipients )
+ {
+ log_error(_("no valid addressees\n"));
+ write_status_text (STATUS_NO_RECP, "0");
+ rc = G10ERR_NO_USER_ID;
+ }
+
+ fail:
+
+ if ( rc )
+ release_pk_list( pk_list );
+ else
+ *ret_pk_list = pk_list;
+ if (opt.grouplist)
+ free_strlist(remusr);
+ return rc;
+}
+
+
+/* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
+ CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
+ and all compressions except none (0) and ZIP (1). pgp7 and pgp8
+ mode expands the cipher list to include AES128 (7), AES192 (8),
+ AES256 (9), and TWOFISH (10). pgp8 adds the SHA-256 hash (8). For
+ a true PGP key all of this is unneeded as they are the only items
+ present in the preferences subpacket, but checking here covers the
+ weird case of encrypting to a key that had preferences from a
+ different implementation which was then used with PGP. I am not
+ completely comfortable with this as the right thing to do, as it
+ slightly alters the list of what the user is supposedly requesting.
+ It is not against the RFC however, as the preference chosen will
+ never be one that the user didn't specify somewhere ("The
+ implementation may use any mechanism to pick an algorithm in the
+ intersection"), and PGP has no mechanism to fix such a broken
+ preference list, so I'm including it. -dms */
+
+int
+algo_available( preftype_t preftype, int algo, const union pref_hint *hint)
+{
+ if( preftype == PREFTYPE_SYM )
+ {
+ if(PGP6 && (algo != CIPHER_ALGO_IDEA
+ && algo != CIPHER_ALGO_3DES
+ && algo != CIPHER_ALGO_CAST5))
+ return 0;
+
+ if(PGP7 && (algo != CIPHER_ALGO_IDEA
+ && algo != CIPHER_ALGO_3DES
+ && algo != CIPHER_ALGO_CAST5
+ && algo != CIPHER_ALGO_AES
+ && algo != CIPHER_ALGO_AES192
+ && algo != CIPHER_ALGO_AES256
+ && algo != CIPHER_ALGO_TWOFISH))
+ return 0;
+
+ /* PGP8 supports all the ciphers we do.. */
+
+ return algo && !openpgp_cipher_test_algo ( algo );
+ }
+ else if( preftype == PREFTYPE_HASH )
+ {
+ if (hint && hint->digest_length)
+ {
+ if (hint->digest_length!=20 || opt.flags.dsa2)
+ {
+ /* If --enable-dsa2 is set or the hash isn't 160 bits
+ (which implies DSA2), then we'll accept a hash that
+ is larger than we need. Otherwise we won't accept
+ any hash that isn't exactly the right size. */
+ if (hint->digest_length > gcry_md_get_algo_dlen (algo))
+ return 0;
+ }
+ else if (hint->digest_length != gcry_md_get_algo_dlen (algo))
+ return 0;
+ }
+
+ if((PGP6 || PGP7) && (algo != DIGEST_ALGO_MD5
+ && algo != DIGEST_ALGO_SHA1
+ && algo != DIGEST_ALGO_RMD160))
+ return 0;
+
+
+ if(PGP8 && (algo != DIGEST_ALGO_MD5
+ && algo != DIGEST_ALGO_SHA1
+ && algo != DIGEST_ALGO_RMD160
+ && algo != DIGEST_ALGO_SHA256))
+ return 0;
+
+ return algo && !openpgp_md_test_algo (algo);
+ }
+ else if( preftype == PREFTYPE_ZIP )
+ {
+ if((PGP6 || PGP7) && (algo != COMPRESS_ALGO_NONE
+ && algo != COMPRESS_ALGO_ZIP))
+ return 0;
+
+ /* PGP8 supports all the compression algos we do */
+
+ return !check_compress_algo( algo );
+ }
+ else
+ return 0;
+}
+
+/****************
+ * Return -1 if we could not find an algorithm.
+ */
+int
+select_algo_from_prefs(PK_LIST pk_list, int preftype,
+ int request, const union pref_hint *hint)
+{
+ PK_LIST pkr;
+ u32 bits[8];
+ const prefitem_t *prefs;
+ int result=-1,i;
+ u16 scores[256];
+
+ if( !pk_list )
+ return -1;
+
+ memset(bits,0xFF,sizeof(bits));
+ memset(scores,0,sizeof(scores));
+
+ for( pkr = pk_list; pkr; pkr = pkr->next )
+ {
+ u32 mask[8];
+ int rank=1,implicit=-1;
+
+ memset(mask,0,sizeof(mask));
+
+ switch(preftype)
+ {
+ case PREFTYPE_SYM:
+ /* IDEA is implicitly there for v3 keys with v3 selfsigs if
+ --pgp2 mode is on. This was a 2440 thing that was
+ dropped from 4880 but is still relevant to GPG's 1991
+ support. All this doesn't mean IDEA is actually
+ available, of course. */
+ if(PGP2 && pkr->pk->version<4 && pkr->pk->selfsigversion<4)
+ implicit=CIPHER_ALGO_IDEA;
+ else
+ implicit=CIPHER_ALGO_3DES;
+
+ break;
+
+ case PREFTYPE_HASH:
+ /* While I am including this code for completeness, note
+ that currently --pgp2 mode locks the hash at MD5, so this
+ code will never even be called. Even if the hash wasn't
+ locked at MD5, we don't support sign+encrypt in --pgp2
+ mode, and that's the only time PREFTYPE_HASH is used
+ anyway. -dms */
+
+ /* MD5 is there for v3 keys with v3 selfsigs when --pgp2 is
+ on. */
+ if(PGP2 && pkr->pk->version<4 && pkr->pk->selfsigversion<4)
+ implicit=DIGEST_ALGO_MD5;
+ else
+ implicit=DIGEST_ALGO_SHA1;
+
+ break;
+
+ case PREFTYPE_ZIP:
+ /* Uncompressed is always an option. */
+ implicit=COMPRESS_ALGO_NONE;
+ }
+
+ if (pkr->pk->user_id) /* selected by user ID */
+ prefs = pkr->pk->user_id->prefs;
+ else
+ prefs = pkr->pk->prefs;
+
+ if( prefs )
+ {
+ for (i=0; prefs[i].type; i++ )
+ {
+ if( prefs[i].type == preftype )
+ {
+ /* Make sure all scores don't add up past 0xFFFF
+ (and roll around) */
+ if(rank+scores[prefs[i].value]<=0xFFFF)
+ scores[prefs[i].value]+=rank;
+ else
+ scores[prefs[i].value]=0xFFFF;
+
+ mask[prefs[i].value/32] |= 1<<(prefs[i].value%32);
+
+ rank++;
+
+ /* We saw the implicit algorithm, so we don't need
+ tack it on the end ourselves. */
+ if(implicit==prefs[i].value)
+ implicit=-1;
+ }
+ }
+ }
+
+ if(rank==1 && preftype==PREFTYPE_ZIP)
+ {
+ /* If the compression preferences are not present, they are
+ assumed to be ZIP, Uncompressed (RFC4880:13.3.1) */
+ scores[1]=1; /* ZIP is first choice */
+ scores[0]=2; /* Uncompressed is second choice */
+ mask[0]|=3;
+ }
+
+ /* If the key didn't have the implicit algorithm listed
+ explicitly, add it here at the tail of the list. */
+ if(implicit>-1)
+ {
+ scores[implicit]+=rank;
+ mask[implicit/32] |= 1<<(implicit%32);
+ }
+
+ for(i=0;i<8;i++)
+ bits[i]&=mask[i];
+ }
+
+ /* We've now scored all of the algorithms, and the usable ones have
+ bits set. Let's pick the winner. */
+
+ /* The caller passed us a request. Can we use it? */
+ if(request>-1 && (bits[request/32] & (1<<(request%32))) &&
+ algo_available(preftype,request,hint))
+ result=request;
+
+ if(result==-1)
+ {
+ /* If we have personal prefs set, use them. */
+ prefs=NULL;
+ if(preftype==PREFTYPE_SYM && opt.personal_cipher_prefs)
+ prefs=opt.personal_cipher_prefs;
+ else if(preftype==PREFTYPE_HASH && opt.personal_digest_prefs)
+ prefs=opt.personal_digest_prefs;
+ else if(preftype==PREFTYPE_ZIP && opt.personal_compress_prefs)
+ prefs=opt.personal_compress_prefs;
+
+ if( prefs )
+ for(i=0; prefs[i].type; i++ )
+ {
+ if(bits[prefs[i].value/32] & (1<<(prefs[i].value%32))
+ && algo_available( preftype, prefs[i].value, hint))
+ {
+ result = prefs[i].value;
+ break;
+ }
+ }
+ }
+
+ if(result==-1)
+ {
+ unsigned int best=-1;
+
+ /* At this point, we have not selected an algorithm due to a
+ special request or via personal prefs. Pick the highest
+ ranked algorithm (i.e. the one with the lowest score). */
+
+ if(preftype==PREFTYPE_HASH && scores[DIGEST_ALGO_MD5])
+ {
+ /* "If you are building an authentication system, the recipient
+ may specify a preferred signing algorithm. However, the
+ signer would be foolish to use a weak algorithm simply
+ because the recipient requests it." (RFC4880:14). If any
+ other hash algorithm is available, pretend that MD5 isn't.
+ Note that if the user intentionally chose MD5 by putting it
+ in their personal prefs, then we do what the user said (as we
+ never reach this code). */
+
+ for(i=DIGEST_ALGO_MD5+1;i<256;i++)
+ if(scores[i])
+ {
+ scores[DIGEST_ALGO_MD5]=0;
+ break;
+ }
+ }
+
+ for(i=0;i<256;i++)
+ {
+ /* Note the '<' here. This means in case of a tie, we will
+ favor the lower algorithm number. We have a choice
+ between the lower number (probably an older algorithm
+ with more time in use), or the higher number (probably a
+ newer algorithm with less time in use). Older is
+ probably safer here, even though the newer algorithms
+ tend to be "stronger". */
+ if(scores[i] && scores[i]<best
+ && (bits[i/32] & (1<<(i%32)))
+ && algo_available(preftype,i,hint))
+ {
+ best=scores[i];
+ result=i;
+ }
+ }
+ }
+
+ return result;
+}
+
+/*
+ * Select the MDC flag from the pk_list. We can only use MDC if all
+ * recipients support this feature.
+ */
+int
+select_mdc_from_pklist (PK_LIST pk_list)
+{
+ PK_LIST pkr;
+
+ if ( !pk_list )
+ return 0;
+
+ for (pkr = pk_list; pkr; pkr = pkr->next)
+ {
+ int mdc;
+
+ if (pkr->pk->user_id) /* selected by user ID */
+ mdc = pkr->pk->user_id->flags.mdc;
+ else
+ mdc = pkr->pk->mdc_feature;
+ if (!mdc)
+ return 0; /* At least one recipient does not support it. */
+ }
+ return 1; /* Can be used. */
+}
+
+
+/* Print a warning for all keys in PK_LIST missing the MDC feature. */
+void
+warn_missing_mdc_from_pklist (PK_LIST pk_list)
+{
+ PK_LIST pkr;
+
+ for (pkr = pk_list; pkr; pkr = pkr->next)
+ {
+ int mdc;
+
+ if (pkr->pk->user_id) /* selected by user ID */
+ mdc = pkr->pk->user_id->flags.mdc;
+ else
+ mdc = pkr->pk->mdc_feature;
+ if (!mdc)
+ log_info (_("Note: key %s has no %s feature\n"),
+ keystr_from_pk (pkr->pk), "MDC");
+ }
+}
+
+void
+warn_missing_aes_from_pklist (PK_LIST pk_list)
+{
+ PK_LIST pkr;
+
+ for (pkr = pk_list; pkr; pkr = pkr->next)
+ {
+ const prefitem_t *prefs;
+ int i;
+ int gotit = 0;
+
+ prefs = pkr->pk->user_id? pkr->pk->user_id->prefs : pkr->pk->prefs;
+ if (prefs)
+ {
+ for (i=0; !gotit && prefs[i].type; i++ )
+ if (prefs[i].type == PREFTYPE_SYM
+ && prefs[i].value == CIPHER_ALGO_AES)
+ gotit++;
+ }
+ if (!gotit)
+ log_info (_("Note: key %s has no preference for %s\n"),
+ keystr_from_pk (pkr->pk), "AES");
+ }
+}
diff --git a/g10/pkglue.c b/g10/pkglue.c
new file mode 100644
index 0000000..5c47511
--- /dev/null
+++ b/g10/pkglue.c
@@ -0,0 +1,341 @@
+/* pkglue.c - public key operations glue code
+ * Copyright (C) 2000, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "pkglue.h"
+
+
+static gcry_mpi_t
+mpi_from_sexp (gcry_sexp_t sexp, const char * item)
+{
+ gcry_sexp_t list;
+ gcry_mpi_t data;
+
+ list = gcry_sexp_find_token (sexp, item, 0);
+ assert (list);
+ data = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
+ assert (data);
+ gcry_sexp_release (list);
+ return data;
+}
+
+
+/****************
+ * Emulate our old PK interface here - sometime in the future we might
+ * change the internal design to directly fit to libgcrypt.
+ */
+int
+pk_sign (int algo, gcry_mpi_t * data, gcry_mpi_t hash, gcry_mpi_t * skey)
+{
+ gcry_sexp_t s_sig, s_hash, s_skey;
+ int rc;
+
+ /* make a sexp from skey */
+ if (algo == GCRY_PK_DSA)
+ {
+ rc = gcry_sexp_build (&s_skey, NULL,
+ "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
+ skey[0], skey[1], skey[2], skey[3], skey[4]);
+ }
+ else if (algo == GCRY_PK_RSA || algo == GCRY_PK_RSA_S)
+ {
+ rc = gcry_sexp_build (&s_skey, NULL,
+ "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
+ skey[0], skey[1], skey[2], skey[3], skey[4],
+ skey[5]);
+ }
+ else if (algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E)
+ {
+ rc = gcry_sexp_build (&s_skey, NULL,
+ "(private-key(elg(p%m)(g%m)(y%m)(x%m)))",
+ skey[0], skey[1], skey[2], skey[3]);
+ }
+ else
+ return GPG_ERR_PUBKEY_ALGO;
+
+ if (rc)
+ BUG ();
+
+ /* put hash into a S-Exp s_hash */
+ if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
+ BUG ();
+
+ rc = gcry_pk_sign (&s_sig, s_hash, s_skey);
+ gcry_sexp_release (s_hash);
+ gcry_sexp_release (s_skey);
+
+ if (rc)
+ ;
+ else if (algo == GCRY_PK_RSA || algo == GCRY_PK_RSA_S)
+ data[0] = mpi_from_sexp (s_sig, "s");
+ else
+ {
+ data[0] = mpi_from_sexp (s_sig, "r");
+ data[1] = mpi_from_sexp (s_sig, "s");
+ }
+
+ gcry_sexp_release (s_sig);
+ return rc;
+}
+
+/****************
+ * Emulate our old PK interface here - sometime in the future we might
+ * change the internal design to directly fit to libgcrypt.
+ */
+int
+pk_verify (int algo, gcry_mpi_t hash, gcry_mpi_t * data, gcry_mpi_t * pkey)
+{
+ gcry_sexp_t s_sig, s_hash, s_pkey;
+ int rc;
+
+ /* make a sexp from pkey */
+ if (algo == GCRY_PK_DSA)
+ {
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ pkey[0], pkey[1], pkey[2], pkey[3]);
+ }
+ else if (algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E)
+ {
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(elg(p%m)(g%m)(y%m)))",
+ pkey[0], pkey[1], pkey[2]);
+ }
+ else if (algo == GCRY_PK_RSA || algo == GCRY_PK_RSA_S)
+ {
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(rsa(n%m)(e%m)))", pkey[0], pkey[1]);
+ }
+ else
+ return GPG_ERR_PUBKEY_ALGO;
+
+ if (rc)
+ BUG (); /* gcry_sexp_build should never fail. */
+
+ /* put hash into a S-Exp s_hash */
+ if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
+ BUG (); /* gcry_sexp_build should never fail. */
+
+ /* Put data into a S-Exp s_sig. */
+ s_sig = NULL;
+ if (algo == GCRY_PK_DSA)
+ {
+ if (!data[0] || !data[1])
+ rc = gpg_error (GPG_ERR_BAD_MPI);
+ else
+ rc = gcry_sexp_build (&s_sig, NULL,
+ "(sig-val(dsa(r%m)(s%m)))", data[0], data[1]);
+ }
+ else if (algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E)
+ {
+ if (!data[0] || !data[1])
+ rc = gpg_error (GPG_ERR_BAD_MPI);
+ else
+ rc = gcry_sexp_build (&s_sig, NULL,
+ "(sig-val(elg(r%m)(s%m)))", data[0], data[1]);
+ }
+ else if (algo == GCRY_PK_RSA || algo == GCRY_PK_RSA_S)
+ {
+ if (!data[0])
+ rc = gpg_error (GPG_ERR_BAD_MPI);
+ else
+ rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%m)))", data[0]);
+ }
+ else
+ BUG ();
+
+ if (!rc)
+ rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
+
+ gcry_sexp_release (s_sig);
+ gcry_sexp_release (s_hash);
+ gcry_sexp_release (s_pkey);
+ return rc;
+}
+
+
+
+
+/****************
+ * Emulate our old PK interface here - sometime in the future we might
+ * change the internal design to directly fit to libgcrypt.
+ */
+int
+pk_encrypt (int algo, gcry_mpi_t * resarr, gcry_mpi_t data, gcry_mpi_t * pkey)
+{
+ gcry_sexp_t s_ciph, s_data, s_pkey;
+ int rc;
+
+ /* make a sexp from pkey */
+ if (algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E)
+ {
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(elg(p%m)(g%m)(y%m)))",
+ pkey[0], pkey[1], pkey[2]);
+ }
+ else if (algo == GCRY_PK_RSA || algo == GCRY_PK_RSA_E)
+ {
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ pkey[0], pkey[1]);
+ }
+ else
+ return GPG_ERR_PUBKEY_ALGO;
+
+ if (rc)
+ BUG ();
+
+ /* put the data into a simple list */
+ if (gcry_sexp_build (&s_data, NULL, "%m", data))
+ BUG ();
+
+ /* pass it to libgcrypt */
+ rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
+ gcry_sexp_release (s_data);
+ gcry_sexp_release (s_pkey);
+
+ if (rc)
+ ;
+ else
+ { /* add better error handling or make gnupg use S-Exp directly */
+ resarr[0] = mpi_from_sexp (s_ciph, "a");
+ if (algo != GCRY_PK_RSA && algo != GCRY_PK_RSA_E)
+ resarr[1] = mpi_from_sexp (s_ciph, "b");
+ }
+
+ gcry_sexp_release (s_ciph);
+ return rc;
+}
+
+
+
+/****************
+ * Emulate our old PK interface here - sometime in the future we might
+ * change the internal design to directly fit to libgcrypt.
+ */
+int
+pk_decrypt (int algo, gcry_mpi_t * result, gcry_mpi_t * data,
+ gcry_mpi_t * skey)
+{
+ gcry_sexp_t s_skey, s_data, s_plain;
+ int rc;
+
+ *result = NULL;
+ /* make a sexp from skey */
+ if (algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E)
+ {
+ rc = gcry_sexp_build (&s_skey, NULL,
+ "(private-key(elg(p%m)(g%m)(y%m)(x%m)))",
+ skey[0], skey[1], skey[2], skey[3]);
+ }
+ else if (algo == GCRY_PK_RSA || algo == GCRY_PK_RSA_E)
+ {
+ rc = gcry_sexp_build (&s_skey, NULL,
+ "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
+ skey[0], skey[1], skey[2], skey[3], skey[4],
+ skey[5]);
+ }
+ else
+ return GPG_ERR_PUBKEY_ALGO;
+
+ if (rc)
+ BUG ();
+
+ /* put data into a S-Exp s_data */
+ if (algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E)
+ {
+ if (!data[0] || !data[1])
+ rc = gpg_error (GPG_ERR_BAD_MPI);
+ else
+ rc = gcry_sexp_build (&s_data, NULL,
+ "(enc-val(elg(a%m)(b%m)))", data[0], data[1]);
+ }
+ else if (algo == GCRY_PK_RSA || algo == GCRY_PK_RSA_E)
+ {
+ if (!data[0])
+ rc = gpg_error (GPG_ERR_BAD_MPI);
+ else
+ rc = gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))", data[0]);
+ }
+ else
+ BUG ();
+
+ if (rc)
+ BUG ();
+
+ rc = gcry_pk_decrypt (&s_plain, s_data, s_skey);
+ gcry_sexp_release (s_skey);
+ gcry_sexp_release (s_data);
+ if (rc)
+ return rc;
+
+ *result = gcry_sexp_nth_mpi (s_plain, 0, GCRYMPI_FMT_USG);
+ gcry_sexp_release (s_plain);
+ if (!*result)
+ return -1; /* oops */
+
+ return 0;
+}
+
+
+/* Check whether SKEY is a suitable secret key. */
+int
+pk_check_secret_key (int algo, gcry_mpi_t *skey)
+{
+ gcry_sexp_t s_skey;
+ int rc;
+
+ if (algo == GCRY_PK_DSA)
+ {
+ rc = gcry_sexp_build (&s_skey, NULL,
+ "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
+ skey[0], skey[1], skey[2], skey[3], skey[4]);
+ }
+ else if (algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E)
+ {
+ rc = gcry_sexp_build (&s_skey, NULL,
+ "(private-key(elg(p%m)(g%m)(y%m)(x%m)))",
+ skey[0], skey[1], skey[2], skey[3]);
+ }
+ else if (algo == GCRY_PK_RSA
+ || algo == GCRY_PK_RSA_S || algo == GCRY_PK_RSA_E)
+ {
+ rc = gcry_sexp_build (&s_skey, NULL,
+ "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
+ skey[0], skey[1], skey[2], skey[3], skey[4],
+ skey[5]);
+ }
+ else
+ return GPG_ERR_PUBKEY_ALGO;
+
+ if (!rc)
+ {
+ rc = gcry_pk_testkey (s_skey);
+ gcry_sexp_release (s_skey);
+ }
+ return rc;
+}
diff --git a/g10/pkglue.h b/g10/pkglue.h
new file mode 100644
index 0000000..89d2216
--- /dev/null
+++ b/g10/pkglue.h
@@ -0,0 +1,34 @@
+/* pkglue.h - public key operations definitions
+ * Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_G10_PKGLUE_H
+#define GNUPG_G10_PKGLUE_H
+
+int pk_sign (int algo, gcry_mpi_t *data, gcry_mpi_t hash,
+ gcry_mpi_t *skey);
+int pk_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data,
+ gcry_mpi_t *pkey);
+int pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
+ gcry_mpi_t *pkey);
+int pk_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
+ gcry_mpi_t *skey);
+int pk_check_secret_key (int algo, gcry_mpi_t *skey);
+
+
+#endif /*GNUPG_G10_PKGLUE_H*/
diff --git a/g10/plaintext.c b/g10/plaintext.c
new file mode 100644
index 0000000..3777648
--- /dev/null
+++ b/g10/plaintext.c
@@ -0,0 +1,663 @@
+/* plaintext.c - process plaintext packets
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+ * 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <sys/types.h>
+#ifdef HAVE_DOSISH_SYSTEM
+#include <fcntl.h> /* for setmode() */
+#endif
+
+#include "gpg.h"
+#include "util.h"
+#include "options.h"
+#include "packet.h"
+#include "ttyio.h"
+#include "filter.h"
+#include "main.h"
+#include "status.h"
+#include "i18n.h"
+
+
+/****************
+ * Handle a plaintext packet. If MFX is not NULL, update the MDs
+ * Note: we should use the filter stuff here, but we have to add some
+ * easy mimic to set a read limit, so we calculate only the
+ * bytes from the plaintext.
+ */
+int
+handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
+ int nooutput, int clearsig )
+{
+ char *fname = NULL;
+ FILE *fp = NULL;
+ static off_t count=0;
+ int rc = 0;
+ int c;
+ int convert = (pt->mode == 't' || pt->mode == 'u');
+#ifdef __riscos__
+ int filetype = 0xfff;
+#endif
+
+ /* Let people know what the plaintext info is. This allows the
+ receiving program to try and do something different based on
+ the format code (say, recode UTF-8 to local). */
+ if(!nooutput && is_status_enabled())
+ {
+ char status[50];
+
+ /* Better make sure that stdout has been flushed in case the
+ output will be written to it. This is to make sure that no
+ not-yet-flushed stuff will be written after the plaintext
+ status message. */
+ fflush (stdout);
+
+ sprintf(status,"%X %lu ",(byte)pt->mode,(ulong)pt->timestamp);
+ write_status_text_and_buffer(STATUS_PLAINTEXT,
+ status,pt->name,pt->namelen,0);
+
+ if(!pt->is_partial)
+ {
+ sprintf(status,"%lu",(ulong)pt->len);
+ write_status_text(STATUS_PLAINTEXT_LENGTH,status);
+ }
+ }
+
+ /* create the filename as C string */
+ if( nooutput )
+ ;
+ else if( opt.outfile ) {
+ fname = xmalloc( strlen( opt.outfile ) + 1);
+ strcpy(fname, opt.outfile );
+ }
+ else if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) ) {
+ log_info(_("data not saved; use option \"--output\" to save it\n"));
+ nooutput = 1;
+ }
+ else if( !opt.flags.use_embedded_filename ) {
+ fname = make_outfile_name( iobuf_get_real_fname(pt->buf) );
+ if( !fname )
+ fname = ask_outfile_name( pt->name, pt->namelen );
+ if( !fname ) {
+ rc = gpg_error (GPG_ERR_GENERAL); /* Can't create file. */
+ goto leave;
+ }
+ }
+ else
+ fname=utf8_to_native(pt->name,pt->namelen,0);
+
+ if( nooutput )
+ ;
+ else if ( iobuf_is_pipe_filename (fname) || !*fname)
+ {
+ /* No filename or "-" given; write to stdout. */
+ fp = stdout;
+#ifdef HAVE_DOSISH_SYSTEM
+ setmode ( fileno(fp) , O_BINARY );
+#endif
+ }
+ else {
+ while( !overwrite_filep (fname) ) {
+ char *tmp = ask_outfile_name (NULL, 0);
+ if ( !tmp || !*tmp ) {
+ xfree (tmp);
+ rc = gpg_error (GPG_ERR_GENERAL); /* G10ERR_CREATE_FILE*/
+ goto leave;
+ }
+ xfree (fname);
+ fname = tmp;
+ }
+ }
+
+#ifndef __riscos__
+ if( fp || nooutput )
+ ;
+ else if (is_secured_filename (fname))
+ {
+ errno = EPERM;
+ rc = gpg_error_from_syserror ();
+ log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
+ goto leave;
+ }
+ else if( !(fp = fopen(fname,"wb")) ) {
+ rc = gpg_error_from_syserror ();
+ log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
+ goto leave;
+ }
+#else /* __riscos__ */
+ /* If no output filename was given, i.e. we constructed it,
+ convert all '.' in fname to '/' but not vice versa as
+ we don't create directories! */
+ if( !opt.outfile )
+ for( c=0; fname[c]; ++c )
+ if( fname[c] == '.' )
+ fname[c] = '/';
+
+ if( fp || nooutput )
+ ;
+ else {
+ fp = fopen(fname,"wb");
+ if( !fp ) {
+ log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
+ rc = G10ERR_CREATE_FILE;
+ if (errno == 106)
+ log_info("Do output file and input file have the same name?\n");
+ goto leave;
+ }
+
+ /* If there's a ,xxx extension in the embedded filename,
+ use that, else check whether the user input (in fname)
+ has a ,xxx appended, then use that in preference */
+ if( (c = riscos_get_filetype_from_string( pt->name,
+ pt->namelen )) != -1 )
+ filetype = c;
+ if( (c = riscos_get_filetype_from_string( fname,
+ strlen(fname) )) != -1 )
+ filetype = c;
+ riscos_set_filetype_by_number(fname, filetype);
+ }
+#endif /* __riscos__ */
+
+ if( !pt->is_partial ) {
+ /* We have an actual length (which might be zero). */
+
+ if (clearsig) {
+ log_error ("clearsig encountered while not expected\n");
+ rc = G10ERR_UNEXPECTED;
+ goto leave;
+ }
+
+ if( convert ) { /* text mode */
+ for( ; pt->len; pt->len-- ) {
+ if( (c = iobuf_get(pt->buf)) == -1 ) {
+ rc = gpg_error_from_syserror ();
+ log_error ("problem reading source (%u bytes remaining)\n",
+ (unsigned)pt->len);
+ goto leave;
+ }
+ if( mfx->md )
+ gcry_md_putc (mfx->md, c );
+#ifndef HAVE_DOSISH_SYSTEM
+ if( c == '\r' ) /* convert to native line ending */
+ continue; /* fixme: this hack might be too simple */
+#endif
+ if( fp )
+ {
+ if(opt.max_output && (++count)>opt.max_output)
+ {
+ log_error ("error writing to `%s': %s\n",
+ fname,"exceeded --max-output limit\n");
+ rc = gpg_error (GPG_ERR_TOO_LARGE);
+ goto leave;
+ }
+ else if( putc( c, fp ) == EOF )
+ {
+ if (ferror (fp))
+ rc = gpg_error_from_syserror ();
+ else
+ rc = gpg_error (GPG_ERR_EOF);
+ log_error ("error writing to `%s': %s\n",
+ fname, strerror(errno) );
+ goto leave;
+ }
+ }
+ }
+ }
+ else { /* binary mode */
+ byte *buffer = xmalloc( 32768 );
+ while( pt->len ) {
+ int len = pt->len > 32768 ? 32768 : pt->len;
+ len = iobuf_read( pt->buf, buffer, len );
+ if( len == -1 ) {
+ rc = gpg_error_from_syserror ();
+ log_error ("problem reading source (%u bytes remaining)\n",
+ (unsigned)pt->len);
+ xfree( buffer );
+ goto leave;
+ }
+ if( mfx->md )
+ gcry_md_write ( mfx->md, buffer, len );
+ if( fp )
+ {
+ if(opt.max_output && (count+=len)>opt.max_output)
+ {
+ log_error ("error writing to `%s': %s\n",
+ fname,"exceeded --max-output limit\n");
+ rc = gpg_error (GPG_ERR_TOO_LARGE);
+ xfree( buffer );
+ goto leave;
+ }
+ else if( fwrite( buffer, 1, len, fp ) != len )
+ {
+ rc = gpg_error_from_syserror ();
+ log_error ("error writing to `%s': %s\n",
+ fname, strerror(errno) );
+ xfree( buffer );
+ goto leave;
+ }
+ }
+ pt->len -= len;
+ }
+ xfree( buffer );
+ }
+ }
+ else if( !clearsig ) {
+ if( convert ) { /* text mode */
+ while( (c = iobuf_get(pt->buf)) != -1 ) {
+ if( mfx->md )
+ gcry_md_putc (mfx->md, c );
+#ifndef HAVE_DOSISH_SYSTEM
+ if( convert && c == '\r' )
+ continue; /* fixme: this hack might be too simple */
+#endif
+ if( fp )
+ {
+ if(opt.max_output && (++count)>opt.max_output)
+ {
+ log_error("Error writing to `%s': %s\n",
+ fname,"exceeded --max-output limit\n");
+ rc = gpg_error (GPG_ERR_TOO_LARGE);
+ goto leave;
+ }
+ else if( putc( c, fp ) == EOF )
+ {
+ if ( ferror (fp ) )
+ rc = gpg_error_from_syserror ();
+ else
+ rc = gpg_error (GPG_ERR_EOF);
+ log_error("error writing to `%s': %s\n",
+ fname, strerror(errno) );
+ goto leave;
+ }
+ }
+ }
+ }
+ else { /* binary mode */
+ byte *buffer = xmalloc( 32768 );
+ int eof_seen = 0;
+
+ while ( !eof_seen ) {
+ /* Why do we check for len < 32768:
+ * If we won't, we would practically read 2 EOFs but
+ * the first one has already popped the block_filter
+ * off and therefore we don't catch the boundary.
+ * So, always assume EOF if iobuf_read returns less bytes
+ * then requested */
+ int len = iobuf_read( pt->buf, buffer, 32768 );
+ if( len == -1 )
+ break;
+ if( len < 32768 )
+ eof_seen = 1;
+ if( mfx->md )
+ gcry_md_write ( mfx->md, buffer, len );
+ if( fp )
+ {
+ if(opt.max_output && (count+=len)>opt.max_output)
+ {
+ log_error("error writing to `%s': %s\n",
+ fname,"exceeded --max-output limit\n");
+ rc = gpg_error (GPG_ERR_TOO_LARGE);
+ xfree( buffer );
+ goto leave;
+ }
+ else if( fwrite( buffer, 1, len, fp ) != len ) {
+ rc = (errno? gpg_error_from_syserror ()
+ : gpg_error (GPG_ERR_INTERNAL));
+ log_error ("error writing to `%s': %s\n",
+ fname, strerror(errno) );
+ xfree( buffer );
+ goto leave;
+ }
+ }
+ }
+ xfree( buffer );
+ }
+ pt->buf = NULL;
+ }
+ else { /* clear text signature - don't hash the last cr,lf */
+ int state = 0;
+
+ while( (c = iobuf_get(pt->buf)) != -1 ) {
+ if( fp )
+ {
+ if(opt.max_output && (++count)>opt.max_output)
+ {
+ log_error ("error writing to `%s': %s\n",
+ fname,"exceeded --max-output limit\n");
+ rc = gpg_error (GPG_ERR_TOO_LARGE);
+ goto leave;
+ }
+ else if( putc( c, fp ) == EOF )
+ {
+ rc = (errno? gpg_error_from_syserror ()
+ : gpg_error (GPG_ERR_INTERNAL));
+ log_error ("error writing to `%s': %s\n",
+ fname, strerror(errno) );
+ goto leave;
+ }
+ }
+ if( !mfx->md )
+ continue;
+ if( state == 2 ) {
+ gcry_md_putc (mfx->md, '\r' );
+ gcry_md_putc (mfx->md, '\n' );
+ state = 0;
+ }
+ if( !state ) {
+ if( c == '\r' )
+ state = 1;
+ else if( c == '\n' )
+ state = 2;
+ else
+ gcry_md_putc(mfx->md, c );
+ }
+ else if( state == 1 ) {
+ if( c == '\n' )
+ state = 2;
+ else {
+ gcry_md_putc(mfx->md, '\r' );
+ if( c == '\r' )
+ state = 1;
+ else {
+ state = 0;
+ gcry_md_putc(mfx->md, c );
+ }
+ }
+ }
+ }
+ pt->buf = NULL;
+ }
+
+ if( fp && fp != stdout && fclose(fp) ) {
+ rc = (errno? gpg_error_from_syserror ()
+ : gpg_error (GPG_ERR_INTERNAL));
+ log_error ("error closing `%s': %s\n", fname, strerror(errno) );
+ fp = NULL;
+ goto leave;
+ }
+ fp = NULL;
+
+ leave:
+ /* Make sure that stdout gets flushed after the plaintext has
+ been handled. This is for extra security as we do a
+ flush anyway before checking the signature. */
+ if (fflush (stdout))
+ {
+ /* We need to check the return code to detect errors like disk
+ full for short plaintexts. See bug#1207. Checking return
+ values is a good idea in any case. */
+ if (!rc)
+ rc = gpg_error_from_syserror ();
+ log_error ("error flushing `%s': %s\n", "[stdout]", strerror (errno) );
+ }
+
+ if( fp && fp != stdout )
+ fclose (fp);
+ xfree(fname);
+ return rc;
+}
+
+static void
+do_hash( gcry_md_hd_t md, gcry_md_hd_t md2, IOBUF fp, int textmode )
+{
+ text_filter_context_t tfx;
+ int c;
+
+ if( textmode ) {
+ memset( &tfx, 0, sizeof tfx);
+ iobuf_push_filter( fp, text_filter, &tfx );
+ }
+ if( md2 ) { /* work around a strange behaviour in pgp2 */
+ /* It seems that at least PGP5 converts a single CR to a CR,LF too */
+ int lc = -1;
+ while( (c = iobuf_get(fp)) != -1 ) {
+ if( c == '\n' && lc == '\r' )
+ gcry_md_putc (md2, c);
+ else if( c == '\n' ) {
+ gcry_md_putc (md2, '\r');
+ gcry_md_putc (md2, c);
+ }
+ else if( c != '\n' && lc == '\r' ) {
+ gcry_md_putc (md2, '\n');
+ gcry_md_putc (md2, c);
+ }
+ else
+ gcry_md_putc (md2, c);
+
+ if( md )
+ gcry_md_putc (md, c );
+ lc = c;
+ }
+ }
+ else {
+ while( (c = iobuf_get(fp)) != -1 ) {
+ if( md )
+ gcry_md_putc (md, c );
+ }
+ }
+}
+
+
+/****************
+ * Ask for the detached datafile and calculate the digest from it.
+ * INFILE is the name of the input file.
+ */
+int
+ask_for_detached_datafile (gcry_md_hd_t md, gcry_md_hd_t md2,
+ const char *inname, int textmode )
+{
+ progress_filter_context_t *pfx;
+ char *answer = NULL;
+ IOBUF fp;
+ int rc = 0;
+
+ pfx = new_progress_context ();
+ fp = open_sigfile ( inname, pfx ); /* Open default file. */
+
+ if( !fp && !opt.batch ) {
+ int any=0;
+ tty_printf(_("Detached signature.\n"));
+ do {
+ char *name;
+
+ xfree(answer);
+ tty_enable_completion(NULL);
+ name = cpr_get("detached_signature.filename",
+ _("Please enter name of data file: "));
+ tty_disable_completion();
+ cpr_kill_prompt();
+ answer=make_filename(name,(void *)NULL);
+ xfree(name);
+
+ if( any && !*answer ) {
+ rc = gpg_error (GPG_ERR_GENERAL); /*G10ERR_READ_FILE*/
+ goto leave;
+ }
+ fp = iobuf_open(answer);
+ if (fp && is_secured_file (iobuf_get_fd (fp)))
+ {
+ iobuf_close (fp);
+ fp = NULL;
+ errno = EPERM;
+ }
+ if( !fp && errno == ENOENT ) {
+ tty_printf("No such file, try again or hit enter to quit.\n");
+ any++;
+ }
+ else if( !fp )
+ {
+ rc = gpg_error_from_syserror ();
+ log_error(_("can't open `%s': %s\n"), answer, strerror(errno));
+ goto leave;
+ }
+ } while( !fp );
+ }
+
+ if( !fp ) {
+ if( opt.verbose )
+ log_info(_("reading stdin ...\n"));
+ fp = iobuf_open( NULL );
+ assert(fp);
+ }
+ do_hash( md, md2, fp, textmode );
+ iobuf_close(fp);
+
+ leave:
+ xfree(answer);
+ release_progress_context (pfx);
+ return rc;
+}
+
+
+
+/****************
+ * Hash the given files and append the hash to hash context md.
+ * If FILES is NULL, hash stdin.
+ */
+int
+hash_datafiles( gcry_md_hd_t md, gcry_md_hd_t md2, strlist_t files,
+ const char *sigfilename, int textmode )
+{
+ progress_filter_context_t *pfx;
+ IOBUF fp;
+ strlist_t sl;
+
+ pfx = new_progress_context ();
+
+ if( !files ) {
+ /* check whether we can open the signed material */
+ fp = open_sigfile( sigfilename, pfx );
+ if( fp ) {
+ do_hash( md, md2, fp, textmode );
+ iobuf_close(fp);
+ release_progress_context (pfx);
+ return 0;
+ }
+ log_error (_("no signed data\n"));
+ release_progress_context (pfx);
+ return gpg_error (GPG_ERR_NO_DATA);
+ }
+
+
+ for (sl=files; sl; sl = sl->next ) {
+ fp = iobuf_open( sl->d );
+ if (fp && is_secured_file (iobuf_get_fd (fp)))
+ {
+ iobuf_close (fp);
+ fp = NULL;
+ errno = EPERM;
+ }
+ if( !fp ) {
+ int rc = gpg_error_from_syserror ();
+ log_error(_("can't open signed data `%s'\n"),
+ print_fname_stdin(sl->d));
+ release_progress_context (pfx);
+ return rc;
+ }
+ handle_progress (pfx, fp, sl->d);
+ do_hash( md, md2, fp, textmode );
+ iobuf_close(fp);
+ }
+
+ release_progress_context (pfx);
+ return 0;
+}
+
+
+/* Hash the data from file descriptor DATA_FD and append the hash to hash
+ contexts MD and MD2. */
+int
+hash_datafile_by_fd ( gcry_md_hd_t md, gcry_md_hd_t md2, int data_fd,
+ int textmode )
+{
+ progress_filter_context_t *pfx = new_progress_context ();
+ iobuf_t fp;
+
+ fp = iobuf_fdopen (data_fd, "rb");
+ if (fp && is_secured_file (data_fd))
+ {
+ iobuf_close (fp);
+ fp = NULL;
+ errno = EPERM;
+ }
+ if ( !fp )
+ {
+ int rc = gpg_error_from_syserror ();
+ log_error ( _("can't open signed data fd=%d: %s\n"),
+ data_fd, strerror (errno));
+ release_progress_context (pfx);
+ return rc;
+ }
+
+ handle_progress (pfx, fp, NULL);
+
+ do_hash ( md, md2, fp, textmode);
+
+ iobuf_close(fp);
+
+ release_progress_context (pfx);
+ return 0;
+}
+
+
+/* Set up a plaintext packet with the appropriate filename. If there
+ is a --set-filename, use it (it's already UTF8). If there is a
+ regular filename, UTF8-ize it if necessary. If there is no
+ filenames at all, set the field empty. */
+
+PKT_plaintext *
+setup_plaintext_name(const char *filename,IOBUF iobuf)
+{
+ PKT_plaintext *pt;
+
+ if ((filename && !iobuf_is_pipe_filename (filename))
+ || (opt.set_filename && !iobuf_is_pipe_filename (opt.set_filename)))
+ {
+ char *s;
+
+ if(opt.set_filename)
+ s=make_basename(opt.set_filename,iobuf_get_real_fname(iobuf));
+ else if(filename && !opt.flags.utf8_filename)
+ {
+ char *tmp=native_to_utf8(filename);
+ s=make_basename(tmp,iobuf_get_real_fname(iobuf));
+ xfree(tmp);
+ }
+ else
+ s=make_basename(filename,iobuf_get_real_fname(iobuf));
+
+ pt = xmalloc (sizeof *pt + strlen(s) - 1);
+ pt->namelen = strlen (s);
+ memcpy (pt->name, s, pt->namelen);
+ xfree (s);
+ }
+ else
+ {
+ /* no filename */
+ pt = xmalloc (sizeof *pt - 1);
+ pt->namelen = 0;
+ }
+
+ return pt;
+}
diff --git a/g10/progress.c b/g10/progress.c
new file mode 100644
index 0000000..d0aa926
--- /dev/null
+++ b/g10/progress.c
@@ -0,0 +1,159 @@
+/* progress.c - emit progress status lines
+ * Copyright (C) 2003, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "iobuf.h"
+#include "filter.h"
+#include "status.h"
+#include "util.h"
+#include "options.h"
+
+/* Create a new context for use with the progress filter. We need to
+ allocate such contexts on the heap because there is no guarantee
+ that at the end of a function the filter has already been popped
+ off. In general this will happen but with malformed packets it is
+ possible that a filter has not yet reached the end-of-stream when
+ the function has done all processing. Checking in each function
+ that end-of-stream has been reached would be to cumbersome.
+
+ What we also do is to shortcut the progress handler by having this
+ function return NULL if progress information has not been
+ requested.
+*/
+progress_filter_context_t *
+new_progress_context (void)
+{
+ progress_filter_context_t *pfx;
+
+ if (!opt.enable_progress_filter)
+ return NULL;
+
+ if (!is_status_enabled ())
+ return NULL;
+
+ pfx = xcalloc (1, sizeof *pfx);
+ pfx->refcount = 1;
+
+ return pfx;
+}
+
+/* Release a progress filter context. Passing NULL is explicitly
+ allowed and a no-op. */
+void
+release_progress_context (progress_filter_context_t *pfx)
+{
+ if (!pfx)
+ return;
+ assert (pfx->refcount);
+ if ( --pfx->refcount )
+ return;
+ xfree (pfx->what);
+ xfree (pfx);
+}
+
+
+/****************
+ * The filter is used to report progress to the user.
+ */
+static int
+progress_filter (void *opaque, int control,
+ IOBUF a, byte *buf, size_t *ret_len)
+{
+ int rc = 0;
+ progress_filter_context_t *pfx = opaque;
+
+ if (control == IOBUFCTRL_INIT)
+ {
+ char buffer[50];
+
+ pfx->last = 0;
+ pfx->offset = 0;
+ pfx->last_time = make_timestamp ();
+
+ sprintf (buffer, "%.20s ? %lu %lu",
+ pfx->what? pfx->what : "?",
+ pfx->offset,
+ pfx->total);
+ write_status_text (STATUS_PROGRESS, buffer);
+ }
+ else if (control == IOBUFCTRL_UNDERFLOW)
+ {
+ u32 timestamp = make_timestamp ();
+ int len = iobuf_read (a, buf, *ret_len);
+
+ if (len >= 0)
+ {
+ pfx->offset += len;
+ *ret_len = len;
+ }
+ else
+ {
+ *ret_len = 0;
+ rc = -1;
+ }
+ if ((len == -1 && pfx->offset != pfx->last)
+ || timestamp - pfx->last_time > 0)
+ {
+ char buffer[50];
+
+ sprintf (buffer, "%.20s ? %lu %lu",
+ pfx->what? pfx->what : "?",
+ pfx->offset,
+ pfx->total);
+ write_status_text (STATUS_PROGRESS, buffer);
+
+ pfx->last = pfx->offset;
+ pfx->last_time = timestamp;
+ }
+ }
+ else if (control == IOBUFCTRL_FREE)
+ {
+ release_progress_context (pfx);
+ }
+ else if (control == IOBUFCTRL_DESC)
+ *(char**)buf = "progress_filter";
+ return rc;
+}
+
+void
+handle_progress (progress_filter_context_t *pfx, IOBUF inp, const char *name)
+{
+ off_t filesize = 0;
+
+ if (!pfx)
+ return;
+
+ assert (opt.enable_progress_filter);
+ assert (is_status_enabled ());
+
+ if ( !iobuf_is_pipe_filename (name) && *name )
+ filesize = iobuf_get_filelength (inp, NULL);
+ else if (opt.set_filesize)
+ filesize = opt.set_filesize;
+
+ /* register the progress filter */
+ pfx->what = xstrdup (name ? name : "stdin");
+ pfx->total = filesize;
+ pfx->refcount++;
+ iobuf_push_filter (inp, progress_filter, pfx);
+}
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
new file mode 100644
index 0000000..c0167b1
--- /dev/null
+++ b/g10/pubkey-enc.c
@@ -0,0 +1,357 @@
+/* pubkey-enc.c - public key encoded packet handling
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002,
+ * 2006, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "packet.h"
+#include "keydb.h"
+#include "trustdb.h"
+#include "cipher.h"
+#include "status.h"
+#include "options.h"
+#include "main.h"
+#include "i18n.h"
+#include "pkglue.h"
+#include "call-agent.h"
+
+
+static int get_it( PKT_pubkey_enc *k,
+ DEK *dek, PKT_secret_key *sk, u32 *keyid );
+
+
+/* check that the given algo is mentioned in one of the valid user IDs */
+static int
+is_algo_in_prefs ( KBNODE keyblock, preftype_t type, int algo )
+{
+ KBNODE k;
+
+ for (k=keyblock; k; k=k->next) {
+ if (k->pkt->pkttype == PKT_USER_ID) {
+ PKT_user_id *uid = k->pkt->pkt.user_id;
+ prefitem_t *prefs = uid->prefs;
+
+ if (uid->created && prefs &&
+ !uid->is_revoked && !uid->is_expired ) {
+ for (; prefs->type; prefs++ )
+ if (prefs->type == type && prefs->value == algo)
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
+
+
+/****************
+ * Get the session key from a pubkey enc packet and return
+ * it in DEK, which should have been allocated in secure memory.
+ */
+int
+get_session_key( PKT_pubkey_enc *k, DEK *dek )
+{
+ PKT_secret_key *sk = NULL;
+ int rc;
+
+ rc = openpgp_pk_test_algo2 (k->pubkey_algo, PUBKEY_USAGE_ENC);
+ if( rc )
+ goto leave;
+
+ if( (k->keyid[0] || k->keyid[1]) && !opt.try_all_secrets ) {
+ sk = xmalloc_clear( sizeof *sk );
+ sk->pubkey_algo = k->pubkey_algo; /* we want a pubkey with this algo*/
+ if( !(rc = get_seckey( sk, k->keyid )) )
+ rc = get_it( k, dek, sk, k->keyid );
+ }
+ else { /* anonymous receiver: Try all available secret keys */
+ void *enum_context = NULL;
+ u32 keyid[2];
+ char *p;
+
+ for(;;) {
+ if( sk )
+ free_secret_key( sk );
+ sk = xmalloc_clear( sizeof *sk );
+ rc=enum_secret_keys( &enum_context, sk, 1, 0);
+ if( rc ) {
+ rc = G10ERR_NO_SECKEY;
+ break;
+ }
+ if( sk->pubkey_algo != k->pubkey_algo )
+ continue;
+ keyid_from_sk( sk, keyid );
+ log_info(_("anonymous recipient; trying secret key %s ...\n"),
+ keystr(keyid));
+
+ if(!opt.try_all_secrets && !is_status_enabled())
+ {
+ p=get_last_passphrase();
+ set_next_passphrase(p);
+ xfree(p);
+ }
+
+ rc = check_secret_key( sk, opt.try_all_secrets?1:-1 ); /* ask
+ only
+ once */
+ if( !rc )
+ {
+ rc = get_it( k, dek, sk, keyid );
+ /* Successfully checked the secret key (either it was
+ a card, had no passphrase, or had the right
+ passphrase) but couldn't decrypt the session key,
+ so thus that key is not the anonymous recipient.
+ Move the next passphrase into last for the next
+ round. We only do this if the secret key was
+ successfully checked as in the normal case,
+ check_secret_key handles this for us via
+ passphrase_to_dek */
+ if(rc)
+ next_to_last_passphrase();
+ }
+
+ if( !rc )
+ {
+ log_info(_("okay, we are the anonymous recipient.\n") );
+ break;
+ }
+ }
+ enum_secret_keys( &enum_context, NULL, 0, 0 ); /* free context */
+ }
+
+ leave:
+ if( sk )
+ free_secret_key( sk );
+ return rc;
+}
+
+
+static int
+get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid )
+{
+ int rc;
+ gcry_mpi_t plain_dek = NULL;
+ byte *frame = NULL;
+ unsigned int n;
+ size_t nframe;
+ u16 csum, csum2;
+
+ int card = 0;
+
+ if (sk->is_protected && sk->protect.s2k.mode == 1002)
+ { /* Note, that we only support RSA for now. */
+#ifdef ENABLE_CARD_SUPPORT
+ unsigned char *rbuf;
+ size_t rbuflen;
+ char *snbuf;
+ unsigned char *indata = NULL;
+ size_t indatalen;
+
+ snbuf = serialno_and_fpr_from_sk (sk->protect.iv, sk->protect.ivlen, sk);
+
+ if (gcry_mpi_aprint (GCRYMPI_FMT_USG, &indata, &indatalen, enc->data[0]))
+ BUG ();
+
+ rc = agent_scd_pkdecrypt (snbuf, indata, indatalen, &rbuf, &rbuflen);
+ xfree (snbuf);
+ xfree (indata);
+ if (rc)
+ goto leave;
+
+ frame = rbuf;
+ nframe = rbuflen;
+ card = 1;
+#else
+ rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
+ goto leave;
+#endif /*!ENABLE_CARD_SUPPORT*/
+ }
+ else
+ {
+ rc = pk_decrypt (sk->pubkey_algo, &plain_dek, enc->data, sk->skey );
+ if( rc )
+ goto leave;
+ if (gcry_mpi_aprint (GCRYMPI_FMT_USG, &frame, &nframe, plain_dek))
+ BUG();
+ gcry_mpi_release (plain_dek); plain_dek = NULL;
+ }
+
+ /* Now get the DEK (data encryption key) from the frame
+ *
+ * Old versions encode the DEK in in this format (msb is left):
+ *
+ * 0 1 DEK(16 bytes) CSUM(2 bytes) 0 RND(n bytes) 2
+ *
+ * Later versions encode the DEK like this:
+ *
+ * 0 2 RND(n bytes) 0 A DEK(k bytes) CSUM(2 bytes)
+ *
+ * (mpi_get_buffer already removed the leading zero).
+ *
+ * RND are non-zero randow bytes.
+ * A is the cipher algorithm
+ * DEK is the encryption key (session key) with length k
+ * CSUM
+ */
+ if (DBG_CIPHER)
+ log_printhex ("DEK frame:", frame, nframe );
+ n=0;
+ if (!card)
+ {
+ if( n + 7 > nframe )
+ { rc = G10ERR_WRONG_SECKEY; goto leave; }
+ if( frame[n] == 1 && frame[nframe-1] == 2 ) {
+ log_info(_("old encoding of the DEK is not supported\n"));
+ rc = G10ERR_CIPHER_ALGO;
+ goto leave;
+ }
+ if( frame[n] != 2 ) /* somethink is wrong */
+ { rc = G10ERR_WRONG_SECKEY; goto leave; }
+ for(n++; n < nframe && frame[n]; n++ ) /* skip the random bytes */
+ ;
+ n++; /* and the zero byte */
+ }
+
+ if( n + 4 > nframe )
+ { rc = G10ERR_WRONG_SECKEY; goto leave; }
+
+ dek->keylen = nframe - (n+1) - 2;
+ dek->algo = frame[n++];
+ if( dek->algo == CIPHER_ALGO_IDEA )
+ write_status(STATUS_RSA_OR_IDEA);
+ rc = openpgp_cipher_test_algo (dek->algo);
+ if( rc ) {
+ if( !opt.quiet && gpg_err_code (rc) == GPG_ERR_CIPHER_ALGO ) {
+ log_info(_("cipher algorithm %d%s is unknown or disabled\n"),
+ dek->algo, dek->algo == CIPHER_ALGO_IDEA? " (IDEA)":"");
+ if(dek->algo==CIPHER_ALGO_IDEA)
+ idea_cipher_warn (0);
+ }
+ dek->algo = 0;
+ goto leave;
+ }
+ if ( dek->keylen != openpgp_cipher_get_algo_keylen (dek->algo) ) {
+ rc = GPG_ERR_WRONG_SECKEY;
+ goto leave;
+ }
+
+ /* copy the key to DEK and compare the checksum */
+ csum = frame[nframe-2] << 8;
+ csum |= frame[nframe-1];
+ memcpy( dek->key, frame+n, dek->keylen );
+ for( csum2=0, n=0; n < dek->keylen; n++ )
+ csum2 += dek->key[n];
+ if( csum != csum2 ) {
+ rc = G10ERR_WRONG_SECKEY;
+ goto leave;
+ }
+ if( DBG_CIPHER )
+ log_printhex ("DEK is:", dek->key, dek->keylen );
+ /* check that the algo is in the preferences and whether it has expired */
+ {
+ PKT_public_key *pk = NULL;
+ KBNODE pkb = get_pubkeyblock (keyid);
+
+ if( !pkb ) {
+ rc = -1;
+ log_error("oops: public key not found for preference check\n");
+ }
+ else if(pkb->pkt->pkt.public_key->selfsigversion > 3
+ && dek->algo != CIPHER_ALGO_3DES
+ && !opt.quiet
+ && !is_algo_in_prefs( pkb, PREFTYPE_SYM, dek->algo ))
+ log_info (_("WARNING: cipher algorithm %s not found in recipient"
+ " preferences\n"), openpgp_cipher_algo_name (dek->algo));
+ if (!rc) {
+ KBNODE k;
+
+ for (k=pkb; k; k = k->next) {
+ if (k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY){
+ u32 aki[2];
+ keyid_from_pk(k->pkt->pkt.public_key, aki);
+
+ if (aki[0]==keyid[0] && aki[1]==keyid[1]) {
+ pk = k->pkt->pkt.public_key;
+ break;
+ }
+ }
+ }
+ if (!pk)
+ BUG ();
+ if ( pk->expiredate && pk->expiredate <= make_timestamp() ) {
+ log_info(_("NOTE: secret key %s expired at %s\n"),
+ keystr(keyid), asctimestamp( pk->expiredate) );
+ }
+ }
+
+ if ( pk && pk->is_revoked ) {
+ log_info( _("NOTE: key has been revoked") );
+ log_printf ("\n");
+ show_revocation_reason( pk, 1 );
+ }
+
+ release_kbnode (pkb);
+ rc = 0;
+ }
+
+
+ leave:
+ gcry_mpi_release (plain_dek);
+ xfree (frame);
+ return rc;
+}
+
+
+/****************
+ * Get the session key from the given string.
+ * String is supposed to be formatted as this:
+ * <algo-id>:<even-number-of-hex-digits>
+ */
+int
+get_override_session_key( DEK *dek, const char *string )
+{
+ const char *s;
+ int i;
+
+ if ( !string )
+ return G10ERR_BAD_KEY;
+ dek->algo = atoi(string);
+ if ( dek->algo < 1 )
+ return G10ERR_BAD_KEY;
+ if ( !(s = strchr ( string, ':' )) )
+ return G10ERR_BAD_KEY;
+ s++;
+ for(i=0; i < DIM(dek->key) && *s; i++, s +=2 ) {
+ int c = hextobyte ( s );
+ if (c == -1)
+ return G10ERR_BAD_KEY;
+ dek->key[i] = c;
+ }
+ if ( *s )
+ return G10ERR_BAD_KEY;
+ dek->keylen = i;
+ return 0;
+}
+
diff --git a/g10/revoke.c b/g10/revoke.c
new file mode 100644
index 0000000..cce6d69
--- /dev/null
+++ b/g10/revoke.c
@@ -0,0 +1,736 @@
+/* revoke.c
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+ * 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <ctype.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "packet.h"
+#include "status.h"
+#include "keydb.h"
+#include "util.h"
+#include "main.h"
+#include "ttyio.h"
+#include "status.h"
+#include "i18n.h"
+
+
+struct revocation_reason_info {
+ int code;
+ char *desc;
+};
+
+
+int
+revocation_reason_build_cb( PKT_signature *sig, void *opaque )
+{
+ struct revocation_reason_info *reason = opaque;
+ char *ud = NULL;
+ byte *buffer;
+ size_t buflen = 1;
+
+ if(!reason)
+ return 0;
+
+ if( reason->desc ) {
+ ud = native_to_utf8( reason->desc );
+ buflen += strlen(ud);
+ }
+ buffer = xmalloc( buflen );
+ *buffer = reason->code;
+ if( ud ) {
+ memcpy(buffer+1, ud, strlen(ud) );
+ xfree( ud );
+ }
+
+ build_sig_subpkt( sig, SIGSUBPKT_REVOC_REASON, buffer, buflen );
+ xfree( buffer );
+ return 0;
+}
+
+/* Outputs a minimal pk (as defined by 2440) from a keyblock. A
+ minimal pk consists of the public key packet and a user ID. We try
+ and pick a user ID that has a uid signature, and include it if
+ possible. */
+static int
+export_minimal_pk(IOBUF out,KBNODE keyblock,
+ PKT_signature *revsig,PKT_signature *revkey)
+{
+ KBNODE node;
+ PACKET pkt;
+ PKT_user_id *uid=NULL;
+ PKT_signature *selfsig=NULL;
+ u32 keyid[2];
+ int rc;
+
+ node=find_kbnode(keyblock,PKT_PUBLIC_KEY);
+ if(!node)
+ {
+ log_error("key incomplete\n");
+ return G10ERR_GENERAL;
+ }
+
+ keyid_from_pk(node->pkt->pkt.public_key,keyid);
+
+ pkt=*node->pkt;
+ rc=build_packet(out,&pkt);
+ if(rc)
+ {
+ log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
+ return rc;
+ }
+
+ init_packet(&pkt);
+ pkt.pkttype=PKT_SIGNATURE;
+
+ /* the revocation itself, if any. 2440 likes this to come first. */
+ if(revsig)
+ {
+ pkt.pkt.signature=revsig;
+ rc=build_packet(out,&pkt);
+ if(rc)
+ {
+ log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
+ return rc;
+ }
+ }
+
+ /* If a revkey in a 1F sig is present, include it too */
+ if(revkey)
+ {
+ pkt.pkt.signature=revkey;
+ rc=build_packet(out,&pkt);
+ if(rc)
+ {
+ log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
+ return rc;
+ }
+ }
+
+ while(!selfsig)
+ {
+ KBNODE signode;
+
+ node=find_next_kbnode(node,PKT_USER_ID);
+ if(!node)
+ {
+ /* We're out of user IDs - none were self-signed. */
+ if(uid)
+ break;
+ else
+ {
+ log_error(_("key %s has no user IDs\n"),keystr(keyid));
+ return G10ERR_GENERAL;
+ }
+ }
+
+ if(node->pkt->pkt.user_id->attrib_data)
+ continue;
+
+ uid=node->pkt->pkt.user_id;
+ signode=node;
+
+ while((signode=find_next_kbnode(signode,PKT_SIGNATURE)))
+ {
+ if(keyid[0]==signode->pkt->pkt.signature->keyid[0] &&
+ keyid[1]==signode->pkt->pkt.signature->keyid[1] &&
+ IS_UID_SIG(signode->pkt->pkt.signature))
+ {
+ selfsig=signode->pkt->pkt.signature;
+ break;
+ }
+ }
+ }
+
+ pkt.pkttype=PKT_USER_ID;
+ pkt.pkt.user_id=uid;
+
+ rc=build_packet(out,&pkt);
+ if(rc)
+ {
+ log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
+ return rc;
+ }
+
+ if(selfsig)
+ {
+ pkt.pkttype=PKT_SIGNATURE;
+ pkt.pkt.signature=selfsig;
+
+ rc=build_packet(out,&pkt);
+ if(rc)
+ {
+ log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
+ return rc;
+ }
+ }
+
+ return 0;
+}
+
+/****************
+ * Generate a revocation certificate for UNAME via a designated revoker
+ */
+int
+gen_desig_revoke( const char *uname, strlist_t locusr )
+{
+ int rc = 0;
+ armor_filter_context_t *afx;
+ PKT_public_key *pk = NULL;
+ PKT_secret_key *sk = NULL;
+ PKT_signature *sig = NULL;
+ IOBUF out = NULL;
+ struct revocation_reason_info *reason = NULL;
+ KEYDB_HANDLE kdbhd;
+ KEYDB_SEARCH_DESC desc;
+ KBNODE keyblock=NULL,node;
+ u32 keyid[2];
+ int i,any=0;
+ SK_LIST sk_list=NULL;
+
+ if( opt.batch )
+ {
+ log_error(_("can't do this in batch mode\n"));
+ return G10ERR_GENERAL;
+ }
+
+ afx = new_armor_context ();
+
+ kdbhd = keydb_new (0);
+ classify_user_id (uname, &desc);
+ rc = desc.mode? keydb_search (kdbhd, &desc, 1) : G10ERR_INV_USER_ID;
+ if (rc) {
+ log_error (_("key \"%s\" not found: %s\n"),uname, g10_errstr (rc));
+ goto leave;
+ }
+
+ rc = keydb_get_keyblock (kdbhd, &keyblock );
+ if( rc ) {
+ log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
+ goto leave;
+ }
+
+ /* To parse the revkeys */
+ merge_keys_and_selfsig(keyblock);
+
+ /* get the key from the keyblock */
+ node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
+ if( !node )
+ BUG ();
+
+ pk=node->pkt->pkt.public_key;
+
+ keyid_from_pk(pk,keyid);
+
+ if(locusr)
+ {
+ rc=build_sk_list(locusr,&sk_list,0,PUBKEY_USAGE_CERT);
+ if(rc)
+ goto leave;
+ }
+
+ /* Are we a designated revoker for this key? */
+
+ if(!pk->revkey && pk->numrevkeys)
+ BUG();
+
+ for(i=0;i<pk->numrevkeys;i++)
+ {
+ SK_LIST list;
+
+ if(sk)
+ free_secret_key(sk);
+
+ if(sk_list)
+ {
+ for(list=sk_list;list;list=list->next)
+ {
+ byte fpr[MAX_FINGERPRINT_LEN];
+ size_t fprlen;
+
+ fingerprint_from_sk(list->sk,fpr,&fprlen);
+
+ /* Don't get involved with keys that don't have 160
+ bit fingerprints */
+ if(fprlen!=20)
+ continue;
+
+ if(memcmp(fpr,pk->revkey[i].fpr,20)==0)
+ break;
+ }
+
+ if(list)
+ sk=copy_secret_key(NULL,list->sk);
+ else
+ continue;
+ }
+ else
+ {
+ sk=xmalloc_secure_clear(sizeof(*sk));
+ rc=get_seckey_byfprint(sk,pk->revkey[i].fpr,MAX_FINGERPRINT_LEN);
+ }
+
+ /* We have the revocation key */
+ if(!rc)
+ {
+ PKT_signature *revkey = NULL;
+
+ any = 1;
+
+ print_pubkey_info (NULL, pk);
+ tty_printf ("\n");
+
+ tty_printf (_("To be revoked by:\n"));
+ print_seckey_info (sk);
+
+ if(pk->revkey[i].class&0x40)
+ tty_printf(_("(This is a sensitive revocation key)\n"));
+ tty_printf("\n");
+
+ if( !cpr_get_answer_is_yes("gen_desig_revoke.okay",
+ _("Create a designated revocation certificate for this key? (y/N) ")))
+ continue;
+
+ /* get the reason for the revocation (this is always v4) */
+ reason = ask_revocation_reason( 1, 0, 1 );
+ if( !reason )
+ continue;
+
+ rc = check_secret_key( sk, 0 );
+ if( rc )
+ continue;
+
+ if( !opt.armor )
+ tty_printf(_("ASCII armored output forced.\n"));
+
+ if( (rc = open_outfile( NULL, 0, &out )) )
+ goto leave;
+
+ afx->what = 1;
+ afx->hdrlines = "Comment: A designated revocation certificate"
+ " should follow\n";
+ push_armor_filter (afx, out);
+
+ /* create it */
+ rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0,
+ 0, 0, 0,
+ revocation_reason_build_cb, reason );
+ if( rc ) {
+ log_error(_("make_keysig_packet failed: %s\n"), g10_errstr(rc));
+ goto leave;
+ }
+
+ /* Spit out a minimal pk as well, since otherwise there is
+ no way to know which key to attach this revocation to.
+ Also include the direct key signature that contains
+ this revocation key. We're allowed to include
+ sensitive revocation keys along with a revocation, as
+ this may be the only time the recipient has seen it.
+ Note that this means that if we have multiple different
+ sensitive revocation keys in a given direct key
+ signature, we're going to include them all here. This
+ is annoying, but the good outweighs the bad, since
+ without including this a sensitive revoker can't really
+ do their job. People should not include multiple
+ sensitive revocation keys in one signature: 2440 says
+ "Note that it may be appropriate to isolate this
+ subpacket within a separate signature so that it is not
+ combined with other subpackets that need to be
+ exported." -dms */
+
+ while(!revkey)
+ {
+ KBNODE signode;
+
+ signode=find_next_kbnode(node,PKT_SIGNATURE);
+ if(!signode)
+ break;
+
+ node=signode;
+
+ if(keyid[0]==signode->pkt->pkt.signature->keyid[0] &&
+ keyid[1]==signode->pkt->pkt.signature->keyid[1] &&
+ IS_KEY_SIG(signode->pkt->pkt.signature))
+ {
+ int j;
+
+ for(j=0;j<signode->pkt->pkt.signature->numrevkeys;j++)
+ {
+ if(pk->revkey[i].class==
+ signode->pkt->pkt.signature->revkey[j]->class &&
+ pk->revkey[i].algid==
+ signode->pkt->pkt.signature->revkey[j]->algid &&
+ memcmp(pk->revkey[i].fpr,
+ signode->pkt->pkt.signature->revkey[j]->fpr,
+ MAX_FINGERPRINT_LEN)==0)
+ {
+ revkey=signode->pkt->pkt.signature;
+ break;
+ }
+ }
+ }
+ }
+
+ if(!revkey)
+ BUG();
+
+ rc=export_minimal_pk(out,keyblock,sig,revkey);
+ if(rc)
+ goto leave;
+
+ /* and issue a usage notice */
+ tty_printf(_("Revocation certificate created.\n"));
+ break;
+ }
+ }
+
+ if(!any)
+ log_error(_("no revocation keys found for \"%s\"\n"),uname);
+
+ leave:
+ if( pk )
+ free_public_key( pk );
+ if( sk )
+ free_secret_key( sk );
+ if( sig )
+ free_seckey_enc( sig );
+
+ release_sk_list(sk_list);
+
+ if( rc )
+ iobuf_cancel(out);
+ else
+ iobuf_close(out);
+ release_revocation_reason_info( reason );
+ release_armor_context (afx);
+ return rc;
+}
+
+
+/****************
+ * Generate a revocation certificate for UNAME
+ */
+int
+gen_revoke( const char *uname )
+{
+ int rc = 0;
+ armor_filter_context_t *afx;
+ PACKET pkt;
+ PKT_secret_key *sk; /* used as pointer into a kbnode */
+ PKT_public_key *pk = NULL;
+ PKT_signature *sig = NULL;
+ u32 sk_keyid[2];
+ IOBUF out = NULL;
+ KBNODE keyblock = NULL, pub_keyblock = NULL;
+ KBNODE node;
+ KEYDB_HANDLE kdbhd;
+ struct revocation_reason_info *reason = NULL;
+ KEYDB_SEARCH_DESC desc;
+
+ if( opt.batch )
+ {
+ log_error(_("can't do this in batch mode\n"));
+ return G10ERR_GENERAL;
+ }
+
+ afx = new_armor_context ();
+ init_packet( &pkt );
+
+ /* search the userid:
+ * We don't want the whole getkey stuff here but the entire keyblock
+ */
+ kdbhd = keydb_new (1);
+ classify_user_id (uname, &desc);
+ rc = desc.mode? keydb_search (kdbhd, &desc, 1) : G10ERR_INV_USER_ID;
+ if (rc)
+ {
+ log_error (_("secret key \"%s\" not found: %s\n"),
+ uname, g10_errstr (rc));
+ goto leave;
+ }
+
+ rc = keydb_get_keyblock (kdbhd, &keyblock );
+ if( rc ) {
+ log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
+ goto leave;
+ }
+
+ /* get the keyid from the keyblock */
+ node = find_kbnode( keyblock, PKT_SECRET_KEY );
+ if( !node )
+ BUG ();
+
+ /* fixme: should make a function out of this stuff,
+ * it's used all over the source */
+ sk = node->pkt->pkt.secret_key;
+ keyid_from_sk( sk, sk_keyid );
+ print_seckey_info (sk);
+
+ /* FIXME: We should get the public key direct from the secret one */
+
+ pub_keyblock=get_pubkeyblock(sk_keyid);
+ if(!pub_keyblock)
+ {
+ log_error(_("no corresponding public key: %s\n"), g10_errstr(rc) );
+ goto leave;
+ }
+
+ node=find_kbnode(pub_keyblock,PKT_PUBLIC_KEY);
+ if(!node)
+ BUG();
+
+ pk=node->pkt->pkt.public_key;
+
+ if( cmp_public_secret_key( pk, sk ) ) {
+ log_error(_("public key does not match secret key!\n") );
+ rc = G10ERR_GENERAL;
+ goto leave;
+ }
+
+ tty_printf("\n");
+ if( !cpr_get_answer_is_yes("gen_revoke.okay",
+ _("Create a revocation certificate for this key? (y/N) ")) )
+ {
+ rc = 0;
+ goto leave;
+ }
+
+ if(sk->version>=4 || opt.force_v4_certs) {
+ /* get the reason for the revocation */
+ reason = ask_revocation_reason( 1, 0, 1 );
+ if( !reason ) { /* user decided to cancel */
+ rc = 0;
+ goto leave;
+ }
+ }
+
+ switch( is_secret_key_protected( sk ) ) {
+ case -1:
+ log_error(_("unknown protection algorithm\n"));
+ rc = G10ERR_PUBKEY_ALGO;
+ break;
+ case -3:
+ tty_printf (_("Secret parts of primary key are not available.\n"));
+ rc = G10ERR_NO_SECKEY;
+ break;
+ case 0:
+ tty_printf(_("NOTE: This key is not protected!\n"));
+ break;
+ default:
+ rc = check_secret_key( sk, 0 );
+ break;
+ }
+ if( rc )
+ goto leave;
+
+
+ if( !opt.armor )
+ tty_printf(_("ASCII armored output forced.\n"));
+
+ if( (rc = open_outfile( NULL, 0, &out )) )
+ goto leave;
+
+ afx->what = 1;
+ afx->hdrlines = "Comment: A revocation certificate should follow\n";
+ push_armor_filter (afx, out);
+
+ /* create it */
+ rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0,
+ opt.force_v4_certs?4:0, 0, 0,
+ revocation_reason_build_cb, reason );
+ if( rc ) {
+ log_error(_("make_keysig_packet failed: %s\n"), g10_errstr(rc));
+ goto leave;
+ }
+
+ if(PGP2 || PGP6 || PGP7 || PGP8)
+ {
+ /* Use a minimal pk for PGPx mode, since PGP can't import bare
+ revocation certificates. */
+ rc=export_minimal_pk(out,pub_keyblock,sig,NULL);
+ if(rc)
+ goto leave;
+ }
+ else
+ {
+ init_packet( &pkt );
+ pkt.pkttype = PKT_SIGNATURE;
+ pkt.pkt.signature = sig;
+
+ rc = build_packet( out, &pkt );
+ if( rc ) {
+ log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
+ goto leave;
+ }
+ }
+
+ /* and issue a usage notice */
+ tty_printf(_("Revocation certificate created.\n\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"));
+
+ leave:
+ if( sig )
+ free_seckey_enc( sig );
+ release_kbnode( keyblock );
+ release_kbnode( pub_keyblock );
+ keydb_release (kdbhd);
+ if( rc )
+ iobuf_cancel(out);
+ else
+ iobuf_close(out);
+ release_revocation_reason_info( reason );
+ release_armor_context (afx);
+ return rc;
+}
+
+
+
+struct revocation_reason_info *
+ask_revocation_reason( int key_rev, int cert_rev, int hint )
+{
+ int code=-1;
+ char *description = NULL;
+ struct revocation_reason_info *reason;
+ const char *text_0 = _("No reason specified");
+ const char *text_1 = _("Key has been compromised");
+ const char *text_2 = _("Key is superseded");
+ const char *text_3 = _("Key is no longer used");
+ const char *text_4 = _("User ID is no longer valid");
+ const char *code_text = NULL;
+
+ do {
+ code=-1;
+ xfree(description);
+ description = NULL;
+
+ tty_printf(_("Please select the reason for the revocation:\n"));
+ tty_printf( " 0 = %s\n", text_0 );
+ if( key_rev )
+ tty_printf(" 1 = %s\n", text_1 );
+ if( key_rev )
+ tty_printf(" 2 = %s\n", text_2 );
+ if( key_rev )
+ tty_printf(" 3 = %s\n", text_3 );
+ if( cert_rev )
+ tty_printf(" 4 = %s\n", text_4 );
+ tty_printf( " Q = %s\n", _("Cancel") );
+ if( hint )
+ tty_printf(_("(Probably you want to select %d here)\n"), hint );
+
+ while(code==-1) {
+ int n;
+ char *answer = cpr_get("ask_revocation_reason.code",
+ _("Your decision? "));
+ trim_spaces( answer );
+ cpr_kill_prompt();
+ if( *answer == 'q' || *answer == 'Q')
+ return NULL; /* cancel */
+ if( hint && !*answer )
+ n = hint;
+ else if(!digitp( answer ) )
+ n = -1;
+ else
+ n = atoi(answer);
+ xfree(answer);
+ if( n == 0 ) {
+ code = 0x00; /* no particular reason */
+ code_text = text_0;
+ }
+ else if( key_rev && n == 1 ) {
+ code = 0x02; /* key has been compromised */
+ code_text = text_1;
+ }
+ else if( key_rev && n == 2 ) {
+ code = 0x01; /* key is superseded */
+ code_text = text_2;
+ }
+ else if( key_rev && n == 3 ) {
+ code = 0x03; /* key is no longer used */
+ code_text = text_3;
+ }
+ else if( cert_rev && n == 4 ) {
+ code = 0x20; /* uid is no longer valid */
+ code_text = text_4;
+ }
+ else
+ tty_printf(_("Invalid selection.\n"));
+ }
+
+ tty_printf(_("Enter an optional description; "
+ "end it with an empty line:\n") );
+ for(;;) {
+ char *answer = cpr_get("ask_revocation_reason.text", "> " );
+ trim_trailing_ws( answer, strlen(answer) );
+ cpr_kill_prompt();
+ if( !*answer ) {
+ xfree(answer);
+ break;
+ }
+
+ {
+ char *p = make_printable_string( answer, strlen(answer), 0 );
+ xfree(answer);
+ answer = p;
+ }
+
+ if( !description )
+ description = xstrdup(answer);
+ else {
+ char *p = xmalloc( strlen(description) + strlen(answer) + 2 );
+ strcpy(stpcpy(stpcpy( p, description),"\n"),answer);
+ xfree(description);
+ description = p;
+ }
+ xfree(answer);
+ }
+
+ tty_printf(_("Reason for revocation: %s\n"), code_text );
+ if( !description )
+ tty_printf(_("(No description given)\n") );
+ else
+ tty_printf("%s\n", description );
+
+ } while( !cpr_get_answer_is_yes("ask_revocation_reason.okay",
+ _("Is this okay? (y/N) ")) );
+
+ reason = xmalloc( sizeof *reason );
+ reason->code = code;
+ reason->desc = description;
+ return reason;
+}
+
+void
+release_revocation_reason_info( struct revocation_reason_info *reason )
+{
+ if( reason ) {
+ xfree( reason->desc );
+ xfree( reason );
+ }
+}
diff --git a/g10/rmd160.c b/g10/rmd160.c
new file mode 100644
index 0000000..f891937
--- /dev/null
+++ b/g10/rmd160.c
@@ -0,0 +1,425 @@
+/* rmd160.c - RIPE-MD160
+ * Copyright (C) 1998, 1999, 2000, 2001, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* For historic reasons gpg uses RIPE-MD160 to to identify names in
+ the trustdb. It would be better to change that to SHA-1, to take
+ advantage of a SHA-1 hardware operation provided by some CPUs.
+ This would break trustdb compatibility and thus we don't want to do
+ it now.
+
+ We do not use the libgcrypt provided implementation of RMD160
+ because that is not available in FIPS mode, thus for the sake of
+ gpg internal non-cryptographic, purposes, we use this separate
+ implementation.
+*/
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../jnlib/types.h"
+#include "rmd160.h"
+
+/*
+ * Rotate the 32 bit integer X by N bytes.
+ */
+#if defined(__GNUC__) && defined(__i386__)
+static inline u32
+rol (u32 x, int n)
+{
+ __asm__("roll %%cl,%0"
+ :"=r" (x)
+ :"0" (x),"c" (n));
+ return x;
+}
+#else
+#define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
+#endif
+
+/* Structure holding the context for the RIPE-MD160 computation. */
+typedef struct
+{
+ u32 h0, h1, h2, h3, h4;
+ u32 nblocks;
+ unsigned char buf[64];
+ int count;
+} rmd160_context_t;
+
+
+
+static void
+rmd160_init (rmd160_context_t *hd)
+{
+ hd->h0 = 0x67452301;
+ hd->h1 = 0xEFCDAB89;
+ hd->h2 = 0x98BADCFE;
+ hd->h3 = 0x10325476;
+ hd->h4 = 0xC3D2E1F0;
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+
+
+/*
+ * Transform the message X which consists of 16 32-bit-words.
+ */
+static void
+transform (rmd160_context_t *hd, const unsigned char *data)
+{
+ u32 a,b,c,d,e,aa,bb,cc,dd,ee,t;
+#ifdef BIG_ENDIAN_HOST
+ u32 x[16];
+ {
+ int i;
+ unsigned char *p2, *p1;
+ for (i=0, p1=data, p2=(unsigned char*)x; i < 16; i++, p2 += 4 )
+ {
+ p2[3] = *p1++;
+ p2[2] = *p1++;
+ p2[1] = *p1++;
+ p2[0] = *p1++;
+ }
+ }
+#else
+ u32 x[16];
+ memcpy (x, data, 64);
+#endif
+
+
+#define K0 0x00000000
+#define K1 0x5A827999
+#define K2 0x6ED9EBA1
+#define K3 0x8F1BBCDC
+#define K4 0xA953FD4E
+#define KK0 0x50A28BE6
+#define KK1 0x5C4DD124
+#define KK2 0x6D703EF3
+#define KK3 0x7A6D76E9
+#define KK4 0x00000000
+#define F0(x,y,z) ( (x) ^ (y) ^ (z) )
+#define F1(x,y,z) ( ((x) & (y)) | (~(x) & (z)) )
+#define F2(x,y,z) ( ((x) | ~(y)) ^ (z) )
+#define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) )
+#define F4(x,y,z) ( (x) ^ ((y) | ~(z)) )
+#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \
+ a = rol(t,s) + e; \
+ c = rol(c,10); \
+ } while(0)
+
+ /* Left lane. */
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+ R( a, b, c, d, e, F0, K0, 0, 11 );
+ R( e, a, b, c, d, F0, K0, 1, 14 );
+ R( d, e, a, b, c, F0, K0, 2, 15 );
+ R( c, d, e, a, b, F0, K0, 3, 12 );
+ R( b, c, d, e, a, F0, K0, 4, 5 );
+ R( a, b, c, d, e, F0, K0, 5, 8 );
+ R( e, a, b, c, d, F0, K0, 6, 7 );
+ R( d, e, a, b, c, F0, K0, 7, 9 );
+ R( c, d, e, a, b, F0, K0, 8, 11 );
+ R( b, c, d, e, a, F0, K0, 9, 13 );
+ R( a, b, c, d, e, F0, K0, 10, 14 );
+ R( e, a, b, c, d, F0, K0, 11, 15 );
+ R( d, e, a, b, c, F0, K0, 12, 6 );
+ R( c, d, e, a, b, F0, K0, 13, 7 );
+ R( b, c, d, e, a, F0, K0, 14, 9 );
+ R( a, b, c, d, e, F0, K0, 15, 8 );
+ R( e, a, b, c, d, F1, K1, 7, 7 );
+ R( d, e, a, b, c, F1, K1, 4, 6 );
+ R( c, d, e, a, b, F1, K1, 13, 8 );
+ R( b, c, d, e, a, F1, K1, 1, 13 );
+ R( a, b, c, d, e, F1, K1, 10, 11 );
+ R( e, a, b, c, d, F1, K1, 6, 9 );
+ R( d, e, a, b, c, F1, K1, 15, 7 );
+ R( c, d, e, a, b, F1, K1, 3, 15 );
+ R( b, c, d, e, a, F1, K1, 12, 7 );
+ R( a, b, c, d, e, F1, K1, 0, 12 );
+ R( e, a, b, c, d, F1, K1, 9, 15 );
+ R( d, e, a, b, c, F1, K1, 5, 9 );
+ R( c, d, e, a, b, F1, K1, 2, 11 );
+ R( b, c, d, e, a, F1, K1, 14, 7 );
+ R( a, b, c, d, e, F1, K1, 11, 13 );
+ R( e, a, b, c, d, F1, K1, 8, 12 );
+ R( d, e, a, b, c, F2, K2, 3, 11 );
+ R( c, d, e, a, b, F2, K2, 10, 13 );
+ R( b, c, d, e, a, F2, K2, 14, 6 );
+ R( a, b, c, d, e, F2, K2, 4, 7 );
+ R( e, a, b, c, d, F2, K2, 9, 14 );
+ R( d, e, a, b, c, F2, K2, 15, 9 );
+ R( c, d, e, a, b, F2, K2, 8, 13 );
+ R( b, c, d, e, a, F2, K2, 1, 15 );
+ R( a, b, c, d, e, F2, K2, 2, 14 );
+ R( e, a, b, c, d, F2, K2, 7, 8 );
+ R( d, e, a, b, c, F2, K2, 0, 13 );
+ R( c, d, e, a, b, F2, K2, 6, 6 );
+ R( b, c, d, e, a, F2, K2, 13, 5 );
+ R( a, b, c, d, e, F2, K2, 11, 12 );
+ R( e, a, b, c, d, F2, K2, 5, 7 );
+ R( d, e, a, b, c, F2, K2, 12, 5 );
+ R( c, d, e, a, b, F3, K3, 1, 11 );
+ R( b, c, d, e, a, F3, K3, 9, 12 );
+ R( a, b, c, d, e, F3, K3, 11, 14 );
+ R( e, a, b, c, d, F3, K3, 10, 15 );
+ R( d, e, a, b, c, F3, K3, 0, 14 );
+ R( c, d, e, a, b, F3, K3, 8, 15 );
+ R( b, c, d, e, a, F3, K3, 12, 9 );
+ R( a, b, c, d, e, F3, K3, 4, 8 );
+ R( e, a, b, c, d, F3, K3, 13, 9 );
+ R( d, e, a, b, c, F3, K3, 3, 14 );
+ R( c, d, e, a, b, F3, K3, 7, 5 );
+ R( b, c, d, e, a, F3, K3, 15, 6 );
+ R( a, b, c, d, e, F3, K3, 14, 8 );
+ R( e, a, b, c, d, F3, K3, 5, 6 );
+ R( d, e, a, b, c, F3, K3, 6, 5 );
+ R( c, d, e, a, b, F3, K3, 2, 12 );
+ R( b, c, d, e, a, F4, K4, 4, 9 );
+ R( a, b, c, d, e, F4, K4, 0, 15 );
+ R( e, a, b, c, d, F4, K4, 5, 5 );
+ R( d, e, a, b, c, F4, K4, 9, 11 );
+ R( c, d, e, a, b, F4, K4, 7, 6 );
+ R( b, c, d, e, a, F4, K4, 12, 8 );
+ R( a, b, c, d, e, F4, K4, 2, 13 );
+ R( e, a, b, c, d, F4, K4, 10, 12 );
+ R( d, e, a, b, c, F4, K4, 14, 5 );
+ R( c, d, e, a, b, F4, K4, 1, 12 );
+ R( b, c, d, e, a, F4, K4, 3, 13 );
+ R( a, b, c, d, e, F4, K4, 8, 14 );
+ R( e, a, b, c, d, F4, K4, 11, 11 );
+ R( d, e, a, b, c, F4, K4, 6, 8 );
+ R( c, d, e, a, b, F4, K4, 15, 5 );
+ R( b, c, d, e, a, F4, K4, 13, 6 );
+
+ aa = a; bb = b; cc = c; dd = d; ee = e;
+
+ /* Right lane. */
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+ R( a, b, c, d, e, F4, KK0, 5, 8);
+ R( e, a, b, c, d, F4, KK0, 14, 9);
+ R( d, e, a, b, c, F4, KK0, 7, 9);
+ R( c, d, e, a, b, F4, KK0, 0, 11);
+ R( b, c, d, e, a, F4, KK0, 9, 13);
+ R( a, b, c, d, e, F4, KK0, 2, 15);
+ R( e, a, b, c, d, F4, KK0, 11, 15);
+ R( d, e, a, b, c, F4, KK0, 4, 5);
+ R( c, d, e, a, b, F4, KK0, 13, 7);
+ R( b, c, d, e, a, F4, KK0, 6, 7);
+ R( a, b, c, d, e, F4, KK0, 15, 8);
+ R( e, a, b, c, d, F4, KK0, 8, 11);
+ R( d, e, a, b, c, F4, KK0, 1, 14);
+ R( c, d, e, a, b, F4, KK0, 10, 14);
+ R( b, c, d, e, a, F4, KK0, 3, 12);
+ R( a, b, c, d, e, F4, KK0, 12, 6);
+ R( e, a, b, c, d, F3, KK1, 6, 9);
+ R( d, e, a, b, c, F3, KK1, 11, 13);
+ R( c, d, e, a, b, F3, KK1, 3, 15);
+ R( b, c, d, e, a, F3, KK1, 7, 7);
+ R( a, b, c, d, e, F3, KK1, 0, 12);
+ R( e, a, b, c, d, F3, KK1, 13, 8);
+ R( d, e, a, b, c, F3, KK1, 5, 9);
+ R( c, d, e, a, b, F3, KK1, 10, 11);
+ R( b, c, d, e, a, F3, KK1, 14, 7);
+ R( a, b, c, d, e, F3, KK1, 15, 7);
+ R( e, a, b, c, d, F3, KK1, 8, 12);
+ R( d, e, a, b, c, F3, KK1, 12, 7);
+ R( c, d, e, a, b, F3, KK1, 4, 6);
+ R( b, c, d, e, a, F3, KK1, 9, 15);
+ R( a, b, c, d, e, F3, KK1, 1, 13);
+ R( e, a, b, c, d, F3, KK1, 2, 11);
+ R( d, e, a, b, c, F2, KK2, 15, 9);
+ R( c, d, e, a, b, F2, KK2, 5, 7);
+ R( b, c, d, e, a, F2, KK2, 1, 15);
+ R( a, b, c, d, e, F2, KK2, 3, 11);
+ R( e, a, b, c, d, F2, KK2, 7, 8);
+ R( d, e, a, b, c, F2, KK2, 14, 6);
+ R( c, d, e, a, b, F2, KK2, 6, 6);
+ R( b, c, d, e, a, F2, KK2, 9, 14);
+ R( a, b, c, d, e, F2, KK2, 11, 12);
+ R( e, a, b, c, d, F2, KK2, 8, 13);
+ R( d, e, a, b, c, F2, KK2, 12, 5);
+ R( c, d, e, a, b, F2, KK2, 2, 14);
+ R( b, c, d, e, a, F2, KK2, 10, 13);
+ R( a, b, c, d, e, F2, KK2, 0, 13);
+ R( e, a, b, c, d, F2, KK2, 4, 7);
+ R( d, e, a, b, c, F2, KK2, 13, 5);
+ R( c, d, e, a, b, F1, KK3, 8, 15);
+ R( b, c, d, e, a, F1, KK3, 6, 5);
+ R( a, b, c, d, e, F1, KK3, 4, 8);
+ R( e, a, b, c, d, F1, KK3, 1, 11);
+ R( d, e, a, b, c, F1, KK3, 3, 14);
+ R( c, d, e, a, b, F1, KK3, 11, 14);
+ R( b, c, d, e, a, F1, KK3, 15, 6);
+ R( a, b, c, d, e, F1, KK3, 0, 14);
+ R( e, a, b, c, d, F1, KK3, 5, 6);
+ R( d, e, a, b, c, F1, KK3, 12, 9);
+ R( c, d, e, a, b, F1, KK3, 2, 12);
+ R( b, c, d, e, a, F1, KK3, 13, 9);
+ R( a, b, c, d, e, F1, KK3, 9, 12);
+ R( e, a, b, c, d, F1, KK3, 7, 5);
+ R( d, e, a, b, c, F1, KK3, 10, 15);
+ R( c, d, e, a, b, F1, KK3, 14, 8);
+ R( b, c, d, e, a, F0, KK4, 12, 8);
+ R( a, b, c, d, e, F0, KK4, 15, 5);
+ R( e, a, b, c, d, F0, KK4, 10, 12);
+ R( d, e, a, b, c, F0, KK4, 4, 9);
+ R( c, d, e, a, b, F0, KK4, 1, 12);
+ R( b, c, d, e, a, F0, KK4, 5, 5);
+ R( a, b, c, d, e, F0, KK4, 8, 14);
+ R( e, a, b, c, d, F0, KK4, 7, 6);
+ R( d, e, a, b, c, F0, KK4, 6, 8);
+ R( c, d, e, a, b, F0, KK4, 2, 13);
+ R( b, c, d, e, a, F0, KK4, 13, 6);
+ R( a, b, c, d, e, F0, KK4, 14, 5);
+ R( e, a, b, c, d, F0, KK4, 0, 15);
+ R( d, e, a, b, c, F0, KK4, 3, 13);
+ R( c, d, e, a, b, F0, KK4, 9, 11);
+ R( b, c, d, e, a, F0, KK4, 11, 11);
+
+
+ t = hd->h1 + d + cc;
+ hd->h1 = hd->h2 + e + dd;
+ hd->h2 = hd->h3 + a + ee;
+ hd->h3 = hd->h4 + b + aa;
+ hd->h4 = hd->h0 + c + bb;
+ hd->h0 = t;
+}
+
+
+/* Update the message digest with the content of (INBUF,INLEN). */
+static void
+rmd160_write (rmd160_context_t *hd, const unsigned char *inbuf, size_t inlen)
+{
+ if( hd->count == 64 )
+ {
+ /* Flush the buffer. */
+ transform (hd, hd->buf);
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if (!inbuf)
+ return;
+
+ if (hd->count)
+ {
+ for (; inlen && hd->count < 64; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+ rmd160_write (hd, NULL, 0);
+ if (!inlen)
+ return;
+ }
+
+ while (inlen >= 64)
+ {
+ transform (hd, inbuf);
+ hd->count = 0;
+ hd->nblocks++;
+ inlen -= 64;
+ inbuf += 64;
+ }
+ for (; inlen && hd->count < 64; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/* Complete the message computation. */
+static void
+rmd160_final( rmd160_context_t *hd )
+{
+ u32 t, msb, lsb;
+ unsigned char *p;
+
+ rmd160_write (hd, NULL, 0); /* Flush buffer. */
+
+ t = hd->nblocks;
+ /* Multiply by 64 to make a byte count. */
+ lsb = t << 6;
+ msb = t >> 26;
+ /* Add the count. */
+ t = lsb;
+ if ((lsb += hd->count) < t)
+ msb++;
+ /* Multiply by 8 to make a bit count. */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if (hd->count < 56)
+ {
+ /* Enough room. */
+ hd->buf[hd->count++] = 0x80; /* Pad character. */
+ while (hd->count < 56)
+ hd->buf[hd->count++] = 0;
+ }
+ else
+ {
+ /* Need one extra block. */
+ hd->buf[hd->count++] = 0x80; /* Pad character. */
+ while (hd->count < 64)
+ hd->buf[hd->count++] = 0;
+ rmd160_write (hd, NULL, 0); /* Flush buffer. */
+ memset (hd->buf, 0, 56); /* Fill next block with zeroes. */
+ }
+ /* Append the 64 bit count. */
+ hd->buf[56] = lsb;
+ hd->buf[57] = lsb >> 8;
+ hd->buf[58] = lsb >> 16;
+ hd->buf[59] = lsb >> 24;
+ hd->buf[60] = msb;
+ hd->buf[61] = msb >> 8;
+ hd->buf[62] = msb >> 16;
+ hd->buf[63] = msb >> 24;
+ transform (hd, hd->buf);
+
+ p = hd->buf;
+#define X(a) do { *p++ = hd->h##a; *p++ = hd->h##a >> 8; \
+ *p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0)
+ X(0);
+ X(1);
+ X(2);
+ X(3);
+ X(4);
+#undef X
+}
+
+
+/*
+ * Compines function to put the hash value of the supplied BUFFER into
+ * OUTBUF which must have a size of 20 bytes.
+ */
+void
+rmd160_hash_buffer (void *outbuf, const void *buffer, size_t length)
+{
+ rmd160_context_t hd;
+
+ rmd160_init (&hd);
+ rmd160_write (&hd, buffer, length);
+ rmd160_final (&hd);
+ memcpy (outbuf, hd.buf, 20);
+}
diff --git a/g10/rmd160.h b/g10/rmd160.h
new file mode 100644
index 0000000..551898b
--- /dev/null
+++ b/g10/rmd160.h
@@ -0,0 +1,24 @@
+/* rmd160.h
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef G10_RMD160_H
+#define G10_RMD160_H
+
+void rmd160_hash_buffer (void *outbuf, const void *buffer, size_t length);
+
+#endif /*G10_RMD160_H*/
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
new file mode 100644
index 0000000..9995aa4
--- /dev/null
+++ b/g10/seckey-cert.c
@@ -0,0 +1,473 @@
+/* seckey-cert.c - secret key certificate packet handling
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002,
+ * 2006, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "packet.h"
+#include "keydb.h"
+#include "cipher.h"
+#include "main.h"
+#include "options.h"
+#include "i18n.h"
+#include "status.h"
+#include "pkglue.h"
+
+static int
+do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
+ int *canceled )
+{
+ gpg_error_t err;
+ byte *buffer;
+ u16 csum=0;
+ int i, res;
+ size_t nbytes;
+
+ if( sk->is_protected ) { /* remove the protection */
+ DEK *dek = NULL;
+ u32 keyid[4]; /* 4! because we need two of them */
+ gcry_cipher_hd_t cipher_hd=NULL;
+ PKT_secret_key *save_sk;
+
+ if( sk->protect.s2k.mode == 1001 ) {
+ log_info(_("secret key parts are not available\n"));
+ return G10ERR_UNU_SECKEY;
+ }
+ if( sk->protect.algo == CIPHER_ALGO_NONE )
+ BUG();
+ if( openpgp_cipher_test_algo( sk->protect.algo ) ) {
+ log_info(_("protection algorithm %d%s is not supported\n"),
+ sk->protect.algo,sk->protect.algo==1?" (IDEA)":"" );
+ if (sk->protect.algo==CIPHER_ALGO_IDEA)
+ {
+ write_status (STATUS_RSA_OR_IDEA);
+ idea_cipher_warn (0);
+ }
+ return G10ERR_CIPHER_ALGO;
+ }
+ if(gcry_md_test_algo (sk->protect.s2k.hash_algo))
+ {
+ log_info(_("protection digest %d is not supported\n"),
+ sk->protect.s2k.hash_algo);
+ return G10ERR_DIGEST_ALGO;
+ }
+ keyid_from_sk( sk, keyid );
+ keyid[2] = keyid[3] = 0;
+ if( !sk->is_primary ) {
+ keyid[2] = sk->main_keyid[0];
+ keyid[3] = sk->main_keyid[1];
+ }
+ dek = passphrase_to_dek( keyid, sk->pubkey_algo, sk->protect.algo,
+ &sk->protect.s2k, mode,
+ tryagain_text, canceled );
+ if (!dek && canceled && *canceled)
+ return GPG_ERR_CANCELED;
+
+
+ err = openpgp_cipher_open (&cipher_hd, sk->protect.algo,
+ GCRY_CIPHER_MODE_CFB,
+ (GCRY_CIPHER_SECURE
+ | (sk->protect.algo >= 100 ?
+ 0 : GCRY_CIPHER_ENABLE_SYNC)));
+ if (err)
+ log_fatal ("cipher open failed: %s\n", gpg_strerror (err) );
+
+ err = gcry_cipher_setkey (cipher_hd, dek->key, dek->keylen);
+ if (err)
+ log_fatal ("set key failed: %s\n", gpg_strerror (err) );
+
+ xfree(dek);
+ save_sk = copy_secret_key( NULL, sk );
+
+ gcry_cipher_setiv ( cipher_hd, sk->protect.iv, sk->protect.ivlen );
+
+ csum = 0;
+ if( sk->version >= 4 ) {
+ int ndata;
+ unsigned int ndatabits;
+ byte *p, *data;
+ u16 csumc = 0;
+
+ i = pubkey_get_npkey(sk->pubkey_algo);
+
+ assert ( gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE ));
+ p = gcry_mpi_get_opaque ( sk->skey[i], &ndatabits );
+ ndata = (ndatabits+7)/8;
+
+ if ( ndata > 1 )
+ csumc = p[ndata-2] << 8 | p[ndata-1];
+ data = xmalloc_secure ( ndata );
+ gcry_cipher_decrypt ( cipher_hd, data, ndata, p, ndata );
+ gcry_mpi_release (sk->skey[i]); sk->skey[i] = NULL ;
+
+ p = data;
+ if (sk->protect.sha1chk) {
+ /* This is the new SHA1 checksum method to detect
+ tampering with the key as used by the Klima/Rosa
+ attack */
+ sk->csum = 0;
+ csum = 1;
+ if( ndata < 20 )
+ log_error("not enough bytes for SHA-1 checksum\n");
+ else {
+ gcry_md_hd_t h;
+
+ if ( gcry_md_open (&h, DIGEST_ALGO_SHA1, 1))
+ BUG(); /* Algo not available. */
+ gcry_md_write (h, data, ndata - 20);
+ gcry_md_final (h);
+ if (!memcmp (gcry_md_read (h, DIGEST_ALGO_SHA1),
+ data + ndata - 20, 20) )
+ {
+ /* Digest does match. We have to keep the old
+ style checksum in sk->csum, so that the
+ test used for unprotected keys does work.
+ This test gets used when we are adding new
+ keys. */
+ sk->csum = csum = checksum (data, ndata-20);
+ }
+ gcry_md_close (h);
+ }
+ }
+ else {
+ if( ndata < 2 ) {
+ log_error("not enough bytes for checksum\n");
+ sk->csum = 0;
+ csum = 1;
+ }
+ else {
+ csum = checksum( data, ndata-2);
+ sk->csum = data[ndata-2] << 8 | data[ndata-1];
+ if ( sk->csum != csum ) {
+ /* This is a PGP 7.0.0 workaround */
+ sk->csum = csumc; /* take the encrypted one */
+ }
+ }
+ }
+
+ /* Must check it here otherwise the mpi_read_xx would fail
+ because the length may have an arbitrary value */
+ if( sk->csum == csum ) {
+ for( ; i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
+ if ( gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_PGP,
+ p, ndata, &nbytes))
+ {
+ /* Checksum was okay, but not correctly
+ decrypted. */
+ sk->csum = 0;
+ csum = 1;
+ break;
+ }
+ ndata -= nbytes;
+ p += nbytes;
+ }
+ /* Note: at this point ndata should be 2 for a simple
+ checksum or 20 for the sha1 digest */
+ }
+ xfree(data);
+ }
+ else {
+ for(i=pubkey_get_npkey(sk->pubkey_algo);
+ i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
+ byte *p;
+ size_t ndata;
+ unsigned int ndatabits;
+
+ assert (gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE));
+ p = gcry_mpi_get_opaque (sk->skey[i], &ndatabits);
+ ndata = (ndatabits+7)/8;
+ assert (ndata >= 2);
+ assert (ndata == ((p[0] << 8 | p[1]) + 7)/8 + 2);
+ buffer = xmalloc_secure (ndata);
+ gcry_cipher_sync (cipher_hd);
+ buffer[0] = p[0];
+ buffer[1] = p[1];
+ gcry_cipher_decrypt (cipher_hd, buffer+2, ndata-2,
+ p+2, ndata-2);
+ csum += checksum (buffer, ndata);
+ gcry_mpi_release (sk->skey[i]);
+
+ err = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_PGP,
+ buffer, ndata, &ndata );
+ xfree (buffer);
+ if (err)
+ {
+ /* Checksum was okay, but not correctly
+ decrypted. */
+ sk->csum = 0;
+ csum = 1;
+ break;
+ }
+/* csum += checksum_mpi (sk->skey[i]); */
+ }
+ }
+ gcry_cipher_close ( cipher_hd );
+
+ /* Now let's see whether we have used the correct passphrase. */
+ if( csum != sk->csum ) {
+ copy_secret_key( sk, save_sk );
+ passphrase_clear_cache ( keyid, NULL, sk->pubkey_algo );
+ free_secret_key( save_sk );
+ return gpg_error (GPG_ERR_BAD_PASSPHRASE);
+ }
+
+ /* The checksum may fail, so we also check the key itself. */
+ res = pk_check_secret_key ( sk->pubkey_algo, sk->skey );
+ if( res ) {
+ copy_secret_key( sk, save_sk );
+ passphrase_clear_cache ( keyid, NULL, sk->pubkey_algo );
+ free_secret_key( save_sk );
+ return gpg_error (GPG_ERR_BAD_PASSPHRASE);
+ }
+ free_secret_key( save_sk );
+ sk->is_protected = 0;
+ }
+ else { /* not protected, assume it is okay if the checksum is okay */
+ csum = 0;
+ for(i=pubkey_get_npkey(sk->pubkey_algo);
+ i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
+ csum += checksum_mpi( sk->skey[i] );
+ }
+ if( csum != sk->csum )
+ return G10ERR_CHECKSUM;
+ }
+
+ return 0;
+}
+
+
+
+/****************
+ * Check the secret key
+ * Ask up to 3 (or n) times for a correct passphrase
+ * If n is negative, disable the key info prompt and make n=abs(n)
+ */
+int
+check_secret_key( PKT_secret_key *sk, int n )
+{
+ int rc = gpg_error (GPG_ERR_BAD_PASSPHRASE);
+ int i,mode;
+
+ if (sk && sk->is_protected && sk->protect.s2k.mode == 1002)
+ return 0; /* Let the scdaemon handle this. */
+
+ if(n<0)
+ {
+ n=abs(n);
+ mode=1;
+ }
+ else
+ mode=0;
+
+ if( n < 1 )
+ n = 3; /* Use the default value */
+
+ for(i=0; i < n && gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE; i++ ) {
+ int canceled = 0;
+ const char *tryagain = NULL;
+ if (i) {
+ tryagain = N_("Invalid passphrase; please try again");
+ log_info (_("%s ...\n"), _(tryagain));
+ }
+ rc = do_check( sk, tryagain, mode, &canceled );
+ if ( gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
+ && is_status_enabled () ) {
+ u32 kid[2];
+ char buf[50];
+
+ keyid_from_sk( sk, kid );
+ sprintf(buf, "%08lX%08lX", (ulong)kid[0], (ulong)kid[1]);
+ write_status_text( STATUS_BAD_PASSPHRASE, buf );
+ }
+ if( have_static_passphrase() || canceled)
+ break;
+ }
+
+ if( !rc )
+ write_status( STATUS_GOOD_PASSPHRASE );
+
+ return rc;
+}
+
+/****************
+ * check whether the secret key is protected.
+ * Returns: 0 not protected, -1 on error or the protection algorithm
+ * -2 indicates a card stub.
+ * -3 indicates a not-online stub.
+ */
+int
+is_secret_key_protected( PKT_secret_key *sk )
+{
+ return sk->is_protected?
+ sk->protect.s2k.mode == 1002? -2 :
+ sk->protect.s2k.mode == 1001? -3 : sk->protect.algo : 0;
+}
+
+
+
+/****************
+ * Protect the secret key with the passphrase from DEK
+ */
+int
+protect_secret_key( PKT_secret_key *sk, DEK *dek )
+{
+ int i,j, rc = 0;
+ byte *buffer;
+ size_t nbytes;
+ u16 csum;
+
+ if( !dek )
+ return 0;
+
+ if( !sk->is_protected ) { /* okay, apply the protection */
+ gcry_cipher_hd_t cipher_hd=NULL;
+
+ if ( openpgp_cipher_test_algo ( sk->protect.algo ) ) {
+ /* Unsupport protection algorithm. */
+ rc = gpg_error (GPG_ERR_CIPHER_ALGO);
+ }
+ else {
+ print_cipher_algo_note( sk->protect.algo );
+
+ if ( openpgp_cipher_open (&cipher_hd, sk->protect.algo,
+ GCRY_CIPHER_MODE_CFB,
+ (GCRY_CIPHER_SECURE
+ | (sk->protect.algo >= 100 ?
+ 0 : GCRY_CIPHER_ENABLE_SYNC))) )
+ BUG();
+ if ( gcry_cipher_setkey ( cipher_hd, dek->key, dek->keylen ) )
+ log_info(_("WARNING: Weak key detected"
+ " - please change passphrase again.\n"));
+ sk->protect.ivlen = openpgp_cipher_get_algo_blklen (sk->protect.algo);
+ assert( sk->protect.ivlen <= DIM(sk->protect.iv) );
+ if( sk->protect.ivlen != 8 && sk->protect.ivlen != 16 )
+ BUG(); /* yes, we are very careful */
+ gcry_create_nonce (sk->protect.iv, sk->protect.ivlen);
+ gcry_cipher_setiv (cipher_hd, sk->protect.iv, sk->protect.ivlen);
+ if( sk->version >= 4 ) {
+ byte *bufarr[PUBKEY_MAX_NSKEY];
+ size_t narr[PUBKEY_MAX_NSKEY];
+ unsigned int nbits[PUBKEY_MAX_NSKEY];
+ int ndata=0;
+ byte *p, *data;
+
+ for (j=0, i = pubkey_get_npkey(sk->pubkey_algo);
+ i < pubkey_get_nskey(sk->pubkey_algo); i++, j++ )
+ {
+ assert (!gcry_mpi_get_flag (sk->skey[i],
+ GCRYMPI_FLAG_OPAQUE));
+ if (gcry_mpi_aprint (GCRYMPI_FMT_USG, bufarr+j,
+ narr+j, sk->skey[i]))
+ BUG();
+ nbits[j] = gcry_mpi_get_nbits (sk->skey[i]);
+ ndata += narr[j] + 2;
+ }
+ for ( ; j < PUBKEY_MAX_NSKEY; j++ )
+ bufarr[j] = NULL;
+
+ ndata += opt.simple_sk_checksum? 2 : 20; /* for checksum */
+
+ data = xmalloc_secure( ndata );
+ p = data;
+ for(j=0; j < PUBKEY_MAX_NSKEY && bufarr[j]; j++ ) {
+ p[0] = nbits[j] >> 8 ;
+ p[1] = nbits[j];
+ p += 2;
+ memcpy(p, bufarr[j], narr[j] );
+ p += narr[j];
+ xfree(bufarr[j]);
+ }
+
+ if (opt.simple_sk_checksum) {
+ log_info (_("generating the deprecated 16-bit checksum"
+ " for secret key protection\n"));
+ csum = checksum( data, ndata-2);
+ sk->csum = csum;
+ *p++ = csum >> 8;
+ *p++ = csum;
+ sk->protect.sha1chk = 0;
+ }
+ else {
+ gcry_md_hd_t h;
+
+ if (gcry_md_open (&h, GCRY_MD_SHA1, 1))
+ BUG(); /* Algo not available. */
+ gcry_md_write (h, data, ndata - 20);
+ gcry_md_final (h);
+ memcpy (p, gcry_md_read (h, DIGEST_ALGO_SHA1), 20);
+ p += 20;
+ gcry_md_close (h);
+ sk->csum = csum = 0;
+ sk->protect.sha1chk = 1;
+ }
+ assert( p == data+ndata );
+
+ gcry_cipher_encrypt (cipher_hd, data, ndata, NULL, 0);
+ for (i = pubkey_get_npkey(sk->pubkey_algo);
+ i < pubkey_get_nskey(sk->pubkey_algo); i++ )
+ {
+ gcry_mpi_release (sk->skey[i]);
+ sk->skey[i] = NULL;
+ }
+ i = pubkey_get_npkey(sk->pubkey_algo);
+ sk->skey[i] = gcry_mpi_set_opaque (NULL, data, ndata*8 );
+ }
+ else {
+ csum = 0;
+ for(i=pubkey_get_npkey(sk->pubkey_algo);
+ i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
+ byte *data;
+ unsigned int nbits;
+
+ csum += checksum_mpi (sk->skey[i]);
+
+ if (gcry_mpi_aprint (GCRYMPI_FMT_USG, &buffer,
+ &nbytes, sk->skey[i] ))
+ BUG();
+ gcry_cipher_sync (cipher_hd);
+ assert (!gcry_mpi_get_flag (sk->skey[i],
+ GCRYMPI_FLAG_OPAQUE));
+
+ data = xmalloc (nbytes+2); /* fixme: need xtrymalloc. */
+ nbits = gcry_mpi_get_nbits (sk->skey[i]);
+ assert (nbytes == (nbits + 7)/8);
+ data[0] = nbits >> 8;
+ data[1] = nbits;
+ gcry_cipher_encrypt (cipher_hd, data+2, nbytes,
+ buffer, nbytes);
+ xfree( buffer );
+
+ gcry_mpi_release (sk->skey[i]);
+ sk->skey[i] = gcry_mpi_set_opaque (NULL,
+ data, (nbytes+2)*8 );
+ }
+ sk->csum = csum;
+ }
+ sk->is_protected = 1;
+ gcry_cipher_close (cipher_hd);
+ }
+ }
+ return rc;
+}
diff --git a/g10/server.c b/g10/server.c
new file mode 100644
index 0000000..6f3b881
--- /dev/null
+++ b/g10/server.c
@@ -0,0 +1,609 @@
+/* server.c - server mode for gpg
+ * Copyright (C) 2006, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <unistd.h>
+
+
+#include "gpg.h"
+#include <assuan.h>
+#include "util.h"
+#include "i18n.h"
+#include "options.h"
+#include "../common/sysutils.h"
+
+
+#define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
+
+
+/* Data used to associate an Assuan context with local server data. */
+struct server_local_s
+{
+ /* Our current Assuan context. */
+ assuan_context_t assuan_ctx;
+ /* File descriptor as set by the MESSAGE command. */
+ gnupg_fd_t message_fd;
+};
+
+
+
+/* Helper to close the message fd if it is open. */
+static void
+close_message_fd (ctrl_t ctrl)
+{
+ if (ctrl->server_local->message_fd != GNUPG_INVALID_FD)
+ {
+ assuan_sock_close (ctrl->server_local->message_fd);
+ ctrl->server_local->message_fd = GNUPG_INVALID_FD;
+ }
+}
+
+
+
+/* Called by libassuan for Assuan options. See the Assuan manual for
+ details. */
+static gpg_error_t
+option_handler (assuan_context_t ctx, const char *key, const char *value)
+{
+/* ctrl_t ctrl = assuan_get_pointer (ctx); */
+
+ (void)ctx;
+ (void)value;
+
+ /* Fixme: Implement the tty and locale args. */
+ if (!strcmp (key, "display"))
+ {
+ }
+ else if (!strcmp (key, "ttyname"))
+ {
+ }
+ else if (!strcmp (key, "ttytype"))
+ {
+ }
+ else if (!strcmp (key, "lc-ctype"))
+ {
+ }
+ else if (!strcmp (key, "lc-messages"))
+ {
+ }
+ else if (!strcmp (key, "xauthority"))
+ {
+ }
+ else if (!strcmp (key, "pinentry_user_data"))
+ {
+ }
+ else if (!strcmp (key, "list-mode"))
+ {
+ /* This is for now a dummy option. */
+ }
+ else
+ return gpg_error (GPG_ERR_UNKNOWN_OPTION);
+
+ return 0;
+}
+
+
+/* Called by libassuan for RESET commands. */
+static gpg_error_t
+reset_notify (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ (void)line;
+
+ close_message_fd (ctrl);
+ assuan_close_input_fd (ctx);
+ assuan_close_output_fd (ctx);
+ return 0;
+}
+
+
+/* Called by libassuan for INPUT commands. */
+static gpg_error_t
+input_notify (assuan_context_t ctx, char *line)
+{
+/* ctrl_t ctrl = assuan_get_pointer (ctx); */
+
+ (void)ctx;
+
+ if (strstr (line, "--armor"))
+ ; /* FIXME */
+ else if (strstr (line, "--base64"))
+ ; /* FIXME */
+ else if (strstr (line, "--binary"))
+ ;
+ else
+ {
+ /* FIXME (autodetect encoding) */
+ }
+ return 0;
+}
+
+
+/* Called by libassuan for OUTPUT commands. */
+static gpg_error_t
+output_notify (assuan_context_t ctx, char *line)
+{
+/* ctrl_t ctrl = assuan_get_pointer (ctx); */
+
+ (void)ctx;
+
+ if (strstr (line, "--armor"))
+ ; /* FIXME */
+ else if (strstr (line, "--base64"))
+ {
+ /* FIXME */
+ }
+ return 0;
+}
+
+
+
+
+/* RECIPIENT <userID>
+
+ Set the recipient for the encryption. <userID> should be the
+ internal representation of the key; the server may accept any other
+ way of specification. If this is a valid and trusted recipient the
+ server does respond with OK, otherwise the return is an ERR with
+ the reason why the recipient can't be used, the encryption will
+ then not be done for this recipient. If the policy is not to
+ encrypt at all if not all recipients are valid, the client has to
+ take care of this. All RECIPIENT commands are cumulative until a
+ RESET or an successful ENCRYPT command. */
+static gpg_error_t
+cmd_recipient (assuan_context_t ctx, char *line)
+{
+ (void)ctx;
+ (void)line;
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+
+
+
+/* SIGNER <userID>
+
+ Set the signer's keys for the signature creation. <userID> should
+ be the internal representation of the key; the server may accept
+ any other way of specification. If this is a valid and usable
+ signing key the server does respond with OK, otherwise it returns
+ an ERR with the reason why the key can't be used, the signing will
+ then not be done for this key. If the policy is not to sign at all
+ if not all signer keys are valid, the client has to take care of
+ this. All SIGNER commands are cumulative until a RESET but they
+ are *not* reset by an SIGN command becuase it can be expected that
+ set of signers are used for more than one sign operation.
+
+ Note that this command returns an INV_RECP status which is a bit
+ strange, but they are very similar. */
+static gpg_error_t
+cmd_signer (assuan_context_t ctx, char *line)
+{
+ (void)ctx;
+ (void)line;
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+
+
+
+/* ENCRYPT
+
+ Do the actual encryption process. Takes the plaintext from the
+ INPUT command, writes to the ciphertext to the file descriptor set
+ with the OUTPUT command, take the recipients form all the
+ recipients set so far. If this command fails the clients should
+ try to delete all output currently done or otherwise mark it as
+ invalid. GPG does ensure that there won't be any security problem
+ with leftover data on the output in this case.
+
+ This command should in general not fail, as all necessary checks
+ have been done while setting the recipients. The input and output
+ pipes are closed. */
+static gpg_error_t
+cmd_encrypt (assuan_context_t ctx, char *line)
+{
+ (void)ctx;
+ (void)line;
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+
+
+
+/* DECRYPT
+
+ This performs the decrypt operation after doing some checks on the
+ internal state (e.g. that only needed data has been set). */
+static gpg_error_t
+cmd_decrypt (assuan_context_t ctx, char *line)
+{
+ (void)ctx;
+ (void)line;
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+
+
+
+/* VERIFY
+
+ This does a verify operation on the message send to the input-FD.
+ The result is written out using status lines. If an output FD was
+ given, the signed text will be written to that.
+
+ If the signature is a detached one, the server will inquire about
+ the signed material and the client must provide it.
+ */
+static gpg_error_t
+cmd_verify (assuan_context_t ctx, char *line)
+{
+ int rc;
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ gnupg_fd_t fd = assuan_get_input_fd (ctx);
+ gnupg_fd_t out_fd = assuan_get_output_fd (ctx);
+ FILE *out_fp = NULL;
+
+ (void)line;
+
+ if (fd == GNUPG_INVALID_FD)
+ return gpg_error (GPG_ERR_ASS_NO_INPUT);
+
+ if (out_fd != GNUPG_INVALID_FD)
+ {
+ out_fp = fdopen ( dup (FD2INT (out_fd)), "w");
+ if (!out_fp)
+ return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
+ }
+
+ log_debug ("WARNING: The server mode work "
+ "in progress and not ready for use\n");
+
+ /* Need to dup it because it might get closed and libassuan won't
+ know about it then. */
+ rc = gpg_verify (ctrl,
+ dup ( FD2INT (fd)),
+ dup ( FD2INT (ctrl->server_local->message_fd)),
+ out_fp);
+
+ if (out_fp)
+ fclose (out_fp);
+ close_message_fd (ctrl);
+ assuan_close_input_fd (ctx);
+ assuan_close_output_fd (ctx);
+
+ return rc;
+}
+
+
+
+/* SIGN [--detached]
+
+ Sign the data set with the INPUT command and write it to the sink
+ set by OUTPUT. With "--detached" specified, a detached signature
+ is created. */
+static gpg_error_t
+cmd_sign (assuan_context_t ctx, char *line)
+{
+ (void)ctx;
+ (void)line;
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+
+
+
+/* IMPORT
+
+ Import keys as read from the input-fd, return status message for
+ each imported one. The import checks the validity of the key. */
+static gpg_error_t
+cmd_import (assuan_context_t ctx, char *line)
+{
+ (void)ctx;
+ (void)line;
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+
+
+
+/* EXPORT [--data [--armor|--base64]] [--] pattern
+
+ Similar to the --export command line command, this command exports
+ public keys matching PATTERN. The output is send to the output fd
+ unless the --data option has been used in which case the output
+ gets send inline using regular data lines. The options "--armor"
+ and "--base" ospecify an output format if "--data" has been used.
+ Recall that in general the output format is set with the OUTPUT
+ command.
+ */
+static gpg_error_t
+cmd_export (assuan_context_t ctx, char *line)
+{
+ (void)ctx;
+ (void)line;
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+
+
+
+/* DELKEYS
+
+ Fixme
+*/
+static gpg_error_t
+cmd_delkeys (assuan_context_t ctx, char *line)
+{
+ (void)ctx;
+ (void)line;
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+
+
+
+/* MESSAGE FD[=<n>]
+
+ Set the file descriptor to read a message which is used with
+ detached signatures. */
+static gpg_error_t
+cmd_message (assuan_context_t ctx, char *line)
+{
+ int rc;
+ gnupg_fd_t fd;
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ rc = assuan_command_parse_fd (ctx, line, &fd);
+ if (rc)
+ return rc;
+ if (fd == GNUPG_INVALID_FD)
+ return gpg_error (GPG_ERR_ASS_NO_INPUT);
+ ctrl->server_local->message_fd = fd;
+ return 0;
+}
+
+
+
+/* LISTKEYS [<patterns>]
+ LISTSECRETKEYS [<patterns>]
+
+ fixme
+*/
+static gpg_error_t
+do_listkeys (assuan_context_t ctx, char *line, int mode)
+{
+ (void)ctx;
+ (void)line;
+ (void)mode;
+
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+
+
+static gpg_error_t
+cmd_listkeys (assuan_context_t ctx, char *line)
+{
+ return do_listkeys (ctx, line, 3);
+}
+
+
+static gpg_error_t
+cmd_listsecretkeys (assuan_context_t ctx, char *line)
+{
+ return do_listkeys (ctx, line, 2);
+}
+
+
+
+/* GENKEY
+
+ Read the parameters in native format from the input fd and create a
+ new OpenPGP key.
+ */
+static gpg_error_t
+cmd_genkey (assuan_context_t ctx, char *line)
+{
+ (void)ctx;
+ (void)line;
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+
+
+/* GETINFO <what>
+
+ Multipurpose function to return a variety of information.
+ Supported values for WHAT are:
+
+ version - Return the version of the program.
+ pid - Return the process id of the server.
+
+ */
+static gpg_error_t
+cmd_getinfo (assuan_context_t ctx, char *line)
+{
+ int rc;
+
+ if (!strcmp (line, "version"))
+ {
+ const char *s = VERSION;
+ rc = assuan_send_data (ctx, s, strlen (s));
+ }
+ else if (!strcmp (line, "pid"))
+ {
+ char numbuf[50];
+
+ snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ());
+ rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
+ }
+ else
+ rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
+ return rc;
+}
+
+
+
+/* Helper to register our commands with libassuan. */
+static int
+register_commands (assuan_context_t ctx)
+{
+ static struct
+ {
+ const char *name;
+ assuan_handler_t handler;
+ } table[] = {
+ { "RECIPIENT", cmd_recipient },
+ { "SIGNER", cmd_signer },
+ { "ENCRYPT", cmd_encrypt },
+ { "DECRYPT", cmd_decrypt },
+ { "VERIFY", cmd_verify },
+ { "SIGN", cmd_sign },
+ { "IMPORT", cmd_import },
+ { "EXPORT", cmd_export },
+ { "INPUT", NULL },
+ { "OUTPUT", NULL },
+ { "MESSAGE", cmd_message },
+ { "LISTKEYS", cmd_listkeys },
+ { "LISTSECRETKEYS",cmd_listsecretkeys },
+ { "GENKEY", cmd_genkey },
+ { "DELKEYS", cmd_delkeys },
+ { "GETINFO", cmd_getinfo },
+ { NULL }
+ };
+ int i, rc;
+
+ for (i=0; table[i].name; i++)
+ {
+ rc = assuan_register_command (ctx, table[i].name, table[i].handler, NULL);
+ if (rc)
+ return rc;
+ }
+ return 0;
+}
+
+
+
+
+/* Startup the server. CTRL must have been allocated by the caller
+ and set to the default values. */
+int
+gpg_server (ctrl_t ctrl)
+{
+ int rc;
+ int filedes[2];
+ assuan_context_t ctx = NULL;
+ static const char hello[] = ("GNU Privacy Guard's OpenPGP server "
+ VERSION " ready");
+
+ /* We use a pipe based server so that we can work from scripts.
+ assuan_init_pipe_server will automagically detect when we are
+ called with a socketpair and ignore FILEDES in this case. */
+ filedes[0] = assuan_fdopen (0);
+ filedes[1] = assuan_fdopen (1);
+ rc = assuan_new (&ctx);
+ if (rc)
+ {
+ log_error ("failed to allocate the assuan context: %s\n",
+ gpg_strerror (rc));
+ goto leave;
+ }
+
+ rc = assuan_init_pipe_server (ctx, filedes);
+ if (rc)
+ {
+ log_error ("failed to initialize the server: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ rc = register_commands (ctx);
+ if (rc)
+ {
+ log_error ("failed to the register commands with Assuan: %s\n",
+ gpg_strerror(rc));
+ goto leave;
+ }
+
+ assuan_set_pointer (ctx, ctrl);
+ if (opt.verbose || opt.debug)
+ {
+ char *tmp = NULL;
+ const char *s1 = getenv ("GPG_AGENT_INFO");
+
+ if (asprintf (&tmp,
+ "Home: %s\n"
+ "Config: %s\n"
+ "AgentInfo: %s\n"
+ "%s",
+ opt.homedir,
+ "fixme: need config filename",
+ s1?s1:"[not set]",
+ hello) > 0)
+ {
+ assuan_set_hello_line (ctx, tmp);
+ free (tmp);
+ }
+ }
+ else
+ assuan_set_hello_line (ctx, hello);
+ assuan_register_reset_notify (ctx, reset_notify);
+ assuan_register_input_notify (ctx, input_notify);
+ assuan_register_output_notify (ctx, output_notify);
+ assuan_register_option_handler (ctx, option_handler);
+
+ ctrl->server_local = xtrycalloc (1, sizeof *ctrl->server_local);
+ if (!ctrl->server_local)
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
+ ctrl->server_local->assuan_ctx = ctx;
+ ctrl->server_local->message_fd = GNUPG_INVALID_FD;
+
+ if (DBG_ASSUAN)
+ assuan_set_log_stream (ctx, log_get_stream ());
+
+ for (;;)
+ {
+ rc = assuan_accept (ctx);
+ if (rc == -1)
+ {
+ rc = 0;
+ break;
+ }
+ else if (rc)
+ {
+ log_info ("Assuan accept problem: %s\n", gpg_strerror (rc));
+ break;
+ }
+
+ rc = assuan_process (ctx);
+ if (rc)
+ {
+ log_info ("Assuan processing failed: %s\n", gpg_strerror (rc));
+ continue;
+ }
+ }
+
+ leave:
+ xfree (ctrl->server_local);
+ ctrl->server_local = NULL;
+ assuan_release (ctx);
+ return rc;
+}
+
diff --git a/g10/seskey.c b/g10/seskey.c
new file mode 100644
index 0000000..ccbfe30
--- /dev/null
+++ b/g10/seskey.c
@@ -0,0 +1,282 @@
+/* seskey.c - make sesssion keys etc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ * 2006, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "cipher.h"
+#include "main.h"
+#include "i18n.h"
+
+
+/****************
+ * Make a session key and put it into DEK
+ */
+void
+make_session_key( DEK *dek )
+{
+ gcry_cipher_hd_t chd;
+ int i, rc;
+
+ dek->keylen = openpgp_cipher_get_algo_keylen (dek->algo);
+
+ if (openpgp_cipher_open (&chd, dek->algo, GCRY_CIPHER_MODE_CFB,
+ (GCRY_CIPHER_SECURE
+ | (dek->algo >= 100 ?
+ 0 : GCRY_CIPHER_ENABLE_SYNC))) )
+ BUG();
+ gcry_randomize (dek->key, dek->keylen, GCRY_STRONG_RANDOM );
+ for (i=0; i < 16; i++ )
+ {
+ rc = gcry_cipher_setkey (chd, dek->key, dek->keylen);
+ if (!rc)
+ {
+ gcry_cipher_close (chd);
+ return;
+ }
+ if (gpg_err_code (rc) != GPG_ERR_WEAK_KEY)
+ BUG();
+ log_info(_("weak key created - retrying\n") );
+ /* Renew the session key until we get a non-weak key. */
+ gcry_randomize (dek->key, dek->keylen, GCRY_STRONG_RANDOM);
+ }
+ log_fatal (_("cannot avoid weak key for symmetric cipher; "
+ "tried %d times!\n"), i);
+}
+
+
+/****************
+ * Encode the session key. NBITS is the number of bits which should be used
+ * for packing the session key.
+ * returns: A mpi with the session key (caller must free)
+ */
+gcry_mpi_t
+encode_session_key (DEK *dek, unsigned int nbits)
+{
+ size_t nframe = (nbits+7) / 8;
+ byte *p;
+ byte *frame;
+ int i,n;
+ u16 csum;
+ gcry_mpi_t a;
+
+ /* The current limitation is that we can only use a session key
+ * whose length is a multiple of BITS_PER_MPI_LIMB
+ * I think we can live with that.
+ */
+ if( dek->keylen + 7 > nframe || !nframe )
+ log_bug("can't encode a %d bit key in a %d bits frame\n",
+ dek->keylen*8, nbits );
+
+ /* We encode the session key in this way:
+ *
+ * 0 2 RND(n bytes) 0 A DEK(k bytes) CSUM(2 bytes)
+ *
+ * (But how can we store the leading 0 - the external representaion
+ * of MPIs doesn't allow leading zeroes =:-)
+ *
+ * RND are non-zero random bytes.
+ * A is the cipher algorithm
+ * DEK is the encryption key (session key) length k depends on the
+ * cipher algorithm (20 is used with blowfish160).
+ * CSUM is the 16 bit checksum over the DEK
+ */
+ csum = 0;
+ for( p = dek->key, i=0; i < dek->keylen; i++ )
+ csum += *p++;
+
+ frame = xmalloc_secure( nframe );
+ n = 0;
+ frame[n++] = 0;
+ frame[n++] = 2;
+ i = nframe - 6 - dek->keylen;
+ assert( i > 0 );
+ p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM);
+ /* Replace zero bytes by new values. */
+ for(;;) {
+ int j, k;
+ byte *pp;
+
+ /* count the zero bytes */
+ for(j=k=0; j < i; j++ )
+ if( !p[j] )
+ k++;
+ if( !k )
+ break; /* okay: no zero bytes */
+ k += k/128 + 3; /* better get some more */
+ pp = gcry_random_bytes_secure (k, GCRY_STRONG_RANDOM);
+ for(j=0; j < i && k ;) {
+ if( !p[j] )
+ p[j] = pp[--k];
+ if (p[j])
+ j++;
+ }
+ xfree(pp);
+ }
+ memcpy( frame+n, p, i );
+ xfree(p);
+ n += i;
+ frame[n++] = 0;
+ frame[n++] = dek->algo;
+ memcpy( frame+n, dek->key, dek->keylen ); n += dek->keylen;
+ frame[n++] = csum >>8;
+ frame[n++] = csum;
+ assert( n == nframe );
+ if (gcry_mpi_scan( &a, GCRYMPI_FMT_USG, frame, n, &nframe))
+ BUG();
+ xfree(frame);
+ return a;
+}
+
+
+static gcry_mpi_t
+do_encode_md( gcry_md_hd_t md, int algo, size_t len, unsigned nbits,
+ const byte *asn, size_t asnlen )
+{
+ size_t nframe = (nbits+7) / 8;
+ byte *frame;
+ int i,n;
+ gcry_mpi_t a;
+
+ if( len + asnlen + 4 > nframe )
+ log_bug("can't encode a %d bit MD into a %d bits frame\n",
+ (int)(len*8), (int)nbits);
+
+ /* We encode the MD in this way:
+ *
+ * 0 1 PAD(n bytes) 0 ASN(asnlen bytes) MD(len bytes)
+ *
+ * PAD consists of FF bytes.
+ */
+ frame = gcry_md_is_secure (md)? xmalloc_secure (nframe) : xmalloc (nframe);
+ n = 0;
+ frame[n++] = 0;
+ frame[n++] = 1; /* block type */
+ i = nframe - len - asnlen -3 ;
+ assert( i > 1 );
+ memset( frame+n, 0xff, i ); n += i;
+ frame[n++] = 0;
+ memcpy( frame+n, asn, asnlen ); n += asnlen;
+ memcpy( frame+n, gcry_md_read (md, algo), len ); n += len;
+ assert( n == nframe );
+
+ if (gcry_mpi_scan( &a, GCRYMPI_FMT_USG, frame, n, &nframe ))
+ BUG();
+ xfree(frame);
+
+ /* Note that PGP before version 2.3 encoded the MD as:
+ *
+ * 0 1 MD(16 bytes) 0 PAD(n bytes) 1
+ *
+ * The MD is always 16 bytes here because it's always MD5. We do
+ * not support pre-v2.3 signatures, but I'm including this comment
+ * so the information is easily found in the future.
+ */
+
+ return a;
+}
+
+
+/****************
+ * Encode a message digest into an MPI.
+ * If it's for a DSA signature, make sure that the hash is large
+ * enough to fill up q. If the hash is too big, take the leftmost
+ * bits.
+ */
+gcry_mpi_t
+encode_md_value (PKT_public_key *pk, PKT_secret_key *sk,
+ gcry_md_hd_t md, int hash_algo)
+{
+ gcry_mpi_t frame;
+
+ assert(hash_algo);
+ assert(pk || sk);
+
+ if((pk?pk->pubkey_algo:sk->pubkey_algo) == GCRY_PK_DSA)
+ {
+ /* It's a DSA signature, so find out the size of q. */
+
+ size_t qbytes = gcry_mpi_get_nbits (pk?pk->pkey[1]:sk->skey[1]);
+
+ /* Make sure it is a multiple of 8 bits. */
+
+ if(qbytes%8)
+ {
+ log_error(_("DSA requires the hash length to be a"
+ " multiple of 8 bits\n"));
+ return NULL;
+ }
+
+ /* Don't allow any q smaller than 160 bits. This might need a
+ revisit as the DSA2 design firms up, but for now, we don't
+ want someone to issue signatures from a key with a 16-bit q
+ or something like that, which would look correct but allow
+ trivial forgeries. Yes, I know this rules out using MD5 with
+ DSA. ;) */
+ if (qbytes < 160)
+ {
+ log_error (_("DSA key %s uses an unsafe (%u bit) hash\n"),
+ pk?keystr_from_pk(pk):keystr_from_sk(sk),
+ (unsigned int)qbytes);
+ return NULL;
+ }
+
+ qbytes/=8;
+
+ /* Check if we're too short. Too long is safe as we'll
+ automatically left-truncate. */
+ if (gcry_md_get_algo_dlen (hash_algo) < qbytes)
+ {
+ log_error (_("DSA key %s requires a %u bit or larger hash\n"),
+ pk?keystr_from_pk(pk):keystr_from_sk(sk),
+ (unsigned int)(qbytes*8));
+ return NULL;
+ }
+
+ if (gcry_mpi_scan (&frame, GCRYMPI_FMT_USG,
+ gcry_md_read (md, hash_algo), qbytes, &qbytes))
+ BUG();
+ }
+ else
+ {
+ gpg_error_t rc;
+ byte *asn;
+ size_t asnlen;
+
+ rc = gcry_md_algo_info (hash_algo, GCRYCTL_GET_ASNOID, NULL, &asnlen);
+ if (rc)
+ log_fatal ("can't get OID of digest algorithm %d: %s\n",
+ hash_algo, gpg_strerror (rc));
+ asn = xmalloc (asnlen);
+ if ( gcry_md_algo_info (hash_algo, GCRYCTL_GET_ASNOID, asn, &asnlen) )
+ BUG();
+ frame = do_encode_md (md, hash_algo, gcry_md_get_algo_dlen (hash_algo),
+ gcry_mpi_get_nbits (pk?pk->pkey[0]:sk->skey[0]),
+ asn, asnlen);
+ xfree (asn);
+ }
+
+ return frame;
+}
diff --git a/g10/sig-check.c b/g10/sig-check.c
new file mode 100644
index 0000000..07a9836
--- /dev/null
+++ b/g10/sig-check.c
@@ -0,0 +1,666 @@
+/* sig-check.c - Check a signature
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+ * 2004, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "packet.h"
+#include "keydb.h"
+#include "cipher.h"
+#include "main.h"
+#include "status.h"
+#include "i18n.h"
+#include "options.h"
+#include "pkglue.h"
+
+/* Context used by the compare function. */
+struct cmp_help_context_s
+{
+ PKT_signature *sig;
+ gcry_md_hd_t md;
+};
+
+
+
+static int do_check( PKT_public_key *pk, PKT_signature *sig,
+ gcry_md_hd_t digest,
+ int *r_expired, int *r_revoked, PKT_public_key *ret_pk);
+
+/****************
+ * Check the signature which is contained in SIG.
+ * The MD_HANDLE should be currently open, so that this function
+ * is able to append some data, before finalizing the digest.
+ */
+int
+signature_check (PKT_signature *sig, gcry_md_hd_t digest)
+{
+ return signature_check2( sig, digest, NULL, NULL, NULL, NULL );
+}
+
+int
+signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
+ int *r_expired, int *r_revoked, PKT_public_key *ret_pk )
+{
+ PKT_public_key *pk = xmalloc_clear( sizeof *pk );
+ int rc=0;
+
+ if ( (rc=openpgp_md_test_algo(sig->digest_algo)) )
+ ; /* We don't have this digest. */
+ else if ((rc=openpgp_pk_test_algo(sig->pubkey_algo)))
+ ; /* We don't have this pubkey algo. */
+ else if (!gcry_md_is_enabled (digest,sig->digest_algo))
+ {
+ /* Sanity check that the md has a context for the hash that the
+ sig is expecting. This can happen if a onepass sig header does
+ not match the actual sig, and also if the clearsign "Hash:"
+ header is missing or does not match the actual sig. */
+
+ log_info(_("WARNING: signature digest conflict in message\n"));
+ rc=G10ERR_GENERAL;
+ }
+ else if( get_pubkey( pk, sig->keyid ) )
+ rc = G10ERR_NO_PUBKEY;
+ else if(!pk->is_valid && !pk->is_primary)
+ rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an
+ invalid subkey */
+ else
+ {
+ if(r_expiredate)
+ *r_expiredate = pk->expiredate;
+
+ rc = do_check( pk, sig, digest, r_expired, r_revoked, ret_pk );
+
+ /* Check the backsig. This is a 0x19 signature from the
+ subkey on the primary key. The idea here is that it should
+ not be possible for someone to "steal" subkeys and claim
+ them as their own. The attacker couldn't actually use the
+ subkey, but they could try and claim ownership of any
+ signaures issued by it. */
+ if(rc==0 && !pk->is_primary && pk->backsig<2)
+ {
+ if(pk->backsig==0)
+ {
+ log_info(_("WARNING: signing subkey %s is not"
+ " cross-certified\n"),keystr_from_pk(pk));
+ log_info(_("please see %s for more information\n"),
+ "http://www.gnupg.org/faq/subkey-cross-certify.html");
+ /* --require-cross-certification makes this warning an
+ error. TODO: change the default to require this
+ after more keys have backsigs. */
+ if(opt.flags.require_cross_cert)
+ rc=G10ERR_GENERAL;
+ }
+ else if(pk->backsig==1)
+ {
+ log_info(_("WARNING: signing subkey %s has an invalid"
+ " cross-certification\n"),keystr_from_pk(pk));
+ rc=G10ERR_GENERAL;
+ }
+ }
+ }
+
+ free_public_key( pk );
+
+ if( !rc && sig->sig_class < 2 && is_status_enabled() ) {
+ /* This signature id works best with DLP algorithms because
+ * they use a random parameter for every signature. Instead of
+ * this sig-id we could have also used the hash of the document
+ * and the timestamp, but the drawback of this is, that it is
+ * not possible to sign more than one identical document within
+ * one second. Some remote batch processing applications might
+ * like this feature here.
+ *
+ * Note that before 2.0.10, we used RIPE-MD160 for the hash
+ * and accidently didn't include the timestamp and algorithm
+ * information in the hash. Given that this feature is not
+ * commonly used and that a replay attacks detection should
+ * not solely be based on this feature (because it does not
+ * work with RSA), we take the freedom and switch to SHA-1
+ * with 2.0.10 to take advantage of hardware supported SHA-1
+ * implementations. We also include the missing information
+ * in the hash. Note also the SIG_ID as computed by gpg 1.x
+ * and gpg 2.x didn't matched either because 2.x used to print
+ * MPIs not in PGP format. */
+ u32 a = sig->timestamp;
+ int nsig = pubkey_get_nsig( sig->pubkey_algo );
+ unsigned char *p, *buffer;
+ size_t n, nbytes;
+ int i;
+ char hashbuf[20];
+
+ nbytes = 6;
+ for (i=0; i < nsig; i++ )
+ {
+ if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n, sig->data[i]))
+ BUG();
+ nbytes += n;
+ }
+
+ /* Make buffer large enough to be later used as output buffer. */
+ if (nbytes < 100)
+ nbytes = 100;
+ nbytes += 10; /* Safety margin. */
+
+ /* Fill and hash buffer. */
+ buffer = p = xmalloc (nbytes);
+ *p++ = sig->pubkey_algo;
+ *p++ = sig->digest_algo;
+ *p++ = (a >> 24) & 0xff;
+ *p++ = (a >> 16) & 0xff;
+ *p++ = (a >> 8) & 0xff;
+ *p++ = a & 0xff;
+ nbytes -= 6;
+ for (i=0; i < nsig; i++ )
+ {
+ if (gcry_mpi_print (GCRYMPI_FMT_PGP, p, nbytes, &n, sig->data[i]))
+ BUG();
+ p += n;
+ nbytes -= n;
+ }
+ gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, buffer, p-buffer);
+
+ p = make_radix64_string (hashbuf, 20);
+ sprintf (buffer, "%s %s %lu",
+ p, strtimestamp (sig->timestamp), (ulong)sig->timestamp);
+ xfree (p);
+ write_status_text (STATUS_SIG_ID, buffer);
+ xfree (buffer);
+ }
+
+ return rc;
+}
+
+
+static int
+do_check_messages( PKT_public_key *pk, PKT_signature *sig,
+ int *r_expired, int *r_revoked )
+{
+ u32 cur_time;
+
+ if(r_expired)
+ *r_expired = 0;
+ if(r_revoked)
+ *r_revoked = 0;
+
+ if( pk->timestamp > sig->timestamp )
+ {
+ ulong d = pk->timestamp - sig->timestamp;
+ log_info(d==1
+ ?_("public key %s is %lu second newer than the signature\n")
+ :_("public key %s is %lu seconds newer than the signature\n"),
+ keystr_from_pk(pk),d );
+ if( !opt.ignore_time_conflict )
+ return G10ERR_TIME_CONFLICT; /* pubkey newer than signature */
+ }
+
+ cur_time = make_timestamp();
+ if( pk->timestamp > cur_time )
+ {
+ ulong d = pk->timestamp - cur_time;
+ log_info( d==1
+ ? _("key %s was created %lu second"
+ " in the future (time warp or clock problem)\n")
+ : _("key %s was created %lu seconds"
+ " in the future (time warp or clock problem)\n"),
+ keystr_from_pk(pk),d );
+ if( !opt.ignore_time_conflict )
+ return G10ERR_TIME_CONFLICT;
+ }
+
+ /* Check whether the key has expired. We check the has_expired
+ flag which is set after a full evaluation of the key (getkey.c)
+ as well as a simple compare to the current time in case the
+ merge has for whatever reasons not been done. */
+ if( pk->has_expired || (pk->expiredate && pk->expiredate < cur_time)) {
+ char buf[11];
+ if (opt.verbose)
+ log_info(_("NOTE: signature key %s expired %s\n"),
+ keystr_from_pk(pk), asctimestamp( pk->expiredate ) );
+ /* SIGEXPIRED is deprecated. Use KEYEXPIRED. */
+ snprintf (buf, sizeof buf,"%lu",(ulong)pk->expiredate);
+ write_status_text(STATUS_KEYEXPIRED,buf);
+ write_status(STATUS_SIGEXPIRED);
+ if(r_expired)
+ *r_expired = 1;
+ }
+
+ if (pk->is_revoked)
+ {
+ if (opt.verbose)
+ log_info (_("NOTE: signature key %s has been revoked\n"),
+ keystr_from_pk(pk));
+ if (r_revoked)
+ *r_revoked=1;
+ }
+
+ return 0;
+}
+
+
+static int
+do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
+ int *r_expired, int *r_revoked, PKT_public_key *ret_pk )
+{
+ gcry_mpi_t result = NULL;
+ int rc = 0;
+
+ if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) )
+ return rc;
+
+ /* Make sure the digest algo is enabled (in case of a detached
+ signature). */
+ gcry_md_enable (digest, sig->digest_algo);
+
+ /* Complete the digest. */
+ if( sig->version >= 4 )
+ gcry_md_putc( digest, sig->version );
+ gcry_md_putc( digest, sig->sig_class );
+ if( sig->version < 4 ) {
+ u32 a = sig->timestamp;
+ gcry_md_putc( digest, (a >> 24) & 0xff );
+ gcry_md_putc( digest, (a >> 16) & 0xff );
+ gcry_md_putc( digest, (a >> 8) & 0xff );
+ gcry_md_putc( digest, a & 0xff );
+ }
+ else {
+ byte buf[6];
+ size_t n;
+ gcry_md_putc( digest, sig->pubkey_algo );
+ gcry_md_putc( digest, sig->digest_algo );
+ if( sig->hashed ) {
+ n = sig->hashed->len;
+ gcry_md_putc (digest, (n >> 8) );
+ gcry_md_putc (digest, n );
+ gcry_md_write (digest, sig->hashed->data, n);
+ n += 6;
+ }
+ else {
+ /* Two octets for the (empty) length of the hashed
+ section. */
+ gcry_md_putc (digest, 0);
+ gcry_md_putc (digest, 0);
+ n = 6;
+ }
+ /* add some magic */
+ buf[0] = sig->version;
+ buf[1] = 0xff;
+ buf[2] = n >> 24;
+ buf[3] = n >> 16;
+ buf[4] = n >> 8;
+ buf[5] = n;
+ gcry_md_write( digest, buf, 6 );
+ }
+ gcry_md_final( digest );
+
+ result = encode_md_value( pk, NULL, digest, sig->digest_algo );
+ if (!result)
+ return G10ERR_GENERAL;
+ rc = pk_verify( pk->pubkey_algo, result, sig->data, pk->pkey );
+ gcry_mpi_release (result);
+
+ if( !rc && sig->flags.unknown_critical )
+ {
+ log_info(_("assuming bad signature from key %s"
+ " due to an unknown critical bit\n"),keystr_from_pk(pk));
+ rc = G10ERR_BAD_SIGN;
+ }
+
+ if(!rc && ret_pk)
+ copy_public_key(ret_pk,pk);
+
+ return rc;
+}
+
+
+
+static void
+hash_uid_node( KBNODE unode, gcry_md_hd_t md, PKT_signature *sig )
+{
+ PKT_user_id *uid = unode->pkt->pkt.user_id;
+
+ assert( unode->pkt->pkttype == PKT_USER_ID );
+ if( uid->attrib_data ) {
+ if( sig->version >=4 ) {
+ byte buf[5];
+ buf[0] = 0xd1; /* packet of type 17 */
+ buf[1] = uid->attrib_len >> 24; /* always use 4 length bytes */
+ buf[2] = uid->attrib_len >> 16;
+ buf[3] = uid->attrib_len >> 8;
+ buf[4] = uid->attrib_len;
+ gcry_md_write( md, buf, 5 );
+ }
+ gcry_md_write( md, uid->attrib_data, uid->attrib_len );
+ }
+ else {
+ if( sig->version >=4 ) {
+ byte buf[5];
+ buf[0] = 0xb4; /* indicates a userid packet */
+ buf[1] = uid->len >> 24; /* always use 4 length bytes */
+ buf[2] = uid->len >> 16;
+ buf[3] = uid->len >> 8;
+ buf[4] = uid->len;
+ gcry_md_write( md, buf, 5 );
+ }
+ gcry_md_write( md, uid->name, uid->len );
+ }
+}
+
+static void
+cache_sig_result ( PKT_signature *sig, int result )
+{
+ if ( !result ) {
+ sig->flags.checked = 1;
+ sig->flags.valid = 1;
+ }
+ else if ( gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE ) {
+ sig->flags.checked = 1;
+ sig->flags.valid = 0;
+ }
+ else {
+ sig->flags.checked = 0;
+ sig->flags.valid = 0;
+ }
+}
+
+/* Check the revocation keys to see if any of them have revoked our
+ pk. sig is the revocation sig. pk is the key it is on. This code
+ will need to be modified if gpg ever becomes multi-threaded. Note
+ that this guarantees that a designated revocation sig will never be
+ considered valid unless it is actually valid, as well as being
+ issued by a revocation key in a valid direct signature. Note also
+ that this is written so that a revoked revoker can still issue
+ revocations: i.e. If A revokes B, but A is revoked, B is still
+ revoked. I'm not completely convinced this is the proper behavior,
+ but it matches how PGP does it. -dms */
+
+/* Returns 0 if sig is valid (i.e. pk is revoked), non-0 if not
+ revoked. It is important that G10ERR_NO_PUBKEY is only returned
+ when a revocation signature is from a valid revocation key
+ designated in a revkey subpacket, but the revocation key itself
+ isn't present. */
+int
+check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
+{
+ static int busy=0;
+ int i,rc=G10ERR_GENERAL;
+
+ assert(IS_KEY_REV(sig));
+ assert((sig->keyid[0]!=pk->keyid[0]) || (sig->keyid[0]!=pk->keyid[1]));
+
+ if(busy)
+ {
+ /* return an error (i.e. not revoked), but mark the pk as
+ uncacheable as we don't really know its revocation status
+ until it is checked directly. */
+
+ pk->dont_cache=1;
+ return rc;
+ }
+
+ busy=1;
+
+ /* printf("looking at %08lX with a sig from %08lX\n",(ulong)pk->keyid[1],
+ (ulong)sig->keyid[1]); */
+
+ /* is the issuer of the sig one of our revokers? */
+ if( !pk->revkey && pk->numrevkeys )
+ BUG();
+ else
+ for(i=0;i<pk->numrevkeys;i++)
+ {
+ u32 keyid[2];
+
+ keyid_from_fingerprint(pk->revkey[i].fpr,MAX_FINGERPRINT_LEN,keyid);
+
+ if(keyid[0]==sig->keyid[0] && keyid[1]==sig->keyid[1])
+ {
+ gcry_md_hd_t md;
+
+ if (gcry_md_open (&md, sig->digest_algo, 0))
+ BUG ();
+ hash_public_key(md,pk);
+ rc=signature_check(sig,md);
+ cache_sig_result(sig,rc);
+ gcry_md_close (md);
+ break;
+ }
+ }
+
+ busy=0;
+
+ return rc;
+}
+
+/* Backsigs (0x19) have the same format as binding sigs (0x18), but
+ this function is simpler than check_key_signature in a few ways.
+ For example, there is no support for expiring backsigs since it is
+ questionable what such a thing actually means. Note also that the
+ sig cache check here, unlike other sig caches in GnuPG, is not
+ persistent. */
+int
+check_backsig(PKT_public_key *main_pk,PKT_public_key *sub_pk,
+ PKT_signature *backsig)
+{
+ gcry_md_hd_t md;
+ int rc;
+
+ /* Always check whether the algorithm is available. Although
+ gcry_md_open woyuld throw an error, some libgcrypt versions will
+ print a debug message in that case too. */
+ if ((rc=openpgp_md_test_algo (backsig->digest_algo)))
+ return rc;
+
+ if(!opt.no_sig_cache && backsig->flags.checked)
+ return backsig->flags.valid? 0 : gpg_error (GPG_ERR_BAD_SIGNATURE);
+
+ rc = gcry_md_open (&md, backsig->digest_algo,0);
+ if (!rc)
+ {
+ hash_public_key(md,main_pk);
+ hash_public_key(md,sub_pk);
+ rc=do_check(sub_pk,backsig,md,NULL,NULL,NULL);
+ cache_sig_result(backsig,rc);
+ gcry_md_close(md);
+ }
+
+ return rc;
+}
+
+
+/****************
+ * check the signature pointed to by NODE. This is a key signature.
+ * If the function detects a self-signature, it uses the PK from
+ * ROOT and does not read any public key.
+ */
+int
+check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
+{
+ return check_key_signature2(root, node, NULL, NULL, is_selfsig, NULL, NULL );
+}
+
+/* If check_pk is set, then use it to check the signature in node
+ rather than getting it from root or the keydb. If ret_pk is set,
+ fill in the public key that was used to verify the signature.
+ ret_pk is only meaningful when the verification was successful. */
+/* TODO: add r_revoked here as well. It has the same problems as
+ r_expiredate and r_expired and the cache. */
+int
+check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
+ PKT_public_key *ret_pk, int *is_selfsig,
+ u32 *r_expiredate, int *r_expired )
+{
+ gcry_md_hd_t md;
+ PKT_public_key *pk;
+ PKT_signature *sig;
+ int algo;
+ int rc;
+
+ if( is_selfsig )
+ *is_selfsig = 0;
+ if( r_expiredate )
+ *r_expiredate = 0;
+ if( r_expired )
+ *r_expired = 0;
+ assert( node->pkt->pkttype == PKT_SIGNATURE );
+ assert( root->pkt->pkttype == PKT_PUBLIC_KEY );
+
+ pk = root->pkt->pkt.public_key;
+ sig = node->pkt->pkt.signature;
+ algo = sig->digest_algo;
+
+ /* Check whether we have cached the result of a previous signature
+ check. Note that we may no longer have the pubkey or hash
+ needed to verify a sig, but can still use the cached value. A
+ cache refresh detects and clears these cases. */
+ if ( !opt.no_sig_cache ) {
+ if (sig->flags.checked) { /*cached status available*/
+ if( is_selfsig ) {
+ u32 keyid[2];
+
+ keyid_from_pk( pk, keyid );
+ if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
+ *is_selfsig = 1;
+ }
+ /* BUG: This is wrong for non-self-sigs.. needs to be the
+ actual pk */
+ if((rc=do_check_messages(pk,sig,r_expired,NULL)))
+ return rc;
+ return sig->flags.valid? 0 : gpg_error (GPG_ERR_BAD_SIGNATURE);
+ }
+ }
+
+ if( (rc=openpgp_pk_test_algo(sig->pubkey_algo)) )
+ return rc;
+ if( (rc=openpgp_md_test_algo(algo)) )
+ return rc;
+
+ if( sig->sig_class == 0x20 ) { /* key revocation */
+ u32 keyid[2];
+ keyid_from_pk( pk, keyid );
+
+ /* is it a designated revoker? */
+ if(keyid[0]!=sig->keyid[0] || keyid[1]!=sig->keyid[1])
+ rc=check_revocation_keys(pk,sig);
+ else
+ {
+ if (gcry_md_open (&md, algo, 0 ))
+ BUG ();
+ hash_public_key( md, pk );
+ rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
+ cache_sig_result ( sig, rc );
+ gcry_md_close(md);
+ }
+ }
+ else if( sig->sig_class == 0x28 ) { /* subkey revocation */
+ KBNODE snode = find_prev_kbnode( root, node, PKT_PUBLIC_SUBKEY );
+
+ if( snode ) {
+ if (gcry_md_open (&md, algo, 0))
+ BUG ();
+ hash_public_key( md, pk );
+ hash_public_key( md, snode->pkt->pkt.public_key );
+ rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
+ cache_sig_result ( sig, rc );
+ gcry_md_close(md);
+ }
+ else
+ {
+ if (opt.verbose)
+ log_info (_("key %s: no subkey for subkey"
+ " revocation signature\n"),keystr_from_pk(pk));
+ rc = G10ERR_SIG_CLASS;
+ }
+ }
+ else if( sig->sig_class == 0x18 ) { /* key binding */
+ KBNODE snode = find_prev_kbnode( root, node, PKT_PUBLIC_SUBKEY );
+
+ if( snode ) {
+ if( is_selfsig ) { /* does this make sense????? */
+ u32 keyid[2]; /* it should always be a selfsig */
+
+ keyid_from_pk( pk, keyid );
+ if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
+ *is_selfsig = 1;
+ }
+ if (gcry_md_open (&md, algo, 0))
+ BUG ();
+ hash_public_key( md, pk );
+ hash_public_key( md, snode->pkt->pkt.public_key );
+ rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
+ cache_sig_result ( sig, rc );
+ gcry_md_close(md);
+ }
+ else
+ {
+ if (opt.verbose)
+ log_info(_("key %s: no subkey for subkey"
+ " binding signature\n"),keystr_from_pk(pk));
+ rc = G10ERR_SIG_CLASS;
+ }
+ }
+ else if( sig->sig_class == 0x1f ) { /* direct key signature */
+ if (gcry_md_open (&md, algo, 0 ))
+ BUG ();
+ hash_public_key( md, pk );
+ rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
+ cache_sig_result ( sig, rc );
+ gcry_md_close(md);
+ }
+ else { /* all other classes */
+ KBNODE unode = find_prev_kbnode( root, node, PKT_USER_ID );
+
+ if( unode ) {
+ u32 keyid[2];
+
+ keyid_from_pk( pk, keyid );
+ if (gcry_md_open (&md, algo, 0 ))
+ BUG ();
+ hash_public_key( md, pk );
+ hash_uid_node( unode, md, sig );
+ if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
+ {
+ if( is_selfsig )
+ *is_selfsig = 1;
+ rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
+ }
+ else if (check_pk)
+ rc=do_check(check_pk,sig,md,r_expired,NULL,ret_pk);
+ else
+ rc=signature_check2(sig,md,r_expiredate,r_expired,NULL,ret_pk);
+
+ cache_sig_result ( sig, rc );
+ gcry_md_close(md);
+ }
+ else
+ {
+ if (!opt.quiet)
+ log_info ("key %s: no user ID for key signature packet"
+ " of class %02x\n",keystr_from_pk(pk),sig->sig_class);
+ rc = G10ERR_SIG_CLASS;
+ }
+ }
+
+ return rc;
+}
diff --git a/g10/sign.c b/g10/sign.c
new file mode 100644
index 0000000..8d280ed
--- /dev/null
+++ b/g10/sign.c
@@ -0,0 +1,1575 @@
+/* sign.c - sign data
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
+ * 2007, 2010, 2012 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "packet.h"
+#include "status.h"
+#include "iobuf.h"
+#include "keydb.h"
+#include "util.h"
+#include "main.h"
+#include "filter.h"
+#include "ttyio.h"
+#include "trustdb.h"
+#include "status.h"
+#include "i18n.h"
+#include "pkglue.h"
+#include "sysutils.h"
+#include "call-agent.h"
+
+
+#ifdef HAVE_DOSISH_SYSTEM
+#define LF "\r\n"
+#else
+#define LF "\n"
+#endif
+
+static int recipient_digest_algo=0;
+
+/****************
+ * Create notations and other stuff. It is assumed that the stings in
+ * STRLIST are already checked to contain only printable data and have
+ * a valid NAME=VALUE format.
+ */
+static void
+mk_notation_policy_etc( PKT_signature *sig,
+ PKT_public_key *pk, PKT_secret_key *sk )
+{
+ const char *string;
+ char *s=NULL;
+ strlist_t pu=NULL;
+ struct notation *nd=NULL;
+ struct expando_args args;
+
+ assert(sig->version>=4);
+
+ memset(&args,0,sizeof(args));
+ args.pk=pk;
+ args.sk=sk;
+
+ /* notation data */
+ if(IS_SIG(sig) && opt.sig_notations)
+ nd=opt.sig_notations;
+ else if( IS_CERT(sig) && opt.cert_notations )
+ nd=opt.cert_notations;
+
+ if(nd)
+ {
+ struct notation *i;
+
+ for(i=nd;i;i=i->next)
+ {
+ i->altvalue=pct_expando(i->value,&args);
+ if(!i->altvalue)
+ log_error(_("WARNING: unable to %%-expand notation "
+ "(too large). Using unexpanded.\n"));
+ }
+
+ keygen_add_notations(sig,nd);
+
+ for(i=nd;i;i=i->next)
+ {
+ xfree(i->altvalue);
+ i->altvalue=NULL;
+ }
+ }
+
+ /* set policy URL */
+ if( IS_SIG(sig) && opt.sig_policy_url )
+ pu=opt.sig_policy_url;
+ else if( IS_CERT(sig) && opt.cert_policy_url )
+ pu=opt.cert_policy_url;
+
+ for(;pu;pu=pu->next)
+ {
+ string = pu->d;
+
+ s=pct_expando(string,&args);
+ if(!s)
+ {
+ log_error(_("WARNING: unable to %%-expand policy URL "
+ "(too large). Using unexpanded.\n"));
+ s=xstrdup(string);
+ }
+
+ build_sig_subpkt(sig,SIGSUBPKT_POLICY|
+ ((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0),
+ s,strlen(s));
+
+ xfree(s);
+ }
+
+ /* preferred keyserver URL */
+ if( IS_SIG(sig) && opt.sig_keyserver_url )
+ pu=opt.sig_keyserver_url;
+
+ for(;pu;pu=pu->next)
+ {
+ string = pu->d;
+
+ s=pct_expando(string,&args);
+ if(!s)
+ {
+ log_error(_("WARNING: unable to %%-expand preferred keyserver URL"
+ " (too large). Using unexpanded.\n"));
+ s=xstrdup(string);
+ }
+
+ build_sig_subpkt(sig,SIGSUBPKT_PREF_KS|
+ ((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0),
+ s,strlen(s));
+
+ xfree(s);
+ }
+}
+
+
+/*
+ * Helper to hash a user ID packet.
+ */
+static void
+hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid)
+{
+ if ( sigversion >= 4 ) {
+ byte buf[5];
+
+ if(uid->attrib_data) {
+ buf[0] = 0xd1; /* indicates an attribute packet */
+ buf[1] = uid->attrib_len >> 24; /* always use 4 length bytes */
+ buf[2] = uid->attrib_len >> 16;
+ buf[3] = uid->attrib_len >> 8;
+ buf[4] = uid->attrib_len;
+ }
+ else {
+ buf[0] = 0xb4; /* indicates a userid packet */
+ buf[1] = uid->len >> 24; /* always use 4 length bytes */
+ buf[2] = uid->len >> 16;
+ buf[3] = uid->len >> 8;
+ buf[4] = uid->len;
+ }
+ gcry_md_write( md, buf, 5 );
+ }
+
+ if(uid->attrib_data)
+ gcry_md_write (md, uid->attrib_data, uid->attrib_len );
+ else
+ gcry_md_write (md, uid->name, uid->len );
+}
+
+
+/*
+ * Helper to hash some parts from the signature
+ */
+static void
+hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
+{
+ if (sig->version >= 4)
+ gcry_md_putc (md, sig->version);
+ gcry_md_putc (md, sig->sig_class);
+ if (sig->version < 4) {
+ u32 a = sig->timestamp;
+ gcry_md_putc (md, (a >> 24) & 0xff );
+ gcry_md_putc (md, (a >> 16) & 0xff );
+ gcry_md_putc (md, (a >> 8) & 0xff );
+ gcry_md_putc (md, a & 0xff );
+ }
+ else {
+ byte buf[6];
+ size_t n;
+
+ gcry_md_putc (md, sig->pubkey_algo);
+ gcry_md_putc (md, sig->digest_algo);
+ if (sig->hashed) {
+ n = sig->hashed->len;
+ gcry_md_putc (md, (n >> 8) );
+ gcry_md_putc (md, n );
+ gcry_md_write (md, sig->hashed->data, n );
+ n += 6;
+ }
+ else {
+ gcry_md_putc (md, 0); /* always hash the length of the subpacket*/
+ gcry_md_putc (md, 0);
+ n = 6;
+ }
+ /* add some magic */
+ buf[0] = sig->version;
+ buf[1] = 0xff;
+ buf[2] = n >> 24; /* hmmm, n is only 16 bit, so this is always 0 */
+ buf[3] = n >> 16;
+ buf[4] = n >> 8;
+ buf[5] = n;
+ gcry_md_write (md, buf, 6);
+ }
+}
+
+
+static int
+do_sign( PKT_secret_key *sk, PKT_signature *sig,
+ gcry_md_hd_t md, int digest_algo )
+{
+ gcry_mpi_t frame;
+ byte *dp;
+ int rc;
+
+ if( sk->timestamp > sig->timestamp ) {
+ ulong d = sk->timestamp - sig->timestamp;
+ log_info( d==1 ? _("key has been created %lu second "
+ "in future (time warp or clock problem)\n")
+ : _("key has been created %lu seconds "
+ "in future (time warp or clock problem)\n"), d );
+ if( !opt.ignore_time_conflict )
+ return G10ERR_TIME_CONFLICT;
+ }
+
+
+ print_pubkey_algo_note(sk->pubkey_algo);
+
+ if( !digest_algo )
+ digest_algo = gcry_md_get_algo (md);
+
+ print_digest_algo_note( digest_algo );
+ dp = gcry_md_read ( md, digest_algo );
+ sig->digest_algo = digest_algo;
+ sig->digest_start[0] = dp[0];
+ sig->digest_start[1] = dp[1];
+ if (sk->is_protected && sk->protect.s2k.mode == 1002)
+ {
+#ifdef ENABLE_CARD_SUPPORT
+ unsigned char *rbuf;
+ size_t rbuflen;
+ char *snbuf;
+
+ snbuf = serialno_and_fpr_from_sk (sk->protect.iv,
+ sk->protect.ivlen, sk);
+ rc = agent_scd_pksign (snbuf, digest_algo,
+ gcry_md_read (md, digest_algo),
+ gcry_md_get_algo_dlen (digest_algo),
+ &rbuf, &rbuflen);
+ xfree (snbuf);
+ if (!rc)
+ {
+ if (gcry_mpi_scan (&sig->data[0], GCRYMPI_FMT_USG,
+ rbuf, rbuflen, NULL))
+ BUG ();
+ xfree (rbuf);
+ }
+#else
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+#endif /* ENABLE_CARD_SUPPORT */
+ }
+ else
+ {
+ frame = encode_md_value( NULL, sk, md, digest_algo );
+ if (!frame)
+ return G10ERR_GENERAL;
+ rc = pk_sign( sk->pubkey_algo, sig->data, frame, sk->skey );
+ gcry_mpi_release (frame);
+ }
+
+ if (!rc && !opt.no_sig_create_check) {
+ /* Check that the signature verification worked and nothing is
+ * fooling us e.g. by a bug in the signature create
+ * code or by deliberately introduced faults. */
+ PKT_public_key *pk = xmalloc_clear (sizeof *pk);
+
+ if( get_pubkey( pk, sig->keyid ) )
+ rc = G10ERR_NO_PUBKEY;
+ else {
+ frame = encode_md_value (pk, NULL, md, sig->digest_algo );
+ if (!frame)
+ rc = G10ERR_GENERAL;
+ else
+ rc = pk_verify (pk->pubkey_algo, frame, sig->data, pk->pkey );
+ gcry_mpi_release (frame);
+ }
+ if (rc)
+ log_error (_("checking created signature failed: %s\n"),
+ g10_errstr (rc));
+ free_public_key (pk);
+ }
+ if( rc )
+ log_error(_("signing failed: %s\n"), g10_errstr(rc) );
+ else {
+ if( opt.verbose ) {
+ char *ustr = get_user_id_string_native (sig->keyid);
+ log_info(_("%s/%s signature from: \"%s\"\n"),
+ gcry_pk_algo_name (sk->pubkey_algo),
+ gcry_md_algo_name (sig->digest_algo),
+ ustr );
+ xfree(ustr);
+ }
+ }
+ return rc;
+}
+
+
+int
+complete_sig( PKT_signature *sig, PKT_secret_key *sk, gcry_md_hd_t md )
+{
+ int rc=0;
+
+ if( !(rc=check_secret_key( sk, 0 )) )
+ rc = do_sign( sk, sig, md, 0 );
+ return rc;
+}
+
+
+
+static int
+match_dsa_hash (unsigned int qbytes)
+{
+ if (qbytes <= 20)
+ return DIGEST_ALGO_SHA1;
+
+ if (qbytes <= 28)
+ return DIGEST_ALGO_SHA224;
+
+ if (qbytes <= 32)
+ return DIGEST_ALGO_SHA256;
+
+ if (qbytes <= 48)
+ return DIGEST_ALGO_SHA384;
+
+ if (qbytes <= 64)
+ return DIGEST_ALGO_SHA512;
+
+ return DEFAULT_DIGEST_ALGO;
+ /* DEFAULT_DIGEST_ALGO will certainly fail, but it's the best wrong
+ answer we have if a digest larger than 512 bits is requested. */
+}
+
+
+/*
+ First try --digest-algo. If that isn't set, see if the recipient
+ has a preferred algorithm (which is also filtered through
+ --preferred-digest-prefs). If we're making a signature without a
+ particular recipient (i.e. signing, rather than signing+encrypting)
+ then take the first algorithm in --preferred-digest-prefs that is
+ usable for the pubkey algorithm. If --preferred-digest-prefs isn't
+ set, then take the OpenPGP default (i.e. SHA-1).
+
+ Possible improvement: Use the highest-ranked usable algorithm from
+ the signing key prefs either before or after using the personal
+ list?
+*/
+static int
+hash_for(PKT_secret_key *sk)
+{
+ if( opt.def_digest_algo )
+ return opt.def_digest_algo;
+ else if( recipient_digest_algo )
+ return recipient_digest_algo;
+ else if(sk->pubkey_algo==PUBKEY_ALGO_DSA)
+ {
+ unsigned int qbytes = gcry_mpi_get_nbits (sk->skey[1]) / 8;
+
+ /* It's a DSA key, so find a hash that is the same size as q or
+ larger. If q is 160, assume it is an old DSA key and use a
+ 160-bit hash unless --enable-dsa2 is set, in which case act
+ like a new DSA key that just happens to have a 160-bit q
+ (i.e. allow truncation). If q is not 160, by definition it
+ must be a new DSA key. */
+
+ if (opt.personal_digest_prefs)
+ {
+ prefitem_t *prefs;
+
+ if (qbytes != 20 || opt.flags.dsa2)
+ {
+ for (prefs=opt.personal_digest_prefs; prefs->type; prefs++)
+ if (gcry_md_get_algo_dlen (prefs->value) >= qbytes)
+ return prefs->value;
+ }
+ else
+ {
+ for (prefs=opt.personal_digest_prefs; prefs->type; prefs++)
+ if (gcry_md_get_algo_dlen (prefs->value) == qbytes)
+ return prefs->value;
+ }
+ }
+
+ return match_dsa_hash(qbytes);
+ }
+ else if (sk->is_protected && sk->protect.s2k.mode == 1002
+ && sk->protect.ivlen == 16
+ && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01\x01", 7))
+ {
+ /* The sk lives on a smartcard, and old smartcards only handle
+ SHA-1 and RIPEMD/160. Newer smartcards (v2.0) don't have
+ this restriction anymore. Fortunately the serial number
+ encodes the version of the card and thus we know that this
+ key is on a v1 card. */
+ if(opt.personal_digest_prefs)
+ {
+ prefitem_t *prefs;
+
+ for (prefs=opt.personal_digest_prefs;prefs->type;prefs++)
+ if (prefs->value==DIGEST_ALGO_SHA1
+ || prefs->value==DIGEST_ALGO_RMD160)
+ return prefs->value;
+ }
+
+ return DIGEST_ALGO_SHA1;
+ }
+ else if (PGP2 && sk->pubkey_algo == PUBKEY_ALGO_RSA && sk->version < 4 )
+ {
+ /* Old-style PGP only understands MD5 */
+ return DIGEST_ALGO_MD5;
+ }
+ else if ( opt.personal_digest_prefs )
+ {
+ /* It's not DSA, so we can use whatever the first hash algorithm
+ is in the pref list */
+ return opt.personal_digest_prefs[0].value;
+ }
+ else
+ return DEFAULT_DIGEST_ALGO;
+}
+
+
+static int
+only_old_style( SK_LIST sk_list )
+{
+ SK_LIST sk_rover = NULL;
+ int old_style = 0;
+
+ /* if there are only old style capable key we use the old sytle */
+ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+ PKT_secret_key *sk = sk_rover->sk;
+ if( sk->pubkey_algo == PUBKEY_ALGO_RSA && sk->version < 4 )
+ old_style = 1;
+ else
+ return 0;
+ }
+ return old_style;
+}
+
+
+
+static void
+print_status_sig_created ( PKT_secret_key *sk, PKT_signature *sig, int what )
+{
+ byte array[MAX_FINGERPRINT_LEN], *p;
+ char buf[100+MAX_FINGERPRINT_LEN*2];
+ size_t i, n;
+
+ sprintf(buf, "%c %d %d %02x %lu ",
+ what, sig->pubkey_algo, sig->digest_algo, sig->sig_class,
+ (ulong)sig->timestamp );
+
+ fingerprint_from_sk( sk, array, &n );
+ p = buf + strlen(buf);
+ for(i=0; i < n ; i++ )
+ sprintf(p+2*i, "%02X", array[i] );
+
+ write_status_text( STATUS_SIG_CREATED, buf );
+}
+
+
+/*
+ * Loop over the secret certificates in SK_LIST and build the one pass
+ * signature packets. OpenPGP says that the data should be bracket by
+ * the onepass-sig and signature-packet; so we build these onepass
+ * packet here in reverse order
+ */
+static int
+write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass )
+{
+ int skcount;
+ SK_LIST sk_rover;
+
+ for (skcount=0, sk_rover=sk_list; sk_rover; sk_rover = sk_rover->next)
+ skcount++;
+
+ for (; skcount; skcount--) {
+ PKT_secret_key *sk;
+ PKT_onepass_sig *ops;
+ PACKET pkt;
+ int i, rc;
+
+ for (i=0, sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+ if (++i == skcount)
+ break;
+ }
+
+ sk = sk_rover->sk;
+ ops = xmalloc_clear (sizeof *ops);
+ ops->sig_class = sigclass;
+ ops->digest_algo = hash_for (sk);
+ ops->pubkey_algo = sk->pubkey_algo;
+ keyid_from_sk (sk, ops->keyid);
+ ops->last = (skcount == 1);
+
+ init_packet(&pkt);
+ pkt.pkttype = PKT_ONEPASS_SIG;
+ pkt.pkt.onepass_sig = ops;
+ rc = build_packet (out, &pkt);
+ free_packet (&pkt);
+ if (rc) {
+ log_error ("build onepass_sig packet failed: %s\n",
+ g10_errstr(rc));
+ return rc;
+ }
+ }
+
+ return 0;
+}
+
+/*
+ * Helper to write the plaintext (literal data) packet
+ */
+static int
+write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
+{
+ PKT_plaintext *pt = NULL;
+ u32 filesize;
+ int rc = 0;
+
+ if (!opt.no_literal)
+ pt=setup_plaintext_name(fname,inp);
+
+ /* try to calculate the length of the data */
+ if ( !iobuf_is_pipe_filename (fname) && *fname )
+ {
+ off_t tmpsize;
+ int overflow;
+
+ if( !(tmpsize = iobuf_get_filelength(inp, &overflow))
+ && !overflow && opt.verbose)
+ log_info (_("WARNING: `%s' is an empty file\n"), fname);
+
+ /* We can't encode the length of very large files because
+ OpenPGP uses only 32 bit for file sizes. So if the size of
+ a file is larger than 2^32 minus some bytes for packet
+ headers, we switch to partial length encoding. */
+ if ( tmpsize < (IOBUF_FILELENGTH_LIMIT - 65536) )
+ filesize = tmpsize;
+ else
+ filesize = 0;
+
+ /* Because the text_filter modifies the length of the
+ * data, it is not possible to know the used length
+ * without a double read of the file - to avoid that
+ * we simple use partial length packets. */
+ if ( ptmode == 't' )
+ filesize = 0;
+ }
+ else
+ filesize = opt.set_filesize? opt.set_filesize : 0; /* stdin */
+
+ if (!opt.no_literal) {
+ PACKET pkt;
+
+ pt->timestamp = make_timestamp ();
+ pt->mode = ptmode;
+ pt->len = filesize;
+ pt->new_ctb = !pt->len && !RFC1991;
+ pt->buf = inp;
+ init_packet(&pkt);
+ pkt.pkttype = PKT_PLAINTEXT;
+ pkt.pkt.plaintext = pt;
+ /*cfx.datalen = filesize? calc_packet_length( &pkt ) : 0;*/
+ if( (rc = build_packet (out, &pkt)) )
+ log_error ("build_packet(PLAINTEXT) failed: %s\n",
+ g10_errstr(rc) );
+ pt->buf = NULL;
+ }
+ else {
+ byte copy_buffer[4096];
+ int bytes_copied;
+
+ while ((bytes_copied = iobuf_read(inp, copy_buffer, 4096)) != -1)
+ if ( (rc=iobuf_write(out, copy_buffer, bytes_copied)) ) {
+ log_error ("copying input to output failed: %s\n",
+ gpg_strerror (rc));
+ break;
+ }
+ wipememory(copy_buffer,4096); /* burn buffer */
+ }
+ /* fixme: it seems that we never freed pt/pkt */
+
+ return rc;
+}
+
+/*
+ * Write the signatures from the SK_LIST to OUT. HASH must be a non-finalized
+ * hash which will not be changes here.
+ */
+static int
+write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
+ int sigclass, u32 timestamp, u32 duration,
+ int status_letter)
+{
+ SK_LIST sk_rover;
+
+ /* loop over the secret certificates */
+ for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) {
+ PKT_secret_key *sk;
+ PKT_signature *sig;
+ gcry_md_hd_t md;
+ int rc;
+
+ sk = sk_rover->sk;
+
+ /* build the signature packet */
+ sig = xmalloc_clear (sizeof *sig);
+ if(opt.force_v3_sigs || RFC1991)
+ sig->version=3;
+ else if(duration || opt.sig_policy_url
+ || opt.sig_notations || opt.sig_keyserver_url)
+ sig->version=4;
+ else
+ sig->version=sk->version;
+ keyid_from_sk (sk, sig->keyid);
+ sig->digest_algo = hash_for(sk);
+ sig->pubkey_algo = sk->pubkey_algo;
+ if(timestamp)
+ sig->timestamp = timestamp;
+ else
+ sig->timestamp = make_timestamp();
+ if(duration)
+ sig->expiredate = sig->timestamp+duration;
+ sig->sig_class = sigclass;
+
+ if (gcry_md_copy (&md, hash))
+ BUG ();
+
+ if (sig->version >= 4)
+ {
+ build_sig_subpkt_from_sig (sig);
+ mk_notation_policy_etc (sig, NULL, sk);
+ }
+
+ hash_sigversion_to_magic (md, sig);
+ gcry_md_final (md);
+
+ rc = do_sign( sk, sig, md, hash_for (sk) );
+ gcry_md_close (md);
+ if( !rc ) { /* and write it */
+ PACKET pkt;
+
+ init_packet(&pkt);
+ pkt.pkttype = PKT_SIGNATURE;
+ pkt.pkt.signature = sig;
+ rc = build_packet (out, &pkt);
+ if (!rc && is_status_enabled()) {
+ print_status_sig_created ( sk, sig, status_letter);
+ }
+ free_packet (&pkt);
+ if (rc)
+ log_error ("build signature packet failed: %s\n",
+ g10_errstr(rc) );
+ }
+ if( rc )
+ return rc;;
+ }
+
+ return 0;
+}
+
+/****************
+ * Sign the files whose names are in FILENAME.
+ * If DETACHED has the value true,
+ * make a detached signature. If FILENAMES->d is NULL read from stdin
+ * and ignore the detached mode. Sign the file with all secret keys
+ * which can be taken from LOCUSR, if this is NULL, use the default one
+ * If ENCRYPTFLAG is true, use REMUSER (or ask if it is NULL) to encrypt the
+ * signed data for these users.
+ * If OUTFILE is not NULL; this file is used for output and the function
+ * does not ask for overwrite permission; output is then always
+ * uncompressed, non-armored and in binary mode.
+ */
+int
+sign_file( strlist_t filenames, int detached, strlist_t locusr,
+ int encryptflag, strlist_t remusr, const char *outfile )
+{
+ const char *fname;
+ armor_filter_context_t *afx;
+ compress_filter_context_t zfx;
+ md_filter_context_t mfx;
+ text_filter_context_t tfx;
+ progress_filter_context_t *pfx;
+ encrypt_filter_context_t efx;
+ IOBUF inp = NULL, out = NULL;
+ PACKET pkt;
+ int rc = 0;
+ PK_LIST pk_list = NULL;
+ SK_LIST sk_list = NULL;
+ SK_LIST sk_rover = NULL;
+ int multifile = 0;
+ u32 duration=0;
+
+ pfx = new_progress_context ();
+ afx = new_armor_context ();
+ memset( &zfx, 0, sizeof zfx);
+ memset( &mfx, 0, sizeof mfx);
+ memset( &efx, 0, sizeof efx);
+ init_packet( &pkt );
+
+ if( filenames ) {
+ fname = filenames->d;
+ multifile = !!filenames->next;
+ }
+ else
+ fname = NULL;
+
+ if( fname && filenames->next && (!detached || encryptflag) )
+ log_bug("multiple files can only be detached signed");
+
+ if(encryptflag==2
+ && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
+ goto leave;
+
+ if(!opt.force_v3_sigs && !RFC1991)
+ {
+ if(opt.ask_sig_expire && !opt.batch)
+ duration=ask_expire_interval(1,opt.def_sig_expire);
+ else
+ duration=parse_expire_string(opt.def_sig_expire);
+ }
+
+ if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
+ goto leave;
+
+ if(PGP2 && !only_old_style(sk_list))
+ {
+ log_info(_("you can only detach-sign with PGP 2.x style keys "
+ "while in --pgp2 mode\n"));
+ compliance_failure();
+ }
+
+ if(encryptflag && (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )))
+ goto leave;
+
+ /* prepare iobufs */
+ if( multifile ) /* have list of filenames */
+ inp = NULL; /* we do it later */
+ else {
+ inp = iobuf_open(fname);
+ if (inp && is_secured_file (iobuf_get_fd (inp)))
+ {
+ iobuf_close (inp);
+ inp = NULL;
+ errno = EPERM;
+ }
+ if( !inp )
+ {
+ rc = gpg_error_from_syserror ();
+ log_error (_("can't open `%s': %s\n"), fname? fname: "[stdin]",
+ strerror(errno) );
+ goto leave;
+ }
+
+ handle_progress (pfx, inp, fname);
+ }
+
+ if( outfile ) {
+ if (is_secured_filename ( outfile )) {
+ out = NULL;
+ errno = EPERM;
+ }
+ else
+ out = iobuf_create( outfile );
+ if( !out )
+ {
+ rc = gpg_error_from_syserror ();
+ log_error(_("can't create `%s': %s\n"), outfile, strerror(errno) );
+ goto leave;
+ }
+ else if( opt.verbose )
+ log_info(_("writing to `%s'\n"), outfile );
+ }
+ else if( (rc = open_outfile( fname, opt.armor? 1: detached? 2:0, &out )))
+ goto leave;
+
+ /* prepare to calculate the MD over the input */
+ if( opt.textmode && !outfile && !multifile )
+ {
+ memset( &tfx, 0, sizeof tfx);
+ iobuf_push_filter( inp, text_filter, &tfx );
+ }
+
+ if ( gcry_md_open (&mfx.md, 0, 0) )
+ BUG ();
+ if (DBG_HASHING)
+ gcry_md_start_debug (mfx.md, "sign");
+
+ /* If we're encrypting and signing, it is reasonable to pick the
+ hash algorithm to use out of the recepient key prefs. This is
+ best effort only, as in a DSA2 and smartcard world there are
+ cases where we cannot please everyone with a single hash (DSA2
+ wants >160 and smartcards want =160). In the future this could
+ be more complex with different hashes for each sk, but the
+ current design requires a single hash for all SKs. */
+ if(pk_list)
+ {
+ if(opt.def_digest_algo)
+ {
+ if(!opt.expert &&
+ select_algo_from_prefs(pk_list,PREFTYPE_HASH,
+ opt.def_digest_algo,
+ NULL)!=opt.def_digest_algo)
+ log_info(_("WARNING: forcing digest algorithm %s (%d)"
+ " violates recipient preferences\n"),
+ gcry_md_algo_name (opt.def_digest_algo),
+ opt.def_digest_algo );
+ }
+ else
+ {
+ int algo, smartcard=0;
+ union pref_hint hint;
+
+ hint.digest_length = 0;
+
+ /* Of course, if the recipient asks for something
+ unreasonable (like the wrong hash for a DSA key) then
+ don't do it. Check all sk's - if any are DSA or live
+ on a smartcard, then the hash has restrictions and we
+ may not be able to give the recipient what they want.
+ For DSA, pass a hint for the largest q we have. Note
+ that this means that a q>160 key will override a q=160
+ key and force the use of truncation for the q=160 key.
+ The alternative would be to ignore the recipient prefs
+ completely and get a different hash for each DSA key in
+ hash_for(). The override behavior here is more or less
+ reasonable as it is under the control of the user which
+ keys they sign with for a given message and the fact
+ that the message with multiple signatures won't be
+ usable on an implementation that doesn't understand
+ DSA2 anyway. */
+
+ for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next )
+ {
+ if (sk_rover->sk->pubkey_algo == PUBKEY_ALGO_DSA)
+ {
+ int temp_hashlen = (gcry_mpi_get_nbits
+ (sk_rover->sk->skey[1])+7)/8;
+
+ /* Pick a hash that is large enough for our
+ largest q */
+
+ if (hint.digest_length<temp_hashlen)
+ hint.digest_length=temp_hashlen;
+ }
+ else if (sk_rover->sk->is_protected
+ && sk_rover->sk->protect.s2k.mode == 1002)
+ smartcard = 1;
+ }
+
+ /* Current smartcards only do 160-bit hashes. If we have
+ to have a >160-bit hash, then we can't use the
+ recipient prefs as we'd need both =160 and >160 at the
+ same time and recipient prefs currently require a
+ single hash for all signatures. All this may well have
+ to change as the cards add algorithms. */
+
+ if (!smartcard || (smartcard && hint.digest_length==20))
+ if ( (algo=
+ select_algo_from_prefs(pk_list,PREFTYPE_HASH,-1,&hint)) > 0)
+ recipient_digest_algo=algo;
+ }
+ }
+
+ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+ PKT_secret_key *sk = sk_rover->sk;
+ gcry_md_enable (mfx.md, hash_for(sk));
+ }
+
+ if( !multifile )
+ iobuf_push_filter( inp, md_filter, &mfx );
+
+ if( detached && !encryptflag && !RFC1991 )
+ afx->what = 2;
+
+ if( opt.armor && !outfile )
+ push_armor_filter (afx, out);
+
+ if( encryptflag ) {
+ efx.pk_list = pk_list;
+ /* fixme: set efx.cfx.datalen if known */
+ iobuf_push_filter( out, encrypt_filter, &efx );
+ }
+
+ if( opt.compress_algo && !outfile && ( !detached || opt.compress_sigs) )
+ {
+ int compr_algo=opt.compress_algo;
+
+ /* If not forced by user */
+ if(compr_algo==-1)
+ {
+ /* If we're not encrypting, then select_algo_from_prefs
+ will fail and we'll end up with the default. If we are
+ encrypting, select_algo_from_prefs cannot fail since
+ there is an assumed preference for uncompressed data.
+ Still, if it did fail, we'll also end up with the
+ default. */
+
+ if((compr_algo=
+ select_algo_from_prefs(pk_list,PREFTYPE_ZIP,-1,NULL))==-1)
+ compr_algo=default_compress_algo();
+ }
+ else if(!opt.expert && pk_list
+ && select_algo_from_prefs(pk_list,PREFTYPE_ZIP,
+ compr_algo,NULL)!=compr_algo)
+ log_info(_("WARNING: forcing compression algorithm %s (%d)"
+ " violates recipient preferences\n"),
+ compress_algo_to_string(compr_algo),compr_algo);
+
+ /* algo 0 means no compression */
+ if( compr_algo )
+ push_compress_filter(out,&zfx,compr_algo);
+ }
+
+ /* Write the one-pass signature packets if needed */
+ if (!detached && !RFC1991) {
+ rc = write_onepass_sig_packets (sk_list, out,
+ opt.textmode && !outfile ? 0x01:0x00);
+ if (rc)
+ goto leave;
+ }
+
+ write_status_begin_signing (mfx.md);
+
+ /* Setup the inner packet. */
+ if( detached ) {
+ if( multifile ) {
+ strlist_t sl;
+
+ if( opt.verbose )
+ log_info(_("signing:") );
+ /* must walk reverse trough this list */
+ for( sl = strlist_last(filenames); sl;
+ sl = strlist_prev( filenames, sl ) ) {
+ inp = iobuf_open(sl->d);
+ if (inp && is_secured_file (iobuf_get_fd (inp)))
+ {
+ iobuf_close (inp);
+ inp = NULL;
+ errno = EPERM;
+ }
+ if( !inp )
+ {
+ rc = gpg_error_from_syserror ();
+ log_error(_("can't open `%s': %s\n"),
+ sl->d,strerror(errno));
+ goto leave;
+ }
+ handle_progress (pfx, inp, sl->d);
+ if( opt.verbose )
+ fprintf(stderr, " `%s'", sl->d );
+ if(opt.textmode)
+ {
+ memset( &tfx, 0, sizeof tfx);
+ iobuf_push_filter( inp, text_filter, &tfx );
+ }
+ iobuf_push_filter( inp, md_filter, &mfx );
+ while( iobuf_get(inp) != -1 )
+ ;
+ iobuf_close(inp); inp = NULL;
+ }
+ if( opt.verbose )
+ putc( '\n', stderr );
+ }
+ else {
+ /* read, so that the filter can calculate the digest */
+ while( iobuf_get(inp) != -1 )
+ ;
+ }
+ }
+ else {
+ rc = write_plaintext_packet (out, inp, fname,
+ opt.textmode && !outfile ? 't':'b');
+ }
+
+ /* catch errors from above */
+ if (rc)
+ goto leave;
+
+ /* write the signatures */
+ rc = write_signature_packets (sk_list, out, mfx.md,
+ opt.textmode && !outfile? 0x01 : 0x00,
+ 0, duration, detached ? 'D':'S');
+ if( rc )
+ goto leave;
+
+
+ leave:
+ if( rc )
+ iobuf_cancel(out);
+ else {
+ iobuf_close(out);
+ if (encryptflag)
+ write_status( STATUS_END_ENCRYPTION );
+ }
+ iobuf_close(inp);
+ gcry_md_close ( mfx.md );
+ release_sk_list( sk_list );
+ release_pk_list( pk_list );
+ recipient_digest_algo=0;
+ release_progress_context (pfx);
+ release_armor_context (afx);
+ return rc;
+}
+
+
+
+/****************
+ * make a clear signature. note that opt.armor is not needed
+ */
+int
+clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
+{
+ armor_filter_context_t *afx;
+ progress_filter_context_t *pfx;
+ gcry_md_hd_t textmd = NULL;
+ IOBUF inp = NULL, out = NULL;
+ PACKET pkt;
+ int rc = 0;
+ SK_LIST sk_list = NULL;
+ SK_LIST sk_rover = NULL;
+ int old_style = RFC1991;
+ int only_md5 = 0;
+ u32 duration=0;
+
+ pfx = new_progress_context ();
+ afx = new_armor_context ();
+ init_packet( &pkt );
+
+ if(!opt.force_v3_sigs && !RFC1991)
+ {
+ if(opt.ask_sig_expire && !opt.batch)
+ duration=ask_expire_interval(1,opt.def_sig_expire);
+ else
+ duration=parse_expire_string(opt.def_sig_expire);
+ }
+
+ if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
+ goto leave;
+
+ if( !old_style && !duration )
+ old_style = only_old_style( sk_list );
+
+ if(PGP2 && !only_old_style(sk_list))
+ {
+ log_info(_("you can only clearsign with PGP 2.x style keys "
+ "while in --pgp2 mode\n"));
+ compliance_failure();
+ }
+
+ /* prepare iobufs */
+ inp = iobuf_open(fname);
+ if (inp && is_secured_file (iobuf_get_fd (inp)))
+ {
+ iobuf_close (inp);
+ inp = NULL;
+ errno = EPERM;
+ }
+ if( !inp ) {
+ rc = gpg_error_from_syserror ();
+ log_error (_("can't open `%s': %s\n"),
+ fname? fname: "[stdin]", strerror(errno) );
+ goto leave;
+ }
+ handle_progress (pfx, inp, fname);
+
+ if( outfile ) {
+ if (is_secured_filename (outfile) ) {
+ outfile = NULL;
+ errno = EPERM;
+ }
+ else
+ out = iobuf_create( outfile );
+ if( !out )
+ {
+ rc = gpg_error_from_syserror ();
+ log_error(_("can't create `%s': %s\n"), outfile, strerror(errno) );
+ goto leave;
+ }
+ else if( opt.verbose )
+ log_info(_("writing to `%s'\n"), outfile );
+ }
+ else if( (rc = open_outfile( fname, 1, &out )) )
+ goto leave;
+
+ iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF );
+
+ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+ PKT_secret_key *sk = sk_rover->sk;
+ if( hash_for(sk) == DIGEST_ALGO_MD5 )
+ only_md5 = 1;
+ else {
+ only_md5 = 0;
+ break;
+ }
+ }
+
+ if( !(old_style && only_md5) ) {
+ const char *s;
+ int any = 0;
+ byte hashs_seen[256];
+
+ memset( hashs_seen, 0, sizeof hashs_seen );
+ iobuf_writestr(out, "Hash: " );
+ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+ PKT_secret_key *sk = sk_rover->sk;
+ int i = hash_for(sk);
+
+ if( !hashs_seen[ i & 0xff ] ) {
+ s = gcry_md_algo_name ( i );
+ if( s ) {
+ hashs_seen[ i & 0xff ] = 1;
+ if( any )
+ iobuf_put(out, ',' );
+ iobuf_writestr(out, s );
+ any = 1;
+ }
+ }
+ }
+ assert(any);
+ iobuf_writestr(out, LF );
+ }
+
+ if( opt.not_dash_escaped )
+ iobuf_writestr( out,
+ "NotDashEscaped: You need GnuPG to verify this message" LF );
+ iobuf_writestr(out, LF );
+
+ if ( gcry_md_open (&textmd, 0, 0) )
+ BUG ();
+ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+ PKT_secret_key *sk = sk_rover->sk;
+ gcry_md_enable (textmd, hash_for(sk));
+ }
+ if ( DBG_HASHING )
+ gcry_md_start_debug ( textmd, "clearsign" );
+
+ copy_clearsig_text( out, inp, textmd, !opt.not_dash_escaped,
+ opt.escape_from, (old_style && only_md5) );
+ /* fixme: check for read errors */
+
+ /* now write the armor */
+ afx->what = 2;
+ push_armor_filter (afx, out);
+
+ /* write the signatures */
+ rc=write_signature_packets (sk_list, out, textmd, 0x01, 0, duration, 'C');
+ if( rc )
+ goto leave;
+
+ leave:
+ if( rc )
+ iobuf_cancel(out);
+ else
+ iobuf_close(out);
+ iobuf_close(inp);
+ gcry_md_close ( textmd );
+ release_sk_list( sk_list );
+ release_progress_context (pfx);
+ release_armor_context (afx);
+ return rc;
+}
+
+/*
+ * Sign and conventionally encrypt the given file.
+ * FIXME: Far too much code is duplicated - revamp the whole file.
+ */
+int
+sign_symencrypt_file (const char *fname, strlist_t locusr)
+{
+ armor_filter_context_t *afx;
+ progress_filter_context_t *pfx;
+ compress_filter_context_t zfx;
+ md_filter_context_t mfx;
+ text_filter_context_t tfx;
+ cipher_filter_context_t cfx;
+ IOBUF inp = NULL, out = NULL;
+ PACKET pkt;
+ STRING2KEY *s2k = NULL;
+ int rc = 0;
+ SK_LIST sk_list = NULL;
+ SK_LIST sk_rover = NULL;
+ int algo;
+ u32 duration=0;
+ int canceled;
+
+ pfx = new_progress_context ();
+ afx = new_armor_context ();
+ memset( &zfx, 0, sizeof zfx);
+ memset( &mfx, 0, sizeof mfx);
+ memset( &tfx, 0, sizeof tfx);
+ memset( &cfx, 0, sizeof cfx);
+ init_packet( &pkt );
+
+ if(!opt.force_v3_sigs && !RFC1991)
+ {
+ if(opt.ask_sig_expire && !opt.batch)
+ duration=ask_expire_interval(1,opt.def_sig_expire);
+ else
+ duration=parse_expire_string(opt.def_sig_expire);
+ }
+
+ rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);
+ if (rc)
+ goto leave;
+
+ /* prepare iobufs */
+ inp = iobuf_open(fname);
+ if (inp && is_secured_file (iobuf_get_fd (inp)))
+ {
+ iobuf_close (inp);
+ inp = NULL;
+ errno = EPERM;
+ }
+ if( !inp ) {
+ rc = gpg_error_from_syserror ();
+ log_error (_("can't open `%s': %s\n"),
+ fname? fname: "[stdin]", strerror(errno) );
+ goto leave;
+ }
+ handle_progress (pfx, inp, fname);
+
+ /* prepare key */
+ s2k = xmalloc_clear( sizeof *s2k );
+ s2k->mode = RFC1991? 0:opt.s2k_mode;
+ s2k->hash_algo = S2K_DIGEST_ALGO;
+
+ algo = default_cipher_algo();
+ if (!opt.quiet || !opt.batch)
+ log_info (_("%s encryption will be used\n"),
+ openpgp_cipher_algo_name (algo) );
+ cfx.dek = passphrase_to_dek( NULL, 0, algo, s2k, 2, NULL, &canceled);
+
+ if (!cfx.dek || !cfx.dek->keylen) {
+ rc = gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_BAD_PASSPHRASE);
+ log_error(_("error creating passphrase: %s\n"), gpg_strerror (rc) );
+ goto leave;
+ }
+
+ /* We have no way to tell if the recipient can handle messages
+ with an MDC, so this defaults to no. Perhaps in a few years,
+ this can be defaulted to yes. Note that like regular
+ encrypting, --force-mdc overrides --disable-mdc. */
+ if(opt.force_mdc)
+ cfx.dek->use_mdc=1;
+
+ /* now create the outfile */
+ rc = open_outfile (fname, opt.armor? 1:0, &out);
+ if (rc)
+ goto leave;
+
+ /* prepare to calculate the MD over the input */
+ if (opt.textmode)
+ iobuf_push_filter (inp, text_filter, &tfx);
+ if ( gcry_md_open (&mfx.md, 0, 0) )
+ BUG ();
+ if ( DBG_HASHING )
+ gcry_md_start_debug (mfx.md, "symc-sign");
+
+ for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) {
+ PKT_secret_key *sk = sk_rover->sk;
+ gcry_md_enable (mfx.md, hash_for (sk));
+ }
+
+ iobuf_push_filter (inp, md_filter, &mfx);
+
+ /* Push armor output filter */
+ if (opt.armor)
+ push_armor_filter (afx, out);
+
+ /* Write the symmetric key packet */
+ /*(current filters: armor)*/
+ if (!RFC1991) {
+ PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc );
+ enc->version = 4;
+ enc->cipher_algo = cfx.dek->algo;
+ enc->s2k = *s2k;
+ pkt.pkttype = PKT_SYMKEY_ENC;
+ pkt.pkt.symkey_enc = enc;
+ if( (rc = build_packet( out, &pkt )) )
+ log_error("build symkey packet failed: %s\n", g10_errstr(rc) );
+ xfree(enc);
+ }
+
+ /* Push the encryption filter */
+ iobuf_push_filter( out, cipher_filter, &cfx );
+
+ /* Push the compress filter */
+ if (default_compress_algo())
+ push_compress_filter(out,&zfx,default_compress_algo());
+
+ /* Write the one-pass signature packets */
+ /*(current filters: zip - encrypt - armor)*/
+ if (!RFC1991) {
+ rc = write_onepass_sig_packets (sk_list, out,
+ opt.textmode? 0x01:0x00);
+ if (rc)
+ goto leave;
+ }
+
+ write_status_begin_signing (mfx.md);
+
+ /* Pipe data through all filters; i.e. write the signed stuff */
+ /*(current filters: zip - encrypt - armor)*/
+ rc = write_plaintext_packet (out, inp, fname, opt.textmode ? 't':'b');
+ if (rc)
+ goto leave;
+
+ /* Write the signatures */
+ /*(current filters: zip - encrypt - armor)*/
+ rc = write_signature_packets (sk_list, out, mfx.md,
+ opt.textmode? 0x01 : 0x00,
+ 0, duration, 'S');
+ if( rc )
+ goto leave;
+
+
+ leave:
+ if( rc )
+ iobuf_cancel(out);
+ else {
+ iobuf_close(out);
+ write_status( STATUS_END_ENCRYPTION );
+ }
+ iobuf_close(inp);
+ release_sk_list( sk_list );
+ gcry_md_close( mfx.md );
+ xfree(cfx.dek);
+ xfree(s2k);
+ release_progress_context (pfx);
+ release_armor_context (afx);
+ return rc;
+}
+
+
+/****************
+ * Create a signature packet for the given public key certificate and
+ * the user id and return it in ret_sig. User signature class SIGCLASS
+ * user-id is not used (and may be NULL if sigclass is 0x20) If
+ * DIGEST_ALGO is 0 the function selects an appropriate one.
+ * SIGVERSION gives the minimal required signature packet version;
+ * this is needed so that special properties like local sign are not
+ * applied (actually: dropped) when a v3 key is used. TIMESTAMP is
+ * the timestamp to use for the signature. 0 means "now" */
+int
+make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
+ PKT_user_id *uid, PKT_public_key *subpk,
+ PKT_secret_key *sk,
+ int sigclass, int digest_algo,
+ int sigversion, u32 timestamp, u32 duration,
+ int (*mksubpkt)(PKT_signature *, void *), void *opaque
+ )
+{
+ PKT_signature *sig;
+ int rc=0;
+ gcry_md_hd_t md;
+
+ assert( (sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F
+ || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19
+ || sigclass == 0x30 || sigclass == 0x28 );
+
+ if (opt.force_v4_certs)
+ sigversion = 4;
+
+ if (sigversion < sk->version)
+ sigversion = sk->version;
+
+ /* If you are making a signature on a v4 key using your v3 key, it
+ doesn't make sense to generate a v3 sig. After all, no v3-only
+ PGP implementation could understand the v4 key in the first
+ place. Note that this implies that a signature on an attribute
+ uid is usually going to be v4 as well, since they are not
+ generally found on v3 keys. */
+ if (sigversion < pk->version)
+ sigversion = pk->version;
+
+ if( !digest_algo )
+ {
+ /* Basically, this means use SHA1 always unless it's a v3 RSA
+ key making a v3 cert (use MD5), or the user specified
+ something (use whatever they said), or it's DSA (use the
+ best match). They still can't pick an inappropriate hash
+ for DSA or the signature will fail. Note that this still
+ allows the caller of make_keysig_packet to override the
+ user setting if it must. */
+
+ if(opt.cert_digest_algo)
+ digest_algo=opt.cert_digest_algo;
+ else if(sk->pubkey_algo==PUBKEY_ALGO_RSA
+ && pk->version<4 && sigversion<4)
+ digest_algo = DIGEST_ALGO_MD5;
+ else if(sk->pubkey_algo==PUBKEY_ALGO_DSA)
+ digest_algo = match_dsa_hash (gcry_mpi_get_nbits (sk->skey[1])/8);
+ else
+ digest_algo = DIGEST_ALGO_SHA1;
+ }
+
+ if ( gcry_md_open (&md, digest_algo, 0 ) )
+ BUG ();
+
+ /* Hash the public key certificate. */
+ hash_public_key( md, pk );
+
+ if( sigclass == 0x18 || sigclass == 0x19 || sigclass == 0x28 )
+ {
+ /* hash the subkey binding/backsig/revocation */
+ hash_public_key( md, subpk );
+ }
+ else if( sigclass != 0x1F && sigclass != 0x20 )
+ {
+ /* hash the user id */
+ hash_uid (md, sigversion, uid);
+ }
+ /* and make the signature packet */
+ sig = xmalloc_clear( sizeof *sig );
+ sig->version = sigversion;
+ sig->flags.exportable=1;
+ sig->flags.revocable=1;
+ keyid_from_sk( sk, sig->keyid );
+ sig->pubkey_algo = sk->pubkey_algo;
+ sig->digest_algo = digest_algo;
+ if(timestamp)
+ sig->timestamp=timestamp;
+ else
+ sig->timestamp=make_timestamp();
+ if(duration)
+ sig->expiredate=sig->timestamp+duration;
+ sig->sig_class = sigclass;
+ if( sig->version >= 4 )
+ {
+ build_sig_subpkt_from_sig( sig );
+ mk_notation_policy_etc( sig, pk, sk );
+ }
+
+ /* Crucial that the call to mksubpkt comes LAST before the calls
+ to finalize the sig as that makes it possible for the mksubpkt
+ function to get a reliable pointer to the subpacket area. */
+ if( sig->version >= 4 && mksubpkt )
+ rc = (*mksubpkt)( sig, opaque );
+
+ if( !rc ) {
+ hash_sigversion_to_magic (md, sig);
+ gcry_md_final (md);
+
+ rc = complete_sig( sig, sk, md );
+ }
+
+ gcry_md_close ( md );
+ if( rc )
+ free_seckey_enc( sig );
+ else
+ *ret_sig = sig;
+ return rc;
+}
+
+
+
+/****************
+ * Create a new signature packet based on an existing one.
+ * Only user ID signatures are supported for now.
+ * TODO: Merge this with make_keysig_packet.
+ */
+int
+update_keysig_packet( PKT_signature **ret_sig,
+ PKT_signature *orig_sig,
+ PKT_public_key *pk,
+ PKT_user_id *uid,
+ PKT_public_key *subpk,
+ PKT_secret_key *sk,
+ int (*mksubpkt)(PKT_signature *, void *),
+ void *opaque )
+{
+ PKT_signature *sig;
+ int rc=0, digest_algo;
+ gcry_md_hd_t md;
+
+ if ((!orig_sig || !pk || !sk)
+ || (orig_sig->sig_class >= 0x10 && orig_sig->sig_class <= 0x13 && !uid)
+ || (orig_sig->sig_class == 0x18 && !subpk))
+ return G10ERR_GENERAL;
+
+ if ( opt.cert_digest_algo )
+ digest_algo = opt.cert_digest_algo;
+ else
+ digest_algo = orig_sig->digest_algo;
+
+ if ( gcry_md_open (&md, orig_sig->digest_algo, 0 ) )
+ BUG ();
+
+ /* Hash the public key certificate and the user id. */
+ hash_public_key( md, pk );
+
+ if( orig_sig->sig_class == 0x18 )
+ hash_public_key( md, subpk );
+ else
+ hash_uid (md, orig_sig->version, uid);
+
+ /* create a new signature packet */
+ sig = copy_signature (NULL, orig_sig);
+
+ /* We need to create a new timestamp so that new sig expiration
+ calculations are done correctly... */
+ sig->timestamp=make_timestamp();
+
+ /* ... but we won't make a timestamp earlier than the existing
+ one. */
+ while(sig->timestamp<=orig_sig->timestamp)
+ {
+ gnupg_sleep (1);
+ sig->timestamp=make_timestamp();
+ }
+
+ /* Note that already expired sigs will remain expired (with a
+ duration of 1) since build-packet.c:build_sig_subpkt_from_sig
+ detects this case. */
+
+ if( sig->version >= 4 )
+ {
+ /* Put the updated timestamp into the sig. Note that this
+ will automagically lower any sig expiration dates to
+ correctly correspond to the differences in the timestamps
+ (i.e. the duration will shrink). */
+ build_sig_subpkt_from_sig( sig );
+
+ if (mksubpkt)
+ rc = (*mksubpkt)(sig, opaque);
+ }
+
+ if (!rc) {
+ hash_sigversion_to_magic (md, sig);
+ gcry_md_final (md);
+
+ rc = complete_sig( sig, sk, md );
+ }
+
+ gcry_md_close (md);
+ if( rc )
+ free_seckey_enc (sig);
+ else
+ *ret_sig = sig;
+ return rc;
+}
diff --git a/g10/skclist.c b/g10/skclist.c
new file mode 100644
index 0000000..70b375a
--- /dev/null
+++ b/g10/skclist.c
@@ -0,0 +1,256 @@
+/* skclist.c - Build a list of secret keys
+ * Copyright (C) 1998, 1999, 2000, 2001, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "packet.h"
+#include "status.h"
+#include "keydb.h"
+#include "util.h"
+#include "i18n.h"
+#include "cipher.h"
+
+#ifndef GCRYCTL_FAKED_RANDOM_P
+#define GCRYCTL_FAKED_RANDOM_P 51
+#endif
+
+/* Return true if Libgcrypt's RNG is in faked mode. */
+int
+random_is_faked (void)
+{
+ return !!gcry_control ( GCRYCTL_FAKED_RANDOM_P, 0);
+}
+
+
+
+void
+release_sk_list( SK_LIST sk_list )
+{
+ SK_LIST sk_rover;
+
+ for( ; sk_list; sk_list = sk_rover ) {
+ sk_rover = sk_list->next;
+ free_secret_key( sk_list->sk );
+ xfree( sk_list );
+ }
+}
+
+
+/* Check that we are only using keys which don't have
+ * the string "(insecure!)" or "not secure" or "do not use"
+ * in one of the user ids
+ */
+static int
+is_insecure( PKT_secret_key *sk )
+{
+ u32 keyid[2];
+ KBNODE node = NULL, u;
+ int insecure = 0;
+
+ keyid_from_sk( sk, keyid );
+ node = get_pubkeyblock( keyid );
+ for ( u = node; u; u = u->next ) {
+ if ( u->pkt->pkttype == PKT_USER_ID ) {
+ PKT_user_id *id = u->pkt->pkt.user_id;
+ if ( id->attrib_data )
+ continue; /* skip attribute packets */
+ if ( strstr( id->name, "(insecure!)" )
+ || strstr( id->name, "not secure" )
+ || strstr( id->name, "do not use" )
+ || strstr( id->name, "(INSECURE!)" ) ) {
+ insecure = 1;
+ break;
+ }
+ }
+ }
+ release_kbnode( node );
+
+ return insecure;
+}
+
+static int
+key_present_in_sk_list(SK_LIST sk_list, PKT_secret_key *sk)
+{
+ for (; sk_list; sk_list = sk_list->next) {
+ if ( !cmp_secret_keys(sk_list->sk, sk) )
+ return 0;
+ }
+ return -1;
+}
+
+static int
+is_duplicated_entry (strlist_t list, strlist_t item)
+{
+ for(; list && list != item; list = list->next) {
+ if ( !strcmp (list->d, item->d) )
+ return 1;
+ }
+ return 0;
+}
+
+
+int
+build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
+ int unlock, unsigned int use )
+{
+ SK_LIST sk_list = NULL;
+ int rc;
+
+ if( !locusr )
+ { /* use the default one */
+ PKT_secret_key *sk;
+
+ sk = xmalloc_clear( sizeof *sk );
+ sk->req_usage = use;
+ if( (rc = get_seckey_byname( sk, NULL, unlock )) ) {
+ free_secret_key( sk ); sk = NULL;
+ log_error("no default secret key: %s\n", g10_errstr(rc) );
+ write_status_text (STATUS_INV_SGNR,
+ get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY));
+ }
+ else if( !(rc=openpgp_pk_test_algo2 (sk->pubkey_algo, use)) )
+ {
+ SK_LIST r;
+
+ if( random_is_faked() && !is_insecure( sk ) )
+ {
+ log_info(_("key is not flagged as insecure - "
+ "can't use it with the faked RNG!\n"));
+ free_secret_key( sk ); sk = NULL;
+ write_status_text (STATUS_INV_SGNR,
+ get_inv_recpsgnr_code (GPG_ERR_NOT_TRUSTED));
+ }
+ else
+ {
+ r = xmalloc( sizeof *r );
+ r->sk = sk; sk = NULL;
+ r->next = sk_list;
+ r->mark = 0;
+ sk_list = r;
+ }
+ }
+ else
+ {
+ free_secret_key( sk ); sk = NULL;
+ log_error("invalid default secret key: %s\n", g10_errstr(rc) );
+ write_status_text (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc));
+ }
+ }
+ else {
+ strlist_t locusr_orig = locusr;
+ for(; locusr; locusr = locusr->next ) {
+ PKT_secret_key *sk;
+
+ rc = 0;
+ /* Do an early check agains duplicated entries. However this
+ * won't catch all duplicates because the user IDs may be
+ * specified in different ways.
+ */
+ if ( is_duplicated_entry ( locusr_orig, locusr ) )
+ {
+ log_info (_("skipped \"%s\": duplicated\n"), locusr->d );
+ continue;
+ }
+ sk = xmalloc_clear( sizeof *sk );
+ sk->req_usage = use;
+ if( (rc = get_seckey_byname( sk, locusr->d, 0 )) )
+ {
+ free_secret_key( sk ); sk = NULL;
+ log_error(_("skipped \"%s\": %s\n"),
+ locusr->d, g10_errstr(rc) );
+ write_status_text_and_buffer
+ (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc),
+ locusr->d, strlen (locusr->d), -1);
+ }
+ else if ( key_present_in_sk_list(sk_list, sk) == 0) {
+ free_secret_key(sk); sk = NULL;
+ log_info(_("skipped: secret key already present\n"));
+ }
+ else if ( unlock && (rc = check_secret_key( sk, 0 )) )
+ {
+ free_secret_key( sk ); sk = NULL;
+ log_error(_("skipped \"%s\": %s\n"),
+ locusr->d, g10_errstr(rc) );
+ write_status_text_and_buffer
+ (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc),
+ locusr->d, strlen (locusr->d), -1);
+ }
+ else if( !(rc=openpgp_pk_test_algo2 (sk->pubkey_algo, use)) ) {
+ SK_LIST r;
+
+ if( sk->version == 4 && (use & PUBKEY_USAGE_SIG)
+ && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E )
+ {
+ log_info(_("skipped \"%s\": %s\n"),locusr->d,
+ _("this is a PGP generated Elgamal key which"
+ " is not secure for signatures!"));
+ free_secret_key( sk ); sk = NULL;
+ write_status_text_and_buffer
+ (STATUS_INV_SGNR,
+ get_inv_recpsgnr_code (GPG_ERR_WRONG_KEY_USAGE),
+ locusr->d, strlen (locusr->d), -1);
+ }
+ else if( random_is_faked() && !is_insecure( sk ) ) {
+ log_info(_("key is not flagged as insecure - "
+ "can't use it with the faked RNG!\n"));
+ free_secret_key( sk ); sk = NULL;
+ write_status_text_and_buffer
+ (STATUS_INV_SGNR,
+ get_inv_recpsgnr_code (GPG_ERR_NOT_TRUSTED),
+ locusr->d, strlen (locusr->d), -1);
+ }
+ else {
+ r = xmalloc( sizeof *r );
+ r->sk = sk; sk = NULL;
+ r->next = sk_list;
+ r->mark = 0;
+ sk_list = r;
+ }
+ }
+ else {
+ free_secret_key( sk ); sk = NULL;
+ log_error("skipped \"%s\": %s\n", locusr->d, g10_errstr(rc) );
+ write_status_text_and_buffer
+ (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc),
+ locusr->d, strlen (locusr->d), -1);
+ }
+ }
+ }
+
+
+ if( !rc && !sk_list ) {
+ log_error("no valid signators\n");
+ write_status_text (STATUS_NO_SGNR, "0");
+ rc = G10ERR_NO_USER_ID;
+ }
+
+ if( rc )
+ release_sk_list( sk_list );
+ else
+ *ret_sk_list = sk_list;
+ return rc;
+}
+
diff --git a/g10/t-rmd160.c b/g10/t-rmd160.c
new file mode 100644
index 0000000..d48e3f2
--- /dev/null
+++ b/g10/t-rmd160.c
@@ -0,0 +1,92 @@
+/* t-rmd160.c - Module test for rmd160.c
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "rmd160.h"
+
+#define pass() do { ; } while(0)
+#define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\
+ __FILE__,__LINE__, (a)); \
+ exit (1); \
+ } while(0)
+
+static void
+run_test (void)
+{
+ static struct
+ {
+ const char *data;
+ const char *expect;
+ } testtbl[] =
+ {
+ { "",
+ "\x9c\x11\x85\xa5\xc5\xe9\xfc\x54\x61\x28"
+ "\x08\x97\x7e\xe8\xf5\x48\xb2\x25\x8d\x31" },
+ { "a",
+ "\x0b\xdc\x9d\x2d\x25\x6b\x3e\xe9\xda\xae"
+ "\x34\x7b\xe6\xf4\xdc\x83\x5a\x46\x7f\xfe" },
+ { "abc",
+ "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04"
+ "\x4a\x8e\x98\xc6\xb0\x87\xf1\x5a\x0b\xfc" },
+ { "message digest",
+ "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8"
+ "\x81\xb1\x23\xa8\x5f\xfa\x21\x59\x5f\x36" },
+ { "abcdefghijklmnopqrstuvwxyz",
+ "\xf7\x1c\x27\x10\x9c\x69\x2c\x1b\x56\xbb"
+ "\xdc\xeb\x5b\x9d\x28\x65\xb3\x70\x8d\xbc" },
+ { "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789",
+ "\xb0\xe2\x0b\x6e\x31\x16\x64\x02\x86\xed"
+ "\x3a\x87\xa5\x71\x30\x79\xb2\x1f\x51\x89" },
+ { "1234567890" "1234567890" "1234567890" "1234567890"
+ "1234567890" "1234567890" "1234567890" "1234567890",
+ "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb"
+ "\xd3\x32\x3c\xab\x82\xbf\x63\x32\x6b\xfb" },
+
+ { NULL, NULL }
+ };
+ int idx;
+ char digest[20];
+
+ for (idx=0; testtbl[idx].data; idx++)
+ {
+ rmd160_hash_buffer (digest,
+ testtbl[idx].data, strlen(testtbl[idx].data));
+ if (memcmp (digest, testtbl[idx].expect, 20))
+ fail (idx);
+ }
+}
+
+
+int
+main (int argc, char **argv)
+{
+ (void)argc;
+ (void)argv;
+
+ run_test ();
+
+ return 0;
+}
+
diff --git a/g10/tdbdump.c b/g10/tdbdump.c
new file mode 100644
index 0000000..4c3b888
--- /dev/null
+++ b/g10/tdbdump.c
@@ -0,0 +1,234 @@
+/* tdbdump.c
+ * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <ctype.h>
+#include <assert.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include "gpg.h"
+#include "status.h"
+#include "iobuf.h"
+#include "keydb.h"
+#include "util.h"
+#include "trustdb.h"
+#include "options.h"
+#include "packet.h"
+#include "main.h"
+#include "i18n.h"
+#include "tdbio.h"
+
+
+#define HEXTOBIN(x) ( (x) >= '0' && (x) <= '9' ? ((x)-'0') : \
+ (x) >= 'A' && (x) <= 'F' ? ((x)-'A'+10) : ((x)-'a'+10))
+
+
+/****************
+ * Wirte a record but die on error
+ */
+static void
+write_record( TRUSTREC *rec )
+{
+ int rc = tdbio_write_record( rec );
+ if( !rc )
+ return;
+ log_error(_("trust record %lu, type %d: write failed: %s\n"),
+ rec->recnum, rec->rectype, g10_errstr(rc) );
+ tdbio_invalid();
+}
+
+
+/****************
+ * Dump the entire trustdb or only the entries of one key.
+ */
+void
+list_trustdb( const char *username )
+{
+ TRUSTREC rec;
+
+ (void)username;
+
+ init_trustdb();
+ /* For now we ignore the user ID. */
+ if (1)
+ {
+ ulong recnum;
+ int i;
+
+ printf("TrustDB: %s\n", tdbio_get_dbname() );
+ for(i=9+strlen(tdbio_get_dbname()); i > 0; i-- )
+ putchar('-');
+ putchar('\n');
+ for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ )
+ tdbio_dump_record( &rec, stdout );
+ }
+}
+
+
+
+
+
+/****************
+ * Print a list of all defined owner trust value.
+ */
+void
+export_ownertrust()
+{
+ TRUSTREC rec;
+ ulong recnum;
+ int i;
+ byte *p;
+
+ init_trustdb();
+ printf(_("# List of assigned trustvalues, created %s\n"
+ "# (Use \"gpg --import-ownertrust\" to restore them)\n"),
+ asctimestamp( make_timestamp() ) );
+ for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) {
+ if( rec.rectype == RECTYPE_TRUST ) {
+ if( !rec.r.trust.ownertrust )
+ continue;
+ p = rec.r.trust.fingerprint;
+ for(i=0; i < 20; i++, p++ )
+ printf("%02X", *p );
+ printf(":%u:\n", (unsigned int)rec.r.trust.ownertrust );
+ }
+ }
+}
+
+
+void
+import_ownertrust( const char *fname )
+{
+ FILE *fp;
+ int is_stdin=0;
+ char line[256];
+ char *p;
+ size_t n, fprlen;
+ unsigned int otrust;
+ byte fpr[20];
+ int any = 0;
+ int rc;
+
+ init_trustdb();
+ if( iobuf_is_pipe_filename (fname) ) {
+ fp = stdin;
+ fname = "[stdin]";
+ is_stdin = 1;
+ }
+ else if( !(fp = fopen( fname, "r" )) ) {
+ log_error ( _("can't open `%s': %s\n"), fname, strerror(errno) );
+ return;
+ }
+
+ if (is_secured_file (fileno (fp)))
+ {
+ fclose (fp);
+ errno = EPERM;
+ log_error (_("can't open `%s': %s\n"), fname, strerror(errno) );
+ return;
+ }
+
+ while( fgets( line, DIM(line)-1, fp ) ) {
+ TRUSTREC rec;
+
+ if( !*line || *line == '#' )
+ continue;
+ n = strlen(line);
+ if( line[n-1] != '\n' ) {
+ log_error (_("error in `%s': %s\n"), fname, _("line too long") );
+ /* ... or last line does not have a LF */
+ break; /* can't continue */
+ }
+ for(p = line; *p && *p != ':' ; p++ )
+ if( !hexdigitp(p) )
+ break;
+ if( *p != ':' ) {
+ log_error (_("error in `%s': %s\n"), fname, _("colon missing") );
+ continue;
+ }
+ fprlen = p - line;
+ if( fprlen != 32 && fprlen != 40 ) {
+ log_error (_("error in `%s': %s\n"),
+ fname, _("invalid fingerprint") );
+ continue;
+ }
+ if( sscanf(p, ":%u:", &otrust ) != 1 ) {
+ log_error (_("error in `%s': %s\n"),
+ fname, _("ownertrust value missing"));
+ continue;
+ }
+ if( !otrust )
+ continue; /* no otrust defined - no need to update or insert */
+ /* convert the ascii fingerprint to binary */
+ for(p=line, fprlen=0; fprlen < 20 && *p != ':'; p += 2 )
+ fpr[fprlen++] = HEXTOBIN(p[0]) * 16 + HEXTOBIN(p[1]);
+ while (fprlen < 20)
+ fpr[fprlen++] = 0;
+
+ rc = tdbio_search_trust_byfpr (fpr, &rec);
+ if( !rc ) { /* found: update */
+ if (rec.r.trust.ownertrust != otrust)
+ {
+ if( rec.r.trust.ownertrust )
+ log_info("changing ownertrust from %u to %u\n",
+ rec.r.trust.ownertrust, otrust );
+ else
+ log_info("setting ownertrust to %u\n", otrust );
+ rec.r.trust.ownertrust = otrust;
+ write_record (&rec );
+ any = 1;
+ }
+ }
+ else if( rc == -1 ) { /* not found: insert */
+ log_info("inserting ownertrust of %u\n", otrust );
+ memset (&rec, 0, sizeof rec);
+ rec.recnum = tdbio_new_recnum ();
+ rec.rectype = RECTYPE_TRUST;
+ memcpy (rec.r.trust.fingerprint, fpr, 20);
+ rec.r.trust.ownertrust = otrust;
+ write_record (&rec );
+ any = 1;
+ }
+ else /* error */
+ log_error (_("error finding trust record in `%s': %s\n"),
+ fname, g10_errstr(rc));
+ }
+ if( ferror(fp) )
+ log_error ( _("read error in `%s': %s\n"), fname, strerror(errno) );
+ if( !is_stdin )
+ fclose(fp);
+
+ if (any)
+ {
+ revalidation_mark ();
+ rc = tdbio_sync ();
+ if (rc)
+ log_error (_("trustdb: sync failed: %s\n"), g10_errstr(rc) );
+ }
+
+}
+
+
diff --git a/g10/tdbio.c b/g10/tdbio.c
new file mode 100644
index 0000000..3e6091c
--- /dev/null
+++ b/g10/tdbio.c
@@ -0,0 +1,1516 @@
+/* tdbio.c - trust database I/O operations
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2012 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include "gpg.h"
+#include "status.h"
+#include "iobuf.h"
+#include "util.h"
+#include "options.h"
+#include "main.h"
+#include "i18n.h"
+#include "trustdb.h"
+#include "tdbio.h"
+
+#if defined(HAVE_DOSISH_SYSTEM)
+#define ftruncate chsize
+#endif
+
+#if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
+#define MY_O_BINARY O_BINARY
+#else
+#define MY_O_BINARY 0
+#endif
+
+
+/****************
+ * Yes, this is a very simple implementation. We should really
+ * use a page aligned buffer and read complete pages.
+ * To implement a simple trannsaction system, this is sufficient.
+ */
+typedef struct cache_ctrl_struct *CACHE_CTRL;
+struct cache_ctrl_struct {
+ CACHE_CTRL next;
+ struct {
+ unsigned used:1;
+ unsigned dirty:1;
+ } flags;
+ ulong recno;
+ char data[TRUST_RECORD_LEN];
+};
+
+#define MAX_CACHE_ENTRIES_SOFT 200 /* may be increased while in a */
+#define MAX_CACHE_ENTRIES_HARD 10000 /* transaction to this one */
+static CACHE_CTRL cache_list;
+static int cache_entries;
+static int cache_is_dirty;
+
+/* a type used to pass infomation to cmp_krec_fpr */
+struct cmp_krec_fpr_struct {
+ int pubkey_algo;
+ const char *fpr;
+ int fprlen;
+};
+
+/* a type used to pass infomation to cmp_[s]dir */
+struct cmp_xdir_struct {
+ int pubkey_algo;
+ u32 keyid[2];
+};
+
+
+static char *db_name;
+static DOTLOCK lockhandle;
+static int is_locked;
+static int db_fd = -1;
+static int in_transaction;
+
+static void open_db(void);
+
+
+
+/*************************************
+ ************* record cache **********
+ *************************************/
+
+/****************
+ * Get the data from therecord cache and return a
+ * pointer into that cache. Caller should copy
+ * the return data. NULL is returned on a cache miss.
+ */
+static const char *
+get_record_from_cache( ulong recno )
+{
+ CACHE_CTRL r;
+
+ for( r = cache_list; r; r = r->next ) {
+ if( r->flags.used && r->recno == recno )
+ return r->data;
+ }
+ return NULL;
+}
+
+
+static int
+write_cache_item( CACHE_CTRL r )
+{
+ gpg_error_t err;
+ int n;
+
+ if( lseek( db_fd, r->recno * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
+ err = gpg_error_from_syserror ();
+ log_error(_("trustdb rec %lu: lseek failed: %s\n"),
+ r->recno, strerror(errno) );
+ return err;
+ }
+ n = write( db_fd, r->data, TRUST_RECORD_LEN);
+ if( n != TRUST_RECORD_LEN ) {
+ err = gpg_error_from_syserror ();
+ log_error(_("trustdb rec %lu: write failed (n=%d): %s\n"),
+ r->recno, n, strerror(errno) );
+ return err;
+ }
+ r->flags.dirty = 0;
+ return 0;
+}
+
+/****************
+ * Put data into the cache. This function may flush the
+ * some cache entries if there is not enough space available.
+ */
+int
+put_record_into_cache( ulong recno, const char *data )
+{
+ CACHE_CTRL r, unused;
+ int dirty_count = 0;
+ int clean_count = 0;
+
+ /* see whether we already cached this one */
+ for( unused = NULL, r = cache_list; r; r = r->next ) {
+ if( !r->flags.used ) {
+ if( !unused )
+ unused = r;
+ }
+ else if( r->recno == recno ) {
+ if( !r->flags.dirty ) {
+ /* Hmmm: should we use a a copy and compare? */
+ if( memcmp(r->data, data, TRUST_RECORD_LEN ) ) {
+ r->flags.dirty = 1;
+ cache_is_dirty = 1;
+ }
+ }
+ memcpy( r->data, data, TRUST_RECORD_LEN );
+ return 0;
+ }
+ if( r->flags.used ) {
+ if( r->flags.dirty )
+ dirty_count++;
+ else
+ clean_count++;
+ }
+ }
+ /* not in the cache: add a new entry */
+ if( unused ) { /* reuse this entry */
+ r = unused;
+ r->flags.used = 1;
+ r->recno = recno;
+ memcpy( r->data, data, TRUST_RECORD_LEN );
+ r->flags.dirty = 1;
+ cache_is_dirty = 1;
+ cache_entries++;
+ return 0;
+ }
+ /* see whether we reached the limit */
+ if( cache_entries < MAX_CACHE_ENTRIES_SOFT ) { /* no */
+ r = xmalloc( sizeof *r );
+ r->flags.used = 1;
+ r->recno = recno;
+ memcpy( r->data, data, TRUST_RECORD_LEN );
+ r->flags.dirty = 1;
+ r->next = cache_list;
+ cache_list = r;
+ cache_is_dirty = 1;
+ cache_entries++;
+ return 0;
+ }
+ /* cache is full: discard some clean entries */
+ if( clean_count ) {
+ int n = clean_count / 3; /* discard a third of the clean entries */
+ if( !n )
+ n = 1;
+ for( unused = NULL, r = cache_list; r; r = r->next ) {
+ if( r->flags.used && !r->flags.dirty ) {
+ if( !unused )
+ unused = r;
+ r->flags.used = 0;
+ cache_entries--;
+ if( !--n )
+ break;
+ }
+ }
+ assert( unused );
+ r = unused;
+ r->flags.used = 1;
+ r->recno = recno;
+ memcpy( r->data, data, TRUST_RECORD_LEN );
+ r->flags.dirty = 1;
+ cache_is_dirty = 1;
+ cache_entries++;
+ return 0;
+ }
+ /* no clean entries: have to flush some dirty entries */
+ if( in_transaction ) {
+ /* but we can't do this while in a transaction
+ * we increase the cache size instead */
+ if( cache_entries < MAX_CACHE_ENTRIES_HARD ) { /* no */
+ if( opt.debug && !(cache_entries % 100) )
+ log_debug("increasing tdbio cache size\n");
+ r = xmalloc( sizeof *r );
+ r->flags.used = 1;
+ r->recno = recno;
+ memcpy( r->data, data, TRUST_RECORD_LEN );
+ r->flags.dirty = 1;
+ r->next = cache_list;
+ cache_list = r;
+ cache_is_dirty = 1;
+ cache_entries++;
+ return 0;
+ }
+ log_info(_("trustdb transaction too large\n"));
+ return G10ERR_RESOURCE_LIMIT;
+ }
+ if( dirty_count ) {
+ int n = dirty_count / 5; /* discard some dirty entries */
+ if( !n )
+ n = 1;
+ if( !is_locked ) {
+ if( make_dotlock( lockhandle, -1 ) )
+ log_fatal("can't acquire lock - giving up\n");
+ else
+ is_locked = 1;
+ }
+ for( unused = NULL, r = cache_list; r; r = r->next ) {
+ if( r->flags.used && r->flags.dirty ) {
+ int rc = write_cache_item( r );
+ if( rc )
+ return rc;
+ if( !unused )
+ unused = r;
+ r->flags.used = 0;
+ cache_entries--;
+ if( !--n )
+ break;
+ }
+ }
+ if( !opt.lock_once ) {
+ if( !release_dotlock( lockhandle ) )
+ is_locked = 0;
+ }
+ assert( unused );
+ r = unused;
+ r->flags.used = 1;
+ r->recno = recno;
+ memcpy( r->data, data, TRUST_RECORD_LEN );
+ r->flags.dirty = 1;
+ cache_is_dirty = 1;
+ cache_entries++;
+ return 0;
+ }
+ BUG();
+}
+
+
+int
+tdbio_is_dirty()
+{
+ return cache_is_dirty;
+}
+
+
+/****************
+ * Flush the cache. This cannot be used while in a transaction.
+ */
+int
+tdbio_sync()
+{
+ CACHE_CTRL r;
+ int did_lock = 0;
+
+ if( db_fd == -1 )
+ open_db();
+ if( in_transaction )
+ log_bug("tdbio: syncing while in transaction\n");
+
+ if( !cache_is_dirty )
+ return 0;
+
+ if( !is_locked ) {
+ if( make_dotlock( lockhandle, -1 ) )
+ log_fatal("can't acquire lock - giving up\n");
+ else
+ is_locked = 1;
+ did_lock = 1;
+ }
+ for( r = cache_list; r; r = r->next ) {
+ if( r->flags.used && r->flags.dirty ) {
+ int rc = write_cache_item( r );
+ if( rc )
+ return rc;
+ }
+ }
+ cache_is_dirty = 0;
+ if( did_lock && !opt.lock_once ) {
+ if( !release_dotlock( lockhandle ) )
+ is_locked = 0;
+ }
+
+ return 0;
+}
+
+#if 0
+/* The transaction code is disabled in the 1.2.x branch, as it is not
+ yet used. It will be enabled in 1.3.x. */
+
+/****************
+ * Simple transactions system:
+ * Everything between begin_transaction and end/cancel_transaction
+ * is not immediatly written but at the time of end_transaction.
+ *
+ */
+int
+tdbio_begin_transaction()
+{
+ int rc;
+
+ if( in_transaction )
+ log_bug("tdbio: nested transactions\n");
+ /* flush everything out */
+ rc = tdbio_sync();
+ if( rc )
+ return rc;
+ in_transaction = 1;
+ return 0;
+}
+
+int
+tdbio_end_transaction()
+{
+ int rc;
+
+ if( !in_transaction )
+ log_bug("tdbio: no active transaction\n");
+ if( !is_locked ) {
+ if( make_dotlock( lockhandle, -1 ) )
+ log_fatal("can't acquire lock - giving up\n");
+ else
+ is_locked = 1;
+ }
+ block_all_signals();
+ in_transaction = 0;
+ rc = tdbio_sync();
+ unblock_all_signals();
+ if( !opt.lock_once ) {
+ if( !release_dotlock( lockhandle ) )
+ is_locked = 0;
+ }
+ return rc;
+}
+
+int
+tdbio_cancel_transaction()
+{
+ CACHE_CTRL r;
+
+ if( !in_transaction )
+ log_bug("tdbio: no active transaction\n");
+
+ /* remove all dirty marked entries, so that the original ones
+ * are read back the next time */
+ if( cache_is_dirty ) {
+ for( r = cache_list; r; r = r->next ) {
+ if( r->flags.used && r->flags.dirty ) {
+ r->flags.used = 0;
+ cache_entries--;
+ }
+ }
+ cache_is_dirty = 0;
+ }
+
+ in_transaction = 0;
+ return 0;
+}
+#endif
+
+
+/********************************************************
+ **************** cached I/O functions ******************
+ ********************************************************/
+
+static void
+cleanup(void)
+{
+ if( is_locked ) {
+ if( !release_dotlock(lockhandle) )
+ is_locked = 0;
+ }
+}
+
+/* Caller must sync */
+int
+tdbio_update_version_record (void)
+{
+ TRUSTREC rec;
+ int rc;
+
+ memset( &rec, 0, sizeof rec );
+
+ rc=tdbio_read_record( 0, &rec, RECTYPE_VER);
+ if(rc==0)
+ {
+ rec.r.ver.created = make_timestamp();
+ rec.r.ver.marginals = opt.marginals_needed;
+ rec.r.ver.completes = opt.completes_needed;
+ rec.r.ver.cert_depth = opt.max_cert_depth;
+ rec.r.ver.trust_model = opt.trust_model;
+ rec.r.ver.min_cert_level = opt.min_cert_level;
+ rc=tdbio_write_record(&rec);
+ }
+
+ return rc;
+}
+
+static int
+create_version_record (void)
+{
+ TRUSTREC rec;
+ int rc;
+
+ memset( &rec, 0, sizeof rec );
+ rec.r.ver.version = 3;
+ rec.r.ver.created = make_timestamp();
+ rec.r.ver.marginals = opt.marginals_needed;
+ rec.r.ver.completes = opt.completes_needed;
+ rec.r.ver.cert_depth = opt.max_cert_depth;
+ if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
+ rec.r.ver.trust_model = opt.trust_model;
+ else
+ rec.r.ver.trust_model = TM_PGP;
+ rec.r.ver.min_cert_level = opt.min_cert_level;
+ rec.rectype = RECTYPE_VER;
+ rec.recnum = 0;
+ rc = tdbio_write_record( &rec );
+ if( !rc )
+ tdbio_sync();
+ return rc;
+}
+
+
+
+int
+tdbio_set_dbname( const char *new_dbname, int create )
+{
+ char *fname;
+ static int initialized = 0;
+
+ if( !initialized ) {
+ atexit( cleanup );
+ initialized = 1;
+ }
+
+ if(new_dbname==NULL)
+ fname=make_filename(opt.homedir,"trustdb" EXTSEP_S "gpg", NULL);
+ else if (*new_dbname != DIRSEP_C )
+ {
+ if (strchr(new_dbname, DIRSEP_C) )
+ fname = make_filename (new_dbname, NULL);
+ else
+ fname = make_filename (opt.homedir, new_dbname, NULL);
+ }
+ else
+ fname = xstrdup (new_dbname);
+
+ if( access( fname, R_OK ) ) {
+ if( errno != ENOENT ) {
+ log_error( _("can't access `%s': %s\n"), fname, strerror(errno) );
+ xfree(fname);
+ return G10ERR_TRUSTDB;
+ }
+ if( create ) {
+ FILE *fp;
+ TRUSTREC rec;
+ int rc;
+ char *p = strrchr( fname, DIRSEP_C );
+ mode_t oldmask;
+ int save_slash;
+
+#if HAVE_W32_SYSTEM
+ {
+ /* Windows may either have a slash or a backslash. Take
+ care of it. */
+ char *pp = strrchr (fname, '/');
+ if (!p || pp > p)
+ p = pp;
+ }
+#endif /*HAVE_W32_SYSTEM*/
+ assert (p);
+ save_slash = *p;
+ *p = 0;
+ if( access( fname, F_OK ) ) {
+ try_make_homedir( fname );
+ if (access (fname, F_OK ))
+ log_fatal (_("%s: directory does not exist!\n"), fname);
+ }
+ *p = save_slash;
+
+ xfree(db_name);
+ db_name = fname;
+#ifdef __riscos__
+ if( !lockhandle )
+ lockhandle = create_dotlock( db_name );
+ if( !lockhandle )
+ log_fatal( _("can't create lock for `%s'\n"), db_name );
+ if( make_dotlock( lockhandle, -1 ) )
+ log_fatal( _("can't lock `%s'\n"), db_name );
+#endif /* __riscos__ */
+ oldmask=umask(077);
+ if (is_secured_filename (fname)) {
+ fp = NULL;
+ errno = EPERM;
+ }
+ else
+ fp =fopen( fname, "wb" );
+ umask(oldmask);
+ if( !fp )
+ log_fatal( _("can't create `%s': %s\n"), fname, strerror(errno) );
+ fclose(fp);
+ db_fd = open( db_name, O_RDWR | MY_O_BINARY );
+ if( db_fd == -1 )
+ log_fatal( _("can't open `%s': %s\n"), db_name, strerror(errno) );
+
+#ifndef __riscos__
+ if( !lockhandle )
+ lockhandle = create_dotlock( db_name );
+ if( !lockhandle )
+ log_fatal( _("can't create lock for `%s'\n"), db_name );
+#endif /* !__riscos__ */
+
+ rc = create_version_record ();
+ if( rc )
+ log_fatal( _("%s: failed to create version record: %s"),
+ fname, g10_errstr(rc));
+ /* and read again to check that we are okay */
+ if( tdbio_read_record( 0, &rec, RECTYPE_VER ) )
+ log_fatal( _("%s: invalid trustdb created\n"), db_name );
+
+ if( !opt.quiet )
+ log_info(_("%s: trustdb created\n"), db_name);
+
+ return 0;
+ }
+ }
+ xfree(db_name);
+ db_name = fname;
+ return 0;
+}
+
+
+const char *
+tdbio_get_dbname()
+{
+ return db_name;
+}
+
+
+
+static void
+open_db()
+{
+ TRUSTREC rec;
+
+ assert( db_fd == -1 );
+
+ if (!lockhandle )
+ lockhandle = create_dotlock( db_name );
+ if (!lockhandle )
+ log_fatal( _("can't create lock for `%s'\n"), db_name );
+#ifdef __riscos__
+ if (make_dotlock( lockhandle, -1 ) )
+ log_fatal( _("can't lock `%s'\n"), db_name );
+#endif /* __riscos__ */
+ db_fd = open (db_name, O_RDWR | MY_O_BINARY );
+ if (db_fd == -1 && (errno == EACCES
+#ifdef EROFS
+ || errno == EROFS
+#endif
+ )
+ ) {
+ db_fd = open (db_name, O_RDONLY | MY_O_BINARY );
+ if (db_fd != -1 && !opt.quiet)
+ log_info (_("NOTE: trustdb not writable\n"));
+ }
+ if ( db_fd == -1 )
+ log_fatal( _("can't open `%s': %s\n"), db_name, strerror(errno) );
+ register_secured_file (db_name);
+
+ /* Read the version record. */
+ if (tdbio_read_record (0, &rec, RECTYPE_VER ) )
+ log_fatal( _("%s: invalid trustdb\n"), db_name );
+}
+
+
+/****************
+ * Make a hashtable: type 0 = trust hash
+ */
+static void
+create_hashtable( TRUSTREC *vr, int type )
+{
+ TRUSTREC rec;
+ off_t offset;
+ ulong recnum;
+ int i, n, rc;
+
+ offset = lseek( db_fd, 0, SEEK_END );
+ if( offset == -1 )
+ log_fatal("trustdb: lseek to end failed: %s\n", strerror(errno) );
+ recnum = offset / TRUST_RECORD_LEN;
+ assert(recnum); /* this is will never be the first record */
+
+ if( !type )
+ vr->r.ver.trusthashtbl = recnum;
+
+ /* Now write the records */
+ n = (256+ITEMS_PER_HTBL_RECORD-1) / ITEMS_PER_HTBL_RECORD;
+ for(i=0; i < n; i++, recnum++ ) {
+ memset( &rec, 0, sizeof rec );
+ rec.rectype = RECTYPE_HTBL;
+ rec.recnum = recnum;
+ rc = tdbio_write_record( &rec );
+ if( rc )
+ log_fatal( _("%s: failed to create hashtable: %s\n"),
+ db_name, g10_errstr(rc));
+ }
+ /* update the version record */
+ rc = tdbio_write_record( vr );
+ if( !rc )
+ rc = tdbio_sync();
+ if( rc )
+ log_fatal( _("%s: error updating version record: %s\n"),
+ db_name, g10_errstr(rc));
+}
+
+
+int
+tdbio_db_matches_options()
+{
+ static int yes_no = -1;
+
+ if( yes_no == -1 )
+ {
+ TRUSTREC vr;
+ int rc;
+
+ rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
+ if( rc )
+ log_fatal( _("%s: error reading version record: %s\n"),
+ db_name, g10_errstr(rc) );
+
+ yes_no = vr.r.ver.marginals == opt.marginals_needed
+ && vr.r.ver.completes == opt.completes_needed
+ && vr.r.ver.cert_depth == opt.max_cert_depth
+ && vr.r.ver.trust_model == opt.trust_model
+ && vr.r.ver.min_cert_level == opt.min_cert_level;
+ }
+
+ return yes_no;
+}
+
+byte
+tdbio_read_model(void)
+{
+ TRUSTREC vr;
+ int rc;
+
+ rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
+ if( rc )
+ log_fatal( _("%s: error reading version record: %s\n"),
+ db_name, g10_errstr(rc) );
+ return vr.r.ver.trust_model;
+}
+
+/****************
+ * Return the nextstamp value.
+ */
+ulong
+tdbio_read_nextcheck ()
+{
+ TRUSTREC vr;
+ int rc;
+
+ rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
+ if( rc )
+ log_fatal( _("%s: error reading version record: %s\n"),
+ db_name, g10_errstr(rc) );
+ return vr.r.ver.nextcheck;
+}
+
+/* Return true when the stamp was actually changed. */
+int
+tdbio_write_nextcheck (ulong stamp)
+{
+ TRUSTREC vr;
+ int rc;
+
+ rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
+ if( rc )
+ log_fatal( _("%s: error reading version record: %s\n"),
+ db_name, g10_errstr(rc) );
+
+ if (vr.r.ver.nextcheck == stamp)
+ return 0;
+
+ vr.r.ver.nextcheck = stamp;
+ rc = tdbio_write_record( &vr );
+ if( rc )
+ log_fatal( _("%s: error writing version record: %s\n"),
+ db_name, g10_errstr(rc) );
+ return 1;
+}
+
+
+
+/****************
+ * Return the record number of the trusthash tbl or create a new one.
+ */
+static ulong
+get_trusthashrec(void)
+{
+ static ulong trusthashtbl; /* record number of the trust hashtable */
+
+ if( !trusthashtbl ) {
+ TRUSTREC vr;
+ int rc;
+
+ rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
+ if( rc )
+ log_fatal( _("%s: error reading version record: %s\n"),
+ db_name, g10_errstr(rc) );
+ if( !vr.r.ver.trusthashtbl )
+ create_hashtable( &vr, 0 );
+
+ trusthashtbl = vr.r.ver.trusthashtbl;
+ }
+ return trusthashtbl;
+}
+
+
+
+/****************
+ * Update a hashtable.
+ * table gives the start of the table, key and keylen is the key,
+ * newrecnum is the record number to insert.
+ */
+static int
+upd_hashtable( ulong table, byte *key, int keylen, ulong newrecnum )
+{
+ TRUSTREC lastrec, rec;
+ ulong hashrec, item;
+ int msb;
+ int level=0;
+ int rc, i;
+
+ hashrec = table;
+ next_level:
+ msb = key[level];
+ hashrec += msb / ITEMS_PER_HTBL_RECORD;
+ rc = tdbio_read_record( hashrec, &rec, RECTYPE_HTBL );
+ if( rc ) {
+ log_error("upd_hashtable: read failed: %s\n", g10_errstr(rc) );
+ return rc;
+ }
+
+ item = rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD];
+ if( !item ) { /* insert a new item into the hash table */
+ rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = newrecnum;
+ rc = tdbio_write_record( &rec );
+ if( rc ) {
+ log_error("upd_hashtable: write htbl failed: %s\n",
+ g10_errstr(rc) );
+ return rc;
+ }
+ }
+ else if( item != newrecnum ) { /* must do an update */
+ lastrec = rec;
+ rc = tdbio_read_record( item, &rec, 0 );
+ if( rc ) {
+ log_error( "upd_hashtable: read item failed: %s\n",
+ g10_errstr(rc) );
+ return rc;
+ }
+
+ if( rec.rectype == RECTYPE_HTBL ) {
+ hashrec = item;
+ level++;
+ if( level >= keylen ) {
+ log_error( "hashtable has invalid indirections.\n");
+ return G10ERR_TRUSTDB;
+ }
+ goto next_level;
+ }
+ else if( rec.rectype == RECTYPE_HLST ) { /* extend list */
+ /* see whether the key is already in this list */
+ for(;;) {
+ for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) {
+ if( rec.r.hlst.rnum[i] == newrecnum ) {
+ return 0; /* okay, already in the list */
+ }
+ }
+ if( rec.r.hlst.next ) {
+ rc = tdbio_read_record( rec.r.hlst.next,
+ &rec, RECTYPE_HLST);
+ if( rc ) {
+ log_error( "upd_hashtable: read hlst failed: %s\n",
+ g10_errstr(rc) );
+ return rc;
+ }
+ }
+ else
+ break; /* not there */
+ }
+ /* find the next free entry and put it in */
+ for(;;) {
+ for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) {
+ if( !rec.r.hlst.rnum[i] ) {
+ rec.r.hlst.rnum[i] = newrecnum;
+ rc = tdbio_write_record( &rec );
+ if( rc )
+ log_error( "upd_hashtable: write hlst failed: %s\n",
+ g10_errstr(rc) );
+ return rc; /* done */
+ }
+ }
+ if( rec.r.hlst.next ) {
+ rc = tdbio_read_record( rec.r.hlst.next,
+ &rec, RECTYPE_HLST );
+ if( rc ) {
+ log_error( "upd_hashtable: read hlst failed: %s\n",
+ g10_errstr(rc) );
+ return rc;
+ }
+ }
+ else { /* add a new list record */
+ rec.r.hlst.next = item = tdbio_new_recnum();
+ rc = tdbio_write_record( &rec );
+ if( rc ) {
+ log_error( "upd_hashtable: write hlst failed: %s\n",
+ g10_errstr(rc) );
+ return rc;
+ }
+ memset( &rec, 0, sizeof rec );
+ rec.rectype = RECTYPE_HLST;
+ rec.recnum = item;
+ rec.r.hlst.rnum[0] = newrecnum;
+ rc = tdbio_write_record( &rec );
+ if( rc )
+ log_error( "upd_hashtable: write ext hlst failed: %s\n",
+ g10_errstr(rc) );
+ return rc; /* done */
+ }
+ } /* end loop over hlst slots */
+ }
+ else if( rec.rectype == RECTYPE_TRUST ) { /* insert a list record */
+ if( rec.recnum == newrecnum ) {
+ return 0;
+ }
+ item = rec.recnum; /* save number of key record */
+ memset( &rec, 0, sizeof rec );
+ rec.rectype = RECTYPE_HLST;
+ rec.recnum = tdbio_new_recnum();
+ rec.r.hlst.rnum[0] = item; /* old keyrecord */
+ rec.r.hlst.rnum[1] = newrecnum; /* and new one */
+ rc = tdbio_write_record( &rec );
+ if( rc ) {
+ log_error( "upd_hashtable: write new hlst failed: %s\n",
+ g10_errstr(rc) );
+ return rc;
+ }
+ /* update the hashtable record */
+ lastrec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = rec.recnum;
+ rc = tdbio_write_record( &lastrec );
+ if( rc )
+ log_error( "upd_hashtable: update htbl failed: %s\n",
+ g10_errstr(rc) );
+ return rc; /* ready */
+ }
+ else {
+ log_error( "hashtbl %lu: %lu/%d points to an invalid record %lu\n",
+ table, hashrec, (msb % ITEMS_PER_HTBL_RECORD), item);
+ list_trustdb(NULL);
+ return G10ERR_TRUSTDB;
+ }
+ }
+
+ return 0;
+}
+
+
+/****************
+ * Drop an entry from a hashtable
+ * table gives the start of the table, key and keylen is the key,
+ */
+static int
+drop_from_hashtable( ulong table, byte *key, int keylen, ulong recnum )
+{
+ TRUSTREC rec;
+ ulong hashrec, item;
+ int msb;
+ int level=0;
+ int rc, i;
+
+ hashrec = table;
+ next_level:
+ msb = key[level];
+ hashrec += msb / ITEMS_PER_HTBL_RECORD;
+ rc = tdbio_read_record( hashrec, &rec, RECTYPE_HTBL );
+ if( rc ) {
+ log_error("drop_from_hashtable: read failed: %s\n",
+ g10_errstr(rc) );
+ return rc;
+ }
+
+ item = rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD];
+ if( !item ) /* not found - forget about it */
+ return 0;
+
+ if( item == recnum ) { /* tables points direct to the record */
+ rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = 0;
+ rc = tdbio_write_record( &rec );
+ if( rc )
+ log_error("drop_from_hashtable: write htbl failed: %s\n",
+ g10_errstr(rc) );
+ return rc;
+ }
+
+ rc = tdbio_read_record( item, &rec, 0 );
+ if( rc ) {
+ log_error( "drop_from_hashtable: read item failed: %s\n",
+ g10_errstr(rc) );
+ return rc;
+ }
+
+ if( rec.rectype == RECTYPE_HTBL ) {
+ hashrec = item;
+ level++;
+ if( level >= keylen ) {
+ log_error( "hashtable has invalid indirections.\n");
+ return G10ERR_TRUSTDB;
+ }
+ goto next_level;
+ }
+
+ if( rec.rectype == RECTYPE_HLST ) {
+ for(;;) {
+ for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) {
+ if( rec.r.hlst.rnum[i] == recnum ) {
+ rec.r.hlst.rnum[i] = 0; /* drop */
+ rc = tdbio_write_record( &rec );
+ if( rc )
+ log_error("drop_from_hashtable: write htbl failed: %s\n",
+ g10_errstr(rc) );
+ return rc;
+ }
+ }
+ if( rec.r.hlst.next ) {
+ rc = tdbio_read_record( rec.r.hlst.next,
+ &rec, RECTYPE_HLST);
+ if( rc ) {
+ log_error( "drop_from_hashtable: read hlst failed: %s\n",
+ g10_errstr(rc) );
+ return rc;
+ }
+ }
+ else
+ return 0; /* key not in table */
+ }
+ }
+
+ log_error( "hashtbl %lu: %lu/%d points to wrong record %lu\n",
+ table, hashrec, (msb % ITEMS_PER_HTBL_RECORD), item);
+ return G10ERR_TRUSTDB;
+}
+
+
+
+/****************
+ * Lookup a record via the hashtable tablewith key/keylen and return the
+ * result in rec. cmp() should return if the record is the desired one.
+ * Returns -1 if not found, 0 if found or another errocode
+ */
+static int
+lookup_hashtable( ulong table, const byte *key, size_t keylen,
+ int (*cmpfnc)(const void*, const TRUSTREC *),
+ const void *cmpdata, TRUSTREC *rec )
+{
+ int rc;
+ ulong hashrec, item;
+ int msb;
+ int level=0;
+
+ hashrec = table;
+ next_level:
+ msb = key[level];
+ hashrec += msb / ITEMS_PER_HTBL_RECORD;
+ rc = tdbio_read_record( hashrec, rec, RECTYPE_HTBL );
+ if( rc ) {
+ log_error("lookup_hashtable failed: %s\n", g10_errstr(rc) );
+ return rc;
+ }
+
+ item = rec->r.htbl.item[msb % ITEMS_PER_HTBL_RECORD];
+ if( !item )
+ return -1; /* not found */
+
+ rc = tdbio_read_record( item, rec, 0 );
+ if( rc ) {
+ log_error( "hashtable read failed: %s\n", g10_errstr(rc) );
+ return rc;
+ }
+ if( rec->rectype == RECTYPE_HTBL ) {
+ hashrec = item;
+ level++;
+ if( level >= keylen ) {
+ log_error("hashtable has invalid indirections\n");
+ return G10ERR_TRUSTDB;
+ }
+ goto next_level;
+ }
+ else if( rec->rectype == RECTYPE_HLST ) {
+ for(;;) {
+ int i;
+
+ for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) {
+ if( rec->r.hlst.rnum[i] ) {
+ TRUSTREC tmp;
+
+ rc = tdbio_read_record( rec->r.hlst.rnum[i], &tmp, 0 );
+ if( rc ) {
+ log_error( "lookup_hashtable: read item failed: %s\n",
+ g10_errstr(rc) );
+ return rc;
+ }
+ if( (*cmpfnc)( cmpdata, &tmp ) ) {
+ *rec = tmp;
+ return 0;
+ }
+ }
+ }
+ if( rec->r.hlst.next ) {
+ rc = tdbio_read_record( rec->r.hlst.next, rec, RECTYPE_HLST );
+ if( rc ) {
+ log_error( "lookup_hashtable: read hlst failed: %s\n",
+ g10_errstr(rc) );
+ return rc;
+ }
+ }
+ else
+ return -1; /* not found */
+ }
+ }
+
+
+ if( (*cmpfnc)( cmpdata, rec ) )
+ return 0; /* really found */
+
+ return -1; /* no: not found */
+}
+
+
+/****************
+ * Update the trust hashtbl or create the table if it does not exist
+ */
+static int
+update_trusthashtbl( TRUSTREC *tr )
+{
+ return upd_hashtable( get_trusthashrec(),
+ tr->r.trust.fingerprint, 20, tr->recnum );
+}
+
+
+
+void
+tdbio_dump_record( TRUSTREC *rec, FILE *fp )
+{
+ int i;
+ ulong rnum = rec->recnum;
+
+ fprintf(fp, "rec %5lu, ", rnum );
+
+ switch( rec->rectype ) {
+ case 0: fprintf(fp, "blank\n");
+ break;
+ case RECTYPE_VER: fprintf(fp,
+ "version, td=%lu, f=%lu, m/c/d=%d/%d/%d tm=%d mcl=%d nc=%lu (%s)\n",
+ rec->r.ver.trusthashtbl,
+ rec->r.ver.firstfree,
+ rec->r.ver.marginals,
+ rec->r.ver.completes,
+ rec->r.ver.cert_depth,
+ rec->r.ver.trust_model,
+ rec->r.ver.min_cert_level,
+ rec->r.ver.nextcheck,
+ strtimestamp(rec->r.ver.nextcheck)
+ );
+ break;
+ case RECTYPE_FREE: fprintf(fp, "free, next=%lu\n", rec->r.free.next );
+ break;
+ case RECTYPE_HTBL:
+ fprintf(fp, "htbl,");
+ for(i=0; i < ITEMS_PER_HTBL_RECORD; i++ )
+ fprintf(fp, " %lu", rec->r.htbl.item[i] );
+ putc('\n', fp);
+ break;
+ case RECTYPE_HLST:
+ fprintf(fp, "hlst, next=%lu,", rec->r.hlst.next );
+ for(i=0; i < ITEMS_PER_HLST_RECORD; i++ )
+ fprintf(fp, " %lu", rec->r.hlst.rnum[i] );
+ putc('\n', fp);
+ break;
+ case RECTYPE_TRUST:
+ fprintf(fp, "trust ");
+ for(i=0; i < 20; i++ )
+ fprintf(fp, "%02X", rec->r.trust.fingerprint[i] );
+ fprintf (fp, ", ot=%d, d=%d, vl=%lu\n", rec->r.trust.ownertrust,
+ rec->r.trust.depth, rec->r.trust.validlist);
+ break;
+ case RECTYPE_VALID:
+ fprintf(fp, "valid ");
+ for(i=0; i < 20; i++ )
+ fprintf(fp, "%02X", rec->r.valid.namehash[i] );
+ fprintf (fp, ", v=%d, next=%lu\n", rec->r.valid.validity,
+ rec->r.valid.next);
+ break;
+ default:
+ fprintf(fp, "unknown type %d\n", rec->rectype );
+ break;
+ }
+}
+
+/****************
+ * read the record with number recnum
+ * returns: -1 on error, 0 on success
+ */
+int
+tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
+{
+ byte readbuf[TRUST_RECORD_LEN];
+ const byte *buf, *p;
+ gpg_error_t err = 0;
+ int n, i;
+
+ if( db_fd == -1 )
+ open_db();
+ buf = get_record_from_cache( recnum );
+ if( !buf ) {
+ if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
+ err = gpg_error_from_syserror ();
+ log_error(_("trustdb: lseek failed: %s\n"), strerror(errno) );
+ return err;
+ }
+ n = read( db_fd, readbuf, TRUST_RECORD_LEN);
+ if( !n ) {
+ return -1; /* eof */
+ }
+ else if( n != TRUST_RECORD_LEN ) {
+ err = gpg_error_from_syserror ();
+ log_error(_("trustdb: read failed (n=%d): %s\n"), n,
+ strerror(errno) );
+ return err;
+ }
+ buf = readbuf;
+ }
+ rec->recnum = recnum;
+ rec->dirty = 0;
+ p = buf;
+ rec->rectype = *p++;
+ if( expected && rec->rectype != expected ) {
+ log_error("%lu: read expected rec type %d, got %d\n",
+ recnum, expected, rec->rectype );
+ return gpg_error (GPG_ERR_TRUSTDB);
+ }
+ p++; /* skip reserved byte */
+ switch( rec->rectype ) {
+ case 0: /* unused (free) record */
+ break;
+ case RECTYPE_VER: /* version record */
+ if( memcmp(buf+1, "gpg", 3 ) ) {
+ log_error( _("%s: not a trustdb file\n"), db_name );
+ err = gpg_error (GPG_ERR_TRUSTDB);
+ }
+ p += 2; /* skip "gpg" */
+ rec->r.ver.version = *p++;
+ rec->r.ver.marginals = *p++;
+ rec->r.ver.completes = *p++;
+ rec->r.ver.cert_depth = *p++;
+ rec->r.ver.trust_model = *p++;
+ rec->r.ver.min_cert_level = *p++;
+ p += 2;
+ rec->r.ver.created = buftoulong(p); p += 4;
+ rec->r.ver.nextcheck = buftoulong(p); p += 4;
+ p += 4;
+ p += 4;
+ rec->r.ver.firstfree =buftoulong(p); p += 4;
+ p += 4;
+ rec->r.ver.trusthashtbl =buftoulong(p); p += 4;
+ if( recnum ) {
+ log_error( _("%s: version record with recnum %lu\n"), db_name,
+ (ulong)recnum );
+ err = gpg_error (GPG_ERR_TRUSTDB);
+ }
+ else if( rec->r.ver.version != 3 ) {
+ log_error( _("%s: invalid file version %d\n"), db_name,
+ rec->r.ver.version );
+ err = gpg_error (GPG_ERR_TRUSTDB);
+ }
+ break;
+ case RECTYPE_FREE:
+ rec->r.free.next = buftoulong(p); p += 4;
+ break;
+ case RECTYPE_HTBL:
+ for(i=0; i < ITEMS_PER_HTBL_RECORD; i++ ) {
+ rec->r.htbl.item[i] = buftoulong(p); p += 4;
+ }
+ break;
+ case RECTYPE_HLST:
+ rec->r.hlst.next = buftoulong(p); p += 4;
+ for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) {
+ rec->r.hlst.rnum[i] = buftoulong(p); p += 4;
+ }
+ break;
+ case RECTYPE_TRUST:
+ memcpy( rec->r.trust.fingerprint, p, 20); p+=20;
+ rec->r.trust.ownertrust = *p++;
+ rec->r.trust.depth = *p++;
+ rec->r.trust.min_ownertrust = *p++;
+ p++;
+ rec->r.trust.validlist = buftoulong(p); p += 4;
+ break;
+ case RECTYPE_VALID:
+ memcpy( rec->r.valid.namehash, p, 20); p+=20;
+ rec->r.valid.validity = *p++;
+ rec->r.valid.next = buftoulong(p); p += 4;
+ rec->r.valid.full_count = *p++;
+ rec->r.valid.marginal_count = *p++;
+ break;
+ default:
+ log_error( "%s: invalid record type %d at recnum %lu\n",
+ db_name, rec->rectype, (ulong)recnum );
+ err = gpg_error (GPG_ERR_TRUSTDB);
+ break;
+ }
+
+ return err;
+}
+
+/****************
+ * Write the record at RECNUM
+ */
+int
+tdbio_write_record( TRUSTREC *rec )
+{
+ byte buf[TRUST_RECORD_LEN], *p;
+ int rc = 0;
+ int i;
+ ulong recnum = rec->recnum;
+
+ if( db_fd == -1 )
+ open_db();
+
+ memset(buf, 0, TRUST_RECORD_LEN);
+ p = buf;
+ *p++ = rec->rectype; p++;
+ switch( rec->rectype ) {
+ case 0: /* unused record */
+ break;
+ case RECTYPE_VER: /* version record */
+ if( recnum )
+ BUG();
+ memcpy(p-1, "gpg", 3 ); p += 2;
+ *p++ = rec->r.ver.version;
+ *p++ = rec->r.ver.marginals;
+ *p++ = rec->r.ver.completes;
+ *p++ = rec->r.ver.cert_depth;
+ *p++ = rec->r.ver.trust_model;
+ *p++ = rec->r.ver.min_cert_level;
+ p += 2;
+ ulongtobuf(p, rec->r.ver.created); p += 4;
+ ulongtobuf(p, rec->r.ver.nextcheck); p += 4;
+ p += 4;
+ p += 4;
+ ulongtobuf(p, rec->r.ver.firstfree ); p += 4;
+ p += 4;
+ ulongtobuf(p, rec->r.ver.trusthashtbl ); p += 4;
+ break;
+
+ case RECTYPE_FREE:
+ ulongtobuf(p, rec->r.free.next); p += 4;
+ break;
+
+
+ case RECTYPE_HTBL:
+ for(i=0; i < ITEMS_PER_HTBL_RECORD; i++ ) {
+ ulongtobuf( p, rec->r.htbl.item[i]); p += 4;
+ }
+ break;
+
+ case RECTYPE_HLST:
+ ulongtobuf( p, rec->r.hlst.next); p += 4;
+ for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) {
+ ulongtobuf( p, rec->r.hlst.rnum[i]); p += 4;
+ }
+ break;
+
+ case RECTYPE_TRUST:
+ memcpy( p, rec->r.trust.fingerprint, 20); p += 20;
+ *p++ = rec->r.trust.ownertrust;
+ *p++ = rec->r.trust.depth;
+ *p++ = rec->r.trust.min_ownertrust;
+ p++;
+ ulongtobuf( p, rec->r.trust.validlist); p += 4;
+ break;
+
+ case RECTYPE_VALID:
+ memcpy( p, rec->r.valid.namehash, 20); p += 20;
+ *p++ = rec->r.valid.validity;
+ ulongtobuf( p, rec->r.valid.next); p += 4;
+ *p++ = rec->r.valid.full_count;
+ *p++ = rec->r.valid.marginal_count;
+ break;
+
+ default:
+ BUG();
+ }
+
+ rc = put_record_into_cache( recnum, buf );
+ if( rc )
+ ;
+ else if( rec->rectype == RECTYPE_TRUST )
+ rc = update_trusthashtbl( rec );
+
+ return rc;
+}
+
+int
+tdbio_delete_record( ulong recnum )
+{
+ TRUSTREC vr, rec;
+ int rc;
+
+ /* Must read the record fist, so we can drop it from the hash tables */
+ rc = tdbio_read_record( recnum, &rec, 0 );
+ if( rc )
+ ;
+ else if( rec.rectype == RECTYPE_TRUST ) {
+ rc = drop_from_hashtable( get_trusthashrec(),
+ rec.r.trust.fingerprint, 20, rec.recnum );
+ }
+
+ if( rc )
+ return rc;
+
+ /* now we can chnage it to a free record */
+ rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
+ if( rc )
+ log_fatal( _("%s: error reading version record: %s\n"),
+ db_name, g10_errstr(rc) );
+
+ rec.recnum = recnum;
+ rec.rectype = RECTYPE_FREE;
+ rec.r.free.next = vr.r.ver.firstfree;
+ vr.r.ver.firstfree = recnum;
+ rc = tdbio_write_record( &rec );
+ if( !rc )
+ rc = tdbio_write_record( &vr );
+ return rc;
+}
+
+/****************
+ * create a new record and return its record number
+ */
+ulong
+tdbio_new_recnum()
+{
+ off_t offset;
+ ulong recnum;
+ TRUSTREC vr, rec;
+ int rc;
+
+ /* look for unused records */
+ rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
+ if( rc )
+ log_fatal( _("%s: error reading version record: %s\n"),
+ db_name, g10_errstr(rc) );
+ if( vr.r.ver.firstfree ) {
+ recnum = vr.r.ver.firstfree;
+ rc = tdbio_read_record( recnum, &rec, RECTYPE_FREE );
+ if( rc ) {
+ log_error( _("%s: error reading free record: %s\n"),
+ db_name, g10_errstr(rc) );
+ return rc;
+ }
+ /* update dir record */
+ vr.r.ver.firstfree = rec.r.free.next;
+ rc = tdbio_write_record( &vr );
+ if( rc ) {
+ log_error( _("%s: error writing dir record: %s\n"),
+ db_name, g10_errstr(rc) );
+ return rc;
+ }
+ /*zero out the new record */
+ memset( &rec, 0, sizeof rec );
+ rec.rectype = 0; /* unused record */
+ rec.recnum = recnum;
+ rc = tdbio_write_record( &rec );
+ if( rc )
+ log_fatal(_("%s: failed to zero a record: %s\n"),
+ db_name, g10_errstr(rc));
+ }
+ else { /* not found, append a new record */
+ offset = lseek( db_fd, 0, SEEK_END );
+ if( offset == -1 )
+ log_fatal("trustdb: lseek to end failed: %s\n", strerror(errno) );
+ recnum = offset / TRUST_RECORD_LEN;
+ assert(recnum); /* this is will never be the first record */
+ /* we must write a record, so that the next call to this function
+ * returns another recnum */
+ memset( &rec, 0, sizeof rec );
+ rec.rectype = 0; /* unused record */
+ rec.recnum = recnum;
+ rc = 0;
+ if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
+ rc = gpg_error_from_syserror ();
+ log_error(_("trustdb rec %lu: lseek failed: %s\n"),
+ recnum, strerror(errno) );
+ }
+ else {
+ int n = write( db_fd, &rec, TRUST_RECORD_LEN);
+ if( n != TRUST_RECORD_LEN ) {
+ rc = gpg_error_from_syserror ();
+ log_error(_("trustdb rec %lu: write failed (n=%d): %s\n"),
+ recnum, n, strerror(errno) );
+ }
+ }
+
+ if( rc )
+ log_fatal(_("%s: failed to append a record: %s\n"),
+ db_name, g10_errstr(rc));
+ }
+ return recnum ;
+}
+
+
+
+static int
+cmp_trec_fpr ( const void *fpr, const TRUSTREC *rec )
+{
+ return (rec->rectype == RECTYPE_TRUST
+ && !memcmp (rec->r.trust.fingerprint, fpr, 20));
+}
+
+
+int
+tdbio_search_trust_byfpr( const byte *fingerprint, TRUSTREC *rec )
+{
+ int rc;
+
+ /* locate the trust record using the hash table */
+ rc = lookup_hashtable( get_trusthashrec(), fingerprint, 20,
+ cmp_trec_fpr, fingerprint, rec );
+ return rc;
+}
+
+int
+tdbio_search_trust_bypk (PKT_public_key *pk, TRUSTREC *rec)
+{
+ byte fingerprint[MAX_FINGERPRINT_LEN];
+ size_t fingerlen;
+
+ fingerprint_from_pk( pk, fingerprint, &fingerlen );
+ for (; fingerlen < 20; fingerlen++ )
+ fingerprint[fingerlen] = 0;
+ return tdbio_search_trust_byfpr (fingerprint, rec);
+}
+
+
+void
+tdbio_invalid(void)
+{
+ log_error (_("Error: The trustdb is corrupted.\n"));
+ how_to_fix_the_trustdb ();
+ g10_exit (2);
+}
+
diff --git a/g10/tdbio.h b/g10/tdbio.h
new file mode 100644
index 0000000..b99b491
--- /dev/null
+++ b/g10/tdbio.h
@@ -0,0 +1,118 @@
+/* tdbio.h - Trust database I/O functions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2012 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef G10_TDBIO_H
+#define G10_TDBIO_H
+
+#include "host2net.h"
+
+#define TRUST_RECORD_LEN 40
+#define SIGS_PER_RECORD ((TRUST_RECORD_LEN-10)/5)
+#define ITEMS_PER_HTBL_RECORD ((TRUST_RECORD_LEN-2)/4)
+#define ITEMS_PER_HLST_RECORD ((TRUST_RECORD_LEN-6)/5)
+#define ITEMS_PER_PREF_RECORD (TRUST_RECORD_LEN-10)
+#if ITEMS_PER_PREF_RECORD % 2
+#error ITEMS_PER_PREF_RECORD must be even
+#endif
+#define MAX_LIST_SIGS_DEPTH 20
+
+
+#define RECTYPE_VER 1
+#define RECTYPE_HTBL 10
+#define RECTYPE_HLST 11
+#define RECTYPE_TRUST 12
+#define RECTYPE_VALID 13
+#define RECTYPE_FREE 254
+
+
+struct trust_record {
+ int rectype;
+ int mark;
+ int dirty; /* for now only used internal by functions */
+ struct trust_record *next; /* help pointer to build lists in memory */
+ ulong recnum;
+ union {
+ struct { /* version record: */
+ byte version; /* should be 3 */
+ byte marginals;
+ byte completes;
+ byte cert_depth;
+ byte trust_model;
+ byte min_cert_level;
+ ulong created; /* timestamp of trustdb creation */
+ ulong nextcheck; /* timestamp of next scheduled check */
+ ulong reserved;
+ ulong reserved2;
+ ulong firstfree;
+ ulong reserved3;
+ ulong trusthashtbl;
+ } ver;
+ struct { /* free record */
+ ulong next;
+ } free;
+ struct {
+ ulong item[ITEMS_PER_HTBL_RECORD];
+ } htbl;
+ struct {
+ ulong next;
+ ulong rnum[ITEMS_PER_HLST_RECORD]; /* of another record */
+ } hlst;
+ struct {
+ byte fingerprint[20];
+ byte ownertrust;
+ byte depth;
+ ulong validlist;
+ byte min_ownertrust;
+ } trust;
+ struct {
+ byte namehash[20];
+ ulong next;
+ byte validity;
+ byte full_count;
+ byte marginal_count;
+ } valid;
+ } r;
+};
+typedef struct trust_record TRUSTREC;
+
+/*-- tdbio.c --*/
+int tdbio_update_version_record(void);
+int tdbio_set_dbname( const char *new_dbname, int create );
+const char *tdbio_get_dbname(void);
+void tdbio_dump_record( TRUSTREC *rec, FILE *fp );
+int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
+int tdbio_write_record( TRUSTREC *rec );
+int tdbio_db_matches_options(void);
+byte tdbio_read_model(void);
+ulong tdbio_read_nextcheck (void);
+int tdbio_write_nextcheck (ulong stamp);
+int tdbio_is_dirty(void);
+int tdbio_sync(void);
+int tdbio_begin_transaction(void);
+int tdbio_end_transaction(void);
+int tdbio_cancel_transaction(void);
+int tdbio_delete_record( ulong recnum );
+ulong tdbio_new_recnum(void);
+int tdbio_search_trust_byfpr(const byte *fingerprint, TRUSTREC *rec );
+int tdbio_search_trust_bypk(PKT_public_key *pk, TRUSTREC *rec );
+
+void tdbio_how_to_fix (void);
+void tdbio_invalid(void);
+
+#endif /*G10_TDBIO_H*/
diff --git a/g10/textfilter.c b/g10/textfilter.c
new file mode 100644
index 0000000..14bf699
--- /dev/null
+++ b/g10/textfilter.c
@@ -0,0 +1,250 @@
+/* textfilter.c
+ * Copyright (C) 1998, 1999, 2000, 2001, 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "status.h"
+#include "iobuf.h"
+#include "util.h"
+#include "filter.h"
+#include "i18n.h"
+#include "options.h"
+#include "status.h"
+
+#ifdef HAVE_DOSISH_SYSTEM
+#define LF "\r\n"
+#else
+#define LF "\n"
+#endif
+
+#define MAX_LINELEN 19995 /* a little bit smaller than in armor.c */
+ /* to make sure that a warning is displayed while */
+ /* creating a message */
+
+static unsigned
+len_without_trailing_chars( byte *line, unsigned len, const char *trimchars )
+{
+ byte *p, *mark;
+ unsigned n;
+
+ for(mark=NULL, p=line, n=0; n < len; n++, p++ ) {
+ if( strchr( trimchars, *p ) ) {
+ if( !mark )
+ mark = p;
+ }
+ else
+ mark = NULL;
+ }
+
+ return mark? (mark - line) : len;
+}
+
+
+static int
+standard( text_filter_context_t *tfx, IOBUF a,
+ byte *buf, size_t size, size_t *ret_len)
+{
+ int rc=0;
+ size_t len = 0;
+ unsigned maxlen;
+
+ assert( size > 10 );
+ size -= 2; /* reserve 2 bytes to append CR,LF */
+ while( !rc && len < size ) {
+ int lf_seen;
+
+ while( len < size && tfx->buffer_pos < tfx->buffer_len )
+ buf[len++] = tfx->buffer[tfx->buffer_pos++];
+ if( len >= size )
+ continue;
+
+ /* read the next line */
+ maxlen = MAX_LINELEN;
+ tfx->buffer_pos = 0;
+ tfx->buffer_len = iobuf_read_line( a, &tfx->buffer,
+ &tfx->buffer_size, &maxlen );
+ if( !maxlen )
+ tfx->truncated++;
+ if( !tfx->buffer_len ) {
+ if( !len )
+ rc = -1; /* eof */
+ break;
+ }
+ lf_seen = tfx->buffer[tfx->buffer_len-1] == '\n';
+
+ /* The story behind this is that 2440 says that textmode
+ hashes should canonicalize line endings to CRLF and remove
+ spaces and tabs. 2440bis-12 says to just canonicalize to
+ CRLF. 1.4.0 was released using the bis-12 behavior, but it
+ was discovered that many mail clients do not canonicalize
+ PGP/MIME signature text appropriately (and were relying on
+ GnuPG to handle trailing spaces). So, we default to the
+ 2440 behavior, but use the 2440bis-12 behavior if the user
+ specifies --no-rfc2440-text. The default will be changed
+ at some point in the future when the mail clients have been
+ upgraded. Aside from PGP/MIME and broken mail clients,
+ this makes no difference to any signatures in the real
+ world except for a textmode detached signature. PGP always
+ used the 2440bis-12 behavior (ignoring 2440 itself), so
+ this actually makes us compatible with PGP textmode
+ detached signatures for the first time. */
+ if(opt.rfc2440_text)
+ tfx->buffer_len=trim_trailing_chars(tfx->buffer,tfx->buffer_len,
+ " \t\r\n");
+ else
+ tfx->buffer_len=trim_trailing_chars(tfx->buffer,tfx->buffer_len,
+ "\r\n");
+
+ if( lf_seen ) {
+ tfx->buffer[tfx->buffer_len++] = '\r';
+ tfx->buffer[tfx->buffer_len++] = '\n';
+ }
+ }
+ *ret_len = len;
+ return rc;
+}
+
+
+/****************
+ * The filter is used to make canonical text: Lines are terminated by
+ * CR, LF, trailing white spaces are removed.
+ */
+int
+text_filter( void *opaque, int control,
+ IOBUF a, byte *buf, size_t *ret_len)
+{
+ size_t size = *ret_len;
+ text_filter_context_t *tfx = opaque;
+ int rc=0;
+
+ if( control == IOBUFCTRL_UNDERFLOW ) {
+ rc = standard( tfx, a, buf, size, ret_len );
+ }
+ else if( control == IOBUFCTRL_FREE ) {
+ if( tfx->truncated )
+ log_error(_("can't handle text lines longer than %d characters\n"),
+ MAX_LINELEN );
+ xfree( tfx->buffer );
+ tfx->buffer = NULL;
+ }
+ else if( control == IOBUFCTRL_DESC )
+ *(char**)buf = "text_filter";
+ return rc;
+}
+
+
+/****************
+ * Copy data from INP to OUT and do some escaping if requested.
+ * md is updated as required by rfc2440
+ */
+int
+copy_clearsig_text( IOBUF out, IOBUF inp, gcry_md_hd_t md,
+ int escape_dash, int escape_from, int pgp2mode )
+{
+ unsigned int maxlen;
+ byte *buffer = NULL; /* malloced buffer */
+ unsigned int bufsize; /* and size of this buffer */
+ unsigned int n;
+ int truncated = 0;
+ int pending_lf = 0;
+
+ if( !opt.pgp2_workarounds )
+ pgp2mode = 0;
+
+ if( !escape_dash )
+ escape_from = 0;
+
+ write_status_begin_signing (md);
+
+ for(;;) {
+ maxlen = MAX_LINELEN;
+ n = iobuf_read_line( inp, &buffer, &bufsize, &maxlen );
+ if( !maxlen )
+ truncated++;
+
+ if( !n )
+ break; /* read_line has returned eof */
+
+ /* update the message digest */
+ if( escape_dash ) {
+ if( pending_lf ) {
+ gcry_md_putc ( md, '\r' );
+ gcry_md_putc ( md, '\n' );
+ }
+ gcry_md_write ( md, buffer,
+ len_without_trailing_chars (buffer, n,
+ pgp2mode?
+ " \r\n":" \t\r\n"));
+ }
+ else
+ gcry_md_write ( md, buffer, n );
+ pending_lf = buffer[n-1] == '\n';
+
+ /* write the output */
+ if( ( escape_dash && *buffer == '-')
+ || ( escape_from && n > 4 && !memcmp(buffer, "From ", 5 ) ) ) {
+ iobuf_put( out, '-' );
+ iobuf_put( out, ' ' );
+ }
+
+#if 0 /*defined(HAVE_DOSISH_SYSTEM)*/
+ /* We don't use this anymore because my interpretation of rfc2440 7.1
+ * is that there is no conversion needed. If one decides to
+ * clearsign a unix file on a DOS box he will get a mixed line endings.
+ * If at some point it turns out, that a conversion is a nice feature
+ * we can make an option out of it.
+ */
+ /* make sure the lines do end in CR,LF */
+ if( n > 1 && ( (buffer[n-2] == '\r' && buffer[n-1] == '\n' )
+ || (buffer[n-2] == '\n' && buffer[n-1] == '\r'))) {
+ iobuf_write( out, buffer, n-2 );
+ iobuf_put( out, '\r');
+ iobuf_put( out, '\n');
+ }
+ else if( n && buffer[n-1] == '\n' ) {
+ iobuf_write( out, buffer, n-1 );
+ iobuf_put( out, '\r');
+ iobuf_put( out, '\n');
+ }
+ else
+ iobuf_write( out, buffer, n );
+
+#else
+ iobuf_write( out, buffer, n );
+#endif
+ }
+
+ /* at eof */
+ if( !pending_lf ) { /* make sure that the file ends with a LF */
+ iobuf_writestr( out, LF );
+ if( !escape_dash )
+ gcry_md_putc( md, '\n' );
+ }
+
+ if( truncated )
+ log_info(_("input line longer than %d characters\n"), MAX_LINELEN );
+
+ return 0; /* okay */
+}
diff --git a/g10/trustdb.c b/g10/trustdb.c
new file mode 100644
index 0000000..fe8b833
--- /dev/null
+++ b/g10/trustdb.c
@@ -0,0 +1,2503 @@
+/* trustdb.c
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ * 2008, 2012 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#ifndef DISABLE_REGEX
+#include <sys/types.h>
+#include <regex.h>
+#endif /* !DISABLE_REGEX */
+
+#include "gpg.h"
+#include "status.h"
+#include "iobuf.h"
+#include "keydb.h"
+#include "util.h"
+#include "options.h"
+#include "packet.h"
+#include "main.h"
+#include "i18n.h"
+#include "tdbio.h"
+#include "trustdb.h"
+
+
+/*
+ * A structure to store key identification as well as some stuff needed
+ * for validation
+ */
+struct key_item {
+ struct key_item *next;
+ unsigned int ownertrust,min_ownertrust;
+ byte trust_depth;
+ byte trust_value;
+ char *trust_regexp;
+ u32 kid[2];
+};
+
+
+typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
+
+/*
+ * Structure to keep track of keys, this is used as an array wherre
+ * the item right after the last one has a keyblock set to NULL.
+ * Maybe we can drop this thing and replace it by key_item
+ */
+struct key_array {
+ KBNODE keyblock;
+};
+
+
+/* control information for the trust DB */
+static struct {
+ int init;
+ int level;
+ char *dbname;
+} trustdb_args;
+
+/* some globals */
+static struct key_item *user_utk_list; /* temp. used to store --trusted-keys */
+static struct key_item *utk_list; /* all ultimately trusted keys */
+
+static int pending_check_trustdb;
+
+static int validate_keys (int interactive);
+
+
+/**********************************************
+ ************* some helpers *******************
+ **********************************************/
+
+static struct key_item *
+new_key_item (void)
+{
+ struct key_item *k;
+
+ k = xmalloc_clear (sizeof *k);
+ return k;
+}
+
+static void
+release_key_items (struct key_item *k)
+{
+ struct key_item *k2;
+
+ for (; k; k = k2)
+ {
+ k2 = k->next;
+ xfree (k->trust_regexp);
+ xfree (k);
+ }
+}
+
+/*
+ * For fast keylook up we need a hash table. Each byte of a KeyIDs
+ * should be distributed equally over the 256 possible values (except
+ * for v3 keyIDs but we consider them as not important here). So we
+ * can just use 10 bits to index a table of 1024 key items.
+ * Possible optimization: Don not use key_items but other hash_table when the
+ * duplicates lists gets too large.
+ */
+static KeyHashTable
+new_key_hash_table (void)
+{
+ struct key_item **tbl;
+
+ tbl = xmalloc_clear (1024 * sizeof *tbl);
+ return tbl;
+}
+
+static void
+release_key_hash_table (KeyHashTable tbl)
+{
+ int i;
+
+ if (!tbl)
+ return;
+ for (i=0; i < 1024; i++)
+ release_key_items (tbl[i]);
+ xfree (tbl);
+}
+
+/*
+ * Returns: True if the keyID is in the given hash table
+ */
+static int
+test_key_hash_table (KeyHashTable tbl, u32 *kid)
+{
+ struct key_item *k;
+
+ for (k = tbl[(kid[1] & 0x03ff)]; k; k = k->next)
+ if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
+ return 1;
+ return 0;
+}
+
+/*
+ * Add a new key to the hash table. The key is identified by its key ID.
+ */
+static void
+add_key_hash_table (KeyHashTable tbl, u32 *kid)
+{
+ struct key_item *k, *kk;
+
+ for (k = tbl[(kid[1] & 0x03ff)]; k; k = k->next)
+ if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
+ return; /* already in table */
+
+ kk = new_key_item ();
+ kk->kid[0] = kid[0];
+ kk->kid[1] = kid[1];
+ kk->next = tbl[(kid[1] & 0x03ff)];
+ tbl[(kid[1] & 0x03ff)] = kk;
+}
+
+/*
+ * Release a key_array
+ */
+static void
+release_key_array ( struct key_array *keys )
+{
+ struct key_array *k;
+
+ if (keys) {
+ for (k=keys; k->keyblock; k++)
+ release_kbnode (k->keyblock);
+ xfree (keys);
+ }
+}
+
+
+/*********************************************
+ ********** Initialization *****************
+ *********************************************/
+
+
+
+/*
+ * Used to register extra ultimately trusted keys - this has to be done
+ * before initializing the validation module.
+ * FIXME: Should be replaced by a function to add those keys to the trustdb.
+ */
+void
+register_trusted_keyid(u32 *keyid)
+{
+ struct key_item *k;
+
+ k = new_key_item ();
+ k->kid[0] = keyid[0];
+ k->kid[1] = keyid[1];
+ k->next = user_utk_list;
+ user_utk_list = k;
+}
+
+void
+register_trusted_key( const char *string )
+{
+ KEYDB_SEARCH_DESC desc;
+
+ if (classify_user_id (string, &desc) != KEYDB_SEARCH_MODE_LONG_KID )
+ {
+ log_error(_("`%s' is not a valid long keyID\n"), string );
+ return;
+ }
+
+ register_trusted_keyid(desc.u.kid);
+}
+
+/*
+ * Helper to add a key to the global list of ultimately trusted keys.
+ * Retruns: true = inserted, false = already in in list.
+ */
+static int
+add_utk (u32 *kid)
+{
+ struct key_item *k;
+
+ for (k = utk_list; k; k = k->next)
+ {
+ if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
+ {
+ return 0;
+ }
+ }
+
+ k = new_key_item ();
+ k->kid[0] = kid[0];
+ k->kid[1] = kid[1];
+ k->ownertrust = TRUST_ULTIMATE;
+ k->next = utk_list;
+ utk_list = k;
+ if( opt.verbose > 1 )
+ log_info(_("key %s: accepted as trusted key\n"), keystr(kid));
+ return 1;
+}
+
+
+/****************
+ * Verify that all our secret keys are usable and put them into the utk_list.
+ */
+static void
+verify_own_keys(void)
+{
+ TRUSTREC rec;
+ ulong recnum;
+ int rc;
+ struct key_item *k;
+
+ if (utk_list)
+ return;
+
+ /* scan the trustdb to find all ultimately trusted keys */
+ for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
+ {
+ if ( rec.rectype == RECTYPE_TRUST
+ && (rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
+ {
+ byte *fpr = rec.r.trust.fingerprint;
+ int fprlen;
+ u32 kid[2];
+
+ /* Problem: We do only use fingerprints in the trustdb but
+ * we need the keyID here to indetify the key; we can only
+ * use that ugly hack to distinguish between 16 and 20
+ * butes fpr - it does not work always so we better change
+ * the whole validation code to only work with
+ * fingerprints */
+ fprlen = (!fpr[16] && !fpr[17] && !fpr[18] && !fpr[19])? 16:20;
+ keyid_from_fingerprint (fpr, fprlen, kid);
+ if (!add_utk (kid))
+ log_info(_("key %s occurs more than once in the trustdb\n"),
+ keystr(kid));
+ }
+ }
+
+ /* Put any --trusted-key keys into the trustdb */
+ for (k = user_utk_list; k; k = k->next)
+ {
+ if ( add_utk (k->kid) )
+ { /* not yet in trustDB as ultimately trusted */
+ PKT_public_key pk;
+
+ memset (&pk, 0, sizeof pk);
+ rc = get_pubkey (&pk, k->kid);
+ if (rc)
+ log_info(_("key %s: no public key for trusted key - skipped\n"),
+ keystr(k->kid));
+ else
+ {
+ update_ownertrust (&pk,
+ ((get_ownertrust (&pk) & ~TRUST_MASK)
+ | TRUST_ULTIMATE ));
+ release_public_key_parts (&pk);
+ }
+
+ log_info (_("key %s marked as ultimately trusted\n"),keystr(k->kid));
+ }
+ }
+
+ /* release the helper table table */
+ release_key_items (user_utk_list);
+ user_utk_list = NULL;
+ return;
+}
+
+
+/*********************************************
+ *********** TrustDB stuff *******************
+ *********************************************/
+
+/*
+ * Read a record but die if it does not exist
+ */
+static void
+read_record (ulong recno, TRUSTREC *rec, int rectype )
+{
+ int rc = tdbio_read_record (recno, rec, rectype);
+ if (rc)
+ {
+ log_error(_("trust record %lu, req type %d: read failed: %s\n"),
+ recno, rec->rectype, g10_errstr(rc) );
+ tdbio_invalid();
+ }
+ if (rectype != rec->rectype)
+ {
+ log_error(_("trust record %lu is not of requested type %d\n"),
+ rec->recnum, rectype);
+ tdbio_invalid();
+ }
+}
+
+/*
+ * Write a record and die on error
+ */
+static void
+write_record (TRUSTREC *rec)
+{
+ int rc = tdbio_write_record (rec);
+ if (rc)
+ {
+ log_error(_("trust record %lu, type %d: write failed: %s\n"),
+ rec->recnum, rec->rectype, g10_errstr(rc) );
+ tdbio_invalid();
+ }
+}
+
+/*
+ * sync the TrustDb and die on error
+ */
+static void
+do_sync(void)
+{
+ int rc = tdbio_sync ();
+ if(rc)
+ {
+ log_error (_("trustdb: sync failed: %s\n"), g10_errstr(rc) );
+ g10_exit(2);
+ }
+}
+
+static const char *
+trust_model_string(void)
+{
+ switch(opt.trust_model)
+ {
+ case TM_CLASSIC: return "classic";
+ case TM_PGP: return "PGP";
+ case TM_EXTERNAL: return "external";
+ case TM_ALWAYS: return "always";
+ case TM_DIRECT: return "direct";
+ default: return "unknown";
+ }
+}
+
+/****************
+ * Perform some checks over the trustdb
+ * level 0: only open the db
+ * 1: used for initial program startup
+ */
+int
+setup_trustdb( int level, const char *dbname )
+{
+ /* just store the args */
+ if( trustdb_args.init )
+ return 0;
+ trustdb_args.level = level;
+ trustdb_args.dbname = dbname? xstrdup(dbname): NULL;
+ return 0;
+}
+
+void
+how_to_fix_the_trustdb ()
+{
+ const char *name = trustdb_args.dbname;
+
+ if (!name)
+ name = "trustdb.gpg";
+
+ log_info (_("You may try to re-create the trustdb using the commands:\n"));
+ log_info (" cd %s\n", default_homedir ());
+ log_info (" gpg2 --export-ownertrust > otrust.tmp\n");
+#ifdef HAVE_W32_SYSTEM
+ log_info (" del %s\n", name);
+#else
+ log_info (" rm %s\n", name);
+#endif
+ log_info (" gpg2 --import-ownertrust < otrust.tmp\n");
+ log_info (_("If that does not work, please consult the manual\n"));
+}
+
+
+void
+init_trustdb()
+{
+ int level = trustdb_args.level;
+ const char* dbname = trustdb_args.dbname;
+
+ if( trustdb_args.init )
+ return;
+
+ trustdb_args.init = 1;
+
+ if(level==0 || level==1)
+ {
+ int rc = tdbio_set_dbname( dbname, !!level );
+ if( rc )
+ log_fatal("can't init trustdb: %s\n", g10_errstr(rc) );
+ }
+ else
+ BUG();
+
+ if(opt.trust_model==TM_AUTO)
+ {
+ /* Try and set the trust model off of whatever the trustdb says
+ it is. */
+ opt.trust_model=tdbio_read_model();
+
+ /* Sanity check this ;) */
+ if(opt.trust_model!=TM_CLASSIC
+ && opt.trust_model!=TM_PGP
+ && opt.trust_model!=TM_EXTERNAL)
+ {
+ log_info(_("unable to use unknown trust model (%d) - "
+ "assuming %s trust model\n"),opt.trust_model,"PGP");
+ opt.trust_model=TM_PGP;
+ }
+
+ if(opt.verbose)
+ log_info(_("using %s trust model\n"),trust_model_string());
+ }
+
+ if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
+ {
+ /* Verify the list of ultimately trusted keys and move the
+ --trusted-keys list there as well. */
+ if(level==1)
+ verify_own_keys();
+
+ if(!tdbio_db_matches_options())
+ pending_check_trustdb=1;
+ }
+}
+
+
+/***********************************************
+ ************* Print helpers ****************
+ ***********************************************/
+
+/****************
+ * This function returns a letter for a trustvalue Trust flags
+ * are ignore.
+ */
+static int
+trust_letter (unsigned int value)
+{
+ switch( (value & TRUST_MASK) )
+ {
+ case TRUST_UNKNOWN: return '-';
+ case TRUST_EXPIRED: return 'e';
+ case TRUST_UNDEFINED: return 'q';
+ case TRUST_NEVER: return 'n';
+ case TRUST_MARGINAL: return 'm';
+ case TRUST_FULLY: return 'f';
+ case TRUST_ULTIMATE: return 'u';
+ default: return '?';
+ }
+}
+
+/* NOTE TO TRANSLATOR: these strings are similar to those in
+ trust_value_to_string(), but are a fixed length. This is needed to
+ make attractive information listings where columns line up
+ properly. The value "10" should be the length of the strings you
+ choose to translate to. This is the length in printable columns.
+ It gets passed to atoi() so everything after the number is
+ essentially a comment and need not be translated. Either key and
+ uid are both NULL, or neither are NULL. */
+const char *
+uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid)
+{
+ if(!key && !uid)
+ return _("10 translator see trustdb.c:uid_trust_string_fixed");
+ else if(uid->is_revoked || (key && key->is_revoked))
+ return _("[ revoked]");
+ else if(uid->is_expired)
+ return _("[ expired]");
+ else if(key)
+ switch(get_validity(key,uid)&TRUST_MASK)
+ {
+ case TRUST_UNKNOWN: return _("[ unknown]");
+ case TRUST_EXPIRED: return _("[ expired]");
+ case TRUST_UNDEFINED: return _("[ undef ]");
+ case TRUST_MARGINAL: return _("[marginal]");
+ case TRUST_FULLY: return _("[ full ]");
+ case TRUST_ULTIMATE: return _("[ultimate]");
+ }
+
+ return "err";
+}
+
+/* The strings here are similar to those in
+ pkclist.c:do_edit_ownertrust() */
+const char *
+trust_value_to_string (unsigned int value)
+{
+ switch( (value & TRUST_MASK) )
+ {
+ case TRUST_UNKNOWN: return _("unknown");
+ case TRUST_EXPIRED: return _("expired");
+ case TRUST_UNDEFINED: return _("undefined");
+ case TRUST_NEVER: return _("never");
+ case TRUST_MARGINAL: return _("marginal");
+ case TRUST_FULLY: return _("full");
+ case TRUST_ULTIMATE: return _("ultimate");
+ default: return "err";
+ }
+}
+
+int
+string_to_trust_value (const char *str)
+{
+ if(ascii_strcasecmp(str,"undefined")==0)
+ return TRUST_UNDEFINED;
+ else if(ascii_strcasecmp(str,"never")==0)
+ return TRUST_NEVER;
+ else if(ascii_strcasecmp(str,"marginal")==0)
+ return TRUST_MARGINAL;
+ else if(ascii_strcasecmp(str,"full")==0)
+ return TRUST_FULLY;
+ else if(ascii_strcasecmp(str,"ultimate")==0)
+ return TRUST_ULTIMATE;
+ else
+ return -1;
+}
+
+/****************
+ * Recreate the WoT but do not ask for new ownertrusts. Special
+ * feature: In batch mode and without a forced yes, this is only done
+ * when a check is due. This can be used to run the check from a crontab
+ */
+void
+check_trustdb ()
+{
+ init_trustdb();
+ if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
+ {
+ if (opt.batch && !opt.answer_yes)
+ {
+ ulong scheduled;
+
+ scheduled = tdbio_read_nextcheck ();
+ if (!scheduled)
+ {
+ log_info (_("no need for a trustdb check\n"));
+ return;
+ }
+
+ if (scheduled > make_timestamp ())
+ {
+ log_info (_("next trustdb check due at %s\n"),
+ strtimestamp (scheduled));
+ return;
+ }
+ }
+
+ validate_keys (0);
+ }
+ else
+ log_info (_("no need for a trustdb check with `%s' trust model\n"),
+ trust_model_string());
+}
+
+
+/*
+ * Recreate the WoT.
+ */
+void
+update_trustdb()
+{
+ init_trustdb();
+ if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
+ validate_keys (1);
+ else
+ log_info (_("no need for a trustdb update with `%s' trust model\n"),
+ trust_model_string());
+}
+
+void
+revalidation_mark (void)
+{
+ init_trustdb();
+ /* we simply set the time for the next check to 1 (far back in 1970)
+ * so that a --update-trustdb will be scheduled */
+ if (tdbio_write_nextcheck (1))
+ do_sync ();
+ pending_check_trustdb = 1;
+}
+
+int
+trustdb_pending_check(void)
+{
+ return pending_check_trustdb;
+}
+
+/* If the trustdb is dirty, and we're interactive, update it.
+ Otherwise, check it unless no-auto-check-trustdb is set. */
+void
+trustdb_check_or_update(void)
+{
+ if(trustdb_pending_check())
+ {
+ if(opt.interactive)
+ update_trustdb();
+ else if(!opt.no_auto_check_trustdb)
+ check_trustdb();
+ }
+}
+
+void
+read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
+ byte *marginals,byte *completes,byte *cert_depth,
+ byte *min_cert_level)
+{
+ TRUSTREC opts;
+
+ init_trustdb();
+
+ read_record(0,&opts,RECTYPE_VER);
+
+ if(trust_model)
+ *trust_model=opts.r.ver.trust_model;
+ if(created)
+ *created=opts.r.ver.created;
+ if(nextcheck)
+ *nextcheck=opts.r.ver.nextcheck;
+ if(marginals)
+ *marginals=opts.r.ver.marginals;
+ if(completes)
+ *completes=opts.r.ver.completes;
+ if(cert_depth)
+ *cert_depth=opts.r.ver.cert_depth;
+ if(min_cert_level)
+ *min_cert_level=opts.r.ver.min_cert_level;
+}
+
+/***********************************************
+ *********** Ownertrust et al. ****************
+ ***********************************************/
+
+static int
+read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
+{
+ int rc;
+
+ init_trustdb();
+ rc = tdbio_search_trust_bypk (pk, rec);
+ if (rc == -1)
+ return -1; /* no record yet */
+ if (rc)
+ {
+ log_error ("trustdb: searching trust record failed: %s\n",
+ g10_errstr (rc));
+ return rc;
+ }
+
+ if (rec->rectype != RECTYPE_TRUST)
+ {
+ log_error ("trustdb: record %lu is not a trust record\n",
+ rec->recnum);
+ return G10ERR_TRUSTDB;
+ }
+
+ return 0;
+}
+
+/****************
+ * Return the assigned ownertrust value for the given public key.
+ * The key should be the primary key.
+ */
+unsigned int
+get_ownertrust ( PKT_public_key *pk)
+{
+ TRUSTREC rec;
+ int rc;
+
+ rc = read_trust_record (pk, &rec);
+ if (rc == -1)
+ return TRUST_UNKNOWN; /* no record yet */
+ if (rc)
+ {
+ tdbio_invalid ();
+ return rc; /* actually never reached */
+ }
+
+ return rec.r.trust.ownertrust;
+}
+
+unsigned int
+get_min_ownertrust (PKT_public_key *pk)
+{
+ TRUSTREC rec;
+ int rc;
+
+ rc = read_trust_record (pk, &rec);
+ if (rc == -1)
+ return TRUST_UNKNOWN; /* no record yet */
+ if (rc)
+ {
+ tdbio_invalid ();
+ return rc; /* actually never reached */
+ }
+
+ return rec.r.trust.min_ownertrust;
+}
+
+/*
+ * Same as get_ownertrust but this takes the minimum ownertrust value
+ * into into account, and will bump up the value as needed.
+ */
+static int
+get_ownertrust_with_min (PKT_public_key *pk)
+{
+ unsigned int otrust,otrust_min;
+
+ otrust = (get_ownertrust (pk) & TRUST_MASK);
+ otrust_min = get_min_ownertrust (pk);
+ if(otrust<otrust_min)
+ {
+ /* If the trust that the user has set is less than the trust
+ that was calculated from a trust signature chain, use the
+ higher of the two. We do this here and not in
+ get_ownertrust since the underlying ownertrust should not
+ really be set - just the appearance of the ownertrust. */
+
+ otrust=otrust_min;
+ }
+
+ return otrust;
+}
+
+/*
+ * Same as get_ownertrust but return a trust letter instead of an
+ * value. This takes the minimum ownertrust value into account.
+ */
+int
+get_ownertrust_info (PKT_public_key *pk)
+{
+ return trust_letter(get_ownertrust_with_min(pk));
+}
+
+/*
+ * Same as get_ownertrust but return a trust string instead of an
+ * value. This takes the minimum ownertrust value into account.
+ */
+const char *
+get_ownertrust_string (PKT_public_key *pk)
+{
+ return trust_value_to_string(get_ownertrust_with_min(pk));
+}
+
+/*
+ * Set the trust value of the given public key to the new value.
+ * The key should be a primary one.
+ */
+void
+update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
+{
+ TRUSTREC rec;
+ int rc;
+
+ rc = read_trust_record (pk, &rec);
+ if (!rc)
+ {
+ if (DBG_TRUST)
+ log_debug ("update ownertrust from %u to %u\n",
+ (unsigned int)rec.r.trust.ownertrust, new_trust );
+ if (rec.r.trust.ownertrust != new_trust)
+ {
+ rec.r.trust.ownertrust = new_trust;
+ write_record( &rec );
+ revalidation_mark ();
+ do_sync ();
+ }
+ }
+ else if (rc == -1)
+ { /* no record yet - create a new one */
+ size_t dummy;
+
+ if (DBG_TRUST)
+ log_debug ("insert ownertrust %u\n", new_trust );
+
+ memset (&rec, 0, sizeof rec);
+ rec.recnum = tdbio_new_recnum ();
+ rec.rectype = RECTYPE_TRUST;
+ fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
+ rec.r.trust.ownertrust = new_trust;
+ write_record (&rec);
+ revalidation_mark ();
+ do_sync ();
+ rc = 0;
+ }
+ else
+ {
+ tdbio_invalid ();
+ }
+}
+
+static void
+update_min_ownertrust (u32 *kid, unsigned int new_trust )
+{
+ PKT_public_key *pk;
+ TRUSTREC rec;
+ int rc;
+
+ pk = xmalloc_clear (sizeof *pk);
+ rc = get_pubkey (pk, kid);
+ if (rc)
+ {
+ log_error(_("public key %s not found: %s\n"),keystr(kid),g10_errstr(rc));
+ return;
+ }
+
+ rc = read_trust_record (pk, &rec);
+ if (!rc)
+ {
+ if (DBG_TRUST)
+ log_debug ("key %08lX%08lX: update min_ownertrust from %u to %u\n",
+ (ulong)kid[0],(ulong)kid[1],
+ (unsigned int)rec.r.trust.min_ownertrust,
+ new_trust );
+ if (rec.r.trust.min_ownertrust != new_trust)
+ {
+ rec.r.trust.min_ownertrust = new_trust;
+ write_record( &rec );
+ revalidation_mark ();
+ do_sync ();
+ }
+ }
+ else if (rc == -1)
+ { /* no record yet - create a new one */
+ size_t dummy;
+
+ if (DBG_TRUST)
+ log_debug ("insert min_ownertrust %u\n", new_trust );
+
+ memset (&rec, 0, sizeof rec);
+ rec.recnum = tdbio_new_recnum ();
+ rec.rectype = RECTYPE_TRUST;
+ fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
+ rec.r.trust.min_ownertrust = new_trust;
+ write_record (&rec);
+ revalidation_mark ();
+ do_sync ();
+ rc = 0;
+ }
+ else
+ {
+ tdbio_invalid ();
+ }
+}
+
+/* Clear the ownertrust and min_ownertrust values. Return true if a
+ change actually happened. */
+int
+clear_ownertrusts (PKT_public_key *pk)
+{
+ TRUSTREC rec;
+ int rc;
+
+ rc = read_trust_record (pk, &rec);
+ if (!rc)
+ {
+ if (DBG_TRUST)
+ {
+ log_debug ("clearing ownertrust (old value %u)\n",
+ (unsigned int)rec.r.trust.ownertrust);
+ log_debug ("clearing min_ownertrust (old value %u)\n",
+ (unsigned int)rec.r.trust.min_ownertrust);
+ }
+ if (rec.r.trust.ownertrust || rec.r.trust.min_ownertrust)
+ {
+ rec.r.trust.ownertrust = 0;
+ rec.r.trust.min_ownertrust = 0;
+ write_record( &rec );
+ revalidation_mark ();
+ do_sync ();
+ return 1;
+ }
+ }
+ else if (rc != -1)
+ {
+ tdbio_invalid ();
+ }
+ return 0;
+}
+
+/*
+ * Note: Caller has to do a sync
+ */
+static void
+update_validity (PKT_public_key *pk, PKT_user_id *uid,
+ int depth, int validity)
+{
+ TRUSTREC trec, vrec;
+ int rc;
+ ulong recno;
+
+ namehash_from_uid(uid);
+
+ rc = read_trust_record (pk, &trec);
+ if (rc && rc != -1)
+ {
+ tdbio_invalid ();
+ return;
+ }
+ if (rc == -1) /* no record yet - create a new one */
+ {
+ size_t dummy;
+
+ rc = 0;
+ memset (&trec, 0, sizeof trec);
+ trec.recnum = tdbio_new_recnum ();
+ trec.rectype = RECTYPE_TRUST;
+ fingerprint_from_pk (pk, trec.r.trust.fingerprint, &dummy);
+ trec.r.trust.ownertrust = 0;
+ }
+
+ /* locate an existing one */
+ recno = trec.r.trust.validlist;
+ while (recno)
+ {
+ read_record (recno, &vrec, RECTYPE_VALID);
+ if ( !memcmp (vrec.r.valid.namehash, uid->namehash, 20) )
+ break;
+ recno = vrec.r.valid.next;
+ }
+
+ if (!recno) /* insert a new validity record */
+ {
+ memset (&vrec, 0, sizeof vrec);
+ vrec.recnum = tdbio_new_recnum ();
+ vrec.rectype = RECTYPE_VALID;
+ memcpy (vrec.r.valid.namehash, uid->namehash, 20);
+ vrec.r.valid.next = trec.r.trust.validlist;
+ trec.r.trust.validlist = vrec.recnum;
+ }
+ vrec.r.valid.validity = validity;
+ vrec.r.valid.full_count = uid->help_full_count;
+ vrec.r.valid.marginal_count = uid->help_marginal_count;
+ write_record (&vrec);
+ trec.r.trust.depth = depth;
+ write_record (&trec);
+}
+
+
+/***********************************************
+ ********* Query trustdb values **************
+ ***********************************************/
+
+/* Return true if key is disabled */
+int
+cache_disabled_value(PKT_public_key *pk)
+{
+ int rc;
+ TRUSTREC trec;
+ int disabled=0;
+
+ if(pk->is_disabled)
+ return (pk->is_disabled==2);
+
+ init_trustdb();
+
+ rc = read_trust_record (pk, &trec);
+ if (rc && rc != -1)
+ {
+ tdbio_invalid ();
+ goto leave;
+ }
+ if (rc == -1) /* no record found, so assume not disabled */
+ goto leave;
+
+ if(trec.r.trust.ownertrust & TRUST_FLAG_DISABLED)
+ disabled=1;
+
+ /* Cache it for later so we don't need to look at the trustdb every
+ time */
+ if(disabled)
+ pk->is_disabled=2;
+ else
+ pk->is_disabled=1;
+
+ leave:
+ return disabled;
+}
+
+void
+check_trustdb_stale(void)
+{
+ static int did_nextcheck=0;
+
+ init_trustdb ();
+ if (!did_nextcheck
+ && (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC))
+ {
+ ulong scheduled;
+
+ did_nextcheck = 1;
+ scheduled = tdbio_read_nextcheck ();
+ if ((scheduled && scheduled <= make_timestamp ())
+ || pending_check_trustdb)
+ {
+ if (opt.no_auto_check_trustdb)
+ {
+ pending_check_trustdb = 1;
+ log_info (_("please do a --check-trustdb\n"));
+ }
+ else
+ {
+ log_info (_("checking the trustdb\n"));
+ validate_keys (0);
+ }
+ }
+ }
+}
+
+/*
+ * Return the validity information for PK. If the namehash is not
+ * NULL, the validity of the corresponsing user ID is returned,
+ * otherwise, a reasonable value for the entire key is returned.
+ */
+unsigned int
+get_validity (PKT_public_key *pk, PKT_user_id *uid)
+{
+ TRUSTREC trec, vrec;
+ int rc;
+ ulong recno;
+ unsigned int validity;
+ u32 kid[2];
+ PKT_public_key *main_pk;
+
+ if(uid)
+ namehash_from_uid(uid);
+
+ init_trustdb ();
+ check_trustdb_stale();
+
+ keyid_from_pk (pk, kid);
+ if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
+ { /* this is a subkey - get the mainkey */
+ main_pk = xmalloc_clear (sizeof *main_pk);
+ rc = get_pubkey (main_pk, pk->main_keyid);
+ if (rc)
+ {
+ char *tempkeystr=xstrdup(keystr(pk->main_keyid));
+ log_error ("error getting main key %s of subkey %s: %s\n",
+ tempkeystr, keystr(kid), g10_errstr(rc));
+ xfree(tempkeystr);
+ validity = TRUST_UNKNOWN;
+ goto leave;
+ }
+ }
+ else
+ main_pk = pk;
+
+ if(opt.trust_model==TM_DIRECT)
+ {
+ /* Note that this happens BEFORE any user ID stuff is checked.
+ The direct trust model applies to keys as a whole. */
+ validity=get_ownertrust(main_pk);
+ goto leave;
+ }
+
+ rc = read_trust_record (main_pk, &trec);
+ if (rc && rc != -1)
+ {
+ tdbio_invalid ();
+ return 0;
+ }
+ if (rc == -1) /* no record found */
+ {
+ validity = TRUST_UNKNOWN;
+ goto leave;
+ }
+
+ /* loop over all user IDs */
+ recno = trec.r.trust.validlist;
+ validity = 0;
+ while (recno)
+ {
+ read_record (recno, &vrec, RECTYPE_VALID);
+
+ if(uid)
+ {
+ /* If a user ID is given we return the validity for that
+ user ID ONLY. If the namehash is not found, then there
+ is no validity at all (i.e. the user ID wasn't
+ signed). */
+ if(memcmp(vrec.r.valid.namehash,uid->namehash,20)==0)
+ {
+ validity=(vrec.r.valid.validity & TRUST_MASK);
+ break;
+ }
+ }
+ else
+ {
+ /* If no namehash is given, we take the maximum validity
+ over all user IDs */
+ if ( validity < (vrec.r.valid.validity & TRUST_MASK) )
+ validity = (vrec.r.valid.validity & TRUST_MASK);
+ }
+
+ recno = vrec.r.valid.next;
+ }
+
+ if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
+ {
+ validity |= TRUST_FLAG_DISABLED;
+ pk->is_disabled=2;
+ }
+ else
+ pk->is_disabled=1;
+
+ leave:
+ /* set some flags direct from the key */
+ if (main_pk->is_revoked)
+ validity |= TRUST_FLAG_REVOKED;
+ if (main_pk != pk && pk->is_revoked)
+ validity |= TRUST_FLAG_SUB_REVOKED;
+ /* Note: expiration is a trust value and not a flag - don't know why
+ * I initially designed it that way */
+ if (main_pk->has_expired || pk->has_expired)
+ validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
+
+ if (pending_check_trustdb)
+ validity |= TRUST_FLAG_PENDING_CHECK;
+
+ if (main_pk != pk)
+ free_public_key (main_pk);
+ return validity;
+}
+
+int
+get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
+{
+ int trustlevel;
+
+ if (!pk)
+ return '?'; /* Just in case a NULL PK is passed. */
+
+ trustlevel = get_validity (pk, uid);
+ if ( (trustlevel & TRUST_FLAG_REVOKED) )
+ return 'r';
+ return trust_letter (trustlevel);
+}
+
+const char *
+get_validity_string (PKT_public_key *pk, PKT_user_id *uid)
+{
+ int trustlevel;
+
+ if (!pk)
+ return "err"; /* Just in case a NULL PK is passed. */
+
+ trustlevel = get_validity (pk, uid);
+ if( trustlevel & TRUST_FLAG_REVOKED )
+ return _("revoked");
+ return trust_value_to_string(trustlevel);
+}
+
+static void
+get_validity_counts (PKT_public_key *pk, PKT_user_id *uid)
+{
+ TRUSTREC trec, vrec;
+ ulong recno;
+
+ if(pk==NULL || uid==NULL)
+ BUG();
+
+ namehash_from_uid(uid);
+
+ uid->help_marginal_count=uid->help_full_count=0;
+
+ init_trustdb ();
+
+ if(read_trust_record (pk, &trec)!=0)
+ return;
+
+ /* loop over all user IDs */
+ recno = trec.r.trust.validlist;
+ while (recno)
+ {
+ read_record (recno, &vrec, RECTYPE_VALID);
+
+ if(memcmp(vrec.r.valid.namehash,uid->namehash,20)==0)
+ {
+ uid->help_marginal_count=vrec.r.valid.marginal_count;
+ uid->help_full_count=vrec.r.valid.full_count;
+ /* printf("Fetched marginal %d, full %d\n",uid->help_marginal_count,uid->help_full_count); */
+ break;
+ }
+
+ recno = vrec.r.valid.next;
+ }
+}
+
+void
+list_trust_path( const char *username )
+{
+ (void)username;
+}
+
+/****************
+ * Enumerate all keys, which are needed to build all trust paths for
+ * the given key. This function does not return the key itself or
+ * the ultimate key (the last point in cerificate chain). Only
+ * certificate chains which ends up at an ultimately trusted key
+ * are listed. If ownertrust or validity is not NULL, the corresponding
+ * value for the returned LID is also returned in these variable(s).
+ *
+ * 1) create a void pointer and initialize it to NULL
+ * 2) pass this void pointer by reference to this function.
+ * Set lid to the key you want to enumerate and pass it by reference.
+ * 3) call this function as long as it does not return -1
+ * to indicate EOF. LID does contain the next key used to build the web
+ * 4) Always call this function a last time with LID set to NULL,
+ * so that it can free its context.
+ *
+ * Returns: -1 on EOF or the level of the returned LID
+ */
+int
+enum_cert_paths( void **context, ulong *lid,
+ unsigned *ownertrust, unsigned *validity )
+{
+ (void)context;
+ (void)lid;
+ (void)ownertrust;
+ (void)validity;
+ return -1;
+}
+
+
+/****************
+ * Print the current path
+ */
+void
+enum_cert_paths_print (void **context, FILE *fp,
+ int refresh, ulong selected_lid)
+{
+ (void)context;
+ (void)fp;
+ (void)refresh;
+ (void)selected_lid;
+}
+
+
+
+/****************************************
+ *********** NEW NEW NEW ****************
+ ****************************************/
+
+static int
+ask_ownertrust (u32 *kid,int minimum)
+{
+ PKT_public_key *pk;
+ int rc;
+ int ot;
+
+ pk = xmalloc_clear (sizeof *pk);
+ rc = get_pubkey (pk, kid);
+ if (rc)
+ {
+ log_error (_("public key %s not found: %s\n"),
+ keystr(kid), g10_errstr(rc) );
+ return TRUST_UNKNOWN;
+ }
+
+ if(opt.force_ownertrust)
+ {
+ log_info("force trust for key %s to %s\n",
+ keystr(kid),trust_value_to_string(opt.force_ownertrust));
+ update_ownertrust(pk,opt.force_ownertrust);
+ ot=opt.force_ownertrust;
+ }
+ else
+ {
+ ot=edit_ownertrust(pk,0);
+ if(ot>0)
+ ot = get_ownertrust (pk);
+ else if(ot==0)
+ ot = minimum?minimum:TRUST_UNDEFINED;
+ else
+ ot = -1; /* quit */
+ }
+
+ free_public_key( pk );
+
+ return ot;
+}
+
+
+static void
+mark_keyblock_seen (KeyHashTable tbl, KBNODE node)
+{
+ for ( ;node; node = node->next )
+ if (node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ u32 aki[2];
+
+ keyid_from_pk (node->pkt->pkt.public_key, aki);
+ add_key_hash_table (tbl, aki);
+ }
+}
+
+
+static void
+dump_key_array (int depth, struct key_array *keys)
+{
+ struct key_array *kar;
+
+ for (kar=keys; kar->keyblock; kar++)
+ {
+ KBNODE node = kar->keyblock;
+ u32 kid[2];
+
+ keyid_from_pk(node->pkt->pkt.public_key, kid);
+ printf ("%d:%08lX%08lX:K::%c::::\n",
+ depth, (ulong)kid[0], (ulong)kid[1], '?');
+
+ for (; node; node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID)
+ {
+ int len = node->pkt->pkt.user_id->len;
+
+ if (len > 30)
+ len = 30;
+ printf ("%d:%08lX%08lX:U:::%c:::",
+ depth, (ulong)kid[0], (ulong)kid[1],
+ (node->flag & 4)? 'f':
+ (node->flag & 2)? 'm':
+ (node->flag & 1)? 'q':'-');
+ print_string (stdout, node->pkt->pkt.user_id->name, len, ':');
+ putchar (':');
+ putchar ('\n');
+ }
+ }
+ }
+}
+
+
+static void
+store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
+{
+ KBNODE node;
+ int status;
+ int any = 0;
+
+ for (node=keyblock; node; node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID)
+ {
+ PKT_user_id *uid = node->pkt->pkt.user_id;
+ if (node->flag & 4)
+ status = TRUST_FULLY;
+ else if (node->flag & 2)
+ status = TRUST_MARGINAL;
+ else if (node->flag & 1)
+ status = TRUST_UNDEFINED;
+ else
+ status = 0;
+
+ if (status)
+ {
+ update_validity (keyblock->pkt->pkt.public_key,
+ uid, depth, status);
+
+ mark_keyblock_seen(stored,keyblock);
+
+ any = 1;
+ }
+ }
+ }
+
+ if (any)
+ do_sync ();
+}
+
+/*
+ * check whether the signature sig is in the klist k
+ */
+static struct key_item *
+is_in_klist (struct key_item *k, PKT_signature *sig)
+{
+ for (; k; k = k->next)
+ {
+ if (k->kid[0] == sig->keyid[0] && k->kid[1] == sig->keyid[1])
+ return k;
+ }
+ return NULL;
+}
+
+/*
+ * Mark the signature of the given UID which are used to certify it.
+ * To do this, we first revmove all signatures which are not valid and
+ * from the remain ones we look for the latest one. If this is not a
+ * certification revocation signature we mark the signature by setting
+ * node flag bit 8. Revocations are marked with flag 11, and sigs
+ * from unavailable keys are marked with flag 12. Note that flag bits
+ * 9 and 10 are used for internal purposes.
+ */
+static void
+mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
+ u32 *main_kid, struct key_item *klist,
+ u32 curtime, u32 *next_expire)
+{
+ KBNODE node;
+ PKT_signature *sig;
+
+ /* first check all signatures */
+ for (node=uidnode->next; node; node = node->next)
+ {
+ int rc;
+
+ node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
+ if (node->pkt->pkttype == PKT_USER_ID
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ break; /* ready */
+ if (node->pkt->pkttype != PKT_SIGNATURE)
+ continue;
+ sig = node->pkt->pkt.signature;
+ if (main_kid
+ && sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
+ continue; /* ignore self-signatures if we pass in a main_kid */
+ if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
+ continue; /* we only look at these signature classes */
+ if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
+ sig->sig_class-0x10<opt.min_cert_level)
+ continue; /* treat anything under our min_cert_level as an
+ invalid signature */
+ if (klist && !is_in_klist (klist, sig))
+ continue; /* no need to check it then */
+ if ((rc=check_key_signature (keyblock, node, NULL)))
+ {
+ /* we ignore anything that won't verify, but tag the
+ no_pubkey case */
+ if(rc==G10ERR_NO_PUBKEY)
+ node->flag |= 1<<12;
+ continue;
+ }
+ node->flag |= 1<<9;
+ }
+ /* reset the remaining flags */
+ for (; node; node = node->next)
+ node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
+
+ /* kbnode flag usage: bit 9 is here set for signatures to consider,
+ * bit 10 will be set by the loop to keep track of keyIDs already
+ * processed, bit 8 will be set for the usable signatures, and bit
+ * 11 will be set for usable revocations. */
+
+ /* for each cert figure out the latest valid one */
+ for (node=uidnode->next; node; node = node->next)
+ {
+ KBNODE n, signode;
+ u32 kid[2];
+ u32 sigdate;
+
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ break;
+ if ( !(node->flag & (1<<9)) )
+ continue; /* not a node to look at */
+ if ( (node->flag & (1<<10)) )
+ continue; /* signature with a keyID already processed */
+ node->flag |= (1<<10); /* mark this node as processed */
+ sig = node->pkt->pkt.signature;
+ signode = node;
+ sigdate = sig->timestamp;
+ kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1];
+
+ /* Now find the latest and greatest signature */
+ for (n=uidnode->next; n; n = n->next)
+ {
+ if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ break;
+ if ( !(n->flag & (1<<9)) )
+ continue;
+ if ( (n->flag & (1<<10)) )
+ continue; /* shortcut already processed signatures */
+ sig = n->pkt->pkt.signature;
+ if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
+ continue;
+ n->flag |= (1<<10); /* mark this node as processed */
+
+ /* If signode is nonrevocable and unexpired and n isn't,
+ then take signode (skip). It doesn't matter which is
+ older: if signode was older then we don't want to take n
+ as signode is nonrevocable. If n was older then we're
+ automatically fine. */
+
+ if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
+ !signode->pkt->pkt.signature->flags.revocable &&
+ (signode->pkt->pkt.signature->expiredate==0 ||
+ signode->pkt->pkt.signature->expiredate>curtime))) &&
+ (!(IS_UID_SIG(n->pkt->pkt.signature) &&
+ !n->pkt->pkt.signature->flags.revocable &&
+ (n->pkt->pkt.signature->expiredate==0 ||
+ n->pkt->pkt.signature->expiredate>curtime))))
+ continue;
+
+ /* If n is nonrevocable and unexpired and signode isn't,
+ then take n. Again, it doesn't matter which is older: if
+ n was older then we don't want to take signode as n is
+ nonrevocable. If signode was older then we're
+ automatically fine. */
+
+ if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
+ !signode->pkt->pkt.signature->flags.revocable &&
+ (signode->pkt->pkt.signature->expiredate==0 ||
+ signode->pkt->pkt.signature->expiredate>curtime))) &&
+ ((IS_UID_SIG(n->pkt->pkt.signature) &&
+ !n->pkt->pkt.signature->flags.revocable &&
+ (n->pkt->pkt.signature->expiredate==0 ||
+ n->pkt->pkt.signature->expiredate>curtime))))
+ {
+ signode = n;
+ sigdate = sig->timestamp;
+ continue;
+ }
+
+ /* At this point, if it's newer, it goes in as the only
+ remaining possibilities are signode and n are both either
+ revocable or expired or both nonrevocable and unexpired.
+ If the timestamps are equal take the later ordered
+ packet, presuming that the key packets are hopefully in
+ their original order. */
+
+ if (sig->timestamp >= sigdate)
+ {
+ signode = n;
+ sigdate = sig->timestamp;
+ }
+ }
+
+ sig = signode->pkt->pkt.signature;
+ if (IS_UID_SIG (sig))
+ { /* this seems to be a usable one which is not revoked.
+ * Just need to check whether there is an expiration time,
+ * We do the expired certification after finding a suitable
+ * certification, the assumption is that a signator does not
+ * want that after the expiration of his certificate the
+ * system falls back to an older certification which has a
+ * different expiration time */
+ const byte *p;
+ u32 expire;
+
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
+ expire = p? sig->timestamp + buffer_to_u32(p) : 0;
+
+ if (expire==0 || expire > curtime )
+ {
+ signode->flag |= (1<<8); /* yeah, found a good cert */
+ if (next_expire && expire && expire < *next_expire)
+ *next_expire = expire;
+ }
+ }
+ else
+ signode->flag |= (1<<11);
+ }
+}
+
+static int
+clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
+{
+ int deleted=0;
+ KBNODE node;
+ u32 keyid[2];
+
+ assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
+
+ keyid_from_pk(keyblock->pkt->pkt.public_key,keyid);
+
+ /* Passing in a 0 for current time here means that we'll never weed
+ out an expired sig. This is correct behavior since we want to
+ keep the most recent expired sig in a series. */
+ mark_usable_uid_certs(keyblock,uidnode,NULL,NULL,0,NULL);
+
+ /* What we want to do here is remove signatures that are not
+ considered as part of the trust calculations. Thus, all invalid
+ signatures are out, as are any signatures that aren't the last of
+ a series of uid sigs or revocations It breaks down like this:
+ coming out of mark_usable_uid_certs, if a sig is unflagged, it is
+ not even a candidate. If a sig has flag 9 or 10, that means it
+ was selected as a candidate and vetted. If a sig has flag 8 it
+ is a usable signature. If a sig has flag 11 it is a usable
+ revocation. If a sig has flag 12 it was issued by an unavailable
+ key. "Usable" here means the most recent valid
+ signature/revocation in a series from a particular signer.
+
+ Delete everything that isn't a usable uid sig (which might be
+ expired), a usable revocation, or a sig from an unavailable
+ key. */
+
+ for(node=uidnode->next;
+ node && node->pkt->pkttype==PKT_SIGNATURE;
+ node=node->next)
+ {
+ int keep=self_only?(node->pkt->pkt.signature->keyid[0]==keyid[0]
+ && node->pkt->pkt.signature->keyid[1]==keyid[1]):1;
+
+ /* Keep usable uid sigs ... */
+ if((node->flag & (1<<8)) && keep)
+ continue;
+
+ /* ... and usable revocations... */
+ if((node->flag & (1<<11)) && keep)
+ continue;
+
+ /* ... and sigs from unavailable keys. */
+ /* disabled for now since more people seem to want sigs from
+ unavailable keys removed altogether. */
+ /*
+ if(node->flag & (1<<12))
+ continue;
+ */
+
+ /* Everything else we delete */
+
+ /* At this point, if 12 is set, the signing key was unavailable.
+ If 9 or 10 is set, it's superseded. Otherwise, it's
+ invalid. */
+
+ if(noisy)
+ log_info("removing signature from key %s on user ID \"%s\": %s\n",
+ keystr(node->pkt->pkt.signature->keyid),
+ uidnode->pkt->pkt.user_id->name,
+ node->flag&(1<<12)?"key unavailable":
+ node->flag&(1<<9)?"signature superseded":"invalid signature");
+
+ delete_kbnode(node);
+ deleted++;
+ }
+
+ return deleted;
+}
+
+/* This is substantially easier than clean_sigs_from_uid since we just
+ have to establish if the uid has a valid self-sig, is not revoked,
+ and is not expired. Note that this does not take into account
+ whether the uid has a trust path to it - just whether the keyholder
+ themselves has certified the uid. Returns true if the uid was
+ compacted. To "compact" a user ID, we simply remove ALL signatures
+ except the self-sig that caused the user ID to be remove-worthy.
+ We don't actually remove the user ID packet itself since it might
+ be ressurected in a later merge. Note that this function requires
+ that the caller has already done a merge_keys_and_selfsig().
+
+ TODO: change the import code to allow importing a uid with only a
+ revocation if the uid already exists on the keyring. */
+
+static int
+clean_uid_from_key(KBNODE keyblock,KBNODE uidnode,int noisy)
+{
+ KBNODE node;
+ PKT_user_id *uid=uidnode->pkt->pkt.user_id;
+ int deleted=0;
+
+ assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
+ assert(uidnode->pkt->pkttype==PKT_USER_ID);
+
+ /* Skip valid user IDs, compacted user IDs, and non-self-signed user
+ IDs if --allow-non-selfsigned-uid is set. */
+ if(uid->created || uid->flags.compacted
+ || (!uid->is_expired && !uid->is_revoked
+ && opt.allow_non_selfsigned_uid))
+ return 0;
+
+ for(node=uidnode->next;
+ node && node->pkt->pkttype==PKT_SIGNATURE;
+ node=node->next)
+ if(!node->pkt->pkt.signature->flags.chosen_selfsig)
+ {
+ delete_kbnode(node);
+ deleted=1;
+ uidnode->pkt->pkt.user_id->flags.compacted=1;
+ }
+
+ if(noisy)
+ {
+ const char *reason;
+ char *user=utf8_to_native(uid->name,uid->len,0);
+
+ if(uid->is_revoked)
+ reason=_("revoked");
+ else if(uid->is_expired)
+ reason=_("expired");
+ else
+ reason=_("invalid");
+
+ log_info("compacting user ID \"%s\" on key %s: %s\n",
+ user,keystr_from_pk(keyblock->pkt->pkt.public_key),
+ reason);
+
+ xfree(user);
+ }
+
+ return deleted;
+}
+
+/* Needs to be called after a merge_keys_and_selfsig() */
+void
+clean_one_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only,
+ int *uids_cleaned,int *sigs_cleaned)
+{
+ int dummy;
+
+ assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
+ assert(uidnode->pkt->pkttype==PKT_USER_ID);
+
+ if(!uids_cleaned)
+ uids_cleaned=&dummy;
+
+ if(!sigs_cleaned)
+ sigs_cleaned=&dummy;
+
+ /* Do clean_uid_from_key first since if it fires off, we don't
+ have to bother with the other */
+ *uids_cleaned+=clean_uid_from_key(keyblock,uidnode,noisy);
+ if(!uidnode->pkt->pkt.user_id->flags.compacted)
+ *sigs_cleaned+=clean_sigs_from_uid(keyblock,uidnode,noisy,self_only);
+}
+
+void
+clean_key(KBNODE keyblock,int noisy,int self_only,
+ int *uids_cleaned,int *sigs_cleaned)
+{
+ KBNODE uidnode;
+
+ merge_keys_and_selfsig(keyblock);
+
+ for(uidnode=keyblock->next;
+ uidnode && uidnode->pkt->pkttype!=PKT_PUBLIC_SUBKEY;
+ uidnode=uidnode->next)
+ if(uidnode->pkt->pkttype==PKT_USER_ID)
+ clean_one_uid(keyblock,uidnode,noisy,self_only,
+ uids_cleaned,sigs_cleaned);
+}
+
+/* Returns a sanitized copy of the regexp (which might be "", but not
+ NULL). */
+#ifndef DISABLE_REGEX
+static char *
+sanitize_regexp(const char *old)
+{
+ size_t start=0,len=strlen(old),idx=0;
+ int escaped=0,standard_bracket=0;
+ char *new=xmalloc((len*2)+1); /* enough to \-escape everything if we
+ have to */
+
+ /* There are basically two commonly-used regexps here. GPG and most
+ versions of PGP use "<[^>]+[@.]example\.com>$" and PGP (9)
+ command line uses "example.com" (i.e. whatever the user specfies,
+ and we can't expect users know to use "\." instead of "."). So
+ here are the rules: we're allowed to start with "<[^>]+[@.]" and
+ end with ">$" or start and end with nothing. In between, the
+ only legal regex character is ".", and everything else gets
+ escaped. Part of the gotcha here is that some regex packages
+ allow more than RFC-4880 requires. For example, 4880 has no "{}"
+ operator, but GNU regex does. Commenting removes these operators
+ from consideration. A possible future enhancement is to use
+ commenting to effectively back off a given regex to the Henry
+ Spencer syntax in 4880. -dshaw */
+
+ /* Are we bracketed between "<[^>]+[@.]" and ">$" ? */
+ if(len>=12 && strncmp(old,"<[^>]+[@.]",10)==0
+ && old[len-2]=='>' && old[len-1]=='$')
+ {
+ strcpy(new,"<[^>]+[@.]");
+ idx=strlen(new);
+ standard_bracket=1;
+ start+=10;
+ len-=2;
+ }
+
+ /* Walk the remaining characters and ensure that everything that is
+ left is not an operational regex character. */
+ for(;start<len;start++)
+ {
+ if(!escaped && old[start]=='\\')
+ escaped=1;
+ else if(!escaped && old[start]!='.')
+ new[idx++]='\\';
+ else
+ escaped=0;
+
+ new[idx++]=old[start];
+ }
+
+ new[idx]='\0';
+
+ /* Note that the (sub)string we look at might end with a bare "\".
+ If it does, leave it that way. If the regexp actually ended with
+ ">$", then it was escaping the ">" and is fine. If the regexp
+ actually ended with the bare "\", then it's an illegal regexp and
+ regcomp should kick it out. */
+
+ if(standard_bracket)
+ strcat(new,">$");
+
+ return new;
+}
+#endif /*!DISABLE_REGEX*/
+
+/* Used by validate_one_keyblock to confirm a regexp within a trust
+ signature. Returns 1 for match, and 0 for no match or regex
+ error. */
+static int
+check_regexp(const char *expr,const char *string)
+{
+#ifdef DISABLE_REGEX
+ /* When DISABLE_REGEX is defined, assume all regexps do not
+ match. */
+ return 0;
+#else
+ int ret;
+ char *regexp;
+
+ regexp=sanitize_regexp(expr);
+
+#ifdef __riscos__
+ ret=riscos_check_regexp(expr, string, DBG_TRUST);
+#else
+ {
+ regex_t pat;
+
+ ret=regcomp(&pat,regexp,REG_ICASE|REG_NOSUB|REG_EXTENDED);
+ if(ret==0)
+ {
+ ret=regexec(&pat,string,0,NULL,0);
+ regfree(&pat);
+ ret=(ret==0);
+ }
+ }
+#endif
+
+ if(DBG_TRUST)
+ log_debug("regexp `%s' (`%s') on `%s': %s\n",
+ regexp,expr,string,ret==0?"YES":"NO");
+
+ xfree(regexp);
+
+ return ret;
+#endif
+}
+
+/*
+ * Return true if the key is signed by one of the keys in the given
+ * key ID list. User IDs with a valid signature are marked by node
+ * flags as follows:
+ * flag bit 0: There is at least one signature
+ * 1: There is marginal confidence that this is a legitimate uid
+ * 2: There is full confidence that this is a legitimate uid.
+ * 8: Used for internal purposes.
+ * 9: Ditto (in mark_usable_uid_certs())
+ * 10: Ditto (ditto)
+ * This function assumes that all kbnode flags are cleared on entry.
+ */
+static int
+validate_one_keyblock (KBNODE kb, struct key_item *klist,
+ u32 curtime, u32 *next_expire)
+{
+ struct key_item *kr;
+ KBNODE node, uidnode=NULL;
+ PKT_user_id *uid=NULL;
+ PKT_public_key *pk = kb->pkt->pkt.public_key;
+ u32 main_kid[2];
+ int issigned=0, any_signed = 0;
+
+ keyid_from_pk(pk, main_kid);
+ for (node=kb; node; node = node->next)
+ {
+ /* A bit of discussion here: is it better for the web of trust
+ to be built among only self-signed uids? On the one hand, a
+ self-signed uid is a statement that the key owner definitely
+ intended that uid to be there, but on the other hand, a
+ signed (but not self-signed) uid does carry trust, of a sort,
+ even if it is a statement being made by people other than the
+ key owner "through" the uids on the key owner's key. I'm
+ going with the latter. However, if the user ID was
+ explicitly revoked, or passively allowed to expire, that
+ should stop validity through the user ID until it is
+ resigned. -dshaw */
+
+ if (node->pkt->pkttype == PKT_USER_ID
+ && !node->pkt->pkt.user_id->is_revoked
+ && !node->pkt->pkt.user_id->is_expired)
+ {
+ if (uidnode && issigned)
+ {
+ if (uid->help_full_count >= opt.completes_needed
+ || uid->help_marginal_count >= opt.marginals_needed )
+ uidnode->flag |= 4;
+ else if (uid->help_full_count || uid->help_marginal_count)
+ uidnode->flag |= 2;
+ uidnode->flag |= 1;
+ any_signed = 1;
+ }
+ uidnode = node;
+ uid=uidnode->pkt->pkt.user_id;
+
+ /* If the selfsig is going to expire... */
+ if(uid->expiredate && uid->expiredate<*next_expire)
+ *next_expire = uid->expiredate;
+
+ issigned = 0;
+ get_validity_counts(pk,uid);
+ mark_usable_uid_certs (kb, uidnode, main_kid, klist,
+ curtime, next_expire);
+ }
+ else if (node->pkt->pkttype == PKT_SIGNATURE
+ && (node->flag & (1<<8)) && uid)
+ {
+ /* Note that we are only seeing unrevoked sigs here */
+ PKT_signature *sig = node->pkt->pkt.signature;
+
+ kr = is_in_klist (klist, sig);
+ /* If the trust_regexp does not match, it's as if the sig
+ did not exist. This is safe for non-trust sigs as well
+ since we don't accept a regexp on the sig unless it's a
+ trust sig. */
+ if (kr && (!kr->trust_regexp
+ || opt.trust_model != TM_PGP
+ || (uidnode
+ && check_regexp(kr->trust_regexp,
+ uidnode->pkt->pkt.user_id->name))))
+ {
+ /* Are we part of a trust sig chain? We always favor
+ the latest trust sig, rather than the greater or
+ lesser trust sig or value. I could make a decent
+ argument for any of these cases, but this seems to be
+ what PGP does, and I'd like to be compatible. -dms */
+ if (opt.trust_model == TM_PGP
+ && sig->trust_depth
+ && pk->trust_timestamp <= sig->timestamp)
+ {
+ unsigned char depth;
+
+ /* If the depth on the signature is less than the
+ chain currently has, then use the signature depth
+ so we don't increase the depth beyond what the
+ signer wanted. If the depth on the signature is
+ more than the chain currently has, then use the
+ chain depth so we use as much of the signature
+ depth as the chain will permit. An ultimately
+ trusted signature can restart the depth to
+ whatever level it likes. */
+
+ if (sig->trust_depth < kr->trust_depth
+ || kr->ownertrust == TRUST_ULTIMATE)
+ depth = sig->trust_depth;
+ else
+ depth = kr->trust_depth;
+
+ if (depth)
+ {
+ if(DBG_TRUST)
+ log_debug ("trust sig on %s, sig depth is %d,"
+ " kr depth is %d\n",
+ uidnode->pkt->pkt.user_id->name,
+ sig->trust_depth,
+ kr->trust_depth);
+
+ /* If we got here, we know that:
+
+ this is a trust sig.
+
+ it's a newer trust sig than any previous trust
+ sig on this key (not uid).
+
+ it is legal in that it was either generated by an
+ ultimate key, or a key that was part of a trust
+ chain, and the depth does not violate the
+ original trust sig.
+
+ if there is a regexp attached, it matched
+ successfully.
+ */
+
+ if (DBG_TRUST)
+ log_debug ("replacing trust value %d with %d and "
+ "depth %d with %d\n",
+ pk->trust_value,sig->trust_value,
+ pk->trust_depth,depth);
+
+ pk->trust_value = sig->trust_value;
+ pk->trust_depth = depth-1;
+
+ /* If the trust sig contains a regexp, record it
+ on the pk for the next round. */
+ if (sig->trust_regexp)
+ pk->trust_regexp = sig->trust_regexp;
+ }
+ }
+
+ if (kr->ownertrust == TRUST_ULTIMATE)
+ uid->help_full_count = opt.completes_needed;
+ else if (kr->ownertrust == TRUST_FULLY)
+ uid->help_full_count++;
+ else if (kr->ownertrust == TRUST_MARGINAL)
+ uid->help_marginal_count++;
+ issigned = 1;
+ }
+ }
+ }
+
+ if (uidnode && issigned)
+ {
+ if (uid->help_full_count >= opt.completes_needed
+ || uid->help_marginal_count >= opt.marginals_needed )
+ uidnode->flag |= 4;
+ else if (uid->help_full_count || uid->help_marginal_count)
+ uidnode->flag |= 2;
+ uidnode->flag |= 1;
+ any_signed = 1;
+ }
+
+ return any_signed;
+}
+
+
+static int
+search_skipfnc (void *opaque, u32 *kid, PKT_user_id *dummy)
+{
+ (void)dummy;
+ return test_key_hash_table ((KeyHashTable)opaque, kid);
+}
+
+
+/*
+ * Scan all keys and return a key_array of all suitable keys from
+ * kllist. The caller has to pass keydb handle so that we don't use
+ * to create our own. Returns either a key_array or NULL in case of
+ * an error. No results found are indicated by an empty array.
+ * Caller hast to release the returned array.
+ */
+static struct key_array *
+validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
+ struct key_item *klist, u32 curtime, u32 *next_expire)
+{
+ KBNODE keyblock = NULL;
+ struct key_array *keys = NULL;
+ size_t nkeys, maxkeys;
+ int rc;
+ KEYDB_SEARCH_DESC desc;
+
+ maxkeys = 1000;
+ keys = xmalloc ((maxkeys+1) * sizeof *keys);
+ nkeys = 0;
+
+ rc = keydb_search_reset (hd);
+ if (rc)
+ {
+ log_error ("keydb_search_reset failed: %s\n", g10_errstr(rc));
+ xfree (keys);
+ return NULL;
+ }
+
+ memset (&desc, 0, sizeof desc);
+ desc.mode = KEYDB_SEARCH_MODE_FIRST;
+ desc.skipfnc = search_skipfnc;
+ desc.skipfncvalue = full_trust;
+ rc = keydb_search (hd, &desc, 1);
+ if (rc == -1)
+ {
+ keys[nkeys].keyblock = NULL;
+ return keys;
+ }
+ if (rc)
+ {
+ log_error ("keydb_search_first failed: %s\n", g10_errstr(rc));
+ xfree (keys);
+ return NULL;
+ }
+
+ desc.mode = KEYDB_SEARCH_MODE_NEXT; /* change mode */
+ do
+ {
+ PKT_public_key *pk;
+
+ rc = keydb_get_keyblock (hd, &keyblock);
+ if (rc)
+ {
+ log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
+ xfree (keys);
+ return NULL;
+ }
+
+ if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
+ {
+ log_debug ("ooops: invalid pkttype %d encountered\n",
+ keyblock->pkt->pkttype);
+ dump_kbnode (keyblock);
+ release_kbnode(keyblock);
+ continue;
+ }
+
+ /* prepare the keyblock for further processing */
+ merge_keys_and_selfsig (keyblock);
+ clear_kbnode_flags (keyblock);
+ pk = keyblock->pkt->pkt.public_key;
+ if (pk->has_expired || pk->is_revoked)
+ {
+ /* it does not make sense to look further at those keys */
+ mark_keyblock_seen (full_trust, keyblock);
+ }
+ else if (validate_one_keyblock (keyblock, klist, curtime, next_expire))
+ {
+ KBNODE node;
+
+ if (pk->expiredate && pk->expiredate >= curtime
+ && pk->expiredate < *next_expire)
+ *next_expire = pk->expiredate;
+
+ if (nkeys == maxkeys) {
+ maxkeys += 1000;
+ keys = xrealloc (keys, (maxkeys+1) * sizeof *keys);
+ }
+ keys[nkeys++].keyblock = keyblock;
+
+ /* Optimization - if all uids are fully trusted, then we
+ never need to consider this key as a candidate again. */
+
+ for (node=keyblock; node; node = node->next)
+ if (node->pkt->pkttype == PKT_USER_ID && !(node->flag & 4))
+ break;
+
+ if(node==NULL)
+ mark_keyblock_seen (full_trust, keyblock);
+
+ keyblock = NULL;
+ }
+
+ release_kbnode (keyblock);
+ keyblock = NULL;
+ }
+ while ( !(rc = keydb_search (hd, &desc, 1)) );
+ if (rc && rc != -1)
+ {
+ log_error ("keydb_search_next failed: %s\n", g10_errstr(rc));
+ xfree (keys);
+ return NULL;
+ }
+
+ keys[nkeys].keyblock = NULL;
+ return keys;
+}
+
+/* Caller must sync */
+static void
+reset_trust_records(void)
+{
+ TRUSTREC rec;
+ ulong recnum;
+ int count = 0, nreset = 0;
+
+ for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
+ {
+ if(rec.rectype==RECTYPE_TRUST)
+ {
+ count++;
+ if(rec.r.trust.min_ownertrust)
+ {
+ rec.r.trust.min_ownertrust=0;
+ write_record(&rec);
+ }
+
+ }
+ else if(rec.rectype==RECTYPE_VALID
+ && ((rec.r.valid.validity&TRUST_MASK)
+ || rec.r.valid.marginal_count
+ || rec.r.valid.full_count))
+ {
+ rec.r.valid.validity &= ~TRUST_MASK;
+ rec.r.valid.marginal_count=rec.r.valid.full_count=0;
+ nreset++;
+ write_record(&rec);
+ }
+
+ }
+
+ if (opt.verbose)
+ log_info (_("%d keys processed (%d validity counts cleared)\n"),
+ count, nreset);
+}
+
+/*
+ * Run the key validation procedure.
+ *
+ * This works this way:
+ * Step 1: Find all ultimately trusted keys (UTK).
+ * mark them all as seen and put them into klist.
+ * Step 2: loop max_cert_times
+ * Step 3: if OWNERTRUST of any key in klist is undefined
+ * ask user to assign ownertrust
+ * Step 4: Loop over all keys in the keyDB which are not marked seen
+ * Step 5: if key is revoked or expired
+ * mark key as seen
+ * continue loop at Step 4
+ * Step 6: For each user ID of that key signed by a key in klist
+ * Calculate validity by counting trusted signatures.
+ * Set validity of user ID
+ * Step 7: If any signed user ID was found
+ * mark key as seen
+ * End Loop
+ * Step 8: Build a new klist from all fully trusted keys from step 6
+ * End Loop
+ * Ready
+ *
+ */
+static int
+validate_keys (int interactive)
+{
+ int rc = 0;
+ int quit=0;
+ struct key_item *klist = NULL;
+ struct key_item *k;
+ struct key_array *keys = NULL;
+ struct key_array *kar;
+ KEYDB_HANDLE kdb = NULL;
+ KBNODE node;
+ int depth;
+ int ot_unknown, ot_undefined, ot_never, ot_marginal, ot_full, ot_ultimate;
+ KeyHashTable stored,used,full_trust;
+ u32 start_time, next_expire;
+
+ /* Make sure we have all sigs cached. TODO: This is going to
+ require some architectual re-thinking, as it is agonizingly slow.
+ Perhaps combine this with reset_trust_records(), or only check
+ the caches on keys that are actually involved in the web of
+ trust. */
+ keydb_rebuild_caches(0);
+
+ start_time = make_timestamp ();
+ next_expire = 0xffffffff; /* set next expire to the year 2106 */
+ stored = new_key_hash_table ();
+ used = new_key_hash_table ();
+ full_trust = new_key_hash_table ();
+
+ kdb = keydb_new (0);
+ reset_trust_records();
+
+ /* Fixme: Instead of always building a UTK list, we could just build it
+ * here when needed */
+ if (!utk_list)
+ {
+ if (!opt.quiet)
+ log_info (_("no ultimately trusted keys found\n"));
+ goto leave;
+ }
+
+ /* mark all UTKs as used and fully_trusted and set validity to
+ ultimate */
+ for (k=utk_list; k; k = k->next)
+ {
+ KBNODE keyblock;
+ PKT_public_key *pk;
+
+ keyblock = get_pubkeyblock (k->kid);
+ if (!keyblock)
+ {
+ log_error (_("public key of ultimately"
+ " trusted key %s not found\n"), keystr(k->kid));
+ continue;
+ }
+ mark_keyblock_seen (used, keyblock);
+ mark_keyblock_seen (stored, keyblock);
+ mark_keyblock_seen (full_trust, keyblock);
+ pk = keyblock->pkt->pkt.public_key;
+ for (node=keyblock; node; node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID)
+ update_validity (pk, node->pkt->pkt.user_id, 0, TRUST_ULTIMATE);
+ }
+ if ( pk->expiredate && pk->expiredate >= start_time
+ && pk->expiredate < next_expire)
+ next_expire = pk->expiredate;
+
+ release_kbnode (keyblock);
+ do_sync ();
+ }
+
+ klist = utk_list;
+
+ log_info(_("%d marginal(s) needed, %d complete(s) needed, %s trust model\n"),
+ opt.marginals_needed,opt.completes_needed,trust_model_string());
+
+ for (depth=0; depth < opt.max_cert_depth; depth++)
+ {
+ int valids=0,key_count;
+ /* See whether we should assign ownertrust values to the keys in
+ klist. */
+ ot_unknown = ot_undefined = ot_never = 0;
+ ot_marginal = ot_full = ot_ultimate = 0;
+ for (k=klist; k; k = k->next)
+ {
+ int min=0;
+
+ /* 120 and 60 are as per RFC2440 */
+ if(k->trust_value>=120)
+ min=TRUST_FULLY;
+ else if(k->trust_value>=60)
+ min=TRUST_MARGINAL;
+
+ if(min!=k->min_ownertrust)
+ update_min_ownertrust(k->kid,min);
+
+ if (interactive && k->ownertrust == TRUST_UNKNOWN)
+ {
+ k->ownertrust = ask_ownertrust (k->kid,min);
+
+ if (k->ownertrust == -1)
+ {
+ quit=1;
+ goto leave;
+ }
+ }
+
+ /* This can happen during transition from an old trustdb
+ before trust sigs. It can also happen if a user uses two
+ different versions of GnuPG or changes the --trust-model
+ setting. */
+ if(k->ownertrust<min)
+ {
+ if(DBG_TRUST)
+ log_debug("key %08lX%08lX:"
+ " overriding ownertrust `%s' with `%s'\n",
+ (ulong)k->kid[0],(ulong)k->kid[1],
+ trust_value_to_string(k->ownertrust),
+ trust_value_to_string(min));
+
+ k->ownertrust=min;
+ }
+
+ if (k->ownertrust == TRUST_UNKNOWN)
+ ot_unknown++;
+ else if (k->ownertrust == TRUST_UNDEFINED)
+ ot_undefined++;
+ else if (k->ownertrust == TRUST_NEVER)
+ ot_never++;
+ else if (k->ownertrust == TRUST_MARGINAL)
+ ot_marginal++;
+ else if (k->ownertrust == TRUST_FULLY)
+ ot_full++;
+ else if (k->ownertrust == TRUST_ULTIMATE)
+ ot_ultimate++;
+
+ valids++;
+ }
+
+ /* Find all keys which are signed by a key in kdlist */
+ keys = validate_key_list (kdb, full_trust, klist,
+ start_time, &next_expire);
+ if (!keys)
+ {
+ log_error ("validate_key_list failed\n");
+ rc = G10ERR_GENERAL;
+ goto leave;
+ }
+
+ for (key_count=0, kar=keys; kar->keyblock; kar++, key_count++)
+ ;
+
+ /* Store the calculated valididation status somewhere */
+ if (opt.verbose > 1)
+ dump_key_array (depth, keys);
+
+ for (kar=keys; kar->keyblock; kar++)
+ store_validation_status (depth, kar->keyblock, stored);
+
+ log_info (_("depth: %d valid: %3d signed: %3d"
+ " trust: %d-, %dq, %dn, %dm, %df, %du\n"),
+ depth, valids, key_count, ot_unknown, ot_undefined,
+ ot_never, ot_marginal, ot_full, ot_ultimate );
+
+ /* Build a new kdlist from all fully valid keys in KEYS */
+ if (klist != utk_list)
+ release_key_items (klist);
+ klist = NULL;
+ for (kar=keys; kar->keyblock; kar++)
+ {
+ for (node=kar->keyblock; node; node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID && (node->flag & 4))
+ {
+ u32 kid[2];
+
+ /* have we used this key already? */
+ keyid_from_pk (kar->keyblock->pkt->pkt.public_key, kid);
+ if(test_key_hash_table(used,kid)==0)
+ {
+ /* Normally we add both the primary and subkey
+ ids to the hash via mark_keyblock_seen, but
+ since we aren't using this hash as a skipfnc,
+ that doesn't matter here. */
+ add_key_hash_table (used,kid);
+ k = new_key_item ();
+ k->kid[0]=kid[0];
+ k->kid[1]=kid[1];
+ k->ownertrust =
+ (get_ownertrust (kar->keyblock->pkt->pkt.public_key)
+ & TRUST_MASK);
+ k->min_ownertrust =
+ get_min_ownertrust(kar->keyblock->pkt->pkt.public_key);
+ k->trust_depth=
+ kar->keyblock->pkt->pkt.public_key->trust_depth;
+ k->trust_value=
+ kar->keyblock->pkt->pkt.public_key->trust_value;
+ if(kar->keyblock->pkt->pkt.public_key->trust_regexp)
+ k->trust_regexp=
+ xstrdup(kar->keyblock->pkt->
+ pkt.public_key->trust_regexp);
+ k->next = klist;
+ klist = k;
+ break;
+ }
+ }
+ }
+ }
+ release_key_array (keys);
+ keys = NULL;
+ if (!klist)
+ break; /* no need to dive in deeper */
+ }
+
+ leave:
+ keydb_release (kdb);
+ release_key_array (keys);
+ release_key_items (klist);
+ release_key_hash_table (full_trust);
+ release_key_hash_table (used);
+ release_key_hash_table (stored);
+ if (!rc && !quit) /* mark trustDB as checked */
+ {
+ if (next_expire == 0xffffffff || next_expire < start_time )
+ tdbio_write_nextcheck (0);
+ else
+ {
+ tdbio_write_nextcheck (next_expire);
+ log_info (_("next trustdb check due at %s\n"),
+ strtimestamp (next_expire));
+ }
+
+ if(tdbio_update_version_record()!=0)
+ {
+ log_error(_("unable to update trustdb version record: "
+ "write failed: %s\n"), g10_errstr(rc));
+ tdbio_invalid();
+ }
+
+ do_sync ();
+ pending_check_trustdb = 0;
+ }
+
+ return rc;
+}
diff --git a/g10/trustdb.h b/g10/trustdb.h
new file mode 100644
index 0000000..0a9ce33
--- /dev/null
+++ b/g10/trustdb.h
@@ -0,0 +1,97 @@
+/* trustdb.h - Trust database
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ * 2005, 2012 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef G10_TRUSTDB_H
+#define G10_TRUSTDB_H
+
+/* Trust values must be sorted in ascending order */
+#define TRUST_MASK 15
+#define TRUST_UNKNOWN 0 /* o: not yet calculated/assigned */
+#define TRUST_EXPIRED 1 /* e: calculation may be invalid */
+#define TRUST_UNDEFINED 2 /* q: not enough information for calculation */
+#define TRUST_NEVER 3 /* n: never trust this pubkey */
+#define TRUST_MARGINAL 4 /* m: marginally trusted */
+#define TRUST_FULLY 5 /* f: fully trusted */
+#define TRUST_ULTIMATE 6 /* u: ultimately trusted */
+/* trust values not covered by the mask */
+#define TRUST_FLAG_REVOKED 32 /* r: revoked */
+#define TRUST_FLAG_SUB_REVOKED 64 /* r: revoked but for subkeys */
+#define TRUST_FLAG_DISABLED 128 /* d: key/uid disabled */
+#define TRUST_FLAG_PENDING_CHECK 256 /* a check-trustdb is pending */
+
+#define NAMEHASH_LEN 20
+
+/*-- trustdb.c --*/
+void register_trusted_keyid(u32 *keyid);
+void register_trusted_key( const char *string );
+void check_trustdb (void);
+void update_trustdb (void);
+int setup_trustdb( int level, const char *dbname );
+void how_to_fix_the_trustdb (void);
+void init_trustdb( void );
+void check_trustdb_stale(void);
+void sync_trustdb( void );
+
+const char *uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid);
+const char *trust_value_to_string (unsigned int value);
+int string_to_trust_value (const char *str);
+
+void revalidation_mark (void);
+int trustdb_pending_check(void);
+void trustdb_check_or_update(void);
+
+int cache_disabled_value(PKT_public_key *pk);
+
+unsigned int get_validity (PKT_public_key *pk, PKT_user_id *uid);
+int get_validity_info (PKT_public_key *pk, PKT_user_id *uid);
+const char *get_validity_string (PKT_public_key *pk, PKT_user_id *uid);
+
+void list_trust_path( const char *username );
+int enum_cert_paths( void **context, ulong *lid,
+ unsigned *ownertrust, unsigned *validity );
+void enum_cert_paths_print( void **context, FILE *fp,
+ int refresh, ulong selected_lid );
+
+void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
+ byte *marginals,byte *completes,byte *cert_depth,
+ byte *min_cert_level);
+
+unsigned int get_ownertrust (PKT_public_key *pk);
+unsigned int get_min_ownertrust (PKT_public_key *pk);
+int get_ownertrust_info (PKT_public_key *pk);
+const char *get_ownertrust_string (PKT_public_key *pk);
+
+void update_ownertrust (PKT_public_key *pk, unsigned int new_trust );
+int clear_ownertrusts (PKT_public_key *pk);
+
+void clean_one_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only,
+ int *uids_cleaned,int *sigs_cleaned);
+void clean_key(KBNODE keyblock,int noisy,int self_only,
+ int *uids_cleaned,int *sigs_cleaned);
+
+/*-- tdbdump.c --*/
+void list_trustdb(const char *username);
+void export_ownertrust(void);
+void import_ownertrust(const char *fname);
+
+/*-- pkclist.c --*/
+int edit_ownertrust (PKT_public_key *pk, int mode );
+
+#endif /*G10_TRUSTDB_H*/
diff --git a/g10/verify.c b/g10/verify.c
new file mode 100644
index 0000000..484fd9c
--- /dev/null
+++ b/g10/verify.c
@@ -0,0 +1,278 @@
+/* verify.c - Verify signed data
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2004, 2005, 2006,
+ * 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "packet.h"
+#include "status.h"
+#include "iobuf.h"
+#include "keydb.h"
+#include "util.h"
+#include "main.h"
+#include "status.h"
+#include "filter.h"
+#include "ttyio.h"
+#include "i18n.h"
+
+
+
+/****************
+ * Assume that the input is a signature and verify it without
+ * generating any output. With no arguments, the signature packet
+ * is read from stdin (it may be a detached signature when not
+ * used in batch mode). If only a sigfile is given, it may be a complete
+ * signature or a detached signature in which case the signed stuff
+ * is expected from stdin. With more than 1 argument, the first should
+ * be a detached signature and the remaining files are the signed stuff.
+ */
+
+int
+verify_signatures( int nfiles, char **files )
+{
+ IOBUF fp;
+ armor_filter_context_t *afx = NULL;
+ progress_filter_context_t *pfx = new_progress_context ();
+ const char *sigfile;
+ int i, rc;
+ strlist_t sl;
+
+ /* Decide whether we should handle a detached or a normal signature,
+ * which is needed so that the code later can hash the correct data and
+ * not have a normal signature act as detached signature and ignoring the
+ * indended signed material from the 2nd file or stdin.
+ * 1. gpg <file - normal
+ * 2. gpg file - normal (or detached)
+ * 3. gpg file <file2 - detached
+ * 4. gpg file file2 - detached
+ * The question is how decide between case 2 and 3? The only way
+ * we can do it is by reading one byte from stdin and then unget
+ * it; the problem here is that we may be reading from the
+ * terminal (which could be detected using isatty() but won't work
+ * when under contol of a pty using program (e.g. expect)) and
+ * might get us in trouble when stdin is used for another purpose
+ * (--passphrase-fd 0). So we have to break with the behaviour
+ * prior to gpg 1.0.4 by assuming that case 3 is a normal
+ * signature (where file2 is ignored and require for a detached
+ * signature to indicate signed material comes from stdin by using
+ * case 4 with a file2 of "-".
+ *
+ * Actually we don't have to change anything here but can handle
+ * that all quite easily in mainproc.c
+ */
+
+ sigfile = nfiles? *files : NULL;
+
+ /* open the signature file */
+ fp = iobuf_open(sigfile);
+ if (fp && is_secured_file (iobuf_get_fd (fp)))
+ {
+ iobuf_close (fp);
+ fp = NULL;
+ errno = EPERM;
+ }
+ if( !fp ) {
+ rc = gpg_error_from_syserror ();
+ log_error(_("can't open `%s': %s\n"),
+ print_fname_stdin(sigfile), strerror (errno));
+ goto leave;
+ }
+ handle_progress (pfx, fp, sigfile);
+
+ if ( !opt.no_armor && use_armor_filter( fp ) )
+ {
+ afx = new_armor_context ();
+ push_armor_filter (afx, fp);
+ }
+
+ sl = NULL;
+ for(i=nfiles-1 ; i > 0 ; i-- )
+ add_to_strlist( &sl, files[i] );
+ rc = proc_signature_packets( NULL, fp, sl, sigfile );
+ free_strlist(sl);
+ iobuf_close(fp);
+ if( (afx && afx->no_openpgp_data && rc == -1) || rc == G10ERR_NO_DATA ) {
+ log_error(_("the signature could not be verified.\n"
+ "Please remember that the signature file (.sig or .asc)\n"
+ "should be the first file given on the command line.\n") );
+ rc = 0;
+ }
+
+ leave:
+ release_armor_context (afx);
+ release_progress_context (pfx);
+ return rc;
+}
+
+
+
+void
+print_file_status( int status, const char *name, int what )
+{
+ char *p = xmalloc(strlen(name)+10);
+ sprintf(p, "%d %s", what, name );
+ write_status_text( status, p );
+ xfree(p);
+}
+
+
+static int
+verify_one_file( const char *name )
+{
+ IOBUF fp;
+ armor_filter_context_t *afx = NULL;
+ progress_filter_context_t *pfx = new_progress_context ();
+ int rc;
+
+ print_file_status( STATUS_FILE_START, name, 1 );
+ fp = iobuf_open(name);
+ if (fp)
+ iobuf_ioctl (fp,3,1,NULL); /* disable fd caching */
+ if (fp && is_secured_file (iobuf_get_fd (fp)))
+ {
+ iobuf_close (fp);
+ fp = NULL;
+ errno = EPERM;
+ }
+ if( !fp ) {
+ rc = gpg_error_from_syserror ();
+ log_error(_("can't open `%s': %s\n"),
+ print_fname_stdin(name), strerror (errno));
+ print_file_status( STATUS_FILE_ERROR, name, 1 );
+ goto leave;
+ }
+ handle_progress (pfx, fp, name);
+
+ if( !opt.no_armor ) {
+ if( use_armor_filter( fp ) ) {
+ afx = new_armor_context ();
+ push_armor_filter (afx, fp);
+ }
+ }
+
+ rc = proc_signature_packets( NULL, fp, NULL, name );
+ iobuf_close(fp);
+ write_status( STATUS_FILE_DONE );
+
+ reset_literals_seen();
+
+ leave:
+ release_armor_context (afx);
+ release_progress_context (pfx);
+ return rc;
+}
+
+/****************
+ * Verify each file given in the files array or read the names of the
+ * files from stdin.
+ * Note: This function can not handle detached signatures.
+ */
+int
+verify_files( int nfiles, char **files )
+{
+ int i;
+
+ if( !nfiles ) { /* read the filenames from stdin */
+ char line[2048];
+ unsigned int lno = 0;
+
+ while( fgets(line, DIM(line), stdin) ) {
+ lno++;
+ if( !*line || line[strlen(line)-1] != '\n' ) {
+ log_error(_("input line %u too long or missing LF\n"), lno );
+ return G10ERR_GENERAL;
+ }
+ /* This code does not work on MSDOS but how cares there are
+ * also no script languages available. We don't strip any
+ * spaces, so that we can process nearly all filenames */
+ line[strlen(line)-1] = 0;
+ verify_one_file( line );
+ }
+
+ }
+ else { /* take filenames from the array */
+ for(i=0; i < nfiles; i++ )
+ verify_one_file( files[i] );
+ }
+ return 0;
+}
+
+
+
+
+/* Perform a verify operation. To verify detached signatures, DATA_FD
+ shall be the descriptor of the signed data; for regular signatures
+ it needs to be -1. If OUT_FP is not NULL and DATA_FD is not -1 the
+ the signed material gets written that stream.
+
+ FIXME: OUTFP is not yet implemented.
+*/
+int
+gpg_verify (ctrl_t ctrl, int sig_fd, int data_fd, FILE *out_fp)
+{
+ int rc;
+ iobuf_t fp;
+ armor_filter_context_t *afx = NULL;
+ progress_filter_context_t *pfx = new_progress_context ();
+
+ (void)ctrl;
+ (void)out_fp;
+
+ fp = iobuf_fdopen (sig_fd, "rb");
+ if (fp && is_secured_file (sig_fd))
+ {
+ fp = NULL;
+ errno = EPERM;
+ }
+ if ( !fp )
+ {
+ rc = gpg_error_from_syserror ();
+ log_error (_("can't open fd %d: %s\n"), sig_fd, strerror (errno));
+ goto leave;
+ }
+
+ handle_progress (pfx, fp, NULL);
+
+ if ( !opt.no_armor && use_armor_filter (fp) )
+ {
+ afx = new_armor_context ();
+ push_armor_filter (afx, fp);
+ }
+
+ rc = proc_signature_packets_by_fd ( NULL, fp, data_fd );
+
+ if ( afx && afx->no_openpgp_data
+ && (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF) )
+ rc = gpg_error (GPG_ERR_NO_DATA);
+
+ leave:
+ if (fp)
+ iobuf_close (fp);
+ release_progress_context (pfx);
+ release_armor_context (afx);
+ return rc;
+}
+
diff --git a/gl/Makefile.am b/gl/Makefile.am
new file mode 100644
index 0000000..59667db
--- /dev/null
+++ b/gl/Makefile.am
@@ -0,0 +1,145 @@
+## DO NOT EDIT! GENERATED AUTOMATICALLY!
+## Process this file with automake to produce Makefile.in.
+# Copyright (C) 2004-2006 Free Software Foundation, Inc.
+#
+# This file is free software, distributed under the terms of the GNU
+# General Public License. As a special exception to the GNU General
+# Public License, this file may be distributed as part of a program
+# that contains a configuration script generated by Autoconf, under
+# the same distribution terms as the rest of that program.
+#
+# Generated by gnulib-tool.
+# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --aux-dir=scripts --no-libtool --macro-prefix=gl alloca-opt allocsa mkdtemp setenv strpbrk xsize
+
+AUTOMAKE_OPTIONS = 1.5 gnits
+
+noinst_LIBRARIES = libgnu.a
+
+libgnu_a_SOURCES =
+libgnu_a_LIBADD = $(LIBOBJS)
+noinst_HEADERS =
+EXTRA_DIST =
+BUILT_SOURCES =
+SUFFIXES =
+MOSTLYCLEANFILES = core *.stackdump
+MOSTLYCLEANDIRS =
+CLEANFILES =
+DISTCLEANFILES =
+MAINTAINERCLEANFILES =
+
+AM_CPPFLAGS =
+
+## begin gnulib module alloca-opt
+
+BUILT_SOURCES += $(ALLOCA_H)
+EXTRA_DIST += alloca_.h
+
+# We need the following in order to create <alloca.h> when the system
+# doesn't have one that works with the given compiler.
+alloca.h: alloca_.h
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+ cat $(srcdir)/alloca_.h; \
+ } > $@-t
+ mv -f $@-t $@
+MOSTLYCLEANFILES += alloca.h alloca.h-t
+
+## end gnulib module alloca-opt
+
+## begin gnulib module allocsa
+
+libgnu_a_SOURCES += allocsa.h allocsa.c
+EXTRA_DIST += allocsa.valgrind
+
+## end gnulib module allocsa
+
+## begin gnulib module mkdtemp
+
+libgnu_a_SOURCES += mkdtemp.h
+
+## end gnulib module mkdtemp
+
+## begin gnulib module setenv
+
+libgnu_a_SOURCES += setenv.h
+
+## end gnulib module setenv
+
+## begin gnulib module size_max
+
+libgnu_a_SOURCES += size_max.h
+
+## end gnulib module size_max
+
+## begin gnulib module stdint
+
+BUILT_SOURCES += $(STDINT_H)
+EXTRA_DIST += stdint_.h
+
+# We need the following in order to create <stdint.h> when the system
+# doesn't have one that works with the given compiler.
+stdint.h: stdint_.h
+ rm -f $@-t $@
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+ sed -e 's/@''HAVE_WCHAR_H''@/$(HAVE_WCHAR_H)/g' \
+ -e 's/@''HAVE_STDINT_H''@/$(HAVE_STDINT_H)/g' \
+ -e 's|@''ABSOLUTE_STDINT_H''@|$(ABSOLUTE_STDINT_H)|g' \
+ -e 's/@''HAVE_SYS_TYPES_H''@/$(HAVE_SYS_TYPES_H)/g' \
+ -e 's/@''HAVE_INTTYPES_H''@/$(HAVE_INTTYPES_H)/g' \
+ -e 's/@''HAVE_SYS_INTTYPES_H''@/$(HAVE_SYS_INTTYPES_H)/g' \
+ -e 's/@''HAVE_SYS_BITYPES_H''@/$(HAVE_SYS_BITYPES_H)/g' \
+ -e 's/@''HAVE_LONG_LONG_INT''@/$(HAVE_LONG_LONG_INT)/g' \
+ -e 's/@''HAVE_UNSIGNED_LONG_LONG_INT''@/$(HAVE_UNSIGNED_LONG_LONG_INT)/g' \
+ -e 's/@''BITSIZEOF_PTRDIFF_T''@/$(BITSIZEOF_PTRDIFF_T)/g' \
+ -e 's/@''PTRDIFF_T_SUFFIX''@/$(PTRDIFF_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_SIG_ATOMIC_T''@/$(BITSIZEOF_SIG_ATOMIC_T)/g' \
+ -e 's/@''HAVE_SIGNED_SIG_ATOMIC_T''@/$(HAVE_SIGNED_SIG_ATOMIC_T)/g' \
+ -e 's/@''SIG_ATOMIC_T_SUFFIX''@/$(SIG_ATOMIC_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_SIZE_T''@/$(BITSIZEOF_SIZE_T)/g' \
+ -e 's/@''SIZE_T_SUFFIX''@/$(SIZE_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_WCHAR_T''@/$(BITSIZEOF_WCHAR_T)/g' \
+ -e 's/@''HAVE_SIGNED_WCHAR_T''@/$(HAVE_SIGNED_WCHAR_T)/g' \
+ -e 's/@''WCHAR_T_SUFFIX''@/$(WCHAR_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_WINT_T''@/$(BITSIZEOF_WINT_T)/g' \
+ -e 's/@''HAVE_SIGNED_WINT_T''@/$(HAVE_SIGNED_WINT_T)/g' \
+ -e 's/@''WINT_T_SUFFIX''@/$(WINT_T_SUFFIX)/g' \
+ < $(srcdir)/stdint_.h; \
+ } > $@-t
+ mv $@-t $@
+MOSTLYCLEANFILES += stdint.h stdint.h-t
+
+## end gnulib module stdint
+
+## begin gnulib module strpbrk
+
+libgnu_a_SOURCES += strpbrk.h
+
+## end gnulib module strpbrk
+
+## begin gnulib module unistd
+
+BUILT_SOURCES += $(UNISTD_H)
+
+# We need the following in order to create an empty placeholder for
+# <unistd.h> when the system doesn't have one.
+unistd.h:
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+ echo '/* Empty placeholder for $@. */'; \
+ } > $@
+MOSTLYCLEANFILES += unistd.h
+
+## end gnulib module unistd
+
+## begin gnulib module xsize
+
+libgnu_a_SOURCES += xsize.h
+
+## end gnulib module xsize
+
+
+mostlyclean-local: mostlyclean-generic
+ @test -z "$(MOSTLYCLEANDIRS)" || \
+ for dir in $(MOSTLYCLEANDIRS); do \
+ if test -d $$dir; then \
+ echo "rmdir $$dir"; rmdir $$dir; \
+ fi; \
+ done
diff --git a/gl/Makefile.in b/gl/Makefile.in
new file mode 100644
index 0000000..7cc38e0
--- /dev/null
+++ b/gl/Makefile.in
@@ -0,0 +1,640 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2004-2006 Free Software Foundation, Inc.
+#
+# This file is free software, distributed under the terms of the GNU
+# General Public License. As a special exception to the GNU General
+# Public License, this file may be distributed as part of a program
+# that contains a configuration script generated by Autoconf, under
+# the same distribution terms as the rest of that program.
+#
+# Generated by gnulib-tool.
+# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --aux-dir=scripts --no-libtool --macro-prefix=gl alloca-opt allocsa mkdtemp setenv strpbrk xsize
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = gl
+DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in mkdtemp.c setenv.c strpbrk.c unsetenv.c
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+LIBRARIES = $(noinst_LIBRARIES)
+ARFLAGS = cru
+libgnu_a_AR = $(AR) $(ARFLAGS)
+libgnu_a_DEPENDENCIES = $(LIBOBJS)
+am_libgnu_a_OBJECTS = allocsa.$(OBJEXT)
+libgnu_a_OBJECTS = $(am_libgnu_a_OBJECTS)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/scripts/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(libgnu_a_SOURCES)
+DIST_SOURCES = $(libgnu_a_SOURCES)
+HEADERS = $(noinst_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AUTOMAKE_OPTIONS = 1.5 gnits
+noinst_LIBRARIES = libgnu.a
+libgnu_a_SOURCES = allocsa.h allocsa.c mkdtemp.h setenv.h size_max.h \
+ strpbrk.h xsize.h
+libgnu_a_LIBADD = $(LIBOBJS)
+noinst_HEADERS =
+EXTRA_DIST = alloca_.h allocsa.valgrind stdint_.h
+BUILT_SOURCES = $(ALLOCA_H) $(STDINT_H) $(UNISTD_H)
+SUFFIXES =
+MOSTLYCLEANFILES = core *.stackdump alloca.h alloca.h-t stdint.h \
+ stdint.h-t unistd.h
+MOSTLYCLEANDIRS =
+CLEANFILES =
+DISTCLEANFILES =
+MAINTAINERCLEANFILES =
+AM_CPPFLAGS =
+all: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnits gl/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnits gl/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLIBRARIES:
+ -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
+libgnu.a: $(libgnu_a_OBJECTS) $(libgnu_a_DEPENDENCIES)
+ -rm -f libgnu.a
+ $(libgnu_a_AR) libgnu.a $(libgnu_a_OBJECTS) $(libgnu_a_LIBADD)
+ $(RANLIB) libgnu.a
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/mkdtemp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/setenv.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strpbrk.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/unsetenv.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/allocsa.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+all-am: Makefile $(LIBRARIES) $(HEADERS)
+installdirs:
+install: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+ -test -z "$(MOSTLYCLEANFILES)" || rm -f $(MOSTLYCLEANFILES)
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+ -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
+clean: clean-am
+
+clean-am: clean-generic clean-noinstLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf $(DEPDIR) ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf $(DEPDIR) ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-local
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: all check install install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-noinstLIBRARIES ctags distclean distclean-compile \
+ distclean-generic distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-local pdf pdf-am ps ps-am tags \
+ uninstall uninstall-am
+
+
+# We need the following in order to create <alloca.h> when the system
+# doesn't have one that works with the given compiler.
+alloca.h: alloca_.h
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+ cat $(srcdir)/alloca_.h; \
+ } > $@-t
+ mv -f $@-t $@
+
+# We need the following in order to create <stdint.h> when the system
+# doesn't have one that works with the given compiler.
+stdint.h: stdint_.h
+ rm -f $@-t $@
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+ sed -e 's/@''HAVE_WCHAR_H''@/$(HAVE_WCHAR_H)/g' \
+ -e 's/@''HAVE_STDINT_H''@/$(HAVE_STDINT_H)/g' \
+ -e 's|@''ABSOLUTE_STDINT_H''@|$(ABSOLUTE_STDINT_H)|g' \
+ -e 's/@''HAVE_SYS_TYPES_H''@/$(HAVE_SYS_TYPES_H)/g' \
+ -e 's/@''HAVE_INTTYPES_H''@/$(HAVE_INTTYPES_H)/g' \
+ -e 's/@''HAVE_SYS_INTTYPES_H''@/$(HAVE_SYS_INTTYPES_H)/g' \
+ -e 's/@''HAVE_SYS_BITYPES_H''@/$(HAVE_SYS_BITYPES_H)/g' \
+ -e 's/@''HAVE_LONG_LONG_INT''@/$(HAVE_LONG_LONG_INT)/g' \
+ -e 's/@''HAVE_UNSIGNED_LONG_LONG_INT''@/$(HAVE_UNSIGNED_LONG_LONG_INT)/g' \
+ -e 's/@''BITSIZEOF_PTRDIFF_T''@/$(BITSIZEOF_PTRDIFF_T)/g' \
+ -e 's/@''PTRDIFF_T_SUFFIX''@/$(PTRDIFF_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_SIG_ATOMIC_T''@/$(BITSIZEOF_SIG_ATOMIC_T)/g' \
+ -e 's/@''HAVE_SIGNED_SIG_ATOMIC_T''@/$(HAVE_SIGNED_SIG_ATOMIC_T)/g' \
+ -e 's/@''SIG_ATOMIC_T_SUFFIX''@/$(SIG_ATOMIC_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_SIZE_T''@/$(BITSIZEOF_SIZE_T)/g' \
+ -e 's/@''SIZE_T_SUFFIX''@/$(SIZE_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_WCHAR_T''@/$(BITSIZEOF_WCHAR_T)/g' \
+ -e 's/@''HAVE_SIGNED_WCHAR_T''@/$(HAVE_SIGNED_WCHAR_T)/g' \
+ -e 's/@''WCHAR_T_SUFFIX''@/$(WCHAR_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_WINT_T''@/$(BITSIZEOF_WINT_T)/g' \
+ -e 's/@''HAVE_SIGNED_WINT_T''@/$(HAVE_SIGNED_WINT_T)/g' \
+ -e 's/@''WINT_T_SUFFIX''@/$(WINT_T_SUFFIX)/g' \
+ < $(srcdir)/stdint_.h; \
+ } > $@-t
+ mv $@-t $@
+
+# We need the following in order to create an empty placeholder for
+# <unistd.h> when the system doesn't have one.
+unistd.h:
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+ echo '/* Empty placeholder for $@. */'; \
+ } > $@
+
+mostlyclean-local: mostlyclean-generic
+ @test -z "$(MOSTLYCLEANDIRS)" || \
+ for dir in $(MOSTLYCLEANDIRS); do \
+ if test -d $$dir; then \
+ echo "rmdir $$dir"; rmdir $$dir; \
+ fi; \
+ done
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/gl/alloca_.h b/gl/alloca_.h
new file mode 100644
index 0000000..cd13ed6
--- /dev/null
+++ b/gl/alloca_.h
@@ -0,0 +1,53 @@
+/* Memory allocation on the stack.
+
+ Copyright (C) 1995, 1999, 2001, 2002, 2003, 2004, 2006 Free Software
+ Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published
+ by the Free Software Foundation; either version 3, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public
+ License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* Avoid using the symbol _ALLOCA_H here, as Bison assumes _ALLOCA_H
+ means there is a real alloca function. */
+#ifndef _GNULIB_ALLOCA_H
+# define _GNULIB_ALLOCA_H
+
+/* alloca (N) returns a pointer to N bytes of memory
+ allocated on the stack, which will last until the function returns.
+ Use of alloca should be avoided:
+ - inside arguments of function calls - undefined behaviour,
+ - in inline functions - the allocation may actually last until the
+ calling function returns,
+ - for huge N (say, N >= 65536) - you never know how large (or small)
+ the stack is, and when the stack cannot fulfill the memory allocation
+ request, the program just crashes.
+ */
+
+#ifndef alloca
+# ifdef __GNUC__
+# define alloca __builtin_alloca
+# elif defined _AIX
+# define alloca __alloca
+# elif defined _MSC_VER
+# include <malloc.h>
+# define alloca _alloca
+# else
+# include <stddef.h>
+# ifdef __cplusplus
+extern "C"
+# endif
+void *alloca (size_t);
+# endif
+#endif
+
+#endif /* _GNULIB_ALLOCA_H */
diff --git a/gl/allocsa.c b/gl/allocsa.c
new file mode 100644
index 0000000..243f0bf
--- /dev/null
+++ b/gl/allocsa.c
@@ -0,0 +1,136 @@
+/* Safe automatic memory allocation.
+ Copyright (C) 2003, 2006 Free Software Foundation, Inc.
+ Written by Bruno Haible <bruno@clisp.org>, 2003.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see <http://www.gnu.org/licenses/>. */
+
+#include <config.h>
+
+/* Specification. */
+#include "allocsa.h"
+
+/* The speed critical point in this file is freesa() applied to an alloca()
+ result: it must be fast, to match the speed of alloca(). The speed of
+ mallocsa() and freesa() in the other case are not critical, because they
+ are only invoked for big memory sizes. */
+
+#if HAVE_ALLOCA
+
+/* Store the mallocsa() results in a hash table. This is needed to reliably
+ distinguish a mallocsa() result and an alloca() result.
+
+ Although it is possible that the same pointer is returned by alloca() and
+ by mallocsa() at different times in the same application, it does not lead
+ to a bug in freesa(), because:
+ - Before a pointer returned by alloca() can point into malloc()ed memory,
+ the function must return, and once this has happened the programmer must
+ not call freesa() on it anyway.
+ - Before a pointer returned by mallocsa() can point into the stack, it
+ must be freed. The only function that can free it is freesa(), and
+ when freesa() frees it, it also removes it from the hash table. */
+
+#define MAGIC_NUMBER 0x1415fb4a
+#define MAGIC_SIZE sizeof (int)
+/* This is how the header info would look like without any alignment
+ considerations. */
+struct preliminary_header { void *next; char room[MAGIC_SIZE]; };
+/* But the header's size must be a multiple of sa_alignment_max. */
+#define HEADER_SIZE \
+ (((sizeof (struct preliminary_header) + sa_alignment_max - 1) / sa_alignment_max) * sa_alignment_max)
+struct header { void *next; char room[HEADER_SIZE - sizeof (struct preliminary_header) + MAGIC_SIZE]; };
+/* Verify that HEADER_SIZE == sizeof (struct header). */
+typedef int verify1[2 * (HEADER_SIZE == sizeof (struct header)) - 1];
+/* We make the hash table quite big, so that during lookups the probability
+ of empty hash buckets is quite high. There is no need to make the hash
+ table resizable, because when the hash table gets filled so much that the
+ lookup becomes slow, it means that the application has memory leaks. */
+#define HASH_TABLE_SIZE 257
+static void * mallocsa_results[HASH_TABLE_SIZE];
+
+#endif
+
+void *
+mallocsa (size_t n)
+{
+#if HAVE_ALLOCA
+ /* Allocate one more word, that serves as an indicator for malloc()ed
+ memory, so that freesa() of an alloca() result is fast. */
+ size_t nplus = n + HEADER_SIZE;
+
+ if (nplus >= n)
+ {
+ char *p = (char *) malloc (nplus);
+
+ if (p != NULL)
+ {
+ size_t slot;
+
+ p += HEADER_SIZE;
+
+ /* Put a magic number into the indicator word. */
+ ((int *) p)[-1] = MAGIC_NUMBER;
+
+ /* Enter p into the hash table. */
+ slot = (unsigned long) p % HASH_TABLE_SIZE;
+ ((struct header *) (p - HEADER_SIZE))->next = mallocsa_results[slot];
+ mallocsa_results[slot] = p;
+
+ return p;
+ }
+ }
+ /* Out of memory. */
+ return NULL;
+#else
+# if !MALLOC_0_IS_NONNULL
+ if (n == 0)
+ n = 1;
+# endif
+ return malloc (n);
+#endif
+}
+
+#if HAVE_ALLOCA
+void
+freesa (void *p)
+{
+ /* mallocsa() may have returned NULL. */
+ if (p != NULL)
+ {
+ /* Attempt to quickly distinguish the mallocsa() result - which has
+ a magic indicator word - and the alloca() result - which has an
+ uninitialized indicator word. It is for this test that sa_increment
+ additional bytes are allocated in the alloca() case. */
+ if (((int *) p)[-1] == MAGIC_NUMBER)
+ {
+ /* Looks like a mallocsa() result. To see whether it really is one,
+ perform a lookup in the hash table. */
+ size_t slot = (unsigned long) p % HASH_TABLE_SIZE;
+ void **chain = &mallocsa_results[slot];
+ for (; *chain != NULL;)
+ {
+ if (*chain == p)
+ {
+ /* Found it. Remove it from the hash table and free it. */
+ char *p_begin = (char *) p - HEADER_SIZE;
+ *chain = ((struct header *) p_begin)->next;
+ free (p_begin);
+ return;
+ }
+ chain = &((struct header *) ((char *) *chain - HEADER_SIZE))->next;
+ }
+ }
+ /* At this point, we know it was not a mallocsa() result. */
+ }
+}
+#endif
diff --git a/gl/allocsa.h b/gl/allocsa.h
new file mode 100644
index 0000000..0572d1b
--- /dev/null
+++ b/gl/allocsa.h
@@ -0,0 +1,127 @@
+/* Safe automatic memory allocation.
+ Copyright (C) 2003-2006 Free Software Foundation, Inc.
+ Written by Bruno Haible <bruno@clisp.org>, 2003.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see <http://www.gnu.org/licenses/>. */
+
+#ifndef _ALLOCSA_H
+#define _ALLOCSA_H
+
+#include <alloca.h>
+#include <stddef.h>
+#include <stdlib.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/* safe_alloca(N) is equivalent to alloca(N) when it is safe to call
+ alloca(N); otherwise it returns NULL. It either returns N bytes of
+ memory allocated on the stack, that lasts until the function returns,
+ or NULL.
+ Use of safe_alloca should be avoided:
+ - inside arguments of function calls - undefined behaviour,
+ - in inline functions - the allocation may actually last until the
+ calling function returns.
+*/
+#if HAVE_ALLOCA
+/* The OS usually guarantees only one guard page at the bottom of the stack,
+ and a page size can be as small as 4096 bytes. So we cannot safely
+ allocate anything larger than 4096 bytes. Also care for the possibility
+ of a few compiler-allocated temporary stack slots.
+ This must be a macro, not an inline function. */
+# define safe_alloca(N) ((N) < 4032 ? alloca (N) : NULL)
+#else
+# define safe_alloca(N) ((N), NULL)
+#endif
+
+/* allocsa(N) is a safe variant of alloca(N). It allocates N bytes of
+ memory allocated on the stack, that must be freed using freesa() before
+ the function returns. Upon failure, it returns NULL. */
+#if HAVE_ALLOCA
+# define allocsa(N) \
+ ((N) < 4032 - sa_increment \
+ ? (void *) ((char *) alloca ((N) + sa_increment) + sa_increment) \
+ : mallocsa (N))
+#else
+# define allocsa(N) \
+ mallocsa (N)
+#endif
+extern void * mallocsa (size_t n);
+
+/* Free a block of memory allocated through allocsa(). */
+#if HAVE_ALLOCA
+extern void freesa (void *p);
+#else
+# define freesa free
+#endif
+
+/* Maybe we should also define a variant
+ nallocsa (size_t n, size_t s) - behaves like allocsa (n * s)
+ If this would be useful in your application. please speak up. */
+
+
+#ifdef __cplusplus
+}
+#endif
+
+
+/* ------------------- Auxiliary, non-public definitions ------------------- */
+
+/* Determine the alignment of a type at compile time. */
+#if defined __GNUC__
+# define sa_alignof __alignof__
+#elif defined __cplusplus
+ template <class type> struct sa_alignof_helper { char __slot1; type __slot2; };
+# define sa_alignof(type) offsetof (sa_alignof_helper<type>, __slot2)
+#elif defined __hpux
+ /* Work around a HP-UX 10.20 cc bug with enums constants defined as offsetof
+ values. */
+# define sa_alignof(type) (sizeof (type) <= 4 ? 4 : 8)
+#elif defined _AIX
+ /* Work around an AIX 3.2.5 xlc bug with enums constants defined as offsetof
+ values. */
+# define sa_alignof(type) (sizeof (type) <= 4 ? 4 : 8)
+#else
+# define sa_alignof(type) offsetof (struct { char __slot1; type __slot2; }, __slot2)
+#endif
+
+enum
+{
+/* The desired alignment of memory allocations is the maximum alignment
+ among all elementary types. */
+ sa_alignment_long = sa_alignof (long),
+ sa_alignment_double = sa_alignof (double),
+#ifdef HAVE_LONG_LONG_INT
+ sa_alignment_longlong = sa_alignof (long long),
+#endif
+#ifdef HAVE_LONG_DOUBLE
+ sa_alignment_longdouble = sa_alignof (long double),
+#endif
+ sa_alignment_max = ((sa_alignment_long - 1) | (sa_alignment_double - 1)
+#ifdef HAVE_LONG_LONG_INT
+ | (sa_alignment_longlong - 1)
+#endif
+#ifdef HAVE_LONG_DOUBLE
+ | (sa_alignment_longdouble - 1)
+#endif
+ ) + 1,
+/* The increment that guarantees room for a magic word must be >= sizeof (int)
+ and a multiple of sa_alignment_max. */
+ sa_increment = ((sizeof (int) + sa_alignment_max - 1) / sa_alignment_max) * sa_alignment_max
+};
+
+#endif /* _ALLOCSA_H */
diff --git a/gl/allocsa.valgrind b/gl/allocsa.valgrind
new file mode 100644
index 0000000..f4c77d6
--- /dev/null
+++ b/gl/allocsa.valgrind
@@ -0,0 +1,7 @@
+# Suppress a valgrind message about use of uninitialized memory in freesa().
+# This use is OK because it provides only a speedup.
+{
+ freesa
+ Memcheck:Cond
+ fun:freesa
+}
diff --git a/gl/m4/absolute-header.m4 b/gl/m4/absolute-header.m4
new file mode 100644
index 0000000..c649df0
--- /dev/null
+++ b/gl/m4/absolute-header.m4
@@ -0,0 +1,44 @@
+# absolute-header.m4 serial 6
+dnl Copyright (C) 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Derek Price.
+
+# gl_ABSOLUTE_HEADER(HEADER1 HEADER2 ...)
+# ---------------------------------------
+# Find the absolute name of a header file, assuming the header exists.
+# If the header were sys/inttypes.h, this macro would define
+# ABSOLUTE_SYS_INTTYPES_H to the `""' quoted absolute name of sys/inttypes.h
+# in config.h
+# (e.g. `#define ABSOLUTE_SYS_INTTYPES_H "///usr/include/sys/inttypes.h"').
+# The three "///" are to pacify Sun C 5.8, which otherwise would say
+# "warning: #include of /usr/include/... may be non-portable".
+# Use `""', not `<>', so that the /// cannot be confused with a C99 comment.
+AC_DEFUN([gl_ABSOLUTE_HEADER],
+[AC_LANG_PREPROC_REQUIRE()dnl
+AC_FOREACH([gl_HEADER_NAME], [$1],
+ [AS_VAR_PUSHDEF([gl_absolute_header],
+ [gl_cv_absolute_]m4_quote(m4_defn([gl_HEADER_NAME])))dnl
+ AC_CACHE_CHECK([absolute name of <]m4_quote(m4_defn([gl_HEADER_NAME]))[>],
+ m4_quote(m4_defn([gl_absolute_header])),
+ [AS_VAR_PUSHDEF([ac_header_exists],
+ [ac_cv_header_]m4_quote(m4_defn([gl_HEADER_NAME])))dnl
+ AC_CHECK_HEADERS_ONCE(m4_quote(m4_defn([gl_HEADER_NAME])))dnl
+ if test AS_VAR_GET(ac_header_exists) = yes; then
+ AC_LANG_CONFTEST([AC_LANG_SOURCE([[#include <]]m4_dquote(m4_defn([gl_HEADER_NAME]))[[>]])])
+dnl eval is necessary to expand ac_cpp.
+dnl Ultrix and Pyramid sh refuse to redirect output of eval, so use subshell.
+ AS_VAR_SET(gl_absolute_header,
+[`(eval "$ac_cpp conftest.$ac_ext") 2>&AS_MESSAGE_LOG_FD |
+sed -n '\#/]m4_quote(m4_defn([gl_HEADER_NAME]))[#{s#.*"\(.*/]m4_quote(m4_defn([gl_HEADER_NAME]))[\)".*#\1#;s#^/[^/]#//&#;p;q;}'`])
+ fi
+ AS_VAR_POPDEF([ac_header_exists])dnl
+ ])dnl
+ AC_DEFINE_UNQUOTED(AS_TR_CPP([ABSOLUTE_]m4_quote(m4_defn([gl_HEADER_NAME]))),
+ ["AS_VAR_GET(gl_absolute_header)"],
+ [Define this to an absolute name of <]m4_quote(m4_defn([gl_HEADER_NAME]))[>.])
+ AS_VAR_POPDEF([gl_absolute_header])dnl
+])dnl
+])# gl_ABSOLUTE_HEADER
diff --git a/gl/m4/alloca.m4 b/gl/m4/alloca.m4
new file mode 100644
index 0000000..a9e3f45
--- /dev/null
+++ b/gl/m4/alloca.m4
@@ -0,0 +1,42 @@
+# alloca.m4 serial 5
+dnl Copyright (C) 2002, 2003, 2004 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_ALLOCA],
+[
+ dnl Work around a bug of AC_EGREP_CPP in autoconf-2.57.
+ AC_REQUIRE([AC_PROG_CPP])
+ AC_REQUIRE([AC_PROG_EGREP])
+
+ AC_REQUIRE([AC_FUNC_ALLOCA])
+ if test $ac_cv_func_alloca_works = no; then
+ gl_PREREQ_ALLOCA
+ fi
+
+ # Define an additional variable used in the Makefile substitution.
+ if test $ac_cv_working_alloca_h = yes; then
+ AC_EGREP_CPP([Need own alloca], [
+#if defined __GNUC__ || defined _AIX || defined _MSC_VER
+ Need own alloca
+#endif
+ ],
+ [AC_DEFINE(HAVE_ALLOCA, 1,
+ [Define to 1 if you have `alloca' after including <alloca.h>,
+ a header that may be supplied by this distribution.])
+ ALLOCA_H=alloca.h],
+ [ALLOCA_H=])
+ else
+ ALLOCA_H=alloca.h
+ fi
+ AC_SUBST([ALLOCA_H])
+
+ AC_DEFINE(HAVE_ALLOCA_H, 1,
+ [Define HAVE_ALLOCA_H for backward compatibility with older code
+ that includes <alloca.h> only if HAVE_ALLOCA_H is defined.])
+])
+
+# Prerequisites of lib/alloca.c.
+# STACK_DIRECTION is already handled by AC_FUNC_ALLOCA.
+AC_DEFUN([gl_PREREQ_ALLOCA], [:])
diff --git a/gl/m4/allocsa.m4 b/gl/m4/allocsa.m4
new file mode 100644
index 0000000..9a778d5
--- /dev/null
+++ b/gl/m4/allocsa.m4
@@ -0,0 +1,15 @@
+# allocsa.m4 serial 3
+dnl Copyright (C) 2003-2004 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_ALLOCSA],
+[
+ dnl Use the autoconf tests for alloca(), but not the AC_SUBSTed variables
+ dnl @ALLOCA@ and @LTALLOCA@.
+ AC_REQUIRE([gl_FUNC_ALLOCA])
+ AC_REQUIRE([gl_EEMALLOC])
+ AC_REQUIRE([AC_TYPE_LONG_LONG_INT])
+ AC_REQUIRE([gt_TYPE_LONGDOUBLE])
+])
diff --git a/gl/m4/eealloc.m4 b/gl/m4/eealloc.m4
new file mode 100644
index 0000000..adcfd06
--- /dev/null
+++ b/gl/m4/eealloc.m4
@@ -0,0 +1,32 @@
+# eealloc.m4 serial 1
+dnl Copyright (C) 2003 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_EEALLOC],
+[
+ AC_REQUIRE([gl_EEMALLOC])
+ AC_REQUIRE([gl_EEREALLOC])
+ AC_REQUIRE([AC_C_INLINE])
+])
+
+AC_DEFUN([gl_EEMALLOC],
+[
+ _AC_FUNC_MALLOC_IF(
+ [gl_cv_func_malloc_0_nonnull=1],
+ [gl_cv_func_malloc_0_nonnull=0])
+ AC_DEFINE_UNQUOTED([MALLOC_0_IS_NONNULL], $gl_cv_func_malloc_0_nonnull,
+ [If malloc(0) is != NULL, define this to 1. Otherwise define this
+ to 0.])
+])
+
+AC_DEFUN([gl_EEREALLOC],
+[
+ _AC_FUNC_REALLOC_IF(
+ [gl_cv_func_realloc_0_nonnull=1],
+ [gl_cv_func_realloc_0_nonnull=0])
+ AC_DEFINE_UNQUOTED([REALLOC_0_IS_NONNULL], $gl_cv_func_realloc_0_nonnull,
+ [If realloc(NULL,0) is != NULL, define this to 1. Otherwise define this
+ to 0.])
+])
diff --git a/gl/m4/gnulib-comp.m4 b/gl/m4/gnulib-comp.m4
new file mode 100644
index 0000000..beb7d15
--- /dev/null
+++ b/gl/m4/gnulib-comp.m4
@@ -0,0 +1,82 @@
+# DO NOT EDIT! GENERATED AUTOMATICALLY!
+# Copyright (C) 2004-2006 Free Software Foundation, Inc.
+#
+# This file is free software, distributed under the terms of the GNU
+# General Public License. As a special exception to the GNU General
+# Public License, this file may be distributed as part of a program
+# that contains a configuration script generated by Autoconf, under
+# the same distribution terms as the rest of that program.
+#
+# Generated by gnulib-tool.
+#
+# This file represents the compiled summary of the specification in
+# gnulib-cache.m4. It lists the computed macro invocations that need
+# to be invoked from configure.ac.
+# In projects using CVS, this file can be treated like other built files.
+
+
+# This macro should be invoked from ./configure.ac, in the section
+# "Checks for programs", right after AC_PROG_CC, and certainly before
+# any checks for libraries, header files, types and library functions.
+AC_DEFUN([gl_EARLY],
+[
+ m4_pattern_forbid([^gl_[A-Z]])dnl the gnulib macro namespace
+ m4_pattern_allow([^gl_ES$])dnl a valid locale name
+ AC_REQUIRE([AC_PROG_RANLIB])
+])
+
+# This macro should be invoked from ./configure.ac, in the section
+# "Check for header files, types and library functions".
+AC_DEFUN([gl_INIT],
+[
+ AM_CONDITIONAL([GL_COND_LIBTOOL], [false])
+ gl_cond_libtool=false
+ gl_libdeps=
+ gl_ltlibdeps=
+ gl_source_base='gl'
+ gl_FUNC_ALLOCA
+ gl_ALLOCSA
+ gt_FUNC_MKDTEMP
+ gt_FUNC_SETENV
+ gl_SIZE_MAX
+ gl_STDINT_H
+ gl_FUNC_STRPBRK
+ gl_HEADER_UNISTD
+ gl_XSIZE
+ LIBGNU_LIBDEPS="$gl_libdeps"
+ AC_SUBST([LIBGNU_LIBDEPS])
+ LIBGNU_LTLIBDEPS="$gl_ltlibdeps"
+ AC_SUBST([LIBGNU_LTLIBDEPS])
+])
+
+# This macro records the list of files which have been installed by
+# gnulib-tool and may be removed by future gnulib-tool invocations.
+AC_DEFUN([gl_FILE_LIST], [
+ lib/alloca_.h
+ lib/allocsa.c
+ lib/allocsa.h
+ lib/allocsa.valgrind
+ lib/mkdtemp.c
+ lib/mkdtemp.h
+ lib/setenv.c
+ lib/setenv.h
+ lib/size_max.h
+ lib/stdint_.h
+ lib/strpbrk.c
+ lib/strpbrk.h
+ lib/unsetenv.c
+ lib/xsize.h
+ m4/absolute-header.m4
+ m4/alloca.m4
+ m4/allocsa.m4
+ m4/eealloc.m4
+ m4/longdouble.m4
+ m4/mkdtemp.m4
+ m4/setenv.m4
+ m4/size_max.m4
+ m4/stdint.m4
+ m4/strpbrk.m4
+ m4/ulonglong.m4
+ m4/unistd_h.m4
+ m4/xsize.m4
+])
diff --git a/gl/m4/gnulib-tool.m4 b/gl/m4/gnulib-tool.m4
new file mode 100644
index 0000000..ef59320
--- /dev/null
+++ b/gl/m4/gnulib-tool.m4
@@ -0,0 +1,33 @@
+# gnulib-tool.m4 serial 1
+dnl Copyright (C) 2004-2005 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl The following macros need not be invoked explicitly.
+dnl Invoking them does nothing except to declare default arguments
+dnl for "gnulib-tool --import".
+
+dnl Usage: gl_MODULES([module1 module2 ...])
+AC_DEFUN([gl_MODULES], [])
+
+dnl Usage: gl_AVOID([module1 module2 ...])
+AC_DEFUN([gl_AVOID], [])
+
+dnl Usage: gl_SOURCE_BASE([DIR])
+AC_DEFUN([gl_SOURCE_BASE], [])
+
+dnl Usage: gl_M4_BASE([DIR])
+AC_DEFUN([gl_M4_BASE], [])
+
+dnl Usage: gl_LIB([LIBNAME])
+AC_DEFUN([gl_LIB], [])
+
+dnl Usage: gl_LGPL
+AC_DEFUN([gl_LGPL], [])
+
+dnl Usage: gl_LIBTOOL
+AC_DEFUN([gl_LIBTOOL], [])
+
+dnl Usage: gl_MACRO_PREFIX([PREFIX])
+AC_DEFUN([gl_MACRO_PREFIX], [])
diff --git a/gl/m4/mkdtemp.m4 b/gl/m4/mkdtemp.m4
new file mode 100644
index 0000000..e39bcb9
--- /dev/null
+++ b/gl/m4/mkdtemp.m4
@@ -0,0 +1,22 @@
+# mkdtemp.m4 serial 4
+dnl Copyright (C) 2001-2003, 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gt_FUNC_MKDTEMP],
+[
+ AC_REPLACE_FUNCS(mkdtemp)
+ if test $ac_cv_func_mkdtemp = no; then
+ gl_PREREQ_MKDTEMP
+ fi
+])
+
+# Prerequisites of lib/mkdtemp.c
+AC_DEFUN([gl_PREREQ_MKDTEMP],
+[
+ AC_REQUIRE([AC_HEADER_STAT])
+ AC_CHECK_HEADERS_ONCE(sys/time.h unistd.h)
+ AC_CHECK_HEADERS(time.h)
+ AC_CHECK_FUNCS(gettimeofday)
+])
diff --git a/gl/m4/setenv.m4 b/gl/m4/setenv.m4
new file mode 100644
index 0000000..623fcf2
--- /dev/null
+++ b/gl/m4/setenv.m4
@@ -0,0 +1,68 @@
+# setenv.m4 serial 6
+dnl Copyright (C) 2001-2004, 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gt_FUNC_SETENV],
+[
+ AC_REPLACE_FUNCS(setenv unsetenv)
+ if test $ac_cv_func_setenv = no; then
+ gl_PREREQ_SETENV
+ fi
+ if test $ac_cv_func_unsetenv = no; then
+ gl_PREREQ_UNSETENV
+ else
+ AC_CACHE_CHECK([for unsetenv() return type], gt_cv_func_unsetenv_ret,
+ [AC_TRY_COMPILE([#include <stdlib.h>
+extern
+#ifdef __cplusplus
+"C"
+#endif
+#if defined(__STDC__) || defined(__cplusplus)
+int unsetenv (const char *name);
+#else
+int unsetenv();
+#endif
+], , gt_cv_func_unsetenv_ret='int', gt_cv_func_unsetenv_ret='void')])
+ if test $gt_cv_func_unsetenv_ret = 'void'; then
+ AC_DEFINE(VOID_UNSETENV, 1, [Define if unsetenv() returns void, not int.])
+ fi
+ fi
+])
+
+# Check if a variable is properly declared.
+# gt_CHECK_VAR_DECL(includes,variable)
+AC_DEFUN([gt_CHECK_VAR_DECL],
+[
+ define([gt_cv_var], [gt_cv_var_]$2[_declaration])
+ AC_MSG_CHECKING([if $2 is properly declared])
+ AC_CACHE_VAL(gt_cv_var, [
+ AC_TRY_COMPILE([$1
+ extern struct { int foo; } $2;],
+ [$2.foo = 1;],
+ gt_cv_var=no,
+ gt_cv_var=yes)])
+ AC_MSG_RESULT($gt_cv_var)
+ if test $gt_cv_var = yes; then
+ AC_DEFINE([HAVE_]translit($2, [a-z], [A-Z])[_DECL], 1,
+ [Define if you have the declaration of $2.])
+ fi
+])
+
+# Prerequisites of lib/setenv.c.
+AC_DEFUN([gl_PREREQ_SETENV],
+[
+ AC_REQUIRE([AC_FUNC_ALLOCA])
+ AC_CHECK_HEADERS_ONCE(unistd.h)
+ AC_CHECK_HEADERS(search.h)
+ AC_CHECK_FUNCS(tsearch)
+ gt_CHECK_VAR_DECL([#include <unistd.h>], environ)
+])
+
+# Prerequisites of lib/unsetenv.c.
+AC_DEFUN([gl_PREREQ_UNSETENV],
+[
+ AC_CHECK_HEADERS_ONCE(unistd.h)
+ gt_CHECK_VAR_DECL([#include <unistd.h>], environ)
+])
diff --git a/gl/m4/stdint.m4 b/gl/m4/stdint.m4
new file mode 100644
index 0000000..9261def
--- /dev/null
+++ b/gl/m4/stdint.m4
@@ -0,0 +1,368 @@
+# stdint.m4 serial 19
+dnl Copyright (C) 2001-2002, 2004-2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Paul Eggert and Bruno Haible.
+dnl Test whether <stdint.h> is supported or must be substituted.
+
+AC_DEFUN([gl_STDINT_H],
+[
+ AC_PREREQ(2.59)dnl
+
+ dnl Check for long long int and unsigned long long int.
+ AC_REQUIRE([AC_TYPE_LONG_LONG_INT])
+ if test $ac_cv_type_long_long_int = yes; then
+ HAVE_LONG_LONG_INT=1
+ else
+ HAVE_LONG_LONG_INT=0
+ fi
+ AC_SUBST([HAVE_LONG_LONG_INT])
+ AC_REQUIRE([AC_TYPE_UNSIGNED_LONG_LONG_INT])
+ if test $ac_cv_type_unsigned_long_long_int = yes; then
+ HAVE_UNSIGNED_LONG_LONG_INT=1
+ else
+ HAVE_UNSIGNED_LONG_LONG_INT=0
+ fi
+ AC_SUBST([HAVE_UNSIGNED_LONG_LONG_INT])
+
+ dnl Check for <wchar.h>.
+ AC_CHECK_HEADERS_ONCE([wchar.h])
+ if test $ac_cv_header_wchar_h = yes; then
+ HAVE_WCHAR_H=1
+ else
+ HAVE_WCHAR_H=0
+ fi
+ AC_SUBST([HAVE_WCHAR_H])
+
+ dnl Check for <inttypes.h>.
+ dnl AC_INCLUDES_DEFAULT defines $ac_cv_header_inttypes_h.
+ if test $ac_cv_header_inttypes_h = yes; then
+ HAVE_INTTYPES_H=1
+ else
+ HAVE_INTTYPES_H=0
+ fi
+ AC_SUBST([HAVE_INTTYPES_H])
+
+ dnl Check for <sys/types.h>.
+ dnl AC_INCLUDES_DEFAULT defines $ac_cv_header_sys_types_h.
+ if test $ac_cv_header_sys_types_h = yes; then
+ HAVE_SYS_TYPES_H=1
+ else
+ HAVE_SYS_TYPES_H=0
+ fi
+ AC_SUBST([HAVE_SYS_TYPES_H])
+
+ dnl AC_INCLUDES_DEFAULT defines $ac_cv_header_stdint_h.
+ if test $ac_cv_header_stdint_h = yes; then
+ gl_ABSOLUTE_HEADER([stdint.h])
+ ABSOLUTE_STDINT_H=\"$gl_cv_absolute_stdint_h\"
+ HAVE_STDINT_H=1
+ else
+ ABSOLUTE_STDINT_H=\"no/such/file/stdint.h\"
+ HAVE_STDINT_H=0
+ fi
+ AC_SUBST([ABSOLUTE_STDINT_H])
+ AC_SUBST([HAVE_STDINT_H])
+
+ dnl Now see whether we need a substitute <stdint.h>. Use
+ dnl ABSOLUTE_STDINT_H, not <stdint.h>, so that it also works during
+ dnl a "config.status --recheck" if a stdint.h has been
+ dnl created in the build directory.
+ if test $ac_cv_header_stdint_h = yes; then
+ AC_CACHE_CHECK([whether stdint.h conforms to C99],
+ [gl_cv_header_working_stdint_h],
+ [gl_cv_header_working_stdint_h=no
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM([[
+#include <stddef.h>
+#define __STDC_LIMIT_MACROS 1 /* to make it work also in C++ mode */
+#define __STDC_CONSTANT_MACROS 1 /* to make it work also in C++ mode */
+#include ABSOLUTE_STDINT_H
+#ifdef INT8_MAX
+int8_t a1 = INT8_MAX;
+int8_t a1min = INT8_MIN;
+#endif
+#ifdef INT16_MAX
+int16_t a2 = INT16_MAX;
+int16_t a2min = INT16_MIN;
+#endif
+#ifdef INT32_MAX
+int32_t a3 = INT32_MAX;
+int32_t a3min = INT32_MIN;
+#endif
+#ifdef INT64_MAX
+int64_t a4 = INT64_MAX;
+int64_t a4min = INT64_MIN;
+#endif
+#ifdef UINT8_MAX
+uint8_t b1 = UINT8_MAX;
+#else
+typedef int b1[(unsigned char) -1 != 255 ? 1 : -1];
+#endif
+#ifdef UINT16_MAX
+uint16_t b2 = UINT16_MAX;
+#endif
+#ifdef UINT32_MAX
+uint32_t b3 = UINT32_MAX;
+#endif
+#ifdef UINT64_MAX
+uint64_t b4 = UINT64_MAX;
+#endif
+int_least8_t c1 = INT8_C (0x7f);
+int_least8_t c1max = INT_LEAST8_MAX;
+int_least8_t c1min = INT_LEAST8_MIN;
+int_least16_t c2 = INT16_C (0x7fff);
+int_least16_t c2max = INT_LEAST16_MAX;
+int_least16_t c2min = INT_LEAST16_MIN;
+int_least32_t c3 = INT32_C (0x7fffffff);
+int_least32_t c3max = INT_LEAST32_MAX;
+int_least32_t c3min = INT_LEAST32_MIN;
+int_least64_t c4 = INT64_C (0x7fffffffffffffff);
+int_least64_t c4max = INT_LEAST64_MAX;
+int_least64_t c4min = INT_LEAST64_MIN;
+uint_least8_t d1 = UINT8_C (0xff);
+uint_least8_t d1max = UINT_LEAST8_MAX;
+uint_least16_t d2 = UINT16_C (0xffff);
+uint_least16_t d2max = UINT_LEAST16_MAX;
+uint_least32_t d3 = UINT32_C (0xffffffff);
+uint_least32_t d3max = UINT_LEAST32_MAX;
+uint_least64_t d4 = UINT64_C (0xffffffffffffffff);
+uint_least64_t d4max = UINT_LEAST64_MAX;
+int_fast8_t e1 = INT_FAST8_MAX;
+int_fast8_t e1min = INT_FAST8_MIN;
+int_fast16_t e2 = INT_FAST16_MAX;
+int_fast16_t e2min = INT_FAST16_MIN;
+int_fast32_t e3 = INT_FAST32_MAX;
+int_fast32_t e3min = INT_FAST32_MIN;
+int_fast64_t e4 = INT_FAST64_MAX;
+int_fast64_t e4min = INT_FAST64_MIN;
+uint_fast8_t f1 = UINT_FAST8_MAX;
+uint_fast16_t f2 = UINT_FAST16_MAX;
+uint_fast32_t f3 = UINT_FAST32_MAX;
+uint_fast64_t f4 = UINT_FAST64_MAX;
+#ifdef INTPTR_MAX
+intptr_t g = INTPTR_MAX;
+intptr_t gmin = INTPTR_MIN;
+#endif
+#ifdef UINTPTR_MAX
+uintptr_t h = UINTPTR_MAX;
+#endif
+intmax_t i = INTMAX_MAX;
+uintmax_t j = UINTMAX_MAX;
+struct s {
+ int check_PTRDIFF: PTRDIFF_MIN < 0 && 0 < PTRDIFF_MAX ? 1 : -1;
+ int check_SIG_ATOMIC: SIG_ATOMIC_MIN <= 0 && 0 < SIG_ATOMIC_MAX ? 1 : -1;
+ int check_SIZE: 0 < SIZE_MAX ? 1 : -1;
+ int check_WCHAR: WCHAR_MIN <= 0 && 0 < WCHAR_MAX ? 1 : -1;
+ int check_WINT: WINT_MIN <= 0 && 0 < WINT_MAX ? 1 : -1;
+
+ /* Detect bugs in glibc 2.4 and Solaris 10 stdint.h, among others. */
+ int check_UINT8_C:
+ (-1 < UINT8_C (0)) == (-1 < (uint_least8_t) 0) ? 1 : -1;
+ int check_UINT16_C:
+ (-1 < UINT16_C (0)) == (-1 < (uint_least16_t) 0) ? 1 : -1;
+
+ /* Detect bugs in OpenBSD 3.9 stdint.h. */
+#ifdef UINT8_MAX
+ int check_uint8: (uint8_t) -1 == UINT8_MAX ? 1 : -1;
+#endif
+#ifdef UINT16_MAX
+ int check_uint16: (uint16_t) -1 == UINT16_MAX ? 1 : -1;
+#endif
+#ifdef UINT32_MAX
+ int check_uint32: (uint32_t) -1 == UINT32_MAX ? 1 : -1;
+#endif
+#ifdef UINT64_MAX
+ int check_uint64: (uint64_t) -1 == UINT64_MAX ? 1 : -1;
+#endif
+ int check_uint_least8: (uint_least8_t) -1 == UINT_LEAST8_MAX ? 1 : -1;
+ int check_uint_least16: (uint_least16_t) -1 == UINT_LEAST16_MAX ? 1 : -1;
+ int check_uint_least32: (uint_least32_t) -1 == UINT_LEAST32_MAX ? 1 : -1;
+ int check_uint_least64: (uint_least64_t) -1 == UINT_LEAST64_MAX ? 1 : -1;
+ int check_uint_fast8: (uint_fast8_t) -1 == UINT_FAST8_MAX ? 1 : -1;
+ int check_uint_fast16: (uint_fast16_t) -1 == UINT_FAST16_MAX ? 1 : -1;
+ int check_uint_fast32: (uint_fast32_t) -1 == UINT_FAST32_MAX ? 1 : -1;
+ int check_uint_fast64: (uint_fast64_t) -1 == UINT_FAST64_MAX ? 1 : -1;
+ int check_uintptr: (uintptr_t) -1 == UINTPTR_MAX ? 1 : -1;
+ int check_uintmax: (uintmax_t) -1 == UINTMAX_MAX ? 1 : -1;
+ int check_size: (size_t) -1 == SIZE_MAX ? 1 : -1;
+};
+ ]])],
+ [gl_cv_header_working_stdint_h=yes])])
+ fi
+ if test "$gl_cv_header_working_stdint_h" != yes; then
+
+ dnl Check for <sys/inttypes.h>, and for
+ dnl <sys/bitypes.h> (used in Linux libc4 >= 4.6.7 and libc5).
+ AC_CHECK_HEADERS([sys/inttypes.h sys/bitypes.h])
+ if test $ac_cv_header_sys_inttypes_h = yes; then
+ HAVE_SYS_INTTYPES_H=1
+ else
+ HAVE_SYS_INTTYPES_H=0
+ fi
+ AC_SUBST([HAVE_SYS_INTTYPES_H])
+ if test $ac_cv_header_sys_bitypes_h = yes; then
+ HAVE_SYS_BITYPES_H=1
+ else
+ HAVE_SYS_BITYPES_H=0
+ fi
+ AC_SUBST([HAVE_SYS_BITYPES_H])
+
+ gl_STDINT_TYPE_PROPERTIES
+ STDINT_H=stdint.h
+ fi
+ AC_SUBST(STDINT_H)
+])
+
+dnl gl_STDINT_BITSIZEOF(TYPES, INCLUDES)
+dnl Determine the size of each of the given types in bits.
+AC_DEFUN([gl_STDINT_BITSIZEOF],
+[
+ dnl Use a shell loop, to avoid bloating configure, and
+ dnl - extra AH_TEMPLATE calls, so that autoheader knows what to put into
+ dnl config.h.in,
+ dnl - extra AC_SUBST calls, so that the right substitutions are made.
+ AC_FOREACH([gltype], [$1],
+ [AH_TEMPLATE([BITSIZEOF_]translit(gltype,[abcdefghijklmnopqrstuvwxyz ],[ABCDEFGHIJKLMNOPQRSTUVWXYZ_]),
+ [Define to the number of bits in type ']gltype['.])])
+ for gltype in $1 ; do
+ AC_CACHE_CHECK([for bit size of $gltype], [gl_cv_bitsizeof_${gltype}],
+ [_AC_COMPUTE_INT([sizeof ($gltype) * CHAR_BIT], result,
+ [$2
+#include <limits.h>], [result=unknown])
+ eval gl_cv_bitsizeof_${gltype}=\$result
+ ])
+ eval result=\$gl_cv_bitsizeof_${gltype}
+ if test $result = unknown; then
+ dnl Use a nonempty default, because some compilers, such as IRIX 5 cc,
+ dnl do a syntax check even on unused #if conditions and give an error
+ dnl on valid C code like this:
+ dnl #if 0
+ dnl # if > 32
+ dnl # endif
+ dnl #endif
+ result=0
+ fi
+ GLTYPE=`echo "$gltype" | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'`
+ AC_DEFINE_UNQUOTED([BITSIZEOF_${GLTYPE}], [$result])
+ eval BITSIZEOF_${GLTYPE}=\$result
+ done
+ AC_FOREACH([gltype], [$1],
+ [AC_SUBST([BITSIZEOF_]translit(gltype,[abcdefghijklmnopqrstuvwxyz ],[ABCDEFGHIJKLMNOPQRSTUVWXYZ_]))])
+])
+
+dnl gl_CHECK_TYPES_SIGNED(TYPES, INCLUDES)
+dnl Determine the signedness of each of the given types.
+dnl Define HAVE_SIGNED_TYPE if type is signed.
+AC_DEFUN([gl_CHECK_TYPES_SIGNED],
+[
+ dnl Use a shell loop, to avoid bloating configure, and
+ dnl - extra AH_TEMPLATE calls, so that autoheader knows what to put into
+ dnl config.h.in,
+ dnl - extra AC_SUBST calls, so that the right substitutions are made.
+ AC_FOREACH([gltype], [$1],
+ [AH_TEMPLATE([HAVE_SIGNED_]translit(gltype,[abcdefghijklmnopqrstuvwxyz ],[ABCDEFGHIJKLMNOPQRSTUVWXYZ_]),
+ [Define to 1 if ']gltype[' is a signed integer type.])])
+ for gltype in $1 ; do
+ AC_CACHE_CHECK([whether $gltype is signed], [gl_cv_type_${gltype}_signed],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([$2[
+ int verify[2 * (($gltype) -1 < ($gltype) 0) - 1];]])],
+ result=yes, result=no)
+ eval gl_cv_type_${gltype}_signed=\$result
+ ])
+ eval result=\$gl_cv_type_${gltype}_signed
+ GLTYPE=`echo $gltype | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'`
+ if test "$result" = yes; then
+ AC_DEFINE_UNQUOTED([HAVE_SIGNED_${GLTYPE}], 1)
+ eval HAVE_SIGNED_${GLTYPE}=1
+ else
+ eval HAVE_SIGNED_${GLTYPE}=0
+ fi
+ done
+ AC_FOREACH([gltype], [$1],
+ [AC_SUBST([HAVE_SIGNED_]translit(gltype,[abcdefghijklmnopqrstuvwxyz ],[ABCDEFGHIJKLMNOPQRSTUVWXYZ_]))])
+])
+
+dnl gl_INTEGER_TYPE_SUFFIX(TYPES, INCLUDES)
+dnl Determine the suffix to use for integer constants of the given types.
+dnl Define t_SUFFIX for each such type.
+AC_DEFUN([gl_INTEGER_TYPE_SUFFIX],
+[
+ dnl Use a shell loop, to avoid bloating configure, and
+ dnl - extra AH_TEMPLATE calls, so that autoheader knows what to put into
+ dnl config.h.in,
+ dnl - extra AC_SUBST calls, so that the right substitutions are made.
+ AC_FOREACH([gltype], [$1],
+ [AH_TEMPLATE(translit(gltype,[abcdefghijklmnopqrstuvwxyz ],[ABCDEFGHIJKLMNOPQRSTUVWXYZ_])[_SUFFIX],
+ [Define to l, ll, u, ul, ull, etc., as suitable for
+ constants of type ']gltype['.])])
+ for gltype in $1 ; do
+ AC_CACHE_CHECK([for $gltype integer literal suffix],
+ [gl_cv_type_${gltype}_suffix],
+ [eval gl_cv_type_${gltype}_suffix=no
+ eval result=\$gl_cv_type_${gltype}_signed
+ if test "$result" = yes; then
+ glsufu=
+ else
+ glsufu=u
+ fi
+ for glsuf in "$glsufu" ${glsufu}l ${glsufu}ll ${glsufu}i64; do
+ case $glsuf in
+ '') gltype1='int';;
+ l) gltype1='long int';;
+ ll) gltype1='long long int';;
+ i64) gltype1='__int64';;
+ u) gltype1='unsigned int';;
+ ul) gltype1='unsigned long int';;
+ ull) gltype1='unsigned long long int';;
+ ui64)gltype1='unsigned __int64';;
+ esac
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([$2
+ extern $gltype foo;
+ extern $gltype1 foo;])],
+ [eval gl_cv_type_${gltype}_suffix=\$glsuf])
+ eval result=\$gl_cv_type_${gltype}_suffix
+ test "$result" != no && break
+ done])
+ GLTYPE=`echo $gltype | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'`
+ eval result=\$gl_cv_type_${gltype}_suffix
+ test "$result" = no && result=
+ eval ${GLTYPE}_SUFFIX=\$result
+ AC_DEFINE_UNQUOTED([${GLTYPE}_SUFFIX], $result)
+ done
+ AC_FOREACH([gltype], [$1],
+ [AC_SUBST(translit(gltype,[abcdefghijklmnopqrstuvwxyz ],[ABCDEFGHIJKLMNOPQRSTUVWXYZ_])[_SUFFIX])])
+])
+
+dnl gl_STDINT_INCLUDES
+AC_DEFUN([gl_STDINT_INCLUDES],
+[[
+ #include <stddef.h>
+ #include <signal.h>
+ #if HAVE_WCHAR_H
+ /* BSD/OS 4.1 has a bug: <stdio.h> and <time.h> must be included before
+ <wchar.h>. */
+ # include <stdio.h>
+ # include <time.h>
+ # include <wchar.h>
+ #endif
+]])
+
+dnl gl_STDINT_TYPE_PROPERTIES
+dnl Compute HAVE_SIGNED_t, BITSIZEOF_t and t_SUFFIX, for all the types t
+dnl of interest to stdint_.h.
+AC_DEFUN([gl_STDINT_TYPE_PROPERTIES],
+[
+ gl_STDINT_BITSIZEOF([ptrdiff_t sig_atomic_t size_t wchar_t wint_t],
+ [gl_STDINT_INCLUDES])
+ gl_CHECK_TYPES_SIGNED([sig_atomic_t wchar_t wint_t],
+ [gl_STDINT_INCLUDES])
+ gl_cv_type_ptrdiff_t_signed=yes
+ gl_cv_type_size_t_signed=no
+ gl_INTEGER_TYPE_SUFFIX([ptrdiff_t sig_atomic_t size_t wchar_t wint_t],
+ [gl_STDINT_INCLUDES])
+])
diff --git a/gl/m4/strpbrk.m4 b/gl/m4/strpbrk.m4
new file mode 100644
index 0000000..6836068
--- /dev/null
+++ b/gl/m4/strpbrk.m4
@@ -0,0 +1,16 @@
+# strpbrk.m4 serial 2
+dnl Copyright (C) 2002-2003 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_STRPBRK],
+[
+ AC_REPLACE_FUNCS(strpbrk)
+ if test $ac_cv_func_strpbrk = no; then
+ gl_PREREQ_STRPBRK
+ fi
+])
+
+# Prerequisites of lib/strpbrk.c.
+AC_DEFUN([gl_PREREQ_STRPBRK], [:])
diff --git a/gl/m4/unistd_h.m4 b/gl/m4/unistd_h.m4
new file mode 100644
index 0000000..9c77f9b
--- /dev/null
+++ b/gl/m4/unistd_h.m4
@@ -0,0 +1,18 @@
+# unistd_h.m4 serial 2
+dnl Copyright (C) 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl Written by Simon Josefsson
+
+AC_DEFUN([gl_HEADER_UNISTD],
+[
+ dnl Prerequisites of lib/unistd.h.
+ AC_CHECK_HEADERS([unistd.h], [
+ UNISTD_H=''
+ ], [
+ UNISTD_H='unistd.h'
+ ])
+ AC_SUBST(UNISTD_H)
+])
diff --git a/gl/mkdtemp.c b/gl/mkdtemp.c
new file mode 100644
index 0000000..4cf86a0
--- /dev/null
+++ b/gl/mkdtemp.c
@@ -0,0 +1,208 @@
+/* Copyright (C) 1999, 2001-2003, 2006 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, see <http://www.gnu.org/licenses/>. */
+
+/* Extracted from misc/mkdtemp.c and sysdeps/posix/tempname.c. */
+
+#include <config.h>
+
+/* Specification. */
+#include "mkdtemp.h"
+
+#include <errno.h>
+#ifndef __set_errno
+# define __set_errno(Val) errno = (Val)
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <stdio.h>
+#ifndef TMP_MAX
+# define TMP_MAX 238328
+#endif
+
+#include <unistd.h>
+
+#if HAVE_GETTIMEOFDAY || _LIBC
+# if HAVE_SYS_TIME_H || _LIBC
+# include <sys/time.h>
+# endif
+#else
+# if HAVE_TIME_H || _LIBC
+# include <time.h>
+# endif
+#endif
+
+#include <sys/stat.h>
+#if !defined S_ISDIR && defined S_IFDIR
+# define S_ISDIR(mode) (((mode) & S_IFMT) == S_IFDIR)
+#endif
+#if !S_IRUSR && S_IREAD
+# define S_IRUSR S_IREAD
+#endif
+#if !S_IRUSR
+# define S_IRUSR 00400
+#endif
+#if !S_IWUSR && S_IWRITE
+# define S_IWUSR S_IWRITE
+#endif
+#if !S_IWUSR
+# define S_IWUSR 00200
+#endif
+#if !S_IXUSR && S_IEXEC
+# define S_IXUSR S_IEXEC
+#endif
+#if !S_IXUSR
+# define S_IXUSR 00100
+#endif
+
+#ifdef __MINGW32__
+# include <io.h>
+#endif
+
+#if !_LIBC
+# define __getpid getpid
+# define __gettimeofday gettimeofday
+# define __mkdir mkdir
+#endif
+
+/* Use the widest available unsigned type if uint64_t is not
+ available. The algorithm below extracts a number less than 62**6
+ (approximately 2**35.725) from uint64_t, so ancient hosts where
+ uintmax_t is only 32 bits lose about 3.725 bits of randomness,
+ which is better than not having mkstemp at all. */
+#if !defined UINT64_MAX && !defined uint64_t
+# define uint64_t uintmax_t
+#endif
+
+/* These are the characters used in temporary filenames. */
+static const char letters[] =
+"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+
+/* Generate a temporary file name based on TMPL. TMPL must match the
+ rules for mk[s]temp (i.e. end in "XXXXXX"). The name constructed
+ does not exist at the time of the call to __gen_tempname. TMPL is
+ overwritten with the result.
+
+ KIND is:
+ __GT_DIR: create a directory, which will be mode 0700.
+
+ We use a clever algorithm to get hard-to-predict names. */
+static int
+gen_tempname (char *tmpl)
+{
+ int len;
+ char *XXXXXX;
+ static uint64_t value;
+ uint64_t random_time_bits;
+ unsigned int count;
+ int fd = -1;
+ int save_errno = errno;
+
+ /* A lower bound on the number of temporary files to attempt to
+ generate. The maximum total number of temporary file names that
+ can exist for a given template is 62**6. It should never be
+ necessary to try all these combinations. Instead if a reasonable
+ number of names is tried (we define reasonable as 62**3) fail to
+ give the system administrator the chance to remove the problems. */
+#define ATTEMPTS_MIN (62 * 62 * 62)
+
+ /* The number of times to attempt to generate a temporary file. To
+ conform to POSIX, this must be no smaller than TMP_MAX. */
+#if ATTEMPTS_MIN < TMP_MAX
+ unsigned int attempts = TMP_MAX;
+#else
+ unsigned int attempts = ATTEMPTS_MIN;
+#endif
+
+ len = strlen (tmpl);
+ if (len < 6 || strcmp (&tmpl[len - 6], "XXXXXX"))
+ {
+ __set_errno (EINVAL);
+ return -1;
+ }
+
+ /* This is where the Xs start. */
+ XXXXXX = &tmpl[len - 6];
+
+ /* Get some more or less random data. */
+#ifdef RANDOM_BITS
+ RANDOM_BITS (random_time_bits);
+#else
+# if HAVE_GETTIMEOFDAY || _LIBC
+ {
+ struct timeval tv;
+ __gettimeofday (&tv, NULL);
+ random_time_bits = ((uint64_t) tv.tv_usec << 16) ^ tv.tv_sec;
+ }
+# else
+ random_time_bits = time (NULL);
+# endif
+#endif
+ value += random_time_bits ^ __getpid ();
+
+ for (count = 0; count < attempts; value += 7777, ++count)
+ {
+ uint64_t v = value;
+
+ /* Fill in the random bits. */
+ XXXXXX[0] = letters[v % 62];
+ v /= 62;
+ XXXXXX[1] = letters[v % 62];
+ v /= 62;
+ XXXXXX[2] = letters[v % 62];
+ v /= 62;
+ XXXXXX[3] = letters[v % 62];
+ v /= 62;
+ XXXXXX[4] = letters[v % 62];
+ v /= 62;
+ XXXXXX[5] = letters[v % 62];
+
+#ifdef MKDIR_TAKES_ONE_ARG
+ fd = mkdir (tmpl);
+#else
+ fd = __mkdir (tmpl, S_IRUSR | S_IWUSR | S_IXUSR);
+#endif
+
+ if (fd >= 0)
+ {
+ __set_errno (save_errno);
+ return fd;
+ }
+ else if (errno != EEXIST)
+ return -1;
+ }
+
+ /* We got out of the loop because we ran out of combinations to try. */
+ __set_errno (EEXIST);
+ return -1;
+}
+
+/* Generate a unique temporary directory from TEMPLATE.
+ The last six characters of TEMPLATE must be "XXXXXX";
+ they are replaced with a string that makes the filename unique.
+ The directory is created, mode 700, and its name is returned.
+ (This function comes from OpenBSD.) */
+char *
+mkdtemp (char *template)
+{
+ if (gen_tempname (template))
+ return NULL;
+ else
+ return template;
+}
diff --git a/gl/mkdtemp.h b/gl/mkdtemp.h
new file mode 100644
index 0000000..d331f3e
--- /dev/null
+++ b/gl/mkdtemp.h
@@ -0,0 +1,31 @@
+/* Creating a private temporary directory.
+ Copyright (C) 2001-2002 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see <http://www.gnu.org/licenses/>. */
+
+#if HAVE_MKDTEMP
+
+/* Get mkdtemp() declaration. */
+#include <stdlib.h>
+
+#else
+
+/* Create a unique temporary directory from TEMPLATE.
+ The last six characters of TEMPLATE must be "XXXXXX";
+ they are replaced with a string that makes the directory name unique.
+ Returns TEMPLATE, or a null pointer if it cannot get a unique name.
+ The directory is created mode 700. */
+extern char * mkdtemp (char *template);
+
+#endif
diff --git a/gl/setenv.c b/gl/setenv.c
new file mode 100644
index 0000000..7c03d62
--- /dev/null
+++ b/gl/setenv.c
@@ -0,0 +1,327 @@
+/* Copyright (C) 1992,1995-1999,2000-2003,2005,2006 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, see <http://www.gnu.org/licenses/>. */
+
+#if !_LIBC
+# include <config.h>
+#endif
+#include <alloca.h>
+
+#include <errno.h>
+#ifndef __set_errno
+# define __set_errno(ev) ((errno) = (ev))
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#if _LIBC || HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+
+#if !_LIBC
+# include "allocsa.h"
+#endif
+
+#if !_LIBC
+# define __environ environ
+# ifndef HAVE_ENVIRON_DECL
+extern char **environ;
+# endif
+#endif
+
+#if _LIBC
+/* This lock protects against simultaneous modifications of `environ'. */
+# include <bits/libc-lock.h>
+__libc_lock_define_initialized (static, envlock)
+# define LOCK __libc_lock_lock (envlock)
+# define UNLOCK __libc_lock_unlock (envlock)
+#else
+# define LOCK
+# define UNLOCK
+#endif
+
+/* In the GNU C library we must keep the namespace clean. */
+#ifdef _LIBC
+# define setenv __setenv
+# define clearenv __clearenv
+# define tfind __tfind
+# define tsearch __tsearch
+#endif
+
+/* In the GNU C library implementation we try to be more clever and
+ allow arbitrarily many changes of the environment given that the used
+ values are from a small set. Outside glibc this will eat up all
+ memory after a while. */
+#if defined _LIBC || (defined HAVE_SEARCH_H && defined HAVE_TSEARCH \
+ && defined __GNUC__)
+# define USE_TSEARCH 1
+# include <search.h>
+typedef int (*compar_fn_t) (const void *, const void *);
+
+/* This is a pointer to the root of the search tree with the known
+ values. */
+static void *known_values;
+
+# define KNOWN_VALUE(Str) \
+ ({ \
+ void *value = tfind (Str, &known_values, (compar_fn_t) strcmp); \
+ value != NULL ? *(char **) value : NULL; \
+ })
+# define STORE_VALUE(Str) \
+ tsearch (Str, &known_values, (compar_fn_t) strcmp)
+
+#else
+# undef USE_TSEARCH
+
+# define KNOWN_VALUE(Str) NULL
+# define STORE_VALUE(Str) do { } while (0)
+
+#endif
+
+
+/* If this variable is not a null pointer we allocated the current
+ environment. */
+static char **last_environ;
+
+
+/* This function is used by `setenv' and `putenv'. The difference between
+ the two functions is that for the former must create a new string which
+ is then placed in the environment, while the argument of `putenv'
+ must be used directly. This is all complicated by the fact that we try
+ to reuse values once generated for a `setenv' call since we can never
+ free the strings. */
+int
+__add_to_environ (const char *name, const char *value, const char *combined,
+ int replace)
+{
+ register char **ep;
+ register size_t size;
+ const size_t namelen = strlen (name);
+ const size_t vallen = value != NULL ? strlen (value) + 1 : 0;
+
+ LOCK;
+
+ /* We have to get the pointer now that we have the lock and not earlier
+ since another thread might have created a new environment. */
+ ep = __environ;
+
+ size = 0;
+ if (ep != NULL)
+ {
+ for (; *ep != NULL; ++ep)
+ if (!strncmp (*ep, name, namelen) && (*ep)[namelen] == '=')
+ break;
+ else
+ ++size;
+ }
+
+ if (ep == NULL || *ep == NULL)
+ {
+ char **new_environ;
+#ifdef USE_TSEARCH
+ char *new_value;
+#endif
+
+ /* We allocated this space; we can extend it. */
+ new_environ =
+ (char **) (last_environ == NULL
+ ? malloc ((size + 2) * sizeof (char *))
+ : realloc (last_environ, (size + 2) * sizeof (char *)));
+ if (new_environ == NULL)
+ {
+ UNLOCK;
+ return -1;
+ }
+
+ /* If the whole entry is given add it. */
+ if (combined != NULL)
+ /* We must not add the string to the search tree since it belongs
+ to the user. */
+ new_environ[size] = (char *) combined;
+ else
+ {
+ /* See whether the value is already known. */
+#ifdef USE_TSEARCH
+# ifdef _LIBC
+ new_value = (char *) alloca (namelen + 1 + vallen);
+ __mempcpy (__mempcpy (__mempcpy (new_value, name, namelen), "=", 1),
+ value, vallen);
+# else
+ new_value = (char *) allocsa (namelen + 1 + vallen);
+ if (new_value == NULL)
+ {
+ __set_errno (ENOMEM);
+ UNLOCK;
+ return -1;
+ }
+ memcpy (new_value, name, namelen);
+ new_value[namelen] = '=';
+ memcpy (&new_value[namelen + 1], value, vallen);
+# endif
+
+ new_environ[size] = KNOWN_VALUE (new_value);
+ if (new_environ[size] == NULL)
+#endif
+ {
+ new_environ[size] = (char *) malloc (namelen + 1 + vallen);
+ if (new_environ[size] == NULL)
+ {
+#if defined USE_TSEARCH && !defined _LIBC
+ freesa (new_value);
+#endif
+ __set_errno (ENOMEM);
+ UNLOCK;
+ return -1;
+ }
+
+#ifdef USE_TSEARCH
+ memcpy (new_environ[size], new_value, namelen + 1 + vallen);
+#else
+ memcpy (new_environ[size], name, namelen);
+ new_environ[size][namelen] = '=';
+ memcpy (&new_environ[size][namelen + 1], value, vallen);
+#endif
+ /* And save the value now. We cannot do this when we remove
+ the string since then we cannot decide whether it is a
+ user string or not. */
+ STORE_VALUE (new_environ[size]);
+ }
+#if defined USE_TSEARCH && !defined _LIBC
+ freesa (new_value);
+#endif
+ }
+
+ if (__environ != last_environ)
+ memcpy ((char *) new_environ, (char *) __environ,
+ size * sizeof (char *));
+
+ new_environ[size + 1] = NULL;
+
+ last_environ = __environ = new_environ;
+ }
+ else if (replace)
+ {
+ char *np;
+
+ /* Use the user string if given. */
+ if (combined != NULL)
+ np = (char *) combined;
+ else
+ {
+#ifdef USE_TSEARCH
+ char *new_value;
+# ifdef _LIBC
+ new_value = alloca (namelen + 1 + vallen);
+ __mempcpy (__mempcpy (__mempcpy (new_value, name, namelen), "=", 1),
+ value, vallen);
+# else
+ new_value = allocsa (namelen + 1 + vallen);
+ if (new_value == NULL)
+ {
+ __set_errno (ENOMEM);
+ UNLOCK;
+ return -1;
+ }
+ memcpy (new_value, name, namelen);
+ new_value[namelen] = '=';
+ memcpy (&new_value[namelen + 1], value, vallen);
+# endif
+
+ np = KNOWN_VALUE (new_value);
+ if (np == NULL)
+#endif
+ {
+ np = malloc (namelen + 1 + vallen);
+ if (np == NULL)
+ {
+#if defined USE_TSEARCH && !defined _LIBC
+ freesa (new_value);
+#endif
+ __set_errno (ENOMEM);
+ UNLOCK;
+ return -1;
+ }
+
+#ifdef USE_TSEARCH
+ memcpy (np, new_value, namelen + 1 + vallen);
+#else
+ memcpy (np, name, namelen);
+ np[namelen] = '=';
+ memcpy (&np[namelen + 1], value, vallen);
+#endif
+ /* And remember the value. */
+ STORE_VALUE (np);
+ }
+#if defined USE_TSEARCH && !defined _LIBC
+ freesa (new_value);
+#endif
+ }
+
+ *ep = np;
+ }
+
+ UNLOCK;
+
+ return 0;
+}
+
+int
+setenv (const char *name, const char *value, int replace)
+{
+ return __add_to_environ (name, value, NULL, replace);
+}
+
+/* The `clearenv' was planned to be added to POSIX.1 but probably
+ never made it. Nevertheless the POSIX.9 standard (POSIX bindings
+ for Fortran 77) requires this function. */
+int
+clearenv (void)
+{
+ LOCK;
+
+ if (__environ == last_environ && __environ != NULL)
+ {
+ /* We allocated this environment so we can free it. */
+ free (__environ);
+ last_environ = NULL;
+ }
+
+ /* Clear the environment pointer removes the whole environment. */
+ __environ = NULL;
+
+ UNLOCK;
+
+ return 0;
+}
+
+#ifdef _LIBC
+static void
+free_mem (void)
+{
+ /* Remove all traces. */
+ clearenv ();
+
+ /* Now remove the search tree. */
+ __tdestroy (known_values, free);
+ known_values = NULL;
+}
+text_set_element (__libc_subfreeres, free_mem);
+
+
+# undef setenv
+# undef clearenv
+weak_alias (__setenv, setenv)
+weak_alias (__clearenv, clearenv)
+#endif
diff --git a/gl/setenv.h b/gl/setenv.h
new file mode 100644
index 0000000..59baefe
--- /dev/null
+++ b/gl/setenv.h
@@ -0,0 +1,53 @@
+/* Setting environment variables.
+ Copyright (C) 2001-2004 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see <http://www.gnu.org/licenses/>. */
+
+#if HAVE_SETENV || HAVE_UNSETENV
+
+/* Get setenv(), unsetenv() declarations. */
+# include <stdlib.h>
+
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if !HAVE_SETENV
+
+/* Set NAME to VALUE in the environment.
+ If REPLACE is nonzero, overwrite an existing value. */
+extern int setenv (const char *name, const char *value, int replace);
+
+#endif
+
+#if HAVE_UNSETENV
+
+# if VOID_UNSETENV
+/* On some systems, unsetenv() returns void.
+ This is the case for FreeBSD 4.8, NetBSD 1.6, OpenBSD 3.4. */
+# define unsetenv(name) ((unsetenv)(name), 0)
+# endif
+
+#else
+
+/* Remove the variable NAME from the environment. */
+extern int unsetenv (const char *name);
+
+#endif
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/gl/size_max.h b/gl/size_max.h
new file mode 100644
index 0000000..a9a74e2
--- /dev/null
+++ b/gl/size_max.h
@@ -0,0 +1,30 @@
+/* size_max.h -- declare SIZE_MAX through system headers
+ Copyright (C) 2005-2006 Free Software Foundation, Inc.
+ Written by Simon Josefsson.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see <http://www.gnu.org/licenses/>. */
+
+#ifndef GNULIB_SIZE_MAX_H
+#define GNULIB_SIZE_MAX_H
+
+/* Get SIZE_MAX declaration on systems like Solaris 7/8/9. */
+# include <limits.h>
+/* Get SIZE_MAX declaration on systems like glibc 2. */
+# if HAVE_STDINT_H
+# include <stdint.h>
+# endif
+/* On systems where these include files don't define it, SIZE_MAX is defined
+ in config.h. */
+
+#endif /* GNULIB_SIZE_MAX_H */
diff --git a/gl/stdint_.h b/gl/stdint_.h
new file mode 100644
index 0000000..bc27595
--- /dev/null
+++ b/gl/stdint_.h
@@ -0,0 +1,491 @@
+/* Copyright (C) 2001-2002, 2004-2006 Free Software Foundation, Inc.
+ Written by Paul Eggert, Bruno Haible, Sam Steingold, Peter Burwood.
+ This file is part of gnulib.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see <http://www.gnu.org/licenses/>. */
+
+#ifndef _GL_STDINT_H
+#define _GL_STDINT_H
+
+/*
+ * ISO C 99 <stdint.h> for platforms that lack it.
+ * <http://www.opengroup.org/susv3xbd/stdint.h.html>
+ */
+
+/* Get those types that are already defined in other system include
+ files, so that we can "#define int8_t signed char" below without
+ worrying about a later system include file containing a "typedef
+ signed char int8_t;" that will get messed up by our macro. Our
+ macros should all be consistent with the system versions, except
+ for the "fast" types and macros, which we recommend against using
+ in public interfaces due to compiler differences. */
+
+#if @HAVE_STDINT_H@
+# if defined __sgi && ! defined __c99
+ /* Bypass IRIX's <stdint.h> if in C89 mode, since it merely annoys users
+ with "This header file is to be used only for c99 mode compilations"
+ diagnostics. */
+# define __STDINT_H__
+# endif
+ /* Other systems may have an incomplete or buggy <stdint.h>.
+ Include it before <inttypes.h>, since any "#include <stdint.h>"
+ in <inttypes.h> would reinclude us, skipping our contents because
+ _GL_STDINT_H is defined. */
+# include @ABSOLUTE_STDINT_H@
+#endif
+
+/* <sys/types.h> defines some of the stdint.h types as well, on glibc,
+ IRIX 6.5, and OpenBSD 3.8 (via <machine/types.h>).
+ MacOS X 10.4.6 <sys/types.h> includes <stdint.h> (which is us), but
+ relies on the system <stdint.h> definitions, so include
+ <sys/types.h> after @ABSOLUTE_STDINT_H@. */
+#if @HAVE_SYS_TYPES_H@
+# include <sys/types.h>
+#endif
+
+/* Get LONG_MIN, LONG_MAX, ULONG_MAX. */
+#include <limits.h>
+
+#if @HAVE_INTTYPES_H@
+ /* In OpenBSD 3.8, <inttypes.h> includes <machine/types.h>, which defines
+ int{8,16,32,64}_t, uint{8,16,32,64}_t and __BIT_TYPES_DEFINED__.
+ <inttypes.h> also defines intptr_t and uintptr_t. */
+# define _GL_JUST_INCLUDE_ABSOLUTE_INTTYPES_H
+# include <inttypes.h>
+# undef _GL_JUST_INCLUDE_ABSOLUTE_INTTYPES_H
+#elif @HAVE_SYS_INTTYPES_H@
+ /* Solaris 7 <sys/inttypes.h> has the types except the *_fast*_t types, and
+ the macros except for *_FAST*_*, INTPTR_MIN, PTRDIFF_MIN, PTRDIFF_MAX. */
+# include <sys/inttypes.h>
+#endif
+
+#if @HAVE_SYS_BITYPES_H@ && ! defined __BIT_TYPES_DEFINED__
+ /* Linux libc4 >= 4.6.7 and libc5 have a <sys/bitypes.h> that defines
+ int{8,16,32,64}_t and __BIT_TYPES_DEFINED__. In libc5 >= 5.2.2 it is
+ included by <sys/types.h>. */
+# include <sys/bitypes.h>
+#endif
+
+#if ! defined __cplusplus || defined __STDC_CONSTANT_MACROS
+
+/* Get WCHAR_MIN, WCHAR_MAX. */
+# if @HAVE_WCHAR_H@ && ! (defined WCHAR_MIN && defined WCHAR_MAX)
+ /* BSD/OS 4.1 has a bug: <stdio.h> and <time.h> must be included before
+ <wchar.h>. */
+# include <stdio.h>
+# include <time.h>
+# include <wchar.h>
+# endif
+
+#endif
+
+/* Minimum and maximum values for a integer type under the usual assumption.
+ Return an unspecified value if BITS == 0, adding a check to pacify
+ picky compilers. */
+
+#define _STDINT_MIN(signed, bits, zero) \
+ ((signed) ? (- ((zero) + 1) << ((bits) ? (bits) - 1 : 0)) : (zero))
+
+#define _STDINT_MAX(signed, bits, zero) \
+ ((signed) \
+ ? ~ _STDINT_MIN (signed, bits, zero) \
+ : ((((zero) + 1) << ((bits) ? (bits) - 1 : 0)) - 1) * 2 + 1)
+
+/* 7.18.1.1. Exact-width integer types */
+
+/* Here we assume a standard architecture where the hardware integer
+ types have 8, 16, 32, optionally 64 bits. */
+
+#undef int8_t
+#undef uint8_t
+#define int8_t signed char
+#define uint8_t unsigned char
+
+#undef int16_t
+#undef uint16_t
+#define int16_t short int
+#define uint16_t unsigned short int
+
+#undef int32_t
+#undef uint32_t
+#define int32_t int
+#define uint32_t unsigned int
+
+#undef int64_t
+#if LONG_MAX >> 31 >> 31 == 1
+# define int64_t long int
+#elif defined _MSC_VER
+# define int64_t __int64
+#elif @HAVE_LONG_LONG_INT@
+# define int64_t long long int
+#endif
+
+#undef uint64_t
+#if ULONG_MAX >> 31 >> 31 >> 1 == 1
+# define uint64_t unsigned long int
+#elif defined _MSC_VER
+# define uint64_t unsigned __int64
+#elif @HAVE_UNSIGNED_LONG_LONG_INT@
+# define uint64_t unsigned long long int
+#endif
+
+/* Avoid collision with Solaris 2.5.1 <pthread.h> etc. */
+#define _UINT8_T
+#define _UINT32_T
+#define _UINT64_T
+
+
+/* 7.18.1.2. Minimum-width integer types */
+
+/* Here we assume a standard architecture where the hardware integer
+ types have 8, 16, 32, optionally 64 bits. Therefore the leastN_t types
+ are the same as the corresponding N_t types. */
+
+#undef int_least8_t
+#undef uint_least8_t
+#undef int_least16_t
+#undef uint_least16_t
+#undef int_least32_t
+#undef uint_least32_t
+#undef int_least64_t
+#undef uint_least64_t
+#define int_least8_t int8_t
+#define uint_least8_t uint8_t
+#define int_least16_t int16_t
+#define uint_least16_t uint16_t
+#define int_least32_t int32_t
+#define uint_least32_t uint32_t
+#ifdef int64_t
+# define int_least64_t int64_t
+#endif
+#ifdef uint64_t
+# define uint_least64_t uint64_t
+#endif
+
+/* 7.18.1.3. Fastest minimum-width integer types */
+
+/* Note: Other <stdint.h> substitutes may define these types differently.
+ It is not recommended to use these types in public header files. */
+
+/* Here we assume a standard architecture where the hardware integer
+ types have 8, 16, 32, optionally 64 bits. Therefore the fastN_t types
+ are taken from the same list of types. Assume that 'long int'
+ is fast enough for all narrower integers. */
+
+#undef int_fast8_t
+#undef uint_fast8_t
+#undef int_fast16_t
+#undef uint_fast16_t
+#undef int_fast32_t
+#undef uint_fast32_t
+#undef int_fast64_t
+#undef uint_fast64_t
+#define int_fast8_t long int
+#define uint_fast8_t unsigned int_fast8_t
+#define int_fast16_t long int
+#define uint_fast16_t unsigned int_fast16_t
+#define int_fast32_t long int
+#define uint_fast32_t unsigned int_fast32_t
+#ifdef int64_t
+# define int_fast64_t int64_t
+#endif
+#ifdef uint64_t
+# define uint_fast64_t uint64_t
+#endif
+
+/* 7.18.1.4. Integer types capable of holding object pointers */
+
+#undef intptr_t
+#undef uintptr_t
+#define intptr_t long int
+#define uintptr_t unsigned long int
+
+/* 7.18.1.5. Greatest-width integer types */
+
+/* Note: These types are compiler dependent. It may be unwise to use them in
+ public header files. */
+
+#undef intmax_t
+#if @HAVE_LONG_LONG_INT@ && LONG_MAX >> 30 == 1
+# define intmax_t long long int
+#elif defined int64_t
+# define intmax_t int64_t
+#else
+# define intmax_t long int
+#endif
+
+#undef uintmax_t
+#if @HAVE_UNSIGNED_LONG_LONG_INT@ && ULONG_MAX >> 31 == 1
+# define uintmax_t unsigned long long int
+#elif defined int64_t
+# define uintmax_t uint64_t
+#else
+# define uintmax_t unsigned long int
+#endif
+
+/* 7.18.2. Limits of specified-width integer types */
+
+#if ! defined __cplusplus || defined __STDC_LIMIT_MACROS
+
+/* 7.18.2.1. Limits of exact-width integer types */
+
+/* Here we assume a standard architecture where the hardware integer
+ types have 8, 16, 32, optionally 64 bits. */
+
+#undef INT8_MIN
+#undef INT8_MAX
+#undef UINT8_MAX
+#define INT8_MIN (~ INT8_MAX)
+#define INT8_MAX 127
+#define UINT8_MAX 255
+
+#undef INT16_MIN
+#undef INT16_MAX
+#undef UINT16_MAX
+#define INT16_MIN (~ INT16_MAX)
+#define INT16_MAX 32767
+#define UINT16_MAX 65535
+
+#undef INT32_MIN
+#undef INT32_MAX
+#undef UINT32_MAX
+#define INT32_MIN (~ INT32_MAX)
+#define INT32_MAX 2147483647
+#define UINT32_MAX 4294967295U
+
+#undef INT64_MIN
+#undef INT64_MAX
+#ifdef int64_t
+# define INT64_MIN (~ INT64_MAX)
+# define INT64_MAX INTMAX_C (9223372036854775807)
+#endif
+
+#undef UINT64_MAX
+#ifdef uint64_t
+# define UINT64_MAX UINTMAX_C (18446744073709551615)
+#endif
+
+/* 7.18.2.2. Limits of minimum-width integer types */
+
+/* Here we assume a standard architecture where the hardware integer
+ types have 8, 16, 32, optionally 64 bits. Therefore the leastN_t types
+ are the same as the corresponding N_t types. */
+
+#undef INT_LEAST8_MIN
+#undef INT_LEAST8_MAX
+#undef UINT_LEAST8_MAX
+#define INT_LEAST8_MIN INT8_MIN
+#define INT_LEAST8_MAX INT8_MAX
+#define UINT_LEAST8_MAX UINT8_MAX
+
+#undef INT_LEAST16_MIN
+#undef INT_LEAST16_MAX
+#undef UINT_LEAST16_MAX
+#define INT_LEAST16_MIN INT16_MIN
+#define INT_LEAST16_MAX INT16_MAX
+#define UINT_LEAST16_MAX UINT16_MAX
+
+#undef INT_LEAST32_MIN
+#undef INT_LEAST32_MAX
+#undef UINT_LEAST32_MAX
+#define INT_LEAST32_MIN INT32_MIN
+#define INT_LEAST32_MAX INT32_MAX
+#define UINT_LEAST32_MAX UINT32_MAX
+
+#undef INT_LEAST64_MIN
+#undef INT_LEAST64_MAX
+#ifdef int64_t
+# define INT_LEAST64_MIN INT64_MIN
+# define INT_LEAST64_MAX INT64_MAX
+#endif
+
+#undef UINT_LEAST64_MAX
+#ifdef uint64_t
+# define UINT_LEAST64_MAX UINT64_MAX
+#endif
+
+/* 7.18.2.3. Limits of fastest minimum-width integer types */
+
+/* Here we assume a standard architecture where the hardware integer
+ types have 8, 16, 32, optionally 64 bits. Therefore the fastN_t types
+ are taken from the same list of types. */
+
+#undef INT_FAST8_MIN
+#undef INT_FAST8_MAX
+#undef UINT_FAST8_MAX
+#define INT_FAST8_MIN LONG_MIN
+#define INT_FAST8_MAX LONG_MAX
+#define UINT_FAST8_MAX ULONG_MAX
+
+#undef INT_FAST16_MIN
+#undef INT_FAST16_MAX
+#undef UINT_FAST16_MAX
+#define INT_FAST16_MIN LONG_MIN
+#define INT_FAST16_MAX LONG_MAX
+#define UINT_FAST16_MAX ULONG_MAX
+
+#undef INT_FAST32_MIN
+#undef INT_FAST32_MAX
+#undef UINT_FAST32_MAX
+#define INT_FAST32_MIN LONG_MIN
+#define INT_FAST32_MAX LONG_MAX
+#define UINT_FAST32_MAX ULONG_MAX
+
+#undef INT_FAST64_MIN
+#undef INT_FAST64_MAX
+#ifdef int64_t
+# define INT_FAST64_MIN INT64_MIN
+# define INT_FAST64_MAX INT64_MAX
+#endif
+
+#undef UINT_FAST64_MAX
+#ifdef uint64_t
+# define UINT_FAST64_MAX UINT64_MAX
+#endif
+
+/* 7.18.2.4. Limits of integer types capable of holding object pointers */
+
+#undef INTPTR_MIN
+#undef INTPTR_MAX
+#undef UINTPTR_MAX
+#define INTPTR_MIN LONG_MIN
+#define INTPTR_MAX LONG_MAX
+#define UINTPTR_MAX ULONG_MAX
+
+/* 7.18.2.5. Limits of greatest-width integer types */
+
+#undef INTMAX_MIN
+#undef INTMAX_MAX
+#define INTMAX_MIN (~ INTMAX_MAX)
+#ifdef INT64_MAX
+# define INTMAX_MAX INT64_MAX
+#else
+# define INTMAX_MAX INT32_MAX
+#endif
+
+#undef UINTMAX_MAX
+#ifdef UINT64_MAX
+# define UINTMAX_MAX UINT64_MAX
+#else
+# define UINTMAX_MAX UINT32_MAX
+#endif
+
+/* 7.18.3. Limits of other integer types */
+
+/* ptrdiff_t limits */
+#undef PTRDIFF_MIN
+#undef PTRDIFF_MAX
+#define PTRDIFF_MIN \
+ _STDINT_MIN (1, @BITSIZEOF_PTRDIFF_T@, 0@PTRDIFF_T_SUFFIX@)
+#define PTRDIFF_MAX \
+ _STDINT_MAX (1, @BITSIZEOF_PTRDIFF_T@, 0@PTRDIFF_T_SUFFIX@)
+
+/* sig_atomic_t limits */
+#undef SIG_ATOMIC_MIN
+#undef SIG_ATOMIC_MAX
+#define SIG_ATOMIC_MIN \
+ _STDINT_MIN (@HAVE_SIGNED_SIG_ATOMIC_T@, @BITSIZEOF_SIG_ATOMIC_T@, \
+ 0@SIG_ATOMIC_T_SUFFIX@)
+#define SIG_ATOMIC_MAX \
+ _STDINT_MAX (@HAVE_SIGNED_SIG_ATOMIC_T@, @BITSIZEOF_SIG_ATOMIC_T@, \
+ 0@SIG_ATOMIC_T_SUFFIX@)
+
+
+/* size_t limit */
+#undef SIZE_MAX
+#define SIZE_MAX _STDINT_MAX (0, @BITSIZEOF_SIZE_T@, 0@SIZE_T_SUFFIX@)
+
+/* wchar_t limits */
+#undef WCHAR_MIN
+#undef WCHAR_MAX
+#define WCHAR_MIN \
+ _STDINT_MIN (@HAVE_SIGNED_WCHAR_T@, @BITSIZEOF_WCHAR_T@, 0@WCHAR_T_SUFFIX@)
+#define WCHAR_MAX \
+ _STDINT_MAX (@HAVE_SIGNED_WCHAR_T@, @BITSIZEOF_WCHAR_T@, 0@WCHAR_T_SUFFIX@)
+
+/* wint_t limits */
+#undef WINT_MIN
+#undef WINT_MAX
+#define WINT_MIN \
+ _STDINT_MIN (@HAVE_SIGNED_WINT_T@, @BITSIZEOF_WINT_T@, 0@WINT_T_SUFFIX@)
+#define WINT_MAX \
+ _STDINT_MAX (@HAVE_SIGNED_WINT_T@, @BITSIZEOF_WINT_T@, 0@WINT_T_SUFFIX@)
+
+#endif /* !defined __cplusplus || defined __STDC_LIMIT_MACROS */
+
+/* 7.18.4. Macros for integer constants */
+
+#if ! defined __cplusplus || defined __STDC_CONSTANT_MACROS
+
+/* 7.18.4.1. Macros for minimum-width integer constants */
+/* According to ISO C 99 Technical Corrigendum 1 */
+
+/* Here we assume a standard architecture where the hardware integer
+ types have 8, 16, 32, optionally 64 bits, and int is 32 bits. */
+
+#undef INT8_C
+#undef UINT8_C
+#define INT8_C(x) x
+#define UINT8_C(x) x
+
+#undef INT16_C
+#undef UINT16_C
+#define INT16_C(x) x
+#define UINT16_C(x) x
+
+#undef INT32_C
+#undef UINT32_C
+#define INT32_C(x) x
+#define UINT32_C(x) x ## U
+
+#undef INT64_C
+#undef UINT64_C
+#if LONG_MAX >> 31 >> 31 == 1
+# define INT64_C(x) x##L
+#elif defined _MSC_VER
+# define INT64_C(x) x##i64
+#elif @HAVE_LONG_LONG_INT@
+# define INT64_C(x) x##LL
+#endif
+#if ULONG_MAX >> 31 >> 31 >> 1 == 1
+# define UINT64_C(x) x##UL
+#elif defined _MSC_VER
+# define UINT64_C(x) x##ui64
+#elif @HAVE_UNSIGNED_LONG_LONG_INT@
+# define UINT64_C(x) x##ULL
+#endif
+
+/* 7.18.4.2. Macros for greatest-width integer constants */
+
+#undef INTMAX_C
+#if @HAVE_LONG_LONG_INT@ && LONG_MAX >> 30 == 1
+# define INTMAX_C(x) x##LL
+#elif defined int64_t
+# define INTMAX_C(x) INT64_C(x)
+#else
+# define INTMAX_C(x) x##L
+#endif
+
+#undef UINTMAX_C
+#if @HAVE_UNSIGNED_LONG_LONG_INT@ && ULONG_MAX >> 31 == 1
+# define UINTMAX_C(x) x##ULL
+#elif defined uint64_t
+# define UINTMAX_C(x) UINT64_C(x)
+#else
+# define UINTMAX_C(x) x##UL
+#endif
+
+#endif /* !defined __cplusplus || defined __STDC_CONSTANT_MACROS */
+
+#endif /* _GL_STDINT_H */
diff --git a/gl/strpbrk.c b/gl/strpbrk.c
new file mode 100644
index 0000000..0149257
--- /dev/null
+++ b/gl/strpbrk.c
@@ -0,0 +1,41 @@
+/* Copyright (C) 1991, 1994, 2000, 2002-2003, 2006 Free Software
+ Foundation, Inc.
+
+ NOTE: The canonical source of this file is maintained with the GNU C Library.
+ Bugs can be reported to bug-glibc@prep.ai.mit.edu.
+
+ This program is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by the
+ Free Software Foundation; either version 3, or (at your option) any
+ later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see <http://www.gnu.org/licenses/>. */
+
+#include <config.h>
+
+#include <stddef.h>
+#include <string.h>
+
+#undef strpbrk
+
+/* Find the first occurrence in S of any character in ACCEPT. */
+char *
+strpbrk (const char *s, const char *accept)
+{
+ while (*s != '\0')
+ {
+ const char *a = accept;
+ while (*a != '\0')
+ if (*a++ == *s)
+ return (char *) s;
+ ++s;
+ }
+
+ return NULL;
+}
diff --git a/gl/strpbrk.h b/gl/strpbrk.h
new file mode 100644
index 0000000..2c28556
--- /dev/null
+++ b/gl/strpbrk.h
@@ -0,0 +1,27 @@
+/* Searching in a string.
+ Copyright (C) 2001-2002 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see <http://www.gnu.org/licenses/>. */
+
+#if HAVE_STRPBRK
+
+/* Get strpbrk() declaration. */
+#include <string.h>
+
+#else
+
+/* Find the first occurrence in S of any character in ACCEPT. */
+extern char *strpbrk (const char *s, const char *accept);
+
+#endif
diff --git a/gl/unsetenv.c b/gl/unsetenv.c
new file mode 100644
index 0000000..76b707c
--- /dev/null
+++ b/gl/unsetenv.c
@@ -0,0 +1,91 @@
+/* Copyright (C) 1992,1995-1999,2000-2002,2005-2006 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, see <http://www.gnu.org/licenses/>. */
+
+#include <config.h>
+
+#include <errno.h>
+#if !_LIBC
+# define __set_errno(ev) ((errno) = (ev))
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#if !_LIBC
+# define __environ environ
+# ifndef HAVE_ENVIRON_DECL
+extern char **environ;
+# endif
+#endif
+
+#if _LIBC
+/* This lock protects against simultaneous modifications of `environ'. */
+# include <bits/libc-lock.h>
+__libc_lock_define_initialized (static, envlock)
+# define LOCK __libc_lock_lock (envlock)
+# define UNLOCK __libc_lock_unlock (envlock)
+#else
+# define LOCK
+# define UNLOCK
+#endif
+
+/* In the GNU C library we must keep the namespace clean. */
+#ifdef _LIBC
+# define unsetenv __unsetenv
+#endif
+
+
+int
+unsetenv (const char *name)
+{
+ size_t len;
+ char **ep;
+
+ if (name == NULL || *name == '\0' || strchr (name, '=') != NULL)
+ {
+ __set_errno (EINVAL);
+ return -1;
+ }
+
+ len = strlen (name);
+
+ LOCK;
+
+ ep = __environ;
+ while (*ep != NULL)
+ if (!strncmp (*ep, name, len) && (*ep)[len] == '=')
+ {
+ /* Found it. Remove this pointer by moving later ones back. */
+ char **dp = ep;
+
+ do
+ dp[0] = dp[1];
+ while (*dp++);
+ /* Continue the loop in case NAME appears again. */
+ }
+ else
+ ++ep;
+
+ UNLOCK;
+
+ return 0;
+}
+
+#ifdef _LIBC
+# undef unsetenv
+weak_alias (__unsetenv, unsetenv)
+#endif
diff --git a/gl/xsize.h b/gl/xsize.h
new file mode 100644
index 0000000..17a6080
--- /dev/null
+++ b/gl/xsize.h
@@ -0,0 +1,107 @@
+/* xsize.h -- Checked size_t computations.
+
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see <http://www.gnu.org/licenses/>. */
+
+#ifndef _XSIZE_H
+#define _XSIZE_H
+
+/* Get size_t. */
+#include <stddef.h>
+
+/* Get SIZE_MAX. */
+#include <limits.h>
+#if HAVE_STDINT_H
+# include <stdint.h>
+#endif
+
+/* The size of memory objects is often computed through expressions of
+ type size_t. Example:
+ void* p = malloc (header_size + n * element_size).
+ These computations can lead to overflow. When this happens, malloc()
+ returns a piece of memory that is way too small, and the program then
+ crashes while attempting to fill the memory.
+ To avoid this, the functions and macros in this file check for overflow.
+ The convention is that SIZE_MAX represents overflow.
+ malloc (SIZE_MAX) is not guaranteed to fail -- think of a malloc
+ implementation that uses mmap --, it's recommended to use size_overflow_p()
+ or size_in_bounds_p() before invoking malloc().
+ The example thus becomes:
+ size_t size = xsum (header_size, xtimes (n, element_size));
+ void *p = (size_in_bounds_p (size) ? malloc (size) : NULL);
+*/
+
+/* Convert an arbitrary value >= 0 to type size_t. */
+#define xcast_size_t(N) \
+ ((N) <= SIZE_MAX ? (size_t) (N) : SIZE_MAX)
+
+/* Sum of two sizes, with overflow check. */
+static inline size_t
+#if __GNUC__ >= 3
+__attribute__ ((__pure__))
+#endif
+xsum (size_t size1, size_t size2)
+{
+ size_t sum = size1 + size2;
+ return (sum >= size1 ? sum : SIZE_MAX);
+}
+
+/* Sum of three sizes, with overflow check. */
+static inline size_t
+#if __GNUC__ >= 3
+__attribute__ ((__pure__))
+#endif
+xsum3 (size_t size1, size_t size2, size_t size3)
+{
+ return xsum (xsum (size1, size2), size3);
+}
+
+/* Sum of four sizes, with overflow check. */
+static inline size_t
+#if __GNUC__ >= 3
+__attribute__ ((__pure__))
+#endif
+xsum4 (size_t size1, size_t size2, size_t size3, size_t size4)
+{
+ return xsum (xsum (xsum (size1, size2), size3), size4);
+}
+
+/* Maximum of two sizes, with overflow check. */
+static inline size_t
+#if __GNUC__ >= 3
+__attribute__ ((__pure__))
+#endif
+xmax (size_t size1, size_t size2)
+{
+ /* No explicit check is needed here, because for any n:
+ max (SIZE_MAX, n) == SIZE_MAX and max (n, SIZE_MAX) == SIZE_MAX. */
+ return (size1 >= size2 ? size1 : size2);
+}
+
+/* Multiplication of a count with an element size, with overflow check.
+ The count must be >= 0 and the element size must be > 0.
+ This is a macro, not an inline function, so that it works correctly even
+ when N is of a wider tupe and N > SIZE_MAX. */
+#define xtimes(N, ELSIZE) \
+ ((N) <= SIZE_MAX / (ELSIZE) ? (size_t) (N) * (ELSIZE) : SIZE_MAX)
+
+/* Check for overflow. */
+#define size_overflow_p(SIZE) \
+ ((SIZE) == SIZE_MAX)
+/* Check against overflow. */
+#define size_in_bounds_p(SIZE) \
+ ((SIZE) != SIZE_MAX)
+
+#endif /* _XSIZE_H */
diff --git a/include/ChangeLog-2011 b/include/ChangeLog-2011
new file mode 100644
index 0000000..7098427
--- /dev/null
+++ b/include/ChangeLog-2011
@@ -0,0 +1,444 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2011-07-01 Werner Koch <wk@g10code.com>
+
+ * cipher.h (PUBKEY_ALGO_ECDH, PUBKEY_ALGO_ECDSA): New.
+
+2009-08-20 Daiki Ueno <ueno@unixuser.org> (wk)
+
+ * cipher.h (struct DEK): Add field S2K_CACHEID.
+
+2008-04-18 Werner Koch <wk@g10code.com>
+
+ * cipher.h (CIPHER_ALGO_CAMELLIA256): Change ID to 13.
+ (CIPHER_ALGO_CAMELLIA192): New.
+
+2007-12-12 Werner Koch <wk@g10code.com>
+
+ * cipher.h (CIPHER_ALGO_CAMELLIA128, CIPHER_ALGO_CAMELLIA256): New.
+
+2006-09-20 Werner Koch <wk@g10code.com>
+
+ * errors.h, http.h, memory.h, mpi.h, util.h, i18n.h: Removed.
+ * Makefile.am: New.
+ * distfiles: Removed.
+
+2006-08-16 Werner Koch <wk@g10code.com>
+
+ * keyserver.h: Moved to ../common.
+ * http.h: Retired.
+
+2006-04-28 Werner Koch <wk@g10code.com>
+
+ * cipher.h (DIGEST_ALGO_SHA224): Define it.
+
+2006-04-18 Werner Koch <wk@g10code.com>
+
+ * keyserver.h, i18n.h, http.h, cipher.h: Updated to gpg 1.4.3.
+
+2003-09-04 David Shaw <dshaw@jabberwocky.com>
+
+ * cipher.h: Drop TIGER/192 support.
+
+ * types.h: Prefer using uint64_t when creating a 64-bit unsigned
+ type. This avoids a warning on compilers that support but complain
+ about unsigned long long.
+
+ * util.h: Make sure that only ascii is passed to isfoo
+ functions. (From Werner on stable branch).
+
+2003-09-04 Werner Koch <wk@gnupg.org>
+
+ * cipher.h (PUBKEY_USAGE_AUTH): Added.
+
+2003-07-03 Werner Koch <wk@gnupg.org>
+
+ * cipher.h (DBG_CIPHER,g10c_debug_mode): Removed.
+
+2003-06-11 Werner Koch <wk@gnupg.org>
+
+ * cipher.h: Include gcrypt.h and mapped cipher algo names to
+ gcrypt ones. Removed twofish_old and skipjack. Removed all
+ handle definitions and other raerely used stuff. This file will
+ eventually be entirely removed.
+
+2003-06-10 Werner Koch <wk@gnupg.org>
+
+ * types.h (struct strlist): Removed.
+
+2003-05-24 David Shaw <dshaw@jabberwocky.com>
+
+ * cipher.h, i18n.h, iobuf.h, memory.h, mpi.h, types.h, util.h:
+ Edit all preprocessor instructions to remove whitespace before the
+ '#'. This is not required by C89, but there are some compilers
+ out there that don't like it.
+
+2003-05-14 David Shaw <dshaw@jabberwocky.com>
+
+ * types.h: Add initializer macros for 64-bit unsigned type.
+
+2003-05-02 David Shaw <dshaw@jabberwocky.com>
+
+ * cipher.h: Add constants for compression algorithms.
+
+2003-03-11 David Shaw <dshaw@jabberwocky.com>
+
+ * http.h: Add HTTP_FLAG_TRY_SRV.
+
+2003-02-11 David Shaw <dshaw@jabberwocky.com>
+
+ * types.h: Try and use uint64_t for a 64-bit type.
+
+2003-02-04 David Shaw <dshaw@jabberwocky.com>
+
+ * cipher.h: Add constants for new SHAs.
+
+2002-11-13 David Shaw <dshaw@jabberwocky.com>
+
+ * util.h [__CYGWIN32__]: Don't need the registry prototypes. From
+ Werner on stable branch.
+
+2002-11-06 David Shaw <dshaw@jabberwocky.com>
+
+ * util.h: Add wipememory2() macro (same as wipememory, but can
+ specify the byte to wipe with).
+
+2002-10-31 Stefan Bellon <sbellon@sbellon.de>
+
+ * util.h [__riscos__]: Prefixed all RISC OS prototypes with
+ riscos_*
+
+ * zlib-riscos.h: New. This is macro magic in order to make the
+ zlib library calls indeed call the RISC OS ZLib module.
+
+2002-10-31 David Shaw <dshaw@jabberwocky.com>
+
+ * util.h: Add wipememory() macro.
+
+2002-10-29 Stefan Bellon <sbellon@sbellon.de>
+
+ * util.h: Added parameter argument to make_basename() needed for
+ filetype support.
+ [__riscos__]: Added prototype.
+
+2002-10-28 Stefan Bellon <sbellon@sbellon.de>
+
+ * util.h [__riscos__]: Added prototypes for new filetype support.
+
+2002-10-19 David Shaw <dshaw@jabberwocky.com>
+
+ * distfiles, _regex.h: Add _regex.h from glibc 2.3.1.
+
+2002-10-14 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.h: Go to KEYSERVER_PROTO_VERSION 1.
+
+2002-10-08 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.h: Add new error code KEYSERVER_UNREACHABLE.
+
+2002-10-03 David Shaw <dshaw@jabberwocky.com>
+
+ * util.h: Add new log_warning logger command which can be switched
+ between log_info and log_error via log_set_strict.
+
+2002-09-24 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.h: Add some new error codes for better GPA support.
+
+2002-09-10 Werner Koch <wk@gnupg.org>
+
+ * mpi.h (mpi_is_protected, mpi_set_protect_flag)
+ (mpi_clear_protect_flag): Removed.
+ (mpi_get_nbit_info, mpi_set_nbit_info): Removed.
+
+2002-08-13 David Shaw <dshaw@jabberwocky.com>
+
+ * cipher.h: Add AES aliases for RIJNDAEL algo numbers.
+
+2002-08-07 David Shaw <dshaw@jabberwocky.com>
+
+ * cipher.h: Add md_algo_present().
+
+2002-08-06 Stefan Bellon <sbellon@sbellon.de>
+
+ * util.h [__riscos__]: Added riscos_getchar().
+
+2002-06-21 Stefan Bellon <sbellon@sbellon.de>
+
+ * util.h [__riscos__]: Further moving away of RISC OS specific
+ stuff from general code.
+
+2002-06-20 Stefan Bellon <sbellon@sbellon.de>
+
+ * util.h [__riscos__]: Added riscos_set_filetype().
+
+2002-06-14 David Shaw <dshaw@jabberwocky.com>
+
+ * util.h: Add pop_strlist() from strgutil.c.
+
+2002-06-07 Stefan Bellon <sbellon@sbellon.de>
+
+ * util.h [__riscos__]: RISC OS needs strings.h for strcasecmp()
+ and strncasecmp().
+
+2002-05-22 Werner Koch <wk@gnupg.org>
+
+ * util.h: Add strncasecmp. Removed stricmp and memicmp.
+
+2002-05-10 Stefan Bellon <sbellon@sbellon.de>
+
+ * mpi.h: New function mpi_debug_alloc_like for M_DEBUG.
+
+ * util.h [__riscos__]: Make use of __func__ that later
+ Norcroft compiler provides.
+
+ * memory.h: Fixed wrong definition of m_alloc_secure_clear.
+
+2002-04-23 David Shaw <dshaw@jabberwocky.com>
+
+ * util.h: New function answer_is_yes_no_default() to give a
+ default answer.
+
+2002-04-22 Stefan Bellon <sbellon@sbellon.de>
+
+ * util.h [__riscos__]: Removed riscos_open, riscos_fopen and
+ riscos_fstat as those special versions aren't needed anymore.
+
+2002-02-19 David Shaw <dshaw@jabberwocky.com>
+
+ * keyserver.h: Add KEYSERVER_NOT_SUPPORTED for unsupported actions
+ (say, a keyserver that has no way to search, or a readonly
+ keyserver that has no way to add).
+
+2002-01-02 Stefan Bellon <sbellon@sbellon.de>
+
+ * util.h [__riscos__]: Updated prototype list.
+
+ * types.h [__riscos__]: Changed comment wording.
+
+2001-12-27 David Shaw <dshaw@jabberwocky.com>
+
+ * KEYSERVER_SCHEME_NOT_FOUND should be 127 to match the POSIX
+ system() (via /bin/sh) way of signaling this.
+
+ * Added G10ERR_KEYSERVER
+
+2001-12-27 Werner Koch <wk@gnupg.org>
+
+ * util.h [MINGW32]: Fixed name of include file.
+
+2001-12-22 Timo Schulz <ts@winpt.org>
+
+ * util.h (is_file_compressed): New.
+
+2001-12-19 Werner Koch <wk@gnupg.org>
+
+ * util.h [CYGWIN32]: Allow this as an alias for MINGW32. Include
+ stdarg.h becuase we use the va_list type. By Disastry.
+
+2001-09-28 Werner Koch <wk@gnupg.org>
+
+ * cipher.h (PUBKEY_USAGE_CERT): New.
+
+2001-09-07 Werner Koch <wk@gnupg.org>
+
+ * util.h: Add strsep().
+
+2001-08-30 Werner Koch <wk@gnupg.org>
+
+ * cipher.h (DEK): Added use_mdc.
+
+2001-08-24 Werner Koch <wk@gnupg.org>
+
+ * cipher.h (md_write): Made buf arg const.
+
+2001-08-20 Werner Koch <wk@gnupg.org>
+
+ * cipher.h (DEK): Added algo_info_printed;
+
+ * util.h [__riscos__]: Added prototypes and made sure that we
+ never use __attribute__.
+ * cipher.h, iobuf.h, memory.h, mpi.h [__riscos__]: extern hack.
+ * i18n.h [__riscos__]: Use another include file
+
+2001-05-30 Werner Koch <wk@gnupg.org>
+
+ * ttyio.h (tty_printf): Add missing parenthesis for non gcc.
+ * http.h: Removed trailing comma to make old ccs happy. Both are
+ by Albert Chin.
+
+2001-05-25 Werner Koch <wk@gnupg.org>
+
+ * ttyio.h (tty_printf): Add printf attribute.
+
+2001-04-23 Werner Koch <wk@gnupg.org>
+
+ * http.h: New flag HTTP_FLAG_NO_SHUTDOWN.
+
+2001-04-13 Werner Koch <wk@gnupg.org>
+
+ * iobuf.h: Removed iobuf_fopen.
+
+2001-03-01 Werner Koch <wk@gnupg.org>
+
+ * errors.h (G10ERR_UNU_SECKEY,G10ERR_UNU_PUBKEY): New
+
+2000-11-30 Werner Koch <wk@gnupg.org>
+
+ * iobuf.h (iobuf_translate_file_handle): Add prototype.
+
+2000-11-11 Paul Eggert <eggert@twinsun.com>
+
+ * iobuf.h (iobuf_get_filelength): Now returns off_t, not u32.
+ (struct iobuf_struct, iobuf_set_limit,
+ iobuf_tell, iobuf_seek): Use off_t, not ulong, for file offsets.
+
+2000-10-12 Werner Koch <wk@gnupg.org>
+
+ * mpi.h: Changed the way mpi_limb_t is defined.
+
+Wed Sep 6 17:55:47 CEST 2000 Werner Koch <wk@openit.de>
+
+ * iobuf.c (IOBUF_FILELENGTH_LIMIT): New.
+
+2000-03-14 14:03:43 Werner Koch (wk@habibti.openit.de)
+
+ * types.h (HAVE_U64_TYPEDEF): Defined depending on configure test.
+
+Thu Jan 13 19:31:58 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * types.h (HAVE_U64_TYPEDEF): Add a test for _LONGLONG which fixes
+ this long living SGI bug. Reported by Alec Habig.
+
+Sat Dec 4 12:30:28 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * iobuf.h (IOBUFCTRL_CANCEL): Nww.
+
+Mon Oct 4 21:23:04 CEST 1999 Werner Koch <wk@gnupg.de>
+
+ * errors.h (G10ERR_NOT_PROCESSED): New.
+
+Wed Sep 15 16:22:17 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+
+ * i18n.h: Add support for simple-gettext.
+
+Tue Jun 29 21:44:25 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+
+ * util.h (stricmp): Use strcasecmp as replacement.
+
+Sat Jun 26 12:15:59 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+
+ * cipher.h (MD_HANDLE): Assigned a structure name.
+
+Fri Apr 9 12:26:25 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * cipher.h (BLOWFISH160): Removed.
+
+Tue Apr 6 19:58:12 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * cipher.h (DEK): increased max. key length to 32 bytes
+
+
+Sat Feb 20 21:40:49 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * g10lib.h: Removed file and changed all files that includes this.
+
+Tue Feb 16 14:10:02 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * types.h (STRLIST): Add field flags.
+
+Wed Feb 10 17:15:39 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * cipher.h (CIPHER_ALGO_TWOFISH): Chnaged ID to 10 and renamed
+ the old experimenatl algorithm to xx_OLD.
+
+Thu Jan 7 18:00:58 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * cipher.h (MD_BUFFER_SIZE): Removed.
+
+Mon Dec 14 21:18:49 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * types.h: fix for SUNPRO_C
+
+Tue Dec 8 13:15:16 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * mpi.h (MPI): Changed the structure name to gcry_mpi and
+ changed all users.
+
+Tue Oct 20 11:40:00 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * iobuf.h (iobuf_get_temp_buffer): New.
+
+Tue Oct 13 12:40:48 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * iobuf.h (iobuf_get): Now uses .nofast
+ (iobuf_get2): Removed.
+
+Mon Sep 14 09:17:22 1998 Werner Koch (wk@(none))
+
+ * util.h (HAVE_ATEXIT): New.
+ (HAVE_RAISE): New.
+
+Mon Jul 6 10:41:55 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.h (PUBKEY_USAGE_): New.
+
+Mon Jul 6 09:49:51 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * iobuf.h (iobuf_set_error): New.
+ (iobuf_error): New.
+
+Sat Jun 13 17:31:32 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10lib.h: New as interface for the g10lib.
+
+Mon Jun 8 22:14:48 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.h (CIPHER_ALGO_CAST5): Changed name from .. CAST
+
+Thu May 21 13:25:51 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.h: removed ROT 5 and changed one id and add dummy
+
+Tue May 19 18:09:05 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.h (DIGEST_ALGO_TIGER): Chnaged id from 101 to 6.
+
+Mon May 4 16:37:17 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.h (PUBKEY_ALGO_ELGAMAL_E): New, with value of the
+ old one.
+ * (is_ELGAMAL, is_RSA): New macros
+
+Sun Apr 26 14:35:24 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * types.h: New type u64
+
+Mon Mar 9 12:59:55 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.h: Included dsa.h.
+
+Tue Mar 3 15:11:21 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.h (random.h): Add new header and move all relevalt
+ functions to this header.
+
+
+ Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/include/Makefile.am b/include/Makefile.am
new file mode 100644
index 0000000..4d733ba
--- /dev/null
+++ b/include/Makefile.am
@@ -0,0 +1 @@
+EXTRA_DIST = cipher.h types.h host2net.h _regex.h ChangeLog-2011
diff --git a/include/Makefile.in b/include/Makefile.in
new file mode 100644
index 0000000..a585bbd
--- /dev/null
+++ b/include/Makefile.in
@@ -0,0 +1,445 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = include
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+EXTRA_DIST = cipher.h types.h host2net.h _regex.h ChangeLog-2011
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu include/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic distclean \
+ distclean-generic distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic pdf pdf-am ps ps-am uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/include/_regex.h b/include/_regex.h
new file mode 100644
index 0000000..ddd0024
--- /dev/null
+++ b/include/_regex.h
@@ -0,0 +1,574 @@
+/* Definitions for data structures and routines for the regular
+ expression library.
+ Copyright (C) 1985,1989-93,1995-98,2000,2001,2002
+ Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301, USA. */
+
+#ifndef _REGEX_H
+#define _REGEX_H 1
+
+/* Allow the use in C++ code. */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* POSIX says that <sys/types.h> must be included (by the caller) before
+ <regex.h>. */
+
+#if !defined _POSIX_C_SOURCE && !defined _POSIX_SOURCE && defined VMS
+/* VMS doesn't have `size_t' in <sys/types.h>, even though POSIX says it
+ should be there. */
+# include <stddef.h>
+#endif
+
+/* The following two types have to be signed and unsigned integer type
+ wide enough to hold a value of a pointer. For most ANSI compilers
+ ptrdiff_t and size_t should be likely OK. Still size of these two
+ types is 2 for Microsoft C. Ugh... */
+typedef long int s_reg_t;
+typedef unsigned long int active_reg_t;
+
+/* The following bits are used to determine the regexp syntax we
+ recognize. The set/not-set meanings are chosen so that Emacs syntax
+ remains the value 0. The bits are given in alphabetical order, and
+ the definitions shifted by one from the previous bit; thus, when we
+ add or remove a bit, only one other definition need change. */
+typedef unsigned long int reg_syntax_t;
+
+/* If this bit is not set, then \ inside a bracket expression is literal.
+ If set, then such a \ quotes the following character. */
+#define RE_BACKSLASH_ESCAPE_IN_LISTS ((unsigned long int) 1)
+
+/* If this bit is not set, then + and ? are operators, and \+ and \? are
+ literals.
+ If set, then \+ and \? are operators and + and ? are literals. */
+#define RE_BK_PLUS_QM (RE_BACKSLASH_ESCAPE_IN_LISTS << 1)
+
+/* If this bit is set, then character classes are supported. They are:
+ [:alpha:], [:upper:], [:lower:], [:digit:], [:alnum:], [:xdigit:],
+ [:space:], [:print:], [:punct:], [:graph:], and [:cntrl:].
+ If not set, then character classes are not supported. */
+#define RE_CHAR_CLASSES (RE_BK_PLUS_QM << 1)
+
+/* If this bit is set, then ^ and $ are always anchors (outside bracket
+ expressions, of course).
+ If this bit is not set, then it depends:
+ ^ is an anchor if it is at the beginning of a regular
+ expression or after an open-group or an alternation operator;
+ $ is an anchor if it is at the end of a regular expression, or
+ before a close-group or an alternation operator.
+
+ This bit could be (re)combined with RE_CONTEXT_INDEP_OPS, because
+ POSIX draft 11.2 says that * etc. in leading positions is undefined.
+ We already implemented a previous draft which made those constructs
+ invalid, though, so we haven't changed the code back. */
+#define RE_CONTEXT_INDEP_ANCHORS (RE_CHAR_CLASSES << 1)
+
+/* If this bit is set, then special characters are always special
+ regardless of where they are in the pattern.
+ If this bit is not set, then special characters are special only in
+ some contexts; otherwise they are ordinary. Specifically,
+ * + ? and intervals are only special when not after the beginning,
+ open-group, or alternation operator. */
+#define RE_CONTEXT_INDEP_OPS (RE_CONTEXT_INDEP_ANCHORS << 1)
+
+/* If this bit is set, then *, +, ?, and { cannot be first in an re or
+ immediately after an alternation or begin-group operator. */
+#define RE_CONTEXT_INVALID_OPS (RE_CONTEXT_INDEP_OPS << 1)
+
+/* If this bit is set, then . matches newline.
+ If not set, then it doesn't. */
+#define RE_DOT_NEWLINE (RE_CONTEXT_INVALID_OPS << 1)
+
+/* If this bit is set, then . doesn't match NUL.
+ If not set, then it does. */
+#define RE_DOT_NOT_NULL (RE_DOT_NEWLINE << 1)
+
+/* If this bit is set, nonmatching lists [^...] do not match newline.
+ If not set, they do. */
+#define RE_HAT_LISTS_NOT_NEWLINE (RE_DOT_NOT_NULL << 1)
+
+/* If this bit is set, either \{...\} or {...} defines an
+ interval, depending on RE_NO_BK_BRACES.
+ If not set, \{, \}, {, and } are literals. */
+#define RE_INTERVALS (RE_HAT_LISTS_NOT_NEWLINE << 1)
+
+/* If this bit is set, +, ? and | aren't recognized as operators.
+ If not set, they are. */
+#define RE_LIMITED_OPS (RE_INTERVALS << 1)
+
+/* If this bit is set, newline is an alternation operator.
+ If not set, newline is literal. */
+#define RE_NEWLINE_ALT (RE_LIMITED_OPS << 1)
+
+/* If this bit is set, then `{...}' defines an interval, and \{ and \}
+ are literals.
+ If not set, then `\{...\}' defines an interval. */
+#define RE_NO_BK_BRACES (RE_NEWLINE_ALT << 1)
+
+/* If this bit is set, (...) defines a group, and \( and \) are literals.
+ If not set, \(...\) defines a group, and ( and ) are literals. */
+#define RE_NO_BK_PARENS (RE_NO_BK_BRACES << 1)
+
+/* If this bit is set, then \<digit> matches <digit>.
+ If not set, then \<digit> is a back-reference. */
+#define RE_NO_BK_REFS (RE_NO_BK_PARENS << 1)
+
+/* If this bit is set, then | is an alternation operator, and \| is literal.
+ If not set, then \| is an alternation operator, and | is literal. */
+#define RE_NO_BK_VBAR (RE_NO_BK_REFS << 1)
+
+/* If this bit is set, then an ending range point collating higher
+ than the starting range point, as in [z-a], is invalid.
+ If not set, then when ending range point collates higher than the
+ starting range point, the range is ignored. */
+#define RE_NO_EMPTY_RANGES (RE_NO_BK_VBAR << 1)
+
+/* If this bit is set, then an unmatched ) is ordinary.
+ If not set, then an unmatched ) is invalid. */
+#define RE_UNMATCHED_RIGHT_PAREN_ORD (RE_NO_EMPTY_RANGES << 1)
+
+/* If this bit is set, succeed as soon as we match the whole pattern,
+ without further backtracking. */
+#define RE_NO_POSIX_BACKTRACKING (RE_UNMATCHED_RIGHT_PAREN_ORD << 1)
+
+/* If this bit is set, do not process the GNU regex operators.
+ If not set, then the GNU regex operators are recognized. */
+#define RE_NO_GNU_OPS (RE_NO_POSIX_BACKTRACKING << 1)
+
+/* If this bit is set, turn on internal regex debugging.
+ If not set, and debugging was on, turn it off.
+ This only works if regex.c is compiled -DDEBUG.
+ We define this bit always, so that all that's needed to turn on
+ debugging is to recompile regex.c; the calling code can always have
+ this bit set, and it won't affect anything in the normal case. */
+#define RE_DEBUG (RE_NO_GNU_OPS << 1)
+
+/* If this bit is set, a syntactically invalid interval is treated as
+ a string of ordinary characters. For example, the ERE 'a{1' is
+ treated as 'a\{1'. */
+#define RE_INVALID_INTERVAL_ORD (RE_DEBUG << 1)
+
+/* If this bit is set, then ignore case when matching.
+ If not set, then case is significant. */
+#define RE_ICASE (RE_INVALID_INTERVAL_ORD << 1)
+
+/* This global variable defines the particular regexp syntax to use (for
+ some interfaces). When a regexp is compiled, the syntax used is
+ stored in the pattern buffer, so changing this does not affect
+ already-compiled regexps. */
+extern reg_syntax_t re_syntax_options;
+
+/* Define combinations of the above bits for the standard possibilities.
+ (The [[[ comments delimit what gets put into the Texinfo file, so
+ don't delete them!) */
+/* [[[begin syntaxes]]] */
+#define RE_SYNTAX_EMACS 0
+
+#define RE_SYNTAX_AWK \
+ (RE_BACKSLASH_ESCAPE_IN_LISTS | RE_DOT_NOT_NULL \
+ | RE_NO_BK_PARENS | RE_NO_BK_REFS \
+ | RE_NO_BK_VBAR | RE_NO_EMPTY_RANGES \
+ | RE_DOT_NEWLINE | RE_CONTEXT_INDEP_ANCHORS \
+ | RE_UNMATCHED_RIGHT_PAREN_ORD | RE_NO_GNU_OPS)
+
+#define RE_SYNTAX_GNU_AWK \
+ ((RE_SYNTAX_POSIX_EXTENDED | RE_BACKSLASH_ESCAPE_IN_LISTS | RE_DEBUG) \
+ & ~(RE_DOT_NOT_NULL | RE_INTERVALS | RE_CONTEXT_INDEP_OPS \
+ | RE_CONTEXT_INVALID_OPS ))
+
+#define RE_SYNTAX_POSIX_AWK \
+ (RE_SYNTAX_POSIX_EXTENDED | RE_BACKSLASH_ESCAPE_IN_LISTS \
+ | RE_INTERVALS | RE_NO_GNU_OPS)
+
+#define RE_SYNTAX_GREP \
+ (RE_BK_PLUS_QM | RE_CHAR_CLASSES \
+ | RE_HAT_LISTS_NOT_NEWLINE | RE_INTERVALS \
+ | RE_NEWLINE_ALT)
+
+#define RE_SYNTAX_EGREP \
+ (RE_CHAR_CLASSES | RE_CONTEXT_INDEP_ANCHORS \
+ | RE_CONTEXT_INDEP_OPS | RE_HAT_LISTS_NOT_NEWLINE \
+ | RE_NEWLINE_ALT | RE_NO_BK_PARENS \
+ | RE_NO_BK_VBAR)
+
+#define RE_SYNTAX_POSIX_EGREP \
+ (RE_SYNTAX_EGREP | RE_INTERVALS | RE_NO_BK_BRACES \
+ | RE_INVALID_INTERVAL_ORD)
+
+/* P1003.2/D11.2, section 4.20.7.1, lines 5078ff. */
+#define RE_SYNTAX_ED RE_SYNTAX_POSIX_BASIC
+
+#define RE_SYNTAX_SED RE_SYNTAX_POSIX_BASIC
+
+/* Syntax bits common to both basic and extended POSIX regex syntax. */
+#define _RE_SYNTAX_POSIX_COMMON \
+ (RE_CHAR_CLASSES | RE_DOT_NEWLINE | RE_DOT_NOT_NULL \
+ | RE_INTERVALS | RE_NO_EMPTY_RANGES)
+
+#define RE_SYNTAX_POSIX_BASIC \
+ (_RE_SYNTAX_POSIX_COMMON | RE_BK_PLUS_QM)
+
+/* Differs from ..._POSIX_BASIC only in that RE_BK_PLUS_QM becomes
+ RE_LIMITED_OPS, i.e., \? \+ \| are not recognized. Actually, this
+ isn't minimal, since other operators, such as \`, aren't disabled. */
+#define RE_SYNTAX_POSIX_MINIMAL_BASIC \
+ (_RE_SYNTAX_POSIX_COMMON | RE_LIMITED_OPS)
+
+#define RE_SYNTAX_POSIX_EXTENDED \
+ (_RE_SYNTAX_POSIX_COMMON | RE_CONTEXT_INDEP_ANCHORS \
+ | RE_CONTEXT_INDEP_OPS | RE_NO_BK_BRACES \
+ | RE_NO_BK_PARENS | RE_NO_BK_VBAR \
+ | RE_CONTEXT_INVALID_OPS | RE_UNMATCHED_RIGHT_PAREN_ORD)
+
+/* Differs from ..._POSIX_EXTENDED in that RE_CONTEXT_INDEP_OPS is
+ removed and RE_NO_BK_REFS is added. */
+#define RE_SYNTAX_POSIX_MINIMAL_EXTENDED \
+ (_RE_SYNTAX_POSIX_COMMON | RE_CONTEXT_INDEP_ANCHORS \
+ | RE_CONTEXT_INVALID_OPS | RE_NO_BK_BRACES \
+ | RE_NO_BK_PARENS | RE_NO_BK_REFS \
+ | RE_NO_BK_VBAR | RE_UNMATCHED_RIGHT_PAREN_ORD)
+/* [[[end syntaxes]]] */
+
+/* Maximum number of duplicates an interval can allow. Some systems
+ (erroneously) define this in other header files, but we want our
+ value, so remove any previous define. */
+#ifdef RE_DUP_MAX
+# undef RE_DUP_MAX
+#endif
+/* If sizeof(int) == 2, then ((1 << 15) - 1) overflows. */
+#define RE_DUP_MAX (0x7fff)
+
+
+/* POSIX `cflags' bits (i.e., information for `regcomp'). */
+
+/* If this bit is set, then use extended regular expression syntax.
+ If not set, then use basic regular expression syntax. */
+#define REG_EXTENDED 1
+
+/* If this bit is set, then ignore case when matching.
+ If not set, then case is significant. */
+#define REG_ICASE (REG_EXTENDED << 1)
+
+/* If this bit is set, then anchors do not match at newline
+ characters in the string.
+ If not set, then anchors do match at newlines. */
+#define REG_NEWLINE (REG_ICASE << 1)
+
+/* If this bit is set, then report only success or fail in regexec.
+ If not set, then returns differ between not matching and errors. */
+#define REG_NOSUB (REG_NEWLINE << 1)
+
+
+/* POSIX `eflags' bits (i.e., information for regexec). */
+
+/* If this bit is set, then the beginning-of-line operator doesn't match
+ the beginning of the string (presumably because it's not the
+ beginning of a line).
+ If not set, then the beginning-of-line operator does match the
+ beginning of the string. */
+#define REG_NOTBOL 1
+
+/* Like REG_NOTBOL, except for the end-of-line. */
+#define REG_NOTEOL (1 << 1)
+
+
+/* If any error codes are removed, changed, or added, update the
+ `re_error_msg' table in regex.c. */
+typedef enum
+{
+#ifdef _XOPEN_SOURCE
+ REG_ENOSYS = -1, /* This will never happen for this implementation. */
+#endif
+
+ REG_NOERROR = 0, /* Success. */
+ REG_NOMATCH, /* Didn't find a match (for regexec). */
+
+ /* POSIX regcomp return error codes. (In the order listed in the
+ standard.) */
+ REG_BADPAT, /* Invalid pattern. */
+ REG_ECOLLATE, /* Not implemented. */
+ REG_ECTYPE, /* Invalid character class name. */
+ REG_EESCAPE, /* Trailing backslash. */
+ REG_ESUBREG, /* Invalid back reference. */
+ REG_EBRACK, /* Unmatched left bracket. */
+ REG_EPAREN, /* Parenthesis imbalance. */
+ REG_EBRACE, /* Unmatched \{. */
+ REG_BADBR, /* Invalid contents of \{\}. */
+ REG_ERANGE, /* Invalid range end. */
+ REG_ESPACE, /* Ran out of memory. */
+ REG_BADRPT, /* No preceding re for repetition op. */
+
+ /* Error codes we've added. */
+ REG_EEND, /* Premature end. */
+ REG_ESIZE, /* Compiled pattern bigger than 2^16 bytes. */
+ REG_ERPAREN /* Unmatched ) or \); not returned from regcomp. */
+} reg_errcode_t;
+
+/* This data structure represents a compiled pattern. Before calling
+ the pattern compiler, the fields `buffer', `allocated', `fastmap',
+ `translate', and `no_sub' can be set. After the pattern has been
+ compiled, the `re_nsub' field is available. All other fields are
+ private to the regex routines. */
+
+#ifndef RE_TRANSLATE_TYPE
+# define RE_TRANSLATE_TYPE char *
+#endif
+
+struct re_pattern_buffer
+{
+/* [[[begin pattern_buffer]]] */
+ /* Space that holds the compiled pattern. It is declared as
+ `unsigned char *' because its elements are
+ sometimes used as array indexes. */
+ unsigned char *buffer;
+
+ /* Number of bytes to which `buffer' points. */
+ unsigned long int allocated;
+
+ /* Number of bytes actually used in `buffer'. */
+ unsigned long int used;
+
+ /* Syntax setting with which the pattern was compiled. */
+ reg_syntax_t syntax;
+
+ /* Pointer to a fastmap, if any, otherwise zero. re_search uses
+ the fastmap, if there is one, to skip over impossible
+ starting points for matches. */
+ char *fastmap;
+
+ /* Either a translate table to apply to all characters before
+ comparing them, or zero for no translation. The translation
+ is applied to a pattern when it is compiled and to a string
+ when it is matched. */
+ RE_TRANSLATE_TYPE translate;
+
+ /* Number of subexpressions found by the compiler. */
+ size_t re_nsub;
+
+ /* Zero if this pattern cannot match the empty string, one else.
+ Well, in truth it's used only in `re_search_2', to see
+ whether or not we should use the fastmap, so we don't set
+ this absolutely perfectly; see `re_compile_fastmap' (the
+ `duplicate' case). */
+ unsigned can_be_null : 1;
+
+ /* If REGS_UNALLOCATED, allocate space in the `regs' structure
+ for `max (RE_NREGS, re_nsub + 1)' groups.
+ If REGS_REALLOCATE, reallocate space if necessary.
+ If REGS_FIXED, use what's there. */
+#define REGS_UNALLOCATED 0
+#define REGS_REALLOCATE 1
+#define REGS_FIXED 2
+ unsigned regs_allocated : 2;
+
+ /* Set to zero when `regex_compile' compiles a pattern; set to one
+ by `re_compile_fastmap' if it updates the fastmap. */
+ unsigned fastmap_accurate : 1;
+
+ /* If set, `re_match_2' does not return information about
+ subexpressions. */
+ unsigned no_sub : 1;
+
+ /* If set, a beginning-of-line anchor doesn't match at the
+ beginning of the string. */
+ unsigned not_bol : 1;
+
+ /* Similarly for an end-of-line anchor. */
+ unsigned not_eol : 1;
+
+ /* If true, an anchor at a newline matches. */
+ unsigned newline_anchor : 1;
+
+/* [[[end pattern_buffer]]] */
+};
+
+typedef struct re_pattern_buffer regex_t;
+
+/* Type for byte offsets within the string. POSIX mandates this. */
+typedef int regoff_t;
+
+
+/* This is the structure we store register match data in. See
+ regex.texinfo for a full description of what registers match. */
+struct re_registers
+{
+ unsigned num_regs;
+ regoff_t *start;
+ regoff_t *end;
+};
+
+
+/* If `regs_allocated' is REGS_UNALLOCATED in the pattern buffer,
+ `re_match_2' returns information about at least this many registers
+ the first time a `regs' structure is passed. */
+#ifndef RE_NREGS
+# define RE_NREGS 30
+#endif
+
+
+/* POSIX specification for registers. Aside from the different names than
+ `re_registers', POSIX uses an array of structures, instead of a
+ structure of arrays. */
+typedef struct
+{
+ regoff_t rm_so; /* Byte offset from string's start to substring's start. */
+ regoff_t rm_eo; /* Byte offset from string's start to substring's end. */
+} regmatch_t;
+
+/* Declarations for routines. */
+
+/* To avoid duplicating every routine declaration -- once with a
+ prototype (if we are ANSI), and once without (if we aren't) -- we
+ use the following macro to declare argument types. This
+ unfortunately clutters up the declarations a bit, but I think it's
+ worth it. */
+
+#if __STDC__
+
+# define _RE_ARGS(args) args
+
+#else /* not __STDC__ */
+
+# define _RE_ARGS(args) ()
+
+#endif /* not __STDC__ */
+
+/* Sets the current default syntax to SYNTAX, and return the old syntax.
+ You can also simply assign to the `re_syntax_options' variable. */
+extern reg_syntax_t re_set_syntax _RE_ARGS ((reg_syntax_t syntax));
+
+/* Compile the regular expression PATTERN, with length LENGTH
+ and syntax given by the global `re_syntax_options', into the buffer
+ BUFFER. Return NULL if successful, and an error string if not. */
+extern const char *re_compile_pattern
+ _RE_ARGS ((const char *pattern, size_t length,
+ struct re_pattern_buffer *buffer));
+
+
+/* Compile a fastmap for the compiled pattern in BUFFER; used to
+ accelerate searches. Return 0 if successful and -2 if was an
+ internal error. */
+extern int re_compile_fastmap _RE_ARGS ((struct re_pattern_buffer *buffer));
+
+
+/* Search in the string STRING (with length LENGTH) for the pattern
+ compiled into BUFFER. Start searching at position START, for RANGE
+ characters. Return the starting position of the match, -1 for no
+ match, or -2 for an internal error. Also return register
+ information in REGS (if REGS and BUFFER->no_sub are nonzero). */
+extern int re_search
+ _RE_ARGS ((struct re_pattern_buffer *buffer, const char *string,
+ int length, int start, int range, struct re_registers *regs));
+
+
+/* Like `re_search', but search in the concatenation of STRING1 and
+ STRING2. Also, stop searching at index START + STOP. */
+extern int re_search_2
+ _RE_ARGS ((struct re_pattern_buffer *buffer, const char *string1,
+ int length1, const char *string2, int length2,
+ int start, int range, struct re_registers *regs, int stop));
+
+
+/* Like `re_search', but return how many characters in STRING the regexp
+ in BUFFER matched, starting at position START. */
+extern int re_match
+ _RE_ARGS ((struct re_pattern_buffer *buffer, const char *string,
+ int length, int start, struct re_registers *regs));
+
+
+/* Relates to `re_match' as `re_search_2' relates to `re_search'. */
+extern int re_match_2
+ _RE_ARGS ((struct re_pattern_buffer *buffer, const char *string1,
+ int length1, const char *string2, int length2,
+ int start, struct re_registers *regs, int stop));
+
+
+/* Set REGS to hold NUM_REGS registers, storing them in STARTS and
+ ENDS. Subsequent matches using BUFFER and REGS will use this memory
+ for recording register information. STARTS and ENDS must be
+ allocated with malloc, and must each be at least `NUM_REGS * sizeof
+ (regoff_t)' bytes long.
+
+ If NUM_REGS == 0, then subsequent matches should allocate their own
+ register data.
+
+ Unless this function is called, the first search or match using
+ PATTERN_BUFFER will allocate its own register data, without
+ freeing the old data. */
+extern void re_set_registers
+ _RE_ARGS ((struct re_pattern_buffer *buffer, struct re_registers *regs,
+ unsigned num_regs, regoff_t *starts, regoff_t *ends));
+
+#if defined _REGEX_RE_COMP || defined _LIBC
+# ifndef _CRAY
+/* 4.2 bsd compatibility. */
+extern char *re_comp _RE_ARGS ((const char *));
+extern int re_exec _RE_ARGS ((const char *));
+# endif
+#endif
+
+/* GCC 2.95 and later have "__restrict"; C99 compilers have
+ "restrict", and "configure" may have defined "restrict". */
+#ifndef __restrict
+# if ! (2 < __GNUC__ || (2 == __GNUC__ && 95 <= __GNUC_MINOR__))
+# if defined restrict || 199901L <= __STDC_VERSION__
+# define __restrict restrict
+# else
+# define __restrict
+# endif
+# endif
+#endif
+/* gcc 3.1 and up support the [restrict] syntax. */
+#ifndef __restrict_arr
+# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)
+# define __restrict_arr __restrict
+# else
+# define __restrict_arr
+# endif
+#endif
+
+/* POSIX compatibility. */
+extern int regcomp _RE_ARGS ((regex_t *__restrict __preg,
+ const char *__restrict __pattern,
+ int __cflags));
+
+extern int regexec _RE_ARGS ((const regex_t *__restrict __preg,
+ const char *__restrict __string, size_t __nmatch,
+ regmatch_t __pmatch[__restrict_arr],
+ int __eflags));
+
+extern size_t regerror _RE_ARGS ((int __errcode, const regex_t *__preg,
+ char *__errbuf, size_t __errbuf_size));
+
+extern void regfree _RE_ARGS ((regex_t *__preg));
+
+
+#ifdef __cplusplus
+}
+#endif /* C++ */
+
+#endif /* regex.h */
+
+/*
+Local variables:
+make-backup-files: t
+version-control: t
+trim-versions-without-asking: nil
+End:
+*/
diff --git a/include/cipher.h b/include/cipher.h
new file mode 100644
index 0000000..f5caa8d
--- /dev/null
+++ b/include/cipher.h
@@ -0,0 +1,110 @@
+/* cipher.h - Definitions for OpenPGP
+ * Copyright (C) 1998, 1999, 2000, 2001, 2006,
+ * 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef G10_CIPHER_H
+#define G10_CIPHER_H
+
+#include <gcrypt.h>
+
+/* Macros for compatibility with older libgcrypt versions. */
+#ifndef GCRY_PK_USAGE_CERT
+# define GCRY_PK_USAGE_CERT 4
+# define GCRY_PK_USAGE_AUTH 8
+# define GCRY_PK_USAGE_UNKN 128
+#endif
+
+
+/* Constants for OpenPGP. */
+
+#define CIPHER_ALGO_NONE /* 0 */ GCRY_CIPHER_NONE
+#define CIPHER_ALGO_IDEA /* 1 */ GCRY_CIPHER_IDEA
+#define CIPHER_ALGO_3DES /* 2 */ GCRY_CIPHER_3DES
+#define CIPHER_ALGO_CAST5 /* 3 */ GCRY_CIPHER_CAST5
+#define CIPHER_ALGO_BLOWFISH /* 4 */ GCRY_CIPHER_BLOWFISH /* 128 bit */
+/* 5 & 6 are reserved */
+#define CIPHER_ALGO_AES /* 7 */ GCRY_CIPHER_AES
+#define CIPHER_ALGO_AES192 /* 8 */ GCRY_CIPHER_AES192
+#define CIPHER_ALGO_AES256 /* 9 */ GCRY_CIPHER_AES256
+#define CIPHER_ALGO_RIJNDAEL CIPHER_ALGO_AES
+#define CIPHER_ALGO_RIJNDAEL192 CIPHER_ALGO_AES192
+#define CIPHER_ALGO_RIJNDAEL256 CIPHER_ALGO_AES256
+#define CIPHER_ALGO_TWOFISH /* 10 */ GCRY_CIPHER_TWOFISH /* 256 bit */
+/* Note: Camellia ids don't match those used by libgcrypt. */
+#define CIPHER_ALGO_CAMELLIA128 11
+#define CIPHER_ALGO_CAMELLIA192 12
+#define CIPHER_ALGO_CAMELLIA256 13
+#define CIPHER_ALGO_DUMMY 110 /* No encryption at all. */
+
+#define PUBKEY_ALGO_RSA /* 1 */ GCRY_PK_RSA
+#define PUBKEY_ALGO_RSA_E /* 2 */ GCRY_PK_RSA_E /* RSA encrypt only. */
+#define PUBKEY_ALGO_RSA_S /* 3 */ GCRY_PK_RSA_S /* RSA sign only. */
+#define PUBKEY_ALGO_ELGAMAL_E /* 16 */ GCRY_PK_ELG_E /* Elgamal encr only */
+#define PUBKEY_ALGO_DSA /* 17 */ GCRY_PK_DSA
+#define PUBKEY_ALGO_ECDH 18
+#define PUBKEY_ALGO_ECDSA 19
+#define PUBKEY_ALGO_ELGAMAL /* 20 */ GCRY_PK_ELG /* Elgamal encr+sign */
+
+#define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */
+#define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */
+#define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys. */
+#define PUBKEY_USAGE_AUTH GCRY_PK_USAGE_AUTH /* Good for authentication. */
+#define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN /* Unknown usage flag. */
+
+#define DIGEST_ALGO_MD5 /* 1 */ GCRY_MD_MD5
+#define DIGEST_ALGO_SHA1 /* 2 */ GCRY_MD_SHA1
+#define DIGEST_ALGO_RMD160 /* 3 */ GCRY_MD_RMD160
+/* 4, 5, 6, and 7 are reserved */
+#define DIGEST_ALGO_SHA256 /* 8 */ GCRY_MD_SHA256
+#define DIGEST_ALGO_SHA384 /* 9 */ GCRY_MD_SHA384
+#define DIGEST_ALGO_SHA512 /* 10 */ GCRY_MD_SHA512
+/* SHA224 is only available in libgcrypt 1.4.0; thus we
+ can't use the GCRY macro here. */
+#define DIGEST_ALGO_SHA224 /* 11 */ 11 /* GCRY_MD_SHA224 */
+
+#define COMPRESS_ALGO_NONE 0
+#define COMPRESS_ALGO_ZIP 1
+#define COMPRESS_ALGO_ZLIB 2
+#define COMPRESS_ALGO_BZIP2 3
+
+#define is_RSA(a) ((a)==PUBKEY_ALGO_RSA || (a)==PUBKEY_ALGO_RSA_E \
+ || (a)==PUBKEY_ALGO_RSA_S )
+#define is_ELGAMAL(a) ((a)==PUBKEY_ALGO_ELGAMAL_E)
+#define is_DSA(a) ((a)==PUBKEY_ALGO_DSA)
+
+/* The data encryption key object. */
+typedef struct
+{
+ int algo;
+ int keylen;
+ int algo_info_printed;
+ int use_mdc;
+ int symmetric;
+ byte key[32]; /* This is the largest used keylen (256 bit). */
+ char s2k_cacheid[1+16+1];
+} DEK;
+
+
+
+/* Constants to allocate static MPI arrays. */
+#define PUBKEY_MAX_NPKEY 4
+#define PUBKEY_MAX_NSKEY 6
+#define PUBKEY_MAX_NSIG 2
+#define PUBKEY_MAX_NENC 2
+
+#endif /*G10_CIPHER_H*/
diff --git a/include/host2net.h b/include/host2net.h
new file mode 100644
index 0000000..50f4815
--- /dev/null
+++ b/include/host2net.h
@@ -0,0 +1,42 @@
+/* host2net.h - Some macros
+ * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef G10_HOST2NET_H
+#define G10_HOST2NET_H
+
+#include "types.h"
+
+#define buftoulong( p ) ((*(byte*)(p) << 24) | (*((byte*)(p)+1)<< 16) | \
+ (*((byte*)(p)+2) << 8) | (*((byte*)(p)+3)))
+#define buftoushort( p ) ((*((byte*)(p)) << 8) | (*((byte*)(p)+1)))
+#define ulongtobuf( p, a ) do { \
+ ((byte*)p)[0] = a >> 24; \
+ ((byte*)p)[1] = a >> 16; \
+ ((byte*)p)[2] = a >> 8; \
+ ((byte*)p)[3] = a ; \
+ } while(0)
+#define ushorttobuf( p, a ) do { \
+ ((byte*)p)[0] = a >> 8; \
+ ((byte*)p)[1] = a ; \
+ } while(0)
+#define buftou32( p) buftoulong( (p) )
+#define u32tobuf( p, a) ulongtobuf( (p), (a) )
+
+
+#endif /*G10_HOST2NET_H*/
diff --git a/include/types.h b/include/types.h
new file mode 100644
index 0000000..8a861bc
--- /dev/null
+++ b/include/types.h
@@ -0,0 +1,134 @@
+/* types.h - some common typedefs
+ * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef G10_TYPES_H
+#define G10_TYPES_H
+
+#ifdef HAVE_INTTYPES_H
+/* For uint64_t */
+#include <inttypes.h>
+#endif
+
+/* The AC_CHECK_SIZEOF() in configure fails for some machines.
+ * we provide some fallback values here */
+#if !SIZEOF_UNSIGNED_SHORT
+#undef SIZEOF_UNSIGNED_SHORT
+#define SIZEOF_UNSIGNED_SHORT 2
+#endif
+#if !SIZEOF_UNSIGNED_INT
+#undef SIZEOF_UNSIGNED_INT
+#define SIZEOF_UNSIGNED_INT 4
+#endif
+#if !SIZEOF_UNSIGNED_LONG
+#undef SIZEOF_UNSIGNED_LONG
+#define SIZEOF_UNSIGNED_LONG 4
+#endif
+
+
+#include <sys/types.h>
+
+
+#ifndef HAVE_BYTE_TYPEDEF
+#undef byte /* maybe there is a macro with this name */
+#ifndef __riscos__
+typedef unsigned char byte;
+#else
+/* Norcroft treats char = unsigned char as legal assignment
+ but char* = unsigned char* as illegal assignment
+ and the same applies to the signed variants as well */
+typedef char byte;
+#endif
+#define HAVE_BYTE_TYPEDEF
+#endif
+
+#ifndef HAVE_USHORT_TYPEDEF
+#undef ushort /* maybe there is a macro with this name */
+typedef unsigned short ushort;
+#define HAVE_USHORT_TYPEDEF
+#endif
+
+#ifndef HAVE_ULONG_TYPEDEF
+#undef ulong /* maybe there is a macro with this name */
+typedef unsigned long ulong;
+#define HAVE_ULONG_TYPEDEF
+#endif
+
+#ifndef HAVE_U16_TYPEDEF
+#undef u16 /* maybe there is a macro with this name */
+#if SIZEOF_UNSIGNED_INT == 2
+typedef unsigned int u16;
+#elif SIZEOF_UNSIGNED_SHORT == 2
+typedef unsigned short u16;
+#else
+#error no typedef for u16
+#endif
+#define HAVE_U16_TYPEDEF
+#endif
+
+#ifndef HAVE_U32_TYPEDEF
+#undef u32 /* maybe there is a macro with this name */
+#if SIZEOF_UNSIGNED_INT == 4
+typedef unsigned int u32;
+#elif SIZEOF_UNSIGNED_LONG == 4
+typedef unsigned long u32;
+#else
+#error no typedef for u32
+#endif
+#define HAVE_U32_TYPEDEF
+#endif
+
+/****************
+ * Warning: Some systems segfault when this u64 typedef and
+ * the dummy code in cipher/md.c is not available. Examples are
+ * Solaris and IRIX.
+ */
+#ifndef HAVE_U64_TYPEDEF
+#undef u64 /* maybe there is a macro with this name */
+#if SIZEOF_UINT64_T == 8
+typedef uint64_t u64;
+#define U64_C(c) (UINT64_C(c))
+#define HAVE_U64_TYPEDEF
+#elif SIZEOF_UNSIGNED_INT == 8
+typedef unsigned int u64;
+#define U64_C(c) (c ## U)
+#define HAVE_U64_TYPEDEF
+#elif SIZEOF_UNSIGNED_LONG == 8
+typedef unsigned long u64;
+#define U64_C(c) (c ## UL)
+#define HAVE_U64_TYPEDEF
+#elif SIZEOF_UNSIGNED_LONG_LONG == 8
+typedef unsigned long long u64;
+#define U64_C(c) (c ## ULL)
+#define HAVE_U64_TYPEDEF
+#endif
+#endif
+
+typedef union {
+ int a;
+ short b;
+ char c[1];
+ long d;
+#ifdef HAVE_U64_TYPEDEF
+ u64 e;
+#endif
+ float f;
+ double g;
+} PROPERLY_ALIGNED_TYPE;
+
+#endif /*G10_TYPES_H*/
diff --git a/jnlib/ChangeLog-2011 b/jnlib/ChangeLog-2011
new file mode 100644
index 0000000..c8306fc
--- /dev/null
+++ b/jnlib/ChangeLog-2011
@@ -0,0 +1,709 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2009-08-26 Werner Koch <wk@g10code.com>
+
+ * stringhelp.c (do_make_filename): Factor some code out to ..
+ (get_pwdir): .. new.
+
+2009-08-26 Werner Koch <wk@g10code.com>
+
+ * stringhelp.c [HAVE_PWD_H]: Include pwd.h.
+ (do_make_filename): New.
+ (make_filename, make_filename_try): Implement using the new
+ function.
+ * t-stringhelp.c (test_make_filename_try): New.
+ * t-support.c (gcry_strdup): Fix.
+
+ * stringhelp.h (make_filename, make_filename_try): Add sentinel
+ attribute.
+
+2009-08-25 Werner Koch <wk@g10code.com>
+
+ * stringhelp.c: Include errno.h.
+ (do_strconcat): New.
+ (strconcat, xstrconcat): New.
+ * types.h (GNUPG_GCC_A_SENTINEL): New.
+ * t-stringhelp.c (test_strconcat, test_xstrconcat): New.
+ (main): Run them.
+
+2009-07-07 Werner Koch <wk@g10code.com>
+
+ * stringhelp.c (make_filename_try): Use jnlib_malloc.
+
+ * dotlock.c (read_lockfile): Replace jnlib_xmalloc by jnlib_malloc.
+
+2009-06-04 Werner Koch <wk@g10code.com>
+
+ * mischelp.h: Include SUN_LEN etc also for W32.
+
+2009-05-19 Werner Koch <wk@g10code.com>
+
+ * mischelp.h: Define PF_LOCAL, AF_LOCAL and SUN_LEN if requested.
+ * logging.c (fun_writer): Use SUN_LEN to fix a Mac OS X freeze.
+
+2009-03-25 Werner Koch <wk@g10code.com>
+
+ * logging.c (fun_closer): Never close fd 2.
+ (set_file_fd): Close logstream early.
+
+2009-02-25 Werner Koch <wk@g10code.com>
+
+ * logging.c (get_tid_callback): New.
+ (do_logv): Use it.
+ (log_set_get_tid_callback): New.
+
+2009-01-22 Werner Koch <wk@g10code.com>
+
+ * t-support.c (gpg_err_code_from_errno)
+ (gpg_err_code_from_syserror): New.
+
+2008-11-20 Werner Koch <wk@g10code.com>
+
+ * argparse.c (arg_parse): Fix last change.
+
+2008-11-11 Werner Koch <wk@g10code.com>
+
+ * argparse.h: Add a bunch of macros and constants.
+ * argparse.c: Use the new macros. Re-indent the code. Change
+ license back to LGPL 2.1.
+
+2008-11-04 Werner Koch <wk@g10code.com>
+
+ * w32-gettext.c: Merged with code from libgpg-error and rewrote
+ most parts.
+
+ * Makefile.am (AM_CFLAGS): Add -DJNLIB_IN_JNLIB.
+
+2008-10-29 Werner Koch <wk@g10code.com>
+
+ * stringhelp.c (make_filename): Implement using macros. Factor some
+ code out to ..
+ (change_slashes): New.
+ (make_filename_try): New.
+
+ * w32-gettext.c (gettext): Return if no domain is loaded.
+ Reported by Tom Pegios.
+
+2008-10-28 Werner Koch <wk@g10code.com>
+
+ * w32-gettext.c (gettext): Try the binary search if the string was
+ not found in the hash table.
+
+2008-10-20 Werner Koch <wk@g10code.com>
+
+ * w32-afunix.c (_w32_sock_connect): Mark ADDRLEN as unused.
+
+ * dotlock.c (release_dotlock): Do not mix declaration and code.
+
+ * stringhelp.c (make_basename): Silent gcc warning about unused arg.
+ * argparse.c (store_alias): Ditto.
+ (find_long_option):
+
+2008-10-15 Werner Koch <wk@g10code.com>
+
+ * logging.c (do_logv) [W32]: Flush the log stream.
+
+2008-09-29 Werner Koch <wk@g10code.com>
+
+ * argparse.c (ARGERR_): Use constants for error values.
+ (optfile_parse): Prettify. Replace xmalloc and xrealloc by malloc
+ and realloc.
+ * libjnlib-config.h (jnlib_strdup, jnlib_realloc): New.
+
+2008-06-26 Werner Koch <wk@g10code.com>
+
+ * stringhelp.c (print_sanitized_buffer2): Loose check for control
+ characters to better cope with utf-8. The range 0x80..0x9f is
+ nowadays not anymore accidently used for control charaters.
+
+2008-06-13 Werner Koch <wk@g10code.com>
+
+ * dotlock.c: Reformat code and implement locking for W32.
+ (create_dotlock): Use snprintf.
+
+2008-06-11 Werner Koch <wk@g10code.com>
+
+ * utf8conv.c: Remove useless variable ACTIVE_CHARSET. Suggested
+ by Petr Uzel.
+
+2008-05-26 Werner Koch <wk@g10code.com>
+
+ * argparse.c (usage): Make sure to print a trailing LF for usage(1).
+
+2008-04-08 Werner Koch <wk@g10code.com>
+
+ * w32-gettext.c (gettext_select_utf8): New.
+ (get_string): Support switching encodings.
+ (load_domain): Allocate space for DATA_NATIVE.
+
+2008-03-25 Werner Koch <wk@g10code.com>
+
+ * w32-gettext.c (_nl_locale_name): New. Taken from
+ ../common/localename and GNU gettext's localename.c.
+ (set_gettext_file): Rewritten.
+ (gettext_localename): New.
+
+2008-03-17 Werner Koch <wk@g10code.com>
+
+ * logging.c (my_funopen_hook_size_t): New.
+ (fun_writer): Use it to cope with fopencookie/funopen differences.
+ * dotlock.c (read_lockfile): Initialize PID. Reported by Stéphane
+ Corthésy.
+
+2008-02-22 Werner Koch <wk@g10code.com>
+
+ * argparse.c (strusage): Set copyright year to 2008.
+
+2007-11-19 Werner Koch <wk@g10code.com>
+
+ * stringhelp.c (percent_escape): Factor code out to
+ (do_percent_escape): .. new.
+ (try_percent_escape): New.
+
+2007-10-01 Werner Koch <wk@g10code.com>
+
+ * w32-afunix.c: Only keep the client related code.
+ (read_port_and_nonce): New. Taken from Assuan.
+ (_w32_sock_connect): Rewritten.
+
+2007-08-29 Werner Koch <wk@g10code.com>
+
+ * argparse.c (initialize): Make strings translatable and remove
+ extra LF.
+
+2007-08-24 Werner Koch <wk@g10code.com>
+
+ * mischelp.c (same_file_p): New.
+ (libjnlib_dummy_mischelp_func): Remove as we now always have one
+ function.
+
+2007-08-09 Werner Koch <wk@g10code.com>
+
+ * argparse.c (show_help): Expand the @EMAIL@ macro in the package
+ bug reporting address.
+
+2007-08-02 Werner Koch <wk@g10code.com>
+
+ * t-stringhelp.c (test_compare_filenames): New.
+
+ * stringhelp.c (compare_filenames) [HAVE_DRIVE_LETTERS]: Fixed
+ comparison to take slash and backslash in account.
+ (make_filename): Avoid mixing / and \.
+
+2007-07-04 Werner Koch <wk@g10code.com>
+
+ * utf8conv.c (load_libiconv): Remove URL from translatble string.
+
+ Switched JNLIB from LGPLv2.1 to LGPLv3.
+
+2007-07-01 Werner Koch <wk@g10code.com>
+
+ * argparse.c (strusage): Use id 10 for the license string;
+ default to GPL3+. Change long note to version 3 or later.
+ (show_version): Print the license info.
+
+2007-06-19 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Add support for regression tests.
+ * t-support.h, t-support.c: New.
+ * t-stringhelp.c: New.
+
+ * stringhelp.c (percent_escape): Add arg EXTRA to make it a more
+ general function. Changed all callers.
+
+2007-06-18 Werner Koch <wk@g10code.com>
+
+ * w32-afunix.c (_w32_sock_bind): Changed to properly detect an
+ already used socket.
+
+2007-06-18 Marcus Brinkmann <marcus@g10code.de>
+
+ * stringhelp.h (percent_escape): New prototype.
+ * stringhelp.c (percent_escape): New function.
+
+2007-06-11 Werner Koch <wk@g10code.com>
+
+ * utf8conv.c (jnlib_iconv_open, jnlib_iconv, jnlib_iconv_close): New.
+
+2007-06-06 Werner Koch <wk@g10code.com>
+
+ * w32help.h: New.
+ * w32-gettext.c: New. Taken from gnupg 1.4, added ngettext,
+ changed to use jnlib malloc functions and put under the LGPL.
+ * w32-reg.c: New. Taken from../common/w32reg.c and changed to
+ LGPL. Changed API to use the jnlib malloc functions.
+ * Makefile.am (libjnlib_a_SOURCES) [!W32]: Do not build the w32
+ specific modules.
+
+ * dotlock.c: Include stringhelp.h for stpcpy prototype.
+
+2007-06-04 Werner Koch <wk@g10code.com>
+
+ * dynload.h: New. Taken from ../common and changed to LGPL.
+
+ * utf8conv.c (load_libiconv): New. Taken from GnuPG 1.4
+
+2007-05-30 Werner Koch <wk@g10code.com>
+
+ * w32-pth.h, w32-pth.c: Remove.
+
+2007-04-25 Werner Koch <wk@g10code.com>
+
+ * argparse.c (long_opt_strlen): Fixed for utf-8.
+
+2007-03-07 Werner Koch <wk@g10code.com>
+
+ * argparse.c (strusage): Set copyright year to 2007.
+
+2007-01-25 Werner Koch <wk@g10code.com>
+
+ * stringhelp.c (utf8_charcount): New.
+
+2006-11-29 Werner Koch <wk@g10code.com>
+
+ * utf8conv.c (set_native_charset) [HAVE_W32_SYSTEM]: Fixed typo in
+ macro name.
+
+2006-11-15 Werner Koch <wk@g10code.com>
+
+ * logging.c (my_funopen_hook_ret_t): New.
+ (fun_writer): Use it.
+
+2006-10-19 Werner Koch <wk@g10code.com>
+
+ * stringhelp.c (memrchr) [!HAVE_MEMRCHR]: Provide a replacement.
+
+2006-09-27 Werner Koch <wk@g10code.com>
+
+ * mischelp.c: New.
+ (timegm): Copied from gnupg 1.4, changed from GPL to LGPL. Fixed
+ a memory leak.
+
+ * stringhelp.h (isascii): New.
+
+ * stringhelp.c (strsep): New. Copied from gnupg 1.4.5
+ util/strgutil.c.
+
+ * strlist.h (STRLIST): Removed deprecated typedef.
+
+ * types.h: Made cpp commands work with old compilers. Also shows
+ up nicer with Emacs' font locking.
+
+ * w32-afunix.c (_w32_sock_connect): Set ERRNO for an invalid port.
+
+ Changed license from GPL to LGPL. Note that all code has either
+ been written by me, David, employees of g10 Code or taken from
+ glibc.
+
+ * libjnlib-config.h, stringhelp.c, stringhelp.h:
+ * strlist.c, strlist.h, utf8conv.c, utf8conv.h:
+ * argparse.c, argparse.h, logging.c, logging.h:
+ * dotlock.c, dotlock.h, types.h, mischelp.h:
+ * xmalloc.c, xmalloc.h, w32-pth.c, w32-pth.h:
+ * w32-afunix.c, w32-afunix.h: Tagged them to be long to jnlib
+ which is a part of GnuPG but also used by other projetcs.
+
+2006-09-22 Werner Koch <wk@g10code.com>
+
+ * utf8conv.c: Reworked to match the gnupg 1.4.5 code. This now
+ requires iconv support but this is reasonable for all modern
+ systems.
+
+2006-08-29 Werner Koch <wk@g10code.com>
+
+ * logging.c (do_logv): Emit a missing LF for fatal errors.
+
+2006-06-28 Werner Koch <wk@g10code.com>
+
+ * dotlock.c (make_dotlock, release_dotlock, read_lockfile)
+ (maybe_deadlock, destroy_dotlock, create_dotlock): Re-indented.
+ (create_dotlock): Repalces some log_fatal by log_error as it was
+ not intended that they should terminate. Write the nodename to
+ the locking file. Code cleanups.
+ (read_lockfile): Reworked to read the node name.
+ (make_dotlock): Test for identical node name and delete lock stale
+ file.
+ (release_dotlock): Likewise.
+
+2006-05-23 Werner Koch <wk@g10code.com>
+
+ * libjnlib-config.h (JNLIB_NEED_UTF8CONV): Fixed typo in name.
+
+ * dotlock.c (release_dotlock): Don't act if we don't have any
+ locks at all.
+ (destroy_dotlock): New. From 1.4.3.
+ (dotlock_remove_lockfiles): Make use of destroy function.
+
+2006-05-19 Werner Koch <wk@g10code.com>
+
+ * strlist.c (append_to_strlist2): Enabled.
+
+ * stringhelp.c (print_sanitized_buffer2): New. Changed the rules
+ to match the behaviour of print_string2 from gnupg 1.4.3.
+ (print_sanitized_buffer): Use the new function.
+ (print_sanitized_string2): New.
+ (hextobyte): New. Taken from gpg 1.4.3.
+
+2006-04-28 Werner Koch <wk@g10code.com>
+
+ * stringhelp.c (print_sanitized_buffer): Fix bug where the count
+ got wrong for the \xNN representation.
+ (sanitize_buffer): Fix bug where some control characters lose part
+ of their \xNN representation.
+
+2006-04-20 Werner Koch <wk@g10code.com>
+
+ * stringhelp.c (make_basename): New arg INPUTPATH for future
+ riscos compatibility.
+
+2006-04-18 Werner Koch <wk@g10code.com>
+
+ * libjnlib-config.h (JNLIB_NEED_UTF8CONF): Defined.
+ * strlist.c (add_to_strlist2) [JNLIB_NEED_UTF8CONV]: Enabled.
+
+2005-06-15 Werner Koch <wk@g10code.com>
+
+ * stringhelp.c (sanitize_buffer): Make P a void*.
+ (ascii_memistr, memistr): Ditto.
+ (ascii_memcasecmp): Ditto.
+ * logging.c (writen): Use void * for arg BUFFER.
+ * stringhelp.c (memistr): Fixed unsigned/signed pointer conflict.
+ (ascii_memistr): Ditto.
+ (ascii_memcasemem): Ditto.
+ * utf8conv.c (utf8_to_native): Ditto.
+ (utf8_to_native): Ditto.
+ * argparse.c (show_version): Removed non-required cast.
+
+2005-01-19 Werner Koch <wk@g10code.com>
+
+ * logging.c (fun_writer): Don't fallback to stderr. Print to
+ stderr only if connected to a tty.
+
+2004-12-20 Werner Koch <wk@g10code.com>
+
+ * w32-pth.c (do_pth_event_free): The events are hold in a ring
+ buffer. Adjust for that.
+ (do_pth_event_body): Ditto.
+ (pth_event_isolate): Ditto.
+ (do_pth_wait): Ditto.
+ (_pth_event_count): Renamed to ..
+ (event_count): .. and adjusted as above.
+ (pth_init): Define 3 debug levels and change all debug calls to
+ make use of them. This makes the moule now silent.
+
+2004-12-19 Werner Koch <wk@g10code.com>
+
+ * w32-pth.c (pth_init): Enable debugging depending on env var.
+ (pth_self): New.
+ (pth_mutex_release, pth_mutex_acquire): Implemented directly using
+ the W32 API.
+
+2004-12-18 Werner Koch <wk@g10code.com>
+
+ * w32-pth.c (pth_init): Reverse return values. Use TRUE and FALSE
+ constants.
+ (pth_kill, pth_mutex_acquire, pth_attr_set, pth_join, pth_cancel):
+ Ditto.
+
+2004-12-15 Werner Koch <wk@g10code.com>
+
+ * logging.c [W32]: Don't include unavailable headers.
+
+2004-12-14 Werner Koch <wk@g10code.com>
+
+ * w32-pth.c (_pth_strerror): Renamed to ...
+ (w32_strerror): .. this. And let callers provide a buffer.
+ (spawn_helper_thread): Removed HD arg and hardwire the stack size
+ to 32k.
+ (do_pth_wait): Removed use of ATTR; not needed for the helper
+ threads.
+ (helper_thread): Renamed to ..
+ (launch_thread): .. this. Release handle if not joinable.
+ (struct pth_priv_hd_s): Renamed to ...
+ (struct thread_info_s): .. this. Add member JOINABLE and TH.
+
+2004-12-14 Timo Schulz <twoaday@g10code.com>
+
+ * w32-pth.c (pth_kill): Just release the crit section if
+ pth_init was really called. And set all handles to NULL.
+ (_pth_strerror): New.
+ (do_pth_wait): Before we enter the loop we check if there
+ are too much events in the ring.
+
+2004-12-14 Werner Koch <wk@g10code.com>
+
+ * w32-pth.h (pth_event_occured): Removed macro.
+ * w32-pth.c: Fixed license statement; its under the LGPL.
+ (enter_pth, leave_pth): Use them to bracket almost all public
+ functions.
+
+2004-12-13 Timo Schulz <twoaday@g10code.com>
+
+ * w32-pth.c (enter_pth, leave_pth): New.
+ (pth_init): Initialize global mutex section.
+ (pth_kill): Release global mutex section.
+ (helper_thread): New.
+ (pth_spawn): Make sure only one thread is running.
+
+2004-12-13 Werner Koch <wk@g10code.com>
+
+ * stringhelp.c (w32_strerror) [W32]: New.
+
+ * w32-pth.c, w32-pth.h: Added real code written by Timo Schulz.
+ Not finished, though.
+
+2004-12-07 Werner Koch <wk@g10code.com>
+
+ * w32-pth.c, w32-pth.h: New.
+
+2004-11-26 Werner Koch <wk@g10code.com>
+
+ * logging.c [_WIN32]: Don't include socket headers.
+
+2004-11-30 Timo Schulz <ts@g10code.com>
+
+ * w32-afunix.c: New. AF_UNIX emulation for W32.
+ * w32-afunix.h: Likewise.
+
+2004-11-22 Werner Koch <wk@g10code.com>
+
+ * logging.c (log_test_fd): Add test on LOGSTREAM. Reported by
+ Barry Schwartz.
+
+2004-11-18 Werner Koch <wk@g10code.com>
+
+ * logging.c: Explicitly include sys/stat.h for the S_I* constants.
+
+2004-10-21 Werner Koch <wk@g10code.com>
+
+ * logging.c (do_logv): Use set_log_stream to setup a default.
+ (log_set_file): Factored code out to ..
+ (set_file_fd): .. New function to allow using a file descriptor.
+ (log_set_fd): Make use of new fucntion.
+ (fun_writer): Reworked.
+
+2004-08-18 Werner Koch <wk@g10code.de>
+
+ * stringhelp.c (print_sanitized_utf8_string): Actually implement
+ it.
+
+2004-06-21 Werner Koch <wk@g10code.com>
+
+ * logging.c (log_set_file): Do not close an old logstream if it
+ used to be stderr or stdout.
+
+2004-05-05 Werner Koch <wk@gnupg.org>
+
+ * logging.c (log_set_file): Oops, don't close if LOGSTREAM is NULL.
+
+2004-04-30 Werner Koch <wk@gnupg.org>
+
+ * logging.c (log_set_file): Make sure the log stream will be
+ closed even if the stderr fileno will be assigned to a new socket.
+
+2004-04-16 Werner Koch <wk@gnupg.org>
+
+ * logging.h (JNLIB_LOG_WITH_PREFIX): Add constants for the flag
+ values.
+ * logging.c (log_set_prefix): New flag DETACHED.
+ (fun_writer): Take care of this flag.
+ (log_test_fd): New.
+
+2004-02-18 Werner Koch <wk@gnupg.org>
+
+ * stringhelp.c (print_sanitized_buffer): Don't care about
+ non-ASCII characaters.
+ (sanitize_buffer): Ditto.
+
+2004-02-12 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am: Replaced INCLUDES by AM_CPPFLAGS.
+
+2004-01-05 Werner Koch <wk@gnupg.org>
+
+ * argparse.c (strusage): Changed default copyright year to 2004.
+
+2003-12-17 Werner Koch <wk@gnupg.org>
+
+ * argparse.c (initialize): Replaced use of non-literal format
+ args. Suggested by Florian Weimer.
+
+2003-12-16 Werner Koch <wk@gnupg.org>
+
+ * logging.c (writen, fun_writer, fun_closer): New.
+ (log_set_file): Add feature to log to a socket.
+ (log_set_file, do_logv): Force printing with prefix and pid.
+
+2003-11-13 Werner Koch <wk@gnupg.org>
+
+ * strlist.c (strlist_copy): New.
+
+ * dotlock.c: Define DIRSEP_C et al. if not defined.
+
+2003-11-06 Werner Koch <wk@gnupg.org>
+
+ * strlist.h (strlist_t): New. STRLIST is now deprecated.
+
+2003-06-18 Werner Koch <wk@gnupg.org>
+
+ * strlist.c (strlist_pop): New.
+
+ * dotlock.c (dotlock_remove_lockfiles): Prefixed with dotlock_ and
+ made global.
+
+2003-06-17 Werner Koch <wk@gnupg.org>
+
+ * stringhelp.c (length_sans_trailing_chars)
+ (length_sans_trailing_ws): New.
+
+ * logging.c (log_inc_errorcount): New.
+
+ * stringhelp.c (print_sanitized_utf8_buffer): Implement utf8
+ conversion.
+ (sanitize_buffer): New. Based on gnupg 1.3.2 make_printable_string.
+
+ * dotlock.c: Updated to match the version from 1.3.2
+ * utf8conv.c: New. Code taken from strgutil.c of gnupg 1.3.2.
+ * utf8conv.h: New.
+
+2003-06-16 Werner Koch <wk@gnupg.org>
+
+ * logging.c (do_logv): Hack to optionally suppress a leading space.
+
+ * stringhelp.c (ascii_strncasecmp): New. Taken from gnupg 1.3.
+ (ascii_memistr): New. Taken from gnupg 1.3
+
+2003-06-13 Werner Koch <wk@gnupg.org>
+
+ * mischelp.h (wipememory2,wipememory): New. Taken from GnuPG 1.3.2.
+
+2002-06-04 Werner Koch <wk@gnupg.org>
+
+ * stringhelp.c (print_sanitized_utf8_string): New. No real
+ implementation for now.
+ (print_sanitized_utf8_buffer): Ditto.
+
+2002-04-04 Werner Koch <wk@gnupg.org>
+
+ * logging.c (log_get_prefix): New.
+
+2002-03-15 Werner Koch <wk@gnupg.org>
+
+ * argparse.c (optfile_parse): Fixed missing argument handling.
+
+2002-02-25 Werner Koch <wk@gnupg.org>
+
+ * stringhelp.c (ascii_memcasemem): New.
+
+2002-02-14 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (INCLUDES): Add cflags for libgcrypt.
+
+2002-02-07 Werner Koch <wk@gnupg.org>
+
+ * logging.c (log_set_fd): New.
+
+ * stringhelp.c (print_sanitized_buffer): New.
+ (print_sanitized_string): New.
+
+2002-01-24 Werner Koch <wk@gnupg.org>
+
+ * argparse.c (strusage): Set default copyright notice year to 2002.
+
+ Fixed the copyright notice of this file, as it has always been
+ part of GnuPG and therefore belongs to the FSF.
+
+2001-11-01 Marcus Brinkmann <marcus@g10code.de>
+
+ * logging.c (log_printf): Do not initialize ARG_PTR with 0, we
+ don't know the correct type. Instead, run va_start and va_end
+ unconditionally.
+ Reported by Jose Carlos Garcia Sogo <jsogo@debian.org>.
+
+2002-01-19 Werner Koch <wk@gnupg.org>
+
+ * logging.c (log_get_stream): New.
+
+2001-12-05 Werner Koch <wk@gnupg.org>
+
+ * logging.c (log_set_prefix): New.
+ (do_logv): Include prefix and pid only if enabled. Print time only
+ when explicitly enabled.
+ (log_logv): New.
+ * logging.h: Include log_logv() only when requested.
+
+2001-11-06 Werner Koch <wk@gnupg.org>
+
+ * strlist.c, strlist.h: New. Taken from pgnupg/util/strgutil.c
+
+2001-08-30 Werner Koch <wk@gnupg.org>
+
+ * logging.c (log_printf): Don't pass NULL instead of arg_ptr.
+
+2001-07-19 Werner Koch <wk@gnupg.org>
+
+ * stringhelp.c (ascii_memistr,ascii_isupper,ascii_islower,
+ ascii_toupper,ascii_tolower, ascii_strcasecmp, ascii_memcasecmp): New.
+
+2000-07-26 10:02:51 Werner Koch (wk@habibti.openit.de)
+
+ * stringhelp.c.: Add stdarg.h
+ * argparse.h: s/ulong/unsigned long/ although this should be defined
+ by types.h.
+
+2000-06-28 19:40:23 Werner Koch (wk@habibti.openit.de)
+
+ * Makefile.am: Replaced second logging.c by .h
+
+2000-05-24 08:58:15 Werner Koch (wk@habibti.openit.de)
+
+ * logging.c (log_get_errorcount): New.
+
+2000-05-24 08:44:47 Werner Koch (wk@habibti.openit.de)
+
+ * stringhelp.c: Added a few filename related helper functions.
+
+2000-05-11 18:04:43 Werner Koch (wk@habibti.openit.de)
+
+ * xmalloc.c (xstrcat2): Replaced stpcpy to quickly address W32
+ problems.
+
+2000-05-02 19:43:38 Werner Koch (wk@habibti.openit.de)
+
+ * xmalloc.c (xstrcat2): New.
+
+Mon Jan 24 13:04:28 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * README: New.
+ * Makefile.am: new.
+ * argparse.c, argparse.h, logging.c, logging.h:
+ * mischelp.h, stringhelp.c, stringhelp.h, xmalloc.c:
+ * xmalloc.h, dotlock.c: Moved from ../util to here.
+ * dotlock.h: New.
+ * libjnlib-config.h: New.
+
+ * logging.c (log_set_file): New.
+ (log_printf): New.
+ (do_logv): Add kludge to insert LFs.
+
+
+ ***********************************************************
+ * Please note that JNLIB is maintained as part of GnuPG. *
+ * You may find it source-copied in other packages. *
+ ***********************************************************
+
+ Copyright 2000, 2001, 2002, 2003, 2004,
+ 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/jnlib/Makefile.am b/jnlib/Makefile.am
new file mode 100644
index 0000000..b3e7d7d
--- /dev/null
+++ b/jnlib/Makefile.am
@@ -0,0 +1,70 @@
+# Makefile for the JNLIB part of GnuPG
+# Copyright (C) 1999, 2000, 2001, 2004,
+# 2006 Feee Software Soundation, Inc.
+#
+# This file is part of JNLIB.
+#
+# JNLIB is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation; either version 3 of
+# the License, or (at your option) any later version.
+#
+# JNLIB is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+## Process this file with automake to produce Makefile.in
+
+EXTRA_DIST = README ChangeLog-2011
+noinst_PROGRAMS = $(module_tests)
+TESTS = $(module_tests)
+
+AM_CPPFLAGS = -I$(top_srcdir)/intl
+
+# We need libgcrypt because libjnlib-config includes gcrypt.h
+AM_CFLAGS = -DJNLIB_IN_JNLIB $(LIBGCRYPT_CFLAGS)
+
+noinst_LIBRARIES = libjnlib.a
+
+
+#libjnlib_a_LDFLAGS =
+libjnlib_a_SOURCES = \
+ libjnlib-config.h \
+ stringhelp.c stringhelp.h \
+ strlist.c strlist.h \
+ utf8conv.c utf8conv.h \
+ argparse.c argparse.h \
+ logging.c logging.h \
+ dotlock.c dotlock.h \
+ types.h mischelp.c mischelp.h dynload.h w32help.h
+
+if HAVE_W32_SYSTEM
+libjnlib_a_SOURCES += w32-reg.c w32-afunix.c w32-afunix.h w32-gettext.c
+endif
+
+
+# For GnuPG we don't need the xmalloc stuff.
+# xmalloc.c xmalloc.h
+
+
+#
+# Module tests.
+#
+# These tests should only be used at the canonical location of jnlib
+# which is the GnuPG package. The reason for this is that t-support.c
+# defines replacements for the actual used memory allocation functions
+# so that there is no dependency on libgcrypt.
+#
+module_tests = t-stringhelp
+
+t_jnlib_src = t-support.c t-support.h
+t_jnlib_ldadd = libjnlib.a $(LIBINTL) $(LIBICONV)
+
+t_stringhelp_SOURCES = t-stringhelp.c $(t_jnlib_src)
+t_stringhelp_LDADD = $(t_jnlib_ldadd)
+
diff --git a/jnlib/Makefile.in b/jnlib/Makefile.in
new file mode 100644
index 0000000..a2d9663
--- /dev/null
+++ b/jnlib/Makefile.in
@@ -0,0 +1,727 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Makefile for the JNLIB part of GnuPG
+# Copyright (C) 1999, 2000, 2001, 2004,
+# 2006 Feee Software Soundation, Inc.
+#
+# This file is part of JNLIB.
+#
+# JNLIB is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation; either version 3 of
+# the License, or (at your option) any later version.
+#
+# JNLIB is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+noinst_PROGRAMS = $(am__EXEEXT_1)
+TESTS = $(am__EXEEXT_1)
+@HAVE_W32_SYSTEM_TRUE@am__append_1 = w32-reg.c w32-afunix.c w32-afunix.h w32-gettext.c
+subdir = jnlib
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+LIBRARIES = $(noinst_LIBRARIES)
+ARFLAGS = cru
+libjnlib_a_AR = $(AR) $(ARFLAGS)
+libjnlib_a_LIBADD =
+am__libjnlib_a_SOURCES_DIST = libjnlib-config.h stringhelp.c \
+ stringhelp.h strlist.c strlist.h utf8conv.c utf8conv.h \
+ argparse.c argparse.h logging.c logging.h dotlock.c dotlock.h \
+ types.h mischelp.c mischelp.h dynload.h w32help.h w32-reg.c \
+ w32-afunix.c w32-afunix.h w32-gettext.c
+@HAVE_W32_SYSTEM_TRUE@am__objects_1 = w32-reg.$(OBJEXT) \
+@HAVE_W32_SYSTEM_TRUE@ w32-afunix.$(OBJEXT) \
+@HAVE_W32_SYSTEM_TRUE@ w32-gettext.$(OBJEXT)
+am_libjnlib_a_OBJECTS = stringhelp.$(OBJEXT) strlist.$(OBJEXT) \
+ utf8conv.$(OBJEXT) argparse.$(OBJEXT) logging.$(OBJEXT) \
+ dotlock.$(OBJEXT) mischelp.$(OBJEXT) $(am__objects_1)
+libjnlib_a_OBJECTS = $(am_libjnlib_a_OBJECTS)
+am__EXEEXT_1 = t-stringhelp$(EXEEXT)
+PROGRAMS = $(noinst_PROGRAMS)
+am__objects_2 = t-support.$(OBJEXT)
+am_t_stringhelp_OBJECTS = t-stringhelp.$(OBJEXT) $(am__objects_2)
+t_stringhelp_OBJECTS = $(am_t_stringhelp_OBJECTS)
+am__DEPENDENCIES_1 =
+am__DEPENDENCIES_2 = libjnlib.a $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+t_stringhelp_DEPENDENCIES = $(am__DEPENDENCIES_2)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/scripts/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(libjnlib_a_SOURCES) $(t_stringhelp_SOURCES)
+DIST_SOURCES = $(am__libjnlib_a_SOURCES_DIST) $(t_stringhelp_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors = \
+red=; grn=; lgn=; blu=; std=
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+EXTRA_DIST = README ChangeLog-2011
+AM_CPPFLAGS = -I$(top_srcdir)/intl
+
+# We need libgcrypt because libjnlib-config includes gcrypt.h
+AM_CFLAGS = -DJNLIB_IN_JNLIB $(LIBGCRYPT_CFLAGS)
+noinst_LIBRARIES = libjnlib.a
+
+#libjnlib_a_LDFLAGS =
+libjnlib_a_SOURCES = libjnlib-config.h stringhelp.c stringhelp.h \
+ strlist.c strlist.h utf8conv.c utf8conv.h argparse.c \
+ argparse.h logging.c logging.h dotlock.c dotlock.h types.h \
+ mischelp.c mischelp.h dynload.h w32help.h $(am__append_1)
+
+# For GnuPG we don't need the xmalloc stuff.
+# xmalloc.c xmalloc.h
+
+#
+# Module tests.
+#
+# These tests should only be used at the canonical location of jnlib
+# which is the GnuPG package. The reason for this is that t-support.c
+# defines replacements for the actual used memory allocation functions
+# so that there is no dependency on libgcrypt.
+#
+module_tests = t-stringhelp
+t_jnlib_src = t-support.c t-support.h
+t_jnlib_ldadd = libjnlib.a $(LIBINTL) $(LIBICONV)
+t_stringhelp_SOURCES = t-stringhelp.c $(t_jnlib_src)
+t_stringhelp_LDADD = $(t_jnlib_ldadd)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu jnlib/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu jnlib/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLIBRARIES:
+ -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
+libjnlib.a: $(libjnlib_a_OBJECTS) $(libjnlib_a_DEPENDENCIES)
+ -rm -f libjnlib.a
+ $(libjnlib_a_AR) libjnlib.a $(libjnlib_a_OBJECTS) $(libjnlib_a_LIBADD)
+ $(RANLIB) libjnlib.a
+
+clean-noinstPROGRAMS:
+ -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
+t-stringhelp$(EXEEXT): $(t_stringhelp_OBJECTS) $(t_stringhelp_DEPENDENCIES)
+ @rm -f t-stringhelp$(EXEEXT)
+ $(LINK) $(t_stringhelp_OBJECTS) $(t_stringhelp_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/argparse.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dotlock.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/logging.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mischelp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stringhelp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strlist.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-stringhelp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-support.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utf8conv.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/w32-afunix.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/w32-gettext.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/w32-reg.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ echo "$$grn$$dashes"; \
+ else \
+ echo "$$red$$dashes"; \
+ fi; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes$$std"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(LIBRARIES) $(PROGRAMS)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-noinstLIBRARIES clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
+ clean-generic clean-noinstLIBRARIES clean-noinstPROGRAMS ctags \
+ distclean distclean-compile distclean-generic distclean-tags \
+ distdir dvi dvi-am html html-am info info-am install \
+ install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/jnlib/README b/jnlib/README
new file mode 100644
index 0000000..5536e1a
--- /dev/null
+++ b/jnlib/README
@@ -0,0 +1,8 @@
+JNLIB - This is a collection of utility function which are too small
+to put into a library. The code here is licensed under the LGPL.
+
+libjnlib-config.h should be be modified for each project to make these
+functions fit into the software. Mainly these are memory functions in
+case you need another allocator.
+
+
diff --git a/jnlib/argparse.c b/jnlib/argparse.c
new file mode 100644
index 0000000..c9b5384
--- /dev/null
+++ b/jnlib/argparse.c
@@ -0,0 +1,1205 @@
+/* [argparse.c wk 17.06.97] Argument Parser for option handling
+ * Copyright (C) 1998, 1999, 2000, 2001, 2006
+ * 2007, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+
+#include "libjnlib-config.h"
+#include "mischelp.h"
+#include "stringhelp.h"
+#include "logging.h"
+#ifdef JNLIB_NEED_UTF8CONV
+#include "utf8conv.h"
+#endif
+#include "argparse.h"
+
+
+
+/*********************************
+ * @Summary arg_parse
+ * #include <wk/lib.h>
+ *
+ * typedef struct {
+ * char *argc; pointer to argc (value subject to change)
+ * char ***argv; pointer to argv (value subject to change)
+ * unsigned flags; Global flags (DO NOT CHANGE)
+ * int err; print error about last option
+ * 1 = warning, 2 = abort
+ * int r_opt; return option
+ * int r_type; type of return value (0 = no argument found)
+ * union {
+ * int ret_int;
+ * long ret_long
+ * ulong ret_ulong;
+ * char *ret_str;
+ * } r; Return values
+ * struct {
+ * int idx;
+ * const char *last;
+ * void *aliases;
+ * } internal; DO NOT CHANGE
+ * } ARGPARSE_ARGS;
+ *
+ * typedef struct {
+ * int short_opt;
+ * const char *long_opt;
+ * unsigned flags;
+ * } ARGPARSE_OPTS;
+ *
+ * int arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts );
+ *
+ * @Description
+ * This is my replacement for getopt(). See the example for a typical usage.
+ * Global flags are:
+ * Bit 0 : Do not remove options form argv
+ * Bit 1 : Do not stop at last option but return other args
+ * with r_opt set to -1.
+ * Bit 2 : Assume options and real args are mixed.
+ * Bit 3 : Do not use -- to stop option processing.
+ * Bit 4 : Do not skip the first arg.
+ * Bit 5 : allow usage of long option with only one dash
+ * Bit 6 : ignore --version
+ * all other bits must be set to zero, this value is modified by the
+ * function, so assume this is write only.
+ * Local flags (for each option):
+ * Bit 2-0 : 0 = does not take an argument
+ * 1 = takes int argument
+ * 2 = takes string argument
+ * 3 = takes long argument
+ * 4 = takes ulong argument
+ * Bit 3 : argument is optional (r_type will the be set to 0)
+ * Bit 4 : allow 0x etc. prefixed values.
+ * Bit 7 : this is a command and not an option
+ * You stop the option processing by setting opts to NULL, the function will
+ * then return 0.
+ * @Return Value
+ * Returns the args.r_opt or 0 if ready
+ * r_opt may be -2/-7 to indicate an unknown option/command.
+ * @See Also
+ * ArgExpand
+ * @Notes
+ * You do not need to process the options 'h', '--help' or '--version'
+ * because this function includes standard help processing; but if you
+ * specify '-h', '--help' or '--version' you have to do it yourself.
+ * The option '--' stops argument processing; if bit 1 is set the function
+ * continues to return normal arguments.
+ * To process float args or unsigned args you must use a string args and do
+ * the conversion yourself.
+ * @Example
+ *
+ * ARGPARSE_OPTS opts[] = {
+ * { 'v', "verbose", 0 },
+ * { 'd', "debug", 0 },
+ * { 'o', "output", 2 },
+ * { 'c', "cross-ref", 2|8 },
+ * { 'm', "my-option", 1|8 },
+ * { 500, "have-no-short-option-for-this-long-option", 0 },
+ * {0} };
+ * ARGPARSE_ARGS pargs = { &argc, &argv, 0 }
+ *
+ * while( ArgParse( &pargs, &opts) ) {
+ * switch( pargs.r_opt ) {
+ * case 'v': opt.verbose++; break;
+ * case 'd': opt.debug++; break;
+ * case 'o': opt.outfile = pargs.r.ret_str; break;
+ * case 'c': opt.crf = pargs.r_type? pargs.r.ret_str:"a.crf"; break;
+ * case 'm': opt.myopt = pargs.r_type? pargs.r.ret_int : 1; break;
+ * case 500: opt.a_long_one++; break
+ * default : pargs.err = 1; break; -- force warning output --
+ * }
+ * }
+ * if( argc > 1 )
+ * log_fatal( "Too many args");
+ *
+ */
+
+typedef struct alias_def_s *ALIAS_DEF;
+struct alias_def_s {
+ ALIAS_DEF next;
+ char *name; /* malloced buffer with name, \0, value */
+ const char *value; /* ptr into name */
+};
+
+static const char *(*strusage_handler)( int ) = NULL;
+
+static int set_opt_arg(ARGPARSE_ARGS *arg, unsigned flags, char *s);
+static void show_help(ARGPARSE_OPTS *opts, unsigned flags);
+static void show_version(void);
+
+
+static void
+initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno )
+{
+ if( !(arg->flags & (1<<15)) )
+ {
+ /* Initialize this instance. */
+ arg->internal.idx = 0;
+ arg->internal.last = NULL;
+ arg->internal.inarg = 0;
+ arg->internal.stopped = 0;
+ arg->internal.aliases = NULL;
+ arg->internal.cur_alias = NULL;
+ arg->err = 0;
+ arg->flags |= 1<<15; /* Mark as initialized. */
+ if ( *arg->argc < 0 )
+ jnlib_log_bug ("invalid argument for arg_parsee\n");
+ }
+
+
+ if (arg->err)
+ {
+ /* Last option was erroneous. */
+ const char *s;
+
+ if (filename)
+ {
+ if ( arg->r_opt == ARGPARSE_UNEXPECTED_ARG )
+ s = _("argument not expected");
+ else if ( arg->r_opt == ARGPARSE_READ_ERROR )
+ s = _("read error");
+ else if ( arg->r_opt == ARGPARSE_KEYWORD_TOO_LONG )
+ s = _("keyword too long");
+ else if ( arg->r_opt == ARGPARSE_MISSING_ARG )
+ s = _("missing argument");
+ else if ( arg->r_opt == ARGPARSE_INVALID_COMMAND )
+ s = _("invalid command");
+ else if ( arg->r_opt == ARGPARSE_INVALID_ALIAS )
+ s = _("invalid alias definition");
+ else if ( arg->r_opt == ARGPARSE_OUT_OF_CORE )
+ s = _("out of core");
+ else
+ s = _("invalid option");
+ jnlib_log_error ("%s:%u: %s\n", filename, *lineno, s);
+ }
+ else
+ {
+ s = arg->internal.last? arg->internal.last:"[??]";
+
+ if ( arg->r_opt == ARGPARSE_MISSING_ARG )
+ jnlib_log_error (_("missing argument for option \"%.50s\"\n"), s);
+ else if ( arg->r_opt == ARGPARSE_UNEXPECTED_ARG )
+ jnlib_log_error (_("option \"%.50s\" does not expect an "
+ "argument\n"), s );
+ else if ( arg->r_opt == ARGPARSE_INVALID_COMMAND )
+ jnlib_log_error (_("invalid command \"%.50s\"\n"), s);
+ else if ( arg->r_opt == ARGPARSE_AMBIGUOUS_OPTION )
+ jnlib_log_error (_("option \"%.50s\" is ambiguous\n"), s);
+ else if ( arg->r_opt == ARGPARSE_AMBIGUOUS_OPTION )
+ jnlib_log_error (_("command \"%.50s\" is ambiguous\n"),s );
+ else if ( arg->r_opt == ARGPARSE_OUT_OF_CORE )
+ jnlib_log_error ("%s\n", _("out of core\n"));
+ else
+ jnlib_log_error (_("invalid option \"%.50s\"\n"), s);
+ }
+ if ( arg->err != 1 )
+ exit (2);
+ arg->err = 0;
+ }
+
+ /* Zero out the return value union. */
+ arg->r.ret_str = NULL;
+ arg->r.ret_long = 0;
+}
+
+
+static void
+store_alias( ARGPARSE_ARGS *arg, char *name, char *value )
+{
+ /* TODO: replace this dummy function with a rea one
+ * and fix the probelms IRIX has with (ALIAS_DEV)arg..
+ * used as lvalue
+ */
+ (void)arg;
+ (void)name;
+ (void)value;
+#if 0
+ ALIAS_DEF a = jnlib_xmalloc( sizeof *a );
+ a->name = name;
+ a->value = value;
+ a->next = (ALIAS_DEF)arg->internal.aliases;
+ (ALIAS_DEF)arg->internal.aliases = a;
+#endif
+}
+
+/****************
+ * Get options from a file.
+ * Lines starting with '#' are comment lines.
+ * Syntax is simply a keyword and the argument.
+ * Valid keywords are all keywords from the long_opt list without
+ * the leading dashes. The special keywords "help", "warranty" and "version"
+ * are not valid here.
+ * The special keyword "alias" may be used to store alias definitions,
+ * which are later expanded like long options.
+ * Caller must free returned strings.
+ * If called with FP set to NULL command line args are parse instead.
+ *
+ * Q: Should we allow the syntax
+ * keyword = value
+ * and accept for boolean options a value of 1/0, yes/no or true/false?
+ * Note: Abbreviation of options is here not allowed.
+ */
+int
+optfile_parse (FILE *fp, const char *filename, unsigned *lineno,
+ ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts)
+{
+ int state, i, c;
+ int idx=0;
+ char keyword[100];
+ char *buffer = NULL;
+ size_t buflen = 0;
+ int in_alias=0;
+
+ if (!fp) /* Divert to to arg_parse() in this case. */
+ return arg_parse (arg, opts);
+
+ initialize (arg, filename, lineno);
+
+ /* Find the next keyword. */
+ state = i = 0;
+ for (;;)
+ {
+ c = getc (fp);
+ if (c == '\n' || c== EOF )
+ {
+ if ( c != EOF )
+ ++*lineno;
+ if (state == -1)
+ break;
+ else if (state == 2)
+ {
+ keyword[i] = 0;
+ for (i=0; opts[i].short_opt; i++ )
+ {
+ if (opts[i].long_opt && !strcmp (opts[i].long_opt, keyword))
+ break;
+ }
+ idx = i;
+ arg->r_opt = opts[idx].short_opt;
+ if (!opts[idx].short_opt )
+ arg->r_opt = ((opts[idx].flags & ARGPARSE_OPT_COMMAND)
+ ? ARGPARSE_INVALID_COMMAND
+ : ARGPARSE_INVALID_OPTION);
+ else if (!(opts[idx].flags & 7))
+ arg->r_type = 0; /* Does not take an arg. */
+ else if ((opts[idx].flags & 8) )
+ arg->r_type = 0; /* Arg is optional. */
+ else
+ arg->r_opt = ARGPARSE_MISSING_ARG;
+
+ break;
+ }
+ else if (state == 3)
+ {
+ /* No argument found. */
+ if (in_alias)
+ arg->r_opt = ARGPARSE_MISSING_ARG;
+ else if (!(opts[idx].flags & 7))
+ arg->r_type = 0; /* Does not take an arg. */
+ else if ((opts[idx].flags & 8))
+ arg->r_type = 0; /* No optional argument. */
+ else
+ arg->r_opt = ARGPARSE_MISSING_ARG;
+
+ break;
+ }
+ else if (state == 4)
+ {
+ /* Has an argument. */
+ if (in_alias)
+ {
+ if (!buffer)
+ arg->r_opt = ARGPARSE_UNEXPECTED_ARG;
+ else
+ {
+ char *p;
+
+ buffer[i] = 0;
+ p = strpbrk (buffer, " \t");
+ if (p)
+ {
+ *p++ = 0;
+ trim_spaces (p);
+ }
+ if (!p || !*p)
+ {
+ jnlib_free (buffer);
+ arg->r_opt = ARGPARSE_INVALID_ALIAS;
+ }
+ else
+ {
+ store_alias (arg, buffer, p);
+ }
+ }
+ }
+ else if (!(opts[idx].flags & 7))
+ arg->r_opt = ARGPARSE_UNEXPECTED_ARG;
+ else
+ {
+ char *p;
+
+ if (!buffer)
+ {
+ keyword[i] = 0;
+ buffer = jnlib_strdup (keyword);
+ if (!buffer)
+ arg->r_opt = ARGPARSE_OUT_OF_CORE;
+ }
+ else
+ buffer[i] = 0;
+
+ if (buffer)
+ {
+ trim_spaces (buffer);
+ p = buffer;
+ if (*p == '"')
+ {
+ /* Remove quotes. */
+ p++;
+ if (*p && p[strlen(p)-1] == '\"' )
+ p[strlen(p)-1] = 0;
+ }
+ if (!set_opt_arg (arg, opts[idx].flags, p))
+ jnlib_free(buffer);
+ }
+ }
+ break;
+ }
+ else if (c == EOF)
+ {
+ if (ferror (fp))
+ arg->r_opt = ARGPARSE_READ_ERROR;
+ else
+ arg->r_opt = 0; /* EOF. */
+ break;
+ }
+ state = 0;
+ i = 0;
+ }
+ else if (state == -1)
+ ; /* Skip. */
+ else if (state == 0 && isascii (c) && isspace(c))
+ ; /* Skip leading white space. */
+ else if (state == 0 && c == '#' )
+ state = 1; /* Start of a comment. */
+ else if (state == 1)
+ ; /* Skip comments. */
+ else if (state == 2 && isascii (c) && isspace(c))
+ {
+ /* Check keyword. */
+ keyword[i] = 0;
+ for (i=0; opts[i].short_opt; i++ )
+ if (opts[i].long_opt && !strcmp (opts[i].long_opt, keyword))
+ break;
+ idx = i;
+ arg->r_opt = opts[idx].short_opt;
+ if (!opts[idx].short_opt)
+ {
+ if (!strcmp (keyword, "alias"))
+ {
+ in_alias = 1;
+ state = 3;
+ }
+ else
+ {
+ arg->r_opt = ((opts[idx].flags & ARGPARSE_OPT_COMMAND)
+ ? ARGPARSE_INVALID_COMMAND
+ : ARGPARSE_INVALID_OPTION);
+ state = -1; /* Skip rest of line and leave. */
+ }
+ }
+ else
+ state = 3;
+ }
+ else if (state == 3)
+ {
+ /* Skip leading spaces of the argument. */
+ if (!isascii (c) || !isspace(c))
+ {
+ i = 0;
+ keyword[i++] = c;
+ state = 4;
+ }
+ }
+ else if (state == 4)
+ {
+ /* Collect the argument. */
+ if (buffer)
+ {
+ if (i < buflen-1)
+ buffer[i++] = c;
+ else
+ {
+ char *tmp;
+ size_t tmplen = buflen + 50;
+
+ tmp = jnlib_realloc (buffer, tmplen);
+ if (tmp)
+ {
+ buflen = tmplen;
+ buffer = tmp;
+ buffer[i++] = c;
+ }
+ else
+ {
+ jnlib_free (buffer);
+ arg->r_opt = ARGPARSE_OUT_OF_CORE;
+ break;
+ }
+ }
+ }
+ else if (i < DIM(keyword)-1)
+ keyword[i++] = c;
+ else
+ {
+ size_t tmplen = DIM(keyword) + 50;
+ buffer = jnlib_malloc (tmplen);
+ if (buffer)
+ {
+ buflen = tmplen;
+ memcpy(buffer, keyword, i);
+ buffer[i++] = c;
+ }
+ else
+ {
+ arg->r_opt = ARGPARSE_OUT_OF_CORE;
+ break;
+ }
+ }
+ }
+ else if (i >= DIM(keyword)-1)
+ {
+ arg->r_opt = ARGPARSE_KEYWORD_TOO_LONG;
+ state = -1; /* Skip rest of line and leave. */
+ }
+ else
+ {
+ keyword[i++] = c;
+ state = 2;
+ }
+ }
+
+ return arg->r_opt;
+}
+
+
+
+static int
+find_long_option( ARGPARSE_ARGS *arg,
+ ARGPARSE_OPTS *opts, const char *keyword )
+{
+ int i;
+ size_t n;
+
+ (void)arg;
+
+ /* Would be better if we can do a binary search, but it is not
+ possible to reorder our option table because we would mess
+ up our help strings - What we can do is: Build a nice option
+ lookup table wehn this function is first invoked */
+ if( !*keyword )
+ return -1;
+ for(i=0; opts[i].short_opt; i++ )
+ if( opts[i].long_opt && !strcmp( opts[i].long_opt, keyword) )
+ return i;
+#if 0
+ {
+ ALIAS_DEF a;
+ /* see whether it is an alias */
+ for( a = args->internal.aliases; a; a = a->next ) {
+ if( !strcmp( a->name, keyword) ) {
+ /* todo: must parse the alias here */
+ args->internal.cur_alias = a;
+ return -3; /* alias available */
+ }
+ }
+ }
+#endif
+ /* not found, see whether it is an abbreviation */
+ /* aliases may not be abbreviated */
+ n = strlen( keyword );
+ for(i=0; opts[i].short_opt; i++ ) {
+ if( opts[i].long_opt && !strncmp( opts[i].long_opt, keyword, n ) ) {
+ int j;
+ for(j=i+1; opts[j].short_opt; j++ ) {
+ if( opts[j].long_opt
+ && !strncmp( opts[j].long_opt, keyword, n ) )
+ return -2; /* abbreviation is ambiguous */
+ }
+ return i;
+ }
+ }
+ return -1;
+}
+
+int
+arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts)
+{
+ int idx;
+ int argc;
+ char **argv;
+ char *s, *s2;
+ int i;
+
+ initialize( arg, NULL, NULL );
+ argc = *arg->argc;
+ argv = *arg->argv;
+ idx = arg->internal.idx;
+
+ if (!idx && argc && !(arg->flags & ARGPARSE_FLAG_ARG0))
+ {
+ /* Skip the first argument. */
+ argc--; argv++; idx++;
+ }
+
+ next_one:
+ if (!argc)
+ {
+ /* No more args. */
+ arg->r_opt = 0;
+ goto leave; /* Ready. */
+ }
+
+ s = *argv;
+ arg->internal.last = s;
+
+ if (arg->internal.stopped && (arg->flags & ARGPARSE_FLAG_ALL))
+ {
+ arg->r_opt = ARGPARSE_IS_ARG; /* Not an option but an argument. */
+ arg->r_type = 2;
+ arg->r.ret_str = s;
+ argc--; argv++; idx++; /* set to next one */
+ }
+ else if( arg->internal.stopped )
+ {
+ arg->r_opt = 0;
+ goto leave; /* Ready. */
+ }
+ else if ( *s == '-' && s[1] == '-' )
+ {
+ /* Long option. */
+ char *argpos;
+
+ arg->internal.inarg = 0;
+ if (!s[2] && !(arg->flags & ARGPARSE_FLAG_NOSTOP))
+ {
+ /* Stop option processing. */
+ arg->internal.stopped = 1;
+ argc--; argv++; idx++;
+ goto next_one;
+ }
+
+ argpos = strchr( s+2, '=' );
+ if ( argpos )
+ *argpos = 0;
+ i = find_long_option ( arg, opts, s+2 );
+ if ( argpos )
+ *argpos = '=';
+
+ if ( i < 0 && !strcmp ( "help", s+2) )
+ show_help (opts, arg->flags);
+ else if ( i < 0 && !strcmp ( "version", s+2) )
+ {
+ if (!(arg->flags & ARGPARSE_FLAG_NOVERSION))
+ {
+ show_version ();
+ exit(0);
+ }
+ }
+ else if ( i < 0 && !strcmp( "warranty", s+2))
+ {
+ puts ( strusage (16) );
+ exit (0);
+ }
+ else if ( i < 0 && !strcmp( "dump-options", s+2) )
+ {
+ for (i=0; opts[i].short_opt; i++ )
+ {
+ if ( opts[i].long_opt )
+ printf ("--%s\n", opts[i].long_opt);
+ }
+ fputs ("--dump-options\n--help\n--version\n--warranty\n", stdout);
+ exit (0);
+ }
+
+ if ( i == -2 )
+ arg->r_opt = ARGPARSE_AMBIGUOUS_OPTION;
+ else if ( i == -1 )
+ {
+ arg->r_opt = ARGPARSE_INVALID_OPTION;
+ arg->r.ret_str = s+2;
+ }
+ else
+ arg->r_opt = opts[i].short_opt;
+ if ( i < 0 )
+ ;
+ else if ( (opts[i].flags & 0x07) )
+ {
+ if ( argpos )
+ {
+ s2 = argpos+1;
+ if ( !*s2 )
+ s2 = NULL;
+ }
+ else
+ s2 = argv[1];
+ if ( !s2 && (opts[i].flags & ARGPARSE_OPT_OPTIONAL) )
+ {
+ arg->r_type = ARGPARSE_TYPE_NONE; /* Argument is optional. */
+ }
+ else if ( !s2 )
+ {
+ arg->r_opt = ARGPARSE_MISSING_ARG;
+ }
+ else if ( !argpos && *s2 == '-'
+ && (opts[i].flags & ARGPARSE_OPT_OPTIONAL) )
+ {
+ /* The argument is optional and the next seems to be an
+ option. We do not check this possible option but
+ assume no argument */
+ arg->r_type = ARGPARSE_TYPE_NONE;
+ }
+ else
+ {
+ set_opt_arg (arg, opts[i].flags, s2);
+ if ( !argpos )
+ {
+ argc--; argv++; idx++; /* Skip one. */
+ }
+ }
+ }
+ else
+ {
+ /* Does not take an argument. */
+ if ( argpos )
+ arg->r_type = ARGPARSE_UNEXPECTED_ARG;
+ else
+ arg->r_type = 0;
+ }
+ argc--; argv++; idx++; /* Set to next one. */
+ }
+ else if ( (*s == '-' && s[1]) || arg->internal.inarg )
+ {
+ /* Short option. */
+ int dash_kludge = 0;
+
+ i = 0;
+ if ( !arg->internal.inarg )
+ {
+ arg->internal.inarg++;
+ if ( (arg->flags & ARGPARSE_FLAG_ONEDASH) )
+ {
+ for (i=0; opts[i].short_opt; i++ )
+ if ( opts[i].long_opt && !strcmp (opts[i].long_opt, s+1))
+ {
+ dash_kludge = 1;
+ break;
+ }
+ }
+ }
+ s += arg->internal.inarg;
+
+ if (!dash_kludge )
+ {
+ for (i=0; opts[i].short_opt; i++ )
+ if ( opts[i].short_opt == *s )
+ break;
+ }
+
+ if ( !opts[i].short_opt && ( *s == 'h' || *s == '?' ) )
+ show_help (opts, arg->flags);
+
+ arg->r_opt = opts[i].short_opt;
+ if (!opts[i].short_opt )
+ {
+ arg->r_opt = (opts[i].flags & ARGPARSE_OPT_COMMAND)?
+ ARGPARSE_INVALID_COMMAND:ARGPARSE_INVALID_OPTION;
+ arg->internal.inarg++; /* Point to the next arg. */
+ arg->r.ret_str = s;
+ }
+ else if ( (opts[i].flags & 7) )
+ {
+ if ( s[1] && !dash_kludge )
+ {
+ s2 = s+1;
+ set_opt_arg (arg, opts[i].flags, s2);
+ }
+ else
+ {
+ s2 = argv[1];
+ if ( !s2 && (opts[i].flags & ARGPARSE_OPT_OPTIONAL) )
+ {
+ arg->r_type = ARGPARSE_TYPE_NONE;
+ }
+ else if ( !s2 )
+ {
+ arg->r_opt = ARGPARSE_MISSING_ARG;
+ }
+ else if ( *s2 == '-' && s2[1]
+ && (opts[i].flags & ARGPARSE_OPT_OPTIONAL) )
+ {
+ /* The argument is optional and the next seems to
+ be an option. We do not check this possible
+ option but assume no argument. */
+ arg->r_type = ARGPARSE_TYPE_NONE;
+ }
+ else
+ {
+ set_opt_arg (arg, opts[i].flags, s2);
+ argc--; argv++; idx++; /* Skip one. */
+ }
+ }
+ s = "x"; /* This is so that !s[1] yields false. */
+ }
+ else
+ {
+ /* Does not take an argument. */
+ arg->r_type = ARGPARSE_TYPE_NONE;
+ arg->internal.inarg++; /* Point to the next arg. */
+ }
+ if ( !s[1] || dash_kludge )
+ {
+ /* No more concatenated short options. */
+ arg->internal.inarg = 0;
+ argc--; argv++; idx++;
+ }
+ }
+ else if ( arg->flags & ARGPARSE_FLAG_MIXED )
+ {
+ arg->r_opt = ARGPARSE_IS_ARG;
+ arg->r_type = 2;
+ arg->r.ret_str = s;
+ argc--; argv++; idx++; /* Set to next one. */
+ }
+ else
+ {
+ arg->internal.stopped = 1; /* Stop option processing. */
+ goto next_one;
+ }
+
+ leave:
+ *arg->argc = argc;
+ *arg->argv = argv;
+ arg->internal.idx = idx;
+ return arg->r_opt;
+}
+
+
+
+static int
+set_opt_arg(ARGPARSE_ARGS *arg, unsigned flags, char *s)
+{
+ int base = (flags & 16)? 0 : 10;
+
+ switch ( (arg->r_type = (flags & 7)) )
+ {
+ case ARGPARSE_TYPE_INT:
+ arg->r.ret_int = (int)strtol(s,NULL,base);
+ return 0;
+ case ARGPARSE_TYPE_LONG:
+ arg->r.ret_long= strtol(s,NULL,base);
+ return 0;
+ case ARGPARSE_TYPE_ULONG:
+ arg->r.ret_ulong= strtoul(s,NULL,base);
+ return 0;
+ case ARGPARSE_TYPE_STRING:
+ default:
+ arg->r.ret_str = s;
+ return 1;
+ }
+}
+
+
+static size_t
+long_opt_strlen( ARGPARSE_OPTS *o )
+{
+ size_t n = strlen (o->long_opt);
+
+ if ( o->description && *o->description == '|' )
+ {
+ const char *s;
+#ifdef JNLIB_NEED_UTF8CONV
+ int is_utf8 = is_native_utf8 ();
+#endif
+
+ s=o->description+1;
+ if ( *s != '=' )
+ n++;
+ /* For a (mostly) correct length calculation we exclude
+ continuation bytes (10xxxxxx) if we are on a native utf8
+ terminal. */
+ for (; *s && *s != '|'; s++ )
+#ifdef JNLIB_NEED_UTF8CONV
+ if ( is_utf8 && (*s&0xc0) != 0x80 )
+#endif
+ n++;
+ }
+ return n;
+}
+
+
+/****************
+ * Print formatted help. The description string has some special
+ * meanings:
+ * - A description string which is "@" suppresses help output for
+ * this option
+ * - a description,ine which starts with a '@' and is followed by
+ * any other characters is printed as is; this may be used for examples
+ * ans such.
+ * - A description which starts with a '|' outputs the string between this
+ * bar and the next one as arguments of the long option.
+ */
+static void
+show_help (ARGPARSE_OPTS *opts, unsigned int flags)
+{
+ const char *s;
+
+ show_version ();
+ putchar ('\n');
+ s = strusage(41);
+ puts (s);
+ if ( opts[0].description )
+ {
+ /* Auto format the option description. */
+ int i,j, indent;
+
+ /* Get max. length of long options. */
+ for (i=indent=0; opts[i].short_opt; i++ )
+ {
+ if ( opts[i].long_opt )
+ if ( !opts[i].description || *opts[i].description != '@' )
+ if ( (j=long_opt_strlen(opts+i)) > indent && j < 35 )
+ indent = j;
+ }
+
+ /* Example: " -v, --verbose Viele Sachen ausgeben" */
+ indent += 10;
+ if ( *opts[0].description != '@' )
+ puts ("Options:");
+ for (i=0; opts[i].short_opt; i++ )
+ {
+ s = _( opts[i].description );
+ if ( s && *s== '@' && !s[1] ) /* Hide this line. */
+ continue;
+ if ( s && *s == '@' ) /* Unindented comment only line. */
+ {
+ for (s++; *s; s++ )
+ {
+ if ( *s == '\n' )
+ {
+ if( s[1] )
+ putchar('\n');
+ }
+ else
+ putchar(*s);
+ }
+ putchar('\n');
+ continue;
+ }
+
+ j = 3;
+ if ( opts[i].short_opt < 256 )
+ {
+ printf (" -%c", opts[i].short_opt);
+ if ( !opts[i].long_opt )
+ {
+ if (s && *s == '|' )
+ {
+ putchar (' '); j++;
+ for (s++ ; *s && *s != '|'; s++, j++ )
+ putchar (*s);
+ if ( *s )
+ s++;
+ }
+ }
+ }
+ else
+ fputs(" ", stdout);
+ if ( opts[i].long_opt )
+ {
+ j += printf ("%c --%s", opts[i].short_opt < 256?',':' ',
+ opts[i].long_opt );
+ if (s && *s == '|' )
+ {
+ if ( *++s != '=' )
+ {
+ putchar(' ');
+ j++;
+ }
+ for ( ; *s && *s != '|'; s++, j++ )
+ putchar(*s);
+ if ( *s )
+ s++;
+ }
+ fputs (" ", stdout);
+ j += 3;
+ }
+ for (;j < indent; j++ )
+ putchar(' ');
+ if ( s )
+ {
+ if ( *s && j > indent )
+ {
+ putchar('\n');
+ for (j=0;j < indent; j++ )
+ putchar (' ');
+ }
+ for (; *s; s++ )
+ {
+ if ( *s == '\n' )
+ {
+ if ( s[1] )
+ {
+ putchar ('\n');
+ for (j=0; j < indent; j++ )
+ putchar (' ');
+ }
+ }
+ else
+ putchar (*s);
+ }
+ }
+ putchar ('\n');
+ }
+ if ( (flags & ARGPARSE_FLAG_ONEDASH) )
+ puts ("\n(A single dash may be used instead of the double ones)");
+ }
+ if ( (s=strusage(19)) )
+ {
+ /* bug reports to ... */
+ char *s2;
+
+ putchar('\n');
+ s2 = strstr (s, "@EMAIL@");
+ if (s2)
+ {
+ if (s2-s)
+ fwrite (s, s2-s, 1, stdout);
+#ifdef PACKAGE_BUGREPORT
+ fputs (PACKAGE_BUGREPORT, stdout);
+#else
+ fputs ("bug@example.org", stdout);
+#endif
+ s2 += 7;
+ if (*s2)
+ fputs (s2, stdout);
+ }
+ else
+ fputs(s, stdout);
+ }
+ fflush(stdout);
+ exit(0);
+}
+
+static void
+show_version ()
+{
+ const char *s;
+ int i;
+
+ /* Version line. */
+ fputs (strusage (11), stdout);
+ if ((s=strusage (12)))
+ printf (" (%s)", s );
+ printf (" %s\n", strusage (13) );
+ /* Additional version lines. */
+ for (i=20; i < 30; i++)
+ if ((s=strusage (i)))
+ printf ("%s\n", s );
+ /* Copyright string. */
+ if( (s=strusage (14)) )
+ printf("%s\n", s );
+ /* Licence string. */
+ if( (s=strusage (10)) )
+ printf("%s\n", s );
+ /* Copying conditions. */
+ if ( (s=strusage(15)) )
+ fputs (s, stdout);
+ /* Thanks. */
+ if ((s=strusage(18)))
+ fputs (s, stdout);
+ /* Additional program info. */
+ for (i=30; i < 40; i++ )
+ if ( (s=strusage (i)) )
+ fputs (s, stdout);
+ fflush (stdout);
+}
+
+
+void
+usage (int level)
+{
+ const char *p;
+
+ if (!level)
+ {
+ fprintf(stderr,"%s %s; %s\n", strusage(11), strusage(13), strusage (14));
+ fflush (stderr);
+ }
+ else if (level == 1)
+ {
+ p = strusage (40);
+ fputs (p, stderr);
+ if (*p && p[strlen(p)] != '\n')
+ putc ('\n', stderr);
+ exit (2);
+ }
+ else if (level == 2)
+ {
+ puts (strusage(41));
+ exit (0);
+ }
+}
+
+/* Level
+ * 0: Print copyright string to stderr
+ * 1: Print a short usage hint to stderr and terminate
+ * 2: Print a long usage hint to stdout and terminate
+ * 10: Return license info string
+ * 11: Return the name of the program
+ * 12: Return optional name of package which includes this program.
+ * 13: version string
+ * 14: copyright string
+ * 15: Short copying conditions (with LFs)
+ * 16: Long copying conditions (with LFs)
+ * 17: Optional printable OS name
+ * 18: Optional thanks list (with LFs)
+ * 19: Bug report info
+ *20..29: Additional lib version strings.
+ *30..39: Additional program info (with LFs)
+ * 40: short usage note (with LF)
+ * 41: long usage note (with LF)
+ */
+const char *
+strusage( int level )
+{
+ const char *p = strusage_handler? strusage_handler(level) : NULL;
+
+ if ( p )
+ return p;
+
+ switch ( level )
+ {
+ case 10: p = ("License GPLv3+: GNU GPL version 3 or later "
+ "<http://gnu.org/licenses/gpl.html>");
+ break;
+ case 11: p = "foo"; break;
+ case 13: p = "0.0"; break;
+ case 14: p = "Copyright (C) 2012 Free Software Foundation, Inc."; break;
+ case 15: p =
+"This is free software: you are free to change and redistribute it.\n"
+"There is NO WARRANTY, to the extent permitted by law.\n";
+ break;
+ case 16: p =
+"This is free software; you can redistribute it and/or modify\n"
+"it under the terms of the GNU General Public License as published by\n"
+"the Free Software Foundation; either version 3 of the License, or\n"
+"(at your option) any later version.\n\n"
+"It is distributed in the hope that it will be useful,\n"
+"but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
+"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
+"GNU General Public License for more details.\n\n"
+"You should have received a copy of the GNU General Public License\n"
+"along with this software. If not, see <http://www.gnu.org/licenses/>.\n";
+ break;
+ case 40: /* short and long usage */
+ case 41: p = ""; break;
+ }
+
+ return p;
+}
+
+void
+set_strusage ( const char *(*f)( int ) )
+{
+ strusage_handler = f;
+}
+
+
+#ifdef TEST
+static struct {
+ int verbose;
+ int debug;
+ char *outfile;
+ char *crf;
+ int myopt;
+ int echo;
+ int a_long_one;
+}opt;
+
+int
+main(int argc, char **argv)
+{
+ ARGPARSE_OPTS opts[] = {
+ ARGPARSE_x('v', "verbose", NONE, 0, "Laut sein"),
+ ARGPARSE_s_n('e', "echo" , ("Zeile ausgeben, damit wir sehen, "
+ "was wir ein gegeben haben")),
+ ARGPARSE_s_n('d', "debug", "Debug\nfalls mal etwas\nschief geht"),
+ ARGPARSE_s_s('o', "output", 0 ),
+ ARGPARSE_o_s('c', "cross-ref", "cross-reference erzeugen\n" ),
+ /* Note that on a non-utf8 terminal the ß might garble the output. */
+ ARGPARSE_s_n('s', "street","|Straße|set the name of the street to Straße"),
+ ARGPARSE_o_i('m', "my-option", 0),
+ ARGPARSE_s_n(500, "a-long-option", 0 ),
+ ARGPARSE_end
+ };
+ ARGPARSE_ARGS pargs = { &argc, &argv, 2|4|32 };
+ int i;
+
+ while( arg_parse ( &pargs, opts) ) {
+ switch( pargs.r_opt ) {
+ case -1 : printf( "arg=`%s'\n", pargs.r.ret_str); break;
+ case 'v': opt.verbose++; break;
+ case 'e': opt.echo++; break;
+ case 'd': opt.debug++; break;
+ case 'o': opt.outfile = pargs.r.ret_str; break;
+ case 'c': opt.crf = pargs.r_type? pargs.r.ret_str:"a.crf"; break;
+ case 'm': opt.myopt = pargs.r_type? pargs.r.ret_int : 1; break;
+ case 500: opt.a_long_one++; break;
+ default : pargs.err = ARGPARSE_PRINT_WARNING; break;
+ }
+ }
+ for(i=0; i < argc; i++ )
+ printf("%3d -> (%s)\n", i, argv[i] );
+ puts("Options:");
+ if( opt.verbose )
+ printf(" verbose=%d\n", opt.verbose );
+ if( opt.debug )
+ printf(" debug=%d\n", opt.debug );
+ if( opt.outfile )
+ printf(" outfile=`%s'\n", opt.outfile );
+ if( opt.crf )
+ printf(" crffile=`%s'\n", opt.crf );
+ if( opt.myopt )
+ printf(" myopt=%d\n", opt.myopt );
+ if( opt.a_long_one )
+ printf(" a-long-one=%d\n", opt.a_long_one );
+ if( opt.echo )
+ printf(" echo=%d\n", opt.echo );
+ return 0;
+}
+#endif
+
+/**** bottom of file ****/
diff --git a/jnlib/argparse.h b/jnlib/argparse.h
new file mode 100644
index 0000000..b211e5f
--- /dev/null
+++ b/jnlib/argparse.h
@@ -0,0 +1,183 @@
+/* argparse.h - Argument parser for option handling.
+ * Copyright (C) 1998,1999,2000,2001,2006 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef LIBJNLIB_ARGPARSE_H
+#define LIBJNLIB_ARGPARSE_H
+
+#include <stdio.h>
+#include "types.h"
+
+typedef struct
+{
+ int *argc; /* Pointer to ARGC (value subject to change). */
+ char ***argv; /* Pointer to ARGV (value subject to change). */
+ unsigned int flags; /* Global flags. May be set prior to calling the
+ parser. The parser may change the value. */
+ int err; /* Print error description for last option.
+ Either 0, ARGPARSE_PRINT_WARNING or
+ ARGPARSE_PRINT_ERROR. */
+
+ int r_opt; /* Returns option code. */
+ int r_type; /* Returns type of option value. */
+ union {
+ int ret_int;
+ long ret_long;
+ unsigned long ret_ulong;
+ char *ret_str;
+ } r; /* Return values */
+
+ struct {
+ int idx;
+ int inarg;
+ int stopped;
+ const char *last;
+ void *aliases;
+ const void *cur_alias;
+ } internal; /* Private - do not change. */
+} ARGPARSE_ARGS;
+
+typedef struct
+{
+ int short_opt;
+ const char *long_opt;
+ unsigned int flags;
+ const char *description; /* Optional option description. */
+} ARGPARSE_OPTS;
+
+
+/* Global flags (ARGPARSE_ARGS). */
+#define ARGPARSE_FLAG_KEEP 1 /* Do not remove options form argv. */
+#define ARGPARSE_FLAG_ALL 2 /* Do not stop at last option but return
+ remaining args with R_OPT set to -1. */
+#define ARGPARSE_FLAG_MIXED 4 /* Assume options and args are mixed. */
+#define ARGPARSE_FLAG_NOSTOP 8 /* Do not stop processing at "--". */
+#define ARGPARSE_FLAG_ARG0 16 /* Do not skip the first arg. */
+#define ARGPARSE_FLAG_ONEDASH 32 /* Allow long options with one dash. */
+#define ARGPARSE_FLAG_NOVERSION 64 /* No output for "--version". */
+
+/* Flags for each option (ARGPARSE_OPTS). The type code may be
+ ORed with the OPT flags. */
+#define ARGPARSE_TYPE_NONE 0 /* Does not take an argument. */
+#define ARGPARSE_TYPE_INT 1 /* Takes an int argument. */
+#define ARGPARSE_TYPE_STRING 2 /* Takes a string argument. */
+#define ARGPARSE_TYPE_LONG 3 /* Takes a long argument. */
+#define ARGPARSE_TYPE_ULONG 4 /* Takes an unsigned long argument. */
+#define ARGPARSE_OPT_OPTIONAL (1<<3) /* Argument is optional. */
+#define ARGPARSE_OPT_PREFIX (1<<4) /* Allow 0x etc. prefixed values. */
+#define ARGPARSE_OPT_COMMAND (1<<8) /* The argument is a command. */
+
+/* A set of macros to make option definitions easier to read. */
+#define ARGPARSE_x(s,l,t,f,d) \
+ { (s), (l), ARGPARSE_TYPE_ ## t | (f), (d) }
+
+#define ARGPARSE_s(s,l,t,d) \
+ { (s), (l), ARGPARSE_TYPE_ ## t, (d) }
+#define ARGPARSE_s_n(s,l,d) \
+ { (s), (l), ARGPARSE_TYPE_NONE, (d) }
+#define ARGPARSE_s_i(s,l,d) \
+ { (s), (l), ARGPARSE_TYPE_INT, (d) }
+#define ARGPARSE_s_s(s,l,d) \
+ { (s), (l), ARGPARSE_TYPE_STRING, (d) }
+#define ARGPARSE_s_l(s,l,d) \
+ { (s), (l), ARGPARSE_TYPE_LONG, (d) }
+#define ARGPARSE_s_u(s,l,d) \
+ { (s), (l), ARGPARSE_TYPE_ULONG, (d) }
+
+#define ARGPARSE_o(s,l,t,d) \
+ { (s), (l), (ARGPARSE_TYPE_ ## t | ARGPARSE_OPT_OPTIONAL), (d) }
+#define ARGPARSE_o_n(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_NONE | ARGPARSE_OPT_OPTIONAL), (d) }
+#define ARGPARSE_o_i(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_INT | ARGPARSE_OPT_OPTIONAL), (d) }
+#define ARGPARSE_o_s(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_STRING | ARGPARSE_OPT_OPTIONAL), (d) }
+#define ARGPARSE_o_l(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_LONG | ARGPARSE_OPT_OPTIONAL), (d) }
+#define ARGPARSE_o_u(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_ULONG | ARGPARSE_OPT_OPTIONAL), (d) }
+
+#define ARGPARSE_p(s,l,t,d) \
+ { (s), (l), (ARGPARSE_TYPE_ ## t | ARGPARSE_OPT_PREFIX), (d) }
+#define ARGPARSE_p_n(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_NONE | ARGPARSE_OPT_PREFIX), (d) }
+#define ARGPARSE_p_i(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_INT | ARGPARSE_OPT_PREFIX), (d) }
+#define ARGPARSE_p_s(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_STRING | ARGPARSE_OPT_PREFIX), (d) }
+#define ARGPARSE_p_l(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_LONG | ARGPARSE_OPT_PREFIX), (d) }
+#define ARGPARSE_p_u(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_ULONG | ARGPARSE_OPT_PREFIX), (d) }
+
+#define ARGPARSE_op(s,l,t,d) \
+ { (s), (l), (ARGPARSE_TYPE_ ## t \
+ | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) }
+#define ARGPARSE_op_n(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_NONE \
+ | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) }
+#define ARGPARSE_op_i(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_INT \
+ | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) }
+#define ARGPARSE_op_s(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_STRING \
+ | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) }
+#define ARGPARSE_op_l(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_LONG \
+ | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) }
+#define ARGPARSE_op_u(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_ULONG \
+ | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) }
+
+#define ARGPARSE_c(s,l,d) \
+ { (s), (l), (ARGPARSE_TYPE_NONE | ARGPARSE_OPT_COMMAND), (d) }
+
+
+#define ARGPARSE_group(s,d) \
+ { (s), NULL, 0, (d) }
+
+#define ARGPARSE_end() { 0, NULL, 0, NULL }
+
+
+/* Other constants. */
+#define ARGPARSE_PRINT_WARNING 1
+#define ARGPARSE_PRINT_ERROR 2
+
+
+/* Error values. */
+#define ARGPARSE_IS_ARG (-1)
+#define ARGPARSE_INVALID_OPTION (-2)
+#define ARGPARSE_MISSING_ARG (-3)
+#define ARGPARSE_KEYWORD_TOO_LONG (-4)
+#define ARGPARSE_READ_ERROR (-5)
+#define ARGPARSE_UNEXPECTED_ARG (-6)
+#define ARGPARSE_INVALID_COMMAND (-7)
+#define ARGPARSE_AMBIGUOUS_OPTION (-8)
+#define ARGPARSE_AMBIGUOUS_COMMAND (-9)
+#define ARGPARSE_INVALID_ALIAS (-10)
+#define ARGPARSE_OUT_OF_CORE (-11)
+
+
+int arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts);
+int optfile_parse( FILE *fp, const char *filename, unsigned *lineno,
+ ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts);
+void usage( int level );
+const char *strusage( int level );
+void set_strusage( const char *(*f)( int ) );
+
+#endif /*LIBJNLIB_ARGPARSE_H*/
diff --git a/jnlib/dotlock.c b/jnlib/dotlock.c
new file mode 100644
index 0000000..260c086
--- /dev/null
+++ b/jnlib/dotlock.c
@@ -0,0 +1,697 @@
+/* dotlock.c - dotfile locking
+ * Copyright (C) 1998, 2000, 2001, 2003, 2004,
+ * 2005, 2006, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <ctype.h>
+#include <errno.h>
+#include <unistd.h>
+#ifdef HAVE_DOSISH_SYSTEM
+# define WIN32_LEAN_AND_MEAN
+# include <windows.h>
+#else
+# include <sys/utsname.h>
+#endif
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <signal.h>
+
+#include "libjnlib-config.h"
+#include "stringhelp.h"
+#include "dotlock.h"
+
+#if !defined(DIRSEP_C) && !defined(EXTSEP_C) \
+ && !defined(DIRSEP_S) && !defined(EXTSEP_S)
+#ifdef HAVE_DOSISH_SYSTEM
+#define DIRSEP_C '\\'
+#define EXTSEP_C '.'
+#define DIRSEP_S "\\"
+#define EXTSEP_S "."
+#else
+#define DIRSEP_C '/'
+#define EXTSEP_C '.'
+#define DIRSEP_S "/"
+#define EXTSEP_S "."
+#endif
+#endif
+
+
+/* The object describing a lock. */
+struct dotlock_handle
+{
+ struct dotlock_handle *next;
+ char *lockname; /* Name of the actual lockfile. */
+ int locked; /* Lock status. */
+ int disable; /* If true, locking is disabled. */
+
+#ifdef HAVE_DOSISH_SYSTEM
+ HANDLE lockhd; /* The W32 handle of the lock file. */
+#else
+ char *tname; /* Name of the lockfile template. */
+ size_t nodename_off; /* Offset in TNAME of the nodename part. */
+ size_t nodename_len; /* Length of the nodename part. */
+#endif /* HAVE_DOSISH_SYSTEM */
+};
+
+
+/* A list of of all lock handles. */
+static volatile DOTLOCK all_lockfiles;
+
+/* If this has the value true all locking is disabled. */
+static int never_lock;
+
+
+/* Local protototypes. */
+#ifndef HAVE_DOSISH_SYSTEM
+static int read_lockfile (DOTLOCK h, int *same_node);
+#endif /*!HAVE_DOSISH_SYSTEM*/
+
+
+
+
+/* Entirely disable all locking. This function should be called
+ before any locking is done. It may be called right at startup of
+ the process as it only sets a global value. */
+void
+disable_dotlock(void)
+{
+ never_lock = 1;
+}
+
+
+
+/* Create a lockfile for a file name FILE_TO_LOCK and returns an
+ object of type DOTLOCK which may be used later to actually acquire
+ the lock. A cleanup routine gets installed to cleanup left over
+ locks or other files used internally by the lock mechanism.
+
+ Calling this function with NULL does only install the atexit
+ handler and may thus be used to assure that the cleanup is called
+ after all other atexit handlers.
+
+ This function creates a lock file in the same directory as
+ FILE_TO_LOCK using that name and a suffix of ".lock". Note that on
+ POSIX systems a temporary file ".#lk.<hostname>.pid[.threadid] is
+ used.
+
+ The function returns an new handle which needs to be released using
+ destroy_dotlock but gets also released at the termination of the
+ process. On error NULL is returned.
+ */
+DOTLOCK
+create_dotlock (const char *file_to_lock)
+{
+ static int initialized;
+ DOTLOCK h;
+#ifndef HAVE_DOSISH_SYSTEM
+ int fd = -1;
+ char pidstr[16];
+ const char *nodename;
+ const char *dirpart;
+ int dirpartlen;
+ struct utsname utsbuf;
+ size_t tnamelen;
+#endif
+
+ if ( !initialized )
+ {
+ atexit (dotlock_remove_lockfiles);
+ initialized = 1;
+ }
+
+ if ( !file_to_lock )
+ return NULL; /* Only initialization was requested. */
+
+ h = jnlib_calloc (1, sizeof *h);
+ if (!h)
+ return NULL;
+
+ if (never_lock)
+ {
+ h->disable = 1;
+#ifdef _REENTRANT
+ /* fixme: aquire mutex on all_lockfiles */
+#endif
+ h->next = all_lockfiles;
+ all_lockfiles = h;
+ return h;
+ }
+
+#ifndef HAVE_DOSISH_SYSTEM
+ /*
+ This is the POSIX version which uses a temporary file and the
+ link system call to make locking an atomic operation.
+ */
+
+ snprintf (pidstr, sizeof pidstr, "%10d\n", (int)getpid() );
+
+ /* Create a temporary file. */
+ if ( uname ( &utsbuf ) )
+ nodename = "unknown";
+ else
+ nodename = utsbuf.nodename;
+
+#ifdef __riscos__
+ {
+ char *iter = (char *) nodename;
+ for (; iter[0]; iter++)
+ if (iter[0] == '.')
+ iter[0] = '/';
+ }
+#endif /* __riscos__ */
+
+ if ( !(dirpart = strrchr (file_to_lock, DIRSEP_C)) )
+ {
+ dirpart = EXTSEP_S;
+ dirpartlen = 1;
+ }
+ else
+ {
+ dirpartlen = dirpart - file_to_lock;
+ dirpart = file_to_lock;
+ }
+
+#ifdef _REENTRANT
+ /* fixme: aquire mutex on all_lockfiles */
+#endif
+ h->next = all_lockfiles;
+ all_lockfiles = h;
+
+ tnamelen = dirpartlen + 6 + 30 + strlen(nodename) + 10;
+ h->tname = jnlib_malloc (tnamelen + 1);
+ if (!h->tname)
+ {
+ all_lockfiles = h->next;
+ jnlib_free (h);
+ return NULL;
+ }
+ h->nodename_len = strlen (nodename);
+
+#ifndef __riscos__
+ snprintf (h->tname, tnamelen, "%.*s/.#lk%p.", dirpartlen, dirpart, h );
+ h->nodename_off = strlen (h->tname);
+ snprintf (h->tname+h->nodename_off, tnamelen - h->nodename_off,
+ "%s.%d", nodename, (int)getpid ());
+#else /* __riscos__ */
+ snprintf (h->tname, tnamelen, "%.*s.lk%p/", dirpartlen, dirpart, h );
+ h->nodename_off = strlen (h->tname);
+ snprintf (h->tname+h->nodename_off, tnamelen - h->modename_off,
+ "%s/%d", nodename, (int)getpid () );
+#endif /* __riscos__ */
+
+ do
+ {
+ errno = 0;
+ fd = open (h->tname, O_WRONLY|O_CREAT|O_EXCL,
+ S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR );
+ }
+ while (fd == -1 && errno == EINTR);
+
+ if ( fd == -1 )
+ {
+ all_lockfiles = h->next;
+ log_error (_("failed to create temporary file `%s': %s\n"),
+ h->tname, strerror(errno));
+ jnlib_free (h->tname);
+ jnlib_free (h);
+ return NULL;
+ }
+ if ( write (fd, pidstr, 11 ) != 11 )
+ goto write_failed;
+ if ( write (fd, nodename, strlen (nodename) ) != strlen (nodename) )
+ goto write_failed;
+ if ( write (fd, "\n", 1 ) != 1 )
+ goto write_failed;
+ if ( close (fd) )
+ goto write_failed;
+
+# ifdef _REENTRANT
+ /* release mutex */
+# endif
+ h->lockname = jnlib_malloc ( strlen (file_to_lock) + 6 );
+ if (!h->lockname)
+ {
+ all_lockfiles = h->next;
+ unlink (h->tname);
+ jnlib_free (h->tname);
+ jnlib_free (h);
+ return NULL;
+ }
+ strcpy (stpcpy (h->lockname, file_to_lock), EXTSEP_S "lock");
+ return h;
+
+ write_failed:
+ all_lockfiles = h->next;
+# ifdef _REENTRANT
+ /* fixme: release mutex */
+# endif
+ log_error ( _("error writing to `%s': %s\n"), h->tname, strerror(errno) );
+ close (fd);
+ unlink (h->tname);
+ jnlib_free (h->tname);
+ jnlib_free (h);
+ return NULL;
+
+#else /* HAVE_DOSISH_SYSTEM */
+
+ /* The Windows version does not need a temporary file but uses the
+ plain lock file along with record locking. We create this file
+ here so that we later do only need to do the file locking. For
+ error reporting it is useful to keep the name of the file in the
+ handle. */
+ h->next = all_lockfiles;
+ all_lockfiles = h;
+
+ h->lockname = jnlib_malloc ( strlen (file_to_lock) + 6 );
+ if (!h->lockname)
+ {
+ all_lockfiles = h->next;
+ jnlib_free (h);
+ return NULL;
+ }
+ strcpy (stpcpy(h->lockname, file_to_lock), EXTSEP_S "lock");
+
+ /* If would be nice if we would use the FILE_FLAG_DELETE_ON_CLOSE
+ along with FILE_SHARE_DELETE but that does not work due to a race
+ condition: Despite the OPEN_ALWAYS flag CreateFile may return an
+ error and we can't reliable create/open the lock file unless we
+ would wait here until it works - however there are other valid
+ reasons why a lock file can't be created and thus the process
+ would not stop as expected but spin til until Windows crashes.
+ Our solution is to keep the lock file open; that does not
+ harm. */
+ h->lockhd = CreateFile (h->lockname,
+ GENERIC_READ|GENERIC_WRITE,
+ FILE_SHARE_READ|FILE_SHARE_WRITE,
+ NULL, OPEN_ALWAYS, 0, NULL);
+ if (h->lockhd == INVALID_HANDLE_VALUE)
+ {
+ log_error (_("can't create `%s': %s\n"), h->lockname, w32_strerror (-1));
+ all_lockfiles = h->next;
+ jnlib_free (h->lockname);
+ jnlib_free (h);
+ return NULL;
+ }
+ return h;
+
+#endif /* HAVE_DOSISH_SYSTEM */
+}
+
+
+/* Destroy the local handle H and release the lock. */
+void
+destroy_dotlock ( DOTLOCK h )
+{
+ DOTLOCK hprev, htmp;
+
+ if ( !h )
+ return;
+
+ /* First remove the handle from our global list of all locks. */
+ for (hprev=NULL, htmp=all_lockfiles; htmp; hprev=htmp, htmp=htmp->next)
+ if (htmp == h)
+ {
+ if (hprev)
+ hprev->next = htmp->next;
+ else
+ all_lockfiles = htmp->next;
+ h->next = NULL;
+ break;
+ }
+
+ /* Then destroy the lock. */
+ if (!h->disable)
+ {
+#ifdef HAVE_DOSISH_SYSTEM
+ if (h->locked)
+ {
+ UnlockFile (h->lockhd, 0, 0, 1, 0);
+ }
+ CloseHandle (h->lockhd);
+#else /* !HAVE_DOSISH_SYSTEM */
+ if (h->locked && h->lockname)
+ unlink (h->lockname);
+ if (h->tname)
+ unlink (h->tname);
+ jnlib_free (h->tname);
+#endif /* HAVE_DOSISH_SYSTEM */
+ jnlib_free (h->lockname);
+ }
+ jnlib_free(h);
+}
+
+
+#ifndef HAVE_DOSISH_SYSTEM
+static int
+maybe_deadlock( DOTLOCK h )
+{
+ DOTLOCK r;
+
+ for ( r=all_lockfiles; r; r = r->next )
+ {
+ if ( r != h && r->locked )
+ return 1;
+ }
+ return 0;
+}
+#endif /*!HAVE_DOSISH_SYSTEM*/
+
+
+
+/* Do a lock on H. A TIMEOUT of 0 returns immediately, -1 waits
+ forever (hopefully not), other values are reserved (should then be
+ timeouts in milliseconds). Returns: 0 on success */
+int
+make_dotlock ( DOTLOCK h, long timeout )
+{
+ int backoff = 0;
+#ifndef HAVE_DOSISH_SYSTEM
+ int pid;
+ const char *maybe_dead="";
+ int same_node;
+#endif /*!HAVE_DOSISH_SYSTEM*/
+
+ if ( h->disable )
+ return 0; /* Locks are completely disabled. Return success. */
+
+ if ( h->locked )
+ {
+#ifndef __riscos__
+ log_debug ("Oops, `%s' is already locked\n", h->lockname);
+#endif /* !__riscos__ */
+ return 0;
+ }
+
+ for (;;)
+ {
+#ifndef HAVE_DOSISH_SYSTEM
+# ifndef __riscos__
+ if ( !link(h->tname, h->lockname) )
+ {
+ /* fixme: better use stat to check the link count */
+ h->locked = 1;
+ return 0; /* okay */
+ }
+ if ( errno != EEXIST )
+ {
+ log_error ( "lock not made: link() failed: %s\n", strerror(errno) );
+ return -1;
+ }
+# else /* __riscos__ */
+ if ( !renamefile(h->tname, h->lockname) )
+ {
+ h->locked = 1;
+ return 0; /* okay */
+ }
+ if ( errno != EEXIST )
+ {
+ log_error( "lock not made: rename() failed: %s\n", strerror(errno) );
+ return -1;
+ }
+# endif /* __riscos__ */
+
+ if ( (pid = read_lockfile (h, &same_node)) == -1 )
+ {
+ if ( errno != ENOENT )
+ {
+ log_info ("cannot read lockfile\n");
+ return -1;
+ }
+ log_info( "lockfile disappeared\n");
+ continue;
+ }
+ else if ( pid == getpid() && same_node )
+ {
+ log_info( "Oops: lock already held by us\n");
+ h->locked = 1;
+ return 0; /* okay */
+ }
+ else if ( same_node && kill (pid, 0) && errno == ESRCH )
+ {
+# ifndef __riscos__
+ log_info (_("removing stale lockfile (created by %d)\n"), pid );
+ unlink (h->lockname);
+ continue;
+# else /* __riscos__ */
+ /* Under RISCOS we are *pretty* sure that the other task
+ is dead and therefore we remove the stale lock file. */
+ maybe_dead = _(" - probably dead - removing lock");
+ unlink(h->lockname);
+# endif /* __riscos__ */
+ }
+
+ if ( timeout == -1 )
+ {
+ /* Wait until lock has been released. */
+ struct timeval tv;
+
+ log_info (_("waiting for lock (held by %d%s) %s...\n"),
+ pid, maybe_dead, maybe_deadlock(h)? _("(deadlock?) "):"");
+
+
+ /* We can't use sleep, cause signals may be blocked. */
+ tv.tv_sec = 1 + backoff;
+ tv.tv_usec = 0;
+ select(0, NULL, NULL, NULL, &tv);
+ if ( backoff < 10 )
+ backoff++ ;
+ }
+ else
+ return -1;
+#else /*HAVE_DOSISH_SYSTEM*/
+ int w32err;
+
+ if (LockFile (h->lockhd, 0, 0, 1, 0))
+ {
+ h->locked = 1;
+ return 0; /* okay */
+ }
+ w32err = GetLastError ();
+ if (w32err != ERROR_LOCK_VIOLATION)
+ {
+ log_error (_("lock `%s' not made: %s\n"),
+ h->lockname, w32_strerror (w32err));
+ return -1;
+ }
+
+ if ( timeout == -1 )
+ {
+ /* Wait until lock has been released. */
+ log_info (_("waiting for lock %s...\n"), h->lockname);
+ Sleep ((1 + backoff)*1000);
+ if ( backoff < 10 )
+ backoff++ ;
+ }
+ else
+ return -1;
+#endif /*HAVE_DOSISH_SYSTEM*/
+ }
+ /*NOTREACHED*/
+}
+
+
+/* Release a lock. Returns 0 on success. */
+int
+release_dotlock( DOTLOCK h )
+{
+#ifndef HAVE_DOSISH_SYSTEM
+ int pid, same_node;
+#endif
+
+ /* To avoid atexit race conditions we first check whether there are
+ any locks left. It might happen that another atexit handler
+ tries to release the lock while the atexit handler of this module
+ already ran and thus H is undefined. */
+ if (!all_lockfiles)
+ return 0;
+
+ if ( h->disable )
+ return 0;
+
+ if ( !h->locked )
+ {
+ log_debug("Oops, `%s' is not locked\n", h->lockname);
+ return 0;
+ }
+
+#ifdef HAVE_DOSISH_SYSTEM
+ if (!UnlockFile (h->lockhd, 0, 0, 1, 0))
+ {
+ log_error ("release_dotlock: error removing lockfile `%s': %s\n",
+ h->lockname, w32_strerror (-1));
+ return -1;
+ }
+#else
+
+ pid = read_lockfile (h, &same_node);
+ if ( pid == -1 )
+ {
+ log_error( "release_dotlock: lockfile error\n");
+ return -1;
+ }
+ if ( pid != getpid() || !same_node )
+ {
+ log_error( "release_dotlock: not our lock (pid=%d)\n", pid);
+ return -1;
+ }
+
+#ifndef __riscos__
+ if ( unlink( h->lockname ) )
+ {
+ log_error ("release_dotlock: error removing lockfile `%s'\n",
+ h->lockname);
+ return -1;
+ }
+ /* Fixme: As an extra check we could check whether the link count is
+ now really at 1. */
+#else /* __riscos__ */
+ if ( renamefile (h->lockname, h->tname) )
+ {
+ log_error ("release_dotlock: error renaming lockfile `%s' to `%s'\n",
+ h->lockname, h->tname);
+ return -1;
+ }
+#endif /* __riscos__ */
+
+#endif /* !HAVE_DOSISH_SYSTEM */
+ h->locked = 0;
+ return 0;
+}
+
+
+/* Read the lock file and return the pid, returns -1 on error. True
+ will be stored in the integer at address SAME_NODE if the lock file
+ has been created on the same node. */
+#ifndef HAVE_DOSISH_SYSTEM
+static int
+read_lockfile (DOTLOCK h, int *same_node )
+{
+ char buffer_space[10+1+70+1]; /* 70 is just an estimated value; node
+ name are usually shorter. */
+ int fd;
+ int pid = -1;
+ char *buffer, *p;
+ size_t expected_len;
+ int res, nread;
+
+ *same_node = 0;
+ expected_len = 10 + 1 + h->nodename_len + 1;
+ if ( expected_len >= sizeof buffer_space)
+ {
+ buffer = jnlib_malloc (expected_len);
+ if (!buffer)
+ return -1;
+ }
+ else
+ buffer = buffer_space;
+
+ if ( (fd = open (h->lockname, O_RDONLY)) == -1 )
+ {
+ int e = errno;
+ log_info ("error opening lockfile `%s': %s\n",
+ h->lockname, strerror(errno) );
+ if (buffer != buffer_space)
+ jnlib_free (buffer);
+ errno = e; /* Need to return ERRNO here. */
+ return -1;
+ }
+
+ p = buffer;
+ nread = 0;
+ do
+ {
+ res = read (fd, p, expected_len - nread);
+ if (res == -1 && errno == EINTR)
+ continue;
+ if (res < 0)
+ {
+ log_info ("error reading lockfile `%s'", h->lockname );
+ close (fd);
+ if (buffer != buffer_space)
+ jnlib_free (buffer);
+ errno = 0; /* Do not return an inappropriate ERRNO. */
+ return -1;
+ }
+ p += res;
+ nread += res;
+ }
+ while (res && nread != expected_len);
+ close(fd);
+
+ if (nread < 11)
+ {
+ log_info ("invalid size of lockfile `%s'", h->lockname );
+ if (buffer != buffer_space)
+ jnlib_free (buffer);
+ errno = 0; /* Better don't return an inappropriate ERRNO. */
+ return -1;
+ }
+
+ if (buffer[10] != '\n'
+ || (buffer[10] = 0, pid = atoi (buffer)) == -1
+#ifndef __riscos__
+ || !pid
+#else /* __riscos__ */
+ || (!pid && riscos_getpid())
+#endif /* __riscos__ */
+ )
+ {
+ log_error ("invalid pid %d in lockfile `%s'", pid, h->lockname );
+ if (buffer != buffer_space)
+ jnlib_free (buffer);
+ errno = 0;
+ return -1;
+ }
+
+ if (nread == expected_len
+ && !memcmp (h->tname+h->nodename_off, buffer+11, h->nodename_len)
+ && buffer[11+h->nodename_len] == '\n')
+ *same_node = 1;
+
+ if (buffer != buffer_space)
+ jnlib_free (buffer);
+ return pid;
+}
+#endif /* !HAVE_DOSISH_SYSTEM */
+
+
+/* Remove all lockfiles. This is usually called by the atexit handler
+ installed by this module but may also be called by other
+ termination handlers. */
+void
+dotlock_remove_lockfiles()
+{
+ DOTLOCK h, h2;
+
+ h = all_lockfiles;
+ all_lockfiles = NULL;
+
+ while ( h )
+ {
+ h2 = h->next;
+ destroy_dotlock (h);
+ h = h2;
+ }
+}
+
diff --git a/jnlib/dotlock.h b/jnlib/dotlock.h
new file mode 100644
index 0000000..b2a0190
--- /dev/null
+++ b/jnlib/dotlock.h
@@ -0,0 +1,33 @@
+/* dotlock.h
+ * Copyright (C) 2000, 2001, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef LIBJNLIB_DOTLOCK_H
+#define LIBJNLIB_DOTLOCK_H
+
+struct dotlock_handle;
+typedef struct dotlock_handle *DOTLOCK;
+
+void disable_dotlock (void);
+DOTLOCK create_dotlock(const char *file_to_lock);
+void destroy_dotlock ( DOTLOCK h );
+int make_dotlock (DOTLOCK h, long timeout);
+int release_dotlock (DOTLOCK h);
+void dotlock_remove_lockfiles (void);
+
+#endif /*LIBJNLIB_DOTLOCK_H*/
diff --git a/jnlib/dynload.h b/jnlib/dynload.h
new file mode 100644
index 0000000..5477465
--- /dev/null
+++ b/jnlib/dynload.h
@@ -0,0 +1,72 @@
+/* dynload.h - Wrapper functions for run-time dynamic loading
+ * Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef LIBJNLIB_DYNLOAD_H
+#define LIBJNLIB_DYNLOAD_H
+
+#ifndef __MINGW32__
+# include <dlfcn.h>
+#else
+# include <windows.h>
+
+# define RTLD_LAZY 0
+
+static inline void *
+dlopen (const char * name, int flag)
+{
+ void * hd = LoadLibrary (name);
+ (void)flag;
+ return hd;
+}
+
+static inline void *
+dlsym (void *hd, const char *sym)
+{
+ if (hd && sym)
+ {
+ void * fnc = GetProcAddress (hd, sym);
+ if (!fnc)
+ return NULL;
+ return fnc;
+ }
+ return NULL;
+}
+
+
+static inline const char *
+dlerror (void)
+{
+ static char buf[32];
+ sprintf (buf, "ec=%lu", GetLastError ());
+ return buf;
+}
+
+
+static inline int
+dlclose (void * hd)
+{
+ if (hd)
+ {
+ CloseHandle (hd);
+ return 0;
+ }
+ return -1;
+}
+# endif /*__MINGW32__*/
+#endif /*LIBJNLIB_DYNLOAD_H*/
diff --git a/jnlib/libjnlib-config.h b/jnlib/libjnlib-config.h
new file mode 100644
index 0000000..5c61442
--- /dev/null
+++ b/jnlib/libjnlib-config.h
@@ -0,0 +1,84 @@
+/* libjnlib-config.h - local configuration of the jnlib functions
+ * Copyright (C) 2000, 2001, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/****************
+ * This header is to be included only by the files in this directory
+ * it should not be used by other modules.
+ */
+
+#ifndef LIBJNLIB_CONFIG_H
+#define LIBJNLIB_CONFIG_H
+
+#include <gcrypt.h> /* gcry_malloc & Cie. */
+#include "logging.h"
+
+/* We require support for utf-8 conversion. */
+#define JNLIB_NEED_UTF8CONV 1
+
+
+
+#if !defined(JNLIB_NEED_UTF8CONV) && defined(HAVE_W32_SYSTEM)
+#define JNLIB_NEED_UTF8CONV 1
+#endif
+
+/* Gettext stuff */
+#ifdef USE_SIMPLE_GETTEXT
+# include "w32help.h"
+# define _(a) gettext (a)
+# define N_(a) (a)
+
+#else
+#ifdef HAVE_LOCALE_H
+# include <locale.h>
+#endif
+
+#ifdef ENABLE_NLS
+# include <libintl.h>
+# define _(a) gettext (a)
+# ifdef gettext_noop
+# define N_(a) gettext_noop (a)
+# else
+# define N_(a) (a)
+# endif
+#else
+# define _(a) (a)
+# define N_(a) (a)
+#endif
+#endif /* !USE_SIMPLE_GETTEXT */
+
+/* Malloc functions to be used by jnlib. */
+#define jnlib_malloc(a) gcry_malloc( (a) )
+#define jnlib_calloc(a,b) gcry_calloc( (a), (b) )
+#define jnlib_realloc(a,b) gcry_realloc( (a), (b) )
+#define jnlib_strdup(a) gcry_strdup( (a) )
+#define jnlib_xmalloc(a) gcry_xmalloc( (a) )
+#define jnlib_xcalloc(a,b) gcry_xcalloc( (a), (b) )
+#define jnlib_xrealloc(a,n) gcry_xrealloc( (a), (n) )
+#define jnlib_xstrdup(a) gcry_xstrdup( (a) )
+#define jnlib_free(a) gcry_free( (a) )
+
+/* Logging functions to be used by jnlib. */
+#define jnlib_log_debug log_debug
+#define jnlib_log_info log_info
+#define jnlib_log_error log_error
+#define jnlib_log_fatal log_fatal
+#define jnlib_log_bug log_bug
+
+
+#endif /*LIBJNUTIL_CONFIG_H*/
diff --git a/jnlib/logging.c b/jnlib/logging.c
new file mode 100644
index 0000000..028697b
--- /dev/null
+++ b/jnlib/logging.c
@@ -0,0 +1,651 @@
+/* logging.c - Useful logging functions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003,
+ * 2004, 2005, 2006, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include <config.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <errno.h>
+#include <time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#ifndef HAVE_W32_SYSTEM
+#include <sys/socket.h>
+#include <sys/un.h>
+#endif /*!HAVE_W32_SYSTEM*/
+#include <unistd.h>
+#include <fcntl.h>
+#include <assert.h>
+
+
+#define JNLIB_NEED_LOG_LOGV 1
+#define JNLIB_NEED_AFLOCAL 1
+#include "libjnlib-config.h"
+#include "logging.h"
+
+#if defined (HAVE_FOPENCOOKIE) || defined (HAVE_FUNOPEN)
+#define USE_FUNWRITER 1
+#endif
+
+#ifdef HAVE_FOPENCOOKIE
+typedef ssize_t my_funopen_hook_ret_t;
+typedef size_t my_funopen_hook_size_t;
+#else
+typedef int my_funopen_hook_ret_t;
+typedef int my_funopen_hook_size_t;
+#endif
+
+
+static FILE *logstream;
+static int log_socket = -1;
+static char prefix_buffer[80];
+static int with_time;
+static int with_prefix;
+static int with_pid;
+static unsigned long (*get_tid_callback)(void);
+static int running_detached;
+static int force_prefixes;
+
+static int missing_lf;
+static int errorcount;
+
+
+int
+log_get_errorcount (int clear)
+{
+ int n = errorcount;
+ if( clear )
+ errorcount = 0;
+ return n;
+}
+
+void
+log_inc_errorcount (void)
+{
+ errorcount++;
+}
+
+
+/* The follwing 3 functions are used by funopen to write logs to a
+ socket. */
+#ifdef USE_FUNWRITER
+struct fun_cookie_s {
+ int fd;
+ int quiet;
+ int want_socket;
+ int is_socket;
+ char name[1];
+};
+
+/* Write NBYTES of BUFFER to file descriptor FD. */
+static int
+writen (int fd, const void *buffer, size_t nbytes)
+{
+ const char *buf = buffer;
+ size_t nleft = nbytes;
+ int nwritten;
+
+ while (nleft > 0)
+ {
+ nwritten = write (fd, buf, nleft);
+ if (nwritten < 0 && errno == EINTR)
+ continue;
+ if (nwritten < 0)
+ return -1;
+ nleft -= nwritten;
+ buf = buf + nwritten;
+ }
+
+ return 0;
+}
+
+
+static my_funopen_hook_ret_t
+fun_writer (void *cookie_arg, const char *buffer, my_funopen_hook_size_t size)
+{
+ struct fun_cookie_s *cookie = cookie_arg;
+
+ /* Note that we always try to reconnect to the socket but print
+ error messages only the first time an error occured. If
+ RUNNING_DETACHED is set we don't fall back to stderr and even do
+ not print any error messages. This is needed because detached
+ processes often close stderr and by writing to file descriptor 2
+ we might send the log message to a file not intended for logging
+ (e.g. a pipe or network connection). */
+ if (cookie->want_socket && cookie->fd == -1)
+ {
+ /* Not yet open or meanwhile closed due to an error. */
+ cookie->is_socket = 0;
+ cookie->fd = socket (PF_LOCAL, SOCK_STREAM, 0);
+ if (cookie->fd == -1)
+ {
+ if (!cookie->quiet && !running_detached
+ && isatty (fileno (stderr)))
+ fprintf (stderr, "failed to create socket for logging: %s\n",
+ strerror(errno));
+ }
+ else
+ {
+ struct sockaddr_un addr;
+ size_t addrlen;
+
+ memset (&addr, 0, sizeof addr);
+ addr.sun_family = PF_LOCAL;
+ strncpy (addr.sun_path, cookie->name, sizeof (addr.sun_path)-1);
+ addr.sun_path[sizeof (addr.sun_path)-1] = 0;
+ addrlen = SUN_LEN (&addr);
+
+ if (connect (cookie->fd, (struct sockaddr *) &addr, addrlen) == -1)
+ {
+ if (!cookie->quiet && !running_detached
+ && isatty (fileno (stderr)))
+ fprintf (stderr, "can't connect to `%s': %s\n",
+ cookie->name, strerror(errno));
+ close (cookie->fd);
+ cookie->fd = -1;
+ }
+ }
+
+ if (cookie->fd == -1)
+ {
+ if (!running_detached)
+ {
+ /* Due to all the problems with apps not running
+ detached but being called with stderr closed or
+ used for a different purposes, it does not make
+ sense to switch to stderr. We therefore disable it. */
+ if (!cookie->quiet)
+ {
+ /* fputs ("switching logging to stderr\n", stderr);*/
+ cookie->quiet = 1;
+ }
+ cookie->fd = -1; /*fileno (stderr);*/
+ }
+ }
+ else /* Connection has been established. */
+ {
+ cookie->quiet = 0;
+ cookie->is_socket = 1;
+ }
+ }
+
+ log_socket = cookie->fd;
+ if (cookie->fd != -1 && !writen (cookie->fd, buffer, size))
+ return (my_funopen_hook_ret_t)size; /* Okay. */
+
+ if (!running_detached && cookie->fd != -1
+ && isatty (fileno (stderr)))
+ {
+ if (*cookie->name)
+ fprintf (stderr, "error writing to `%s': %s\n",
+ cookie->name, strerror(errno));
+ else
+ fprintf (stderr, "error writing to file descriptor %d: %s\n",
+ cookie->fd, strerror(errno));
+ }
+ if (cookie->is_socket && cookie->fd != -1)
+ {
+ close (cookie->fd);
+ cookie->fd = -1;
+ log_socket = -1;
+ }
+
+ return (my_funopen_hook_ret_t)size;
+}
+
+static int
+fun_closer (void *cookie_arg)
+{
+ struct fun_cookie_s *cookie = cookie_arg;
+
+ if (cookie->fd != -1 && cookie->fd != 2)
+ close (cookie->fd);
+ jnlib_free (cookie);
+ log_socket = -1;
+ return 0;
+}
+#endif /*USE_FUNWRITER*/
+
+
+
+/* Common function to either set the logging to a file or a file
+ descriptor. */
+static void
+set_file_fd (const char *name, int fd)
+{
+ FILE *fp;
+ int want_socket;
+#ifdef USE_FUNWRITER
+ struct fun_cookie_s *cookie;
+#endif
+
+ /* Close an open log stream. */
+ if (logstream)
+ {
+ if (logstream != stderr && logstream != stdout)
+ fclose (logstream);
+ logstream = NULL;
+ }
+
+ /* Figure out what kind of logging we want. */
+ if (name && !strcmp (name, "-"))
+ {
+ name = NULL;
+ fd = fileno (stderr);
+ }
+
+ if (name)
+ {
+ want_socket = (!strncmp (name, "socket://", 9) && name[9]);
+ if (want_socket)
+ name += 9;
+ }
+ else
+ {
+ want_socket = 0;
+ }
+
+ /* Setup a new stream. */
+#ifdef USE_FUNWRITER
+ /* The xmalloc below is justified because we can expect that this
+ function is called only during initialization and there is no
+ easy way out of this error condition. */
+ cookie = jnlib_xmalloc (sizeof *cookie + (name? strlen (name):0));
+ strcpy (cookie->name, name? name:"");
+ cookie->quiet = 0;
+ cookie->is_socket = 0;
+ cookie->want_socket = want_socket;
+ if (!name)
+ cookie->fd = fd;
+ else if (want_socket)
+ cookie->fd = -1;
+ else
+ {
+ do
+ cookie->fd = open (name, O_WRONLY|O_APPEND|O_CREAT,
+ (S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR|S_IWGRP|S_IWOTH));
+ while (cookie->fd == -1 && errno == EINTR);
+ }
+ log_socket = cookie->fd;
+
+#ifdef HAVE_FOPENCOOKIE
+ {
+ cookie_io_functions_t io = { NULL };
+ io.write = fun_writer;
+ io.close = fun_closer;
+
+ fp = fopencookie (cookie, "w", io);
+ }
+#else /*!HAVE_FOPENCOOKIE*/
+ fp = funopen (cookie, NULL, fun_writer, NULL, fun_closer);
+#endif /*!HAVE_FOPENCOOKIE*/
+
+#else /*!USE_FUNWRITER*/
+
+ /* The system does not feature custom streams. Thus fallback to
+ plain stdio. */
+ if (want_socket)
+ {
+ fprintf (stderr, "system does not support logging to a socket - "
+ "using stderr\n");
+ fp = stderr;
+ }
+ else if (name)
+ fp = fopen (name, "a");
+ else if (fd == 1)
+ fp = stdout;
+ else if (fd == 2)
+ fp = stderr;
+ else
+ fp = fdopen (fd, "a");
+
+ log_socket = -1;
+
+#endif /*!USE_FUNWRITER*/
+
+ /* On error default to stderr. */
+ if (!fp)
+ {
+ if (name)
+ fprintf (stderr, "failed to open log file `%s': %s\n",
+ name, strerror(errno));
+ else
+ fprintf (stderr, "failed to fdopen file descriptor %d: %s\n",
+ fd, strerror(errno));
+ /* We need to make sure that there is a log stream. We use stderr. */
+ fp = stderr;
+ }
+ else
+ setvbuf (fp, NULL, _IOLBF, 0);
+
+ logstream = fp;
+
+ /* We always need to print the prefix and the pid for socket mode,
+ so that the server reading the socket can do something
+ meaningful. */
+ force_prefixes = want_socket;
+
+ missing_lf = 0;
+}
+
+
+/* Set the file to write log to. The special names NULL and "-" may
+ be used to select stderr and names formatted like
+ "socket:///home/foo/mylogs" may be used to write the logging to the
+ socket "/home/foo/mylogs". If the connection to the socket fails
+ or a write error is detected, the function writes to stderr and
+ tries the next time again to connect the socket.
+ */
+void
+log_set_file (const char *name)
+{
+ set_file_fd (name? name: "-", -1);
+}
+
+void
+log_set_fd (int fd)
+{
+ set_file_fd (NULL, fd);
+}
+
+
+void
+log_set_get_tid_callback (unsigned long (*cb)(void))
+{
+ get_tid_callback = cb;
+}
+
+
+void
+log_set_prefix (const char *text, unsigned int flags)
+{
+ if (text)
+ {
+ strncpy (prefix_buffer, text, sizeof (prefix_buffer)-1);
+ prefix_buffer[sizeof (prefix_buffer)-1] = 0;
+ }
+
+ with_prefix = (flags & JNLIB_LOG_WITH_PREFIX);
+ with_time = (flags & JNLIB_LOG_WITH_TIME);
+ with_pid = (flags & JNLIB_LOG_WITH_PID);
+ running_detached = (flags & JNLIB_LOG_RUN_DETACHED);
+}
+
+
+const char *
+log_get_prefix (unsigned int *flags)
+{
+ if (flags)
+ {
+ *flags = 0;
+ if (with_prefix)
+ *flags |= JNLIB_LOG_WITH_PREFIX;
+ if (with_time)
+ *flags |= JNLIB_LOG_WITH_TIME;
+ if (with_pid)
+ *flags |= JNLIB_LOG_WITH_PID;
+ if (running_detached)
+ *flags |= JNLIB_LOG_RUN_DETACHED;
+ }
+ return prefix_buffer;
+}
+
+/* This function returns true if the file descriptor FD is in use for
+ logging. This is preferable over a test using log_get_fd in that
+ it allows the logging code to use more then one file descriptor. */
+int
+log_test_fd (int fd)
+{
+ if (logstream)
+ {
+ int tmp = fileno (logstream);
+ if ( tmp != -1 && tmp == fd)
+ return 1;
+ }
+ if (log_socket != -1 && log_socket == fd)
+ return 1;
+ return 0;
+}
+
+int
+log_get_fd ()
+{
+ return fileno(logstream?logstream:stderr);
+}
+
+FILE *
+log_get_stream ()
+{
+ /* FIXME: We should not return stderr here but initialize the log
+ stream properly. This might break more things than using stderr,
+ though */
+ return logstream?logstream:stderr;
+}
+
+static void
+do_logv (int level, const char *fmt, va_list arg_ptr)
+{
+ if (!logstream)
+ {
+ log_set_file (NULL); /* Make sure a log stream has been set. */
+ assert (logstream);
+ }
+
+ if (missing_lf && level != JNLIB_LOG_CONT)
+ putc('\n', logstream );
+ missing_lf = 0;
+
+ if (level != JNLIB_LOG_CONT)
+ { /* Note this does not work for multiple line logging as we would
+ * need to print to a buffer first */
+ if (with_time && !force_prefixes)
+ {
+ struct tm *tp;
+ time_t atime = time (NULL);
+
+ tp = localtime (&atime);
+ fprintf (logstream, "%04d-%02d-%02d %02d:%02d:%02d ",
+ 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
+ tp->tm_hour, tp->tm_min, tp->tm_sec );
+ }
+ if (with_prefix || force_prefixes)
+ fputs (prefix_buffer, logstream);
+ if (with_pid || force_prefixes)
+ {
+ if (get_tid_callback)
+ fprintf (logstream, "[%u.%lx]",
+ (unsigned int)getpid (), get_tid_callback ());
+ else
+ fprintf (logstream, "[%u]", (unsigned int)getpid ());
+ }
+ if (!with_time || force_prefixes)
+ putc (':', logstream);
+ /* A leading backspace suppresses the extra space so that we can
+ correctly output, programname, filename and linenumber. */
+ if (fmt && *fmt == '\b')
+ fmt++;
+ else
+ putc (' ', logstream);
+ }
+
+ switch (level)
+ {
+ case JNLIB_LOG_BEGIN: break;
+ case JNLIB_LOG_CONT: break;
+ case JNLIB_LOG_INFO: break;
+ case JNLIB_LOG_WARN: break;
+ case JNLIB_LOG_ERROR: break;
+ case JNLIB_LOG_FATAL: fputs("Fatal: ",logstream ); break;
+ case JNLIB_LOG_BUG: fputs("Ohhhh jeeee: ", logstream); break;
+ case JNLIB_LOG_DEBUG: fputs("DBG: ", logstream ); break;
+ default: fprintf(logstream,"[Unknown log level %d]: ", level ); break;
+ }
+
+
+ if (fmt)
+ {
+ vfprintf(logstream,fmt,arg_ptr) ;
+ if (*fmt && fmt[strlen(fmt)-1] != '\n')
+ missing_lf = 1;
+#ifdef HAVE_W32_SYSTEM
+ else
+ fflush (logstream);
+#endif
+ }
+
+ if (level == JNLIB_LOG_FATAL)
+ {
+ if (missing_lf)
+ putc('\n', logstream );
+ exit(2);
+ }
+ if (level == JNLIB_LOG_BUG)
+ {
+ if (missing_lf)
+ putc('\n', logstream );
+ abort();
+ }
+}
+
+static void
+do_log( int level, const char *fmt, ... )
+{
+ va_list arg_ptr ;
+
+ va_start( arg_ptr, fmt ) ;
+ do_logv( level, fmt, arg_ptr );
+ va_end(arg_ptr);
+}
+
+
+void
+log_logv (int level, const char *fmt, va_list arg_ptr)
+{
+ do_logv (level, fmt, arg_ptr);
+}
+
+void
+log_info( const char *fmt, ... )
+{
+ va_list arg_ptr ;
+
+ va_start( arg_ptr, fmt ) ;
+ do_logv( JNLIB_LOG_INFO, fmt, arg_ptr );
+ va_end(arg_ptr);
+}
+
+void
+log_error( const char *fmt, ... )
+{
+ va_list arg_ptr ;
+
+ va_start( arg_ptr, fmt ) ;
+ do_logv( JNLIB_LOG_ERROR, fmt, arg_ptr );
+ va_end(arg_ptr);
+ /* protect against counter overflow */
+ if( errorcount < 30000 )
+ errorcount++;
+}
+
+
+void
+log_fatal( const char *fmt, ... )
+{
+ va_list arg_ptr ;
+
+ va_start( arg_ptr, fmt ) ;
+ do_logv( JNLIB_LOG_FATAL, fmt, arg_ptr );
+ va_end(arg_ptr);
+ abort(); /* never called, but it makes the compiler happy */
+}
+
+void
+log_bug( const char *fmt, ... )
+{
+ va_list arg_ptr ;
+
+ va_start( arg_ptr, fmt ) ;
+ do_logv( JNLIB_LOG_BUG, fmt, arg_ptr );
+ va_end(arg_ptr);
+ abort(); /* never called, but it makes the compiler happy */
+}
+
+void
+log_debug( const char *fmt, ... )
+{
+ va_list arg_ptr ;
+
+ va_start( arg_ptr, fmt ) ;
+ do_logv( JNLIB_LOG_DEBUG, fmt, arg_ptr );
+ va_end(arg_ptr);
+}
+
+
+void
+log_printf (const char *fmt, ...)
+{
+ va_list arg_ptr;
+
+ va_start (arg_ptr, fmt);
+ do_logv (fmt ? JNLIB_LOG_CONT : JNLIB_LOG_BEGIN, fmt, arg_ptr);
+ va_end (arg_ptr);
+}
+
+/* Print a hexdump of BUFFER. With TEXT of NULL print just the raw
+ dump, with TEXT just an empty string, print a trailing linefeed,
+ otherwise print an entire debug line. */
+void
+log_printhex (const char *text, const void *buffer, size_t length)
+{
+ if (text && *text)
+ log_debug ("%s ", text);
+ if (length)
+ {
+ const unsigned char *p = buffer;
+ log_printf ("%02X", *p);
+ for (length--, p++; length--; p++)
+ log_printf (" %02X", *p);
+ }
+ if (text)
+ log_printf ("\n");
+}
+
+
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
+void
+bug_at( const char *file, int line, const char *func )
+{
+ do_log( JNLIB_LOG_BUG,
+ ("... this is a bug (%s:%d:%s)\n"), file, line, func );
+ abort(); /* never called, but it makes the compiler happy */
+}
+#else
+void
+bug_at( const char *file, int line )
+{
+ do_log( JNLIB_LOG_BUG,
+ _("you found a bug ... (%s:%d)\n"), file, line);
+ abort(); /* never called, but it makes the compiler happy */
+}
+#endif
+
diff --git a/jnlib/logging.h b/jnlib/logging.h
new file mode 100644
index 0000000..0b96108
--- /dev/null
+++ b/jnlib/logging.h
@@ -0,0 +1,88 @@
+/* logging.h
+ * Copyright (C) 1999, 2000, 2001, 2004, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef LIBJNLIB_LOGGING_H
+#define LIBJNLIB_LOGGING_H
+
+#include <stdio.h>
+#include "mischelp.h"
+
+/* Flag values for log_set_prefix. */
+#define JNLIB_LOG_WITH_PREFIX 1
+#define JNLIB_LOG_WITH_TIME 2
+#define JNLIB_LOG_WITH_PID 4
+#define JNLIB_LOG_RUN_DETACHED 256
+
+int log_get_errorcount (int clear);
+void log_inc_errorcount (void);
+void log_set_file( const char *name );
+void log_set_fd (int fd);
+void log_set_get_tid_callback (unsigned long (*cb)(void));
+void log_set_prefix (const char *text, unsigned int flags);
+const char *log_get_prefix (unsigned int *flags);
+int log_test_fd (int fd);
+int log_get_fd(void);
+FILE *log_get_stream (void);
+
+#ifdef JNLIB_GCC_M_FUNCTION
+ void bug_at( const char *file, int line, const char *func ) JNLIB_GCC_A_NR;
+# define BUG() bug_at( __FILE__ , __LINE__, __FUNCTION__ )
+#else
+ void bug_at( const char *file, int line );
+# define BUG() bug_at( __FILE__ , __LINE__ )
+#endif
+
+/* To avoid mandatory inclusion of stdarg and other stuff, do it only
+ if explicitly requested to do so. */
+#ifdef JNLIB_NEED_LOG_LOGV
+#include <stdarg.h>
+enum jnlib_log_levels {
+ JNLIB_LOG_BEGIN,
+ JNLIB_LOG_CONT,
+ JNLIB_LOG_INFO,
+ JNLIB_LOG_WARN,
+ JNLIB_LOG_ERROR,
+ JNLIB_LOG_FATAL,
+ JNLIB_LOG_BUG,
+ JNLIB_LOG_DEBUG
+};
+void log_logv (int level, const char *fmt, va_list arg_ptr);
+#endif /*JNLIB_NEED_LOG_LOGV*/
+
+
+void log_bug( const char *fmt, ... ) JNLIB_GCC_A_NR_PRINTF(1,2);
+void log_fatal( const char *fmt, ... ) JNLIB_GCC_A_NR_PRINTF(1,2);
+void log_error( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
+void log_info( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
+void log_debug( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
+void log_printf( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
+
+/* Print a hexdump of BUFFER. With TEXT passes as NULL print just the
+ raw dump, with TEXT being an empty string, print a trailing
+ linefeed, otherwise print an entire debug line with TEXT followed
+ by the hexdump and a final LF. */
+void log_printhex (const char *text, const void *buffer, size_t length);
+
+
+#endif /*LIBJNLIB_LOGGING_H*/
+
+
+
+
+
diff --git a/jnlib/mischelp.c b/jnlib/mischelp.c
new file mode 100644
index 0000000..f7df5c1
--- /dev/null
+++ b/jnlib/mischelp.c
@@ -0,0 +1,133 @@
+/* mischelp.c - Miscellaneous helper functions
+ * Copyright (C) 1998, 2000, 2001, 2006, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#ifdef HAVE_W32_SYSTEM
+# define WIN32_LEAN_AND_MEAN
+# include <windows.h>
+#else /*!HAVE_W32_SYSTEM*/
+# include <sys/types.h>
+# include <sys/stat.h>
+# include <unistd.h>
+#endif /*!HAVE_W32_SYSTEM*/
+
+#include "libjnlib-config.h"
+#include "stringhelp.h"
+#include "mischelp.h"
+
+
+/* Check whether the files NAME1 and NAME2 are identical. This is for
+ example achieved by comparing the inode numbers of the files. */
+int
+same_file_p (const char *name1, const char *name2)
+{
+ int yes;
+
+ /* First try a shortcut. */
+ if (!compare_filenames (name1, name2))
+ yes = 1;
+ else
+ {
+#ifdef HAVE_W32_SYSTEM
+ HANDLE file1, file2;
+ BY_HANDLE_FILE_INFORMATION info1, info2;
+
+ file1 = CreateFile (name1, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
+ if (file1 == INVALID_HANDLE_VALUE)
+ yes = 0; /* If we can't open the file, it is not the same. */
+ else
+ {
+ file2 = CreateFile (name2, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
+ if (file1 == INVALID_HANDLE_VALUE)
+ yes = 0; /* If we can't open the file, it is not the same. */
+ else
+ {
+ yes = (GetFileInformationByHandle (file1, &info1)
+ && GetFileInformationByHandle (file2, &info2)
+ && info1.dwVolumeSerialNumber==info2.dwVolumeSerialNumber
+ && info1.nFileIndexHigh == info2.nFileIndexHigh
+ && info1.nFileIndexLow == info2.nFileIndexLow);
+ CloseHandle (file2);
+ }
+ CloseHandle (file1);
+ }
+#else /*!HAVE_W32_SYSTEM*/
+ struct stat info1, info2;
+
+ yes = (!stat (name1, &info1) && !stat (name2, &info2)
+ && info1.st_dev == info2.st_dev && info1.st_ino == info2.st_ino);
+#endif /*!HAVE_W32_SYSTEM*/
+ }
+ return yes;
+}
+
+
+/*
+ timegm() is a GNU function that might not be available everywhere.
+ It's basically the inverse of gmtime() - you give it a struct tm,
+ and get back a time_t. It differs from mktime() in that it handles
+ the case where the struct tm is UTC and the local environment isn't.
+
+ Note, that this replacement implementaion is not thread-safe!
+
+ Some BSDs don't handle the putenv("foo") case properly, so we use
+ unsetenv if the platform has it to remove environment variables.
+*/
+#ifndef HAVE_TIMEGM
+time_t
+timegm (struct tm *tm)
+{
+ time_t answer;
+ char *zone;
+
+ zone=getenv("TZ");
+ putenv("TZ=UTC");
+ tzset();
+ answer=mktime(tm);
+ if(zone)
+ {
+ static char *old_zone;
+
+ if (!old_zone)
+ {
+ old_zone = malloc(3+strlen(zone)+1);
+ if (old_zone)
+ {
+ strcpy(old_zone,"TZ=");
+ strcat(old_zone,zone);
+ }
+ }
+ if (old_zone)
+ putenv (old_zone);
+ }
+ else
+#ifdef HAVE_UNSETENV
+ unsetenv("TZ");
+#else
+ putenv("TZ");
+#endif
+
+ tzset();
+ return answer;
+}
+#endif /*!HAVE_TIMEGM*/
+
diff --git a/jnlib/mischelp.h b/jnlib/mischelp.h
new file mode 100644
index 0000000..e478354
--- /dev/null
+++ b/jnlib/mischelp.h
@@ -0,0 +1,98 @@
+/* mischelp.h - Miscellaneous helper macros and functions
+ * Copyright (C) 1999, 2000, 2001, 2002, 2003,
+ * 2006, 2007, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef LIBJNLIB_MISCHELP_H
+#define LIBJNLIB_MISCHHELP_H
+
+
+/* Check whether the files NAME1 and NAME2 are identical. This is for
+ example achieved by comparing the inode numbers of the files. */
+int same_file_p (const char *name1, const char *name2);
+
+
+#ifndef HAVE_TIMEGM
+#include <time.h>
+time_t timegm (struct tm *tm);
+#endif /*!HAVE_TIMEGM*/
+
+
+#define DIM(v) (sizeof(v)/sizeof((v)[0]))
+#define DIMof(type,member) DIM(((type *)0)->member)
+
+
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
+# define JNLIB_GCC_M_FUNCTION 1
+# define JNLIB_GCC_A_NR __attribute__ ((noreturn))
+# define JNLIB_GCC_A_PRINTF( f, a ) __attribute__ ((format (printf,f,a)))
+# define JNLIB_GCC_A_NR_PRINTF( f, a ) \
+ __attribute__ ((noreturn, format (printf,f,a)))
+#else
+# define JNLIB_GCC_A_NR
+# define JNLIB_GCC_A_PRINTF( f, a )
+# define JNLIB_GCC_A_NR_PRINTF( f, a )
+#endif
+
+
+/* To avoid that a compiler optimizes certain memset calls away, these
+ macros may be used instead. */
+#define wipememory2(_ptr,_set,_len) do { \
+ volatile char *_vptr=(volatile char *)(_ptr); \
+ size_t _vlen=(_len); \
+ while(_vlen) { *_vptr=(_set); _vptr++; _vlen--; } \
+ } while(0)
+#define wipememory(_ptr,_len) wipememory2(_ptr,0,_len)
+
+
+/* Include hacks which are mainly required for Slowaris. */
+#ifdef JNLIB_NEED_AFLOCAL
+#ifndef HAVE_W32_SYSTEM
+# include <sys/socket.h>
+# include <sys/un.h>
+#else
+# include <windows.h>
+#endif
+
+#ifndef PF_LOCAL
+# ifdef PF_UNIX
+# define PF_LOCAL PF_UNIX
+# else
+# define PF_LOCAL AF_UNIX
+# endif
+#endif /*PF_LOCAL*/
+#ifndef AF_LOCAL
+# define AF_LOCAL AF_UNIX
+#endif /*AF_UNIX*/
+
+/* We used to avoid this macro in GnuPG and inlined the AF_LOCAL name
+ length computation directly with the little twist of adding 1 extra
+ byte. It seems that this was needed once on an old HP/UX box and
+ there are also rumours that 4.3 Reno and DEC systems need it. This
+ one-off buglet did not harm any current system until it came to Mac
+ OS X where the kernel (as of May 2009) exhibited a strange bug: The
+ systems basically froze in the connect call if the passed name
+ contained an invalid directory part. Ignore the old Unices. */
+#ifndef SUN_LEN
+# define SUN_LEN(ptr) ((size_t) (((struct sockaddr_un *) 0)->sun_path) \
+ + strlen ((ptr)->sun_path))
+#endif /*SUN_LEN*/
+#endif /*JNLIB_NEED_AFLOCAL*/
+
+
+#endif /*LIBJNLIB_MISCHELP_H*/
diff --git a/jnlib/stringhelp.c b/jnlib/stringhelp.c
new file mode 100644
index 0000000..3173ebc
--- /dev/null
+++ b/jnlib/stringhelp.c
@@ -0,0 +1,1141 @@
+/* stringhelp.c - standard string helper functions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+ * 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <errno.h>
+#ifdef HAVE_PWD_H
+# include <pwd.h>
+#endif
+#include <unistd.h>
+#include <sys/types.h>
+#ifdef HAVE_W32_SYSTEM
+# include <windows.h>
+#endif
+
+#include "libjnlib-config.h"
+#include "utf8conv.h"
+#include "stringhelp.h"
+
+
+#define tohex_lower(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'a'))
+
+/* Sometimes we want to avoid mixing slashes and backslashes on W32
+ and prefer backslashes. There is usual no problem with mixing
+ them, however a very few W32 API calls can't grok plain slashes.
+ Printing filenames with mixed slashes also looks a bit strange.
+ This function has no effext on POSIX. */
+static inline char *
+change_slashes (char *name)
+{
+#ifdef HAVE_DRIVE_LETTERS
+ char *p;
+
+ if (strchr (name, '\\'))
+ {
+ for (p=name; *p; p++)
+ if (*p == '/')
+ *p = '\\';
+ }
+#endif /*HAVE_DRIVE_LETTERS*/
+ return name;
+}
+
+
+/*
+ * Look for the substring SUB in buffer and return a pointer to that
+ * substring in BUFFER or NULL if not found.
+ * Comparison is case-insensitive.
+ */
+const char *
+memistr (const void *buffer, size_t buflen, const char *sub)
+{
+ const unsigned char *buf = buffer;
+ const unsigned char *t = (const unsigned char *)buffer;
+ const unsigned char *s = (const unsigned char *)sub;
+ size_t n = buflen;
+
+ for ( ; n ; t++, n-- )
+ {
+ if ( toupper (*t) == toupper (*s) )
+ {
+ for ( buf=t++, buflen = n--, s++;
+ n && toupper (*t) == toupper (*s); t++, s++, n-- )
+ ;
+ if (!*s)
+ return (const char*)buf;
+ t = buf;
+ s = (const unsigned char *)sub ;
+ n = buflen;
+ }
+ }
+ return NULL;
+}
+
+const char *
+ascii_memistr ( const void *buffer, size_t buflen, const char *sub )
+{
+ const unsigned char *buf = buffer;
+ const unsigned char *t = (const unsigned char *)buf;
+ const unsigned char *s = (const unsigned char *)sub;
+ size_t n = buflen;
+
+ for ( ; n ; t++, n-- )
+ {
+ if (ascii_toupper (*t) == ascii_toupper (*s) )
+ {
+ for ( buf=t++, buflen = n--, s++;
+ n && ascii_toupper (*t) == ascii_toupper (*s); t++, s++, n-- )
+ ;
+ if (!*s)
+ return (const char*)buf;
+ t = (const unsigned char *)buf;
+ s = (const unsigned char *)sub ;
+ n = buflen;
+ }
+ }
+ return NULL;
+}
+
+/* This function is similar to strncpy(). However it won't copy more
+ than N - 1 characters and makes sure that a '\0' is appended. With
+ N given as 0, nothing will happen. With DEST given as NULL, memory
+ will be allocated using jnlib_xmalloc (i.e. if it runs out of core
+ the function terminates). Returns DES or a pointer to the
+ allocated memory.
+ */
+char *
+mem2str( char *dest , const void *src , size_t n )
+{
+ char *d;
+ const char *s;
+
+ if( n ) {
+ if( !dest )
+ dest = jnlib_xmalloc( n ) ;
+ d = dest;
+ s = src ;
+ for(n--; n && *s; n-- )
+ *d++ = *s++;
+ *d = '\0' ;
+ }
+
+ return dest ;
+}
+
+
+/****************
+ * remove leading and trailing white spaces
+ */
+char *
+trim_spaces( char *str )
+{
+ char *string, *p, *mark;
+
+ string = str;
+ /* find first non space character */
+ for( p=string; *p && isspace( *(byte*)p ) ; p++ )
+ ;
+ /* move characters */
+ for( (mark = NULL); (*string = *p); string++, p++ )
+ if( isspace( *(byte*)p ) ) {
+ if( !mark )
+ mark = string ;
+ }
+ else
+ mark = NULL ;
+ if( mark )
+ *mark = '\0' ; /* remove trailing spaces */
+
+ return str ;
+}
+
+/****************
+ * remove trailing white spaces
+ */
+char *
+trim_trailing_spaces( char *string )
+{
+ char *p, *mark;
+
+ for( mark = NULL, p = string; *p; p++ ) {
+ if( isspace( *(byte*)p ) ) {
+ if( !mark )
+ mark = p;
+ }
+ else
+ mark = NULL;
+ }
+ if( mark )
+ *mark = '\0' ;
+
+ return string ;
+}
+
+
+unsigned
+trim_trailing_chars( byte *line, unsigned len, const char *trimchars )
+{
+ byte *p, *mark;
+ unsigned n;
+
+ for(mark=NULL, p=line, n=0; n < len; n++, p++ ) {
+ if( strchr(trimchars, *p ) ) {
+ if( !mark )
+ mark = p;
+ }
+ else
+ mark = NULL;
+ }
+
+ if( mark ) {
+ *mark = 0;
+ return mark - line;
+ }
+ return len;
+}
+
+/****************
+ * remove trailing white spaces and return the length of the buffer
+ */
+unsigned
+trim_trailing_ws( byte *line, unsigned len )
+{
+ return trim_trailing_chars( line, len, " \t\r\n" );
+}
+
+size_t
+length_sans_trailing_chars (const unsigned char *line, size_t len,
+ const char *trimchars )
+{
+ const unsigned char *p, *mark;
+ size_t n;
+
+ for( mark=NULL, p=line, n=0; n < len; n++, p++ )
+ {
+ if (strchr (trimchars, *p ))
+ {
+ if( !mark )
+ mark = p;
+ }
+ else
+ mark = NULL;
+ }
+
+ if (mark)
+ return mark - line;
+ return len;
+}
+
+/*
+ * Return the length of line ignoring trailing white-space.
+ */
+size_t
+length_sans_trailing_ws (const unsigned char *line, size_t len)
+{
+ return length_sans_trailing_chars (line, len, " \t\r\n");
+}
+
+
+
+/*
+ * Extract from a given path the filename component. This function
+ * terminates the process on memory shortage.
+ */
+char *
+make_basename(const char *filepath, const char *inputpath)
+{
+#ifdef __riscos__
+ return riscos_make_basename(filepath, inputpath);
+#else
+ char *p;
+
+ (void)inputpath; /* Only required for riscos. */
+
+ if ( !(p=strrchr(filepath, '/')) )
+#ifdef HAVE_DRIVE_LETTERS
+ if ( !(p=strrchr(filepath, '\\')) )
+ if ( !(p=strrchr(filepath, ':')) )
+#endif
+ {
+ return jnlib_xstrdup(filepath);
+ }
+
+ return jnlib_xstrdup(p+1);
+#endif
+}
+
+
+
+/*
+ * Extract from a given filename the path prepended to it. If there
+ * isn't a path prepended to the filename, a dot is returned ('.').
+ * This function terminates the process on memory shortage.
+ */
+char *
+make_dirname(const char *filepath)
+{
+ char *dirname;
+ int dirname_length;
+ char *p;
+
+ if ( !(p=strrchr(filepath, '/')) )
+#ifdef HAVE_DRIVE_LETTERS
+ if ( !(p=strrchr(filepath, '\\')) )
+ if ( !(p=strrchr(filepath, ':')) )
+#endif
+ {
+ return jnlib_xstrdup(".");
+ }
+
+ dirname_length = p-filepath;
+ dirname = jnlib_xmalloc(dirname_length+1);
+ strncpy(dirname, filepath, dirname_length);
+ dirname[dirname_length] = 0;
+
+ return dirname;
+}
+
+
+
+static char *
+get_pwdir (int xmode, const char *name)
+{
+ char *result = NULL;
+#ifdef HAVE_PWD_H
+ struct passwd *pwd = NULL;
+
+ if (name)
+ {
+#ifdef HAVE_GETPWNAM
+ /* Fixme: We should use getpwnam_r if available. */
+ pwd = getpwnam (name);
+#endif
+ }
+ else
+ {
+#ifdef HAVE_GETPWUID
+ /* Fixme: We should use getpwuid_r if available. */
+ pwd = getpwuid (getuid());
+#endif
+ }
+ if (pwd)
+ {
+ if (xmode)
+ result = jnlib_xstrdup (pwd->pw_dir);
+ else
+ result = jnlib_strdup (pwd->pw_dir);
+ }
+#endif /*HAVE_PWD_H*/
+ return result;
+}
+
+static char *
+do_make_filename (int xmode, const char *first_part, va_list arg_ptr)
+{
+ const char *argv[32];
+ int argc;
+ size_t n;
+ int skip = 1;
+ char *home_buffer = NULL;
+ char *name, *home, *p;
+
+ n = strlen (first_part) + 1;
+ argc = 0;
+ while ( (argv[argc] = va_arg (arg_ptr, const char *)) )
+ {
+ n += strlen (argv[argc]) + 1;
+ if (argc >= DIM (argv)-1)
+ {
+ if (xmode)
+ BUG ();
+ errno = EINVAL;
+ return NULL;
+ }
+ argc++;
+ }
+ n++;
+
+ home = NULL;
+ if (*first_part == '~')
+ {
+ if (first_part[1] == '/' || !first_part[1])
+ {
+ /* This is the "~/" or "~" case. */
+ home = getenv("HOME");
+ if (!home)
+ home = home_buffer = get_pwdir (xmode, NULL);
+ if (home && *home)
+ n += strlen (home);
+ }
+ else
+ {
+ /* This is the "~username/" or "~username" case. */
+ char *user;
+
+ if (xmode)
+ user = jnlib_xstrdup (first_part+1);
+ else
+ {
+ user = jnlib_strdup (first_part+1);
+ if (!user)
+ return NULL;
+ }
+ p = strchr (user, '/');
+ if (p)
+ *p = 0;
+ skip = 1 + strlen (user);
+
+ home = home_buffer = get_pwdir (xmode, user);
+ jnlib_free (user);
+ if (home)
+ n += strlen (home);
+ else
+ skip = 1;
+ }
+ }
+
+ if (xmode)
+ name = jnlib_xmalloc (n);
+ else
+ {
+ name = jnlib_malloc (n);
+ if (!name)
+ {
+ jnlib_free (home_buffer);
+ return NULL;
+ }
+ }
+
+ if (home)
+ p = stpcpy (stpcpy (name, home), first_part + skip);
+ else
+ p = stpcpy (name, first_part);
+
+ jnlib_free (home_buffer);
+
+ for (argc=0; argv[argc]; argc++)
+ p = stpcpy (stpcpy (p, "/"), argv[argc]);
+
+ return change_slashes (name);
+}
+
+/* Construct a filename from the NULL terminated list of parts. Tilde
+ expansion is done for the first argument. This function terminates
+ the process on memory shortage. */
+char *
+make_filename (const char *first_part, ... )
+{
+ va_list arg_ptr;
+ char *result;
+
+ va_start (arg_ptr, first_part);
+ result = do_make_filename (1, first_part, arg_ptr);
+ va_end (arg_ptr);
+ return result;
+}
+
+/* Construct a filename from the NULL terminated list of parts. Tilde
+ expansion is done for the first argument. This function may return
+ NULL on error. */
+char *
+make_filename_try (const char *first_part, ... )
+{
+ va_list arg_ptr;
+ char *result;
+
+ va_start (arg_ptr, first_part);
+ result = do_make_filename (0, first_part, arg_ptr);
+ va_end (arg_ptr);
+ return result;
+}
+
+
+
+/* Compare whether the filenames are identical. This is a
+ special version of strcmp() taking the semantics of filenames in
+ account. Note that this function works only on the supplied names
+ without considereing any context like the current directory. See
+ also same_file_p(). */
+int
+compare_filenames (const char *a, const char *b)
+{
+#ifdef HAVE_DRIVE_LETTERS
+ for ( ; *a && *b; a++, b++ )
+ {
+ if (*a != *b
+ && (toupper (*(const unsigned char*)a)
+ != toupper (*(const unsigned char*)b) )
+ && !((*a == '/' && *b == '\\') || (*a == '\\' && *b == '/')))
+ break;
+ }
+ if ((*a == '/' && *b == '\\') || (*a == '\\' && *b == '/'))
+ return 0;
+ else
+ return (toupper (*(const unsigned char*)a)
+ - toupper (*(const unsigned char*)b));
+#else
+ return strcmp(a,b);
+#endif
+}
+
+
+/* Convert 2 hex characters at S to a byte value. Return this value
+ or -1 if there is an error. */
+int
+hextobyte (const char *s)
+{
+ int c;
+
+ if ( *s >= '0' && *s <= '9' )
+ c = 16 * (*s - '0');
+ else if ( *s >= 'A' && *s <= 'F' )
+ c = 16 * (10 + *s - 'A');
+ else if ( *s >= 'a' && *s <= 'f' )
+ c = 16 * (10 + *s - 'a');
+ else
+ return -1;
+ s++;
+ if ( *s >= '0' && *s <= '9' )
+ c += *s - '0';
+ else if ( *s >= 'A' && *s <= 'F' )
+ c += 10 + *s - 'A';
+ else if ( *s >= 'a' && *s <= 'f' )
+ c += 10 + *s - 'a';
+ else
+ return -1;
+ return c;
+}
+
+
+/* Print a BUFFER to stream FP while replacing all control characters
+ and the characters DELIM and DELIM2 with standard C escape
+ sequences. Returns the number of characters printed. */
+size_t
+print_sanitized_buffer2 (FILE *fp, const void *buffer, size_t length,
+ int delim, int delim2)
+{
+ const unsigned char *p = buffer;
+ size_t count = 0;
+
+ for (; length; length--, p++, count++)
+ {
+ if (*p < 0x20
+ || *p == 0x7f
+ || *p == delim
+ || *p == delim2
+ || ((delim || delim2) && *p=='\\'))
+ {
+ putc ('\\', fp);
+ count++;
+ if (*p == '\n')
+ {
+ putc ('n', fp);
+ count++;
+ }
+ else if (*p == '\r')
+ {
+ putc ('r', fp);
+ count++;
+ }
+ else if (*p == '\f')
+ {
+ putc ('f', fp);
+ count++;
+ }
+ else if (*p == '\v')
+ {
+ putc ('v', fp);
+ count++;
+ }
+ else if (*p == '\b')
+ {
+ putc ('b', fp);
+ count++;
+ }
+ else if (!*p)
+ {
+ putc('0', fp);
+ count++;
+ }
+ else
+ {
+ fprintf (fp, "x%02x", *p);
+ count += 3;
+ }
+ }
+ else
+ {
+ putc (*p, fp);
+ count++;
+ }
+ }
+
+ return count;
+}
+
+/* Same as print_sanitized_buffer2 but with just one delimiter. */
+size_t
+print_sanitized_buffer (FILE *fp, const void *buffer, size_t length,
+ int delim)
+{
+ return print_sanitized_buffer2 (fp, buffer, length, delim, 0);
+}
+
+
+size_t
+print_sanitized_utf8_buffer (FILE *fp, const void *buffer,
+ size_t length, int delim)
+{
+ const char *p = buffer;
+ size_t i;
+
+ /* We can handle plain ascii simpler, so check for it first. */
+ for (i=0; i < length; i++ )
+ {
+ if ( (p[i] & 0x80) )
+ break;
+ }
+ if (i < length)
+ {
+ char *buf = utf8_to_native (p, length, delim);
+ /*(utf8 conversion already does the control character quoting)*/
+ i = strlen (buf);
+ fputs (buf, fp);
+ jnlib_free (buf);
+ return i;
+ }
+ else
+ return print_sanitized_buffer (fp, p, length, delim);
+}
+
+
+size_t
+print_sanitized_string2 (FILE *fp, const char *string, int delim, int delim2)
+{
+ return string? print_sanitized_buffer2 (fp, string, strlen (string),
+ delim, delim2):0;
+}
+
+size_t
+print_sanitized_string (FILE *fp, const char *string, int delim)
+{
+ return string? print_sanitized_buffer (fp, string, strlen (string), delim):0;
+}
+
+size_t
+print_sanitized_utf8_string (FILE *fp, const char *string, int delim)
+{
+ return string? print_sanitized_utf8_buffer (fp,
+ string, strlen (string),
+ delim) : 0;
+}
+
+/* Create a string from the buffer P_ARG of length N which is suitable
+ for printing. Caller must release the created string using xfree.
+ This function terminates the process on memory shortage. */
+char *
+sanitize_buffer (const void *p_arg, size_t n, int delim)
+{
+ const unsigned char *p = p_arg;
+ size_t save_n, buflen;
+ const unsigned char *save_p;
+ char *buffer, *d;
+
+ /* First count length. */
+ for (save_n = n, save_p = p, buflen=1 ; n; n--, p++ )
+ {
+ if ( *p < 0x20 || *p == 0x7f || *p == delim || (delim && *p=='\\'))
+ {
+ if ( *p=='\n' || *p=='\r' || *p=='\f'
+ || *p=='\v' || *p=='\b' || !*p )
+ buflen += 2;
+ else
+ buflen += 5;
+ }
+ else
+ buflen++;
+ }
+ p = save_p;
+ n = save_n;
+ /* And now make the string */
+ d = buffer = jnlib_xmalloc( buflen );
+ for ( ; n; n--, p++ )
+ {
+ if (*p < 0x20 || *p == 0x7f || *p == delim || (delim && *p=='\\')) {
+ *d++ = '\\';
+ if( *p == '\n' )
+ *d++ = 'n';
+ else if( *p == '\r' )
+ *d++ = 'r';
+ else if( *p == '\f' )
+ *d++ = 'f';
+ else if( *p == '\v' )
+ *d++ = 'v';
+ else if( *p == '\b' )
+ *d++ = 'b';
+ else if( !*p )
+ *d++ = '0';
+ else {
+ sprintf(d, "x%02x", *p );
+ d += 3;
+ }
+ }
+ else
+ *d++ = *p;
+ }
+ *d = 0;
+ return buffer;
+}
+
+
+/* Given a string containing an UTF-8 encoded text, return the number
+ of characters in this string. It differs from strlen in that it
+ only counts complete UTF-8 characters. Note, that this function
+ does not take combined characters into account. */
+size_t
+utf8_charcount (const char *s)
+{
+ size_t n;
+
+ for (n=0; *s; s++)
+ if ( (*s&0xc0) != 0x80 ) /* Exclude continuation bytes: 10xxxxxx */
+ n++;
+
+ return n;
+}
+
+
+/****************************************************
+ ********** W32 specific functions ****************
+ ****************************************************/
+
+#ifdef HAVE_W32_SYSTEM
+const char *
+w32_strerror (int ec)
+{
+ static char strerr[256];
+
+ if (ec == -1)
+ ec = (int)GetLastError ();
+ FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM, NULL, ec,
+ MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT),
+ strerr, DIM (strerr)-1, NULL);
+ return strerr;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+/****************************************************
+ ******** Locale insensitive ctype functions ********
+ ****************************************************/
+/* FIXME: replace them by a table lookup and macros */
+int
+ascii_isupper (int c)
+{
+ return c >= 'A' && c <= 'Z';
+}
+
+int
+ascii_islower (int c)
+{
+ return c >= 'a' && c <= 'z';
+}
+
+int
+ascii_toupper (int c)
+{
+ if (c >= 'a' && c <= 'z')
+ c &= ~0x20;
+ return c;
+}
+
+int
+ascii_tolower (int c)
+{
+ if (c >= 'A' && c <= 'Z')
+ c |= 0x20;
+ return c;
+}
+
+
+int
+ascii_strcasecmp( const char *a, const char *b )
+{
+ if (a == b)
+ return 0;
+
+ for (; *a && *b; a++, b++) {
+ if (*a != *b && ascii_toupper(*a) != ascii_toupper(*b))
+ break;
+ }
+ return *a == *b? 0 : (ascii_toupper (*a) - ascii_toupper (*b));
+}
+
+int
+ascii_strncasecmp (const char *a, const char *b, size_t n)
+{
+ const unsigned char *p1 = (const unsigned char *)a;
+ const unsigned char *p2 = (const unsigned char *)b;
+ unsigned char c1, c2;
+
+ if (p1 == p2 || !n )
+ return 0;
+
+ do
+ {
+ c1 = ascii_tolower (*p1);
+ c2 = ascii_tolower (*p2);
+
+ if ( !--n || c1 == '\0')
+ break;
+
+ ++p1;
+ ++p2;
+ }
+ while (c1 == c2);
+
+ return c1 - c2;
+}
+
+
+int
+ascii_memcasecmp (const void *a_arg, const void *b_arg, size_t n )
+{
+ const char *a = a_arg;
+ const char *b = b_arg;
+
+ if (a == b)
+ return 0;
+ for ( ; n; n--, a++, b++ )
+ {
+ if( *a != *b && ascii_toupper (*a) != ascii_toupper (*b) )
+ return *a == *b? 0 : (ascii_toupper (*a) - ascii_toupper (*b));
+ }
+ return 0;
+}
+
+int
+ascii_strcmp( const char *a, const char *b )
+{
+ if (a == b)
+ return 0;
+
+ for (; *a && *b; a++, b++) {
+ if (*a != *b )
+ break;
+ }
+ return *a == *b? 0 : (*(signed char *)a - *(signed char *)b);
+}
+
+
+void *
+ascii_memcasemem (const void *haystack, size_t nhaystack,
+ const void *needle, size_t nneedle)
+{
+
+ if (!nneedle)
+ return (void*)haystack; /* finding an empty needle is really easy */
+ if (nneedle <= nhaystack)
+ {
+ const char *a = haystack;
+ const char *b = a + nhaystack - nneedle;
+
+ for (; a <= b; a++)
+ {
+ if ( !ascii_memcasecmp (a, needle, nneedle) )
+ return (void *)a;
+ }
+ }
+ return NULL;
+}
+
+/*********************************************
+ ********** missing string functions *********
+ *********************************************/
+
+#ifndef HAVE_STPCPY
+char *
+stpcpy(char *a,const char *b)
+{
+ while( *b )
+ *a++ = *b++;
+ *a = 0;
+
+ return (char*)a;
+}
+#endif
+
+#ifndef HAVE_STRSEP
+/* Code taken from glibc-2.2.1/sysdeps/generic/strsep.c. */
+char *
+strsep (char **stringp, const char *delim)
+{
+ char *begin, *end;
+
+ begin = *stringp;
+ if (begin == NULL)
+ return NULL;
+
+ /* A frequent case is when the delimiter string contains only one
+ character. Here we don't need to call the expensive `strpbrk'
+ function and instead work using `strchr'. */
+ if (delim[0] == '\0' || delim[1] == '\0')
+ {
+ char ch = delim[0];
+
+ if (ch == '\0')
+ end = NULL;
+ else
+ {
+ if (*begin == ch)
+ end = begin;
+ else if (*begin == '\0')
+ end = NULL;
+ else
+ end = strchr (begin + 1, ch);
+ }
+ }
+ else
+ /* Find the end of the token. */
+ end = strpbrk (begin, delim);
+
+ if (end)
+ {
+ /* Terminate the token and set *STRINGP past NUL character. */
+ *end++ = '\0';
+ *stringp = end;
+ }
+ else
+ /* No more delimiters; this is the last token. */
+ *stringp = NULL;
+
+ return begin;
+}
+#endif /*HAVE_STRSEP*/
+
+
+#ifndef HAVE_STRLWR
+char *
+strlwr(char *s)
+{
+ char *p;
+ for(p=s; *p; p++ )
+ *p = tolower(*p);
+ return s;
+}
+#endif
+
+
+#ifndef HAVE_STRCASECMP
+int
+strcasecmp( const char *a, const char *b )
+{
+ for( ; *a && *b; a++, b++ ) {
+ if( *a != *b && toupper(*a) != toupper(*b) )
+ break;
+ }
+ return *(const byte*)a - *(const byte*)b;
+}
+#endif
+
+
+/****************
+ * mingw32/cpd has a memicmp()
+ */
+#ifndef HAVE_MEMICMP
+int
+memicmp( const char *a, const char *b, size_t n )
+{
+ for( ; n; n--, a++, b++ )
+ if( *a != *b && toupper(*(const byte*)a) != toupper(*(const byte*)b) )
+ return *(const byte *)a - *(const byte*)b;
+ return 0;
+}
+#endif
+
+
+#ifndef HAVE_MEMRCHR
+void *
+memrchr (const void *buffer, int c, size_t n)
+{
+ const unsigned char *p = buffer;
+
+ for (p += n; n ; n--)
+ if (*--p == c)
+ return (void *)p;
+ return NULL;
+}
+#endif /*HAVE_MEMRCHR*/
+
+
+/* Percent-escape the string STR by replacing colons with '%3a'. If
+ EXTRA is not NULL all characters in EXTRA are also escaped. */
+static char *
+do_percent_escape (const char *str, const char *extra, int die)
+{
+ int i, j;
+ char *ptr;
+
+ if (!str)
+ return NULL;
+
+ for (i=j=0; str[i]; i++)
+ if (str[i] == ':' || str[i] == '%' || (extra && strchr (extra, str[i])))
+ j++;
+ if (die)
+ ptr = jnlib_xmalloc (i + 2 * j + 1);
+ else
+ {
+ ptr = jnlib_malloc (i + 2 * j + 1);
+ if (!ptr)
+ return NULL;
+ }
+ i = 0;
+ while (*str)
+ {
+ if (*str == ':')
+ {
+ ptr[i++] = '%';
+ ptr[i++] = '3';
+ ptr[i++] = 'a';
+ }
+ else if (*str == '%')
+ {
+ ptr[i++] = '%';
+ ptr[i++] = '2';
+ ptr[i++] = '5';
+ }
+ else if (extra && strchr (extra, *str))
+ {
+ ptr[i++] = '%';
+ ptr[i++] = tohex_lower ((*str>>4)&15);
+ ptr[i++] = tohex_lower (*str&15);
+ }
+ else
+ ptr[i++] = *str;
+ str++;
+ }
+ ptr[i] = '\0';
+
+ return ptr;
+}
+
+/* Percent-escape the string STR by replacing colons with '%3a'. If
+ EXTRA is not NULL all characters in EXTRA are also escaped. This
+ function terminates the process on memory shortage. */
+char *
+percent_escape (const char *str, const char *extra)
+{
+ return do_percent_escape (str, extra, 1);
+}
+
+/* Same as percent_escape but return NULL instead of exiting on memory
+ error. */
+char *
+try_percent_escape (const char *str, const char *extra)
+{
+ return do_percent_escape (str, extra, 0);
+}
+
+
+
+static char *
+do_strconcat (const char *s1, va_list arg_ptr)
+{
+ const char *argv[48];
+ size_t argc;
+ size_t needed;
+ char *buffer, *p;
+
+ argc = 0;
+ argv[argc++] = s1;
+ needed = strlen (s1);
+ while (((argv[argc] = va_arg (arg_ptr, const char *))))
+ {
+ needed += strlen (argv[argc]);
+ if (argc >= DIM (argv)-1)
+ {
+ errno = EINVAL;
+ return NULL;
+ }
+ argc++;
+ }
+ needed++;
+ buffer = jnlib_malloc (needed);
+ if (buffer)
+ {
+ for (p = buffer, argc=0; argv[argc]; argc++)
+ p = stpcpy (p, argv[argc]);
+ }
+ return buffer;
+}
+
+
+/* Concatenate the string S1 with all the following strings up to a
+ NULL. Returns a malloced buffer with the new string or NULL on a
+ malloc error or if too many arguments are given. */
+char *
+strconcat (const char *s1, ...)
+{
+ va_list arg_ptr;
+ char *result;
+
+ if (!s1)
+ result = jnlib_strdup ("");
+ else
+ {
+ va_start (arg_ptr, s1);
+ result = do_strconcat (s1, arg_ptr);
+ va_end (arg_ptr);
+ }
+ return result;
+}
+
+/* Same as strconcat but terminate the process with an error message
+ if something goes wrong. */
+char *
+xstrconcat (const char *s1, ...)
+{
+ va_list arg_ptr;
+ char *result;
+
+ if (!s1)
+ result = jnlib_xstrdup ("");
+ else
+ {
+ va_start (arg_ptr, s1);
+ result = do_strconcat (s1, arg_ptr);
+ va_end (arg_ptr);
+ }
+ if (!result)
+ {
+ if (errno == EINVAL)
+ fputs ("\nfatal: too many args for xstrconcat\n", stderr);
+ else
+ fputs ("\nfatal: out of memory\n", stderr);
+ exit (2);
+ }
+ return result;
+}
+
diff --git a/jnlib/stringhelp.h b/jnlib/stringhelp.h
new file mode 100644
index 0000000..a560b16
--- /dev/null
+++ b/jnlib/stringhelp.h
@@ -0,0 +1,136 @@
+/* stringhelp.h
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003,
+ * 2006, 2007, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef LIBJNLIB_STRINGHELP_H
+#define LIBJNLIB_STRINGHELP_H
+
+#include "types.h"
+
+const char *memistr (const void *buf, size_t buflen, const char *sub);
+char *mem2str( char *, const void *, size_t);
+char *trim_spaces( char *string );
+char *trim_trailing_spaces( char *string );
+unsigned int trim_trailing_chars( unsigned char *line, unsigned len,
+ const char *trimchars);
+unsigned int trim_trailing_ws( unsigned char *line, unsigned len );
+size_t length_sans_trailing_chars (const unsigned char *line, size_t len,
+ const char *trimchars );
+size_t length_sans_trailing_ws (const unsigned char *line, size_t len);
+
+
+char *make_basename(const char *filepath, const char *inputpath);
+char *make_dirname(const char *filepath);
+char *make_filename( const char *first_part, ... ) GNUPG_GCC_A_SENTINEL(0);
+char *make_filename_try (const char *first_part, ... ) GNUPG_GCC_A_SENTINEL(0);
+int compare_filenames( const char *a, const char *b );
+
+int hextobyte (const char *s);
+
+size_t print_sanitized_buffer (FILE *fp, const void *buffer, size_t length,
+ int delim);
+size_t print_sanitized_buffer2 (FILE *fp, const void *buffer, size_t length,
+ int delim, int delim2);
+size_t print_sanitized_utf8_buffer (FILE *fp, const void *buffer,
+ size_t length, int delim);
+size_t print_sanitized_string (FILE *fp, const char *string, int delim);
+size_t print_sanitized_string2 (FILE *fp, const char *string,
+ int delim, int delim2);
+size_t print_sanitized_utf8_string (FILE *fp, const char *string, int delim);
+char *sanitize_buffer (const void *p, size_t n, int delim);
+
+
+size_t utf8_charcount (const char *s);
+
+
+#ifdef HAVE_W32_SYSTEM
+const char *w32_strerror (int ec);
+#endif
+
+
+int ascii_isupper (int c);
+int ascii_islower (int c);
+int ascii_toupper (int c);
+int ascii_tolower (int c);
+int ascii_strcasecmp( const char *a, const char *b );
+int ascii_strncasecmp (const char *a, const char *b, size_t n);
+int ascii_memcasecmp( const void *a, const void *b, size_t n );
+const char *ascii_memistr ( const void *buf, size_t buflen, const char *sub);
+void *ascii_memcasemem (const void *haystack, size_t nhaystack,
+ const void *needle, size_t nneedle);
+
+
+#ifndef HAVE_MEMICMP
+int memicmp( const char *a, const char *b, size_t n );
+#endif
+#ifndef HAVE_STPCPY
+char *stpcpy(char *a,const char *b);
+#endif
+#ifndef HAVE_STRSEP
+char *strsep (char **stringp, const char *delim);
+#endif
+#ifndef HAVE_STRLWR
+char *strlwr(char *a);
+#endif
+#ifndef HAVE_STRTOUL
+# define strtoul(a,b,c) ((unsigned long)strtol((a),(b),(c)))
+#endif
+#ifndef HAVE_MEMMOVE
+# define memmove(d, s, n) bcopy((s), (d), (n))
+#endif
+#ifndef HAVE_STRICMP
+# define stricmp(a,b) strcasecmp( (a), (b) )
+#endif
+#ifndef HAVE_MEMRCHR
+void *memrchr (const void *buffer, int c, size_t n);
+#endif
+
+
+#ifndef HAVE_ISASCII
+static inline int
+isascii (int c)
+{
+ return (((c) & ~0x7f) == 0);
+}
+#endif /* !HAVE_ISASCII */
+
+
+#ifndef STR
+# define STR(v) #v
+#endif
+#define STR2(v) STR(v)
+
+/* Percent-escape the string STR by replacing colons with '%3a'. If
+ EXTRA is not NULL, also replace all characters given in EXTRA. The
+ "try_" variant fails with NULL if not enough memory can be
+ allocated. */
+char *percent_escape (const char *str, const char *extra);
+char *try_percent_escape (const char *str, const char *extra);
+
+
+/* Concatenate the string S1 with all the following strings up to a
+ NULL. Returns a malloced buffer with the new string or NULL on a
+ malloc error or if too many arguments are given. */
+char *strconcat (const char *s1, ...) GNUPG_GCC_A_SENTINEL(0);
+/* Ditto, but die on error. */
+char *xstrconcat (const char *s1, ...) GNUPG_GCC_A_SENTINEL(0);
+
+
+
+#endif /*LIBJNLIB_STRINGHELP_H*/
diff --git a/jnlib/strlist.c b/jnlib/strlist.c
new file mode 100644
index 0000000..d45a164
--- /dev/null
+++ b/jnlib/strlist.c
@@ -0,0 +1,185 @@
+/* strlist.c - string helpers
+ * Copyright (C) 1998, 2000, 2001, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <ctype.h>
+
+#include "libjnlib-config.h"
+#include "strlist.h"
+#ifdef JNLIB_NEED_UTF8CONV
+#include "utf8conv.h"
+#endif
+
+void
+free_strlist( strlist_t sl )
+{
+ strlist_t sl2;
+
+ for(; sl; sl = sl2 ) {
+ sl2 = sl->next;
+ jnlib_free(sl);
+ }
+}
+
+
+/* Add STRING to the LIST at the front. This function terminates the
+ process on memory shortage. */
+strlist_t
+add_to_strlist( strlist_t *list, const char *string )
+{
+ strlist_t sl;
+
+ sl = jnlib_xmalloc( sizeof *sl + strlen(string));
+ sl->flags = 0;
+ strcpy(sl->d, string);
+ sl->next = *list;
+ *list = sl;
+ return sl;
+}
+
+
+/* Same as add_to_strlist() but if IS_UTF8 is *not* set, a conversion
+ to UTF-8 is done. This function terminates the process on memory
+ shortage. */
+#ifdef JNLIB_NEED_UTF8CONV
+strlist_t
+add_to_strlist2( strlist_t *list, const char *string, int is_utf8 )
+{
+ strlist_t sl;
+
+ if (is_utf8)
+ sl = add_to_strlist( list, string );
+ else
+ {
+ char *p = native_to_utf8( string );
+ sl = add_to_strlist( list, p );
+ jnlib_free ( p );
+ }
+ return sl;
+}
+#endif /* JNLIB_NEED_UTF8CONV*/
+
+
+/* Add STRING to the LIST at the end. This function terminates the
+ process on memory shortage. */
+strlist_t
+append_to_strlist( strlist_t *list, const char *string )
+{
+ strlist_t r, sl;
+
+ sl = jnlib_xmalloc( sizeof *sl + strlen(string));
+ sl->flags = 0;
+ strcpy(sl->d, string);
+ sl->next = NULL;
+ if( !*list )
+ *list = sl;
+ else {
+ for( r = *list; r->next; r = r->next )
+ ;
+ r->next = sl;
+ }
+ return sl;
+}
+
+
+#ifdef JNLIB_NEED_UTF8CONV
+strlist_t
+append_to_strlist2( strlist_t *list, const char *string, int is_utf8 )
+{
+ strlist_t sl;
+
+ if( is_utf8 )
+ sl = append_to_strlist( list, string );
+ else
+ {
+ char *p = native_to_utf8 (string);
+ sl = append_to_strlist( list, p );
+ jnlib_free( p );
+ }
+ return sl;
+}
+#endif /* JNLIB_NEED_UTF8CONV */
+
+
+/* Return a copy of LIST. This function terminates the process on
+ memory shortage.*/
+strlist_t
+strlist_copy (strlist_t list)
+{
+ strlist_t newlist = NULL, sl, *last;
+
+ last = &newlist;
+ for (; list; list = list->next)
+ {
+ sl = jnlib_xmalloc (sizeof *sl + strlen (list->d));
+ sl->flags = list->flags;
+ strcpy(sl->d, list->d);
+ sl->next = NULL;
+ *last = sl;
+ last = &sl;
+ }
+ return newlist;
+}
+
+
+
+strlist_t
+strlist_prev( strlist_t head, strlist_t node )
+{
+ strlist_t n;
+
+ for(n=NULL; head && head != node; head = head->next )
+ n = head;
+ return n;
+}
+
+strlist_t
+strlist_last( strlist_t node )
+{
+ if( node )
+ for( ; node->next ; node = node->next )
+ ;
+ return node;
+}
+
+
+/* Remove the first item from LIST and return its content in an
+ allocated buffer. This function terminates the process on memory
+ shortage. */
+char *
+strlist_pop (strlist_t *list)
+{
+ char *str=NULL;
+ strlist_t sl=*list;
+
+ if(sl)
+ {
+ str=jnlib_xmalloc(strlen(sl->d)+1);
+ strcpy(str,sl->d);
+
+ *list=sl->next;
+ jnlib_free(sl);
+ }
+
+ return str;
+}
+
diff --git a/jnlib/strlist.h b/jnlib/strlist.h
new file mode 100644
index 0000000..4191624
--- /dev/null
+++ b/jnlib/strlist.h
@@ -0,0 +1,49 @@
+/* strlist.h
+ * Copyright (C) 1998, 2000, 2001, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef LIBJNLIB_STRLIST_H
+#define LIBJNLIB_STRLIST_H
+
+struct string_list
+{
+ struct string_list *next;
+ unsigned int flags;
+ char d[1];
+};
+typedef struct string_list *strlist_t;
+
+void free_strlist (strlist_t sl);
+strlist_t add_to_strlist (strlist_t *list, const char *string);
+
+strlist_t add_to_strlist2( strlist_t *list, const char *string, int is_utf8);
+
+strlist_t append_to_strlist (strlist_t *list, const char *string);
+strlist_t append_to_strlist2 (strlist_t *list, const char *string,
+ int is_utf8);
+
+strlist_t strlist_copy (strlist_t list);
+
+strlist_t strlist_prev (strlist_t head, strlist_t node);
+strlist_t strlist_last (strlist_t node);
+char * strlist_pop (strlist_t *list);
+
+#define FREE_STRLIST(a) do { free_strlist((a)); (a) = NULL ; } while(0)
+
+
+#endif /*LIBJNLIB_STRLIST_H*/
diff --git a/jnlib/t-stringhelp.c b/jnlib/t-stringhelp.c
new file mode 100644
index 0000000..02041d3
--- /dev/null
+++ b/jnlib/t-stringhelp.c
@@ -0,0 +1,414 @@
+/* t-stringhelp.c - Regression tests for stringhelp.c
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#ifdef HAVE_PWD_H
+# include <pwd.h>
+#endif
+#include <unistd.h>
+#include <sys/types.h>
+
+#include "stringhelp.h"
+
+#include "t-support.h"
+
+
+static char *home_buffer;
+
+
+const char *
+gethome (void)
+{
+ if (!home_buffer)
+ {
+ char *home = getenv("HOME");
+
+#if defined(HAVE_GETPWUID) && defined(HAVE_PWD_H)
+ if(home)
+ home_buffer = xstrdup (home);
+ else
+ {
+ struct passwd *pwd;
+
+ pwd = getpwuid (getuid());
+ if (pwd)
+ home_buffer = xstrdup (pwd->pw_dir);
+ }
+#endif
+ }
+ return home_buffer;
+}
+
+
+static void
+test_percent_escape (void)
+{
+ char *result;
+ static struct {
+ const char *extra;
+ const char *value;
+ const char *expected;
+ } tests[] =
+ {
+ { NULL, "", "" },
+ { NULL, "%", "%25" },
+ { NULL, "%%", "%25%25" },
+ { NULL, " %", " %25" },
+ { NULL, ":", "%3a" },
+ { NULL, " :", " %3a" },
+ { NULL, ": ", "%3a " },
+ { NULL, " : ", " %3a " },
+ { NULL, "::", "%3a%3a" },
+ { NULL, ": :", "%3a %3a" },
+ { NULL, "%:", "%25%3a" },
+ { NULL, ":%", "%3a%25" },
+ { "\\\n:", ":%", "%3a%25" },
+ { "\\\n:", "\\:%", "%5c%3a%25" },
+ { "\\\n:", "\n:%", "%0a%3a%25" },
+ { "\\\n:", "\xff:%", "\xff%3a%25" },
+ { "\\\n:", "\xfe:%", "\xfe%3a%25" },
+ { "\\\n:", "\x01:%", "\x01%3a%25" },
+ { "\x01", "\x01:%", "%01%3a%25" },
+ { "\xfe", "\xfe:%", "%fe%3a%25" },
+ { "\xfe", "\xff:%", "\xff%3a%25" },
+
+ { NULL, NULL, NULL }
+ };
+ int testno;
+
+ result = percent_escape (NULL, NULL);
+ if (result)
+ fail (0);
+ for (testno=0; tests[testno].value; testno++)
+ {
+ result = percent_escape (tests[testno].value, tests[testno].extra);
+ if (!result)
+ fail (testno);
+ if (strcmp (result, tests[testno].expected))
+ fail (testno);
+ xfree (result);
+ }
+
+}
+
+
+static void
+test_compare_filenames (void)
+{
+ struct {
+ const char *a;
+ const char *b;
+ int result;
+ } tests[] = {
+ { "", "", 0 },
+ { "", "a", -1 },
+ { "a", "", 1 },
+ { "a", "a", 0 },
+ { "a", "aa", -1 },
+ { "aa", "a", 1 },
+ { "a", "b", -1 },
+
+#ifdef HAVE_W32_SYSTEM
+ { "a", "A", 0 },
+ { "A", "a", 0 },
+ { "foo/bar", "foo\\bar", 0 },
+ { "foo\\bar", "foo/bar", 0 },
+ { "foo\\", "foo/", 0 },
+ { "foo/", "foo\\", 0 },
+#endif /*HAVE_W32_SYSTEM*/
+ { NULL, NULL, 0}
+ };
+ int testno, result;
+
+ for (testno=0; tests[testno].a; testno++)
+ {
+ result = compare_filenames (tests[testno].a, tests[testno].b);
+ result = result < 0? -1 : result > 0? 1 : 0;
+ if (result != tests[testno].result)
+ fail (testno);
+ }
+}
+
+
+static void
+test_strconcat (void)
+{
+ char *out;
+
+ out = strconcat ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", NULL);
+ if (!out)
+ fail (0);
+ else
+ xfree (out);
+ out = strconcat ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", NULL);
+ if (out)
+ fail (0);
+ else if (errno != EINVAL)
+ fail (0);
+
+ out = strconcat ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", NULL);
+ if (out)
+ fail (0);
+ else if (errno != EINVAL)
+ fail (0);
+
+#if __GNUC__ < 4 /* gcc 4.0 has a sentinel attribute. */
+ out = strconcat (NULL);
+ if (!out || *out)
+ fail (1);
+#endif
+ out = strconcat (NULL, NULL);
+ if (!out || *out)
+ fail (1);
+ out = strconcat ("", NULL);
+ if (!out || *out)
+ fail (1);
+ xfree (out);
+
+ out = strconcat ("", "", NULL);
+ if (!out || *out)
+ fail (2);
+ xfree (out);
+
+ out = strconcat ("a", "b", NULL);
+ if (!out || strcmp (out, "ab"))
+ fail (3);
+ xfree (out);
+ out = strconcat ("a", "b", "c", NULL);
+ if (!out || strcmp (out, "abc"))
+ fail (3);
+ xfree (out);
+
+ out = strconcat ("a", "b", "cc", NULL);
+ if (!out || strcmp (out, "abcc"))
+ fail (4);
+ xfree (out);
+ out = strconcat ("a1", "b1", "c1", NULL);
+ if (!out || strcmp (out, "a1b1c1"))
+ fail (4);
+ xfree (out);
+
+ out = strconcat ("", " long b ", "", "--even-longer--", NULL);
+ if (!out || strcmp (out, " long b --even-longer--"))
+ fail (5);
+ xfree (out);
+
+ out = strconcat ("", " long b ", "", "--even-longer--", NULL);
+ if (!out || strcmp (out, " long b --even-longer--"))
+ fail (5);
+ xfree (out);
+}
+
+static void
+test_xstrconcat (void)
+{
+ char *out;
+
+ out = xstrconcat ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", NULL);
+ if (!out)
+ fail (0);
+
+#if __GNUC__ < 4 /* gcc 4.0 has a sentinel attribute. */
+ out = xstrconcat (NULL);
+ if (!out)
+ fail (1);
+#endif
+ out = xstrconcat (NULL, NULL);
+ if (!out)
+ fail (1);
+ out = xstrconcat ("", NULL);
+ if (!out || *out)
+ fail (1);
+ xfree (out);
+
+ out = xstrconcat ("", "", NULL);
+ if (!out || *out)
+ fail (2);
+ xfree (out);
+
+ out = xstrconcat ("a", "b", NULL);
+ if (!out || strcmp (out, "ab"))
+ fail (3);
+ xfree (out);
+ out = xstrconcat ("a", "b", "c", NULL);
+ if (!out || strcmp (out, "abc"))
+ fail (3);
+ xfree (out);
+
+ out = xstrconcat ("a", "b", "cc", NULL);
+ if (!out || strcmp (out, "abcc"))
+ fail (4);
+ xfree (out);
+ out = xstrconcat ("a1", "b1", "c1", NULL);
+ if (!out || strcmp (out, "a1b1c1"))
+ fail (4);
+ xfree (out);
+
+ out = xstrconcat ("", " long b ", "", "--even-longer--", NULL);
+ if (!out || strcmp (out, " long b --even-longer--"))
+ fail (5);
+ xfree (out);
+
+ out = xstrconcat ("", " long b ", "", "--even-longer--", NULL);
+ if (!out || strcmp (out, " long b --even-longer--"))
+ fail (5);
+ xfree (out);
+}
+
+
+static void
+test_make_filename_try (void)
+{
+ char *out;
+ const char *home = gethome ();
+ size_t homelen = home? strlen (home):0;
+
+ out = make_filename_try ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", NULL);
+ if (out)
+ fail (0);
+ else if (errno != EINVAL)
+ fail (0);
+ xfree (out);
+ out = make_filename_try ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", NULL);
+ if (out)
+ fail (0);
+ else if (errno != EINVAL)
+ fail (0);
+ xfree (out);
+
+ out = make_filename_try ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+ "1", "2", NULL);
+ if (!out || strcmp (out,
+ "1/2/3/4/5/6/7/8/9/10/"
+ "1/2/3/4/5/6/7/8/9/10/"
+ "1/2/3/4/5/6/7/8/9/10/"
+ "1/2"))
+ fail (0);
+ xfree (out);
+
+ out = make_filename_try ("foo", "~/bar", "baz/cde", NULL);
+ if (!out || strcmp (out, "foo/~/bar/baz/cde"))
+ fail (1);
+ xfree (out);
+
+ out = make_filename_try ("foo", "~/bar", "baz/cde/", NULL);
+ if (!out || strcmp (out, "foo/~/bar/baz/cde/"))
+ fail (1);
+ xfree (out);
+
+ out = make_filename_try ("/foo", "~/bar", "baz/cde/", NULL);
+ if (!out || strcmp (out, "/foo/~/bar/baz/cde/"))
+ fail (1);
+ xfree (out);
+
+ out = make_filename_try ("//foo", "~/bar", "baz/cde/", NULL);
+ if (!out || strcmp (out, "//foo/~/bar/baz/cde/"))
+ fail (1);
+ xfree (out);
+
+ out = make_filename_try ("", "~/bar", "baz/cde", NULL);
+ if (!out || strcmp (out, "/~/bar/baz/cde"))
+ fail (1);
+ xfree (out);
+
+
+ out = make_filename_try ("~/foo", "bar", NULL);
+ if (!out)
+ fail (2);
+ if (home)
+ {
+ if (strlen (out) < homelen + 7)
+ fail (2);
+ if (strncmp (out, home, homelen))
+ fail (2);
+ if (strcmp (out+homelen, "/foo/bar"))
+ fail (2);
+ }
+ else
+ {
+ if (strcmp (out, "~/foo/bar"))
+ fail (2);
+ }
+ xfree (out);
+
+ out = make_filename_try ("~", "bar", NULL);
+ if (!out)
+ fail (2);
+ if (home)
+ {
+ if (strlen (out) < homelen + 3)
+ fail (2);
+ if (strncmp (out, home, homelen))
+ fail (2);
+ if (strcmp (out+homelen, "/bar"))
+ fail (2);
+ }
+ else
+ {
+ if (strcmp (out, "~/bar"))
+ fail (2);
+ }
+ xfree (out);
+}
+
+
+int
+main (int argc, char **argv)
+{
+ (void)argc;
+ (void)argv;
+
+ test_percent_escape ();
+ test_compare_filenames ();
+ test_strconcat ();
+ test_xstrconcat ();
+ test_make_filename_try ();
+
+ xfree (home_buffer);
+ return 0;
+}
+
diff --git a/jnlib/t-support.c b/jnlib/t-support.c
new file mode 100644
index 0000000..d8eba3b
--- /dev/null
+++ b/jnlib/t-support.c
@@ -0,0 +1,143 @@
+/* t-support.c - helper functions for the regression tests.
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "t-support.h"
+
+
+/* Replacements for the malloc functions as used here. */
+
+static void
+out_of_memory (void)
+{
+ fprintf (stderr,"error: out of core in regression tests: %s\n",
+ strerror (errno));
+ exit (2);
+}
+
+
+void *
+gcry_malloc (size_t n)
+{
+ return malloc (n);
+}
+
+void *
+gcry_xmalloc (size_t n)
+{
+ void *p = malloc (n);
+ if (!p)
+ out_of_memory ();
+ return p;
+}
+
+char *
+gcry_strdup (const char *string)
+{
+ char *p = malloc (strlen (string)+1);
+ if (p)
+ strcpy (p, string);
+ return p;
+}
+
+
+void *
+gcry_realloc (void *a, size_t n)
+{
+ return realloc (a, n);
+}
+
+void *
+gcry_xrealloc (void *a, size_t n)
+{
+ void *p = realloc (a, n);
+ if (!p)
+ out_of_memory ();
+ return p;
+}
+
+
+
+void *
+gcry_calloc (size_t n, size_t m)
+{
+ return calloc (n, m);
+}
+
+void *
+gcry_xcalloc (size_t n, size_t m)
+{
+ void *p = calloc (n, m);
+ if (!p)
+ out_of_memory ();
+ return p;
+}
+
+
+char *
+gcry_xstrdup (const char *string)
+{
+ void *p = malloc (strlen (string)+1);
+ if (!p)
+ out_of_memory ();
+ strcpy (p, string);
+ return p;
+}
+
+void
+gcry_free (void *a)
+{
+ if (a)
+ free (a);
+}
+
+
+
+/* Stubs for gpg-error functions required because some compilers do
+ not eliminate the supposed-to-be-unused-inline-functions and thus
+ require functions called from these inline fucntions. Although we
+ do not use gpg-error, gpg-error.h may get included via gcrypt.h if
+ it happens to be used used in libjnlib-config.h. */
+int
+gpg_err_code_from_errno (int err)
+{
+ (void)err;
+ assert (!"stub function");
+ return -1;
+}
+
+
+/* Retrieve the error code directly from the ERRNO variable. This
+ returns GPG_ERR_UNKNOWN_ERRNO if the system error is not mapped
+ (report this) and GPG_ERR_MISSING_ERRNO if ERRNO has the value 0. */
+int
+gpg_err_code_from_syserror (void)
+{
+ assert (!"stub function");
+ return -1;
+}
+
+
+
diff --git a/jnlib/t-support.h b/jnlib/t-support.h
new file mode 100644
index 0000000..5270174
--- /dev/null
+++ b/jnlib/t-support.h
@@ -0,0 +1,50 @@
+/* t-support.h - Helper for the regression tests
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef LIBJNLIB_T_SUPPORT_H
+#define LIBJNLIB_T_SUPPORT_H 1
+
+#ifdef GCRYPT_VERSION
+#error The regression tests should not include with gcrypt.h
+#endif
+
+/* Repalcement prototypes. */
+void *gcry_xmalloc (size_t n);
+void *gcry_xcalloc (size_t n, size_t m);
+void *gcry_xrealloc (void *a, size_t n);
+char *gcry_xstrdup (const char * a);
+void gcry_free (void *a);
+
+/* Map the used xmalloc functions to those implemented by t-support.c */
+#define xmalloc(a) gcry_xmalloc ( (a) )
+#define xcalloc(a,b) gcry_xcalloc ( (a), (b) )
+#define xrealloc(a,n) gcry_xrealloc ( (a), (n) )
+#define xstrdup(a) gcry_xstrdup ( (a) )
+#define xfree(a) gcry_free ( (a) )
+
+
+/* Macros to print the result of a test. */
+#define pass() do { ; } while(0)
+#define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\
+ __FILE__,__LINE__, (a)); \
+ exit (1); \
+ } while(0)
+
+
+#endif /*LIBJNLIB_T_SUPPORT_H*/
diff --git a/jnlib/types.h b/jnlib/types.h
new file mode 100644
index 0000000..62fa047
--- /dev/null
+++ b/jnlib/types.h
@@ -0,0 +1,114 @@
+/* types.h - define some extra types
+ * Copyright (C) 1999, 2000, 2001, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef LIBJNLIB_TYPES_H
+#define LIBJNLIB_TYPES_H
+
+/* The AC_CHECK_SIZEOF() in configure fails for some machines.
+ * we provide some fallback values here */
+#if !SIZEOF_UNSIGNED_SHORT
+# undef SIZEOF_UNSIGNED_SHORT
+# define SIZEOF_UNSIGNED_SHORT 2
+#endif
+#if !SIZEOF_UNSIGNED_INT
+# undef SIZEOF_UNSIGNED_INT
+# define SIZEOF_UNSIGNED_INT 4
+#endif
+#if !SIZEOF_UNSIGNED_LONG
+# undef SIZEOF_UNSIGNED_LONG
+# define SIZEOF_UNSIGNED_LONG 4
+#endif
+
+
+#include <sys/types.h>
+
+
+#ifndef HAVE_BYTE_TYPEDEF
+# undef byte /* There might be a macro with this name. */
+/* Windows typedefs byte in the rpc headers. Avoid warning about
+ double definition. */
+#if !(defined(_WIN32) && defined(cbNDRContext))
+ typedef unsigned char byte;
+#endif
+# define HAVE_BYTE_TYPEDEF
+#endif
+
+#ifndef HAVE_USHORT_TYPEDEF
+# undef ushort /* There might be a macro with this name. */
+ typedef unsigned short ushort;
+# define HAVE_USHORT_TYPEDEF
+#endif
+
+#ifndef HAVE_ULONG_TYPEDEF
+# undef ulong /* There might be a macro with this name. */
+ typedef unsigned long ulong;
+# define HAVE_ULONG_TYPEDEF
+#endif
+
+#ifndef HAVE_U16_TYPEDEF
+# undef u16 /* There might be a macro with this name. */
+# if SIZEOF_UNSIGNED_INT == 2
+ typedef unsigned int u16;
+# elif SIZEOF_UNSIGNED_SHORT == 2
+ typedef unsigned short u16;
+# else
+# error no typedef for u16
+# endif
+# define HAVE_U16_TYPEDEF
+#endif
+
+#ifndef HAVE_U32_TYPEDEF
+# undef u32 /* There might be a macro with this name. */
+# if SIZEOF_UNSIGNED_INT == 4
+ typedef unsigned int u32;
+# elif SIZEOF_UNSIGNED_LONG == 4
+ typedef unsigned long u32;
+# else
+# error no typedef for u32
+# endif
+# define HAVE_U32_TYPEDEF
+#endif
+
+#ifndef HAVE_U64_TYPEDEF
+# undef u64 /* There might be a macro with this name. */
+# if SIZEOF_UNSIGNED_INT == 8
+ typedef unsigned int u64;
+# define HAVE_U64_TYPEDEF
+# elif SIZEOF_UNSIGNED_LONG == 8
+ typedef unsigned long u64;
+# define HAVE_U64_TYPEDEF
+# elif __GNUC__ >= 2 || defined(__SUNPRO_C)
+ typedef unsigned long long u64;
+# define HAVE_U64_TYPEDEF
+# endif
+#endif
+
+
+/* Some GCC attributes. Note that we use also define some in
+ mischelp.h, but this header and types.h are not always included.
+ Should eventually be put into one file (e.g. nlib-common.h). */
+#if __GNUC__ >= 4
+# define GNUPG_GCC_A_SENTINEL(a) __attribute__ ((sentinel(a)))
+#else
+# define GNUPG_GCC_A_SENTINEL(a)
+#endif
+
+
+
+#endif /*LIBJNLIB_TYPES_H*/
diff --git a/jnlib/utf8conv.c b/jnlib/utf8conv.c
new file mode 100644
index 0000000..fee4dc6
--- /dev/null
+++ b/jnlib/utf8conv.c
@@ -0,0 +1,738 @@
+/* utf8conf.c - UTF8 character set conversion
+ * Copyright (C) 1994, 1998, 1999, 2000, 2001,
+ * 2003, 2006, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <ctype.h>
+#ifdef HAVE_LANGINFO_CODESET
+#include <langinfo.h>
+#endif
+#include <errno.h>
+#ifndef HAVE_W32_SYSTEM
+# include <iconv.h>
+#endif
+
+#include "libjnlib-config.h"
+#include "stringhelp.h"
+#include "dynload.h"
+#include "utf8conv.h"
+
+#ifndef MB_LEN_MAX
+#define MB_LEN_MAX 16
+#endif
+
+static const char *active_charset_name = "iso-8859-1";
+static int no_translation; /* Set to true if we let simply pass through. */
+static int use_iconv; /* iconv comversion fucntions required. */
+
+
+/* Under W32 we dlopen the iconv dll and don't require any iconv
+ related headers at all. However we need to define some stuff. */
+#ifdef HAVE_W32_SYSTEM
+typedef void *iconv_t;
+#ifndef ICONV_CONST
+#define ICONV_CONST const
+#endif
+static iconv_t (* __stdcall iconv_open) (const char *tocode,
+ const char *fromcode);
+static size_t (* __stdcall iconv) (iconv_t cd,
+ const char **inbuf, size_t *inbytesleft,
+ char **outbuf, size_t *outbytesleft);
+static int (* __stdcall iconv_close) (iconv_t cd);
+
+static int
+load_libiconv (void)
+{
+ static int done;
+
+ if (!done)
+ {
+ void *handle;
+
+ done = 1; /* Do it right now because we might get called recursivly
+ through gettext. */
+
+ handle = dlopen ("iconv.dll", RTLD_LAZY);
+ if (handle)
+ {
+ iconv_open = dlsym (handle, "libiconv_open");
+ if (iconv_open)
+ iconv = dlsym (handle, "libiconv");
+ if (iconv)
+ iconv_close = dlsym (handle, "libiconv_close");
+ }
+ if (!handle || !iconv_close)
+ {
+ log_info (_("error loading `%s': %s\n"),
+ "iconv.dll", dlerror ());
+ log_info (_("please see %s for more information\n"),
+ "http://www.gnupg.org/download/iconv.html");
+ iconv_open = NULL;
+ iconv = NULL;
+ iconv_close = NULL;
+ if (handle)
+ dlclose (handle);
+ }
+ }
+ return iconv_open? 0: -1;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+/* Error handler for iconv failures. This is needed to not clutter the
+ output with repeated diagnostics about a missing conversion. */
+static void
+handle_iconv_error (const char *to, const char *from, int use_fallback)
+{
+ if (errno == EINVAL)
+ {
+ static int shown1, shown2;
+ int x;
+
+ if (to && !strcmp (to, "utf-8"))
+ {
+ x = shown1;
+ shown1 = 1;
+ }
+ else
+ {
+ x = shown2;
+ shown2 = 1;
+ }
+
+ if (!x)
+ log_info (_("conversion from `%s' to `%s' not available\n"),
+ from, to);
+ }
+ else
+ {
+ static int shown;
+
+ if (!shown)
+ log_info (_("iconv_open failed: %s\n"), strerror (errno));
+ shown = 1;
+ }
+
+ if (use_fallback)
+ {
+ /* To avoid further error messages we fallback to Latin-1 for the
+ native encoding. This is justified as one can expect that on a
+ utf-8 enabled system nl_langinfo() will work and thus we won't
+ never get to here. Thus Latin-1 seems to be a reasonable
+ default. */
+ active_charset_name = "iso-8859-1";
+ no_translation = 0;
+ use_iconv = 0;
+ }
+}
+
+
+
+int
+set_native_charset (const char *newset)
+{
+ const char *full_newset;
+
+ if (!newset)
+ {
+#ifdef HAVE_W32_SYSTEM
+ static char codepage[30];
+ unsigned int cpno;
+ const char *aliases;
+
+ /* We are a console program thus we need to use the
+ GetConsoleOutputCP function and not the the GetACP which
+ would give the codepage for a GUI program. Note this is not
+ a bulletproof detection because GetConsoleCP might return a
+ different one for console input. Not sure how to cope with
+ that. If the console Code page is not known we fall back to
+ the system code page. */
+ cpno = GetConsoleOutputCP ();
+ if (!cpno)
+ cpno = GetACP ();
+ sprintf (codepage, "CP%u", cpno );
+ /* Resolve alias. We use a long string string and not the usual
+ array to optimize if the code is taken to a DSO. Taken from
+ libiconv 1.9.2. */
+ newset = codepage;
+ for (aliases = ("CP936" "\0" "GBK" "\0"
+ "CP1361" "\0" "JOHAB" "\0"
+ "CP20127" "\0" "ASCII" "\0"
+ "CP20866" "\0" "KOI8-R" "\0"
+ "CP21866" "\0" "KOI8-RU" "\0"
+ "CP28591" "\0" "ISO-8859-1" "\0"
+ "CP28592" "\0" "ISO-8859-2" "\0"
+ "CP28593" "\0" "ISO-8859-3" "\0"
+ "CP28594" "\0" "ISO-8859-4" "\0"
+ "CP28595" "\0" "ISO-8859-5" "\0"
+ "CP28596" "\0" "ISO-8859-6" "\0"
+ "CP28597" "\0" "ISO-8859-7" "\0"
+ "CP28598" "\0" "ISO-8859-8" "\0"
+ "CP28599" "\0" "ISO-8859-9" "\0"
+ "CP28605" "\0" "ISO-8859-15" "\0"
+ "CP65001" "\0" "UTF-8" "\0");
+ *aliases;
+ aliases += strlen (aliases) + 1, aliases += strlen (aliases) + 1)
+ {
+ if (!strcmp (codepage, aliases) ||(*aliases == '*' && !aliases[1]))
+ {
+ newset = aliases + strlen (aliases) + 1;
+ break;
+ }
+ }
+
+#else /*!HAVE_W32_SYSTEM*/
+
+#ifdef HAVE_LANGINFO_CODESET
+ newset = nl_langinfo (CODESET);
+#else /*!HAVE_LANGINFO_CODESET*/
+ /* Try to get the used charset from environment variables. */
+ static char codepage[30];
+ const char *lc, *dot, *mod;
+
+ strcpy (codepage, "iso-8859-1");
+ lc = getenv ("LC_ALL");
+ if (!lc || !*lc)
+ {
+ lc = getenv ("LC_CTYPE");
+ if (!lc || !*lc)
+ lc = getenv ("LANG");
+ }
+ if (lc && *lc)
+ {
+ dot = strchr (lc, '.');
+ if (dot)
+ {
+ mod = strchr (++dot, '@');
+ if (!mod)
+ mod = dot + strlen (dot);
+ if (mod - dot < sizeof codepage && dot != mod)
+ {
+ memcpy (codepage, dot, mod - dot);
+ codepage [mod - dot] = 0;
+ }
+ }
+ }
+ newset = codepage;
+#endif /*!HAVE_LANGINFO_CODESET*/
+#endif /*!HAVE_W32_SYSTEM*/
+ }
+
+ full_newset = newset;
+ if (strlen (newset) > 3 && !ascii_memcasecmp (newset, "iso", 3))
+ {
+ newset += 3;
+ if (*newset == '-' || *newset == '_')
+ newset++;
+ }
+
+ /* Note that we silently assume that plain ASCII is actually meant
+ as Latin-1. This makes sense because many Unix system don't have
+ their locale set up properly and thus would get annoying error
+ messages and we have to handle all the "bug" reports. Latin-1 has
+ always been the character set used for 8 bit characters on Unix
+ systems. */
+ if ( !*newset
+ || !ascii_strcasecmp (newset, "8859-1" )
+ || !ascii_strcasecmp (newset, "646" )
+ || !ascii_strcasecmp (newset, "ASCII" )
+ || !ascii_strcasecmp (newset, "ANSI_X3.4-1968" )
+ )
+ {
+ active_charset_name = "iso-8859-1";
+ no_translation = 0;
+ use_iconv = 0;
+ }
+ else if ( !ascii_strcasecmp (newset, "utf8" )
+ || !ascii_strcasecmp(newset, "utf-8") )
+ {
+ active_charset_name = "utf-8";
+ no_translation = 1;
+ use_iconv = 0;
+ }
+ else
+ {
+ iconv_t cd;
+
+#ifdef HAVE_W32_SYSTEM
+ if (load_libiconv ())
+ return -1;
+#endif /*HAVE_W32_SYSTEM*/
+
+ cd = iconv_open (full_newset, "utf-8");
+ if (cd == (iconv_t)-1)
+ {
+ handle_iconv_error (full_newset, "utf-8", 0);
+ return -1;
+ }
+ iconv_close (cd);
+ cd = iconv_open ("utf-8", full_newset);
+ if (cd == (iconv_t)-1)
+ {
+ handle_iconv_error ("utf-8", full_newset, 0);
+ return -1;
+ }
+ iconv_close (cd);
+ active_charset_name = full_newset;
+ no_translation = 0;
+ use_iconv = 1;
+ }
+ return 0;
+}
+
+const char *
+get_native_charset ()
+{
+ return active_charset_name;
+}
+
+/* Return true if the native charset is utf-8. */
+int
+is_native_utf8 (void)
+{
+ return no_translation;
+}
+
+
+/* Convert string, which is in native encoding to UTF8 and return a
+ new allocated UTF-8 string. This function terminates the process
+ on memory shortage. */
+char *
+native_to_utf8 (const char *orig_string)
+{
+ const unsigned char *string = (const unsigned char *)orig_string;
+ const unsigned char *s;
+ char *buffer;
+ unsigned char *p;
+ size_t length = 0;
+
+ if (no_translation)
+ {
+ /* Already utf-8 encoded. */
+ buffer = jnlib_xstrdup (orig_string);
+ }
+ else if (!use_iconv)
+ {
+ /* For Latin-1 we can avoid the iconv overhead. */
+ for (s = string; *s; s++)
+ {
+ length++;
+ if (*s & 0x80)
+ length++;
+ }
+ buffer = jnlib_xmalloc (length + 1);
+ for (p = (unsigned char *)buffer, s = string; *s; s++)
+ {
+ if ( (*s & 0x80 ))
+ {
+ *p++ = 0xc0 | ((*s >> 6) & 3);
+ *p++ = 0x80 | (*s & 0x3f);
+ }
+ else
+ *p++ = *s;
+ }
+ *p = 0;
+ }
+ else
+ {
+ /* Need to use iconv. */
+ iconv_t cd;
+ const char *inptr;
+ char *outptr;
+ size_t inbytes, outbytes;
+
+ cd = iconv_open ("utf-8", active_charset_name);
+ if (cd == (iconv_t)-1)
+ {
+ handle_iconv_error ("utf-8", active_charset_name, 1);
+ return native_to_utf8 (string);
+ }
+
+ for (s=string; *s; s++ )
+ {
+ length++;
+ if ((*s & 0x80))
+ length += 5; /* We may need up to 6 bytes for the utf8 output. */
+ }
+ buffer = jnlib_xmalloc (length + 1);
+
+ inptr = string;
+ inbytes = strlen (string);
+ outptr = buffer;
+ outbytes = length;
+ if ( iconv (cd, (ICONV_CONST char **)&inptr, &inbytes,
+ &outptr, &outbytes) == (size_t)-1)
+ {
+ static int shown;
+
+ if (!shown)
+ log_info (_("conversion from `%s' to `%s' failed: %s\n"),
+ active_charset_name, "utf-8", strerror (errno));
+ shown = 1;
+ /* We don't do any conversion at all but use the strings as is. */
+ strcpy (buffer, string);
+ }
+ else /* Success. */
+ {
+ *outptr = 0;
+ /* We could realloc the buffer now but I doubt that it makes
+ much sense given that it will get freed anyway soon
+ after. */
+ }
+ iconv_close (cd);
+ }
+ return buffer;
+}
+
+
+
+static char *
+do_utf8_to_native (const char *string, size_t length, int delim,
+ int with_iconv)
+{
+ int nleft;
+ int i;
+ unsigned char encbuf[8];
+ int encidx;
+ const unsigned char *s;
+ size_t n;
+ char *buffer = NULL;
+ char *p = NULL;
+ unsigned long val = 0;
+ size_t slen;
+ int resync = 0;
+
+ /* First pass (p==NULL): count the extended utf-8 characters. */
+ /* Second pass (p!=NULL): create string. */
+ for (;;)
+ {
+ for (slen = length, nleft = encidx = 0, n = 0,
+ s = (const unsigned char *)string;
+ slen;
+ s++, slen--)
+ {
+ if (resync)
+ {
+ if (!(*s < 128 || (*s >= 0xc0 && *s <= 0xfd)))
+ {
+ /* Still invalid. */
+ if (p)
+ {
+ sprintf (p, "\\x%02x", *s);
+ p += 4;
+ }
+ n += 4;
+ continue;
+ }
+ resync = 0;
+ }
+ if (!nleft)
+ {
+ if (!(*s & 0x80))
+ {
+ /* Plain ascii. */
+ if ( delim != -1
+ && (*s < 0x20 || *s == 0x7f || *s == delim
+ || (delim && *s == '\\')))
+ {
+ n++;
+ if (p)
+ *p++ = '\\';
+ switch (*s)
+ {
+ case '\n': n++; if ( p ) *p++ = 'n'; break;
+ case '\r': n++; if ( p ) *p++ = 'r'; break;
+ case '\f': n++; if ( p ) *p++ = 'f'; break;
+ case '\v': n++; if ( p ) *p++ = 'v'; break;
+ case '\b': n++; if ( p ) *p++ = 'b'; break;
+ case 0: n++; if ( p ) *p++ = '0'; break;
+ default:
+ n += 3;
+ if (p)
+ {
+ sprintf (p, "x%02x", *s);
+ p += 3;
+ }
+ break;
+ }
+ }
+ else
+ {
+ if (p)
+ *p++ = *s;
+ n++;
+ }
+ }
+ else if ((*s & 0xe0) == 0xc0) /* 110x xxxx */
+ {
+ val = *s & 0x1f;
+ nleft = 1;
+ encidx = 0;
+ encbuf[encidx++] = *s;
+ }
+ else if ((*s & 0xf0) == 0xe0) /* 1110 xxxx */
+ {
+ val = *s & 0x0f;
+ nleft = 2;
+ encidx = 0;
+ encbuf[encidx++] = *s;
+ }
+ else if ((*s & 0xf8) == 0xf0) /* 1111 0xxx */
+ {
+ val = *s & 0x07;
+ nleft = 3;
+ encidx = 0;
+ encbuf[encidx++] = *s;
+ }
+ else if ((*s & 0xfc) == 0xf8) /* 1111 10xx */
+ {
+ val = *s & 0x03;
+ nleft = 4;
+ encidx = 0;
+ encbuf[encidx++] = *s;
+ }
+ else if ((*s & 0xfe) == 0xfc) /* 1111 110x */
+ {
+ val = *s & 0x01;
+ nleft = 5;
+ encidx = 0;
+ encbuf[encidx++] = *s;
+ }
+ else /* Invalid encoding: print as \xNN. */
+ {
+ if (p)
+ {
+ sprintf (p, "\\x%02x", *s);
+ p += 4;
+ }
+ n += 4;
+ resync = 1;
+ }
+ }
+ else if (*s < 0x80 || *s >= 0xc0) /* Invalid utf-8 */
+ {
+ if (p)
+ {
+ for (i = 0; i < encidx; i++)
+ {
+ sprintf (p, "\\x%02x", encbuf[i]);
+ p += 4;
+ }
+ sprintf (p, "\\x%02x", *s);
+ p += 4;
+ }
+ n += 4 + 4 * encidx;
+ nleft = 0;
+ encidx = 0;
+ resync = 1;
+ }
+ else
+ {
+ encbuf[encidx++] = *s;
+ val <<= 6;
+ val |= *s & 0x3f;
+ if (!--nleft) /* Ready. */
+ {
+ if (no_translation)
+ {
+ if (p)
+ {
+ for (i = 0; i < encidx; i++)
+ *p++ = encbuf[i];
+ }
+ n += encidx;
+ encidx = 0;
+ }
+ else if (with_iconv)
+ {
+ /* Our strategy for using iconv is a bit strange
+ but it better keeps compatibility with
+ previous versions in regard to how invalid
+ encodings are displayed. What we do is to
+ keep the utf-8 as is and have the real
+ translation step then at the end. Yes, I
+ know that this is ugly. However we are short
+ of the 1.4 release and for this branch we
+ should not mess too much around with iconv
+ things. One reason for this is that we don't
+ know enough about non-GNU iconv
+ implementation and want to minimize the risk
+ of breaking the code on too many platforms. */
+ if ( p )
+ {
+ for (i=0; i < encidx; i++ )
+ *p++ = encbuf[i];
+ }
+ n += encidx;
+ encidx = 0;
+ }
+ else /* Latin-1 case. */
+ {
+ if (val >= 0x80 && val < 256)
+ {
+ /* We can simply print this character */
+ n++;
+ if (p)
+ *p++ = val;
+ }
+ else
+ {
+ /* We do not have a translation: print utf8. */
+ if (p)
+ {
+ for (i = 0; i < encidx; i++)
+ {
+ sprintf (p, "\\x%02x", encbuf[i]);
+ p += 4;
+ }
+ }
+ n += encidx * 4;
+ encidx = 0;
+ }
+ }
+ }
+
+ }
+ }
+ if (!buffer)
+ {
+ /* Allocate the buffer after the first pass. */
+ buffer = p = jnlib_xmalloc (n + 1);
+ }
+ else if (with_iconv)
+ {
+ /* Note: See above for comments. */
+ iconv_t cd;
+ const char *inptr;
+ char *outbuf, *outptr;
+ size_t inbytes, outbytes;
+
+ *p = 0; /* Terminate the buffer. */
+
+ cd = iconv_open (active_charset_name, "utf-8");
+ if (cd == (iconv_t)-1)
+ {
+ handle_iconv_error (active_charset_name, "utf-8", 1);
+ jnlib_free (buffer);
+ return utf8_to_native (string, length, delim);
+ }
+
+ /* Allocate a new buffer large enough to hold all possible
+ encodings. */
+ n = p - buffer + 1;
+ inbytes = n - 1;;
+ inptr = buffer;
+ outbytes = n * MB_LEN_MAX;
+ if (outbytes / MB_LEN_MAX != n)
+ BUG (); /* Actually an overflow. */
+ outbuf = outptr = jnlib_xmalloc (outbytes);
+ if ( iconv (cd, (ICONV_CONST char **)&inptr, &inbytes,
+ &outptr, &outbytes) == (size_t)-1)
+ {
+ static int shown;
+
+ if (!shown)
+ log_info (_("conversion from `%s' to `%s' failed: %s\n"),
+ "utf-8", active_charset_name, strerror (errno));
+ shown = 1;
+ /* Didn't worked out. Try again but without iconv. */
+ jnlib_free (buffer);
+ buffer = NULL;
+ jnlib_free (outbuf);
+ outbuf = do_utf8_to_native (string, length, delim, 0);
+ }
+ else /* Success. */
+ {
+ *outptr = 0; /* Make sure it is a string. */
+ /* We could realloc the buffer now but I doubt that it
+ makes much sense given that it will get freed
+ anyway soon after. */
+ jnlib_free (buffer);
+ }
+ iconv_close (cd);
+ return outbuf;
+ }
+ else /* Not using iconv. */
+ {
+ *p = 0; /* Make sure it is a string. */
+ return buffer;
+ }
+ }
+}
+
+/* Convert string, which is in UTF-8 to native encoding. Replace
+ illegal encodings by some "\xnn" and quote all control
+ characters. A character with value DELIM will always be quoted, it
+ must be a vanilla ASCII character. A DELIM value of -1 is special:
+ it disables all quoting of control characters. This function
+ terminates the process on memory shortage. */
+char *
+utf8_to_native (const char *string, size_t length, int delim)
+{
+ return do_utf8_to_native (string, length, delim, use_iconv);
+}
+
+
+
+
+/* Wrapper function for iconv_open, required for W32 as we dlopen that
+ library on that system. */
+jnlib_iconv_t
+jnlib_iconv_open (const char *tocode, const char *fromcode)
+{
+#ifdef HAVE_W32_SYSTEM
+ if (load_libiconv ())
+ return (jnlib_iconv_t)(-1);
+#endif /*HAVE_W32_SYSTEM*/
+
+ return (jnlib_iconv_t)iconv_open (tocode, fromcode);
+}
+
+
+/* Wrapper function for iconv, required for W32 as we dlopen that
+ library on that system. */
+size_t
+jnlib_iconv (jnlib_iconv_t cd,
+ const char **inbuf, size_t *inbytesleft,
+ char **outbuf, size_t *outbytesleft)
+{
+
+#ifdef HAVE_W32_SYSTEM
+ if (load_libiconv ())
+ return 0;
+#endif /*HAVE_W32_SYSTEM*/
+
+ return iconv ((iconv_t)cd, (char**)inbuf, inbytesleft, outbuf, outbytesleft);
+}
+
+/* Wrapper function for iconv_close, required for W32 as we dlopen that
+ library on that system. */
+int
+jnlib_iconv_close (jnlib_iconv_t cd)
+{
+#ifdef HAVE_W32_SYSTEM
+ if (load_libiconv ())
+ return 0;
+#endif /*HAVE_W32_SYSTEM*/
+
+ return iconv_close ((iconv_t)cd);
+}
diff --git a/jnlib/utf8conv.h b/jnlib/utf8conv.h
new file mode 100644
index 0000000..e800f81
--- /dev/null
+++ b/jnlib/utf8conv.h
@@ -0,0 +1,41 @@
+/* utf8conf.h
+ * Copyright (C) 2003, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef LIBJNLIB_UTF8CONF_H
+#define LIBJNLIB_UTF8CONF_H
+
+int set_native_charset (const char *newset);
+const char *get_native_charset (void);
+int is_native_utf8 (void);
+
+char *native_to_utf8 (const char *string);
+char *utf8_to_native (const char *string, size_t length, int delim);
+
+
+/* Silly wrappers, required for W32 portability. */
+typedef void *jnlib_iconv_t;
+
+jnlib_iconv_t jnlib_iconv_open (const char *tocode, const char *fromcode);
+size_t jnlib_iconv (jnlib_iconv_t cd, const char **inbuf, size_t *inbytesleft,
+ char **outbuf, size_t *outbytesleft);
+int jnlib_iconv_close (jnlib_iconv_t cd);
+
+
+
+#endif /*LIBJNLIB_UTF8CONF_H*/
diff --git a/jnlib/w32-afunix.c b/jnlib/w32-afunix.c
new file mode 100644
index 0000000..6365394
--- /dev/null
+++ b/jnlib/w32-afunix.c
@@ -0,0 +1,137 @@
+/* w32-afunix.c - AF_UNIX emulation for Windows (Client only).
+ * Copyright (C) 2004, 2006 g10 Code GmbH
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* Use of this code is preprecated - you better use the sockt wrappers
+ from libassuan. */
+
+#ifdef _WIN32
+#include <stdio.h>
+#include <stdlib.h>
+#define WIN32_LEAN_AND_MEAN
+#include <windows.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <io.h>
+#include <errno.h>
+
+#include "w32-afunix.h"
+
+
+
+/* The buffer for NONCE needs to be at least 16 bytes. Returns 0 on
+ success. */
+static int
+read_port_and_nonce (const char *fname, unsigned short *port, char *nonce)
+{
+ FILE *fp;
+ char buffer[50], *p;
+ size_t nread;
+ int aval;
+
+ fp = fopen (fname, "rb");
+ if (!fp)
+ return -1;
+ nread = fread (buffer, 1, sizeof buffer - 1, fp);
+ fclose (fp);
+ if (!nread)
+ {
+ errno = ENOFILE;
+ return -1;
+ }
+ buffer[nread] = 0;
+ aval = atoi (buffer);
+ if (aval < 1 || aval > 65535)
+ {
+ errno = EINVAL;
+ return -1;
+ }
+ *port = (unsigned int)aval;
+ for (p=buffer; nread && *p != '\n'; p++, nread--)
+ ;
+ if (*p != '\n' || nread != 17)
+ {
+ errno = EINVAL;
+ return -1;
+ }
+ p++; nread--;
+ memcpy (nonce, p, 16);
+ return 0;
+}
+
+
+
+int
+_w32_close (int fd)
+{
+ int rc = closesocket (fd);
+ if (rc && WSAGetLastError () == WSAENOTSOCK)
+ rc = close (fd);
+ return rc;
+}
+
+
+int
+_w32_sock_new (int domain, int type, int proto)
+{
+ if (domain == AF_UNIX || domain == AF_LOCAL)
+ domain = AF_INET;
+ return socket (domain, type, proto);
+}
+
+
+int
+_w32_sock_connect (int sockfd, struct sockaddr *addr, int addrlen)
+{
+ struct sockaddr_in myaddr;
+ struct sockaddr_un *unaddr;
+ unsigned short port;
+ char nonce[16];
+ int ret;
+
+ (void)addrlen;
+
+ unaddr = (struct sockaddr_un *)addr;
+ if (read_port_and_nonce (unaddr->sun_path, &port, nonce))
+ return -1;
+
+ myaddr.sin_family = AF_INET;
+ myaddr.sin_port = htons (port);
+ myaddr.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
+
+ /* Set return values. */
+ unaddr->sun_family = myaddr.sin_family;
+ unaddr->sun_port = myaddr.sin_port;
+ unaddr->sun_addr.s_addr = myaddr.sin_addr.s_addr;
+
+ ret = connect (sockfd, (struct sockaddr *)&myaddr, sizeof myaddr);
+ if (!ret)
+ {
+ /* Send the nonce. */
+ ret = send (sockfd, nonce, 16, 0);
+ if (ret >= 0 && ret != 16)
+ {
+ errno = EIO;
+ ret = -1;
+ }
+ }
+ return ret;
+}
+
+
+#endif /*_WIN32*/
diff --git a/jnlib/w32-afunix.h b/jnlib/w32-afunix.h
new file mode 100644
index 0000000..6b8f3f9
--- /dev/null
+++ b/jnlib/w32-afunix.h
@@ -0,0 +1,49 @@
+/* w32-afunix.h - AF_UNIX emulation for Windows
+ * Copyright (C) 2004, 2006 g10 Code GmbH
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef _WIN32
+#ifndef W32AFUNIX_DEFS_H
+#define W32AFUNIX_DEFS_H
+
+#include <sys/types.h>
+#include <windows.h>
+#include <ws2tcpip.h>
+#include <unistd.h>
+
+#define DIRSEP_C '\\'
+
+#define AF_LOCAL AF_UNIX
+/* We need to prefix the structure with a sockaddr_in header so we can
+ use it later for sendto and recvfrom. */
+struct sockaddr_un
+{
+ short sun_family;
+ unsigned short sun_port;
+ struct in_addr sun_addr;
+ char sun_path[108-2-4]; /* Path name. */
+};
+
+
+int _w32_close (int fd);
+int _w32_sock_new (int domain, int type, int proto);
+int _w32_sock_connect (int sockfd, struct sockaddr *addr, int addrlen);
+
+
+#endif /*W32AFUNIX_DEFS_H*/
+#endif /*_WIN32*/
diff --git a/jnlib/w32-gettext.c b/jnlib/w32-gettext.c
new file mode 100644
index 0000000..834b2aa
--- /dev/null
+++ b/jnlib/w32-gettext.c
@@ -0,0 +1,1703 @@
+/* w32-gettext.h - A simple gettext implementation for Windows targets.
+ Copyright (C) 1995, 1996, 1997, 1999, 2005, 2007,
+ 2008 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public License
+ as published by the Free Software Foundation; either version 2.1 of
+ the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#if HAVE_CONFIG_H
+#include <config.h>
+#endif
+#if !defined (_WIN32) && !defined (__CYGWIN32__)
+# error This module may only be build for Windows or Cygwin32
+#endif
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <ctype.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdint.h>
+#include <locale.h>
+#include <windows.h>
+
+#ifdef JNLIB_IN_JNLIB
+#include "libjnlib-config.h"
+#endif
+
+#ifndef jnlib_malloc
+# define jnlib_malloc(a) malloc ((a))
+# define jnlib_calloc(a,b) calloc ((a), (b))
+# define jnlib_free(a) free ((a))
+# define jnlib_xstrdup(a) my_xstrdup(a)
+#endif /*!jnlib_malloc*/
+
+
+
+/* localname.c from gettext BEGIN. */
+
+/* Determine the current selected locale.
+ Copyright (C) 1995-1999, 2000-2003 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Library General Public
+ License along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ USA. */
+
+/* Written by Ulrich Drepper <drepper@gnu.org>, 1995. */
+/* Win32 code written by Tor Lillqvist <tml@iki.fi>. */
+/* Renamed _nl_locale_name, removed unsed args, removed include files,
+ non-W32 code and changed comments <wk@gnupg.org>. */
+
+/* Mingw headers don't have latest language and sublanguage codes. */
+#ifndef LANG_AFRIKAANS
+#define LANG_AFRIKAANS 0x36
+#endif
+#ifndef LANG_ALBANIAN
+#define LANG_ALBANIAN 0x1c
+#endif
+#ifndef LANG_AMHARIC
+#define LANG_AMHARIC 0x5e
+#endif
+#ifndef LANG_ARABIC
+#define LANG_ARABIC 0x01
+#endif
+#ifndef LANG_ARMENIAN
+#define LANG_ARMENIAN 0x2b
+#endif
+#ifndef LANG_ASSAMESE
+#define LANG_ASSAMESE 0x4d
+#endif
+#ifndef LANG_AZERI
+#define LANG_AZERI 0x2c
+#endif
+#ifndef LANG_BASQUE
+#define LANG_BASQUE 0x2d
+#endif
+#ifndef LANG_BELARUSIAN
+#define LANG_BELARUSIAN 0x23
+#endif
+#ifndef LANG_BENGALI
+#define LANG_BENGALI 0x45
+#endif
+#ifndef LANG_BURMESE
+#define LANG_BURMESE 0x55
+#endif
+#ifndef LANG_CAMBODIAN
+#define LANG_CAMBODIAN 0x53
+#endif
+#ifndef LANG_CATALAN
+#define LANG_CATALAN 0x03
+#endif
+#ifndef LANG_CHEROKEE
+#define LANG_CHEROKEE 0x5c
+#endif
+#ifndef LANG_DIVEHI
+#define LANG_DIVEHI 0x65
+#endif
+#ifndef LANG_EDO
+#define LANG_EDO 0x66
+#endif
+#ifndef LANG_ESTONIAN
+#define LANG_ESTONIAN 0x25
+#endif
+#ifndef LANG_FAEROESE
+#define LANG_FAEROESE 0x38
+#endif
+#ifndef LANG_FARSI
+#define LANG_FARSI 0x29
+#endif
+#ifndef LANG_FRISIAN
+#define LANG_FRISIAN 0x62
+#endif
+#ifndef LANG_FULFULDE
+#define LANG_FULFULDE 0x67
+#endif
+#ifndef LANG_GAELIC
+#define LANG_GAELIC 0x3c
+#endif
+#ifndef LANG_GALICIAN
+#define LANG_GALICIAN 0x56
+#endif
+#ifndef LANG_GEORGIAN
+#define LANG_GEORGIAN 0x37
+#endif
+#ifndef LANG_GUARANI
+#define LANG_GUARANI 0x74
+#endif
+#ifndef LANG_GUJARATI
+#define LANG_GUJARATI 0x47
+#endif
+#ifndef LANG_HAUSA
+#define LANG_HAUSA 0x68
+#endif
+#ifndef LANG_HAWAIIAN
+#define LANG_HAWAIIAN 0x75
+#endif
+#ifndef LANG_HEBREW
+#define LANG_HEBREW 0x0d
+#endif
+#ifndef LANG_HINDI
+#define LANG_HINDI 0x39
+#endif
+#ifndef LANG_IBIBIO
+#define LANG_IBIBIO 0x69
+#endif
+#ifndef LANG_IGBO
+#define LANG_IGBO 0x70
+#endif
+#ifndef LANG_INDONESIAN
+#define LANG_INDONESIAN 0x21
+#endif
+#ifndef LANG_INUKTITUT
+#define LANG_INUKTITUT 0x5d
+#endif
+#ifndef LANG_KANNADA
+#define LANG_KANNADA 0x4b
+#endif
+#ifndef LANG_KANURI
+#define LANG_KANURI 0x71
+#endif
+#ifndef LANG_KASHMIRI
+#define LANG_KASHMIRI 0x60
+#endif
+#ifndef LANG_KAZAK
+#define LANG_KAZAK 0x3f
+#endif
+#ifndef LANG_KONKANI
+#define LANG_KONKANI 0x57
+#endif
+#ifndef LANG_KYRGYZ
+#define LANG_KYRGYZ 0x40
+#endif
+#ifndef LANG_LAO
+#define LANG_LAO 0x54
+#endif
+#ifndef LANG_LATIN
+#define LANG_LATIN 0x76
+#endif
+#ifndef LANG_LATVIAN
+#define LANG_LATVIAN 0x26
+#endif
+#ifndef LANG_LITHUANIAN
+#define LANG_LITHUANIAN 0x27
+#endif
+#ifndef LANG_MACEDONIAN
+#define LANG_MACEDONIAN 0x2f
+#endif
+#ifndef LANG_MALAY
+#define LANG_MALAY 0x3e
+#endif
+#ifndef LANG_MALAYALAM
+#define LANG_MALAYALAM 0x4c
+#endif
+#ifndef LANG_MALTESE
+#define LANG_MALTESE 0x3a
+#endif
+#ifndef LANG_MANIPURI
+#define LANG_MANIPURI 0x58
+#endif
+#ifndef LANG_MARATHI
+#define LANG_MARATHI 0x4e
+#endif
+#ifndef LANG_MONGOLIAN
+#define LANG_MONGOLIAN 0x50
+#endif
+#ifndef LANG_NEPALI
+#define LANG_NEPALI 0x61
+#endif
+#ifndef LANG_ORIYA
+#define LANG_ORIYA 0x48
+#endif
+#ifndef LANG_OROMO
+#define LANG_OROMO 0x72
+#endif
+#ifndef LANG_PAPIAMENTU
+#define LANG_PAPIAMENTU 0x79
+#endif
+#ifndef LANG_PASHTO
+#define LANG_PASHTO 0x63
+#endif
+#ifndef LANG_PUNJABI
+#define LANG_PUNJABI 0x46
+#endif
+#ifndef LANG_RHAETO_ROMANCE
+#define LANG_RHAETO_ROMANCE 0x17
+#endif
+#ifndef LANG_SAAMI
+#define LANG_SAAMI 0x3b
+#endif
+#ifndef LANG_SANSKRIT
+#define LANG_SANSKRIT 0x4f
+#endif
+#ifndef LANG_SERBIAN
+#define LANG_SERBIAN 0x1a
+#endif
+#ifndef LANG_SINDHI
+#define LANG_SINDHI 0x59
+#endif
+#ifndef LANG_SINHALESE
+#define LANG_SINHALESE 0x5b
+#endif
+#ifndef LANG_SLOVAK
+#define LANG_SLOVAK 0x1b
+#endif
+#ifndef LANG_SOMALI
+#define LANG_SOMALI 0x77
+#endif
+#ifndef LANG_SORBIAN
+#define LANG_SORBIAN 0x2e
+#endif
+#ifndef LANG_SUTU
+#define LANG_SUTU 0x30
+#endif
+#ifndef LANG_SWAHILI
+#define LANG_SWAHILI 0x41
+#endif
+#ifndef LANG_SYRIAC
+#define LANG_SYRIAC 0x5a
+#endif
+#ifndef LANG_TAGALOG
+#define LANG_TAGALOG 0x64
+#endif
+#ifndef LANG_TAJIK
+#define LANG_TAJIK 0x28
+#endif
+#ifndef LANG_TAMAZIGHT
+#define LANG_TAMAZIGHT 0x5f
+#endif
+#ifndef LANG_TAMIL
+#define LANG_TAMIL 0x49
+#endif
+#ifndef LANG_TATAR
+#define LANG_TATAR 0x44
+#endif
+#ifndef LANG_TELUGU
+#define LANG_TELUGU 0x4a
+#endif
+#ifndef LANG_THAI
+#define LANG_THAI 0x1e
+#endif
+#ifndef LANG_TIBETAN
+#define LANG_TIBETAN 0x51
+#endif
+#ifndef LANG_TIGRINYA
+#define LANG_TIGRINYA 0x73
+#endif
+#ifndef LANG_TSONGA
+#define LANG_TSONGA 0x31
+#endif
+#ifndef LANG_TSWANA
+#define LANG_TSWANA 0x32
+#endif
+#ifndef LANG_TURKMEN
+#define LANG_TURKMEN 0x42
+#endif
+#ifndef LANG_UKRAINIAN
+#define LANG_UKRAINIAN 0x22
+#endif
+#ifndef LANG_URDU
+#define LANG_URDU 0x20
+#endif
+#ifndef LANG_UZBEK
+#define LANG_UZBEK 0x43
+#endif
+#ifndef LANG_VENDA
+#define LANG_VENDA 0x33
+#endif
+#ifndef LANG_VIETNAMESE
+#define LANG_VIETNAMESE 0x2a
+#endif
+#ifndef LANG_WELSH
+#define LANG_WELSH 0x52
+#endif
+#ifndef LANG_XHOSA
+#define LANG_XHOSA 0x34
+#endif
+#ifndef LANG_YI
+#define LANG_YI 0x78
+#endif
+#ifndef LANG_YIDDISH
+#define LANG_YIDDISH 0x3d
+#endif
+#ifndef LANG_YORUBA
+#define LANG_YORUBA 0x6a
+#endif
+#ifndef LANG_ZULU
+#define LANG_ZULU 0x35
+#endif
+#ifndef SUBLANG_ARABIC_SAUDI_ARABIA
+#define SUBLANG_ARABIC_SAUDI_ARABIA 0x01
+#endif
+#ifndef SUBLANG_ARABIC_IRAQ
+#define SUBLANG_ARABIC_IRAQ 0x02
+#endif
+#ifndef SUBLANG_ARABIC_EGYPT
+#define SUBLANG_ARABIC_EGYPT 0x03
+#endif
+#ifndef SUBLANG_ARABIC_LIBYA
+#define SUBLANG_ARABIC_LIBYA 0x04
+#endif
+#ifndef SUBLANG_ARABIC_ALGERIA
+#define SUBLANG_ARABIC_ALGERIA 0x05
+#endif
+#ifndef SUBLANG_ARABIC_MOROCCO
+#define SUBLANG_ARABIC_MOROCCO 0x06
+#endif
+#ifndef SUBLANG_ARABIC_TUNISIA
+#define SUBLANG_ARABIC_TUNISIA 0x07
+#endif
+#ifndef SUBLANG_ARABIC_OMAN
+#define SUBLANG_ARABIC_OMAN 0x08
+#endif
+#ifndef SUBLANG_ARABIC_YEMEN
+#define SUBLANG_ARABIC_YEMEN 0x09
+#endif
+#ifndef SUBLANG_ARABIC_SYRIA
+#define SUBLANG_ARABIC_SYRIA 0x0a
+#endif
+#ifndef SUBLANG_ARABIC_JORDAN
+#define SUBLANG_ARABIC_JORDAN 0x0b
+#endif
+#ifndef SUBLANG_ARABIC_LEBANON
+#define SUBLANG_ARABIC_LEBANON 0x0c
+#endif
+#ifndef SUBLANG_ARABIC_KUWAIT
+#define SUBLANG_ARABIC_KUWAIT 0x0d
+#endif
+#ifndef SUBLANG_ARABIC_UAE
+#define SUBLANG_ARABIC_UAE 0x0e
+#endif
+#ifndef SUBLANG_ARABIC_BAHRAIN
+#define SUBLANG_ARABIC_BAHRAIN 0x0f
+#endif
+#ifndef SUBLANG_ARABIC_QATAR
+#define SUBLANG_ARABIC_QATAR 0x10
+#endif
+#ifndef SUBLANG_AZERI_LATIN
+#define SUBLANG_AZERI_LATIN 0x01
+#endif
+#ifndef SUBLANG_AZERI_CYRILLIC
+#define SUBLANG_AZERI_CYRILLIC 0x02
+#endif
+#ifndef SUBLANG_BENGALI_INDIA
+#define SUBLANG_BENGALI_INDIA 0x01
+#endif
+#ifndef SUBLANG_BENGALI_BANGLADESH
+#define SUBLANG_BENGALI_BANGLADESH 0x02
+#endif
+#ifndef SUBLANG_CHINESE_MACAU
+#define SUBLANG_CHINESE_MACAU 0x05
+#endif
+#ifndef SUBLANG_ENGLISH_SOUTH_AFRICA
+#define SUBLANG_ENGLISH_SOUTH_AFRICA 0x07
+#endif
+#ifndef SUBLANG_ENGLISH_JAMAICA
+#define SUBLANG_ENGLISH_JAMAICA 0x08
+#endif
+#ifndef SUBLANG_ENGLISH_CARIBBEAN
+#define SUBLANG_ENGLISH_CARIBBEAN 0x09
+#endif
+#ifndef SUBLANG_ENGLISH_BELIZE
+#define SUBLANG_ENGLISH_BELIZE 0x0a
+#endif
+#ifndef SUBLANG_ENGLISH_TRINIDAD
+#define SUBLANG_ENGLISH_TRINIDAD 0x0b
+#endif
+#ifndef SUBLANG_ENGLISH_ZIMBABWE
+#define SUBLANG_ENGLISH_ZIMBABWE 0x0c
+#endif
+#ifndef SUBLANG_ENGLISH_PHILIPPINES
+#define SUBLANG_ENGLISH_PHILIPPINES 0x0d
+#endif
+#ifndef SUBLANG_ENGLISH_INDONESIA
+#define SUBLANG_ENGLISH_INDONESIA 0x0e
+#endif
+#ifndef SUBLANG_ENGLISH_HONGKONG
+#define SUBLANG_ENGLISH_HONGKONG 0x0f
+#endif
+#ifndef SUBLANG_ENGLISH_INDIA
+#define SUBLANG_ENGLISH_INDIA 0x10
+#endif
+#ifndef SUBLANG_ENGLISH_MALAYSIA
+#define SUBLANG_ENGLISH_MALAYSIA 0x11
+#endif
+#ifndef SUBLANG_ENGLISH_SINGAPORE
+#define SUBLANG_ENGLISH_SINGAPORE 0x12
+#endif
+#ifndef SUBLANG_FRENCH_LUXEMBOURG
+#define SUBLANG_FRENCH_LUXEMBOURG 0x05
+#endif
+#ifndef SUBLANG_FRENCH_MONACO
+#define SUBLANG_FRENCH_MONACO 0x06
+#endif
+#ifndef SUBLANG_FRENCH_WESTINDIES
+#define SUBLANG_FRENCH_WESTINDIES 0x07
+#endif
+#ifndef SUBLANG_FRENCH_REUNION
+#define SUBLANG_FRENCH_REUNION 0x08
+#endif
+#ifndef SUBLANG_FRENCH_CONGO
+#define SUBLANG_FRENCH_CONGO 0x09
+#endif
+#ifndef SUBLANG_FRENCH_SENEGAL
+#define SUBLANG_FRENCH_SENEGAL 0x0a
+#endif
+#ifndef SUBLANG_FRENCH_CAMEROON
+#define SUBLANG_FRENCH_CAMEROON 0x0b
+#endif
+#ifndef SUBLANG_FRENCH_COTEDIVOIRE
+#define SUBLANG_FRENCH_COTEDIVOIRE 0x0c
+#endif
+#ifndef SUBLANG_FRENCH_MALI
+#define SUBLANG_FRENCH_MALI 0x0d
+#endif
+#ifndef SUBLANG_FRENCH_MOROCCO
+#define SUBLANG_FRENCH_MOROCCO 0x0e
+#endif
+#ifndef SUBLANG_FRENCH_HAITI
+#define SUBLANG_FRENCH_HAITI 0x0f
+#endif
+#ifndef SUBLANG_GERMAN_LUXEMBOURG
+#define SUBLANG_GERMAN_LUXEMBOURG 0x04
+#endif
+#ifndef SUBLANG_GERMAN_LIECHTENSTEIN
+#define SUBLANG_GERMAN_LIECHTENSTEIN 0x05
+#endif
+#ifndef SUBLANG_KASHMIRI_INDIA
+#define SUBLANG_KASHMIRI_INDIA 0x02
+#endif
+#ifndef SUBLANG_MALAY_MALAYSIA
+#define SUBLANG_MALAY_MALAYSIA 0x01
+#endif
+#ifndef SUBLANG_MALAY_BRUNEI_DARUSSALAM
+#define SUBLANG_MALAY_BRUNEI_DARUSSALAM 0x02
+#endif
+#ifndef SUBLANG_NEPALI_INDIA
+#define SUBLANG_NEPALI_INDIA 0x02
+#endif
+#ifndef SUBLANG_PUNJABI_INDIA
+#define SUBLANG_PUNJABI_INDIA 0x01
+#endif
+#ifndef SUBLANG_ROMANIAN_ROMANIA
+#define SUBLANG_ROMANIAN_ROMANIA 0x01
+#endif
+#ifndef SUBLANG_SERBIAN_LATIN
+#define SUBLANG_SERBIAN_LATIN 0x02
+#endif
+#ifndef SUBLANG_SERBIAN_CYRILLIC
+#define SUBLANG_SERBIAN_CYRILLIC 0x03
+#endif
+#ifndef SUBLANG_SINDHI_INDIA
+#define SUBLANG_SINDHI_INDIA 0x00
+#endif
+#ifndef SUBLANG_SINDHI_PAKISTAN
+#define SUBLANG_SINDHI_PAKISTAN 0x01
+#endif
+#ifndef SUBLANG_SPANISH_GUATEMALA
+#define SUBLANG_SPANISH_GUATEMALA 0x04
+#endif
+#ifndef SUBLANG_SPANISH_COSTA_RICA
+#define SUBLANG_SPANISH_COSTA_RICA 0x05
+#endif
+#ifndef SUBLANG_SPANISH_PANAMA
+#define SUBLANG_SPANISH_PANAMA 0x06
+#endif
+#ifndef SUBLANG_SPANISH_DOMINICAN_REPUBLIC
+#define SUBLANG_SPANISH_DOMINICAN_REPUBLIC 0x07
+#endif
+#ifndef SUBLANG_SPANISH_VENEZUELA
+#define SUBLANG_SPANISH_VENEZUELA 0x08
+#endif
+#ifndef SUBLANG_SPANISH_COLOMBIA
+#define SUBLANG_SPANISH_COLOMBIA 0x09
+#endif
+#ifndef SUBLANG_SPANISH_PERU
+#define SUBLANG_SPANISH_PERU 0x0a
+#endif
+#ifndef SUBLANG_SPANISH_ARGENTINA
+#define SUBLANG_SPANISH_ARGENTINA 0x0b
+#endif
+#ifndef SUBLANG_SPANISH_ECUADOR
+#define SUBLANG_SPANISH_ECUADOR 0x0c
+#endif
+#ifndef SUBLANG_SPANISH_CHILE
+#define SUBLANG_SPANISH_CHILE 0x0d
+#endif
+#ifndef SUBLANG_SPANISH_URUGUAY
+#define SUBLANG_SPANISH_URUGUAY 0x0e
+#endif
+#ifndef SUBLANG_SPANISH_PARAGUAY
+#define SUBLANG_SPANISH_PARAGUAY 0x0f
+#endif
+#ifndef SUBLANG_SPANISH_BOLIVIA
+#define SUBLANG_SPANISH_BOLIVIA 0x10
+#endif
+#ifndef SUBLANG_SPANISH_EL_SALVADOR
+#define SUBLANG_SPANISH_EL_SALVADOR 0x11
+#endif
+#ifndef SUBLANG_SPANISH_HONDURAS
+#define SUBLANG_SPANISH_HONDURAS 0x12
+#endif
+#ifndef SUBLANG_SPANISH_NICARAGUA
+#define SUBLANG_SPANISH_NICARAGUA 0x13
+#endif
+#ifndef SUBLANG_SPANISH_PUERTO_RICO
+#define SUBLANG_SPANISH_PUERTO_RICO 0x14
+#endif
+#ifndef SUBLANG_SWEDISH_FINLAND
+#define SUBLANG_SWEDISH_FINLAND 0x02
+#endif
+#ifndef SUBLANG_TAMAZIGHT_ARABIC
+#define SUBLANG_TAMAZIGHT_ARABIC 0x01
+#endif
+#ifndef SUBLANG_TAMAZIGHT_LATIN
+#define SUBLANG_TAMAZIGHT_LATIN 0x02
+#endif
+#ifndef SUBLANG_TIGRINYA_ETHIOPIA
+#define SUBLANG_TIGRINYA_ETHIOPIA 0x00
+#endif
+#ifndef SUBLANG_TIGRINYA_ERITREA
+#define SUBLANG_TIGRINYA_ERITREA 0x01
+#endif
+#ifndef SUBLANG_URDU_PAKISTAN
+#define SUBLANG_URDU_PAKISTAN 0x01
+#endif
+#ifndef SUBLANG_URDU_INDIA
+#define SUBLANG_URDU_INDIA 0x02
+#endif
+#ifndef SUBLANG_UZBEK_LATIN
+#define SUBLANG_UZBEK_LATIN 0x01
+#endif
+#ifndef SUBLANG_UZBEK_CYRILLIC
+#define SUBLANG_UZBEK_CYRILLIC 0x02
+#endif
+
+/* Return an XPG style locale name
+ language[_territory[.codeset]][@modifier].
+ Don't even bother determining the codeset; it's not useful in this
+ context, because message catalogs are not specific to a single
+ codeset. The result must not be freed; it is statically
+ allocated. */
+static const char *
+my_nl_locale_name (const char *categoryname)
+{
+ const char *retval;
+ LCID lcid;
+ LANGID langid;
+ int primary, sub;
+
+ /* Let the user override the system settings through environment
+ variables, as on POSIX systems. */
+ retval = getenv ("LC_ALL");
+ if (retval != NULL && retval[0] != '\0')
+ return retval;
+ retval = getenv (categoryname);
+ if (retval != NULL && retval[0] != '\0')
+ return retval;
+ retval = getenv ("LANG");
+ if (retval != NULL && retval[0] != '\0')
+ return retval;
+
+ /* Use native Win32 API locale ID. */
+ lcid = GetThreadLocale ();
+
+ /* Strip off the sorting rules, keep only the language part. */
+ langid = LANGIDFROMLCID (lcid);
+
+ /* Split into language and territory part. */
+ primary = PRIMARYLANGID (langid);
+ sub = SUBLANGID (langid);
+
+ /* Dispatch on language.
+ See also http://www.unicode.org/unicode/onlinedat/languages.html .
+ For details about languages, see http://www.ethnologue.com/ . */
+ switch (primary)
+ {
+ case LANG_AFRIKAANS: return "af_ZA";
+ case LANG_ALBANIAN: return "sq_AL";
+ case LANG_AMHARIC: return "am_ET";
+ case LANG_ARABIC:
+ switch (sub)
+ {
+ case SUBLANG_ARABIC_SAUDI_ARABIA: return "ar_SA";
+ case SUBLANG_ARABIC_IRAQ: return "ar_IQ";
+ case SUBLANG_ARABIC_EGYPT: return "ar_EG";
+ case SUBLANG_ARABIC_LIBYA: return "ar_LY";
+ case SUBLANG_ARABIC_ALGERIA: return "ar_DZ";
+ case SUBLANG_ARABIC_MOROCCO: return "ar_MA";
+ case SUBLANG_ARABIC_TUNISIA: return "ar_TN";
+ case SUBLANG_ARABIC_OMAN: return "ar_OM";
+ case SUBLANG_ARABIC_YEMEN: return "ar_YE";
+ case SUBLANG_ARABIC_SYRIA: return "ar_SY";
+ case SUBLANG_ARABIC_JORDAN: return "ar_JO";
+ case SUBLANG_ARABIC_LEBANON: return "ar_LB";
+ case SUBLANG_ARABIC_KUWAIT: return "ar_KW";
+ case SUBLANG_ARABIC_UAE: return "ar_AE";
+ case SUBLANG_ARABIC_BAHRAIN: return "ar_BH";
+ case SUBLANG_ARABIC_QATAR: return "ar_QA";
+ }
+ return "ar";
+ case LANG_ARMENIAN: return "hy_AM";
+ case LANG_ASSAMESE: return "as_IN";
+ case LANG_AZERI:
+ switch (sub)
+ {
+ /* FIXME: Adjust this when Azerbaijani locales appear on Unix. */
+ case SUBLANG_AZERI_LATIN: return "az_AZ@latin";
+ case SUBLANG_AZERI_CYRILLIC: return "az_AZ@cyrillic";
+ }
+ return "az";
+ case LANG_BASQUE:
+ return "eu"; /* Ambiguous: could be "eu_ES" or "eu_FR". */
+ case LANG_BELARUSIAN: return "be_BY";
+ case LANG_BENGALI:
+ switch (sub)
+ {
+ case SUBLANG_BENGALI_INDIA: return "bn_IN";
+ case SUBLANG_BENGALI_BANGLADESH: return "bn_BD";
+ }
+ return "bn";
+ case LANG_BULGARIAN: return "bg_BG";
+ case LANG_BURMESE: return "my_MM";
+ case LANG_CAMBODIAN: return "km_KH";
+ case LANG_CATALAN: return "ca_ES";
+ case LANG_CHEROKEE: return "chr_US";
+ case LANG_CHINESE:
+ switch (sub)
+ {
+ case SUBLANG_CHINESE_TRADITIONAL: return "zh_TW";
+ case SUBLANG_CHINESE_SIMPLIFIED: return "zh_CN";
+ case SUBLANG_CHINESE_HONGKONG: return "zh_HK";
+ case SUBLANG_CHINESE_SINGAPORE: return "zh_SG";
+ case SUBLANG_CHINESE_MACAU: return "zh_MO";
+ }
+ return "zh";
+ case LANG_CROATIAN: /* LANG_CROATIAN == LANG_SERBIAN
+ * What used to be called Serbo-Croatian
+ * should really now be two separate
+ * languages because of political reasons.
+ * (Says tml, who knows nothing about Serbian
+ * or Croatian.)
+ * (I can feel those flames coming already.)
+ */
+ switch (sub)
+ {
+ case SUBLANG_DEFAULT: return "hr_HR";
+ case SUBLANG_SERBIAN_LATIN: return "sr_CS";
+ case SUBLANG_SERBIAN_CYRILLIC: return "sr_CS@cyrillic";
+ }
+ return "hr";
+ case LANG_CZECH: return "cs_CZ";
+ case LANG_DANISH: return "da_DK";
+ case LANG_DIVEHI: return "div_MV";
+ case LANG_DUTCH:
+ switch (sub)
+ {
+ case SUBLANG_DUTCH: return "nl_NL";
+ case SUBLANG_DUTCH_BELGIAN: /* FLEMISH, VLAAMS */ return "nl_BE";
+ }
+ return "nl";
+ case LANG_EDO: return "bin_NG";
+ case LANG_ENGLISH:
+ switch (sub)
+ {
+ /* SUBLANG_ENGLISH_US == SUBLANG_DEFAULT. Heh. I thought
+ * English was the language spoken in England.
+ * Oh well.
+ */
+ case SUBLANG_ENGLISH_US: return "en_US";
+ case SUBLANG_ENGLISH_UK: return "en_GB";
+ case SUBLANG_ENGLISH_AUS: return "en_AU";
+ case SUBLANG_ENGLISH_CAN: return "en_CA";
+ case SUBLANG_ENGLISH_NZ: return "en_NZ";
+ case SUBLANG_ENGLISH_EIRE: return "en_IE";
+ case SUBLANG_ENGLISH_SOUTH_AFRICA: return "en_ZA";
+ case SUBLANG_ENGLISH_JAMAICA: return "en_JM";
+ case SUBLANG_ENGLISH_CARIBBEAN: return "en_GD"; /* Grenada? */
+ case SUBLANG_ENGLISH_BELIZE: return "en_BZ";
+ case SUBLANG_ENGLISH_TRINIDAD: return "en_TT";
+ case SUBLANG_ENGLISH_ZIMBABWE: return "en_ZW";
+ case SUBLANG_ENGLISH_PHILIPPINES: return "en_PH";
+ case SUBLANG_ENGLISH_INDONESIA: return "en_ID";
+ case SUBLANG_ENGLISH_HONGKONG: return "en_HK";
+ case SUBLANG_ENGLISH_INDIA: return "en_IN";
+ case SUBLANG_ENGLISH_MALAYSIA: return "en_MY";
+ case SUBLANG_ENGLISH_SINGAPORE: return "en_SG";
+ }
+ return "en";
+ case LANG_ESTONIAN: return "et_EE";
+ case LANG_FAEROESE: return "fo_FO";
+ case LANG_FARSI: return "fa_IR";
+ case LANG_FINNISH: return "fi_FI";
+ case LANG_FRENCH:
+ switch (sub)
+ {
+ case SUBLANG_FRENCH: return "fr_FR";
+ case SUBLANG_FRENCH_BELGIAN: /* WALLOON */ return "fr_BE";
+ case SUBLANG_FRENCH_CANADIAN: return "fr_CA";
+ case SUBLANG_FRENCH_SWISS: return "fr_CH";
+ case SUBLANG_FRENCH_LUXEMBOURG: return "fr_LU";
+ case SUBLANG_FRENCH_MONACO: return "fr_MC";
+ case SUBLANG_FRENCH_WESTINDIES: return "fr"; /* Caribbean? */
+ case SUBLANG_FRENCH_REUNION: return "fr_RE";
+ case SUBLANG_FRENCH_CONGO: return "fr_CG";
+ case SUBLANG_FRENCH_SENEGAL: return "fr_SN";
+ case SUBLANG_FRENCH_CAMEROON: return "fr_CM";
+ case SUBLANG_FRENCH_COTEDIVOIRE: return "fr_CI";
+ case SUBLANG_FRENCH_MALI: return "fr_ML";
+ case SUBLANG_FRENCH_MOROCCO: return "fr_MA";
+ case SUBLANG_FRENCH_HAITI: return "fr_HT";
+ }
+ return "fr";
+ case LANG_FRISIAN: return "fy_NL";
+ case LANG_FULFULDE: return "ful_NG";
+ case LANG_GAELIC:
+ switch (sub)
+ {
+ case 0x01: /* SCOTTISH */ return "gd_GB";
+ case 0x02: /* IRISH */ return "ga_IE";
+ }
+ return "C";
+ case LANG_GALICIAN: return "gl_ES";
+ case LANG_GEORGIAN: return "ka_GE";
+ case LANG_GERMAN:
+ switch (sub)
+ {
+ case SUBLANG_GERMAN: return "de_DE";
+ case SUBLANG_GERMAN_SWISS: return "de_CH";
+ case SUBLANG_GERMAN_AUSTRIAN: return "de_AT";
+ case SUBLANG_GERMAN_LUXEMBOURG: return "de_LU";
+ case SUBLANG_GERMAN_LIECHTENSTEIN: return "de_LI";
+ }
+ return "de";
+ case LANG_GREEK: return "el_GR";
+ case LANG_GUARANI: return "gn_PY";
+ case LANG_GUJARATI: return "gu_IN";
+ case LANG_HAUSA: return "ha_NG";
+ case LANG_HAWAIIAN:
+ /* FIXME: Do they mean Hawaiian ("haw_US", 1000 speakers)
+ or Hawaii Creole English ("cpe_US", 600000 speakers)? */
+ return "cpe_US";
+ case LANG_HEBREW: return "he_IL";
+ case LANG_HINDI: return "hi_IN";
+ case LANG_HUNGARIAN: return "hu_HU";
+ case LANG_IBIBIO: return "nic_NG";
+ case LANG_ICELANDIC: return "is_IS";
+ case LANG_IGBO: return "ibo_NG";
+ case LANG_INDONESIAN: return "id_ID";
+ case LANG_INUKTITUT: return "iu_CA";
+ case LANG_ITALIAN:
+ switch (sub)
+ {
+ case SUBLANG_ITALIAN: return "it_IT";
+ case SUBLANG_ITALIAN_SWISS: return "it_CH";
+ }
+ return "it";
+ case LANG_JAPANESE: return "ja_JP";
+ case LANG_KANNADA: return "kn_IN";
+ case LANG_KANURI: return "kau_NG";
+ case LANG_KASHMIRI:
+ switch (sub)
+ {
+ case SUBLANG_DEFAULT: return "ks_PK";
+ case SUBLANG_KASHMIRI_INDIA: return "ks_IN";
+ }
+ return "ks";
+ case LANG_KAZAK: return "kk_KZ";
+ case LANG_KONKANI:
+ /* FIXME: Adjust this when such locales appear on Unix. */
+ return "kok_IN";
+ case LANG_KOREAN: return "ko_KR";
+ case LANG_KYRGYZ: return "ky_KG";
+ case LANG_LAO: return "lo_LA";
+ case LANG_LATIN: return "la_VA";
+ case LANG_LATVIAN: return "lv_LV";
+ case LANG_LITHUANIAN: return "lt_LT";
+ case LANG_MACEDONIAN: return "mk_MK";
+ case LANG_MALAY:
+ switch (sub)
+ {
+ case SUBLANG_MALAY_MALAYSIA: return "ms_MY";
+ case SUBLANG_MALAY_BRUNEI_DARUSSALAM: return "ms_BN";
+ }
+ return "ms";
+ case LANG_MALAYALAM: return "ml_IN";
+ case LANG_MALTESE: return "mt_MT";
+ case LANG_MANIPURI:
+ /* FIXME: Adjust this when such locales appear on Unix. */
+ return "mni_IN";
+ case LANG_MARATHI: return "mr_IN";
+ case LANG_MONGOLIAN:
+ return "mn"; /* Ambiguous: could be "mn_CN" or "mn_MN". */
+ case LANG_NEPALI:
+ switch (sub)
+ {
+ case SUBLANG_DEFAULT: return "ne_NP";
+ case SUBLANG_NEPALI_INDIA: return "ne_IN";
+ }
+ return "ne";
+ case LANG_NORWEGIAN:
+ switch (sub)
+ {
+ case SUBLANG_NORWEGIAN_BOKMAL: return "no_NO";
+ case SUBLANG_NORWEGIAN_NYNORSK: return "nn_NO";
+ }
+ return "no";
+ case LANG_ORIYA: return "or_IN";
+ case LANG_OROMO: return "om_ET";
+ case LANG_PAPIAMENTU: return "pap_AN";
+ case LANG_PASHTO:
+ return "ps"; /* Ambiguous: could be "ps_PK" or "ps_AF". */
+ case LANG_POLISH: return "pl_PL";
+ case LANG_PORTUGUESE:
+ switch (sub)
+ {
+ case SUBLANG_PORTUGUESE: return "pt_PT";
+ /* Hmm. SUBLANG_PORTUGUESE_BRAZILIAN == SUBLANG_DEFAULT.
+ Same phenomenon as SUBLANG_ENGLISH_US == SUBLANG_DEFAULT. */
+ case SUBLANG_PORTUGUESE_BRAZILIAN: return "pt_BR";
+ }
+ return "pt";
+ case LANG_PUNJABI:
+ switch (sub)
+ {
+ case SUBLANG_PUNJABI_INDIA: return "pa_IN"; /* Gurmukhi script */
+ }
+ return "pa";
+ case LANG_RHAETO_ROMANCE: return "rm_CH";
+ case LANG_ROMANIAN:
+ switch (sub)
+ {
+ case SUBLANG_ROMANIAN_ROMANIA: return "ro_RO";
+ }
+ return "ro";
+ case LANG_RUSSIAN:
+ return "ru"; /* Ambiguous: could be "ru_RU" or "ru_UA" or "ru_MD". */
+ case LANG_SAAMI: /* actually Northern Sami */ return "se_NO";
+ case LANG_SANSKRIT: return "sa_IN";
+ case LANG_SINDHI:
+ switch (sub)
+ {
+ case SUBLANG_SINDHI_INDIA: return "sd_IN";
+ case SUBLANG_SINDHI_PAKISTAN: return "sd_PK";
+ }
+ return "sd";
+ case LANG_SINHALESE: return "si_LK";
+ case LANG_SLOVAK: return "sk_SK";
+ case LANG_SLOVENIAN: return "sl_SI";
+ case LANG_SOMALI: return "so_SO";
+ case LANG_SORBIAN:
+ /* FIXME: Adjust this when such locales appear on Unix. */
+ return "wen_DE";
+ case LANG_SPANISH:
+ switch (sub)
+ {
+ case SUBLANG_SPANISH: return "es_ES";
+ case SUBLANG_SPANISH_MEXICAN: return "es_MX";
+ case SUBLANG_SPANISH_MODERN:
+ return "es_ES@modern"; /* not seen on Unix */
+ case SUBLANG_SPANISH_GUATEMALA: return "es_GT";
+ case SUBLANG_SPANISH_COSTA_RICA: return "es_CR";
+ case SUBLANG_SPANISH_PANAMA: return "es_PA";
+ case SUBLANG_SPANISH_DOMINICAN_REPUBLIC: return "es_DO";
+ case SUBLANG_SPANISH_VENEZUELA: return "es_VE";
+ case SUBLANG_SPANISH_COLOMBIA: return "es_CO";
+ case SUBLANG_SPANISH_PERU: return "es_PE";
+ case SUBLANG_SPANISH_ARGENTINA: return "es_AR";
+ case SUBLANG_SPANISH_ECUADOR: return "es_EC";
+ case SUBLANG_SPANISH_CHILE: return "es_CL";
+ case SUBLANG_SPANISH_URUGUAY: return "es_UY";
+ case SUBLANG_SPANISH_PARAGUAY: return "es_PY";
+ case SUBLANG_SPANISH_BOLIVIA: return "es_BO";
+ case SUBLANG_SPANISH_EL_SALVADOR: return "es_SV";
+ case SUBLANG_SPANISH_HONDURAS: return "es_HN";
+ case SUBLANG_SPANISH_NICARAGUA: return "es_NI";
+ case SUBLANG_SPANISH_PUERTO_RICO: return "es_PR";
+ }
+ return "es";
+ case LANG_SUTU: return "bnt_TZ"; /* or "st_LS" or "nso_ZA"? */
+ case LANG_SWAHILI: return "sw_KE";
+ case LANG_SWEDISH:
+ switch (sub)
+ {
+ case SUBLANG_DEFAULT: return "sv_SE";
+ case SUBLANG_SWEDISH_FINLAND: return "sv_FI";
+ }
+ return "sv";
+ case LANG_SYRIAC: return "syr_TR"; /* An extinct language. */
+ case LANG_TAGALOG: return "tl_PH";
+ case LANG_TAJIK: return "tg_TJ";
+ case LANG_TAMAZIGHT:
+ switch (sub)
+ {
+ /* FIXME: Adjust this when Tamazight locales appear on Unix. */
+ case SUBLANG_TAMAZIGHT_ARABIC: return "ber_MA@arabic";
+ case SUBLANG_TAMAZIGHT_LATIN: return "ber_MA@latin";
+ }
+ return "ber_MA";
+ case LANG_TAMIL:
+ return "ta"; /* Ambiguous: could be "ta_IN" or "ta_LK" or "ta_SG". */
+ case LANG_TATAR: return "tt_RU";
+ case LANG_TELUGU: return "te_IN";
+ case LANG_THAI: return "th_TH";
+ case LANG_TIBETAN: return "bo_CN";
+ case LANG_TIGRINYA:
+ switch (sub)
+ {
+ case SUBLANG_TIGRINYA_ETHIOPIA: return "ti_ET";
+ case SUBLANG_TIGRINYA_ERITREA: return "ti_ER";
+ }
+ return "ti";
+ case LANG_TSONGA: return "ts_ZA";
+ case LANG_TSWANA: return "tn_BW";
+ case LANG_TURKISH: return "tr_TR";
+ case LANG_TURKMEN: return "tk_TM";
+ case LANG_UKRAINIAN: return "uk_UA";
+ case LANG_URDU:
+ switch (sub)
+ {
+ case SUBLANG_URDU_PAKISTAN: return "ur_PK";
+ case SUBLANG_URDU_INDIA: return "ur_IN";
+ }
+ return "ur";
+ case LANG_UZBEK:
+ switch (sub)
+ {
+ case SUBLANG_UZBEK_LATIN: return "uz_UZ";
+ case SUBLANG_UZBEK_CYRILLIC: return "uz_UZ@cyrillic";
+ }
+ return "uz";
+ case LANG_VENDA:
+ /* FIXME: It's not clear whether Venda has the ISO 639-2 two-letter code
+ "ve" or not.
+ http://www.loc.gov/standards/iso639-2/englangn.html has it, but
+ http://lcweb.loc.gov/standards/iso639-2/codechanges.html doesn't, */
+ return "ven_ZA"; /* or "ve_ZA"? */
+ case LANG_VIETNAMESE: return "vi_VN";
+ case LANG_WELSH: return "cy_GB";
+ case LANG_XHOSA: return "xh_ZA";
+ case LANG_YI: return "sit_CN";
+ case LANG_YIDDISH: return "yi_IL";
+ case LANG_YORUBA: return "yo_NG";
+ case LANG_ZULU: return "zu_ZA";
+ default: return "C";
+ }
+}
+
+/* localname.c from gettext END. */
+
+
+
+/* Support functions. */
+
+static __inline__ uint32_t
+do_swap_u32 (uint32_t i)
+{
+ return (i << 24) | ((i & 0xff00) << 8) | ((i >> 8) & 0xff00) | (i >> 24);
+}
+
+#define SWAPIT(flag, data) ((flag) ? do_swap_u32(data) : (data))
+
+
+/* We assume to have `unsigned long int' value with at least 32 bits. */
+#define HASHWORDBITS 32
+
+/* The so called `hashpjw' function by P.J. Weinberger
+ [see Aho/Sethi/Ullman, COMPILERS: Principles, Techniques and Tools,
+ 1986, 1987 Bell Telephone Laboratories, Inc.] */
+static __inline__ unsigned long
+hash_string( const char *str_param )
+{
+ unsigned long int hval, g;
+ const char *str = str_param;
+
+ hval = 0;
+ while (*str != '\0')
+ {
+ hval <<= 4;
+ hval += (unsigned long int) *str++;
+ g = hval & ((unsigned long int) 0xf << (HASHWORDBITS - 4));
+ if (g != 0)
+ {
+ hval ^= g >> (HASHWORDBITS - 8);
+ hval ^= g;
+ }
+ }
+ return hval;
+}
+
+/* static char * */
+/* my_xstrdup (const char *s) */
+/* { */
+/* size_t n = strlen (s) + 1; */
+/* char *p = jnlib_malloc (n); */
+/* if (!p) */
+/* abort (); */
+/* strcpy (p, s); */
+/* return p; */
+/* } */
+
+
+
+/* Generic message catalog and gettext stuff. */
+
+/* The magic number of the GNU message catalog format. */
+#define MAGIC 0x950412de
+#define MAGIC_SWAPPED 0xde120495
+
+/* Revision number of the currently used .mo (binary) file format. */
+#define MO_REVISION_NUMBER 0
+
+
+/* Header for binary .mo file format. */
+struct mo_file_header
+{
+ /* The magic number. */
+ uint32_t magic;
+ /* The revision number of the file format. */
+ uint32_t revision;
+ /* The number of strings pairs. */
+ uint32_t nstrings;
+ /* Offset of table with start offsets of original strings. */
+ uint32_t orig_tab_offset;
+ /* Offset of table with start offsets of translation strings. */
+ uint32_t trans_tab_offset;
+ /* Size of hashing table. */
+ uint32_t hash_tab_size;
+ /* Offset of first hashing entry. */
+ uint32_t hash_tab_offset;
+};
+
+
+struct string_desc
+{
+ /* Length of addressed string. */
+ uint32_t length;
+ /* Offset of string in file. */
+ uint32_t offset;
+};
+
+
+struct overflow_space_s
+{
+ struct overflow_space_s *next;
+ uint32_t idx;
+ uint32_t length;
+ char d[1];
+};
+
+struct loaded_domain
+{
+ char *data;
+ char *data_native; /* Data mapped to the native version of the
+ string. (Allocated along with DATA). */
+ int must_swap;
+ uint32_t nstrings;
+ uint32_t *mapped; /* 0 := Not mapped (original utf8).
+ 1 := Mapped to native encoding in overflow space.
+ >=2 := Mapped to native encoding. The values
+ gives the length of the mapped string.
+ becuase the 0 is included and an empty
+ string is not allowed we will enver get
+ values 0 and 1. */
+ struct overflow_space_s *overflow_space;
+ struct string_desc *orig_tab;
+ struct string_desc *trans_tab;
+ uint32_t hash_size;
+ uint32_t *hash_tab;
+};
+
+
+/* The domain we use. We only support one domain at this point. This
+ is why this implementation can not be shared. Bindtextdomain and
+ dgettext will simply cheat and always use this one domain. */
+static struct loaded_domain *the_domain;
+
+/* Global flag to switch gettext into an utf8 mode. */
+static int want_utf8;
+
+
+
+/* Free the domain data. */
+static void
+free_domain (struct loaded_domain *domain)
+{
+ struct overflow_space_s *os, *os2;
+
+ jnlib_free (domain->data);
+ jnlib_free (domain->mapped);
+ for (os = domain->overflow_space; os; os = os2)
+ {
+ os2 = os->next;
+ jnlib_free (os);
+ }
+ jnlib_free (domain);
+}
+
+
+static struct loaded_domain *
+load_domain (const char *filename)
+{
+ FILE *fp;
+ size_t size;
+ struct stat st;
+ struct mo_file_header *data = NULL;
+ struct loaded_domain *domain = NULL;
+ size_t to_read;
+ char *read_ptr;
+
+ fp = fopen (filename, "rb");
+ if (!fp)
+ return NULL;
+
+ /* Determine the file size. */
+ if (fstat (fileno (fp), &st)
+ || (size = (size_t) st.st_size) != st.st_size
+ || size < sizeof (struct mo_file_header))
+ {
+ fclose (fp);
+ return NULL;
+ }
+
+ data = (2*size <= size)? NULL : jnlib_malloc (2*size);
+ if (!data)
+ {
+ fclose (fp);
+ return NULL;
+ }
+
+ to_read = size;
+ read_ptr = (char *) data;
+ do
+ {
+ long int nb = fread (read_ptr, 1, to_read, fp);
+ if (nb < to_read)
+ {
+ fclose (fp);
+ jnlib_free (data);
+ return NULL;
+ }
+ read_ptr += nb;
+ to_read -= nb;
+ }
+ while (to_read > 0);
+ fclose (fp);
+
+ /* Using the magic number we can test whether it really is a message
+ catalog file. */
+ if (data->magic != MAGIC && data->magic != MAGIC_SWAPPED)
+ {
+ /* The magic number is wrong: not a message catalog file. */
+ jnlib_free (data);
+ return NULL;
+ }
+
+ domain = jnlib_calloc (1, sizeof *domain);
+ if (!domain)
+ {
+ jnlib_free (data);
+ return NULL;
+ }
+ domain->data = (char *) data;
+ domain->data_native = (char *) data + size;
+ domain->must_swap = data->magic != MAGIC;
+
+ /* Fill in the information about the available tables. */
+ switch (SWAPIT (domain->must_swap, data->revision))
+ {
+ case MO_REVISION_NUMBER:
+ domain->nstrings = SWAPIT (domain->must_swap, data->nstrings);
+ domain->orig_tab = (struct string_desc *)
+ ((char *) data + SWAPIT (domain->must_swap, data->orig_tab_offset));
+ domain->trans_tab = (struct string_desc *)
+ ((char *) data + SWAPIT (domain->must_swap, data->trans_tab_offset));
+ domain->hash_size = SWAPIT (domain->must_swap, data->hash_tab_size);
+ domain->hash_tab = (uint32_t *)
+ ((char *) data + SWAPIT (domain->must_swap, data->hash_tab_offset));
+ break;
+
+ default:
+ /* This is an invalid revision. */
+ jnlib_free (data);
+ jnlib_free (domain);
+ return NULL;
+ }
+
+ /* Allocate an array to keep track of code page mappings. */
+ domain->mapped = jnlib_calloc (domain->nstrings, sizeof *domain->mapped);
+ if (!domain->mapped)
+ {
+ jnlib_free (data);
+ jnlib_free (domain);
+ return NULL;
+ }
+
+ return domain;
+}
+
+
+/* Return a malloced wide char string from an UTF-8 encoded input
+ string STRING. Caller must free this value. On failure returns
+ NULL. The result of calling this function with STRING set to NULL
+ is not defined. */
+static wchar_t *
+utf8_to_wchar (const char *string, size_t length, size_t *retlen)
+{
+ int n;
+ wchar_t *result;
+ size_t nbytes;
+
+ n = MultiByteToWideChar (CP_UTF8, 0, string, length, NULL, 0);
+ if (n < 0 || (n+1) <= 0)
+ return NULL;
+
+ nbytes = (size_t)(n+1) * sizeof(*result);
+ if (nbytes / sizeof(*result) != (n+1))
+ {
+ errno = ENOMEM;
+ return NULL;
+ }
+ result = jnlib_malloc (nbytes);
+ if (!result)
+ return NULL;
+
+ n = MultiByteToWideChar (CP_UTF8, 0, string, length, result, n);
+ if (n < 0)
+ {
+ jnlib_free (result);
+ return NULL;
+ }
+ *retlen = n;
+ return result;
+}
+
+
+/* Return a malloced string encoded in UTF-8 from the wide char input
+ string STRING. Caller must free this value. On failure returns
+ NULL. The result of calling this function with STRING set to NULL
+ is not defined. */
+static char *
+wchar_to_native (const wchar_t *string, size_t length, size_t *retlen)
+{
+ int n;
+ char *result;
+
+ n = WideCharToMultiByte (CP_ACP, 0, string, length, NULL, 0, NULL, NULL);
+ if (n < 0 || (n+1) <= 0)
+ return NULL;
+
+ result = jnlib_malloc (n+1);
+ if (!result)
+ return NULL;
+
+ n = WideCharToMultiByte (CP_ACP, 0, string, length, result, n, NULL, NULL);
+ if (n < 0)
+ {
+ jnlib_free (result);
+ return NULL;
+ }
+ *retlen = n;
+ return result;
+}
+
+
+/* Convert UTF8 to the native codepage. Caller must free the return value. */
+static char *
+utf8_to_native (const char *string, size_t length, size_t *retlen)
+{
+ wchar_t *wstring;
+ char *result;
+ size_t newlen;
+
+ wstring = utf8_to_wchar (string, length, &newlen);
+ if (wstring)
+ {
+ result = wchar_to_native (wstring, newlen, &newlen);
+ jnlib_free (wstring);
+ }
+ else
+ result = NULL;
+ *retlen = result? newlen : 0;
+ return result;
+}
+
+
+
+
+/* Specify that the DOMAINNAME message catalog will be found
+ in DIRNAME rather than in the system locale data base. */
+char *
+bindtextdomain (const char *domainname, const char *dirname)
+{
+ struct loaded_domain *domain = NULL;
+ const char *catval_full;
+ char *catval;
+ char *fname;
+
+ /* DOMAINNAME is ignored. We only support one domain. */
+
+ /* DIRNAME is "$INSTALLDIR\share\locale". */
+
+ /* First find out the category value. */
+ catval = NULL;
+ catval_full = my_nl_locale_name ("LC_MESSAGES");
+
+ /* Normally, we would have to loop over all returned locales, and
+ search for the right file. See gettext intl/dcigettext.c for all
+ the gory details. Here, we only support the basic category, and
+ ignore everything else. */
+ if (catval_full)
+ {
+ char *p;
+
+ catval = jnlib_malloc (strlen (catval_full) + 1);
+ if (catval)
+ {
+ strcpy (catval, catval_full);
+ p = strchr (catval, '_');
+ if (p)
+ *p = '\0';
+ }
+ }
+ if (!catval)
+ return NULL;
+
+ /* Now build the filename string. The complete filename is this:
+ DIRNAME + \ + CATVAL + \LC_MESSAGES\ + DOMAINNAME + .mo */
+ {
+ int len = strlen (dirname) + 1 + strlen (catval) + 13
+ + strlen (domainname) + 3 + 1;
+ char *p;
+
+ fname = jnlib_malloc (len);
+ if (!fname)
+ {
+ jnlib_free (catval);
+ return NULL;
+ }
+
+ p = fname;
+ strcpy (p, dirname);
+ p += strlen (dirname);
+ *(p++) = '\\';
+ strcpy (p, catval);
+ p += strlen (catval);
+ strcpy (p, "\\LC_MESSAGES\\");
+ p += 13;
+ strcpy (p, domainname);
+ p += strlen (domainname);
+ strcpy (p, ".mo");
+ }
+
+ domain = load_domain (fname);
+ jnlib_free (catval);
+ jnlib_free (fname);
+
+ /* We should not be invoked twice, but this is how you would do
+ it if it happened. */
+ if (the_domain)
+ free_domain (the_domain);
+ the_domain = domain;
+
+ /* For historic reasons we are not allowed to return a const char*. */
+ return (char*)dirname;
+}
+
+
+
+
+static const char *
+get_plural (const char *data, size_t datalen, unsigned long nplural)
+{
+ const char *p;
+ int idx;
+
+ /* We only support the Germanic rule. */
+ idx = (nplural == 1? 0 : 1);
+
+ for (; idx; idx--)
+ {
+ p = strchr (data, 0) + 1;
+ if (p >= data+datalen)
+ return "ERROR in GETTEXT (bad plural entry)";
+ datalen -= (p-data);
+ data = p;
+ }
+ return data;
+}
+
+
+static const char*
+get_string (struct loaded_domain *domain, uint32_t idx,
+ int use_plural, unsigned long nplural)
+{
+ struct overflow_space_s *os;
+ const char *trans; /* Pointer to the translated entry. */
+ size_t translen; /* Length of that entry. */
+
+ if (want_utf8)
+ {
+ trans = (domain->data
+ + SWAPIT(domain->must_swap, domain->trans_tab[idx].offset));
+ translen = SWAPIT(domain->must_swap, domain->trans_tab[idx].length);
+ }
+ else if (!domain->mapped[idx])
+ {
+ /* Not yet mapped. Map from utf-8 to native encoding now. */
+ const char *p_utf8;
+ size_t plen_utf8, buflen;
+ char *buf;
+
+ p_utf8 = (domain->data
+ + SWAPIT(domain->must_swap, domain->trans_tab[idx].offset));
+ plen_utf8 = SWAPIT(domain->must_swap, domain->trans_tab[idx].length);
+
+ buf = utf8_to_native (p_utf8, plen_utf8, &buflen);
+ if (!buf)
+ {
+ trans = "ERROR in GETTEXT MALLOC";
+ translen = 0;
+ }
+ else if (buflen <= plen_utf8 && buflen > 1)
+ {
+ /* Copy into the DATA_NATIVE area. */
+ char *p_tmp;
+
+ p_tmp = (domain->data_native
+ + SWAPIT(domain->must_swap, domain->trans_tab[idx].offset));
+ memcpy (p_tmp, buf, buflen);
+ domain->mapped[idx] = buflen;
+ trans = p_tmp;
+ translen = buflen;
+ }
+ else
+ {
+ /* There is not enough space for the translation (or for
+ whatever reason an empry string is used): Store it in the
+ overflow_space and mark that in the mapped array.
+ Because UTF-8 strings are in general longer than the
+ Windows 2 byte encodings, we expect that this won't
+ happen too often (if at all) and thus we use a linked
+ list to manage this space. */
+ os = jnlib_malloc (sizeof *os + buflen);
+ if (os)
+ {
+ os->idx = idx;
+ memcpy (os->d, buf, buflen);
+ os->length = buflen;
+ os->next = domain->overflow_space;
+ domain->overflow_space = os;
+ domain->mapped[idx] = 1;
+ trans = os->d;
+ translen = os->length;
+ }
+ else
+ {
+ trans = "ERROR in GETTEXT MALLOC";
+ translen = 0;
+ }
+ }
+ jnlib_free (buf);
+ }
+ else if (domain->mapped[idx] == 1)
+ {
+ /* The translated string is in the overflow_space. */
+ for (os=domain->overflow_space; os; os = os->next)
+ if (os->idx == idx)
+ break;
+ if (os)
+ {
+ trans = os->d;
+ translen = os->length;
+ }
+ else
+ {
+ trans = "ERROR in GETTEXT (overflow space)\n";
+ translen = 0;
+ }
+ }
+ else
+ {
+ trans = (domain->data_native
+ + SWAPIT(domain->must_swap, domain->trans_tab[idx].offset));
+ translen = domain->mapped[idx];
+ }
+
+ if (use_plural && translen)
+ return get_plural (trans, translen, nplural);
+ else
+ return trans;
+}
+
+
+static const char *
+do_gettext (const char *msgid, const char *msgid2, unsigned long nplural)
+{
+ struct loaded_domain *domain;
+ uint32_t top, bottom, nstr;
+
+ if (!(domain = the_domain))
+ goto not_found;
+
+ /* First try to use the hash table. */
+ if (domain->hash_size > 2 && domain->hash_tab)
+ {
+ /* Use the hashing table. */
+ uint32_t len = strlen (msgid);
+ uint32_t hash_val = hash_string (msgid);
+ uint32_t idx = hash_val % domain->hash_size;
+ uint32_t incr = 1 + (hash_val % (domain->hash_size - 2));
+
+ while ( (nstr = SWAPIT (domain->must_swap, domain->hash_tab[idx])) )
+ {
+ nstr--;
+ if (nstr < domain->nstrings
+ && SWAPIT(domain->must_swap,
+ domain->orig_tab[nstr].length) >= len
+ && !strcmp (msgid, (domain->data
+ + SWAPIT(domain->must_swap,
+ domain->orig_tab[nstr].offset))))
+ {
+ return get_string (domain, nstr, !!msgid2, nplural);
+ }
+
+ if (idx >= domain->hash_size - incr)
+ idx -= domain->hash_size - incr;
+ else
+ idx += incr;
+ }
+ }
+
+ /* Now we try the default method: binary search in the sorted array
+ of messages. */
+ bottom = 0;
+ top = domain->nstrings;
+ while (bottom < top)
+ {
+ int cmp_val;
+
+ nstr = (bottom + top) / 2;
+ cmp_val = strcmp (msgid, (domain->data
+ + SWAPIT(domain->must_swap,
+ domain->orig_tab[nstr].offset)));
+ if (cmp_val < 0)
+ top = nstr;
+ else if (cmp_val > 0)
+ bottom = nstr + 1;
+ else
+ return get_string (domain, nstr, !!msgid2, nplural);
+ }
+
+ not_found:
+ /* We use the standard Germanic rule if plural has been requested. */
+ return msgid2? (nplural == 1? msgid : msgid2) : msgid;
+}
+
+
+char *
+textdomain (const char *domainname)
+{
+ /* For now, support only one domain. */
+ return (char*)domainname;
+}
+
+
+const char *
+gettext (const char *msgid)
+{
+ return do_gettext (msgid, NULL, 0);
+}
+
+char *
+dgettext (const char *domainname, const char *msgid)
+{
+ (void)domainname;
+
+ /* For now, support only one domain. */
+ return (char*)do_gettext (msgid, NULL, 0);
+}
+
+const char *
+ngettext (const char *msgid1, const char *msgid2, unsigned long int n)
+{
+ /* We use the simple Germanic plural rule. */
+ return do_gettext (msgid1, msgid2, n);
+}
+
+
+/* Return the locale name as used by gettext. The return value will
+ never be NULL. */
+const char *
+gettext_localename (void)
+{
+ const char *s;
+
+ s = my_nl_locale_name ("LC_MESSAGES");
+ return s? s:"";
+}
+
+void
+gettext_select_utf8 (int value)
+{
+ want_utf8 = value;
+}
+
+
+#ifdef TEST
+int
+main (int argc, char **argv)
+{
+ const char atext1[] =
+ "Warning: You have entered an insecure passphrase.%%0A"
+ "A passphrase should be at least %u character long.";
+ const char atext2[] =
+ "Warning: You have entered an insecure passphrase.%%0A"
+ "A passphrase should be at least %u characters long.";
+
+ if (argc)
+ {
+ argc--;
+ argv++;
+ }
+
+ bindtextdomain ("gnupg2", "c:/programme/gnu/gnupg/share/locale");
+
+ printf ("locale is `%s'\n", gettext_localename ());
+ fputs ("text with N=1:\n", stdout);
+ fputs (ngettext (atext1, atext2, 1), stdout);
+ fputs ("\n\ntext with N=2:\n", stdout);
+ fputs (ngettext (atext1, atext2, 2), stdout);
+ fputs ("\nready\n", stdout);
+
+ return 0;
+}
+/*
+ * Local Variables:
+ * compile-command: "i586-mingw32msvc-gcc -DTEST -Wall -g w32-gettext.c"
+ * End:
+ */
+#endif /*TEST*/
diff --git a/jnlib/w32-reg.c b/jnlib/w32-reg.c
new file mode 100644
index 0000000..e6bd911
--- /dev/null
+++ b/jnlib/w32-reg.c
@@ -0,0 +1,182 @@
+/* w32-reg.c - MS-Windows Registry access
+ * Copyright (C) 1999, 2002, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#ifdef HAVE_W32_SYSTEM
+ /* This module is only used in this environment */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <windows.h>
+
+#include "libjnlib-config.h"
+#include "w32help.h"
+
+static HKEY
+get_root_key(const char *root)
+{
+ HKEY root_key;
+
+ if (!root)
+ root_key = HKEY_CURRENT_USER;
+ else if (!strcmp( root, "HKEY_CLASSES_ROOT" ) )
+ root_key = HKEY_CLASSES_ROOT;
+ else if (!strcmp( root, "HKEY_CURRENT_USER" ) )
+ root_key = HKEY_CURRENT_USER;
+ else if (!strcmp( root, "HKEY_LOCAL_MACHINE" ) )
+ root_key = HKEY_LOCAL_MACHINE;
+ else if (!strcmp( root, "HKEY_USERS" ) )
+ root_key = HKEY_USERS;
+ else if (!strcmp( root, "HKEY_PERFORMANCE_DATA" ) )
+ root_key = HKEY_PERFORMANCE_DATA;
+ else if (!strcmp( root, "HKEY_CURRENT_CONFIG" ) )
+ root_key = HKEY_CURRENT_CONFIG;
+ else
+ return NULL;
+
+ return root_key;
+}
+
+
+/* Return a string from the Win32 Registry or NULL in case of error.
+ Caller must release the return value. A NULL for root is an alias
+ for HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE in turn. */
+char *
+read_w32_registry_string (const char *root, const char *dir, const char *name)
+{
+ HKEY root_key, key_handle;
+ DWORD n1, nbytes, type;
+ char *result = NULL;
+
+ if ( !(root_key = get_root_key(root) ) )
+ return NULL;
+
+ if ( RegOpenKeyEx( root_key, dir, 0, KEY_READ, &key_handle ) )
+ {
+ if (root)
+ return NULL; /* No need for a RegClose, so return immediately. */
+ /* It seems to be common practise to fall back to HKLM. */
+ if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, dir, 0, KEY_READ, &key_handle) )
+ return NULL; /* Still no need for a RegClose. */
+ }
+
+ nbytes = 1;
+ if (RegQueryValueEx( key_handle, name, 0, NULL, NULL, &nbytes ) )
+ goto leave;
+ result = jnlib_malloc ((n1=nbytes+1));
+ if (!result)
+ goto leave;
+ if (RegQueryValueEx( key_handle, name, 0, &type, result, &n1 ))
+ {
+ jnlib_free (result);
+ result = NULL;
+ goto leave;
+ }
+ result[nbytes] = 0; /* Make sure it is a string. */
+ if (type == REG_EXPAND_SZ && strchr (result, '%'))
+ {
+ char *tmp;
+
+ n1 += 1000;
+ tmp = jnlib_malloc (n1+1);
+ if (!tmp)
+ goto leave;
+ nbytes = ExpandEnvironmentStrings (result, tmp, n1);
+ if (nbytes && nbytes > n1)
+ {
+ jnlib_free (tmp);
+ n1 = nbytes;
+ tmp = jnlib_malloc (n1 + 1);
+ if (!tmp)
+ goto leave;
+ nbytes = ExpandEnvironmentStrings (result, tmp, n1);
+ if (nbytes && nbytes > n1)
+ {
+ /* Oops - truncated, better don't expand at all. */
+ jnlib_free (tmp);
+ goto leave;
+ }
+ tmp[nbytes] = 0;
+ jnlib_free (result);
+ result = tmp;
+ }
+ else if (nbytes)
+ {
+ /* Okay, reduce the length. */
+ tmp[nbytes] = 0;
+ jnlib_free (result);
+ result = jnlib_malloc (strlen (tmp)+1);
+ if (!result)
+ result = tmp;
+ else
+ {
+ strcpy (result, tmp);
+ jnlib_free (tmp);
+ }
+ }
+ else
+ {
+ /* Error - don't expand. */
+ jnlib_free (tmp);
+ }
+ }
+
+ leave:
+ RegCloseKey (key_handle);
+ return result;
+}
+
+
+int
+write_w32_registry_string (const char *root, const char *dir,
+ const char *name, const char *value)
+{
+ HKEY root_key, reg_key;
+
+ if ( !(root_key = get_root_key(root) ) )
+ return -1;
+
+ if ( RegOpenKeyEx( root_key, dir, 0, KEY_WRITE, &reg_key )
+ != ERROR_SUCCESS )
+ return -1;
+
+ if ( RegSetValueEx (reg_key, name, 0, REG_SZ, (BYTE *)value,
+ strlen( value ) ) != ERROR_SUCCESS )
+ {
+ if ( RegCreateKey( root_key, name, &reg_key ) != ERROR_SUCCESS )
+ {
+ RegCloseKey(reg_key);
+ return -1;
+ }
+ if ( RegSetValueEx (reg_key, name, 0, REG_SZ, (BYTE *)value,
+ strlen( value ) ) != ERROR_SUCCESS )
+ {
+ RegCloseKey(reg_key);
+ return -1;
+ }
+ }
+
+ RegCloseKey (reg_key);
+
+ return 0;
+}
+
+#endif /*HAVE_W32_SYSTEM*/
diff --git a/jnlib/w32help.h b/jnlib/w32help.h
new file mode 100644
index 0000000..c503ad2
--- /dev/null
+++ b/jnlib/w32help.h
@@ -0,0 +1,41 @@
+/* w32help.h - W32 speicif functions
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef LIBJNLIB_W32HELP_H
+#define LIBJNLIB_W32HELP_H
+#ifdef HAVE_W32_SYSTEM
+
+/*-- w32-reg.c --*/
+char *read_w32_registry_string (const char *root,
+ const char *dir, const char *name );
+int write_w32_registry_string (const char *root, const char *dir,
+ const char *name, const char *value);
+
+#ifdef USE_SIMPLE_GETTEXT
+char *bindtextdomain (const char *domainname, const char *dirname);
+const char *gettext (const char *msgid );
+const char *ngettext (const char *msgid1, const char *msgid2,
+ unsigned long int n);
+const char *gettext_localename (void);
+void gettext_select_utf8 (int value);
+#endif /*USE_SIMPLE_GETTEXT*/
+
+
+#endif /*HAVE_W32_SYSTEM*/
+#endif /*LIBJNLIB_MISCHELP_H*/
diff --git a/kbx/ChangeLog-2011 b/kbx/ChangeLog-2011
new file mode 100644
index 0000000..ed3aa41
--- /dev/null
+++ b/kbx/ChangeLog-2011
@@ -0,0 +1,349 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2011-08-04 Werner Koch <wk@g10code.com>
+
+ * keybox-openpgp.c (parse_key): Remove set but unused vars
+ EXPIREDATE and NDAYS.
+
+2010-07-23 Werner Koch <wk@g10code.com>
+
+ * keybox-blob.c (_keybox_create_x509_blob): Fix reallocation bug.
+
+2008-12-09 Werner Koch <wk@g10code.com>
+
+ * kbxutil.c (main): Call i18n_init before init_common_subsystems.
+
+2008-11-20 Werner Koch <wk@g10code.com>
+
+ * keybox-update.c (create_tmp_file) [USE_ONLY_8DOT3]: Use other
+ suffixes to avoid conflicts with gpg uses filenames.
+
+2008-11-11 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (kbxutil_LDADD): Change order of libs.
+ ($(PROGRAMS)): Ditto for documentation.
+
+2008-10-20 Werner Koch <wk@g10code.com>
+
+ * keybox-update.c (blob_filecopy): Remove unused arg n_packets.
+ (keybox_insert_cert): Adjust for that.
+ (keybox_update_cert): Mark unused args.
+ (keybox_set_flags): Ditto.
+ * keybox-blob.c (create_blob_trailer): Ditto.
+ * keybox-search.c (keybox_get_flags): Ditto.
+ * keybox-dump.c (_keybox_dump_find_dups): Ditto.
+ * kbxutil.c (my_gcry_logger): Ditto.
+
+2008-05-06 Werner Koch <wk@g10code.com>
+
+ * keybox-file.c (_keybox_read_blob2): Return GPG_ERR_TOO_SHORT if
+ we get an EOF for 2nd to 5th byte as a better error message.
+
+ Always use gpg_error_from_syserror and gpg_err_code_from_syserror.
+ This is to avoid cases where we expect an error but due to an
+ errno set to 0 we get back a success status.
+
+2008-04-01 Werner Koch <wk@g10code.com>
+
+ * keybox-init.c (keybox_new, keybox_release): Track used handles.
+ (_keybox_close_file): New.
+ * keybox-update.c (keybox_insert_cert, keybox_set_flags)
+ (keybox_delete, keybox_compress): Use the new close function.
+
+2008-03-13 Werner Koch <wk@g10code.com>
+
+ * keybox-blob.c (x509_email_kludge): Use the same code as in
+ ..sm/keylist.c so that email parts are not only detected at the
+ start of the DN. Reported by Yoshiaki Kasahara.
+
+2007-08-24 Werner Koch <wk@g10code.com>
+
+ * keybox-init.c (keybox_register_file): Use same_file_p.
+
+2007-08-23 Werner Koch <wk@g10code.com>
+
+ * kbxutil.c: New commands --find-dups and --cut. New options
+ --from an --to.
+ * keybox-dump.c (hash_blob_rawdata): New.
+ (_keybox_dump_find_dups): New.
+ (open_file): Factor some code out to this.
+ (_keybox_dump_cut_records): New.
+
+2007-06-26 Werner Koch <wk@g10code.com>
+
+ * kbxutil.c: Include init.h
+
+2007-06-15 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (kbxutil_LDADD): Add W32SOCKLIBS.
+
+2007-06-12 Werner Koch <wk@g10code.com>
+
+ * kbxutil.c (main): Replace some calls by init_common_subsystems.
+
+2007-06-06 Werner Koch <wk@g10code.com>
+
+ * kbxutil.c (i18n_init): Remove.
+
+2007-03-20 Werner Koch <wk@g10code.com>
+
+ * keybox.h (KEYBOX_FLAG_BLOB_SECRET, KEYBOX_FLAG_BLOB_EPHEMERAL):
+ New.
+ * keybox-update.c (keybox_compress): Use it here instead of a
+ magic constant.
+
+2007-01-31 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (kbxutil_LDADD): Use GPG_ERROR_LIBS instead of -l.
+ Reordered args.
+
+2007-01-25 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (kbxutil_LDADD): Added LIBICONV. Noted by Billy
+ Halsey.
+
+2006-11-15 Werner Koch <wk@g10code.com>
+
+ * kbxutil.c (dump_openpgp_key): Cast printf argument.
+
+2006-10-20 Werner Koch <wk@g10code.com>
+
+ * keybox-search.c (blob_x509_has_grip, has_keygrip): New.
+ (keybox_search): Implement new search mode.
+ * keybox-search-desc.h (KEYDB_SEARCH_MODE_KEYGRIP): New.
+ (keydb_search_desc): New member GRIP.
+
+2006-09-20 Werner Koch <wk@g10code.com>
+
+ * Makefile.am ($(PROGRAMS): New.
+
+2006-09-14 Werner Koch <wk@g10code.com>
+
+ Replaced all call gpg_error_from_errno(errno) by
+ gpg_error_from_syserror().
+
+2005-10-08 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (kbxutil_LDADD): Add ../gl/libgnu.a after
+ ../jnlib/libjnlib.a.
+
+2005-06-15 Werner Koch <wk@g10code.com>
+
+ * keybox-file.c (_keybox_read_blob2): Make IMAGE unsigned.
+ (_keybox_write_blob):
+
+ * keybox-blob.c (create_blob_finish, _keybox_create_x509_blob):
+ Fixed warnings about signed/unsigned pointer mismatches.
+ (x509_email_kludge): Ditto.
+ (_keybox_new_blob): Changed arg IMAGE to unsigned char *.
+ (_keybox_get_blob_image): Changed return type to unsigned char*.
+
+2005-06-01 Werner Koch <wk@g10code.com>
+
+ * keybox-file.c (ftello) [!HAVE_FSEEKO]: New replacement
+ function. Copied from ../common/ftello.c.
+ * keybox-update.c (fseeko) [!HAVE_FSEEKO]: New replacement
+ function. Copied from ../common/iobuf.c.
+
+2004-12-18 Werner Koch <wk@g10code.com>
+
+ * keybox-defs.h (map_assuan_err): Define in terms of
+ map_assuan_err_with_source.
+
+2004-12-07 Werner Koch <wk@g10code.com>
+
+ * keybox-init.c (keybox_release): Close the file pointer.
+
+2004-11-26 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (kbxutil_LDADD): Add ../common/libcommon.a
+
+ * keybox-defs.h: Include stringhelp.h.
+
+2004-09-30 Werner Koch <wk@g10code.com>
+
+ * kbxutil.c (i18n_init): Always use LC_ALL.
+
+ * Makefile.am: Adjusted for gettext 0.14.
+
+2004-08-24 Werner Koch <wk@g10code.de>
+
+ * kbxutil.c: New command --import-openpgp.
+ (main): Updated libgcrypt initialization stuff.
+ (my_gcry_logger): New.
+ (read_file): New. Taken from ../agent/protect-tool.
+ (dump_fpr, dump_openpgp_key, import_openpgp): New.
+
+ * keybox-openpgp.c: New.
+
+2004-06-18 Werner Koch <wk@gnupg.org>
+
+ * keybox-dump.c (_keybox_dump_file): New arg STATS_ONLY.
+ (update_stats): New.
+ * kbxutil.c (main): New command --stats.
+
+2004-04-23 Werner Koch <wk@gnupg.org>
+
+ * keybox-blob.c (_keybox_update_header_blob): New.
+ * keybox-update.c (blob_filecopy): Handle header blob.
+ * keybox-file.c (_keybox_read_blob2): New. Moved code from
+ _keybox_read_blob to there.
+ * keybox-dump.c (dump_header_blob): Print header info.
+
+2004-04-21 Werner Koch <wk@gnupg.org>
+
+ * keybox-search.c (_keybox_get_flag_location): Add flag
+ KEYBOX_FLAG_CREATED_AT.
+ * keybox-update.c (keybox_compress): New.
+
+ * keybox-search.c (get32, get16, blob_get_type)
+ (blob_get_blob_flags, has_short_kid, has_long_kid)
+ (has_fingerprint, has_issuer, has_issuer_sn, has_sn, has_subject)
+ (has_subject_or_alt, has_mail): inline them.
+
+ * keybox-update.c (blob_filecopy): Fixed an error/eof check
+ (s/if(fread)/if(nread)/).
+
+ * keybox-dump.c (_keybox_dump_blob): Really print the timestamps.
+
+2004-04-20 Werner Koch <wk@gnupg.org>
+
+ * keybox-defs.h: Include jnlib/types.h and remove our own
+ definitions for byte.u16 and u32.
+
+2004-02-02 Werner Koch <wk@gnupg.org>
+
+ * keybox.h (keybox_flag_t): New.
+ * keybox-search.c (get_flag_from_image, keybox_get_flags): New.
+ (_keybox_get_flag_location): New.
+
+2003-11-12 Werner Koch <wk@gnupg.org>
+
+ Adjusted for API changes in Libksba.
+
+ * keybox-blob.c: Include time.h
+
+2003-06-03 Werner Koch <wk@gnupg.org>
+
+ Changed all error codes in all files to the new libgpg-error scheme.
+
+ * keybox-defs.h: Include gpg-error.h .
+ (KeyboxError): Removed.
+ * Makefile.am: Removed keybox-error.c stuff.
+
+2002-11-14 Werner Koch <wk@gnupg.org>
+
+ * keybox-search.c (blob_cmp_name) <compare all names>: Fixed
+ length compare; there is no 0 stored since nearly a year.
+
+2002-10-31 Neal H. Walfield <neal@g10code.de>
+
+ * Makefile.am (AM_CPPFLAGS): Fix ytpo.
+
+2002-08-10 Werner Koch <wk@gnupg.org>
+
+ * keybox-search.c (blob_cmp_fpr_part): New.
+ (has_short_kid, has_long_kid): Implemented.
+
+2002-07-22 Werner Koch <wk@gnupg.org>
+
+ * keybox-defs.h: New BLOBTYPTE_EMPTY.
+ * keybox-dump.c (_keybox_dump_blob): Handle new type.
+ * keybox-file.c (_keybox_read_blob): Skip over empty blobs. Store
+ the file offset.
+ * keybox-blob.c (_keybox_new_blob): Add new arg OFF.
+ (_keybox_get_blob_fileoffset): New.
+ * keybox-update.c (keybox_delete): Implemented.
+
+2002-06-19 Werner Koch <wk@gnupg.org>
+
+ * keybox-init.c (keybox_set_ephemeral): New.
+ * keybox-blob.c (create_blob_header): Store ephemeral flag.
+ (_keybox_create_x509_blob): Pass epheermal flag on.
+ * keybox-update.c (keybox_insert_cert): Ditto.
+ * keybox-search.c (blob_get_blob_flags): New.
+ (keybox_search): Ignore ephemeral blobs when not in ephemeral mode.
+
+ * keybox-dump.c (_keybox_dump_blob): Print blob flags as strings.
+
+2002-02-25 Werner Koch <wk@gnupg.org>
+
+ * keybox-search.c (blob_cmp_mail): Use case-insensitive compare
+ because mail addresses are in general case insensitive (well
+ RFC2822 allows for case sensitive mailbox parts, but this is in
+ general considired a Bad Thing). Add additional substr parameter
+ to allow for substring matches within the mail address. Change
+ all callers to pass this along.
+ (blob_cmp_name): Likewise but do the case-insensitive search only
+ in sub string mode.
+ (keybox_search): Implement MAILSUB and SUBSTR mode.
+
+2002-01-21 Werner Koch <wk@gnupg.org>
+
+ * keybox-search.c (keybox_search): Allow KEYDB_SEARCH_MODE_FPR20.
+
+2002-01-15 Werner Koch <wk@gnupg.org>
+
+ * keybox-search.c (blob_cmp_fpr): New.
+ (has_fingerprint): Implemented;
+
+2001-12-20 Werner Koch <wk@gnupg.org>
+
+ * keybox-blob.c (_keybox_create_x509_blob): Skip the leading
+ parenthesis of the serial number's S-exp.
+ (_keybox_create_x509_blob): And fixed length calculation.
+ (create_blob_header): Don't add an offset when writing the serial.
+
+2001-12-18 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (AM_CPPFLAGS): Add flags for libksba
+
+ * keybox-blob.c (_keybox_create_x509_blob): Use
+ gcry_sexp_canon_len to get the length of the serial number.
+ (_keybox_release_blob): Need to use a new serialbuf to free the memory.
+
+2001-12-17 Werner Koch <wk@gnupg.org>
+
+ * keybox-search.c: Changed the way the serial number is
+ represented.
+
+2001-12-15 Werner Koch <wk@gnupg.org>
+
+ * keybox-search.c (blob_cmp_name): There is no terminating 0 stored
+ for the uid; fixed length compare.
+
+2001-12-14 Werner Koch <wk@gnupg.org>
+
+ * keybox-blob.c (x509_email_kludge): New.
+ (_keybox_create_x509_blob): Insert an extra email address if the
+ subject's DN has an email part.
+ * keybox-defs.h: Added the xtoi_2 and digitp macros.
+
+2001-12-13 Werner Koch <wk@gnupg.org>
+
+ * keybox-search.c (blob_cmp_name): Kludge to allow searching for
+ more than one name.
+ (has_subject_or_alt): New.
+ (blob_cmp_mail): New.
+ (has_mail): New.
+ (keybox_search): Implemented exact search and exact mail search.
+
+ * kbx/keybox-blob.c (_keybox_create_x509_blob): Insert alternate
+ names.
+
+
+ Copyright 2001, 2002, 2003, 2004, 2005, 2006,
+ 2007, 2008 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/kbx/Makefile.am b/kbx/Makefile.am
new file mode 100644
index 0000000..0d6a066
--- /dev/null
+++ b/kbx/Makefile.am
@@ -0,0 +1,53 @@
+# Keybox Makefile
+# Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+## Process this file with automake to produce Makefile.in
+
+localedir = $(datadir)/locale
+INCLUDES = -I../intl -DLOCALEDIR=\"$(localedir)\"
+
+EXTRA_DIST = mkerrors ChangeLog-2011
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl \
+ $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS)
+
+noinst_LIBRARIES = libkeybox.a
+bin_PROGRAMS = kbxutil
+
+common_sources = \
+ keybox.h keybox-defs.h keybox-search-desc.h \
+ keybox-util.c \
+ keybox-init.c \
+ keybox-blob.c \
+ keybox-file.c \
+ keybox-search.c \
+ keybox-update.c \
+ keybox-openpgp.c \
+ keybox-dump.c
+
+
+libkeybox_a_SOURCES = $(common_sources)
+
+# We need W32SOCKLIBS because the init subsystem code in libcommon
+# requires it - although we don't actually need it. It is easier
+# to do it this way.
+kbxutil_SOURCES = kbxutil.c $(common_sources)
+kbxutil_LDADD = ../common/libcommon.a ../jnlib/libjnlib.a ../gl/libgnu.a \
+ $(KSBA_LIBS) $(LIBGCRYPT_LIBS) \
+ $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS)
+
+$(PROGRAMS) : ../common/libcommon.a ../jnlib/libjnlib.a ../gl/libgnu.a
diff --git a/kbx/Makefile.in b/kbx/Makefile.in
new file mode 100644
index 0000000..1e4e504
--- /dev/null
+++ b/kbx/Makefile.in
@@ -0,0 +1,657 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Keybox Makefile
+# Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+bin_PROGRAMS = kbxutil$(EXEEXT)
+subdir = kbx
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+LIBRARIES = $(noinst_LIBRARIES)
+ARFLAGS = cru
+libkeybox_a_AR = $(AR) $(ARFLAGS)
+libkeybox_a_LIBADD =
+am__objects_1 = keybox-util.$(OBJEXT) keybox-init.$(OBJEXT) \
+ keybox-blob.$(OBJEXT) keybox-file.$(OBJEXT) \
+ keybox-search.$(OBJEXT) keybox-update.$(OBJEXT) \
+ keybox-openpgp.$(OBJEXT) keybox-dump.$(OBJEXT)
+am_libkeybox_a_OBJECTS = $(am__objects_1)
+libkeybox_a_OBJECTS = $(am_libkeybox_a_OBJECTS)
+am__installdirs = "$(DESTDIR)$(bindir)"
+PROGRAMS = $(bin_PROGRAMS)
+am_kbxutil_OBJECTS = kbxutil.$(OBJEXT) $(am__objects_1)
+kbxutil_OBJECTS = $(am_kbxutil_OBJECTS)
+am__DEPENDENCIES_1 =
+kbxutil_DEPENDENCIES = ../common/libcommon.a ../jnlib/libjnlib.a \
+ ../gl/libgnu.a $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/scripts/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(libkeybox_a_SOURCES) $(kbxutil_SOURCES)
+DIST_SOURCES = $(libkeybox_a_SOURCES) $(kbxutil_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = $(datadir)/locale
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+INCLUDES = -I../intl -DLOCALEDIR=\"$(localedir)\"
+EXTRA_DIST = mkerrors ChangeLog-2011
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl \
+ $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS)
+
+noinst_LIBRARIES = libkeybox.a
+common_sources = \
+ keybox.h keybox-defs.h keybox-search-desc.h \
+ keybox-util.c \
+ keybox-init.c \
+ keybox-blob.c \
+ keybox-file.c \
+ keybox-search.c \
+ keybox-update.c \
+ keybox-openpgp.c \
+ keybox-dump.c
+
+libkeybox_a_SOURCES = $(common_sources)
+
+# We need W32SOCKLIBS because the init subsystem code in libcommon
+# requires it - although we don't actually need it. It is easier
+# to do it this way.
+kbxutil_SOURCES = kbxutil.c $(common_sources)
+kbxutil_LDADD = ../common/libcommon.a ../jnlib/libjnlib.a ../gl/libgnu.a \
+ $(KSBA_LIBS) $(LIBGCRYPT_LIBS) \
+ $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu kbx/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu kbx/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLIBRARIES:
+ -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
+libkeybox.a: $(libkeybox_a_OBJECTS) $(libkeybox_a_DEPENDENCIES)
+ -rm -f libkeybox.a
+ $(libkeybox_a_AR) libkeybox.a $(libkeybox_a_OBJECTS) $(libkeybox_a_LIBADD)
+ $(RANLIB) libkeybox.a
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(bindir)" && rm -f $$files
+
+clean-binPROGRAMS:
+ -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
+kbxutil$(EXEEXT): $(kbxutil_OBJECTS) $(kbxutil_DEPENDENCIES)
+ @rm -f kbxutil$(EXEEXT)
+ $(LINK) $(kbxutil_OBJECTS) $(kbxutil_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kbxutil.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keybox-blob.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keybox-dump.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keybox-file.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keybox-init.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keybox-openpgp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keybox-search.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keybox-update.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keybox-util.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LIBRARIES) $(PROGRAMS)
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-noinstLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-binPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \
+ clean-generic clean-noinstLIBRARIES ctags distclean \
+ distclean-compile distclean-generic distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-binPROGRAMS install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-binPROGRAMS
+
+
+$(PROGRAMS) : ../common/libcommon.a ../jnlib/libjnlib.a ../gl/libgnu.a
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/kbx/kbxutil.c b/kbx/kbxutil.c
new file mode 100644
index 0000000..4592811
--- /dev/null
+++ b/kbx/kbxutil.c
@@ -0,0 +1,594 @@
+/* kbxutil.c - The Keybox utility
+ * Copyright (C) 2000, 2001, 2004, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <limits.h>
+#include <assert.h>
+
+#define JNLIB_NEED_LOG_LOGV
+#include "../jnlib/logging.h"
+#include "../jnlib/argparse.h"
+#include "../jnlib/stringhelp.h"
+#include "../jnlib/utf8conv.h"
+#include "i18n.h"
+#include "init.h"
+#include "keybox-defs.h"
+
+#include <gcrypt.h>
+
+enum cmd_and_opt_values {
+ aNull = 0,
+ oArmor = 'a',
+ oDryRun = 'n',
+ oOutput = 'o',
+ oQuiet = 'q',
+ oVerbose = 'v',
+
+ aNoSuchCmd = 500, /* force other values not to be a letter */
+ aFindByFpr,
+ aFindByKid,
+ aFindByUid,
+ aStats,
+ aImportOpenPGP,
+ aFindDups,
+ aCut,
+
+ oDebug,
+ oDebugAll,
+
+ oNoArmor,
+ oFrom,
+ oTo,
+
+ aTest
+};
+
+
+static ARGPARSE_OPTS opts[] = {
+ { 300, NULL, 0, N_("@Commands:\n ") },
+
+/* { aFindByFpr, "find-by-fpr", 0, "|FPR| find key using it's fingerprnt" }, */
+/* { aFindByKid, "find-by-kid", 0, "|KID| find key using it's keyid" }, */
+/* { aFindByUid, "find-by-uid", 0, "|NAME| find key by user name" }, */
+ { aStats, "stats", 0, "show key statistics" },
+ { aImportOpenPGP, "import-openpgp", 0, "import OpenPGP keyblocks"},
+ { aFindDups, "find-dups", 0, "find duplicates" },
+ { aCut, "cut", 0, "export records" },
+
+ { 301, NULL, 0, N_("@\nOptions:\n ") },
+
+ { oFrom, "from", 4, "|N|first record to export" },
+ { oTo, "to", 4, "|N|last record to export" },
+/* { oArmor, "armor", 0, N_("create ascii armored output")}, */
+/* { oArmor, "armour", 0, "@" }, */
+/* { oOutput, "output", 2, N_("use as output file")}, */
+ { oVerbose, "verbose", 0, N_("verbose") },
+ { oQuiet, "quiet", 0, N_("be somewhat more quiet") },
+ { oDryRun, "dry-run", 0, N_("do not make any changes") },
+
+ { oDebug, "debug" ,4|16, N_("set debugging flags")},
+ { oDebugAll, "debug-all" ,0, N_("enable full debugging")},
+
+ {0} /* end of list */
+};
+
+
+void myexit (int rc);
+
+int keybox_errors_seen = 0;
+
+
+static const char *
+my_strusage( int level )
+{
+ const char *p;
+ switch( level ) {
+ case 11: p = "kbxutil (GnuPG)";
+ break;
+ case 13: p = VERSION; break;
+ case 17: p = PRINTABLE_OS_NAME; break;
+ case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+ case 1:
+ case 40: p =
+ _("Usage: kbxutil [options] [files] (-h for help)");
+ break;
+ case 41: p =
+ _("Syntax: kbxutil [options] [files]\n"
+ "list, export, import Keybox data\n");
+ break;
+
+
+ default: p = NULL;
+ }
+ return p;
+}
+
+
+/* Used by gcry for logging */
+static void
+my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr)
+{
+ (void)dummy;
+
+ /* Map the log levels. */
+ switch (level)
+ {
+ case GCRY_LOG_CONT: level = JNLIB_LOG_CONT; break;
+ case GCRY_LOG_INFO: level = JNLIB_LOG_INFO; break;
+ case GCRY_LOG_WARN: level = JNLIB_LOG_WARN; break;
+ case GCRY_LOG_ERROR:level = JNLIB_LOG_ERROR; break;
+ case GCRY_LOG_FATAL:level = JNLIB_LOG_FATAL; break;
+ case GCRY_LOG_BUG: level = JNLIB_LOG_BUG; break;
+ case GCRY_LOG_DEBUG:level = JNLIB_LOG_DEBUG; break;
+ default: level = JNLIB_LOG_ERROR; break;
+ }
+ log_logv (level, fmt, arg_ptr);
+}
+
+
+
+/* static void */
+/* wrong_args( const char *text ) */
+/* { */
+/* log_error("usage: kbxutil %s\n", text); */
+/* myexit ( 1 ); */
+/* } */
+
+
+#if 0
+static int
+hextobyte( const byte *s )
+{
+ int c;
+
+ if( *s >= '0' && *s <= '9' )
+ c = 16 * (*s - '0');
+ else if( *s >= 'A' && *s <= 'F' )
+ c = 16 * (10 + *s - 'A');
+ else if( *s >= 'a' && *s <= 'f' )
+ c = 16 * (10 + *s - 'a');
+ else
+ return -1;
+ s++;
+ if( *s >= '0' && *s <= '9' )
+ c += *s - '0';
+ else if( *s >= 'A' && *s <= 'F' )
+ c += 10 + *s - 'A';
+ else if( *s >= 'a' && *s <= 'f' )
+ c += 10 + *s - 'a';
+ else
+ return -1;
+ return c;
+}
+#endif
+
+#if 0
+static char *
+format_fingerprint ( const char *s )
+{
+ int i, c;
+ byte fpr[20];
+
+ for (i=0; i < 20 && *s; ) {
+ if ( *s == ' ' || *s == '\t' ) {
+ s++;
+ continue;
+ }
+ c = hextobyte(s);
+ if (c == -1) {
+ return NULL;
+ }
+ fpr[i++] = c;
+ s += 2;
+ }
+ return gcry_xstrdup ( fpr );
+}
+#endif
+
+#if 0
+static int
+format_keyid ( const char *s, u32 *kid )
+{
+ char helpbuf[9];
+ switch ( strlen ( s ) ) {
+ case 8:
+ kid[0] = 0;
+ kid[1] = strtoul( s, NULL, 16 );
+ return 10;
+
+ case 16:
+ mem2str( helpbuf, s, 9 );
+ kid[0] = strtoul( helpbuf, NULL, 16 );
+ kid[1] = strtoul( s+8, NULL, 16 );
+ return 11;
+ }
+ return 0; /* error */
+}
+#endif
+
+static char *
+read_file (const char *fname, size_t *r_length)
+{
+ FILE *fp;
+ char *buf;
+ size_t buflen;
+
+ if (!strcmp (fname, "-"))
+ {
+ size_t nread, bufsize = 0;
+
+ fp = stdin;
+ buf = NULL;
+ buflen = 0;
+#define NCHUNK 8192
+ do
+ {
+ bufsize += NCHUNK;
+ if (!buf)
+ buf = xtrymalloc (bufsize);
+ else
+ buf = xtryrealloc (buf, bufsize);
+ if (!buf)
+ log_fatal ("can't allocate buffer: %s\n", strerror (errno));
+
+ nread = fread (buf+buflen, 1, NCHUNK, fp);
+ if (nread < NCHUNK && ferror (fp))
+ {
+ log_error ("error reading `[stdin]': %s\n", strerror (errno));
+ xfree (buf);
+ return NULL;
+ }
+ buflen += nread;
+ }
+ while (nread == NCHUNK);
+#undef NCHUNK
+
+ }
+ else
+ {
+ struct stat st;
+
+ fp = fopen (fname, "rb");
+ if (!fp)
+ {
+ log_error ("can't open `%s': %s\n", fname, strerror (errno));
+ return NULL;
+ }
+
+ if (fstat (fileno(fp), &st))
+ {
+ log_error ("can't stat `%s': %s\n", fname, strerror (errno));
+ fclose (fp);
+ return NULL;
+ }
+
+ buflen = st.st_size;
+ buf = xtrymalloc (buflen+1);
+ if (!buf)
+ log_fatal ("can't allocate buffer: %s\n", strerror (errno));
+ if (fread (buf, buflen, 1, fp) != 1)
+ {
+ log_error ("error reading `%s': %s\n", fname, strerror (errno));
+ fclose (fp);
+ xfree (buf);
+ return NULL;
+ }
+ fclose (fp);
+ }
+
+ *r_length = buflen;
+ return buf;
+}
+
+
+static void
+dump_fpr (const unsigned char *buffer, size_t len)
+{
+ int i;
+
+ for (i=0; i < len; i++, buffer++)
+ {
+ if (len == 20)
+ {
+ if (i == 10)
+ putchar (' ');
+ printf (" %02X%02X", buffer[0], buffer[1]);
+ i++; buffer++;
+ }
+ else
+ {
+ if (i && !(i % 8))
+ putchar (' ');
+ printf (" %02X", buffer[0]);
+ }
+ }
+}
+
+
+static void
+dump_openpgp_key (keybox_openpgp_info_t info, const unsigned char *image)
+{
+ printf ("pub %02X%02X%02X%02X",
+ info->primary.keyid[4], info->primary.keyid[5],
+ info->primary.keyid[6], info->primary.keyid[7] );
+ dump_fpr (info->primary.fpr, info->primary.fprlen);
+ putchar ('\n');
+ if (info->nsubkeys)
+ {
+ struct _keybox_openpgp_key_info *k;
+
+ k = &info->subkeys;
+ do
+ {
+ printf ("sub %02X%02X%02X%02X",
+ k->keyid[4], k->keyid[5],
+ k->keyid[6], k->keyid[7] );
+ dump_fpr (k->fpr, k->fprlen);
+ putchar ('\n');
+ k = k->next;
+ }
+ while (k);
+ }
+ if (info->nuids)
+ {
+ struct _keybox_openpgp_uid_info *u;
+
+ u = &info->uids;
+ do
+ {
+ printf ("uid\t\t%.*s\n", (int)u->len, image + u->off);
+ u = u->next;
+ }
+ while (u);
+ }
+}
+
+
+static void
+import_openpgp (const char *filename)
+{
+ gpg_error_t err;
+ char *buffer;
+ size_t buflen, nparsed;
+ unsigned char *p;
+ struct _keybox_openpgp_info info;
+
+ buffer = read_file (filename, &buflen);
+ if (!buffer)
+ return;
+ p = (unsigned char *)buffer;
+ for (;;)
+ {
+ err = _keybox_parse_openpgp (p, buflen, &nparsed, &info);
+ assert (nparsed <= buflen);
+ if (err)
+ {
+ if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+ break;
+ log_info ("%s: failed to parse OpenPGP keyblock: %s\n",
+ filename, gpg_strerror (err));
+ }
+ else
+ {
+ dump_openpgp_key (&info, p);
+ _keybox_destroy_openpgp_info (&info);
+ }
+ p += nparsed;
+ buflen -= nparsed;
+ }
+ xfree (buffer);
+}
+
+
+
+
+int
+main( int argc, char **argv )
+{
+ ARGPARSE_ARGS pargs;
+ enum cmd_and_opt_values cmd = 0;
+ unsigned long from = 0, to = ULONG_MAX;
+
+ set_strusage( my_strusage );
+ gcry_control (GCRYCTL_DISABLE_SECMEM);
+ log_set_prefix ("kbxutil", 1);
+
+ /* Make sure that our subsystems are ready. */
+ i18n_init ();
+ init_common_subsystems ();
+
+ /* Check that the libraries are suitable. Do it here because
+ the option parsing may need services of the library. */
+ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
+ {
+ log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt",
+ NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
+ }
+
+ gcry_set_log_handler (my_gcry_logger, NULL);
+
+ /*create_dotlock(NULL); register locking cleanup */
+
+ /* We need to use the gcry malloc function because jnlib does use them */
+ keybox_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
+ ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
+
+
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags= 1; /* do not remove the args */
+ while (arg_parse( &pargs, opts) )
+ {
+ switch (pargs.r_opt)
+ {
+ case oVerbose:
+ /*opt.verbose++;*/
+ /*gcry_control( GCRYCTL_SET_VERBOSITY, (int)opt.verbose );*/
+ break;
+ case oDebug:
+ /*opt.debug |= pargs.r.ret_ulong; */
+ break;
+ case oDebugAll:
+ /*opt.debug = ~0;*/
+ break;
+
+ case aFindByFpr:
+ case aFindByKid:
+ case aFindByUid:
+ case aStats:
+ case aImportOpenPGP:
+ case aFindDups:
+ case aCut:
+ cmd = pargs.r_opt;
+ break;
+
+ case oFrom: from = pargs.r.ret_ulong; break;
+ case oTo: to = pargs.r.ret_ulong; break;
+
+ default:
+ pargs.err = 2;
+ break;
+ }
+ }
+
+ if (to < from)
+ log_error ("record number of \"--to\" is lower than \"--from\" one\n");
+
+
+ if (log_get_errorcount(0) )
+ myexit(2);
+
+ if (!cmd)
+ { /* Default is to list a KBX file */
+ if (!argc)
+ _keybox_dump_file (NULL, 0, stdout);
+ else
+ {
+ for (; argc; argc--, argv++)
+ _keybox_dump_file (*argv, 0, stdout);
+ }
+ }
+ else if (cmd == aStats )
+ {
+ if (!argc)
+ _keybox_dump_file (NULL, 1, stdout);
+ else
+ {
+ for (; argc; argc--, argv++)
+ _keybox_dump_file (*argv, 1, stdout);
+ }
+ }
+ else if (cmd == aFindDups )
+ {
+ if (!argc)
+ _keybox_dump_find_dups (NULL, 0, stdout);
+ else
+ {
+ for (; argc; argc--, argv++)
+ _keybox_dump_find_dups (*argv, 0, stdout);
+ }
+ }
+ else if (cmd == aCut )
+ {
+ if (!argc)
+ _keybox_dump_cut_records (NULL, from, to, stdout);
+ else
+ {
+ for (; argc; argc--, argv++)
+ _keybox_dump_cut_records (*argv, from, to, stdout);
+ }
+ }
+ else if (cmd == aImportOpenPGP)
+ {
+ if (!argc)
+ import_openpgp ("-");
+ else
+ {
+ for (; argc; argc--, argv++)
+ import_openpgp (*argv);
+ }
+ }
+#if 0
+ else if ( cmd == aFindByFpr )
+ {
+ char *fpr;
+ if ( argc != 2 )
+ wrong_args ("kbxfile foingerprint");
+ fpr = format_fingerprint ( argv[1] );
+ if ( !fpr )
+ log_error ("invalid formatted fingerprint\n");
+ else
+ {
+ kbxfile_search_by_fpr ( argv[0], fpr );
+ gcry_free ( fpr );
+ }
+ }
+ else if ( cmd == aFindByKid )
+ {
+ u32 kid[2];
+ int mode;
+
+ if ( argc != 2 )
+ wrong_args ("kbxfile short-or-long-keyid");
+ mode = format_keyid ( argv[1], kid );
+ if ( !mode )
+ log_error ("invalid formatted keyID\n");
+ else
+ {
+ kbxfile_search_by_kid ( argv[0], kid, mode );
+ }
+ }
+ else if ( cmd == aFindByUid )
+ {
+ if ( argc != 2 )
+ wrong_args ("kbxfile userID");
+ kbxfile_search_by_uid ( argv[0], argv[1] );
+ }
+#endif
+ else
+ log_error ("unsupported action\n");
+
+ myexit(0);
+ return 8; /*NEVER REACHED*/
+}
+
+
+void
+myexit( int rc )
+{
+ /* if( opt.debug & DBG_MEMSTAT_VALUE ) {*/
+/* gcry_control( GCRYCTL_DUMP_MEMORY_STATS ); */
+/* gcry_control( GCRYCTL_DUMP_RANDOM_STATS ); */
+ /* }*/
+/* if( opt.debug ) */
+/* gcry_control( GCRYCTL_DUMP_SECMEM_STATS ); */
+ rc = rc? rc : log_get_errorcount(0)? 2 :
+ keybox_errors_seen? 1 : 0;
+ exit(rc );
+}
+
+
diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c
new file mode 100644
index 0000000..01d4ba2
--- /dev/null
+++ b/kbx/keybox-blob.c
@@ -0,0 +1,1047 @@
+/* keybox-blob.c - KBX Blob handling
+ * Copyright (C) 2000, 2001, 2002, 2003, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/* The keybox data formats
+
+The KeyBox uses an augmented OpenPGP/X.509 key format. This makes
+random access to a keyblock/certificate easier and also gives the
+opportunity to store additional information (e.g. the fingerprint)
+along with the key. All integers are stored in network byte order,
+offsets are counted from the beginning of the Blob.
+
+The first record of a plain KBX file has a special format:
+
+ u32 length of the first record
+ byte Blob type (1)
+ byte version number (1)
+ byte reserved
+ byte reserved
+ u32 magic 'KBXf'
+ u32 reserved
+ u32 file_created_at
+ u32 last_maintenance_run
+ u32 reserved
+ u32 reserved
+
+The OpenPGP and X.509 blob are very similiar, things which are
+X.509 specific are noted like [X.509: xxx]
+
+ u32 length of this blob (including these 4 bytes)
+ byte Blob type (2) [X509: 3]
+ byte version number of this blob type (1)
+ u16 Blob flags
+ bit 0 = contains secret key material
+ bit 1 = ephemeral blob (e.g. used while quering external resources)
+
+ u32 offset to the OpenPGP keyblock or X509 DER encoded certificate
+ u32 and its length
+ u16 number of keys (at least 1!) [X509: always 1]
+ u16 size of additional key information
+ n times:
+ b20 The keys fingerprint
+ (fingerprints are always 20 bytes, MD5 left padded with zeroes)
+ u32 offset to the n-th key's keyID (a keyID is always 8 byte)
+ or 0 if not known which is the case only for X509.
+ u16 special key flags
+ bit 0 = qualified signature (not yet implemented}
+ u16 reserved
+ u16 size of serialnumber(may be zero)
+ n u16 (see above) bytes of serial number
+ u16 number of user IDs
+ u16 size of additional user ID information
+ n times:
+ u32 offset to the n-th user ID
+ u32 length of this user ID.
+ u16 special user ID flags.
+ bit 0 =
+ byte validity
+ byte reserved
+ [For X509, the first user ID is the Issuer, the second the Subject
+ and the others are subjectAltNames]
+ u16 number of signatures
+ u16 size of signature information (4)
+ u32 expiration time of signature with some special values:
+ 0x00000000 = not checked
+ 0x00000001 = missing key
+ 0x00000002 = bad signature
+ 0x10000000 = valid and expires at some date in 1978.
+ 0xffffffff = valid and does not expire
+ u8 assigned ownertrust [X509: not used]
+ u8 all_validity
+ OpenPGP: see ../g10/trustdb/TRUST_* [not yet used]
+ X509: Bit 4 set := key has been revoked. Note that this value
+ matches TRUST_FLAG_REVOKED
+ u16 reserved
+ u32 recheck_after
+ u32 Newest timestamp in the keyblock (useful for KS syncronsiation?)
+ u32 Blob created at
+ u32 size of reserved space (not including this field)
+ reserved space
+
+ Here we might want to put other data
+
+ Here comes the keyblock
+
+ maybe we put a signature here later.
+
+ b16 MD5 checksum (useful for KS syncronisation), we might also want to use
+ a mac here.
+ b4 reserved
+
+*/
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <time.h>
+
+#include "keybox-defs.h"
+#include <gcrypt.h>
+
+#ifdef KEYBOX_WITH_OPENPGP
+/* include stuff to parse the packets */
+#endif
+#ifdef KEYBOX_WITH_X509
+#include <ksba.h>
+#endif
+
+
+
+/* special values of the signature status */
+#define SF_NONE(a) ( !(a) )
+#define SF_NOKEY(a) ((a) & (1<<0))
+#define SF_BAD(a) ((a) & (1<<1))
+#define SF_VALID(a) ((a) & (1<<29))
+
+
+struct membuf {
+ size_t len;
+ size_t size;
+ char *buf;
+ int out_of_core;
+};
+
+
+/* #if MAX_FINGERPRINT_LEN < 20 */
+/* #error fingerprints are 20 bytes */
+/* #endif */
+
+struct keyboxblob_key {
+ char fpr[20];
+ u32 off_kid;
+ ulong off_kid_addr;
+ u16 flags;
+};
+struct keyboxblob_uid {
+ ulong off_addr;
+ char *name; /* used only with x509 */
+ u32 len;
+ u16 flags;
+ byte validity;
+};
+
+struct keyid_list {
+ struct keyid_list *next;
+ int seqno;
+ byte kid[8];
+};
+
+struct fixup_list {
+ struct fixup_list *next;
+ u32 off;
+ u32 val;
+};
+
+
+struct keyboxblob {
+ byte *blob;
+ size_t bloblen;
+ off_t fileoffset;
+
+ /* stuff used only by keybox_create_blob */
+ unsigned char *serialbuf;
+ const unsigned char *serial;
+ size_t seriallen;
+ int nkeys;
+ struct keyboxblob_key *keys;
+ int nuids;
+ struct keyboxblob_uid *uids;
+ int nsigs;
+ u32 *sigs;
+ struct fixup_list *fixups;
+ int fixup_out_of_core;
+
+ struct keyid_list *temp_kids;
+ struct membuf bufbuf; /* temporary store for the blob */
+ struct membuf *buf;
+};
+
+
+
+/* A simple implemention of a dynamic buffer. Use init_membuf() to
+ create a buffer, put_membuf to append bytes and get_membuf to
+ release and return the buffer. Allocation errors are detected but
+ only returned at the final get_membuf(), this helps not to clutter
+ the code with out of core checks. */
+
+static void
+init_membuf (struct membuf *mb, int initiallen)
+{
+ mb->len = 0;
+ mb->size = initiallen;
+ mb->out_of_core = 0;
+ mb->buf = xtrymalloc (initiallen);
+ if (!mb->buf)
+ mb->out_of_core = 1;
+}
+
+static void
+put_membuf (struct membuf *mb, const void *buf, size_t len)
+{
+ if (mb->out_of_core)
+ return;
+
+ if (mb->len + len >= mb->size)
+ {
+ char *p;
+
+ mb->size += len + 1024;
+ p = xtryrealloc (mb->buf, mb->size);
+ if (!p)
+ {
+ mb->out_of_core = 1;
+ return;
+ }
+ mb->buf = p;
+ }
+ memcpy (mb->buf + mb->len, buf, len);
+ mb->len += len;
+}
+
+static void *
+get_membuf (struct membuf *mb, size_t *len)
+{
+ char *p;
+
+ if (mb->out_of_core)
+ {
+ xfree (mb->buf);
+ mb->buf = NULL;
+ return NULL;
+ }
+
+ p = mb->buf;
+ *len = mb->len;
+ mb->buf = NULL;
+ mb->out_of_core = 1; /* don't allow a reuse */
+ return p;
+}
+
+
+static void
+put8 (struct membuf *mb, byte a )
+{
+ put_membuf (mb, &a, 1);
+}
+
+static void
+put16 (struct membuf *mb, u16 a )
+{
+ unsigned char tmp[2];
+ tmp[0] = a>>8;
+ tmp[1] = a;
+ put_membuf (mb, tmp, 2);
+}
+
+static void
+put32 (struct membuf *mb, u32 a )
+{
+ unsigned char tmp[4];
+ tmp[0] = a>>24;
+ tmp[1] = a>>16;
+ tmp[2] = a>>8;
+ tmp[3] = a;
+ put_membuf (mb, tmp, 4);
+}
+
+
+/* Store a value in the fixup list */
+static void
+add_fixup (KEYBOXBLOB blob, u32 off, u32 val)
+{
+ struct fixup_list *fl;
+
+ if (blob->fixup_out_of_core)
+ return;
+
+ fl = xtrycalloc(1, sizeof *fl);
+ if (!fl)
+ blob->fixup_out_of_core = 1;
+ else
+ {
+ fl->off = off;
+ fl->val = val;
+ fl->next = blob->fixups;
+ blob->fixups = fl;
+ }
+}
+
+
+/*
+ Some wrappers
+*/
+
+static u32
+make_timestamp (void)
+{
+ return time(NULL);
+}
+
+
+
+#ifdef KEYBOX_WITH_OPENPGP
+/*
+ OpenPGP specific stuff
+*/
+
+
+/*
+ We must store the keyid at some place because we can't calculate the
+ offset yet. This is only used for v3 keyIDs. Function returns an
+ index value for later fixup or -1 for out of core. The value must be
+ a non-zero value */
+static int
+pgp_temp_store_kid (KEYBOXBLOB blob, PKT_public_key *pk)
+{
+ struct keyid_list *k, *r;
+
+ k = xtrymalloc (sizeof *k);
+ if (!k)
+ return -1;
+ k->kid[0] = pk->keyid[0] >> 24 ;
+ k->kid[1] = pk->keyid[0] >> 16 ;
+ k->kid[2] = pk->keyid[0] >> 8 ;
+ k->kid[3] = pk->keyid[0] ;
+ k->kid[4] = pk->keyid[0] >> 24 ;
+ k->kid[5] = pk->keyid[0] >> 16 ;
+ k->kid[6] = pk->keyid[0] >> 8 ;
+ k->kid[7] = pk->keyid[0] ;
+ k->seqno = 0;
+ k->next = blob->temp_kids;
+ blob->temp_kids = k;
+ for (r=k; r; r = r->next)
+ k->seqno++;
+
+ return k->seqno;
+}
+
+static int
+pgp_create_key_part (KEYBOXBLOB blob, KBNODE keyblock)
+{
+ KBNODE node;
+ size_t fprlen;
+ int n;
+
+ for (n=0, node = keyblock; node; node = node->next)
+ {
+ if ( node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ {
+ PKT_public_key *pk = node->pkt->pkt.public_key;
+ char tmp[20];
+
+ fingerprint_from_pk (pk, tmp , &fprlen);
+ memcpy (blob->keys[n].fpr, tmp, 20);
+ if ( fprlen != 20 ) /*v3 fpr - shift right and fill with zeroes*/
+ {
+ assert (fprlen == 16);
+ memmove (blob->keys[n].fpr+4, blob->keys[n].fpr, 16);
+ memset (blob->keys[n].fpr, 0, 4);
+ blob->keys[n].off_kid = pgp_temp_store_kid (blob, pk);
+ }
+ else
+ {
+ blob->keys[n].off_kid = 0; /* will be fixed up later */
+ }
+ blob->keys[n].flags = 0;
+ n++;
+ }
+ else if ( node->pkt->pkttype == PKT_SECRET_KEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY )
+ {
+ never_reached (); /* actually not yet implemented */
+ }
+ }
+ assert (n == blob->nkeys);
+ return 0;
+}
+
+static int
+pgp_create_uid_part (KEYBOXBLOB blob, KBNODE keyblock)
+{
+ KBNODE node;
+ int n;
+
+ for (n=0, node = keyblock; node; node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID)
+ {
+ PKT_user_id *u = node->pkt->pkt.user_id;
+
+ blob->uids[n].len = u->len;
+ blob->uids[n].flags = 0;
+ blob->uids[n].validity = 0;
+ n++;
+ }
+ }
+ assert (n == blob->nuids);
+ return 0;
+}
+
+static int
+pgp_create_sig_part (KEYBOXBLOB blob, KBNODE keyblock)
+{
+ KBNODE node;
+ int n;
+
+ for (n=0, node = keyblock; node; node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_SIGNATURE)
+ {
+ PKT_signature *sig = node->pkt->pkt.signature;
+
+ blob->sigs[n] = 0; /* FIXME: check the signature here */
+ n++;
+ }
+ }
+ assert( n == blob->nsigs );
+ return 0;
+}
+
+static int
+pgp_create_blob_keyblock (KEYBOXBLOB blob, KBNODE keyblock)
+{
+ struct membuf *a = blob->buf;
+ KBNODE node;
+ int rc;
+ int n;
+ u32 kbstart = a->len;
+
+ add_fixup (blob, kbstart);
+
+ for (n = 0, node = keyblock; node; node = node->next)
+ {
+ rc = build_packet ( a, node->pkt );
+ if ( rc ) {
+ gpg_log_error ("build_packet(%d) for keyboxblob failed: %s\n",
+ node->pkt->pkttype, gpg_errstr(rc) );
+ return GPGERR_WRITE_FILE;
+ }
+ if ( node->pkt->pkttype == PKT_USER_ID )
+ {
+ PKT_user_id *u = node->pkt->pkt.user_id;
+ /* build_packet has set the offset of the name into u ;
+ * now we can do the fixup */
+ add_fixup (blob, blob->uids[n].off_addr, u->stored_at);
+ n++;
+ }
+ }
+ assert (n == blob->nuids);
+
+ add_fixup (blob, a->len - kbstart);
+ return 0;
+}
+
+#endif /*KEYBOX_WITH_OPENPGP*/
+
+
+#ifdef KEYBOX_WITH_X509
+/*
+ X.509 specific stuff
+ */
+
+/* Write the raw certificate out */
+static int
+x509_create_blob_cert (KEYBOXBLOB blob, ksba_cert_t cert)
+{
+ struct membuf *a = blob->buf;
+ const unsigned char *image;
+ size_t length;
+ u32 kbstart = a->len;
+
+ /* Store our offset for later fixup */
+ add_fixup (blob, 8, kbstart);
+
+ image = ksba_cert_get_image (cert, &length);
+ if (!image)
+ return gpg_error (GPG_ERR_GENERAL);
+ put_membuf (a, image, length);
+
+ add_fixup (blob, 12, a->len - kbstart);
+ return 0;
+}
+
+#endif /*KEYBOX_WITH_X509*/
+
+/* Write a stored keyID out to the buffer */
+static void
+write_stored_kid (KEYBOXBLOB blob, int seqno)
+{
+ struct keyid_list *r;
+
+ for ( r = blob->temp_kids; r; r = r->next )
+ {
+ if (r->seqno == seqno )
+ {
+ put_membuf (blob->buf, r->kid, 8);
+ return;
+ }
+ }
+ never_reached ();
+}
+
+/* Release a list of key IDs */
+static void
+release_kid_list (struct keyid_list *kl)
+{
+ struct keyid_list *r, *r2;
+
+ for ( r = kl; r; r = r2 )
+ {
+ r2 = r->next;
+ xfree (r);
+ }
+}
+
+
+
+static int
+create_blob_header (KEYBOXBLOB blob, int blobtype, int as_ephemeral)
+{
+ struct membuf *a = blob->buf;
+ int i;
+
+ put32 ( a, 0 ); /* blob length, needs fixup */
+ put8 ( a, blobtype);
+ put8 ( a, 1 ); /* blob type version */
+ put16 ( a, as_ephemeral? 2:0 ); /* blob flags */
+
+ put32 ( a, 0 ); /* offset to the raw data, needs fixup */
+ put32 ( a, 0 ); /* length of the raw data, needs fixup */
+
+ put16 ( a, blob->nkeys );
+ put16 ( a, 20 + 4 + 2 + 2 ); /* size of key info */
+ for ( i=0; i < blob->nkeys; i++ )
+ {
+ put_membuf (a, blob->keys[i].fpr, 20);
+ blob->keys[i].off_kid_addr = a->len;
+ put32 ( a, 0 ); /* offset to keyid, fixed up later */
+ put16 ( a, blob->keys[i].flags );
+ put16 ( a, 0 ); /* reserved */
+ }
+
+ put16 (a, blob->seriallen); /*fixme: check that it fits into 16 bits*/
+ if (blob->serial)
+ put_membuf (a, blob->serial, blob->seriallen);
+
+ put16 ( a, blob->nuids );
+ put16 ( a, 4 + 4 + 2 + 1 + 1 ); /* size of uid info */
+ for (i=0; i < blob->nuids; i++)
+ {
+ blob->uids[i].off_addr = a->len;
+ put32 ( a, 0 ); /* offset to userid, fixed up later */
+ put32 ( a, blob->uids[i].len );
+ put16 ( a, blob->uids[i].flags );
+ put8 ( a, 0 ); /* validity */
+ put8 ( a, 0 ); /* reserved */
+ }
+
+ put16 ( a, blob->nsigs );
+ put16 ( a, 4 ); /* size of sig info */
+ for (i=0; i < blob->nsigs; i++)
+ {
+ put32 ( a, blob->sigs[i]);
+ }
+
+ put8 ( a, 0 ); /* assigned ownertrust */
+ put8 ( a, 0 ); /* validity of all user IDs */
+ put16 ( a, 0 ); /* reserved */
+ put32 ( a, 0 ); /* time of next recheck */
+ put32 ( a, 0 ); /* newest timestamp (none) */
+ put32 ( a, make_timestamp() ); /* creation time */
+ put32 ( a, 0 ); /* size of reserved space */
+ /* reserved space (which is currently of size 0) */
+
+ /* space where we write keyIDs and and other stuff so that the
+ pointers can actually point to somewhere */
+ if (blobtype == BLOBTYPE_PGP)
+ {
+ /* We need to store the keyids for all pgp v3 keys because those key
+ IDs are not part of the fingerprint. While we are doing that, we
+ fixup all the keyID offsets */
+ for (i=0; i < blob->nkeys; i++ )
+ {
+ if (blob->keys[i].off_kid)
+ { /* this is a v3 one */
+ add_fixup (blob, blob->keys[i].off_kid_addr, a->len);
+ write_stored_kid (blob, blob->keys[i].off_kid);
+ }
+ else
+ { /* the better v4 key IDs - just store an offset 8 bytes back */
+ add_fixup (blob, blob->keys[i].off_kid_addr,
+ blob->keys[i].off_kid_addr - 8);
+ }
+ }
+ }
+
+ if (blobtype == BLOBTYPE_X509)
+ {
+ /* We don't want to point to ASN.1 encoded UserIDs (DNs) but to
+ the utf-8 string represenation of them */
+ for (i=0; i < blob->nuids; i++ )
+ {
+ if (blob->uids[i].name)
+ { /* this is a v3 one */
+ add_fixup (blob, blob->uids[i].off_addr, a->len);
+ put_membuf (blob->buf, blob->uids[i].name, blob->uids[i].len);
+ }
+ }
+ }
+
+ return 0;
+}
+
+
+
+static int
+create_blob_trailer (KEYBOXBLOB blob)
+{
+ (void)blob;
+ return 0;
+}
+
+
+static int
+create_blob_finish (KEYBOXBLOB blob)
+{
+ struct membuf *a = blob->buf;
+ unsigned char *p;
+ unsigned char *pp;
+ int i;
+ size_t n;
+
+ /* write a placeholder for the checksum */
+ for (i = 0; i < 16; i++ )
+ put32 (a, 0); /* Hmmm: why put32() ?? */
+
+ /* get the memory area */
+ n = 0; /* (Just to avoid compiler warning.) */
+ p = get_membuf (a, &n);
+ if (!p)
+ return gpg_error (GPG_ERR_ENOMEM);
+ assert (n >= 20);
+
+ /* fixup the length */
+ add_fixup (blob, 0, n);
+
+ /* do the fixups */
+ if (blob->fixup_out_of_core)
+ return gpg_error (GPG_ERR_ENOMEM);
+
+ {
+ struct fixup_list *fl;
+ for (fl = blob->fixups; fl; fl = fl->next)
+ {
+ assert (fl->off+4 <= n);
+ p[fl->off+0] = fl->val >> 24;
+ p[fl->off+1] = fl->val >> 16;
+ p[fl->off+2] = fl->val >> 8;
+ p[fl->off+3] = fl->val;
+ }
+ }
+
+ /* calculate and store the MD5 checksum */
+ gcry_md_hash_buffer (GCRY_MD_MD5, p + n - 16, p, n - 16);
+
+ pp = xtrymalloc (n);
+ if ( !pp )
+ return gpg_error_from_syserror ();
+ memcpy (pp , p, n);
+ blob->blob = pp;
+ blob->bloblen = n;
+
+ return 0;
+}
+
+
+#ifdef KEYBOX_WITH_OPENPGP
+
+int
+_keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock, int as_ephemeral)
+{
+ int rc = 0;
+ KBNODE node;
+ KEYBOXBLOB blob;
+
+ *r_blob = NULL;
+ blob = xtrycalloc (1, sizeof *blob);
+ if (!blob)
+ return gpg_error_from_syserror ();
+
+ /* fixme: Do some sanity checks on the keyblock */
+
+ /* count userids and keys so that we can allocate the arrays */
+ for (node = keyblock; node; node = node->next)
+ {
+ switch (node->pkt->pkttype)
+ {
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_KEY:
+ case PKT_PUBLIC_SUBKEY:
+ case PKT_SECRET_SUBKEY: blob->nkeys++; break;
+ case PKT_USER_ID: blob->nuids++; break;
+ case PKT_SIGNATURE: blob->nsigs++; break;
+ default: break;
+ }
+ }
+
+ blob->keys = xtrycalloc (blob->nkeys, sizeof *blob->keys );
+ blob->uids = xtrycalloc (blob->nuids, sizeof *blob->uids );
+ blob->sigs = xtrycalloc (blob->nsigs, sizeof *blob->sigs );
+ if (!blob->keys || !blob->uids || !blob->sigs)
+ {
+ rc = gpg_error (GPG_ERR_ENOMEM);
+ goto leave;
+ }
+
+ rc = pgp_create_key_part ( blob, keyblock );
+ if (rc)
+ goto leave;
+ rc = pgp_create_uid_part ( blob, keyblock );
+ if (rc)
+ goto leave;
+ rc = pgp_create_sig_part ( blob, keyblock );
+ if (rc)
+ goto leave;
+
+ init_membuf (&blob->bufbuf, 1024);
+ blob->buf = &blob->bufbuf;
+ rc = create_blob_header (blob, BLOBTYPE_OPENPGP, as_ephemeral);
+ if (rc)
+ goto leave;
+ rc = pgp_create_blob_keyblock (blob, keyblock);
+ if (rc)
+ goto leave;
+ rc = create_blob_trailer (blob);
+ if (rc)
+ goto leave;
+ rc = create_blob_finish ( blob );
+ if (rc)
+ goto leave;
+
+
+ leave:
+ release_kid_list (blob->temp_kids);
+ blob->temp_kids = NULL;
+ if (rc)
+ {
+ keybox_release_blob (blob);
+ *r_blob = NULL;
+ }
+ else
+ {
+ *r_blob = blob;
+ }
+ return rc;
+}
+#endif /*KEYBOX_WITH_OPENPGP*/
+
+#ifdef KEYBOX_WITH_X509
+
+/* Return an allocated string with the email address extracted from a
+ DN. Note hat we use this code also in ../sm/keylist.c. */
+static char *
+x509_email_kludge (const char *name)
+{
+ const char *p, *string;
+ unsigned char *buf;
+ int n;
+
+ string = name;
+ for (;;)
+ {
+ p = strstr (string, "1.2.840.113549.1.9.1=#");
+ if (!p)
+ return NULL;
+ if (p == name || (p > string+1 && p[-1] == ',' && p[-2] != '\\'))
+ {
+ name = p + 22;
+ break;
+ }
+ string = p + 22;
+ }
+
+
+ /* This looks pretty much like an email address in the subject's DN
+ we use this to add an additional user ID entry. This way,
+ OpenSSL generated keys get a nicer and usable listing. */
+ for (n=0, p=name; hexdigitp (p) && hexdigitp (p+1); p +=2, n++)
+ ;
+ if (!n)
+ return NULL;
+ buf = xtrymalloc (n+3);
+ if (!buf)
+ return NULL; /* oops, out of core */
+ *buf = '<';
+ for (n=1, p=name; hexdigitp (p); p +=2, n++)
+ buf[n] = xtoi_2 (p);
+ buf[n++] = '>';
+ buf[n] = 0;
+ return (char*)buf;
+}
+
+
+
+/* Note: We should move calculation of the digest into libksba and
+ remove that parameter */
+int
+_keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
+ unsigned char *sha1_digest, int as_ephemeral)
+{
+ int i, rc = 0;
+ KEYBOXBLOB blob;
+ unsigned char *sn;
+ char *p;
+ char **names = NULL;
+ size_t max_names;
+
+ *r_blob = NULL;
+ blob = xtrycalloc (1, sizeof *blob);
+ if( !blob )
+ return gpg_error_from_syserror ();
+
+ sn = ksba_cert_get_serial (cert);
+ if (sn)
+ {
+ size_t n, len;
+ n = gcry_sexp_canon_len (sn, 0, NULL, NULL);
+ if (n < 2)
+ {
+ xfree (sn);
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+ blob->serialbuf = sn;
+ sn++; n--; /* skip '(' */
+ for (len=0; n && *sn && *sn != ':' && digitp (sn); n--, sn++)
+ len = len*10 + atoi_1 (sn);
+ if (*sn != ':')
+ {
+ xfree (blob->serialbuf);
+ blob->serialbuf = NULL;
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+ sn++;
+ blob->serial = sn;
+ blob->seriallen = len;
+ }
+
+ blob->nkeys = 1;
+
+ /* create list of names */
+ blob->nuids = 0;
+ max_names = 100;
+ names = xtrymalloc (max_names * sizeof *names);
+ if (!names)
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
+
+ p = ksba_cert_get_issuer (cert, 0);
+ if (!p)
+ {
+ rc = gpg_error (GPG_ERR_MISSING_VALUE);
+ goto leave;
+ }
+ names[blob->nuids++] = p;
+ for (i=0; (p = ksba_cert_get_subject (cert, i)); i++)
+ {
+ if (blob->nuids >= max_names)
+ {
+ char **tmp;
+
+ max_names += 100;
+ tmp = xtryrealloc (names, max_names * sizeof *names);
+ if (!tmp)
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
+ names = tmp;
+ }
+ names[blob->nuids++] = p;
+ if (!i && (p=x509_email_kludge (p)))
+ names[blob->nuids++] = p; /* due to !i we don't need to check bounds*/
+ }
+
+ /* space for signature information */
+ blob->nsigs = 1;
+
+ blob->keys = xtrycalloc (blob->nkeys, sizeof *blob->keys );
+ blob->uids = xtrycalloc (blob->nuids, sizeof *blob->uids );
+ blob->sigs = xtrycalloc (blob->nsigs, sizeof *blob->sigs );
+ if (!blob->keys || !blob->uids || !blob->sigs)
+ {
+ rc = gpg_error (GPG_ERR_ENOMEM);
+ goto leave;
+ }
+
+ memcpy (blob->keys[0].fpr, sha1_digest, 20);
+ blob->keys[0].off_kid = 0; /* We don't have keyids */
+ blob->keys[0].flags = 0;
+
+ /* issuer and subject names */
+ for (i=0; i < blob->nuids; i++)
+ {
+ blob->uids[i].name = names[i];
+ blob->uids[i].len = strlen(names[i]);
+ names[i] = NULL;
+ blob->uids[i].flags = 0;
+ blob->uids[i].validity = 0;
+ }
+ xfree (names);
+ names = NULL;
+
+ /* signatures */
+ blob->sigs[0] = 0; /* not yet checked */
+
+ /* Create a temporary buffer for further processing */
+ init_membuf (&blob->bufbuf, 1024);
+ blob->buf = &blob->bufbuf;
+ /* write out what we already have */
+ rc = create_blob_header (blob, BLOBTYPE_X509, as_ephemeral);
+ if (rc)
+ goto leave;
+ rc = x509_create_blob_cert (blob, cert);
+ if (rc)
+ goto leave;
+ rc = create_blob_trailer (blob);
+ if (rc)
+ goto leave;
+ rc = create_blob_finish ( blob );
+ if (rc)
+ goto leave;
+
+
+ leave:
+ release_kid_list (blob->temp_kids);
+ blob->temp_kids = NULL;
+ if (blob && names)
+ {
+ for (i=0; i < blob->nuids; i++)
+ xfree (names[i]);
+ }
+ xfree (names);
+ if (rc)
+ {
+ _keybox_release_blob (blob);
+ *r_blob = NULL;
+ }
+ else
+ {
+ *r_blob = blob;
+ }
+ return rc;
+}
+#endif /*KEYBOX_WITH_X509*/
+
+
+
+int
+_keybox_new_blob (KEYBOXBLOB *r_blob,
+ unsigned char *image, size_t imagelen, off_t off)
+{
+ KEYBOXBLOB blob;
+
+ *r_blob = NULL;
+ blob = xtrycalloc (1, sizeof *blob);
+ if (!blob)
+ return gpg_error_from_syserror ();
+
+ blob->blob = image;
+ blob->bloblen = imagelen;
+ blob->fileoffset = off;
+ *r_blob = blob;
+ return 0;
+}
+
+
+void
+_keybox_release_blob (KEYBOXBLOB blob)
+{
+ int i;
+ if (!blob)
+ return;
+ /* hmmm: release membuf here?*/
+ xfree (blob->keys );
+ xfree (blob->serialbuf);
+ for (i=0; i < blob->nuids; i++)
+ xfree (blob->uids[i].name);
+ xfree (blob->uids );
+ xfree (blob->sigs );
+ xfree (blob->blob );
+ xfree (blob );
+}
+
+
+
+const unsigned char *
+_keybox_get_blob_image ( KEYBOXBLOB blob, size_t *n )
+{
+ *n = blob->bloblen;
+ return blob->blob;
+}
+
+off_t
+_keybox_get_blob_fileoffset (KEYBOXBLOB blob)
+{
+ return blob->fileoffset;
+}
+
+
+
+void
+_keybox_update_header_blob (KEYBOXBLOB blob)
+{
+ if (blob->bloblen >= 32 && blob->blob[4] == BLOBTYPE_HEADER)
+ {
+ u32 val = make_timestamp ();
+
+ /* Update the last maintenance run times tamp. */
+ blob->blob[20] = (val >> 24);
+ blob->blob[20+1] = (val >> 16);
+ blob->blob[20+2] = (val >> 8);
+ blob->blob[20+3] = (val );
+ }
+}
diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h
new file mode 100644
index 0000000..626f3e5
--- /dev/null
+++ b/kbx/keybox-defs.h
@@ -0,0 +1,261 @@
+/* keybox-defs.h - interal Keybox defintions
+ * Copyright (C) 2001, 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef KEYBOX_DEFS_H
+#define KEYBOX_DEFS_H 1
+
+#ifdef GPG_ERR_SOURCE_DEFAULT
+#error GPG_ERR_SOURCE_DEFAULT already defined
+#endif
+#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_KEYBOX
+#include <gpg-error.h>
+#define map_assuan_err(a) \
+ map_assuan_err_with_source (GPG_ERR_SOURCE_DEFAULT, (a))
+
+#include <sys/types.h> /* off_t */
+
+/* We include the type defintions from jnlib instead of defining our
+ owns here. This will not allow us build KBX in a standalone way
+ but there is currently no need for it anyway. Same goes for
+ stringhelp.h which for example provides a replacement for stpcpy -
+ fixme: Better the LIBOBJ mechnism. */
+#include "../jnlib/types.h"
+#include "../jnlib/stringhelp.h"
+
+#include "keybox.h"
+
+
+enum {
+ BLOBTYPE_EMPTY = 0,
+ BLOBTYPE_HEADER = 1,
+ BLOBTYPE_PGP = 2,
+ BLOBTYPE_X509 = 3
+};
+
+
+typedef struct keyboxblob *KEYBOXBLOB;
+
+
+typedef struct keybox_name *KB_NAME;
+typedef struct keybox_name const *CONST_KB_NAME;
+struct keybox_name
+{
+ /* Link to the next resources, so that we can walk all
+ resources. */
+ KB_NAME next;
+
+ /* True if this is a keybox with secret keys. */
+ int secret;
+
+ /*DOTLOCK lockhd;*/
+
+ /* A table with all the handles accessing this resources.
+ HANDLE_TABLE_SIZE gives the allocated length of this table unused
+ entrues are set to NULL. HANDLE_TABLE may be NULL. */
+ KEYBOX_HANDLE *handle_table;
+ size_t handle_table_size;
+
+ /* Not yet used. */
+ int is_locked;
+
+ /* Not yet used. */
+ int did_full_scan;
+
+ /* The name of the resource file. */
+ char fname[1];
+};
+
+
+
+struct keybox_handle {
+ CONST_KB_NAME kb;
+ int secret; /* this is for a secret keybox */
+ FILE *fp;
+ int eof;
+ int error;
+ int ephemeral;
+ struct {
+ KEYBOXBLOB blob;
+ off_t offset;
+ size_t pk_no;
+ size_t uid_no;
+ unsigned int n_packets; /*used for delete and update*/
+ } found;
+ struct {
+ char *name;
+ char *pattern;
+ } word_match;
+};
+
+
+/* Openpgp helper structures. */
+struct _keybox_openpgp_key_info
+{
+ struct _keybox_openpgp_key_info *next;
+ unsigned char keyid[8];
+ int fprlen; /* Either 16 or 20 */
+ unsigned char fpr[20];
+};
+
+struct _keybox_openpgp_uid_info
+{
+ struct _keybox_openpgp_uid_info *next;
+ size_t off;
+ size_t len;
+};
+
+struct _keybox_openpgp_info
+{
+ int is_secret; /* True if this is a secret key. */
+ unsigned int nsubkeys;/* Total number of subkeys. */
+ unsigned int nuids; /* Total number of user IDs in the keyblock. */
+ unsigned int nsigs; /* Total number of signatures in the keyblock. */
+
+ /* Note, we use 2 structs here to better cope with the most common
+ use of having one primary and one subkey - this allows us to
+ statically allocate this structure and only malloc stuff for more
+ than one subkey. */
+ struct _keybox_openpgp_key_info primary;
+ struct _keybox_openpgp_key_info subkeys;
+ struct _keybox_openpgp_uid_info uids;
+};
+typedef struct _keybox_openpgp_info *keybox_openpgp_info_t;
+
+
+/* Don't know whether this is needed: */
+/* static struct { */
+/* const char *homedir; */
+/* int dry_run; */
+/* int quiet; */
+/* int verbose; */
+/* int preserve_permissions; */
+/* } keybox_opt; */
+
+/*-- keybox-init.c --*/
+void _keybox_close_file (KEYBOX_HANDLE hd);
+
+
+/*-- keybox-blob.c --*/
+#ifdef KEYBOX_WITH_OPENPGP
+ /* fixme */
+#endif /*KEYBOX_WITH_OPENPGP*/
+#ifdef KEYBOX_WITH_X509
+int _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
+ unsigned char *sha1_digest, int as_ephemeral);
+#endif /*KEYBOX_WITH_X509*/
+
+int _keybox_new_blob (KEYBOXBLOB *r_blob,
+ unsigned char *image, size_t imagelen,
+ off_t off);
+void _keybox_release_blob (KEYBOXBLOB blob);
+const unsigned char *_keybox_get_blob_image (KEYBOXBLOB blob, size_t *n);
+off_t _keybox_get_blob_fileoffset (KEYBOXBLOB blob);
+void _keybox_update_header_blob (KEYBOXBLOB blob);
+
+/*-- keybox-openpgp.c --*/
+gpg_error_t _keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
+ size_t *nparsed,
+ keybox_openpgp_info_t info);
+void _keybox_destroy_openpgp_info (keybox_openpgp_info_t info);
+
+
+/*-- keybox-file.c --*/
+int _keybox_read_blob (KEYBOXBLOB *r_blob, FILE *fp);
+int _keybox_read_blob2 (KEYBOXBLOB *r_blob, FILE *fp, int *skipped_deleted);
+int _keybox_write_blob (KEYBOXBLOB blob, FILE *fp);
+int _keybox_write_header_blob (FILE *fp);
+
+/*-- keybox-search.c --*/
+gpg_err_code_t _keybox_get_flag_location (const unsigned char *buffer,
+ size_t length,
+ int what,
+ size_t *flag_off, size_t *flag_size);
+
+/*-- keybox-dump.c --*/
+int _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp);
+int _keybox_dump_file (const char *filename, int stats_only, FILE *outfp);
+int _keybox_dump_find_dups (const char *filename, int print_them, FILE *outfp);
+int _keybox_dump_cut_records (const char *filename, unsigned long from,
+ unsigned long to, FILE *outfp);
+
+
+/*-- keybox-util.c --*/
+void *_keybox_malloc (size_t n);
+void *_keybox_calloc (size_t n, size_t m);
+void *_keybox_realloc (void *p, size_t n);
+void _keybox_free (void *p);
+
+#define xtrymalloc(a) _keybox_malloc ((a))
+#define xtrycalloc(a,b) _keybox_calloc ((a),(b))
+#define xtryrealloc(a,b) _keybox_realloc((a),(b))
+#define xfree(a) _keybox_free ((a))
+
+
+#define DIM(v) (sizeof(v)/sizeof((v)[0]))
+#define DIMof(type,member) DIM(((type *)0)->member)
+#ifndef STR
+# define STR(v) #v
+#endif
+#define STR2(v) STR(v)
+
+/*
+ a couple of handy macros
+*/
+
+#define return_if_fail(expr) do { \
+ if (!(expr)) { \
+ fprintf (stderr, "%s:%d: assertion `%s' failed\n", \
+ __FILE__, __LINE__, #expr ); \
+ return; \
+ } } while (0)
+#define return_null_if_fail(expr) do { \
+ if (!(expr)) { \
+ fprintf (stderr, "%s:%d: assertion `%s' failed\n", \
+ __FILE__, __LINE__, #expr ); \
+ return NULL; \
+ } } while (0)
+#define return_val_if_fail(expr,val) do { \
+ if (!(expr)) { \
+ fprintf (stderr, "%s:%d: assertion `%s' failed\n", \
+ __FILE__, __LINE__, #expr ); \
+ return (val); \
+ } } while (0)
+#define never_reached() do { \
+ fprintf (stderr, "%s:%d: oops; should never get here\n", \
+ __FILE__, __LINE__ ); \
+ } while (0)
+
+
+/* some macros to replace ctype ones and avoid locale problems */
+#define digitp(p) (*(p) >= '0' && *(p) <= '9')
+#define hexdigitp(a) (digitp (a) \
+ || (*(a) >= 'A' && *(a) <= 'F') \
+ || (*(a) >= 'a' && *(a) <= 'f'))
+/* the atoi macros assume that the buffer has only valid digits */
+#define atoi_1(p) (*(p) - '0' )
+#define atoi_2(p) ((atoi_1(p) * 10) + atoi_1((p)+1))
+#define atoi_4(p) ((atoi_2(p) * 100) + atoi_2((p)+2))
+#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \
+ *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
+#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
+
+
+#endif /*KEYBOX_DEFS_H*/
+
+
diff --git a/kbx/keybox-dump.c b/kbx/keybox-dump.c
new file mode 100644
index 0000000..b671089
--- /dev/null
+++ b/kbx/keybox-dump.c
@@ -0,0 +1,699 @@
+/* keybox-dump.c - Debug helpers
+ * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#include "keybox-defs.h"
+#include <gcrypt.h>
+
+/* Argg, we can't include ../common/util.h */
+char *bin2hexcolon (const void *buffer, size_t length, char *stringbuf);
+
+
+static ulong
+get32 (const byte *buffer)
+{
+ ulong a;
+ a = *buffer << 24;
+ a |= buffer[1] << 16;
+ a |= buffer[2] << 8;
+ a |= buffer[3];
+ return a;
+}
+
+static ulong
+get16 (const byte *buffer)
+{
+ ulong a;
+ a = *buffer << 8;
+ a |= buffer[1];
+ return a;
+}
+
+void
+print_string (FILE *fp, const byte *p, size_t n, int delim)
+{
+ for ( ; n; n--, p++ )
+ {
+ if (*p < 0x20 || (*p >= 0x7f && *p < 0xa0) || *p == delim)
+ {
+ putc('\\', fp);
+ if( *p == '\n' )
+ putc('n', fp);
+ else if( *p == '\r' )
+ putc('r', fp);
+ else if( *p == '\f' )
+ putc('f', fp);
+ else if( *p == '\v' )
+ putc('v', fp);
+ else if( *p == '\b' )
+ putc('b', fp);
+ else if( !*p )
+ putc('0', fp);
+ else
+ fprintf(fp, "x%02x", *p );
+ }
+ else
+ putc(*p, fp);
+ }
+}
+
+
+static int
+dump_header_blob (const byte *buffer, size_t length, FILE *fp)
+{
+ unsigned long n;
+
+ if (length < 32)
+ {
+ fprintf (fp, "[blob too short]\n");
+ return -1;
+ }
+ fprintf (fp, "Version: %d\n", buffer[5]);
+ if ( memcmp (buffer+8, "KBXf", 4))
+ fprintf (fp, "[Error: invalid magic number]\n");
+
+ n = get32 (buffer+16);
+ fprintf( fp, "created-at: %lu\n", n );
+ n = get32 (buffer+20);
+ fprintf( fp, "last-maint: %lu\n", n );
+
+ return 0;
+}
+
+
+/* Dump one block to FP */
+int
+_keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
+{
+ const byte *buffer;
+ size_t length;
+ int type;
+ ulong n, nkeys, keyinfolen;
+ ulong nuids, uidinfolen;
+ ulong nsigs, siginfolen;
+ ulong rawdata_off, rawdata_len;
+ ulong nserial;
+ const byte *p;
+
+ buffer = _keybox_get_blob_image (blob, &length);
+
+ if (length < 32)
+ {
+ fprintf (fp, "[blob too short]\n");
+ return -1;
+ }
+
+ n = get32( buffer );
+ if (n > length)
+ fprintf (fp, "[blob larger than length - output truncated]\n");
+ else
+ length = n; /* ignore the rest */
+
+ fprintf (fp, "Length: %lu\n", n );
+ type = buffer[4];
+ switch (type)
+ {
+ case BLOBTYPE_EMPTY:
+ fprintf (fp, "Type: Empty\n");
+ return 0;
+
+ case BLOBTYPE_HEADER:
+ fprintf (fp, "Type: Header\n");
+ return dump_header_blob (buffer, length, fp);
+ case BLOBTYPE_PGP:
+ fprintf (fp, "Type: OpenPGP\n");
+ break;
+ case BLOBTYPE_X509:
+ fprintf (fp, "Type: X.509\n");
+ break;
+ default:
+ fprintf (fp, "Type: %d\n", type);
+ fprintf (fp, "[can't dump this blob type]\n");
+ return 0;
+ }
+ fprintf (fp, "Version: %d\n", buffer[5]);
+
+ if (length < 40)
+ {
+ fprintf (fp, "[blob too short]\n");
+ return -1;
+ }
+
+ n = get16 (buffer + 6);
+ fprintf( fp, "Blob-Flags: %04lX", n);
+ if (n)
+ {
+ int any = 0;
+
+ fputs (" (", fp);
+ if ((n & 1))
+ {
+ fputs ("secret", fp);
+ any++;
+ }
+ if ((n & 2))
+ {
+ if (any)
+ putc (',', fp);
+ fputs ("ephemeral", fp);
+ any++;
+ }
+ putc (')', fp);
+ }
+ putc ('\n', fp);
+
+ rawdata_off = get32 (buffer + 8);
+ rawdata_len = get32 (buffer + 12);
+
+ fprintf( fp, "Data-Offset: %lu\n", rawdata_off );
+ fprintf( fp, "Data-Length: %lu\n", rawdata_len );
+ if (rawdata_off > length || rawdata_len > length
+ || rawdata_off+rawdata_off > length)
+ fprintf (fp, "[Error: raw data larger than blob]\n");
+
+ nkeys = get16 (buffer + 16);
+ fprintf (fp, "Key-Count: %lu\n", nkeys );
+ if (!nkeys)
+ fprintf (fp, "[Error: no keys]\n");
+ if (nkeys > 1 && type == BLOBTYPE_X509)
+ fprintf (fp, "[Error: only one key allowed for X509]\n");
+
+ keyinfolen = get16 (buffer + 18 );
+ fprintf (fp, "Key-Info-Length: %lu\n", keyinfolen);
+ /* fixme: check bounds */
+ p = buffer + 20;
+ for (n=0; n < nkeys; n++, p += keyinfolen)
+ {
+ int i;
+ ulong kidoff, kflags;
+
+ fprintf (fp, "Key-Fpr[%lu]: ", n );
+ for (i=0; i < 20; i++ )
+ fprintf (fp, "%02X", p[i]);
+ kidoff = get32 (p + 20);
+ fprintf (fp, "\nKey-Kid-Off[%lu]: %lu\n", n, kidoff );
+ fprintf (fp, "Key-Kid[%lu]: ", n );
+ /* fixme: check bounds */
+ for (i=0; i < 8; i++ )
+ fprintf (fp, "%02X", buffer[kidoff+i] );
+ kflags = get16 (p + 24 );
+ fprintf( fp, "\nKey-Flags[%lu]: %04lX\n", n, kflags);
+ }
+
+ /* serial number */
+ fputs ("Serial-No: ", fp);
+ nserial = get16 (p);
+ p += 2;
+ if (!nserial)
+ fputs ("none", fp);
+ else
+ {
+ for (; nserial; nserial--, p++)
+ fprintf (fp, "%02X", *p);
+ }
+ putc ('\n', fp);
+
+ /* user IDs */
+ nuids = get16 (p);
+ fprintf (fp, "Uid-Count: %lu\n", nuids );
+ uidinfolen = get16 (p + 2);
+ fprintf (fp, "Uid-Info-Length: %lu\n", uidinfolen);
+ /* fixme: check bounds */
+ p += 4;
+ for (n=0; n < nuids; n++, p += uidinfolen)
+ {
+ ulong uidoff, uidlen, uflags;
+
+ uidoff = get32( p );
+ uidlen = get32( p+4 );
+ if (type == BLOBTYPE_X509 && !n)
+ {
+ fprintf (fp, "Issuer-Off: %lu\n", uidoff );
+ fprintf (fp, "Issuer-Len: %lu\n", uidlen );
+ fprintf (fp, "Issuer: \"");
+ }
+ else if (type == BLOBTYPE_X509 && n == 1)
+ {
+ fprintf (fp, "Subject-Off: %lu\n", uidoff );
+ fprintf (fp, "Subject-Len: %lu\n", uidlen );
+ fprintf (fp, "Subject: \"");
+ }
+ else
+ {
+ fprintf (fp, "Uid-Off[%lu]: %lu\n", n, uidoff );
+ fprintf (fp, "Uid-Len[%lu]: %lu\n", n, uidlen );
+ fprintf (fp, "Uid[%lu]: \"", n );
+ }
+ print_string (fp, buffer+uidoff, uidlen, '\"');
+ fputs ("\"\n", fp);
+ uflags = get16 (p + 8);
+ if (type == BLOBTYPE_X509 && !n)
+ {
+ fprintf (fp, "Issuer-Flags: %04lX\n", uflags );
+ fprintf (fp, "Issuer-Validity: %d\n", p[10] );
+ }
+ else if (type == BLOBTYPE_X509 && n == 1)
+ {
+ fprintf (fp, "Subject-Flags: %04lX\n", uflags );
+ fprintf (fp, "Subject-Validity: %d\n", p[10] );
+ }
+ else
+ {
+ fprintf (fp, "Uid-Flags[%lu]: %04lX\n", n, uflags );
+ fprintf (fp, "Uid-Validity[%lu]: %d\n", n, p[10] );
+ }
+ }
+
+ nsigs = get16 (p);
+ fprintf (fp, "Sig-Count: %lu\n", nsigs );
+ siginfolen = get16 (p + 2);
+ fprintf (fp, "Sig-Info-Length: %lu\n", siginfolen );
+ /* fixme: check bounds */
+ p += 4;
+ for (n=0; n < nsigs; n++, p += siginfolen)
+ {
+ ulong sflags;
+
+ sflags = get32 (p);
+ fprintf (fp, "Sig-Expire[%lu]: ", n );
+ if (!sflags)
+ fputs ("[not checked]", fp);
+ else if (sflags == 1 )
+ fputs ("[missing key]", fp);
+ else if (sflags == 2 )
+ fputs ("[bad signature]", fp);
+ else if (sflags < 0x10000000)
+ fprintf (fp, "[bad flag %0lx]", sflags);
+ else if (sflags == 0xffffffff)
+ fputs ("0", fp );
+ else
+ fputs ("a time"/*strtimestamp( sflags )*/, fp );
+ putc ('\n', fp );
+ }
+
+ fprintf (fp, "Ownertrust: %d\n", p[0] );
+ fprintf (fp, "All-Validity: %d\n", p[1] );
+ p += 4;
+ n = get32 (p); p += 4;
+ fprintf (fp, "Recheck-After: %lu\n", n );
+ n = get32 (p ); p += 4;
+ fprintf( fp, "Latest-Timestamp: %lu\n", n );
+ n = get32 (p ); p += 4;
+ fprintf (fp, "Created-At: %lu\n", n );
+ n = get32 (p ); p += 4;
+ fprintf (fp, "Reserved-Space: %lu\n", n );
+
+ /* check that the keyblock is at the correct offset and other bounds */
+ /*fprintf (fp, "Blob-Checksum: [MD5-hash]\n");*/
+ return 0;
+}
+
+
+/* Compute the SHA_1 checksum of teh rawdata in BLOB and aput it into
+ DIGEST. */
+static int
+hash_blob_rawdata (KEYBOXBLOB blob, unsigned char *digest)
+{
+ const unsigned char *buffer;
+ size_t n, length;
+ int type;
+ ulong rawdata_off, rawdata_len;
+
+ buffer = _keybox_get_blob_image (blob, &length);
+
+ if (length < 32)
+ return -1;
+ n = get32 (buffer);
+ if (n < length)
+ length = n; /* Blob larger than length in header - ignore the rest. */
+
+ type = buffer[4];
+ switch (type)
+ {
+ case BLOBTYPE_PGP:
+ case BLOBTYPE_X509:
+ break;
+
+ case BLOBTYPE_EMPTY:
+ case BLOBTYPE_HEADER:
+ default:
+ memset (digest, 0, 20);
+ return 0;
+ }
+
+ if (length < 40)
+ return -1;
+
+ rawdata_off = get32 (buffer + 8);
+ rawdata_len = get32 (buffer + 12);
+
+ if (rawdata_off > length || rawdata_len > length
+ || rawdata_off+rawdata_off > length)
+ return -1; /* Out of bounds. */
+
+ gcry_md_hash_buffer (GCRY_MD_SHA1, digest, buffer+rawdata_off, rawdata_len);
+ return 0;
+}
+
+
+struct file_stats_s
+{
+ unsigned long too_short_blobs;
+ unsigned long too_large_blobs;
+ unsigned long total_blob_count;
+ unsigned long empty_blob_count;
+ unsigned long header_blob_count;
+ unsigned long pgp_blob_count;
+ unsigned long x509_blob_count;
+ unsigned long unknown_blob_count;
+ unsigned long non_flagged;
+ unsigned long secret_flagged;
+ unsigned long ephemeral_flagged;
+};
+
+static int
+update_stats (KEYBOXBLOB blob, struct file_stats_s *s)
+{
+ const unsigned char *buffer;
+ size_t length;
+ int type;
+ unsigned long n;
+
+ buffer = _keybox_get_blob_image (blob, &length);
+ if (length < 32)
+ {
+ s->too_short_blobs++;
+ return -1;
+ }
+
+ n = get32( buffer );
+ if (n > length)
+ s->too_large_blobs++;
+ else
+ length = n; /* ignore the rest */
+
+ s->total_blob_count++;
+ type = buffer[4];
+ switch (type)
+ {
+ case BLOBTYPE_EMPTY:
+ s->empty_blob_count++;
+ return 0;
+ case BLOBTYPE_HEADER:
+ s->header_blob_count++;
+ return 0;
+ case BLOBTYPE_PGP:
+ s->pgp_blob_count++;
+ break;
+ case BLOBTYPE_X509:
+ s->x509_blob_count++;
+ break;
+ default:
+ s->unknown_blob_count++;
+ return 0;
+ }
+
+ if (length < 40)
+ {
+ s->too_short_blobs++;
+ return -1;
+ }
+
+ n = get16 (buffer + 6);
+ if (n)
+ {
+ if ((n & 1))
+ s->secret_flagged++;
+ if ((n & 2))
+ s->ephemeral_flagged++;
+ }
+ else
+ s->non_flagged++;
+
+ return 0;
+}
+
+
+
+static FILE *
+open_file (const char **filename, FILE *outfp)
+{
+ FILE *fp;
+
+ if (!*filename)
+ {
+ *filename = "-";
+ fp = stdin;
+ }
+ else
+ fp = fopen (*filename, "rb");
+ if (!fp)
+ {
+ int save_errno = errno;
+ fprintf (outfp, "can't open `%s': %s\n", *filename, strerror(errno));
+ errno = save_errno;
+ }
+ return fp;
+}
+
+
+
+int
+_keybox_dump_file (const char *filename, int stats_only, FILE *outfp)
+{
+ FILE *fp;
+ KEYBOXBLOB blob;
+ int rc;
+ unsigned long count = 0;
+ struct file_stats_s stats;
+
+ memset (&stats, 0, sizeof stats);
+
+ if (!(fp = open_file (&filename, outfp)))
+ return gpg_error_from_syserror ();
+
+ while ( !(rc = _keybox_read_blob (&blob, fp)) )
+ {
+ if (stats_only)
+ {
+ update_stats (blob, &stats);
+ }
+ else
+ {
+ fprintf (outfp, "BEGIN-RECORD: %lu\n", count );
+ _keybox_dump_blob (blob, outfp);
+ fprintf (outfp, "END-RECORD\n");
+ }
+ _keybox_release_blob (blob);
+ count++;
+ }
+ if (rc == -1)
+ rc = 0;
+ if (rc)
+ fprintf (outfp, "error reading `%s': %s\n", filename, gpg_strerror (rc));
+
+ if (fp != stdin)
+ fclose (fp);
+
+ if (stats_only)
+ {
+ fprintf (outfp,
+ "Total number of blobs: %8lu\n"
+ " header: %8lu\n"
+ " empty: %8lu\n"
+ " openpgp: %8lu\n"
+ " x509: %8lu\n"
+ " non flagged: %8lu\n"
+ " secret flagged: %8lu\n"
+ " ephemeral flagged: %8lu\n",
+ stats.total_blob_count,
+ stats.header_blob_count,
+ stats.empty_blob_count,
+ stats.pgp_blob_count,
+ stats.x509_blob_count,
+ stats.non_flagged,
+ stats.secret_flagged,
+ stats.ephemeral_flagged);
+ if (stats.unknown_blob_count)
+ fprintf (outfp, " unknown blob types: %8lu\n",
+ stats.unknown_blob_count);
+ if (stats.too_short_blobs)
+ fprintf (outfp, " too short blobs: %8lu\n",
+ stats.too_short_blobs);
+ if (stats.too_large_blobs)
+ fprintf (outfp, " too large blobs: %8lu\n",
+ stats.too_large_blobs);
+ }
+
+ return rc;
+}
+
+
+
+struct dupitem_s
+{
+ unsigned long recno;
+ unsigned char digest[20];
+};
+
+
+static int
+cmp_dupitems (const void *arg_a, const void *arg_b)
+{
+ struct dupitem_s *a = (struct dupitem_s *)arg_a;
+ struct dupitem_s *b = (struct dupitem_s *)arg_b;
+
+ return memcmp (a->digest, b->digest, 20);
+}
+
+
+int
+_keybox_dump_find_dups (const char *filename, int print_them, FILE *outfp)
+{
+ FILE *fp;
+ KEYBOXBLOB blob;
+ int rc;
+ unsigned long recno = 0;
+ unsigned char zerodigest[20];
+ struct dupitem_s *dupitems;
+ size_t dupitems_size, dupitems_count, lastn, n;
+ char fprbuf[3*20+1];
+
+ (void)print_them;
+
+ memset (zerodigest, 0, sizeof zerodigest);
+
+ if (!(fp = open_file (&filename, outfp)))
+ return gpg_error_from_syserror ();
+
+ dupitems_size = 1000;
+ dupitems = malloc (dupitems_size * sizeof *dupitems);
+ if (!dupitems)
+ {
+ gpg_error_t tmperr = gpg_error_from_syserror ();
+ fprintf (outfp, "error allocating array for `%s': %s\n",
+ filename, strerror(errno));
+ return tmperr;
+ }
+ dupitems_count = 0;
+
+ while ( !(rc = _keybox_read_blob (&blob, fp)) )
+ {
+ unsigned char digest[20];
+
+ if (hash_blob_rawdata (blob, digest))
+ fprintf (outfp, "error in blob %ld of `%s'\n", recno, filename);
+ else if (memcmp (digest, zerodigest, 20))
+ {
+ if (dupitems_count >= dupitems_size)
+ {
+ struct dupitem_s *tmp;
+
+ dupitems_size += 1000;
+ tmp = realloc (dupitems, dupitems_size * sizeof *dupitems);
+ if (!tmp)
+ {
+ gpg_error_t tmperr = gpg_error_from_syserror ();
+ fprintf (outfp, "error reallocating array for `%s': %s\n",
+ filename, strerror(errno));
+ free (dupitems);
+ return tmperr;
+ }
+ dupitems = tmp;
+ }
+ dupitems[dupitems_count].recno = recno;
+ memcpy (dupitems[dupitems_count].digest, digest, 20);
+ dupitems_count++;
+ }
+ _keybox_release_blob (blob);
+ recno++;
+ }
+ if (rc == -1)
+ rc = 0;
+ if (rc)
+ fprintf (outfp, "error reading `%s': %s\n", filename, gpg_strerror (rc));
+ if (fp != stdin)
+ fclose (fp);
+
+ qsort (dupitems, dupitems_count, sizeof *dupitems, cmp_dupitems);
+
+ for (lastn=0, n=1; n < dupitems_count; lastn=n, n++)
+ {
+ if (!memcmp (dupitems[lastn].digest, dupitems[n].digest, 20))
+ {
+ bin2hexcolon (dupitems[lastn].digest, 20, fprbuf);
+ fprintf (outfp, "fpr=%s recno=%lu", fprbuf, dupitems[lastn].recno);
+ do
+ fprintf (outfp, " %lu", dupitems[n].recno);
+ while (++n < dupitems_count
+ && !memcmp (dupitems[lastn].digest, dupitems[n].digest, 20));
+ putc ('\n', outfp);
+ n--;
+ }
+ }
+
+ free (dupitems);
+
+ return rc;
+}
+
+
+/* Print records with record numbers FROM to TO to OUTFP. */
+int
+_keybox_dump_cut_records (const char *filename, unsigned long from,
+ unsigned long to, FILE *outfp)
+{
+ FILE *fp;
+ KEYBOXBLOB blob;
+ int rc;
+ unsigned long recno = 0;
+
+ if (!(fp = open_file (&filename, stderr)))
+ return gpg_error_from_syserror ();
+
+ while ( !(rc = _keybox_read_blob (&blob, fp)) )
+ {
+ if (recno > to)
+ break; /* Ready. */
+ if (recno >= from)
+ {
+ if ((rc = _keybox_write_blob (blob, outfp)))
+ {
+ fprintf (stderr, "error writing output: %s\n",
+ gpg_strerror (rc));
+ goto leave;
+ }
+ }
+ _keybox_release_blob (blob);
+ recno++;
+ }
+ if (rc == -1)
+ rc = 0;
+ if (rc)
+ fprintf (stderr, "error reading `%s': %s\n", filename, gpg_strerror (rc));
+ leave:
+ if (fp != stdin)
+ fclose (fp);
+ return rc;
+}
diff --git a/kbx/keybox-file.c b/kbx/keybox-file.c
new file mode 100644
index 0000000..e3c22bd
--- /dev/null
+++ b/kbx/keybox-file.c
@@ -0,0 +1,163 @@
+/* keybox-file.c - File operations
+ * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <time.h>
+
+#include "keybox-defs.h"
+
+
+#if !defined(HAVE_FTELLO) && !defined(ftello)
+static off_t
+ftello (FILE *stream)
+{
+ long int off;
+
+ off = ftell (stream);
+ if (off == -1)
+ return (off_t)-1;
+ return off;
+}
+#endif /* !defined(HAVE_FTELLO) && !defined(ftello) */
+
+
+
+/* Read a block at the current postion and return it in r_blob.
+ r_blob may be NULL to simply skip the current block */
+int
+_keybox_read_blob2 (KEYBOXBLOB *r_blob, FILE *fp, int *skipped_deleted)
+{
+ unsigned char *image;
+ size_t imagelen = 0;
+ int c1, c2, c3, c4, type;
+ int rc;
+ off_t off;
+
+ *skipped_deleted = 0;
+ again:
+ *r_blob = NULL;
+ off = ftello (fp);
+ if (off == (off_t)-1)
+ return gpg_error_from_syserror ();
+
+ if ((c1 = getc (fp)) == EOF
+ || (c2 = getc (fp)) == EOF
+ || (c3 = getc (fp)) == EOF
+ || (c4 = getc (fp)) == EOF
+ || (type = getc (fp)) == EOF)
+ {
+ if ( c1 == EOF && !ferror (fp) )
+ return -1; /* eof */
+ if (!ferror (fp))
+ return gpg_error (GPG_ERR_TOO_SHORT);
+ return gpg_error_from_syserror ();
+ }
+
+ imagelen = (c1 << 24) | (c2 << 16) | (c3 << 8 ) | c4;
+ if (imagelen > 500000) /* Sanity check. */
+ return gpg_error (GPG_ERR_TOO_LARGE);
+
+ if (imagelen < 5)
+ return gpg_error (GPG_ERR_TOO_SHORT);
+
+ if (!type)
+ {
+ /* Special treatment for empty blobs. */
+ if (fseek (fp, imagelen-5, SEEK_CUR))
+ return gpg_error_from_syserror ();
+ *skipped_deleted = 1;
+ goto again;
+ }
+
+ image = xtrymalloc (imagelen);
+ if (!image)
+ return gpg_error_from_syserror ();
+
+ image[0] = c1; image[1] = c2; image[2] = c3; image[3] = c4; image[4] = type;
+ if (fread (image+5, imagelen-5, 1, fp) != 1)
+ {
+ gpg_error_t tmperr = gpg_error_from_syserror ();
+ xfree (image);
+ return tmperr;
+ }
+
+ rc = r_blob? _keybox_new_blob (r_blob, image, imagelen, off) : 0;
+ if (rc || !r_blob)
+ xfree (image);
+ return rc;
+}
+
+int
+_keybox_read_blob (KEYBOXBLOB *r_blob, FILE *fp)
+{
+ int dummy;
+ return _keybox_read_blob2 (r_blob, fp, &dummy);
+}
+
+
+/* Write the block to the current file position */
+int
+_keybox_write_blob (KEYBOXBLOB blob, FILE *fp)
+{
+ const unsigned char *image;
+ size_t length;
+
+ image = _keybox_get_blob_image (blob, &length);
+ if (fwrite (image, length, 1, fp) != 1)
+ return gpg_error_from_syserror ();
+ return 0;
+}
+
+
+/* Write a fresh header type blob. */
+int
+_keybox_write_header_blob (FILE *fp)
+{
+ unsigned char image[32];
+ u32 val;
+
+ memset (image, 0, sizeof image);
+ /* Length of this blob. */
+ image[3] = 32;
+
+ image[4] = BLOBTYPE_HEADER;
+ image[5] = 1; /* Version */
+
+ memcpy (image+8, "KBXf", 4);
+ val = time (NULL);
+ /* created_at and last maintenance run. */
+ image[16] = (val >> 24);
+ image[16+1] = (val >> 16);
+ image[16+2] = (val >> 8);
+ image[16+3] = (val );
+ image[20] = (val >> 24);
+ image[20+1] = (val >> 16);
+ image[20+2] = (val >> 8);
+ image[20+3] = (val );
+
+ if (fwrite (image, 32, 1, fp) != 1)
+ return gpg_error_from_syserror ();
+ return 0;
+}
+
+
diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c
new file mode 100644
index 0000000..e413864
--- /dev/null
+++ b/kbx/keybox-init.c
@@ -0,0 +1,202 @@
+/* keybox-init.c - Initalization of the library
+ * Copyright (C) 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <assert.h>
+
+#include "../jnlib/mischelp.h"
+#include "keybox-defs.h"
+
+static KB_NAME kb_names;
+
+
+/* Register a filename for plain keybox files. Returns a pointer to
+ be used to create a handles and so on. Returns NULL to indicate
+ that FNAME has already been registered. */
+void *
+keybox_register_file (const char *fname, int secret)
+{
+ KB_NAME kr;
+
+ for (kr=kb_names; kr; kr = kr->next)
+ {
+ if (same_file_p (kr->fname, fname) )
+ return NULL; /* Already registered. */
+ }
+
+ kr = xtrymalloc (sizeof *kr + strlen (fname));
+ if (!kr)
+ return NULL;
+ strcpy (kr->fname, fname);
+ kr->secret = !!secret;
+
+ kr->handle_table = NULL;
+ kr->handle_table_size = 0;
+
+ /* kr->lockhd = NULL;*/
+ kr->is_locked = 0;
+ kr->did_full_scan = 0;
+ /* keep a list of all issued pointers */
+ kr->next = kb_names;
+ kb_names = kr;
+
+ /* create the offset table the first time a function here is used */
+/* if (!kb_offtbl) */
+/* kb_offtbl = new_offset_hash_table (); */
+
+ return kr;
+}
+
+int
+keybox_is_writable (void *token)
+{
+ KB_NAME r = token;
+
+ return r? !access (r->fname, W_OK) : 0;
+}
+
+
+
+/* Create a new handle for the resource associated with TOKEN. SECRET
+ is just a cross-check.
+
+ The returned handle must be released using keybox_release (). */
+KEYBOX_HANDLE
+keybox_new (void *token, int secret)
+{
+ KEYBOX_HANDLE hd;
+ KB_NAME resource = token;
+ int idx;
+
+ assert (resource && !resource->secret == !secret);
+ hd = xtrycalloc (1, sizeof *hd);
+ if (hd)
+ {
+ hd->kb = resource;
+ hd->secret = !!secret;
+ if (!resource->handle_table)
+ {
+ resource->handle_table_size = 3;
+ resource->handle_table = xtrycalloc (resource->handle_table_size,
+ sizeof *resource->handle_table);
+ if (!resource->handle_table)
+ {
+ resource->handle_table_size = 0;
+ xfree (hd);
+ return NULL;
+ }
+ }
+ for (idx=0; idx < resource->handle_table_size; idx++)
+ if (!resource->handle_table[idx])
+ {
+ resource->handle_table[idx] = hd;
+ break;
+ }
+ if (!(idx < resource->handle_table_size))
+ {
+ KEYBOX_HANDLE *tmptbl;
+ size_t newsize;
+
+ newsize = resource->handle_table_size + 5;
+ tmptbl = xtryrealloc (resource->handle_table,
+ newsize * sizeof (*tmptbl));
+ if (!tmptbl)
+ {
+ xfree (hd);
+ return NULL;
+ }
+ resource->handle_table = tmptbl;
+ resource->handle_table_size = newsize;
+ resource->handle_table[idx] = hd;
+ for (idx++; idx < resource->handle_table_size; idx++)
+ resource->handle_table[idx] = NULL;
+ }
+ }
+ return hd;
+}
+
+void
+keybox_release (KEYBOX_HANDLE hd)
+{
+ if (!hd)
+ return;
+ if (hd->kb->handle_table)
+ {
+ int idx;
+ for (idx=0; idx < hd->kb->handle_table_size; idx++)
+ if (hd->kb->handle_table[idx] == hd)
+ hd->kb->handle_table[idx] = NULL;
+ }
+ _keybox_release_blob (hd->found.blob);
+ if (hd->fp)
+ {
+ fclose (hd->fp);
+ hd->fp = NULL;
+ }
+ xfree (hd->word_match.name);
+ xfree (hd->word_match.pattern);
+ xfree (hd);
+}
+
+
+const char *
+keybox_get_resource_name (KEYBOX_HANDLE hd)
+{
+ if (!hd || !hd->kb)
+ return NULL;
+ return hd->kb->fname;
+}
+
+int
+keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes)
+{
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_HANDLE);
+ hd->ephemeral = yes;
+ return 0;
+}
+
+
+/* Close the file of the resource identified by HD. For consistent
+ results this fucntion closes the files of all handles pointing to
+ the resource identified by HD. */
+void
+_keybox_close_file (KEYBOX_HANDLE hd)
+{
+ int idx;
+ KEYBOX_HANDLE roverhd;
+
+ if (!hd || !hd->kb || !hd->kb->handle_table)
+ return;
+
+ for (idx=0; idx < hd->kb->handle_table_size; idx++)
+ if ((roverhd = hd->kb->handle_table[idx]))
+ {
+ if (roverhd->fp)
+ {
+ fclose (roverhd->fp);
+ roverhd->fp = NULL;
+ }
+ }
+ assert (!hd->fp);
+}
diff --git a/kbx/keybox-openpgp.c b/kbx/keybox-openpgp.c
new file mode 100644
index 0000000..e5f9f33
--- /dev/null
+++ b/kbx/keybox-openpgp.c
@@ -0,0 +1,508 @@
+/* keybox-openpgp.c - OpenPGP key parsing
+ * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* This is a simple OpenPGP parser suitable for all OpenPGP key
+ material. It just provides the functionality required to build and
+ parse an KBX OpenPGP key blob. Thus it is not a complete parser.
+ However it is self-contained and optimized for fast in-memory
+ parsing. Note that we don't support old ElGamal v3 keys
+ anymore. */
+
+#include <config.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "keybox-defs.h"
+
+#include <gcrypt.h>
+
+
+enum packet_types
+ {
+ PKT_NONE =0,
+ PKT_PUBKEY_ENC =1, /* public key encrypted packet */
+ PKT_SIGNATURE =2, /* secret key encrypted packet */
+ PKT_SYMKEY_ENC =3, /* session key packet (OpenPGP)*/
+ PKT_ONEPASS_SIG =4, /* one pass sig packet (OpenPGP)*/
+ PKT_SECRET_KEY =5, /* secret key */
+ PKT_PUBLIC_KEY =6, /* public key */
+ PKT_SECRET_SUBKEY =7, /* secret subkey (OpenPGP) */
+ PKT_COMPRESSED =8, /* compressed data packet */
+ PKT_ENCRYPTED =9, /* conventional encrypted data */
+ PKT_MARKER =10, /* marker packet (OpenPGP) */
+ PKT_PLAINTEXT =11, /* plaintext data with filename and mode */
+ PKT_RING_TRUST =12, /* keyring trust packet */
+ PKT_USER_ID =13, /* user id packet */
+ PKT_PUBLIC_SUBKEY =14, /* public subkey (OpenPGP) */
+ PKT_OLD_COMMENT =16, /* comment packet from an OpenPGP draft */
+ PKT_ATTRIBUTE =17, /* PGP's attribute packet */
+ PKT_ENCRYPTED_MDC =18, /* integrity protected encrypted data */
+ PKT_MDC =19, /* manipulation detection code packet */
+ PKT_COMMENT =61, /* new comment packet (private) */
+ PKT_GPG_CONTROL =63 /* internal control packet */
+ };
+
+
+
+/* Assume a valid OpenPGP packet at the address pointed to by BUFBTR
+ which is of amaximum length as stored at BUFLEN. Return the header
+ information of that packet and advance the pointer stored at BUFPTR
+ to the next packet; also adjust the length stored at BUFLEN to
+ match the remaining bytes. If there are no more packets, store NULL
+ at BUFPTR. Return an non-zero error code on failure or the
+ follwing data on success:
+
+ R_DATAPKT = Pointer to the begin of the packet data.
+ R_DATALEN = Length of this data. This has already been checked to fit
+ into the buffer.
+ R_PKTTYPE = The packet type.
+ R_NTOTAL = The total number of bytes of this packet
+
+ Note that these values are only updated on success.
+*/
+static gpg_error_t
+next_packet (unsigned char const **bufptr, size_t *buflen,
+ unsigned char const **r_data, size_t *r_datalen, int *r_pkttype,
+ size_t *r_ntotal)
+{
+ const unsigned char *buf = *bufptr;
+ size_t len = *buflen;
+ int c, ctb, pkttype;
+ unsigned long pktlen;
+
+ if (!len)
+ return gpg_error (GPG_ERR_NO_DATA);
+
+ ctb = *buf++; len--;
+ if ( !(ctb & 0x80) )
+ return gpg_error (GPG_ERR_INV_PACKET); /* Invalid CTB. */
+
+ pktlen = 0;
+ if ((ctb & 0x40)) /* New style (OpenPGP) CTB. */
+ {
+ pkttype = (ctb & 0x3f);
+ if (!len)
+ return gpg_error (GPG_ERR_INV_PACKET); /* No 1st length byte. */
+ c = *buf++; len--;
+ if (pkttype == PKT_COMPRESSED)
+ return gpg_error (GPG_ERR_UNEXPECTED); /* ... packet in a keyblock. */
+ if ( c < 192 )
+ pktlen = c;
+ else if ( c < 224 )
+ {
+ pktlen = (c - 192) * 256;
+ if (!len)
+ return gpg_error (GPG_ERR_INV_PACKET); /* No 2nd length byte. */
+ c = *buf++; len--;
+ pktlen += c + 192;
+ }
+ else if (c == 255)
+ {
+ if (len <4 )
+ return gpg_error (GPG_ERR_INV_PACKET); /* No length bytes. */
+ pktlen = (*buf++) << 24;
+ pktlen |= (*buf++) << 16;
+ pktlen |= (*buf++) << 8;
+ pktlen |= (*buf++);
+ len -= 4;
+ }
+ else /* Partial length encoding is not allowed for key packets. */
+ return gpg_error (GPG_ERR_UNEXPECTED);
+ }
+ else /* Old style CTB. */
+ {
+ int lenbytes;
+
+ pktlen = 0;
+ pkttype = (ctb>>2)&0xf;
+ lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
+ if (!lenbytes) /* Not allowed in key packets. */
+ return gpg_error (GPG_ERR_UNEXPECTED);
+ if (len < lenbytes)
+ return gpg_error (GPG_ERR_INV_PACKET); /* Not enough length bytes. */
+ for (; lenbytes; lenbytes--)
+ {
+ pktlen <<= 8;
+ pktlen |= *buf++; len--;
+ }
+ }
+
+ /* Do some basic sanity check. */
+ switch (pkttype)
+ {
+ case PKT_SIGNATURE:
+ case PKT_SECRET_KEY:
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_SUBKEY:
+ case PKT_MARKER:
+ case PKT_RING_TRUST:
+ case PKT_USER_ID:
+ case PKT_PUBLIC_SUBKEY:
+ case PKT_OLD_COMMENT:
+ case PKT_ATTRIBUTE:
+ case PKT_COMMENT:
+ case PKT_GPG_CONTROL:
+ break; /* Okay these are allowed packets. */
+ default:
+ return gpg_error (GPG_ERR_UNEXPECTED);
+ }
+
+ if (pktlen == 0xffffffff)
+ return gpg_error (GPG_ERR_INV_PACKET);
+
+ if (pktlen > len)
+ return gpg_error (GPG_ERR_INV_PACKET); /* Packet length header too long. */
+
+ *r_data = buf;
+ *r_datalen = pktlen;
+ *r_pkttype = pkttype;
+ *r_ntotal = (buf - *bufptr) + pktlen;
+
+ *bufptr = buf + pktlen;
+ *buflen = len - pktlen;
+ if (!*buflen)
+ *bufptr = NULL;
+
+ return 0;
+}
+
+
+/* Parse a key packet and store the ionformation in KI. */
+static gpg_error_t
+parse_key (const unsigned char *data, size_t datalen,
+ struct _keybox_openpgp_key_info *ki)
+{
+ gpg_error_t err;
+ const unsigned char *data_start = data;
+ int i, version, algorithm;
+ size_t n;
+ /*unsigned long timestamp;*/
+ int npkey;
+ unsigned char hashbuffer[768];
+ const unsigned char *mpi_n = NULL;
+ size_t mpi_n_len = 0, mpi_e_len = 0;
+ gcry_md_hd_t md;
+
+ if (datalen < 5)
+ return gpg_error (GPG_ERR_INV_PACKET);
+ version = *data++; datalen--;
+ if (version < 2 || version > 4 )
+ return gpg_error (GPG_ERR_INV_PACKET); /* Invalid version. */
+
+ /*timestamp = ((data[0]<<24)|(data[1]<<16)|(data[2]<<8)|(data[3]));*/
+ data +=4; datalen -=4;
+
+ if (version < 4)
+ {
+ if (datalen < 2)
+ return gpg_error (GPG_ERR_INV_PACKET);
+ data += 2; datalen -= 2;
+ }
+
+ if (!datalen)
+ return gpg_error (GPG_ERR_INV_PACKET);
+ algorithm = *data++; datalen--;
+
+ switch (algorithm)
+ {
+ case 1:
+ case 2:
+ case 3: /* RSA */
+ npkey = 2;
+ break;
+ case 16:
+ case 20: /* Elgamal */
+ npkey = 3;
+ break;
+ case 17: /* DSA */
+ npkey = 4;
+ break;
+ default: /* Unknown algorithm. */
+ return gpg_error (GPG_ERR_UNKNOWN_ALGORITHM);
+ }
+
+ for (i=0; i < npkey; i++ )
+ {
+ unsigned int nbits, nbytes;
+
+ if (datalen < 2)
+ return gpg_error (GPG_ERR_INV_PACKET);
+ nbits = ((data[0]<<8)|(data[1]));
+ data += 2; datalen -=2;
+ nbytes = (nbits+7) / 8;
+ if (datalen < nbytes)
+ return gpg_error (GPG_ERR_INV_PACKET);
+ /* For use by v3 fingerprint calculation we need to know the RSA
+ modulus and exponent. */
+ if (i==0)
+ {
+ mpi_n = data;
+ mpi_n_len = nbytes;
+ }
+ else if (i==1)
+ mpi_e_len = nbytes;
+
+ data += nbytes; datalen -= nbytes;
+ }
+ n = data - data_start;
+
+ if (version < 4)
+ {
+ /* We do not support any other algorithm than RSA in v3
+ packets. */
+ if (algorithm < 1 || algorithm > 3)
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+
+ err = gcry_md_open (&md, GCRY_MD_MD5, 0);
+ if (err)
+ return err; /* Oops */
+ gcry_md_write (md, mpi_n, mpi_n_len);
+ gcry_md_write (md, mpi_n+mpi_n_len+2, mpi_e_len);
+ memcpy (ki->fpr, gcry_md_read (md, 0), 16);
+ gcry_md_close (md);
+ ki->fprlen = 16;
+
+ if (mpi_n_len < 8)
+ {
+ /* Moduli less than 64 bit are out of the specs scope. Zero
+ them out becuase this is what gpg does too. */
+ memset (ki->keyid, 0, 8);
+ }
+ else
+ memcpy (ki->keyid, mpi_n + mpi_n_len - 8, 8);
+ }
+ else
+ {
+ /* Its a pitty that we need to prefix the buffer with the tag
+ and a length header: We can't simply pass it to the fast
+ hashing fucntion for that reason. It might be a good idea to
+ have a scatter-gather enabled hash function. What we do here
+ is to use a static buffer if this one is large enough and
+ only use the regular hash fucntions if this buffer is not
+ large enough. */
+ if ( 3 + n < sizeof hashbuffer )
+ {
+ hashbuffer[0] = 0x99; /* CTB */
+ hashbuffer[1] = (n >> 8); /* 2 byte length header. */
+ hashbuffer[2] = n;
+ memcpy (hashbuffer + 3, data_start, n);
+ gcry_md_hash_buffer (GCRY_MD_SHA1, ki->fpr, hashbuffer, 3 + n);
+ }
+ else
+ {
+ err = gcry_md_open (&md, GCRY_MD_SHA1, 0);
+ if (err)
+ return err; /* Oops */
+ gcry_md_putc (md, 0x99 ); /* CTB */
+ gcry_md_putc (md, (n >> 8) ); /* 2 byte length header. */
+ gcry_md_putc (md, n );
+ gcry_md_write (md, data_start, n);
+ memcpy (ki->fpr, gcry_md_read (md, 0), 20);
+ gcry_md_close (md);
+ }
+ ki->fprlen = 20;
+ memcpy (ki->keyid, ki->fpr+12, 8);
+ }
+
+ return 0;
+}
+
+
+
+/* The caller must pass the address of an INFO structure which will
+ get filled on success with information pertaining to the OpenPGP
+ keyblock IMAGE of length IMAGELEN. Note that a caller does only
+ need to release this INFO structure when the function returns
+ success. If NPARSED is not NULL the actual number of bytes parsed
+ will be stored at this address. */
+gpg_error_t
+_keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
+ size_t *nparsed,
+ keybox_openpgp_info_t info)
+{
+ gpg_error_t err = 0;
+ const unsigned char *image_start, *data;
+ size_t n, datalen;
+ int pkttype;
+ int first = 1;
+ struct _keybox_openpgp_key_info *k, **ktail = NULL;
+ struct _keybox_openpgp_uid_info *u, **utail = NULL;
+
+ memset (info, 0, sizeof *info);
+ if (nparsed)
+ *nparsed = 0;
+
+ image_start = image;
+ while (image)
+ {
+ err = next_packet (&image, &imagelen, &data, &datalen, &pkttype, &n);
+ if (err)
+ break;
+
+ if (first)
+ {
+ if (pkttype == PKT_PUBLIC_KEY)
+ ;
+ else if (pkttype == PKT_SECRET_KEY)
+ info->is_secret = 1;
+ else
+ {
+ err = gpg_error (GPG_ERR_UNEXPECTED);
+ break;
+ }
+ first = 0;
+ }
+ else if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY)
+ break; /* Next keyblock encountered - ready. */
+
+ if (nparsed)
+ *nparsed += n;
+
+ if (pkttype == PKT_SIGNATURE)
+ {
+ /* For now we only count the total number of signatures. */
+ info->nsigs++;
+ }
+ else if (pkttype == PKT_USER_ID)
+ {
+ info->nuids++;
+ if (info->nuids == 1)
+ {
+ info->uids.off = data - image_start;
+ info->uids.len = datalen;
+ utail = &info->uids.next;
+ }
+ else
+ {
+ u = xtrycalloc (1, sizeof *u);
+ if (!u)
+ {
+ err = gpg_error_from_syserror ();
+ break;
+ }
+ u->off = data - image_start;
+ u->len = datalen;
+ *utail = u;
+ utail = &u->next;
+ }
+ }
+ else if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY)
+ {
+ err = parse_key (data, datalen, &info->primary);
+ if (err)
+ break;
+ }
+ else if( pkttype == PKT_PUBLIC_SUBKEY && datalen && *data == '#' )
+ {
+ /* Early versions of GnuPG used old PGP comment packets;
+ * luckily all those comments are prefixed by a hash
+ * sign - ignore these packets. */
+ }
+ else if (pkttype == PKT_PUBLIC_SUBKEY || pkttype == PKT_SECRET_SUBKEY)
+ {
+ info->nsubkeys++;
+ if (info->nsubkeys == 1)
+ {
+ err = parse_key (data, datalen, &info->subkeys);
+ if (err)
+ {
+ info->nsubkeys--;
+ if (gpg_err_code (err) != GPG_ERR_UNKNOWN_ALGORITHM)
+ break;
+ /* We ignore subkeys with unknown algorithms. */
+ }
+ else
+ ktail = &info->subkeys.next;
+ }
+ else
+ {
+ k = xtrycalloc (1, sizeof *k);
+ if (!k)
+ {
+ err = gpg_error_from_syserror ();
+ break;
+ }
+ err = parse_key (data, datalen, k);
+ if (err)
+ {
+ xfree (k);
+ info->nsubkeys--;
+ if (gpg_err_code (err) != GPG_ERR_UNKNOWN_ALGORITHM)
+ break;
+ /* We ignore subkeys with unknown algorithms. */
+ }
+ else
+ {
+ *ktail = k;
+ ktail = &k->next;
+ }
+ }
+ }
+ }
+
+ if (err)
+ {
+ _keybox_destroy_openpgp_info (info);
+ if (!first
+ && (gpg_err_code (err) == GPG_ERR_UNSUPPORTED_ALGORITHM
+ || gpg_err_code (err) == GPG_ERR_UNKNOWN_ALGORITHM))
+ {
+ /* We are able to skip to the end of this keyblock. */
+ while (image)
+ {
+ if (next_packet (&image, &imagelen,
+ &data, &datalen, &pkttype, &n) )
+ break; /* Another error - stop here. */
+
+ if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY)
+ break; /* Next keyblock encountered - ready. */
+
+ if (nparsed)
+ *nparsed += n;
+ }
+ }
+ }
+
+ return err;
+}
+
+
+/* Release any malloced data in INFO but not INFO itself! */
+void
+_keybox_destroy_openpgp_info (keybox_openpgp_info_t info)
+{
+ struct _keybox_openpgp_key_info *k, *k2;
+ struct _keybox_openpgp_uid_info *u, *u2;
+
+ assert (!info->primary.next);
+ for (k=info->subkeys.next; k; k = k2)
+ {
+ k2 = k->next;
+ xfree (k);
+ }
+
+ for (u=info->uids.next; u; u = u2)
+ {
+ u2 = u->next;
+ xfree (u);
+ }
+}
diff --git a/kbx/keybox-search-desc.h b/kbx/keybox-search-desc.h
new file mode 100644
index 0000000..98d8135
--- /dev/null
+++ b/kbx/keybox-search-desc.h
@@ -0,0 +1,73 @@
+/* keybox-search-desc.h - Keybox serch description
+ * Copyright (C) 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ This file is a temporary kludge until we can come up with solution
+ to share this description between keybox and the application
+ specific keydb
+*/
+
+#ifndef KEYBOX_SEARCH_DESC_H
+#define KEYBOX_SEARCH_DESC_H 1
+
+typedef enum {
+ KEYDB_SEARCH_MODE_NONE,
+ KEYDB_SEARCH_MODE_EXACT,
+ KEYDB_SEARCH_MODE_SUBSTR,
+ KEYDB_SEARCH_MODE_MAIL,
+ KEYDB_SEARCH_MODE_MAILSUB,
+ KEYDB_SEARCH_MODE_MAILEND,
+ KEYDB_SEARCH_MODE_WORDS,
+ KEYDB_SEARCH_MODE_SHORT_KID,
+ KEYDB_SEARCH_MODE_LONG_KID,
+ KEYDB_SEARCH_MODE_FPR16,
+ KEYDB_SEARCH_MODE_FPR20,
+ KEYDB_SEARCH_MODE_FPR,
+ KEYDB_SEARCH_MODE_ISSUER,
+ KEYDB_SEARCH_MODE_ISSUER_SN,
+ KEYDB_SEARCH_MODE_SN,
+ KEYDB_SEARCH_MODE_SUBJECT,
+ KEYDB_SEARCH_MODE_KEYGRIP,
+ KEYDB_SEARCH_MODE_FIRST,
+ KEYDB_SEARCH_MODE_NEXT
+} KeydbSearchMode;
+
+struct keydb_search_desc {
+ KeydbSearchMode mode;
+ int (*skipfnc)(void *,void*); /* used to be: void*, u32* */
+ void *skipfncvalue;
+ const unsigned char *sn;
+ int snlen; /* -1 := sn is a hex string */
+ union {
+ const char *name;
+ unsigned char fpr[24];
+ unsigned char kid[8];
+ unsigned char grip[20];
+ } u;
+};
+
+
+struct keydb_search_desc;
+typedef struct keydb_search_desc KEYDB_SEARCH_DESC;
+
+typedef struct keydb_search_desc KEYBOX_SEARCH_DESC;
+
+
+
+#endif /*KEYBOX_SEARCH_DESC_H*/
diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
new file mode 100644
index 0000000..1680dd7
--- /dev/null
+++ b/kbx/keybox-search.c
@@ -0,0 +1,1031 @@
+/* keybox-search.c - Search operations
+ * Copyright (C) 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+#include <errno.h>
+
+#include "../jnlib/stringhelp.h" /* ascii_xxxx() */
+
+#include "keybox-defs.h"
+#include <gcrypt.h>
+
+
+#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \
+ *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
+#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
+
+
+struct sn_array_s {
+ int snlen;
+ unsigned char *sn;
+};
+
+
+
+static inline ulong
+get32 (const byte *buffer)
+{
+ ulong a;
+ a = *buffer << 24;
+ a |= buffer[1] << 16;
+ a |= buffer[2] << 8;
+ a |= buffer[3];
+ return a;
+}
+
+static inline ulong
+get16 (const byte *buffer)
+{
+ ulong a;
+ a = *buffer << 8;
+ a |= buffer[1];
+ return a;
+}
+
+
+
+static inline int
+blob_get_type (KEYBOXBLOB blob)
+{
+ const unsigned char *buffer;
+ size_t length;
+
+ buffer = _keybox_get_blob_image (blob, &length);
+ if (length < 32)
+ return -1; /* blob too short */
+
+ return buffer[4];
+}
+
+static inline unsigned int
+blob_get_blob_flags (KEYBOXBLOB blob)
+{
+ const unsigned char *buffer;
+ size_t length;
+
+ buffer = _keybox_get_blob_image (blob, &length);
+ if (length < 8)
+ return 0; /* oops */
+
+ return get16 (buffer + 6);
+}
+
+
+/* Return information on the flag WHAT within the blob BUFFER,LENGTH.
+ Return the offset and the length (in bytes) of the flag in
+ FLAGOFF,FLAG_SIZE. */
+gpg_err_code_t
+_keybox_get_flag_location (const unsigned char *buffer, size_t length,
+ int what, size_t *flag_off, size_t *flag_size)
+{
+ size_t pos;
+ size_t nkeys, keyinfolen;
+ size_t nuids, uidinfolen;
+ size_t nserial;
+ size_t nsigs, siginfolen;
+
+ switch (what)
+ {
+ case KEYBOX_FLAG_BLOB:
+ if (length < 8)
+ return GPG_ERR_INV_OBJ;
+ *flag_off = 6;
+ *flag_size = 2;
+ break;
+
+ case KEYBOX_FLAG_OWNERTRUST:
+ case KEYBOX_FLAG_VALIDITY:
+ case KEYBOX_FLAG_CREATED_AT:
+ if (length < 20)
+ return GPG_ERR_INV_OBJ;
+ /* Key info. */
+ nkeys = get16 (buffer + 16);
+ keyinfolen = get16 (buffer + 18 );
+ if (keyinfolen < 28)
+ return GPG_ERR_INV_OBJ;
+ pos = 20 + keyinfolen*nkeys;
+ if (pos+2 > length)
+ return GPG_ERR_INV_OBJ; /* Out of bounds. */
+ /* Serial number. */
+ nserial = get16 (buffer+pos);
+ pos += 2 + nserial;
+ if (pos+4 > length)
+ return GPG_ERR_INV_OBJ; /* Out of bounds. */
+ /* User IDs. */
+ nuids = get16 (buffer + pos); pos += 2;
+ uidinfolen = get16 (buffer + pos); pos += 2;
+ if (uidinfolen < 12 )
+ return GPG_ERR_INV_OBJ;
+ pos += uidinfolen*nuids;
+ if (pos+4 > length)
+ return GPG_ERR_INV_OBJ ; /* Out of bounds. */
+ /* Signature info. */
+ nsigs = get16 (buffer + pos); pos += 2;
+ siginfolen = get16 (buffer + pos); pos += 2;
+ if (siginfolen < 4 )
+ return GPG_ERR_INV_OBJ;
+ pos += siginfolen*nsigs;
+ if (pos+1+1+2+4+4+4+4 > length)
+ return GPG_ERR_INV_OBJ ; /* Out of bounds. */
+ *flag_size = 1;
+ *flag_off = pos;
+ switch (what)
+ {
+ case KEYBOX_FLAG_VALIDITY:
+ *flag_off += 1;
+ break;
+ case KEYBOX_FLAG_CREATED_AT:
+ *flag_size = 4;
+ *flag_off += 1+2+4+4+4;
+ break;
+ default:
+ break;
+ }
+ break;
+
+ default:
+ return GPG_ERR_INV_FLAG;
+ }
+ return 0;
+}
+
+
+
+/* Return one of the flags WHAT in VALUE from teh blob BUFFER of
+ LENGTH bytes. Return 0 on success or an raw error code. */
+static gpg_err_code_t
+get_flag_from_image (const unsigned char *buffer, size_t length,
+ int what, unsigned int *value)
+{
+ gpg_err_code_t ec;
+ size_t pos, size;
+
+ *value = 0;
+ ec = _keybox_get_flag_location (buffer, length, what, &pos, &size);
+ if (!ec)
+ switch (size)
+ {
+ case 1: *value = buffer[pos]; break;
+ case 2: *value = get16 (buffer + pos); break;
+ case 4: *value = get32 (buffer + pos); break;
+ default: ec = GPG_ERR_BUG; break;
+ }
+
+ return ec;
+}
+
+
+static int
+blob_cmp_sn (KEYBOXBLOB blob, const unsigned char *sn, int snlen)
+{
+ const unsigned char *buffer;
+ size_t length;
+ size_t pos, off;
+ size_t nkeys, keyinfolen;
+ size_t nserial;
+
+ buffer = _keybox_get_blob_image (blob, &length);
+ if (length < 40)
+ return 0; /* blob too short */
+
+ /*keys*/
+ nkeys = get16 (buffer + 16);
+ keyinfolen = get16 (buffer + 18 );
+ if (keyinfolen < 28)
+ return 0; /* invalid blob */
+ pos = 20 + keyinfolen*nkeys;
+ if (pos+2 > length)
+ return 0; /* out of bounds */
+
+ /*serial*/
+ nserial = get16 (buffer+pos);
+ off = pos + 2;
+ if (off+nserial > length)
+ return 0; /* out of bounds */
+
+ return nserial == snlen && !memcmp (buffer+off, sn, snlen);
+}
+
+
+static int
+blob_cmp_fpr (KEYBOXBLOB blob, const unsigned char *fpr)
+{
+ const unsigned char *buffer;
+ size_t length;
+ size_t pos, off;
+ size_t nkeys, keyinfolen;
+ int idx;
+
+ buffer = _keybox_get_blob_image (blob, &length);
+ if (length < 40)
+ return 0; /* blob too short */
+
+ /*keys*/
+ nkeys = get16 (buffer + 16);
+ keyinfolen = get16 (buffer + 18 );
+ if (keyinfolen < 28)
+ return 0; /* invalid blob */
+ pos = 20;
+ if (pos + keyinfolen*nkeys > length)
+ return 0; /* out of bounds */
+
+ for (idx=0; idx < nkeys; idx++)
+ {
+ off = pos + idx*keyinfolen;
+ if (!memcmp (buffer + off, fpr, 20))
+ return 1; /* found */
+ }
+ return 0; /* not found */
+}
+
+static int
+blob_cmp_fpr_part (KEYBOXBLOB blob, const unsigned char *fpr,
+ int fproff, int fprlen)
+{
+ const unsigned char *buffer;
+ size_t length;
+ size_t pos, off;
+ size_t nkeys, keyinfolen;
+ int idx;
+
+ buffer = _keybox_get_blob_image (blob, &length);
+ if (length < 40)
+ return 0; /* blob too short */
+
+ /*keys*/
+ nkeys = get16 (buffer + 16);
+ keyinfolen = get16 (buffer + 18 );
+ if (keyinfolen < 28)
+ return 0; /* invalid blob */
+ pos = 20;
+ if (pos + keyinfolen*nkeys > length)
+ return 0; /* out of bounds */
+
+ for (idx=0; idx < nkeys; idx++)
+ {
+ off = pos + idx*keyinfolen;
+ if (!memcmp (buffer + off + fproff, fpr, fprlen))
+ return 1; /* found */
+ }
+ return 0; /* not found */
+}
+
+
+static int
+blob_cmp_name (KEYBOXBLOB blob, int idx,
+ const char *name, size_t namelen, int substr)
+{
+ const unsigned char *buffer;
+ size_t length;
+ size_t pos, off, len;
+ size_t nkeys, keyinfolen;
+ size_t nuids, uidinfolen;
+ size_t nserial;
+
+ buffer = _keybox_get_blob_image (blob, &length);
+ if (length < 40)
+ return 0; /* blob too short */
+
+ /*keys*/
+ nkeys = get16 (buffer + 16);
+ keyinfolen = get16 (buffer + 18 );
+ if (keyinfolen < 28)
+ return 0; /* invalid blob */
+ pos = 20 + keyinfolen*nkeys;
+ if (pos+2 > length)
+ return 0; /* out of bounds */
+
+ /*serial*/
+ nserial = get16 (buffer+pos);
+ pos += 2 + nserial;
+ if (pos+4 > length)
+ return 0; /* out of bounds */
+
+ /* user ids*/
+ nuids = get16 (buffer + pos); pos += 2;
+ uidinfolen = get16 (buffer + pos); pos += 2;
+ if (uidinfolen < 12 /* should add a: || nuidinfolen > MAX_UIDINFOLEN */)
+ return 0; /* invalid blob */
+ if (pos + uidinfolen*nuids > length)
+ return 0; /* out of bounds */
+
+ if (idx < 0)
+ { /* compare all names starting with that (negated) index */
+ idx = -idx;
+
+ for ( ;idx < nuids; idx++)
+ {
+ size_t mypos = pos;
+
+ mypos += idx*uidinfolen;
+ off = get32 (buffer+mypos);
+ len = get32 (buffer+mypos+4);
+ if (off+len > length)
+ return 0; /* error: better stop here out of bounds */
+ if (len < 1)
+ continue; /* empty name */
+ if (substr)
+ {
+ if (ascii_memcasemem (buffer+off, len, name, namelen))
+ return 1; /* found */
+ }
+ else
+ {
+ if (len == namelen && !memcmp (buffer+off, name, len))
+ return 1; /* found */
+ }
+ }
+ return 0; /* not found */
+ }
+ else
+ {
+ if (idx > nuids)
+ return 0; /* no user ID with that idx */
+ pos += idx*uidinfolen;
+ off = get32 (buffer+pos);
+ len = get32 (buffer+pos+4);
+ if (off+len > length)
+ return 0; /* out of bounds */
+ if (len < 1)
+ return 0; /* empty name */
+
+ if (substr)
+ {
+ return !!ascii_memcasemem (buffer+off, len, name, namelen);
+ }
+ else
+ {
+ return len == namelen && !memcmp (buffer+off, name, len);
+ }
+ }
+}
+
+
+/* compare all email addresses of the subject. With SUBSTR given as
+ True a substring search is done in the mail address */
+static int
+blob_cmp_mail (KEYBOXBLOB blob, const char *name, size_t namelen, int substr)
+{
+ const unsigned char *buffer;
+ size_t length;
+ size_t pos, off, len;
+ size_t nkeys, keyinfolen;
+ size_t nuids, uidinfolen;
+ size_t nserial;
+ int idx;
+
+ /* fixme: this code is common to blob_cmp_mail */
+ buffer = _keybox_get_blob_image (blob, &length);
+ if (length < 40)
+ return 0; /* blob too short */
+
+ /*keys*/
+ nkeys = get16 (buffer + 16);
+ keyinfolen = get16 (buffer + 18 );
+ if (keyinfolen < 28)
+ return 0; /* invalid blob */
+ pos = 20 + keyinfolen*nkeys;
+ if (pos+2 > length)
+ return 0; /* out of bounds */
+
+ /*serial*/
+ nserial = get16 (buffer+pos);
+ pos += 2 + nserial;
+ if (pos+4 > length)
+ return 0; /* out of bounds */
+
+ /* user ids*/
+ nuids = get16 (buffer + pos); pos += 2;
+ uidinfolen = get16 (buffer + pos); pos += 2;
+ if (uidinfolen < 12 /* should add a: || nuidinfolen > MAX_UIDINFOLEN */)
+ return 0; /* invalid blob */
+ if (pos + uidinfolen*nuids > length)
+ return 0; /* out of bounds */
+
+ if (namelen < 1)
+ return 0;
+
+ for (idx=1 ;idx < nuids; idx++)
+ {
+ size_t mypos = pos;
+
+ mypos += idx*uidinfolen;
+ off = get32 (buffer+mypos);
+ len = get32 (buffer+mypos+4);
+ if (off+len > length)
+ return 0; /* error: better stop here out of bounds */
+ if (len < 2 || buffer[off] != '<')
+ continue; /* empty name or trailing 0 not stored */
+ len--; /* one back */
+ if ( len < 3 || buffer[off+len] != '>')
+ continue; /* not a proper email address */
+ len--;
+ if (substr)
+ {
+ if (ascii_memcasemem (buffer+off+1, len, name, namelen))
+ return 1; /* found */
+ }
+ else
+ {
+ if (len == namelen && !ascii_memcasecmp (buffer+off+1, name, len))
+ return 1; /* found */
+ }
+ }
+ return 0; /* not found */
+}
+
+
+#ifdef KEYBOX_WITH_X509
+/* Return true if the key in BLOB matches the 20 bytes keygrip GRIP.
+ We don't have the keygrips as meta data, thus we need to parse the
+ certificate. Fixme: We might want to return proper error codes
+ instead of failing a search for invalid certificates etc. */
+static int
+blob_x509_has_grip (KEYBOXBLOB blob, const unsigned char *grip)
+{
+ int rc;
+ const unsigned char *buffer;
+ size_t length;
+ size_t cert_off, cert_len;
+ ksba_reader_t reader = NULL;
+ ksba_cert_t cert = NULL;
+ ksba_sexp_t p = NULL;
+ gcry_sexp_t s_pkey;
+ unsigned char array[20];
+ unsigned char *rcp;
+ size_t n;
+
+ buffer = _keybox_get_blob_image (blob, &length);
+ if (length < 40)
+ return 0; /* Too short. */
+ cert_off = get32 (buffer+8);
+ cert_len = get32 (buffer+12);
+ if (cert_off+cert_len > length)
+ return 0; /* Too short. */
+
+ rc = ksba_reader_new (&reader);
+ if (rc)
+ return 0; /* Problem with ksba. */
+ rc = ksba_reader_set_mem (reader, buffer+cert_off, cert_len);
+ if (rc)
+ goto failed;
+ rc = ksba_cert_new (&cert);
+ if (rc)
+ goto failed;
+ rc = ksba_cert_read_der (cert, reader);
+ if (rc)
+ goto failed;
+ p = ksba_cert_get_public_key (cert);
+ if (!p)
+ goto failed;
+ n = gcry_sexp_canon_len (p, 0, NULL, NULL);
+ if (!n)
+ goto failed;
+ rc = gcry_sexp_sscan (&s_pkey, NULL, (char*)p, n);
+ if (rc)
+ {
+ gcry_sexp_release (s_pkey);
+ goto failed;
+ }
+ rcp = gcry_pk_get_keygrip (s_pkey, array);
+ gcry_sexp_release (s_pkey);
+ if (!rcp)
+ goto failed; /* Can't calculate keygrip. */
+
+ xfree (p);
+ ksba_cert_release (cert);
+ ksba_reader_release (reader);
+ return !memcmp (array, grip, 20);
+ failed:
+ xfree (p);
+ ksba_cert_release (cert);
+ ksba_reader_release (reader);
+ return 0;
+}
+#endif /*KEYBOX_WITH_X509*/
+
+
+
+/*
+ The has_foo functions are used as helpers for search
+*/
+static inline int
+has_short_kid (KEYBOXBLOB blob, const unsigned char *kid)
+{
+ return blob_cmp_fpr_part (blob, kid+4, 16, 4);
+}
+
+static inline int
+has_long_kid (KEYBOXBLOB blob, const unsigned char *kid)
+{
+ return blob_cmp_fpr_part (blob, kid, 12, 8);
+}
+
+static inline int
+has_fingerprint (KEYBOXBLOB blob, const unsigned char *fpr)
+{
+ return blob_cmp_fpr (blob, fpr);
+}
+
+static inline int
+has_keygrip (KEYBOXBLOB blob, const unsigned char *grip)
+{
+#ifdef KEYBOX_WITH_X509
+ if (blob_get_type (blob) == BLOBTYPE_X509)
+ return blob_x509_has_grip (blob, grip);
+#endif
+ return 0;
+}
+
+
+static inline int
+has_issuer (KEYBOXBLOB blob, const char *name)
+{
+ size_t namelen;
+
+ return_val_if_fail (name, 0);
+
+ if (blob_get_type (blob) != BLOBTYPE_X509)
+ return 0;
+
+ namelen = strlen (name);
+ return blob_cmp_name (blob, 0 /* issuer */, name, namelen, 0);
+}
+
+static inline int
+has_issuer_sn (KEYBOXBLOB blob, const char *name,
+ const unsigned char *sn, int snlen)
+{
+ size_t namelen;
+
+ return_val_if_fail (name, 0);
+ return_val_if_fail (sn, 0);
+
+ if (blob_get_type (blob) != BLOBTYPE_X509)
+ return 0;
+
+ namelen = strlen (name);
+
+ return (blob_cmp_sn (blob, sn, snlen)
+ && blob_cmp_name (blob, 0 /* issuer */, name, namelen, 0));
+}
+
+static inline int
+has_sn (KEYBOXBLOB blob, const unsigned char *sn, int snlen)
+{
+ return_val_if_fail (sn, 0);
+
+ if (blob_get_type (blob) != BLOBTYPE_X509)
+ return 0;
+ return blob_cmp_sn (blob, sn, snlen);
+}
+
+static inline int
+has_subject (KEYBOXBLOB blob, const char *name)
+{
+ size_t namelen;
+
+ return_val_if_fail (name, 0);
+
+ if (blob_get_type (blob) != BLOBTYPE_X509)
+ return 0;
+
+ namelen = strlen (name);
+ return blob_cmp_name (blob, 1 /* subject */, name, namelen, 0);
+}
+
+static inline int
+has_subject_or_alt (KEYBOXBLOB blob, const char *name, int substr)
+{
+ size_t namelen;
+
+ return_val_if_fail (name, 0);
+
+ if (blob_get_type (blob) != BLOBTYPE_X509)
+ return 0;
+
+ namelen = strlen (name);
+ return blob_cmp_name (blob, -1 /* all subject names*/, name,
+ namelen, substr);
+}
+
+
+static inline int
+has_mail (KEYBOXBLOB blob, const char *name, int substr)
+{
+ size_t namelen;
+
+ return_val_if_fail (name, 0);
+
+ if (blob_get_type (blob) != BLOBTYPE_X509)
+ return 0;
+
+ namelen = strlen (name);
+ if (namelen && name[namelen-1] == '>')
+ namelen--;
+ return blob_cmp_mail (blob, name, namelen, substr);
+}
+
+
+static void
+release_sn_array (struct sn_array_s *array, size_t size)
+{
+ size_t n;
+
+ for (n=0; n < size; n++)
+ xfree (array[n].sn);
+ xfree (array);
+}
+
+
+/*
+
+ The search API
+
+*/
+
+int
+keybox_search_reset (KEYBOX_HANDLE hd)
+{
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ if (hd->found.blob)
+ {
+ _keybox_release_blob (hd->found.blob);
+ hd->found.blob = NULL;
+ }
+
+ if (hd->fp)
+ {
+ fclose (hd->fp);
+ hd->fp = NULL;
+ }
+ hd->error = 0;
+ hd->eof = 0;
+ return 0;
+}
+
+
+/* Note: When in ephemeral mode the search function does visit all
+ blobs but in standard mode, blobs flagged as ephemeral are ignored. */
+int
+keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
+{
+ int rc;
+ size_t n;
+ int need_words, any_skip;
+ KEYBOXBLOB blob = NULL;
+ struct sn_array_s *sn_array = NULL;
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ /* clear last found result */
+ if (hd->found.blob)
+ {
+ _keybox_release_blob (hd->found.blob);
+ hd->found.blob = NULL;
+ }
+
+ if (hd->error)
+ return hd->error; /* still in error state */
+ if (hd->eof)
+ return -1; /* still EOF */
+
+ /* figure out what information we need */
+ need_words = any_skip = 0;
+ for (n=0; n < ndesc; n++)
+ {
+ switch (desc[n].mode)
+ {
+ case KEYDB_SEARCH_MODE_WORDS:
+ need_words = 1;
+ break;
+ case KEYDB_SEARCH_MODE_FIRST:
+ /* always restart the search in this mode */
+ keybox_search_reset (hd);
+ break;
+ default:
+ break;
+ }
+ if (desc[n].skipfnc)
+ any_skip = 1;
+ if (desc[n].snlen == -1 && !sn_array)
+ {
+ sn_array = xtrycalloc (ndesc, sizeof *sn_array);
+ if (!sn_array)
+ return (hd->error = gpg_error_from_syserror ());
+ }
+ }
+
+ (void)need_words; /* Not yet implemented. */
+
+ if (!hd->fp)
+ {
+ hd->fp = fopen (hd->kb->fname, "rb");
+ if (!hd->fp)
+ {
+ hd->error = gpg_error_from_syserror ();
+ xfree (sn_array);
+ return hd->error;
+ }
+ }
+
+ /* Kludge: We need to convert an SN given as hexstring to its binary
+ representation - in some cases we are not able to store it in the
+ search descriptor, because due to the way we use it, it is not
+ possible to free allocated memory. */
+ if (sn_array)
+ {
+ const unsigned char *s;
+ int i, odd;
+ size_t snlen;
+
+ for (n=0; n < ndesc; n++)
+ {
+ if (!desc[n].sn)
+ ;
+ else if (desc[n].snlen == -1)
+ {
+ unsigned char *sn;
+
+ s = desc[n].sn;
+ for (i=0; *s && *s != '/'; s++, i++)
+ ;
+ odd = (i & 1);
+ snlen = (i+1)/2;
+ sn_array[n].sn = xtrymalloc (snlen);
+ if (!sn_array[n].sn)
+ {
+ hd->error = gpg_error_from_syserror ();
+ release_sn_array (sn_array, n);
+ return hd->error;
+ }
+ sn_array[n].snlen = snlen;
+ sn = sn_array[n].sn;
+ s = desc[n].sn;
+ if (odd)
+ {
+ *sn++ = xtoi_1 (s);
+ s++;
+ }
+ for (; *s && *s != '/'; s += 2)
+ *sn++ = xtoi_2 (s);
+ }
+ else
+ {
+ const unsigned char *sn;
+
+ sn = desc[n].sn;
+ snlen = desc[n].snlen;
+ sn_array[n].sn = xtrymalloc (snlen);
+ if (!sn_array[n].sn)
+ {
+ hd->error = gpg_error_from_syserror ();
+ release_sn_array (sn_array, n);
+ return hd->error;
+ }
+ sn_array[n].snlen = snlen;
+ memcpy (sn_array[n].sn, sn, snlen);
+ }
+ }
+ }
+
+
+ for (;;)
+ {
+ unsigned int blobflags;
+
+ _keybox_release_blob (blob); blob = NULL;
+ rc = _keybox_read_blob (&blob, hd->fp);
+ if (rc)
+ break;
+
+ if (blob_get_type (blob) == BLOBTYPE_HEADER)
+ continue;
+
+
+ blobflags = blob_get_blob_flags (blob);
+ if (!hd->ephemeral && (blobflags & 2))
+ continue; /* Not in ephemeral mode but blob is flagged ephemeral. */
+
+ for (n=0; n < ndesc; n++)
+ {
+ switch (desc[n].mode)
+ {
+ case KEYDB_SEARCH_MODE_NONE:
+ never_reached ();
+ break;
+ case KEYDB_SEARCH_MODE_EXACT:
+ if (has_subject_or_alt (blob, desc[n].u.name, 0))
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_MAIL:
+ if (has_mail (blob, desc[n].u.name, 0))
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_MAILSUB:
+ if (has_mail (blob, desc[n].u.name, 1))
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_SUBSTR:
+ if (has_subject_or_alt (blob, desc[n].u.name, 1))
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_MAILEND:
+ case KEYDB_SEARCH_MODE_WORDS:
+ never_reached (); /* not yet implemented */
+ break;
+ case KEYDB_SEARCH_MODE_ISSUER:
+ if (has_issuer (blob, desc[n].u.name))
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_ISSUER_SN:
+ if (has_issuer_sn (blob, desc[n].u.name,
+ sn_array? sn_array[n].sn : desc[n].sn,
+ sn_array? sn_array[n].snlen : desc[n].snlen))
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_SN:
+ if (has_sn (blob, sn_array? sn_array[n].sn : desc[n].sn,
+ sn_array? sn_array[n].snlen : desc[n].snlen))
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_SUBJECT:
+ if (has_subject (blob, desc[n].u.name))
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_SHORT_KID:
+ if (has_short_kid (blob, desc[n].u.kid))
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_LONG_KID:
+ if (has_long_kid (blob, desc[n].u.kid))
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_FPR:
+ case KEYDB_SEARCH_MODE_FPR20:
+ if (has_fingerprint (blob, desc[n].u.fpr))
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_KEYGRIP:
+ if (has_keygrip (blob, desc[n].u.grip))
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_FIRST:
+ goto found;
+ break;
+ case KEYDB_SEARCH_MODE_NEXT:
+ goto found;
+ break;
+ default:
+ rc = gpg_error (GPG_ERR_INV_VALUE);
+ goto found;
+ }
+ }
+ continue;
+ found:
+ for (n=any_skip?0:ndesc; n < ndesc; n++)
+ {
+/* if (desc[n].skipfnc */
+/* && desc[n].skipfnc (desc[n].skipfncvalue, aki)) */
+/* break; */
+ }
+ if (n == ndesc)
+ break; /* got it */
+ }
+
+ if (!rc)
+ {
+ hd->found.blob = blob;
+ }
+ else if (rc == -1)
+ {
+ _keybox_release_blob (blob);
+ hd->eof = 1;
+ }
+ else
+ {
+ _keybox_release_blob (blob);
+ hd->error = rc;
+ }
+
+ if (sn_array)
+ release_sn_array (sn_array, ndesc);
+
+ return rc;
+}
+
+
+
+
+/*
+ Functions to return a certificate or a keyblock. To be used after
+ a successful search operation.
+*/
+#ifdef KEYBOX_WITH_X509
+/*
+ Return the last found cert. Caller must free it.
+ */
+int
+keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *r_cert)
+{
+ const unsigned char *buffer;
+ size_t length;
+ size_t cert_off, cert_len;
+ ksba_reader_t reader = NULL;
+ ksba_cert_t cert = NULL;
+ int rc;
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!hd->found.blob)
+ return gpg_error (GPG_ERR_NOTHING_FOUND);
+
+ if (blob_get_type (hd->found.blob) != BLOBTYPE_X509)
+ return gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
+
+ buffer = _keybox_get_blob_image (hd->found.blob, &length);
+ if (length < 40)
+ return gpg_error (GPG_ERR_TOO_SHORT);
+ cert_off = get32 (buffer+8);
+ cert_len = get32 (buffer+12);
+ if (cert_off+cert_len > length)
+ return gpg_error (GPG_ERR_TOO_SHORT);
+
+ rc = ksba_reader_new (&reader);
+ if (rc)
+ return rc;
+ rc = ksba_reader_set_mem (reader, buffer+cert_off, cert_len);
+ if (rc)
+ {
+ ksba_reader_release (reader);
+ /* fixme: need to map the error codes */
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+
+ rc = ksba_cert_new (&cert);
+ if (rc)
+ {
+ ksba_reader_release (reader);
+ return rc;
+ }
+
+ rc = ksba_cert_read_der (cert, reader);
+ if (rc)
+ {
+ ksba_cert_release (cert);
+ ksba_reader_release (reader);
+ /* fixme: need to map the error codes */
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+
+ *r_cert = cert;
+ ksba_reader_release (reader);
+ return 0;
+}
+
+#endif /*KEYBOX_WITH_X509*/
+
+/* Return the flags named WHAT at the address of VALUE. IDX is used
+ only for certain flags and should be 0 if not required. */
+int
+keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value)
+{
+ const unsigned char *buffer;
+ size_t length;
+ gpg_err_code_t ec;
+
+ (void)idx; /* Not yet used. */
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!hd->found.blob)
+ return gpg_error (GPG_ERR_NOTHING_FOUND);
+
+ buffer = _keybox_get_blob_image (hd->found.blob, &length);
+ ec = get_flag_from_image (buffer, length, what, value);
+ return ec? gpg_error (ec):0;
+}
+
diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c
new file mode 100644
index 0000000..dfa7af3
--- /dev/null
+++ b/kbx/keybox-update.c
@@ -0,0 +1,720 @@
+/* keybox-update.c - keybox update operations
+ * Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <time.h>
+#include <unistd.h>
+
+#include "keybox-defs.h"
+
+#define EXTSEP_S "."
+
+
+#if !defined(HAVE_FSEEKO) && !defined(fseeko)
+
+#ifdef HAVE_LIMITS_H
+# include <limits.h>
+#endif
+#ifndef LONG_MAX
+# define LONG_MAX ((long) ((unsigned long) -1 >> 1))
+#endif
+#ifndef LONG_MIN
+# define LONG_MIN (-1 - LONG_MAX)
+#endif
+
+/****************
+ * A substitute for fseeko, for hosts that don't have it.
+ */
+static int
+fseeko (FILE * stream, off_t newpos, int whence)
+{
+ while (newpos != (long) newpos)
+ {
+ long pos = newpos < 0 ? LONG_MIN : LONG_MAX;
+ if (fseek (stream, pos, whence) != 0)
+ return -1;
+ newpos -= pos;
+ whence = SEEK_CUR;
+ }
+ return fseek (stream, (long) newpos, whence);
+}
+#endif /* !defined(HAVE_FSEEKO) && !defined(fseeko) */
+
+
+
+static int
+create_tmp_file (const char *template,
+ char **r_bakfname, char **r_tmpfname, FILE **r_fp)
+{
+ char *bakfname, *tmpfname;
+
+ *r_bakfname = NULL;
+ *r_tmpfname = NULL;
+
+# ifdef USE_ONLY_8DOT3
+ /* Here is another Windoze bug?:
+ * you cant rename("pubring.kbx.tmp", "pubring.kbx");
+ * but rename("pubring.kbx.tmp", "pubring.aaa");
+ * works. So we replace ".kbx" by ".kb_" or ".k__". Note that we
+ * can't use ".bak" and ".tmp", because these suffixes are used by
+ * gpg and would lead to a sharing violation or data corruption.
+ */
+ if (strlen (template) > 4
+ && !strcmp (template+strlen(template)-4, EXTSEP_S "kbx") )
+ {
+ bakfname = xtrymalloc (strlen (template) + 1);
+ if (!bakfname)
+ return gpg_error_from_syserror ();
+ strcpy (bakfname, template);
+ strcpy (bakfname+strlen(template)-4, EXTSEP_S "kb_");
+
+ tmpfname = xtrymalloc (strlen (template) + 1);
+ if (!tmpfname)
+ {
+ gpg_error_t tmperr = gpg_error_from_syserror ();
+ xfree (bakfname);
+ return tmperr;
+ }
+ strcpy (tmpfname,template);
+ strcpy (tmpfname + strlen (template)-4, EXTSEP_S "k__");
+ }
+ else
+ { /* File does not end with kbx, thus we hope we are working on a
+ modern file system and appending a suffix works. */
+ bakfname = xtrymalloc ( strlen (template) + 5);
+ if (!bakfname)
+ return gpg_error_from_syserror ();
+ strcpy (stpcpy (bakfname, template), EXTSEP_S "kb_");
+
+ tmpfname = xtrymalloc ( strlen (template) + 5);
+ if (!tmpfname)
+ {
+ gpg_error_t tmperr = gpg_error_from_syserror ();
+ xfree (bakfname);
+ return tmperr;
+ }
+ strcpy (stpcpy (tmpfname, template), EXTSEP_S "k__");
+ }
+# else /* Posix file names */
+ bakfname = xtrymalloc (strlen (template) + 2);
+ if (!bakfname)
+ return gpg_error_from_syserror ();
+ strcpy (stpcpy (bakfname,template),"~");
+
+ tmpfname = xtrymalloc ( strlen (template) + 5);
+ if (!tmpfname)
+ {
+ gpg_error_t tmperr = gpg_error_from_syserror ();
+ xfree (bakfname);
+ return tmperr;
+ }
+ strcpy (stpcpy (tmpfname,template), EXTSEP_S "tmp");
+# endif /* Posix filename */
+
+ *r_fp = fopen (tmpfname, "wb");
+ if (!*r_fp)
+ {
+ gpg_error_t tmperr = gpg_error_from_syserror ();
+ xfree (tmpfname);
+ xfree (bakfname);
+ return tmperr;
+ }
+
+ *r_bakfname = bakfname;
+ *r_tmpfname = tmpfname;
+ return 0;
+}
+
+
+static int
+rename_tmp_file (const char *bakfname, const char *tmpfname,
+ const char *fname, int secret )
+{
+ int rc=0;
+
+ /* restrict the permissions for secret keyboxs */
+#ifndef HAVE_DOSISH_SYSTEM
+/* if (secret && !opt.preserve_permissions) */
+/* { */
+/* if (chmod (tmpfname, S_IRUSR | S_IWUSR) ) */
+/* { */
+/* log_debug ("chmod of `%s' failed: %s\n", */
+/* tmpfname, strerror(errno) ); */
+/* return KEYBOX_Write_File; */
+/* } */
+/* } */
+#endif
+
+ /* fixme: invalidate close caches (not used with stdio)*/
+/* iobuf_ioctl (NULL, 2, 0, (char*)tmpfname ); */
+/* iobuf_ioctl (NULL, 2, 0, (char*)bakfname ); */
+/* iobuf_ioctl (NULL, 2, 0, (char*)fname ); */
+
+ /* First make a backup file except for secret keyboxes. */
+ if (!secret)
+ {
+#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
+ remove (bakfname);
+#endif
+ if (rename (fname, bakfname) )
+ {
+ return gpg_error_from_syserror ();
+ }
+ }
+
+ /* Then rename the file. */
+#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
+ remove (fname);
+#endif
+ if (rename (tmpfname, fname) )
+ {
+ rc = gpg_error_from_syserror ();
+ if (secret)
+ {
+/* log_info ("WARNING: 2 files with confidential" */
+/* " information exists.\n"); */
+/* log_info ("%s is the unchanged one\n", fname ); */
+/* log_info ("%s is the new one\n", tmpfname ); */
+/* log_info ("Please fix this possible security flaw\n"); */
+ }
+ return rc;
+ }
+
+ return 0;
+}
+
+
+
+/* Perform insert/delete/update operation.
+ mode 1 = insert
+ 2 = delete
+ 3 = update
+*/
+static int
+blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
+ int secret, off_t start_offset)
+{
+ FILE *fp, *newfp;
+ int rc=0;
+ char *bakfname = NULL;
+ char *tmpfname = NULL;
+ char buffer[4096];
+ int nread, nbytes;
+
+ /* Open the source file. Because we do a rename, we have to check the
+ permissions of the file */
+ if (access (fname, W_OK))
+ return gpg_error_from_syserror ();
+
+ fp = fopen (fname, "rb");
+ if (mode == 1 && !fp && errno == ENOENT)
+ {
+ /* Insert mode but file does not exist:
+ Create a new keybox file. */
+ newfp = fopen (fname, "wb");
+ if (!newfp )
+ return gpg_error_from_syserror ();
+
+ rc = _keybox_write_header_blob (newfp);
+ if (rc)
+ return rc;
+
+ rc = _keybox_write_blob (blob, newfp);
+ if (rc)
+ return rc;
+
+ if ( fclose (newfp) )
+ return gpg_error_from_syserror ();
+
+/* if (chmod( fname, S_IRUSR | S_IWUSR )) */
+/* { */
+/* log_debug ("%s: chmod failed: %s\n", fname, strerror(errno) ); */
+/* return KEYBOX_File_Error; */
+/* } */
+ return 0; /* Ready. */
+ }
+
+ if (!fp)
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
+
+ /* Create the new file. */
+ rc = create_tmp_file (fname, &bakfname, &tmpfname, &newfp);
+ if (rc)
+ {
+ fclose(fp);
+ goto leave;
+ }
+
+ /* prepare for insert */
+ if (mode == 1)
+ {
+ /* Copy everything to the new file. */
+ while ( (nread = fread (buffer, 1, DIM(buffer), fp)) > 0 )
+ {
+ if (fwrite (buffer, nread, 1, newfp) != 1)
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
+ }
+ if (ferror (fp))
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
+ }
+
+ /* Prepare for delete or update. */
+ if ( mode == 2 || mode == 3 )
+ {
+ off_t current = 0;
+
+ /* Copy first part to the new file. */
+ while ( current < start_offset )
+ {
+ nbytes = DIM(buffer);
+ if (current + nbytes > start_offset)
+ nbytes = start_offset - current;
+ nread = fread (buffer, 1, nbytes, fp);
+ if (!nread)
+ break;
+ current += nread;
+
+ if (fwrite (buffer, nread, 1, newfp) != 1)
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
+ }
+ if (ferror (fp))
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
+
+ /* Skip this blob. */
+ rc = _keybox_read_blob (NULL, fp);
+ if (rc)
+ return rc;
+ }
+
+ /* Do an insert or update. */
+ if ( mode == 1 || mode == 3 )
+ {
+ rc = _keybox_write_blob (blob, newfp);
+ if (rc)
+ return rc;
+ }
+
+ /* Copy the rest of the packet for an delete or update. */
+ if (mode == 2 || mode == 3)
+ {
+ while ( (nread = fread (buffer, 1, DIM(buffer), fp)) > 0 )
+ {
+ if (fwrite (buffer, nread, 1, newfp) != 1)
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
+ }
+ if (ferror (fp))
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
+ }
+
+ /* Close both files. */
+ if (fclose(fp))
+ {
+ rc = gpg_error_from_syserror ();
+ fclose (newfp);
+ goto leave;
+ }
+ if (fclose(newfp))
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
+
+ rc = rename_tmp_file (bakfname, tmpfname, fname, secret);
+
+ leave:
+ xfree(bakfname);
+ xfree(tmpfname);
+ return rc;
+}
+
+
+
+#ifdef KEYBOX_WITH_X509
+int
+keybox_insert_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
+ unsigned char *sha1_digest)
+{
+ int rc;
+ const char *fname;
+ KEYBOXBLOB blob;
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_HANDLE);
+ if (!hd->kb)
+ return gpg_error (GPG_ERR_INV_HANDLE);
+ fname = hd->kb->fname;
+ if (!fname)
+ return gpg_error (GPG_ERR_INV_HANDLE);
+
+ /* Close this one otherwise we will mess up the position for a next
+ search. Fixme: it would be better to adjust the position after
+ the write operation. */
+ _keybox_close_file (hd);
+
+ rc = _keybox_create_x509_blob (&blob, cert, sha1_digest, hd->ephemeral);
+ if (!rc)
+ {
+ rc = blob_filecopy (1, fname, blob, hd->secret, 0);
+ _keybox_release_blob (blob);
+ /* if (!rc && !hd->secret && kb_offtbl) */
+ /* { */
+ /* update_offset_hash_table_from_kb (kb_offtbl, kb, 0); */
+ /* } */
+ }
+ return rc;
+}
+
+int
+keybox_update_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
+ unsigned char *sha1_digest)
+{
+ (void)hd;
+ (void)cert;
+ (void)sha1_digest;
+ return -1;
+}
+
+
+#endif /*KEYBOX_WITH_X509*/
+
+/* Note: We assume that the keybox has been locked before the current
+ search was executed. This is needed so that we can depend on the
+ offset information of the flags. */
+int
+keybox_set_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int value)
+{
+ off_t off;
+ const char *fname;
+ FILE *fp;
+ gpg_err_code_t ec;
+ size_t flag_pos, flag_size;
+ const unsigned char *buffer;
+ size_t length;
+
+ (void)idx; /* Not yet used. */
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!hd->found.blob)
+ return gpg_error (GPG_ERR_NOTHING_FOUND);
+ if (!hd->kb)
+ return gpg_error (GPG_ERR_INV_HANDLE);
+ if (!hd->found.blob)
+ return gpg_error (GPG_ERR_NOTHING_FOUND);
+ fname = hd->kb->fname;
+ if (!fname)
+ return gpg_error (GPG_ERR_INV_HANDLE);
+
+ off = _keybox_get_blob_fileoffset (hd->found.blob);
+ if (off == (off_t)-1)
+ return gpg_error (GPG_ERR_GENERAL);
+
+ buffer = _keybox_get_blob_image (hd->found.blob, &length);
+ ec = _keybox_get_flag_location (buffer, length, what, &flag_pos, &flag_size);
+ if (ec)
+ return gpg_error (ec);
+
+ off += flag_pos;
+
+ _keybox_close_file (hd);
+ fp = fopen (hd->kb->fname, "r+b");
+ if (!fp)
+ return gpg_error_from_syserror ();
+
+ ec = 0;
+ if (fseeko (fp, off, SEEK_SET))
+ ec = gpg_error_from_syserror ();
+ else
+ {
+ unsigned char tmp[4];
+
+ tmp[0] = value >> 24;
+ tmp[1] = value >> 16;
+ tmp[2] = value >> 8;
+ tmp[3] = value;
+
+ switch (flag_size)
+ {
+ case 1:
+ case 2:
+ case 4:
+ if (fwrite (tmp+4-flag_size, flag_size, 1, fp) != 1)
+ ec = gpg_err_code_from_syserror ();
+ break;
+ default:
+ ec = GPG_ERR_BUG;
+ break;
+ }
+ }
+
+ if (fclose (fp))
+ {
+ if (!ec)
+ ec = gpg_err_code_from_syserror ();
+ }
+
+ return gpg_error (ec);
+}
+
+
+
+int
+keybox_delete (KEYBOX_HANDLE hd)
+{
+ off_t off;
+ const char *fname;
+ FILE *fp;
+ int rc;
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!hd->found.blob)
+ return gpg_error (GPG_ERR_NOTHING_FOUND);
+ if (!hd->kb)
+ return gpg_error (GPG_ERR_INV_HANDLE);
+ fname = hd->kb->fname;
+ if (!fname)
+ return gpg_error (GPG_ERR_INV_HANDLE);
+
+ off = _keybox_get_blob_fileoffset (hd->found.blob);
+ if (off == (off_t)-1)
+ return gpg_error (GPG_ERR_GENERAL);
+ off += 4;
+
+ _keybox_close_file (hd);
+ fp = fopen (hd->kb->fname, "r+b");
+ if (!fp)
+ return gpg_error_from_syserror ();
+
+ if (fseeko (fp, off, SEEK_SET))
+ rc = gpg_error_from_syserror ();
+ else if (putc (0, fp) == EOF)
+ rc = gpg_error_from_syserror ();
+ else
+ rc = 0;
+
+ if (fclose (fp))
+ {
+ if (!rc)
+ rc = gpg_error_from_syserror ();
+ }
+
+ return rc;
+}
+
+
+/* Compress the keybox file. This should be run with the file
+ locked. */
+int
+keybox_compress (KEYBOX_HANDLE hd)
+{
+ int read_rc, rc;
+ const char *fname;
+ FILE *fp, *newfp;
+ char *bakfname = NULL;
+ char *tmpfname = NULL;
+ int first_blob;
+ KEYBOXBLOB blob = NULL;
+ u32 cut_time;
+ int any_changes = 0;
+ int skipped_deleted;
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_HANDLE);
+ if (!hd->kb)
+ return gpg_error (GPG_ERR_INV_HANDLE);
+ if (hd->secret)
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ fname = hd->kb->fname;
+ if (!fname)
+ return gpg_error (GPG_ERR_INV_HANDLE);
+
+ _keybox_close_file (hd);
+
+ /* Open the source file. Because we do a rename, we have to check the
+ permissions of the file */
+ if (access (fname, W_OK))
+ return gpg_error_from_syserror ();
+
+ fp = fopen (fname, "rb");
+ if (!fp && errno == ENOENT)
+ return 0; /* Ready. File has been deleted right after the access above. */
+ if (!fp)
+ {
+ rc = gpg_error_from_syserror ();
+ return rc;
+ }
+
+ /* A quick test to see if we need to compress the file at all. We
+ schedule a compress run after 3 hours. */
+ if ( !_keybox_read_blob (&blob, fp) )
+ {
+ const unsigned char *buffer;
+ size_t length;
+
+ buffer = _keybox_get_blob_image (blob, &length);
+ if (length > 4 && buffer[4] == BLOBTYPE_HEADER)
+ {
+ u32 last_maint = ((buffer[20] << 24) | (buffer[20+1] << 16)
+ | (buffer[20+2] << 8) | (buffer[20+3]));
+
+ if ( (last_maint + 3*3600) > time (NULL) )
+ {
+ fclose (fp);
+ _keybox_release_blob (blob);
+ return 0; /* Compress run not yet needed. */
+ }
+ }
+ _keybox_release_blob (blob);
+ rewind (fp);
+ }
+
+ /* Create the new file. */
+ rc = create_tmp_file (fname, &bakfname, &tmpfname, &newfp);
+ if (rc)
+ {
+ fclose(fp);
+ return rc;;
+ }
+
+
+ /* Processing loop. By reading using _keybox_read_blob we
+ automagically skip any blobs flagged as deleted. Thus what we
+ only have to do is to check all ephemeral flagged blocks whether
+ their time has come and write out all other blobs. */
+ cut_time = time(NULL) - 86400;
+ first_blob = 1;
+ skipped_deleted = 0;
+ for (rc=0; !(read_rc = _keybox_read_blob2 (&blob, fp, &skipped_deleted));
+ _keybox_release_blob (blob), blob = NULL )
+ {
+ unsigned int blobflags;
+ const unsigned char *buffer;
+ size_t length, pos, size;
+ u32 created_at;
+
+ if (skipped_deleted)
+ any_changes = 1;
+ buffer = _keybox_get_blob_image (blob, &length);
+ if (first_blob)
+ {
+ first_blob = 0;
+ if (length > 4 && buffer[4] == BLOBTYPE_HEADER)
+ {
+ /* Write out the blob with an updated maintenance time stamp. */
+ _keybox_update_header_blob (blob);
+ rc = _keybox_write_blob (blob, newfp);
+ if (rc)
+ break;
+ continue;
+ }
+
+ /* The header blob is missing. Insert it. */
+ rc = _keybox_write_header_blob (newfp);
+ if (rc)
+ break;
+ any_changes = 1;
+ }
+ else if (length > 4 && buffer[4] == BLOBTYPE_HEADER)
+ {
+ /* Oops: There is another header record - remove it. */
+ any_changes = 1;
+ continue;
+ }
+
+ if (_keybox_get_flag_location (buffer, length,
+ KEYBOX_FLAG_BLOB, &pos, &size)
+ || size != 2)
+ {
+ rc = gpg_error (GPG_ERR_BUG);
+ break;
+ }
+ blobflags = ((buffer[pos] << 8) | (buffer[pos+1]));
+ if ((blobflags & KEYBOX_FLAG_BLOB_EPHEMERAL))
+ {
+ /* This is an ephemeral blob. */
+ if (_keybox_get_flag_location (buffer, length,
+ KEYBOX_FLAG_CREATED_AT, &pos, &size)
+ || size != 4)
+ created_at = 0; /* oops. */
+ else
+ created_at = ((buffer[pos] << 24) | (buffer[pos+1] << 16)
+ | (buffer[pos+2] << 8) | (buffer[pos+3]));
+
+ if (created_at && created_at < cut_time)
+ {
+ any_changes = 1;
+ continue; /* Skip this blob. */
+ }
+ }
+
+ rc = _keybox_write_blob (blob, newfp);
+ if (rc)
+ break;
+ }
+ if (skipped_deleted)
+ any_changes = 1;
+ _keybox_release_blob (blob); blob = NULL;
+ if (!rc && read_rc == -1)
+ rc = 0;
+ else if (!rc)
+ rc = read_rc;
+
+ /* Close both files. */
+ if (fclose(fp) && !rc)
+ rc = gpg_error_from_syserror ();
+ if (fclose(newfp) && !rc)
+ rc = gpg_error_from_syserror ();
+
+ /* Rename or remove the temporary file. */
+ if (rc || !any_changes)
+ remove (tmpfname);
+ else
+ rc = rename_tmp_file (bakfname, tmpfname, fname, hd->secret);
+
+ xfree(bakfname);
+ xfree(tmpfname);
+ return rc;
+}
+
diff --git a/kbx/keybox-util.c b/kbx/keybox-util.c
new file mode 100644
index 0000000..84de504
--- /dev/null
+++ b/kbx/keybox-util.c
@@ -0,0 +1,71 @@
+/* keybox-util.c - Utility functions for Keybox
+ * Copyright (C) 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "keybox-defs.h"
+
+
+static void *(*alloc_func)(size_t n) = malloc;
+static void *(*realloc_func)(void *p, size_t n) = realloc;
+static void (*free_func)(void*) = free;
+
+
+
+void
+keybox_set_malloc_hooks ( void *(*new_alloc_func)(size_t n),
+ void *(*new_realloc_func)(void *p, size_t n),
+ void (*new_free_func)(void*) )
+{
+ alloc_func = new_alloc_func;
+ realloc_func = new_realloc_func;
+ free_func = new_free_func;
+}
+
+void *
+_keybox_malloc (size_t n)
+{
+ return alloc_func (n);
+}
+
+void *
+_keybox_realloc (void *a, size_t n)
+{
+ return realloc_func (a, n);
+}
+
+void *
+_keybox_calloc (size_t n, size_t m)
+{
+ void *p = _keybox_malloc (n*m);
+ if (p)
+ memset (p, 0, n* m);
+ return p;
+}
+
+void
+_keybox_free (void *p)
+{
+ if (p)
+ free_func (p);
+}
+
diff --git a/kbx/keybox.h b/kbx/keybox.h
new file mode 100644
index 0000000..4330694
--- /dev/null
+++ b/kbx/keybox.h
@@ -0,0 +1,119 @@
+/* keybox.h - Keybox operations
+ * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef KEYBOX_H
+#define KEYBOX_H 1
+#ifdef __cplusplus
+extern "C" {
+#if 0
+ }
+#endif
+#endif
+
+#include "keybox-search-desc.h"
+
+#define KEYBOX_WITH_OPENPGP 1
+#define KEYBOX_WITH_X509 1
+
+
+#ifdef KEYBOX_WITH_OPENPGP
+# undef KEYBOX_WITH_OPENPGP
+/*#include <lib-to-handle-gpg-data-structs.h>*/
+#endif
+
+#ifdef KEYBOX_WITH_X509
+# include <ksba.h>
+#endif
+
+typedef struct keybox_handle *KEYBOX_HANDLE;
+
+
+typedef enum
+ {
+ KEYBOX_FLAG_BLOB, /* The blob flags. */
+ KEYBOX_FLAG_VALIDITY, /* The validity of the entire key. */
+ KEYBOX_FLAG_OWNERTRUST, /* The assigned ownertrust. */
+ KEYBOX_FLAG_KEY, /* The key flags; requires a key index. */
+ KEYBOX_FLAG_UID, /* The user ID flags; requires an uid index. */
+ KEYBOX_FLAG_UID_VALIDITY,/* The validity of a specific uid, requires
+ an uid index. */
+ KEYBOX_FLAG_CREATED_AT /* The date the block was created. */
+ } keybox_flag_t;
+
+/* Flag values used with KEYBOX_FLAG_BLOB. */
+#define KEYBOX_FLAG_BLOB_SECRET 1
+#define KEYBOX_FLAG_BLOB_EPHEMERAL 2
+
+
+
+/*-- keybox-init.c --*/
+void *keybox_register_file (const char *fname, int secret);
+int keybox_is_writable (void *token);
+
+KEYBOX_HANDLE keybox_new (void *token, int secret);
+void keybox_release (KEYBOX_HANDLE hd);
+const char *keybox_get_resource_name (KEYBOX_HANDLE hd);
+int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes);
+
+
+/*-- keybox-search.c --*/
+#ifdef KEYBOX_WITH_X509
+int keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *ret_cert);
+#endif /*KEYBOX_WITH_X509*/
+int keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value);
+
+int keybox_search_reset (KEYBOX_HANDLE hd);
+int keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc);
+
+
+/*-- keybox-update.c --*/
+#ifdef KEYBOX_WITH_X509
+int keybox_insert_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
+ unsigned char *sha1_digest);
+int keybox_update_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
+ unsigned char *sha1_digest);
+#endif /*KEYBOX_WITH_X509*/
+int keybox_set_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int value);
+
+int keybox_delete (KEYBOX_HANDLE hd);
+int keybox_compress (KEYBOX_HANDLE hd);
+
+
+/*-- --*/
+
+#if 0
+int keybox_lock (KEYBOX_HANDLE hd, int yes);
+int keybox_get_keyblock (KEYBOX_HANDLE hd, KBNODE *ret_kb);
+int keybox_locate_writable (KEYBOX_HANDLE hd);
+int keybox_search_reset (KEYBOX_HANDLE hd);
+int keybox_search (KEYBOX_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc);
+int keybox_rebuild_cache (void *);
+#endif
+
+
+/*-- keybox-util.c --*/
+void keybox_set_malloc_hooks ( void *(*new_alloc_func)(size_t n),
+ void *(*new_realloc_func)(void *p, size_t n),
+ void (*new_free_func)(void*) );
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif /*KEYBOX_H*/
diff --git a/kbx/mkerrors b/kbx/mkerrors
new file mode 100755
index 0000000..cd49d4d
--- /dev/null
+++ b/kbx/mkerrors
@@ -0,0 +1,70 @@
+#!/bin/sh
+# mkerrors - Extract error strings from assuan.h
+# and create C source for assuan_strerror
+# Copyright (C) 2001 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+cat <<EOF
+/* Generated automatically by mkerrors */
+/* Do not edit! */
+
+#include <stdio.h>
+#include "keybox-defs.h"
+
+/**
+ * keybox_strerror:
+ * @err: Error code
+ *
+ * This function returns a textual representaion of the given
+ * errorcode. If this is an unknown value, a string with the value
+ * is returned (Beware: it is hold in a static buffer).
+ *
+ * Return value: String with the error description.
+ **/
+const char *
+keybox_strerror (KeyboxError err)
+{
+ const char *s;
+ static char buf[25];
+
+ switch (err)
+ {
+EOF
+
+awk '
+/KEYBOX_No_Error/ { okay=1 }
+!okay {next}
+/}/ { exit 0 }
+/KEYBOX_[A-Za-z_]*/ { print_code($1) }
+
+
+function print_code( s )
+{
+printf " case %s: s=\"", s ;
+gsub(/_/, " ", s );
+printf "%s\"; break;\n", tolower(substr(s,8));
+}
+'
+
+cat <<EOF
+ default: sprintf (buf, "ec=%d", err ); s=buf; break;
+ }
+
+ return s;
+}
+
+EOF
diff --git a/keyserver/ChangeLog-2011 b/keyserver/ChangeLog-2011
new file mode 100644
index 0000000..b3f96a4
--- /dev/null
+++ b/keyserver/ChangeLog-2011
@@ -0,0 +1,1349 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2009-08-26 Werner Koch <wk@g10code.com>
+
+ * gpgkeys_hkp.c: Include util.h.
+ (send_key): Use strconcat to build KEY.
+ (appendable_path): New.
+ (get_name): Use strconcat to build REQUEST.
+ (search_key): Ditto.
+
+ * ksutil.c: Include util.h.
+ (parse_ks_options): Use make_filename_try for the ca-cert-file arg.
+
+2009-07-06 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (main, srv_replace): Minor tweaks to use the
+ DNS-SD names ("pgpkey-http" and "pgpkey-https") in SRV lookups
+ instead of "hkp" and "hkps".
+
+2009-06-24 Werner Koch <wk@g10code.com>
+
+ * gpgkeys_ldap.c (send_key): Do not deep free a NULL modlist.
+ Reported by Fabian Keil.
+
+2009-05-28 David Shaw <dshaw@jabberwocky.com>
+
+ From 1.4:
+
+ * curl-shim.c (curl_slist_append, curl_slist_free_all): New.
+ Simple wrappers around strlist_t to emulate the curl way of doing
+ string lists.
+ (curl_easy_setopt): Handle the curl HTTPHEADER option.
+
+ * gpgkeys_curl.c, gpgkeys_hkp.c (main): Avoid caches to get the
+ most recent copy of the key. This is bug #1061.
+
+2009-05-27 David Shaw <dshaw@jabberwocky.com>
+
+ From 1.4:
+
+ * gpgkeys_hkp.c (srv_replace): New function to transform a SRV
+ hostname to a real hostname.
+ (main): Call it from here for the HAVE_LIBCURL case (without
+ libcurl is handled via the curl-shim).
+
+ * curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform):
+ Add a CURLOPT_SRVTAG_GPG_HACK (passed through the the http
+ engine).
+
+2009-05-10 David Shaw <dshaw@jabberwocky.com>
+
+ From 1.4:
+
+ * gpgkeys_hkp.c (send_key, get_key, get_name, search_key, main):
+ Add support for SSLized HKP.
+
+ * curl-shim.h (curl_version): No need to provide a version for
+ curl-shim as it always matches the GnuPG version.
+
+ * gpgkeys_curl.c, gpgkeys_hkp.c (main): Show which version of curl
+ we're using as part of --version.
+
+ * gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_hkp.c,
+ gpgkeys_ldap.c (show_help): Document --version.
+
+2009-05-04 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_mailto.in: Set 'mail-from' as a keyserver-option, rather
+ than the ugly ?from= syntax.
+
+2009-01-22 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (gpg2keys_curl_LDADD, gpg2keys_hkp_LDADD): Add all
+ standard libs.
+
+2008-10-20 Werner Koch <wk@g10code.com>
+
+ * curl-shim.c (curl_global_init): Mark usused arg.
+ (curl_version_info): Ditto.
+
+2008-08-29 Werner Koch <wk@g10code.com>
+
+ * gpgkeys_kdns.c: Changed copyright notice to the FSF.
+
+2008-04-21 Werner Koch <wk@g10code.com>
+
+ * ksutil.c (w32_init_sockets) [HAVE_W32_SYSTEM]: New.
+ * curl-shim.c (curl_easy_init) [HAVE_W32_SYSTEM]: Call it.
+ * gpgkeys_finger.c: s/_WIN32/HAVE_W32_SYSTEM/.
+ (init_sockets): Remove.
+ (connect_server) [HAVE_W32_SYSTEM]: Call new function.
+
+2008-04-14 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_curl.c (main), gpgkeys_hkp.c (main): Make sure all
+ libcurl number options are passed as long.
+
+ * curl-shim.c (curl_easy_setopt): Minor tweak to match the real
+ curl better - libcurl uses 'long', not 'unsigned int'.
+
+2008-04-07 Werner Koch <wk@g10code.com>
+
+ * gpgkeys_kdns.c: New.
+ * Makefile.am: Support kdns.
+
+ * no-libgcrypt.c (gcry_strdup): Fix. It was not used.
+
+2008-03-25 Werner Koch <wk@g10code.com>
+
+ * gpgkeys_ldap.c (build_attrs): Take care of char defaulting to
+ unsigned when using hextobyte.
+
+2007-10-25 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ From 1.4 (July):
+
+ * gpgkeys_ldap.c (main): Fix bug in setting up whether to verify
+ peer SSL cert. This used to work with older OpenLDAP, but is now
+ more strictly handled.
+
+ * gpgkeys_ldap.c (search_key, main): Fix bug where searching for
+ foo bar (no quotes) on the command line resulted in searching for
+ "foo\2Abar" due to LDAP quoting. The proper search is "foo*bar".
+
+2007-06-11 Werner Koch <wk@g10code.com>
+
+ * gpgkeys_hkp.c (send_key): Rename eof to r_eof as some Windows
+ header defines such a symbol.
+ (main): Likewise.
+
+2007-06-06 Werner Koch <wk@g10code.com>
+
+ * gpgkeys_ldap.c (send_key, send_key_keyserver): Rename eof to
+ r_eof as some Windows file has such a symbol.
+ (main): Likewise.
+
+2007-05-07 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (gpg2keys_ldap_LDADD): Add GPG_ERROR_LIBS.
+
+2007-05-04 Werner Koch <wk@g10code.com>
+
+ * gpgkeys_test.in: Rename to ..
+ * gpg2keys_test.in: .. this.
+ * gpgkeys_mailto.in: Rename to ..
+ * gpg2keys_mailto.in: .. this
+ * Makefile.am: Likewise
+
+2007-03-13 David Shaw <dshaw@jabberwocky.com>
+
+ From STABLE-BRANCH-1-4
+
+ * gpgkeys_curl.c (main): Use curl_version_info to verify that the
+ protocol we're about to use is actually available.
+
+ * curl-shim.h, curl-shim.c (curl_free): Make into a macro.
+ (curl_version_info): New. Only advertises "http" for our shim, of
+ course.
+
+2007-03-09 David Shaw <dshaw@jabberwocky.com>
+
+ From STABLE-BRANCH-1-4
+
+ * gpgkeys_ldap.c (send_key): Missing a free().
+
+ * curl-shim.c (curl_easy_perform): Some debugging items that may
+ be handy.
+
+2006-12-03 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (search_key): HKP keyservers like the 0x to be
+ present when searching by keyID.
+
+2006-11-22 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (gpg2keys_ldap_LDADD): Add jnlib. This is needed
+ for some replacement functions.
+
+2006-11-21 Werner Koch <wk@g10code.com>
+
+ * curl-shim.c (curl_easy_perform): Made BUFLEN and MAXLNE a size_t.
+
+2006-11-05 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (curl_mrindex_writer): Revert previous change.
+ Key-not-found still has a HTML response.
+
+2006-10-24 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (gpg2keys_ldap_CPPFLAGS): Rename second instance to ...
+ (gpg2keys_finger_CPPFLAGS): ... this.
+
+2006-10-20 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Reporder macros for better readability.
+ (gpg2keys_finger_LDADD): Add GPG_ERROR_LIBS.
+
+2006-10-19 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (curl_mrindex_writer): Print a warning if we see
+ HTML coming back from a MR hkp query.
+
+2006-10-17 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Removed W32LIBS as they are included in NETLIBS.
+ Removed PTH_LIBS.
+
+2006-09-26 Werner Koch <wk@g10code.com>
+
+ * curl-shim.c: Adjusted for changes in http.c.
+ (curl_easy_perform): Changed LINE from unsigned char* to char*.
+
+ * Makefile.am (gpg2keys_curl_LDADD, gpg2keys_hkp_LDADD)
+ [FAKE_CURL]: Need to link against common_libs and pth.
+
+ * curl-shim.h, curl-shim.c: Removed license exception as not
+ needed here.
+
+2006-09-22 Werner Koch <wk@g10code.com>
+
+ * gpgkeys_curl.c, gpgkeys_hkp.c, gpgkeys_ldap.c, curl-shim.c:
+ * curl-shim.h, ksutil.c, ksutil.h: Add special license exception
+ for OpenSSL. This helps to avoid license conflicts if OpenLDAP or
+ cURL is linked against OpenSSL and we would thus indirectly link
+ to OpenSSL. This is considered a bug fix and forgives all
+ possible violations, pertaining to this issue, possibly occured in
+ the past.
+
+ * no-libgcrypt.c: Changed license to a simple all permissive one.
+
+ * Makefile.am (gpg2keys_ldap_LDADD): For license reasons do not
+ link against common_libs.
+ (gpg2keys_curl_LDADD, gpg2keys_hkp_LDADD): Ditto.
+ * ksutil.c (ks_hextobyte, ks_toupper, ks_strcasecmp): New.
+ Identical to the ascii_foo versions from jnlib.
+ * gpgkeys_ldap.c: Include assert.h.
+ (main): Replace BUG by assert.
+ (build_attrs): Use ks_hextobyte and ks_strcasecmp.
+
+ * gpgkeys_finger.c (get_key): Resolved signed/unisgned char
+ mismatch.
+
+2006-09-19 Werner Koch <wk@g10code.com>
+
+ * no-libgcrypt.c: New. Taken from ../tools.
+ * Makefile.am: Add no-libgcrypt to all sources.
+
+2006-09-06 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (AM_CFLAGS): Add $(GPG_ERROR_CFLAGS).
+
+2006-08-16 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Renamed all binaries to gpg2keys_*.
+ (gpg2keys_ldap_CPPFLAGS): Add AM_CPPFLAGS.
+
+2006-08-15 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Adjusted to the gnupg2 framework.
+
+2006-08-14 Werner Koch <wk@g10code.com>
+
+ * curl-shil.c, curl-shim.h: Changed to make use of the new http.c
+ API.
+
+ * curl-shim.c (curl_easy_perform): Add missing http_close to the
+ POST case.
+
+2006-07-24 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ * curl-shim.c (curl_easy_perform): Minor cleanup of proxy code.
+
+ * gpgkeys_hkp.c (send_key)
+ * gpgkeys_ldap.c (send_key, send_key_keyserver): Fix string
+ matching problem when the ascii armored form of the key happens to
+ match "KEY" at the beginning of the line.
+
+2006-04-26 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_http.c, gpgkeys_oldhkp.c: Removed.
+
+ * Makefile.am: Don't build gpgkeys_http or gpgkeys_(old)hkp any
+ longer as this is done via curl or fake-curl.
+
+ * ksutil.h, ksutil.c, gpgkeys_hkp.c, gpgkeys_curl.c: Minor
+ #include tweaks as FAKE_CURL is no longer meaningful.
+
+2006-04-10 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (ldap_quote, get_name, search_key): LDAP-quote
+ directly into place rather than mallocing temporary buffers.
+
+ * gpgkeys_ldap.c (get_name): Build strings with strcat rather than
+ using sprintf which is harder to read and modify.
+
+ * ksutil.h, ksutil.c (classify_ks_search): Add
+ KS_SEARCH_KEYID_SHORT and KS_SEARCH_KEYID_LONG to search for a key
+ ID.
+
+ * gpgkeys_ldap.c (search_key): Use it here to flip from pgpUserID
+ searches to pgpKeyID or pgpCertID.
+
+2006-03-27 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c: #define LDAP_DEPRECATED for newer OpenLDAPs so
+ they use the regular old API that is compatible with other LDAP
+ libraries.
+
+2006-03-03 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (main): Fix build problem with non-OpenLDAP LDAP
+ libraries that have TLS.
+
+2006-02-23 David Shaw <dshaw@jabberwocky.com>
+
+ * ksutil.c (init_ks_options): Default include-revoked and
+ include-subkeys to on, as gpg isn't doing this any longer.
+
+2006-02-22 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (get_name): A GETNAME query turns exact=on to cut
+ down on odd matches.
+
+2006-02-21 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (make_one_attr, build_attrs, send_key): Don't
+ allow duplicate attributes as OpenLDAP is now enforcing this.
+
+ * gpgkeys_ldap.c (main): Add binddn and bindpw so users can pass
+ credentials to a remote LDAP server.
+
+ * curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt,
+ curl_easy_perform): Mingw has 'stderr' as a macro?
+
+ * curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt,
+ curl_easy_perform): Add CURLOPT_VERBOSE and CURLOPT_STDERR for
+ easier debugging.
+
+2006-01-16 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (send_key): Do not escape the '=' in the HTTP POST
+ when uploading a key.
+
+2005-12-23 David Shaw <dshaw@jabberwocky.com>
+
+ * ksutil.h, ksutil.c (parse_ks_options): New keyserver command
+ "getname".
+
+ * gpgkeys_hkp.c (main, get_name), gpgkeys_ldap.c (main, get_name):
+ Use it here to do direct name (rather than key ID) fetches.
+
+2005-12-19 David Shaw <dshaw@jabberwocky.com>
+
+ * ksutil.h, ksutil.c (curl_armor_writer, curl_writer,
+ curl_writer_finalize): New functionality to handle binary format
+ keys by armoring them for input to GPG.
+
+ * gpgkeys_curl.c (get_key), gpgkeys_hkp.c (get_key): Call it here.
+
+2005-12-07 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_finger.c (get_key), gpgkeys_curl.c (get_key): Better
+ language for the key-not-found error.
+
+ * ksutil.c (curl_err_to_gpg_err): Add CURLE_OK and
+ CURLE_COULDNT_CONNECT.
+
+ * gpgkeys_curl.c (get_key): Give key-not-found error if no data is
+ found (or file itself is not found) during a fetch.
+
+2005-12-06 David Shaw <dshaw@jabberwocky.com>
+
+ * curl-shim.c (curl_easy_perform): Fix build warning (code before
+ declaration).
+
+2005-11-02 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (search_key): Fix warning with typecast (though
+ curl should really have defined that char * as const).
+
+2005-08-25 David Shaw <dshaw@jabberwocky.com>
+
+ * ksutil.h, ksutil.c (parse_ks_options): Remove exact-name and
+ exact-email.
+ (classify_ks_search): Mimic the gpg search modes instead with *,
+ =, <, and @.
+
+ * gpgkeys_ldap.c (search_key), gpgkeys_hkp.c (search_key): Call
+ them here. Suggested by Jason Harris.
+
+2005-08-18 David Shaw <dshaw@jabberwocky.com>
+
+ * ksutil.h, ksutil.c (parse_ks_options): New keyserver-option
+ exact-name. The last of exact-name and exact-email overrides the
+ earlier.
+
+ * gpgkeys_ldap.c (search_key), gpgkeys_hkp.c (search_key): Use it
+ here to do a name-only search.
+
+ * gpgkeys_ldap.c (ldap_quote): \-quote a string for LDAP.
+
+ * gpgkeys_ldap.c (search_key): Use it here to escape reserved
+ characters in searches.
+
+2005-08-17 David Shaw <dshaw@jabberwocky.com>
+
+ * ksutil.h, ksutil.c (parse_ks_options): New keyserver-option
+ exact-email.
+
+ * gpgkeys_ldap.c (search_key), gpgkeys_hkp.c (search_key): Use it
+ here to do an email-only search.
+
+2005-08-08 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: Include LDAP_CPPFLAGS when building LDAP.
+
+2005-08-03 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (main), gpgkeys_curl.c (main), curl-shim.h: Show
+ version of curl (or curl-shim) when debug is set.
+
+2005-07-20 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_curl.c (get_key, main): Don't try and be smart about
+ what protocols we handle. Directly pass them to curl or fake-curl
+ and see if an error comes back.
+
+ * curl-shim.h, curl-shim.c (handle_error), ksutil.c
+ (curl_err_to_gpg_err): Add support for CURLE_UNSUPPORTED_PROTOCOL
+ in fake curl.
+
+ * Makefile.am: Don't need -DFAKE_CURL any longer since it's in
+ config.h.
+
+2005-06-23 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_mailto.in, gpgkeys_test.in: Use @VERSION@ so version
+ string stays up to date.
+
+ * gpgkeys_http.c: Don't need to define HTTP_PROXY_ENV here since
+ it's in ksutil.h.
+
+ * gpgkeys_curl.c (get_key, main), gpgkeys_hkp.c (main): Pass AUTH
+ values to curl or curl-shim.
+
+ * curl-shim.c (curl_easy_perform), gpgkeys_curl.c (main),
+ gpgkeys_hkp.c (main): Use curl-style proxy semantics.
+
+ * curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform):
+ Add CURLOPT_USERPWD option for HTTP auth.
+
+ * gpgkeys_http.c (get_key), gpgkeys_oldhkp (send_key, get_key,
+ search_key): No longer need to pass a proxyauth.
+
+ * gpgkeys_http.c (get_key): Pass auth outside of the URL.
+
+2005-06-21 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_http.c (get_key), gpgkeys_oldhkp.c (send_key, get_key,
+ search_key): Fix http_open/http_open_document calls to pass NULL
+ for auth and proxyauth since these programs pass them in the URL.
+
+2005-06-20 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (append_path, send_key, get_key, search_key,
+ main), gpgkeys_oldhkp.c (main): Properly handle double slashes in
+ paths.
+
+2005-06-05 David Shaw <dshaw@jabberwocky.com>
+
+ * ksutil.c (init_ks_options, parse_ks_options): Provide a default
+ "/" path unless overridden by the config. Allow config to specify
+ items multiple times and take the last specified item.
+
+2005-06-04 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c, gpgkeys_oldhkp.c: Add support for HKP servers
+ that aren't at the root path. Suggested by Jack Bates.
+
+2005-06-01 David Shaw <dshaw@jabberwocky.com>
+
+ * ksutil.c [HAVE_DOSISH_SYSTEM]: Fix warnings on mingw32. Noted
+ by Joe Vender.
+
+2005-05-04 David Shaw <dshaw@jabberwocky.com>
+
+ * ksutil.h, ksutil.c: #ifdef so we can build without libcurl or
+ fake-curl.
+
+2005-05-03 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_http.c: Need GET defined.
+
+2005-05-01 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c, gpgkeys_oldhkp.c, ksutil.h: Some minor cleanup
+ and comments as to the size of MAX_LINE and MAX_URL.
+
+2005-04-16 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c: New hkp handler that uses curl or curl-shim.
+
+ * Makefile.am: Build new gpgkeys_hkp.
+
+ * curl-shim.c (curl_easy_perform): Cleanup.
+
+ * ksutil.h, ksutil.c (curl_writer), gpgkeys_curl.c (get_key): Pass
+ a context to curl_writer so we can support multiple fetches in a
+ single session.
+
+ * curl-shim.h, curl-shim.c (handle_error, curl_easy_setopt,
+ curl_easy_perform): Add POST functionality to the curl shim.
+
+ * curl-shim.h, curl-shim.c (curl_escape, curl_free): Emulate
+ curl_escape and curl_free.
+
+ * gpgkeys_curl.c (main): If the http-proxy option is given without
+ any arguments, try to get the proxy from the environment.
+
+ * ksutil.h, ksutil.c (curl_err_to_gpg_err, curl_writer): Copy from
+ gpgkeys_curl.c.
+
+ * gpgkeys_oldhkp.c: Copy from gpgkeys_hkp.c.
+
+2005-03-22 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c, ksutil.h, ksutil.c (print_nocr): Moved from
+ gpgkeys_ldap.c. Print a string, but strip out any CRs.
+
+ * gpgkeys_finger.c (get_key), gpgkeys_hkp.c (get_key),
+ gpgkeys_http.c (get_key): Use it here when outputting key material
+ to canonicalize line endings.
+
+2005-03-19 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (main): Fix three wrong calls to fail_all().
+ Noted by Stefan Bellon.
+
+2005-03-17 David Shaw <dshaw@jabberwocky.com>
+
+ * ksutil.c (parse_ks_options): Handle verbose=nnn.
+
+ * Makefile.am: Calculate GNUPG_LIBEXECDIR directly. Do not
+ redefine $libexecdir.
+
+ * gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_ldap.c: Start using
+ parse_ks_options and remove a lot of common code.
+
+ * ksutil.h, ksutil.c (parse_ks_options): Parse OPAQUE, and default
+ debug with no arguments to 1.
+
+2005-03-16 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c: Include lber.h if configure determines we need
+ it.
+
+ * ksutil.h, ksutil.c (ks_action_to_string): New.
+ (free_ks_options): Only free if options exist.
+
+ * ksutil.h, ksutil.c (init_ks_options, free_ks_options,
+ parse_ks_options): Pull a lot of duplicated code into a single
+ options parser for all keyserver helpers.
+
+2005-02-11 David Shaw <dshaw@jabberwocky.com>
+
+ * curl-shim.c (curl_easy_perform): Fix compile warning.
+
+ * curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add
+ ca-cert-file option, to pass in the SSL cert.
+
+ * curl-shim.h, curl-shim.c: New. This is code to fake the curl
+ API in terms of the current HTTP iobuf API.
+
+ * gpgkeys_curl.c [FAKE_CURL], Makefile.am: If FAKE_CURL is set,
+ link with the iobuf code rather than libcurl.
+
+2005-02-05 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_finger.c (main), gpgkeys_hkp.c (main): Fix --version
+ output.
+
+ * gpgkeys_curl.c (main): Make sure the curl handle is cleaned up
+ on failure.
+
+2005-02-01 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (get_key), gpgkeys_http.c (get_key): Fix missing
+ http_close() calls. Noted by Phil Pennock.
+
+ * ksutil.h: Up the default timeout to two minutes.
+
+2005-01-24 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (print_nocr): New.
+ (get_key): Call it here to canonicalize line endings.
+
+ * gpgkeys_curl.c (writer): Discard everything outside the BEGIN
+ and END lines when retrieving keys. Canonicalize line endings.
+ (main): Accept FTPS.
+
+2005-01-21 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (main): Add "check-cert" option to disable SSL
+ certificate checking (which is on by default).
+
+ * gpgkeys_curl.c (main): Add "debug" option to match the LDAP
+ helper. Add "check-cert" option to disable SSL certificate
+ checking (which is on by default).
+
+2005-01-18 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_curl.c: Fix typo.
+
+2005-01-18 Werner Koch <wk@g10code.com>
+
+ * gpgkeys_curl.c: s/MAX_PATH/URLMAX_PATH/g to avoid a clash with
+ the W32 defined macro. Removed unneeded initialization of static
+ variables.
+ * gpgkeys_http.c: Ditto.
+ * ksutil.h: s/MAX_PATH/URLMAX_PATH/.
+
+2005-01-17 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_curl.c (main): Only allow specified protocols to use the
+ curl handler.
+
+ * Makefile.am: Use LIBCURL_CPPFLAGS instead of LIBCURL_INCLUDES.
+
+2005-01-13 David Shaw <dshaw@jabberwocky.com>
+
+ * ksutil.h, gpgkeys_curl.c, gpgkeys_hkp.c, gpgkeys_ldap.c,
+ gpgkeys_finger.c, gpgkeys_http.c: Part 2 of the cleanup. Move all
+ the various defines to ksutil.h.
+
+ * gpgkeys_finger.c, gpgkeys_hkp.c, gpgkeys_http.c, gpgkeys_ldap.c:
+ Part 1 of a minor cleanup to use #defines instead of hard-coded
+ sizes.
+
+ * gpgkeys_finger.c (connect_server): Use INADDR_NONE instead of
+ SOCKET_ERROR. Noted by Timo.
+
+2005-01-09 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_curl.c (get_key): Newer versions of libcurl don't define
+ TRUE.
+
+2004-12-24 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_curl.c (main): Use new defines for opting out of certain
+ transfer protocols. Allow setting HTTP proxy via "http-proxy=foo"
+ option (there is natural support in libcurl for the http_proxy
+ environment variable).
+
+ * Makefile.am: Remove the conditional since this is all handled in
+ autoconf now.
+
+2004-12-22 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_curl.c (main): New "follow-redirects" option. Takes an
+ optional numeric value for the maximum number of redirects to
+ allow. Defaults to 5.
+
+ * gpgkeys_curl.c (main), gpgkeys_finger.c (main), gpgkeys_hkp.c
+ (main), gpgkeys_http.c (main), gpgkeys_ldap.c (main): Make sure
+ that a "timeout" option passed with no arguments is properly
+ handled.
+
+ * gpgkeys_curl.c (get_key, writer): New function to wrap around
+ fwrite to avoid DLL access problem on win32.
+
+ * gpgkeys_http.c (main, get_key): Properly pass authentication
+ info through to the http library.
+
+ * Makefile.am: Build gpgkeys_http or gpgkeys_curl as needed.
+
+ * gpgkeys_curl.c (main, get_key): Minor tweaks to work with either
+ FTP or HTTP.
+
+ * gpgkeys_ftp.c: renamed to gpgkeys_curl.c.
+
+ * gpgkeys_ftp.c (main, get_key): Use auth data as passed by gpg.
+ Use CURLOPT_FILE instead of CURLOPT_WRITEDATA (same option, but
+ backwards compatible).
+
+2004-12-21 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ftp.c: New.
+
+ * Makefile.am: Build it if requested.
+
+2004-12-14 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (install-exec-hook, uninstall-hook): Removed. For
+ Windows reasons we can't use the symlink trick.
+
+2004-12-03 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: The harmless "ignored error" on gpgkeys_ldap
+ install on top of an existing install is bound to confuse people.
+ Use ln -s -f to force the overwrite.
+
+2004-10-28 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_finger.c [_WIN32] (connect_server): Fix typo.
+
+2004-10-28 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (other_libs): New. Also include LIBICONV. Noted by
+ Tim Mooney.
+
+2004-10-28 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (other_libs):
+
+2004-10-18 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (send_key, get_key, search_key): Use "hkp" instead
+ of "x-hkp" so it can be used as a SRV tag.
+
+2004-10-16 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_finger.c [_WIN32] (connect_server): Fix typo.
+
+2004-10-15 Werner Koch <wk@g10code.com>
+
+ * gpgkeys_ldap.c (main, show_help): Kludge to implement standard
+ GNU options. Factored help printing out.
+ * gpgkeys_finger.c (main, show_help): Ditto.
+ * gpgkeys_hkp.c (main, show_help): Ditto.
+ * gpgkeys_http.c (main, show_help): Ditto.
+ * gpgkeys_test.in, gpgkeys_mailto.in: Implement --version and --help.
+
+ * Makefile.am: Add ksutil.h.
+
+2004-10-14 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_finger.c (main): We do not support relay fingering
+ (i.e. "finger://relayhost/user@example.com"), but finger URLs are
+ occasionally miswritten that way. Give an error in this case.
+
+2004-10-14 Werner Koch <wk@g10code.com>
+
+ * gpgkeys_finger.c (get_key): s/unsigned char/byte/ due
+ to a strange typedef for RISC OS. Noted by Stefan.
+
+2004-10-13 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (main), gpgkeys_hkp.c (main), gpgkeys_http.c
+ (main), gpgkeys_finger.c (main): Call timeout functions before
+ performing an action that could block for a long time.
+
+ * ksutil.h, ksutil.c: New. Right now just contains timeout
+ functions.
+
+2004-10-11 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_finger.c, gpgkeys_hkp.c, gpgkeys_http.c, gpgkeys_ldap.c:
+ Fix a few occurances of "filename" to `filename'.
+
+2004-10-11 Werner Koch <wk@g10code.com>
+
+ * gpgkeys_finger.c: New.
+
+2004-08-27 Stefan Bellon <sbellon@sbellon.de>
+
+ * gpgkeys_hkp.c (search_key): Fix the prior faulty fix by
+ introducing a cast but leaving skey unsigned.
+
+ * gpgkeys_hkp.c (search_key): Change type of variable skey from
+ unsigned char* to char* to fix type incompatibility.
+
+2004-08-23 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (get_key, search_key), gpgkeys_hkp.c (get_key,
+ search_key), gpgkeys_http.c (get_key): Do not give informational
+ logs since this is now done inside gpg.
+
+ * gpgkeys_hkp.c (dehtmlize): Understand the quote character
+ (i.e. "&quot;") in HTML responses.
+ (search_key): Search key must be unsigned for url encoder to work
+ properly for 8-bit values.
+
+ * gpgkeys_ldap.c (get_key): Factor out informational display into
+ new function build_info().
+
+ * gpgkeys_ldap.c (build_attrs): Properly terminate user ID strings
+ that got shrunk due to encoding.
+
+2004-08-22 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (find_basekeyspacedn): Use LDAP_SCOPE_BASE along
+ with a full DN rather than LDAP_SCOPE_ONELEVEL plus a filter to
+ find the pgpServerInfo object. Some LDAP setups don't like the
+ search.
+ (main): Stop binding to the server since it seems no server really
+ requires it, and some require it not be there.
+
+2004-07-29 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (main): Add "debug" option. This is only really
+ useful with OpenLDAP, but it's practically vital to debug SSL and
+ TLS setups. Add "basedn" option. This allows users to override
+ the autodetection for base DN. SSL overrides TLS, so TLS will not
+ be started on SSL connections (starting an already started car).
+
+2004-07-28 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (build_attrs): Add "pgpKeySize" and "pgpSubKeyID"
+ attributes so we can do subkey searches.
+
+ * gpgkeys_ldap.c (main): Under certain error conditions, we might
+ try and unbind twice. Don't.
+
+ * gpgkeys_ldap.c (join_two_modlists): New.
+ (send_key): Use new function so we can try a modify operation
+ first, and fail over to an add if that fails. Add cannot cope
+ with the NULLs at the head of the modify request, so we jump into
+ the list in the middle.
+
+2004-07-27 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (main): Don't try and error out before making a
+ ldaps connection to the NAI keyserver since we cannot tell if it
+ is a NAI keyserver until we connect. Fail if we cannot find a
+ base keyspace DN. Fix a false success message for TLS being
+ enabled.
+
+2004-07-20 Werner Koch <wk@gnupg.org>
+
+ * gpgkeys_ldap.c [_WIN32]: Include Windows specific header files.
+ Suggested by Brian Gladman.
+
+2004-05-26 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_http.c: General polish and removal of leftover stuff
+ from gpgkeys_hkp.c.
+
+2004-05-21 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_http.c (get_key): Cosmetic fix - make sure that URLs
+ with no path use a path of "/".
+
+ * gpgkeys_ldap.c (ldap2epochtime): We can always rely on timegm()
+ being available now, since it's a replacement function.
+
+2004-05-20 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_http.c: New program to do a simple HTTP file fetch using
+ the keyserver interface.
+
+ * Makefile.am: Build it.
+
+2004-02-28 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: Don't split LDADD across two lines since some make
+ programs can't handle blank lines after a \ continuation. Noted
+ by Christoph Moench-Tegeder.
+
+2004-02-25 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (send_key): List pgpCertID as one of the deleted
+ attributes. This guarantees that if something goes wrong, we
+ won't be able to complete the transaction, thus leaving any key
+ already existing on the server intact.
+
+2004-02-23 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (delete_one_attr): Removed.
+ (make_one_attr): Delete functionality added. Optional deduping
+ functionality added (currently only used for pgpSignerID).
+ (build_attrs): Translate sig entries into pgpSignerID. Properly
+ build the timestamp for pgpKeyCreateTime and pgpKeyExpireTime.
+
+2004-02-22 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (delete_one_attr): New function to replace
+ attributes with NULL (a "delete" that works even for nonexistant
+ attributes).
+ (send_key): Use it here to remove attributes so a modify operation
+ starts with a clean playing field. Bias sends to modify before
+ add, since (I suspect) people update their existing keys more
+ often than they make and send new keys to the server.
+
+2004-02-21 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (epoch2ldaptime): New. Converse of
+ ldap2epochtime.
+ (make_one_attr): New. Build a modification list in memory to send
+ to the LDAP server.
+ (build_attrs): New. Parse INFO lines sent over by gpg.
+ (free_mod_values): New. Unwinds a modification list.
+ (send_key_keyserver): Renamed from old send_key().
+ (send_key): New function to send a key to a LDAP server.
+ (main): Use send_key() for real LDAP servers, send_key_keyserver()
+ otherwise.
+
+2004-02-20 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c: Replacement prototypes for setenv and unsetenv.
+ (search_key): Catch a SIZELIMIT_EXCEEDED error and show the user
+ whatever the server did give us.
+ (find_basekeyspacedn): There is no guarantee that namingContexts
+ will be readable.
+
+ * Makefile.am: Link gpgkeys_ldap with libutil.a to get the
+ replacement functions (and eventually translations, etc).
+
+2004-02-19 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (ldap2epochtime): LDAP timestamps are UTC, so do
+ not correct for timezones.
+ (main): Find the basekeyspacedn before we try to start TLS, so we
+ can give a better error message when a user tries to use TLS with
+ a LDAP keyserver.
+
+ * Makefile.am: Add automake conditionals to symlink gpgkeys_ldaps
+ to gpgkeys_ldap when needed.
+
+ * gpgkeys_ldap.c (main): Add support for LDAPS and TLS
+ connections. These are only useful and usable when talking to
+ real LDAP keyservers. Add new "tls" option to tune TLS use from
+ off, to try quietly, to try loudly, or to require TLS.
+
+ * gpgkeys_ldap.c (find_basekeyspacedn): New function to figure out
+ what kind of LDAP server we're talking to (either real LDAP or the
+ LDAP keyserver), and return the baseKeySpaceDN to find keys under.
+ (main): Call it from here, and remove the old code that only
+ handled the LDAP keyserver.
+
+2004-02-18 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (ldap_to_gpg_err): Make sure that
+ LDAP_OPT_ERROR_NUMBER is defined before we use it.
+
+ * gpgkeys_mailto.in: Fix VERSION number.
+
+2004-01-13 Werner Koch <wk@gnupg.org>
+
+ * gpgkeys_hkp.c (send_key): Add a content type.
+
+2004-01-11 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (search_key): Catch a mangled input file (useful
+ if something other than GnuPG is calling the program).
+ (main): Avoid possible pre-string write. Noted by Christian
+ Biere.
+
+ * gpgkeys_ldap.c (main): Avoid possible pre-string write.
+
+2003-12-28 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (send_key, get_key, main): Work with new HTTP code
+ that passes the proxy in from the outside. If the command file
+ sends a proxy, use it. If it sends "http-proxy" with no
+ arguments, use $http_proxy from the environment. Suggested by
+ Christian Biere.
+
+2003-12-28 Stefan Bellon <sbellon@sbellon.de>
+
+ * gpgkeys_hkp.c, gpgkeys_ldap.c [__riscos__]: Removal of
+ unnecessary #ifdef __riscos__ sections.
+
+2003-11-27 Werner Koch <wk@gnupg.org>
+
+ * gpgkeys_hkp.c (get_key): Fixed invalid use of fprintf without
+ format string.
+
+2003-10-25 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (gpgkeys_hkp_LDADD): Replaced INTLLIBS by LIBINTL.
+
+2003-07-10 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: Use W32LIBS where appropriate.
+
+2003-05-30 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c, gpgkeys_ldap.c: #include <getopt.h> if it is
+ available. Also include extern references for optarg and optind
+ since there is no guarantee that any header file will include
+ them. Standards? We don't need no stinkin' standards.
+
+ * Makefile.am: Use @GETOPT@ to pull in libiberty on those
+ platforms that need it.
+
+2003-04-08 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (dehtmlize, parse_hkp_index): Fix memory
+ corruption bug on some platforms.
+
+2003-03-11 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (get_key): Properly handle CRLF line endings in
+ the armored key.
+ (main): Accept "try-dns-srv" option.
+
+ * Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using
+ capabilities. Use @SRVLIBS@ to link in the resolver if we are
+ using DNS SRV.
+
+2003-02-11 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: Use a local copy of libexecdir along with @PACKAGE@
+ so it can be easily overridden at make time.
+
+2003-01-29 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_mailto.in: Fix regexp to work properly if the "keyid" is
+ not a keyid, but rather a text string from the user ID.
+
+2003-01-06 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (get_key): Use options=mr when getting a key so
+ keyserver doesn't attach the HTML header which we will just have
+ to discard.
+
+2002-11-17 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (main), gpgkeys_hkp.c (main): Use new keyserver
+ protocol version.
+
+2002-11-14 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (get_key): The deduping code requires
+ "pgpcertid", but that was not available when running without
+ verbose on. Noted by Stefan.
+
+2002-11-10 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (get_key): Fix typo in deduping code.
+
+2002-11-05 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (key_in_keylist, add_key_to_keylist,
+ free_keylist, get_key, search_key): The LDAP keyserver doesn't
+ remove duplicates, so remove them locally. Do not include the key
+ modification time in the search response.
+
+2002-11-04 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (send_key), gpgkeys_ldap.c (send_key): Properly
+ handle an input file that does not include any key data at all.
+
+2002-10-24 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (main), gpgkeys_ldap.c (main): Add -V flag to
+ output protocol and program version.
+
+2002-10-21 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: Anything linking with libutil.a needs INTLLIBS as
+ well on platforms where INTLLIBS is set.
+
+2002-10-14 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (write_quoted): Use %-encoding instead of
+ \-encoding.
+ (parse_hkp_index): Use new keyserver key listing format, and add
+ support for disabled keys via include-disabled.
+
+ * gpgkeys_ldap.c (get_key): Don't print keysize unless it's >0.
+ (printquoted): Use %-encoding instead of \-encoding.
+ (search_key): Use new keyserver key listing format.
+
+2002-10-08 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (search_key, main): Make sure LDAP values are
+ freed in case of error.
+
+ * gpgkeys_ldap.c (fail_all): New function to unwind a keylist and
+ error each item.
+ (main): Call fail_all from here, as needed. Also add a NO_MEMORY
+ error in an appropriate place and fix error return code.
+ (ldap_err_to_gpg_err): Add KEYSERVER_UNREACHABLE.
+
+ * gpgkeys_hkp.c (fail_all): New function to unwind a keylist and
+ error each item.
+ (main): Call fail_all from here. Also add a NO_MEMORY error in an
+ appropriate place.
+ (get_key): Use new UNREACHABLE error for network errors.
+
+2002-09-26 Werner Koch <wk@gnupg.org>
+
+ * gpgkeys_ldap.c (send_key): Removed non-constant initializers.
+
+2002-09-24 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (ldap_err_to_gpg_err, ldap_to_gpg_err, send_key,
+ get_key, search_key, main): Some minor error reporting
+ enhancements for use with GPA (show reasons for KEY FAILED).
+
+ * gpgkeys_hkp.c (send_key, get_key, search_key, main): Some minor
+ error reporting enhancements for use with GPA (show reasons for
+ KEY FAILED).
+
+2002-09-20 Werner Koch <wk@gnupg.org>
+
+ * gpgkeys_hkp.c (handle_old_hkp_index): s/input/inp/ to avoid
+ shadowing warning.
+
+2002-09-19 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (get_key, handle_old_hkp_index, search_key):
+ Properly handle line truncation.
+
+2002-09-16 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_mailto.in: Add quasi-RFC-2368 mailto:email@addr?from=
+ syntax so people can set their own email address to respond to.
+
+ * gpgkeys_hkp.c (get_key): Properly respond with KEY FAILED (to
+ gpg) and "key not found" (to user) on failure.
+
+2002-09-13 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c: (search_key, handle_old_hkp_index): Try and
+ request a machine-readable key index. If the server supports
+ this, pass it through. If the server does not support it, parse
+ the "index" page.
+
+2002-09-12 Stefan Bellon <sbellon@sbellon.de>
+
+ * gpgkeys_hkp.c: Tidied up RISC OS initializations.
+
+2002-09-12 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (main): Remove warning - this is no longer
+ experimental code.
+
+2002-09-09 Werner Koch <wk@gnupg.org>
+
+ * gpgkeys_hkp.c (send_key, get_key, search_key): Check return
+ value of malloc.
+ (dehtmlize): Use ascii_tolower to protect against weird locales.
+ Cast the argument for isspace for the sake of broken HP/UXes.
+ (search_key): Check return value of realloc.
+
+2002-09-09 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (get_key): Some compilers (RISC OS, HPUX c89)
+ don't like using variables as array initializers.
+
+ * gpgkeys_hkp.c (send_key): Use CRLF in headers.
+
+2002-08-28 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (parse_hkp_index): Use same types on all
+ platforms. This was probably leftover from earlier code where the
+ typing mattered.
+
+ * gpgkeys_hkp.c: Overall cleanup from iobuf conversion. Be
+ consistent in m_alloc and malloc usage. Remove include-disabled
+ (meaningless on HKP). RISC OS tweak.
+
+2002-08-27 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c, Makefile.am: Convert over to using iobufs.
+
+ * gpgkeys_hkp.c (http_get, http_post): Use CRLF for line endings.
+
+ * gpgkeys_hkp.c: Include util.h on RISC OS as per Stefan. Include
+ a replacement for hstrerror() for those platforms (such as RISC
+ OS) that don't have it.
+
+2002-08-26 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: May as well include gpgkeys_hkp.c in the
+ distribution now. It works well enough without proxies, and isn't
+ built by default. It would be good to get some test experience
+ with it.
+
+ * gpgkeys_hkp.c (main): Don't warn about include-subkeys - it
+ isn't unsupported, it's actually non-meaningful in the context of
+ HKP (yet).
+
+ * gpgkeys_hkp.c (parse_hkp_index, dehtmlize): Move HTML
+ functionality into new "dehtmlize" function. Remove HTML before
+ trying to parse each line from the keyserver. If the keyserver
+ provides key type information in the listing, use it. (Copy over
+ from g10/hkp.c).
+
+2002-08-19 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (get_key, parse_hkp_index): Bring over latest code
+ from g10/hkp.c.
+
+ * gpgkeys_ldap.c (get_key): Fix cosmetic URL display problem
+ (extra ":" at the end).
+
+2002-08-03 Stefan Bellon <sbellon@sbellon.de>
+
+ * gpgkeys_ldap.c: Tidied up RISC OS initializations.
+
+2002-07-25 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c: "Warning" -> "WARNING"
+
+2002-07-24 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: Install keyserver helpers in @GNUPG_LIBEXECDIR@
+
+2002-07-15 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (send_key, get_key, main): Consult the server
+ version string to determine whether to use pgpKey or pgpKeyV2.
+
+2002-07-09 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_mailto.in: Use new OPAQUE tag for non net-path URIs.
+ Fail more elegantly if there is no email address to send to. Show
+ the GnuPG version in the message body.
+
+2002-07-04 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (get_key), gpgkeys_hkp.c (get_key): Display
+ keyserver URI as a URI, but only if verbose.
+
+2002-07-01 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (parse_hkp_index): Error if the keyserver returns
+ an unparseable HKP response.
+
+ * gpgkeys_hkp.c (main): Warn on honor-http-proxy,
+ broken-http-proxy, and include-subkeys (not supported yet).
+
+ * gpgkeys_ldap.c (main), gpgkeys_hkp.c (http_connect, main): Fix
+ some shadowing warnings.
+
+2002-06-11 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: Don't hard-code the LDAP libraries - get them from
+ LDAPLIBS via configure. Also, gpgkeys_hkp is a program, not a
+ script.
+
+2002-06-10 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (include_subkeys): Default "include-subkeys" to
+ off, since GnuPG now defaults it to on.
+
+2002-06-06 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_hkp.c (parse_hkp_index): Type tweaks.
+
+ * gpgkeys_hkp.c (main): Add experimental code warning.
+
+2002-06-05 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am, gpgkeys_hkp.c (new): Experimental HKP keyserver
+ interface.
+
+2002-05-08 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c: Include <lber.h> if we absolutely must. This
+ helps when compiling against a very old OpenLDAP.
+
+2002-04-29 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_mailto.in: Properly handle key requests in full
+ fingerprint form.
+
+2002-03-29 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (printquoted): Quote backslashes within keyserver
+ search responses.
+
+2002-02-25 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap (get_key): LDAP keyservers do not support v3
+ fingerprints, so error out if someone tries. Actually, they don't
+ support any fingerprints, but at least we can calculate a keyid
+ from a v4 fingerprint.
+
+2002-02-23 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap: Clarify the notion of a partial failure. This is
+ possible if more than one key is being handled in a batch, and one
+ fails while the other succeeds. Note that a search that comes up
+ with no results is not a failure - that is a valid response of "no
+ answer".
+
+ * gpgkeys_ldap.c (get_key): Allow GnuPG to send us full v4
+ fingerprints, long key ids, or short key ids while fetching.
+ Since the LDAP server doesn't actually handle fingerprints, chop
+ them down to long key ids for actual use.
+
+ * gpgkeys_ldap.c (main, get_key): When searching for a keyid,
+ search for subkeys as well as primary keys. This is mostly
+ significant when automatically fetching the key based on the id in
+ a header (i.e. "signature made by...."). "no-include-subkeys"
+ disables.
+
+2002-02-14 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c: Fix compiler warning.
+
+ * gpgkeys_ldap.c: Be much more robust with mangled input files.
+
+2001-12-28 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_mailto.in: Use the new OUTOFBAND indicator so gpg knows
+ not to try and import anything. Also turn on perl -w for
+ warnings.
+
+ * gpgkeys_ldap.c (main): If we're using temp files (rather than
+ stdin/stdout), make sure the file is closed when we're done.
+
+2001-12-20 David Shaw <dshaw@jabberwocky.com>
+
+ * Properly free the LDAP response when we're done with it.
+
+ * Now that we handle multiple keys, we must remove duplicates as
+ the LDAP keyserver returns keys with multiple user IDs multiple
+ times.
+
+ * Properly handle multiple keys with the same key ID (it's really
+ rare, so fetch "0xDEADBEEF" to test this).
+
+2001-12-17 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c, gpgkeys_mailto.in: Fix GNU capitalization
+ issues. Prefix log messages with "gpgkeys" to clarify which
+ program is generating them.
+
+2001-12-14 David Shaw <dshaw@jabberwocky.com>
+
+ * gpgkeys_ldap.c (search_key): Use unsigned int rather than uint
+ for portability.
+
+2001-12-04 David Shaw <dshaw@jabberwocky.com>
+
+ * Initial version of gpgkeys_ldap (LDAP keyserver helper) and
+ gpgkeys_mailto (email keyserver helper)
+
+
+ Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
+ 2007 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/keyserver/Makefile.am b/keyserver/Makefile.am
new file mode 100644
index 0000000..e625127
--- /dev/null
+++ b/keyserver/Makefile.am
@@ -0,0 +1,86 @@
+# Makefile.am - Makefile for keyservers
+# Copyright (C) 2001, 2002, 2004, 2005, 2006,
+# 2009 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+## Process this file with automake to produce Makefile.in
+
+# Note that we have renamed the resulting binaries to from gpgkeys_foo
+# to gpg2keys_foo to allow for a non-conflicting installation of
+# gnupg1 and gnupg2. Having the same names for the helpers would
+# otherwise lead to trouble when to uninstall one of them.
+EXTRA_PROGRAMS = gpg2keys_ldap gpg2keys_hkp gpg2keys_finger gpg2keys_curl \
+ gpg2keys_kdns
+EXTRA_SCRIPTS = gpg2keys_mailto
+
+EXTRA_DIST = ChangeLog-2011
+
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl
+
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+
+include $(top_srcdir)/am/cmacros.am
+
+libexec_PROGRAMS = $(GPGKEYS_LDAP) $(GPGKEYS_HKP) $(GPGKEYS_FINGER) \
+ $(GPGKEYS_CURL) $(GPGKEYS_KDNS)
+libexec_SCRIPTS = $(GPGKEYS_MAILTO)
+noinst_SCRIPTS = gpg2keys_test
+
+common_libs = ../gl/libgnu.a ../common/libcommon.a ../jnlib/libjnlib.a
+other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS)
+
+gpg2keys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h no-libgcrypt.c
+gpg2keys_ldap_CPPFLAGS = $(LDAP_CPPFLAGS) $(AM_CPPFLAGS)
+gpg2keys_ldap_LDADD = ../jnlib/libjnlib.a $(LDAPLIBS) $(GPG_ERROR_LIBS) \
+ $(NETLIBS) $(other_libs)
+
+gpg2keys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h no-libgcrypt.c
+gpg2keys_finger_CPPFLAGS = $(AM_CPPFLAGS)
+gpg2keys_finger_LDADD = $(common_libs) $(GPG_ERROR_LIBS) \
+ $(NETLIBS) $(other_libs)
+
+gpg2keys_kdns_SOURCES = gpgkeys_kdns.c ksutil.c ksutil.h no-libgcrypt.c
+gpg2keys_kdns_CPPFLAGS = $(AM_CPPFLAGS)
+gpg2keys_kdns_LDADD = $(common_libs) $(GPG_ERROR_LIBS) \
+ $(ADNSLIBS) $(NETLIBS) $(other_libs)
+
+
+gpg2keys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h no-libgcrypt.c
+gpg2keys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h no-libgcrypt.c
+if FAKE_CURL
+gpg2keys_curl_SOURCES += curl-shim.c curl-shim.h
+gpg2keys_curl_CPPFLAGS = $(AM_CPPFLAGS)
+gpg2keys_curl_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \
+ $(other_libs)
+gpg2keys_hkp_SOURCES += curl-shim.c curl-shim.h
+gpg2keys_hkp_CPPFLAGS = $(AM_CPPFLAGS)
+gpg2keys_hkp_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \
+ $(other_libs)
+else
+# Note that we need to include all other libs here as well because
+# some compilers don't care about inline functions and insert
+# references to symbols used in unused inline functions.
+gpg2keys_curl_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS)
+gpg2keys_curl_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \
+ $(other_libs) $(LIBCURL) $(GETOPT)
+gpg2keys_hkp_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS)
+gpg2keys_hkp_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \
+ $(other_libs) $(LIBCURL) $(GETOPT)
+endif
+
+# Make sure that all libs are build before we use them. This is
+# important for things like make -j2.
+$(PROGRAMS): $(common_libs)
diff --git a/keyserver/Makefile.in b/keyserver/Makefile.in
new file mode 100644
index 0000000..f1789df
--- /dev/null
+++ b/keyserver/Makefile.in
@@ -0,0 +1,1076 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Makefile.am - Makefile for keyservers
+# Copyright (C) 2001, 2002, 2004, 2005, 2006,
+# 2009 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+# cmacros.am - C macro definitions
+# Copyright (C) 2004 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+EXTRA_PROGRAMS = gpg2keys_ldap$(EXEEXT) gpg2keys_hkp$(EXEEXT) \
+ gpg2keys_finger$(EXEEXT) gpg2keys_curl$(EXEEXT) \
+ gpg2keys_kdns$(EXEEXT)
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(srcdir)/gpg2keys_mailto.in $(srcdir)/gpg2keys_test.in \
+ $(top_srcdir)/am/cmacros.am
+@HAVE_DOSISH_SYSTEM_FALSE@am__append_1 = -DGNUPG_BINDIR="\"$(bindir)\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBEXECDIR="\"$(libexecdir)\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_DATADIR="\"$(datadir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\""
+
+
+# If a specific protect tool program has been defined, pass its name
+# to cc. Note that these macros should not be used directly but via
+# the gnupg_module_name function.
+@GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
+@GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
+@GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@FAKE_CURL_TRUE@am__append_7 = curl-shim.c curl-shim.h
+@FAKE_CURL_TRUE@am__append_8 = curl-shim.c curl-shim.h
+subdir = keyserver
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = gpg2keys_mailto gpg2keys_test
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(libexecdir)"
+PROGRAMS = $(libexec_PROGRAMS)
+am__gpg2keys_curl_SOURCES_DIST = gpgkeys_curl.c ksutil.c ksutil.h \
+ no-libgcrypt.c curl-shim.c curl-shim.h
+@FAKE_CURL_TRUE@am__objects_1 = gpg2keys_curl-curl-shim.$(OBJEXT)
+am_gpg2keys_curl_OBJECTS = gpg2keys_curl-gpgkeys_curl.$(OBJEXT) \
+ gpg2keys_curl-ksutil.$(OBJEXT) \
+ gpg2keys_curl-no-libgcrypt.$(OBJEXT) $(am__objects_1)
+gpg2keys_curl_OBJECTS = $(am_gpg2keys_curl_OBJECTS)
+am__DEPENDENCIES_1 =
+am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+@FAKE_CURL_FALSE@gpg2keys_curl_DEPENDENCIES = $(common_libs) \
+@FAKE_CURL_FALSE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+@FAKE_CURL_FALSE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
+@FAKE_CURL_FALSE@ $(am__DEPENDENCIES_1)
+@FAKE_CURL_TRUE@gpg2keys_curl_DEPENDENCIES = $(common_libs) \
+@FAKE_CURL_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+@FAKE_CURL_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
+am_gpg2keys_finger_OBJECTS = gpg2keys_finger-gpgkeys_finger.$(OBJEXT) \
+ gpg2keys_finger-ksutil.$(OBJEXT) \
+ gpg2keys_finger-no-libgcrypt.$(OBJEXT)
+gpg2keys_finger_OBJECTS = $(am_gpg2keys_finger_OBJECTS)
+gpg2keys_finger_DEPENDENCIES = $(common_libs) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
+am__gpg2keys_hkp_SOURCES_DIST = gpgkeys_hkp.c ksutil.c ksutil.h \
+ no-libgcrypt.c curl-shim.c curl-shim.h
+@FAKE_CURL_TRUE@am__objects_2 = gpg2keys_hkp-curl-shim.$(OBJEXT)
+am_gpg2keys_hkp_OBJECTS = gpg2keys_hkp-gpgkeys_hkp.$(OBJEXT) \
+ gpg2keys_hkp-ksutil.$(OBJEXT) \
+ gpg2keys_hkp-no-libgcrypt.$(OBJEXT) $(am__objects_2)
+gpg2keys_hkp_OBJECTS = $(am_gpg2keys_hkp_OBJECTS)
+@FAKE_CURL_FALSE@gpg2keys_hkp_DEPENDENCIES = $(common_libs) \
+@FAKE_CURL_FALSE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+@FAKE_CURL_FALSE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
+@FAKE_CURL_FALSE@ $(am__DEPENDENCIES_1)
+@FAKE_CURL_TRUE@gpg2keys_hkp_DEPENDENCIES = $(common_libs) \
+@FAKE_CURL_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+@FAKE_CURL_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2)
+am_gpg2keys_kdns_OBJECTS = gpg2keys_kdns-gpgkeys_kdns.$(OBJEXT) \
+ gpg2keys_kdns-ksutil.$(OBJEXT) \
+ gpg2keys_kdns-no-libgcrypt.$(OBJEXT)
+gpg2keys_kdns_OBJECTS = $(am_gpg2keys_kdns_OBJECTS)
+gpg2keys_kdns_DEPENDENCIES = $(common_libs) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_2)
+am_gpg2keys_ldap_OBJECTS = gpg2keys_ldap-gpgkeys_ldap.$(OBJEXT) \
+ gpg2keys_ldap-ksutil.$(OBJEXT) \
+ gpg2keys_ldap-no-libgcrypt.$(OBJEXT)
+gpg2keys_ldap_OBJECTS = $(am_gpg2keys_ldap_OBJECTS)
+gpg2keys_ldap_DEPENDENCIES = ../jnlib/libjnlib.a $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_2)
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+SCRIPTS = $(libexec_SCRIPTS) $(noinst_SCRIPTS)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/scripts/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(gpg2keys_curl_SOURCES) $(gpg2keys_finger_SOURCES) \
+ $(gpg2keys_hkp_SOURCES) $(gpg2keys_kdns_SOURCES) \
+ $(gpg2keys_ldap_SOURCES)
+DIST_SOURCES = $(am__gpg2keys_curl_SOURCES_DIST) \
+ $(gpg2keys_finger_SOURCES) $(am__gpg2keys_hkp_SOURCES_DIST) \
+ $(gpg2keys_kdns_SOURCES) $(gpg2keys_ldap_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = $(datadir)/locale
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+EXTRA_SCRIPTS = gpg2keys_mailto
+EXTRA_DIST = ChangeLog-2011
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common \
+ -I$(top_srcdir)/intl -DLOCALEDIR=\"$(localedir)\" \
+ $(am__append_1) $(am__append_2) $(am__append_3) \
+ $(am__append_4) $(am__append_5) $(am__append_6)
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+
+# Convenience macros
+libcommon = ../common/libcommon.a
+libcommonpth = ../common/libcommonpth.a
+libexec_PROGRAMS = $(GPGKEYS_LDAP) $(GPGKEYS_HKP) $(GPGKEYS_FINGER) \
+ $(GPGKEYS_CURL) $(GPGKEYS_KDNS)
+
+libexec_SCRIPTS = $(GPGKEYS_MAILTO)
+noinst_SCRIPTS = gpg2keys_test
+common_libs = ../gl/libgnu.a ../common/libcommon.a ../jnlib/libjnlib.a
+other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS)
+gpg2keys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h no-libgcrypt.c
+gpg2keys_ldap_CPPFLAGS = $(LDAP_CPPFLAGS) $(AM_CPPFLAGS)
+gpg2keys_ldap_LDADD = ../jnlib/libjnlib.a $(LDAPLIBS) $(GPG_ERROR_LIBS) \
+ $(NETLIBS) $(other_libs)
+
+gpg2keys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h no-libgcrypt.c
+gpg2keys_finger_CPPFLAGS = $(AM_CPPFLAGS)
+gpg2keys_finger_LDADD = $(common_libs) $(GPG_ERROR_LIBS) \
+ $(NETLIBS) $(other_libs)
+
+gpg2keys_kdns_SOURCES = gpgkeys_kdns.c ksutil.c ksutil.h no-libgcrypt.c
+gpg2keys_kdns_CPPFLAGS = $(AM_CPPFLAGS)
+gpg2keys_kdns_LDADD = $(common_libs) $(GPG_ERROR_LIBS) \
+ $(ADNSLIBS) $(NETLIBS) $(other_libs)
+
+gpg2keys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h \
+ no-libgcrypt.c $(am__append_7)
+gpg2keys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h no-libgcrypt.c \
+ $(am__append_8)
+# Note that we need to include all other libs here as well because
+# some compilers don't care about inline functions and insert
+# references to symbols used in unused inline functions.
+@FAKE_CURL_FALSE@gpg2keys_curl_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS)
+@FAKE_CURL_TRUE@gpg2keys_curl_CPPFLAGS = $(AM_CPPFLAGS)
+@FAKE_CURL_FALSE@gpg2keys_curl_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \
+@FAKE_CURL_FALSE@ $(other_libs) $(LIBCURL) $(GETOPT)
+
+@FAKE_CURL_TRUE@gpg2keys_curl_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \
+@FAKE_CURL_TRUE@ $(other_libs)
+
+@FAKE_CURL_FALSE@gpg2keys_hkp_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS)
+@FAKE_CURL_TRUE@gpg2keys_hkp_CPPFLAGS = $(AM_CPPFLAGS)
+@FAKE_CURL_FALSE@gpg2keys_hkp_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \
+@FAKE_CURL_FALSE@ $(other_libs) $(LIBCURL) $(GETOPT)
+
+@FAKE_CURL_TRUE@gpg2keys_hkp_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \
+@FAKE_CURL_TRUE@ $(other_libs)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/am/cmacros.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu keyserver/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu keyserver/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+gpg2keys_mailto: $(top_builddir)/config.status $(srcdir)/gpg2keys_mailto.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+gpg2keys_test: $(top_builddir)/config.status $(srcdir)/gpg2keys_test.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(libexecdir)" && rm -f $$files
+
+clean-libexecPROGRAMS:
+ -test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
+gpg2keys_curl$(EXEEXT): $(gpg2keys_curl_OBJECTS) $(gpg2keys_curl_DEPENDENCIES)
+ @rm -f gpg2keys_curl$(EXEEXT)
+ $(LINK) $(gpg2keys_curl_OBJECTS) $(gpg2keys_curl_LDADD) $(LIBS)
+gpg2keys_finger$(EXEEXT): $(gpg2keys_finger_OBJECTS) $(gpg2keys_finger_DEPENDENCIES)
+ @rm -f gpg2keys_finger$(EXEEXT)
+ $(LINK) $(gpg2keys_finger_OBJECTS) $(gpg2keys_finger_LDADD) $(LIBS)
+gpg2keys_hkp$(EXEEXT): $(gpg2keys_hkp_OBJECTS) $(gpg2keys_hkp_DEPENDENCIES)
+ @rm -f gpg2keys_hkp$(EXEEXT)
+ $(LINK) $(gpg2keys_hkp_OBJECTS) $(gpg2keys_hkp_LDADD) $(LIBS)
+gpg2keys_kdns$(EXEEXT): $(gpg2keys_kdns_OBJECTS) $(gpg2keys_kdns_DEPENDENCIES)
+ @rm -f gpg2keys_kdns$(EXEEXT)
+ $(LINK) $(gpg2keys_kdns_OBJECTS) $(gpg2keys_kdns_LDADD) $(LIBS)
+gpg2keys_ldap$(EXEEXT): $(gpg2keys_ldap_OBJECTS) $(gpg2keys_ldap_DEPENDENCIES)
+ @rm -f gpg2keys_ldap$(EXEEXT)
+ $(LINK) $(gpg2keys_ldap_OBJECTS) $(gpg2keys_ldap_LDADD) $(LIBS)
+install-libexecSCRIPTS: $(libexec_SCRIPTS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_SCRIPTS)'; test -n "$(libexecdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n' \
+ -e 'h;s|.*|.|' \
+ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+ if (++n[d] == $(am__install_max)) { \
+ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+ else { print "f", d "/" $$4, $$1 } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \
+ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-libexecSCRIPTS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_SCRIPTS)'; test -n "$(libexecdir)" || exit 0; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 's,.*/,,;$(transform)'`; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(libexecdir)" && rm -f $$files
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_curl-curl-shim.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_curl-gpgkeys_curl.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_curl-ksutil.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_curl-no-libgcrypt.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_finger-gpgkeys_finger.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_finger-ksutil.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_finger-no-libgcrypt.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_hkp-curl-shim.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_hkp-gpgkeys_hkp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_hkp-ksutil.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_hkp-no-libgcrypt.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_kdns-gpgkeys_kdns.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_kdns-ksutil.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_kdns-no-libgcrypt.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_ldap-gpgkeys_ldap.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_ldap-ksutil.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg2keys_ldap-no-libgcrypt.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+gpg2keys_curl-gpgkeys_curl.o: gpgkeys_curl.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_curl-gpgkeys_curl.o -MD -MP -MF $(DEPDIR)/gpg2keys_curl-gpgkeys_curl.Tpo -c -o gpg2keys_curl-gpgkeys_curl.o `test -f 'gpgkeys_curl.c' || echo '$(srcdir)/'`gpgkeys_curl.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_curl-gpgkeys_curl.Tpo $(DEPDIR)/gpg2keys_curl-gpgkeys_curl.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgkeys_curl.c' object='gpg2keys_curl-gpgkeys_curl.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_curl-gpgkeys_curl.o `test -f 'gpgkeys_curl.c' || echo '$(srcdir)/'`gpgkeys_curl.c
+
+gpg2keys_curl-gpgkeys_curl.obj: gpgkeys_curl.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_curl-gpgkeys_curl.obj -MD -MP -MF $(DEPDIR)/gpg2keys_curl-gpgkeys_curl.Tpo -c -o gpg2keys_curl-gpgkeys_curl.obj `if test -f 'gpgkeys_curl.c'; then $(CYGPATH_W) 'gpgkeys_curl.c'; else $(CYGPATH_W) '$(srcdir)/gpgkeys_curl.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_curl-gpgkeys_curl.Tpo $(DEPDIR)/gpg2keys_curl-gpgkeys_curl.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgkeys_curl.c' object='gpg2keys_curl-gpgkeys_curl.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_curl-gpgkeys_curl.obj `if test -f 'gpgkeys_curl.c'; then $(CYGPATH_W) 'gpgkeys_curl.c'; else $(CYGPATH_W) '$(srcdir)/gpgkeys_curl.c'; fi`
+
+gpg2keys_curl-ksutil.o: ksutil.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_curl-ksutil.o -MD -MP -MF $(DEPDIR)/gpg2keys_curl-ksutil.Tpo -c -o gpg2keys_curl-ksutil.o `test -f 'ksutil.c' || echo '$(srcdir)/'`ksutil.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_curl-ksutil.Tpo $(DEPDIR)/gpg2keys_curl-ksutil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ksutil.c' object='gpg2keys_curl-ksutil.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_curl-ksutil.o `test -f 'ksutil.c' || echo '$(srcdir)/'`ksutil.c
+
+gpg2keys_curl-ksutil.obj: ksutil.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_curl-ksutil.obj -MD -MP -MF $(DEPDIR)/gpg2keys_curl-ksutil.Tpo -c -o gpg2keys_curl-ksutil.obj `if test -f 'ksutil.c'; then $(CYGPATH_W) 'ksutil.c'; else $(CYGPATH_W) '$(srcdir)/ksutil.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_curl-ksutil.Tpo $(DEPDIR)/gpg2keys_curl-ksutil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ksutil.c' object='gpg2keys_curl-ksutil.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_curl-ksutil.obj `if test -f 'ksutil.c'; then $(CYGPATH_W) 'ksutil.c'; else $(CYGPATH_W) '$(srcdir)/ksutil.c'; fi`
+
+gpg2keys_curl-no-libgcrypt.o: no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_curl-no-libgcrypt.o -MD -MP -MF $(DEPDIR)/gpg2keys_curl-no-libgcrypt.Tpo -c -o gpg2keys_curl-no-libgcrypt.o `test -f 'no-libgcrypt.c' || echo '$(srcdir)/'`no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_curl-no-libgcrypt.Tpo $(DEPDIR)/gpg2keys_curl-no-libgcrypt.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='no-libgcrypt.c' object='gpg2keys_curl-no-libgcrypt.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_curl-no-libgcrypt.o `test -f 'no-libgcrypt.c' || echo '$(srcdir)/'`no-libgcrypt.c
+
+gpg2keys_curl-no-libgcrypt.obj: no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_curl-no-libgcrypt.obj -MD -MP -MF $(DEPDIR)/gpg2keys_curl-no-libgcrypt.Tpo -c -o gpg2keys_curl-no-libgcrypt.obj `if test -f 'no-libgcrypt.c'; then $(CYGPATH_W) 'no-libgcrypt.c'; else $(CYGPATH_W) '$(srcdir)/no-libgcrypt.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_curl-no-libgcrypt.Tpo $(DEPDIR)/gpg2keys_curl-no-libgcrypt.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='no-libgcrypt.c' object='gpg2keys_curl-no-libgcrypt.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_curl-no-libgcrypt.obj `if test -f 'no-libgcrypt.c'; then $(CYGPATH_W) 'no-libgcrypt.c'; else $(CYGPATH_W) '$(srcdir)/no-libgcrypt.c'; fi`
+
+gpg2keys_curl-curl-shim.o: curl-shim.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_curl-curl-shim.o -MD -MP -MF $(DEPDIR)/gpg2keys_curl-curl-shim.Tpo -c -o gpg2keys_curl-curl-shim.o `test -f 'curl-shim.c' || echo '$(srcdir)/'`curl-shim.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_curl-curl-shim.Tpo $(DEPDIR)/gpg2keys_curl-curl-shim.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='curl-shim.c' object='gpg2keys_curl-curl-shim.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_curl-curl-shim.o `test -f 'curl-shim.c' || echo '$(srcdir)/'`curl-shim.c
+
+gpg2keys_curl-curl-shim.obj: curl-shim.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_curl-curl-shim.obj -MD -MP -MF $(DEPDIR)/gpg2keys_curl-curl-shim.Tpo -c -o gpg2keys_curl-curl-shim.obj `if test -f 'curl-shim.c'; then $(CYGPATH_W) 'curl-shim.c'; else $(CYGPATH_W) '$(srcdir)/curl-shim.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_curl-curl-shim.Tpo $(DEPDIR)/gpg2keys_curl-curl-shim.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='curl-shim.c' object='gpg2keys_curl-curl-shim.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_curl_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_curl-curl-shim.obj `if test -f 'curl-shim.c'; then $(CYGPATH_W) 'curl-shim.c'; else $(CYGPATH_W) '$(srcdir)/curl-shim.c'; fi`
+
+gpg2keys_finger-gpgkeys_finger.o: gpgkeys_finger.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_finger_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_finger-gpgkeys_finger.o -MD -MP -MF $(DEPDIR)/gpg2keys_finger-gpgkeys_finger.Tpo -c -o gpg2keys_finger-gpgkeys_finger.o `test -f 'gpgkeys_finger.c' || echo '$(srcdir)/'`gpgkeys_finger.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_finger-gpgkeys_finger.Tpo $(DEPDIR)/gpg2keys_finger-gpgkeys_finger.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgkeys_finger.c' object='gpg2keys_finger-gpgkeys_finger.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_finger_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_finger-gpgkeys_finger.o `test -f 'gpgkeys_finger.c' || echo '$(srcdir)/'`gpgkeys_finger.c
+
+gpg2keys_finger-gpgkeys_finger.obj: gpgkeys_finger.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_finger_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_finger-gpgkeys_finger.obj -MD -MP -MF $(DEPDIR)/gpg2keys_finger-gpgkeys_finger.Tpo -c -o gpg2keys_finger-gpgkeys_finger.obj `if test -f 'gpgkeys_finger.c'; then $(CYGPATH_W) 'gpgkeys_finger.c'; else $(CYGPATH_W) '$(srcdir)/gpgkeys_finger.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_finger-gpgkeys_finger.Tpo $(DEPDIR)/gpg2keys_finger-gpgkeys_finger.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgkeys_finger.c' object='gpg2keys_finger-gpgkeys_finger.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_finger_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_finger-gpgkeys_finger.obj `if test -f 'gpgkeys_finger.c'; then $(CYGPATH_W) 'gpgkeys_finger.c'; else $(CYGPATH_W) '$(srcdir)/gpgkeys_finger.c'; fi`
+
+gpg2keys_finger-ksutil.o: ksutil.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_finger_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_finger-ksutil.o -MD -MP -MF $(DEPDIR)/gpg2keys_finger-ksutil.Tpo -c -o gpg2keys_finger-ksutil.o `test -f 'ksutil.c' || echo '$(srcdir)/'`ksutil.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_finger-ksutil.Tpo $(DEPDIR)/gpg2keys_finger-ksutil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ksutil.c' object='gpg2keys_finger-ksutil.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_finger_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_finger-ksutil.o `test -f 'ksutil.c' || echo '$(srcdir)/'`ksutil.c
+
+gpg2keys_finger-ksutil.obj: ksutil.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_finger_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_finger-ksutil.obj -MD -MP -MF $(DEPDIR)/gpg2keys_finger-ksutil.Tpo -c -o gpg2keys_finger-ksutil.obj `if test -f 'ksutil.c'; then $(CYGPATH_W) 'ksutil.c'; else $(CYGPATH_W) '$(srcdir)/ksutil.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_finger-ksutil.Tpo $(DEPDIR)/gpg2keys_finger-ksutil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ksutil.c' object='gpg2keys_finger-ksutil.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_finger_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_finger-ksutil.obj `if test -f 'ksutil.c'; then $(CYGPATH_W) 'ksutil.c'; else $(CYGPATH_W) '$(srcdir)/ksutil.c'; fi`
+
+gpg2keys_finger-no-libgcrypt.o: no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_finger_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_finger-no-libgcrypt.o -MD -MP -MF $(DEPDIR)/gpg2keys_finger-no-libgcrypt.Tpo -c -o gpg2keys_finger-no-libgcrypt.o `test -f 'no-libgcrypt.c' || echo '$(srcdir)/'`no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_finger-no-libgcrypt.Tpo $(DEPDIR)/gpg2keys_finger-no-libgcrypt.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='no-libgcrypt.c' object='gpg2keys_finger-no-libgcrypt.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_finger_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_finger-no-libgcrypt.o `test -f 'no-libgcrypt.c' || echo '$(srcdir)/'`no-libgcrypt.c
+
+gpg2keys_finger-no-libgcrypt.obj: no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_finger_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_finger-no-libgcrypt.obj -MD -MP -MF $(DEPDIR)/gpg2keys_finger-no-libgcrypt.Tpo -c -o gpg2keys_finger-no-libgcrypt.obj `if test -f 'no-libgcrypt.c'; then $(CYGPATH_W) 'no-libgcrypt.c'; else $(CYGPATH_W) '$(srcdir)/no-libgcrypt.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_finger-no-libgcrypt.Tpo $(DEPDIR)/gpg2keys_finger-no-libgcrypt.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='no-libgcrypt.c' object='gpg2keys_finger-no-libgcrypt.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_finger_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_finger-no-libgcrypt.obj `if test -f 'no-libgcrypt.c'; then $(CYGPATH_W) 'no-libgcrypt.c'; else $(CYGPATH_W) '$(srcdir)/no-libgcrypt.c'; fi`
+
+gpg2keys_hkp-gpgkeys_hkp.o: gpgkeys_hkp.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_hkp-gpgkeys_hkp.o -MD -MP -MF $(DEPDIR)/gpg2keys_hkp-gpgkeys_hkp.Tpo -c -o gpg2keys_hkp-gpgkeys_hkp.o `test -f 'gpgkeys_hkp.c' || echo '$(srcdir)/'`gpgkeys_hkp.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_hkp-gpgkeys_hkp.Tpo $(DEPDIR)/gpg2keys_hkp-gpgkeys_hkp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgkeys_hkp.c' object='gpg2keys_hkp-gpgkeys_hkp.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_hkp-gpgkeys_hkp.o `test -f 'gpgkeys_hkp.c' || echo '$(srcdir)/'`gpgkeys_hkp.c
+
+gpg2keys_hkp-gpgkeys_hkp.obj: gpgkeys_hkp.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_hkp-gpgkeys_hkp.obj -MD -MP -MF $(DEPDIR)/gpg2keys_hkp-gpgkeys_hkp.Tpo -c -o gpg2keys_hkp-gpgkeys_hkp.obj `if test -f 'gpgkeys_hkp.c'; then $(CYGPATH_W) 'gpgkeys_hkp.c'; else $(CYGPATH_W) '$(srcdir)/gpgkeys_hkp.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_hkp-gpgkeys_hkp.Tpo $(DEPDIR)/gpg2keys_hkp-gpgkeys_hkp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgkeys_hkp.c' object='gpg2keys_hkp-gpgkeys_hkp.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_hkp-gpgkeys_hkp.obj `if test -f 'gpgkeys_hkp.c'; then $(CYGPATH_W) 'gpgkeys_hkp.c'; else $(CYGPATH_W) '$(srcdir)/gpgkeys_hkp.c'; fi`
+
+gpg2keys_hkp-ksutil.o: ksutil.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_hkp-ksutil.o -MD -MP -MF $(DEPDIR)/gpg2keys_hkp-ksutil.Tpo -c -o gpg2keys_hkp-ksutil.o `test -f 'ksutil.c' || echo '$(srcdir)/'`ksutil.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_hkp-ksutil.Tpo $(DEPDIR)/gpg2keys_hkp-ksutil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ksutil.c' object='gpg2keys_hkp-ksutil.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_hkp-ksutil.o `test -f 'ksutil.c' || echo '$(srcdir)/'`ksutil.c
+
+gpg2keys_hkp-ksutil.obj: ksutil.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_hkp-ksutil.obj -MD -MP -MF $(DEPDIR)/gpg2keys_hkp-ksutil.Tpo -c -o gpg2keys_hkp-ksutil.obj `if test -f 'ksutil.c'; then $(CYGPATH_W) 'ksutil.c'; else $(CYGPATH_W) '$(srcdir)/ksutil.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_hkp-ksutil.Tpo $(DEPDIR)/gpg2keys_hkp-ksutil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ksutil.c' object='gpg2keys_hkp-ksutil.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_hkp-ksutil.obj `if test -f 'ksutil.c'; then $(CYGPATH_W) 'ksutil.c'; else $(CYGPATH_W) '$(srcdir)/ksutil.c'; fi`
+
+gpg2keys_hkp-no-libgcrypt.o: no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_hkp-no-libgcrypt.o -MD -MP -MF $(DEPDIR)/gpg2keys_hkp-no-libgcrypt.Tpo -c -o gpg2keys_hkp-no-libgcrypt.o `test -f 'no-libgcrypt.c' || echo '$(srcdir)/'`no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_hkp-no-libgcrypt.Tpo $(DEPDIR)/gpg2keys_hkp-no-libgcrypt.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='no-libgcrypt.c' object='gpg2keys_hkp-no-libgcrypt.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_hkp-no-libgcrypt.o `test -f 'no-libgcrypt.c' || echo '$(srcdir)/'`no-libgcrypt.c
+
+gpg2keys_hkp-no-libgcrypt.obj: no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_hkp-no-libgcrypt.obj -MD -MP -MF $(DEPDIR)/gpg2keys_hkp-no-libgcrypt.Tpo -c -o gpg2keys_hkp-no-libgcrypt.obj `if test -f 'no-libgcrypt.c'; then $(CYGPATH_W) 'no-libgcrypt.c'; else $(CYGPATH_W) '$(srcdir)/no-libgcrypt.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_hkp-no-libgcrypt.Tpo $(DEPDIR)/gpg2keys_hkp-no-libgcrypt.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='no-libgcrypt.c' object='gpg2keys_hkp-no-libgcrypt.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_hkp-no-libgcrypt.obj `if test -f 'no-libgcrypt.c'; then $(CYGPATH_W) 'no-libgcrypt.c'; else $(CYGPATH_W) '$(srcdir)/no-libgcrypt.c'; fi`
+
+gpg2keys_hkp-curl-shim.o: curl-shim.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_hkp-curl-shim.o -MD -MP -MF $(DEPDIR)/gpg2keys_hkp-curl-shim.Tpo -c -o gpg2keys_hkp-curl-shim.o `test -f 'curl-shim.c' || echo '$(srcdir)/'`curl-shim.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_hkp-curl-shim.Tpo $(DEPDIR)/gpg2keys_hkp-curl-shim.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='curl-shim.c' object='gpg2keys_hkp-curl-shim.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_hkp-curl-shim.o `test -f 'curl-shim.c' || echo '$(srcdir)/'`curl-shim.c
+
+gpg2keys_hkp-curl-shim.obj: curl-shim.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_hkp-curl-shim.obj -MD -MP -MF $(DEPDIR)/gpg2keys_hkp-curl-shim.Tpo -c -o gpg2keys_hkp-curl-shim.obj `if test -f 'curl-shim.c'; then $(CYGPATH_W) 'curl-shim.c'; else $(CYGPATH_W) '$(srcdir)/curl-shim.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_hkp-curl-shim.Tpo $(DEPDIR)/gpg2keys_hkp-curl-shim.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='curl-shim.c' object='gpg2keys_hkp-curl-shim.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_hkp_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_hkp-curl-shim.obj `if test -f 'curl-shim.c'; then $(CYGPATH_W) 'curl-shim.c'; else $(CYGPATH_W) '$(srcdir)/curl-shim.c'; fi`
+
+gpg2keys_kdns-gpgkeys_kdns.o: gpgkeys_kdns.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_kdns_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_kdns-gpgkeys_kdns.o -MD -MP -MF $(DEPDIR)/gpg2keys_kdns-gpgkeys_kdns.Tpo -c -o gpg2keys_kdns-gpgkeys_kdns.o `test -f 'gpgkeys_kdns.c' || echo '$(srcdir)/'`gpgkeys_kdns.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_kdns-gpgkeys_kdns.Tpo $(DEPDIR)/gpg2keys_kdns-gpgkeys_kdns.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgkeys_kdns.c' object='gpg2keys_kdns-gpgkeys_kdns.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_kdns_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_kdns-gpgkeys_kdns.o `test -f 'gpgkeys_kdns.c' || echo '$(srcdir)/'`gpgkeys_kdns.c
+
+gpg2keys_kdns-gpgkeys_kdns.obj: gpgkeys_kdns.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_kdns_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_kdns-gpgkeys_kdns.obj -MD -MP -MF $(DEPDIR)/gpg2keys_kdns-gpgkeys_kdns.Tpo -c -o gpg2keys_kdns-gpgkeys_kdns.obj `if test -f 'gpgkeys_kdns.c'; then $(CYGPATH_W) 'gpgkeys_kdns.c'; else $(CYGPATH_W) '$(srcdir)/gpgkeys_kdns.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_kdns-gpgkeys_kdns.Tpo $(DEPDIR)/gpg2keys_kdns-gpgkeys_kdns.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgkeys_kdns.c' object='gpg2keys_kdns-gpgkeys_kdns.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_kdns_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_kdns-gpgkeys_kdns.obj `if test -f 'gpgkeys_kdns.c'; then $(CYGPATH_W) 'gpgkeys_kdns.c'; else $(CYGPATH_W) '$(srcdir)/gpgkeys_kdns.c'; fi`
+
+gpg2keys_kdns-ksutil.o: ksutil.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_kdns_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_kdns-ksutil.o -MD -MP -MF $(DEPDIR)/gpg2keys_kdns-ksutil.Tpo -c -o gpg2keys_kdns-ksutil.o `test -f 'ksutil.c' || echo '$(srcdir)/'`ksutil.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_kdns-ksutil.Tpo $(DEPDIR)/gpg2keys_kdns-ksutil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ksutil.c' object='gpg2keys_kdns-ksutil.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_kdns_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_kdns-ksutil.o `test -f 'ksutil.c' || echo '$(srcdir)/'`ksutil.c
+
+gpg2keys_kdns-ksutil.obj: ksutil.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_kdns_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_kdns-ksutil.obj -MD -MP -MF $(DEPDIR)/gpg2keys_kdns-ksutil.Tpo -c -o gpg2keys_kdns-ksutil.obj `if test -f 'ksutil.c'; then $(CYGPATH_W) 'ksutil.c'; else $(CYGPATH_W) '$(srcdir)/ksutil.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_kdns-ksutil.Tpo $(DEPDIR)/gpg2keys_kdns-ksutil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ksutil.c' object='gpg2keys_kdns-ksutil.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_kdns_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_kdns-ksutil.obj `if test -f 'ksutil.c'; then $(CYGPATH_W) 'ksutil.c'; else $(CYGPATH_W) '$(srcdir)/ksutil.c'; fi`
+
+gpg2keys_kdns-no-libgcrypt.o: no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_kdns_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_kdns-no-libgcrypt.o -MD -MP -MF $(DEPDIR)/gpg2keys_kdns-no-libgcrypt.Tpo -c -o gpg2keys_kdns-no-libgcrypt.o `test -f 'no-libgcrypt.c' || echo '$(srcdir)/'`no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_kdns-no-libgcrypt.Tpo $(DEPDIR)/gpg2keys_kdns-no-libgcrypt.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='no-libgcrypt.c' object='gpg2keys_kdns-no-libgcrypt.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_kdns_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_kdns-no-libgcrypt.o `test -f 'no-libgcrypt.c' || echo '$(srcdir)/'`no-libgcrypt.c
+
+gpg2keys_kdns-no-libgcrypt.obj: no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_kdns_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_kdns-no-libgcrypt.obj -MD -MP -MF $(DEPDIR)/gpg2keys_kdns-no-libgcrypt.Tpo -c -o gpg2keys_kdns-no-libgcrypt.obj `if test -f 'no-libgcrypt.c'; then $(CYGPATH_W) 'no-libgcrypt.c'; else $(CYGPATH_W) '$(srcdir)/no-libgcrypt.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_kdns-no-libgcrypt.Tpo $(DEPDIR)/gpg2keys_kdns-no-libgcrypt.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='no-libgcrypt.c' object='gpg2keys_kdns-no-libgcrypt.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_kdns_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_kdns-no-libgcrypt.obj `if test -f 'no-libgcrypt.c'; then $(CYGPATH_W) 'no-libgcrypt.c'; else $(CYGPATH_W) '$(srcdir)/no-libgcrypt.c'; fi`
+
+gpg2keys_ldap-gpgkeys_ldap.o: gpgkeys_ldap.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_ldap_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_ldap-gpgkeys_ldap.o -MD -MP -MF $(DEPDIR)/gpg2keys_ldap-gpgkeys_ldap.Tpo -c -o gpg2keys_ldap-gpgkeys_ldap.o `test -f 'gpgkeys_ldap.c' || echo '$(srcdir)/'`gpgkeys_ldap.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_ldap-gpgkeys_ldap.Tpo $(DEPDIR)/gpg2keys_ldap-gpgkeys_ldap.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgkeys_ldap.c' object='gpg2keys_ldap-gpgkeys_ldap.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_ldap_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_ldap-gpgkeys_ldap.o `test -f 'gpgkeys_ldap.c' || echo '$(srcdir)/'`gpgkeys_ldap.c
+
+gpg2keys_ldap-gpgkeys_ldap.obj: gpgkeys_ldap.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_ldap_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_ldap-gpgkeys_ldap.obj -MD -MP -MF $(DEPDIR)/gpg2keys_ldap-gpgkeys_ldap.Tpo -c -o gpg2keys_ldap-gpgkeys_ldap.obj `if test -f 'gpgkeys_ldap.c'; then $(CYGPATH_W) 'gpgkeys_ldap.c'; else $(CYGPATH_W) '$(srcdir)/gpgkeys_ldap.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_ldap-gpgkeys_ldap.Tpo $(DEPDIR)/gpg2keys_ldap-gpgkeys_ldap.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgkeys_ldap.c' object='gpg2keys_ldap-gpgkeys_ldap.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_ldap_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_ldap-gpgkeys_ldap.obj `if test -f 'gpgkeys_ldap.c'; then $(CYGPATH_W) 'gpgkeys_ldap.c'; else $(CYGPATH_W) '$(srcdir)/gpgkeys_ldap.c'; fi`
+
+gpg2keys_ldap-ksutil.o: ksutil.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_ldap_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_ldap-ksutil.o -MD -MP -MF $(DEPDIR)/gpg2keys_ldap-ksutil.Tpo -c -o gpg2keys_ldap-ksutil.o `test -f 'ksutil.c' || echo '$(srcdir)/'`ksutil.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_ldap-ksutil.Tpo $(DEPDIR)/gpg2keys_ldap-ksutil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ksutil.c' object='gpg2keys_ldap-ksutil.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_ldap_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_ldap-ksutil.o `test -f 'ksutil.c' || echo '$(srcdir)/'`ksutil.c
+
+gpg2keys_ldap-ksutil.obj: ksutil.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_ldap_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_ldap-ksutil.obj -MD -MP -MF $(DEPDIR)/gpg2keys_ldap-ksutil.Tpo -c -o gpg2keys_ldap-ksutil.obj `if test -f 'ksutil.c'; then $(CYGPATH_W) 'ksutil.c'; else $(CYGPATH_W) '$(srcdir)/ksutil.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_ldap-ksutil.Tpo $(DEPDIR)/gpg2keys_ldap-ksutil.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ksutil.c' object='gpg2keys_ldap-ksutil.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_ldap_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_ldap-ksutil.obj `if test -f 'ksutil.c'; then $(CYGPATH_W) 'ksutil.c'; else $(CYGPATH_W) '$(srcdir)/ksutil.c'; fi`
+
+gpg2keys_ldap-no-libgcrypt.o: no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_ldap_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_ldap-no-libgcrypt.o -MD -MP -MF $(DEPDIR)/gpg2keys_ldap-no-libgcrypt.Tpo -c -o gpg2keys_ldap-no-libgcrypt.o `test -f 'no-libgcrypt.c' || echo '$(srcdir)/'`no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_ldap-no-libgcrypt.Tpo $(DEPDIR)/gpg2keys_ldap-no-libgcrypt.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='no-libgcrypt.c' object='gpg2keys_ldap-no-libgcrypt.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_ldap_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_ldap-no-libgcrypt.o `test -f 'no-libgcrypt.c' || echo '$(srcdir)/'`no-libgcrypt.c
+
+gpg2keys_ldap-no-libgcrypt.obj: no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_ldap_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gpg2keys_ldap-no-libgcrypt.obj -MD -MP -MF $(DEPDIR)/gpg2keys_ldap-no-libgcrypt.Tpo -c -o gpg2keys_ldap-no-libgcrypt.obj `if test -f 'no-libgcrypt.c'; then $(CYGPATH_W) 'no-libgcrypt.c'; else $(CYGPATH_W) '$(srcdir)/no-libgcrypt.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg2keys_ldap-no-libgcrypt.Tpo $(DEPDIR)/gpg2keys_ldap-no-libgcrypt.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='no-libgcrypt.c' object='gpg2keys_ldap-no-libgcrypt.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gpg2keys_ldap_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gpg2keys_ldap-no-libgcrypt.obj `if test -f 'no-libgcrypt.c'; then $(CYGPATH_W) 'no-libgcrypt.c'; else $(CYGPATH_W) '$(srcdir)/no-libgcrypt.c'; fi`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS) $(SCRIPTS)
+installdirs:
+ for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(libexecdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libexecPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-libexecPROGRAMS install-libexecSCRIPTS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libexecPROGRAMS uninstall-libexecSCRIPTS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libexecPROGRAMS ctags distclean distclean-compile \
+ distclean-generic distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-libexecPROGRAMS install-libexecSCRIPTS \
+ install-man install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic pdf pdf-am \
+ ps ps-am tags uninstall uninstall-am uninstall-libexecPROGRAMS \
+ uninstall-libexecSCRIPTS
+
+
+# Make sure that all libs are build before we use them. This is
+# important for things like make -j2.
+$(PROGRAMS): $(common_libs)
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/keyserver/curl-shim.c b/keyserver/curl-shim.c
new file mode 100644
index 0000000..500d9f5
--- /dev/null
+++ b/keyserver/curl-shim.c
@@ -0,0 +1,382 @@
+/* curl-shim.c - Implement a small subset of the curl API in terms of
+ * the iobuf HTTP API
+ *
+ * Copyright (C) 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+
+#include "util.h"
+#include "http.h"
+#include "ksutil.h"
+#include "curl-shim.h"
+
+static CURLcode
+handle_error(CURL *curl,CURLcode err,const char *str)
+{
+ if(curl->errorbuffer)
+ {
+ /* Make sure you never exceed CURL_ERROR_SIZE, currently set to
+ 256 in curl-shim.h */
+ switch(err)
+ {
+ case CURLE_OK:
+ strcpy(curl->errorbuffer,"okay");
+ break;
+
+ case CURLE_UNSUPPORTED_PROTOCOL:
+ strcpy(curl->errorbuffer,"unsupported protocol");
+ break;
+
+ case CURLE_COULDNT_CONNECT:
+ strcpy(curl->errorbuffer,"couldn't connect");
+ break;
+
+ case CURLE_WRITE_ERROR:
+ strcpy(curl->errorbuffer,"write error");
+ break;
+
+ case CURLE_HTTP_RETURNED_ERROR:
+ sprintf(curl->errorbuffer,"url returned error %u",curl->status);
+ break;
+
+ default:
+ strcpy(curl->errorbuffer,"generic error");
+ break;
+ }
+
+ if(str && (strlen(curl->errorbuffer)+2+strlen(str)+1)<=CURL_ERROR_SIZE)
+ {
+ strcat(curl->errorbuffer,": ");
+ strcat(curl->errorbuffer,str);
+ }
+ }
+
+ return err;
+}
+
+CURLcode
+curl_global_init(long flags)
+{
+ (void)flags;
+ return CURLE_OK;
+}
+
+void
+curl_global_cleanup(void) {}
+
+CURL *
+curl_easy_init(void)
+{
+ CURL *handle;
+
+#ifdef HAVE_W32_SYSTEM
+ w32_init_sockets ();
+#endif
+
+ handle=calloc(1,sizeof(CURL));
+ if(handle)
+ handle->errors=stderr;
+
+ return handle;
+}
+
+void
+curl_easy_cleanup(CURL *curl)
+{
+ if (curl)
+ {
+ http_close (curl->hd, 0);
+ free(curl);
+ }
+}
+
+CURLcode
+curl_easy_setopt(CURL *curl,CURLoption option,...)
+{
+ va_list ap;
+
+ va_start(ap,option);
+
+ switch(option)
+ {
+ case CURLOPT_URL:
+ curl->url=va_arg(ap,char *);
+ break;
+ case CURLOPT_USERPWD:
+ curl->auth=va_arg(ap,char *);
+ break;
+ case CURLOPT_WRITEFUNCTION:
+ curl->writer=va_arg(ap,write_func);
+ break;
+ case CURLOPT_FILE:
+ curl->file=va_arg(ap,void *);
+ break;
+ case CURLOPT_ERRORBUFFER:
+ curl->errorbuffer=va_arg(ap,char *);
+ break;
+ case CURLOPT_PROXY:
+ curl->proxy=va_arg(ap,char *);
+ break;
+ case CURLOPT_POST:
+ curl->flags.post=va_arg(ap,long)?1:0;
+ break;
+ case CURLOPT_POSTFIELDS:
+ curl->postfields=va_arg(ap,char *);
+ break;
+ case CURLOPT_SRVTAG_GPG_HACK:
+ curl->srvtag=va_arg(ap,char *);
+ break;
+ case CURLOPT_FAILONERROR:
+ curl->flags.failonerror=va_arg(ap,long)?1:0;
+ break;
+ case CURLOPT_VERBOSE:
+ curl->flags.verbose=va_arg(ap,long)?1:0;
+ break;
+ case CURLOPT_STDERR:
+ curl->errors=va_arg(ap,FILE *);
+ break;
+ case CURLOPT_HTTPHEADER:
+ curl->headers=va_arg(ap,struct curl_slist *);
+ break;
+ default:
+ /* We ignore the huge majority of curl options */
+ break;
+ }
+
+ return handle_error(curl,CURLE_OK,NULL);
+}
+
+CURLcode
+curl_easy_perform(CURL *curl)
+{
+ int rc;
+ CURLcode err=CURLE_OK;
+ const char *errstr=NULL;
+ char *proxy=NULL;
+
+ /* Emulate the libcurl proxy behavior. If the calling program set a
+ proxy, use it. If it didn't set a proxy or set it to NULL, check
+ for one in the environment. If the calling program explicitly
+ set a null-string proxy the http code doesn't use a proxy at
+ all. */
+
+ if(curl->proxy)
+ proxy=curl->proxy;
+ else
+ proxy=getenv(HTTP_PROXY_ENV);
+
+ if(curl->flags.verbose)
+ {
+ fprintf(curl->errors,"* HTTP proxy is \"%s\"\n",proxy?proxy:"null");
+ fprintf(curl->errors,"* HTTP URL is \"%s\"\n",curl->url);
+ fprintf(curl->errors,"* HTTP auth is \"%s\"\n",
+ curl->auth?curl->auth:"null");
+ fprintf(curl->errors,"* HTTP method is %s\n",
+ curl->flags.post?"POST":"GET");
+ }
+
+ if(curl->flags.post)
+ {
+ rc = http_open (&curl->hd, HTTP_REQ_POST, curl->url, curl->auth,
+ 0, proxy, NULL, curl->srvtag,
+ curl->headers?curl->headers->list:NULL);
+ if (!rc)
+ {
+ unsigned int post_len = strlen(curl->postfields);
+
+ es_fprintf (http_get_write_ptr (curl->hd),
+ "Content-Type: application/x-www-form-urlencoded\r\n"
+ "Content-Length: %u\r\n", post_len);
+ http_start_data (curl->hd);
+ es_write (http_get_write_ptr (curl->hd),
+ curl->postfields, post_len, NULL);
+
+ rc = http_wait_response (curl->hd);
+ curl->status = http_get_status_code (curl->hd);
+ if (!rc && curl->flags.failonerror && curl->status>=300)
+ err = CURLE_HTTP_RETURNED_ERROR;
+ http_close (curl->hd, 0);
+ curl->hd = NULL;
+ }
+ }
+ else
+ {
+ rc = http_open (&curl->hd, HTTP_REQ_GET, curl->url, curl->auth,
+ 0, proxy, NULL, curl->srvtag,
+ curl->headers?curl->headers->list:NULL);
+ if (!rc)
+ {
+ rc = http_wait_response (curl->hd);
+ curl->status = http_get_status_code (curl->hd);
+ if (!rc)
+ {
+ if (curl->flags.failonerror && curl->status>=300)
+ err = CURLE_HTTP_RETURNED_ERROR;
+ else
+ {
+ size_t maxlen = 1024;
+ size_t buflen;
+ unsigned int len;
+ char *line = NULL;
+
+ while ((len = es_read_line (http_get_read_ptr (curl->hd),
+ &line, &buflen, &maxlen)))
+ {
+ size_t ret;
+
+ maxlen=1024;
+
+ ret=(curl->writer)(line,len,1,curl->file);
+ if(ret!=len)
+ {
+ err=CURLE_WRITE_ERROR;
+ break;
+ }
+ }
+
+ es_free (line);
+ http_close(curl->hd, 0);
+ curl->hd = NULL;
+ }
+ }
+ else
+ {
+ http_close (curl->hd, 0);
+ curl->hd = NULL;
+ }
+ }
+ }
+
+ switch(gpg_err_code (rc))
+ {
+ case 0:
+ break;
+
+ case GPG_ERR_INV_URI:
+ err=CURLE_UNSUPPORTED_PROTOCOL;
+ break;
+
+ default:
+ errstr=gpg_strerror (rc);
+ err=CURLE_COULDNT_CONNECT;
+ break;
+ }
+
+ return handle_error(curl,err,errstr);
+}
+
+/* This is not the same exact set that is allowed according to
+ RFC-2396, but it is what the real curl uses. */
+#define VALID_URI_CHARS "abcdefghijklmnopqrstuvwxyz" \
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
+ "0123456789"
+
+char *
+curl_escape(char *str,int length)
+{
+ int len,max,idx,enc_idx=0;
+ char *enc;
+
+ if(length)
+ len=length;
+ else
+ len=strlen(str);
+
+ enc=malloc(len+1);
+ if(!enc)
+ return enc;
+
+ max=len;
+
+ for(idx=0;idx<len;idx++)
+ {
+ if(enc_idx+3>max)
+ {
+ char *tmp;
+
+ max+=100;
+
+ tmp=realloc(enc,max+1);
+ if(!tmp)
+ {
+ free(enc);
+ return NULL;
+ }
+
+ enc=tmp;
+ }
+
+ if(strchr(VALID_URI_CHARS,str[idx]))
+ enc[enc_idx++]=str[idx];
+ else
+ {
+ char numbuf[5];
+ sprintf(numbuf,"%%%02X",str[idx]);
+ strcpy(&enc[enc_idx],numbuf);
+ enc_idx+=3;
+ }
+ }
+
+ enc[enc_idx]='\0';
+
+ return enc;
+}
+
+curl_version_info_data *
+curl_version_info(int type)
+{
+ static curl_version_info_data data;
+ static const char *protocols[]={"http",NULL};
+
+ (void)type;
+
+ data.protocols=protocols;
+
+ return &data;
+}
+
+struct curl_slist *
+curl_slist_append(struct curl_slist *list,const char *string)
+{
+ if(!list)
+ {
+ list=calloc(1,sizeof(*list));
+ if(!list)
+ return NULL;
+ }
+
+ add_to_strlist(&list->list,string);
+
+ return list;
+}
+
+void
+curl_slist_free_all(struct curl_slist *list)
+{
+ if(list)
+ {
+ free_strlist(list->list);
+ free(list);
+ }
+}
diff --git a/keyserver/curl-shim.h b/keyserver/curl-shim.h
new file mode 100644
index 0000000..e37d816
--- /dev/null
+++ b/keyserver/curl-shim.h
@@ -0,0 +1,111 @@
+/* curl-shim.h
+ * Copyright (C) 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GNUPG.
+ *
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _CURL_SHIM_H_
+#define _CURL_SHIM_H_
+
+#include "util.h"
+#include "http.h"
+
+typedef enum
+ {
+ CURLE_OK=0,
+ CURLE_UNSUPPORTED_PROTOCOL=1,
+ CURLE_COULDNT_CONNECT=7,
+ CURLE_FTP_COULDNT_RETR_FILE=19,
+ CURLE_HTTP_RETURNED_ERROR=22,
+ CURLE_WRITE_ERROR=23
+ } CURLcode;
+
+typedef enum
+ {
+ CURLOPT_URL,
+ CURLOPT_USERPWD,
+ CURLOPT_WRITEFUNCTION,
+ CURLOPT_FILE,
+ CURLOPT_ERRORBUFFER,
+ CURLOPT_FOLLOWLOCATION,
+ CURLOPT_MAXREDIRS,
+ CURLOPT_STDERR,
+ CURLOPT_VERBOSE,
+ CURLOPT_SSL_VERIFYPEER,
+ CURLOPT_PROXY,
+ CURLOPT_CAINFO,
+ CURLOPT_POST,
+ CURLOPT_POSTFIELDS,
+ CURLOPT_FAILONERROR,
+ CURLOPT_HTTPHEADER,
+ CURLOPT_SRVTAG_GPG_HACK
+ } CURLoption;
+
+typedef size_t (*write_func)(char *buffer,size_t size,
+ size_t nitems,void *outstream);
+
+typedef struct
+{
+ char *url;
+ char *auth;
+ char *errorbuffer;
+ char *proxy;
+ write_func writer;
+ void *file;
+ char *postfields;
+ char *srvtag;
+ unsigned int status;
+ FILE *errors;
+ struct curl_slist *headers;
+ struct
+ {
+ unsigned int post:1;
+ unsigned int failonerror:1;
+ unsigned int verbose:1;
+ } flags;
+ http_t hd;
+} CURL;
+
+typedef struct
+{
+ const char **protocols;
+} curl_version_info_data;
+
+#define CURL_ERROR_SIZE 256
+#define CURL_GLOBAL_DEFAULT 0
+#define CURLVERSION_NOW 0
+
+CURLcode curl_global_init(long flags);
+void curl_global_cleanup(void);
+CURL *curl_easy_init(void);
+CURLcode curl_easy_setopt(CURL *curl,CURLoption option,...);
+CURLcode curl_easy_perform(CURL *curl);
+void curl_easy_cleanup(CURL *curl);
+char *curl_escape(char *str,int len);
+#define curl_free(x) free(x)
+#define curl_version() "GnuPG curl-shim"
+curl_version_info_data *curl_version_info(int type);
+
+struct curl_slist
+{
+ strlist_t list;
+};
+
+struct curl_slist *curl_slist_append(struct curl_slist *list,
+ const char *string);
+void curl_slist_free_all(struct curl_slist *list);
+
+#endif /* !_CURL_SHIM_H_ */
diff --git a/keyserver/gpg2keys_mailto.in b/keyserver/gpg2keys_mailto.in
new file mode 100755
index 0000000..959f0e7
--- /dev/null
+++ b/keyserver/gpg2keys_mailto.in
@@ -0,0 +1,211 @@
+#!@PERL@ -w
+
+# gpg2keys_mailto - talk to a email keyserver
+# Copyright (C) 2001, 2002 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+use Getopt::Std;
+$Getopt::Std::STANDARD_HELP_VERSION=1;
+$sendmail="@SENDMAIL@ -t";
+
+###
+
+sub VERSION_MESSAGE ()
+{
+ print STDOUT "gpg2keys_mailto (GnuPG) @VERSION@\n";
+}
+
+sub HELP_MESSAGE ()
+{
+ print STDOUT <<EOT
+
+--help Print this help
+--version Print the version
+-o FILE Write output to FILE
+EOT
+}
+
+
+
+getopts('o:');
+
+if(defined($opt_o))
+{
+ open(STDOUT,">$opt_o") || die "Can't open output file $opt_o\n";
+}
+
+if(@ARGV)
+{
+ open(STDIN,$ARGV[0]) || die "Can't open input file $ARGV[0]\n";
+}
+
+while(<STDIN>)
+{
+ last if($_ eq "\n");
+
+ if(/^COMMAND (\S+)/)
+ {
+ $command=$1;
+ }
+
+ if(/^OPAQUE (\S+)/)
+ {
+ $address=$1;
+ }
+
+ if(/^PROGRAM (\S+)/)
+ {
+ $program=$1;
+ }
+
+ if(/^OPTION (\S+)/)
+ {
+ if($1=~/^verbose$/i)
+ {
+ $verbose++;
+ }
+ elsif($1=~/^no-verbose$/i)
+ {
+ $verbose--;
+ }
+ elsif($1=~/^mail-from=(.+)$/i)
+ {
+ $from=$1;
+ }
+ elsif($1=~/^no-mail-from$/i)
+ {
+ undef $from;
+ }
+
+ }
+}
+
+if(!defined($from))
+{
+ ($login,$name)=(getpwuid($<))[0,6];
+ $from="$name <$login>";
+}
+
+$program="(unknown)" if(!defined($program));
+
+if(!defined($address))
+{
+ print STDERR "gpgkeys: no address provided\n";
+ exit(1);
+}
+
+while(<STDIN>)
+{
+ last if($_ eq "\n");
+
+ chomp;
+
+ push(@keys,$_);
+}
+
+# Send response
+
+print "VERSION 1\n";
+print "OPTION OUTOFBAND\n\n";
+
+# Email keyservers get and search the same way
+
+if($command=~/get/i || $command=~/search/i)
+{
+ if($command=~/search/i)
+ {
+ print "COUNT 0\n";
+ }
+
+ foreach $key (@keys)
+ {
+ open(MAIL,"|$sendmail") || die "ERROR: Can't open $sendmail\n";
+ print MAIL "From: $from\n";
+ print MAIL "To: $address\n";
+ if($command=~/get/i)
+ {
+ # mail keyservers don't like long-form keyids
+
+ if(substr($key,0,2) eq "0x")
+ {
+ $key=substr($key,2);
+ }
+
+ if(length($key)>8)
+ {
+ $key=substr($key,-8);
+ }
+
+ print MAIL "Subject: GET 0x$key\n\n";
+ }
+ else
+ {
+ print MAIL "Subject: GET $key\n\n";
+ }
+ print MAIL "GnuPG $program email keyserver request\n";
+ close(MAIL);
+
+ # Tell GnuPG not to expect a key
+ print "KEY $key OUTOFBAND\n";
+
+ if($verbose)
+ {
+ print STDERR "gpgkeys: key $key requested from $address\n";
+ }
+ }
+}
+
+if($command=~/send/i)
+{
+ while(!eof(STDIN))
+ {
+ open(MAIL,"|$sendmail") || die "ERROR: Can't open $sendmail\n";
+ print MAIL "From: $name <$login>\n";
+ print MAIL "To: $address\n";
+ print MAIL "Subject: ADD\n\n";
+
+ while(<STDIN>)
+ {
+ if(/^KEY (\S+) BEGIN$/)
+ {
+ $key=$1;
+ last;
+ }
+ }
+
+ while(<STDIN>)
+ {
+ if(/^KEY \S+ END$/)
+ {
+ last;
+ }
+
+ print MAIL;
+ }
+
+ close(MAIL);
+
+ if($verbose)
+ {
+ print STDERR "gpgkeys: key $key sent to $address\n";
+ }
+ }
+}
+
+
+# Local Variables:
+# mode:perl
+# End:
diff --git a/keyserver/gpg2keys_test.in b/keyserver/gpg2keys_test.in
new file mode 100755
index 0000000..9f2c0b6
--- /dev/null
+++ b/keyserver/gpg2keys_test.in
@@ -0,0 +1,97 @@
+#!@PERL@
+
+# gpg2keys_test - keyserver code tester
+# Copyright (C) 2001 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+use Getopt::Std;
+$Getopt::Std::STANDARD_HELP_VERSION=1;
+
+$|=1;
+
+sub VERSION_MESSAGE ()
+{
+ print STDOUT "gpg2keys_test (GnuPG) @VERSION@\n";
+}
+
+sub HELP_MESSAGE ()
+{
+ print STDOUT <<EOT
+
+--help Print this help
+--version Print the version
+EOT
+}
+
+
+getopts('o:');
+
+print STDERR "gpgkeys_test starting\n";
+
+if(defined($opt_o))
+{
+ print STDERR "Using output file $opt_o\n";
+ open(STDOUT,">$opt_o") || die "Can't open output file $opt_o\n";
+}
+
+if(@ARGV)
+{
+ print STDERR "Using input file $ARGV[0]\n";
+ open(STDIN,$ARGV[0]) || die "Can't open input file $ARGV[0]\n";
+}
+
+# Get the command block
+
+print STDERR "Command block:\n";
+
+while(<STDIN>)
+{
+ last if($_ eq "\n");
+ print STDERR "--command-> $_";
+
+ if(/^COMMAND (\w+)/)
+ {
+ $command=$1;
+ }
+}
+
+# Get the keylist block
+
+print STDERR "Keylist block:\n";
+
+while(<STDIN>)
+{
+ last if($_ eq "\n");
+ print STDERR "--keylist-> $_";
+}
+
+# If it's a SEND, then get the key material
+
+if($command eq "SEND")
+{
+ print STDERR "Key material to send:\n";
+
+ while(<STDIN>)
+ {
+ print STDERR "$_";
+ }
+}
+
+printf STDERR "gpgkeys_test finished\n";
+
+# Local Variables:
+# mode:perl
+# End:
diff --git a/keyserver/gpgkeys_curl.c b/keyserver/gpgkeys_curl.c
new file mode 100644
index 0000000..28ec698
--- /dev/null
+++ b/keyserver/gpgkeys_curl.c
@@ -0,0 +1,419 @@
+/* gpgkeys_curl.c - fetch a key via libcurl
+ * Copyright (C) 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, as a special exception, the Free Software Foundation
+ * gives permission to link the code of the keyserver helper tools:
+ * gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL
+ * project's "OpenSSL" library (or with modified versions of it that
+ * use the same license as the "OpenSSL" library), and distribute the
+ * linked executables. You must obey the GNU General Public License
+ * in all respects for all of the code used other than "OpenSSL". If
+ * you modify this file, you may extend this exception to your version
+ * of the file, but you are not obligated to do so. If you do not
+ * wish to do so, delete this exception statement from your version.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <unistd.h>
+#ifdef HAVE_GETOPT_H
+#include <getopt.h>
+#endif
+#ifdef HAVE_LIBCURL
+#include <curl/curl.h>
+#else
+#include "curl-shim.h"
+#endif
+#include "keyserver.h"
+#include "ksutil.h"
+
+extern char *optarg;
+extern int optind;
+
+static FILE *input,*output,*console;
+static CURL *curl;
+static struct ks_options *opt;
+
+static int
+get_key(char *getkey)
+{
+ CURLcode res;
+ char errorbuffer[CURL_ERROR_SIZE];
+ char request[MAX_URL];
+ struct curl_writer_ctx ctx;
+
+ memset(&ctx,0,sizeof(ctx));
+
+ if(strncmp(getkey,"0x",2)==0)
+ getkey+=2;
+
+ fprintf(output,"KEY 0x%s BEGIN\n",getkey);
+
+ sprintf(request,"%s://%s%s%s%s",opt->scheme,opt->host,
+ opt->port?":":"",opt->port?opt->port:"",opt->path?opt->path:"/");
+
+ curl_easy_setopt(curl,CURLOPT_URL,request);
+ curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_writer);
+ ctx.stream=output;
+ curl_easy_setopt(curl,CURLOPT_FILE,&ctx);
+ curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errorbuffer);
+
+ res=curl_easy_perform(curl);
+ if(res!=CURLE_OK)
+ {
+ fprintf(console,"gpgkeys: %s fetch error %d: %s\n",opt->scheme,
+ res,errorbuffer);
+ fprintf(output,"\nKEY 0x%s FAILED %d\n",getkey,curl_err_to_gpg_err(res));
+ }
+ else
+ {
+ curl_writer_finalize(&ctx);
+ if(!ctx.flags.done)
+ {
+ fprintf(console,"gpgkeys: no key data found for %s\n",request);
+ fprintf(output,"\nKEY 0x%s FAILED %d\n",
+ getkey,KEYSERVER_KEY_NOT_FOUND);
+ }
+ else
+ fprintf(output,"\nKEY 0x%s END\n",getkey);
+ }
+
+ return curl_err_to_gpg_err(res);
+}
+
+static void
+show_help (FILE *fp)
+{
+ fprintf (fp,"-h, --help\thelp\n");
+ fprintf (fp,"-V\t\tmachine readable version\n");
+ fprintf (fp,"--version\thuman readable version\n");
+ fprintf (fp,"-o\t\toutput to this file\n");
+}
+
+int
+main(int argc,char *argv[])
+{
+ int arg,ret=KEYSERVER_INTERNAL_ERROR,i;
+ char line[MAX_LINE];
+ char *thekey=NULL;
+ long follow_redirects=5;
+ char *proxy=NULL;
+ curl_version_info_data *curldata;
+ struct curl_slist *headers=NULL;
+
+ console=stderr;
+
+ /* Kludge to implement standard GNU options. */
+ if (argc > 1 && !strcmp (argv[1], "--version"))
+ {
+ printf ("gpgkeys_curl (GnuPG) %s\n", VERSION);
+ printf ("Uses: %s\n", curl_version());
+ return 0;
+ }
+ else if (argc > 1 && !strcmp (argv[1], "--help"))
+ {
+ show_help (stdout);
+ return 0;
+ }
+
+ while((arg=getopt(argc,argv,"hVo:"))!=-1)
+ switch(arg)
+ {
+ default:
+ case 'h':
+ show_help (console);
+ return KEYSERVER_OK;
+
+ case 'V':
+ fprintf(stdout,"%d\n%s\n",KEYSERVER_PROTO_VERSION,VERSION);
+ return KEYSERVER_OK;
+
+ case 'o':
+ output=fopen(optarg,"wb");
+ if(output==NULL)
+ {
+ fprintf(console,"gpgkeys: Cannot open output file `%s': %s\n",
+ optarg,strerror(errno));
+ return KEYSERVER_INTERNAL_ERROR;
+ }
+
+ break;
+ }
+
+ if(argc>optind)
+ {
+ input=fopen(argv[optind],"r");
+ if(input==NULL)
+ {
+ fprintf(console,"gpgkeys: Cannot open input file `%s': %s\n",
+ argv[optind],strerror(errno));
+ return KEYSERVER_INTERNAL_ERROR;
+ }
+ }
+
+ if(input==NULL)
+ input=stdin;
+
+ if(output==NULL)
+ output=stdout;
+
+ opt=init_ks_options();
+ if(!opt)
+ return KEYSERVER_NO_MEMORY;
+
+ /* Get the command and info block */
+
+ while(fgets(line,MAX_LINE,input)!=NULL)
+ {
+ int err;
+ char option[MAX_OPTION+1];
+
+ if(line[0]=='\n')
+ break;
+
+ err=parse_ks_options(line,opt);
+ if(err>0)
+ {
+ ret=err;
+ goto fail;
+ }
+ else if(err==0)
+ continue;
+
+ if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1)
+ {
+ int no=0;
+ char *start=&option[0];
+
+ option[MAX_OPTION]='\0';
+
+ if(strncasecmp(option,"no-",3)==0)
+ {
+ no=1;
+ start=&option[3];
+ }
+
+ if(strncasecmp(start,"http-proxy",10)==0)
+ {
+ /* Safe to not check the return code of strdup() here.
+ If it fails, we simply won't use a proxy. */
+ if(no)
+ {
+ free(proxy);
+ proxy=strdup("");
+ }
+ else if(start[10]=='=')
+ {
+ if(strlen(&start[11])<MAX_PROXY)
+ {
+ free(proxy);
+ proxy=strdup(&start[11]);
+ }
+ }
+ }
+ else if(strncasecmp(start,"follow-redirects",16)==0)
+ {
+ if(no)
+ follow_redirects=0;
+ else if(start[16]=='=')
+ follow_redirects=atoi(&start[17]);
+ else if(start[16]=='\0')
+ follow_redirects=-1;
+ }
+
+ continue;
+ }
+ }
+
+ if(!opt->scheme)
+ {
+ fprintf(console,"gpgkeys: no scheme supplied!\n");
+ ret=KEYSERVER_SCHEME_NOT_FOUND;
+ goto fail;
+ }
+
+ if(!opt->host)
+ {
+ fprintf(console,"gpgkeys: no keyserver host provided\n");
+ goto fail;
+ }
+
+ if(opt->timeout && register_timeout()==-1)
+ {
+ fprintf(console,"gpgkeys: unable to register timeout handler\n");
+ return KEYSERVER_INTERNAL_ERROR;
+ }
+
+ curl_global_init(CURL_GLOBAL_DEFAULT);
+
+ curl=curl_easy_init();
+ if(!curl)
+ {
+ fprintf(console,"gpgkeys: unable to initialize curl\n");
+ ret=KEYSERVER_INTERNAL_ERROR;
+ goto fail;
+ }
+
+ /* Make sure we have the protocol the user is asking for so we can
+ print a nicer error message. */
+ curldata=curl_version_info(CURLVERSION_NOW);
+ for(i=0;curldata->protocols[i];i++)
+ if(strcasecmp(curldata->protocols[i],opt->scheme)==0)
+ break;
+
+ if(curldata->protocols[i]==NULL)
+ {
+ fprintf(console,"gpgkeys: protocol `%s' not supported\n",opt->scheme);
+ ret=KEYSERVER_SCHEME_NOT_FOUND;
+ goto fail;
+ }
+
+ if(follow_redirects)
+ {
+ curl_easy_setopt(curl,CURLOPT_FOLLOWLOCATION,1L);
+ if(follow_redirects>0)
+ curl_easy_setopt(curl,CURLOPT_MAXREDIRS,follow_redirects);
+ }
+
+ if(opt->auth)
+ curl_easy_setopt(curl,CURLOPT_USERPWD,opt->auth);
+
+ if(opt->debug)
+ {
+ fprintf(console,"gpgkeys: curl version = %s\n",curl_version());
+ curl_easy_setopt(curl,CURLOPT_STDERR,console);
+ curl_easy_setopt(curl,CURLOPT_VERBOSE,1L);
+ }
+
+ curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
+ curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
+
+ /* Avoid caches to get the most recent copy of the key. This is bug
+ #1061. In pre-curl versions of the code, we didn't do it. Then
+ we did do it (as a curl default) until curl changed the default.
+ Now we're doing it again, but in such a way that changing
+ defaults in the future won't impact us. We set both the Pragma
+ and Cache-Control versions of the header, so we're good with both
+ HTTP 1.0 and 1.1. */
+ headers=curl_slist_append(headers,"Pragma: no-cache");
+ if(headers)
+ headers=curl_slist_append(headers,"Cache-Control: no-cache");
+
+ if(!headers)
+ {
+ fprintf(console,"gpgkeys: out of memory when building HTTP headers\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ curl_easy_setopt(curl,CURLOPT_HTTPHEADER,headers);
+
+ if(proxy)
+ curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
+
+ /* If it's a GET or a SEARCH, the next thing to come in is the
+ keyids. If it's a SEND, then there are no keyids. */
+
+ if(opt->action==KS_GET)
+ {
+ /* Eat the rest of the file */
+ for(;;)
+ {
+ if(fgets(line,MAX_LINE,input)==NULL)
+ break;
+ else
+ {
+ if(line[0]=='\n' || line[0]=='\0')
+ break;
+
+ if(!thekey)
+ {
+ thekey=strdup(line);
+ if(!thekey)
+ {
+ fprintf(console,"gpgkeys: out of memory while "
+ "building key list\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ /* Trim the trailing \n */
+ thekey[strlen(line)-1]='\0';
+ }
+ }
+ }
+ }
+ else
+ {
+ fprintf(console,
+ "gpgkeys: this keyserver type only supports key retrieval\n");
+ goto fail;
+ }
+
+ if(!thekey)
+ {
+ fprintf(console,"gpgkeys: invalid keyserver instructions\n");
+ goto fail;
+ }
+
+ /* Send the response */
+
+ fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
+ fprintf(output,"PROGRAM %s\n\n",VERSION);
+
+ if(opt->verbose)
+ {
+ fprintf(console,"Scheme:\t\t%s\n",opt->scheme);
+ fprintf(console,"Host:\t\t%s\n",opt->host);
+ if(opt->port)
+ fprintf(console,"Port:\t\t%s\n",opt->port);
+ if(opt->path)
+ fprintf(console,"Path:\t\t%s\n",opt->path);
+ fprintf(console,"Command:\tGET\n");
+ }
+
+ set_timeout(opt->timeout);
+
+ ret=get_key(thekey);
+
+ fail:
+
+ free(thekey);
+
+ if(input!=stdin)
+ fclose(input);
+
+ if(output!=stdout)
+ fclose(output);
+
+ free_ks_options(opt);
+
+ curl_slist_free_all(headers);
+
+ if(curl)
+ curl_easy_cleanup(curl);
+
+ free(proxy);
+
+ curl_global_cleanup();
+
+ return ret;
+}
diff --git a/keyserver/gpgkeys_finger.c b/keyserver/gpgkeys_finger.c
new file mode 100644
index 0000000..721cb9a
--- /dev/null
+++ b/keyserver/gpgkeys_finger.c
@@ -0,0 +1,500 @@
+/* gpgkeys_finger.c - fetch a key via finger
+ * Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <unistd.h>
+#ifdef HAVE_GETOPT_H
+#include <getopt.h>
+#endif
+
+#ifdef HAVE_W32_SYSTEM
+#include <windows.h>
+#else
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <time.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#endif
+
+#define INCLUDED_BY_MAIN_MODULE 1
+#include "util.h"
+#include "keyserver.h"
+#include "ksutil.h"
+#include "iobuf.h"
+
+#ifdef HAVE_W32_SYSTEM
+#define sock_close(a) closesocket(a)
+#else
+#define sock_close(a) close(a)
+#endif
+
+extern char *optarg;
+extern int optind;
+
+static FILE *input,*output,*console;
+static struct ks_options *opt;
+
+
+/* Connect to SERVER at PORT and return a file descriptor or -1 on
+ error. */
+static int
+connect_server (const char *server, unsigned short port)
+{
+ int sock = -1;
+
+#ifdef HAVE_W32_SYSTEM
+ struct hostent *hp;
+ struct sockaddr_in addr;
+ unsigned long l;
+
+ w32_init_sockets ();
+
+ memset (&addr, 0, sizeof addr);
+ addr.sin_family = AF_INET;
+ addr.sin_port = htons (port);
+
+ /* Win32 gethostbyname doesn't handle IP addresses internally, so we
+ try inet_addr first on that platform only. */
+ if ((l = inet_addr (server)) != INADDR_NONE)
+ memcpy (&addr.sin_addr, &l, sizeof l);
+ else if ((hp = gethostbyname (server)))
+ {
+ if (hp->h_addrtype != AF_INET)
+ {
+ fprintf (console, "gpgkeys: unknown address family for `%s'\n",
+ server);
+ return -1;
+ }
+ if (hp->h_length != 4)
+ {
+ fprintf (console, "gpgkeys: illegal address length for `%s'\n",
+ server);
+ return -1;
+ }
+ memcpy (&addr.sin_addr, hp->h_addr, hp->h_length);
+ }
+ else
+ {
+ fprintf (console, "gpgkeys: host `%s' not found: ec=%d\n",
+ server, (int)WSAGetLastError ());
+ return -1;
+ }
+
+ sock = socket (AF_INET, SOCK_STREAM, 0);
+ if (sock == INVALID_SOCKET)
+ {
+ fprintf (console, "gpgkeys: error creating socket: ec=%d\n",
+ (int)WSAGetLastError ());
+ return -1;
+ }
+
+ if (connect (sock, (struct sockaddr *)&addr, sizeof addr))
+ {
+ fprintf (console, "gpgkeys: error connecting `%s': ec=%d\n",
+ server, (int)WSAGetLastError ());
+ sock_close (sock);
+ return -1;
+ }
+
+#else
+
+ struct sockaddr_in addr;
+ struct hostent *host;
+
+ addr.sin_family = AF_INET;
+ addr.sin_port = htons (port);
+ host = gethostbyname ((char*)server);
+ if (!host)
+ {
+ fprintf (console, "gpgkeys: host `%s' not found: %s\n",
+ server, strerror (errno));
+ return -1;
+ }
+
+ addr.sin_addr = *(struct in_addr*)host->h_addr;
+
+ sock = socket (AF_INET, SOCK_STREAM, 0);
+ if (sock == -1)
+ {
+ fprintf (console, "gpgkeys: error creating socket: %s\n",
+ strerror (errno));
+ return -1;
+ }
+
+ if (connect (sock, (struct sockaddr *)&addr, sizeof addr) == -1)
+ {
+ fprintf (console, "gpgkeys: error connecting `%s': %s\n",
+ server, strerror (errno));
+ close (sock);
+ return -1;
+ }
+#endif
+
+ return sock;
+}
+
+static int
+write_server (int sock, const char *data, size_t length)
+{
+ int nleft;
+
+ nleft = length;
+ while (nleft > 0)
+ {
+ int nwritten;
+
+#ifdef HAVE_W32_SYSTEM
+ nwritten = send (sock, data, nleft, 0);
+ if ( nwritten == SOCKET_ERROR )
+ {
+ fprintf (console, "gpgkeys: write failed: ec=%d\n",
+ (int)WSAGetLastError ());
+ return -1;
+ }
+#else
+ nwritten = write (sock, data, nleft);
+ if (nwritten == -1)
+ {
+ if (errno == EINTR)
+ continue;
+ if (errno == EAGAIN)
+ {
+ struct timeval tv;
+
+ tv.tv_sec = 0;
+ tv.tv_usec = 50000;
+ select(0, NULL, NULL, NULL, &tv);
+ continue;
+ }
+ fprintf (console, "gpgkeys: write failed: %s\n", strerror(errno));
+ return -1;
+ }
+#endif
+ nleft -=nwritten;
+ data += nwritten;
+ }
+
+ return 0;
+}
+
+
+/* Send the finger REQUEST to the server. Returns 0 and a file descriptor
+ in R_SOCK if the request was sucessful. */
+static int
+send_request (const char *request, int *r_sock)
+{
+ char *server;
+ char *name;
+ int sock;
+
+ *r_sock = -1;
+ name = strdup (request);
+ if (!name)
+ {
+ fprintf(console,"gpgkeys: out of memory\n");
+ return KEYSERVER_NO_MEMORY;
+ }
+
+ server = strchr (name, '@');
+ if (!server)
+ {
+ fprintf (console, "gpgkeys: no name included in request\n");
+ free (name);
+ return KEYSERVER_GENERAL_ERROR;
+ }
+ *server++ = 0;
+
+ sock = connect_server (server, 79);
+ if (sock == -1)
+ {
+ free (name);
+ return KEYSERVER_UNREACHABLE;
+ }
+
+ if (write_server (sock, name, strlen (name))
+ || write_server (sock, "\r\n", 2))
+ {
+ free (name);
+ sock_close (sock);
+ return KEYSERVER_GENERAL_ERROR;
+ }
+ free (name);
+ *r_sock = sock;
+ return 0;
+}
+
+
+
+static int
+get_key (char *getkey)
+{
+ int rc;
+ int sock;
+ iobuf_t fp_read;
+ unsigned int maxlen, buflen, gotit=0;
+ byte *line = NULL;
+
+ if (strncmp (getkey,"0x",2)==0)
+ getkey+=2;
+
+ /* Frankly we don't know what keys the server will return; we
+ indicated the requested key anyway. */
+ fprintf(output,"KEY 0x%s BEGIN\n",getkey);
+
+ rc=send_request(opt->opaque,&sock);
+ if(rc)
+ {
+ fprintf(output,"KEY 0x%s FAILED %d\n",getkey, rc);
+ sock_close (sock);
+ return KEYSERVER_OK;
+ }
+
+ /* Hmmm, we use iobuf here only to cope with Windows socket
+ peculiarities (we can't used fdopen). */
+ fp_read = iobuf_sockopen (sock , "r");
+ if (!fp_read)
+ {
+ fprintf(output,"KEY 0x%s FAILED %d\n",getkey, KEYSERVER_INTERNAL_ERROR);
+ sock_close (sock);
+ return KEYSERVER_OK;
+ }
+
+ while ( iobuf_read_line ( fp_read, &line, &buflen, &maxlen))
+ {
+ maxlen=1024;
+
+ if(gotit)
+ {
+ print_nocr(output, (const char*)line);
+ if (!strncmp((char*)line,END,strlen(END)))
+ break;
+ }
+ else if(!strncmp((char*)line,BEGIN,strlen(BEGIN)))
+ {
+ print_nocr(output, (const char*)line);
+ gotit=1;
+ }
+ }
+
+ if(gotit)
+ fprintf (output,"KEY 0x%s END\n", getkey);
+ else
+ {
+ fprintf(console,"gpgkeys: no key data found for finger:%s\n",
+ opt->opaque);
+ fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_KEY_NOT_FOUND);
+ }
+
+ xfree(line);
+ iobuf_close (fp_read);
+
+ return KEYSERVER_OK;
+}
+
+
+static void
+show_help (FILE *fp)
+{
+ fprintf (fp,"-h, --help\thelp\n");
+ fprintf (fp,"-V\t\tmachine readable version\n");
+ fprintf (fp,"--version\thuman readable version\n");
+ fprintf (fp,"-o\t\toutput to this file\n");
+}
+
+int
+main(int argc,char *argv[])
+{
+ int arg,ret=KEYSERVER_INTERNAL_ERROR;
+ char line[MAX_LINE];
+ char *thekey=NULL;
+
+ console=stderr;
+
+ /* Kludge to implement standard GNU options. */
+ if (argc > 1 && !strcmp (argv[1], "--version"))
+ {
+ fputs ("gpgkeys_finger (GnuPG) " VERSION"\n", stdout);
+ return 0;
+ }
+ else if (argc > 1 && !strcmp (argv[1], "--help"))
+ {
+ show_help (stdout);
+ return 0;
+ }
+
+ while((arg=getopt(argc,argv,"hVo:"))!=-1)
+ switch(arg)
+ {
+ default:
+ case 'h':
+ show_help (console);
+ return KEYSERVER_OK;
+
+ case 'V':
+ fprintf(stdout,"%d\n%s\n",KEYSERVER_PROTO_VERSION,VERSION);
+ return KEYSERVER_OK;
+
+ case 'o':
+ output=fopen(optarg,"w");
+ if(output==NULL)
+ {
+ fprintf(console,"gpgkeys: Cannot open output file `%s': %s\n",
+ optarg,strerror(errno));
+ return KEYSERVER_INTERNAL_ERROR;
+ }
+
+ break;
+ }
+
+ if(argc>optind)
+ {
+ input=fopen(argv[optind],"r");
+ if(input==NULL)
+ {
+ fprintf(console,"gpgkeys: Cannot open input file `%s': %s\n",
+ argv[optind],strerror(errno));
+ return KEYSERVER_INTERNAL_ERROR;
+ }
+ }
+
+ if(input==NULL)
+ input=stdin;
+
+ if(output==NULL)
+ output=stdout;
+
+ opt=init_ks_options();
+ if(!opt)
+ return KEYSERVER_NO_MEMORY;
+
+ /* Get the command and info block */
+
+ while(fgets(line,MAX_LINE,input)!=NULL)
+ {
+ int err;
+
+ if(line[0]=='\n')
+ break;
+
+ err=parse_ks_options(line,opt);
+ if(err>0)
+ {
+ ret=err;
+ goto fail;
+ }
+ else if(err==0)
+ continue;
+ }
+
+ if(opt->host)
+ {
+ fprintf(console,"gpgkeys: finger://relay/user syntax is not"
+ " supported. Use finger:user instead.\n");
+ ret=KEYSERVER_NOT_SUPPORTED;
+ goto fail;
+ }
+
+ if(opt->timeout && register_timeout()==-1)
+ {
+ fprintf(console,"gpgkeys: unable to register timeout handler\n");
+ return KEYSERVER_INTERNAL_ERROR;
+ }
+
+ /* If it's a GET or a SEARCH, the next thing to come in is the
+ keyids. If it's a SEND, then there are no keyids. */
+
+ if(opt->action==KS_GET)
+ {
+ /* Eat the rest of the file */
+ for(;;)
+ {
+ if(fgets(line,MAX_LINE,input)==NULL)
+ break;
+ else
+ {
+ if(line[0]=='\n' || line[0]=='\0')
+ break;
+
+ if(!thekey)
+ {
+ thekey=strdup(line);
+ if(!thekey)
+ {
+ fprintf(console,"gpgkeys: out of memory while "
+ "building key list\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ /* Trim the trailing \n */
+ thekey[strlen(line)-1]='\0';
+ }
+ }
+ }
+ }
+ else
+ {
+ fprintf(console,
+ "gpgkeys: this keyserver type only supports key retrieval\n");
+ goto fail;
+ }
+
+ if(!thekey || !opt->opaque)
+ {
+ fprintf(console,"gpgkeys: invalid keyserver instructions\n");
+ goto fail;
+ }
+
+ /* Send the response */
+
+ fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
+ fprintf(output,"PROGRAM %s\n\n",VERSION);
+
+ if(opt->verbose>1)
+ {
+ fprintf(console,"User:\t\t%s\n",opt->opaque);
+ fprintf(console,"Command:\tGET\n");
+ }
+
+ set_timeout(opt->timeout);
+
+ ret=get_key(thekey);
+
+ fail:
+
+ free(thekey);
+
+ if(input!=stdin)
+ fclose(input);
+
+ if(output!=stdout)
+ fclose(output);
+
+ free_ks_options(opt);
+
+ return ret;
+}
diff --git a/keyserver/gpgkeys_hkp.c b/keyserver/gpgkeys_hkp.c
new file mode 100644
index 0000000..ee6421a
--- /dev/null
+++ b/keyserver/gpgkeys_hkp.c
@@ -0,0 +1,977 @@
+/* gpgkeys_hkp.c - talk to an HKP keyserver
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+ * 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, as a special exception, the Free Software Foundation
+ * gives permission to link the code of the keyserver helper tools:
+ * gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL
+ * project's "OpenSSL" library (or with modified versions of it that
+ * use the same license as the "OpenSSL" library), and distribute the
+ * linked executables. You must obey the GNU General Public License
+ * in all respects for all of the code used other than "OpenSSL". If
+ * you modify this file, you may extend this exception to your version
+ * of the file, but you are not obligated to do so. If you do not
+ * wish to do so, delete this exception statement from your version.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <unistd.h>
+#ifdef HAVE_GETOPT_H
+#include <getopt.h>
+#endif
+#ifdef HAVE_LIBCURL
+#include <curl/curl.h>
+#else
+#include "curl-shim.h"
+#endif
+#include "util.h"
+#ifdef USE_DNS_SRV
+#include "srv.h"
+#endif
+#include "keyserver.h"
+#include "ksutil.h"
+
+extern char *optarg;
+extern int optind;
+
+static FILE *input,*output,*console;
+static CURL *curl;
+static struct ks_options *opt;
+static char errorbuffer[CURL_ERROR_SIZE];
+static char *proto,*port;
+
+static size_t
+curl_mrindex_writer(const void *ptr,size_t size,size_t nmemb,void *stream)
+{
+ static int checked=0,swallow=0;
+
+ if(!checked)
+ {
+ /* If the document begins with a '<', assume it's a HTML
+ response, which we don't support. Discard the whole message
+ body. GPG can handle it, but this is an optimization to deal
+ with it on this side of the pipe. */
+ const char *buf=ptr;
+ if(buf[0]=='<')
+ swallow=1;
+
+ checked=1;
+ }
+
+ if(swallow || fwrite(ptr,size,nmemb,stream)==nmemb)
+ return size*nmemb;
+ else
+ return 0;
+}
+
+/* Append but avoid creating a double slash // in the path. */
+static char *
+append_path(char *dest,const char *src)
+{
+ size_t n=strlen(dest);
+
+ if(src[0]=='/' && n>0 && dest[n-1]=='/')
+ dest[n-1]='\0';
+
+ return strcat(dest,src);
+}
+
+/* Return a pointer into STRING so that appending PATH to STRING will
+ not yield a duplicated slash. */
+static const char *
+appendable_path (const char *string, const char *path)
+{
+ size_t n;
+
+ if (path[0] == '/' && (n=strlen (string)) && string[n-1] == '/')
+ return path+1;
+ else
+ return path;
+}
+
+
+int
+send_key(int *r_eof)
+{
+ CURLcode res;
+ char request[MAX_URL+15];
+ int begin=0,end=0,ret=KEYSERVER_INTERNAL_ERROR;
+ char keyid[17],state[6];
+ char line[MAX_LINE];
+ char *key=NULL,*encoded_key=NULL;
+ size_t keylen=0,keymax=0;
+
+ /* Read and throw away input until we see the BEGIN */
+
+ while(fgets(line,MAX_LINE,input)!=NULL)
+ if(sscanf(line,"KEY%*[ ]%16s%*[ ]%5s\n",keyid,state)==2
+ && strcmp(state,"BEGIN")==0)
+ {
+ begin=1;
+ break;
+ }
+
+ if(!begin)
+ {
+ /* i.e. eof before the KEY BEGIN was found. This isn't an
+ error. */
+ *r_eof=1;
+ ret=KEYSERVER_OK;
+ goto fail;
+ }
+
+ /* Now slurp up everything until we see the END */
+
+ while(fgets(line,MAX_LINE,input))
+ if(sscanf(line,"KEY%*[ ]%16s%*[ ]%3s\n",keyid,state)==2
+ && strcmp(state,"END")==0)
+ {
+ end=1;
+ break;
+ }
+ else
+ {
+ if(strlen(line)+keylen>keymax)
+ {
+ char *tmp;
+
+ keymax+=200;
+ tmp=realloc(key,keymax+1);
+ if(!tmp)
+ {
+ free(key);
+ fprintf(console,"gpgkeys: out of memory\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ key=tmp;
+ }
+
+ strcpy(&key[keylen],line);
+ keylen+=strlen(line);
+ }
+
+ if(!end)
+ {
+ fprintf(console,"gpgkeys: no KEY %s END found\n",keyid);
+ *r_eof=1;
+ ret=KEYSERVER_KEY_INCOMPLETE;
+ goto fail;
+ }
+
+ encoded_key=curl_escape(key,keylen);
+ if(!encoded_key)
+ {
+ fprintf(console,"gpgkeys: out of memory\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ free(key);
+
+ key = strconcat ("keytext=", encoded_key, NULL);
+ if(!key)
+ {
+ fprintf(console,"gpgkeys: out of memory\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ strcpy(request,proto);
+ strcat(request,"://");
+ strcat(request,opt->host);
+ strcat(request,":");
+ strcat(request,port);
+ strcat(request,opt->path);
+ /* request is MAX_URL+15 bytes long - MAX_URL covers the whole URL,
+ including any supplied path. The 15 covers /pks/add. */
+ append_path(request,"/pks/add");
+
+ if(opt->verbose>2)
+ fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request);
+
+ curl_easy_setopt(curl,CURLOPT_URL,request);
+ curl_easy_setopt(curl,CURLOPT_POST,1L);
+ curl_easy_setopt(curl,CURLOPT_POSTFIELDS,key);
+ curl_easy_setopt(curl,CURLOPT_FAILONERROR,1L);
+
+ res=curl_easy_perform(curl);
+ if(res!=0)
+ {
+ fprintf(console,"gpgkeys: HTTP post error %d: %s\n",res,errorbuffer);
+ ret=curl_err_to_gpg_err(res);
+ goto fail;
+ }
+ else
+ fprintf(output,"\nKEY %s SENT\n",keyid);
+
+ ret=KEYSERVER_OK;
+
+ fail:
+ xfree (key);
+ curl_free(encoded_key);
+
+ if(ret!=0 && begin)
+ fprintf(output,"KEY %s FAILED %d\n",keyid,ret);
+
+ return ret;
+}
+
+static int
+get_key(char *getkey)
+{
+ CURLcode res;
+ char request[MAX_URL+92];
+ char *offset;
+ struct curl_writer_ctx ctx;
+ size_t keylen;
+
+ memset(&ctx,0,sizeof(ctx));
+
+ /* Build the search string. HKP only uses the short key IDs. */
+
+ if(strncmp(getkey,"0x",2)==0)
+ getkey+=2;
+
+ fprintf(output,"KEY 0x%s BEGIN\n",getkey);
+
+ if(strlen(getkey)==32)
+ {
+ fprintf(console,
+ "gpgkeys: HKP keyservers do not support v3 fingerprints\n");
+ fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_NOT_SUPPORTED);
+ return KEYSERVER_NOT_SUPPORTED;
+ }
+
+ strcpy(request,proto);
+ strcat(request,"://");
+ strcat(request,opt->host);
+ strcat(request,":");
+ strcat(request,port);
+ strcat(request,opt->path);
+ /* request is MAX_URL+55 bytes long - MAX_URL covers the whole URL,
+ including any supplied path. The 92 overcovers this /pks/... etc
+ string plus the 8, 16, or 40 bytes of key id/fingerprint */
+ append_path(request,"/pks/lookup?op=get&options=mr&search=0x");
+
+ /* send only fingerprint, long key id, or short keyid. see:
+ https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-3.1.1.1 */
+ keylen = strlen(getkey);
+ if(keylen >= 40)
+ offset=&getkey[keylen-40];
+ else if(keylen >= 16)
+ offset=&getkey[keylen-16];
+ else if(keylen >= 8)
+ offset=&getkey[keylen-8];
+ else
+ offset=getkey;
+
+ strcat(request,offset);
+
+ if(opt->verbose>2)
+ fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request);
+
+ curl_easy_setopt(curl,CURLOPT_URL,request);
+ curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_writer);
+ ctx.stream=output;
+ curl_easy_setopt(curl,CURLOPT_FILE,&ctx);
+
+ res=curl_easy_perform(curl);
+ if(res!=CURLE_OK)
+ {
+ fprintf(console,"gpgkeys: HTTP fetch error %d: %s\n",res,errorbuffer);
+ fprintf(output,"\nKEY 0x%s FAILED %d\n",getkey,curl_err_to_gpg_err(res));
+ }
+ else
+ {
+ curl_writer_finalize(&ctx);
+ if(!ctx.flags.done)
+ {
+ fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey);
+ fprintf(output,"\nKEY 0x%s FAILED %d\n",
+ getkey,KEYSERVER_KEY_NOT_FOUND);
+ }
+ else
+ fprintf(output,"\nKEY 0x%s END\n",getkey);
+ }
+
+ return KEYSERVER_OK;
+}
+
+static int
+get_name(const char *getkey)
+{
+ CURLcode res;
+ char *request=NULL;
+ char *searchkey_encoded;
+ int ret=KEYSERVER_INTERNAL_ERROR;
+ struct curl_writer_ctx ctx;
+
+ memset(&ctx,0,sizeof(ctx));
+
+ searchkey_encoded=curl_escape((char *)getkey,0);
+ if(!searchkey_encoded)
+ {
+ fprintf(console,"gpgkeys: out of memory\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ request = strconcat
+ (proto,
+ "://",
+ opt->host,
+ ":",
+ port,
+ opt->path,
+ appendable_path (opt->path,"/pks/lookup?op=get&options=mr&search="),
+ searchkey_encoded,
+ opt->action == KS_GETNAME? "&exact=on":"",
+ NULL);
+ if(!request)
+ {
+ fprintf(console,"gpgkeys: out of memory\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ fprintf(output,"NAME %s BEGIN\n",getkey);
+
+ if(opt->verbose>2)
+ fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request);
+
+ curl_easy_setopt(curl,CURLOPT_URL,request);
+ curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_writer);
+ ctx.stream=output;
+ curl_easy_setopt(curl,CURLOPT_FILE,&ctx);
+
+ res=curl_easy_perform(curl);
+ if(res!=CURLE_OK)
+ {
+ fprintf(console,"gpgkeys: HTTP fetch error %d: %s\n",res,errorbuffer);
+ ret=curl_err_to_gpg_err(res);
+ }
+ else
+ {
+ curl_writer_finalize(&ctx);
+ if(!ctx.flags.done)
+ {
+ fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey);
+ ret=KEYSERVER_KEY_NOT_FOUND;
+ }
+ else
+ {
+ fprintf(output,"\nNAME %s END\n",getkey);
+ ret=KEYSERVER_OK;
+ }
+ }
+
+ fail:
+ curl_free(searchkey_encoded);
+ xfree (request);
+
+ if(ret!=KEYSERVER_OK)
+ fprintf(output,"\nNAME %s FAILED %d\n",getkey,ret);
+
+ return ret;
+}
+
+static int
+search_key(const char *searchkey)
+{
+ CURLcode res;
+ char *request=NULL;
+ char *searchkey_encoded;
+ int ret=KEYSERVER_INTERNAL_ERROR;
+ enum ks_search_type search_type;
+ const char *hexprefix;
+
+ search_type=classify_ks_search(&searchkey);
+
+ if(opt->debug)
+ fprintf(console,"gpgkeys: search type is %d, and key is \"%s\"\n",
+ search_type,searchkey);
+
+ searchkey_encoded=curl_escape((char *)searchkey,0);
+ if(!searchkey_encoded)
+ {
+ fprintf(console,"gpgkeys: out of memory\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ /* HKP keyservers like the 0x to be present when searching by
+ keyid. */
+ hexprefix = (search_type==KS_SEARCH_KEYID_SHORT
+ || search_type==KS_SEARCH_KEYID_LONG)? "0x":"";
+
+ request = strconcat
+ (proto,
+ "://",
+ opt->host,
+ ":",
+ port,
+ opt->path,
+ appendable_path (opt->path, "/pks/lookup?op=index&options=mr&search="),
+ hexprefix,
+ searchkey_encoded,
+ opt->action == KS_GETNAME? "&exact=on":"",
+ NULL);
+ if(!request)
+ {
+ fprintf(console,"gpgkeys: out of memory\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ fprintf(output,"SEARCH %s BEGIN\n",searchkey);
+
+ if(opt->verbose>2)
+ fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request);
+
+ curl_easy_setopt(curl,CURLOPT_URL,request);
+ curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_mrindex_writer);
+ curl_easy_setopt(curl,CURLOPT_FILE,output);
+
+ res=curl_easy_perform(curl);
+ if(res!=0)
+ {
+ fprintf(console,"gpgkeys: HTTP search error %d: %s\n",res,errorbuffer);
+ ret=curl_err_to_gpg_err(res);
+ }
+ else
+ {
+ fprintf(output,"\nSEARCH %s END\n",searchkey);
+ ret=KEYSERVER_OK;
+ }
+
+ fail:
+ curl_free(searchkey_encoded);
+ xfree (request);
+
+ if(ret!=KEYSERVER_OK)
+ fprintf(output,"\nSEARCH %s FAILED %d\n",searchkey,ret);
+
+ return ret;
+}
+
+void
+fail_all(struct keylist *keylist,int err)
+{
+ if(!keylist)
+ return;
+
+ if(opt->action==KS_SEARCH)
+ {
+ fprintf(output,"SEARCH ");
+ while(keylist)
+ {
+ fprintf(output,"%s ",keylist->str);
+ keylist=keylist->next;
+ }
+ fprintf(output,"FAILED %d\n",err);
+ }
+ else
+ while(keylist)
+ {
+ fprintf(output,"KEY %s FAILED %d\n",keylist->str,err);
+ keylist=keylist->next;
+ }
+}
+
+#ifdef HAVE_LIBCURL
+/* If there is a SRV record, take the highest ranked possibility.
+ This is a hack, as we don't proceed downwards. */
+static void
+srv_replace(const char *srvtag)
+{
+#ifdef USE_DNS_SRV
+ struct srventry *srvlist=NULL;
+ int srvcount;
+
+ if(!srvtag)
+ return;
+
+ if(1+strlen(srvtag)+6+strlen(opt->host)+1<=MAXDNAME)
+ {
+ char srvname[MAXDNAME];
+
+ strcpy(srvname,"_");
+ strcat(srvname,srvtag);
+ strcat(srvname,"._tcp.");
+ strcat(srvname,opt->host);
+ srvcount=getsrv(srvname,&srvlist);
+ }
+
+ if(srvlist)
+ {
+ char *newname,*newport;
+
+ newname=strdup(srvlist->target);
+ newport=malloc(MAX_PORT);
+ if(newname && newport)
+ {
+ free(opt->host);
+ free(opt->port);
+ opt->host=newname;
+ snprintf(newport,MAX_PORT,"%u",srvlist->port);
+ opt->port=newport;
+ }
+ else
+ {
+ free(newname);
+ free(newport);
+ }
+ }
+#endif
+}
+#endif
+
+static void
+show_help (FILE *fp)
+{
+ fprintf (fp,"-h, --help\thelp\n");
+ fprintf (fp,"-V\t\tmachine readable version\n");
+ fprintf (fp,"--version\thuman readable version\n");
+ fprintf (fp,"-o\t\toutput to this file\n");
+}
+
+int
+main(int argc,char *argv[])
+{
+ int arg,ret=KEYSERVER_INTERNAL_ERROR,try_srv=1;
+ char line[MAX_LINE];
+ int failed=0;
+ struct keylist *keylist=NULL,*keyptr=NULL;
+ char *proxy=NULL;
+ struct curl_slist *headers=NULL;
+
+ console=stderr;
+
+ /* Kludge to implement standard GNU options. */
+ if (argc > 1 && !strcmp (argv[1], "--version"))
+ {
+ printf ("gpgkeys_hkp (GnuPG) %s\n", VERSION);
+ printf ("Uses: %s\n", curl_version());
+ return 0;
+ }
+ else if (argc > 1 && !strcmp (argv[1], "--help"))
+ {
+ show_help (stdout);
+ return 0;
+ }
+
+ while((arg=getopt(argc,argv,"hVo:"))!=-1)
+ switch(arg)
+ {
+ default:
+ case 'h':
+ show_help (console);
+ return KEYSERVER_OK;
+
+ case 'V':
+ fprintf(stdout,"%d\n%s\n",KEYSERVER_PROTO_VERSION,VERSION);
+ return KEYSERVER_OK;
+
+ case 'o':
+ output=fopen(optarg,"w");
+ if(output==NULL)
+ {
+ fprintf(console,"gpgkeys: Cannot open output file `%s': %s\n",
+ optarg,strerror(errno));
+ return KEYSERVER_INTERNAL_ERROR;
+ }
+
+ break;
+ }
+
+ if(argc>optind)
+ {
+ input=fopen(argv[optind],"r");
+ if(input==NULL)
+ {
+ fprintf(console,"gpgkeys: Cannot open input file `%s': %s\n",
+ argv[optind],strerror(errno));
+ return KEYSERVER_INTERNAL_ERROR;
+ }
+ }
+
+ if(input==NULL)
+ input=stdin;
+
+ if(output==NULL)
+ output=stdout;
+
+ opt=init_ks_options();
+ if(!opt)
+ return KEYSERVER_NO_MEMORY;
+
+ /* Get the command and info block */
+
+ while(fgets(line,MAX_LINE,input)!=NULL)
+ {
+ int err;
+ char option[MAX_OPTION+1];
+
+ if(line[0]=='\n')
+ break;
+
+ err=parse_ks_options(line,opt);
+ if(err>0)
+ {
+ ret=err;
+ goto fail;
+ }
+ else if(err==0)
+ continue;
+
+ if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1)
+ {
+ int no=0;
+ char *start=&option[0];
+
+ option[MAX_OPTION]='\0';
+
+ if(strncasecmp(option,"no-",3)==0)
+ {
+ no=1;
+ start=&option[3];
+ }
+
+ if(strncasecmp(start,"http-proxy",10)==0)
+ {
+ if(no)
+ {
+ free(proxy);
+ proxy=strdup("");
+ }
+ else if(start[10]=='=')
+ {
+ if(strlen(&start[11])<MAX_PROXY)
+ {
+ free(proxy);
+ proxy=strdup(&start[11]);
+ }
+ }
+ }
+ else if(strcasecmp(start,"try-dns-srv")==0)
+ {
+ if(no)
+ try_srv=0;
+ else
+ try_srv=1;
+ }
+
+ continue;
+ }
+ }
+
+ if(!opt->scheme)
+ {
+ fprintf(console,"gpgkeys: no scheme supplied!\n");
+ ret=KEYSERVER_SCHEME_NOT_FOUND;
+ goto fail;
+ }
+
+ if(ks_strcasecmp(opt->scheme,"hkps")==0)
+ {
+ proto="https";
+ port="443";
+ }
+ else
+ {
+ proto="http";
+ port="11371";
+ }
+
+ if(!opt->host)
+ {
+ fprintf(console,"gpgkeys: no keyserver host provided\n");
+ goto fail;
+ }
+
+ if(opt->timeout && register_timeout()==-1)
+ {
+ fprintf(console,"gpgkeys: unable to register timeout handler\n");
+ return KEYSERVER_INTERNAL_ERROR;
+ }
+
+ curl_global_init(CURL_GLOBAL_DEFAULT);
+ curl=curl_easy_init();
+ if(!curl)
+ {
+ fprintf(console,"gpgkeys: unable to initialize curl\n");
+ ret=KEYSERVER_INTERNAL_ERROR;
+ goto fail;
+ }
+
+ /* If the user gives a :port, then disable SRV. The semantics of a
+ specified port and SRV do not play well together. */
+ if(opt->port)
+ port=opt->port;
+ else if(try_srv)
+ {
+ char *srvtag;
+
+ if(ks_strcasecmp(opt->scheme,"hkp")==0)
+ srvtag="pgpkey-http";
+ else if(ks_strcasecmp(opt->scheme,"hkps")==0)
+ srvtag="pgpkey-https";
+ else
+ srvtag=NULL;
+
+#ifdef HAVE_LIBCURL
+ /* We're using libcurl, so fake SRV support via our wrapper.
+ This isn't as good as true SRV support, as we do not try all
+ possible targets at one particular level and work our way
+ down the list, but it's better than nothing. */
+ srv_replace(srvtag);
+#else
+ /* We're using our internal curl shim, so we can use its (true)
+ SRV support. Obviously, CURLOPT_SRVTAG_GPG_HACK isn't a real
+ libcurl option. It's specific to our shim. */
+ curl_easy_setopt(curl,CURLOPT_SRVTAG_GPG_HACK,srvtag);
+#endif
+ }
+
+ curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errorbuffer);
+
+ if(opt->auth)
+ curl_easy_setopt(curl,CURLOPT_USERPWD,opt->auth);
+
+ if(opt->debug)
+ {
+ fprintf(console,"gpgkeys: curl version = %s\n",curl_version());
+ curl_easy_setopt(curl,CURLOPT_STDERR,console);
+ curl_easy_setopt(curl,CURLOPT_VERBOSE,1L);
+ }
+
+ curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
+ curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
+
+ /* Avoid caches to get the most recent copy of the key. This is bug
+ #1061. In pre-curl versions of the code, we didn't do it. Then
+ we did do it (as a curl default) until curl changed the default.
+ Now we're doing it again, but in such a way that changing
+ defaults in the future won't impact us. We set both the Pragma
+ and Cache-Control versions of the header, so we're good with both
+ HTTP 1.0 and 1.1. */
+ headers=curl_slist_append(headers,"Pragma: no-cache");
+ if(headers)
+ headers=curl_slist_append(headers,"Cache-Control: no-cache");
+
+ if(!headers)
+ {
+ fprintf(console,"gpgkeys: out of memory when building HTTP headers\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ curl_easy_setopt(curl,CURLOPT_HTTPHEADER,headers);
+
+ if(proxy)
+ curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
+
+ /* If it's a GET or a SEARCH, the next thing to come in is the
+ keyids. If it's a SEND, then there are no keyids. */
+
+ if(opt->action==KS_SEND)
+ while(fgets(line,MAX_LINE,input)!=NULL && line[0]!='\n');
+ else if(opt->action==KS_GET
+ || opt->action==KS_GETNAME || opt->action==KS_SEARCH)
+ {
+ for(;;)
+ {
+ struct keylist *work;
+
+ if(fgets(line,MAX_LINE,input)==NULL)
+ break;
+ else
+ {
+ if(line[0]=='\n' || line[0]=='\0')
+ break;
+
+ work=malloc(sizeof(struct keylist));
+ if(work==NULL)
+ {
+ fprintf(console,"gpgkeys: out of memory while "
+ "building key list\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ strcpy(work->str,line);
+
+ /* Trim the trailing \n */
+ work->str[strlen(line)-1]='\0';
+
+ work->next=NULL;
+
+ /* Always attach at the end to keep the list in proper
+ order for searching */
+ if(keylist==NULL)
+ keylist=work;
+ else
+ keyptr->next=work;
+
+ keyptr=work;
+ }
+ }
+ }
+ else
+ {
+ fprintf(console,"gpgkeys: no keyserver command specified\n");
+ goto fail;
+ }
+
+ /* Send the response */
+
+ fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
+ fprintf(output,"PROGRAM %s\n\n",VERSION);
+
+ if(opt->verbose>1)
+ {
+ fprintf(console,"Host:\t\t%s\n",opt->host);
+ if(opt->port)
+ fprintf(console,"Port:\t\t%s\n",opt->port);
+ if(strcmp(opt->path,"/")!=0)
+ fprintf(console,"Path:\t\t%s\n",opt->path);
+ fprintf(console,"Command:\t%s\n",ks_action_to_string(opt->action));
+ }
+
+ if(opt->action==KS_GET)
+ {
+ keyptr=keylist;
+
+ while(keyptr!=NULL)
+ {
+ set_timeout(opt->timeout);
+
+ if(get_key(keyptr->str)!=KEYSERVER_OK)
+ failed++;
+
+ keyptr=keyptr->next;
+ }
+ }
+ else if(opt->action==KS_GETNAME)
+ {
+ keyptr=keylist;
+
+ while(keyptr!=NULL)
+ {
+ set_timeout(opt->timeout);
+
+ if(get_name(keyptr->str)!=KEYSERVER_OK)
+ failed++;
+
+ keyptr=keyptr->next;
+ }
+ }
+ else if(opt->action==KS_SEND)
+ {
+ int myeof=0;
+
+ do
+ {
+ set_timeout(opt->timeout);
+
+ if(send_key(&myeof)!=KEYSERVER_OK)
+ failed++;
+ }
+ while(!myeof);
+ }
+ else if(opt->action==KS_SEARCH)
+ {
+ char *searchkey=NULL;
+ int len=0;
+
+ set_timeout(opt->timeout);
+
+ /* To search, we stick a space in between each key to search
+ for. */
+
+ keyptr=keylist;
+ while(keyptr!=NULL)
+ {
+ len+=strlen(keyptr->str)+1;
+ keyptr=keyptr->next;
+ }
+
+ searchkey=malloc(len+1);
+ if(searchkey==NULL)
+ {
+ ret=KEYSERVER_NO_MEMORY;
+ fail_all(keylist,KEYSERVER_NO_MEMORY);
+ goto fail;
+ }
+
+ searchkey[0]='\0';
+
+ keyptr=keylist;
+ while(keyptr!=NULL)
+ {
+ strcat(searchkey,keyptr->str);
+ strcat(searchkey," ");
+ keyptr=keyptr->next;
+ }
+
+ /* Nail that last space */
+ if(*searchkey)
+ searchkey[strlen(searchkey)-1]='\0';
+
+ if(search_key(searchkey)!=KEYSERVER_OK)
+ failed++;
+
+ free(searchkey);
+ }
+ else
+ abort();
+
+ if(!failed)
+ ret=KEYSERVER_OK;
+
+ fail:
+ while(keylist!=NULL)
+ {
+ struct keylist *current=keylist;
+ keylist=keylist->next;
+ free(current);
+ }
+
+ if(input!=stdin)
+ fclose(input);
+
+ if(output!=stdout)
+ fclose(output);
+
+ free_ks_options(opt);
+
+ curl_slist_free_all(headers);
+
+ if(curl)
+ curl_easy_cleanup(curl);
+
+ free(proxy);
+
+ return ret;
+}
diff --git a/keyserver/gpgkeys_kdns.c b/keyserver/gpgkeys_kdns.c
new file mode 100644
index 0000000..5979b06
--- /dev/null
+++ b/keyserver/gpgkeys_kdns.c
@@ -0,0 +1,444 @@
+/* gpgkeys_kdns.c - Fetch a key via the GnuPG specific KDNS scheme.
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <unistd.h>
+#ifdef HAVE_GETOPT_H
+# include <getopt.h>
+#endif
+#include <assert.h>
+#ifdef HAVE_ADNS_H
+# include <adns.h>
+# ifndef HAVE_ADNS_FREE
+# define adns_free free
+# endif
+#endif
+
+#define INCLUDED_BY_MAIN_MODULE 1
+#include "util.h"
+#include "keyserver.h"
+#include "ksutil.h"
+
+/* Our own name. */
+#define PGM "gpgkeys_kdns"
+
+/* getopt(3) requires declarion of some global variables. */
+extern char *optarg;
+extern int optind;
+
+/* Convenience variables usually intialized withn std{in,out,err}. */
+static FILE *input, *output, *console;
+
+/* Standard keyserver module options. */
+static struct ks_options *opt;
+
+/* The flags we pass to adns_init: Do not allow any environment
+ variables and for now enable debugging. */
+#define MY_ADNS_INITFLAGS (adns_if_noenv)
+
+
+/* ADNS has no support for CERT yes. */
+#define my_adns_r_cert 37
+
+/* The root of the KDNS tree. */
+static const char *kdns_root;
+
+/* The replacement string for the at sign. */
+static const char *kdns_at_repl;
+
+/* Flag indicating that a TCP conenction should be used. */
+static int kdns_usevc;
+
+
+
+/* Retrieve one key. ADDRESS should be an RFC-2822 addr-spec. */
+static int
+get_key (adns_state adns_ctx, char *address)
+{
+ int ret = KEYSERVER_INTERNAL_ERROR;
+ const char *domain;
+ char *name = NULL;
+ adns_answer *answer = NULL;
+ const unsigned char *data;
+ int datalen;
+ struct b64state b64state;
+ char *p;
+
+ domain = strrchr (address, '@');
+ if (!domain || domain == address || !domain[1])
+ {
+ fprintf (console, PGM": invalid mail address `%s'\n", address);
+ ret = KEYSERVER_GENERAL_ERROR;
+ goto leave;
+ }
+ name = xtrymalloc (strlen (address) + strlen (kdns_at_repl)
+ + 1 + strlen (kdns_root) + 1);
+ if (!name)
+ goto leave;
+ memcpy (name, address, domain - address);
+ p = stpcpy (name + (domain-address), ".");
+ if (*kdns_at_repl)
+ p = stpcpy (stpcpy (p, kdns_at_repl), ".");
+ p = stpcpy (p, domain+1);
+ if (*kdns_root)
+ strcpy (stpcpy (p, "."), kdns_root);
+
+ fprintf (output,"NAME %s BEGIN\n", address);
+ if (opt->verbose > 2)
+ fprintf(console, PGM": looking up `%s'\n", name);
+
+ if ( adns_synchronous (adns_ctx, name, (adns_r_unknown | my_adns_r_cert),
+ adns_qf_quoteok_query|(kdns_usevc?adns_qf_usevc:0),
+ &answer) )
+ {
+ fprintf (console, PGM": DNS query failed: %s\n", strerror (errno));
+ ret = KEYSERVER_KEY_NOT_FOUND;
+ goto leave;
+ }
+ if (answer->status != adns_s_ok)
+ {
+ fprintf (console, PGM": DNS query returned: %s (%s)\n",
+ adns_strerror (answer->status),
+ adns_errabbrev (answer->status));
+ ret = KEYSERVER_KEY_NOT_FOUND;
+ goto leave;
+ }
+ datalen = answer->rrs.byteblock->len;
+ data = answer->rrs.byteblock->data;
+
+ if ( opt->debug > 1 )
+ {
+ int i;
+
+ fprintf (console, "got %d bytes of data:", datalen);
+ for (i=0; i < datalen; i++)
+ {
+ if (!(i % 32))
+ fprintf (console, "\n%08x ", i);
+ fprintf (console, "%02x", data[i]);
+ }
+ putc ('\n', console);
+ }
+ if ( datalen < 5 )
+ {
+ fprintf (console, PGM": error: truncated CERT record\n");
+ ret = KEYSERVER_KEY_NOT_FOUND;
+ goto leave;
+ }
+
+ switch ( ((data[0]<<8)|data[1]) )
+ {
+ case 3: /* CERT type is PGP. */
+ /* (key tag and algorithm fields are ignored for this CERT type). */
+ data += 5;
+ datalen -= 5;
+ if ( datalen < 11 )
+ {
+ /* Gpg checks for a minium length of 11, thus we do the same. */
+ fprintf (console, PGM": error: OpenPGP data to short\n");
+ ret = KEYSERVER_KEY_NOT_FOUND;
+ goto leave;
+ }
+ if (b64enc_start (&b64state, output, "PGP PUBLIC KEY BLOCK")
+ || b64enc_write (&b64state, data, datalen)
+ || b64enc_finish (&b64state))
+ goto leave; /* Oops, base64 encoder failed. */
+ break;
+
+ default:
+ fprintf (console, PGM": CERT type %d ignored\n", (data[0] <<8|data[1]));
+ ret = KEYSERVER_KEY_NOT_FOUND;
+ goto leave;
+ }
+
+ ret = 0; /* All fine. */
+
+ leave:
+ if (ret)
+ fprintf (output, "\nNAME %s FAILED %d\n", address, ret);
+ else
+ fprintf (output, "\nNAME %s END\n", address);
+ adns_free (answer);
+ xfree (name);
+ return ret;
+}
+
+
+/* Print some help. */
+static void
+show_help (FILE *fp)
+{
+ fputs (PGM" (GnuPG) " VERSION"\n\n", fp);
+ fputs (" -h\thelp\n"
+ " -V\tversion\n"
+ " -o\toutput to this file\n"
+ "\n", fp);
+ fputs ("This keyserver helper accepts URLs of the form:\n"
+ " kdns://[NAMESERVER]/[ROOT][?at=STRING]\n"
+ "with\n"
+ " NAMESERVER used for queries (default: system standard)\n"
+ " ROOT a DNS name appended to the query (default: none)\n"
+ " STRING a string to replace the '@' (default: \".\")\n"
+ "If a long answer is expected add the parameter \"usevc=1\".\n"
+ "\n", fp);
+ fputs ("Example: A query for \"hacker@gnupg.org\" with\n"
+ " kdns://10.0.0.1/example.net?at=_key&usevc=1\n"
+ "setup as --auto-key-lookup does a CERT record query\n"
+ "with type PGP on the nameserver 10.0.0.1 for\n"
+ " hacker._key_.gnupg.org.example.net\n"
+ "\n", fp);
+}
+
+
+int
+main (int argc, char *argv[])
+{
+ int arg;
+ int ret = KEYSERVER_INTERNAL_ERROR;
+ char line[MAX_LINE];
+ struct keylist *keylist = NULL;
+ struct keylist **keylist_tail = &keylist;
+ struct keylist *akey;
+ int failed = 0;
+ adns_state adns_ctx = NULL;
+ adns_initflags my_adns_initflags = MY_ADNS_INITFLAGS;
+ int tmprc;
+
+ /* The defaults for the KDNS name mangling. */
+ kdns_root = "";
+ kdns_at_repl = "";
+
+ console = stderr;
+
+ /* Kludge to implement standard GNU options. */
+ if (argc > 1 && !strcmp (argv[1], "--version"))
+ {
+ fputs (PGM" (GnuPG) " VERSION"\n", stdout);
+ return 0;
+ }
+ else if (argc > 1 && !strcmp (argv[1], "--help"))
+ {
+ show_help (stdout);
+ return 0;
+ }
+
+ while ( (arg = getopt (argc, argv, "hVo:")) != -1 )
+ {
+ switch(arg)
+ {
+ case 'V':
+ printf ("%d\n%s\n", KEYSERVER_PROTO_VERSION, VERSION);
+ return KEYSERVER_OK;
+
+ case 'o':
+ output = fopen (optarg,"w");
+ if (!output)
+ {
+ fprintf (console, PGM": cannot open output file `%s': %s\n",
+ optarg, strerror(errno) );
+ return KEYSERVER_INTERNAL_ERROR;
+ }
+ break;
+
+ case 'h':
+ default:
+ show_help (console);
+ return KEYSERVER_OK;
+ }
+ }
+
+ if (argc > optind)
+ {
+ input = fopen (argv[optind], "r");
+ if (!input)
+ {
+ fprintf (console, PGM": cannot open input file `%s': %s\n",
+ argv[optind], strerror(errno) );
+ return KEYSERVER_INTERNAL_ERROR;
+ }
+ }
+
+ if (!input)
+ input = stdin;
+
+ if (!output)
+ output = stdout;
+
+ opt = init_ks_options();
+ if(!opt)
+ return KEYSERVER_NO_MEMORY;
+
+ /* Get the command and info block */
+ while ( fgets(line,MAX_LINE,input) )
+ {
+ int err;
+
+ if(line[0]=='\n')
+ break;
+
+ err = parse_ks_options (line, opt);
+ if (err > 0)
+ {
+ ret = err;
+ goto leave;
+ }
+ else if (!err)
+ continue;
+ }
+
+ if (opt->timeout && register_timeout() == -1 )
+ {
+ fprintf (console, PGM": unable to register timeout handler\n");
+ return KEYSERVER_INTERNAL_ERROR;
+ }
+
+ if (opt->verbose)
+ {
+ fprintf (console, PGM": HOST=%s\n", opt->host? opt->host:"(none)");
+ fprintf (console, PGM": PATH=%s\n", opt->path? opt->path:"(none)");
+ }
+ if (opt->path && *opt->path == '/')
+ {
+ char *p, *pend;
+
+ kdns_root = opt->path+1;
+ p = strchr (opt->path+1, '?');
+ if (p)
+ {
+ *p++ = 0;
+ do
+ {
+ pend = strchr (p, '&');
+ if (pend)
+ *pend++ = 0;
+ if (!strncmp (p, "at=", 3))
+ kdns_at_repl = p+3;
+ else if (!strncmp (p, "usevc=", 6))
+ kdns_usevc = !!atoi (p+6);
+ }
+ while ((p = pend));
+ }
+ }
+ if (strchr (kdns_root, '/'))
+ {
+ fprintf (console, PGM": invalid character in KDNS root\n");
+ return KEYSERVER_GENERAL_ERROR;
+ }
+ if (!strcmp (kdns_at_repl, "."))
+ kdns_at_repl = "";
+
+ if (opt->verbose)
+ {
+ fprintf (console, PGM": kdns_root=%s\n", kdns_root);
+ fprintf (console, PGM": kdns_at=%s\n", kdns_at_repl);
+ fprintf (console, PGM": kdns_usevc=%d\n", kdns_usevc);
+ }
+
+ if (opt->debug)
+ my_adns_initflags |= adns_if_debug;
+ if (opt->host)
+ {
+ char cfgtext[200];
+
+ snprintf (cfgtext, sizeof cfgtext, "nameserver %s\n", opt->host);
+ tmprc = adns_init_strcfg (&adns_ctx, my_adns_initflags, console,cfgtext);
+ }
+ else
+ tmprc = adns_init (&adns_ctx, my_adns_initflags, console);
+ if (tmprc)
+ {
+ fprintf (console, PGM": error initializing ADNS: %s\n",
+ strerror (errno));
+ goto leave;
+ }
+
+ if (opt->action == KS_GETNAME)
+ {
+ while ( fgets (line,MAX_LINE,input) )
+ {
+ if (line[0]=='\n' || !line[0] )
+ break;
+ line[strlen(line)-1] = 0; /* Trim the trailing LF. */
+
+ akey = xtrymalloc (sizeof *akey);
+ if (!akey)
+ {
+ fprintf (console,
+ PGM": out of memory while building key list\n");
+ ret = KEYSERVER_NO_MEMORY;
+ goto leave;
+ }
+ assert (sizeof (akey->str) > strlen(line));
+ strcpy (akey->str, line);
+ akey->next = NULL;
+ *keylist_tail = akey;
+ keylist_tail = &akey->next;
+ }
+ }
+ else
+ {
+ fprintf (console,
+ PGM": this keyserver type only supports "
+ "key retrieval by name\n");
+ goto leave;
+ }
+
+ /* Send the response */
+ fprintf (output, "VERSION %d\n", KEYSERVER_PROTO_VERSION);
+ fprintf (output, "PROGRAM %s\n\n", VERSION);
+
+ if (opt->verbose > 1)
+ {
+ if (opt->opaque)
+ fprintf (console, "User:\t\t%s\n", opt->opaque);
+ fprintf (console, "Command:\tGET\n");
+ }
+
+ for (akey = keylist; akey; akey = akey->next)
+ {
+ set_timeout (opt->timeout);
+ if ( get_key (adns_ctx, akey->str) )
+ failed++;
+ }
+ if (!failed)
+ ret = KEYSERVER_OK;
+
+
+ leave:
+ if (adns_ctx)
+ adns_finish (adns_ctx);
+ while (keylist)
+ {
+ akey = keylist->next;
+ xfree (keylist);
+ keylist = akey;
+ }
+ if (input != stdin)
+ fclose (input);
+ if (output != stdout)
+ fclose (output);
+ kdns_root = "";
+ kdns_at_repl = ".";
+ free_ks_options (opt);
+ return ret;
+}
diff --git a/keyserver/gpgkeys_ldap.c b/keyserver/gpgkeys_ldap.c
new file mode 100644
index 0000000..bd85234
--- /dev/null
+++ b/keyserver/gpgkeys_ldap.c
@@ -0,0 +1,2379 @@
+/* gpgkeys_ldap.c - talk to a LDAP keyserver
+ * Copyright (C) 2001, 2002, 2004, 2005, 2006
+ * 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, as a special exception, the Free Software Foundation
+ * gives permission to link the code of the keyserver helper tools:
+ * gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL
+ * project's "OpenSSL" library (or with modified versions of it that
+ * use the same license as the "OpenSSL" library), and distribute the
+ * linked executables. You must obey the GNU General Public License
+ * in all respects for all of the code used other than "OpenSSL". If
+ * you modify this file, you may extend this exception to your version
+ * of the file, but you are not obligated to do so. If you do not
+ * wish to do so, delete this exception statement from your version.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+#ifdef HAVE_GETOPT_H
+#include <getopt.h>
+#endif
+#include <stdlib.h>
+#include <errno.h>
+#include <assert.h>
+
+#ifdef _WIN32
+#include <winsock2.h>
+#include <winldap.h>
+#else
+#ifdef NEED_LBER_H
+#include <lber.h>
+#endif
+/* For OpenLDAP, to enable the API that we're using. */
+#define LDAP_DEPRECATED 1
+#include <ldap.h>
+#endif
+
+#include "util.h"
+#include "keyserver.h"
+#include "ksutil.h"
+
+#ifdef __riscos__
+#include "util.h"
+#endif
+
+extern char *optarg;
+extern int optind;
+
+static int real_ldap=0;
+static char *basekeyspacedn=NULL;
+static char *pgpkeystr="pgpKey";
+static FILE *input=NULL,*output=NULL,*console=NULL;
+static LDAP *ldap=NULL;
+static struct ks_options *opt;
+
+#ifndef HAVE_TIMEGM
+time_t timegm(struct tm *tm);
+#endif
+
+static int
+ldap_err_to_gpg_err(int err)
+{
+ int ret;
+
+ switch(err)
+ {
+ case LDAP_ALREADY_EXISTS:
+ ret=KEYSERVER_KEY_EXISTS;
+ break;
+
+ case LDAP_SERVER_DOWN:
+ ret=KEYSERVER_UNREACHABLE;
+ break;
+
+ default:
+ ret=KEYSERVER_GENERAL_ERROR;
+ break;
+ }
+
+ return ret;
+}
+
+static int
+ldap_to_gpg_err(LDAP *ld)
+{
+#if defined(HAVE_LDAP_GET_OPTION) && defined(LDAP_OPT_ERROR_NUMBER)
+
+ int err;
+
+ if(ldap_get_option(ld,LDAP_OPT_ERROR_NUMBER,&err)==0)
+ return ldap_err_to_gpg_err(err);
+ else
+ return KEYSERVER_GENERAL_ERROR;
+
+#elif defined(HAVE_LDAP_LD_ERRNO)
+
+ return ldap_err_to_gpg_err(ld->ld_errno);
+
+#else
+
+ /* We should never get here since the LDAP library should always
+ have either ldap_get_option or ld_errno, but just in case... */
+ return KEYSERVER_GENERAL_ERROR;
+
+#endif
+}
+
+static int
+key_in_keylist(const char *key,struct keylist *list)
+{
+ struct keylist *keyptr=list;
+
+ while(keyptr!=NULL)
+ {
+ if(strcasecmp(key,keyptr->str)==0)
+ return 1;
+
+ keyptr=keyptr->next;
+ }
+
+ return 0;
+}
+
+static int
+add_key_to_keylist(const char *key,struct keylist **list)
+{
+ struct keylist *keyptr=malloc(sizeof(struct keylist));
+
+ if(keyptr==NULL)
+ {
+ fprintf(console,"gpgkeys: out of memory when deduping "
+ "key list\n");
+ return KEYSERVER_NO_MEMORY;
+ }
+
+ strncpy(keyptr->str,key,MAX_LINE);
+ keyptr->str[MAX_LINE-1]='\0';
+ keyptr->next=*list;
+ *list=keyptr;
+
+ return 0;
+}
+
+static void
+free_keylist(struct keylist *list)
+{
+ while(list!=NULL)
+ {
+ struct keylist *keyptr=list;
+
+ list=keyptr->next;
+ free(keyptr);
+ }
+}
+
+static time_t
+ldap2epochtime(const char *timestr)
+{
+ struct tm pgptime;
+ time_t answer;
+
+ memset(&pgptime,0,sizeof(pgptime));
+
+ /* YYYYMMDDHHmmssZ */
+
+ sscanf(timestr,"%4d%2d%2d%2d%2d%2d",
+ &pgptime.tm_year,
+ &pgptime.tm_mon,
+ &pgptime.tm_mday,
+ &pgptime.tm_hour,
+ &pgptime.tm_min,
+ &pgptime.tm_sec);
+
+ pgptime.tm_year-=1900;
+ pgptime.tm_isdst=-1;
+ pgptime.tm_mon--;
+
+ /* mktime() takes the timezone into account, so we use timegm() */
+
+ answer=timegm(&pgptime);
+
+ return answer;
+}
+
+/* Caller must free */
+static char *
+epoch2ldaptime(time_t stamp)
+{
+ struct tm *ldaptime;
+ char buf[16];
+
+ ldaptime=gmtime(&stamp);
+
+ ldaptime->tm_year+=1900;
+ ldaptime->tm_mon++;
+
+ /* YYYYMMDDHHmmssZ */
+
+ sprintf(buf,"%04d%02d%02d%02d%02d%02dZ",
+ ldaptime->tm_year,
+ ldaptime->tm_mon,
+ ldaptime->tm_mday,
+ ldaptime->tm_hour,
+ ldaptime->tm_min,
+ ldaptime->tm_sec);
+
+ return strdup(buf);
+}
+
+/* Append two onto the end of one. Two is not freed, but its pointers
+ are now part of one. Make sure you don't free them both! */
+static int
+join_two_modlists(LDAPMod ***one,LDAPMod **two)
+{
+ int i,one_count=0,two_count=0;
+ LDAPMod **grow;
+
+ for(grow=*one;*grow;grow++)
+ one_count++;
+
+ for(grow=two;*grow;grow++)
+ two_count++;
+
+ grow=realloc(*one,sizeof(LDAPMod *)*(one_count+two_count+1));
+ if(!grow)
+ return 0;
+
+ for(i=0;i<two_count;i++)
+ grow[one_count+i]=two[i];
+
+ grow[one_count+i]=NULL;
+
+ *one=grow;
+
+ return 1;
+}
+
+/* Passing a NULL for value effectively deletes that attribute. This
+ doesn't mean "delete" in the sense of removing something from the
+ modlist, but "delete" in the LDAP sense of adding a modlist item
+ that specifies LDAP_MOD_REPLACE and a null attribute for the given
+ attribute. LDAP_MOD_DELETE doesn't work here as we don't know if
+ the attribute in question exists or not. */
+
+static int
+make_one_attr(LDAPMod ***modlist,char *attr,const char *value)
+{
+ LDAPMod **m;
+ int nummods=0;
+
+ /* Search modlist for the attribute we're playing with. */
+ for(m=*modlist;*m;m++)
+ {
+ if(strcasecmp((*m)->mod_type,attr)==0)
+ {
+ char **ptr=(*m)->mod_values;
+ int numvalues=0;
+
+ /* We have this attribute already, so when the REPLACE
+ happens, the server attributes will be replaced
+ anyway. */
+ if(!value)
+ return 1;
+
+ if(ptr)
+ for(ptr=(*m)->mod_values;*ptr;ptr++)
+ {
+ /* Duplicate value */
+ if(strcmp(*ptr,value)==0)
+ return 1;
+ numvalues++;
+ }
+
+ ptr=realloc((*m)->mod_values,sizeof(char *)*(numvalues+2));
+ if(!ptr)
+ return 0;
+
+ (*m)->mod_values=ptr;
+ ptr[numvalues]=strdup(value);
+ if(!ptr[numvalues])
+ return 0;
+
+ ptr[numvalues+1]=NULL;
+ break;
+ }
+
+ nummods++;
+ }
+
+ /* We didn't find the attr, so make one and add it to the end */
+ if(!*m)
+ {
+ LDAPMod **grow;
+
+ grow=realloc(*modlist,sizeof(LDAPMod *)*(nummods+2));
+ if(!grow)
+ return 0;
+
+ *modlist=grow;
+ grow[nummods]=malloc(sizeof(LDAPMod));
+ if(!grow[nummods])
+ return 0;
+ grow[nummods]->mod_op=LDAP_MOD_REPLACE;
+ grow[nummods]->mod_type=attr;
+ if(value)
+ {
+ grow[nummods]->mod_values=malloc(sizeof(char *)*2);
+ if(!grow[nummods]->mod_values)
+ {
+ grow[nummods]=NULL;
+ return 0;
+ }
+
+ /* Is this the right thing? Can a UTF8-encoded user ID have
+ embedded nulls? */
+ grow[nummods]->mod_values[0]=strdup(value);
+ if(!grow[nummods]->mod_values[0])
+ {
+ free(grow[nummods]->mod_values);
+ grow[nummods]=NULL;
+ return 0;
+ }
+
+ grow[nummods]->mod_values[1]=NULL;
+ }
+ else
+ grow[nummods]->mod_values=NULL;
+
+ grow[nummods+1]=NULL;
+ }
+
+ return 1;
+}
+
+static void
+build_attrs(LDAPMod ***modlist,char *line)
+{
+ char *record;
+ int i;
+
+ /* Remove trailing whitespace */
+ for(i=strlen(line);i>0;i--)
+ if(ascii_isspace(line[i-1]))
+ line[i-1]='\0';
+ else
+ break;
+
+ if((record=strsep(&line,":"))==NULL)
+ return;
+
+ if(ks_strcasecmp("pub",record)==0)
+ {
+ char *tok;
+ int disabled=0,revoked=0;
+
+ /* The long keyid */
+ if((tok=strsep(&line,":"))==NULL)
+ return;
+
+ if(strlen(tok)==16)
+ {
+ make_one_attr(modlist,"pgpCertID",tok);
+ make_one_attr(modlist,"pgpKeyID",&tok[8]);
+ }
+ else
+ return;
+
+ /* The primary pubkey algo */
+ if((tok=strsep(&line,":"))==NULL)
+ return;
+
+ switch(atoi(tok))
+ {
+ case 1:
+ make_one_attr(modlist,"pgpKeyType","RSA");
+ break;
+
+ case 17:
+ make_one_attr(modlist,"pgpKeyType","DSS/DH");
+ break;
+ }
+
+ /* Size of primary key */
+ if((tok=strsep(&line,":"))==NULL)
+ return;
+
+ if(atoi(tok)>0)
+ {
+ char padded[6];
+ int val=atoi(tok);
+
+ /* We zero pad this on the left to make PGP happy. */
+
+ if(val<99999 && val>0)
+ {
+ sprintf(padded,"%05u",atoi(tok));
+ make_one_attr(modlist,"pgpKeySize",padded);
+ }
+ }
+
+ /* pk timestamp */
+ if((tok=strsep(&line,":"))==NULL)
+ return;
+
+ if(atoi(tok)>0)
+ {
+ char *stamp=epoch2ldaptime(atoi(tok));
+ if(stamp)
+ {
+ make_one_attr(modlist,"pgpKeyCreateTime",stamp);
+ free(stamp);
+ }
+ }
+
+ /* pk expire */
+ if((tok=strsep(&line,":"))==NULL)
+ return;
+
+ if(atoi(tok)>0)
+ {
+ char *stamp=epoch2ldaptime(atoi(tok));
+ if(stamp)
+ {
+ make_one_attr(modlist,"pgpKeyExpireTime",stamp);
+ free(stamp);
+ }
+ }
+
+ /* flags */
+ if((tok=strsep(&line,":"))==NULL)
+ return;
+
+ while(*tok)
+ switch(*tok++)
+ {
+ case 'r':
+ case 'R':
+ revoked=1;
+ break;
+
+ case 'd':
+ case 'D':
+ disabled=1;
+ break;
+ }
+
+ /*
+ Note that we always create the pgpDisabled and pgpRevoked
+ attributes, regardless of whether the key is disabled/revoked
+ or not. This is because a very common search is like
+ "(&(pgpUserID=*isabella*)(pgpDisabled=0))"
+ */
+
+ make_one_attr(modlist,"pgpDisabled",disabled?"1":"0");
+ make_one_attr(modlist,"pgpRevoked",revoked?"1":"0");
+ }
+ else if(ks_strcasecmp("sub",record)==0)
+ {
+ char *tok;
+
+ /* The long keyid */
+ if((tok=strsep(&line,":"))==NULL)
+ return;
+
+ if(strlen(tok)==16)
+ make_one_attr(modlist,"pgpSubKeyID",tok);
+ else
+ return;
+
+ /* The subkey algo */
+ if((tok=strsep(&line,":"))==NULL)
+ return;
+
+ /* Size of subkey */
+ if((tok=strsep(&line,":"))==NULL)
+ return;
+
+ if(atoi(tok)>0)
+ {
+ char padded[6];
+ int val=atoi(tok);
+
+ /* We zero pad this on the left to make PGP happy. */
+
+ if(val<99999 && val>0)
+ {
+ sprintf(padded,"%05u",atoi(tok));
+ make_one_attr(modlist,"pgpKeySize",padded);
+ }
+ }
+
+ /* Ignore the rest of the items for subkeys since the LDAP
+ schema doesn't store them. */
+ }
+ else if(ks_strcasecmp("uid",record)==0)
+ {
+ char *userid,*tok;
+
+ /* The user ID string */
+ if((tok=strsep(&line,":"))==NULL)
+ return;
+
+ if(strlen(tok)==0)
+ return;
+
+ userid=tok;
+
+ /* By definition, de-%-encoding is always smaller than the
+ original string so we can decode in place. */
+
+ i=0;
+
+ while(*tok)
+ if(tok[0]=='%' && tok[1] && tok[2])
+ {
+ int c;
+
+ userid[i] = (c=hextobyte(&tok[1])) == -1 ? '?' : c;
+ i++;
+ tok+=3;
+ }
+ else
+ userid[i++]=*tok++;
+
+ userid[i]='\0';
+
+ /* We don't care about the other info provided in the uid: line
+ since the LDAP schema doesn't need it. */
+
+ make_one_attr(modlist,"pgpUserID",userid);
+ }
+ else if(ks_strcasecmp("sig",record)==0)
+ {
+ char *tok;
+
+ if((tok=strsep(&line,":"))==NULL)
+ return;
+
+ if(strlen(tok)==16)
+ make_one_attr(modlist,"pgpSignerID",tok);
+ }
+}
+
+static void
+free_mod_values(LDAPMod *mod)
+{
+ char **ptr;
+
+ if(!mod->mod_values)
+ return;
+
+ for(ptr=mod->mod_values;*ptr;ptr++)
+ free(*ptr);
+
+ free(mod->mod_values);
+}
+
+static int
+send_key(int *r_eof)
+{
+ int err,begin=0,end=0,keysize=1,ret=KEYSERVER_INTERNAL_ERROR;
+ char *dn=NULL,line[MAX_LINE],*key=NULL;
+ char keyid[17],state[6];
+ LDAPMod **modlist,**addlist,**ml;
+
+ modlist=malloc(sizeof(LDAPMod *));
+ if(!modlist)
+ {
+ fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ *modlist=NULL;
+
+ addlist=malloc(sizeof(LDAPMod *));
+ if(!addlist)
+ {
+ fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ *addlist=NULL;
+
+ /* Start by nulling out all attributes. We try and do a modify
+ operation first, so this ensures that we don't leave old
+ attributes lying around. */
+ make_one_attr(&modlist,"pgpDisabled",NULL);
+ make_one_attr(&modlist,"pgpKeyID",NULL);
+ make_one_attr(&modlist,"pgpKeyType",NULL);
+ make_one_attr(&modlist,"pgpUserID",NULL);
+ make_one_attr(&modlist,"pgpKeyCreateTime",NULL);
+ make_one_attr(&modlist,"pgpSignerID",NULL);
+ make_one_attr(&modlist,"pgpRevoked",NULL);
+ make_one_attr(&modlist,"pgpSubKeyID",NULL);
+ make_one_attr(&modlist,"pgpKeySize",NULL);
+ make_one_attr(&modlist,"pgpKeyExpireTime",NULL);
+ make_one_attr(&modlist,"pgpCertID",NULL);
+
+ /* Assemble the INFO stuff into LDAP attributes */
+
+ while(fgets(line,MAX_LINE,input)!=NULL)
+ if(sscanf(line,"INFO%*[ ]%16s%*[ ]%5s\n",keyid,state)==2
+ && strcmp(state,"BEGIN")==0)
+ {
+ begin=1;
+ break;
+ }
+
+ if(!begin)
+ {
+ /* i.e. eof before the INFO BEGIN was found. This isn't an
+ error. */
+ *r_eof=1;
+ ret=KEYSERVER_OK;
+ goto fail;
+ }
+
+ if(strlen(keyid)!=16)
+ {
+ *r_eof=1;
+ ret=KEYSERVER_KEY_INCOMPLETE;
+ goto fail;
+ }
+
+ dn=malloc(strlen("pgpCertID=")+16+1+strlen(basekeyspacedn)+1);
+ if(dn==NULL)
+ {
+ fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ sprintf(dn,"pgpCertID=%s,%s",keyid,basekeyspacedn);
+
+ key=malloc(1);
+ if(!key)
+ {
+ fprintf(console,"gpgkeys: unable to allocate memory for key\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ key[0]='\0';
+
+ /* Now parse each line until we see the END */
+
+ while(fgets(line,MAX_LINE,input)!=NULL)
+ if(sscanf(line,"INFO%*[ ]%16s%*[ ]%3s\n",keyid,state)==2
+ && strcmp(state,"END")==0)
+ {
+ end=1;
+ break;
+ }
+ else
+ build_attrs(&addlist,line);
+
+ if(!end)
+ {
+ fprintf(console,"gpgkeys: no INFO %s END found\n",keyid);
+ *r_eof=1;
+ ret=KEYSERVER_KEY_INCOMPLETE;
+ goto fail;
+ }
+
+ begin=end=0;
+
+ /* Read and throw away stdin until we see the BEGIN */
+
+ while(fgets(line,MAX_LINE,input)!=NULL)
+ if(sscanf(line,"KEY%*[ ]%16s%*[ ]%5s\n",keyid,state)==2
+ && strcmp(state,"BEGIN")==0)
+ {
+ begin=1;
+ break;
+ }
+
+ if(!begin)
+ {
+ /* i.e. eof before the KEY BEGIN was found. This isn't an
+ error. */
+ *r_eof=1;
+ ret=KEYSERVER_OK;
+ goto fail;
+ }
+
+ /* Now slurp up everything until we see the END */
+
+ while(fgets(line,MAX_LINE,input)!=NULL)
+ if(sscanf(line,"KEY%*[ ]%16s%*[ ]%3s\n",keyid,state)==2
+ && strcmp(state,"END")==0)
+ {
+ end=1;
+ break;
+ }
+ else
+ {
+ char *tempkey;
+ keysize+=strlen(line);
+ tempkey=realloc(key,keysize);
+ if(tempkey==NULL)
+ {
+ fprintf(console,"gpgkeys: unable to reallocate for key\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+ else
+ key=tempkey;
+
+ strcat(key,line);
+ }
+
+ if(!end)
+ {
+ fprintf(console,"gpgkeys: no KEY %s END found\n",keyid);
+ *r_eof=1;
+ ret=KEYSERVER_KEY_INCOMPLETE;
+ goto fail;
+ }
+
+ make_one_attr(&addlist,"objectClass","pgpKeyInfo");
+ make_one_attr(&addlist,"pgpKey",key);
+
+ /* Now append addlist onto modlist */
+ if(!join_two_modlists(&modlist,addlist))
+ {
+ fprintf(console,"gpgkeys: unable to merge LDAP modification lists\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ /* Going on the assumption that modify operations are more frequent
+ than adds, we try a modify first. If it's not there, we just
+ turn around and send an add command for the same key. Otherwise,
+ the modify brings the server copy into compliance with our copy.
+ Note that unlike the LDAP keyserver (and really, any other
+ keyserver) this does NOT merge signatures, but replaces the whole
+ key. This should make some people very happy. */
+
+ err=ldap_modify_s(ldap,dn,modlist);
+ if(err==LDAP_NO_SUCH_OBJECT)
+ err=ldap_add_s(ldap,dn,addlist);
+
+ if(err!=LDAP_SUCCESS)
+ {
+ fprintf(console,"gpgkeys: error adding key %s to keyserver: %s\n",
+ keyid,ldap_err2string(err));
+ ret=ldap_err_to_gpg_err(err);
+ goto fail;
+ }
+
+ ret=KEYSERVER_OK;
+
+ fail:
+ if (modlist)
+ {
+ /* Unwind and free the whole modlist structure */
+ for(ml=modlist;*ml;ml++)
+ {
+ free_mod_values(*ml);
+ free(*ml);
+ }
+ free(modlist);
+ }
+ free(addlist);
+ free(dn);
+ free(key);
+
+ if(ret!=0 && begin)
+ fprintf(output,"KEY %s FAILED %d\n",keyid,ret);
+
+ return ret;
+}
+
+static int
+send_key_keyserver(int *r_eof)
+{
+ int err,begin=0,end=0,keysize=1,ret=KEYSERVER_INTERNAL_ERROR;
+ char *dn=NULL,line[MAX_LINE],*key[2]={NULL,NULL};
+ char keyid[17],state[6];
+ LDAPMod mod, *attrs[2];
+
+ memset(&mod,0,sizeof(mod));
+ mod.mod_op=LDAP_MOD_ADD;
+ mod.mod_type=pgpkeystr;
+ mod.mod_values=key;
+ attrs[0]=&mod;
+ attrs[1]=NULL;
+
+ dn=malloc(strlen("pgpCertid=virtual,")+strlen(basekeyspacedn)+1);
+ if(dn==NULL)
+ {
+ fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ strcpy(dn,"pgpCertid=virtual,");
+ strcat(dn,basekeyspacedn);
+
+ key[0]=malloc(1);
+ if(key[0]==NULL)
+ {
+ fprintf(console,"gpgkeys: unable to allocate memory for key\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ key[0][0]='\0';
+
+ /* Read and throw away stdin until we see the BEGIN */
+
+ while(fgets(line,MAX_LINE,input)!=NULL)
+ if(sscanf(line,"KEY%*[ ]%16s%*[ ]%5s\n",keyid,state)==2
+ && strcmp(state,"BEGIN")==0)
+ {
+ begin=1;
+ break;
+ }
+
+ if(!begin)
+ {
+ /* i.e. eof before the KEY BEGIN was found. This isn't an
+ error. */
+ *r_eof=1;
+ ret=KEYSERVER_OK;
+ goto fail;
+ }
+
+ /* Now slurp up everything until we see the END */
+
+ while(fgets(line,MAX_LINE,input)!=NULL)
+ if(sscanf(line,"KEY%*[ ]%16s%*[ ]%3s\n",keyid,state)==2
+ && strcmp(state,"END")==0)
+ {
+ end=1;
+ break;
+ }
+ else
+ {
+ keysize+=strlen(line);
+ key[0]=realloc(key[0],keysize);
+ if(key[0]==NULL)
+ {
+ fprintf(console,"gpgkeys: unable to reallocate for key\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ strcat(key[0],line);
+ }
+
+ if(!end)
+ {
+ fprintf(console,"gpgkeys: no KEY %s END found\n",keyid);
+ *r_eof=1;
+ ret=KEYSERVER_KEY_INCOMPLETE;
+ goto fail;
+ }
+
+ err=ldap_add_s(ldap,dn,attrs);
+ if(err!=LDAP_SUCCESS)
+ {
+ fprintf(console,"gpgkeys: error adding key %s to keyserver: %s\n",
+ keyid,ldap_err2string(err));
+ ret=ldap_err_to_gpg_err(err);
+ goto fail;
+ }
+
+ ret=KEYSERVER_OK;
+
+ fail:
+
+ free(key[0]);
+ free(dn);
+
+ if(ret!=0 && begin)
+ fprintf(output,"KEY %s FAILED %d\n",keyid,ret);
+
+ /* Not a fatal error */
+ if(ret==KEYSERVER_KEY_EXISTS)
+ ret=KEYSERVER_OK;
+
+ return ret;
+}
+
+static void
+build_info(const char *certid,LDAPMessage *each)
+{
+ char **vals;
+
+ fprintf(output,"INFO %s BEGIN\n",certid);
+
+ fprintf(output,"pub:%s:",certid);
+
+ vals=ldap_get_values(ldap,each,"pgpkeytype");
+ if(vals!=NULL)
+ {
+ if(strcmp(vals[0],"RSA")==0)
+ fprintf(output,"1");
+ else if(strcmp(vals[0],"DSS/DH")==0)
+ fprintf(output,"17");
+ ldap_value_free(vals);
+ }
+
+ fprintf(output,":");
+
+ vals=ldap_get_values(ldap,each,"pgpkeysize");
+ if(vals!=NULL)
+ {
+ if(atoi(vals[0])>0)
+ fprintf(output,"%d",atoi(vals[0]));
+ ldap_value_free(vals);
+ }
+
+ fprintf(output,":");
+
+ vals=ldap_get_values(ldap,each,"pgpkeycreatetime");
+ if(vals!=NULL)
+ {
+ if(strlen(vals[0])==15)
+ fprintf(output,"%u",(unsigned int)ldap2epochtime(vals[0]));
+ ldap_value_free(vals);
+ }
+
+ fprintf(output,":");
+
+ vals=ldap_get_values(ldap,each,"pgpkeyexpiretime");
+ if(vals!=NULL)
+ {
+ if(strlen(vals[0])==15)
+ fprintf(output,"%u",(unsigned int)ldap2epochtime(vals[0]));
+ ldap_value_free(vals);
+ }
+
+ fprintf(output,":");
+
+ vals=ldap_get_values(ldap,each,"pgprevoked");
+ if(vals!=NULL)
+ {
+ if(atoi(vals[0])==1)
+ fprintf(output,"r");
+ ldap_value_free(vals);
+ }
+
+ fprintf(output,"\n");
+
+ vals=ldap_get_values(ldap,each,"pgpuserid");
+ if(vals!=NULL)
+ {
+ int i;
+
+ for(i=0;vals[i];i++)
+ fprintf(output,"uid:%s\n",vals[i]);
+ ldap_value_free(vals);
+ }
+
+ fprintf(output,"INFO %s END\n",certid);
+}
+
+/* Note that key-not-found is not a fatal error */
+static int
+get_key(char *getkey)
+{
+ LDAPMessage *res,*each;
+ int ret=KEYSERVER_INTERNAL_ERROR,err,count;
+ struct keylist *dupelist=NULL;
+ char search[62];
+ /* This ordering is significant - specifically, "pgpcertid" needs to
+ be the second item in the list, since everything after it may be
+ discarded if the user isn't in verbose mode. */
+ char *attrs[]={"replaceme","pgpcertid","pgpuserid","pgpkeyid","pgprevoked",
+ "pgpdisabled","pgpkeycreatetime","modifytimestamp",
+ "pgpkeysize","pgpkeytype",NULL};
+ attrs[0]=pgpkeystr; /* Some compilers don't like using variables as
+ array initializers. */
+
+ /* Build the search string */
+
+ /* GPG can send us a v4 fingerprint, a v3 or v4 long key id, or a v3
+ or v4 short key id */
+
+ if(strncmp(getkey,"0x",2)==0)
+ getkey+=2;
+
+ if(strlen(getkey)==32)
+ {
+ fprintf(console,
+ "gpgkeys: LDAP keyservers do not support v3 fingerprints\n");
+ fprintf(output,"KEY 0x%s BEGIN\n",getkey);
+ fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_NOT_SUPPORTED);
+ return KEYSERVER_NOT_SUPPORTED;
+ }
+
+ if(strlen(getkey)>16)
+ {
+ char *offset=&getkey[strlen(getkey)-16];
+
+ /* fingerprint. Take the last 16 characters and treat it like a
+ long key id */
+
+ if(opt->flags.include_subkeys)
+ sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))",
+ offset,offset);
+ else
+ sprintf(search,"(pgpcertid=%.16s)",offset);
+ }
+ else if(strlen(getkey)>8)
+ {
+ /* long key id */
+
+ if(opt->flags.include_subkeys)
+ sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))",
+ getkey,getkey);
+ else
+ sprintf(search,"(pgpcertid=%.16s)",getkey);
+ }
+ else
+ {
+ /* short key id */
+
+ sprintf(search,"(pgpkeyid=%.8s)",getkey);
+ }
+
+ if(opt->verbose>2)
+ fprintf(console,"gpgkeys: LDAP fetch for: %s\n",search);
+
+ if(!opt->verbose)
+ attrs[2]=NULL; /* keep only pgpkey(v2) and pgpcertid */
+
+ err=ldap_search_s(ldap,basekeyspacedn,
+ LDAP_SCOPE_SUBTREE,search,attrs,0,&res);
+ if(err!=0)
+ {
+ int errtag=ldap_err_to_gpg_err(err);
+
+ fprintf(console,"gpgkeys: LDAP search error: %s\n",ldap_err2string(err));
+ fprintf(output,"KEY 0x%s BEGIN\n",getkey);
+ fprintf(output,"KEY 0x%s FAILED %d\n",getkey,errtag);
+ return errtag;
+ }
+
+ count=ldap_count_entries(ldap,res);
+ if(count<1)
+ {
+ fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey);
+ fprintf(output,"KEY 0x%s BEGIN\n",getkey);
+ fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_KEY_NOT_FOUND);
+ }
+ else
+ {
+ /* There may be more than one unique result for a given keyID,
+ so we should fetch them all (test this by fetching short key
+ id 0xDEADBEEF). */
+
+ each=ldap_first_entry(ldap,res);
+ while(each!=NULL)
+ {
+ char **vals,**certid;
+
+ /* Use the long keyid to remove duplicates. The LDAP server
+ returns the same keyid more than once if there are
+ multiple user IDs on the key. Note that this does NOT
+ mean that a keyid that exists multiple times on the
+ keyserver will not be fetched. It means that each KEY,
+ no matter how many user IDs share its keyid, will be
+ fetched only once. If a keyid that belongs to more than
+ one key is fetched, the server quite properly responds
+ with all matching keys. -ds */
+
+ certid=ldap_get_values(ldap,each,"pgpcertid");
+ if(certid!=NULL)
+ {
+ if(!key_in_keylist(certid[0],dupelist))
+ {
+ /* it's not a duplicate, so add it */
+
+ int rc=add_key_to_keylist(certid[0],&dupelist);
+ if(rc)
+ {
+ ret=rc;
+ goto fail;
+ }
+
+ build_info(certid[0],each);
+
+ fprintf(output,"KEY 0x%s BEGIN\n",getkey);
+
+ vals=ldap_get_values(ldap,each,pgpkeystr);
+ if(vals==NULL)
+ {
+ int errtag=ldap_to_gpg_err(ldap);
+
+ fprintf(console,"gpgkeys: unable to retrieve key %s "
+ "from keyserver\n",getkey);
+ fprintf(output,"KEY 0x%s FAILED %d\n",getkey,errtag);
+ }
+ else
+ {
+ print_nocr(output,vals[0]);
+ fprintf(output,"\nKEY 0x%s END\n",getkey);
+
+ ldap_value_free(vals);
+ }
+ }
+
+ ldap_value_free(certid);
+ }
+
+ each=ldap_next_entry(ldap,each);
+ }
+ }
+
+ ret=KEYSERVER_OK;
+
+ fail:
+ ldap_msgfree(res);
+ free_keylist(dupelist);
+
+ return ret;
+}
+
+#define LDAP_ESCAPE_CHARS "*()\\"
+
+/* Append string to buffer in a LDAP-quoted way */
+static void
+ldap_quote(char *buffer,const char *string)
+{
+ /* Find the end of buffer */
+ buffer+=strlen(buffer);
+
+ for(;*string;string++)
+ {
+ if(strchr(LDAP_ESCAPE_CHARS,*string))
+ {
+ sprintf(buffer,"\\%02X",*string);
+ buffer+=3;
+ }
+ else
+ *buffer++=*string;
+ }
+
+ *buffer='\0';
+}
+
+/* Note that key-not-found is not a fatal error */
+static int
+get_name(char *getkey)
+{
+ LDAPMessage *res,*each;
+ int ret=KEYSERVER_INTERNAL_ERROR,err,count;
+ /* The maximum size of the search, including the optional stuff and
+ the trailing \0 */
+ char search[2+12+(MAX_LINE*3)+2+15+14+1+1+20];
+ /* This ordering is significant - specifically, "pgpcertid" needs to
+ be the second item in the list, since everything after it may be
+ discarded if the user isn't in verbose mode. */
+ char *attrs[]={"replaceme","pgpcertid","pgpuserid","pgpkeyid","pgprevoked",
+ "pgpdisabled","pgpkeycreatetime","modifytimestamp",
+ "pgpkeysize","pgpkeytype",NULL};
+ attrs[0]=pgpkeystr; /* Some compilers don't like using variables as
+ array initializers. */
+
+ /* Build the search string */
+
+ search[0]='\0';
+
+ if(!opt->flags.include_disabled || !opt->flags.include_revoked)
+ strcat(search,"(&");
+
+ strcat(search,"(pgpUserID=*");
+ ldap_quote(search,getkey);
+ strcat(search,"*)");
+
+ if(!opt->flags.include_disabled)
+ strcat(search,"(pgpDisabled=0)");
+
+ if(!opt->flags.include_revoked)
+ strcat(search,"(pgpRevoked=0)");
+
+ if(!opt->flags.include_disabled || !opt->flags.include_revoked)
+ strcat(search,")");
+
+ if(opt->verbose>2)
+ fprintf(console,"gpgkeys: LDAP fetch for: %s\n",search);
+
+ if(!opt->verbose)
+ attrs[2]=NULL; /* keep only pgpkey(v2) and pgpcertid */
+
+ err=ldap_search_s(ldap,basekeyspacedn,
+ LDAP_SCOPE_SUBTREE,search,attrs,0,&res);
+ if(err!=0)
+ {
+ int errtag=ldap_err_to_gpg_err(err);
+
+ fprintf(console,"gpgkeys: LDAP search error: %s\n",ldap_err2string(err));
+ fprintf(output,"NAME %s BEGIN\n",getkey);
+ fprintf(output,"NAME %s FAILED %d\n",getkey,errtag);
+ return errtag;
+ }
+
+ count=ldap_count_entries(ldap,res);
+ if(count<1)
+ {
+ fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey);
+ fprintf(output,"NAME %s BEGIN\n",getkey);
+ fprintf(output,"NAME %s FAILED %d\n",getkey,KEYSERVER_KEY_NOT_FOUND);
+ }
+ else
+ {
+ /* There may be more than one result, but we return them all. */
+
+ each=ldap_first_entry(ldap,res);
+ while(each!=NULL)
+ {
+ char **vals,**certid;
+
+ certid=ldap_get_values(ldap,each,"pgpcertid");
+ if(certid!=NULL)
+ {
+ build_info(certid[0],each);
+
+ fprintf(output,"NAME %s BEGIN\n",getkey);
+
+ vals=ldap_get_values(ldap,each,pgpkeystr);
+ if(vals==NULL)
+ {
+ int errtag=ldap_to_gpg_err(ldap);
+
+ fprintf(console,"gpgkeys: unable to retrieve key %s "
+ "from keyserver\n",getkey);
+ fprintf(output,"NAME %s FAILED %d\n",getkey,errtag);
+ }
+ else
+ {
+ print_nocr(output,vals[0]);
+ fprintf(output,"\nNAME %s END\n",getkey);
+
+ ldap_value_free(vals);
+ }
+
+ ldap_value_free(certid);
+ }
+
+ each=ldap_next_entry(ldap,each);
+ }
+ }
+
+ ret=KEYSERVER_OK;
+
+ ldap_msgfree(res);
+
+ return ret;
+}
+
+static void
+printquoted(FILE *stream,char *string,char delim)
+{
+ while(*string)
+ {
+ if(*string==delim || *string=='%')
+ fprintf(stream,"%%%02x",*string);
+ else
+ fputc(*string,stream);
+
+ string++;
+ }
+}
+
+/* Returns 0 on success and -1 on error. Note that key-not-found is
+ not an error! */
+static int
+search_key(const char *searchkey)
+{
+ char **vals,*search;
+ LDAPMessage *res,*each;
+ int err,count=0;
+ struct keylist *dupelist=NULL;
+ /* The maximum size of the search, including the optional stuff and
+ the trailing \0 */
+ char *attrs[]={"pgpcertid","pgpuserid","pgprevoked","pgpdisabled",
+ "pgpkeycreatetime","pgpkeyexpiretime","modifytimestamp",
+ "pgpkeysize","pgpkeytype",NULL};
+ enum ks_search_type search_type;
+
+ search=malloc(2+1+9+1+3+strlen(searchkey)+3+1+15+14+1+1+20);
+ if(!search)
+ {
+ fprintf(console,"gpgkeys: out of memory when building search list\n");
+ fprintf(output,"SEARCH %s FAILED %d\n",searchkey,KEYSERVER_NO_MEMORY);
+ return KEYSERVER_NO_MEMORY;
+ }
+
+ fprintf(output,"SEARCH %s BEGIN\n",searchkey);
+
+ search_type=classify_ks_search(&searchkey);
+
+ if(opt->debug)
+ fprintf(console,"search type is %d, and key is \"%s\"\n",
+ search_type,searchkey);
+
+ /* Build the search string */
+
+ search[0]='\0';
+
+ if(!opt->flags.include_disabled || !opt->flags.include_revoked)
+ strcat(search,"(&");
+
+ strcat(search,"(");
+
+ switch(search_type)
+ {
+ case KS_SEARCH_KEYID_SHORT:
+ strcat(search,"pgpKeyID");
+ break;
+
+ case KS_SEARCH_KEYID_LONG:
+ strcat(search,"pgpCertID");
+ break;
+
+ default:
+ strcat(search,"pgpUserID");
+ break;
+ }
+
+ strcat(search,"=");
+
+ switch(search_type)
+ {
+ case KS_SEARCH_SUBSTR:
+ strcat(search,"*");
+ break;
+
+ case KS_SEARCH_MAIL:
+ strcat(search,"*<");
+ break;
+
+ case KS_SEARCH_MAILSUB:
+ strcat(search,"*<*");
+ break;
+
+ case KS_SEARCH_EXACT:
+ case KS_SEARCH_KEYID_LONG:
+ case KS_SEARCH_KEYID_SHORT:
+ break;
+ }
+
+ strcat(search,searchkey);
+
+ switch(search_type)
+ {
+ case KS_SEARCH_SUBSTR:
+ strcat(search,"*");
+ break;
+
+ case KS_SEARCH_MAIL:
+ strcat(search,">*");
+ break;
+
+ case KS_SEARCH_MAILSUB:
+ strcat(search,"*>*");
+ break;
+
+ case KS_SEARCH_EXACT:
+ case KS_SEARCH_KEYID_LONG:
+ case KS_SEARCH_KEYID_SHORT:
+ break;
+ }
+
+ strcat(search,")");
+
+ if(!opt->flags.include_disabled)
+ strcat(search,"(pgpDisabled=0)");
+
+ if(!opt->flags.include_revoked)
+ strcat(search,"(pgpRevoked=0)");
+
+ if(!opt->flags.include_disabled || !opt->flags.include_revoked)
+ strcat(search,")");
+
+ if(opt->verbose>2)
+ fprintf(console,"gpgkeys: LDAP search for: %s\n",search);
+
+ err=ldap_search_s(ldap,basekeyspacedn,
+ LDAP_SCOPE_SUBTREE,search,attrs,0,&res);
+ free(search);
+ if(err!=LDAP_SUCCESS && err!=LDAP_SIZELIMIT_EXCEEDED)
+ {
+ int errtag=ldap_err_to_gpg_err(err);
+
+ fprintf(output,"SEARCH %s FAILED %d\n",searchkey,errtag);
+ fprintf(console,"gpgkeys: LDAP search error: %s\n",ldap_err2string(err));
+ return errtag;
+ }
+
+ /* The LDAP server doesn't return a real count of unique keys, so we
+ can't use ldap_count_entries here. */
+ each=ldap_first_entry(ldap,res);
+ while(each!=NULL)
+ {
+ char **certid=ldap_get_values(ldap,each,"pgpcertid");
+
+ if(certid!=NULL)
+ {
+ if(!key_in_keylist(certid[0],dupelist))
+ {
+ int rc=add_key_to_keylist(certid[0],&dupelist);
+ if(rc!=0)
+ {
+ fprintf(output,"SEARCH %s FAILED %d\n",searchkey,rc);
+ free_keylist(dupelist);
+ return rc;
+ }
+
+ count++;
+ }
+ }
+
+ each=ldap_next_entry(ldap,each);
+ }
+
+ if(err==LDAP_SIZELIMIT_EXCEEDED)
+ {
+ if(count==1)
+ fprintf(console,"gpgkeys: search results exceeded server limit."
+ " First %d result shown.\n",count);
+ else
+ fprintf(console,"gpgkeys: search results exceeded server limit."
+ " First %d results shown.\n",count);
+ }
+
+ free_keylist(dupelist);
+ dupelist=NULL;
+
+ if(count<1)
+ fprintf(output,"info:1:0\n");
+ else
+ {
+ fprintf(output,"info:1:%d\n",count);
+
+ each=ldap_first_entry(ldap,res);
+ while(each!=NULL)
+ {
+ char **certid;
+
+ certid=ldap_get_values(ldap,each,"pgpcertid");
+ if(certid!=NULL)
+ {
+ LDAPMessage *uids;
+
+ /* Have we seen this certid before? */
+ if(!key_in_keylist(certid[0],dupelist))
+ {
+ int rc=add_key_to_keylist(certid[0],&dupelist);
+ if(rc)
+ {
+ fprintf(output,"SEARCH %s FAILED %d\n",searchkey,rc);
+ free_keylist(dupelist);
+ ldap_value_free(certid);
+ ldap_msgfree(res);
+ return rc;
+ }
+
+ fprintf(output,"pub:%s:",certid[0]);
+
+ vals=ldap_get_values(ldap,each,"pgpkeytype");
+ if(vals!=NULL)
+ {
+ /* The LDAP server doesn't exactly handle this
+ well. */
+ if(strcasecmp(vals[0],"RSA")==0)
+ fprintf(output,"1");
+ else if(strcasecmp(vals[0],"DSS/DH")==0)
+ fprintf(output,"17");
+ ldap_value_free(vals);
+ }
+
+ fputc(':',output);
+
+ vals=ldap_get_values(ldap,each,"pgpkeysize");
+ if(vals!=NULL)
+ {
+ /* Not sure why, but some keys are listed with a
+ key size of 0. Treat that like an
+ unknown. */
+ if(atoi(vals[0])>0)
+ fprintf(output,"%d",atoi(vals[0]));
+ ldap_value_free(vals);
+ }
+
+ fputc(':',output);
+
+ /* YYYYMMDDHHmmssZ */
+
+ vals=ldap_get_values(ldap,each,"pgpkeycreatetime");
+ if(vals!=NULL && strlen(vals[0])==15)
+ {
+ fprintf(output,"%u",
+ (unsigned int)ldap2epochtime(vals[0]));
+ ldap_value_free(vals);
+ }
+
+ fputc(':',output);
+
+ vals=ldap_get_values(ldap,each,"pgpkeyexpiretime");
+ if(vals!=NULL && strlen(vals[0])==15)
+ {
+ fprintf(output,"%u",
+ (unsigned int)ldap2epochtime(vals[0]));
+ ldap_value_free(vals);
+ }
+
+ fputc(':',output);
+
+ vals=ldap_get_values(ldap,each,"pgprevoked");
+ if(vals!=NULL)
+ {
+ if(atoi(vals[0])==1)
+ fprintf(output,"r");
+ ldap_value_free(vals);
+ }
+
+ vals=ldap_get_values(ldap,each,"pgpdisabled");
+ if(vals!=NULL)
+ {
+ if(atoi(vals[0])==1)
+ fprintf(output,"d");
+ ldap_value_free(vals);
+ }
+
+#if 0
+ /* This is not yet specified in the keyserver
+ protocol, but may be someday. */
+ fputc(':',output);
+
+ vals=ldap_get_values(ldap,each,"modifytimestamp");
+ if(vals!=NULL && strlen(vals[0])==15)
+ {
+ fprintf(output,"%u",
+ (unsigned int)ldap2epochtime(vals[0]));
+ ldap_value_free(vals);
+ }
+#endif
+
+ fprintf(output,"\n");
+
+ /* Now print all the uids that have this certid */
+ uids=ldap_first_entry(ldap,res);
+ while(uids!=NULL)
+ {
+ vals=ldap_get_values(ldap,uids,"pgpcertid");
+ if(vals!=NULL)
+ {
+ if(strcasecmp(certid[0],vals[0])==0)
+ {
+ char **uidvals;
+
+ fprintf(output,"uid:");
+
+ uidvals=ldap_get_values(ldap,uids,"pgpuserid");
+ if(uidvals!=NULL)
+ {
+ /* Need to escape any colons */
+ printquoted(output,uidvals[0],':');
+ ldap_value_free(uidvals);
+ }
+
+ fprintf(output,"\n");
+ }
+
+ ldap_value_free(vals);
+ }
+
+ uids=ldap_next_entry(ldap,uids);
+ }
+ }
+
+ ldap_value_free(certid);
+ }
+
+ each=ldap_next_entry(ldap,each);
+ }
+ }
+
+ ldap_msgfree(res);
+ free_keylist(dupelist);
+
+ fprintf(output,"SEARCH %s END\n",searchkey);
+
+ return KEYSERVER_OK;
+}
+
+static void
+fail_all(struct keylist *keylist,int err)
+{
+ if(!keylist)
+ return;
+
+ if(opt->action==KS_SEARCH)
+ {
+ fprintf(output,"SEARCH ");
+ while(keylist)
+ {
+ fprintf(output,"%s ",keylist->str);
+ keylist=keylist->next;
+ }
+ fprintf(output,"FAILED %d\n",err);
+ }
+ else
+ while(keylist)
+ {
+ fprintf(output,"KEY %s FAILED %d\n",keylist->str,err);
+ keylist=keylist->next;
+ }
+}
+
+static int
+find_basekeyspacedn(void)
+{
+ int err,i;
+ char *attr[]={"namingContexts",NULL,NULL,NULL};
+ LDAPMessage *res;
+ char **context;
+
+ /* Look for namingContexts */
+ err=ldap_search_s(ldap,"",LDAP_SCOPE_BASE,"(objectClass=*)",attr,0,&res);
+ if(err==LDAP_SUCCESS)
+ {
+ context=ldap_get_values(ldap,res,"namingContexts");
+ if(context)
+ {
+ attr[0]="pgpBaseKeySpaceDN";
+ attr[1]="pgpVersion";
+ attr[2]="pgpSoftware";
+
+ real_ldap=1;
+
+ /* We found some, so try each namingContext as the search base
+ and look for pgpBaseKeySpaceDN. Because we found this, we
+ know we're talking to a regular-ish LDAP server and not a
+ LDAP keyserver. */
+
+ for(i=0;context[i] && !basekeyspacedn;i++)
+ {
+ char **vals;
+ LDAPMessage *si_res;
+ char *object;
+
+ object=malloc(17+strlen(context[i])+1);
+ if(!object)
+ return -1;
+
+ strcpy(object,"cn=pgpServerInfo,");
+ strcat(object,context[i]);
+
+ err=ldap_search_s(ldap,object,LDAP_SCOPE_BASE,
+ "(objectClass=*)",attr,0,&si_res);
+ free(object);
+
+ if(err==LDAP_NO_SUCH_OBJECT)
+ continue;
+ else if(err!=LDAP_SUCCESS)
+ return err;
+
+ vals=ldap_get_values(ldap,si_res,"pgpBaseKeySpaceDN");
+ if(vals)
+ {
+ basekeyspacedn=strdup(vals[0]);
+ ldap_value_free(vals);
+ }
+
+ if(opt->verbose>1)
+ {
+ vals=ldap_get_values(ldap,si_res,"pgpSoftware");
+ if(vals)
+ {
+ fprintf(console,"Server: \t%s\n",vals[0]);
+ ldap_value_free(vals);
+ }
+
+ vals=ldap_get_values(ldap,si_res,"pgpVersion");
+ if(vals)
+ {
+ fprintf(console,"Version:\t%s\n",vals[0]);
+ ldap_value_free(vals);
+ }
+ }
+
+ ldap_msgfree(si_res);
+ }
+
+ ldap_value_free(context);
+ }
+
+ ldap_msgfree(res);
+ }
+ else
+ {
+ /* We don't have an answer yet, which means the server might be
+ a LDAP keyserver. */
+ char **vals;
+ LDAPMessage *si_res;
+
+ attr[0]="pgpBaseKeySpaceDN";
+ attr[1]="version";
+ attr[2]="software";
+
+ err=ldap_search_s(ldap,"cn=pgpServerInfo",LDAP_SCOPE_BASE,
+ "(objectClass=*)",attr,0,&si_res);
+ if(err!=LDAP_SUCCESS)
+ return err;
+
+ /* For the LDAP keyserver, this is always "OU=ACTIVE,O=PGP
+ KEYSPACE,C=US", but it might not be in the future. */
+
+ vals=ldap_get_values(ldap,si_res,"baseKeySpaceDN");
+ if(vals)
+ {
+ basekeyspacedn=strdup(vals[0]);
+ ldap_value_free(vals);
+ }
+
+ if(opt->verbose>1)
+ {
+ vals=ldap_get_values(ldap,si_res,"software");
+ if(vals)
+ {
+ fprintf(console,"Server: \t%s\n",vals[0]);
+ ldap_value_free(vals);
+ }
+ }
+
+ vals=ldap_get_values(ldap,si_res,"version");
+ if(vals)
+ {
+ if(opt->verbose>1)
+ fprintf(console,"Version:\t%s\n",vals[0]);
+
+ /* If the version is high enough, use the new pgpKeyV2
+ attribute. This design if iffy at best, but it matches how
+ PGP does it. I figure the NAI folks assumed that there would
+ never be a LDAP keyserver vendor with a different numbering
+ scheme. */
+ if(atoi(vals[0])>1)
+ pgpkeystr="pgpKeyV2";
+
+ ldap_value_free(vals);
+ }
+
+ ldap_msgfree(si_res);
+ }
+
+ return LDAP_SUCCESS;
+}
+
+static void
+show_help (FILE *fp)
+{
+ fprintf (fp,"-h, --help\thelp\n");
+ fprintf (fp,"-V\t\tmachine readable version\n");
+ fprintf (fp,"--version\thuman readable version\n");
+ fprintf (fp,"-o\t\toutput to this file\n");
+}
+
+int
+main(int argc,char *argv[])
+{
+ int port=0,arg,err,ret=KEYSERVER_INTERNAL_ERROR;
+ char line[MAX_LINE],*binddn=NULL,*bindpw=NULL;
+ int failed=0,use_ssl=0,use_tls=0,bound=0;
+ struct keylist *keylist=NULL,*keyptr=NULL;
+
+ console=stderr;
+
+ /* Kludge to implement standard GNU options. */
+ if (argc > 1 && !strcmp (argv[1], "--version"))
+ {
+ fputs ("gpgkeys_ldap (GnuPG) " VERSION"\n", stdout);
+ return 0;
+ }
+ else if (argc > 1 && !strcmp (argv[1], "--help"))
+ {
+ show_help (stdout);
+ return 0;
+ }
+
+ while((arg=getopt(argc,argv,"hVo:"))!=-1)
+ switch(arg)
+ {
+ default:
+ case 'h':
+ show_help (console);
+ return KEYSERVER_OK;
+
+ case 'V':
+ fprintf(stdout,"%d\n%s\n",KEYSERVER_PROTO_VERSION,VERSION);
+ return KEYSERVER_OK;
+
+ case 'o':
+ output=fopen(optarg,"w");
+ if(output==NULL)
+ {
+ fprintf(console,"gpgkeys: Cannot open output file `%s': %s\n",
+ optarg,strerror(errno));
+ return KEYSERVER_INTERNAL_ERROR;
+ }
+
+ break;
+ }
+
+ if(argc>optind)
+ {
+ input=fopen(argv[optind],"r");
+ if(input==NULL)
+ {
+ fprintf(console,"gpgkeys: Cannot open input file `%s': %s\n",
+ argv[optind],strerror(errno));
+ return KEYSERVER_INTERNAL_ERROR;
+ }
+ }
+
+ if(input==NULL)
+ input=stdin;
+
+ if(output==NULL)
+ output=stdout;
+
+ opt=init_ks_options();
+ if(!opt)
+ return KEYSERVER_NO_MEMORY;
+
+ /* Get the command and info block */
+
+ while(fgets(line,MAX_LINE,input)!=NULL)
+ {
+ char optionstr[MAX_OPTION+1];
+
+ if(line[0]=='\n')
+ break;
+
+ err=parse_ks_options(line,opt);
+ if(err>0)
+ {
+ ret=err;
+ goto fail;
+ }
+ else if(err==0)
+ continue;
+
+ if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "[^\n]\n",optionstr)==1)
+ {
+ int no=0;
+ char *start=&optionstr[0];
+
+ optionstr[MAX_OPTION]='\0';
+
+ if(strncasecmp(optionstr,"no-",3)==0)
+ {
+ no=1;
+ start=&optionstr[3];
+ }
+
+ if(strncasecmp(start,"tls",3)==0)
+ {
+ if(no)
+ use_tls=0;
+ else if(start[3]=='=')
+ {
+ if(strcasecmp(&start[4],"no")==0)
+ use_tls=0;
+ else if(strcasecmp(&start[4],"try")==0)
+ use_tls=1;
+ else if(strcasecmp(&start[4],"warn")==0)
+ use_tls=2;
+ else if(strcasecmp(&start[4],"require")==0)
+ use_tls=3;
+ else
+ use_tls=1;
+ }
+ else if(start[3]=='\0')
+ use_tls=1;
+ }
+ else if(strncasecmp(start,"basedn",6)==0)
+ {
+ if(no)
+ {
+ free(basekeyspacedn);
+ basekeyspacedn=NULL;
+ }
+ else if(start[6]=='=')
+ {
+ free(basekeyspacedn);
+ basekeyspacedn=strdup(&start[7]);
+ if(!basekeyspacedn)
+ {
+ fprintf(console,"gpgkeys: out of memory while creating "
+ "base DN\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ real_ldap=1;
+ }
+ }
+ else if(strncasecmp(start,"binddn",6)==0)
+ {
+ if(no)
+ {
+ free(binddn);
+ binddn=NULL;
+ }
+ else if(start[6]=='=')
+ {
+ free(binddn);
+ binddn=strdup(&start[7]);
+ if(!binddn)
+ {
+ fprintf(console,"gpgkeys: out of memory while creating "
+ "bind DN\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ real_ldap=1;
+ }
+ }
+ else if(strncasecmp(start,"bindpw",6)==0)
+ {
+ if(no)
+ {
+ free(bindpw);
+ bindpw=NULL;
+ }
+ else if(start[6]=='=')
+ {
+ free(bindpw);
+ bindpw=strdup(&start[7]);
+ if(!bindpw)
+ {
+ fprintf(console,"gpgkeys: out of memory while creating "
+ "bind password\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ real_ldap=1;
+ }
+ }
+
+ continue;
+ }
+ }
+
+ if(!opt->scheme)
+ {
+ fprintf(console,"gpgkeys: no scheme supplied!\n");
+ ret=KEYSERVER_SCHEME_NOT_FOUND;
+ goto fail;
+ }
+
+ if(strcasecmp(opt->scheme,"ldaps")==0)
+ {
+ port=636;
+ use_ssl=1;
+ }
+
+ if(opt->port)
+ port=atoi(opt->port);
+
+ if(!opt->host)
+ {
+ fprintf(console,"gpgkeys: no keyserver host provided\n");
+ goto fail;
+ }
+
+ if(opt->timeout && register_timeout()==-1)
+ {
+ fprintf(console,"gpgkeys: unable to register timeout handler\n");
+ return KEYSERVER_INTERNAL_ERROR;
+ }
+
+#if defined(LDAP_OPT_X_TLS_CACERTFILE) && defined(HAVE_LDAP_SET_OPTION)
+
+ if(opt->ca_cert_file)
+ {
+ err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,opt->ca_cert_file);
+ if(err!=LDAP_SUCCESS)
+ {
+ fprintf(console,"gpgkeys: unable to set ca-cert-file: %s\n",
+ ldap_err2string(err));
+ ret=KEYSERVER_INTERNAL_ERROR;
+ goto fail;
+ }
+ }
+#endif /* LDAP_OPT_X_TLS_CACERTFILE && HAVE_LDAP_SET_OPTION */
+
+ /* SSL trumps TLS */
+ if(use_ssl)
+ use_tls=0;
+
+ /* If it's a GET or a SEARCH, the next thing to come in is the
+ keyids. If it's a SEND, then there are no keyids. */
+
+ if(opt->action==KS_SEND)
+ while(fgets(line,MAX_LINE,input)!=NULL && line[0]!='\n');
+ else if(opt->action==KS_GET
+ || opt->action==KS_GETNAME || opt->action==KS_SEARCH)
+ {
+ for(;;)
+ {
+ struct keylist *work;
+
+ if(fgets(line,MAX_LINE,input)==NULL)
+ break;
+ else
+ {
+ if(line[0]=='\n' || line[0]=='\0')
+ break;
+
+ work=malloc(sizeof(struct keylist));
+ if(work==NULL)
+ {
+ fprintf(console,"gpgkeys: out of memory while "
+ "building key list\n");
+ ret=KEYSERVER_NO_MEMORY;
+ goto fail;
+ }
+
+ strcpy(work->str,line);
+
+ /* Trim the trailing \n */
+ work->str[strlen(line)-1]='\0';
+
+ work->next=NULL;
+
+ /* Always attach at the end to keep the list in proper
+ order for searching */
+ if(keylist==NULL)
+ keylist=work;
+ else
+ keyptr->next=work;
+
+ keyptr=work;
+ }
+ }
+ }
+ else
+ {
+ fprintf(console,"gpgkeys: no keyserver command specified\n");
+ goto fail;
+ }
+
+ /* Send the response */
+
+ fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
+ fprintf(output,"PROGRAM %s\n\n",VERSION);
+
+ if(opt->verbose>1)
+ {
+ fprintf(console,"Host:\t\t%s\n",opt->host);
+ if(port)
+ fprintf(console,"Port:\t\t%d\n",port);
+ fprintf(console,"Command:\t%s\n",ks_action_to_string(opt->action));
+ }
+
+ if(opt->debug)
+ {
+#if defined(LDAP_OPT_DEBUG_LEVEL) && defined(HAVE_LDAP_SET_OPTION)
+ err=ldap_set_option(NULL,LDAP_OPT_DEBUG_LEVEL,&opt->debug);
+ if(err!=LDAP_SUCCESS)
+ fprintf(console,"gpgkeys: unable to set debug mode: %s\n",
+ ldap_err2string(err));
+ else
+ fprintf(console,"gpgkeys: debug level %d\n",opt->debug);
+#else
+ fprintf(console,"gpgkeys: not built with debugging support\n");
+#endif
+ }
+
+ /* We have a timeout set for the setup stuff since it could time out
+ as well. */
+ set_timeout(opt->timeout);
+
+ /* Note that this tries all A records on a given host (or at least,
+ OpenLDAP does). */
+ ldap=ldap_init(opt->host,port);
+ if(ldap==NULL)
+ {
+ fprintf(console,"gpgkeys: internal LDAP init error: %s\n",
+ strerror(errno));
+ fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
+ goto fail;
+ }
+
+ if(use_ssl)
+ {
+#if defined(LDAP_OPT_X_TLS) && defined(HAVE_LDAP_SET_OPTION)
+ int ssl=LDAP_OPT_X_TLS_HARD;
+
+ err=ldap_set_option(ldap,LDAP_OPT_X_TLS,&ssl);
+ if(err!=LDAP_SUCCESS)
+ {
+ fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
+ ldap_err2string(err));
+ fail_all(keylist,ldap_err_to_gpg_err(err));
+ goto fail;
+ }
+
+ if(!opt->flags.check_cert)
+ ssl=LDAP_OPT_X_TLS_NEVER;
+
+ err=ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&ssl);
+ if(err!=LDAP_SUCCESS)
+ {
+ fprintf(console,
+ "gpgkeys: unable to set certificate validation: %s\n",
+ ldap_err2string(err));
+ fail_all(keylist,ldap_err_to_gpg_err(err));
+ goto fail;
+ }
+#else
+ fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
+ "not built with LDAPS support");
+ fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
+ goto fail;
+#endif
+ }
+
+ if(!basekeyspacedn)
+ if((err=find_basekeyspacedn()) || !basekeyspacedn)
+ {
+ fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n",
+ err?ldap_err2string(err):"not found");
+ fail_all(keylist,ldap_err_to_gpg_err(err));
+ goto fail;
+ }
+
+ /* use_tls: 0=don't use, 1=try silently to use, 2=try loudly to use,
+ 3=force use. */
+ if(use_tls)
+ {
+ if(!real_ldap)
+ {
+ if(use_tls>=2)
+ fprintf(console,"gpgkeys: unable to start TLS: %s\n",
+ "not supported by the NAI LDAP keyserver");
+ if(use_tls==3)
+ {
+ fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
+ goto fail;
+ }
+ }
+ else
+ {
+#if defined(HAVE_LDAP_START_TLS_S) && defined(HAVE_LDAP_SET_OPTION)
+ int ver=LDAP_VERSION3;
+
+ err=ldap_set_option(ldap,LDAP_OPT_PROTOCOL_VERSION,&ver);
+
+#ifdef LDAP_OPT_X_TLS
+ if(err==LDAP_SUCCESS)
+ {
+ if(opt->flags.check_cert)
+ ver=LDAP_OPT_X_TLS_HARD;
+ else
+ ver=LDAP_OPT_X_TLS_NEVER;
+
+ err=ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&ver);
+ }
+#endif
+
+ if(err==LDAP_SUCCESS)
+ err=ldap_start_tls_s(ldap,NULL,NULL);
+
+ if(err!=LDAP_SUCCESS)
+ {
+ if(use_tls>=2 || opt->verbose>2)
+ fprintf(console,"gpgkeys: unable to start TLS: %s\n",
+ ldap_err2string(err));
+ /* Are we forcing it? */
+ if(use_tls==3)
+ {
+ fail_all(keylist,ldap_err_to_gpg_err(err));
+ goto fail;
+ }
+ }
+ else if(opt->verbose>1)
+ fprintf(console,"gpgkeys: TLS started successfully.\n");
+#else
+ if(use_tls>=2)
+ fprintf(console,"gpgkeys: unable to start TLS: %s\n",
+ "not built with TLS support");
+ if(use_tls==3)
+ {
+ fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
+ goto fail;
+ }
+#endif
+ }
+ }
+
+ /* By default we don't bind as there is usually no need to. For
+ cases where the server needs some authentication, the user can
+ use binddn and bindpw for auth. */
+
+ if(binddn)
+ {
+#ifdef HAVE_LDAP_SET_OPTION
+ int ver=LDAP_VERSION3;
+
+ err=ldap_set_option(ldap,LDAP_OPT_PROTOCOL_VERSION,&ver);
+ if(err!=LDAP_SUCCESS)
+ {
+ fprintf(console,"gpgkeys: unable to go to LDAP 3: %s\n",
+ ldap_err2string(err));
+ fail_all(keylist,ldap_err_to_gpg_err(err));
+ goto fail;
+ }
+#endif
+
+ if(opt->verbose>2)
+ fprintf(console,"gpgkeys: LDAP bind to %s, pw %s\n",binddn,
+ bindpw?">not shown<":">none<");
+ err=ldap_simple_bind_s(ldap,binddn,bindpw);
+ if(err!=LDAP_SUCCESS)
+ {
+ fprintf(console,"gpgkeys: internal LDAP bind error: %s\n",
+ ldap_err2string(err));
+ fail_all(keylist,ldap_err_to_gpg_err(err));
+ goto fail;
+ }
+ else
+ bound=1;
+ }
+
+ if(opt->action==KS_GET)
+ {
+ keyptr=keylist;
+
+ while(keyptr!=NULL)
+ {
+ set_timeout(opt->timeout);
+
+ if(get_key(keyptr->str)!=KEYSERVER_OK)
+ failed++;
+
+ keyptr=keyptr->next;
+ }
+ }
+ else if(opt->action==KS_GETNAME)
+ {
+ keyptr=keylist;
+
+ while(keyptr!=NULL)
+ {
+ set_timeout(opt->timeout);
+
+ if(get_name(keyptr->str)!=KEYSERVER_OK)
+ failed++;
+
+ keyptr=keyptr->next;
+ }
+ }
+ else if(opt->action==KS_SEND)
+ {
+ int eof_seen = 0;
+
+ do
+ {
+ set_timeout(opt->timeout);
+
+ if(real_ldap)
+ {
+ if (send_key(&eof_seen) != KEYSERVER_OK)
+ failed++;
+ }
+ else
+ {
+ if (send_key_keyserver(&eof_seen) != KEYSERVER_OK)
+ failed++;
+ }
+ }
+ while (!eof_seen);
+ }
+ else if(opt->action==KS_SEARCH)
+ {
+ char *searchkey=NULL;
+ int len=0;
+
+ set_timeout(opt->timeout);
+
+ /* To search, we stick a * in between each key to search for.
+ This means that if the user enters words, they'll get
+ "enters*words". If the user "enters words", they'll get
+ "enters words" */
+
+ keyptr=keylist;
+ while(keyptr!=NULL)
+ {
+ len+=strlen(keyptr->str)+1;
+ keyptr=keyptr->next;
+ }
+
+ searchkey=malloc((len*3)+1);
+ if(searchkey==NULL)
+ {
+ ret=KEYSERVER_NO_MEMORY;
+ fail_all(keylist,KEYSERVER_NO_MEMORY);
+ goto fail;
+ }
+
+ searchkey[0]='\0';
+
+ keyptr=keylist;
+ while(keyptr!=NULL)
+ {
+ ldap_quote(searchkey,keyptr->str);
+ strcat(searchkey,"*");
+ keyptr=keyptr->next;
+ }
+
+ /* Nail that last "*" */
+ if(*searchkey)
+ searchkey[strlen(searchkey)-1]='\0';
+
+ if(search_key(searchkey)!=KEYSERVER_OK)
+ failed++;
+
+ free(searchkey);
+ }
+ else
+ assert (!"bad action");
+
+ if(!failed)
+ ret=KEYSERVER_OK;
+
+ fail:
+
+ while(keylist!=NULL)
+ {
+ struct keylist *current=keylist;
+ keylist=keylist->next;
+ free(current);
+ }
+
+ if(input!=stdin)
+ fclose(input);
+
+ if(output!=stdout)
+ fclose(output);
+
+ free_ks_options(opt);
+
+ if(ldap!=NULL && bound)
+ ldap_unbind_s(ldap);
+
+ free(basekeyspacedn);
+
+ return ret;
+}
diff --git a/keyserver/ksutil.c b/keyserver/ksutil.c
new file mode 100644
index 0000000..cc46b92
--- /dev/null
+++ b/keyserver/ksutil.c
@@ -0,0 +1,622 @@
+/* ksutil.c - general keyserver utility functions
+ * Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, as a special exception, the Free Software Foundation
+ * gives permission to link the code of the keyserver helper tools:
+ * gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL
+ * project's "OpenSSL" library (or with modified versions of it that
+ * use the same license as the "OpenSSL" library), and distribute the
+ * linked executables. You must obey the GNU General Public License
+ * in all respects for all of the code used other than "OpenSSL". If
+ * you modify this file, you may extend this exception to your version
+ * of the file, but you are not obligated to do so. If you do not
+ * wish to do so, delete this exception statement from your version.
+ */
+
+#include <config.h>
+#include <signal.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#ifdef HAVE_W32_SYSTEM
+#include <windows.h>
+#endif
+
+#ifdef HAVE_LIBCURL
+#include <curl/curl.h>
+#else
+#include "curl-shim.h"
+#endif
+#include "util.h"
+#include "keyserver.h"
+#include "ksutil.h"
+
+#ifdef HAVE_DOSISH_SYSTEM
+
+unsigned int set_timeout(unsigned int seconds) {return 0;}
+int register_timeout(void) {return 0;}
+
+#else
+
+static void
+catch_alarm(int foo)
+{
+ (void)foo;
+ _exit(KEYSERVER_TIMEOUT);
+}
+
+unsigned int
+set_timeout(unsigned int seconds)
+{
+ return alarm(seconds);
+}
+
+int
+register_timeout(void)
+{
+#if defined(HAVE_SIGACTION) && defined(HAVE_STRUCT_SIGACTION)
+ struct sigaction act;
+
+ act.sa_handler=catch_alarm;
+ sigemptyset(&act.sa_mask);
+ act.sa_flags=0;
+ return sigaction(SIGALRM,&act,NULL);
+#else
+ if(signal(SIGALRM,catch_alarm)==SIG_ERR)
+ return -1;
+ else
+ return 0;
+#endif
+}
+
+#endif /* !HAVE_DOSISH_SYSTEM */
+
+#ifdef HAVE_W32_SYSTEM
+void
+w32_init_sockets (void)
+{
+ static int initialized;
+ static WSADATA wsdata;
+
+ if (!initialized)
+ {
+ WSAStartup (0x0202, &wsdata);
+ initialized = 1;
+ }
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+struct ks_options *
+init_ks_options(void)
+{
+ struct ks_options *opt;
+
+ opt=calloc(1,sizeof(struct ks_options));
+
+ if(opt)
+ {
+ opt->action=KS_UNKNOWN;
+ opt->flags.include_revoked=1;
+ opt->flags.include_subkeys=1;
+ opt->flags.check_cert=1;
+ opt->timeout=DEFAULT_KEYSERVER_TIMEOUT;
+ opt->path=strdup("/");
+ if(!opt->path)
+ {
+ free(opt);
+ opt=NULL;
+ }
+ }
+
+ return opt;
+}
+
+void
+free_ks_options(struct ks_options *opt)
+{
+ if(opt)
+ {
+ free(opt->host);
+ free(opt->port);
+ free(opt->scheme);
+ free(opt->auth);
+ free(opt->path);
+ free(opt->opaque);
+ free(opt->ca_cert_file);
+ free(opt);
+ }
+}
+
+/* Returns 0 if we "ate" the line. Returns >0, a KEYSERVER_ error
+ code if that error applies. Returns -1 if we did not match the
+ line at all. */
+int
+parse_ks_options(char *line,struct ks_options *opt)
+{
+ int version;
+ char command[MAX_COMMAND+1];
+ char host[MAX_HOST+1];
+ char port[MAX_PORT+1];
+ char scheme[MAX_SCHEME+1];
+ char auth[MAX_AUTH+1];
+ char path[URLMAX_PATH+1];
+ char opaque[MAX_OPAQUE+1];
+ char option[MAX_OPTION+1];
+
+ if(line[0]=='#')
+ return 0;
+
+ if(sscanf(line,"COMMAND %" MKSTRING(MAX_COMMAND) "s\n",command)==1)
+ {
+ command[MAX_COMMAND]='\0';
+
+ if(strcasecmp(command,"get")==0)
+ opt->action=KS_GET;
+ else if(strcasecmp(command,"getname")==0)
+ opt->action=KS_GETNAME;
+ else if(strcasecmp(command,"send")==0)
+ opt->action=KS_SEND;
+ else if(strcasecmp(command,"search")==0)
+ opt->action=KS_SEARCH;
+
+ return 0;
+ }
+
+ if(sscanf(line,"HOST %" MKSTRING(MAX_HOST) "s\n",host)==1)
+ {
+ host[MAX_HOST]='\0';
+ free(opt->host);
+ opt->host=strdup(host);
+ if(!opt->host)
+ return KEYSERVER_NO_MEMORY;
+ return 0;
+ }
+
+ if(sscanf(line,"PORT %" MKSTRING(MAX_PORT) "s\n",port)==1)
+ {
+ port[MAX_PORT]='\0';
+ free(opt->port);
+ opt->port=strdup(port);
+ if(!opt->port)
+ return KEYSERVER_NO_MEMORY;
+ return 0;
+ }
+
+ if(sscanf(line,"SCHEME %" MKSTRING(MAX_SCHEME) "s\n",scheme)==1)
+ {
+ scheme[MAX_SCHEME]='\0';
+ free(opt->scheme);
+ opt->scheme=strdup(scheme);
+ if(!opt->scheme)
+ return KEYSERVER_NO_MEMORY;
+ return 0;
+ }
+
+ if(sscanf(line,"AUTH %" MKSTRING(MAX_AUTH) "s\n",auth)==1)
+ {
+ auth[MAX_AUTH]='\0';
+ free(opt->auth);
+ opt->auth=strdup(auth);
+ if(!opt->auth)
+ return KEYSERVER_NO_MEMORY;
+ return 0;
+ }
+
+ if(sscanf(line,"PATH %" MKSTRING(URLMAX_PATH) "s\n",path)==1)
+ {
+ path[URLMAX_PATH]='\0';
+ free(opt->path);
+ opt->path=strdup(path);
+ if(!opt->path)
+ return KEYSERVER_NO_MEMORY;
+ return 0;
+ }
+
+ if(sscanf(line,"OPAQUE %" MKSTRING(MAX_OPAQUE) "s\n",opaque)==1)
+ {
+ opaque[MAX_OPAQUE]='\0';
+ free(opt->opaque);
+ opt->opaque=strdup(opaque);
+ if(!opt->opaque)
+ return KEYSERVER_NO_MEMORY;
+ return 0;
+ }
+
+ if(sscanf(line,"VERSION %d\n",&version)==1)
+ {
+ if(version!=KEYSERVER_PROTO_VERSION)
+ return KEYSERVER_VERSION_ERROR;
+
+ return 0;
+ }
+
+ if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "[^\n]\n",option)==1)
+ {
+ int no=0;
+ char *start=&option[0];
+
+ option[MAX_OPTION]='\0';
+
+ if(strncasecmp(option,"no-",3)==0)
+ {
+ no=1;
+ start=&option[3];
+ }
+
+ if(strncasecmp(start,"verbose",7)==0)
+ {
+ if(no)
+ opt->verbose=0;
+ else if(start[7]=='=')
+ opt->verbose=atoi(&start[8]);
+ else
+ opt->verbose++;
+ }
+ else if(strcasecmp(start,"include-disabled")==0)
+ {
+ if(no)
+ opt->flags.include_disabled=0;
+ else
+ opt->flags.include_disabled=1;
+ }
+ else if(strcasecmp(start,"include-revoked")==0)
+ {
+ if(no)
+ opt->flags.include_revoked=0;
+ else
+ opt->flags.include_revoked=1;
+ }
+ else if(strcasecmp(start,"include-subkeys")==0)
+ {
+ if(no)
+ opt->flags.include_subkeys=0;
+ else
+ opt->flags.include_subkeys=1;
+ }
+ else if(strcasecmp(start,"check-cert")==0)
+ {
+ if(no)
+ opt->flags.check_cert=0;
+ else
+ opt->flags.check_cert=1;
+ }
+ else if(strncasecmp(start,"debug",5)==0)
+ {
+ if(no)
+ opt->debug=0;
+ else if(start[5]=='=')
+ opt->debug=atoi(&start[6]);
+ else if(start[5]=='\0')
+ opt->debug=1;
+ }
+ else if(strncasecmp(start,"timeout",7)==0)
+ {
+ if(no)
+ opt->timeout=0;
+ else if(start[7]=='=')
+ opt->timeout=atoi(&start[8]);
+ else if(start[7]=='\0')
+ opt->timeout=DEFAULT_KEYSERVER_TIMEOUT;
+ }
+ else if(strncasecmp(start,"ca-cert-file",12)==0)
+ {
+ if(no)
+ {
+ free(opt->ca_cert_file);
+ opt->ca_cert_file=NULL;
+ }
+ else if(start[12]=='=')
+ {
+ free(opt->ca_cert_file);
+ opt->ca_cert_file = make_filename_try (start+13, NULL);
+ if(!opt->ca_cert_file)
+ return KEYSERVER_NO_MEMORY;
+ }
+ }
+ }
+
+ return -1;
+}
+
+const char *
+ks_action_to_string(enum ks_action action)
+{
+ switch(action)
+ {
+ case KS_UNKNOWN: return "UNKNOWN";
+ case KS_GET: return "GET";
+ case KS_GETNAME: return "GETNAME";
+ case KS_SEND: return "SEND";
+ case KS_SEARCH: return "SEARCH";
+ }
+
+ return "?";
+}
+
+/* Canonicalize CRLF to just LF by stripping CRs. This actually makes
+ sense, since on Unix-like machines LF is correct, and on win32-like
+ machines, our output buffer is opened in textmode and will
+ re-canonicalize line endings back to CRLF. Since we only need to
+ handle armored keys, we don't have to worry about odd cases like
+ CRCRCR and the like. */
+
+void
+print_nocr(FILE *stream,const char *str)
+{
+ while(*str)
+ {
+ if(*str!='\r')
+ fputc(*str,stream);
+ str++;
+ }
+}
+
+enum ks_search_type
+classify_ks_search(const char **search)
+{
+ switch(**search)
+ {
+ case '*':
+ (*search)++;
+ return KS_SEARCH_SUBSTR;
+ case '=':
+ (*search)++;
+ return KS_SEARCH_EXACT;
+ case '<':
+ (*search)++;
+ return KS_SEARCH_MAIL;
+ case '@':
+ (*search)++;
+ return KS_SEARCH_MAILSUB;
+ case '0':
+ if((*search)[1]=='x')
+ {
+ if(strlen(*search)==10
+ && strspn(*search,"abcdefABCDEF1234567890x")==10)
+ {
+ (*search)+=2;
+ return KS_SEARCH_KEYID_SHORT;
+ }
+ else if(strlen(*search)==18
+ && strspn(*search,"abcdefABCDEF1234567890x")==18)
+ {
+ (*search)+=2;
+ return KS_SEARCH_KEYID_LONG;
+ }
+ }
+ /* fall through */
+ default:
+ return KS_SEARCH_SUBSTR;
+ }
+}
+
+int
+curl_err_to_gpg_err(CURLcode error)
+{
+ switch(error)
+ {
+ case CURLE_OK: return KEYSERVER_OK;
+ case CURLE_UNSUPPORTED_PROTOCOL: return KEYSERVER_SCHEME_NOT_FOUND;
+ case CURLE_COULDNT_CONNECT: return KEYSERVER_UNREACHABLE;
+ case CURLE_FTP_COULDNT_RETR_FILE: return KEYSERVER_KEY_NOT_FOUND;
+ default: return KEYSERVER_INTERNAL_ERROR;
+ }
+}
+
+#define B64 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
+
+static void
+curl_armor_writer(const unsigned char *buf,size_t size,void *cw_ctx)
+{
+ struct curl_writer_ctx *ctx=cw_ctx;
+ size_t idx=0;
+
+ while(idx<size)
+ {
+ for(;ctx->armor_remaining<3 && idx<size;ctx->armor_remaining++,idx++)
+ ctx->armor_ctx[ctx->armor_remaining]=buf[idx];
+
+ if(ctx->armor_remaining==3)
+ {
+ /* Top 6 bytes of ctx->armor_ctx[0] */
+ fputc(B64[(ctx->armor_ctx[0]>>2)&0x3F],ctx->stream);
+ /* Bottom 2 bytes of ctx->armor_ctx[0] and top 4 bytes of
+ ctx->armor_ctx[1] */
+ fputc(B64[(((ctx->armor_ctx[0]<<4)&0x30)
+ |((ctx->armor_ctx[1]>>4)&0x0F))&0x3F],ctx->stream);
+ /* Bottom 4 bytes of ctx->armor_ctx[1] and top 2 bytes of
+ ctx->armor_ctx[2] */
+ fputc(B64[(((ctx->armor_ctx[1]<<2)&0x3C)
+ |((ctx->armor_ctx[2]>>6)&0x03))&0x3F],ctx->stream);
+ /* Bottom 6 bytes of ctx->armor_ctx[2] */
+ fputc(B64[(ctx->armor_ctx[2]&0x3F)],ctx->stream);
+
+ ctx->linelen+=4;
+ if(ctx->linelen>=70)
+ {
+ fputc('\n',ctx->stream);
+ ctx->linelen=0;
+ }
+
+ ctx->armor_remaining=0;
+ }
+ }
+
+}
+
+size_t
+curl_writer(const void *ptr,size_t size,size_t nmemb,void *cw_ctx)
+{
+ struct curl_writer_ctx *ctx=cw_ctx;
+ const char *buf=ptr;
+ size_t i;
+
+ if(!ctx->flags.initialized)
+ {
+ if(size*nmemb==0)
+ return 0;
+
+ /* The object we're fetching is in binary form */
+ if(*buf&0x80)
+ {
+ ctx->flags.armor=1;
+ fprintf(ctx->stream,BEGIN"\n\n");
+ }
+ else
+ ctx->marker=BEGIN;
+
+ ctx->flags.initialized=1;
+ }
+
+ if(ctx->flags.armor)
+ curl_armor_writer(ptr,size*nmemb,cw_ctx);
+ else
+ {
+ /* scan the incoming data for our marker */
+ for(i=0;!ctx->flags.done && i<(size*nmemb);i++)
+ {
+ if(buf[i]==ctx->marker[ctx->markeridx])
+ {
+ ctx->markeridx++;
+ if(ctx->marker[ctx->markeridx]=='\0')
+ {
+ if(ctx->flags.begun)
+ ctx->flags.done=1;
+ else
+ {
+ /* We've found the BEGIN marker, so now we're
+ looking for the END marker. */
+ ctx->flags.begun=1;
+ ctx->marker=END;
+ ctx->markeridx=0;
+ fprintf(ctx->stream,BEGIN);
+ continue;
+ }
+ }
+ }
+ else
+ ctx->markeridx=0;
+
+ if(ctx->flags.begun)
+ {
+ /* Canonicalize CRLF to just LF by stripping CRs. This
+ actually makes sense, since on Unix-like machines LF
+ is correct, and on win32-like machines, our output
+ buffer is opened in textmode and will re-canonicalize
+ line endings back to CRLF. Since this code is just
+ for handling armored keys, we don't have to worry
+ about odd cases like CRCRCR and the like. */
+
+ if(buf[i]!='\r')
+ fputc(buf[i],ctx->stream);
+ }
+ }
+ }
+
+ return size*nmemb;
+}
+
+void
+curl_writer_finalize(struct curl_writer_ctx *ctx)
+{
+ if(ctx->flags.armor)
+ {
+ if(ctx->armor_remaining==2)
+ {
+ /* Top 6 bytes of ctx->armorctx[0] */
+ fputc(B64[(ctx->armor_ctx[0]>>2)&0x3F],ctx->stream);
+ /* Bottom 2 bytes of ctx->armor_ctx[0] and top 4 bytes of
+ ctx->armor_ctx[1] */
+ fputc(B64[(((ctx->armor_ctx[0]<<4)&0x30)
+ |((ctx->armor_ctx[1]>>4)&0x0F))&0x3F],ctx->stream);
+ /* Bottom 4 bytes of ctx->armor_ctx[1] */
+ fputc(B64[((ctx->armor_ctx[1]<<2)&0x3C)],ctx->stream);
+ /* Pad */
+ fputc('=',ctx->stream);
+ }
+ else if(ctx->armor_remaining==1)
+ {
+ /* Top 6 bytes of ctx->armor_ctx[0] */
+ fputc(B64[(ctx->armor_ctx[0]>>2)&0x3F],ctx->stream);
+ /* Bottom 2 bytes of ctx->armor_ctx[0] */
+ fputc(B64[((ctx->armor_ctx[0]<<4)&0x30)],ctx->stream);
+ /* Pad */
+ fputc('=',ctx->stream);
+ /* Pad */
+ fputc('=',ctx->stream);
+ }
+
+ fprintf(ctx->stream,"\n"END);
+ ctx->flags.done=1;
+ }
+}
+
+
+int
+ks_hextobyte (const char *s)
+{
+ int c;
+
+ if ( *s >= '0' && *s <= '9' )
+ c = 16 * (*s - '0');
+ else if ( *s >= 'A' && *s <= 'F' )
+ c = 16 * (10 + *s - 'A');
+ else if ( *s >= 'a' && *s <= 'f' )
+ c = 16 * (10 + *s - 'a');
+ else
+ return -1;
+ s++;
+ if ( *s >= '0' && *s <= '9' )
+ c += *s - '0';
+ else if ( *s >= 'A' && *s <= 'F' )
+ c += 10 + *s - 'A';
+ else if ( *s >= 'a' && *s <= 'f' )
+ c += 10 + *s - 'a';
+ else
+ return -1;
+ return c;
+}
+
+
+/* Non localized version of toupper. */
+int
+ks_toupper (int c)
+{
+ if (c >= 'a' && c <= 'z')
+ c &= ~0x20;
+ return c;
+}
+
+
+/* Non localized version of strcasecmp. */
+int
+ks_strcasecmp (const char *a, const char *b)
+{
+ if (a == b)
+ return 0;
+
+ for (; *a && *b; a++, b++)
+ {
+ if (*a != *b && ks_toupper (*a) != ks_toupper (*b))
+ break;
+ }
+ return *a == *b? 0 : (ks_toupper (*a) - ks_toupper (*b));
+}
diff --git a/keyserver/ksutil.h b/keyserver/ksutil.h
new file mode 100644
index 0000000..9f51359
--- /dev/null
+++ b/keyserver/ksutil.h
@@ -0,0 +1,149 @@
+/* ksutil.h
+ * Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, as a special exception, the Free Software Foundation
+ * gives permission to link the code of the keyserver helper tools:
+ * gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL
+ * project's "OpenSSL" library (or with modified versions of it that
+ * use the same license as the "OpenSSL" library), and distribute the
+ * linked executables. You must obey the GNU General Public License
+ * in all respects for all of the code used other than "OpenSSL". If
+ * you modify this file, you may extend this exception to your version
+ * of the file, but you are not obligated to do so. If you do not
+ * wish to do so, delete this exception statement from your version.
+ */
+
+#ifndef _KSUTIL_H_
+#define _KSUTIL_H_
+
+#ifdef HAVE_LIBCURL
+#include <curl/curl.h>
+#else
+#include "curl-shim.h"
+#endif
+
+/* MAX_LINE must be at least 1 larger than the largest item we expect
+ to receive, including the name tag ("COMMAND", "PORT", etc) and
+ space between. In practice, that means it should be
+ strlen("OPAQUE")+1+sizeof_opaque+1 */
+#define MAX_LINE (6+1+1024+1)
+
+#define MAX_COMMAND 7
+#define MAX_OPTION 256
+#define MAX_SCHEME 20
+#define MAX_OPAQUE 1024
+#define MAX_AUTH 128
+#define MAX_HOST 80
+#define MAX_PORT 10
+#define URLMAX_PATH 1024
+#define MAX_PROXY 128
+#define MAX_URL (MAX_SCHEME+1+3+MAX_AUTH+1+1+MAX_HOST+1+1 \
+ +MAX_PORT+1+1+URLMAX_PATH+1+50)
+
+#define STRINGIFY(x) #x
+#define MKSTRING(x) STRINGIFY(x)
+
+#define BEGIN "-----BEGIN PGP PUBLIC KEY BLOCK-----"
+#define END "-----END PGP PUBLIC KEY BLOCK-----"
+
+#ifdef __riscos__
+#define HTTP_PROXY_ENV "GnuPG$HttpProxy"
+#else
+#define HTTP_PROXY_ENV "http_proxy"
+#endif
+
+struct keylist
+{
+ char str[MAX_LINE];
+ struct keylist *next;
+};
+
+/* 2 minutes seems reasonable */
+#define DEFAULT_KEYSERVER_TIMEOUT 120
+
+unsigned int set_timeout(unsigned int seconds);
+int register_timeout(void);
+
+#ifdef HAVE_W32_SYSTEM
+void w32_init_sockets (void);
+#endif
+
+
+enum ks_action {KS_UNKNOWN=0,KS_GET,KS_GETNAME,KS_SEND,KS_SEARCH};
+
+enum ks_search_type {KS_SEARCH_SUBSTR,KS_SEARCH_EXACT,
+ KS_SEARCH_MAIL,KS_SEARCH_MAILSUB,
+ KS_SEARCH_KEYID_LONG,KS_SEARCH_KEYID_SHORT};
+
+struct ks_options
+{
+ enum ks_action action;
+ char *host;
+ char *port;
+ char *scheme;
+ char *auth;
+ char *path;
+ char *opaque;
+ struct
+ {
+ unsigned int include_disabled:1;
+ unsigned int include_revoked:1;
+ unsigned int include_subkeys:1;
+ unsigned int check_cert:1;
+ } flags;
+ unsigned int verbose;
+ unsigned int debug;
+ unsigned int timeout;
+ char *ca_cert_file;
+};
+
+struct ks_options *init_ks_options(void);
+void free_ks_options(struct ks_options *opt);
+int parse_ks_options(char *line,struct ks_options *opt);
+const char *ks_action_to_string(enum ks_action action);
+void print_nocr(FILE *stream,const char *str);
+enum ks_search_type classify_ks_search(const char **search);
+
+int curl_err_to_gpg_err(CURLcode error);
+
+struct curl_writer_ctx
+{
+ struct
+ {
+ unsigned int initialized:1;
+ unsigned int begun:1;
+ unsigned int done:1;
+ unsigned int armor:1;
+ } flags;
+
+ int armor_remaining;
+ unsigned char armor_ctx[3];
+ int markeridx,linelen;
+ const char *marker;
+ FILE *stream;
+};
+
+size_t curl_writer(const void *ptr,size_t size,size_t nmemb,void *cw_ctx);
+void curl_writer_finalize(struct curl_writer_ctx *ctx);
+
+int ks_hextobyte (const char *s);
+int ks_toupper (int c);
+int ks_strcasecmp (const char *a, const char *b);
+
+
+#endif /* !_KSUTIL_H_ */
diff --git a/keyserver/no-libgcrypt.c b/keyserver/no-libgcrypt.c
new file mode 100644
index 0000000..2cce156
--- /dev/null
+++ b/keyserver/no-libgcrypt.c
@@ -0,0 +1,107 @@
+/* no-libgcrypt.c - Replacement functions for libgcrypt.
+ * Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * This file is free software; as a special exception the author gives
+ * unlimited permission to copy and/or distribute it, with or without
+ * modifications, as long as this notice is preserved.
+ *
+ * This file is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include "../common/util.h"
+#include "i18n.h"
+
+
+/* Replace libgcrypt's malloc functions which are used by
+ ../jnlib/libjnlib.a . ../common/util.h defines macros to map them
+ to xmalloc etc. */
+static void
+out_of_memory (void)
+{
+ fprintf (stderr, "error allocating enough memory: %s\n", strerror (errno));
+ exit (2);
+}
+
+
+void *
+gcry_malloc (size_t n)
+{
+ return malloc (n);
+}
+
+void *
+gcry_xmalloc (size_t n)
+{
+ void *p = malloc (n);
+ if (!p)
+ out_of_memory ();
+ return p;
+}
+
+char *
+gcry_strdup (const char *string)
+{
+ char *p = malloc (strlen (string)+1);
+ if (p)
+ strcpy (p, string);
+ return p;
+}
+
+
+void *
+gcry_realloc (void *a, size_t n)
+{
+ return realloc (a, n);
+}
+
+void *
+gcry_xrealloc (void *a, size_t n)
+{
+ void *p = realloc (a, n);
+ if (!p)
+ out_of_memory ();
+ return p;
+}
+
+
+
+void *
+gcry_calloc (size_t n, size_t m)
+{
+ return calloc (n, m);
+}
+
+void *
+gcry_xcalloc (size_t n, size_t m)
+{
+ void *p = calloc (n, m);
+ if (!p)
+ out_of_memory ();
+ return p;
+}
+
+
+char *
+gcry_xstrdup (const char *string)
+{
+ void *p = malloc (strlen (string)+1);
+ if (!p)
+ out_of_memory ();
+ strcpy( p, string );
+ return p;
+}
+
+void
+gcry_free (void *a)
+{
+ if (a)
+ free (a);
+}
diff --git a/m4/ChangeLog-2011 b/m4/ChangeLog-2011
new file mode 100644
index 0000000..218bc86
--- /dev/null
+++ b/m4/ChangeLog-2011
@@ -0,0 +1,159 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2011-09-12 Werner Koch <wk@g10code.com>
+
+ * libcurl.m4: Fix lost hash sign introduced by previous change.
+ Reported by John Marshall.
+
+2011-08-04 Werner Koch <wk@g10code.com>
+
+ * readline.m4, libcurl.m4: Fix use of AC_LANG_PROGRAM.
+ * libcurl.m4: s/ifelse/m4_if/.
+
+2009-09-03 Werner Koch <wk@g10code.com>
+
+ * estream.m4: Update for libestream.
+
+2008-04-23 Werner Koch <wk@g10code.com>
+
+ * socklen.m4, sys_socket_h.m4: New. Taken from libassuan.
+ * Makefile.am (EXTRA_DIST): Add them.
+
+2008-02-15 gettextize <bug-gnu-gettext@gnu.org>
+
+ * gettext.m4: Upgrade to gettext-0.17.
+ * iconv.m4: Upgrade to gettext-0.17.
+ * lib-link.m4: Upgrade to gettext-0.17.
+ * po.m4: Upgrade to gettext-0.17.
+
+2007-12-17 Werner Koch <wk@g10code.com>
+
+ * ldap.m4: Test for ldap_start_tls_sA.
+
+2007-06-15 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (EXTRA_DIST): Remove inttypes-h.m4, longlong.m4 and
+ ulonglong.m4.
+
+2007-05-30 Werner Koch <wk@g10code.com>
+
+ * gnupg-pth.m4: Remove W32 kludge.
+
+2007-05-29 Werner Koch <wk@g10code.com>
+
+ * longlong.m4, ulonglong.m4: Remove. We now require autoconf
+ 2.61.
+
+2007-05-15 Werner Koch <wk@g10code.com>
+
+ * estream.m4: New.
+
+2007-05-09 Werner Koch <wk@g10code.com>
+
+ * gpg-error.m4, ksba.m4, libassuan.m4, libgcrypt.m4: Updated.
+
+2007-05-07 gettextize <bug-gnu-gettext@gnu.org>
+
+ * gettext.m4: Upgrade to gettext-0.16.1.
+ * lib-link.m4: Upgrade to gettext-0.16.1.
+ * codeset.m4: Upgrade to gettext-0.16.1.
+ * intl.m4: New file, from gettext-0.16.1.
+ * intldir.m4: New file, from gettext-0.16.1.
+ * intmax.m4: Upgrade to gettext-0.16.1.
+ * inttypes_h.m4: Upgrade to gettext-0.16.1.
+ * inttypes-pri.m4: Upgrade to gettext-0.16.1.
+ * lock.m4: Upgrade to gettext-0.16.1.
+ * longlong.m4: Upgrade to gettext-0.16.1.
+ * size_max.m4: Upgrade to gettext-0.16.1.
+ * stdint_h.m4: Upgrade to gettext-0.16.1.
+ * ulonglong.m4: Upgrade to gettext-0.16.1.
+ * Makefile.am (EXTRA_DIST): Add the new files.
+
+2006-11-21 Werner Koch <wk@g10code.com>
+
+ * gnupg-pth.m4 (GNUPG_PTH_VERSION_CHECK): Use --all with
+ pth-config.
+
+2006-11-17 Werner Koch <wk@g10code.com>
+
+ * gnupg-pth.m4: Make sure that have_w32_system is set to no by
+ default.
+
+2006-11-14 Werner Koch <wk@g10code.com>
+
+ * libassuan.m4: Updated from libassuan SVN.
+
+2006-10-09 Werner Koch <wk@g10code.com>
+
+ * gnupg-pth.m4: New. Taken from ../acinclude.m4.
+ (GNUPG_PATH_PTH): New.
+
+2006-10-06 Werner Koch <wk@g10code.com>
+
+ * libassuan.m4: Updated.
+
+2006-07-27 Werner Koch <wk@g10code.com>
+
+ * autobuild.m4: New.
+
+2006-06-30 Werner Koch <wk@g10code.com>
+
+ * ldap.m4: New. Taken from gnupg 1.4.4
+ * Makefile.am (EXTRA_DIST): Add ldap.me
+
+2004-09-30 Werner Koch <wk@g10code.com>
+
+ * gpg-error.m4, libassuan.m4, libgcrypt.m4: Updated.
+
+2004-09-30 gettextize <bug-gnu-gettext@gnu.org>
+
+ * gettext.m4: Upgrade to gettext-0.14.1.
+ * intmax.m4: New file, from gettext-0.14.1.
+ * lib-ld.m4: Upgrade to gettext-0.14.1.
+ * lib-prefix.m4: Upgrade to gettext-0.14.1.
+ * longdouble.m4: New file, from gettext-0.14.1.
+ * longlong.m4: New file, from gettext-0.14.1.
+ * po.m4: Upgrade to gettext-0.14.1.
+ * printf-posix.m4: New file, from gettext-0.14.1.
+ * signed.m4: New file, from gettext-0.14.1.
+ * size_max.m4: New file, from gettext-0.14.1.
+ * ulonglong.m4: Upgrade to gettext-0.14.1.
+ * wchar_t.m4: New file, from gettext-0.14.1.
+ * wint_t.m4: New file, from gettext-0.14.1.
+ * xsize.m4: New file, from gettext-0.14.1.
+ * Makefile.am (EXTRA_DIST): Add the new files.
+
+2004-03-06 Werner Koch <wk@gnupg.org>
+
+ * libgcrypt.m4: Updated.
+
+2004-02-18 Werner Koch <wk@gnupg.org>
+
+ * gpg-error.m4, libgcrypt.m4, libassuan.m4, ksba.m4: New.
+ * Makefile.am: Distribute them
+
+2003-04-29 gettextize <bug-gnu-gettext@gnu.org>
+
+ * codeset.m4: New file, from gettext-0.11.5.
+ * gettext.m4: New file, from gettext-0.11.5.
+ * glibc21.m4: New file, from gettext-0.11.5.
+ * iconv.m4: New file, from gettext-0.11.5.
+ * intdiv0.m4: New file, from gettext-0.11.5.
+ * inttypes.m4: New file, from gettext-0.11.5.
+ * inttypes_h.m4: New file, from gettext-0.11.5.
+ * inttypes-pri.m4: New file, from gettext-0.11.5.
+ * isc-posix.m4: New file, from gettext-0.11.5.
+ * lcmessage.m4: New file, from gettext-0.11.5.
+ * lib-ld.m4: New file, from gettext-0.11.5.
+ * lib-link.m4: New file, from gettext-0.11.5.
+ * lib-prefix.m4: New file, from gettext-0.11.5.
+ * progtest.m4: New file, from gettext-0.11.5.
+ * stdint_h.m4: New file, from gettext-0.11.5.
+ * uintmax_t.m4: New file, from gettext-0.11.5.
+ * ulonglong.m4: New file, from gettext-0.11.5.
+ * Makefile.am: New file.
diff --git a/m4/Makefile.am b/m4/Makefile.am
new file mode 100644
index 0000000..c5ac24f
--- /dev/null
+++ b/m4/Makefile.am
@@ -0,0 +1,20 @@
+EXTRA_DIST = intl.m4 intldir.m4 glibc2.m4 lock.m4 visibility.m4 intmax.m4 longdouble.m4 printf-posix.m4 signed.m4 size_max.m4 wchar_t.m4 wint_t.m4 xsize.m4 codeset.m4 gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 inttypes.m4 inttypes_h.m4 inttypes-pri.m4 isc-posix.m4 lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 progtest.m4 stdint_h.m4 uintmax_t.m4
+
+EXTRA_DIST += ldap.m4 libcurl.m4 libusb.m4 tar-ustar.m4 readline.m4
+
+EXTRA_DIST += gnupg-pth.m4
+
+EXTRA_DIST += gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4
+
+EXTRA_DIST += autobuild.m4
+
+EXTRA_DIST += estream.m4
+
+EXTRA_DIST += sys_socket_h.m4 socklen.m4
+
+EXTRA_DIST += ChangeLog-2011
+
+
+
+
+
diff --git a/m4/Makefile.in b/m4/Makefile.in
new file mode 100644
index 0000000..199bf8c
--- /dev/null
+++ b/m4/Makefile.in
@@ -0,0 +1,453 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = m4
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+EXTRA_DIST = intl.m4 intldir.m4 glibc2.m4 lock.m4 visibility.m4 \
+ intmax.m4 longdouble.m4 printf-posix.m4 signed.m4 size_max.m4 \
+ wchar_t.m4 wint_t.m4 xsize.m4 codeset.m4 gettext.m4 glibc21.m4 \
+ iconv.m4 intdiv0.m4 inttypes.m4 inttypes_h.m4 inttypes-pri.m4 \
+ isc-posix.m4 lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 \
+ progtest.m4 stdint_h.m4 uintmax_t.m4 ldap.m4 libcurl.m4 \
+ libusb.m4 tar-ustar.m4 readline.m4 gnupg-pth.m4 gpg-error.m4 \
+ libgcrypt.m4 libassuan.m4 ksba.m4 autobuild.m4 estream.m4 \
+ sys_socket_h.m4 socklen.m4 ChangeLog-2011
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu m4/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu m4/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic distclean \
+ distclean-generic distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic pdf pdf-am ps ps-am uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/m4/autobuild.m4 b/m4/autobuild.m4
new file mode 100644
index 0000000..bd1f4dc
--- /dev/null
+++ b/m4/autobuild.m4
@@ -0,0 +1,34 @@
+# autobuild.m4 serial 2 (autobuild-3.3)
+# Copyright (C) 2004 Simon Josefsson
+#
+# This file is free software, distributed under the terms of the GNU
+# General Public License. As a special exception to the GNU General
+# Public License, this file may be distributed as part of a program
+# that contains a configuration script generated by Autoconf, under
+# the same distribution terms as the rest of that program.
+#
+# This file can can be used in projects which are not available under
+# the GNU General Public License or the GNU Library General Public
+# License but which still want to provide support for Autobuild.
+
+# Usage: AB_INIT([MODE]).
+AC_DEFUN([AB_INIT],
+[
+ AC_REQUIRE([AC_CANONICAL_BUILD])
+ AC_REQUIRE([AC_CANONICAL_HOST])
+
+ AC_MSG_NOTICE([autobuild project... ${PACKAGE_NAME:-$PACKAGE}])
+ AC_MSG_NOTICE([autobuild revision... ${PACKAGE_VERSION:-$VERSION}])
+ hostname=`hostname`
+ if test "$hostname"; then
+ AC_MSG_NOTICE([autobuild hostname... $hostname])
+ fi
+ ifelse([$1],[],,[AC_MSG_NOTICE([autobuild mode... $1])])
+ date=`date +%Y%m%d-%H%M%S`
+ if test "$?" != 0; then
+ date=`date`
+ fi
+ if test "$date"; then
+ AC_MSG_NOTICE([autobuild timestamp... $date])
+ fi
+])
diff --git a/m4/codeset.m4 b/m4/codeset.m4
new file mode 100644
index 0000000..223955b
--- /dev/null
+++ b/m4/codeset.m4
@@ -0,0 +1,21 @@
+# codeset.m4 serial 2 (gettext-0.16)
+dnl Copyright (C) 2000-2002, 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+AC_DEFUN([AM_LANGINFO_CODESET],
+[
+ AC_CACHE_CHECK([for nl_langinfo and CODESET], am_cv_langinfo_codeset,
+ [AC_TRY_LINK([#include <langinfo.h>],
+ [char* cs = nl_langinfo(CODESET); return !cs;],
+ am_cv_langinfo_codeset=yes,
+ am_cv_langinfo_codeset=no)
+ ])
+ if test $am_cv_langinfo_codeset = yes; then
+ AC_DEFINE(HAVE_LANGINFO_CODESET, 1,
+ [Define if you have <langinfo.h> and nl_langinfo(CODESET).])
+ fi
+])
diff --git a/m4/estream.m4 b/m4/estream.m4
new file mode 100644
index 0000000..b61059a
--- /dev/null
+++ b/m4/estream.m4
@@ -0,0 +1,49 @@
+dnl Autoconf macros for libestream
+dnl Copyright (C) 2007 g10 Code GmbH
+dnl
+dnl This file is free software; as a special exception the author gives
+dnl unlimited permission to copy and/or distribute it, with or without
+dnl modifications, as long as this notice is preserved.
+dnl
+dnl This file is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+
+dnl estream_PRINTF_INIT
+dnl Prepare build of source included estream-printf.c
+dnl
+AC_DEFUN([estream_PRINTF_INIT],
+[
+ AC_MSG_NOTICE([checking system features for estream-printf])
+ AC_CHECK_HEADERS(stdint.h)
+ AC_TYPE_LONG_LONG_INT
+ AC_TYPE_LONG_DOUBLE
+ AC_TYPE_INTMAX_T
+ AC_TYPE_UINTMAX_T
+ AC_CHECK_TYPES([ptrdiff_t])
+ AC_CHECK_SIZEOF([unsigned long])
+ AC_CHECK_SIZEOF([void *])
+ AC_CACHE_CHECK([for nl_langinfo and THOUSANDS_SEP],
+ estream_cv_langinfo_thousands_sep,
+ [AC_TRY_LINK([#include <langinfo.h>],
+ [char* cs = nl_langinfo(THOUSANDS_SEP); return !cs;],
+ estream_cv_langinfo_thousands_sep=yes,
+ estream_cv_langinfo_thousands_sep=no)
+ ])
+ if test $estream_cv_langinfo_thousands_sep = yes; then
+ AC_DEFINE(HAVE_LANGINFO_THOUSANDS_SEP, 1,
+ [Define if you have <langinfo.h> and nl_langinfo(THOUSANDS_SEP).])
+ fi
+])
+
+
+dnl estream_INIT
+dnl Prepare build of source included estream.c
+dnl
+AC_DEFUN([estream_INIT],
+[
+ AC_REQUIRE([estream_PRINTF_INIT])
+ AC_MSG_NOTICE([checking system features for estream])
+
+])
diff --git a/m4/gettext.m4 b/m4/gettext.m4
new file mode 100644
index 0000000..c9ae1f7
--- /dev/null
+++ b/m4/gettext.m4
@@ -0,0 +1,381 @@
+# gettext.m4 serial 60 (gettext-0.17)
+dnl Copyright (C) 1995-2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+dnl Authors:
+dnl Ulrich Drepper <drepper@cygnus.com>, 1995-2000.
+dnl Bruno Haible <haible@clisp.cons.org>, 2000-2006.
+
+dnl Macro to add for using GNU gettext.
+
+dnl Usage: AM_GNU_GETTEXT([INTLSYMBOL], [NEEDSYMBOL], [INTLDIR]).
+dnl INTLSYMBOL can be one of 'external', 'no-libtool', 'use-libtool'. The
+dnl default (if it is not specified or empty) is 'no-libtool'.
+dnl INTLSYMBOL should be 'external' for packages with no intl directory,
+dnl and 'no-libtool' or 'use-libtool' for packages with an intl directory.
+dnl If INTLSYMBOL is 'use-libtool', then a libtool library
+dnl $(top_builddir)/intl/libintl.la will be created (shared and/or static,
+dnl depending on --{enable,disable}-{shared,static} and on the presence of
+dnl AM-DISABLE-SHARED). If INTLSYMBOL is 'no-libtool', a static library
+dnl $(top_builddir)/intl/libintl.a will be created.
+dnl If NEEDSYMBOL is specified and is 'need-ngettext', then GNU gettext
+dnl implementations (in libc or libintl) without the ngettext() function
+dnl will be ignored. If NEEDSYMBOL is specified and is
+dnl 'need-formatstring-macros', then GNU gettext implementations that don't
+dnl support the ISO C 99 <inttypes.h> formatstring macros will be ignored.
+dnl INTLDIR is used to find the intl libraries. If empty,
+dnl the value `$(top_builddir)/intl/' is used.
+dnl
+dnl The result of the configuration is one of three cases:
+dnl 1) GNU gettext, as included in the intl subdirectory, will be compiled
+dnl and used.
+dnl Catalog format: GNU --> install in $(datadir)
+dnl Catalog extension: .mo after installation, .gmo in source tree
+dnl 2) GNU gettext has been found in the system's C library.
+dnl Catalog format: GNU --> install in $(datadir)
+dnl Catalog extension: .mo after installation, .gmo in source tree
+dnl 3) No internationalization, always use English msgid.
+dnl Catalog format: none
+dnl Catalog extension: none
+dnl If INTLSYMBOL is 'external', only cases 2 and 3 can occur.
+dnl The use of .gmo is historical (it was needed to avoid overwriting the
+dnl GNU format catalogs when building on a platform with an X/Open gettext),
+dnl but we keep it in order not to force irrelevant filename changes on the
+dnl maintainers.
+dnl
+AC_DEFUN([AM_GNU_GETTEXT],
+[
+ dnl Argument checking.
+ ifelse([$1], [], , [ifelse([$1], [external], , [ifelse([$1], [no-libtool], , [ifelse([$1], [use-libtool], ,
+ [errprint([ERROR: invalid first argument to AM_GNU_GETTEXT
+])])])])])
+ ifelse([$2], [], , [ifelse([$2], [need-ngettext], , [ifelse([$2], [need-formatstring-macros], ,
+ [errprint([ERROR: invalid second argument to AM_GNU_GETTEXT
+])])])])
+ define([gt_included_intl],
+ ifelse([$1], [external],
+ ifdef([AM_GNU_GETTEXT_][INTL_SUBDIR], [yes], [no]),
+ [yes]))
+ define([gt_libtool_suffix_prefix], ifelse([$1], [use-libtool], [l], []))
+ gt_NEEDS_INIT
+ AM_GNU_GETTEXT_NEED([$2])
+
+ AC_REQUIRE([AM_PO_SUBDIRS])dnl
+ ifelse(gt_included_intl, yes, [
+ AC_REQUIRE([AM_INTL_SUBDIR])dnl
+ ])
+
+ dnl Prerequisites of AC_LIB_LINKFLAGS_BODY.
+ AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
+ AC_REQUIRE([AC_LIB_RPATH])
+
+ dnl Sometimes libintl requires libiconv, so first search for libiconv.
+ dnl Ideally we would do this search only after the
+ dnl if test "$USE_NLS" = "yes"; then
+ dnl if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then
+ dnl tests. But if configure.in invokes AM_ICONV after AM_GNU_GETTEXT
+ dnl the configure script would need to contain the same shell code
+ dnl again, outside any 'if'. There are two solutions:
+ dnl - Invoke AM_ICONV_LINKFLAGS_BODY here, outside any 'if'.
+ dnl - Control the expansions in more detail using AC_PROVIDE_IFELSE.
+ dnl Since AC_PROVIDE_IFELSE is only in autoconf >= 2.52 and not
+ dnl documented, we avoid it.
+ ifelse(gt_included_intl, yes, , [
+ AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY])
+ ])
+
+ dnl Sometimes, on MacOS X, libintl requires linking with CoreFoundation.
+ gt_INTL_MACOSX
+
+ dnl Set USE_NLS.
+ AC_REQUIRE([AM_NLS])
+
+ ifelse(gt_included_intl, yes, [
+ BUILD_INCLUDED_LIBINTL=no
+ USE_INCLUDED_LIBINTL=no
+ ])
+ LIBINTL=
+ LTLIBINTL=
+ POSUB=
+
+ dnl Add a version number to the cache macros.
+ case " $gt_needs " in
+ *" need-formatstring-macros "*) gt_api_version=3 ;;
+ *" need-ngettext "*) gt_api_version=2 ;;
+ *) gt_api_version=1 ;;
+ esac
+ gt_func_gnugettext_libc="gt_cv_func_gnugettext${gt_api_version}_libc"
+ gt_func_gnugettext_libintl="gt_cv_func_gnugettext${gt_api_version}_libintl"
+
+ dnl If we use NLS figure out what method
+ if test "$USE_NLS" = "yes"; then
+ gt_use_preinstalled_gnugettext=no
+ ifelse(gt_included_intl, yes, [
+ AC_MSG_CHECKING([whether included gettext is requested])
+ AC_ARG_WITH(included-gettext,
+ [ --with-included-gettext use the GNU gettext library included here],
+ nls_cv_force_use_gnu_gettext=$withval,
+ nls_cv_force_use_gnu_gettext=no)
+ AC_MSG_RESULT($nls_cv_force_use_gnu_gettext)
+
+ nls_cv_use_gnu_gettext="$nls_cv_force_use_gnu_gettext"
+ if test "$nls_cv_force_use_gnu_gettext" != "yes"; then
+ ])
+ dnl User does not insist on using GNU NLS library. Figure out what
+ dnl to use. If GNU gettext is available we use this. Else we have
+ dnl to fall back to GNU NLS library.
+
+ if test $gt_api_version -ge 3; then
+ gt_revision_test_code='
+#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
+#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1)
+#endif
+changequote(,)dnl
+typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1];
+changequote([,])dnl
+'
+ else
+ gt_revision_test_code=
+ fi
+ if test $gt_api_version -ge 2; then
+ gt_expression_test_code=' + * ngettext ("", "", 0)'
+ else
+ gt_expression_test_code=
+ fi
+
+ AC_CACHE_CHECK([for GNU gettext in libc], [$gt_func_gnugettext_libc],
+ [AC_TRY_LINK([#include <libintl.h>
+$gt_revision_test_code
+extern int _nl_msg_cat_cntr;
+extern int *_nl_domain_bindings;],
+ [bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_domain_bindings],
+ [eval "$gt_func_gnugettext_libc=yes"],
+ [eval "$gt_func_gnugettext_libc=no"])])
+
+ if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then
+ dnl Sometimes libintl requires libiconv, so first search for libiconv.
+ ifelse(gt_included_intl, yes, , [
+ AM_ICONV_LINK
+ ])
+ dnl Search for libintl and define LIBINTL, LTLIBINTL and INCINTL
+ dnl accordingly. Don't use AC_LIB_LINKFLAGS_BODY([intl],[iconv])
+ dnl because that would add "-liconv" to LIBINTL and LTLIBINTL
+ dnl even if libiconv doesn't exist.
+ AC_LIB_LINKFLAGS_BODY([intl])
+ AC_CACHE_CHECK([for GNU gettext in libintl],
+ [$gt_func_gnugettext_libintl],
+ [gt_save_CPPFLAGS="$CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS $INCINTL"
+ gt_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBINTL"
+ dnl Now see whether libintl exists and does not depend on libiconv.
+ AC_TRY_LINK([#include <libintl.h>
+$gt_revision_test_code
+extern int _nl_msg_cat_cntr;
+extern
+#ifdef __cplusplus
+"C"
+#endif
+const char *_nl_expand_alias (const char *);],
+ [bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")],
+ [eval "$gt_func_gnugettext_libintl=yes"],
+ [eval "$gt_func_gnugettext_libintl=no"])
+ dnl Now see whether libintl exists and depends on libiconv.
+ if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" != yes; } && test -n "$LIBICONV"; then
+ LIBS="$LIBS $LIBICONV"
+ AC_TRY_LINK([#include <libintl.h>
+$gt_revision_test_code
+extern int _nl_msg_cat_cntr;
+extern
+#ifdef __cplusplus
+"C"
+#endif
+const char *_nl_expand_alias (const char *);],
+ [bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")],
+ [LIBINTL="$LIBINTL $LIBICONV"
+ LTLIBINTL="$LTLIBINTL $LTLIBICONV"
+ eval "$gt_func_gnugettext_libintl=yes"
+ ])
+ fi
+ CPPFLAGS="$gt_save_CPPFLAGS"
+ LIBS="$gt_save_LIBS"])
+ fi
+
+ dnl If an already present or preinstalled GNU gettext() is found,
+ dnl use it. But if this macro is used in GNU gettext, and GNU
+ dnl gettext is already preinstalled in libintl, we update this
+ dnl libintl. (Cf. the install rule in intl/Makefile.in.)
+ if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" = "yes"; } \
+ || { { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; } \
+ && test "$PACKAGE" != gettext-runtime \
+ && test "$PACKAGE" != gettext-tools; }; then
+ gt_use_preinstalled_gnugettext=yes
+ else
+ dnl Reset the values set by searching for libintl.
+ LIBINTL=
+ LTLIBINTL=
+ INCINTL=
+ fi
+
+ ifelse(gt_included_intl, yes, [
+ if test "$gt_use_preinstalled_gnugettext" != "yes"; then
+ dnl GNU gettext is not found in the C library.
+ dnl Fall back on included GNU gettext library.
+ nls_cv_use_gnu_gettext=yes
+ fi
+ fi
+
+ if test "$nls_cv_use_gnu_gettext" = "yes"; then
+ dnl Mark actions used to generate GNU NLS library.
+ BUILD_INCLUDED_LIBINTL=yes
+ USE_INCLUDED_LIBINTL=yes
+ LIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.[]gt_libtool_suffix_prefix[]a $LIBICONV $LIBTHREAD"
+ LTLIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.[]gt_libtool_suffix_prefix[]a $LTLIBICONV $LTLIBTHREAD"
+ LIBS=`echo " $LIBS " | sed -e 's/ -lintl / /' -e 's/^ //' -e 's/ $//'`
+ fi
+
+ CATOBJEXT=
+ if test "$gt_use_preinstalled_gnugettext" = "yes" \
+ || test "$nls_cv_use_gnu_gettext" = "yes"; then
+ dnl Mark actions to use GNU gettext tools.
+ CATOBJEXT=.gmo
+ fi
+ ])
+
+ if test -n "$INTL_MACOSX_LIBS"; then
+ if test "$gt_use_preinstalled_gnugettext" = "yes" \
+ || test "$nls_cv_use_gnu_gettext" = "yes"; then
+ dnl Some extra flags are needed during linking.
+ LIBINTL="$LIBINTL $INTL_MACOSX_LIBS"
+ LTLIBINTL="$LTLIBINTL $INTL_MACOSX_LIBS"
+ fi
+ fi
+
+ if test "$gt_use_preinstalled_gnugettext" = "yes" \
+ || test "$nls_cv_use_gnu_gettext" = "yes"; then
+ AC_DEFINE(ENABLE_NLS, 1,
+ [Define to 1 if translation of program messages to the user's native language
+ is requested.])
+ else
+ USE_NLS=no
+ fi
+ fi
+
+ AC_MSG_CHECKING([whether to use NLS])
+ AC_MSG_RESULT([$USE_NLS])
+ if test "$USE_NLS" = "yes"; then
+ AC_MSG_CHECKING([where the gettext function comes from])
+ if test "$gt_use_preinstalled_gnugettext" = "yes"; then
+ if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
+ gt_source="external libintl"
+ else
+ gt_source="libc"
+ fi
+ else
+ gt_source="included intl directory"
+ fi
+ AC_MSG_RESULT([$gt_source])
+ fi
+
+ if test "$USE_NLS" = "yes"; then
+
+ if test "$gt_use_preinstalled_gnugettext" = "yes"; then
+ if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
+ AC_MSG_CHECKING([how to link with libintl])
+ AC_MSG_RESULT([$LIBINTL])
+ AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCINTL])
+ fi
+
+ dnl For backward compatibility. Some packages may be using this.
+ AC_DEFINE(HAVE_GETTEXT, 1,
+ [Define if the GNU gettext() function is already present or preinstalled.])
+ AC_DEFINE(HAVE_DCGETTEXT, 1,
+ [Define if the GNU dcgettext() function is already present or preinstalled.])
+ fi
+
+ dnl We need to process the po/ directory.
+ POSUB=po
+ fi
+
+ ifelse(gt_included_intl, yes, [
+ dnl If this is used in GNU gettext we have to set BUILD_INCLUDED_LIBINTL
+ dnl to 'yes' because some of the testsuite requires it.
+ if test "$PACKAGE" = gettext-runtime || test "$PACKAGE" = gettext-tools; then
+ BUILD_INCLUDED_LIBINTL=yes
+ fi
+
+ dnl Make all variables we use known to autoconf.
+ AC_SUBST(BUILD_INCLUDED_LIBINTL)
+ AC_SUBST(USE_INCLUDED_LIBINTL)
+ AC_SUBST(CATOBJEXT)
+
+ dnl For backward compatibility. Some configure.ins may be using this.
+ nls_cv_header_intl=
+ nls_cv_header_libgt=
+
+ dnl For backward compatibility. Some Makefiles may be using this.
+ DATADIRNAME=share
+ AC_SUBST(DATADIRNAME)
+
+ dnl For backward compatibility. Some Makefiles may be using this.
+ INSTOBJEXT=.mo
+ AC_SUBST(INSTOBJEXT)
+
+ dnl For backward compatibility. Some Makefiles may be using this.
+ GENCAT=gencat
+ AC_SUBST(GENCAT)
+
+ dnl For backward compatibility. Some Makefiles may be using this.
+ INTLOBJS=
+ if test "$USE_INCLUDED_LIBINTL" = yes; then
+ INTLOBJS="\$(GETTOBJS)"
+ fi
+ AC_SUBST(INTLOBJS)
+
+ dnl Enable libtool support if the surrounding package wishes it.
+ INTL_LIBTOOL_SUFFIX_PREFIX=gt_libtool_suffix_prefix
+ AC_SUBST(INTL_LIBTOOL_SUFFIX_PREFIX)
+ ])
+
+ dnl For backward compatibility. Some Makefiles may be using this.
+ INTLLIBS="$LIBINTL"
+ AC_SUBST(INTLLIBS)
+
+ dnl Make all documented variables known to autoconf.
+ AC_SUBST(LIBINTL)
+ AC_SUBST(LTLIBINTL)
+ AC_SUBST(POSUB)
+])
+
+
+dnl gt_NEEDS_INIT ensures that the gt_needs variable is initialized.
+m4_define([gt_NEEDS_INIT],
+[
+ m4_divert_text([DEFAULTS], [gt_needs=])
+ m4_define([gt_NEEDS_INIT], [])
+])
+
+
+dnl Usage: AM_GNU_GETTEXT_NEED([NEEDSYMBOL])
+AC_DEFUN([AM_GNU_GETTEXT_NEED],
+[
+ m4_divert_text([INIT_PREPARE], [gt_needs="$gt_needs $1"])
+])
+
+
+dnl Usage: AM_GNU_GETTEXT_VERSION([gettext-version])
+AC_DEFUN([AM_GNU_GETTEXT_VERSION], [])
diff --git a/m4/glibc2.m4 b/m4/glibc2.m4
new file mode 100644
index 0000000..e8f5bfe
--- /dev/null
+++ b/m4/glibc2.m4
@@ -0,0 +1,30 @@
+# glibc2.m4 serial 1
+dnl Copyright (C) 2000-2002, 2004 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+# Test for the GNU C Library, version 2.0 or newer.
+# From Bruno Haible.
+
+AC_DEFUN([gt_GLIBC2],
+ [
+ AC_CACHE_CHECK(whether we are using the GNU C Library 2 or newer,
+ ac_cv_gnu_library_2,
+ [AC_EGREP_CPP([Lucky GNU user],
+ [
+#include <features.h>
+#ifdef __GNU_LIBRARY__
+ #if (__GLIBC__ >= 2)
+ Lucky GNU user
+ #endif
+#endif
+ ],
+ ac_cv_gnu_library_2=yes,
+ ac_cv_gnu_library_2=no)
+ ]
+ )
+ AC_SUBST(GLIBC2)
+ GLIBC2="$ac_cv_gnu_library_2"
+ ]
+)
diff --git a/m4/glibc21.m4 b/m4/glibc21.m4
new file mode 100644
index 0000000..d95fd98
--- /dev/null
+++ b/m4/glibc21.m4
@@ -0,0 +1,30 @@
+# glibc21.m4 serial 3
+dnl Copyright (C) 2000-2002, 2004 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+# Test for the GNU C Library, version 2.1 or newer.
+# From Bruno Haible.
+
+AC_DEFUN([gl_GLIBC21],
+ [
+ AC_CACHE_CHECK(whether we are using the GNU C Library 2.1 or newer,
+ ac_cv_gnu_library_2_1,
+ [AC_EGREP_CPP([Lucky GNU user],
+ [
+#include <features.h>
+#ifdef __GNU_LIBRARY__
+ #if (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 1) || (__GLIBC__ > 2)
+ Lucky GNU user
+ #endif
+#endif
+ ],
+ ac_cv_gnu_library_2_1=yes,
+ ac_cv_gnu_library_2_1=no)
+ ]
+ )
+ AC_SUBST(GLIBC21)
+ GLIBC21="$ac_cv_gnu_library_2_1"
+ ]
+)
diff --git a/m4/gnupg-pth.m4 b/m4/gnupg-pth.m4
new file mode 100644
index 0000000..6dc9e0e
--- /dev/null
+++ b/m4/gnupg-pth.m4
@@ -0,0 +1,105 @@
+dnl GnuPG's check for Pth.
+dnl Copyright (C) 2003 Free Software Foundation, Inc.
+dnl
+dnl This file is free software; as a special exception the author gives
+dnl unlimited permission to copy and/or distribute it, with or without
+dnl modifications, as long as this notice is preserved.
+dnl
+dnl This file is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+
+# GNUPG_PTH_VERSION_CHECK(REQUIRED)
+#
+# If the version is sufficient, HAVE_PTH will be set to yes.
+#
+# Taken and modified from the m4 macros which come with Pth.
+AC_DEFUN([GNUPG_PTH_VERSION_CHECK],
+ [
+ _pth_version=`$PTH_CONFIG --version | awk 'NR==1 {print [$]3}'`
+ _req_version="ifelse([$1],,1.2.0,$1)"
+
+ AC_MSG_CHECKING(for PTH - version >= $_req_version)
+ for _var in _pth_version _req_version; do
+ eval "_val=\"\$${_var}\""
+ _major=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\1/'`
+ _minor=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\2/'`
+ _rtype=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\3/'`
+ _micro=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\4/'`
+ case $_rtype in
+ "a" ) _rtype=0 ;;
+ "b" ) _rtype=1 ;;
+ "." ) _rtype=2 ;;
+ esac
+ _hex=`echo dummy | awk '{ printf("%d%02d%1d%02d", major, minor, rtype, micro); }' \
+ "major=$_major" "minor=$_minor" "rtype=$_rtype" "micro=$_micro"`
+ eval "${_var}_hex=\"\$_hex\""
+ done
+ have_pth=no
+ if test ".$_pth_version_hex" != .; then
+ if test ".$_req_version_hex" != .; then
+ if test $_pth_version_hex -ge $_req_version_hex; then
+ have_pth=yes
+ fi
+ fi
+ fi
+ if test $have_pth = yes; then
+ AC_MSG_RESULT(yes)
+ AC_MSG_CHECKING([whether PTH installation is sane])
+ AC_CACHE_VAL(gnupg_cv_pth_is_sane,[
+ _gnupg_pth_save_cflags=$CFLAGS
+ _gnupg_pth_save_ldflags=$LDFLAGS
+ _gnupg_pth_save_libs=$LIBS
+ CFLAGS="$CFLAGS `$PTH_CONFIG --cflags`"
+ LDFLAGS="$LDFLAGS `$PTH_CONFIG --ldflags`"
+ LIBS="$LIBS `$PTH_CONFIG --libs --all`"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pth.h>
+ ],
+ [[ pth_init ();]])],
+ gnupg_cv_pth_is_sane=yes,
+ gnupg_cv_pth_is_sane=no)
+ CFLAGS=$_gnupg_pth_save_cflags
+ LDFLAGS=$_gnupg_pth_save_ldflags
+ LIBS=$_gnupg_pth_save_libs
+ ])
+ if test $gnupg_cv_pth_is_sane != yes; then
+ have_pth=no
+ fi
+ AC_MSG_RESULT($gnupg_cv_pth_is_sane)
+ else
+ AC_MSG_RESULT(no)
+ fi
+ ])
+
+
+
+# GNUPG_PATH_PTH([MINIMUM_VERSION])
+#
+# On return $have_pth is set as well as HAVE_PTH is defined and
+# PTH_CLFAGS and PTH_LIBS are AS_SUBST.
+#
+AC_DEFUN([GNUPG_PATH_PTH],
+[ AC_ARG_WITH(pth-prefix,
+ AC_HELP_STRING([--with-pth-prefix=PFX],
+ [prefix where GNU Pth is installed (optional)]),
+ pth_config_prefix="$withval", pth_config_prefix="")
+ if test x$pth_config_prefix != x ; then
+ PTH_CONFIG="$pth_config_prefix/bin/pth-config"
+ fi
+ AC_PATH_PROG(PTH_CONFIG, pth-config, no)
+ tmp=ifelse([$1], ,1.3.7,$1)
+ if test "$PTH_CONFIG" != "no"; then
+ GNUPG_PTH_VERSION_CHECK($tmp)
+ if test $have_pth = yes; then
+ PTH_CFLAGS=`$PTH_CONFIG --cflags`
+ PTH_LIBS=`$PTH_CONFIG --ldflags`
+ PTH_LIBS="$PTH_LIBS `$PTH_CONFIG --libs --all`"
+ AC_DEFINE(HAVE_PTH, 1,
+ [Defined if the GNU Pth is available])
+ fi
+ fi
+ AC_SUBST(PTH_CFLAGS)
+ AC_SUBST(PTH_LIBS)
+])
+
diff --git a/m4/gpg-error.m4 b/m4/gpg-error.m4
new file mode 100644
index 0000000..9d96d16
--- /dev/null
+++ b/m4/gpg-error.m4
@@ -0,0 +1,65 @@
+# gpg-error.m4 - autoconf macro to detect libgpg-error.
+# Copyright (C) 2002, 2003, 2004 g10 Code GmbH
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+dnl AM_PATH_GPG_ERROR([MINIMUM-VERSION,
+dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
+dnl Test for libgpg-error and define GPG_ERROR_CFLAGS and GPG_ERROR_LIBS
+dnl
+AC_DEFUN([AM_PATH_GPG_ERROR],
+[ AC_ARG_WITH(gpg-error-prefix,
+ AC_HELP_STRING([--with-gpg-error-prefix=PFX],
+ [prefix where GPG Error is installed (optional)]),
+ gpg_error_config_prefix="$withval", gpg_error_config_prefix="")
+ if test x$gpg_error_config_prefix != x ; then
+ if test x${GPG_ERROR_CONFIG+set} != xset ; then
+ GPG_ERROR_CONFIG=$gpg_error_config_prefix/bin/gpg-error-config
+ fi
+ fi
+
+ AC_PATH_PROG(GPG_ERROR_CONFIG, gpg-error-config, no)
+ min_gpg_error_version=ifelse([$1], ,0.0,$1)
+ AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version)
+ ok=no
+ if test "$GPG_ERROR_CONFIG" != "no" ; then
+ req_major=`echo $min_gpg_error_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
+ req_minor=`echo $min_gpg_error_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
+ gpg_error_config_version=`$GPG_ERROR_CONFIG $gpg_error_config_args --version`
+ major=`echo $gpg_error_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
+ minor=`echo $gpg_error_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
+ if test "$major" -gt "$req_major"; then
+ ok=yes
+ else
+ if test "$major" -eq "$req_major"; then
+ if test "$minor" -ge "$req_minor"; then
+ ok=yes
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags`
+ GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs`
+ AC_MSG_RESULT([yes ($gpg_error_config_version)])
+ ifelse([$2], , :, [$2])
+ else
+ GPG_ERROR_CFLAGS=""
+ GPG_ERROR_LIBS=""
+ AC_MSG_RESULT(no)
+ ifelse([$3], , :, [$3])
+ fi
+ AC_SUBST(GPG_ERROR_CFLAGS)
+ AC_SUBST(GPG_ERROR_LIBS)
+])
+
diff --git a/m4/iconv.m4 b/m4/iconv.m4
new file mode 100644
index 0000000..66bc76f
--- /dev/null
+++ b/m4/iconv.m4
@@ -0,0 +1,180 @@
+# iconv.m4 serial AM6 (gettext-0.17)
+dnl Copyright (C) 2000-2002, 2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+AC_DEFUN([AM_ICONV_LINKFLAGS_BODY],
+[
+ dnl Prerequisites of AC_LIB_LINKFLAGS_BODY.
+ AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
+ AC_REQUIRE([AC_LIB_RPATH])
+
+ dnl Search for libiconv and define LIBICONV, LTLIBICONV and INCICONV
+ dnl accordingly.
+ AC_LIB_LINKFLAGS_BODY([iconv])
+])
+
+AC_DEFUN([AM_ICONV_LINK],
+[
+ dnl Some systems have iconv in libc, some have it in libiconv (OSF/1 and
+ dnl those with the standalone portable GNU libiconv installed).
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+
+ dnl Search for libiconv and define LIBICONV, LTLIBICONV and INCICONV
+ dnl accordingly.
+ AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY])
+
+ dnl Add $INCICONV to CPPFLAGS before performing the following checks,
+ dnl because if the user has installed libiconv and not disabled its use
+ dnl via --without-libiconv-prefix, he wants to use it. The first
+ dnl AC_TRY_LINK will then fail, the second AC_TRY_LINK will succeed.
+ am_save_CPPFLAGS="$CPPFLAGS"
+ AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCICONV])
+
+ AC_CACHE_CHECK([for iconv], am_cv_func_iconv, [
+ am_cv_func_iconv="no, consider installing GNU libiconv"
+ am_cv_lib_iconv=no
+ AC_TRY_LINK([#include <stdlib.h>
+#include <iconv.h>],
+ [iconv_t cd = iconv_open("","");
+ iconv(cd,NULL,NULL,NULL,NULL);
+ iconv_close(cd);],
+ am_cv_func_iconv=yes)
+ if test "$am_cv_func_iconv" != yes; then
+ am_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBICONV"
+ AC_TRY_LINK([#include <stdlib.h>
+#include <iconv.h>],
+ [iconv_t cd = iconv_open("","");
+ iconv(cd,NULL,NULL,NULL,NULL);
+ iconv_close(cd);],
+ am_cv_lib_iconv=yes
+ am_cv_func_iconv=yes)
+ LIBS="$am_save_LIBS"
+ fi
+ ])
+ if test "$am_cv_func_iconv" = yes; then
+ AC_CACHE_CHECK([for working iconv], am_cv_func_iconv_works, [
+ dnl This tests against bugs in AIX 5.1 and HP-UX 11.11.
+ am_save_LIBS="$LIBS"
+ if test $am_cv_lib_iconv = yes; then
+ LIBS="$LIBS $LIBICONV"
+ fi
+ AC_TRY_RUN([
+#include <iconv.h>
+#include <string.h>
+int main ()
+{
+ /* Test against AIX 5.1 bug: Failures are not distinguishable from successful
+ returns. */
+ {
+ iconv_t cd_utf8_to_88591 = iconv_open ("ISO8859-1", "UTF-8");
+ if (cd_utf8_to_88591 != (iconv_t)(-1))
+ {
+ static const char input[] = "\342\202\254"; /* EURO SIGN */
+ char buf[10];
+ const char *inptr = input;
+ size_t inbytesleft = strlen (input);
+ char *outptr = buf;
+ size_t outbytesleft = sizeof (buf);
+ size_t res = iconv (cd_utf8_to_88591,
+ (char **) &inptr, &inbytesleft,
+ &outptr, &outbytesleft);
+ if (res == 0)
+ return 1;
+ }
+ }
+#if 0 /* This bug could be worked around by the caller. */
+ /* Test against HP-UX 11.11 bug: Positive return value instead of 0. */
+ {
+ iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591");
+ if (cd_88591_to_utf8 != (iconv_t)(-1))
+ {
+ static const char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337";
+ char buf[50];
+ const char *inptr = input;
+ size_t inbytesleft = strlen (input);
+ char *outptr = buf;
+ size_t outbytesleft = sizeof (buf);
+ size_t res = iconv (cd_88591_to_utf8,
+ (char **) &inptr, &inbytesleft,
+ &outptr, &outbytesleft);
+ if ((int)res > 0)
+ return 1;
+ }
+ }
+#endif
+ /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is
+ provided. */
+ if (/* Try standardized names. */
+ iconv_open ("UTF-8", "EUC-JP") == (iconv_t)(-1)
+ /* Try IRIX, OSF/1 names. */
+ && iconv_open ("UTF-8", "eucJP") == (iconv_t)(-1)
+ /* Try AIX names. */
+ && iconv_open ("UTF-8", "IBM-eucJP") == (iconv_t)(-1)
+ /* Try HP-UX names. */
+ && iconv_open ("utf8", "eucJP") == (iconv_t)(-1))
+ return 1;
+ return 0;
+}], [am_cv_func_iconv_works=yes], [am_cv_func_iconv_works=no],
+ [case "$host_os" in
+ aix* | hpux*) am_cv_func_iconv_works="guessing no" ;;
+ *) am_cv_func_iconv_works="guessing yes" ;;
+ esac])
+ LIBS="$am_save_LIBS"
+ ])
+ case "$am_cv_func_iconv_works" in
+ *no) am_func_iconv=no am_cv_lib_iconv=no ;;
+ *) am_func_iconv=yes ;;
+ esac
+ else
+ am_func_iconv=no am_cv_lib_iconv=no
+ fi
+ if test "$am_func_iconv" = yes; then
+ AC_DEFINE(HAVE_ICONV, 1,
+ [Define if you have the iconv() function and it works.])
+ fi
+ if test "$am_cv_lib_iconv" = yes; then
+ AC_MSG_CHECKING([how to link with libiconv])
+ AC_MSG_RESULT([$LIBICONV])
+ else
+ dnl If $LIBICONV didn't lead to a usable library, we don't need $INCICONV
+ dnl either.
+ CPPFLAGS="$am_save_CPPFLAGS"
+ LIBICONV=
+ LTLIBICONV=
+ fi
+ AC_SUBST(LIBICONV)
+ AC_SUBST(LTLIBICONV)
+])
+
+AC_DEFUN([AM_ICONV],
+[
+ AM_ICONV_LINK
+ if test "$am_cv_func_iconv" = yes; then
+ AC_MSG_CHECKING([for iconv declaration])
+ AC_CACHE_VAL(am_cv_proto_iconv, [
+ AC_TRY_COMPILE([
+#include <stdlib.h>
+#include <iconv.h>
+extern
+#ifdef __cplusplus
+"C"
+#endif
+#if defined(__STDC__) || defined(__cplusplus)
+size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);
+#else
+size_t iconv();
+#endif
+], [], am_cv_proto_iconv_arg1="", am_cv_proto_iconv_arg1="const")
+ am_cv_proto_iconv="extern size_t iconv (iconv_t cd, $am_cv_proto_iconv_arg1 char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);"])
+ am_cv_proto_iconv=`echo "[$]am_cv_proto_iconv" | tr -s ' ' | sed -e 's/( /(/'`
+ AC_MSG_RESULT([$]{ac_t:-
+ }[$]am_cv_proto_iconv)
+ AC_DEFINE_UNQUOTED(ICONV_CONST, $am_cv_proto_iconv_arg1,
+ [Define as const if the declaration of iconv() needs const.])
+ fi
+])
diff --git a/m4/intdiv0.m4 b/m4/intdiv0.m4
new file mode 100644
index 0000000..b8d7817
--- /dev/null
+++ b/m4/intdiv0.m4
@@ -0,0 +1,70 @@
+# intdiv0.m4 serial 1 (gettext-0.11.3)
+dnl Copyright (C) 2002 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+AC_DEFUN([gt_INTDIV0],
+[
+ AC_REQUIRE([AC_PROG_CC])dnl
+ AC_REQUIRE([AC_CANONICAL_HOST])dnl
+
+ AC_CACHE_CHECK([whether integer division by zero raises SIGFPE],
+ gt_cv_int_divbyzero_sigfpe,
+ [
+ AC_TRY_RUN([
+#include <stdlib.h>
+#include <signal.h>
+
+static void
+#ifdef __cplusplus
+sigfpe_handler (int sig)
+#else
+sigfpe_handler (sig) int sig;
+#endif
+{
+ /* Exit with code 0 if SIGFPE, with code 1 if any other signal. */
+ exit (sig != SIGFPE);
+}
+
+int x = 1;
+int y = 0;
+int z;
+int nan;
+
+int main ()
+{
+ signal (SIGFPE, sigfpe_handler);
+/* IRIX and AIX (when "xlc -qcheck" is used) yield signal SIGTRAP. */
+#if (defined (__sgi) || defined (_AIX)) && defined (SIGTRAP)
+ signal (SIGTRAP, sigfpe_handler);
+#endif
+/* Linux/SPARC yields signal SIGILL. */
+#if defined (__sparc__) && defined (__linux__)
+ signal (SIGILL, sigfpe_handler);
+#endif
+
+ z = x / y;
+ nan = y / y;
+ exit (1);
+}
+], gt_cv_int_divbyzero_sigfpe=yes, gt_cv_int_divbyzero_sigfpe=no,
+ [
+ # Guess based on the CPU.
+ case "$host_cpu" in
+ alpha* | i[34567]86 | m68k | s390*)
+ gt_cv_int_divbyzero_sigfpe="guessing yes";;
+ *)
+ gt_cv_int_divbyzero_sigfpe="guessing no";;
+ esac
+ ])
+ ])
+ case "$gt_cv_int_divbyzero_sigfpe" in
+ *yes) value=1;;
+ *) value=0;;
+ esac
+ AC_DEFINE_UNQUOTED(INTDIV0_RAISES_SIGFPE, $value,
+ [Define if integer division by zero raises signal SIGFPE.])
+])
diff --git a/m4/intl.m4 b/m4/intl.m4
new file mode 100644
index 0000000..dcefb11
--- /dev/null
+++ b/m4/intl.m4
@@ -0,0 +1,259 @@
+# intl.m4 serial 3 (gettext-0.16)
+dnl Copyright (C) 1995-2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+dnl Authors:
+dnl Ulrich Drepper <drepper@cygnus.com>, 1995-2000.
+dnl Bruno Haible <haible@clisp.cons.org>, 2000-2006.
+
+AC_PREREQ(2.52)
+
+dnl Checks for all prerequisites of the intl subdirectory,
+dnl except for INTL_LIBTOOL_SUFFIX_PREFIX (and possibly LIBTOOL), INTLOBJS,
+dnl USE_INCLUDED_LIBINTL, BUILD_INCLUDED_LIBINTL.
+AC_DEFUN([AM_INTL_SUBDIR],
+[
+ AC_REQUIRE([AC_PROG_INSTALL])dnl
+ AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake
+ AC_REQUIRE([AC_PROG_CC])dnl
+ AC_REQUIRE([AC_CANONICAL_HOST])dnl
+ AC_REQUIRE([gt_GLIBC2])dnl
+ AC_REQUIRE([AC_PROG_RANLIB])dnl
+ AC_REQUIRE([gl_VISIBILITY])dnl
+ AC_REQUIRE([gt_INTL_SUBDIR_CORE])dnl
+ AC_REQUIRE([AC_TYPE_LONG_LONG_INT])dnl
+ AC_REQUIRE([gt_TYPE_LONGDOUBLE])dnl
+ AC_REQUIRE([gt_TYPE_WCHAR_T])dnl
+ AC_REQUIRE([gt_TYPE_WINT_T])dnl
+ AC_REQUIRE([gl_AC_HEADER_INTTYPES_H])
+ AC_REQUIRE([gt_TYPE_INTMAX_T])
+ AC_REQUIRE([gt_PRINTF_POSIX])
+ AC_REQUIRE([gl_GLIBC21])dnl
+ AC_REQUIRE([gl_XSIZE])dnl
+ AC_REQUIRE([gt_INTL_MACOSX])dnl
+
+ AC_CHECK_TYPE([ptrdiff_t], ,
+ [AC_DEFINE([ptrdiff_t], [long],
+ [Define as the type of the result of subtracting two pointers, if the system doesn't define it.])
+ ])
+ AC_CHECK_HEADERS([stddef.h stdlib.h string.h])
+ AC_CHECK_FUNCS([asprintf fwprintf putenv setenv setlocale snprintf wcslen])
+
+ dnl Use the _snprintf function only if it is declared (because on NetBSD it
+ dnl is defined as a weak alias of snprintf; we prefer to use the latter).
+ gt_CHECK_DECL(_snprintf, [#include <stdio.h>])
+ gt_CHECK_DECL(_snwprintf, [#include <stdio.h>])
+
+ dnl Use the *_unlocked functions only if they are declared.
+ dnl (because some of them were defined without being declared in Solaris
+ dnl 2.5.1 but were removed in Solaris 2.6, whereas we want binaries built
+ dnl on Solaris 2.5.1 to run on Solaris 2.6).
+ dnl Don't use AC_CHECK_DECLS because it isn't supported in autoconf-2.13.
+ gt_CHECK_DECL(getc_unlocked, [#include <stdio.h>])
+
+ case $gt_cv_func_printf_posix in
+ *yes) HAVE_POSIX_PRINTF=1 ;;
+ *) HAVE_POSIX_PRINTF=0 ;;
+ esac
+ AC_SUBST([HAVE_POSIX_PRINTF])
+ if test "$ac_cv_func_asprintf" = yes; then
+ HAVE_ASPRINTF=1
+ else
+ HAVE_ASPRINTF=0
+ fi
+ AC_SUBST([HAVE_ASPRINTF])
+ if test "$ac_cv_func_snprintf" = yes; then
+ HAVE_SNPRINTF=1
+ else
+ HAVE_SNPRINTF=0
+ fi
+ AC_SUBST([HAVE_SNPRINTF])
+ if test "$ac_cv_func_wprintf" = yes; then
+ HAVE_WPRINTF=1
+ else
+ HAVE_WPRINTF=0
+ fi
+ AC_SUBST([HAVE_WPRINTF])
+
+ AM_LANGINFO_CODESET
+ gt_LC_MESSAGES
+
+ dnl Compilation on mingw and Cygwin needs special Makefile rules, because
+ dnl 1. when we install a shared library, we must arrange to export
+ dnl auxiliary pointer variables for every exported variable,
+ dnl 2. when we install a shared library and a static library simultaneously,
+ dnl the include file specifies __declspec(dllimport) and therefore we
+ dnl must arrange to define the auxiliary pointer variables for the
+ dnl exported variables _also_ in the static library.
+ if test "$enable_shared" = yes; then
+ case "$host_os" in
+ cygwin*) is_woe32dll=yes ;;
+ *) is_woe32dll=no ;;
+ esac
+ else
+ is_woe32dll=no
+ fi
+ WOE32DLL=$is_woe32dll
+ AC_SUBST([WOE32DLL])
+
+ dnl Rename some macros and functions used for locking.
+ AH_BOTTOM([
+#define __libc_lock_t gl_lock_t
+#define __libc_lock_define gl_lock_define
+#define __libc_lock_define_initialized gl_lock_define_initialized
+#define __libc_lock_init gl_lock_init
+#define __libc_lock_lock gl_lock_lock
+#define __libc_lock_unlock gl_lock_unlock
+#define __libc_lock_recursive_t gl_recursive_lock_t
+#define __libc_lock_define_recursive gl_recursive_lock_define
+#define __libc_lock_define_initialized_recursive gl_recursive_lock_define_initialized
+#define __libc_lock_init_recursive gl_recursive_lock_init
+#define __libc_lock_lock_recursive gl_recursive_lock_lock
+#define __libc_lock_unlock_recursive gl_recursive_lock_unlock
+#define glthread_in_use libintl_thread_in_use
+#define glthread_lock_init libintl_lock_init
+#define glthread_lock_lock libintl_lock_lock
+#define glthread_lock_unlock libintl_lock_unlock
+#define glthread_lock_destroy libintl_lock_destroy
+#define glthread_rwlock_init libintl_rwlock_init
+#define glthread_rwlock_rdlock libintl_rwlock_rdlock
+#define glthread_rwlock_wrlock libintl_rwlock_wrlock
+#define glthread_rwlock_unlock libintl_rwlock_unlock
+#define glthread_rwlock_destroy libintl_rwlock_destroy
+#define glthread_recursive_lock_init libintl_recursive_lock_init
+#define glthread_recursive_lock_lock libintl_recursive_lock_lock
+#define glthread_recursive_lock_unlock libintl_recursive_lock_unlock
+#define glthread_recursive_lock_destroy libintl_recursive_lock_destroy
+#define glthread_once libintl_once
+#define glthread_once_call libintl_once_call
+#define glthread_once_singlethreaded libintl_once_singlethreaded
+])
+])
+
+
+dnl Checks for the core files of the intl subdirectory:
+dnl dcigettext.c
+dnl eval-plural.h
+dnl explodename.c
+dnl finddomain.c
+dnl gettextP.h
+dnl gmo.h
+dnl hash-string.h hash-string.c
+dnl l10nflist.c
+dnl libgnuintl.h.in (except the *printf stuff)
+dnl loadinfo.h
+dnl loadmsgcat.c
+dnl localealias.c
+dnl log.c
+dnl plural-exp.h plural-exp.c
+dnl plural.y
+dnl Used by libglocale.
+AC_DEFUN([gt_INTL_SUBDIR_CORE],
+[
+ AC_REQUIRE([AC_C_INLINE])dnl
+ AC_REQUIRE([AC_TYPE_SIZE_T])dnl
+ AC_REQUIRE([gl_AC_HEADER_STDINT_H])
+ AC_REQUIRE([AC_FUNC_ALLOCA])dnl
+ AC_REQUIRE([AC_FUNC_MMAP])dnl
+ AC_REQUIRE([gt_INTDIV0])dnl
+ AC_REQUIRE([gl_AC_TYPE_UINTMAX_T])dnl
+ AC_REQUIRE([gt_INTTYPES_PRI])dnl
+ AC_REQUIRE([gl_LOCK])dnl
+
+ AC_TRY_LINK(
+ [int foo (int a) { a = __builtin_expect (a, 10); return a == 10 ? 0 : 1; }],
+ [],
+ [AC_DEFINE([HAVE_BUILTIN_EXPECT], 1,
+ [Define to 1 if the compiler understands __builtin_expect.])])
+
+ AC_CHECK_HEADERS([argz.h inttypes.h limits.h unistd.h sys/param.h])
+ AC_CHECK_FUNCS([getcwd getegid geteuid getgid getuid mempcpy munmap \
+ stpcpy strcasecmp strdup strtoul tsearch argz_count argz_stringify \
+ argz_next __fsetlocking])
+
+ dnl Use the *_unlocked functions only if they are declared.
+ dnl (because some of them were defined without being declared in Solaris
+ dnl 2.5.1 but were removed in Solaris 2.6, whereas we want binaries built
+ dnl on Solaris 2.5.1 to run on Solaris 2.6).
+ dnl Don't use AC_CHECK_DECLS because it isn't supported in autoconf-2.13.
+ gt_CHECK_DECL(feof_unlocked, [#include <stdio.h>])
+ gt_CHECK_DECL(fgets_unlocked, [#include <stdio.h>])
+
+ AM_ICONV
+
+ dnl glibc >= 2.4 has a NL_LOCALE_NAME macro when _GNU_SOURCE is defined,
+ dnl and a _NL_LOCALE_NAME macro always.
+ AC_CACHE_CHECK([for NL_LOCALE_NAME macro], gt_cv_nl_locale_name,
+ [AC_TRY_LINK([#include <langinfo.h>
+#include <locale.h>],
+ [char* cs = nl_langinfo(_NL_LOCALE_NAME(LC_MESSAGES));],
+ gt_cv_nl_locale_name=yes,
+ gt_cv_nl_locale_name=no)
+ ])
+ if test $gt_cv_nl_locale_name = yes; then
+ AC_DEFINE(HAVE_NL_LOCALE_NAME, 1,
+ [Define if you have <langinfo.h> and it defines the NL_LOCALE_NAME macro if _GNU_SOURCE is defined.])
+ fi
+
+ dnl intl/plural.c is generated from intl/plural.y. It requires bison,
+ dnl because plural.y uses bison specific features. It requires at least
+ dnl bison-1.26 because earlier versions generate a plural.c that doesn't
+ dnl compile.
+ dnl bison is only needed for the maintainer (who touches plural.y). But in
+ dnl order to avoid separate Makefiles or --enable-maintainer-mode, we put
+ dnl the rule in general Makefile. Now, some people carelessly touch the
+ dnl files or have a broken "make" program, hence the plural.c rule will
+ dnl sometimes fire. To avoid an error, defines BISON to ":" if it is not
+ dnl present or too old.
+ AC_CHECK_PROGS([INTLBISON], [bison])
+ if test -z "$INTLBISON"; then
+ ac_verc_fail=yes
+ else
+ dnl Found it, now check the version.
+ AC_MSG_CHECKING([version of bison])
+changequote(<<,>>)dnl
+ ac_prog_version=`$INTLBISON --version 2>&1 | sed -n 's/^.*GNU Bison.* \([0-9]*\.[0-9.]*\).*$/\1/p'`
+ case $ac_prog_version in
+ '') ac_prog_version="v. ?.??, bad"; ac_verc_fail=yes;;
+ 1.2[6-9]* | 1.[3-9][0-9]* | [2-9].*)
+changequote([,])dnl
+ ac_prog_version="$ac_prog_version, ok"; ac_verc_fail=no;;
+ *) ac_prog_version="$ac_prog_version, bad"; ac_verc_fail=yes;;
+ esac
+ AC_MSG_RESULT([$ac_prog_version])
+ fi
+ if test $ac_verc_fail = yes; then
+ INTLBISON=:
+ fi
+])
+
+
+dnl gt_CHECK_DECL(FUNC, INCLUDES)
+dnl Check whether a function is declared.
+AC_DEFUN([gt_CHECK_DECL],
+[
+ AC_CACHE_CHECK([whether $1 is declared], ac_cv_have_decl_$1,
+ [AC_TRY_COMPILE([$2], [
+#ifndef $1
+ char *p = (char *) $1;
+#endif
+], ac_cv_have_decl_$1=yes, ac_cv_have_decl_$1=no)])
+ if test $ac_cv_have_decl_$1 = yes; then
+ gt_value=1
+ else
+ gt_value=0
+ fi
+ AC_DEFINE_UNQUOTED([HAVE_DECL_]translit($1, [a-z], [A-Z]), [$gt_value],
+ [Define to 1 if you have the declaration of `$1', and to 0 if you don't.])
+])
diff --git a/m4/intldir.m4 b/m4/intldir.m4
new file mode 100644
index 0000000..7a28843
--- /dev/null
+++ b/m4/intldir.m4
@@ -0,0 +1,19 @@
+# intldir.m4 serial 1 (gettext-0.16)
+dnl Copyright (C) 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+AC_PREREQ(2.52)
+
+dnl Tells the AM_GNU_GETTEXT macro to consider an intl/ directory.
+AC_DEFUN([AM_GNU_GETTEXT_INTL_SUBDIR], [])
diff --git a/m4/intmax.m4 b/m4/intmax.m4
new file mode 100644
index 0000000..ce7a8a4
--- /dev/null
+++ b/m4/intmax.m4
@@ -0,0 +1,33 @@
+# intmax.m4 serial 3 (gettext-0.16)
+dnl Copyright (C) 2002-2005 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+dnl Test whether the system has the 'intmax_t' type, but don't attempt to
+dnl find a replacement if it is lacking.
+
+AC_DEFUN([gt_TYPE_INTMAX_T],
+[
+ AC_REQUIRE([gl_AC_HEADER_INTTYPES_H])
+ AC_REQUIRE([gl_AC_HEADER_STDINT_H])
+ AC_CACHE_CHECK(for intmax_t, gt_cv_c_intmax_t,
+ [AC_TRY_COMPILE([
+#include <stddef.h>
+#include <stdlib.h>
+#if HAVE_STDINT_H_WITH_UINTMAX
+#include <stdint.h>
+#endif
+#if HAVE_INTTYPES_H_WITH_UINTMAX
+#include <inttypes.h>
+#endif
+], [intmax_t x = -1;
+ return !x;],
+ gt_cv_c_intmax_t=yes,
+ gt_cv_c_intmax_t=no)])
+ if test $gt_cv_c_intmax_t = yes; then
+ AC_DEFINE(HAVE_INTMAX_T, 1,
+ [Define if you have the 'intmax_t' type in <stdint.h> or <inttypes.h>.])
+ fi
+])
diff --git a/m4/inttypes-pri.m4 b/m4/inttypes-pri.m4
new file mode 100644
index 0000000..7c7f894
--- /dev/null
+++ b/m4/inttypes-pri.m4
@@ -0,0 +1,36 @@
+# inttypes-pri.m4 serial 4 (gettext-0.16)
+dnl Copyright (C) 1997-2002, 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+AC_PREREQ(2.52)
+
+# Define PRI_MACROS_BROKEN if <inttypes.h> exists and defines the PRI*
+# macros to non-string values. This is the case on AIX 4.3.3.
+
+AC_DEFUN([gt_INTTYPES_PRI],
+[
+ AC_CHECK_HEADERS([inttypes.h])
+ if test $ac_cv_header_inttypes_h = yes; then
+ AC_CACHE_CHECK([whether the inttypes.h PRIxNN macros are broken],
+ gt_cv_inttypes_pri_broken,
+ [
+ AC_TRY_COMPILE([#include <inttypes.h>
+#ifdef PRId32
+char *p = PRId32;
+#endif
+], [], gt_cv_inttypes_pri_broken=no, gt_cv_inttypes_pri_broken=yes)
+ ])
+ fi
+ if test "$gt_cv_inttypes_pri_broken" = yes; then
+ AC_DEFINE_UNQUOTED(PRI_MACROS_BROKEN, 1,
+ [Define if <inttypes.h> exists and defines unusable PRI* macros.])
+ PRI_MACROS_BROKEN=1
+ else
+ PRI_MACROS_BROKEN=0
+ fi
+ AC_SUBST([PRI_MACROS_BROKEN])
+])
diff --git a/m4/inttypes.m4 b/m4/inttypes.m4
new file mode 100644
index 0000000..ab370ff
--- /dev/null
+++ b/m4/inttypes.m4
@@ -0,0 +1,27 @@
+# inttypes.m4 serial 1 (gettext-0.11.4)
+dnl Copyright (C) 1997-2002 Free Software Foundation, Inc.
+dnl This file is free software, distributed under the terms of the GNU
+dnl General Public License. As a special exception to the GNU General
+dnl Public License, this file may be distributed as part of a program
+dnl that contains a configuration script generated by Autoconf, under
+dnl the same distribution terms as the rest of that program.
+
+dnl From Paul Eggert.
+
+# Define HAVE_INTTYPES_H if <inttypes.h> exists and doesn't clash with
+# <sys/types.h>.
+
+AC_DEFUN([gt_HEADER_INTTYPES_H],
+[
+ AC_CACHE_CHECK([for inttypes.h], gt_cv_header_inttypes_h,
+ [
+ AC_TRY_COMPILE(
+ [#include <sys/types.h>
+#include <inttypes.h>],
+ [], gt_cv_header_inttypes_h=yes, gt_cv_header_inttypes_h=no)
+ ])
+ if test $gt_cv_header_inttypes_h = yes; then
+ AC_DEFINE_UNQUOTED(HAVE_INTTYPES_H, 1,
+ [Define if <inttypes.h> exists and doesn't clash with <sys/types.h>.])
+ fi
+])
diff --git a/m4/inttypes_h.m4 b/m4/inttypes_h.m4
new file mode 100644
index 0000000..edc8ecb
--- /dev/null
+++ b/m4/inttypes_h.m4
@@ -0,0 +1,26 @@
+# inttypes_h.m4 serial 7
+dnl Copyright (C) 1997-2004, 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Paul Eggert.
+
+# Define HAVE_INTTYPES_H_WITH_UINTMAX if <inttypes.h> exists,
+# doesn't clash with <sys/types.h>, and declares uintmax_t.
+
+AC_DEFUN([gl_AC_HEADER_INTTYPES_H],
+[
+ AC_CACHE_CHECK([for inttypes.h], gl_cv_header_inttypes_h,
+ [AC_TRY_COMPILE(
+ [#include <sys/types.h>
+#include <inttypes.h>],
+ [uintmax_t i = (uintmax_t) -1; return !i;],
+ gl_cv_header_inttypes_h=yes,
+ gl_cv_header_inttypes_h=no)])
+ if test $gl_cv_header_inttypes_h = yes; then
+ AC_DEFINE_UNQUOTED(HAVE_INTTYPES_H_WITH_UINTMAX, 1,
+ [Define if <inttypes.h> exists, doesn't clash with <sys/types.h>,
+ and declares uintmax_t. ])
+ fi
+])
diff --git a/m4/isc-posix.m4 b/m4/isc-posix.m4
new file mode 100644
index 0000000..1319dd1
--- /dev/null
+++ b/m4/isc-posix.m4
@@ -0,0 +1,26 @@
+# isc-posix.m4 serial 2 (gettext-0.11.2)
+dnl Copyright (C) 1995-2002 Free Software Foundation, Inc.
+dnl This file is free software, distributed under the terms of the GNU
+dnl General Public License. As a special exception to the GNU General
+dnl Public License, this file may be distributed as part of a program
+dnl that contains a configuration script generated by Autoconf, under
+dnl the same distribution terms as the rest of that program.
+
+# This file is not needed with autoconf-2.53 and newer. Remove it in 2005.
+
+# This test replaces the one in autoconf.
+# Currently this macro should have the same name as the autoconf macro
+# because gettext's gettext.m4 (distributed in the automake package)
+# still uses it. Otherwise, the use in gettext.m4 makes autoheader
+# give these diagnostics:
+# configure.in:556: AC_TRY_COMPILE was called before AC_ISC_POSIX
+# configure.in:556: AC_TRY_RUN was called before AC_ISC_POSIX
+
+undefine([AC_ISC_POSIX])
+
+AC_DEFUN([AC_ISC_POSIX],
+ [
+ dnl This test replaces the obsolescent AC_ISC_POSIX kludge.
+ AC_CHECK_LIB(cposix, strerror, [LIBS="$LIBS -lcposix"])
+ ]
+)
diff --git a/m4/ksba.m4 b/m4/ksba.m4
new file mode 100644
index 0000000..1100387
--- /dev/null
+++ b/m4/ksba.m4
@@ -0,0 +1,109 @@
+# ksba.m4 - autoconf macro to detect ksba
+# Copyright (C) 2002 g10 Code GmbH
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+
+dnl AM_PATH_KSBA([MINIMUM-VERSION,
+dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
+dnl Test for libksba and define KSBA_CFLAGS and KSBA_LIBS
+dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
+dnl with the API version to also check the API compatibility. Example:
+dnl a MINIMUN-VERSION of 1:1.0.7 won't pass the test unless the installed
+dnl version of libksba is at least 1.0.7 *and* the API number is 1. Using
+dnl this features allows to prevent build against newer versions of libksba
+dnl with a changed API.
+dnl
+AC_DEFUN([AM_PATH_KSBA],
+[ AC_ARG_WITH(ksba-prefix,
+ AC_HELP_STRING([--with-ksba-prefix=PFX],
+ [prefix where KSBA is installed (optional)]),
+ ksba_config_prefix="$withval", ksba_config_prefix="")
+ if test x$ksba_config_prefix != x ; then
+ ksba_config_args="$ksba_config_args --prefix=$ksba_config_prefix"
+ if test x${KSBA_CONFIG+set} != xset ; then
+ KSBA_CONFIG=$ksba_config_prefix/bin/ksba-config
+ fi
+ fi
+
+ AC_PATH_PROG(KSBA_CONFIG, ksba-config, no)
+ tmp=ifelse([$1], ,1:1.0.0,$1)
+ if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
+ req_ksba_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
+ min_ksba_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
+ else
+ req_ksba_api=0
+ min_ksba_version="$tmp"
+ fi
+
+ AC_MSG_CHECKING(for KSBA - version >= $min_ksba_version)
+ ok=no
+ if test "$KSBA_CONFIG" != "no" ; then
+ req_major=`echo $min_ksba_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
+ req_minor=`echo $min_ksba_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
+ req_micro=`echo $min_ksba_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
+ ksba_config_version=`$KSBA_CONFIG $ksba_config_args --version`
+ major=`echo $ksba_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
+ minor=`echo $ksba_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
+ micro=`echo $ksba_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
+ if test "$major" -gt "$req_major"; then
+ ok=yes
+ else
+ if test "$major" -eq "$req_major"; then
+ if test "$minor" -gt "$req_minor"; then
+ ok=yes
+ else
+ if test "$minor" -eq "$req_minor"; then
+ if test "$micro" -ge "$req_micro"; then
+ ok=yes
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ AC_MSG_RESULT([yes ($ksba_config_version)])
+ else
+ AC_MSG_RESULT(no)
+ fi
+ if test $ok = yes; then
+ # Even if we have a recent libksba, we should check that the
+ # API is compatible.
+ if test "$req_ksba_api" -gt 0 ; then
+ tmp=`$KSBA_CONFIG --api-version 2>/dev/null || echo 0`
+ if test "$tmp" -gt 0 ; then
+ AC_MSG_CHECKING([KSBA API version])
+ if test "$req_ksba_api" -eq "$tmp" ; then
+ AC_MSG_RESULT(okay)
+ else
+ ok=no
+ AC_MSG_RESULT([does not match. want=$req_ksba_api got=$tmp.])
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ KSBA_CFLAGS=`$KSBA_CONFIG $ksba_config_args --cflags`
+ KSBA_LIBS=`$KSBA_CONFIG $ksba_config_args --libs`
+ ifelse([$2], , :, [$2])
+ else
+ KSBA_CFLAGS=""
+ KSBA_LIBS=""
+ ifelse([$3], , :, [$3])
+ fi
+ AC_SUBST(KSBA_CFLAGS)
+ AC_SUBST(KSBA_LIBS)
+])
diff --git a/m4/lcmessage.m4 b/m4/lcmessage.m4
new file mode 100644
index 0000000..19aa77e
--- /dev/null
+++ b/m4/lcmessage.m4
@@ -0,0 +1,30 @@
+# lcmessage.m4 serial 4 (gettext-0.14.2)
+dnl Copyright (C) 1995-2002, 2004-2005 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+dnl Authors:
+dnl Ulrich Drepper <drepper@cygnus.com>, 1995.
+
+# Check whether LC_MESSAGES is available in <locale.h>.
+
+AC_DEFUN([gt_LC_MESSAGES],
+[
+ AC_CACHE_CHECK([for LC_MESSAGES], gt_cv_val_LC_MESSAGES,
+ [AC_TRY_LINK([#include <locale.h>], [return LC_MESSAGES],
+ gt_cv_val_LC_MESSAGES=yes, gt_cv_val_LC_MESSAGES=no)])
+ if test $gt_cv_val_LC_MESSAGES = yes; then
+ AC_DEFINE(HAVE_LC_MESSAGES, 1,
+ [Define if your <locale.h> file defines LC_MESSAGES.])
+ fi
+])
diff --git a/m4/ldap.m4 b/m4/ldap.m4
new file mode 100644
index 0000000..f4462ca
--- /dev/null
+++ b/m4/ldap.m4
@@ -0,0 +1,100 @@
+dnl Check for LDAP
+dnl Copyright (C) 2005 Free Software Foundation, Inc.
+dnl
+dnl This file is free software, distributed under the terms of the GNU
+dnl General Public License. As a special exception to the GNU General
+dnl Public License, this file may be distributed as part of a program
+dnl that contains a configuration script generated by Autoconf, under
+dnl the same distribution terms as the rest of that program.
+dnl
+dnl Defines @GPGKEYS_LDAP@ to a executable name if a working ldap
+dnl setup is found, and sets @LDAPLIBS@ to the necessary libraries.
+
+AC_DEFUN([GNUPG_CHECK_LDAP],
+[
+# Try and link a LDAP test program to weed out unusable LDAP
+# libraries. -lldap [-llber [-lresolv]] is for older OpenLDAPs.
+# OpenLDAP, circa 1999, was terrible with creating weird dependencies.
+# If all else fails, the user can play guess-the-dependency by using
+# something like ./configure LDAPLIBS="-Lfoo -lbar"
+
+AC_ARG_WITH(ldap,
+ AC_HELP_STRING([--with-ldap=DIR],[look for the LDAP library in DIR]),
+ [_ldap_with=$withval])
+
+if test x$_ldap_with != xno ; then
+
+ if test -d "$withval" ; then
+ LDAP_CPPFLAGS="-I$withval/include"
+ LDAP_LDFLAGS="-L$withval/lib"
+ fi
+
+ _ldap_save_cppflags=$CPPFLAGS
+ CPPFLAGS="${LDAP_CPPFLAGS} ${CPPFLAGS}"
+ _ldap_save_ldflags=$LDFLAGS
+ LDFLAGS="${LDAP_LDFLAGS} ${LDFLAGS}"
+
+ for MY_LDAPLIBS in ${LDAPLIBS+"$LDAPLIBS"} "-lldap" "-lldap -llber" "-lldap -llber -lresolv" "-lwldap32"; do
+ _ldap_save_libs=$LIBS
+ LIBS="$MY_LDAPLIBS $1 $LIBS"
+
+ AC_MSG_CHECKING([whether LDAP via \"$MY_LDAPLIBS\" is present and sane])
+ AC_TRY_LINK([
+#ifdef _WIN32
+#include <winsock2.h>
+#include <winldap.h>
+#else
+#include <ldap.h>
+#endif
+],[ldap_open("foobar",1234);],
+ [gnupg_cv_func_ldap_init=yes],[gnupg_cv_func_ldap_init=no])
+ AC_MSG_RESULT([$gnupg_cv_func_ldap_init])
+
+ if test $gnupg_cv_func_ldap_init = no; then
+ AC_MSG_CHECKING([whether I can make LDAP be sane with lber.h])
+ AC_TRY_LINK([#include <lber.h>
+#include <ldap.h>],[ldap_open("foobar",1234);],
+ [gnupg_cv_func_ldaplber_init=yes],[gnupg_cv_func_ldaplber_init=no])
+ AC_MSG_RESULT([$gnupg_cv_func_ldaplber_init])
+ fi
+
+ if test "$gnupg_cv_func_ldaplber_init" = yes ; then
+ AC_DEFINE(NEED_LBER_H,1,[Define if the LDAP library requires including lber.h before ldap.h])
+ fi
+
+ if test "$gnupg_cv_func_ldap_init" = yes || \
+ test "$gnupg_cv_func_ldaplber_init" = yes ; then
+ LDAPLIBS="$LDAP_LDFLAGS $MY_LDAPLIBS"
+ GPGKEYS_LDAP="gpg2keys_ldap$EXEEXT"
+
+ AC_CHECK_FUNCS(ldap_get_option ldap_set_option)
+ # The extra test for ldap_start_tls_sA is for W32 because
+ # that is the actual function in the library.
+ AC_CHECK_FUNCS(ldap_start_tls_s ldap_start_tls_sA)
+
+ if test "$ac_cv_func_ldap_get_option" != yes ; then
+ AC_MSG_CHECKING([whether LDAP supports ld_errno])
+ AC_TRY_LINK([#include <ldap.h>],[LDAP *ldap; ldap->ld_errno;],
+ [gnupg_cv_func_ldap_ld_errno=yes],
+ [gnupg_cv_func_ldap_ld_errno=no])
+ AC_MSG_RESULT([$gnupg_cv_func_ldap_ld_errno])
+
+ if test "$gnupg_cv_func_ldap_ld_errno" = yes ; then
+ AC_DEFINE(HAVE_LDAP_LD_ERRNO,1,[Define if the LDAP library supports ld_errno])
+ fi
+ fi
+ fi
+
+ LIBS=$_ldap_save_libs
+
+ if test "$GPGKEYS_LDAP" != "" ; then break; fi
+ done
+
+ AC_SUBST(GPGKEYS_LDAP)
+ AC_SUBST(LDAPLIBS)
+ AC_SUBST(LDAP_CPPFLAGS)
+
+ CPPFLAGS=$_ldap_save_cppflags
+ LDFLAGS=$_ldap_save_ldflags
+fi
+])dnl
diff --git a/m4/lib-ld.m4 b/m4/lib-ld.m4
new file mode 100644
index 0000000..96c4e2c
--- /dev/null
+++ b/m4/lib-ld.m4
@@ -0,0 +1,110 @@
+# lib-ld.m4 serial 3 (gettext-0.13)
+dnl Copyright (C) 1996-2003 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl Subroutines of libtool.m4,
+dnl with replacements s/AC_/AC_LIB/ and s/lt_cv/acl_cv/ to avoid collision
+dnl with libtool.m4.
+
+dnl From libtool-1.4. Sets the variable with_gnu_ld to yes or no.
+AC_DEFUN([AC_LIB_PROG_LD_GNU],
+[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], acl_cv_prog_gnu_ld,
+[# I'd rather use --version here, but apparently some GNU ld's only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ acl_cv_prog_gnu_ld=yes ;;
+*)
+ acl_cv_prog_gnu_ld=no ;;
+esac])
+with_gnu_ld=$acl_cv_prog_gnu_ld
+])
+
+dnl From libtool-1.4. Sets the variable LD.
+AC_DEFUN([AC_LIB_PROG_LD],
+[AC_ARG_WITH(gnu-ld,
+[ --with-gnu-ld assume the C compiler uses GNU ld [default=no]],
+test "$withval" = no || with_gnu_ld=yes, with_gnu_ld=no)
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+# Prepare PATH_SEPARATOR.
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ AC_MSG_CHECKING([for ld used by GCC])
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [[\\/]* | [A-Za-z]:[\\/]*)]
+ [re_direlt='/[^/][^/]*/\.\./']
+ # Canonicalize the path of ld
+ ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'`
+ while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ AC_MSG_CHECKING([for GNU ld])
+else
+ AC_MSG_CHECKING([for non-GNU ld])
+fi
+AC_CACHE_VAL(acl_cv_path_LD,
+[if test -z "$LD"; then
+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}"
+ for ac_dir in $PATH; do
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ acl_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some GNU ld's only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$acl_cv_path_LD" -v 2>&1 < /dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break ;;
+ *)
+ test "$with_gnu_ld" != yes && break ;;
+ esac
+ fi
+ done
+ IFS="$ac_save_ifs"
+else
+ acl_cv_path_LD="$LD" # Let the user override the test with a path.
+fi])
+LD="$acl_cv_path_LD"
+if test -n "$LD"; then
+ AC_MSG_RESULT($LD)
+else
+ AC_MSG_RESULT(no)
+fi
+test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
+AC_LIB_PROG_LD_GNU
+])
diff --git a/m4/lib-link.m4 b/m4/lib-link.m4
new file mode 100644
index 0000000..e3d26fc
--- /dev/null
+++ b/m4/lib-link.m4
@@ -0,0 +1,709 @@
+# lib-link.m4 serial 13 (gettext-0.17)
+dnl Copyright (C) 2001-2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+AC_PREREQ(2.54)
+
+dnl AC_LIB_LINKFLAGS(name [, dependencies]) searches for libname and
+dnl the libraries corresponding to explicit and implicit dependencies.
+dnl Sets and AC_SUBSTs the LIB${NAME} and LTLIB${NAME} variables and
+dnl augments the CPPFLAGS variable.
+dnl Sets and AC_SUBSTs the LIB${NAME}_PREFIX variable to nonempty if libname
+dnl was found in ${LIB${NAME}_PREFIX}/$acl_libdirstem.
+AC_DEFUN([AC_LIB_LINKFLAGS],
+[
+ AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
+ AC_REQUIRE([AC_LIB_RPATH])
+ define([Name],[translit([$1],[./-], [___])])
+ define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-],
+ [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])])
+ AC_CACHE_CHECK([how to link with lib[]$1], [ac_cv_lib[]Name[]_libs], [
+ AC_LIB_LINKFLAGS_BODY([$1], [$2])
+ ac_cv_lib[]Name[]_libs="$LIB[]NAME"
+ ac_cv_lib[]Name[]_ltlibs="$LTLIB[]NAME"
+ ac_cv_lib[]Name[]_cppflags="$INC[]NAME"
+ ac_cv_lib[]Name[]_prefix="$LIB[]NAME[]_PREFIX"
+ ])
+ LIB[]NAME="$ac_cv_lib[]Name[]_libs"
+ LTLIB[]NAME="$ac_cv_lib[]Name[]_ltlibs"
+ INC[]NAME="$ac_cv_lib[]Name[]_cppflags"
+ LIB[]NAME[]_PREFIX="$ac_cv_lib[]Name[]_prefix"
+ AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
+ AC_SUBST([LIB]NAME)
+ AC_SUBST([LTLIB]NAME)
+ AC_SUBST([LIB]NAME[_PREFIX])
+ dnl Also set HAVE_LIB[]NAME so that AC_LIB_HAVE_LINKFLAGS can reuse the
+ dnl results of this search when this library appears as a dependency.
+ HAVE_LIB[]NAME=yes
+ undefine([Name])
+ undefine([NAME])
+])
+
+dnl AC_LIB_HAVE_LINKFLAGS(name, dependencies, includes, testcode)
+dnl searches for libname and the libraries corresponding to explicit and
+dnl implicit dependencies, together with the specified include files and
+dnl the ability to compile and link the specified testcode. If found, it
+dnl sets and AC_SUBSTs HAVE_LIB${NAME}=yes and the LIB${NAME} and
+dnl LTLIB${NAME} variables and augments the CPPFLAGS variable, and
+dnl #defines HAVE_LIB${NAME} to 1. Otherwise, it sets and AC_SUBSTs
+dnl HAVE_LIB${NAME}=no and LIB${NAME} and LTLIB${NAME} to empty.
+dnl Sets and AC_SUBSTs the LIB${NAME}_PREFIX variable to nonempty if libname
+dnl was found in ${LIB${NAME}_PREFIX}/$acl_libdirstem.
+AC_DEFUN([AC_LIB_HAVE_LINKFLAGS],
+[
+ AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
+ AC_REQUIRE([AC_LIB_RPATH])
+ define([Name],[translit([$1],[./-], [___])])
+ define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-],
+ [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])])
+
+ dnl Search for lib[]Name and define LIB[]NAME, LTLIB[]NAME and INC[]NAME
+ dnl accordingly.
+ AC_LIB_LINKFLAGS_BODY([$1], [$2])
+
+ dnl Add $INC[]NAME to CPPFLAGS before performing the following checks,
+ dnl because if the user has installed lib[]Name and not disabled its use
+ dnl via --without-lib[]Name-prefix, he wants to use it.
+ ac_save_CPPFLAGS="$CPPFLAGS"
+ AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
+
+ AC_CACHE_CHECK([for lib[]$1], [ac_cv_lib[]Name], [
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIB[]NAME"
+ AC_TRY_LINK([$3], [$4], [ac_cv_lib[]Name=yes], [ac_cv_lib[]Name=no])
+ LIBS="$ac_save_LIBS"
+ ])
+ if test "$ac_cv_lib[]Name" = yes; then
+ HAVE_LIB[]NAME=yes
+ AC_DEFINE([HAVE_LIB]NAME, 1, [Define if you have the $1 library.])
+ AC_MSG_CHECKING([how to link with lib[]$1])
+ AC_MSG_RESULT([$LIB[]NAME])
+ else
+ HAVE_LIB[]NAME=no
+ dnl If $LIB[]NAME didn't lead to a usable library, we don't need
+ dnl $INC[]NAME either.
+ CPPFLAGS="$ac_save_CPPFLAGS"
+ LIB[]NAME=
+ LTLIB[]NAME=
+ LIB[]NAME[]_PREFIX=
+ fi
+ AC_SUBST([HAVE_LIB]NAME)
+ AC_SUBST([LIB]NAME)
+ AC_SUBST([LTLIB]NAME)
+ AC_SUBST([LIB]NAME[_PREFIX])
+ undefine([Name])
+ undefine([NAME])
+])
+
+dnl Determine the platform dependent parameters needed to use rpath:
+dnl acl_libext,
+dnl acl_shlibext,
+dnl acl_hardcode_libdir_flag_spec,
+dnl acl_hardcode_libdir_separator,
+dnl acl_hardcode_direct,
+dnl acl_hardcode_minus_L.
+AC_DEFUN([AC_LIB_RPATH],
+[
+ dnl Tell automake >= 1.10 to complain if config.rpath is missing.
+ m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([config.rpath])])
+ AC_REQUIRE([AC_PROG_CC]) dnl we use $CC, $GCC, $LDFLAGS
+ AC_REQUIRE([AC_LIB_PROG_LD]) dnl we use $LD, $with_gnu_ld
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl we use $host
+ AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT]) dnl we use $ac_aux_dir
+ AC_CACHE_CHECK([for shared library run path origin], acl_cv_rpath, [
+ CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \
+ ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh
+ . ./conftest.sh
+ rm -f ./conftest.sh
+ acl_cv_rpath=done
+ ])
+ wl="$acl_cv_wl"
+ acl_libext="$acl_cv_libext"
+ acl_shlibext="$acl_cv_shlibext"
+ acl_libname_spec="$acl_cv_libname_spec"
+ acl_library_names_spec="$acl_cv_library_names_spec"
+ acl_hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec"
+ acl_hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator"
+ acl_hardcode_direct="$acl_cv_hardcode_direct"
+ acl_hardcode_minus_L="$acl_cv_hardcode_minus_L"
+ dnl Determine whether the user wants rpath handling at all.
+ AC_ARG_ENABLE(rpath,
+ [ --disable-rpath do not hardcode runtime library paths],
+ :, enable_rpath=yes)
+])
+
+dnl AC_LIB_LINKFLAGS_BODY(name [, dependencies]) searches for libname and
+dnl the libraries corresponding to explicit and implicit dependencies.
+dnl Sets the LIB${NAME}, LTLIB${NAME} and INC${NAME} variables.
+dnl Also, sets the LIB${NAME}_PREFIX variable to nonempty if libname was found
+dnl in ${LIB${NAME}_PREFIX}/$acl_libdirstem.
+AC_DEFUN([AC_LIB_LINKFLAGS_BODY],
+[
+ AC_REQUIRE([AC_LIB_PREPARE_MULTILIB])
+ define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-],
+ [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])])
+ dnl Autoconf >= 2.61 supports dots in --with options.
+ define([N_A_M_E],[m4_if(m4_version_compare(m4_defn([m4_PACKAGE_VERSION]),[2.61]),[-1],[translit([$1],[.],[_])],[$1])])
+ dnl By default, look in $includedir and $libdir.
+ use_additional=yes
+ AC_LIB_WITH_FINAL_PREFIX([
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+ ])
+ AC_LIB_ARG_WITH([lib]N_A_M_E[-prefix],
+[ --with-lib]N_A_M_E[-prefix[=DIR] search for lib$1 in DIR/include and DIR/lib
+ --without-lib]N_A_M_E[-prefix don't search for lib$1 in includedir and libdir],
+[
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+ AC_LIB_WITH_FINAL_PREFIX([
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+ ])
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+])
+ dnl Search the library and its dependencies in $additional_libdir and
+ dnl $LDFLAGS. Using breadth-first-seach.
+ LIB[]NAME=
+ LTLIB[]NAME=
+ INC[]NAME=
+ LIB[]NAME[]_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='$1 $2'
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ dnl See if it was already located by an earlier AC_LIB_LINKFLAGS
+ dnl or AC_LIB_HAVE_LINKFLAGS call.
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$value"
+ else
+ dnl An earlier call to AC_LIB_HAVE_LINKFLAGS has determined
+ dnl that this library doesn't exist. So just drop it.
+ :
+ fi
+ else
+ dnl Search the library lib$name in $additional_libdir and $LDFLAGS
+ dnl and the already constructed $LIBNAME/$LTLIBNAME.
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ dnl The same code as in the loop below:
+ dnl First look for a shared library.
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ dnl Then look for a static library.
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIB[]NAME; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ dnl First look for a shared library.
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ dnl Then look for a static library.
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ dnl Found the library.
+ LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ dnl Linking with a shared library. We attempt to hardcode its
+ dnl directory into the executable's runpath, unless it's the
+ dnl standard /usr/lib.
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ dnl No hardcoding is needed.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
+ else
+ dnl Use an explicit option to hardcode DIR into the resulting
+ dnl binary.
+ dnl Potentially add DIR to ltrpathdirs.
+ dnl The ltrpathdirs will be appended to $LTLIBNAME at the end.
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ dnl The hardcoding into $LIBNAME is system dependent.
+ if test "$acl_hardcode_direct" = yes; then
+ dnl Using DIR/libNAME.so during linking hardcodes DIR into the
+ dnl resulting binary.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ dnl Use an explicit option to hardcode DIR into the resulting
+ dnl binary.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
+ dnl Potentially add DIR to rpathdirs.
+ dnl The rpathdirs will be appended to $LIBNAME at the end.
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ dnl Rely on "-L$found_dir".
+ dnl But don't add it if it's already contained in the LDFLAGS
+ dnl or the already constructed $LIBNAME
+ haveit=
+ for x in $LDFLAGS $LIB[]NAME; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ dnl FIXME: Not sure whether we should use
+ dnl "-L$found_dir -l$name" or "-L$found_dir $found_so"
+ dnl here.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
+ else
+ dnl We cannot use $acl_hardcode_runpath_var and LD_RUN_PATH
+ dnl here, because this doesn't fit in flags passed to the
+ dnl compiler. So give up. No hardcoding. This affects only
+ dnl very old systems.
+ dnl FIXME: Not sure whether we should use
+ dnl "-L$found_dir -l$name" or "-L$found_dir $found_so"
+ dnl here.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ dnl Linking with a static library.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_a"
+ else
+ dnl We shouldn't come here, but anyway it's good to have a
+ dnl fallback.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir -l$name"
+ fi
+ fi
+ dnl Assume the include files are nearby.
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIB[]NAME[]_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ dnl Potentially add $additional_includedir to $INCNAME.
+ dnl But don't add it
+ dnl 1. if it's the standard /usr/include,
+ dnl 2. if it's /usr/local/include and we are using GCC on Linux,
+ dnl 3. if it's already present in $CPPFLAGS or the already
+ dnl constructed $INCNAME,
+ dnl 4. if it doesn't exist as a directory.
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INC[]NAME; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ dnl Really add $additional_includedir to $INCNAME.
+ INC[]NAME="${INC[]NAME}${INC[]NAME:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ dnl Look for dependencies.
+ if test -n "$found_la"; then
+ dnl Read the .la file. It defines the variables
+ dnl dlname, library_names, old_library, dependency_libs, current,
+ dnl age, revision, installed, dlopen, dlpreopen, libdir.
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ dnl We use only dependency_libs.
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ dnl Potentially add $additional_libdir to $LIBNAME and $LTLIBNAME.
+ dnl But don't add it
+ dnl 1. if it's the standard /usr/lib,
+ dnl 2. if it's /usr/local/lib and we are using GCC on Linux,
+ dnl 3. if it's already present in $LDFLAGS or the already
+ dnl constructed $LIBNAME,
+ dnl 4. if it doesn't exist as a directory.
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIB[]NAME; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ dnl Really add $additional_libdir to $LIBNAME.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIB[]NAME; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ dnl Really add $additional_libdir to $LTLIBNAME.
+ LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ dnl Potentially add DIR to rpathdirs.
+ dnl The rpathdirs will be appended to $LIBNAME at the end.
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ dnl Potentially add DIR to ltrpathdirs.
+ dnl The ltrpathdirs will be appended to $LTLIBNAME at the end.
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ dnl Handle this in the next round.
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ dnl Handle this in the next round. Throw away the .la's
+ dnl directory; it is already contained in a preceding -L
+ dnl option.
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ dnl Most likely an immediate library name.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$dep"
+ LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ dnl Didn't find the library; assume it is in the system directories
+ dnl known to the linker and runtime loader. (All the system
+ dnl directories known to the linker should also be known to the
+ dnl runtime loader, otherwise the system is severely misconfigured.)
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name"
+ LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ dnl Weird platform: only the last -rpath option counts, the user must
+ dnl pass all path elements in one option. We can arrange that for a
+ dnl single library, but not when more than one $LIBNAMEs are used.
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ dnl Note: acl_hardcode_libdir_flag_spec uses $libdir and $wl.
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag"
+ else
+ dnl The -rpath options are cumulative.
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ dnl When using libtool, the option that works for both libraries and
+ dnl executables is -R. The -R options are cumulative.
+ for found_dir in $ltrpathdirs; do
+ LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-R$found_dir"
+ done
+ fi
+])
+
+dnl AC_LIB_APPENDTOVAR(VAR, CONTENTS) appends the elements of CONTENTS to VAR,
+dnl unless already present in VAR.
+dnl Works only for CPPFLAGS, not for LIB* variables because that sometimes
+dnl contains two or three consecutive elements that belong together.
+AC_DEFUN([AC_LIB_APPENDTOVAR],
+[
+ for element in [$2]; do
+ haveit=
+ for x in $[$1]; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ [$1]="${[$1]}${[$1]:+ }$element"
+ fi
+ done
+])
+
+dnl For those cases where a variable contains several -L and -l options
+dnl referring to unknown libraries and directories, this macro determines the
+dnl necessary additional linker options for the runtime path.
+dnl AC_LIB_LINKFLAGS_FROM_LIBS([LDADDVAR], [LIBSVALUE], [USE-LIBTOOL])
+dnl sets LDADDVAR to linker options needed together with LIBSVALUE.
+dnl If USE-LIBTOOL evaluates to non-empty, linking with libtool is assumed,
+dnl otherwise linking without libtool is assumed.
+AC_DEFUN([AC_LIB_LINKFLAGS_FROM_LIBS],
+[
+ AC_REQUIRE([AC_LIB_RPATH])
+ AC_REQUIRE([AC_LIB_PREPARE_MULTILIB])
+ $1=
+ if test "$enable_rpath" != no; then
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ dnl Use an explicit option to hardcode directories into the resulting
+ dnl binary.
+ rpathdirs=
+ next=
+ for opt in $2; do
+ if test -n "$next"; then
+ dir="$next"
+ dnl No need to hardcode the standard /usr/lib.
+ if test "X$dir" != "X/usr/$acl_libdirstem"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ next=
+ else
+ case $opt in
+ -L) next=yes ;;
+ -L*) dir=`echo "X$opt" | sed -e 's,^X-L,,'`
+ dnl No need to hardcode the standard /usr/lib.
+ if test "X$dir" != "X/usr/$acl_libdirstem"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ next= ;;
+ *) next= ;;
+ esac
+ fi
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n ""$3""; then
+ dnl libtool is used for linking. Use -R options.
+ for dir in $rpathdirs; do
+ $1="${$1}${$1:+ }-R$dir"
+ done
+ else
+ dnl The linker is used for linking directly.
+ if test -n "$acl_hardcode_libdir_separator"; then
+ dnl Weird platform: only the last -rpath option counts, the user
+ dnl must pass all path elements in one option.
+ alldirs=
+ for dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ $1="$flag"
+ else
+ dnl The -rpath options are cumulative.
+ for dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ $1="${$1}${$1:+ }$flag"
+ done
+ fi
+ fi
+ fi
+ fi
+ fi
+ AC_SUBST([$1])
+])
diff --git a/m4/lib-prefix.m4 b/m4/lib-prefix.m4
new file mode 100644
index 0000000..a8684e1
--- /dev/null
+++ b/m4/lib-prefix.m4
@@ -0,0 +1,185 @@
+# lib-prefix.m4 serial 5 (gettext-0.15)
+dnl Copyright (C) 2001-2005 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+dnl AC_LIB_ARG_WITH is synonymous to AC_ARG_WITH in autoconf-2.13, and
+dnl similar to AC_ARG_WITH in autoconf 2.52...2.57 except that is doesn't
+dnl require excessive bracketing.
+ifdef([AC_HELP_STRING],
+[AC_DEFUN([AC_LIB_ARG_WITH], [AC_ARG_WITH([$1],[[$2]],[$3],[$4])])],
+[AC_DEFUN([AC_][LIB_ARG_WITH], [AC_ARG_WITH([$1],[$2],[$3],[$4])])])
+
+dnl AC_LIB_PREFIX adds to the CPPFLAGS and LDFLAGS the flags that are needed
+dnl to access previously installed libraries. The basic assumption is that
+dnl a user will want packages to use other packages he previously installed
+dnl with the same --prefix option.
+dnl This macro is not needed if only AC_LIB_LINKFLAGS is used to locate
+dnl libraries, but is otherwise very convenient.
+AC_DEFUN([AC_LIB_PREFIX],
+[
+ AC_BEFORE([$0], [AC_LIB_LINKFLAGS])
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST])
+ AC_REQUIRE([AC_LIB_PREPARE_MULTILIB])
+ AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
+ dnl By default, look in $includedir and $libdir.
+ use_additional=yes
+ AC_LIB_WITH_FINAL_PREFIX([
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+ ])
+ AC_LIB_ARG_WITH([lib-prefix],
+[ --with-lib-prefix[=DIR] search for libraries in DIR/include and DIR/lib
+ --without-lib-prefix don't search for libraries in includedir and libdir],
+[
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+ AC_LIB_WITH_FINAL_PREFIX([
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+ ])
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+])
+ if test $use_additional = yes; then
+ dnl Potentially add $additional_includedir to $CPPFLAGS.
+ dnl But don't add it
+ dnl 1. if it's the standard /usr/include,
+ dnl 2. if it's already present in $CPPFLAGS,
+ dnl 3. if it's /usr/local/include and we are using GCC on Linux,
+ dnl 4. if it doesn't exist as a directory.
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ for x in $CPPFLAGS; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ dnl Really add $additional_includedir to $CPPFLAGS.
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ dnl Potentially add $additional_libdir to $LDFLAGS.
+ dnl But don't add it
+ dnl 1. if it's the standard /usr/lib,
+ dnl 2. if it's already present in $LDFLAGS,
+ dnl 3. if it's /usr/local/lib and we are using GCC on Linux,
+ dnl 4. if it doesn't exist as a directory.
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ for x in $LDFLAGS; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux*) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ dnl Really add $additional_libdir to $LDFLAGS.
+ LDFLAGS="${LDFLAGS}${LDFLAGS:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ fi
+])
+
+dnl AC_LIB_PREPARE_PREFIX creates variables acl_final_prefix,
+dnl acl_final_exec_prefix, containing the values to which $prefix and
+dnl $exec_prefix will expand at the end of the configure script.
+AC_DEFUN([AC_LIB_PREPARE_PREFIX],
+[
+ dnl Unfortunately, prefix and exec_prefix get only finally determined
+ dnl at the end of configure.
+ if test "X$prefix" = "XNONE"; then
+ acl_final_prefix="$ac_default_prefix"
+ else
+ acl_final_prefix="$prefix"
+ fi
+ if test "X$exec_prefix" = "XNONE"; then
+ acl_final_exec_prefix='${prefix}'
+ else
+ acl_final_exec_prefix="$exec_prefix"
+ fi
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ eval acl_final_exec_prefix=\"$acl_final_exec_prefix\"
+ prefix="$acl_save_prefix"
+])
+
+dnl AC_LIB_WITH_FINAL_PREFIX([statement]) evaluates statement, with the
+dnl variables prefix and exec_prefix bound to the values they will have
+dnl at the end of the configure script.
+AC_DEFUN([AC_LIB_WITH_FINAL_PREFIX],
+[
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ $1
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+])
+
+dnl AC_LIB_PREPARE_MULTILIB creates a variable acl_libdirstem, containing
+dnl the basename of the libdir, either "lib" or "lib64".
+AC_DEFUN([AC_LIB_PREPARE_MULTILIB],
+[
+ dnl There is no formal standard regarding lib and lib64. The current
+ dnl practice is that on a system supporting 32-bit and 64-bit instruction
+ dnl sets or ABIs, 64-bit libraries go under $prefix/lib64 and 32-bit
+ dnl libraries go under $prefix/lib. We determine the compiler's default
+ dnl mode by looking at the compiler's library search path. If at least
+ dnl of its elements ends in /lib64 or points to a directory whose absolute
+ dnl pathname ends in /lib64, we assume a 64-bit ABI. Otherwise we use the
+ dnl default, namely "lib".
+ acl_libdirstem=lib
+ searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'`
+ if test -n "$searchpath"; then
+ acl_save_IFS="${IFS= }"; IFS=":"
+ for searchdir in $searchpath; do
+ if test -d "$searchdir"; then
+ case "$searchdir" in
+ */lib64/ | */lib64 ) acl_libdirstem=lib64 ;;
+ *) searchdir=`cd "$searchdir" && pwd`
+ case "$searchdir" in
+ */lib64 ) acl_libdirstem=lib64 ;;
+ esac ;;
+ esac
+ fi
+ done
+ IFS="$acl_save_IFS"
+ fi
+])
diff --git a/m4/libassuan.m4 b/m4/libassuan.m4
new file mode 100644
index 0000000..004eee3
--- /dev/null
+++ b/m4/libassuan.m4
@@ -0,0 +1,175 @@
+dnl Autoconf macros for libassuan
+dnl Copyright (C) 2002, 2003 Free Software Foundation, Inc.
+dnl
+dnl This file is free software; as a special exception the author gives
+dnl unlimited permission to copy and/or distribute it, with or without
+dnl modifications, as long as this notice is preserved.
+dnl
+dnl This file is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+dnl
+dnl Common code used for libassuan detection [internal]
+dnl Returns ok set to yes or no.
+dnl
+AC_DEFUN([_AM_PATH_LIBASSUAN_COMMON],
+[ AC_ARG_WITH(libassuan-prefix,
+ AC_HELP_STRING([--with-libassuan-prefix=PFX],
+ [prefix where LIBASSUAN is installed (optional)]),
+ libassuan_config_prefix="$withval", libassuan_config_prefix="")
+ if test x$libassuan_config_prefix != x ; then
+ libassuan_config_args="$libassuan_config_args --prefix=$libassuan_config_prefix"
+ if test x${LIBASSUAN_CONFIG+set} != xset ; then
+ LIBASSUAN_CONFIG=$libassuan_config_prefix/bin/libassuan-config
+ fi
+ fi
+ AC_PATH_PROG(LIBASSUAN_CONFIG, libassuan-config, no)
+
+ tmp=ifelse([$1], ,1:0.9.2,$1)
+ if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
+ req_libassuan_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
+ min_libassuan_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
+ else
+ req_libassuan_api=0
+ min_libassuan_version="$tmp"
+ fi
+
+ if test "$LIBASSUAN_CONFIG" != "no" ; then
+ libassuan_version=`$LIBASSUAN_CONFIG --version`
+ fi
+ libassuan_version_major=`echo $libassuan_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
+ libassuan_version_minor=`echo $libassuan_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
+ libassuan_version_micro=`echo $libassuan_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
+
+ AC_MSG_CHECKING(for LIBASSUAN ifelse([$2], ,,[$2 ])- version >= $min_libassuan_version)
+ ok=no
+ if test "$LIBASSUAN_CONFIG" != "no" ; then
+ ifelse([$2], ,,[if `$LIBASSUAN_CONFIG --thread=$2 2> /dev/null` ; then])
+ req_major=`echo $min_libassuan_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
+ req_minor=`echo $min_libassuan_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
+ req_micro=`echo $min_libassuan_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
+ if test "$libassuan_version_major" -gt "$req_major"; then
+ ok=yes
+ else
+ if test "$libassuan_version_major" -eq "$req_major"; then
+ if test "$libassuan_version_minor" -gt "$req_minor"; then
+ ok=yes
+ else
+ if test "$libassuan_version_minor" -eq "$req_minor"; then
+ if test "$libassuan_version_micro" -ge "$req_micro"; then
+ ok=yes
+ fi
+ fi
+ fi
+ fi
+ fi
+ ifelse([$2], ,,[fi])
+ fi
+
+ if test $ok = yes; then
+ AC_MSG_RESULT([yes ($libassuan_version)])
+ else
+ AC_MSG_RESULT(no)
+ fi
+
+ if test $ok = yes; then
+ if test "$req_libassuan_api" -gt 0 ; then
+ tmp=`$LIBASSUAN_CONFIG --api-version 2>/dev/null || echo 0`
+ if test "$tmp" -gt 0 ; then
+ AC_MSG_CHECKING([LIBASSUAN ifelse([$2], ,,[$2 ])API version])
+ if test "$req_libassuan_api" -eq "$tmp" ; then
+ AC_MSG_RESULT(okay)
+ else
+ ok=no
+ AC_MSG_RESULT([does not match. want=$req_libassuan_api got=$tmp.])
+ fi
+ fi
+ fi
+ fi
+
+])
+
+dnl AM_CHECK_LIBASSUAN([MINIMUM-VERSION,
+dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
+dnl Test whether libassuan has at least MINIMUM-VERSION. This is
+dnl used to test for features only available in newer versions.
+dnl
+AC_DEFUN([AM_CHECK_LIBASSUAN],
+[ _AM_PATH_LIBASSUAN_COMMON($1)
+ if test $ok = yes; then
+ ifelse([$2], , :, [$2])
+ else
+ ifelse([$3], , :, [$3])
+ fi
+])
+
+
+
+
+dnl AM_PATH_LIBASSUAN([MINIMUM-VERSION,
+dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
+dnl Test for libassuan and define LIBASSUAN_CFLAGS and LIBASSUAN_LIBS
+dnl
+AC_DEFUN([AM_PATH_LIBASSUAN],
+[ _AM_PATH_LIBASSUAN_COMMON($1)
+ if test $ok = yes; then
+ LIBASSUAN_CFLAGS=`$LIBASSUAN_CONFIG $libassuan_config_args --cflags`
+ LIBASSUAN_LIBS=`$LIBASSUAN_CONFIG $libassuan_config_args --libs`
+ ifelse([$2], , :, [$2])
+ else
+ LIBASSUAN_CFLAGS=""
+ LIBASSUAN_LIBS=""
+ ifelse([$3], , :, [$3])
+ fi
+ AC_SUBST(LIBASSUAN_CFLAGS)
+ AC_SUBST(LIBASSUAN_LIBS)
+])
+
+
+dnl AM_PATH_LIBASSUAN_PTH([MINIMUM-VERSION,
+dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
+dnl Test for libassuan and define LIBASSUAN_PTH_CFLAGS and LIBASSUAN_PTH_LIBS
+dnl
+AC_DEFUN([AM_PATH_LIBASSUAN_PTH],
+[ _AM_PATH_LIBASSUAN_COMMON($1,pth)
+ if test $ok = yes; then
+ LIBASSUAN_PTH_CFLAGS=`$LIBASSUAN_CONFIG $libassuan_config_args --thread=pth --cflags`
+ LIBASSUAN_PTH_LIBS=`$LIBASSUAN_CONFIG $libassuan_config_args --thread=pth --libs`
+ ifelse([$2], , :, [$2])
+ else
+ LIBASSUAN_PTH_CFLAGS=""
+ LIBASSUAN_PTH_LIBS=""
+ ifelse([$3], , :, [$3])
+ fi
+ AC_SUBST(LIBASSUAN_PTH_CFLAGS)
+ AC_SUBST(LIBASSUAN_PTH_LIBS)
+])
+
+
+dnl AM_PATH_LIBASSUAN_PTHREAD([MINIMUM-VERSION,
+dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
+dnl Test for libassuan and define LIBASSUAN_PTHREAD_CFLAGS
+dnl and LIBASSUAN_PTHREAD_LIBS
+dnl
+AC_DEFUN([AM_PATH_LIBASSUAN_PTHREAD],
+[ _AM_PATH_LIBASSUAN_COMMON($1,pthread)
+ if test $ok = yes; then
+ LIBASSUAN_PTHREAD_CFLAGS=`$LIBASSUAN_CONFIG $libassuan_config_args --thread=pthread --cflags`
+ LIBASSUAN_PTHREAD_LIBS=`$LIBASSUAN_CONFIG $libassuan_config_args --thread=pthread --libs`
+ ifelse([$2], , :, [$2])
+ else
+ LIBASSUAN_PTHREAD_CFLAGS=""
+ LIBASSUAN_PTHREAD_LIBS=""
+ ifelse([$3], , :, [$3])
+ fi
+ AC_SUBST(LIBASSUAN_PTHREAD_CFLAGS)
+ AC_SUBST(LIBASSUAN_PTHREAD_LIBS)
+])
+
diff --git a/m4/libcurl.m4 b/m4/libcurl.m4
new file mode 100644
index 0000000..7d1dbd3
--- /dev/null
+++ b/m4/libcurl.m4
@@ -0,0 +1,239 @@
+# LIBCURL_CHECK_CONFIG ([DEFAULT-ACTION], [MINIMUM-VERSION],
+# [ACTION-IF-YES], [ACTION-IF-NO])
+# ----------------------------------------------------------
+# David Shaw <dshaw@jabberwocky.com> May-09-2006
+#
+# Checks for libcurl. DEFAULT-ACTION is the string yes or no to
+# specify whether to default to --with-libcurl or --without-libcurl.
+# If not supplied, DEFAULT-ACTION is yes. MINIMUM-VERSION is the
+# minimum version of libcurl to accept. Pass the version as a regular
+# version number like 7.10.1. If not supplied, any version is
+# accepted. ACTION-IF-YES is a list of shell commands to run if
+# libcurl was successfully found and passed the various tests.
+# ACTION-IF-NO is a list of shell commands that are run otherwise.
+# Note that using --without-libcurl does run ACTION-IF-NO.
+#
+# This macro #defines HAVE_LIBCURL if a working libcurl setup is
+# found, and sets @LIBCURL@ and @LIBCURL_CPPFLAGS@ to the necessary
+# values. Other useful defines are LIBCURL_FEATURE_xxx where xxx are
+# the various features supported by libcurl, and LIBCURL_PROTOCOL_yyy
+# where yyy are the various protocols supported by libcurl. Both xxx
+# and yyy are capitalized. See the list of AH_TEMPLATEs at the top of
+# the macro for the complete list of possible defines. Shell
+# variables $libcurl_feature_xxx and $libcurl_protocol_yyy are also
+# defined to 'yes' for those features and protocols that were found.
+# Note that xxx and yyy keep the same capitalization as in the
+# curl-config list (e.g. it's "HTTP" and not "http").
+#
+# Users may override the detected values by doing something like:
+# LIBCURL="-lcurl" LIBCURL_CPPFLAGS="-I/usr/myinclude" ./configure
+#
+# For the sake of sanity, this macro assumes that any libcurl that is
+# found is after version 7.7.2, the first version that included the
+# curl-config script. Note that it is very important for people
+# packaging binary versions of libcurl to include this script!
+# Without curl-config, we can only guess what protocols are available,
+# or use curl_version_info to figure it out at runtime.
+
+AC_DEFUN([LIBCURL_CHECK_CONFIG],
+[
+ AH_TEMPLATE([LIBCURL_FEATURE_SSL],[Defined if libcurl supports SSL])
+ AH_TEMPLATE([LIBCURL_FEATURE_KRB4],[Defined if libcurl supports KRB4])
+ AH_TEMPLATE([LIBCURL_FEATURE_IPV6],[Defined if libcurl supports IPv6])
+ AH_TEMPLATE([LIBCURL_FEATURE_LIBZ],[Defined if libcurl supports libz])
+ AH_TEMPLATE([LIBCURL_FEATURE_ASYNCHDNS],[Defined if libcurl supports AsynchDNS])
+ AH_TEMPLATE([LIBCURL_FEATURE_IDN],[Defined if libcurl supports IDN])
+ AH_TEMPLATE([LIBCURL_FEATURE_SSPI],[Defined if libcurl supports SSPI])
+ AH_TEMPLATE([LIBCURL_FEATURE_NTLM],[Defined if libcurl supports NTLM])
+
+ AH_TEMPLATE([LIBCURL_PROTOCOL_HTTP],[Defined if libcurl supports HTTP])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_HTTPS],[Defined if libcurl supports HTTPS])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_FTP],[Defined if libcurl supports FTP])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_FTPS],[Defined if libcurl supports FTPS])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_FILE],[Defined if libcurl supports FILE])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_TELNET],[Defined if libcurl supports TELNET])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_LDAP],[Defined if libcurl supports LDAP])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_DICT],[Defined if libcurl supports DICT])
+ AH_TEMPLATE([LIBCURL_PROTOCOL_TFTP],[Defined if libcurl supports TFTP])
+
+ AC_ARG_WITH(libcurl,
+ AC_HELP_STRING([--with-libcurl=DIR],[look for the curl library in DIR]),
+ [_libcurl_with=$withval],[_libcurl_with=m4_if([$1],,[yes],[$1])])
+
+ if test "$_libcurl_with" != "no" ; then
+
+ AC_PROG_AWK
+
+ _libcurl_version_parse="eval $AWK '{split(\$NF,A,\".\"); X=256*256*A[[1]]+256*A[[2]]+A[[3]]; print X;}'"
+
+ _libcurl_try_link=yes
+
+ if test -d "$_libcurl_with" ; then
+ LIBCURL_CPPFLAGS="-I$withval/include"
+ _libcurl_ldflags="-L$withval/lib"
+ AC_PATH_PROG([_libcurl_config],["$withval/bin/curl-config"])
+ else
+ AC_PATH_PROG([_libcurl_config],[curl-config])
+ fi
+
+ if test x$_libcurl_config != "x" ; then
+ AC_CACHE_CHECK([for the version of libcurl],
+ [libcurl_cv_lib_curl_version],
+ [libcurl_cv_lib_curl_version=`$_libcurl_config --version | $AWK '{print $[]2}'`])
+
+ _libcurl_version=`echo $libcurl_cv_lib_curl_version | $_libcurl_version_parse`
+ _libcurl_wanted=`echo m4_if([$2],,[0],[$2]) | $_libcurl_version_parse`
+
+ if test $_libcurl_wanted -gt 0 ; then
+ AC_CACHE_CHECK([for libcurl >= version $2],
+ [libcurl_cv_lib_version_ok],
+ [
+ if test $_libcurl_version -ge $_libcurl_wanted ; then
+ libcurl_cv_lib_version_ok=yes
+ else
+ libcurl_cv_lib_version_ok=no
+ fi
+ ])
+ fi
+
+ if test $_libcurl_wanted -eq 0 || test x$libcurl_cv_lib_version_ok = xyes ; then
+ if test x"$LIBCURL_CPPFLAGS" = "x" ; then
+ LIBCURL_CPPFLAGS=`$_libcurl_config --cflags`
+ fi
+ if test x"$LIBCURL" = "x" ; then
+ LIBCURL=`$_libcurl_config --libs`
+
+ # This is so silly, but Apple actually has a bug in their
+ # curl-config script. Fixed in Tiger, but there are still
+ # lots of Panther installs around.
+ case "${host}" in
+ powerpc-apple-darwin7*)
+ LIBCURL=`echo $LIBCURL | sed -e 's|-arch i386||g'`
+ ;;
+ esac
+ fi
+
+ # All curl-config scripts support --feature
+ _libcurl_features=`$_libcurl_config --feature`
+
+ # Is it modern enough to have --protocols? (7.12.4)
+ if test $_libcurl_version -ge 461828 ; then
+ _libcurl_protocols=`$_libcurl_config --protocols`
+ fi
+ else
+ _libcurl_try_link=no
+ fi
+
+ unset _libcurl_wanted
+ fi
+
+ if test $_libcurl_try_link = yes ; then
+
+ # we didn't find curl-config, so let's see if the user-supplied
+ # link line (or failing that, "-lcurl") is enough.
+ LIBCURL=${LIBCURL-"$_libcurl_ldflags -lcurl"}
+
+ AC_CACHE_CHECK([whether libcurl is usable],
+ [libcurl_cv_lib_curl_usable],
+ [
+ _libcurl_save_cppflags=$CPPFLAGS
+ CPPFLAGS="$LIBCURL_CPPFLAGS $CPPFLAGS"
+ _libcurl_save_libs=$LIBS
+ LIBS="$LIBCURL $LIBS"
+
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <curl/curl.h>]],[[
+/* Try and use a few common options to force a failure if we are
+ missing symbols or cannot link. */
+int x;
+curl_easy_setopt(NULL,CURLOPT_URL,NULL);
+x=CURL_ERROR_SIZE;
+x=CURLOPT_WRITEFUNCTION;
+x=CURLOPT_FILE;
+x=CURLOPT_ERRORBUFFER;
+x=CURLOPT_STDERR;
+x=CURLOPT_VERBOSE;
+]])],[libcurl_cv_lib_curl_usable=yes],[libcurl_cv_lib_curl_usable=no])
+
+ CPPFLAGS=$_libcurl_save_cppflags
+ LIBS=$_libcurl_save_libs
+ unset _libcurl_save_cppflags
+ unset _libcurl_save_libs
+ ])
+
+ if test $libcurl_cv_lib_curl_usable = yes ; then
+
+ # Does curl_free() exist in this version of libcurl?
+ # If not, fake it with free()
+
+ _libcurl_save_cppflags=$CPPFLAGS
+ CPPFLAGS="$CPPFLAGS $LIBCURL_CPPFLAGS"
+ _libcurl_save_libs=$LIBS
+ LIBS="$LIBS $LIBCURL"
+
+ AC_CHECK_FUNC(curl_free,,
+ AC_DEFINE(curl_free,free,
+ [Define curl_free() as free() if our version of curl lacks curl_free.]))
+
+ CPPFLAGS=$_libcurl_save_cppflags
+ LIBS=$_libcurl_save_libs
+ unset _libcurl_save_cppflags
+ unset _libcurl_save_libs
+
+ AC_DEFINE(HAVE_LIBCURL,1,
+ [Define to 1 if you have a functional curl library.])
+ AC_SUBST(LIBCURL_CPPFLAGS)
+ AC_SUBST(LIBCURL)
+
+ for _libcurl_feature in $_libcurl_features ; do
+ AC_DEFINE_UNQUOTED(AS_TR_CPP(libcurl_feature_$_libcurl_feature),[1])
+ eval AS_TR_SH(libcurl_feature_$_libcurl_feature)=yes
+ done
+
+ if test "x$_libcurl_protocols" = "x" ; then
+
+ # We don't have --protocols, so just assume that all
+ # protocols are available
+ _libcurl_protocols="HTTP FTP FILE TELNET LDAP DICT"
+
+ if test x$libcurl_feature_SSL = xyes ; then
+ _libcurl_protocols="$_libcurl_protocols HTTPS"
+
+ # FTPS wasn't standards-compliant until version
+ # 7.11.0
+ if test $_libcurl_version -ge 461568; then
+ _libcurl_protocols="$_libcurl_protocols FTPS"
+ fi
+ fi
+ fi
+
+ for _libcurl_protocol in $_libcurl_protocols ; do
+ AC_DEFINE_UNQUOTED(AS_TR_CPP(libcurl_protocol_$_libcurl_protocol),[1])
+ eval AS_TR_SH(libcurl_protocol_$_libcurl_protocol)=yes
+ done
+ else
+ unset LIBCURL
+ unset LIBCURL_CPPFLAGS
+ fi
+ fi
+
+ unset _libcurl_try_link
+ unset _libcurl_version_parse
+ unset _libcurl_config
+ unset _libcurl_feature
+ unset _libcurl_features
+ unset _libcurl_protocol
+ unset _libcurl_protocols
+ unset _libcurl_version
+ unset _libcurl_ldflags
+ fi
+
+ if test x$_libcurl_with = xno || test x$libcurl_cv_lib_curl_usable != xyes ; then
+ # This is the IF-NO path
+ m4_if([$4],,:,[$4])
+ else
+ # This is the IF-YES path
+ m4_if([$3],,:,[$3])
+ fi
+
+ unset _libcurl_with
+])dnl
diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4
new file mode 100644
index 0000000..854eaaa
--- /dev/null
+++ b/m4/libgcrypt.m4
@@ -0,0 +1,108 @@
+dnl Autoconf macros for libgcrypt
+dnl Copyright (C) 2002, 2004 Free Software Foundation, Inc.
+dnl
+dnl This file is free software; as a special exception the author gives
+dnl unlimited permission to copy and/or distribute it, with or without
+dnl modifications, as long as this notice is preserved.
+dnl
+dnl This file is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+
+dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
+dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
+dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS.
+dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
+dnl with the API version to also check the API compatibility. Example:
+dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed
+dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
+dnl this features allows to prevent build against newer versions of libgcrypt
+dnl with a changed API.
+dnl
+AC_DEFUN([AM_PATH_LIBGCRYPT],
+[ AC_ARG_WITH(libgcrypt-prefix,
+ AC_HELP_STRING([--with-libgcrypt-prefix=PFX],
+ [prefix where LIBGCRYPT is installed (optional)]),
+ libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
+ if test x$libgcrypt_config_prefix != x ; then
+ if test x${LIBGCRYPT_CONFIG+set} != xset ; then
+ LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
+ fi
+ fi
+
+ AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
+ tmp=ifelse([$1], ,1:1.2.0,$1)
+ if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
+ req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
+ min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
+ else
+ req_libgcrypt_api=0
+ min_libgcrypt_version="$tmp"
+ fi
+
+ AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version)
+ ok=no
+ if test "$LIBGCRYPT_CONFIG" != "no" ; then
+ req_major=`echo $min_libgcrypt_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
+ req_minor=`echo $min_libgcrypt_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
+ req_micro=`echo $min_libgcrypt_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
+ libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
+ major=`echo $libgcrypt_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
+ minor=`echo $libgcrypt_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
+ micro=`echo $libgcrypt_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
+ if test "$major" -gt "$req_major"; then
+ ok=yes
+ else
+ if test "$major" -eq "$req_major"; then
+ if test "$minor" -gt "$req_minor"; then
+ ok=yes
+ else
+ if test "$minor" -eq "$req_minor"; then
+ if test "$micro" -ge "$req_micro"; then
+ ok=yes
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ AC_MSG_RESULT([yes ($libgcrypt_config_version)])
+ else
+ AC_MSG_RESULT(no)
+ fi
+ if test $ok = yes; then
+ # If we have a recent libgcrypt, we should also check that the
+ # API is compatible
+ if test "$req_libgcrypt_api" -gt 0 ; then
+ tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
+ if test "$tmp" -gt 0 ; then
+ AC_MSG_CHECKING([LIBGCRYPT API version])
+ if test "$req_libgcrypt_api" -eq "$tmp" ; then
+ AC_MSG_RESULT([okay])
+ else
+ ok=no
+ AC_MSG_RESULT([does not match. want=$req_libgcrypt_api got=$tmp])
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
+ LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
+ ifelse([$2], , :, [$2])
+ else
+ LIBGCRYPT_CFLAGS=""
+ LIBGCRYPT_LIBS=""
+ ifelse([$3], , :, [$3])
+ fi
+ AC_SUBST(LIBGCRYPT_CFLAGS)
+ AC_SUBST(LIBGCRYPT_LIBS)
+])
diff --git a/m4/libusb.m4 b/m4/libusb.m4
new file mode 100644
index 0000000..809dc1d
--- /dev/null
+++ b/m4/libusb.m4
@@ -0,0 +1,69 @@
+dnl Check for libusb
+dnl Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+dnl
+dnl This file is free software, distributed under the terms of the GNU
+dnl General Public License. As a special exception to the GNU General
+dnl Public License, this file may be distributed as part of a program
+dnl that contains a configuration script generated by Autoconf, under
+dnl the same distribution terms as the rest of that program.
+dnl
+dnl Defines HAVE_LIBUSB to 1 if a working libusb setup is found, and sets
+dnl @LIBUSB@ to the necessary libraries. HAVE_USB_GET_BUSSES is set if
+dnl usb_get_busses() exists.
+
+AC_DEFUN([GNUPG_CHECK_LIBUSB],
+[
+ AC_ARG_WITH(libusb,
+ AC_HELP_STRING([--with-libusb=DIR],
+ [look for the libusb library in DIR]),
+ [_do_libusb=$withval],[_do_libusb=yes])
+
+ if test "$_do_libusb" != "no" ; then
+ if test -d "$withval" ; then
+ CPPFLAGS="${CPPFLAGS} -I$withval/include"
+ LDFLAGS="${LDFLAGS} -L$withval/lib"
+ AC_PATH_PROG([_usb_config],["$_do_libusb/bin/libusb-config"])
+ else
+ AC_PATH_PROG([_usb_config],[libusb-config])
+ fi
+
+ _libusb_save_libs=$LIBS
+ _libusb_save_cflags=$CFLAGS
+
+ if test x$_usb_config != "x" ; then
+ _libusb_try_libs=`$LIBS $_usb_config --libs`
+ _libusb_try_cflags=`$LIBS $_usb_config --cflags`
+ else
+ _libusb_try_libs="-lusb"
+ _libusb_try_cflags=""
+ fi
+
+ LIBS="$LIBS $_libusb_try_libs"
+ CFLAGS="$CFLAGS $_libusb_try_cflags"
+
+ AC_MSG_CHECKING([whether libusb is present and sane])
+
+ AC_LINK_IFELSE(AC_LANG_PROGRAM([#include <usb.h>],[
+usb_bulk_write(NULL,0,NULL,0,0);
+]),_found_libusb=yes,_found_libusb=no)
+
+ AC_MSG_RESULT([$_found_libusb])
+
+ if test $_found_libusb = yes ; then
+ AC_DEFINE(HAVE_LIBUSB,1,
+ [Define to 1 if you have a fully functional libusb library.])
+ AC_SUBST(LIBUSB_CPPFLAGS,$_libusb_try_cflags)
+ AC_SUBST(LIBUSB,$_libusb_try_libs)
+ AC_CHECK_FUNCS(usb_get_busses)
+ fi
+
+ LIBS=$_libusb_save_libs
+ CFLAGS=$_libusb_save_cflags
+
+ unset _libusb_save_libs
+ unset _libusb_save_cflags
+ unset _libusb_try_libs
+ unset _libusb_try_cflags
+ unset _found_libusb
+ fi
+])dnl
diff --git a/m4/lock.m4 b/m4/lock.m4
new file mode 100644
index 0000000..0224f2f
--- /dev/null
+++ b/m4/lock.m4
@@ -0,0 +1,311 @@
+# lock.m4 serial 6 (gettext-0.16)
+dnl Copyright (C) 2005-2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+dnl Tests for a multithreading library to be used.
+dnl Defines at most one of the macros USE_POSIX_THREADS, USE_SOLARIS_THREADS,
+dnl USE_PTH_THREADS, USE_WIN32_THREADS
+dnl Sets the variables LIBTHREAD and LTLIBTHREAD to the linker options for use
+dnl in a Makefile (LIBTHREAD for use without libtool, LTLIBTHREAD for use with
+dnl libtool).
+dnl Sets the variables LIBMULTITHREAD and LTLIBMULTITHREAD similarly, for
+dnl programs that really need multithread functionality. The difference
+dnl between LIBTHREAD and LIBMULTITHREAD is that on platforms supporting weak
+dnl symbols, typically LIBTHREAD="" whereas LIBMULTITHREAD="-lpthread".
+dnl Adds to CPPFLAGS the flag -D_REENTRANT or -D_THREAD_SAFE if needed for
+dnl multithread-safe programs.
+
+AC_DEFUN([gl_LOCK_EARLY],
+[
+ AC_REQUIRE([gl_LOCK_EARLY_BODY])
+])
+
+dnl The guts of gl_LOCK_EARLY. Needs to be expanded only once.
+
+AC_DEFUN([gl_LOCK_EARLY_BODY],
+[
+ dnl Ordering constraints: This macro modifies CPPFLAGS in a way that
+ dnl influences the result of the autoconf tests that test for *_unlocked
+ dnl declarations, on AIX 5 at least. Therefore it must come early.
+ AC_BEFORE([$0], [gl_FUNC_GLIBC_UNLOCKED_IO])dnl
+ AC_BEFORE([$0], [gl_ARGP])dnl
+
+ AC_REQUIRE([AC_CANONICAL_HOST])
+ AC_REQUIRE([AC_GNU_SOURCE]) dnl needed for pthread_rwlock_t on glibc systems
+ dnl Check for multithreading.
+ AC_ARG_ENABLE(threads,
+AC_HELP_STRING([--enable-threads={posix|solaris|pth|win32}], [specify multithreading API])
+AC_HELP_STRING([--disable-threads], [build without multithread safety]),
+ [gl_use_threads=$enableval],
+ [case "$host_os" in
+ dnl Disable multithreading by default on OSF/1, because it interferes
+ dnl with fork()/exec(): When msgexec is linked with -lpthread, its child
+ dnl process gets an endless segmentation fault inside execvp().
+ osf*) gl_use_threads=no ;;
+ *) gl_use_threads=yes ;;
+ esac
+ ])
+ if test "$gl_use_threads" = yes || test "$gl_use_threads" = posix; then
+ # For using <pthread.h>:
+ case "$host_os" in
+ osf*)
+ # On OSF/1, the compiler needs the flag -D_REENTRANT so that it
+ # groks <pthread.h>. cc also understands the flag -pthread, but
+ # we don't use it because 1. gcc-2.95 doesn't understand -pthread,
+ # 2. putting a flag into CPPFLAGS that has an effect on the linker
+ # causes the AC_TRY_LINK test below to succeed unexpectedly,
+ # leading to wrong values of LIBTHREAD and LTLIBTHREAD.
+ CPPFLAGS="$CPPFLAGS -D_REENTRANT"
+ ;;
+ esac
+ # Some systems optimize for single-threaded programs by default, and
+ # need special flags to disable these optimizations. For example, the
+ # definition of 'errno' in <errno.h>.
+ case "$host_os" in
+ aix* | freebsd*) CPPFLAGS="$CPPFLAGS -D_THREAD_SAFE" ;;
+ solaris*) CPPFLAGS="$CPPFLAGS -D_REENTRANT" ;;
+ esac
+ fi
+])
+
+dnl The guts of gl_LOCK. Needs to be expanded only once.
+
+AC_DEFUN([gl_LOCK_BODY],
+[
+ AC_REQUIRE([gl_LOCK_EARLY_BODY])
+ gl_threads_api=none
+ LIBTHREAD=
+ LTLIBTHREAD=
+ LIBMULTITHREAD=
+ LTLIBMULTITHREAD=
+ if test "$gl_use_threads" != no; then
+ dnl Check whether the compiler and linker support weak declarations.
+ AC_MSG_CHECKING([whether imported symbols can be declared weak])
+ gl_have_weak=no
+ AC_TRY_LINK([extern void xyzzy ();
+#pragma weak xyzzy], [xyzzy();], [gl_have_weak=yes])
+ AC_MSG_RESULT([$gl_have_weak])
+ if test "$gl_use_threads" = yes || test "$gl_use_threads" = posix; then
+ # On OSF/1, the compiler needs the flag -pthread or -D_REENTRANT so that
+ # it groks <pthread.h>. It's added above, in gl_LOCK_EARLY_BODY.
+ AC_CHECK_HEADER(pthread.h, gl_have_pthread_h=yes, gl_have_pthread_h=no)
+ if test "$gl_have_pthread_h" = yes; then
+ # Other possible tests:
+ # -lpthreads (FSU threads, PCthreads)
+ # -lgthreads
+ gl_have_pthread=
+ # Test whether both pthread_mutex_lock and pthread_mutexattr_init exist
+ # in libc. IRIX 6.5 has the first one in both libc and libpthread, but
+ # the second one only in libpthread, and lock.c needs it.
+ AC_TRY_LINK([#include <pthread.h>],
+ [pthread_mutex_lock((pthread_mutex_t*)0);
+ pthread_mutexattr_init((pthread_mutexattr_t*)0);],
+ [gl_have_pthread=yes])
+ # Test for libpthread by looking for pthread_kill. (Not pthread_self,
+ # since it is defined as a macro on OSF/1.)
+ if test -n "$gl_have_pthread"; then
+ # The program links fine without libpthread. But it may actually
+ # need to link with libpthread in order to create multiple threads.
+ AC_CHECK_LIB(pthread, pthread_kill,
+ [LIBMULTITHREAD=-lpthread LTLIBMULTITHREAD=-lpthread
+ # On Solaris and HP-UX, most pthread functions exist also in libc.
+ # Therefore pthread_in_use() needs to actually try to create a
+ # thread: pthread_create from libc will fail, whereas
+ # pthread_create will actually create a thread.
+ case "$host_os" in
+ solaris* | hpux*)
+ AC_DEFINE([PTHREAD_IN_USE_DETECTION_HARD], 1,
+ [Define if the pthread_in_use() detection is hard.])
+ esac
+ ])
+ else
+ # Some library is needed. Try libpthread and libc_r.
+ AC_CHECK_LIB(pthread, pthread_kill,
+ [gl_have_pthread=yes
+ LIBTHREAD=-lpthread LTLIBTHREAD=-lpthread
+ LIBMULTITHREAD=-lpthread LTLIBMULTITHREAD=-lpthread])
+ if test -z "$gl_have_pthread"; then
+ # For FreeBSD 4.
+ AC_CHECK_LIB(c_r, pthread_kill,
+ [gl_have_pthread=yes
+ LIBTHREAD=-lc_r LTLIBTHREAD=-lc_r
+ LIBMULTITHREAD=-lc_r LTLIBMULTITHREAD=-lc_r])
+ fi
+ fi
+ if test -n "$gl_have_pthread"; then
+ gl_threads_api=posix
+ AC_DEFINE([USE_POSIX_THREADS], 1,
+ [Define if the POSIX multithreading library can be used.])
+ if test -n "$LIBMULTITHREAD" || test -n "$LTLIBMULTITHREAD"; then
+ if test $gl_have_weak = yes; then
+ AC_DEFINE([USE_POSIX_THREADS_WEAK], 1,
+ [Define if references to the POSIX multithreading library should be made weak.])
+ LIBTHREAD=
+ LTLIBTHREAD=
+ fi
+ fi
+ # OSF/1 4.0 and MacOS X 10.1 lack the pthread_rwlock_t type and the
+ # pthread_rwlock_* functions.
+ AC_CHECK_TYPE([pthread_rwlock_t],
+ [AC_DEFINE([HAVE_PTHREAD_RWLOCK], 1,
+ [Define if the POSIX multithreading library has read/write locks.])],
+ [],
+ [#include <pthread.h>])
+ # glibc defines PTHREAD_MUTEX_RECURSIVE as enum, not as a macro.
+ AC_TRY_COMPILE([#include <pthread.h>],
+ [#if __FreeBSD__ == 4
+error "No, in FreeBSD 4.0 recursive mutexes actually don't work."
+#else
+int x = (int)PTHREAD_MUTEX_RECURSIVE;
+return !x;
+#endif],
+ [AC_DEFINE([HAVE_PTHREAD_MUTEX_RECURSIVE], 1,
+ [Define if the <pthread.h> defines PTHREAD_MUTEX_RECURSIVE.])])
+ fi
+ fi
+ fi
+ if test -z "$gl_have_pthread"; then
+ if test "$gl_use_threads" = yes || test "$gl_use_threads" = solaris; then
+ gl_have_solaristhread=
+ gl_save_LIBS="$LIBS"
+ LIBS="$LIBS -lthread"
+ AC_TRY_LINK([#include <thread.h>
+#include <synch.h>],
+ [thr_self();],
+ [gl_have_solaristhread=yes])
+ LIBS="$gl_save_LIBS"
+ if test -n "$gl_have_solaristhread"; then
+ gl_threads_api=solaris
+ LIBTHREAD=-lthread
+ LTLIBTHREAD=-lthread
+ LIBMULTITHREAD="$LIBTHREAD"
+ LTLIBMULTITHREAD="$LTLIBTHREAD"
+ AC_DEFINE([USE_SOLARIS_THREADS], 1,
+ [Define if the old Solaris multithreading library can be used.])
+ if test $gl_have_weak = yes; then
+ AC_DEFINE([USE_SOLARIS_THREADS_WEAK], 1,
+ [Define if references to the old Solaris multithreading library should be made weak.])
+ LIBTHREAD=
+ LTLIBTHREAD=
+ fi
+ fi
+ fi
+ fi
+ if test "$gl_use_threads" = pth; then
+ gl_save_CPPFLAGS="$CPPFLAGS"
+ AC_LIB_LINKFLAGS(pth)
+ gl_have_pth=
+ gl_save_LIBS="$LIBS"
+ LIBS="$LIBS -lpth"
+ AC_TRY_LINK([#include <pth.h>], [pth_self();], gl_have_pth=yes)
+ LIBS="$gl_save_LIBS"
+ if test -n "$gl_have_pth"; then
+ gl_threads_api=pth
+ LIBTHREAD="$LIBPTH"
+ LTLIBTHREAD="$LTLIBPTH"
+ LIBMULTITHREAD="$LIBTHREAD"
+ LTLIBMULTITHREAD="$LTLIBTHREAD"
+ AC_DEFINE([USE_PTH_THREADS], 1,
+ [Define if the GNU Pth multithreading library can be used.])
+ if test -n "$LIBMULTITHREAD" || test -n "$LTLIBMULTITHREAD"; then
+ if test $gl_have_weak = yes; then
+ AC_DEFINE([USE_PTH_THREADS_WEAK], 1,
+ [Define if references to the GNU Pth multithreading library should be made weak.])
+ LIBTHREAD=
+ LTLIBTHREAD=
+ fi
+ fi
+ else
+ CPPFLAGS="$gl_save_CPPFLAGS"
+ fi
+ fi
+ if test -z "$gl_have_pthread"; then
+ if test "$gl_use_threads" = yes || test "$gl_use_threads" = win32; then
+ if { case "$host_os" in
+ mingw*) true;;
+ *) false;;
+ esac
+ }; then
+ gl_threads_api=win32
+ AC_DEFINE([USE_WIN32_THREADS], 1,
+ [Define if the Win32 multithreading API can be used.])
+ fi
+ fi
+ fi
+ fi
+ AC_MSG_CHECKING([for multithread API to use])
+ AC_MSG_RESULT([$gl_threads_api])
+ AC_SUBST(LIBTHREAD)
+ AC_SUBST(LTLIBTHREAD)
+ AC_SUBST(LIBMULTITHREAD)
+ AC_SUBST(LTLIBMULTITHREAD)
+])
+
+AC_DEFUN([gl_LOCK],
+[
+ AC_REQUIRE([gl_LOCK_EARLY])
+ AC_REQUIRE([gl_LOCK_BODY])
+ gl_PREREQ_LOCK
+])
+
+# Prerequisites of lib/lock.c.
+AC_DEFUN([gl_PREREQ_LOCK], [
+ AC_REQUIRE([AC_C_INLINE])
+])
+
+dnl Survey of platforms:
+dnl
+dnl Platform Available Compiler Supports test-lock
+dnl flavours option weak result
+dnl --------------- --------- --------- -------- ---------
+dnl Linux 2.4/glibc posix -lpthread Y OK
+dnl
+dnl GNU Hurd/glibc posix
+dnl
+dnl FreeBSD 5.3 posix -lc_r Y
+dnl posix -lkse ? Y
+dnl posix -lpthread ? Y
+dnl posix -lthr Y
+dnl
+dnl FreeBSD 5.2 posix -lc_r Y
+dnl posix -lkse Y
+dnl posix -lthr Y
+dnl
+dnl FreeBSD 4.0,4.10 posix -lc_r Y OK
+dnl
+dnl NetBSD 1.6 --
+dnl
+dnl OpenBSD 3.4 posix -lpthread Y OK
+dnl
+dnl MacOS X 10.[123] posix -lpthread Y OK
+dnl
+dnl Solaris 7,8,9 posix -lpthread Y Sol 7,8: 0.0; Sol 9: OK
+dnl solaris -lthread Y Sol 7,8: 0.0; Sol 9: OK
+dnl
+dnl HP-UX 11 posix -lpthread N (cc) OK
+dnl Y (gcc)
+dnl
+dnl IRIX 6.5 posix -lpthread Y 0.5
+dnl
+dnl AIX 4.3,5.1 posix -lpthread N AIX 4: 0.5; AIX 5: OK
+dnl
+dnl OSF/1 4.0,5.1 posix -pthread (cc) N OK
+dnl -lpthread (gcc) Y
+dnl
+dnl Cygwin posix -lpthread Y OK
+dnl
+dnl Any of the above pth -lpth 0.0
+dnl
+dnl Mingw win32 N OK
+dnl
+dnl BeOS 5 --
+dnl
+dnl The test-lock result shows what happens if in test-lock.c EXPLICIT_YIELD is
+dnl turned off:
+dnl OK if all three tests terminate OK,
+dnl 0.5 if the first test terminates OK but the second one loops endlessly,
+dnl 0.0 if the first test already loops endlessly.
diff --git a/m4/longdouble.m4 b/m4/longdouble.m4
new file mode 100644
index 0000000..25590f4
--- /dev/null
+++ b/m4/longdouble.m4
@@ -0,0 +1,31 @@
+# longdouble.m4 serial 2 (gettext-0.15)
+dnl Copyright (C) 2002-2003, 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+dnl Test whether the compiler supports the 'long double' type.
+dnl Prerequisite: AC_PROG_CC
+
+dnl This file is only needed in autoconf <= 2.59. Newer versions of autoconf
+dnl have a macro AC_TYPE_LONG_DOUBLE with identical semantics.
+
+AC_DEFUN([gt_TYPE_LONGDOUBLE],
+[
+ AC_CACHE_CHECK([for long double], gt_cv_c_long_double,
+ [if test "$GCC" = yes; then
+ gt_cv_c_long_double=yes
+ else
+ AC_TRY_COMPILE([
+ /* The Stardent Vistra knows sizeof(long double), but does not support it. */
+ long double foo = 0.0;
+ /* On Ultrix 4.3 cc, long double is 4 and double is 8. */
+ int array [2*(sizeof(long double) >= sizeof(double)) - 1];
+ ], ,
+ gt_cv_c_long_double=yes, gt_cv_c_long_double=no)
+ fi])
+ if test $gt_cv_c_long_double = yes; then
+ AC_DEFINE(HAVE_LONG_DOUBLE, 1, [Define if you have the 'long double' type.])
+ fi
+])
diff --git a/m4/nls.m4 b/m4/nls.m4
new file mode 100644
index 0000000..7967cc2
--- /dev/null
+++ b/m4/nls.m4
@@ -0,0 +1,31 @@
+# nls.m4 serial 3 (gettext-0.15)
+dnl Copyright (C) 1995-2003, 2005-2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+dnl Authors:
+dnl Ulrich Drepper <drepper@cygnus.com>, 1995-2000.
+dnl Bruno Haible <haible@clisp.cons.org>, 2000-2003.
+
+AC_PREREQ(2.50)
+
+AC_DEFUN([AM_NLS],
+[
+ AC_MSG_CHECKING([whether NLS is requested])
+ dnl Default is enabled NLS
+ AC_ARG_ENABLE(nls,
+ [ --disable-nls do not use Native Language Support],
+ USE_NLS=$enableval, USE_NLS=yes)
+ AC_MSG_RESULT($USE_NLS)
+ AC_SUBST(USE_NLS)
+])
diff --git a/m4/po.m4 b/m4/po.m4
new file mode 100644
index 0000000..0734762
--- /dev/null
+++ b/m4/po.m4
@@ -0,0 +1,449 @@
+# po.m4 serial 15 (gettext-0.17)
+dnl Copyright (C) 1995-2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+dnl Authors:
+dnl Ulrich Drepper <drepper@cygnus.com>, 1995-2000.
+dnl Bruno Haible <haible@clisp.cons.org>, 2000-2003.
+
+AC_PREREQ(2.50)
+
+dnl Checks for all prerequisites of the po subdirectory.
+AC_DEFUN([AM_PO_SUBDIRS],
+[
+ AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+ AC_REQUIRE([AC_PROG_INSTALL])dnl
+ AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake
+ AC_REQUIRE([AM_NLS])dnl
+
+ dnl Release version of the gettext macros. This is used to ensure that
+ dnl the gettext macros and po/Makefile.in.in are in sync.
+ AC_SUBST([GETTEXT_MACRO_VERSION], [0.17])
+
+ dnl Perform the following tests also if --disable-nls has been given,
+ dnl because they are needed for "make dist" to work.
+
+ dnl Search for GNU msgfmt in the PATH.
+ dnl The first test excludes Solaris msgfmt and early GNU msgfmt versions.
+ dnl The second test excludes FreeBSD msgfmt.
+ AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt,
+ [$ac_dir/$ac_word --statistics /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 &&
+ (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)],
+ :)
+ AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT)
+
+ dnl Test whether it is GNU msgfmt >= 0.15.
+changequote(,)dnl
+ case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;;
+ *) MSGFMT_015=$MSGFMT ;;
+ esac
+changequote([,])dnl
+ AC_SUBST([MSGFMT_015])
+changequote(,)dnl
+ case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;;
+ *) GMSGFMT_015=$GMSGFMT ;;
+ esac
+changequote([,])dnl
+ AC_SUBST([GMSGFMT_015])
+
+ dnl Search for GNU xgettext 0.12 or newer in the PATH.
+ dnl The first test excludes Solaris xgettext and early GNU xgettext versions.
+ dnl The second test excludes FreeBSD xgettext.
+ AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext,
+ [$ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 &&
+ (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)],
+ :)
+ dnl Remove leftover from FreeBSD xgettext call.
+ rm -f messages.po
+
+ dnl Test whether it is GNU xgettext >= 0.15.
+changequote(,)dnl
+ case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;;
+ *) XGETTEXT_015=$XGETTEXT ;;
+ esac
+changequote([,])dnl
+ AC_SUBST([XGETTEXT_015])
+
+ dnl Search for GNU msgmerge 0.11 or newer in the PATH.
+ AM_PATH_PROG_WITH_TEST(MSGMERGE, msgmerge,
+ [$ac_dir/$ac_word --update -q /dev/null /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1], :)
+
+ dnl Installation directories.
+ dnl Autoconf >= 2.60 defines localedir. For older versions of autoconf, we
+ dnl have to define it here, so that it can be used in po/Makefile.
+ test -n "$localedir" || localedir='${datadir}/locale'
+ AC_SUBST([localedir])
+
+ dnl Support for AM_XGETTEXT_OPTION.
+ test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS=
+ AC_SUBST([XGETTEXT_EXTRA_OPTIONS])
+
+ AC_CONFIG_COMMANDS([po-directories], [[
+ for ac_file in $CONFIG_FILES; do
+ # Support "outfile[:infile[:infile...]]"
+ case "$ac_file" in
+ *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
+ esac
+ # PO directories have a Makefile.in generated from Makefile.in.in.
+ case "$ac_file" in */Makefile.in)
+ # Adjust a relative srcdir.
+ ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'`
+ ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`"
+ ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'`
+ # In autoconf-2.13 it is called $ac_given_srcdir.
+ # In autoconf-2.50 it is called $srcdir.
+ test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir"
+ case "$ac_given_srcdir" in
+ .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;;
+ /*) top_srcdir="$ac_given_srcdir" ;;
+ *) top_srcdir="$ac_dots$ac_given_srcdir" ;;
+ esac
+ # Treat a directory as a PO directory if and only if it has a
+ # POTFILES.in file. This allows packages to have multiple PO
+ # directories under different names or in different locations.
+ if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then
+ rm -f "$ac_dir/POTFILES"
+ test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES"
+ cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES"
+ POMAKEFILEDEPS="POTFILES.in"
+ # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend
+ # on $ac_dir but don't depend on user-specified configuration
+ # parameters.
+ if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then
+ # The LINGUAS file contains the set of available languages.
+ if test -n "$OBSOLETE_ALL_LINGUAS"; then
+ test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete"
+ fi
+ ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"`
+ # Hide the ALL_LINGUAS assigment from automake < 1.5.
+ eval 'ALL_LINGUAS''=$ALL_LINGUAS_'
+ POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS"
+ else
+ # The set of available languages was given in configure.in.
+ # Hide the ALL_LINGUAS assigment from automake < 1.5.
+ eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS'
+ fi
+ # Compute POFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po)
+ # Compute UPDATEPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update)
+ # Compute DUMMYPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop)
+ # Compute GMOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo)
+ case "$ac_given_srcdir" in
+ .) srcdirpre= ;;
+ *) srcdirpre='$(srcdir)/' ;;
+ esac
+ POFILES=
+ UPDATEPOFILES=
+ DUMMYPOFILES=
+ GMOFILES=
+ for lang in $ALL_LINGUAS; do
+ POFILES="$POFILES $srcdirpre$lang.po"
+ UPDATEPOFILES="$UPDATEPOFILES $lang.po-update"
+ DUMMYPOFILES="$DUMMYPOFILES $lang.nop"
+ GMOFILES="$GMOFILES $srcdirpre$lang.gmo"
+ done
+ # CATALOGS depends on both $ac_dir and the user's LINGUAS
+ # environment variable.
+ INST_LINGUAS=
+ if test -n "$ALL_LINGUAS"; then
+ for presentlang in $ALL_LINGUAS; do
+ useit=no
+ if test "%UNSET%" != "$LINGUAS"; then
+ desiredlanguages="$LINGUAS"
+ else
+ desiredlanguages="$ALL_LINGUAS"
+ fi
+ for desiredlang in $desiredlanguages; do
+ # Use the presentlang catalog if desiredlang is
+ # a. equal to presentlang, or
+ # b. a variant of presentlang (because in this case,
+ # presentlang can be used as a fallback for messages
+ # which are not translated in the desiredlang catalog).
+ case "$desiredlang" in
+ "$presentlang"*) useit=yes;;
+ esac
+ done
+ if test $useit = yes; then
+ INST_LINGUAS="$INST_LINGUAS $presentlang"
+ fi
+ done
+ fi
+ CATALOGS=
+ if test -n "$INST_LINGUAS"; then
+ for lang in $INST_LINGUAS; do
+ CATALOGS="$CATALOGS $lang.gmo"
+ done
+ fi
+ test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile"
+ sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile"
+ for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do
+ if test -f "$f"; then
+ case "$f" in
+ *.orig | *.bak | *~) ;;
+ *) cat "$f" >> "$ac_dir/Makefile" ;;
+ esac
+ fi
+ done
+ fi
+ ;;
+ esac
+ done]],
+ [# Capture the value of obsolete ALL_LINGUAS because we need it to compute
+ # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it
+ # from automake < 1.5.
+ eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"'
+ # Capture the value of LINGUAS because we need it to compute CATALOGS.
+ LINGUAS="${LINGUAS-%UNSET%}"
+ ])
+])
+
+dnl Postprocesses a Makefile in a directory containing PO files.
+AC_DEFUN([AM_POSTPROCESS_PO_MAKEFILE],
+[
+ # When this code is run, in config.status, two variables have already been
+ # set:
+ # - OBSOLETE_ALL_LINGUAS is the value of LINGUAS set in configure.in,
+ # - LINGUAS is the value of the environment variable LINGUAS at configure
+ # time.
+
+changequote(,)dnl
+ # Adjust a relative srcdir.
+ ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'`
+ ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`"
+ ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'`
+ # In autoconf-2.13 it is called $ac_given_srcdir.
+ # In autoconf-2.50 it is called $srcdir.
+ test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir"
+ case "$ac_given_srcdir" in
+ .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;;
+ /*) top_srcdir="$ac_given_srcdir" ;;
+ *) top_srcdir="$ac_dots$ac_given_srcdir" ;;
+ esac
+
+ # Find a way to echo strings without interpreting backslash.
+ if test "X`(echo '\t') 2>/dev/null`" = 'X\t'; then
+ gt_echo='echo'
+ else
+ if test "X`(printf '%s\n' '\t') 2>/dev/null`" = 'X\t'; then
+ gt_echo='printf %s\n'
+ else
+ echo_func () {
+ cat <<EOT
+$*
+EOT
+ }
+ gt_echo='echo_func'
+ fi
+ fi
+
+ # A sed script that extracts the value of VARIABLE from a Makefile.
+ sed_x_variable='
+# Test if the hold space is empty.
+x
+s/P/P/
+x
+ta
+# Yes it was empty. Look if we have the expected variable definition.
+/^[ ]*VARIABLE[ ]*=/{
+ # Seen the first line of the variable definition.
+ s/^[ ]*VARIABLE[ ]*=//
+ ba
+}
+bd
+:a
+# Here we are processing a line from the variable definition.
+# Remove comment, more precisely replace it with a space.
+s/#.*$/ /
+# See if the line ends in a backslash.
+tb
+:b
+s/\\$//
+# Print the line, without the trailing backslash.
+p
+tc
+# There was no trailing backslash. The end of the variable definition is
+# reached. Clear the hold space.
+s/^.*$//
+x
+bd
+:c
+# A trailing backslash means that the variable definition continues in the
+# next line. Put a nonempty string into the hold space to indicate this.
+s/^.*$/P/
+x
+:d
+'
+changequote([,])dnl
+
+ # Set POTFILES to the value of the Makefile variable POTFILES.
+ sed_x_POTFILES=`$gt_echo "$sed_x_variable" | sed -e '/^ *#/d' -e 's/VARIABLE/POTFILES/g'`
+ POTFILES=`sed -n -e "$sed_x_POTFILES" < "$ac_file"`
+ # Compute POTFILES_DEPS as
+ # $(foreach file, $(POTFILES), $(top_srcdir)/$(file))
+ POTFILES_DEPS=
+ for file in $POTFILES; do
+ POTFILES_DEPS="$POTFILES_DEPS "'$(top_srcdir)/'"$file"
+ done
+ POMAKEFILEDEPS=""
+
+ if test -n "$OBSOLETE_ALL_LINGUAS"; then
+ test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete"
+ fi
+ if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then
+ # The LINGUAS file contains the set of available languages.
+ ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"`
+ POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS"
+ else
+ # Set ALL_LINGUAS to the value of the Makefile variable LINGUAS.
+ sed_x_LINGUAS=`$gt_echo "$sed_x_variable" | sed -e '/^ *#/d' -e 's/VARIABLE/LINGUAS/g'`
+ ALL_LINGUAS_=`sed -n -e "$sed_x_LINGUAS" < "$ac_file"`
+ fi
+ # Hide the ALL_LINGUAS assigment from automake < 1.5.
+ eval 'ALL_LINGUAS''=$ALL_LINGUAS_'
+ # Compute POFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po)
+ # Compute UPDATEPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update)
+ # Compute DUMMYPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop)
+ # Compute GMOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo)
+ # Compute PROPERTIESFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(top_srcdir)/$(DOMAIN)_$(lang).properties)
+ # Compute CLASSFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(top_srcdir)/$(DOMAIN)_$(lang).class)
+ # Compute QMFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).qm)
+ # Compute MSGFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(frob $(lang)).msg)
+ # Compute RESOURCESDLLFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(frob $(lang))/$(DOMAIN).resources.dll)
+ case "$ac_given_srcdir" in
+ .) srcdirpre= ;;
+ *) srcdirpre='$(srcdir)/' ;;
+ esac
+ POFILES=
+ UPDATEPOFILES=
+ DUMMYPOFILES=
+ GMOFILES=
+ PROPERTIESFILES=
+ CLASSFILES=
+ QMFILES=
+ MSGFILES=
+ RESOURCESDLLFILES=
+ for lang in $ALL_LINGUAS; do
+ POFILES="$POFILES $srcdirpre$lang.po"
+ UPDATEPOFILES="$UPDATEPOFILES $lang.po-update"
+ DUMMYPOFILES="$DUMMYPOFILES $lang.nop"
+ GMOFILES="$GMOFILES $srcdirpre$lang.gmo"
+ PROPERTIESFILES="$PROPERTIESFILES \$(top_srcdir)/\$(DOMAIN)_$lang.properties"
+ CLASSFILES="$CLASSFILES \$(top_srcdir)/\$(DOMAIN)_$lang.class"
+ QMFILES="$QMFILES $srcdirpre$lang.qm"
+ frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
+ MSGFILES="$MSGFILES $srcdirpre$frobbedlang.msg"
+ frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'`
+ RESOURCESDLLFILES="$RESOURCESDLLFILES $srcdirpre$frobbedlang/\$(DOMAIN).resources.dll"
+ done
+ # CATALOGS depends on both $ac_dir and the user's LINGUAS
+ # environment variable.
+ INST_LINGUAS=
+ if test -n "$ALL_LINGUAS"; then
+ for presentlang in $ALL_LINGUAS; do
+ useit=no
+ if test "%UNSET%" != "$LINGUAS"; then
+ desiredlanguages="$LINGUAS"
+ else
+ desiredlanguages="$ALL_LINGUAS"
+ fi
+ for desiredlang in $desiredlanguages; do
+ # Use the presentlang catalog if desiredlang is
+ # a. equal to presentlang, or
+ # b. a variant of presentlang (because in this case,
+ # presentlang can be used as a fallback for messages
+ # which are not translated in the desiredlang catalog).
+ case "$desiredlang" in
+ "$presentlang"*) useit=yes;;
+ esac
+ done
+ if test $useit = yes; then
+ INST_LINGUAS="$INST_LINGUAS $presentlang"
+ fi
+ done
+ fi
+ CATALOGS=
+ JAVACATALOGS=
+ QTCATALOGS=
+ TCLCATALOGS=
+ CSHARPCATALOGS=
+ if test -n "$INST_LINGUAS"; then
+ for lang in $INST_LINGUAS; do
+ CATALOGS="$CATALOGS $lang.gmo"
+ JAVACATALOGS="$JAVACATALOGS \$(DOMAIN)_$lang.properties"
+ QTCATALOGS="$QTCATALOGS $lang.qm"
+ frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
+ TCLCATALOGS="$TCLCATALOGS $frobbedlang.msg"
+ frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'`
+ CSHARPCATALOGS="$CSHARPCATALOGS $frobbedlang/\$(DOMAIN).resources.dll"
+ done
+ fi
+
+ sed -e "s|@POTFILES_DEPS@|$POTFILES_DEPS|g" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@PROPERTIESFILES@|$PROPERTIESFILES|g" -e "s|@CLASSFILES@|$CLASSFILES|g" -e "s|@QMFILES@|$QMFILES|g" -e "s|@MSGFILES@|$MSGFILES|g" -e "s|@RESOURCESDLLFILES@|$RESOURCESDLLFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@JAVACATALOGS@|$JAVACATALOGS|g" -e "s|@QTCATALOGS@|$QTCATALOGS|g" -e "s|@TCLCATALOGS@|$TCLCATALOGS|g" -e "s|@CSHARPCATALOGS@|$CSHARPCATALOGS|g" -e 's,^#distdir:,distdir:,' < "$ac_file" > "$ac_file.tmp"
+ if grep -l '@TCLCATALOGS@' "$ac_file" > /dev/null; then
+ # Add dependencies that cannot be formulated as a simple suffix rule.
+ for lang in $ALL_LINGUAS; do
+ frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
+ cat >> "$ac_file.tmp" <<EOF
+$frobbedlang.msg: $lang.po
+ @echo "\$(MSGFMT) -c --tcl -d \$(srcdir) -l $lang $srcdirpre$lang.po"; \
+ \$(MSGFMT) -c --tcl -d "\$(srcdir)" -l $lang $srcdirpre$lang.po || { rm -f "\$(srcdir)/$frobbedlang.msg"; exit 1; }
+EOF
+ done
+ fi
+ if grep -l '@CSHARPCATALOGS@' "$ac_file" > /dev/null; then
+ # Add dependencies that cannot be formulated as a simple suffix rule.
+ for lang in $ALL_LINGUAS; do
+ frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'`
+ cat >> "$ac_file.tmp" <<EOF
+$frobbedlang/\$(DOMAIN).resources.dll: $lang.po
+ @echo "\$(MSGFMT) -c --csharp -d \$(srcdir) -l $lang $srcdirpre$lang.po -r \$(DOMAIN)"; \
+ \$(MSGFMT) -c --csharp -d "\$(srcdir)" -l $lang $srcdirpre$lang.po -r "\$(DOMAIN)" || { rm -f "\$(srcdir)/$frobbedlang.msg"; exit 1; }
+EOF
+ done
+ fi
+ if test -n "$POMAKEFILEDEPS"; then
+ cat >> "$ac_file.tmp" <<EOF
+Makefile: $POMAKEFILEDEPS
+EOF
+ fi
+ mv "$ac_file.tmp" "$ac_file"
+])
+
+dnl Initializes the accumulator used by AM_XGETTEXT_OPTION.
+AC_DEFUN([AM_XGETTEXT_OPTION_INIT],
+[
+ XGETTEXT_EXTRA_OPTIONS=
+])
+
+dnl Registers an option to be passed to xgettext in the po subdirectory.
+AC_DEFUN([AM_XGETTEXT_OPTION],
+[
+ AC_REQUIRE([AM_XGETTEXT_OPTION_INIT])
+ XGETTEXT_EXTRA_OPTIONS="$XGETTEXT_EXTRA_OPTIONS $1"
+])
diff --git a/m4/printf-posix.m4 b/m4/printf-posix.m4
new file mode 100644
index 0000000..af10170
--- /dev/null
+++ b/m4/printf-posix.m4
@@ -0,0 +1,44 @@
+# printf-posix.m4 serial 2 (gettext-0.13.1)
+dnl Copyright (C) 2003 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+dnl Test whether the printf() function supports POSIX/XSI format strings with
+dnl positions.
+
+AC_DEFUN([gt_PRINTF_POSIX],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_CACHE_CHECK([whether printf() supports POSIX/XSI format strings],
+ gt_cv_func_printf_posix,
+ [
+ AC_TRY_RUN([
+#include <stdio.h>
+#include <string.h>
+/* The string "%2$d %1$d", with dollar characters protected from the shell's
+ dollar expansion (possibly an autoconf bug). */
+static char format[] = { '%', '2', '$', 'd', ' ', '%', '1', '$', 'd', '\0' };
+static char buf[100];
+int main ()
+{
+ sprintf (buf, format, 33, 55);
+ return (strcmp (buf, "55 33") != 0);
+}], gt_cv_func_printf_posix=yes, gt_cv_func_printf_posix=no,
+ [
+ AC_EGREP_CPP(notposix, [
+#if defined __NetBSD__ || defined _MSC_VER || defined __MINGW32__ || defined __CYGWIN__
+ notposix
+#endif
+ ], gt_cv_func_printf_posix="guessing no",
+ gt_cv_func_printf_posix="guessing yes")
+ ])
+ ])
+ case $gt_cv_func_printf_posix in
+ *yes)
+ AC_DEFINE(HAVE_POSIX_PRINTF, 1,
+ [Define if your printf() function supports format strings with positions.])
+ ;;
+ esac
+])
diff --git a/m4/progtest.m4 b/m4/progtest.m4
new file mode 100644
index 0000000..a56365c
--- /dev/null
+++ b/m4/progtest.m4
@@ -0,0 +1,92 @@
+# progtest.m4 serial 4 (gettext-0.14.2)
+dnl Copyright (C) 1996-2003, 2005 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+dnl Authors:
+dnl Ulrich Drepper <drepper@cygnus.com>, 1996.
+
+AC_PREREQ(2.50)
+
+# Search path for a program which passes the given test.
+
+dnl AM_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR,
+dnl TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]])
+AC_DEFUN([AM_PATH_PROG_WITH_TEST],
+[
+# Prepare PATH_SEPARATOR.
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+
+# Find out how to test for executable files. Don't use a zero-byte file,
+# as systems may use methods other than mode bits to determine executability.
+cat >conf$$.file <<_ASEOF
+#! /bin/sh
+exit 0
+_ASEOF
+chmod +x conf$$.file
+if test -x conf$$.file >/dev/null 2>&1; then
+ ac_executable_p="test -x"
+else
+ ac_executable_p="test -f"
+fi
+rm -f conf$$.file
+
+# Extract the first word of "$2", so it can be a program name with args.
+set dummy $2; ac_word=[$]2
+AC_MSG_CHECKING([for $ac_word])
+AC_CACHE_VAL(ac_cv_path_$1,
+[case "[$]$1" in
+ [[\\/]]* | ?:[[\\/]]*)
+ ac_cv_path_$1="[$]$1" # Let the user override the test with a path.
+ ;;
+ *)
+ ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in ifelse([$5], , $PATH, [$5]); do
+ IFS="$ac_save_IFS"
+ test -z "$ac_dir" && ac_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then
+ echo "$as_me: trying $ac_dir/$ac_word..." >&AS_MESSAGE_LOG_FD
+ if [$3]; then
+ ac_cv_path_$1="$ac_dir/$ac_word$ac_exec_ext"
+ break 2
+ fi
+ fi
+ done
+ done
+ IFS="$ac_save_IFS"
+dnl If no 4th arg is given, leave the cache variable unset,
+dnl so AC_PATH_PROGS will keep looking.
+ifelse([$4], , , [ test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4"
+])dnl
+ ;;
+esac])dnl
+$1="$ac_cv_path_$1"
+if test ifelse([$4], , [-n "[$]$1"], ["[$]$1" != "$4"]); then
+ AC_MSG_RESULT([$]$1)
+else
+ AC_MSG_RESULT(no)
+fi
+AC_SUBST($1)dnl
+])
diff --git a/m4/readline.m4 b/m4/readline.m4
new file mode 100644
index 0000000..783f401
--- /dev/null
+++ b/m4/readline.m4
@@ -0,0 +1,63 @@
+dnl Check for readline and dependencies
+dnl Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+dnl
+dnl This file is free software, distributed under the terms of the GNU
+dnl General Public License. As a special exception to the GNU General
+dnl Public License, this file may be distributed as part of a program
+dnl that contains a configuration script generated by Autoconf, under
+dnl the same distribution terms as the rest of that program.
+dnl
+dnl Defines HAVE_LIBREADLINE to 1 if a working readline setup is
+dnl found, and sets @LIBREADLINE@ to the necessary libraries.
+
+AC_DEFUN([GNUPG_CHECK_READLINE],
+[
+ AC_ARG_WITH(readline,
+ AC_HELP_STRING([--with-readline=DIR],
+ [look for the readline library in DIR]),
+ [_do_readline=$withval],[_do_readline=yes])
+
+ if test "$_do_readline" != "no" ; then
+ if test -d "$withval" ; then
+ CPPFLAGS="${CPPFLAGS} -I$withval/include"
+ LDFLAGS="${LDFLAGS} -L$withval/lib"
+ fi
+
+ for _termcap in "" "-ltermcap" "-lcurses" "-lncurses" ; do
+ _readline_save_libs=$LIBS
+ _combo="-lreadline${_termcap:+ $_termcap}"
+ LIBS="$LIBS $_combo"
+
+ AC_MSG_CHECKING([whether readline via \"$_combo\" is present and sane])
+
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <readline/readline.h>
+#include <readline/history.h>
+]],[[
+rl_completion_func_t *completer;
+add_history("foobar");
+rl_catch_signals=0;
+rl_inhibit_completion=0;
+rl_attempted_completion_function=NULL;
+rl_completion_matches(NULL,NULL);
+]])],[_found_readline=yes],[_found_readline=no])
+
+ AC_MSG_RESULT([$_found_readline])
+
+ LIBS=$_readline_save_libs
+
+ if test $_found_readline = yes ; then
+ AC_DEFINE(HAVE_LIBREADLINE,1,
+ [Define to 1 if you have a fully functional readline library.])
+ AC_SUBST(LIBREADLINE,$_combo)
+ break
+ fi
+ done
+
+ unset _termcap
+ unset _readline_save_libs
+ unset _combo
+ unset _found_readline
+ fi
+])dnl
diff --git a/m4/signed.m4 b/m4/signed.m4
new file mode 100644
index 0000000..048f593
--- /dev/null
+++ b/m4/signed.m4
@@ -0,0 +1,17 @@
+# signed.m4 serial 1 (gettext-0.10.40)
+dnl Copyright (C) 2001-2002 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+AC_DEFUN([bh_C_SIGNED],
+[
+ AC_CACHE_CHECK([for signed], bh_cv_c_signed,
+ [AC_TRY_COMPILE(, [signed char x;], bh_cv_c_signed=yes, bh_cv_c_signed=no)])
+ if test $bh_cv_c_signed = no; then
+ AC_DEFINE(signed, ,
+ [Define to empty if the C compiler doesn't support this keyword.])
+ fi
+])
diff --git a/m4/size_max.m4 b/m4/size_max.m4
new file mode 100644
index 0000000..bfba811
--- /dev/null
+++ b/m4/size_max.m4
@@ -0,0 +1,62 @@
+# size_max.m4 serial 5
+dnl Copyright (C) 2003, 2005-2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+AC_DEFUN([gl_SIZE_MAX],
+[
+ AC_CHECK_HEADERS(stdint.h)
+ dnl First test whether the system already has SIZE_MAX.
+ AC_MSG_CHECKING([for SIZE_MAX])
+ AC_CACHE_VAL([gl_cv_size_max], [
+ gl_cv_size_max=
+ AC_EGREP_CPP([Found it], [
+#include <limits.h>
+#if HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#ifdef SIZE_MAX
+Found it
+#endif
+], gl_cv_size_max=yes)
+ if test -z "$gl_cv_size_max"; then
+ dnl Define it ourselves. Here we assume that the type 'size_t' is not wider
+ dnl than the type 'unsigned long'. Try hard to find a definition that can
+ dnl be used in a preprocessor #if, i.e. doesn't contain a cast.
+ _AC_COMPUTE_INT([sizeof (size_t) * CHAR_BIT - 1], size_t_bits_minus_1,
+ [#include <stddef.h>
+#include <limits.h>], size_t_bits_minus_1=)
+ _AC_COMPUTE_INT([sizeof (size_t) <= sizeof (unsigned int)], fits_in_uint,
+ [#include <stddef.h>], fits_in_uint=)
+ if test -n "$size_t_bits_minus_1" && test -n "$fits_in_uint"; then
+ if test $fits_in_uint = 1; then
+ dnl Even though SIZE_MAX fits in an unsigned int, it must be of type
+ dnl 'unsigned long' if the type 'size_t' is the same as 'unsigned long'.
+ AC_TRY_COMPILE([#include <stddef.h>
+ extern size_t foo;
+ extern unsigned long foo;
+ ], [], fits_in_uint=0)
+ fi
+ dnl We cannot use 'expr' to simplify this expression, because 'expr'
+ dnl works only with 'long' integers in the host environment, while we
+ dnl might be cross-compiling from a 32-bit platform to a 64-bit platform.
+ if test $fits_in_uint = 1; then
+ gl_cv_size_max="(((1U << $size_t_bits_minus_1) - 1) * 2 + 1)"
+ else
+ gl_cv_size_max="(((1UL << $size_t_bits_minus_1) - 1) * 2 + 1)"
+ fi
+ else
+ dnl Shouldn't happen, but who knows...
+ gl_cv_size_max='((size_t)~(size_t)0)'
+ fi
+ fi
+ ])
+ AC_MSG_RESULT([$gl_cv_size_max])
+ if test "$gl_cv_size_max" != yes; then
+ AC_DEFINE_UNQUOTED([SIZE_MAX], [$gl_cv_size_max],
+ [Define as the maximum value of type 'size_t', if the system doesn't define it.])
+ fi
+])
diff --git a/m4/socklen.m4 b/m4/socklen.m4
new file mode 100644
index 0000000..5e3765a
--- /dev/null
+++ b/m4/socklen.m4
@@ -0,0 +1,52 @@
+# socklen.m4 serial 4
+dnl Copyright (C) 2005, 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Albert Chin, Windows fixes from Simon Josefsson.
+
+dnl Check for socklen_t: historically on BSD it is an int, and in
+dnl POSIX 1g it is a type of its own, but some platforms use different
+dnl types for the argument to getsockopt, getpeername, etc. So we
+dnl have to test to find something that will work.
+
+dnl On mingw32, socklen_t is in ws2tcpip.h ('int'), so we try to find
+dnl it there first. That file is included by gnulib's socket_.h, which
+dnl all users of this module should include. Cygwin must not include
+dnl ws2tcpip.h.
+AC_DEFUN([gl_TYPE_SOCKLEN_T],
+ [AC_REQUIRE([gl_HEADER_SYS_SOCKET])dnl
+ AC_CHECK_TYPE([socklen_t], ,
+ [AC_MSG_CHECKING([for socklen_t equivalent])
+ AC_CACHE_VAL([gl_cv_gl_cv_socklen_t_equiv],
+ [# Systems have either "struct sockaddr *" or
+ # "void *" as the second argument to getpeername
+ gl_cv_socklen_t_equiv=
+ for arg2 in "struct sockaddr" void; do
+ for t in int size_t "unsigned int" "long int" "unsigned long int"; do
+ AC_TRY_COMPILE(
+ [#include <sys/types.h>
+ #include <sys/socket.h>
+
+ int getpeername (int, $arg2 *, $t *);],
+ [$t len;
+ getpeername (0, 0, &len);],
+ [gl_cv_socklen_t_equiv="$t"])
+ test "$gl_cv_socklen_t_equiv" != "" && break
+ done
+ test "$gl_cv_socklen_t_equiv" != "" && break
+ done
+ ])
+ if test "$gl_cv_socklen_t_equiv" = ""; then
+ AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
+ fi
+ AC_MSG_RESULT([$gl_cv_socklen_t_equiv])
+ AC_DEFINE_UNQUOTED([socklen_t], [$gl_cv_socklen_t_equiv],
+ [type to use in place of socklen_t if not defined])],
+ [#include <sys/types.h>
+ #if HAVE_SYS_SOCKET_H
+ # include <sys/socket.h>
+ #elif HAVE_WS2TCPIP_H
+ # include <ws2tcpip.h>
+ #endif])])
diff --git a/m4/stdint_h.m4 b/m4/stdint_h.m4
new file mode 100644
index 0000000..db9a8ac
--- /dev/null
+++ b/m4/stdint_h.m4
@@ -0,0 +1,26 @@
+# stdint_h.m4 serial 6
+dnl Copyright (C) 1997-2004, 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Paul Eggert.
+
+# Define HAVE_STDINT_H_WITH_UINTMAX if <stdint.h> exists,
+# doesn't clash with <sys/types.h>, and declares uintmax_t.
+
+AC_DEFUN([gl_AC_HEADER_STDINT_H],
+[
+ AC_CACHE_CHECK([for stdint.h], gl_cv_header_stdint_h,
+ [AC_TRY_COMPILE(
+ [#include <sys/types.h>
+#include <stdint.h>],
+ [uintmax_t i = (uintmax_t) -1; return !i;],
+ gl_cv_header_stdint_h=yes,
+ gl_cv_header_stdint_h=no)])
+ if test $gl_cv_header_stdint_h = yes; then
+ AC_DEFINE_UNQUOTED(HAVE_STDINT_H_WITH_UINTMAX, 1,
+ [Define if <stdint.h> exists, doesn't clash with <sys/types.h>,
+ and declares uintmax_t. ])
+ fi
+])
diff --git a/m4/sys_socket_h.m4 b/m4/sys_socket_h.m4
new file mode 100644
index 0000000..d3e45b4
--- /dev/null
+++ b/m4/sys_socket_h.m4
@@ -0,0 +1,23 @@
+# sys_socket_h.m4 serial 2
+dnl Copyright (C) 2005, 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Simon Josefsson.
+
+AC_DEFUN([gl_HEADER_SYS_SOCKET],
+[
+ AC_CHECK_HEADERS_ONCE([sys/socket.h])
+ if test $ac_cv_header_sys_socket_h = yes; then
+ SYS_SOCKET_H=''
+ else
+ dnl We cannot use AC_CHECK_HEADERS_ONCE here, because that would make
+ dnl the check for those headers unconditional; yet cygwin reports
+ dnl that the headers are present but cannot be compiled (since on
+ dnl cygwin, all socket information should come from sys/socket.h).
+ AC_CHECK_HEADERS([winsock2.h ws2tcpip.h])
+ SYS_SOCKET_H='sys/socket.h'
+ fi
+ AC_SUBST(SYS_SOCKET_H)
+])
diff --git a/m4/tar-ustar.m4 b/m4/tar-ustar.m4
new file mode 100644
index 0000000..4ae9e63
--- /dev/null
+++ b/m4/tar-ustar.m4
@@ -0,0 +1,43 @@
+dnl Check for a tar program that speaks ustar format
+dnl Copyright (C) 2005, 2006 Free Software Foundation, Inc.
+dnl
+dnl This file is free software, distributed under the terms of the GNU
+dnl General Public License. As a special exception to the GNU General
+dnl Public License, this file may be distributed as part of a program
+dnl that contains a configuration script generated by Autoconf, under
+dnl the same distribution terms as the rest of that program.
+
+AC_DEFUN([GNUPG_CHECK_USTAR],
+[
+ AC_ARG_WITH(tar,
+ AC_HELP_STRING([--with-tar=PATH],[look for a tar program in PATH]),
+ [_do_tar=$withval])
+
+ if test x$_do_tar != xno ; then
+
+ if test x$_do_tar = x ; then
+ AC_PATH_PROG(TAR,"tar")
+ _mytar=$ac_cv_path_TAR
+ fi
+
+ # Check if our tar is ustar format. If so, it's good. TODO: Add some
+ # code to check various options, etc, to try and create ustar
+ # format.
+
+ if test x$_mytar != x ; then
+ AC_MSG_CHECKING([whether $_mytar speaks USTAR])
+ echo hithere > conftest.txt
+ $_mytar -cf - conftest.txt | (dd skip=257 bs=1 count=5 2>/dev/null || cat) | grep ustar > /dev/null
+ _tar_bad=$?
+ rm conftest.txt
+
+ if test x$_tar_bad = x0 ; then
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ fi
+ fi
+ fi
+
+ AM_CONDITIONAL(HAVE_USTAR, test x$_tar_bad = x0)
+])dnl
diff --git a/m4/uintmax_t.m4 b/m4/uintmax_t.m4
new file mode 100644
index 0000000..bf83ed7
--- /dev/null
+++ b/m4/uintmax_t.m4
@@ -0,0 +1,30 @@
+# uintmax_t.m4 serial 9
+dnl Copyright (C) 1997-2004 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Paul Eggert.
+
+AC_PREREQ(2.13)
+
+# Define uintmax_t to 'unsigned long' or 'unsigned long long'
+# if it is not already defined in <stdint.h> or <inttypes.h>.
+
+AC_DEFUN([gl_AC_TYPE_UINTMAX_T],
+[
+ AC_REQUIRE([gl_AC_HEADER_INTTYPES_H])
+ AC_REQUIRE([gl_AC_HEADER_STDINT_H])
+ if test $gl_cv_header_inttypes_h = no && test $gl_cv_header_stdint_h = no; then
+ AC_REQUIRE([gl_AC_TYPE_UNSIGNED_LONG_LONG])
+ test $ac_cv_type_unsigned_long_long = yes \
+ && ac_type='unsigned long long' \
+ || ac_type='unsigned long'
+ AC_DEFINE_UNQUOTED(uintmax_t, $ac_type,
+ [Define to unsigned long or unsigned long long
+ if <stdint.h> and <inttypes.h> don't define.])
+ else
+ AC_DEFINE(HAVE_UINTMAX_T, 1,
+ [Define if you have the 'uintmax_t' type in <stdint.h> or <inttypes.h>.])
+ fi
+])
diff --git a/m4/visibility.m4 b/m4/visibility.m4
new file mode 100644
index 0000000..2ff6330
--- /dev/null
+++ b/m4/visibility.m4
@@ -0,0 +1,52 @@
+# visibility.m4 serial 1 (gettext-0.15)
+dnl Copyright (C) 2005 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+dnl Tests whether the compiler supports the command-line option
+dnl -fvisibility=hidden and the function and variable attributes
+dnl __attribute__((__visibility__("hidden"))) and
+dnl __attribute__((__visibility__("default"))).
+dnl Does *not* test for __visibility__("protected") - which has tricky
+dnl semantics (see the 'vismain' test in glibc) and does not exist e.g. on
+dnl MacOS X.
+dnl Does *not* test for __visibility__("internal") - which has processor
+dnl dependent semantics.
+dnl Does *not* test for #pragma GCC visibility push(hidden) - which is
+dnl "really only recommended for legacy code".
+dnl Set the variable CFLAG_VISIBILITY.
+dnl Defines and sets the variable HAVE_VISIBILITY.
+
+AC_DEFUN([gl_VISIBILITY],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ CFLAG_VISIBILITY=
+ HAVE_VISIBILITY=0
+ if test -n "$GCC"; then
+ AC_MSG_CHECKING([for simple visibility declarations])
+ AC_CACHE_VAL(gl_cv_cc_visibility, [
+ gl_save_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fvisibility=hidden"
+ AC_TRY_COMPILE(
+ [extern __attribute__((__visibility__("hidden"))) int hiddenvar;
+ extern __attribute__((__visibility__("default"))) int exportedvar;
+ extern __attribute__((__visibility__("hidden"))) int hiddenfunc (void);
+ extern __attribute__((__visibility__("default"))) int exportedfunc (void);],
+ [],
+ gl_cv_cc_visibility=yes,
+ gl_cv_cc_visibility=no)
+ CFLAGS="$gl_save_CFLAGS"])
+ AC_MSG_RESULT([$gl_cv_cc_visibility])
+ if test $gl_cv_cc_visibility = yes; then
+ CFLAG_VISIBILITY="-fvisibility=hidden"
+ HAVE_VISIBILITY=1
+ fi
+ fi
+ AC_SUBST([CFLAG_VISIBILITY])
+ AC_SUBST([HAVE_VISIBILITY])
+ AC_DEFINE_UNQUOTED([HAVE_VISIBILITY], [$HAVE_VISIBILITY],
+ [Define to 1 or 0, depending whether the compiler supports simple visibility declarations.])
+])
diff --git a/m4/wchar_t.m4 b/m4/wchar_t.m4
new file mode 100644
index 0000000..cde2129
--- /dev/null
+++ b/m4/wchar_t.m4
@@ -0,0 +1,20 @@
+# wchar_t.m4 serial 1 (gettext-0.12)
+dnl Copyright (C) 2002-2003 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+dnl Test whether <stddef.h> has the 'wchar_t' type.
+dnl Prerequisite: AC_PROG_CC
+
+AC_DEFUN([gt_TYPE_WCHAR_T],
+[
+ AC_CACHE_CHECK([for wchar_t], gt_cv_c_wchar_t,
+ [AC_TRY_COMPILE([#include <stddef.h>
+ wchar_t foo = (wchar_t)'\0';], ,
+ gt_cv_c_wchar_t=yes, gt_cv_c_wchar_t=no)])
+ if test $gt_cv_c_wchar_t = yes; then
+ AC_DEFINE(HAVE_WCHAR_T, 1, [Define if you have the 'wchar_t' type.])
+ fi
+])
diff --git a/m4/wint_t.m4 b/m4/wint_t.m4
new file mode 100644
index 0000000..b8fff9c
--- /dev/null
+++ b/m4/wint_t.m4
@@ -0,0 +1,20 @@
+# wint_t.m4 serial 1 (gettext-0.12)
+dnl Copyright (C) 2003 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+dnl Test whether <wchar.h> has the 'wint_t' type.
+dnl Prerequisite: AC_PROG_CC
+
+AC_DEFUN([gt_TYPE_WINT_T],
+[
+ AC_CACHE_CHECK([for wint_t], gt_cv_c_wint_t,
+ [AC_TRY_COMPILE([#include <wchar.h>
+ wint_t foo = (wchar_t)'\0';], ,
+ gt_cv_c_wint_t=yes, gt_cv_c_wint_t=no)])
+ if test $gt_cv_c_wint_t = yes; then
+ AC_DEFINE(HAVE_WINT_T, 1, [Define if you have the 'wint_t' type.])
+ fi
+])
diff --git a/m4/xsize.m4 b/m4/xsize.m4
new file mode 100644
index 0000000..85bb721
--- /dev/null
+++ b/m4/xsize.m4
@@ -0,0 +1,13 @@
+# xsize.m4 serial 3
+dnl Copyright (C) 2003-2004 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_XSIZE],
+[
+ dnl Prerequisites of lib/xsize.h.
+ AC_REQUIRE([gl_SIZE_MAX])
+ AC_REQUIRE([AC_C_INLINE])
+ AC_CHECK_HEADERS(stdint.h)
+])
diff --git a/po/ChangeLog-2011 b/po/ChangeLog-2011
new file mode 100644
index 0000000..6c1d897
--- /dev/null
+++ b/po/ChangeLog-2011
@@ -0,0 +1,336 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2011-01-12 Jakub Bogusz <qboosh@pld-linux.org> (wk)
+
+ * pl.po: Update.
+
+2011-01-12 Petr Pisar <petr.pisar@atlas.cz> (wk)
+
+ * cs.po: Update.
+
+2011-01-12 Jedi <JediLin@Gmail.com> (wk)
+
+ * zh_TW.po: Update.
+
+2011-01-12 Daniel Nylander <po@danielnylander.se> (wk)
+
+ * sv.po: Update.
+
+2010-09-03 Werner Koch <wk@g10code.com>
+
+ * de.po: Insert missing spaces. Fixes Debian-Bug#594489.
+
+2010-07-19 Jedi <JediLin@Gmail.com> (wk)
+
+ * zh_TW.po: Update.
+
+2010-05-12 Jedi <JediLin@Gmail.com> (wk)
+
+ * zh_TW.po: Update (dated 2010-03-10).
+
+2010-02-17 Werner Koch <wk@g10code.com>
+
+ * de.po: Replace "Unterschrift" by "Signatur".
+ (keygen.c): Use Abbrechen instead of Quit.
+
+2009-12-21 Jedi Lin <Jedi@Jedi.org> (wk)
+
+ * zh_TW.po: Update (dated 2009-09-05).
+
+2009-12-04 Petr Pisar <petr.pisar@atlas.cz> (wk)
+
+ * cs.po: Update.
+
+2009-09-03 Werner Koch <wk@g10code.com>
+
+ * de.po: Translate new strings.
+
+2009-09-03 Jedi Lin <Jedi@Jedi.org> (wk)
+
+ * zh_TW.po: Update.
+
+2009-07-14 Werner Koch <wk@g10code.com>
+
+ * de.po: s/nicht-exportfähig/unwiderrufbar/. Reported by Simon
+ Richter.
+
+2009-07-09 Werner Koch <wk@g10code.com>
+
+ * zh_CN.po <g10/keyedit.c:1905>: Marked fuzzy. See bug#1078.
+
+2009-06-30 Werner Koch <wk@g10code.com>
+
+ * es.po: Mark a bad translation fuzzy.
+
+2009-06-30 Daiki Ueno <ueno@unixuser.org>
+
+ * ja.po: Typo fix. Fixes bug#1078.
+
+2009-06-02 Werner Koch <wk@g10code.com>
+
+ * de.po: Applied a patch from Daniel Leidert to fix a bunch of
+ small typos. See also Debian bug report 314068. Fixes bug#1069.
+
+2009-01-19 Werner Koch <wk@g10code.com>
+
+ * de.po: Translated a few new audit-log related strings.
+
+2009-01-12 Maxim Britov <maxim.britov@gmail.com> (wk)
+
+ * ru.po: Update.
+
+2009-01-07 Jaime Suárez <jsuarez@mundocripto.com> (wk)
+
+ * es.po: Update.
+
+2009-01-05 Nilgün Belma Bugüner <nilgun@belgeler.gen.tr> (wk)
+
+ * tr.po: Update.
+
+2009-01-05 Jedi <jedi@jedi.org> (wk)
+
+ * zh_TW.po: Update.
+
+2008-12-08 Werner Koch <wk@g10code.com>
+
+ * de.po: Typo fixes. Reported by Daniel Leidert.
+
+2008-11-13 Werner Koch <wk@g10code.com>
+
+ * de.po: Udpate.
+
+2008-09-30 David Ammouial <da-debian-br@weeno.net> (wk)
+
+ * fr.po: Fix bug #922.
+
+2008-07-21 Werner Koch <wk@g10code.com>
+
+ * sv.po: Adjust special size entry.
+
+2008-07-21 Daniel Nylander <info@danielnylander.se> (wk)
+
+ * sv.po: Update.
+
+2008-05-28 Jaime Suárez <jaime@mundocripto.com> (wk)
+
+ * es.po: Update. All strings for 2.0.9 are no translated.
+
+2008-05-26 Werner Koch <wk@g10code.com>
+
+ * de.po: Minor fixes submitted by Jan Seidel. Fixes bug#916.
+
+ * it.po: Typo fix. Fixes bug#920.
+
+2008-05-09 Werner Koch <wk@g10code.com>
+
+ * de.po: Update.
+
+2008-05-01 Werner Koch <wk@g10code.com>
+
+ * de.po: Typo fix.
+
+2008-03-26 Jedi Lin <Jedi@Jedi.org> (wk)
+
+ * zh_TW.po: Update.
+
+2008-03-26 Werner Koch <wk@g10code.com>
+
+ * de.po: Translate two new strings.
+
+2008-02-15 Werner Koch <wk@g10code.com>
+
+ * de.po: Translate 3 new strings.
+
+2008-02-15 Jedi Lin <Jedi@Jedi.org> (wk)
+
+ * zh_TW.po: Update.
+
+2008-02-15 gettextize <bug-gnu-gettext@gnu.org>
+
+ * Makefile.in.in: Upgrade to gettext-0.17.
+
+2008-01-22 Werner Koch <wk@g10code.com>
+
+ * de.po: Small typo fixes. Reported by Ludwig Reiter.
+
+2007-12-14 Werner Koch <wk@g10code.com>
+
+ * de.po: Update.
+
+2007-12-12 Werner Koch <wk@g10code.com>
+
+ * POTFILES.in: Add a couple of missing files.
+
+2007-12-03 Jakub Bogusz <qboosh@pld-linux.org> (wk)
+
+ * pl.po: Updated. Received through entry bug#856.
+
+2007-11-15 Werner Koch <wk@g10code.com>
+
+ * de.po: Type fix.
+
+2007-11-12 Daniel Nylander <po@danielnylander.se> (wk)
+
+ * sv.po: Updated.
+
+2007-09-14 Werner Koch <wk@g10code.com>
+
+ * de.po: Changed translation of --honor-http-proxy.
+
+2007-08-29 Werner Koch <wk@g10code.com>
+
+ * de.po: Translated the argparse.c strings.
+
+2007-08-28 Werner Koch <wk@g10code.com>
+
+ * de.po: Updated.
+
+2007-08-16 Werner Koch <wk@g10code.com>
+
+ * pt_BR.po, es.po: Remove the "GNU" from the project ID. That
+ stupid msginit uses a script project-id to retrieve a new project
+ id. Instead of using what it founds out, it tries to put "GNU"
+ before the id if _any_ file in the current directory has a string
+ "GNU <package_name>". As en@bold.po is build automagically this
+ package name mangling breaks make distcheck as it tries to rebuild
+ the po file with the "correct" name. The upshot is never to use
+ GNU in you po directory.
+
+ * de.po: Fix a few fuzzy entries and translate new strings.
+
+2007-07-04 Werner Koch <wk@g10code.com>
+
+ * de.po: Update a few strings.
+
+2007-05-09 Werner Koch <wk@g10code.com>
+
+ * de.po: Update a few strings.
+
+2007-05-07 gettextize <bug-gnu-gettext@gnu.org>
+
+ * Makefile.in.in: Upgrade to gettext-0.16.1.
+
+2007-02-26 Werner Koch <wk@g10code.com>
+
+ * sv.po: Update from Daniel.
+
+2007-01-31 Werner Koch <wk@g10code.com>
+
+ * de.po: Fixed a few fuzzy entries.
+
+2007-01-25 Werner Koch <wk@g10code.com>
+
+ * de.po: Add Plural-Forms.
+
+2006-12-22 Werner Koch <wk@g10code.com>
+
+ * sv.po: Installed revised and updated translation by Daniel
+ Nylander.
+
+2006-11-13 Werner Koch <wk@g10code.com>
+
+ * ru.po: Update from Maxim.
+
+2006-11-10 Werner Koch <wk@g10code.com>
+
+ * de.po: Received complete update from Walter.
+
+2006-11-06 Werner Koch <wk@g10code.com>
+
+ * tr.po: Updated.
+
+2006-09-25 Werner Koch <wk@g10code.com>
+
+ * LINGUAS: Copied from gnupg 1.4.5.
+ * de.po: Merged with the version from 1.4.5.
+ * be.po, ca.po, cs.po, da.po, de.po, eo.po, el.po, es.po, et.po
+ * fi.po, fr.po, gl.po, hu.po, id.po, it.po, ja.po, nb.po, pl.po
+ * pt_BR.po, pt.po, ro.po, ru.po, sk.po, sv.po, tr.po, zh_TW.po
+ * zh_CN.po: Copied from gnupg 1.4.5.
+
+2005-11-23 Werner Koch <wk@g10code.com>
+
+ * de.po: Updated.
+
+2005-08-01 Werner Koch <wk@g10code.com>
+
+ * de.po: Converted to utf-8; fixed a few umlaut problems.
+
+2005-04-21 Werner Koch <wk@g10code.com>
+
+ * de.po: Fixed all fuzzies and untranslated strings.
+
+2005-01-04 Werner Koch <wk@g10code.com>
+
+ * de.po: Updated.
+
+2004-10-22 Werner Koch <wk@g10code.com>
+
+ * POTFILES.in: Removed sc-investigate.c
+
+2004-10-04 Werner Koch <wk@g10code.com>
+
+ * de.po: Typo fixes.
+
+2004-09-30 gettextize <bug-gnu-gettext@gnu.org>
+
+ * Makefile.in.in: Upgrade to gettext-0.14.1.
+ * Rules-quot: Upgrade to gettext-0.14.1.
+
+2004-09-30 Werner Koch <wk@g10code.com>
+
+ * de.po: Updated.
+
+ * POTFILES.in: Add more files.
+
+2004-07-22 Werner Koch <wk@g10code.de>
+
+ * de.po: Updated.
+
+2004-04-06 Werner Koch <wk@gnupg.org>
+
+ * Makevars (DOMAIN): Init from PACKAGE_GT
+
+2003-12-09 Werner Koch <wk@gnupg.org>
+
+ * Makevars (MSGID_BUGS_ADDRESS): New.
+
+2003-04-29 Werner Koch <wk@gnupg.org>
+
+ * LINUGAS: NEW.
+
+2003-04-29 gettextize <bug-gnu-gettext@gnu.org>
+
+ * Rules-quot: New file, from gettext-0.11.5.
+ * boldquot.sed: New file, from gettext-0.11.5.
+ * en@boldquot.header: New file, from gettext-0.11.5.
+ * en@quot.header: New file, from gettext-0.11.5.
+ * insert-header.sin: New file, from gettext-0.11.5.
+ * quot.sed: New file, from gettext-0.11.5.
+ * remove-potcdate.sin: New file, from gettext-0.11.5.
+
+2002-08-21 Werner Koch <wk@gnupg.org>
+
+ * de.po: Updated the translation.
+
+2002-08-10 Werner Koch <wk@gnupg.org>
+
+ * Makefile.in.in: Installed from gettext-0.10.40.
+ * POTFILES.in: New.
+ * de.po: New.
+
+
+ Copyright 2002, 2003, 2004, 2005, 2009 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/po/LINGUAS b/po/LINGUAS
new file mode 100644
index 0000000..63f1742
--- /dev/null
+++ b/po/LINGUAS
@@ -0,0 +1,30 @@
+en@quot
+en@boldquot
+be
+ca
+cs
+da
+de
+eo
+el
+es
+et
+fi
+fr
+gl
+hu
+id
+it
+ja
+nb
+pl
+pt_BR
+pt
+ro
+ru
+sk
+sv
+tr
+uk
+zh_TW
+zh_CN
diff --git a/po/Makefile.in.in b/po/Makefile.in.in
new file mode 100644
index 0000000..fecf500
--- /dev/null
+++ b/po/Makefile.in.in
@@ -0,0 +1,429 @@
+# Makefile for PO directory in any package using GNU gettext.
+# Copyright (C) 1995-1997, 2000-2007 by Ulrich Drepper <drepper@gnu.ai.mit.edu>
+#
+# This file can be copied and used freely without restrictions. It can
+# be used in projects which are not available under the GNU General Public
+# License but which still want to provide support for the GNU gettext
+# functionality.
+# Please note that the actual code of GNU gettext is covered by the GNU
+# General Public License and is *not* in the public domain.
+#
+# Origin: gettext-0.17
+GETTEXT_MACRO_VERSION = 0.17
+
+PACKAGE = @PACKAGE@
+VERSION = @VERSION@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+
+SHELL = /bin/sh
+@SET_MAKE@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+datarootdir = @datarootdir@
+datadir = @datadir@
+localedir = @localedir@
+gettextsrcdir = $(datadir)/gettext/po
+
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+
+# We use $(mkdir_p).
+# In automake <= 1.9.x, $(mkdir_p) is defined either as "mkdir -p --" or as
+# "$(mkinstalldirs)" or as "$(install_sh) -d". For these automake versions,
+# @install_sh@ does not start with $(SHELL), so we add it.
+# In automake >= 1.10, @mkdir_p@ is derived from ${MKDIR_P}, which is defined
+# either as "/path/to/mkdir -p" or ".../install-sh -c -d". For these automake
+# versions, $(mkinstalldirs) and $(install_sh) are unused.
+mkinstalldirs = $(SHELL) @install_sh@ -d
+install_sh = $(SHELL) @install_sh@
+MKDIR_P = @MKDIR_P@
+mkdir_p = @mkdir_p@
+
+GMSGFMT_ = @GMSGFMT@
+GMSGFMT_no = @GMSGFMT@
+GMSGFMT_yes = @GMSGFMT_015@
+GMSGFMT = $(GMSGFMT_$(USE_MSGCTXT))
+MSGFMT_ = @MSGFMT@
+MSGFMT_no = @MSGFMT@
+MSGFMT_yes = @MSGFMT_015@
+MSGFMT = $(MSGFMT_$(USE_MSGCTXT))
+XGETTEXT_ = @XGETTEXT@
+XGETTEXT_no = @XGETTEXT@
+XGETTEXT_yes = @XGETTEXT_015@
+XGETTEXT = $(XGETTEXT_$(USE_MSGCTXT))
+MSGMERGE = msgmerge
+MSGMERGE_UPDATE = @MSGMERGE@ --update
+MSGINIT = msginit
+MSGCONV = msgconv
+MSGFILTER = msgfilter
+
+POFILES = @POFILES@
+GMOFILES = @GMOFILES@
+UPDATEPOFILES = @UPDATEPOFILES@
+DUMMYPOFILES = @DUMMYPOFILES@
+DISTFILES.common = Makefile.in.in remove-potcdate.sin \
+$(DISTFILES.common.extra1) $(DISTFILES.common.extra2) $(DISTFILES.common.extra3)
+DISTFILES = $(DISTFILES.common) Makevars POTFILES.in \
+$(POFILES) $(GMOFILES) \
+$(DISTFILES.extra1) $(DISTFILES.extra2) $(DISTFILES.extra3)
+
+POTFILES = \
+
+CATALOGS = @CATALOGS@
+
+# Makevars gets inserted here. (Don't remove this line!)
+
+.SUFFIXES:
+.SUFFIXES: .po .gmo .mo .sed .sin .nop .po-create .po-update
+
+.po.mo:
+ @echo "$(MSGFMT) -c -o $@ $<"; \
+ $(MSGFMT) -c -o t-$@ $< && mv t-$@ $@
+
+.po.gmo:
+ @lang=`echo $* | sed -e 's,.*/,,'`; \
+ test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
+ echo "$${cdcmd}rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics -o $${lang}.gmo $${lang}.po"; \
+ cd $(srcdir) && rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics -o t-$${lang}.gmo $${lang}.po && mv t-$${lang}.gmo $${lang}.gmo
+
+.sin.sed:
+ sed -e '/^#/d' $< > t-$@
+ mv t-$@ $@
+
+
+all: check-macro-version all-@USE_NLS@
+
+all-yes: stamp-po
+all-no:
+
+# Ensure that the gettext macros and this Makefile.in.in are in sync.
+check-macro-version:
+ @test "$(GETTEXT_MACRO_VERSION)" = "@GETTEXT_MACRO_VERSION@" \
+ || { echo "*** error: gettext infrastructure mismatch: using a Makefile.in.in from gettext version $(GETTEXT_MACRO_VERSION) but the autoconf macros are from gettext version @GETTEXT_MACRO_VERSION@" 1>&2; \
+ exit 1; \
+ }
+
+# $(srcdir)/$(DOMAIN).pot is only created when needed. When xgettext finds no
+# internationalized messages, no $(srcdir)/$(DOMAIN).pot is created (because
+# we don't want to bother translators with empty POT files). We assume that
+# LINGUAS is empty in this case, i.e. $(POFILES) and $(GMOFILES) are empty.
+# In this case, stamp-po is a nop (i.e. a phony target).
+
+# stamp-po is a timestamp denoting the last time at which the CATALOGS have
+# been loosely updated. Its purpose is that when a developer or translator
+# checks out the package via CVS, and the $(DOMAIN).pot file is not in CVS,
+# "make" will update the $(DOMAIN).pot and the $(CATALOGS), but subsequent
+# invocations of "make" will do nothing. This timestamp would not be necessary
+# if updating the $(CATALOGS) would always touch them; however, the rule for
+# $(POFILES) has been designed to not touch files that don't need to be
+# changed.
+stamp-po: $(srcdir)/$(DOMAIN).pot
+ test ! -f $(srcdir)/$(DOMAIN).pot || \
+ test -z "$(GMOFILES)" || $(MAKE) $(GMOFILES)
+ @test ! -f $(srcdir)/$(DOMAIN).pot || { \
+ echo "touch stamp-po" && \
+ echo timestamp > stamp-poT && \
+ mv stamp-poT stamp-po; \
+ }
+
+# Note: Target 'all' must not depend on target '$(DOMAIN).pot-update',
+# otherwise packages like GCC can not be built if only parts of the source
+# have been downloaded.
+
+# This target rebuilds $(DOMAIN).pot; it is an expensive operation.
+# Note that $(DOMAIN).pot is not touched if it doesn't need to be changed.
+$(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in remove-potcdate.sed
+ if LC_ALL=C grep 'GNU @PACKAGE@' $(top_srcdir)/* 2>/dev/null | grep -v 'libtool:' >/dev/null; then \
+ package_gnu='GNU '; \
+ else \
+ package_gnu=''; \
+ fi; \
+ if test -n '$(MSGID_BUGS_ADDRESS)' || test '$(PACKAGE_BUGREPORT)' = '@'PACKAGE_BUGREPORT'@'; then \
+ msgid_bugs_address='$(MSGID_BUGS_ADDRESS)'; \
+ else \
+ msgid_bugs_address='$(PACKAGE_BUGREPORT)'; \
+ fi; \
+ case `$(XGETTEXT) --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-5] | 0.1[0-5].* | 0.16 | 0.16.[0-1]*) \
+ $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \
+ --add-comments=TRANSLATORS: $(XGETTEXT_OPTIONS) @XGETTEXT_EXTRA_OPTIONS@ \
+ --files-from=$(srcdir)/POTFILES.in \
+ --copyright-holder='$(COPYRIGHT_HOLDER)' \
+ --msgid-bugs-address="$$msgid_bugs_address" \
+ ;; \
+ *) \
+ $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \
+ --add-comments=TRANSLATORS: $(XGETTEXT_OPTIONS) @XGETTEXT_EXTRA_OPTIONS@ \
+ --files-from=$(srcdir)/POTFILES.in \
+ --copyright-holder='$(COPYRIGHT_HOLDER)' \
+ --package-name="$${package_gnu}@PACKAGE@" \
+ --package-version='@VERSION@' \
+ --msgid-bugs-address="$$msgid_bugs_address" \
+ ;; \
+ esac
+ test ! -f $(DOMAIN).po || { \
+ if test -f $(srcdir)/$(DOMAIN).pot; then \
+ sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \
+ sed -f remove-potcdate.sed < $(DOMAIN).po > $(DOMAIN).2po && \
+ if cmp $(DOMAIN).1po $(DOMAIN).2po >/dev/null 2>&1; then \
+ rm -f $(DOMAIN).1po $(DOMAIN).2po $(DOMAIN).po; \
+ else \
+ rm -f $(DOMAIN).1po $(DOMAIN).2po $(srcdir)/$(DOMAIN).pot && \
+ mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \
+ fi; \
+ else \
+ mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \
+ fi; \
+ }
+
+# This rule has no dependencies: we don't need to update $(DOMAIN).pot at
+# every "make" invocation, only create it when it is missing.
+# Only "make $(DOMAIN).pot-update" or "make dist" will force an update.
+$(srcdir)/$(DOMAIN).pot:
+ $(MAKE) $(DOMAIN).pot-update
+
+# This target rebuilds a PO file if $(DOMAIN).pot has changed.
+# Note that a PO file is not touched if it doesn't need to be changed.
+$(POFILES): $(srcdir)/$(DOMAIN).pot
+ @lang=`echo $@ | sed -e 's,.*/,,' -e 's/\.po$$//'`; \
+ if test -f "$(srcdir)/$${lang}.po"; then \
+ test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
+ echo "$${cdcmd}$(MSGMERGE_UPDATE) $${lang}.po $(DOMAIN).pot"; \
+ cd $(srcdir) && $(MSGMERGE_UPDATE) $${lang}.po $(DOMAIN).pot; \
+ else \
+ $(MAKE) $${lang}.po-create; \
+ fi
+
+
+install: install-exec install-data
+install-exec:
+install-data: install-data-@USE_NLS@
+ if test "$(PACKAGE)" = "gettext-tools"; then \
+ $(mkdir_p) $(DESTDIR)$(gettextsrcdir); \
+ for file in $(DISTFILES.common) Makevars.template; do \
+ $(INSTALL_DATA) $(srcdir)/$$file \
+ $(DESTDIR)$(gettextsrcdir)/$$file; \
+ done; \
+ for file in Makevars; do \
+ rm -f $(DESTDIR)$(gettextsrcdir)/$$file; \
+ done; \
+ else \
+ : ; \
+ fi
+install-data-no: all
+install-data-yes: all
+ $(mkdir_p) $(DESTDIR)$(datadir)
+ @catalogs='$(CATALOGS)'; \
+ for cat in $$catalogs; do \
+ cat=`basename $$cat`; \
+ lang=`echo $$cat | sed -e 's/\.gmo$$//'`; \
+ dir=$(localedir)/$$lang/LC_MESSAGES; \
+ $(mkdir_p) $(DESTDIR)$$dir; \
+ if test -r $$cat; then realcat=$$cat; else realcat=$(srcdir)/$$cat; fi; \
+ $(INSTALL_DATA) $$realcat $(DESTDIR)$$dir/$(DOMAIN).mo; \
+ echo "installing $$realcat as $(DESTDIR)$$dir/$(DOMAIN).mo"; \
+ for lc in '' $(EXTRA_LOCALE_CATEGORIES); do \
+ if test -n "$$lc"; then \
+ if (cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc 2>/dev/null) | grep ' -> ' >/dev/null; then \
+ link=`cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc | sed -e 's/^.* -> //'`; \
+ mv $(DESTDIR)$(localedir)/$$lang/$$lc $(DESTDIR)$(localedir)/$$lang/$$lc.old; \
+ mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \
+ (cd $(DESTDIR)$(localedir)/$$lang/$$lc.old && \
+ for file in *; do \
+ if test -f $$file; then \
+ ln -s ../$$link/$$file $(DESTDIR)$(localedir)/$$lang/$$lc/$$file; \
+ fi; \
+ done); \
+ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc.old; \
+ else \
+ if test -d $(DESTDIR)$(localedir)/$$lang/$$lc; then \
+ :; \
+ else \
+ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc; \
+ mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \
+ fi; \
+ fi; \
+ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo; \
+ ln -s ../LC_MESSAGES/$(DOMAIN).mo $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo 2>/dev/null || \
+ ln $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(DOMAIN).mo $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo 2>/dev/null || \
+ cp -p $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(DOMAIN).mo $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo; \
+ echo "installing $$realcat link as $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo"; \
+ fi; \
+ done; \
+ done
+
+install-strip: install
+
+installdirs: installdirs-exec installdirs-data
+installdirs-exec:
+installdirs-data: installdirs-data-@USE_NLS@
+ if test "$(PACKAGE)" = "gettext-tools"; then \
+ $(mkdir_p) $(DESTDIR)$(gettextsrcdir); \
+ else \
+ : ; \
+ fi
+installdirs-data-no:
+installdirs-data-yes:
+ $(mkdir_p) $(DESTDIR)$(datadir)
+ @catalogs='$(CATALOGS)'; \
+ for cat in $$catalogs; do \
+ cat=`basename $$cat`; \
+ lang=`echo $$cat | sed -e 's/\.gmo$$//'`; \
+ dir=$(localedir)/$$lang/LC_MESSAGES; \
+ $(mkdir_p) $(DESTDIR)$$dir; \
+ for lc in '' $(EXTRA_LOCALE_CATEGORIES); do \
+ if test -n "$$lc"; then \
+ if (cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc 2>/dev/null) | grep ' -> ' >/dev/null; then \
+ link=`cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc | sed -e 's/^.* -> //'`; \
+ mv $(DESTDIR)$(localedir)/$$lang/$$lc $(DESTDIR)$(localedir)/$$lang/$$lc.old; \
+ mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \
+ (cd $(DESTDIR)$(localedir)/$$lang/$$lc.old && \
+ for file in *; do \
+ if test -f $$file; then \
+ ln -s ../$$link/$$file $(DESTDIR)$(localedir)/$$lang/$$lc/$$file; \
+ fi; \
+ done); \
+ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc.old; \
+ else \
+ if test -d $(DESTDIR)$(localedir)/$$lang/$$lc; then \
+ :; \
+ else \
+ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc; \
+ mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \
+ fi; \
+ fi; \
+ fi; \
+ done; \
+ done
+
+# Define this as empty until I found a useful application.
+installcheck:
+
+uninstall: uninstall-exec uninstall-data
+uninstall-exec:
+uninstall-data: uninstall-data-@USE_NLS@
+ if test "$(PACKAGE)" = "gettext-tools"; then \
+ for file in $(DISTFILES.common) Makevars.template; do \
+ rm -f $(DESTDIR)$(gettextsrcdir)/$$file; \
+ done; \
+ else \
+ : ; \
+ fi
+uninstall-data-no:
+uninstall-data-yes:
+ catalogs='$(CATALOGS)'; \
+ for cat in $$catalogs; do \
+ cat=`basename $$cat`; \
+ lang=`echo $$cat | sed -e 's/\.gmo$$//'`; \
+ for lc in LC_MESSAGES $(EXTRA_LOCALE_CATEGORIES); do \
+ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo; \
+ done; \
+ done
+
+check: all
+
+info dvi ps pdf html tags TAGS ctags CTAGS ID:
+
+mostlyclean:
+ rm -f remove-potcdate.sed
+ rm -f stamp-poT
+ rm -f core core.* $(DOMAIN).po $(DOMAIN).1po $(DOMAIN).2po *.new.po
+ rm -fr *.o
+
+clean: mostlyclean
+
+distclean: clean
+ rm -f Makefile Makefile.in POTFILES *.mo
+
+maintainer-clean: distclean
+ @echo "This command is intended for maintainers to use;"
+ @echo "it deletes files that may require special tools to rebuild."
+ rm -f stamp-po $(GMOFILES)
+
+distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
+dist distdir:
+ $(MAKE) update-po
+ @$(MAKE) dist2
+# This is a separate target because 'update-po' must be executed before.
+dist2: stamp-po $(DISTFILES)
+ dists="$(DISTFILES)"; \
+ if test "$(PACKAGE)" = "gettext-tools"; then \
+ dists="$$dists Makevars.template"; \
+ fi; \
+ if test -f $(srcdir)/$(DOMAIN).pot; then \
+ dists="$$dists $(DOMAIN).pot stamp-po"; \
+ fi; \
+ if test -f $(srcdir)/ChangeLog; then \
+ dists="$$dists ChangeLog"; \
+ fi; \
+ for i in 0 1 2 3 4 5 6 7 8 9; do \
+ if test -f $(srcdir)/ChangeLog.$$i; then \
+ dists="$$dists ChangeLog.$$i"; \
+ fi; \
+ done; \
+ if test -f $(srcdir)/LINGUAS; then dists="$$dists LINGUAS"; fi; \
+ for file in $$dists; do \
+ if test -f $$file; then \
+ cp -p $$file $(distdir) || exit 1; \
+ else \
+ cp -p $(srcdir)/$$file $(distdir) || exit 1; \
+ fi; \
+ done
+
+update-po: Makefile
+ $(MAKE) $(DOMAIN).pot-update
+ test -z "$(UPDATEPOFILES)" || $(MAKE) $(UPDATEPOFILES)
+ $(MAKE) update-gmo
+
+# General rule for creating PO files.
+
+.nop.po-create:
+ @lang=`echo $@ | sed -e 's/\.po-create$$//'`; \
+ echo "File $$lang.po does not exist. If you are a translator, you can create it through 'msginit'." 1>&2; \
+ exit 1
+
+# General rule for updating PO files.
+
+.nop.po-update:
+ @lang=`echo $@ | sed -e 's/\.po-update$$//'`; \
+ if test "$(PACKAGE)" = "gettext-tools"; then PATH=`pwd`/../src:$$PATH; fi; \
+ tmpdir=`pwd`; \
+ echo "$$lang:"; \
+ test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
+ echo "$${cdcmd}$(MSGMERGE) $$lang.po $(DOMAIN).pot -o $$lang.new.po"; \
+ cd $(srcdir); \
+ if $(MSGMERGE) $$lang.po $(DOMAIN).pot -o $$tmpdir/$$lang.new.po; then \
+ if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \
+ rm -f $$tmpdir/$$lang.new.po; \
+ else \
+ if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \
+ :; \
+ else \
+ echo "msgmerge for $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \
+ exit 1; \
+ fi; \
+ fi; \
+ else \
+ echo "msgmerge for $$lang.po failed!" 1>&2; \
+ rm -f $$tmpdir/$$lang.new.po; \
+ fi
+
+$(DUMMYPOFILES):
+
+update-gmo: Makefile $(GMOFILES)
+ @:
+
+Makefile: Makefile.in.in Makevars $(top_builddir)/config.status @POMAKEFILEDEPS@
+ cd $(top_builddir) \
+ && $(SHELL) ./config.status $(subdir)/$@.in po-directories
+
+force:
+
+# Tell versions [3.59,3.63) of GNU make not to export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/po/Makevars b/po/Makevars
new file mode 100644
index 0000000..b99cd46
--- /dev/null
+++ b/po/Makevars
@@ -0,0 +1,41 @@
+# Makefile variables for PO directory in any package using GNU gettext.
+
+# Usually the message domain is the same as the package name.
+DOMAIN = gnupg2
+
+# These two variables depend on the location of this directory.
+subdir = po
+top_builddir = ..
+
+# These options get passed to xgettext.
+XGETTEXT_OPTIONS = --keyword=_ --keyword=N_
+
+# This is the copyright holder that gets inserted into the header of the
+# $(DOMAIN).pot file. Set this to the copyright holder of the surrounding
+# package. (Note that the msgstr strings, extracted from the package's
+# sources, belong to the copyright holder of the package.) Translators are
+# expected to transfer the copyright for their translations to this person
+# or entity, or to disclaim their copyright. The empty string stands for
+# the public domain; in this case the translators are expected to disclaim
+# their copyright.
+COPYRIGHT_HOLDER = Free Software Foundation, Inc.
+
+# This is the email address or URL to which the translators shall report
+# bugs in the untranslated strings:
+# - Strings which are not entire sentences, see the maintainer guidelines
+# in the GNU gettext documentation, section 'Preparing Strings'.
+# - Strings which use unclear terms or require additional context to be
+# understood.
+# - Strings which make invalid assumptions about notation of date, time or
+# money.
+# - Pluralisation problems.
+# - Incorrect English spelling.
+# - Incorrect formatting.
+# It can be your email address, or a mailing list address where translators
+# can write to without being subscribed, or the URL of a web page through
+# which the translators can contact you.
+MSGID_BUGS_ADDRESS = translations@gnupg.org
+
+# This is the list of locale categories, beyond LC_MESSAGES, for which the
+# message catalogs shall be used. It is usually empty.
+EXTRA_LOCALE_CATEGORIES =
diff --git a/po/POTFILES.in b/po/POTFILES.in
new file mode 100644
index 0000000..40ae4c9
--- /dev/null
+++ b/po/POTFILES.in
@@ -0,0 +1,109 @@
+# List of files with translatable strings
+
+agent/call-pinentry.c
+agent/command-ssh.c
+agent/divert-scd.c
+agent/genkey.c
+agent/gpg-agent.c
+agent/preset-passphrase.c
+agent/protect-tool.c
+agent/trustlist.c
+agent/findkey.c
+agent/call-pinentry.c
+
+common/exechelp.c
+common/http.c
+common/simple-pwquery.c
+common/sysutils.c
+common/yesno.c
+common/miscellaneous.c
+common/asshelp.c
+common/audit.c
+common/helpfile.c
+common/gettime.c
+
+g10/armor.c
+g10/build-packet.c
+g10/call-agent.c
+g10/card-util.c
+g10/dearmor.c
+g10/decrypt.c
+g10/delkey.c
+g10/encode.c
+g10/encr-data.c
+g10/exec.c
+g10/export.c
+g10/getkey.c
+g10/gpg.c
+g10/gpgv.c
+g10/helptext.c
+g10/import.c
+g10/keydb.c
+g10/keyedit.c
+g10/keygen.c
+g10/keyid.c
+g10/keylist.c
+g10/keyring.c
+g10/keyserver.c
+g10/mainproc.c
+g10/misc.c
+g10/openfile.c
+g10/parse-packet.c
+g10/passphrase.c
+g10/photoid.c
+g10/pkclist.c
+g10/plaintext.c
+g10/pubkey-enc.c
+g10/revoke.c
+g10/seckey-cert.c
+g10/seskey.c
+g10/sig-check.c
+g10/sign.c
+g10/skclist.c
+g10/tdbdump.c
+g10/tdbio.c
+g10/textfilter.c
+g10/trustdb.c
+g10/verify.c
+
+jnlib/argparse.c
+jnlib/logging.c
+jnlib/utf8conv.c
+jnlib/dotlock.c
+
+kbx/kbxutil.c
+
+scd/app-nks.c
+scd/app-openpgp.c
+scd/app-dinsig.c
+scd/scdaemon.c
+
+sm/base64.c
+sm/call-agent.c
+sm/call-dirmngr.c
+sm/certchain.c
+sm/certcheck.c
+sm/certdump.c
+sm/certlist.c
+sm/certreqgen.c
+sm/certreqgen-ui.c
+sm/decrypt.c
+sm/delete.c
+sm/encrypt.c
+sm/export.c
+sm/gpgsm.c
+sm/import.c
+sm/keydb.c
+sm/keylist.c
+sm/misc.c
+sm/qualified.c
+sm/sign.c
+sm/verify.c
+
+tools/gpg-connect-agent.c
+tools/gpgconf-comp.c
+tools/gpgconf.c
+tools/no-libgcrypt.c
+tools/symcryptrun.c
+tools/gpg-check-pattern.c
+
diff --git a/po/Rules-quot b/po/Rules-quot
new file mode 100644
index 0000000..9c2a995
--- /dev/null
+++ b/po/Rules-quot
@@ -0,0 +1,47 @@
+# Special Makefile rules for English message catalogs with quotation marks.
+
+DISTFILES.common.extra1 = quot.sed boldquot.sed en@quot.header en@boldquot.header insert-header.sin Rules-quot
+
+.SUFFIXES: .insert-header .po-update-en
+
+en@quot.po-create:
+ $(MAKE) en@quot.po-update
+en@boldquot.po-create:
+ $(MAKE) en@boldquot.po-update
+
+en@quot.po-update: en@quot.po-update-en
+en@boldquot.po-update: en@boldquot.po-update-en
+
+.insert-header.po-update-en:
+ @lang=`echo $@ | sed -e 's/\.po-update-en$$//'`; \
+ if test "$(PACKAGE)" = "gettext"; then PATH=`pwd`/../src:$$PATH; GETTEXTLIBDIR=`cd $(top_srcdir)/src && pwd`; export GETTEXTLIBDIR; fi; \
+ tmpdir=`pwd`; \
+ echo "$$lang:"; \
+ ll=`echo $$lang | sed -e 's/@.*//'`; \
+ LC_ALL=C; export LC_ALL; \
+ cd $(srcdir); \
+ if $(MSGINIT) -i $(DOMAIN).pot --no-translator -l $$ll -o - 2>/dev/null | sed -f $$tmpdir/$$lang.insert-header | $(MSGCONV) -t UTF-8 | $(MSGFILTER) sed -f `echo $$lang | sed -e 's/.*@//'`.sed 2>/dev/null > $$tmpdir/$$lang.new.po; then \
+ if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \
+ rm -f $$tmpdir/$$lang.new.po; \
+ else \
+ if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \
+ :; \
+ else \
+ echo "creation of $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \
+ exit 1; \
+ fi; \
+ fi; \
+ else \
+ echo "creation of $$lang.po failed!" 1>&2; \
+ rm -f $$tmpdir/$$lang.new.po; \
+ fi
+
+en@quot.insert-header: insert-header.sin
+ sed -e '/^#/d' -e 's/HEADER/en@quot.header/g' $(srcdir)/insert-header.sin > en@quot.insert-header
+
+en@boldquot.insert-header: insert-header.sin
+ sed -e '/^#/d' -e 's/HEADER/en@boldquot.header/g' $(srcdir)/insert-header.sin > en@boldquot.insert-header
+
+mostlyclean: mostlyclean-quot
+mostlyclean-quot:
+ rm -f *.insert-header
diff --git a/po/be.gmo b/po/be.gmo
new file mode 100644
index 0000000..dc3c6f8
--- /dev/null
+++ b/po/be.gmo
Binary files differ
diff --git a/po/be.po b/po/be.po
new file mode 100644
index 0000000..9282dad
--- /dev/null
+++ b/po/be.po
@@ -0,0 +1,8531 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2003 Free Software Foundation, Inc.
+# Ales Nyakhaychyk <nab@mail.by>, 2003.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.2.2\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2003-10-30 16:35+0200\n"
+"Last-Translator: Ales Nyakhaychyk <nab@mail.by>\n"
+"Language-Team: Belarusian <i18n@mova.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.0.2\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ…Ñш-табліцу: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr ""
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "пароль занадта доўгі\n"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "пароль занадта доўгі\n"
+
+#: agent/call-pinentry.c:808
+msgid "Invalid characters in PIN"
+msgstr ""
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "дрÑнны MPI"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "дрÑнны пароль"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "дрÑнны пароль"
+
+#: agent/command-ssh.c:531
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr ""
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr ""
+"УвÑдзіце новы пароль Ð´Ð»Ñ Ð³Ñтага ÑакрÑтнага ключа.\n"
+"\n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "УвÑдзіце пароль\n"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"УвÑдзіце новы пароль Ð´Ð»Ñ Ð³Ñтага ÑакрÑтнага ключа.\n"
+"\n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ…Ñш-табліцу: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr ""
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Паўтарыце пароль: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Паўтарыце пароль: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Паўтарыце пароль: "
+
+#: agent/divert-scd.c:295
+msgid "Reset Code not correctly repeated; try again"
+msgstr ""
+
+#: agent/divert-scd.c:297
+msgid "PUK not correctly repeated; try again"
+msgstr ""
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr ""
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr ""
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "УвÑдзіце пароль\n"
+
+#: agent/genkey.c:167
+msgid "Take this one anyway"
+msgstr ""
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"УвÑдзіце новы пароль Ð´Ð»Ñ Ð³Ñтага ÑакрÑтнага ключа.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "Паўтарыце пароль\n"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Выбары:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "шматÑлоўнаÑьць"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "працаваць менш шматÑлоўна"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+msgid "|FILE|read options from FILE"
+msgstr ""
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+msgid "use a log file for the server"
+msgstr ""
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+msgid "do not use the SCdaemon"
+msgstr ""
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "Паўтарыце пароль\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Калі лаÑка, паведамлÑйце пра памылкі на <gnupg-bugs@gnu.org>.\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "ВыкарыÑтаньне: gpg [выбары] [файлы] (-h Ð´Ð»Ñ Ð´Ð°Ð²ÐµÐ´ÐºÑ–)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr ""
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, fuzzy, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "Ð·Ð°Ð¿Ñ–Ñ Ñƒ stdout\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, fuzzy, c-format
+msgid "directory `%s' created\n"
+msgstr "%s: Ñ‚Ñчка Ñтворана\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, c-format
+msgid "%s %s stopped\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr ""
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "ВыкарыÑтаньне: gpg [выбары] [файлы] (-h Ð´Ð»Ñ Ð´Ð°Ð²ÐµÐ´ÐºÑ–)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Загады:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Выбары:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "ВыкарыÑтаньне: gpg [выбары] [файлы] (-h Ð´Ð»Ñ Ð´Ð°Ð²ÐµÐ´ÐºÑ–)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr ""
+
+#: agent/protect-tool.c:1167
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr ""
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "дрÑнны пароль"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "ÑкаÑавана карыÑтальнікам\n"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr ""
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "ÑакрÑтны ключ недаÑтупны"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "памылка Ñ‡Ñ‹Ñ‚Ð°Ð½ÑŒÐ½Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "yes [так]"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "дрÑнны пароль"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr ""
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr ""
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr ""
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr ""
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "ÑкаÑавана карыÑтальнікам\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr ""
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr ""
+
+#: common/sysutils.c:200
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr ""
+
+#: common/sysutils.c:232
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+#, fuzzy
+msgid "yes"
+msgstr "yes [так]"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "yY"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "no [не]"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "quit [выйÑьці]"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "qQ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr ""
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "Даведка адÑутнічае"
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: Ñтвораны зьвÑзак ключоў\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, c-format
+msgid "algorithm: %s"
+msgstr ""
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Ðльгарытмы, ÑÐºÑ–Ñ Ð¿Ð°Ð´Ñ‚Ñ€Ñ‹Ð¼Ð»Ñ–Ð²Ð°ÑŽÑ†Ñ†Ð°:\n"
+
+#: common/audit.c:778 common/audit.c:925
+msgid "seems to be not encrypted"
+msgstr ""
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "ÐŸÐ¾Ð´Ð¿Ñ–Ñ Ñтвораны Ñž %.*s з выкарыÑтаньнем %s ID ключа %08lX\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+msgid "Encryption algorithm supported"
+msgstr ""
+
+#: common/audit.c:993
+msgid "Data verification succeeded"
+msgstr ""
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "ÐŸÐ¾Ð´Ð¿Ñ–Ñ Ñтвораны Ñž %.*s з выкарыÑтаньнем %s ID ключа %08lX\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "ÐŸÐ¾Ð´Ð¿Ñ–Ñ Ñтвораны Ñž %.*s з выкарыÑтаньнем %s ID ключа %08lX\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "ГÑÑ‚Ñ‹ ключ згубіў ÑаÑтарÑÑž!"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Даведка адÑутнічае"
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "невÑÐ´Ð¾Ð¼Ð°Ñ Ð²ÑÑ€ÑÑ‹Ñ"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "Ð”Ð»Ñ \"%s\" даведка адÑутнічае"
+
+#: common/helpfile.c:80
+msgid "ignoring garbage line"
+msgstr ""
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "невÑÐ´Ð¾Ð¼Ð°Ñ Ð²ÑÑ€ÑÑ‹Ñ"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr ""
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr ""
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr ""
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr ""
+
+#: g10/armor.c:455
+msgid "unknown armor header: "
+msgstr ""
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr ""
+
+#: g10/armor.c:643
+#, fuzzy
+msgid "unexpected armor: "
+msgstr "Ð½ÐµÑ‡Ð°ÐºÐ°Ð½Ñ‹Ñ Ð´Ð°Ð½ÑŒÐ½Ñ–"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr ""
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr ""
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr ""
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr ""
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr ""
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, fuzzy, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "памылка CRC; %06lx - %06lx\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr ""
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr ""
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr ""
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr ""
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr ""
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr ""
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr ""
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr ""
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr ""
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, fuzzy, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "ÑакрÑтны ключ недаÑтупны"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr ""
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr ""
+
+#: g10/card-util.c:106
+msgid "This command is only available for version 2 cards\n"
+msgstr ""
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+msgid "Reset Code not or not anymore available\n"
+msgstr ""
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr ""
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr ""
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr ""
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr ""
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr ""
+
+#: g10/card-util.c:540
+#, fuzzy
+msgid "not forced"
+msgstr "непадтрымліваецца"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr ""
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr ""
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr ""
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr ""
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr ""
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr ""
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr ""
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:1005
+#, fuzzy
+msgid "Language preferences: "
+msgstr "за шмат пераваг Ð´Ð»Ñ \"%c\"\n"
+
+#: g10/card-util.c:1013
+#, fuzzy
+msgid "Error: invalid length of preference string.\n"
+msgstr "Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð´Ð°Ð¿Ð¾Ð¼Ð½Ñ‹Ñ Ð¿ÐµÑ€Ð°Ð²Ð°Ð³Ñ–\n"
+
+#: g10/card-util.c:1022
+#, fuzzy
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð´Ð°Ð¿Ð¾Ð¼Ð½Ñ‹Ñ Ð¿ÐµÑ€Ð°Ð²Ð°Ð³Ñ–\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr ""
+
+#: g10/card-util.c:1058
+#, fuzzy
+msgid "Error: invalid response.\n"
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: g10/card-util.c:1080
+#, fuzzy
+msgid "CA fingerprint: "
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: g10/card-util.c:1103
+#, fuzzy
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: g10/card-util.c:1153
+#, fuzzy, c-format
+msgid "key operation not possible: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr ""
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr ""
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr ""
+
+#: g10/card-util.c:1297
+#, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr ""
+
+#: g10/card-util.c:1298
+#, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr ""
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+
+#: g10/card-util.c:1378
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr ""
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+
+#: g10/card-util.c:1449
+#, fuzzy
+msgid "Please select the type of key to generate:\n"
+msgstr "Калі лаÑка, абÑрыце від ключа, Ñкі Вам патрÑбны:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+#, fuzzy
+msgid " (1) Signature key\n"
+msgstr "ÐŸÐ¾Ð´Ð¿Ñ–Ñ Ñтвораны Ñž %.*s з выкарыÑтаньнем %s ID ключа %08lX\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr ""
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr ""
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr ""
+
+#: g10/card-util.c:1556
+#, fuzzy
+msgid "Please select where to store the key:\n"
+msgstr "Калі лаÑка, абÑрыце від ключа, Ñкі Вам патрÑбны:\n"
+
+#: g10/card-util.c:1600
+#, fuzzy
+msgid "unknown key protection algorithm\n"
+msgstr "невÑдомы альгарытм ÑьціÑканьнÑ"
+
+#: g10/card-util.c:1605
+#, fuzzy
+msgid "secret parts of key are not available\n"
+msgstr "ÑакрÑтны ключ недаÑтупны"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr ""
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr ""
+
+#: g10/card-util.c:1684
+#, fuzzy
+msgid "show admin commands"
+msgstr "неÑумÑÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð·Ð°Ð³Ð°Ð´Ñ‹\n"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "паказаць гÑтую даведку"
+
+#: g10/card-util.c:1687
+#, fuzzy
+msgid "list all available data"
+msgstr "Даведка адÑутнічае"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr ""
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr ""
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr ""
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr ""
+
+#: g10/card-util.c:1694
+#, fuzzy
+msgid "change the language preferences"
+msgstr "за шмат пераваг Ð´Ð»Ñ \"%c\"\n"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr ""
+
+#: g10/card-util.c:1696
+#, fuzzy
+msgid "change a CA fingerprint"
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+#, fuzzy
+msgid "generate new keys"
+msgstr "Ñтварыць новую пару ключоў"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr ""
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+#, fuzzy
+msgid "Admin-only command\n"
+msgstr "неÑумÑÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð·Ð°Ð³Ð°Ð´Ñ‹\n"
+
+#: g10/card-util.c:1895
+#, fuzzy
+msgid "Admin commands are allowed\n"
+msgstr "неÑумÑÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð·Ð°Ð³Ð°Ð´Ñ‹\n"
+
+#: g10/card-util.c:1897
+#, fuzzy
+msgid "Admin commands are not allowed\n"
+msgstr "ÑакрÑтны ключ недаÑтупны"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "ÐерÑчаіÑны загад (паÑпрабуйце \"help\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr ""
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "немагчыма адкрыць \"%s\"\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, fuzzy, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr ""
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr ""
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr ""
+
+#: g10/delkey.c:145
+#, fuzzy
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "выдаліць ключы Ñа зьвÑзку грамадÑкіх ключоў"
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr ""
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr ""
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr ""
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr ""
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr ""
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr ""
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr ""
+
+#: g10/encode.c:246
+#, fuzzy, c-format
+msgid "using cipher %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr ""
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr ""
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr ""
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr ""
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr ""
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr ""
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr ""
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr ""
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr ""
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+
+#: g10/exec.c:416
+#, fuzzy, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: g10/exec.c:419
+#, fuzzy, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr ""
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr ""
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr ""
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr ""
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr ""
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr ""
+
+#: g10/export.c:61
+msgid "export signatures that are marked as local-only"
+msgstr ""
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr ""
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr ""
+"УвÑдзіце новы пароль Ð´Ð»Ñ Ð³Ñтага ÑакрÑтнага ключа.\n"
+"\n"
+
+#: g10/export.c:69
+msgid "remove unusable parts from key during export"
+msgstr ""
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+#, fuzzy
+msgid "exporting secret keys not allowed\n"
+msgstr "ÑакрÑтны ключ недаÑтупны"
+
+#: g10/export.c:367
+#, fuzzy, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "Ключ абаронены.\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr ""
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "Ключ абаронены.\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ…Ñш-табліцу: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr ""
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr ""
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr ""
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr ""
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr ""
+
+#: g10/getkey.c:2759
+#, fuzzy, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr ""
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "зрабіць адчÑплены подпіÑ"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[файл]|зрабіць чыÑÑ‚Ñ‹ Ñ‚ÑкÑтавы подпіÑ"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "зрабіць адчÑплены подпіÑ"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "зашыфраваць даньні"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "шыфраваньне толькі ÑымÑтрычнымі шыфрамі"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "разшыфраваць даньні (дапомна)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "праверыць подпіÑ"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– подпіÑаў"
+
+#: g10/gpg.c:389
+#, fuzzy
+msgid "list and check key signatures"
+msgstr "праверыць подпіÑÑ‹ ключа"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "паказаць ÑакрÑÑ‚Ð½Ñ‹Ñ ÐºÐ»ÑŽÑ‡Ñ‹"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "Ñтварыць новую пару ключоў"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr ""
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "выдаліць ключы Ñа зьвÑзку грамадÑкіх ключоў"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "выдаліць ключы Ñа зьвÑзку ÑакрÑтных ключоў"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "падпіÑаць ключ"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "падпіÑаць ключ толькі мÑÑцова"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "падпіÑаць ці Ñ€Ñдагаваць ключ"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "дрÑнны пароль"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "ÑкÑпарт ключоў"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "ÑкÑпартаваць ключы на паÑлужнік ключоў"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "імпартаваць ключы з паÑлужніка ключоў"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr ""
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "абнавіць уÑе ключы з паÑлужніка ключоў"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "імпартаваць/аб'Ñднаць ключы"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr ""
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr ""
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr ""
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr ""
+
+#: g10/gpg.c:436
+msgid "print message digests"
+msgstr ""
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr ""
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|ІМЯ| зашыфраваць Ð´Ð»Ñ Ð²Ñ‹Ð»ÑƒÑ‡Ð°Ð½Ð°Ð¹ аÑобы"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr ""
+
+#: g10/gpg.c:462
+msgid "|N|set compress level to N (0 disables)"
+msgstr ""
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr ""
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+msgid "|FILE|write output to FILE"
+msgstr ""
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "не рабіць ніÑкіх зьменаў"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "пытацца перад перазапіÑам"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr ""
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(ГлÑдзіце man Ñтаронку, Ð´Ð»Ñ Ð±Ð¾Ð»ÑŒÑˆ поўнага апіÑÐ°Ð½ÑŒÐ½Ñ ÑžÑÑ–Ñ… загадаў Ñ– выбараў)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Прыклады:\n"
+"\n"
+" -se -r Bob [файл] падпіÑаць Ñ– зашыфраваць Ð´Ð»Ñ ÐºÐ°Ñ€Ñ‹Ñтальніка Bob\n"
+" --clearsign [файл] Ñтварыць чыÑÑ‚Ñ‹ Ñ‚ÑкÑтавы подпіÑ\n"
+" --detach-sign [файл] Ñтварыць адчÑплены подпіÑ\n"
+" --list-keys [назвы] паказаць ключы\n"
+" --fingerprint [назвы] паказаць адбіткі пальцаў\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "ВыкарыÑтаньне: gpg [выбары] [файлы] (-h Ð´Ð»Ñ Ð´Ð°Ð²ÐµÐ´ÐºÑ–)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"СынтакÑÑ–Ñ: gpg [выбары] [файлы]\n"
+"sign, check, encrypt ці decrypt\n"
+"Дапомнае дзеÑньне залежыць ад уваходных даньнÑÑž\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Ðльгарытмы, ÑÐºÑ–Ñ Ð¿Ð°Ð´Ñ‚Ñ€Ñ‹Ð¼Ð»Ñ–Ð²Ð°ÑŽÑ†Ñ†Ð°:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr ""
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr ""
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr ""
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr ""
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "ВыкарыÑтаньне: gpg [выбары] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "неÑумÑÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð·Ð°Ð³Ð°Ð´Ñ‹\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1595
+#, fuzzy, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "невÑÐ´Ð¾Ð¼Ð°Ñ Ð²ÑÑ€ÑÑ‹Ñ"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+msgid "show preferred keyserver URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+msgid "show the keyring name in key listings"
+msgstr ""
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr ""
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr ""
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, fuzzy, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "%s - гÑта недапушчальнае мноÑтва знакаў\n"
+
+#: g10/gpg.c:2624
+#, fuzzy, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "%s - гÑта недапушчальнае мноÑтва знакаў\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr ""
+
+#: g10/gpg.c:2659
+#, fuzzy, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ ÑкÑпартаваньнÑ\n"
+
+#: g10/gpg.c:2662
+#, fuzzy
+msgid "invalid keyserver options\n"
+msgstr "Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ ÑкÑпартаваньнÑ\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ імпартаваньнÑ\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ імпартаваньнÑ\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ ÑкÑпартаваньнÑ\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ ÑкÑпартаваньнÑ\n"
+
+#: g10/gpg.c:2689
+#, fuzzy, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ імпартаваньнÑ\n"
+
+#: g10/gpg.c:2692
+#, fuzzy
+msgid "invalid list options\n"
+msgstr "Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ імпартаваньнÑ\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "%s - гÑта недапушчальнае мноÑтва знакаў\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+msgid "show preferred keyserver URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "%s - гÑта недапушчальнае мноÑтва знакаў\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "%s - гÑта недапушчальнае мноÑтва знакаў\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, fuzzy, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ ÑкÑпартаваньнÑ\n"
+
+#: g10/gpg.c:2732
+#, fuzzy
+msgid "invalid verify options\n"
+msgstr "Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ ÑкÑпартаваньнÑ\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr ""
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ ÑкÑпартаваньнÑ\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr ""
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr ""
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s не дазвалÑецца разам з %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s Ð½Ñ Ð¼Ð°Ðµ ÑÑнÑу разам з %s!\n"
+
+#: g10/gpg.c:3057
+#, fuzzy, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "Ð·Ð°Ð¿Ñ–Ñ Ñƒ stdout\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr ""
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr ""
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr ""
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr ""
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr ""
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr ""
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr ""
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr ""
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr ""
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr ""
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr ""
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr ""
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð´Ð°Ð¿Ð¾Ð¼Ð½Ñ‹Ñ Ð¿ÐµÑ€Ð°Ð²Ð°Ð³Ñ–\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr ""
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr ""
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr ""
+
+#: g10/gpg.c:3263
+#, fuzzy, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s Ð½Ñ Ð¼Ð°Ðµ ÑÑнÑу разам з %s!\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr ""
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [назва_файла]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [назва_файла]"
+
+#: g10/gpg.c:3447
+#, fuzzy, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [назва_файла]"
+
+#: g10/gpg.c:3470
+#, fuzzy
+msgid "--symmetric --encrypt [filename]"
+msgstr "--sign --encrypt [назва_файла]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [назва_файла]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [назва_файла]"
+
+#: g10/gpg.c:3521
+#, fuzzy
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--sign --encrypt [назва_файла]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [назва_файла]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [назва_файла]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [назва_файла]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key user-id"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key user-id"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key user-id [загады]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key user-id"
+
+#: g10/gpg.c:3716
+#, fuzzy, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/gpg.c:3718
+#, fuzzy, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/gpg.c:3720
+#, fuzzy, c-format
+msgid "key export failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/gpg.c:3731
+#, fuzzy, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr ""
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr ""
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr ""
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[назва_файла]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr ""
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr ""
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr ""
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr ""
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "выдаліць ключы Ñа зьвÑзку грамадÑкіх ключоў"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr ""
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr ""
+
+#: g10/gpgv.c:117
+#, fuzzy
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "ВыкарыÑтаньне: gpg [выбары] [файлы] (-h Ð´Ð»Ñ Ð´Ð°Ð²ÐµÐ´ÐºÑ–)"
+
+#: g10/gpgv.c:119
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Даведка адÑутнічае"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Ð”Ð»Ñ \"%s\" даведка адÑутнічае"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+msgid "do not update the trustdb after import"
+msgstr ""
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr ""
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+msgid "remove unusable parts from key after import"
+msgstr ""
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr ""
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr ""
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr ""
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr ""
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr ""
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr ""
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr ""
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr ""
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr ""
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr ""
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr ""
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr ""
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr ""
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr ""
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr ""
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr "ÐŸÐ¾Ð´Ð¿Ñ–Ñ Ñтвораны Ñž %.*s з выкарыÑтаньнем %s ID ключа %08lX\n"
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr ""
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:662
+#, fuzzy, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, fuzzy, c-format
+msgid "key %s: no user ID\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr ""
+
+#: g10/import.c:810
+#, fuzzy, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: g10/import.c:816
+#, fuzzy, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr ""
+
+#: g10/import.c:828 g10/import.c:1303
+#, fuzzy, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr ""
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr ""
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr ""
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr ""
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr ""
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr ""
+
+#: g10/import.c:912 g10/import.c:1321
+#, fuzzy, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, fuzzy, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr ""
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr ""
+
+#: g10/import.c:968
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– подпіÑаў"
+
+#: g10/import.c:971
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– подпіÑаў"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr ""
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr ""
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– подпіÑаў"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– подпіÑаў"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– подпіÑаў"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– подпіÑаў"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr ""
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr ""
+
+#: g10/import.c:1196
+#, fuzzy
+msgid "importing secret keys not allowed\n"
+msgstr "ÑакрÑтны ключ недаÑтупны"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr ""
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr ""
+
+#: g10/import.c:1254
+#, fuzzy, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "выдаліць ключы Ñа зьвÑзку ÑакрÑтных ключоў"
+
+#: g10/import.c:1264
+#, fuzzy, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr ""
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr ""
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr ""
+
+#: g10/import.c:1464
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: g10/import.c:1466
+#, fuzzy, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr ""
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "%s: Ñ‚Ñчка Ñтворана\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr ""
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr ""
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr ""
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr ""
+
+#: g10/import.c:1562
+#, fuzzy, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "%s:%d: Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ ÑкÑпартаваньнÑ\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr ""
+
+#: g10/import.c:1618
+#, fuzzy, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr ""
+
+#: g10/import.c:1666
+#, fuzzy, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "Ключ абаронены.\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr ""
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr ""
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr ""
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr ""
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr ""
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr ""
+
+#: g10/import.c:2013
+#, fuzzy, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "%s: Ñ‚Ñчка Ñтворана\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr ""
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr ""
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr ""
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr ""
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr ""
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, fuzzy, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr ""
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr ""
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr ""
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr ""
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr ""
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr ""
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr ""
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr ""
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr ""
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr ""
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr ""
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr ""
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr ""
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr ""
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr ""
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr ""
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr ""
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr ""
+
+#: g10/keyedit.c:684
+#, fuzzy
+msgid "Sign it? (y/N) "
+msgstr "ПеразапіÑаць (y/N)?"
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr ""
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr ""
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr ""
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "ГÑÑ‚Ñ‹ ключ згубіў ÑаÑтарÑÑž!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr ""
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr ""
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr ""
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr ""
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr ""
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr ""
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr ""
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr ""
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr ""
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr ""
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr ""
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr ""
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+#, fuzzy
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "ÑакрÑтны ключ недаÑтупны"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Ключ абаронены.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr ""
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"УвÑдзіце новы пароль Ð´Ð»Ñ Ð³Ñтага ÑакрÑтнага ключа.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr ""
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr ""
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr ""
+
+#: g10/keyedit.c:1387
+#, fuzzy
+msgid "show key fingerprint"
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr ""
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr ""
+
+#: g10/keyedit.c:1392
+#, fuzzy
+msgid "check signatures"
+msgstr "праверыць подпіÑÑ‹ ключа"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+#, fuzzy
+msgid "sign selected user IDs locally"
+msgstr "падпіÑаць ключ толькі мÑÑцова"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr ""
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr ""
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr ""
+
+#: g10/keyedit.c:1414
+#, fuzzy
+msgid "delete selected user IDs"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: g10/keyedit.c:1419
+#, fuzzy
+msgid "add a subkey"
+msgstr "дрÑнны ключ"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+#, fuzzy
+msgid "delete selected subkeys"
+msgstr "паказаць ÑакрÑÑ‚Ð½Ñ‹Ñ ÐºÐ»ÑŽÑ‡Ñ‹"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr ""
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr ""
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr ""
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr ""
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr ""
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr ""
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr ""
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr ""
+
+#: g10/keyedit.c:1453
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr ""
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr ""
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr ""
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr ""
+
+#: g10/keyedit.c:1465
+#, fuzzy
+msgid "revoke selected user IDs"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr ""
+
+#: g10/keyedit.c:1471
+#, fuzzy
+msgid "enable key"
+msgstr "падпіÑаць ключ"
+
+#: g10/keyedit.c:1472
+#, fuzzy
+msgid "disable key"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr ""
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, fuzzy, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "ДаÑтупны ÑакрÑтны ключ.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr ""
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr ""
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr ""
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:1805
+#, fuzzy
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "падпіÑаць ключ толькі мÑÑцова"
+
+#: g10/keyedit.c:1814
+#, fuzzy, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "невÑÐ´Ð¾Ð¼Ð°Ñ Ð²ÑÑ€ÑÑ‹Ñ"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr ""
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr ""
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr ""
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr ""
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr ""
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, fuzzy, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: g10/keyedit.c:1988
+#, fuzzy, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr ""
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2052
+#, fuzzy
+msgid "Really revoke this user ID? (y/N) "
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: g10/keyedit.c:2070
+#, fuzzy
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2083
+#, fuzzy
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr ""
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2253
+#, fuzzy
+msgid "Save changes? (y/N) "
+msgstr "Захаваць зьмены? "
+
+#: g10/keyedit.c:2256
+#, fuzzy
+msgid "Quit without saving? (y/N) "
+msgstr "ВыйÑьці не захаваўшы зьмены? "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr ""
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr ""
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr ""
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr ""
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr ""
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr ""
+"@\n"
+"Выбары:\n"
+" "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr ""
+
+#: g10/keyedit.c:2810
+#, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr ""
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr ""
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr ""
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, fuzzy, c-format
+msgid "created: %s"
+msgstr "памылка Ñ‡Ñ‹Ñ‚Ð°Ð½ÑŒÐ½Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, fuzzy, c-format
+msgid "revoked: %s"
+msgstr "памылка Ñ‡Ñ‹Ñ‚Ð°Ð½ÑŒÐ½Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, fuzzy, c-format
+msgid "expired: %s"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, fuzzy, c-format
+msgid "expires: %s"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/keyedit.c:2863
+#, fuzzy, c-format
+msgid "usage: %s"
+msgstr "памылка Ñ‡Ñ‹Ñ‚Ð°Ð½ÑŒÐ½Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr ""
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr ""
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr ""
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr ""
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr ""
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr ""
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr ""
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr ""
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr ""
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr ""
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr ""
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr ""
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr ""
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– подпіÑаў"
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– подпіÑаў"
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr ""
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr ""
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr ""
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr ""
+
+#: g10/keyedit.c:3653
+#, fuzzy
+msgid "Please select at most one subkey.\n"
+msgstr "Калі лаÑка, абÑрыце від ключа, Ñкі Вам патрÑбны:\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr ""
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr ""
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr ""
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "выдаліць ключы Ñа зьвÑзку ÑакрÑтных ключоў"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr ""
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr ""
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr ""
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "ПеразапіÑаць (y/N)?"
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr ""
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr ""
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr ""
+
+#: g10/keyedit.c:4774
+#, fuzzy, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "памылка Ñ‡Ñ‹Ñ‚Ð°Ð½ÑŒÐ½Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr ""
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr ""
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr ""
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr ""
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr ""
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr ""
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr ""
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr ""
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr ""
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr ""
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+
+#: g10/keyedit.c:5104
+#, fuzzy, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "выдаліць ключы Ñа зьвÑзку ÑакрÑтных ключоў"
+
+#: g10/keyedit.c:5166
+#, fuzzy, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "выдаліць ключы Ñа зьвÑзку ÑакрÑтных ключоў"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr ""
+
+#: g10/keygen.c:282
+#, fuzzy
+msgid "too many cipher preferences\n"
+msgstr "за шмат пераваг Ð´Ð»Ñ \"%c\"\n"
+
+#: g10/keygen.c:284
+#, fuzzy
+msgid "too many digest preferences\n"
+msgstr "за шмат пераваг Ð´Ð»Ñ \"%c\"\n"
+
+#: g10/keygen.c:286
+#, fuzzy
+msgid "too many compression preferences\n"
+msgstr "за шмат пераваг Ð´Ð»Ñ \"%c\"\n"
+
+#: g10/keygen.c:426
+#, fuzzy, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð´Ð°Ð¿Ð¾Ð¼Ð½Ñ‹Ñ Ð¿ÐµÑ€Ð°Ð²Ð°Ð³Ñ–\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr ""
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr ""
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr ""
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr ""
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr ""
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr ""
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+#, fuzzy
+msgid "Encrypt"
+msgstr "зашыфраваць даньні"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr ""
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr ""
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Калі лаÑка, абÑрыце від ключа, Ñкі Вам патрÑбны:\n"
+
+#: g10/keygen.c:1689
+#, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr ""
+
+#: g10/keygen.c:1691
+#, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr ""
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr ""
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr ""
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr ""
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr ""
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr ""
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr ""
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr ""
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr ""
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr ""
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr ""
+
+#: g10/keygen.c:1964
+#, fuzzy, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "ÐŸÐ¾Ð´Ð¿Ñ–Ñ Ñтвораны Ñž %.*s з выкарыÑтаньнем %s ID ключа %08lX\n"
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr ""
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr ""
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr ""
+
+#: g10/keygen.c:1995
+#, fuzzy, c-format
+msgid "Key expires at %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/keygen.c:1996
+#, fuzzy, c-format
+msgid "Signature expires at %s\n"
+msgstr "ÐŸÐ¾Ð´Ð¿Ñ–Ñ Ñтвораны Ñž %.*s з выкарыÑтаньнем %s ID ключа %08lX\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr ""
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr ""
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr ""
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr ""
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr ""
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr ""
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr ""
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr ""
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr ""
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr ""
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr ""
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr ""
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr ""
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr ""
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr ""
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+"УвÑдзіце новы пароль Ð´Ð»Ñ Ð³Ñтага ÑакрÑтнага ключа.\n"
+"\n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr ""
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr ""
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr ""
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, fuzzy, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "Ð·Ð°Ð¿Ñ–Ñ Ñƒ stdout\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr ""
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr ""
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr ""
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr ""
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr ""
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr ""
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr ""
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr ""
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr ""
+
+#: g10/keygen.c:4116
+#, fuzzy, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/keygen.c:4165
+#, fuzzy, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr ""
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr ""
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr ""
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr ""
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr ""
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr ""
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr ""
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr ""
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr ""
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr ""
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr ""
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+#, fuzzy
+msgid " Key fingerprint ="
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, fuzzy, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr ""
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr ""
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr ""
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr ""
+
+#: g10/keyring.c:1430
+#, fuzzy, c-format
+msgid "caching keyring `%s'\n"
+msgstr "немагчыма адкрыць \"%s\"\n"
+
+#: g10/keyring.c:1489
+#, fuzzy, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– подпіÑаў"
+
+#: g10/keyring.c:1501
+#, fuzzy, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– подпіÑаў"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: Ñтвораны зьвÑзак ключоў\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+msgid "honor the preferred keyserver URL set on the key"
+msgstr ""
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr ""
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, fuzzy, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ ÑкÑпартаваньнÑ\n"
+
+#: g10/keyserver.c:932
+#, fuzzy, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: g10/keyserver.c:934
+#, fuzzy
+msgid "key not found on keyserver\n"
+msgstr "ÑкÑпартаваць ключы на паÑлужнік ключоў"
+
+#: g10/keyserver.c:1177
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "імпартаваць ключы з паÑлужніка ключоў"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "імпартаваць ключы з паÑлужніка ключоў"
+
+#: g10/keyserver.c:1208
+#, c-format
+msgid "searching for names from %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1365
+#, fuzzy, c-format
+msgid "sending key %s to %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+#, fuzzy
+msgid "no keyserver action!\n"
+msgstr "Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ ÑкÑпартаваньнÑ\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr ""
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+#: g10/keyserver.c:1575
+#, fuzzy
+msgid "keyserver timed out\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/keyserver.c:1580
+#, fuzzy
+msgid "keyserver internal error\n"
+msgstr "Ð°Ð³ÑƒÐ»ÑŒÐ½Ð°Ñ Ð¿Ð°Ð¼Ñ‹Ð»ÐºÐ°"
+
+#: g10/keyserver.c:1589
+#, fuzzy, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr ""
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr ""
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr ""
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr ""
+
+#: g10/mainproc.c:294
+#, fuzzy, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: g10/mainproc.c:360
+#, fuzzy, c-format
+msgid "public key is %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr ""
+
+#: g10/mainproc.c:456
+#, fuzzy, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "%u-бітавы %s ключ, ID %08lX, Ñтвораны %s"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr ""
+
+#: g10/mainproc.c:464
+#, fuzzy, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "Паўтарыце пароль\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:495
+#, fuzzy, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "Паўтарыце пароль\n"
+
+#: g10/mainproc.c:497
+#, fuzzy
+msgid "encrypted with 1 passphrase\n"
+msgstr "Паўтарыце пароль\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr ""
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr ""
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr ""
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr ""
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr ""
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr ""
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr ""
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr ""
+
+#: g10/mainproc.c:1587
+msgid "can't handle this ambiguous signature data\n"
+msgstr ""
+
+#: g10/mainproc.c:1598
+#, fuzzy, c-format
+msgid "Signature made %s\n"
+msgstr "ÐŸÐ¾Ð´Ð¿Ñ–Ñ Ñтвораны Ñž %.*s з выкарыÑтаньнем %s ID ключа %08lX\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr ""
+
+#: g10/mainproc.c:1603
+#, fuzzy, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "ÐŸÐ¾Ð´Ð¿Ñ–Ñ Ñтвораны Ñž %.*s з выкарыÑтаньнем %s ID ключа %08lX\n"
+
+#: g10/mainproc.c:1623
+#, fuzzy
+msgid "Key available at: "
+msgstr "Даведка адÑутнічае"
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, fuzzy, c-format
+msgid "BAD signature from \"%s\""
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, fuzzy, c-format
+msgid "Expired signature from \"%s\""
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, fuzzy, c-format
+msgid "Good signature from \"%s\""
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr ""
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr ""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr ""
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr ""
+
+#: g10/mainproc.c:1949
+#, fuzzy, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr ""
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr ""
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+#, fuzzy
+msgid "unknown"
+msgstr "невÑÐ´Ð¾Ð¼Ð°Ñ Ð²ÑÑ€ÑÑ‹Ñ"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr ""
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr ""
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr ""
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr ""
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, fuzzy, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr ""
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr ""
+
+#: g10/misc.c:302
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr ""
+
+#: g10/misc.c:330
+#, fuzzy, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr ""
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr ""
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr ""
+"па больш падрабÑÐ·Ð½Ñ‹Ñ Ð·ÑŒÐ²ÐµÑткі шукайце на http://www.gnupg.org/faq.html\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr ""
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr ""
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr ""
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr ""
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr ""
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr ""
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr ""
+
+#: g10/misc.c:1200
+#, fuzzy, c-format
+msgid "unknown option `%s'\n"
+msgstr "невÑÐ´Ð¾Ð¼Ð°Ñ Ð²ÑÑ€ÑÑ‹Ñ"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Файл \"%s\" ужо йÑнуе. "
+
+#: g10/openfile.c:93
+#, fuzzy
+msgid "Overwrite? (y/N) "
+msgstr "ПеразапіÑаць (y/N)?"
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr ""
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "УвÑдзіце новае Ð¹Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "Ð·Ð°Ð¿Ñ–Ñ Ñƒ stdout\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr ""
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr ""
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr ""
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr ""
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr ""
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr ""
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Вам неабходна ўвеÑьці пароль, каб адчыніць ÑакрÑтны ключ Ð´Ð»Ñ ÐºÐ°Ñ€Ñ‹Ñтальніка:\n"
+"\"%.*s\"\n"
+"%u-бітавы %s ключ, ID %08lX, Ñтвораны %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "УвÑдзіце пароль\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "ÑкаÑавана карыÑтальнікам\n"
+
+#: g10/passphrase.c:592
+#, fuzzy, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"\n"
+"Вам неабходна ўвеÑьці пароль, каб адчыніць ÑакрÑтны ключ длÑ\n"
+"карыÑтальніка: \""
+
+#: g10/passphrase.c:600
+#, fuzzy, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-бітавы %s ключ, ID %08lX, Ñтвораны %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr ""
+
+#: g10/photoid.c:117
+#, fuzzy, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr ""
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr ""
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr ""
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr ""
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr ""
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr ""
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr ""
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr ""
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr ""
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr ""
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr ""
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr ""
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr ""
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr ""
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr ""
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr ""
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr ""
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr ""
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr ""
+
+#: g10/pkclist.c:288
+#, fuzzy
+msgid " q = quit\n"
+msgstr " q = quit [выйÑьці]\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr ""
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr ""
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr ""
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr ""
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr ""
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr ""
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr ""
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr ""
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr ""
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr ""
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr ""
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr ""
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr ""
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr ""
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr ""
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr ""
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr ""
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr ""
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr ""
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr ""
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr ""
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr ""
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr ""
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr ""
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr ""
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr ""
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr ""
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr ""
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Калі лаÑка, задайце назву файла даньнÑÑž: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "чытаецца stdin ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr ""
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr ""
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr ""
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, fuzzy, c-format
+msgid "build_packet failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/revoke.c:145
+#, fuzzy, c-format
+msgid "key %s has no user IDs\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr ""
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr ""
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr ""
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr ""
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, fuzzy, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr ""
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr ""
+
+#: g10/revoke.c:470
+#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr ""
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr ""
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr ""
+
+#: g10/revoke.c:532
+#, fuzzy
+msgid "unknown protection algorithm\n"
+msgstr "невÑдомы альгарытм ÑьціÑканьнÑ"
+
+#: g10/revoke.c:540
+#, fuzzy
+msgid "NOTE: This key is not protected!\n"
+msgstr "Ключ абаронены.\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+
+#: g10/revoke.c:633
+#, fuzzy
+msgid "Please select the reason for the revocation:\n"
+msgstr "Калі лаÑка, абÑрыце від ключа, Ñкі Вам патрÑбны:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr ""
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr ""
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr ""
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr ""
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr ""
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr ""
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr ""
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr ""
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr ""
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Ðедапушчальны пароль. Калі лаÑка, паÑпрабуйце ÑˆÑ‡Ñ Ñ€Ð°Ð·"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr ""
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr ""
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr ""
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr ""
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr ""
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr ""
+
+#: g10/sig-check.c:252
+#, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr ""
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr ""
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr ""
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr ""
+
+#: g10/sign.c:320
+#, fuzzy, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr ""
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr ""
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr ""
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr ""
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr ""
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, fuzzy, c-format
+msgid "error in `%s': %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: g10/tdbdump.c:161
+#, fuzzy
+msgid "line too long"
+msgstr "пароль занадта доўгі\n"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+#, fuzzy
+msgid "invalid fingerprint"
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr ""
+
+#: g10/tdbdump.c:216
+#, fuzzy, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: g10/tdbdump.c:220
+#, fuzzy, c-format
+msgid "read error in `%s': %s\n"
+msgstr "памылка Ñ‡Ñ‹Ñ‚Ð°Ð½ÑŒÐ½Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr ""
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr ""
+
+#: g10/tdbio.c:500
+#, fuzzy, c-format
+msgid "can't access `%s': %s\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr ""
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, fuzzy, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, fuzzy, c-format
+msgid "can't lock `%s'\n"
+msgstr "немагчыма адкрыць \"%s\"\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr ""
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr ""
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr ""
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr ""
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr ""
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ…Ñш-табліцу: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr ""
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr ""
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr ""
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1512
+msgid "Error: The trustdb is corrupted.\n"
+msgstr ""
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr ""
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr ""
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr ""
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr ""
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr ""
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr ""
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr ""
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr ""
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr ""
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+#, fuzzy
+msgid "[ revoked]"
+msgstr "памылка Ñ‡Ñ‹Ñ‚Ð°Ð½ÑŒÐ½Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+#, fuzzy
+msgid "[ expired]"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: g10/trustdb.c:528
+#, fuzzy
+msgid "[ unknown]"
+msgstr "невÑÐ´Ð¾Ð¼Ð°Ñ Ð²ÑÑ€ÑÑ‹Ñ"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr ""
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr ""
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr ""
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, fuzzy, c-format
+msgid "public key %s not found: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr ""
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr ""
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr ""
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr ""
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr ""
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr ""
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr ""
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "ÑакрÑтны ключ недаÑтупны"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "памылка Ñ‡Ñ‹Ñ‚Ð°Ð½ÑŒÐ½Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "пароль занадта доўгі\n"
+
+#: jnlib/argparse.c:186
+msgid "missing argument"
+msgstr ""
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "неÑумÑÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð·Ð°Ð³Ð°Ð´Ñ‹\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ імпартаваньнÑ\n"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "непадтрымліваецца"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ імпартаваньнÑ\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "ÐерÑчаіÑны загад (паÑпрабуйце \"help\")\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "непадтрымліваецца"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "Ð½ÐµÐ´Ð°Ð¿ÑƒÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð²Ñ‹Ð±Ð°Ñ€Ñ‹ імпартаваньнÑ\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr ""
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "Ð·Ð°Ð¿Ñ–Ñ Ñƒ stdout\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "ВыкарыÑтаньне: gpg [выбары] [файлы] (-h Ð´Ð»Ñ Ð´Ð°Ð²ÐµÐ´ÐºÑ–)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "Паўтарыце пароль\n"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "Паўтарыце пароль\n"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Калі лаÑка, абÑрыце від ключа, Ñкі Вам патрÑбны:\n"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Калі лаÑка, абÑрыце від ключа, Ñкі Вам патрÑбны:\n"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, fuzzy, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:708
+#, fuzzy, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ…Ñш-табліцу: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, fuzzy, c-format
+msgid "reading public key failed: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr ""
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "Паўтарыце пароль\n"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, fuzzy, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "Паўтарыце пароль\n"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "Паўтарыце пароль\n"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "Калі лаÑка, абÑрыце від ключа, Ñкі Вам патрÑбны:\n"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+#, fuzzy
+msgid "error reading fingerprint DO\n"
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: scd/app-openpgp.c:2194
+#, fuzzy
+msgid "key already exists\n"
+msgstr "выдаліць ключы Ñа зьвÑзку ÑакрÑтных ключоў"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2200
+#, fuzzy
+msgid "generating new key\n"
+msgstr "Ñтварыць новую пару ключоў"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "Ñтварыць новую пару ключоў"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2773
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ…Ñш-табліцу: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2872
+#, fuzzy
+msgid "generating key failed\n"
+msgstr "Ñтварыць новую пару ключоў"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr ""
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr ""
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+msgid "|FILE|write a log to FILE"
+msgstr ""
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+#, fuzzy
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|ÐÐЗВÐ| задаць назву дапомнага ÑакрÑтнага ключа"
+
+#: scd/scdaemon.c:130
+#, fuzzy
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|ÐÐЗВÐ| задаць назву дапомнага ÑакрÑтнага ключа"
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr ""
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "неÑумÑÑˆÑ‡Ð°Ð»ÑŒÐ½Ñ‹Ñ Ð·Ð°Ð³Ð°Ð´Ñ‹\n"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "ВыкарыÑтаньне: gpg [выбары] [файлы] (-h Ð´Ð»Ñ Ð´Ð°Ð²ÐµÐ´ÐºÑ–)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr ""
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:297
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "даведка (help)"
+
+#: sm/certchain.c:258
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr ""
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "ÑакрÑтны ключ недаÑтупны"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "%s: немагчыма Ñтварыць Ñ…Ñш-табліцу: %s\n"
+
+#: sm/certchain.c:925
+msgid "certificate has been revoked"
+msgstr ""
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr ""
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "ÑакрÑтны ключ недаÑтупны"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "ГÑÑ‚Ñ‹ ключ згубіў ÑаÑтарÑÑž!"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "ГÑÑ‚Ñ‹ ключ згубіў ÑаÑтарÑÑž!"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "ГÑÑ‚Ñ‹ ключ згубіў ÑаÑтарÑÑž!"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "ГÑÑ‚Ñ‹ ключ згубіў ÑаÑтарÑÑž!"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr "ÐŸÐ¾Ð´Ð¿Ñ–Ñ Ñтвораны Ñž %.*s з выкарыÑтаньнем %s ID ключа %08lX\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr ""
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+msgid "no issuer found in certificate"
+msgstr ""
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr ""
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "праверыць подпіÑ"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "no [не]"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Вам неабходна ўвеÑьці пароль, каб адчыніць ÑакрÑтны ключ Ð´Ð»Ñ ÐºÐ°Ñ€Ñ‹Ñтальніка:\n"
+"\"%.*s\"\n"
+"%u-бітавы %s ключ, ID %08lX, Ñтвораны %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, c-format
+msgid "line %d: not a valid email address\n"
+msgstr ""
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, c-format
+msgid " (%d) RSA\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr "ÐŸÐ¾Ð´Ð¿Ñ–Ñ Ñтвораны Ñž %.*s з выкарыÑтаньнем %s ID ключа %08lX\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "немагчыма адчыніць зьвÑзак ключоў"
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+msgid "No key with this keygrip\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr "ÐŸÐ¾Ð´Ð¿Ñ–Ñ Ñтвораны Ñž %.*s з выкарыÑтаньнем %s ID ключа %08lX\n"
+
+#: sm/certreqgen-ui.c:278
+#, c-format
+msgid " (%d) sign\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:279
+#, c-format
+msgid " (%d) encrypt\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+msgid "Enter email addresses"
+msgstr ""
+
+#: sm/certreqgen-ui.c:335
+msgid " (end with an empty line):\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "УвÑдзіце новае Ð¹Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+msgid " (optional; end with an empty line):\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr ""
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: sm/delete.c:143
+#, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr ""
+
+#: sm/delete.c:145
+#, c-format
+msgid "certificate `%s' deleted\n"
+msgstr ""
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: sm/encrypt.c:321
+msgid "no valid recipients given\n"
+msgstr ""
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "паказаць ÑакрÑÑ‚Ð½Ñ‹Ñ ÐºÐ»ÑŽÑ‡Ñ‹"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "дрÑнны ÑÑртыфікат"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+msgid "create base-64 encoded output"
+msgstr ""
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr ""
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+msgid "|FILE|write an audit log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr ""
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr ""
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr ""
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "выдаліць ключы Ñа зьвÑзку грамадÑкіх ключоў"
+
+#: sm/gpgsm.c:301
+#, fuzzy
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|ÐÐЗВÐ| задаць назву дапомнага ÑакрÑтнага ключа"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|ВУЗЕЛ| выкарыÑтоўваць гÑÑ‚Ñ‹ паÑлужнік Ð´Ð»Ñ Ð¿Ð¾ÑˆÑƒÐºÑƒ ключоў"
+
+#: sm/gpgsm.c:329
+#, fuzzy
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|ІМЯ| зашыфраваць Ð´Ð»Ñ Ð²Ñ‹Ð»ÑƒÑ‡Ð°Ð½Ð°Ð¹ аÑобы"
+
+#: sm/gpgsm.c:331
+#, fuzzy
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "ВыкарыÑтаньне: gpg [выбары] [файлы] (-h Ð´Ð»Ñ Ð´Ð°Ð²ÐµÐ´ÐºÑ–)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"СынтакÑÑ–Ñ: gpg [выбары] [файлы]\n"
+"sign, check, encrypt ці decrypt\n"
+"Дапомнае дзеÑньне залежыць ад уваходных даньнÑÑž\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "ВыкарыÑтаньне: gpg [выбары] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "невÑÐ´Ð¾Ð¼Ð°Ñ Ð²ÑÑ€ÑÑ‹Ñ"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr ""
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr ""
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, c-format
+msgid "total number processed: %lu\n"
+msgstr ""
+
+#: sm/import.c:230
+msgid "error storing certificate\n"
+msgstr ""
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "%s: немагчыма Ñтварыць Ñ…Ñш-табліцу: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "%s: Ñ‚Ñчка Ñтворана\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "%s: немагчыма Ñтварыць Ñ…Ñш-табліцу: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "паказаць ключы й адбіткі пальцаў"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr ""
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr ""
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "ÐŸÐ¾Ð´Ð¿Ñ–Ñ Ñтвораны Ñž %.*s з выкарыÑтаньнем %s ID ключа %08lX\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
+#: sm/verify.c:595
+msgid " aka"
+msgstr ""
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– подпіÑаў"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "quit [выйÑьці]"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+msgid "|FILE|run commands from FILE on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "ВыкарыÑтаньне: gpg [выбары] [файлы] (-h Ð´Ð»Ñ Ð´Ð°Ð²ÐµÐ´ÐºÑ–)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "пароль занадта доўгі\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "невÑÐ´Ð¾Ð¼Ð°Ñ Ð²ÑÑ€ÑÑ‹Ñ"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr ""
+"УвÑдзіце новы пароль Ð´Ð»Ñ Ð³Ñтага ÑакрÑтнага ключа.\n"
+"\n"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "Паўтарыце пароль\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|ÐÐЗВÐ| задаць назву дапомнага ÑакрÑтнага ключа"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|ІМЯ| зашыфраваць Ð´Ð»Ñ Ð²Ñ‹Ð»ÑƒÑ‡Ð°Ð½Ð°Ð¹ аÑобы"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+msgid "|URL|use keyserver at URL"
+msgstr ""
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "невÑÐ´Ð¾Ð¼Ð°Ñ Ð²ÑÑ€ÑÑ‹Ñ"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "невÑÐ´Ð¾Ð¼Ð°Ñ Ð²ÑÑ€ÑÑ‹Ñ"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "выкарыÑтоўваць у ÑкаÑьці файла вываду"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "ВыкарыÑтаньне: gpg [выбары] [файлы] (-h Ð´Ð»Ñ Ð´Ð°Ð²ÐµÐ´ÐºÑ–)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "ВыкарыÑтаньне: gpg [выбары] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "ÑакрÑтны ключ недаÑтупны"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Загады:\n"
+" "
+
+#: tools/symcryptrun.c:156
+msgid "decryption modus"
+msgstr ""
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "зашыфраваць даньні"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [назва_файла]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "ВыкарыÑтаньне: gpg [выбары] [файлы] (-h Ð´Ð»Ñ Ð´Ð°Ð²ÐµÐ´ÐºÑ–)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s не дазвалÑецца разам з %s!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "немагчыма адкрыць %s: %s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ \"%s\": %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "збой падпіÑаньнÑ: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "%s: немагчыма Ñтварыць Ñ‚Ñчку: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "непадтрымліваецца"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "ВыкарыÑтаньне: gpg [выбары] [файлы] (-h Ð´Ð»Ñ Ð´Ð°Ð²ÐµÐ´ÐºÑ–)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Загад> "
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr "Калі лаÑка, паведамлÑйце пра памылкі на <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr "Калі лаÑка, паведамлÑйце пра памылкі на <gnupg-bugs@gnu.org>.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Паўтарыце пароль\n"
+
+#~ msgid "|[file]|make a signature"
+#~ msgstr "|[файл]|зрабіць подпіÑ"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[файл]|зрабіць подпіÑ"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[файл]|зрабіць чыÑÑ‚Ñ‹ Ñ‚ÑкÑтавы подпіÑ"
+
+#, fuzzy
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|ÐÐЗВÐ| задаць назву дапомнага ÑакрÑтнага ключа"
+
+#, fuzzy
+#~ msgid "force v3 signatures"
+#~ msgstr "праверыць подпіÑÑ‹ ключа"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "заўÑёдвы выкарыÑтоўваць MDC Ð´Ð»Ñ ÑˆÑ‹Ñ„Ñ€Ð°Ð²Ð°Ð½ÑŒÐ½Ñ"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|ÐÐЗВÐ| уÑталÑваць мноÑтва знакаў Ñ‚Ñрмінала"
+
+#, fuzzy
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "невÑдомы альгарытм ÑьціÑканьнÑ"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "выдаліць ключы Ñа зьвÑзку грамадÑкіх ключоў"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Ðдкажыце \"так\", калі Ð’Ñ‹ згодны з перазапіÑам файла"
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "даведка (help)"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr ""
+#~ "па больш падрабÑÐ·Ð½Ñ‹Ñ Ð·ÑŒÐ²ÐµÑткі шукайце на http://www.gnupg.org/faq.html\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Калі лаÑка, абÑрыце від ключа, Ñкі Вам патрÑбны:\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA патрабуе выкарыÑÑ‚Ð°Ð½ÑŒÐ½Ñ 160-Ñ– бітавага Ñ…Ñш-альгарытму\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "УвÑдзіце пароль: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Паўтарыце пароль: "
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "немагчыма адкрыць \"%s\"\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "ÑакрÑтны ключ недаÑтупны"
+
+#~ msgid "general error"
+#~ msgstr "Ð°Ð³ÑƒÐ»ÑŒÐ½Ð°Ñ Ð¿Ð°Ð¼Ñ‹Ð»ÐºÐ°"
+
+#~ msgid "bad public key"
+#~ msgstr "дрÑнны грамадÑкі ключ"
+
+#~ msgid "bad secret key"
+#~ msgstr "дрÑнны ÑакрÑтны ключ"
+
+#~ msgid "checksum error"
+#~ msgstr "памылка праверчае Ñумы"
+
+#~ msgid "no such user id"
+#~ msgstr "карыÑтальнік з такім ID адÑутнічае"
+
+#~ msgid "bad key"
+#~ msgstr "дрÑнны ключ"
+
+#~ msgid "file write error"
+#~ msgstr "памылка запіÑу файла"
+
+#~ msgid "file open error"
+#~ msgstr "памылка Ð°Ð´Ñ‡Ñ‹Ð½ÐµÐ½ÑŒÐ½Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#~ msgid "file create error"
+#~ msgstr "памылка ÑтварÑÐ½ÑŒÐ½Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "нерÑчаіÑны пароль"
+
+#~ msgid "file close error"
+#~ msgstr "памылка Ð·Ð°Ñ‡Ñ‹Ð½ÐµÐ½ÑŒÐ½Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#~ msgid "file rename error"
+#~ msgstr "памылка Ð¿ÐµÑ€Ð°Ð¹Ð¼ÐµÐ½Ð°Ð²Ð°Ð½ÑŒÐ½Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#~ msgid "file delete error"
+#~ msgstr "памылка Ð²Ñ‹Ð´Ð°Ð»ÐµÐ½ÑŒÐ½Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#~ msgid "unexpected data"
+#~ msgstr "Ð½ÐµÑ‡Ð°ÐºÐ°Ð½Ñ‹Ñ Ð´Ð°Ð½ÑŒÐ½Ñ–"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "зашыфраваць даньні"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "УВÐГÐ! ВыкарыÑтоўваецца небÑÑÑŒÐ¿ÐµÑ‡Ð½Ð°Ñ Ð¿Ð°Ð¼Ñць!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "дзеÑньне немагчымае без раÑпачатае бÑÑьпечнае памÑці\n"
+
+#, fuzzy
+#~ msgid "expired: %s)"
+#~ msgstr "збой падпіÑаньнÑ: %s\n"
+
+#, fuzzy
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr "Ключ абаронены.\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "немагчыма адкрыць %s: %s\n"
+
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--nrsign-key user-id"
+
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--nrlsign-key user-id"
+
+#, fuzzy
+#~ msgid "generate"
+#~ msgstr "Ð°Ð³ÑƒÐ»ÑŒÐ½Ð°Ñ Ð¿Ð°Ð¼Ñ‹Ð»ÐºÐ°"
+
+#, fuzzy
+#~ msgid "Unable to open photo \"%s\": %s\n"
+#~ msgstr "немагчыма адкрыць %s: %s\n"
+
+#~ msgid "|[files]|encrypt files"
+#~ msgstr "|[файлы]|зашыфраваць файлы"
+
+#~ msgid "|[files]|decrypt files"
+#~ msgstr "|[файлы]|разшыфраваць файлы"
+
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "ніколі не выкарыÑтоўваць MDC Ð´Ð»Ñ ÑˆÑ‹Ñ„Ñ€Ð°Ð²Ð°Ð½ÑŒÐ½Ñ"
+
+#~ msgid " (default)"
+#~ msgstr " (дапомна)"
+
+#~ msgid "Policy: "
+#~ msgstr "Палітыка:"
+
+#, fuzzy
+#~ msgid "quit|quit"
+#~ msgstr "quit [выйÑьці]"
diff --git a/po/boldquot.sed b/po/boldquot.sed
new file mode 100644
index 0000000..4b937aa
--- /dev/null
+++ b/po/boldquot.sed
@@ -0,0 +1,10 @@
+s/"\([^"]*\)"/“\1â€/g
+s/`\([^`']*\)'/‘\1’/g
+s/ '\([^`']*\)' / ‘\1’ /g
+s/ '\([^`']*\)'$/ ‘\1’/g
+s/^'\([^`']*\)' /‘\1’ /g
+s/“â€/""/g
+s/“/“/g
+s/â€/â€/g
+s/‘/‘/g
+s/’/’/g
diff --git a/po/ca.gmo b/po/ca.gmo
new file mode 100644
index 0000000..9bd4784
--- /dev/null
+++ b/po/ca.gmo
Binary files differ
diff --git a/po/ca.po b/po/ca.po
new file mode 100644
index 0000000..9c1df8c
--- /dev/null
+++ b/po/ca.po
@@ -0,0 +1,10383 @@
+# Missatges de gnupg en català.
+# Copyright © 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
+# Carles Sadurní Anguita <sadurni@jazzfree.com>, 2001.
+# Jordi Mallach <jordi@gnu.org>, 2001, 2002, 2003, 2005.
+#
+# Coses (jm):
+# ID d'usuari és masculí? Hi ha una mescla...
+# (ivb: ID == identificador -> masculí)
+# Canviar ID -> ID d'usuari
+# Xifratge vs. Xifrat
+# (ivb: xifratge -> acció, xifrat -> adjectiu)
+# + coses (ivb):
+# - Algunes frases incompletes «x desconegut» -> «x és desconegut».
+# - «algoritme» o «algorisme»? (ambdós són correctes)
+# - digest -> resum
+# - «anell» o «clauer»? (key ring -> clauer)
+# - bug -> error? (del recull)
+# - Crec q uses més «signatura» q «firma»; unifique.
+# - Usar majúscules x ressaltar (com original)?
+# - Hi ha cert desordre en les cometes ;)
+# - Frases índies completades.
+# - Algunes incoherències: error {en la lectura,en llegir,mentre es llegia}
+# - Probablement he clavat la pota en tots els Photo ID :P
+# - Només es maneja amb les mans.
+# - sapigueu -> sapieu? (x coherència)
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.4.0\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2005-02-04 02:04+0100\n"
+"Last-Translator: Jordi Mallach <jordi@gnu.org>\n"
+"Language-Team: Catalan <ca@dodds.net>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "no s'ha pogut emmagatzemar l'empremta digital: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr ""
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "la línia és massa llarga\n"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "la contrasenya és massa llarga\n"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Hi ha un caràcter invàlid en el camp *nom*\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "l'MPI és erroni"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "la contrasenya és errònia"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "la contrasenya és errònia"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "l'algoritme de protecció %d%s no està suportat\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "no s'ha pogut crear «%s»: %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "no s'ha pogut obrir «%s»: %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "error en la creació de la contrasenya: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "s'ha produït un error mentre s'escrivia l'anell secret «%s»: %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr ""
+"no s'ha trobat cap anell secret de escrivible: %s\n"
+"\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "canvia la contrasenya"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: no s'ha pogut crear la taula de dispersió: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+#, fuzzy
+msgid "Admin PIN"
+msgstr "Introduïu el nom d'usuari: "
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Repetiu la contrasenya: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Repetiu la contrasenya: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Repetiu la contrasenya: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "la contrasenya no s'ha repetit correctament; torneu a intentar-ho"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "la contrasenya no s'ha repetit correctament; torneu a intentar-ho"
+
+#: agent/divert-scd.c:298
+#, fuzzy
+msgid "PIN not correctly repeated; try again"
+msgstr "la contrasenya no s'ha repetit correctament; torneu a intentar-ho"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr ""
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "error en la creació de la contrasenya: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "%s: error en escriure el registre de directoris: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "Introduïu la contrasenya\n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Voleu usar de tota manera aquesta clau?"
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"Cal una contrasenya per a protegir la clau secreta.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "canvia la contrasenya"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opcions:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+# Un dels dos és en la llista d'opcions amb --help. Urgh. jm
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "detall"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "una mica més silenciós"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "|FITXER|carrega el mòdul d'extensió especificat"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "cerca claus en un servidor de claus"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr ""
+"Voleu actualitzar les preferències per a les ID d'usuaris seleccionades?"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "actualitza la base de dades de confiança"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "error en la creació de la contrasenya: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Si us plau, informeu sobre els errors a <gnupg-bugs@gnu.org>.\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "NOTA: no existeix el fitxer d'opcions predeterminades «%s»\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "fitxer d'opcions «%s»: %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "s'estan llegint opcions de «%s»\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "error en crear «%s»: %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "no es pot crear el directori «%s»: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "no s'ha pogut crear «%s»: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, fuzzy, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "Certificat de revocació vàlid"
+
+#: agent/gpg-agent.c:1525
+#, fuzzy
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "gpg-agent no està disponible en aquesta sessió\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "error en crear «%s»: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "error mentre s'enviava a «%s»: %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "ha fallat l'actualització: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "s'està escrivint la clau secreta a «%s»\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, fuzzy, c-format
+msgid "directory `%s' created\n"
+msgstr "%s: s'ha creat el directori\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "base de dades de confiança: ha fallat la lectura (n=%d): %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "%s: no s'ha pogut crear el directori: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "ha fallat l'actualització de la clau secreta: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "\t%lu claus es descarta\n"
+
+#: agent/gpg-agent.c:2232
+#, fuzzy
+msgid "no gpg-agent running in this session\n"
+msgstr "gpg-agent no està disponible en aquesta sessió\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "la variable d'entorn GPG_AGENT_INFO és malformada\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "la versió %d del protocol de gpg-agent no està suportada\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Ordres:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opcions:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "la contrasenya és errònia"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "Cancel·la"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "error en la creació de la contrasenya: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "fitxer d'opcions «%s»: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+# Parts? Peces? ivb
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "parts de la clau secreta no estan disponbles\n"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "error de lectura: %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "sí|si"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "canvia la contrasenya"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "error en la creació de la contrasenya: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "no es pot obrir el fitxer: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "s'ha produït un error mentre s'escrivia l'anell secret «%s»: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "error en crear «%s»: %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "%s: no s'ha trobat l'usuari\n"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent no està disponible en aquesta sessió\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "no s'ha pogut connectar amb «%s»: %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "hi ha un problema de comunicació amb el gpg-agent\n"
+
+#: common/simple-pwquery.c:416
+#, fuzzy
+msgid "problem setting the gpg-agent options\n"
+msgstr "hi ha un problema amb l'agent: l'agent ha tornat 0x%lx\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "s'ha cancel·lat per l'usuari\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+#, fuzzy
+msgid "problem with the agent\n"
+msgstr "hi ha un problema amb l'agent: l'agent ha tornat 0x%lx\n"
+
+# bolcats de memòria? ivb
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "no s'han pogut desactivar els bolcats de memòria: %s\n"
+
+# Indi. ivb
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "AVÃS: el propietari és insegur en %s «%s»\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "AVÃS: els permissos són insegurs en %s «%s»\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "sí|si"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "sS"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "no"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "ix"
+
+# «xX»? ivb
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "xX"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+#, fuzzy
+msgid "cC"
+msgstr "c"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "Certificat correcte"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "Certificat correcte"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "Certificat correcte"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "Certificat correcte"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "Certificat correcte"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "Certificat correcte"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "Certificat de revocació vàlid"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr ""
+"No s'han trobat certificats amb confiança no definida.\n"
+"\n"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "La clau és disponible en: "
+
+# Fitxer indi fins final. Hau! ivb
+# Grrr. Com em tracten els esclaus ja... jm
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: s'ha creat l'anell\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "armadura: %s\n"
+
+# Suportats? ivb
+# A Softcatalà diuen molt «implementat». jm
+# Precissament acabem de parlar d'«implementat a la llista del GNOME
+# i s'ha dit que és erroni, igual que «suportat» :) Les alternatives
+# encara no m'agraden massa... jm
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Algoritmes suportats:\n"
+
+# Gènere? Nombre? ivb
+# Werner FIXME: please add translator comment saying *what* is
+# uncompressed so we know the gender. jm
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "no és xifrat"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "l'algoritme de dispersió és invàlid «%s»\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Aquesta signatura va caducar el %s\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "l'algoritme de dispersió és invàlid «%s»\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "l'algoritme de protecció %d%s no està suportat\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "s'ha eliminat la verificació de signatura\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "Aquesta signatura va caducar el %s\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "Signatura correcta de \""
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "l'algoritme de dispersió és invàlid «%s»\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "Aquesta signatura va caducar el %s\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "Certificat de revocació vàlid"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr ""
+"No s'han trobat certificats amb confiança no definida.\n"
+"\n"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "Certificat correcte"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "La clau és disponible en: "
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "Certificat correcte"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "Certificat invàlid"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "la versió és desconeguda"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "No hi ha ajuda disponible per a `%s'"
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "error en l'última línia\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "[no establert]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "armadura: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "la capçalera d'armadura és invàlida: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "capçalera d'armadura: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "la capçalera de signatura clara és invàlida\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "capçalera d'armadura: "
+
+# És un missatge d'error? ivb
+# «Anidada» és un castellanisme. Niuades? Imbricades (SC)?? ivb
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "signatures en text pla imbricades\n"
+
+# FIXME: un-indiar. jm
+#: g10/armor.c:643
+#, fuzzy
+msgid "unexpected armor: "
+msgstr "armadura inesperada:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "la línia escapada amb guió és invàlida: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, fuzzy, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "el caràcter radix64 %02x invàlid s'ha omés\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "fi de fitxer prematur (no CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "fi de fitxer prematur (en CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "CRC malformat\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, fuzzy, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "error de CRC; %06lx - %06lx\n"
+
+#: g10/armor.c:919
+#, fuzzy
+msgid "premature eof (in trailer)\n"
+msgstr "fí de fitxer prematur (al final)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "error en l'última línia\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "no s'han trobat dades OpenPGP vàlides.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "l'armadura és invàlida: la línia és més llarga que %d caràcters\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"hi ha un caràcter «quoted printable» en l'armadura - probablement s'ha "
+"utilitzat un MTA amb errors\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"un nom de notació només pot tenir caràcters imprimibles o espais i acabar "
+"amb el signe «=»\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "un nom de notació d'usuari no pot contenir el caràcter «@»\n"
+
+#: g10/build-packet.c:994
+#, fuzzy
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "un nom de notació d'usuari no pot contenir el caràcter «@»\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "un valor de notació no pot utilitzar cap caràcter de control\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "AVÃS: s'hi han trobat dades de notació invàlides\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "no llegible per humans"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, fuzzy, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "la clau secreta no està disponible"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr ""
+
+# Destès? ivb
+# Desatès, sí. jm
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+#, fuzzy
+msgid "can't do this in batch mode\n"
+msgstr "no es pot fet això en mode desatès\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "Aquesta ordre no està permesa mentre s'està en mode %s.\n"
+
+# Parts? Peces? ivb
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "parts de la clau secreta no estan disponbles\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "La vostra selecció? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[no establert]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "home"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "dóna"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "no especificat"
+
+# Gènere? Nombre? Passat, futur? ivb
+# Probablement és una clau, femení. jm
+# Werner FIXME: please add translator comment saying *what* is
+# uncompressed so we know the gender. jm
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "no forçat"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "forçat"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr ""
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr ""
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr ""
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:693
+#, fuzzy
+msgid "URL to retrieve public key: "
+msgstr "no hi ha cap clau pública corresponent: %s\n"
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "error en crear l'anell «%s»: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr ""
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:1005
+#, fuzzy
+msgid "Language preferences: "
+msgstr "preferències actualitzades"
+
+#: g10/card-util.c:1013
+#, fuzzy
+msgid "Error: invalid length of preference string.\n"
+msgstr "hi ha un caràcter invàlid en la cadena de preferència\n"
+
+#: g10/card-util.c:1022
+#, fuzzy
+msgid "Error: invalid characters in preference string.\n"
+msgstr "hi ha un caràcter invàlid en la cadena de preferència\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr ""
+
+#: g10/card-util.c:1058
+#, fuzzy
+msgid "Error: invalid response.\n"
+msgstr "error: l'empremta digital és invàlida\n"
+
+#: g10/card-util.c:1080
+#, fuzzy
+msgid "CA fingerprint: "
+msgstr "Empremta digital:"
+
+#: g10/card-util.c:1103
+#, fuzzy
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "error: l'empremta digital és invàlida\n"
+
+#: g10/card-util.c:1153
+#, fuzzy, c-format
+msgid "key operation not possible: %s\n"
+msgstr "La generació de claus ha fallat: %s\n"
+
+#: g10/card-util.c:1154
+#, fuzzy
+msgid "not an OpenPGP card"
+msgstr "no s'han trobat dades OpenPGP vàlides.\n"
+
+#: g10/card-util.c:1167
+#, fuzzy, c-format
+msgid "error getting current key info: %s\n"
+msgstr "s'ha produït un error mentre s'escrivia l'anell secret «%s»: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Quina grandària voleu? (1024) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Quina grandària voleu? (1024) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Quina grandària voleu? (1024) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "arrodonida fins a %u bits\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "error mentre s'enviava a «%s»: %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "es descarta: la clau secreta ja és present\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+
+#: g10/card-util.c:1449
+#, fuzzy
+msgid "Please select the type of key to generate:\n"
+msgstr "Seleccioneu quin tipus de clau voleu:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr ""
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+#, fuzzy
+msgid " (2) Encryption key\n"
+msgstr " (%d) RSA (només xifrar)\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr ""
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "La selecció és invàlida.\n"
+
+#: g10/card-util.c:1556
+#, fuzzy
+msgid "Please select where to store the key:\n"
+msgstr "Seleccioneu la raó de la revocació:\n"
+
+#: g10/card-util.c:1600
+#, fuzzy
+msgid "unknown key protection algorithm\n"
+msgstr "l'algorisme de protecció és desconegut\n"
+
+#: g10/card-util.c:1605
+#, fuzzy
+msgid "secret parts of key are not available\n"
+msgstr "Les parts secretes de la clau primària no estan disponibles.\n"
+
+#: g10/card-util.c:1610
+#, fuzzy
+msgid "secret key already stored on a card\n"
+msgstr "es descarta: la clau secreta ja és present\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "ix del menú"
+
+#: g10/card-util.c:1684
+#, fuzzy
+msgid "show admin commands"
+msgstr "les ordres entren en conflicte\n"
+
+# «pantalla» o «ajuda»? ivb
+# «ajuda», evidentment. jm
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "mostra aquesta ajuda"
+
+#: g10/card-util.c:1687
+#, fuzzy
+msgid "list all available data"
+msgstr "La clau és disponible en: "
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr ""
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr ""
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr ""
+
+#: g10/card-util.c:1693
+#, fuzzy
+msgid "change the login name"
+msgstr "canvia la data de caducitat"
+
+#: g10/card-util.c:1694
+#, fuzzy
+msgid "change the language preferences"
+msgstr "canvia la confiança"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr ""
+
+#: g10/card-util.c:1696
+#, fuzzy
+msgid "change a CA fingerprint"
+msgstr "mostra empremta"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+#, fuzzy
+msgid "generate new keys"
+msgstr "genera un nou parell de claus"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr ""
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+#, fuzzy
+msgid "Admin-only command\n"
+msgstr "les ordres entren en conflicte\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr ""
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr ""
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "L'ordre no és vàlida (proveu «help»)\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output no funciona per a aquesta ordre\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "no s'ha pogut obrir «%s»\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, fuzzy, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "no s'ha trobat la clau «%s»: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "s'ha produït un error en llegir el bloc de claus: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(a no ser que especifiqueu la clau per la empremta digital)\n"
+
+# Ahà! Abans «batch» està tal qual. Cal unificar. ivb
+# Fet. jm
+#: g10/delkey.c:133
+#, fuzzy
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "no es pot fer això en el mode desatès sense «--yes»\n"
+
+#: g10/delkey.c:145
+#, fuzzy
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Voleu esborrar aquesta clau de l'anell? "
+
+#: g10/delkey.c:153
+#, fuzzy
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "És una clau secreta! Voleu esborrar-la? "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "s'ha netejat la informació de la confiança\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "hi ha una clau secreta per a la clau pública «%s»!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "utilitzeu l'opció «--delete-secret-keys» per a eliminar-la primer.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "error en la creació de la contrasenya: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "no es pot usar un paquet asimètric ESK al estar en mode S2K\n"
+
+#: g10/encode.c:246
+#, fuzzy, c-format
+msgid "using cipher %s\n"
+msgstr "Ha fallat el procés de signatura: %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "«%s» ja està comprimida\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "AVÃS: «%s» és un fitxer buit\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"només podeu xifrar a claus RSA de 2048 bits o menys en el mode --pgp2\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "s'està llegint des de «%s»\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"no s'ha pogut utilitzar el xifratge IDEA per a totes les claus per a les que "
+"esteu xifrant.\n"
+
+#: g10/encode.c:559
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"forçar el xifrat asimètric %s (%d) viola les preferències del destinatari\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"forçar l'algoritme de compressió %s (%d) viola les preferències del "
+"destinatari\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"forçar el xifrat asimètric %s (%d) viola les preferències del destinatari\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "no podeu usar %s mentre esteu en mode %s\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s xifrat per a: «%s»\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "dades xifrades amb %s\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "xifrat amb l'algoritme %d (desconegut)\n"
+
+# És no-wrap? ivb
+# Com? jm
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"ATENCIÓ: el missatge s'ha xifrat amb una clau feble durant el xifratge\n"
+"simètric.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "problema en tractar amb un paquet xifrat\n"
+
+# Execució de programes remots, o execució remota de programes? jm
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "no hi ha suport per a l'execució remota de programes\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"les crides a programes externs estan inhabilitades per tindre el fitxer "
+"d'opcions permissos insegurs\n"
+
+#: g10/exec.c:338
+#, fuzzy
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"aquesta plataforma necessita fitxers temporals quan es crida a programes "
+"externs\n"
+
+#: g10/exec.c:416
+#, fuzzy, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "no s'ha pogut executar %s «%s»: %s\n"
+
+#: g10/exec.c:419
+#, fuzzy, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "no s'ha pogut executar %s «%s»: %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "s'ha produït un error del sistema en cridar el programa extern: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "s'ha produït una eixida no natural del programa extern\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "no s'ha pogut executar el programa extern\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "no s'ha pogut llegir la resposta del programa extern: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "AVÃS: no s'ha pogut eliminar el fitxer temporal (%s) «%s»: %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "AVÃS: no s'ha pogut eliminar el directori temporal «%s»: %s\n"
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr ""
+"\n"
+"La signatura es marcarà com a irrevocable.\n"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+#, fuzzy
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "no s'han ttrobat claus de revocació per a «%s»\n"
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr "revoca una clau secundària"
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "la clau secreta és inusable"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+#, fuzzy
+msgid "exporting secret keys not allowed\n"
+msgstr "s'està escrivint la clau secreta a «%s»\n"
+
+#: g10/export.c:367
+#, fuzzy, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "clau %08lX: no està protegida - es descarta\n"
+
+#: g10/export.c:375
+#, fuzzy, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "clau %08lX: clau d'estil PGP 2.x - es descarta\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr ""
+"clau %08lX: la signatura de la subclau és en el lloc equivocat - es "
+"descarta\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "no s'ha pogut inicialitzar la base de dades de confiança: %s\n"
+
+#: g10/export.c:584
+#, fuzzy, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "AVÃS: la clau secreta %08lX no te una simple suma de comprovació SK\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "AVÃS: no s'ha exportat res\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr ""
+"hi ha massa entrades en la memòria cau de claus públiques - desactivada\n"
+
+#: g10/getkey.c:175
+#, fuzzy
+msgid "[User ID not found]"
+msgstr "[No s'ha trobat l'id d'usuari]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "error en crear «%s»: %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "Empremta digital:"
+
+#: g10/getkey.c:1930
+#, fuzzy, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"La clau invàlida %08lX s'ha fet vàlida amb --allow-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, fuzzy, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr ""
+"no hi ha una clau secreta per a la subclau pública %08lX - es descarta\n"
+
+#: g10/getkey.c:2759
+#, fuzzy, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "s'usarà la clau secundària %08lX en lloc de la primària %08lX\n"
+
+#: g10/getkey.c:2806
+#, fuzzy, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "clau %08lX: clau secreta sense clau pública - es descarta\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "|[fitxer]|crea una signatura"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[fitxer]|crea una signatura en text clar"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "crea una signatura separada"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "xifra dades"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "xifra només amb xifratge simètric"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "desxifra dades (predeterminat)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "verifica una signatura"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "llista claus"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "llista claus i signatures"
+
+# «de les claus» o «de la clau»? ivb
+#: g10/gpg.c:389
+#, fuzzy
+msgid "list and check key signatures"
+msgstr "comprova les signatures de la claus"
+
+# «dactilars» o «digitals»? ivb
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "llista claus i empremtes digitals"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "llista claus secretes"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "genera un nou parell de claus"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "genera un certificat de revocació"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "elimina claus de l'anell públic"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "elimina claus de l'anell secret"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "signa una clau"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "signa una clau localment"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "signa o edita una clau"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "canvia la contrasenya"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "exporta claus"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "exporta claus a un servidor de claus"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "importa claus d'un servidor de claus"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "cerca claus en un servidor de claus"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "actualitza totes les claus des d'un servidor de claus"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "importa/fon claus"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr ""
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr ""
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr ""
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "actualitza la base de dades de confiança"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|algo [fitxers]|imprimeix resums de missatges"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "crea eixida amb armadura ascii"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|NOM|xifra per a NOM"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "usa aquest id per a signar o desxifrar"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|nivell de compressió N (0 no comprimeix)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "usa el mode de text canònic"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "|FITXER|carrega el mòdul d'extensió especificat"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "no fa cap canvi"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "pregunta abans de sobreescriure"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr ""
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(En la pàgina del man hi ha una llista completa d'ordres i d'opcions)\n"
+
+# Crec q (A)lice (orig.), (B)ob (dest.), etc. són noms usats pel Zimmerman
+# en el manual original de PGP. A, B, C... ivb
+# En efecte. Idem per a Mallory més endavant. Els deixe com a l'original. jm
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Exemples:\n"
+"\n"
+" -se -r Bob [fitxer] signa i xifra per a l'usuari Bob\n"
+" --clearsign [fitxer] crea una signatura en text clar\n"
+" --detach-sign [fitxer] crea una signatura separada\n"
+" --list-keys [noms] mostra claus\n"
+" --fingerprint [noms] mostra empremtes digitals\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintaxi: gpg [opcions] [fitxers]\n"
+"signa, comprova, xifra o desxifra\n"
+"l'operació predeterminada depén de les dades introduïdes\n"
+
+# Suportats? ivb
+# A Softcatalà diuen molt «implementat». jm
+# Precissament acabem de parlar d'«implementat a la llista del GNOME
+# i s'ha dit que és erroni, igual que «suportat» :) Les alternatives
+# encara no m'agraden massa... jm
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Algoritmes suportats:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Clau pública: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Xifratge: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Dispersió: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Compressió: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "forma d'ús: gpg [opcions] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "les ordres entren en conflicte\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "no s'ha trobat cap signe = a la definició de grup «%s»\n"
+
+# Indi. ivb
+#: g10/gpg.c:1373
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "AVÃS: el propietari és insegur en %s «%s»\n"
+
+# Indi. ivb
+#: g10/gpg.c:1376
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "AVÃS: el propietari és insegur en %s «%s»\n"
+
+# Indi. ivb
+#: g10/gpg.c:1379
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "AVÃS: el propietari és insegur en %s «%s»\n"
+
+#: g10/gpg.c:1385
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "AVÃS: els permissos són insegurs en %s «%s»\n"
+
+#: g10/gpg.c:1388
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "AVÃS: els permissos són insegurs en %s «%s»\n"
+
+#: g10/gpg.c:1391
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "AVÃS: els permissos són insegurs en %s «%s»\n"
+
+#: g10/gpg.c:1397
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "AVÃS: el propietari del directori envoltant és insegur en %s «%s»\n"
+
+#: g10/gpg.c:1400
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr "AVÃS: el propietari del directori envoltant és insegur en %s «%s»\n"
+
+#: g10/gpg.c:1403
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "AVÃS: el propietari del directori envoltant és insegur en %s «%s»\n"
+
+#: g10/gpg.c:1409
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "AVÃS: els permissos del directori envoltant són insegurs en %s «%s»\n"
+
+#: g10/gpg.c:1412
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr "AVÃS: els permissos del directori envoltant són insegurs en %s «%s»\n"
+
+#: g10/gpg.c:1415
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "AVÃS: els permissos del directori envoltant són insegurs en %s «%s»\n"
+
+#: g10/gpg.c:1595
+#, fuzzy, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "s'ha creat el nou fitxer d'opcions «%s»\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+#, fuzzy
+msgid "show all notations during signature listings"
+msgstr "No hi ha cap signatura corresponent en l'anell secret\n"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "la URL de política de signatura donada no és vàlida\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr "mostra en quin anell de claus està una clau llistada"
+
+#: g10/gpg.c:1721
+#, fuzzy
+msgid "show expiration dates during signature listings"
+msgstr "No hi ha cap signatura corresponent en l'anell secret\n"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "NOTA: es descarta el fitxer d'opcions predeterminades antic «%s»\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "NOTA: %s no és per a ús normal!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, fuzzy, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "%s no és un joc de caràcters vàlid\n"
+
+#: g10/gpg.c:2624
+#, fuzzy, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "%s no és un joc de caràcters vàlid\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+#, fuzzy
+msgid "could not parse keyserver URL\n"
+msgstr "no s'ha pogut analitzar sintàcticament la URI del servidor de claus\n"
+
+#: g10/gpg.c:2659
+#, fuzzy, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d opcions d'exportació no vàlides\n"
+
+#: g10/gpg.c:2662
+#, fuzzy
+msgid "invalid keyserver options\n"
+msgstr "opcions d'exportació no vàlides\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: opcions d'importanció no vàlides\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "opcions d'importació no vàlides\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d opcions d'exportació no vàlides\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "opcions d'exportació no vàlides\n"
+
+#: g10/gpg.c:2689
+#, fuzzy, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: opcions d'importanció no vàlides\n"
+
+#: g10/gpg.c:2692
+#, fuzzy
+msgid "invalid list options\n"
+msgstr "opcions d'importació no vàlides\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "%s no és un joc de caràcters vàlid\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "la URL de política de signatura donada no és vàlida\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "%s no és un joc de caràcters vàlid\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "%s no és un joc de caràcters vàlid\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, fuzzy, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d opcions d'exportació no vàlides\n"
+
+#: g10/gpg.c:2732
+#, fuzzy
+msgid "invalid verify options\n"
+msgstr "opcions d'exportació no vàlides\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "no s'ha pogut fixar l'exec-path a %s\n"
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d opcions d'exportació no vàlides\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "AVÃS: el programa podria crear un fitxer core!\n"
+
+# FIXME: preferència? jm
+# Ho discutírem en la llista, segur. Deu ser als arxius. ivb
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "AVÃS: %s té preferència sobre %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s no és permés amb %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s no té sentit amb %s!\n"
+
+#: g10/gpg.c:3057
+#, fuzzy, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "s'està escrivint la clau secreta a «%s»\n"
+
+# clares -> en clar? ivb
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "només podeu fer signatures separades o en clar en el mode --pgp2\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "no podeu signar i xifrar al mateix temps en el mode --pgp2\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+"heu d'utilitzar fitxers (i no un conducte) mentre treballeu amb --pgp2 "
+"habilitat.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "xifrar un missatge en mode --pgp2 requereix el xifratge IDEA\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "l'algorisme de xifratge triat no és vàlid\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "l'algorisme de resum seleccionat no és vàlid\n"
+
+#: g10/gpg.c:3175
+#, fuzzy
+msgid "selected compression algorithm is invalid\n"
+msgstr "l'algorisme de xifratge triat no és vàlid\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "l'algorisme de resum de certificació seleccionat no és vàlid\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed ha de ser major que 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed ha de ser major que 1\n"
+
+#: g10/gpg.c:3200
+#, fuzzy
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth ha d'estar en el rang 1 a 255\n"
+
+#: g10/gpg.c:3202
+#, fuzzy
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "default-check-level és invàlid; ha de ser 0, 1, 2 o 3\n"
+
+#: g10/gpg.c:3204
+#, fuzzy
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "default-check-level és invàlid; ha de ser 0, 1, 2 o 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "NOTA: el mode S2K simple (0) no és gens recomanable\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "el mode S2K és invàlid; ha de ser 0, 1 o 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "les preferències per defecte són invàlides\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "les preferències personals de xifrat són invàlides\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "les preferències personals de digest són invàlides\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "les preferències personals de compressió són invàlides\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s encara no funciona amb %s\n"
+
+#: g10/gpg.c:3310
+#, fuzzy, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "no podeu usar l'algorisme de xifratge «%s» mentre esteu en mode %s\n"
+
+#: g10/gpg.c:3315
+#, fuzzy, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "no podeu usar l'algorisme de resum %s mentre esteu en mode %s\n"
+
+#: g10/gpg.c:3320
+#, fuzzy, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "no podeu usar l'algorisme de compressió %s mentre esteu en mode %s\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "no s'ha pogut inicialitzar la base de dades de confiança: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"AVÃS: s'han donat destinataris (-r) sense usar xifratge de clau pública\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [nom_del_fitxer]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [nom_del_fitxer]"
+
+#: g10/gpg.c:3447
+#, fuzzy, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "ha fallat el desxifratge: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [nom_del_fitxer]"
+
+#: g10/gpg.c:3470
+#, fuzzy
+msgid "--symmetric --encrypt [filename]"
+msgstr "--sign --encrypt [nom_del_fitxer]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "no podeu usar %s mentre esteu en mode %s\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [nom_del_fitxer]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [nom_del_fitxer]"
+
+#: g10/gpg.c:3521
+#, fuzzy
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--sign --encrypt [nom_del_fitxer]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "no podeu usar %s mentre esteu en mode %s\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [nom_del_fitxer]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [nom_del_fitxer]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [nom_del_fitxer]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key user-id"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key user-id"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key user-id [ordres]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key user-id"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "l'enviament al servidor de claus ha fallat: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "la recepció des del servidor de claus ha fallat: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "l'exportació de la clau ha fallat: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "ha fallat la cerca al servidor de claus: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "ha fallat el refresc des del servidor de claus: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "no s'ha pogut llevar l'armadura: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "no s'ha pogut crear l'armadura: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "l'algoritme de dispersió és invàlid «%s»\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[nom_del_fitxer]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Endavant, escriviu el missatge...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "la URL de política de certificació donada no és vàlida\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "la URL de política de signatura donada no és vàlida\n"
+
+#: g10/gpg.c:4358
+#, fuzzy
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "la URL de política de signatura donada no és vàlida\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "pren les claus d'aquest anell"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "fes els conflictes de marques de temps només un avís"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|escriu informació d'estat en aquest FD"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Forma d'ús: gpgv [opcions] [fitxers] (-h per a veure l'ajuda)"
+
+# Werner FIXME: should it use «Usage»?
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Sintaxi: gpg [opcions] [fitxers]\n"
+"Comprova signatures amb claus conegudes amb confiança\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "No hi ha ajuda disponible"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "No hi ha ajuda disponible per a `%s'"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "actualitza la base de dades de confiança"
+
+#: g10/import.c:100
+#, fuzzy
+msgid "create a public key when importing a secret key"
+msgstr "la clau pública no coincideix amb la clau secreta!\n"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "la clau secreta és inusable"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "es descarta un bloc de tipus %d\n"
+
+#: g10/import.c:275
+#, fuzzy, c-format
+msgid "%lu keys processed so far\n"
+msgstr "fins ara s'han processat %lu claus\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Nombre total processat: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " claus noves descartades: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " sense ID: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importades: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " no modificades: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " ID d'usuaris nous: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " subclaus noves: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " signatures noves: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " noves revocacions: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " claus privades llegides: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr "claus privades importades: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr "claus privades no canviades: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " importades: %lu\n"
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " signatures noves: %lu\n"
+
+#: g10/import.c:325
+#, fuzzy, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " claus privades llegides: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:662
+#, fuzzy, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr "signatura %s, algorisme de resum %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, fuzzy, c-format
+msgid "key %s: no user ID\n"
+msgstr "clau %08lX: sense ID\n"
+
+#: g10/import.c:795
+#, fuzzy, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "clau %08lX: corrupció de la subclau HKP reparada\n"
+
+#: g10/import.c:810
+#, fuzzy, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "clau %08lX: s'ha acceptat la ID d'usuari no autosignada «%s»\n"
+
+#: g10/import.c:816
+#, fuzzy, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "clau %08lX: l'ID no és vàlid\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "açò pot ser causat per l'absència d'autosignatura\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, fuzzy, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "clau %08lX: no s'ha trobat la clau pública: %s\n"
+
+#: g10/import.c:834
+#, fuzzy, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "clau %08lX: clau nova - es descarta \n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "no s'ha trobat cap anell escrivible: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "s'està escrivint en «%s»\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
+
+#: g10/import.c:871
+#, fuzzy, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "clau %08lX: s'ha importat la clau pública «%s»\n"
+
+#: g10/import.c:895
+#, fuzzy, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "clau %08lX: no correspon a la nostra còpia\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, fuzzy, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "clau %08lX: no s'ha trobat el bloc de claus original: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, fuzzy, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "clau %08lX: no s'ha pogut llegir el bloc de claus original: %s\n"
+
+#: g10/import.c:962
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "clau %08lX: «%s» 1 ID d'usuari nou\n"
+
+#: g10/import.c:965
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "clau %08lX: «%s» %d ID d'usuari nous\n"
+
+#: g10/import.c:968
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "clau %08lX: «%s» 1 signatura nova\n"
+
+#: g10/import.c:971
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "clau %08lX: «%s» %d signatures noves\n"
+
+#: g10/import.c:974
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "clau %08lX: «%s» 1 subclau nova\n"
+
+#: g10/import.c:977
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "clau %08lX: «%s» %d subclaus noves\n"
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "clau %08lX: «%s» %d signatures noves\n"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "clau %08lX: «%s» %d signatures noves\n"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "clau %08lX: «%s» %d ID d'usuari nous\n"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "clau %08lX: «%s» %d ID d'usuari nous\n"
+
+#: g10/import.c:1013
+#, fuzzy, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "clau %08lX: «%s» no ha estat modificada\n"
+
+#: g10/import.c:1185
+#, fuzzy, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "clau %08lX: clau secreta amb xifrat %d no vàlid - es descarta\n"
+
+#: g10/import.c:1196
+#, fuzzy
+msgid "importing secret keys not allowed\n"
+msgstr "s'està escrivint la clau secreta a «%s»\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "no hi ha anell secret predeterminat: %s\n"
+
+#: g10/import.c:1224
+#, fuzzy, c-format
+msgid "key %s: secret key imported\n"
+msgstr "clau %08lX: s'ha importat la clau secreta\n"
+
+#: g10/import.c:1254
+#, fuzzy, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "clau %08lX: ja es troba en l'anell privat\n"
+
+#: g10/import.c:1264
+#, fuzzy, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "clau %08lX: no s'ha trobat la clau secreta: %s\n"
+
+#: g10/import.c:1296
+#, fuzzy, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"clau %08lX: falta la clau pública: no es pot aplicar el certificat\n"
+"de revocació\n"
+
+# O «rebutjara»? ivb
+# Per tots els canvis d'anglicisme «ignorat» -> «es descarta»,
+# «es rebutja» està bé. jm
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "clau %08lX: el certificat de revocació és invàlid: %s: es rebutja\n"
+
+#: g10/import.c:1371
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "clau %08lX: s'ha importat el certificat de revocació «%s»\n"
+
+#: g10/import.c:1447
+#, fuzzy, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "clau %08lX: no hi ha ID per a la signatura\n"
+
+#: g10/import.c:1464
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"clau %08lX: l'algoritme de clau pública no es suporta sobre l'id d'usuari «%"
+"s»\n"
+"\n"
+
+#: g10/import.c:1466
+#, fuzzy, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "clau %08lX: l'autosignatura no és vàlida en l'id d'usuari «%s»\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "clau %08lX: l'algoritme de clau pública no és suportat\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "clau %08lX: s'ha afegit la signatura de clau directa\n"
+
+#: g10/import.c:1498
+#, fuzzy, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "clau %08lX: no hi ha una subclau per a l'enllaç de la clau\n"
+
+#: g10/import.c:1511
+#, fuzzy, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "clau %08lX: l'enllaç de subclau és invàlid\n"
+
+#: g10/import.c:1527
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "clau %08lX: s'ha eliminat un enllaç de subclau múltiple\n"
+
+#: g10/import.c:1549
+#, fuzzy, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "clau %08lX: no hi ha una subclau per a la clau de revocació\n"
+
+#: g10/import.c:1562
+#, fuzzy, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "clau %08lX: Subclau de revocació no vàlida\n"
+
+#: g10/import.c:1577
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "clau %08lX: s'han eliminat subclaus de revocació múltiples\n"
+
+#: g10/import.c:1618
+#, fuzzy, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "clau %08lX: es descarta l'ID d'usuari '"
+
+#: g10/import.c:1639
+#, fuzzy, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "clau %08lX: es descarta la subclau\n"
+
+#: g10/import.c:1666
+#, fuzzy, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "clau %08lX: la signatura és inexportable (classe %02x) - es descarta\n"
+
+#: g10/import.c:1676
+#, fuzzy, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr ""
+"clau %08lX: el certificat de revocació és en el lloc equivocat - es "
+"descarta\n"
+
+#: g10/import.c:1693
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "clau %08lX: el certificat de revocació és invàlid: %s - es descarta\n"
+
+#: g10/import.c:1707
+#, fuzzy, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr ""
+"clau %08lX: la signatura de la subclau és en el lloc equivocat - es "
+"descarta\n"
+
+#: g10/import.c:1715
+#, fuzzy, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr ""
+"clau %08lX: la classe de signatura és inesperada (0x%02x) - es descarta\n"
+
+#: g10/import.c:1844
+#, fuzzy, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "clau %08lX: s'ha detectat un ID d'usuari duplicat - es fusiona\n"
+
+#: g10/import.c:1906
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"AVÃS: la clau %08lX pot estar revocada: s'adquireix la clau de revocació %"
+"08lX\n"
+
+#: g10/import.c:1920
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"AVÃS: la clau %08lX pot estar revocada: la clau de revocació %08lX no està "
+"present.\n"
+
+#: g10/import.c:1979
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "clau %08lX: s'hi ha afegit el certificat de revocació «%s»\n"
+
+#: g10/import.c:2013
+#, fuzzy, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "clau %08lX: s'ha afegit la signatura de clau directa\n"
+
+#: g10/import.c:2414
+#, fuzzy
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "la clau pública no coincideix amb la clau secreta!\n"
+
+#: g10/import.c:2422
+#, fuzzy
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "es descarta: la clau secreta ja és present\n"
+
+#: g10/import.c:2424
+#, fuzzy
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "es descarta: la clau secreta ja és present\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "error en crear l'anell «%s»: %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "s'ha creat l'anell «%s»\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, fuzzy, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "error en crear «%s»: %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "no s'ha pogut reconstruir la memòria cau de l'anell: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[revocació]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[autosignatura]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 signatura errònia\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d signatures errònies\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 signatura no comprovada per falta de clau\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d signatures no comprovades per falta de clau\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 signatura no comprovada a causa d'un error\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d signatures no comprovades a causa d'errors\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "Ha estat detectat 1 ID sense autosignatura vàlida\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "Han estat detectats %d IDs sense autosignatura vàlida\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+#, fuzzy
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Decidiu fins a quin punt confieu en aquest usuari per a\n"
+"verificar les claus d'altres usuaris (mirant passaports,\n"
+"comprovant empremtes de diferents fonts...)?\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, fuzzy, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Hi confie marginalment\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, fuzzy, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Hi confie plenament\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "L'ID d'usuari «%s» està revocat."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Segur que encara voleu signarla? (s/N) "
+
+# O no s'ha pogut? ivb
+# FIXME: comprovar context. jm
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " No es pot signar.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "L'ID d'usuari «%s» ha caducat."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "L'ID d'usuari «%s» no està autosignat."
+
+#: g10/keyedit.c:682
+#, fuzzy, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "L'ID d'usuari «%s» no està autosignat."
+
+#: g10/keyedit.c:684
+#, fuzzy
+msgid "Sign it? (y/N) "
+msgstr "Signar realment? "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"La vostra signatura en «%s»\n"
+"és una signatura d'estil PGP 2.x.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Voleu ascendir-la a una autosignatura OpenPGP? (s/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"La vostra signatura actual en «%s»\n"
+"ha caducat.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "Voleu crear una nova signatura per a reemplaçar la caducada? (s/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"La vostra signatura en «%s»\n"
+"és una signatura local.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "Voleu ascendir-la a una signatura completament exportable? (s/N) "
+
+#: g10/keyedit.c:779
+#, fuzzy, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "«%s» ja estava signada localment amb la clau %08lX\n"
+
+#: g10/keyedit.c:782
+#, fuzzy, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "«%s» ja estava signada amb la clau %08lX\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Voleu signarla un altre cop, de tota manera? (s/N) "
+
+#: g10/keyedit.c:809
+#, fuzzy, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "No hi ha res que signar amb la clau %08lX\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "La clau ha caducat!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Aquesta clau caducarà el %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Voleu que la vostra signatura caduque alhora? (S/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"No podeu fer una signatura OpenPGP en una clau PGP 2.x en el mode --pgp2.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Açò inutilitzaria la clau en PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Amb quanta cura heu verificat que la clau que esteu a punt de signar \n"
+"pertany realment a la persona esmentada anteriorment? Si no sabeu què \n"
+"contestar, entreu «0».\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) No vaig a contestar.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) No ho he comprovat en absolut.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) He fet algunes comprovacions.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) He fet comprovacions molt acurades.%s\n"
+
+#: g10/keyedit.c:932
+#, fuzzy
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Seleccioneu una opció (introduïu «?» per obtindre més informació):"
+
+#: g10/keyedit.c:956
+#, fuzzy, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Esteu segur que voleu signar aquesta clau\n"
+"amb la vostra clau: \""
+
+#: g10/keyedit.c:963
+#, fuzzy
+msgid "This will be a self-signature.\n"
+msgstr ""
+"\n"
+"Açò serà una autosignatura.\n"
+
+#: g10/keyedit.c:969
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"AVÃS: la signatura no es marcarà com a inexportable.\n"
+
+#: g10/keyedit.c:977
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"AVÃS: la signatura no es marcarà com a irrevocable.\n"
+
+#: g10/keyedit.c:987
+#, fuzzy
+msgid "The signature will be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"La signatura es marcarà com a inexportable.\n"
+
+#: g10/keyedit.c:994
+#, fuzzy
+msgid "The signature will be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"La signatura es marcarà com a irrevocable.\n"
+
+#: g10/keyedit.c:1001
+#, fuzzy
+msgid "I have not checked this key at all.\n"
+msgstr ""
+"\n"
+"No he comprovat aquesta clau en absolut.\n"
+
+#: g10/keyedit.c:1006
+#, fuzzy
+msgid "I have checked this key casually.\n"
+msgstr ""
+"\n"
+"He fet algunes comprovacions a aquesta clau.\n"
+
+#: g10/keyedit.c:1011
+#, fuzzy
+msgid "I have checked this key very carefully.\n"
+msgstr ""
+"\n"
+"He comprovat aquesta clau amb molta cura.\n"
+
+#: g10/keyedit.c:1021
+#, fuzzy
+msgid "Really sign? (y/N) "
+msgstr "Signar realment? "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "Ha fallat el procés de signatura: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Aquesta clau no està protegida.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Les parts secretes de la clau primària no estan disponibles.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+#, fuzzy
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Les parts secretes de la clau primària no estan disponibles.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "La clau està protegida.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "No es pot editar aquesta clau: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Introduïu la nova contrasenya per a la clau secreta.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "la contrasenya no s'ha repetit correctament; torneu a intentar-ho"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"No voleu contrasenya: açò és probablement una *mala* idea!\n"
+"\n"
+
+# No abusis dels pronoms! (Rowan Atkinson @ Llei i Desordre) ivb
+#: g10/keyedit.c:1215
+#, fuzzy
+msgid "Do you really want to do this? (y/N) "
+msgstr "Esteu segur de voler fer açò? "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "s'està posant la signatura al lloc correcte\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "desa i ix"
+
+#: g10/keyedit.c:1387
+#, fuzzy
+msgid "show key fingerprint"
+msgstr "mostra empremta"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "llista claus i ID"
+
+# Per aquesta zona (keyedit) hi ha un cacau d'infinitius i presents... ivb
+# Yeah, els vaig corregir abans de que enviares la teua correcció. jm
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "tria l'ID d'usuari N"
+
+# Per aquesta zona (keyedit) hi ha un cacau d'infinitius i presents... ivb
+# Yeah, els vaig corregir abans de que enviares la teua correcció. jm
+#: g10/keyedit.c:1391
+#, fuzzy
+msgid "select subkey N"
+msgstr "tria l'ID d'usuari N"
+
+#: g10/keyedit.c:1392
+#, fuzzy
+msgid "check signatures"
+msgstr "revoca signatures"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+#, fuzzy
+msgid "sign selected user IDs locally"
+msgstr "signa la clau localment"
+
+#: g10/keyedit.c:1404
+#, fuzzy
+msgid "sign selected user IDs with a trust signature"
+msgstr "Pista: Trieu els ID d'usuari que voleu signar\n"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "afegeix un ID d'usuari"
+
+# Com estava escrit abans. ivb
+# Si et refereixes a Photo vs. photo, ho deixe en minúscules, que en tot
+# el menú està tot en minúscules. Tb hi ha molts ID vs. id en els msgids
+# i no hem unificat en català. Potser li ho diré a Werner. jm.
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "afegeix un photo ID"
+
+#: g10/keyedit.c:1414
+#, fuzzy
+msgid "delete selected user IDs"
+msgstr "esborra un ID d'usuari"
+
+#: g10/keyedit.c:1419
+#, fuzzy
+msgid "add a subkey"
+msgstr "addkey"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+#, fuzzy
+msgid "delete selected subkeys"
+msgstr "esborra una clau secundària"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "afegeix una clau de revocació"
+
+#: g10/keyedit.c:1435
+#, fuzzy
+msgid "delete signatures from the selected user IDs"
+msgstr ""
+"Voleu actualitzar les preferències per a les ID d'usuaris seleccionades?"
+
+#: g10/keyedit.c:1437
+#, fuzzy
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "No podeu canviar la data de caducitat de les claus v3\n"
+
+#: g10/keyedit.c:1439
+#, fuzzy
+msgid "flag the selected user ID as primary"
+msgstr "marca l'ID d'usuari com a primari"
+
+#: g10/keyedit.c:1441
+#, fuzzy
+msgid "toggle between the secret and public key listings"
+msgstr "canvia entre el llistat de claus secretes i públiques"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "llista les preferències (expert)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "llista les preferències (detallat)"
+
+#: g10/keyedit.c:1448
+#, fuzzy
+msgid "set preference list for the selected user IDs"
+msgstr ""
+"Voleu actualitzar les preferències per a les ID d'usuaris seleccionades?"
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "no s'ha pogut analitzar sintàcticament la URI del servidor de claus\n"
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr ""
+"Voleu actualitzar les preferències per a les ID d'usuaris seleccionades?"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "canvia la contrasenya"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "canvia la confiança"
+
+#: g10/keyedit.c:1463
+#, fuzzy
+msgid "revoke signatures on the selected user IDs"
+msgstr "Realment voleu revocar tots els ID d'usuari seleccionats? "
+
+#: g10/keyedit.c:1465
+#, fuzzy
+msgid "revoke selected user IDs"
+msgstr "revoca un ID d'usuari"
+
+#: g10/keyedit.c:1470
+#, fuzzy
+msgid "revoke key or selected subkeys"
+msgstr "revoca una clau secundària"
+
+#: g10/keyedit.c:1471
+#, fuzzy
+msgid "enable key"
+msgstr "activa una clau"
+
+#: g10/keyedit.c:1472
+#, fuzzy
+msgid "disable key"
+msgstr "desactiva una clau"
+
+# Igual que dalt. ivb
+# Idem :) jm
+#: g10/keyedit.c:1473
+#, fuzzy
+msgid "show selected photo IDs"
+msgstr "mostra el photo ID"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, fuzzy, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "error en llegir el bloc de claus secretes «%s»: %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "La clau secreta està disponible.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Cal la clau secreta per a fer açò.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Useu l'ordre «toggle» abans.\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "La clau està revocada."
+
+#: g10/keyedit.c:1798
+#, fuzzy
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Realment voleu signar tots els ID d'usuari? "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Pista: Trieu els ID d'usuari que voleu signar\n"
+
+#: g10/keyedit.c:1814
+#, fuzzy, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "la classe de signatura és desconeguda"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Aquesta ordre no està permesa mentre s'està en mode %s.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Heu de seleccionar al menys un ID d'usuari.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "No podeu esborrar l'últim ID d'usuari!\n"
+
+#: g10/keyedit.c:1863
+#, fuzzy
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Realment voleu eliminar tots els ID d'usuari seleccionats? "
+
+#: g10/keyedit.c:1864
+#, fuzzy
+msgid "Really remove this user ID? (y/N) "
+msgstr "Realment voleu eliminar aquest ID d'usuari? "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+#, fuzzy
+msgid "Really move the primary key? (y/N) "
+msgstr "Realment voleu esborrar aquesta autosignatura? (s/N)"
+
+#: g10/keyedit.c:1929
+#, fuzzy
+msgid "You must select exactly one key.\n"
+msgstr "Heu de seleccionar, si més no, una clau.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, fuzzy, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "no s'ha pogut obrir «%s»: %s\n"
+
+#: g10/keyedit.c:1988
+#, fuzzy, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "error en crear l'anell «%s»: %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Heu de seleccionar, si més no, una clau.\n"
+
+#: g10/keyedit.c:2015
+#, fuzzy
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Realment voleu eliminar les claus seleccionades? "
+
+#: g10/keyedit.c:2016
+#, fuzzy
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Realment voleu eliminar aquesta clau? "
+
+#: g10/keyedit.c:2051
+#, fuzzy
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Realment voleu revocar tots els ID d'usuari seleccionats? "
+
+#: g10/keyedit.c:2052
+#, fuzzy
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Realment voleu eliminar aquest ID d'usuari? "
+
+#: g10/keyedit.c:2070
+#, fuzzy
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Realment voleu revocar aquesta clau? "
+
+#: g10/keyedit.c:2081
+#, fuzzy
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Realment voleu revocar les claus seleccionades? "
+
+#: g10/keyedit.c:2083
+#, fuzzy
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Realment voleu revocar aquesta clau? "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+#, fuzzy
+msgid "Set preference list to:\n"
+msgstr "estableix la llista de preferències"
+
+#: g10/keyedit.c:2181
+#, fuzzy
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+"Voleu actualitzar les preferències per a les ID d'usuaris seleccionades?"
+
+#: g10/keyedit.c:2183
+#, fuzzy
+msgid "Really update the preferences? (y/N) "
+msgstr "Realment voleu actualitzar les preferències? "
+
+#: g10/keyedit.c:2253
+#, fuzzy
+msgid "Save changes? (y/N) "
+msgstr "Voleu desar els canvis? "
+
+#: g10/keyedit.c:2256
+#, fuzzy
+msgid "Quit without saving? (y/N) "
+msgstr "Voleu eixir sense desar? "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "ha fallat l'actualització: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "ha fallat l'actualització de la clau secreta: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "La clau no ha canviat, per tant no cal actualització.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Resum: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Funcionalitats: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr "Notació: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "No hi ha preferències en un ID d'usuari d'estil PGP 2.x.\n"
+
+# Potser %s haja d'anar darrere de «clau». ivb
+# És cert. Nova funcionalitat de 1.2.0, IIRC. jm
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Aquesta clau pot ser revocada per la clau %s "
+
+# Potser %s haja d'anar darrere de «clau». ivb
+# És cert. Nova funcionalitat de 1.2.0, IIRC. jm
+#: g10/keyedit.c:2832
+#, fuzzy, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Aquesta clau pot ser revocada per la clau %s "
+
+#: g10/keyedit.c:2838
+#, fuzzy
+msgid "(sensitive)"
+msgstr " (sensible)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, fuzzy, c-format
+msgid "created: %s"
+msgstr "no s'ha pogut creat %s: %s\n"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, fuzzy, c-format
+msgid "revoked: %s"
+msgstr "[revocada]"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, fuzzy, c-format
+msgid "expired: %s"
+msgstr " [caduca: %s]"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, fuzzy, c-format
+msgid "expires: %s"
+msgstr " [caduca: %s]"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr ""
+
+#: g10/keyedit.c:2878
+#, fuzzy, c-format
+msgid "trust: %s"
+msgstr " confiança: %c/%c"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr ""
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Aquesta clau ha estat desactivada"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Teniu en compte que la validesa de la clau mostrada no és necessàriament\n"
+"correcta a no ser que torneu a executar el programa.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+#, fuzzy
+msgid "revoked"
+msgstr "[revocada]"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+#, fuzzy
+msgid "expired"
+msgstr "expire"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"AVÃS: no s'ha marcat cap ID d'usuari com primària. Aquesta ordre pot\n"
+" causar que una ID d'usuari diferent esdevinga en la primària "
+"assumida.\n"
+
+# Photo ID com abans. ivb
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"AVÃS: Aquesta és una clau d'estil PGP2. Afegir un photo ID pot fer que "
+"algunes versions de PGP rebutgen aquesta clau.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Esteu segur que encara voleu afegir-lo? (s/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "No podeu afegir un photo ID a una clau d'estil PGP2.\n"
+
+# Aquesta i les següents no haurien de portar (s/N/q) i no (y/N/q)? ivb
+# Hmm. Sí... (s/N/x) jm
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Voleu esborrar aquesta signatura correcta? (s/N/x)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Voleu esborrar aquesta signatura invàlida? (s/N/x)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Voleu esborrar aquesta signatura desconeguda? (s/N/x)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Realment voleu esborrar aquesta autosignatura? (s/N)"
+
+# Werner FIXME: use ngettext. jm
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "S'ha esborrat %d signatura.\n"
+
+# Werner FIXME: use ngettext. jm
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "S'han esborrat %d signatures.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "No s'hi ha eliminat res.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "invàlida"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "L'ID d'usuari «%s» està revocat."
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "L'ID d'usuari «%s» està revocat."
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "L'ID d'usuari «%s» està revocat."
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "l'ID d'usuari «%s» ja està revocat\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "l'ID d'usuari «%s» ja està revocat\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"AVÃS: Aquesta és una clau d'estil PGP 2.x. Afegir un revocador designat pot\n"
+"fer que algunes versions de PGP rebutjen aquesta clau.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "No podeu afegir un revocador designat a una clau d'estil PGP 2.x.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Introduïu l'ID d'usuari del revocador designat: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+"no es pot nominar a una clau d'estil PGP 2.x com a revocador designat\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "no podeu nominar una clau com el seu propi revocador designat\n"
+
+#: g10/keyedit.c:3561
+#, fuzzy
+msgid "this key has already been designated as a revoker\n"
+msgstr "no podeu nominar una clau com el seu propi revocador designat\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"AVÃS: no es pot desfer la nominació d'una clau com a revocador designat!\n"
+
+#: g10/keyedit.c:3586
+#, fuzzy
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Esteu segur que voleu nominar aquesta clau com a revocador designat? (s/N): "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Per favor, elimineu les seleccions de les claus secretes.\n"
+
+#: g10/keyedit.c:3653
+#, fuzzy
+msgid "Please select at most one subkey.\n"
+msgstr "Per favor, seleccioneu com a molt una clau secundària.\n"
+
+#: g10/keyedit.c:3657
+#, fuzzy
+msgid "Changing expiration time for a subkey.\n"
+msgstr "S'està canviant la data de caducitat per a una clau secundària.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "S'està canviant la data de caducitat per a una clau primària.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "No podeu canviar la data de caducitat de les claus v3\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "No hi ha cap signatura corresponent en l'anell secret\n"
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr ""
+"AVÃS: no es pot desfer la nominació d'una clau com a revocador designat!\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Heu de seleccionar exactament un ID.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, fuzzy, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "es descarta l'autosignatura v3 en l'id d'usuari «%s»\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+#, fuzzy
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Esteu segur que encara voleu utilitzarla (s/N)? "
+
+#: g10/keyedit.c:4260
+#, fuzzy
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Esteu segur que encara voleu utilitzarla (s/N)? "
+
+#: g10/keyedit.c:4322
+#, fuzzy
+msgid "Enter the notation: "
+msgstr "Notació de signatura: "
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "Voleu sobreescriure? (s/N) "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "No hi ha cap ID amb l'índex %d\n"
+
+#: g10/keyedit.c:4604
+#, fuzzy, c-format
+msgid "No user ID with hash %s\n"
+msgstr "No hi ha cap ID amb l'índex %d\n"
+
+#: g10/keyedit.c:4639
+#, fuzzy, c-format
+msgid "No subkey with index %d\n"
+msgstr "No hi ha cap ID amb l'índex %d\n"
+
+#: g10/keyedit.c:4774
+#, fuzzy, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "ID d'usuari: «"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, fuzzy, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr ""
+"»\n"
+"signat amb la vostra clau %08lX el %s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (no-exportable)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Aquesta signatura va caducar el %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Esteu segur de que encara voleu revocarla? (s/N) "
+
+# (s/N) ivb
+# S! jm
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Voleu crear un certificat de revocació per a aquesta signatura? (s/N) "
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr ""
+
+#: g10/keyedit.c:4848
+#, fuzzy, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Heu signat els següents ID d'usuari:\n"
+
+#: g10/keyedit.c:4874
+#, fuzzy
+msgid " (non-revocable)"
+msgstr " (no-exportable)"
+
+#: g10/keyedit.c:4881
+#, fuzzy, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr " revocat per %08lX el %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Esteu a punt de revocar aquestes signatures:\n"
+
+# (s/N)? ivb
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Realment voleu crear els certificats de revocació? (s/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "ho hi ha clau secreta\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "l'ID d'usuari «%s» ja està revocat\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr "AVÃS: una signatura d'ID d'usuari està datada %d segons en el futur\n"
+
+#: g10/keyedit.c:5104
+#, fuzzy, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "l'ID d'usuari «%s» ja està revocat\n"
+
+#: g10/keyedit.c:5166
+#, fuzzy, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "l'ID d'usuari «%s» ja està revocat\n"
+
+#: g10/keyedit.c:5261
+#, fuzzy, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+"S'està mostrant el photo ID %s de mida %ld per a la clau 0x%08lX (uid %d)\n"
+
+#: g10/keygen.c:275
+#, fuzzy, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "la preferència %c%lu és duplicada\n"
+
+#: g10/keygen.c:282
+#, fuzzy
+msgid "too many cipher preferences\n"
+msgstr "hi ha massa preferències «%c»\n"
+
+#: g10/keygen.c:284
+#, fuzzy
+msgid "too many digest preferences\n"
+msgstr "hi ha massa preferències «%c»\n"
+
+#: g10/keygen.c:286
+#, fuzzy
+msgid "too many compression preferences\n"
+msgstr "hi ha massa preferències «%c»\n"
+
+#: g10/keygen.c:426
+#, fuzzy, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "hi ha un caràcter invàlid en la cadena de preferència\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "s'està escrivint una signatura directa\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "s'està escrivint l'autosignatura\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "s'està escrivint la signatura de comprovació de la clau\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "la mida de la clau és invàlida; s'hi usaran %u bits\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "la mida de la clau ha estat arrodonida fins a %u bits\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+#, fuzzy
+msgid "Sign"
+msgstr "sign"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+#, fuzzy
+msgid "Encrypt"
+msgstr "xifra dades"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr ""
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr ""
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Seleccioneu quin tipus de clau voleu:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA i ElGamal (predeterminat)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA i ElGamal (predeterminat)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (només signar)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (només signar)\n"
+
+#: g10/keygen.c:1698
+#, fuzzy, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (només xifrar)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (només xifrar)\n"
+
+#: g10/keygen.c:1703
+#, fuzzy, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (només signar)\n"
+
+#: g10/keygen.c:1704
+#, fuzzy, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (només xifrar)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Quina grandària voleu? (1024) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, fuzzy, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Quina grandària voleu? (1024) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "La grandària sol·licitada és %u bits\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Especifiqueu el temps de validesa de la clau.\n"
+" 0 = la clau no caduca\n"
+" <n> = la clau caduca als n dies\n"
+" <n>w = la clau caduca a les n setmanes\n"
+" <n>m = la clau caduca als n mesos\n"
+" <n>y = la clau caduca als n anys\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Especifiqueu el temps de validesa de la signatura.\n"
+" 0 = la signatura no caduca\n"
+" <n> = la signatura caduca als n dies\n"
+" <n>w = la signatura caduca a les n setmanes\n"
+" <n>m = la signatura caduca als n mesos\n"
+" <n>y = la signatura caduca als n anys\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Indiqueu la validesa de la clau (0) "
+
+#: g10/keygen.c:1964
+#, fuzzy, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Indiqueu la validesa de la signatura (0) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "el valor no és vàlid\n"
+
+#: g10/keygen.c:1989
+#, fuzzy
+msgid "Key does not expire at all\n"
+msgstr "%s no caduca en absolut\n"
+
+#: g10/keygen.c:1990
+#, fuzzy
+msgid "Signature does not expire at all\n"
+msgstr "%s no caduca en absolut\n"
+
+#: g10/keygen.c:1995
+#, fuzzy, c-format
+msgid "Key expires at %s\n"
+msgstr "%s caduca el %s\n"
+
+#: g10/keygen.c:1996
+#, fuzzy, c-format
+msgid "Signature expires at %s\n"
+msgstr "Aquesta signatura caduca el %s\n"
+
+# Amb «it» es refereix a les dates? ivb
+# Això vaig entendre jo. jm
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"El vostre sistema no pot representar dates posteriors a l'any 2038.\n"
+"Tanmateix, les tractarà bé fins l'any 2106.\n"
+
+#: g10/keygen.c:2013
+#, fuzzy
+msgid "Is this correct? (y/N) "
+msgstr "És correcte? (s/n)"
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+#, fuzzy
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Necessiteu un ID d'usuari per a identificar la vostra clau; el programa\n"
+"construeix l'id de l'usuari amb el Nom, Comentari i Adreça electrònica\n"
+"d'aquesta forma:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Nom i cognoms: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Hi ha un caràcter invàlid en el camp *nom*\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "El nom no pot començar amb un dígit\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "El nom ha de tenir, si més no, 5 caràcters\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Adreça electrònica: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "No és una adreça vàlida\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Comentari: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Hi ha un caràcter invàlid en el camp *comentari*\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Esteu usant el joc de caràcters `%s'.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Heu triat l'identificador d'usuari:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "No inclogueu l'adreça ni en el camp *nom* ni en el camp *comentari*\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+# xX? ivb
+# Hmm... sí. jm
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcEeOoXx"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Canvia (N)om, (C)omentari, (E)mail o (X) ix "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Canvia (N)om, (C)omentari, (E)mail o (O) d'acord / (X) ix"
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Corregiu l'error primer\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Cal una contrasenya per a protegir la clau secreta.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"No voleu contrasenya: és una mala idea!\n"
+"Bé. Si voleu canviar-la més endavant,\n"
+"useu aquest programa amb l'opció \"--edit-key\".\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Cal generar molts bits aleatòriament. És bona idea fer alguna altra cosa\n"
+"(teclejar, moure el ratolí, usar els discos) durant la generació de\n"
+"nombres primers; açò dóna oportunitat al generador de nombres aleatoris\n"
+"d'aconseguir prou entropia.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "La generació de claus ha estat cancel·lada.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "s'està escrivint la clau pública a «%s»\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, fuzzy, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "s'està escrivint la clau secreta a «%s»\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "s'està escrivint la clau secreta a «%s»\n"
+
+# Potser no hi haja cap anell! ivb
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "no s'ha trobat cap anell públic escrivible: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr ""
+"no s'ha trobat cap anell secret de escrivible: %s\n"
+"\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "s'ha produït un error mentre s'escrivia l'anell públic «%s»: %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "s'ha produït un error mentre s'escrivia l'anell secret «%s»: %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "s'han creat i signat les claus pública i secreta.\n"
+
+#: g10/keygen.c:3672
+#, fuzzy
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Noteu que aquesta clau no serveix per a xifrar. Potser vulgueu usar l'ordre\n"
+"\"--edit-key\" per a generar una clau secundària per a tal propòsit.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "La generació de claus ha fallat: %s\n"
+
+# Werner FIXME: Use ngettext. jm
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"la clau s'ha creat %lu segon en el futur (salt en el temps o problemes\n"
+"amb el rellotge)\n"
+
+# Werner FIXME: use ngettext. jm
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"la clau s'ha creat %lu segons en el futur (salt en el temps o problemes\n"
+"amb el rellotge)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "NOTA: crear subclaus per a claus v3 no és conforme amb OpenPGP\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+#, fuzzy
+msgid "Really create? (y/N) "
+msgstr "Crear realment? "
+
+#: g10/keygen.c:4116
+#, fuzzy, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
+
+#: g10/keygen.c:4165
+#, fuzzy, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "no s'ha pogut crear «%s»: %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr ""
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "mai "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Política de signatura crítica: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Política de signatura: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Notació de signatura crítica: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Notació de signatura: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Anell"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Empremtes digital de la clau primària:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Empremta digital de la subclau:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Empremta digital de la clau primària:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Empremta digital de la subclau:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+#, fuzzy
+msgid " Key fingerprint ="
+msgstr " Empremta digital ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, fuzzy, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "no s'ha pogut crear l'armadura: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "AVÃS: hi ha 2 fitxers amb informació confidencial.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s és el que no ha canviat\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s és el nou\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Per favor, solucioneu aquest possible problema de seguretat\n"
+
+#: g10/keyring.c:1430
+#, fuzzy, c-format
+msgid "caching keyring `%s'\n"
+msgstr "s'està comprovant l'anell «%s»\n"
+
+#: g10/keyring.c:1489
+#, fuzzy, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "s'han comprovat %lu claus (%lu signatures)\n"
+
+#: g10/keyring.c:1501
+#, fuzzy, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "s'han comprovat %lu claus (%lu signatures)\n"
+
+# Fitxer indi fins final. Hau! ivb
+# Grrr. Com em tracten els esclaus ja... jm
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: s'ha creat l'anell\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "la URL de política de signatura donada no és vàlida\n"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, fuzzy, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"AVÃS: les opcions en «%s» encara no estan actives durant aquesta execució\n"
+
+#: g10/keyserver.c:544
+#, fuzzy
+msgid "disabled"
+msgstr "disable"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr ""
+
+#: g10/keyserver.c:932
+#, fuzzy, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "no s'ha trobat la clau «%s»: %s\n"
+
+#: g10/keyserver.c:934
+#, fuzzy
+msgid "key not found on keyserver\n"
+msgstr "no s'ha trobat la clau «%s»: %s\n"
+
+#: g10/keyserver.c:1177
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "s'està sol·licitant la clau %08lX de %s\n"
+
+#: g10/keyserver.c:1181
+#, fuzzy, c-format
+msgid "requesting key %s from %s\n"
+msgstr "s'està sol·licitant la clau %08lX de %s\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "s'està cercant «%s» al servidor HKP %s\n"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "s'està cercant «%s» al servidor HKP %s\n"
+
+#: g10/keyserver.c:1361
+#, fuzzy, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "s'està cercant «%s» al servidor HKP %s\n"
+
+#: g10/keyserver.c:1365
+#, fuzzy, c-format
+msgid "sending key %s to %s\n"
+msgstr "s'està sol·licitant la clau %08lX de %s\n"
+
+#: g10/keyserver.c:1408
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "s'està cercant «%s» al servidor HKP %s\n"
+
+#: g10/keyserver.c:1411
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "s'està cercant «%s» al servidor HKP %s\n"
+
+# «del servidor», «en el servidor»? ivb
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+#, fuzzy
+msgid "no keyserver action!\n"
+msgstr "error de servidor de claus"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr ""
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "no es coneix cap servidor de claus (useu l'opció \"--keyserver\")\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+# «del servidor», «en el servidor»? ivb
+#: g10/keyserver.c:1575
+#, fuzzy
+msgid "keyserver timed out\n"
+msgstr "error de servidor de claus"
+
+# «del servidor», «en el servidor»? ivb
+#: g10/keyserver.c:1580
+#, fuzzy
+msgid "keyserver internal error\n"
+msgstr "error de servidor de claus"
+
+#: g10/keyserver.c:1589
+#, fuzzy, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "la recepció des del servidor de claus ha fallat: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, fuzzy, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "%s: no és un ID vàlid\n"
+
+#: g10/keyserver.c:1907
+#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "AVÃS: no s'ha pogut eliminar el fitxer temporal (%s) «%s»: %s\n"
+
+#: g10/keyserver.c:1929
+#, fuzzy, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "s'està sol·licitant la clau %08lX de %s\n"
+
+#: g10/keyserver.c:1931
+#, fuzzy, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "s'està sol·licitant la clau %08lX de %s\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "AVÃS: no s'ha pogut eliminar el fitxer temporal (%s) «%s»: %s\n"
+
+#: g10/keyserver.c:1993
+#, fuzzy, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "AVÃS: no s'ha pogut eliminar el fitxer temporal (%s) «%s»: %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "mida extranya per a una clau de sessió xifrada (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "clau de sessió xifrada amb %s\n"
+
+#: g10/mainproc.c:294
+#, fuzzy, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "xifrat amb l'algoritme %d (desconegut)\n"
+
+#: g10/mainproc.c:360
+#, fuzzy, c-format
+msgid "public key is %s\n"
+msgstr "la clau pública és %08lX\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "dades xifrades amb clau pública: bona clau de xifratge (DEK)\n"
+
+#: g10/mainproc.c:456
+#, fuzzy, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "xifrat amb una clau %2$s de %1$u bits, ID %3$08lX, creada en %4$s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr ""
+
+#: g10/mainproc.c:464
+#, fuzzy, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "xifrat amb una clau %s, ID %08lX\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "ha fallat el desxifratge amb la clau pública: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "xifrat amb %lu contrasenyes\n"
+
+# FIXME WK: Use ngettext
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "xifrat amb 1 contrasenya\n"
+
+# I no serà «dades xifrades amb %s»? ivb
+# Sembla que sí, ho marque per a mirar-ho més endavant. jm
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "s'assumeixen dades xifrades amb %s\n"
+
+# L'optimístic és aquell que té una Fe Cega en que Tot Anirà Bé! ivb
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+"El xifratge IDEA no està disponible, s'intentarà utilitzar optimistament %s "
+"en el seu lloc\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "desxifratge correcte\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "AVÃS: el missatge no tenia protecció d'integritat\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "AVÃS: el missatge xifrat ha estat manipulat!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "ha fallat el desxifratge: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "NOTA: el remitent ha sol·licitat \"alt secret\"\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "nom del fitxer original='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "revocació autònoma: useu \"gpg --import\" per a aplicar-la\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "Signatura correcta de \""
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "s'ha eliminat la verificació de signatura\n"
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "no es poden tractar aquestes signatures múltiples\n"
+
+#: g10/mainproc.c:1598
+#, fuzzy, c-format
+msgid "Signature made %s\n"
+msgstr "Aquesta signatura va caducar el %s\n"
+
+#: g10/mainproc.c:1599
+#, fuzzy, c-format
+msgid " using %s key %s\n"
+msgstr " alias \""
+
+# «%.*s» no serà una data? Caldrà «el» al davant. ivb
+#: g10/mainproc.c:1603
+#, fuzzy, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Signatura creada el %.*s usant una clau %s ID %08lX\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "La clau és disponible en: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, fuzzy, c-format
+msgid "BAD signature from \"%s\""
+msgstr "Signatura INCORRECTA de \""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, fuzzy, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Signatura caducada de \""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, fuzzy, c-format
+msgid "Good signature from \"%s\""
+msgstr "Signatura correcta de \""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[incert]"
+
+#: g10/mainproc.c:1843
+#, fuzzy, c-format
+msgid " aka \"%s\""
+msgstr " alias \""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Aquesta signatura va caducar el %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Aquesta signatura caduca el %s\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "signatura %s, algorisme de resum %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "binari"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "mode text"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "desconeguda"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "No s'ha pogut comprovar la signatura: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "no és una signatura separada\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"AVÃS: s'han detectat múltiples signatures. Només es comprovarà la primera.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "signatura autònoma de classe 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "signatura de l'estil antic (PGP 2.x)\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "s'ha detectat un paquet arrel invàlid en proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, fuzzy, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "ha fallat l'actualització de la base de dades de confiança: %s\n"
+
+#: g10/misc.c:178
+#, fuzzy, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "base de dades de confiança: ha fallat la lectura (n=%d): %s\n"
+
+#: g10/misc.c:296
+#, fuzzy, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "no es pot treballar amb l'algoritme de clau pública %d\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "AVÃS: %s és una opció desaconsellada.\n"
+
+#: g10/misc.c:315
+#, fuzzy, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "l'algoritme de xifratge no és implementat"
+
+#: g10/misc.c:330
+#, fuzzy, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "signatura %s, algorisme de resum %s\n"
+
+#: g10/misc.c:335
+#, fuzzy, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "AVÃS: %s és una opció desaconsellada.\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "el mòdul de xifratge IDEA no està present\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr " i = mostra més informació\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: l'opció «%s» està desaconsellada.\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "AVÃS: %s és una opció desaconsellada.\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "si us plau, utilitzeu «%s%s» en el seu lloc\n"
+
+#: g10/misc.c:774
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "AVÃS: %s és una opció desaconsellada.\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "AVÃS: %s és una opció desaconsellada.\n"
+
+# Gènere? Nombre? Passat, futur? ivb
+# Werner FIXME: please add translator comment saying *what* is
+# uncompressed so we know the gender. jm
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "No comprimit"
+
+# Gènere? Nombre? Passat, futur? ivb
+# Werner FIXME: please add translator comment saying *what* is
+# uncompressed so we know the gender. jm
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+#, fuzzy
+msgid "uncompressed|none"
+msgstr "No comprimit"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "aquest missatge pot no ser usable per %s\n"
+
+#: g10/misc.c:1175
+#, fuzzy, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "s'estan llegint opcions de «%s»\n"
+
+#: g10/misc.c:1200
+#, fuzzy, c-format
+msgid "unknown option `%s'\n"
+msgstr "el destinatari predeterminat és desconegut «%s»\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "El fitxer «%s» existeix. "
+
+#: g10/openfile.c:93
+#, fuzzy
+msgid "Overwrite? (y/N) "
+msgstr "Voleu sobreescriure? (s/N) "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: el sufix és desconegut\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Introduïu el nou nom del fitxer"
+
+# Indi? ivb
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "s'està escrivint en stdout\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "s'asumeix que hi ha dades signades en «%s»\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "s'ha creat el nou fitxer d'opcions «%s»\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+"AVÃS: les opcions en «%s» encara no estan actives durant aquesta execució\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "no es pot treballar amb l'algoritme de clau pública %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+"AVÃS: la clau de sessió pot estar xifrada simètricament de forma insegura\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "el subpaquet de tipus %d té el bit crític activat\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, fuzzy, c-format
+msgid "problem with the agent: %s\n"
+msgstr "hi ha un problema amb l'agent: l'agent ha tornat 0x%lx\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, fuzzy, c-format
+msgid " (main key ID %s)"
+msgstr " (ID de la clau principal %08lX)"
+
+# Com es canvia l'ordre dels arguments? jm
+# Ah, bingo! jm
+# Uh, ara torna a donar error. FIXME
+# La idea és ficar:
+# "Necessiteu la contrasenya per desblocar la clau secreta de l'usuari:\n"
+# "«%1$.*s»\n"
+# "clau %3$s de %2$u bits, ID %4$08lX, creada en %5$s%6$s\n"
+# jm
+# Se't passava l'argument «*». printf(3), hieroglyph(7). ivb
+# Ah! Prova-ho, no casque alguna cosa :P ivb
+# Ah, ja veig! Moltes gràcies! Aquest msgstr ha quedat curiós :) jm
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Necessiteu la contrasenya per desblocar la clau secreta de l'usuari:\n"
+"«%2$.*1$s»\n"
+"clau %4$s de %3$u bits, ID %5$08lX, creada en %6$s%7$s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Introduïu la contrasenya\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "s'ha cancel·lat per l'usuari\n"
+
+#: g10/passphrase.c:592
+#, fuzzy, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"\n"
+"Necessiteu la contrasenya per desblocar la clau secreta de\n"
+"l'usuari: \""
+
+#: g10/passphrase.c:600
+#, fuzzy, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "clau %2$s de %1$u bits, ID %3$08lX, creada en %4$s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Seleccioneu una imatge per a utilitzarla en el vostre photo ID. La imatge\n"
+"ha de ser un fitxer JPEG. Recordeu que la imatge es desa dins de la vostra\n"
+"clau pública. Si utilitzeu una foto molt gran, la vostra clau també es farà\n"
+"molt gran!\n"
+"Es recomana una imatge amb una mida aproximada de 240x288.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Introduïu el nom del fitxer JPEG per al photo ID: "
+
+#: g10/photoid.c:117
+#, fuzzy, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "No s'ha pogut obrir la foto «%s»: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+#, fuzzy
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Esteu segur que encara voleu utilitzarla (s/N)? "
+
+#: g10/photoid.c:146
+#, fuzzy, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "«%s» no és un fitxer JPEG\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "És aquesta foto correcta (s/N/x)? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "no s'ha pogut mostrar el photo ID!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "No s'ha especificat cap raó"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "La clau ha estat substituïda"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "La clau ha estat compromesa"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "La clau ja no s'usa"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "L'ID d'usuari ja no és vàlid"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "raó de la revocació: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "comentari de la revocació: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMxXoO"
+
+#: g10/pkclist.c:212
+#, fuzzy
+msgid "No trust value assigned to:\n"
+msgstr ""
+"No hi ha cap valor de confiança assignat a:\n"
+"%4u%c/%08lX %s \""
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr ""
+
+#: g10/pkclist.c:255
+#, fuzzy
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+"%08lX: No hi ha res que indique que la signatura pertany al seu propietari.\n"
+
+#: g10/pkclist.c:270
+#, fuzzy, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = No ho sé\n"
+
+#: g10/pkclist.c:272
+#, fuzzy, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = NO confie\n"
+
+#: g10/pkclist.c:278
+#, fuzzy, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Hi confie absolutament\n"
+
+#: g10/pkclist.c:284
+#, fuzzy
+msgid " m = back to the main menu\n"
+msgstr " m = torna al menú principal\n"
+
+#: g10/pkclist.c:287
+#, fuzzy
+msgid " s = skip this key\n"
+msgstr " o = omet aquesta clau\n"
+
+#: g10/pkclist.c:288
+#, fuzzy
+msgid " q = quit\n"
+msgstr " x = ix\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "La vostra decisió? "
+
+#: g10/pkclist.c:319
+#, fuzzy
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Realment voleu assignar confiança absoluta a aquesta clau? "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certificats que duen a una clau de confiança absoluta:\n"
+
+#: g10/pkclist.c:418
+#, fuzzy, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: No hi ha res que indique que la signatura pertany al seu propietari.\n"
+
+#: g10/pkclist.c:423
+#, fuzzy, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: No hi ha res que indique que la signatura pertany al seu propietari.\n"
+
+#: g10/pkclist.c:429
+#, fuzzy
+msgid "This key probably belongs to the named user\n"
+msgstr "Aquesta clau pertany probablement al seu propietari\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Aquesta clau és nostra\n"
+
+#: g10/pkclist.c:460
+#, fuzzy
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"NO és segur que la clau pertanya a la persona esmentada en\n"
+"l'ID d'usuari. Si *realment* sabeu què feu, podeu respondre\n"
+"«sí» a la següent pregunta\n"
+"\n"
+
+#: g10/pkclist.c:479
+#, fuzzy
+msgid "Use this key anyway? (y/N) "
+msgstr "Voleu usar de tota manera aquesta clau?"
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "AVÃS: S'està usant una clau no fiable!\n"
+
+#: g10/pkclist.c:520
+#, fuzzy
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+"AVÃS: la clau %08lX pot estar revocada: la clau de revocació %08lX no està "
+"present.\n"
+
+#: g10/pkclist.c:529
+#, fuzzy
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "AVÃS: Aquesta clau ha estat revocada pel propietari!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "AVÃS: Aquesta clau ha estat revocada pel propietari!\n"
+
+#: g10/pkclist.c:533
+#, fuzzy
+msgid " This could mean that the signature is forged.\n"
+msgstr " Açò podria significar que la signatura és falsificada.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "AVÃS: Aquesta subclau ha estat revocada pel propietari!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Nota: Aquesta clau ha estat desactivada.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Nota: La clau ha caducat!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "AVÃS: Aquesta clau no ve certificada per una signatura de confiança!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" No hi ha res que indique que la signatura pertany al seu propietari.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "AVÃS: La clau NO és de confiança!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Probablement la signatura és FALSA.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr "AVÃS: Aquesta clau no ve certificada per signatures prou fiables!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr "No és segur que la signatura pertanya al seu propietari.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: es descarta: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: es descarta: la clau pública ja està present\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "No heu especificat un ID d'usuari. (podeu usar «-r»)\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Introduïu l'ID d'usuari. Finalitzeu amb una línia en blanc: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Usuari inexistent.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "es descarta: la clau pública ja s'ha especificat com a destinatari\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "La clau pública està desactivada.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "es descarta: la clau pública ja està establida\n"
+
+#: g10/pkclist.c:1045
+#, fuzzy, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "el destinatari predeterminat és desconegut «%s»\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: es descarta: la clau pública està desactivada\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "no hi ha adreces vàlides\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "clau %08lX: sense ID\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "clau %08lX: sense ID\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "les dades no s'han desat; useu l'opció \"--output\" per desar-les\n"
+
+# Indi? ivb
+# Em pense que no. jm
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Signatura separada.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Introduïu el nom del fitxer de dades: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "s'està llegint d'stdin...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "no hi ha dades signades\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "no s'han pogut obrir les dades signades `%s'\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "no s'han pogut obrir les dades signades `%s'\n"
+
+# Indi? ivb
+# Yeh... jm
+#: g10/pubkey-enc.c:105
+#, fuzzy, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "el destinatari és anònim; es provarà la clau secreta %08lX ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "d'acord, som el destinatari anònim.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "la codificació antiga del DEK no està suportada\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "l'algoritme de xifratge %d%s és desconegut o està desactivat\n"
+
+#: g10/pubkey-enc.c:284
+#, fuzzy, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "NOTA: no s'ha trobat l'algoritme de xifratge %d en les preferències\n"
+
+#: g10/pubkey-enc.c:304
+#, fuzzy, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "NOTA: la clau secreta %08lX caduca el %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "NOTA: aquesta clau ha estat revocada!"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "ha fallat build_packet: %s\n"
+
+#: g10/revoke.c:145
+#, fuzzy, c-format
+msgid "key %s has no user IDs\n"
+msgstr "clau %08lX: sense ID\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "A ser revocada per:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Aquesta és una clau de revocació sensible)\n"
+
+#: g10/revoke.c:314
+#, fuzzy
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Voleu crear un certificat de revocació per a aquesta clau? "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "s'ha forçat l'eixida d'armadura ASCII.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "ha fallat make_keysig_packet: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "S'ha creat el certificat de revocació.\n"
+
+#: g10/revoke.c:411
+#, fuzzy, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "no s'han ttrobat claus de revocació per a «%s»\n"
+
+#: g10/revoke.c:470
+#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "no hi ha cap clau pública corresponent: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "la clau pública no coincideix amb la clau secreta!\n"
+
+#: g10/revoke.c:515
+#, fuzzy
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Voleu crear un certificat de revocació per a aquesta clau? "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "l'algorisme de protecció és desconegut\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "NOTA: Aquesta clau no està protegida!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"S'ha creat un certificat de revocació.\n"
+"\n"
+"Si us plau, mogueu-lo a un medi que pugueu amagar; si Mallory aconsegueix\n"
+"accés a aquest certificat pot utilitzar-lo per a fer la vostra clau\n"
+"inservible. És intel·ligent imprimir aquest certificat i amagar-lo, per\n"
+"si el vostre medi es torna illegible. Però aneu amb compte: el sistema\n"
+"d'impressió de la vostra màquina podria emmagatzemar les dades i fer-les\n"
+"disponibles a altres!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Seleccioneu la raó de la revocació:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Cancel·la"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Segurament voleu seleccionar %d ací)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr ""
+"Introduïu una descripció opcional; finalitzeu amb una línia en blanc:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Raó de la revocació: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(No es va donar una descripció)\n"
+
+#: g10/revoke.c:721
+#, fuzzy
+msgid "Is this okay? (y/N) "
+msgstr "És açò correcte? "
+
+# Parts? Peces? ivb
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "parts de la clau secreta no estan disponbles\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "l'algoritme de protecció %d%s no està suportat\n"
+
+#: g10/seckey-cert.c:72
+#, fuzzy, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "l'algoritme de protecció %d%s no està suportat\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "La contrasenya no és vàlida; torneu a intentar-ho"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "AVÃS: la clau és feble; per favor, canvieu la contrasenya.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"s'està generant la suma de comprovació desaconsellada de 16-bits per a la "
+"protecció de la clau secreta\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "s'hi ha creat una clau feble - reintent\n"
+
+# És no-wrap? ivb
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"no s'ha pogut evitar una clau feble per a xifratge simètric;\n"
+"hi ha hagut %d intents!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "AVÃS: conflicte de signatures digest en el missatge\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+
+#: g10/sig-check.c:117
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"AVÃS: no es pot desfer la nominació d'una clau com a revocador designat!\n"
+
+#: g10/sig-check.c:211
+#, fuzzy, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "la clau pública %08lX és %lu segons anterior a la signatura\n"
+
+#: g10/sig-check.c:212
+#, fuzzy, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "la clau pública %08lX és %lu segons anterior a la signatura\n"
+
+# Werner FIXME: Use ngettext. jm
+#: g10/sig-check.c:223
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"la clau s'ha creat %lu segon en el futur (salt en el temps o problemes\n"
+"amb el rellotge)\n"
+
+# Werner FIXME: use ngettext. jm
+#: g10/sig-check.c:225
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"la clau s'ha creat %lu segons en el futur (salt en el temps o problemes\n"
+"amb el rellotge)\n"
+
+#: g10/sig-check.c:239
+#, fuzzy, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "NOTA: la clau de signatura %08lX va caducar el %s\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "NOTA: aquesta clau ha estat revocada!"
+
+#: g10/sig-check.c:325
+#, fuzzy, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"es supossa una signatura incorrecta de la clau %08lX a causa d'un bit crític "
+"desconegut\n"
+
+#: g10/sig-check.c:591
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr ""
+"clau %08lX: no hi ha una subclau per al paquet de la subclau de revocació\n"
+
+#: g10/sig-check.c:618
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr ""
+"clau %08lX: no hi ha una subclau per a la signatura de l'enllaç de la "
+"subclau\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"AVÃS: no s'ha pogut %%-expandir la notació (massa gran). S'utilitza no "
+"expandida.\n"
+
+#: g10/sign.c:115
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"AVÃS: no s'ha pogut %%-expandir l'url de política (massa gran). S'utilitza "
+"no expandida.\n"
+
+#: g10/sign.c:138
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"AVÃS: no s'ha pogut %%-expandir l'url de política (massa gran). S'utilitza "
+"no expandida.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "no s'ha pogut comprovar la signatura creada: %s\n"
+
+#: g10/sign.c:320
+#, fuzzy, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s signatura de: «%s»\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"només podeu fer signatures separades amb claus d'estil PGP 2.x mentre esteu "
+"en mode --pgp2\n"
+
+#: g10/sign.c:837
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"forçar l'algoritme de digest %s (%d) viola les preferències del destinatari\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "signatura:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"només podeu signar en clar amb claus d'estil PGP 2.x en el mode --pgp2\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "s'utilitzarà xifratge %s\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"la clau no està marcada com a insegura - no es pot utilitzar amb el GNA "
+"fals!\n"
+
+#: g10/skclist.c:174
+#, fuzzy, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "es descarta «%s»: duplicat\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "es descarta «%s»: %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "es descarta: la clau secreta ja és present\n"
+
+#: g10/skclist.c:208
+#, fuzzy
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"es descarta «%s»: és una clau ElGamal generada per PGP que no és segura per a "
+"signatures!\n"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "registre de confiança %lu, tipus %d: no s'ha pogut escriure: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Llista de valors de confiança assignats, creat el %s\n"
+"# (Utilitzeu «gpg --import-ownertrust» per a restaurar-les)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, fuzzy, c-format
+msgid "error in `%s': %s\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+#: g10/tdbdump.c:161
+#, fuzzy
+msgid "line too long"
+msgstr "la línia és massa llarga\n"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+#, fuzzy
+msgid "invalid fingerprint"
+msgstr "error: l'empremta digital és invàlida\n"
+
+#: g10/tdbdump.c:180
+#, fuzzy
+msgid "ownertrust value missing"
+msgstr "importa els valors de confiança"
+
+#: g10/tdbdump.c:216
+#, fuzzy, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "error en trobar el registre de confiança: %s\n"
+
+#: g10/tdbdump.c:220
+#, fuzzy, c-format
+msgid "read error in `%s': %s\n"
+msgstr "error de lectura: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "base de dades de confiança: no s'ha pogut sincronitzar: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "reg de la base de dades de confiança %lu: ha fallat lseek: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr ""
+"reg de la base de dades de confiança %lu: ha fallat la escriptura (n=%d): %"
+"s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "la transacció de la base de dades de confiança és massa gran\n"
+
+# No em passe! ;) ivb
+#: g10/tdbio.c:500
+#, fuzzy, c-format
+msgid "can't access `%s': %s\n"
+msgstr "no s'ha pogut tancar «%s»: %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: el directori no existeix!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, fuzzy, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "no es pot crear el directori «%s»: %s\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, fuzzy, c-format
+msgid "can't lock `%s'\n"
+msgstr "no s'ha pogut obrir «%s»\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: no s'ha pogut crear un registre de versió: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: s'ha creat una base de dades de confiança invàlida\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: s'ha creat la base de dades de confiança\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "NOTA: no es pot escriure en la base de dades de confiança\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: la base de dades de confiança és invàlida\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: no s'ha pogut crear la taula de dispersió: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: error en actualitzar el registre de la versió: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: error en llegir el registre de la versió: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: error en escriure el registre de la versió: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "base de dades de confiança: ha fallat lseek: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "base de dades de confiança: ha fallat la lectura (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s no és un fitxer de base de dades de confiança\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: registre de versió amb número de registre %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: la versió de fitxer %d és invàlida\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: error en llegir el registre lliure: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: error en escriure el registre de directoris: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: no s'ha pogut posar a zero un registre: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: no s'ha pogut afegir un registre: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: s'ha creat la base de dades de confiança\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "no es poden tractar línies més llargues de %d caràcters\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "la línia d'entrada és superior a %d caràcters\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "«%s» no és un ID de clau llarg vàlid\n"
+
+#: g10/trustdb.c:252
+#, fuzzy, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "clau %08lX: s'accepta com a clau fiable\n"
+
+#: g10/trustdb.c:290
+#, fuzzy, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr ""
+"la clau %08lX apareix més d'una vegada en la base de dades de confiança\n"
+
+#: g10/trustdb.c:305
+#, fuzzy, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr ""
+"clau %08lX: no hi ha una clau pública per a la clau fiable - es descarta\n"
+
+#: g10/trustdb.c:315
+#, fuzzy, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "s'ha marcat la clau com a de confiança absoluta.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "registre de confiança %lu, tipus %d: no s'ha pogut llegir: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "el registre de confiança %lu no és del tipus demanat %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+#, fuzzy
+msgid "[ revoked]"
+msgstr "[revocada]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+#, fuzzy
+msgid "[ expired]"
+msgstr "[caducada]"
+
+#: g10/trustdb.c:528
+#, fuzzy
+msgid "[ unknown]"
+msgstr "desconeguda"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+#, fuzzy
+msgid "never"
+msgstr "mai "
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr ""
+"no és necessària una comprovació de la base de dades de confiança\n"
+"\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "la pròxima comprovació de la base de dades de confiança serà el %s\n"
+
+#: g10/trustdb.c:607
+#, fuzzy, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr ""
+"no és necessària una comprovació de la base de dades de confiança\n"
+"\n"
+
+#: g10/trustdb.c:622
+#, fuzzy, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr ""
+"no és necessària una comprovació de la base de dades de confiança\n"
+"\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, fuzzy, c-format
+msgid "public key %s not found: %s\n"
+msgstr "no s'ha trobat la clau pública %08lX: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "si us plau, feu un --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "s'està comprovant la base de dades de confiança\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "s'han processat %d claus (s'han netejat %d comptes de validesa)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "no s'han trobat claus amb confiança absoluta\n"
+
+#: g10/trustdb.c:2309
+#, fuzzy, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr ""
+"no s'ha trobat la clau pública de la clau amb confiança absoluta %08lX\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, fuzzy, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "registre de confiança %lu, tipus %d: no s'ha pogut escriure: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"no s'ha pogut verificar la signatura.\n"
+"Recordeu que el fitxer de signatura (.sig o .asc)\n"
+"ha de ser el primer que figure en la línia d'ordres.\n"
+
+# LF -> fi de línia? ivb
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "la línia d'entrada %u és massa llarga o hi falta un fí de línia\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "no s'ha pogut obrir «%s»: %s\n"
+
+#: jnlib/argparse.c:180
+msgid "argument not expected"
+msgstr ""
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "error de lectura"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "la línia és massa llarga\n"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "l'argument és invàlid"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "les ordres entren en conflicte\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "opcions d'importació no vàlides\n"
+
+# Gènere? Nombre? Passat, futur? ivb
+# Probablement és una clau, femení. jm
+# Werner FIXME: please add translator comment saying *what* is
+# uncompressed so we know the gender. jm
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "no forçat"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "opcions d'importació no vàlides\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "L'ordre no és vàlida (proveu «help»)\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+# Gènere? Nombre? Passat, futur? ivb
+# Probablement és una clau, femení. jm
+# Werner FIXME: please add translator comment saying *what* is
+# uncompressed so we know the gender. jm
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "no forçat"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "opcions d'importació no vàlides\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "heu trobat un bug... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "no es pot obrir el fitxer: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "no s'ha pogut crear l'armadura: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "no es pot crear el directori «%s»: %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "s'està escrivint la clau secreta a «%s»\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "no s'ha trobat la clau pública %08lX: %s\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "s'està escrivint la clau secreta a «%s»\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "canvia la contrasenya"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "canvia la contrasenya"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Seleccioneu la raó de la revocació:\n"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Seleccioneu la raó de la revocació:\n"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, fuzzy, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "error en crear «%s»: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "no s'ha pogut emmagatzemar l'empremta digital: %s\n"
+
+#: scd/app-openpgp.c:708
+#, fuzzy, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "no s'ha pogut reconstruir la memòria cau de l'anell: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, fuzzy, c-format
+msgid "reading public key failed: %s\n"
+msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr ""
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "canvia la contrasenya"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, fuzzy, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "l'enviament al servidor de claus ha fallat: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "canvia la contrasenya"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "canvia la contrasenya"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "Seleccioneu la raó de la revocació:\n"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+#, fuzzy
+msgid "error reading application data\n"
+msgstr "s'ha produït un error en llegir el bloc de claus: %s\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+#, fuzzy
+msgid "error reading fingerprint DO\n"
+msgstr "error: l'empremta digital és invàlida\n"
+
+#: scd/app-openpgp.c:2194
+#, fuzzy
+msgid "key already exists\n"
+msgstr "«%s» ja està comprimida\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2200
+#, fuzzy
+msgid "generating new key\n"
+msgstr "genera un nou parell de claus"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "genera un nou parell de claus"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2773
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "no s'ha pogut inicialitzar la base de dades de confiança: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2872
+#, fuzzy
+msgid "generating key failed\n"
+msgstr "La generació de claus ha fallat: %s\n"
+
+#: scd/app-openpgp.c:2875
+#, fuzzy, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "La generació de claus ha fallat: %s\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "signatura %s, algorisme de resum %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr ""
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+#, fuzzy
+msgid "|N|Initial New PIN"
+msgstr "Introduïu el nom d'usuari: "
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "|FITXER|carrega el mòdul d'extensió especificat"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+#, fuzzy
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NOM|usa NOM com a destinatari predeterminat"
+
+#: scd/scdaemon.c:130
+#, fuzzy
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NOM|usa NOM com a destinatari predeterminat"
+
+#: scd/scdaemon.c:133
+#, fuzzy
+msgid "do not use the internal CCID driver"
+msgstr "no usa el terminal en absolut"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "les ordres entren en conflicte\n"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "el caràcter radix64 %02x invàlid s'ha omés\n"
+
+#: sm/call-agent.c:137
+#, fuzzy, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "no s'ha pogut posar «%s» en la base de dades de confiança - %s\n"
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+#, fuzzy
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "la variable d'entorn GPG_AGENT_INFO és malformada\n"
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "la versió %d del protocol de gpg-agent no està suportada\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "ajuda"
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "la versió %d del protocol de gpg-agent no està suportada\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "no s'ha pogut obrir «%s»: %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "s'està escrivint la clau secreta a «%s»\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "error en la creació de la contrasenya: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "no s'ha pogut inicialitzar la base de dades de confiança: %s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "NOTA: aquesta clau ha estat revocada!"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "no s'ha pogut comprovar la signatura creada: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, fuzzy, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "problema en la lectura del certificat: %s\n"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+#, fuzzy
+msgid "certificate not yet valid"
+msgstr "Certificat de revocació vàlid"
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "Certificat de revocació vàlid"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+#, fuzzy
+msgid "intermediate certificate not yet valid"
+msgstr "Certificat de revocació vàlid"
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "problema en la lectura del certificat: %s\n"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "problema en la lectura del certificat: %s\n"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "problema en la lectura del certificat: %s\n"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "problema en la lectura del certificat: %s\n"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " signatures noves: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "S'ha creat el certificat de revocació.\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "Certificat de revocació vàlid"
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr ""
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "Empremta digital:"
+
+#: sm/certchain.c:1153
+#, fuzzy
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+"No s'han trobat certificats amb confiança no definida.\n"
+"\n"
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "Certificat correcte"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+#, fuzzy
+msgid "root certificate is not marked trusted"
+msgstr ""
+"No s'han trobat certificats amb confiança no definida.\n"
+"\n"
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "no s'ha pogut comprovar la signatura creada: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+#, fuzzy
+msgid "certificate chain too long\n"
+msgstr "Certificat de revocació vàlid"
+
+#: sm/certchain.c:1489
+#, fuzzy
+msgid "issuer certificate not found"
+msgstr "Certificat de revocació vàlid"
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "verifica una signatura"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "Certificat de revocació vàlid"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "certificat duplicat: esborrat"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr ""
+"No s'han trobat certificats amb confiança no definida.\n"
+"\n"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "no"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "error: l'empremta digital és invàlida\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "error: l'empremta digital és invàlida\n"
+
+# Com es canvia l'ordre dels arguments? jm
+# Ah, bingo! jm
+# Uh, ara torna a donar error. FIXME
+# La idea és ficar:
+# "Necessiteu la contrasenya per desblocar la clau secreta de l'usuari:\n"
+# "«%1$.*s»\n"
+# "clau %3$s de %2$u bits, ID %4$08lX, creada en %5$s%6$s\n"
+# jm
+# Se't passava l'argument «*». printf(3), hieroglyph(7). ivb
+# Ah! Prova-ho, no casque alguna cosa :P ivb
+# Ah, ja veig! Moltes gràcies! Aquest msgstr ha quedat curiós :) jm
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Necessiteu la contrasenya per desblocar la clau secreta de l'usuari:\n"
+"«%2$.*1$s»\n"
+"clau %4$s de %3$u bits, ID %5$08lX, creada en %6$s%7$s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "s'ha produït un error mentre s'escrivia l'anell secret «%s»: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "l'algoritme de dispersió és invàlid «%s»\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "No és una adreça vàlida\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "error en crear l'anell «%s»: %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "error en crear l'anell «%s»: %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "La generació de claus ha fallat: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (només signar)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) RSA (només xifrar)\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Notació de signatura: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "No hi ha cap ID amb l'índex %d\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: error en llegir el registre lliure: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "error en la creació de la contrasenya: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "desactiva una clau"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) RSA (signar i xifrar)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (només signar)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (només xifrar)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+#, fuzzy
+msgid "No subject name given\n"
+msgstr "(No es va donar una descripció)\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "l'algoritme de dispersió és invàlid «%s»\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "Adreça electrònica: "
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"Introduïu l'ID d'usuari. Finalitzeu amb una línia en blanc: "
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "Introduïu el nou nom del fitxer"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr ""
+"Introduïu una descripció opcional; finalitzeu amb una línia en blanc:\n"
+
+#: sm/certreqgen-ui.c:344
+#, fuzzy
+msgid "Enter URIs"
+msgstr "Introduïu el nom d'usuari: "
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "s'ha produït un error en llegir el bloc de claus: %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "certificat duplicat: esborrat"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "certificat duplicat: esborrat"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "(No es va donar una descripció)\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "llista claus secretes"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "Certificat de revocació vàlid"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "Certificat correcte"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "Certificat correcte"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "crea eixida amb armadura ascii"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "no usa el terminal en absolut"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "|FITXER|carrega el mòdul d'extensió especificat"
+
+# Mode desatès (SC) ivb
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "mode desatès: no pregunta mai"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "suposa «sí» en la majoria de les preguntes"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "suposa «no» en la majoria de les preguntes"
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "afegeix aquest anell a la llista"
+
+#: sm/gpgsm.c:301
+#, fuzzy
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|NOM|usa NOM com a clau secreta predeterminada"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|HOST|usa aquest servidor per a cercar claus"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NOM|usa l'algoritme de xifratge NOM"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NOM|usa l'algoritme de resum de missatges NOM"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintaxi: gpg [opcions] [fitxers]\n"
+"signa, comprova, xifra o desxifra\n"
+"l'operació predeterminada depén de les dades introduïdes\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "forma d'ús: gpg [opcions] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "no s'ha pogut connectar amb «%s»: %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "el destinatari predeterminat és desconegut «%s»\n"
+
+#: sm/gpgsm.c:801
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(No es va donar una descripció)\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " o = omet aquesta clau\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "no s'ha pogut analitzar sintàcticament la URI del servidor de claus\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr ""
+
+# No em passe! ;) ivb
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "no s'ha pogut tancar «%s»: %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr "Nombre total processat: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "Certificat correcte"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "no s'ha pogut inicialitzar la base de dades de confiança: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "error en crear «%s»: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "error en la creació de la contrasenya: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "error en crear l'anell «%s»: %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "s'ha creat l'anell «%s»\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "no s'ha pogut emmagatzemar l'empremta digital: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "error en la creació de la contrasenya: %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "error en la creació de la contrasenya: %s\n"
+
+#: sm/keydb.c:1408
+#, fuzzy, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "rev? hi ha problemes en la comprovació de la revocació: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "error: l'empremta digital és invàlida\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "l'algoritme de protecció %d%s no està suportat\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "no s'ha pogut comprovar la signatura creada: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "Aquesta signatura va caducar el %s\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "error en la creació de la contrasenya: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "Signatura correcta de \""
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " alias \""
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr ""
+"\n"
+"Açò serà una autosignatura.\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "ix"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|FITXER|carrega el mòdul d'extensió especificat"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "la línia és massa llarga\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "el destinatari predeterminat és desconegut «%s»\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "Ha fallat el procés de signatura: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "error mentre s'enviava a «%s»: %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "error mentre s'enviava a «%s»: %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|usa el mode de contrasenya especificat"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "error en la creació de la contrasenya: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NOM|usa NOM com a clau secreta predeterminada"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NOM|xifra per a NOM"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "no s'ha pogut analitzar sintàcticament la URI del servidor de claus\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+#, fuzzy
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NOM|usa l'algoritme de xifratge NOM per a les contrasenyes"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "s'ha creat el nou fitxer d'opcions «%s»\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "s'ha creat el nou fitxer d'opcions «%s»\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "fitxer d'eixida"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "forma d'ús: gpg [opcions] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "no s'ha trobat la clau pública"
+
+#: tools/gpgconf.c:284
+msgid "No argument allowed"
+msgstr ""
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Ordres:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "desxifratge correcte\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "desxifratge correcte\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [nom_del_fitxer]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s no és permés amb %s!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "ha fallat l'actualització de la base de dades de confiança: %s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "no es pot crear el directori «%s»: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, fuzzy, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "no s'ha pogut obrir %s: %s\n"
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "error en la lectura de «%s»: %s\n"
+
+# Execució de programes remots, o execució remota de programes? jm
+#: tools/symcryptrun.c:488
+#, fuzzy
+msgid "no --program option provided\n"
+msgstr "no hi ha suport per a l'execució remota de programes\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "no s'ha pogut crear «%s»: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "no s'ha pogut crear «%s»: %s\n"
+
+#: tools/symcryptrun.c:552
+#, fuzzy, c-format
+msgid "could not fork: %s\n"
+msgstr "%s: no s'ha trobat l'usuari: %s\n"
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "ha fallat l'actualització: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "ha fallat l'actualització: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "ha fallat l'actualització: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "ha fallat l'actualització: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "%s: no s'ha creat l'anell: %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "no s'ha pogut crear «%s»: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "l'algoritme de protecció %d%s no està suportat\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Forma d'ús: gpg [opcions] [fitxers] (-h per a veure l'ajuda)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Ordre> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr ""
+#~ "la base de dades de confiança està corrompuda; per favor, executeu «gpg --"
+#~ "fix-trustdb».\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr "Si us plau, informeu sobre els errors a <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr "Si us plau, informeu sobre els errors a <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "La parella de claus DSA ha de tenir 1024 bits.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Repetiu la contrasenya\n"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "s'estan llegint opcions de «%s»\n"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[fitxer]|crea una signatura"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[fitxer]|crea una signatura en text clar"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|NOM|usa NOM com a destinatari predeterminat"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "usa la clau predeterminada com a destinatari predeterminat"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "força signatures v3"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "sempre utilitza un MDC per a xifrar"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "afegeix aquest anell secret a la llista"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|NOM|el joc de caràcters serà NOM"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|FITXER|carrega el mòdul d'extensió especificat"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|usa l'algoritme de compressió N"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "elimina claus de l'anell públic"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "L'assignació d'un valor ací és cosa vostra; aquest valor mai s'exportarà\n"
+#~ "a cap tercer. Ho necessitem per a implementar la xarxa de confiança; no "
+#~ "té\n"
+#~ "res a veure amb la xarxa de certificats (creada implícitament)."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Per a construir la xarxa de confiança, GnuPG necessita saber quines "
+#~ "claus\n"
+#~ "tenen confiança absoluta - aquestes són normalment les claus per a les "
+#~ "que\n"
+#~ "teniu accés a la clau secreta. Contesteu «sí» per a donar a aquesta clau\n"
+#~ "confiança absoluta\n"
+
+# "clau no confiable"? jm
+# No fiable, no de confiança, no de fiar... ivb
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Si voleu utilitzar aquesta clau no de confiança de totes maneres, dieu "
+#~ "«sí»."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr ""
+#~ "Introduïu l'ID d'usuari de la persona a qui voleu enviar el missatge."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "En general no és bona idea utilitzar la mateixa clau per a signar i\n"
+#~ "xifrar. Aquest algoritme només s'hauria d'usar en tasques concretes.\n"
+#~ "Si us plau, consulteu al vostre expert en seguretat primer."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Introduïu la grandària de la clau"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Contesteu «sí» o «no»"
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Introduïu el valor requerit tal i com es mostra en l'indicatiu.\n"
+#~ "És possible introduir una data ISO (AAAA-MM-DD) però no rebreu\n"
+#~ "una bona resposta d'error - en canvi, el sistema tractarà d'interpretar\n"
+#~ "el valor donat com un interval."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Introduïu el nom del propietari de la clau"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr "introduïu una adreça de correu (opcional però molt recomanable)"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Introduïu un comentari opcional"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N canvia el nom.\n"
+#~ "C canvia el comentari.\n"
+#~ "E canvia l'adreça de correu electrònic.\n"
+#~ "O continua la generació de les claus.\n"
+#~ "Q ix."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr "Contesteu «sí» (o només «s») si és correcte generar la subclau."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Quan signeu un ID d'usuari d'una clau, primer hauríeu de verificar que la "
+#~ "clau\n"
+#~ "pertany a la persona esmentada en l'ID d'usuari. És útil per a altres "
+#~ "saber\n"
+#~ "amb quanta cura heu verificat açò.\n"
+#~ "\n"
+#~ "«0» significa que no feu cap declaració de amb quanta cura heu verificat\n"
+#~ " la clau.\n"
+#~ "\n"
+#~ "«1» significa que creieu que la clau és de la persona que diu que és la\n"
+#~ " propietària, però no heu pogut, o no heu verificat la clau de cap "
+#~ "manera.\n"
+#~ " Açò és útil per a la verificació d'un «rol», quan signeu la clau d'un\n"
+#~ " usuari amb pseudònim.\n"
+#~ "\n"
+#~ "«2» significa que heu fet algunes comprovacions de la clau. Per exemple, "
+#~ "açò\n"
+#~ " pot significar que heu verificat la emprenta digital de la clau i "
+#~ "verificat\n"
+#~ " l'ID d'usuari en la clau amb el photo ID.\n"
+#~ "\n"
+#~ "«3» significa que heu fet una verificació exhaustiva de la clau. Per "
+#~ "exemple,\n"
+#~ " açò pot significar que heu verificat la emprenta digital amb el "
+#~ "propietari\n"
+#~ " de la clau en persona, i que heu comprovat, mitjançant un document "
+#~ "difícil\n"
+#~ " de falsificar amb photo ID (com un passaport) que el nom del "
+#~ "propietari\n"
+#~ " coincideix amb el nom de l'ID d'usuari en la clau, i finalment que "
+#~ "heu\n"
+#~ " verificat (per intercanvi de correu) que l'adreça de correu en la "
+#~ "clau\n"
+#~ " pertany al propietari de la clau.\n"
+#~ "\n"
+#~ "Teniu en compte que els exemples donats anteriorment per als nivels 2 i 3 "
+#~ "són\n"
+#~ "*només* exemples. Al final, és cosa vostra decidir què significa «alguna» "
+#~ "i\n"
+#~ "«exhaustiva» per a vosaltres quan voleu signar altres claus.\n"
+#~ "\n"
+#~ "Si no sabeu quina és la resposta correcta, contesteu «0»."
+
+#, fuzzy
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "Contesteu «sí» si voleu signar TOTS els ID d'usuari"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Contesteu «sí» si realment voleu eliminar aquest ID d'usuari.\n"
+#~ "Tots els certificats també es perdran!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Contesteu «sí» si és correcte eliminar la subclau"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Aquesta és una signatura vàlida en la clau; normalment no voldreu\n"
+#~ "eliminar aquesta signatura perquè pot ser important per a establir\n"
+#~ "una connexió de confiança a la clau o a un altra clau certificada\n"
+#~ "per aquesta clau."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Aquesta signatura no es pot comprovar perquè no teniu la clau\n"
+#~ "corresponent. Hauríeu de posposar la seua eliminació fins que\n"
+#~ "sapieu quina clau es va utilitzar ja que aquesta clau de signatura\n"
+#~ "podria establir una connexió de confiança a través d'una altra clau ja\n"
+#~ "certificada."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr ""
+#~ "La signatura no és vàlida. Té sentit que l'elimineu de l'anell\n"
+#~ "de claus."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Aquesta és una signatura que enllaça l'ID de l'usuari amb la clau.\n"
+#~ "Normalment no és una bona idea eliminar una signatura com aquesta.\n"
+#~ "Actualment, GnuPG podria no poder utilitzar aquesta clau de nou, així\n"
+#~ "que feu açò només si l'autosignatura no és vàlida per alguna raó i\n"
+#~ "hi ha una segona disponible."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Canvia les preferències de tots els ID d'usuari (o només els dels "
+#~ "seleccionats)\n"
+#~ "a la llista actual de preferències. Les marques de temps de totes les\n"
+#~ "autosignatures afectades s'avançaran un segon.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr "Per favor, repetiu l'última contrasenya per confirmar-la."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Doneu el nom del fitxer al qual s'aplica la signatura"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Contesteu «sí» si és correcte sobreescriure el fitxer"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Introduïu un nom de fitxer. Si premeu RETORN s'hi usarà el fitxer\n"
+#~ "predeterminat (apareix entre claudàtors)."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Hauríeu d'especificar una raó per a la certificació. Depenent del\n"
+#~ "context teniu l'habilitat de triar d'aquesta llista:\n"
+#~ " «La clau ha estat compromesa»\n"
+#~ " Utilitzeu açò si teniu alguna raó per creure que persones no\n"
+#~ " autoritzades han tingut accés a la vostra clau secreta.\n"
+#~ " «La clau ha estat reemplaçada»\n"
+#~ " Utilitzeu açò si heu reemplaçat aquesta clau amb una més nova.\n"
+#~ " «La clau ja no està en ús»\n"
+#~ " Utilitzeu açò si heu retirat aquesta clau.\n"
+#~ " «L'ID de l'usuari ja no és vàlid»\n"
+#~ " Utilitzeu açò per a constatar que l'ID de l'usuari no s'hauria\n"
+#~ " d'utilitzar més; açò s'utilitza normalment per a marcar una adreça\n"
+#~ " de correu com a invàlida.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Si voleu podeu introduir un text que descriga per què expediu aquest\n"
+#~ "certificat de revocació. Per favor, sigueu concisos.\n"
+#~ "Una línia buida indica el final del text.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "no es poden ficar dades de notació dins de signatures v3 (estil PGP 2.x)\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr ""
+#~ "no es poden ficar dades de notació dins de signatures de clau v3 (estil "
+#~ "PGP 2.x)\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "no es pot ficar una URL de política dins de signatures v3 (estil PGP 2."
+#~ "x)\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "no es pot ficar una URL de política dins de signatures de clau v3 (estil "
+#~ "PGP 2.x)\n"
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "ajuda"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr ""
+#~ "si us plau, visiteu http://www.gnupg.org/faq.html per a més informació\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "gpg-agent no està disponible en aquesta sessió\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Seleccioneu quin tipus de clau voleu:\n"
+
+#, fuzzy
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr ""
+#~ "la extensió de xifrat «%s» no s'ha carregat per tindre permissos insegurs\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA requereix l'ús d'un algoritme de dispersió de 160 bits\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "hi ha un problema amb l'agent: es deshabilitarà el seu ús\n"
+
+#, fuzzy
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "no es pot demanar la contrasenya en mode desatès\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Introduïu la contrasenya: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Repetiu la contrasenya: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [user-id] [anell]"
+
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "no s'ha pogut generar un prim amb pbits=%u qbits=%u\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "no s'ha pogut generar un prim amb menys de %d bits\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "no s'ha trobat cap mòdul d'acumulació d'entropia\n"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "no s'ha pogut obrir «%s»\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "no es pot fer stat de «%s»: %s\n"
+
+# Descartar, deixar passar... ignorar és un anglicisme. ivb
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "«%s» no és un fitxer regular: es descarta\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "nota: el fitxer random_seed és buit\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr "AVÃS: el tamany del fitxer random_seed no és vàlid - no s'usarà\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "no s'ha pogut llegir «%s»: %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "nota: el fitxer random_seed no s'ha actualitzat\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "no s'ha pogut escriure «%s»: %s\n"
+
+# No em passe! ;) ivb
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "no s'ha pogut tancar «%s»: %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "AVÃS: esteu usant un generador de nombres aleatoris insegur!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "El generador de nombres aleatoris és només un pedaç\n"
+#~ "per a que funcioni - de cap manera és un GNA fort!\n"
+#~ "\n"
+#~ "NO UTILITZEU CAP DADA GENERADA PER AQUEST PROGRAMA!!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Si us plau, espereu mentre es genera entropia. Feu alguna tasca si\n"
+#~ "vos ajuda no avorrir-vos, ja que ajudarà a la qualitat de la entropia.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "No hi ha prou bytes aleatoris. Per favor, feu alguna altra cosa per que "
+#~ "el\n"
+#~ "sistema tinga oportunitat de recollir més entropia. (Calen %d bytes més)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "la clau secreta no està disponible"
+
+#, fuzzy
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "gpg-agent no està disponible en aquesta sessió\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "Heu signat els següents ID d'usuari:\n"
+
+#~ msgid "general error"
+#~ msgstr "error general"
+
+#~ msgid "unknown packet type"
+#~ msgstr "el tipus de paquet és desconegut"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "l'algoritme de clau pública és desconegut"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "l'algoritme de resum és desconegut"
+
+#~ msgid "bad public key"
+#~ msgstr "la clau pública és errònia"
+
+#~ msgid "bad secret key"
+#~ msgstr "la clau secreta és errònia"
+
+#~ msgid "bad signature"
+#~ msgstr "la signatura és errònia"
+
+#~ msgid "checksum error"
+#~ msgstr "la suma de control és errònia"
+
+#~ msgid "unknown cipher algorithm"
+#~ msgstr "l'algoritme de xifratge és desconegut"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "no s'ha pogut obrir l'anell"
+
+#~ msgid "invalid packet"
+#~ msgstr "el paquet és invàlid"
+
+#~ msgid "invalid armor"
+#~ msgstr "l'armadura és invàlida"
+
+#~ msgid "no such user id"
+#~ msgstr "no s'ha trobat l'id de l'usuari"
+
+#~ msgid "secret key not available"
+#~ msgstr "la clau secreta no està disponible"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "s'ha utilitzat una clau secreta incorrecta"
+
+# Gènere? Nombre? ivb
+# Werner FIXME: please add translator comment saying *what* is
+# uncompressed so we know the gender. jm
+#~ msgid "not supported"
+#~ msgstr "no és suportat"
+
+#~ msgid "bad key"
+#~ msgstr "la clau és incorrecta"
+
+#~ msgid "file write error"
+#~ msgstr "error d'escriptura"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "l'algoritme de compressió és desconegut"
+
+#~ msgid "file open error"
+#~ msgstr "error en l'obertura del fitxer"
+
+#~ msgid "file create error"
+#~ msgstr "error en la creació del fitxer"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "la contrasenya és invàlida"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "l'algoritme de clau pública no és implementat"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "l'algoritme de xifratge no és implementat"
+
+#~ msgid "unknown signature class"
+#~ msgstr "la classe de signatura és desconeguda"
+
+#~ msgid "trust database error"
+#~ msgstr "error de la base de dades de confiança"
+
+#~ msgid "resource limit"
+#~ msgstr "límit de recursos"
+
+#~ msgid "invalid keyring"
+#~ msgstr "l'anell no és vàlid"
+
+#~ msgid "bad certificate"
+#~ msgstr "el certificat és incorrecte"
+
+#~ msgid "malformed user id"
+#~ msgstr "l'id d'usuari és malformat"
+
+#~ msgid "file close error"
+#~ msgstr "error en el tancament del fitxer"
+
+#~ msgid "file rename error"
+#~ msgstr "error en el reanomenament del fitxer"
+
+#~ msgid "file delete error"
+#~ msgstr "error en l'eliminació del fitxer"
+
+#~ msgid "unexpected data"
+#~ msgstr "dades inesperades"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "conflicte de data"
+
+# Ací veus pq jo pose «no és vàlid» en comptes de «és invàlid». ivb
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "l'algoritme de clau pública és inusable"
+
+#~ msgid "file exists"
+#~ msgstr "el fitxer existeix"
+
+# Segons context: la clau és feble? ivb
+#~ msgid "weak key"
+#~ msgstr "clau feble"
+
+# La «U» és masculina o femenina? ivb
+#~ msgid "bad URI"
+#~ msgstr "l'URI és errònia"
+
+# Ãdem. ivb
+#~ msgid "unsupported URI"
+#~ msgstr "l'URI no és suportada"
+
+#~ msgid "network error"
+#~ msgstr "error de la xarxa"
+
+# Gènere? Nombre? Passat, futur? ivb
+# Probablement és una clau, femení. jm
+# Werner FIXME: please add translator comment saying *what* is
+# uncompressed so we know the gender. jm
+#~ msgid "not processed"
+#~ msgstr "no processat"
+
+#~ msgid "unusable public key"
+#~ msgstr "ls clau pública és inusable"
+
+#~ msgid "unusable secret key"
+#~ msgstr "la clau secreta és inusable"
+
+# «del servidor», «en el servidor»? ivb
+#~ msgid "keyserver error"
+#~ msgstr "error de servidor de claus"
+
+# Gènere? Nombre? ivb
+# Werner FIXME: please add translator comment saying *what* is
+# uncompressed so we know the gender. jm
+#, fuzzy
+#~ msgid "no card"
+#~ msgstr "no és xifrat"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "no hi ha dades signades\n"
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... açò és un bug (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "AVÃS: esteu usant memòria insegura!\n"
+
+# Últimament pense si «iniciar» no serà millor que «inicialitzar»? ivb
+# Segons SC, hi ha diferència. jm
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "l'operació no és possible sense memòria segura inicialitzada\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(potser heu utilitzat el programa erroni per a aquesta tasca)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr "vegeu http://www.gnupg.org/why-not-idea.html per a més informació\n"
+
+#, fuzzy
+#~ msgid "all export-clean-* options from above"
+#~ msgstr "llig opcions del fitxer"
+
+#, fuzzy
+#~ msgid "all import-clean-* options from above"
+#~ msgstr "llig opcions del fitxer"
+
+#, fuzzy
+#~ msgid "expired: %s)"
+#~ msgstr " [caduca: %s]"
+
+#, fuzzy
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr ""
+#~ "clau %08lX: la classe de signatura és inesperada (0x%02x) - es descarta\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "no s'ha pogut executar %s «%s»: %s\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "No hi ha usuari per a la clau\n"
+
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr ""
+#~ "la contrasenya és incorrecta o l'algoritme de xifratge (%d) és "
+#~ "desconegut\n"
+
+#~ msgid "can't set client pid for the agent\n"
+#~ msgstr "no es pot establir el pid del client per l'agent\n"
+
+# llija/llegisca/llegesca. ivb
+#~ msgid "can't get server read FD for the agent\n"
+#~ msgstr "no es pot fer que el servidor llegesca el DF per a l'agent\n"
+
+#~ msgid "can't get server write FD for the agent\n"
+#~ msgstr "no es pot fer que el servidor escriga el DF per a l'agent\n"
+
+#~ msgid "invalid response from agent\n"
+#~ msgstr "la resposta de l'agent és invàlida\n"
+
+#~ msgid "select secondary key N"
+#~ msgstr "tria la clau secundària N"
+
+#~ msgid "list signatures"
+#~ msgstr "llista les signatures"
+
+#~ msgid "sign the key"
+#~ msgstr "signa la clau"
+
+#~ msgid "add a secondary key"
+#~ msgstr "afegeix una clau secundària"
+
+#~ msgid "delete signatures"
+#~ msgstr "esborra signatures"
+
+#~ msgid "change the expire date"
+#~ msgstr "canvia la data de caducitat"
+
+#~ msgid "set preference list"
+#~ msgstr "estableix la llista de preferències"
+
+#~ msgid "updated preferences"
+#~ msgstr "preferències actualitzades"
+
+#~ msgid "No secondary key with index %d\n"
+#~ msgstr "No hi ha cap clau secundària amb l'índex %d\n"
+
+#~ msgid "digest algorithm `%s' is read-only in this release\n"
+#~ msgstr "l'algorisme de resum «%s» es de només lectura en aquesta versió\n"
+
+#~ msgid ""
+#~ "WARNING: digest `%s' is not part of OpenPGP. Use at your own risk!\n"
+#~ msgstr ""
+#~ "AVÃS: el resum «%s» no és part d'OpenPGP. Utilitzeu-lo assumint el risc!\n"
+
+#~ msgid "|[files]|encrypt files"
+#~ msgstr "|[fitxers]|xifra fitxers"
+
+#~ msgid "store only"
+#~ msgstr "només emmagatzema"
+
+#~ msgid "|[files]|decrypt files"
+#~ msgstr "|[fitxers]|desxifra fitxers"
+
+#~ msgid "sign a key non-revocably"
+#~ msgstr "signa una clau irrevocablement"
+
+# D'altres formes o no queda clar o és massa literari :P ivb
+#~ msgid "sign a key locally and non-revocably"
+#~ msgstr "signa una clau de forma local i irrevocable"
+
+#~ msgid "list only the sequence of packets"
+#~ msgstr "llista només la seqüència de paquets"
+
+#~ msgid "export the ownertrust values"
+#~ msgstr "exporta els valors de confiança"
+
+#~ msgid "unattended trust database update"
+#~ msgstr "actualització no atesa de la base de dades de confiança"
+
+#~ msgid "fix a corrupted trust database"
+#~ msgstr "arregla una base de dades de confiança corrompuda"
+
+#~ msgid "De-Armor a file or stdin"
+#~ msgstr "lleva l'armadura a un fitxer o a stdin"
+
+#~ msgid "En-Armor a file or stdin"
+#~ msgstr "crea l'armadura d'un fitxer o d'stdin"
+
+#~ msgid "do not force v3 signatures"
+#~ msgstr "no força signatures v3"
+
+#~ msgid "force v4 key signatures"
+#~ msgstr "força signatures de clau v4"
+
+#~ msgid "do not force v4 key signatures"
+#~ msgstr "no força signatures de clau v4"
+
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "mai utilitza un MDC per a xifrar"
+
+#~ msgid "use the gpg-agent"
+#~ msgstr "utilitza el gpg-agent"
+
+#~ msgid "|[file]|write status info to file"
+#~ msgstr "|fitxer|escriu informació d'estat en un fitxer"
+
+#~ msgid "|KEYID|ultimately trust this key"
+#~ msgstr "|IDCLAU|confia absolutament en aquesta clau"
+
+#~ msgid "emulate the mode described in RFC1991"
+#~ msgstr "emula el mode descrit en RFC1991"
+
+#~ msgid "set all packet, cipher and digest options to OpenPGP behavior"
+#~ msgstr ""
+#~ "estableix totes les opcions de paquets, xifratge i resum al comportament "
+#~ "d'OpenPGP"
+
+#~ msgid "set all packet, cipher and digest options to PGP 2.x behavior"
+#~ msgstr ""
+#~ "estableix totes les opcions de paquets, xifratge i resum al comportament "
+#~ "de PGP 2.x"
+
+#~ msgid "|NAME|use message digest algorithm NAME for passphrases"
+#~ msgstr ""
+#~ "|NOM|usa l'algoritme de resum de missatges NOM per a les contrasenyes"
+
+# elimina o descarta? jm
+#~ msgid "throw keyid field of encrypted packets"
+#~ msgstr "descarta el camp keyid dels paquets xifrats"
+
+# Werner FIXME: uncapitalize
+#~ msgid "Show Photo IDs"
+#~ msgstr "mostra els Photo ID"
+
+# Werner FIXME: uncapitalize
+#~ msgid "Don't show Photo IDs"
+#~ msgstr "no mostra els Photo ID"
+
+# Werner FIXME: uncapitalize
+#~ msgid "Set command line to view Photo IDs"
+#~ msgstr "fixa l'ordre per a veure Photo ID"
+
+#~ msgid "compress algorithm `%s' is read-only in this release\n"
+#~ msgstr ""
+#~ "l'algorisme de compressió «%s» es de només lectura en aquesta versió\n"
+
+#~ msgid "compress algorithm must be in range %d..%d\n"
+#~ msgstr "l'algoritme de compressió ha d'estar en l'interval %d..%d\n"
+
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--nrsign-key user-id"
+
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--nrlsign-key user-id"
+
+#~ msgid "key %08lX: key has been revoked!\n"
+#~ msgstr "clau %08lX: aquesta clau ha estat revocada!\n"
+
+#~ msgid "key %08lX: subkey has been revoked!\n"
+#~ msgstr "clau %08lX: aquesta subclau ha estat revocada!\n"
+
+#~ msgid "%08lX: key has expired\n"
+#~ msgstr "%08lX: la clau ha caducat\n"
+
+#~ msgid "%08lX: We do NOT trust this key\n"
+#~ msgstr "%08lX: La clau NO és de confiança\n"
+
+#~ msgid ""
+#~ "%08lX: It is not sure that this key really belongs to the owner\n"
+#~ "but it is accepted anyway\n"
+#~ msgstr ""
+#~ "%08lX: No hi ha garanties que aquesta clau pertanya realment al seu\n"
+#~ "propietari però s'accepta de tota manera\n"
+
+#~ msgid "preference %c%lu is not valid\n"
+#~ msgstr "la preferència %c%lu no és vàlida\n"
+
+#~ msgid ""
+#~ "About to generate a new %s keypair.\n"
+#~ " minimum keysize is 768 bits\n"
+#~ " default keysize is 1024 bits\n"
+#~ " highest suggested keysize is 2048 bits\n"
+#~ msgstr ""
+#~ "Preparat per a generar un nou parell de claus %s.\n"
+#~ " grandària mínima: 768 bits\n"
+#~ " grandària predeterminada: 1024 bits\n"
+#~ " grandària màxima aconsellada: 2048 bits\n"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "DSA només permet claus entre 512 i 1024 bits\n"
+
+#~ msgid "keysize too small; 1024 is smallest value allowed for RSA.\n"
+#~ msgstr ""
+#~ "la clau és massa petita; 1024 bits és el mínim permés per a claus RSA.\n"
+
+#~ msgid "keysize too small; 768 is smallest value allowed.\n"
+#~ msgstr "la clau és massa petita; 768 bits és el mínim permés.\n"
+
+# Jo tinc Deep Thought MMX a casa i m'ho fa en 42 segons. ivb
+#~ msgid "keysize too large; %d is largest value allowed.\n"
+#~ msgstr "la clau és massa llarga; %d és el màxim permés.\n"
+
+#~ msgid ""
+#~ "Keysizes larger than 2048 are not suggested because\n"
+#~ "computations take REALLY long!\n"
+#~ msgstr ""
+#~ "No es recomanen claus més llargues de 2048 bits perquè\n"
+#~ "els càlculs són VERITABLEMENT llargs!\n"
+
+#~ msgid "Are you sure that you want this keysize? "
+#~ msgstr "Segur que voleu aquesta grandària? "
+
+#~ msgid ""
+#~ "Okay, but keep in mind that your monitor and keyboard radiation is also "
+#~ "very vulnerable to attacks!\n"
+#~ msgstr ""
+#~ "D'acord, però sapieu que la radiació del monitor i del teclat també son "
+#~ "molt vulnerables als atacs!\n"
+
+#~ msgid "%s: can't open: %s\n"
+#~ msgstr "%s: no s'ha pogut obrir: %s\n"
+
+#~ msgid "%s: WARNING: empty file\n"
+#~ msgstr "%s: AVÃS: el fitxer és buit\n"
+
+#~ msgid "key %08lX: not a rfc2440 key - skipped\n"
+#~ msgstr "clau %08lX: no és una clau rfc2440 - es descarta\n"
+
+#~ msgid ""
+#~ "NOTE: Elgamal primary key detected - this may take some time to import\n"
+#~ msgstr ""
+#~ "NOTA: s'ha detectat una clau primària Elgamal - açò pot trigar un temps "
+#~ "en importar-se\n"
+
+#~ msgid " (default)"
+#~ msgstr " (predeterminat)"
+
+#~ msgid "q"
+#~ msgstr "q"
+
+#~ msgid "save"
+#~ msgstr "desa"
+
+#~ msgid "fpr"
+#~ msgstr "fpr"
+
+#~ msgid "list"
+#~ msgstr "llista"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "uid"
+#~ msgstr "uid"
+
+#~ msgid "key"
+#~ msgstr "clau"
+
+#~ msgid "check"
+#~ msgstr "comprova"
+
+#~ msgid "s"
+#~ msgstr "s"
+
+#~ msgid "lsign"
+#~ msgstr "lsign"
+
+#~ msgid "nrsign"
+#~ msgstr "nrsign"
+
+#~ msgid "sign the key non-revocably"
+#~ msgstr "signa la clau irrevocablement"
+
+#~ msgid "nrlsign"
+#~ msgstr "nrlsign"
+
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "signa la clau localment i irrevocablement"
+
+#~ msgid "debug"
+#~ msgstr "depura"
+
+#~ msgid "adduid"
+#~ msgstr "adduid"
+
+#~ msgid "addphoto"
+#~ msgstr "addphoto"
+
+#~ msgid "deluid"
+#~ msgstr "deluid"
+
+#~ msgid "delphoto"
+#~ msgstr "delphoto"
+
+#~ msgid "delkey"
+#~ msgstr "delkey"
+
+#~ msgid "addrevoker"
+#~ msgstr "addrevoker"
+
+#~ msgid "delsig"
+#~ msgstr "delsig"
+
+#~ msgid "primary"
+#~ msgstr "primari"
+
+#~ msgid "toggle"
+#~ msgstr "toggle"
+
+#~ msgid "t"
+#~ msgstr "t"
+
+#~ msgid "pref"
+#~ msgstr "pref"
+
+#~ msgid "showpref"
+#~ msgstr "showpref"
+
+#~ msgid "setpref"
+#~ msgstr "setpref"
+
+#~ msgid "updpref"
+#~ msgstr "updpref"
+
+#~ msgid "passwd"
+#~ msgstr "passwd"
+
+#~ msgid "trust"
+#~ msgstr "trust"
+
+#~ msgid "revsig"
+#~ msgstr "revsig"
+
+#~ msgid "revuid"
+#~ msgstr "revuid"
+
+#~ msgid "revkey"
+#~ msgstr "revkey"
+
+#~ msgid "showphoto"
+#~ msgstr "showphoto"
+
+#~ msgid "%s%c %4u%c/%08lX created: %s expires: %s"
+#~ msgstr "%s%c %4u%c/%08lX creada: %s caduca: %s"
+
+#~ msgid "rev! subkey has been revoked: %s\n"
+#~ msgstr "rev! la subclau ha estat revocada: %s\n"
+
+#~ msgid "rev- faked revocation found\n"
+#~ msgstr "rev- s'ha trobat una revocació falsa\n"
+
+#~ msgid ""
+#~ "\"\n"
+#~ "locally signed with your key %08lX at %s\n"
+#~ msgstr ""
+#~ "»\n"
+#~ "signat localment amb la vostra clau %08lX el %s\n"
+
+#~ msgid " signed by %08lX at %s%s%s\n"
+#~ msgstr " signat per %08lX el %s%s%s\n"
+
+#~ msgid " signed by %08lX at %s%s\n"
+#~ msgstr " signat per %08lX el %s%s\n"
+
+#~ msgid "Policy: "
+#~ msgstr "Política: "
+
+#~ msgid "Experimental algorithms should not be used!\n"
+#~ msgstr "No hauríeu d'usar algoritmes experimentals!\n"
+
+#~ msgid ""
+#~ "this cipher algorithm is deprecated; please use a more standard one!\n"
+#~ msgstr ""
+#~ "aquest algoritme de xifratge està desaconsellat; useu-ne un de més "
+#~ "estàndard!\n"
+
+#~ msgid "can't get key from keyserver: %s\n"
+#~ msgstr "no s'ha pogut obtenir del servidor la clau: %s\n"
+
+#~ msgid "success sending to `%s' (status=%u)\n"
+#~ msgstr "l'enviament a «%s» ha tingut èxit (status=%u)\n"
+
+#~ msgid "failed sending to `%s': status=%u\n"
+#~ msgstr "l'enviament a «%s» ha fallat: status=%u\n"
+
+#~ msgid "this keyserver does not support --search-keys\n"
+#~ msgstr "aquest servidor de claus no suporta --search-keys\n"
+
+#~ msgid "can't search keyserver: %s\n"
+#~ msgstr "no es pot cercar el servidor de claus: %s\n"
+
+# Werner FIXME: Settle on Elgamal or ElGamal. jm
+#~ msgid ""
+#~ "key %08lX: this is a PGP generated ElGamal key which is NOT secure for "
+#~ "signatures!\n"
+#~ msgstr ""
+#~ "clau %08lX: aquesta és una clau ElGamal que NO és segura per a "
+#~ "signatures!\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu second in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "la clau %08lX s'ha creat %lu segon en el futur (salt en el temps o "
+#~ "problemes\n"
+#~ "amb el rellotge)\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu seconds in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "la clau %08lX s'ha creat %lu segons en el futur (salt en el temps o "
+#~ "problemes\n"
+#~ "amb el rellotge)\n"
+
+#~ msgid "%s: can't access: %s\n"
+#~ msgstr "%s: no s'ha pogut accedir: %s\n"
+
+# blocatge? ivb
+# yep. jm
+#~ msgid "%s: can't create lock\n"
+#~ msgstr "%s: no s'ha pogut crear el blocatge\n"
+
+#~ msgid "%s: can't make lock\n"
+#~ msgstr "%s: no s'ha pogut crear el blocatge\n"
+
+#~ msgid "%s: can't create: %s\n"
+#~ msgstr "%s: no s'ha pogut crear: %s\n"
+
+#~ msgid "key %08lX marked as ultimately trusted\n"
+#~ msgstr "s'ha marcat la clau %08lX com confiada absolutament\n"
+
+#~ msgid "signature from Elgamal signing key %08lX to %08lX skipped\n"
+#~ msgstr "s'omet la signatura de la clau de signatura Elgamal %08lX a %08lX\n"
+
+#~ msgid "signature from %08lX to Elgamal signing key %08lX skipped\n"
+#~ msgstr "s'omet la signatura de %08lX a la clau de signatura Elgamal %08lX\n"
+
+#~ msgid "checking at depth %d signed=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+#~ msgstr ""
+#~ "s'està comprovant en profunditat %d signat=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/"
+#~ "%d/%d\n"
+
+#~ msgid "If you want to use this revoked key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Si voleu utilitzar aquesta clau revocada de totes maneres, dieu «sí»."
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the digital signature algorithm which can only be used\n"
+#~ "for signatures. This is the suggested algorithm because verification of\n"
+#~ "DSA signatures are much faster than those of ElGamal.\n"
+#~ "\n"
+#~ "ElGamal is an algorithm which can be used for signatures and encryption.\n"
+#~ "OpenPGP distinguishs between two flavors of this algorithms: an encrypt "
+#~ "only\n"
+#~ "and a sign+encrypt; actually it is the same, but some parameters must be\n"
+#~ "selected in a special way to create a safe key for signatures: this "
+#~ "program\n"
+#~ "does this but other OpenPGP implementations are not required to "
+#~ "understand\n"
+#~ "the signature+encryption flavor.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of "
+#~ "signing;\n"
+#~ "this is the reason why the encryption only ElGamal key is not available "
+#~ "in\n"
+#~ "this menu."
+#~ msgstr ""
+#~ "Seleccioneu l'algoritme a utilitzar.\n"
+#~ "\n"
+#~ "DSA (també conegut com a DSS) és el algorisme de signatura digital que "
+#~ "només\n"
+#~ "pot ser utilitzat per a signatures. Aquest és el algoritme suggerit "
+#~ "perquè\n"
+#~ "la comprovació de signatures DSA és molt més ràpida que les d'ElGamal.\n"
+#~ "\n"
+#~ "ElGamal és un algorisme que es pot utilitzar per a signatures i "
+#~ "xifratge.\n"
+#~ "OpenPGP distingueix entre 2 variants d'aquest algorisme: una de només "
+#~ "xifratge\n"
+#~ "i una de signatura+xifratge; en veritat és el mateix, però alguns "
+#~ "paràmetres\n"
+#~ "han de seleccionar-se d'una manera especial per a crear claus més "
+#~ "segures\n"
+#~ "per a signatures: aquest programa fa açò, però altres implementacions\n"
+#~ "d'OpenPGP no estan obligades a entendre la variant signatura+xifratge.\n"
+#~ "\n"
+#~ "La primera clau (primària) ha de ser sempre una clau que siga capaç de "
+#~ "signar;\n"
+#~ "aquesta és la raó per la qual la clau de només xifratge ElGamal no està\n"
+#~ "disponible en aquest menú."
+
+#~ msgid ""
+#~ "Although these keys are defined in RFC2440 they are not suggested\n"
+#~ "because they are not supported by all programs and signatures created\n"
+#~ "with them are quite large and very slow to verify."
+#~ msgstr ""
+#~ "Encara que aquestes claus estan definides en RFC2440, no es recomanen\n"
+#~ "perquè no tots els programes hi poden treballar i perquè les\n"
+#~ "signatures que generen són molt llargues i lentes de verificar."
+
+#~ msgid "%lu keys so far checked (%lu signatures)\n"
+#~ msgstr "fins ara s'han comprovat %lu claus (%lu signature)\n"
+
+#~ msgid "key incomplete\n"
+#~ msgstr "clau incompleta\n"
+
+#~ msgid "key %08lX incomplete\n"
+#~ msgstr "la clau %08lX és incompleta\n"
+
+#~ msgid "sorry, can't do this in batch mode\n"
+#~ msgstr "no es pot fet això en mode desatès\n"
+
+#~ msgid "error: missing colon\n"
+#~ msgstr "error: falten dos punts\n"
+
+#~ msgid "error: no ownertrust value\n"
+#~ msgstr "error: no hi ha cap valor de confiança\n"
+
+#~ msgid " (%d) ElGamal (sign and encrypt)\n"
+#~ msgstr " (%d) ElGamal (signar i xifrar)\n"
+
+#~ msgid ""
+#~ "The use of this algorithm is only supported by GnuPG. You will not be\n"
+#~ "able to use this key to communicate with PGP users. This algorithm is "
+#~ "also\n"
+#~ "very slow, and may not be as secure as the other choices.\n"
+#~ msgstr ""
+#~ "L'ús d'aquest algorisme només està suportat per GnuPG. No podreu "
+#~ "utilitzar aquesta clau per a comunicar-vos amb usuaris de PGP. Aquest "
+#~ "algorisme també és molt lent, i potser no és tan segur com les altres "
+#~ "alternatives.\n"
+
+#~ msgid "Create anyway? "
+#~ msgstr "Voleu crear la clau de tota manera? "
+
+#~ msgid "invalid symkey algorithm detected (%d)\n"
+#~ msgstr "algoritme de clau simètric invàlid detectat (%d)\n"
+
+#~ msgid "this keyserver is not fully HKP compatible\n"
+#~ msgstr "aquest servidor de clau no és completament compatible amb HKP\n"
+
+#~ msgid "The use of this algorithm is deprecated - create anyway? "
+#~ msgstr ""
+#~ "L'ús d'aquest algoritme està desaconsellat - el voleu crear igualment? "
+
+#~ msgid "|NAME=VALUE|use this notation data"
+#~ msgstr "|NOM=VALOR|usa aquesta notació de dades"
+
+#~ msgid ""
+#~ "the first character of a notation name must be a letter or an underscore\n"
+#~ msgstr ""
+#~ "el primer caràcter de la notació ha de ser una lletra o un subratllat\n"
+
+#~ msgid "dots in a notation name must be surrounded by other characters\n"
+#~ msgstr "els punts han d'estar envoltats per altres caràcters\n"
+
+#~ msgid ""
+#~ "WARNING: This key already has a photo ID.\n"
+#~ " Adding another photo ID may confuse some versions of PGP.\n"
+#~ msgstr ""
+#~ "AVÃS: Aquesta clau ja te un photo ID.\n"
+#~ " Afegir un altre photo ID pot confondre algunes versions de PGP.\n"
+
+#~ msgid "You may only have one photo ID on a key.\n"
+#~ msgstr "Només podeu tenir un photo ID en una clau.\n"
+
+#~ msgid " Fingerprint:"
+#~ msgstr " Empremta digital:"
+
+#~ msgid "you have to start GnuPG again, so it can read the new options file\n"
+#~ msgstr ""
+#~ "heu d'executar GnuPG de nou per que puga llegir el nou fitxer d'opcions\n"
+
+#~ msgid "changing permission of `%s' failed: %s\n"
+#~ msgstr "no s'han pogut canviar els permissos de «%s»: %s\n"
+
+#~ msgid "too many random bits requested; the limit is %d\n"
+#~ msgstr "massa bits aleatoris sol·licitats; el límit és %d\n"
+
+#~ msgid "|[NAMES]|check the trust database"
+#~ msgstr "|[NOMS]|comprova la base de dades de confiança"
+
+#~ msgid "--delete-secret-key user-id"
+#~ msgstr "--delete-secret-key user-id"
+
+#~ msgid "--delete-key user-id"
+#~ msgstr "--delete-key user-id"
+
+#~ msgid "--delete-secret-and-public-key user-id"
+#~ msgstr "--delete-secret-and-public-key user-id"
+
+#~ msgid "For info see http://www.gnupg.org"
+#~ msgstr "Si voleu més informació vegeu http://www.gnupg.org"
+
+#~ msgid "sSmMqQ"
+#~ msgstr "sSmMqQ"
+
+#~ msgid ""
+#~ "Could not find a valid trust path to the key. Let's see whether we\n"
+#~ "can assign some missing owner trust values.\n"
+#~ "\n"
+#~ msgstr ""
+#~ "No s'ha trobat un camí de confiança vàlid a la clau. Vegem si podem\n"
+#~ "assignar valors de confiança no assignats.\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "No path leading to one of our keys found.\n"
+#~ "\n"
+#~ msgstr ""
+#~ "No s'ha trobat un camí que condueixe a una de les nostres claus.\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "No trust values changed.\n"
+#~ "\n"
+#~ msgstr ""
+#~ "No s'ha canviat cap valor de confiança.\n"
+#~ "\n"
+
+#~ msgid "%08lX: no info to calculate a trust probability\n"
+#~ msgstr ""
+#~ "%08lX: no hi ha informació per a calcular una probabilitat de confiança\n"
+
+#~ msgid "skipped: public key already set with --encrypt-to\n"
+#~ msgstr "es descarta: la clau pública ja s'ha especificat amb --encrypt-to\n"
+
+#~ msgid "%s: error checking key: %s\n"
+#~ msgstr "%s: error en la comprovació de la clau: %s\n"
+
+#~ msgid "Do you really want to create a sign and encrypt key? "
+#~ msgstr "Segur que voleu crear una clau de signatura i xifratge? "
+
+#~ msgid "Do you really need such a large keysize? "
+#~ msgstr "Realment necessiteu una clau tan llarga? "
+
+#~ msgid "too many entries in unk cache - disabled\n"
+#~ msgstr ""
+#~ "massa entrades en la memòria cau de claus desconegudes - desactivada\n"
+
+#~ msgid "secret key %08lX not imported (use %s to allow for it)\n"
+#~ msgstr "clau secreta %08lX no importada (utilitzeu %s per a permitir-ho)\n"
+
+#~ msgid "key %08lX: our copy has no self-signature\n"
+#~ msgstr "clau %08lX: la nostra còpia no té autosignatura\n"
+
+#~ msgid "assuming bad MDC due to an unknown critical bit\n"
+#~ msgstr "es suposa MDC erroni a causa d'un bit crític desconegut\n"
+
+#~ msgid "error reading dir record for LID %lu: %s\n"
+#~ msgstr "error al llegir el registre de directori per al LID %lu: %s\n"
+
+#~ msgid "lid %lu: expected dir record, got type %d\n"
+#~ msgstr "lid %lu: s'esperava registre de directori, s'ha obtingut %d\n"
+
+#~ msgid "no primary key for LID %lu\n"
+#~ msgstr "no hi ha una clau primària per al LID %lu\n"
+
+#~ msgid "error reading primary key for LID %lu: %s\n"
+#~ msgstr "error al llegir clau primària per al LID %lu: %s\n"
+
+#~ msgid "key %08lX: query record failed\n"
+#~ msgstr "clau %08lX: la consulta del registre ha fallat\n"
+
+#~ msgid "key %08lX: already in trusted key table\n"
+#~ msgstr "clau %08lX: ja es troba en la taula de claus de confiança\n"
+
+#~ msgid "NOTE: secret key %08lX is NOT protected.\n"
+#~ msgstr "NOTE: la clau secreta %08lX no està protegida.\n"
+
+#~ msgid "key %08lX: secret and public key don't match\n"
+#~ msgstr "clau %08lX: les claus pública i secreta no coincideixen\n"
+
+#~ msgid "key %08lX.%lu: Good subkey binding\n"
+#~ msgstr "clau %08lX.%lu: Enllaç de subclau correcta\n"
+
+#~ msgid "key %08lX.%lu: Invalid subkey binding: %s\n"
+#~ msgstr "clau %08lX.%lu: Enllaç de subclau invàlid: %s\n"
+
+#~ msgid "key %08lX.%lu: Valid key revocation\n"
+#~ msgstr "clau %08lX.%lu: Revocació de clau vàlida\n"
+
+#~ msgid "key %08lX.%lu: Invalid key revocation: %s\n"
+#~ msgstr "clau %08lX.%lu: Revocació de clau invàlida: %s\n"
+
+#~ msgid "Good self-signature"
+#~ msgstr "Auto-signatura correcta"
+
+#~ msgid "Invalid self-signature"
+#~ msgstr "Auto-signatura invàlida"
+
+#~ msgid "Valid user ID revocation skipped due to a newer self signature"
+#~ msgstr ""
+#~ "Es descarta una revocació d'ID d'usuari vàlida degut a una autosignatura "
+#~ "més recent"
+
+#~ msgid "Valid user ID revocation"
+#~ msgstr "Revocació d'ID d'usuari vàlida"
+
+#~ msgid "Invalid user ID revocation"
+#~ msgstr "Revocació d'ID d'usuari invàlida"
+
+#~ msgid "Invalid certificate revocation"
+#~ msgstr "Certificat de revocació invàlid"
+
+#~ msgid "sig record %lu[%d] points to wrong record.\n"
+#~ msgstr "el registre de signatura %lu[%d] apunta a un registre incorrecte.\n"
+
+#~ msgid "tdbio_search_dir failed: %s\n"
+#~ msgstr "tdbio_search_dir ha fallat: %s\n"
+
+#~ msgid "lid ?: insert failed: %s\n"
+#~ msgstr "lid ?: la inserció ha fallat: %s\n"
+
+#~ msgid "lid %lu: insert failed: %s\n"
+#~ msgstr "lid %lu: la inserció ha fallat: %s\n"
+
+#~ msgid "lid %lu: inserted\n"
+#~ msgstr "lid %lu: inserit\n"
+
+#~ msgid "\t%lu keys with errors\n"
+#~ msgstr "\t%lu claus amb errors\n"
+
+#~ msgid "\t%lu keys inserted\n"
+#~ msgstr "\t%lu claus inserides\n"
+
+#~ msgid "lid %lu: dir record w/o key - skipped\n"
+#~ msgstr "lid %lu: registre de directori sense clau - es descarta\n"
+
+#~ msgid "\t%lu due to new pubkeys\n"
+#~ msgstr "\\t%lu degut a noves claus públiques\n"
+
+#~ msgid "\t%lu keys updated\n"
+#~ msgstr "\t%lu clau actualitzades\n"
+
+#~ msgid "Ooops, no keys\n"
+#~ msgstr "Ooops, no hi ha claus\n"
+
+#~ msgid "Ooops, no user IDs\n"
+#~ msgstr "Ooops, no hi ha IDs\n"
+
+#~ msgid "check_trust: search dir record failed: %s\n"
+#~ msgstr "check_trust: ha fallat la cerca en el registre de directori: %s\n"
+
+#~ msgid "key %08lX: insert trust record failed: %s\n"
+#~ msgstr ""
+#~ "clau %08lX: ha fallat la inserció en la base de dades de confiança: %s\n"
+
+#~ msgid "key %08lX.%lu: inserted into trustdb\n"
+#~ msgstr "clau %08lX.%lu: inserida en la base de dades de confiança\n"
+
+#~ msgid "key %08lX.%lu: created in future (time warp or clock problem)\n"
+#~ msgstr ""
+#~ "clau %08lX.%lu: creada en el futur (salt en el temps o problema de\n"
+#~ "rellotge)\n"
+
+#~ msgid "key %08lX.%lu: expired at %s\n"
+#~ msgstr "clau %08lX.%lu: caducada el %s\n"
+
+#~ msgid "key %08lX.%lu: trust check failed: %s\n"
+#~ msgstr "clau %08lX.%lu: ha fallat la verificació de confiança: %s\n"
+
+#~ msgid "problem finding '%s' in trustdb: %s\n"
+#~ msgstr "problema al cercar «%s» en la base de dades de confiança: %s\n"
+
+#~ msgid "user '%s' not in trustdb - inserting\n"
+#~ msgstr ""
+#~ "l'usuari «%s» no està en la base de dades de confiança - inserint-lo\n"
+
+#~ msgid "WARNING: can't yet handle long pref records\n"
+#~ msgstr "AVÃS: encara no es poden manejar registres de prefències llargs\n"
+
+#~ msgid "RSA key cannot be used in this version\n"
+#~ msgstr "No es poden usar claus RSA en aquesta versió\n"
+
+#~ msgid "No key for user ID\n"
+#~ msgstr "No hi ha clau per a l'usuari\n"
+
+#~ msgid "no secret key for decryption available\n"
+#~ msgstr "no hi ha clau secreta disponible per al desxifratge\n"
diff --git a/po/cs.gmo b/po/cs.gmo
new file mode 100644
index 0000000..1e8712d
--- /dev/null
+++ b/po/cs.gmo
Binary files differ
diff --git a/po/cs.po b/po/cs.po
new file mode 100644
index 0000000..e5af5a2
--- /dev/null
+++ b/po/cs.po
@@ -0,0 +1,9079 @@
+# GnuPG Czech translation
+# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005 Free Software Foundation, Inc.
+# Magda Procházková <magda@math.muni.cz> 2001,
+# Roman Pavlik <rp@tns.cz> 2001, 2002, 2003, 2004, 2005.
+# Petr Pisar <petr.pisar@atlas.cz>, 2009, 2010, 2011.
+#
+# A "%%0A" is used by Pinentry to insert a line break. The double percent
+# sign is actually needed because it is also a printf format string. If you
+# need to insert a plain % sign, you need to encode it as "%%25".
+#
+# „armor“ překládat jako „ASCII“
+#
+# „keybox“ je jednotné úložiÅ¡tÄ› pro X.509 a PGP certifikáty/klíÄe
+# <http://www.gnupg.org/documentation/manuals/gnupg/kbxutil.html>
+# ObÄas je tÅ™eba rozliÅ¡ovat mezi keybox (pÅ™ekládám jako schránka) a keyring
+# (pÅ™ekládám jako klíÄenka nebo soubor klíÄů).
+#
+# Některé pojmy ohledně GnuPG jsou vysvětleny na
+# <http://www.gnupg.org/documentation/manuals/gnupg/Glossary.html>
+#
+# Některé pojmy by měly být překládány v souladu se zákonem 227/2000 Sb.,
+# zákon o elektronickém podpisu, <http://portal.gov.cz/zakon/227/2000>:
+# kvalifikovaný certifikát/podpis
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg2 2.0.17-git56b2bc2\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2011-01-11 22:55+0100\n"
+"Last-Translator: Petr Pisar <petr.pisar@atlas.cz>\n"
+"Language-Team: Czech <translations.cs@gnupg.cz>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: cs\n"
+"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
+
+#: agent/call-pinentry.c:244
+#, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "získání zámku pinetry se nezdařilo: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr "|pinentry-label|_OK"
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr "|pinentry-label|_Zrušit"
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr "|pinentry-label|PIN:"
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr "Kvalita:"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+"Kvalita textu zde zadaného.\n"
+"Na podrobnosti ohledně kritérií se zeptejte svého správce."
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+"Prosím, zadejte váš PIN, aby pro tuto relaci mohl být odemknut tajný klíÄ"
+
+#: agent/call-pinentry.c:719
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+"Prosím, zadejte vaÅ¡e heslo, aby pro tuto relaci mohl být odemknut tajný klíÄ"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr "SETERROR %s (pokus %d z %d)"
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+msgid "PIN too long"
+msgstr "PIN je příliš dlouhý"
+
+#: agent/call-pinentry.c:800
+msgid "Passphrase too long"
+msgstr "Heslo je příliš dlouhé"
+
+#: agent/call-pinentry.c:808
+msgid "Invalid characters in PIN"
+msgstr "Neplatný znak v PINu"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr "PIN je příliš krátký"
+
+#: agent/call-pinentry.c:825
+msgid "Bad PIN"
+msgstr "Špatný PIN"
+
+#: agent/call-pinentry.c:826
+msgid "Bad Passphrase"
+msgstr "Špatné heslo"
+
+#: agent/call-pinentry.c:863
+msgid "Passphrase"
+msgstr "Heslo"
+
+#: agent/command-ssh.c:531
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "SSH klíÄe delší než %d bitů nejsou podporovány\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "nemohu vytvořit „%s“: %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "nemohu otevřít „%s“: %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "chyba pÅ™i získání sériového Äísla karty: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr "nalezena karta se sériovým Äíslem: %s\n"
+
+#: agent/command-ssh.c:1717
+#, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr ""
+"chyba pÅ™i získání identifikátoru implicitního autentizaÄního klíÄe karty: %"
+"s\n"
+
+#: agent/command-ssh.c:1737
+#, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "nenalezen žádný vhodný klÃ­Ä karty: %s\n"
+
+#: agent/command-ssh.c:1787
+#, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "výroba stínového klíÄe se nezdaÅ™ila: %s\n"
+
+#: agent/command-ssh.c:1802
+#, c-format
+msgid "error writing key: %s\n"
+msgstr "chyba pÅ™i zápisu klíÄe: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Prosím, vložte heslo pro SSH klíÄ%0A %c"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+msgid "Please re-enter this passphrase"
+msgstr "Prosím, vložte toto heslo znovu"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"Prosím, vložte heslo, abyste ochránil(a) pÅ™ijatý tajný klíÄ%%0A %s%%"
+"0AuvnitÅ™ úložiÅ¡tÄ› klíÄů gpg-agenta"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr "neshodují se – zkuste to znovu"
+
+#: agent/command-ssh.c:3054
+#, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "ze socketu se nepodařilo se vytvořit proud (stream): %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr "Prosím, vložte kartu se sériovým Äíslem"
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr "Prosím, vyjmÄ›te kartu a vložte jinou se sériovým Äíslem"
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr "PIN správce"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr "PUK"
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr "ResetaÄní kód"
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr "%s%%0A%%0APoužijte klávesnici ÄteÄky."
+
+#: agent/divert-scd.c:287
+msgid "Repeat this Reset Code"
+msgstr "Zopakujte resetaÄní kód"
+
+#: agent/divert-scd.c:289
+msgid "Repeat this PUK"
+msgstr "Zopakujte tento PUK"
+
+#: agent/divert-scd.c:290
+msgid "Repeat this PIN"
+msgstr "Zopakujte tento PIN"
+
+#: agent/divert-scd.c:295
+msgid "Reset Code not correctly repeated; try again"
+msgstr "ResetaÄní kód nebyl správnÄ› zopakován; zkuste to znovu"
+
+#: agent/divert-scd.c:297
+msgid "PUK not correctly repeated; try again"
+msgstr "PUK nebyl zopakován správně; zkuste to znovu"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "PIN nebyl zopakován správně; zkuste to znovu"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "Prosím, vložte PIN%s%s%s, abyste odemkl(a) kartu"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "chyba pÅ™i vytváření doÄasného souboru: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "chyba pÅ™i zápisu do doÄasného souboru: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+msgid "Enter new passphrase"
+msgstr "Vložte nové heslo"
+
+#: agent/genkey.c:167
+msgid "Take this one anyway"
+msgstr "Použít pÅ™esto tento klíÄ"
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+"Varování: Zadali jste nebezpeÄné heslo.%%0AHeslo by mÄ›lo být alespoň %u znak "
+"dlouhé."
+msgstr[1] ""
+"Varování: Zadali jste nebezpeÄné heslo.%%0AHeslo by mÄ›lo být alespoň %u "
+"znaky dlouhé."
+msgstr[2] ""
+"Varování: Zadali jste nebezpeÄné heslo.%%0AHeslo by mÄ›lo být alespoň %u "
+"znaků dlouhé."
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+"Varování: Zadali jste nebezpeÄné heslo.%%0AHeslo by mÄ›lo obsahovat alespoň %"
+"u Äíslici nebo %%0Azvláštní znak."
+msgstr[1] ""
+"Varování: Zadali jste nebezpeÄné heslo.%%0AHeslo by mÄ›lo obsahovat alespoň %"
+"u Äíslice nebo %%0Azvláštní znaky."
+msgstr[2] ""
+"Varování: Zadali jste nebezpeÄné heslo.%%0AHeslo by mÄ›lo obsahovat alespoň %"
+"u Äíslic nebo %%0Azvláštních znaků."
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+"Varování: Zadali jste nebezpeÄné heslo.%%0AHeslo by nemÄ›lo být známým slovem "
+"nebo se shodovat%%0As urÄitým vzorem."
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr "Nezadali jste heslo!%0APrázdné heslo není dovoleno."
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+"Nezadali jste heslo – toto je obecnÄ› Å¡patný nápad!%0AProsím, potvrÄte, že si "
+"žádnou ochranu svého klíÄe nepÅ™ejete."
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr "Ano, ochrana není třeba"
+
+#: agent/genkey.c:308
+#, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr "Prosím, pro ochranu svého nového klíÄe%0A zadejte heslo"
+
+#: agent/genkey.c:431
+msgid "Please enter the new passphrase"
+msgstr "Prosím, zadejte nové heslo"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@Volby:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr "běžet v režimu serveru (na popředí)"
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr "běžen v režimu démona (na pozadí)"
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "s dodateÄnými informacemi"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "být o trochu víc tichý"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr "vypisovat příkazy ve stylu sh"
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr "vypisovat příkazy ve stylu csh"
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+msgid "|FILE|read options from FILE"
+msgstr "|SOUBOR|naÄíst volby ze SOUBORU"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr "neodpojovat se od konzole"
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr "neuzurpovat si klávesnici a myš"
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+msgid "use a log file for the server"
+msgstr "použít pro server soubor s protokolem"
+
+#: agent/gpg-agent.c:138
+msgid "use a standard location for the socket"
+msgstr "použít standardní umístění socketu"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr "|PROGRAM|použít PROGRAM jako PIN-Entry program"
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr "|PROGRAM|použít PROGRAM jako SCdaemon program"
+
+#: agent/gpg-agent.c:145
+msgid "do not use the SCdaemon"
+msgstr "nepoužívat SCdémona"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr "ignorovat požadavky na změnu TTY"
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr "ignorovat požadavky na změnu X displeje"
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr "|N|zahodit zapamatované PINy po N sekundách"
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr "nepoužívat paměť PINů na podepisování"
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr "dovolit klientům oznaÄit klíÄe za „důvÄ›ryhodné“"
+
+#: agent/gpg-agent.c:179
+msgid "allow presetting passphrase"
+msgstr "umožnit přednastavení hesla"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr "zapnout emulaci ssh-agenta"
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr "|SOUBOR|zapsat nastavení prostředí též do SOUBORU"
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr ""
+"Chyby v programu, prosím, oznamujte (anglicky) na <@EMAIL@>,\n"
+"pÅ™ipomínky k pÅ™ekladu hlaste (Äesky) na <translations.cs@gnupg.cz>.\n"
+
+#: agent/gpg-agent.c:342
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Použití: gpg-agent [VOLBY] (-h pro nápovědu)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+"Syntaxe: gpg-agent [VOLBY] [PŘÃKAZ [ARGUMENTY]]\n"
+"Správa tajných klíÄů pro GnuPG\n"
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr "zadána neplatná úroveň ladění „%s“\n"
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr "%s je příliš stará (potřebuji %s, mám %s)\n"
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "POZNÃMKA: neexistuje implicitní soubor s možnostmi „%s“\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "soubor s možnostmi „%s“: %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "Ätu možnosti z „%s“\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "chyba při vytváření „%s“: %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "nemohu vytvořit adresář „%s“: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr "název socketu je příliš dlouhý\n"
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, c-format
+msgid "can't create socket: %s\n"
+msgstr "nemohu vytvořit socket: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "název socketu „%s“ je příliš dlouhý\n"
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "gpg-agent již běží – nový nebude spuštěn\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+msgid "error getting nonce for the socket\n"
+msgstr "chyba při získání náhodného řetězce pro socket\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "chyba při přilepování socketu na „%s“: %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, c-format
+msgid "listen() failed: %s\n"
+msgstr "služba listen() selhala: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, c-format
+msgid "listening on socket `%s'\n"
+msgstr "naslouchám na socketu „%s“\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "adresář „%s“ vytvořen\n"
+
+#: agent/gpg-agent.c:1640
+#, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "stat() na „%s“ selhal: %s\n"
+
+#: agent/gpg-agent.c:1644
+#, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "„%s“ nelze použít jako domovský adresář\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "chyba pÅ™i Ätení náhodného Å™etÄ›zce z fd %d: %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr "obsluha 0x%lx pro fd %d spuštěna\n"
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr "obsluha 0x%lx pro fd %d ukonÄena\n"
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr "SSH obsluha 0x%lx pro fd %d spuštěna\n"
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr "SSH obsluha 0x%lx pro fd %d ukonÄena\n"
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "pth_select selhala: %s – Äekám 1 s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, c-format
+msgid "%s %s stopped\n"
+msgstr "%s %s pozastaveno\n"
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr "v této relaci neběží žádný gpg-agent\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "špatný formát proměnné prostředí GPG_AGENT_INFO\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "gpg-agent protokol verze %d není podporován\n"
+
+#: agent/preset-passphrase.c:98
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Použití: gpg-preset-passphrase [VOLBY] KEYGRIP (-h pro nápovědu)\n"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+"Syntaxe: gpg-preset-passphrase [VOLBY] KEYGRIP\n"
+"Správa doÄasné pamÄ›ti pro hesla\n"
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Příkazy:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Volby:\n"
+" "
+
+#: agent/protect-tool.c:166
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Použití: gpg-protect-tool [VOLBY] (-h pro nápovědu)\n"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+"Syntaxe: gpg-protect-tool [VOLBY] [ARGUMENTY]nNástroj na správu tajných "
+"klíÄů\n"
+
+#: agent/protect-tool.c:1162
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Prosím, vložte heslo, abyste zpřístupnili objekt PKCS#12."
+
+#: agent/protect-tool.c:1167
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Prosím, vložte heslo, abyste ochránili nový objekt PKCS#12."
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+"Prosím, zadejte heslo, abyste ochránili importovaný objekt uvnitř systému "
+"GnuPG."
+
+#: agent/protect-tool.c:1178
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+"Prosím, vložte heslo nebo PIN\n"
+"potÅ™ebný pro dokonÄení této operace."
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+msgid "Passphrase:"
+msgstr "Heslo:"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+msgid "cancelled\n"
+msgstr "zrušeno\n"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "chyba při ptaní se na heslo: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, c-format
+msgid "error opening `%s': %s\n"
+msgstr "chyba při otevírání „%s“: %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "soubor „%s“, řádek %d: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr "ignorováno sdělení „%s“ z „%s“, řádku %d\n"
+
+#: agent/trustlist.c:185
+#, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "systémový důvěryhodný seznam „%s“ není dostupný\n"
+
+#: agent/trustlist.c:229
+#, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "chybný otisk v „%s“, řádek %d\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr "neplatný příznak klíÄe v „%s“, řádek %d\n"
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "chyba pÅ™i Ätení „%s“, řádek %d: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr "chyba pÅ™i Ätení seznamu důvÄ›ryhodných koÅ™enových certifikátů\n"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+"Věříte bezmezně, že%%0A „%s“%%0Ařádně ověřuje identitu uživatele při "
+"vydávání certifikátu?"
+
+#: agent/trustlist.c:620 common/audit.c:467
+msgid "Yes"
+msgstr "Ano"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr "Ne"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+"Prosím ověřte, že certifikát rozpoznaný jako:%%0A „%s“%%0Amá otisk:%%0A %s"
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr "V pořádku"
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr "Å patnÄ›"
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr "Poznámka: Toto heslo nikdy nebylo změněno.%0AProsím, nyní jej změňte."
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr "Toto heslo se nezměnilo%%0Aod %.4s-%.2s-%.2s. Prosím, nyní jej změňte."
+
+#: agent/findkey.c:187 agent/findkey.c:194
+msgid "Change passphrase"
+msgstr "Změnit heslo"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr "Změním jej později"
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "chyba při vytváření roury: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "nemohu otevřít (fdopen) rouru pro Ätení: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, c-format
+msgid "error forking process: %s\n"
+msgstr "chyba při rozdvojování procesu: %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr "Äekání na konec procesu %d se nezdaÅ™ilo: %s\n"
+
+#: common/exechelp.c:819
+#, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "chyba při získání návratového kódu procesu %d: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "chyba v běhu „%s“: návratový kód %d\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr "chyba při spouštění „%s“: pravděpodobně není nainstalován\n"
+
+#: common/exechelp.c:885
+#, c-format
+msgid "error running `%s': terminated\n"
+msgstr "chyba v bÄ›hu „%s“: násilnÄ› ukonÄeno\n"
+
+#: common/http.c:1674
+#, c-format
+msgid "error creating socket: %s\n"
+msgstr "chyba při vytváření socketu: %s\n"
+
+#: common/http.c:1718
+msgid "host not found"
+msgstr "stroj nenalezen"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent není v tomto sezení dostupný\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "nemohu se připojit k „%s“: %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "problémy v komunikaci s gpg-agentem\n"
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr "problém v nastavování voleb gpg-agenta\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+msgid "canceled by user\n"
+msgstr "zrušeno uživatelem\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr "problém s agentem\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "nemohu vypnout vytváření core souborů: %s\n"
+
+# TODO: i18n of first %s
+#: common/sysutils.c:200
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "Varování: vlastnictví %s „%s“ není nastaveno bezpeÄnÄ›\n"
+
+# TODO: i18n of first %s
+#: common/sysutils.c:232
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "Varování: přístupová práva %s „%s“ nejsou bezpeÄná\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "ano"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "aAyY"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "ne"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "ukonÄit"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "uUqQ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr "okey|okey"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr "zrušit|zrušit"
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr "oO"
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr "zZ"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr "pÅ™i pokusu alokovat %lu bajtů doÅ¡la bezpeÄná paměť"
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr "při pokusu alokovat %lu bajtů došla paměť"
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr "gpg-agent neběží – spouštím jej\n"
+
+# TODO: Plurals
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr "Äeká se na agenta %d sekund\n"
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr "k agentu se nelze připojit – zkouším náhradní způsob\n"
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr "|audit-log-result|V pořádku"
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr "|audit-log-result|Špatný"
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr "|audit-log-result|Není podporováno"
+
+#: common/audit.c:481
+msgid "|audit-log-result|No certificate"
+msgstr "|audit-log-result|Žádný certifikát"
+
+#: common/audit.c:483
+msgid "|audit-log-result|Not enabled"
+msgstr "|audit-log-result|Není zapnuto"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr "|audit-log-result|Chyba"
+
+#: common/audit.c:487
+msgid "|audit-log-result|Not used"
+msgstr "|audit-log-result|Není použito"
+
+#: common/audit.c:489
+msgid "|audit-log-result|Okay"
+msgstr "|audit-log-result|V pořádku"
+
+#: common/audit.c:491
+msgid "|audit-log-result|Skipped"
+msgstr "|audit-log-result|PÅ™eskoÄeno"
+
+#: common/audit.c:493
+msgid "|audit-log-result|Some"
+msgstr "|audit-log-result|Některý"
+
+#: common/audit.c:726
+msgid "Certificate chain available"
+msgstr "Je k dispozici řetěz certifikátů"
+
+#: common/audit.c:733
+msgid "root certificate missing"
+msgstr "chybí kořenový certifikát"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr "Šifrování dat uspělo"
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+msgid "Data available"
+msgstr "Data k dispozici"
+
+#: common/audit.c:767
+msgid "Session key created"
+msgstr "VytvoÅ™en klÃ­Ä relace"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, c-format
+msgid "algorithm: %s"
+msgstr "algoritmus: %s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, c-format
+msgid "unsupported algorithm: %s"
+msgstr "nepodporovaný algoritmus: %s"
+
+#: common/audit.c:778 common/audit.c:925
+msgid "seems to be not encrypted"
+msgstr "zdá se nebýt zašifrováno"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr "PoÄet příjemců"
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr "Příjemce %d"
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr "Podepisování dat uspělo"
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, c-format
+msgid "data hash algorithm: %s"
+msgstr "hashovací algoritmus dat: %s"
+
+#: common/audit.c:862
+#, c-format
+msgid "Signer %d"
+msgstr "Podepisovatel %d"
+
+#: common/audit.c:866 common/audit.c:1065
+#, c-format
+msgid "attr hash algorithm: %s"
+msgstr "hashovací algoritmus atributu: %s"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr "Dešifrování dat uspělo"
+
+#: common/audit.c:910
+msgid "Encryption algorithm supported"
+msgstr "Šifrovací algoritmus podporován"
+
+#: common/audit.c:993
+msgid "Data verification succeeded"
+msgstr "Ověření dat uspělo"
+
+#: common/audit.c:1002
+msgid "Signature available"
+msgstr "Podpis je k dispozici"
+
+#: common/audit.c:1024
+msgid "Parsing data succeeded"
+msgstr "Rozebírání dat uspělo"
+
+#: common/audit.c:1036
+#, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "chybný hashovací algoritmus dat: %s"
+
+#: common/audit.c:1051
+#, c-format
+msgid "Signature %d"
+msgstr "Podpis %d"
+
+#: common/audit.c:1079
+msgid "Certificate chain valid"
+msgstr "Řetěz certifikátů je platný"
+
+#: common/audit.c:1090
+msgid "Root certificate trustworthy"
+msgstr "Kořenový certifikát je důvěryhodný"
+
+#: common/audit.c:1111 sm/certchain.c:935
+msgid "no CRL found for certificate"
+msgstr "pro certifikát nebyl nalezen žádný CRL"
+
+#: common/audit.c:1114 sm/certchain.c:945
+msgid "the available CRL is too old"
+msgstr "dostupný CRL je příliš starý"
+
+#: common/audit.c:1119
+msgid "CRL/OCSP check of certificates"
+msgstr "Kontrola certifikátů proti CRL/OCSP"
+
+#: common/audit.c:1139
+msgid "Included certificates"
+msgstr "Zahrnuté certifikáty"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr "Žádné položky auditního protokolu."
+
+#: common/audit.c:1243
+msgid "Unknown operation"
+msgstr "Neznámá operace"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr "Gpg-Agent je použitelný"
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr "Dirmngr je použitelný"
+
+#: common/audit.c:1307
+#, c-format
+msgid "No help available for `%s'."
+msgstr "Nápověda pro „%s“ není dostupná.'"
+
+#: common/helpfile.c:80
+msgid "ignoring garbage line"
+msgstr "ignoruji řádek s nepořádkem"
+
+#: common/gettime.c:503
+msgid "[none]"
+msgstr "[není nastaveno]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "ASCII kódování: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "neplatná hlaviÄka ASCII kódování: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "ASCII hlaviÄka: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "neplatná hlaviÄka podpisu v Äitelném formátu\n"
+
+#: g10/armor.c:455
+msgid "unknown armor header: "
+msgstr "neznámá ASCII hlaviÄka: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "vnoÅ™ené podpisy v Äitelném formátu\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "neoÄekávaný ASCII armor: "
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "nesprávné oznaÄení řádku mínusy: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "neplatný radix64 znak %02X byl pÅ™eskoÄen\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "pÅ™edÄasný konec souboru (žádné CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "pÅ™edÄasný konec souboru (žádné CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "špatný formát CRC\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "Chyba CRC; %06lX - %06lX\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "pÅ™edÄasný konec souboru (v patiÄce)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "chyba v patiÄce\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "nenalezena žádná platná data ve formátu OpenPGP.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "neplatné kódování ASCII: řádek je delší než %d znaků\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"neplatný znak (quoted-printable) v ASCII kódování – pravděpodobně byl použit "
+"špatný MTA\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"symbolické jméno smí obsahovat pouze písmena, Äíslice, teÄky nebo podtržítka "
+"a musí konÄit znakem „=“\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "zápis jména uživatele musí obsahovat znak „@“\n"
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "jméno uživatele nesmí obsahovat více než jeden znak „@“\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "hodnota nemůže obsahovat žádné kontrolní znaky\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "VAROVÃNÃ: nalezen neplatný formát zápisu data\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "není v přímo Äitelném formátu"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "OpenPGP karta není dostupná: %s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "Nalezena OpenPGP karta Äíslo %s\n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "nelze provést v dávkovém módu\n"
+
+#: g10/card-util.c:106
+msgid "This command is only available for version 2 cards\n"
+msgstr "Tento příkaz je dostupný pouze pro karty verze 2\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+msgid "Reset Code not or not anymore available\n"
+msgstr "ResetaÄní kód není nebo už není dostupný\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Váš výběr? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[není nastaven]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "muž"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "žena"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "neuvedeno"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "není vyžadováno"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "vyžadováno"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "Chyba: V souÄasné verzi je povolenou pouze plain ASCII.\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "Chyba: Znak „<“ nelze použít.\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "Chyba: Více mezer není povoleno.\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "Příjmení držitele karty: "
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "Jméno (křestní) držitele karty: "
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "Chyba: jméno a příjmení je příliš dlouhé (limit je %d znaků).\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "URL pro získání veÅ™ejného klíÄe: "
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "Chyba: URL je příliš dlouhé (limit je %d znaků).\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "chyba při alokování paměti: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "chyba pÅ™i Ätení „%s“: %s\n"
+
+#: g10/card-util.c:839
+#, c-format
+msgid "error writing `%s': %s\n"
+msgstr "chyba při zápisu do „%s“: %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "Login (jménu úÄtu): "
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "Chyba: Login je příliš dlouhý (limit je %d znaků).\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr "Privátní DO data: "
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "Chyba: Privátní DO je příliš dlouhé (limit je %d znaků).\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "Jazykové předvolby: "
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "Chyba: neplatná délka řetězce s předvolbami.\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Chyba: neplatný znak v řetězci s předvolbami\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "Zadejte pohlaví: M – mužské, F – ženské, nebo stiskněte mezerník: "
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "Chyba: neplatná odpovÄ›Ä.\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "Otisk CA: "
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "Chyba: chybně utvořené otisk.\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "operace s klíÄem není možná: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "toto není OpenPGP karta"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "chyba pÅ™i získání informací o aktuálním klíÄi: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "PÅ™epsat existující klíÄ? (a/N) "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+"POZNÃMKA: Nelze zaruÄit, že karta podporuje požadovanou velikost.\n"
+" Pokud generování klíÄe neuspÄ›je, prosím, nahlédnÄ›te do "
+"dokumentace\n"
+" své karty, kde se dozvíte, jaké velikosti jsou dovoleny.\n"
+
+#: g10/card-util.c:1295
+#, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Jakou délku klíÄe pro podepisování si pÅ™ejete? (%u) "
+
+#: g10/card-util.c:1297
+#, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Jakou délku klíÄe pro Å¡ifrování si pÅ™ejete? (%u) "
+
+#: g10/card-util.c:1298
+#, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Jakou délku klíÄe pro autentizaci si pÅ™ejete? (%u) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "zaokrouhleno na %u bitů\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "velikost klíÄe %s musí být v intervalu %u-%u\n"
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr "Karta bude nyní pÅ™enastavena na generování klíÄe dlouhého %u bitů\n"
+
+#: g10/card-util.c:1342
+#, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "chyba pÅ™i zmÄ›nÄ› velikosti klíÄe %d na %u bitů: %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "VytvoÅ™it zálohu Å¡ifrovacího klíÄe mimo kartu? (A/n) "
+
+#: g10/card-util.c:1378
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "POZNÃMKA: na kartÄ› jsou již klíÄe uloženy!\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "PÅ™epsat existující klíÄe? (a/N) "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"Prosím nezapomeňte, že tovární nastavení PINu je\n"
+" PIN = „%s“ PIN administrátora = „%s“\n"
+"Toto nastavení můžete změnit příkazem --change-pin\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "Prosím, vyberte druh klíÄe, který chcete generovat:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) Podepisovací klíÄ\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) Å ifrovací klíÄ\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) AutentizaÄní klíÄ\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Neplatný výběr.\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "Prosím vyberte místo pro uchování klíÄe:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "neznámý algoritmus pro ochranu klíÄe\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "tajné Äásti klíÄe nejsou dostupné\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "tajný klÃ­Ä je na kartÄ› uložen\n"
+
+#: g10/card-util.c:1623
+#, c-format
+msgid "error writing key to card: %s\n"
+msgstr "chyba pÅ™i zápisu klíÄe na kartu: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "ukonÄit toto menu"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "zobraz administrátorské příkazy"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "ukázat tuto pomoc"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "vypiš všechna dostupná data"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "změní jméno majitele karty"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "zmÄ›ní URL pro získání klíÄe"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "získá klÃ­Ä specifikovaný v URL karty"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "změnit login name"
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "změnit jazykové předvolby"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "změní pohlaví držitele karty"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "vypsat otisk certifikaÄní autority"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr "zapnout/vypnout požadování PINu při každé self-sign operaci"
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "vytvoÅ™it nový pár klíÄů"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "nabídka pro změnu anebo odblokování PINu"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr "ověř PIN a vypiš všechna data"
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr "odblokovat PIN pomocí resetaÄního kódu"
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr "gpg/karta> "
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "pouze administrátorské příkazy\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "administrátorské příkazy jsou povoleny\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "administrátorské příkazy nejsou povoleny\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Neplatný příkaz (zkuste „help“)\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output pro tento příkaz není platný\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "nelze otevřít „%s“\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "klÃ­Ä â€ž%s“ nenalezen: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "chyba pÅ™i Ätení bloku klíÄe: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(dokud neurÄíte klÃ­Ä jeho otiskem)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "bez parametru „--yes“ to nemohu v dávkovém módu provést\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Smazat tento klÃ­Ä ze souboru klíÄů? (a/N) "
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Toto je tajný klíÄ! - opravdu smazat? (a/N) "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "smazání bloku klíÄe se nezdaÅ™ilo: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "informace o důvÄ›ryhodnosti vlastníka klíÄe vymazány\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "existuje tajný klÃ­Ä pro tento veÅ™ejný klÃ­Ä \"%s\"!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr ""
+"abyste ho smazal(a), použijte nejprve parametr „--delete-secret-key“.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "chyba při vytváření hesla: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "v módu S2K nelze použít symetrický ESK paket\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "použití šifry: %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "„%s“ je již zkomprimován\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "VAROVÃNÃ: soubor „%s“ je prázdný\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"v módu --pgp2 můžete Å¡ifrovat pouze RSA klíÄem o délce 2048 bitů a ménÄ›\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "Ätu z „%s“\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr "algoritmus IDEA nelze použít pro vÅ¡echny klíÄe, pro které Å¡ifrujete.\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"VAROVÃNÃ: vyžádaná symetrická Å¡ifra %s (%d) nevyhovuje pÅ™edvolbám příjemce\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"VAROVÃNÃ: vyžádaný komprimaÄní algoritmus %s (%d) nevyhovuje pÅ™edvolbám "
+"příjemce\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "vyžádaná symetrická šifra %s (%d) nevyhovuje předvolbám příjemce\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "použití %s není v módu %s dovoleno\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s zašifrovaný pro: „%s“\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s zašifrovaná data\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "zašifrováno neznámým algoritmem %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr "VAROVÃNÃ: zpráva byla zaÅ¡ifrována slabým klíÄem v symetrické Å¡ifÅ™e.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "problém se zašifrovaným paketem\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "spuštění externího programu není podporováno\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"volání externích programů je zakázáno, protože file permissions nejsou\n"
+"nastaveny nebezpeÄnÄ›\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"na této platformě jsou při volání externích programů vyžadovány\n"
+"doÄasné soubory (temp files)\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "nelze spustit program „%s“: %s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "nelze spustit shell „%s“: %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "systémová chyba při volání externího programu: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "neoÄekávaný konec externího programu\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "nelze spustit externí program\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "nelze pÅ™eÄíst odpovÄ›Ä externího programu: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "VAROVÃNÃ: nelze smazat doÄasný soubor (%s) „%s“: %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "VAROVÃNÃ: nelze smazat doÄasný adresář „%s“: %s\n"
+
+#: g10/export.c:61
+msgid "export signatures that are marked as local-only"
+msgstr "exportovat podpisy, které jsou oznaÄeny jako jen místní (local-only)"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr "exportovat atributy uživatelských ID (obecně ID fotografií)"
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "exportovat revokaÄní klíÄe oznaÄené jako „citlivé“"
+
+#: g10/export.c:67
+msgid "remove the passphrase from exported subkeys"
+msgstr "odstranit ochranu heslem z exportovaných podklíÄů"
+
+#: g10/export.c:69
+msgid "remove unusable parts from key during export"
+msgstr "odstranit nepoužitelné Äásti z klíÄe pÅ™i exportu"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr "odstranit pÅ™i exportu z klíÄe vÅ¡e, co lze"
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr "exportovat klíÄe ve formátu postaveném na S-výrazech"
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "exportování tajného klíÄe není povoleno\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "klÃ­Ä %s: není chránÄ›ný – pÅ™eskoÄeno\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "klÃ­Ä %s: PGP 2.x klíÄ – pÅ™eskoÄeno\n"
+
+#: g10/export.c:386
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "klÃ­Ä %s: tÄ›lo klíÄe je na kartě – pÅ™eskoÄeno\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr "exportovat nechránÄ›né podklíÄe\n"
+
+#: g10/export.c:560
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "odemknutí podklíÄe selhalo: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "VAROVÃNÃ: tajný klÃ­Ä %s není chránÄ›n pomocí simple SK checksum\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "VAROVÃNÃ: nebylo nic vyexportováno\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "příliÅ¡ mnoho položek v bufferu veÅ™ejných klíÄů – vypnuto\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[ID uživatele nenalezeno]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr "„%s“ automaticky získáno přes %s\n"
+
+#: g10/getkey.c:1118
+#, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "chyba při získávání „%s“ přes %s: %s\n"
+
+#: g10/getkey.c:1120
+msgid "No fingerprint"
+msgstr "Chybí otisk"
+
+# c-format
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr "Neplatný klÃ­Ä %s zmÄ›nÄ›n na platný pomocí --always-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "neexistuje tajný podklÃ­Ä pro veÅ™ejný klÃ­Ä %s – ignorováno\n"
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "používám podklÃ­Ä %s místo primárního klíÄe %s\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "klÃ­Ä %s: tajný klÃ­Ä bez klíÄe veÅ™ejného – pÅ™eskoÄeno\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+msgid "make a signature"
+msgstr "vytvořit podpis"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+msgid "make a clear text signature"
+msgstr "vytvoÅ™it podpis v Äitelném dokumentu"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "vytvořit podpis oddělený od dokumentu"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "Å¡ifrovat data"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "šifrování pouze se symetrickou šifrou"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "dešifrovat data (implicitně)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "verifikovat podpis"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "vypsat seznam klíÄů"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "vypsat seznam klíÄů a podpisů"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "vypsat a zkontrolovat podpisy klíÄů"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "vypsat seznam klíÄů a otisků"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "vypsat seznam tajných klíÄů"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "vytvoÅ™it nový pár klíÄů"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "vytvoÅ™it revokaÄní certifikát"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "odstranit klÃ­Ä ze souboru veÅ™ejných klíÄů"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "odstranit klÃ­Ä ze souboru tajných klíÄů"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "podepsat klíÄ"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "podepsat klÃ­Ä lokálnÄ›"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "podepsat nebo modifikovat klíÄ"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+msgid "change a passphrase"
+msgstr "změnit heslo"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "exportovat klíÄe"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "exportovat klíÄe na server klíÄů"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "importovat klíÄe ze serveru klíÄů"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "vyhledat klíÄe na serveru klíÄů"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "aktualizovat vÅ¡echny klíÄe ze serveru klíÄů"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "importovat/slouÄit klíÄe"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "vytisknout stav karty"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "změnit data na kartě"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "změnit PIN karty"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "aktualizovat databázi důvěry"
+
+#: g10/gpg.c:436
+msgid "print message digests"
+msgstr "vypsat hash zprávy"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr "pracovat v režimu serveru"
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "vytvoř výstup zakódovaný pomocí ASCII"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|ID_UŽIVATELE|šifrovat pro ID_UŽIVATELE"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "|ID_UŽIVATELE|použít toto ID_UŽIVATELE pro podepsání nebo dešifrování"
+
+#: g10/gpg.c:462
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|nastavit úroveň komprese na N (0 – žádná)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "použít kanonický textový mód"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+msgid "|FILE|write output to FILE"
+msgstr "|SOUBOR|zapsat výstup do SOUBORU"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "neprovádět žádné změny"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "vyžádat potvrzení před přepsáním"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "použít chování striktně podle OpenPGP"
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Pro kompletní seznam všech příkazů a možností použijte manuálové stránky.)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+" -se -r Bob [soubor] podepsat a zašifrovat pro uživatele Bob\n"
+" --clearsign [soubor] vytvoÅ™it podpis Äitelného dokumentu\n"
+" --detach-sign [soubor] vytvořit podpis oddělený od dokumentu\n"
+" --list-keys [jména] vypsat klíÄe\n"
+" --fingerprint [jména] vypsat otisky\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Použití: gpg [možnosti] [soubory] (-h pro pomoc)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntaxe: gpg [možnosti] [soubory]\n"
+"podepsat, ověřit, šifrovat nebo dešifrovat\n"
+"implicitní operace závisí na vstupních datech\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Podporované algoritmy:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "VeÅ™ejný klíÄ: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Å ifra: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Hash: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Komprese: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "užití: gpg [možnosti]"
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "konfliktní příkazy\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "no = podpis nalezen v definici skupiny „%s“\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr ""
+"VAROVÃNÃ: vlastnictví domovského adresáře není nastaveno bezpeÄnÄ› „%s“\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr ""
+"VAROVÃNÃ: vlastnictví konfiguraÄního souboru není nastaveno bezpeÄnÄ› „%s“\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr ""
+"VAROVÃNÃ: vlastnictví rozÅ¡iÅ™ujícího modulu není nastaveno bezpeÄnÄ› „%s“\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr ""
+"VAROVÃNÃ: přístupová práva pro domovský adresáře nejsou bezpeÄná „%s“\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr ""
+"VAROVÃNÃ: přístupová práva pro konfiguraÄní soubor nejsou bezpeÄná „%s“\n"
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "VAROVÃNÃ: přístupová práva rozÅ¡iÅ™ujícímu modulu nejsou bezpeÄná „%s“\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr ""
+"VAROVÃNÃ: vlastnictví adresáře s domovským adresářem není nastaveno "
+"nebezpeÄnÄ› „%s“\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+"VAROVÃNÃ: vlastnictví adresáře s konfiguraÄním souborem není nastaveno "
+"nebezpeÄnÄ› „%s“\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+"VAROVÃNÃ: vlastnictví adresáře s rozÅ¡iÅ™ujícím modulem není nastaveno "
+"nebezpeÄnÄ› „%s“\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+"VAROVÃNÃ: přístupová práva k adresáři s domovským adresářem nejsou nastavena "
+"bezpeÄnÄ› „%s“\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+"VAROVÃNÃ: přístupová práva k adresáři s konfiguraÄním souborem nejsou "
+"nastavena bezpeÄnÄ› „%s“\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+"VAROVÃNÃ: přístupová práva k adresáři s rozÅ¡iÅ™ujícím modulem nejsou "
+"nastavena bezpeÄnÄ› „%s“\n"
+
+# c-format
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "neznámá konfiguraÄní položka „%s“\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr "zobrazovat ID fotografií bÄ›hem výpisu klíÄů"
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr "ukazovat URL politik během výpisu podpisů"
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr "ukazovat všechny poznámky během výpisu podpisů"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr "ukazovat poznámky IETF standardu během vypisování podpisů"
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr "ukazovat uživatelské poznámky během výpisu podpisů"
+
+#: g10/gpg.c:1711
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "ukazovat URL upÅ™ednostňovaného serveru klíÄů pÅ™i výpisu podpisů"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr "ukazovat platnost ID uživatelů pÅ™i výpisu klíÄů"
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr "ukazovat odvolané a proÅ¡lé ID uživatelů pÅ™i výpisu klíÄů"
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr "ukazovat odvolané a proÅ¡lé podklíÄe pÅ™i výpisu klíÄů"
+
+#: g10/gpg.c:1719
+msgid "show the keyring name in key listings"
+msgstr "ukazovat název souboru s klíÄi pÅ™i výpisu klíÄů"
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr "ukazovat data expirace během výpisu podpisů"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "POZNÃMKA: starý implicitní soubor s možnostmi „%s“ ignorován\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr "libgcrypt je příliš stará (potřebuji %s, mám %s)\n"
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "POZNÃMKA: %s není pro normální použití!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "„%s“ není platná doba expirace podpisu\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "„%s“ není platná znaková sada\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "nelze zpracovat URL serveru klíÄů\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: neplatný parametr pro server klíÄů\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "neplatný parametr pro server klíÄů\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: neplatný parametr pro import\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "neplatný parametr pro import\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: neplatný parametr pro export\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "neplatný parametr pro export\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: neplatný parametr pro výpis\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "neplatný parametr pro výpis\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr "zobrazovat ID fotografií při ověřování podpisu"
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr "ukazovat URL politik při ověřování podpisu"
+
+#: g10/gpg.c:2704
+msgid "show all notations during signature verification"
+msgstr "ukazovat všechny poznámky při ověřování podpisu"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr "ukazovat poznámky IETF standardu při ověřování podpisu"
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr "ukazovat uživatelské poznámky při ověřování podpisu"
+
+#: g10/gpg.c:2712
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "ukazovat URL upÅ™ednostňovaného serveru klíÄů pÅ™i ověřování podpisu"
+
+#: g10/gpg.c:2714
+msgid "show user ID validity during signature verification"
+msgstr "ukazovat platnost ID uživatele při ověřování podpisu"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr "ukazovat odvolané a prošlé ID uživatelů při ověřování podpisů"
+
+#: g10/gpg.c:2718
+msgid "show only the primary user ID in signature verification"
+msgstr "ukazovat jen primární ID uživatele při ověřování podpisu"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr "ověřovat podpisy s daty PKA"
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr "vyzvednout důvěru podpisů s platnými daty PKA"
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: neplatný parametr pro ověření\n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "neplatný parametr pro ověření\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "nelze nastavit exec-path na %s\n"
+
+#: g10/gpg.c:2925
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: neplatný seznam auto-key-locate\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr "neplatný seznam auto-key-locate\n"
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "VAROVÃNÃ: program může vytvoÅ™it soubor core!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "VAROVÃNÃ: %s pÅ™epíše %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "Není dovoleno používat %s s %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s nedává s %s smysl!\n"
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "nelze spustit s nebezpeÄnou pamÄ›tí vzhledem k %s\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+"v módu --pgp2 můžete vytvářet pouze oddÄ›lené podpisy nebo podpisy Äitelné "
+"jako text\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "v módu --pgp2 nelze souÄasnÄ› Å¡ifrovat a podepisovat\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "v módu --pgp2 musíte použít soubor (ne rouru).\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "šifrování zpráv v módu --pgp2 vyžaduje algoritmus IDEA\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "vybraný šifrovací algoritmus je neplatný\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "vybraný hashovací algoritmus je neplatný\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "vybraný kompresní algoritmus je neplatný\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "vybraný hashovací algoritmus je neplatný\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "položka completes-needed musí být větší než 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "položka marginals-needed musí být větší než 1\n"
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "položka max-cert-depth musí být v rozmezí od 1 do 255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr ""
+"neplatná implicitní úroveň certifikace (default-cert-level); musí být 0, 1, "
+"2 nebo 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr ""
+"neplatná minimální úroveň certifikace (min-cert-level); musí být 0, 1, 2 "
+"nebo 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "POZNÃMKA: jednoduchý mód S2K (0) je důraznÄ› nedoporuÄován\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "neplatný mód S2K; musí být 0, 1 nebo 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "neplatné implicitní předvolby\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "neplatné uživatelské předvolby pro šifrování\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "neplatné uživatelské předvolby pro hashování\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "neplatné uživatelské předvolby pro komprimaci\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s dosud není funkÄní s %s\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "použití šifrovacího algoritmu „%s“ v módu %s dovoleno\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "použití hashovacího algoritmu „%s“ v módu %s dovoleno\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "použití komprimaÄního algoritmu „%s“ v módu %s dovoleno\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "nemohu inicializovat databázi důvěry: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"VAROVÃNÃ: specifikován adresát (-r) bez použití Å¡ifrování s veÅ™ejným klíÄem\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [jméno souboru]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [jméno souboru]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "symetrické šifrování „%s“ se nepovedlo: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [jméno souboru]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [jméno souboru]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr "nelze použít --symmetric --encrypt s příkazem --s2k-mode 0\n"
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "nelze použít --symmetric --encrypt v módu %s\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [jméno souboru]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [jméno souboru]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [jméno souboru]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr "nelze použít --symmetric --sign --encrypt s příkazem --s2k-mode 0\n"
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "nelze použít --symmetric --sign --encrypt v módu %s\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [jméno souboru]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [jméno souboru]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [jméno souboru]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key id uživatele"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key id uživatele"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key id uživatele [příkazy]"
+
+#: g10/gpg.c:3629
+msgid "--passwd <user-id>"
+msgstr "--passwd <id-uživatele>"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "odeslání na keyserver se nezdařilo: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "získání dat z serveru klíÄů se nezdaÅ™ilo: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "export klíÄe se nepodaÅ™il: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "hledání na serveru klíÄů se nezdaÅ™ilo: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "obnovení dat na serveru klíÄů se nezdaÅ™ilo: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "dekódování z ASCII formátu selhalo: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "kódování do ASCII formátu selhalo: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "neplatný hashovací algoritmus „%s“\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[jméno souboru]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "ZaÄnÄ›te psát svou zprávu ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "zadané URL pro certifikaÄní politiku je neplatné\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "zadané URL pro podepisovací politiku je neplatné\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "zadané URL preferovaného serveru klíÄů je neplatné\n"
+
+#: g10/gpgv.c:74
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "|SOUBOR|brát klíÄe z klíÄenky (keyringu) SOUBOR"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "pouze varování pÅ™i konfliktu Äasového razítka"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|zapsat informace o stavu do tohoto FD"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Použití: gpg [volby] [soubory] (-h pro pomoc)"
+
+#: g10/gpgv.c:119
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Syntaxe: gpgv [volby] [soubory]\n"
+"Ověří podpisy proti známým důvÄ›ryhodným klíÄům\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Nápověda není k dispozici"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Pro „%s“ není dostupná žádná nápověda"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr "importovat podpisy, které jsou oznaÄeny jen jako místní"
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr "opravit poškození vzniklá při importu z PKS serveru"
+
+#: g10/import.c:98
+msgid "do not update the trustdb after import"
+msgstr "neaktualizovat databázi důvěry po importu"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr "vytvoÅ™it veÅ™ejný klÃ­Ä pÅ™i importu tajného klíÄe"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr "pÅ™ijímat aktualizace pouze u existujících klíÄů"
+
+#: g10/import.c:104
+msgid "remove unusable parts from key after import"
+msgstr "odstranit z klíÄe po importu nepoužitelné Äásti"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr "odstranit po importu z klíÄe vÅ¡e, co lze"
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "blok typu %d byl pÅ™eskoÄen\n"
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu klíÄe byly doposud zpracovány\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Celkový poÄet zpracovaných klíÄů: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " pÅ™eskoÄeny nové klíÄe: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " bez ID uživatele: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importováno: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " beze změn: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " nové ID uživatelů: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " nové podklíÄe: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " nové podpisy: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " nové revokace klíÄů: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " pÅ™eÄtené tajné klíÄe: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " importované tajné klíÄe: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " tajné klíÄe nezmÄ›nÄ›ny: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " neimportováno: %lu\n"
+
+#: g10/import.c:323
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " odstraněné podpisy: %lu\n"
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " odstraněné uživatelské ID: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+"VAROVÃNÃ: klÃ­Ä %s obsahuje pÅ™edvolby pro nedostupné\n"
+"algoritmy na těchto ID uživatelů:\n"
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " \"%s\": předvolby pro šifrovací algoritmus %s\n"
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " \"%s\": předvolby pro podepisovací algoritmus %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " \"%s\": pÅ™edvolby pro komprimaÄní algoritmus %s\n"
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "velmi doporuÄujeme aktualizaci nastavení vaÅ¡ich preferencí a\n"
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+"distribuci tohoto klíÄe aby jste pÅ™edeÅ¡el problémům s neshodou algoritmů\n"
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr "nelze aktualizovat předvolby s: gpg --edit-key %s updpref save\n"
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "klÃ­Ä %s: chybí identifikátor uživatele\n"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "klÃ­Ä %s: PKS poÅ¡kození podklíÄe opraveno\n"
+
+# c-format
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "klÃ­Ä %s: pÅ™ijat id uživatele \"%s\",který není podepsán jím samým\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "klÃ­Ä %s: chybí platný identifikátor uživatele\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "může to být způsobeno chybÄ›jícím podpisem klíÄe jím samým\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "klÃ­Ä %s: veÅ™ejný klÃ­Ä nenalezen: %s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "klÃ­Ä %s: nový klÃ­Ä - pÅ™eskoÄen\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "nenalezen zapisovatelný soubor klíÄů (keyring): %s\n"
+
+# g10/import.c:766 g10/openfile.c:261#, c-format
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "zapisuji do „%s“\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "chyba pÅ™i zápisu souboru klíÄů (keyring) „%s“: %s\n"
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "klÃ­Ä %s: veÅ™ejný klÃ­Ä â€ž%s“ importován\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "klÃ­Ä %s: neodpovídá naší kopii\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "klÃ­Ä %s: nemohu najít originální blok klíÄe: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "klÃ­Ä %s: nemohu Äíst originální blok klíÄe: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "klÃ­Ä %s: „%s“ 1 nový identifikátor uživatele\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "klÃ­Ä %s: „%s“ %d nových identifikátorů uživatele\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "klÃ­Ä %s: „%s“ 1 nový podpis\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "klÃ­Ä %s: „%s“ %d nových podpisů\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "klÃ­Ä %s: „%s“ 1 nový podklíÄ\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "klÃ­Ä %s: „%s“ %d nových podklíÄů\n"
+
+#: g10/import.c:980
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "klÃ­Ä %s: „%s“ %d podpisů odstranÄ›no\n"
+
+#: g10/import.c:983
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "klÃ­Ä %s: „%s“ %d podpisů odstranÄ›no\n"
+
+#: g10/import.c:986
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "klÃ­Ä %s: „%s“ %d ID uživatele odstranÄ›no\n"
+
+#: g10/import.c:989
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "klÃ­Ä %s: „%s“ %d ID uživatele odstranÄ›no\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "klÃ­Ä %s: „%s“ beze zmÄ›n\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "klÃ­Ä %s: tajný klÃ­Ä s neplatnou Å¡ifrou %d – pÅ™eskoÄeno\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "import tajných klíÄů není povolen\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "není nastaven implicitní soubor tajných klíÄů %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "klÃ­Ä %s: tajný klÃ­Ä importován\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "klÃ­Ä %s: je již v souboru tajných klíÄů\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "klÃ­Ä %s: nenalezen tajný klíÄ: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr "klÃ­Ä %s: chybí veÅ™ejný klíÄ – nemohu aplikovat revokaÄní certifikát\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "klÃ­Ä %s: neplatný revokaÄní certifikát: %s – zamítnuto\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "klÃ­Ä %s: „%s“ revokaÄní certifikát importován\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "klÃ­Ä %s: neexistuje id uživatele pro podpis\n"
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"klÃ­Ä %s: nepodporovaný algoritmus veÅ™ejného klíÄe u uživatelského ID „%s“\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "klÃ­Ä %s neplatný podpis klíÄe jím samým u uživatelského ID „%s“\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "klÃ­Ä %s: nepodporovaný algoritmus veÅ™ejného klíÄe\n"
+
+#: g10/import.c:1484
+#, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "klÃ­Ä %s: neplatný podpis klíÄe jím samým (direct key signature)\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "klÃ­Ä %s: neexistuje podklÃ­Ä pro vázání klíÄů\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "klÃ­Ä %s: neplatná vazba podklíÄe\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "klÃ­Ä %s: smazána vícenásobná vazba podklíÄe\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "klÃ­Ä %s: neexistuje podklÃ­Ä pro revokaci klíÄe\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "klÃ­Ä %s: neplatný revokaÄní podklíÄ\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "klÃ­Ä %s: smazána vícenásobná revokace podklíÄe\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "klÃ­Ä %s: pÅ™eskoÄen identifikátor uživatele „%s“\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "klÃ­Ä %s: podklÃ­Ä pÅ™eskoÄen\n"
+
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "klÃ­Ä %s: podpis není exportovatelný (třída %02X) - pÅ™eskoÄeno\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "klÃ­Ä %s: revokaÄní certifikát na Å¡patném místÄ› - pÅ™eskoÄeno \n"
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "klÃ­Ä %s: neplatný revokaÄní certifikát: %s - pÅ™eskoÄen\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "klÃ­Ä %s: podpis podklíÄe na Å¡patném místÄ› - pÅ™eskoÄeno \n"
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "klÃ­Ä %s: neoÄekávaná podpisová třída (0x%02X) - pÅ™eskoÄeno\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "klÃ­Ä %s: objeven duplikovaný identifikátor uživatele - slouÄen\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"VAROVÃNÃ: klÃ­Ä %s může být revokován: zkouším získat revokaÄní klÃ­Ä %s\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr "VAROVÃNÃ: klÃ­Ä %s může být revokován: revokaÄní klÃ­Ä %s nenalezen.\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "klÃ­Ä %s: „%s“ pÅ™idán revokaÄní certifikát\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "klÃ­Ä %s: podpis klíÄe jím samým (direct key signature) pÅ™idán\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "POZNÃMKA: sériové Äíslo klíÄe neodpovídá Äíslu karty\n"
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "POZNÃMKA: primární klÃ­Ä je online a je uložen na kartÄ›\n"
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "POZNÃMKA: sekundární klÃ­Ä je online a je uložen na kartÄ›\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "chyba pÅ™i vytváření souboru klíÄů (keyring) „%s“: %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "soubor klíÄů (keyring) „%s“ vytvoÅ™en\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "zdroj bloku klíÄe „%s“: %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "selhalo obnovení vyrovnávací pamÄ›ti klíÄů: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[revokace]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[podpis klíÄe jím samým]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 špatný podpis\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d špatných podpisů\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 podpis neověřen, protože chybí klíÄ\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d podpisů neověřených, protože chybí klíÄ\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 podpis neověřen, protože vznikla chyba\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d podpisů neověřených, protože vznikly chyby\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "objeven 1 identifikátor uživatele bez platného podpisu jím samým\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "objeveno %d identifikátorů uživatele bez platného podpisu jím samým\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Prosím rozhodněte, nakolik důvěřujete tomuto uživateli, že správně\n"
+"verifikuje klíÄe jiných uživatelů (prohlédnutím cestovních pasů,\n"
+"kontrolou otisků z různých zdrojů...)?\n"
+"\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Důvěřuji ÄásteÄnÄ›\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Důvěřuji úplně\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"Prosím vložte hloubku důvěry (depth trust) k tomuto podpisu.\n"
+"Hloubka vÄ›tší než 1 umožňuje klíÄům, které jste podepsal\n"
+"podepsat jiný klíÄ, který bude pro Vás důvÄ›ryhodný.\n"
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+"Prosím vložte doménu, pro kterou je podpis omezen nebo stiskněte enter pro "
+"podpis bez omezení na doménu.\n"
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "Uživatelské ID „%s“ je revokováno."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Jste si jistý(á), že stále chcete podepsat tento klíÄ? (a/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Nelze podepsat.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "Vypršela platnost uživatelského ID „%s“."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "ID uživatele „%s“ není podepsáno jím samým."
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "ID uživatele „%s“ je připraveno k podpisu."
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr "Podepsat? (a/N) "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"Podpis klíÄe „%s“ jím samým je\n"
+"podpis formátu PGP 2.x.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Přejete si jej změnit na formát OpenPGP? (a/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Platnost vašeho podpisu na „%s“\n"
+"vypršela.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+"Chcete vytvořit nový podpis a nahradit jím ten, jehož platnost vypršela? (a/"
+"N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Váš souÄasný podpis na „%s“\n"
+"je pouze lokální.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "Přejete si jej změnit na plně exportovatelný podpise? (a/N) "
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "„%s“ je již lokálnÄ› podepsán klíÄem %s\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "„%s“ je již podepsán klíÄem %s\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Chcete klÃ­Ä pÅ™esto znova podepsat? (a/N) "
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Nic k podepsání klíÄem %s\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Platnost klíÄe vyprÅ¡ela!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Platnost klíÄe vyprší %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Chcete, aby platnost Vašeho podpisu vypršela ve stejnou dobu? (A/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"Nemůžete udÄ›lat OpenPGP podpis klíÄe typu PGP 2.x, když jste v --pgp2 módu.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "To by způsobilo nepoužitelnost klíÄe v PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"S jakou jistotou jste prověřili, že klíÄ, který chcete podepsat\n"
+"patří výše uvedené osobě.\n"
+"Pokud neznáte odpovÄ›Ä, zadejte „0“.\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Neodpovím.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Nijak jsem to nekontroloval(a).%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) ČásteÄnÄ› jsem to ověřil(a).%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Velmi peÄlivÄ› jsem to ověřil(a).%s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Váš výběr? (pro více informací vložte „?“): "
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Jste si jistý(á), že chcete podepsat tento klíÄ\n"
+"svým klíÄem „%s“ (%s)\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "Jedná se o podpis klíÄe jím samým.\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr "VAROVÃNÃ: podpis nebude oznaÄen jako neexportovatelný.\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr "VAROVÃNÃ: podpis nebude oznaÄen jako neodvolatelný (non-revocable).\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "Podpis bude oznaÄen jako neexportovatelný.\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "Podpis bude oznaÄen jako neodvolatelný (non-revocable).\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "Nijak jsem tento klÃ­Ä neověřil.\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "ČásteÄnÄ› jsem ověřil tento klíÄ.\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "Velmi peÄlivÄ› jsem ověřil tento klíÄ.\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "SkuteÄnÄ› podepsat? (a/N) "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "podepsání selhalo: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+"K dispozici je jen kontrolní souÄet klíÄe nebo je klÃ­Ä na kartÄ› - passphrase "
+"nelze změnit.\n"
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Tento klÃ­Ä není chránÄ›ný.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Tajné Äásti primárního klíÄe nejsou dostupné.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Tajná Äást primárního klíÄe jsou uloženy na kartÄ›.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "KlÃ­Ä je chránÄ›ný.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Není možné editovat tento klíÄ: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Vložte nové heslo (passphrase) pro tento tajný klíÄ.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "heslo není zopakováno správně; zkuste to znovu"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Nechcete heslo - to *není* dobrý nápad!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "Opravdu to chcete udělat? (a/N) "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "pÅ™esunuji podpis klíÄe na správné místo\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "uložit a ukonÄit"
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr "vypsat otisk klíÄe"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "vypsat seznam klíÄů a id uživatelů"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "vyberte identifikátor uživatele N"
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr "vyberte podklÃ­Ä N"
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr "kontrolovat podpisy"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr "podepsat vybrané ID uživatele [* níže jsou uvedeny relevantní příkazy]"
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr "podepsat vybrané uživatelské ID lokálně"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr "podepsat vybrané uživatelské ID důvěryhodným podpisem"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr "podepsat vybraná uživatelská ID neodvolatelným podpisem"
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "přidat identifikátor uživatele"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "přidat fotografický ID"
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr "smazat vybrané ID uživatele"
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr "pÅ™idat podklíÄ"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr "pÅ™idat klÃ­Ä na kartu"
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr "pÅ™esunout klÃ­Ä na kartu"
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr "pÅ™esunout záložní klÃ­Ä na kartu"
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr "smazat vybrané podklíÄe"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "pÅ™idat revokaÄní klíÄ"
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr "smazat podpisy z vybraných uživatelských ID"
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "zmÄ›nit datum expirace pro klÃ­Ä nebo vybrané podklíÄe"
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr "oznaÄit vybrané uživatelské ID jako primární"
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr "pÅ™epnout mezi výpisem seznamu tajných a veÅ™ejných klíÄů"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "vypsat seznam předvoleb (pro experty)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "vypsat seznam předvoleb (podrobně)"
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr "nastavit sadu preferencí pro vybrané uživatelské ID"
+
+#: g10/keyedit.c:1453
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "nastavit URL preferovaného serveru klíÄů pro vybraná uživatelská ID"
+
+#: g10/keyedit.c:1455
+msgid "set a notation for the selected user IDs"
+msgstr "zadat poznámku pro vybraná uživatelská ID"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "změnit heslo"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "zmÄ›nit důvÄ›ryhodnost vlastníka klíÄe"
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr "revokovat podpisu na vybraných uživatelských ID"
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr "revokovat vybrané uživatelské ID"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr "revokovat klÃ­Ä nebo vybrané podklíÄe"
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr "nastavit klÃ­Ä jako platný (enable)"
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr "nastavit klÃ­Ä jako neplatný (disable)"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr "ukázat vybrané fotografické ID"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+"smÄ›stnat nepoužitelná ID uživatelů a odstranit z klíÄe nepoužitelné podpisy"
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr "smÄ›stnat nepoužitelná ID uživatelů a odstranit z klíÄe vÅ¡echny podpisy"
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "chyba pÅ™i Ätení bloku tajného klíÄe „%s“: %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Tajný klÃ­Ä je dostupný.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Pro provedení této operace je potÅ™eba tajný klíÄ.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Prosím, nejdříve použijte příkaz „toggle“ (přepnout).\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* Příkaz „sign“ může být použit s prefixem „l“ pro lokální podpis (lsign),\n"
+" s prefixem „t“ pro důvěryhodný podpis (tsign) nebo „nr“ pro neodvolatelný\n"
+" podpis (nrsign) nebo libovolnou jejich kombinací (ltsign, tnrsign, atd.).\n"
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "KlÃ­Ä revokován."
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Opravdu podepsat všechny id uživatele? (a/N) "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Nápověda: Vyberte id uživatele k podepsání\n"
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "Neznámý typ podpisu „%s“\n"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Tento příkaz není v módů %s dovolený.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Musíte vybrat alespoň jeden id uživatele.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Nemůžete smazat poslední id uživatele!\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Opravdu odstranit všechny vybrané id uživatele? (a/N) "
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "Opravdu odstranit tento id uživatele? (a/N) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr "Opravdu pÅ™esunout primární klíÄ? (a/N) "
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "Musíte vybrat právÄ› jeden klíÄ.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr "Příkaz oÄekává jméno souboru jako argument\n"
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "Nemohu otevřít „%s“: %s\n"
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "Chyba pÅ™i Ätení záložního klíÄe z „%s“: %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Musíte vybrat alespoň jeden klíÄ.\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Opravdu chcete smazat vybrané klíÄe? (a/N) "
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Opravdu chcete smazat tento klíÄ? (a/N) "
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Opravdu revokovat všechny vybrané id uživatele? (a/N) "
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Opravdu revokovat tento id uživatele? (a/N) "
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Opravdu chcete revokovat celý klíÄ? (a/N) "
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Opravdu chcete revokovat vybrané podklíÄe? (a/N) "
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Opravdu chcete revokovat tento podklíÄ? (a/N) "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+"Důvěryhodnost vlastníka nelze měnit je-li používána databáze důvěry "
+"poskytnutá uživatelem\n"
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "Nastavit seznam předvoleb:\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "Opravdu aktualizovat předvolby pro vybraný id uživatele? (a/N) "
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "Opravdu aktualizovat předvolby? (a/N) "
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "Uložit změny? (a/N) "
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "UkonÄit bez uložení? (a/N) "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "aktualizace selhala: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "aktualizace tajného klíÄe selhala: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "KlÃ­Ä nebyl zmÄ›nÄ›n, takže není potÅ™eba jej aktualizovat.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Hash: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Vlastnosti: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr "Keyserver bez modifikace"
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr "Preferovaný keyserver: "
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+msgid "Notations: "
+msgstr "Poznámky: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "Uživatelský ID formátu PGP 2.x nemá žádné předvolby\n"
+
+#: g10/keyedit.c:2810
+#, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "V %s byl následující klÃ­Ä revokován %s klíÄem %s\n"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Tento klÃ­Ä může být revokován %s klíÄem %s "
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr "(citlivá informace)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "vytvořen: %s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "revokován: %s"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "platnost skonÄila: %s"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "platnost skonÄí: %s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "použití: %s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr "důvěra: %s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "platnost: %s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Tento klÃ­Ä byl oznaÄen za neplatný (disabled)"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr "Äíslo karty: "
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Prosím nezapomeňte, že zobrazované údaje o platnosti klíÄů nemusí\n"
+"být nutně správné, dokud znova nespustíte program.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "revokován"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "platnost skonÄila"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"VAROVÃNÃ: žádné uživatelské ID nebylo oznaÄeno jako primární. Tento příkaz\n"
+" může způsobit, že za primární bude považováno jiné user ID.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"VAROVÃNÃ: Toto je PGP2 klíÄ. PÅ™idání fotografického ID může v nÄ›kterých\n"
+" verzích PGP vést k odmítnutí tohoto klíÄe.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Jste si jistý, že jej chcete stále přidat? (a/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "NemÄ›li by jste pÅ™idávat fotografický ID k PGP2 klíÄi.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Smazat tento dobrý podpis? (a/N/u)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Smazat tento neplatný podpis? (a/N/u)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Smazat tento neznámý podpis? (a/N/u)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Opravdu smazat tento podpis podepsaný sebou samým? (a/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Smazán %d podpis.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "Smazáno %d podpisů.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Nic nebylo smazáno.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "neplatný"
+
+#: g10/keyedit.c:3357
+#, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "Uživatelské ID „%s“ směstnáno: %s\n"
+
+#: g10/keyedit.c:3364
+#, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "Uživatelské ID „%s“: %d podpisů odstraněno\n"
+
+#: g10/keyedit.c:3365
+#, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "Uživatelské ID „%s“: %d podpisů odstraněno\n"
+
+#: g10/keyedit.c:3373
+#, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "Uživatelské ID „%s“: je již minimalizované\n"
+
+#: g10/keyedit.c:3374
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "Uživatelské ID „%s“: je již odstraněné\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"VAROVÃNÃ: Toto je PGP2 klíÄ. PÅ™idání 'pověření revokace' může v nÄ›kterých\n"
+" verzích PGP vést k odmítnutí tohoto klíÄe.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "NemÄ›li by jste pÅ™idávat 'pověření revokace' k PGP2 klíÄi.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Vložte identifikátor uživatele pověřeného revokací: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "klÃ­Ä formátu PGP 2.x nelze pověřit revokací\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "klÃ­Ä nelze pověřit revokací jím samým\n"
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr "tento klÃ­Ä již byl pověřen revokací\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"VAROVÃNÃ: ustanovení klíÄe „pověřeným odvolatelem“ je nevratná operace!\n"
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr "Jste si jistí, že tento klÃ­Ä chcete pověřit revokací? (a/N) "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Prosím, odstraňte výbÄ›r z tajných klíÄů.\n"
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr "Prosím, vyberte nejvýše jeden podklíÄ.\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr "MÄ›ním dobu expirace podklíÄe.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "MÄ›ním dobu expirace primárního klíÄe.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Nemůžete zmÄ›nit dobu platnosti klíÄe verze 3\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "V souboru tajných klíÄů chybí odpovídající podpis\n"
+
+#: g10/keyedit.c:3800
+#, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "podepisovací podklÃ­Ä %s je již křížovÄ› certifikován\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr "podklÃ­Ä %s nepodepisuje, a tak není tÅ™eba jej křížovÄ› certifikovat\n"
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Prosím, vyberte právě jeden id uživatele .\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "pÅ™eskoÄen v3 podpis klíÄe jím samým u uživatelského id „%s“\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr "Vložte URL preferovaného serveru klíÄů: "
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Jste si jistý(á), že jej chcete přepsat? (a/N) "
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Jste si jistý(á), že jej chcete smazat? (a/N) "
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr "Vložte poznámku: "
+
+#: g10/keyedit.c:4471
+msgid "Proceed? (y/N) "
+msgstr "PokraÄovat (a/N)? "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Neexistuje identifikátor uživatele s indexem %d\n"
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Neexistuje uživatelské ID s hashem %s\n"
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "Neexistuje podklÃ­Ä s indexem %d\n"
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "ID uživatele: „%s“\n"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "podepsáno vaším klíÄem %s v %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (neexportovatelné)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Platnost podpisu vyprší %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Jste si jistý, že jej chcete stále revokovat? (a/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "VytvoÅ™it pro tento podpis revokaÄní certifikát? (a/N)"
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr "Nepodepsáno vámi.\n"
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Podepsal(a) jste následující identifikátory uživatele: %s:\n"
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (neodvolatelné)"
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "revokováno vaším klíÄem %s v %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Chystáte se revokovat tyto podpisy:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Opravdu vytvoÅ™it revokaÄní certifikáty? (a/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "neexistuje tajný klíÄ\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "uživatelské ID „%s“ je již revokováno\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr "VAROVÃNÃ: podpis ID uživatele je datován %d sekund v budoucnosti\n"
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "KlÃ­Ä %s je již revokován.\n"
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "PodklÃ­Ä %s je již revokován.\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "Zobrazuji %s fotografický ID o velikosti %ld pro klÃ­Ä %s (uid %d)\n"
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "duplicita předvolby „%s“\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "příliš mnoho předvoleb pro šifrování\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "příliš mnoho předvoleb pro vzorkování\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "příliš mnoho předvoleb pro komprimaci\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "neplatná položka „%s“ v řetězci s předvolbami\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "zapisuji podpis klíÄe jím samým (direct signature)\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "zapisuji podpis klíÄe sebou samým\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "zapisuji „key-binding“ podpis\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "neplatná délka klíÄe; použiji %u bitů\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "délka klíÄe zaokrouhlena na %u bitů\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+"VAROVÃNÃ: nÄ›které OpenPGP programy nedokáží zacházet s DSA klíÄem s takto "
+"dlouhým hashem\n"
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "Podepisování"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr "Certifikování"
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "Šifrování"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "Autentizace"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr "SsEeAaQq"
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "Pro klÃ­Ä %s lze provést: "
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr "Aktuálně povolené akce: "
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) Zapnout/vypnout schopnost podepisovat\n"
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) Zapnout/vypnout schopnost Å¡ifrovat\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) Zapnout/vypnout schopnost autentizovat\n"
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) Konec\n"
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Prosím, vyberte druh klíÄe, který chcete:\n"
+
+#: g10/keygen.c:1689
+#, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) RSA a RSA (implicitní)\n"
+
+#: g10/keygen.c:1691
+#, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA a Elgamal\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (pouze pro podpis)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (pouze pro podpis)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) Elgamal (pouze pro šifrování)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (pouze pro šifrování)\n"
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (nastavit si vlastní použití)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (nastavit si vlastní použití)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "klÃ­Ä %s může mít délku v intervalu %u až %u bitů.\n"
+
+#: g10/keygen.c:1820
+#, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Jakou délku podklíÄe si pÅ™ejete? (%u) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Jakou délku klíÄe si pÅ™ejete? (%u) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Požadovaná délka klíÄe je %u bitů.\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Prosím urÄete, jak dlouho by klÃ­Ä mÄ›l platit.\n"
+" 0 = doba platnosti klíÄe není omezena\n"
+" <n> = doba platnosti klíÄe skonÄí za n dní\n"
+" <n>w = doba platnosti klíÄe skonÄí za n týdnů\n"
+" <n>m = doba platnosti klíÄe skonÄí za n mÄ›síců\n"
+" <n>y = doba platnosti klíÄe skonÄí za n let\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Prosím urÄete, jak dlouho by mÄ›l podpis platit.\n"
+" 0 = doba platnosti podpisu není omezena\n"
+" <n> = doba platnosti podpisu skonÄí za n dní\n"
+" <n>w = doba platnosti podpisu skonÄí za n týdnů\n"
+" <n>m = doba platnosti podpisu skonÄí za n mÄ›síců\n"
+" <n>y = doba platnosti podpisu skonÄí za n let\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "KlÃ­Ä je platný pro? (0) "
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Podpis je platný pro? (%s) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "neplatná hodnota\n"
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr "Platnost klíÄe nikdy neskonÄí\n"
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr "Platnost podpisu nikdy neskonÄí\n"
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "Platnost klíÄe skonÄí v %s\n"
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "Platnost podpisu skonÄí v %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Váš systém neumí zobrazit data po roce 2038.\n"
+"V každém případě budou data korektně zpracovávána do roku 2106.\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "Je to správně (a/N)? "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+"\n"
+"GnuPG potřebuje sestrojit uživatelské ID, aby bylo možné rozpoznat\n"
+"váš klíÄ.\n"
+"\n"
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Aby bylo možné rozpoznat váš klíÄ, musíte znát identifikátor uživatele;\n"
+"program jej složí z vašeho jména a příjmení, komentáře e-mailové adresy\n"
+"v tomto tvaru:\n"
+" „Magda Prochazkova (student) <magda@domena.cz>“\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Jméno a příjmení: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Neplatný znak ve jméně\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Jméno nemůže zaÄínat Äíslicí\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Jméno musí být dlouhé alespoň 5 znaků\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "E-mailová adresa: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Neplatná e-mailová adresa\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Komentář: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Neplatný znak v komentáři\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Používáte znakovou sadu „%s“.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Zvolil(a) jste tento identifikátor uživatele:\n"
+" „%s“\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "Do pole jméno nebo komentář nepište, prosím, e-mailovou adresu.\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr "Takový identifikátor uživatele již u tohoto klíÄe existuje!\n"
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "jJkKeEPpUu"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "ZmÄ›nit (J)méno, (K)omentář, (E)-mail nebo (U)konÄit? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr ""
+"ZmÄ›nit (J)méno, (K)omentář, (E)-mail, (P)okraÄovat dál nebo (U)konÄit "
+"program? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Nejdřív, prosím, opravte chybu\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Pro ochranu VaÅ¡eho tajného klíÄe musíte zadat heslo.\n"
+"\n"
+
+#: g10/keygen.c:2276
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+"Prosím, zadejte heslo, kterým ochráníte zálohu mimo kartu nového šifrovacího "
+"klíÄe."
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Nechcete heslo – to *není* dobrý nápad!\n"
+"DobÅ™e, budu pokraÄovat bez hesla. Kdykoliv můžete heslo zmÄ›nit použitím\n"
+"tohoto programu s parametrem „--edit-key“.\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Musíme vytvořit mnoho náhodných bajtů. Během vytváření můžete\n"
+"provádÄ›t nÄ›jakou jinou práci na poÄítaÄi (psát na klávesnici, pohybovat "
+"myší,\n"
+"používat disky); díky tomu má generátor lepší šanci získat dostatek "
+"entropie.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Vytváření klíÄe bylo zruÅ¡eno.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "zapisuji veÅ™ejný klÃ­Ä do „%s“\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "zapisuji tajný klÃ­Ä do „%s“\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "zapisuji tajný klÃ­Ä do „%s“\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "nenalezen zapisovatelný soubor veÅ™ejných klíÄů (pubring): %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "nenalezen zapisovatelný soubor tajných klíÄů (secring): %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "chyba pÅ™i zápisu do souboru veÅ™ejných klíÄů „%s“: %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "chyba pÅ™i zápisu do souboru tajných klíÄů „%s“: %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "veÅ™ejný a tajný klÃ­Ä byly vytvoÅ™eny a podepsány.\n"
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Tento klÃ­Ä nemůže být použitý pro Å¡ifrování. K vytvoÅ™ení\n"
+"sekundárního klíÄe pro tento úÄel můžete použít příkaz „--edit-key“.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "VytvoÅ™ení klíÄe se nepodaÅ™ilo: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"klÃ­Ä byl vytvoÅ™en %lu sekund v budoucnosti (doÅ¡lo ke zmÄ›nÄ› Äasu nebo\n"
+"je problém se systémovým Äasem)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"klÃ­Ä byl vytvoÅ™en %lu sekund v budoucnosti (doÅ¡lo ke zmÄ›nÄ› Äasu nebo\n"
+"je problém se systémovým Äasem)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "POZNÃMKA: vytvoÅ™ení podklíÄe pro klíÄe v3 není v souladu s OpenPGP\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "Opravdu vytvořit? (a/N) "
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "uložení klíÄe na kartu se nezdaÅ™ilo: %s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "nemohu vytvořit zálohu souboru „%s“: %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "POZNÃMKA: záloha klíÄe z karty uložena do „%s“\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "nikdy "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Kritická podepisovací politika: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Podepisovací politika: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr "Kriticky preferovaný keyserver: "
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Kritická podepisovací notace: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Podepisovací notace: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "soubor klíÄů (keyring)"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Otisk primárního klíÄe:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Otisk podklíÄe:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Otisk primárního klíÄe:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Otisk podklíÄe:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr " Otisk klíÄe ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr " Sériové Äíslo karty ="
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "přejmenování „%s“ na „%s“ se nezdařilo: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "VAROVÃNÃ: Existují dva soubory s tajnými informacemi.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s je beze změny\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s je nový\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Prosím, opravte tento možný bezpeÄnostní problém\n"
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "cache souboru klíÄů „%s“\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu klíÄů již uloženo v cache (%lu podpisů)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu klíÄů uloženo v cache (%lu podpisů)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: soubor klíÄů (keyring) vytvoÅ™en\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr "zahrnout do výsledku hledání odvolané klíÄe"
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr "zahrnout podklíÄe, když se hledá podle ID klíÄe"
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr "používat doÄasné soubory na pÅ™enos dat k modulům pro servery klíÄů"
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr "nemazat doÄasné soubory po jejich použití"
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr "automaticky získávat klíÄe pÅ™i ověřování podpisů"
+
+#: g10/keyserver.c:85
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "respektovat URL upÅ™ednostňovaných serverů klíÄů daného klíÄe"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr "respektovat PKA záznamy klíÄe pÅ™i získávání klíÄů"
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr "VAROVÃNÃ: volba „%s“ pro server klíÄů není na této platformÄ› úÄinná\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "zneplatněn"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "Vložte Äíslo (Äísla), „N“ pro další, nebo „Q“ pro konec > "
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "neplatný protokol serveru klíÄů (naÅ¡e %d!=obsluha %d)\n"
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "klÃ­Ä â€ž%s“ nebyl na serveru klíÄů nalezen\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "klÃ­Ä nebyl na serveru klíÄů nalezen\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "požaduji klÃ­Ä %s ze %s server %s\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "požaduji klÃ­Ä %s z %s\n"
+
+#: g10/keyserver.c:1205
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "vyhledávám jména na %s serveru %s\n"
+
+#: g10/keyserver.c:1208
+#, c-format
+msgid "searching for names from %s\n"
+msgstr "vyhledávám jména na serveru %s\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "posílám klÃ­Ä %s na %s server %s\n"
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "posílám klÃ­Ä %s na %s\n"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "vyhledávám „%s“ na %s serveru %s\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "vyhledávám „%s“ na serveru %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr "žádná operace se serverem klíÄů!\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr "VAROVÃNÃ: obsluha serveru klíÄů z jiné verze GnuPG (%s)\n"
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "server klíÄů neposlal VERSION\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "žádný server klíÄů není znám (použijte volbu --keyserver)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr "volání externího keyserver není v této verzi podporováno\n"
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "protokol serveru klíÄů „%s“ není podporován\n"
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr "akce „%s“ není podporována v protokolu „%s“ serveru klíÄů\n"
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "%s nepodporuje protokol verze %d\n"
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "Äasový limit pro server klíÄů vyprÅ¡el\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "interní chyba serveru klíÄů\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "chyba komunikace se serverem klíÄů: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "„%s“ není ID klíÄe: pÅ™eskoÄeno\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "VAROVÃNÃ: nelze aktualizovat klÃ­Ä %s prostÅ™ednictvím %s: %s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "aktualizuji 1 klÃ­Ä z %s\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "aktualizuji %d klíÄů z %s\n"
+
+#: g10/keyserver.c:1987
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "VAROVÃNÃ: URI %s nelze získat: %s\n"
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "VAROVÃNÃ: URI %s nelze rozebrat\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "podivná velikost Å¡ifrovacího klíÄe pro sezení (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s zaÅ¡ifrovaný klÃ­Ä sezení\n"
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "heslo (passphrase) generováno s použitím neznámého algoritmu %d\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "veÅ™ejný klÃ­Ä je %s\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "data zaÅ¡ifrována veÅ™ejným klíÄem: správný DEK\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "zaÅ¡ifrována %u-bitovým %s klíÄem, ID %s, vytvoÅ™eným %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " „%s“\n"
+
+# Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
+# [kw]
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "zaÅ¡ifrováno %s klíÄem, ID %s\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "deÅ¡ifrování veÅ™ejným klíÄem selhalo: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "zašifrováno s heslem %lu\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "zašifrováno jedním heslem\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "předpokládám %s šifrovaných dat\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+"algoritmus IDEA není dostupný; optimisticky se jej pokusíme nahradit "
+"algoritmem %s\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "dešifrování o.k.\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "VAROVÃNÃ: zpráva nebyla chránÄ›na proti poruÅ¡ení její integrity\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "VAROVÃNÃ: se zaÅ¡ifrovanou zprávou bylo manipulováno!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr "vymazané heslo zapamatované pro ID: %s\n"
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "dešifrování selhalo: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "POZNÃMKA: odesílatel požadoval („for-your-eyes-only“)\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "původní jméno souboru='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr "VAROVÃNÃ: zachyceno více prostých textů\n"
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr ""
+"samostatný revokaÄní certifikát – použijte „gpg --import“, chcete-li jej "
+"užít\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+msgid "no signature found\n"
+msgstr "nenalezen žádná podpis\n"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "verifikace podpisu potlaÄena\n"
+
+#: g10/mainproc.c:1587
+msgid "can't handle this ambiguous signature data\n"
+msgstr "neumím pracovat s tÄ›mito nejednoznaÄnými daty\n"
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "Podpis vytvořen %s\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " použití %s klíÄe %s\n"
+
+# Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Podpis vytvoÅ™en %s pomocí klíÄe %s s ID uživatele %s\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "KlÃ­Ä k dispozici na: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "ŠPATNà podpis od „%s“"
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Podpis s vypršenou platností od „%s“"
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "Dobrý podpis od „%s“"
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[nejistý]"
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " alias „%s“"
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Platnost podpisu skonÄila %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Platnost podpisu skonÄí %s\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "podpis %s, hashovací algoritmus %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "binární formát"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "textový formát"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "neznámý formát"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Nemohu ověřit podpis: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "toto není podpis oddělený od dokumentu\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr "VAROVÃNÃ: detekováno více podpisů. Kontrolován bude pouze první.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "samostatný podpis třídy 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "podpis starého typu (PGP 2.x)\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "nalezen neplatný kořenový paket v proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "fstat „%s“ selhal na %s: %s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "fstat(%d) selhal v %s: %s\n"
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "VAROVÃNÃ: používám experimentální algoritmus veÅ™ejného klíÄe %s\n"
+
+#: g10/misc.c:302
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "VAROVÃNÃ: Podepisovací a Å¡ifrovací klíÄe Elgamal se nedoporuÄují\n"
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "VAROVÃNÃ: používám experimentální Å¡ifrovací algoritmus %s\n"
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "VAROVÃNÃ: používám experimentální hashovací algoritmus %s\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "VAROVÃNÃ: vyžádaný algoritmus %s není doporuÄen\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "IDEA modul pro GnuPG nenalezen\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, c-format
+msgid "please see %s for more information\n"
+msgstr "více informací naleznete na adrese %s\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: použití parametru „%s“ se nedoporuÄuje\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "VAROVÃNÃ: používání parametru „%s“ se nedoporuÄuje\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "použijte místo něj „%s%s“ \n"
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "VAROVÃNÃ: používání příkaz „%s“ se nedoporuÄuje - nepoužívejte jej\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr "%s:%u: zastaralý parametr „%s“ – neúÄinkuje\n"
+
+#: g10/misc.c:787
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "VAROVÃNÃ: „%s“ je zastaralý parametr – neúÄinkuje\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "Nezkomprimováno"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr "nezkomprimováno|nic"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "tato zpráva nemusí být s %s použitelná\n"
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "nejednoznaÄné volby „%s“\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "neznámá volba „%s“\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Soubor „%s“ existuje. "
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "Přepsat (a/N)? "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: neznámá přípona\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Vložte nový název souboru"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "zapisuji do standardního výstupu\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "předpokládám podepsaná data v „%s“\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "vytvoÅ™en nový konfiguraÄní soubor „%s“\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "VAROVÃNÃ: nastavení z „%s“ nejsou pÅ™i tomto spuÅ¡tÄ›ní zatím aktivní\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "nemohu pracovat s algoritmem veÅ™ejného klíÄe %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr "VAROVÃNÃ: potencionálnÄ› nebezpeÄnÄ› symetricky zaÅ¡ifrován klÃ­Ä sezení\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "podpacket typu %d má nastavený kritický bit\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr "problém s agentem: %s\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr "(hlavní ID klíÄe %s)"
+
+#: g10/passphrase.c:358
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Prosím, zadejte heslo, abyste odemkl(a) tajný klÃ­Ä přísluÅ¡ející OpenPGP "
+"certifikátu:\n"
+"„%.*s“\n"
+"KlÃ­Ä o délce %u bitů, typ %s, ID %s\n"
+"vytvořený %s%s.\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Vložit heslo\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "zrušeno uživatelem\n"
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"Musíte znát heslo, abyste odemkl(a) tajný klÃ­Ä pro\n"
+"uživatele: „%s“\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "délka %u bitů, typ %s, klÃ­Ä %s, vytvoÅ™ený %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (podklÃ­Ä na hlavním klíÄi ID %s)"
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Vyberte obrázek, který bude použit jako Vaše fotografické ID. Obrázek musí\n"
+"být ve formátu JPEG. Nezapomeňte, že obrázek bude uložen ve Vašem veřejném\n"
+"klíÄi - velký obrázek bude mít za následek velmi velký veÅ™ejný klÃ­Ä !\n"
+"Vhodná velikost obrázku je asi 240x288.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Vložte jméno JPEG souboru s fotografickým ID: "
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "nelze otevřít JPEG soubor „%s“: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "Tento JPEG je opravdu velký (%d bajtů)!\n"
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Jste si jistý(á), že jej chcete použít? (a/N) "
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "„%s“ není soubor ve formátu JPEG\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Je tato fotografie správná (a/N/u)? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "nelze zobrazit photo ID!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Důvod nebyl specifikován"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "KlÃ­Ä je nahrazen"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "KlÃ­Ä byl zkompromitován"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "KlÃ­Ä se již nepoužívá"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "Identifikátor uživatele již neplatí"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "důvod pro revokaci: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "revokaÄní poznámka: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMuUsS"
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "Není přiřazena žádná hodnota důvěry:\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " alias „%s“\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "Nakolik důvěřujete tvrzení, že tento klÃ­Ä patří uvedenému uživateli?\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Nevím nebo neřeknu\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = Nedůvěřuji\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Důvěřuji absolutně\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " m = zpět do hlavního menu\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " s = pÅ™eskoÄit tento klíÄ\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " u = ukonÄit\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+"Minimální úroveň důvÄ›ry tohoto klíÄe je: %s\n"
+"\n"
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Vaše rozhodnutí? "
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Opravdu chcete nastavit pro tento klÃ­Ä absolutní důvÄ›ru? (a/N) "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certifikáty vedoucí k finálnímu důvÄ›ryhodnému klíÄi:\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr "%s: Nic nenaznaÄuje tomu, že tento klÃ­Ä patří uvedenému uživateli\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr "%s: Je zde ÄásteÄná důvÄ›ra, že tento klÃ­Ä patří uvedenému uživateli\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "Tento klÃ­Ä pravdÄ›podobnÄ› náleží uvedenému uživateli\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Tento klÃ­Ä náleží nám (máme odpovídající tajný klíÄ)\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"NENà jisté, zda tento klÃ­Ä patří osobÄ›, jejíž jméno je uvedeno\n"
+"v uživatelském ID. Pokud *skuteÄnÄ›* víte, co dÄ›láte, můžete na\n"
+"následující otázku odpovědět ano\n"
+"\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "Použít pÅ™esto tento klíÄ? (a/N) "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "VAROVÃNÃ: Je použit nedůvÄ›ryhodný klíÄ!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "VAROVÃNÃ: tento klÃ­Ä může být revokován (revokaÄní klÃ­Ä nenalezen)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "VAROVÃNÃ: Tento klÃ­Ä byl revokován klíÄem s pověřením k revokaci!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "VAROVÃNÃ: Tento klÃ­Ä byl revokován svým vlastníkem!\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " To může znamenat, že podpis je padělaný.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "VAROVÃNÃ: Tento podklÃ­Ä byl revokován svým vlastníkem!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Poznámka: Tento klÃ­Ä byl oznaÄen jako neplatný (disabled).\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr "Poznámka: Podepisovatelova ověřená adresa je „%s“\n"
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr "Poznámka: Podepisovatelova adresa „%s“ se neshoduje s DNS záznamem\n"
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr "úroveň důvěry opravena na PLNOU, kvůli platné PKA informaci\n"
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr "úroveň důvÄ›ry opravena na ŽÃDNOU, kvůli Å¡patné PKA informaci\n"
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Poznámka: SkonÄila platnost tohoto klíÄe!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "VAROVÃNÃ: Tento klÃ­Ä není certifikován důvÄ›ryhodným podpisem!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" Nic nenaznaÄuje tomu, že tento podpis patří vlastníkovi klíÄe.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "VAROVÃNÃ: NEDÅ®VĚŘUJEME tomuto klíÄi!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Tento podpis je pravdÄ›podobnÄ› PADÄšLANÃ.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"VAROVÃNÃ: Tento klÃ­Ä není certifikován dostateÄnÄ› důvÄ›ryhodnými podpisy!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Není jisté, zda tento podpis patří vlastníkovi.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: pÅ™eskoÄeno: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: pÅ™eskoÄeno: veÅ™ejný klÃ­Ä je již obsažen v databázi\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr ""
+"Nespecifikoval jste identifikátor uživatele (user ID). Můžete použít \"-r\"\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr "Aktuální příjemci:\n"
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"NapiÅ¡te identifikátor uživatele (user ID). UkonÄete prázdným řádkem: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Takový identifikátor uživatele neexistuje.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "pÅ™eskoÄeno: veÅ™ejný klÃ­Ä je už nastaven podle implicitního adresáta\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "VeÅ™ejný klÃ­Ä je neplatný (disabled).\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "pÅ™eskoÄeno: veÅ™ejný klÃ­Ä je již nastaven\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "neznámý implicitní adresát „%s“\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: pÅ™eskoÄeno: veÅ™ejný klÃ­Ä je neplatný (disabled)\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "žádné platné adresy\n"
+
+#: g10/pkclist.c:1503
+#, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "Poznámka: klíÄi %s chybí vlastnost %s\n"
+
+#: g10/pkclist.c:1528
+#, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "Poznámka: klíÄi %s chybí pÅ™edvolby pro %s\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+"data nebyla uložena; k jejich uložení použijte parametr příkazu „--output“\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Podpis oddělený od dokumentu.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Prosím, vložte název datového souboru: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "Ätu standardní vstup…\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "chybí podepsaná data\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "nemohu otevřít podepsaná data „%s“\n"
+
+#: g10/plaintext.c:607
+#, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "nemohu otevřít podepsaná data na fd=%d: %s\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "anonymní adresát; zkouším tajný klÃ­Ä %s…\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "o.k., my jsme anonymní adresát.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "staré kódování DEK není podporováno\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "šifrovací algoritmus %d%s je neznámý nebo je zneplatněn\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "VAROVÃNÃ: v pÅ™edvolbách příjemce nenalezen Å¡ifrovací algoritmus %s\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "POZNÃMKA: platnost tajného klíÄe %s skonÄila %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "POZNÃMKA: klÃ­Ä byl revokován"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "selhalo vytvoření paketu (build_packet): %s\n"
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "klÃ­Ä %s: chybí identifikátor uživatele\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Revokován:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Toto je citlivý revokaÄní klíÄ)\n"
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "VytvoÅ™it pro tento klÃ­Ä pověřený revokaÄní certifikát? (a/N)"
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "nařízen výstup do formátu ASCII.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "vytvoření podepisovacího paketu (make_keysig_packet) selhalo: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "RevokaÄní certifikát vytvoÅ™en.\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "pro „%s“ nebyl nalezen žádný revokaÄní klíÄ\n"
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "tajný klÃ­Ä â€ž%s“ nenalezen: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "neexistuje odpovídající veÅ™ejný klíÄ: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "veÅ™ejný klÃ­Ä neodpovídá tajnému klíÄi!\n"
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "VytvoÅ™it pro tento klÃ­Ä revokaÄní certifikát? (a/N) "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "neznámý kompresní algoritmus\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "POZNÃMKA: Tento klÃ­Ä není chránÄ›ný!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"RevokaÄní certifikát byl vytvoÅ™en.\n"
+"\n"
+"Prosím přeneste jej na médium, které můžete dobře schovat. Pokud se\n"
+"k tomuto certifikátu dostane nepovolaná osoba, může zneplatnit váš klíÄ.\n"
+"Je rozumné tento certifikát vytisknout a schovat jej pro případ, že\n"
+"medium s certifikátem pÅ™estane být Äitelné. Ale pozor: Tiskový subsystém\n"
+"na vaÅ¡em poÄítaÄi může ukládat data urÄená k tisku a zpřístupnit je\n"
+"jiným uživatelům!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Prosím vyberte důvod revokace:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Zrušit"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Pravděpodobně zda chcete vybrat %d)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Můžete vložit další popis. UkonÄete prázdným řádkem:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Důvod revokace: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(Nebyl zadán Žádný popis)\n"
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "Je důvod revokace vybrán správně? (a/N) "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "tajné Äásti klíÄe nejsou dostupné\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "ochranný algoritmus %d%s není podporován\n"
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "ochranný algoritmus %d není podporován\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Neplatné heslo; prosím, zkuste to znovu"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s…\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "VAROVÃNÃ: Objeven slabý klíÄ – změňte, prosím, znovu heslo.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"generuji _nevhodný_ 16-ti bitový kontrolní souÄet pro ochranu soukromého "
+"klíÄe\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "vytvoÅ™en slabý klíÄ – zkouším znovu\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"nemohu se vyvarovat slabého klíÄe pro symetrickou Å¡ifru; operaci jsem zkusil "
+"%d krát!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr "DSA vyžaduje, aby délka hashe byla násobkem 8 bitů\n"
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr "DSA klÃ­Ä %s používá nebezpeÄný (%ubitový) hash\n"
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr "DSA klÃ­Ä %s vyžaduje hash o délce %u bitů nebo více\n"
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "VAROVÃNÃ: konflikt hashe podpisu ve zprávÄ›\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "VAROVÃNÃ: podepisovací podklÃ­Ä %s není křížovÄ› certifikován\n"
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr "VAROVÃNÃ: podepisovací podklÃ­Ä %s má neplatnou křížovou certifikaci\n"
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "veÅ™ejný klÃ­Ä %s je o %lu sekund novÄ›jší než podpis\n"
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "veÅ™ejný klÃ­Ä %s je o %lu sekund novÄ›jší než podpis\n"
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"klÃ­Ä %s byl vytvoÅ™en %lu sekund v budoucnosti (doÅ¡lo ke zmÄ›nÄ› Äasu nebo\n"
+"je problém se systémovým Äasem)\n"
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"klÃ­Ä %s byl vytvoÅ™en %lu sekund v budoucnosti (doÅ¡lo ke zmÄ›nÄ› Äasu nebo\n"
+"je problém se systémovým Äasem)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "POZNÃMKA: podpisovému klíÄi %s skonÄila platnost %s\n"
+
+#: g10/sig-check.c:252
+#, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "POZNÃMKA: podpisový klÃ­Ä %s byl odvolán\n"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"pÅ™edpokládám Å¡patný podpis klíÄem %s, protože je nastaven neznámý kritický "
+"bit\n"
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "klÃ­Ä %s: neexistuje podklÃ­Ä pro revokaci podklíÄe\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "klÃ­Ä %s: podklÃ­Ä který je svázán s podpisem neexistuje\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"VAROVÃNÃ: nelze %%-expandovat notaci (příliÅ¡ dlouhé). Použity "
+"neexpandované.\n"
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"VAROVÃNÃ: nemohu %%-expandovat URL politiky (příliÅ¡ dlouhé). Použity "
+"neexpandované.\n"
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"VAROVÃNÃ: nemohu %%-expandovat URL preferovaného keyservery (příliÅ¡ dlouhé). "
+"Použity neexpandované.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "kontrola vytvořeného podpisu se nepodařila: %s\n"
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s podpis od: „%s“\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"v módu --pgp2 můžete vytvoÅ™it pouze oddÄ›lený podpis (detach-sign)s klíÄi "
+"formátu PGP-2.x\n"
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"VAROVÃNÃ: vyžádaný hashovací algoritmus %s (%d) nevyhovuje pÅ™edvolbám "
+"příjemce\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "podepisuji:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"v módu --pgp2 můžete vytvářet jen Äitelné podpisy s klíÄi formátu PGP-2.x\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "bude použito šifrování %s\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"klÃ­Ä není oznaÄen jako nedostateÄnÄ› bezpeÄný – nemohu jej použít s faleÅ¡ným "
+"RNG!\n"
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "pÅ™eskoÄen „%s“: duplikován\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "pÅ™eskoÄen „%s“: %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "pÅ™eskoÄeno: tajný klÃ­Ä je už v databázi\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"toto je PGP klÃ­Ä vygenerovaný podle algoritmu Elgamal,\n"
+"podpisy vytvoÅ™ené tímto klíÄem nejsou bezpeÄné!"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "záznam důvěry %lu, typ %d: zápis selhal: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Seznam přidělených hodnot důvěry, vytvořen %s\n"
+"# (Použijte „gpg --import-ownertrust“ k jeho obnově)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "chyba v „%s“: %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "řádek je příliš dlouhý"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr "sloupec schází"
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "neplatný otisk"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "schází hodnota důvěryhodnosti vlastníka"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "chyba při hledání záznamu důvěryhodnosti v „%s“: %s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "chyba pÅ™i Ätení v „%s“: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "databáze důvěry: synchronizace selhala %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "záznam v databázi důvěry %lu: lseek() se nepodařil: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "záznam v databázi důvěry %lu: zápis se nepodařil (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "transakce s databází důvěry je příliš dlouhá\n"
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "nemohu otevřít „%s“: %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: adresář neexistuje!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "nemohu vytvořit zámek pro „%s“\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "nelze zamknout „%s“\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: nepodařilo se vytvořit záznam verze: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: vytvořena neplatná databáze důvěry\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: databáze důvěry vytvořena\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "POZNÃMKA: do trustedb nezle zapisovat\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: neplatná databáze důvěry\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: nepodařilo se vytvořit hashovací tabulku: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: chyba při aktualizaci záznamu verze: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: chyba pÅ™i Ätení záznamu verze: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: chyba při zápisu záznamu verze: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "databáze důvěry: procedura lseek() selhala: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "databáze důvěry: procedura read() (n=%d) selhala: %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: není soubor databáze důvěry\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: záznam verze s Äíslem %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: neplatná verze souboru %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: chyba pÅ™i Ätení volného záznamu: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: chyba při zápisu adresářového záznamu: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: vynulování záznamu selhalo: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: přidání záznamu selhalo: %s\n"
+
+#: g10/tdbio.c:1512
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "Chyba: Databáze důvěry je poškozena.\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "nemohu pracovat s řádky delšími než %d znaků\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "vstupní řádek je delší než %d znaků\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "„%s“ není platný dlouhý keyID\n"
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "klÃ­Ä %s: akceptován jako důvÄ›ryhodný klíÄ\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "klÃ­Ä %s se v databázi důvÄ›ry vyskytuje více než jednou\n"
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "klÃ­Ä %s: nenalezen veÅ™ejný klÃ­Ä k důvÄ›ryhodnému klíÄi – pÅ™eskoÄeno\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "klÃ­Ä %s oznaÄen jako absolutnÄ› důvÄ›ryhodný.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "záznam důvÄ›ry %lu, typ pož. %d: Ätení selhalo: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "záznam důvěry %lu není požadovaného typu %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr "Databázi důvěry můžete zkusit znovu vytvořit pomocí těchto příkazů:\n"
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr "Pokud to nebude fungovat, prosím, nahlédněte do návodu\n"
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+"nelze použít neznámý model důvěry (%d) – předpokládáme použití modelu %s\n"
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr "použití modelu důvěry %s\n"
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+"14 fixní délka na kterou se překládá see trustdb.c:uid_trust_string_fixed"
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr "[ revokován ]"
+
+# TODO: use context to distinguish gender
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr "[ prošlý(á) ]"
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr "[ neznámá ]"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr "[nedefinovaná]"
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr "[ ÄásteÄná ]"
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr "[ plná ]"
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr "[ absolutní ]"
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr "nedefinována"
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr "žádná"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr "ÄásteÄná"
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr "plná"
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr "absolutní"
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "není nutné kontrolovat databázi důvěry\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "další kontrola databáze důvěry v %s\n"
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "není nutné kontrolovat databázi důvěry s modelem „%s“\n"
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "není nutné aktualizovat databázi důvěry s modelem „%s“\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "veÅ™ejný klÃ­Ä %s nebyl nalezen: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "prosím proveÄte --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "kontroluji databázi důvěry\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "zpracováno %d klíÄů (%d validit vymazáno)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "žádný absolutnÄ› důvÄ›ryhodný klÃ­Ä nebyl nalezen\n"
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "veÅ™ejný klÃ­Ä k absolutnÄ› důvÄ›ryhodnému klíÄi %s nebyl nalezen\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr "požadováno %d ÄásteÄné důvÄ›ry a %d úplné důvÄ›ry, model %s\n"
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+"hloubka: %d platných: %3d podepsaných: %3d důvěra: %d-, %dq, %dn, %dm, %"
+"df, %du\n"
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "nelze aktualizovat záznam v databázi důvěry: chyba při zápisu: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"podpis nebylo možné ověřit.\n"
+"Prosím, nezapomeňte, že soubor s podpisem (.sig nebo .asc)\n"
+"by měl být prvním souborem zadaným na příkazové řádce.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "vstupní řádek %u je příliš dlouhý nebo na konci chybí znak LF\n"
+
+#: g10/verify.c:253
+#, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "nemohu otevřít deskriptor %d: %s\n"
+
+#: jnlib/argparse.c:180
+msgid "argument not expected"
+msgstr "argument nebyl oÄekáván"
+
+#: jnlib/argparse.c:182
+msgid "read error"
+msgstr "chyba pÅ™i Ätení"
+
+#: jnlib/argparse.c:184
+msgid "keyword too long"
+msgstr "klíÄové slovo je příliÅ¡ dlouhé"
+
+#: jnlib/argparse.c:186
+msgid "missing argument"
+msgstr "postrádám argument"
+
+#: jnlib/argparse.c:188
+msgid "invalid command"
+msgstr "neplatný příkaz"
+
+#: jnlib/argparse.c:190
+msgid "invalid alias definition"
+msgstr "neplatný definice aliasu"
+
+#: jnlib/argparse.c:192
+msgid "out of core"
+msgstr "nedostatek paměti"
+
+#: jnlib/argparse.c:194
+msgid "invalid option"
+msgstr "neplatný parametr"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr "postrádám argument u volby „%.50s“\n"
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr "volba „%.50s“ neÄeká argument\n"
+
+#: jnlib/argparse.c:207
+#, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "neplatný příkaz „%.50s“\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr "volba „%s.50s“ není jednoznaÄná\n"
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr "příkaz „%.50s“ není jednoznaÄný\n"
+
+#: jnlib/argparse.c:213
+msgid "out of core\n"
+msgstr "nedostatek paměti\n"
+
+#: jnlib/argparse.c:215
+#, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "neplatný parametr „%.50s“\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "nalezena chyba v programu… (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, c-format
+msgid "error loading `%s': %s\n"
+msgstr "chyba při nahrávání „%s“: %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr "převod z „%s“ na „%s“ není k dispozici\n"
+
+#: jnlib/utf8conv.c:131
+#, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "iconv_open selhala: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "převod z „%s“ na „%s“ se nezdařil: %s\n"
+
+#: jnlib/dotlock.c:234
+#, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "nemohu vytvoÅ™it doÄasný soubor „%s“: %s\n"
+
+#: jnlib/dotlock.c:269
+#, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "chyba při zápisu do „%s“: %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr "odstraňuji starý zamykací soubor (vytvořil %d)\n"
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr " – asi mrtvý – odstraňuji zámek"
+
+#: jnlib/dotlock.c:469
+#, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "Äekám na zámek (drží ho %d%s) %s…\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr "(uváznutí?) "
+
+#: jnlib/dotlock.c:493
+#, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "zámek „%s“ nebyl vytvořen: %s\n"
+
+#: jnlib/dotlock.c:501
+#, c-format
+msgid "waiting for lock %s...\n"
+msgstr "Äekám na zámek %s…\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr "nastavit příznaky ladění"
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr "zapnout úplné ladění"
+
+#: kbx/kbxutil.c:117
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Použití: kbxutil [VOLBY] [SOUBORY] (-h pro nápovědu)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+"Syntaxe: kbxutil [VOLBY] [SOUBORY]\n"
+"vypisuje, exportuje, importuje schránku na klíÄe (keybox)\n"
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "schází RSA modulus nebo nemá velikost %d bitů\n"
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "schází veřejný RSA exponent nebo je delší než %d bitů\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "funkce PIN callback skonÄila chybou: %s\n"
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr "NullPIN ještě nebyl změněn\n"
+
+# TRANSLATORS: Do not translate the "|*|" prefixes but keep
+# them verbatim at the start of the string. */
+#: scd/app-nks.c:1092
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "|N|Prosím, zadejte nový PIN pro standardní klíÄe."
+
+#: scd/app-nks.c:1093
+msgid "||Please enter the PIN for the standard keys."
+msgstr "||Prosím, zadejte PIN pro standardní klíÄe."
+
+#: scd/app-nks.c:1099
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "|NP|Prosím, zadejte nový kód pro odblokování (PUK) standardních klíÄů."
+
+#: scd/app-nks.c:1101
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "|P|Prosím, zadejte kód pro odblokování (PUK) standardních klíÄů."
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+"|N|Prosím, zadejte nový PIN klíÄe urÄeného na tvorbu kvalifikovaných podpisů."
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+"||Prosím, zadejte PIN klíÄe urÄeného na tvorbu kvalifikovaných podpisů."
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|NP|Prosím, zadejte nový kód pro odblokování (PUK) klíÄe urÄeného na tvorbu "
+"kvalifikovaných podpisů."
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|NP|Prosím, zadejte kód pro odblokování (PUK) klíÄe urÄeného na tvorbu "
+"kvalifikovaných podpisů."
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "chyba při získání nového PINu: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "uložení otisku se nezdařilo: %s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "uložení data vytvoření se nezdařilo: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "Ätení veÅ™ejného klíÄe se nezdaÅ™ilo: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "odpovÄ›Ä neobsahuje veÅ™ejný klíÄ\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "odpovÄ›Ä neobsahuje RSA modulus\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "odpovÄ›Ä neobsahuje veÅ™ejný RSA exponent\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr "používám implicitní PIN jako %s\n"
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+"použití implicitního PINu jako %s selhalo: %s – vypínám jeho budoucí "
+"použití\n"
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||Prosím vložte PIN%%0A[podpis hotov: %lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+msgid "||Please enter the PIN"
+msgstr "||Prosím vložte PIN"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "PIN pro CHV%d je příliš krátký; minimální délka je %d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "ověření CHV%d se nezdařilo: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "chyba při získání CHV z karty\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "karta je trvale uzamÄena!\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+"Do trvalého uzamÄení karty zůstává %d pokusů o zadání PINu administrátora\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "|A|Prosím, zadejte PIN správce%%0A[zbývá pokusů: %d]"
+
+#: scd/app-openpgp.c:1680
+msgid "|A|Please enter the Admin PIN"
+msgstr "|A|Prosím, zadejte PIN správce"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "přístup k administrátorským příkazům není nakonfigurován\n"
+
+#: scd/app-openpgp.c:2035
+msgid "||Please enter the Reset Code for the card"
+msgstr "||Prosím, zadejte resetaÄní kód karty"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "ResetaÄní kód je příliÅ¡ krátký; minimální délka je %d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr "|RN|Nový resetaÄní kód"
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr "|AN|Nový PIN správce"
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr "|N|Nový PIN"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "chyba pÅ™i Ätení aplikaÄních dat\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "chyba pÅ™i Ätení otisku DO\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "klÃ­Ä již existuje\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "existující klÃ­Ä bude pÅ™epsán\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "generování nového klíÄe\n"
+
+#: scd/app-openpgp.c:2202
+msgid "writing new key\n"
+msgstr "nový klÃ­Ä se zapisuje\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr "chybí Äasové razítko vytvoÅ™ení\n"
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr "schází RSA prime %s nebo nemá velikost %d bitů\n"
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "nelze uložit klíÄ: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "prosím poÄkejte než bude klÃ­Ä vygenerován…\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "generování klíÄe se nezdaÅ™ilo\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "generování klíÄe dokonÄeno (%d sekund)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "neplatná struktura OpenPGP karty (DO 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr "otisk na kartě se neshoduje s požadovaným\n"
+
+#: scd/app-openpgp.c:3099
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "karta nepodporuje hashovací algoritmus %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "dosud vytvořené podpisy: %lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr "ověření PIN správce je nyní prostřednictvím tohoto příkazu zakázáno\n"
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "přístup na %s se nezdařil – vadná OpenPGP karta?\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr "||Prosím, zadejte svůj PIN na klávesnici ÄteÄky"
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr "|N|Prvotní nový PIN"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr "pracovat ve více serverové režimu (na popředí)"
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr "|ÚROVEŇ|nastavit úroveň ladění na ÚROVEŇ"
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+msgid "|FILE|write a log to FILE"
+msgstr "|SOUBOR|zapisovat protokol do SOUBORU"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr "|N|pÅ™ipojit se na ÄteÄku na portu N"
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "NÃZEV|použít NÃZEV jako ovladaÄ ct-API"
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "NÃZEV|použít NÃZEV jako ovladaÄ PC/SC"
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr "nepoužívat vnitÅ™ní ovladaÄ CCID"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr "|N|odpojovat se od karty po N sekundách neÄinnosti"
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr "nepoužívat klávesnici ÄteÄky"
+
+#: scd/scdaemon.c:144
+msgid "deny the use of admin card commands"
+msgstr "zakázat používání správcovských příkazů karty"
+
+#: scd/scdaemon.c:259
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Použití: scdaemon [možnosti] [SOUBORY] (-h pro nápovědu)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+"Syntaxe: scdaemon [VOLBY] [PŘÃKAZ [ARGUMENTY]]\n"
+"Démon pro Äipové karty (smartcard) pro GnuPG\n"
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+"prosím, použijte volbu „--daemon“, chcete-li nechat běžet program na pozadí\n"
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr "obsluha pro deskriptor %d spuštěna\n"
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr "obsluha pro deskriptor %d ukonÄena\n"
+
+#: sm/base64.c:325
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "neplatný radix64 znak %02x byl pÅ™eskoÄen\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "předání dotazu %s klientovi se nezdařilo\n"
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr "žádný dirmngr neběží – spouštím „%s“\n"
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "špatný formát proměnné prostředí DIRMNGR_INFO\n"
+
+#: sm/call-dirmngr.c:297
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "protokol dirmngr verze %d není podporován\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr "k dirmngr se nelze připojit – zkouším náhradní způsob\n"
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr "certifikátem vyžadovaný ověřovací model: %s"
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr "řetězený"
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+msgid "shell"
+msgstr "jednovrstvý"
+
+#: sm/certchain.c:258
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "kritické rozšíření certifikát %s není podporováno"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr "vydavatel certifikátu není oznaÄen jako CA"
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr "politika oznaÄená jako kritická bez nastavených politik"
+
+#: sm/certchain.c:345
+#, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "nemohu otevřít „%s“: %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr "poznámka: nekritické certifikaÄní politiky nejsou dovoleny"
+
+#: sm/certchain.c:357 sm/certchain.c:386
+msgid "certificate policy not allowed"
+msgstr "certifikaÄní politika není dovolena"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr "hledám vydavatele na jiném místě\n"
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr "poÄet odpovídajících vydavatelů: %d\n"
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr "hledám vydavatele ve vyrovnávací paměti Dirmngr\n"
+
+#: sm/certchain.c:585
+#, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "poÄet odpovídajících certifikátů: %d\n"
+
+#: sm/certchain.c:587
+#, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "hledání klíÄe pouze ve vyrovnávací pamÄ›ti dirmngr neuspÄ›lo: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+msgid "failed to allocated keyDB handle\n"
+msgstr "alokace popisovaÄe keyDB se nezdaÅ™ila\n"
+
+#: sm/certchain.c:925
+msgid "certificate has been revoked"
+msgstr "certifikát byl odvolán"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr "status certifikáty není znám"
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr "prosím, ujistěte se, že „dirmngr“ je správně nainstalován\n"
+
+#: sm/certchain.c:953
+#, c-format
+msgid "checking the CRL failed: %s"
+msgstr "kontrola CRL se nezdařila: %s"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "certifikát s neplatnou platností: %s"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr "certifikát jeÅ¡tÄ› nezaÄal platit"
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+msgid "root certificate not yet valid"
+msgstr "koÅ™enový certifikát jeÅ¡tÄ› nezaÄal platit"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr "mezilehlý certifikát jeÅ¡tÄ› nezaÄal platit"
+
+#: sm/certchain.c:1012
+msgid "certificate has expired"
+msgstr "certifikát je prošlý"
+
+#: sm/certchain.c:1013
+msgid "root certificate has expired"
+msgstr "kořenový certifikát je prošlý"
+
+#: sm/certchain.c:1014
+msgid "intermediate certificate has expired"
+msgstr "mezilehlý certifikát je prošlý"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr "chybí povinné atributy certifikátu: %s%s%s"
+
+#: sm/certchain.c:1065
+msgid "certificate with invalid validity"
+msgstr "certifikát s neplatnou platností"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr "podpis nebyl vytvořen v době životnosti certifikátu"
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr "certifikát nebyl vytvořen v době životnosti vydavatele"
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr "mezilehlý certifikát nebyl vytvořen v době životnosti vydavatele"
+
+#: sm/certchain.c:1109
+msgid " ( signature created at "
+msgstr " ( podpis vytvořen "
+
+#: sm/certchain.c:1110
+msgid " (certificate created at "
+msgstr " ( certifikát vytvořen "
+
+#: sm/certchain.c:1113
+msgid " (certificate valid from "
+msgstr " ( certifikát planý od "
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr " ( vydavatel platný od "
+
+#: sm/certchain.c:1144
+#, c-format
+msgid "fingerprint=%s\n"
+msgstr "otisk=%s\n"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr "koÅ™enový certifikát byl nyní oznaÄen za důvÄ›ryhodný\n"
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr "v gpg-agentu není povoleno interaktivní oznaÄování za důvÄ›ryhodný\n"
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr "interaktivní oznaÄovaní jako důvÄ›ryhodný je pro tuto relaci zakázáno\n"
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr "VAROVÃNÃ: datum vytvoÅ™ení podpisu není známo – pÅ™edpokládám souÄasnost"
+
+#: sm/certchain.c:1293
+msgid "no issuer found in certificate"
+msgstr "v certifikátu nebyl nalezen vydavatel"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr "certifikát podepsaný sám sebou má ŠPATNà podpis"
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr "koÅ™enový certifikát není oznaÄen jako důvÄ›ryhodný"
+
+#: sm/certchain.c:1448
+#, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "kontrola seznamu důvěry se nepodařila: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr "řetěz certifikátů je příliš dlouhý\n"
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr "vydavatel certifikátu nebyl nalezen"
+
+#: sm/certchain.c:1522
+msgid "certificate has a BAD signature"
+msgstr "certifikát má ŠPATNà podpis"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr "nalezen další možný odpovídající certifikát CA – zkouším znovu"
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr "řetězec certifikátů je delší, než je dovoleno CA (%d)"
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+msgid "certificate is good\n"
+msgstr "certifikát je v pořádku\n"
+
+#: sm/certchain.c:1645
+msgid "intermediate certificate is good\n"
+msgstr "mezilehlý certifikát je v pořádku\n"
+
+#: sm/certchain.c:1646
+msgid "root certificate is good\n"
+msgstr "kořenový certifikát je v pořádku\n"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr "přepínám do řetězeného modelu"
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr "použit ověřovací model: %s"
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr "%s klÃ­Ä používá nebezpeÄný (%ubitový) hash\n"
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr "%ubitový hash není platná pro %ubitový %s klíÄ\n"
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr "(toto je algoritmus MD2)\n"
+
+# none serial, none date
+#: sm/certdump.c:60 sm/certdump.c:143
+msgid "none"
+msgstr "žádný"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+msgid "[Error - invalid encoding]"
+msgstr "[Chyba – neplatné kódování]"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr "[Chyba – nedostatek paměti]"
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr "[Chyba – Žádné jméno]"
+
+#: sm/certdump.c:679 sm/certdump.c:738
+msgid "[Error - invalid DN]"
+msgstr "[Chyba – neplatné DN]"
+
+#: sm/certdump.c:948
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"PotÅ™ebujete heslo, abyste odemkl(a) tajný klÃ­Ä pro X.509 certifikát:\n"
+"„%s“\n"
+"sériové Äíslo %s, ID 0x%08lX,\n"
+"vytvořeno %s, platnost vyprší %s.\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr "žádný způsob užití neuveden – předpokládám všechna užití\n"
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "chyba pÅ™i získání informací o způsobu užití klíÄe: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr "certifikát neměl být použit pro certifikování\n"
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr "certifikát neměl být použit pro podepsání OCSP odpovědi\n"
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr "certifikát neměl použit pro šifrování\n"
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr "certifikát neměl být použit pro podepisování\n"
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr "certifikát není použitelný pro šifrování\n"
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr "certifikát není použitelný pro podepisování\n"
+
+#: sm/certreqgen.c:474
+#, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "řádek %d: neplatný algoritmus\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr "řádek %d: neplatná délka klíÄe %u (platná je %d až %d)\n"
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr "řádek %d: nezadán žádný název subjektu\n"
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr "řádek %d: neplatný název subjektu „%.*s“\n"
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr "řádek %d: neplatná název subjektu „%s“ na pozici %d\n"
+
+#: sm/certreqgen.c:534
+#, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "řádek %d: neplatná e-mailová adresa\n"
+
+#: sm/certreqgen.c:546
+#, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "řádek %d: chyba pÅ™i Ätení klíÄe „%s“ z karty: %s\n"
+
+#: sm/certreqgen.c:558
+#, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "řádek %d: chyba pÅ™i získávání klíÄe po keygripu „%s“: %s\n"
+
+#: sm/certreqgen.c:574
+#, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "řádek %d: generování klíÄe se nepodaÅ™ilo: %s <%s>\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+"Žádost o certifikát dokonÄíte tím, že zadáte heslo pro klíÄ, který jste "
+"právě vytvořili, ještě jednou.\n"
+
+#: sm/certreqgen-ui.c:158
+#, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA\n"
+
+#: sm/certreqgen-ui.c:159
+#, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) Existující klíÄ\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr " (%d) KlÃ­Ä existující na kartÄ›\n"
+
+#: sm/certreqgen-ui.c:202
+msgid "Enter the keygrip: "
+msgstr "Vložte keygrip: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr "Není platným keygripem (oÄekáváno 40 šestnáctkových Äíslic)\n"
+
+#: sm/certreqgen-ui.c:212
+msgid "No key with this keygrip\n"
+msgstr "KlÃ­Ä s takovým keygripem neexistuje\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, c-format
+msgid "error reading the card: %s\n"
+msgstr "chyba pÅ™i Ätení z karty: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "Sériové Äíslo karty: %s\n"
+
+#: sm/certreqgen-ui.c:245
+msgid "Available keys:\n"
+msgstr "Dostupné klíÄe:\n"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "Možné způsoby užití %s klíÄe:\n"
+
+#: sm/certreqgen-ui.c:277
+#, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) podepisovat, Å¡ifrovat\n"
+
+#: sm/certreqgen-ui.c:278
+#, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) podepisovat\n"
+
+#: sm/certreqgen-ui.c:279
+#, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) Å¡ifrovat\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr "Zadejte X.509 jméno subjektu: "
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr "Nebylo zadáno Žádné jméno\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr "Neplatné jméno subjektu „%.*s“\n"
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "Neplatné jméno subjektu „%s“\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr "25 délka předešlého řetězce: see certreg-ui.c:gpgsm_gencertreq_tty"
+
+#: sm/certreqgen-ui.c:334
+msgid "Enter email addresses"
+msgstr "Zadejte e-mailovou adresu"
+
+#: sm/certreqgen-ui.c:335
+msgid " (end with an empty line):\n"
+msgstr " (ukonÄete prázdným řádkem):\n"
+
+#: sm/certreqgen-ui.c:339
+msgid "Enter DNS names"
+msgstr "Zadejte DNS jména"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+msgid " (optional; end with an empty line):\n"
+msgstr " (volitelné; ukonÄete prázdným řádkem):\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr "Zadejte (několik) URI"
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr "Parametry, které budou použity v žádosti o certifikát:\n"
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr "Nyní vytvořím žádost o certifikát. To může chvíli trvat…\n"
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr "Hotovo. Nyní byste měli tuto žádost poslat svojí CA.\n"
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr "problém se zdroji: nedostatek paměti\n"
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr "(toto je algoritmus RC2)\n"
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr "(toto nevypadá jako zašifrovaná zpráva)\n"
+
+#: sm/delete.c:51 sm/delete.c:112
+#, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "certifikát „%s“ nebyl nenalezen: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, c-format
+msgid "error locking keybox: %s\n"
+msgstr "chyba pÅ™i zamykání schránky na klíÄe: %s\n"
+
+#: sm/delete.c:143
+#, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "smazat zdvojený certifikát „%s“\n"
+
+#: sm/delete.c:145
+#, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "certifikát „%s“ smazán\n"
+
+#: sm/delete.c:175
+#, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "smazání certifikátu „%s“ se nezdařilo: %s\n"
+
+#: sm/encrypt.c:321
+msgid "no valid recipients given\n"
+msgstr "(nebyli zadáni Žádní platní příjemci)\n"
+
+#: sm/gpgsm.c:197
+msgid "list external keys"
+msgstr "vypsat seznam externích klíÄů"
+
+#: sm/gpgsm.c:199
+msgid "list certificate chain"
+msgstr "vypsat řetěz certifikátů"
+
+#: sm/gpgsm.c:206
+msgid "import certificates"
+msgstr "importovat certifikáty"
+
+#: sm/gpgsm.c:207
+msgid "export certificates"
+msgstr "exportovat certifikáty"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr "zaregistrovat Äipovou kartu"
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr "předat příkaz do dirmngr"
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr "vyvolat gpg-protect-tool"
+
+#: sm/gpgsm.c:230
+msgid "create base-64 encoded output"
+msgstr "vytvářet výstup zakódovaný pomocí Base-64"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr "předpokládat vstup ve formátu PEM"
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr "předpokládat vstup ve formátu Base-64"
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr "předpokládat vstup v binárním formátu"
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr "použít systémový dirmngr, je-li dostupný"
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr "nikdy nenahlížet do  CRL"
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr "kontrolovat platnost pomocí OCSP"
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr "|N|poÄet certifikátů, které zahrnout"
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr "|SOUBOR|vzít politiky ze SOUBORU"
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr "nekontrolovat politiky certifikátu"
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr "stahovat chybějící certifikáty vydavatelů"
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "vůbec nepoužívat terminál"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr "|SOUBOR|zapisovat protokol režimu server do SOUBORU"
+
+#: sm/gpgsm.c:290
+msgid "|FILE|write an audit log to FILE"
+msgstr "|SOUBOR|zapisovat auditní protokol do SOUBORU"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "dávkový režim: nikdy se neptat"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "předpokládat ano na většinu otázek"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "předpokládat ne na většinu otázek"
+
+#: sm/gpgsm.c:298
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "|SOUBOR|pÅ™idat klíÄenku na seznam klíÄenek"
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|ID_UŽIVATELE|použít ID_UŽIVATELE jako implicitní tajný klíÄ"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|použít tento server pro dohledávání klíÄů"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NÃZEV|použít Å¡ifrovací algoritmus NÃZEV"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NÃZEV|použít hashovací algoritmus NÃZEV"
+
+#: sm/gpgsm.c:522
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Použití: gpgsm [VOLBY] [SOUBORY] (-h pro nápovědu)"
+
+#: sm/gpgsm.c:525
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntaxe: gpgsm [VOLBY] [SOUBORY]\n"
+"podepisuje, ověřuje, šifruje nebo dešifruje pomocí protokolu S/MIME\n"
+"implicitní operace závisí na vstupních datech\n"
+
+#: sm/gpgsm.c:617
+msgid "usage: gpgsm [options] "
+msgstr "užití: gpgsm [VOLBY] "
+
+#: sm/gpgsm.c:739
+#, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "POZNÃMKA: nebudu moci Å¡ifrovat pro „%s“: %s\n"
+
+#: sm/gpgsm.c:750
+#, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "neznámý režim ověřování „%s“\n"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: nebyl zadán název stroje\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: zadáno heslo bez uživatele\n"
+
+#: sm/gpgsm.c:841
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: přeskakuji tento řádek\n"
+
+#: sm/gpgsm.c:1376
+msgid "could not parse keyserver\n"
+msgstr "nelze rozebrat serveru klíÄů\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr "VAROVÃNÃ: pracuji s podvrženým systémovým Äasem: "
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "importuji běžné certifikáty „%s“\n"
+
+#: sm/gpgsm.c:1597
+#, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "nemohu podepsat pomocí „%s“: %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr "neplatný příkaz (neexistuje žádný implicitní příkaz)\n"
+
+#: sm/import.c:111
+#, c-format
+msgid "total number processed: %lu\n"
+msgstr "celkem zpracováno: %lu\n"
+
+#: sm/import.c:230
+msgid "error storing certificate\n"
+msgstr "chyba při ukládání certifikátu\n"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr "základní kontrola certifikátu selhala – neimportováno\n"
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+msgid "failed to allocate keyDB handle\n"
+msgstr "alokace popisovaÄe keyDB se nezdaÅ™ila\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "chyba při získání uložených příznaků: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, c-format
+msgid "error importing certificate: %s\n"
+msgstr "chyba při importování certifikátu: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, c-format
+msgid "error reading input: %s\n"
+msgstr "chyba pÅ™i Ätení vstupu: %s\n"
+
+#: sm/keydb.c:187
+#, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "chyba pÅ™i vytváření schránky na klíÄe (keybox) „%s“: %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr "možná byste chtěl(a) nejprve spustit gpg-agenta\n"
+
+#: sm/keydb.c:195
+#, c-format
+msgid "keybox `%s' created\n"
+msgstr "schránka na klíÄe (keybox) „%s“ vytvoÅ™ena\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+msgid "failed to get the fingerprint\n"
+msgstr "otisk se nepodařilo získat\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr "problém při hledání existujícího certifikátu: %s\n"
+
+#: sm/keydb.c:1348
+#, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "chyba při hledání zapisovatelné keyDB: %s\n"
+
+#: sm/keydb.c:1356
+#, c-format
+msgid "error storing certificate: %s\n"
+msgstr "chyba při ukládání certifikátu: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "problém při opakovaném hledání certifikátu: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, c-format
+msgid "error storing flags: %s\n"
+msgstr "chyba při ukládání příznaků: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr "Chyba – "
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr "GPG_TTY nebyla nastavena – použiji možná chybnou implicitní hodnotu\n"
+
+#: sm/qualified.c:105
+#, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "nesprávně formátovaný otisk v „%s“, řádek %d\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr "neplatný kód země v „%s“, řádek %d\n"
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+"Chystáte se vytvořit podpis pomocí svého certifikátu:\n"
+"„%s“\n"
+"Tímto vytvoříte kvalifikovaný podpis, který je dle zákona rovnocenný\n"
+"s podpisem vlastnoruÄním.\n"
+"\n"
+"%s%sJste si skuteÄnÄ› jistý(á), že to chcete udÄ›lat?"
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+"Vezměte na vědomí, že tento software není oficiálně schválený k vytváření "
+"nebo ověřování takových podpisů.\n"
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+"Chystáte se vytvořit podpis pomocí svého certifikátu:\n"
+"„%s“\n"
+"Vezměte na vědomí, že tento certifikát NEVYTVOŘà kvalifikovaný podpis!"
+
+#: sm/sign.c:449
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr ""
+"hashovací algoritmus %d (%s) podepisovatele %d není podporován; použiji %s\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr "hashovací algoritmus použitý pro podepisovatele %d: %s (%s)\n"
+
+#: sm/sign.c:513
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "kontrola kvalifikovaného certifikátu selhala: %s\n"
+
+#: sm/verify.c:449
+msgid "Signature made "
+msgstr "Podpis vytvořen "
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr "[datum neudáno]"
+
+#: sm/verify.c:454
+#, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr " pomocí certifikátu s ID 0x%08lX\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+"neplatný podpis: atribut otisku zprávy se neshoduje s vypoÄteným otiskem\n"
+
+#: sm/verify.c:594
+msgid "Good signature from"
+msgstr "Dobrý podpis od"
+
+#: sm/verify.c:595
+msgid " aka"
+msgstr " alias"
+
+#: sm/verify.c:613
+msgid "This is a qualified signature\n"
+msgstr "Toto je kvalifikovaný podpis\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+msgid "quiet"
+msgstr "struÄný výstup"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr "vypisovat data v šestnáctkové soustavě"
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr "dekódovat přijaté datové řádky"
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr "|NÃZEV|pÅ™ipojit se na socket Assuanu s NÃZVEM"
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr "spustit server Assuan zadaný na příkazové řádce"
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr "nepoužívat rozšířený režim připojení"
+
+#: tools/gpg-connect-agent.c:80
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|SOUBOR|spustit příkazy ze SOUBORU při startu"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr "spustit /subst při startu"
+
+#: tools/gpg-connect-agent.c:184
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Použití: gpg-connect-agent [VOLBY] [SOUBORY] (-h pro nápovědu)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+"Syntaxe: gpg-connect-agent [VOLBY]\n"
+"Připojí se na běžícího agenta a odesílá příkazy\n"
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr "volba „%s“ vyžaduje program a volitelné argumenty\n"
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr "volba „%s“ ignorovaná kvůli „%s“\n"
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, c-format
+msgid "receiving line failed: %s\n"
+msgstr "přijímání řádku se nezdařilo: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+msgid "line too long - skipped\n"
+msgstr "řádek je příliÅ¡ dlouhý – pÅ™eskoÄen\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr "řádek zkrácen, protože obsahoval znak \\0\n"
+
+#: tools/gpg-connect-agent.c:1743
+#, c-format
+msgid "unknown command `%s'\n"
+msgstr "neznámý příkaz „%s“\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, c-format
+msgid "sending line failed: %s\n"
+msgstr "odesílání řádku selhalo: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, c-format
+msgid "error sending %s command: %s\n"
+msgstr "chyba při odesílání příkazu %s: %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, c-format
+msgid "error sending standard options: %s\n"
+msgstr "chyba při odesílání standardního parametru: %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr "Volby ovlivňující diagnostický výstup"
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr "Volby ovlivňující nastavení"
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr "Volby užiteÄné pÅ™i ladÄ›ní"
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr "|SOUBOR|zapisuje protokol serverového režimu do SOUBORU"
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr "Volby ovlivňující bezpeÄnost"
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr "|N|zahazovat klíÄe SSH po N sekundách"
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr "|N|nastavit maximální životnost doÄasné pamÄ›ti pro PINy na N sekund"
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr "|N| nastavit maximální životnost klíÄů SSH na N sekund"
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr "Volby vynucující politiku hesel"
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr "nedovolit obejít politiku hesel"
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr "|N|nastavit minimální vyžadovanou délku nových hesel na N"
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr "|N|vyžaduje alespoň N nepísmenných znaků v novém hesle"
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr "|SOUBOR|prověřovat nová hesla proti vzorům v SOUBORU"
+
+#: tools/gpgconf-comp.c:557
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|omezit platnost hesla na N dnů"
+
+#: tools/gpgconf-comp.c:561
+msgid "do not allow the reuse of old passphrases"
+msgstr "nedovolit opakovat stará hesla"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NÃZEV|použít NÃZEV jako implicitní tajný klíÄ"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|JMÉNO|šifrovat rovněž pro uživatele s ID JMÉNO"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr "|SPEC|nastavit e-mailový alias"
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr "Nastavení serverů klíÄů"
+
+#: tools/gpgconf-comp.c:688
+msgid "|URL|use keyserver at URL"
+msgstr "|URL|používat server klíÄů na URL"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr "povolit dohledávání PKA (dotazy na DNS)"
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr "|METODA|používat METODU pro dohledávání klíÄů podle e-mailové adresy"
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr "zakázat veškerý přístup k dirmngr"
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NÃZEV|používat kódování NÃZEV pro PKCS#12 hesla"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr "neprověřovat kořenové certifikáty proti CRL"
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr "Volby ovlivňující podobu výstupu"
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr "Volby ovlivňující interaktivitu a vymáhání"
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr "Nastavení HTTP serverů"
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr "používat systémové nastavení HTTP proxy"
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr "Nastavení používaných LDAP serverů"
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr "Seznam LDAP serverů"
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr "Nastavení OCSP"
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr "Selhalo externí ověření komponenty %s"
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr "VezmÄ›te na vÄ›domí, že urÄení skupiny se ignoruje\n"
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr "vypsat všechny komponenty"
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr "zkontrolovat všechny programy"
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr "|KOMPONENTA|vypsat volby"
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr "|KOMPONENTA|změnit volby"
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr "|KOMPONENTA|zkontrolovat volby"
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr "Aplikovat globální implicitní hodnoty"
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr "získat adresáře s nastavením gpgconfu"
+
+#: tools/gpgconf.c:72
+msgid "list global configuration file"
+msgstr "vypsat globální konfiguraÄní soubor"
+
+#: tools/gpgconf.c:74
+msgid "check global configuration file"
+msgstr "zkontrolovat globální konfiguraÄní soubor"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "použít jako výstupní soubor"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr "provést změny za běhu, pokud to lze"
+
+#: tools/gpgconf.c:105
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Použití: gpgconf [VOLBY] (-h pro nápovědu)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+"Syntaxe: gpgconf [VOLBY]\n"
+"Spravuje konfiguraÄní volby nástrojů, které patří do systému GnuPG\n"
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+msgid "usage: gpgconf [options] "
+msgstr "použití: gpgconf [VOLBY] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr "PotÅ™ebuji jeden argument urÄující komponentu"
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+msgid "Component not found"
+msgstr "Komponenta nenalezena"
+
+#: tools/gpgconf.c:284
+msgid "No argument allowed"
+msgstr "Žádné argumenty nejsou povoleny"
+
+#: tools/symcryptrun.c:154
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@\n"
+"Příkazy:\n"
+" "
+
+#: tools/symcryptrun.c:156
+msgid "decryption modus"
+msgstr "dešifrovací modus"
+
+#: tools/symcryptrun.c:157
+msgid "encryption modus"
+msgstr "šifrovací modus"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr "třída nástrojů (Konfucius)"
+
+#: tools/symcryptrun.c:162
+msgid "program filename"
+msgstr "název souboru s programem"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr "soubor s tajným klíÄem (nezbytné)"
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr "název vstupního souboru (implicitně standardní vstup)"
+
+#: tools/symcryptrun.c:209
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Použití: symcryptrun [VOLBY] (-h pro nápovědu)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+"Syntaxe: symcryptrun --class TŘÃDA --program PROGRAM --keyfile SOUBOR "
+"[VOLBY…] PŘÃKAZ [VSTUPNÃ_SOUBOR]\n"
+
+#: tools/symcryptrun.c:281
+#, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s nad %s byl ukonÄen s kódem %i\n"
+
+#: tools/symcryptrun.c:288
+#, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "%s nad %s selhal s kódem %i\n"
+
+#: tools/symcryptrun.c:314
+#, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "nemohu vytvoÅ™it doÄasný adresář „%s“: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "%s nelze otevřít pro zápis: %s\n"
+
+#: tools/symcryptrun.c:382
+#, c-format
+msgid "error writing to %s: %s\n"
+msgstr "chyba při zápisu do %s: %s\n"
+
+#: tools/symcryptrun.c:389
+#, c-format
+msgid "error reading from %s: %s\n"
+msgstr "chyba pÅ™i Ätení z %s': %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, c-format
+msgid "error closing %s: %s\n"
+msgstr "chyba při zavírání chyba %s: %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr "nebyla zadána volba --program\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr "pouze --decrypt a --encrypt jsou podporovány\n"
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr "nebyla zadána volba --keyfile\n"
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr "nelze alokovat pole argumentů\n"
+
+#: tools/symcryptrun.c:529
+#, c-format
+msgid "could not create pipe: %s\n"
+msgstr "nelze vytvořit rouru: %s\n"
+
+#: tools/symcryptrun.c:536
+#, c-format
+msgid "could not create pty: %s\n"
+msgstr "nelze vytvořit PTY: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr "nelze se rozdvojit (fork): %s\n"
+
+#: tools/symcryptrun.c:580
+#, c-format
+msgid "execv failed: %s\n"
+msgstr "execv selhalo: %s\n"
+
+#: tools/symcryptrun.c:609
+#, c-format
+msgid "select failed: %s\n"
+msgstr "služba select() selhala: %s\n"
+
+#: tools/symcryptrun.c:626
+#, c-format
+msgid "read failed: %s\n"
+msgstr "Ätení selhalo: %s\n"
+
+#: tools/symcryptrun.c:678
+#, c-format
+msgid "pty read failed: %s\n"
+msgstr "Ätení z PTY selhalo: %s\n"
+
+#: tools/symcryptrun.c:730
+#, c-format
+msgid "waitpid failed: %s\n"
+msgstr "služba waitpid() selhala: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr "potomek byl ukonÄen s kódem %i\n"
+
+#: tools/symcryptrun.c:799
+#, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "nelze alokovat řetězec infile: %s\n"
+
+#: tools/symcryptrun.c:812
+#, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "nelze alokovat řetězec outfile: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr "musí být zadáno buÄ %s, nebo %s\n"
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr "nezadána žádná třída\n"
+
+#: tools/symcryptrun.c:1022
+#, c-format
+msgid "class %s is not supported\n"
+msgstr "třída %s není podporována\n"
+
+#: tools/gpg-check-pattern.c:145
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr ""
+"Použití: gpg-check-pattern [VOLBY] SOUBOR_SE_VZOREM (-h pro nápovědu)\n"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+"Syntaxe: gpg-check-pattern [VOLBY] SOUBOR_SE_VZOREM\n"
+"Prověří heslo zadané na vstupu proti souboru se vzory\n"
+
+#~ msgid "Command> "
+#~ msgstr "Příkaz> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr "databáze důvěry je poškozena; prosím spusťte „gpg --fix-trustdb“.\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr ""
+#~ "Chyby oznamte (anglicky), prosím, na adresu <gnupg-bugs@gnu.org>.\n"
+#~ "PÅ™ipomínky k pÅ™ekladu (Äesky) <translations.cs@gnupg.cz>.\n"
+
+#~ msgid "Please report bugs to "
+#~ msgstr ""
+#~ "PÅ™ipomínky k pÅ™ekladu hlaste (Äesky) na <translations.cs@gnupg.cz>,\n"
+#~ "chyby v programu (anglicky) na "
+
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "Pár DSA klíÄů DSA dlouhý %u bitů.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Opakovat heslo\n"
+
+#~ msgid "||Please enter your PIN at the reader's keypad%%0A[sigs done: %lu]"
+#~ msgstr ""
+#~ "||Prosím, zadejte svůj PIN na klávesnici ÄteÄky%%0A[podpis hotov: %lu]"
+
+#~ msgid "|A|Admin PIN"
+#~ msgstr "|A|PIN správce"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Je na Vás, abyste zde přiřadil(a) hodnotu; tato hodnota nebude nikdy\n"
+#~ "exportována tÅ™etí stranÄ›. PotÅ™ebujeme ji k implementaci \"pavuÄiny\n"
+#~ "důvÄ›ry\"; nemá to nic spoleÄného s (implicitnÄ› vytvoÅ™enou) \"pavuÄinou\n"
+#~ "certifikátů\"."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Aby bylo možné vybudovat pavuÄinu důvÄ›ry, musí GnuPG vÄ›dÄ›t, kterým "
+#~ "klíÄům\n"
+#~ "důvěřujete absolutnÄ› - obvykle to jsou ty klíÄe, pro něž máte přístup\n"
+#~ "k tajným klíÄům. OdpovÄ›zte \"ano\", abyste nastavili tyto klíÄe\n"
+#~ "jako absolutně důvěryhodné\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Pokud pÅ™esto chcete použít tento nedůvÄ›ryhodný klíÄ, odpovÄ›zte \"ano\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr "Vložte identifikátor adresáta, kterému chcete poslat zprávu."
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the Digital Signature Algorithm and can only be used\n"
+#~ "for signatures.\n"
+#~ "\n"
+#~ "Elgamal is an encrypt-only algorithm.\n"
+#~ "\n"
+#~ "RSA may be used for signatures or encryption.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of signing."
+#~ msgstr ""
+#~ "Vyberte algoritmus, který chcete použít.\n"
+#~ "\n"
+#~ "DSA (alias DSS) je Digital Signature Algorithm a může být použit pouze "
+#~ "pro\n"
+#~ "podepisování.\n"
+#~ "\n"
+#~ "Elgamal je pouze šifrovací algoritmus.\n"
+#~ "\n"
+#~ "RSA může být použit pro šifrování anebo podepisování.\n"
+#~ "\n"
+#~ "První (primární) klÃ­Ä musí být vždy klíÄ, pomocí kterého lze podepisovat."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "ObecnÄ› nelze doporuÄit používat stejný klÃ­Ä pro Å¡ifrování a podepisování\n"
+#~ "Tento algoritmus je vhodné použít jen za jistých podmínek.\n"
+#~ "Kontaktujte prosím nejprve bezpeÄnostního specialistu."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Vložte délku klíÄe"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Odpovězte \"ano\" nebo \"ne\""
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Vložte požadovanou hodnotu tak, jak je uvedeno v příkazovém řádku.\n"
+#~ "Je možné vložit datum ve formátu ISO (RRRR-MM-DD), ale nedostanete\n"
+#~ "správnou chybovou hlášku - místo toho systém zkusí interpretovat\n"
+#~ "zadanou hodnotu jako interval."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Vložte jméno držitele klíÄe"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr ""
+#~ "prosím, vložte e-mailovou adresu (nepovinné, ale velmi doporuÄované)"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Prosím, vložte nepovinný komentář"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N pro změnu názvu.\n"
+#~ "C pro změnu komentáře.\n"
+#~ "E pro změnu e-mailové adresy.\n"
+#~ "O pro pokraÄování generování klíÄe.\n"
+#~ "Q pro ukonÄení generování klíÄe."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr ""
+#~ "Jestliže chcete generovat podklíÄ, odpovÄ›zte \"ano\" (nebo jen \"a\")."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Než podepíšete id uživatele, mÄ›li byste nejprve ověřit, zda klíÄ\n"
+#~ "patří osobě, jejíž jméno je uvedeno v identifikátoru uživatele.\n"
+#~ "Je velmi užiteÄné, když ostatní vÄ›dí, jak důslednÄ› jste provedl(a)\n"
+#~ "takové ověření.\n"
+#~ "\n"
+#~ "\"0\" znamená, že neuvádíte, jak důslednÄ› jste pravost klíÄe ověřil(a) \n"
+#~ "\n"
+#~ "\"1\" znamená, že věříte tomu, že klÃ­Ä patří osobÄ›, která je uvedena,\n"
+#~ " v uživatelském ID, ale nemohl jste nebo jste neprověřil tuto "
+#~ "skuteÄnost.\n"
+#~ " To je užiteÄné pro \"osobní\" verifikaci, když podepisujete klíÄe, "
+#~ "které\n"
+#~ " používají pseudonym uživatele.\n"
+#~ "\n"
+#~ "\"2\" znamená, že jste ÄásteÄnÄ› ověřil pravost klíÄe. NapÅ™. jste ověřil\n"
+#~ " otisk klíÄe a zkontroloval identifikátor uživatele\n"
+#~ " uvedený na klíÄi s fotografickým id.\n"
+#~ "\n"
+#~ "\"3\" Znamená, že jste provedl velmi peÄlivÄ› ověření pravosti klíÄe.\n"
+#~ " To může například znamenat, že jste ověřil otisk klíÄe \n"
+#~ " jeho vlastníka osobně a dále jste pomocí obtížně padělatelného \n"
+#~ " dokumentu s fotografií (například pasu) ověřil, že jméno majitele\n"
+#~ " klíÄe se shoduje se jménem uvedeným v uživatelském ID a dále jste \n"
+#~ " ověřil (výměnou elektronických dopisů), že elektronické adresa "
+#~ "uvedená \n"
+#~ " v ID uživatele patří majiteli klíÄe.\n"
+#~ "\n"
+#~ "Prosím nezapomeňte, že příklady uvedené pro úroveň 2 a 3 jsou *pouze*\n"
+#~ "příklady.\n"
+#~ "Je jen na VaÅ¡em rozhodnutí co \"ÄásteÄné\" a \"peÄlivé\" ověření znamená\n"
+#~ "když budete podepisovat klíÄe jiným uživatelům.\n"
+#~ "\n"
+#~ "Pokud nevíte, jaká je správná odpovÄ›Ä, odpovÄ›zte \"0\"."
+
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr ""
+#~ "Pokud chcete podepsat VŠECHNY identifikátory uživatelů, odpovězte \"ano\""
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Pokud opravdu chcete smazat tento identifikátor uživatele, odpovězte \"ano"
+#~ "\".\n"
+#~ "Všechny certifikáty budou také ztraceny!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "OdpovÄ›zte \"ano\", pokud chcete smazat podklíÄ"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Toto je platný podpis klíÄe; normálnÄ› nechcete tento podpis smazat,\n"
+#~ "protože může být důležitý pÅ™i vytváření důvÄ›ry klíÄe nebo jiného klíÄe\n"
+#~ "certifikovaného tímto klíÄem."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Tento podpis nemůže být ověřen, protože nemáte odpovídající veřejný "
+#~ "klíÄ.\n"
+#~ "Jeho smazání byste mÄ›l(a) odložit do doby, než budete znát, který klíÄ\n"
+#~ "byl použit, protože tento podepisovací klÃ­Ä může vytvoÅ™it důvÄ›ru\n"
+#~ "prostÅ™ednictvím jiného již certifikovaného klíÄe."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr "Podpis je neplatný. Je rozumné ho odstranit z VaÅ¡eho souboru klíÄů."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Toto je podpis, který váže identifikátor uživatele ke klíÄi. Obvykle\n"
+#~ "není dobré takový podpis odstranit. GnuPG nemůže tento klÃ­Ä nadále\n"
+#~ "používat. UdÄ›lejte to jenom v případÄ›, kdy je tento podpis klíÄe\n"
+#~ "jím samým z nÄ›jakého důvodu neplatný a kdy je k dipozici klÃ­Ä jiný."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "ZmÄ›nit pÅ™edvolby pro vÅ¡echny uživatelské ID (nebo pouze pro oznaÄené)\n"
+#~ "na aktuální seznam pÅ™edvoleb. ÄŒasová razítka vÅ¡ech dotÄených podpisů\n"
+#~ "klíÄů jimi samotnými budou posunuty o jednu vteÅ™inu dopÅ™edu.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "Prosím, vložte heslo; toto je tajná věta \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr ""
+#~ "Prosím, zopakujte poslední heslo, abyste si byl(a) jistý(á), co jste \n"
+#~ " napsal(a)."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Zadejte název souboru, ke kterému se podpis vztahuje"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Pokud si přejete přepsání souboru, odpovězte \"ano\""
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Prosím, vložte nový název souboru. Pokud pouze stisknete RETURN, bude\n"
+#~ "použit implicitní soubor (který je ukázán v závorkách)."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Měl(a) byste specifikovat důvod certifikace. V závislosti na kontextu\n"
+#~ "máte možnost si vybrat ze seznamu:\n"
+#~ " \"KlÃ­Ä byl kompromitován\"\n"
+#~ " Toto použijte, pokud si myslíte, že k vaÅ¡emu tajnému klíÄi získaly\n"
+#~ " přístup neoprávněné osoby.\n"
+#~ " \"KlÃ­Ä je nahrazen\"\n"
+#~ " Toto použijte, pokud jste tento klÃ­Ä nahradil(a) novÄ›jším klíÄem.\n"
+#~ " \"KlÃ­Ä se již nepoužívá\"\n"
+#~ " Toto použijte, pokud tento klÃ­Ä již nepoužíváte.\n"
+#~ " \"Identifikátor uživatele už není platný\"\n"
+#~ " Toto použijte, pokud by se identifikátor uživatele už neměl "
+#~ "používat;\n"
+#~ " normálnÄ› se používá k oznaÄení neplatné e-mailové adresy.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Pokud chcete, můžete vložit text popisující původ vzniku tohoto "
+#~ "revokaÄního\n"
+#~ "certifikátu. Prosím, struÄnÄ›. \n"
+#~ "Text konÄí prázdným řádkem.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "notaci (notation) nelze uložit ve formátu v3 podpisu (formát PGP 2.x)\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr ""
+#~ "notaci (notation) nelze uložit jako v3 podpis klíÄe (formát PGP 2.x)\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "URL politiky nelze uložit ve formátu v3 podpisu (formát PGP 2.x)\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr "nelze uložit URL politiky do podpisu v3 klíÄem (formát PGP 2.x)\n"
+
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr ""
+#~ "šifra „%s“ nebyla nahrána, protože přístupová práva nejsou nastavena "
+#~ "bezpeÄnÄ›\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA požaduje použití 160-ti bitového hashovacího algoritmu\n"
+
+#~ msgid ".\n"
+#~ msgstr ".\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "problém s agentem - používání agenta vypnuto\n"
+
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "v dávkovém režimu se nelze ptát na heslo\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Vložte heslo: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Opakujte heslo: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [id uživatele] [soubor s klíÄi (keyring)]"
+
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "nemohu vygenerovat prvoÄíslo s pbits=%u qbits=%u\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "nemohu vygenerovat prvoÄíslo s ménÄ› než %d bity\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "nebyl detekován žádný modul pro získání entropie\n"
+
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "„%s“ nelze zamknout: %s\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "nemohu použít příkaz stat na „%s“: %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "„%s“ není normální soubor - ignoruji\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "poznámka: soubor random_seed je prázdný\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr "VAROVÃNÃ: neplatná velikost random_seed - soubor nepoužit\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "nemohu Äíst „%s“: %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "poznámka: soubor random_seed není aktualizován\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "nemohu zapisovat do „%s“: %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "nemohu zavřít „%s“: %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "VAROVÃNÃ: použitý generátor náhodných Äísel není bezpeÄný!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Generátor náhodných Äísel je pouze atrapa, aby program mohl běžet,\n"
+#~ "v žádném případÄ› není kryptograficky bezpeÄný!\n"
+#~ "\n"
+#~ "NEPOUŽÃVEJTE JAKÃKOLIV DATA VYTVOŘENà TÃMTO PROGRAMEM!!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Prosím Äekejte, je nutné získat dostatek entropie. Aby jste se nenudili,\n"
+#~ "můžete na poÄítaÄi dÄ›lat nÄ›co jiného, zvýšíte tak kvalitu entropie.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Nedostatek náhodných bajtů. Prosím, pracujte s operaÄním systémem, "
+#~ "abyste\n"
+#~ "mu umožnili získat více entropie (je potřeba %d bajtů).\n"
+
+#~ msgid "card reader not available\n"
+#~ msgstr "ÄteÄka karet není dostupná\n"
+
+#~ msgid "Please insert the card and hit return or enter 'c' to cancel: "
+#~ msgstr ""
+#~ "Prosím vložte kartu a stiskněte enter. Operaci zrušíte stisknutím 'z': "
+
+#~ msgid "Hit return when ready or enter 'c' to cancel: "
+#~ msgstr ""
+#~ "Je-li nová karta připravena, stiskněte enter. Operaci zrušíte stisknutím "
+#~ "'z': "
+
+#~ msgid "Enter New Admin PIN: "
+#~ msgstr "Vložte nový PIN administrátora: "
+
+#~ msgid "Enter New PIN: "
+#~ msgstr "Vložte nový PIN: "
+
+#~ msgid "Enter Admin PIN: "
+#~ msgstr "Vložte PIN administrátora: "
+
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "POZNÃMKA: %s není v této verzi dostupné\n"
+
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr " algoritmy těchto ID uživatelů:\n"
+
+#~ msgid "general error"
+#~ msgstr "obecná chyba"
+
+#~ msgid "unknown packet type"
+#~ msgstr "neznámý typ paketu"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "neznámý algoritmus veÅ™ejného klíÄe"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "neznámý hashovací algoritmus"
+
+#~ msgid "bad public key"
+#~ msgstr "Å¡patný veÅ™ejný klíÄ"
+
+#~ msgid "bad secret key"
+#~ msgstr "Å¡patný tajný klíÄ"
+
+#~ msgid "bad signature"
+#~ msgstr "špatný podpis"
+
+#~ msgid "checksum error"
+#~ msgstr "chyba kontrolního souÄtu"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "nemohu otevřít soubor klíÄů"
+
+#~ msgid "invalid packet"
+#~ msgstr "neplatný paket"
+
+#~ msgid "invalid armor"
+#~ msgstr "neplatný způsob reprezentace v ASCII"
+
+#~ msgid "no such user id"
+#~ msgstr "neexistuje uživatel s tímto id"
+
+#~ msgid "secret key not available"
+#~ msgstr "tajný klÃ­Ä není dostupný"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "je použit Å¡patný tajný klíÄ"
+
+#~ msgid "not supported"
+#~ msgstr "nepodporováno"
+
+#~ msgid "bad key"
+#~ msgstr "Å¡patný klíÄ"
+
+#~ msgid "file write error"
+#~ msgstr "chyba při zápisu souboru"
+
+#~ msgid "file open error"
+#~ msgstr "chyba při otvírání souboru"
+
+#~ msgid "file create error"
+#~ msgstr "chyba při vytváření souboru"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "nesprávné heslo"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "algoritmus veÅ™ejného klíÄe není implementován"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "šifrovací algoritmus není implementován"
+
+#~ msgid "unknown signature class"
+#~ msgstr "neznámá třída podpisu"
+
+#~ msgid "trust database error"
+#~ msgstr "chyba v databázi důvěry"
+
+#~ msgid "resource limit"
+#~ msgstr "omezení zdrojů"
+
+#~ msgid "invalid keyring"
+#~ msgstr "neplatný soubor klíÄů"
+
+#~ msgid "malformed user id"
+#~ msgstr "špatný formát id uživatele"
+
+#~ msgid "file close error"
+#~ msgstr "chyba při zavírání souboru"
+
+#~ msgid "file rename error"
+#~ msgstr "chyba při přejmenování souboru"
+
+#~ msgid "file delete error"
+#~ msgstr "chyba při mazání souboru"
+
+#~ msgid "unexpected data"
+#~ msgstr "neoÄekávaná data"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "konflikt Äasového razítka"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "nepoužitelný algoritmus s veÅ™ejným klíÄem"
+
+#~ msgid "file exists"
+#~ msgstr "soubor existuje"
+
+#~ msgid "weak key"
+#~ msgstr "slabý klíÄ"
+
+#~ msgid "bad URI"
+#~ msgstr "špatné URI"
+
+#~ msgid "unsupported URI"
+#~ msgstr "toto URI není podporováno"
+
+#~ msgid "network error"
+#~ msgstr "chyba sítě"
+
+#~ msgid "not processed"
+#~ msgstr "nezpracováno"
+
+#~ msgid "unusable public key"
+#~ msgstr "nepoužitelný veÅ™ejný klíÄ"
+
+#~ msgid "unusable secret key"
+#~ msgstr "nepoužitelný tajný klíÄ"
+
+#~ msgid "keyserver error"
+#~ msgstr "chyba serveru klíÄů"
+
+#~ msgid "no card"
+#~ msgstr "žádná karta"
+
+#~ msgid "no data"
+#~ msgstr "žádná data"
+
+#~ msgid "ERROR: "
+#~ msgstr "CHYBA: "
+
+#~ msgid "WARNING: "
+#~ msgstr "VAROVÃNÃ: "
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... toto je chyba v programu (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "VAROVÃNÃ: Používaná paměť není bezpeÄná!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "provést operaci není možné bez inicializované bezpeÄné pamÄ›ti\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(pravděpodobně jste pro tento úkol použili nesprávný program)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr ""
+#~ "více informací naleznete v dokumentu http://www.gnupg.cz/why-not-idea."
+#~ "html\n"
+
+#~ msgid "expired: %s)"
+#~ msgstr "platnost skonÄila: %s)"
+
+#~ msgid "this command has not yet been implemented\n"
+#~ msgstr "tento příkaz ještě nebyl implementován\n"
diff --git a/po/da.gmo b/po/da.gmo
new file mode 100644
index 0000000..994558c
--- /dev/null
+++ b/po/da.gmo
Binary files differ
diff --git a/po/da.po b/po/da.po
new file mode 100644
index 0000000..dbbc67a
--- /dev/null
+++ b/po/da.po
@@ -0,0 +1,9298 @@
+# Dansk oversættelse af: / Danish translation of: GnuPG
+# Copyright (C) 2000 Free Software Foundation, Inc.
+# Birger Langkjer <birger.langkjer@image.dk>, 2000.
+# !-- user unknown (2011-01-11)
+# Kenneth Christiansen -- kenneth@ripen.dk, 2000.
+# -- puh'ha denne er lang...nå men det går da fremad ;-)
+#
+# Designated-Translator: none
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.0.0h\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2003-12-03 16:11+0100\n"
+"Last-Translator: Birger Langkjer <birger.langkjer@image.dk>\n"
+"Language-Team: Danish <dansk@klid.dk>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-1\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+# er det klogt at oversætte TrustDB?
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "kunne ikke initialisere TillidsDB: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr ""
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+msgid "PIN too long"
+msgstr ""
+
+#: agent/call-pinentry.c:800
+msgid "Passphrase too long"
+msgstr ""
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Ugyldige bogstaver i navn\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "dårlig mpi"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "dårlig kodesætning"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "dårlig kodesætning"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "valgte cifferalgoritme %d er ugyldig\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, fuzzy, c-format
+msgid "can't create `%s': %s\n"
+msgstr "kan ikke oprette %s: %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "kan ikke åbne '%s': %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "skriver hemmeligt certifikat til '%s'\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "fjernelse af beskyttelse fejlede: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr ""
+"Du skal bruge en kodesætning til at beskytte din hemmelige nøgle.\n"
+"\n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "ændr kodesætningen"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"Du skal bruge en kodesætning til at beskytte din hemmelige nøgle.\n"
+"\n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+# er det klogt at oversætte TrustDB?
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "kunne ikke initialisere TillidsDB: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+#, fuzzy
+msgid "Admin PIN"
+msgstr "Indtast bruger-id: "
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Gentag kodesætning: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Gentag kodesætning: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Gentag kodesætning: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "kodesætningen blev ikke ordentlig gentaget; prøv igen.\n"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "kodesætningen blev ikke ordentlig gentaget; prøv igen.\n"
+
+#: agent/divert-scd.c:298
+#, fuzzy
+msgid "PIN not correctly repeated; try again"
+msgstr "kodesætningen blev ikke ordentlig gentaget; prøv igen.\n"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr ""
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "skriver til `%s'\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "Indtast kodesætning: "
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Brug denne nøgle alligevel? "
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"Du skal bruge en kodesætning til at beskytte din hemmelige nøgle.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "ændr kodesætningen"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Indstillinger:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "meddelsom"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "vær mere stille"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "|FILE|indlæs udvidelsesmodul FILE"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "eksportér nøgler til en nøgletjener"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr "Generér en annullérbar certifikat"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "opdatér tillidsdatabasen"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Rapportér venligst fejl til <gnupg-bugs@gnu.org>.\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "NOTITS: ingen standard alternativfil '%s'\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "alternativfil`%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "læser indstillinger fra `%s'\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, fuzzy, c-format
+msgid "error creating `%s': %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, fuzzy, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "%s: kan ikke oprette mappe: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "kan ikke oprette %s: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, fuzzy, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "certifikatlæseproblem: %s\n"
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "signering fejlede: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "skriver hemmeligt certifikat til '%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, fuzzy, c-format
+msgid "directory `%s' created\n"
+msgstr "%s: mappe oprettet\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "kan ikke åbne %s: %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "%s: kan ikke oprette mappe: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "%s: udelod: %s\n"
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, fuzzy, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "valgte cifferalgoritme %d er ugyldig\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Kommandoer:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Indstillinger:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr ""
+
+#: agent/protect-tool.c:1167
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr ""
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "dårlig kodesætning"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+msgid "cancelled\n"
+msgstr ""
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "%s: bruger ikke fundet: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "hemmelig nøgle ikke tilgængelig"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "panser: %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "ja"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "ændr kodesætningen"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "kan ikke åbne %s: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "%s: bruger ikke fundet\n"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr ""
+
+#: common/simple-pwquery.c:395
+#, fuzzy, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "kan ikke åbne '%s': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr ""
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr ""
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+msgid "canceled by user\n"
+msgstr ""
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr ""
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "kan ikke slå core-dump fra: %s\n"
+
+#: common/sysutils.c:200
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr ""
+
+#: common/sysutils.c:232
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "ja"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "jJ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "n"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "afslut"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "aA"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+#, fuzzy
+msgid "cC"
+msgstr "c"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "Godt certifikat"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "Godt certifikat"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "Godt certifikat"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "Godt certifikat"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "Godt certifikat"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "Godt certifikat"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "certifikatlæseproblem: %s\n"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr "Godt certifikat"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "Ingen hjælp tilgængelig"
+
+#: common/audit.c:767
+msgid "Session key created"
+msgstr ""
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "panser: %s\n"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Understøttede algoritmer:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "ikke krypteret"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "ugyldig hash-algoritme `%s'\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Denne nøgle er ikke beskyttet.\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "ugyldig hash-algoritme `%s'\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "valgte cifferalgoritme %d er ugyldig\n"
+
+#: common/audit.c:993
+msgid "Data verification succeeded"
+msgstr ""
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "Denne nøgle er ikke beskyttet.\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "God signatur fra \""
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "ugyldig hash-algoritme `%s'\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "Denne nøgle er ikke beskyttet.\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "certifikatlæseproblem: %s\n"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr "Godt certifikat"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "Godt certifikat"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Ingen hjælp tilgængelig"
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "Godt certifikat"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "Godt certifikat"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "ukendt version"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "Ingen hjælp tilgængelig for `%s'"
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "fejl i trailerlinie\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "ukendt version"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "panser: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "ugyldigt panserhoved: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "panserhoved: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr ""
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "panserhoved: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr ""
+
+#: g10/armor.c:643
+#, fuzzy
+msgid "unexpected armor: "
+msgstr "uforventet beskyttelse:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr ""
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, fuzzy, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "ugyldigt radix64 tegn %02x udeladt\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "for tidlig eof (ingen CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "for tidlig eof (i CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "dårlig CRC\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, fuzzy, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "CRC fejl; %06lx - %06lx\n"
+
+#: g10/armor.c:919
+#, fuzzy
+msgid "premature eof (in trailer)\n"
+msgstr "for tidlig eof (i trailer)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "fejl i trailerlinie\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "ingen gyldig OpenPGP data fundet.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "ugyldigt panser: linie længere end %d tegn\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr "quoted printable-tegn i panser - måske pga. en fejlbehæftet MTA\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+
+#: g10/build-packet.c:988
+#, fuzzy
+msgid "a user notation name must contain the '@' character\n"
+msgstr "en notationsværdi må ikke bruge nogen kontroltegn\n"
+
+#: g10/build-packet.c:994
+#, fuzzy
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "en notationsværdi må ikke bruge nogen kontroltegn\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "en notationsværdi må ikke bruge nogen kontroltegn\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+#, fuzzy
+msgid "WARNING: invalid notation data found\n"
+msgstr "ingen gyldig OpenPGP data fundet.\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr ""
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, fuzzy, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "hemmelig nøgle ikke tilgængelig"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr ""
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr ""
+
+#: g10/card-util.c:106
+msgid "This command is only available for version 2 cards\n"
+msgstr ""
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "hemmelig nøgle ikke tilgængelig"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Dit valg? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr ""
+
+#: g10/card-util.c:512
+#, fuzzy
+msgid "male"
+msgstr "slåtil"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "female"
+msgstr "slåtil"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr ""
+
+#: g10/card-util.c:540
+#, fuzzy
+msgid "not forced"
+msgstr "ikke bearbejdet"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr ""
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr ""
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr ""
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr ""
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:693
+#, fuzzy
+msgid "URL to retrieve public key: "
+msgstr "skriver offentligt certifikat til '%s'\n"
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr ""
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:1005
+#, fuzzy
+msgid "Language preferences: "
+msgstr "vis præferencer"
+
+#: g10/card-util.c:1013
+#, fuzzy
+msgid "Error: invalid length of preference string.\n"
+msgstr "Ugyldige bogstaver i navn\n"
+
+#: g10/card-util.c:1022
+#, fuzzy
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Ugyldige bogstaver i navn\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr ""
+
+#: g10/card-util.c:1058
+#, fuzzy
+msgid "Error: invalid response.\n"
+msgstr "fejl i trailerlinie\n"
+
+#: g10/card-util.c:1080
+#, fuzzy
+msgid "CA fingerprint: "
+msgstr "Fingeraftryk:"
+
+#: g10/card-util.c:1103
+#, fuzzy
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "fejl i trailerlinie\n"
+
+#: g10/card-util.c:1153
+#, fuzzy, c-format
+msgid "key operation not possible: %s\n"
+msgstr "påklædning af beskyttelse fejlede: %s\n"
+
+#: g10/card-util.c:1154
+#, fuzzy
+msgid "not an OpenPGP card"
+msgstr "ingen gyldig OpenPGP data fundet.\n"
+
+#: g10/card-util.c:1167
+#, fuzzy, c-format
+msgid "error getting current key info: %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: g10/card-util.c:1254
+#, fuzzy
+msgid "Replace existing key? (y/N) "
+msgstr "Vil du gerne signere? "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Hvilken nøglestørrelse ønsker du? (1024) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Hvilken nøglestørrelse ønsker du? (1024) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Hvilken nøglestørrelse ønsker du? (1024) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "rundet op til %u bit\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "udelod: hemmelig nøgle er allerede tilstede\n"
+
+#: g10/card-util.c:1381
+#, fuzzy
+msgid "Replace existing keys? (y/N) "
+msgstr "Vil du gerne signere? "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+
+#: g10/card-util.c:1449
+#, fuzzy
+msgid "Please select the type of key to generate:\n"
+msgstr "Vælg venligst hvilken slags nøgle du vil have:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+#, fuzzy
+msgid " (1) Signature key\n"
+msgstr "Denne nøgle er ikke beskyttet.\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+#, fuzzy
+msgid " (2) Encryption key\n"
+msgstr " (%d) ElGamal (kryptér kun)\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr ""
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Ugyldigt valg.\n"
+
+#: g10/card-util.c:1556
+#, fuzzy
+msgid "Please select where to store the key:\n"
+msgstr "rev- forkert nøgletilbagekald\n"
+
+#: g10/card-util.c:1600
+#, fuzzy
+msgid "unknown key protection algorithm\n"
+msgstr "ukendt kompressionsalgoritme"
+
+#: g10/card-util.c:1605
+#, fuzzy
+msgid "secret parts of key are not available\n"
+msgstr "hemmelig nøgle ikke tilgængelig"
+
+#: g10/card-util.c:1610
+#, fuzzy
+msgid "secret key already stored on a card\n"
+msgstr "udelod: hemmelig nøgle er allerede tilstede\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "afslut denne menu"
+
+#: g10/card-util.c:1684
+#, fuzzy
+msgid "show admin commands"
+msgstr "konfliktende kommandoer\n"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "vis denne hjælp"
+
+#: g10/card-util.c:1687
+#, fuzzy
+msgid "list all available data"
+msgstr "Ingen hjælp tilgængelig"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr ""
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr ""
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr ""
+
+#: g10/card-util.c:1693
+#, fuzzy
+msgid "change the login name"
+msgstr "ændr udløbsdatoen"
+
+#: g10/card-util.c:1694
+#, fuzzy
+msgid "change the language preferences"
+msgstr "vis præferencer"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr ""
+
+#: g10/card-util.c:1696
+#, fuzzy
+msgid "change a CA fingerprint"
+msgstr "vis fingeraftryk"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+#, fuzzy
+msgid "generate new keys"
+msgstr "generér et nyt nøglepar"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr ""
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+#, fuzzy
+msgid "Admin-only command\n"
+msgstr "konfliktende kommandoer\n"
+
+#: g10/card-util.c:1895
+#, fuzzy
+msgid "Admin commands are allowed\n"
+msgstr "konfliktende kommandoer\n"
+
+#: g10/card-util.c:1897
+#, fuzzy
+msgid "Admin commands are not allowed\n"
+msgstr "skriver hemmeligt certifikat til '%s'\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr ""
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr ""
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "kan ikke åbne `%s'\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, fuzzy, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "%s: bruger ikke fundet: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, fuzzy, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr ""
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr ""
+
+#: g10/delkey.c:145
+#, fuzzy
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Slet denne nøgle fra nøgleringen? "
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr ""
+
+#: g10/delkey.c:163
+#, fuzzy, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "fjernelse af beskyttelse fejlede: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr ""
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr ""
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr ""
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr ""
+
+#: g10/encode.c:246
+#, fuzzy, c-format
+msgid "using cipher %s\n"
+msgstr "signering fejlede: %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr ""
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "læser fra '%s'\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr ""
+
+#: g10/encode.c:848
+#, fuzzy, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s krypteret for: %s\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr ""
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr ""
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr ""
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr ""
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+
+#: g10/exec.c:416
+#, fuzzy, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "kan ikke åbne %s: %s\n"
+
+#: g10/exec.c:419
+#, fuzzy, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "kan ikke åbne %s: %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr ""
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr ""
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr ""
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr ""
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr ""
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr ""
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr "signér nøglen lokalt"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr ""
+
+#: g10/export.c:67
+msgid "remove the passphrase from exported subkeys"
+msgstr ""
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "dårlig hemmelig nøgle"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+#, fuzzy
+msgid "exporting secret keys not allowed\n"
+msgstr "skriver hemmeligt certifikat til '%s'\n"
+
+#: g10/export.c:367
+#, fuzzy, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: g10/export.c:375
+#, fuzzy, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+# er det klogt at oversætte TrustDB?
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "kunne ikke initialisere TillidsDB: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr ""
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "ADVARSEL: intet blev eksporteret\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr ""
+
+#: g10/getkey.c:175
+#, fuzzy
+msgid "[User ID not found]"
+msgstr "[bruger ikke fundet]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "Fingeraftryk:"
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr ""
+
+#: g10/getkey.c:2759
+#, fuzzy, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "bruger sekundær nøgle %08lX istedetfor primær nøgle %08lX\n"
+
+#: g10/getkey.c:2806
+#, fuzzy, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "opret en separat signatur"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[filer]|opret rentekst signatur"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "opret en separat signatur"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "kryptér data"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "kryptér kun med symmetriske cifre"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "afkryptér data (standard)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "godkend en signatur"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "vis nøgler"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "vis nøgler og signaturer"
+
+#: g10/gpg.c:389
+#, fuzzy
+msgid "list and check key signatures"
+msgstr "tjek nøglesignaturer"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "vis nøgle og fingeraftryk"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "vis hemmelige nøgler"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "generér et nyt nøglepar"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "Generér en annullérbar certifikat"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+#, fuzzy
+msgid "remove keys from the public keyring"
+msgstr "fjern nøgle fra den offentlige nøglering"
+
+#: g10/gpg.c:397
+#, fuzzy
+msgid "remove keys from the secret keyring"
+msgstr "fjern nøgle fra den hemmelige nøglering"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "signér en nøgle"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "signér en nøgle lokalt"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "signér eller redigér en nøgle"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "ændr kodesætningen"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "eksportér nøgler"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "eksportér nøgler til en nøgletjener"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "importér nøgler fra en nøgleserver"
+
+#: g10/gpg.c:408
+#, fuzzy
+msgid "search for keys on a key server"
+msgstr "eksportér nøgler til en nøgletjener"
+
+#: g10/gpg.c:410
+#, fuzzy
+msgid "update all keys from a keyserver"
+msgstr "importér nøgler fra en nøgleserver"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "importér/fusionér nøgler"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr ""
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr ""
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr ""
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "opdatér tillidsdatabasen"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|algo [filer]|print meddelelsesresumé"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "opret ascii beskyttet uddata"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|NAME|kryptér for NAME"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "brug denne bruger-id til at signere eller dekryptere"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|sæt kompresningsniveau N (0 = slået fra)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "brug kanonisk tekstmodus"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "|FILE|indlæs udvidelsesmodul FILE"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "lav ingen ændringer"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr ""
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr ""
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Eksempler:\n"
+"\n"
+" -se -r Mikael [fil] signér og kryptér for bruger Mikael\n"
+" --clearsign [fil] lav en ren tekstsignatur\n"
+" --detach-sign [fil] lav en separat signatur\n"
+" --list-keys [navne] vis nøgler\n"
+" --fingerprint [navne] vis fingeraftryk\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
+
+# Skal alt dette oversættes eller er det flagene?
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntaks: gpg [flag] [filer]\n"
+"sign, check, encrypt eller decrypt\n"
+"standard operation afhænger af inddata\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Understøttede algoritmer:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr ""
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr ""
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr ""
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+#, fuzzy
+msgid "Compression: "
+msgstr "Kommentar: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "brug: gpg [flag] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "konfliktende kommandoer\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1595
+#, fuzzy, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "ukendt standard modtager '%s'\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "den givne politik-URL er ugyldig\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr "skift imellem hemmelig og offentlig nøgle visning"
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1855
+#, fuzzy, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "NOTITS: ingen standard alternativfil '%s'\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "NOTITS: %s er ikke til normal brug!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, fuzzy, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "%s er ikke et gyldigt tegnsæt\n"
+
+#: g10/gpg.c:2624
+#, fuzzy, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "%s er ikke et gyldigt tegnsæt\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+#, fuzzy
+msgid "could not parse keyserver URL\n"
+msgstr "importér nøgler fra en nøgleserver: %s\n"
+
+#: g10/gpg.c:2659
+#, fuzzy, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#: g10/gpg.c:2662
+#, fuzzy
+msgid "invalid keyserver options\n"
+msgstr "ugyldig nøglering"
+
+#: g10/gpg.c:2669
+#, fuzzy, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#: g10/gpg.c:2672
+#, fuzzy
+msgid "invalid import options\n"
+msgstr "ugyldig rustning"
+
+#: g10/gpg.c:2679
+#, fuzzy, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#: g10/gpg.c:2682
+#, fuzzy
+msgid "invalid export options\n"
+msgstr "ugyldig nøglering"
+
+#: g10/gpg.c:2689
+#, fuzzy, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#: g10/gpg.c:2692
+#, fuzzy
+msgid "invalid list options\n"
+msgstr "ugyldig rustning"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "%s er ikke et gyldigt tegnsæt\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "den givne politik-URL er ugyldig\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "%s er ikke et gyldigt tegnsæt\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "%s er ikke et gyldigt tegnsæt\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, fuzzy, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#: g10/gpg.c:2732
+#, fuzzy
+msgid "invalid verify options\n"
+msgstr "ugyldig nøglering"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr ""
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr ""
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr ""
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s ikke tilladt med %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s er meningsløs sammen med %s!\n"
+
+#: g10/gpg.c:3057
+#, fuzzy, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "skriver hemmeligt certifikat til '%s'\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr ""
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "valgte cifferalgoritme er ugyldig\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "valgte resuméalgoritme er ugyldig\n"
+
+#: g10/gpg.c:3175
+#, fuzzy
+msgid "selected compression algorithm is invalid\n"
+msgstr "valgte cifferalgoritme er ugyldig\n"
+
+#: g10/gpg.c:3181
+#, fuzzy
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "valgte resuméalgoritme er ugyldig\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr ""
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr ""
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr ""
+
+#: g10/gpg.c:3202
+#, fuzzy
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "ugyldig S2K modus; skal være 0, 1 el. 3\n"
+
+#: g10/gpg.c:3204
+#, fuzzy
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "ugyldig S2K modus; skal være 0, 1 el. 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "NOTE: simpel S2K modus (0) frarådes på det skarpeste\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "ugyldig S2K modus; skal være 0, 1 el. 3\n"
+
+#: g10/gpg.c:3218
+#, fuzzy
+msgid "invalid default preferences\n"
+msgstr "vis præferencer"
+
+#: g10/gpg.c:3222
+#, fuzzy
+msgid "invalid personal cipher preferences\n"
+msgstr "vis præferencer"
+
+#: g10/gpg.c:3226
+#, fuzzy
+msgid "invalid personal digest preferences\n"
+msgstr "vis præferencer"
+
+#: g10/gpg.c:3230
+#, fuzzy
+msgid "invalid personal compress preferences\n"
+msgstr "vis præferencer"
+
+#: g10/gpg.c:3263
+#, fuzzy, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s er meningsløs sammen med %s!\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3320
+#, fuzzy, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "valgte cifferalgoritme er ugyldig\n"
+
+# er det klogt at oversætte TrustDB?
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "kunne ikke initialisere TillidsDB: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [filnavn (som gemmes)]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [filnavn]"
+
+#: g10/gpg.c:3447
+#, fuzzy, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "fjernelse af beskyttelse fejlede: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [filnavn (som krypteres)]"
+
+#: g10/gpg.c:3470
+#, fuzzy
+msgid "--symmetric --encrypt [filename]"
+msgstr "--sign --encrypt [filnavn]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [filnavn (som signeres)]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [filnavn]"
+
+#: g10/gpg.c:3521
+#, fuzzy
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--sign --encrypt [filnavn]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3546
+#, fuzzy
+msgid "--sign --symmetric [filename]"
+msgstr "--symmetric [filnavn]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [filnavn]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [filnavn (som dekrypteres)]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key bruger-id"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key bruger-id"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key bruger-id [kommandoer]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key bruger-id"
+
+#: g10/gpg.c:3716
+#, fuzzy, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "påklædning af beskyttelse fejlede: %s\n"
+
+#: g10/gpg.c:3718
+#, fuzzy, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "påklædning af beskyttelse fejlede: %s\n"
+
+#: g10/gpg.c:3720
+#, fuzzy, c-format
+msgid "key export failed: %s\n"
+msgstr "påklædning af beskyttelse fejlede: %s\n"
+
+#: g10/gpg.c:3731
+#, fuzzy, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "signering fejlede: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr ""
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "fjernelse af beskyttelse fejlede: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "påklædning af beskyttelse fejlede: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "ugyldig hash-algoritme `%s'\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[filnavn]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Gå til sagen og skriv meddelelsen ...\n"
+
+#: g10/gpg.c:4323
+#, fuzzy
+msgid "the given certification policy URL is invalid\n"
+msgstr "den givne politik-URL er ugyldig\n"
+
+#: g10/gpg.c:4325
+#, fuzzy
+msgid "the given signature policy URL is invalid\n"
+msgstr "den givne politik-URL er ugyldig\n"
+
+#: g10/gpg.c:4358
+#, fuzzy
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "den givne politik-URL er ugyldig\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "Slet denne nøgle fra nøgleringen? "
+
+#: g10/gpgv.c:76
+#, fuzzy
+msgid "make timestamp conflicts only a warning"
+msgstr "tidsstempelkonflikt"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|skriv statusinfo til denne FD"
+
+#: g10/gpgv.c:117
+#, fuzzy
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
+
+#: g10/gpgv.c:119
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Ingen hjælp tilgængelig"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Ingen hjælp tilgængelig for `%s'"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "opdatér tillidsdatabasen"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr ""
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "dårlig hemmelig nøgle"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "sprang over blok af typen %d\n"
+
+#: g10/import.c:275
+#, fuzzy, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu nøgler behandlet indtil nu\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Totalt antal behandlede: %lu\n"
+
+#: g10/import.c:294
+#, fuzzy, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " nye undernøgler: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr ""
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importerede: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " uændrede: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " nye bruger-id'er: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " nye undernøgler: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " nye signaturer: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " nye nøgletilbagekald: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " hemmelige nøgler læst: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr "hemmelige nøgler import: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr "hemmelige nøgler uændre: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, fuzzy, c-format
+msgid " not imported: %lu\n"
+msgstr " importerede: %lu"
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " nye signaturer: %lu\n"
+
+#: g10/import.c:325
+#, fuzzy, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " hemmelige nøgler læst: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:662
+#, fuzzy, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr "%s signatur fra: %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, fuzzy, c-format
+msgid "key %s: no user ID\n"
+msgstr "nøgle %08lX: ingen bruger-id\n"
+
+#: g10/import.c:795
+#, fuzzy, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "nøgle %08lX: undernøgle er blevet annulleret!\n"
+
+#: g10/import.c:810
+#, fuzzy, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "nøgle %08lX: ingen gyldige bruger-id'er\n"
+
+#: g10/import.c:816
+#, fuzzy, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "nøgle %08lX: ingen gyldige bruger-id'er\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr ""
+
+#: g10/import.c:828 g10/import.c:1303
+#, fuzzy, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "nøgle %08lX: offentlig nøgle ikke fundet: %s\n"
+
+#: g10/import.c:834
+#, fuzzy, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: g10/import.c:843
+#, fuzzy, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "skriver til `%s'\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: g10/import.c:871
+#, fuzzy, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "nøgle %08lX: offentlig nøgle importeret\n"
+
+#: g10/import.c:895
+#, fuzzy, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "nøgle %08lX: stemmer ikke med vores kopi\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, fuzzy, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "nøgle %08lX: kan ikke lokalisere original nøgleblok: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, fuzzy, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "nøgle %08lX: kan ikke læse original nøgleblok: %s\n"
+
+#: g10/import.c:962
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "nøgle %08lX: ingen bruger-id\n"
+
+#: g10/import.c:965
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "nøgle %08lX: ingen bruger-id\n"
+
+#: g10/import.c:968
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "nøgle %08lX: offentlig nøgle importeret\n"
+
+#: g10/import.c:971
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "nøgle %08lX: offentlig nøgle importeret\n"
+
+#: g10/import.c:974
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: g10/import.c:977
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "nøgle %08lX: offentlig nøgle importeret\n"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "nøgle %08lX: offentlig nøgle importeret\n"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "nøgle %08lX: ingen bruger-id\n"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "nøgle %08lX: ingen bruger-id\n"
+
+#: g10/import.c:1013
+#, fuzzy, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "nøgle %08lX: ingen bruger-id\n"
+
+#: g10/import.c:1185
+#, fuzzy, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: g10/import.c:1196
+#, fuzzy
+msgid "importing secret keys not allowed\n"
+msgstr "skriver hemmeligt certifikat til '%s'\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, fuzzy, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "ingen standard offentlig nøglering\n"
+
+#: g10/import.c:1224
+#, fuzzy, c-format
+msgid "key %s: secret key imported\n"
+msgstr "hemmelige nøgler import: %lu\n"
+
+#: g10/import.c:1254
+#, fuzzy, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "fjern nøgle fra den hemmelige nøglering"
+
+#: g10/import.c:1264
+#, fuzzy, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "%s: bruger ikke fundet: %s\n"
+
+#: g10/import.c:1296
+#, fuzzy, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr "Generér en annullérbar certifikat"
+
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "Generér en annullérbar certifikat"
+
+#: g10/import.c:1371
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "Generér en annullérbar certifikat"
+
+#: g10/import.c:1447
+#, fuzzy, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "nøgle %08lX: ingen bruger-id\n"
+
+#: g10/import.c:1464
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr "nøgle %08lX: offentlig nøgle ikke fundet: %s\n"
+
+#: g10/import.c:1466
+#, fuzzy, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "nøgle %08lX: ingen gyldige bruger-id'er\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "nøgle %08lX: offentlig nøgle ikke fundet: %s\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "nøgle %08lX: offentlig nøgle importeret\n"
+
+#: g10/import.c:1498
+#, fuzzy, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "nøgle %08lX: undernøgle er blevet annulleret!\n"
+
+#: g10/import.c:1511
+#, fuzzy, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "nøgle %08lX: ingen gyldige bruger-id'er\n"
+
+#: g10/import.c:1527
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "nøgle %08lX: undernøgle er blevet annulleret!\n"
+
+#: g10/import.c:1549
+#, fuzzy, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "nøgle %08lX: undernøgle er blevet annulleret!\n"
+
+#: g10/import.c:1562
+#, fuzzy, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "nøgle %08lX: ingen gyldige bruger-id'er\n"
+
+#: g10/import.c:1577
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "nøgle %08lX: ingen gyldige bruger-id'er\n"
+
+#: g10/import.c:1618
+#, fuzzy, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "%s: udelod: %s\n"
+
+#: g10/import.c:1639
+#, fuzzy, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "%s: udelod: %s\n"
+
+#: g10/import.c:1666
+#, fuzzy, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: g10/import.c:1676
+#, fuzzy, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: g10/import.c:1693
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "Generér en annullérbar certifikat"
+
+#: g10/import.c:1707
+#, fuzzy, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: g10/import.c:1715
+#, fuzzy, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr ""
+
+#: g10/import.c:1906
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr "ADVARSEL: Denne nøgle er blevet annulleret af dets ejer!\n"
+
+#: g10/import.c:1920
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr "ADVARSEL: Denne nøgle er blevet annulleret af dets ejer!\n"
+
+#: g10/import.c:1979
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "nøgle %08lX: offentlig nøgle importeret\n"
+
+#: g10/import.c:2013
+#, fuzzy, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "nøgle %08lX: offentlig nøgle importeret\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr ""
+
+#: g10/import.c:2422
+#, fuzzy
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "udelod: hemmelig nøgle er allerede tilstede\n"
+
+#: g10/import.c:2424
+#, fuzzy
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "udelod: hemmelig nøgle er allerede tilstede\n"
+
+#: g10/keydb.c:181
+#, fuzzy, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr ""
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, fuzzy, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: g10/keydb.c:719
+#, fuzzy, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "ingen standard offentlig nøglering\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr ""
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[selv-signatur]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 dårlig signature\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d dårlige signaturer\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr ""
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr ""
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr ""
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr ""
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr ""
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr ""
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, fuzzy, c-format
+msgid " %d = I trust marginally\n"
+msgstr " (%d) ElGamal (kryptér kun)\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, fuzzy, c-format
+msgid " %d = I trust fully\n"
+msgstr " (%d) ElGamal (kryptér kun)\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, fuzzy, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "Nøglen er beskyttet.\n"
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+#, fuzzy
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Er du sikker på at de vil benytte denne nøglestørrelse? "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr ""
+
+#: g10/keyedit.c:626
+#, fuzzy, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "Nøglen er beskyttet.\n"
+
+#: g10/keyedit.c:654
+#, fuzzy, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#: g10/keyedit.c:682
+#, fuzzy, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#: g10/keyedit.c:684
+#, fuzzy
+msgid "Sign it? (y/N) "
+msgstr "Vil du gerne signere? "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr ""
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr ""
+
+#: g10/keyedit.c:787
+#, fuzzy
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Er du sikker på at de vil benytte denne nøglestørrelse? "
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr ""
+
+#: g10/keyedit.c:824
+#, fuzzy
+msgid "This key has expired!"
+msgstr "Bemærk: Denne nøgle er forældet!\n"
+
+#: g10/keyedit.c:842
+#, fuzzy, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Denne nøgle er ikke beskyttet.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr ""
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr ""
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr ""
+
+#: g10/keyedit.c:956
+#, fuzzy, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr "Er du sikker på at de vil benytte denne nøglestørrelse? "
+
+#: g10/keyedit.c:963
+#, fuzzy
+msgid "This will be a self-signature.\n"
+msgstr "skriver selvsignatur\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr ""
+
+#: g10/keyedit.c:994
+#, fuzzy
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "signér nøglen lokalt"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr ""
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr ""
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr ""
+
+#: g10/keyedit.c:1021
+#, fuzzy
+msgid "Really sign? (y/N) "
+msgstr "Vil du gerne signere? "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "signering fejlede: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Denne nøgle er ikke beskyttet.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+#, fuzzy
+msgid "Secret parts of primary key are not available.\n"
+msgstr "hemmelig nøgle ikke tilgængelig"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+#, fuzzy
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "hemmelig nøgle ikke tilgængelig"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Nøglen er beskyttet.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Kan ikke redigere denne nøgle: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+#, fuzzy
+msgid "passphrase not correctly repeated; try again"
+msgstr "kodesætningen blev ikke ordentlig gentaget; prøv igen.\n"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+
+#: g10/keyedit.c:1215
+#, fuzzy
+msgid "Do you really want to do this? (y/N) "
+msgstr "Vil du virkelig gerne gøre dette?"
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr ""
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "gem og afslut"
+
+#: g10/keyedit.c:1387
+#, fuzzy
+msgid "show key fingerprint"
+msgstr "vis fingeraftryk"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "vis nøgler og bruger-id'er"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr ""
+
+#: g10/keyedit.c:1391
+#, fuzzy
+msgid "select subkey N"
+msgstr "vælg sekundær nøgle N"
+
+#: g10/keyedit.c:1392
+#, fuzzy
+msgid "check signatures"
+msgstr "Kan ikke tjekke signatur: %s\n"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+#, fuzzy
+msgid "sign selected user IDs locally"
+msgstr "signér nøglen lokalt"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr ""
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "tilføj bruger-id"
+
+#: g10/keyedit.c:1412
+#, fuzzy
+msgid "add a photo ID"
+msgstr "tilføj bruger-id"
+
+#: g10/keyedit.c:1414
+#, fuzzy
+msgid "delete selected user IDs"
+msgstr "slet bruger id"
+
+#: g10/keyedit.c:1419
+#, fuzzy
+msgid "add a subkey"
+msgstr "tilføj nøgle"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+#, fuzzy
+msgid "delete selected subkeys"
+msgstr "slet sekundær nøgle"
+
+#: g10/keyedit.c:1433
+#, fuzzy
+msgid "add a revocation key"
+msgstr "tilføj sekundær nøgle"
+
+#: g10/keyedit.c:1435
+#, fuzzy
+msgid "delete signatures from the selected user IDs"
+msgstr "Generér en annullérbar certifikat"
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr ""
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr ""
+
+#: g10/keyedit.c:1441
+#, fuzzy
+msgid "toggle between the secret and public key listings"
+msgstr "skift imellem hemmelig og offentlig nøgle visning"
+
+#: g10/keyedit.c:1444
+#, fuzzy
+msgid "list preferences (expert)"
+msgstr "vis præferencer"
+
+#: g10/keyedit.c:1446
+#, fuzzy
+msgid "list preferences (verbose)"
+msgstr "vis præferencer"
+
+#: g10/keyedit.c:1448
+#, fuzzy
+msgid "set preference list for the selected user IDs"
+msgstr "Generér en annullérbar certifikat"
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "Generér en annullérbar certifikat"
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr "Generér en annullérbar certifikat"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "ændr kodesætningen"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr ""
+
+#: g10/keyedit.c:1463
+#, fuzzy
+msgid "revoke signatures on the selected user IDs"
+msgstr "Vil du virkelig oprette?"
+
+#: g10/keyedit.c:1465
+#, fuzzy
+msgid "revoke selected user IDs"
+msgstr "tilføj bruger-id"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr ""
+
+#: g10/keyedit.c:1471
+#, fuzzy
+msgid "enable key"
+msgstr "slå nøgle til"
+
+#: g10/keyedit.c:1472
+#, fuzzy
+msgid "disable key"
+msgstr "slå nøgle fra"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr ""
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, fuzzy, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr ""
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr ""
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr ""
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+#, fuzzy
+msgid "Key is revoked."
+msgstr "Nøglen er beskyttet.\n"
+
+#: g10/keyedit.c:1798
+#, fuzzy
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Vil du gerne signere? "
+
+#: g10/keyedit.c:1805
+#, fuzzy
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "signér nøglen lokalt"
+
+#: g10/keyedit.c:1814
+#, fuzzy, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "ukendt signaturklasse"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr ""
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr ""
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr ""
+
+#: g10/keyedit.c:1863
+#, fuzzy
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Vil du virkelig oprette?"
+
+#: g10/keyedit.c:1864
+#, fuzzy
+msgid "Really remove this user ID? (y/N) "
+msgstr "Vil du virkelig oprette?"
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:1929
+#, fuzzy
+msgid "You must select exactly one key.\n"
+msgstr "Vælg venligst hvilken slags nøgle du vil have:\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, fuzzy, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "kan ikke åbne '%s': %s\n"
+
+#: g10/keyedit.c:1988
+#, fuzzy, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr ""
+
+#: g10/keyedit.c:2015
+#, fuzzy
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Vil du gerne oprette en underskrivnings- og krypteringsnøgle? "
+
+#: g10/keyedit.c:2016
+#, fuzzy
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Vil du virkelig gerne gøre dette?"
+
+#: g10/keyedit.c:2051
+#, fuzzy
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Vil du virkelig oprette?"
+
+#: g10/keyedit.c:2052
+#, fuzzy
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Vil du virkelig oprette?"
+
+#: g10/keyedit.c:2070
+#, fuzzy
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Vil du virkelig gerne gøre dette?"
+
+#: g10/keyedit.c:2081
+#, fuzzy
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Vil du gerne oprette en underskrivnings- og krypteringsnøgle? "
+
+#: g10/keyedit.c:2083
+#, fuzzy
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Vil du virkelig gerne gøre dette?"
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+#, fuzzy
+msgid "Set preference list to:\n"
+msgstr "vis præferencer"
+
+#: g10/keyedit.c:2181
+#, fuzzy
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "Generér en annullérbar certifikat"
+
+#: g10/keyedit.c:2183
+#, fuzzy
+msgid "Really update the preferences? (y/N) "
+msgstr "Generér en annullérbar certifikat"
+
+#: g10/keyedit.c:2253
+#, fuzzy
+msgid "Save changes? (y/N) "
+msgstr "Gem ændringer? "
+
+#: g10/keyedit.c:2256
+#, fuzzy
+msgid "Quit without saving? (y/N) "
+msgstr "Afslut uden at gemme? "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr ""
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr ""
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr ""
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr ""
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr ""
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr ""
+"@\n"
+"Indstillinger:\n"
+" "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr ""
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "ADVARSEL: Denne nøgle er blevet annulleret af dets ejer!\n"
+
+#: g10/keyedit.c:2832
+#, fuzzy, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "ADVARSEL: Denne nøgle er blevet annulleret af dets ejer!\n"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr ""
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, fuzzy, c-format
+msgid "created: %s"
+msgstr "kan ikke oprette %s: %s\n"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, fuzzy, c-format
+msgid "revoked: %s"
+msgstr "tilføj nøgle"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, fuzzy, c-format
+msgid "expired: %s"
+msgstr "Nøgle udløber d. %s\n"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, fuzzy, c-format
+msgid "expires: %s"
+msgstr "Nøgle udløber d. %s\n"
+
+#: g10/keyedit.c:2863
+#, fuzzy, c-format
+msgid "usage: %s"
+msgstr "betro"
+
+#: g10/keyedit.c:2878
+#, fuzzy, c-format
+msgid "trust: %s"
+msgstr "betro"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr ""
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr ""
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+#, fuzzy
+msgid "revoked"
+msgstr "tilføj nøgle"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+#, fuzzy
+msgid "expired"
+msgstr "udløb"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+#, fuzzy
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Er du sikker på at de vil benytte denne nøglestørrelse? "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr ""
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr ""
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr ""
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr ""
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Slettede %d signatur.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr ""
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr ""
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+#, fuzzy
+msgid "invalid"
+msgstr "ugyldig rustning"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "Nøglen er beskyttet.\n"
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "Nøglen er beskyttet.\n"
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "Nøglen er beskyttet.\n"
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "Nøglen er beskyttet.\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "Nøglen er beskyttet.\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3499
+#, fuzzy
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Indtast nøglens størrelse"
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr ""
+
+#: g10/keyedit.c:3561
+#, fuzzy
+msgid "this key has already been designated as a revoker\n"
+msgstr "ADVARSEL: Denne nøgle er blevet annulleret af dets ejer!\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+
+#: g10/keyedit.c:3586
+#, fuzzy
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr "Er du sikker på at de vil benytte denne nøglestørrelse? "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr ""
+
+#: g10/keyedit.c:3653
+#, fuzzy
+msgid "Please select at most one subkey.\n"
+msgstr "Vælg venligst hvilken slags nøgle du vil have:\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr ""
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr ""
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr ""
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "Nøglen er beskyttet.\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+#, fuzzy
+msgid "Please select exactly one user ID.\n"
+msgstr "Vælg venligst hvilken slags nøgle du vil have:\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, fuzzy, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "nøgle %08lX: ingen gyldige bruger-id'er\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+#, fuzzy
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Er du sikker på at de vil benytte denne nøglestørrelse? "
+
+#: g10/keyedit.c:4260
+#, fuzzy
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Er du sikker på at de vil benytte denne nøglestørrelse? "
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr ""
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "Overskriv (j/N)? "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Ingen bruger-id med indeks %d\n"
+
+#: g10/keyedit.c:4604
+#, fuzzy, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Ingen bruger-id med indeks %d\n"
+
+#: g10/keyedit.c:4639
+#, fuzzy, c-format
+msgid "No subkey with index %d\n"
+msgstr "Ingen bruger-id med indeks %d\n"
+
+#: g10/keyedit.c:4774
+#, fuzzy, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "bruger-id: \""
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr ""
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr ""
+
+#: g10/keyedit.c:4783
+#, fuzzy, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Denne nøgle er ikke beskyttet.\n"
+
+#: g10/keyedit.c:4787
+#, fuzzy
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Er du sikker på at de vil benytte denne nøglestørrelse? "
+
+#: g10/keyedit.c:4791
+#, fuzzy
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Generér en annullérbar certifikat"
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr ""
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr ""
+
+#: g10/keyedit.c:4874
+#, fuzzy
+msgid " (non-revocable)"
+msgstr "signér en nøgle lokalt"
+
+#: g10/keyedit.c:4881
+#, fuzzy, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "ADVARSEL: Denne nøgle er blevet annulleret af dets ejer!\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr ""
+
+#: g10/keyedit.c:4923
+#, fuzzy
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Generér en annullérbar certifikat"
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr ""
+
+#: g10/keyedit.c:5023
+#, fuzzy, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "Nøglen er beskyttet.\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+
+#: g10/keyedit.c:5104
+#, fuzzy, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "Nøglen er beskyttet.\n"
+
+#: g10/keyedit.c:5166
+#, fuzzy, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "Nøglen er beskyttet.\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+
+#: g10/keygen.c:275
+#, fuzzy, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "vis præferencer"
+
+#: g10/keygen.c:282
+#, fuzzy
+msgid "too many cipher preferences\n"
+msgstr "vis præferencer"
+
+#: g10/keygen.c:284
+#, fuzzy
+msgid "too many digest preferences\n"
+msgstr "vis præferencer"
+
+#: g10/keygen.c:286
+#, fuzzy
+msgid "too many compression preferences\n"
+msgstr "vis præferencer"
+
+#: g10/keygen.c:426
+#, fuzzy, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "Ugyldige bogstaver i navn\n"
+
+#: g10/keygen.c:910
+#, fuzzy
+msgid "writing direct signature\n"
+msgstr "skriver selvsignatur\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "skriver selvsignatur\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr ""
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, fuzzy, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "Ønsket nøglestørrelse er %u bit\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, fuzzy, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "rundet op til %u bit\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+#, fuzzy
+msgid "Sign"
+msgstr "signér"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+#, fuzzy
+msgid "Encrypt"
+msgstr "kryptér data"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr ""
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, fuzzy, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%d) ElGamal (kryptér kun)\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Vælg venligst hvilken slags nøgle du vil have:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA og ElGamal (standard)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA og ElGamal (standard)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (signér kun)\n"
+
+#: g10/keygen.c:1694
+#, fuzzy, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) DSA (signér kun)\n"
+
+#: g10/keygen.c:1698
+#, fuzzy, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (kryptér kun)\n"
+
+#: g10/keygen.c:1699
+#, fuzzy, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) ElGamal (kryptér kun)\n"
+
+#: g10/keygen.c:1703
+#, fuzzy, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) ElGamal (kryptér kun)\n"
+
+#: g10/keygen.c:1704
+#, fuzzy, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) ElGamal (kryptér kun)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Hvilken nøglestørrelse ønsker du? (1024) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, fuzzy, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Hvilken nøglestørrelse ønsker du? (1024) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Ønsket nøglestørrelse er %u bit\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Nøgle er gyldig for? (0) "
+
+#: g10/keygen.c:1964
+#, fuzzy, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Nøgle er gyldig for? (0) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "ugyldig værdi\n"
+
+#: g10/keygen.c:1989
+#, fuzzy
+msgid "Key does not expire at all\n"
+msgstr "Nøglen udløber aldrig\n"
+
+#: g10/keygen.c:1990
+#, fuzzy
+msgid "Signature does not expire at all\n"
+msgstr "Nøglen udløber aldrig\n"
+
+#: g10/keygen.c:1995
+#, fuzzy, c-format
+msgid "Key expires at %s\n"
+msgstr "Nøgle udløber d. %s\n"
+
+#: g10/keygen.c:1996
+#, fuzzy, c-format
+msgid "Signature expires at %s\n"
+msgstr "Denne nøgle er ikke beskyttet.\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+
+# virker j automatisk istedetfor y?
+#: g10/keygen.c:2013
+#, fuzzy
+msgid "Is this correct? (y/N) "
+msgstr "Er dette korrekt (j/n)? "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Rigtige navn: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Ugyldige bogstaver i navn\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Navn må ikke starte med et tal\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Navn skal være mindst 5 bogstaver langt\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Epostadresse: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Ikke en gyldig epostadresse\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Kommentar: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Ugyldigt tegn i kommentar\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Du bruger '%s' tegnsættet.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Du valgte denne BRUGER-ID:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr ""
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcEeOoQq"
+
+#: g10/keygen.c:2211
+#, fuzzy
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Ændr (N)avn, (K)ommentar, (E)post eller (O)kay/(Q)vit? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Ændr (N)avn, (K)ommentar, (E)post eller (O)kay/(Q)vit? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr ""
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Du skal bruge en kodesætning til at beskytte din hemmelige nøgle.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+"Du skal bruge en kodesætning til at beskytte din hemmelige nøgle.\n"
+"\n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr ""
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Nøgleoprettelse annulleret.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, fuzzy, c-format
+msgid "writing public key to `%s'\n"
+msgstr "skriver offentligt certifikat til '%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, fuzzy, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "skriver hemmeligt certifikat til '%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, fuzzy, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "skriver hemmeligt certifikat til '%s'\n"
+
+#: g10/keygen.c:3598
+#, fuzzy, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "nøgle %08lX: offentlig nøgle ikke fundet: %s\n"
+
+#: g10/keygen.c:3605
+#, fuzzy, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "skriver hemmeligt certifikat til '%s'\n"
+
+#: g10/keygen.c:3625
+#, fuzzy, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: g10/keygen.c:3633
+#, fuzzy, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "offentlig og hemmelig nøgle oprettet og signeret.\n"
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr ""
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr ""
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+#, fuzzy
+msgid "Really create? (y/N) "
+msgstr "Vil du virkelig oprette?"
+
+#: g10/keygen.c:4116
+#, fuzzy, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "fjernelse af beskyttelse fejlede: %s\n"
+
+#: g10/keygen.c:4165
+#, fuzzy, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "kan ikke oprette %s: %s\n"
+
+#: g10/keygen.c:4191
+#, fuzzy, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "hemmelige nøgler import: %lu\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr ""
+
+#: g10/keylist.c:273
+#, fuzzy
+msgid "Critical signature policy: "
+msgstr "%s signatur fra: %s\n"
+
+#: g10/keylist.c:275
+#, fuzzy
+msgid "Signature policy: "
+msgstr "%s signatur fra: %s\n"
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr ""
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr ""
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr ""
+
+#: g10/keylist.c:1526
+#, fuzzy
+msgid "Primary key fingerprint:"
+msgstr "vis nøgle og fingeraftryk"
+
+#: g10/keylist.c:1528
+#, fuzzy
+msgid " Subkey fingerprint:"
+msgstr " Fingeraftryk:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+#, fuzzy
+msgid " Primary key fingerprint:"
+msgstr " Fingeraftryk:"
+
+#: g10/keylist.c:1537
+#, fuzzy
+msgid " Subkey fingerprint:"
+msgstr " Fingeraftryk:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+#, fuzzy
+msgid " Key fingerprint ="
+msgstr " Fingeraftryk:"
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, fuzzy, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "påklædning af beskyttelse fejlede: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr ""
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr ""
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr ""
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr ""
+
+#: g10/keyring.c:1430
+#, fuzzy, c-format
+msgid "caching keyring `%s'\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: g10/keyring.c:1489
+#, fuzzy, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "vis nøgler og signaturer"
+
+#: g10/keyring.c:1501
+#, fuzzy, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "vis nøgler og signaturer"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr ""
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "den givne politik-URL er ugyldig\n"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+
+#: g10/keyserver.c:544
+#, fuzzy
+msgid "disabled"
+msgstr "slåfra"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, fuzzy, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "ugyldig nøglering"
+
+#: g10/keyserver.c:932
+#, fuzzy, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "%s: bruger ikke fundet: %s\n"
+
+#: g10/keyserver.c:934
+#, fuzzy
+msgid "key not found on keyserver\n"
+msgstr "%s: bruger ikke fundet: %s\n"
+
+#: g10/keyserver.c:1177
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "importér nøgler fra en nøgleserver: %s\n"
+
+#: g10/keyserver.c:1181
+#, fuzzy, c-format
+msgid "requesting key %s from %s\n"
+msgstr "importér nøgler fra en nøgleserver: %s\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "eksportér nøgler til en nøgletjener"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "læser indstillinger fra `%s'\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1365
+#, fuzzy, c-format
+msgid "sending key %s to %s\n"
+msgstr "importér nøgler fra en nøgleserver: %s\n"
+
+#: g10/keyserver.c:1408
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "eksportér nøgler til en nøgletjener"
+
+#: g10/keyserver.c:1411
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "læser indstillinger fra `%s'\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+#, fuzzy
+msgid "no keyserver action!\n"
+msgstr "ugyldig nøglering"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr ""
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+#: g10/keyserver.c:1575
+#, fuzzy
+msgid "keyserver timed out\n"
+msgstr "generel fejl"
+
+#: g10/keyserver.c:1580
+#, fuzzy
+msgid "keyserver internal error\n"
+msgstr "generel fejl"
+
+#: g10/keyserver.c:1589
+#, fuzzy, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "påklædning af beskyttelse fejlede: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, fuzzy, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "%s er ikke et gyldigt tegnsæt\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1929
+#, fuzzy, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "importér nøgler fra en nøgleserver: %s\n"
+
+#: g10/keyserver.c:1931
+#, fuzzy, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "importér nøgler fra en nøgleserver: %s\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "kan ikke åbne %s: %s\n"
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr ""
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr ""
+
+#: g10/mainproc.c:284
+#, fuzzy, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s/%s krypteret for: %s\n"
+
+#: g10/mainproc.c:294
+#, fuzzy, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "ukendt cifferalgoritme "
+
+#: g10/mainproc.c:360
+#, fuzzy, c-format
+msgid "public key is %s\n"
+msgstr "Offentlig nøgle er slået fra.\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr ""
+
+#: g10/mainproc.c:456
+#, fuzzy, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "Gentag kodesætning: "
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, fuzzy, c-format
+msgid " \"%s\"\n"
+msgstr " alias \""
+
+#: g10/mainproc.c:464
+#, fuzzy, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "Gentag kodesætning: "
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:495
+#, fuzzy, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "Gentag kodesætning: "
+
+#: g10/mainproc.c:497
+#, fuzzy
+msgid "encrypted with 1 passphrase\n"
+msgstr "Gentag kodesætning: "
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, fuzzy, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "kryptér data"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr ""
+
+#: g10/mainproc.c:574
+#, fuzzy
+msgid "WARNING: message was not integrity protected\n"
+msgstr "ADVARSEL: intet blev eksporteret\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr ""
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr ""
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr ""
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr ""
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "God signatur fra \""
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr ""
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "opret en separat signatur"
+
+#: g10/mainproc.c:1598
+#, fuzzy, c-format
+msgid "Signature made %s\n"
+msgstr "Denne nøgle er ikke beskyttet.\n"
+
+#: g10/mainproc.c:1599
+#, fuzzy, c-format
+msgid " using %s key %s\n"
+msgstr " alias \""
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr ""
+
+#: g10/mainproc.c:1623
+#, fuzzy
+msgid "Key available at: "
+msgstr "Ingen hjælp tilgængelig"
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, fuzzy, c-format
+msgid "BAD signature from \"%s\""
+msgstr "DÅRLIG signatur fra \""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, fuzzy, c-format
+msgid "Expired signature from \"%s\""
+msgstr "God signatur fra \""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, fuzzy, c-format
+msgid "Good signature from \"%s\""
+msgstr "God signatur fra \""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr ""
+
+#: g10/mainproc.c:1843
+#, fuzzy, c-format
+msgid " aka \"%s\""
+msgstr " alias \""
+
+#: g10/mainproc.c:1941
+#, fuzzy, c-format
+msgid "Signature expired %s\n"
+msgstr "Denne nøgle er ikke beskyttet.\n"
+
+#: g10/mainproc.c:1946
+#, fuzzy, c-format
+msgid "Signature expires %s\n"
+msgstr "Denne nøgle er ikke beskyttet.\n"
+
+#: g10/mainproc.c:1949
+#, fuzzy, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s signatur fra: %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr ""
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr ""
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+#, fuzzy
+msgid "unknown"
+msgstr "ukendt version"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Kan ikke tjekke signatur: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+#, fuzzy
+msgid "not a detached signature\n"
+msgstr "opret en separat signatur"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr ""
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "gammeldags (PGP 2.x) signatur\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr ""
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, fuzzy, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "kan ikke åbne %s: %s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr ""
+
+#: g10/misc.c:296
+#, fuzzy, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "nøgle %08lX: offentlig nøgle ikke fundet: %s\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#: g10/misc.c:315
+#, fuzzy, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "uimplementeret cifferalgoritme"
+
+#: g10/misc.c:330
+#, fuzzy, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "%s signatur fra: %s\n"
+
+#: g10/misc.c:335
+#, fuzzy, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr ""
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr "rev- forkert nøgletilbagekald\n"
+
+#: g10/misc.c:761
+#, fuzzy, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#: g10/misc.c:765
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr ""
+
+#: g10/misc.c:774
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#: g10/misc.c:848
+#, fuzzy
+msgid "Uncompressed"
+msgstr "ikke bearbejdet"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+#, fuzzy
+msgid "uncompressed|none"
+msgstr "ikke bearbejdet"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr ""
+
+#: g10/misc.c:1175
+#, fuzzy, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "læser indstillinger fra `%s'\n"
+
+#: g10/misc.c:1200
+#, fuzzy, c-format
+msgid "unknown option `%s'\n"
+msgstr "ukendt standard modtager '%s'\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Fil `%s' eksisterer. "
+
+#: g10/openfile.c:93
+#, fuzzy
+msgid "Overwrite? (y/N) "
+msgstr "Overskriv (j/N)? "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: ukendt suffiks\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Indtast nyt filnavn"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "skriver til stdout\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr ""
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr ""
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr ""
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr ""
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr ""
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, fuzzy, c-format
+msgid " (main key ID %s)"
+msgstr " (hovednøgle-ID %08lX)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Du skal bruge en kodesætning til at beskytte din hemmelige nøgle.\n"
+"\n"
+
+#: g10/passphrase.c:384
+#, fuzzy
+msgid "Enter passphrase\n"
+msgstr "Indtast kodesætning: "
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr ""
+
+#: g10/passphrase.c:592
+#, fuzzy, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"Du skal bruge en kodesætning til at beskytte din hemmelige nøgle.\n"
+"\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr ""
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr ""
+
+#: g10/photoid.c:117
+#, fuzzy, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "kan ikke åbne %s: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+#, fuzzy
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Er du sikker på at de vil benytte denne nøglestørrelse? "
+
+#: g10/photoid.c:146
+#, fuzzy, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "%s er ikke et gyldigt tegnsæt\n"
+
+# virker j automatisk istedetfor y?
+#: g10/photoid.c:165
+#, fuzzy
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Er dette korrekt (j/n)? "
+
+#: g10/photoid.c:373
+#, fuzzy
+msgid "unable to display photo ID!\n"
+msgstr "kan ikke åbne %s: %s\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr ""
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+#, fuzzy
+msgid "Key is superseded"
+msgstr "Nøglen er beskyttet.\n"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr ""
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr ""
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr ""
+
+#: g10/pkclist.c:72
+#, fuzzy
+msgid "reason for revocation: "
+msgstr "rev- forkert nøgletilbagekald\n"
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr ""
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr ""
+
+#: g10/pkclist.c:212
+#, fuzzy
+msgid "No trust value assigned to:\n"
+msgstr ""
+"Ingen tillidsværdi tildelt til %lu:\n"
+"%4u%c/%08lX %s \""
+
+#: g10/pkclist.c:245
+#, fuzzy, c-format
+msgid " aka \"%s\"\n"
+msgstr " alias \""
+
+#: g10/pkclist.c:255
+#, fuzzy
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "Denne nøgle tilhører sikkert ejeren\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr ""
+
+#: g10/pkclist.c:272
+#, fuzzy, c-format
+msgid " %d = I do NOT trust\n"
+msgstr "%08lX: Vi stoler IKKE på denne nøgle\n"
+
+#: g10/pkclist.c:278
+#, fuzzy, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " (%d) ElGamal (kryptér kun)\n"
+
+#: g10/pkclist.c:284
+#, fuzzy
+msgid " m = back to the main menu\n"
+msgstr " m = tilbage til hovedmenu\n"
+
+#: g10/pkclist.c:287
+#, fuzzy
+msgid " s = skip this key\n"
+msgstr "%s: udelod: %s\n"
+
+#: g10/pkclist.c:288
+#, fuzzy
+msgid " q = quit\n"
+msgstr " q = afslut\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Dit valg? "
+
+#: g10/pkclist.c:319
+#, fuzzy
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Vil du virkelig gerne gøre dette?"
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr ""
+
+#: g10/pkclist.c:418
+#, fuzzy, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr " Intet tyder på at denne signatur tilhører ejeren.\n"
+
+#: g10/pkclist.c:423
+#, fuzzy, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr " Intet tyder på at denne signatur tilhører ejeren.\n"
+
+#: g10/pkclist.c:429
+#, fuzzy
+msgid "This key probably belongs to the named user\n"
+msgstr "Denne nøgle tilhører sikkert ejeren\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Denne nøgle tilhører os\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+
+#: g10/pkclist.c:479
+#, fuzzy
+msgid "Use this key anyway? (y/N) "
+msgstr "Brug denne nøgle alligevel? "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "ADVARSEL: Bruger nøgle uden tillid!\n"
+
+#: g10/pkclist.c:520
+#, fuzzy
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "ADVARSEL: Denne nøgle er blevet annulleret af dets ejer!\n"
+
+#: g10/pkclist.c:529
+#, fuzzy
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "ADVARSEL: Denne nøgle er blevet annulleret af dets ejer!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "ADVARSEL: Denne nøgle er blevet annulleret af dets ejer!\n"
+
+#: g10/pkclist.c:533
+#, fuzzy
+msgid " This could mean that the signature is forged.\n"
+msgstr " Dette kan betyde at signaturen er forfalsket.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "ADVARSEL: Denne undernøgle er blevet tilbagekaldt af dens ejer!\n"
+
+#: g10/pkclist.c:544
+#, fuzzy
+msgid "Note: This key has been disabled.\n"
+msgstr "Bemærk: Denne nøgle er forældet!\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Bemærk: Denne nøgle er forældet!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr ""
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr " Intet tyder på at denne signatur tilhører ejeren.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "ADVARSEL: Vi tror IKKE på denne nøgle!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Signaturen er formentlig FORFALSKET.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Det er ikke sikkert at signaturen tilhører ejeren.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: udelod: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: udelod: offentlig nøgle er allerede tilstede\n"
+
+#: g10/pkclist.c:896
+#, fuzzy
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr ""
+"Du angav ikke en bruger-id. (du kan bruge \"-r\")\n"
+"\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Ingen sådan bruger-id.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "udeladt: offentlig nøgle er allerede valgt som standard modtager\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Offentlig nøgle er slået fra.\n"
+
+#: g10/pkclist.c:1010
+#, fuzzy
+msgid "skipped: public key already set\n"
+msgstr "%s: udelod: offentlig nøgle er allerede tilstede\n"
+
+#: g10/pkclist.c:1045
+#, fuzzy, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "ukendt standard modtager '%s'\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: udelod: offentlignøgle er slået fra\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "ingen gyldige adresser\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "nøgle %08lX: ingen bruger-id\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "nøgle %08lX: ingen bruger-id\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr ""
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr ""
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "læser stdin ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr ""
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr ""
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "kan ikke åbne %s: %s\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:246
+#, fuzzy, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "valgte cifferalgoritme %d er ugyldig\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:304
+#, fuzzy, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "hemmelige nøgler import: %lu\n"
+
+#: g10/pubkey-enc.c:310
+#, fuzzy
+msgid "NOTE: key has been revoked"
+msgstr "nøgle %08lX: nøgle er blevet annulleret!\n"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, fuzzy, c-format
+msgid "build_packet failed: %s\n"
+msgstr "fjernelse af beskyttelse fejlede: %s\n"
+
+#: g10/revoke.c:145
+#, fuzzy, c-format
+msgid "key %s has no user IDs\n"
+msgstr "nøgle %08lX: ingen bruger-id\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr ""
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr ""
+
+#: g10/revoke.c:314
+#, fuzzy
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Generér en annullérbar certifikat"
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr ""
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, fuzzy, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "signering fejlede: %s\n"
+
+#: g10/revoke.c:405
+#, fuzzy
+msgid "Revocation certificate created.\n"
+msgstr "nøgle %08lX: offentlig nøgle importeret\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr ""
+
+#: g10/revoke.c:470
+#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "%s: bruger ikke fundet: %s\n"
+
+#: g10/revoke.c:497
+#, fuzzy, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "skriver offentligt certifikat til '%s'\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr ""
+
+#: g10/revoke.c:515
+#, fuzzy
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Generér en annullérbar certifikat"
+
+#: g10/revoke.c:532
+#, fuzzy
+msgid "unknown protection algorithm\n"
+msgstr "ukendt kompressionsalgoritme"
+
+#: g10/revoke.c:540
+#, fuzzy
+msgid "NOTE: This key is not protected!\n"
+msgstr "Denne nøgle er ikke beskyttet.\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+
+#: g10/revoke.c:633
+#, fuzzy
+msgid "Please select the reason for the revocation:\n"
+msgstr "rev- forkert nøgletilbagekald\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr ""
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr ""
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr ""
+
+#: g10/revoke.c:714
+#, fuzzy, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "rev- forkert nøgletilbagekald\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr ""
+
+#: g10/revoke.c:721
+#, fuzzy
+msgid "Is this okay? (y/N) "
+msgstr "Brug denne nøgle alligevel? "
+
+#: g10/seckey-cert.c:55
+#, fuzzy
+msgid "secret key parts are not available\n"
+msgstr "hemmelig nøgle ikke tilgængelig"
+
+#: g10/seckey-cert.c:61
+#, fuzzy, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "valgte cifferalgoritme %d er ugyldig\n"
+
+#: g10/seckey-cert.c:72
+#, fuzzy, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "valgte cifferalgoritme %d er ugyldig\n"
+
+#: g10/seckey-cert.c:291
+#, fuzzy
+msgid "Invalid passphrase; please try again"
+msgstr "ugyldig kodesætning"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr ""
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr ""
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr ""
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+
+#: g10/sig-check.c:211
+#, fuzzy, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "nøgle %08lX: offentlig nøgle importeret\n"
+
+#: g10/sig-check.c:212
+#, fuzzy, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "nøgle %08lX: offentlig nøgle importeret\n"
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+
+#: g10/sig-check.c:239
+#, fuzzy, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "Denne nøgle er ikke beskyttet.\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "nøgle %08lX: nøgle er blevet annulleret!\n"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+
+#: g10/sig-check.c:591
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "nøgle %08lX: undernøgle er blevet annulleret!\n"
+
+#: g10/sig-check.c:618
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "nøgle %08lX: undernøgle er blevet annulleret!\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+
+#: g10/sign.c:311
+#, fuzzy, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "Kan ikke tjekke signatur: %s\n"
+
+#: g10/sign.c:320
+#, fuzzy, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s signatur fra: %s\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "signerer:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr ""
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+
+#: g10/skclist.c:174
+#, fuzzy, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "vis præferencer"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "%s: udelod: %s\n"
+
+#: g10/skclist.c:190
+#, fuzzy
+msgid "skipped: secret key already present\n"
+msgstr "udelod: hemmelig nøgle er allerede tilstede\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr ""
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, fuzzy, c-format
+msgid "error in `%s': %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr ""
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+#, fuzzy
+msgid "invalid fingerprint"
+msgstr "fejl i trailerlinie\n"
+
+#: g10/tdbdump.c:180
+#, fuzzy
+msgid "ownertrust value missing"
+msgstr "importér ejertillidsværdierne"
+
+#: g10/tdbdump.c:216
+#, fuzzy, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: g10/tdbdump.c:220
+#, fuzzy, c-format
+msgid "read error in `%s': %s\n"
+msgstr "panser: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr ""
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr ""
+
+#: g10/tdbio.c:500
+#, fuzzy, c-format
+msgid "can't access `%s': %s\n"
+msgstr "kan ikke åbne '%s': %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr ""
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, fuzzy, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "kan ikke oprette %s: %s\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, fuzzy, c-format
+msgid "can't lock `%s'\n"
+msgstr "kan ikke åbne `%s'\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr ""
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr ""
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr ""
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr ""
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr ""
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr ""
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr ""
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr ""
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1512
+msgid "Error: The trustdb is corrupted.\n"
+msgstr ""
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr ""
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr ""
+
+#: g10/trustdb.c:221
+#, fuzzy, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "%s er ikke et gyldigt tegnsæt\n"
+
+#: g10/trustdb.c:252
+#, fuzzy, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr ""
+
+#: g10/trustdb.c:305
+#, fuzzy, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: g10/trustdb.c:315
+#, fuzzy, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr ""
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr ""
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+#, fuzzy
+msgid "[ revoked]"
+msgstr "tilføj nøgle"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+#, fuzzy
+msgid "[ expired]"
+msgstr "udløb"
+
+#: g10/trustdb.c:528
+#, fuzzy
+msgid "[ unknown]"
+msgstr "ukendt version"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr ""
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr ""
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr ""
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, fuzzy, c-format
+msgid "public key %s not found: %s\n"
+msgstr "offentlig nøgle ikke fundet"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr ""
+
+#: g10/trustdb.c:1057
+#, fuzzy
+msgid "checking the trustdb\n"
+msgstr "|[NAMES]|tjek tillidsdatabasen"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr ""
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr ""
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr ""
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr ""
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr ""
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "kan ikke åbne '%s': %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "skriver hemmeligt certifikat til '%s'\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "fillæsningsfejl"
+
+#: jnlib/argparse.c:184
+msgid "keyword too long"
+msgstr ""
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "ugyldigt argument"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "konfliktende kommandoer\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "ugyldig rustning"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "ikke bearbejdet"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "ugyldig rustning"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "ikke bearbejdet"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "ugyldig rustning"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "du fandt en fejl ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "kan ikke åbne %s: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "påklædning af beskyttelse fejlede: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "%s: kan ikke oprette mappe: %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "skriver hemmeligt certifikat til '%s'\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "offentlig nøgle ikke fundet"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "skriver hemmeligt certifikat til '%s'\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr "sæt aflusningsflag"
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr "slå fuld fejltjekning til"
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "ændr kodesætningen"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "ændr kodesætningen"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "rev- forkert nøgletilbagekald\n"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "rev- forkert nøgletilbagekald\n"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, fuzzy, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+# er det klogt at oversætte TrustDB?
+#: scd/app-openpgp.c:695
+#, fuzzy, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "kunne ikke initialisere TillidsDB: %s\n"
+
+#: scd/app-openpgp.c:708
+#, fuzzy, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "ingen standard offentlig nøglering\n"
+
+#: scd/app-openpgp.c:1156
+#, fuzzy, c-format
+msgid "reading public key failed: %s\n"
+msgstr "fjernelse af beskyttelse fejlede: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr ""
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "ændr kodesætningen"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, fuzzy, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "påklædning af beskyttelse fejlede: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "ændr kodesætningen"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "ændr kodesætningen"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "rev- forkert nøgletilbagekald\n"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+#, fuzzy
+msgid "error reading application data\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+#, fuzzy
+msgid "error reading fingerprint DO\n"
+msgstr "fejl i trailerlinie\n"
+
+#: scd/app-openpgp.c:2194
+#, fuzzy
+msgid "key already exists\n"
+msgstr "fjern nøgle fra den hemmelige nøglering"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2200
+#, fuzzy
+msgid "generating new key\n"
+msgstr "generér et nyt nøglepar"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "generér et nyt nøglepar"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+# er det klogt at oversætte TrustDB?
+#: scd/app-openpgp.c:2773
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "kunne ikke initialisere TillidsDB: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2872
+#, fuzzy
+msgid "generating key failed\n"
+msgstr "fjernelse af beskyttelse fejlede: %s\n"
+
+#: scd/app-openpgp.c:2875
+#, fuzzy, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "Nøgleoprettelse annulleret.\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "%s signatur fra: %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, fuzzy, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "ingen gyldig OpenPGP data fundet.\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+#, fuzzy
+msgid "|N|Initial New PIN"
+msgstr "Indtast bruger-id: "
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "|FILE|indlæs udvidelsesmodul FILE"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+#, fuzzy
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NAME|brug NAME som standard modtager"
+
+#: scd/scdaemon.c:130
+#, fuzzy
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NAME|brug NAME som standard modtager"
+
+#: scd/scdaemon.c:133
+#, fuzzy
+msgid "do not use the internal CCID driver"
+msgstr "brug overhovedet ikke terminalen"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "konfliktende kommandoer\n"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "ugyldigt radix64 tegn %02x udeladt\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "valgte cifferalgoritme %d er ugyldig\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "hjælp"
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "valgte cifferalgoritme %d er ugyldig\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "kan ikke åbne '%s': %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "skriver hemmeligt certifikat til '%s'\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "fjernelse af beskyttelse fejlede: %s\n"
+
+# er det klogt at oversætte TrustDB?
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "kunne ikke initialisere TillidsDB: %s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "nøgle %08lX: nøgle er blevet annulleret!\n"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "Kan ikke tjekke signatur: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, fuzzy, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "certifikatlæseproblem: %s\n"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "skriver hemmeligt certifikat til '%s'\n"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "certifikatlæseproblem: %s\n"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "certifikatlæseproblem: %s\n"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "certifikatlæseproblem: %s\n"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "certifikatlæseproblem: %s\n"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " nye signaturer: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "nøgle %08lX: offentlig nøgle importeret\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "certifikatlæseproblem: %s\n"
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr ""
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "Fingeraftryk:"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "Godt certifikat"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "Kan ikke tjekke signatur: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+#, fuzzy
+msgid "certificate chain too long\n"
+msgstr "certifikatlæseproblem: %s\n"
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "godkend en signatur"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "certifikatlæseproblem: %s\n"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "nøgle %08lX: offentlig nøgle importeret\n"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr "Godt certifikat"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "n"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "fejl i trailerlinie\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "fejl i trailerlinie\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Du skal bruge en kodesætning til at beskytte din hemmelige nøgle.\n"
+"\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "ugyldig hash-algoritme `%s'\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Ikke en gyldig epostadresse\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "påklædning af beskyttelse fejlede: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) DSA (signér kun)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) ElGamal (kryptér kun)\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "kan ikke åbne nøgleringen"
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "Ingen bruger-id med indeks %d\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "slå nøgle fra"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) ElGamal (signér og kryptér)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (signér kun)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) ElGamal (kryptér kun)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "ugyldig hash-algoritme `%s'\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "Epostadresse: "
+
+#: sm/certreqgen-ui.c:335
+msgid " (end with an empty line):\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "Indtast nyt filnavn"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+msgid " (optional; end with an empty line):\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:344
+#, fuzzy
+msgid "Enter URIs"
+msgstr "Indtast bruger-id: "
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "%s: bruger ikke fundet: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "nøgle %08lX: offentlig nøgle importeret\n"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "vis præferencer"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "fjernelse af beskyttelse fejlede: %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "ingen gyldige adresser\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "vis hemmelige nøgler"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "ugyldigt certifikat"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "Godt certifikat"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "Godt certifikat"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "opret ascii beskyttet uddata"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "brug overhovedet ikke terminalen"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "|FILE|indlæs udvidelsesmodul FILE"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "kørselsmodus: spørg aldrig"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "forvent ja til de fleste sprøgsmål"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "forvent nej til de fleste sprøgsmål"
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "tilføj denne nøglering til nøgleringslisten"
+
+#: sm/gpgsm.c:301
+#, fuzzy
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|NAME|brug NAME som standard hemmelignøgle"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|HOST|brug denne nøgletjener til at slå nøgler op"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NAME|brug cifferalgoritme NAME"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NAME|brug meddelelsesresumé algoritme NAME"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
+
+# Skal alt dette oversættes eller er det flagene?
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntaks: gpg [flag] [filer]\n"
+"sign, check, encrypt eller decrypt\n"
+"standard operation afhænger af inddata\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "brug: gpg [flag] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "kan ikke åbne '%s': %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "ukendt standard modtager '%s'\n"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr ""
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s: udelod: %s\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "importér nøgler fra en nøgleserver: %s\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, fuzzy, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "skriver til `%s'\n"
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "kan ikke åbne '%s': %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr "Totalt antal behandlede: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "Godt certifikat"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+# er det klogt at oversætte TrustDB?
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "kunne ikke initialisere TillidsDB: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "%s: mappe oprettet\n"
+
+# er det klogt at oversætte TrustDB?
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "kunne ikke initialisere TillidsDB: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "fejl i trailerlinie\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "valgte cifferalgoritme %d er ugyldig\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "Kan ikke tjekke signatur: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "Denne nøgle er ikke beskyttet.\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "God signatur fra \""
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " alias \""
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr "skriver selvsignatur\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "afslut"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|FILE|indlæs udvidelsesmodul FILE"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "fjernelse af beskyttelse fejlede: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "ukendt standard modtager '%s'\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "signering fejlede: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+#, fuzzy
+msgid "Options useful for debugging"
+msgstr "slå fuld fejltjekning til"
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|brug pasfrasemodus N"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "fejl ved oprettelse af kodesætning: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NAME|brug NAME som standard hemmelignøgle"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NAME|kryptér for NAME"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "importér nøgler fra en nøgleserver: %s\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+#, fuzzy
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NAME|brug cifrealgoritme NAME for pasfrase"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "ukendt standard modtager '%s'\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "ukendt standard modtager '%s'\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "brug som uddatafil"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "brug: gpg [flag] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "offentlig nøgle ikke fundet"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "skriver hemmeligt certifikat til '%s'\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Kommandoer:\n"
+" "
+
+#: tools/symcryptrun.c:156
+msgid "decryption modus"
+msgstr ""
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "kryptér data"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [filnavn (som gemmes)]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s ikke tilladt med %s!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "kan ikke åbne %s: %s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "%s: kan ikke oprette mappe: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, fuzzy, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "kan ikke åbne %s: %s\n"
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "fejl ved skrivning af nøglering `%s': %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "fejl ved læsning af '%s': %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "kan ikke oprette %s: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "kan ikke oprette %s: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "påklædning af beskyttelse fejlede: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "fjernelse af beskyttelse fejlede: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "påklædning af beskyttelse fejlede: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "påklædning af beskyttelse fejlede: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "signering fejlede: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "kan ikke oprette %s: %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "kan ikke oprette %s: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "valgte cifferalgoritme %d er ugyldig\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Brug: gpg [flag] [filer] (-h for hjælp)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr "Rapportér venligst fejl til <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr "Rapportér venligst fejl til <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "DSA nøglepar vil have 1024 bit.\n"
+
+#, fuzzy
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Gentag kodesætning: "
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "læser indstillinger fra `%s'\n"
+
+#~ msgid "|[file]|make a signature"
+#~ msgstr "|[filer]|opret en signatur"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[filer]|opret en signatur"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[filer]|opret rentekst signatur"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|NAME|brug NAME som standard modtager"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "brug standard nøglen som standard modtager"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "tving v3 signaturer"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "brug altid en MDC for kryptering"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "tilføj denne hemmeligenøglering til listen"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|NAME|sæt terminal karaktersæt til NAME"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|FILE|indlæs udvidelsesmodul FILE"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|brug kompresalgoritme N"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "fjern nøgle fra den offentlige nøglering"
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Indtast nøglens størrelse"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Svar \"ja\" eller \"nej\""
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Svar \"ja\" hvis det er ok at overskrive filen"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Indtast et nyt filnavn. Hvis du bare trykker RETUR vil det\n"
+#~ "forvalgte navn (som er vist i klammer) blive brugt."
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "hjælp"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr "rev- forkert nøgletilbagekald\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Vælg venligst hvilken slags nøgle du vil have:\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Indtast kodesætning: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Gentag kodesætning: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [bruger-id] [nøglering]"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "kan ikke åbne `%s'\n"
+
+#, fuzzy
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "kan ikke åbne '%s': %s\n"
+
+#, fuzzy
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "kan ikke åbne '%s': %s\n"
+
+#, fuzzy
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "kan ikke åbne '%s': %s\n"
+
+#, fuzzy
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "kan ikke åbne '%s': %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "ADVARSEL: bruger usikker tilfældig-nummer-generator!!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Den tilfældige nummer generator er kun en \"kludge\" for at\n"
+#~ "lade den køre - det er ikke en stærk RNG!\n"
+#~ "\n"
+#~ "BENYT IKKE DATA GENERERET AF DETTE PROGRAM!!!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Ikke nok tilfældige byte tilgængelig. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Kræver %d byte mere)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "hemmelig nøgle ikke tilgængelig"
+
+#, fuzzy
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "RSA nøgle kan ikke bruges i denne version\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr " nye bruger-id'er: %lu\n"
+
+#~ msgid "general error"
+#~ msgstr "generel fejl"
+
+#~ msgid "unknown packet type"
+#~ msgstr "ukendt pakketype"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "ukendt offentlig nøglealgoritme"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "ukendt sammenfatningsalgoritme"
+
+#~ msgid "bad public key"
+#~ msgstr "dårlig offentlig nøgle"
+
+#~ msgid "bad secret key"
+#~ msgstr "dårlig hemmelig nøgle"
+
+#~ msgid "bad signature"
+#~ msgstr "dårlig signatur"
+
+#~ msgid "checksum error"
+#~ msgstr "tjeksumsfejl"
+
+#~ msgid "unknown cipher algorithm"
+#~ msgstr "ukendt cifferalgoritme "
+
+#~ msgid "invalid packet"
+#~ msgstr "ugyldig pakke"
+
+#~ msgid "invalid armor"
+#~ msgstr "ugyldig rustning"
+
+#~ msgid "no such user id"
+#~ msgstr "ikke-eksisterende bruger id"
+
+#~ msgid "secret key not available"
+#~ msgstr "hemmelig nøgle ikke tilgængelig"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "forkert hemmelig nøgle brugt"
+
+#~ msgid "not supported"
+#~ msgstr "ikke understøttet"
+
+#~ msgid "bad key"
+#~ msgstr "dårlig nøgle"
+
+#~ msgid "file write error"
+#~ msgstr "filskrivningsfejl"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "ukendt kompressionsalgoritme"
+
+#~ msgid "file open error"
+#~ msgstr "filåbningsfejl"
+
+#~ msgid "file create error"
+#~ msgstr "filoprettelsesfejl"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "ugyldig kodesætning"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "uimplementeret offentlig nøglealgoritme"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "uimplementeret cifferalgoritme"
+
+#~ msgid "unknown signature class"
+#~ msgstr "ukendt signaturklasse"
+
+#~ msgid "trust database error"
+#~ msgstr "tillidsdatabasefejl"
+
+#~ msgid "resource limit"
+#~ msgstr "resursegrænse"
+
+#~ msgid "invalid keyring"
+#~ msgstr "ugyldig nøglering"
+
+#~ msgid "malformed user id"
+#~ msgstr "dårlig bruger-id"
+
+#~ msgid "file close error"
+#~ msgstr "fillukningsfejl"
+
+#~ msgid "file rename error"
+#~ msgstr "filomdøbningsfejl"
+
+#~ msgid "file delete error"
+#~ msgstr "filsletningsfejl"
+
+#~ msgid "unexpected data"
+#~ msgstr "uforventet data"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "tidsstempelkonflikt"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "uanvendelig offentlig nøglealgoritme"
+
+#~ msgid "file exists"
+#~ msgstr "fil eksisterer"
+
+#~ msgid "weak key"
+#~ msgstr "svag nøgle"
+
+#~ msgid "bad URI"
+#~ msgstr "ugyldig URI"
+
+#~ msgid "unsupported URI"
+#~ msgstr "ikke-understøttet URI"
+
+#~ msgid "network error"
+#~ msgstr "netværksfejl"
+
+#~ msgid "not processed"
+#~ msgstr "ikke bearbejdet"
+
+#, fuzzy
+#~ msgid "unusable public key"
+#~ msgstr "dårlig offentlig nøgle"
+
+#, fuzzy
+#~ msgid "unusable secret key"
+#~ msgstr "dårlig hemmelig nøgle"
+
+#, fuzzy
+#~ msgid "keyserver error"
+#~ msgstr "generel fejl"
+
+#, fuzzy
+#~ msgid "no card"
+#~ msgstr "ikke krypteret"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "kryptér data"
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... dette er en fejl (%s:%d:%s)\n"
+
+#, fuzzy
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "Advarsel: benytter ubeskyttet hukommelse!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "operation er ikke mulig uden beskyttet hukommelse indlæst\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(du kan have brugt et forkert program til denne opgave)\n"
+
+#, fuzzy
+#~ msgid "all export-clean-* options from above"
+#~ msgstr "læs indstillinger fra fil"
+
+#, fuzzy
+#~ msgid "all import-clean-* options from above"
+#~ msgstr "læs indstillinger fra fil"
+
+#, fuzzy
+#~ msgid "expired: %s)"
+#~ msgstr "Nøgle udløber d. %s\n"
+
+#, fuzzy
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "kan ikke åbne %s: %s\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "Ingen bruger-ID for nøgle\n"
+
+#, fuzzy
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr "ukendt cifferalgoritme "
+
+#~ msgid "list signatures"
+#~ msgstr "vis signaturer"
+
+#~ msgid "sign the key"
+#~ msgstr "signér nøglen"
+
+#~ msgid "add a secondary key"
+#~ msgstr "tilføj sekundær nøgle"
+
+#~ msgid "delete signatures"
+#~ msgstr "slet signaturer"
+
+#~ msgid "change the expire date"
+#~ msgstr "ændr udløbsdatoen"
+
+#, fuzzy
+#~ msgid "set preference list"
+#~ msgstr "vis præferencer"
+
+#, fuzzy
+#~ msgid "updated preferences"
+#~ msgstr "vis præferencer"
+
+#~ msgid "No secondary key with index %d\n"
+#~ msgstr "Ingen sekundær nøgle med indeks %d\n"
+
+#, fuzzy
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--sign-key bruger-id"
+
+#, fuzzy
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--sign-key bruger-id"
+
+#, fuzzy
+#~ msgid "sign the key non-revocably"
+#~ msgstr "signér nøglen lokalt"
+
+#, fuzzy
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "signér nøglen lokalt"
+
+#~ msgid "q"
+#~ msgstr "a"
+
+#~ msgid "list"
+#~ msgstr "vis"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "debug"
+#~ msgstr "aflus"
+
+#, fuzzy
+#~ msgid "name"
+#~ msgstr "slåtil"
+
+#, fuzzy
+#~ msgid "login"
+#~ msgstr "lsignér"
+
+#, fuzzy
+#~ msgid "cafpr"
+#~ msgstr "fpr"
+
+#, fuzzy
+#~ msgid "generate"
+#~ msgstr "generel fejl"
+
+#~ msgid "passwd"
+#~ msgstr "kodeord"
+
+#~ msgid "save"
+#~ msgstr "gem"
+
+#~ msgid "fpr"
+#~ msgstr "fpr"
+
+#~ msgid "uid"
+#~ msgstr "uid"
+
+#~ msgid "key"
+#~ msgstr "nøgle"
+
+#~ msgid "check"
+#~ msgstr "tjek"
+
+#~ msgid "c"
+#~ msgstr "c"
+
+#~ msgid "sign"
+#~ msgstr "signér"
+
+#~ msgid "s"
+#~ msgstr "s"
+
+#, fuzzy
+#~ msgid "tsign"
+#~ msgstr "signér"
+
+#~ msgid "lsign"
+#~ msgstr "lsignér"
+
+#, fuzzy
+#~ msgid "nrsign"
+#~ msgstr "signér"
+
+#, fuzzy
+#~ msgid "nrlsign"
+#~ msgstr "signér"
+
+#~ msgid "adduid"
+#~ msgstr "tilføj-bid"
+
+#~ msgid "deluid"
+#~ msgstr "sletbid"
+
+#, fuzzy
+#~ msgid "addcardkey"
+#~ msgstr "tilføj nøgle"
+
+#~ msgid "delkey"
+#~ msgstr "sletnøgle"
+
+#, fuzzy
+#~ msgid "addrevoker"
+#~ msgstr "tilføj nøgle"
+
+#~ msgid "delsig"
+#~ msgstr "sletsig"
+
+#~ msgid "expire"
+#~ msgstr "udløb"
+
+#~ msgid "toggle"
+#~ msgstr "skift"
+
+#~ msgid "t"
+#~ msgstr "s"
+
+#~ msgid "pref"
+#~ msgstr "præf"
+
+#, fuzzy
+#~ msgid "showpref"
+#~ msgstr "vispræf"
+
+#, fuzzy
+#~ msgid "setpref"
+#~ msgstr "præf"
+
+#, fuzzy
+#~ msgid "updpref"
+#~ msgstr "præf"
+
+#, fuzzy
+#~ msgid "keyserver"
+#~ msgstr "generel fejl"
+
+#~ msgid "trust"
+#~ msgstr "betro"
+
+#, fuzzy
+#~ msgid "revuid"
+#~ msgstr "sletbid"
+
+#~ msgid "disable"
+#~ msgstr "slåfra"
+
+#~ msgid "enable"
+#~ msgstr "slåtil"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "DSA tillader kun nøglestørrelser fra 512 til 1024\n"
+
+#, fuzzy
+#~ msgid "Are you sure that you want this keysize? (y/N) "
+#~ msgstr "Er du sikker på at de vil benytte denne nøglestørrelse? "
+
+#, fuzzy
+#~ msgid " \""
+#~ msgstr " alias \""
+
+#~ msgid "key %08lX: key has been revoked!\n"
+#~ msgstr "nøgle %08lX: nøgle er blevet annulleret!\n"
+
+#~ msgid "key %08lX: subkey has been revoked!\n"
+#~ msgstr "nøgle %08lX: undernøgle er blevet annulleret!\n"
+
+#~ msgid "%08lX: key has expired\n"
+#~ msgstr "%08lX: nøgle er udløbet\n"
+
+#~ msgid "%08lX: We do NOT trust this key\n"
+#~ msgstr "%08lX: Vi stoler IKKE på denne nøgle\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (auth only)\n"
+#~ msgstr " (%d) DSA (signér kun)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign and auth)\n"
+#~ msgstr " (%d) ElGamal (signér og kryptér)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (encrypt and auth)\n"
+#~ msgstr " (%d) ElGamal (kryptér kun)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign, encrypt and auth)\n"
+#~ msgstr " (%d) ElGamal (signér og kryptér)\n"
+
+#~ msgid "%s: can't open: %s\n"
+#~ msgstr "%s: kan ikke åbne: %s\n"
+
+#~ msgid "%s: WARNING: empty file\n"
+#~ msgstr "%s: ADVARSEL: tom fil\n"
+
+#~ msgid "Really sign? "
+#~ msgstr "Vil du gerne signere? "
+
+#, fuzzy
+#~ msgid "expires"
+#~ msgstr "udløb"
+
+#, fuzzy
+#~ msgid "%s: can't make lock\n"
+#~ msgstr "%s: kan ikke åbne: %s\n"
+
+#, fuzzy
+#~ msgid "Unable to open photo \"%s\": %s\n"
+#~ msgstr "kan ikke åbne %s: %s\n"
+
+#, fuzzy
+#~ msgid "error: no ownertrust value\n"
+#~ msgstr "eksportér ejertillidsværdierne"
+
+#~ msgid " (main key ID %08lX)"
+#~ msgstr " (hovednøgle-ID %08lX)"
+
+#, fuzzy
+#~ msgid "rev! subkey has been revoked: %s\n"
+#~ msgstr "rev! undernøgle er blevet annulleret! %s\n"
+
+#, fuzzy
+#~ msgid "rev- faked revocation found\n"
+#~ msgstr "rev- forkert nøgletilbagekald\n"
+
+#, fuzzy
+#~ msgid " [expired: %s]"
+#~ msgstr "Nøgle udløber d. %s\n"
+
+#, fuzzy
+#~ msgid " [expires: %s]"
+#~ msgstr "Nøgle udløber d. %s\n"
+
+#, fuzzy
+#~ msgid " [revoked: %s]"
+#~ msgstr "tilføj nøgle"
+
+#~ msgid "store only"
+#~ msgstr "gem kun"
+
+#, fuzzy
+#~ msgid "sign a key locally and non-revocably"
+#~ msgstr "signér en nøgle lokalt"
+
+#~ msgid "list only the sequence of packets"
+#~ msgstr "vis kun pakkesekvensen"
+
+#~ msgid "export the ownertrust values"
+#~ msgstr "eksportér ejertillidsværdierne"
+
+#, fuzzy
+#~ msgid "unattended trust database update"
+#~ msgstr "opdatér tillidsdatabasen"
+
+#~ msgid "fix a corrupted trust database"
+#~ msgstr "reparér en ødelagt tillidsdatabase"
+
+#~ msgid "De-Armor a file or stdin"
+#~ msgstr "De-beskydt en fil el. stdin"
+
+#~ msgid "En-Armor a file or stdin"
+#~ msgstr "Beskydt en fil el. stdin"
+
+#, fuzzy
+#~ msgid "do not force v3 signatures"
+#~ msgstr "tving v3 signaturer"
+
+#, fuzzy
+#~ msgid "force v4 key signatures"
+#~ msgstr "tving v3 signaturer"
+
+#, fuzzy
+#~ msgid "do not force v4 key signatures"
+#~ msgstr "tving v3 signaturer"
+
+#, fuzzy
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "brug altid en MDC for kryptering"
+
+#, fuzzy
+#~ msgid "|[file]|write status info to file"
+#~ msgstr "|FD|skriv statusinfo til denne FD"
+
+#~ msgid "emulate the mode described in RFC1991"
+#~ msgstr "emulér modusen beskrevet i RFC1991"
+
+#~ msgid "set all packet, cipher and digest options to OpenPGP behavior"
+#~ msgstr "sæt alle pakker, cifre og resumé flag til OpenPGP standard"
+
+#, fuzzy
+#~ msgid "set all packet, cipher and digest options to PGP 2.x behavior"
+#~ msgstr "sæt alle pakker, cifre og resumé flag til OpenPGP standard"
+
+#~ msgid "|NAME|use message digest algorithm NAME for passphrases"
+#~ msgstr "|NAME|brug meddelelses resuméalgoritme NAME for pasfrase"
+
+#~ msgid "key %08lX: not a rfc2440 key - skipped\n"
+#~ msgstr "nøgle %08lX: ikke en rfc2440 nøgle - udeladt\n"
+
+#, fuzzy
+#~ msgid " (default)"
+#~ msgstr "(standard er 1)"
+
+#~ msgid "Policy: "
+#~ msgstr "Politik: "
+
+#, fuzzy
+#~ msgid "can't get key from keyserver: %s\n"
+#~ msgstr "importér nøgler fra en nøgleserver: %s\n"
+
+#, fuzzy
+#~ msgid "%lu keys so far checked (%lu signatures)\n"
+#~ msgstr "%lu nøgler behandlet indtil nu\n"
+
+#, fuzzy
+#~ msgid "key %08lX incomplete\n"
+#~ msgstr "nøgle %08lX: ingen bruger-id\n"
+
+#, fuzzy
+#~ msgid "quit|quit"
+#~ msgstr "afslut"
+
+#~ msgid " (%d) ElGamal (sign and encrypt)\n"
+#~ msgstr " (%d) ElGamal (signér og kryptér)\n"
+
+#, fuzzy
+#~ msgid "Create anyway? "
+#~ msgstr "Brug denne nøgle alligevel? "
+
+#, fuzzy
+#~ msgid "invalid symkey algorithm detected (%d)\n"
+#~ msgstr "ugyldig hash-algoritme `%s'\n"
+
+#~ msgid " Fingerprint:"
+#~ msgstr " Fingeraftryk:"
+
+#~ msgid "|NAME=VALUE|use this notation data"
+#~ msgstr "|NAME=VALUE|brug denne notationsdata"
+
+#~ msgid ""
+#~ "the first character of a notation name must be a letter or an underscore\n"
+#~ msgstr ""
+#~ "første bogstav af en notationsnavn skal være et bogstave eller en "
+#~ "understregning\n"
+
+#, fuzzy
+#~ msgid "Are you sure you still want to sign it?\n"
+#~ msgstr "Er du sikker på at de vil benytte denne nøglestørrelse? "
+
+#, fuzzy
+#~ msgid " Are you sure you still want to sign it?\n"
+#~ msgstr "Er du sikker på at de vil benytte denne nøglestørrelse? "
+
+#~ msgid "--delete-secret-key user-id"
+#~ msgstr "--delete-secret-key bruger-id"
+
+#~ msgid "--delete-key user-id"
+#~ msgstr "--delete-key bruger-id"
+
+#, fuzzy
+#~ msgid "--delete-secret-and-public-key user-id"
+#~ msgstr "--delete-secret-and-public-key bruger-id"
+
+#~ msgid "skipped: public key already set with --encrypt-to\n"
+#~ msgstr "udeladt: offentlig nøgle er allerede valgt med --encrypt-to\n"
+
+#, fuzzy
+#~ msgid ""
+#~ "\n"
+#~ "WARNING: This is a PGP2-style key\n"
+#~ msgstr "ADVARSEL: '%s' er en tom fil\n"
+
+#~ msgid "sSmMqQ"
+#~ msgstr "sSmMqQ"
+
+#, fuzzy
+#~ msgid "%lu key(s) to refresh\n"
+#~ msgstr "%lu nøgler behandlet indtil nu\n"
+
+#~ msgid ""
+#~ "No trust values changed.\n"
+#~ "\n"
+#~ msgstr "Ingen tillidsværdier er ændret.\n"
+
+#~ msgid "%08lX: no info to calculate a trust probability\n"
+#~ msgstr "%08lX: ignen info til at udregne en tillidssandsynlighed\n"
+
+#~ msgid "%s: error checking key: %s\n"
+#~ msgstr "%s: fejl ved undersøgelse af nøgle: %s\n"
+
+#~ msgid "can't lock keyring `%s': %s\n"
+#~ msgstr "kan ikke låse nøglering `%s': %s\n"
+
+#~ msgid "No key for user ID\n"
+#~ msgstr "Ingen nøgle for bruger-ID\n"
+
+#~ msgid "do not write comment packets"
+#~ msgstr "skriv ikke kommentarpakker"
+
+#~ msgid "(default is 3)"
+#~ msgstr "(standard er 3)"
+
+#~ msgid " (%d) ElGamal in a v3 packet\n"
+#~ msgstr " (%d) ElGamal i en v3 pakke\n"
diff --git a/po/de.gmo b/po/de.gmo
new file mode 100644
index 0000000..02fce90
--- /dev/null
+++ b/po/de.gmo
Binary files differ
diff --git a/po/de.po b/po/de.po
new file mode 100644
index 0000000..5914e39
--- /dev/null
+++ b/po/de.po
@@ -0,0 +1,9034 @@
+# GnuPG German translation
+# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+# 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+# Walter Koch <koch@u32.de>, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006
+# Merged with the gnupg 1.9.23 translation by Werner Koch on 2006-09-25.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg-2.0.18\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2012-03-26 14:36+0200\n"
+"Last-Translator: Werner Koch <wk@gnupg.org>\n"
+"Language-Team: German <de@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+
+#: agent/call-pinentry.c:244
+#, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "Die Sperre für das Pinentry kann nicht gesetzt werden: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr "_OK"
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr "_Abbrechen"
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr "PIN:"
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr "Qualität:"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+"Die Qualität der Passphrase, die Sie oben eingegeben haben.\n"
+"Bitte fragen sie Ihren Systembeauftragten nach den\n"
+"Kriterien für die Messung der Qualität."
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+"Bitte geben Sie Ihre PIN ein, so daß der geheime Schlüssel benutzt werden "
+"kann"
+
+#: agent/call-pinentry.c:719
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+"Bitte geben Sie Ihre Passphrase ein, so daß der geheime Schlüssel benutzt "
+"werden kann."
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr "SETERROR %s (Versuch %d von %d)"
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+msgid "PIN too long"
+msgstr "Die PIN ist zu lang"
+
+#: agent/call-pinentry.c:800
+msgid "Passphrase too long"
+msgstr "Das Mantra (Passphrase) ist zu lang!"
+
+#: agent/call-pinentry.c:808
+msgid "Invalid characters in PIN"
+msgstr "Ungültige Zeichen in der PIN!"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr "Die PIN ist zu kurz!"
+
+#: agent/call-pinentry.c:825
+msgid "Bad PIN"
+msgstr "Falsche PIN!"
+
+#: agent/call-pinentry.c:826
+msgid "Bad Passphrase"
+msgstr "Falsche Passphrase!"
+
+#: agent/call-pinentry.c:863
+msgid "Passphrase"
+msgstr "Passphrase"
+
+#: agent/command-ssh.c:531
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "SSH Schlüssel von mehr als %d Bits werden nicht unterstützt\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "'%s' kann nicht erzeugt werden: %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "'%s' kann nicht geöffnet werden: %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "Fehler beim Holen der Karten-Seriennummer: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr "Erkannte Karte hat die Seriennummer: %s\n"
+
+#: agent/command-ssh.c:1717
+#, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "Fehler beim Holen der Authentisierungsschlüssel-ID der Karte: %s\n"
+
+#: agent/command-ssh.c:1737
+#, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "keine passender Kartenschlüssel gefunden: %s\n"
+
+#: agent/command-ssh.c:1787
+#, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "\"Shadowing\" des Schlüssels schlug fehl: %s\n"
+
+#: agent/command-ssh.c:1802
+#, c-format
+msgid "error writing key: %s\n"
+msgstr "Fehler beim Schreiben des Schlüssels: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+"Ein ssh Prozess hat den Schlüssel%%0A %s%%0A (%s)%%0Aangefordert. Möchten "
+"Sie dies erlauben?"
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr "Erlauben"
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr "Verweigern"
+
+#: agent/command-ssh.c:2155
+#, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr ""
+"Bitte geben Sie die Passphrase für den SSH-Schlüssel%%0A %F%%0A (%c) ein."
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+msgid "Please re-enter this passphrase"
+msgstr "Bitte geben Sie die Passphrase noch einmal ein:"
+
+#: agent/command-ssh.c:2509
+#, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"Bitte geben Sie eine Passphrase ein, um den empfangenen geheimen\n"
+"Schlüssel%%0A %s%%0A %s%%0Aim Schlüsselspeicher des Gpg-Agenten zu "
+"schützen."
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr "Keine Ãœbereinstimmung - bitte nochmal versuchen."
+
+#: agent/command-ssh.c:3054
+#, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "Das Erzeugen eines Datenstroms aus dem Socket schlug fehl: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr "Die legen Sie die Karte mit der folgenden Seriennummer ein:"
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+"Bitte entfernen Sie die vorhanden Karte und legen Sie die mit der folgenden "
+"Seriennummer ein:"
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr "Admin-PIN"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr "PUK"
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr "Rückstellcode"
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr "%s%%0A%%0AZur Eingabe die Tastatur des Kartenlesers verwenden."
+
+#: agent/divert-scd.c:287
+msgid "Repeat this Reset Code"
+msgstr "Rückstellcode bitte wiederholen"
+
+#: agent/divert-scd.c:289
+msgid "Repeat this PUK"
+msgstr "PUK bitte wiederholen"
+
+#: agent/divert-scd.c:290
+msgid "Repeat this PIN"
+msgstr "PIN bitte wiederholen"
+
+#: agent/divert-scd.c:295
+msgid "Reset Code not correctly repeated; try again"
+msgstr "Rückstellcode wurde nicht richtig wiederholt; noch einmal versuchen"
+
+#: agent/divert-scd.c:297
+msgid "PUK not correctly repeated; try again"
+msgstr "PUK wurde nicht richtig wiederholt; noch einmal versuchen"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "PIN wurde nicht richtig wiederholt; noch einmal versuchen"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "Bitte geben Sie die PIN%s%s%s ein, um die Karte zu entsperren"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "Fehler beim Erstellen einer temporären Datei: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "Fehler beim Schreiben auf eine temporäre Datei: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+msgid "Enter new passphrase"
+msgstr "Neue Passphrase eingeben"
+
+#: agent/genkey.c:167
+msgid "Take this one anyway"
+msgstr "Diese trotzdem benutzen"
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+"WARNUNG: Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben. "
+"Eine Passphrase sollte%%0Amindestens %u Zeichen lang sein."
+msgstr[1] ""
+"WARNUNG: Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben. "
+"Eine Passphrase sollte%%0Amindestens %u Zeichen lang sein."
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+"WARNUNG: Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben. "
+"Eine Passphrase sollte%%0Amindestens %u Sonderzeichen oder eine Ziffer "
+"enthalten."
+msgstr[1] ""
+"WARNUNG: Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben. "
+"Eine Passphrase sollte%%0Amindestens %u Sonderzeichen oder Ziffern enthalten."
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+"WARNUNG: Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben. "
+"Eine Passphrase sollte kein%%0Abekanntes Wort sein oder nach bekannten "
+"Regeln aufgebaut sein."
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+"Sie haben keine Passphrase eingegeben!%0AEine leere Passphrase ist nicht "
+"erlaubt."
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+"Sie möchten keine Passphrase - Dies ist *nicht* zu empfehlen!%0ABitte\n"
+"bestätigen Sie, daß sie auf jeden Schutz Ihres privaten Schlüssels\n"
+"verzichten."
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr "Ja, ein Schutz ist nicht notwendig"
+
+#: agent/genkey.c:308
+#, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr "Bitte geben Sie die Passphrase ein,%0Aum Ihren Schlüssel zu schützen."
+
+#: agent/genkey.c:431
+msgid "Please enter the new passphrase"
+msgstr "Bitte geben Sie die Passphrase ein:"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@Optionen:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr "Im Server Modus ausführen"
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr "Im Daemon Modus ausführen"
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "Detaillierte Informationen"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "Reduzierte Informationen"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr "Ausgabe für /bin/sh"
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr "Ausgabe für /bin/csh"
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+msgid "|FILE|read options from FILE"
+msgstr "|DATEI|Konfigurationsoptionen aus DATEI lesen"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr "Im Vordergrund laufen lassen"
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr "Tastatur und Maus nicht \"grabben\""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+msgid "use a log file for the server"
+msgstr "Logausgaben in eine Datei umlenken"
+
+#: agent/gpg-agent.c:138
+msgid "use a standard location for the socket"
+msgstr "Benutze einen Standardnamen für den Socket"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr "|PGM|benutze PGM as PIN-Entry"
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr "|PGM|benutze PGM als SCdaemon"
+
+#: agent/gpg-agent.c:145
+msgid "do not use the SCdaemon"
+msgstr "Den Scdaemon-basierten Kartenzugriff nicht nutzen"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr "Ignoriere Anfragen, das TTY zu wechseln"
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr "Ignoriere Anfragen, das X-Display zu wechseln"
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr "|N|lasse PINs im Cache nach N Sekunden verfallen"
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr "benutze PINs im Cache nicht beim Signieren"
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr "erlaube Aufrufern Schlüssel als \"vertrauenswürdig\" zu markieren"
+
+#: agent/gpg-agent.c:179
+msgid "allow presetting passphrase"
+msgstr "erlaube ein \"preset\" von Passphrases"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr "Die ssh-agent-Emulation anschalten"
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr "|DATEI|Schreibe die Umgebungsvariablen auf DATEI"
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr ""
+"Berichte über Programmfehler bitte in englisch an <@EMAIL@>.\n"
+"Sinn- oder Schreibfehler in den deutschen Texten bitte an <de@li.org>.\n"
+
+#: agent/gpg-agent.c:342
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Aufruf: gpg-agent [Optionen] (-h für Hilfe)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+"Syntax: gpg-agent [Optionen] [Befehl [Argumente]]\n"
+"Verwaltung von geheimen Schlüsseln für GnuPG\n"
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr "ungültige Debugebene `%s' angegeben\n"
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr "Die Bibliothek %s ist nicht aktuell (benötige %s, habe %s)\n"
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "Hinweis: Keine voreingestellte Optionendatei '%s' vorhanden\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "Optionendatei '%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "Optionen werden aus '%s' gelesen\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "Fehler beim Erstellen von `%s': %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "Verzeichnis `%s' kann nicht erzeugt werden: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr "Der Name des Sockets ist zu lang\n"
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, c-format
+msgid "can't create socket: %s\n"
+msgstr "Socket kann nicht erzeugt werden: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "Der Name des Sockets `%s' ist zu lang\n"
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "Ein gpg-agent läuft bereits - ein weiterer wird nicht gestartet\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+msgid "error getting nonce for the socket\n"
+msgstr "Fehler beim Ermitteln der \"Nonce\" dieses Sockets\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "Der Socket kann nicht an `%s' gebunden werden: %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, c-format
+msgid "listen() failed: %s\n"
+msgstr "Der listen()-Aufruf ist fehlgeschlagen: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, c-format
+msgid "listening on socket `%s'\n"
+msgstr "Es wird auf Socket `%s' gehört\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "Verzeichnis `%s' erzeugt\n"
+
+#: agent/gpg-agent.c:1640
+#, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "stat()-Aufruf für `%s' fehlgeschlagen: %s\n"
+
+#: agent/gpg-agent.c:1644
+#, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "Die Datei `%s' kann nicht als Home-Verzeichnis benutzt werden\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "Fehler beim Lesen der \"Nonce\" von FD %d: %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr "Handhabungsroutine 0x%lx für fd %d gestartet\n"
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr "Handhabungsroutine 0x%lx für den fd %d beendet\n"
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr "SSH-Handhabungsroutine 0x%lx für fd %d gestartet\n"
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr "SSH-Handhabungsroutine 0x%lx für fd %d beendet\n"
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "pth_select()-Aufruf fehlgeschlagen: %s - warte 1s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, c-format
+msgid "%s %s stopped\n"
+msgstr "%s %s angehalten\n"
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr "Der gpg-agent läuft nicht für diese Session\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "fehlerhaft aufgebaute GPG_AGENT_INFO - Umgebungsvariable\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "GPG-Agent-Protokoll-Version %d wird nicht unterstützt\n"
+
+#: agent/preset-passphrase.c:98
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Aufruf: gpg-preset-passphrase [Optionen] KEYGRIP (-h für Hilfe)\n"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+"Syntax: gpg-preset-passphrase [Optionen] KEYGRIP\n"
+"Kennwortpuffer-Pflege\n"
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Befehle:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Optionen:\n"
+" "
+
+#: agent/protect-tool.c:166
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Aufruf: gpg-protect-tool [Optionen] (-h für Hilfe)\n"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+"Syntax: gpg-protect-tool [Optionen] [Argumente]\n"
+"Werkzeug zum Bearbeiten von geheimen Schlüsseln\n"
+
+#: agent/protect-tool.c:1162
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Bitte geben Sie die Passphrase zum Entsperren des PKCS#12 Objekts ein."
+
+#: agent/protect-tool.c:1167
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr ""
+"Bitte geben Sie die Passphrase zum Schützen des neuen PKCS#12 Objekts ein."
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+"Bitte geben Sie die Passphrase ein, um das importierte Objekt im GnuPG "
+"System zu schützen."
+
+#: agent/protect-tool.c:1178
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+"Die Eingabe der Passphrase bzw. der PIN\n"
+"wird benötigt, um diese Aktion auszuführen."
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+msgid "Passphrase:"
+msgstr "Passphrase:"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+msgid "cancelled\n"
+msgstr "Vom Benutzer abgebrochen\n"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "Fehler bei der Abfrage der Passphrase: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, c-format
+msgid "error opening `%s': %s\n"
+msgstr "Fehler beim Öffnen von `%s': %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "Datei `%s', Zeile %d: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+"Anweisung \"%s\" in `%s', Zeile %d\n"
+" ignoriert\n"
+
+#: agent/trustlist.c:185
+#, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr ""
+"Systemliste der vertrauenswürdigen Zertifikate '%s' ist nicht vorhanden\n"
+
+#: agent/trustlist.c:229
+#, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "fehlerhafter Fingerabdruck in `%s', Zeile %d\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr "Ungültiges Schlüsselflag in `%s', Zeile %d\n"
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "Fehler beim Lesen von `%s', Zeile %d: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr "Fehler beim Lesen der Liste vertrauenswürdiger root-Zertifikate\n"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+"Wenn Sie vollständiges Vertrauen haben, daß%%0A \"%s\"%%"
+"0ABenutzerzertifikate verläßlich zertifiziert, so antworten Sie mit \"Ja\"."
+
+#: agent/trustlist.c:620 common/audit.c:467
+msgid "Yes"
+msgstr "Ja"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr "Nein"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+"Bitte prüfen Sie, daß das Zertifikat mit dem Namen:%%0A \"%s\"%%0Afolgenden "
+"Fingerabdruck hat:%%0A %s"
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr "Korrekt"
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr "Falsch"
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+"Hinweis: Diese Passphrase wurde noch nie geändert/%0ABitte ändern Sie sie "
+"jetzt."
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+"Diese Passphrase wurde seit dem %.4s-%.2s-%.2s nicht%%0A\n"
+"mehr geändert. Bitte ändern Sie sie jetzt."
+
+#: agent/findkey.c:187 agent/findkey.c:194
+msgid "Change passphrase"
+msgstr "Die Passphrase ändern"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr "Ich werde sie später ändern"
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "Fehler beim Erzeugen einer \"Pipe\": %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "Pipe kann nicht zum Lesen \"fdopen\"t werden: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, c-format
+msgid "error forking process: %s\n"
+msgstr "Fehler beim \"Forken\" des Prozess: %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr "Das Warten auf die Beendigung des Prozesses %d schlug fehl: %s\n"
+
+#: common/exechelp.c:819
+#, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "Fehler beim Holen des Exitwerte des Prozesses %d: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "Fehler bei Ausführung von `%s': Endestatus %d\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr "Fehler bei Ausführung von `%s': wahrscheinlich nicht installiert\n"
+
+#: common/exechelp.c:885
+#, c-format
+msgid "error running `%s': terminated\n"
+msgstr "Fehler bei Ausführung von `%s': beendet\n"
+
+#: common/http.c:1674
+#, c-format
+msgid "error creating socket: %s\n"
+msgstr "Fehler beim Erstellen des Sockets: %s\n"
+
+#: common/http.c:1718
+msgid "host not found"
+msgstr "Host nicht gefunden"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "GPG-Agent ist in dieser Sitzung nicht vorhanden\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "Verbindung zu '%s' kann nicht aufgebaut werden: %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "Kommunikationsproblem mit GPG-Agent\n"
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr "Beim Setzen der gpg-agent Optionen ist ein Problem aufgetreten\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+msgid "canceled by user\n"
+msgstr "Vom Benutzer abgebrochen\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr "Problem mit dem Agenten\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "core-dump-Dateierzeugung kann nicht abgeschaltet werden: %s\n"
+
+#: common/sysutils.c:200
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "WARNUNG: Unsichere Besitzrechte für %s \"%s\"\n"
+
+#: common/sysutils.c:232
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "WARNUNG: Unsichere Zugriffsrechte für %s \"%s\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "ja"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "jJyY"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "nein"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "quit"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "qQ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr "okay|okay"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr "abbrechen|abbrechen"
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr "oO"
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr "cC"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+"Kein sicherer Speicher mehr vorhanden, als %lu Byte zugewiesen werden sollten"
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr "Kein Speicher mehr vorhanden, als %lu Byte zugewiesen werden sollten"
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr "Kein aktiver gpg-agent - es wird einer gestartet\n"
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr "Warte %d Sekunden bis der gpg-agent bereit ist\n"
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr "Verbindung zum gpg-agent nicht möglich - Ersatzmethode wird versucht\n"
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr "|audit-log-result|Korrekt"
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr "|audit-log-result|Falsch"
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr "|audit-log-result|Nicht unterstützt"
+
+#: common/audit.c:481
+msgid "|audit-log-result|No certificate"
+msgstr "|audit-log-result|Zertifikat fehlt"
+
+#: common/audit.c:483
+msgid "|audit-log-result|Not enabled"
+msgstr "|audit-log-result|Nicht eingeschaltet"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr "|audit-log-result|Fehler"
+
+#: common/audit.c:487
+msgid "|audit-log-result|Not used"
+msgstr "|audit-log-result|Nicht benötigt"
+
+#: common/audit.c:489
+msgid "|audit-log-result|Okay"
+msgstr "|audit-log-result|Okay"
+
+#: common/audit.c:491
+msgid "|audit-log-result|Skipped"
+msgstr "|audit-log-result|Ãœbergangen"
+
+#: common/audit.c:493
+msgid "|audit-log-result|Some"
+msgstr "|audit-log-result|Einige"
+
+#: common/audit.c:726
+msgid "Certificate chain available"
+msgstr "Zertifikatkette vorhanden"
+
+#: common/audit.c:733
+msgid "root certificate missing"
+msgstr "Das Wurzelzertifikat fehlt"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr "Verschlüsseln der Daten erfolgreich"
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+msgid "Data available"
+msgstr "Daten vorhanden"
+
+#: common/audit.c:767
+msgid "Session key created"
+msgstr "Sitzungsschlüssel erzeugt"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, c-format
+msgid "algorithm: %s"
+msgstr "Verfahren: %s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, c-format
+msgid "unsupported algorithm: %s"
+msgstr "Nicht unterstütztes Verfahren: %s"
+
+#: common/audit.c:778 common/audit.c:925
+msgid "seems to be not encrypted"
+msgstr "dies is wahrscheinlich nicht verschlüsselt"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr "Anzahl der Empfänger"
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr "Empfänger %d"
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr "Signieren der Daten erfolgreich"
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, c-format
+msgid "data hash algorithm: %s"
+msgstr "Hashverfahren für Daten: %s"
+
+#: common/audit.c:862
+#, c-format
+msgid "Signer %d"
+msgstr "Unterzeichner %d"
+
+#: common/audit.c:866 common/audit.c:1065
+#, c-format
+msgid "attr hash algorithm: %s"
+msgstr "Hashverfahren für Attribute: %s"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr "Entschlüsselung der Daten erfolgreich"
+
+#: common/audit.c:910
+msgid "Encryption algorithm supported"
+msgstr "Verschlüsselungsverfahren %d%s wird nicht unterstützt"
+
+#: common/audit.c:993
+msgid "Data verification succeeded"
+msgstr "Prüfung der Signatur erfolgreich"
+
+#: common/audit.c:1002
+msgid "Signature available"
+msgstr "Signatur vorhanden"
+
+#: common/audit.c:1024
+msgid "Parsing data succeeded"
+msgstr "Syntaxanalyse der Daten erfolgreich"
+
+#: common/audit.c:1036
+#, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "Ungültiges Hashverfahren für Daten: %s"
+
+#: common/audit.c:1051
+#, c-format
+msgid "Signature %d"
+msgstr "Signatur %d"
+
+#: common/audit.c:1079
+msgid "Certificate chain valid"
+msgstr "Zertifikatkette gültig"
+
+#: common/audit.c:1090
+msgid "Root certificate trustworthy"
+msgstr "Wurzelzertifikat vertrauenswürdig"
+
+#: common/audit.c:1111 sm/certchain.c:935
+msgid "no CRL found for certificate"
+msgstr "Keine CRL für das Zertifikat gefunden"
+
+#: common/audit.c:1114 sm/certchain.c:945
+msgid "the available CRL is too old"
+msgstr "Die vorhandene CRL ist zu alt"
+
+#: common/audit.c:1119
+msgid "CRL/OCSP check of certificates"
+msgstr "CRL/OCSP Prüfung der Zertifikate"
+
+#: common/audit.c:1139
+msgid "Included certificates"
+msgstr "Mitgesendete Zertifikate"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr "Keine Einträge in der Audit-Datei"
+
+#: common/audit.c:1243
+msgid "Unknown operation"
+msgstr "Unbekannte Operation"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr "Gpg-Agent benutzbar"
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr "Dirmngr benutzbar"
+
+#: common/audit.c:1307
+#, c-format
+msgid "No help available for `%s'."
+msgstr "Keine Hilfe für '%s' vorhanden."
+
+#: common/helpfile.c:80
+msgid "ignoring garbage line"
+msgstr "Zeile mit nicht identifizierten Zeichen wird ignoriert"
+
+#: common/gettime.c:503
+msgid "[none]"
+msgstr "[keine]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "ASCII-Hülle: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "Ungültige ASCII-Hülle"
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "ASCII-Hülle: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "Ungültige Klartextsignatur-Einleitung\n"
+
+#: g10/armor.c:455
+msgid "unknown armor header: "
+msgstr "Unbekannter Header in der ASCII-Hülle: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "verschachtelte Klartextsignatur\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "Unerwartete ASCII-Hülle: "
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "Ungültige mit Bindestrich \"escapte\" Zeile: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "Ungültiges \"radix64\" Zeichen %02x übersprungen\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "vorzeitiges Dateiende (keine Prüfsumme)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "vorzeitiges Dateiende (innerhalb der Prüfsumme)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "Falsch aufgebaute Prüfsumme\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "Prüfsummenfehler; %06lx - %06lx\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "vorzeitiges Dateiende (im Nachsatz)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "Fehler in der Nachsatzzeile\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "Keine gültigen OpenPGP-Daten gefunden.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "ungültige ASCII-Hülle: Zeile ist länger als %d Zeichen\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"\"quoted printable\" Zeichen in der ASCII-Hülle gefunden - möglicherweise\n"
+" war ein fehlerhafter Email-Transporter(\"MTA\") die Ursache\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"Ein \"notation\"-Name darf nur Buchstaben, Zahlen, Punkte oder Unterstriche "
+"enthalten und muß mit einem '=' enden\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "Ein \"notation\"-Wert darf das '@'-Zeichen nicht verwenden\n"
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "Ein \"notation\"-Wert darf das '@'-Zeichen maximal einmal verwenden\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "Ein \"notation\"-Wert darf keine Kontrollzeichen verwenden\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "WARNUNG: Ungültige \"Notation\"-Daten gefunden\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "nicht als Klartext darstellbar"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "OpenPGP Karte ist nicht vorhanden: %s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "OpenPGP Karte Nr. %s erkannt\n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "Dies kann im Batchmodus nicht durchgeführt werden.\n"
+
+#: g10/card-util.c:106
+msgid "This command is only available for version 2 cards\n"
+msgstr "Dieser Befehl ist nur für Karten ab Version 2 möglich.\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+msgid "Reset Code not or not anymore available\n"
+msgstr "Der Rückstellcode ist nicht vorhanden\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Ihre Auswahl? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[nicht gesetzt]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "männlich"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "weiblich"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "unbestimmt"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "nicht zwingend"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "zwingend"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "Fehler: Nur reines ASCII ist derzeit erlaubt.\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "Fehler: Das Zeichen \"<\" kann nicht benutzt werden.\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "Fehler: Doppelte Leerzeichen sind nicht erlaubt.\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "Familienname des Kartenbesitzers:"
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "Vorname des Kartenbesitzers:"
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+"Fehler: Der zusammengesetzte Name ist zu lang (Grenze beträgt %d Zeichen).\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "URL um den öffentlichen Schlüssel zu holen: "
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "Fehler: URL ist zu lang (Grenze beträgt %d Zeichen).\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "Fehler beim Zuteilen genügenden Speichers: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "Fehler beim Lesen von `%s': %s\n"
+
+#: g10/card-util.c:839
+#, c-format
+msgid "error writing `%s': %s\n"
+msgstr "Fehler beim Schreiben von %s: %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "Logindaten (Kontenname): "
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "Fehler: Logindaten sind zu lang (Grenze beträgt %d Zeichen).\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr "Geheime DO-Daten: "
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "Fehler: Geheime DO-Daten sind zu lang (Grenze beträgt %d Zeichen).\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "Spracheinstellungen"
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "Fehler: Ungültige Länge der Einstellungs-Zeichenfolge.\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Fehler: Ungültige Zeichen in der Einstellungs-Zeichenfolge\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "Geschlecht: (Männlich (M), Weiblich (F) oder Leerzeichen): "
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "Fehler: ungültige Antwort.\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "CA-Fingerabdruck: "
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "Fehler: ungültig geformter Fingerabdruck.\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "Schlüsseloperation nicht möglich: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "Keine gültige OpenPGP-Karte"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "Fehler beim Holen der aktuellen Schlüsselinfo: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "Vorhandenen Schlüssel ersetzen? (j/N) "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+"Hinweis: Es kann nicht sichergestellt werden, daß die Karte die "
+"angeforderte\n"
+" Schlüssellänge unterstützt. Sollte die Erzeugung des Schlüssels \n"
+" fehlschlagen, so ziehen Sie bitte die Dokumentation Ihrer Karte\n"
+" zu Rate.\n"
+
+#: g10/card-util.c:1295
+#, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Welche Schlüssellänge wünschen Sie für den Signatur-Schlüssel? (%u) "
+
+#: g10/card-util.c:1297
+#, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr ""
+"Welche Schlüssellänge wünschen Sie für den Verschlüsselungs-Schlüssel? (%u) "
+
+#: g10/card-util.c:1298
+#, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr ""
+"Welche Schlüssellänge wünschen Sie für den Authentisierungs-Schlüssel? (%u) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "aufgerundet auf %u Bit\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "%s-Schlüssellängen müssen im Bereich %u-%u sein\n"
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+"Die Karte wird nun rekonfiguriert um einen Schlüssel von %u Bit zu erzeugen\n"
+
+#: g10/card-util.c:1342
+#, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "Fehler bem Ändern der Länge des Schlüssels %d auf %u Bit: %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+"Sicherung des Verschlüsselungsschlüssel außerhalb der Karte erstellen? (J/n) "
+
+#: g10/card-util.c:1378
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "ACHTUNG: Auf der Karte sind bereits Schlüssel gespeichert!\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "Vorhandene Schlüssel ersetzen? (j/N) "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"Bitte beachten: Die Werkseinstellung der PINs sind\n"
+" PIN = `%s' Admin-PIN = `%s'\n"
+"Sie sollten sie mittels des Befehls --change-pin ändern\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "Bitte wählen Sie die Art des Schlüssel, der erzeugt werden soll:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) Signatur-Schlüssel\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) Verschlüsselungs-Schlüssel\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) Authentisierungs-Schlüssel\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Ungültige Auswahl.\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "Wählen Sie den Speicherort für den Schlüssel:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "Unbekanntes Schlüssel-Schutzverfahren\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "Geheime Teile des Schlüssels sind nicht vorhanden\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "Geheimer Schlüssel ist bereits auf einer Karte gespeichert\n"
+
+#: g10/card-util.c:1623
+#, c-format
+msgid "error writing key to card: %s\n"
+msgstr "Fehler beim Schreiben des Schlüssels auf die Karte: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "Menü verlassen"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "Zeige Admin-Befehle"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "Diese Hilfe zeigen"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "Alle vorhandenen Daten auflisten"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "Kartenbesitzernamen ändern"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "Schlüssel-holen-URL ändern"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "Holen des Schlüssels mittels der URL auf der Karte"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "Ändern der Logindaten"
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "Ändern der Spracheinstellungen"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "Ändern des Geschlechts des Kartenbesitzers"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "Ändern des CA-Fingerabdrucks"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr "Umschalten des \"Signature-force-PIN\"-Schalters"
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "neue Schlüssel erzeugen"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "Menü für Ändern oder Entsperren der PIN"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr "überprüfe die PIN und liste alle Daten auf"
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr "die PIN mit dem Rückstellcode wieder freigeben"
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr "gpg/card> "
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "nur-Admin Befehl\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "Admin-Befehle sind erlaubt\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "Admin-Befehle sind nicht erlaubt\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Ungültiger Befehl (versuchen Sie's mal mit \"help\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output funktioniert nicht bei diesem Befehl\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "'%s' kann nicht geöffnet werden\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "Schlüssel \"%s\" nicht gefunden: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "Fehler beim Lesen des Schlüsselblocks: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(es sei denn, Sie geben den Schlüssel mittels Fingerprint an)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "dies kann im Batchmodus ohne \"--yes\" nicht durchgeführt werden\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Diesen Schlüssel aus dem Schlüsselbund löschen? (j/N) "
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Dies ist ein privater Schlüssel! - Wirklich löschen? (j/N) "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "löschen des Schlüsselblocks fehlgeschlagen: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "Der \"Ownertrust\" wurde gelöscht\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr ""
+"Es gibt einen privaten Schlüssel zu diesem öffentlichen Schlüssel \"%s\"!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr ""
+"Verwenden Sie zunächst den Befehl \"--delete-secret-key\", um ihn zu "
+"entfernen.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "Fehler beim Erzeugen der Passphrase: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr ""
+"Aufgrund des S2K-Modus kann ein symmetrisches ESK Paket nicht benutzt "
+"werden\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "benutze Cipher %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "`%s' ist bereits komprimiert\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "WARNUNG: '%s' ist eine leere Datei.\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"Im --pgp2-Modus kann nur für RSA-Schlüssel mit maximal 2048 Bit "
+"verschlüsselt werden\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "Lesen von '%s'\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"Die IDEA-Verschlüsselung kann nicht mit allen Zielschlüsseln verwendet "
+"werden.\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"WARNUNG: Erzwungene Verwendung des symmetrischen Verschlüsselungsverfahren %"
+"s (%d) verletzt die Empfängervoreinstellungen\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"WARNUNG: Erzwungenes Kompressionsverfahren %s (%d) verletzt die "
+"Empfängervoreinstellungen.\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"Erzwungene Verwendung des symmetrischen Verschlüsselungsverfahren %s (%d) "
+"verletzt die Empfängervoreinstellungen\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "Die Benutzung von %s ist im %s-Modus nicht erlaubt.\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s verschlüsselt für: %s\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s verschlüsselte Daten\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "Mit unbekanntem Verfahren verschlüsselt %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"Warnung: Botschaft wurde mit einem unsicheren Schlüssel verschlüsselt.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "Problem beim Bearbeiten des verschlüsselten Pakets\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "Ausführen von externen Programmen wird nicht unterstützt\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"Ausführen von externen Programmen ist ausgeschaltet, da die Dateirechte "
+"nicht sicher sind\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"Diese Plattform benötigt temporäre Dateien zur Ausführung von externen\n"
+"Programmen\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "Ausführen des Programms `%s' nicht möglich: %s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "Ausführen der Shell `%s' nicht möglich: %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "Fehler beim Aufruf eines externen Programms: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "ungewöhnliches Ende eines externen Programms\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "Externes Programm konnte nicht aufgerufen werden\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "Die Ausgabe des externen Programms konnte nicht gelesen werden: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr ""
+"WARNUNG: die temporäre Datei (%s) `%s' konnte nicht entfernt werden: %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "WARNUNG: Temporäres Verzeichnis `%s' kann nicht entfernt werden: %s\n"
+
+#: g10/export.c:61
+msgid "export signatures that are marked as local-only"
+msgstr "Exportiere auch Signaturen die als nicht exportfähig markiert sind"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr "Exportiere Attribute von User-IDs (i.A. Foto-IDs)"
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "Exportiere Widerrufsschlüssel die als \"sensitiv\" markiert sind"
+
+#: g10/export.c:67
+msgid "remove the passphrase from exported subkeys"
+msgstr "Die Passphrase von exportierten Unterschlüssel entfernen"
+
+#: g10/export.c:69
+msgid "remove unusable parts from key during export"
+msgstr "Unbrauchbare Teile des Schlüssel während des Exports entfernen"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr "Während des Exports soviel wie möglich vom Schlüssel entfernen"
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr "Exportiere Schlüssel in einem auf S-Ausdrücken basierenden Format"
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "Exportieren geheimer Schlüssel ist nicht erlaubt\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "Schlüssel %s: ungeschützt - übersprungen\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "Schlüssel %s: PGP 2.x-artiger Schlüssel - übersprungen\n"
+
+#: g10/export.c:386
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "Schlüssel %s: Schlüsselmaterial ist auf einer Karte - übersprungen\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr "Ein ungeschützter Unterschlüssel wird exportiert werden\n"
+
+#: g10/export.c:560
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "Entfernen des Schutzes für des Unterschlüssel fehlgeschlagen: %s\n"
+
+# translated by wk
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "WARNUNG: Der geheime Schlüssel %s hat keine einfache SK-Prüfsumme\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "WARNUNG: Nichts exportiert\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "zu viele Einträge im pk-Cache - abgeschaltet\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[User-ID nicht gefunden]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr "`%s' automatisch via %s geholt\n"
+
+#: g10/getkey.c:1118
+#, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "Fehler beim automatischen holen von `%s' über `%s': %s\n"
+
+#: g10/getkey.c:1120
+msgid "No fingerprint"
+msgstr "Kein Fingerabdruck vorhanden"
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"Ungültiger Schlüssel %s, gültig gemacht per --allow-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr ""
+"Kein privater Unterschlüssel zum öffentlichen Unterschlüssel %s - ignoriert\n"
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "der Unterschlüssel %s wird anstelle des Hauptschlüssels %s verwendet\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr ""
+"Schlüssel %s: geheimer Schlüssel ohne öffentlichen Schlüssel - übersprungen\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+msgid "make a signature"
+msgstr "Eine Signatur erzeugen"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+msgid "make a clear text signature"
+msgstr "Eine Klartextsignatur erzeugen"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "Eine abgetrennte Signatur erzeugen"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "Daten verschlüsseln"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "Daten symmetrisch verschlüsseln"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "Daten entschlüsseln (Voreinstellung)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "Signatur prüfen"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "Liste der Schlüssel"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "Liste der Schlüssel und ihrer Signaturen"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "Signaturen der Schlüssel auflisten und prüfen"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "Liste der Schlüssel und ihrer \"Fingerabdrücke\""
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "Liste der geheimen Schlüssel"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "Ein neues Schlüsselpaar erzeugen"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "Ein Schlüsselwiderruf-Zertifikat erzeugen"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "Schlüssel aus dem öff. Schlüsselbund entfernen"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "Schlüssel aus dem geh. Schlüsselbund entfernen"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "Schlüssel signieren"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "Schlüssel nur für diesen Rechner signieren"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "Signieren oder bearbeiten eines Schlüssels"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+msgid "change a passphrase"
+msgstr "Die Passphrase ändern"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "Schlüssel exportieren"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "Schlüssel zu einem Schlü.server exportieren"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "Schlüssel von einem Schlü.server importieren"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "Schlüssel auf einem Schlü.server suchen"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "alle Schlüssel per Schlü.server aktualisieren"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "Schlüssel importieren/kombinieren"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "den Karten-Status ausgeben"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "Daten auf einer Karte ändern"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "PIN einer Karte ändern"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "Ändern der \"Trust\"-Datenbank"
+
+#: g10/gpg.c:436
+msgid "print message digests"
+msgstr "Hashwerte für die Dateien ausgeben"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr "Im Server Modus ausführen"
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "Ausgabe mit ASCII-Hülle versehen"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|USER-ID|Verschlüsseln für USER-ID"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "|USER-ID|Mit USER-ID signieren bzw. entschlüsseln"
+
+#: g10/gpg.c:462
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|Kompressionsstufe auf N setzen (0=keine)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "Textmodus benutzen"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+msgid "|FILE|write output to FILE"
+msgstr "|DATEI|Ausgabe auf DATEI schreiben"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "Keine wirklichen Änderungen durchführen"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "vor Ãœberschreiben nachfragen"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "OpenPGP-Verhalten strikt beachten"
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Auf der \"man\"-Seite ist eine vollständige Liste aller Befehle und "
+"Optionen)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Beispiele:\n"
+"\n"
+" -se -r Bob [Datei] Signieren und verschlüsseln für Benutzer Bob\n"
+" --clearsign [Datei] Eine Klartextsignatur erzeugen\n"
+" --detach-sign [Datei] Eine abgetrennte Signatur erzeugen\n"
+" --list-keys [Namen] Schlüssel anzeigen\n"
+" --fingerprint [Namen] \"Fingerabdrücke\" anzeigen\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Aufruf: gpg [Optionen] [Dateien] (-h für Hilfe)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Aufruf: gpg [Optionen] [Dateien]\n"
+"Signieren, prüfen, verschlüsseln, entschlüsseln.\n"
+"Die voreingestellte Operation ist abhängig von den Eingabedaten\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Unterstützte Verfahren:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Öff. Schlüssel: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Verschlü.: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Hash: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Komprimierung: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "Aufruf: gpg [Optionen] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "Widersprüchliche Befehle\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "Kein '='-Zeichen in der Gruppendefinition gefunden `%s'\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "WARNUNG: Unsicheres Besitzverhältnis des Home-Verzeichnis `%s'\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "WARNUNG: Unsicheres Besitzverhältnis der Konfigurationsdatei `%s'\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "WARNUNG: Unsicheres Besitzverhältnis auf die Erweiterung `%s'\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "WARNUNG: Unsichere Zugriffsrechte des Home-Verzeichnis `%s'\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "WARNUNG: Unsichere Zugriffsrechte der Konfigurationsdatei `%s'\n"
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "WARNUNG: Unsichere Zugriffsrechte auf die Erweiterung `%s'\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr ""
+"WARNUNG: Unsicheres Besitzverhältnis des umgebenden Verzeichnisses für Home-"
+"Verzeichnis `%s'\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+"WARNUNG: Unsicheres Besitzverhältnis des umgebenden Verzeichnisses der "
+"Konfigurationsdatei `%s'\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+"WARNUNG: Unsicheres Besitzverhältnis des umgebenden Verzeichnisses `%s'\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+"WARNUNG: Unsichere Zugriffsrechte des umgebenden Verzeichnisses des Home-"
+"Verzeichnisses `%s'\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+"WARNUNG: Unsichere Zugriffsrechte des umgebenden Verzeichnisses der "
+"Konfigurationsdatei `%s'\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+"WARNUNG: Unsichere Zugriffsrechte des umgebenden Verzeichnisses auf "
+"Erweiterung `%s'\n"
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "Unbekanntes Konfigurationselement `%s'\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr "Anzeigen der Foto-ID in den Schlüssellisten"
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr "Zeige Richtlinien-URL während des listens der Signaturen"
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr "Alle Notationen mit den Signaturen anlisten"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr "Zeige IETF-Standard"
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr "Zeige Benutzer-Notationen während des listens der Signaturen"
+
+#: g10/gpg.c:1711
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "Der bevorzugten Schlüsselserver mit den Signaturen anlisten"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr "Zeige Gültigkeit der User-ID in den Schlüssellisten"
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr "Zeige widerrufene und verfallene User-ID in den Schlüssellisten"
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr "Zeige widerrufene und verfallene Unterschlüssel in den Schlüssellisten"
+
+#: g10/gpg.c:1719
+msgid "show the keyring name in key listings"
+msgstr "Anzeigen des Schlüsselbundes, in dem ein Schlüssel drin ist"
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr "Das Ablaufdatum mit den Signaturen anlisten"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "Hinweis: Alte voreingestellte Optionendatei '%s' wurde ignoriert\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+"Die Bibliothek \"libgcrypt\" ist zu alt (benötigt wird %s, vorhanden ist %"
+"s)\n"
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "Hinweis: %s ist nicht für den üblichen Gebrauch gedacht!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "`%s' ist kein gültiges Signaturablaufdatum\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "`%s' ist kein gültiger Zeichensatz\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "Schlüsselserver-URL konnte nicht analysiert werden\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: ungültige Schlüsselserver-Option\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "Ungültige Schlüsselserver-Option\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: ungültige Import-Option\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "Ungültige Import-Option\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: ungültige Export-Option.\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "Ungültige Export-Option\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: ungültige Listen-Option.\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "Ungültige Listen-Option\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr "Foto-ID während der Signaturprüfung anzeigen"
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr "Richtlinien-URLs während der Signaturprüfung anzeigen"
+
+#: g10/gpg.c:2704
+msgid "show all notations during signature verification"
+msgstr "Alle Notationen während der Signaturprüfung anzeigen"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr "Standard-Notationen während der Signaturprüfung anzeigen"
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr "Benutzer-Notationen während der Signaturprüfung anzeigen"
+
+#: g10/gpg.c:2712
+msgid "show preferred keyserver URLs during signature verification"
+msgstr ""
+"Die URL für den bevorzugten Schlüsselserver während der Signaturprüfung "
+"anzeigen"
+
+#: g10/gpg.c:2714
+msgid "show user ID validity during signature verification"
+msgstr "Die Gültigkeit der User-ID während der Signaturprüfung anzeigen"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr "Zeige widerrufene und verfallene User-IDs während der Signaturprüfung"
+
+#: g10/gpg.c:2718
+msgid "show only the primary user ID in signature verification"
+msgstr "Zeige nur die Haupt-User-ID während der Signaturprüfung"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr "Prüfe Signaturgültigkeit mittels PKA-Daten"
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr "Werte das Vertrauen zu Signaturen durch gültige PKA-Daten auf"
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: ungültige Überprüfungs-Option.\n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "Ungültige Überprüfungs-Option\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "Der Ausführungspfad konnte nicht auf %s gesetzt werden.\n"
+
+#: g10/gpg.c:2925
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: ungültige \"auto-key-locate\"-Liste\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr "ungültige \"auto-key-locate\"-Liste\n"
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "WARNUNG: Programm könnte eine core-dump-Datei schreiben!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "WARNUNG: %s ersetzt %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s kann nicht zusammen mit %s verwendet werden!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s zusammen mit %s ist nicht sinnvoll!\n"
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "Startet nicht mit unsicherem Speicher, wegen Option %s\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+"Im --pgp2-Modus können Sie nur abgetrennte oder Klartextsignaturen machen\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr ""
+"Im --pgp2-Modus können Sie nicht gleichzeitig signieren und verschlüsseln\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+"Im --pgp2-Modus müssen Sie Dateien benutzen und können keine Pipes "
+"verwenden.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr ""
+"Verschlüsseln einer Botschaft benötigt im --pgp2-Modus die IDEA-"
+"Verschlüsselung\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "Das ausgewählte Verschlüsselungsverfahren ist ungültig\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "Das ausgewählte Hashverfahren ist ungültig\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "Das ausgewählte Komprimierungsverfahren ist ungültig\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "Das ausgewählte Hashverfahren ist ungültig\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed müssen größer als 0 sein\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed müssen größer als 1 sein\n"
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth muß im Bereich 1 bis 255 liegen\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "ungültiger \"default-cert-level\"; Wert muß 0, 1, 2 oder 3 sein\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "ungültiger \"min-cert-level\"; Wert muß 0, 1, 2 oder 3 sein\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "Hinweis: Vom \"simple S2K\"-Modus (0) ist strikt abzuraten\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "ungültiger \"simple S2K\"-Modus; Wert muß 0, 1 oder 3 sein\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "ungültige Standard-Voreinstellungen\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "ungültige private Verschlüsselungsvoreinstellungen\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "ungültige private Hashvoreinstellungen\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "ungültige private Komprimierungsvoreinstellungen\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s arbeitet noch nicht mit %s zusammen\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr ""
+"Die Benutzung des Verschlüsselungsverfahren %s ist im %s-Modus nicht "
+"erlaubt.\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "Die Benutzung der Hashmethode %s ist im %s-Modus nicht erlaubt.\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr ""
+"Die Benutzung des Komprimierverfahren %s ist im %s-Modus nicht erlaubt.\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "Die Trust-DB kann nicht initialisiert werden: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"WARNUNG: Empfänger (-r) angegeben ohne Verwendung von Public-Key-Verfahren\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [Dateiname]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [Dateiname]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "Symmetrische Entschlüsselung von `%s' fehlgeschlagen: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [Dateiname]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [Dateiname]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+"--symmetric --encrypt kann nicht zusammen mit --s2k-mode 0 verwendet werden\n"
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "Im %s-Modus kann --symmetric --encrypt nicht verwendet werden.\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [Dateiname]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [Dateiname]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [Dateiname]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+"--symmetric --sign --encrypt kann nicht zusammen mit --s2k-mode 0 verwendet "
+"werden\n"
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr ""
+"Im %s-Modus kann --symmetric --sign --encrypt nicht verwendet werden.\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [Dateiname]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [Dateiname]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [Dateiname]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key User-ID"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key User-ID"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key User-ID [Befehle]"
+
+#: g10/gpg.c:3629
+msgid "--passwd <user-id>"
+msgstr "--passwd User-ID"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "Senden an Schlüsselserver fehlgeschlagen: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "Empfangen vom Schlüsselserver fehlgeschlagen: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "Schlüsselexport fehlgeschlagen: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "Suche auf dem Schlüsselserver fehlgeschlagen: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "Refresh vom Schlüsselserver fehlgeschlagen: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "Entfernen der ASCII-Hülle ist fehlgeschlagen: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "Anbringen der ASCII-Hülle ist fehlgeschlagen: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "Ungültiges Hashverfahren '%s'\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[Dateiname]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Auf geht's - Botschaft eintippen ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "Die angegebene Zertifikat-Richtlinien-URL ist ungültig\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "Die angegebene Signatur-Richtlinien-URL ist ungültig\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "Die angegebene URL des bevorzugten Schlüsselserver ist ungültig\n"
+
+#: g10/gpgv.c:74
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "|DATEI|Schlüssel aus der Schlüsselbund DATEI nehmen"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "differierende Zeitangaben sind kein Fehler"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|Statusinfo auf FD (Dateihandle) ausgeben"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Aufruf: gpgv [Optionen] [Dateien] (-h für Hilfe)"
+
+#: g10/gpgv.c:119
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Aufruf: gpgv [Optionen] [Dateien] (-h Hilfe)\n"
+"Prüfe Signaturen gegen eine Liste bekannter Schlüssel\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Keine Hilfe vorhanden."
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Keine Hilfe für '%s' vorhanden."
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr "Importiere Signaturen, die als nicht exportfähig markiert sind"
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr "Beseitige Beschädigung durch den Schlüsselserver während des Imports"
+
+#: g10/import.c:98
+msgid "do not update the trustdb after import"
+msgstr "ändern Sie die \"Trust\"-Datenbank nach dem Import nicht"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr ""
+"beim Import eines geheimen Schlüssels einen öffentliche Schlüssel erzeugen"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr "Nur Änderungen bereits existierender Schlüssel vornehmen"
+
+#: g10/import.c:104
+msgid "remove unusable parts from key after import"
+msgstr "entferne nach dem Import unbrauchbare Teile des Schlüssels"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr "nach dem Import soviel wie möglich aus dem Schlüssel entfernen"
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "überspringe den Block vom Typ %d\n"
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu Schlüssel bislang bearbeitet\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Anzahl insgesamt bearbeiteter Schlüssel: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " ignorierte neue Schlüssel: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " ohne User-ID: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importiert: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " unverändert: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " neue User-IDs: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " neue Unterschlüssel: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " neue Signaturen: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " neue Schlüsselwiderrufe: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " gelesene geheime Schlüssel: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " geheime Schlüssel importiert: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " unveränderte geh. Schl.: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " nicht importiert: %lu\n"
+
+#: g10/import.c:323
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " Signaturen bereinigt: %lu\n"
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " User-IDs bereinigt: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+"WARNUNG: Schlüssel %s hat Einstellungen zu nicht verfügbaren\n"
+"Verfahren für folgende User-ID:\n"
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " \"%s\": Einstellungen des Verschlüsselungsverfahren %s\n"
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " \"%s\": Einstellungen der Hashmethode %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " \"%s\": Einstellungen der Komprimierungsverfahren %s\n"
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "es ist extrem empfehlenswert Ihre Einstellungen zu ändern und\n"
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+"diesen Schlüssel wieder zu verteilen, um mögliche Probleme durch unpassende "
+"Verfahrenskombinationen zu vermeiden\n"
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+"Sie können Ihren Einstellungen mittels \"gpg --edit-key %s updpref save\" "
+"ändern\n"
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "Schlüssel %s: Keine User-ID\n"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "Schlüssel %s: PKS Unterschlüsseldefekt repariert\n"
+
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "Schlüssel %s: Nicht eigenbeglaubigte User-ID `%s' übernommen\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "Schlüssel %s: Keine gültigen User-IDs\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "dies könnte durch fehlende Eigenbeglaubigung verursacht worden sein\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "Schlüssel %s: Öffentlicher Schlüssel nicht gefunden: %s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "Schlüssel %s: neuer Schlüssel - übersprungen\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "kein schreibbarer Schlüsselbund gefunden: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "Schreiben nach '%s'\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "Fehler beim Schreiben des Schlüsselbundes `%s': %s\n"
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "Schlüssel %s: Öffentlicher Schlüssel \"%s\" importiert\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "Schlüssel %s: Stimmt nicht mit unserer Kopie überein\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "Schlüssel %s: der originale Schlüsselblock wurde nicht gefunden: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "Schlüssel %s: Lesefehler im originalen Schlüsselblock: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "Schlüssel %s: \"%s\" 1 neue User-ID\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "Schlüssel %s: \"%s\" %d neue User-IDs\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "Schlüssel %s: \"%s\" 1 neue Signatur\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "Schlüssel %s: \"%s\" %d neue Signaturen\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "Schlüssel %s: \"%s\" 1 neuer Unterschlüssel\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "Schlüssel %s: \"%s\" %d neue Unterschlüssel\n"
+
+#: g10/import.c:980
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "Schlüssel %s: \"%s\" %d Signaturen bereinigt\n"
+
+#: g10/import.c:983
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "Schlüssel %s: \"%s\" %d Signaturen bereinigt\n"
+
+#: g10/import.c:986
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "Schlüssel %s: \"%s\" %d User-ID bereinigt\n"
+
+#: g10/import.c:989
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "Schlüssel %s: \"%s\" %d User-IDs bereinigt\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "Schlüssel %s: \"%s\" nicht geändert\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr ""
+"Schlüssel %s: geheimer Schlüssel mit ungültiger Verschlüsselung %d - "
+"übersprungen\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "Importieren geheimer Schlüssel ist nicht erlaubt\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "Kein voreingestellter geheimer Schlüsselbund: %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "Schlüssel %s: geheimer Schlüssel importiert\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "Schlüssel %s: Ist bereits im geheimen Schlüsselbund\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "Schlüssel %s: geheimer Schlüssel nicht gefunden: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"Schlüssel %s: Kein öffentlicher Schlüssel - der Schlüsselwiderruf kann nicht "
+"angebracht werden\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "Schlüssel %s: Ungültiges Widerrufzertifikat: %s - zurückgewiesen\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "Schlüssel %s: \"%s\" Widerrufzertifikat importiert\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "Schlüssel %s: Keine User-ID für Signatur\n"
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"Schlüssel %s: Nicht unterstütztes Public-Key-Verfahren für User-ID \"%s\"\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "Schlüssel %s: Ungültige Eigenbeglaubigung für User-ID \"%s\"\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "Schlüssel %s: Nicht unterstütztes Public-Key-Verfahren\n"
+
+#: g10/import.c:1484
+#, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "Schlüssel %s: Ungültige \"direct-key\"-Signatur\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "Schlüssel %s: Kein Unterschlüssel für die Unterschlüsselanbindung\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "Schlüssel %s: Ungültige Unterschlüssel-Anbindung\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "Schlüssel %s: Mehrfache Unterschlüssel-Anbindung entfernt\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "Schlüssel %s: Kein Unterschlüssel für Schlüsselwiderruf\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "Schlüssel %s: Ungültiger Unterschlüsselwiderruf\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "Schlüssel %s: Mehrfacher Unterschlüsselwiderruf entfernt\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "Schlüssel %s: User-ID übersprungen \"%s\"\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "Schlüssel %s: Unterschlüssel übersprungen\n"
+
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr ""
+"Schlüssel %s: Nicht exportfähige Signatur (Klasse %02x) - übersprungen\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "Schlüssel %s: Widerrufzertifikat an falschem Platz - übersprungen\n"
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "Schlüssel %s: Ungültiges Widerrufzertifikat: %s - übersprungen\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr ""
+"Schlüssel %s: Unterschlüssel-Widerrufzertifikat an falschem Platz - "
+"übersprungen\n"
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "Schlüssel %s: unerwartete Signaturklasse (0x%02x) - übersprungen\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "Schlüssel %s: Doppelte User-ID entdeckt - zusammengeführt\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr "WARNUNG: Schlüssel %s ist u.U. widerrufen: hole Widerrufschlüssel %s\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"WARNUNG: Schlüssel %s ist u.U. widerrufen: Widerrufschlüssel %s ist nicht "
+"vorhanden\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "Schlüssel %s: \"%s\" Widerrufzertifikat hinzugefügt\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "Schlüssel %s: \"direct-key\"-Signaturen hinzugefügt\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr ""
+"Hinweis: Eine Schlüsselseriennr stimmt nicht mit derjenigen der Karte "
+"überein\n"
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "Hinweis: Hauptschlüssel ist online und auf der Karte gespeichert\n"
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "Hinweis: Zweitschlüssel ist online und auf der Karte gespeichert\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "Fehler beim Erzeugen des Schlüsselbundes `%s': %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "Schlüsselbund `%s' erstellt\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "Schlüsselblockhilfsmittel`%s': %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "Schlüsselbund-Cache konnte nicht neu erzeugt werden: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[Widerruf]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[Eigenbeglaubigung]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 falsche Beglaubigung\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d falsche Beglaubigungen\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 Beglaubigung wegen fehlendem Schlüssel nicht geprüft\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d Beglaubigungen wegen fehlenden Schlüsseln nicht geprüft\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 Beglaubigung aufgrund von Fehler nicht geprüft\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d Beglaubigungen aufgrund von Fehlern nicht geprüft\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "Eine User-ID ohne gültige Eigenbeglaubigung entdeckt\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "%d User-IDs ohne gültige Eigenbeglaubigung entdeckt\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Bitte entscheiden Sie, in wieweit Sie diesem User zutrauen,\n"
+"Schlüssel anderer User korrekt zu prüfen (durch Vergleich\n"
+"mit Lichtbildausweisen, Vergleich der Fingerabdrücke aus\n"
+"unterschiedlichen Quellen ...)?\n"
+"\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Ich vertraue ihm marginal\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Ich vertraue ihm vollständig\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"Geben Sie bitte die Tiefe dieser \"Trust\"-Signatur ein.\n"
+"Eine Tiefe größer 1 erlaubt dem zu signierenden Schlüssel\n"
+"Trust-Signatures für Sie zu machen.\n"
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+"Geben Sie bitte eine Domain ein, um die Signatur einzuschränken\n"
+"oder nur die Eingabetaste für keine Domain\n"
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "User-ID \"%s\" ist widerrufen."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Wollen Sie ihn immer noch beglaubigen? (j/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Beglaubigen ist nicht möglich.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "User-ID \"%s\" ist abgelaufen."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "User-ID \"%s\" ist nicht eigenbeglaubigt."
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "User-ID \"%s\" ist signierbar."
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr "Wirklich signieren? (j/N) "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"Die Eigenbeglaubigung von \"%s\"\n"
+"ist eine PGP 2.x artige Signatur.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Soll sie zu einer OpenPGP Eigenbeglaubigung geändert werden? (j/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Ihre derzeitige Beglaubigung von \"%s\"\n"
+"ist abgelaufen.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+"Soll eine neue Beglaubigung als Ersatz für die abgelaufene erstellt werden? "
+"(J/n) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Die derzeitige Beglaubigung von \"%s\"\n"
+"ist nur für diesen Rechner gültig.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr ""
+"Soll sie zu einer voll exportierbaren Beglaubigung erhoben werden? (j/N) "
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" wurde bereits durch Schlüssel %s lokal beglaubigt\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" wurde bereits durch Schlüssel %s beglaubigt\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Wollen Sie ihn immer noch wieder beglaubigen? (j/N) "
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Nichts zu beglaubigen für Schlüssel %s\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Dieser Schlüssel ist verfallen!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Dieser Schlüssel wird %s verfallen.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Soll Ihre Beglaubigung zur selben Zeit verfallen? (J/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"Im --pgp2-Modus kann nur mit PGP-2.x-artigen Schlüsseln signiert werden\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Dies würde den Schlüssel für PGP 2.x unbrauchbar machen\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Wie genau haben Sie überprüft, ob der Schlüssel, den Sie jetzt beglaubigen\n"
+"wollen, wirklich der o.g. Person gehört?\n"
+"Wenn Sie darauf keine Antwort wissen, geben Sie \"0\" ein.\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Ich antworte nicht.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Ich habe es überhaupt nicht überprüft.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Ich habe es flüchtig überprüft.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Ich habe es sehr sorgfältig überprüft.%s\n"
+
+# translated by wk
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Ihre Auswahl? ('?' für weitere Informationen): "
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Sind Sie wirklich sicher, daß Sie vorstehenden Schlüssel mit Ihrem\n"
+"Schlüssel \"%s\" (%s) beglaubigen wollen\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "Dies wird eine Eigenbeglaubigung sein.\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"WARNUNG: Die Signatur wird nicht als nicht-exportierbar markiert werden.\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr "WARNUNG: Die Signatur wird nicht als unwiderrufbar markiert werden.\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "Die Signatur wird als nicht-exportfähig markiert werden.\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "Die Signatur wird als unwiderrufbar markiert werden.\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "Ich habe diesen Schlüssel überhaupt nicht überprüft.\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "Ich habe diesen Schlüssel flüchtig überprüft.\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "Ich habe diesen Schlüssel sehr sorgfältig überprüft.\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "Wirklich signieren? (j/N) "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "Beglaubigung fehlgeschlagen: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+"Der Schlüssel enthält nur \"stub\"- oder \"on-card\"-Schlüsselelemente- "
+"keine Passphrase ist zu ändern.\n"
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Dieser Schlüssel ist nicht geschützt.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Geheime Teile des Hauptschlüssels sind nicht vorhanden.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Geheime Teile des Hauptschlüssels sind auf der Karte gespeichert.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Schlüssel ist geschützt.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Dieser Schlüssel kann nicht editiert werden: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Geben Sie die neue Passphrase für diesen geheimen Schlüssel ein.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "Passphrase wurde nicht richtig wiederholt; noch einmal versuchen"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Sie wollen keine Passphrase - dies ist *nicht* zu empfehlen!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "Möchten Sie dies wirklich tun? (j/N) "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "schiebe eine Beglaubigung an die richtige Stelle\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "speichern und Menü verlassen"
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr "Fingerabdruck des Schlüssels anzeigen"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "Schlüssel und User-IDs auflisten"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "User-ID N auswählen"
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr "Unterschlüssel N auswählen"
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr "Signaturen prüfen"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr "die ausgewählten User-IDs beglaubigen [* für verwandte Befehle s.u.]"
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr "Die ausgewählte User-ID nur für diesen Rechner beglaubigen"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr "Die ausgewählte User-ID mit einer \"Trust\"-Signatur beglaubigen"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr "die ausgewählten User-IDs unwiderrufbar beglaubigen"
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "Eine User-ID hinzufügen"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "Eine Foto-ID hinzufügen"
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr "ausgewählte User-IDs entfernen"
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr "einen Unterschlüssel hinzufügen"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr "der Smartcard einen Schlüssel hinzufügen"
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr "einen Schlüssel auf die Smartcard schieben"
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr "eine Sicherungskopie des Schlüssels auf die Smartcard schieben"
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr "ausgewählte Unterschlüssel entfernen"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "Einen Widerrufschlüssel hinzufügen"
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr "Beglaubigungen der ausgewählten User-IDs entfernen"
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr ""
+"das Verfallsdatum des Schlüssel oder ausgewählter Unterschlüssels ändern"
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr "User-ID als Haupt-User-ID kennzeichnen"
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr "Umschalten zwischen dem Auflisten geheimer und öffentlicher Schlüssel"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "Liste der Voreinstellungen (für Experten)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "Liste der Voreinstellungen (ausführlich)"
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr "ändern der Voreinstellungsliste der ausgewählten User-IDs"
+
+#: g10/keyedit.c:1453
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr ""
+"Setze die URL des bevorzugten Schlüsselservers für die ausgewählten User-IDs"
+
+#: g10/keyedit.c:1455
+msgid "set a notation for the selected user IDs"
+msgstr "Eine Notation für die ausgewählten User-IDs setzen"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "Die Passphrase ändern"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "Den \"Owner trust\" ändern"
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr "Beglaubigungen der ausgewählten User-IDs widerrufen"
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr "Ausgewählte User-ID widerrufen"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr "Schlüssel oder ausgewählten Unterschlüssel widerrufen"
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr "Schlüssel anschalten"
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr "Schlüssel abschalten"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr "ausgewählte Foto-IDs anzeigen"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+"unbrauchbare User-IDs verkleinern und unbrauchbare Signaturen aus dem "
+"Schlüssel entfernen"
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+"unbrauchbare User-IDs verkleinern und alle Signaturen aus dem Schlüssel "
+"entfernen"
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "Fehler beim Lesen des geheimen Schlüsselblocks \"%s\": %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Geheimer Schlüssel ist vorhanden.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Hierzu wird der geheime Schlüssel benötigt.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Bitte verwenden sie zunächst den Befehl \"toggle\"\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* Dem `sign'-Befehl darf ein `l' für nicht exportfähige Signaturen "
+"vorangestellt werden (\"lsign\"),\n"
+" ein `t' für 'Trust'-Signatur (\"tsign\"), ein `nr' für unwiderrufbare "
+"Signaturen\n"
+" (\"nrsign\"), oder jede Kombination davon (\"ltsign\", \"tnrsign\", etc.).\n"
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "Schlüssel wurde widerrufen."
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Wirklich alle User-IDs beglaubigen? (j/N) "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Tip: Wählen Sie die User-IDs, die beglaubigt werden sollen\n"
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "Unbekannter Signaturtyp `%s'\n"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Dieser Befehl ist im %s-Modus nicht erlaubt.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Zumindestens eine User-ID muß ausgewählt werden.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Die letzte User-ID kann nicht gelöscht werden!\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Möchten Sie alle ausgewählten User-IDs wirklich entfernen? (j/N) "
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "Diese User-ID wirklich entfernen? (j/N) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr "Den Hauptschlüssel wirklich verschieben? (j/N) "
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "Sie müssen genau einen Schlüssel auswählen.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr "Befehl benötigt einen Dateinamen als Argument\n"
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "'%s' kann nicht geöffnet werden: %s\n"
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "Fehler beim Lesen der Sicherungskopie des Schlüssels von `%s': %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Zumindestens ein Schlüssel muß ausgewählt werden.\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Möchten Sie die ausgewählten Schlüssel wirklich entfernen? (j/N) "
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Möchten Sie diesen Schlüssel wirklich entfernen? (j/N) "
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Möchten Sie wirklich alle ausgewählten User-IDs widerrufen? (j/N) "
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Diese User-ID wirklich widerrufen? (j/N) "
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Möchten Sie diesen Schlüssel wirklich vollständig widerrufen? (j/N) "
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr ""
+"Möchten Sie die ausgewählten Unterschlüssel wirklich widerrufen? (j/N) "
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Möchten Sie diesen Schlüssel wirklich widerrufen? (j/N) "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+"\"Owner trust\" kann nicht gesetzt werden, wenn eine anwendereigene 'Trust'-"
+"Datenbank benutzt wird\n"
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "Setze die Liste der Voreinstellungen auf:\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+"Möchten Sie die Voreinstellungen der ausgewählten User-IDs wirklich ändern? "
+"(j/N) "
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "Die Voreinstellungen wirklich ändern? (j/N) "
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "Änderungen speichern? (j/N) "
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "Beenden ohne zu speichern? (j/N) "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "Änderung fehlgeschlagen: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "Änderung des Geheimnisses fehlgeschlagen: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Schlüssel ist nicht geändert worden, also ist kein Speichern nötig.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Digest: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Eigenschaften: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr "Keyserver no-modify"
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr "Bevorzugter Schlüsselserver:"
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+msgid "Notations: "
+msgstr "\"Notationen\": "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "PGP 2.x-artige Schlüssel haben keine Voreinstellungen.\n"
+
+#: g10/keyedit.c:2810
+#, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Der folgende Schlüssel wurde am %s von %s Schlüssel %s widerrufen\n"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr ""
+"Dieser Schlüssel könnte durch %s mit Schlüssel %s widerrufen worden sein"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr "(empfindlich)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "erzeugt: %s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "widerrufen: %s"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "verfallen: %s"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "verfällt: %s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "Aufruf: %s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr "Vertrauen: %s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "Gültigkeit: %s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Hinweis: Dieser Schlüssel ist abgeschaltet"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr "Kartennummer:"
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Bitte beachten Sie, daß ohne einen Programmneustart die angezeigte\n"
+"Schlüsselgültigkeit nicht notwendigerweise korrekt ist.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "widerrufen"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "verfallen"
+
+# translated by wk
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"WARNUNG: Keine User-ID ist als primär markiert. Dieser Befehl kann\n"
+"dazu führen, daß eine andere User-ID als primär angesehen wird.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"WARNUNG: Dies ist ein PGP2-artiger Schlüssel. Hinzufügen einer Foto-ID "
+"könnte\n"
+" bei einigen PGP-Versionen zur Zurückweisung des Schlüssels führen.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Wollen Sie ihn immer noch hinzufügen? (j/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "Sie können einem PGP2-artigen Schlüssel keine Foto-ID hinzufügen.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Diese korrekte Beglaubigung entfernen? (j/N/q)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Diese ungültige Beglaubigung entfernen= (j/N/q)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Diese unbekannte Beglaubigung entfernen? (j/N/q)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Eigenbeglaubigung wirklich entfernen? (j/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "%d Beglaubigungen entfernt.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "%d Beglaubigungen entfernt.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Nichts entfernt.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "ungültig"
+
+#: g10/keyedit.c:3357
+#, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "User-ID \"%s\" bereits verkleinert: %s\n"
+
+#: g10/keyedit.c:3364
+#, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "User-ID \"%s\": %d Signatur entfernt\n"
+
+#: g10/keyedit.c:3365
+#, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "User-ID \"%s\": %d Signaturen entfernt\n"
+
+#: g10/keyedit.c:3373
+#, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "User-ID \"%s\": bereits minimiert\n"
+
+#: g10/keyedit.c:3374
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "User-ID \"%s\": bereits sauber\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"WARNUNG: Dies ist ein PGP2-artiger Schlüssel. Hinzufügen eines vorgesehenen\n"
+" Widerrufers könnte bei einigen PGP-Versionen zur Zurückweisung\n"
+" des Schlüssels führen.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr ""
+"Sie können einem PGP2-artigen Schlüssel keine vorgesehenen Widerrufer "
+"hinzufügen.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Geben sie die User-ID des designierten Widerrufers ein: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+"Ein PGP 2.x-artiger Schlüssel kann nicht als vorgesehener Widerrufer "
+"eingetragen werden\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "Ein Schlüssel kann nicht sein eigener vorgesehener Widerrufer werden\n"
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr "Dieser Schlüssel wurde bereits als ein Widerrufer vorgesehen\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"WARNUNG: Einen Schlüssel als vorgesehenen Widerrufer zu deklarieren, kann "
+"nicht rückgangig gemacht werden!\n"
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Möchten Sie diesen Schlüssel wirklich als vorgesehenen Widerrufer festlegen? "
+"(j/N): "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Bitte entfernen Sie die Auswahl von den geheimen Schlüsseln.\n"
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr "Bitte wählen Sie höchstens einen Unterschlüssel aus.\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Ändern des Verfallsdatums des Unterschlüssels.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Ändern des Verfallsdatums des Hauptschlüssels.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Sie können das Verfallsdatum eines v3-Schlüssels nicht ändern\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Keine entsprechende Signatur im geheimen Schlüsselbund\n"
+
+#: g10/keyedit.c:3800
+#, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "Signaturunterschlüssel %s ist bereits rücksigniert\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+"Unterschlüssel %s ist des Signieren nicht mächtig und braucht deshalb keine "
+"Rücksignatur\n"
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Bitte genau eine User-ID auswählen.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "Ãœberspringen der v3 Eigenbeglaubigung von User-ID \"%s\"\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr "Geben Sie die URL Ihres bevorzugten Schlüsselservers ein: "
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Wollen Sie ihn wirklich ersetzen? (j/N) "
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Wollen Sie ihn wirklich löschen? (j/N) "
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr "Geben Sie die \"Notation\" ein: "
+
+#: g10/keyedit.c:4471
+msgid "Proceed? (y/N) "
+msgstr "Fortfahren (j/N)? "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Keine User-ID mit Index %d\n"
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Keine User-ID mit Hash %s\n"
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "Kein Unterschlüssel mit Index %d\n"
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "User-ID: \"%s\"\n"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr " beglaubigt durch Ihren Schlüssel %s am %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (nicht-exportierbar)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Diese Signatur ist seit %s verfallen.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Wollen Sie ihn immer noch widerrufen? (j/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Ein Widerrufszertifikat für diese Signatur erzeugen (j/N)"
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr "Nicht von Ihnen signiert.\n"
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Sie haben folgende User-IDs des Schlüssels %s beglaubigt:\n"
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (unwiderrufbar)"
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "widerrufen durch Ihren Schlüssel %s um %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Es werden nun folgende Beglaubigungen entfernt:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Wirklich ein Signatur-Widerrufszertifikat erzeugen? (j/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "Kein geheimer Schlüssel\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "User-ID \"%s\" ist bereits widerrufen\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+"WARNUNG: Eine User-ID-Signatur datiert mit %d Sekunden aus der Zukunft\n"
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "Schlüssel %s ist bereits widerrufen\n"
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "Unterschlüssel %s ist bereits widerrufen\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "Anzeigen einer %s Foto-ID (Größe %ld) für Schlüssel %s (User-ID %d)\n"
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "Voreinstellung `%s' ist doppelt\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "zu viele Verschlüsselungeinstellungen\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "zu viele Hashvoreinstellungen\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "zu viele Komprimierungsvoreinstellungen\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "Ungültiges Feld `%s' in der Voreinstellungszeichenkette\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "Die \"Direct Key Signature\" wird geschrieben\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "Die Eigenbeglaubigung wird geschrieben\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "Schreiben der \"key-binding\" Signatur\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "Ungültige Schlüssellänge; %u Bit werden verwendet\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "Schlüssellänge auf %u Bit aufgerundet\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+"WARNUNG: Einige OpenPGP-Programme können einen DSA-Schlüssel dieser "
+"Digestlänge nicht verwenden\n"
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "Signieren"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr "Zertif."
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "Verschl."
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "Authentisierung"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr "UuVvAaQq"
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "Mögliche Vorgänge eines %s-Schlüssels: "
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr "Derzeit erlaubte Vorgänge: "
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) Umschalten der Signaturfähigkeit\n"
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) Umschalten der Verschlüsselungsfähigkeit\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) Umschalten der Authentisierungsfähigkeit\n"
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) Beenden\n"
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Bitte wählen Sie, welche Art von Schlüssel Sie möchten:\n"
+
+#: g10/keygen.c:1689
+#, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) RSA und RSA (voreingestellt)\n"
+
+#: g10/keygen.c:1691
+#, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA und Elgamal\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (nur signieren/beglaubigen)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (nur signieren/beglaubigen)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) Elgamal (nur verschlüsseln)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (nur verschlüsseln)\n"
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (Leistungsfähigkeit selber einstellbar)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (Leistungsfähigkeit selber einstellbar)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "%s-Schlüssel können zwischen %u und %u Bit lang sein.\n"
+
+#: g10/keygen.c:1820
+#, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Welche Schlüssellänge wünschen Sie für den Unterschlüssel? (%u) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Welche Schlüssellänge wünschen Sie? (%u) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Die verlangte Schlüssellänge beträgt %u Bit\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Bitte wählen Sie, wie lange der Schlüssel gültig bleiben soll.\n"
+" 0 = Schlüssel verfällt nie\n"
+" <n> = Schlüssel verfällt nach n Tagen\n"
+" <n>w = Schlüssel verfällt nach n Wochen\n"
+" <n>m = Schlüssel verfällt nach n Monaten\n"
+" <n>y = Schlüssel verfällt nach n Jahren\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Bitte wählen Sie, wie lange die Beglaubigung gültig bleiben soll.\n"
+" 0 = Schlüssel verfällt nie\n"
+" <n> = Schlüssel verfällt nach n Tagen\n"
+" <n>w = Schlüssel verfällt nach n Wochen\n"
+" <n>m = Schlüssel verfällt nach n Monaten\n"
+" <n>y = Schlüssel verfällt nach n Jahren\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Wie lange bleibt der Schlüssel gültig? (0) "
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Wie lange bleibt die Beglaubigung gültig? (%s) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "Ungültiger Wert.\n"
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr "Schlüssel verfällt nie\n"
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr "Signature verfällt nie\n"
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "Key verfällt am %s\n"
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "Signatur verfällt am %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Ihr Rechner kann Daten jenseits des Jahres 2038 nicht anzeigen.\n"
+"Trotzdem werden Daten bis 2106 korrekt verarbeitet.\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "Ist dies richtig? (j/N) "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+"\n"
+"GnuPG erstellt eine User-ID um Ihren Schlüssel identifizierbar zu machen.\n"
+"\n"
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Sie benötigen eine User-ID, um Ihren Schlüssel eindeutig zu machen; das\n"
+"Programm baut diese User-ID aus Ihrem echten Namen, einem Kommentar und\n"
+"Ihrer Email-Adresse in dieser Form auf:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Ihr Name (\"Vorname Nachname\"): "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Ungültiges Zeichen im Namen\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Der Name darf nicht mit einer Ziffer beginnen.\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Der Name muß min. 5 Zeichen lang sein.\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Email-Adresse: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Diese Email-Adresse ist ungültig\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Kommentar: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Ungültiges Zeichen im Kommentar.\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Sie benutzen den Zeichensatz `%s'\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Sie haben diese User-ID gewählt:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "Bitte keine Emailadressen als Namen oder Kommentar verwenden\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr "Solch eine User-ID ist bereits für den Schlüssel vorhanden!\n"
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnKkEeFfAa"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Ändern: (N)ame, (K)ommentar, (E)-Mail oder (A)bbrechen? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Ändern: (N)ame, (K)ommentar, (E)-Mail oder (F)ertig/(A)bbrechen? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Bitte beseitigen Sie zuerst den Fehler\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Sie benötigen eine Passphrase, um den geheimen Schlüssel zu schützen.\n"
+"\n"
+
+#: g10/keygen.c:2276
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+"Bitte geben Sie die Passphrase ein, um die Sicherheitskopie des neuen "
+"Verschlüsselungsschlüssel der Karte zu schützen."
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Sie möchten keine Passphrase - Dies ist *nicht* zu empfehlen!\n"
+"Es ist trotzdem möglich. Sie können Ihre Passphrase jederzeit\n"
+"ändern, indem sie dieses Programm mit dem Befehl \"--edit-key\"\n"
+"aufrufen.\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Wir müssen eine ganze Menge Zufallswerte erzeugen. Sie können dies\n"
+"unterstützen, indem Sie z.B. in einem anderen Fenster/Konsole irgendetwas\n"
+"tippen, die Maus verwenden oder irgendwelche anderen Programme benutzen.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Schlüsselerzeugung abgebrochen.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "schreiben des öffentlichen Schlüssels nach '%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "schreiben des geheimen Schlüssel-\"stub\"s nach `%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "schreiben des geheimen Schlüssels nach '%s'\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "kein schreibbarer öffentlicher Schlüsselbund gefunden: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "kein schreibbarer geheimer Schlüsselbund gefunden: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "Fehler beim Schreiben des öff. Schlüsselbundes `%s': %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "Fehler beim Schreiben des geheimen Schlüsselbundes `%s': %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "Öffentlichen und geheimen Schlüssel erzeugt und signiert.\n"
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Bitte beachten Sie, daß dieser Schlüssel nicht zum Verschlüsseln benutzt\n"
+"werden kann. Sie können aber mit dem Befehl \"--edit-key\" einen\n"
+"Unterschlüssel für diesem Zweck erzeugen.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Schlüsselerzeugung fehlgeschlagen: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"Der Schlüssel wurde %lu Sekunde in der Zukunft erzeugt (Zeitreise oder Uhren "
+"stimmen nicht überein)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"Der Schlüssel wurde %lu Sekunden in der Zukunft erzeugt (Zeitreise oder "
+"Uhren stimmen nicht überein)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "HINWEIS: Unterschlüssel für v3-Schlüssel sind nicht OpenPGP-konform\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "Wirklich erzeugen? (j/N) "
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "Speicher des Schlüssels auf der Karte schlug fehl: %s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "Sicherungsdatei '%s' kann nicht erzeugt werden: %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "Hinweis: Sicherung des Kartenschlüssels wurde auf `%s' gespeichert\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "niemals "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Entscheidende Beglaubigungsrichtlinie: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Beglaubigungsrichtlinie: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr "Entscheidender bevorzugter Schlüsselserver"
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Entscheidender Beglaubigungs-\"Notation\": "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Beglaubigungs-\"Notation\": "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Schlüsselbund"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Haupt-Fingerabdruck ="
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr "Unter-Fingerabdruck ="
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Haupt-Fingerabdruck ="
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Unter-Fingerabdruck ="
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr " Schl.-Fingerabdruck ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr " Kartenseriennr. ="
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "umbenennen von `%s' nach `%s' schlug fehl: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "Warnung: Zwei Dateien mit vertraulichem Inhalt vorhanden.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s ist der Unveränderte\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s ist der Neue\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Bitte diesen potentiellen Sicherheitsmangel beseitigen\n"
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "Puffern des Schlüsselbundes `%s'\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu Schlüssel bislang gepuffert (%lu Beglaubigungen)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu Schlüssel gepuffert (%lu Beglaubigungen)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: Schlüsselbund erstellt\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr "Widerrufene Schlüssel in den Suchergebnissen aufführen"
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr "Unterschlüssel in der Suche über Schlüssel-IDs aufführen"
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+"verwende temporäre Dateien, um Daten an die Schlüsselserverhilfsprogramme zu "
+"geben"
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr "Temporäre Dateien nach Nutzung nicht löschen"
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr "Schlüssel für die Signaturprüfung automatisch holen"
+
+#: g10/keyserver.c:85
+msgid "honor the preferred keyserver URL set on the key"
+msgstr ""
+"Die im Schlüssel enthaltene bevorzugte URL für Schlüsselserver beachten"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr "Die im Schlüssel enthaltenen PKA-Daten beim Schlüsselholen beachten"
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"WARNUNG: Schlüsselserver-Option `%s' wird auf dieser Plattform nicht "
+"verwendet\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "abgeschaltet"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "Eingabe von Nummern, Nächste (N) oder Abbrechen (Q) > "
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "Ungültiges Schlüsselserverprotokoll (wir %d!=Handhabungsroutine %d)\n"
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "Schlüssel \"%s\" wurde auf dem Schlüsselserver nicht gefunden\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "Schlüssel wurde auf dem Schlüsselserver nicht gefunden\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "fordere Schlüssel %s von %s-Server %s an\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "fordere Schlüssel %s von %s an\n"
+
+#: g10/keyserver.c:1205
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "suche Namen auf %s-Server %s\n"
+
+#: g10/keyserver.c:1208
+#, c-format
+msgid "searching for names from %s\n"
+msgstr "suche Namen auf %s\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "sende Schlüssel %s auf den %s-Server %s\n"
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "sende Schlüssel %s auf %s\n"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "suche nach \"%s\" auf %s-Server %s\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "suche nach \"%s\" auf %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr "Kein Schlüsselserver-Vorgang\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+"WARNUNG: Die Schlüsselserver-Handhabungsroutine stammt von einer anderen "
+"GnuPG-Version (%s)\n"
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "Schlüsselserver sendete VERSION nicht\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "Kein Schlüsselserver bekannt (Option --keyserver verwenden)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+"Externe Schlüsselserveraufrufe werden in diesem \"Build\" nicht unterstützt\n"
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "Keine Handhabungsroutine für Schlüsselserverschema `%s'\n"
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr "Vorgang `%s' wird vom Schlüsselserverschema `%s' nicht unterstützt\n"
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "%s unterstützt Hilfsroutinenversion %d nicht\n"
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "Schlüsselserver-Zeitüberschreitung\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "interner Fehler Schlüsselserver\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "Schlüsselserver-Datenübertragunsfehler: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "\"%s\" ist keine Schlüssel-ID: überspringe\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "WARNUNG: Schlüssel %s kann per %s nicht aktualisiert werden: %s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "ein Schlüssel wird per %s aktualisiert\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "%d Schlüssel werden per %s aktualisiert\n"
+
+#: g10/keyserver.c:1987
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "WARNUNG: die URI %s kann nicht geholt werden: %s\n"
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "WARNUNG: die URI %s kann nicht analysiert werden\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "Seltsame Länge für einen verschlüsselten Sitzungsschlüssel (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s verschlüsselter Sitzungsschlüssel\n"
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "Passphrase wurde mit unbekanntem Hashverfahren %d erstellt\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "Öffentlicher Schlüssel ist %s\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "Mit öffentlichem Schlüssel verschlüsselte Daten: Korrekte DEK\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "verschlüsselt mit %u-Bit %s Schlüssel, ID %s, erzeugt %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " \"%s\"\n"
+
+# Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
+# [kw]
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "verschlüsselt mit %s Schlüssel, ID %s\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "Entschlüsselung mit Public-Key-Verfahren fehlgeschlagen: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "Verschlüsselt mit %lu Passphrases\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "Verschlüsselt mit einer Passphrase\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "vermutlich %s-verschlüsselte Daten\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "IDEA-Verschlüsselung nicht verfügbar; versucht wird stattdessen %s\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "Entschlüsselung erfolgreich\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr ""
+"WARNUNG: Botschaft wurde nicht integritätsgeschützt (integrity protected)\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "Warnung: Verschlüsselte Botschaft ist manipuliert worden!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr "Passphrase aus dem Cache gelöscht. Cache ID: %s\n"
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "Entschlüsselung fehlgeschlagen: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr ""
+"Hinweis: Der Absender verlangte Vertraulichkeit(\"for-your-eyes-only\")\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "Ursprünglicher Dateiname='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr "WARNUNG: Mehr als ein Klartext erkannt\n"
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr ""
+"Einzelner Widerruf - verwenden Sie \"gpg --import\", um ihn anzuwenden\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+msgid "no signature found\n"
+msgstr "Keine Signatur gefunden\n"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "Signaturüberprüfung unterdrückt\n"
+
+#: g10/mainproc.c:1587
+msgid "can't handle this ambiguous signature data\n"
+msgstr "diese mehrdeutige Signaturdaten können nicht bearbeitet werden\n"
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "Signatur vom %s\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " mittels %s-Schlüssel %s\n"
+
+# Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Signatur vom %s mittels %s-Schlüssel ID %s\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Schlüssel erhältlich bei: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "FALSCHE Signatur von \"%s\""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Verfallene Signatur von \"%s\""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "Korrekte Signatur von \"%s\""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[ungewiß] "
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " alias \"%s\""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Diese Signatur ist seit %s verfallen.\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Diese Signatur verfällt am %s.\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s Signatur, Hashmethode \"%s\"\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "Binäre"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "Textmodus"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "unbekannt"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Signatur kann nicht geprüft werden: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "keine abgetrennte Signatur\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"WARNUNG: Mehrfache Signaturen erkannt. Es wird nur die erste geprüft.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "Einzelne Signatur der Klasse 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "Signatur nach alter (PGP 2.x) Art\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "ungültiges root-Paket in proc_tree() entdeckt\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "fstat von `%s' schlug fehl in %s: %s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "fstat(%d) schlug fehl in %s: %s\n"
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "WARNUNG: Verwendung des experimentellen Public-Key-Verfahrens %s\n"
+
+#: g10/misc.c:302
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+"WARNUNG: Die Verwendung von Elgamal sign+encrypt Schlüsseln ist nicht "
+"ratsam\n"
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "WARNING: Verwendung des experimentellen Verschlüsselungsverfahren %s\n"
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "WARNUNG: Verwendung des experimentellen Hashverfahrens %s\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "WARNUNG: Die Verwendung des Hashverfahrens %s ist nicht ratsam\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "das IDEA-Verschlüsselungs-Plugin ist nicht vorhanden\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, c-format
+msgid "please see %s for more information\n"
+msgstr "Siehe %s für weitere Infos\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: mißbilligte Option \"%s\".\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "WARNUNG: \"%s\" ist eine mißbilligte Option.\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "Bitte benutzen Sie stattdessen \"%s%s\".\n"
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr ""
+"WARNUNG: \"%s\" ist ein nicht ratsamer Befehl - verwenden Sie ihn nicht.\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr "%s:%u: Die Option \"%s\" is veraltet - sie hat keine Wirkung\n"
+
+#: g10/misc.c:787
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "WARNUNG: \"%s\" ist eine veraltete Option - sie hat keine Wirkung.\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "nicht komprimiert"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr "unkomprimiert|kein|keine"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "Diese Botschaft könnte für %s unbrauchbar sein\n"
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "Mehrdeutige Option '%s'\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "Unbekannte Option '%s'\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Datei '%s' existiert bereits. "
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "Ãœberschreiben (j/N)? "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: unbekannte Dateinamenerweiterung\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Neuen Dateinamen eingeben"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "Schreiben auf die Standardausgabe\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "die unterzeichneten Daten sind wohl in '%s'\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "Neue Konfigurationsdatei `%s' erstellt\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+"WARNUNG: Optionen in `%s' sind während dieses Laufes noch nicht wirksam\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "dieses Public-Key Verfahren %d kann nicht benutzt werden\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+"WARNUNG: Möglicherweise unsicherer symmetrisch verschlüsselter "
+"Sitzungsschlüssel\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "Im Unterpaket des Typs %d ist das \"critical bit\" gesetzt\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr "Problem mit dem Agenten: %s\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (Hauptschlüssel-ID %s)"
+
+#: g10/passphrase.c:358
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Sie benötigen eine Passphrase, um den geheimen OpenPGP Schlüssel zu "
+"entsperren.\n"
+"Benutzer: \"%.*s\"\n"
+"%u-bit %s Schlüssel, ID %s, erzeugt %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Geben Sie die Passphrase ein\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "Abbruch durch Benutzer\n"
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"Sie benötigen eine Passphrase, um den geheimen Schlüssel zu entsperren.\n"
+"Benutzer: \"%s\"\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-Bit %s Schlüssel, ID %s, erzeugt %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (Unterschlüssel aus Hauptschlüssel-ID %s)"
+
+# translated by wk
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Wählen Sie ein Bild für Ihre Foto-ID aus. Das Bild muß eine JPEG-Datei\n"
+"sein. Bitte beachten Sie, daß das Bild in Ihrem öffentlichen\n"
+"Schlüssel gespeichert wird. Wenn Sie ein sehr großes Bild benutzen,\n"
+"wir Ihr Schlüssel leider auch sehr groß werden. Ein Bild der Größe\n"
+"240x288 Pixel ist eine gute Wahl.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Dateiname mit JPEG für die Foto-ID eingeben: "
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "JPEG-Datei `%s' kann nicht geöffnet werden: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "Diese JPEG-Datei ist echt groß (%d Byte)!\n"
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Wollen Sie es wirklich benutzen? (j/N) "
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "`%s' ist keine JPEG-Datei\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Ist dieses Bild richtig? (j/N) "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "Die Foto-ID kann nicht angezeigt werden!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Kein Grund angegeben"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Schlüssel ist überholt"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Hinweis: Dieser Schlüssel ist nicht mehr sicher"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Schlüssel wird nicht mehr benutzt"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "User-ID ist nicht mehr gültig"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "Grund für Widerruf: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "Widerruf-Bemerkung: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMqQsS"
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "Es ist kein \"trust value\" zugewiesen für:\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " \"%s\"\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+"Wie sicher sind Sie, daß dieser Schlüssel wirklich dem angegebenen Besitzer "
+"gehört?\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Weiß nicht so recht\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = Nein, ihm traue ich NICHT\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Ich vertraue ihm absolut\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " m = Zurück zum Menü\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " s = diesen Schlüssel überspringen\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " q = verlassen\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr "Die minimale Trust-Ebene für diesen Schlüssel beträgt: %s\n"
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Ihre Auswahl? "
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Wollen Sie diesem Schlüssel wirklich uneingeschränkt vertrauen? (j/N) "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Zertifikate führen zu einem letztlich vertrauenswürdigen Schlüssel:\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Es gibt keine Garantie, daß dieser Schlüssel wirklich dem angegebenen "
+"Besitzer gehört.\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Es gibt nur eine beschränkte Garantie, daß dieser Schlüssel wirklich dem "
+"angegebenen Besitzer gehört.\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "Dieser Schlüssel gehört wahrscheinlich dem angegebenen Besitzer\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr ""
+"Dieser Schlüssel gehört uns (da wir nämlich den geheimen Schlüssel dazu "
+"haben)\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"Es ist NICHT sicher, daß der Schlüssel zu dem in der User-ID\n"
+"Genannten gehört. Wenn Sie *wirklich* wissen, was Sie tun,\n"
+"können Sie die nächste Frage mit ja beantworten\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "Diesen Schlüssel trotzdem benutzen? (j/N) "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "WARNUNG: Ein Schlüssel ohne gesichertes Vertrauen wird benutzt!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+"WARNUNG: Dieser Schlüssel ist u.U. widerrufen: Widerrufschlüssel ist nicht "
+"vorhanden\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr ""
+"WARNUNG: Dieser Schlüssel wurde vom vorgesehen Widerrufer widerrufen!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "WARNUNG: Dieser Schlüssel wurde von seinem Besitzer widerrufen!\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " Das könnte bedeuten, daß die Signatur gefälscht ist.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "WARNUNG: Dieser Unterschlüssel wurde von seinem Besitzer widerrufen!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Hinweis: Dieser Schlüssel wurde abgeschaltet.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr "Hinweis: Überprüfte Adresse des Unterzeichners ist `%s'\n"
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+"Hinweise: Adresse des Unterzeichners `%s' passt nicht zum DNS-Eintrag\n"
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr "\"Trust\"-Ebene auf VOLLSTÄNDIG geändert (wg. gültiger PKA-Info)\n"
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr "\"Trust\"-Ebene auf NIEMALS geändert (wg. falscher PKA-Info)\n"
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Hinweis: Dieser Schlüssel ist verfallen!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen "
+"Besitzer gehört.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "WARNUNG: Wir haben KEIN Vertrauen zu diesem Schlüssel!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Die Signatur ist wahrscheinlich eine FÄLSCHUNG.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"WARNUNG: Dieser Schlüssel ist nicht durch hinreichend vertrauenswürdige "
+"Signaturen zertifiziert!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr ""
+" Es ist nicht sicher, daß die Signatur wirklich dem vorgeblichen "
+"Besitzer gehört.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: übersprungen: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: übersprungen: öffentlicher Schlüssel bereits vorhanden\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr ""
+"Sie haben keine User-ID angegeben (Sie können die Option \"-r\" verwenden).\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr "Derzeitige Empfänger:\n"
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Geben Sie die User-ID ein. Beenden mit einer leeren Zeile: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Keine solche User-ID vorhanden.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr ""
+"übersprungen: öffentlicher Schlüssel bereits als Standardempfänger gesetzt\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Öffentlicher Schlüssel ist abgeschaltet.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "übersprungen: öffentlicher Schlüssel bereits gesetzt\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "Unbekannter voreingestellter Empfänger \"%s\"\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: übersprungen: öffentlicher Schlüssel ist abgeschaltet\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "Keine gültigen Adressaten\n"
+
+#: g10/pkclist.c:1503
+#, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "Hinweis: Schlüssel %s besitzt nicht die %s Eigenschaft\n"
+
+#: g10/pkclist.c:1528
+#, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "Hinweis: Schlüssel %s hat keine Einstellung für %s\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+"Daten wurden nicht gespeichert; verwenden Sie dafür die Option \"--output\"\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Abgetrennte Beglaubigungen.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Bitte geben Sie den Namen der Datendatei ein: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "lese stdin ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "keine signierten Daten\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "kann signierte Datei '%s' nicht öffnen.\n"
+
+#: g10/plaintext.c:607
+#, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "kann signierte Daten auf fd=%d nicht öffnen: %s\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "Ungenannter Empfänger; Versuch mit geheimen Schlüssel %s ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "Alles klar, wir sind der ungenannte Empfänger.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "alte Kodierung des DEK wird nicht unterstützt\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "Verschlüsselungsverfahren %d%s ist unbekannt oder abgeschaltet\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr ""
+"WARNUNG: Das Verschlüsselungsverfahren %s wurde nicht in den "
+"Empfängereinstellungen gefunden\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "Hinweis: geheimer Schlüssel %s verfällt am %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "Hinweis: Schlüssel wurde widerrufen"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "\"build_packet\" fehlgeschlagen: %s\n"
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "Schlüssel %s hat keine User-IDs\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Schlüssel soll widerrufen werden von:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Dies ist ein \"sensitiver\" Widerrufsschlüssel)\n"
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr ""
+"Ein vorgesehenes Widerrufszertifikat für diesen Schlüssel erzeugen? (j/N) "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "Ausgabe mit ASCII Hülle erzwungen\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "\"make_keysig_packet\" fehlgeschlagen: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Widerrufzertifikat erzeugt.\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "keine Widerrufsschlüssel für \"%s\" gefunden\n"
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "Geheimer Schlüssel \"%s\" nicht gefunden: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "kein zugehöriger öffentlicher Schlüssel: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "Öffentlicher Schlüssel paßt nicht zum geheimen Schlüssel!\n"
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Ein Widerrufszertifikat für diesen Schlüssel erzeugen? (j/N) "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "Unbekanntes Schutzverfahren\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "Dieser Schlüssel ist nicht geschützt.\n"
+
+# translated by wk
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Widerrufszertifikat wurde erzeugt.\n"
+"\n"
+"Bitte speichern Sie es auf einem Medium, welches Sie wegschließen\n"
+"können; falls Mallory (ein Angreifer) Zugang zu diesem Zertifikat\n"
+"erhält, kann er Ihren Schlüssel unbrauchbar machen. Es wäre klug,\n"
+"dieses Widerrufszertifikat auch auszudrucken und sicher aufzubewahren,\n"
+"falls das ursprüngliche Medium nicht mehr lesbar ist. Aber Obacht: Das\n"
+"Drucksystem kann unter Umständen anderen Nutzern eine Kopie zugänglich\n"
+"machen.\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Grund für den Widerruf:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Abbruch"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Wahrscheinlich möchten Sie hier %d auswählen)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr ""
+"Geben Sie eine optionale Beschreibung ein. Beenden mit einer leeren Zeile:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Grund für Widerruf: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(Keine Beschreibung angegeben)\n"
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "Ist das OK? (j/N) "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "Teile des geheimen Schlüssels sind nicht vorhanden\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "Schutzverfahren %d%s wird nicht unterstützt\n"
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "Hashschutzverfahren %d wird nicht unterstützt\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Ungültige Passphrase; versuchen Sie es bitte noch einmal"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+"WARNUNG: Unsicherer Schlüssel entdeckt -\n"
+" bitte Passphrase nochmals wechseln.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"Die mißbilligte 16-bit Prüfsumme wird zum Schutz des geheimen Schlüssels "
+"benutzt\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "Unsicherer Schlüssel erzeugt - neuer Versuch\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"Trotz %d-fachen Versuches konnte die Erzeugung eines unsicheren Schlüssels "
+"für sym. Verschlüsselung nicht vermieden werden!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr "Für DSA muß die Hashlänge ein Vielfaches von 8 Bit sein\n"
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr "DSA-Schlüssel %s verwendet einen unsicheren (%u Bit-) Hash\n"
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr "DSA-Schlüssel %s benötigt einen mindestens %u Bit langen Hash\n"
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "WARNUNG: Widersprechende Hashverfahren in der signierten Nachricht\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "WARNUNG: Signaturunterschlüssel %s hat keine Rücksignatur\n"
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr "WARNUNG: Signaturunterschlüssel %s hat eine ungültige Rücksignatur\n"
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "Öffentlicher Schlüssel %s ist %lu Sekunden jünger als die Signatur\n"
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "Öffentlicher Schlüssel %s ist %lu Sekunden jünger als die Signatur\n"
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"Schlüssel %s wurde %lu Sekunden in der Zukunft erzeugt (Zeitreise oder "
+"Uhrenproblem)\n"
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"Schlüssel %s wurde %lu Sekunden in der Zukunft erzeugt (Zeitreise oder "
+"Uhrenproblem)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "Hinweis: Signaturschlüssel %s ist am %s verfallen\n"
+
+#: g10/sig-check.c:252
+#, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "Hinweis: Signaturschlüssel %s wurde widerrufen\n"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"Vermutlich eine FALSCHE Signatur von Schlüssel %s, wegen unbekanntem "
+"\"critical bit\"\n"
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr ""
+"Schlüssel %s: Kein Unterschlüssel für die Unterschlüsselwiderruf-"
+"Beglaubigung\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr ""
+"Schlüssel %s: Kein Unterschlüssel für die Unterschlüsselanbindungs-"
+"Beglaubigung\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"WARNUNG: \"Notation\" kann nicht %%-erweitert werden (zu groß). Verwende "
+"\"unerweiterte\".\n"
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"WARNUNG: Richtlinien-URL kann nicht %%-erweitert werden (zu groß). Verwende "
+"\"unerweiterte\".\n"
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"WARNUNG: URL für bevorzugten Schlüsselserver kann nicht %%-erweitert werden "
+"(zu groß). Verwende \"unerweiterte\".\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "Prüfung der erstellten Signatur ist fehlgeschlagen: %s\n"
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s Signatur von: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"Im --pgp2-Modus kann nur mit PGP-2.x-artigen Schlüsseln eine abgetrennte "
+"Signatur erzeugt werden\n"
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"WARNUNG: Erzwingen des Hashverfahrens %s (%d) verstößt gegen die "
+"Empfängervoreinstellungen\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "signiere:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"Im --pgp2-Modus können Sie Klartextsignaturen nur mit PGP-2.x-artigen "
+"Schlüssel machen\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "%s Verschlüsselung wird verwendet\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"Schlüssel ist nicht als unsicher gekennzeichnet - er ist nur mit einem\n"
+"echten Zufallsgenerator verwendbar\n"
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "übersprungen \"%s\": doppelt\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "übersprungen \"%s\": %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "übersprungen: geheimer Schlüssel bereits vorhanden\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"Dies ist ein durch PGP erzeugter Elgamal-Schlüssel. Das ist für Signaturen "
+"NICHT sicher genug!"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "Vertrauenssatz %lu, Typ %d: Schreiben fehlgeschlagen: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Liste der zugewiesenen Trustwerte, erzeugt am %s\n"
+"# (\"gpg --import-ownertrust\" um sie zu restaurieren)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "Fehler in `%s': %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "Zeile ist zu lang"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr "Doppelpunkt fehlt"
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "ungültiger Fingerabdruck"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "\"Owner trust\"-Wert fehlt"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "Fehler beim Suchen des \"Trust records\" in `%s': %s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "Lesefehler in `%s': %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "\"Trust-DB\": sync fehlgeschlagen: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "trustdb Satz %lu: lseek fehlgeschlagen: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "trustdb Satz %lu: write fehlgeschlagen (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "trustdb Transaktion zu groß\n"
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "kann aus `%s' nicht zugreifen: %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: Verzeichnis existiert nicht!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "Datei `%s' konnte nicht gesperrt werden\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "'%s' kann nicht gesperrt werden\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: Fehler beim Erzeugen des Versionsatzes: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: ungültige trust-db erzeugt\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: trust-db erzeugt\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "Notiz: Die \"trustdb\" ist nicht schreibbar\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: ungültige 'Trust'-Datenbank\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: hashtable kann nicht erzeugt werden: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: Fehler beim Ändern des Versionsatzes: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: Fehler beim Lesen des Versionsatzes: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: Fehler beim Schreiben des Versionsatzes: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "trustdb: lseek fehlgeschlagen: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "trustdb: read failed (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: keine trustdb Datei\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: version record with recnum %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: invalid file version %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: Fehler beim Lesen eines freien Satzes: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: Fehler beim Schreiben eines Verzeichnis-Satzes: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: konnte einen Satz nicht Nullen: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: konnte Satz nicht anhängen: %s\n"
+
+#: g10/tdbio.c:1512
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "Fehler: Die Vertrauensdatenbank ist fehlerhaft\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "Textzeilen länger als %d Zeichen können nicht benutzt werden\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "Eingabezeile ist länger als %d Zeichen\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "'%s' ist keine gültige lange Schlüssel-ID\n"
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "Schlüssel %s: Als vertrauenswürdiger Schlüssel akzeptiert\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "Schlüssel %s tritt mehr als einmal in der \"trustdb\" auf\n"
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr ""
+"Schlüssel %s: kein öffentlicher Schlüssel für den vertrauenswürdigen "
+"Schlüssel - übersprungen\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "Schlüssel %s ist als uneingeschränkt vertrauenswürdig gekennzeichnet\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "trust record %lu, req type %d: read failed: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "Vertrauenssatz %lu ist nicht von der angeforderten Art %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+"Sie können versuchen die Vertrauensdatenbank durch folgende Befehle\n"
+"wiederherzustellen:\n"
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr "Falls dies nicht funktioniert, sehen Sie bitte im Handbuch nach\n"
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+"kann unbekanntes Vertrauensmodell nicht verwenden (%d) - verwende "
+"Vertrauensmodell %s\n"
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr "verwende Vertrauensmodell %s\n"
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr "10"
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr "[widerrufen]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr "[verfall.]"
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr "[ unbek.]"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr "[ undef.]"
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr "[marginal]"
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr "[ vollst.]"
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr "[ uneing.]"
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr "unbestimmt"
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr "niemals"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr "marginal"
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr "vollständig"
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr "uneingeschränkt"
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "\"Trust-DB\"-Überprüfung nicht nötig\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "nächste \"Trust-DB\"-Pflichtüberprüfung am %s\n"
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "\"Trust-DB\"-Überprüfung ist beim `%s'-Vertrauensmodell nicht nötig\n"
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "\"Trust-DB\"-Änderung ist beim `%s'-Vertrauensmodell nicht nötig\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "Öffentlicher Schlüssel %s nicht gefunden: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "Bitte ein --check-trustdb durchführen\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "\"Trust-DB\" wird überprüft\n"
+
+# translated by wk
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d Schlüssel verarbeitet (%d Validity Zähler gelöscht)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "keine uneingeschränkt vertrauenswürdigen Schlüssel gefunden\n"
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr ""
+"öff. Schlüssel des uneingeschränkt vertrautem Schlüssel %s nicht gefunden\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr "%d marginal-needed, %d complete-needed, %s Vertrauensmodell\n"
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+"Tiefe: %d gültig: %3d signiert: %3d Vertrauen: %d-, %dq, %dn, %dm, %df, %"
+"du\n"
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr ""
+"\"Trust-DB\"-Versions-Satz kann nicht geändert werden: Schreiben "
+"fehlgeschlagen: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"Die Signatur konnte nicht überprüft werden.\n"
+"Denken Sie daran, daß die Datei mit der Signatur (.sig oder .asc)\n"
+"als erste in der Kommandozeile stehen sollte.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "Eingabezeile %u ist zu lang oder es fehlt ein LF\n"
+
+#: g10/verify.c:253
+#, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "fd=%d kann nicht geöffnet werden: %s\n"
+
+#: jnlib/argparse.c:180
+msgid "argument not expected"
+msgstr "Argument nicht erwartet"
+
+#: jnlib/argparse.c:182
+msgid "read error"
+msgstr "Lesefehler"
+
+#: jnlib/argparse.c:184
+msgid "keyword too long"
+msgstr "Schlüsselwort ist zu lang"
+
+#: jnlib/argparse.c:186
+msgid "missing argument"
+msgstr "Fehlendes Argument"
+
+#: jnlib/argparse.c:188
+msgid "invalid command"
+msgstr "Ungültiger Befehl"
+
+#: jnlib/argparse.c:190
+msgid "invalid alias definition"
+msgstr "Ungültige Alias-Definition"
+
+#: jnlib/argparse.c:192
+msgid "out of core"
+msgstr "Nicht genügend Speicher"
+
+#: jnlib/argparse.c:194
+msgid "invalid option"
+msgstr "Ungültige Option"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr "Fehlendes Argument für Option \"%.50s\"\n"
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr "Option \"%.50s\" erwartet kein Argument\n"
+
+#: jnlib/argparse.c:207
+#, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "Ungültiger Befehl \"%.50s\"\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr "Option \"%.50s\" ist mehrdeutig\n"
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr "Befehl \"%.50s\" ist mehrdeutig\n"
+
+#: jnlib/argparse.c:213
+msgid "out of core\n"
+msgstr "Nicht genügend Speicher\n"
+
+#: jnlib/argparse.c:215
+#, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "Ungültige Option \"%.50s\"\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "Sie haben einen Bug (Programmfehler) gefunden ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, c-format
+msgid "error loading `%s': %s\n"
+msgstr "Fehler beim Laden von `%s': %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr "Umwandlung von `%s' in `%s' ist nicht verfügbar\n"
+
+#: jnlib/utf8conv.c:131
+#, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "iconv_open fehlgeschlagen: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "Umwandlung von `%s' in `%s' schlug fehl: %s\n"
+
+#: jnlib/dotlock.c:234
+#, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "Die temporäre Datei `%s' kann nicht erstellt werden: %s\n"
+
+#: jnlib/dotlock.c:269
+#, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "Fehler beim Schreiben von %s: %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr "eine übriggebliebene Sperrdatei wird entfernt (erzeugt von %d)\n"
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr " - existiert wahrscheinlich nicht mehr - entferne Sperre"
+
+#: jnlib/dotlock.c:469
+#, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "warte auf die Freigabe der Sperre (gehalten von %d%s) %s...\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr "(Deadlock?) "
+
+#: jnlib/dotlock.c:493
+#, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "Dateisperre %s konnte nicht eingerichtet werden: %s\n"
+
+#: jnlib/dotlock.c:501
+#, c-format
+msgid "waiting for lock %s...\n"
+msgstr "Warten auf die Freigabe der Dateisperre `%s' ...\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr "Debug Flags setzen"
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr "Alle Debug Flags setzen"
+
+#: kbx/kbxutil.c:117
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Aufruf: kbxutil [Optionen] [Dateien] (-h für Hilfe)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+"Syntax: kbxutil [Optionen] [Dateien]\n"
+"Anlisten exportieren und Importieren von KeyBox Dateien\n"
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "Der RSA Modulus fehlt oder ist nicht %d Bits lang\n"
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "Der öffentliche Exponent fehlt oder ist zu groß (mehr als %d Bit)\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN-Callback meldete Fehler: %s\n"
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr "Die Nullpin wurde noch nicht geändert\n"
+
+#: scd/app-nks.c:1092
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "|N|Bitte eine neue PIN für den Standard-Schlüssel eingeben."
+
+#: scd/app-nks.c:1093
+msgid "||Please enter the PIN for the standard keys."
+msgstr "||Bitte die PIN für den Standard-Schlüssel eingeben."
+
+#: scd/app-nks.c:1099
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr ""
+"|NP|Bitte geben Sie einen neuen PIN Entsperrcode (PUK) für den Standard-"
+"Schlüssel ein."
+
+#: scd/app-nks.c:1101
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr ""
+"|P|Bitte geben Sie den PIN Entsperrcode (PUK) für den Standard-Schlüssel ein."
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+"|N|Bitte geben Sie eine neue PIN für den Schlüssel zur Erstellung "
+"qualifizierter Signaturen ein."
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+"||Bitte geben Sie die PIN für den Schlüssel zur Erstellung qualifizierter "
+"Signaturen ein."
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|NP|Bitte geben Sie einen neuen PIN Entsperrcode (PUK) für den Schlüssel zur "
+"Erstellung qualifizierter Signaturen ein."
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|N|Bitte geben Sie den PIN Entsperrcode (PUK) für den Schlüssel zur "
+"Erstellung qualifizierter Signaturen ein."
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "Fehler beim Abfragen einer neuen PIN: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "Der Fingerabdruck kann nicht gespeichert werden: %s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "Das Erzeugungsdatum konnte nicht gespeichert werden: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "Lesen des öffentlichen Schlüssels fehlgeschlagen: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "Die Antwort enthält keine öffentliche Schlüssel-Daten\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "Die Antwort enthält das RSA-Modulus nicht\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "Antwort enthält den öffentlichen RSA-Exponenten nicht\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr "Die Standard PIN wird für %s benutzt\n"
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+"Die Standard PIN für %s konnte nicht benutzt werden: %s - Die Standard PIN "
+"wird nicht weiter benutzt\n"
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||Bitte die PIN eingeben%%0A[Sigs erzeugt: %lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+msgid "||Please enter the PIN"
+msgstr "||Bitte die PIN eingeben"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "PIN für CHV%d ist zu kurz; die Mindestlänge beträgt %d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "Prüfung des CHV%d fehlgeschlagen: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "Fehler beim Holen des CHV-Status' von der Karte\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "Karte ist dauerhaft gesperrt!\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr "Noch %d Admin-PIN-Versuche, bis die Karte dauerhaft gesperrt ist\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "|A|Bitte die Admin-PIN eingeben.%%0A[Verbliebene Versuche: %d]"
+
+#: scd/app-openpgp.c:1680
+msgid "|A|Please enter the Admin PIN"
+msgstr "|A|Bitte die Admin-PIN eingeben."
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "Zugriff auf Admin-Befehle ist nicht eingerichtet\n"
+
+#: scd/app-openpgp.c:2035
+msgid "||Please enter the Reset Code for the card"
+msgstr "Bitte geben Sie den Rückstellcode für diese Karte ein"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "Der Rückstellcode ist zu kurz; die Mindestlänge beträgt %d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr "|RN|Neuer Rückstellcode"
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr "|AN|Neue Admin-PIN"
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr "|N|Neue PIN"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "Fehler beim Lesen der Anwendungsdaten\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "Fehler beim Lesen des Fingerabdrucks DO\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "Schlüssel existiert bereits\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "Existierender Schlüssel wird ersetzt werden\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "neue Schlüssel werden erzeugt\n"
+
+#: scd/app-openpgp.c:2202
+msgid "writing new key\n"
+msgstr "der neue Schlüssel wird geschrieben\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr "Erzeugungsdatum fehlt\n"
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr "Die RSA Primzahl %s fehlt oder ist nicht %d Bits lang\n"
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "Speichern des Schlüssels fehlgeschlagen: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "Bitte warten, der Schlüssel wird erzeugt ...\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "Schlüsselerzeugung fehlgeschlagen\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "Schlüsselerzeugung abgeschlossen (%d Sekunden)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "Ungültige Struktur der OpenPGP-Karte (DO 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr "Der Fingerabdruck auf der Karte entspricht nicht dem angeforderten.\n"
+
+#: scd/app-openpgp.c:3099
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "Die Hashmethode %s wird von der Karte nicht unterstützt\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "Anzahl bereits erzeugter Signaturen: %lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+"Die Überprüfung der Admin PIN ist momentan durch einen Befehl verboten "
+"worden\n"
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "Kann auf %s nicht zugreifen - ungültige OpenPGP-Karte?\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr "||Bitte die PIN auf der Tastatur des Kartenlesers eingeben"
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr "|N|Erstmalige neue PIN"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr "Im Multiserver Modus ausführen"
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr "|NAME|Die Debugstufe auf NAME setzen"
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+msgid "|FILE|write a log to FILE"
+msgstr "|DATEI|Schreibe Logs auf DATEI"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr "|N|Verbinde mit dem Leser auf Port N"
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NAME|Benutze NAME als CT-API Treiber"
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NAME|Benutze NAME als PC/SC Treiber"
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr "Den internen CCID Treiber nicht benutzen"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr "|N|Schalte die Karte nach N Sekunden Inaktivität ab"
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr "Die Tastatur des Kartenlesers nicht benutzen"
+
+#: scd/scdaemon.c:144
+msgid "deny the use of admin card commands"
+msgstr "Verweigere die Benutzung von \"Admin\"-Befehlen"
+
+#: scd/scdaemon.c:259
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Aufruf: scdaemon [Optionen] (-h für Hilfe)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+"Syntax: scdaemon [Optionen] [Befehl [Argumente]]\n"
+"Smartcard Daemon für GnuPG\n"
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+"Bitte die Option `--daemon' nutzen, um das Programm im Hintergund "
+"auszuführen\n"
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr "Handhabungsroutine für fd %d gestartet\n"
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr "Handhabungsroutine für den fd %d beendet\n"
+
+#: sm/base64.c:325
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "Ungültiges Basis-64 Zeichen %02X wurde übersprungen\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "Die %s \"inquiry\" konnte nicht an den Client weitergeleitet werden\n"
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr "Kein aktiver Dirmngr - `%s' wird einer gestartet\n"
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "Die Variable DIRMNGR_INFO ist fehlerhaft\n"
+
+#: sm/call-dirmngr.c:297
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "Die Dirmngr Protokollversion %d wird nicht unterstützt\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+"Verbindung zum Dirmngr kann nicht aufgebaut werden - Ersatzmethode wird "
+"versucht\n"
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr "Durch Zertifikat angefordertes Gültigkeitsmodell: %s"
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr "Kette"
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+msgid "shell"
+msgstr "Schale"
+
+#: sm/certchain.c:258
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "Die kritische Zertifikaterweiterung %s wird nicht unterstützt"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr "Das Herausgeberzertifikat ist nicht für eine CA gekennzeichnet"
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr "entscheidende Richtlinie ohne konfigurierte Richtlinien"
+
+#: sm/certchain.c:345
+#, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "Datei `%s' kann nicht geöffnet werden: %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr "Notiz: Die unkritische Zertifikatsrichtlinie ist nicht erlaubt"
+
+#: sm/certchain.c:357 sm/certchain.c:386
+msgid "certificate policy not allowed"
+msgstr "Die Zertifikatsrichtlinie ist nicht erlaubt"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr "Der Herausgeber wird von einer externen Stelle gesucht\n"
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr "Anzahl der übereinstimmenden Herausgeber: %d\n"
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr "Der Herausgeber wird im Cache des Dirmngr gesucht\n"
+
+#: sm/certchain.c:585
+#, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "Anzahl der übereinstimmenden Zertifikate: %d\n"
+
+#: sm/certchain.c:587
+#, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "Schlüsselsuche im Cache des Dirmngr schlug fehl: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+msgid "failed to allocated keyDB handle\n"
+msgstr "Ein keyDB Handle konnte nicht bereitgestellt werden\n"
+
+#: sm/certchain.c:925
+msgid "certificate has been revoked"
+msgstr "Das Zertifikat wurde widerrufen"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr "Der Status des Zertifikats ist nicht bekannt"
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+"Bitte vergewissern Sie sich, daß der \"dirmngr\" richtig installiert ist\n"
+
+#: sm/certchain.c:953
+#, c-format
+msgid "checking the CRL failed: %s"
+msgstr "Die CRL konnte nicht geprüft werden: %s"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "Zertifikat mit unzulässiger Gültigkeit: %s"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr "Das Zertifikat ist noch nicht gültig"
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+msgid "root certificate not yet valid"
+msgstr "Das Wurzelzertifikat ist noch nicht gültig"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr "Das Zwischenzertifikat ist noch nicht gültig"
+
+#: sm/certchain.c:1012
+msgid "certificate has expired"
+msgstr "Das Zertifikat ist abgelaufen"
+
+#: sm/certchain.c:1013
+msgid "root certificate has expired"
+msgstr "Das Wurzelzertifikat ist abgelaufen"
+
+#: sm/certchain.c:1014
+msgid "intermediate certificate has expired"
+msgstr "Das Zwischenzertifikat ist abgelaufen"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr "Notwendige Zertifikatattribute fehlen: %s%s%s"
+
+#: sm/certchain.c:1065
+msgid "certificate with invalid validity"
+msgstr "Zertifikat mit unzulässiger Gültigkeit"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr "Die Signatur wurde nicht in der Gültigkeitszeit des Zertifikat erzeugt"
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+"Das Zertifikat wurde nicht während der Gültigkeitszeit des Herausgebers "
+"erzeugt"
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+"Das Zwischenzertifikat wurde nicht während der Gültigkeitszeit des "
+"Herausgebers erzeugt"
+
+#: sm/certchain.c:1109
+msgid " ( signature created at "
+msgstr " ( Signatur erzeugt am "
+
+#: sm/certchain.c:1110
+msgid " (certificate created at "
+msgstr " ( Zertifikat erzeugt am "
+
+#: sm/certchain.c:1113
+msgid " (certificate valid from "
+msgstr " ( Zertifikat gültig von "
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr " ( Herausgeber gültig von "
+
+#: sm/certchain.c:1144
+#, c-format
+msgid "fingerprint=%s\n"
+msgstr "Fingerprint=%s\n"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr "Das Wurzelzertifikat wurde nun als vertrauenswürdig markiert\n"
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+"Interaktives vertrauenswürdig-Markieren ist in gpg-agent ausgeschaltet\n"
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+"Interaktives vertrauenswürdig-Markieren ist in dieser Sitzung ausgeschaltet\n"
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+"WARNUNG: Der Erzeugungszeitpunkt der Signatur ist nicht bekannt - Nehme die "
+"aktuelle Zeit an"
+
+#: sm/certchain.c:1293
+msgid "no issuer found in certificate"
+msgstr "Im Zertifikat ist kein Herausgeber enthalten"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr "Das eigenbeglaubigte Zertifikat hat eine FALSCHE Signatur"
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr "Das Wurzelzertifikat ist nicht als vertrauenswürdig markiert"
+
+#: sm/certchain.c:1448
+#, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "Fehler beim Prüfen der vertrauenswürdigen Zertifikate: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr "Der Zertifikatkette ist zu lang\n"
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr "Herausgeberzertifikat nicht gefunden"
+
+#: sm/certchain.c:1522
+msgid "certificate has a BAD signature"
+msgstr "Das Zertifikat hat eine FALSCHE Signatur"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+"Eine anderes möglicherweise passendes CA-Zertifikat gefunden - versuche "
+"nochmal"
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr "Die Zertifikatkette ist länger als von der CA erlaubt (%d)"
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+msgid "certificate is good\n"
+msgstr "Das Zertifikat ist korrekt\n"
+
+#: sm/certchain.c:1645
+msgid "intermediate certificate is good\n"
+msgstr "Das Zwischenzertifikat ist korrekt\n"
+
+#: sm/certchain.c:1646
+msgid "root certificate is good\n"
+msgstr "Das Wurzelzertifikat ist korrekt\n"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr "Umgeschaltet auf das Kettenmodell"
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr "Benutztes Gültigkeitsmodell: %s"
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr "%s-Schlüssel verwendet ein unsicheres (%u-Bit) Hashverfahren\n"
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+"Ein %u-Bit Hashverfahren ist für einen %u-Bit %s Schlüssel nicht möglich\n"
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr "(Dies ist der MD2 Algorithmus)\n"
+
+#: sm/certdump.c:60 sm/certdump.c:143
+msgid "none"
+msgstr "keine"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+msgid "[Error - invalid encoding]"
+msgstr "[Fehler - Ungültige Kodierung]"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr "[Fehler - Nicht genügend Speicher]"
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr "[Fehler - Kein Name]"
+
+#: sm/certdump.c:679 sm/certdump.c:738
+msgid "[Error - invalid DN]"
+msgstr "[Fehler - Ungültiger DN]"
+
+#: sm/certdump.c:948
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Bitte geben Sie die Passphrase an, um den geheimen Schlüssel des X.509 "
+"Zertifikats:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"gültig von %s bis %s\n"
+"zu entsperren.\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+"Schlüsselverwendungszweck nicht vorhanden - für alle Zwecke akzeptiert\n"
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "Fehler beim Holen der Schlüsselbenutzungsinformationen: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr "Das Zertifikat hätte nicht zum Zertifizieren benutzt werden sollen\n"
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+"Das Zertifikat hätte nicht zum Signieren von OCSP Antworten benutzt werden "
+"sollen\n"
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr "Das Zertifikat hätte nicht zum Verschlüsseln benutzt werden sollen\n"
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr "Das Zertifikat hätte nicht zum Signieren benutzt werden sollen\n"
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr "Das Zertifikat kann nicht zum Verschlüsseln benutzt werden\n"
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr "Das Zertifikat kann nicht zum Signieren benutzt werden\n"
+
+#: sm/certreqgen.c:474
+#, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "Zeile %d: Ungültiges Verfahren\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr "Zeile %d: Ungültige Schlüssellänge %u (gültig Werte: %d bis %d)\n"
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr "Zeile %d: Kein Subjekt-Name angegeben\n"
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr "Zeile %d: ungültiger Subjekt-Name-Label `%.*s'\n"
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr "Zeile %d: ungültige Betreffbezeichnung `%s' in Spalte %d\n"
+
+#: sm/certreqgen.c:534
+#, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Zeile %d: Keine gültige E-Mailadresse\n"
+
+#: sm/certreqgen.c:546
+#, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "Zeile %d: Fehler beim Lesen des Schlüssels `%s' von der Karte: %s\n"
+
+#: sm/certreqgen.c:558
+#, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "Zeile %d: Fehler beim Holen des Schlüssels per \"Keygrip\" `%s': %s\n"
+
+#: sm/certreqgen.c:574
+#, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "Zeile %d: Schlüsselerzeugung schlug fehl: %s <%s>\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+"Um die Zertifikatsanforderung fertigzustellen, geben Sie nun bitte\n"
+"noch einmal die Passphrase des soeben erzeugten Schlüssels ein.\n"
+
+#: sm/certreqgen-ui.c:158
+#, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA\n"
+
+#: sm/certreqgen-ui.c:159
+#, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) Vorhandener Schlüssel\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr " (%d) Vorhandener Schlüssel auf der Karte\n"
+
+#: sm/certreqgen-ui.c:202
+msgid "Enter the keygrip: "
+msgstr "Geben Sie den \"Keygrip\" ein: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr "Kein gültiger \"Keygrip\" (40 Hex-Ziffern werden erwartet)\n"
+
+#: sm/certreqgen-ui.c:212
+msgid "No key with this keygrip\n"
+msgstr "Kein Schlüssel mit diesem \"Keygrip\"\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, c-format
+msgid "error reading the card: %s\n"
+msgstr "Fehler beim Lesen von der Karte: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "Karten-Seriennummer: %s\n"
+
+#: sm/certreqgen-ui.c:245
+msgid "Available keys:\n"
+msgstr "Vorhandene Schlüssel:\n"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "Mögliche Vorgänge eines %s-Schlüssels:\n"
+
+#: sm/certreqgen-ui.c:277
+#, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) signieren, verschlüsseln\n"
+
+#: sm/certreqgen-ui.c:278
+#, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) signieren\n"
+
+#: sm/certreqgen-ui.c:279
+#, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) verschlüsseln\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr "Bitte geben sie den Namen des X.509 Subjekts ein: "
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr "Kein Subjekt-Name angegeben\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr "Ungültiger Subjekt-Name-Label `%.*s'\n"
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "Ungültiger Subjekt-Name `%s'\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr "25"
+
+#: sm/certreqgen-ui.c:334
+msgid "Enter email addresses"
+msgstr "Email-Adresse eingeben"
+
+#: sm/certreqgen-ui.c:335
+msgid " (end with an empty line):\n"
+msgstr " (Beenden mit einer leeren Zeile):\n"
+
+#: sm/certreqgen-ui.c:339
+msgid "Enter DNS names"
+msgstr "DNS Namen eingeben"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+msgid " (optional; end with an empty line):\n"
+msgstr " (Optional. Beenden mit einer leeren Zeile):\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr "Bitte geben Sie die URIs ein"
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr "Parameter die für die Zertifikatsanforderung benutzt werden sollen:\n"
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+"Die Zertifikatsanforderung wird erzeugt. Dies kann einen Moment dauern ...\n"
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr "Fertig. Sie sollten nun diese Anforderung an die CA senden.\n"
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr "Resourcenproblem: Nicht genügend Hauptspeicher\n"
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr "(Dies ist der RC-2 Algorithmus)\n"
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr "(dies ist wahrscheinlich keine verschlüsselte Nachricht)\n"
+
+#: sm/delete.c:51 sm/delete.c:112
+#, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "Zertifikat `%s' nicht gefunden: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, c-format
+msgid "error locking keybox: %s\n"
+msgstr "Fehler beim Sperren der Keybox: %s\n"
+
+#: sm/delete.c:143
+#, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "Doppeltes Zertifikat `%s' gelöscht\n"
+
+#: sm/delete.c:145
+#, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "Zertifikat `%s' gelöscht\n"
+
+#: sm/delete.c:175
+#, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "Fehler beim Löschen des Zertifikats \"%s\": %s\n"
+
+#: sm/encrypt.c:321
+msgid "no valid recipients given\n"
+msgstr "Keine gültigen Empfänger angegeben\n"
+
+#: sm/gpgsm.c:197
+msgid "list external keys"
+msgstr "Externe Schlüssel anzeigen"
+
+#: sm/gpgsm.c:199
+msgid "list certificate chain"
+msgstr "Schlüssel mit Zertifikatekette anzeigen"
+
+#: sm/gpgsm.c:206
+msgid "import certificates"
+msgstr "Zertifikate importieren"
+
+#: sm/gpgsm.c:207
+msgid "export certificates"
+msgstr "Zertifikate exportieren"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr "Smartcard registrieren"
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr "Das Kommando an den Dirmngr durchreichen"
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr "Rufe das gpg-protect-tool auf"
+
+#: sm/gpgsm.c:230
+msgid "create base-64 encoded output"
+msgstr "Ausgabe im Basis-64 Format erzeugen"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr "Eingabedaten sind im PEM Format"
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr "Eingabedaten sind im Basis-64 Format"
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr "Eingabedaten sind im Binärformat"
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr "Benutze den System Dirmngr falls verfügbar"
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr "Niemals eine CRL konsultieren"
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr "Die Gültigkeit mittels OCSP prüfen"
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr "|N|Sende N Zertifikate mit"
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr "|DATEI|Richtlinieninformationen DATEI entnehmen"
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr "Zertifikatsrichtlinien nicht überprüfen"
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr "Fehlende Zertifikate automatisch holen"
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "das Terminal gar nicht benutzen"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr "|DATEI|Schreibe im Servermodus Logs auf DATEI"
+
+#: sm/gpgsm.c:290
+msgid "|FILE|write an audit log to FILE"
+msgstr "|DATEI|Schreibe ein Audit-Log auf DATEI"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "Stapelmodus: Keine Abfragen"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "\"Ja\" als Standardantwort annehmen"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "\"Nein\" als Standardantwort annehmen"
+
+#: sm/gpgsm.c:298
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "|DATEI|DATEI als öffentlichen Schlüsselbund mitbenutzen"
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|USER-ID|USER-ID als voreingestellten Schlüssel benutzen"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|Schlüssel bei diesem Server nachschlagen"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NAME|Verschlüsselungsverfahren NAME benutzen"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NAME|Hashverfahren NAME benutzen"
+
+#: sm/gpgsm.c:522
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Aufruf: gpgsm [Optionen] [Dateien] (-h für Hilfe)"
+
+#: sm/gpgsm.c:525
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntax: gpgsm [Optionen] [Dateien]\n"
+"Signieren, prüfen, ver- und entschlüsseln mittels S/MIME Protokoll\n"
+
+#: sm/gpgsm.c:617
+msgid "usage: gpgsm [options] "
+msgstr "Aufruf: gpgsm [Optionen] "
+
+#: sm/gpgsm.c:739
+#, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "Hinweis: Verschlüsselung für `%s' wird nicht möglich sein: %s\n"
+
+#: sm/gpgsm.c:750
+#, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "Unbekanntes Gültigkeitsmodell '%s'\n"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: Kein Server-Name angegeben\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: Passwort ohne Benutzer\n"
+
+#: sm/gpgsm.c:841
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: Zeile wird übersprungen\n"
+
+#: sm/gpgsm.c:1376
+msgid "could not parse keyserver\n"
+msgstr "Schlüsselserver-URL konnte nicht analysiert werden\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr "WARNUNG: Ausführung mit gefälschter Systemzeit: "
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "Importiere allgemeine Zertifikate: %s\n"
+
+#: sm/gpgsm.c:1597
+#, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "Signieren mit `%s' nicht möglich: %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr "Ungültiger Befehl (Es gibt keinen implizierten Befehl)\n"
+
+#: sm/import.c:111
+#, c-format
+msgid "total number processed: %lu\n"
+msgstr "gesamte verarbeitete Anzahl: %lu\n"
+
+#: sm/import.c:230
+msgid "error storing certificate\n"
+msgstr "Fehler beim Speichern des Zertifikats\n"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr "Grundlegende Zertifikatprüfungen fehlgeschlagen - nicht importiert\n"
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+msgid "failed to allocate keyDB handle\n"
+msgstr "Kann keinen KeyDB Handler bereitstellen\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "Fehler beim Holen der gespeicherten Flags: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, c-format
+msgid "error importing certificate: %s\n"
+msgstr "Fehler beim Importieren des Zertifikats: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, c-format
+msgid "error reading input: %s\n"
+msgstr "Fehler beim Lesen der Eingabe: %s\n"
+
+#: sm/keydb.c:187
+#, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "Die \"Keybox\" `%s' konnte nicht erstellt werden: %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr "Sie sollten zuerst den gpg-agent starten\n"
+
+#: sm/keydb.c:195
+#, c-format
+msgid "keybox `%s' created\n"
+msgstr "Die \"Keybox\" `%s' wurde erstellt\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+msgid "failed to get the fingerprint\n"
+msgstr "Kann den Fingerprint nicht ermitteln\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr "Problem bei der Suche nach vorhandenem Zertifikat: %s\n"
+
+#: sm/keydb.c:1348
+#, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "Fehler bei der Suche nach einer schreibbaren KeyDB: %s\n"
+
+#: sm/keydb.c:1356
+#, c-format
+msgid "error storing certificate: %s\n"
+msgstr "Fehler beim Speichern des Zertifikats: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "Problem bei Wiederfinden des Zertifikats: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, c-format
+msgid "error storing flags: %s\n"
+msgstr "Fehler beim Speichern der Flags: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr "Fehler - "
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+"GPG_TTY wurde nicht gesetzt - ein (möglicherweise falscher) Standardwert "
+"wird deshalb verwendet\n"
+
+#: sm/qualified.c:105
+#, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "Der Fingerabdruck in `%s', Zeile %d is fehlerhaft formatiert\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr "Ungültiger Landescode in `%s', Zeile %d\n"
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+"Sie sind dabei, eine Signatur mit dem Zertifikat:\n"
+"\"%s\"\n"
+"zu erzeugen. Dies wird eine qualifizierte Signatur erzeugen, \n"
+"die gesetzlich einer handgeschriebenen gleichgestellt ist.\n"
+"\n"
+"%s%sSind Sie wirklich sicher, daß Sie dies möchten?"
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+"Bitte beachten Sie, daß diese Software nicht offiziell zur Erzeugung\n"
+"oder Prüfung von qualifizierten Signaturen zugelassen ist.\n"
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+"Sie sind dabei, eine Signatur mit dem Zertifikat:\n"
+"\"%s\n"
+"zu erzeugen. Bitte beachten Sie, daß dies KEINE qualifizierte\n"
+"Signatur erzeugen wird."
+
+#: sm/sign.c:449
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr ""
+"Hashverfahren %d (%s) wird für Unterzeichner %d nicht unterstützt; %s wird "
+"benutzt\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr "Benutztes Hashverfahren für Unterzeichner %d: %s (%s)\n"
+
+#: sm/sign.c:513
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "Prüfung auf ein qualifiziertes Zertifikats fehlgeschlagen: %s\n"
+
+#: sm/verify.c:449
+msgid "Signature made "
+msgstr "Signatur erzeugt am "
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr "[Datum nicht vorhanden]"
+
+#: sm/verify.c:454
+#, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr " mittels Zertifikat ID 0x%08lX\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+"Ungültige Signatur: Nachricht entspricht nicht dem Prüfwert in der "
+"Nachricht.\n"
+
+#: sm/verify.c:594
+msgid "Good signature from"
+msgstr "Korrekte Signatur von"
+
+#: sm/verify.c:595
+msgid " aka"
+msgstr " alias"
+
+#: sm/verify.c:613
+msgid "This is a qualified signature\n"
+msgstr "Dies ist eine qualifizierte Signatur.\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+msgid "quiet"
+msgstr "Reduzierte Informationen"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr "Druckdaten hexkodiert ausgeben"
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr "Dekodiere empfangene Datenzeilen"
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr "|NAME|Verbinde mit dem Assuan-Socket NAME"
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr "Starten des auf der Kommandozeile angegebenen Assuan-Server"
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr "Den \"extended connect\"-Modus nicht nutzen"
+
+#: tools/gpg-connect-agent.c:80
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|DATEI|Beim Starten Kommandos aus DATEI lesen"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr "Nach dem Starten \"/subst\" ausführen"
+
+#: tools/gpg-connect-agent.c:184
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Aufruf: gpg-connect-agent [Optionen] (-h für Hilfe)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+"Syntax: gpg-connect-agent [Optionen]\n"
+"Mit einem laufenden Agenten verbinden und Befehle senden\n"
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr "Option \"%s\" erfordert ein Programm und evtl. Argumente\n"
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr "Option \"%s\" wird wegen \"%s\" nicht beachtet\n"
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, c-format
+msgid "receiving line failed: %s\n"
+msgstr "Empfangen der Zeile schlug fehl: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+msgid "line too long - skipped\n"
+msgstr "Zeile zu lang - übersprungen\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr "Zeile wegen enthaltenem Nul-Zeichen gekürzt\n"
+
+#: tools/gpg-connect-agent.c:1743
+#, c-format
+msgid "unknown command `%s'\n"
+msgstr "unbekannter Befehl `%s'\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, c-format
+msgid "sending line failed: %s\n"
+msgstr "Senden der Zeile schlug fehl: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, c-format
+msgid "error sending %s command: %s\n"
+msgstr "Fehler beim Senden des %s-Befehls: %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, c-format
+msgid "error sending standard options: %s\n"
+msgstr "Fehler beim Senden der Standardoptionen: %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr "Optionen zur Einstellung der Diagnoseausgaben"
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr "Optionen zur Einstellung der Konfiguration"
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr "Nützliche Optionen zur Fehlersuche"
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr "|DATEI|Schreibe im Servermodus Logs auf DATEI"
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr "Optionen zur Einstellung der Sicherheit"
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr "|N|lasse SSH Schlüssel im Cache nach N Sekunden verfallen"
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr "|N|setze die maximale Lebensdauer von PINs im Cache auf N Sekunden"
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr "|N|setze die maximale Lebenszeit von SSH Schlüsseln auf N Sekunden"
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr "Optionen für eine Passphrase-Policy"
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr "Einhaltung der Passphrase-Policy erzwingen"
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr "|N|setze die kleinste erlaubte Länge von Passphrasen auf N"
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr "|N|Verlange mindestens N Nicht-Buchstaben für eine neue Passphrase"
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr "|DATEI|Prüfe neue Passphrases gegen die Regelen in DATEI"
+
+#: tools/gpgconf-comp.c:557
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|Lasse die Passphrase nach N Tagen verfallen"
+
+#: tools/gpgconf-comp.c:561
+msgid "do not allow the reuse of old passphrases"
+msgstr "Verbiete die Wiedernutzung alter Passphrases."
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NAME|NAME als voreingestellten Schlüssel benutzen"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NAME|Auch an NAME verschlüsseln"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr "|SPEC|Email Alias festlegen"
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr "Konfiguration der Schlüsselserver"
+
+#: tools/gpgconf-comp.c:688
+msgid "|URL|use keyserver at URL"
+msgstr "Benutze Schlüsselserver unter der URL"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr "Erlaube PKA Zugriffe (DNS Anfragen)"
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+"|MECHANISMEN|Benutze MECHANISMEN um Schlüssel über die Mailadresse "
+"aufzufinden."
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr "Jeglichen Zugriff auf den Dirmngr verhindern"
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NAME|Benutze die Kodierung NAME für PKCS#12 Passphrasen"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr "CRL bei Wurzelzertifikaten nicht überprüfen"
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr "Optionen zum Einstellen der Ausgabeformate"
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr "Optionen zur Einstellung der Interaktivität und Geltendmachung"
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr "Konfiguration für HTTP Server"
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr "Benutze die HTTP Proxy Einstellung des Systems"
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr "Konfiguration der zu nutzenden LDAP-Server"
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr "Liste der LDAP Server"
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr "Konfiguration zu OCSP"
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr "Die externe Überprüfung der Komponente %s war nicht erfolgreich"
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr "Beachten Sie, daß Gruppenspezifiaktionen ignoriert werden\n"
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr "Liste aller Komponenten"
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr "Prüfe alle Programme"
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr "|KOMPONENTE|Zeige die Optionen an"
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr "|KOMPONENTE|Ändere die Optionen"
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr "|KOMPONENTE|Prüfe die Optionen"
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr "Wende die gobalen Voreinstellungen an"
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr "Hole die Einstelungsverzeichnisse von gpgconf"
+
+#: tools/gpgconf.c:72
+msgid "list global configuration file"
+msgstr "Zeige die globale Konfigurationsdatei an"
+
+#: tools/gpgconf.c:74
+msgid "check global configuration file"
+msgstr "Prüfe die globale Konfigurationsdatei"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "Als Ausgabedatei benutzen"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr "Aktiviere Änderungen zur Laufzeit; falls möglich"
+
+#: tools/gpgconf.c:105
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Aufruf: gpgconf [Optionen] (-h für Hilfe)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+"Syntax: gpgconf {Optionen]\n"
+"Verwalte Konfigurationsoptionen für Programme des GnuPG Systems\n"
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+msgid "usage: gpgconf [options] "
+msgstr "Aufruf: gpgconf [Optionen] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr "Benötige ein Komponentenargument"
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+msgid "Component not found"
+msgstr "Komponente nicht gefunden"
+
+#: tools/gpgconf.c:284
+msgid "No argument allowed"
+msgstr "Argumente sind nicht erlaubt"
+
+#: tools/symcryptrun.c:154
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@\n"
+"@KBefehle:\n"
+" "
+
+#: tools/symcryptrun.c:156
+msgid "decryption modus"
+msgstr "Entschlüsselungsmodus"
+
+#: tools/symcryptrun.c:157
+msgid "encryption modus"
+msgstr "Verschlüsselungsmodus"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr "Toolklasse (Konfuzius)"
+
+#: tools/symcryptrun.c:162
+msgid "program filename"
+msgstr "Programmdateiname"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr "Dateiname des geheimen Schlüssels (erforderlich)"
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr "Eingabedateiname (Standardeingabe ist voreingestellt)"
+
+#: tools/symcryptrun.c:209
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Aufruf: symcryptrun [Optionen] (-h für Hilfe)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+"Syntax: symcryptrun --class KLASSE --program PROGRAMM --keyfile "
+"SCHLUESSELDATEI [Optionen...] KOMMANDO [Eingabedatei]\n"
+"Aufruf eines einfachen symmetrischen Verschlüsselungstool\n"
+
+#: tools/symcryptrun.c:281
+#, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s auf %s brach mit Status %i ab\n"
+
+#: tools/symcryptrun.c:288
+#, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "%s auf %s schlug mit Status %i fehl\n"
+
+#: tools/symcryptrun.c:314
+#, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "Das temporäre Verzeichnis `%s' kann nicht erstellt werden: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "%s kann nicht zum Schreiben geöffnet werden: %s\n"
+
+#: tools/symcryptrun.c:382
+#, c-format
+msgid "error writing to %s: %s\n"
+msgstr "Fehler beim Schreiben von %s: %s\n"
+
+#: tools/symcryptrun.c:389
+#, c-format
+msgid "error reading from %s: %s\n"
+msgstr "Fehler beim Lesen von %s: %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, c-format
+msgid "error closing %s: %s\n"
+msgstr "Fehler beim Schließen von %s: %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr "Option --program nicht angegeben\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr "nur --decrypt und --encrypt sind vorhanden\n"
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr "keine --keyfile -Option angegeben\n"
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr "Kann \"args-vector\" nicht zuteilen\n"
+
+#: tools/symcryptrun.c:529
+#, c-format
+msgid "could not create pipe: %s\n"
+msgstr "Pipe kann nicht erzeugt werden: %s\n"
+
+#: tools/symcryptrun.c:536
+#, c-format
+msgid "could not create pty: %s\n"
+msgstr "Pty kann nicht erzeugt werden: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr "Kann nicht fork()en: %s\n"
+
+#: tools/symcryptrun.c:580
+#, c-format
+msgid "execv failed: %s\n"
+msgstr "Der execv()-Aufruf ist fehlgeschlagen: %s\n"
+
+#: tools/symcryptrun.c:609
+#, c-format
+msgid "select failed: %s\n"
+msgstr "Der select()-Aufruf ist fehlgeschlagen: %s\n"
+
+#: tools/symcryptrun.c:626
+#, c-format
+msgid "read failed: %s\n"
+msgstr "Lesen schlug fehl: %s\n"
+
+#: tools/symcryptrun.c:678
+#, c-format
+msgid "pty read failed: %s\n"
+msgstr "\"pty read\"-Aufruf ist fehlgeschlagen: %s\n"
+
+#: tools/symcryptrun.c:730
+#, c-format
+msgid "waitpid failed: %s\n"
+msgstr "Der waitpid()-Aufruf ist fehlgeschlagen: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr "Kind brach mit Status %i ab\n"
+
+#: tools/symcryptrun.c:799
+#, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "Kann In-Datei-Zeichenkette keinen Speicher zuteilen: %s\n"
+
+#: tools/symcryptrun.c:812
+#, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "Kann Out-Datei-Zeichenkette keinen Speicher zuteilen: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr "entweder %s oder %s muß angegeben sein\n"
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr "keine Klasse angegeben\n"
+
+#: tools/symcryptrun.c:1022
+#, c-format
+msgid "class %s is not supported\n"
+msgstr "Klasse %s wird nicht unterstützt\n"
+
+#: tools/gpg-check-pattern.c:145
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Aufruf: gpg-check-pattern [Optionen] Musterdatei (-h für Hilfe)\n"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+"Syntax: gpg-check-pattern [optionen] Musterdatei\n"
+"Die von stdin gelesene Passphrase gegen die Musterdatei prüfen\n"
+
+#~ msgid "Command> "
+#~ msgstr "Befehl> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr ""
+#~ "Die \"Trust\"-Datenbank ist beschädigt; verwenden Sie \"gpg --fix-trustdb"
+#~ "\".\n"
+
+#~ msgid "Please report bugs to <"
+#~ msgstr "Fehlerberichte bitte an <"
+
+#~ msgid "Please report bugs to "
+#~ msgstr "Bitte richten Sie Berichte über Bugs (Softwarefehler) an "
+
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "Das DSA-Schlüsselpaar wird %u Bit haben.\n"
+
+#~ msgid "this command has not yet been implemented\n"
+#~ msgstr "Dieser Befehl wurde noch nicht implementiert\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Geben Sie die Passphrase nochmal ein\n"
+
+#~ msgid "||Please enter your PIN at the reader's keypad%%0A[sigs done: %lu]"
+#~ msgstr ""
+#~ "||Bitte die PIN auf der Tastatur des Kartenleser eingeben%%0A[Sigs "
+#~ "erzeugt: %lu]"
+
+#~ msgid "|A|Admin PIN"
+#~ msgstr "|A|Admin-PIN"
+
+#~ msgid "read options from file"
+#~ msgstr "Konfigurationsoptionen aus Datei lesen"
+
+#~ msgid "Used libraries:"
+#~ msgstr "Verwendete Bibliotheken:"
+
+#~ msgid "generate PGP 2.x compatible messages"
+#~ msgstr "PGP 2.x-kompatibele Botschaften erzeugen"
+
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[DATEI]|Erzeuge eine Signatur"
+
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[DATEI]|Erzeuge eine Klartextsignatur"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|NAME|NAME als voreingestellten Empfänger benutzen"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr ""
+#~ "Den Standardschlüssel als voreingestellten\n"
+#~ "Empfänger benutzen"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "v3 Signaturen erzwingen"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "Beim Verschlüsseln ein Siegel (MDC) verwenden"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "Als geheimen Schlüsselbund mitbenutzen"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|NAME|Terminalzeichensatz NAME benutzen"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|DATEI|Erweiterungsmodul DATEI laden"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|Komprimierverfahren N benutzen"
+
+#~ msgid "remove key from the public keyring"
+#~ msgstr "Schlüssel aus dem öffentlichen Schlüsselbund löschen"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Sie müssen selbst entscheiden, welchen Wert Sie hier eintragen; dieser "
+#~ "Wert\n"
+#~ "wird niemals an eine dritte Seite weitergegeben. Wir brauchen diesen "
+#~ "Wert,\n"
+#~ "um das \"Netz des Vertrauens\" aufzubauen. Dieses hat nichts mit dem\n"
+#~ "(implizit erzeugten) \"Netz der Zertifikate\" zu tun."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Um das Web-of-Trust aufzubauen muß GnuPG wissen, welchen Schlüsseln\n"
+#~ "uneingeschränkt vertraut wird. Das sind üblicherweise die Schlüssel\n"
+#~ "auf deren geheimen Schlüssel Sie Zugruff haben.\n"
+#~ "Antworten Sie mit \"yes\" um diesen Schlüssel uneingeschränkt zu "
+#~ "vertrauen\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Wenn Sie diesen nicht vertrauenswürdigen Schlüssel trotzdem benutzen "
+#~ "wollen,\n"
+#~ "so antworten Sie mit \"ja\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr ""
+#~ "Geben Sie die User-ID dessen ein, dem Sie die Botschaft senden wollen."
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the Digital Signature Algorithm and can only be used\n"
+#~ "for signatures.\n"
+#~ "\n"
+#~ "Elgamal is an encrypt-only algorithm.\n"
+#~ "\n"
+#~ "RSA may be used for signatures or encryption.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of signing."
+#~ msgstr ""
+#~ "Wählen Sie das zu verwendene Verfahren.\n"
+#~ "\n"
+#~ "DSA (alias DSS) ist der \"Digital Signature Algorithm\" und kann nur für\n"
+#~ "Signaturen genutzt werden.\n"
+#~ "\n"
+#~ "Elgamal ist ein Verfahren nur für Verschlüsselung.\n"
+#~ "\n"
+#~ "RSA kann sowohl für Signaturen als auch für Verschlüsselung genutzt\n"
+#~ "werden.\n"
+#~ "\n"
+#~ "Der erste Schlüssel (Hauptschlüssel) muß immer ein Schlüssel sein, mit "
+#~ "dem\n"
+#~ "unterschrieben werden kann."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "Normalerweise ist es nicht gut, denselben Schlüssel zum unterschreiben\n"
+#~ "und verschlüsseln zu nutzen. Dieses Verfahren sollte in speziellen\n"
+#~ "Anwendungsgebiten benutzt werden. Bitte lassen Sie sich zuerst von \n"
+#~ "einem Sicherheistexperten beraten."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Wählen Sie die gewünschte Schlüssellänge"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Geben Sie \"ja\" oder \"nein\" ein"
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Geben Sie den benötigten Wert so an, wie er im Prompt erscheint.\n"
+#~ "Es ist zwar möglich ein \"ISO\"-Datum (JJJJ-MM-DD) einzugeben, aber man\n"
+#~ "erhält dann ggfs. keine brauchbaren Fehlermeldungen - stattdessen "
+#~ "versucht\n"
+#~ "der Rechner den Wert als Intervall (von-bis) zu deuten."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Geben Sie den Namen des Schlüsselinhabers ein"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr ""
+#~ "Geben Sie eine Email-Adresse ein. Dies ist zwar nicht unbedingt "
+#~ "notwendig,\n"
+#~ "aber sehr empfehlenswert."
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Geben Sie - bei Bedarf - einen Kommentar ein"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N um den Namen zu ändern.\n"
+#~ "K um den Kommentar zu ändern.\n"
+#~ "E um die Email-Adresse zu ändern.\n"
+#~ "F um mit der Schlüsselerzeugung fortzusetzen.\n"
+#~ "B um die Schlüsselerzeugung abbrechen."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr ""
+#~ "Geben Sie \"ja\" (oder nur \"j\") ein, um den Unterschlüssel zu erzeugen."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Wenn Sie die User-ID eines Schlüssels beglaubigen wollen, sollten Sie "
+#~ "zunächst\n"
+#~ "sicherstellen, daß der Schlüssel demjenigen gehört, der in der User-ID "
+#~ "genannt\n"
+#~ "ist. Für Dritte ist es hilfreich zu wissen, wie gut diese Zuordnung "
+#~ "überprüft\n"
+#~ "wurde.\n"
+#~ "\n"
+#~ "\"0\" zeigt, daß Sie keine bestimmte Aussage über die Sorgfalt der \n"
+#~ " Schlüsselzuordnung machen.\n"
+#~ "\n"
+#~ "\"1\" Sie glauben, daß der Schlüssel der benannten Person gehört,\n"
+#~ " aber Sie konnten oder nahmen die Überpüfung überhaupt nicht vor.\n"
+#~ " Dies ist hilfreich für eine \"persona\"-Überprüfung, wobei man den\n"
+#~ " Schlüssel eines Pseudonym-Trägers beglaubigt\n"
+#~ "\n"
+#~ "\"2\" Sie nahmen eine flüchtige Überprüfung vor. Das heißt Sie haben z."
+#~ "B.\n"
+#~ " den Schlüsselfingerabdruck kontrolliert und die User-ID des "
+#~ "Schlüssels\n"
+#~ " anhand des Fotos geprüft.\n"
+#~ "\n"
+#~ "\"3\" Sie haben eine ausführlich Kontrolle des Schlüssels vorgenommen.\n"
+#~ " Das kann z.B. die Kontrolle des Schlüsselfingerabdrucks mit dem\n"
+#~ " Schlüsselinhaber persönlich vorgenommen haben; daß Sie die User-ID "
+#~ "des\n"
+#~ " Schlüssel anhand einer schwer zu fälschenden Urkunde mit Foto (wie z."
+#~ "B.\n"
+#~ " einem Paß) abgeglichen haben und schließlich per Email-Verkehr die\n"
+#~ " Email-Adresse als zum Schlüsselbesitzer gehörig erkannt haben.\n"
+#~ "\n"
+#~ "Beachten Sie, daß diese Beispiele für die Antworten 2 und 3 *nur* "
+#~ "Beispiele\n"
+#~ "sind. Schlußendlich ist es Ihre Sache, was Sie unter \"flüchtig\" oder\n"
+#~ " \"ausführlich\" verstehen, wenn Sie Schlüssel Dritter beglaubigen.\n"
+#~ "\n"
+#~ "Wenn Sie nicht wissen, wie Sie antworten sollen, wählen Sie \"0\"."
+
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr ""
+#~ "Geben Sie \"ja\" (oder nur \"j\") ein, um alle User-IDs zu beglaubigen"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Geben Sie \"ja\" (oder nur \"j\") ein, um diese User-ID zu LÖSCHEN.\n"
+#~ "Alle Zertifikate werden dann auch weg sein!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr ""
+#~ "Geben Sie \"ja\" (oder nur \"j\") ein, um diesen Unterschlüssel zu löschen"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Dies ist eine gültige Beglaubigung für den Schlüssel. Es ist "
+#~ "normalerweise\n"
+#~ "unnötig sie zu löschen. Sie ist möglicherweise sogar notwendig, um einen\n"
+#~ "Trust-Weg zu diesem oder einem durch diesen Schlüssel beglaubigten "
+#~ "Schlüssel\n"
+#~ "herzustellen."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Diese Beglaubigung kann nicht geprüft werden, da Sie den passenden "
+#~ "Schlüssel\n"
+#~ "nicht besitzen. Sie sollten die Löschung der Beglaubigung verschieben, "
+#~ "bis\n"
+#~ "sie wissen, welcher Schlüssel verwendet wurde. Denn vielleicht würde "
+#~ "genau\n"
+#~ "diese Beglaubigung den \"Trust\"-Weg komplettieren."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr ""
+#~ "Diese Beglaubigung ist ungültig. Es ist sinnvoll sie aus Ihrem\n"
+#~ "Schlüsselbund zu entfernen."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Diese Beglaubigung bindet die User-ID an den Schlüssel. Normalerweise "
+#~ "ist\n"
+#~ "es nicht gut, solche Beglaubigungen zu entfernen. Um ehrlich zu sein:\n"
+#~ "Es könnte dann sein, daß GnuPG diesen Schlüssel gar nicht mehr benutzen "
+#~ "kann.\n"
+#~ "Sie sollten diese Eigenbeglaubigung also nur dann entfernen, wenn sie "
+#~ "aus\n"
+#~ "irgendeinem Grund nicht gültig ist und eine zweite Beglaubigung verfügbar "
+#~ "ist."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Ändern der Voreinstellung aller User-IDs (oder nur der ausgewählten)\n"
+#~ "auf die aktuelle Liste der Voreinstellung. Die Zeitangaben aller "
+#~ "betroffenen\n"
+#~ "Eigenbeglaubigungen werden um eine Sekunde vorgestellt.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "Bitte geben Sie die Passphrase ein. Dies ist ein geheimer Satz \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr ""
+#~ "Um sicher zu gehen, daß Sie sich bei der Eingabe der Passphrase nicht\n"
+#~ "vertippt haben, geben Sie diese bitte nochmal ein. Nur wenn beide "
+#~ "Eingaben\n"
+#~ "übereinstimmen, wird die Passphrase akzeptiert."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr ""
+#~ "Geben Sie den Namen der Datei an, zu dem die abgetrennte Signatur gehört"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Geben Sie \"ja\" ein, wenn Sie die Datei überschreiben möchten"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Geben Sie bitte einen neuen Dateinamen ein. Falls Sie nur die\n"
+#~ "Eingabetaste betätigen, wird der (in Klammern angezeigte) "
+#~ "Standarddateiname\n"
+#~ "verwendet."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Sie sollten einen Grund für die Zertifizierung angeben. Je nach\n"
+#~ "Zusammenhang können Sie aus dieser Liste auswählen:\n"
+#~ " \"Schlüssel wurde kompromitiert\"\n"
+#~ " Falls Sie Grund zu der Annahme haben, daß nicht berechtigte "
+#~ "Personen\n"
+#~ " Zugriff zu Ihrem geheimen Schlüssel hatten\n"
+#~ " \"Schlüssel ist überholt\"\n"
+#~ " Falls Sie diesen Schlüssel durch einem neuen ersetzt haben.\n"
+#~ " \"Schlüssel wird nicht mehr benutzt\"\n"
+#~ " Falls Sie diesen Schlüssel zurückgezogen haben.\n"
+#~ " \"User-ID ist nicht mehr gültig\"\n"
+#~ " Um bekanntzugeben, daß die User-ID nicht mehr benutzt werden soll.\n"
+#~ " So weist man normalerweise auf eine ungültige Emailadresse hin.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Wenn Sie möchten, können Sie hier einen Text eingeben, der darlegt, "
+#~ "warum\n"
+#~ "Sie diesen Widerruf herausgeben. Der Text sollte möglichst knapp sein.\n"
+#~ "Eine Leerzeile beendet die Eingabe.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "Notationen können in einen v3- (PGP 2.x-artigen-) Schlüssel nicht "
+#~ "eingetragen werden\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr ""
+#~ "Notationen können in eine v3 (PGP 2.x-artige) Schlüsselunterschrift nicht "
+#~ "eingetragen werden\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "Eine Policy URL kann in einen v3 (PGP 2.x-artigen) Schlüssel nicht "
+#~ "eingetragen werden\n"
+
+# translated by wk
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "Eine Policy URL kann in einem v3 Schlüssel(PGP 2.x artig) nicht "
+#~ "gespeichert werden\n"
+
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "Die Schlüsselerzeugung ist über die Kommandozeile nicht möglich\n"
+
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr ""
+#~ "Bitte verwenden Sie das Skript \"%s\" zur Erzeugung eines neuen "
+#~ "Schlüssels.\n"
+
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr ""
+#~ "Verschlüsselungserweiterung `%s' wurde wegen unsicherer Zugriffsrechte "
+#~ "nicht geladen\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA benötigt einen 160-bit Hash Algorithmus\n"
diff --git a/po/el.gmo b/po/el.gmo
new file mode 100644
index 0000000..465fe64
--- /dev/null
+++ b/po/el.gmo
Binary files differ
diff --git a/po/el.po b/po/el.po
new file mode 100644
index 0000000..321c157
--- /dev/null
+++ b/po/el.po
@@ -0,0 +1,10024 @@
+# Greek Translation of GnuPG.
+# Copyright (C) 2002 Free Software Foundation, Inc.
+# Dokianakis Theofanis <madf@hellug.gr>, 2002.
+# !-- psbl.surriel.com rejected (2011-01-11)
+# Designated-Translator: none
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg-1.1.92\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2003-06-27 12:00+0200\n"
+"Last-Translator: Dokianakis Theofanis <madf@hellug.gr>\n"
+"Language-Team: Greek <nls@tux.hellug.gr>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-7\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "áðïôõ÷ßá áñ÷éêïðïßçóçò ôçò TrustDB: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr ""
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "ÐëçêôñïëïãÞóôå ôç öñÜóç êëåéäß· áõôÞ åßíáé ìéá ìõóôéêÞ ðñüôáóç \n"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "ç ãñáììÞ åßíáé ðïëý ìåãÜëç\n"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "ç öñÜóç êëåéäß åßíáé ðïëý ìåãÜëç\n"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Ìç Ýãêõñïò ÷áñáêôÞñáò óôï üíïìá\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "êáêü MPI"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "êáêÞ öñÜóç êëåéäß"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "êáêÞ öñÜóç êëåéäß"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "äåí õðïóôçñßæåôáé ï áëãüñéèìïò ðñïóôáóßáò %d%s\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò ôïõ `%s': %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "áäõíáìßá ðñüóâáóçò óôï `%s': %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "áäõíáìßá åããñáöÞò ìõóôéêÞò êëåéäïèÞêçò `%s': %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "äå âñÝèçêå åããñÜøéìç ìõóôéêÞ êëåéäïèÞêç: %s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "äéáãñáöÞ block êëåéäéþí áðÝôõ÷å: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "áäõíáìßá åããñáöÞò ôçò êëåéäïèÞêçò `%s': %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "ÐëçêôñïëïãÞóôå ôç öñÜóç êëåéäß· áõôÞ åßíáé ìéá ìõóôéêÞ ðñüôáóç \n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "áëëáãÞ ôçò öñÜóçò êëåéäß"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr "ÐëçêôñïëïãÞóôå ôç öñÜóç êëåéäß· áõôÞ åßíáé ìéá ìõóôéêÞ ðñüôáóç \n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: áäõíáìßá äçìéïõñãßáò hashtable: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr ""
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "ÅðáíáëÜâåôå ôç öñÜóç êëåéäß: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "ÅðáíáëÜâåôå ôç öñÜóç êëåéäß: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "ÅðáíáëÜâåôå ôç öñÜóç êëåéäß: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "ç öñÜóç êëåéäß äåí åðáíáëÞöèçêå óùóôÜ. ÄïêéìÜóôå îáíÜ"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "ç öñÜóç êëåéäß äåí åðáíáëÞöèçêå óùóôÜ. ÄïêéìÜóôå îáíÜ"
+
+#: agent/divert-scd.c:298
+#, fuzzy
+msgid "PIN not correctly repeated; try again"
+msgstr "ç öñÜóç êëåéäß äåí åðáíáëÞöèçêå óùóôÜ. ÄïêéìÜóôå îáíÜ"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr ""
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "åããñáöÞ óôï `%s'\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "ÐëçêôñïëïãÞóôå ôç öñÜóç êëåéäß\n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "×ñÞóç ïðùóäÞðïôå áõôïý ôïõ êëåéäéïý; "
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"×ñåéÜæåóôå ìéá ÖñÜóç êëåéäß ãéá íá ðñïóôáôåýóåôå ôï ìõóôéêü êëåéäß.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "áëëáãÞ ôçò öñÜóçò êëåéäß"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"ÅðéëïãÝò:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "áíáëõôéêÜ"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "Þóõ÷ç Ýîïäïò"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "|ÁÑ×ÅÉÏ|öüñôùìá ôïõ áñèñþìáôïò åðÝêôáóçò ÁÑ×ÅÉÏ"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "áíáæÞôçóç êëåéäéþí óå Ýíá äéáêïìéóôÞ êëåéäéþí"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr ""
+"Óßãïõñá èÝëåôå íá áíáíåùèïýí ïé ðñïåðéëïãÝò ãéá ôï åðéëåãìÝíï user ID; "
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "áíáíÝùóç ôçò âÜóçò äåäïìÝíùí åìðéóôïóýíçò"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "ÁíáöÝñåôå ôá ðñïâëÞìáôá óôï <gnupg-bugs@gnu.org>\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "×ñÞóç: gpg [åðéëïãÝò] [áñ÷åßá] (-h ãéá âïÞèåéá)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "ÓÇÌÅÉÙÓÇ: ìç ðñïêáèïñéóìÝíï áñ÷åßï åðéëïãþí `%s'\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "áñ÷åßï åðéëïãþí `%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "áíÜãíùóç åðéëïãþí áðü `%s'\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "óöÜëìá êáôÜ ôç äçìéïõñãßá ôïõ `%s': %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò êáôáëüãïõ `%s': %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò ôïõ %s: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1525
+#, fuzzy
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "ï gpg-agent äåí åßíáé äéáèÝóéìïò óå áõôÞ ôç óõíåäñßá\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "óöÜëìá óôç áðïóôïëÞ ðñïò ôï `%s': %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "ç åíçìÝñùóç áðÝôõ÷å: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, fuzzy, c-format
+msgid "directory `%s' created\n"
+msgstr "%s: êáôÜëïãïò äçìéïõñãÞèçêå\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "trustdb: read áðÝôõ÷å (n=%d): %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "%s: áäõíáìßá äçìéïõñãßáò êáôáëüãïõ: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ `%s': %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "ç åíçìÝñùóç ìõóôéêïý áðÝôõ÷å: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "%s: ðáñáëåßöèçêå: %s\n"
+
+#: agent/gpg-agent.c:2232
+#, fuzzy
+msgid "no gpg-agent running in this session\n"
+msgstr "ï gpg-agent äåí åßíáé äéáèÝóéìïò óå áõôÞ ôç óõíåäñßá\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "êáêïäéáôõðïìÝíç ìåôáâëçôÞ ðåñéâÜëëïíôïò GPG_AGENT_INFO\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "äåí õðïóôçñßæåôáé ç Ýêäïóç ðñùôïêüëëïõ %d ôïõ gpg-agent\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "×ñÞóç: gpg [åðéëïãÝò] [áñ÷åßá] (-h ãéá âïÞèåéá)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@ÅíôïëÝò:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"ÅðéëïãÝò:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "×ñÞóç: gpg [åðéëïãÝò] [áñ÷åßá] (-h ãéá âïÞèåéá)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "ÐëçêôñïëïãÞóôå ôç öñÜóç êëåéäß· áõôÞ åßíáé ìéá ìõóôéêÞ ðñüôáóç \n"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "ÐëçêôñïëïãÞóôå ôç öñÜóç êëåéäß· áõôÞ åßíáé ìéá ìõóôéêÞ ðñüôáóç \n"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr "ÐëçêôñïëïãÞóôå ôç öñÜóç êëåéäß· áõôÞ åßíáé ìéá ìõóôéêÞ ðñüôáóç \n"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "êáêÞ öñÜóç êëåéäß"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "Áêýñùóç"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ `%s': %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "ôï êëåéäß '%s' äå âñÝèçêå: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "ôìÞìáôá ôïõ ìõóôéêïý êëåéäéïý äåí åßíáé äéáèÝóéìá\n"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "óöÜëìá áíÜãíùóçò: %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ `%s': %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "íáé|íáß"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "áëëáãÞ ôçò öñÜóçò êëåéäß"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "áäõíáìßá ðñüóâáóçò ôïõ áñ÷åßïõ: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ `%s': %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "áäõíáìßá åããñáöÞò ìõóôéêÞò êëåéäïèÞêçò `%s': %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ `%s': %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ `%s': %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "óöÜëìá êáôÜ ôç äçìéïõñãßá ôïõ `%s': %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "[User id äåí âñÝèçêå]"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "ï gpg-agent äåí åßíáé äéáèÝóéìïò óå áõôÞ ôç óõíåäñßá\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "áäõíáìßá óýíäåóçò óôï `%s': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "ðñüâëçìá åðéêïéíùíßáò ìå ôï gpg-agent\n"
+
+#: common/simple-pwquery.c:416
+#, fuzzy
+msgid "problem setting the gpg-agent options\n"
+msgstr "ðñüâëçìá ìå ôïí agent: agent åðéóôñÝöåé 0x%lx\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "áêõñþèçêå áðü ôï ÷ñÞóôç\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+#, fuzzy
+msgid "problem with the agent\n"
+msgstr "ðñüâëçìá ìå ôïí agent: agent åðéóôñÝöåé 0x%lx\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "áäõíáìßá áðåíåñãïðïßçóçò ôùí core dump: %s\n"
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìç áóöáëÞò éäéïêôçóßá óôï %s \"%s\"\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìç áóöáëåßò Üäåéåò óôï %s \"%s\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "íáé|íáß"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "yY"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "ü÷é|ï÷é"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "ôåñìáôéóìüò"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "qQ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+#, fuzzy
+msgid "cC"
+msgstr "c"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "Êëåéäß äéáèÝóéìï óôï: "
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: êëåéäïèÞêç äçìéïõñãÞèçêå\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "èùñÜêéóç: %s\n"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Õðïóôçñéæüìåíïé áëãüñéèìïé:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "ìç êñõðôïãñáöçìÝíï"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "ìç Ýãêõñïò áëãüñéèìïò hash `%s'\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "ÕðïãñáöÞ Ýëçîå óôéò %s.\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "ìç Ýãêõñïò áëãüñéèìïò hash `%s'\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "äåí õðïóôçñßæåôáé ï áëãüñéèìïò ðñïóôáóßáò %d%s\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "êáôáóôïëÞ áíÜêëçóçò õðïãñáöÞò\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "ÕðïãñáöÞ Ýëçîå óôéò %s.\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "ÊáëÞ õðïãñáöÞ áðü \""
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "ìç Ýãêõñïò áëãüñéèìïò hash `%s'\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "ÕðïãñáöÞ Ýëçîå óôéò %s.\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "Áõôü ôï êëåéäß Ý÷åé ëÞîåé!"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Êëåéäß äéáèÝóéìï óôï: "
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "Üãíùóôç Ýêäïóç"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "Äåí õðÜñ÷åé äéáèÝóéìç âïÞèåéá ãéá `%s'"
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "óöÜëìá óôç ãñáììÞ trailer\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "Üãíùóôï"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "èùñÜêéóç: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "ìç Ýãêõñç åðéêåöáëßäá èùñÜêéóçò: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "åðéêåöáëßäá èùñÜêéóçò: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "ìç Ýãêõñç åðéêåöáëßäá clearsig\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "åðéêåöáëßäá èùñÜêéóçò: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "öùëéáóìÝíåò ìç êñõðôïãñáöçìÝíåò õðïãñáöÝò\n"
+
+#: g10/armor.c:643
+#, fuzzy
+msgid "unexpected armor: "
+msgstr "ìç áíáìåíüìåíç èùñÜêéóç:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "ìç Ýãêõñç dash escaped ãñáììÞ: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, fuzzy, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "ìç Ýãêõñïò radix64 ÷áñáêôÞñáò %02x ðáñÜâëåøç\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "ðñüùñï ôÝëïò áñ÷åßïõ (áðïõóßá CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "ðñüùñï ôÝëïò áñ÷åßïõ (åíôüò CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "ëÜèïò ìïñöÞ CRC\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, fuzzy, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "óöÜëìá CRC: %06lx - %06lx\n"
+
+#: g10/armor.c:919
+#, fuzzy
+msgid "premature eof (in trailer)\n"
+msgstr "ðñüùñï ôÝëïò áñ÷åßïõ (óôï Ôrailer)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "óöÜëìá óôç ãñáììÞ trailer\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "äå âñÝèçêáí Ýãêõñá OpenPGP äåäïìÝíá.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "ìç Ýãêõñç èùñÜêéóç: ç ãñáììÞ åßíáé ðÜíù áðü %d ÷áñáêôÞñåò\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"åêôõðþóéìïò, óå åéóáãùãéêÜ, ÷áñáêôÞñáò óôç èùñÜêéóç - ßóùò Ýãéíå ÷ñÞóç "
+"ðñïâëçìáôéêïý MTA\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"Ýíá üíïìá óçìåßùóçò ìðïñåß íá ðåñéÝ÷åé ìüíï åêôõðþóéìïõò ÷áñáêôÞñåò êáé êåíÜ "
+"êáé íá ëÞãåé ìå Ýíá '='\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "ôï üíïìá óçìåßùóçò ÷ñÞóôç ðñÝðåé íá ðåñéÝ÷åé ôï '@' ÷áñáêôÞñá\n"
+
+#: g10/build-packet.c:994
+#, fuzzy
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "ôï üíïìá óçìåßùóçò ÷ñÞóôç ðñÝðåé íá ðåñéÝ÷åé ôï '@' ÷áñáêôÞñá\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "ç ôéìÞ óçìåßùóçò ðñÝðåé íá ìç ÷ñçóéìïðïéåß ÷áñáêôÞñåò control\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: âñÝèçêáí ìç Ýãêõñá äåäïìÝíá óçìåßùóçò\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "ìç áíáãíþóéìï"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, fuzzy, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "ôï ìõóôéêü êëåéäß äåí åßíáé äéáèÝóéìï"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr ""
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+#, fuzzy
+msgid "can't do this in batch mode\n"
+msgstr "äåí ìðïñåß íá ãßíåé áõôü óå êáôÜóôáóç äÝóìçò (batchmode)\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "ÁõôÞ ç åíôïëÞ áðáãïñåýåôå óå áõôÞ ôçí êáôÜóôáóç %s.\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "ôìÞìáôá ôïõ ìõóôéêïý êëåéäéïý äåí åßíáé äéáèÝóéìá\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Ç åðéëïãÞ óáò; "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr ""
+
+#: g10/card-util.c:512
+#, fuzzy
+msgid "male"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "female"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "unspecified"
+msgstr "Äåí Ý÷åé ïñéóôåß áéôßá"
+
+#: g10/card-util.c:540
+#, fuzzy
+msgid "not forced"
+msgstr "ìç åðåîåñãáóìÝíï"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr ""
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr ""
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr ""
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr ""
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:693
+#, fuzzy
+msgid "URL to retrieve public key: "
+msgstr "êáíÝíá áíôßóôé÷ï äçìüóéï êëåéäß: %s\n"
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò ôçò êëåéäïèÞêçò `%s': %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ `%s': %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "áäõíáìßá åããñáöÞò ôçò êëåéäïèÞêçò `%s': %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr ""
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:1005
+#, fuzzy
+msgid "Language preferences: "
+msgstr "áíáùåùìÝíåò åðéëïãÝò"
+
+#: g10/card-util.c:1013
+#, fuzzy
+msgid "Error: invalid length of preference string.\n"
+msgstr "ìç Ýãêõñïò ÷áñáêôÞñáò óôï \"êïñäüíé\" ôçò åðéëïãÞò\n"
+
+#: g10/card-util.c:1022
+#, fuzzy
+msgid "Error: invalid characters in preference string.\n"
+msgstr "ìç Ýãêõñïò ÷áñáêôÞñáò óôï \"êïñäüíé\" ôçò åðéëïãÞò\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr ""
+
+#: g10/card-util.c:1058
+#, fuzzy
+msgid "Error: invalid response.\n"
+msgstr "óöÜëìá: ìç Ýãêõñï áðïôýðùìá\n"
+
+#: g10/card-util.c:1080
+#, fuzzy
+msgid "CA fingerprint: "
+msgstr "áðåéêüíéóç ôïõ fingerprint"
+
+#: g10/card-util.c:1103
+#, fuzzy
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "óöÜëìá: ìç Ýãêõñï áðïôýðùìá\n"
+
+#: g10/card-util.c:1153
+#, fuzzy, c-format
+msgid "key operation not possible: %s\n"
+msgstr "Ç äçìéïõñãßá êëåéäéïý áðÝôõ÷å: %s\n"
+
+#: g10/card-util.c:1154
+#, fuzzy
+msgid "not an OpenPGP card"
+msgstr "äå âñÝèçêáí Ýãêõñá OpenPGP äåäïìÝíá.\n"
+
+#: g10/card-util.c:1167
+#, fuzzy, c-format
+msgid "error getting current key info: %s\n"
+msgstr "áäõíáìßá åããñáöÞò ìõóôéêÞò êëåéäïèÞêçò `%s': %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Ôé ìÝãåèïò êëåéäéïý èá èÝëáôå; (1024) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Ôé ìÝãåèïò êëåéäéïý èá èÝëáôå; (1024) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Ôé ìÝãåèïò êëåéäéïý èá èÝëáôå; (1024) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "óôñïããõëïðïéÞèçêå Ýùò ôá %u bits\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "óöÜëìá óôç áðïóôïëÞ ðñïò ôï `%s': %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "ðáñáëåßöèçêå: ìõóôéêü êëåéäß Þäç ðáñþí\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+
+#: g10/card-util.c:1449
+#, fuzzy
+msgid "Please select the type of key to generate:\n"
+msgstr "Ðáñáêáëþ åðéëÝîôå ôïí ôýðï ôïõ êëåéäéïý ðïõ èÝëåôå:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+#, fuzzy
+msgid " (1) Signature key\n"
+msgstr "ÕðïãñáöÞ Ýëçîå óôéò %s.\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+#, fuzzy
+msgid " (2) Encryption key\n"
+msgstr " (%d) RSA (ãéá êñõðôïãñÜöçóç ìüíï)\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr ""
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Ìç Ýãêõñç åðéëïãÞ.\n"
+
+#: g10/card-util.c:1556
+#, fuzzy
+msgid "Please select where to store the key:\n"
+msgstr "Ðáñáêáëþ åðéëÝîôå ôçí áéôßá ãéá ôçí áíÜêëçóç:\n"
+
+#: g10/card-util.c:1600
+#, fuzzy
+msgid "unknown key protection algorithm\n"
+msgstr "Üãíùóôïò áëãüñéèìïò ðñïóôáóßáò\n"
+
+#: g10/card-util.c:1605
+#, fuzzy
+msgid "secret parts of key are not available\n"
+msgstr "ÌõóôéêÜ ôìÞìáôá ôïõ êýñéïõ êëåéäéïý äåí åßíáé äéáèÝóéìá.\n"
+
+#: g10/card-util.c:1610
+#, fuzzy
+msgid "secret key already stored on a card\n"
+msgstr "ðáñáëåßöèçêå: ìõóôéêü êëåéäß Þäç ðáñþí\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "áäõíáìßá åããñáöÞò ôçò êëåéäïèÞêçò `%s': %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "ôåñìáôéóìüò áõôïý ôïõ ìåíïý"
+
+#: g10/card-util.c:1684
+#, fuzzy
+msgid "show admin commands"
+msgstr "óõãêñïõüìåíåò åíôïëÝò\n"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "áðåéêüíéóç áõôÞò ôçò âïÞèåéáò"
+
+#: g10/card-util.c:1687
+#, fuzzy
+msgid "list all available data"
+msgstr "Êëåéäß äéáèÝóéìï óôï: "
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr ""
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr ""
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr ""
+
+#: g10/card-util.c:1693
+#, fuzzy
+msgid "change the login name"
+msgstr "áëëáãÞ ôçò çìåñïìçíßáò ëÞîçò"
+
+#: g10/card-util.c:1694
+#, fuzzy
+msgid "change the language preferences"
+msgstr "áëëáãÞ ôçò åìðéóôïóýíçò éäéïêôÞôç"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr ""
+
+#: g10/card-util.c:1696
+#, fuzzy
+msgid "change a CA fingerprint"
+msgstr "áðåéêüíéóç ôïõ fingerprint"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+#, fuzzy
+msgid "generate new keys"
+msgstr "äçìéïõñãßá åíüò íÝïõ æåýãïõò êëåéäéþí"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr ""
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+#, fuzzy
+msgid "Admin-only command\n"
+msgstr "óõãêñïõüìåíåò åíôïëÝò\n"
+
+#: g10/card-util.c:1895
+#, fuzzy
+msgid "Admin commands are allowed\n"
+msgstr "óõãêñïõüìåíåò åíôïëÝò\n"
+
+#: g10/card-util.c:1897
+#, fuzzy
+msgid "Admin commands are not allowed\n"
+msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Ìç Ýãêõñç åíôïëÞ (äïêéìÜóôå \"help\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output äåí ëåéôïõñãåß ãéá áõôÞ ôçí åíôïëÞ\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "áäõíáìßá ðñüóâáóçò ôïõ `%s'\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, fuzzy, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "ôï êëåéäß '%s' äå âñÝèçêå: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ ìðëïê êëåéäéþí: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(åêôüò åÜí ðñïóäéïñßóåôå Ýíá êëåéäß áðü áðïôýðùìá)\n"
+
+#: g10/delkey.c:133
+#, fuzzy
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "äåí ìðïñåß íá ãßíåé áõôü óå êáôÜóôáóç äÝóìçò ÷ùñßò ôï \"--yes\"\n"
+
+#: g10/delkey.c:145
+#, fuzzy
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "ÄéáãñáöÞ áõôïý ôïõ êëåéäéïý áðü ôç êëåéäïèÞêç; "
+
+#: g10/delkey.c:153
+#, fuzzy
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Áõôü åßíáé Ýíá ìõóôéêü êëåéäß! - Óßãïõñá íá äéáãñáöåß; "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "äéáãñáöÞ block êëåéäéþí áðÝôõ÷å: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "êáèáñéóìüò ðëçñïöïñéþí åìðéóôïóýíçò-éäéïêôÞôç\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "õðÜñ÷åé Ýíá ìõóôéêü êëåéäß ãéá ôï äçìüóéï êëåéäß \"%s\"!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr ""
+"÷ñçóéìïðïéåßóôå ðñþôá ôçí åðéëïãÞ \"--delete-secret-key\" ãéá äéáãñáöÞ ôïõ.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "áäõíáìßá ÷ñÞóçò åíüò óõììåôñéêïý ðáêÝôïõ ESK ëüãù ôçò êáôÜóôáóçò S2K\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "÷ñÞóç ôïõ êñõðôáëãüñéèìïõ: %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "`%s' Þäç óõìðéÝóôçêå\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: `%s' åßíáé Ýíá Üäåéï áñ÷åßï\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"êñõðôïãñÜöçóç ìå êëåéäßá RSA áðü 2048 bit Þ ðéï ëßãï ìüíï óå êáôÜóôáóç --"
+"pgp2\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "áíÜãíùóç áðü `%s'\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"áäõíáìßá ÷ñÞóçò ôïõ êñõðôáëãüñéèìïõ IDEA ãéá üëá ôá êëåéäßá ìå ôá "
+"ïðïßáêñõðôïãñáöåßôå.\n"
+
+#: g10/encode.c:559
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"ï åîáíáãêáóìüò óõììåôñéêïý áëãüñéèìïõ %s (%d) ðáñáâéÜæåé ôéò\n"
+"åðéëïãÝò ôïõ ðáñáëÞðôç\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"ï åîáíáãêáóìüò ÷ñÞóçò ôïõ áëãïñßèìïõ óõìðßåóçò %s (%d) ðáñáâéÜæåé ôéò\n"
+"åðéëïãÝò ôïõ ðáñáëÞðôç\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"ï åîáíáãêáóìüò óõììåôñéêïý áëãüñéèìïõ %s (%d) ðáñáâéÜæåé ôéò\n"
+"åðéëïãÝò ôïõ ðáñáëÞðôç\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "áðáãïñåýåôå ç ÷ñÞóç ôïõ %s óôçí êáôÜóôáóç %s.\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s êñõðôïãñáöÞèçêå ãéá: \"%s\"\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s êñõðôïãñáöçìÝíá äåäïìÝíá\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "êñõðôïãñáöçìÝíï ìå Üãíùóôï áëãüñéèìï %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ôï ìÞíõìá êñõðôïãñáöÞèçêå ìå áäýíáìï êëåéäß óôï\n"
+"óõììåôñéêü êñõðôáëãüñéèìï.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "ðñüâëçìá óôï ÷åéñéóìü êñõðôïãñáöçìÝíïõ ðáêÝôïõ\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "äåí õðïóôçñßæåôå ç áðïìáêñõóìÝíç åêôÝëåóç ðñïãñÜììáôïò\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"ïé êëÞóåéò åîùôåñéêþí ðñïãñáììÜôùí áðåíåñãïðïéÞèçêáí ëüãù áíáóöáëþí áäåéþí\n"
+"áñ÷åßïõ\n"
+
+#: g10/exec.c:338
+#, fuzzy
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"áõôÞ ç ðëáôöüñìá áðáéôåß ðñïóùñ. áñ÷åßá óôçí êëÞóç åîùôåñéêþí ðñïãñáììÜôùí\n"
+
+#: g10/exec.c:416
+#, fuzzy, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "áäõíáìßá åêôÝëåóçò ôïõ %s \"%s\": %s\n"
+
+#: g10/exec.c:419
+#, fuzzy, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "áäõíáìßá åêôÝëåóçò ôïõ %s \"%s\": %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "óöÜëìá óõóôÞìáôïò êáôÜ ôçí êëÞóç åîùôåñéêïý ðñïãñÜììáôïò: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "áöýóéêç Ýîïäïò ôïõ åîùôåñéêïý ðñïãñÜììáôïò\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "áäõíáìßá åêôÝëåóçò ôïõ åîùôåñéêïý ðñïãñÜììáôïò\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "áäõíáìßá áíÜãíùóçò ôçò áðÜíôçóçò ôïõ åîùôåñéêïý ðñïãñÜììáôïò: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: áäõíáìßá äéáãñáöÞò tempfile (%s) `%s': %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: áäõíáìßá äéáãñáöÞò ðñïóùñéíïý öáêÝëïõ `%s': %s\n"
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr ""
+"\n"
+"Ç õðïãñáöÞ èá óçìåéùèåß óáí ìç-áíáêáëÝóéìç.\n"
+"\n"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+#, fuzzy
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "äå âñÝèçêáí êëåéäéÜ áíÜêëçóçò ãéá ôï `%s'\n"
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr "áíÜêëçóç åíüò äåõôåñåýïíôïò êëåéäéïý"
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "ìç ÷ñçóéìïðïéÞóéìï ìõóôéêü êëåéäß"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+#, fuzzy
+msgid "exporting secret keys not allowed\n"
+msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
+
+#: g10/export.c:367
+#, fuzzy, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "êëåéäß %08lX: äåí åßíáé ðñïóôáôåõìÝíï - ðáñáëåßöèçêå\n"
+
+#: g10/export.c:375
+#, fuzzy, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "êëåéäß %08lX: êëåéäß ôýðïõ PGP 2.x - ðáñáëåßöèçêå\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr ""
+"êëåéäß %08lX: ç õðïãñáöÞ ôïõ õðïêëåéäéïý óå ëÜèïò óçìåßï - ðáñáëåßöèçêå\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "áðïôõ÷ßá áñ÷éêïðïßçóçò ôçò TrustDB: %s\n"
+
+#: g10/export.c:584
+#, fuzzy, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ôï ìõóôéêü êëåéäß %08lX äåí Ý÷åé áðëü SK checksum\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: äåí Ýãéíå êáììßá åîáãùãÞ\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "ðÜñá ðïëëÝò êáôá÷ùñÞóåéò óôç pk cache - áðåíåñãïðïéÞèçêå\n"
+
+#: g10/getkey.c:175
+#, fuzzy
+msgid "[User ID not found]"
+msgstr "[User id äåí âñÝèçêå]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "óöÜëìá êáôÜ ôç äçìéïõñãßá ôïõ `%s': %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "áðåéêüíéóç ôïõ fingerprint"
+
+#: g10/getkey.c:1930
+#, fuzzy, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"Ìç Ýãêõñï êëåéäß %08lX Ýãéíå Ýãêõñï áðü ôï --allow-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, fuzzy, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "êáíÝíá ìõóôéêü õðïêëåéäß ãéá ôï äçìüóéï õðïêëåéäß %08lX - áãíüçóç\n"
+
+#: g10/getkey.c:2759
+#, fuzzy, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "÷ñÞóç ôïõ äåõôåñåýïíôïò êëåéäéïý %08lX áíôß ôïõ ðñùôåýïíôïò %08lX\n"
+
+#: g10/getkey.c:2806
+#, fuzzy, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "êëåéäß %08lX: ìõóôéêü êëåéäß ÷ùñßò äçìüóéï - ðáñáëåßöèçêå\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "äçìéïõñãßá ìéáò ìç ðñïóáñôçìÝíçò õðïãñáöÞò"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[áñ÷åßï]|äçìéïõñãßá ìéáò ìç êñõðôïãñáöçìÝíçò õðïãñáöÞò"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "äçìéïõñãßá ìéáò ìç ðñïóáñôçìÝíçò õðïãñáöÞò"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "êñõðôïãñÜöçóç äåäïìÝíùí"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "êñõðôïãñÜöçóç ìå ÷ñÞóç ìüíï óõììåôñéêþí áëãïñßèìùí"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "áðïêñõðôïãñÜöçóç äåäïìÝíùí (ðñïêáèïñéóìÝíï)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "åðáëÞèåõóç ìéáò õðïãñáöÞò"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "áðåéêüíéóç ôçò ëßóôáò êëåéäéþí"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "áðåéêüíéóç ôçò ëßóôáò êëåéäéþí êáé õðïãñáöþí"
+
+#: g10/gpg.c:389
+#, fuzzy
+msgid "list and check key signatures"
+msgstr "Ýëåã÷ïò õðïãñáöÞò êëåéäéïý"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "áðåéêüíéóç ôçò ëßóôáò êëåéäéþí êáé áðïôõðùìÜôùí (fingerprints)"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "áðåéêüíéóç ôçò ëßóôáò ìõóôéêþí êëåéäéþí"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "äçìéïõñãßá åíüò íÝïõ æåýãïõò êëåéäéþí"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "äçìéïõñãßá åíüò ðéóôïðïéçôéêïý áíÜêëçóçò"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "áöáßñåóç ôùí êëåéäéþí áðü ôç äçìüóéá êëåéäïèÞêç"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "áöáßñåóç ôùí êëåéäéþí áðü ôç ìõóôéêÞ êëåéäïèÞêç"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "õðïãñáöÞ åíüò êëåéäéïý"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "õðïãñáöÞ åíüò êëåéäéïý ôïðéêÜ"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "õðïãñáöÞ Þ åðåîåñãáóßá åíüò êëåéäéïý"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "áëëáãÞ ôçò öñÜóçò êëåéäß"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "åîáãùãÞ êëåéäéþí"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "åîáãùãÞ êëåéäéþí óå Ýíá äéáêïìéóôÞ êëåéäéþí"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "åéóáãùãÞ êëåéäéþí áðü Ýíá äéáêïìéóôÞ êëåéäéþí"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "áíáæÞôçóç êëåéäéþí óå Ýíá äéáêïìéóôÞ êëåéäéþí"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "áíáíÝùóç üëùí ôùí êëåéäéþí áðü Ýíá äéáêïìéóôÞ êëåéäéþí"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "åéóáãùãÞ/óõã÷þíåõóç êëåéäéþí"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr ""
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr ""
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr ""
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "áíáíÝùóç ôçò âÜóçò äåäïìÝíùí åìðéóôïóýíçò"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|áëãüñ [áñ÷åßá]| áðåéêüíéóç ðåñéëÞøåùí ôùí ìçíõìÜôùí"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "äçìéïõñãßá ascii èùñáêéóìÝíçò åîüäïõ"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|ÏÍÏÌÁ|êñõðôïãñÜöçóç ãéá ÏÍÏÌÁ"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "÷ñÞóç áõôÞò ôçò ôáõôüôçôáò (user id) ãéá õðïãñáöÞ Þ áðïêñõðôïãñÜöçóç"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|êáèïñéóìüò åðéðÝäïõ óõìðßåóçò N (0 áðåíåñãïðïéåß)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "÷ñÞóç êáíïíéêÞò êáôÜóôáóçò êåéìÝíïõ"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "|ÁÑ×ÅÉÏ|öüñôùìá ôïõ áñèñþìáôïò åðÝêôáóçò ÁÑ×ÅÉÏ"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "íá ìç ãßíåé êáììßá áëëáãÞ"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "åñþôçóç ðñéí ôçí åðéêÜëõøç"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr ""
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(äåßôå ôç óåëßäá man ãéá ìéá ðëÞñç ëßóôá åíôïëþí êáé åðéëïãþí)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Ðáñáäåßãìáôá:\n"
+"\n"
+" -se -r Bob [áñ÷åßï] õðïãñáöÞ êáé êñõðôïãñÜöçóç ãéá ôï Bob\n"
+" --clearsign [áñ÷åßï] äçìéïõñãßá ìç êñõðôïãñáöçìÝíçò õðïãñáöÞò\n"
+" --detach-sign [áñ÷åßï] äçìéïõñãßá áðïêïììÝíçò õðïãñáöÞò\n"
+" --list-keys [ïíüìáôá] áðåéêüíéóç êëåéäéþí\n"
+" --fingerprint [ïíüìáôá] áðåéêüíéóç áðïôõðùìÜôùí (fingerprints)\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "×ñÞóç: gpg [åðéëïãÝò] [áñ÷åßá] (-h ãéá âïÞèåéá)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Óýíôáîç: gpg [åðéëïãÝò] [áñ÷åßá]\n"
+"õðïãñáöÞ, Ýëåã÷ïò, êñõðôïãñÜöçóç Þ áðïêñõðôïãñÜöçóç\n"
+"ç ðñïêáèïñéóìÝíç ëåéôïõñãßá åîáñôÜôáé áðü ôá äåäïìÝíá åéóüäïõ\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Õðïóôçñéæüìåíïé áëãüñéèìïé:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "ÄçìïóÊëåéäß:"
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Êñõðôáëãüñéèìïò: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Hash: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Óõìðßåóç: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "÷ñÞóç: gpg [åðéëïãÝò] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "óõãêñïõüìåíåò åíôïëÝò\n"
+
+#: g10/gpg.c:1176
+#, fuzzy, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "äåí âñÝèçêå ôï óýìâïëï = óôïí ïñéóìü ôçò ïìÜäáò \"%s\"\n"
+
+#: g10/gpg.c:1373
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìç áóöáëÞò éäéïêôçóßá óôï %s \"%s\"\n"
+
+#: g10/gpg.c:1376
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìç áóöáëÞò éäéïêôçóßá óôï %s \"%s\"\n"
+
+#: g10/gpg.c:1379
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìç áóöáëÞò éäéïêôçóßá óôï %s \"%s\"\n"
+
+#: g10/gpg.c:1385
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìç áóöáëåßò Üäåéåò óôï %s \"%s\"\n"
+
+#: g10/gpg.c:1388
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìç áóöáëåßò Üäåéåò óôï %s \"%s\"\n"
+
+#: g10/gpg.c:1391
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìç áóöáëåßò Üäåéåò óôï %s \"%s\"\n"
+
+#: g10/gpg.c:1397
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìç áóöáëÞò éäéïêôçóßáåóþêëåéóôïõ öáêÝëïõ óôï %s \"%s\"\n"
+
+#: g10/gpg.c:1400
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìç áóöáëÞò éäéïêôçóßáåóþêëåéóôïõ öáêÝëïõ óôï %s \"%s\"\n"
+
+#: g10/gpg.c:1403
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìç áóöáëÞò éäéïêôçóßáåóþêëåéóôïõ öáêÝëïõ óôï %s \"%s\"\n"
+
+#: g10/gpg.c:1409
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìç áóöáëåßò Üäåéåò åóþêëåéóôïõ öáêÝëïõ óôï %s \"%s\"\n"
+
+#: g10/gpg.c:1412
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìç áóöáëåßò Üäåéåò åóþêëåéóôïõ öáêÝëïõ óôï %s \"%s\"\n"
+
+#: g10/gpg.c:1415
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìç áóöáëåßò Üäåéåò åóþêëåéóôïõ öáêÝëïõ óôï %s \"%s\"\n"
+
+#: g10/gpg.c:1595
+#, fuzzy, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "Üãíùóôï áíôéêåßìåíï ñõèìßóåùò \"%s\"\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+#, fuzzy
+msgid "show all notations during signature listings"
+msgstr "Äåí âñÝèçêå áíôßóôïé÷ç õðïãñáöÞ óôç ìõóôéêÞ êëåéäïèÞêç\n"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "ôï URL ðïëéôéêÞò õðïãñáöÞò ðïõ äüèçêå äåí åßíáé Ýãêõñï\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr "áðåéêüíéóç ôçò êëåéäïèÞêçò óôçí ïðïßá áíáöÝñåôå ôï êëåéäß"
+
+#: g10/gpg.c:1721
+#, fuzzy
+msgid "show expiration dates during signature listings"
+msgstr "Äåí âñÝèçêå áíôßóôïé÷ç õðïãñáöÞ óôç ìõóôéêÞ êëåéäïèÞêç\n"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "ÓÇÌÅÉÙÓÇ: áãíïÞèçêå ôï ðáëéü áñ÷åßï ðñïêáèïñéóìÝíùí åðéëïãþí `%s'\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "ÓÇÌÅÉÙÓÇ: ôï %s äåí åßíáé ãéá êáíïíéêÞ ÷ñÞóç!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, fuzzy, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "ôï %s äåí åßíáé Ýãêõñï óåô ÷áñáêôÞñùí\n"
+
+#: g10/gpg.c:2624
+#, fuzzy, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "ôï %s äåí åßíáé Ýãêõñï óåô ÷áñáêôÞñùí\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+#, fuzzy
+msgid "could not parse keyserver URL\n"
+msgstr "áäõíáìßá åðåîåñãáóßáò ôïõ URI ôïõ äéáêïìéóç êëåéäéþí\n"
+
+#: g10/gpg.c:2659
+#, fuzzy, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: ìç Ýãêõñåò åðéëïãÝò åîáãùãÞò\n"
+
+#: g10/gpg.c:2662
+#, fuzzy
+msgid "invalid keyserver options\n"
+msgstr "ìç Ýãêõñåò åðéëïãÝò åîáãùãÞò\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: ìç Ýãêõñåò åðéëïãÝò åéãáãùãÞò\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "ìç Ýãêõñåò åðéëïãÝò åéãáãùãÞò\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: ìç Ýãêõñåò åðéëïãÝò åîáãùãÞò\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "ìç Ýãêõñåò åðéëïãÝò åîáãùãÞò\n"
+
+#: g10/gpg.c:2689
+#, fuzzy, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: ìç Ýãêõñåò åðéëïãÝò åéãáãùãÞò\n"
+
+#: g10/gpg.c:2692
+#, fuzzy
+msgid "invalid list options\n"
+msgstr "ìç Ýãêõñåò åðéëïãÝò åéãáãùãÞò\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "ôï %s äåí åßíáé Ýãêõñï óåô ÷áñáêôÞñùí\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "ôï URL ðïëéôéêÞò õðïãñáöÞò ðïõ äüèçêå äåí åßíáé Ýãêõñï\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "ôï %s äåí åßíáé Ýãêõñï óåô ÷áñáêôÞñùí\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "ôï %s äåí åßíáé Ýãêõñï óåô ÷áñáêôÞñùí\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, fuzzy, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: ìç Ýãêõñåò åðéëïãÝò åîáãùãÞò\n"
+
+#: g10/gpg.c:2732
+#, fuzzy
+msgid "invalid verify options\n"
+msgstr "ìç Ýãêõñåò åðéëïãÝò åîáãùãÞò\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "áäõíáìßá ïñéóìïý ôïõ exec-path óå %s\n"
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: ìç Ýãêõñåò åðéëïãÝò åîáãùãÞò\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ôï ðñüãñáììá ßóùò äçìéïõñãÞóåé áñ÷åßï core!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ôï %s ðáñáêÜìðôåé ôï %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "ôï %s äåí åðéôñÝðåôáé ìå ôï %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "ôï %s äåí Ý÷åé êáììßá Ýííïéá ìáæß ìå ôï %s!\n"
+
+#: g10/gpg.c:3057
+#, fuzzy, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+"ìðïñåßôå íá êÜíåôå áðïêïììÝíåò Þ êáèáñÝò õðïãñáöÝò ìüíï óå --pgp2 êáôÜóôáóç\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr ""
+"äåí ìðïñåßôå íá õðïãñÜöåôå êáé íá êñõðôïãñáöåßôå ôáõôü÷ñïíá óå --pgp2 "
+"êáôÜóôáóç\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "ìüíï áñ÷åßá åðéôñÝðïíôáé (êáé ü÷é pipes) êáôá ôçí êáôáóôáóç --pgp2.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr ""
+"ç êñõðôïãñÜöçóç åíüò ìçíýìáôïò óå --pgp2 êáôÜóôáóç áðáéôåß ôïí áëãïñ. IDEA\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "ï åðéëåãìÝíïò áëãüñéèìïò êñõðôïãñÜöçóçò äåí åßíáé Ýãêõñïò\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "ï åðéëåãìÝíïò áëãüñéèìïò ðåñßëçøçò äåí åßíáé Ýãêõñïò\n"
+
+#: g10/gpg.c:3175
+#, fuzzy
+msgid "selected compression algorithm is invalid\n"
+msgstr "ï åðéëåãìÝíïò áëãüñéèìïò êñõðôïãñÜöçóçò äåí åßíáé Ýãêõñïò\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr ""
+"ï åðéëåãìÝíïò áëãüñéèìïò ðåñßëçøçò ãéá ðéóôïðïßçóç\n"
+"äåí åßíáé Ýãêõñïò\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed ðñÝðåé íá åßíáé ìåãáëýôåñá áðü 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed ðñÝðåé íá åßíáé ìåãáëýôåñá áðü 1\n"
+
+#: g10/gpg.c:3200
+#, fuzzy
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth ðñÝðåé íá åßíáé ìåôáîý 1 êáé 255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "ìç Ýãêõñï default-cert-level· ðñÝðåé íá åßíáé 0, 1, 2, Þ 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "ìç Ýãêõñï min-cert-level· ðñÝðåé íá åßíáé 0, 1, 2, Þ 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "ÓÇÌÅÉÙÓÇ: ç áðëÞ S2K êáôÜóôáóç (0) ðñÝðåé íá áðïöåýãåôáé\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "ìç Ýãêõñç êáôÜóôáóç S2K; ðñÝðåé íá åßíáé 0, 1 Þ 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "ìç Ýãêõñåò ðñïåðéëïãÝò\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "ìç Ýãêõñåò ðñïåðéëïãÝò ðñïóùðéêïý êñõðôáëãüñéèìïõ\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "ìç Ýãêõñåò ðñïåðéëïãÝò ðñïóùðéêïý áëãüñéèìïõ ðåñßëçøçò\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "ìç Ýãêõñåò ðñïåðéëïãÝò ðñïóùðéêïý áëãüñéèìïõ óõìðßåóçò\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "ôï %s áêüìá äå ëåéôïõñãåß ìáæß ìå ôï %s\n"
+
+#: g10/gpg.c:3310
+#, fuzzy, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "áðáãïñåýåôå ç ÷ñÞóç ôïõ êñõðôáëãüñéèìïõ \"%s\" óôçí êáôÜóôáóç %s\n"
+
+#: g10/gpg.c:3315
+#, fuzzy, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr ""
+"áðáãïñåýåôå ç ÷ñÞóç ôïõ áëãüñéèìïõ ðåñßëçøçò \"%s\" óôçí êáôÜóôáóç %s\n"
+
+#: g10/gpg.c:3320
+#, fuzzy, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr ""
+"áðáãïñåýåôå ç ÷ñÞóç ôïõ áëãüñéèìïõ óõìðßåóçò \"%s\" óôçí êáôÜóôáóç %s\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "áðïôõ÷ßá áñ÷éêïðïßçóçò ôçò TrustDB: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: äþèçêáí ðáñáëÞðôåò (-r) ÷þñéò ÷ñÞóç êñõðôïãñÜöçóçò\n"
+"äçìïóßïõ êëåéäéïý\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [üíïìá áñ÷åßïõ]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [üíïìá áñ÷åßïõ]"
+
+#: g10/gpg.c:3447
+#, fuzzy, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "áðïêñõðôïãñÜöçóç áðÝôõ÷å: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [üíïìá áñ÷åßïõ]"
+
+#: g10/gpg.c:3470
+#, fuzzy
+msgid "--symmetric --encrypt [filename]"
+msgstr "--sign --encrypt [üíïìá áñ÷åßïõ]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "áðáãïñåýåôå ç ÷ñÞóç ôïõ %s óôçí êáôÜóôáóç %s.\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [üíïìá áñ÷åßïõ]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [üíïìá áñ÷åßïõ]"
+
+#: g10/gpg.c:3521
+#, fuzzy
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--sign --encrypt [üíïìá áñ÷åßïõ]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "áðáãïñåýåôå ç ÷ñÞóç ôïõ %s óôçí êáôÜóôáóç %s.\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [üíïìá áñ÷åßïõ]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [üíïìá áñ÷åßïõ]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [üíïìá áñ÷åßïõ]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key user-id"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key user-id"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key user-id [åíôïëÝò]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key user-id"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "keyserver áðïóôïëÞ áðÝôõ÷å: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "keyserver ëÞøç áðÝôõ÷å: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "åîáãùãÞ êëåéäéïý áðÝôõ÷å: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "keyserver áíáæÞôçóç áðÝôõ÷å: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "keyserver áíáíÝùóç áðÝôõ÷å: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "áðïèùñÜêéóç áðÝôõ÷å: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "èùñÜêéóç áðÝôõ÷å: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "ìç Ýãêõñïò áëãüñéèìïò hash `%s'\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[üíïìá áñ÷åßïõ]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Ìðïñåßôå ôþñá íá åéóáãÜãåôå ôï ìÞíõìá óáò ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "ôï URL ðïëéôéêÞò ðéóôïðïéçôéêïý ðïõ äüèçêå äåí åßíáé Ýãêõñï\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "ôï URL ðïëéôéêÞò õðïãñáöÞò ðïõ äüèçêå äåí åßíáé Ýãêõñï\n"
+
+#: g10/gpg.c:4358
+#, fuzzy
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "ôï URL ðïëéôéêÞò õðïãñáöÞò ðïõ äüèçêå äåí åßíáé Ýãêõñï\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "åîáãùãÞ ôùí êëåéäéþí áðü áõôÞ ôç êëåéäïèÞêç"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "ïñéóìüò ôùí óõãêñïýóåùí þñáò (timestamp) ìüíï óáí ðñïåéäïðïßçóç"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|åããñáöÞ ôùí ðëçñïöïñéþí êáôÜóôáóçò óôï FD"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "×ñÞóç: gpgv [åðéëïãÝò] [áñ÷åßá] (-h ãéá âïÞèåéá)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Óýíôáîç: gpg [åðéëïãÝò] [áñ÷åßá]\n"
+"¸ëåã÷ïò õðïãñáöþí óå óýãêñéóç ìå ãíùóôÜ åìðéóôåõìÝíá êëåéäéÜ\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Äåí õðÜñ÷åé äéáèÝóéìç âïÞèåéá"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Äåí õðÜñ÷åé äéáèÝóéìç âïÞèåéá ãéá `%s'"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "áíáíÝùóç ôçò âÜóçò äåäïìÝíùí åìðéóôïóýíçò"
+
+#: g10/import.c:100
+#, fuzzy
+msgid "create a public key when importing a secret key"
+msgstr "ôï äçìïóßï êëåéäß äåí ôáéñéÜæåé ìå ôï ìõóôéêü!\n"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "ìç ÷ñçóéìïðïéÞóéìï ìõóôéêü êëåéäß"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "ðáñÜëåéøç ôìÞìáôïò ôïõ ôýðïõ %d\n"
+
+#: g10/import.c:275
+#, fuzzy, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu êëåéäéÜ Ý÷ïõí ìÝ÷ñé ôþñá åðåîåñãáóôåß\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Óõíïëéêüò áñéèìüò ðïõ åðåîåñãÜóôçêáí: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " íÝá êëåéäéÜ ðïõ ðáñáëåßöèçêáí: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " ÷ùñßò user ID: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " åéóá÷èÝíôá: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " áìåôÜâëçôá: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " íÝá user ID: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " íÝá õðïêëåéäéÜ: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " íÝåò õðïãñáöÝò: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " íÝåò áíáêëÞóåéò êëåéäéþí: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " áíáãíùóìÝíá ìõóôéêÜ êëåéäéÜ: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " åéóá÷èÝíôá ìõóôéêÜ êëåéäéÜ: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " áìåôÜâëçôá ìõóôéêÜ êëåéäéÜ: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " ìç åéóá÷èÝíôá: %lu\n"
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " íÝåò õðïãñáöÝò: %lu\n"
+
+#: g10/import.c:325
+#, fuzzy, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " áíáãíùóìÝíá ìõóôéêÜ êëåéäéÜ: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:662
+#, fuzzy, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr "%s õðïãñáöÞ, áëãüñéèìïò ðåñßëçøçò %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, fuzzy, c-format
+msgid "key %s: no user ID\n"
+msgstr "êëåéäß %08lX: äåí õðÜñ÷åé áõôü ôï user ID\n"
+
+#: g10/import.c:795
+#, fuzzy, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "êëåéäß %08lX: åðéäéüñèùóç öèáñìÝíïõ õðïêëåéäéïý HKP\n"
+
+#: g10/import.c:810
+#, fuzzy, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "êëåéäß %08lX: äåêôü ìç éäéï-õðïãåãñáììÝíï user ID '%s'\n"
+
+#: g10/import.c:816
+#, fuzzy, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "êëåéäß %08lX: äåí Ý÷åé Ýãêõñá user ID\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "áõôü ìðïñåß íá óõíÝâåé áðü ìéá áðïýóá éäéïûðïãñáöÞ\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, fuzzy, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "êëåéäß %08lX: ìõóôéêü êëåéäß ðïõ äå âñÝèçêå: %s\n"
+
+#: g10/import.c:834
+#, fuzzy, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "êëåéäß %08lX: íÝï êëåéäß - ðáñáëåßöèçêå\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "äåí âñåèçêå åããñÜøéìç êëåéäïèÞêç: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "åããñáöÞ óôï `%s'\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "áäõíáìßá åããñáöÞò ôçò êëåéäïèÞêçò `%s': %s\n"
+
+#: g10/import.c:871
+#, fuzzy, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "êëåéäß %08lX: ôï äçìüóéï êëåéäß \"%s\" Ý÷åé åéóá÷èåß\n"
+
+#: g10/import.c:895
+#, fuzzy, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "êëåéäß %08lX: äåí ôáéñéÜæåé ìå ôï áíôßãñáöï ìáò\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, fuzzy, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "êëåéäß %08lX: áäõíáìßá åíôïðéóìïý ôïõ áñ÷éêïý ôìÞìáôïò êëåéäéïý: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, fuzzy, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "êëåéäß %08lX: áäõíáìßá áíÜãíùóçò ôïõ áñ÷éêïý ôìÞìáôïò êëåéäéïý: %s\n"
+
+#: g10/import.c:962
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "êëåéäß %08lX: \"%s\" 1 íÝï user ID\n"
+
+#: g10/import.c:965
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "êëåéäß %08lX: \"%s\" %d íÝá user ID\n"
+
+#: g10/import.c:968
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "êëåéäß %08lX: \"%s\" 1 íÝá õðïãñáöÞ\n"
+
+#: g10/import.c:971
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "êëåéäß %08lX: \"%s\" %d íÝåò õðïãñáöÝò\n"
+
+#: g10/import.c:974
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "êëåéäß %08lX: \"%s\" 1 íÝï õðïêëåéäß\n"
+
+#: g10/import.c:977
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "êëåéäß %08lX: \"%s\" %d íÝá õðïêëåéäéÜ\n"
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "êëåéäß %08lX: \"%s\" %d íÝåò õðïãñáöÝò\n"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "êëåéäß %08lX: \"%s\" %d íÝåò õðïãñáöÝò\n"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "êëåéäß %08lX: \"%s\" %d íÝá user ID\n"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "êëåéäß %08lX: \"%s\" %d íÝá user ID\n"
+
+#: g10/import.c:1013
+#, fuzzy, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "êëåéäß %08lX: \"%s\" áìåôÜâëçôï\n"
+
+#: g10/import.c:1185
+#, fuzzy, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "êëåéäß %08lX: ìõóôéêü êëåéäß ìå Üêõñï êñõðôáëã. %d - ðáñáëåßöèçêå\n"
+
+#: g10/import.c:1196
+#, fuzzy
+msgid "importing secret keys not allowed\n"
+msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "äåí õðÜñ÷åé ðñïêáèïñéóìÝíç êëåéäïèÞêç: %s\n"
+
+#: g10/import.c:1224
+#, fuzzy, c-format
+msgid "key %s: secret key imported\n"
+msgstr "êëåéäß %08lX: ìõóôéêü êëåéäß åéóÞ÷èçêå\n"
+
+#: g10/import.c:1254
+#, fuzzy, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "êëåéäß %08lX: Þäç óôç ìõóôéêÞ êëåéäïèÞêç\n"
+
+#: g10/import.c:1264
+#, fuzzy, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "êëåéäß %08lX: äå âñÝèçêå ôï ìõóôéêü êëåéäß: %s\n"
+
+#: g10/import.c:1296
+#, fuzzy, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"êëåéäß %08lX: ü÷é äçìüóéï êëåéäß - áäõíáìßá åöáñìïãÞò ðéóôïðïéçôéêïý "
+"áíÜêëçóçò\n"
+
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "êëåéäß %08lX: ìç Ýãêõñï ðéóôïðïéçôéêü áíÜêëçóçò: %s - áðüññéøç\n"
+
+#: g10/import.c:1371
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "êëåéäß %08lX: \"%s\" ðéóôïðïéçôéêü áíÜêëçóçò åéóÞ÷èçêå\n"
+
+#: g10/import.c:1447
+#, fuzzy, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "êëåéäß %08lX: äåí õðÜñ÷åé user ID ãéá ôçí õðïãñáöÞ\n"
+
+#: g10/import.c:1464
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"êëåéäß %08lX: ìç õðïóôçñéæüìåíïò áëãüñéèìïò äçìïóßïõ êëåéäéïý óôï user id \"%"
+"s\"\n"
+
+#: g10/import.c:1466
+#, fuzzy, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "êëåéäß %08lX: ìç Ýãêõñç éäéï-õðïãñáöÞ óôï user id \"%s\"\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "êëåéäß %08lX: ìç õðïóôçñéæüìåíïò áëãüñéèìïò äçìïóßïõ êëåéäéïý\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "êëåéäß %08lX: Üìåóç õðïãñáöÞ êëåéäéïý ðñïóôÝèçêå\n"
+
+#: g10/import.c:1498
+#, fuzzy, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "êëåéäß %08lX: äåí õðÜñ÷åé õðïêëåéäß ãéá ôç äÝóìåõóç êëåéäéïý\n"
+
+#: g10/import.c:1511
+#, fuzzy, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "êëåéäß %08lX: ìç Ýãêõñç äÝóìåõóç õðïêëåéäéïý\n"
+
+#: g10/import.c:1527
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "êëåéäß %08lX: áöáéñÝèçêå ç äÝóìåõóç ðïëëáðëïý õðïêëåéäéïý\n"
+
+#: g10/import.c:1549
+#, fuzzy, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "êëåéäß %08lX: äåí õðÜñ÷åé õðïêëåéäß ãéá ôçí áíÜêëçóç êëåéäéïý\n"
+
+#: g10/import.c:1562
+#, fuzzy, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "êëåéäß %08lX: ìç Ýãêõñç áíÜêëçóç õðïêëåéäéïý\n"
+
+#: g10/import.c:1577
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "êëåéäß %08lX: áöáéñÝèçêå ç áíÜêëçóç ðïëëáðëïý õðïêëåéäéïý\n"
+
+#: g10/import.c:1618
+#, fuzzy, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "êëåéäß %08lX: ðáñáëåßöèçêå user ID '"
+
+#: g10/import.c:1639
+#, fuzzy, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "êëåéäß %08lX: ðáñáëåßöèçêå õðïêëåéäß\n"
+
+#: g10/import.c:1666
+#, fuzzy, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "êëåéäß %08lX: ìç åîáãüìåíç õðïãñáöÞ (êëÜóç %02x) - ðáñáëåßöèçêå\n"
+
+#: g10/import.c:1676
+#, fuzzy, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr ""
+"êëåéäß %08lX: ôï ðéóôïðïéçôéêü áíÜêëçóçò óå ëÜèïò óçìåßï - ðáñáëåßöèçêå\n"
+
+#: g10/import.c:1693
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "êëåéäß %08lX: ìç Ýãêõñï ðéóôïðïéçôéêü áíÜêëçóçò: %s - ðáñáëåßöèçêå\n"
+
+#: g10/import.c:1707
+#, fuzzy, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr ""
+"êëåéäß %08lX: ç õðïãñáöÞ ôïõ õðïêëåéäéïý óå ëÜèïò óçìåßï - ðáñáëåßöèçêå\n"
+
+#: g10/import.c:1715
+#, fuzzy, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "êëåéäß %08lX: ìç áíáìåíþìåíç êëÜóç õðïãñáöÞò (0x%02x) - ðáñáëåßöèçêå\n"
+
+#: g10/import.c:1844
+#, fuzzy, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "êëåéäß %08lX: åíôïðßóôçêå äéðëü user ID - åíþèçêáí\n"
+
+#: g10/import.c:1906
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: êëåéäß %08lX ìðïñåß íá áíáêëçèåß: ëÞøç êëåéäéïý áíÜêëçóçò %"
+"08lX\n"
+
+#: g10/import.c:1920
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: êëåéäß %08lX ìðïñåß íá áíáêëçèåß: ôï êëåéäß áíÜêëçóçò %08lX\n"
+"äåí åßíáé ðáñþí.\n"
+
+#: g10/import.c:1979
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "êëåéäß %08lX: \"%s\" ðéóôïðïéçôéêü áíÜêëçóçò ðñïóôÝèçêå\n"
+
+#: g10/import.c:2013
+#, fuzzy, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "êëåéäß %08lX: Üìåóç õðïãñáöÞ êëåéäéïý ðñïóôÝèçêå\n"
+
+#: g10/import.c:2414
+#, fuzzy
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "ôï äçìïóßï êëåéäß äåí ôáéñéÜæåé ìå ôï ìõóôéêü!\n"
+
+#: g10/import.c:2422
+#, fuzzy
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "ðáñáëåßöèçêå: ìõóôéêü êëåéäß Þäç ðáñþí\n"
+
+#: g10/import.c:2424
+#, fuzzy
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "ðáñáëåßöèçêå: ìõóôéêü êëåéäß Þäç ðáñþí\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò ôçò êëåéäïèÞêçò `%s': %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "êëåéäïèÞêç `%s' äçìéïõñãÞèçêå\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, fuzzy, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "óöÜëìá êáôÜ ôç äçìéïõñãßá ôïõ `%s': %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "áðïôõ÷ßá åðáíáäüìçóçò ôçò cache êëåéäïèÞêçò: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[áíÜêëçóç]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[éäéï-õðïãñáöÞ]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 êáêÞ õðïãñáöÞ\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d êáêÝò õðïãñáöÝò\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 õðïãñáöÞ äåí åëÝã÷èçêå ëüãù ÷áìÝíïõ êëåéäéïý\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d õðïãñáöÝò äåí åëÝã÷èçêáí ëüãù ÷áìÝíùí êëåéäéþí\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 õðïãñáöÞ äåí åëÝã÷èçêå ëüãï åíüò óöÜëìáôïò\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d õðïãñáöÝò äåí åëÝã÷èçêáí ëüãù óöáëìÜôùí\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "1 user ID áíé÷íåýôçêå ÷ùñßò Ýãêõñç éäéï-õðïãñáöÞ\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "%d user ID áíé÷íåýèçêáí ÷ùñßò Ýãêõñåò éäéï-õðïãñáöÝò\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+#, fuzzy
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Ðáñáêáëþ áðïöáóßóôå ðüóï êáëÜ åìðéóôåýåóôå áõôü ôï\n"
+"÷ñÞóôç, þóôå íá ìðïñåß íá åðáëçèåýåé êëåéäéÜ Üëëùí (ìå ôï\n"
+"íá êïéôÜæåé passports êáé fingerprints áðü äéÜöïñåò ðçãÝò...);\n"
+"\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, fuzzy, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = ¸÷ù ìåñéêÞ åìðéóôïóýíç\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, fuzzy, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = ¸÷ù ðëÞñç åìðéóôïóýíç\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "Ôï user ID \"%s\" áíáêáëåßôå."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Óßãïõñá èÝëåôå áêüìá íá ôï õðïãñÜøåôå; (y/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Áäõíáìßá õðïãñáöÞò.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "Ôï user ID \"%s\" Ý÷åé Ýëçîå."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ôï user ID \"%s\" äåí Ý÷åé éäéï-õðïãñáöåß."
+
+#: g10/keyedit.c:682
+#, fuzzy, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ôï user ID \"%s\" äåí Ý÷åé éäéï-õðïãñáöåß."
+
+#: g10/keyedit.c:684
+#, fuzzy
+msgid "Sign it? (y/N) "
+msgstr "Óßãïõñá íá õðïãñáöåß; "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"Ç éäéï-õðïãñáöÞ óôï \"%s\"\n"
+"åßíáé ìéá õðïãñáöÞ ôýðïõ PGP 2.x.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "ÈÝëåôå íá ôç ðñïÜãåôå óå ìéá OpenPGP éäéï-õðïãñáöÞ; (y/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Ç ðñïõðÜñ÷ïõóá õðïãñáöÞ óáò óôï \"%s\"\n"
+"Ý÷åé ëÞîåé.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+"ÈÝëåôå íá ïñßóåôå ìéá íÝá õðïãñáöÞ ðñïò áíôéêáôÜóôáóç ôçò ëçãìÝíçò; (y/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Ç ðñïõðÜñ÷ïõóá õðïãñáöÞ óáò óôï \"%s\"\n"
+"åßíáé ìéá ôïðéêÞ õðïãñáöÞ.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "ÈÝëåôå íá ôç ðñïÜãåôå óå ìéá ðëÞñç åîáãþãéìç õðïãñáöÞ; (y/N) "
+
+#: g10/keyedit.c:779
+#, fuzzy, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" Þäç õðïãñÜöèçêå áðü ôï êëåéäß %08lX\n"
+
+#: g10/keyedit.c:782
+#, fuzzy, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" Þäç õðïãñÜöèçêå áðü ôï êëåéäß %08lX\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Óßãïõñá èÝëåôå áêüìá íá ôï îáíáõðïãñÜøåôå; (y/N) "
+
+#: g10/keyedit.c:809
+#, fuzzy, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Ôßðïôá ãéá íá õðïãñáöåß ìå ôï êëåéäß %08lX\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Áõôü ôï êëåéäß Ý÷åé ëÞîåé!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Áõôü ôï êëåéäß ðñüêåéôå íá ëÞîåé óôéò %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "ÈÝëåôå ç õðïãáöÞóáò íá ëÞîåé ôáõôü÷ñïíá; (Y/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"Ìðïñåßôå íá ÷ñçóéìüðïéÞóåôå ìéá OpenPGP õðïãñáöÞ óå Ýíá PGP 2.x ìüíï óå "
+"êáôÜóôáóç --pgp2.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Áõôü èá êÜíåé ôï êëåéäß Ü÷ñçóôï ìå ôï PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Åßóôå óßãïõñïé üôé åëÝãîáôå ðñïóåêôéêÜ üôé ôï êëåéäß ðïõ åßóôå Ýôïéìïé íá\n"
+"áíÞêåé ðñÜãìáôé óôï ðñïáíöåñèÝí Üôïìï; ÅÜí äåí îÝñåôå ôé íá áðáíôÞóåôå "
+"ðáôÞóôå\"0\".\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Äåí áðáíôþ.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Äåí Ý÷ù åëÝãîåé êáèüëïõ.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) ¸÷ù êÜíåé ôïí óõíÞèç Ýëåã÷ï.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) ¸÷ù êÜíåé åêôåôáìÝíï Ýëåã÷ï.%s\n"
+
+#: g10/keyedit.c:932
+#, fuzzy
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Ç åðéëïãÞ óáò; (ðëçêôñïëïãÞóôå ? ãéá ðëçñïöïñßåò): "
+
+#: g10/keyedit.c:956
+#, fuzzy, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Óßãïõñá èÝëåôå íá õðïãñÜøåôå áõôü ôï êëåéäß\n"
+"ìå ôï êëåéäß óáò: \""
+
+#: g10/keyedit.c:963
+#, fuzzy
+msgid "This will be a self-signature.\n"
+msgstr ""
+"\n"
+"ÁõôÞ èá åßíáé ìéá éäéï-õðïãñáöÞ.\n"
+
+#: g10/keyedit.c:969
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ç õðïãñáöÞ äå èá óçìåéùèåß óáí ìç-åîáãþãéìç.\n"
+
+#: g10/keyedit.c:977
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: Ç õðïãñáöÞ äå èá óçìåéùèåß óáí ìç-áíáêáëÝóéìç.\n"
+"\n"
+
+#: g10/keyedit.c:987
+#, fuzzy
+msgid "The signature will be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"Ç õðïãñáöÞ èá óçìåéùèåß óáí ìç-åîáãþãéìç.\n"
+
+#: g10/keyedit.c:994
+#, fuzzy
+msgid "The signature will be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"Ç õðïãñáöÞ èá óçìåéùèåß óáí ìç-áíáêáëÝóéìç.\n"
+"\n"
+
+#: g10/keyedit.c:1001
+#, fuzzy
+msgid "I have not checked this key at all.\n"
+msgstr ""
+"\n"
+"Äåí Ý÷ù åëÝãîåé êáèüëïõ áõôü ôï êëåéäß.\n"
+
+#: g10/keyedit.c:1006
+#, fuzzy
+msgid "I have checked this key casually.\n"
+msgstr ""
+"\n"
+"¸÷ù êÜíåé óõíçèéóìÝíï Ýëåã÷ï óå áõôü ôï êëåéäß.\n"
+
+#: g10/keyedit.c:1011
+#, fuzzy
+msgid "I have checked this key very carefully.\n"
+msgstr ""
+"\n"
+"¸÷ù åëÝãîåé ðïëý ðñïóåêôéêÜ áõôü ôï êëåéäß.\n"
+
+#: g10/keyedit.c:1021
+#, fuzzy
+msgid "Really sign? (y/N) "
+msgstr "Óßãïõñá íá õðïãñáöåß; "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "ç õðïãñáöÞ áðÝôõ÷å: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Áõôü ôï êëåéäß äåí ðñïóôáôåýåôáé.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "ÌõóôéêÜ ôìÞìáôá ôïõ êýñéïõ êëåéäéïý äåí åßíáé äéáèÝóéìá.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+#, fuzzy
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "ÌõóôéêÜ ôìÞìáôá ôïõ êýñéïõ êëåéäéïý äåí åßíáé äéáèÝóéìá.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Ôï êëåéäß ðñïóôáôåýåôáé.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Áäýíáôç ç åðåîåñãáóßá áõôïý ôïõ êëåéäéïý:%s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"ÐëçêôñïëïãÞóôå ôçí íÝá öñÜóç êëåéäß ãéá áõôü ôï ìõóôéêü êëåéäß.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "ç öñÜóç êëåéäß äåí åðáíáëÞöèçêå óùóôÜ. ÄïêéìÜóôå îáíÜ"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr "Äåí èÝëåôå öñÜóç êëåéäß - áõôü åßíáé ìÜëëïí *êáêÞ* éäÝá!\n"
+
+#: g10/keyedit.c:1215
+#, fuzzy
+msgid "Do you really want to do this? (y/N) "
+msgstr "Óßãïõñá èÝëåôå íá êÜíåôå áõôü; "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "ìåôáêßíçóç õðïãñáöÞò êëåéäéïý óôç óùóôÞ èÝóç\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "áðïèÞêåõóç êáé Ýîïäïò"
+
+#: g10/keyedit.c:1387
+#, fuzzy
+msgid "show key fingerprint"
+msgstr "áðåéêüíéóç ôïõ fingerprint"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "áðåéêüíéóç ôùí êëåéäéþí êáé ôùí user ID"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "åðéëïãÞ user ID N"
+
+#: g10/keyedit.c:1391
+#, fuzzy
+msgid "select subkey N"
+msgstr "åðéëïãÞ user ID N"
+
+#: g10/keyedit.c:1392
+#, fuzzy
+msgid "check signatures"
+msgstr "áíÜêëçóç õðïãñáöþí"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+#, fuzzy
+msgid "sign selected user IDs locally"
+msgstr "õðïãñáöÞ ôïõ êëåéäéïý ôïðéêÜ"
+
+#: g10/keyedit.c:1404
+#, fuzzy
+msgid "sign selected user IDs with a trust signature"
+msgstr "ÓõìâïõëÞ: ÅðéëÝîôå ôï user ID ãéá õðïãñáöÞ\n"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "ðñïóèÞêç åíüò user ID"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "ðñïóèÞêç åíüò photo ID"
+
+#: g10/keyedit.c:1414
+#, fuzzy
+msgid "delete selected user IDs"
+msgstr "äéáãñáöÞ åíüò user ID"
+
+#: g10/keyedit.c:1419
+#, fuzzy
+msgid "add a subkey"
+msgstr "addkey"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+#, fuzzy
+msgid "delete selected subkeys"
+msgstr "äéáãñáöÞ åíüò äåõôåñåýïíôïò êëåéäéïý"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "ðñïóèÞêç åíüò êëåéäéïý áíÜêëçóçò"
+
+#: g10/keyedit.c:1435
+#, fuzzy
+msgid "delete signatures from the selected user IDs"
+msgstr ""
+"Óßãïõñá èÝëåôå íá áíáíåùèïýí ïé ðñïåðéëïãÝò ãéá ôï åðéëåãìÝíï user ID; "
+
+#: g10/keyedit.c:1437
+#, fuzzy
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "Äåí ìðïñåßôå íá áëëÜîåôå ôçí çìåñïìçíßá ëÞîçò óå Ýíá v3 êëåéäß\n"
+
+#: g10/keyedit.c:1439
+#, fuzzy
+msgid "flag the selected user ID as primary"
+msgstr "óçìåßùóç ôïõ user ID óáí ðñùôåýùí"
+
+#: g10/keyedit.c:1441
+#, fuzzy
+msgid "toggle between the secret and public key listings"
+msgstr "áëëáãÞ ìåôáîý ôçò áðåéêüíéóçò ìõóôéêïý êáé äçìüóéïõ êëåéäéïý"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "áðåéêüíéóç ðñïåðéëïãþí (åéäéêÝò)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "áðåéêüíéóç åðéëïãþí (áíáëõôéêÜ)"
+
+#: g10/keyedit.c:1448
+#, fuzzy
+msgid "set preference list for the selected user IDs"
+msgstr ""
+"Óßãïõñá èÝëåôå íá áíáíåùèïýí ïé ðñïåðéëïãÝò ãéá ôï åðéëåãìÝíï user ID; "
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "áäõíáìßá åðåîåñãáóßáò ôïõ URI ôïõ äéáêïìéóç êëåéäéþí\n"
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr ""
+"Óßãïõñá èÝëåôå íá áíáíåùèïýí ïé ðñïåðéëïãÝò ãéá ôï åðéëåãìÝíï user ID; "
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "áëëáãÞ ôçò öñÜóçò êëåéäß"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "áëëáãÞ ôçò åìðéóôïóýíçò éäéïêôÞôç"
+
+#: g10/keyedit.c:1463
+#, fuzzy
+msgid "revoke signatures on the selected user IDs"
+msgstr "Óßãïõñá èÝëåôå íá áíáêëçèïýí üëá ôá åðéëåãìÝíá user ID; "
+
+#: g10/keyedit.c:1465
+#, fuzzy
+msgid "revoke selected user IDs"
+msgstr "áíÜêëçóç åíüò user ID"
+
+#: g10/keyedit.c:1470
+#, fuzzy
+msgid "revoke key or selected subkeys"
+msgstr "áíÜêëçóç åíüò äåõôåñåýïíôïò êëåéäéïý"
+
+#: g10/keyedit.c:1471
+#, fuzzy
+msgid "enable key"
+msgstr "åíåñãïðïéåß Ýíá êëåéäß"
+
+#: g10/keyedit.c:1472
+#, fuzzy
+msgid "disable key"
+msgstr "áðåíåñãïðïéåß Ýíá êëåéäß"
+
+#: g10/keyedit.c:1473
+#, fuzzy
+msgid "show selected photo IDs"
+msgstr "áðåéêüíéóç photo ID"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, fuzzy, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ìõóôéêïý ìðëïê êëåéäéïý `%s': %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Ôï ìõóôéêü êëåéäß åßíáé äéáèÝóéìï.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Áðáéôåßôáé ôï ìõóôéêü êëåéäß ãéá íá ãßíåé áõôü.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Ðáñáêáëþ ÷ñçóéìïðïéåßóôå ôçí åíôïëÞ \"toggle\" ðñþôá.\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "Ôï êëåéäß áíáêëÞèçêå."
+
+#: g10/keyedit.c:1798
+#, fuzzy
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Óßãïõñá íá õðïãñáöïýí üëá ôá user ID; "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "ÓõìâïõëÞ: ÅðéëÝîôå ôï user ID ãéá õðïãñáöÞ\n"
+
+#: g10/keyedit.c:1814
+#, fuzzy, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "Üãíùóôç êëÜóç õðïãñáöÞò"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "ÁõôÞ ç åíôïëÞ áðáãïñåýåôå óå áõôÞ ôçí êáôÜóôáóç %s.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "ÐñÝðåé íá åðéëÝîåôå ôï ëéãüôåñï Ýíá user ID.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Äåí ìðïñåßôå íá äéáãñÜøåôå ôï ôåëåõôáßï user ID!\n"
+
+#: g10/keyedit.c:1863
+#, fuzzy
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Óßãïõñá èÝëåôå íá äéáãñáöïýí üëá ôá åðéëåãìÝíá user ID; "
+
+#: g10/keyedit.c:1864
+#, fuzzy
+msgid "Really remove this user ID? (y/N) "
+msgstr "Óßãïõñá èÝëåôå íá äéáãñáöåß áõôü ôï user ID; "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+#, fuzzy
+msgid "Really move the primary key? (y/N) "
+msgstr "Óßãïõñá èÝëåôå íá äéáãñáöåß áõôü ôï user ID; "
+
+#: g10/keyedit.c:1929
+#, fuzzy
+msgid "You must select exactly one key.\n"
+msgstr "ÐñÝðåé íá åðéëÝîåôå ôïõëÜ÷éóôïí Ýíá êëåéäß.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, fuzzy, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "áäõíáìßá ðñüóâáóçò óôï `%s': %s\n"
+
+#: g10/keyedit.c:1988
+#, fuzzy, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò ôçò êëåéäïèÞêçò `%s': %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "ÐñÝðåé íá åðéëÝîåôå ôïõëÜ÷éóôïí Ýíá êëåéäß.\n"
+
+#: g10/keyedit.c:2015
+#, fuzzy
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Óßãïõñá èÝëåôå íá äéáãñáöïýí ôá åðéëåãìÝíá êëåéäéÜ; "
+
+#: g10/keyedit.c:2016
+#, fuzzy
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Óßãïõñá èÝëåôå íá äéáãñáöåß áõôü ôï êëåéäß; "
+
+#: g10/keyedit.c:2051
+#, fuzzy
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Óßãïõñá èÝëåôå íá áíáêëçèïýí üëá ôá åðéëåãìÝíá user ID; "
+
+#: g10/keyedit.c:2052
+#, fuzzy
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Óßãïõñá èÝëåôå íá áíáêëçèåß áõôü ôï user ID; "
+
+#: g10/keyedit.c:2070
+#, fuzzy
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Óßãïõñá èÝëåôå íá áíáêëçèåß áõôü ôï êëåéäß; "
+
+#: g10/keyedit.c:2081
+#, fuzzy
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Óßãïõñá èÝëåôå íá áíáêëçèïýí ôá åðéëåãìÝíá êëåéäéÜ; "
+
+#: g10/keyedit.c:2083
+#, fuzzy
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Óßãïõñá èÝëåôå íá áíáêëçèåß áõôü ôï êëåéäß; "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+#, fuzzy
+msgid "Set preference list to:\n"
+msgstr "ïñéóìüò áðåéêüíéóçò åðéëïãþí"
+
+#: g10/keyedit.c:2181
+#, fuzzy
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+"Óßãïõñá èÝëåôå íá áíáíåùèïýí ïé ðñïåðéëïãÝò ãéá ôï åðéëåãìÝíï user ID; "
+
+#: g10/keyedit.c:2183
+#, fuzzy
+msgid "Really update the preferences? (y/N) "
+msgstr "Óßãïõñá íá áíáíåùèïýí ïé ðñïåðéëïãÝò;"
+
+#: g10/keyedit.c:2253
+#, fuzzy
+msgid "Save changes? (y/N) "
+msgstr "ÁðïèÞêåõóç ôùí áëëáãþí; "
+
+#: g10/keyedit.c:2256
+#, fuzzy
+msgid "Quit without saving? (y/N) "
+msgstr "Ôåñìáôéóìüò ÷ùñßò áðïèÞêåõóç; "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "ç åíçìÝñùóç áðÝôõ÷å: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "ç åíçìÝñùóç ìõóôéêïý áðÝôõ÷å: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Ôï êëåéäß äåí Üëëáîå ïðüôå äåí ÷ñåéÜæåôáé åíçìÝñùóç.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Ðåñßëçøç: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Äõíáôüôçôå: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr "Óçìåßùóç: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "Äåí õðÜñ÷ïõí ðñïåðéëïãÝò óå Ýíá user ID ôýðïõ PGP 2.x.\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Áõôü ôï êëåéäß ìðïñåß íá áíáêëçèåß áðü %s êëåéäß "
+
+#: g10/keyedit.c:2832
+#, fuzzy, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Áõôü ôï êëåéäß ìðïñåß íá áíáêëçèåß áðü %s êëåéäß "
+
+#: g10/keyedit.c:2838
+#, fuzzy
+msgid "(sensitive)"
+msgstr " (åõáßóèçôï)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, fuzzy, c-format
+msgid "created: %s"
+msgstr "áäõíáìßá äçìéïõñãßáò ôïõ %s: %s\n"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, fuzzy, c-format
+msgid "revoked: %s"
+msgstr "[áíáêëçìÝíï]"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, fuzzy, c-format
+msgid "expired: %s"
+msgstr " [ëÞãåé: %s]"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, fuzzy, c-format
+msgid "expires: %s"
+msgstr " [ëÞãåé: %s]"
+
+#: g10/keyedit.c:2863
+#, fuzzy, c-format
+msgid "usage: %s"
+msgstr " åìðéóôïóýíç: %c/%c"
+
+#: g10/keyedit.c:2878
+#, fuzzy, c-format
+msgid "trust: %s"
+msgstr " åìðéóôïóýíç: %c/%c"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr ""
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Áõôü ôï êëåéäß Ý÷åé áðåíåñãïðïéçèåß"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Ç åããõñüôçôá ôïõ áðåéêïíéæüìåíïõ êëåéäéïý äåí åßíáé áðáñáßôçôá óùóôÞ\n"
+"åêôüò êáé åÜí åðáíáêêéíÞóåôå ôï ðñüãñáììá.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+#, fuzzy
+msgid "revoked"
+msgstr "[áíáêëçìÝíï]"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+#, fuzzy
+msgid "expired"
+msgstr "expire"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: äåí Ý÷åé óçìåéùèåß ID ÷ñÞóôç óáí ðñùôåýùí. ÁõôÞ ç åíôïëÞ\n"
+" ìðïñåß íá êÜíåé Ýíá Üëëï ID ÷ñÞóôç íá ãßíåé ôï ðñùôåýùí.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: Áõôü Ýéíáé Ýíá êëåéäß ôýðïõ PGP2. Ç ðñïóèÞêç åíüò photo ID\n"
+" ìðïñåß íá êÜíåé ìåñéêÝò åêäüóåéò PGP íá ôï áðïññßøïõí.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Óßãïõñá áêüìá èÝëåôå íá ôï ðñïóèÝóåôå; (y/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "Äåí ìðïñåßôå íá ðñïóèÝóåôå ìéá photo ID óå Ýíá êëåéäß ôýðïõ PGP2.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "ÄéáãñáöÞ áõôÞò ôçò êáëÞò õðïãñáöÞò; (y/N/q)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "ÄéáãñáöÞ áõôÞò ôçò ìç Ýãêõñçò õðïãñáöÞò; (y/N/q)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "ÄéáãñáöÞ áõôÞò ôçò Üãíùóôçò õðïãñáöÞò; (y/N/q)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Óßãïõñá íá äéáãñáöåß áõôÞ ç éäéï-õðïãñáöÞ; (y/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "ÄéáãñÜöôçêå %d õðïãñáöÞ.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "ÄéáãñÜöçêáí %d õðïãñáöÝò.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Ôßðïôá äåí äéáãñÜöôçêå.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+#, fuzzy
+msgid "invalid"
+msgstr "ìç Ýãêõñç èùñÜêéóç"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "Ôï user ID \"%s\" áíáêáëåßôå."
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "Ôï user ID \"%s\" áíáêáëåßôå."
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "Ôï user ID \"%s\" áíáêáëåßôå."
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "ôï user ID \"%s\" Ý÷åé Þäç áíáêëçèåß\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "ôï user ID \"%s\" Ý÷åé Þäç áíáêëçèåß\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: Áõôü Ýéíáé Ýíá êëåéäß ôýðïõ PGP 2.x. Ç ðñïóèÞêç åíüò\n"
+" êáèïñéóìÝíïõ áíáêëçôÞ ìðïñåß íá êÜíåé ìåñéêÝò åêäüóåéò PGP\n"
+" íá ôï áðïññßøïõí.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr ""
+"Äåí ìðïñåßôå íá ðñïóèÝóåôå Ýíá êáèïñéóìÝíï áíáêëçôÞ óå êëåéäß ôýðïõ PGP2.x.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "ÐëçêôñïëïãÞóôå ôï user ID ôïõ äéïñéóìÝíïõ áíáêëçôÞ: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+"áäõíáìßá ïñéóìïý åíüò êëåéäéïý ôýðïõ PGP 2.x, óáí äéïñéóìÝíïõ áíáêëçôÞ\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr ""
+"äå ìðïñåßôå íá ïñßóåôå Ýíá êëåéäß óáí ôï äéïñéóìÝíï áíáêëçôÞ ôïõ åáõôïý ôïõ\n"
+
+#: g10/keyedit.c:3561
+#, fuzzy
+msgid "this key has already been designated as a revoker\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: Áõôü ôï êëåéäß Ý÷åé áíáêëçèåß áðü ôïí ïñéóìÝíï áíáêëçôÞ!\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: åÜí ïñßóåôå Ýíá êëåéäß óáí äéïñéóìÝíï áíáêëçôÞ äåí ìðïñåß íá "
+"åðáíÝëèåé!\n"
+
+#: g10/keyedit.c:3586
+#, fuzzy
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Åßóôå óßãïõñïé üôé èÝëåôå íá ïñßóåôå Ýíá êëåéäß óáí äéïñéóìÝíï áíáêëçôÞ; (y/"
+"N): "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Ðáñáêáëþ áöáéñÝóôå ôéò åðéëïãÝò áðü ôá ìõóôéêÜ êëåéäéÜ.\n"
+
+#: g10/keyedit.c:3653
+#, fuzzy
+msgid "Please select at most one subkey.\n"
+msgstr "Ðáñáêáëþ åðéëÝîôå ôï ðïëý Ýíá äåõôåñåýïí êëåéäß.\n"
+
+#: g10/keyedit.c:3657
+#, fuzzy
+msgid "Changing expiration time for a subkey.\n"
+msgstr "ÁëëáãÞ çìåñïìçíßáò ëÞîçò ãéá Ýíá äåõôåñåýïí êëåéäß.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "ÁëëáãÞ çìåñïìçíßáò ëÞîçò ãéá Ýíá ðñùôåýïí êëåéäß.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Äåí ìðïñåßôå íá áëëÜîåôå ôçí çìåñïìçíßá ëÞîçò óå Ýíá v3 êëåéäß\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Äåí âñÝèçêå áíôßóôïé÷ç õðïãñáöÞ óôç ìõóôéêÞ êëåéäïèÞêç\n"
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ôï õðïãñÜöùí õðïêëåéäß %08lX äåí Ý÷åé êáô' áíôéðáñÜóôáóç "
+"ðéóôïðïéçèåß\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "ÐñÝðåé íá åðéëÝîåôå áêñéâþò Ýíá user ID.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, fuzzy, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "ðáñáëåßöèçêå ç v3 éäéï-õðïãñáöÞ óôï user id \"%s\"\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+#, fuzzy
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Óßãïõñá èÝëåôå áêüìá íá ôï ÷ñçóéìïðïéÞóåôå; (y/N) "
+
+#: g10/keyedit.c:4260
+#, fuzzy
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Óßãïõñá èÝëåôå áêüìá íá ôï ÷ñçóéìïðïéÞóåôå; (y/N) "
+
+#: g10/keyedit.c:4322
+#, fuzzy
+msgid "Enter the notation: "
+msgstr "Óçìåßùóç õðïãñáöÞò: "
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "ÅðéêÜëõøç (y/N); "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Äåí õðÜñ÷åé user ID ìå äåßêôç %d\n"
+
+#: g10/keyedit.c:4604
+#, fuzzy, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Äåí õðÜñ÷åé user ID ìå äåßêôç %d\n"
+
+#: g10/keyedit.c:4639
+#, fuzzy, c-format
+msgid "No subkey with index %d\n"
+msgstr "Äåí õðÜñ÷åé user ID ìå äåßêôç %d\n"
+
+#: g10/keyedit.c:4774
+#, fuzzy, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "user ID: \""
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, fuzzy, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr " õðïãñÜöèçêå áðü %08lX óôéò %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (ìç-åîáãþãéìï)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "ÁõôÞ ç õðïãñáöÞ Ýëçîå óôéò %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Óßãïõñá èÝëåôå íá áíáêëçèåß áõôü ôï êëåéäß; "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Äçìéïõñãßá åíüò ðéóôïðïéçôéêïý áíÜêëçóçò ãéá áõôÞ ôçí õðïãñáöÞ; (y/N)"
+
+#: g10/keyedit.c:4842
+#, fuzzy
+msgid "Not signed by you.\n"
+msgstr " õðïãñÜöèçêå áðü %08lX óôéò %s%s\n"
+
+#: g10/keyedit.c:4848
+#, fuzzy, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "¸÷åôå õðïãñÜøåé áõôÜ ôá user ID:\n"
+
+#: g10/keyedit.c:4874
+#, fuzzy
+msgid " (non-revocable)"
+msgstr " (ìç-åîáãþãéìï)"
+
+#: g10/keyedit.c:4881
+#, fuzzy, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr " áíáêëÞèçêå áðü %08lX óôéò %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Óêïðåýåôå íá áíáêáëÝóåôå áõôÝò ôéò õðïãñáöÝò:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Óßãïõñá íá äçìéïõñãçèïýí ôá ðéóôïðïéçôéêÜ áíÜêëçóçò; (y/N)"
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "êáíÝíá ìõóôéêü êëåéäß\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "ôï user ID \"%s\" Ý÷åé Þäç áíáêëçèåß\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìéá õðïãñáöÞ user ID Ý÷åé çìåñïìçíßá %d äåýôåñá óôï ìÝëëïí\n"
+
+#: g10/keyedit.c:5104
+#, fuzzy, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "ôï user ID \"%s\" Ý÷åé Þäç áíáêëçèåß\n"
+
+#: g10/keyedit.c:5166
+#, fuzzy, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "ôï user ID \"%s\" Ý÷åé Þäç áíáêëçèåß\n"
+
+#: g10/keyedit.c:5261
+#, fuzzy, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "Áðåéêüíéóç %s photo ID ìåãÝèïõò %ld ãéá ôï êëåéäß 0x%08lX (uid %d)\n"
+
+#: g10/keygen.c:275
+#, fuzzy, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "ç ðñïåðéëïãÞ %c%lu áíôéãñÜöôçêå\n"
+
+#: g10/keygen.c:282
+#, fuzzy
+msgid "too many cipher preferences\n"
+msgstr "ðÜñá ðïëëÝò `%c' ðñïåðéëïãÝò\n"
+
+#: g10/keygen.c:284
+#, fuzzy
+msgid "too many digest preferences\n"
+msgstr "ðÜñá ðïëëÝò `%c' ðñïåðéëïãÝò\n"
+
+#: g10/keygen.c:286
+#, fuzzy
+msgid "too many compression preferences\n"
+msgstr "ðÜñá ðïëëÝò `%c' ðñïåðéëïãÝò\n"
+
+#: g10/keygen.c:426
+#, fuzzy, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "ìç Ýãêõñïò ÷áñáêôÞñáò óôï \"êïñäüíé\" ôçò åðéëïãÞò\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "åããñáöÞ Üìåóçò õðïãñáöÞò\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "åããñáöÞ éäéï-õðïãñáöÞò\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "åããñáöÞ õðïãñáöÞò \"äÝóéìïõ\" êëåéäéïý\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "ìç Ýãêõñï ìÝãåèïò êëåéäéïý, ÷ñÞóç %u bits\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "óôñïããõëïðïßçóç ôïõ ìÝãåèïò êëåéäéïý Ýùò %u bits\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+#, fuzzy
+msgid "Sign"
+msgstr "sign"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+#, fuzzy
+msgid "Encrypt"
+msgstr "êñõðôïãñÜöçóç äåäïìÝíùí"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr ""
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, fuzzy, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%d) ElGamal (ãéá êñõðôïãñÜöçóç ìüíï)\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Ðáñáêáëþ åðéëÝîôå ôïí ôýðï ôïõ êëåéäéïý ðïõ èÝëåôå:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA êáé ElGamal (ðñïêáèïñéóìÝíï)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA êáé ElGamal (ðñïêáèïñéóìÝíï)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (ãéá õðïãñáöÞ ìüíï)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (ãéá õðïãñáöÞ ìüíï)\n"
+
+#: g10/keygen.c:1698
+#, fuzzy, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (ãéá êñõðôïãñÜöçóç ìüíï)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (ãéá êñõðôïãñÜöçóç ìüíï)\n"
+
+#: g10/keygen.c:1703
+#, fuzzy, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) RSA (ãéá êñõðôïãñÜöçóç ìüíï)\n"
+
+#: g10/keygen.c:1704
+#, fuzzy, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (ãéá êñõðôïãñÜöçóç ìüíï)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Ôé ìÝãåèïò êëåéäéïý èá èÝëáôå; (1024) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, fuzzy, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Ôé ìÝãåèïò êëåéäéïý èá èÝëáôå; (1024) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Ôï ìÝãåèïò êëåéäéïý ðïõ æçôÞèçêå åßíáé %u bits\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Ðáñáêáëþ ïñßóôå ãéá ðüóï êáéñü ôï êëåéäß èá åßíáé Ýãêõñï.\n"
+" 0 = ôï êëåéäß äåí ëÞãåé ðïôÝ\n"
+" <n> = ôï êëåéäß ëÞãåé óå n ìÝñåò\n"
+" <n>w = ôï êëåéäß ëÞãåé óå n åâäïìÜäåò\n"
+" <n>m = ôï êëåéäß ëÞãåé óå n ìÞíåò\n"
+" <n>y = ôï êëåéäß ëÞãåé óå n Ýôç\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Ðáñáêáëþ ïñßóôå ãéá ðüóï êáéñü ôï êëåéäß èá åßíáé Ýãêõñï.\n"
+" 0 = ôï êëåéäß äåí ëÞãåé ðïôÝ\n"
+" <n> = ôï êëåéäß ëÞãåé óå n ìÝñåò\n"
+" <n>w = ôï êëåéäß ëÞãåé óå n åâäïìÜäåò\n"
+" <n>m = ôï êëåéäß ëÞãåé óå n ìÞíåò\n"
+" <n>y = ôï êëåéäß ëÞãåé óå n Ýôç\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Ôï êëåéäß åßíáé Ýãêõñï ãéá; (0) "
+
+#: g10/keygen.c:1964
+#, fuzzy, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Ç õðïãñáöÞ Ýéíáé Ýãêõñç ãéá; (0) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "ìç Ýãêõñç ôéìÞ\n"
+
+#: g10/keygen.c:1989
+#, fuzzy
+msgid "Key does not expire at all\n"
+msgstr "ôï %s äåí ëÞãåé ðïôÝ\n"
+
+#: g10/keygen.c:1990
+#, fuzzy
+msgid "Signature does not expire at all\n"
+msgstr "ôï %s äåí ëÞãåé ðïôÝ\n"
+
+#: g10/keygen.c:1995
+#, fuzzy, c-format
+msgid "Key expires at %s\n"
+msgstr "ôï %s ëÞãåé óôéò %s\n"
+
+#: g10/keygen.c:1996
+#, fuzzy, c-format
+msgid "Signature expires at %s\n"
+msgstr "ÕðïãñáöÞ ëÞãåé óôéò %s.\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Ôï óýóôçìá óáò äåí ìðïñåß íá áðåéêïíßóåé çìåñïìçíßåò ðÝñá ôïõ 2038.\n"
+"¼ìùò, èá ÷åéñßæïíôáé óùóôÜ Ýùò ôï 2106.\n"
+
+#: g10/keygen.c:2013
+#, fuzzy
+msgid "Is this correct? (y/N) "
+msgstr "Åßíáé áõôü óùóôü (y/n); "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+#, fuzzy
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"×ñåéÜæåóôå Ýíá User-ID ãéá íá áíáãíùñßóåôå Ýíá êëåéäß. Ôï ëïãéóìéêü "
+"êáôáóêåõÜæåé\n"
+"ôï user-id áðü ôï Áëçèéíü ¼íïìá, Ó÷üëéï êáé Äéåýèõíóç Email êÜðùò Ýôóé:\n"
+" \"Nikolaoy Nikos (toy Ioanni) <nikoln@athens.gr>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Áëçèéíü ¼íïìá: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Ìç Ýãêõñïò ÷áñáêôÞñáò óôï üíïìá\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Ôï üíïìá äåí åðéôñÝðåôáé íá îåêéíÜ ìå áñéèìçôéêü øçößï\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Ôï üíïìá ðñÝðåé íá Ý÷åé ôïõëÜ÷éóôïí 5 ÷áñáêôÞñåò\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Äéåýèõíóç Email: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Ìç Ýãêõñç äéåýèõíóç Email\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Ó÷üëéï: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Ìç Ýãêõñïò ÷áñáêôÞñáò óôï ó÷üëéï\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "×ñçóéìïðïéåßôå ôï `%s' óåô ÷áñáêôÞñùí.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"ÅðéëÝîáôå ôï USER-ID:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "Ðáñáêáëþ ìçí ôïðïèåôåßôå ôçí äéåýèõíóç email óôï üíïìá Þ óôï ó÷üëéï\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcEeOoQq"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "ÁëëáãÞ (N)üíïìá, (C)ó÷üëéï, (E)mail Þ (Q)ôåñìáôéóìüò; "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "ÁëëáãÞ (N)üíïìá, (C)ó÷üëéï, (E)mail Þ (O)åíôÜîåé/(Q)ôåñìáôéóìüò; "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Ðáñáêáëþ, äéïñèþóôå ðñþôá ôï óöÜëìá\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"×ñåéÜæåóôå ìéá ÖñÜóç êëåéäß ãéá íá ðñïóôáôåýóåôå ôï ìõóôéêü êëåéäß.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "ÐëçêôñïëïãÞóôå ôç öñÜóç êëåéäß· áõôÞ åßíáé ìéá ìõóôéêÞ ðñüôáóç \n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Äåí ÷ñåéÜæåóôå ìéá öñÜóç êëåéäß - áõôü åßíáé ìÜëëïí ìéá *êáêÞ* éäÝá!\n"
+"Èá óõíå÷ßóù üðùò êáé íá Ý÷åé. Ìðïñåßôå íá áëëÜîåôå ôç öñÜóç óáò\n"
+"üðïôå èÝëåôå, ìå ôçí åðéëïãÞ \"--edit-key\".\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"ÐñÝðåé íá äçìéïõñãçèïýí ðïëëÜ ôõ÷áßá bytes. Åßíáé êáëÞ éäÝá íá êÜíåôå\n"
+"êÜðïéá åñãáóßá (ðëçêôñïëïãÞóôå, ìåôáêéíÞóôå ôï ðïíôßêé, ÷ñçóéìïðïéÞóôå\n"
+"ôïõò äßóêïõò) êáôá ôç äéÜñêåéá õðïëïãéóìïý ðñþôùí áñéèìþí. Áõôü äßíåé\n"
+"óôç ãåííÞôñéá ôõ÷áßùí áñéèìþí ìéá åõêáéñßá íá ìáæÝøåé áñêåôÞ åíôñïðßá.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Ç äçìéïõñãßá êëåéäéïý áíáâëÞèçêå.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "åããñáöÞ ôïõ äçìïóßïõ êëåéäéïý óôï `%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, fuzzy, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "äå âñÝèçêå åããñÜøéìç äçìüóéá êëåéäïèÞêç: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "äå âñÝèçêå åããñÜøéìç ìõóôéêÞ êëåéäïèÞêç: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "áäõíáìßá åããñáöÞò äçìüóéáò êëåéäïèÞêçò `%s': %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "áäõíáìßá åããñáöÞò ìõóôéêÞò êëåéäïèÞêçò `%s': %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "ôï äçìüóéï êáé ôï ìõóôéêü êëåéäß äçìéïõñãÞèçêáí êáé õðïãñÜöçêáí.\n"
+
+#: g10/keygen.c:3672
+#, fuzzy
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Óçìåéþóôå üôé áõôü ôï êëåéäß äåí ìðïñåß íá ÷ñçóéìïðïéçèåß ãéá "
+"êñõðôïãñÜöçóç.\n"
+"Ìðïñåßôå íá ÷ñçóéìïðïéÞóåôå ôçí åíôïëÞ \"--edit-key\" ãéá íá äçìéïõñãçèåß\n"
+"Ýíá äåõôåñåýïí êëåéäß ãéá áõôü ôï ëüãï.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Ç äçìéïõñãßá êëåéäéïý áðÝôõ÷å: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"ôï êëåéäß äçìéïõñãÞèçêå %lu äåõôåñüëåðôï óôï ìÝëëïí (÷ñïíïäßíç Þ\n"
+"áðëþò ðñüâëçìá óôï ñïëüé)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"ôï êëåéäß äçìéïõñãÞèçêå %lu äåõôåñüëåðôá óôï ìÝëëïí (÷ñïíïäßíç Þ\n"
+"áðëþò ðñüâëçìá óôï ñïëüé)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr ""
+"ÓÇÌÅÉÙÓÇ: ç äçìéïõñãßá õðïêëåéäéþí ãéá êëåéäéÜ v3 äåí åßíáé óýìöùíï\n"
+"ìå ôï OpenPGP\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+#, fuzzy
+msgid "Really create? (y/N) "
+msgstr "Óßãïõñá íá äçìéïõñãçèåß; "
+
+#: g10/keygen.c:4116
+#, fuzzy, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "äéáãñáöÞ block êëåéäéþí áðÝôõ÷å: %s\n"
+
+#: g10/keygen.c:4165
+#, fuzzy, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò ôïõ `%s': %s\n"
+
+#: g10/keygen.c:4191
+#, fuzzy, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "ÓÇÌÅÉÙÓÇ: ôï ìõóôéêü êëåéäß %08lX Ýëçîå óôéò %s\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "ðïôÝ "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "ÐïëéôéêÞ êñßóéìçò õðïãñáöÞò: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "ÐïëéôéêÞ õðïãñáöÞò: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Óçìåßùóç êñßóéìçò õðïãñáöÞò: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Óçìåßùóç õðïãñáöÞò: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "ÊëåéäïèÞêç"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Áðïôýðùìá ðñùôåýùí êëåéäéïý:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Áðïôýðùìá õðïêëåéäéïý:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Áðïôýðùìá ðñùôåýùí êëåéäéïý:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Áðïôýðùìá õðïêëåéäéïý:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+#, fuzzy
+msgid " Key fingerprint ="
+msgstr " Áðïôýðùìá êëåéäéïý ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, fuzzy, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "èùñÜêéóç áðÝôõ÷å: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: 2 áñ÷åßá ìå åìðéóôåõôéêÝò ðëçñïöïñßåò õðÜñ÷ïõí.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s åßíáé ôï áìåôÜâëçôï\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s åßíáé ôï íÝï\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Ðáñáêáëþ äéïñèþóôå áõôÞ ôçí ðéèáíÞ \"ôñýðá\" áóöáëåßáò\n"
+
+#: g10/keyring.c:1430
+#, fuzzy, c-format
+msgid "caching keyring `%s'\n"
+msgstr "Ýëåã÷ïò êëåéäïèÞêçò `%s'\n"
+
+#: g10/keyring.c:1489
+#, fuzzy, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu êëåéäéÜ Ý÷ïõí åëåã÷èåß (%lu õðïãñáöÝò)\n"
+
+#: g10/keyring.c:1501
+#, fuzzy, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu êëåéäéÜ Ý÷ïõí åëåã÷èåß (%lu õðïãñáöÝò)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: êëåéäïèÞêç äçìéïõñãÞèçêå\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "ôï URL ðïëéôéêÞò õðïãñáöÞò ðïõ äüèçêå äåí åßíáé Ýãêõñï\n"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, fuzzy, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ïé åðéëïãåò óôï `%s' äåí åßíáé åíåñãÝò óå áõôÞ ôçí åêôÝëåóç\n"
+
+#: g10/keyserver.c:544
+#, fuzzy
+msgid "disabled"
+msgstr "disable"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, fuzzy, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "ìç Ýãêõñåò åðéëïãÝò åîáãùãÞò\n"
+
+#: g10/keyserver.c:932
+#, fuzzy, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "ôï êëåéäß '%s' äå âñÝèçêå: %s\n"
+
+#: g10/keyserver.c:934
+#, fuzzy
+msgid "key not found on keyserver\n"
+msgstr "ôï êëåéäß '%s' äå âñÝèçêå: %s\n"
+
+#: g10/keyserver.c:1177
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "áßôçóç êëåéäéïý %08lX áðü ôï %s\n"
+
+#: g10/keyserver.c:1181
+#, fuzzy, c-format
+msgid "requesting key %s from %s\n"
+msgstr "áßôçóç êëåéäéïý %08lX áðü ôï %s\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "áíáæÞôçóç ôïõ \"%s\" áðü ôï HKP äéáêïìéóôÞ %s\n"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "áíáæÞôçóç ôïõ \"%s\" áðü ôï HKP äéáêïìéóôÞ %s\n"
+
+#: g10/keyserver.c:1361
+#, fuzzy, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "áíáæÞôçóç ôïõ \"%s\" áðü ôï HKP äéáêïìéóôÞ %s\n"
+
+#: g10/keyserver.c:1365
+#, fuzzy, c-format
+msgid "sending key %s to %s\n"
+msgstr ""
+"\"\n"
+"õðïãñÜöèçêå ìå ôï êëåéäß óáò %08lX óôéò %s\n"
+
+#: g10/keyserver.c:1408
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "áíáæÞôçóç ôïõ \"%s\" áðü ôï HKP äéáêïìéóôÞ %s\n"
+
+#: g10/keyserver.c:1411
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "áíáæÞôçóç ôïõ \"%s\" áðü ôï HKP äéáêïìéóôÞ %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+#, fuzzy
+msgid "no keyserver action!\n"
+msgstr "ìç Ýãêõñåò åðéëïãÝò åîáãùãÞò\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr ""
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+#: g10/keyserver.c:1575
+#, fuzzy
+msgid "keyserver timed out\n"
+msgstr "óöÜëìá äéáêïìéóôÞ êëåéäéþí"
+
+#: g10/keyserver.c:1580
+#, fuzzy
+msgid "keyserver internal error\n"
+msgstr "óöÜëìá äéáêïìéóôÞ êëåéäéþí"
+
+#: g10/keyserver.c:1589
+#, fuzzy, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "keyserver ëÞøç áðÝôõ÷å: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr ""
+
+#: g10/keyserver.c:1907
+#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: áäõíáìßá äéáãñáöÞò tempfile (%s) `%s': %s\n"
+
+#: g10/keyserver.c:1929
+#, fuzzy, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "áßôçóç êëåéäéïý %08lX áðü ôï %s\n"
+
+#: g10/keyserver.c:1931
+#, fuzzy, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "áßôçóç êëåéäéïý %08lX áðü ôï %s\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: áäõíáìßá äéáãñáöÞò tempfile (%s) `%s': %s\n"
+
+#: g10/keyserver.c:1993
+#, fuzzy, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: áäõíáìßá äéáãñáöÞò tempfile (%s) `%s': %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "ðáñÜîåíï ìÝãåèïò ãéá Ýíá êëåéäß êñõðôïãñáöçìÝíçò óõíåäñßáò (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s êëåéäß êñõðôïãñáöçìÝíçò óõíåäñßá\n"
+
+#: g10/mainproc.c:294
+#, fuzzy, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "êñõðôïãñáöçìÝíï ìå Üãíùóôï áëãüñéèìï %d\n"
+
+#: g10/mainproc.c:360
+#, fuzzy, c-format
+msgid "public key is %s\n"
+msgstr "äçìüóéï êëåéäß åßíáé %08lX\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "êñõðôïãñáöçìÝíá äåäïìÝíá ìå äçìüóéï êëåéäß: êáëü DEK\n"
+
+#: g10/mainproc.c:456
+#, fuzzy, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "êñõðôïãñáöçìÝíï ìå %u-bit %s êëåéäß, ID %08lX, äçìéïõñãÞèçêå %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, fuzzy, c-format
+msgid " \"%s\"\n"
+msgstr " ãíùóôü óáí \""
+
+#: g10/mainproc.c:464
+#, fuzzy, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "êñõðôïãñáöçìÝíï ìå %s key, ID %08lX\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "êñõðôïãñÜöçóç ìå äçìüóéï êëåéäß áðÝôõ÷å: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "êñõðôïãñáöçìÝíï ìå %lu öñÜóåéò êëåéäéÜ\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "êñõðôïãñáöçìÝíï ìå 1 öñÜóç êëåéäß\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "õðüèåóç %s êñõðôïãñáöçìÝíùí äåäïìÝíùí\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+"Êñõðôáëãüñéèìïò IDEA ìç äéáèÝóéìïò, áéóéüäïîç ðñïóðÜèåéá ÷ñÞóçò ôïõ\n"
+"%s áíôßèåôá\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "áðïêñõðôïãñÜöçóç OK\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: äåí ðñïóôáôåýôçêå ç áêåñáéüôçôá ôïõ ìçýìáôïò\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ôï êñõðôïãñáöçìÝíï ìÞíõìá Ý÷åé ðåéñá÷èåß!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "áðïêñõðôïãñÜöçóç áðÝôõ÷å: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "ÓÇÌÅÉÙÓÇ: ï áðïóôïëÝáò æÞôçóå \"ãéá-ôá-ìÜôéá-óáò-ìüíï\"\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "áñ÷éêü üíïìá áñ÷åßïõ='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "áíåîÜñôçôç áíÜêëçóç - ÷ñçóéìïðïéåßóôå \"gpg --import\" ãéá åöáñìïãÞ\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "ÊáëÞ õðïãñáöÞ áðü \""
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "êáôáóôïëÞ áíÜêëçóçò õðïãñáöÞò\n"
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "áäõíáìßá ÷åéñéóìïý áõôþí ôùí ðïëëáðëþí õðïãñáöþí\n"
+
+#: g10/mainproc.c:1598
+#, fuzzy, c-format
+msgid "Signature made %s\n"
+msgstr "ÕðïãñáöÞ Ýëçîå óôéò %s.\n"
+
+#: g10/mainproc.c:1599
+#, fuzzy, c-format
+msgid " using %s key %s\n"
+msgstr " ãíùóôü óáí \""
+
+#: g10/mainproc.c:1603
+#, fuzzy, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "ÕðïãñáöÞ Ýãéíå óôï %.*s ìå ÷ñÞóç ôïõ êëåéäéïý%s ID %08lX\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Êëåéäß äéáèÝóéìï óôï: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, fuzzy, c-format
+msgid "BAD signature from \"%s\""
+msgstr "ÊÁÊÇ õðïãñáöÞ áðü \""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, fuzzy, c-format
+msgid "Expired signature from \"%s\""
+msgstr "ËçãìÝíç õðïãñáöÞ áðü \""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, fuzzy, c-format
+msgid "Good signature from \"%s\""
+msgstr "ÊáëÞ õðïãñáöÞ áðü \""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[áâÝâáéï]"
+
+#: g10/mainproc.c:1843
+#, fuzzy, c-format
+msgid " aka \"%s\""
+msgstr " ãíùóôü óáí \""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "ÕðïãñáöÞ Ýëçîå óôéò %s.\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "ÕðïãñáöÞ ëÞãåé óôéò %s.\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s õðïãñáöÞ, áëãüñéèìïò ðåñßëçøçò %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "äõáäéêü"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "êáôÜóôáóç-êåéìÝíïõ"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "Üãíùóôï"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Áäõíáìßá åëÝã÷ïõ ôçò õðïãñáöÞò: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "äåí åßíáé áðïêïììÝíç õðïãñáöÞ\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: åíôïðéóìüò ðïëëáðëþí õðïãñáöþí. Ìüíï ç ðñþôç èá åëåã÷èåß.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "áíåîÜñôçôç õðïãñáöÞ êëÜóçò 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "õðïãñáöÞ ðáëéïý óôõë (PGP 2.x)\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "ìç Ýãêõñï ñéæéêü(root) ðáêÝôï áíé÷íåýôçêå óôï proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, fuzzy, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "áäõíáìßá ðñüóâáóçò ôïõ áñ÷åßïõ: %s\n"
+
+#: g10/misc.c:178
+#, fuzzy, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "trustdb: read áðÝôõ÷å (n=%d): %s\n"
+
+#: g10/misc.c:296
+#, fuzzy, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "áäõíáìßá ÷åéñéóìïý ôïõ áëãüñéèìïõ äçìïóßïõ êëåéäéïý %d\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+"ï åîáíáãêáóìüò ôïõ áëãüñéèìïõ ðåñßëçøçò %s (%d) ðáñáâéÜæåé ôéò\n"
+"ðñïåðéëïãÝò ôïõ ðáñáëÞðôç\n"
+
+#: g10/misc.c:315
+#, fuzzy, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "ìç õëïðïéçìÝíïò áëãüñéèìïò êñõðôïãñÜöçóçò"
+
+#: g10/misc.c:330
+#, fuzzy, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "%s õðïãñáöÞ, áëãüñéèìïò ðåñßëçøçò %s\n"
+
+#: g10/misc.c:335
+#, fuzzy, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr ""
+"ï åîáíáãêáóìüò ôïõ áëãüñéèìïõ ðåñßëçøçò %s (%d) ðáñáâéÜæåé ôéò\n"
+"ðñïåðéëïãÝò ôïõ ðáñáëÞðôç\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "ôï âýóìá ôïõ êñõðôáëãüñéèìïõ IDEA äåí õðÜñ÷åé\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr " i = áðåéêüíéóç ðåñéóóüôåñùí ðëçñïöïñéþí\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: ìç óõíåéóôþìåíç åðéëïãÞ \"%s\"\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: \"%s\" åßíáé ìéá ìç óõíåéóôþìåíç åðéëïãÞ\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "ðáñáêáëþ ÷ñçóéìïðïéÞóôå ôï \"%s%s\" êáëýôåñá\n"
+
+#: g10/misc.c:774
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: \"%s\" åßíáé ìéá ìç óõíåéóôþìåíç åðéëïãÞ\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: \"%s\" åßíáé ìéá ìç óõíåéóôþìåíç åðéëïãÞ\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "Áóõìðßåóôï"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+#, fuzzy
+msgid "uncompressed|none"
+msgstr "Áóõìðßåóôï"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "áõôü ôï ìÞíõìá ßóùò äåí ìðïñåß íá ÷ñçóéìïðïéçèåß áðü %s\n"
+
+#: g10/misc.c:1175
+#, fuzzy, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "áíÜãíùóç åðéëïãþí áðü `%s'\n"
+
+#: g10/misc.c:1200
+#, fuzzy, c-format
+msgid "unknown option `%s'\n"
+msgstr "Üãíùóôïò ðñïêáèïñéóìÝíïò ðáñáëÞðôçò `%s'\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Ôï áñ÷åßï `%s' õðÜñ÷åé Þäç. "
+
+#: g10/openfile.c:93
+#, fuzzy
+msgid "Overwrite? (y/N) "
+msgstr "ÅðéêÜëõøç (y/N); "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: Üãíùóôç êáôÜëçîç\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "ÐëçêôñïëïãÞóôå Ýíá íÝï üíïìá áñ÷åßïõ"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "åããñáöÞ óôçí stdout\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "õðüèåóç õðïãåãñáììÝíùí äåäïìÝíùí óôï `%s'\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "äçìéïõñãÞèçêå íÝï áñ÷åßï åðéëïãþí `%s'\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ïé åðéëïãåò óôï `%s' äåí åßíáé åíåñãÝò óå áõôÞ ôçí åêôÝëåóç\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "áäõíáìßá ÷åéñéóìïý ôïõ áëãüñéèìïõ äçìïóßïõ êëåéäéïý %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ðéèáíüí ìç áóöáëÝò êñõðôïãñáöçìÝíï óõììåôñéêÜ êëåéäß\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "õðïðáêÝôï ôýðïõ %d Ý÷åé ïñéóìÝíï ôï êñéôéêü bit\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, fuzzy, c-format
+msgid "problem with the agent: %s\n"
+msgstr "ðñüâëçìá ìå ôïí agent: agent åðéóôñÝöåé 0x%lx\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, fuzzy, c-format
+msgid " (main key ID %s)"
+msgstr " (êýñéï êëåéäß, ID %08lX)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"×ñåéÜæåóôå ìéá öñÜóç êëåéäß ãéá íá îåêëåéäþóåôå ôï ìõóôéêü êëåéäß ãéá ôï "
+"÷ñÞóôç:\n"
+"\"%.*s\"\n"
+"%u-bit %s êëåéäß, ID %08lX, äçìéïõñãßá %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "ÐëçêôñïëïãÞóôå ôç öñÜóç êëåéäß\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "áêõñþèçêå áðü ôï ÷ñÞóôç\n"
+
+#: g10/passphrase.c:592
+#, fuzzy, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"\n"
+"×ñåéÜæåóôå ìéá öñÜóç êëåéäß ãéá íá îåêëåéäþóåôå ôï ìõóôéêü êëåéäß\n"
+"ãéá ôï ÷ñÞóôç: \""
+
+#: g10/passphrase.c:600
+#, fuzzy, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-bit %s êëåéäß, ID %08lX, äçìéïõñãßá %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"ÄéáëÝîôå ìéá åéêüíá óáí ôï photo ID. Ç åéêüíá áõôÞ ðñÝðåé íá åßíáé áñ÷åßï\n"
+"JPEG. Èõìçèåßôå üôé ç åéêüíá áðïèçêåýåôáé ìÝóá óôï äçìüóéï êëåéäß óáò. ÅÜí\n"
+"÷ñçóéìïðïéåßôå ìéá ìåãÜëç åéêüíá ôï êëåéäß óáò áíôßóôïé÷á èá ãßíåé ìåãÜëï!\n"
+"Éäáíßêü ìÝãåèïò ãéá ìéá åéêüíá åßíáé áõôü êïíôÜ óôï 240x288.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "ÐëçêôñïëïãÞóôå Ýíá üíïìá áñ÷åßïõ ãéá ôï photo ID: "
+
+#: g10/photoid.c:117
+#, fuzzy, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "áäõíáìßá ðñüóâáóçò ôïõ áñ÷åßïõ: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+#, fuzzy
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Óßãïõñá èÝëåôå áêüìá íá ôï ÷ñçóéìïðïéÞóåôå; (y/N) "
+
+#: g10/photoid.c:146
+#, fuzzy, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "\"%s\" äåí åßíáé JPEG áñ÷åßï\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Åßíáé áõôÞ ç öùôïãñáößá óùóôÞ (y/N/q); "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "áäõíáìßá áðåéêüíéóçò ôïõ photo ID!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Äåí Ý÷åé ïñéóôåß áéôßá"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Ôï êëåéäß Ý÷åé ðáñáêáìèåß"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Ôï êëåéäß Ý÷åé åêôåèåß"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Ôï êëåéäß äå ÷ñçóéìïðïéåßôáé ðëÝïí"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "Ôï User ID äåí åßíáé ðëÝïí Ýãêõñï"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "áéôßá ãéá áíÜêëçóç:"
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "ó÷üëéï áíÜêëçóçò:"
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMqQsS"
+
+#: g10/pkclist.c:212
+#, fuzzy
+msgid "No trust value assigned to:\n"
+msgstr ""
+"Äåí äüèçêå áîßá åìðéóôïóýíçò óôï:\n"
+"%4u%c/%08lX %s \""
+
+#: g10/pkclist.c:245
+#, fuzzy, c-format
+msgid " aka \"%s\"\n"
+msgstr " ãíùóôü óáí \""
+
+#: g10/pkclist.c:255
+#, fuzzy
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "Áõôü ôï êëåéäß ðéèáíþò áíÞêåé óôïí éäéïêôÞôç\n"
+
+#: g10/pkclist.c:270
+#, fuzzy, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Äåí îÝñù\n"
+
+#: g10/pkclist.c:272
+#, fuzzy, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = ÄÅÍ Ý÷ù åìðéóôïóýíç\n"
+
+#: g10/pkclist.c:278
+#, fuzzy, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Åìðéóôåýïìáé áðüëõôá\n"
+
+#: g10/pkclist.c:284
+#, fuzzy
+msgid " m = back to the main menu\n"
+msgstr " m = ðßóù óôï êõñßùò ìåíïý\n"
+
+#: g10/pkclist.c:287
+#, fuzzy
+msgid " s = skip this key\n"
+msgstr " s = ðáñÜëåéøç áõôïý ôïõ êëåéäéïý\n"
+
+#: g10/pkclist.c:288
+#, fuzzy
+msgid " q = quit\n"
+msgstr " q = ôåñìáôéóìüò\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Ç áðüöáóç óáò; "
+
+#: g10/pkclist.c:319
+#, fuzzy
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Óßãïõñá èÝëåôå áõôü ôï êëåéäß íá ïñéóôåß óáí áðüëõôçò åìðéóôïóýíçò; "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "ÐéóôïðïéçôéêÜ ðïõ ïäçãïýí óå Ýíá êëåéäß áðüëõôçò åìðéóôïóýíçò:\n"
+
+#: g10/pkclist.c:418
+#, fuzzy, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Äåí õðÜñ÷åé Ýíäåéîç üôé ç õðïãñáöÞ áõôÞ áíÞêåé óôïí éäéïêôÞôç.\n"
+
+#: g10/pkclist.c:423
+#, fuzzy, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Äåí õðÜñ÷åé Ýíäåéîç üôé ç õðïãñáöÞ áõôÞ áíÞêåé óôïí éäéïêôÞôç.\n"
+
+#: g10/pkclist.c:429
+#, fuzzy
+msgid "This key probably belongs to the named user\n"
+msgstr "Áõôü ôï êëåéäß ðéèáíþò áíÞêåé óôïí éäéïêôÞôç\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Áõôü ôï êëåéäß áíÞêåé óå åìÜò\n"
+
+#: g10/pkclist.c:460
+#, fuzzy
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"ÄÅÍ åßíáé âÝâáéï üôé áõôü ôï êëåéäß áíÞêåé óôï Üôïìï ôï ïðïßï\n"
+"áíáöÝñåôå ôï user ID. ÅÜí *ðñáãìáôéêÜ* îÝñåôå ôé êÜíåôå, ìðïñåßôå\n"
+"íá áðáíôÞóåôå óôçí åðüìåíç åñþôçóç êáôáöáôéêÜ\n"
+"\n"
+
+#: g10/pkclist.c:479
+#, fuzzy
+msgid "Use this key anyway? (y/N) "
+msgstr "×ñÞóç ïðùóäÞðïôå áõôïý ôïõ êëåéäéïý; "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ×ñÞóç êëåéäéïý ÷ùñßò åìðéóôïóýíç!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: áõôü ôï êëåéäß ìðïñåß íá áíáêëçèåß (ëåßðåé ôï êëåéäß "
+"áíÜêëçóçò)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: Áõôü ôï êëåéäß Ý÷åé áíáêëçèåß áðü ôïí ïñéóìÝíï áíáêëçôÞ!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: Áõôü ôï êëåéäß Ý÷åé áíáêëçèåß áðü ôïí éäéïêôÞôç ôïõ!\n"
+
+#: g10/pkclist.c:533
+#, fuzzy
+msgid " This could mean that the signature is forged.\n"
+msgstr " Áõôü ìðïñåß íá óçìáßíåé üôé ç õðïãñáöÞ åßíáé ðëáóôïãñáößá.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: Áõôü ôï õðïêëåéäß Ý÷åé áíáêëçèåß áðü ôïí éäéïêôÞôç ôïõ!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Óçìåßùóç: Áõôü ôï êëåéäß Ý÷åé áðåíåñãïðïéçèåß.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Óçìåßùóç: Áõôü ôï êëåéäß Ý÷åé ëÞîåé!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: Áõôü ôï êëåéäß äåí Ý÷åé ðéóôïðïéçèåß ìå åìðéóôåýóéìç "
+"õðïãñáöÞ!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr " Äåí õðÜñ÷åé Ýíäåéîç üôé ç õðïãñáöÞ áíÞêåé óôïí éäéïêôÞôç.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ÄÅÍ åìðéóôåõüìáóôå áõôü ôï êëåéäß!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Ç õðïãñáöÞ ìÜëëïí åßíáé ðëáóôïãñáößá.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: Áõôü ôï êëåéäß äåí Ý÷åé ðéóôïðïéçèåß ìå õðïãñáöÝò\n"
+"áñêåôÞò åìðéóôïóýíçò!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Äåí åßíáé âÝâáéï üôé ç õðïãñáöÞ áíÞêåé óôïí éäéïêôÞôç.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: ðáñáëåßöèçêå: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: ðáñáëåßöèçêå: äçìüóéï êëåéäß åßíáé Þäç ðáñüí\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "Äåí ïñßóôçêå Ýíá user ID. (÷ñçóéìïðïéåßóôå ôï \"-r\")\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"ÐëçêôñïëïãÞóôå ôï user ID. ÔÝëïò ìå ìéá Üäåéá ãñáììÞ: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Äåí õðÜñ÷åé áõôü ôï user ID.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr ""
+"ðáñáëåßöèçêå: äçìüóéï êëåéäß Ý÷åé Þäç ïñéóôåß óáí åî ïñéóìïý ðáñáëÞðôçò\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Ôï äçìüóéï êëåéäß Ý÷åé áðåíåñãïðïéçèåß.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "ðáñáëåßöèçêå: äçìüóéï êëåéäß Ý÷åé Þäç ïñéóôåß\n"
+
+#: g10/pkclist.c:1045
+#, fuzzy, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "Üãíùóôïò ðñïêáèïñéóìÝíïò ðáñáëÞðôçò `%s'\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: ðáñáëåßöèçêå: ôï äçìüóéï êëåéäß Ý÷åé áðåíåñãïðïéçèåß.\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "êáììßá Ýãêõñç äéåýèõíóç\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "êëåéäß %08lX: äåí õðÜñ÷åé áõôü ôï user ID\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "êëåéäß %08lX: äåí õðÜñ÷åé áõôü ôï user ID\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "äåäïìÝíá äåí áðïèçêåýôçêáí. ÁðïèÞêåõóç ìå ôçí åðéëïãÞ \"--output\"\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "ÁðïêïììÝíç õðïãñáöÞ.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "ÅéóÜãåôå ôï üíïìá áñ÷åßïõ äåäïìÝíùí: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "áíÜãíùóç ôçò stdin ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "äåí õðÜñ÷ïõí õðïãåãñáììÝíá äåäïìÝíá\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "áäõíáìßá ðñüóâáóçò õðïãåãñáììÝíùí äåäïìÝíùí `%s'\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "áäõíáìßá ðñüóâáóçò õðïãåãñáììÝíùí äåäïìÝíùí `%s'\n"
+
+#: g10/pubkey-enc.c:105
+#, fuzzy, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "áíþíõìïò ðáñáëÞðôçò· äïêéìÞ ìõóôéêïý êëåéäéïý %08lX ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "åíôÜîåé, åßìáóôå ï áíþíõìïò ðáñáëÞðôçò.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "ðáëáéÜ êùäéêïðïßçóç ôïõ DEK äåí õðïóôçñßæåôáé\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "ï áëãüñéèìïò êñõðôïãñÜöçóçò %d%s åßíáé Üãíùóôïò Þ áðåíåñãïðïéçìÝíïò\n"
+
+#: g10/pubkey-enc.c:284
+#, fuzzy, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "ÓÇÌÅÉÙÓÇ: ï áëãüñéèìïò êñõðôïãñÜöçóçò %d äåí åßíáé óôéò åðéëïãÝò\n"
+
+#: g10/pubkey-enc.c:304
+#, fuzzy, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "ÓÇÌÅÉÙÓÇ: ôï ìõóôéêü êëåéäß %08lX Ýëçîå óôéò %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "ÓÇÌÅÉÙÓÇ: ôï êëåéäß Ý÷åé áíáêëçèåß"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet áðÝôõ÷å: %s\n"
+
+#: g10/revoke.c:145
+#, fuzzy, c-format
+msgid "key %s has no user IDs\n"
+msgstr "êëåéäß %08lX: äåí õðÜñ÷åé áõôü ôï user ID\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Ðñïò áíÜêëçóç áðü:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Áõôü åßíáé Ýíá åõáßóèçôï êëåéäß áíÜêëçóçò)\n"
+
+#: g10/revoke.c:314
+#, fuzzy
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Äçìéïõñãßá åíüò ðéóôïðïéçôéêïý áíÜêëçóçò ãéá áõôü ôï êëåéäß; "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "Åîáíáãêáóìüò åîüäïõ óå èùñáêéóìÝíï ASCII.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet áðÝôõ÷å: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Ðéóôïðïéçôéêü áíÜêëçóçò äçìéïõñãÞèçêå.\n"
+
+#: g10/revoke.c:411
+#, fuzzy, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "äå âñÝèçêáí êëåéäéÜ áíÜêëçóçò ãéá ôï `%s'\n"
+
+#: g10/revoke.c:470
+#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "ôï ìõóôéêü êëåéäß `%s' äå âñÝèçêå: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "êáíÝíá áíôßóôé÷ï äçìüóéï êëåéäß: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "ôï äçìïóßï êëåéäß äåí ôáéñéÜæåé ìå ôï ìõóôéêü!\n"
+
+#: g10/revoke.c:515
+#, fuzzy
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Äçìéïõñãßá åíüò ðéóôïðïéçôéêïý áíÜêëçóçò ãéá áõôü ôï êëåéäß; "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "Üãíùóôïò áëãüñéèìïò ðñïóôáóßáò\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "ÓÇÌÅÉÙÓÇ: Áõôü ôï êëåéäß äåí ðñïóôáôåýåôáé!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Ôï ðéóôïðïéçôéêü áíÜêëçóçò äçìéïõñãÞèçêå.\n"
+"\n"
+"Ðáñáêáëþ ìåôáêéíåßóôå ôï óå Ýíá ìÝóï ðïõ ìðïñåß íá êñõöôåß åýêïëá· åÜí ç\n"
+"Mallory áðïêôÞóåé ðñüóâáóç óå áõôü ôï ðéóôïðïéçôéêü ìðïñåß íá á÷ñçóôåýóåé\n"
+"ôï êëåéäß óáò. Åßíáé Ýîõðíï íá ôõðþóåôå áõôü ôï ðéóôïðïéçôéêü êáé íá ôï\n"
+"öõëÜîåôå ìáêñéÜ, ãéá ôçí ðåñßðôùóç ðïõ ôï ìÝóï äåí äéáâÜæåôå ðéá. ÁëëÜ\n"
+"ðñïóï÷Þ ôï óýóôçìá åêôýðùóçò óôï ìç÷áíçìÜ óáò ìðïñåß íá áðïèçêåýóåé ôçí\n"
+"åêôýðùóç êáé íá ôçí êÜíåé äéáèÝóéìç óå Üëëïõò!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Ðáñáêáëþ åðéëÝîôå ôçí áéôßá ãéá ôçí áíÜêëçóç:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Áêýñùóç"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Ðéèáíþí íá èÝëåôå íá åðéëÝîåôå ôï %d åäþ)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "ÐëçêôñïëïãÞóôå ìéá ðñïáéñåôéêÞ ðåñéãñáöÞ· ôÝëïò ìå ìéá Üäåéá ãñáììÞ:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Áéôßá ãéá áíÜêëçóç: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(Äåí äþèçêå ðåñéãñáöÞ)\n"
+
+#: g10/revoke.c:721
+#, fuzzy
+msgid "Is this okay? (y/N) "
+msgstr "Åßíáé áõôü åíôÜîåé; "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "ôìÞìáôá ôïõ ìõóôéêïý êëåéäéïý äåí åßíáé äéáèÝóéìá\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "äåí õðïóôçñßæåôáé ï áëãüñéèìïò ðñïóôáóßáò %d%s\n"
+
+#: g10/seckey-cert.c:72
+#, fuzzy, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "äåí õðïóôçñßæåôáé ï áëãüñéèìïò ðñïóôáóßáò %d%s\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Ìç Ýãêõñç öñÜóç êëåéäß, äïêéìÜóôå îáíÜ"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: Áíé÷íåýôçêå áäýíáìï êëåéäß - áëëÜîôå ôç öñÜóç êëåéäß\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"äçìéïõñãßá ôïõ ìç óõíåéóôüìåíïõ 16-bit checksum ãéá ôç ðñïóôáóßá ôïõ\n"
+"ìõóôéêïý êëåéäéïý\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "äçìéïõñãÞèçêå áäýíáìï êëåéäß - åðáíÜëçøç ðñïóðÜèåéáò\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"áäõíáìßá áðïöõãÞò áäýíáìïõ êëåéäéïý ãéá óõììåôñéêü êñõðôáëãüñéèìï, äïêéìÞ "
+"ãéá %d öïñÝò!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: óýãêñïõóç õðïãñáöÞò ðåñßëçøçò óôï ìÞíõìá\n"
+
+#: g10/sig-check.c:105
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ôï õðïãñÜöùí õðïêëåéäß %08lX äåí Ý÷åé êáô' áíôéðáñÜóôáóç "
+"ðéóôïðïéçèåß\n"
+
+#: g10/sig-check.c:117
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ôï õðïãñÜöùí õðïêëåéäß %08lX Ý÷åé Üêõñç êáô' áíôéðáñÜóôáóç "
+"ðéóôïðïßçóç\n"
+
+#: g10/sig-check.c:211
+#, fuzzy, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr ""
+"ôï äçìüóéï êëåéäß %08lX åßíáé %lu äåõôåñüëåðôï íåüôåñï áðü ôçí õðïãñáöÞ\n"
+
+#: g10/sig-check.c:212
+#, fuzzy, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr ""
+"ôï äçìüóéï êëåéäß %08lX åßíáé %lu äåõôåñüëåðôá íåüôåñï áðü ôçí õðïãñáöÞ\n"
+
+#: g10/sig-check.c:223
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"ôï êëåéäß äçìéïõñãÞèçêå %lu äåõôåñüëåðôï óôï ìÝëëïí (÷ñïíïäßíç Þ\n"
+"áðëþò ðñüâëçìá óôï ñïëüé)\n"
+
+#: g10/sig-check.c:225
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"ôï êëåéäß äçìéïõñãÞèçêå %lu äåõôåñüëåðôá óôï ìÝëëïí (÷ñïíïäßíç Þ\n"
+"áðëþò ðñüâëçìá óôï ñïëüé)\n"
+
+#: g10/sig-check.c:239
+#, fuzzy, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "ÓÇÌÅÉÙÓÇ: ôï êëåéäß õðïãñáöÞò %08lX Ýëçîå óôéò %s\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "ÓÇÌÅÉÙÓÇ: ôï êëåéäß Ý÷åé áíáêëçèåß"
+
+#: g10/sig-check.c:325
+#, fuzzy, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr "õðüèåóç êáêÞò õðïãñáöÞò áðü êëåéäß %08lX ëüãù Üãíùóôïõ êñßóéìïõ bit\n"
+
+#: g10/sig-check.c:591
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "êëåéäß %08lX: êáíÝíá õðïêëåéäß ãéá ôï ðáêÝôï áíÜêëçóçò õðïêëåéäéïý\n"
+
+#: g10/sig-check.c:618
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "êëåéäß %08lX: äåí õðÜñ÷åé õðïêëåéäß ãéá ôç äÝóìåõóç õðïêëåéäéïý\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: áäõíáìßá óôçí %%-áíÜðôõîç óçìåßùóçò (ðïëõ ìåãÜëç).\n"
+" ×ñÞóç ìç áíåðôõãìÝíïõ.\n"
+
+#: g10/sign.c:115
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: áäõíáìßá óôç %%-áíÜðôõîç ôïõ url ðïëéôéêÞò (ðïëõ ìåãÜëï).\n"
+" ×ñÞóç ìç áíåðôõãìÝíïõ.\n"
+
+#: g10/sign.c:138
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: áäõíáìßá óôç %%-áíÜðôõîç ôïõ url ðïëéôéêÞò (ðïëõ ìåãÜëï).\n"
+" ×ñÞóç ìç áíåðôõãìÝíïõ.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "áðÝôõ÷å ï Ýëåã÷ïò ôçò õðïãñáöÞò ðïõ äçìéïõñãÞèçêå: %s\n"
+
+#: g10/sign.c:320
+#, fuzzy, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s õðïãñáöÞ áðü: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"ìðïñåßôå íá õðïãñÜøåôå-áðïêïììÝíá ìå êëåéäéÜ ôýðïõ PGP 2.x ìüíï óå\n"
+"--pgp2 êáôÜóôáóç\n"
+
+#: g10/sign.c:837
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"ï åîáíáãêáóìüò ôïõ áëãüñéèìïõ ðåñßëçøçò %s (%d) ðáñáâéÜæåé ôéò\n"
+"ðñïåðéëïãÝò ôïõ ðáñáëÞðôç\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "õðïãñáöÞ:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"ìðïñåßôå íá õðïãñÜøåôå êáèáñÜ ìå êëåéäéÜ ôýðïõ PGP 2.x óå êáôÜóôáóç --pgp2\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "%s êñõðôïãñÜöçóç èá ÷ñçóéìïðïéçèåß\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"ôï êëåéäß äåí Ý÷åé óçìåéùèåß óáí áíáóöáëÝò - äåí ìðïñåß íá ÷ñçóéìïðïéçèåß ìå "
+"øåýôéêç RNG!\n"
+
+#: g10/skclist.c:174
+#, fuzzy, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "ðáñáëåßöèçêå `%s': áíôéãñÜöôçêå\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "ðáñáëåßöèçêå `%s': %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "ðáñáëåßöèçêå: ìõóôéêü êëåéäß Þäç ðáñþí\n"
+
+#: g10/skclist.c:208
+#, fuzzy
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"ðáñáëåßöèçêå `%s': áõôü åßíáé äçìéïõñãçìÝíï áðü PGP êëåéäß ElGamal êáé äåí "
+"åßíáé áóöáëÝò ãéá õðïãñáöÝò!\n"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "åããñáöÞ trust %lu, ôýðïò %d: write áðÝôõ÷å: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Ëßóôá ôùí êáèïñéóìÝíùí ôéìþí åìðéóôïóýíçò, äçìéïõñãÞèçêå %s\n"
+"# (×ñÞóç ôïõ \"gpg --import-ownertrust\" ãéá åðáíáöïñÜ ôïõò)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, fuzzy, c-format
+msgid "error in `%s': %s\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ `%s': %s\n"
+
+#: g10/tdbdump.c:161
+#, fuzzy
+msgid "line too long"
+msgstr "ç ãñáììÞ åßíáé ðïëý ìåãÜëç\n"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+#, fuzzy
+msgid "invalid fingerprint"
+msgstr "óöÜëìá: ìç Ýãêõñï áðïôýðùìá\n"
+
+#: g10/tdbdump.c:180
+#, fuzzy
+msgid "ownertrust value missing"
+msgstr "åéóáãùãÞ ôùí ôéìþí åìðéóôïóýíçò"
+
+#: g10/tdbdump.c:216
+#, fuzzy, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "óöÜëìá óôçí åýñåóç ôçò åããñáöÞò åìðéóôïóýíçò: %s\n"
+
+#: g10/tdbdump.c:220
+#, fuzzy, c-format
+msgid "read error in `%s': %s\n"
+msgstr "óöÜëìá áíÜãíùóçò: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "trustdb: sync áðÝôõ÷å: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "trustdb rec %lu: áðïôõ÷ßá lseek: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "trustdb rec %lu: áðïôõ÷ßá write (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "ðïëý ìåãÜëç óõíáëëáãÞ trustdb\n"
+
+#: g10/tdbio.c:500
+#, fuzzy, c-format
+msgid "can't access `%s': %s\n"
+msgstr "áäõíáìßá êëåéóßìáôïò ôïõ `%s': %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: ï öÜêåëïò äåí õðÜñ÷åé!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, fuzzy, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "áäõíáìßá äçìéïõñãßáò ôïõ `%s': %s\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, fuzzy, c-format
+msgid "can't lock `%s'\n"
+msgstr "áäõíáìßá ðñüóâáóçò ôïõ `%s'\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: áðïôõ÷ßá äçìéïõñãßáò ìéáò åããñáöÞò Ýêäïóçò: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: äçìéïõñãÞèçêå ìç Ýãêõñç trustdb\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: äçìéïõñãÞèçêå ç trustdb\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "ÓÇÌÅÉÙÓÇ: ç trustdb äåí åßíáé åããñÜøéìç\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: ìç Ýãêõñç trustdb\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: áäõíáìßá äçìéïõñãßáò hashtable: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: óöÜëìá óôçí åíçìÝñùóç ôçò åããñáöÞò Ýêäïóçò: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: óöÜëìá óôçí áíÜãíùóç ôçò åããñáöÞò Ýêäïóçò: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: óöÜëìá óôçí åããñáöÞ ôçò åããñáöÞò Ýêäïóçò: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "trustdb: áðÝôõ÷å lseek: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "trustdb: read áðÝôõ÷å (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: äåí åßíáé trustdb áñ÷åßï\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: åããñáöÞ Ýêäïóçò ìå recnum %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: ìç Ýãêõñç Ýêäïóç áñ÷åßïõ %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: óöÜëìá óôçí áíÜãíùóç ôçò åããñáöÞò free : %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: óöÜëìá óôçí åããñáöÞ ôçò åããñáöÞò dir : %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: áðïôõ÷ßá óôïí ìçäåíéóìü ìéáò åããñáöÞò: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: áðïôõ÷ßá óôçí ðñïóèÞêç ìéáò åããñáöÞò: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: äçìéïõñãÞèçêå ç trustdb\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "áäõíáìßá ÷åéñéóìïý ãñáììþí êåéìÝíïõ ìåãáëýôåñåò áðü %d ÷áñáêôÞñåò\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "ãñáììÞ åéóüäïõ ìåãáëýôåñç áðü %d ÷áñáêôÞñåò\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "`%s' äåí åßíáé Ýãêõñï ìáêñý keyID\n"
+
+#: g10/trustdb.c:252
+#, fuzzy, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "êëåéäß %08lX: áðïäï÷Þ óáí êëåéäß ìå åìðéóôïóýíç\n"
+
+#: g10/trustdb.c:290
+#, fuzzy, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "ôï êëåéäß %08lX õðÜñ÷åé ðÜíù áðü ìéá öïñÜ óôçí trustdb\n"
+
+#: g10/trustdb.c:305
+#, fuzzy, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr ""
+"êëåéäß %08lX: êáíÝíá äçìüóéï êëåéäß ãéá ôï êëåéäß ìå åìðéóôïóýíç - "
+"ðáñÜëåéøç\n"
+
+#: g10/trustdb.c:315
+#, fuzzy, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "óçìåßùóç êëåéäéïý óáí áðüëõôçò åìðéóôïóýíçò.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "åããñáöÞ trust %lu, req ôýðïò %d: read áðÝôõ÷å: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "ç åããñáöÞ trust %lu äåí åßíáé ôïõ æçôïýìåíïõ ôýðïõ %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+#, fuzzy
+msgid "[ revoked]"
+msgstr "[áíáêëçìÝíï]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+#, fuzzy
+msgid "[ expired]"
+msgstr "[ëçãìÝíï]"
+
+#: g10/trustdb.c:528
+#, fuzzy
+msgid "[ unknown]"
+msgstr "Üãíùóôï"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+#, fuzzy
+msgid "never"
+msgstr "ðïôÝ "
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "äåí õðÜñ÷åé áíÜãêç ãéá Ýëåã÷ï ôçò trustdb\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "åðüìåíïò Ýëåã÷ïò ôçò trustdb èá ãßíåé óôéò %s\n"
+
+#: g10/trustdb.c:607
+#, fuzzy, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "äåí õðÜñ÷åé áíÜãêç ãéá Ýëåã÷ï ôçò trustdb\n"
+
+#: g10/trustdb.c:622
+#, fuzzy, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "äåí õðÜñ÷åé áíÜãêç ãéá Ýëåã÷ï ôçò trustdb\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, fuzzy, c-format
+msgid "public key %s not found: %s\n"
+msgstr "ôï äçìüóéï êëåéäß %08lX äåí âñÝèçêå: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "ðáñáêáëþ êÜíôå Ýíá --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "Ýëåã÷ïò ôçò trustdb\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d êëåéäéÜ åðåîåñãÜóôçêáí (%d ìåôñÞóåéò åããõñüôçôáò ðÝñáóáí)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "äå âñÝèçêáí áðüëõôá åìðéóôåýóéìá êëåéäéÜ\n"
+
+#: g10/trustdb.c:2309
+#, fuzzy, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr ""
+"äå âñÝèçêå ôï äçìüóéï êëåéäß ôïõ áðüëõôá åìðéóôåýóéìïõ êëåéäéïý %08lX\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, fuzzy, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "åããñáöÞ trust %lu, ôýðïò %d: write áðÝôõ÷å: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"áäõíáìßá åðáëÞèåõóçò ôçò õðïãñáöÞò.\n"
+"Ðáñáêáëþ ìçí îå÷íÜôå üôé ôï áñ÷åßï õðïãñáöÞò (.sig or .asc)\n"
+"ðñÝðåé íá åßíáé ôï ðñþôï áñ÷åßï óôç ãñáììÞ åíôïëþí.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "ãñáììÞ åéóüäïõ %u åßíáé ðïëý ìåãÜëç Þ ôçò ëåßðåé ôï LF\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "áäõíáìßá ðñüóâáóçò óôï `%s': %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "óöÜëìá áíÜãíùóçò áñ÷åßïõ"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "ç ãñáììÞ åßíáé ðïëý ìåãÜëç\n"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "ìç Ýãêõñï üñéóìá"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "óõãêñïõüìåíåò åíôïëÝò\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "ìç Ýãêõñåò åðéëïãÝò åéãáãùãÞò\n"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "ìç åðåîåñãáóìÝíï"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "ìç Ýãêõñåò åðéëïãÝò åéãáãùãÞò\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "Ìç Ýãêõñç åíôïëÞ (äïêéìÜóôå \"help\")\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "ìç åðåîåñãáóìÝíï"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "ìç Ýãêõñåò åðéëïãÝò åéãáãùãÞò\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "âñÞêáôå Ýíá bug ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ `%s': %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "áäõíáìßá ðñüóâáóçò ôïõ áñ÷åßïõ: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "èùñÜêéóç áðÝôõ÷å: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò êáôáëüãïõ `%s': %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "áäõíáìßá åããñáöÞò ôçò êëåéäïèÞêçò `%s': %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "ôï äçìüóéï êëåéäß %08lX äåí âñÝèçêå: %s\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "×ñÞóç: gpg [åðéëïãÝò] [áñ÷åßá] (-h ãéá âïÞèåéá)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "áëëáãÞ ôçò öñÜóçò êëåéäß"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "áëëáãÞ ôçò öñÜóçò êëåéäß"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Ðáñáêáëþ åðéëÝîôå ôçí áéôßá ãéá ôçí áíÜêëçóç:\n"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Ðáñáêáëþ åðéëÝîôå ôçí áéôßá ãéá ôçí áíÜêëçóç:\n"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, fuzzy, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: scd/app-openpgp.c:695
+#, fuzzy, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "áðïôõ÷ßá áñ÷éêïðïßçóçò ôçò TrustDB: %s\n"
+
+#: scd/app-openpgp.c:708
+#, fuzzy, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "áðïôõ÷ßá åðáíáäüìçóçò ôçò cache êëåéäïèÞêçò: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, fuzzy, c-format
+msgid "reading public key failed: %s\n"
+msgstr "äéáãñáöÞ block êëåéäéþí áðÝôõ÷å: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr ""
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "áëëáãÞ ôçò öñÜóçò êëåéäß"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, fuzzy, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "keyserver áðïóôïëÞ áðÝôõ÷å: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "áëëáãÞ ôçò öñÜóçò êëåéäß"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "áëëáãÞ ôçò öñÜóçò êëåéäß"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "Ðáñáêáëþ åðéëÝîôå ôçí áéôßá ãéá ôçí áíÜêëçóç:\n"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+#, fuzzy
+msgid "error reading application data\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ ìðëïê êëåéäéþí: %s\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+#, fuzzy
+msgid "error reading fingerprint DO\n"
+msgstr "%s: óöÜëìá óôçí áíÜãíùóç ôçò åããñáöÞò free : %s\n"
+
+#: scd/app-openpgp.c:2194
+#, fuzzy
+msgid "key already exists\n"
+msgstr "`%s' Þäç óõìðéÝóôçêå\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2200
+#, fuzzy
+msgid "generating new key\n"
+msgstr "äçìéïõñãßá åíüò íÝïõ æåýãïõò êëåéäéþí"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "äçìéïõñãßá åíüò íÝïõ æåýãïõò êëåéäéþí"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2773
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "áðïôõ÷ßá áñ÷éêïðïßçóçò ôçò TrustDB: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2872
+#, fuzzy
+msgid "generating key failed\n"
+msgstr "äéáãñáöÞ block êëåéäéþí áðÝôõ÷å: %s\n"
+
+#: scd/app-openpgp.c:2875
+#, fuzzy, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "Ç äçìéïõñãßá êëåéäéïý áðÝôõ÷å: %s\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "%s õðïãñáöÞ, áëãüñéèìïò ðåñßëçøçò %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, fuzzy, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "äå âñÝèçêáí Ýãêõñá OpenPGP äåäïìÝíá.\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr ""
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "|ÁÑ×ÅÉÏ|öüñôùìá ôïõ áñèñþìáôïò åðÝêôáóçò ÁÑ×ÅÉÏ"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+#, fuzzy
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|ÏÍÏÌÁ|÷ñÞóç ôïõ ÏÍÏÌÁôïò ùò ðñïêáèïñéóìÝíïõ ðáñáëÞðôç"
+
+#: scd/scdaemon.c:130
+#, fuzzy
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|ÏÍÏÌÁ|÷ñÞóç ôïõ ÏÍÏÌÁôïò ùò ðñïêáèïñéóìÝíïõ ðáñáëÞðôç"
+
+#: scd/scdaemon.c:133
+#, fuzzy
+msgid "do not use the internal CCID driver"
+msgstr "ìç ÷ñÞóç ôåñìáôéêïý"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "óõãêñïõüìåíåò åíôïëÝò\n"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "×ñÞóç: gpg [åðéëïãÝò] [áñ÷åßá] (-h ãéá âïÞèåéá)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "ìç Ýãêõñïò radix64 ÷áñáêôÞñáò %02x ðáñÜâëåøç\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+#, fuzzy
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "êáêïäéáôõðïìÝíç ìåôáâëçôÞ ðåñéâÜëëïíôïò GPG_AGENT_INFO\n"
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "äåí õðïóôçñßæåôáé ç Ýêäïóç ðñùôïêüëëïõ %d ôïõ gpg-agent\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "help"
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "äåí õðïóôçñßæåôáé ç Ýêäïóç ðñùôïêüëëïõ %d ôïõ gpg-agent\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "áäõíáìßá ðñüóâáóçò óôï `%s': %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "äéáãñáöÞ block êëåéäéþí áðÝôõ÷å: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "áðïôõ÷ßá áñ÷éêïðïßçóçò ôçò TrustDB: %s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "ÓÇÌÅÉÙÓÇ: ôï êëåéäß Ý÷åé áíáêëçèåß"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "áðÝôõ÷å ï Ýëåã÷ïò ôçò õðïãñáöÞò ðïõ äçìéïõñãÞèçêå: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr ""
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "Áõôü ôï êëåéäß Ý÷åé ëÞîåé!"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "Áõôü ôï êëåéäß Ý÷åé ëÞîåé!"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "Áõôü ôï êëåéäß Ý÷åé ëÞîåé!"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "Áõôü ôï êëåéäß Ý÷åé ëÞîåé!"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " íÝåò õðïãñáöÝò: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "Ðéóôïðïéçôéêü áíÜêëçóçò äçìéïõñãÞèçêå.\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr ""
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "áðåéêüíéóç ôïõ fingerprint"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "äçìéïõñãßá åíüò ðéóôïðïéçôéêïý áíÜêëçóçò"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "áðÝôõ÷å ï Ýëåã÷ïò ôçò õðïãñáöÞò ðïõ äçìéïõñãÞèçêå: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr ""
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "åðáëÞèåõóç ìéáò õðïãñáöÞò"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "ç ðñïåðéëïãÞ %c%lu áíôéãñÜöôçêå\n"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "Ðéóôïðïéçôéêü áíÜêëçóçò äçìéïõñãÞèçêå.\n"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "ü÷é|ï÷é"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "óöÜëìá: ìç Ýãêõñï áðïôýðùìá\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "óöÜëìá: ìç Ýãêõñï áðïôýðùìá\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"×ñåéÜæåóôå ìéá öñÜóç êëåéäß ãéá íá îåêëåéäþóåôå ôï ìõóôéêü êëåéäß ãéá ôï "
+"÷ñÞóôç:\n"
+"\"%.*s\"\n"
+"%u-bit %s êëåéäß, ID %08lX, äçìéïõñãßá %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "áäõíáìßá åããñáöÞò ìõóôéêÞò êëåéäïèÞêçò `%s': %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "ìç Ýãêõñïò áëãüñéèìïò hash `%s'\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Ìç Ýãêõñç äéåýèõíóç Email\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò ôçò êëåéäïèÞêçò `%s': %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò ôçò êëåéäïèÞêçò `%s': %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "Ç äçìéïõñãßá êëåéäéïý áðÝôõ÷å: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (ãéá õðïãñáöÞ ìüíï)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) RSA (ãéá êñõðôïãñÜöçóç ìüíï)\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Óçìåßùóç õðïãñáöÞò: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "Äåí õðÜñ÷åé user ID ìå äåßêôç %d\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: óöÜëìá óôçí áíÜãíùóç ôçò åããñáöÞò free : %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "áðåíåñãïðïéåß Ýíá êëåéäß"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) RSA (õðïãñáöÞ êáé êñõðôïãñÜöçóç)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (ãéá õðïãñáöÞ ìüíï)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (ãéá êñõðôïãñÜöçóç ìüíï)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+#, fuzzy
+msgid "No subject name given\n"
+msgstr "(Äåí äþèçêå ðåñéãñáöÞ)\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "ìç Ýãêõñïò áëãüñéèìïò hash `%s'\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "Äéåýèõíóç Email: "
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"ÐëçêôñïëïãÞóôå ôï user ID. ÔÝëïò ìå ìéá Üäåéá ãñáììÞ: "
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "ÐëçêôñïëïãÞóôå Ýíá íÝï üíïìá áñ÷åßïõ"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr "ÐëçêôñïëïãÞóôå ìéá ðñïáéñåôéêÞ ðåñéãñáöÞ· ôÝëïò ìå ìéá Üäåéá ãñáììÞ:\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr ""
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "ôï êëåéäß '%s' äå âñÝèçêå: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ ìðëïê êëåéäéþí: %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "Ðéóôïðïéçôéêü áíÜêëçóçò äçìéïõñãÞèçêå.\n"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "ç ðñïåðéëïãÞ %c%lu áíôéãñÜöôçêå\n"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "äéáãñáöÞ block êëåéäéþí áðÝôõ÷å: %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "(Äåí äþèçêå ðåñéãñáöÞ)\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "áðåéêüíéóç ôçò ëßóôáò ìõóôéêþí êëåéäéþí"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "êáêü ðéóôïðïéçôéêü"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "äçìéïõñãßá ascii èùñáêéóìÝíçò åîüäïõ"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "ìç ÷ñÞóç ôåñìáôéêïý"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "|ÁÑ×ÅÉÏ|öüñôùìá ôïõ áñèñþìáôïò åðÝêôáóçò ÁÑ×ÅÉÏ"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "êáôÜóôáóç batch: íá ìç ãßíïíôáé åñùôÞóåéò"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "áðÜíôçóç íáé óôéò ðåñéóóüôåñåò åñùôÞóåéò"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "áðÜíôçóç ü÷é óôéò ðåñéóóüôåñåò åñùôÞóåéò"
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "ðñïóèÞêç áõôïý ôïõ êëåéäéïý óôç ëßóôá ôùí êëåéäïèçêþí"
+
+#: sm/gpgsm.c:301
+#, fuzzy
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|ÏÍÏÌÁ|÷ñÞóç ÏÍÏÌÁôïò óáí ðñïêáèïñéóìÝíï ìõóôéêü êëåéäß"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|ÄÉÁÊÏÌÉÓÔÇÓ|÷ñÞóç áõôïý ôïõ äéáêïìéóôÞ êëåéäéþí ãéá áíáæÞôçóç"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|ÏÍÏÌÁ|÷ñÞóç áëãüñéèìïõ êñõðôïãñÜöçóçò ÏÍÏÌÁ"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|ÏÍÏÌÁ|÷ñÞóç áëãüñéèìïõ ðåñßëçøçò ìçíýìáôïò ÏÍÏÌÁ "
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "×ñÞóç: gpg [åðéëïãÝò] [áñ÷åßá] (-h ãéá âïÞèåéá)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Óýíôáîç: gpg [åðéëïãÝò] [áñ÷åßá]\n"
+"õðïãñáöÞ, Ýëåã÷ïò, êñõðôïãñÜöçóç Þ áðïêñõðôïãñÜöçóç\n"
+"ç ðñïêáèïñéóìÝíç ëåéôïõñãßá åîáñôÜôáé áðü ôá äåäïìÝíá åéóüäïõ\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "÷ñÞóç: gpg [åðéëïãÝò] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "áäõíáìßá óýíäåóçò óôï `%s': %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "Üãíùóôïò ðñïêáèïñéóìÝíïò ðáñáëÞðôçò `%s'\n"
+
+#: sm/gpgsm.c:801
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Äåí äþèçêå ðåñéãñáöÞ)\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = ðáñÜëåéøç áõôïý ôïõ êëåéäéïý\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "áäõíáìßá åðåîåñãáóßáò ôïõ URI ôïõ äéáêïìéóç êëåéäéþí\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, fuzzy, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "åããñáöÞ óôï `%s'\n"
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "áäõíáìßá êëåéóßìáôïò ôïõ `%s': %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr "Óõíïëéêüò áñéèìüò ðïõ åðåîåñãÜóôçêáí: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "äçìéïõñãßá åíüò ðéóôïðïéçôéêïý áíÜêëçóçò"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "áðïôõ÷ßá áñ÷éêïðïßçóçò ôçò TrustDB: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ `%s': %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò ôçò êëåéäïèÞêçò `%s': %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "êëåéäïèÞêç `%s' äçìéïõñãÞèçêå\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "áðïôõ÷ßá áñ÷éêïðïßçóçò ôçò TrustDB: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: sm/keydb.c:1408
+#, fuzzy, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "rev? ðñüâëçìá óôïí Ýëåã÷ï áíÜêëçóçò: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ `%s': %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "óöÜëìá: ìç Ýãêõñï áðïôýðùìá\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "äåí õðïóôçñßæåôáé ï áëãüñéèìïò ðñïóôáóßáò %d%s\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "áðÝôõ÷å ï Ýëåã÷ïò ôçò õðïãñáöÞò ðïõ äçìéïõñãÞèçêå: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "ÕðïãñáöÞ Ýëçîå óôéò %s.\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "ÊáëÞ õðïãñáöÞ áðü \""
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " ãíùóôü óáí \""
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr ""
+"\n"
+"ÁõôÞ èá åßíáé ìéá éäéï-õðïãñáöÞ.\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "ôåñìáôéóìüò"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|ÁÑ×ÅÉÏ|öüñôùìá ôïõ áñèñþìáôïò åðÝêôáóçò ÁÑ×ÅÉÏ"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "×ñÞóç: gpg [åðéëïãÝò] [áñ÷åßá] (-h ãéá âïÞèåéá)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "äéáãñáöÞ block êëåéäéþí áðÝôõ÷å: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "ç ãñáììÞ åßíáé ðïëý ìåãÜëç\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "Üãíùóôïò ðñïêáèïñéóìÝíïò ðáñáëÞðôçò `%s'\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "ç õðïãñáöÞ áðÝôõ÷å: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "óöÜëìá óôç áðïóôïëÞ ðñïò ôï `%s': %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "óöÜëìá óôç áðïóôïëÞ ðñïò ôï `%s': %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|÷ñÞóç ôçò êáôÜóôáóçò öñÜóçò êëåéäß N"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|ÏÍÏÌÁ|÷ñÞóç ÏÍÏÌÁôïò óáí ðñïêáèïñéóìÝíï ìõóôéêü êëåéäß"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|ÏÍÏÌÁ|êñõðôïãñÜöçóç ãéá ÏÍÏÌÁ"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "áäõíáìßá åðåîåñãáóßáò ôïõ URI ôïõ äéáêïìéóç êëåéäéþí\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+#, fuzzy
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|ÏÍÏÌÁ|÷ñÞóç áëãüñéèìïõ êñõðôïãñÜöçóçò ÏÍÏÌÁ ãéá öñÜóåéò êëåéäéÜ"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "Üãíùóôï áíôéêåßìåíï ñõèìßóåùò \"%s\"\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "Üãíùóôï áíôéêåßìåíï ñõèìßóåùò \"%s\"\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "÷ñÞóç ùò áñ÷åßïõ åîüäïõ"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "×ñÞóç: gpg [åðéëïãÝò] [áñ÷åßá] (-h ãéá âïÞèåéá)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "÷ñÞóç: gpg [åðéëïãÝò] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "äåí âñÝèçêå ôï äçìüóéï êëåéäß"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@ÅíôïëÝò:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "áðïêñõðôïãñÜöçóç OK\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "áðïêñõðôïãñÜöçóç OK\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [üíïìá áñ÷åßïõ]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "×ñÞóç: gpg [åðéëïãÝò] [áñ÷åßá] (-h ãéá âïÞèåéá)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "ôï %s äåí åðéôñÝðåôáé ìå ôï %s!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "áäõíáìßá ðñüóâáóçò ôïõ áñ÷åßïõ: %s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò êáôáëüãïõ `%s': %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, fuzzy, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "áäõíáìßá ðñüóâáóçò ôïõ %s: %s\n"
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "áäõíáìßá åããñáöÞò ôçò êëåéäïèÞêçò `%s': %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ `%s': %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "óöÜëìá êáôÜ ôçí áíÜãíùóç ôïõ `%s': %s\n"
+
+#: tools/symcryptrun.c:488
+#, fuzzy
+msgid "no --program option provided\n"
+msgstr "äåí õðïóôçñßæåôå ç áðïìáêñõóìÝíç åêôÝëåóç ðñïãñÜììáôïò\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò ôïõ %s: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò ôïõ %s: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "ç åíçìÝñùóç áðÝôõ÷å: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "äéáãñáöÞ block êëåéäéþí áðÝôõ÷å: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "ç åíçìÝñùóç áðÝôõ÷å: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "ç åíçìÝñùóç áðÝôõ÷å: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "ç åíçìÝñùóç áðÝôõ÷å: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò ôïõ `%s': %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "áäõíáìßá äçìéïõñãßáò ôïõ `%s': %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "äåí õðïóôçñßæåôáé ï áëãüñéèìïò ðñïóôáóßáò %d%s\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "×ñÞóç: gpg [åðéëïãÝò] [áñ÷åßá] (-h ãéá âïÞèåéá)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "ÅíôïëÞ> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr ""
+#~ "ç trustdb åßíáé öèáñìÝíç - ÷ñçóéìïðïéåßóôå ôï \"gpg --fix-trustdb\".\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr "ÁíáöÝñåôå ôá ðñïâëÞìáôá óôï <gnupg-bugs@gnu.org>\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr "ÁíáöÝñåôå ôá ðñïâëÞìáôá óôï <gnupg-bugs@gnu.org>\n"
+
+#, fuzzy
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "Ôï æåýãïò êëåéäéþí DSA èá åßíáé 1024 bits.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "ÅðáíáëÜâåôå ôç öñÜóç\n"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "áíÜãíùóç åðéëïãþí áðü `%s'\n"
+
+#~ msgid "|[file]|make a signature"
+#~ msgstr "|[áñ÷åßï]|äçìéïõñãßá ìéáò õðïãñáöÞò"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[áñ÷åßï]|äçìéïõñãßá ìéáò õðïãñáöÞò"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[áñ÷åßï]|äçìéïõñãßá ìéáò ìç êñõðôïãñáöçìÝíçò õðïãñáöÞò"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|ÏÍÏÌÁ|÷ñÞóç ôïõ ÏÍÏÌÁôïò ùò ðñïêáèïñéóìÝíïõ ðáñáëÞðôç"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "÷ñÞóç ôïõ ðñïêáèïñéóìÝíïõ êëåéäéïý ùò ðñïêáèïñéóìÝíïõ ðáñáëÞðôç"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "åîáíáãêáóìüò ÷ñÞóçò v3 õðïãñáöþí"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "÷ñÞóç ðÜíôïôå MDC ãéá êñõðôïãñÜöçóç"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "ðñïóèÞêç áõôÞò ôçò ìõóôéêÞò êëåéäïèÞêçò óôç ëßóôá"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|ÏÍÏÌÁ|êáèïñéóìüò ôïõ óåô ÷áñáêôÞñùí ôåñìáôéêïý óå ÏÍÏÌÁ"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|ÁÑ×ÅÉÏ|öüñôùìá ôïõ áñèñþìáôïò åðÝêôáóçò ÁÑ×ÅÉÏ"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|÷ñÞóç áëãïñßèìïõ óõìðßåóçò N"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "áöáßñåóç ôùí êëåéäéþí áðü ôç äçìüóéá êëåéäïèÞêç"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Åßíáé áðüöáóç óáò íá ïñßóåôå ôéìÞ åäþ. ÁõôÞ ç ôéìÞ äåí èá åîá÷èåß\n"
+#~ "ðïôÝ óå ôñßôï ðñüóùðï. Ôç ÷ñåéáæüìáóôå ãéá åöáñìïãÞ ôïõ éóôïý-"
+#~ "åìðéóôïóýíçò,\n"
+#~ "äåí Ý÷åé ôßðïôá íá êÜíåé ìå ôïí (óéùðçëÜ äçìéïõñãçìÝíï) éóôü-"
+#~ "ðéóôïðïéçôéêþí."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Ãéá ôç äüìçóç åíüò Éóôïý-Åìðéóôïóýíçò, ôï GnuPG ðñÝðåé íá îÝñåé ðïéÜ "
+#~ "êëåéäéÜ\n"
+#~ "åßíáé ðëÞñçò åìðéóôïóýíçò - áõôÜ åßíáé óõíÞèùò êëåéäéÜ óôá ïðïßá Ý÷åôå\n"
+#~ "ðñüóâáóç óôï ìõóôéêü êëåéäß. ÁðáíôÞóôå \"yes\" (íáé) ãéá íá äïèåß óôï "
+#~ "êëåéäß\n"
+#~ "áõôü ðëÞñç åìðéóôïóýíç\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "ÅÜí èÝëåôå íá ÷ñçóéìïðïéÞóåôå áõôü ôï ìç åìðéóôåõìÝíï êëåéäß, áðáíôÞóôå "
+#~ "\"yes\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr ""
+#~ "ÐëçêôñïëïãÞóôå ôï user ID ôïõ áðïäÝêôç áõôïý ðïõ èÝëåôå íá óôåßëåôå "
+#~ "ìÞíõìá."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "ÃåíéêÜ, äåí åßíáé êáëÞ éäÝá íá ÷ñçóéìïðïéåßôáé ôï ßäéï êëåéäß ãéá "
+#~ "õðïãñáöÞ\n"
+#~ "êáé êñõðôïãñÜöçóç. Áõôüò ï áëãüñéèìïò ðñÝðåé íá ÷ñçóéìïðïéåßôáé ìüíï óå\n"
+#~ "ïñéóìÝíïõò ôüðïõò. Ç óõìâïõëÞ åíüò åéäéêïý óå èÝìáôá áóöÜëåéáò óõíåßóôáôå."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "ÐëçêôñïëïãÞóôå ôï ìÝãåèïò ôïõ êëåéäéïý"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "ÁðáíôÞóôå \"yes\"(íáé) Þ \"no\"(ü÷é)"
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "ÐëçêôñïëïãÞóôå ôçí áðáéôïýìåíç ôéìÞ üðùò áðåéêïíßæåôå.\n"
+#~ "Ìðïñåßôå íá åéóÜãåôå ìéá çìåñïìçíßá ISO (YYYY-MM-DD) áëëÜ\n"
+#~ "äåí èá ëÜâåôå ìéá êáëÞ áðÜíôçóç óöÜëìáôïò - áíôßèåôá ôï óýóôçìá\n"
+#~ "ðñïóðáèåß íá åñìçíåýóåé ôçí ôéìÞ óáí äéÜóôçìá."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "ÐëçêôñïëïãÞóôå ôï üíïìá ôïõ êëåéäïêñÜôïñá"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr "ðëçêôñïëïãÞóôå ðñïáéñåôéêÜ ìéá äéåýèõíóç email (óõíéóôÜôáé)"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Ðáñáêáëþ ðñïáéñåôéêÜ ðëçêôñïëïãÞóôå Ýíá ó÷üëéï"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N ãéá áëëáãÞ ôïõ ïíüìáôïò.\n"
+#~ "C ãéá áëëáãÞ ôïõ ó÷ïëßïõ.\n"
+#~ "E ãéá áëëáãÞ ôçò äéåýèõíóçò email.\n"
+#~ "O ãéá óõíÝ÷åéá ôçò äçìéïõñãßáò êëåéäéïý.\n"
+#~ "Q ãéá íá ôåñìáôßóåôå ôç äçìéïõñãßá êëåéäéïý."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr ""
+#~ "ÁðáíôÞóôå \"yes\" (Þ áðëÜ \"y\") åÜí åßíáé åíôÜîåé íá äçìéïõñãçèåß ôï "
+#~ "õðïêëåéäß."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "¼ôáí õðïãñÜöåôå Ýíá user ID óå Ýíá êëåéäß, ðñÝðåé ðñþôá íá âåâáéùèåßôå "
+#~ "üôé\n"
+#~ "ôï êëåéäß áíÞêåé óôï ðñüóùðï ðïõ áíáöÝñåôå óôï user ID. Åßíáé ÷ñÞóéìï "
+#~ "ãéáôïõò Üëëïõò, íá îÝñïõí ðüóï ðñïóåêôéêÜ êÜíáôå áõôÞ ôç ðéóôïðïßçóç.\n"
+#~ "\n"
+#~ "\"0\" óçìáßíåé ïôé äåí áðáíôÜôå êáôá ðüóï ðñïóåêôéêÜ ðéóôïðïéÞóáôå ôï "
+#~ "êëåéäß.\n"
+#~ "\"1\" óçìáßíåé üôé ðéóôåýåôå ïôé ôï êëåéäß áíÞêåé óôï Üôïìï ðïõ ëÝåé üôé "
+#~ "ôïõ\n"
+#~ " áíÞêåé, áëëÜ äåí ìðïñåßôå Þ äåí åðéâåâáéþóáôå êáèüëïõ ôï êëåéäß. "
+#~ "Áõôü\n"
+#~ " åßíáé ÷ñÞóéìï üôáí õðïãñÜöåôå ôï êëåéäß åíüò \"øåõäþíõìïõ\" ÷ñÞóôç.\n"
+#~ "\n"
+#~ "\"2\" óçìáßíåé üôé êÜíáôå ôçí óõíÞèç ðéóôïðïßçóç ôïõ êëåéäéïý. Ãéá "
+#~ "ðáñÜäåéãìá\n"
+#~ " áõôü ìðïñåß íá óçìáßíåé üôé ðéóôïðïéÞóáôå ôï êëåéäß êáé åëÝãîáôå ôï\n"
+#~ " user ID óôï êëåéäß ìå ìéá photo ID.\n"
+#~ "\n"
+#~ "\"3\" óçìáßíåé üôé êÜíáôå åêôåôáìÝíï Ýëåã÷ï óôï êëåéäß. Ãéá ðáñÜäåéãìá, "
+#~ "áõôü\n"
+#~ " áõôü ìðïñåß íá óçìáßíåé üôé åëÝãîáôå ôï áðïôýðùìá ôïõ êëåéäéïý ìå "
+#~ "ôïí\n"
+#~ " éäéïêôÞôç ôïõ êëåéäéïý \"öõóéêÜ\" ðáñþí êáé åëÝãîáôå üôé ôï photo ID "
+#~ "ôïõ\n"
+#~ " êëåéäéïý åßíáé üìïéï ìå áõôü óå Ýíá äýóêïëá íá ðáñá÷áñá÷èåß Ýããñáöï ð."
+#~ "÷.\n"
+#~ " ôáõôüôçôá, äéáâáôÞñéï, äßðëùìá ïäÞãçóçò.\n"
+#~ "\n"
+#~ "¸÷åôå õðüøç üôé ôá ðáñáäåßãìáôá ðïõ äþèçêáí óôá \"åðßðåäá\" 2 êáé 3 "
+#~ "åßíáé\n"
+#~ "*ìüíï* ðáñáäåßãìáôá. Óôï ôÝëïò åîáñôÜôå ìüíï áðü åóÜò íá áðïöáóßóåôå ôé\n"
+#~ "óçìáßíåé \"óõíÞèåò\" êáé ôé \"åêôåôôáìÝíï\" óå åóÜò üôáí õðïãñÜöåôå "
+#~ "êëåéäéÜ.\n"
+#~ "\n"
+#~ "ÅÜí äåí îÝñåôå ðïéÜ åßíáé ç óùóôÞ áðÜíôçóç, äþóôå \"0\"."
+
+#, fuzzy
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "ÁðáíôÞóôå \"yes\" åÜí èÝëåôå íá õðïãñÜøåôå ÏËÁ ôá user ID"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "ÁðáíôÞóôå \"yes\" åÜí ðñáãìáôéêÜ èÝëåôå íá äéáãñáöåß áõôü\n"
+#~ "ôï user ID. ¼ëá ôá ðéóôïðïéçôéêÜ èá ÷áèïýí ôüôå!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "ÁðáíôÞóôå \"yes\" åÜí åßíáé åíôÜîåé íá äéáãñáöåß ôï õðïêëåéäß"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "ÁõôÞ åßíáé ìéá Ýãêõñç õðïãñáöÞ óôï êëåéäß. ÊáíïíéêÜ äåí èá èÝëáôå\n"
+#~ "íá äéáãñáöåß áõôÞ ç õðïãñáöÞ åðåéäÞ ìðïñåß íá åßíáé áðáñáßôçôç ãéá\n"
+#~ "êáèéÝñùóç ìéá óýíäåóçò åìðéóôïóýíçò óôï êëåéäß Þ óå Ýíá Üëëï êëåéäß\n"
+#~ "ðéóôïðïéçìÝíï áðü áõôü."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "ÁõôÞ ç õðïãñáöÞ äåí ìðïñåß íá åëåã÷èåß åðåéäÞ äåí Ý÷åôå ôï áíôßóôïé÷ï\n"
+#~ "êëåéäß. ÐñÝðåé íá áíáâÜëëåôå ôç äéáãñáöÞ ôïõ, ìÝ÷ñé íá ìÜèåôå ðéï "
+#~ "êëåéäß\n"
+#~ "÷ñçóéìïðïéÞèçêå ãéáôß áõôü ôï êëåéäß õðïãñáöÞò ìðïñåß íá êáèéåñþóåé\n"
+#~ "ìéá óýíäåóç åìðéóôïóýíçò ìÝóù åíüò Üëëïõ Þäç ðéóôïðïéçìÝíïõ êëåéäéïý."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr ""
+#~ "Ç õðïãñáöÞ äåí åßíáé Ýãêõñç. Åßíáé óõíåôü íá äéáãñáöåß áðü ôç\n"
+#~ "êëåéäïèÞêç óáò."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "ÁõôÞ åßíáé ìéá õðïãñáöÞ ðïõ óõíäÝåé ôï user ID óôï êëåéäß. Äåí\n"
+#~ "åßíáé óõíÞèùò êáëÞ éäÝá íá äéáãñáöåß ìéá ôÝôïéá õðïãñáöÞ. Óôçí\n"
+#~ "ðñáãìáôéêüôçôá ôï GnuPG ßóùò íá ìç ìðïñåß íá ÷ñçóéìïðïéÞóåé áõôü\n"
+#~ "ôï êëåéäß ðéá. Ïðüôå íá óõíå÷ßóåôå ìüíï åÜí áõôÞ ç éäéï-õðïãñáöÞ ãéá\n"
+#~ "êÜðïéï ëüãï äåí åßíáé Ýãêõñç Þ õðÜñ÷åé ìéá äåýôåñç."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "ÁëëÜîôå ôéò ðñïåðéëïãÝò üëùí ôùí user ID (Þ ìüíï ôùí åðéëåãìÝíùí)\n"
+#~ "óôçí ðñïõðÜñ÷ïõóá ëßóôá ðñïåðéëïãþí. Ç çìåñïìçíßá üëùí ôùí åðçñåáóìÝíùí\n"
+#~ "éäéï-õðïãñáöþí èá áõîçèåß êáôÜ 1 äåõôåñüëåðôï.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "ÐëçêôñïëïãÞóôå ôç öñÜóç êëåéäß· áõôÞ åßíáé ìéá ìõóôéêÞ ðñüôáóç \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr "Ðáñáêáëþ åðáíáëÜâåôå ôç ôåëåõôáßá öñÜóç êëåéäß, ãéá óéãïõñéÜ."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Äþóôå ôï üíïìá ôïõ áñ÷åßïõ óôï ïðïßï åöáñìüæåôáé ç õðïãñáöÞ"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "ÁðáíôÞóôå \"yes\" åÜí åßíáé åíôÜîåé íá åðéêáëõöèåß ôï áñ÷åßï"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Ðáñáêáëþ åéóÜãåôå Ýíá íÝï üíïìá áñ÷åßïõ. ÅÜí áðëÜ ðáôÞóåôå RETURN\n"
+#~ "ôï åî'ïñéóìïý áñ÷åßï (áðåéêïíßæåôáé óôéò áãêýëåò) èá ÷ñçóéìïðïéçèåß."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "ÐñÝðåé íá ïñßóåôå Ýíá ëüãï ãéá ôçí ðéóôïðïßçóç. ÁíÜëïãá ìå ôá\n"
+#~ "óõìöñáæüìåíá, Ý÷åôå ôç äõíáôüôçôá íá åðéëÝîåôå áðü ôç ëßóôá:\n"
+#~ " \"Ôï êëåéäß Ý÷åé åêôåèåß\"\n"
+#~ " ×ñçóéìïðïéåßóôå åÜí ðéóôåýåôå üôé ìç åîïõóéïäïôçìÝíá ðñüóùðá\n"
+#~ " Ý÷ïõí ðñüóâáóç óôï ìõóôéêü êëåéäß óáò.\n"
+#~ " \"Ôï êëåéäß Ý÷åé ðáñáêáìèåß\"\n"
+#~ " ×ñçóéìïðïéåßóôå åÜí Ý÷åôå áíôéêáôáóôÞóåé ôï êëåéäß ìå Ýíá Üëëï.\n"
+#~ " \"Ôï êëåéäß äåí ÷ñçóéìïðïéåßôå ðëÝïí\"\n"
+#~ " ×ñçóéìïðïéåßóôå åÜí Ý÷åôå áðïóýñåé áõôü ôï êëåéäß.\n"
+#~ " \"Ôï user ID äåí åßíáé ðëÝïí Ýãêõñï\"\n"
+#~ " ×ñçóéìïðïéåßóôå áõôü ãéá íá äçëþóåôå üôé ôï user ID äåí ðñÝðåé\n"
+#~ " íá ÷ñçóéìïðïéåßôáé ðéá. Ãéá íá ïñßóåôå Üêõñç ìéá äéåýèõíóç email.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "ÅÜí åðéèõìåßôå, ìðïñåßôå íá ðëçêôñïëïãÞóåôå Ýíá êåßìåíï ðïõ\n"
+#~ "ðåñéãñÜöåé ôïí ëüãï ðïõ åêäßäåôáé áõôü ôï ðéóôïðïéçôéêü áíÜêëçóçò.\n"
+#~ "Ðáñáêáëþ êñáôÞóôå áõôü ôï êåßìåíï óõíïðôéêü. Ìéá Üäåéá ãñáììÞ\n"
+#~ "ëÞãåé ôï êåßìåíï.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "áäõíáìßá ôïðïèÝôçóçò äåäïìÝíùí óÞìáíóçò óå õðïãñáöÝò v3 (PGP 2.x óôõë)\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr ""
+#~ "áäõíáìßá ôïðïèÝôçóçò äåäïìÝíùí óÞìáíóçò óå õðïãñáöÝò êëåéäéþí v3 (PGP 2.x "
+#~ "óôõë)\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "áäõíáìßá ôïðïèÝôçóçò URL ðïëéôéêÞò óå õðïãñáöÝò v3 (PGP 2.x óôõë)\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "áäõíáìßá ôïðïèÝôçóçò URL ðïëéôéêÞò óå õðïãñáöÝò êëåéäéïý v3 (PGP 2.x "
+#~ "óôõë)\n"
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "help"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr ""
+#~ "äåßôå ôï http://www.gnupg.org/faq.html ãéá ðåñéóóüôåñåò ðëçñïöïñßåò\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "ï gpg-agent äåí åßíáé äéáèÝóéìïò óå áõôÞ ôç óõíåäñßá\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Ðáñáêáëþ åðéëÝîôå ôïí ôýðï ôïõ êëåéäéïý ðïõ èÝëåôå:\n"
+
+#, fuzzy
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr ""
+#~ "ç åðÝêôáóç ôïõ êñõðôáëãüñéèìïõ \"%s\" äåí öïñôþèçêå åðåéäÞ õðÜñ÷ïõí\n"
+#~ "áíáóöáëåßò Üäåéåò\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "ï DSA áðáéôåß ôç ÷ñÞóç åíüò 160 bit áëãüñéèìïõ hash\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "ðñüâëçìá ìå ôïí agent - áðåíåñãïðïéÞóç ôçò ÷ñÞóçò ôïõ agent\n"
+
+#, fuzzy
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "áäõíáìßá åñþôçóçò ôçò ëÝîçò êëåéäß óå êáôÜóôáóç äÝóìçò\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "ÐëçêôñïëïãÞóôå ôç öñÜóç êëåéäß: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "ÅðáíáëÜâåôå ôç öñÜóç êëåéäß: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [user-id] [êëåéäïèÞêç]"
+
+#, fuzzy
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "áäõíáìßá ðáñáãùãÞò ðñþôïõ áñéèìïý ìå ëéãüôåñá áðü %d bits\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "áäõíáìßá ðáñáãùãÞò ðñþôïõ áñéèìïý ìå ëéãüôåñá áðü %d bits\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "äåí åíôïðßóôçêå Üñèñùìá óõëëïãÞò åíôñïðßáò\n"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "áäõíáìßá ðñüóâáóçò ôïõ `%s'\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "áäõíáìßá ëÞøçò ðëçñïöïñéþí ãéá ôï `%s': %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "`%s' äåí åßíáé êáíïíéêü áñ÷åßï - áãíïÞèçêå\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "óçìåßùóç: ôï áñ÷åßï random_seed åßíáé Üäåéï\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr ""
+#~ "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ìç Ýãêõñï ìÝãåèïò áñ÷åßïõ random_seed - äåí\n"
+#~ "÷ñçóéìïðïéåßôå\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "áäõíáìßá áíÜãíùóçò ôïõ `%s': %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "óçìåßùóç: äåí Ý÷åé áíáíåùèåß ôï áñ÷åßï random_seed\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "áäõíáìßá åããñáöÞò ôïõ `%s': %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "áäõíáìßá êëåéóßìáôïò ôïõ `%s': %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ÷ñÞóç ìç áóöáëïýò ãåííÞôñéáò ôõ÷áßùí áñéèìþí!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Ç ãåííÞôñéá ôõ÷áßùí áñéèìþí åßíáé ðïëý áäýíáìç ãéá áõôÞ ôç ÷ñÞóç\n"
+#~ "\n"
+#~ "ÌÇ ×ÑÇÓÉÌÏÐÏÉÇÓÅÔÅ ÄÅÄÏÌÅÍÁ ÐÏÕ Å×ÏÕÍ ÐÁÑÁ×ÈÅÉ ÁÐÏ ÁÕÔÏ ÔÏ ÐÑÏÃÑÁÌÌÁ!!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Ðñáêáë ðåñéìÝíåôå, ç åíôñïðßá óõãêåíôñþíåôáé. ÊÜíôå ìéá Üëëç åñãáóßá\n"
+#~ "ãéá íá ìçí âáñåèåßôå, ãéáôß áõôü èá âåëôéþóåé ôçí ðïéüôçôá ôçò åíôñïðßá.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Äåí õðÜñ÷ïõí áñêåôÜ äéáèÝóéìá ôõ÷áßá bytes. Ðñïôåßíåôáé íá áíáìåßíåôå Þ\n"
+#~ "íá áðáó÷ïëåßôå ôï ëåéôïõñãéêü óýóôçìá ìÝ÷ñé áõôü íá óõãêåíôñþóåé\n"
+#~ "ðåñéóóüôåñç åíôñïðßá! (×ñåéÜæïíôáé %d ðåñéóóüôåñá bytes)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "ôï ìõóôéêü êëåéäß äåí åßíáé äéáèÝóéìï"
+
+#, fuzzy
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "ï gpg-agent äåí åßíáé äéáèÝóéìïò óå áõôÞ ôç óõíåäñßá\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "¸÷åôå õðïãñÜøåé áõôÜ ôá user ID:\n"
+
+#~ msgid "general error"
+#~ msgstr "ãåíéêü óöÜëìá"
+
+#~ msgid "unknown packet type"
+#~ msgstr "Üãíùóôïò ôýðïò ðáêÝôïõ"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "Üãíùóôïò áëãüñéèìïò äçìïóßïõ êëåéäéïý"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "Üãíùóôïò áëãïñéèìïò ðåñßëçøçò"
+
+#~ msgid "bad public key"
+#~ msgstr "êáêü äçìüóéï êëåéäß"
+
+#~ msgid "bad secret key"
+#~ msgstr "êáêü ìõóôéêü êëåéäß"
+
+#~ msgid "bad signature"
+#~ msgstr "êáêÞ õðïãñáöÞ"
+
+#~ msgid "checksum error"
+#~ msgstr "óöÜëìá checksum"
+
+#~ msgid "unknown cipher algorithm"
+#~ msgstr "Üãíùóôïò áëãüñéèìïò êñõðôïãñÜöçóçò"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "áäõíáìßá ðñüóâáóçò óôç êëåéäïèÞêç"
+
+#~ msgid "invalid packet"
+#~ msgstr "ìç Ýãêõñï ðáêÝôï"
+
+#~ msgid "invalid armor"
+#~ msgstr "ìç Ýãêõñç èùñÜêéóç"
+
+#~ msgid "no such user id"
+#~ msgstr "Üãíùóôç ôáõôüôçôá ÷ñÞóôç (user id)"
+
+#~ msgid "secret key not available"
+#~ msgstr "ôï ìõóôéêü êëåéäß äåí åßíáé äéáèÝóéìï"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "÷ñÞóç ëÜèïò ìõóôéêïý êëåéäéïý"
+
+#~ msgid "not supported"
+#~ msgstr "äåí õðïóôçñßæåôáé"
+
+#~ msgid "bad key"
+#~ msgstr "êáêü êëåéäß"
+
+#~ msgid "file write error"
+#~ msgstr "óöÜëìá åããñáöÞò áñ÷åßïõ"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "Üãíùóôïò áëãüñéèìïò óõìðßåóçò"
+
+#~ msgid "file open error"
+#~ msgstr "óöÜëìá ðñüóâáóçò áñ÷åßïõ"
+
+#~ msgid "file create error"
+#~ msgstr "óöÜëìá äçìéïõñãßáò áñ÷åßïõ"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "ìç Ýãêõñç öñÜóç êëåéäß"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "ìç õëïðïéçìÝíïò áëãüñéèìïò äçìïóßïõ êëåéäéïý"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "ìç õëïðïéçìÝíïò áëãüñéèìïò êñõðôïãñÜöçóçò"
+
+#~ msgid "unknown signature class"
+#~ msgstr "Üãíùóôç êëÜóç õðïãñáöÞò"
+
+#~ msgid "trust database error"
+#~ msgstr "óöÜëìá ôçò âÜóçò äåäïìÝíùí åìðéóôïóýíçò"
+
+#~ msgid "resource limit"
+#~ msgstr "üñéï ðüñïõ"
+
+#~ msgid "invalid keyring"
+#~ msgstr "ìç Ýãêõñç êëåéäïèÞêç"
+
+#~ msgid "malformed user id"
+#~ msgstr "êáêïäéáôõðùìÝíç ôáõôüôçôá ÷ñÞóôç (user id)"
+
+#~ msgid "file close error"
+#~ msgstr "óöÜëìá êëåéóßìáôïò áñ÷åßïõ"
+
+#~ msgid "file rename error"
+#~ msgstr "óöÜëìá ìåôïíïìáóßáò áñ÷åßïõ"
+
+#~ msgid "file delete error"
+#~ msgstr "óöÜëìá äéáãñáöÞò áñ÷åßïõ"
+
+#~ msgid "unexpected data"
+#~ msgstr "ìç áíáìåíüìåíá äåäïìÝíá"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "óýãêñïõóç þñáò (timestamp)"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "ìç ÷ñçóéìïðïéÞóéìïò áëãüñéèìïò äçìïóßïõ êëåéäéïý"
+
+#~ msgid "file exists"
+#~ msgstr "ôï áñ÷åßï õðÜñ÷åé"
+
+#~ msgid "weak key"
+#~ msgstr "áäýíáìï êëåéäß"
+
+#~ msgid "bad URI"
+#~ msgstr "êáêü URI"
+
+#~ msgid "unsupported URI"
+#~ msgstr "ìç õðïóôçñéæüìåíï URI"
+
+#~ msgid "network error"
+#~ msgstr "óöÜëìá äéêôýïõ"
+
+#~ msgid "not processed"
+#~ msgstr "ìç åðåîåñãáóìÝíï"
+
+#~ msgid "unusable public key"
+#~ msgstr "ìç ÷ñçóéìïðïéÞóéìï äçìüóéï êëåéäß"
+
+#~ msgid "unusable secret key"
+#~ msgstr "ìç ÷ñçóéìïðïéÞóéìï ìõóôéêü êëåéäß"
+
+#~ msgid "keyserver error"
+#~ msgstr "óöÜëìá äéáêïìéóôÞ êëåéäéþí"
+
+#, fuzzy
+#~ msgid "no card"
+#~ msgstr "ìç êñõðôïãñáöçìÝíï"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "äåí õðÜñ÷ïõí õðïãåãñáììÝíá äåäïìÝíá\n"
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... áõôü åßíáé bug (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ÷ñÞóç ìç áóöáëïýò ìíÞìçò!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "ç ëåéôïõñãßá äåí åßíáé äõíáôÞ ÷ùñßò áñ÷éêïðïéçìÝíç áóöáëÞ ìíÞìç\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(ßóùò ÷ñçóéìïðïéÞóáôå ëÜèïò ðñüãñáììá ãéá áõôÞ ôçí åñãáóßá)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr ""
+#~ "äåßôå ôï http://www.gnupg.org/why-not-idea.html ãéá ðåñéóóüôåñåò "
+#~ "ðëçñïöïñßåò\n"
+
+#, fuzzy
+#~ msgid "all export-clean-* options from above"
+#~ msgstr "áíÜãíùóç åðéëïãþí áðü áñ÷åßï"
+
+#, fuzzy
+#~ msgid "all import-clean-* options from above"
+#~ msgstr "áíÜãíùóç åðéëïãþí áðü áñ÷åßï"
+
+#, fuzzy
+#~ msgid "expired: %s)"
+#~ msgstr " [ëÞãåé: %s]"
+
+#, fuzzy
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr ""
+#~ "êëåéäß %08lX: ìç áíáìåíþìåíç êëÜóç õðïãñáöÞò (0x%02x) - ðáñáëåßöèçêå\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "áäõíáìßá åêôÝëåóçò ôïõ %s \"%s\": %s\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "ôï user ID \"%s\" Ý÷åé Þäç áíáêëçèåß\n"
+
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr "êáêÞ öñÜóç êëåéäß Üãíùóôïò áëãüñéèìïò êñõðôïãñÜöçóçò (%d)\n"
+
+#~ msgid "can't set client pid for the agent\n"
+#~ msgstr "áäõíáìßá ïñéóìïý ôïõ pid ôïõ ðåëÜôç óéá ôï agent\n"
+
+#~ msgid "can't get server read FD for the agent\n"
+#~ msgstr "áäõíáìßá áíÜãíùóçò ôïõ FD áðü ôï äéáêïìéóôÞ ãéá ôïí agent\n"
+
+#~ msgid "can't get server write FD for the agent\n"
+#~ msgstr "áäõíáìßá åããñáöÞò ôïõ FD áðü ôï äéáêïìéóôÞ ãéá ôïí agent\n"
+
+#~ msgid "invalid response from agent\n"
+#~ msgstr "ìç Ýãêõñç áðÜíôçóç áðü ôïí agent\n"
+
+#~ msgid "select secondary key N"
+#~ msgstr "åðéëïãÞ äåõôåñåýïíôïò êëåéäéïý N"
+
+#~ msgid "list signatures"
+#~ msgstr "áðåéêüíéóç õðïãñáöþí"
+
+#~ msgid "sign the key"
+#~ msgstr "õðïãñáöÞ ôïõ êëåéäéïý"
+
+#~ msgid "add a secondary key"
+#~ msgstr "ðñïóèÞêç åíüò äåõôåñåýïíôïò êëåéäéïý"
+
+#~ msgid "delete signatures"
+#~ msgstr "äéáãñáöÞ õðïãñáöþí"
+
+#~ msgid "change the expire date"
+#~ msgstr "áëëáãÞ ôçò çìåñïìçíßáò ëÞîçò"
+
+#~ msgid "set preference list"
+#~ msgstr "ïñéóìüò áðåéêüíéóçò åðéëïãþí"
+
+#~ msgid "updated preferences"
+#~ msgstr "áíáùåùìÝíåò åðéëïãÝò"
+
+#~ msgid "No secondary key with index %d\n"
+#~ msgstr "Äåí õðÜñ÷åé äåõôåñåýïí êëåéäß ìå äåßêôç %d\n"
+
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--nrsign-key user-id"
+
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--nrlsign-key user-id"
+
+#~ msgid "sign the key non-revocably"
+#~ msgstr "õðïãñáöÞ ôïõ êëåéäéïý ìç-áíáêáëÝóéìá"
+
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "õðïãñáöÞ ôïõ êëåéäéïý ôïðéêÜ êáé ìç-áíáêáëÝóéìá"
+
+#~ msgid "q"
+#~ msgstr "q"
+
+#~ msgid "list"
+#~ msgstr "list"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "debug"
+#~ msgstr "debug"
+
+#, fuzzy
+#~ msgid "name"
+#~ msgstr "enable"
+
+#, fuzzy
+#~ msgid "login"
+#~ msgstr "lsign"
+
+#, fuzzy
+#~ msgid "cafpr"
+#~ msgstr "fpr"
+
+#, fuzzy
+#~ msgid "forcesig"
+#~ msgstr "revsig"
+
+#, fuzzy
+#~ msgid "generate"
+#~ msgstr "ãåíéêü óöÜëìá"
+
+#~ msgid "passwd"
+#~ msgstr "passwd"
+
+#~ msgid "save"
+#~ msgstr "save"
+
+#~ msgid "fpr"
+#~ msgstr "fpr"
+
+#~ msgid "uid"
+#~ msgstr "uid"
+
+#~ msgid "key"
+#~ msgstr "key"
+
+#~ msgid "check"
+#~ msgstr "check"
+
+#~ msgid "c"
+#~ msgstr "c"
+
+#~ msgid "sign"
+#~ msgstr "sign"
+
+#~ msgid "s"
+#~ msgstr "s"
+
+#, fuzzy
+#~ msgid "tsign"
+#~ msgstr "sign"
+
+#~ msgid "lsign"
+#~ msgstr "lsign"
+
+#~ msgid "nrsign"
+#~ msgstr "nrsign"
+
+#~ msgid "nrlsign"
+#~ msgstr "nrlsign"
+
+#~ msgid "adduid"
+#~ msgstr "adduid"
+
+#~ msgid "addphoto"
+#~ msgstr "addphoto"
+
+#~ msgid "deluid"
+#~ msgstr "deluid"
+
+#~ msgid "delphoto"
+#~ msgstr "delphoto"
+
+#, fuzzy
+#~ msgid "addcardkey"
+#~ msgstr "addkey"
+
+#~ msgid "delkey"
+#~ msgstr "delkey"
+
+#~ msgid "addrevoker"
+#~ msgstr "addrevoker"
+
+#~ msgid "delsig"
+#~ msgstr "delsig"
+
+#~ msgid "expire"
+#~ msgstr "expire"
+
+#~ msgid "primary"
+#~ msgstr "ðñùôåýùí"
+
+#~ msgid "toggle"
+#~ msgstr "toggle"
+
+#~ msgid "t"
+#~ msgstr "t"
+
+#~ msgid "pref"
+#~ msgstr "pref"
+
+#~ msgid "showpref"
+#~ msgstr "showpref"
+
+#~ msgid "setpref"
+#~ msgstr "setpref"
+
+#~ msgid "updpref"
+#~ msgstr "updpref"
+
+#, fuzzy
+#~ msgid "keyserver"
+#~ msgstr "óöÜëìá äéáêïìéóôÞ êëåéäéþí"
+
+#~ msgid "trust"
+#~ msgstr "trust"
+
+#~ msgid "revsig"
+#~ msgstr "revsig"
+
+#~ msgid "revuid"
+#~ msgstr "revuid"
+
+#~ msgid "revkey"
+#~ msgstr "revkey"
+
+#~ msgid "disable"
+#~ msgstr "disable"
+
+#~ msgid "enable"
+#~ msgstr "enable"
+
+#~ msgid "showphoto"
+#~ msgstr "showphoto"
+
+#~ msgid "digest algorithm `%s' is read-only in this release\n"
+#~ msgstr ""
+#~ "ï áëãüñéèìïò ðåñßëçøçò `%s' åßíáé óå áõôÞ ôçí Ýêäïóç ãéá áíÜãíùóç ìüíï\n"
+
+#~ msgid ""
+#~ "About to generate a new %s keypair.\n"
+#~ " minimum keysize is 768 bits\n"
+#~ " default keysize is 1024 bits\n"
+#~ " highest suggested keysize is 2048 bits\n"
+#~ msgstr ""
+#~ "Óå äéáäéêáóßá äçìéïõñãßáò åíüò íÝïõ %s keypair.\n"
+#~ " åëÜ÷éóôï ìÝãåèïò êëåéäéïý åßíáé 768 bits\n"
+#~ " ðñïêáèïñéóìÝíï ìÝãåèïò êëåéäéïý åßíáé 1024 bits\n"
+#~ " ìÝãéóôï ðñïôåéíüìåíï ìÝãåèïò êëåéäéïý åßíáé 2048 bits\n"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "Ï DSA åðéôñÝðåé ìüíï ìÝãåèïò êëåéäéïý áðü 512 Ýùò 1024\n"
+
+#~ msgid "keysize too small; 1024 is smallest value allowed for RSA.\n"
+#~ msgstr ""
+#~ "ôï ìÝãåèïò êëåéäéïý åßíáé ðïëý ìéêñü, 1024 åßíáé ç åëÜ÷éóôç ôéìÞ ãéá "
+#~ "RSA.\n"
+
+#~ msgid "keysize too small; 768 is smallest value allowed.\n"
+#~ msgstr ""
+#~ "ôï ìÝãåèïò êëåéäéïý åßíáé ðïëý ìéêñü, 768 åßíáé ç åëÜ÷éóôç åðéôñåðüìåíç "
+#~ "ôéìÞ.\n"
+
+#~ msgid "keysize too large; %d is largest value allowed.\n"
+#~ msgstr ""
+#~ "ôï ìÝãåèïò êëåéäéïý åßíáé ðïëý ìåãÜëï, %d åßíáé ç ìÝãéóôç ôéìÞ ðïõ "
+#~ "åðéôñÝðåôáé.\n"
+
+#~ msgid ""
+#~ "Keysizes larger than 2048 are not suggested because\n"
+#~ "computations take REALLY long!\n"
+#~ msgstr ""
+#~ "ÌåãÝèç êëåéäéþí ìåãáëýôåñá ôïõ 2048 äåí óõíéóôþíôáé ãéáôß\n"
+#~ "ïé õðïëïãéóìïß åßíáé ÷ñïíïâüñïé!\n"
+
+#, fuzzy
+#~ msgid "Are you sure that you want this keysize? (y/N) "
+#~ msgstr "Óßãïõñá èÝëåôå áõôü ôï ìÝãåèïò êëåéäéïý; "
+
+#~ msgid ""
+#~ "Okay, but keep in mind that your monitor and keyboard radiation is also "
+#~ "very vulnerable to attacks!\n"
+#~ msgstr ""
+#~ "ÅíôÜîåé, áëëÜ íá Ý÷åôå õð'üøç üôé ç ïèüíç êáé ôï ðëçêôñïëüãéï åßíáé\n"
+#~ "åðßóçò ðïëý ôñùôÜ óå åðéèÝóåéò!\n"
+
+#~ msgid "Experimental algorithms should not be used!\n"
+#~ msgstr "Ðåéñáìáôéêïß áëãüñéèìïé äåí ðñÝðåé íá ÷ñçóéìïðïéïýíôáé!\n"
+
+#~ msgid ""
+#~ "this cipher algorithm is deprecated; please use a more standard one!\n"
+#~ msgstr ""
+#~ "ç ÷ñÞóç áõôïý ôïõ áëãüñéèìïõ êñõðôïãñÜöçóçò äåí óõíéóôÜôáé. "
+#~ "×ñçóéìïðïéÞóôå Ýíá ðéï óõíçèéóìÝíï!\n"
+
+#~ msgid "sorry, can't do this in batch mode\n"
+#~ msgstr "óõãíþìç, äåí ìðïñåß íá ãßíåé áõôü óå êáôÜóôáóç äÝóìçò (batchmode)\n"
+
+#, fuzzy
+#~ msgid "can't open file `%s': %s\n"
+#~ msgstr "áäõíáìßá ðñüóâáóçò ôïõ áñ÷åßïõ: %s\n"
+
+#, fuzzy
+#~ msgid " \""
+#~ msgstr " ãíùóôü óáí \""
+
+#~ msgid "key %08lX: key has been revoked!\n"
+#~ msgstr "êëåéäß %08lX: ôï êëåéäß Ý÷åé áíáêëçèåß!\n"
+
+#~ msgid "key %08lX: subkey has been revoked!\n"
+#~ msgstr "êëåéäß %08lX: ôï õðïêëåéäß Ý÷åé áíáêëçèåß!\n"
+
+#~ msgid "%08lX: key has expired\n"
+#~ msgstr "%08lX: ôï êëåéäß Ý÷åé ëÞîåé\n"
+
+#~ msgid "%08lX: We do NOT trust this key\n"
+#~ msgstr "%08lX: ÄÅÍ åìðéóôåõüìáóôå áõôü ôï êëåéäß\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (auth only)\n"
+#~ msgstr " (%d) RSA (ãéá õðïãñáöÞ ìüíï)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign and auth)\n"
+#~ msgstr " (%d) RSA (õðïãñáöÞ êáé êñõðôïãñÜöçóç)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (encrypt and auth)\n"
+#~ msgstr " (%d) RSA (ãéá êñõðôïãñÜöçóç ìüíï)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign, encrypt and auth)\n"
+#~ msgstr " (%d) RSA (õðïãñáöÞ êáé êñõðôïãñÜöçóç)\n"
+
+#~ msgid "%s: can't open: %s\n"
+#~ msgstr "%s: áäõíáìßá ðñüóâáóçò ôïõ: %s\n"
+
+#~ msgid "%s: WARNING: empty file\n"
+#~ msgstr "%s: ÐÑÏÅÉÄÏÐÏÉÇÓÇ: Üäåéï áñ÷åßï\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust marginally\n"
+#~ msgstr " %d = ¸÷ù ìåñéêÞ åìðéóôïóýíç\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust fully\n"
+#~ msgstr " %d = ¸÷ù ðëÞñç åìðéóôïóýíç\n"
+
+#, fuzzy
+#~ msgid "expires"
+#~ msgstr "expire"
+
+#, fuzzy
+#~ msgid ""
+#~ "\"\n"
+#~ "locally signed with your key %s at %s\n"
+#~ msgstr ""
+#~ "\"\n"
+#~ "õðïãñÜöèçêå ôïðéêÜ ìå ôï êëåéäß óáò %08lX óôéò %s\n"
+
+#~ msgid "%s: can't access: %s\n"
+#~ msgstr "%s: áäõíáìßá ðñüóâáóçò: %s\n"
+
+#~ msgid "%s: can't create lock\n"
+#~ msgstr "%s: áäõíáìßá äçìéïõñãßáò êëåéäþìáôïò (lock)\n"
+
+#~ msgid "%s: can't make lock\n"
+#~ msgstr "%s: áäõíáìßá äçìéïõñãßáò êëåéäþìáôïò (lock)\n"
+
+#~ msgid "%s: can't create: %s\n"
+#~ msgstr "%s: áäõíáìßá äçìéïõñãßáò: %s\n"
+
+#~ msgid "If you want to use this revoked key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "ÅÜí èÝëåôå íá ÷ñçóéìïðïéÞóåôå áõôü ôï áíáêëÞèåí êëåéäß, áðáíôÞóôå \"yes\"."
+
+#~ msgid "Unable to open photo \"%s\": %s\n"
+#~ msgstr "Áäõíáìßá ðñüóâáóçò ôçò öùôïãñáößáò \"%s\": %s\n"
+
+#~ msgid "error: missing colon\n"
+#~ msgstr "óöÜëìá: ëåßðåé ç áíù êáé êÜôù ôåëåßá\n"
+
+#~ msgid "error: no ownertrust value\n"
+#~ msgstr "óöÜëìá: êáììéÜ ôéìÞ åìðéóôïóýíçò éäéïêôÞôç\n"
+
+#~ msgid " (main key ID %08lX)"
+#~ msgstr " (êýñéï êëåéäß, ID %08lX)"
+
+#~ msgid "rev! subkey has been revoked: %s\n"
+#~ msgstr "rev! ôï êëåéäß áíáêëÞèçêå: %s\n"
+
+#~ msgid "rev- faked revocation found\n"
+#~ msgstr "rev- âñÝèçêå ðáñáðïéçìÝíç áíÜêëçóç\n"
+
+#, fuzzy
+#~ msgid " [expired: %s]"
+#~ msgstr " [ëÞãåé: %s]"
+
+#~ msgid " [expires: %s]"
+#~ msgstr " [ëÞãåé: %s]"
+
+#, fuzzy
+#~ msgid " [revoked: %s]"
+#~ msgstr "[áíáêëçìÝíï]"
+
+#~ msgid ""
+#~ "WARNING: digest `%s' is not part of OpenPGP. Use at your own risk!\n"
+#~ msgstr ""
+#~ "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ðåñßëçøç `%s' äåí åßíáé ìÝñïò ôïõ OpenPGP. Åóåßò èá "
+#~ "êñßíåôå ãéá ôçí ÷ñÞóç ôçò!\n"
+
+#~ msgid "|[files]|encrypt files"
+#~ msgstr "|[áñ÷åßá]|êñõðôïãñÜöçóç áñ÷åßùí"
+
+#~ msgid "store only"
+#~ msgstr "áðïèÞêåõóç ìüíï"
+
+#~ msgid "|[files]|decrypt files"
+#~ msgstr "|[áñ÷åßá]|áðïêñõðôïãñÜöçóç áñ÷åßùí"
+
+#~ msgid "sign a key non-revocably"
+#~ msgstr "õðïãñáöÞ åíüò êëåéäéïý ìç-áíáêáëÝóéìá"
+
+#~ msgid "sign a key locally and non-revocably"
+#~ msgstr "õðïãñáöÞ åíüò êëåéäéïý ôïðéêÜ êáé ìç-áíáêáëÝóéìá"
+
+#~ msgid "list only the sequence of packets"
+#~ msgstr "áðåéêüíéóç ìüíï ôçò áêïëïõèßáò ðáêÝôùí"
+
+#~ msgid "export the ownertrust values"
+#~ msgstr "åîáãùãÞ ôùí ôéìþí åìðéóôïóýíçò"
+
+#~ msgid "unattended trust database update"
+#~ msgstr "áíáíÝùóç ôçò ðáñáìåëåéìÝíçò âÜóçò äåäïìÝíùí åìðéóôïóýíçò"
+
+#~ msgid "fix a corrupted trust database"
+#~ msgstr "äéüñèùóç ìéáò öèáñìÝíçò âÜóçò äåäïìÝíùí åìðéóôïóýíçò"
+
+#~ msgid "De-Armor a file or stdin"
+#~ msgstr "Áöáßñåóç-ÈùñÜêéóçò åíüò áñ÷åßïõ Þ stdin"
+
+#~ msgid "En-Armor a file or stdin"
+#~ msgstr "ÐñïóèÞêç-ÈùñÜêéóçò åíüò áñ÷åßïõ Þ stdin"
+
+#~ msgid "do not force v3 signatures"
+#~ msgstr "ü÷é åîáíáãêáóìüò ÷ñÞóçò v3 õðïãñáöþí"
+
+#~ msgid "force v4 key signatures"
+#~ msgstr "åîáíáãêáóìüò ÷ñÞóçò v4 õðïãñáöþí"
+
+#~ msgid "do not force v4 key signatures"
+#~ msgstr "ü÷é åîáíáãêáóìüò ÷ñÞóçò v4 õðïãñáöþí"
+
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "ðïôÝ ÷ñÞóç MDC ãéá êñõðôïãñÜöçóç"
+
+#~ msgid "use the gpg-agent"
+#~ msgstr "÷ñÞóç ôïõ gpg-agent"
+
+#~ msgid "|[file]|write status info to file"
+#~ msgstr "|[áñ÷åßï]|åããñáöÞ ôùí ðëçñïöïñéþí êáôÜóôáóçò óôï áñ÷åßï"
+
+#~ msgid "|KEYID|ultimately trust this key"
+#~ msgstr "|KEYID|áðüëõôç åìðéóôïóýíç óå áõôü ôï êëåéäß"
+
+#~ msgid "emulate the mode described in RFC1991"
+#~ msgstr "åîïìïßùóç ôçò êáôÜóôáóçò ðïõ ðåñéãñÜöåôáé óôï RFC1991"
+
+#~ msgid "set all packet, cipher and digest options to OpenPGP behavior"
+#~ msgstr ""
+#~ "óõìðåñéöïñÜ üëùí ôùí åðéëïãþí ðáêÝôá,áëãüñéèìïé êáé ðåñßëçøç óå OPENPGP"
+
+#~ msgid "set all packet, cipher and digest options to PGP 2.x behavior"
+#~ msgstr ""
+#~ "ïñéóìüò üëùí ôùí åðéëïãþí ðáêÝôá,áëãüñéèìïé,ðåñßëçøç óå PGP 2.x "
+#~ "óõìðåñéöïñÜ"
+
+#~ msgid "|NAME|use message digest algorithm NAME for passphrases"
+#~ msgstr ""
+#~ "|ONOMA|÷ñÞóç ôïõ áëãüñéèìïõ ðåñßëçøçò ìçíýìáôïò ÏÍÏÌÁ ãéá öñÜóåéò êëåéäéÜ"
+
+#~ msgid "throw keyid field of encrypted packets"
+#~ msgstr "äéáãñáöÞ ôïõ ðåäßïõ keyid ôùí êñõðôïãñáöçìÝíùí ðáêÝôùí"
+
+#~ msgid "Show Photo IDs"
+#~ msgstr "Áðåéêüíéóç ôùí Photo ID"
+
+#~ msgid "Don't show Photo IDs"
+#~ msgstr "Ìç áðåéêüíéóç ôùí Photo ID"
+
+#~ msgid "Set command line to view Photo IDs"
+#~ msgstr "Ïñéóìüò ôçò ãñáììÞò åíôïëþí ãéá áðåéêüíéóç ôùí Photo ID"
+
+#~ msgid "compress algorithm `%s' is read-only in this release\n"
+#~ msgstr ""
+#~ "ï áëãüñéèìïò óõìðßåóçò `%s' åßíáé óå áõôÞ ôçí Ýêäïóç ãéá áíÜãíùóç ìüíï\n"
+
+#~ msgid "compress algorithm must be in range %d..%d\n"
+#~ msgstr "ï áëãüñéèìïò óõìðßåóçò ðñÝðåé íá åßíáé ìåôáîý %d..%d\n"
+
+#~ msgid ""
+#~ "%08lX: It is not sure that this key really belongs to the owner\n"
+#~ "but it is accepted anyway\n"
+#~ msgstr ""
+#~ "%08lX: Äåí åßíáé âÝâáéï üôé áõôü ôï êëåéäß áíÞêåé óôïí éäéïêôÞôç\n"
+#~ "áëëÜ åí ðÜóç ðåñéðôþóåé ãßíåôáé äåêôü\n"
+
+#~ msgid "preference %c%lu is not valid\n"
+#~ msgstr "ç ðñïåðéëïãÞ %c%lu äåí åßíáé Ýãêõñç\n"
+
+#~ msgid "key %08lX: not a rfc2440 key - skipped\n"
+#~ msgstr "êëåéäß %08lX: äåí åßíáé Ýíá rfc2440 êëåéäß - ðáñáëåßöèçêå\n"
+
+#~ msgid ""
+#~ "NOTE: Elgamal primary key detected - this may take some time to import\n"
+#~ msgstr ""
+#~ "ÓÇÌÅÉÙÓÇ: åíôïðéóìüò ðñùôåýïíôïò êëåéäéïý Elgamal - ßóùò ðÜñåé ëßãï "
+#~ "÷ñüíï\n"
+#~ " ãéá ôçí åéóáãùãÞ ôïõ\n"
+
+#~ msgid " (default)"
+#~ msgstr " (ðñïêáèïñéóìÝíï)"
+
+#~ msgid "%s%c %4u%c/%08lX created: %s expires: %s"
+#~ msgstr "%s%c %4u%c/%08lX äçìéïõñãßá: %s ëÞîç: %s"
+
+#~ msgid "Policy: "
+#~ msgstr "ÐïëéôéêÞ: "
+
+#~ msgid "can't get key from keyserver: %s\n"
+#~ msgstr "áäõíáìßá ëÞøçò ôïõ êëåéäéïý áðü ôï äéáêïìéóôÞ: %s\n"
+
+#~ msgid "success sending to `%s' (status=%u)\n"
+#~ msgstr "åðéôõ÷ßá ôçò áðïóôïëÞò óôï `%s' (êáôÜóôáóç=%u)\n"
+
+#~ msgid "failed sending to `%s': status=%u\n"
+#~ msgstr "áðïôõ÷ßá óôçí áðïóôïëÞ ðñïò ôï `%s': êáôÜóôáóç=%u\n"
+
+#~ msgid "this keyserver does not support --search-keys\n"
+#~ msgstr "áõôüò ï keyserver äåí õðïóôçñßæåé --search-keys\n"
+
+#~ msgid "can't search keyserver: %s\n"
+#~ msgstr "áäõíáìßá áíáæÞôçóçò äéáêïìéóôÞ: %s\n"
+
+#~ msgid ""
+#~ "key %08lX: this is a PGP generated ElGamal key which is NOT secure for "
+#~ "signatures!\n"
+#~ msgstr ""
+#~ "êëåéäß %08lX: áõôü åßíáé Ýíá ðáñáãþìåíï áðü PGP ElGamal êëåéäß ôï ïðïßï\n"
+#~ " ÄÅÍ åßíáé áóöáëåò ãéá õðïãñáöÝò!\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu second in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "ôï êëåéäß %08lX äçìéïõñãÞèçêå %lu äåõôåñüëåðôï óôï ìÝëëïí (÷ñïíïäßíç Þ\n"
+#~ "áðëþò ðñüâëçìá óôï ñïëüé)\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu seconds in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "ôï êëåéäß %08lX äçìéïõñãÞèçêå %lu äåõôåñüëåðôá óôï ìÝëëïí (÷ñïíïäßíç Þ\n"
+#~ "áðëþò ðñüâëçìá óôï ñïëüé)\n"
+
+#~ msgid "key %08lX marked as ultimately trusted\n"
+#~ msgstr "ôï êëåéäß %08lX óçìåéþèçêå óáí áðüëõôçò åìðéóôïóýíçò.\n"
+
+#~ msgid "signature from Elgamal signing key %08lX to %08lX skipped\n"
+#~ msgstr "õðïãñáöÞ áðü Elgamal õðïãñÜöùí êëåéäß %08lX óå %08lX ðáñáëÞöèåé\n"
+
+#~ msgid "signature from %08lX to Elgamal signing key %08lX skipped\n"
+#~ msgstr "õðïãñáöÞ áðü %08lX óå Elgamal õðïãñÜöùí êëåéäß %08lX ðáñáëÞöèåé\n"
+
+#~ msgid "checking at depth %d signed=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+#~ msgstr ""
+#~ "Ýëåã÷ïò óå âÜèïò %d õðïãñáöèçêå=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the digital signature algorithm which can only be used\n"
+#~ "for signatures. This is the suggested algorithm because verification of\n"
+#~ "DSA signatures are much faster than those of ElGamal.\n"
+#~ "\n"
+#~ "ElGamal is an algorithm which can be used for signatures and encryption.\n"
+#~ "OpenPGP distinguishs between two flavors of this algorithms: an encrypt "
+#~ "only\n"
+#~ "and a sign+encrypt; actually it is the same, but some parameters must be\n"
+#~ "selected in a special way to create a safe key for signatures: this "
+#~ "program\n"
+#~ "does this but other OpenPGP implementations are not required to "
+#~ "understand\n"
+#~ "the signature+encryption flavor.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of "
+#~ "signing;\n"
+#~ "this is the reason why the encryption only ElGamal key is not available "
+#~ "in\n"
+#~ "this menu."
+#~ msgstr ""
+#~ "ÅðéëÝîôå ôïí áëãüñéèìï ðïõ èÝëåôå íá ÷ñçóéìïðïéÞóåôå.\n"
+#~ "\n"
+#~ "DSA (åðßóçò ãíùóôüò óáí DSS) åßíáé ï áëãüñéèìïò øçöéáêÞò õðïãñáöÞò\n"
+#~ "êáé ìðïñåß íá ÷ñçóéìïðïéçèåß ìüíï ãéá õðïãñáöÝò. Åßíáé ï ðñïôåéíüìåíïò\n"
+#~ "áëãüñéèìïò åðåéäÞ ç åðáëÞèåõóç ôùí DSA õðïãñáöþí åßíáé ôá÷ýôåñç áðü\n"
+#~ "ôùí õðïãñáöþí ôýðïõ ElGamal.\n"
+#~ "\n"
+#~ "ElGamal åßíáé Ýíáò áëãüñéèìïò ãéá ÷ñÞóç êáé óå õðïãñáöÝò êáé ãéá êñõðôï-\n"
+#~ "ãñÜöçóç. Ôï OpenPGP îå÷ùñßæåé ôéò äýï \"ãåýóåéò\" áõôïý ôïõ áëãüñéèìïõ:\n"
+#~ "Ýíá êñõðôïãñÜöçóçò-ìüíï êáé Ýíá õðïãñáöÞò-êáé-êñõðôïãñÜöçóçò, óôçí\n"
+#~ "ðñáãìáôéêüôçôá åßíáé ï ßäéïò, áëëÜ êÜðïéïé ðáñÜìåôñïé ðñÝðåé íá "
+#~ "åðéëåãïýí\n"
+#~ "ìå Ýíá åéäéêü ôñüðï ãéá íá äçìéïõñãçèåß Ýíá áóöáëÝò êëåéäß ãéá "
+#~ "õðïãñáöÝò.\n"
+#~ "Áõôü ôï ðñüãñáììá ôï êÜíåé, áëëÜ óå Üëëåò OpenPGP õëïðïéÞóåéò äåí\n"
+#~ "åßíáé áðáñáßôçôï íá êáôáëáâáßíïõí áõôü ôï óõíäõáóìü (ãåýóç).\n"
+#~ "\n"
+#~ "Ôï ðñþôï (ðñùôåýïí) êëåéäß ðñÝðåé íá åßíáé ðÜíôïôå Ýíá êëåéäß éêáíü ãéá\n"
+#~ "õðïãñáöÞ. Áõôüò åßíáé ï ëüãïò ãéá ôïí ïðïßï ï êñõðôïãñÜöçóçò-ìüíï\n"
+#~ "êëåéäß ElGamal äåí åßíáé äéáèÝóéìï óå áõôü ôï ìåíïý."
+
+#~ msgid ""
+#~ "Although these keys are defined in RFC2440 they are not suggested\n"
+#~ "because they are not supported by all programs and signatures created\n"
+#~ "with them are quite large and very slow to verify."
+#~ msgstr ""
+#~ "Áí êáé áõôÜ ôá êëåéäéÜ ðåñéãñÜöïíôáé óôï RFC2440 äåí ðñïôåßíïíôáé\n"
+#~ "åðåéäÞ äåí õðïóôçñßæïíôáé áðü üëá ôá ðñïãñÜììáôá êáé ïé õðïãñáöÝò ðïõ\n"
+#~ "Ý÷ïõí äçìéïõñãçèåß áðü áõôÜ åßíáé ìåãÜëåò êáé ðïëý áñãÝò óôçí åðáëÞèåõóç."
+
+#~ msgid "%lu keys so far checked (%lu signatures)\n"
+#~ msgstr "%lu êëåéäéÜ Ý÷ïõí ìÝ÷ñé ôþñá åëåã÷èåß (%lu õðïãñáöÝò)\n"
+
+#~ msgid "key incomplete\n"
+#~ msgstr "êëåéäß çìéôåëÝò\n"
+
+#~ msgid "key %08lX incomplete\n"
+#~ msgstr "êëåéäß %08lX çìéôåëÝò\n"
diff --git a/po/en@boldquot.gmo b/po/en@boldquot.gmo
new file mode 100644
index 0000000..3b24cb1
--- /dev/null
+++ b/po/en@boldquot.gmo
Binary files differ
diff --git a/po/en@boldquot.header b/po/en@boldquot.header
new file mode 100644
index 0000000..fedb6a0
--- /dev/null
+++ b/po/en@boldquot.header
@@ -0,0 +1,25 @@
+# All this catalog "translates" are quotation characters.
+# The msgids must be ASCII and therefore cannot contain real quotation
+# characters, only substitutes like grave accent (0x60), apostrophe (0x27)
+# and double quote (0x22). These substitutes look strange; see
+# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html
+#
+# This catalog translates grave accent (0x60) and apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019).
+# It also translates pairs of apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019)
+# and pairs of quotation mark (0x22) to
+# left double quotation mark (U+201C) and right double quotation mark (U+201D).
+#
+# When output to an UTF-8 terminal, the quotation characters appear perfectly.
+# When output to an ISO-8859-1 terminal, the single quotation marks are
+# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to
+# grave/acute accent (by libiconv), and the double quotation marks are
+# transliterated to 0x22.
+# When output to an ASCII terminal, the single quotation marks are
+# transliterated to apostrophes, and the double quotation marks are
+# transliterated to 0x22.
+#
+# This catalog furthermore displays the text between the quotation marks in
+# bold face, assuming the VT100/XTerm escape sequences.
+#
diff --git a/po/en@boldquot.po b/po/en@boldquot.po
new file mode 100644
index 0000000..aa7b821
--- /dev/null
+++ b/po/en@boldquot.po
@@ -0,0 +1,8373 @@
+# English translations for GNU gnupg package.
+# Copyright (C) 2012 Free Software Foundation, Inc.
+# This file is distributed under the same license as the GNU gnupg package.
+# Automatically generated, 2012.
+#
+# All this catalog "translates" are quotation characters.
+# The msgids must be ASCII and therefore cannot contain real quotation
+# characters, only substitutes like grave accent (0x60), apostrophe (0x27)
+# and double quote (0x22). These substitutes look strange; see
+# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html
+#
+# This catalog translates grave accent (0x60) and apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019).
+# It also translates pairs of apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019)
+# and pairs of quotation mark (0x22) to
+# left double quotation mark (U+201C) and right double quotation mark (U+201D).
+#
+# When output to an UTF-8 terminal, the quotation characters appear perfectly.
+# When output to an ISO-8859-1 terminal, the single quotation marks are
+# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to
+# grave/acute accent (by libiconv), and the double quotation marks are
+# transliterated to 0x22.
+# When output to an ASCII terminal, the single quotation marks are
+# transliterated to apostrophes, and the double quotation marks are
+# transliterated to 0x22.
+#
+# This catalog furthermore displays the text between the quotation marks in
+# bold face, assuming the VT100/XTerm escape sequences.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: GNU gnupg 2.0.19\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2012-03-27 10:23+0200\n"
+"Last-Translator: Automatically generated\n"
+"Language-Team: none\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: agent/call-pinentry.c:244
+#, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "failed to acquire the pinentry lock: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr "|pinentry-label|_OK"
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr "|pinentry-label|_Cancel"
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr "|pinentry-label|PIN:"
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr "Quality:"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr "pinentry.qualitybar.tooltip"
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+
+#: agent/call-pinentry.c:719
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr "SETERROR %s (try %d of %d)"
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+msgid "PIN too long"
+msgstr "PIN too long"
+
+#: agent/call-pinentry.c:800
+msgid "Passphrase too long"
+msgstr "Passphrase too long"
+
+#: agent/call-pinentry.c:808
+msgid "Invalid characters in PIN"
+msgstr "Invalid characters in PIN"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr "PIN too short"
+
+#: agent/call-pinentry.c:825
+msgid "Bad PIN"
+msgstr "Bad PIN"
+
+#: agent/call-pinentry.c:826
+msgid "Bad Passphrase"
+msgstr "Bad Passphrase"
+
+#: agent/call-pinentry.c:863
+msgid "Passphrase"
+msgstr "Passphrase"
+
+#: agent/command-ssh.c:531
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "ssh keys greater than %d bits are not supported\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "can't create ‘%s’: %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "can't open ‘%s’: %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "error getting serial number of card: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr "detected card with S/N: %s\n"
+
+#: agent/command-ssh.c:1717
+#, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "error getting default authentication keyID of card: %s\n"
+
+#: agent/command-ssh.c:1737
+#, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "no suitable card key found: %s\n"
+
+#: agent/command-ssh.c:1787
+#, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "shadowing the key failed: %s\n"
+
+#: agent/command-ssh.c:1802
+#, c-format
+msgid "error writing key: %s\n"
+msgstr "error writing key: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr "Allow"
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr "Deny"
+
+#: agent/command-ssh.c:2155
+#, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+msgid "Please re-enter this passphrase"
+msgstr "Please re-enter this passphrase"
+
+#: agent/command-ssh.c:2509
+#, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr "does not match - try again"
+
+#: agent/command-ssh.c:3054
+#, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "failed to create stream from socket: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr "Please insert the card with serial number"
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr "Please remove the current card and insert the one with serial number"
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr "Admin PIN"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr "PUK"
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr "Reset Code"
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr "%s%%0A%%0AUse the reader's keypad for input."
+
+#: agent/divert-scd.c:287
+msgid "Repeat this Reset Code"
+msgstr "Repeat this Reset Code"
+
+#: agent/divert-scd.c:289
+msgid "Repeat this PUK"
+msgstr "Repeat this PUK"
+
+#: agent/divert-scd.c:290
+msgid "Repeat this PIN"
+msgstr "Repeat this PIN"
+
+#: agent/divert-scd.c:295
+msgid "Reset Code not correctly repeated; try again"
+msgstr "Reset Code not correctly repeated; try again"
+
+#: agent/divert-scd.c:297
+msgid "PUK not correctly repeated; try again"
+msgstr "PUK not correctly repeated; try again"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "PIN not correctly repeated; try again"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "Please enter the PIN%s%s%s to unlock the card"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "error creating temporary file: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "error writing to temporary file: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+msgid "Enter new passphrase"
+msgstr "Enter new passphrase"
+
+#: agent/genkey.c:167
+msgid "Take this one anyway"
+msgstr "Take this one anyway"
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgstr[1] ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgstr[1] ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr "Yes, protection is not needed"
+
+#: agent/genkey.c:308
+#, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr "Please enter the passphrase to%0Ato protect your new key"
+
+#: agent/genkey.c:431
+msgid "Please enter the new passphrase"
+msgstr "Please enter the new passphrase"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@Options:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr "run in server mode (foreground)"
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr "run in daemon mode (background)"
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "verbose"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "be somewhat more quiet"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr "sh-style command output"
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr "csh-style command output"
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+msgid "|FILE|read options from FILE"
+msgstr "|FILE|read options from FILE"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr "do not detach from the console"
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr "do not grab keyboard and mouse"
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+msgid "use a log file for the server"
+msgstr "use a log file for the server"
+
+#: agent/gpg-agent.c:138
+msgid "use a standard location for the socket"
+msgstr "use a standard location for the socket"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr "|PGM|use PGM as the PIN-Entry program"
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr "|PGM|use PGM as the SCdaemon program"
+
+#: agent/gpg-agent.c:145
+msgid "do not use the SCdaemon"
+msgstr "do not use the SCdaemon"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr "ignore requests to change the TTY"
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr "ignore requests to change the X display"
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr "|N|expire cached PINs after N seconds"
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr "do not use the PIN cache when signing"
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr "allow clients to mark keys as “trustedâ€"
+
+#: agent/gpg-agent.c:179
+msgid "allow presetting passphrase"
+msgstr "allow presetting passphrase"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr "enable ssh-agent emulation"
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr "|FILE|write environment settings also to FILE"
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Please report bugs to <@EMAIL@>.\n"
+
+#: agent/gpg-agent.c:342
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Usage: gpg-agent [options] (-h for help)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr "invalid debug-level ‘%s’ given\n"
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr "%s is too old (need %s, have %s)\n"
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "NOTE: no default option file ‘%s’\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "option file ‘%s’: %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "reading options from ‘%s’\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "error creating ‘%s’: %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "can't create directory ‘%s’: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr "name of socket too long\n"
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, c-format
+msgid "can't create socket: %s\n"
+msgstr "can't create socket: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "socket name ‘%s’ is too long\n"
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "a gpg-agent is already running - not starting a new one\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+msgid "error getting nonce for the socket\n"
+msgstr "error getting nonce for the socket\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "error binding socket to ‘%s’: %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, c-format
+msgid "listen() failed: %s\n"
+msgstr "listen() failed: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, c-format
+msgid "listening on socket `%s'\n"
+msgstr "listening on socket ‘%s’\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "directory ‘%s’ created\n"
+
+#: agent/gpg-agent.c:1640
+#, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "stat() failed for ‘%s’: %s\n"
+
+#: agent/gpg-agent.c:1644
+#, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "can't use ‘%s’ as home directory\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "error reading nonce on fd %d: %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr "handler 0x%lx for fd %d started\n"
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr "handler 0x%lx for fd %d terminated\n"
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr "ssh handler 0x%lx for fd %d started\n"
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr "ssh handler 0x%lx for fd %d terminated\n"
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "pth_select failed: %s - waiting 1s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, c-format
+msgid "%s %s stopped\n"
+msgstr "%s %s stopped\n"
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr "no gpg-agent running in this session\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "malformed GPG_AGENT_INFO environment variable\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "gpg-agent protocol version %d is not supported\n"
+
+#: agent/preset-passphrase.c:98
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Commands:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Options:\n"
+" "
+
+#: agent/protect-tool.c:166
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Usage: gpg-protect-tool [options] (-h for help)\n"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+
+#: agent/protect-tool.c:1162
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Please enter the passphrase to unprotect the PKCS#12 object."
+
+#: agent/protect-tool.c:1167
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Please enter the passphrase to protect the new PKCS#12 object."
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+
+#: agent/protect-tool.c:1178
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+msgid "Passphrase:"
+msgstr "Passphrase:"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+msgid "cancelled\n"
+msgstr "cancelled\n"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "error while asking for the passphrase: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, c-format
+msgid "error opening `%s': %s\n"
+msgstr "error opening ‘%s’: %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "file ‘%s’, line %d: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr "statement “%s†ignored in ‘%s’, line %d\n"
+
+#: agent/trustlist.c:185
+#, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "system trustlist ‘%s’ not available\n"
+
+#: agent/trustlist.c:229
+#, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "bad fingerprint in ‘%s’, line %d\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr "invalid keyflag in ‘%s’, line %d\n"
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "error reading ‘%s’, line %d: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr "error reading list of trusted root certificates\n"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+"Do you ultimately trust%%0A “%sâ€%%0Ato correctly certify user "
+"certificates?"
+
+#: agent/trustlist.c:620 common/audit.c:467
+msgid "Yes"
+msgstr "Yes"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr "No"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+"Please verify that the certificate identified as:%%0A “%sâ€%%0Ahas the "
+"fingerprint:%%0A %s"
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr "Correct"
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr "Wrong"
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr "Note: This passphrase has never been changed.%0APlease change it now."
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+
+#: agent/findkey.c:187 agent/findkey.c:194
+msgid "Change passphrase"
+msgstr "Change passphrase"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr "I'll change it later"
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "error creating a pipe: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "can't fdopen pipe for reading: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, c-format
+msgid "error forking process: %s\n"
+msgstr "error forking process: %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr "waiting for process %d to terminate failed: %s\n"
+
+#: common/exechelp.c:819
+#, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "error getting exit code of process %d: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "error running ‘%s’: exit status %d\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr "error running ‘%s’: probably not installed\n"
+
+#: common/exechelp.c:885
+#, c-format
+msgid "error running `%s': terminated\n"
+msgstr "error running ‘%s’: terminated\n"
+
+#: common/http.c:1674
+#, c-format
+msgid "error creating socket: %s\n"
+msgstr "error creating socket: %s\n"
+
+#: common/http.c:1718
+msgid "host not found"
+msgstr "host not found"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent is not available in this session\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "can't connect to ‘%s’: %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "communication problem with gpg-agent\n"
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr "problem setting the gpg-agent options\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+msgid "canceled by user\n"
+msgstr "canceled by user\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr "problem with the agent\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "can't disable core dumps: %s\n"
+
+#: common/sysutils.c:200
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "Warning: unsafe ownership on %s “%sâ€\n"
+
+#: common/sysutils.c:232
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "Warning: unsafe permissions on %s “%sâ€\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "yes"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "yY"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "no"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "quit"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "qQ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr "okay|okay"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr "cancel|cancel"
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr "oO"
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr "cC"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr "out of core in secure memory while allocating %lu bytes"
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr "out of core while allocating %lu bytes"
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr "no running gpg-agent - starting one\n"
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr "waiting %d seconds for the agent to come up\n"
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr "can't connect to the agent - trying fall back\n"
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr "|audit-log-result|Good"
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr "|audit-log-result|Bad"
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr "|audit-log-result|Not supported"
+
+#: common/audit.c:481
+msgid "|audit-log-result|No certificate"
+msgstr "|audit-log-result|No certificate"
+
+#: common/audit.c:483
+msgid "|audit-log-result|Not enabled"
+msgstr "|audit-log-result|Not enabled"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr "|audit-log-result|Error"
+
+#: common/audit.c:487
+msgid "|audit-log-result|Not used"
+msgstr "|audit-log-result|Not used"
+
+#: common/audit.c:489
+msgid "|audit-log-result|Okay"
+msgstr "|audit-log-result|Okay"
+
+#: common/audit.c:491
+msgid "|audit-log-result|Skipped"
+msgstr "|audit-log-result|Skipped"
+
+#: common/audit.c:493
+msgid "|audit-log-result|Some"
+msgstr "|audit-log-result|Some"
+
+#: common/audit.c:726
+msgid "Certificate chain available"
+msgstr "Certificate chain available"
+
+#: common/audit.c:733
+msgid "root certificate missing"
+msgstr "root certificate missing"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr "Data encryption succeeded"
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+msgid "Data available"
+msgstr "Data available"
+
+#: common/audit.c:767
+msgid "Session key created"
+msgstr "Session key created"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, c-format
+msgid "algorithm: %s"
+msgstr "algorithm: %s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, c-format
+msgid "unsupported algorithm: %s"
+msgstr "unsupported algorithm: %s"
+
+#: common/audit.c:778 common/audit.c:925
+msgid "seems to be not encrypted"
+msgstr "seems to be not encrypted"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr "Number of recipients"
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr "Recipient %d"
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr "Data signing succeeded"
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, c-format
+msgid "data hash algorithm: %s"
+msgstr "data hash algorithm: %s"
+
+#: common/audit.c:862
+#, c-format
+msgid "Signer %d"
+msgstr "Signer %d"
+
+#: common/audit.c:866 common/audit.c:1065
+#, c-format
+msgid "attr hash algorithm: %s"
+msgstr "attr hash algorithm: %s"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr "Data decryption succeeded"
+
+#: common/audit.c:910
+msgid "Encryption algorithm supported"
+msgstr "Encryption algorithm supported"
+
+#: common/audit.c:993
+msgid "Data verification succeeded"
+msgstr "Data verification succeeded"
+
+#: common/audit.c:1002
+msgid "Signature available"
+msgstr "Signature available"
+
+#: common/audit.c:1024
+msgid "Parsing data succeeded"
+msgstr "Parsing data succeeded"
+
+#: common/audit.c:1036
+#, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "bad data hash algorithm: %s"
+
+#: common/audit.c:1051
+#, c-format
+msgid "Signature %d"
+msgstr "Signature %d"
+
+#: common/audit.c:1079
+msgid "Certificate chain valid"
+msgstr "Certificate chain valid"
+
+#: common/audit.c:1090
+msgid "Root certificate trustworthy"
+msgstr "Root certificate trustworthy"
+
+#: common/audit.c:1111 sm/certchain.c:935
+msgid "no CRL found for certificate"
+msgstr "no CRL found for certificate"
+
+#: common/audit.c:1114 sm/certchain.c:945
+msgid "the available CRL is too old"
+msgstr "the available CRL is too old"
+
+#: common/audit.c:1119
+msgid "CRL/OCSP check of certificates"
+msgstr "CRL/OCSP check of certificates"
+
+#: common/audit.c:1139
+msgid "Included certificates"
+msgstr "Included certificates"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr "No audit log entries."
+
+#: common/audit.c:1243
+msgid "Unknown operation"
+msgstr "Unknown operation"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr "Gpg-Agent usable"
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr "Dirmngr usable"
+
+#: common/audit.c:1307
+#, c-format
+msgid "No help available for `%s'."
+msgstr "No help available for ‘%s’."
+
+#: common/helpfile.c:80
+msgid "ignoring garbage line"
+msgstr "ignoring garbage line"
+
+#: common/gettime.c:503
+msgid "[none]"
+msgstr "[none]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "armor: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "invalid armor header: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "armor header: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "invalid clearsig header\n"
+
+#: g10/armor.c:455
+msgid "unknown armor header: "
+msgstr "unknown armor header: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "nested clear text signatures\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "unexpected armor: "
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "invalid dash escaped line: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "invalid radix64 character %02X skipped\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "premature eof (no CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "premature eof (in CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "malformed CRC\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "CRC error; %06lX - %06lX\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "premature eof (in trailer)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "error in trailer line\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "no valid OpenPGP data found.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "invalid armor: line longer than %d characters\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"a notation name must have only printable characters or spaces, and end with "
+"an ‘=’\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "a user notation name must contain the ‘@’ character\n"
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "a notation name must not contain more than one ‘@’ character\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "a notation value must not use any control characters\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "WARNING: invalid notation data found\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "not human readable"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "OpenPGP card not available: %s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "OpenPGP card no. %s detected\n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "can't do this in batch mode\n"
+
+#: g10/card-util.c:106
+msgid "This command is only available for version 2 cards\n"
+msgstr "This command is only available for version 2 cards\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+msgid "Reset Code not or not anymore available\n"
+msgstr "Reset Code not or not anymore available\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Your selection? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[not set]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "male"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "female"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "unspecified"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "not forced"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "forced"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "Error: Only plain ASCII is currently allowed.\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "Error: The “<†character may not be used.\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "Error: Double spaces are not allowed.\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "Cardholder's surname: "
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "Cardholder's given name: "
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "Error: Combined name too long (limit is %d characters).\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "URL to retrieve public key: "
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "Error: URL too long (limit is %d characters).\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "error allocating enough memory: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "error reading ‘%s’: %s\n"
+
+#: g10/card-util.c:839
+#, c-format
+msgid "error writing `%s': %s\n"
+msgstr "error writing ‘%s’: %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "Login data (account name): "
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "Error: Login data too long (limit is %d characters).\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr "Private DO data: "
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "Error: Private DO too long (limit is %d characters).\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "Language preferences: "
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "Error: invalid length of preference string.\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Error: invalid characters in preference string.\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "Sex ((M)ale, (F)emale or space): "
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "Error: invalid response.\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "CA fingerprint: "
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "Error: invalid formatted fingerprint.\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "key operation not possible: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "not an OpenPGP card"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "error getting current key info: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "Replace existing key? (y/N) "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+
+#: g10/card-util.c:1295
+#, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "What keysize do you want for the Signature key? (%u) "
+
+#: g10/card-util.c:1297
+#, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "What keysize do you want for the Encryption key? (%u) "
+
+#: g10/card-util.c:1298
+#, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "What keysize do you want for the Authentication key? (%u) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "rounded up to %u bits\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "%s keysizes must be in the range %u-%u\n"
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr "The card will now be re-configured to generate a key of %u bits\n"
+
+#: g10/card-util.c:1342
+#, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "error changing size of key %d to %u bits: %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "Make off-card backup of encryption key? (Y/n) "
+
+#: g10/card-util.c:1378
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "NOTE: keys are already stored on the card!\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "Replace existing keys? (y/N) "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = ‘%s’ Admin PIN = ‘%s’\n"
+"You should change them using the command --change-pin\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "Please select the type of key to generate:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) Signature key\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) Encryption key\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) Authentication key\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Invalid selection.\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "Please select where to store the key:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "unknown key protection algorithm\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "secret parts of key are not available\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "secret key already stored on a card\n"
+
+#: g10/card-util.c:1623
+#, c-format
+msgid "error writing key to card: %s\n"
+msgstr "error writing key to card: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "quit this menu"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "show admin commands"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "show this help"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "list all available data"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "change card holder's name"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "change URL to retrieve key"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "fetch the key specified in the card URL"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "change the login name"
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "change the language preferences"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "change card holder's sex"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "change a CA fingerprint"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr "toggle the signature force PIN flag"
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "generate new keys"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "menu to change or unblock the PIN"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr "verify the PIN and list all data"
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr "unblock the PIN using a Reset Code"
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr "gpg/card> "
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "Admin-only command\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "Admin commands are allowed\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "Admin commands are not allowed\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Invalid command (try “helpâ€)\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output doesn't work for this command\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "can't open ‘%s’\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "key “%s†not found: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "error reading keyblock: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(unless you specify the key by fingerprint)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "can't do this in batch mode without “--yesâ€\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Delete this key from the keyring? (y/N) "
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "This is a secret key! - really delete? (y/N) "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "deleting keyblock failed: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "ownertrust information cleared\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "there is a secret key for public key “%sâ€!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "use option “--delete-secret-keys†to delete it first.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "error creating passphrase: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "can't use a symmetric ESK packet due to the S2K mode\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "using cipher %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "‘%s’ already compressed\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "WARNING: ‘%s’ is an empty file\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "reading from ‘%s’\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "you may not use %s while in %s mode\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s encrypted for: “%sâ€\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s encrypted data\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "encrypted with unknown algorithm %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "problem handling encrypted packet\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "no remote program execution supported\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"external program calls are disabled due to unsafe options file permissions\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"this platform requires temporary files when calling external programs\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "unable to execute program ‘%s’: %s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "unable to execute shell ‘%s’: %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "system error while calling external program: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "unnatural exit of external program\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "unable to execute external program\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "unable to read external program response: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "WARNING: unable to remove tempfile (%s) ‘%s’: %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "WARNING: unable to remove temp directory ‘%s’: %s\n"
+
+#: g10/export.c:61
+msgid "export signatures that are marked as local-only"
+msgstr "export signatures that are marked as local-only"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr "export attribute user IDs (generally photo IDs)"
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "export revocation keys marked as “sensitiveâ€"
+
+#: g10/export.c:67
+msgid "remove the passphrase from exported subkeys"
+msgstr "remove the passphrase from exported subkeys"
+
+#: g10/export.c:69
+msgid "remove unusable parts from key during export"
+msgstr "remove unusable parts from key during export"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr "remove as much as possible from key during export"
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr "export keys in an S-expression based format"
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "exporting secret keys not allowed\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "key %s: not protected - skipped\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "key %s: PGP 2.x style key - skipped\n"
+
+#: g10/export.c:386
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "key %s: key material on-card - skipped\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr "about to export an unprotected subkey\n"
+
+#: g10/export.c:560
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "failed to unprotect the subkey: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "WARNING: secret key %s does not have a simple SK checksum\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "WARNING: nothing exported\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "too many entries in pk cache - disabled\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[User ID not found]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr "automatically retrieved ‘%s’ via %s\n"
+
+#: g10/getkey.c:1118
+#, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "error retrieving ‘%s’ via %s: %s\n"
+
+#: g10/getkey.c:1120
+msgid "No fingerprint"
+msgstr "No fingerprint"
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "no secret subkey for public subkey %s - ignoring\n"
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "using subkey %s instead of primary key %s\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "key %s: secret key without public key - skipped\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+msgid "make a signature"
+msgstr "make a signature"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+msgid "make a clear text signature"
+msgstr "make a clear text signature"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "make a detached signature"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "encrypt data"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "encryption only with symmetric cipher"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "decrypt data (default)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "verify a signature"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "list keys"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "list keys and signatures"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "list and check key signatures"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "list keys and fingerprints"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "list secret keys"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "generate a new key pair"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "generate a revocation certificate"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "remove keys from the public keyring"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "remove keys from the secret keyring"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "sign a key"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "sign a key locally"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "sign or edit a key"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+msgid "change a passphrase"
+msgstr "change a passphrase"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "export keys"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "export keys to a key server"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "import keys from a key server"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "search for keys on a key server"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "update all keys from a keyserver"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "import/merge keys"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "print the card status"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "change data on a card"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "change a card's PIN"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "update the trust database"
+
+#: g10/gpg.c:436
+msgid "print message digests"
+msgstr "print message digests"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr "run in server mode"
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "create ascii armored output"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|USER-ID|encrypt for USER-ID"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "|USER-ID|use USER-ID to sign or decrypt"
+
+#: g10/gpg.c:462
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|set compress level to N (0 disables)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "use canonical text mode"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+msgid "|FILE|write output to FILE"
+msgstr "|FILE|write output to FILE"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "do not make any changes"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "prompt before overwriting"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "use strict OpenPGP behavior"
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Usage: gpg [options] [files] (-h for help)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Supported algorithms:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Pubkey: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Cipher: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Hash: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Compression: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "usage: gpg [options] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "conflicting commands\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "no = sign found in group definition ‘%s’\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "WARNING: unsafe ownership on homedir ‘%s’\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "WARNING: unsafe ownership on configuration file ‘%s’\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "WARNING: unsafe ownership on extension ‘%s’\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "WARNING: unsafe permissions on homedir ‘%s’\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "WARNING: unsafe permissions on configuration file ‘%s’\n"
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "WARNING: unsafe permissions on extension ‘%s’\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "WARNING: unsafe enclosing directory ownership on homedir ‘%s’\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+"WARNING: unsafe enclosing directory ownership on configuration file ‘%s"
+"[0m’\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+"WARNING: unsafe enclosing directory ownership on extension ‘%s’\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+"WARNING: unsafe enclosing directory permissions on homedir ‘%s’\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+"WARNING: unsafe enclosing directory permissions on configuration file ‘%s"
+"[0m’\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+"WARNING: unsafe enclosing directory permissions on extension ‘%s’\n"
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "unknown configuration item ‘%s’\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr "display photo IDs during key listings"
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr "show policy URLs during signature listings"
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr "show all notations during signature listings"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr "show IETF standard notations during signature listings"
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr "show user-supplied notations during signature listings"
+
+#: g10/gpg.c:1711
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "show preferred keyserver URLs during signature listings"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr "show user ID validity during key listings"
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr "show revoked and expired user IDs in key listings"
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr "show revoked and expired subkeys in key listings"
+
+#: g10/gpg.c:1719
+msgid "show the keyring name in key listings"
+msgstr "show the keyring name in key listings"
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr "show expiration dates during signature listings"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "NOTE: old default options file ‘%s’ ignored\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr "libgcrypt is too old (need %s, have %s)\n"
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "NOTE: %s is not for normal use!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "‘%s’ is not a valid signature expiration\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "‘%s’ is not a valid character set\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "could not parse keyserver URL\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: invalid keyserver options\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "invalid keyserver options\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: invalid import options\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "invalid import options\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: invalid export options\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "invalid export options\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: invalid list options\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "invalid list options\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr "display photo IDs during signature verification"
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr "show policy URLs during signature verification"
+
+#: g10/gpg.c:2704
+msgid "show all notations during signature verification"
+msgstr "show all notations during signature verification"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr "show IETF standard notations during signature verification"
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr "show user-supplied notations during signature verification"
+
+#: g10/gpg.c:2712
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "show preferred keyserver URLs during signature verification"
+
+#: g10/gpg.c:2714
+msgid "show user ID validity during signature verification"
+msgstr "show user ID validity during signature verification"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr "show revoked and expired user IDs in signature verification"
+
+#: g10/gpg.c:2718
+msgid "show only the primary user ID in signature verification"
+msgstr "show only the primary user ID in signature verification"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr "validate signatures with PKA data"
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr "elevate the trust of signatures with valid PKA data"
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: invalid verify options\n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "invalid verify options\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "unable to set exec-path to %s\n"
+
+#: g10/gpg.c:2925
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: invalid auto-key-locate list\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr "invalid auto-key-locate list\n"
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "WARNING: program may create a core file!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "WARNING: %s overrides %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s not allowed with %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s makes no sense with %s!\n"
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "will not run with insecure memory due to %s\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "you can only make detached or clear signatures while in --pgp2 mode\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+"you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "selected cipher algorithm is invalid\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "selected digest algorithm is invalid\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "selected compression algorithm is invalid\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "selected certification digest algorithm is invalid\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed must be greater than 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed must be greater than 1\n"
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth must be in the range from 1 to 255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "invalid min-cert-level; must be 1, 2, or 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "NOTE: simple S2K mode (0) is strongly discouraged\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "invalid S2K mode; must be 0, 1 or 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "invalid default preferences\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "invalid personal cipher preferences\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "invalid personal digest preferences\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "invalid personal compress preferences\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s does not yet work with %s\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "you may not use cipher algorithm ‘%s’ while in %s mode\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "you may not use digest algorithm ‘%s’ while in %s mode\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "you may not use compression algorithm ‘%s’ while in %s mode\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "failed to initialize the TrustDB: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr "WARNING: recipients (-r) given without using public key encryption\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [filename]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [filename]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "symmetric encryption of ‘%s’ failed: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [filename]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [filename]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "you cannot use --symmetric --encrypt while in %s mode\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [filename]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [filename]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [filename]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [filename]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [filename]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [filename]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key user-id"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key user-id"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key user-id [commands]"
+
+#: g10/gpg.c:3629
+msgid "--passwd <user-id>"
+msgstr "--passwd <user-id>"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "keyserver send failed: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "keyserver receive failed: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "key export failed: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "keyserver search failed: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "keyserver refresh failed: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "dearmoring failed: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "enarmoring failed: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "invalid hash algorithm ‘%s’\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[filename]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Go ahead and type your message ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "the given certification policy URL is invalid\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "the given signature policy URL is invalid\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "the given preferred keyserver URL is invalid\n"
+
+#: g10/gpgv.c:74
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "|FILE|take the keys from the keyring FILE"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "make timestamp conflicts only a warning"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|write status info to this FD"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Usage: gpgv [options] [files] (-h for help)"
+
+#: g10/gpgv.c:119
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "No help available"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "No help available for ‘%s’"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr "import signatures that are marked as local-only"
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr "repair damage from the pks keyserver during import"
+
+#: g10/import.c:98
+msgid "do not update the trustdb after import"
+msgstr "do not update the trustdb after import"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr "create a public key when importing a secret key"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr "only accept updates to existing keys"
+
+#: g10/import.c:104
+msgid "remove unusable parts from key after import"
+msgstr "remove unusable parts from key after import"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr "remove as much as possible from key after import"
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "skipping block of type %d\n"
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu keys processed so far\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Total number processed: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " skipped new keys: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " w/o user IDs: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " imported: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " unchanged: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " new user IDs: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " new subkeys: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " new signatures: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " new key revocations: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " secret keys read: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " secret keys imported: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " secret keys unchanged: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " not imported: %lu\n"
+
+#: g10/import.c:323
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " signatures cleaned: %lu\n"
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " user IDs cleaned: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " “%sâ€: preference for cipher algorithm %s\n"
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " “%sâ€: preference for digest algorithm %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " “%sâ€: preference for compression algorithm %s\n"
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "it is strongly suggested that you update your preferences and\n"
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+"re-distribute this key to avoid potential algorithm mismatch problems\n"
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr "you can update your preferences with: gpg --edit-key %s updpref save\n"
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "key %s: no user ID\n"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "key %s: PKS subkey corruption repaired\n"
+
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "key %s: accepted non self-signed user ID “%sâ€\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "key %s: no valid user IDs\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "this may be caused by a missing self-signature\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "key %s: public key not found: %s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "key %s: new key - skipped\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "no writable keyring found: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "writing to ‘%s’\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "error writing keyring ‘%s’: %s\n"
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "key %s: public key “%s†imported\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "key %s: doesn't match our copy\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "key %s: can't locate original keyblock: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "key %s: can't read original keyblock: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "key %s: “%s†1 new user ID\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "key %s: “%s†%d new user IDs\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "key %s: “%s†1 new signature\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "key %s: “%s†%d new signatures\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "key %s: “%s†1 new subkey\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "key %s: “%s†%d new subkeys\n"
+
+#: g10/import.c:980
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "key %s: “%s†%d signature cleaned\n"
+
+#: g10/import.c:983
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "key %s: “%s†%d signatures cleaned\n"
+
+#: g10/import.c:986
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "key %s: “%s†%d user ID cleaned\n"
+
+#: g10/import.c:989
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "key %s: “%s†%d user IDs cleaned\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "key %s: “%s†not changed\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "key %s: secret key with invalid cipher %d - skipped\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "importing secret keys not allowed\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "no default secret keyring: %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "key %s: secret key imported\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "key %s: already in secret keyring\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "key %s: secret key not found: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr "key %s: no public key - can't apply revocation certificate\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "key %s: invalid revocation certificate: %s - rejected\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "key %s: “%s†revocation certificate imported\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "key %s: no user ID for signature\n"
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr "key %s: unsupported public key algorithm on user ID “%sâ€\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "key %s: invalid self-signature on user ID “%sâ€\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "key %s: unsupported public key algorithm\n"
+
+#: g10/import.c:1484
+#, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "key %s: invalid direct key signature\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "key %s: no subkey for key binding\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "key %s: invalid subkey binding\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "key %s: removed multiple subkey binding\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "key %s: no subkey for key revocation\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "key %s: invalid subkey revocation\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "key %s: removed multiple subkey revocation\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "key %s: skipped user ID “%sâ€\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "key %s: skipped subkey\n"
+
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "key %s: non exportable signature (class 0x%02X) - skipped\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "key %s: revocation certificate at wrong place - skipped\n"
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "key %s: invalid revocation certificate: %s - skipped\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "key %s: subkey signature in wrong place - skipped\n"
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "key %s: unexpected signature class (0x%02X) - skipped\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "key %s: duplicated user ID detected - merged\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr "WARNING: key %s may be revoked: fetching revocation key %s\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr "WARNING: key %s may be revoked: revocation key %s not present.\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "key %s: “%s†revocation certificate added\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "key %s: direct key signature added\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "NOTE: a key's S/N does not match the card's one\n"
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "NOTE: primary key is online and stored on card\n"
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "NOTE: secondary key is online and stored on card\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "error creating keyring ‘%s’: %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "keyring ‘%s’ created\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "keyblock resource ‘%s’: %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "failed to rebuild keyring cache: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[revocation]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[self-signature]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 bad signature\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d bad signatures\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 signature not checked due to a missing key\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d signatures not checked due to missing keys\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 signature not checked due to an error\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d signatures not checked due to errors\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "1 user ID without valid self-signature detected\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "%d user IDs without valid self-signatures detected\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = I trust marginally\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = I trust fully\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr "Please enter a domain to restrict this signature, or enter for none.\n"
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "User ID “%s†is revoked."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Are you sure you still want to sign it? (y/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Unable to sign.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "User ID “%s†is expired."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "User ID “%s†is not self-signed."
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "User ID “%s†is signable. "
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr "Sign it? (y/N) "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"The self-signature on “%sâ€\n"
+"is a PGP 2.x-style signature.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Your current signature on “%sâ€\n"
+"has expired.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+"Do you want to issue a new signature to replace the expired one? (y/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Your current signature on “%sâ€\n"
+"is a local signature.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "Do you want to promote it to a full exportable signature? (y/N) "
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "“%s†was already locally signed by key %s\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "“%s†was already signed by key %s\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Do you want to sign it again anyway? (y/N) "
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Nothing to sign with key %s\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "This key has expired!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "This key is due to expire on %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Do you want your signature to expire at the same time? (Y/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "This would make the key unusable in PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter “0"
+"[0mâ€.\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) I will not answer.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) I have not checked at all.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) I have done casual checking.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) I have done very careful checking.%s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Your selection? (enter ‘?’ for more information): "
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Are you sure that you want to sign this key with your\n"
+"key “%s†(%s)\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "This will be a self-signature.\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr "WARNING: the signature will not be marked as non-exportable.\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr "WARNING: the signature will not be marked as non-revocable.\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "The signature will be marked as non-exportable.\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "The signature will be marked as non-revocable.\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "I have not checked this key at all.\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "I have checked this key casually.\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "I have checked this key very carefully.\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "Really sign? (y/N) "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "signing failed: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr "Key has only stub or on-card key items - no passphrase to change.\n"
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "This key is not protected.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Secret parts of primary key are not available.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Secret parts of primary key are stored on-card.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Key is protected.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Can't edit this key: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "passphrase not correctly repeated; try again"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "Do you really want to do this? (y/N) "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "moving a key signature to the correct place\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "save and quit"
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr "show key fingerprint"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "list key and user IDs"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "select user ID N"
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr "select subkey N"
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr "check signatures"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr "sign selected user IDs [* see below for related commands]"
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr "sign selected user IDs locally"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr "sign selected user IDs with a trust signature"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr "sign selected user IDs with a non-revocable signature"
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "add a user ID"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "add a photo ID"
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr "delete selected user IDs"
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr "add a subkey"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr "add a key to a smartcard"
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr "move a key to a smartcard"
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr "move a backup key to a smartcard"
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr "delete selected subkeys"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "add a revocation key"
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr "delete signatures from the selected user IDs"
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "change the expiration date for the key or selected subkeys"
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr "flag the selected user ID as primary"
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr "toggle between the secret and public key listings"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "list preferences (expert)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "list preferences (verbose)"
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr "set preference list for the selected user IDs"
+
+#: g10/keyedit.c:1453
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "set the preferred keyserver URL for the selected user IDs"
+
+#: g10/keyedit.c:1455
+msgid "set a notation for the selected user IDs"
+msgstr "set a notation for the selected user IDs"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "change the passphrase"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "change the ownertrust"
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr "revoke signatures on the selected user IDs"
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr "revoke selected user IDs"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr "revoke key or selected subkeys"
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr "enable key"
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr "disable key"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr "show selected photo IDs"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr "compact unusable user IDs and remove unusable signatures from key"
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr "compact unusable user IDs and remove all signatures from key"
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "error reading secret keyblock “%sâ€: %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Secret key is available.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Need the secret key to do this.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Please use the command “toggle†first.\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* The ‘sign’ command may be prefixed with an ‘l’ for local "
+"signatures (lsign),\n"
+" a ‘t’ for trust signatures (tsign), an ‘nr’ for non-revocable "
+"signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "Key is revoked."
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Really sign all user IDs? (y/N) "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Hint: Select the user IDs to sign\n"
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "Unknown signature type ‘%s’\n"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "This command is not allowed while in %s mode.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "You must select at least one user ID.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "You can't delete the last user ID!\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Really remove all selected user IDs? (y/N) "
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "Really remove this user ID? (y/N) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr "Really move the primary key? (y/N) "
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "You must select exactly one key.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr "Command expects a filename argument\n"
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "Can't open ‘%s’: %s\n"
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "Error reading backup key from ‘%s’: %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "You must select at least one key.\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Do you really want to delete the selected keys? (y/N) "
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Do you really want to delete this key? (y/N) "
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Really revoke all selected user IDs? (y/N) "
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Really revoke this user ID? (y/N) "
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Do you really want to revoke the entire key? (y/N) "
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Do you really want to revoke the selected subkeys? (y/N) "
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Do you really want to revoke this subkey? (y/N) "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+"Owner trust may not be set while using a user provided trust database\n"
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "Set preference list to:\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "Really update the preferences for the selected user IDs? (y/N) "
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "Really update the preferences? (y/N) "
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "Save changes? (y/N) "
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "Quit without saving? (y/N) "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "update failed: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "update secret failed: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Key not changed so no update needed.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Digest: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Features: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr "Keyserver no-modify"
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr "Preferred keyserver: "
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+msgid "Notations: "
+msgstr "Notations: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "There are no preferences on a PGP 2.x-style user ID.\n"
+
+#: g10/keyedit.c:2810
+#, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "The following key was revoked on %s by %s key %s\n"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "This key may be revoked by %s key %s"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr "(sensitive)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "created: %s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "revoked: %s"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "expired: %s"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "expires: %s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "usage: %s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr "trust: %s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "validity: %s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "This key has been disabled"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr "card-no: "
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "revoked"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "expired"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Are you sure you still want to add it? (y/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "You may not add a photo ID to a PGP2-style key.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Delete this good signature? (y/N/q)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Delete this invalid signature? (y/N/q)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Delete this unknown signature? (y/N/q)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Really delete this self-signature? (y/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Deleted %d signature.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "Deleted %d signatures.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Nothing deleted.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "invalid"
+
+#: g10/keyedit.c:3357
+#, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "User ID “%s†compacted: %s\n"
+
+#: g10/keyedit.c:3364
+#, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "User ID “%sâ€: %d signature removed\n"
+
+#: g10/keyedit.c:3365
+#, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "User ID “%sâ€: %d signatures removed\n"
+
+#: g10/keyedit.c:3373
+#, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "User ID “%sâ€: already minimized\n"
+
+#: g10/keyedit.c:3374
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "User ID “%sâ€: already clean\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "You may not add a designated revoker to a PGP 2.x-style key.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Enter the user ID of the designated revoker: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "cannot appoint a PGP 2.x style key as a designated revoker\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "you cannot appoint a key as its own designated revoker\n"
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr "this key has already been designated as a revoker\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Please remove selections from the secret keys.\n"
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr "Please select at most one subkey.\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Changing expiration time for a subkey.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Changing expiration time for the primary key.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "You can't change the expiration date of a v3 key\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "No corresponding signature in secret ring\n"
+
+#: g10/keyedit.c:3800
+#, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "signing subkey %s is already cross-certified\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr "subkey %s does not sign and so does not need to be cross-certified\n"
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Please select exactly one user ID.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "skipping v3 self-signature on user ID “%sâ€\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr "Enter your preferred keyserver URL: "
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Are you sure you want to replace it? (y/N) "
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Are you sure you want to delete it? (y/N) "
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr "Enter the notation: "
+
+#: g10/keyedit.c:4471
+msgid "Proceed? (y/N) "
+msgstr "Proceed? (y/N) "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "No user ID with index %d\n"
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "No user ID with hash %s\n"
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "No subkey with index %d\n"
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "user ID: “%sâ€\n"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "signed by your key %s on %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (non-exportable)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "This signature expired on %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Are you sure you still want to revoke it? (y/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Create a revocation certificate for this signature? (y/N) "
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr "Not signed by you.\n"
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "You have signed these user IDs on key %s:\n"
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (non-revocable)"
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "revoked by your key %s on %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "You are about to revoke these signatures:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Really create the revocation certificates? (y/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "no secret key\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "user ID “%s†is already revoked\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr "WARNING: a user ID signature is dated %d seconds in the future\n"
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "Key %s is already revoked.\n"
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "Subkey %s is already revoked.\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "preference ‘%s’ duplicated\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "too many cipher preferences\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "too many digest preferences\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "too many compression preferences\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "invalid item ‘%s’ in preference string\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "writing direct signature\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "writing self signature\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "writing key binding signature\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "keysize invalid; using %u bits\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "keysize rounded up to %u bits\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "Sign"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr "Certify"
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "Encrypt"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "Authenticate"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr "SsEeAaQq"
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "Possible actions for a %s key: "
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr "Current allowed actions: "
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) Toggle the sign capability\n"
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) Toggle the encrypt capability\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) Toggle the authenticate capability\n"
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) Finished\n"
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Please select what kind of key you want:\n"
+
+#: g10/keygen.c:1689
+#, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) RSA and RSA (default)\n"
+
+#: g10/keygen.c:1691
+#, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA and Elgamal\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (sign only)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (sign only)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) Elgamal (encrypt only)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (encrypt only)\n"
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (set your own capabilities)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (set your own capabilities)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "%s keys may be between %u and %u bits long.\n"
+
+#: g10/keygen.c:1820
+#, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "What keysize do you want for the subkey? (%u) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "What keysize do you want? (%u) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Requested keysize is %u bits\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Key is valid for? (0) "
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Signature is valid for? (%s) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "invalid value\n"
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr "Key does not expire at all\n"
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr "Signature does not expire at all\n"
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "Key expires at %s\n"
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "Signature expires at %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "Is this correct? (y/N) "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" “Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>â€\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Real name: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Invalid character in name\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Name may not start with a digit\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Name must be at least 5 characters long\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Email address: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Not a valid email address\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Comment: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Invalid character in comment\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "You are using the ‘%s’ character set.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"You selected this USER-ID:\n"
+" “%sâ€\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "Please don't put the email address into the real name or the comment\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr "Such a user ID already exists on this key!\n"
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcEeOoQq"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Please correct the error first\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+
+#: g10/keygen.c:2276
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option “--edit-keyâ€.\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Key generation canceled.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "writing public key to ‘%s’\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "writing secret key stub to ‘%s’\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "writing secret key to ‘%s’\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "no writable public keyring found: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "no writable secret keyring found: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "error writing public keyring ‘%s’: %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "error writing secret keyring ‘%s’: %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "public and secret key created and signed.\n"
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command “--edit-key†to generate a subkey for this purpose.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Key generation failed: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "Really create? (y/N) "
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "storing key onto card failed: %s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "can't create backup file ‘%s’: %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "NOTE: backup of card key saved to ‘%s’\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "never "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Critical signature policy: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Signature policy: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr "Critical preferred keyserver: "
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Critical signature notation: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Signature notation: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Keyring"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Primary key fingerprint:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Subkey fingerprint:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Primary key fingerprint:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Subkey fingerprint:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr " Key fingerprint ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr " Card serial no. ="
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "renaming ‘%s’ to ‘%s’ failed: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "WARNING: 2 files with confidential information exists.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s is the unchanged one\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s is the new one\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Please fix this possible security flaw\n"
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "caching keyring ‘%s’\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu keys cached so far (%lu signatures)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu keys cached (%lu signatures)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: keyring created\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr "include revoked keys in search results"
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr "include subkeys when searching by key ID"
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr "use temporary files to pass data to keyserver helpers"
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr "do not delete temporary files after using them"
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr "automatically retrieve keys when verifying signatures"
+
+#: g10/keyserver.c:85
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "honor the preferred keyserver URL set on the key"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr "honor the PKA record set on a key when retrieving keys"
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr "WARNING: keyserver option ‘%s’ is not used on this platform\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "disabled"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "Enter number(s), N)ext, or Q)uit > "
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "invalid keyserver protocol (us %d!=handler %d)\n"
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "key “%s†not found on keyserver\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "key not found on keyserver\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "requesting key %s from %s server %s\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "requesting key %s from %s\n"
+
+#: g10/keyserver.c:1205
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "searching for names from %s server %s\n"
+
+#: g10/keyserver.c:1208
+#, c-format
+msgid "searching for names from %s\n"
+msgstr "searching for names from %s\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "sending key %s to %s server %s\n"
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "sending key %s to %s\n"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "searching for “%s†from %s server %s\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "searching for “%s†from %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr "no keyserver action!\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "keyserver did not send VERSION\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "no keyserver known (use option --keyserver)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr "external keyserver calls are not supported in this build\n"
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "no handler for keyserver scheme ‘%s’\n"
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr "action ‘%s’ not supported with keyserver scheme ‘%s’\n"
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "%s does not support handler version %d\n"
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "keyserver timed out\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "keyserver internal error\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "keyserver communications error: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "“%s†not a key ID: skipping\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "WARNING: unable to refresh key %s via %s: %s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "refreshing 1 key from %s\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "refreshing %d keys from %s\n"
+
+#: g10/keyserver.c:1987
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "WARNING: unable to fetch URI %s: %s\n"
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "WARNING: unable to parse URI %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "weird size for an encrypted session key (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s encrypted session key\n"
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "passphrase generated with unknown digest algorithm %d\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "public key is %s\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "public key encrypted data: good DEK\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "encrypted with %u-bit %s key, ID %s, created %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " “%sâ€\n"
+
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "encrypted with %s key, ID %s\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "public key decryption failed: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "encrypted with %lu passphrases\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "encrypted with 1 passphrase\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "assuming %s encrypted data\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "decryption okay\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "WARNING: message was not integrity protected\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "WARNING: encrypted message has been manipulated!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr "cleared passphrase cached with ID: %s\n"
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "decryption failed: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "NOTE: sender requested “for-your-eyes-onlyâ€\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "original file name='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr "WARNING: multiple plaintexts seen\n"
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "standalone revocation - use “gpg --import†to apply\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+msgid "no signature found\n"
+msgstr "no signature found\n"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "signature verification suppressed\n"
+
+#: g10/mainproc.c:1587
+msgid "can't handle this ambiguous signature data\n"
+msgstr "can't handle this ambiguous signature data\n"
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "Signature made %s\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " using %s key %s\n"
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Signature made %s using %s key ID %s\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Key available at: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "BAD signature from “%sâ€"
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Expired signature from “%sâ€"
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "Good signature from “%sâ€"
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[uncertain]"
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " aka “%sâ€"
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Signature expired %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Signature expires %s\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s signature, digest algorithm %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "binary"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "textmode"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "unknown"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Can't check signature: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "not a detached signature\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "standalone signature of class 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "old style (PGP 2.x) signature\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "invalid root packet detected in proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "fstat of ‘%s’ failed in %s: %s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "fstat(%d) failed in %s: %s\n"
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "WARNING: using experimental public key algorithm %s\n"
+
+#: g10/misc.c:302
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "WARNING: using experimental cipher algorithm %s\n"
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "WARNING: using experimental digest algorithm %s\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "WARNING: digest algorithm %s is deprecated\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "the IDEA cipher plugin is not present\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, c-format
+msgid "please see %s for more information\n"
+msgstr "please see %s for more information\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: deprecated option “%sâ€\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "WARNING: “%s†is a deprecated option\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "please use “%s%s†instead\n"
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "WARNING: “%s†is a deprecated command - do not use it\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr "%s:%u: obsolete option “%s†- it has no effect\n"
+
+#: g10/misc.c:787
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "WARNING: “%s†is an obsolete option - it has no effect\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "Uncompressed"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr "uncompressed|none"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "this message may not be usable by %s\n"
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "ambiguous option ‘%s’\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "unknown option ‘%s’\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "File ‘%s’ exists. "
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "Overwrite? (y/N) "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: unknown suffix\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Enter new filename"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "writing to stdout\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "assuming signed data in ‘%s’\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "new configuration file ‘%s’ created\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "WARNING: options in ‘%s’ are not yet active during this run\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "can't handle public key algorithm %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr "WARNING: potentially insecure symmetrically encrypted session key\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "subpacket of type %d has critical bit set\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr "problem with the agent: %s\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (main key ID %s)"
+
+#: g10/passphrase.c:358
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"“%.*sâ€\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Enter passphrase\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "cancelled by user\n"
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"You need a passphrase to unlock the secret key for\n"
+"user: “%sâ€\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-bit %s key, ID %s, created %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (subkey on main key ID %s)"
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Enter JPEG filename for photo ID: "
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "unable to open JPEG file ‘%s’: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "This JPEG is really large (%d bytes) !\n"
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Are you sure you want to use it? (y/N) "
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "‘%s’ is not a JPEG file\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Is this photo correct (y/N/q)? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "unable to display photo ID!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "No reason specified"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Key is superseded"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Key has been compromised"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Key is no longer used"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "User ID is no longer valid"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "reason for revocation: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "revocation comment: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMqQsS"
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "No trust value assigned to:\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " aka “%sâ€\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+"How much do you trust that this key actually belongs to the named user?\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = I don't know or won't say\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = I do NOT trust\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = I trust ultimately\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " m = back to the main menu\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " s = skip this key\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " q = quit\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Your decision? "
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Do you really want to set this key to ultimate trust? (y/N) "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certificates leading to an ultimately trusted key:\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr "%s: There is no assurance this key belongs to the named user\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr "%s: There is limited assurance this key belongs to the named user\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "This key probably belongs to the named user\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "This key belongs to us\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "Use this key anyway? (y/N) "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "WARNING: Using untrusted key!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "WARNING: this key might be revoked (revocation key not present)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "WARNING: This key has been revoked by its designated revoker!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "WARNING: This key has been revoked by its owner!\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " This could mean that the signature is forged.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "WARNING: This subkey has been revoked by its owner!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Note: This key has been disabled.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr "Note: Verified signer's address is ‘%s’\n"
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr "Note: Signer's address ‘%s’ does not match DNS entry\n"
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr "trustlevel adjusted to FULL due to valid PKA info\n"
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr "trustlevel adjusted to NEVER due to bad PKA info\n"
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Note: This key has expired!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "WARNING: This key is not certified with a trusted signature!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" There is no indication that the signature belongs to the owner.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "WARNING: We do NOT trust this key!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " The signature is probably a FORGERY.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " It is not certain that the signature belongs to the owner.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: skipped: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: skipped: public key already present\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "You did not specify a user ID. (you may use “-râ€)\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr "Current recipients:\n"
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Enter the user ID. End with an empty line: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "No such user ID.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "skipped: public key already set as default recipient\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Public key is disabled.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "skipped: public key already set\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "unknown default recipient “%sâ€\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: skipped: public key is disabled\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "no valid addressees\n"
+
+#: g10/pkclist.c:1503
+#, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "Note: key %s has no %s feature\n"
+
+#: g10/pkclist.c:1528
+#, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "Note: key %s has no preference for %s\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "data not saved; use option “--output†to save it\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Detached signature.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Please enter name of data file: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "reading stdin ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "no signed data\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "can't open signed data ‘%s’\n"
+
+#: g10/plaintext.c:607
+#, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "can't open signed data fd=%d: %s\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "anonymous recipient; trying secret key %s ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "okay, we are the anonymous recipient.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "old encoding of the DEK is not supported\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "cipher algorithm %d%s is unknown or disabled\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "WARNING: cipher algorithm %s not found in recipient preferences\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "NOTE: secret key %s expired at %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "NOTE: key has been revoked"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet failed: %s\n"
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "key %s has no user IDs\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "To be revoked by:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(This is a sensitive revocation key)\n"
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Create a designated revocation certificate for this key? (y/N) "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "ASCII armored output forced.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet failed: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Revocation certificate created.\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "no revocation keys found for “%sâ€\n"
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "secret key “%s†not found: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "no corresponding public key: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "public key does not match secret key!\n"
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Create a revocation certificate for this key? (y/N) "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "unknown protection algorithm\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "NOTE: This key is not protected!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Please select the reason for the revocation:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Cancel"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Probably you want to select %d here)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Enter an optional description; end it with an empty line:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Reason for revocation: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(No description given)\n"
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "Is this okay? (y/N) "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "secret key parts are not available\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "protection algorithm %d%s is not supported\n"
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "protection digest %d is not supported\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Invalid passphrase; please try again"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "WARNING: Weak key detected - please change passphrase again.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr "generating the deprecated 16-bit checksum for secret key protection\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "weak key created - retrying\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr "DSA requires the hash length to be a multiple of 8 bits\n"
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr "DSA key %s uses an unsafe (%u bit) hash\n"
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr "DSA key %s requires a %u bit or larger hash\n"
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "WARNING: signature digest conflict in message\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "WARNING: signing subkey %s is not cross-certified\n"
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr "WARNING: signing subkey %s has an invalid cross-certification\n"
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "public key %s is %lu second newer than the signature\n"
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "public key %s is %lu seconds newer than the signature\n"
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "NOTE: signature key %s expired %s\n"
+
+#: g10/sig-check.c:252
+#, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "NOTE: signature key %s has been revoked\n"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr "assuming bad signature from key %s due to an unknown critical bit\n"
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "key %s: no subkey for subkey revocation signature\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "key %s: no subkey for subkey binding signature\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "checking created signature failed: %s\n"
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s signature from: “%sâ€\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "signing:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "%s encryption will be used\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr "key is not flagged as insecure - can't use it with the faked RNG!\n"
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "skipped “%sâ€: duplicated\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "skipped “%sâ€: %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "skipped: secret key already present\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"this is a PGP generated Elgamal key which is not secure for signatures!"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "trust record %lu, type %d: write failed: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use “gpg --import-ownertrust†to restore them)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "error in ‘%s’: %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "line too long"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr "colon missing"
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "invalid fingerprint"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "ownertrust value missing"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "error finding trust record in ‘%s’: %s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "read error in ‘%s’: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "trustdb: sync failed: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "trustdb rec %lu: lseek failed: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "trustdb rec %lu: write failed (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "trustdb transaction too large\n"
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "can't access ‘%s’: %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: directory does not exist!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "can't create lock for ‘%s’\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "can't lock ‘%s’\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: failed to create version record: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: invalid trustdb created\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: trustdb created\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "NOTE: trustdb not writable\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: invalid trustdb\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: failed to create hashtable: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: error updating version record: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: error reading version record: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: error writing version record: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "trustdb: lseek failed: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "trustdb: read failed (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: not a trustdb file\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: version record with recnum %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: invalid file version %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: error reading free record: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: error writing dir record: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: failed to zero a record: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: failed to append a record: %s\n"
+
+#: g10/tdbio.c:1512
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "Error: The trustdb is corrupted.\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "can't handle text lines longer than %d characters\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "input line longer than %d characters\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "‘%s’ is not a valid long keyID\n"
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "key %s: accepted as trusted key\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "key %s occurs more than once in the trustdb\n"
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "key %s: no public key for trusted key - skipped\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "key %s marked as ultimately trusted\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "trust record %lu, req type %d: read failed: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "trust record %lu is not of requested type %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr "You may try to re-create the trustdb using the commands:\n"
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr "If that does not work, please consult the manual\n"
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr "unable to use unknown trust model (%d) - assuming %s trust model\n"
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr "using %s trust model\n"
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr "10 translator see trustdb.c:uid_trust_string_fixed"
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr "[ revoked]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr "[ expired]"
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr "[ unknown]"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr "[ undef ]"
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr "[marginal]"
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr "[ full ]"
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr "[ultimate]"
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr "undefined"
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr "never"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr "marginal"
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr "full"
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr "ultimate"
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "no need for a trustdb check\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "next trustdb check due at %s\n"
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "no need for a trustdb check with ‘%s’ trust model\n"
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "no need for a trustdb update with ‘%s’ trust model\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "public key %s not found: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "please do a --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "checking the trustdb\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d keys processed (%d validity counts cleared)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "no ultimately trusted keys found\n"
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "public key of ultimately trusted key %s not found\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "unable to update trustdb version record: write failed: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "input line %u too long or missing LF\n"
+
+#: g10/verify.c:253
+#, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "can't open fd %d: %s\n"
+
+#: jnlib/argparse.c:180
+msgid "argument not expected"
+msgstr "argument not expected"
+
+#: jnlib/argparse.c:182
+msgid "read error"
+msgstr "read error"
+
+#: jnlib/argparse.c:184
+msgid "keyword too long"
+msgstr "keyword too long"
+
+#: jnlib/argparse.c:186
+msgid "missing argument"
+msgstr "missing argument"
+
+#: jnlib/argparse.c:188
+msgid "invalid command"
+msgstr "invalid command"
+
+#: jnlib/argparse.c:190
+msgid "invalid alias definition"
+msgstr "invalid alias definition"
+
+#: jnlib/argparse.c:192
+msgid "out of core"
+msgstr "out of core"
+
+#: jnlib/argparse.c:194
+msgid "invalid option"
+msgstr "invalid option"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr "missing argument for option “%.50sâ€\n"
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr "option “%.50s†does not expect an argument\n"
+
+#: jnlib/argparse.c:207
+#, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "invalid command “%.50sâ€\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr "option “%.50s†is ambiguous\n"
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr "command “%.50s†is ambiguous\n"
+
+#: jnlib/argparse.c:213
+msgid "out of core\n"
+msgstr "out of core\n"
+
+#: jnlib/argparse.c:215
+#, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "invalid option “%.50sâ€\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "you found a bug ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, c-format
+msgid "error loading `%s': %s\n"
+msgstr "error loading ‘%s’: %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr "conversion from ‘%s’ to ‘%s’ not available\n"
+
+#: jnlib/utf8conv.c:131
+#, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "iconv_open failed: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "conversion from ‘%s’ to ‘%s’ failed: %s\n"
+
+#: jnlib/dotlock.c:234
+#, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "failed to create temporary file ‘%s’: %s\n"
+
+#: jnlib/dotlock.c:269
+#, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "error writing to ‘%s’: %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr "removing stale lockfile (created by %d)\n"
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr " - probably dead - removing lock"
+
+#: jnlib/dotlock.c:469
+#, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "waiting for lock (held by %d%s) %s...\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr "(deadlock?) "
+
+#: jnlib/dotlock.c:493
+#, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "lock ‘%s’ not made: %s\n"
+
+#: jnlib/dotlock.c:501
+#, c-format
+msgid "waiting for lock %s...\n"
+msgstr "waiting for lock %s...\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr "set debugging flags"
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr "enable full debugging"
+
+#: kbx/kbxutil.c:117
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Usage: kbxutil [options] [files] (-h for help)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "RSA modulus missing or not of size %d bits\n"
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "RSA public exponent missing or larger than %d bits\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN callback returned error: %s\n"
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr "the NullPIN has not yet been changed\n"
+
+#: scd/app-nks.c:1092
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "|N|Please enter a new PIN for the standard keys."
+
+#: scd/app-nks.c:1093
+msgid "||Please enter the PIN for the standard keys."
+msgstr "||Please enter the PIN for the standard keys."
+
+#: scd/app-nks.c:1099
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+
+#: scd/app-nks.c:1101
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr "|N|Please enter a new PIN for the key to create qualified signatures."
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr "||Please enter the PIN for the key to create qualified signatures."
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "error getting new PIN: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "failed to store the fingerprint: %s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "failed to store the creation date: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "reading public key failed: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "response does not contain the public key data\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "response does not contain the RSA modulus\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "response does not contain the RSA public exponent\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr "using default PIN as %s\n"
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr "failed to use default PIN as %s: %s - disabling further default use\n"
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||Please enter the PIN%%0A[sigs done: %lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+msgid "||Please enter the PIN"
+msgstr "||Please enter the PIN"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "PIN for CHV%d is too short; minimum length is %d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "verify CHV%d failed: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "error retrieving CHV status from card\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "card is permanently locked!\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr "%d Admin PIN attempts remaining before card is permanently locked\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+
+#: scd/app-openpgp.c:1680
+msgid "|A|Please enter the Admin PIN"
+msgstr "|A|Please enter the Admin PIN"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "access to admin commands is not configured\n"
+
+#: scd/app-openpgp.c:2035
+msgid "||Please enter the Reset Code for the card"
+msgstr "||Please enter the Reset Code for the card"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "Reset Code is too short; minimum length is %d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr "|RN|New Reset Code"
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr "|AN|New Admin PIN"
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr "|N|New PIN"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "error reading application data\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "error reading fingerprint DO\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "key already exists\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "existing key will be replaced\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "generating new key\n"
+
+#: scd/app-openpgp.c:2202
+msgid "writing new key\n"
+msgstr "writing new key\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr "creation timestamp missing\n"
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr "RSA prime %s missing or not of size %d bits\n"
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "failed to store the key: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "please wait while key is being generated ...\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "generating key failed\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "key generation completed (%d seconds)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "invalid structure of OpenPGP card (DO 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr "fingerprint on card does not match requested one\n"
+
+#: scd/app-openpgp.c:3099
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "card does not support digest algorithm %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "signatures created so far: %lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+"verification of Admin PIN is currently prohibited through this command\n"
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "can't access %s - invalid OpenPGP card?\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr "||Please enter your PIN at the reader's keypad"
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr "|N|Initial New PIN"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr "run in multi server mode (foreground)"
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr "|LEVEL|set the debugging level to LEVEL"
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+msgid "|FILE|write a log to FILE"
+msgstr "|FILE|write a log to FILE"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr "|N|connect to reader at port N"
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NAME|use NAME as ct-API driver"
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NAME|use NAME as PC/SC driver"
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr "do not use the internal CCID driver"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr "|N|disconnect the card after N seconds of inactivity"
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr "do not use a reader's keypad"
+
+#: scd/scdaemon.c:144
+msgid "deny the use of admin card commands"
+msgstr "deny the use of admin card commands"
+
+#: scd/scdaemon.c:259
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Usage: scdaemon [options] (-h for help)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+"please use the option ‘--daemon’ to run the program in the background\n"
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr "handler for fd %d started\n"
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr "handler for fd %d terminated\n"
+
+#: sm/base64.c:325
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "invalid radix64 character %02x skipped\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "failed to proxy %s inquiry to client\n"
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr "no running dirmngr - starting ‘%s’\n"
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "malformed DIRMNGR_INFO environment variable\n"
+
+#: sm/call-dirmngr.c:297
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "dirmngr protocol version %d is not supported\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr "can't connect to the dirmngr - trying fall back\n"
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr "validation model requested by certificate: %s"
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr "chain"
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+msgid "shell"
+msgstr "shell"
+
+#: sm/certchain.c:258
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "critical certificate extension %s is not supported"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr "issuer certificate is not marked as a CA"
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr "critical marked policy without configured policies"
+
+#: sm/certchain.c:345
+#, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "failed to open ‘%s’: %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr "note: non-critical certificate policy not allowed"
+
+#: sm/certchain.c:357 sm/certchain.c:386
+msgid "certificate policy not allowed"
+msgstr "certificate policy not allowed"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr "looking up issuer at external location\n"
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr "number of issuers matching: %d\n"
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr "looking up issuer from the Dirmngr cache\n"
+
+#: sm/certchain.c:585
+#, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "number of matching certificates: %d\n"
+
+#: sm/certchain.c:587
+#, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "dirmngr cache-only key lookup failed: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+msgid "failed to allocated keyDB handle\n"
+msgstr "failed to allocated keyDB handle\n"
+
+#: sm/certchain.c:925
+msgid "certificate has been revoked"
+msgstr "certificate has been revoked"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr "the status of the certificate is unknown"
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr "please make sure that the “dirmngr†is properly installed\n"
+
+#: sm/certchain.c:953
+#, c-format
+msgid "checking the CRL failed: %s"
+msgstr "checking the CRL failed: %s"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "certificate with invalid validity: %s"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr "certificate not yet valid"
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+msgid "root certificate not yet valid"
+msgstr "root certificate not yet valid"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr "intermediate certificate not yet valid"
+
+#: sm/certchain.c:1012
+msgid "certificate has expired"
+msgstr "certificate has expired"
+
+#: sm/certchain.c:1013
+msgid "root certificate has expired"
+msgstr "root certificate has expired"
+
+#: sm/certchain.c:1014
+msgid "intermediate certificate has expired"
+msgstr "intermediate certificate has expired"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr "required certificate attributes missing: %s%s%s"
+
+#: sm/certchain.c:1065
+msgid "certificate with invalid validity"
+msgstr "certificate with invalid validity"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr "signature not created during lifetime of certificate"
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr "certificate not created during lifetime of issuer"
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr "intermediate certificate not created during lifetime of issuer"
+
+#: sm/certchain.c:1109
+msgid " ( signature created at "
+msgstr " ( signature created at "
+
+#: sm/certchain.c:1110
+msgid " (certificate created at "
+msgstr " (certificate created at "
+
+#: sm/certchain.c:1113
+msgid " (certificate valid from "
+msgstr " (certificate valid from "
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr " ( issuer valid from "
+
+#: sm/certchain.c:1144
+#, c-format
+msgid "fingerprint=%s\n"
+msgstr "fingerprint=%s\n"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr "root certificate has now been marked as trusted\n"
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr "interactive marking as trusted not enabled in gpg-agent\n"
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr "interactive marking as trusted disabled for this session\n"
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr "WARNING: creation time of signature not known - assuming current time"
+
+#: sm/certchain.c:1293
+msgid "no issuer found in certificate"
+msgstr "no issuer found in certificate"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr "self-signed certificate has a BAD signature"
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr "root certificate is not marked trusted"
+
+#: sm/certchain.c:1448
+#, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "checking the trust list failed: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr "certificate chain too long\n"
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr "issuer certificate not found"
+
+#: sm/certchain.c:1522
+msgid "certificate has a BAD signature"
+msgstr "certificate has a BAD signature"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr "found another possible matching CA certificate - trying again"
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr "certificate chain longer than allowed by CA (%d)"
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+msgid "certificate is good\n"
+msgstr "certificate is good\n"
+
+#: sm/certchain.c:1645
+msgid "intermediate certificate is good\n"
+msgstr "intermediate certificate is good\n"
+
+#: sm/certchain.c:1646
+msgid "root certificate is good\n"
+msgstr "root certificate is good\n"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr "switching to chain model"
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr "validation model used: %s"
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr "%s key uses an unsafe (%u bit) hash\n"
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr "a %u bit hash is not valid for a %u bit %s key\n"
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr "(this is the MD2 algorithm)\n"
+
+#: sm/certdump.c:60 sm/certdump.c:143
+msgid "none"
+msgstr "none"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+msgid "[Error - invalid encoding]"
+msgstr "[Error - invalid encoding]"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr "[Error - out of core]"
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr "[Error - No name]"
+
+#: sm/certdump.c:679 sm/certdump.c:738
+msgid "[Error - invalid DN]"
+msgstr "[Error - invalid DN]"
+
+#: sm/certdump.c:948
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"“%sâ€\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr "no key usage specified - assuming all usages\n"
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "error getting key usage information: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr "certificate should have not been used for certification\n"
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr "certificate should have not been used for OCSP response signing\n"
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr "certificate should have not been used for encryption\n"
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr "certificate should have not been used for signing\n"
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr "certificate is not usable for encryption\n"
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr "certificate is not usable for signing\n"
+
+#: sm/certreqgen.c:474
+#, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "line %d: invalid algorithm\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr "line %d: invalid key length %u (valid are %d to %d)\n"
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr "line %d: no subject name given\n"
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr "line %d: invalid subject name label ‘%.*s’\n"
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr "line %d: invalid subject name ‘%s’ at pos %d\n"
+
+#: sm/certreqgen.c:534
+#, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "line %d: not a valid email address\n"
+
+#: sm/certreqgen.c:546
+#, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "line %d: error reading key ‘%s’ from card: %s\n"
+
+#: sm/certreqgen.c:558
+#, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "line %d: error getting key by keygrip ‘%s’: %s\n"
+
+#: sm/certreqgen.c:574
+#, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "line %d: key generation failed: %s <%s>\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+
+#: sm/certreqgen-ui.c:158
+#, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA\n"
+
+#: sm/certreqgen-ui.c:159
+#, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) Existing key\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr " (%d) Existing key from card\n"
+
+#: sm/certreqgen-ui.c:202
+msgid "Enter the keygrip: "
+msgstr "Enter the keygrip: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr "Not a valid keygrip (expecting 40 hex digits)\n"
+
+#: sm/certreqgen-ui.c:212
+msgid "No key with this keygrip\n"
+msgstr "No key with this keygrip\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, c-format
+msgid "error reading the card: %s\n"
+msgstr "error reading the card: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "Serial number of the card: %s\n"
+
+#: sm/certreqgen-ui.c:245
+msgid "Available keys:\n"
+msgstr "Available keys:\n"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "Possible actions for a %s key:\n"
+
+#: sm/certreqgen-ui.c:277
+#, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) sign, encrypt\n"
+
+#: sm/certreqgen-ui.c:278
+#, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) sign\n"
+
+#: sm/certreqgen-ui.c:279
+#, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) encrypt\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr "Enter the X.509 subject name: "
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr "No subject name given\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr "Invalid subject name label ‘%.*s’\n"
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "Invalid subject name ‘%s’\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+
+#: sm/certreqgen-ui.c:334
+msgid "Enter email addresses"
+msgstr "Enter email addresses"
+
+#: sm/certreqgen-ui.c:335
+msgid " (end with an empty line):\n"
+msgstr " (end with an empty line):\n"
+
+#: sm/certreqgen-ui.c:339
+msgid "Enter DNS names"
+msgstr "Enter DNS names"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+msgid " (optional; end with an empty line):\n"
+msgstr " (optional; end with an empty line):\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr "Enter URIs"
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr "Parameters to be used for the certificate request:\n"
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr "Now creating certificate request. This may take a while ...\n"
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr "Ready. You should now send this request to your CA.\n"
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr "resource problem: out of core\n"
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr "(this is the RC2 algorithm)\n"
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr "(this does not seem to be an encrypted message)\n"
+
+#: sm/delete.c:51 sm/delete.c:112
+#, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "certificate ‘%s’ not found: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, c-format
+msgid "error locking keybox: %s\n"
+msgstr "error locking keybox: %s\n"
+
+#: sm/delete.c:143
+#, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "duplicated certificate ‘%s’ deleted\n"
+
+#: sm/delete.c:145
+#, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "certificate ‘%s’ deleted\n"
+
+#: sm/delete.c:175
+#, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "deleting certificate “%s†failed: %s\n"
+
+#: sm/encrypt.c:321
+msgid "no valid recipients given\n"
+msgstr "no valid recipients given\n"
+
+#: sm/gpgsm.c:197
+msgid "list external keys"
+msgstr "list external keys"
+
+#: sm/gpgsm.c:199
+msgid "list certificate chain"
+msgstr "list certificate chain"
+
+#: sm/gpgsm.c:206
+msgid "import certificates"
+msgstr "import certificates"
+
+#: sm/gpgsm.c:207
+msgid "export certificates"
+msgstr "export certificates"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr "register a smartcard"
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr "pass a command to the dirmngr"
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr "invoke gpg-protect-tool"
+
+#: sm/gpgsm.c:230
+msgid "create base-64 encoded output"
+msgstr "create base-64 encoded output"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr "assume input is in PEM format"
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr "assume input is in base-64 format"
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr "assume input is in binary format"
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr "use system's dirmngr if available"
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr "never consult a CRL"
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr "check validity using OCSP"
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr "|N|number of certificates to include"
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr "|FILE|take policy information from FILE"
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr "do not check certificate policies"
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr "fetch missing issuer certificates"
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "don't use the terminal at all"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr "|FILE|write a server mode log to FILE"
+
+#: sm/gpgsm.c:290
+msgid "|FILE|write an audit log to FILE"
+msgstr "|FILE|write an audit log to FILE"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "batch mode: never ask"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "assume yes on most questions"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "assume no on most questions"
+
+#: sm/gpgsm.c:298
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "|FILE|add keyring to the list of keyrings"
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|USER-ID|use USER-ID as default secret key"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|use this keyserver to lookup keys"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NAME|use cipher algorithm NAME"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NAME|use message digest algorithm NAME"
+
+#: sm/gpgsm.c:522
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Usage: gpgsm [options] [files] (-h for help)"
+
+#: sm/gpgsm.c:525
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+
+#: sm/gpgsm.c:617
+msgid "usage: gpgsm [options] "
+msgstr "usage: gpgsm [options] "
+
+#: sm/gpgsm.c:739
+#, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "NOTE: won't be able to encrypt to ‘%s’: %s\n"
+
+#: sm/gpgsm.c:750
+#, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "unknown validation model ‘%s’\n"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: no hostname given\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: password given without user\n"
+
+#: sm/gpgsm.c:841
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: skipping this line\n"
+
+#: sm/gpgsm.c:1376
+msgid "could not parse keyserver\n"
+msgstr "could not parse keyserver\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr "WARNING: running with faked system time: "
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "importing common certificates ‘%s’\n"
+
+#: sm/gpgsm.c:1597
+#, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "can't sign using ‘%s’: %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr "invalid command (there is no implicit command)\n"
+
+#: sm/import.c:111
+#, c-format
+msgid "total number processed: %lu\n"
+msgstr "total number processed: %lu\n"
+
+#: sm/import.c:230
+msgid "error storing certificate\n"
+msgstr "error storing certificate\n"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr "basic certificate checks failed - not imported\n"
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+msgid "failed to allocate keyDB handle\n"
+msgstr "failed to allocate keyDB handle\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "error getting stored flags: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, c-format
+msgid "error importing certificate: %s\n"
+msgstr "error importing certificate: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, c-format
+msgid "error reading input: %s\n"
+msgstr "error reading input: %s\n"
+
+#: sm/keydb.c:187
+#, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "error creating keybox ‘%s’: %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr "you may want to start the gpg-agent first\n"
+
+#: sm/keydb.c:195
+#, c-format
+msgid "keybox `%s' created\n"
+msgstr "keybox ‘%s’ created\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+msgid "failed to get the fingerprint\n"
+msgstr "failed to get the fingerprint\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr "problem looking for existing certificate: %s\n"
+
+#: sm/keydb.c:1348
+#, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "error finding writable keyDB: %s\n"
+
+#: sm/keydb.c:1356
+#, c-format
+msgid "error storing certificate: %s\n"
+msgstr "error storing certificate: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "problem re-searching certificate: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, c-format
+msgid "error storing flags: %s\n"
+msgstr "error storing flags: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr "Error - "
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr "GPG_TTY has not been set - using maybe bogus default\n"
+
+#: sm/qualified.c:105
+#, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "invalid formatted fingerprint in ‘%s’, line %d\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr "invalid country code in ‘%s’, line %d\n"
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+"You are about to create a signature using your certificate:\n"
+"“%sâ€\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+"You are about to create a signature using your certificate:\n"
+"“%sâ€\n"
+"Note, that this certificate will NOT create a qualified signature!"
+
+#: sm/sign.c:449
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr "hash algorithm used for signer %d: %s (%s)\n"
+
+#: sm/sign.c:513
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "checking for qualified certificate failed: %s\n"
+
+#: sm/verify.c:449
+msgid "Signature made "
+msgstr "Signature made "
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr "[date not given]"
+
+#: sm/verify.c:454
+#, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr " using certificate ID 0x%08lX\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+"invalid signature: message digest attribute does not match computed one\n"
+
+#: sm/verify.c:594
+msgid "Good signature from"
+msgstr "Good signature from"
+
+#: sm/verify.c:595
+msgid " aka"
+msgstr " aka"
+
+#: sm/verify.c:613
+msgid "This is a qualified signature\n"
+msgstr "This is a qualified signature\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+msgid "quiet"
+msgstr "quiet"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr "print data out hex encoded"
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr "decode received data lines"
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr "|NAME|connect to Assuan socket NAME"
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr "run the Assuan server given on the command line"
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr "do not use extended connect mode"
+
+#: tools/gpg-connect-agent.c:80
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|FILE|run commands from FILE on startup"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr "run /subst on startup"
+
+#: tools/gpg-connect-agent.c:184
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Usage: gpg-connect-agent [options] (-h for help)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr "option “%s†requires a program and optional arguments\n"
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr "option “%s†ignored due to “%sâ€\n"
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, c-format
+msgid "receiving line failed: %s\n"
+msgstr "receiving line failed: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+msgid "line too long - skipped\n"
+msgstr "line too long - skipped\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr "line shortened due to embedded Nul character\n"
+
+#: tools/gpg-connect-agent.c:1743
+#, c-format
+msgid "unknown command `%s'\n"
+msgstr "unknown command ‘%s’\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, c-format
+msgid "sending line failed: %s\n"
+msgstr "sending line failed: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, c-format
+msgid "error sending %s command: %s\n"
+msgstr "error sending %s command: %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, c-format
+msgid "error sending standard options: %s\n"
+msgstr "error sending standard options: %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr "Options controlling the diagnostic output"
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr "Options controlling the configuration"
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr "Options useful for debugging"
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr "|FILE|write server mode logs to FILE"
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr "Options controlling the security"
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr "|N|expire SSH keys after N seconds"
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr "|N|set maximum PIN cache lifetime to N seconds"
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr "|N|set maximum SSH key lifetime to N seconds"
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr "Options enforcing a passphrase policy"
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr "do not allow to bypass the passphrase policy"
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr "|N|set minimal required length for new passphrases to N"
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr "|N|require at least N non-alpha characters for a new passphrase"
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr "|FILE|check new passphrases against pattern in FILE"
+
+#: tools/gpgconf-comp.c:557
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|expire the passphrase after N days"
+
+#: tools/gpgconf-comp.c:561
+msgid "do not allow the reuse of old passphrases"
+msgstr "do not allow the reuse of old passphrases"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NAME|use NAME as default secret key"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NAME|encrypt to user ID NAME as well"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr "|SPEC|set up email aliases"
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr "Configuration for Keyservers"
+
+#: tools/gpgconf-comp.c:688
+msgid "|URL|use keyserver at URL"
+msgstr "|URL|use keyserver at URL"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr "allow PKA lookups (DNS requests)"
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr "disable all access to the dirmngr"
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NAME|use encoding NAME for PKCS#12 passphrases"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr "do not check CRLs for root certificates"
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr "Options controlling the format of the output"
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr "Options controlling the interactivity and enforcement"
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr "Configuration for HTTP servers"
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr "use system's HTTP proxy setting"
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr "Configuration of LDAP servers to use"
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr "LDAP server list"
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr "Configuration for OCSP"
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr "External verification of component %s failed"
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr "Note that group specifications are ignored\n"
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr "list all components"
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr "check all programs"
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr "|COMPONENT|list options"
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr "|COMPONENT|change options"
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr "|COMPONENT|check options"
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr "apply global default values"
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr "get the configuration directories for gpgconf"
+
+#: tools/gpgconf.c:72
+msgid "list global configuration file"
+msgstr "list global configuration file"
+
+#: tools/gpgconf.c:74
+msgid "check global configuration file"
+msgstr "check global configuration file"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "use as output file"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr "activate changes at runtime, if possible"
+
+#: tools/gpgconf.c:105
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Usage: gpgconf [options] (-h for help)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+msgid "usage: gpgconf [options] "
+msgstr "usage: gpgconf [options] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr "Need one component argument"
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+msgid "Component not found"
+msgstr "Component not found"
+
+#: tools/gpgconf.c:284
+msgid "No argument allowed"
+msgstr "No argument allowed"
+
+#: tools/symcryptrun.c:154
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@\n"
+"Commands:\n"
+" "
+
+#: tools/symcryptrun.c:156
+msgid "decryption modus"
+msgstr "decryption modus"
+
+#: tools/symcryptrun.c:157
+msgid "encryption modus"
+msgstr "encryption modus"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr "tool class (confucius)"
+
+#: tools/symcryptrun.c:162
+msgid "program filename"
+msgstr "program filename"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr "secret key file (required)"
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr "input file name (default stdin)"
+
+#: tools/symcryptrun.c:209
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Usage: symcryptrun [options] (-h for help)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+
+#: tools/symcryptrun.c:281
+#, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s on %s aborted with status %i\n"
+
+#: tools/symcryptrun.c:288
+#, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "%s on %s failed with status %i\n"
+
+#: tools/symcryptrun.c:314
+#, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "can't create temporary directory ‘%s’: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "could not open %s for writing: %s\n"
+
+#: tools/symcryptrun.c:382
+#, c-format
+msgid "error writing to %s: %s\n"
+msgstr "error writing to %s: %s\n"
+
+#: tools/symcryptrun.c:389
+#, c-format
+msgid "error reading from %s: %s\n"
+msgstr "error reading from %s: %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, c-format
+msgid "error closing %s: %s\n"
+msgstr "error closing %s: %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr "no --program option provided\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr "only --decrypt and --encrypt are supported\n"
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr "no --keyfile option provided\n"
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr "cannot allocate args vector\n"
+
+#: tools/symcryptrun.c:529
+#, c-format
+msgid "could not create pipe: %s\n"
+msgstr "could not create pipe: %s\n"
+
+#: tools/symcryptrun.c:536
+#, c-format
+msgid "could not create pty: %s\n"
+msgstr "could not create pty: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr "could not fork: %s\n"
+
+#: tools/symcryptrun.c:580
+#, c-format
+msgid "execv failed: %s\n"
+msgstr "execv failed: %s\n"
+
+#: tools/symcryptrun.c:609
+#, c-format
+msgid "select failed: %s\n"
+msgstr "select failed: %s\n"
+
+#: tools/symcryptrun.c:626
+#, c-format
+msgid "read failed: %s\n"
+msgstr "read failed: %s\n"
+
+#: tools/symcryptrun.c:678
+#, c-format
+msgid "pty read failed: %s\n"
+msgstr "pty read failed: %s\n"
+
+#: tools/symcryptrun.c:730
+#, c-format
+msgid "waitpid failed: %s\n"
+msgstr "waitpid failed: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr "child aborted with status %i\n"
+
+#: tools/symcryptrun.c:799
+#, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "cannot allocate infile string: %s\n"
+
+#: tools/symcryptrun.c:812
+#, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "cannot allocate outfile string: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr "either %s or %s must be given\n"
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr "no class provided\n"
+
+#: tools/symcryptrun.c:1022
+#, c-format
+msgid "class %s is not supported\n"
+msgstr "class %s is not supported\n"
+
+#: tools/gpg-check-pattern.c:145
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
diff --git a/po/en@quot.gmo b/po/en@quot.gmo
new file mode 100644
index 0000000..cecbe0c
--- /dev/null
+++ b/po/en@quot.gmo
Binary files differ
diff --git a/po/en@quot.header b/po/en@quot.header
new file mode 100644
index 0000000..a9647fc
--- /dev/null
+++ b/po/en@quot.header
@@ -0,0 +1,22 @@
+# All this catalog "translates" are quotation characters.
+# The msgids must be ASCII and therefore cannot contain real quotation
+# characters, only substitutes like grave accent (0x60), apostrophe (0x27)
+# and double quote (0x22). These substitutes look strange; see
+# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html
+#
+# This catalog translates grave accent (0x60) and apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019).
+# It also translates pairs of apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019)
+# and pairs of quotation mark (0x22) to
+# left double quotation mark (U+201C) and right double quotation mark (U+201D).
+#
+# When output to an UTF-8 terminal, the quotation characters appear perfectly.
+# When output to an ISO-8859-1 terminal, the single quotation marks are
+# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to
+# grave/acute accent (by libiconv), and the double quotation marks are
+# transliterated to 0x22.
+# When output to an ASCII terminal, the single quotation marks are
+# transliterated to apostrophes, and the double quotation marks are
+# transliterated to 0x22.
+#
diff --git a/po/en@quot.po b/po/en@quot.po
new file mode 100644
index 0000000..5693c6e
--- /dev/null
+++ b/po/en@quot.po
@@ -0,0 +1,8362 @@
+# English translations for GNU gnupg package.
+# Copyright (C) 2012 Free Software Foundation, Inc.
+# This file is distributed under the same license as the GNU gnupg package.
+# Automatically generated, 2012.
+#
+# All this catalog "translates" are quotation characters.
+# The msgids must be ASCII and therefore cannot contain real quotation
+# characters, only substitutes like grave accent (0x60), apostrophe (0x27)
+# and double quote (0x22). These substitutes look strange; see
+# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html
+#
+# This catalog translates grave accent (0x60) and apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019).
+# It also translates pairs of apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019)
+# and pairs of quotation mark (0x22) to
+# left double quotation mark (U+201C) and right double quotation mark (U+201D).
+#
+# When output to an UTF-8 terminal, the quotation characters appear perfectly.
+# When output to an ISO-8859-1 terminal, the single quotation marks are
+# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to
+# grave/acute accent (by libiconv), and the double quotation marks are
+# transliterated to 0x22.
+# When output to an ASCII terminal, the single quotation marks are
+# transliterated to apostrophes, and the double quotation marks are
+# transliterated to 0x22.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: GNU gnupg 2.0.19\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2012-03-27 10:23+0200\n"
+"Last-Translator: Automatically generated\n"
+"Language-Team: none\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: agent/call-pinentry.c:244
+#, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "failed to acquire the pinentry lock: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr "|pinentry-label|_OK"
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr "|pinentry-label|_Cancel"
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr "|pinentry-label|PIN:"
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr "Quality:"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr "pinentry.qualitybar.tooltip"
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+
+#: agent/call-pinentry.c:719
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr "SETERROR %s (try %d of %d)"
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+msgid "PIN too long"
+msgstr "PIN too long"
+
+#: agent/call-pinentry.c:800
+msgid "Passphrase too long"
+msgstr "Passphrase too long"
+
+#: agent/call-pinentry.c:808
+msgid "Invalid characters in PIN"
+msgstr "Invalid characters in PIN"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr "PIN too short"
+
+#: agent/call-pinentry.c:825
+msgid "Bad PIN"
+msgstr "Bad PIN"
+
+#: agent/call-pinentry.c:826
+msgid "Bad Passphrase"
+msgstr "Bad Passphrase"
+
+#: agent/call-pinentry.c:863
+msgid "Passphrase"
+msgstr "Passphrase"
+
+#: agent/command-ssh.c:531
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "ssh keys greater than %d bits are not supported\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "can't create ‘%s’: %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "can't open ‘%s’: %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "error getting serial number of card: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr "detected card with S/N: %s\n"
+
+#: agent/command-ssh.c:1717
+#, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "error getting default authentication keyID of card: %s\n"
+
+#: agent/command-ssh.c:1737
+#, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "no suitable card key found: %s\n"
+
+#: agent/command-ssh.c:1787
+#, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "shadowing the key failed: %s\n"
+
+#: agent/command-ssh.c:1802
+#, c-format
+msgid "error writing key: %s\n"
+msgstr "error writing key: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr "Allow"
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr "Deny"
+
+#: agent/command-ssh.c:2155
+#, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+msgid "Please re-enter this passphrase"
+msgstr "Please re-enter this passphrase"
+
+#: agent/command-ssh.c:2509
+#, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr "does not match - try again"
+
+#: agent/command-ssh.c:3054
+#, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "failed to create stream from socket: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr "Please insert the card with serial number"
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr "Please remove the current card and insert the one with serial number"
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr "Admin PIN"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr "PUK"
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr "Reset Code"
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr "%s%%0A%%0AUse the reader's keypad for input."
+
+#: agent/divert-scd.c:287
+msgid "Repeat this Reset Code"
+msgstr "Repeat this Reset Code"
+
+#: agent/divert-scd.c:289
+msgid "Repeat this PUK"
+msgstr "Repeat this PUK"
+
+#: agent/divert-scd.c:290
+msgid "Repeat this PIN"
+msgstr "Repeat this PIN"
+
+#: agent/divert-scd.c:295
+msgid "Reset Code not correctly repeated; try again"
+msgstr "Reset Code not correctly repeated; try again"
+
+#: agent/divert-scd.c:297
+msgid "PUK not correctly repeated; try again"
+msgstr "PUK not correctly repeated; try again"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "PIN not correctly repeated; try again"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "Please enter the PIN%s%s%s to unlock the card"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "error creating temporary file: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "error writing to temporary file: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+msgid "Enter new passphrase"
+msgstr "Enter new passphrase"
+
+#: agent/genkey.c:167
+msgid "Take this one anyway"
+msgstr "Take this one anyway"
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgstr[1] ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgstr[1] ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr "Yes, protection is not needed"
+
+#: agent/genkey.c:308
+#, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr "Please enter the passphrase to%0Ato protect your new key"
+
+#: agent/genkey.c:431
+msgid "Please enter the new passphrase"
+msgstr "Please enter the new passphrase"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@Options:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr "run in server mode (foreground)"
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr "run in daemon mode (background)"
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "verbose"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "be somewhat more quiet"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr "sh-style command output"
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr "csh-style command output"
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+msgid "|FILE|read options from FILE"
+msgstr "|FILE|read options from FILE"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr "do not detach from the console"
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr "do not grab keyboard and mouse"
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+msgid "use a log file for the server"
+msgstr "use a log file for the server"
+
+#: agent/gpg-agent.c:138
+msgid "use a standard location for the socket"
+msgstr "use a standard location for the socket"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr "|PGM|use PGM as the PIN-Entry program"
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr "|PGM|use PGM as the SCdaemon program"
+
+#: agent/gpg-agent.c:145
+msgid "do not use the SCdaemon"
+msgstr "do not use the SCdaemon"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr "ignore requests to change the TTY"
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr "ignore requests to change the X display"
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr "|N|expire cached PINs after N seconds"
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr "do not use the PIN cache when signing"
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr "allow clients to mark keys as “trustedâ€"
+
+#: agent/gpg-agent.c:179
+msgid "allow presetting passphrase"
+msgstr "allow presetting passphrase"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr "enable ssh-agent emulation"
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr "|FILE|write environment settings also to FILE"
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Please report bugs to <@EMAIL@>.\n"
+
+#: agent/gpg-agent.c:342
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Usage: gpg-agent [options] (-h for help)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr "invalid debug-level ‘%s’ given\n"
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr "%s is too old (need %s, have %s)\n"
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "NOTE: no default option file ‘%s’\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "option file ‘%s’: %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "reading options from ‘%s’\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "error creating ‘%s’: %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "can't create directory ‘%s’: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr "name of socket too long\n"
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, c-format
+msgid "can't create socket: %s\n"
+msgstr "can't create socket: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "socket name ‘%s’ is too long\n"
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "a gpg-agent is already running - not starting a new one\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+msgid "error getting nonce for the socket\n"
+msgstr "error getting nonce for the socket\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "error binding socket to ‘%s’: %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, c-format
+msgid "listen() failed: %s\n"
+msgstr "listen() failed: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, c-format
+msgid "listening on socket `%s'\n"
+msgstr "listening on socket ‘%s’\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "directory ‘%s’ created\n"
+
+#: agent/gpg-agent.c:1640
+#, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "stat() failed for ‘%s’: %s\n"
+
+#: agent/gpg-agent.c:1644
+#, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "can't use ‘%s’ as home directory\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "error reading nonce on fd %d: %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr "handler 0x%lx for fd %d started\n"
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr "handler 0x%lx for fd %d terminated\n"
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr "ssh handler 0x%lx for fd %d started\n"
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr "ssh handler 0x%lx for fd %d terminated\n"
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "pth_select failed: %s - waiting 1s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, c-format
+msgid "%s %s stopped\n"
+msgstr "%s %s stopped\n"
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr "no gpg-agent running in this session\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "malformed GPG_AGENT_INFO environment variable\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "gpg-agent protocol version %d is not supported\n"
+
+#: agent/preset-passphrase.c:98
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Commands:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Options:\n"
+" "
+
+#: agent/protect-tool.c:166
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Usage: gpg-protect-tool [options] (-h for help)\n"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+
+#: agent/protect-tool.c:1162
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Please enter the passphrase to unprotect the PKCS#12 object."
+
+#: agent/protect-tool.c:1167
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Please enter the passphrase to protect the new PKCS#12 object."
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+
+#: agent/protect-tool.c:1178
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+msgid "Passphrase:"
+msgstr "Passphrase:"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+msgid "cancelled\n"
+msgstr "cancelled\n"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "error while asking for the passphrase: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, c-format
+msgid "error opening `%s': %s\n"
+msgstr "error opening ‘%s’: %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "file ‘%s’, line %d: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr "statement “%s†ignored in ‘%s’, line %d\n"
+
+#: agent/trustlist.c:185
+#, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "system trustlist ‘%s’ not available\n"
+
+#: agent/trustlist.c:229
+#, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "bad fingerprint in ‘%s’, line %d\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr "invalid keyflag in ‘%s’, line %d\n"
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "error reading ‘%s’, line %d: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr "error reading list of trusted root certificates\n"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+"Do you ultimately trust%%0A “%sâ€%%0Ato correctly certify user certificates?"
+
+#: agent/trustlist.c:620 common/audit.c:467
+msgid "Yes"
+msgstr "Yes"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr "No"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+"Please verify that the certificate identified as:%%0A “%sâ€%%0Ahas the "
+"fingerprint:%%0A %s"
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr "Correct"
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr "Wrong"
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr "Note: This passphrase has never been changed.%0APlease change it now."
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+
+#: agent/findkey.c:187 agent/findkey.c:194
+msgid "Change passphrase"
+msgstr "Change passphrase"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr "I'll change it later"
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "error creating a pipe: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "can't fdopen pipe for reading: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, c-format
+msgid "error forking process: %s\n"
+msgstr "error forking process: %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr "waiting for process %d to terminate failed: %s\n"
+
+#: common/exechelp.c:819
+#, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "error getting exit code of process %d: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "error running ‘%s’: exit status %d\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr "error running ‘%s’: probably not installed\n"
+
+#: common/exechelp.c:885
+#, c-format
+msgid "error running `%s': terminated\n"
+msgstr "error running ‘%s’: terminated\n"
+
+#: common/http.c:1674
+#, c-format
+msgid "error creating socket: %s\n"
+msgstr "error creating socket: %s\n"
+
+#: common/http.c:1718
+msgid "host not found"
+msgstr "host not found"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent is not available in this session\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "can't connect to ‘%s’: %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "communication problem with gpg-agent\n"
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr "problem setting the gpg-agent options\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+msgid "canceled by user\n"
+msgstr "canceled by user\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr "problem with the agent\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "can't disable core dumps: %s\n"
+
+#: common/sysutils.c:200
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "Warning: unsafe ownership on %s “%sâ€\n"
+
+#: common/sysutils.c:232
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "Warning: unsafe permissions on %s “%sâ€\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "yes"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "yY"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "no"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "quit"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "qQ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr "okay|okay"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr "cancel|cancel"
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr "oO"
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr "cC"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr "out of core in secure memory while allocating %lu bytes"
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr "out of core while allocating %lu bytes"
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr "no running gpg-agent - starting one\n"
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr "waiting %d seconds for the agent to come up\n"
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr "can't connect to the agent - trying fall back\n"
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr "|audit-log-result|Good"
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr "|audit-log-result|Bad"
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr "|audit-log-result|Not supported"
+
+#: common/audit.c:481
+msgid "|audit-log-result|No certificate"
+msgstr "|audit-log-result|No certificate"
+
+#: common/audit.c:483
+msgid "|audit-log-result|Not enabled"
+msgstr "|audit-log-result|Not enabled"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr "|audit-log-result|Error"
+
+#: common/audit.c:487
+msgid "|audit-log-result|Not used"
+msgstr "|audit-log-result|Not used"
+
+#: common/audit.c:489
+msgid "|audit-log-result|Okay"
+msgstr "|audit-log-result|Okay"
+
+#: common/audit.c:491
+msgid "|audit-log-result|Skipped"
+msgstr "|audit-log-result|Skipped"
+
+#: common/audit.c:493
+msgid "|audit-log-result|Some"
+msgstr "|audit-log-result|Some"
+
+#: common/audit.c:726
+msgid "Certificate chain available"
+msgstr "Certificate chain available"
+
+#: common/audit.c:733
+msgid "root certificate missing"
+msgstr "root certificate missing"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr "Data encryption succeeded"
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+msgid "Data available"
+msgstr "Data available"
+
+#: common/audit.c:767
+msgid "Session key created"
+msgstr "Session key created"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, c-format
+msgid "algorithm: %s"
+msgstr "algorithm: %s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, c-format
+msgid "unsupported algorithm: %s"
+msgstr "unsupported algorithm: %s"
+
+#: common/audit.c:778 common/audit.c:925
+msgid "seems to be not encrypted"
+msgstr "seems to be not encrypted"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr "Number of recipients"
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr "Recipient %d"
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr "Data signing succeeded"
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, c-format
+msgid "data hash algorithm: %s"
+msgstr "data hash algorithm: %s"
+
+#: common/audit.c:862
+#, c-format
+msgid "Signer %d"
+msgstr "Signer %d"
+
+#: common/audit.c:866 common/audit.c:1065
+#, c-format
+msgid "attr hash algorithm: %s"
+msgstr "attr hash algorithm: %s"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr "Data decryption succeeded"
+
+#: common/audit.c:910
+msgid "Encryption algorithm supported"
+msgstr "Encryption algorithm supported"
+
+#: common/audit.c:993
+msgid "Data verification succeeded"
+msgstr "Data verification succeeded"
+
+#: common/audit.c:1002
+msgid "Signature available"
+msgstr "Signature available"
+
+#: common/audit.c:1024
+msgid "Parsing data succeeded"
+msgstr "Parsing data succeeded"
+
+#: common/audit.c:1036
+#, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "bad data hash algorithm: %s"
+
+#: common/audit.c:1051
+#, c-format
+msgid "Signature %d"
+msgstr "Signature %d"
+
+#: common/audit.c:1079
+msgid "Certificate chain valid"
+msgstr "Certificate chain valid"
+
+#: common/audit.c:1090
+msgid "Root certificate trustworthy"
+msgstr "Root certificate trustworthy"
+
+#: common/audit.c:1111 sm/certchain.c:935
+msgid "no CRL found for certificate"
+msgstr "no CRL found for certificate"
+
+#: common/audit.c:1114 sm/certchain.c:945
+msgid "the available CRL is too old"
+msgstr "the available CRL is too old"
+
+#: common/audit.c:1119
+msgid "CRL/OCSP check of certificates"
+msgstr "CRL/OCSP check of certificates"
+
+#: common/audit.c:1139
+msgid "Included certificates"
+msgstr "Included certificates"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr "No audit log entries."
+
+#: common/audit.c:1243
+msgid "Unknown operation"
+msgstr "Unknown operation"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr "Gpg-Agent usable"
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr "Dirmngr usable"
+
+#: common/audit.c:1307
+#, c-format
+msgid "No help available for `%s'."
+msgstr "No help available for ‘%s’."
+
+#: common/helpfile.c:80
+msgid "ignoring garbage line"
+msgstr "ignoring garbage line"
+
+#: common/gettime.c:503
+msgid "[none]"
+msgstr "[none]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "armor: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "invalid armor header: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "armor header: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "invalid clearsig header\n"
+
+#: g10/armor.c:455
+msgid "unknown armor header: "
+msgstr "unknown armor header: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "nested clear text signatures\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "unexpected armor: "
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "invalid dash escaped line: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "invalid radix64 character %02X skipped\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "premature eof (no CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "premature eof (in CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "malformed CRC\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "CRC error; %06lX - %06lX\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "premature eof (in trailer)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "error in trailer line\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "no valid OpenPGP data found.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "invalid armor: line longer than %d characters\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"a notation name must have only printable characters or spaces, and end with "
+"an ‘=’\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "a user notation name must contain the ‘@’ character\n"
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "a notation name must not contain more than one ‘@’ character\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "a notation value must not use any control characters\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "WARNING: invalid notation data found\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "not human readable"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "OpenPGP card not available: %s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "OpenPGP card no. %s detected\n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "can't do this in batch mode\n"
+
+#: g10/card-util.c:106
+msgid "This command is only available for version 2 cards\n"
+msgstr "This command is only available for version 2 cards\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+msgid "Reset Code not or not anymore available\n"
+msgstr "Reset Code not or not anymore available\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Your selection? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[not set]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "male"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "female"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "unspecified"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "not forced"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "forced"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "Error: Only plain ASCII is currently allowed.\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "Error: The “<†character may not be used.\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "Error: Double spaces are not allowed.\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "Cardholder's surname: "
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "Cardholder's given name: "
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "Error: Combined name too long (limit is %d characters).\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "URL to retrieve public key: "
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "Error: URL too long (limit is %d characters).\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "error allocating enough memory: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "error reading ‘%s’: %s\n"
+
+#: g10/card-util.c:839
+#, c-format
+msgid "error writing `%s': %s\n"
+msgstr "error writing ‘%s’: %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "Login data (account name): "
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "Error: Login data too long (limit is %d characters).\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr "Private DO data: "
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "Error: Private DO too long (limit is %d characters).\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "Language preferences: "
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "Error: invalid length of preference string.\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Error: invalid characters in preference string.\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "Sex ((M)ale, (F)emale or space): "
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "Error: invalid response.\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "CA fingerprint: "
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "Error: invalid formatted fingerprint.\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "key operation not possible: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "not an OpenPGP card"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "error getting current key info: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "Replace existing key? (y/N) "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+
+#: g10/card-util.c:1295
+#, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "What keysize do you want for the Signature key? (%u) "
+
+#: g10/card-util.c:1297
+#, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "What keysize do you want for the Encryption key? (%u) "
+
+#: g10/card-util.c:1298
+#, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "What keysize do you want for the Authentication key? (%u) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "rounded up to %u bits\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "%s keysizes must be in the range %u-%u\n"
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr "The card will now be re-configured to generate a key of %u bits\n"
+
+#: g10/card-util.c:1342
+#, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "error changing size of key %d to %u bits: %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "Make off-card backup of encryption key? (Y/n) "
+
+#: g10/card-util.c:1378
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "NOTE: keys are already stored on the card!\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "Replace existing keys? (y/N) "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = ‘%s’ Admin PIN = ‘%s’\n"
+"You should change them using the command --change-pin\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "Please select the type of key to generate:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) Signature key\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) Encryption key\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) Authentication key\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Invalid selection.\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "Please select where to store the key:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "unknown key protection algorithm\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "secret parts of key are not available\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "secret key already stored on a card\n"
+
+#: g10/card-util.c:1623
+#, c-format
+msgid "error writing key to card: %s\n"
+msgstr "error writing key to card: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "quit this menu"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "show admin commands"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "show this help"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "list all available data"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "change card holder's name"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "change URL to retrieve key"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "fetch the key specified in the card URL"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "change the login name"
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "change the language preferences"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "change card holder's sex"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "change a CA fingerprint"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr "toggle the signature force PIN flag"
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "generate new keys"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "menu to change or unblock the PIN"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr "verify the PIN and list all data"
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr "unblock the PIN using a Reset Code"
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr "gpg/card> "
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "Admin-only command\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "Admin commands are allowed\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "Admin commands are not allowed\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Invalid command (try “helpâ€)\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output doesn't work for this command\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "can't open ‘%s’\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "key “%s†not found: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "error reading keyblock: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(unless you specify the key by fingerprint)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "can't do this in batch mode without “--yesâ€\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Delete this key from the keyring? (y/N) "
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "This is a secret key! - really delete? (y/N) "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "deleting keyblock failed: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "ownertrust information cleared\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "there is a secret key for public key “%sâ€!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "use option “--delete-secret-keys†to delete it first.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "error creating passphrase: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "can't use a symmetric ESK packet due to the S2K mode\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "using cipher %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "‘%s’ already compressed\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "WARNING: ‘%s’ is an empty file\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "reading from ‘%s’\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "you may not use %s while in %s mode\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s encrypted for: “%sâ€\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s encrypted data\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "encrypted with unknown algorithm %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "problem handling encrypted packet\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "no remote program execution supported\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"external program calls are disabled due to unsafe options file permissions\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"this platform requires temporary files when calling external programs\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "unable to execute program ‘%s’: %s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "unable to execute shell ‘%s’: %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "system error while calling external program: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "unnatural exit of external program\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "unable to execute external program\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "unable to read external program response: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "WARNING: unable to remove tempfile (%s) ‘%s’: %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "WARNING: unable to remove temp directory ‘%s’: %s\n"
+
+#: g10/export.c:61
+msgid "export signatures that are marked as local-only"
+msgstr "export signatures that are marked as local-only"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr "export attribute user IDs (generally photo IDs)"
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "export revocation keys marked as “sensitiveâ€"
+
+#: g10/export.c:67
+msgid "remove the passphrase from exported subkeys"
+msgstr "remove the passphrase from exported subkeys"
+
+#: g10/export.c:69
+msgid "remove unusable parts from key during export"
+msgstr "remove unusable parts from key during export"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr "remove as much as possible from key during export"
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr "export keys in an S-expression based format"
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "exporting secret keys not allowed\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "key %s: not protected - skipped\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "key %s: PGP 2.x style key - skipped\n"
+
+#: g10/export.c:386
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "key %s: key material on-card - skipped\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr "about to export an unprotected subkey\n"
+
+#: g10/export.c:560
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "failed to unprotect the subkey: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "WARNING: secret key %s does not have a simple SK checksum\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "WARNING: nothing exported\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "too many entries in pk cache - disabled\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[User ID not found]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr "automatically retrieved ‘%s’ via %s\n"
+
+#: g10/getkey.c:1118
+#, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "error retrieving ‘%s’ via %s: %s\n"
+
+#: g10/getkey.c:1120
+msgid "No fingerprint"
+msgstr "No fingerprint"
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "no secret subkey for public subkey %s - ignoring\n"
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "using subkey %s instead of primary key %s\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "key %s: secret key without public key - skipped\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+msgid "make a signature"
+msgstr "make a signature"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+msgid "make a clear text signature"
+msgstr "make a clear text signature"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "make a detached signature"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "encrypt data"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "encryption only with symmetric cipher"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "decrypt data (default)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "verify a signature"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "list keys"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "list keys and signatures"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "list and check key signatures"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "list keys and fingerprints"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "list secret keys"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "generate a new key pair"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "generate a revocation certificate"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "remove keys from the public keyring"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "remove keys from the secret keyring"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "sign a key"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "sign a key locally"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "sign or edit a key"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+msgid "change a passphrase"
+msgstr "change a passphrase"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "export keys"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "export keys to a key server"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "import keys from a key server"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "search for keys on a key server"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "update all keys from a keyserver"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "import/merge keys"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "print the card status"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "change data on a card"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "change a card's PIN"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "update the trust database"
+
+#: g10/gpg.c:436
+msgid "print message digests"
+msgstr "print message digests"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr "run in server mode"
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "create ascii armored output"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|USER-ID|encrypt for USER-ID"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "|USER-ID|use USER-ID to sign or decrypt"
+
+#: g10/gpg.c:462
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|set compress level to N (0 disables)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "use canonical text mode"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+msgid "|FILE|write output to FILE"
+msgstr "|FILE|write output to FILE"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "do not make any changes"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "prompt before overwriting"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "use strict OpenPGP behavior"
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Usage: gpg [options] [files] (-h for help)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Supported algorithms:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Pubkey: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Cipher: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Hash: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Compression: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "usage: gpg [options] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "conflicting commands\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "no = sign found in group definition ‘%s’\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "WARNING: unsafe ownership on homedir ‘%s’\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "WARNING: unsafe ownership on configuration file ‘%s’\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "WARNING: unsafe ownership on extension ‘%s’\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "WARNING: unsafe permissions on homedir ‘%s’\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "WARNING: unsafe permissions on configuration file ‘%s’\n"
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "WARNING: unsafe permissions on extension ‘%s’\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "WARNING: unsafe enclosing directory ownership on homedir ‘%s’\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+"WARNING: unsafe enclosing directory ownership on configuration file ‘%s’\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "WARNING: unsafe enclosing directory ownership on extension ‘%s’\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "WARNING: unsafe enclosing directory permissions on homedir ‘%s’\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+"WARNING: unsafe enclosing directory permissions on configuration file ‘%s’\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "WARNING: unsafe enclosing directory permissions on extension ‘%s’\n"
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "unknown configuration item ‘%s’\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr "display photo IDs during key listings"
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr "show policy URLs during signature listings"
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr "show all notations during signature listings"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr "show IETF standard notations during signature listings"
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr "show user-supplied notations during signature listings"
+
+#: g10/gpg.c:1711
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "show preferred keyserver URLs during signature listings"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr "show user ID validity during key listings"
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr "show revoked and expired user IDs in key listings"
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr "show revoked and expired subkeys in key listings"
+
+#: g10/gpg.c:1719
+msgid "show the keyring name in key listings"
+msgstr "show the keyring name in key listings"
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr "show expiration dates during signature listings"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "NOTE: old default options file ‘%s’ ignored\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr "libgcrypt is too old (need %s, have %s)\n"
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "NOTE: %s is not for normal use!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "‘%s’ is not a valid signature expiration\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "‘%s’ is not a valid character set\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "could not parse keyserver URL\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: invalid keyserver options\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "invalid keyserver options\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: invalid import options\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "invalid import options\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: invalid export options\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "invalid export options\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: invalid list options\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "invalid list options\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr "display photo IDs during signature verification"
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr "show policy URLs during signature verification"
+
+#: g10/gpg.c:2704
+msgid "show all notations during signature verification"
+msgstr "show all notations during signature verification"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr "show IETF standard notations during signature verification"
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr "show user-supplied notations during signature verification"
+
+#: g10/gpg.c:2712
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "show preferred keyserver URLs during signature verification"
+
+#: g10/gpg.c:2714
+msgid "show user ID validity during signature verification"
+msgstr "show user ID validity during signature verification"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr "show revoked and expired user IDs in signature verification"
+
+#: g10/gpg.c:2718
+msgid "show only the primary user ID in signature verification"
+msgstr "show only the primary user ID in signature verification"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr "validate signatures with PKA data"
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr "elevate the trust of signatures with valid PKA data"
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: invalid verify options\n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "invalid verify options\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "unable to set exec-path to %s\n"
+
+#: g10/gpg.c:2925
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: invalid auto-key-locate list\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr "invalid auto-key-locate list\n"
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "WARNING: program may create a core file!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "WARNING: %s overrides %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s not allowed with %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s makes no sense with %s!\n"
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "will not run with insecure memory due to %s\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "you can only make detached or clear signatures while in --pgp2 mode\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+"you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "selected cipher algorithm is invalid\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "selected digest algorithm is invalid\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "selected compression algorithm is invalid\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "selected certification digest algorithm is invalid\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed must be greater than 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed must be greater than 1\n"
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth must be in the range from 1 to 255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "invalid min-cert-level; must be 1, 2, or 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "NOTE: simple S2K mode (0) is strongly discouraged\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "invalid S2K mode; must be 0, 1 or 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "invalid default preferences\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "invalid personal cipher preferences\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "invalid personal digest preferences\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "invalid personal compress preferences\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s does not yet work with %s\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "you may not use cipher algorithm ‘%s’ while in %s mode\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "you may not use digest algorithm ‘%s’ while in %s mode\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "you may not use compression algorithm ‘%s’ while in %s mode\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "failed to initialize the TrustDB: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr "WARNING: recipients (-r) given without using public key encryption\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [filename]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [filename]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "symmetric encryption of ‘%s’ failed: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [filename]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [filename]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "you cannot use --symmetric --encrypt while in %s mode\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [filename]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [filename]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [filename]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [filename]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [filename]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [filename]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key user-id"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key user-id"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key user-id [commands]"
+
+#: g10/gpg.c:3629
+msgid "--passwd <user-id>"
+msgstr "--passwd <user-id>"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "keyserver send failed: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "keyserver receive failed: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "key export failed: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "keyserver search failed: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "keyserver refresh failed: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "dearmoring failed: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "enarmoring failed: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "invalid hash algorithm ‘%s’\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[filename]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Go ahead and type your message ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "the given certification policy URL is invalid\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "the given signature policy URL is invalid\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "the given preferred keyserver URL is invalid\n"
+
+#: g10/gpgv.c:74
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "|FILE|take the keys from the keyring FILE"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "make timestamp conflicts only a warning"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|write status info to this FD"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Usage: gpgv [options] [files] (-h for help)"
+
+#: g10/gpgv.c:119
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "No help available"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "No help available for ‘%s’"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr "import signatures that are marked as local-only"
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr "repair damage from the pks keyserver during import"
+
+#: g10/import.c:98
+msgid "do not update the trustdb after import"
+msgstr "do not update the trustdb after import"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr "create a public key when importing a secret key"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr "only accept updates to existing keys"
+
+#: g10/import.c:104
+msgid "remove unusable parts from key after import"
+msgstr "remove unusable parts from key after import"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr "remove as much as possible from key after import"
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "skipping block of type %d\n"
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu keys processed so far\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Total number processed: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " skipped new keys: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " w/o user IDs: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " imported: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " unchanged: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " new user IDs: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " new subkeys: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " new signatures: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " new key revocations: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " secret keys read: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " secret keys imported: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " secret keys unchanged: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " not imported: %lu\n"
+
+#: g10/import.c:323
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " signatures cleaned: %lu\n"
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " user IDs cleaned: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " “%sâ€: preference for cipher algorithm %s\n"
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " “%sâ€: preference for digest algorithm %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " “%sâ€: preference for compression algorithm %s\n"
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "it is strongly suggested that you update your preferences and\n"
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+"re-distribute this key to avoid potential algorithm mismatch problems\n"
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr "you can update your preferences with: gpg --edit-key %s updpref save\n"
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "key %s: no user ID\n"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "key %s: PKS subkey corruption repaired\n"
+
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "key %s: accepted non self-signed user ID “%sâ€\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "key %s: no valid user IDs\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "this may be caused by a missing self-signature\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "key %s: public key not found: %s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "key %s: new key - skipped\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "no writable keyring found: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "writing to ‘%s’\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "error writing keyring ‘%s’: %s\n"
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "key %s: public key “%s†imported\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "key %s: doesn't match our copy\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "key %s: can't locate original keyblock: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "key %s: can't read original keyblock: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "key %s: “%s†1 new user ID\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "key %s: “%s†%d new user IDs\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "key %s: “%s†1 new signature\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "key %s: “%s†%d new signatures\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "key %s: “%s†1 new subkey\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "key %s: “%s†%d new subkeys\n"
+
+#: g10/import.c:980
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "key %s: “%s†%d signature cleaned\n"
+
+#: g10/import.c:983
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "key %s: “%s†%d signatures cleaned\n"
+
+#: g10/import.c:986
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "key %s: “%s†%d user ID cleaned\n"
+
+#: g10/import.c:989
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "key %s: “%s†%d user IDs cleaned\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "key %s: “%s†not changed\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "key %s: secret key with invalid cipher %d - skipped\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "importing secret keys not allowed\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "no default secret keyring: %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "key %s: secret key imported\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "key %s: already in secret keyring\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "key %s: secret key not found: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr "key %s: no public key - can't apply revocation certificate\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "key %s: invalid revocation certificate: %s - rejected\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "key %s: “%s†revocation certificate imported\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "key %s: no user ID for signature\n"
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr "key %s: unsupported public key algorithm on user ID “%sâ€\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "key %s: invalid self-signature on user ID “%sâ€\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "key %s: unsupported public key algorithm\n"
+
+#: g10/import.c:1484
+#, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "key %s: invalid direct key signature\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "key %s: no subkey for key binding\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "key %s: invalid subkey binding\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "key %s: removed multiple subkey binding\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "key %s: no subkey for key revocation\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "key %s: invalid subkey revocation\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "key %s: removed multiple subkey revocation\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "key %s: skipped user ID “%sâ€\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "key %s: skipped subkey\n"
+
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "key %s: non exportable signature (class 0x%02X) - skipped\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "key %s: revocation certificate at wrong place - skipped\n"
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "key %s: invalid revocation certificate: %s - skipped\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "key %s: subkey signature in wrong place - skipped\n"
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "key %s: unexpected signature class (0x%02X) - skipped\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "key %s: duplicated user ID detected - merged\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr "WARNING: key %s may be revoked: fetching revocation key %s\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr "WARNING: key %s may be revoked: revocation key %s not present.\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "key %s: “%s†revocation certificate added\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "key %s: direct key signature added\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "NOTE: a key's S/N does not match the card's one\n"
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "NOTE: primary key is online and stored on card\n"
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "NOTE: secondary key is online and stored on card\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "error creating keyring ‘%s’: %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "keyring ‘%s’ created\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "keyblock resource ‘%s’: %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "failed to rebuild keyring cache: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[revocation]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[self-signature]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 bad signature\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d bad signatures\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 signature not checked due to a missing key\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d signatures not checked due to missing keys\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 signature not checked due to an error\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d signatures not checked due to errors\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "1 user ID without valid self-signature detected\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "%d user IDs without valid self-signatures detected\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = I trust marginally\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = I trust fully\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr "Please enter a domain to restrict this signature, or enter for none.\n"
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "User ID “%s†is revoked."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Are you sure you still want to sign it? (y/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Unable to sign.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "User ID “%s†is expired."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "User ID “%s†is not self-signed."
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "User ID “%s†is signable. "
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr "Sign it? (y/N) "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"The self-signature on “%sâ€\n"
+"is a PGP 2.x-style signature.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Your current signature on “%sâ€\n"
+"has expired.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+"Do you want to issue a new signature to replace the expired one? (y/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Your current signature on “%sâ€\n"
+"is a local signature.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "Do you want to promote it to a full exportable signature? (y/N) "
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "“%s†was already locally signed by key %s\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "“%s†was already signed by key %s\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Do you want to sign it again anyway? (y/N) "
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Nothing to sign with key %s\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "This key has expired!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "This key is due to expire on %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Do you want your signature to expire at the same time? (Y/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "This would make the key unusable in PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter “0â€.\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) I will not answer.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) I have not checked at all.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) I have done casual checking.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) I have done very careful checking.%s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Your selection? (enter ‘?’ for more information): "
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Are you sure that you want to sign this key with your\n"
+"key “%s†(%s)\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "This will be a self-signature.\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr "WARNING: the signature will not be marked as non-exportable.\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr "WARNING: the signature will not be marked as non-revocable.\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "The signature will be marked as non-exportable.\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "The signature will be marked as non-revocable.\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "I have not checked this key at all.\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "I have checked this key casually.\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "I have checked this key very carefully.\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "Really sign? (y/N) "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "signing failed: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr "Key has only stub or on-card key items - no passphrase to change.\n"
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "This key is not protected.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Secret parts of primary key are not available.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Secret parts of primary key are stored on-card.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Key is protected.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Can't edit this key: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "passphrase not correctly repeated; try again"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "Do you really want to do this? (y/N) "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "moving a key signature to the correct place\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "save and quit"
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr "show key fingerprint"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "list key and user IDs"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "select user ID N"
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr "select subkey N"
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr "check signatures"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr "sign selected user IDs [* see below for related commands]"
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr "sign selected user IDs locally"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr "sign selected user IDs with a trust signature"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr "sign selected user IDs with a non-revocable signature"
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "add a user ID"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "add a photo ID"
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr "delete selected user IDs"
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr "add a subkey"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr "add a key to a smartcard"
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr "move a key to a smartcard"
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr "move a backup key to a smartcard"
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr "delete selected subkeys"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "add a revocation key"
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr "delete signatures from the selected user IDs"
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "change the expiration date for the key or selected subkeys"
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr "flag the selected user ID as primary"
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr "toggle between the secret and public key listings"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "list preferences (expert)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "list preferences (verbose)"
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr "set preference list for the selected user IDs"
+
+#: g10/keyedit.c:1453
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "set the preferred keyserver URL for the selected user IDs"
+
+#: g10/keyedit.c:1455
+msgid "set a notation for the selected user IDs"
+msgstr "set a notation for the selected user IDs"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "change the passphrase"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "change the ownertrust"
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr "revoke signatures on the selected user IDs"
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr "revoke selected user IDs"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr "revoke key or selected subkeys"
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr "enable key"
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr "disable key"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr "show selected photo IDs"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr "compact unusable user IDs and remove unusable signatures from key"
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr "compact unusable user IDs and remove all signatures from key"
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "error reading secret keyblock “%sâ€: %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Secret key is available.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Need the secret key to do this.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Please use the command “toggle†first.\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* The ‘sign’ command may be prefixed with an ‘l’ for local signatures "
+"(lsign),\n"
+" a ‘t’ for trust signatures (tsign), an ‘nr’ for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "Key is revoked."
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Really sign all user IDs? (y/N) "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Hint: Select the user IDs to sign\n"
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "Unknown signature type ‘%s’\n"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "This command is not allowed while in %s mode.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "You must select at least one user ID.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "You can't delete the last user ID!\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Really remove all selected user IDs? (y/N) "
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "Really remove this user ID? (y/N) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr "Really move the primary key? (y/N) "
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "You must select exactly one key.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr "Command expects a filename argument\n"
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "Can't open ‘%s’: %s\n"
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "Error reading backup key from ‘%s’: %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "You must select at least one key.\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Do you really want to delete the selected keys? (y/N) "
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Do you really want to delete this key? (y/N) "
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Really revoke all selected user IDs? (y/N) "
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Really revoke this user ID? (y/N) "
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Do you really want to revoke the entire key? (y/N) "
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Do you really want to revoke the selected subkeys? (y/N) "
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Do you really want to revoke this subkey? (y/N) "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+"Owner trust may not be set while using a user provided trust database\n"
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "Set preference list to:\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "Really update the preferences for the selected user IDs? (y/N) "
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "Really update the preferences? (y/N) "
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "Save changes? (y/N) "
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "Quit without saving? (y/N) "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "update failed: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "update secret failed: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Key not changed so no update needed.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Digest: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Features: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr "Keyserver no-modify"
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr "Preferred keyserver: "
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+msgid "Notations: "
+msgstr "Notations: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "There are no preferences on a PGP 2.x-style user ID.\n"
+
+#: g10/keyedit.c:2810
+#, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "The following key was revoked on %s by %s key %s\n"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "This key may be revoked by %s key %s"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr "(sensitive)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "created: %s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "revoked: %s"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "expired: %s"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "expires: %s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "usage: %s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr "trust: %s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "validity: %s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "This key has been disabled"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr "card-no: "
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "revoked"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "expired"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Are you sure you still want to add it? (y/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "You may not add a photo ID to a PGP2-style key.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Delete this good signature? (y/N/q)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Delete this invalid signature? (y/N/q)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Delete this unknown signature? (y/N/q)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Really delete this self-signature? (y/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Deleted %d signature.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "Deleted %d signatures.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Nothing deleted.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "invalid"
+
+#: g10/keyedit.c:3357
+#, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "User ID “%s†compacted: %s\n"
+
+#: g10/keyedit.c:3364
+#, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "User ID “%sâ€: %d signature removed\n"
+
+#: g10/keyedit.c:3365
+#, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "User ID “%sâ€: %d signatures removed\n"
+
+#: g10/keyedit.c:3373
+#, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "User ID “%sâ€: already minimized\n"
+
+#: g10/keyedit.c:3374
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "User ID “%sâ€: already clean\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "You may not add a designated revoker to a PGP 2.x-style key.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Enter the user ID of the designated revoker: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "cannot appoint a PGP 2.x style key as a designated revoker\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "you cannot appoint a key as its own designated revoker\n"
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr "this key has already been designated as a revoker\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Please remove selections from the secret keys.\n"
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr "Please select at most one subkey.\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Changing expiration time for a subkey.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Changing expiration time for the primary key.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "You can't change the expiration date of a v3 key\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "No corresponding signature in secret ring\n"
+
+#: g10/keyedit.c:3800
+#, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "signing subkey %s is already cross-certified\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr "subkey %s does not sign and so does not need to be cross-certified\n"
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Please select exactly one user ID.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "skipping v3 self-signature on user ID “%sâ€\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr "Enter your preferred keyserver URL: "
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Are you sure you want to replace it? (y/N) "
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Are you sure you want to delete it? (y/N) "
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr "Enter the notation: "
+
+#: g10/keyedit.c:4471
+msgid "Proceed? (y/N) "
+msgstr "Proceed? (y/N) "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "No user ID with index %d\n"
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "No user ID with hash %s\n"
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "No subkey with index %d\n"
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "user ID: “%sâ€\n"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "signed by your key %s on %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (non-exportable)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "This signature expired on %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Are you sure you still want to revoke it? (y/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Create a revocation certificate for this signature? (y/N) "
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr "Not signed by you.\n"
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "You have signed these user IDs on key %s:\n"
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (non-revocable)"
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "revoked by your key %s on %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "You are about to revoke these signatures:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Really create the revocation certificates? (y/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "no secret key\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "user ID “%s†is already revoked\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr "WARNING: a user ID signature is dated %d seconds in the future\n"
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "Key %s is already revoked.\n"
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "Subkey %s is already revoked.\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "preference ‘%s’ duplicated\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "too many cipher preferences\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "too many digest preferences\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "too many compression preferences\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "invalid item ‘%s’ in preference string\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "writing direct signature\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "writing self signature\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "writing key binding signature\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "keysize invalid; using %u bits\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "keysize rounded up to %u bits\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "Sign"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr "Certify"
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "Encrypt"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "Authenticate"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr "SsEeAaQq"
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "Possible actions for a %s key: "
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr "Current allowed actions: "
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) Toggle the sign capability\n"
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) Toggle the encrypt capability\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) Toggle the authenticate capability\n"
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) Finished\n"
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Please select what kind of key you want:\n"
+
+#: g10/keygen.c:1689
+#, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) RSA and RSA (default)\n"
+
+#: g10/keygen.c:1691
+#, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA and Elgamal\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (sign only)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (sign only)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) Elgamal (encrypt only)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (encrypt only)\n"
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (set your own capabilities)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (set your own capabilities)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "%s keys may be between %u and %u bits long.\n"
+
+#: g10/keygen.c:1820
+#, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "What keysize do you want for the subkey? (%u) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "What keysize do you want? (%u) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Requested keysize is %u bits\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Key is valid for? (0) "
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Signature is valid for? (%s) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "invalid value\n"
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr "Key does not expire at all\n"
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr "Signature does not expire at all\n"
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "Key expires at %s\n"
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "Signature expires at %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "Is this correct? (y/N) "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" “Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>â€\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Real name: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Invalid character in name\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Name may not start with a digit\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Name must be at least 5 characters long\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Email address: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Not a valid email address\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Comment: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Invalid character in comment\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "You are using the ‘%s’ character set.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"You selected this USER-ID:\n"
+" “%sâ€\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "Please don't put the email address into the real name or the comment\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr "Such a user ID already exists on this key!\n"
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcEeOoQq"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Please correct the error first\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+
+#: g10/keygen.c:2276
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option “--edit-keyâ€.\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Key generation canceled.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "writing public key to ‘%s’\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "writing secret key stub to ‘%s’\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "writing secret key to ‘%s’\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "no writable public keyring found: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "no writable secret keyring found: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "error writing public keyring ‘%s’: %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "error writing secret keyring ‘%s’: %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "public and secret key created and signed.\n"
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command “--edit-key†to generate a subkey for this purpose.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Key generation failed: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "Really create? (y/N) "
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "storing key onto card failed: %s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "can't create backup file ‘%s’: %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "NOTE: backup of card key saved to ‘%s’\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "never "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Critical signature policy: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Signature policy: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr "Critical preferred keyserver: "
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Critical signature notation: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Signature notation: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Keyring"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Primary key fingerprint:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Subkey fingerprint:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Primary key fingerprint:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Subkey fingerprint:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr " Key fingerprint ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr " Card serial no. ="
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "renaming ‘%s’ to ‘%s’ failed: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "WARNING: 2 files with confidential information exists.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s is the unchanged one\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s is the new one\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Please fix this possible security flaw\n"
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "caching keyring ‘%s’\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu keys cached so far (%lu signatures)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu keys cached (%lu signatures)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: keyring created\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr "include revoked keys in search results"
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr "include subkeys when searching by key ID"
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr "use temporary files to pass data to keyserver helpers"
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr "do not delete temporary files after using them"
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr "automatically retrieve keys when verifying signatures"
+
+#: g10/keyserver.c:85
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "honor the preferred keyserver URL set on the key"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr "honor the PKA record set on a key when retrieving keys"
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr "WARNING: keyserver option ‘%s’ is not used on this platform\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "disabled"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "Enter number(s), N)ext, or Q)uit > "
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "invalid keyserver protocol (us %d!=handler %d)\n"
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "key “%s†not found on keyserver\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "key not found on keyserver\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "requesting key %s from %s server %s\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "requesting key %s from %s\n"
+
+#: g10/keyserver.c:1205
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "searching for names from %s server %s\n"
+
+#: g10/keyserver.c:1208
+#, c-format
+msgid "searching for names from %s\n"
+msgstr "searching for names from %s\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "sending key %s to %s server %s\n"
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "sending key %s to %s\n"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "searching for “%s†from %s server %s\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "searching for “%s†from %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr "no keyserver action!\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "keyserver did not send VERSION\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "no keyserver known (use option --keyserver)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr "external keyserver calls are not supported in this build\n"
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "no handler for keyserver scheme ‘%s’\n"
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr "action ‘%s’ not supported with keyserver scheme ‘%s’\n"
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "%s does not support handler version %d\n"
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "keyserver timed out\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "keyserver internal error\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "keyserver communications error: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "“%s†not a key ID: skipping\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "WARNING: unable to refresh key %s via %s: %s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "refreshing 1 key from %s\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "refreshing %d keys from %s\n"
+
+#: g10/keyserver.c:1987
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "WARNING: unable to fetch URI %s: %s\n"
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "WARNING: unable to parse URI %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "weird size for an encrypted session key (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s encrypted session key\n"
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "passphrase generated with unknown digest algorithm %d\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "public key is %s\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "public key encrypted data: good DEK\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "encrypted with %u-bit %s key, ID %s, created %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " “%sâ€\n"
+
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "encrypted with %s key, ID %s\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "public key decryption failed: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "encrypted with %lu passphrases\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "encrypted with 1 passphrase\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "assuming %s encrypted data\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "decryption okay\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "WARNING: message was not integrity protected\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "WARNING: encrypted message has been manipulated!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr "cleared passphrase cached with ID: %s\n"
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "decryption failed: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "NOTE: sender requested “for-your-eyes-onlyâ€\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "original file name='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr "WARNING: multiple plaintexts seen\n"
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "standalone revocation - use “gpg --import†to apply\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+msgid "no signature found\n"
+msgstr "no signature found\n"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "signature verification suppressed\n"
+
+#: g10/mainproc.c:1587
+msgid "can't handle this ambiguous signature data\n"
+msgstr "can't handle this ambiguous signature data\n"
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "Signature made %s\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " using %s key %s\n"
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Signature made %s using %s key ID %s\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Key available at: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "BAD signature from “%sâ€"
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Expired signature from “%sâ€"
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "Good signature from “%sâ€"
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[uncertain]"
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " aka “%sâ€"
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Signature expired %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Signature expires %s\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s signature, digest algorithm %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "binary"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "textmode"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "unknown"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Can't check signature: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "not a detached signature\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "standalone signature of class 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "old style (PGP 2.x) signature\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "invalid root packet detected in proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "fstat of ‘%s’ failed in %s: %s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "fstat(%d) failed in %s: %s\n"
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "WARNING: using experimental public key algorithm %s\n"
+
+#: g10/misc.c:302
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "WARNING: using experimental cipher algorithm %s\n"
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "WARNING: using experimental digest algorithm %s\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "WARNING: digest algorithm %s is deprecated\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "the IDEA cipher plugin is not present\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, c-format
+msgid "please see %s for more information\n"
+msgstr "please see %s for more information\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: deprecated option “%sâ€\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "WARNING: “%s†is a deprecated option\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "please use “%s%s†instead\n"
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "WARNING: “%s†is a deprecated command - do not use it\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr "%s:%u: obsolete option “%s†- it has no effect\n"
+
+#: g10/misc.c:787
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "WARNING: “%s†is an obsolete option - it has no effect\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "Uncompressed"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr "uncompressed|none"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "this message may not be usable by %s\n"
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "ambiguous option ‘%s’\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "unknown option ‘%s’\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "File ‘%s’ exists. "
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "Overwrite? (y/N) "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: unknown suffix\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Enter new filename"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "writing to stdout\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "assuming signed data in ‘%s’\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "new configuration file ‘%s’ created\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "WARNING: options in ‘%s’ are not yet active during this run\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "can't handle public key algorithm %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr "WARNING: potentially insecure symmetrically encrypted session key\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "subpacket of type %d has critical bit set\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr "problem with the agent: %s\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (main key ID %s)"
+
+#: g10/passphrase.c:358
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"“%.*sâ€\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Enter passphrase\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "cancelled by user\n"
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"You need a passphrase to unlock the secret key for\n"
+"user: “%sâ€\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-bit %s key, ID %s, created %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (subkey on main key ID %s)"
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Enter JPEG filename for photo ID: "
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "unable to open JPEG file ‘%s’: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "This JPEG is really large (%d bytes) !\n"
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Are you sure you want to use it? (y/N) "
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "‘%s’ is not a JPEG file\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Is this photo correct (y/N/q)? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "unable to display photo ID!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "No reason specified"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Key is superseded"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Key has been compromised"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Key is no longer used"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "User ID is no longer valid"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "reason for revocation: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "revocation comment: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMqQsS"
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "No trust value assigned to:\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " aka “%sâ€\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+"How much do you trust that this key actually belongs to the named user?\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = I don't know or won't say\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = I do NOT trust\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = I trust ultimately\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " m = back to the main menu\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " s = skip this key\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " q = quit\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Your decision? "
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Do you really want to set this key to ultimate trust? (y/N) "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certificates leading to an ultimately trusted key:\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr "%s: There is no assurance this key belongs to the named user\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr "%s: There is limited assurance this key belongs to the named user\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "This key probably belongs to the named user\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "This key belongs to us\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "Use this key anyway? (y/N) "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "WARNING: Using untrusted key!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "WARNING: this key might be revoked (revocation key not present)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "WARNING: This key has been revoked by its designated revoker!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "WARNING: This key has been revoked by its owner!\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " This could mean that the signature is forged.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "WARNING: This subkey has been revoked by its owner!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Note: This key has been disabled.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr "Note: Verified signer's address is ‘%s’\n"
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr "Note: Signer's address ‘%s’ does not match DNS entry\n"
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr "trustlevel adjusted to FULL due to valid PKA info\n"
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr "trustlevel adjusted to NEVER due to bad PKA info\n"
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Note: This key has expired!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "WARNING: This key is not certified with a trusted signature!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" There is no indication that the signature belongs to the owner.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "WARNING: We do NOT trust this key!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " The signature is probably a FORGERY.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " It is not certain that the signature belongs to the owner.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: skipped: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: skipped: public key already present\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "You did not specify a user ID. (you may use “-râ€)\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr "Current recipients:\n"
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Enter the user ID. End with an empty line: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "No such user ID.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "skipped: public key already set as default recipient\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Public key is disabled.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "skipped: public key already set\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "unknown default recipient “%sâ€\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: skipped: public key is disabled\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "no valid addressees\n"
+
+#: g10/pkclist.c:1503
+#, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "Note: key %s has no %s feature\n"
+
+#: g10/pkclist.c:1528
+#, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "Note: key %s has no preference for %s\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "data not saved; use option “--output†to save it\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Detached signature.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Please enter name of data file: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "reading stdin ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "no signed data\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "can't open signed data ‘%s’\n"
+
+#: g10/plaintext.c:607
+#, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "can't open signed data fd=%d: %s\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "anonymous recipient; trying secret key %s ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "okay, we are the anonymous recipient.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "old encoding of the DEK is not supported\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "cipher algorithm %d%s is unknown or disabled\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "WARNING: cipher algorithm %s not found in recipient preferences\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "NOTE: secret key %s expired at %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "NOTE: key has been revoked"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet failed: %s\n"
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "key %s has no user IDs\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "To be revoked by:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(This is a sensitive revocation key)\n"
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Create a designated revocation certificate for this key? (y/N) "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "ASCII armored output forced.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet failed: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Revocation certificate created.\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "no revocation keys found for “%sâ€\n"
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "secret key “%s†not found: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "no corresponding public key: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "public key does not match secret key!\n"
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Create a revocation certificate for this key? (y/N) "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "unknown protection algorithm\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "NOTE: This key is not protected!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Please select the reason for the revocation:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Cancel"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Probably you want to select %d here)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Enter an optional description; end it with an empty line:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Reason for revocation: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(No description given)\n"
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "Is this okay? (y/N) "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "secret key parts are not available\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "protection algorithm %d%s is not supported\n"
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "protection digest %d is not supported\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Invalid passphrase; please try again"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "WARNING: Weak key detected - please change passphrase again.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr "generating the deprecated 16-bit checksum for secret key protection\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "weak key created - retrying\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr "DSA requires the hash length to be a multiple of 8 bits\n"
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr "DSA key %s uses an unsafe (%u bit) hash\n"
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr "DSA key %s requires a %u bit or larger hash\n"
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "WARNING: signature digest conflict in message\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "WARNING: signing subkey %s is not cross-certified\n"
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr "WARNING: signing subkey %s has an invalid cross-certification\n"
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "public key %s is %lu second newer than the signature\n"
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "public key %s is %lu seconds newer than the signature\n"
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "NOTE: signature key %s expired %s\n"
+
+#: g10/sig-check.c:252
+#, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "NOTE: signature key %s has been revoked\n"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr "assuming bad signature from key %s due to an unknown critical bit\n"
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "key %s: no subkey for subkey revocation signature\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "key %s: no subkey for subkey binding signature\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "checking created signature failed: %s\n"
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s signature from: “%sâ€\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "signing:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "%s encryption will be used\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr "key is not flagged as insecure - can't use it with the faked RNG!\n"
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "skipped “%sâ€: duplicated\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "skipped “%sâ€: %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "skipped: secret key already present\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"this is a PGP generated Elgamal key which is not secure for signatures!"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "trust record %lu, type %d: write failed: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use “gpg --import-ownertrust†to restore them)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "error in ‘%s’: %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "line too long"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr "colon missing"
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "invalid fingerprint"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "ownertrust value missing"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "error finding trust record in ‘%s’: %s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "read error in ‘%s’: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "trustdb: sync failed: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "trustdb rec %lu: lseek failed: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "trustdb rec %lu: write failed (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "trustdb transaction too large\n"
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "can't access ‘%s’: %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: directory does not exist!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "can't create lock for ‘%s’\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "can't lock ‘%s’\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: failed to create version record: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: invalid trustdb created\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: trustdb created\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "NOTE: trustdb not writable\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: invalid trustdb\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: failed to create hashtable: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: error updating version record: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: error reading version record: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: error writing version record: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "trustdb: lseek failed: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "trustdb: read failed (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: not a trustdb file\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: version record with recnum %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: invalid file version %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: error reading free record: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: error writing dir record: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: failed to zero a record: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: failed to append a record: %s\n"
+
+#: g10/tdbio.c:1512
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "Error: The trustdb is corrupted.\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "can't handle text lines longer than %d characters\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "input line longer than %d characters\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "‘%s’ is not a valid long keyID\n"
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "key %s: accepted as trusted key\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "key %s occurs more than once in the trustdb\n"
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "key %s: no public key for trusted key - skipped\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "key %s marked as ultimately trusted\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "trust record %lu, req type %d: read failed: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "trust record %lu is not of requested type %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr "You may try to re-create the trustdb using the commands:\n"
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr "If that does not work, please consult the manual\n"
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr "unable to use unknown trust model (%d) - assuming %s trust model\n"
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr "using %s trust model\n"
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr "10 translator see trustdb.c:uid_trust_string_fixed"
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr "[ revoked]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr "[ expired]"
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr "[ unknown]"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr "[ undef ]"
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr "[marginal]"
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr "[ full ]"
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr "[ultimate]"
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr "undefined"
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr "never"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr "marginal"
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr "full"
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr "ultimate"
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "no need for a trustdb check\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "next trustdb check due at %s\n"
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "no need for a trustdb check with ‘%s’ trust model\n"
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "no need for a trustdb update with ‘%s’ trust model\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "public key %s not found: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "please do a --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "checking the trustdb\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d keys processed (%d validity counts cleared)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "no ultimately trusted keys found\n"
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "public key of ultimately trusted key %s not found\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "unable to update trustdb version record: write failed: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "input line %u too long or missing LF\n"
+
+#: g10/verify.c:253
+#, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "can't open fd %d: %s\n"
+
+#: jnlib/argparse.c:180
+msgid "argument not expected"
+msgstr "argument not expected"
+
+#: jnlib/argparse.c:182
+msgid "read error"
+msgstr "read error"
+
+#: jnlib/argparse.c:184
+msgid "keyword too long"
+msgstr "keyword too long"
+
+#: jnlib/argparse.c:186
+msgid "missing argument"
+msgstr "missing argument"
+
+#: jnlib/argparse.c:188
+msgid "invalid command"
+msgstr "invalid command"
+
+#: jnlib/argparse.c:190
+msgid "invalid alias definition"
+msgstr "invalid alias definition"
+
+#: jnlib/argparse.c:192
+msgid "out of core"
+msgstr "out of core"
+
+#: jnlib/argparse.c:194
+msgid "invalid option"
+msgstr "invalid option"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr "missing argument for option “%.50sâ€\n"
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr "option “%.50s†does not expect an argument\n"
+
+#: jnlib/argparse.c:207
+#, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "invalid command “%.50sâ€\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr "option “%.50s†is ambiguous\n"
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr "command “%.50s†is ambiguous\n"
+
+#: jnlib/argparse.c:213
+msgid "out of core\n"
+msgstr "out of core\n"
+
+#: jnlib/argparse.c:215
+#, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "invalid option “%.50sâ€\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "you found a bug ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, c-format
+msgid "error loading `%s': %s\n"
+msgstr "error loading ‘%s’: %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr "conversion from ‘%s’ to ‘%s’ not available\n"
+
+#: jnlib/utf8conv.c:131
+#, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "iconv_open failed: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "conversion from ‘%s’ to ‘%s’ failed: %s\n"
+
+#: jnlib/dotlock.c:234
+#, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "failed to create temporary file ‘%s’: %s\n"
+
+#: jnlib/dotlock.c:269
+#, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "error writing to ‘%s’: %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr "removing stale lockfile (created by %d)\n"
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr " - probably dead - removing lock"
+
+#: jnlib/dotlock.c:469
+#, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "waiting for lock (held by %d%s) %s...\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr "(deadlock?) "
+
+#: jnlib/dotlock.c:493
+#, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "lock ‘%s’ not made: %s\n"
+
+#: jnlib/dotlock.c:501
+#, c-format
+msgid "waiting for lock %s...\n"
+msgstr "waiting for lock %s...\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr "set debugging flags"
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr "enable full debugging"
+
+#: kbx/kbxutil.c:117
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Usage: kbxutil [options] [files] (-h for help)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "RSA modulus missing or not of size %d bits\n"
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "RSA public exponent missing or larger than %d bits\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN callback returned error: %s\n"
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr "the NullPIN has not yet been changed\n"
+
+#: scd/app-nks.c:1092
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "|N|Please enter a new PIN for the standard keys."
+
+#: scd/app-nks.c:1093
+msgid "||Please enter the PIN for the standard keys."
+msgstr "||Please enter the PIN for the standard keys."
+
+#: scd/app-nks.c:1099
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+
+#: scd/app-nks.c:1101
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr "|N|Please enter a new PIN for the key to create qualified signatures."
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr "||Please enter the PIN for the key to create qualified signatures."
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "error getting new PIN: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "failed to store the fingerprint: %s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "failed to store the creation date: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "reading public key failed: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "response does not contain the public key data\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "response does not contain the RSA modulus\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "response does not contain the RSA public exponent\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr "using default PIN as %s\n"
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr "failed to use default PIN as %s: %s - disabling further default use\n"
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||Please enter the PIN%%0A[sigs done: %lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+msgid "||Please enter the PIN"
+msgstr "||Please enter the PIN"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "PIN for CHV%d is too short; minimum length is %d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "verify CHV%d failed: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "error retrieving CHV status from card\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "card is permanently locked!\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr "%d Admin PIN attempts remaining before card is permanently locked\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+
+#: scd/app-openpgp.c:1680
+msgid "|A|Please enter the Admin PIN"
+msgstr "|A|Please enter the Admin PIN"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "access to admin commands is not configured\n"
+
+#: scd/app-openpgp.c:2035
+msgid "||Please enter the Reset Code for the card"
+msgstr "||Please enter the Reset Code for the card"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "Reset Code is too short; minimum length is %d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr "|RN|New Reset Code"
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr "|AN|New Admin PIN"
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr "|N|New PIN"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "error reading application data\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "error reading fingerprint DO\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "key already exists\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "existing key will be replaced\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "generating new key\n"
+
+#: scd/app-openpgp.c:2202
+msgid "writing new key\n"
+msgstr "writing new key\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr "creation timestamp missing\n"
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr "RSA prime %s missing or not of size %d bits\n"
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "failed to store the key: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "please wait while key is being generated ...\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "generating key failed\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "key generation completed (%d seconds)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "invalid structure of OpenPGP card (DO 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr "fingerprint on card does not match requested one\n"
+
+#: scd/app-openpgp.c:3099
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "card does not support digest algorithm %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "signatures created so far: %lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+"verification of Admin PIN is currently prohibited through this command\n"
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "can't access %s - invalid OpenPGP card?\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr "||Please enter your PIN at the reader's keypad"
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr "|N|Initial New PIN"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr "run in multi server mode (foreground)"
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr "|LEVEL|set the debugging level to LEVEL"
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+msgid "|FILE|write a log to FILE"
+msgstr "|FILE|write a log to FILE"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr "|N|connect to reader at port N"
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NAME|use NAME as ct-API driver"
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NAME|use NAME as PC/SC driver"
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr "do not use the internal CCID driver"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr "|N|disconnect the card after N seconds of inactivity"
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr "do not use a reader's keypad"
+
+#: scd/scdaemon.c:144
+msgid "deny the use of admin card commands"
+msgstr "deny the use of admin card commands"
+
+#: scd/scdaemon.c:259
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Usage: scdaemon [options] (-h for help)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+"please use the option ‘--daemon’ to run the program in the background\n"
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr "handler for fd %d started\n"
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr "handler for fd %d terminated\n"
+
+#: sm/base64.c:325
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "invalid radix64 character %02x skipped\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "failed to proxy %s inquiry to client\n"
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr "no running dirmngr - starting ‘%s’\n"
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "malformed DIRMNGR_INFO environment variable\n"
+
+#: sm/call-dirmngr.c:297
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "dirmngr protocol version %d is not supported\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr "can't connect to the dirmngr - trying fall back\n"
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr "validation model requested by certificate: %s"
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr "chain"
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+msgid "shell"
+msgstr "shell"
+
+#: sm/certchain.c:258
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "critical certificate extension %s is not supported"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr "issuer certificate is not marked as a CA"
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr "critical marked policy without configured policies"
+
+#: sm/certchain.c:345
+#, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "failed to open ‘%s’: %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr "note: non-critical certificate policy not allowed"
+
+#: sm/certchain.c:357 sm/certchain.c:386
+msgid "certificate policy not allowed"
+msgstr "certificate policy not allowed"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr "looking up issuer at external location\n"
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr "number of issuers matching: %d\n"
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr "looking up issuer from the Dirmngr cache\n"
+
+#: sm/certchain.c:585
+#, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "number of matching certificates: %d\n"
+
+#: sm/certchain.c:587
+#, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "dirmngr cache-only key lookup failed: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+msgid "failed to allocated keyDB handle\n"
+msgstr "failed to allocated keyDB handle\n"
+
+#: sm/certchain.c:925
+msgid "certificate has been revoked"
+msgstr "certificate has been revoked"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr "the status of the certificate is unknown"
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr "please make sure that the “dirmngr†is properly installed\n"
+
+#: sm/certchain.c:953
+#, c-format
+msgid "checking the CRL failed: %s"
+msgstr "checking the CRL failed: %s"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "certificate with invalid validity: %s"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr "certificate not yet valid"
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+msgid "root certificate not yet valid"
+msgstr "root certificate not yet valid"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr "intermediate certificate not yet valid"
+
+#: sm/certchain.c:1012
+msgid "certificate has expired"
+msgstr "certificate has expired"
+
+#: sm/certchain.c:1013
+msgid "root certificate has expired"
+msgstr "root certificate has expired"
+
+#: sm/certchain.c:1014
+msgid "intermediate certificate has expired"
+msgstr "intermediate certificate has expired"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr "required certificate attributes missing: %s%s%s"
+
+#: sm/certchain.c:1065
+msgid "certificate with invalid validity"
+msgstr "certificate with invalid validity"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr "signature not created during lifetime of certificate"
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr "certificate not created during lifetime of issuer"
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr "intermediate certificate not created during lifetime of issuer"
+
+#: sm/certchain.c:1109
+msgid " ( signature created at "
+msgstr " ( signature created at "
+
+#: sm/certchain.c:1110
+msgid " (certificate created at "
+msgstr " (certificate created at "
+
+#: sm/certchain.c:1113
+msgid " (certificate valid from "
+msgstr " (certificate valid from "
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr " ( issuer valid from "
+
+#: sm/certchain.c:1144
+#, c-format
+msgid "fingerprint=%s\n"
+msgstr "fingerprint=%s\n"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr "root certificate has now been marked as trusted\n"
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr "interactive marking as trusted not enabled in gpg-agent\n"
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr "interactive marking as trusted disabled for this session\n"
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr "WARNING: creation time of signature not known - assuming current time"
+
+#: sm/certchain.c:1293
+msgid "no issuer found in certificate"
+msgstr "no issuer found in certificate"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr "self-signed certificate has a BAD signature"
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr "root certificate is not marked trusted"
+
+#: sm/certchain.c:1448
+#, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "checking the trust list failed: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr "certificate chain too long\n"
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr "issuer certificate not found"
+
+#: sm/certchain.c:1522
+msgid "certificate has a BAD signature"
+msgstr "certificate has a BAD signature"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr "found another possible matching CA certificate - trying again"
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr "certificate chain longer than allowed by CA (%d)"
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+msgid "certificate is good\n"
+msgstr "certificate is good\n"
+
+#: sm/certchain.c:1645
+msgid "intermediate certificate is good\n"
+msgstr "intermediate certificate is good\n"
+
+#: sm/certchain.c:1646
+msgid "root certificate is good\n"
+msgstr "root certificate is good\n"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr "switching to chain model"
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr "validation model used: %s"
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr "%s key uses an unsafe (%u bit) hash\n"
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr "a %u bit hash is not valid for a %u bit %s key\n"
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr "(this is the MD2 algorithm)\n"
+
+#: sm/certdump.c:60 sm/certdump.c:143
+msgid "none"
+msgstr "none"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+msgid "[Error - invalid encoding]"
+msgstr "[Error - invalid encoding]"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr "[Error - out of core]"
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr "[Error - No name]"
+
+#: sm/certdump.c:679 sm/certdump.c:738
+msgid "[Error - invalid DN]"
+msgstr "[Error - invalid DN]"
+
+#: sm/certdump.c:948
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"“%sâ€\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr "no key usage specified - assuming all usages\n"
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "error getting key usage information: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr "certificate should have not been used for certification\n"
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr "certificate should have not been used for OCSP response signing\n"
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr "certificate should have not been used for encryption\n"
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr "certificate should have not been used for signing\n"
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr "certificate is not usable for encryption\n"
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr "certificate is not usable for signing\n"
+
+#: sm/certreqgen.c:474
+#, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "line %d: invalid algorithm\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr "line %d: invalid key length %u (valid are %d to %d)\n"
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr "line %d: no subject name given\n"
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr "line %d: invalid subject name label ‘%.*s’\n"
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr "line %d: invalid subject name ‘%s’ at pos %d\n"
+
+#: sm/certreqgen.c:534
+#, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "line %d: not a valid email address\n"
+
+#: sm/certreqgen.c:546
+#, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "line %d: error reading key ‘%s’ from card: %s\n"
+
+#: sm/certreqgen.c:558
+#, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "line %d: error getting key by keygrip ‘%s’: %s\n"
+
+#: sm/certreqgen.c:574
+#, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "line %d: key generation failed: %s <%s>\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+
+#: sm/certreqgen-ui.c:158
+#, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA\n"
+
+#: sm/certreqgen-ui.c:159
+#, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) Existing key\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr " (%d) Existing key from card\n"
+
+#: sm/certreqgen-ui.c:202
+msgid "Enter the keygrip: "
+msgstr "Enter the keygrip: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr "Not a valid keygrip (expecting 40 hex digits)\n"
+
+#: sm/certreqgen-ui.c:212
+msgid "No key with this keygrip\n"
+msgstr "No key with this keygrip\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, c-format
+msgid "error reading the card: %s\n"
+msgstr "error reading the card: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "Serial number of the card: %s\n"
+
+#: sm/certreqgen-ui.c:245
+msgid "Available keys:\n"
+msgstr "Available keys:\n"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "Possible actions for a %s key:\n"
+
+#: sm/certreqgen-ui.c:277
+#, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) sign, encrypt\n"
+
+#: sm/certreqgen-ui.c:278
+#, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) sign\n"
+
+#: sm/certreqgen-ui.c:279
+#, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) encrypt\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr "Enter the X.509 subject name: "
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr "No subject name given\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr "Invalid subject name label ‘%.*s’\n"
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "Invalid subject name ‘%s’\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+
+#: sm/certreqgen-ui.c:334
+msgid "Enter email addresses"
+msgstr "Enter email addresses"
+
+#: sm/certreqgen-ui.c:335
+msgid " (end with an empty line):\n"
+msgstr " (end with an empty line):\n"
+
+#: sm/certreqgen-ui.c:339
+msgid "Enter DNS names"
+msgstr "Enter DNS names"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+msgid " (optional; end with an empty line):\n"
+msgstr " (optional; end with an empty line):\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr "Enter URIs"
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr "Parameters to be used for the certificate request:\n"
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr "Now creating certificate request. This may take a while ...\n"
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr "Ready. You should now send this request to your CA.\n"
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr "resource problem: out of core\n"
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr "(this is the RC2 algorithm)\n"
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr "(this does not seem to be an encrypted message)\n"
+
+#: sm/delete.c:51 sm/delete.c:112
+#, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "certificate ‘%s’ not found: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, c-format
+msgid "error locking keybox: %s\n"
+msgstr "error locking keybox: %s\n"
+
+#: sm/delete.c:143
+#, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "duplicated certificate ‘%s’ deleted\n"
+
+#: sm/delete.c:145
+#, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "certificate ‘%s’ deleted\n"
+
+#: sm/delete.c:175
+#, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "deleting certificate “%s†failed: %s\n"
+
+#: sm/encrypt.c:321
+msgid "no valid recipients given\n"
+msgstr "no valid recipients given\n"
+
+#: sm/gpgsm.c:197
+msgid "list external keys"
+msgstr "list external keys"
+
+#: sm/gpgsm.c:199
+msgid "list certificate chain"
+msgstr "list certificate chain"
+
+#: sm/gpgsm.c:206
+msgid "import certificates"
+msgstr "import certificates"
+
+#: sm/gpgsm.c:207
+msgid "export certificates"
+msgstr "export certificates"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr "register a smartcard"
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr "pass a command to the dirmngr"
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr "invoke gpg-protect-tool"
+
+#: sm/gpgsm.c:230
+msgid "create base-64 encoded output"
+msgstr "create base-64 encoded output"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr "assume input is in PEM format"
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr "assume input is in base-64 format"
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr "assume input is in binary format"
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr "use system's dirmngr if available"
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr "never consult a CRL"
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr "check validity using OCSP"
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr "|N|number of certificates to include"
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr "|FILE|take policy information from FILE"
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr "do not check certificate policies"
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr "fetch missing issuer certificates"
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "don't use the terminal at all"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr "|FILE|write a server mode log to FILE"
+
+#: sm/gpgsm.c:290
+msgid "|FILE|write an audit log to FILE"
+msgstr "|FILE|write an audit log to FILE"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "batch mode: never ask"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "assume yes on most questions"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "assume no on most questions"
+
+#: sm/gpgsm.c:298
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "|FILE|add keyring to the list of keyrings"
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|USER-ID|use USER-ID as default secret key"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|use this keyserver to lookup keys"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NAME|use cipher algorithm NAME"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NAME|use message digest algorithm NAME"
+
+#: sm/gpgsm.c:522
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Usage: gpgsm [options] [files] (-h for help)"
+
+#: sm/gpgsm.c:525
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+
+#: sm/gpgsm.c:617
+msgid "usage: gpgsm [options] "
+msgstr "usage: gpgsm [options] "
+
+#: sm/gpgsm.c:739
+#, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "NOTE: won't be able to encrypt to ‘%s’: %s\n"
+
+#: sm/gpgsm.c:750
+#, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "unknown validation model ‘%s’\n"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: no hostname given\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: password given without user\n"
+
+#: sm/gpgsm.c:841
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: skipping this line\n"
+
+#: sm/gpgsm.c:1376
+msgid "could not parse keyserver\n"
+msgstr "could not parse keyserver\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr "WARNING: running with faked system time: "
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "importing common certificates ‘%s’\n"
+
+#: sm/gpgsm.c:1597
+#, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "can't sign using ‘%s’: %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr "invalid command (there is no implicit command)\n"
+
+#: sm/import.c:111
+#, c-format
+msgid "total number processed: %lu\n"
+msgstr "total number processed: %lu\n"
+
+#: sm/import.c:230
+msgid "error storing certificate\n"
+msgstr "error storing certificate\n"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr "basic certificate checks failed - not imported\n"
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+msgid "failed to allocate keyDB handle\n"
+msgstr "failed to allocate keyDB handle\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "error getting stored flags: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, c-format
+msgid "error importing certificate: %s\n"
+msgstr "error importing certificate: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, c-format
+msgid "error reading input: %s\n"
+msgstr "error reading input: %s\n"
+
+#: sm/keydb.c:187
+#, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "error creating keybox ‘%s’: %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr "you may want to start the gpg-agent first\n"
+
+#: sm/keydb.c:195
+#, c-format
+msgid "keybox `%s' created\n"
+msgstr "keybox ‘%s’ created\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+msgid "failed to get the fingerprint\n"
+msgstr "failed to get the fingerprint\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr "problem looking for existing certificate: %s\n"
+
+#: sm/keydb.c:1348
+#, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "error finding writable keyDB: %s\n"
+
+#: sm/keydb.c:1356
+#, c-format
+msgid "error storing certificate: %s\n"
+msgstr "error storing certificate: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "problem re-searching certificate: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, c-format
+msgid "error storing flags: %s\n"
+msgstr "error storing flags: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr "Error - "
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr "GPG_TTY has not been set - using maybe bogus default\n"
+
+#: sm/qualified.c:105
+#, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "invalid formatted fingerprint in ‘%s’, line %d\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr "invalid country code in ‘%s’, line %d\n"
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+"You are about to create a signature using your certificate:\n"
+"“%sâ€\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+"You are about to create a signature using your certificate:\n"
+"“%sâ€\n"
+"Note, that this certificate will NOT create a qualified signature!"
+
+#: sm/sign.c:449
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr "hash algorithm used for signer %d: %s (%s)\n"
+
+#: sm/sign.c:513
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "checking for qualified certificate failed: %s\n"
+
+#: sm/verify.c:449
+msgid "Signature made "
+msgstr "Signature made "
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr "[date not given]"
+
+#: sm/verify.c:454
+#, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr " using certificate ID 0x%08lX\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+"invalid signature: message digest attribute does not match computed one\n"
+
+#: sm/verify.c:594
+msgid "Good signature from"
+msgstr "Good signature from"
+
+#: sm/verify.c:595
+msgid " aka"
+msgstr " aka"
+
+#: sm/verify.c:613
+msgid "This is a qualified signature\n"
+msgstr "This is a qualified signature\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+msgid "quiet"
+msgstr "quiet"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr "print data out hex encoded"
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr "decode received data lines"
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr "|NAME|connect to Assuan socket NAME"
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr "run the Assuan server given on the command line"
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr "do not use extended connect mode"
+
+#: tools/gpg-connect-agent.c:80
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|FILE|run commands from FILE on startup"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr "run /subst on startup"
+
+#: tools/gpg-connect-agent.c:184
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Usage: gpg-connect-agent [options] (-h for help)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr "option “%s†requires a program and optional arguments\n"
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr "option “%s†ignored due to “%sâ€\n"
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, c-format
+msgid "receiving line failed: %s\n"
+msgstr "receiving line failed: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+msgid "line too long - skipped\n"
+msgstr "line too long - skipped\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr "line shortened due to embedded Nul character\n"
+
+#: tools/gpg-connect-agent.c:1743
+#, c-format
+msgid "unknown command `%s'\n"
+msgstr "unknown command ‘%s’\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, c-format
+msgid "sending line failed: %s\n"
+msgstr "sending line failed: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, c-format
+msgid "error sending %s command: %s\n"
+msgstr "error sending %s command: %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, c-format
+msgid "error sending standard options: %s\n"
+msgstr "error sending standard options: %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr "Options controlling the diagnostic output"
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr "Options controlling the configuration"
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr "Options useful for debugging"
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr "|FILE|write server mode logs to FILE"
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr "Options controlling the security"
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr "|N|expire SSH keys after N seconds"
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr "|N|set maximum PIN cache lifetime to N seconds"
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr "|N|set maximum SSH key lifetime to N seconds"
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr "Options enforcing a passphrase policy"
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr "do not allow to bypass the passphrase policy"
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr "|N|set minimal required length for new passphrases to N"
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr "|N|require at least N non-alpha characters for a new passphrase"
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr "|FILE|check new passphrases against pattern in FILE"
+
+#: tools/gpgconf-comp.c:557
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|expire the passphrase after N days"
+
+#: tools/gpgconf-comp.c:561
+msgid "do not allow the reuse of old passphrases"
+msgstr "do not allow the reuse of old passphrases"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NAME|use NAME as default secret key"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NAME|encrypt to user ID NAME as well"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr "|SPEC|set up email aliases"
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr "Configuration for Keyservers"
+
+#: tools/gpgconf-comp.c:688
+msgid "|URL|use keyserver at URL"
+msgstr "|URL|use keyserver at URL"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr "allow PKA lookups (DNS requests)"
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr "disable all access to the dirmngr"
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NAME|use encoding NAME for PKCS#12 passphrases"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr "do not check CRLs for root certificates"
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr "Options controlling the format of the output"
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr "Options controlling the interactivity and enforcement"
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr "Configuration for HTTP servers"
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr "use system's HTTP proxy setting"
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr "Configuration of LDAP servers to use"
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr "LDAP server list"
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr "Configuration for OCSP"
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr "External verification of component %s failed"
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr "Note that group specifications are ignored\n"
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr "list all components"
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr "check all programs"
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr "|COMPONENT|list options"
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr "|COMPONENT|change options"
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr "|COMPONENT|check options"
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr "apply global default values"
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr "get the configuration directories for gpgconf"
+
+#: tools/gpgconf.c:72
+msgid "list global configuration file"
+msgstr "list global configuration file"
+
+#: tools/gpgconf.c:74
+msgid "check global configuration file"
+msgstr "check global configuration file"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "use as output file"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr "activate changes at runtime, if possible"
+
+#: tools/gpgconf.c:105
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Usage: gpgconf [options] (-h for help)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+msgid "usage: gpgconf [options] "
+msgstr "usage: gpgconf [options] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr "Need one component argument"
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+msgid "Component not found"
+msgstr "Component not found"
+
+#: tools/gpgconf.c:284
+msgid "No argument allowed"
+msgstr "No argument allowed"
+
+#: tools/symcryptrun.c:154
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@\n"
+"Commands:\n"
+" "
+
+#: tools/symcryptrun.c:156
+msgid "decryption modus"
+msgstr "decryption modus"
+
+#: tools/symcryptrun.c:157
+msgid "encryption modus"
+msgstr "encryption modus"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr "tool class (confucius)"
+
+#: tools/symcryptrun.c:162
+msgid "program filename"
+msgstr "program filename"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr "secret key file (required)"
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr "input file name (default stdin)"
+
+#: tools/symcryptrun.c:209
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Usage: symcryptrun [options] (-h for help)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+
+#: tools/symcryptrun.c:281
+#, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s on %s aborted with status %i\n"
+
+#: tools/symcryptrun.c:288
+#, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "%s on %s failed with status %i\n"
+
+#: tools/symcryptrun.c:314
+#, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "can't create temporary directory ‘%s’: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "could not open %s for writing: %s\n"
+
+#: tools/symcryptrun.c:382
+#, c-format
+msgid "error writing to %s: %s\n"
+msgstr "error writing to %s: %s\n"
+
+#: tools/symcryptrun.c:389
+#, c-format
+msgid "error reading from %s: %s\n"
+msgstr "error reading from %s: %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, c-format
+msgid "error closing %s: %s\n"
+msgstr "error closing %s: %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr "no --program option provided\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr "only --decrypt and --encrypt are supported\n"
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr "no --keyfile option provided\n"
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr "cannot allocate args vector\n"
+
+#: tools/symcryptrun.c:529
+#, c-format
+msgid "could not create pipe: %s\n"
+msgstr "could not create pipe: %s\n"
+
+#: tools/symcryptrun.c:536
+#, c-format
+msgid "could not create pty: %s\n"
+msgstr "could not create pty: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr "could not fork: %s\n"
+
+#: tools/symcryptrun.c:580
+#, c-format
+msgid "execv failed: %s\n"
+msgstr "execv failed: %s\n"
+
+#: tools/symcryptrun.c:609
+#, c-format
+msgid "select failed: %s\n"
+msgstr "select failed: %s\n"
+
+#: tools/symcryptrun.c:626
+#, c-format
+msgid "read failed: %s\n"
+msgstr "read failed: %s\n"
+
+#: tools/symcryptrun.c:678
+#, c-format
+msgid "pty read failed: %s\n"
+msgstr "pty read failed: %s\n"
+
+#: tools/symcryptrun.c:730
+#, c-format
+msgid "waitpid failed: %s\n"
+msgstr "waitpid failed: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr "child aborted with status %i\n"
+
+#: tools/symcryptrun.c:799
+#, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "cannot allocate infile string: %s\n"
+
+#: tools/symcryptrun.c:812
+#, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "cannot allocate outfile string: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr "either %s or %s must be given\n"
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr "no class provided\n"
+
+#: tools/symcryptrun.c:1022
+#, c-format
+msgid "class %s is not supported\n"
+msgstr "class %s is not supported\n"
+
+#: tools/gpg-check-pattern.c:145
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
diff --git a/po/eo.gmo b/po/eo.gmo
new file mode 100644
index 0000000..1cdfa82
--- /dev/null
+++ b/po/eo.gmo
Binary files differ
diff --git a/po/eo.po b/po/eo.po
new file mode 100644
index 0000000..b48a3f3
--- /dev/null
+++ b/po/eo.po
@@ -0,0 +1,10135 @@
+# Mesaøoj por la programo GnuPG
+# Copyright (C) 2000, 2001, 2002 Free Software Foundation, Inc.
+# Edmund GRIMLEY EVANS <edmundo@rano.org>, 2000-2002.
+# !--- psbl.surriel.com rejected (2011-01-11)
+# Designated-Translator: none
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.0.6d\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2002-04-14 14:33+0100\n"
+"Last-Translator: Edmund GRIMLEY EVANS <edmundo@rano.org>\n"
+"Language-Team: Esperanto <translation-team-eo@lists.sourceforge.net>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=iso-8859-3\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr ""
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "pasfrazo estas tro longa\n"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "pasfrazo estas tro longa\n"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Nevalida signo en nomo\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "malbona MPI"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "malbona pasfrazo"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "malbona pasfrazo"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "protekto-metodo %d%s ne estas realigita\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "ne povas krei '%s': %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "ne povas malfermi '%s': %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "eraro dum skribado de sekreta þlosilaro '%s': %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "neniu skribebla sekreta þlosilaro trovita: %s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "forviþo de þlosilbloko malsukcesis: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "eraro dum skribado de þlosilaro '%s': %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "þanøi la pasfrazon"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: malsukcesis krei haktabelon: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+#, fuzzy
+msgid "Admin PIN"
+msgstr "Donu la uzantidentigilon: "
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Ripetu pasfrazon: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Ripetu pasfrazon: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Ripetu pasfrazon: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "la pasfrazo ne estis øuste ripetita; provu denove"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "la pasfrazo ne estis øuste ripetita; provu denove"
+
+#: agent/divert-scd.c:298
+#, fuzzy
+msgid "PIN not correctly repeated; try again"
+msgstr "la pasfrazo ne estis øuste ripetita; provu denove"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr ""
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "skribas al '%s'\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "Donu pasfrazon\n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Æu tamen uzi æi tiun þlosilon? "
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"Vi bezonas pasfrazon por protekti vian sekretan þlosilon.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "þanøi la pasfrazon"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opcioj:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "detala eligo"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "iom malpli da informoj"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "seræi þlosilojn æe þlosilservilo"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr "Æu vere aktualigi la preferojn por la elektitaj uzantidentigiloj? "
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "aktualigi la fido-datenaron"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Bonvolu raporti cimojn al <gnupg-bugs@gnu.org>.\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "NOTO: mankas implicita opcio-dosiero '%s'\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "opcio-dosiero '%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "legas opciojn el '%s'\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "eraro dum kreado de '%s': %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, fuzzy, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "%s: ne povas krei dosierujon: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "ne povas krei %s: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, fuzzy, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "Valida atestilrevoko"
+
+#: agent/gpg-agent.c:1525
+#, fuzzy
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "gpg-agent ne estas disponata en æi tiu sesio\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "eraro dum sendo al '%s': %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "aktualigo malsukcesis: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "skribas sekretan þlosilon al '%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, fuzzy, c-format
+msgid "directory `%s' created\n"
+msgstr "%s: dosierujo kreita\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "fido-datenaro: lego malsukcesis (n=%d): %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "%s: ne povas krei dosierujon: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "aktualigo de sekreto malsukcesis: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "\t%lu þlosiloj ignoritaj\n"
+
+#: agent/gpg-agent.c:2232
+#, fuzzy
+msgid "no gpg-agent running in this session\n"
+msgstr "gpg-agent ne estas disponata en æi tiu sesio\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "malbona valoro de la media variablo GPG_AGENT_INFO\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "protokolversio %d de gpg-agent ne estas uzebla\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Komandoj:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opcioj:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "malbona pasfrazo"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "nuligita de uzanto\n"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "þlosilo '%s' ne trovita: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "sekretaj þlosilpartoj ne estas disponataj\n"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "kiraso: %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "jes"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "þanøi la pasfrazon"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "ne povas malfermi %s: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "eraro dum skribado de sekreta þlosilaro '%s': %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "eraro dum kreado de '%s': %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "%s: uzanto ne trovita\n"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent ne estas disponata en æi tiu sesio\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "ne povas konektiøi al '%s': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "komunikproblemo kun gpg-agent\n"
+
+#: common/simple-pwquery.c:416
+#, fuzzy
+msgid "problem setting the gpg-agent options\n"
+msgstr "problemo kun agento: agento redonas 0x%lx\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "nuligita de uzanto\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+#, fuzzy
+msgid "problem with the agent\n"
+msgstr "problemo kun agento: agento redonas 0x%lx\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "ne povas malþalti kreadon de core-dosieroj: %s\n"
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+#, fuzzy
+msgid "yes"
+msgstr "jes"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "jJ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "ne"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "fini"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "fF"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+#, fuzzy
+msgid "cC"
+msgstr "k"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "Bona atestilo"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "Bona atestilo"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "Bona atestilo"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "Bona atestilo"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "Bona atestilo"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "Bona atestilo"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "Valida atestilrevoko"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr ""
+"Neniom da atestiloj trovitaj kun nedifinita fidovaloro.\n"
+"\n"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "Nenia helpo disponata"
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: þlosilaro kreita\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "kiraso: %s\n"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Realigitaj metodoj:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "ne æifrita"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "nevalida kompendi-metodo '%s'\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Æi tiu þlosilo eksvalidiøos je %s.\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "nevalida kompendi-metodo '%s'\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "protekto-metodo %d%s ne estas realigita\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "kontrolo de subskribo estas malþaltita\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "Æi tiu þlosilo eksvalidiøos je %s.\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "Bona subskribo de \""
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "nevalida kompendi-metodo '%s'\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "Æi tiu þlosilo eksvalidiøos je %s.\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "Valida atestilrevoko"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr ""
+"Neniom da atestiloj trovitaj kun nedifinita fidovaloro.\n"
+"\n"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "Bona atestilo"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Nenia helpo disponata"
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "Bona atestilo"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "Nevalida atestilo"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "nekonata versio"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "Nenia helpo disponata por '%s'"
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "eraro en vostolinio\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "nekonata versio"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "kiraso: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "nevalida kirasoæapo: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "kirasoæapo: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "nevalida æapo de klarteksta subskribo\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "kirasoæapo: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "ingitaj klartekstaj subskriboj\n"
+
+#: g10/armor.c:643
+#, fuzzy
+msgid "unexpected armor: "
+msgstr "neatendita kiraso:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "nevalida strek-eskapita linio: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, fuzzy, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "nevalida signo %02x en bazo 64 ignorita\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "tro frua dosierfino (nenia CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "tro frua dosierfino (en CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "misformita CRC\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, fuzzy, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "CRC-eraro; %06lx - %06lx\n"
+
+#: g10/armor.c:919
+#, fuzzy
+msgid "premature eof (in trailer)\n"
+msgstr "tro frua dosierfino (en vosto)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "eraro en vostolinio\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "validaj OpenPGP-datenoj ne trovitaj.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "nevalida kiraso: linio pli longa ol %d signojn\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"quoted-printable-signo en kiraso - verþajne cima poþtotransendilo estis "
+"uzata\n"
+
+#: g10/build-packet.c:976
+#, fuzzy
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"notacia nomo devas enhavi nur literojn, ciferojn, punktojn aý substrekojn "
+"kaj fini per '='\n"
+
+#: g10/build-packet.c:988
+#, fuzzy
+msgid "a user notation name must contain the '@' character\n"
+msgstr "notacia valoro ne povas enhavi stirsignojn\n"
+
+#: g10/build-packet.c:994
+#, fuzzy
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "notacia valoro ne povas enhavi stirsignojn\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "notacia valoro ne povas enhavi stirsignojn\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "AVERTO: nevalida notacia dateno trovita\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "ne homlegebla"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, fuzzy, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "sekreta þlosilo ne havebla"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr ""
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+#, fuzzy
+msgid "can't do this in batch mode\n"
+msgstr "ne povas fari tion en neinteraga reøimo\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "Tiu komando ne eblas en la reøimo %s.\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "sekretaj þlosilpartoj ne estas disponataj\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Via elekto? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr ""
+
+#: g10/card-util.c:512
+#, fuzzy
+msgid "male"
+msgstr "en"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "female"
+msgstr "en"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "unspecified"
+msgstr "Nenia kialo specifita"
+
+#: g10/card-util.c:540
+#, fuzzy
+msgid "not forced"
+msgstr "ne traktita"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr ""
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr ""
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr ""
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr ""
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:693
+#, fuzzy
+msgid "URL to retrieve public key: "
+msgstr "skribas publikan þlosilon al '%s'\n"
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "eraro dum kreado de þlosilaro '%s': %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "eraro dum skribado de þlosilaro '%s': %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr ""
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:1005
+#, fuzzy
+msgid "Language preferences: "
+msgstr "aktualigitaj preferoj"
+
+#: g10/card-util.c:1013
+#, fuzzy
+msgid "Error: invalid length of preference string.\n"
+msgstr "nevalida signo en signoæeno\n"
+
+#: g10/card-util.c:1022
+#, fuzzy
+msgid "Error: invalid characters in preference string.\n"
+msgstr "nevalida signo en signoæeno\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr ""
+
+#: g10/card-util.c:1058
+#, fuzzy
+msgid "Error: invalid response.\n"
+msgstr "%s: nevalida dosiero-versio %d\n"
+
+#: g10/card-util.c:1080
+#, fuzzy
+msgid "CA fingerprint: "
+msgstr "Fingrospuro:"
+
+#: g10/card-util.c:1103
+#, fuzzy
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "%s: nevalida dosiero-versio %d\n"
+
+#: g10/card-util.c:1153
+#, fuzzy, c-format
+msgid "key operation not possible: %s\n"
+msgstr "Kreado de þlosiloj malsukcesis: %s\n"
+
+#: g10/card-util.c:1154
+#, fuzzy
+msgid "not an OpenPGP card"
+msgstr "validaj OpenPGP-datenoj ne trovitaj.\n"
+
+#: g10/card-util.c:1167
+#, fuzzy, c-format
+msgid "error getting current key info: %s\n"
+msgstr "eraro dum skribado de sekreta þlosilaro '%s': %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Kiun þlosilgrandon vi deziras? (1024) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Kiun þlosilgrandon vi deziras? (1024) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Kiun þlosilgrandon vi deziras? (1024) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "rondigita øis %u bitoj\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "eraro dum sendo al '%s': %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "ignorita: sekreta þlosilo jam æeestas\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+
+#: g10/card-util.c:1449
+#, fuzzy
+msgid "Please select the type of key to generate:\n"
+msgstr "Bonvolu elekti, kian þlosilon vi deziras:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+#, fuzzy
+msgid " (1) Signature key\n"
+msgstr "Æi tiu þlosilo eksvalidiøos je %s.\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+#, fuzzy
+msgid " (2) Encryption key\n"
+msgstr " (%d) RSA (nur æifri)\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr ""
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Nevalida elekto.\n"
+
+#: g10/card-util.c:1556
+#, fuzzy
+msgid "Please select where to store the key:\n"
+msgstr "Kialo por revoko: "
+
+#: g10/card-util.c:1600
+#, fuzzy
+msgid "unknown key protection algorithm\n"
+msgstr "nekonata densig-metodo"
+
+#: g10/card-util.c:1605
+#, fuzzy
+msgid "secret parts of key are not available\n"
+msgstr "Sekretaj partoj de æefa þlosilo ne estas disponataj.\n"
+
+#: g10/card-util.c:1610
+#, fuzzy
+msgid "secret key already stored on a card\n"
+msgstr "ignorita: sekreta þlosilo jam æeestas\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "eraro dum skribado de þlosilaro '%s': %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "forlasi æi tiun menuon"
+
+#: g10/card-util.c:1684
+#, fuzzy
+msgid "show admin commands"
+msgstr "malkongruaj komandoj\n"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "montri æi tiun helpon"
+
+#: g10/card-util.c:1687
+#, fuzzy
+msgid "list all available data"
+msgstr "Nenia helpo disponata"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr ""
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr ""
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr ""
+
+#: g10/card-util.c:1693
+#, fuzzy
+msgid "change the login name"
+msgstr "þanøi la daton de eksvalidiøo"
+
+#: g10/card-util.c:1694
+#, fuzzy
+msgid "change the language preferences"
+msgstr "þanøi la posedantofidon"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr ""
+
+#: g10/card-util.c:1696
+#, fuzzy
+msgid "change a CA fingerprint"
+msgstr "montri fingrospuron"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+#, fuzzy
+msgid "generate new keys"
+msgstr "krei novan þlosilparon"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr ""
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+#, fuzzy
+msgid "Admin-only command\n"
+msgstr "malkongruaj komandoj\n"
+
+#: g10/card-util.c:1895
+#, fuzzy
+msgid "Admin commands are allowed\n"
+msgstr "malkongruaj komandoj\n"
+
+#: g10/card-util.c:1897
+#, fuzzy
+msgid "Admin commands are not allowed\n"
+msgstr "skribas sekretan þlosilon al '%s'\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Nevalida komando (provu per \"helpo\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output ne funkcias por æi tiu komando\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "ne povas malfermi '%s'\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, fuzzy, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "þlosilo '%s' ne trovita: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "eraro dum legado de þlosilbloko: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr ""
+
+#: g10/delkey.c:133
+#, fuzzy
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "ne povas fari tion en neinteraga reøimo sen \"--yes\"\n"
+
+#: g10/delkey.c:145
+#, fuzzy
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Æu forviþi æi tiun þlosilon de la þlosilaro? "
+
+#: g10/delkey.c:153
+#, fuzzy
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Tio estas sekreta þlosilo! Æu vere forviþi øin? "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "forviþo de þlosilbloko malsukcesis: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr ""
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "estas sekreta þlosilo por la publika þlosilo \"%s\"!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "uzu la opcion \"--delete-secret-key\" por forviþi øin unue.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr ""
+
+#: g10/encode.c:246
+#, fuzzy, c-format
+msgid "using cipher %s\n"
+msgstr "subskribado malsukcesis: %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "'%s' jam densigita\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "AVERTO: '%s' estas malplena dosiero\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr "eblas æifri nur per RSA-þlosiloj de maksimume 2048 bitoj kun --pgp2\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "legas el '%s'\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr "ne povas uzi la æifron IDEA por æiuj þlosiloj, al kiuj vi æifras.\n"
+
+#: g10/encode.c:559
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "NOTO: æifrad-metodo %d ne trovita en preferoj\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr "NOTO: æifrad-metodo %d ne trovita en preferoj\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, fuzzy, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "Tiu komando ne eblas en la reøimo %s.\n"
+
+#: g10/encode.c:848
+#, fuzzy, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s-æifrita por: %s\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s-æifritaj datenoj\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "æifrita per nekonata metodo %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"AVERTO: mesaøo estis æifrita per malforta þlosilo en la simetria æifro.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "problemo æe traktado de æifrita paketo\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr ""
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+
+#: g10/exec.c:338
+#, fuzzy
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr "%s: eraro dum legado de versiregistro: %s\n"
+
+#: g10/exec.c:416
+#, fuzzy, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#: g10/exec.c:419
+#, fuzzy, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "ne povas malfermi %s: %s\n"
+
+#: g10/exec.c:510
+#, fuzzy, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "%s: eraro dum legado de versiregistro: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr ""
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr ""
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr ""
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr ""
+
+#: g10/exec.c:611
+#, fuzzy, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr ""
+"\n"
+"La subskribo estos markita kiel nerevokebla.\n"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr ""
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr "revoki flankan þlosilon"
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "neuzebla sekreta þlosilo"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+#, fuzzy
+msgid "exporting secret keys not allowed\n"
+msgstr "skribas sekretan þlosilon al '%s'\n"
+
+#: g10/export.c:367
+#, fuzzy, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "þlosilo %08lX: ne protektita - ignorita\n"
+
+#: g10/export.c:375
+#, fuzzy, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "þlosilo %08lX: PGP-2.x-stila þlosilo - ignorita\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "þlosilo %08lX: revokatestilo en maløusta loko - ignorita\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr ""
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "AVERTO: nenio estis eksportita\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "tro da registroj en pk-staplo - malþaltas\n"
+
+#: g10/getkey.c:175
+#, fuzzy
+msgid "[User ID not found]"
+msgstr "[Uzantidentigilo ne trovita]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "eraro dum kreado de '%s': %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "Fingrospuro:"
+
+#: g10/getkey.c:1930
+#, fuzzy, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr "Nevalida þlosilo %08lX validigita per --always-trust\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, fuzzy, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "estas sekreta þlosilo por la publika þlosilo \"%s\"!\n"
+
+#: g10/getkey.c:2759
+#, fuzzy, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "uzas flankan þlosilon %08lX anstataý la æefa þlosilo %08lX\n"
+
+#: g10/getkey.c:2806
+#, fuzzy, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "þlosilo %08lX: sekreta þlosilo sen publika þlosilo - ignorita\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "fari apartan subskribon"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[dosiero]|fari klartekstan subskribon"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "fari apartan subskribon"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "æifri datenojn"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "æifri nur kun simetria æifro"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "malæifri datenojn (implicita elekto)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "kontroli subskribon"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "listigi þlosilojn"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "listigi þlosilojn kaj subskribojn"
+
+#: g10/gpg.c:389
+#, fuzzy
+msgid "list and check key signatures"
+msgstr "kontroli þlosilsubskribojn"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "listigi þlosilojn kaj fingroþpurojn"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "listigi sekretajn þlosilojn"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "krei novan þlosilparon"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "krei revokatestilon"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "forigi þlosilojn de la publika þlosilaro"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "forigi þlosilojn de la sekreta þlosilaro"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "subskribi þlosilon"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "subskribi þlosilon loke"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "subskribi aý redakti þlosilon"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "þanøi la pasfrazon"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "eksporti þlosilojn"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "eksporti þlosilojn al þlosilservilo"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "importi þlosilojn de þlosilservilo"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "seræi þlosilojn æe þlosilservilo"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "aktualigi æiujn þlosilojn de þlosilservilo"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "importi/kunfandi þlosilojn"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr ""
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr ""
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr ""
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "aktualigi la fido-datenaron"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|metodo [dosieroj]|presi mesaøo-kompendiojn"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "krei eligon en askia kiraso"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|NOMO|æifri por NOMO"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "uzi æi tiun uzantidentigilon por subskribi aý malæifri"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|difini densig-nivelon N (0=nenia)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "uzi tekstan reøimon"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "fari neniajn þanøojn"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr ""
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr ""
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Vidu la manpaøon por kompleta listo de æiuj komandoj kaj opcioj)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Ekzemploj:\n"
+"\n"
+" -se -r Bob [dosiero] subskribi kaj æifri por uzanto Bob\n"
+" --clearsign [dosiero] fari klartekstan subskribon\n"
+" --detach-sign [dosiero] fari apartan subskribon\n"
+" --list-keys [nomoj] montri þlosilojn\n"
+" --fingerprint [nomoj] montri fingroþpurojn\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintakso: gpg [opcioj] [dosieroj]\n"
+"subskribi, kontroli, æifri aý malæifri\n"
+"implicita operacio dependas de la enigataj datenoj\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Realigitaj metodoj:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr ""
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr ""
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr ""
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+#, fuzzy
+msgid "Compression: "
+msgstr "Komento: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "uzado: gpg [opcioj] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "malkongruaj komandoj\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1373
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#: g10/gpg.c:1376
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#: g10/gpg.c:1379
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#: g10/gpg.c:1385
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
+
+#: g10/gpg.c:1388
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
+
+#: g10/gpg.c:1391
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
+
+#: g10/gpg.c:1397
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#: g10/gpg.c:1400
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#: g10/gpg.c:1403
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#: g10/gpg.c:1409
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
+
+#: g10/gpg.c:1412
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
+
+#: g10/gpg.c:1415
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
+
+#: g10/gpg.c:1595
+#, fuzzy, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "%s: nova opcio-dosiero kreita\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+#, fuzzy
+msgid "show all notations during signature listings"
+msgstr "Mankas responda subskribo en sekreta þlosilaro\n"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "la donita gvidlinia URL por subskriboj ne validas\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr "montri, en kiu þlosilaro estas listigita þlosilo"
+
+#: g10/gpg.c:1721
+#, fuzzy
+msgid "show expiration dates during signature listings"
+msgstr "Mankas responda subskribo en sekreta þlosilaro\n"
+
+#: g10/gpg.c:1855
+#, fuzzy, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "NOTO: mankas implicita opcio-dosiero '%s'\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "NOTO: %s ne estas por normala uzado!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, fuzzy, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "%s ne estas valida signaro\n"
+
+#: g10/gpg.c:2624
+#, fuzzy, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "%s ne estas valida signaro\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+#, fuzzy
+msgid "could not parse keyserver URL\n"
+msgstr "ne povis analizi URI de þlosilservilo\n"
+
+#: g10/gpg.c:2659
+#, fuzzy, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "AVERTO: '%s' estas malplena dosiero\n"
+
+#: g10/gpg.c:2662
+#, fuzzy
+msgid "invalid keyserver options\n"
+msgstr "nevalida þlosilaro"
+
+#: g10/gpg.c:2669
+#, fuzzy, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "AVERTO: '%s' estas malplena dosiero\n"
+
+#: g10/gpg.c:2672
+#, fuzzy
+msgid "invalid import options\n"
+msgstr "nevalida kiraso"
+
+#: g10/gpg.c:2679
+#, fuzzy, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "AVERTO: '%s' estas malplena dosiero\n"
+
+#: g10/gpg.c:2682
+#, fuzzy
+msgid "invalid export options\n"
+msgstr "nevalida þlosilaro"
+
+#: g10/gpg.c:2689
+#, fuzzy, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "AVERTO: '%s' estas malplena dosiero\n"
+
+#: g10/gpg.c:2692
+#, fuzzy
+msgid "invalid list options\n"
+msgstr "nevalida kiraso"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "%s ne estas valida signaro\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "la donita gvidlinia URL por subskriboj ne validas\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "%s ne estas valida signaro\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "%s ne estas valida signaro\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, fuzzy, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "AVERTO: '%s' estas malplena dosiero\n"
+
+#: g10/gpg.c:2732
+#, fuzzy
+msgid "invalid verify options\n"
+msgstr "nevalida þlosilaro"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr ""
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "AVERTO: '%s' estas malplena dosiero\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "AVERTO: programo povas krei core-dosieron!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "AVERTO: %s nuligas %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s ne eblas kun %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s ne havas sencon kun %s!\n"
+
+#: g10/gpg.c:3057
+#, fuzzy, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "skribas sekretan þlosilon al '%s'\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "eblas fari nur apartajn kaj klartekstajn subskribojn kun --pgp2\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "ne eblas samtempe subskribi kaj æifri kun --pgp2\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "necesas uzi dosierojn (kaj ne tubon) kun --pgp2\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "æifri mesaøon kun --pgp2 postulas la æifron IDEA\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "elektita æifrad-metodo ne validas\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "elektita kompendi-metodo ne validas\n"
+
+#: g10/gpg.c:3175
+#, fuzzy
+msgid "selected compression algorithm is invalid\n"
+msgstr "elektita æifrad-metodo ne validas\n"
+
+#: g10/gpg.c:3181
+#, fuzzy
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "elektita kompendi-metodo ne validas\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed devas esti pli granda ol 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed devas esti pli granda ol 1\n"
+
+#: g10/gpg.c:3200
+#, fuzzy
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth devas esti inter 1 kaj 255\n"
+
+#: g10/gpg.c:3202
+#, fuzzy
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "nevalida default-check-level; devas esti 0, 1, 2 aý 3\n"
+
+#: g10/gpg.c:3204
+#, fuzzy
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "nevalida default-check-level; devas esti 0, 1, 2 aý 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "NOTO: simpla S2K-reøimo (0) estas forte malrekomendata\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "nevalida S2K-reøimo; devas esti 0, 1 aý 3\n"
+
+#: g10/gpg.c:3218
+#, fuzzy
+msgid "invalid default preferences\n"
+msgstr "nevalidaj preferoj\n"
+
+#: g10/gpg.c:3222
+#, fuzzy
+msgid "invalid personal cipher preferences\n"
+msgstr "nevalidaj preferoj\n"
+
+#: g10/gpg.c:3226
+#, fuzzy
+msgid "invalid personal digest preferences\n"
+msgstr "nevalidaj preferoj\n"
+
+#: g10/gpg.c:3230
+#, fuzzy
+msgid "invalid personal compress preferences\n"
+msgstr "nevalidaj preferoj\n"
+
+#: g10/gpg.c:3263
+#, fuzzy, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s ne havas sencon kun %s!\n"
+
+#: g10/gpg.c:3310
+#, fuzzy, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "Tiu komando ne eblas en la reøimo %s.\n"
+
+#: g10/gpg.c:3315
+#, fuzzy, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "Tiu komando ne eblas en la reøimo %s.\n"
+
+#: g10/gpg.c:3320
+#, fuzzy, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "Tiu komando ne eblas en la reøimo %s.\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [dosiero]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [dosiero]"
+
+#: g10/gpg.c:3447
+#, fuzzy, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "malæifrado malsukcesis: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [dosiero]"
+
+#: g10/gpg.c:3470
+#, fuzzy
+msgid "--symmetric --encrypt [filename]"
+msgstr "--sign --encrypt [dosiero]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "Tiu komando ne eblas en la reøimo %s.\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [dosiero]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [dosiero]"
+
+#: g10/gpg.c:3521
+#, fuzzy
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--sign --encrypt [dosiero]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "Tiu komando ne eblas en la reøimo %s.\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [dosiero]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [dosiero]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [dosiero]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key uzantidentigilo"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key uzantidentigilo"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key uzantidentigilo [komandoj]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key uzantidentigilo"
+
+#: g10/gpg.c:3716
+#, fuzzy, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "Kreado de þlosiloj malsukcesis: %s\n"
+
+#: g10/gpg.c:3718
+#, fuzzy, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "listigo de sekretaj þlosiloj malsukcesis: %s\n"
+
+#: g10/gpg.c:3720
+#, fuzzy, c-format
+msgid "key export failed: %s\n"
+msgstr "Kreado de þlosiloj malsukcesis: %s\n"
+
+#: g10/gpg.c:3731
+#, fuzzy, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "get_dir_record: search_record malsukcesis: %s\n"
+
+#: g10/gpg.c:3741
+#, fuzzy, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "listigo de sekretaj þlosiloj malsukcesis: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "elkirasigo malsukcesis: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "enkirasigo malsukcesis: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "nevalida kompendi-metodo '%s'\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[dosiero]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Ektajpu vian mesaøon ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "la donita gvidlinia URL por atestado ne validas\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "la donita gvidlinia URL por subskriboj ne validas\n"
+
+#: g10/gpg.c:4358
+#, fuzzy
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "la donita gvidlinia URL por subskriboj ne validas\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "Æu forviþi æi tiun þlosilon de la þlosilaro? "
+
+#: g10/gpgv.c:76
+#, fuzzy
+msgid "make timestamp conflicts only a warning"
+msgstr "malkongruo de tempostampoj"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|skribi statusinformojn al FD (dosierpriskribilo)"
+
+#: g10/gpgv.c:117
+#, fuzzy
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
+
+#: g10/gpgv.c:119
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Nenia helpo disponata"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Nenia helpo disponata por '%s'"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "aktualigi la fido-datenaron"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr ""
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "neuzebla sekreta þlosilo"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "ignoras blokon de speco %d\n"
+
+#: g10/import.c:275
+#, fuzzy, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu þlosiloj jam traktitaj\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr " Nombro traktita entute: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " ignoritaj novaj þlosiloj: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " sen uzantidentigilo: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importitaj: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " neþanøitaj: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " novaj uzantidentigiloj: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " novaj subþlosiloj: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " novaj subskriboj: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " novaj þlosilrevokoj: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " sekretaj þlosiloj legitaj: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr "sekretaj þlosiloj importitaj: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr "sekretaj þlosiloj neþanøitaj: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, fuzzy, c-format
+msgid " not imported: %lu\n"
+msgstr " importitaj: %lu"
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " novaj subskriboj: %lu\n"
+
+#: g10/import.c:325
+#, fuzzy, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " sekretaj þlosiloj legitaj: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:662
+#, fuzzy, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr "%s-subskribo de: %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, fuzzy, c-format
+msgid "key %s: no user ID\n"
+msgstr "þlosilo %08lX: mankas uzantidentigilo\n"
+
+#: g10/import.c:795
+#, fuzzy, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "þlosilo %08lX: mankas subþlosilo por þlosilbindado\n"
+
+#: g10/import.c:810
+#, fuzzy, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "þlosilo %08lX: akceptis ne-mem-subskribitan uzantidentigilon '"
+
+#: g10/import.c:816
+#, fuzzy, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "þlosilo %08lX: mankas valida uzantidentigilo\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "tio povas esti kaýzata de mankanta mem-subskribo\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, fuzzy, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "þlosilo %08lX: publika þlosilo ne trovita: %s\n"
+
+#: g10/import.c:834
+#, fuzzy, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "þlosilo %08lX: nova þlosilo - ignorita\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "neniu skribebla þlosilaro trovita: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "skribas al '%s'\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "eraro dum skribado de þlosilaro '%s': %s\n"
+
+#: g10/import.c:871
+#, fuzzy, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "þlosilo %08lX: publika þlosilo importita\n"
+
+#: g10/import.c:895
+#, fuzzy, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "þlosilo %08lX: diferencas de nia kopio\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, fuzzy, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "þlosilo %08lX: ne povas trovi originalan þlosilblokon: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, fuzzy, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "þlosilo %08lX: ne povas legi originalan þlosilblokon: %s\n"
+
+#: g10/import.c:962
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "þlosilo %08lX: 1 nova uzantidentigilo\n"
+
+#: g10/import.c:965
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "þlosilo %08lX: %d novaj uzantidentigiloj\n"
+
+#: g10/import.c:968
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "þlosilo %08lX: 1 nova subskribo\n"
+
+#: g10/import.c:971
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "þlosilo %08lX: %d novaj subskriboj\n"
+
+#: g10/import.c:974
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "þlosilo %08lX: 1 nova subþlosilo\n"
+
+#: g10/import.c:977
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "þlosilo %08lX: %d novaj subþlosiloj\n"
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "þlosilo %08lX: %d novaj subskriboj\n"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "þlosilo %08lX: %d novaj subskriboj\n"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "þlosilo %08lX: %d novaj uzantidentigiloj\n"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "þlosilo %08lX: %d novaj uzantidentigiloj\n"
+
+#: g10/import.c:1013
+#, fuzzy, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "þlosilo %08lX: ne þanøita\n"
+
+#: g10/import.c:1185
+#, fuzzy, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "þlosilo %08lX: sekreta þlosilo sen publika þlosilo - ignorita\n"
+
+#: g10/import.c:1196
+#, fuzzy
+msgid "importing secret keys not allowed\n"
+msgstr "skribas sekretan þlosilon al '%s'\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "mankas implicita sekreta þlosilaro: %s\n"
+
+#: g10/import.c:1224
+#, fuzzy, c-format
+msgid "key %s: secret key imported\n"
+msgstr "þlosilo %08lX: sekreta þlosilo importita\n"
+
+#: g10/import.c:1254
+#, fuzzy, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "þlosilo %08lX: jam en sekreta þlosilaro\n"
+
+#: g10/import.c:1264
+#, fuzzy, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "þlosilo %08lX: sekreta þlosilo ne trovita: %s\n"
+
+#: g10/import.c:1296
+#, fuzzy, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"þlosilo %08lX: publika þlosilo mankas - ne povas apliki revokatestilon\n"
+
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "þlosilo %08lX: nevalida revokatestilo: %s - malakceptita\n"
+
+#: g10/import.c:1371
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "þlosilo %08lX: revokatestilo importita\n"
+
+#: g10/import.c:1447
+#, fuzzy, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "þlosilo %08lX: mankas uzantidentigilo por subskribo\n"
+
+#: g10/import.c:1464
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr "þlosilo %08lX: nerealigita publikþlosila metodo\n"
+
+#: g10/import.c:1466
+#, fuzzy, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "þlosilo %08lX: nevalida mem-subskribo\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "þlosilo %08lX: nerealigita publikþlosila metodo\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "þlosilo %08lX: rekta þlosilsubskribo aldonita\n"
+
+#: g10/import.c:1498
+#, fuzzy, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "þlosilo %08lX: mankas subþlosilo por þlosilbindado\n"
+
+#: g10/import.c:1511
+#, fuzzy, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "þlosilo %08lX: nevalida subþlosila bindado\n"
+
+#: g10/import.c:1527
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "þlosilo %08lX: nevalida subþlosila bindado\n"
+
+#: g10/import.c:1549
+#, fuzzy, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "þlosilo %08lX: mankas subþlosilo por þlosilbindado\n"
+
+#: g10/import.c:1562
+#, fuzzy, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "þlosilo %08lX.%lu: Valida subþlosilrevoko\n"
+
+#: g10/import.c:1577
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "þlosilo %08lX: nevalida subþlosila bindado\n"
+
+#: g10/import.c:1618
+#, fuzzy, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "þlosilo %08lX: ignoris uzantidentigilon '"
+
+#: g10/import.c:1639
+#, fuzzy, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "þlosilo %08lX: ignoris subþlosilon\n"
+
+#: g10/import.c:1666
+#, fuzzy, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "þlosilo %08lX: neeksportebla subskribo (klaso %02x) - ignorita\n"
+
+#: g10/import.c:1676
+#, fuzzy, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "þlosilo %08lX: revokatestilo en maløusta loko - ignorita\n"
+
+#: g10/import.c:1693
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "þlosilo %08lX: nevalida revokatestilo: %s - ignorita\n"
+
+#: g10/import.c:1707
+#, fuzzy, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "þlosilo %08lX: revokatestilo en maløusta loko - ignorita\n"
+
+#: g10/import.c:1715
+#, fuzzy, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "þlosilo %08lX: neeksportebla subskribo (klaso %02x) - ignorita\n"
+
+#: g10/import.c:1844
+#, fuzzy, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "þlosilo %08lX: trovis ripetitan uzantidentigilon - kunfandita\n"
+
+#: g10/import.c:1906
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr "AVERTO: Æi tiu þlosilo estas revokita de sia posedanto!\n"
+
+#: g10/import.c:1920
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr "AVERTO: Æi tiu þlosilo estas revokita de sia posedanto!\n"
+
+#: g10/import.c:1979
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "þlosilo %08lX: revokatestilo aldonita\n"
+
+#: g10/import.c:2013
+#, fuzzy, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "þlosilo %08lX: rekta þlosilsubskribo aldonita\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr ""
+
+#: g10/import.c:2422
+#, fuzzy
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "ignorita: sekreta þlosilo jam æeestas\n"
+
+#: g10/import.c:2424
+#, fuzzy
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "ignorita: sekreta þlosilo jam æeestas\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "eraro dum kreado de þlosilaro '%s': %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "þlosilaro '%s' kreita\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, fuzzy, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "eraro dum kreado de '%s': %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "malsukcesis rekonstrui þlosilaran staplon: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[revoko]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[mem-subskribo]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 malbona subskribo\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d malbonaj subskriboj\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 subskribo ne kontrolita pro manko de þlosilo\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d subskriboj ne kontrolitaj pro manko de þlosiloj\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 subskribo ne kontrolita pro eraro\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d subskriboj ne kontrolitaj pro eraroj\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "1 uzantidentigilo sen valida mem-subskribo estis trovita\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "%d uzantidentigiloj sen valida mem-subskribo estis trovitaj\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+#, fuzzy
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Bonvolu decidi, kiagrade vi fidas al æi tiu uzanto øuste\n"
+"kontroli la þlosilojn de aliaj uzantoj (rigardante pasportojn,\n"
+"kontrolante fingrospurojn el diversaj fontoj ...)?\n"
+"\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, fuzzy, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Mi fidas iomete\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, fuzzy, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Mi plene fidas\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, fuzzy, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+#, fuzzy
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Æu vi estas certa, ke vi ankoraý volas subskribi øin?\n"
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr ""
+
+#: g10/keyedit.c:626
+#, fuzzy, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
+
+#: g10/keyedit.c:654
+#, fuzzy, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "AVERTO: '%s' estas malplena dosiero\n"
+
+#: g10/keyedit.c:682
+#, fuzzy, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "AVERTO: '%s' estas malplena dosiero\n"
+
+#: g10/keyedit.c:684
+#, fuzzy
+msgid "Sign it? (y/N) "
+msgstr "Æu vere subskribi? "
+
+#: g10/keyedit.c:706
+#, fuzzy, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"Via aktuala subskribo sur \"%s\"\n"
+"estas loka subskribo.\n"
+"\n"
+"Æu vi volas igi øin plena eksportebla subskribo?\n"
+
+#: g10/keyedit.c:715
+#, fuzzy
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr ""
+"Via aktuala subskribo sur \"%s\"\n"
+"estas loka subskribo.\n"
+"\n"
+"Æu vi volas igi øin plena eksportebla subskribo?\n"
+
+#: g10/keyedit.c:729
+#, fuzzy, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Via aktuala subskribo sur \"%s\"\n"
+"estas loka subskribo.\n"
+"\n"
+"Æu vi volas igi øin plena eksportebla subskribo?\n"
+
+#: g10/keyedit.c:733
+#, fuzzy
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "Æu vi volas, ke via subskribo eksvalidiøu je la sama tempo? (j/n) "
+
+#: g10/keyedit.c:754
+#, fuzzy, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Via aktuala subskribo sur \"%s\"\n"
+"estas loka subskribo.\n"
+"\n"
+"Æu vi volas igi øin plena eksportebla subskribo?\n"
+
+#: g10/keyedit.c:758
+#, fuzzy
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr ""
+"Via aktuala subskribo sur \"%s\"\n"
+"estas loka subskribo.\n"
+"\n"
+"Æu vi volas igi øin plena eksportebla subskribo?\n"
+
+#: g10/keyedit.c:779
+#, fuzzy, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" jam estis %ssubskribita per þlosilo %08lX\n"
+
+#: g10/keyedit.c:782
+#, fuzzy, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" jam estis %ssubskribita per þlosilo %08lX\n"
+
+#: g10/keyedit.c:787
+#, fuzzy
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Æu vi estas certa, ke vi ankoraý volas subskribi øin?\n"
+
+#: g10/keyedit.c:809
+#, fuzzy, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Nenio por subskribi per þlosilo %08lX\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Æi tiu þlosilo eksvalidiøis!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Æi tiu þlosilo eksvalidiøos je %s.\n"
+
+#: g10/keyedit.c:848
+#, fuzzy
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Æu vi volas, ke via subskribo eksvalidiøu je la sama tempo? (j/n) "
+
+#: g10/keyedit.c:888
+#, fuzzy
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr "eblas subskribi nur per PGP-2.x-stilaj þlosiloj kun --pgp2\n"
+
+#: g10/keyedit.c:890
+#, fuzzy
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "æi tiu mesaøo povas ne esti uzebla de PGP 2.x\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Kiom zorge vi kontrolis, ke la þlosilo, kiun vi subskribos, vere apartenas\n"
+"al la supre nomita persono? Se vi ne scias la respondon, donu \"0\".\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Mi ne respondas.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Mi tute ne kontrolis.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Mi malzorge kontrolis.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Mi tre zorge kontrolis.%s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr ""
+
+#: g10/keyedit.c:956
+#, fuzzy, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Æu vi estas tute certa, ke vi volas subskribi æi tiun þlosilon\n"
+"per via þlosilo: \""
+
+#: g10/keyedit.c:963
+#, fuzzy
+msgid "This will be a self-signature.\n"
+msgstr "tio povas esti kaýzata de mankanta mem-subskribo\n"
+
+#: g10/keyedit.c:969
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"La subskribo estos markita kiel neeksportebla.\n"
+
+#: g10/keyedit.c:977
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"La subskribo estos markita kiel nerevokebla.\n"
+
+#: g10/keyedit.c:987
+#, fuzzy
+msgid "The signature will be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"La subskribo estos markita kiel neeksportebla.\n"
+
+#: g10/keyedit.c:994
+#, fuzzy
+msgid "The signature will be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"La subskribo estos markita kiel nerevokebla.\n"
+
+#: g10/keyedit.c:1001
+#, fuzzy
+msgid "I have not checked this key at all.\n"
+msgstr ""
+"\n"
+"Mi tute ne kontrolis æi tiun þlosilon.\n"
+
+#: g10/keyedit.c:1006
+#, fuzzy
+msgid "I have checked this key casually.\n"
+msgstr ""
+"\n"
+"Mi malzorge kontrolis æi tiun þlosilon.\n"
+
+#: g10/keyedit.c:1011
+#, fuzzy
+msgid "I have checked this key very carefully.\n"
+msgstr ""
+"\n"
+"Mi tre zorge kontrolis æi tiun þlosilon.\n"
+
+#: g10/keyedit.c:1021
+#, fuzzy
+msgid "Really sign? (y/N) "
+msgstr "Æu vere subskribi? "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "subskribado malsukcesis: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Æi tiu þlosilo ne estas protektita.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Sekretaj partoj de æefa þlosilo ne estas disponataj.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+#, fuzzy
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Sekretaj partoj de æefa þlosilo ne estas disponataj.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Þlosilo estas protektita.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Ne povas redakti æi tiun þlosilon: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Donu la novan pasfrazon por æi tiu sekreta þlosilo.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "la pasfrazo ne estis øuste ripetita; provu denove"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Vi ne deziras pasfrazon - tio verþajne estas *malbona* ideo!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+#, fuzzy
+msgid "Do you really want to do this? (y/N) "
+msgstr "Æu vi vere volas fari tion? "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "movas þlosilsubskribon al la øusta loko\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "skribi kaj fini"
+
+#: g10/keyedit.c:1387
+#, fuzzy
+msgid "show key fingerprint"
+msgstr "montri fingrospuron"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "listigi þlosilojn kaj uzantidentigilojn"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "elekti uzantidentigilon N"
+
+#: g10/keyedit.c:1391
+#, fuzzy
+msgid "select subkey N"
+msgstr "elekti uzantidentigilon N"
+
+#: g10/keyedit.c:1392
+#, fuzzy
+msgid "check signatures"
+msgstr "revoki subskribojn"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+#, fuzzy
+msgid "sign selected user IDs locally"
+msgstr "subskribi la þlosilon loke"
+
+#: g10/keyedit.c:1404
+#, fuzzy
+msgid "sign selected user IDs with a trust signature"
+msgstr "Sugesto: Elekti la uzantidentigilojn por subskribi\n"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "aldoni uzantidentigilon"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "aldoni foto-identigilon"
+
+#: g10/keyedit.c:1414
+#, fuzzy
+msgid "delete selected user IDs"
+msgstr "forviþi uzantidentigilon"
+
+#: g10/keyedit.c:1419
+#, fuzzy
+msgid "add a subkey"
+msgstr "al"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+#, fuzzy
+msgid "delete selected subkeys"
+msgstr "forviþi flankan þlosilon"
+
+#: g10/keyedit.c:1433
+#, fuzzy
+msgid "add a revocation key"
+msgstr "aldoni flankan þlosilon"
+
+#: g10/keyedit.c:1435
+#, fuzzy
+msgid "delete signatures from the selected user IDs"
+msgstr "Æu vere aktualigi la preferojn por la elektitaj uzantidentigiloj? "
+
+#: g10/keyedit.c:1437
+#, fuzzy
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "Vi ne povas þanøi la daton de eksvalidiøo de v3-þlosilo\n"
+
+#: g10/keyedit.c:1439
+#, fuzzy
+msgid "flag the selected user ID as primary"
+msgstr "marku uzantidentigilon kiel æefan"
+
+#: g10/keyedit.c:1441
+#, fuzzy
+msgid "toggle between the secret and public key listings"
+msgstr "de sekreta aý publika listo iri al la alia"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "listigi preferojn (spertula)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "listigi preferojn (detale)"
+
+#: g10/keyedit.c:1448
+#, fuzzy
+msgid "set preference list for the selected user IDs"
+msgstr "Æu vere aktualigi la preferojn por la elektitaj uzantidentigiloj? "
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "ne povis analizi URI de þlosilservilo\n"
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr "Æu vere aktualigi la preferojn por la elektitaj uzantidentigiloj? "
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "þanøi la pasfrazon"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "þanøi la posedantofidon"
+
+#: g10/keyedit.c:1463
+#, fuzzy
+msgid "revoke signatures on the selected user IDs"
+msgstr "Æu vere forigi æiujn elektitajn uzantidentigilojn? "
+
+#: g10/keyedit.c:1465
+#, fuzzy
+msgid "revoke selected user IDs"
+msgstr "aldoni uzantidentigilon"
+
+#: g10/keyedit.c:1470
+#, fuzzy
+msgid "revoke key or selected subkeys"
+msgstr "revoki flankan þlosilon"
+
+#: g10/keyedit.c:1471
+#, fuzzy
+msgid "enable key"
+msgstr "þalti þlosilon"
+
+#: g10/keyedit.c:1472
+#, fuzzy
+msgid "disable key"
+msgstr "malþalti þlosilon"
+
+#: g10/keyedit.c:1473
+#, fuzzy
+msgid "show selected photo IDs"
+msgstr "montri foto-identigilon"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, fuzzy, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "eraro dum legado de sekreta þlosilbloko '%s': %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Sekreta þlosilo estas havebla.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Bezonas la sekretan þlosilon por fari tion.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Bonvolu uzi la komandon \"toggle\" unue.\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+#, fuzzy
+msgid "Key is revoked."
+msgstr "Þlosilo estas revokita.\n"
+
+#: g10/keyedit.c:1798
+#, fuzzy
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Æu vere subskribi æiujn uzantidentigilojn? "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Sugesto: Elekti la uzantidentigilojn por subskribi\n"
+
+#: g10/keyedit.c:1814
+#, fuzzy, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "nekonata klaso de subskribo"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Tiu komando ne eblas en la reøimo %s.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Vi devas elekti almenaý unu uzantidentigilon.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Vi ne povas forviþi la lastan uzantidentigilon!\n"
+
+#: g10/keyedit.c:1863
+#, fuzzy
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Æu vere forigi æiujn elektitajn uzantidentigilojn? "
+
+#: g10/keyedit.c:1864
+#, fuzzy
+msgid "Really remove this user ID? (y/N) "
+msgstr "Æu vere forigi æi tiun uzantidentigilon? "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+#, fuzzy
+msgid "Really move the primary key? (y/N) "
+msgstr "Æu vere forigi æi tiun uzantidentigilon? "
+
+#: g10/keyedit.c:1929
+#, fuzzy
+msgid "You must select exactly one key.\n"
+msgstr "Vi devas elekti almenaý unu þlosilon.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, fuzzy, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "ne povas malfermi '%s': %s\n"
+
+#: g10/keyedit.c:1988
+#, fuzzy, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "eraro dum kreado de þlosilaro '%s': %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Vi devas elekti almenaý unu þlosilon.\n"
+
+#: g10/keyedit.c:2015
+#, fuzzy
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Æu vi vere volas forviþi la elektitajn þlosilojn? "
+
+#: g10/keyedit.c:2016
+#, fuzzy
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Æu vi vere volas forviþi æi tiun þlosilon? "
+
+#: g10/keyedit.c:2051
+#, fuzzy
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Æu vere forigi æiujn elektitajn uzantidentigilojn? "
+
+#: g10/keyedit.c:2052
+#, fuzzy
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Æu vere forigi æi tiun uzantidentigilon? "
+
+#: g10/keyedit.c:2070
+#, fuzzy
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Æu vi vere volas revoki æi tiun þlosilon? "
+
+#: g10/keyedit.c:2081
+#, fuzzy
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Æu vi vere volas revoki la elektitajn þlosilojn? "
+
+#: g10/keyedit.c:2083
+#, fuzzy
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Æu vi vere volas revoki æi tiun þlosilon? "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+#, fuzzy
+msgid "Set preference list to:\n"
+msgstr "agordi liston de preferoj"
+
+#: g10/keyedit.c:2181
+#, fuzzy
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "Æu vere aktualigi la preferojn por la elektitaj uzantidentigiloj? "
+
+#: g10/keyedit.c:2183
+#, fuzzy
+msgid "Really update the preferences? (y/N) "
+msgstr "Æu vere aktualigi la preferojn? "
+
+#: g10/keyedit.c:2253
+#, fuzzy
+msgid "Save changes? (y/N) "
+msgstr "Æu skribi þanøojn? "
+
+#: g10/keyedit.c:2256
+#, fuzzy
+msgid "Quit without saving? (y/N) "
+msgstr "Æu fini sen skribi þanøojn? "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "aktualigo malsukcesis: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "aktualigo de sekreto malsukcesis: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Þlosilo ne þanøita, do aktualigo ne necesas.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr ""
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr ""
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr "Notacio: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr ""
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Æi tiu þlosilo estas revokebla per %s þlosilo %s%s\n"
+
+#: g10/keyedit.c:2832
+#, fuzzy, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Æi tiu þlosilo estas revokebla per %s þlosilo %s%s\n"
+
+#: g10/keyedit.c:2838
+#, fuzzy
+msgid "(sensitive)"
+msgstr " (sentema)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, fuzzy, c-format
+msgid "created: %s"
+msgstr "ne povas krei %s: %s\n"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, fuzzy, c-format
+msgid "revoked: %s"
+msgstr "rev"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, fuzzy, c-format
+msgid "expired: %s"
+msgstr " [eksvalidiøos: %s]"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, fuzzy, c-format
+msgid "expires: %s"
+msgstr " [eksvalidiøos: %s]"
+
+#: g10/keyedit.c:2863
+#, fuzzy, c-format
+msgid "usage: %s"
+msgstr " fido: %c/%c"
+
+#: g10/keyedit.c:2878
+#, fuzzy, c-format
+msgid "trust: %s"
+msgstr " fido: %c/%c"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr ""
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Æi tiu þlosilo estas malþaltita"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+#, fuzzy
+msgid "revoked"
+msgstr "rev"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+#, fuzzy
+msgid "expired"
+msgstr "eksval"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"AVERTO: Æi tiu estas PGP2-stila þlosilo. Aldono de foto-identigilo eble\n"
+" kaýzos, ke iuj versioj de PGP malakceptos la þlosilon.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+#, fuzzy
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Æu vi estas certa, ke vi ankoraý volas aldoni øin? (j/n) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "Ne eblas aldoni foto-identigilon al PGP2-stila þlosilo.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Æu forviþi æi tiun bonan subskribon? (j/N/f)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Æu forviþi æi tiun nevalidan subskribon? (j/N/f)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Æu forviþi æi tiun nekonatan subskribon? (j/N/f)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Æu vere forviþi æi tiun mem-subskribon? (j/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Forviþis %d subskribon.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "Forviþis %d subskribojn.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Nenio estis forviþita.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "nevalida"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
+
+#: g10/keyedit.c:3468
+#, fuzzy
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"AVERTO: Æi tiu estas PGP2-stila þlosilo. Aldono de foto-identigilo eble\n"
+" kaýzos, ke iuj versioj de PGP malakceptos la þlosilon.\n"
+
+#: g10/keyedit.c:3479
+#, fuzzy
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "Ne eblas aldoni foto-identigilon al PGP2-stila þlosilo.\n"
+
+#: g10/keyedit.c:3499
+#, fuzzy
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Donu la þlosilgrandon"
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr ""
+
+#: g10/keyedit.c:3561
+#, fuzzy
+msgid "this key has already been designated as a revoker\n"
+msgstr "AVERTO: Æi tiu þlosilo estas revokita de sia posedanto!\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+
+#: g10/keyedit.c:3586
+#, fuzzy
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr "Æu vi estas certa, ke vi ankoraý volas subskribi øin?\n"
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Bonvolu malelekti la sekretajn þlosilojn.\n"
+
+#: g10/keyedit.c:3653
+#, fuzzy
+msgid "Please select at most one subkey.\n"
+msgstr "Bonvolu elekti maksimume unu flankan þlosilon.\n"
+
+#: g10/keyedit.c:3657
+#, fuzzy
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Þanøas la daton de eksvalidiøo de flanka þlosilo.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Þanøas la daton de eksvalidiøo de la æefa þlosilo.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Vi ne povas þanøi la daton de eksvalidiøo de v3-þlosilo\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Mankas responda subskribo en sekreta þlosilaro\n"
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Bonvolu elekti precize unu uzantidentigilon.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, fuzzy, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "þlosilo %08lX: nevalida mem-subskribo\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+#, fuzzy
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Æu vi estas certa, ke vi ankoraý volas subskribi øin?\n"
+
+#: g10/keyedit.c:4260
+#, fuzzy
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Æu vi estas certa, ke vi ankoraý volas subskribi øin?\n"
+
+#: g10/keyedit.c:4322
+#, fuzzy
+msgid "Enter the notation: "
+msgstr "Subskribo-notacio: "
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "Æu surskribi (j/N)? "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Mankas uzantidentigilo kun indekso %d\n"
+
+#: g10/keyedit.c:4604
+#, fuzzy, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Mankas uzantidentigilo kun indekso %d\n"
+
+#: g10/keyedit.c:4639
+#, fuzzy, c-format
+msgid "No subkey with index %d\n"
+msgstr "Mankas uzantidentigilo kun indekso %d\n"
+
+#: g10/keyedit.c:4774
+#, fuzzy, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "uzantidentigilo: \""
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, fuzzy, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr " subskribita per %08lX je %s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr ""
+
+#: g10/keyedit.c:4783
+#, fuzzy, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Æi tiu þlosilo eksvalidiøos je %s.\n"
+
+#: g10/keyedit.c:4787
+#, fuzzy
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Æu vi estas certa, ke vi ankoraý volas aldoni øin? (j/n) "
+
+#: g10/keyedit.c:4791
+#, fuzzy
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Æu krei revokatestilon por æi tiu subskribo? (j/N)"
+
+#: g10/keyedit.c:4842
+#, fuzzy
+msgid "Not signed by you.\n"
+msgstr " subskribita per %08lX je %s%s\n"
+
+#: g10/keyedit.c:4848
+#, fuzzy, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Vi subskribis la sekvajn uzantidentigilojn:\n"
+
+#: g10/keyedit.c:4874
+#, fuzzy
+msgid " (non-revocable)"
+msgstr "subskribi þlosilon nerevokeble"
+
+#: g10/keyedit.c:4881
+#, fuzzy, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr " revokita de %08lX je %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Vi revokos la sekvajn subskribojn:\n"
+
+#: g10/keyedit.c:4923
+#, fuzzy
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Æu vere krei la revokatestilojn? (j/N)"
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "mankas sekreta þlosilo\n"
+
+#: g10/keyedit.c:5023
+#, fuzzy, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+
+#: g10/keyedit.c:5104
+#, fuzzy, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
+
+#: g10/keyedit.c:5166
+#, fuzzy, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "Uzantidentigilo \"%s\" estas revokita.\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+
+#: g10/keygen.c:275
+#, fuzzy, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "prefero %c%lu ripetita\n"
+
+#: g10/keygen.c:282
+#, fuzzy
+msgid "too many cipher preferences\n"
+msgstr "tro da '%c'-preferoj\n"
+
+#: g10/keygen.c:284
+#, fuzzy
+msgid "too many digest preferences\n"
+msgstr "tro da '%c'-preferoj\n"
+
+#: g10/keygen.c:286
+#, fuzzy
+msgid "too many compression preferences\n"
+msgstr "tro da '%c'-preferoj\n"
+
+#: g10/keygen.c:426
+#, fuzzy, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "nevalida signo en signoæeno\n"
+
+#: g10/keygen.c:910
+#, fuzzy
+msgid "writing direct signature\n"
+msgstr "skribas mem-subskribon\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "skribas mem-subskribon\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "skribas þlosilbindan subskribon\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "þlosilgrando nevalida; uzas %u bitojn\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "þlosilgrando rondigita øis %u bitoj\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+#, fuzzy
+msgid "Sign"
+msgstr "subskribi"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+#, fuzzy
+msgid "Encrypt"
+msgstr "æifri datenojn"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr ""
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, fuzzy, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%d) ElGamal (nur æifri)\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Bonvolu elekti, kian þlosilon vi deziras:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA kaj ElGamal (implicita elekto)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA kaj ElGamal (implicita elekto)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (nur subskribi)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (nur subskribi)\n"
+
+#: g10/keygen.c:1698
+#, fuzzy, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (nur æifri)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (nur æifri)\n"
+
+#: g10/keygen.c:1703
+#, fuzzy, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) RSA (nur æifri)\n"
+
+#: g10/keygen.c:1704
+#, fuzzy, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (nur æifri)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Kiun þlosilgrandon vi deziras? (1024) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, fuzzy, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Kiun þlosilgrandon vi deziras? (1024) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Petita þlosilgrando estas %u bitoj\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Bonvolu specifi, kiom longe la þlosilo validu.\n"
+" 0 = þlosilo neniam eksvalidiøos\n"
+" <n> = þlosilo eksvalidiøos post n tagoj\n"
+" <n>w = þlosilo eksvalidiøos post n semajnoj\n"
+" <n>m = þlosilo eksvalidiøos post n monatoj\n"
+" <n>y = þlosilo eksvalidiøos post n jaroj\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Bonvolu specifi, kiom longe la þlosilo validu.\n"
+" 0 = þlosilo neniam eksvalidiøos\n"
+" <n> = þlosilo eksvalidiøos post n tagoj\n"
+" <n>w = þlosilo eksvalidiøos post n semajnoj\n"
+" <n>m = þlosilo eksvalidiøos post n monatoj\n"
+" <n>y = þlosilo eksvalidiøos post n jaroj\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Þlosilo validu ...? (0) "
+
+#: g10/keygen.c:1964
+#, fuzzy, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Þlosilo validu por ...? (0) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "nevalida valoro\n"
+
+#: g10/keygen.c:1989
+#, fuzzy
+msgid "Key does not expire at all\n"
+msgstr "%s neniam eksvalidiøos\n"
+
+#: g10/keygen.c:1990
+#, fuzzy
+msgid "Signature does not expire at all\n"
+msgstr "%s neniam eksvalidiøos\n"
+
+#: g10/keygen.c:1995
+#, fuzzy, c-format
+msgid "Key expires at %s\n"
+msgstr "%s eksvalidiøos je %s\n"
+
+#: g10/keygen.c:1996
+#, fuzzy, c-format
+msgid "Signature expires at %s\n"
+msgstr "Æi tiu þlosilo eksvalidiøos je %s.\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Via sistemo ne povas montri datojn post 2038.\n"
+"Tamen, øi estos øuste traktata øis 2106.\n"
+
+#: g10/keygen.c:2013
+#, fuzzy
+msgid "Is this correct? (y/N) "
+msgstr "Æu tio estas øusta (j/n)? "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+#, fuzzy
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Vi bezonas uzantidentigilon por identigi vian þlosilon; la programo\n"
+"konstruas la uzantidentigilon el Vera Nomo, Komento kaj Retadreso, jene:\n"
+" \"Heinrich Heine (la poeto) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Vera nomo: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Nevalida signo en nomo\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Nomo ne povas komenciøi per cifero\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Nomo devas havi almenaý 5 signojn\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Retadreso: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Nevalida retadreso\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Komento: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Nevalida signo en komento\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Vi uzas la signaron '%s'.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Vi elektis æi tiun uzantidentigilon:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "Bonvolu ne meti la retadreson en la veran nomon aý la komenton\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnKkAaBbFf"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Þanøu (N)omon, (K)omenton, (A)adreson, aý (F)ini? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Þanøu (N)omon, (K)omenton, (A)adreson, aý (B)one/(F)ini? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Bonvolu korekti la eraron unue\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Vi bezonas pasfrazon por protekti vian sekretan þlosilon.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Vi ne deziras pasfrazon; tio verþajne estas *malbona* ideo!\n"
+"Mi tamen faros tiel. Vi povos æiam ajn þanøi vian pasfrazon,\n"
+"uzante æi tiun programon kun la opcio \"--edit-key\".\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Ne devas krei multe da stokastaj datenoj. Estas konsilinde fari ion\n"
+"alian (tajpi æe la klavaro, movi la muson, uzi la diskojn) dum la\n"
+"kreado de la primoj; tio donas al la stokastilo pli bonan þancon\n"
+"akiri sufiæe da entropio.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Kreado de þlosiloj nuligita.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "skribas publikan þlosilon al '%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, fuzzy, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "skribas sekretan þlosilon al '%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "skribas sekretan þlosilon al '%s'\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "neniu skribebla publika þlosilaro trovita: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "neniu skribebla sekreta þlosilaro trovita: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "eraro dum skribado de publika þlosilaro '%s': %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "eraro dum skribado de sekreta þlosilaro '%s': %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "publika kaj sekreta þlosiloj kreitaj kaj subskribitaj.\n"
+
+#: g10/keygen.c:3672
+#, fuzzy
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Notu, ke æi tiu þlosilo ne estas uzebla por æifrado. Vi eble volos\n"
+"uzi la komandon \"--edit-key\" por krei flankan þlosilon por tiu celo.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Kreado de þlosiloj malsukcesis: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"þlosilo estis kreita %lu sekundon en la estonteco (tempotordo aý "
+"horloøeraro)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"þlosilo estis kreita %lu sekundojn en la estonteco (tempotordo aý "
+"horloøeraro)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "NOTO: krei subþlosilojn por v3-þlosiloj ne estas OpenPGP-kongrue\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+#, fuzzy
+msgid "Really create? (y/N) "
+msgstr "Æu vere krei? "
+
+#: g10/keygen.c:4116
+#, fuzzy, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "forviþo de þlosilbloko malsukcesis: %s\n"
+
+#: g10/keygen.c:4165
+#, fuzzy, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "ne povas krei '%s': %s\n"
+
+#: g10/keygen.c:4191
+#, fuzzy, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "NOTO: sekreta þlosilo %08lX eksvalidiøis je %s\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr ""
+
+#: g10/keylist.c:273
+#, fuzzy
+msgid "Critical signature policy: "
+msgstr "Subskribo-gvidlinioj: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Subskribo-gvidlinioj: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+#, fuzzy
+msgid "Critical signature notation: "
+msgstr "Subskribo-notacio: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Subskribo-notacio: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Þlosilaro"
+
+#: g10/keylist.c:1526
+#, fuzzy
+msgid "Primary key fingerprint:"
+msgstr "listigi þlosilojn kaj fingroþpurojn"
+
+#: g10/keylist.c:1528
+#, fuzzy
+msgid " Subkey fingerprint:"
+msgstr " Þlosilo-fingrospuro ="
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+#, fuzzy
+msgid " Primary key fingerprint:"
+msgstr " Þlosilo-fingrospuro ="
+
+#: g10/keylist.c:1537
+#, fuzzy
+msgid " Subkey fingerprint:"
+msgstr " Þlosilo-fingrospuro ="
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+#, fuzzy
+msgid " Key fingerprint ="
+msgstr " Þlosilo-fingrospuro ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, fuzzy, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "enkirasigo malsukcesis: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "AVERTO: ekzistas 2 dosieroj kun sekretaj informoj.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s estas la neþanøita\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s estas la nova\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Bonvolu ripari æi tiun eblan sekurecproblemon\n"
+
+#: g10/keyring.c:1430
+#, fuzzy, c-format
+msgid "caching keyring `%s'\n"
+msgstr "kontrolas þlosilaron '%s'\n"
+
+#: g10/keyring.c:1489
+#, fuzzy, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu þlosiloj kontrolitaj (%lu subskriboj)\n"
+
+#: g10/keyring.c:1501
+#, fuzzy, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu þlosiloj kontrolitaj (%lu subskriboj)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: þlosilaro kreita\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "la donita gvidlinia URL por subskriboj ne validas\n"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+
+#: g10/keyserver.c:544
+#, fuzzy
+msgid "disabled"
+msgstr "el"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, fuzzy, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "nevalida þlosilaro"
+
+#: g10/keyserver.c:932
+#, fuzzy, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "þlosilo '%s' ne trovita: %s\n"
+
+#: g10/keyserver.c:934
+#, fuzzy
+msgid "key not found on keyserver\n"
+msgstr "þlosilo '%s' ne trovita: %s\n"
+
+#: g10/keyserver.c:1177
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "petas la þlosilon %08lX de HKP-þlosilservilo %s ...\n"
+
+#: g10/keyserver.c:1181
+#, fuzzy, c-format
+msgid "requesting key %s from %s\n"
+msgstr "petas la þlosilon %08lX de HKP-þlosilservilo %s ...\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "seræas pri \"%s\" æe HKP-servilo %s\n"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "seræas pri \"%s\" æe HKP-servilo %s\n"
+
+#: g10/keyserver.c:1361
+#, fuzzy, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "seræas pri \"%s\" æe HKP-servilo %s\n"
+
+#: g10/keyserver.c:1365
+#, fuzzy, c-format
+msgid "sending key %s to %s\n"
+msgstr ""
+"\"\n"
+"subskribita per via þlosilo %08lX je %s\n"
+
+#: g10/keyserver.c:1408
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "seræas pri \"%s\" æe HKP-servilo %s\n"
+
+#: g10/keyserver.c:1411
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "seræas pri \"%s\" æe HKP-servilo %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+#, fuzzy
+msgid "no keyserver action!\n"
+msgstr "nevalida þlosilaro"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr ""
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "neniu þlosilservilo konata (uzu la opcion --keyserver)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+#: g10/keyserver.c:1575
+#, fuzzy
+msgid "keyserver timed out\n"
+msgstr "þlosilservila eraro"
+
+#: g10/keyserver.c:1580
+#, fuzzy
+msgid "keyserver internal error\n"
+msgstr "þlosilservila eraro"
+
+#: g10/keyserver.c:1589
+#, fuzzy, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "listigo de sekretaj þlosiloj malsukcesis: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, fuzzy, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "%s: ne valida þlosilidentigilo\n"
+
+#: g10/keyserver.c:1907
+#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#: g10/keyserver.c:1929
+#, fuzzy, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "petas la þlosilon %08lX de HKP-þlosilservilo %s ...\n"
+
+#: g10/keyserver.c:1931
+#, fuzzy, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "petas la þlosilon %08lX de HKP-þlosilservilo %s ...\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#: g10/keyserver.c:1993
+#, fuzzy, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr ""
+
+#: g10/mainproc.c:284
+#, fuzzy, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s-æifritaj datenoj\n"
+
+#: g10/mainproc.c:294
+#, fuzzy, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "æifrita per nekonata metodo %d\n"
+
+#: g10/mainproc.c:360
+#, fuzzy, c-format
+msgid "public key is %s\n"
+msgstr "publika þlosilo estas %08lX\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "publikþlosile æifritaj datenoj: bona DEK\n"
+
+#: g10/mainproc.c:456
+#, fuzzy, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "æifrita per %u-bita %s-þlosilo, %08lX, kreita je %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, fuzzy, c-format
+msgid " \"%s\"\n"
+msgstr " alinome \""
+
+#: g10/mainproc.c:464
+#, fuzzy, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "æifrita per %s-þlosilo, %08lX\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "publikþlosila malæifrado malsukcesis: %s\n"
+
+#: g10/mainproc.c:495
+#, fuzzy, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "Ripetu pasfrazon\n"
+
+#: g10/mainproc.c:497
+#, fuzzy
+msgid "encrypted with 1 passphrase\n"
+msgstr "Ripetu pasfrazon\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "supozas %s æifritajn datenojn\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "Æifro IDEA ne disponata, optimisme provas uzi %s anstataýe\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "malæifrado sukcesis\n"
+
+#: g10/mainproc.c:574
+#, fuzzy
+msgid "WARNING: message was not integrity protected\n"
+msgstr "AVERTO: nenio estis eksportita\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "AVERTO: æifrita mesaøo estis manipulita!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "malæifrado malsukcesis: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "NOTO: sendinto petis konfidencon (\"for-your-eyes-only\")\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "originala dosiernomo='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "memstara revoko - uzu \"gpg --import\" por apliki øin\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "Bona subskribo de \""
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "kontrolo de subskribo estas malþaltita\n"
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "ne povas trakti æi tiujn pluroblajn subskribojn\n"
+
+#: g10/mainproc.c:1598
+#, fuzzy, c-format
+msgid "Signature made %s\n"
+msgstr "Æi tiu þlosilo eksvalidiøos je %s.\n"
+
+#: g10/mainproc.c:1599
+#, fuzzy, c-format
+msgid " using %s key %s\n"
+msgstr " alinome \""
+
+#: g10/mainproc.c:1603
+#, fuzzy, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Subskribo farita je %.*s per %s, þlosilo %08lX\n"
+
+#: g10/mainproc.c:1623
+#, fuzzy
+msgid "Key available at: "
+msgstr "Nenia helpo disponata"
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, fuzzy, c-format
+msgid "BAD signature from \"%s\""
+msgstr "MALBONA subskribo de \""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, fuzzy, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Eksvalidiøinta subskribo de \""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, fuzzy, c-format
+msgid "Good signature from \"%s\""
+msgstr "Bona subskribo de \""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[malcerta]"
+
+#: g10/mainproc.c:1843
+#, fuzzy, c-format
+msgid " aka \"%s\""
+msgstr " alinome \""
+
+#: g10/mainproc.c:1941
+#, fuzzy, c-format
+msgid "Signature expired %s\n"
+msgstr "Æi tiu þlosilo eksvalidiøos je %s.\n"
+
+#: g10/mainproc.c:1946
+#, fuzzy, c-format
+msgid "Signature expires %s\n"
+msgstr "Æi tiu þlosilo eksvalidiøos je %s.\n"
+
+#: g10/mainproc.c:1949
+#, fuzzy, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s-subskribo de: %s\n"
+
+#: g10/mainproc.c:1950
+#, fuzzy
+msgid "binary"
+msgstr "æefa"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr ""
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+#, fuzzy
+msgid "unknown"
+msgstr "nekonata versio"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Ne povas kontroli subskribon: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "ne aparta subskribo\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "memstara subskribo de klaso 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "malnovstila subskribo (PGP 2.x)\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "nevalida radikpaketo trovita en proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, fuzzy, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "aktualigo de fido-datenaro malsukcesis: %s\n"
+
+#: g10/misc.c:178
+#, fuzzy, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "fido-datenaro: lego malsukcesis (n=%d): %s\n"
+
+#: g10/misc.c:296
+#, fuzzy, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "ne povas trakti publikþlosilan metodon %d\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "NOTO: æifrad-metodo %d ne trovita en preferoj\n"
+
+#: g10/misc.c:315
+#, fuzzy, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "nerealigita æifrad-metodo"
+
+#: g10/misc.c:330
+#, fuzzy, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "%s-subskribo de: %s\n"
+
+#: g10/misc.c:335
+#, fuzzy, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "NOTO: æifrad-metodo %d ne trovita en preferoj\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "la aldona¼o por la æifro IDEA en æeestas\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr " i = bonvolu montri pli da informoj\n"
+
+#: g10/misc.c:761
+#, fuzzy, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "AVERTO: '%s' estas malplena dosiero\n"
+
+#: g10/misc.c:765
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "AVERTO: '%s' estas malplena dosiero\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr ""
+
+#: g10/misc.c:774
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "AVERTO: '%s' estas malplena dosiero\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "AVERTO: '%s' estas malplena dosiero\n"
+
+#: g10/misc.c:848
+#, fuzzy
+msgid "Uncompressed"
+msgstr "ne traktita"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+#, fuzzy
+msgid "uncompressed|none"
+msgstr "ne traktita"
+
+#: g10/misc.c:1000
+#, fuzzy, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "æi tiu mesaøo povas ne esti uzebla de PGP 2.x\n"
+
+#: g10/misc.c:1175
+#, fuzzy, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "legas opciojn el '%s'\n"
+
+#: g10/misc.c:1200
+#, fuzzy, c-format
+msgid "unknown option `%s'\n"
+msgstr "nekonata implicita ricevonto '%s'\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Dosiero '%s' ekzistas. "
+
+#: g10/openfile.c:93
+#, fuzzy
+msgid "Overwrite? (y/N) "
+msgstr "Æu surskribi (j/N)? "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: nekonata sufikso\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Donu novan dosiernomon"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "skribas al la normala eligo\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "supozas subskribitajn datenojn en '%s'\n"
+
+#: g10/openfile.c:395
+#, fuzzy, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "%s: nova opcio-dosiero kreita\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "ne povas trakti publikþlosilan metodon %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "subpaketo de speco %d havas þaltitan \"critical bit\"\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, fuzzy, c-format
+msgid "problem with the agent: %s\n"
+msgstr "problemo kun agento: agento redonas 0x%lx\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, fuzzy, c-format
+msgid " (main key ID %s)"
+msgstr " (æefþlosilo %08lX)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Vi bezonas pasfrazon por malþlosi la sekretan þlosilon por la uzanto:\n"
+"\"%.*s\"\n"
+"%u-bita %s þlosilo, ID %08lX, kreita je %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Donu pasfrazon\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "nuligita de uzanto\n"
+
+#: g10/passphrase.c:592
+#, fuzzy, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"\n"
+"Vi bezonas pasfrazon por malþlosi la sekretan þlosilon\n"
+"por la uzanto: \""
+
+#: g10/passphrase.c:600
+#, fuzzy, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-bita %s-þlosilo, %08lX, kreita je %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr ""
+
+#: g10/photoid.c:117
+#, fuzzy, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "ne povas malfermi %s: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+#, fuzzy
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Æu vi estas certa, ke vi ankoraý volas subskribi øin?\n"
+
+#: g10/photoid.c:146
+#, fuzzy, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "%s: ne estas fido-datenaro\n"
+
+#: g10/photoid.c:165
+#, fuzzy
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Æu tio estas øusta (j/n)? "
+
+#: g10/photoid.c:373
+#, fuzzy
+msgid "unable to display photo ID!\n"
+msgstr "ne povas malfermi %s: %s\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Nenia kialo specifita"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Þlosilo estas anstataýigita."
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Þlosilo estas kompromitita"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Þlosilo estas ne plu uzata"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "Uzantidentigilo ne plu validas"
+
+#: g10/pkclist.c:72
+#, fuzzy
+msgid "reason for revocation: "
+msgstr "Kialo por revoko: "
+
+#: g10/pkclist.c:89
+#, fuzzy
+msgid "revocation comment: "
+msgstr "Komento pri revoko: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMfFsS"
+
+#: g10/pkclist.c:212
+#, fuzzy
+msgid "No trust value assigned to:\n"
+msgstr ""
+"Nenia fidovaloro atribuita al:\n"
+"%4u%c/%08lX %s \""
+
+#: g10/pkclist.c:245
+#, fuzzy, c-format
+msgid " aka \"%s\"\n"
+msgstr " alinome \""
+
+#: g10/pkclist.c:255
+#, fuzzy
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "Æi tiu þlosilo verþajne apartenas al la posedanto\n"
+
+#: g10/pkclist.c:270
+#, fuzzy, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Ne scias\n"
+
+#: g10/pkclist.c:272
+#, fuzzy, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = Ni NE fidas æi tiun þlosilon\n"
+
+#: g10/pkclist.c:278
+#, fuzzy, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Mi fidas absolute\n"
+
+#: g10/pkclist.c:284
+#, fuzzy
+msgid " m = back to the main menu\n"
+msgstr " m = reen al la æefmenuo\n"
+
+#: g10/pkclist.c:287
+#, fuzzy
+msgid " s = skip this key\n"
+msgstr " s = supersalti æi tiun þlosilon\n"
+
+#: g10/pkclist.c:288
+#, fuzzy
+msgid " q = quit\n"
+msgstr " f = fini\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Via decido? "
+
+#: g10/pkclist.c:319
+#, fuzzy
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Æu vi vere volas þanøi æi tiun þlosilon al absoluta fido? "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Atestiloj, kiuj kondukas al absolute fidata þlosilo:\n"
+
+#: g10/pkclist.c:418
+#, fuzzy, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Estas nenia indiko, ke æi tiu þlosilo vere apartenas al la posedanto\n"
+
+#: g10/pkclist.c:423
+#, fuzzy, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Estas nenia indiko, ke æi tiu þlosilo vere apartenas al la posedanto\n"
+
+#: g10/pkclist.c:429
+#, fuzzy
+msgid "This key probably belongs to the named user\n"
+msgstr "Æi tiu þlosilo verþajne apartenas al la posedanto\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Æi tiu þlosilo apartenas al ni\n"
+
+#: g10/pkclist.c:460
+#, fuzzy
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"NE estas certe, ke la þlosilo apartenas al sia posedanto.\n"
+"Se vi *vere* scias, kion vi faras, vi povas respondi al\n"
+"la sekva demando per \"jes\"\n"
+"\n"
+
+#: g10/pkclist.c:479
+#, fuzzy
+msgid "Use this key anyway? (y/N) "
+msgstr "Æu tamen uzi æi tiun þlosilon? "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "AVERTO: Uzas nefidatan þlosilon!\n"
+
+#: g10/pkclist.c:520
+#, fuzzy
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "AVERTO: Æi tiu þlosilo estas revokita de sia posedanto!\n"
+
+#: g10/pkclist.c:529
+#, fuzzy
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "AVERTO: Æi tiu þlosilo estas revokita de sia posedanto!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "AVERTO: Æi tiu þlosilo estas revokita de sia posedanto!\n"
+
+#: g10/pkclist.c:533
+#, fuzzy
+msgid " This could mean that the signature is forged.\n"
+msgstr " Tio povas signifi, ke la subskribo estas falsa.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "AVERTO: Æi tiu subþlosilo estas revokita de sia posedanto!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Noto: Æi tiu þlosilo estas malþaltita.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Noto: Æi tiu þlosilo eksvalidiøis!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "AVERTO: Æi tiu þlosilo ne estas atestita kun fidata subskribo!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" Estas nenia indiko, ke la subskribo apartenas al la posedanto.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "AVERTO: Ni NE fidas æi tiun þlosilon!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " La subskribo verþajne estas FALSA.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"AVERTO: Æi tiu þlosilo ne estas atestita kun sufiæe fidataj subskriboj!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Ne estas certe, ke la subskribo apartenas al la posedanto.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: ignorita: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: ignorita: publika þlosilo jam æeestas\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "Vi ne specifis uzantidentigilon. (Vi povas uzi \"-r\")\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Donu la uzantidentigilon. Finu per malplena linio: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Uzantidentigilo ne ekzistas.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "ignorita: publika þlosilo jam difinita kiel implicita ricevonto\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Publika þlosilo estas malþaltita.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "ignorita: publika þlosilo jam agordita\n"
+
+#: g10/pkclist.c:1045
+#, fuzzy, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "nekonata implicita ricevonto '%s'\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: ignorita: publika þlosilo estas malþaltita\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "mankas validaj adresitoj\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "þlosilo %08lX: mankas uzantidentigilo\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "þlosilo %08lX: mankas uzantidentigilo\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "datenoj ne savitaj; uzu la opcion \"--output\" por savi ilin\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Aparta subskribo.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Bonvolu doni la nomon de la dosiero: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "legas la normalan enigon ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "mankas subskribitaj datenoj\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "ne povas malfermi subskribitan dosieron '%s'\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "ne povas malfermi subskribitan dosieron '%s'\n"
+
+#: g10/pubkey-enc.c:105
+#, fuzzy, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "nenomita ricevonto; provas per sekreta þlosilo %08lX ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "bone; ni estas la nenomita ricevonto.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "malnova kodado de DEK ne estas realigita\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "æifrad-metodo %d%s estas nekonata aý malþaltita\n"
+
+#: g10/pubkey-enc.c:284
+#, fuzzy, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "NOTO: æifrad-metodo %d ne trovita en preferoj\n"
+
+#: g10/pubkey-enc.c:304
+#, fuzzy, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "NOTO: sekreta þlosilo %08lX eksvalidiøis je %s\n"
+
+#: g10/pubkey-enc.c:310
+#, fuzzy
+msgid "NOTE: key has been revoked"
+msgstr "þlosilo %08lX: þlosilo estas revokita!\n"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, fuzzy, c-format
+msgid "build_packet failed: %s\n"
+msgstr "aktualigo malsukcesis: %s\n"
+
+#: g10/revoke.c:145
+#, fuzzy, c-format
+msgid "key %s has no user IDs\n"
+msgstr "þlosilo %08lX: mankas uzantidentigilo\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr ""
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr ""
+
+#: g10/revoke.c:314
+#, fuzzy
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Æu krei revokatestilon por æi tiu subskribo? (j/N)"
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr ""
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, fuzzy, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "listigo de þlosilblokoj malsukcesis: %s\n"
+
+#: g10/revoke.c:405
+#, fuzzy
+msgid "Revocation certificate created.\n"
+msgstr "þlosilo %08lX: revokatestilo aldonita\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr ""
+
+#: g10/revoke.c:470
+#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "þlosilo '%s' ne trovita: %s\n"
+
+#: g10/revoke.c:497
+#, fuzzy, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "skribas publikan þlosilon al '%s'\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr ""
+
+#: g10/revoke.c:515
+#, fuzzy
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Æu krei revokatestilon por æi tiu subskribo? (j/N)"
+
+#: g10/revoke.c:532
+#, fuzzy
+msgid "unknown protection algorithm\n"
+msgstr "nekonata densig-metodo"
+
+#: g10/revoke.c:540
+#, fuzzy
+msgid "NOTE: This key is not protected!\n"
+msgstr "Æi tiu þlosilo ne estas protektita.\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+
+#: g10/revoke.c:633
+#, fuzzy
+msgid "Please select the reason for the revocation:\n"
+msgstr "Kialo por revoko: "
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr ""
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr ""
+
+#: g10/revoke.c:686
+#, fuzzy
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr ""
+"\n"
+"Donu la uzantidentigilon. Finu per malplena linio: "
+
+#: g10/revoke.c:714
+#, fuzzy, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Kialo por revoko: "
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr ""
+
+#: g10/revoke.c:721
+#, fuzzy
+msgid "Is this okay? (y/N) "
+msgstr "Æu tamen uzi æi tiun þlosilon? "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "sekretaj þlosilpartoj ne estas disponataj\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "protekto-metodo %d%s ne estas realigita\n"
+
+#: g10/seckey-cert.c:72
+#, fuzzy, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "protekto-metodo %d%s ne estas realigita\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Nevalida pasfrazo; bonvolu provi denove"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+"AVERTO: Malforta þlosilo trovita - bonvolu þanøi la pasfrazon denove.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "malforta þlosilo kreita - provas denove\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"ne povas eviti malfortajn þlosilojn por simetria æifro; provis %d fojojn!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr ""
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+
+#: g10/sig-check.c:211
+#, fuzzy, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "la publika þlosilo estas %lu sekundon pli nova ol la subskribo\n"
+
+#: g10/sig-check.c:212
+#, fuzzy, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "la publika þlosilo estas %lu sekundojn pli nova ol la subskribo\n"
+
+#: g10/sig-check.c:223
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"þlosilo estis kreita %lu sekundon en la estonteco (tempotordo aý "
+"horloøeraro)\n"
+
+#: g10/sig-check.c:225
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"þlosilo estis kreita %lu sekundojn en la estonteco (tempotordo aý "
+"horloøeraro)\n"
+
+#: g10/sig-check.c:239
+#, fuzzy, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "NOTO: subskribo-þlosilo %08lX eksvalidiøis je %s\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "þlosilo %08lX: þlosilo estas revokita!\n"
+
+#: g10/sig-check.c:325
+#, fuzzy, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr "supozas malbonan subskribon pro nekonata \"critical bit\"\n"
+
+#: g10/sig-check.c:591
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "þlosilo %08lX: mankas subþlosilo por þlosilbindado\n"
+
+#: g10/sig-check.c:618
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "þlosilo %08lX: mankas subþlosilo por þlosilbindado\n"
+
+#: g10/sign.c:89
+#, fuzzy, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"AVERTO: ne povas %%-kompletigi gvidlinian URL (tro granda); uzas sen "
+"kompletigo.\n"
+
+#: g10/sign.c:115
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"AVERTO: ne povas %%-kompletigi gvidlinian URL (tro granda); uzas sen "
+"kompletigo.\n"
+
+#: g10/sign.c:138
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"AVERTO: ne povas %%-kompletigi gvidlinian URL (tro granda); uzas sen "
+"kompletigo.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "kontrolo de kreita subskribo malsukcesis: %s\n"
+
+#: g10/sign.c:320
+#, fuzzy, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s-subskribo de: %s\n"
+
+#: g10/sign.c:761
+#, fuzzy
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "eblas subskribi nur per PGP-2.x-stilaj þlosiloj kun --pgp2\n"
+
+#: g10/sign.c:837
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr "NOTO: æifrad-metodo %d ne trovita en preferoj\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "subskribas:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"eblas klartekste subskribi nur per PGP-2.x-stilaj þlosiloj kun --pgp2\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "%s æifrado estos aplikata\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"þlosilo ne estas markita kiel malsekura - ne povas uzi øin kun falsa "
+"stokastilo!\n"
+
+#: g10/skclist.c:174
+#, fuzzy, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "ignoris '%s': ripetita\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "ignoris '%s': %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "ignorita: sekreta þlosilo jam æeestas\n"
+
+#: g10/skclist.c:208
+#, fuzzy
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"ignoris '%s': æi tio estas PGP-kreita ElGamal-þlosilo, kiu ne estas sekura "
+"por subskribado!\n"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "fido-datenaro %lu, speco %d: skribo malsukcesis: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, fuzzy, c-format
+msgid "error in `%s': %s\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: g10/tdbdump.c:161
+#, fuzzy
+msgid "line too long"
+msgstr "pasfrazo estas tro longa\n"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+#, fuzzy
+msgid "invalid fingerprint"
+msgstr "%s: nevalida dosiero-versio %d\n"
+
+#: g10/tdbdump.c:180
+#, fuzzy
+msgid "ownertrust value missing"
+msgstr "importi posedantofido-valorojn"
+
+#: g10/tdbdump.c:216
+#, fuzzy, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "eraro dum legado de dosieruja registro: %s\n"
+
+#: g10/tdbdump.c:220
+#, fuzzy, c-format
+msgid "read error in `%s': %s\n"
+msgstr "kiraso: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "fido-datenaro: sync malsukcesis: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "fido-datenaro loko %lu: lseek malsukcesis: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "fido-datenaro loko %lu: skribo malsukcesis (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "fido-datenaro-transakcio tro granda\n"
+
+#: g10/tdbio.c:500
+#, fuzzy, c-format
+msgid "can't access `%s': %s\n"
+msgstr "ne povas fermi '%s': %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: dosierujo ne ekzistas!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, fuzzy, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "ne povas krei '%s': %s\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, fuzzy, c-format
+msgid "can't lock `%s'\n"
+msgstr "ne povas malfermi '%s'\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: malsukcesis krei versiregistron: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: nevalida fido-datenaro kreita\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: fido-datenaro kreita\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr ""
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: nevalida fido-datenaro\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: malsukcesis krei haktabelon: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: eraro dum aktualigo de versiregistro: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: eraro dum legado de versiregistro: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: eraro dum skribado de versiregistro: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "fido-datenaro: lseek malsukcesis: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "fido-datenaro: lego malsukcesis (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: ne estas fido-datenaro\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: versiregistro kun registronumero %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: nevalida dosiero-versio %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: eraro dum legado de libera registro: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: eraro dum skribo de dosieruja registro: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: malsukcesis nuligi registron: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: malsukcesis aldoni registron: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: fido-datenaro kreita\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "ne povas trakti tekstliniojn pli longajn ol %d signojn\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "enigata linio pli longa ol %d signojn\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "'%s' ne estas valida longa þlosilidentigilo\n"
+
+#: g10/trustdb.c:252
+#, fuzzy, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "þlosilo %08lX: akceptita kiel fidata þlosilo\n"
+
+#: g10/trustdb.c:290
+#, fuzzy, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "þlosilo %08lX aperas pli ol unufoje en la fido-datenaro\n"
+
+#: g10/trustdb.c:305
+#, fuzzy, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "þlosilo %08lX: mankas publika þlosilo por fidata þlosilo - ignorita\n"
+
+#: g10/trustdb.c:315
+#, fuzzy, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "þlosilo markita kiel absolute fidata.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "fido-datenaro loko %lu, petospeco %d: lego malsukcesis: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "fido-registro %lu ne havas petitan specon %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+#, fuzzy
+msgid "[ revoked]"
+msgstr "rev"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+#, fuzzy
+msgid "[ expired]"
+msgstr "eksval"
+
+#: g10/trustdb.c:528
+#, fuzzy
+msgid "[ unknown]"
+msgstr "nekonata versio"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr ""
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "kontrolo de fido-datenaro ne estas bezonata\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "sekva kontrolo de fido-datenaro je %s\n"
+
+#: g10/trustdb.c:607
+#, fuzzy, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "kontrolo de fido-datenaro ne estas bezonata\n"
+
+#: g10/trustdb.c:622
+#, fuzzy, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "kontrolo de fido-datenaro ne estas bezonata\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, fuzzy, c-format
+msgid "public key %s not found: %s\n"
+msgstr "publika þlosilo %08lX ne trovita: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr ""
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "kontrolas la fido-datenaron\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr ""
+
+#: g10/trustdb.c:2295
+#, fuzzy
+msgid "no ultimately trusted keys found\n"
+msgstr "publika þlosilo de absolute fidata þlosilo %08lX ne trovita\n"
+
+#: g10/trustdb.c:2309
+#, fuzzy, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "publika þlosilo de absolute fidata þlosilo %08lX ne trovita\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, fuzzy, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "fido-datenaro %lu, speco %d: skribo malsukcesis: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"ne eblis kontroli la subskribon.\n"
+"Bonvolu memori, ke la subskribodosiero (.sig aý .asc)\n"
+"devas esti la unua dosiero donita en la komandlinio.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "enigata linio %u tro longa, aý mankas linifino\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "ne povas malfermi '%s': %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "skribas sekretan þlosilon al '%s'\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "legeraro æe dosiero"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "pasfrazo estas tro longa\n"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "nevalida argumento"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "malkongruaj komandoj\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "nevalida kiraso"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "ne traktita"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "nevalida kiraso"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "Nevalida komando (provu per \"helpo\")\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "ne traktita"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "nevalida kiraso"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "vi trovis cimon ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "ne povas malfermi %s: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "enkirasigo malsukcesis: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "%s: ne povas krei dosierujon: %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "eraro dum skribado de þlosilaro '%s': %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "skribas sekretan þlosilon al '%s'\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "publika þlosilo %08lX ne trovita: %s\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "skribas sekretan þlosilon al '%s'\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "þanøi la pasfrazon"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "þanøi la pasfrazon"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Kialo por revoko: "
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Kialo por revoko: "
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, fuzzy, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: scd/app-openpgp.c:695
+#, fuzzy, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
+
+#: scd/app-openpgp.c:708
+#, fuzzy, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "malsukcesis rekonstrui þlosilaran staplon: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, fuzzy, c-format
+msgid "reading public key failed: %s\n"
+msgstr "forviþo de þlosilbloko malsukcesis: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr ""
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "þanøi la pasfrazon"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, fuzzy, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "Kreado de þlosiloj malsukcesis: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "þanøi la pasfrazon"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "þanøi la pasfrazon"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "Kialo por revoko: "
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+#, fuzzy
+msgid "error reading application data\n"
+msgstr "eraro dum legado de þlosilbloko: %s\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+#, fuzzy
+msgid "error reading fingerprint DO\n"
+msgstr "%s: eraro dum legado de libera registro: %s\n"
+
+#: scd/app-openpgp.c:2194
+#, fuzzy
+msgid "key already exists\n"
+msgstr "'%s' jam densigita\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2200
+#, fuzzy
+msgid "generating new key\n"
+msgstr "krei novan þlosilparon"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "krei novan þlosilparon"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2773
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2872
+#, fuzzy
+msgid "generating key failed\n"
+msgstr "forviþo de þlosilbloko malsukcesis: %s\n"
+
+#: scd/app-openpgp.c:2875
+#, fuzzy, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "Kreado de þlosiloj malsukcesis: %s\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "%s-subskribo de: %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, fuzzy, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "validaj OpenPGP-datenoj ne trovitaj.\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+#, fuzzy
+msgid "|N|Initial New PIN"
+msgstr "Donu la uzantidentigilon: "
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+#, fuzzy
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NOMO|uzi NOMOn kiel implicitan ricevonton"
+
+#: scd/scdaemon.c:130
+#, fuzzy
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NOMO|uzi NOMOn kiel implicitan ricevonton"
+
+#: scd/scdaemon.c:133
+#, fuzzy
+msgid "do not use the internal CCID driver"
+msgstr "tute ne uzi la terminalon"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "malkongruaj komandoj\n"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "nevalida signo %02x en bazo 64 ignorita\n"
+
+#: sm/call-agent.c:137
+#, fuzzy, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "malsukcesis meti '%s' en fido-datenaron: %s\n"
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+#, fuzzy
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "malbona valoro de la media variablo GPG_AGENT_INFO\n"
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "protokolversio %d de gpg-agent ne estas uzebla\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "helpo"
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "protokolversio %d de gpg-agent ne estas uzebla\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "ne povas malfermi '%s': %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "skribas sekretan þlosilon al '%s'\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "forviþo de þlosilbloko malsukcesis: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "þlosilo %08lX: þlosilo estas revokita!\n"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "kontrolo de kreita subskribo malsukcesis: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, fuzzy, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "problemo æe legado de atestilo: %s\n"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+#, fuzzy
+msgid "certificate not yet valid"
+msgstr "Valida atestilrevoko"
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "Valida atestilrevoko"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+#, fuzzy
+msgid "intermediate certificate not yet valid"
+msgstr "Valida atestilrevoko"
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "problemo æe legado de atestilo: %s\n"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "problemo æe legado de atestilo: %s\n"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "problemo æe legado de atestilo: %s\n"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "problemo æe legado de atestilo: %s\n"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " novaj subskriboj: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "þlosilo %08lX: revokatestilo aldonita\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "Valida atestilrevoko"
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr ""
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "Fingrospuro:"
+
+#: sm/certchain.c:1153
+#, fuzzy
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+"Neniom da atestiloj trovitaj kun nedifinita fidovaloro.\n"
+"\n"
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "Bona atestilo"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+#, fuzzy
+msgid "root certificate is not marked trusted"
+msgstr ""
+"Neniom da atestiloj trovitaj kun nedifinita fidovaloro.\n"
+"\n"
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "kontrolo de kreita subskribo malsukcesis: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+#, fuzzy
+msgid "certificate chain too long\n"
+msgstr "Valida atestilrevoko"
+
+#: sm/certchain.c:1489
+#, fuzzy
+msgid "issuer certificate not found"
+msgstr "Valida atestilrevoko"
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "kontroli subskribon"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "Valida atestilrevoko"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "ripetita atestilo - forviþita"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr ""
+"Neniom da atestiloj trovitaj kun nedifinita fidovaloro.\n"
+"\n"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "ne"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "%s: nevalida dosiero-versio %d\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "%s: nevalida dosiero-versio %d\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Vi bezonas pasfrazon por malþlosi la sekretan þlosilon por la uzanto:\n"
+"\"%.*s\"\n"
+"%u-bita %s þlosilo, ID %08lX, kreita je %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "eraro dum skribado de sekreta þlosilaro '%s': %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "nevalida kompendi-metodo '%s'\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Nevalida retadreso\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "eraro dum kreado de þlosilaro '%s': %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "eraro dum kreado de þlosilaro '%s': %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "Kreado de þlosiloj malsukcesis: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (nur subskribi)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) RSA (nur æifri)\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Subskribo-notacio: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "Mankas uzantidentigilo kun indekso %d\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: eraro dum legado de libera registro: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "malþalti þlosilon"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) RSA (subskribi kaj æifri)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (nur subskribi)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (nur æifri)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "nevalida kompendi-metodo '%s'\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "Retadreso: "
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"Donu la uzantidentigilon. Finu per malplena linio: "
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "Donu novan dosiernomon"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr ""
+"\n"
+"Donu la uzantidentigilon. Finu per malplena linio: "
+
+#: sm/certreqgen-ui.c:344
+#, fuzzy
+msgid "Enter URIs"
+msgstr "Donu la uzantidentigilon: "
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "þlosilo '%s' ne trovita: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "eraro dum legado de þlosilbloko: %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "ripetita atestilo - forviþita"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "ripetita atestilo - forviþita"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "forviþo de þlosilbloko malsukcesis: %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "nevalida respondo de agento\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "listigi sekretajn þlosilojn"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "Valida atestilrevoko"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "Bona atestilo"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "Bona atestilo"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "krei eligon en askia kiraso"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "tute ne uzi la terminalon"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "neinteraga reøimo: neniam demandi"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "supozi \"jes\" æe la plej multaj demandoj"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "supozi \"ne\" æe la plej multaj demandoj"
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "aldoni æi tiun þlosilaron al la listo de þlosilaroj"
+
+#: sm/gpgsm.c:301
+#, fuzzy
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|NOMO|uzi NOMOn kiel la implicitan sekretan þlosilon"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SERVILO|uzi æi tiun þlosilservilon por seræi þlosilojn"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NOMO|uzi æifrad-metodon NOMO"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NOMO|uzi kompendi-metodon NOMO"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintakso: gpg [opcioj] [dosieroj]\n"
+"subskribi, kontroli, æifri aý malæifri\n"
+"implicita operacio dependas de la enigataj datenoj\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "uzado: gpg [opcioj] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "ne povas konektiøi al '%s': %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "nekonata implicita ricevonto '%s'\n"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr ""
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = supersalti æi tiun þlosilon\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "ne povis analizi URI de þlosilservilo\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, fuzzy, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "skribas al '%s'\n"
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "ne povas fermi '%s': %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr " Nombro traktita entute: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "Bona atestilo"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "eraro dum kreado de þlosilaro '%s': %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "þlosilaro '%s' kreita\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "malsukcesis doni komencajn valorojn al fido-datenaro: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: sm/keydb.c:1408
+#, fuzzy, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "rev? problemo en kontrolo de revoko: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "%s: nevalida dosiero-versio %d\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "protekto-metodo %d%s ne estas realigita\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "kontrolo de kreita subskribo malsukcesis: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "Æi tiu þlosilo eksvalidiøos je %s.\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "Bona subskribo de \""
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " alinome \""
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr "tio povas esti kaýzata de mankanta mem-subskribo\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "fini"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "forviþo de þlosilbloko malsukcesis: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "pasfrazo estas tro longa\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "nekonata implicita ricevonto '%s'\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "subskribado malsukcesis: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "eraro dum sendo al '%s': %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "eraro dum sendo al '%s': %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|uzi pasfraz-reøimon N"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NOMO|uzi NOMOn kiel la implicitan sekretan þlosilon"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NOMO|æifri por NOMO"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "ne povis analizi URI de þlosilservilo\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+#, fuzzy
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NOMO|uzi æifrad-metodon NOMO por pasfrazoj"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "%s: nova opcio-dosiero kreita\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "%s: nova opcio-dosiero kreita\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "uzi dosieron por eligo"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "uzado: gpg [opcioj] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "publika þlosilo ne trovita"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "skribas sekretan þlosilon al '%s'\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Komandoj:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "malæifrado sukcesis\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "malæifrado sukcesis\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [dosiero]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s ne eblas kun %s!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "aktualigo de fido-datenaro malsukcesis: %s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "%s: ne povas krei dosierujon: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, fuzzy, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "ne povas malfermi %s: %s\n"
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "eraro dum skribado de þlosilaro '%s': %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "eraro dum legado de '%s': %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "ne povas krei %s: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "ne povas krei %s: %s\n"
+
+#: tools/symcryptrun.c:552
+#, fuzzy, c-format
+msgid "could not fork: %s\n"
+msgstr "%s: uzanto ne trovita: %s\n"
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "aktualigo malsukcesis: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "forviþo de þlosilbloko malsukcesis: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "aktualigo malsukcesis: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "aktualigo malsukcesis: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "aktualigo malsukcesis: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "ne povas krei '%s': %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "ne povas krei '%s': %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "protekto-metodo %d%s ne estas realigita\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Uzado: gpg [opcioj] [dosieroj] (-h por helpo)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Komando> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr ""
+#~ "la fido-datenaro estas fuþita; bonvolu ruli \"gpg --fix-trustdb\".\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr "Bonvolu raporti cimojn al <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr "Bonvolu raporti cimojn al <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "DSA-þlosilparo havos 1024 bitojn.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Ripetu pasfrazon\n"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "legas opciojn el '%s'\n"
+
+#~ msgid "|[file]|make a signature"
+#~ msgstr "|[dosiero]|fari subskribon"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[dosiero]|fari subskribon"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[dosiero]|fari klartekstan subskribon"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|NOMO|uzi NOMOn kiel implicitan ricevonton"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "uzi la implicitan þlosilon kiel implicitan ricevonton"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "devigi v3-subskribojn"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "æiam uzi sigelon (MDC) por æifrado"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "aldoni æi tiun sekretan þlosilaron al la listo"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|NOMO|difini NOMOn kiel la signaron de la terminalo"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|uzi densig-metodon N"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "forigi þlosilojn de la publika þlosilaro"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Vi devas mem doni valoron æi tie; la valoro neniam estos eksportita\n"
+#~ "al alia persono. Ni bezonas øin por realigi la fido-reton; øi neniel\n"
+#~ "rilatas al la (implicite kreita) atestilo-reto."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Por konstrui la fido-reton, GnuPG devas scii, kiuj þlosiloj estas\n"
+#~ "absolute fidataj; normale tiuj estas la þlosiloj, por kiuj vi havas\n"
+#~ "aliron al la sekreta þlosilo. Respondu \"jes\" por igi æi tiun þlosilon\n"
+#~ "absolute fidata\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Se vi tamen volas uzi æi tiun nefidatan þlosilon, respondu per \"jes\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr ""
+#~ "Donu la uzantidentigilon de la adresito, al kiu vi volas sendi la mesaøon."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Donu la þlosilgrandon"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Respondu per \"jes\" aý \"ne\""
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Donu la bezonatan valoron, kiel montrite en la invito.\n"
+#~ "Eblas doni ISO-forman daton (JJJJ-MM-TT), sed vi ne ricevos\n"
+#~ "bonan eraromesaøon; anstataýe la sistemo provas interpreti\n"
+#~ "la donitan valoron kiel gamon."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Donu la nomon de la þlosilposedanto"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr "bonvolu doni retadreson (ne devige, sed tre rekomendate)"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Bonvolu doni nedevigan komenton"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N por þanøi la nomon.\n"
+#~ "K por þanøi la komenton.\n"
+#~ "A por þanøi la retadreson.\n"
+#~ "B por daýrigi kun la þlosilkreado.\n"
+#~ "F por interrompi la þlosilkreadon kaj fini."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr "Respondu per \"jes\" (aý nur \"j\"), se la subþlosilo estu kreita."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Kiam vi subskribas uzantidentigilon sur þlosilo, vi devas unue kontroli,\n"
+#~ "ke la þlosilo apartenas al la persono nomita en la identigilo. Estas\n"
+#~ "utile por aliaj homoj scii, kiom zorge vi kontrolis tion.\n"
+#~ "\n"
+#~ "\"0\" signifas, ke vi faras nenian specifan aserton pri tio, kiel zorge "
+#~ "vi\n"
+#~ " kontrolis la þlosilon.\n"
+#~ "\n"
+#~ "\"1\" signifas, ke vi kredas, ke la þlosilo apartenas al la homo, kiu\n"
+#~ " pretendas posedi øin, sed vi ne povis kontroli, aý simple ne\n"
+#~ " kontrolis la þlosilon. Tio estas utila, kiam oni subskribas la\n"
+#~ " þlosilon de pseýdonoma uzanto.\n"
+#~ "\n"
+#~ "\"2\" signifas, ke vi malzorge kontrolis la þlosilon. Ekzemple, povas "
+#~ "esti,\n"
+#~ " ke vi kontrolis la fingroþpuron de la þlosilo kaj komparis la\n"
+#~ " uzantidentigilon sur la þlosilo kun foto-identigilo.\n"
+#~ "\n"
+#~ "\"3\" signifas, ke vi zorge kontrolis la þlosilon. Ekzemple, povas esti,\n"
+#~ " ke vi kontrolis la fingroþpuron persone æe la posedanto de la\n"
+#~ " þlosilo, kaj vi kontrolis, per malfacile falsebla dokumento kun\n"
+#~ " foto-identigilo (ekzemple pasporto), ke la nomo de þlosilposedanto\n"
+#~ " kongruas kun la nomo en la uzantidentigilo sur la þlosilo, kaj fine\n"
+#~ " vi kontrolis (per interþanøo de retmesaøoj), ke la retadreso sur\n"
+#~ " la þlosilo apartenas al la posedanto de la þlosilo.\n"
+#~ "\n"
+#~ "Notu, ke la ekzemploj donitaj supre por la niveloj 2 kaj 3 estas nur\n"
+#~ "ekzemploj. Vi devas fine mem decidi, kion precize signifas \"malzorga\"\n"
+#~ "kaj \"zorga\", kiam vi subskribas aliajn þlosilojn.\n"
+#~ "\n"
+#~ "Se vi ne scias la øustan respondon, respondu per \"0\"."
+
+#, fuzzy
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "Respondu per \"jes\", se vi volas subskribi æiujn uzantidentigilojn"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Respondu per \"jes\", se vi vere volas forviþi la uzantidentigilon.\n"
+#~ "Tiam ankaý æiuj atestiloj perdiøos!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Respondu per \"jes\", se la subþlosilo estu forviþita"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Æi tio estas valida þlosilsubskribo; normale vi ne volas forviþi\n"
+#~ "æi tiun subskribon, æar eble øi estos grava por establi fido-ligon\n"
+#~ "al la þlosilo aý al alia þlosilo atestita per æi tiu þlosilo."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "La subskribo ne estas kontrolebla, æar vi ne havas la respondan\n"
+#~ "þlosilon. Vi devus prokrasti øian forviþon, øis vi scios, kiu\n"
+#~ "þlosilo estis uzita, æar la subskribanta þlosilo eble establos\n"
+#~ "fido-ligon tra alia jam atestita þlosilo."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr ""
+#~ "La subskribo ne estas valida. Estas prudente forigi øin de\n"
+#~ "via þlosilaro."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Æi tio estas subskribo, kiu ligas la uzantidentigilon al la þlosilo.\n"
+#~ "Normale ne estas konsilinde forigi tian subskribon. Efektive, GnuPG\n"
+#~ "eble ne povus uzi la þlosilon poste. Do, faru æi tion, nur se la\n"
+#~ "mem-subskribo estas ial nevalida, kaj dua mem-subskribo estas\n"
+#~ "havebla."
+
+#, fuzzy
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Þanøi la preferojn de æiuj uzantidentigiloj (aý nur la elektitaj)\n"
+#~ "al la aktuala listo de preferoj. La dato de æiuj trafitaj\n"
+#~ "mem-subskriboj estos antaýenigitaj je unu sekundo.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr ""
+#~ "Bonvolu ripeti la pasfrazon, por kontroli, ke vi bone scias, kion vi "
+#~ "tajpis."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Donu la nomon de la dosiero, al kiu la subskribo aplikiøas"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Respondu per \"jes\", se la dosiero estu surskribita"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Bonvolu doni novan dosiernomon. Se vi premas nur ENEN, la implicita\n"
+#~ "dosiero (montrita en parentezo) estos uzata."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Vi devus doni kialon por æi tiu atestilo. Depende de la kunteksto, vi\n"
+#~ "povas elekti el æi tiu listo:\n"
+#~ " \"Þlosilo estas kompromitita\"\n"
+#~ " Uzu æi tion, se vi pensas, ke nerajtigita homo havis aliron al\n"
+#~ " via sekreta þlosilo.\n"
+#~ " \"Þlosilo estas anstataýigita\"\n"
+#~ " Uzu æi tion, se vi anstataýigis la þlosilon per pli nova.\n"
+#~ " \"Þlosilo estas ne plu uzata\"\n"
+#~ " Uzu æi tion, se vi retiris æi tiun þlosilon.\n"
+#~ " \"Uzantidentigilo ne plu validas\"\n"
+#~ " Uzu æi tion por aserti, ke la uzantidentigilo ne plu estu uzata;\n"
+#~ " normale oni uzas æi tion por marki retadreson kiel nevalidan.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Se vi volas, vi povas doni tekston por priskribi, kial vi faras\n"
+#~ "æi tiun revokatestilon. Bonvolu fari æi tiun tekston konciza.\n"
+#~ "Malplena linio finas la tekston.\n"
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "helpo"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr "bonvolu vidi http://www.gnupg.org/faq.html por pliaj informoj\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "gpg-agent ne estas disponata en æi tiu sesio\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Bonvolu elekti, kian þlosilon vi deziras:\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "problemo kun agento - malþaltas uzadon de agento\n"
+
+#, fuzzy
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "ne povas kontroli pasvorton en neinteraga reøimo\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Donu pasfrazon: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Ripetu pasfrazon: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [uzantidentigilo] [þlosilaro]"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "ne povas malfermi '%s'\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "ne povas stat-i '%s': %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "'%s' ne estas normala dosiero - ignorita\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "noto: dosiero random_seed estas malplena\n"
+
+#, fuzzy
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr "averto: nevalida grando de la dosiero random_seen - ne uzita\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "ne povas legi '%s': %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "noto: dosiero random_seed ne aktualigita\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "ne povas skribi '%s': %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "ne povas fermi '%s': %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "AVERTO: uzas malsekuran stokastilon!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "La kvazaýstokastilo estas nur simpla protezo, por ke la\n"
+#~ "programo entute ruliøu; øi neniel estas forta stokastilo!\n"
+#~ "\n"
+#~ "NE UZU DATENOJN KREITAJN DE ÆI TIU PROGRAMO!!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Nesufiæe da stokastaj datenoj. Bonvolu fari ion por ebligi al la\n"
+#~ "mastruma sistemo kolekti pli da entropio! (Mankas %d bitokoj)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "sekreta þlosilo ne havebla"
+
+#, fuzzy
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "gpg-agent ne estas disponata en æi tiu sesio\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "Vi subskribis la sekvajn uzantidentigilojn:\n"
+
+#~ msgid "general error"
+#~ msgstr "øenerala eraro"
+
+#~ msgid "unknown packet type"
+#~ msgstr "nekonata paketo-speco"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "nekonata publikþlosila metodo"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "nekonata kompendi-metodo"
+
+#~ msgid "bad public key"
+#~ msgstr "malbona publika þlosilo"
+
+#~ msgid "bad secret key"
+#~ msgstr "malbona sekreta þlosilo"
+
+#~ msgid "bad signature"
+#~ msgstr "malbona subskribo"
+
+#~ msgid "checksum error"
+#~ msgstr "eraro en kontrolsumo"
+
+#~ msgid "unknown cipher algorithm"
+#~ msgstr "nekonata æifrad-metodo"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "ne povas malfermi la þlosilaron"
+
+#~ msgid "invalid packet"
+#~ msgstr "nevalida paketo"
+
+#~ msgid "invalid armor"
+#~ msgstr "nevalida kiraso"
+
+#~ msgid "no such user id"
+#~ msgstr "uzantidentigilo ne ekzistas"
+
+#~ msgid "secret key not available"
+#~ msgstr "sekreta þlosilo ne havebla"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "maløusta sekreta þlosilo uzata"
+
+#~ msgid "not supported"
+#~ msgstr "ne realigita"
+
+#~ msgid "bad key"
+#~ msgstr "malbona þlosilo"
+
+#~ msgid "file write error"
+#~ msgstr "skriberaro æe dosiero"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "nekonata densig-metodo"
+
+#~ msgid "file open error"
+#~ msgstr "eraro æe malfermo de dosiero"
+
+#~ msgid "file create error"
+#~ msgstr "eraro æe kreo de dosiero"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "nevalida pasfrazo"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "nerealigita publikþlosila metodo"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "nerealigita æifrad-metodo"
+
+#~ msgid "unknown signature class"
+#~ msgstr "nekonata klaso de subskribo"
+
+#~ msgid "trust database error"
+#~ msgstr "eraro en fido-datenaro"
+
+#~ msgid "resource limit"
+#~ msgstr "trafis rimedolimon"
+
+#~ msgid "invalid keyring"
+#~ msgstr "nevalida þlosilaro"
+
+#~ msgid "bad certificate"
+#~ msgstr "malbona atestilo"
+
+#~ msgid "malformed user id"
+#~ msgstr "misformita uzantidentigilo"
+
+#~ msgid "file close error"
+#~ msgstr "eraro æe fermo de dosiero"
+
+#~ msgid "file rename error"
+#~ msgstr "eraro æe renomado de dosiero"
+
+#~ msgid "file delete error"
+#~ msgstr "eraro æe forviþo de dosiero"
+
+#~ msgid "unexpected data"
+#~ msgstr "neatendita dateno"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "malkongruo de tempostampoj"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "neuzebla publikþlosila metodo"
+
+#~ msgid "file exists"
+#~ msgstr "dosiero ekzistas"
+
+#~ msgid "weak key"
+#~ msgstr "malforta þlosilo"
+
+#~ msgid "bad URI"
+#~ msgstr "malbona URI"
+
+#~ msgid "unsupported URI"
+#~ msgstr "nerealigita URI"
+
+#~ msgid "network error"
+#~ msgstr "reteraro"
+
+#~ msgid "not processed"
+#~ msgstr "ne traktita"
+
+#~ msgid "unusable public key"
+#~ msgstr "neuzebla publika þlosilo"
+
+#~ msgid "unusable secret key"
+#~ msgstr "neuzebla sekreta þlosilo"
+
+#~ msgid "keyserver error"
+#~ msgstr "þlosilservila eraro"
+
+#, fuzzy
+#~ msgid "no card"
+#~ msgstr "ne æifrita"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "mankas subskribitaj datenoj\n"
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... æi tio estas cimo (%s:%d:%s)\n"
+
+#, fuzzy
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "Averto: uzas malsekuran memoron!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "operacio ne eblas sen sekura memoro kun komenca valoro\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(eble vi uzis la maløustan programon por æi tiu tasko)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr ""
+#~ "bonvolu vidi http://www.gnupg.org/why-not-idea.html por pliaj informoj\n"
+
+#, fuzzy
+#~ msgid "all export-clean-* options from above"
+#~ msgstr "legi la opciojn el dosiero"
+
+#, fuzzy
+#~ msgid "all import-clean-* options from above"
+#~ msgstr "legi la opciojn el dosiero"
+
+#, fuzzy
+#~ msgid "expired: %s)"
+#~ msgstr " [eksvalidiøos: %s]"
+
+#, fuzzy
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr "þlosilo %08lX: neeksportebla subskribo (klaso %02x) - ignorita\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "Mankas uzantidentigilo por þlosilo\n"
+
+#, fuzzy
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr "nekonata æifrad-metodo"
+
+#~ msgid "can't set client pid for the agent\n"
+#~ msgstr "ne povas agordi kliento-PID por la agento\n"
+
+#~ msgid "can't get server read FD for the agent\n"
+#~ msgstr "ne povas akiri lego-FD de servilo por la agento\n"
+
+#~ msgid "can't get server write FD for the agent\n"
+#~ msgstr "ne povas akiri skribo-FD de servilo por la agento\n"
+
+#~ msgid "select secondary key N"
+#~ msgstr "elekti flankan þlosilon N"
+
+#~ msgid "list signatures"
+#~ msgstr "listigi subskribojn"
+
+#~ msgid "sign the key"
+#~ msgstr "subskribi la þlosilon"
+
+#~ msgid "add a secondary key"
+#~ msgstr "aldoni flankan þlosilon"
+
+#~ msgid "delete signatures"
+#~ msgstr "forviþi subskribojn"
+
+#~ msgid "change the expire date"
+#~ msgstr "þanøi la daton de eksvalidiøo"
+
+#~ msgid "set preference list"
+#~ msgstr "agordi liston de preferoj"
+
+#~ msgid "updated preferences"
+#~ msgstr "aktualigitaj preferoj"
+
+#~ msgid "No secondary key with index %d\n"
+#~ msgstr "Mankas flanka þlosilo kun indekso %d\n"
+
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--nrsign-key uzantidentigilo"
+
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--nrlsign-key uzantidentigilo"
+
+#~ msgid "sign the key non-revocably"
+#~ msgstr "subskribi la þlosilon nerevokeble"
+
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "subskribi la þlosilon loke kaj nerevokeble"
+
+#~ msgid "q"
+#~ msgstr "f"
+
+#~ msgid "list"
+#~ msgstr "listo"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "debug"
+#~ msgstr "spuri"
+
+#, fuzzy
+#~ msgid "name"
+#~ msgstr "en"
+
+#, fuzzy
+#~ msgid "login"
+#~ msgstr "lsub"
+
+#, fuzzy
+#~ msgid "cafpr"
+#~ msgstr "fsp"
+
+#, fuzzy
+#~ msgid "forcesig"
+#~ msgstr "revsig"
+
+#, fuzzy
+#~ msgid "generate"
+#~ msgstr "øenerala eraro"
+
+#~ msgid "passwd"
+#~ msgstr "pasf"
+
+#~ msgid "save"
+#~ msgstr "skribi"
+
+#~ msgid "fpr"
+#~ msgstr "fsp"
+
+#~ msgid "uid"
+#~ msgstr "uid"
+
+#~ msgid "key"
+#~ msgstr "þlosilo"
+
+#~ msgid "check"
+#~ msgstr "kontroli"
+
+#~ msgid "c"
+#~ msgstr "k"
+
+#~ msgid "sign"
+#~ msgstr "subskribi"
+
+#~ msgid "s"
+#~ msgstr "s"
+
+#, fuzzy
+#~ msgid "tsign"
+#~ msgstr "subskribi"
+
+#~ msgid "lsign"
+#~ msgstr "lsub"
+
+#~ msgid "nrsign"
+#~ msgstr "nrsub"
+
+#~ msgid "nrlsign"
+#~ msgstr "nrlsub"
+
+#~ msgid "adduid"
+#~ msgstr "aluid"
+
+#~ msgid "addphoto"
+#~ msgstr "alfoto"
+
+#~ msgid "deluid"
+#~ msgstr "foruid"
+
+#~ msgid "delphoto"
+#~ msgstr "forfoto"
+
+#, fuzzy
+#~ msgid "addcardkey"
+#~ msgstr "al"
+
+#~ msgid "delkey"
+#~ msgstr "for"
+
+#, fuzzy
+#~ msgid "addrevoker"
+#~ msgstr "revokita"
+
+#~ msgid "delsig"
+#~ msgstr "forsig"
+
+#~ msgid "expire"
+#~ msgstr "eksval"
+
+#~ msgid "primary"
+#~ msgstr "æefa"
+
+#~ msgid "toggle"
+#~ msgstr "alia"
+
+#~ msgid "t"
+#~ msgstr "a"
+
+#~ msgid "pref"
+#~ msgstr "pref"
+
+#~ msgid "showpref"
+#~ msgstr "monpref"
+
+#~ msgid "setpref"
+#~ msgstr "agpref"
+
+#~ msgid "updpref"
+#~ msgstr "aktpref"
+
+#, fuzzy
+#~ msgid "keyserver"
+#~ msgstr "þlosilservila eraro"
+
+#~ msgid "trust"
+#~ msgstr "fido"
+
+#~ msgid "revsig"
+#~ msgstr "revsig"
+
+#, fuzzy
+#~ msgid "revuid"
+#~ msgstr "revsig"
+
+#~ msgid "revkey"
+#~ msgstr "rev"
+
+#~ msgid "disable"
+#~ msgstr "el"
+
+#~ msgid "enable"
+#~ msgstr "en"
+
+#~ msgid "showphoto"
+#~ msgstr "monfoto"
+
+#~ msgid ""
+#~ "About to generate a new %s keypair.\n"
+#~ " minimum keysize is 768 bits\n"
+#~ " default keysize is 1024 bits\n"
+#~ " highest suggested keysize is 2048 bits\n"
+#~ msgstr ""
+#~ "Kreos novan %s-þlosilparon.\n"
+#~ " minimuma þlosilgrando estas 768 bitoj\n"
+#~ " implicita þlosilgrando estas 1024 bitoj\n"
+#~ " plej granda rekomendata þlosilgrando estas 2048 bitoj\n"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "DSA permesas þlosilgrandon nur inter 512 kaj 1024\n"
+
+#~ msgid "keysize too small; 1024 is smallest value allowed for RSA.\n"
+#~ msgstr "þlosilgrando tro malgranda; 1024 estas plej eta valoro por RSA.\n"
+
+#~ msgid "keysize too small; 768 is smallest value allowed.\n"
+#~ msgstr "þlosilgrando tro malgranda; 768 estas plej eta permesata valoro.\n"
+
+#~ msgid "keysize too large; %d is largest value allowed.\n"
+#~ msgstr "þlosilgrando tro granda; %d estas plej granda permesata valoro.\n"
+
+#~ msgid ""
+#~ "Keysizes larger than 2048 are not suggested because\n"
+#~ "computations take REALLY long!\n"
+#~ msgstr ""
+#~ "Þlosilgrandoj pli grandaj ol 2048 ne estas rekomendataj,\n"
+#~ "æar la komputado daýras TRE longe!\n"
+
+#, fuzzy
+#~ msgid "Are you sure that you want this keysize? (y/N) "
+#~ msgstr "Æu vi estas certa, ke vi deziras æi tiun þlosilgrandon? "
+
+#~ msgid ""
+#~ "Okay, but keep in mind that your monitor and keyboard radiation is also "
+#~ "very vulnerable to attacks!\n"
+#~ msgstr ""
+#~ "Bone, sed pripensu, ke la elradiado de viaj ekrano kaj klavaro estas tre "
+#~ "facile kaptebla!\n"
+
+#~ msgid "Experimental algorithms should not be used!\n"
+#~ msgstr "Eksperimentaj metodoj ne estu uzataj!\n"
+
+#~ msgid ""
+#~ "this cipher algorithm is deprecated; please use a more standard one!\n"
+#~ msgstr ""
+#~ "æi tiu æifrad-metodo estas malrekomendata; bonvolu uzi pli normalan!\n"
+
+#, fuzzy
+#~ msgid "sorry, can't do this in batch mode\n"
+#~ msgstr "ne povas fari tion en neinteraga reøimo\n"
+
+#, fuzzy
+#~ msgid "can't open file `%s': %s\n"
+#~ msgstr "ne povas malfermi %s: %s\n"
+
+#, fuzzy
+#~ msgid " \""
+#~ msgstr " alinome \""
+
+#~ msgid "key %08lX: key has been revoked!\n"
+#~ msgstr "þlosilo %08lX: þlosilo estas revokita!\n"
+
+#~ msgid "key %08lX: subkey has been revoked!\n"
+#~ msgstr "þlosilo %08lX: subþlosilo estas revokita!\n"
+
+#~ msgid "%08lX: key has expired\n"
+#~ msgstr "%08lX: þlosilo eksvalidiøis\n"
+
+#~ msgid "%08lX: We do NOT trust this key\n"
+#~ msgstr "%08lX: Ni NE fidas æi tiun þlosilon\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (auth only)\n"
+#~ msgstr " (%d) RSA (nur subskribi)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign and auth)\n"
+#~ msgstr " (%d) RSA (subskribi kaj æifri)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (encrypt and auth)\n"
+#~ msgstr " (%d) RSA (nur æifri)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign, encrypt and auth)\n"
+#~ msgstr " (%d) RSA (subskribi kaj æifri)\n"
+
+#~ msgid "%s: can't open: %s\n"
+#~ msgstr "%s: ne povas malfermi: %s\n"
+
+#~ msgid "%s: WARNING: empty file\n"
+#~ msgstr "%s: AVERTO: malplena dosiero\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust marginally\n"
+#~ msgstr " %d = Mi fidas iomete\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust fully\n"
+#~ msgstr " %d = Mi plene fidas\n"
+
+#, fuzzy
+#~ msgid "expires"
+#~ msgstr "eksval"
+
+#, fuzzy
+#~ msgid ""
+#~ "\"\n"
+#~ "locally signed with your key %s at %s\n"
+#~ msgstr ""
+#~ "\"\n"
+#~ "subskribita per via þlosilo %08lX je %s\n"
+
+#~ msgid "%s: can't access: %s\n"
+#~ msgstr "%s: ne povas aliri: %s\n"
+
+#~ msgid "%s: can't create lock\n"
+#~ msgstr "%s: ne povas krei þloson\n"
+
+#~ msgid "%s: can't make lock\n"
+#~ msgstr "%s: ne povas krei þloson\n"
+
+#~ msgid "%s: can't create: %s\n"
+#~ msgstr "%s: ne povas krei: %s\n"
+
+#~ msgid "If you want to use this revoked key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Se vi tamen volas uzi æi tiun revokitan þlosilon, respondu per \"jes\"."
+
+#, fuzzy
+#~ msgid "Unable to open photo \"%s\": %s\n"
+#~ msgstr "ne povas malfermi %s: %s\n"
+
+#, fuzzy
+#~ msgid "error: no ownertrust value\n"
+#~ msgstr "eksporti la posedantofido-valorojn"
+
+#~ msgid " (main key ID %08lX)"
+#~ msgstr " (æefþlosilo %08lX)"
+
+#~ msgid "rev! subkey has been revoked: %s\n"
+#~ msgstr "rev! subþlosilo estas revokita: %s\n"
+
+#~ msgid "rev- faked revocation found\n"
+#~ msgstr "rev- falsita revoko trovita\n"
+
+#, fuzzy
+#~ msgid " [expired: %s]"
+#~ msgstr " [eksvalidiøos: %s]"
+
+#~ msgid " [expires: %s]"
+#~ msgstr " [eksvalidiøos: %s]"
+
+#, fuzzy
+#~ msgid " [revoked: %s]"
+#~ msgstr "rev"
+
+#~ msgid "|[files]|encrypt files"
+#~ msgstr "|[dosieroj]|æifri dosierojn"
+
+#~ msgid "store only"
+#~ msgstr "nur skribi"
+
+#~ msgid "|[files]|decrypt files"
+#~ msgstr "|[dosieroj]|malæifri dosierojn"
+
+#~ msgid "sign a key locally and non-revocably"
+#~ msgstr "subskribi þlosilon loke kaj nerevokeble"
+
+#~ msgid "list only the sequence of packets"
+#~ msgstr "listigi nur la sinsekvon de paketoj"
+
+#~ msgid "export the ownertrust values"
+#~ msgstr "eksporti la posedantofido-valorojn"
+
+#~ msgid "unattended trust database update"
+#~ msgstr "senintervena aktualigo de fido-datenaro"
+
+#~ msgid "fix a corrupted trust database"
+#~ msgstr "ripari fuþitan fido-datenaron"
+
+#~ msgid "De-Armor a file or stdin"
+#~ msgstr "elkirasigi dosieron aý la normalan enigon"
+
+#~ msgid "En-Armor a file or stdin"
+#~ msgstr "enkirasigi dosieron aý la normalan enigon"
+
+#~ msgid "do not force v3 signatures"
+#~ msgstr "ne devigi v3-subskribojn"
+
+#~ msgid "force v4 key signatures"
+#~ msgstr "devigi v4-subskribojn"
+
+#~ msgid "do not force v4 key signatures"
+#~ msgstr "ne devigi v4-þlosilsubskribojn"
+
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "neniam uzi MDC por æifrado"
+
+#~ msgid "use the gpg-agent"
+#~ msgstr "uzi gpg-agent"
+
+#~ msgid "|[file]|write status info to file"
+#~ msgstr "|[dosiero]|skribi statusinformojn al dosiero"
+
+#~ msgid "|KEYID|ultimately trust this key"
+#~ msgstr "|KEYID|fidi æi tiun þlosilon absolute"
+
+#~ msgid "emulate the mode described in RFC1991"
+#~ msgstr "imiti la reøimon priskribitan en RFC 1991"
+
+#~ msgid "set all packet, cipher and digest options to OpenPGP behavior"
+#~ msgstr "þalti æiujn paket-, æifrad- kaj kompendi-opciojn al OpenPGP-konduto"
+
+#~ msgid "set all packet, cipher and digest options to PGP 2.x behavior"
+#~ msgstr "þalti æiujn paket-, æifrad- kaj kompendi-opciojn al PGP-2.x-konduto"
+
+#~ msgid "|NAME|use message digest algorithm NAME for passphrases"
+#~ msgstr "|NOMO|uzi kompendi-metodon NOMO por pasfrazoj"
+
+#~ msgid "throw keyid field of encrypted packets"
+#~ msgstr "forigi la þlosilidentigilon de æifritaj paketoj"
+
+#~ msgid "Show Photo IDs"
+#~ msgstr "Montri Foto-Identigilojn"
+
+#~ msgid "Don't show Photo IDs"
+#~ msgstr "Ne montri Foto-Identigilojn"
+
+#~ msgid "Set command line to view Photo IDs"
+#~ msgstr "Agordi komandlinion por montri Foto-Identigilojn"
+
+#, fuzzy
+#~ msgid "compress algorithm `%s' is read-only in this release\n"
+#~ msgstr "la densig-metodo devas esti inter %d kaj %d\n"
+
+#~ msgid "compress algorithm must be in range %d..%d\n"
+#~ msgstr "la densig-metodo devas esti inter %d kaj %d\n"
+
+#~ msgid ""
+#~ "%08lX: It is not sure that this key really belongs to the owner\n"
+#~ "but it is accepted anyway\n"
+#~ msgstr ""
+#~ "%08lX: Ne estas certe, ke æi tiu þlosilo vere apartenas al la posedanto,\n"
+#~ "sed øi tamen estas akceptita\n"
+
+#~ msgid "preference %c%lu is not valid\n"
+#~ msgstr "prefero %c%lu ne estas valida\n"
+
+#~ msgid "key %08lX: not a rfc2440 key - skipped\n"
+#~ msgstr "þlosilo %08lX: ne estas RFC-2440-þlosilo - ignorita\n"
+
+#, fuzzy
+#~ msgid " (default)"
+#~ msgstr "malæifri datenojn (implicita elekto)"
+
+#~ msgid "%s%c %4u%c/%08lX created: %s expires: %s"
+#~ msgstr "%s%c %4u%c/%08lX kreita: %s eksvalidiøos: %s"
+
+#~ msgid "Policy: "
+#~ msgstr "Gvidlinio: "
+
+#~ msgid "can't get key from keyserver: %s\n"
+#~ msgstr "ne povas akiri þlosilon de þlosilservilo: %s\n"
+
+#~ msgid "success sending to `%s' (status=%u)\n"
+#~ msgstr "sukceso dum sendo al '%s' (statuso=%u)\n"
+
+#~ msgid "failed sending to `%s': status=%u\n"
+#~ msgstr "malsukceso dum sendo al '%s': statuso=%u\n"
+
+#~ msgid "can't search keyserver: %s\n"
+#~ msgstr "ne povas seræi æe þlosilservilo: %s\n"
+
+#, fuzzy
+#~ msgid ""
+#~ "key %08lX: this is a PGP generated ElGamal key which is NOT secure for "
+#~ "signatures!\n"
+#~ msgstr ""
+#~ "æi tio estas PGP-kreita ElGamal-þlosilo, kiu NE estas sekura por "
+#~ "subskribado!\n"
+
+#, fuzzy
+#~ msgid ""
+#~ "key %08lX has been created %lu second in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "þlosilo estis kreita %lu sekundon en la estonteco (tempotordo aý "
+#~ "horloøeraro)\n"
+
+#, fuzzy
+#~ msgid ""
+#~ "key %08lX has been created %lu seconds in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "þlosilo estis kreita %lu sekundojn en la estonteco (tempotordo aý "
+#~ "horloøeraro)\n"
+
+#, fuzzy
+#~ msgid "key %08lX marked as ultimately trusted\n"
+#~ msgstr "þlosilo markita kiel absolute fidata.\n"
+
+#~ msgid "checking at depth %d signed=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+#~ msgstr ""
+#~ "kontrolas æe profundo %d subskribita=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%"
+#~ "d\n"
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the digital signature algorithm which can only be used\n"
+#~ "for signatures. This is the suggested algorithm because verification of\n"
+#~ "DSA signatures are much faster than those of ElGamal.\n"
+#~ "\n"
+#~ "ElGamal is an algorithm which can be used for signatures and encryption.\n"
+#~ "OpenPGP distinguishs between two flavors of this algorithms: an encrypt "
+#~ "only\n"
+#~ "and a sign+encrypt; actually it is the same, but some parameters must be\n"
+#~ "selected in a special way to create a safe key for signatures: this "
+#~ "program\n"
+#~ "does this but other OpenPGP implementations are not required to "
+#~ "understand\n"
+#~ "the signature+encryption flavor.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of "
+#~ "signing;\n"
+#~ "this is the reason why the encryption only ElGamal key is not available "
+#~ "in\n"
+#~ "this menu."
+#~ msgstr ""
+#~ "Elektu la uzotan metodon.\n"
+#~ "\n"
+#~ "DSA (alinome DSS) estas la subskrib-metodo uzebla nur por subskribado.\n"
+#~ "Æi tio estas la rekomendata metodo, æar kontrolado æe DSA-subskriboj\n"
+#~ "estas multe pli rapida ol æe ElGamal.\n"
+#~ "\n"
+#~ "ElGamal estas metodo uzebla kaj por subskribado kaj por æifrado.\n"
+#~ "OpenPGP distingas inter du specoj de æi tiu metodo: nuræifra, kaj\n"
+#~ "subskriba-kaj-æifra; efektive temas pri la sama, sed iuj parametroj\n"
+#~ "devas esti elektitaj en speciala maniero por krei sekuran þlosilon\n"
+#~ "por subskribado: æi tiu programo faras tion, sed aliaj OpenPGP-\n"
+#~ "programoj ne devas kompreni la subskriban-kaj-æifran specon.\n"
+#~ "\n"
+#~ "La unua (æefa) þlosilo devas esti þlosilo uzebla por subskribado;\n"
+#~ "tial la nuræifra ElGamal-þlosilo ne estas proponata en æi tiu menuo."
+
+#~ msgid ""
+#~ "Although these keys are defined in RFC2440 they are not suggested\n"
+#~ "because they are not supported by all programs and signatures created\n"
+#~ "with them are quite large and very slow to verify."
+#~ msgstr ""
+#~ "Kvankam æi tiuj þlosiloj estas difinitaj en RFC 2440, ili ne estas\n"
+#~ "rekomendataj, æar ili ne estas komprenataj de æiuj programoj, kaj\n"
+#~ "subskriboj kreitaj per ili etas iom grandaj kaj malrapide kontroleblaj."
+
+#~ msgid "%lu keys so far checked (%lu signatures)\n"
+#~ msgstr "%lu þlosiloj jam kontrolitaj (%lu subskriboj)\n"
+
+#, fuzzy
+#~ msgid "key %08lX incomplete\n"
+#~ msgstr "þlosilo %08lX: mankas uzantidentigilo\n"
+
+#, fuzzy
+#~ msgid "quit|quit"
+#~ msgstr "fini"
+
+#~ msgid " (%d) ElGamal (sign and encrypt)\n"
+#~ msgstr " (%d) ElGamal (subskribi kaj æifri)\n"
+
+#, fuzzy
+#~ msgid "Create anyway? "
+#~ msgstr "Æu tamen uzi æi tiun þlosilon? "
+
+#, fuzzy
+#~ msgid "invalid symkey algorithm detected (%d)\n"
+#~ msgstr "nevalida kompendi-metodo '%s'\n"
+
+#~ msgid "The use of this algorithm is deprecated - create anyway? "
+#~ msgstr "Uzado de æi tiu algoritmo estas malrekomendata - æu tamen krei? "
+
+#, fuzzy
+#~ msgid ""
+#~ "you have to start GnuPG again, so it can read the new configuration file\n"
+#~ msgstr ""
+#~ "vi devas restartigi GnuPG, por ke øi povu legi la novan opcio-dosieron\n"
+
+#~ msgid "changing permission of `%s' failed: %s\n"
+#~ msgstr "þanøo de permesoj de '%s' malsukcesis: %s\n"
+
+#~ msgid " Fingerprint:"
+#~ msgstr " Fingrospuro:"
+
+#~ msgid "|NAME=VALUE|use this notation data"
+#~ msgstr "|NOMO=VALORO|uzi æi tiun notacian datenon"
+
+#~ msgid ""
+#~ "the first character of a notation name must be a letter or an underscore\n"
+#~ msgstr "la unua signo de notacia nomo devas esti litero aý substreko\n"
+
+#~ msgid "dots in a notation name must be surrounded by other characters\n"
+#~ msgstr "punktoj en notacia nomo devas esti inter aliaj signoj\n"
+
+#~ msgid ""
+#~ "WARNING: This key already has a photo ID.\n"
+#~ " Adding another photo ID may confuse some versions of PGP.\n"
+#~ msgstr ""
+#~ "AVERTO: Æi tiu þlosilo jam havas foto-identigilon.\n"
+#~ " Aldono de alia foto-identigilo eble konfuzos iujn versiojn de "
+#~ "PGP.\n"
+
+#~ msgid "You may only have one photo ID on a key.\n"
+#~ msgstr "Eblas havi nur unu foto-identigilon sur þlosilo.\n"
+
+#~ msgid "Do you really need such a large keysize? "
+#~ msgstr "Æu vi vere bezonas tiom grandan þlosilgrandon? "
+
+#~ msgid "key %08lX: our copy has no self-signature\n"
+#~ msgstr "þlosilo %08lX: nia kopio ne havas mem-subskribon\n"
+
+#~ msgid " Are you sure you still want to sign it?\n"
+#~ msgstr " Æu vi estas certa, ke vi ankoraý volas subskribi øin?\n"
+
+#~ msgid " signed by %08lX at %s\n"
+#~ msgstr " subskribita per %08lX je %s\n"
+
+#~ msgid "--delete-secret-key user-id"
+#~ msgstr "--delete-secret-key uzantidentigilo"
+
+#~ msgid "--delete-key user-id"
+#~ msgstr "--delete-key uzantidentigilo"
+
+#~ msgid "skipped: public key already set with --encrypt-to\n"
+#~ msgstr "ignorita: publika þlosilo jam difinita per --encrypt-to\n"
+
+#~ msgid "sSmMqQ"
+#~ msgstr "iImMfF"
+
+#~ msgid "|[NAMES]|check the trust database"
+#~ msgstr "|[NOMOJ]|kontroli la fido-datenaron"
+
+#~ msgid ""
+#~ "Could not find a valid trust path to the key. Let's see whether we\n"
+#~ "can assign some missing owner trust values.\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Ne povis trovi validan fidovojon al la þlosilo. Ni vidu, æu eblas\n"
+#~ "atribui iujn mankantajn posedantofido-valorojn.\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "No path leading to one of our keys found.\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Nenia vojo trovita, kiu kondukas al unu el niaj þlosiloj.\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "No trust values changed.\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Neniuj fidovaloroj þanøitaj.\n"
+#~ "\n"
+
+#~ msgid "%08lX: no info to calculate a trust probability\n"
+#~ msgstr "%08lX: mankas informoj por kalkuli fidovaloron\n"
+
+#~ msgid "%s: error checking key: %s\n"
+#~ msgstr "%s: eraro dum kontrolo de þlosilo: %s\n"
+
+#~ msgid "too many entries in unk cache - disabled\n"
+#~ msgstr "tro da registroj en unk-staplo - malþaltas\n"
+
+#~ msgid "assuming bad MDC due to an unknown critical bit\n"
+#~ msgstr "supozas malbonan sigelon (MDC) pro nekonata \"critical bit\"\n"
+
+#~ msgid "error reading dir record for LID %lu: %s\n"
+#~ msgstr "eraro dum legado de dosieruja registro por LID %lu: %s\n"
+
+#~ msgid "lid %lu: expected dir record, got type %d\n"
+#~ msgstr "lid %lu: atendis dosierujan registron, trovis specon %d\n"
+
+#~ msgid "no primary key for LID %lu\n"
+#~ msgstr "mankas æefa þlosilo por LID %lu\n"
+
+#~ msgid "error reading primary key for LID %lu: %s\n"
+#~ msgstr "eraro dum legado de æefa þlosilo por LID %lu: %s\n"
+
+#~ msgid "key %08lX: query record failed\n"
+#~ msgstr "þlosilo %08lX: peto-registro malsukcesis\n"
+
+#~ msgid "key %08lX: already in trusted key table\n"
+#~ msgstr "þlosilo %08lX: jam en tabelo de fidataj þlosiloj\n"
+
+#~ msgid "NOTE: secret key %08lX is NOT protected.\n"
+#~ msgstr "NOTO: sekreta þlosilo %08lX NE estas protektita.\n"
+
+#~ msgid "key %08lX: secret and public key don't match\n"
+#~ msgstr "þlosilo %08lX: sekreta kaj publika þlosiloj ne kongruas\n"
+
+#~ msgid "key %08lX.%lu: Good subkey binding\n"
+#~ msgstr "þlosilo %08lX.%lu: Bona subþlosila bindado\n"
+
+#~ msgid "key %08lX.%lu: Invalid subkey binding: %s\n"
+#~ msgstr "þlosilo %08lX.%lu: Nevalida subþlosila bindado: %s\n"
+
+#~ msgid "key %08lX.%lu: Valid key revocation\n"
+#~ msgstr "þlosilo %08lX.%lu: Valida þlosilrevoko\n"
+
+#~ msgid "key %08lX.%lu: Invalid key revocation: %s\n"
+#~ msgstr "þlosilo %08lX.%lu: Nevalida þlosilrevoko: %s\n"
+
+#~ msgid "Good self-signature"
+#~ msgstr "Bona mem-subskribo"
+
+#~ msgid "Invalid self-signature"
+#~ msgstr "Nevalida mem-subskribo"
+
+#~ msgid "Valid user ID revocation skipped due to a newer self signature"
+#~ msgstr "Valida uzantidentigil-revoko ignorita pro pli nova mem-subskribo"
+
+#~ msgid "Valid user ID revocation"
+#~ msgstr "Valida uzantidentigil-revoko"
+
+#~ msgid "Invalid user ID revocation"
+#~ msgstr "Nevalida uzantidentigil-revoko"
+
+#~ msgid "Invalid certificate revocation"
+#~ msgstr "Nevalida atestilrevoko"
+
+#~ msgid "sig record %lu[%d] points to wrong record.\n"
+#~ msgstr "subskribo-registro %lu[%d] montras al maløusta registro.\n"
+
+#~ msgid "tdbio_search_dir failed: %s\n"
+#~ msgstr "tdbio_search_dir malsukcesis: %s\n"
+
+#~ msgid "lid ?: insert failed: %s\n"
+#~ msgstr "lid ?: enþovo malsukcesis: %s\n"
+
+#~ msgid "lid %lu: insert failed: %s\n"
+#~ msgstr "lid %lu: enþovo malsukcesis: %s\n"
+
+#~ msgid "lid %lu: inserted\n"
+#~ msgstr "lid %lu: enþovita\n"
+
+#~ msgid "\t%lu keys inserted\n"
+#~ msgstr "\t%lu þlosiloj enþovitaj\n"
+
+#~ msgid "lid %lu: dir record w/o key - skipped\n"
+#~ msgstr "lid %lu: dosieruja registro sen þlosilo - ignorita\n"
+
+#~ msgid "\t%lu due to new pubkeys\n"
+#~ msgstr "\t%lu pro novaj publikaj þlosiloj\n"
+
+#~ msgid "\t%lu keys updated\n"
+#~ msgstr "\t%lu þlosiloj aktualigitaj\n"
+
+#~ msgid "Ooops, no keys\n"
+#~ msgstr "Hu, mankas þlosiloj\n"
+
+#~ msgid "Ooops, no user IDs\n"
+#~ msgstr "Hu, mankas uzantidentigiloj\n"
+
+#~ msgid "check_trust: search dir record failed: %s\n"
+#~ msgstr "check_trust: seræo pri dosieruja registro malsukcesis: %s\n"
+
+#~ msgid "key %08lX: insert trust record failed: %s\n"
+#~ msgstr "þlosilo %08lX: enþovo de fidoregistro malsukcesis: %s\n"
+
+#~ msgid "key %08lX.%lu: inserted into trustdb\n"
+#~ msgstr "þlosilo %08lX.%lu: enþovis en fido-datenaron\n"
+
+#~ msgid "key %08lX.%lu: created in future (time warp or clock problem)\n"
+#~ msgstr ""
+#~ "þlosilo %08lX.%lu: kreita en la estonteco (tempotordo aý horloøeraro)\n"
+
+#~ msgid "key %08lX.%lu: expired at %s\n"
+#~ msgstr "þlosilo %08lX.%lu: eksvalidiøis je %s\n"
+
+#~ msgid "key %08lX.%lu: trust check failed: %s\n"
+#~ msgstr "þlosilo %08lX.%lu: fido-kontrolo malsukcesis: %s\n"
+
+#~ msgid "user '%s' not found: %s\n"
+#~ msgstr "uzanto '%s' ne trovita: %s\n"
+
+#~ msgid "problem finding '%s' in trustdb: %s\n"
+#~ msgstr "problemo dum trovo de '%s' en fido-datenaro: %s\n"
+
+#~ msgid "user '%s' not in trustdb - inserting\n"
+#~ msgstr "uzanto '%s' ne estas en fido-datenaro - enþovas\n"
+
+#~ msgid "too many random bits requested; the limit is %d\n"
+#~ msgstr "tro da stokastaj bitoj petitaj; la limo estas %d\n"
+
+#~ msgid "For info see http://www.gnupg.org"
+#~ msgstr "Por informoj vidu http://www.gnupg.org"
+
+#~ msgid "Do you really want to create a sign and encrypt key? "
+#~ msgstr "Æu vi vere volas krei subskriban kaj æifran þlosilon? "
+
+#~ msgid "can't lock keyring `%s': %s\n"
+#~ msgstr "ne povas þlosi la þlosilaron '%s': %s\n"
+
+#~ msgid "WARNING: can't yet handle long pref records\n"
+#~ msgstr "AVERTO: ne povas trakti longajn preferoregistrojn\n"
+
+#~ msgid "%s: can't create keyring: %s\n"
+#~ msgstr "%s: ne povas krei þlosilaron: %s\n"
+
+#~ msgid "RSA key cannot be used in this version\n"
+#~ msgstr "RSA-þlosilo ne estas uzebla kun æi tiu versio\n"
+
+#~ msgid "No key for user ID\n"
+#~ msgstr "Mankas þlosilo por uzantidentigilo\n"
+
+#~ msgid "no secret key for decryption available\n"
+#~ msgstr "mankas sekreta þlosilo por malæifrado\n"
diff --git a/po/es.gmo b/po/es.gmo
new file mode 100644
index 0000000..8268436
--- /dev/null
+++ b/po/es.gmo
Binary files differ
diff --git a/po/es.po b/po/es.po
new file mode 100644
index 0000000..2b93908
--- /dev/null
+++ b/po/es.po
@@ -0,0 +1,10178 @@
+# Mensajes en español para GnuPG.
+# Copyright (C) 1998, 1999, 2001, 2002 Free Software Foundation, Inc.
+# Urko Lusa <ulusa@euskalnet.net>, 1998, 1999.
+# I've tried to mantain the terminology used by Armando Ramos
+# <armando@clerval.org> in his PGP 2.3.6i translation.
+# I also got inspiration from it.po by Marco d'Itri <md@linux.it>
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 2.0.9\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2008-12-14 19:34+0100\n"
+"Last-Translator: Jaime Suárez <jaime.suma@gmail.com>\n"
+"Language-Team: Spanish <es@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-1\n"
+"Content-Transfer-Encoding: 8bit\n"
+"plural: Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: agent/call-pinentry.c:244
+#, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "no pude conseguir el bloqueo de entrada de pin: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr "Calidad:"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr "barra de calidad, entrada de pin"
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+"Por favor introduzca su PIN para desbloquear la clave secreta de esta sesión"
+
+#: agent/call-pinentry.c:719
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+"Por favor introduzca la frase contraseña para desbloquear la clave secreta "
+"de esta sesión"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr "SETERROR %s (intento %d de %d)"
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+msgid "PIN too long"
+msgstr "PIN demasiado largo"
+
+#: agent/call-pinentry.c:800
+msgid "Passphrase too long"
+msgstr "Frase contraseña demasiado larga"
+
+#: agent/call-pinentry.c:808
+msgid "Invalid characters in PIN"
+msgstr "Caracteres inválidos en el PIN"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr "PIN demasiado corto"
+
+#: agent/call-pinentry.c:825
+msgid "Bad PIN"
+msgstr "PIN incorrecto"
+
+# ¿Por qué no frase de paso?
+# Porque todo el mundo sabe lo que es una contraseña
+# y una "frase de paso" no. Soy consciente de que se
+# traduce igual password y passphrase pero el contexto
+# permite saber de lo que se está hablando.
+# No sé, no sé.
+# ¿Por qué los ingleses entonces sí que saben lo que es un "passphrase"?
+# ¿Es que son más listos? :-)
+#
+#: agent/call-pinentry.c:826
+msgid "Bad Passphrase"
+msgstr "Frase contraseña errónea"
+
+# ¿Por qué no frase de paso?
+# Porque todo el mundo sabe lo que es una contraseña
+# y una "frase de paso" no. Soy consciente de que se
+# traduce igual password y passphrase pero el contexto
+# permite saber de lo que se está hablando.
+# No sé, no sé.
+# ¿Por qué los ingleses entonces sí que saben lo que es un "passphrase"?
+# ¿Es que son más listos? :-)
+#
+#: agent/call-pinentry.c:863
+msgid "Passphrase"
+msgstr "Frase contraseña"
+
+#: agent/command-ssh.c:531
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "no pueden usarse claves ssh de más de %d bits\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "no se puede crear %s: %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "no se puede abrir `%s': %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "error obteniendo el número de serie de la tarjeta: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr "detectada tarjeta con S/N: %s\n"
+
+#: agent/command-ssh.c:1717
+#, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr ""
+"error obteniendo ID de la clave por defecto para autenticaren la tarjeta: %"
+"s\n"
+
+#: agent/command-ssh.c:1737
+#, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "no se encuentra una clave de tarjeta adecuada: %s\n"
+
+#: agent/command-ssh.c:1787
+#, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "el sombreado de la clave falló: %s\n"
+
+#: agent/command-ssh.c:1802
+#, c-format
+msgid "error writing key: %s\n"
+msgstr "error escribiendo clave: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Por favor introduzca la frase contraseña para la clave ssh%0A %c"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+msgid "Please re-enter this passphrase"
+msgstr "Por favor vuelva a introducir frase contraseña"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"Por favor introduzca una frase contraseña para proteger la clave "
+"secretarecibida%%0A %s%%0Aen el almacen de claves del agente gpg"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr "no coincide - reinténtelo"
+
+#: agent/command-ssh.c:3054
+#, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "fallo al crear un flujo desde el socket: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+#, fuzzy
+msgid "Please insert the card with serial number"
+msgstr ""
+"Por favor retire la tarjeta actual e inserte la de número de serie:\n"
+" %.*s\n"
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+#, fuzzy
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+"Por favor retire la tarjeta actual e inserte la de número de serie:\n"
+" %.*s\n"
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr "PIN del Administrador"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr "Código de Reinicio"
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+msgid "Repeat this Reset Code"
+msgstr "Repita este Código de Reinicio"
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Repita este PIN"
+
+#: agent/divert-scd.c:290
+msgid "Repeat this PIN"
+msgstr "Repita este PIN"
+
+#: agent/divert-scd.c:295
+msgid "Reset Code not correctly repeated; try again"
+msgstr "Código de Reinicio repetido incorrectamente; inténtelo de nuevo"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "PIN repetido incorrectamente; inténtelo de nuevo"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "PIN repetido incorrectamente; inténtelo de nuevo"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "Por favor introduzca el PIN%s%s%s para desbloquear la tarjeta"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "error creando fichero temporal: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "error escribiendo en el fichero temporal: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+msgid "Enter new passphrase"
+msgstr "Introduzca nueva frase contraseña"
+
+#: agent/genkey.c:167
+msgid "Take this one anyway"
+msgstr "Tomar esta de todas formas"
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+"Aviso: ha introducido una frase contraseña insegura.%%0AUna frase contraseña "
+"debe tener al menos %u carácter."
+msgstr[1] ""
+"Aviso: ha introducido una frase contraseña insegura.%%0AUna frase contraseña "
+"debe tener al menos %u caracteres."
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+"Aviso: Ha introducido una frase contraseña insegura.%%0AUna frasecontraseña "
+"debe tener al menos %u digito o%%0Acarácter especial."
+msgstr[1] ""
+"Aviso: Ha introducido una frase contraseña insegura.%%0AUna frasecontraseña "
+"debe tener al menos %u digitos o%%0Acaracteres especiales."
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+"Aviso: ha introducido una frase contraseña insegura.%%0AUna frase contraseña "
+"no puede ser un término conocido%%0Ao ajustarse a cierto patrón."
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+"¡No ha introducido una frase contraseña!%0AnNo se permiten frases contraseña "
+"en blanco."
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+"No ha introducido una frase contraseña -¡esto es en general una mala idea!%"
+"0Apor favor confirme que no quiere ninguna protección para su clave."
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr "Sí, no se necesita protección"
+
+#: agent/genkey.c:308
+#, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr "Por favor introduzca frase contraseña para%0Aproteger su nueva clave"
+
+#: agent/genkey.c:431
+msgid "Please enter the new passphrase"
+msgstr "Por favor escriba la nueva frase contraseña"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@Opciones:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr "ejecutar en modo servidor (primer plano)"
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr "ejecutar en modo demonio (segundo plano)"
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "prolijo"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "algo más discreto"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr "salida de datos estilo sh"
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr "salida de datos estilo csh"
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+msgid "|FILE|read options from FILE"
+msgstr "|FICHERO|lee opciones desde FICHERO"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr "no independizarse de la consola"
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr "no acaparar teclado y ratón"
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+msgid "use a log file for the server"
+msgstr "usar un fichero log para el servidor"
+
+#: agent/gpg-agent.c:138
+msgid "use a standard location for the socket"
+msgstr "usar una localización estándar para el socket"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr "|PGM|usar PGM como el programa para entrada de PIN"
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr "|PGM|usar PCM como programa SCdaemon"
+
+#: agent/gpg-agent.c:145
+msgid "do not use the SCdaemon"
+msgstr "no usar SCdaemon"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr "ignorar peticiones de cambiar el TTY"
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr "ignorar peticiones de cambiar el display X"
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr "|N|los PINs en la caché expiran en N segundos"
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr "no usar el caché de PINs al firmar"
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr "permitir que los clientes marquen claves como \"fiables\""
+
+#: agent/gpg-agent.c:179
+msgid "allow presetting passphrase"
+msgstr "permitir preestablecer frase contraseña"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr "permitir emulación de ssh-agent"
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr "|FICHERO|escribir variables de entorno también en FICHERO"
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Por favor, informe de posibles \"bugs\" a <"
+
+#: agent/gpg-agent.c:342
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Uso: gpg-agent [opciones] (-h para ayuda)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+"Sintaxis: gpg-agent [opciones] [orden [argumentos]]\n"
+"Manejo de claves privadas por GnuPG\n"
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr "el nivel de depuración `%s` no es válido\n"
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr "%s es demasiado antiguo (necesita %s, tiene %s)\n"
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "NOTA: no existe el fichero de opciones predefinido `%s'\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "fichero de opciones `%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "leyendo opciones desde `%s'\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "error creando `%s': %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "no se puede crear el directorio `%s': %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr "nombre de socket demasiado largo\n"
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, c-format
+msgid "can't create socket: %s\n"
+msgstr "no se puede crear el socket: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "el nombre de socket `%s' es demasiado largo\n"
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "ya hay un agente gpg ejecutándose - no se inicia otro\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+msgid "error getting nonce for the socket\n"
+msgstr "error obteniendo valor único para el socket\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "error enlazando el socket con `%s': %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, c-format
+msgid "listen() failed: %s\n"
+msgstr "listen() falló: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, c-format
+msgid "listening on socket `%s'\n"
+msgstr "escuchando el socket `%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "directorio `%s' creado\n"
+
+#: agent/gpg-agent.c:1640
+#, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "stat() falló para `%s': %s\n"
+
+#: agent/gpg-agent.c:1644
+#, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "no puede usar `%s' como directorio personal\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "error leyendo valor único en el descriptor %d: %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr "manejador 0x%lx para descriptor %d iniciado\n"
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr "manejador 0x%lx pada descriptor %d finalizado\n"
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr "manejador ssh 0x%lx para el descriptor %d iniciado\n"
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr "manejador ssh 0x%lx para el descriptor %d finalizado\n"
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "pth_select falló: %s - espero 1s\n"
+
+# msgstr "clave %08lX: %d nuevas subclaves\n"
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, c-format
+msgid "%s %s stopped\n"
+msgstr "%s %s detenido\n"
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr "no hay un agente gpg ejecutándose en esta sesión\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "variable de entorno GPG_AGENT_INFO malformada\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "el programa no permite usar el protocolo agente gpg versión %d\n"
+
+#: agent/preset-passphrase.c:98
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Uso: gpg-preset-passphrase [opciones] KEYGRIP (-h para ayuda)\n"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+"Sintaxis: gpg-preset-passphrase [opciones] KEYGRIP\n"
+"Mantenimiento de la caché de contraseñas\n"
+
+# Órdenes, please...
+# Sí, este no he podido ser yo :-) Por cierto, ¿por qué la O no se
+# puede acentuar? ¿demasiado alta?
+# ¿Quién dice que no se puede? :-)
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Órdenes:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opciones:\n"
+" "
+
+#: agent/protect-tool.c:166
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Uso: gpg-protect-tool [opciones] (-h para ayuda)\n"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+"Sintaxis: gpg-protect-tool [opciones] [args]\n"
+"Herramienta para el mantenimiento de claves secretas\n"
+
+#: agent/protect-tool.c:1162
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Introduzca frase contraseña para desproteger el objeto PKCS#12."
+
+#: agent/protect-tool.c:1167
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Introduzca frase contraseña para proteger el nuevo objeto PKCS#12."
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+"Introduzca la frase contraseña para proteger el objeto importado en GnuPG"
+
+#: agent/protect-tool.c:1178
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+"Por favor introduzca la frase contraseña o PIN\n"
+"necesarios para completar esta operación."
+
+# ¿Por qué no frase de paso?
+# Porque todo el mundo sabe lo que es una contraseña
+# y una "frase de paso" no. Soy consciente de que se
+# traduce igual password y passphrase pero el contexto
+# permite saber de lo que se está hablando.
+# No sé, no sé.
+# ¿Por qué los ingleses entonces sí que saben lo que es un "passphrase"?
+# ¿Es que son más listos? :-)
+#
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+msgid "Passphrase:"
+msgstr "Frase contraseña:"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+msgid "cancelled\n"
+msgstr "cancelado\n"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "error pidiendo la frase contraseña: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, c-format
+msgid "error opening `%s': %s\n"
+msgstr "error abriendo `%s': %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "fichero `%s', línea %d: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr "declaración \"%s\" ignorada en `%s', línea %d\n"
+
+#: agent/trustlist.c:185
+#, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "la lista de confianza `%s' del sistema no está disponible\n"
+
+#: agent/trustlist.c:229
+#, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "huella digital incorrecta en `%s', línea %d\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr "opción de clave inválida en `%s', línea %d\n"
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "error leyendo `%s', línea %d: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr "error leyendo la lista de certificados raíz fiables\n"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+"¿Confía absolutamente en%%0A \"%s\"%%0A para certificar correctamentelos "
+"certificados de otros usuarios?"
+
+#: agent/trustlist.c:620 common/audit.c:467
+msgid "Yes"
+msgstr "Sí"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr "No"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+"Por favor verifique que el certificado identificado como:%%0A \"%s\"%%"
+"0Atiene la huella digital:%%0A %s"
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr "Correcto"
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+"Nota: Esta frase contraseña nunca ha sido cambiada.%0APor favor hágalo ahora."
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+"Esta frase contraseña no se ha cambiado%%0Adesde %.4s-%.2s-%.2s.Por favor "
+"cámbiela ahora."
+
+#: agent/findkey.c:187 agent/findkey.c:194
+msgid "Change passphrase"
+msgstr "Cambia la frase contraseña"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr "La cambiaré más tarde"
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "error creando tubería: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "no puede abrirse tubería para leer: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, c-format
+msgid "error forking process: %s\n"
+msgstr "error bifurcando procesos: %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr "fallo esperando que el proceso %d terminara: %s\n"
+
+#: common/exechelp.c:819
+#, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "error obteniendo código de finalización del proceso: %d %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "error ejecutando `%s': código de finalización %d\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr "error ejecutando `%s': probablemente no está instalado\n"
+
+#: common/exechelp.c:885
+#, c-format
+msgid "error running `%s': terminated\n"
+msgstr "error ejecutando `%s': terminado\n"
+
+#: common/http.c:1674
+#, c-format
+msgid "error creating socket: %s\n"
+msgstr "error creando socket: %s\n"
+
+#: common/http.c:1718
+msgid "host not found"
+msgstr "host no encontrado"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "el agente gpg no esta disponible en esta sesión\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "no se puede conectar con `%s': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "problema de comunicación con el agente gpg\n"
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr "problema estableciendo opciones de gpg-agent\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+msgid "canceled by user\n"
+msgstr "cancelado por el usuario\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr "problema con el agente\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "no se pueden desactivar los volcados de core: %s\n"
+
+#: common/sysutils.c:200
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "Aviso: propiedad insegura de %s \"%s\"\n"
+
+#: common/sysutils.c:232
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "Aviso: permisos inseguros en %s \"%s\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "sí|si"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "sS"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "no"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "fin"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "fF"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr "vale|Vale"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr "cancelar|Cancelar"
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr "vV"
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr "cC"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr "agotado nucleo de memoria segura reservando %lu bytes"
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr "error de memoria reservando %lu bytes"
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr "no hay gpg-agent en ejecución - inicando uno\n"
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr "no puedo conectar con el agente - intentando retirada\n"
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "importa certificado"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "importa certificado"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "importa certificado"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "importa certificado"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "importa certificado"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "importa certificado"
+
+#: common/audit.c:726
+msgid "Certificate chain available"
+msgstr "Cadena de certificados disponible"
+
+#: common/audit.c:733
+msgid "root certificate missing"
+msgstr "falta el certificado raíz"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr "Datos cifrados correctamente"
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+msgid "Data available"
+msgstr "Hay datos disponibles"
+
+#: common/audit.c:767
+msgid "Session key created"
+msgstr "Creada clave de sesión"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, c-format
+msgid "algorithm: %s"
+msgstr "algoritmo: %s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, c-format
+msgid "unsupported algorithm: %s"
+msgstr "algoritmo no disponible: %s"
+
+#: common/audit.c:778 common/audit.c:925
+msgid "seems to be not encrypted"
+msgstr "no parece que esté cifrado"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr "Número de destinatarios"
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr "Destinatario %d"
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr "Datos firmados correctamente"
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "Algoritmmo de resumen erróneo: %s"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Firma %d"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "Algoritmmo de resumen erróneo: %s"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr "Datos descifrados correctamente"
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "el algoritmo de protección %d%s no puede ser utilizado\n"
+
+#: common/audit.c:993
+msgid "Data verification succeeded"
+msgstr "Datos verificados correctamente"
+
+#: common/audit.c:1002
+msgid "Signature available"
+msgstr "Firma disponible"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "Firma interpretada correctamente"
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "Algoritmmo de resumen erróneo: %s"
+
+#: common/audit.c:1051
+#, c-format
+msgid "Signature %d"
+msgstr "Firma %d"
+
+#: common/audit.c:1079
+msgid "Certificate chain valid"
+msgstr "Cadena de certificados válida"
+
+#: common/audit.c:1090
+msgid "Root certificate trustworthy"
+msgstr "Certificado raíz fiable"
+
+#: common/audit.c:1111 sm/certchain.c:935
+msgid "no CRL found for certificate"
+msgstr "no se encuentra CRL para el certificado"
+
+#: common/audit.c:1114 sm/certchain.c:945
+msgid "the available CRL is too old"
+msgstr "el CRL disponible es demasiado antiguo"
+
+#: common/audit.c:1119
+msgid "CRL/OCSP check of certificates"
+msgstr "Comprobación CRL/OCSP de certificados"
+
+#: common/audit.c:1139
+msgid "Included certificates"
+msgstr "Certificados incluidos"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr "No auditar entradas de los logs"
+
+#: common/audit.c:1243
+msgid "Unknown operation"
+msgstr "Operación desconocida"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr "Gpg-Agent utilizable"
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr "Dirmngr utilizable"
+
+#: common/audit.c:1307
+#, c-format
+msgid "No help available for `%s'."
+msgstr "No hay ayuda disponible para `%s'."
+
+#: common/helpfile.c:80
+msgid "ignoring garbage line"
+msgstr "ignorando línea con basura"
+
+#: common/gettime.c:503
+msgid "[none]"
+msgstr "[ninguno]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "armadura: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "cabecera de armadura inválida: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "cabecera de armadura: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "cabecera de firma clara inválida\n"
+
+#: g10/armor.c:455
+msgid "unknown armor header: "
+msgstr "cabecera de armadura desconocida: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "firmas en texto claro anidadas\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "armadura inesperada: "
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "Línea con guiones inválida: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "caracter inválido radix64 %02X omitido\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "Fin de fichero prematuro (falta suma de comprobación)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "Fin de suma de comprobación prematuro\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "Suma de comprobación mal creada\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "Error en suma de comprobación: %06lX - %06lX\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "fin de fichero prematuro (en el cierre)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "error en la línea de cierre\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "no se han encontrados datos OpenPGP válidos\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "armadura incorrecta: línea más larga de %d caracteres\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"caracter \"quoted printable\" en la armadura - probablemente se usó\n"
+"un MTA defectuoso\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"un nombre de notación debe tener sólo caracteres imprimibles o espacios, y "
+"acabar con un '='\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "un nombre de notación de usuario debe contener el caracter '@'\n"
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "un nombre de notación no debe contener más de un caracter '@'\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "un valor de notación no debe usar ningún caracter de control\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "ATENCIÓN: encontrados datos de notación inválidos\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "ilegible"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "tarjeta OpenPGP no disponible: %s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "tarjeta OpenPGP num. %s detectada\n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "imposible hacer esto en modo de proceso por lotes\n"
+
+#: g10/card-util.c:106
+msgid "This command is only available for version 2 cards\n"
+msgstr "Esta orden solo está disponible en tarjetas versión 2\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+msgid "Reset Code not or not anymore available\n"
+msgstr "No hay Código de Reinicio o ya no está disponible\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Su elección: "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[no establecido]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "hombre"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "mujer"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "no especificado"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "no forzado"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "forzado"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "Error: sólo se permite ASCII sin formato actualmente.\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "Error: El caracter \"<\" no puede usarse.\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "Error: no se permiten dobles espacios.\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "Apellido del titular de la tarjeta: "
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "Nombre del titular de la tarjeta: "
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "Error: nombre combinado demasiado largo (máximo %d caracteres).\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "URL de donde recuperar la clave pública: "
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "Error: URL demasiado larga (el máximo son %d caracteres).\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "error reservando memoria: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "error leyendo `%s': %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "error escribiendo en `%s': %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "Datos de login (nombre de la cuenta): "
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "Error: el login es demasiado largo (límite de %d caracteres).\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr "Datos privados: "
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+"Error: los datos privados son demasiado largos (límite de %d caracteres).\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "Preferencias de idioma: "
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "Error: longitud de la cadena de preferencias inválida.\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Error: caracteres inválidos en cadena de preferencias.\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "Sexo ((H)ombre, (M)mujer o espacio): "
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "Error: respuesta no válida.\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "Huella dactilar CA:"
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "Error: formato inválido de huella dactilar.\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "la operación con la clave no es posible: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "no es una tarjeta OpenPGP"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "error obteniendo la información actual de la clave: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "¿Reemplazar la clave existente? (s/N) "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "¿De qué tamaño quiere la clave? (%u) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "¿De qué tamaño quiere la clave? (%u) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "¿De qué tamaño quiere la clave? (%u) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "redondeados a %u bits\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "los tamaños de claves %s deben estar en el rango %u-%u\n"
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "error enlazando el socket con `%s': %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+"¿Hacer copia de seguridad externa a la tarjeta de clave de cifrado? (S/n)"
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "clave secreta ya almacenada en una tarjeta\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "¿Reemplazar las claves existentes? (s/N) "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"Por favor observe que los valores de fábrica del PIN son\n"
+" PIN = `%s' PIN Administrador = `%s'\n"
+"Debería cambiarlos usando la orden --change-pin\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "Por favor seleccione tipo de clave que generar:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) Clave de firmado\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) Clave de cifrado\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) Clave de autentificación\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Elección inválida.\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "Por favor elija donde guardar la clave:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "algoritmo de protección de clave desconocido\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "las partes secretas de la clave no están disponibles\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "clave secreta ya almacenada en una tarjeta\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "error escribiendo clave: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "sale de este menú"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "ver órdenes de administrador"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "muestra esta ayuda"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "listar todos los datos disponibles"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "cambiar el nombre del titular de la tarjeta"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "cambiar URL de donde obtener la clave"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "recuperar la clave especificada en la URL de la tarjeta"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "cambiar nombre de usuario"
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "cambiar preferencias de idioma"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "cambiar sexo del titular de la tarjeta"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "cambiar huella dactilar de una CA"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr "cambiar estado de la opción forzar firma del PIN"
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "generar nuevas claves"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "menú para cambiar o desbloquear el PIN"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr "verificar PIN y listar todos los datos"
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr "desbloquear PIN usando Código de Reinicio"
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "Órdenes sólo de administrador\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "Se permiten órdenes de administrador\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "No se permiten órdenes de administrador\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Orden inválida (pruebe \"help\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output no funciona con esta orden\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "no se puede abrir `%s'\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "clave \"%s\" no encontrada: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "error leyendo bloque de claves: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(excepto si especifica la clave dando su huella digital)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "imposible hacer esto en modo de proceso por lotes sin \"--yes\"\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "¿Eliminar esta clave del anillo? (s/N) "
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "¡Es una clave secreta! ¿Eliminar realmente? (s/N) "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "borrado de bloque de anillo de claves fallido: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "borrada información de propietarios\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "¡hay una clave secreta para esta clave pública! \"%s\"!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "use antes la opción \"--delete-secret-key\" para borrarla.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "error creando frase contraseña: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "no puede usar un paquete simétrico ESK debido al modo S2K\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "usando cifrado %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "`%s' ya está comprimido\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "ATENCIÓN `%s' es un fichero vacío\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr "solo puede cifrar a claves RSA de 2048 bits o menos en modo --pgp2\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "leyendo desde `%s'\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"no se puede usar el algoritmo IDEA para todas las claves a las que cifra.\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"AVISO: forzar el cifrado simétrico %s (%d) viola las preferencias\n"
+"del destinatario\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"AVISO: forzar el algoritmo de compresión %s (%d) va en contra\n"
+"de las preferencias del receptor\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"forzar el cifrado simétrico %s (%d) viola las preferencias\n"
+"del destinatario\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "no puede usar %s en modo %s\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s cifrado para: \"%s\"\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "datos cifrados %s\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "cifrado con algoritmo desconocido %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"ATENCIÓN: mensaje cifrado con una clave débil en el cifrado simétrico.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "problema trabajando con un paquete cifrado\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "no es posible ejecutar programas remotos\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"llamadas a programas externos inhabilitadas por permisos inseguros de "
+"ficheros.\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"esta plataforma necesita ficheros temporales para llamar a programas "
+"externos\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "no se puede ejecutar el programa `%s': %s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "no se puede ejecutar el intérprete de órdenes `%s': %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "error del sistema llamando al programa externo: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "el programa externo finalizó anormalmente\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "no se puede ejecutar el programa externo\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "no se puede leer la respuesta del programa externo: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "AVISO: no se puede borrar fichero temporal (%s) `%s': %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "AVISO: no se puede borrar el fichero temporal `%s': %s\n"
+
+#: g10/export.c:61
+msgid "export signatures that are marked as local-only"
+msgstr "exportar firmas marcadas como sólo locales"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr "exportar el atributo ID de usuario (generalmente fotográfico)"
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "exportar claves de revocación marcadas como \"confidenciales\""
+
+#: g10/export.c:67
+msgid "remove the passphrase from exported subkeys"
+msgstr "borrar frase contraseña de las subclaves exportadas"
+
+#: g10/export.c:69
+msgid "remove unusable parts from key during export"
+msgstr "borrar partes inutilizables de la clave al exportar"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr "borrar tanto como sea posible de la clave al exportar"
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr "exportar claves en formato basado en una expresión S"
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "no se permite exportar claves secretas\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "clave %s: no protegida - omitida\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "clave %s: clave estilo PGP 2.x - omitida\n"
+
+#: g10/export.c:386
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "clave %s: material de la clave en la tarjeta - omitida\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr "a punto de exportar una subclave protegida\n"
+
+#: g10/export.c:560
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "fallo al desproteger la subclave: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "AVISO: la clave secreta %s no tiene suma de comprobación simple SK\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "ATENCIÓN: no se ha exportado nada\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "demasiados registros en la cache pk - anulada\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[ID de usuario no encontrado]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr "recuperado automáticamente `%s' vía %s\n"
+
+#: g10/getkey.c:1118
+#, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "error recuperando `%s' vía %s: %s\n"
+
+#: g10/getkey.c:1120
+msgid "No fingerprint"
+msgstr "No hay huella dactilar"
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr "Clave %s inválida hecha válida mediante --allow-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "no hay subclave secreta para la subclave pública %s - ignorada\n"
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "usando subclave %s en vez de clave primaria %s\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "clave %s: clave secreta sin clave pública - omitida\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+msgid "make a signature"
+msgstr "crea una firma"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+msgid "make a clear text signature"
+msgstr "crea una firma en texto claro"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "crea una firma separada"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "cifra datos"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "cifra sólo con un cifrado simétrico"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "descifra datos (predefinido)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "verifica una firma"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "lista claves"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "lista claves y firmas"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "lista y comprueba firmas de las claves"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "lista claves y huellas dactilares"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "lista claves secretas"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "genera un nuevo par de claves"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "genera un certificado de revocación"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "elimina claves del anillo público"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "elimina claves del anillo privado"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "firma la clave"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "firma la clave localmente"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "firma o modifica una clave"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+msgid "change a passphrase"
+msgstr "cambia una frase contraseña"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "exporta claves"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "exporta claves a un servidor de claves"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "importa claves desde un servidor de claves"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "busca claves en un servidor de claves"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "actualiza todas las claves desde un servidor de claves"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "importa/fusiona claves"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "escribir estado de la tarjeta"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "cambiar datos en la tarjeta"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "cambiar el PIN de la tarjeta"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "actualiza la base de datos de confianza"
+
+#: g10/gpg.c:436
+msgid "print message digests"
+msgstr "imprime resúmenes de mensaje"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr "ejecutar en modo servidor"
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "crea una salida ascii con armadura"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|ID-USUARIO|cifra para ID-USUARIO"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "|ID-USUARIO|usa este identificador para firmar o descifrar"
+
+#: g10/gpg.c:462
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|nivel de compresión N (0 desactiva)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "usa modo de texto canónico"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+msgid "|FILE|write output to FILE"
+msgstr "|FICHERO|volcar salida en FICHERO"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "no hace ningún cambio"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "preguntar antes de sobreescribir"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "usar estilo OpenPGP estricto"
+
+# ordenes -> órdenes
+# página man -> página de manual
+# Vale. ¿del manual mejor?
+# Hmm, no sé, en man-db se usa "de". La verdad es que no lo he pensado.
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Véase en la página del manual la lista completo de órdenes y opciones)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Ejemplos:\n"
+"\n"
+" -se -r Bob [fichero] firma y cifra para el usuario Bob\n"
+" --clearsign [fichero] hace una firma manteniendo el texto sin cifrar\n"
+" --detach-sign [fichero] hace una firma separada\n"
+" --list-keys [nombres] muestra las claves\n"
+" --fingerprint [nombres] muestra las huellas dactilares\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Uso: gpg [opciones] [ficheros] (-h para ayuda)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintaxis: gpg [opciones] [ficheros]\n"
+"firma, comprueba, cifra o descifra\n"
+"la operación por defecto depende de los datos de entrada\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Algoritmos disponibles:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Clave pública: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Cifrado: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Resumen: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Compresión: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "uso: gpg [opciones] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "órdenes incompatibles\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "no se encontró el signo = en la definición de grupo `%s'\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "AVISO: propiedad insegura del directorio personal `%s'\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "AVISO: propiedad insegura del fichero de configuración `%s'\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "AVISO: propiedad insegura de la extensión `%s'\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "AVISO: permisos inseguros del directorio personal `%s'\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "AVISO: permisos inseguros del fichero de configuración `%s'\n"
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "AVISO: permisos inseguros de la extensión `%s'\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "AVISO: propiedad insegura del directorio contenedor de `%s'\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+"AVISO: propiedad insegura del directorio contenedor del fichero de\n"
+"configuración `%s'\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+"AVISO: propiedad insegura del directorio contenedor de la extensión `%s'\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "AVISO: permisos inseguros del directorio contenedor de `%s'\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+"AVISO: permisos inseguros del directorio contenedor del fichero de\n"
+"configuración `%s'\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+"AVISO: permisos inseguros del directorio contenedor de la extensión `%s'\n"
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "artículo de configuración desconocido `%s'\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr "mostrar foto IDs al listar claves"
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr "mostrar URLS de política al listar firmas"
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr "mostrar todas las notaciones al listar firmas"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr "mostrar notaciones estándar IETF al listar firmas"
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr "mostrar notaciones personalizadas al listar firmas"
+
+#: g10/gpg.c:1711
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "mostrar URL del servidor de claves preferido al listar firmas"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr "mostrar validez de la ID de usuario al listar claves"
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr "mostar IDs de usuario revocados y caducados al listar firmas"
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr "mostrar subclaves revocadas y expiradas al listar claves"
+
+#: g10/gpg.c:1719
+msgid "show the keyring name in key listings"
+msgstr "mostrar nombre de los anillos de claves al listar claves"
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr "mostrar fechas de caducidad al listar firmas"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "NOTA: se ignora el antiguo fichero de opciones predefinidas `%s'\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr "libgcrypt demasiado antigua (necesito %s, tengo %s)\n"
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "NOTA: ¡%s no es para uso normal!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "`%s' no es una fecha de caducidad válida\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "`%s' no es un juego de caracteres válido\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "no se puede interpretar la URL del servidor de claves\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: opciones del servidor de claves inválidas\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "opciones del servidor de claves inválidas\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: opciones de importación inválidas\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "opciones de importación inválidas\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: opciones de exportación inválidas\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "opciones de exportación inválidas\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: lista de opciones inválida\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "lista de opciones inválida\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr "mostrar foto IDs al verificar firmas"
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr "mostrar URLs de política al verificar firmas"
+
+#: g10/gpg.c:2704
+msgid "show all notations during signature verification"
+msgstr "mostrar todas las notaciones al verificar firmas"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr "mostrar notaciones estándar IETF al verificar firmas"
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr "mostrar notaciones personalizadas al verificar firmas"
+
+#: g10/gpg.c:2712
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "mostrar URLs del servidor de claves preferido al verificar firmas"
+
+#: g10/gpg.c:2714
+msgid "show user ID validity during signature verification"
+msgstr "mostrar validez del ID de usuario al verificar firmas"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr "mostrar IDs de usuario revocados y caducados al verificar firmas"
+
+#: g10/gpg.c:2718
+msgid "show only the primary user ID in signature verification"
+msgstr "mostrar solo ID primario de usuario al verificar firmas"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr "validar firmas con datos PKA"
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr "aumentar confianza en las firmas con datos válidos PKA"
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: opciones de verificación inválidas\n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "opciones de verificación inválidas\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "imposible establecer camino de ejecutables %s\n"
+
+#: g10/gpg.c:2925
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: lista de auto-localización de claves inválida\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr "lista de auto-localización de claves inválida\n"
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "ATENCIÓN: ¡el programa podría volcar un fichero core!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "AVISO: %s sustituye a %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "¡%s no permitido con %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "¡%s no tiene sentido con %s!\n"
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "no se ejecutará en memoria insegura por %s\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "sólo puede hacer firmas separadas o en claro en modo --pgp2\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "no puede firmar y cifrar a la vez en modo --pgp2\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "debe usar ficheros (no tuberías) si trabaja con --pgp2 activo.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "cifrar un mensaje en modo --pgp2 requiere el algoritmo IDEA\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "el algoritmo de cifrado seleccionado es inválido\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "el algoritmo de resumen seleccionado no inválido\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "el algoritmo de compresión seleccionado es inválido\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "el algoritmo de certificación por resumen elegido es inválido\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed debe ser mayor que 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed debe ser mayor que 1\n"
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth debe estar en el rango de 1 a 255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "default-cert-level inválido; debe ser 0, 1, 2, ó 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "min-cert-level inválido; debe ser 0, 1, 2, ó 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "NOTA: el modo S2K simple (0) no es nada recomendable\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "modo S2K incorrecto; debe ser 0, 1 o 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "preferencias por defecto inválidas\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "preferencias personales de cifrado inválidas\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "preferencias personales de algoritmo de resumen inválidas\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "preferencias personales de compresión inválidas\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s aún no funciona con %s\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "no puede usar el cifrado `%s' en modo %s\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "no puede usar el resumen `%s' en modo %s\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "no puede usar la compresión `%s' en modo %s\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "inicialización de la base de datos de confianza fallida: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr "AVISO: se indicaron receptores (-r) sin clave pública de cifrado\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [nombre_fichero]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [nombre_fichero]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "el cifrado simétrico de `%s' falló: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [nombre_fichero]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [nombre_fichero]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr "no puede usar --symetric --encrypt con --s2k-mode 0\n"
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "no puede usar --symetric --encrypt en modo %s\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [nombre_fichero]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [nombre_fichero]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [nombre_fichero]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr "no puede usar --symetric --sign --encrypt con --s2k-mode 0\n"
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "no puede usar --symmetric --sign --encrypt en modo %s\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [nombre_fichero]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [nombre_fichero]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [nombre_fichero]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key id-usuario"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key id-usuario"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key id-usuario [órdenes]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key id-usuario"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "envío al servidor de claves fallido: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "recepción del servidor de claves fallida: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "exportación de clave fallida: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "búsqueda del servidor de claves fallida: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "renovación al servidor de claves fallida: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "eliminación de armadura fallida: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "creación de armadura fallida: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "algoritmo de distribución inválido `%s'\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[nombre_fichero]"
+
+# Falta un espacio.
+# En español no se deja espacio antes de los puntos suspensivos
+# (Real Academia dixit) :)
+# Tomo nota :-). Este comentario déjalo siempre.
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Adelante, teclee su mensaje...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "URL de política de certificado inválida\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "URL de política inválida\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "la URL del servidor de claves preferido no es válida\n"
+
+#: g10/gpgv.c:74
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "|FICHERO|tomar las claves del anillo FILE"
+
+# o tal vez "en el sello..."
+# Creo que es mejor "con el sello de fecha", no es un conflicto
+# del sello en si mismo sino en relación con el mensaje.
+# Ok.
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "hacer que los conflictos de fecha-hora sean sólo un aviso"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|DF|escribe información de estado en este descriptor de fichero"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Uso: gpgv [opciones] [ficheros] (-h para ayuda)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Sintaxis: gpg [opciones] [ficheros]\n"
+"Confrontar las firmas contra claves conocidas\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Ayuda no disponible"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "No hay ayuda disponible para `%s'"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr "importar firmas marcadas como sólo locales"
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr "reparar daño del servidor de claves públicas al importar"
+
+#: g10/import.c:98
+msgid "do not update the trustdb after import"
+msgstr "no actualiza la base de datos de confianza después de importar"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr "crear una clave pública al importar una clave secreta"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr "sólo aceptar actualizaciones de claves ya existentes"
+
+#: g10/import.c:104
+msgid "remove unusable parts from key after import"
+msgstr "borrar partes inútiles de la clave después de importar"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr "borrar tanto como sea posible de la clave tras importar"
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "omitiendo bloque de tipo %d\n"
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu claves procesadas hasta ahora\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Cantidad total procesada: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " omitidas nuevas claves: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " sin identificador: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importadas: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " sin cambios: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " nuevos identificativos: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " nuevas subclaves: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " nuevas firmas: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " nuevas revocaciones de claves: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " claves secretas leídas: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " claves secretas importadas: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr "claves secretas sin cambios: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " no importadas: %lu\n"
+
+#: g10/import.c:323
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " firmas limpiadas: %lu\n"
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " IDs de usuario limpiados: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+"AVISO: la clave %s contiene preferencias para algoritmos\n"
+"no disponibles en estos IDs de usuario:\n"
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " \"%s\": algoritmo de cifrado preferido %s\n"
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " \"%s\": algoritmo de resumen preferido %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " \"%s\": algoritmo de compresión preferido %s\n"
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "se recomienda encarecidamente que actualice sus preferencias y\n"
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+"re-dustribuya esta clave para evitar potenciales problemas de\n"
+"diferencias en los algoritmos.\n"
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+"puede actualizar sus preferencias con: gpg --edit-key %s updpref save\n"
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "clave %s: sin identificador de usuario\n"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "clave %s: reparada la subclave PKS corrompida\n"
+
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "clave %s: aceptado ID de usuario sin autofirma \"%s\"\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "clave %s: sin identificadores de usuario válidos\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "esto puede ser debido a la ausencia de autofirma\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "clave %s: clave pública no encontrada: %s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "clave %s: clave nueva - omitida\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "anillo de claves no escribible encontrado: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "escribiendo en `%s'\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "error escribiendo anillo `%s': %s\n"
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "clave %s: clave pública \"%s\" importada\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "clave %s: no coincide con nuestra copia\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "clave %s: no puede localizarse el bloque de claves original: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "clave %s: no puede leerse el bloque de claves original: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "clave %s: \"%s\" 1 ID de usuario nuevo\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "clave %s: \"%s\" %d nuevos identificadores de usuario\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "clave %s: \"%s\" 1 firma nueva\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "clave %s: \"%s\" %d firmas nuevas\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "clave %s: \"%s\" 1 subclave nueva\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "clave %s: \"%s\" %d subclaves nuevas\n"
+
+#: g10/import.c:980
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "clave %s: \"%s\" %d firmas limpiadas\n"
+
+#: g10/import.c:983
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "clave %s: \"%s\" %d firmas limpiadas\n"
+
+#: g10/import.c:986
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "clave %s: \"%s\" %d identificador de usuario limpiado\n"
+
+#: g10/import.c:989
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "clave %s: \"%s\" %d identificadores de usuario limpiados\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "clave %s: \"%s\" sin cambios\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "clave %s: clave secreta con cifrado inválido %d - omitida\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "no se permite importar claves secretas\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "no hay anillo secreto de claves por defecto: %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "clave %s: clave secreta importada\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "clave %s: ya estaba en el anillo secreto\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "clave %s: clave secreta no encontrada: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"clave %s: falta la clave pública - imposible emplear el\n"
+"certificado de revocación\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "clave %s: certificado de revocación inválido: %s - rechazado\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "clave %s: \"%s\" certificado de revocación importado\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "clave %s: no hay identificador de usuario para la firma\n"
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr "clave %s: algoritmo de clave pública no disponible para ID \"%s\"\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "clave %s: autofirma inválida para el id \"%s\"\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "clave %s: algoritmo de clave pública no disponible\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "clave %s: firma directa de clave añadida\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "clave %s: no hay subclave que unir a la clave\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "clave %s: unión de subclave inválida\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "clave %s: borrado enlace de subclaves múltiples\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "clave %s: no hay subclave para la revocación de clave\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "clave %s: revocación de subclave inválida\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "clave %s: borrada revocación de subclave múltiple\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "clave %s: omitido ID de usuario \"%s\"\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "clave %s: subclave omitida\n"
+
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "clave %s: firma no exportable (clase 0x%02x) - omitida\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "clave %s: certificado de revocación en lugar equivocado - omitido\n"
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "clave %s: certificado de revocación no valido: %s - omitido\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "clave %s: firma de subclave en lugar equivocado - omitida\n"
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "clave %s: firma de clase (0x%02x) inesperada - omitida\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "clave %s: detectado usuario duplicado - fusionada\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"AVISO: la clave %s puede estar revocada: recuperando clave de revocación %s\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"AVISO: la clave %s puede estar revocada: falta clave de revocación %s.\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "clave %s: \"%s\" certificado de revocación añadido\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "clave %s: firma directa de clave añadida\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "NOTA: un S/N de la clave no coincide con la de la tarjeta\n"
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "NOTA: clave primaria en línea y almacenada en la tarjeta\n"
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "NOTA: clave secundaria en línea y almacenada en la tarjeta\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "error escribiendo anillo `%s': %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "anillo `%s' creado\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "recurso de bloque de claves: `%s': %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "fallo reconstruyendo caché del anillo de claves: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[revocación]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[autofirma]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 firma incorrecta\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d firmas incorrectas\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 firma no comprobada por falta de clave\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d firmas no comprobadas por falta de clave\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 firma no comprobada por causa de un error\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d firmas no comprobadas por errores\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "Detectado 1 identificador de usuario sin autofirma válida\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "Detectados %d identificadores de usuario sin autofirma válida\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Por favor, decida su nivel de confianza en que este usuario\n"
+"verifique correctamente las claves de otros usuarios (mirando\n"
+"pasaportes, comprobando huellas dactilares en diferentes fuentes...)\n"
+"\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Confío un poco\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Confío totalmente\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"Por favor, introduzca el nivel de esta firma de confianza.\n"
+"Un nivel mayor que 1 permite que la clave que está firmando pueda\n"
+"hacer firmas de confianza en su nombre.\n"
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr "Introduzca un dominio para restringir esta firma, o intro para nada.\n"
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "ID de usuario \"%s\" revocado."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "¿Seguro que todavía quiere firmarlo? (s/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Imposible firmar.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "ID de usuario \"%s\" expirado."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "ID de usuario \"%s\" no tiene autofirma."
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "ID de usuario \"%s\" puede firmarse."
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr "¿Firmarlo? (s/N) "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"La autofirma en \"%s\"\n"
+"es una firma de tipo PGP 2.x.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Quiere convertirla en una autofirma OpenPGP? (s/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Su firma actual en \"%s\"\n"
+"ha expirado.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "¿Quiere producir una nueva firma que reemplace a la expirada? (s/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Su firma actual en \"%s\"\n"
+"es una firma local.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "Quiere convertirla en una clave totalmente exportable? (s/N) "
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" ya estaba firmada localmente por la clave %s\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" ya estaba firmada por la clave %s\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "¿Quiere firmarlo aún así? (s/N) "
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Nada que firmar con la clave %s\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "¡Esta clave ha caducado!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Esta clave expirará el %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "¿Quiere que su firma caduque al mismo tiempo? (S/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"No puede hacer una firma OpenPGP de una clave PGP 2.x estando en modo --"
+"pgp2.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Esto inutilizaría la clave en PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"¿Cómo de cuidadosamente ha verificado que la clave que está a punto de\n"
+"firmar pertenece realmente a la persona arriba nombrada? Si no sabe que\n"
+"contestar, introduzca \"0\".\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) No contesto.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) No lo he comprobado en absoluto.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) He hecho una comprobación informal.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Lo he comprobado meticulosamente.%s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr "¿Su elección? (escriba '?' si desea más información): "
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"¿Está realmente seguro de querer firmar esta clave\n"
+"con su clave: \"%s\" (%s)?\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "Esto será una autofirma.\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr "ATENCION: la firma no se marcará como no exportable.\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr "AVISO: la firma no se marcará como no revocable.\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "La firma se marcará como no exportable.\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "La firma se marcará como no revocable.\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "No he comprobado esta clave en absoluto.\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "He comprobado esta clave informalmente.\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "He comprobado esta clave meticulosamente.\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "¿Firmar de verdad? (s/N) "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "firma fallida: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+"La clave tiene sólo un apuntador u objetos de clave en la propia tarjeta\n"
+"- no hay frase contraseña que cambiar.\n"
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Esta clave no está protegida.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Las partes secretas de la clave primaria no están disponibles.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Las partes secretas de la clave primaria se guardan en la tarjeta.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "La clave está protegida.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "No puede editarse esta clave: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Introduzca la nueva frase contraseña para esta clave secreta.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "frase contraseña repetida incorrectamente; inténtelo de nuevo"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"No ha especificado frase contraseña. Esto es probablemente una *mala* idea.\n"
+"\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "¿Realmente quiere hacer esto? (s/N) "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "moviendo la firma de la clave al lugar correcto\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "graba y sale"
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr "muestra huella dactilar de la clave"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "lista clave e identificadores de usuario"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "selecciona identificador de usuario N"
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr "selecciona subclave N"
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr "comprueba firmas"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr "firmar IDs seleccionadas [* ver debajo órdenes relacionadas]"
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr "firma localmente los IDs de usuarios elegidos"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr "firmar IDs seleccionados con firma de confianza"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr "firmar IDs seleccionados con firma no revocable"
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "añadir un identificador de usuario"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "añadir un ID fotográfico"
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr "borrar identificadores de usuario seleccionados"
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr "añadir una subclave"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr "añadir clave a tarjeta"
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr "mover una clave a la tarjeta"
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr "mover una clave de respaldo a la tarjeta"
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr "borrar clave secundaria"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "añadir una clave de revocación"
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr "borrar firmas de los ID seleccionados"
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "cambiar la fecha de caducidad para la clave o subclaves seleccionadas"
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr "marcar ID de usuario seleccionado como primario"
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr "cambiar entre lista de claves secretas y públicas"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "mostrar preferencias (experto)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "mostrar preferencias (prolijo)"
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr "establecer preferencias para todos los ID seleccionados"
+
+#: g10/keyedit.c:1453
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "establecer URL del servidor de claves preferido por los IDs elegidos"
+
+#: g10/keyedit.c:1455
+msgid "set a notation for the selected user IDs"
+msgstr "establecer notación para los IDs de usuario seleccionados"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "cambia la frase contraseña"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "cambia valores de confianza"
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr "revocar firmas de los identificadores seleccionados"
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr "revocar los identificadores seleccionados"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr "revoca clave o subclaves seleccionadas"
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr "habilita clave"
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr "deshabilita clave"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr "mostrar fotos de los ID seleccionados"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr "compactar IDs inutilizables y borrar firmas inutilizables de la clave"
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr "compactar IDs inutilizables y borrar todas las firmas de la clave"
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "error leyendo bloque de clave secreta \"%s\": %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Clave secreta disponible.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Se necesita la clave secreta para hacer esto.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Por favor use la orden \"cambia\" primero.\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* La orden `sign' (firmar) puede estar precedida por una 'l' para firmas\n"
+"locales (lsign), una 't' para firmas fiables (tsign), `nr' para firmas no\n"
+"revocables (nrsign) o cualquier combinación de ellas (ltsign, tnrsign, etc)\n"
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "La clave está revocada."
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "¿Firmar realmente todos los IDs de usuario? (s/N) "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Sugerencia: seleccione los identificadores de usuario que firmar\n"
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "Clase de firma desconocida `%s'\n"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Esta orden no se permite en modo %s.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Debe seleccionar por lo menos un identificador de usuario.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "¡No puede borrar el último identificador de usuario!\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "¿Borrar realmente todos los identificadores seleccionados? (s/N) "
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "¿Borrar realmente este identificador de usuario? (s/N) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+#, fuzzy
+msgid "Really move the primary key? (y/N) "
+msgstr "¿Borrar FIXME la clave primaria? (s/N)"
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "Debe seleccionar exactamente una clave.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr "La orden espera un nombre de fichero como argumento\n"
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "No se puede abrir `%s': %s\n"
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "Error leyendo clave de respaldo desde `%s': %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Debe seleccionar por lo menos una clave.\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "¿De verdad quiere borrar las claves seleccionadas? (s/N) "
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "¿De verdad quiere borrar esta clave? (s/N) "
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "¿Revocar realmente todos los identificadores seleccionados? (s/N) "
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr "¿Revocar realmente este identificador de usuario? (s/N) "
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "¿De verdad quiere revocar la clave completa? (s/N) "
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "¿De verdad quiere revocar las subclaves seleccionadas? (s/N)"
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "¿De verdad quiere revocar esta subclave? (s/N) "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+"La confianza del propietario no puede establecerse si se está usando\n"
+"una base de datos de confianza propocionada por el usuario\n"
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "Establecer lista de preferencias a:\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+"¿Actualizar realmente las preferencias para los ID seleccionados? (s/N) "
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "¿Actualizar realmente las preferencias? (s/N) "
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "¿Grabar cambios? (s/N) "
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "¿Salir sin grabar? (s/N) "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "actualización fallida: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "actualización de la clave secreta fallida: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Clave sin cambios, no se necesita actualización.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Resumen: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Características: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr "Sevidor de claves no-modificar"
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr "Servidor de claves preferido: "
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+msgid "Notations: "
+msgstr "Notaciones: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "No hay preferencias en un identificador de usuario estilo PGP 2.x\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Esta clave fue revocada en %s por %s clave %s\n"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Esta clave puede ser revocada por %s clave %s"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr "(confidencial)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "creado: %s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "revocada: %s"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "caducó: %s"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "caduca: %s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "uso: %s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr "confianza: %s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "validez: %s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Esta clave está deshabilitada"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr "num. tarjeta: "
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Por favor, advierta que la validez de clave mostrada no es necesariamente\n"
+"correcta a menos de que reinicie el programa.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "revocada"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "caducada"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"AVISO: ningún ID de usuario está marcado como principal. Esta orden puede\n"
+" causar que se tome como principal por defecto otro ID de usuario.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"AVISO: esta es una clave de tipo PGP2. Añadir un ID fotográfico puede\n"
+"hacer que algunas versiones de PGP rechacen esta clave.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "¿Está seguro de querer añadirla? (s/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "No puede añadir un ID fotográfico a una clave tipo PGP2.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "¿Borrar esta firma correcta? (s/N/q)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "¿Borrar esta firma inválida? (s/N/q)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "¿Borrar esta firma desconocida? (s/N/q)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "¿Borrar realmente esta autofirma? (s/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "%d firmas borradas.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "%d firmas borradas\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "No se borró nada\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "inválida"
+
+#: g10/keyedit.c:3357
+#, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "ID de usuario \"%s\" compactado: %s\n"
+
+#: g10/keyedit.c:3364
+#, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "ID de usuario \"%s\": %d firma borrada\n"
+
+#: g10/keyedit.c:3365
+#, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "ID de usuario \"%s\": %d firmas borradas\n"
+
+#: g10/keyedit.c:3373
+#, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "ID de usuario \"%s\": ya minimizado\n"
+
+#: g10/keyedit.c:3374
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "ID de usuario \"%s\" ya limpiado\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"AVISO: esta es una clave tipo PGP2. Añadir un revocador designado puede\n"
+" hacer que algunas versiones de PGP rechacen esta clave.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "No puede añadir un revocador designado a una clave tipo PGP2.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Introduzca el ID de usuario del revocador designado: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "no se puede elegir una clave tipo PGP 2.x como revocador designado\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "no puede elegir una clave como su propio revocador designado\n"
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr "esta clave ya ha sido designada como revocadora\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"¡AVISO: no podrá deshacer la elección de clave como revocador designado!\n"
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"¿Está seguro de querer elegir esta clave como revocador designado? (s/N) "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Por favor, quite las selecciones de las claves secretas.\n"
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr "Por favor, seleccione como máximo una clave secundaria.\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Cambiando fecha de caducidad de subclave.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Cambiando caducidad de clave primaria.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "No puede cambiar la fecha de caducidad de una clave v3\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "No existe la firma correspondiente en el anillo secreto\n"
+
+#: g10/keyedit.c:3800
+#, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "la subclave de firmado %s ya está certificada en cruz\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr "la subclave %s no firma y así no necesita ser certificada en cruz\n"
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Por favor seleccione exactamente un identificador de usuario.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "omitiendo autofirma V3 para el id \"%s\"\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr "Introduzca la URL de su servidor de claves preferido: "
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "¿Seguro que quiere reemplazarlo? (s/N) "
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "¿Seguro que quiere borrarlo? (s/N) "
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr "Introduzca la notación: "
+
+#: g10/keyedit.c:4471
+msgid "Proceed? (y/N) "
+msgstr "¿Continuar? (s/N) "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "No hay ningún identificador de usuario con el índice %d\n"
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "No hay ID de usuario con hash %s\n"
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "No existe una subclave con índice %d\n"
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "ID de usuario: \"%s\"\n"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "firmada con su clave %s el %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (no exportable)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Esta firma caducó el %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "¿De verdad quiere revocarla? (s/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "¿Crear un certificado de revocación para esta clave? (s/N)"
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr ""
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Ha firmado estos IDs de usuario con la clave %s:\n"
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (no revocable)"
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "revocada por la clave %s el %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Va a revocar las siguientes firmas:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "¿Crear los certificados de revocación realmente? (s/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "no hay clave secreta\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "ID de usuario \"%s\" ya ha sido revocado\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr "AVISO: un ID de usuario tiene fecha %d segundos en el futuro\n"
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "La clave %s ya ha sido revocada.\n"
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "La subclave %s ya ha sido revocada.\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "Mostrando ID fotográfico %s de tamaño %ld para la clave %s (uid %d)\n"
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "preferencia `%s' duplicada\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "demasiadas preferencias de cifrado\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "demasiadas preferencias de resumen\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "demasiadas preferencias de compresión\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "caracter inválido `%s' en cadena de preferencias\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "escribiendo firma directa\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "escribiendo autofirma\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "escribiendo la firma de comprobación de clave\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "tamaño de clave incorrecto; se usarán %u bits\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "tamaño de clave redondeado a %u bits\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+"AVISO: ciertos programas OpenPGP no usan claves DSAcon resúmenes de este "
+"tamaño\n"
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "Firma"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr "Certificar"
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "Cifrado"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "Autentificación"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr "FfCcAaSs"
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "Posibles accriones para una %s clave: "
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr "Acciones permitidas actualmente: "
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) Conmutar la capacidad de firmar\n"
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) Conmutar la capacidad de cifrado\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) Conmutar la capacidad de autentificación\n"
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) Acabado\n"
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Por favor seleccione tipo de clave deseado:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA y ElGamal (por defecto)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA y ElGamal (por defecto)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (sólo firmar)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (sólo firmar)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (sólo cifrar)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (sólo cifrar)\n"
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (permite elegir capacidades)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (permite elegir capacidades)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "las claves %s pueden tener entre %u y %u bits de longitud.\n"
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "¿De qué tamaño quiere la clave? (%u) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "¿De qué tamaño quiere la clave? (%u) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "El tamaño requerido es de %u bits\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Por favor, especifique el período de validez de la clave.\n"
+" 0 = la clave nunca caduca\n"
+" <n> = la clave caduca en n días\n"
+" <n>w = la clave caduca en n semanas\n"
+" <n>m = la clave caduca en n meses\n"
+" <n>y = la clave caduca en n años\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Por favor, especifique el período de validez de la clave.\n"
+" 0 = la clave nunca caduca\n"
+" <n> = la clave caduca en n días\n"
+" <n>w = la clave caduca en n semanas\n"
+" <n>m = la clave caduca en n meses\n"
+" <n>y = la clave caduca en n años\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "¿Validez de la clave (0)? "
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Clave válida ¿durante? (%s) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "valor inválido\n"
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr "La clave nunca caduca\n"
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr "La firma nunca caduca\n"
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "La clave caduca %s\n"
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "La firma caduca el %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Su sistema no puede mostrar fechas más allá del 2038.\n"
+"Sin embargo funcionará correctamente hasta el 2106.\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "¿Es correcto? (s/n) "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+"\n"
+"GnuPG debe construir un ID de usuario para identificar su clave.\n"
+"\n"
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Necesita un identificador de usuario para identificar su clave. El programa\n"
+"construye el identificador a partir del Nombre Real, Comentario y Dirección\n"
+"de Correo Electrónico de esta forma:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Nombre y apellidos: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Caracter inválido en el nombre\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "El nombre no puede empezar con un número\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "El nombre debe tener al menos 5 caracteres\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Dirección de correo electrónico: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Dirección inválida\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Comentario: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Caracter inválido en el comentario\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Está usando el juego de caracteres `%s'.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Ha seleccionado este ID de usuario:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr ""
+"Por favor no ponga la dirección de correo-e en el nombre real o en el "
+"comentario\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcDdVvSs"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "¿Cambia (N)ombre, (C)omentario, (D)irección o (S)alir? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "¿Cambia (N)ombre, (C)omentario, (D)irección o (V)ale/(S)alir? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Por favor corrija primero el error.\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Necesita una frase contraseña para proteger su clave secreta.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+"Introduzca la frase contraseña para proteger el objeto importado en GnuPG"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"No ha especificado contraseña. Esto es probablemente una *mala* idea.\n"
+"Si más tarde quiere añadir una, puede hacerlo usando este programa con\n"
+"la opción \"--edit-key\".\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Es necesario generar muchos bytes aleatorios. Es una buena idea realizar\n"
+"alguna otra tarea (trabajar en otra ventana/consola, mover el ratón, usar\n"
+"la red y los discos) durante la generación de números primos. Esto da al\n"
+"generador de números aleatorios mayor oportunidad de recoger suficiente\n"
+"entropía.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Creación de claves cancelada.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "escribiendo clave pública en `%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "escribiendo apuntador de la clave privada en `%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "escribiendo clave privada en `%s'\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "anillo público de claves no escribible encontrado: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "anillo privado de claves no escribible encontrado: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "error escribiendo anillo público `%s': %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "error escribiendo anillo privado `%s': %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "claves pública y secreta creadas y firmadas.\n"
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Tenga en cuenta que esta clave no puede ser usada para cifrar. Puede usar\n"
+"la orden \"--edit-key\" para crear una subclave con este propósito.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Creación de la clave fallida: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"clave pública creada %lu segundos en el futuro (salto en el tiempo o\n"
+"problemas con el reloj)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"clave pública creada %lu segundos en el futuro (salto en el tiempo o\n"
+"problemas con el reloj)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "NOTA: crear subclaves para claves V3 no sigue el estándar OpenPGP\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "¿Crear de verdad? (s/N) "
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "almacenado de clave en la tarjeta fallido: %s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "no se puede crear fichero de respaldo `%s': %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "NOTA: copia de seguridad de la clave guardada en `%s'\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "nunca "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Política de firmas críticas: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Política de firmas: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr "Servidor de claves crítico preferido: "
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Notación de firmas críticas: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Notación de firma: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Anillo de claves"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Huellas dactilares de la clave primaria:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Huella de subclave:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Huella de clave primaria:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Huella de subclave:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr " Huella de clave ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr " Número de serie de la tarjeta ="
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "renombrando `%s' en `%s' fallo: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "ATENCIÓN: existen 2 ficheros con información confidencial.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s es el que no se ha modificado\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s es el nuevo\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Por favor arregle este posible fallo de seguridad\n"
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "memorizando anillo `%s'\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu claves memorizadas hasta ahora (%lu firmas)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu claves memorizadas (%lu firmas)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: anillo creado\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr "incluir claves revocadas en resultados de la búsqueda"
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr "incluir subclaves al buscar por ID de clave"
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+"usar ficheros temporales para pasar datos a los ayudantes delservidor de "
+"claves"
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr "no borrar ficheros temporales tras usarlos"
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr "recuperar automáticamente claves al verificar firmas"
+
+#: g10/keyserver.c:85
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "usar la URL de servidor de claves preferido presente en la clave"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr "usar el registro PKA presente en una clave al recuperar claves"
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"AVISO: las opciones de servidor de claves `%s' no se usan en esta "
+"plataforma\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "deshabilitado"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "Introduzca número(s), O)tro, o F)in >"
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "protocolo del servidor de claves inválido (us %d!=handler %d)\n"
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "clave \"%s\" no encontrada en el servidor\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "clave no encontrada en el servidor\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "solicitando clave %s de %s servidor %s\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "solicitando clave %s de %s\n"
+
+#: g10/keyserver.c:1205
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "buscando nombres desde %s servidor %s\n"
+
+#: g10/keyserver.c:1208
+#, c-format
+msgid "searching for names from %s\n"
+msgstr "buscando nombres de %s\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "enviando clave %s a %s servidor %s\n"
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "enviando clave %s a %s\n"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "buscando \"%s\" de %s servidor %s\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "buscando \"%s\" de %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr "¡no se solicita ninguna acción al servidor de claves!\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+"AVISO: el manejo de claves procede de una versión diferente de GnuPG (%s)\n"
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "el servidor de claves no envió VERSION\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "no hay servidores de claves conocidos (use opción --keyserver)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+"no se pueden realizar llamadas a un servidor externo de claves tal y\n"
+"como está compilado el programa\n"
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "no hay un manejador para ese esquema de servidor de claves `%s'\n"
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+"la acción `%s' no es posible con este esquema de servidor de claves `%s'\n"
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "%s no permite usar la versión %d del manejador\n"
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "agotado el tiempo de espera para el servidor de claves\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "error interno del servidor de claves\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "error de comunicación con el servidor de claves: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "\"%s\" no es un identificador de clave válido: omitido\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "AVISO: no se puede renovar la clave %s a traves de %s: %s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "renovando 1 clave de %s\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "renovando %d claves desde %s\n"
+
+#: g10/keyserver.c:1987
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "AVISO: imposible recuperar URI %s: %s\n"
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "AVISO: imposible interpretar URI %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "tamaño anormal para una clave de sesión cifrada (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s clave de sesión cifrada\n"
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "frase contraseña generada con algoritmo de resumen desconocido %d\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "la clave pública es %s\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "datos cifrados con la clave pública: DEK correcta\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "cifrado con clave %2$s de %1$u bits, ID %3$s, creada el %4$s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " \"%s\"\n"
+
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "cifrado con clave %s, ID %s\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "descifrado de la clave pública fallido: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "cifrado con %lu frases contraseña\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "cifrado con 1 frase contraseña\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "suponiendo %s datos cifrados\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+"cifrado IDEA no disponible, confiadamente intentamos usar %s en su lugar\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "descifrado correcto\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "ATENCIÓN: la intgridad del mensaje no está protegida\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "ATENCIÓN: ¡el mensaje cifrado ha sido manipulado!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "descifrado fallido: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "NOTA: el remitente solicitó \"sólo-para-tus-ojos\"\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "nombre fichero original='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr "AVISO: se observan varios textos en claro\n"
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "revocación independiente - use \"gpg --import\" para aplicarla\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+msgid "no signature found\n"
+msgstr "no se encontró firma\n"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "suprimida la verificación de la firma\n"
+
+#: g10/mainproc.c:1587
+msgid "can't handle this ambiguous signature data\n"
+msgstr "no puedo manejar estos datos ambiguos en la firma\n"
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "Firmado el %s\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " usando %s clave %s\n"
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Firmado el %s usando clave %s ID %s\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Clave disponible en: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "Firma INCORRECTA de \"%s\""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Firma caducada de \"%s\""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "Firma correcta de \"%s\""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[incierto]"
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " alias \"%s\""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Firma caducada en %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "La firma caduca el %s\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "firma %s, algoritmo de resumen %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "binaria"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "modotexto"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "desconocido"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Imposible comprobar la firma: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "no es una firma separada\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr "AVISO: detectadas múltiples firmas. Sólo la primera se comprueba.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "firma independiente de clase 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "firma al viejo estilo (PGP 2.x)\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "paquete raíz inválido detectado en proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "fstat de `%s' falló en %s: %s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "fstat(%d) falló en %s: %s\n"
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "AVISO: usando un algoritmo de clave pública experimental %s\n"
+
+#: g10/misc.c:302
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "AVISO: las firmas Elgamal para firmar y cifrar están obsoletas\n"
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "AVISO: usando algoritmo de cifrado experimental %s\n"
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "AVISO: usando algoritmo de resumen experimental %s\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "AVISO: el algoritmo de resumen %s está obsoleto\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "el plugin para el cifrado IDEA no está presente\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, c-format
+msgid "please see %s for more information\n"
+msgstr "por favor vea %s para más información\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: opción obsoleta \"%s\"\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "ATENCIÓN: \"%s\" es una opción obsoleta\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "por favor use \"%s%s\" en su lugar\n"
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "ATENCIÓN: \"%s\" es una orden obsoleta - no la use\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr "%s:%u: opción obsoleta \"%s\" - no tiene efecto\n"
+
+#: g10/misc.c:787
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "ATENCIÓN: \"%s\" es una opción obsoleta - no tiene efecto\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "Sin comprimir"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr "sin_comprimir|ninguno"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "este mensaje podría no ser utilizable por %s\n"
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "opción ambigua `%s'\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "opción desconocida `%s'\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "El fichero `%s' ya existe. "
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "¿Sobreescribir? (s/N) "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: sufijo desconocido\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Introduzca nuevo nombre de fichero"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "escribiendo en stdout\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "asumiendo que hay datos firmados en `%s'\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "creado un nuevo fichero de configuración `%s'\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "AVISO: las opciones en `%s' no están aún activas en esta ejecución\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "no puedo manejar el algoritmo de clave pública %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+"AVISO: clave de sesión cifrada simétricamente potencialmente insegura\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "el subpaquete de tipo %d tiene el bit crítico activado\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr "problema con el agente: %s\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr "(ID de clave primaria %s)"
+
+#: g10/passphrase.c:358
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Introduzca frase contraseña para desbloquear la clave secreta del "
+"certificado OpenPGP:\n"
+"\"%.*s\"\n"
+"con %u bits clave %s, ID %s,\n"
+"creada el %s%s.\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Introduzca frase contraseña\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "cancelado por el usuario\n"
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"Necesita una frase contraseña para desbloquear la clave secreta\n"
+"del usuario: \"%s\"\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "clave %2$s de %1$u bits, ID %3$s, creada el %4$s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (subclave en clave principal ID %s)"
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Escoja una imagen para usar en su ID fotográfico. La imagen debe ser un\n"
+"fichero JPEG. Recuerde que la imágen se almacena en su clave pública.\n"
+"Si usa una foto muy grande, ¡su clave será también muy grande!\n"
+"Una imagen cercana a 240x288 tiene un tamaño adecuado.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Introduzca nombre del fichero JPEG para ID fotográfico: "
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "Imposible abrir fichero JPEG `%s': %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "¡Este JPEG es realmente grande (%d bytes)!\n"
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "¿Seguro que quiere usarlo? (s/N) "
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "`%s' no es un fichero JPEG\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "¿Es correcta la foto? (s/n) "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "¡no puedo mostrar ID fotográfico!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "No se dio ninguna razón"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "La clave ha sido reemplazada."
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "La clave ha sido comprometida"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "La clave ya no está en uso"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "El identificador de usuario ya no es válido"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "razón para la revocación: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "comentario a la revocación: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMqQsS"
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "No hay confianza definida para:\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " alias \"%s\"\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+"¿Qué seguridad tiene de que esta clave pertenece realmente al usuario\n"
+"que se nombra?\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = No lo sé o prefiero no decirlo\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = NO tengo confianza\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = confío absolutamente\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " m = volver al menú principal\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " s = saltar esta clave\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " q = salir\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+"El mínimo nivel de confianza para esta clave es: %s\n"
+"\n"
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "¿Su decisión? "
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "¿De verdad quiere asignar absoluta confianza a esta clave? (s/N) "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certificados que llevan a una clave de confianza absoluta:\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%s: No hay seguridad de que esta clave pertenezca realmente\n"
+"al usuario que se nombra\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Hay poca seguridad de que esta clave pertenezca realmente\n"
+"al usuario que se nombra\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "Esta clave probablemente pertenece al usuario que se nombra\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Esta clave nos pertenece\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"No es seguro que la clave pertenezca a la persona que se nombra en el\n"
+"identificador de usuario. Si *realmente* sabe lo que está haciendo,\n"
+"puede contestar sí a la siguiente pregunta.\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "¿Usar esta clave de todas formas? (s/N) "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "ATENCIÓN: ¡Usando una clave no fiable!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "AVISO: la clave puede estar revocada (falta clave de revocación)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr ""
+"ATENCIÓN: ¡Esta clave ha sido revocada por la persona designada\n"
+"como revocador!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "ATENCIÓN: ¡Esta clave ha sido revocada por su propietario!\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " Esto puede significar que la firma está falsificada.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "ATENCIÓN: ¡Esta clave ha sido revocada por su propietario!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Nota: Esta clave está deshabilitada.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr "Nota: la dirección del firmante verificado es `%s'\n"
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr "Nota: la dirección del firmante `%s' no coincide con la entrada DNS\n"
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr "nivel de confianza puesto a TOTAL (información PKA válida)\n"
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr "nivel de confianza puesto a NUNCA (información PKA inválida)\n"
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Nota: ¡Esta clave ha caducado!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr ""
+"ATENCIÓN: ¡Esta clave no está certificada por una firma de confianza!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr " No hay indicios de que la firma pertenezca al propietario.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "ATENCIÓN: ¡Esta clave NO es de confianza!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " La firma es probablemente una FALSIFICACIÓN.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"ATENCIÓN: ¡Esta clave no está certificada con firmas de suficiente "
+"confianza!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " No es seguro que la firma pertenezca al propietario.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: omitido: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: omitida: clave pública ya presente\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "No ha especificado un ID de usuario (puede usar \"-r\")\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr "Destinatarios actuales:\n"
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Introduzca ID de usuario. Acabe con una línea vacía: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "ID de usuario inexistente.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "omitida: clave pública ya designada como destinataria por defecto\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Clave pública deshabilitada.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "omitida: clave pública ya establecida\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "desconocido el destinatario predefinido \"%s\"\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: omitida: clave pública deshabilitada\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "no hay direcciones válidas\n"
+
+#: g10/pkclist.c:1503
+#, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "Nota: la clave %s no usa %s\n"
+
+#: g10/pkclist.c:1528
+#, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "Nota: clave %s no tiene preferencias para %s\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "datos no grabados; use la opción \"--output\" para grabarlos\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Firma separada.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Introduzca el nombre del fichero de datos: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "leyendo stdin...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "no hay datos firmados\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "imposible abrir datos firmados `%s'\n"
+
+#: g10/plaintext.c:607
+#, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "imposible abrir datos firmados fd=%d: %s\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "destinatario anónimo; probando clave secreta %s ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "de acuerdo, somos el destinatario anónimo.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "la antigua codificación de la DEK no puede usarse\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "algoritmo de cifrado %d%s desconocido o desactivado\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "NOTA: el cifrado %s no aparece en las preferencias del receptor\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "NOTA: clave secreta %s caducó el %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "NOTA: la clave ha sido revocada"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "construcción del paquete fallida: %s\n"
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "clave %s: sin identificador de usuario\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Será revocado por:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Este es una clave de revocación confidencial)\n"
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "¿Crear un certificado de revocación para esta clave? (s/N)"
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "se fuerza salida con armadura ASCII.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet falló: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Certificado de revocación creado.\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "no se encuetran claves de revocación para \"%s\"\n"
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "clave secreta \"%s\" no encontrada: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "no existe la clave pública correspondiente: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "¡la clave pública y la privada no se corresponden!\n"
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "¿Crear un certificado de revocación para esta clave? (s/N) "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "algoritmo de protección desconocido\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "NOTA: ¡Esta clave no está protegida!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Certificado de revocación creado.\n"
+"\n"
+"Por favor consérvelo en un medio que pueda esconder; si alguien consigue\n"
+"acceso a este certificado puede usarlo para inutilizar su clave.\n"
+"Es inteligente imprimir este certificado y guardarlo en otro lugar, por\n"
+"si acaso su medio resulta imposible de leer. Pero precaución: ¡el sistema\n"
+"de impresión de su máquina podría almacenar los datos y hacerlos accesibles\n"
+"a otras personas!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Por favor elija una razón para la revocación:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Cancelar"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Probablemente quería seleccionar %d aquí)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Introduzca una descripción opcional; acábela con una línea vacía:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Razón para la revocación: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(No se dió descripción)\n"
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "¿Es correcto? (s/N) "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "las partes de la clave privada no están disponibles\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "el algoritmo de protección %d%s no puede ser utilizado\n"
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "el resumen protector %d no puede ser utilizado\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Frase contraseña incorrecta; inténtelo de nuevo."
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ... \n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+"ATENCIÓN: detectada clave débil - por favor cambie la frase contraseña.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"generando la suma de comprobación de 16 bits (obsoleta) para \n"
+"proteger la clave secreta.\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "creada clave débil - reintentando\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"¡imposible evitar clave débil para cifrado simétrico después de %d "
+"intentos!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr "DSA necesita un resumen cuya longitud sea múltiplo de 8 bits\n"
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr "la clave DSA %s usa un resumen inseguro (%u bits)\n"
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr "la clave DSA %s requiere un resumen de %u bits al menos\n"
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "AVISO: conflicto con el resumen de la firma del mensaje\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "AVISO: la subclave de firmado %s no tiene certificado cruzado\n"
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"AVISO: la subclave de cifrado %s tiene un certificado cruzado inválido\n"
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "la clave pública %s es %lu segundos más nueva que la firma\n"
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "la clave pública %s es %lu segundos más nueva que la firma\n"
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"la clave %s fue creada %lu segundo en el futuro (viaje en el tiempo\n"
+"o problemas con el reloj)\n"
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"la clave %s fue creada %lu segundos en el futuro (salto en el tiempo\n"
+"o problemas con el reloj)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "NOTA: clave de la firma %s caducada el %s\n"
+
+#: g10/sig-check.c:252
+#, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "NOTA: la clave de firmado %s ha sido revocada\n"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"asumiendo firma incorrecta de la clave %s por un bit crítico desconocido\n"
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "clave %s: no hay subclave para la firma de revocación de subclave\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "clave %s: no hay subclave para firma de subclave de enlace\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"AVISO: no puedo expandir el %% de la url de política . Se usa sin expandir.\n"
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"AVISO: no puedo expandir el %% de la url de política (demasiado larga).\n"
+"Se usa sin expandir.\n"
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"AVISO: no puedo expandir el %% de la URL del servidor de claves\n"
+"preferido. Se usa sin expandir.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "la comprobación de la firma creada falló: %s\n"
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s firma de: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"sólo puede hacer firmas separadas con claves tipo PGP 2.x estando enmodo --"
+"pgp2\n"
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"AVISO: forzar el algoritmo de resumen %s (%d) va en contra de las\n"
+"preferencias del destinatario\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "firmando:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "sólo puede firmar en claro con claves PGP 2.x estando en modo --pgp2\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "se usará un cifrado %s\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr "clave no marcada como insegura - no puede usarse con el pseudo RNG\n"
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "\"%s\" omitido: duplicado\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "omitido \"%s\": %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "omitido: clave secreta ya presente\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"¡esta es una clave ElGamal generada por PGP que NO es segura para firmar!"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "registro de confianza %lu, tipo %d: fallo escritura: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Lista de valores de confianza asignados, creada %s\n"
+"# (Use \"gpg --import-ownertrust\" para restablecerlos)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "error en `%s': %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "línea demasiado larga"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr "falta una coma"
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "huella dactilar no válida"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "falta el valor de confianza"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "error econtrando registro de confianza en `%s': %s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "error de lectura `%s': %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "base de datos de confianza: fallo sincronización: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "registro base de datos de confianza %lu: lseek fallido: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr ""
+"registro base de datos de confianza %lu: escritura fallida (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "transacción en la base de datos de confianza demasiado grande\n"
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "no se puede acceder a `%s': %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: ¡el directorio no existe!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "no se puede crear el bloqueo para `%s'\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "no se puede bloquear `%s'\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: fallo en la creación del registro de versión: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: se ha creado base de datos de confianza inválida\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: se ha creado base de datos de confianza\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "NOTA: no se puede escribir base de datos de confianza\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: base de datos de confianza inválida\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: fallo en la creación de la tabla hash: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: error actualizando el registro de versión: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: error leyendo registro de versión: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: error escribiendo registro de versión: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "base de datos de confianza: fallo lseek: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "base de datos de confianza: error lectura (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: no es una base de datos de confianza\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: registro de versión con número de registro %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: versión del fichero %d inválida\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: error leyendo registro libre: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: error escribiendo registro de directorio: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: fallo en poner a cero un registro: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: fallo al añadir un registro: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: se ha creado base de datos de confianza\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "no se pueden manejar líneas de texto de más de %d caracteres\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "línea de longitud superior a %d caracteres\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "'%s' no es un identificador largo de clave válido\n"
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "clave %s: aceptada como clave fiable\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "la clave %s aparece más de una vez en la base de datos de confianza\n"
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "clave %s: clave fiable sin clave pública - omitida\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "clave %s marcada como de confianza absoluta\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "registro de confianza %lu, petición tipo %d: fallo lectura: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "registro de confianza %lu no es del tipo requerido %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr "imposible usar modelo de confianza (%d) - asumiendo el modelo %s\n"
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr "usando %s como modelo de confianza\n"
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr "13 no apto para supersticiosos"
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr "[ revocada ]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr "[ caducada ]"
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr "[desconocida]"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr "[no definida]"
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr "[ dudosa ]"
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr "[ total ]"
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr "[ absoluta ]"
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr "no definido"
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr "nunca"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr "dudosa"
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr "total"
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr "absoluta"
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "no es necesaria una comprobación de la base de datos de confianza\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "siguiente comprobación de base de datos de confianza el: %s\n"
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr ""
+"no es necesaria una comprobación de la base de datos de confianza\n"
+"con el modelo de confianza `%s'\n"
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr ""
+"no es necesario comprobar la base de datos de confianza\n"
+"con el modelo `%s'\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "clave pública %s no encontrada: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "por favor haga un --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "comprobando base de datos de confianza\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d claves procesadas (%d validaciones superadas)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "no se encuentran claves absolutamente fiables\n"
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "clave pública de la clave absolutamente fiable %s no encontrada\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+"%d dudosa(s) necesarias, %d completa(s) necesarias,\n"
+"modelo de confianza %s\n"
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+"nivel: %d validez: %3d firmada: %3d confianza: %d-, %dq, %dn, %dm, %df, %"
+"du\n"
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr ""
+"no se puede actualizar el registro de la versión de la base de datos\n"
+"de confianza: fallo de escritura: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"la firma no se pudo verificar.\n"
+"Por favor recuerde que el fichero de firma (.sig o .asc)\n"
+"debería ser el primero que se da en la línea de órdenes.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "la línea %u es demasiado larga o no tiene avance de línea (LF)\n"
+
+#: g10/verify.c:253
+#, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "no se puede abrir fd %d: %s\n"
+
+#: jnlib/argparse.c:180
+msgid "argument not expected"
+msgstr "parámetro inesperado"
+
+#: jnlib/argparse.c:182
+msgid "read error"
+msgstr "error de lectura"
+
+#: jnlib/argparse.c:184
+msgid "keyword too long"
+msgstr "palabra clave demasiado larga"
+
+#: jnlib/argparse.c:186
+msgid "missing argument"
+msgstr "falta el parámetro"
+
+#: jnlib/argparse.c:188
+msgid "invalid command"
+msgstr "orden inválida"
+
+#: jnlib/argparse.c:190
+msgid "invalid alias definition"
+msgstr "definición de alias inválida"
+
+#: jnlib/argparse.c:192
+msgid "out of core"
+msgstr "memoria desbordada"
+
+#: jnlib/argparse.c:194
+msgid "invalid option"
+msgstr "opción inválida"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr "falta parámetro para la opción \"%.50s\"\n"
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr "la opción \"%.50s\" no necesita parámetros\n"
+
+#: jnlib/argparse.c:207
+#, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "orden inválida \"%.50s\"\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr "la opción \"%.50s\" es ambigua\n"
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr "la orden \"%.50s\" es ambigua\n"
+
+#: jnlib/argparse.c:213
+msgid "out of core\n"
+msgstr "memoria desbordada\n"
+
+#: jnlib/argparse.c:215
+#, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "opción inválida \"%.50s\"\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "ha encontrado un error... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, c-format
+msgid "error loading `%s': %s\n"
+msgstr "error cargando `%s': %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr "la conversión de `%s' en `%s' no está disponible\n"
+
+#: jnlib/utf8conv.c:131
+#, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "iconv_open falló: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "la conversión de `%s' en `%s' falló: %s\n"
+
+#: jnlib/dotlock.c:234
+#, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "no se puede crear el fichero temporal `%s': %s\n"
+
+#: jnlib/dotlock.c:269
+#, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "error escribiendo en `%s': %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr "borrando fichero de bloqueo residual (creado por %d)\n"
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr " - probablemente muerto - suprimiendo el bloqueo"
+
+#: jnlib/dotlock.c:469
+#, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "esperando al bloqueo (que mantiene %d%s) %s...\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr "(¿bloqueo mutuo?)"
+
+#: jnlib/dotlock.c:493
+#, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "bloqueo `%s' no hecho: %s\n"
+
+#: jnlib/dotlock.c:501
+#, c-format
+msgid "waiting for lock %s...\n"
+msgstr "esperando al bloqueo %s...\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr "establece los parámetros de depuración"
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr "habilita depuración completa"
+
+#: kbx/kbxutil.c:117
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Uso: kbxutil [opciones] [ficheros] (-h para ayuda)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+"Sintaxis: kbxutil [opciones] [ficheros]\n"
+"listar, exportar, importar datos Keybox\n"
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "falta el módulo RSA o no es de %d bits\n"
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "falta el exponente público RSA o es mayor de %d bits\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "la función de manejo del PIN devolvió un error: %s\n"
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr "el PIN-Nulo no ha sido cambiado\n"
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "||Por favor inntroduzca su PIN en el teclado del lector"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "|A|Introduzca PIN de Administrador en el teclado del lector"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "||Por favor introduzca Código de Reinicio de la tarjeta"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "||Por favor introduzca Código de Reinicio de la tarjeta"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "error obteniendo nuevo PIN: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "fallo al almacenar la huella digital: %s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "fallo guardando la fecha de creación: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "fallo leyendo clave pública: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "la respuesta no incluye la clave pública\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "la respuesta no incluye el módulo RSA\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "la respuesta no incluye el exponente público RSA\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr "usando PIN por defecto %s\n"
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr "fallo al usar el PIN por defecto %s: %s - en adelante deshabilitado\n"
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||Por favor introduzca PIN%%0A[firmas hechas: %lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+msgid "||Please enter the PIN"
+msgstr "||Por favor introduzca PIN"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "El PIN para CHV%d es demasiado corto; longitud mínima %d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "la verificación CHV%d falló: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "error recuperando el estatus CHV de la tarjeta\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "¡la tarjeta está bloqueada permanentemente!\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+"%d intentos quedan para PIN de administrador antes de "
+"bloquearpermanentemente la clave\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr ""
+"|A|Introduzca PIN de Administrador en el teclado del lector%%0A[intentos "
+"restantes %d]"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "||Por favor introduzca PIN"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "el acceso a órdenes de administrador no está configurado\n"
+
+#: scd/app-openpgp.c:2035
+msgid "||Please enter the Reset Code for the card"
+msgstr "||Por favor introduzca Código de Reinicio de la tarjeta"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "Código de Reinicio demasiado corto; longitud mínima %d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr "|CR|Nuevo Código de Reinicio"
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr "|AN|Nuevo PIN Administrador"
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr "|N|Nuevo PIN"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "error leyendo datos de la aplicación\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "error leyendo huella digital DO\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "la clave ya existe\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "la clave existente será reemplazada\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "generando nueva clave\n"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "generando nueva clave\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr "falta fecha de creación\n"
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr "el primo RSA %s falta o no es de %d bits\n"
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "fallo al almacenar la clave: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "por favor, espere mientras se genera la clave ...\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "la generación de la clave falló\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "generación de clave completada (%d segundos)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "estructura de la tarjeta OpenPGP inválida (DO 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr "la huella digital en la tarjeta no coincide con la solicitada\n"
+
+#: scd/app-openpgp.c:3099
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "la tarjeta no permite usar el algoritmo de resumen %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "firmas creadas hasta ahora: %lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+"actualmente se prohibe verificar el PIN del Administrador con esta orden\n"
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "no se puede acceder a %s - ¿tarjeta OpenPGP inválida?\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr "||Por favor inntroduzca su PIN en el teclado del lector"
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr "|N|Nuevo PIN Inicial"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr "ejecutar en modo multi servidor (primer plano)"
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr "|NIVEL|poner el nivel de depurado a NIVEL"
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+msgid "|FILE|write a log to FILE"
+msgstr "|FICHERO|escribir log en FICHERO"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr "|N|conectar el lector al puerto N"
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NOMBRE|usa NOMBRE como driver ct-API"
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NOMBRE|usa NOMBRE como driver PC/SC"
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr "no usa el driverd del CCID interno"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr "|N|desconectar la tarjeta después de N segundos de inactividad"
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr "no usa el teclado del lector"
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "permitir órdenes de administrador en la tarjeta"
+
+#: scd/scdaemon.c:259
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Uso: scdaemon [opciones] [ficheros] (-h para ayuda)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+"Sintaxis: scdaemon [opciones] [orden [args]]\n"
+"Demonio de la tarjeta inteligente para GnuPG\n"
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr "use la opción `--daemon' para ejectuar el programa en segundo plano\n"
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr "manejador del descriptor %d iniciado\n"
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr "manejador del descriptor %d terminado\n"
+
+#: sm/base64.c:325
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "caracter inválido radix64 %02x omitido\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "fallo al hacer la petición proxy %s al cliente\n"
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr "no hay dirmngr en ejecución - iniciando `%s'\n"
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "variable de entorno DIRMNGR_INFO malformada\n"
+
+#: sm/call-dirmngr.c:297
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "la versión del protocolo dirmngr %d no puede usarse\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr "no puedo conectar con el dirmngr - intentando retirada\n"
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr "el certificado: %s requiere un modelo de validación"
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr "cadena"
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+msgid "shell"
+msgstr "shell"
+
+#: sm/certchain.c:258
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "la extensión crítica de certificado %s no puede usarse"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr "el certificado del emisor no está marcado como CA"
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr "política marcada como crítica sin políticas configuradas"
+
+#: sm/certchain.c:345
+#, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "fallo abriendo `%s': %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr "nota: no se permiten políticas no críticas de certificados"
+
+#: sm/certchain.c:357 sm/certchain.c:386
+msgid "certificate policy not allowed"
+msgstr "no se permite política de certificado"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr "buscando al emisor en una localización externa\n"
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr "numero de emisores coincidentes: %d\n"
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr "buscando emisor en el caché de Dirmngr\n"
+
+#: sm/certchain.c:585
+#, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "número de certificados coincidentes: %d\n"
+
+#: sm/certchain.c:587
+#, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "fallo buscando la clave sólo caché de dirmngr: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+msgid "failed to allocated keyDB handle\n"
+msgstr "fallo al colocar handle de keyDB\n"
+
+#: sm/certchain.c:925
+msgid "certificate has been revoked"
+msgstr "el certificado ha sido revocado"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr "el estado del certificado es desconocido"
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr "por favor asegúrese de que \"dirmngr\" está bien instalado\n"
+
+#: sm/certchain.c:953
+#, c-format
+msgid "checking the CRL failed: %s"
+msgstr "la comprobación de CRL falló: %s"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "validez del certificado incorrecta: %s"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr "el certificado aún no es válido"
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+msgid "root certificate not yet valid"
+msgstr "el certificado raíz no es válido aún"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr "el certificado intermedio aún no es válido"
+
+#: sm/certchain.c:1012
+msgid "certificate has expired"
+msgstr "certificado caducado"
+
+#: sm/certchain.c:1013
+msgid "root certificate has expired"
+msgstr "el certificado raíz ha caducado"
+
+#: sm/certchain.c:1014
+msgid "intermediate certificate has expired"
+msgstr "el certificado intermedio ha caducado"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr "faltan los atributos requeridos del certificado: %s%s%s"
+
+#: sm/certchain.c:1065
+msgid "certificate with invalid validity"
+msgstr "el certificado tiene una validez incorrecta"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr "la firma no se creo durante el tiempo de validez del certificado"
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr "el certificado no se creo durante el tiempo de validez el emisor"
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+"certificado intermedio no creado durante el tiempo de validez del emisor"
+
+#: sm/certchain.c:1109
+msgid " ( signature created at "
+msgstr " ( firmas creadas en "
+
+#: sm/certchain.c:1110
+msgid " (certificate created at "
+msgstr " (certificado creado en "
+
+#: sm/certchain.c:1113
+msgid " (certificate valid from "
+msgstr " (certificado válido desde "
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr " ( emisor válido desde "
+
+#: sm/certchain.c:1144
+#, c-format
+msgid "fingerprint=%s\n"
+msgstr "huella dactilar=%s\n"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr "certificado raíz marcado ahora como fiable\n"
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr "marcar interactivamente como fiable no está activado en gpg-agent\n"
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr "marcar interactivamente como fíable desactivado en esta sesión\n"
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr "AVISO: fecha de creación de firma desconocida - asumo momento actual"
+
+#: sm/certchain.c:1293
+msgid "no issuer found in certificate"
+msgstr "no se encuentra el emisor de este certificado"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr "certificado auto firmado con firma INCORRECTA"
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr "el certificado raíz no está marcado como fiable"
+
+#: sm/certchain.c:1448
+#, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "la comprobación de la lista de confianza falló: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr "cadena de certificados demasiado larga\n"
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr "no se encuentra emisor del certificado"
+
+#: sm/certchain.c:1522
+msgid "certificate has a BAD signature"
+msgstr "el certificado tiene una firma INCORRECTA"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr "encontrado otro posible certificado de CA coincidente - reintentando"
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr "cadena de certificados más larga de lo que permite la CA (%d)"
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+msgid "certificate is good\n"
+msgstr "certificado correcto\n"
+
+#: sm/certchain.c:1645
+msgid "intermediate certificate is good\n"
+msgstr "certificado intermedio correcto\n"
+
+#: sm/certchain.c:1646
+msgid "root certificate is good\n"
+msgstr "certificado raíz correcto\n"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr "cambiando al modelo en cadena"
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr "modelo de validación usado: %s"
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr "la clave %s usa un hash inseguro (de %u bits)\n"
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr "un hash de %u bits no vale para %u bits de la clave %s\n"
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr "(es el algoritmo MD2)\n"
+
+#: sm/certdump.c:60 sm/certdump.c:143
+msgid "none"
+msgstr "ninguno"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+msgid "[Error - invalid encoding]"
+msgstr "[Error - codificación inválida]"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr "[Error - core]"
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr "[Error - Sin nombre]"
+
+#: sm/certdump.c:679 sm/certdump.c:738
+msgid "[Error - invalid DN]"
+msgstr "[Error - DN inválido]"
+
+#: sm/certdump.c:948
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Por favor introduzca la frase de paso para desbloquear la clave secretadel "
+"certificado X.509\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr "no se especifica uso de la clave - asumiendo todos los usos\n"
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "error obteniendo información sobre uso de la clave: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr "el certificado no debería haberse usado para certificar\n"
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr "el certificado no debería haberse usado para firma en respuesta OCSP\n"
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr "el certificado no debería haberse usado para cifrar\n"
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr "el certificado no debería haberse usado para firmar\n"
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr "el certificado no es utilizable para cifrar\n"
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr "el certificado no es utilizable para firmar\n"
+
+#: sm/certreqgen.c:474
+#, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "línea %d: algoritmo inválido\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr "línea %d: longitud de clave inválida %u (válidas de %d a %d)\n"
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr "línea %d: falta nombre de entidad\n"
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr "línea %d: etiqueta con nombre de entidad inválida `%.*s'\n"
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr "línea %d: nombre de entidad inválida `%s' posición %d\n"
+
+#: sm/certreqgen.c:534
+#, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "línea %d: no es una dirección de email válida\n"
+
+#: sm/certreqgen.c:546
+#, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "línea %d: error leyendo clave `%s' de la tarjeta: %s\n"
+
+#: sm/certreqgen.c:558
+#, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "línea %d: error obteniendo clave con keygrip `%s': %s\n"
+
+#: sm/certreqgen.c:574
+#, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "línea %d: generación de clave fallida: %s <%s>\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+"Para completar este certificado introduzca por favor la frase contraseñapara "
+"la clave que acaba de crear una vez más.\n"
+
+#: sm/certreqgen-ui.c:158
+#, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA\n"
+
+#: sm/certreqgen-ui.c:159
+#, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) Clave existente\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr " (%d) Clave existente de la tarjeta\n"
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Introduzca la notación: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "No existe una subclave con índice %d\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: error leyendo registro libre: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "error obteniendo el número de serie de la tarjeta: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "deshabilita clave"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "Posibles acciones para una clave %s:\n"
+
+#: sm/certreqgen-ui.c:277
+#, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) firmar, cifrar\n"
+
+#: sm/certreqgen-ui.c:278
+#, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) firmar\n"
+
+#: sm/certreqgen-ui.c:279
+#, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) cifrar\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr "Introduzca nombre de entidad para X.509"
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr "No se dió nombre de entidad\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr "Etiqueta de nombre de entidad inválida `%.*s'\n"
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "Nombre de entidad inválido `%s'\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr "28 visto por el traductor hasta la comilla inclusive"
+
+#: sm/certreqgen-ui.c:334
+msgid "Enter email addresses"
+msgstr "Dirección de correo electrónico: "
+
+#: sm/certreqgen-ui.c:335
+msgid " (end with an empty line):\n"
+msgstr " (termine con una línea en blanco):\n"
+
+#: sm/certreqgen-ui.c:339
+msgid "Enter DNS names"
+msgstr "Introduzca nombres de DNS"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+msgid " (optional; end with an empty line):\n"
+msgstr " (opcional; acabe con una línea en blanco):\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr "Introduzca URIs"
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr "Parámetros que se usarán para pedir certificados:\n"
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr "Creando una petición de certificado. Puede llevar un rato ...\n"
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr "Acabado. Debería mandar esta petición a su CA.\n"
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr "problema de recursos: memoria desbordada\n"
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr "(el algoritmo RC2)\n"
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr "(no parece un mensaje cifrado)\n"
+
+#: sm/delete.c:51 sm/delete.c:112
+#, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "certificado `%s' no encontrado: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, c-format
+msgid "error locking keybox: %s\n"
+msgstr "error bloqueando keybox: %s\n"
+
+#: sm/delete.c:143
+#, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "certificado duplicado `%s' borrado\n"
+
+#: sm/delete.c:145
+#, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "certificado `%s' borrado\n"
+
+#: sm/delete.c:175
+#, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "borrado del certificado \"%s\" fallido: %s\n"
+
+#: sm/encrypt.c:321
+msgid "no valid recipients given\n"
+msgstr "no se dieron receptores válidos\n"
+
+#: sm/gpgsm.c:197
+msgid "list external keys"
+msgstr "lista claves externas"
+
+#: sm/gpgsm.c:199
+msgid "list certificate chain"
+msgstr "lista de cadenas de certificados"
+
+#: sm/gpgsm.c:206
+msgid "import certificates"
+msgstr "importa certificado"
+
+#: sm/gpgsm.c:207
+msgid "export certificates"
+msgstr "exporta certificado"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr "registrar tarjeta inteligente"
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr "pasar una orden a dirmngr"
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr "invocar gpg-protect-tool"
+
+#: sm/gpgsm.c:230
+msgid "create base-64 encoded output"
+msgstr "crea una salida en base-64"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr "asumir entrada en formato PEM"
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr "asumir entrada en formato base-64"
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr "asumir entrada en formato binario"
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr "usar el dirmngr del sistema si está disponible"
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr "nunca consultar una CRL"
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr "comprabar validez usando OCSP"
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr "|N|número de certificados que incluir"
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr "|FICHERO|tomar política de información de FICHERO"
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr "no comprobar políticas de certificados"
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr "recuperar certificados de emisor perdidos"
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "no usa la terminal en absoluto"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr "|FICHERO|escribir un log en modo servidor en FICHERO"
+
+#: sm/gpgsm.c:290
+msgid "|FILE|write an audit log to FILE"
+msgstr "|FICHERO|escribir inform de auditoría a FICHERO"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "proceso por lotes: nunca preguntar"
+
+# assume -> suponer, no asumir
+# No estoy seguro. El diccionario Collins en la acepción b) de asumir
+# dice "b) (suponer) to assume, suppose..."
+# Además una de las acepciones de asumir es "aceptar algo" y suponer
+# viene a ser asumir una idea como propia. Suponer "sí" en casi todas las
+# preguntas no me acaba de gustar.
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "asume \"sí\" en casi todas las preguntas"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "asume \"no\" en casi todas las preguntas"
+
+#: sm/gpgsm.c:298
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "|FICHERO|añade este anillo a la lista de anillos"
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|ID-USUARIO|usa ID-USUARIO como clave secreta por defecto"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|ESPEC|usa este servidor para buscar claves"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NOMBRE|usa el algoritmo de cifrado NOMBRE"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NOMBRE|usa algoritmo de resumen de mensaje NOMBRE"
+
+#: sm/gpgsm.c:522
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Uso: gpgsm [opciones] [ficheros] (-h para ayuda)"
+
+#: sm/gpgsm.c:525
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintaxis: gpgsm [opciones] [ficheros]\n"
+"firma, comprueba, cifra o descifra usando protocolo S/MIME\n"
+"la operación por defecto depende de los datos de entrada\n"
+
+#: sm/gpgsm.c:617
+msgid "usage: gpgsm [options] "
+msgstr "uso: gpgsm [opciones] "
+
+#: sm/gpgsm.c:739
+#, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "NOTA: no se podrá cifrar a `%s': %s\n"
+
+#: sm/gpgsm.c:750
+#, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "modelo de validación desconocido `%s'\n"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: falta el nombre del host\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: se dio contraseña sin usuario\n"
+
+#: sm/gpgsm.c:841
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: omitir esta línea\n"
+
+#: sm/gpgsm.c:1376
+msgid "could not parse keyserver\n"
+msgstr "no se puede interpretar el servidor de claves\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr "AVISO: ejecutándose con hora del sistema falsificada"
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "importando certificados comunes `%s'\n"
+
+#: sm/gpgsm.c:1597
+#, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "no puedo firmar usando `%s': %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr "orden inválida (no hay orden implícita)\n"
+
+#: sm/import.c:111
+#, c-format
+msgid "total number processed: %lu\n"
+msgstr "cantidad total procesada: %lu\n"
+
+#: sm/import.c:230
+msgid "error storing certificate\n"
+msgstr "error almacenando certificado\n"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr "fallaron comprobaciones básicas sobre el certificado - no importado\n"
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+msgid "failed to allocate keyDB handle\n"
+msgstr "fallo al reservar handle de keyDB\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "error obteniendo parámetros almacenados: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, c-format
+msgid "error importing certificate: %s\n"
+msgstr "error importando el certificado: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, c-format
+msgid "error reading input: %s\n"
+msgstr "error leyendo entrada: %s\n"
+
+#: sm/keydb.c:187
+#, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "error creando caja de claves `%s': %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr "puede que quiera ejecutar gpg-agent antes\n"
+
+#: sm/keydb.c:195
+#, c-format
+msgid "keybox `%s' created\n"
+msgstr "caja de claves `%s' creada\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+msgid "failed to get the fingerprint\n"
+msgstr "fallo obteniendo huella digital\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr "problema buscando el certificado existente: %s\n"
+
+#: sm/keydb.c:1348
+#, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "error obteniendo keyDB para escribir: %s\n"
+
+#: sm/keydb.c:1356
+#, c-format
+msgid "error storing certificate: %s\n"
+msgstr "error almacenando certificado: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "problema re-buscando el certificado: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, c-format
+msgid "error storing flags: %s\n"
+msgstr "error almacenando parámetros: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr "Error - "
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr "GPG_TTY no tiene valor - usando valor por defecto quizá absurdo\n"
+
+#: sm/qualified.c:105
+#, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "formato inválido de huella dactilar en `%s', línea %d\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr "código de país inválido en `%s', línea %d\n"
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+"Está a punto de crear una firma usando su certificado:\n"
+"\"%s\"\n"
+"Esto creará una firma válida ante la ley e igual a una firma manuscrita\n"
+"\n"
+"%s%sEstá realmente seguro de querer hacer esto?"
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+"Observe que este programa no está oficialmente aprobado para crear "
+"overificar tales firmas.\n"
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+"Está a punto de crear una firma usando su certificado:\n"
+"\"%s\"\n"
+"¡Observe que este certificado NO creará una firma cualificada!"
+
+#: sm/sign.c:449
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "resumen %d (%s) para firmante %d no puede utilizarse; usando %s\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr "algoritmo de hash usado para el firmante %d: %s (%s)\n"
+
+#: sm/sign.c:513
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "la comprobación de la firma cualificada falló: %s\n"
+
+#: sm/verify.c:449
+msgid "Signature made "
+msgstr "Firmado el "
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr "[no hay fecha]"
+
+#: sm/verify.c:454
+#, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "usando el certificado ID 0x%08lX\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr "firma inválida: el resumen del mensaje no coincide con el calculado\n"
+
+#: sm/verify.c:594
+msgid "Good signature from"
+msgstr "Firma correcta de"
+
+#: sm/verify.c:595
+msgid " aka"
+msgstr " alias"
+
+#: sm/verify.c:613
+msgid "This is a qualified signature\n"
+msgstr "Es una firma cualificada\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+msgid "quiet"
+msgstr "silencioso"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr "escribir datos de salida en hexadecimal"
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr "decodificar líneas de datos recibidos"
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr "|NOMBRE|conectar al socket Assuan NOMBRE"
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr "ejecutar el servidor Assuan indicando en línea de órdenes"
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr "no usar el modo de conexión extendido"
+
+#: tools/gpg-connect-agent.c:80
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|FICHERO|ejecuta órdenes de FICHERO al empezar"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr "ejecutar /subst al empezar"
+
+#: tools/gpg-connect-agent.c:184
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Uso: gpg-connect-agent [opciones] (-h para ayuda)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+"Sintaxis: gpg-connect-agent [opciones]\n"
+"Conectar a un agente que se está ejecutando y mandar órdenes\n"
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr "la opción \"%s\" necesita un programa y parámetros opcionales\n"
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr "la opción \"%s\" se ignora por \"%s\"\n"
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, c-format
+msgid "receiving line failed: %s\n"
+msgstr "fallo recibiendo la línea: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+msgid "line too long - skipped\n"
+msgstr "línea demasiado larga -omitida\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr "línea acortada por culpa del caracter Nul incluído\n"
+
+#: tools/gpg-connect-agent.c:1743
+#, c-format
+msgid "unknown command `%s'\n"
+msgstr "orden desconocida `%s'\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, c-format
+msgid "sending line failed: %s\n"
+msgstr "fallo mandando la línea: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, c-format
+msgid "error sending %s command: %s\n"
+msgstr "error enviando orden %s: %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, c-format
+msgid "error sending standard options: %s\n"
+msgstr "error enviando opciones estándar: %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr "Opciones que controlan la salida de diagnósticos"
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr "Opciones que controlan la configuración"
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr "Opciones útiles para el depurado"
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr "|FICHERO|escribir logs en modo servidor en FICHERO"
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr "Opciones que controlan la seguridad"
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr "|N|las claves SSH caducan en N segundos"
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr "|N|establecer vida máxima del caché de PIN en N segundos"
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr "|N|establecer vida máxima de la clave SSH en N segundos"
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr "Opciones que fuerzan una política de frases contraseña"
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr "no permitir evitar la política de frases contraseña"
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr "|N|establecer longitud mínima para nuevas frases contraseña en N"
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr "|N|pedir al menos N caracteres no alfabéticos para nuevas contraseñas"
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr "|FICHERO|comprobar nuevas frases contraseña con el patrón en FICHERO"
+
+#: tools/gpgconf-comp.c:557
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|frase contraseña caduca tras N días"
+
+#: tools/gpgconf-comp.c:561
+msgid "do not allow the reuse of old passphrases"
+msgstr "no permite reusar antiguas frases contraseña"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NOMBRE|usa NOMBRE como clave secreta por defecto"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NOMBRE|cifra para el ususario NOMBRE también"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr "|ESPEC|establecer alias de email"
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr "Configuración para servidores de claves"
+
+#: tools/gpgconf-comp.c:688
+msgid "|URL|use keyserver at URL"
+msgstr "|URL|usar servidor de claves en URL"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr "permitir búsquedas PKA (peticiones DNS)"
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr "|MECANISMOS|usa MECANISMOS para encontrar claves por emails"
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr "prohibir todo acceso al dirmngr"
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NOMBRE|usa la codificación NOMBRE para frases contraseña PKCS#12"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr "no comprobar CRLs para certificados raíz"
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr "Opciones que controlan el formato de la salida"
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr "Opciones que controlan la interactividad y obligación"
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr "Configuración de servidores HTTP"
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr "usar configuración del proxy HTTP del sistema"
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr "Configuración de servidores LDAP que se usará"
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr "lista de servidores LDAP"
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr "Configuración de OCSP"
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr "Verificación externa del componente %s fallida"
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr "Note que las especificación de grupo se ignoran\n"
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr "listar todos los componentes"
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr "comprobar todos los programas"
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr "|COMPONENTE|lista de opciones"
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr "|COMPONENTE|cambiar opciones"
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr "|COMPONENTE|comprobar opciones"
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr "aplicar valores globales por defecto"
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr "obtener directorios de configuración para gpgconf"
+
+#: tools/gpgconf.c:72
+msgid "list global configuration file"
+msgstr "listar fichero de configuración global"
+
+#: tools/gpgconf.c:74
+msgid "check global configuration file"
+msgstr "comprobar fichero global de configuración"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "usa como fichero de salida"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr "activar cambios en tiempo de ejecución, si es posible"
+
+#: tools/gpgconf.c:105
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Uso: gpgconf [opciones] (-h para ayuda)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+"Sintaxis: gpgconf [opciones]\n"
+"Administrar opciones de configuración de las herramientas GnuPG\n"
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+msgid "usage: gpgconf [options] "
+msgstr "uso: gpgconf [opciones] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr "Necesita un argumento de un componente"
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+msgid "Component not found"
+msgstr "Componente no encontrado"
+
+#: tools/gpgconf.c:284
+msgid "No argument allowed"
+msgstr "No se permiten parámetros"
+
+# Órdenes, please...
+# Sí, este no he podido ser yo :-) Por cierto, ¿por qué la O no se
+# puede acentuar? ¿demasiado alta?
+# ¿Quién dice que no se puede? :-)
+#: tools/symcryptrun.c:154
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@\n"
+"Órdenes:\n"
+" "
+
+#: tools/symcryptrun.c:156
+msgid "decryption modus"
+msgstr "modo de descifrado"
+
+#: tools/symcryptrun.c:157
+msgid "encryption modus"
+msgstr "modo de cifrado"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr "clase de herramienta (confucius)"
+
+#: tools/symcryptrun.c:162
+msgid "program filename"
+msgstr "nombre del programa"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr "fichero de clave secreta (requerido)"
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr "nombre del fichero de entrada (por defecto stdin)"
+
+#: tools/symcryptrun.c:209
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Uso: symcryptrun [opciones] (-h para ayuda)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+"Sintaxis: symcryptrun --class CLASE --program PROGRAMA --keyfile FICHERO "
+"[opciones...] ORDEN [fichero entrada]\n"
+"Invocar una herramienta simple de cifrado simétrico\n"
+
+#: tools/symcryptrun.c:281
+#, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s en %s abortó con estado %i\n"
+
+#: tools/symcryptrun.c:288
+#, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "%s en %s falló con estado %i\n"
+
+#: tools/symcryptrun.c:314
+#, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "no se puede crear el directorio temporal `%s': %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "no se puede abrir %s para escribir: %s\n"
+
+#: tools/symcryptrun.c:382
+#, c-format
+msgid "error writing to %s: %s\n"
+msgstr "error escribiendo en %s: %s\n"
+
+#: tools/symcryptrun.c:389
+#, c-format
+msgid "error reading from %s: %s\n"
+msgstr "error leyendo de %s: %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, c-format
+msgid "error closing %s: %s\n"
+msgstr "error cerrando %s: %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr "falta la opción --program\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr "sólo pueden usarse --decrypt y --encrypt\n"
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr "falta la opción --keyfile\n"
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr "no puedo reservar espacio para el vector de parámetros\n"
+
+#: tools/symcryptrun.c:529
+#, c-format
+msgid "could not create pipe: %s\n"
+msgstr "no se pudo crear la tubería: %s\n"
+
+#: tools/symcryptrun.c:536
+#, c-format
+msgid "could not create pty: %s\n"
+msgstr "no se pudo crear pty: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr "no se puede bifurcar: %s\n"
+
+#: tools/symcryptrun.c:580
+#, c-format
+msgid "execv failed: %s\n"
+msgstr "execv fallido: %s\n"
+
+#: tools/symcryptrun.c:609
+#, c-format
+msgid "select failed: %s\n"
+msgstr "select fallido: %s\n"
+
+#: tools/symcryptrun.c:626
+#, c-format
+msgid "read failed: %s\n"
+msgstr "lectura fallida: %s\n"
+
+#: tools/symcryptrun.c:678
+#, c-format
+msgid "pty read failed: %s\n"
+msgstr "lectura de pty fallida: %s\n"
+
+#: tools/symcryptrun.c:730
+#, c-format
+msgid "waitpid failed: %s\n"
+msgstr "waitpid fallido: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr "proceso hijo abortado con estado %i\n"
+
+#: tools/symcryptrun.c:799
+#, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "no puedo reservar espacio para la cadena de entrada: %s\n"
+
+#: tools/symcryptrun.c:812
+#, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "no puedo reservar espacio para la cadena de salida: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr "debe darse %s o bien %s\n"
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr "se necesita una clase\n"
+
+#: tools/symcryptrun.c:1022
+#, c-format
+msgid "class %s is not supported\n"
+msgstr "la clase %s no puede usarse\n"
+
+#: tools/gpg-check-pattern.c:145
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr ""
+"Uso: gpg-check-pattern [opciones] [fichero_de_patrones] (-h para ayuda)\n"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+"Sintaxis: gpg-check-pattern [opciones] fichero_de_patrones\n"
+"Compara frase contraseña dada en entrada estándar con un fichero de "
+"patrones\n"
+
+#~ msgid "Command> "
+#~ msgstr "Orden> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr ""
+#~ "La base de datos de confianza está dañada. Por favor, ejecute\n"
+#~ "\"gpg --fix-trust-db\".\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr "Por favor, informe de posibles \"bugs\" a <gnupg-bugs@gnu.org>.\n"
+
+#~ msgid "Please report bugs to "
+#~ msgstr "Por favor, informe de \"bugs\" a "
+
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "El par de claves DSA tendrá %u bits.\n"
+
+#~ msgid "this command has not yet been implemented\n"
+#~ msgstr "esta orden no está aún implementada\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Repita frase contraseña\n"
+
+#~ msgid "||Please enter your PIN at the reader's keypad%%0A[sigs done: %lu]"
+#~ msgstr ""
+#~ "||Introduzca su PIN en el teclado del lector%%OA[firmas hechas: %lu]"
+
+#~ msgid "|A|Admin PIN"
+#~ msgstr "|A|PIN Administrador"
+
+#~ msgid "read options from file"
+#~ msgstr "leyendo opciones desde fichero"
+
+#~ msgid "Used libraries:"
+#~ msgstr "Bibliotecas utilizadas:"
+
+#~ msgid "|algo [files]|print message digests"
+#~ msgstr "|algo [ficheros]|imprime resúmenes de mensaje"
+
+#~ msgid "generate PGP 2.x compatible messages"
+#~ msgstr "generar mensajes compatibles con PGP 2.x"
+
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[FILE]|crea una firma"
+
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[FICHERO]|crea una firma en texto claro"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|NOMBRE|usa NOMBRE como destinatario por defecto"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "usa la clave por defecto como destinatario"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "fuerza firmas v3"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "siempre usa un MDC para cifrar"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "añade este anillo secreto a la lista"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|NOMBRE|usa el juego de caracteres NOMBRE"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|FICHERO|carga módulo de extensiones FICHERO"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|usa el algoritmo de compresión N"
+
+#~ msgid "remove key from the public keyring"
+#~ msgstr "elimina clave del anillo público"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Está en su mano asignar un valor aquí. Dicho valor nunca será exportado "
+#~ "a\n"
+#~ "terceros. Es necesario para implementar la red de confianza, no tiene "
+#~ "nada\n"
+#~ "que ver con la red de certificados (implícitamente creada)."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Para construir la Red-de-Confianza, GnuPG necesita saber qué claves\n"
+#~ "tienen confianza absoluta - normalmente son las claves para las que "
+#~ "usted\n"
+#~ "puede acceder a la clave secreta. Conteste \"sí\" para hacer que esta\n"
+#~ "clave se considere como de total confianza\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Si quiere usar esta clave no fiable de todos modos, conteste \"sí\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr "Introduzca el ID de usuario al que quiere enviar el mensaje."
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the Digital Signature Algorithm and can only be used\n"
+#~ "for signatures.\n"
+#~ "\n"
+#~ "Elgamal is an encrypt-only algorithm.\n"
+#~ "\n"
+#~ "RSA may be used for signatures or encryption.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of signing."
+#~ msgstr ""
+#~ "Seleccione el algoritmo que usar.\n"
+#~ "\n"
+#~ "DSA (alias DSS) es el Algoritmo de Firma Digital y sólo se usa para "
+#~ "firmas.\n"
+#~ "\n"
+#~ "Elgamal es un algoritmo sólo para cifrar.\n"
+#~ "\n"
+#~ "RSA sirve tanto para firmar como para cifrar.\n"
+#~ "\n"
+#~ "La primera clave (clave primaria) debe ser siempre de tipo capaz de "
+#~ "firmar."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "En general no es una buena idea usar la misma clave para firmar y\n"
+#~ "cifrar. Este algoritmo debéria usarse solo en ciertos contextos.\n"
+#~ "Por favor consulte primero a un experto en seguridad."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Introduzca la longitud de la clave"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Responda \"sí\" o \"no\""
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Introduzca el valor requerido conforme se muestra.\n"
+#~ "Es posible introducir una fecha ISO (AAAA-MM-DD), pero no se obtendrá "
+#~ "una\n"
+#~ "buena respuesta a los errores; el sistema intentará interpretar el valor\n"
+#~ "introducido como un intervalo."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Introduzca el nombre del dueño de la clave"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr ""
+#~ "Introduzca una dirección de correo electrónico (opcional pero muy\n"
+#~ "recomendable)"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Introduzca un comentario opcional"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N para cambiar el nombre.\n"
+#~ "C para cambiar el comentario.\n"
+#~ "E para cambiar la dirección.\n"
+#~ "O para continuar con la generación de clave.\n"
+#~ "S para interrumpir la generación de clave."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr "Responda \"sí\" (o sólo \"s\") para generar la subclave."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Cuando firme un ID de usuario en una clave, debería verificar que la "
+#~ "clave\n"
+#~ "pertenece a la persona que se nombra en el ID de usuario. Es útil para\n"
+#~ "otros saber cómo de cuidadosamente lo ha verificado.\n"
+#~ "\n"
+#~ "\"0\" significa que no hace ninguna declaración concreta sobre como ha\n"
+#~ " comprobado la validez de la clave.\n"
+#~ "\n"
+#~ "\"1\" significa que cree que la clave pertenece a la persona que declara\n"
+#~ " poseerla pero no pudo o no verificó la clave en absoluto. Esto es "
+#~ "útil\n"
+#~ " para una verificación en persona cuando firmas la clave de un "
+#~ "usuario\n"
+#~ " pseudoanónimo.\n"
+#~ "\n"
+#~ "\"2\" significa que hizo una comprobación informal de la clave. Por "
+#~ "ejemplo\n"
+#~ " podría querer decir que comprobó la huella dactilar de la clave y\n"
+#~ " comprobó el ID de usuario en la clave con un ID fotográfico.\n"
+#~ "\n"
+#~ "\"3\" significa que hizo una comprobación exhaustiva de la clave. Por\n"
+#~ " ejemplo verificando la huella dactilar de la clave con el "
+#~ "propietario\n"
+#~ " de la clave, y que comprobó, mediante un documento difícil de "
+#~ "falsificar\n"
+#~ " con ID fotográfico (como un pasaporte) que el nombre del poseedor "
+#~ "de la\n"
+#~ " clave coincide con el ID de usuario en la clave y finalmente que "
+#~ "verificó\n"
+#~ " (intercambiando email) que la dirección de email de la clave "
+#~ "pertenece\n"
+#~ " al poseedor de la clave.\n"
+#~ "\n"
+#~ "Observe que los ejemplos dados en los niveles 2 y 3 son *solo* ejemplos.\n"
+#~ "En definitiva, usted decide lo que significa \"informal\" y \"exhaustivo"
+#~ "\"\n"
+#~ "para usted cuando firma las claves de otros.\n"
+#~ "\n"
+#~ "Si no sabe qué contestar, conteste \"0\"."
+
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "Responda \"sí\" si quiere firmar TODOS los IDs de usuario"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Responda \"sí\" si realmente quiere borrar este ID de usuario.\n"
+#~ "¡También se perderán todos los certificados!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Responda \"sí\" si quiere borrar esta subclave"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Esta es una firma válida de esta clave. Normalmente no será deseable\n"
+#~ "borrar esta firma ya que puede ser importante para establecer una "
+#~ "conexión\n"
+#~ "de confianza con la clave o con otra clave certificada por ésta."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Esta firma no puede ser comprobada porque no tiene Vd. la clave\n"
+#~ "correspondiente. Debería posponer su borrado hasta conocer qué clave\n"
+#~ "se usó, ya que dicha clave podría establecer una conexión de confianza\n"
+#~ "a través de otra clave certificada."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr "Esta firma no es válida. Tiene sentido borrarla de su anillo."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Esta es una firma que une el ID de usuario a la clave. No suele ser una\n"
+#~ "buena idea borrar dichas firmas. De hecho, GnuPG podría no ser capaz de\n"
+#~ "volver a usar esta clave. Así que bórrela tan sólo si esta autofirma no\n"
+#~ "es válida por alguna razón y hay otra disponible."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Cambiar las preferencias de todos los IDs de usuario (o sólo los \n"
+#~ "seleccionados) a la lista actual de preferencias. El sello de tiempo\n"
+#~ "de todas las autofirmas afectadas se avanzará en un segundo.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "Por favor introduzca la contraseña: una frase secreta \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr "Repita la última frase contraseña para asegurarse de lo que tecleó."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Introduzca el nombre del fichero al que corresponde la firma"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Responda \"sí\" para sobreescribir el fichero"
+
+# Sugerencia: ENTER -> INTRO.
+# Aceptada.
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Introduzca un nuevo nombre de fichero. Si pulsa INTRO se usará el "
+#~ "fichero\n"
+#~ "por omisión (mostrado entre corchetes)."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Debería especificar un motivo para la certificación. Dependiendo del\n"
+#~ "contexto puede elegir una opción de esta lista:\n"
+#~ " \"La clave ha sido comprometida\"\n"
+#~ " Use esto si tiene razones para pensar que personas no autorizadas\n"
+#~ " tuvieron acceso a su clave secreta.\n"
+#~ " \"La clave ha sido sustituida\"\n"
+#~ " Use esto si ha reemplazado la clave por otra más nueva.\n"
+#~ " \"La clave ya no está en uso\"\n"
+#~ " Use esto si ha dejado de usar esta clave.\n"
+#~ " \"La identificación de usuario ya no es válida\"\n"
+#~ " Use esto para señalar que la identificación de usuario no debería\n"
+#~ " seguir siendo usada; esto se utiliza normalmente para marcar una\n"
+#~ " dirección de correo-e como inválida.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Si lo desea puede introducir un texto explicando por qué emite\n"
+#~ "este certificado de revocación. Por favor, que el texto sea breve.\n"
+#~ "Una línea vacía pone fin al texto.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "no uede poner datos de notación en claves v3 (estilo PGP 2.x)\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr ""
+#~ "no se puede elegir una clave tipo PGP 2.x como revocador designado\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "no puede poner URL de política en firmas v3 (estilo PGP 2.x)\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "no puede poner URL de política en firmas de claves v3 (estilo PGP 2.x)\n"
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "ayuda"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr "por favor, vea http://www.gnupg.org/faq.html para más información\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "el agente gpg no esta disponible en esta sesión\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Por favor seleccione tipo de clave que generar:\n"
+
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr "no se carga el cifrado de ampliación `%s' por permisos inseguros\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA necesita un algoritmo de hash de 160 bits.\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "problema con el agente - inhabilitando el uso del agente\n"
+
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "imposible pedir frase contraseña en modo de proceso por lotes\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Introduzca frase contraseña: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Repita frase contraseña: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [id-usuario] [anillo]"
+
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "no se puede generar un primo con pbits=%u qbits=%u\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "no se puede generar un primo con menos de %d bits\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "no se ha detectado módulo acumulador de entropía\n"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "no se puede bloquear `%s'\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "no se puede obtener información de `%s': %s\n"
+
+# ignore no es ignorar, es no tener en cuenta, ignorar es not to know.
+# Sugerencia: descartar.
+# Sugerencia a la sugerencia: ¿qué tal omitido? (pasar en silencio una
+# cosa; excluirla de lo que se habla o escribe) dice el diccionario.
+# Bien. También se puede poner "descartado".
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "`%s` no es un fichero regular - descartado\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "nota: el fichero de semillas aleatorias está vacío\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr ""
+#~ "ATENCIÓN: tamaño incorrecto del fichero de semillas aleatorias - no se "
+#~ "usa\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "no se puede leer `%s': %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "nota: el fichero de semillas aleatorias no se ha actualizado\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "no se puede escribir `%s': %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "no se puede cerrar `%s': %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "ATENCIÓN: ¡usando un generador de números aleatorios inseguro!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "El generador de números aleatorios es sólo un apaño\n"
+#~ "para poder compilar. ¡No es en absoluto un generador seguro!\n"
+#~ "\n"
+#~ "¡NO USE DATOS GENERADOS POR ESTE PROGRAMA!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Por favor espere, se está reuniendo entropía. Haga alguna otra cosa con\n"
+#~ "el ordenador mientras tanto si eso hace que no se aburra, porque eso\n"
+#~ "mejorará la calidad de la entropía.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "No hay suficientes bytes aleatorios disponibles. Por favor, haga algún\n"
+#~ "otro trabajo para que el sistema pueda recolectar más entropía\n"
+#~ "(se necesitan %d bytes más).\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "clave secreta no disponible"
+
+#~ msgid "Please insert the card and hit return or enter 'c' to cancel: "
+#~ msgstr "Inserte la tarjeta y pulse Intro o escriba 'c' para cancelar: "
+
+#~ msgid "Hit return when ready or enter 'c' to cancel: "
+#~ msgstr "Pulse Intro cuando esté listo"
+
+#~ msgid "Enter New Admin PIN: "
+#~ msgstr "Introduzca nuevo PIN de administrador: "
+
+#~ msgid "Enter New PIN: "
+#~ msgstr "Introduzca el nuevo PIN: "
+
+#~ msgid "Enter Admin PIN: "
+#~ msgstr "Introduzca PIN de administrador: "
+
+#, fuzzy
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "el agente gpg no esta disponible en esta sesión\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "algoritmos en estos IDs de usuarios:\n"
+
+#~ msgid "general error"
+#~ msgstr "Error general"
+
+#~ msgid "unknown packet type"
+#~ msgstr "Formato desconocido"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "Algoritmo de clave pública desconocido"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "Algoritmo desconocido de resumen de mensaje"
+
+#~ msgid "bad public key"
+#~ msgstr "Clave pública incorrecta"
+
+#~ msgid "bad secret key"
+#~ msgstr "Clave secreta incorrecta"
+
+#~ msgid "bad signature"
+#~ msgstr "Firma incorrecta"
+
+#~ msgid "checksum error"
+#~ msgstr "Error en la suma de comprobación"
+
+#~ msgid "unknown cipher algorithm"
+#~ msgstr "Algoritmo de cifrado desconocido"
+
+# ¿y llavero?
+# Hombre... las claves son parecidas a las llaves pero no lo mismo
+# toda la literatura en castellano usa "anillos de claves" si un
+# programa nos habla del llavero ¿no puedo abrir el llavero? nos
+# miraremos en el bolsillo bastante desconcertados. No creo que se
+# trate de establecer una nomenclatura propia.
+# A lo mejor toda esa literatura está producida por gente que no sabía
+# cómo se dice llavero en inglés...
+# Si los ingleses dicen llavero en su idioma ¿por qué no vamos a poder
+# nosotros decir lo mismo en el nuestro?
+#~ msgid "can't open the keyring"
+#~ msgstr "No se puede abrir el anillo de claves"
+
+#~ msgid "invalid packet"
+#~ msgstr "paquete inválido"
+
+#~ msgid "invalid armor"
+#~ msgstr "armadura inválida"
+
+#~ msgid "no such user id"
+#~ msgstr "no existe el ID de usuario"
+
+#~ msgid "secret key not available"
+#~ msgstr "clave secreta no disponible"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "clave secreta incorrecta"
+
+#~ msgid "not supported"
+#~ msgstr "no disponible"
+
+#~ msgid "bad key"
+#~ msgstr "clave incorrecta"
+
+#~ msgid "file write error"
+#~ msgstr "error de escritura"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "algoritmo de compresión desconocido"
+
+#~ msgid "file open error"
+#~ msgstr "error al abrir fichero"
+
+#~ msgid "file create error"
+#~ msgstr "error al crear fichero"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "frase contraseña incorrecta"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "algoritmo de clave pública no implementado"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "algoritmo de cifrado no implementado"
+
+#~ msgid "unknown signature class"
+#~ msgstr "clase de firma desconocida"
+
+#~ msgid "trust database error"
+#~ msgstr "error en la base de datos de confianza"
+
+#~ msgid "resource limit"
+#~ msgstr "límite de recurso"
+
+#~ msgid "invalid keyring"
+#~ msgstr "anillo inválido"
+
+#~ msgid "bad certificate"
+#~ msgstr "certificado incorrecto"
+
+#~ msgid "malformed user id"
+#~ msgstr "ID de usuario mal formado"
+
+#~ msgid "file close error"
+#~ msgstr "error al cerrar fichero"
+
+#~ msgid "file rename error"
+#~ msgstr "error al renombrar fichero"
+
+#~ msgid "file delete error"
+#~ msgstr "error al borrar fichero"
+
+#~ msgid "unexpected data"
+#~ msgstr "datos inesperados"
+
+# o tal vez "en el sello..."
+# Creo que es mejor "con el sello de fecha", no es un conflicto
+# del sello en si mismo sino en relación con el mensaje.
+# Ok.
+#~ msgid "timestamp conflict"
+#~ msgstr "conflicto con el sello de fecha"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "algoritmo de clave pública no utilizable"
+
+#~ msgid "file exists"
+#~ msgstr "el fichero existe"
+
+#~ msgid "weak key"
+#~ msgstr "clave débil"
+
+#~ msgid "bad URI"
+#~ msgstr "URI incorrecto"
+
+#~ msgid "unsupported URI"
+#~ msgstr "URI no disponible"
+
+#~ msgid "network error"
+#~ msgstr "error de red"
+
+#~ msgid "not processed"
+#~ msgstr "no procesado"
+
+#~ msgid "unusable public key"
+#~ msgstr "clave pública inutilizable"
+
+#~ msgid "unusable secret key"
+#~ msgstr "clave secreta inutilizable"
+
+#~ msgid "keyserver error"
+#~ msgstr "error del servidor de claves"
+
+#~ msgid "no card"
+#~ msgstr "no hay tarjeta"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "no hay datos firmados\n"
+
+#~ msgid "ERROR: "
+#~ msgstr "ERROR: "
+
+#~ msgid "WARNING: "
+#~ msgstr "ATENCION: "
+
+# bicho :-)
+# ¿Error simplemente?
+# Uf, preferiría bug, si leo "error" voy a pensar en otra cosa distinta...
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... esto es un bug (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "ATENCIÓN: ¡se está usando memoria insegura!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "operación imposible sin memoria segura inicializada\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr ""
+#~ "(es posible que haya usado el programa incorrecto para esta tarea)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr ""
+#~ "por favor vea http://www.gnupg.org/why-not-idea.html para más "
+#~ "información\n"
+
+#, fuzzy
+#~ msgid "all export-clean-* options from above"
+#~ msgstr "lee opciones del fichero"
+
+#, fuzzy
+#~ msgid "all import-clean-* options from above"
+#~ msgstr "lee opciones del fichero"
+
+#~ msgid "expired: %s)"
+#~ msgstr "caducó: %s)"
+
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr "clave %s: firma caducada con la clave %s - omitida\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "no se puede ejecutar el programa `%s': %s\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "No hay clave secreta para tal usuario\n"
+
+#~ msgid "length of RSA modulus is not %d\n"
+#~ msgstr "la longitud del módulo RSA no es %d\n"
+
+#~ msgid "length of an RSA prime is not %d\n"
+#~ msgstr "la longitud del primo RSA no es %d\n"
+
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr "frase de paso mala o algoritmo de cifrado desconocido (%d)\n"
+
+#~ msgid "can't set client pid for the agent\n"
+#~ msgstr "no puedo establecer pid para el agente\n"
+
+#~ msgid "can't get server read FD for the agent\n"
+#~ msgstr "no puedo conseguir el FD de lectura para el agente\n"
+
+#~ msgid "can't get server write FD for the agent\n"
+#~ msgstr "no puedo conseguir el FD de escritura para el agente\n"
+
+#~ msgid "invalid response from agent\n"
+#~ msgstr "respuesta del agente inválida\n"
+
+#~ msgid "digest algorithm `%s' is read-only in this release\n"
+#~ msgstr "el algoritmo de resumen `%s' es de sólo lectura en esta versión\n"
+
+#~ msgid ""
+#~ "WARNING: digest `%s' is not part of OpenPGP. Use at your own risk!\n"
+#~ msgstr ""
+#~ "AVISO: el resumen `%s' no es parte de OpenPGP. ¡Úselo bajo su "
+#~ "responsabilidad!\n"
+
+#~ msgid "|[files]|encrypt files"
+#~ msgstr "|[ficheros]|cifra ficheros"
+
+#~ msgid "store only"
+#~ msgstr "sólo almacenar"
+
+#~ msgid "|[files]|decrypt files"
+#~ msgstr "|[ficheros]|descifra ficheros"
+
+#~ msgid "sign a key non-revocably"
+#~ msgstr "firma la clave no revocablemente"
+
+#~ msgid "sign a key locally and non-revocably"
+#~ msgstr "firma la clave localmente y no revocablemente"
+
+#~ msgid "list only the sequence of packets"
+#~ msgstr "lista sólo la secuencia de paquetes"
+
+#~ msgid "export the ownertrust values"
+#~ msgstr "exporta los valores de confianza"
+
+#~ msgid "unattended trust database update"
+#~ msgstr "actualiza la base de datos de confianza"
+
+#~ msgid "fix a corrupted trust database"
+#~ msgstr "arregla una base de datos de confianza dañada"
+
+#~ msgid "De-Armor a file or stdin"
+#~ msgstr "quita la armadura de un fichero o de la entrada estándar"
+
+#~ msgid "En-Armor a file or stdin"
+#~ msgstr "crea la armadura a un fichero o a la entrada estándar"
+
+#~ msgid "do not force v3 signatures"
+#~ msgstr "no fuerza firmas v3"
+
+#~ msgid "force v4 key signatures"
+#~ msgstr "fuerza firmas v4"
+
+#~ msgid "do not force v4 key signatures"
+#~ msgstr "no fuerza firmas v4"
+
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "nunca usa un MDC para cifrar"
+
+# usa
+# Vale.
+#~ msgid "use the gpg-agent"
+#~ msgstr "usa el agente gpg"
+
+#~ msgid "|[file]|write status info to file"
+#~ msgstr "|[fichero]|escribe información de estado en el fichero"
+
+#~ msgid "|KEYID|ultimately trust this key"
+#~ msgstr "|ID-CLAVE|confía plenamente en esta clave"
+
+#~ msgid "emulate the mode described in RFC1991"
+#~ msgstr "emula el modo descrito en la RFC1991"
+
+#~ msgid "set all packet, cipher and digest options to OpenPGP behavior"
+#~ msgstr "todas las opciones de paquete, cifrado y resumen tipo OpenPGP"
+
+#~ msgid "set all packet, cipher and digest options to PGP 2.x behavior"
+#~ msgstr "todas las opciones de paquete, cifrado y resumen tipo PGP 2.x"
+
+#~ msgid "|NAME|use message digest algorithm NAME for passphrases"
+#~ msgstr ""
+#~ "|NOMBRE|usa algoritmo de resumen de mensaje NOMBRE para las contraseñas"
+
+#~ msgid "throw keyid field of encrypted packets"
+#~ msgstr "elimina campo keyid de los paquetes cifrados"
+
+#~ msgid "Show Photo IDs"
+#~ msgstr "Muestra IDs fotográficos"
+
+#~ msgid "Don't show Photo IDs"
+#~ msgstr "No muestra IDs fotográficos"
+
+#~ msgid "Set command line to view Photo IDs"
+#~ msgstr "Ajusta linea de comandos para ver IDs fotográficos"
+
+#~ msgid "compress algorithm `%s' is read-only in this release\n"
+#~ msgstr ""
+#~ "el algoritmo de compresión `%s' es de sólo lectura en esta versión\n"
+
+#~ msgid "compress algorithm must be in range %d..%d\n"
+#~ msgstr "el algoritmo de compresión debe estar en el rango %d-%d\n"
+
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--nrsign-key id-usuario"
+
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--nrlsign-key id-usuario"
+
+#~ msgid "key %08lX: key has been revoked!\n"
+#~ msgstr "clave %08lX: ¡esta clave ha sido revocada!\n"
+
+#~ msgid "key %08lX: subkey has been revoked!\n"
+#~ msgstr "clave %08lX: ¡esta subclave ha sido revocada!\n"
+
+#~ msgid "%08lX: key has expired\n"
+#~ msgstr "%08lX: clave caducada\n"
+
+#~ msgid "%08lX: We do NOT trust this key\n"
+#~ msgstr "%08lX: ¡Esta clave NO es de confianza!\n"
+
+#~ msgid ""
+#~ "%08lX: It is not sure that this key really belongs to the owner\n"
+#~ "but it is accepted anyway\n"
+#~ msgstr ""
+#~ "%08lX: No hay seguridad que esta clave pertenezca realmente a su \n"
+#~ "proprietario pero se acepta igualmente\n"
+
+#~ msgid "preference %c%lu is not valid\n"
+#~ msgstr "la preferencia %c%lu no es válida\n"
+
+#~ msgid ""
+#~ "About to generate a new %s keypair.\n"
+#~ " minimum keysize is 768 bits\n"
+#~ " default keysize is 1024 bits\n"
+#~ " highest suggested keysize is 2048 bits\n"
+#~ msgstr ""
+#~ "Listo para generar un nuevo par de claves %s.\n"
+#~ " el tamaño mínimo es 768 bits\n"
+#~ " el tamaño por defecto es 1024 bits\n"
+#~ " el tamaño máximo recomendado es 2048 bits\n"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "DSA sólo permite tamaños desde 512 a 1024\n"
+
+#~ msgid "keysize too small; 1024 is smallest value allowed for RSA.\n"
+#~ msgstr ""
+#~ "tamaño de clave insuficiente; 1024 es el mínimo permitido para RSA.\n"
+
+#~ msgid "keysize too small; 768 is smallest value allowed.\n"
+#~ msgstr "tamaño insuficiente; 768 es el valor mínimo permitido\n"
+
+#~ msgid "keysize too large; %d is largest value allowed.\n"
+#~ msgstr "tamaño excesivo; %d es el máximo valor permitido.\n"
+
+#~ msgid ""
+#~ "Keysizes larger than 2048 are not suggested because\n"
+#~ "computations take REALLY long!\n"
+#~ msgstr ""
+#~ "No se recomiendan claves de más de 2048 bits porque\n"
+#~ "¡el tiempo de cálculo es REALMENTE largo!\n"
+
+#~ msgid "Are you sure that you want this keysize? "
+#~ msgstr "¿Seguro que quiere una clave de este tamaño? "
+
+#~ msgid ""
+#~ "Okay, but keep in mind that your monitor and keyboard radiation is also "
+#~ "very vulnerable to attacks!\n"
+#~ msgstr ""
+#~ "De acuerdo, ¡pero tenga en cuenta que las radiaciones de su monitor y\n"
+#~ "teclado también son vulnerables a un ataque!\n"
+
+#~ msgid "%s: can't open: %s\n"
+#~ msgstr "%s: no se puede abrir: %s\n"
+
+#~ msgid "%s: WARNING: empty file\n"
+#~ msgstr "%s: ATENCIÓN: fichero vacío\n"
+
+#~ msgid "key %08lX: not a rfc2440 key - skipped\n"
+#~ msgstr "clave %08lX: no es conforme a rfc2440 - omitida\n"
+
+#~ msgid ""
+#~ "NOTE: Elgamal primary key detected - this may take some time to import\n"
+#~ msgstr ""
+#~ "NOTA: detectada clave primaria Elgamal - puede llevar algo de tiempo "
+#~ "importarla\n"
+
+#~ msgid " (default)"
+#~ msgstr "(por defecto)"
+
+#~ msgid "Really sign? "
+#~ msgstr "¿Firmar de verdad? "
+
+#~ msgid "q"
+#~ msgstr "s"
+
+#~ msgid "save"
+#~ msgstr "graba"
+
+#~ msgid "fpr"
+#~ msgstr "hdac"
+
+#~ msgid "list"
+#~ msgstr "lista"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "uid"
+#~ msgstr "idu"
+
+#~ msgid "key"
+#~ msgstr "clave"
+
+#~ msgid "select secondary key N"
+#~ msgstr "selecciona clave secundaria N"
+
+#~ msgid "check"
+#~ msgstr "comprueba"
+
+#~ msgid "list signatures"
+#~ msgstr "lista firmas"
+
+#~ msgid "sign the key"
+#~ msgstr "firma la clave"
+
+#~ msgid "s"
+#~ msgstr "s"
+
+#~ msgid "lsign"
+#~ msgstr "firmal"
+
+#~ msgid "nrsign"
+#~ msgstr "firmanr"
+
+#~ msgid "sign the key non-revocably"
+#~ msgstr "firma la clave irrevocablemente"
+
+#~ msgid "nrlsign"
+#~ msgstr "firmanrl"
+
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "firma la clave local e irrevocablemente"
+
+#~ msgid "debug"
+#~ msgstr "depura"
+
+#~ msgid "adduid"
+#~ msgstr "añaidu"
+
+#~ msgid "addphoto"
+#~ msgstr "añadirfoto"
+
+#~ msgid "deluid"
+#~ msgstr "borridu"
+
+#~ msgid "delphoto"
+#~ msgstr "borfoto"
+
+#~ msgid "add a secondary key"
+#~ msgstr "añade una clave secundaria"
+
+#~ msgid "delkey"
+#~ msgstr "borrcla"
+
+#~ msgid "addrevoker"
+#~ msgstr "añarevoc"
+
+#~ msgid "delsig"
+#~ msgstr "borrfir"
+
+#~ msgid "delete signatures"
+#~ msgstr "borra firmas"
+
+#~ msgid "primary"
+#~ msgstr "primaria"
+
+#~ msgid "toggle"
+#~ msgstr "cambia"
+
+#~ msgid "t"
+#~ msgstr "t"
+
+#~ msgid "pref"
+#~ msgstr "pref"
+
+#~ msgid "showpref"
+#~ msgstr "verpref"
+
+#~ msgid "setpref"
+#~ msgstr "estpref"
+
+#~ msgid "updpref"
+#~ msgstr "actpref"
+
+#~ msgid "passwd"
+#~ msgstr "contr"
+
+#~ msgid "trust"
+#~ msgstr "conf"
+
+#~ msgid "revsig"
+#~ msgstr "revfir"
+
+#~ msgid "revoke signatures"
+#~ msgstr "revoca firmas"
+
+#~ msgid "revuid"
+#~ msgstr "revidu"
+
+#~ msgid "revoke a user ID"
+#~ msgstr "revocar un identificador de usuario"
+
+#~ msgid "revkey"
+#~ msgstr "revcla"
+
+#~ msgid "showphoto"
+#~ msgstr "verfoto"
+
+#~ msgid "%s%c %4u%c/%08lX created: %s expires: %s"
+#~ msgstr "%s%c %4u%c/%08lX creada: %s expira: %s"
+
+#~ msgid "rev! subkey has been revoked: %s\n"
+#~ msgstr "rev! ¡esta subclave ha sido revocada! %s\n"
+
+#~ msgid "rev- faked revocation found\n"
+#~ msgstr "rev- se encontró una revocación falsificada\n"
+
+#~ msgid ""
+#~ "\"\n"
+#~ "locally signed with your key %08lX at %s\n"
+#~ msgstr ""
+#~ "\"\n"
+#~ "firmada localmente con su clave %08lX el %s\n"
+
+#~ msgid " signed by %08lX at %s%s%s\n"
+#~ msgstr " firmada por %08lX el %s%s%s\n"
+
+#~ msgid " signed by %08lX at %s%s\n"
+#~ msgstr " firmada por %08lX el %s%s\n"
+
+#~ msgid "Policy: "
+#~ msgstr "Política: "
+
+#~ msgid "Experimental algorithms should not be used!\n"
+#~ msgstr "¡No se deberían usar algoritmos experimentales!\n"
+
+#~ msgid ""
+#~ "this cipher algorithm is deprecated; please use a more standard one!\n"
+#~ msgstr ""
+#~ "ese algoritmo de cifrado está desacreditado;¡por favor use uno más "
+#~ "estándar!\n"
+
+#~ msgid "can't get key from keyserver: %s\n"
+#~ msgstr "no puede obtenerse la clave en el servidor: %s\n"
+
+#~ msgid "success sending to `%s' (status=%u)\n"
+#~ msgstr "envió correcto a `%s` (estado=%u)\n"
+
+#~ msgid "failed sending to `%s': status=%u\n"
+#~ msgstr "falló el envio a `%s': status=%u\n"
+
+#~ msgid "this keyserver does not support --search-keys\n"
+#~ msgstr "este servidor de clave no proporciona --search-keys\n"
+
+#~ msgid "can't search keyserver: %s\n"
+#~ msgstr "no puede buscarse en el servidor: %s\n"
+
+#~ msgid ""
+#~ "key %08lX: this is a PGP generated ElGamal key which is NOT secure for "
+#~ "signatures!\n"
+#~ msgstr ""
+#~ "clave %08lX: clave ElGamal generada por PGP que NO es segura para "
+#~ "firmar!\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu second in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "clave %08lX creada %lu segundos en el futuro (salto en el tiempo o\n"
+#~ "problemas con el reloj)\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu seconds in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "clave %08lX creada %lu segundos en el futuro (salto en el tiempo o\n"
+#~ "problemas con el reloj)\n"
+
+#~ msgid "%s: can't access: %s\n"
+#~ msgstr "%s: no se puede abrir: %s\n"
+
+#~ msgid "%s: can't create lock\n"
+#~ msgstr "%s: no se puede crear bloqueo\n"
+
+#~ msgid "%s: can't make lock\n"
+#~ msgstr "%s: no se puede crear bloqueo\n"
+
+#~ msgid "%s: can't create: %s\n"
+#~ msgstr "%s: no se puede crear: %s\n"
+
+#~ msgid "key %08lX marked as ultimately trusted\n"
+#~ msgstr "clave %08lX marcada como de confianza absoluta\n"
+
+#~ msgid "signature from Elgamal signing key %08lX to %08lX skipped\n"
+#~ msgstr "firma de clave Elgamal %08lX a %08lX descartada\n"
+
+#~ msgid "signature from %08lX to Elgamal signing key %08lX skipped\n"
+#~ msgstr "firma de %08lX a la clave de firmado Elgamal %08lX descartada\n"
+
+#~ msgid "checking at depth %d signed=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+#~ msgstr ""
+#~ "comprobando en profundidad %d firmado=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%"
+#~ "d\n"
+
+#~ msgid "If you want to use this revoked key anyway, answer \"yes\"."
+#~ msgstr "Si quiere usar esta clave revocada de todos modos, conteste \"sí\"."
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the digital signature algorithm which can only be used\n"
+#~ "for signatures. This is the suggested algorithm because verification of\n"
+#~ "DSA signatures are much faster than those of ElGamal.\n"
+#~ "\n"
+#~ "ElGamal is an algorithm which can be used for signatures and encryption.\n"
+#~ "OpenPGP distinguishs between two flavors of this algorithms: an encrypt "
+#~ "only\n"
+#~ "and a sign+encrypt; actually it is the same, but some parameters must be\n"
+#~ "selected in a special way to create a safe key for signatures: this "
+#~ "program\n"
+#~ "does this but other OpenPGP implementations are not required to "
+#~ "understand\n"
+#~ "the signature+encryption flavor.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of "
+#~ "signing;\n"
+#~ "this is the reason why the encryption only ElGamal key is not available "
+#~ "in\n"
+#~ "this menu."
+#~ msgstr ""
+#~ "Seleccione el algoritmo que usará.\n"
+#~ "\n"
+#~ "DSA (también conocido como DSS) es un algoritmo de firma digital que "
+#~ "sólo\n"
+#~ "puede usarse para firmas. Es el algoritmo sugerido porque la "
+#~ "verificación\n"
+#~ "de firmas DSA es mucho más rápida que la de firmas ElGamal.\n"
+#~ "\n"
+#~ "ElGamal es un algoritmo que puede ser usado para firma y cifrado. "
+#~ "OpenPGP\n"
+#~ "distingue entre dos tipos de estos algoritmos: sólo para cifrado y para\n"
+#~ "firma y cifrado. En realidad es lo mismo, pero se deben seleccionar "
+#~ "ciertos\n"
+#~ "parámetros de una forma particular para crear una clave segura para "
+#~ "firmas:\n"
+#~ "este programa lo hace así, pero otras implementaciones de OpenPGP no "
+#~ "tienen\n"
+#~ "por qué entender el tipo de firma y cifrado.\n"
+#~ "\n"
+#~ "La clave primaria debe ser una clave capaz de firmar, es por ello que la\n"
+#~ "opción de clave ElGamal sólo para cifrado no está disponible en este menú."
+
+#~ msgid ""
+#~ "Although these keys are defined in RFC2440 they are not suggested\n"
+#~ "because they are not supported by all programs and signatures created\n"
+#~ "with them are quite large and very slow to verify."
+#~ msgstr ""
+#~ "Aunque estas claves están definidas en RFC2440, no se aconseja su uso,\n"
+#~ "ya que no todos los programas pueden utilizarlas y las firmas creadas\n"
+#~ "con ellas son bastante grandes y lentas de verificar."
+
+#~ msgid "%lu keys so far checked (%lu signatures)\n"
+#~ msgstr "hasta ahora procesadas %lu claves (%lu firmas)\n"
+
+#~ msgid "key incomplete\n"
+#~ msgstr "clave incompleta\n"
+
+#~ msgid "key %08lX incomplete\n"
+#~ msgstr "clave %08lX incompleta\n"
+
+#~ msgid "sorry, can't do this in batch mode\n"
+#~ msgstr "lo siento, no puede hacerse en modo de proceso por lotes\n"
+
+#~ msgid "error: missing colon\n"
+#~ msgstr "error: falta ':'\n"
+
+#~ msgid "error: no ownertrust value\n"
+#~ msgstr "error: no hay valor de confianza del propietario\n"
+
+#, fuzzy
+#~ msgid "quit|quit"
+#~ msgstr "salir"
+
+#~ msgid " (%d) ElGamal (sign and encrypt)\n"
+#~ msgstr " (%d) ElGamal (firmar y cifrar)\n"
+
+#~ msgid ""
+#~ "The use of this algorithm is only supported by GnuPG. You will not be\n"
+#~ "able to use this key to communicate with PGP users. This algorithm is "
+#~ "also\n"
+#~ "very slow, and may not be as secure as the other choices.\n"
+#~ msgstr ""
+#~ "El uso de este algoritmo sólo es posible con GnuPG. No será posible\n"
+#~ "comunicarse mediante esta clave con usuarios de PGP. Este algoritmo\n"
+#~ "es además muy lento, y podría no ser tan seguro como otros.\n"
+
+#~ msgid "Create anyway? "
+#~ msgstr "¿Crear de todas formas?"
+
+#~ msgid "invalid symkey algorithm detected (%d)\n"
+#~ msgstr "detectado algoritmo simétrico inválido (%d)\n"
+
+#~ msgid "this keyserver is not fully HKP compatible\n"
+#~ msgstr "este servidor de claves no es totalmente compatible con HKP\n"
+
+#~ msgid "The use of this algorithm is deprecated - create anyway? "
+#~ msgstr ""
+#~ "El uso de este algoritmo está desaconsejado - ¿crear de todas formas?"
+
+#~ msgid "|NAME=VALUE|use this notation data"
+#~ msgstr "|NOMBRE=VALOR|usa estos datos de notación"
+
+#~ msgid ""
+#~ "the first character of a notation name must be a letter or an underscore\n"
+#~ msgstr ""
+#~ "El primer carácter de una notación debe ser una letra o un subrayado\n"
+
+#~ msgid "dots in a notation name must be surrounded by other characters\n"
+#~ msgstr ""
+#~ "los puntos en una notación deben estar rodeados por otros caracteres\n"
+
+#~ msgid ""
+#~ "WARNING: This key already has a photo ID.\n"
+#~ " Adding another photo ID may confuse some versions of PGP.\n"
+#~ msgstr ""
+#~ "AVISO: Esta clave ya tiene identificador fotográfico.\n"
+#~ " Añadir otro ID puede confundir a algunas versiones de PGP.\n"
+
+#~ msgid "You may only have one photo ID on a key.\n"
+#~ msgstr "Solo puede tener un ID fotográfico en una clave.\n"
+
+#~ msgid " Fingerprint:"
+#~ msgstr " Huella dactilar:"
+
+#~ msgid "you have to start GnuPG again, so it can read the new options file\n"
+#~ msgstr "reinicie GnuPG otra vez para que lea el nuevo fichero de opciones\n"
+
+#~ msgid "changing permission of `%s' failed: %s\n"
+#~ msgstr "al cambiar permisos de `%s' ocurrió el fallo: %s\n"
+
+#, fuzzy
+#~ msgid "Are you sure you still want to sign it?\n"
+#~ msgstr "¿Seguro que quiere una clave de este tamaño? "
+
+#, fuzzy
+#~ msgid " Are you sure you still want to sign it?\n"
+#~ msgstr "¿Seguro que quiere una clave de este tamaño? "
+
+#~ msgid "too many random bits requested; the limit is %d\n"
+#~ msgstr "se solicitan demasiados bits aleatorios; el límite es %d\n"
+
+#~ msgid "|[NAMES]|check the trust database"
+#~ msgstr "|[NOMBRES]|comprueba la base de datos de confianza"
+
+#~ msgid "--delete-secret-key user-id"
+#~ msgstr "--delete-secret-key id-usuario"
+
+#~ msgid "--delete-key user-id"
+#~ msgstr "--delete-key id-usuario"
+
+#~ msgid "--delete-secret-and-public-key user-id"
+#~ msgstr "--delete-secret-and-public-key id-usuario"
+
+#~ msgid "For info see http://www.gnupg.org"
+#~ msgstr "Información en http://www.gnupg.org"
+
+#~ msgid "sSmMqQ"
+#~ msgstr "iImMqQ"
+
+#~ msgid ""
+#~ "Could not find a valid trust path to the key. Let's see whether we\n"
+#~ "can assign some missing owner trust values.\n"
+#~ "\n"
+#~ msgstr ""
+#~ "No puede encontrarse una ruta de confianza válida para esta clave. "
+#~ "Veamos\n"
+#~ "si es posible asignar algunos valores de confianza perdidos.\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "No path leading to one of our keys found.\n"
+#~ "\n"
+#~ msgstr ""
+#~ "No se ha encontrado ninguna ruta con una de nuestras claves.\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "No trust values changed.\n"
+#~ "\n"
+#~ msgstr ""
+#~ "No se cambió ningún valor de confianza.\n"
+#~ "\n"
+
+#~ msgid "%08lX: no info to calculate a trust probability\n"
+#~ msgstr ""
+#~ "%08lX: no hay información para calcular la probabilidad de confianza\n"
+
+#~ msgid "skipped: public key already set with --encrypt-to\n"
+#~ msgstr "omitida: clave pública ya designada con --encrypt-to\n"
+
+#~ msgid "%s: error checking key: %s\n"
+#~ msgstr "%s: error comprobando la clave: %s\n"
+
+#~ msgid "Do you really want to create a sign and encrypt key? "
+#~ msgstr "¿De verdad quiere crear una clave de firma y cifrado? "
+
+#~ msgid "Do you really need such a large keysize? "
+#~ msgstr "¿De verdad necesita una clave tan grande? "
+
+#~ msgid "too many entries in unk cache - disabled\n"
+#~ msgstr "demasiados registros en la cache unk - anulada\n"
+
+#~ msgid "no default public keyring\n"
+#~ msgstr "no hay anillo público por defecto\n"
+
+#~ msgid "secret key %08lX not imported (use %s to allow for it)\n"
+#~ msgstr "clave secreta %08lX no importada (use %s para permitirlo)\n"
+
+#~ msgid "key %08lX: our copy has no self-signature\n"
+#~ msgstr "clave %08lX: nuestra copia no tiene autofirma\n"
+
+#~ msgid "assuming bad MDC due to an unknown critical bit\n"
+#~ msgstr "asumiendo MDC incorrecto debido a un bit crítico desconocido\n"
+
+#~ msgid "error reading dir record for LID %lu: %s\n"
+#~ msgstr "error leyendo registro de directorio del LID %lu: %s\n"
+
+#~ msgid "lid %lu: expected dir record, got type %d\n"
+#~ msgstr "lid %lu: esperaba registro directorio, encontrado tipo %d\n"
+
+#~ msgid "no primary key for LID %lu\n"
+#~ msgstr "no hay clave primaria para el LID %lu\n"
+
+#~ msgid "error reading primary key for LID %lu: %s\n"
+#~ msgstr "error leyendo clave primaria para el LID %lu: %s\n"
+
+#~ msgid "key %08lX: query record failed\n"
+#~ msgstr "clave %08lX: petición de registro fallida\n"
+
+#~ msgid "key %08lX: already in trusted key table\n"
+#~ msgstr "clave %08lX: ya está en la tabla de confianza\n"
+
+#~ msgid "NOTE: secret key %08lX is NOT protected.\n"
+#~ msgstr "NOTA: la clave secreta %08lX NO está protegida.\n"
+
+#~ msgid "key %08lX: secret and public key don't match\n"
+#~ msgstr "clave %08lX: las claves pública y secreta no se corresponden\n"
+
+#~ msgid "key %08lX.%lu: Good subkey binding\n"
+#~ msgstr "clave %08lX.%lu: unión de subclave válida\n"
+
+#~ msgid "key %08lX.%lu: Invalid subkey binding: %s\n"
+#~ msgstr "clave %08lX.%lu: unión de subclave inválida: %s\n"
+
+#~ msgid "key %08lX.%lu: Valid key revocation\n"
+#~ msgstr "clave %08lX.%lu: revocación de clave válida\n"
+
+#~ msgid "key %08lX.%lu: Invalid key revocation: %s\n"
+#~ msgstr "clave %08lX.%lu: revocación de clave inválida: %s\n"
+
+#~ msgid "Good self-signature"
+#~ msgstr "Autofirma válida"
+
+#~ msgid "Invalid self-signature"
+#~ msgstr "Autofirma inválida"
+
+#~ msgid "Valid user ID revocation skipped due to a newer self signature"
+#~ msgstr ""
+#~ "Revocación válida de ID de usuario omitida, existe autofirma más reciente"
+
+#~ msgid "Valid user ID revocation"
+#~ msgstr "Revocación de ID de usuario válida"
+
+#~ msgid "Invalid user ID revocation"
+#~ msgstr "Revocación de ID de usuario inválida."
+
+#~ msgid "Invalid certificate revocation"
+#~ msgstr "Certificado de revocación incorrecto"
+
+#~ msgid "sig record %lu[%d] points to wrong record.\n"
+#~ msgstr "registro de firma %lu[%d] apunta al registro equivocado.\n"
+
+#~ msgid "tdbio_search_dir failed: %s\n"
+#~ msgstr "tdbio_search_dir fallida: %s\n"
+
+#~ msgid "lid ?: insert failed: %s\n"
+#~ msgstr "lid ?: inserción fallida: %s\n"
+
+#~ msgid "lid %lu: insert failed: %s\n"
+#~ msgstr "lid %lu: inserción fallida: %s\n"
+
+#~ msgid "lid %lu: inserted\n"
+#~ msgstr "lid %lu: insertada\n"
+
+#~ msgid "\t%lu keys with errors\n"
+#~ msgstr "\t%lu claves con errores\n"
+
+#~ msgid "\t%lu keys inserted\n"
+#~ msgstr "\t%lu claves insertadas\n"
+
+#~ msgid "lid %lu: dir record w/o key - skipped\n"
+#~ msgstr "lid %lu: registro de directiorio sin clave - omitido\n"
+
+#~ msgid "\t%lu due to new pubkeys\n"
+#~ msgstr "\t%lu debido a las nuevas claves públicas\n"
+
+#~ msgid "\t%lu keys updated\n"
+#~ msgstr "\t%lu claves actualizadas\n"
+
+#~ msgid "Ooops, no keys\n"
+#~ msgstr "Oh oh, no hay claves\n"
+
+#~ msgid "Ooops, no user IDs\n"
+#~ msgstr "Oh oh, no hay ningún ID de usuario\n"
+
+#~ msgid "check_trust: search dir record failed: %s\n"
+#~ msgstr "check_trust: búsqueda registro directorio fallida: %s\n"
+
+#~ msgid "key %08lX: insert trust record failed: %s\n"
+#~ msgstr "clave %08lX: inserción del registro de confianza fallida: %s\n"
+
+#~ msgid "key %08lX.%lu: inserted into trustdb\n"
+#~ msgstr "clave %08lX.%lu: incluida en la base de datos de confianza\n"
+
+#~ msgid "key %08lX.%lu: created in future (time warp or clock problem)\n"
+#~ msgstr ""
+#~ "clave %08lX.%lu: creada en el futuro (salto en el tiempo o\n"
+#~ "problemas con el reloj)\n"
+
+#~ msgid "key %08lX.%lu: expired at %s\n"
+#~ msgstr "clave %08lX.%lu: caducada el %s\n"
+
+#~ msgid "key %08lX.%lu: trust check failed: %s\n"
+#~ msgstr "clave %08lX.%lu: comprobación de confianza fallida: %s\n"
+
+#~ msgid "problem finding '%s' in trustdb: %s\n"
+#~ msgstr "problema buscando '%s' en la tabla de confianza: %s\n"
+
+#~ msgid "user '%s' not in trustdb - inserting\n"
+#~ msgstr "usuario '%s' no está en la tabla de confianza - insertando\n"
+
+#~ msgid "WARNING: can't yet handle long pref records\n"
+#~ msgstr ""
+#~ "ATENCÍON: todavía no puedo tratar registros de preferencias largos\n"
+
+#~ msgid "RSA key cannot be used in this version\n"
+#~ msgstr "No puede usarse clave RSA en esta versión\n"
+
+#~ msgid "No key for user ID\n"
+#~ msgstr "No hay clave para tal usuario\n"
+
+#~ msgid "no secret key for decryption available\n"
+#~ msgstr "clave secreta para descifrado no disponible\n"
+
+#~ msgid ""
+#~ "RSA keys are deprecated; please consider creating a new key and use this "
+#~ "key in the future\n"
+#~ msgstr ""
+#~ "Las claves RSA están en desuso, considere la creación de una nueva clave "
+#~ "para futuros usos\n"
+
+#~ msgid "do not write comment packets"
+#~ msgstr "no escribe paquetes de comentario"
+
+#~ msgid "(default is 3)"
+#~ msgstr "(por defecto es 3)"
+
+#~ msgid " (%d) ElGamal in a v3 packet\n"
+#~ msgstr " (%d) ElGamal en un paquete v3\n"
+
+#~ msgid "Key generation can only be used in interactive mode\n"
+#~ msgstr "La creación de claves sólo es posible en modo interactivo\n"
+
+#, fuzzy
+#~ msgid "tdbio_search_sdir failed: %s\n"
+#~ msgstr "tdbio_search_dir fallida: %s\n"
+
+#~ msgid "NOTE: sig rec %lu[%d] in hintlist of %lu but marked as checked\n"
+#~ msgstr ""
+#~ "NOTA: el registro de firma %lu[%d] está en la lista\n"
+#~ "de búsqueda de %lu pero está marcado como comprobado\n"
+
+#~ msgid "NOTE: sig rec %lu[%d] in hintlist of %lu but not marked\n"
+#~ msgstr ""
+#~ "NOTA: el registro de firma %lu[%d] está en la lista\n"
+#~ "de búsqueda de %lu pero no está marcado\n"
+
+#~ msgid "sig rec %lu[%d] in hintlist of %lu does not point to a dir record\n"
+#~ msgstr ""
+#~ "El registro de firma %lu[%d] en la lista de búsqueda de %lu\n"
+#~ "no apunta a un registro de directorio\n"
+
+#~ msgid "lid %lu: no primary key\n"
+#~ msgstr "lid %lu: ninguna clave primaria\n"
+
+#~ msgid "lid %lu: user id not found in keyblock\n"
+#~ msgstr ""
+#~ "lid %lu: no se ha encontrado identificativo de usuario\n"
+#~ "en el bloque de clave\n"
+
+#~ msgid "lid %lu: self-signature in hintlist\n"
+#~ msgstr "lid %lu: autofirma en lista de búsqueda\n"
+
+#~ msgid "very strange: no public key\n"
+#~ msgstr "muy raro: no hay clave pública\n"
+
+#~ msgid "hintlist %lu[%d] of %lu does not point to a dir record\n"
+#~ msgstr ""
+#~ "la lista de búsqueda %lu[%d] de %lu no apunta a\n"
+#~ "un registro de directorio\n"
+
+#~ msgid "lid %lu: can't get keyblock: %s\n"
+#~ msgstr "lid %lu: no puedo obtener el bloque de clave: %s\n"
+
+#~ msgid "Too many preference items"
+#~ msgstr "Demasiados ítems de preferencias"
+
+#~ msgid "insert_trust_record: keyblock not found: %s\n"
+#~ msgstr "insert_trust_record: bloque de clave no encontrado: %s\n"
+
+#~ msgid "lid %lu: update failed: %s\n"
+#~ msgstr "lid %lu: actualización fallida: %s\n"
+
+#~ msgid "lid %lu: updated\n"
+#~ msgstr "lid %lu: actualizado\n"
+
+#~ msgid "lid %lu: okay\n"
+#~ msgstr "lid %lu: bien\n"
+
+#~ msgid "%s: update failed: %s\n"
+#~ msgstr "%s: actualización fallida: %s\n"
+
+#~ msgid "%s: updated\n"
+#~ msgstr "%s: actualizada\n"
+
+#~ msgid "%s: okay\n"
+#~ msgstr "%s: bien\n"
+
+#~ msgid "lid %lu: keyblock not found: %s\n"
+#~ msgstr "lid %lu: bloque de clave no encontrado: %s\n"
+
+#~ msgid "can't lock keyring `%': %s\n"
+#~ msgstr "no puede bloquearse el anillo público `%s': %s\n"
+
+#~ msgid "writing keyblock\n"
+#~ msgstr "escribiendo bloque de claves\n"
+
+#~ msgid "can't write keyblock: %s\n"
+#~ msgstr "no puede escribirse el bloque de claves: %s\n"
+
+#, fuzzy
+#~ msgid "encrypted message is valid\n"
+#~ msgstr "el algoritmo de resumen seleccionado no es válido\n"
+
+#, fuzzy
+#~ msgid "Can't check MDC: %s\n"
+#~ msgstr "Imposible comprobar la firma: %s\n"
+
+#~ msgid "chained sigrec %lu has a wrong owner\n"
+#~ msgstr "registro de firma encadenado %lu tiene el propietario equivocado\n"
+
+#~ msgid "lid %lu: read dir record failed: %s\n"
+#~ msgstr "lid %lu: lectura registro de directorio fallida: %s\n"
+
+#~ msgid "lid %lu: read key record failed: %s\n"
+#~ msgstr "lid %lu: lectura registro de clave fallida: %s\n"
+
+#~ msgid "lid %lu: read uid record failed: %s\n"
+#~ msgstr "lid %lu: lectura registro identificativo fallida: %s\n"
+
+#~ msgid "lid %lu: read pref record failed: %s\n"
+#~ msgstr "lid %lu: lectura registro preferencias fallida: %s\n"
+
+#~ msgid "user '%s' read problem: %s\n"
+#~ msgstr "problema de lectura usuario '%s': %s\n"
+
+#~ msgid "user '%s' list problem: %s\n"
+#~ msgstr "problema lista usuario '%s': %s\n"
+
+#~ msgid "user '%s' not in trustdb\n"
+#~ msgstr "usuario '%s' no está en la tabla de confianza\n"
+
+#~ msgid "directory record w/o primary key\n"
+#~ msgstr "registro de directorio sin clave primaria\n"
+
+#~ msgid "key not in trustdb, searching ring.\n"
+#~ msgstr "la clave no está en tabla de confianza, buscando en el anillo.\n"
+
+#~ msgid "key not in ring: %s\n"
+#~ msgstr "la clave no está en el anillo: %s\n"
+
+#~ msgid "Oops: key is now in trustdb???\n"
+#~ msgstr "Oh oh: la clave ahora está en la tabla de confianza???\n"
+
+#~ msgid "Hmmm, public key lost?"
+#~ msgstr "Oh oh, ¿se ha perdido la clave pública?"
+
+#~ msgid "did not use primary key for insert_trust_record()\n"
+#~ msgstr "no se usó clave primaria para insert_trust_record()\n"
+
+#~ msgid "second"
+#~ msgstr "segundo"
+
+#~ msgid "seconds"
+#~ msgstr "segundos"
diff --git a/po/et.gmo b/po/et.gmo
new file mode 100644
index 0000000..64d6b08
--- /dev/null
+++ b/po/et.gmo
Binary files differ
diff --git a/po/et.po b/po/et.po
new file mode 100644
index 0000000..79808aa
--- /dev/null
+++ b/po/et.po
@@ -0,0 +1,9902 @@
+# Estonian translations for gnupg.
+# Copyright (C) 2001, 2002 Free Software Foundation, Inc.
+# Toomas Soome <Toomas.Soome@microlink.ee>, 2003.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.2.2\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2004-06-17 11:04+0300\n"
+"Last-Translator: Toomas Soome <Toomas.Soome@microlink.ee>\n"
+"Language-Team: Estonian <et@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-15\n"
+"Content-Transfer-Encoding: 8-bit\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr ""
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "Palun sisestage parool; see on salajane tekst \n"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "rida on liiga pikk\n"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "liiga pikk parool\n"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Lubamatu sümbol nimes\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "halb MPI"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "halb parool"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "halb parool"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "kaitse algoritm %d%s ei ole toetatud\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "`%s' ei õnnestu luua: %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "`%s' ei õnnestu avada: %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "viga parooli loomisel: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "viga salajase võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "kirjutatavat salajaste võtmete hoidlat pole: %s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Palun sisestage parool; see on salajane tekst \n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "muuda parooli"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr "Palun sisestage parool; see on salajane tekst \n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: paisktabeli loomine ebaõnnestus: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr ""
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Korrake parooli: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Korrake parooli: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Korrake parooli: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "parooli ei korratud õieti; proovige uuesti"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "parooli ei korratud õieti; proovige uuesti"
+
+#: agent/divert-scd.c:298
+#, fuzzy
+msgid "PIN not correctly repeated; try again"
+msgstr "parooli ei korratud õieti; proovige uuesti"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr ""
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "viga parooli loomisel: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "kirjutan faili `%s'\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "Sisestage parool\n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Kasutan seda võtit ikka? "
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"Te vajate oma salajase võtme kaitsmiseks parooli.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "muuda parooli"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Võtmed:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "ole jutukas"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "ole mõnevõrra vaiksem"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "|FAIL|lae laiendusmoodul FAIL"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "otsi võtmeid võtmeserverist"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr "Kas uuendan tõesti kõik kasutaja ID-de seaded? "
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "uuenda usalduse andmebaasi"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "viga parooli loomisel: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Palun saatke veateated aadressil <gnupg-bugs@gnu.org>.\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "MÄRKUS: vaikimisi võtmete fail `%s' puudub\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "võtmete fail `%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "loen võtmeid failist `%s'\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "viga `%s' loomisel: %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "kataloogi `%s' ei õnnestu luua: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "%s ei õnnestu luua: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1525
+#, fuzzy
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "gpg-agent ei ole sesses sessioonis kasutatav\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "viga parooli loomisel: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "viga teate saatmisel serverile `%s': %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "uuendamine ebaõnnestus: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "kirjutan salajase võtme faili `%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, fuzzy, c-format
+msgid "directory `%s' created\n"
+msgstr "%s: kataloog on loodud\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "trustdb: lugemine ebaõnnestus (n=%d): %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "%s: kataloogi ei õnnestu luua: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "salajase võtme uuendamine ebaõnnestus: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "%s: jätsin vahele: %s\n"
+
+#: agent/gpg-agent.c:2232
+#, fuzzy
+msgid "no gpg-agent running in this session\n"
+msgstr "gpg-agent ei ole sesses sessioonis kasutatav\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "vigane GPG_AGENT_INFO keskkonnamuutuja\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "gpg-agendi protokolli versioon %d ei ole toetatud\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Käsud:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Võtmed:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Palun sisestage parool; see on salajane tekst \n"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Palun sisestage parool; see on salajane tekst \n"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr "Palun sisestage parool; see on salajane tekst \n"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "halb parool"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "Katkesta"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "viga parooli loomisel: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "võtit '%s' ei leitud: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "salajase võtme komponendid ei ole kättesaadavad\n"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "viga lugemisel: %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "jah"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "muuda parooli"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "viga parooli loomisel: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "faili ei õnnestu avada: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "viga salajase võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "viga `%s' loomisel: %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "[Kasutaja id puudub]"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent ei ole sesses sessioonis kasutatav\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "ei õnnestu luua ühendust serveriga `%s': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "probleem gpg-agent programmiga suhtlemisel\n"
+
+#: common/simple-pwquery.c:416
+#, fuzzy
+msgid "problem setting the gpg-agent options\n"
+msgstr "probleem agendiga: agent tagastas 0x%lx\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "katkestatud kasutaja poolt\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+#, fuzzy
+msgid "problem with the agent\n"
+msgstr "probleem agendiga: agent tagastas 0x%lx\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "ei õnnestu blokeerida mälupildi salvestamist: %s\n"
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "HOIATUS: ebaturvaline omanik %s \"%s\"\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "HOIATUS: ebaturvalised õigused %s \"%s\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "jah"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "jJ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "ei"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "eE"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "välju"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "vV"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+#, fuzzy
+msgid "cC"
+msgstr "c"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "halb sertifikaat"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "halb sertifikaat"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "halb sertifikaat"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "halb sertifikaat"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "halb sertifikaat"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "halb sertifikaat"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "halb sertifikaat"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr "halb sertifikaat"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "Võtme leiate: "
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: võtmehoidla on loodud\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "pakend: %s\n"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Toetatud algoritmid:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "krüptimata"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "vigane räsialgoritm `%s'\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Allkiri aegus %s\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "vigane räsialgoritm `%s'\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "kaitse algoritm %d%s ei ole toetatud\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "allkirja kontroll jäeti ära\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "Allkiri aegus %s\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "Korrektne allkiri kasutajalt \""
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "vigane räsialgoritm `%s'\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "Allkiri aegus %s\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "See võti on aegunud!"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr "halb sertifikaat"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "halb sertifikaat"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Võtme leiate: "
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "halb sertifikaat"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "halb sertifikaat"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "tundmatu versioon"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "`%s' kohta abiinfo puudub"
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "viga lõpetaval real\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "tundmatu"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "pakend: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "vigane pakendi päis: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "pakendi päis: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "vigane avateksti allkirja päis\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "pakendi päis: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "avateksti allkirjad üksteise sees\n"
+
+#: g10/armor.c:643
+#, fuzzy
+msgid "unexpected armor: "
+msgstr "ootamatu pakend:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "vigane kriipsudega märgitud rida: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, fuzzy, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "vigane radix64 sümbol %02x vahele jäetud\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "enneaegne faililõpp (puudub CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "enneaegne faililõpp (poolik CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "vigane CRC\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, fuzzy, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "CRC viga; %06lx - %06lx\n"
+
+#: g10/armor.c:919
+#, fuzzy
+msgid "premature eof (in trailer)\n"
+msgstr "enneaegne faililõpp (lõpetaval real)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "viga lõpetaval real\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "ei leia OpenPGP andmeid.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "vigane pakend: rida on pikem, kui %d sümbolit\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"kvooditud sümbol pakendis - tõenäoliselt on kasutatud vigast MTA programmi\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"noteerimise nimes võivad olla ainult trükitavad sümbolid või tühikud\n"
+"ning lõpus peab olema '='\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "kasutaja noteerimise nimi peab sisaldama '@' märki\n"
+
+#: g10/build-packet.c:994
+#, fuzzy
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "kasutaja noteerimise nimi peab sisaldama '@' märki\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "noteerimise väärtus ei või sisaldada kontroll sümboleid\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "HOIATUS: leidsin vigased noteerimise andmed\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "pole inimese poolt loetav"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, fuzzy, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "salajane võti ei ole kättesaadav"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr ""
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+#, fuzzy
+msgid "can't do this in batch mode\n"
+msgstr "seda ei saa teha pakettmoodis\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "See käsklus ei ole %s moodis lubatud.\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "salajase võtme komponendid ei ole kättesaadavad\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Teie valik? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr ""
+
+#: g10/card-util.c:512
+#, fuzzy
+msgid "male"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "female"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "unspecified"
+msgstr "Põhjus puudub"
+
+#: g10/card-util.c:540
+#, fuzzy
+msgid "not forced"
+msgstr "ei töödeldud"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr ""
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr ""
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr ""
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr ""
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:693
+#, fuzzy
+msgid "URL to retrieve public key: "
+msgstr "vastavat avalikku võtit pole: %s\n"
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "viga võtmehoidla `%s' loomisel: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr ""
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:1005
+#, fuzzy
+msgid "Language preferences: "
+msgstr "uuendatud eelistused"
+
+#: g10/card-util.c:1013
+#, fuzzy
+msgid "Error: invalid length of preference string.\n"
+msgstr "lubamatu sümbol eelistuste sõnes\n"
+
+#: g10/card-util.c:1022
+#, fuzzy
+msgid "Error: invalid characters in preference string.\n"
+msgstr "lubamatu sümbol eelistuste sõnes\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr ""
+
+#: g10/card-util.c:1058
+#, fuzzy
+msgid "Error: invalid response.\n"
+msgstr "viga: vigane sõrmejälg\n"
+
+#: g10/card-util.c:1080
+#, fuzzy
+msgid "CA fingerprint: "
+msgstr "näita sõrmejälge"
+
+#: g10/card-util.c:1103
+#, fuzzy
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "viga: vigane sõrmejälg\n"
+
+#: g10/card-util.c:1153
+#, fuzzy, c-format
+msgid "key operation not possible: %s\n"
+msgstr "Võtme genereerimine ebaõnnestus: %s\n"
+
+#: g10/card-util.c:1154
+#, fuzzy
+msgid "not an OpenPGP card"
+msgstr "ei leia OpenPGP andmeid.\n"
+
+#: g10/card-util.c:1167
+#, fuzzy, c-format
+msgid "error getting current key info: %s\n"
+msgstr "viga salajase võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Millist võtmepikkust te soovite? (1024) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Millist võtmepikkust te soovite? (1024) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Millist võtmepikkust te soovite? (1024) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "ümardatud üles %u bitini\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "viga teate saatmisel serverile `%s': %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "jätsin vahele: avalik võti on juba olemas\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+
+#: g10/card-util.c:1449
+#, fuzzy
+msgid "Please select the type of key to generate:\n"
+msgstr "Palun valige, millist võtmetüüpi te soovite:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+#, fuzzy
+msgid " (1) Signature key\n"
+msgstr "Allkiri aegus %s\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+#, fuzzy
+msgid " (2) Encryption key\n"
+msgstr " (%d) RSA (ainult krüpteerimiseks)\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr ""
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Vigane valik.\n"
+
+#: g10/card-util.c:1556
+#, fuzzy
+msgid "Please select where to store the key:\n"
+msgstr "Palun valige tühistamise põhjus:\n"
+
+#: g10/card-util.c:1600
+#, fuzzy
+msgid "unknown key protection algorithm\n"
+msgstr "tundmatu kaitsealgoritm\n"
+
+#: g10/card-util.c:1605
+#, fuzzy
+msgid "secret parts of key are not available\n"
+msgstr "Primaarse võtme salajased komponendid ei ole kättesaadavad.\n"
+
+#: g10/card-util.c:1610
+#, fuzzy
+msgid "secret key already stored on a card\n"
+msgstr "jätsin vahele: avalik võti on juba olemas\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "välju sellest menüüst"
+
+#: g10/card-util.c:1684
+#, fuzzy
+msgid "show admin commands"
+msgstr "vastuolulised käsud\n"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "näita seda abiinfot"
+
+#: g10/card-util.c:1687
+#, fuzzy
+msgid "list all available data"
+msgstr "Võtme leiate: "
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr ""
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr ""
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr ""
+
+#: g10/card-util.c:1693
+#, fuzzy
+msgid "change the login name"
+msgstr "muuda aegumise kuupäeva"
+
+#: g10/card-util.c:1694
+#, fuzzy
+msgid "change the language preferences"
+msgstr "muuda omaniku usaldust"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr ""
+
+#: g10/card-util.c:1696
+#, fuzzy
+msgid "change a CA fingerprint"
+msgstr "näita sõrmejälge"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+#, fuzzy
+msgid "generate new keys"
+msgstr "genereeri uus võtmepaar"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr ""
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+#, fuzzy
+msgid "Admin-only command\n"
+msgstr "vastuolulised käsud\n"
+
+#: g10/card-util.c:1895
+#, fuzzy
+msgid "Admin commands are allowed\n"
+msgstr "vastuolulised käsud\n"
+
+#: g10/card-util.c:1897
+#, fuzzy
+msgid "Admin commands are not allowed\n"
+msgstr "kirjutan salajase võtme faili `%s'\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Vigane käsklus (proovige \"help\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "võti --output ei tööta selle käsuga\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "`%s' ei õnnestu avada\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, fuzzy, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "võtit '%s' ei leitud: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "viga võtmebloki lugemisel: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(kui te just ei määra võtit sõrmejäljega)\n"
+
+#: g10/delkey.c:133
+#, fuzzy
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "pakettmoodis ei õnnestu seda teha võtmeta \"--yes\"\n"
+
+#: g10/delkey.c:145
+#, fuzzy
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Kustutan selle võtme võtmehoidlast? "
+
+#: g10/delkey.c:153
+#, fuzzy
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "See on salajane võti! - kas kustutan tõesti? "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "omaniku usalduse info puhastatud\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "avaliku võtme \"%s\" jaoks on salajane võti!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "selle kustutamiseks kasutage võtit \"--delete-secret-keys\".\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "viga parooli loomisel: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "S2K moodi tõttu ei saa sümmeetrilist ESK paketti kasutada\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "kasutan ¨iffrit %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "`%s' on juba pakitud\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "HOIATUS: `%s' on tühi fail\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"RSA võtmeid pikkusega kuni 2048 bitti saab krüpteerida ainult --pgp2 moodis\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "loen failist `%s'\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr "kõikide krüpteeritavate võtmetega ei saa IDEA ¨iffrit kasutada.\n"
+
+#: g10/encode.c:559
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"sümmetrilise ¨ifri %s (%d) kasutamine on vastuolus saaja eelistustega\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"pakkimise algoritmi %s (%d) kasutamine on vastuolus saaja eelistustega\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"sümmetrilise ¨ifri %s (%d) kasutamine on vastuolus saaja eelistustega\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "%s ei ole moodis %s lubatud.\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s krüptitud kasutajale: \"%s\"\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s krüpteeritud andmed\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "krüpteeritud tundmatu algoritmiga %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr "HOIATUS: teade on krüptitud sümmeetrilise ¨ifri nõrga võtmega.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "probleem krüptitud paketi käsitlemisel\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "mittelokaalse programmi käivitamist ei toetata\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"väliste programmide käivitamine on blokeeritud, kuna seadete failil on\n"
+"ebaturvalised õigused\n"
+
+#: g10/exec.c:338
+#, fuzzy
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"see platvorm nõuab väliste programmide käivitamiseks ajutiste failide "
+"kasutamist\n"
+
+#: g10/exec.c:416
+#, fuzzy, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "ei Õnnestu käivitada %s \"%s\": %s\n"
+
+#: g10/exec.c:419
+#, fuzzy, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "ei Õnnestu käivitada %s \"%s\": %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "süsteemi viga välise programmi kasutamisel: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "väline programm lõpetas erandlikult\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "välist programmi ei õnnestu käivitada\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "ei õnnestu lugeda välise programmi vastust: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "HOIATUS: ei saa kustutada ajutist faili (%s) `%s': %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "HOIATUS: ei õnnestu eemaldada ajutist kataloogi `%s': %s\n"
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr ""
+"\n"
+"Allkiri märgitakse kehtetuks mitte-tunnistatavaks.\n"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+#, fuzzy
+msgid "export revocation keys marked as \"sensitive\""
+msgstr ""
+"`%s' jaoks pole tühistamise võtmeid\n"
+"\n"
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr "tühista sekundaarne võti"
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "mittekasutatav salajane võti"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+#, fuzzy
+msgid "exporting secret keys not allowed\n"
+msgstr "kirjutan salajase võtme faili `%s'\n"
+
+#: g10/export.c:367
+#, fuzzy, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "võti %08lX: ei ole kaitstud - jätsin vahele\n"
+
+#: g10/export.c:375
+#, fuzzy, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "võti %08lX: PGP 2.x stiilis võti - jätsin vahele\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "võti %08lX: alamvõtme allkiri on vales kohas - jätan vahele\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
+
+#: g10/export.c:584
+#, fuzzy, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "HOIATUS: salajases võtmes %08lX puudub lihtne SK kontrollsumma\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "HOIATUS: midagi ei eksporditud\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "avalike võtmete puhvris on liiga palju võtmeid - blokeerin\n"
+
+#: g10/getkey.c:175
+#, fuzzy
+msgid "[User ID not found]"
+msgstr "[Kasutaja id puudub]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "viga `%s' loomisel: %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "näita sõrmejälge"
+
+#: g10/getkey.c:1930
+#, fuzzy, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"Vigane võti %08lX muudeti kehtivaks võtme --allow-non-selfsigned-uid "
+"kasutamisega\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, fuzzy, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "avalikul alamvõtmel %08lX puudub salajane alamvõti - ignoreerin\n"
+
+#: g10/getkey.c:2759
+#, fuzzy, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "kasutan sekundaarset võtit %08lX primaarse võtme %08lX asemel\n"
+
+#: g10/getkey.c:2806
+#, fuzzy, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "võti %08lX: salajane võti avaliku võtmeta - jätsin vahele\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "loo eraldiseisev allkiri"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[fail]|loo avateksti allkiri"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "loo eraldiseisev allkiri"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "krüpteeri andmed"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "krüpteerimine kasutades ainult sümmeetrilist ¨ifrit"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "dekrüpteeri andmed (vaikimisi)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "kontrolli allkirja"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "näita võtmeid"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "näita võtmeid ja allkirju"
+
+#: g10/gpg.c:389
+#, fuzzy
+msgid "list and check key signatures"
+msgstr "kontrolli võtmete allkirju"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "näita võtmeid ja sõrmejälgi"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "näita salajasi võtmeid"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "genereeri uus võtmepaar"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "genereeri tühistamise sertifikaat"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "eemalda võtmed avalike võtmete hoidlast"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "eemalda võtmed salajaste võtmete hoidlast"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "allkirjasta võti"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "allkirjasta võti lokaalselt"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "allkirjasta või toimeta võtit"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "muuda parooli"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "ekspordi võtmed"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "ekspordi võtmed võtmeserverisse"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "impordi võtmed võtmeserverist"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "otsi võtmeid võtmeserverist"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "uuenda võtmeid võtmeserverist"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "impordi/mesti võtmed"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr ""
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr ""
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr ""
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "uuenda usalduse andmebaasi"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|algo [failid]|trüki teatelühendid"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "loo ascii pakendis väljund"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|NIMI|krüpti NIMEle"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "kasuta seda kasutaja IDd"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|määra pakkimise tase N (0 blokeerib)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "kasuta kanoonilist tekstimoodi"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "|FAIL|lae laiendusmoodul FAIL"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "ära tee mingeid muutusi"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "küsi enne ülekirjutamist"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr ""
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Kõikide käskude ja võtmete täieliku kirjelduse leiate manualist)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Näited:\n"
+"\n"
+" -se -r Bob [fail] allkirjasta ja krüpti kasutajale Bob\n"
+" --clearsign [fail] loo avateksti allkiri\n"
+" --detach-sign [fail] loo eraldiseisev allkiri\n"
+" --list-keys [nimed] näita võtmeid\n"
+" --fingerprint [nimed] näita sõrmejälgi\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Süntaks: gpg [võtmed] [failid]\n"
+"allkirjasta, kontrolli, krüpti ja dekrüpti\n"
+"vaikimisi operatsioon sõltub sisendandmetest\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Toetatud algoritmid:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Avalik võti: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "¦iffer: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Räsi: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Pakkimine: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "kasuta: gpg [võtmed] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "vastuolulised käsud\n"
+
+#: g10/gpg.c:1176
+#, fuzzy, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "grupi definitsioonis \"%s\" puudub sümbol =\n"
+
+#: g10/gpg.c:1373
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "HOIATUS: ebaturvaline omanik %s \"%s\"\n"
+
+#: g10/gpg.c:1376
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "HOIATUS: ebaturvaline omanik %s \"%s\"\n"
+
+#: g10/gpg.c:1379
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "HOIATUS: ebaturvaline omanik %s \"%s\"\n"
+
+#: g10/gpg.c:1385
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "HOIATUS: ebaturvalised õigused %s \"%s\"\n"
+
+#: g10/gpg.c:1388
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "HOIATUS: ebaturvalised õigused %s \"%s\"\n"
+
+#: g10/gpg.c:1391
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "HOIATUS: ebaturvalised õigused %s \"%s\"\n"
+
+#: g10/gpg.c:1397
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "HOIATUS: ebaturvaline kataloogi omanik %s \"%s\"\n"
+
+#: g10/gpg.c:1400
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr "HOIATUS: ebaturvaline kataloogi omanik %s \"%s\"\n"
+
+#: g10/gpg.c:1403
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "HOIATUS: ebaturvaline kataloogi omanik %s \"%s\"\n"
+
+#: g10/gpg.c:1409
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "Hoiatus: ebaturvalised kataloogi õigused %s \"%s\"\n"
+
+#: g10/gpg.c:1412
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr "Hoiatus: ebaturvalised kataloogi õigused %s \"%s\"\n"
+
+#: g10/gpg.c:1415
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "Hoiatus: ebaturvalised kataloogi õigused %s \"%s\"\n"
+
+#: g10/gpg.c:1595
+#, fuzzy, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "tundmatu seade \"%s\"\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+#, fuzzy
+msgid "show all notations during signature listings"
+msgstr "Vastavat allkirja salajaste võtmete hoidlas pole\n"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "antud allkirja poliisi URL on vigane\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr "näita millisesse võtmehoidlasse näidatud võti kuulub"
+
+#: g10/gpg.c:1721
+#, fuzzy
+msgid "show expiration dates during signature listings"
+msgstr "Vastavat allkirja salajaste võtmete hoidlas pole\n"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "MÄRKUS: ignoreerin vana vaikimisi võtmete faili `%s'\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "MÄRKUS: %s ei ole tavapäraseks kasutamiseks!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, fuzzy, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "%s ei ole lubatud kooditabel\n"
+
+#: g10/gpg.c:2624
+#, fuzzy, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "%s ei ole lubatud kooditabel\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+#, fuzzy
+msgid "could not parse keyserver URL\n"
+msgstr "ei saa parsida võtmeserveri URI\n"
+
+#: g10/gpg.c:2659
+#, fuzzy, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: vigased ekspordi võtmed\n"
+
+#: g10/gpg.c:2662
+#, fuzzy
+msgid "invalid keyserver options\n"
+msgstr "vigased ekspordi võtmed\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: vigased impordi võtmed\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "vigased impordi võtmed\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: vigased ekspordi võtmed\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "vigased ekspordi võtmed\n"
+
+#: g10/gpg.c:2689
+#, fuzzy, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: vigased impordi võtmed\n"
+
+#: g10/gpg.c:2692
+#, fuzzy
+msgid "invalid list options\n"
+msgstr "vigased impordi võtmed\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "%s ei ole lubatud kooditabel\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "antud allkirja poliisi URL on vigane\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "%s ei ole lubatud kooditabel\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "%s ei ole lubatud kooditabel\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, fuzzy, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: vigased ekspordi võtmed\n"
+
+#: g10/gpg.c:2732
+#, fuzzy
+msgid "invalid verify options\n"
+msgstr "vigased ekspordi võtmed\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "exec-path väärtuseks ei õnnestu seada %s\n"
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: vigased ekspordi võtmed\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "HOIATUS: programm võib salvestada oma mälupildi!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "HOIATUS: %s määrab üle %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s ja %s ei ole koos lubatud!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s ja %s ei oma koos mõtet!\n"
+
+#: g10/gpg.c:3057
+#, fuzzy, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "kirjutan salajase võtme faili `%s'\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+"--pgp2 moodis saate luua ainult eraldiseisvaid või avateksti allkirju\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "--pgp2 moodis ei saa korraga allkirjastada ja krüpteerida\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "--pgp2 moodis peate kasutama faile (ja mitte toru).\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "teate krüpteerimine --pgp2 moodis nõuab IDEA ¨iffrit\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "valitud ¨ifri algoritm ei ole lubatud\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "valitud lühendi algoritm ei ole lubatud\n"
+
+#: g10/gpg.c:3175
+#, fuzzy
+msgid "selected compression algorithm is invalid\n"
+msgstr "valitud ¨ifri algoritm ei ole lubatud\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "valitud sertifikaadi lühendi algoritm ei ole lubatud\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed peab olema suurem, kui 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed peab olema suurem, kui 1\n"
+
+#: g10/gpg.c:3200
+#, fuzzy
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth peab olema vahemikus 1 kuni 255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "vigane vaikimisi-sert-tase; peab olema 0, 1, 2 või 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "vigane min-sert-tase; peab olema 1, 2 või 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "MÄRKUS: lihtne S2K mood (0) ei soovitata kasutada\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "vigane S2K mood; peab olema 0, 1 või 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "vigased vaikimisi eelistused\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "vigased isikliku ¨ifri eelistused\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "vigased isikliku lühendi eelistused\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "vigased isikliku pakkimise eelistused\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s ei tööta veel koos %s-ga\n"
+
+#: g10/gpg.c:3310
+#, fuzzy, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "¨ifri algoritm \"%s\" ei ole moodis %s lubatud\n"
+
+#: g10/gpg.c:3315
+#, fuzzy, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "sõnumilühendi algoritm \"%s\" ei ole moodis %s lubatud\n"
+
+#: g10/gpg.c:3320
+#, fuzzy, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "pakkimise algoritm \"%s\" ei ole moodis %s lubatud\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"HOIATUS: määrati saajad (-r) aga ei kasutata avaliku võtme krüptograafiat\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [failinimi]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [failinimi]"
+
+#: g10/gpg.c:3447
+#, fuzzy, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "lahtikrüpteerimine ebaõnnestus: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [failinimi]"
+
+#: g10/gpg.c:3470
+#, fuzzy
+msgid "--symmetric --encrypt [filename]"
+msgstr "--sign --encrypt [failinimi]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "%s ei ole moodis %s lubatud.\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [failinimi]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [failinimi]"
+
+#: g10/gpg.c:3521
+#, fuzzy
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--sign --encrypt [failinimi]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "%s ei ole moodis %s lubatud.\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [failinimi]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [failinimi]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [failinimi]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key kasutaja-id"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key kasutaja-id"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key kasutaja-id [käsud]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key kasutaja-id"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "võtmeserverile saatmine ebaõnnestus: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "võtmeserverilt lugemine ebaõnnestus: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "võtme eksport ebaõnnestus: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "võtmeserveri otsing ebaõnnestus: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "võtmeserveri uuendamine ebaõnnestus: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "lahtipakendamine ebaõnnestus: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "pakendamine ebaõnnestus: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "vigane räsialgoritm `%s'\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[failinimi]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Kirjutage nüüd oma teade ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "antud sertifikaadi poliisi URL on vigane\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "antud allkirja poliisi URL on vigane\n"
+
+#: g10/gpg.c:4358
+#, fuzzy
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "antud allkirja poliisi URL on vigane\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "võta võtmed sellest võtmehoidlast"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "teata ajatemplite konfliktist ainult hoiatusega"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FP|kirjuta olekuinfo sellesse failipidemesse"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Kasuta: gpgv [võtmed] [failid] (-h näitab abiinfot)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Süntaks: gpg [võtmed] [failid]\n"
+"kontrolli allkirju tuntud usaldusväärsete võtmetega\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Abiinfo puudub"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "`%s' kohta abiinfo puudub"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "uuenda usalduse andmebaasi"
+
+#: g10/import.c:100
+#, fuzzy
+msgid "create a public key when importing a secret key"
+msgstr "avalik võti ei sobi salajase võtmega!\n"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "mittekasutatav salajane võti"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "jätan bloki tüübiga %d vahele\n"
+
+#: g10/import.c:275
+#, fuzzy, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu võtit on seni töödeldud\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Töödeldud kokku: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " vahele jäetud uusi võtmeid: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " puudub kasutaja ID: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " imporditud: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " muutmata: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " uusi kasutajaid: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " uusi alamvõtmeid: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " uusi allkirju: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " uusi tühistamisi: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " loetud salajasi võtmeid: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " salajasi võtmeid imporditud: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " muutmata salajasi võtmeid: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " pole imporditud: %lu\n"
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " uusi allkirju: %lu\n"
+
+#: g10/import.c:325
+#, fuzzy, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " loetud salajasi võtmeid: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:662
+#, fuzzy, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr "%s allkiri, sõnumilühendi algoritm %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, fuzzy, c-format
+msgid "key %s: no user ID\n"
+msgstr "võti %08lX: kasutaja ID puudub\n"
+
+#: g10/import.c:795
+#, fuzzy, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "võti %08lX: HKP alamvõtme rike parandatud\n"
+
+#: g10/import.c:810
+#, fuzzy, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr ""
+"võti %08lX: aktsepteerisin iseenda poolt allakirjutamata kasutaja ID '%s'\n"
+
+#: g10/import.c:816
+#, fuzzy, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "võti %08lX: puudub kehtiv kasutaja ID\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "see võib olla põhjustatud puuduvast iseenda allkirjast\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, fuzzy, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "võti %08lX: avalikku võtit ei leitud: %s\n"
+
+#: g10/import.c:834
+#, fuzzy, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "võti %08lX: uus võti - jätsin vahele\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "ei leia kirjutatavat võtmehoidlat: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "kirjutan faili `%s'\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
+
+#: g10/import.c:871
+#, fuzzy, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "võti %08lX: avalik võti \"%s\" on imporditud\n"
+
+#: g10/import.c:895
+#, fuzzy, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "võti %08lX: ei sobi meie koopiaga\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, fuzzy, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "võti %08lX: ei leia algset võtmeblokki: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, fuzzy, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "võti %08lX: ei õnnestu lugeda algset võtmeblokki: %s\n"
+
+#: g10/import.c:962
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "võti %08lX: \"%s\" 1 uus kasutaja ID\n"
+
+#: g10/import.c:965
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "võti %08lX: \"%s\" %d uut kasutaja IDd\n"
+
+#: g10/import.c:968
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "võti %08lX: \"%s\" 1 uus allkiri\n"
+
+#: g10/import.c:971
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "võti %08lX: \"%s\" %d uut allkirja\n"
+
+#: g10/import.c:974
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "võti %08lX: \"%s\" 1 uus alamvõti\n"
+
+#: g10/import.c:977
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "võti %08lX: \"%s\" %d uut alamvõtit\n"
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "võti %08lX: \"%s\" %d uut allkirja\n"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "võti %08lX: \"%s\" %d uut allkirja\n"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "võti %08lX: \"%s\" %d uut kasutaja IDd\n"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "võti %08lX: \"%s\" %d uut kasutaja IDd\n"
+
+#: g10/import.c:1013
+#, fuzzy, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "võti %08lX: \"%s\" ei muudetud\n"
+
+#: g10/import.c:1185
+#, fuzzy, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "võti %08lX: salajane võti vigase ¨ifriga %d - jätsin vahele\n"
+
+#: g10/import.c:1196
+#, fuzzy
+msgid "importing secret keys not allowed\n"
+msgstr "kirjutan salajase võtme faili `%s'\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "puudub salajaste võtmete vaikimisi võtmehoidla: %s\n"
+
+#: g10/import.c:1224
+#, fuzzy, c-format
+msgid "key %s: secret key imported\n"
+msgstr "võti %08lX: salajane võti on imporditud\n"
+
+#: g10/import.c:1254
+#, fuzzy, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "võti %08lX: on juba salajaste võtmete hoidlas\n"
+
+#: g10/import.c:1264
+#, fuzzy, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "võti %08lX: salajast võtit ei leitud: %s\n"
+
+#: g10/import.c:1296
+#, fuzzy, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"võti %08lX: avalik võti puudub - tühistamise sertifikaati ei saa rakendada\n"
+
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "võti %08lX: vigane tühistamise sertifikaat: %s - lükkasin tagasi\n"
+
+#: g10/import.c:1371
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "võti %08lX: \"%s\" tühistamise sertifikaat imporditud\n"
+
+#: g10/import.c:1447
+#, fuzzy, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "võti %08lX: allkirjal puudub kasutaja ID\n"
+
+#: g10/import.c:1464
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr "võti %08lX: mittetoetatud avaliku võtme algoritm kasutajaga \"%s\"\n"
+
+#: g10/import.c:1466
+#, fuzzy, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "võti %08lX: kasutajal \"%s\" on vigane iseenda allkiri\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "võti %08lX: mittetoetatud avaliku võtme algoritm\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "võti %08lX: lisatud vahetu võtme allkiri\n"
+
+#: g10/import.c:1498
+#, fuzzy, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "võti %08lX: võtmeseosel puudub alamvõti\n"
+
+#: g10/import.c:1511
+#, fuzzy, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "võti %08lX: vigane alamvõtme seos\n"
+
+#: g10/import.c:1527
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "võti %08lX: vigane mitme alamvõtme seos\n"
+
+#: g10/import.c:1549
+#, fuzzy, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "võti %08lX: võtme tühistamiseks puudub alamvõti\n"
+
+#: g10/import.c:1562
+#, fuzzy, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "võti %08lX: vigane alamvõtme tühistamine\n"
+
+#: g10/import.c:1577
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "võti %08lX: eemaldasin mitme alamvõtme tühistamise\n"
+
+#: g10/import.c:1618
+#, fuzzy, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "võti %08lX: jätsin vahele kasutaja ID '"
+
+#: g10/import.c:1639
+#, fuzzy, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "võti %08lX: jätsin alamvõtme vahele\n"
+
+#: g10/import.c:1666
+#, fuzzy, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "võti %08lX: mitte eksporditav allkiri (klass %02x) - jätan vahele\n"
+
+#: g10/import.c:1676
+#, fuzzy, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "võti %08lX: tühistamise sertifikaat on vales kohas - jätan vahele\n"
+
+#: g10/import.c:1693
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "võti %08lX: vigane tühistamise sertifikaat: %s - jätan vahele\n"
+
+#: g10/import.c:1707
+#, fuzzy, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "võti %08lX: alamvõtme allkiri on vales kohas - jätan vahele\n"
+
+#: g10/import.c:1715
+#, fuzzy, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "võti %08lX: ootamatu allkirja klass (0x%02x) - jätan vahele\n"
+
+#: g10/import.c:1844
+#, fuzzy, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "võti %08lX: tuvastasin dubleeritud kasutaja ID - mestisin\n"
+
+#: g10/import.c:1906
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"HOIATUS: võti %08lX võib olla tühistatud: laen tühistamise võtit %08lX\n"
+
+#: g10/import.c:1920
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"HOIATUS: võti %08lX võib olla tühistatud: tühistamise võtit %08lX pole.\n"
+
+#: g10/import.c:1979
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "võti %08lX: \"%s\" tühistamise sertifikaat lisatud\n"
+
+#: g10/import.c:2013
+#, fuzzy, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "võti %08lX: lisatud vahetu võtme allkiri\n"
+
+#: g10/import.c:2414
+#, fuzzy
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "avalik võti ei sobi salajase võtmega!\n"
+
+#: g10/import.c:2422
+#, fuzzy
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "jätsin vahele: avalik võti on juba olemas\n"
+
+#: g10/import.c:2424
+#, fuzzy
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "jätsin vahele: avalik võti on juba olemas\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "viga võtmehoidla `%s' loomisel: %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "võtmehoidla `%s' on loodud\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, fuzzy, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "viga `%s' loomisel: %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "võtmehoidla vahemälu uuesti loomine ebaõnnestus: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[tühistamine]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[iseenda allkiri]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 halb allkiri\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d halba allkirja\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 allkiri jäi testimata, kuna võti puudub\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d allkirja jäi testimata, kuna võtmed puuduvad\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 allkiri jäi vea tõttu kontrollimata\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d allkirja jäi vigade tõttu kontrollimata\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "tuvastasin ühe kehtiva iseenda allkirjata kasutaja ID\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "tuvastasin %d kehtiva iseenda allkirjata kasutaja IDd\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+#, fuzzy
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Palun otsustage, kuivõrd te usaldate seda kasutajat\n"
+"teiste kasutajate võtmete kontrollimisel (kontrollige\n"
+"passe, kontrollige erinevatest allikatest näpujälgi...)?\n"
+"\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, fuzzy, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Usaldan vähesel määral\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, fuzzy, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Usaldan täiesti\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "Kasutaja ID \"%s\" on tühistatud."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Olete kindel, et soovite seda ikka allkirjastada? (j/e) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Ei saa allkirjastada.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "Kasutaja ID \"%s\" on aegunud."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "Kasutaja ID \"%s\" ei ole ise allkirjastatud."
+
+#: g10/keyedit.c:682
+#, fuzzy, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "Kasutaja ID \"%s\" ei ole ise allkirjastatud."
+
+#: g10/keyedit.c:684
+#, fuzzy
+msgid "Sign it? (y/N) "
+msgstr "Allkirjastan tõesti? "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"Iseenda allkiri \"%s\"\n"
+"on PGP 2.x stiilis allkiri.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Kas te soovite seda edutada OpenPGP iseenda allkirjaks? (j/E) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Teie praegune allkiri \"%s\"\n"
+"on aegunud.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "Kas soovite luua uut allkirja et asendada vana aegunud? (j/E) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Teie praegune allkiri \"%s\"\n"
+"on lokaalne allkiri.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr ""
+"Kas te soovite seda edutada täielikuks eksporditavaks allkirjaks? (j/E) "
+
+#: g10/keyedit.c:779
+#, fuzzy, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" on juba lokaalselt allkirjastatud võtmega %08lX\n"
+
+#: g10/keyedit.c:782
+#, fuzzy, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" on juba allkirjastatud võtmega %08lX\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Olete kindel, et soovite seda ikka allkirjastada? (j/E) "
+
+#: g10/keyedit.c:809
+#, fuzzy, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Võtmega %08lX pole midagi allkirjastada\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "See võti on aegunud!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "See võti aegub %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Soovite, et teie allkiri aeguks samal ajal? (J/e) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr "--pgp2 moodis ei saa PGP 2.x võtmele OpenPGP allkirja anda.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "See muudab võtme PGP 2.x programmidega mitte-kasutatavaks.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Kui hoolikalt te olete kontrollinud et võti, mida te asute allkirjastama,\n"
+"kuulub ka tegelikult ülal mainitud isikule? Kui te ei tea, mida vastata,\n"
+"sisestage \"0\".\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Ma ei vasta.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Ma ei ole üldse kontrollinud.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Ma olen teinud pealiskaudset kontrolli.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Ma olen kontrollinud väga hoolikalt.%s\n"
+
+#: g10/keyedit.c:932
+#, fuzzy
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Teie valik? (lisainfo saamiseks vajutage '?'): "
+
+#: g10/keyedit.c:956
+#, fuzzy, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Olete tõesti kindel, et soovite seda võtit oma\n"
+"võtmega allkirjastada: \""
+
+#: g10/keyedit.c:963
+#, fuzzy
+msgid "This will be a self-signature.\n"
+msgstr ""
+"\n"
+"See saab olema iseenda allkiri.\n"
+
+#: g10/keyedit.c:969
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"HOIATUS: allkirja ei märgita mitte-eksporditavaks.\n"
+
+#: g10/keyedit.c:977
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"HOIATUS: allkirja ei märgita kehtetuks mitte-tunnistatavaks.\n"
+
+#: g10/keyedit.c:987
+#, fuzzy
+msgid "The signature will be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"Allkiri märgitakse mitte-eksporditavaks.\n"
+
+#: g10/keyedit.c:994
+#, fuzzy
+msgid "The signature will be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"Allkiri märgitakse kehtetuks mitte-tunnistatavaks.\n"
+
+#: g10/keyedit.c:1001
+#, fuzzy
+msgid "I have not checked this key at all.\n"
+msgstr ""
+"\n"
+"Ma ei ole seda võtit üldse kontrollinud.\n"
+
+#: g10/keyedit.c:1006
+#, fuzzy
+msgid "I have checked this key casually.\n"
+msgstr ""
+"\n"
+"Ma olen seda võtit kontrollinud ainult pealiskaudselt.\n"
+
+#: g10/keyedit.c:1011
+#, fuzzy
+msgid "I have checked this key very carefully.\n"
+msgstr ""
+"\n"
+"Ma olen kontrollinud seda võtit väga hoolikalt.\n"
+
+#: g10/keyedit.c:1021
+#, fuzzy
+msgid "Really sign? (y/N) "
+msgstr "Allkirjastan tõesti? "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "allkirjastamine ebaõnnestus: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "See võti ei ole kaitstud.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Primaarse võtme salajased komponendid ei ole kättesaadavad.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+#, fuzzy
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Primaarse võtme salajased komponendid ei ole kättesaadavad.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Võti on kaitstud.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Seda võtit ei õnnestu toimetada: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Sisestage sellele salajasele võtmele uus parool.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "parooli ei korratud õieti; proovige uuesti"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Te ei soovi parooli - see on tõenäoliselt *halb* idee!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+#, fuzzy
+msgid "Do you really want to do this? (y/N) "
+msgstr "Kas te tõesti soovite seda teha? "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "tõstan võtme allkirja õigesse kohta\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "salvesta ja välju"
+
+#: g10/keyedit.c:1387
+#, fuzzy
+msgid "show key fingerprint"
+msgstr "näita sõrmejälge"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "näita võtit ja kasutaja IDd"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "vali kasutaja ID N"
+
+#: g10/keyedit.c:1391
+#, fuzzy
+msgid "select subkey N"
+msgstr "vali kasutaja ID N"
+
+#: g10/keyedit.c:1392
+#, fuzzy
+msgid "check signatures"
+msgstr "tühista allkirjad"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+#, fuzzy
+msgid "sign selected user IDs locally"
+msgstr "allkirjasta võti lokaalselt"
+
+#: g10/keyedit.c:1404
+#, fuzzy
+msgid "sign selected user IDs with a trust signature"
+msgstr "Vihje: Valige allkirjastamiseks kasutaja\n"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "lisa kasutaja ID"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "lisa foto ID"
+
+#: g10/keyedit.c:1414
+#, fuzzy
+msgid "delete selected user IDs"
+msgstr "kustuta kasutaja ID"
+
+#: g10/keyedit.c:1419
+#, fuzzy
+msgid "add a subkey"
+msgstr "addkey"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+#, fuzzy
+msgid "delete selected subkeys"
+msgstr "kustuta sekundaarne võti"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "lisa tühistamise võti"
+
+#: g10/keyedit.c:1435
+#, fuzzy
+msgid "delete signatures from the selected user IDs"
+msgstr "Kas uuendan tõesti kõik kasutaja ID-de seaded? "
+
+#: g10/keyedit.c:1437
+#, fuzzy
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "v3 võtme aegumise aega ei saa muuta.\n"
+
+#: g10/keyedit.c:1439
+#, fuzzy
+msgid "flag the selected user ID as primary"
+msgstr "märgi kasutaja ID primaarseks"
+
+#: g10/keyedit.c:1441
+#, fuzzy
+msgid "toggle between the secret and public key listings"
+msgstr "lülita salajaste või avalike võtmete loendi vahel"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "näita eelistusi (ekspert)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "näita eelistusi (detailsena)"
+
+#: g10/keyedit.c:1448
+#, fuzzy
+msgid "set preference list for the selected user IDs"
+msgstr "Kas uuendan tõesti kõik kasutaja ID-de seaded? "
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "ei saa parsida võtmeserveri URI\n"
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr "Kas uuendan tõesti kõik kasutaja ID-de seaded? "
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "muuda parooli"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "muuda omaniku usaldust"
+
+#: g10/keyedit.c:1463
+#, fuzzy
+msgid "revoke signatures on the selected user IDs"
+msgstr "Kas tühistan tõesti kõik valitud kasutaja IDd? "
+
+#: g10/keyedit.c:1465
+#, fuzzy
+msgid "revoke selected user IDs"
+msgstr "tühista kasutaja ID"
+
+#: g10/keyedit.c:1470
+#, fuzzy
+msgid "revoke key or selected subkeys"
+msgstr "tühista sekundaarne võti"
+
+#: g10/keyedit.c:1471
+#, fuzzy
+msgid "enable key"
+msgstr "luba võti"
+
+#: g10/keyedit.c:1472
+#, fuzzy
+msgid "disable key"
+msgstr "blokeeri võti"
+
+#: g10/keyedit.c:1473
+#, fuzzy
+msgid "show selected photo IDs"
+msgstr "näita foto ID"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, fuzzy, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "viga salajase võtmebloki `%s' lugemisel: %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Salajane võti on kasutatav.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Selle tegamiseks on vaja salajast võtit.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Palun kasutage kõigepealt käsku \"toggle\".\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "Võti on tühistatud."
+
+#: g10/keyedit.c:1798
+#, fuzzy
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Kas allkirjastan tõesti kõik kasutaja IDd? "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Vihje: Valige allkirjastamiseks kasutaja\n"
+
+#: g10/keyedit.c:1814
+#, fuzzy, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "tundmatu allkirja klass"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "See käsklus ei ole %s moodis lubatud.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Te peate valima vähemalt ühe kasutaja ID.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Viimast kasutaja ID ei saa kustutada!\n"
+
+#: g10/keyedit.c:1863
+#, fuzzy
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Kas kustutan tõesti kõik kasutaja IDd? "
+
+#: g10/keyedit.c:1864
+#, fuzzy
+msgid "Really remove this user ID? (y/N) "
+msgstr "Kas eemaldan tõesti selle kasutaja ID? "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+#, fuzzy
+msgid "Really move the primary key? (y/N) "
+msgstr "Kas eemaldan tõesti selle kasutaja ID? "
+
+#: g10/keyedit.c:1929
+#, fuzzy
+msgid "You must select exactly one key.\n"
+msgstr "Te peata valima vähemalt ühe võtme.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, fuzzy, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "`%s' ei õnnestu avada: %s\n"
+
+#: g10/keyedit.c:1988
+#, fuzzy, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "viga võtmehoidla `%s' loomisel: %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Te peata valima vähemalt ühe võtme.\n"
+
+#: g10/keyedit.c:2015
+#, fuzzy
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Kas te tõesti soovite valitud võtmeid kustutada? "
+
+#: g10/keyedit.c:2016
+#, fuzzy
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Kas te tõesti soovite seda võtit kustutada? "
+
+#: g10/keyedit.c:2051
+#, fuzzy
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Kas tühistan tõesti kõik valitud kasutaja IDd? "
+
+#: g10/keyedit.c:2052
+#, fuzzy
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Kas tühistan tõesti selle kasutaja ID? "
+
+#: g10/keyedit.c:2070
+#, fuzzy
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Kas te tõesti soovite seda võtit tühistada? "
+
+#: g10/keyedit.c:2081
+#, fuzzy
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Kas te tõesti soovite valitud võtmeid tühistada? "
+
+#: g10/keyedit.c:2083
+#, fuzzy
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Kas te tõesti soovite seda võtit tühistada? "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+#, fuzzy
+msgid "Set preference list to:\n"
+msgstr "sea eelistuste nimekiri"
+
+#: g10/keyedit.c:2181
+#, fuzzy
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "Kas uuendan tõesti kõik kasutaja ID-de seaded? "
+
+#: g10/keyedit.c:2183
+#, fuzzy
+msgid "Really update the preferences? (y/N) "
+msgstr "Kas tõesti uuendan seaded? "
+
+#: g10/keyedit.c:2253
+#, fuzzy
+msgid "Save changes? (y/N) "
+msgstr "Salvestan muutused? "
+
+#: g10/keyedit.c:2256
+#, fuzzy
+msgid "Quit without saving? (y/N) "
+msgstr "Väljun salvestamata? "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "uuendamine ebaõnnestus: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "salajase võtme uuendamine ebaõnnestus: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Võtit ei muudetud, seega pole uuendamist vaja.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Teatelühend: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Omadused: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr "Noteering: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "PGP 2.x stiilis kasutaja ID ei oma seadeid.\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Selle võtme võib olla tühistanud %s võti "
+
+#: g10/keyedit.c:2832
+#, fuzzy, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Selle võtme võib olla tühistanud %s võti "
+
+#: g10/keyedit.c:2838
+#, fuzzy
+msgid "(sensitive)"
+msgstr " (tundlik)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, fuzzy, c-format
+msgid "created: %s"
+msgstr "%s ei õnnestu luua: %s\n"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, fuzzy, c-format
+msgid "revoked: %s"
+msgstr "[tühistatud] "
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, fuzzy, c-format
+msgid "expired: %s"
+msgstr " [aegub: %s]"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, fuzzy, c-format
+msgid "expires: %s"
+msgstr " [aegub: %s]"
+
+#: g10/keyedit.c:2863
+#, fuzzy, c-format
+msgid "usage: %s"
+msgstr " usaldus: %c/%c"
+
+#: g10/keyedit.c:2878
+#, fuzzy, c-format
+msgid "trust: %s"
+msgstr " usaldus: %c/%c"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr ""
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "See võti on blokeeritud"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Tuleb tähele panna et kuni te pole programmi uuesti käivitanud, ei pruugi\n"
+"näidatud võtme kehtivus olla tingimata korrektne.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+#, fuzzy
+msgid "revoked"
+msgstr "[tühistatud] "
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+#, fuzzy
+msgid "expired"
+msgstr "expire"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"HOIATUS: ühtegi kasutaja ID pole märgitud primaarseks. See käsklus võib\n"
+" põhjustada muu kasutaja ID primaarseks määramist.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"HOIATUS: See on PGP2-stiilis võti. Foto ID lisamine võib sundida mõningaid\n"
+" PGP versioone seda võtit tagasi lükkama.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Olete kindel, et soovite seda ikka lisada? (j/E) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "Foto IDd ei saa PGP2 võtmele lisada.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Kustutan selle korrektse allkirja? (j/E/v)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Kustutan selle vigase allkirja? (j/E/v)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Kustutan selle tundmatu allkirja? (j/E/v)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Kas tõesti kustutan selle iseenda allkirja? (j/E)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Kustutatud %d allkiri.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "Kustutatud %d allkirja.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Midagi ei kustutatud.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+#, fuzzy
+msgid "invalid"
+msgstr "vigane pakend"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "Kasutaja ID \"%s\" on tühistatud."
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "Kasutaja ID \"%s\" on tühistatud."
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "Kasutaja ID \"%s\" on tühistatud."
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "kasutaja ID \"%s\" on juba tühistatud\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "kasutaja ID \"%s\" on juba tühistatud\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"HOIATUS: See on PGP2-stiilis võti. Määratud tühistaja lisamine võib\n"
+" põhjustada mõningaid PGP versioone seda võtit tagasi lükkama.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "PGP 2.x-stiili võtmele ei saa määratud tühistajat lisada.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Sisestage määratud tühistaja kasutaja ID: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "PGP 2.x stiilis võtit ei saa nimetada määratud tühistajaks\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "te ei saa nimetada võtit iseenda määratud tühistajaks\n"
+
+#: g10/keyedit.c:3561
+#, fuzzy
+msgid "this key has already been designated as a revoker\n"
+msgstr "HOIATUS: See võti on määratud tühistaja poolt tühistatud!\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr "HOIATUS: võtme seadmist määratud tühistajaks ei saa tagasi võtta!\n"
+
+#: g10/keyedit.c:3586
+#, fuzzy
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Olete kindel, et soovite seda võtit seada määratud tühistajaks? (j/E): "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Palun eemaldage salajastelt võtmetelt valikud.\n"
+
+#: g10/keyedit.c:3653
+#, fuzzy
+msgid "Please select at most one subkey.\n"
+msgstr "palun valige ülimalt üks sekundaarne võti.\n"
+
+#: g10/keyedit.c:3657
+#, fuzzy
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Muudan sekundaarse võtme aegumise aega.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Muudan primaarse võtme aegumise aega.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "v3 võtme aegumise aega ei saa muuta.\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Vastavat allkirja salajaste võtmete hoidlas pole\n"
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "HOIATUS: allkirjastamise alamvõti %08lX ei ole rist-sertifitseeritud\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Palun valige täpselt üks kasutaja ID.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, fuzzy, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "jätan kasutaja \"%s\" v3 iseenda allkirja vahele\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+#, fuzzy
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Olete kindel, et soovite seda kasutada (j/E)? "
+
+#: g10/keyedit.c:4260
+#, fuzzy
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Olete kindel, et soovite seda kasutada (j/E)? "
+
+#: g10/keyedit.c:4322
+#, fuzzy
+msgid "Enter the notation: "
+msgstr "Allkirja noteerimine: "
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "Kirjutan üle (j/E)? "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Kasutaja ID numbriga %d puudub\n"
+
+#: g10/keyedit.c:4604
+#, fuzzy, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Kasutaja ID numbriga %d puudub\n"
+
+#: g10/keyedit.c:4639
+#, fuzzy, c-format
+msgid "No subkey with index %d\n"
+msgstr "Kasutaja ID numbriga %d puudub\n"
+
+#: g10/keyedit.c:4774
+#, fuzzy, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "kasutaja ID: \""
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, fuzzy, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr " allkirjastanud %08lX %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (mitte-eksporditav)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "See allkiri aegub %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Olete kindel, et soovite seda ikka tühistada? (j/E) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Loon sellele allkirjale tühistamise sertifikaadi? (j/E) "
+
+#: g10/keyedit.c:4842
+#, fuzzy
+msgid "Not signed by you.\n"
+msgstr " allkirjastanud %08lX %s%s\n"
+
+#: g10/keyedit.c:4848
+#, fuzzy, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Te olete allkirjastanud järgnevad kasutaja IDd:\n"
+
+#: g10/keyedit.c:4874
+#, fuzzy
+msgid " (non-revocable)"
+msgstr " (mitte-eksporditav)"
+
+#: g10/keyedit.c:4881
+#, fuzzy, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr " tühistanud %08lX %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Te asute tühistama järgmisi allkirju:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Kas tõesti loon tühistamise sertifikaadid? (j/E) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "salajast võtit pole\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "kasutaja ID \"%s\" on juba tühistatud\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr "HOIATUS: kasutaja ID allkirja ajatempel on %d sekundit tulevikus\n"
+
+#: g10/keyedit.c:5104
+#, fuzzy, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "kasutaja ID \"%s\" on juba tühistatud\n"
+
+#: g10/keyedit.c:5166
+#, fuzzy, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "kasutaja ID \"%s\" on juba tühistatud\n"
+
+#: g10/keyedit.c:5261
+#, fuzzy, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "Näitan %s foto IDd suurusega %ld, võti 0x%08lX (uid %d)\n"
+
+#: g10/keygen.c:275
+#, fuzzy, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "eelistus %c%lu on duplikaat\n"
+
+#: g10/keygen.c:282
+#, fuzzy
+msgid "too many cipher preferences\n"
+msgstr "liiga palju `%c' eelistusi\n"
+
+#: g10/keygen.c:284
+#, fuzzy
+msgid "too many digest preferences\n"
+msgstr "liiga palju `%c' eelistusi\n"
+
+#: g10/keygen.c:286
+#, fuzzy
+msgid "too many compression preferences\n"
+msgstr "liiga palju `%c' eelistusi\n"
+
+#: g10/keygen.c:426
+#, fuzzy, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "lubamatu sümbol eelistuste sõnes\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "kirjutan otsese allkirja\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "kirjutan iseenda allkirja\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "kirjutan võtit siduva allkirja\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "vigane võtme suurus; kasutan %u bitti\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "võtme suurus ümardatud üles %u bitini\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+#, fuzzy
+msgid "Sign"
+msgstr "sign"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+#, fuzzy
+msgid "Encrypt"
+msgstr "krüpteeri andmed"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr ""
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, fuzzy, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%d) ElGamal (ainult krüptimiseks)\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Palun valige, millist võtmetüüpi te soovite:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA ja ElGamal (vaikimisi)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA ja ElGamal (vaikimisi)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (ainult allkirjastamiseks)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (ainult allkirjastamiseks)\n"
+
+#: g10/keygen.c:1698
+#, fuzzy, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (ainult krüptimiseks)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (ainult krüpteerimiseks)\n"
+
+#: g10/keygen.c:1703
+#, fuzzy, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) RSA (ainult krüpteerimiseks)\n"
+
+#: g10/keygen.c:1704
+#, fuzzy, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (ainult krüpteerimiseks)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Millist võtmepikkust te soovite? (1024) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, fuzzy, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Millist võtmepikkust te soovite? (1024) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Soovitud võtmepikkus on %u bitti\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Palun määrake, kui kaua on võti kehtiv.\n"
+" 0 = võti ei aegu\n"
+" <n> = võti aegub n päevaga\n"
+" <n>w = võti aegub n nädalaga\n"
+" <n>m = võti aegub n kuuga\n"
+" <n>y = võti aegub n aastaga\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Palun määrake, kui kaua allkiri kehtib.\n"
+" 0 = allkiri ei aegu\n"
+" <n> = allkiri aegub n päevaga\n"
+" <n>w = allkiri aegub n nädalaga\n"
+" <n>m = allkiri aegub n kuuga\n"
+" <n>y = allkiri aegub n aastaga\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Võti on kehtiv kuni? (0) "
+
+#: g10/keygen.c:1964
+#, fuzzy, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Allkiri on kehtiv kuni? (0) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "vigane väärtus\n"
+
+#: g10/keygen.c:1989
+#, fuzzy
+msgid "Key does not expire at all\n"
+msgstr "%s ei aegu kunagi\n"
+
+#: g10/keygen.c:1990
+#, fuzzy
+msgid "Signature does not expire at all\n"
+msgstr "%s ei aegu kunagi\n"
+
+#: g10/keygen.c:1995
+#, fuzzy, c-format
+msgid "Key expires at %s\n"
+msgstr "%s aegub %s\n"
+
+#: g10/keygen.c:1996
+#, fuzzy, c-format
+msgid "Signature expires at %s\n"
+msgstr "Allkiri aegub %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Teie süsteem ei saa esitada kuupäevi peale aastat 2038.\n"
+"Siiski käsitletakse neid korrektselt aastani 2106.\n"
+
+#: g10/keygen.c:2013
+#, fuzzy
+msgid "Is this correct? (y/N) "
+msgstr "On see õige (j/e)? "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+#, fuzzy
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Võtme identifitseerimiseks on vaja määrata kasutaja; tarkvara konstrueerib\n"
+"kasutaja id kasutades pärisnime, kommentaari ja e-posti aadressi kujul:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Pärisnimi: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Lubamatu sümbol nimes\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Nimi ei või alata numbriga\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Nimes peab olema vähemalt 5 sümbolit\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "E-posti aadress: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Selline e-posti aadress ei ole lubatud\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Kommentaar: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Lubamatu sümbol kommentaaris\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Te kasutate kooditabelit `%s'.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Te valisite selle KASUTAJA-ID:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "Ärge palun kirjutage e-posti aadressi pärisnimesse ega kommentaari\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnKkEeOoVv"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Muuda (N)ime, (K)ommentaari, (E)posti või (V)älju? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Muuda (N)ime, (K)ommentaari, (E)posti või (O)k/(V)älju? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Palun parandage kõigepealt viga\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Te vajate oma salajase võtme kaitsmiseks parooli.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "Palun sisestage parool; see on salajane tekst \n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Te ei soovi parooli - see on tõenäoliselt *halb* idee!\n"
+"Ma siiski täidan teie soovi. Te saate oma parooli alati muuta,\n"
+"kasutades seda programmi võtmega \"--edit-key\".\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Me peame genereerima palju juhuslikke baite. Praegu oleks hea teostada\n"
+"arvutil mingeid teisi tegevusi (kirjutada klaviatuuril, liigutada hiirt,\n"
+"kasutada kettaid jne), see annaks juhuarvude generaatorile võimaluse\n"
+"koguda paremat entroopiat.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Võtme genereerimine katkestati.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "kirjutan avaliku võtme faili `%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, fuzzy, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "kirjutan salajase võtme faili `%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "kirjutan salajase võtme faili `%s'\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "kirjutatavat avalike võtmete hoidlat pole: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "kirjutatavat salajaste võtmete hoidlat pole: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "viga avaliku võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "viga salajase võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "avalik ja salajane võti on loodud ja allkirjastatud.\n"
+
+#: g10/keygen.c:3672
+#, fuzzy
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Pidage silmas, et seda võtit ei saa kasutada krüptimiseks. \n"
+"Krüptimiseks tuleb genereerida teine võti, seda saate teha\n"
+"kasutades võtit \"--edit-key\".\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Võtme genereerimine ebaõnnestus: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr "võti loodi %lu sekund tulevikus (ajahüpe või kella probleem)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr "võti loodi %lu sekundit tulevikus (ajahüpe või kella probleem)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "MÄRKUS: v3 võtmetele alamvõtmete loomine ei ole OpenPGP ühilduv\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+#, fuzzy
+msgid "Really create? (y/N) "
+msgstr "Loon tõesti? "
+
+#: g10/keygen.c:4116
+#, fuzzy, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
+
+#: g10/keygen.c:4165
+#, fuzzy, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "`%s' ei õnnestu luua: %s\n"
+
+#: g10/keygen.c:4191
+#, fuzzy, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "MÄRKUS: salajane võti %08lX aegus %s\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "mitte kunagi"
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Kriitiline allkirja poliitika: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Allkirja poliitika: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Kriitiline allkirja noteerimine: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Allkirja noteerimine: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Võtmehoidla"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Primaarse võtme sõrmejälg:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Alamvõtme sõrmejälg:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Primaarse võtme sõrmejälg:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Alamvõtme sõrmejälg:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+#, fuzzy
+msgid " Key fingerprint ="
+msgstr " Võtme sõrmejälg ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, fuzzy, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "pakendamine ebaõnnestus: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "HOIATUS: on olemas 2 faili konfidentsiaalse infoga.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s ei ole muudetud\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s on uus\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Palun parandage see võimalik turvaprobleem\n"
+
+#: g10/keyring.c:1430
+#, fuzzy, c-format
+msgid "caching keyring `%s'\n"
+msgstr "kontrollin võtmehoidlat `%s'\n"
+
+#: g10/keyring.c:1489
+#, fuzzy, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "kontrollitud %lu võtit (%lu allkirja)\n"
+
+#: g10/keyring.c:1501
+#, fuzzy, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "kontrollitud %lu võtit (%lu allkirja)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: võtmehoidla on loodud\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "antud allkirja poliisi URL on vigane\n"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, fuzzy, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr "HOIATUS: seaded failis `%s' pole seekord veel aktiivsed\n"
+
+#: g10/keyserver.c:544
+#, fuzzy
+msgid "disabled"
+msgstr "disable"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, fuzzy, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "vigased ekspordi võtmed\n"
+
+#: g10/keyserver.c:932
+#, fuzzy, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "võtit '%s' ei leitud: %s\n"
+
+#: g10/keyserver.c:934
+#, fuzzy
+msgid "key not found on keyserver\n"
+msgstr "võtit '%s' ei leitud: %s\n"
+
+#: g10/keyserver.c:1177
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "küsin võtit %08lX võtmeserverist %s\n"
+
+#: g10/keyserver.c:1181
+#, fuzzy, c-format
+msgid "requesting key %s from %s\n"
+msgstr "küsin võtit %08lX võtmeserverist %s\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "otsin \"%s\" HKP serverist %s\n"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "otsin \"%s\" HKP serverist %s\n"
+
+#: g10/keyserver.c:1361
+#, fuzzy, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "otsin \"%s\" HKP serverist %s\n"
+
+#: g10/keyserver.c:1365
+#, fuzzy, c-format
+msgid "sending key %s to %s\n"
+msgstr ""
+"\"\n"
+"allkirjastatud teie võtmega %08lX %s\n"
+
+#: g10/keyserver.c:1408
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "otsin \"%s\" HKP serverist %s\n"
+
+#: g10/keyserver.c:1411
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "otsin \"%s\" HKP serverist %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+#, fuzzy
+msgid "no keyserver action!\n"
+msgstr "vigased ekspordi võtmed\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr ""
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+#: g10/keyserver.c:1575
+#, fuzzy
+msgid "keyserver timed out\n"
+msgstr "võtmeserveri viga"
+
+#: g10/keyserver.c:1580
+#, fuzzy
+msgid "keyserver internal error\n"
+msgstr "võtmeserveri viga"
+
+#: g10/keyserver.c:1589
+#, fuzzy, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "võtmeserverilt lugemine ebaõnnestus: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr ""
+
+#: g10/keyserver.c:1907
+#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "HOIATUS: ei saa kustutada ajutist faili (%s) `%s': %s\n"
+
+#: g10/keyserver.c:1929
+#, fuzzy, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "küsin võtit %08lX võtmeserverist %s\n"
+
+#: g10/keyserver.c:1931
+#, fuzzy, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "küsin võtit %08lX võtmeserverist %s\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "HOIATUS: ei saa kustutada ajutist faili (%s) `%s': %s\n"
+
+#: g10/keyserver.c:1993
+#, fuzzy, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "HOIATUS: ei saa kustutada ajutist faili (%s) `%s': %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "veider suurus krüptitud sessiooni võtme jaoks (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s krüpteeritud sessiooni võti\n"
+
+#: g10/mainproc.c:294
+#, fuzzy, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "krüpteeritud tundmatu algoritmiga %d\n"
+
+#: g10/mainproc.c:360
+#, fuzzy, c-format
+msgid "public key is %s\n"
+msgstr "avalik võti on %08lX\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "avaliku võtmega krüpteeritud andmed: hea DEK\n"
+
+#: g10/mainproc.c:456
+#, fuzzy, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "krüpteeritud %u-bitise %s võtmega, ID %08lX, loodud %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, fuzzy, c-format
+msgid " \"%s\"\n"
+msgstr " ka \""
+
+#: g10/mainproc.c:464
+#, fuzzy, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "krüpteeritud %s võtmega, ID %08lX\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "avaliku võtmega lahtikrüpteerimine ebaõnnestus: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "krüpteeritud kasutades %lu parooli\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "krüpteeritud ühe parooliga\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "eeldan %s krüpteeritud andmeid\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "IDEA ¨iffer pole saadaval, loodan kasutada selle asemel %s\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "lahtikrüpteerimine õnnestus\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "HOIATUS: teate kooskõlalisus ei ole tagatud\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "HOIATUS: krüpteeritud teadet on muudetud!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "lahtikrüpteerimine ebaõnnestus: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "MÄRKUS: saatja nõudis \"ainult-teie-silmadele\"\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "algne failinimi on='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "eraldiseisev tühistus - realiseerimiseks kasutage \"gpg --import\"\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "Korrektne allkiri kasutajalt \""
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "allkirja kontroll jäeti ära\n"
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "neid allkirju ei õnnestu töödelda\n"
+
+#: g10/mainproc.c:1598
+#, fuzzy, c-format
+msgid "Signature made %s\n"
+msgstr "Allkiri aegus %s\n"
+
+#: g10/mainproc.c:1599
+#, fuzzy, c-format
+msgid " using %s key %s\n"
+msgstr " ka \""
+
+#: g10/mainproc.c:1603
+#, fuzzy, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Allkirja lõi %.*s kasutades %s võtit ID %08lX\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Võtme leiate: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, fuzzy, c-format
+msgid "BAD signature from \"%s\""
+msgstr "HALB allkiri kasutajalt \""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, fuzzy, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Aegunud allkiri kasutajalt \""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, fuzzy, c-format
+msgid "Good signature from \"%s\""
+msgstr "Korrektne allkiri kasutajalt \""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[ebakindel]"
+
+#: g10/mainproc.c:1843
+#, fuzzy, c-format
+msgid " aka \"%s\""
+msgstr " ka \""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Allkiri aegus %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Allkiri aegub %s\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s allkiri, sõnumilühendi algoritm %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "binaarne"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "tekstimood"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "tundmatu"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Allkirja ei saa kontrollida: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "ei ole eraldiseisev allkiri\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr "HOIATUS: leidsin mitu allkirja. Kontrollitakse ainult esimest.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "eraldiseisev allkiri klassiga 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "vana stiili (PGP 2.x) allkiri\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "proc_tree() tuvastas vigase juurmise paketi\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, fuzzy, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "faili ei õnnestu avada: %s\n"
+
+#: g10/misc.c:178
+#, fuzzy, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "trustdb: lugemine ebaõnnestus (n=%d): %s\n"
+
+#: g10/misc.c:296
+#, fuzzy, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "ei oska käsitleda avaliku võtme algoritmi %d\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+"sõnumilühendi algoritmi %s (%d) kasutamine on vastuolus saaja eelistustega\n"
+
+#: g10/misc.c:315
+#, fuzzy, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "realiseerimata ¨ifri algoritm"
+
+#: g10/misc.c:330
+#, fuzzy, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "%s allkiri, sõnumilühendi algoritm %s\n"
+
+#: g10/misc.c:335
+#, fuzzy, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr ""
+"sõnumilühendi algoritmi %s (%d) kasutamine on vastuolus saaja eelistustega\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "IDEA ¨ifri lisandprogrammi pole\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr " i = esita palun täiendavat infot\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: ebasoovitav võti \"%s\"\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "HOIATUS: võtit \"%s\" ei soovitata kasutada.\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "palun kasutage selle asemel \"%s%s\"\n"
+
+#: g10/misc.c:774
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "HOIATUS: võtit \"%s\" ei soovitata kasutada.\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "HOIATUS: võtit \"%s\" ei soovitata kasutada.\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "Pakkimata"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+#, fuzzy
+msgid "uncompressed|none"
+msgstr "Pakkimata"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "see teade ei pruugi olla programmiga %s kasutatav\n"
+
+#: g10/misc.c:1175
+#, fuzzy, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "loen võtmeid failist `%s'\n"
+
+#: g10/misc.c:1200
+#, fuzzy, c-format
+msgid "unknown option `%s'\n"
+msgstr "tundmatu vaikimisi saaja `%s'\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Fail `%s' on olemas. "
+
+#: g10/openfile.c:93
+#, fuzzy
+msgid "Overwrite? (y/N) "
+msgstr "Kirjutan üle (j/E)? "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: tundmatu suffiks\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Sisestage uus failinimi"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "kirjutan standardväljundisse\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "eeldan allkirjastatud andmeid failis `%s'\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "uus omaduste fail `%s' on loodud\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "HOIATUS: seaded failis `%s' pole seekord veel aktiivsed\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "ei oska käsitleda avaliku võtme algoritmi %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+"HOIATUS: tõenäoliselt ebaturvaline sümmeetriliselt krüpteeritud sessiooni "
+"võti\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "alampaketil tüübiga %d on kriitiline bitt seatud\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, fuzzy, c-format
+msgid "problem with the agent: %s\n"
+msgstr "probleem agendiga: agent tagastas 0x%lx\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, fuzzy, c-format
+msgid " (main key ID %s)"
+msgstr " (peamise võtme ID %08lX)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Te vajate kasutaja salajase võtme lahtilukustamiseks parooli:\n"
+"\"%.*s\"\n"
+"%u-bitti %s võti, ID %08lX, loodud %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Sisestage parool\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "katkestatud kasutaja poolt\n"
+
+#: g10/passphrase.c:592
+#, fuzzy, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"\n"
+"Te vajate kasutaja salajase võtme lahtilukustamiseks\n"
+"parooli: \""
+
+#: g10/passphrase.c:600
+#, fuzzy, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-bitine %s võti, ID %08lX, loodud %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Valige foto ID'na kasutatav pilt. Pilt peab olema JPEG fail.\n"
+"Pidage meeles, et pilt salvestatakse teie avalikus võtmes. Kui kasutate\n"
+"väga suurt pilti, on ka kõti väha suur!\n"
+"Mõistlik pildi suurus võiks olla umbes 240x288.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Sisestage foto ID jaoks JPEG faili nimi: "
+
+#: g10/photoid.c:117
+#, fuzzy, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "faili ei õnnestu avada: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+#, fuzzy
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Olete kindel, et soovite seda kasutada (j/E)? "
+
+#: g10/photoid.c:146
+#, fuzzy, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "\"%s\": ei ole JPEG fail\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "On see foto õige (j/E/v)? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "foto ID ei saa näidata!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Põhjus puudub"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Võti on asendatud"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Võti on kompromiteeritud"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Võti ei ole enam kasutusel"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "Kasutaja ID ei ole enam kehtiv"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "tühistamise põhjus: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "tühistamise kommentaar: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iItTvVjJ"
+
+#: g10/pkclist.c:212
+#, fuzzy
+msgid "No trust value assigned to:\n"
+msgstr ""
+"Usalduse väärtus puudub:\n"
+"%4u%c/%08lX %s \""
+
+#: g10/pkclist.c:245
+#, fuzzy, c-format
+msgid " aka \"%s\"\n"
+msgstr " ka \""
+
+#: g10/pkclist.c:255
+#, fuzzy
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "See võti kuulub tõenäoliselt omanikule\n"
+
+#: g10/pkclist.c:270
+#, fuzzy, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Ei tea\n"
+
+#: g10/pkclist.c:272
+#, fuzzy, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = EI usalda\n"
+
+#: g10/pkclist.c:278
+#, fuzzy, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Usaldan absoluutselt\n"
+
+#: g10/pkclist.c:284
+#, fuzzy
+msgid " m = back to the main menu\n"
+msgstr " t = tagasi põhimenüüsse\n"
+
+#: g10/pkclist.c:287
+#, fuzzy
+msgid " s = skip this key\n"
+msgstr " j = jäta see võti vahele\n"
+
+#: g10/pkclist.c:288
+#, fuzzy
+msgid " q = quit\n"
+msgstr " v = välju\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Teie otsus? "
+
+#: g10/pkclist.c:319
+#, fuzzy
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Kas te tõesti soovite seda võtit absoluutselt usaldada? "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Sertifikaadid täiesti usaldatava võtmeni:\n"
+
+#: g10/pkclist.c:418
+#, fuzzy, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr "%08lX: Ei ole midagi, mis näitaks, et see võti kuulub omanikule\n"
+
+#: g10/pkclist.c:423
+#, fuzzy, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr "%08lX: Ei ole midagi, mis näitaks, et see võti kuulub omanikule\n"
+
+#: g10/pkclist.c:429
+#, fuzzy
+msgid "This key probably belongs to the named user\n"
+msgstr "See võti kuulub tõenäoliselt omanikule\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "See võti kuulub meile\n"
+
+#: g10/pkclist.c:460
+#, fuzzy
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"EI ole kindel, et see võti kuulub isikule, keda mainitakse\n"
+"kasutaja ID väljal. Kui te *tõesti* teate, mida te teete,\n"
+"võite järgnevale küsimusele vastata jaatavalt\n"
+"\n"
+
+#: g10/pkclist.c:479
+#, fuzzy
+msgid "Use this key anyway? (y/N) "
+msgstr "Kasutan seda võtit ikka? "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "HOIATUS: Kasutan mitteusaldatavat võtit!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "HOIATUS: see võti võib olla tühistatud (tühistamise võtit pole)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "HOIATUS: See võti on määratud tühistaja poolt tühistatud!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "HOIATUS: See võti on omaniku poolt tühistatud!\n"
+
+#: g10/pkclist.c:533
+#, fuzzy
+msgid " This could mean that the signature is forged.\n"
+msgstr " See võib tähendada, et allkiri on võltsing.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "HOIATUS: See alamvõti on omaniku poolt tühistatud!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Märkus: See võti on blokeeritud.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Märkus: See võti on aegunud!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "HOIATUS: Seda võtit ei ole sertifitseeritud usaldatava allkirjaga!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr " Ei ole midagi, mis näitaks, et allkiri kuulub omanikule.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "HOIATUS: Me EI usalda seda võtit!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Allkiri on tõenäoliselt VÕLTSING.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"HOIATUS: Seda võtit ei ole sertifitseeritud piisavalt usaldatava "
+"allkirjaga!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Ei ole kindel, et allkiri kuulub omanikule.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: jätsin vahele: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: jätsin vahele: avalik võti on juba olemas\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "Te ei määranud kasutaja IDd. (võite kasutada võtit \"-r\")\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Sisestage kasutaja ID. Lõpetage tühja reaga: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Tundmatu kasutaja ID.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "jätsin vahele: avalik võti on juba vaikimisi saaja\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Avalik võti on blokeeritud.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "jätsin vahele: avalik võti on juba olemas\n"
+
+#: g10/pkclist.c:1045
+#, fuzzy, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "tundmatu vaikimisi saaja `%s'\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: jätsin vahele: avalik võti on blokeeritud\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "kehtivaid aadresse pole\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "võti %08lX: kasutaja ID puudub\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "võti %08lX: kasutaja ID puudub\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "andmeid ei salvestatud; salvestamiseks kasutage võtit \"--output\"\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Eraldiseisev allkiri.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Palun sisestage andmefaili nimi: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "loen standardsisendit ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "allkirjastatud andmeid pole\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "allkirjastatud andmete avamine ebaõnnestus `%s'\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "allkirjastatud andmete avamine ebaõnnestus `%s'\n"
+
+#: g10/pubkey-enc.c:105
+#, fuzzy, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "anonüümne saaja; proovin salajast võtit %08lX ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "ok, me oleme anonüümne teate saaja.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "vana DEK kodeerimine ei ole toetatud\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "¨ifri algoritm %d%s on tundmatu või blokeeritud\n"
+
+#: g10/pubkey-enc.c:284
+#, fuzzy, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "MÄRKUS: ¨ifri algoritm %d puudub eelistustes\n"
+
+#: g10/pubkey-enc.c:304
+#, fuzzy, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "MÄRKUS: salajane võti %08lX aegus %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "MÄRKUS: võti on tühistatud"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet ebaõnnestus: %s\n"
+
+#: g10/revoke.c:145
+#, fuzzy, c-format
+msgid "key %s has no user IDs\n"
+msgstr "võti %08lX: kasutaja ID puudub\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Tühistaja:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(See on tundlik tühistamise võti)\n"
+
+#: g10/revoke.c:314
+#, fuzzy
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Loon sellele võtmele tühistamise sertifikaadi? "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "Väljundis sunnitakse kasutama ASCII vormingut.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet ebaõnnestus: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Tühistamise sertifikaat on loodud.\n"
+
+#: g10/revoke.c:411
+#, fuzzy, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr ""
+"`%s' jaoks pole tühistamise võtmeid\n"
+"\n"
+
+#: g10/revoke.c:470
+#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "salajast võtit `%s' ei leitud: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "vastavat avalikku võtit pole: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "avalik võti ei sobi salajase võtmega!\n"
+
+#: g10/revoke.c:515
+#, fuzzy
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Loon sellele võtmele tühistamise sertifikaadi? "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "tundmatu kaitsealgoritm\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "MÄRKUS: See võti ei ole kaitstud!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Tühistamise sertifikaat on loodud.\n"
+"\n"
+"Palun salvestage see andmekandjale, mida saate kindlasse kohta ära panna.\n"
+"Kui mallory saab sellele sertifikaadile juurdepääsu, võib ta seda kasutades\n"
+"muuta kõik teie võtmed kasutamiskõlbmatuks.\n"
+"Samuti on mõistlik trükkida see sertifikaat paberile ja panna hoiule "
+"juhuks,\n"
+"kui meedia muutub loetamatuks. Aga olge ettevaatlik: teie arvuti "
+"trükisüsteem\n"
+"võib salvestada need andmed ja teha teistele kättesaadavaks! \n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Palun valige tühistamise põhjus:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Katkesta"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Tõenäoliselt soovite siin valida %d)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Sisestage mittekohustuslik kirjeldus. Lõpetage tühja reaga:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Tühistamise põhjus: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(Kirjeldust ei antud)\n"
+
+#: g10/revoke.c:721
+#, fuzzy
+msgid "Is this okay? (y/N) "
+msgstr "On see hästi? "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "salajase võtme komponendid ei ole kättesaadavad\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "kaitse algoritm %d%s ei ole toetatud\n"
+
+#: g10/seckey-cert.c:72
+#, fuzzy, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "kaitse algoritm %d%s ei ole toetatud\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Vigane parool; palun proovige uuesti"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "HOIATUS: Tuvastasin nõrga võtme - palun muutke uuesti parooli.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"loon salajase võtme kaitseks mittesoovitavat 16 bitist kontrollsummat\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "loodi nõrk võti - proovin uuesti\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"sümmeetrilises ¨ifris ei õnnestu vältida nõrga võtme kasutamist; proovisin %"
+"d korda!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "HOIATUS: allkirja lühend on teatega konfliktne\n"
+
+#: g10/sig-check.c:105
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "HOIATUS: allkirjastamise alamvõti %08lX ei ole rist-sertifitseeritud\n"
+
+#: g10/sig-check.c:117
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr "HOIATUS: allkirjastamise alamvõtmel %08lX on vigane rist-sertifikaat\n"
+
+#: g10/sig-check.c:211
+#, fuzzy, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "avalik võti %08lX on %lu sekund uuem, kui allkiri\n"
+
+#: g10/sig-check.c:212
+#, fuzzy, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "avalik võti %08lX on %lu sekundit uuem, kui allkiri\n"
+
+#: g10/sig-check.c:223
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr "võti loodi %lu sekund tulevikus (ajahüpe või kella probleem)\n"
+
+#: g10/sig-check.c:225
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr "võti loodi %lu sekundit tulevikus (ajahüpe või kella probleem)\n"
+
+#: g10/sig-check.c:239
+#, fuzzy, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "MÄRKUS: allkirja võti %08lX aegus %s\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "MÄRKUS: võti on tühistatud"
+
+#: g10/sig-check.c:325
+#, fuzzy, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr "eeldan tundmatu kriitilise biti tõttu võtmel %08lX vigast allkirja\n"
+
+#: g10/sig-check.c:591
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "võti %08lX: alamvõtme tühistamise paketile puudub alamvõti\n"
+
+#: g10/sig-check.c:618
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "võti %08lX: alamvõtme allkirjaga sidumiseks puudub alamvõti\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"HOIATUS: noteerimise %%-asendus ebaõnnestus (liiga suur). Kasutan "
+"kompaktset.\n"
+
+#: g10/sign.c:115
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"HOIATUS: poliisi urli %%-asendus ebaõnnestus (liiga suur). Kasutan "
+"kompaktset.\n"
+
+#: g10/sign.c:138
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"HOIATUS: poliisi urli %%-asendus ebaõnnestus (liiga suur). Kasutan "
+"kompaktset.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "Loodud allkirja ei õnnestu kontrollida: %s\n"
+
+#: g10/sign.c:320
+#, fuzzy, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s allkiri kasutajalt: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"PGP 2.x stiilis võtmetega saab eraldi-allkirjastada ainult --pgp2 moodis\n"
+
+#: g10/sign.c:837
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"sõnumilühendi algoritmi %s (%d) kasutamine on vastuolus saaja eelistustega\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "allkirjastan:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"PGP 2.x stiilis võtmetega saab avateksti allkirjastada ainult --pgp2 moodis\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "kasutatakse %s krüpteerimist\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"võti ei ole märgitud ebaturvaliseks - sellega ei saa võlts RNGd kasutada!\n"
+
+#: g10/skclist.c:174
+#, fuzzy, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "`%s' jätsin vahele: duplikaat\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "`%s' jätsin vahele: %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "jätsin vahele: avalik võti on juba olemas\n"
+
+#: g10/skclist.c:208
+#, fuzzy
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"jätsin `%s' vahele: see on PGP genereeritud ElGamal võti,\n"
+"mis ei ole allkirjades kasutamiseks turvaline!\n"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "usalduse kirje %lu, tüüp %d: kirjutamine ebaõnnestus: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Omistatud usalduse väärtuste loend, loodud: %s\n"
+"# (Taastamiseks kasutage \"gpg --import-ownertrust\")\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, fuzzy, c-format
+msgid "error in `%s': %s\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: g10/tdbdump.c:161
+#, fuzzy
+msgid "line too long"
+msgstr "rida on liiga pikk\n"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+#, fuzzy
+msgid "invalid fingerprint"
+msgstr "viga: vigane sõrmejälg\n"
+
+#: g10/tdbdump.c:180
+#, fuzzy
+msgid "ownertrust value missing"
+msgstr "impordi usalduse väärtused"
+
+#: g10/tdbdump.c:216
+#, fuzzy, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "viga usalduse kirje otsimisel: %s\n"
+
+#: g10/tdbdump.c:220
+#, fuzzy, c-format
+msgid "read error in `%s': %s\n"
+msgstr "viga lugemisel: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "trustdb: sync ebaõnnestus: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "trustdb kirje %lu: lseek ebaõnnestus: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "trustdb rec %lu: write failed (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "trustdb transaktsioon on liiga suur\n"
+
+#: g10/tdbio.c:500
+#, fuzzy, c-format
+msgid "can't access `%s': %s\n"
+msgstr "`%s' ei õnnestu sulgeda: %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: kataloogi ei ole!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, fuzzy, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "`%s' ei õnnestu luua: %s\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, fuzzy, c-format
+msgid "can't lock `%s'\n"
+msgstr "`%s' ei õnnestu avada\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: versioonikirje loomine ei õnnestu: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: loodi vigane usalduse andmebaas\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: trustdb on loodud\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "MÄRKUS: trustdb pole kirjutatav\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: vigane trustdb\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: paisktabeli loomine ebaõnnestus: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: viga versioonikirje uuendamisel: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: viga versioonikirje lugemisel: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: viga versioonikirje kirjutamisel: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "trustdb: lseek ebaõnnestus: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "trustdb: lugemine ebaõnnestus (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: ei ole trustdb fail\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: versioonikirje kirje numbriga %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: vigane faili versioon %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: viga vaba kirje lugemisel: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: viga kataloogikirje kirjutamisel: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: kirje nullimine ebaõnnestus: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: kirje lisamine ebaõnnestus: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: trustdb on loodud\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "ei suuda käsitleda tekstiridu mis on pikemad, kui %d sümbolit\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "sisendrida on pikem, kui %d sümbolit\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "`%s' ei ole kehtiv pikk võtmeID\n"
+
+#: g10/trustdb.c:252
+#, fuzzy, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "võti %08lX: aktsepteerin usaldusväärse võtmena\n"
+
+#: g10/trustdb.c:290
+#, fuzzy, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "võti %08lX esineb trustdb failis enam kui korra\n"
+
+#: g10/trustdb.c:305
+#, fuzzy, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "võti %08lX: usaldataval võtmel pole avalikku võtit - jätsin vahele\n"
+
+#: g10/trustdb.c:315
+#, fuzzy, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "võti on märgitud abslouutselt usaldatuks.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "usalduse kirje %lu, päringu tüüp %d: lugemine ebaõnnestus: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "usalduse kirje %lu ei oma soovitud tüüpi %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+#, fuzzy
+msgid "[ revoked]"
+msgstr "[tühistatud] "
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+#, fuzzy
+msgid "[ expired]"
+msgstr "[aegunud] "
+
+#: g10/trustdb.c:528
+#, fuzzy
+msgid "[ unknown]"
+msgstr "tundmatu"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+#, fuzzy
+msgid "never"
+msgstr "mitte kunagi"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "trustdb kontrolliks puudub vajadus\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "trustdb järgmine kontroll %s\n"
+
+#: g10/trustdb.c:607
+#, fuzzy, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "trustdb kontrolliks puudub vajadus\n"
+
+#: g10/trustdb.c:622
+#, fuzzy, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "trustdb kontrolliks puudub vajadus\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, fuzzy, c-format
+msgid "public key %s not found: %s\n"
+msgstr "ei leia avalikku võtit %08lX: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "palun tehke --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "kontrollin trustdb faili\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d võtit töödeldud (%d kehtivust puhastatud)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "absoluutselt usaldatavaid võtmeid pole\n"
+
+#: g10/trustdb.c:2309
+#, fuzzy, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "puudub absoluutselt usaldatava võtme %08lX avalik võti\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, fuzzy, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "usalduse kirje %lu, tüüp %d: kirjutamine ebaõnnestus: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"allkirja ei õnnestu kontrollida.\n"
+"Palun pidage meeles, et allkirja fail (.sig või .asc)\n"
+"peab olema käsureal esimene fail.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "sisendrida %u on liiga pikk või seavahetus puudub\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "`%s' ei õnnestu avada: %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "kirjutan salajase võtme faili `%s'\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "viga faili lugemisel"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "rida on liiga pikk\n"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "vigane argument"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "vastuolulised käsud\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "vigased impordi võtmed\n"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "ei töödeldud"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "vigased impordi võtmed\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "Vigane käsklus (proovige \"help\")\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "ei töödeldud"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "vigased impordi võtmed\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "te leidsite vea ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "faili ei õnnestu avada: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "pakendamine ebaõnnestus: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "kataloogi `%s' ei õnnestu luua: %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "kirjutan salajase võtme faili `%s'\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "ei leia avalikku võtit %08lX: %s\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "kirjutan salajase võtme faili `%s'\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "muuda parooli"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "muuda parooli"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Palun valige tühistamise põhjus:\n"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Palun valige tühistamise põhjus:\n"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, fuzzy, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "viga parooli loomisel: %s\n"
+
+#: scd/app-openpgp.c:695
+#, fuzzy, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
+
+#: scd/app-openpgp.c:708
+#, fuzzy, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "võtmehoidla vahemälu uuesti loomine ebaõnnestus: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, fuzzy, c-format
+msgid "reading public key failed: %s\n"
+msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr ""
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "muuda parooli"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, fuzzy, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "võtmeserverile saatmine ebaõnnestus: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "muuda parooli"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "muuda parooli"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "Palun valige tühistamise põhjus:\n"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+#, fuzzy
+msgid "error reading application data\n"
+msgstr "viga võtmebloki lugemisel: %s\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+#, fuzzy
+msgid "error reading fingerprint DO\n"
+msgstr "%s: viga vaba kirje lugemisel: %s\n"
+
+#: scd/app-openpgp.c:2194
+#, fuzzy
+msgid "key already exists\n"
+msgstr "`%s' on juba pakitud\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2200
+#, fuzzy
+msgid "generating new key\n"
+msgstr "genereeri uus võtmepaar"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "genereeri uus võtmepaar"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2773
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2872
+#, fuzzy
+msgid "generating key failed\n"
+msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
+
+#: scd/app-openpgp.c:2875
+#, fuzzy, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "Võtme genereerimine ebaõnnestus: %s\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "%s allkiri, sõnumilühendi algoritm %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, fuzzy, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "ei leia OpenPGP andmeid.\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr ""
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "|FAIL|lae laiendusmoodul FAIL"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+#, fuzzy
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NIMI|kasuta NIME vaikimisi saajana"
+
+#: scd/scdaemon.c:130
+#, fuzzy
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NIMI|kasuta NIME vaikimisi saajana"
+
+#: scd/scdaemon.c:133
+#, fuzzy
+msgid "do not use the internal CCID driver"
+msgstr "ära kasuta terminali"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "vastuolulised käsud\n"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "vigane radix64 sümbol %02x vahele jäetud\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+#, fuzzy
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "vigane GPG_AGENT_INFO keskkonnamuutuja\n"
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "gpg-agendi protokolli versioon %d ei ole toetatud\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "help"
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "gpg-agendi protokolli versioon %d ei ole toetatud\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "`%s' ei õnnestu avada: %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "kirjutan salajase võtme faili `%s'\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "viga parooli loomisel: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "MÄRKUS: võti on tühistatud"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "Loodud allkirja ei õnnestu kontrollida: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr ""
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "kirjutan salajase võtme faili `%s'\n"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "See võti on aegunud!"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "See võti on aegunud!"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "See võti on aegunud!"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "See võti on aegunud!"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " uusi allkirju: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "Tühistamise sertifikaat on loodud.\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "halb sertifikaat"
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr ""
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "näita sõrmejälge"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "genereeri tühistamise sertifikaat"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "Loodud allkirja ei õnnestu kontrollida: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr ""
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "kontrolli allkirja"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "eelistus %c%lu on duplikaat\n"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "Tühistamise sertifikaat on loodud.\n"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr "halb sertifikaat"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "ei"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "viga: vigane sõrmejälg\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "viga: vigane sõrmejälg\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Te vajate kasutaja salajase võtme lahtilukustamiseks parooli:\n"
+"\"%.*s\"\n"
+"%u-bitti %s võti, ID %08lX, loodud %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "viga salajase võtme võtmehoidlasse `%s' kirjutamisel: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "vigane räsialgoritm `%s'\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Selline e-posti aadress ei ole lubatud\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "viga võtmehoidla `%s' loomisel: %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "viga võtmehoidla `%s' loomisel: %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "Võtme genereerimine ebaõnnestus: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (ainult allkirjastamiseks)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) RSA (ainult krüpteerimiseks)\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Allkirja noteerimine: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "Kasutaja ID numbriga %d puudub\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: viga vaba kirje lugemisel: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "viga parooli loomisel: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "blokeeri võti"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) RSA (allkirjastamiseks ja krüptimiseks)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (ainult allkirjastamiseks)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (ainult krüpteerimiseks)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+#, fuzzy
+msgid "No subject name given\n"
+msgstr "(Kirjeldust ei antud)\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "vigane räsialgoritm `%s'\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "E-posti aadress: "
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"Sisestage kasutaja ID. Lõpetage tühja reaga: "
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "Sisestage uus failinimi"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr "Sisestage mittekohustuslik kirjeldus. Lõpetage tühja reaga:\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr ""
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "võtit '%s' ei leitud: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "viga võtmebloki lugemisel: %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "Tühistamise sertifikaat on loodud.\n"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "eelistus %c%lu on duplikaat\n"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "(Kirjeldust ei antud)\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "näita salajasi võtmeid"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "halb sertifikaat"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "halb sertifikaat"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "halb sertifikaat"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "loo ascii pakendis väljund"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "ära kasuta terminali"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "|FAIL|lae laiendusmoodul FAIL"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "pakettmood: ära küsi kunagi"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "eelda enamus küsimustele jah vastust"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "eelda enamus küsimustele ei vastust"
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "lisa see võtmehoidla võtmehoidlate nimekirja"
+
+#: sm/gpgsm.c:301
+#, fuzzy
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|NIMI|kasuta NIME vaikimisi salajase võtmena"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|HOST|kasuta seda võtmeserverit"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NIMI|kasuta ¨ifri algoritmi NIMI"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NIMI|kasuta teatelühendi algoritmi NIMI"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Süntaks: gpg [võtmed] [failid]\n"
+"allkirjasta, kontrolli, krüpti ja dekrüpti\n"
+"vaikimisi operatsioon sõltub sisendandmetest\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "kasuta: gpg [võtmed] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "ei õnnestu luua ühendust serveriga `%s': %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "tundmatu vaikimisi saaja `%s'\n"
+
+#: sm/gpgsm.c:801
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Kirjeldust ei antud)\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " j = jäta see võti vahele\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "ei saa parsida võtmeserveri URI\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, fuzzy, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "kirjutan faili `%s'\n"
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "`%s' ei õnnestu sulgeda: %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr "Töödeldud kokku: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "genereeri tühistamise sertifikaat"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "viga parooli loomisel: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "viga parooli loomisel: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "viga võtmehoidla `%s' loomisel: %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "võtmehoidla `%s' on loodud\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "TrustDB initsialiseerimine ebaõnnestus: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "viga parooli loomisel: %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "viga parooli loomisel: %s\n"
+
+#: sm/keydb.c:1408
+#, fuzzy, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "rev? probleem tühistamise kontrollimisel: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "viga: vigane sõrmejälg\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "kaitse algoritm %d%s ei ole toetatud\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "Loodud allkirja ei õnnestu kontrollida: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "Allkiri aegus %s\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "viga parooli loomisel: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "Korrektne allkiri kasutajalt \""
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " ka \""
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr ""
+"\n"
+"See saab olema iseenda allkiri.\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "välju"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|FAIL|lae laiendusmoodul FAIL"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "rida on liiga pikk\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "tundmatu vaikimisi saaja `%s'\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "allkirjastamine ebaõnnestus: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "viga teate saatmisel serverile `%s': %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "viga teate saatmisel serverile `%s': %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|kasuta parooli moodi N"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "viga parooli loomisel: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NIMI|kasuta NIME vaikimisi salajase võtmena"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NIMI|krüpti NIMEle"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "ei saa parsida võtmeserveri URI\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+#, fuzzy
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NIMI|kasuta paroolidega ¨ifri algoritmi NIMI"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "tundmatu seade \"%s\"\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "tundmatu seade \"%s\"\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "kasuta väljundfailina"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "kasuta: gpg [võtmed] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "ei leia avalikku võtit"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "kirjutan salajase võtme faili `%s'\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Käsud:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "lahtikrüpteerimine õnnestus\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "lahtikrüpteerimine õnnestus\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [failinimi]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s ja %s ei ole koos lubatud!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "faili ei õnnestu avada: %s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "kataloogi `%s' ei õnnestu luua: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, fuzzy, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "%s ei õnnestu avada: %s\n"
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "viga `%s' lugemisel: %s\n"
+
+#: tools/symcryptrun.c:488
+#, fuzzy
+msgid "no --program option provided\n"
+msgstr "mittelokaalse programmi käivitamist ei toetata\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "%s ei õnnestu luua: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "%s ei õnnestu luua: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "uuendamine ebaõnnestus: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "uuendamine ebaõnnestus: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "uuendamine ebaõnnestus: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "uuendamine ebaõnnestus: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "`%s' ei õnnestu luua: %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "`%s' ei õnnestu luua: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "kaitse algoritm %d%s ei ole toetatud\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Kasuta: gpg [võtmed] [failid] (-h näitab abiinfot)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Käsklus> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr "trustdb on vigane; palun käivitage \"gpg --fix-trustdb\".\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr "Palun saatke veateated aadressil <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr "Palun saatke veateated aadressil <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "DSA võtmepaari pikkuseks saab 1024 bitti.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Korrake parooli\n"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "loen võtmeid failist `%s'\n"
+
+#~ msgid "|[file]|make a signature"
+#~ msgstr "|[fail]|loo allkiri"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[fail]|loo allkiri"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[fail]|loo avateksti allkiri"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|NIMI|kasuta NIME vaikimisi saajana"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "kasuta vaikimisi saajana vaikimisi võtit"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "kasuta v3 allkirju"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "krüptimisel kasuta alati MDC"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "lisa see salajaste võtmete hoidla nimekirja"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|NIMI|terminali kooditabel on NIMI"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|FAIL|lae laiendusmoodul FAIL"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|kasuta pakkimisalgoritmi N"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "eemalda võtmed avalike võtmete hoidlast"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Teie ülesanne on sisestada nüüd väärtus; seda väärtust ei avalikustata\n"
+#~ "kolmandatele pooltele. Seda väärtust on vaja et realiseerida usaldusvõrk."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Usalduse võrgu loomiseks peab GnuPG teadma, millised võtmed on\n"
+#~ "absoluutselt usaldatavad. Need on tavaliselt võtmed, mille puhul\n"
+#~ "on teil juurdepääs ka nende salajastele võtmetele. Kui soovite\n"
+#~ "määrata seda võtit absoluutselt usaldatavaks, vastake \"jah\"\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Kui te ikkagi soovite kasutada seda mitteusaldatavat võtit, vastake \"jah"
+#~ "\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr "Sisestage kasutaja ID aadressile, kellele te soovite teadet saata."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "Üldiselt ei ole hea mõte kasutada sama võtit allkirjastamiseks ja\n"
+#~ "krüpteerimiseks. Seda algoritmi tuleks kasutada ainult teatud piirides.\n"
+#~ "Enne kasutamist konsulteerige palun oma turva eksperdiga."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Sisestage võtmepikkus"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Vastake \"jah\" või \"ei\""
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Sisestage nõutav väärtus, nagu viibal näidati.\n"
+#~ "Võimalik on ka sisestada ISO kuupäev (AAAA-KK-PP), aga te ei\n"
+#~ "saa korrektset veateadet, kuna süsteem üritab antud väärtust\n"
+#~ "tõlgendada vahemikuna."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Sisestage võtmehoidja nimi"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr ""
+#~ "palun e-posti aadress, aadress ei ole kohustuslik, aga väga soovitav"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Te võite nüüd sisestada kommentaari"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N et muuta nime.\n"
+#~ "K et muuta kommentaari.\n"
+#~ "E et muuta e-posti aadressi.\n"
+#~ "O et jätkata võtme loomist.\n"
+#~ "V et lõpetada võtme loomine."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr "Vastake \"jah\" (või \"j\"), kui võib alustada alamvõtme loomisega."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Kui te allkirjastate võtme kasutaja ID, kontrollige kõigepealt, kas võti\n"
+#~ "ikka kuulub antud ID-ga näidatud isikule. Teistel inimestel on hea "
+#~ "teada,\n"
+#~ "kui hoolikalt te seda kontrolli olete teostanud.\n"
+#~ "\n"
+#~ "\"0\" tähendab, et te ei väida oma kontrollimise kohta midagi.\n"
+#~ "\n"
+#~ "\"1\" tähendab, et te usute, et võtit omab isik, kes seda väidab omavat, "
+#~ "kuid\n"
+#~ " te ei saanud või ei soovinud seda väidet täiendavalt kontrollida. "
+#~ "See\n"
+#~ " on kasulik \"persooni\" kontrolliks, kui te allkirjastate isiku "
+#~ "pseudo-\n"
+#~ " nüümi võtit.\n"
+#~ "\n"
+#~ "\"2\" tähendab, et te teostasite võtme pealiskaudset kontrolli. See võib\n"
+#~ " näiteks tähendada, et te kontrollisite võtme sõrmejälge ja "
+#~ "kontrollisite\n"
+#~ " võtme kasutaja ID foto ID vastu.\n"
+#~ "\n"
+#~ "\"3\" tähendab, et te teostasite võtme põhjalikku kontrolli. See võib "
+#~ "näiteks\n"
+#~ " tähendada, et võrdlesite võtme sõrmejälge võrme omanikuga otse "
+#~ "suheldes\n"
+#~ " ja et te kontrollisite raskesti võltsitavast allikast (nt. pass) et\n"
+#~ " võtme omaniku nimi vastab võtmel näidatud kasutaja IDle ja te "
+#~ "kontrol-\n"
+#~ " lisite, et võtmel näidatud e-posti aadress kuulub võtme omanikule.\n"
+#~ "\n"
+#~ "pange tähele, et näited tasemete 2 ja 3 juures on *ainult* näited. "
+#~ "Sõltub\n"
+#~ "ainult teist, milline on \"pealiskaudse\" ja \"põhjaliku\" kontrolli "
+#~ "tähendus,\n"
+#~ "kui te allkirjastate teisi võtmeid.\n"
+#~ "\n"
+#~ "Kui te ei tea õiget vastust, vastake \"0\"."
+
+#, fuzzy
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "Kui te soovite allkirjastada KÕIK kasutaja IDd, vastake \"jah\""
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Kui te tõesti soovite seda kasutaja IDd kustutada, vastake \"jah\".\n"
+#~ "Sertifikaadid kustutatakse samuti!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Kui selle alamvõtme võib kustutada, vastake \"jah\""
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "See on võtme kehtiv allkiri; tavaliselt seda ei soovita kustutada,\n"
+#~ "kuna see allkiri võib olla vajalik, et kirjeldada antud võtme või\n"
+#~ "antud võtmega sertifitseeritud teise võtme usaldatavust."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Seda allkirja ei saa kontrollida, kuna puudub allkirjale vastav võti.\n"
+#~ "Te peaksite peatama kustutamise, kuni on teada, millist võtit see\n"
+#~ "kasutab, sest see võti võib moodustada usaldussuhte läbi mõne juba\n"
+#~ "sertifitseeritud võtme."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr "Allkiri ei ole kehtiv. Oleks mõistlik see võtmehoidlast kustutada."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "See allkiri seob kasutaja ID võtmega. Sellist allkirja ei ole\n"
+#~ "üldiselt soovitatav eemaldada. Peale selle kustutamist ei pruugi\n"
+#~ "GnuPG enam olla võimeline seda võtit leidma. Kustutada võiks\n"
+#~ "vaid siis, kui see allkiri ei ole miskipärast kehtiv ja on\n"
+#~ "olemas ka teine allkiri, mis kasutajat võtmega seob."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Muuda kõikide kasutaja ID-de seaded (või ainult valitud)\n"
+#~ "vastavaks hetkel määratud seadetele. Kõikide asjasse puutuvate\n"
+#~ "ise loodud allkirjade ajatempleid suurendatakse ühe sekundi võrra.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "Palun sisestage parool; see on salajane tekst \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr "Palun korrake parooli, siis saate oma kirjutatus kindel olla."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Sisestage palun failinimi, mida allkirjastada"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Vastake \"jah\", kui faili võib üle kirjutada"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Palun sisestage uus failinimi. Kui te vajutate lihtsalt reavahetust,\n"
+#~ "kasutatakse vaikimisi faili (nimi on nurksulgudes)."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Te peate määrama sertifitseerimise põhjuse. Sõltuvalt kontekstist on\n"
+#~ "teil võimalus valida üks järgnevaist:\n"
+#~ " \"Võti on kompromiteeritud\"\n"
+#~ " Kasutage seda, kui teil on põhjust uskuda, et autoriseerimata\n"
+#~ " isikud on saanud juurdepääsu teie salajasele võtmele.\n"
+#~ " \"Võti on asendatud\"\n"
+#~ " Kasutage seda, kui te olete selle võtme asendanud uuemaga.\n"
+#~ " \"Võti ei ole enam kasutusel\"\n"
+#~ " Kasutage seda, kui te ei kasuta enam seda võtit.\n"
+#~ " \"Kasutaja ID ei ole enam kehtiv\"\n"
+#~ " Kasutage seda märkimaks, et konkreetset kasutaja ID ei peaks enam\n"
+#~ " kasutama; seda kasutatakse tavaliselt märkimaks vigast e-posti "
+#~ "aadressi.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Kui te soovite, võite nüüd sisestada põhjenduse, miks te\n"
+#~ "soovite seda tühistamise sertifikaati esitada. Palun kirjutage\n"
+#~ "lühidalt. Tühi rida lõpetab teksti.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "noteerimise infot ei saa v3 (PGP 2.x stiilis) allkirja lisada\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr ""
+#~ "noteerimise infot ei saa v3 (PGP 2.x stiilis) võtme allkirja lisada\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "poliisi URLi ei saa v3 (PGP 2.x) allkirjadesse panna\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr "poliisi URLi ei saa v3 võtme (PGP 2.x) allkirjadesse panna\n"
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "help"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr "Lisainfot leiate lehelt http://www.gnupg.org/faq.html\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "gpg-agent ei ole sesses sessioonis kasutatav\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Palun valige, millist võtmetüüpi te soovite:\n"
+
+#, fuzzy
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr "ebaturvaliste õiguste tõttu ei laetud ¨ifri laiendust \"%s\"\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA nõuab 160 bitist räsialgoritmi kasutamist\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "probleem agendiga - blokeerin agendi kasutamise\n"
+
+#, fuzzy
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "pakettmoodis ei saa parooli küsida\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Sisestage parool: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Korrake parooli: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [kasutaja-id] [võtmehoidla]"
+
+#, fuzzy
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "vähem kui %d bitiga ei saa algarvu genereerida\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "vähem kui %d bitiga ei saa algarvu genereerida\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "entroopia kogumise moodul puudub\n"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "`%s' ei õnnestu avada\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "ei õnnestu lugeda `%s' atribuute: %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "`%s' ei ole tavaline fail - ignoreerin\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "märkus: random_seed fail on tühi\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr "HOIATUS: vigane random_seed faili suurus - ei kasuta\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "`%s' ei õnnestu lugeda: %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "märkus: random_seed faili ei uuendatud\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "`%s' ei õnnestu kirjutada: %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "`%s' ei õnnestu sulgeda: %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "HOIATUS: kasutan ebaturvalist juhuarvude generaatorit!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Juhuarvude generaator on ainult tühi kest, et programmid\n"
+#~ "käiks - see EI OLE tugev juhuarvude generaator!\n"
+#~ "\n"
+#~ "ÄRGE KASUTAGE SELLE PROGRAMMI POOLT GENEREERITUD ANDMEID!!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Palun oodake, kogutakse entroopiat. Igavuse vältimiseks võite teha "
+#~ "arvutiga\n"
+#~ "mingit tööd, see tõstab ka entroopia kvaliteeti.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Juhuslikke baite ei ole piisavalt. Palun tehke arvutiga muid töid,\n"
+#~ "et anda masinal võimalust koguda enam entroopiat! (Vajatakse %d baiti)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "salajane võti ei ole kättesaadav"
+
+#, fuzzy
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "gpg-agent ei ole sesses sessioonis kasutatav\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "Te olete allkirjastanud järgnevad kasutaja IDd:\n"
+
+#~ msgid "general error"
+#~ msgstr "üldine viga"
+
+#~ msgid "unknown packet type"
+#~ msgstr "tundmatu paketi tüüp"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "tundmatu avaliku võtme algoritm"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "tundmatu lühendi algoritm"
+
+#~ msgid "bad public key"
+#~ msgstr "halb avalik võti"
+
+#~ msgid "bad secret key"
+#~ msgstr "halb salajane võti"
+
+#~ msgid "bad signature"
+#~ msgstr "halb allkiri"
+
+#~ msgid "checksum error"
+#~ msgstr "kontrollsumma viga"
+
+#~ msgid "unknown cipher algorithm"
+#~ msgstr "tundmatu ¨ifri algoritm"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "võtmehoidlat ei õnnestu avada"
+
+#~ msgid "invalid packet"
+#~ msgstr "vigane pakett"
+
+#~ msgid "invalid armor"
+#~ msgstr "vigane pakend"
+
+#~ msgid "no such user id"
+#~ msgstr "sellist kasutaja id pole"
+
+#~ msgid "secret key not available"
+#~ msgstr "salajane võti ei ole kättesaadav"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "kasutati valet salajast võtit"
+
+#~ msgid "not supported"
+#~ msgstr "ei ole toetatud"
+
+#~ msgid "bad key"
+#~ msgstr "halb võti"
+
+#~ msgid "file write error"
+#~ msgstr "viga faili kirjutamisel"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "tundmatu pakkimisalgoritm"
+
+#~ msgid "file open error"
+#~ msgstr "viga faili avamisel"
+
+#~ msgid "file create error"
+#~ msgstr "viga faili loomisel"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "vigane parool"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "realiseerimata avaliku võtme algoritm"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "realiseerimata ¨ifri algoritm"
+
+#~ msgid "unknown signature class"
+#~ msgstr "tundmatu allkirja klass"
+
+#~ msgid "trust database error"
+#~ msgstr "usalduse andmebaasi viga"
+
+#~ msgid "resource limit"
+#~ msgstr "ressursi limiit"
+
+#~ msgid "invalid keyring"
+#~ msgstr "vigane võtmehoidla"
+
+#~ msgid "malformed user id"
+#~ msgstr "vigane kasutaja id"
+
+#~ msgid "file close error"
+#~ msgstr "viga faili sulgemisel"
+
+#~ msgid "file rename error"
+#~ msgstr "viga faili ümber nimetamisel"
+
+#~ msgid "file delete error"
+#~ msgstr "viga faili kustutamisel"
+
+#~ msgid "unexpected data"
+#~ msgstr "ootamatud andmed"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "ajatemplite konflikt"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "mittekasutatav avaliku võtme algoritm"
+
+#~ msgid "file exists"
+#~ msgstr "fail on olemas"
+
+#~ msgid "weak key"
+#~ msgstr "nõrk võti"
+
+#~ msgid "bad URI"
+#~ msgstr "halb URI"
+
+#~ msgid "unsupported URI"
+#~ msgstr "mittetoetatud URI"
+
+#~ msgid "network error"
+#~ msgstr "võrgu viga"
+
+#~ msgid "not processed"
+#~ msgstr "ei töödeldud"
+
+#~ msgid "unusable public key"
+#~ msgstr "mittekasutatav avalik võti"
+
+#~ msgid "unusable secret key"
+#~ msgstr "mittekasutatav salajane võti"
+
+#~ msgid "keyserver error"
+#~ msgstr "võtmeserveri viga"
+
+#, fuzzy
+#~ msgid "no card"
+#~ msgstr "krüptimata"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "allkirjastatud andmeid pole\n"
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... see on viga (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "HOIATUS: kasutan ebaturvalist mälu!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "initsialiseerimata turvalise mäluta ei ole operatsioon võimalik\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(te kasutasite vahest selle töö jaoks valet programmi)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr "lisainfot leiate lehelt http://www.gnupg.org/why-not-idea.html\n"
+
+#, fuzzy
+#~ msgid "all export-clean-* options from above"
+#~ msgstr "loe võtmed failist"
+
+#, fuzzy
+#~ msgid "all import-clean-* options from above"
+#~ msgstr "loe võtmed failist"
+
+#, fuzzy
+#~ msgid "expired: %s)"
+#~ msgstr " [aegub: %s]"
+
+#, fuzzy
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr "võti %08lX: ootamatu allkirja klass (0x%02x) - jätan vahele\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "ei Õnnestu käivitada %s \"%s\": %s\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "kasutaja ID \"%s\" on juba tühistatud\n"
+
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr "halb parool või tundmatu ¨ifri algoritm (%d)\n"
+
+#~ msgid "can't set client pid for the agent\n"
+#~ msgstr "agendile ei õnnestu seada kliendi pid\n"
+
+#~ msgid "can't get server read FD for the agent\n"
+#~ msgstr "agendiga suhtlemiseks ei õnnestu saada lugemise FD\n"
+
+#~ msgid "can't get server write FD for the agent\n"
+#~ msgstr "agendiga suhtlemiseks ei õnnestu saada kirjutamise FD\n"
+
+#~ msgid "invalid response from agent\n"
+#~ msgstr "vigane vastus agendilt\n"
+
+#~ msgid "select secondary key N"
+#~ msgstr "vali sekundaarne võti N"
+
+#~ msgid "list signatures"
+#~ msgstr "näita allkirju"
+
+#~ msgid "sign the key"
+#~ msgstr "allkirjasta võti"
+
+#~ msgid "add a secondary key"
+#~ msgstr "lisa sekundaarne võti"
+
+#~ msgid "delete signatures"
+#~ msgstr "kustuta allkirjad"
+
+#~ msgid "change the expire date"
+#~ msgstr "muuda aegumise kuupäeva"
+
+#~ msgid "set preference list"
+#~ msgstr "sea eelistuste nimekiri"
+
+#~ msgid "updated preferences"
+#~ msgstr "uuendatud eelistused"
+
+#~ msgid "No secondary key with index %d\n"
+#~ msgstr "Sekundaarne võti numbriga %d puudub\n"
+
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--nrsign-key kasutaja-id"
+
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--nrlsign-key kasutaja-id"
+
+#~ msgid "sign the key non-revocably"
+#~ msgstr "allkirjasta võti kehtetuks mitte-tunnistatavana"
+
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "allkirjasta võti lokaalselt ja kehtetuks mitte-tunnistatavana"
+
+#~ msgid "q"
+#~ msgstr "v"
+
+#~ msgid "list"
+#~ msgstr "list"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "debug"
+#~ msgstr "debug"
+
+#, fuzzy
+#~ msgid "name"
+#~ msgstr "enable"
+
+#, fuzzy
+#~ msgid "login"
+#~ msgstr "lsign"
+
+#, fuzzy
+#~ msgid "cafpr"
+#~ msgstr "fpr"
+
+#, fuzzy
+#~ msgid "forcesig"
+#~ msgstr "revsig"
+
+#, fuzzy
+#~ msgid "generate"
+#~ msgstr "üldine viga"
+
+#~ msgid "passwd"
+#~ msgstr "passwd"
+
+#~ msgid "save"
+#~ msgstr "save"
+
+#~ msgid "fpr"
+#~ msgstr "fpr"
+
+#~ msgid "uid"
+#~ msgstr "uid"
+
+#~ msgid "key"
+#~ msgstr "key"
+
+#~ msgid "check"
+#~ msgstr "check"
+
+#~ msgid "c"
+#~ msgstr "c"
+
+#~ msgid "sign"
+#~ msgstr "sign"
+
+#~ msgid "s"
+#~ msgstr "s"
+
+#, fuzzy
+#~ msgid "tsign"
+#~ msgstr "sign"
+
+#~ msgid "lsign"
+#~ msgstr "lsign"
+
+#~ msgid "nrsign"
+#~ msgstr "nrsign"
+
+#~ msgid "nrlsign"
+#~ msgstr "nrlsign"
+
+#~ msgid "adduid"
+#~ msgstr "adduid"
+
+#~ msgid "addphoto"
+#~ msgstr "lisa foto"
+
+#~ msgid "deluid"
+#~ msgstr "deluid"
+
+#~ msgid "delphoto"
+#~ msgstr "delphoto"
+
+#, fuzzy
+#~ msgid "addcardkey"
+#~ msgstr "addkey"
+
+#~ msgid "delkey"
+#~ msgstr "delkey"
+
+#~ msgid "addrevoker"
+#~ msgstr "addrevoker"
+
+#~ msgid "delsig"
+#~ msgstr "delsig"
+
+#~ msgid "expire"
+#~ msgstr "expire"
+
+#~ msgid "primary"
+#~ msgstr "primaarne"
+
+#~ msgid "toggle"
+#~ msgstr "lülita"
+
+#~ msgid "t"
+#~ msgstr "t"
+
+#~ msgid "pref"
+#~ msgstr "pref"
+
+#~ msgid "showpref"
+#~ msgstr "showpref"
+
+#~ msgid "setpref"
+#~ msgstr "setpref"
+
+#~ msgid "updpref"
+#~ msgstr "updpref"
+
+#, fuzzy
+#~ msgid "keyserver"
+#~ msgstr "võtmeserveri viga"
+
+#~ msgid "trust"
+#~ msgstr "trust"
+
+#~ msgid "revsig"
+#~ msgstr "revsig"
+
+#~ msgid "revuid"
+#~ msgstr "revuid"
+
+#~ msgid "revkey"
+#~ msgstr "revkey"
+
+#~ msgid "disable"
+#~ msgstr "disable"
+
+#~ msgid "enable"
+#~ msgstr "enable"
+
+#~ msgid "showphoto"
+#~ msgstr "showphoto"
+
+#~ msgid "digest algorithm `%s' is read-only in this release\n"
+#~ msgstr "sõnumilühendi algoritm `%s' ei ole selles versioonis muudetav\n"
+
+#~ msgid ""
+#~ "About to generate a new %s keypair.\n"
+#~ " minimum keysize is 768 bits\n"
+#~ " default keysize is 1024 bits\n"
+#~ " highest suggested keysize is 2048 bits\n"
+#~ msgstr ""
+#~ "Enne uue %s võtmepaari genereerimist.\n"
+#~ " minimaalne võtmepikkus on 768 bitti\n"
+#~ " vaikimisi võtmepikkus on 1024 bitti\n"
+#~ " suurim soovitatav võtmepikkus on 2048 bitti\n"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "DSA lubab võtmepikkuseid ainult vahemikus 512 kuni 1024\n"
+
+#~ msgid "keysize too small; 1024 is smallest value allowed for RSA.\n"
+#~ msgstr "võtmepikkus on liiga väike; RSA korral on väikseim väärtus 1024.\n"
+
+#~ msgid "keysize too small; 768 is smallest value allowed.\n"
+#~ msgstr "võtmepikkus on liiga väike; väikseim lubatud väärtus on 768.\n"
+
+#~ msgid "keysize too large; %d is largest value allowed.\n"
+#~ msgstr "võtmepikkus on liiga suur; suurim lubatud väärtus on %d.\n"
+
+#~ msgid ""
+#~ "Keysizes larger than 2048 are not suggested because\n"
+#~ "computations take REALLY long!\n"
+#~ msgstr ""
+#~ "Suuremad võtmepikkused kui 2048 ei ole soovitatavad, kuna\n"
+#~ "arvutused võtavad VÄGA palju aega!\n"
+
+#, fuzzy
+#~ msgid "Are you sure that you want this keysize? (y/N) "
+#~ msgstr "Olete kindel, et soovite sellist võtmepikkust? "
+
+#~ msgid ""
+#~ "Okay, but keep in mind that your monitor and keyboard radiation is also "
+#~ "very vulnerable to attacks!\n"
+#~ msgstr ""
+#~ "Olgu, kuid pidage meeles, et ka teie monitor ja klaviatuur on samuti\n"
+#~ "võimalikud ründeobjektid!\n"
+
+#~ msgid "Experimental algorithms should not be used!\n"
+#~ msgstr "Eksperimentaalseid algoritme ei peaks kasutama!\n"
+
+#~ msgid ""
+#~ "this cipher algorithm is deprecated; please use a more standard one!\n"
+#~ msgstr ""
+#~ "see ¨ifri algoritm ei ole soovitatav; kasutage palun mõnd standardsemat!\n"
+
+#~ msgid "sorry, can't do this in batch mode\n"
+#~ msgstr "vabandust, seda ei saa pakettmoodis teha\n"
+
+#, fuzzy
+#~ msgid "can't open file `%s': %s\n"
+#~ msgstr "faili ei õnnestu avada: %s\n"
+
+#, fuzzy
+#~ msgid " \""
+#~ msgstr " ka \""
+
+#~ msgid "key %08lX: key has been revoked!\n"
+#~ msgstr "võti %08lX: võti on tühistatud!\n"
+
+#~ msgid "key %08lX: subkey has been revoked!\n"
+#~ msgstr "võti %08lX: alamvõti on tühistatud!\n"
+
+#~ msgid "%08lX: key has expired\n"
+#~ msgstr "%08lX: võti on aegunud\n"
+
+#~ msgid "%08lX: We do NOT trust this key\n"
+#~ msgstr "%08lX: Me EI usalda seda võtit\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (auth only)\n"
+#~ msgstr " (%d) RSA (ainult allkirjastamiseks)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign and auth)\n"
+#~ msgstr " (%d) RSA (allkirjastamiseks ja krüptimiseks)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (encrypt and auth)\n"
+#~ msgstr " (%d) RSA (ainult krüpteerimiseks)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign, encrypt and auth)\n"
+#~ msgstr " (%d) RSA (allkirjastamiseks ja krüptimiseks)\n"
+
+#~ msgid "%s: can't open: %s\n"
+#~ msgstr "%s: ei õnnestu avada: %s\n"
+
+#~ msgid "%s: WARNING: empty file\n"
+#~ msgstr "%s: HOIATUS: tühi fail\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust marginally\n"
+#~ msgstr " %d = Usaldan vähesel määral\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust fully\n"
+#~ msgstr " %d = Usaldan täiesti\n"
+
+#, fuzzy
+#~ msgid "expires"
+#~ msgstr "expire"
+
+#, fuzzy
+#~ msgid ""
+#~ "\"\n"
+#~ "locally signed with your key %s at %s\n"
+#~ msgstr ""
+#~ "\"\n"
+#~ "lokaalselt allkirjastatud teie võtmega %08lX %s\n"
+
+#~ msgid "%s: can't access: %s\n"
+#~ msgstr "%s: ei õnnestu kasutada: %s\n"
+
+#~ msgid "%s: can't create lock\n"
+#~ msgstr "%s: ei õnnestu luua lukku\n"
+
+#~ msgid "%s: can't make lock\n"
+#~ msgstr "%s: ei õnnestu seada lukku\n"
+
+#~ msgid "%s: can't create: %s\n"
+#~ msgstr "%s: ei õnnestu luua: %s\n"
+
+#~ msgid "If you want to use this revoked key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Kui te ikkagi soovite kasutada seda kehtetut võtit, vastake \"jah\"."
+
+#~ msgid "Unable to open photo \"%s\": %s\n"
+#~ msgstr "Fotot \"%s\" ei õnnestu avada: %s\n"
+
+#~ msgid "error: missing colon\n"
+#~ msgstr "viga: puudub koolon\n"
+
+#~ msgid "error: no ownertrust value\n"
+#~ msgstr "viga: usalduse väärtus puudub\n"
+
+#~ msgid " (main key ID %08lX)"
+#~ msgstr " (peamise võtme ID %08lX)"
+
+#~ msgid "rev! subkey has been revoked: %s\n"
+#~ msgstr "rev! alamvõti on tühistatud: %s\n"
+
+#~ msgid "rev- faked revocation found\n"
+#~ msgstr "rev- leitud võltsitud tühistamine\n"
+
+#, fuzzy
+#~ msgid " [expired: %s]"
+#~ msgstr " [aegub: %s]"
+
+#~ msgid " [expires: %s]"
+#~ msgstr " [aegub: %s]"
+
+#, fuzzy
+#~ msgid " [revoked: %s]"
+#~ msgstr "[tühistatud] "
+
+#~ msgid ""
+#~ "WARNING: digest `%s' is not part of OpenPGP. Use at your own risk!\n"
+#~ msgstr ""
+#~ "HOIATUS: sõnumilühend `%s' ei ole OpenPGP osa. Kasutamine omal "
+#~ "vastutusel!\n"
+
+#~ msgid "|[files]|encrypt files"
+#~ msgstr "|[failid]|krüpteeri failid"
+
+#~ msgid "store only"
+#~ msgstr "ainult salvesta"
+
+#~ msgid "|[files]|decrypt files"
+#~ msgstr "|[failid]|dekrüpteeri failid"
+
+#~ msgid "sign a key non-revocably"
+#~ msgstr "allkirjasta võti mitte-tühistatavana"
+
+#~ msgid "sign a key locally and non-revocably"
+#~ msgstr "allkirjasta võti lokaalselt ja mitte-tühistatavana"
+
+#~ msgid "list only the sequence of packets"
+#~ msgstr "näita ainult pakettide järjendeid"
+
+#~ msgid "export the ownertrust values"
+#~ msgstr "ekspordi usalduse väärtused"
+
+#~ msgid "unattended trust database update"
+#~ msgstr "hooldusvaba usalduse andmebaasi uuendamine"
+
+#~ msgid "fix a corrupted trust database"
+#~ msgstr "paranda vigane usalduse andmebaas"
+
+#~ msgid "De-Armor a file or stdin"
+#~ msgstr "Pakenda fail või standardsisend lahti"
+
+#~ msgid "En-Armor a file or stdin"
+#~ msgstr "Pakenda fail või standardsisend"
+
+#~ msgid "do not force v3 signatures"
+#~ msgstr "ära kasuta v3 allkirju"
+
+#~ msgid "force v4 key signatures"
+#~ msgstr "kasuta v4 võtme allkirju"
+
+#~ msgid "do not force v4 key signatures"
+#~ msgstr "ära kasuta v3 võtme allkirju"
+
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "krüptimisel ära kasuta kunagi MDC"
+
+#~ msgid "use the gpg-agent"
+#~ msgstr "kasuta gpg-agenti"
+
+#~ msgid "|[file]|write status info to file"
+#~ msgstr "|[fail]|kirjuta olekuinfo faili"
+
+#~ msgid "|KEYID|ultimately trust this key"
+#~ msgstr "|VÕTMEID|usalda seda võtit täielikult"
+
+#~ msgid "emulate the mode described in RFC1991"
+#~ msgstr "emuleeri dokumendis RFC1991 kirjeldatud moodi"
+
+#~ msgid "set all packet, cipher and digest options to OpenPGP behavior"
+#~ msgstr "kasuta kõikides tegevustes OpenPGP võtmeid"
+
+#~ msgid "set all packet, cipher and digest options to PGP 2.x behavior"
+#~ msgstr ""
+#~ "kasuta kõikide pakettide, ¨iffrite ja lühendi seadeid PGP 2.x moodis"
+
+#~ msgid "|NAME|use message digest algorithm NAME for passphrases"
+#~ msgstr "|NIMI|kasuta paroolidega lühendialgoritmi NIMI"
+
+#~ msgid "throw keyid field of encrypted packets"
+#~ msgstr "ära lisa krüptimisel võtme id"
+
+#~ msgid "Show Photo IDs"
+#~ msgstr "Esita foto IDd"
+
+#~ msgid "Don't show Photo IDs"
+#~ msgstr "Ei esita foto IDd"
+
+#~ msgid "Set command line to view Photo IDs"
+#~ msgstr "Sea käsurida foto ID vaatamiseks"
+
+#~ msgid "compress algorithm `%s' is read-only in this release\n"
+#~ msgstr "pakkimise algoritm `%s' on selles versioonis ainult lugemiseks\n"
+
+#~ msgid "compress algorithm must be in range %d..%d\n"
+#~ msgstr "pakkimise algoritm peab olema vahemikust %d..%d\n"
+
+#~ msgid ""
+#~ "%08lX: It is not sure that this key really belongs to the owner\n"
+#~ "but it is accepted anyway\n"
+#~ msgstr ""
+#~ "%08lX: Ei ole kindel, et see võti tõesti kuulub omanikule,\n"
+#~ "aktsepteerime seda siiski\n"
+
+#~ msgid "preference %c%lu is not valid\n"
+#~ msgstr "eelistus %c%lu ei ole lubatud\n"
+
+#~ msgid "key %08lX: not a rfc2440 key - skipped\n"
+#~ msgstr "võti %08lX: ei ole rfc2440 võti - jätsin vahele\n"
+
+#~ msgid ""
+#~ "NOTE: Elgamal primary key detected - this may take some time to import\n"
+#~ msgstr ""
+#~ "MÄRKUS: Tuvastasin Elgamal primaarvõtme - importimine võib võtta mõne "
+#~ "aja\n"
+
+#~ msgid " (default)"
+#~ msgstr " (vaikimisi)"
+
+#~ msgid "%s%c %4u%c/%08lX created: %s expires: %s"
+#~ msgstr "%s%c %4u%c/%08lX loodud: %s aegub: %s"
+
+#~ msgid "Policy: "
+#~ msgstr "Poliis: "
+
+#~ msgid "can't get key from keyserver: %s\n"
+#~ msgstr "võtmeserverist ei saa võtit: %s\n"
+
+#~ msgid "success sending to `%s' (status=%u)\n"
+#~ msgstr "teate saatmine serverile `%s' õnnestus (olek=%u)\n"
+
+#~ msgid "failed sending to `%s': status=%u\n"
+#~ msgstr "teate saatmine serverile `%s' ebaõnnestus: olek=%u\n"
+
+#~ msgid "this keyserver does not support --search-keys\n"
+#~ msgstr "see võtmeserver ei toeta --search-keys\n"
+
+#~ msgid "can't search keyserver: %s\n"
+#~ msgstr "võtmeserverist ei saa otsida: %s\n"
+
+#~ msgid ""
+#~ "key %08lX: this is a PGP generated ElGamal key which is NOT secure for "
+#~ "signatures!\n"
+#~ msgstr ""
+#~ "võti %08lX: see on PGP genereeritud ElGamal võti ja EI OLE "
+#~ "allkirjastamiseks turvaline!\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu second in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "võti %08lX loodi %lu sekund tulevikus (ajahüpe või kella probleem)\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu seconds in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "võti %08lX loodi %lu sekundit tulevikus (ajahüpe või kella probleem)\n"
+
+#~ msgid "key %08lX marked as ultimately trusted\n"
+#~ msgstr "võti %08lX on märgitud abslouutselt usaldatavaks\n"
+
+#~ msgid "signature from Elgamal signing key %08lX to %08lX skipped\n"
+#~ msgstr ""
+#~ "jätsin Elgamal allkirjastamise võtme %08lX allkirja %08lX-le vahele\n"
+
+#~ msgid "signature from %08lX to Elgamal signing key %08lX skipped\n"
+#~ msgstr ""
+#~ "jätsin %08lX allkirja Elgamal allkirjastamise võtmele %08lX vahele\n"
+
+#~ msgid "checking at depth %d signed=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+#~ msgstr ""
+#~ "kontrollin sügavusel %d allkirjastatud=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%"
+#~ "d\n"
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the digital signature algorithm which can only be used\n"
+#~ "for signatures. This is the suggested algorithm because verification of\n"
+#~ "DSA signatures are much faster than those of ElGamal.\n"
+#~ "\n"
+#~ "ElGamal is an algorithm which can be used for signatures and encryption.\n"
+#~ "OpenPGP distinguishs between two flavors of this algorithms: an encrypt "
+#~ "only\n"
+#~ "and a sign+encrypt; actually it is the same, but some parameters must be\n"
+#~ "selected in a special way to create a safe key for signatures: this "
+#~ "program\n"
+#~ "does this but other OpenPGP implementations are not required to "
+#~ "understand\n"
+#~ "the signature+encryption flavor.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of "
+#~ "signing;\n"
+#~ "this is the reason why the encryption only ElGamal key is not available "
+#~ "in\n"
+#~ "this menu."
+#~ msgstr ""
+#~ "Valige kasutatav algoritm.\n"
+#~ "\n"
+#~ "DSA (ka DSS) on digitaalallkirja algoritm, mida saab kasutada ainult\n"
+#~ "allkirjades. See on soovitatav algoritm, kuna DSA allkirjade kontroll\n"
+#~ "on oluliselt kiirem ElGamal allkirjade kontrollimisest.\n"
+#~ "\n"
+#~ "ElGamal on algoritm, mida saab kasutada nii allkirjastamisel, kui ka\n"
+#~ "krüptimisel. OpenPGP eristab selle algoritmi kahte varianti: ainult\n"
+#~ "krüptivat ja krüptivat ning allkirjastavat. Algoritm on sama, aga\n"
+#~ "turvaliseks allkirjastamiseks on vaja valida sobivad parameetrid. See\n"
+#~ "programm toetab mõlemat varianti, aga teised OpenPGP realisatsioonid\n"
+#~ "ei pruugi krüptivat ning allkirjastavat võimalust tunda.\n"
+#~ "\n"
+#~ "Esimene (primaarne) võti peab alati olema selline, mida saab kasutada\n"
+#~ "allkirjastamisel; see on ka põhjus, miks selles menüüs ei lubata valida\n"
+#~ "ainult krüptivat ElGamal võtit."
+
+#~ msgid ""
+#~ "Although these keys are defined in RFC2440 they are not suggested\n"
+#~ "because they are not supported by all programs and signatures created\n"
+#~ "with them are quite large and very slow to verify."
+#~ msgstr ""
+#~ "Kuigi need võtmed on kirjeldatud dokumendis RFC2440, ei ole nende\n"
+#~ "kasutamine soovitatav, kuna mitte kõik programmid ei toeta neid\n"
+#~ "ja nendega loodud allkirjad on suured ning kontrollimine aeglane."
+
+#~ msgid "%lu keys so far checked (%lu signatures)\n"
+#~ msgstr "seni on kontrollitud %lu võtit (%lu allkirja)\n"
+
+#~ msgid "key incomplete\n"
+#~ msgstr "mittetäielik võti\n"
+
+#~ msgid "key %08lX incomplete\n"
+#~ msgstr "võti %08lX ei ole täielik\n"
diff --git a/po/fi.gmo b/po/fi.gmo
new file mode 100644
index 0000000..84f21a2
--- /dev/null
+++ b/po/fi.gmo
Binary files differ
diff --git a/po/fi.po b/po/fi.po
new file mode 100644
index 0000000..49929f7
--- /dev/null
+++ b/po/fi.po
@@ -0,0 +1,10006 @@
+# GnuPG finnish translation
+# Copyright © 1998, 1999, 2000, 2001, 2003-2004 Free Software Foundation, Inc.
+# Jouni Hiltunen <jouni.hiltunen@kolumbus.fi>, 2003.
+# Tommi Vainikainen <Tommi.Vainikainen@iki.fi>, 2003-2004.
+#
+# Suomennoksia:
+# compress algorithm = pakkausalgoritmi
+# digest, hash = tiiviste
+# digest, hash algorithm = tiivistealgoritmi
+# cipher (algorithm) = salain, salausalgoritmi
+# pub key algorithm = julkisen avaimen algoritmi
+#
+# revocation = mitätöinti-
+# certificate = varmeen
+# revocation list = sulkulista
+#
+# - policy = -käytäntö (esim. tietoturvakäytäntö, allekirjoituskäytäntö)
+# key ring = avainrengas
+#
+# armor = ascii-koodaus (saa ehdottaa jos keksii näppärämmän käännöksen)
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.2.2\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2004-06-16 22:40+0300\n"
+"Last-Translator: Tommi Vainikainen <Tommi.Vainikainen@iki.fi>\n"
+"Language-Team: Finnish <translation-team-fi@lists.sourceforge.net>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr ""
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "rivi on liian pitkä\n"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "salasana on liian pitkä\n"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Nimessä on epäkelpo merkki\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "MPI ei kelpaa"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "väärä salasana"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "väärä salasana"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "suojausalgoritmi %d%s ei ole käytettävissä\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "tiedostoa \"%s\" ei voi luoda: %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "tiedostoa \"%s\" ei voi avata: %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "virhe kirjoitettaessa salaiseen avainrenkaaseen \"%s\": %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "kirjoitettavissa olevaa salaista avainrengasta ei löydy: %s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "avainlohkojen poisto epäonnistui: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "muuta salasanaa"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: hajautustaulukon luonti ei onnistu: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr ""
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Toista salasana: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Toista salasana: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Toista salasana: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "salasanaa ei toistettu oikein, yritä uudestaan."
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "salasanaa ei toistettu oikein, yritä uudestaan."
+
+#: agent/divert-scd.c:298
+#, fuzzy
+msgid "PIN not correctly repeated; try again"
+msgstr "salasanaa ei toistettu oikein, yritä uudestaan."
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr ""
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "kirjoitetaan kohteeseen \"%s\"\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "Syötä salasana\n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Haluatko käyttää tätä avainta kaikesta huolimatta? "
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"Tarvitset salasanan suojaamaan salaista avaintasi.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "muuta salasanaa"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Valitsimet:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "monisanainen"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "ole jonkinverran hiljaisempi"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "etsi avaimia avainpalvelimelta"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr "Varmastiko päivitä valinnat näille käyttäjätunnuksille? "
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "päivitä luottamustietokanta"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr ""
+"Ilmoita ohjelmistovioista (englanniksi) osoitteeseen <gnupg-bugs@gnu.org>.\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "HUOM: Ei oletusasetustiedostoa \"%s\"\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "asetustiedosto \"%s\": %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "luetaan asetukset tiedostosta \"%s\"\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "virhe luotaessa \"%s\": %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "hakemiston \"%s\" luominen ei onnistu: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "ei voida luoda kohdetta %s: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1525
+#, fuzzy
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "gpg-agent ei ole käytettävissä tässä istunnossa\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "päivitys epäonnistui: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, fuzzy, c-format
+msgid "directory `%s' created\n"
+msgstr "%s: hakemisto luotu\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "trustdb: luku epäonnistui (n=%d): %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "%s: hakemistoa ei voi luoda: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "salaisen päivitys epäonnistui: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "%s: ohitettu: %s\n"
+
+#: agent/gpg-agent.c:2232
+#, fuzzy
+msgid "no gpg-agent running in this session\n"
+msgstr "gpg-agent ei ole käytettävissä tässä istunnossa\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "GPG_AGENT_INFO-ympäristömuuttuja on väärin muotoiltu\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "gpg-agent-protokollaversio %d ei ole tuettu\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Komennot:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Valitsimet:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "väärä salasana"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "Peru"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "avainta \"%s\" ei löydy: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "salaisen avaimen osat eivät ole käytettävissä\n"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "lukuvirhe: %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "kyllä|kylla|joo"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "muuta salasanaa"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "ei voi avata tiedostoa: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "virhe kirjoitettaessa salaiseen avainrenkaaseen \"%s\": %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "virhe luotaessa \"%s\": %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "[Käyttäjätunnusta ei löytynyt]"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent ei ole käytettävissä tässä istunnossa\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "yhteys kohteeseen \"%s\" ei onnistu: %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "gpg-agentin kanssa yhteysongelma\n"
+
+#: common/simple-pwquery.c:416
+#, fuzzy
+msgid "problem setting the gpg-agent options\n"
+msgstr "agentin käytössä on ongelmia: agentti vastaa 0x%lx\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "käyttäjän peruma\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+#, fuzzy
+msgid "problem with the agent\n"
+msgstr "agentin käytössä on ongelmia: agentti vastaa 0x%lx\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "core-tiedostojen luontia ei voi estää: %s\n"
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "VAROITUS: omistussuhde kohteessa %s \"%s\" ei ole turvallinen\"\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "VAROITUS: oikeudet kohteessa %s \"%s\" eivät ole turvallisia\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "kyllä|kylla|joo"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "kK"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "ei"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "eE"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "lopeta|sulje"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "lLsS"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+#, fuzzy
+msgid "cC"
+msgstr "c"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "virheellinen varmenne"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "virheellinen varmenne"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "virheellinen varmenne"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "virheellinen varmenne"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "virheellinen varmenne"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "virheellinen varmenne"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "virheellinen varmenne"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr "virheellinen varmenne"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "Avain saatavilla kohteessa: "
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: avainrengas luotu\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "ascii-koodaus: %s\n"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Tuetut algoritmit:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "salaamaton"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Allekirjoitus vanheni %s\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "suojausalgoritmi %d%s ei ole käytettävissä\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "allekirjoituksen varmistus vaiennetaan\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "Allekirjoitus vanheni %s\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "Allekirjoitus täsmää lähettäjään \""
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "Allekirjoitus vanheni %s\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "Tämä avain on vanhentunut!"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr "virheellinen varmenne"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "virheellinen varmenne"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Avain saatavilla kohteessa: "
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "virheellinen varmenne"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "virheellinen varmenne"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "tuntematon versio"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "Ei ohjetta aiheesta \"%s\""
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "virhe trailer-rivissä\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "tuntematon "
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "ascii-koodaus: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "epäkelpo ascii-koodausotsake: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "ascii-koodausotsake: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "epäkelpo selkotekstisen allekirjoituksen otsikko\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "ascii-koodausotsake: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "sisäkkäisiä tekstimuotoisia allekirjoituksia\n"
+
+#: g10/armor.c:643
+#, fuzzy
+msgid "unexpected armor: "
+msgstr "odottamaton ascii-koodaus:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "epäkelpo viiva rivin lopussa: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, fuzzy, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "epäkelpo radix64-merkki %02x ohitettu\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "ennenaikainen tiedoston loppu (ei CRC:tä)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "ennenaikainen tiedoston loppu (CRC:ssä)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "väärinmuotoiltu CRC\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, fuzzy, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "CRC-virhe; %06lx - %06lx\n"
+
+#: g10/armor.c:919
+#, fuzzy
+msgid "premature eof (in trailer)\n"
+msgstr "Ennenaikainen tiedoston loppu (Trailerissa)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "virhe trailer-rivissä\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "kelvollista OpenPGP-dataa ei löytynyt.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "epäkelpo ascii-koodaus: yli %d merkkiä pitkä rivi\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"quoted printable -koodattu merkki ascii-koodauksessa - luultavasti "
+"viallista\n"
+"MTA:ta on käytetty\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"notaation nimen täytyy sisältää vain tulostettavia merkkejä tai "
+"välilyöntejä, ja sen täytyy loppua merkkiin \"=\"\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "käyttäjänotaatin täytyy sisältää \"@\"-merkki\n"
+
+#: g10/build-packet.c:994
+#, fuzzy
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "käyttäjänotaatin täytyy sisältää \"@\"-merkki\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "notaatiosssa ei saa olla erikoismerkkejä\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "VAROITUS: löydettiin väärin muotoiltua notaatiodataa\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "ei ihmisten luettavissa"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, fuzzy, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "salaista avainta ei löydy"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr ""
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+#, fuzzy
+msgid "can't do this in batch mode\n"
+msgstr "tätä ei voi tehdä eräajossa\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "Tätä komentoa ei sallita %s-tilassa.\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "salaisen avaimen osat eivät ole käytettävissä\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Valintasi? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr ""
+
+#: g10/card-util.c:512
+#, fuzzy
+msgid "male"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "female"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "unspecified"
+msgstr "Ei eriteltyä syytä"
+
+#: g10/card-util.c:540
+#, fuzzy
+msgid "not forced"
+msgstr "ei käsitelty"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr ""
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr ""
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr ""
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr ""
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:693
+#, fuzzy
+msgid "URL to retrieve public key: "
+msgstr "ei vastaavaa julkista avainta: %s\n"
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr ""
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:1005
+#, fuzzy
+msgid "Language preferences: "
+msgstr "päivitä valinnat"
+
+#: g10/card-util.c:1013
+#, fuzzy
+msgid "Error: invalid length of preference string.\n"
+msgstr "Valinnassa on luvaton merkki\n"
+
+#: g10/card-util.c:1022
+#, fuzzy
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Valinnassa on luvaton merkki\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr ""
+
+#: g10/card-util.c:1058
+#, fuzzy
+msgid "Error: invalid response.\n"
+msgstr "virhe: sormenjälki on väärä\n"
+
+#: g10/card-util.c:1080
+#, fuzzy
+msgid "CA fingerprint: "
+msgstr "näytä sormenjälki"
+
+#: g10/card-util.c:1103
+#, fuzzy
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "virhe: sormenjälki on väärä\n"
+
+#: g10/card-util.c:1153
+#, fuzzy, c-format
+msgid "key operation not possible: %s\n"
+msgstr "Avaimen luonti epäonnistui: %s\n"
+
+#: g10/card-util.c:1154
+#, fuzzy
+msgid "not an OpenPGP card"
+msgstr "kelvollista OpenPGP-dataa ei löytynyt.\n"
+
+#: g10/card-util.c:1167
+#, fuzzy, c-format
+msgid "error getting current key info: %s\n"
+msgstr "virhe kirjoitettaessa salaiseen avainrenkaaseen \"%s\": %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Minkä kokoisen avaimen haluat? (1024) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Minkä kokoisen avaimen haluat? (1024) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Minkä kokoisen avaimen haluat? (1024) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "pyöristetty %u bittiin\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "ohitetaan: salainen avain on jo paikalla\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+
+#: g10/card-util.c:1449
+#, fuzzy
+msgid "Please select the type of key to generate:\n"
+msgstr "Valitse millaisen avaimen haluat:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+#, fuzzy
+msgid " (1) Signature key\n"
+msgstr "Allekirjoitus vanheni %s\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+#, fuzzy
+msgid " (2) Encryption key\n"
+msgstr " (%d) RSA (vain salaus)\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr ""
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Valinta ei kelpaa.\n"
+
+#: g10/card-util.c:1556
+#, fuzzy
+msgid "Please select where to store the key:\n"
+msgstr "Valitse mitätöinnin syy:\n"
+
+#: g10/card-util.c:1600
+#, fuzzy
+msgid "unknown key protection algorithm\n"
+msgstr "tuntematon suojausalgoritmi\n"
+
+#: g10/card-util.c:1605
+#, fuzzy
+msgid "secret parts of key are not available\n"
+msgstr "Ensisijaisen avaimen salaiset osat eivät ole saatavilla.\n"
+
+#: g10/card-util.c:1610
+#, fuzzy
+msgid "secret key already stored on a card\n"
+msgstr "ohitetaan: salainen avain on jo paikalla\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "ulos tästä valikosta"
+
+#: g10/card-util.c:1684
+#, fuzzy
+msgid "show admin commands"
+msgstr "ristiriitainen komento\n"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "näytä tämä ohje"
+
+#: g10/card-util.c:1687
+#, fuzzy
+msgid "list all available data"
+msgstr "Avain saatavilla kohteessa: "
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr ""
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr ""
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr ""
+
+#: g10/card-util.c:1693
+#, fuzzy
+msgid "change the login name"
+msgstr "muuta voimassoloaikaa"
+
+#: g10/card-util.c:1694
+#, fuzzy
+msgid "change the language preferences"
+msgstr "muuta luottamusastetta"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr ""
+
+#: g10/card-util.c:1696
+#, fuzzy
+msgid "change a CA fingerprint"
+msgstr "näytä sormenjälki"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+#, fuzzy
+msgid "generate new keys"
+msgstr "luo uusi avainpari"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr ""
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+#, fuzzy
+msgid "Admin-only command\n"
+msgstr "ristiriitainen komento\n"
+
+#: g10/card-util.c:1895
+#, fuzzy
+msgid "Admin commands are allowed\n"
+msgstr "ristiriitainen komento\n"
+
+#: g10/card-util.c:1897
+#, fuzzy
+msgid "Admin commands are not allowed\n"
+msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Komento ei kelpaa (kirjoita \"help\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output ei toimi yhdessä tämän komennon kanssa\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "tiedostoa \"%s\" ei voi avata\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, fuzzy, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "avainta \"%s\" ei löydy: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "virhe luettaessa avainlohkoa: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(ellet määritä avainta sormenjäljen perusteella)\n"
+
+#: g10/delkey.c:133
+#, fuzzy
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "ei onnistu eräajossa ilman \"--yes\"-valitsinta\n"
+
+#: g10/delkey.c:145
+#, fuzzy
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Poista tämä avain avainrenkaasta? "
+
+#: g10/delkey.c:153
+#, fuzzy
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Tämä on salainen avain! - poista varmasti? "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "avainlohkojen poisto epäonnistui: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "luottamustiedot pyyhitty\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "julkiselle avaimelle \"%s\" löytyy vastaava salainen avain!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "käytä valitsinta \"--delete-secret-keys\" poistaaksesi se ensin.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "symmetristä ESK-pakettia ei voi käyttää S2K-tilan vuoksi\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "käytetään salakirjoitusalgoritmia %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "\"%s\" on jo pakattu\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "VAROITUS: \"%s\" on tyhjä tiedosto\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"--pgp2-tilassa voidaan salata korkeintaan 2048-bittisillä RSA-avaimilla\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "luetaan kohteesta \"%s\"\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr "kaikille salattaville avaimille ei voi käyttää IDEA-salainta.\n"
+
+#: g10/encode.c:559
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "valittu symmetrinen salain %s (%d) ei ole vastaanottajan suosima\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr "valittu pakkausalgoritmi %s (%d) ei ole vastaanottajan suosima\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "valittu symmetrinen salain %s (%d) ei ole vastaanottajan suosima\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "valitsinta %s ei voi käyttää %s-tilassa\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s salattu vastaanottajalle: \"%s\"\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s salattua dataa\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "salattu tuntemattomalla algoritmilla %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"VAROITUS: viesti salattiin symmetrisessä salaimessa \n"
+"esiintyvällä heikolla avaimella.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "ongelma käsiteltäessä salattua pakettia\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "etäohjelman suorittamista ei tueta\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"ulkoisen ohjelman kutsuminen poistettu käytöstä johtuen turvattomista \n"
+"asetustiedoston oikeuksista\n"
+
+#: g10/exec.c:338
+#, fuzzy
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"tämä ympäristö vaatii väliaikaistiedoston kutsuttaessa ulkoisia ohjelmia\n"
+
+#: g10/exec.c:416
+#, fuzzy, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "komentoa %s \"%s\" ei voi suorittaa: %s\n"
+
+#: g10/exec.c:419
+#, fuzzy, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "komentoa %s \"%s\" ei voi suorittaa: %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "järjestelmävirhe kutsuttaessa ulkoista ohjelmaa: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "ulkoisen ohjelman luonnoton päättyminen\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "ulkoista ohjelmaa ei voi suorittaa\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "ulkoisen ohjelman vastausta ei voi lukea: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "VAROITUS: tilapäistiedostoa (%s) \"%s\" ei voi poistaa: %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "VAROITUS: väliaikaishakemistoa \"%s\" ei voi poistaa: %s\n"
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr ""
+"\n"
+"Tämä allekirjoitus määritellään mitätöimättömäksi.\n"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+#, fuzzy
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "mitätöintiavainta ei löydy avaimelle \"%s\"\n"
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr "mitätöi toissijainen avain"
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "salaista avainta ei voi käyttää"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+#, fuzzy
+msgid "exporting secret keys not allowed\n"
+msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
+
+#: g10/export.c:367
+#, fuzzy, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "avain %08lX: ei suojattu - ohitetaan\n"
+
+#: g10/export.c:375
+#, fuzzy, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "avain %08lX: PGP 2.x -muodon avain - ohitetaan\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "avain %08lX: aliavaimen allekirjoitus väärässä paikassa - ohitetaan\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
+
+#: g10/export.c:584
+#, fuzzy, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr ""
+"VAROITUS: salaisella avaimella %08lX ei ole yksinkertaista SK-"
+"tarkistussummaa\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "VAROITUS: mitään ei viety\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "pk-välimuistissa on liian monta kohdetta - poistettu käytöstä\n"
+
+#: g10/getkey.c:175
+#, fuzzy
+msgid "[User ID not found]"
+msgstr "[Käyttäjätunnusta ei löytynyt]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "virhe luotaessa \"%s\": %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "näytä sormenjälki"
+
+#: g10/getkey.c:1930
+#, fuzzy, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"Epäkelpo avain %08lX hyväksytty valitsimella --allow-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, fuzzy, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "ei salaista aliavainta julkiselle aliavaimelle %08lX - ohitetaan\n"
+
+#: g10/getkey.c:2759
+#, fuzzy, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr ""
+"käytetään toissijaista avainta %08lX ensisijaisen avaimen %08lX sijasta\n"
+
+#: g10/getkey.c:2806
+#, fuzzy, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr ""
+"avain %08lX: salaisella avaimella ei ole vastaavaa \n"
+"julkista avainta - ohitetaan\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "tee erillinen allekirjoitus"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[tiedosto]|tee selkokielinen allekirjoitus"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "tee erillinen allekirjoitus"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "salaa tiedot"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "salaa vain symmetrisellä salaimella"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "avaa tiedot (oletus)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "tarkista allekirjoitus"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "näytä avaimet"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "näytä avaimet allekirjoituksineen"
+
+#: g10/gpg.c:389
+#, fuzzy
+msgid "list and check key signatures"
+msgstr "tarkista avainten allekirjoitukset"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "näytä avaimet sormenjälkineen"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "näytä salaiset avaimet"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "luo uusi avainpari"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "luo mitätöintivarmenne"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "poista avaimet julkisten avainten renkaasta"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "poista avaimet salaisten avainten renkaasta"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "allekirjoita avain"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "allekirjoita avain paikallisesti"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "allekirjoita tai muokkaa avainta"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "muuta salasanaa"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "vie avaimia"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "vie avaimia palvelimelle"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "nouda avaimia avainpalvelimelta"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "etsi avaimia avainpalvelimelta"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "päivitä kaikki avaimet avainpalvelimelta"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "nouda/liitä avaimia"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr ""
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr ""
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr ""
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "päivitä luottamustietokanta"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|algo [tiedostot]|tulosta viestien tiivisteet"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "tuota ascii-koodattu tuloste"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|NIMI|salaa vastaanottajalle NIMI"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "käytä tätä käyttäjätunnusta allekirjoittamiseen ja avaamiseen"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|aseta pakkausaste N (0 poistaa käytöstä)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "käytä tekstimuotoa"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "älä tee muutoksia"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "kysy ennen ylikirjoittamista"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr ""
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Katso täydellinen luettelo kaikista komennoista ja valitsimista man-"
+"sivuilta)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Esim:\n"
+" -se -r Pekka [tiedosto] allekirjoita ja salaa Pekalle\n"
+" --clearsign [tiedosto] tee tekstimuotoinen allekirjoitus\n"
+" --detach-sign [tiedosto] tee erillinen allekirjoitus\n"
+" --list-keys [nimet] näytä avaimet\n"
+" --fingerprint [nimet] näytä sormenjäljet\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntaksi: gpg [valitsimet] [tiedostot]\n"
+"allekirjoita, tarkista, salaa tai avaa\n"
+"oletustoiminto riippuu syötteestä\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Tuetut algoritmit:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "JulkAvain: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Salaus: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Tiiviste: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Pakkaus: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "käyttö: gpg [valitsimet] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "ristiriitainen komento\n"
+
+#: g10/gpg.c:1176
+#, fuzzy, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "=-merkkiä ei löytynyt ryhmämäärityksessä \"%s\"\n"
+
+#: g10/gpg.c:1373
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "VAROITUS: omistussuhde kohteessa %s \"%s\" ei ole turvallinen\"\n"
+
+#: g10/gpg.c:1376
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "VAROITUS: omistussuhde kohteessa %s \"%s\" ei ole turvallinen\"\n"
+
+#: g10/gpg.c:1379
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "VAROITUS: omistussuhde kohteessa %s \"%s\" ei ole turvallinen\"\n"
+
+#: g10/gpg.c:1385
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "VAROITUS: oikeudet kohteessa %s \"%s\" eivät ole turvallisia\"\n"
+
+#: g10/gpg.c:1388
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "VAROITUS: oikeudet kohteessa %s \"%s\" eivät ole turvallisia\"\n"
+
+#: g10/gpg.c:1391
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "VAROITUS: oikeudet kohteessa %s \"%s\" eivät ole turvallisia\"\n"
+
+#: g10/gpg.c:1397
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "VAROITUS: %s \"%s\" hakemiston oikeudet eivät ole turvallisia\"\n"
+
+#: g10/gpg.c:1400
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr "VAROITUS: %s \"%s\" hakemiston oikeudet eivät ole turvallisia\"\n"
+
+#: g10/gpg.c:1403
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "VAROITUS: %s \"%s\" hakemiston oikeudet eivät ole turvallisia\"\n"
+
+#: g10/gpg.c:1409
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "VAROITUS: Hakemiston %s \"%s\" oikeudet eivät ole turvallisia\"\n"
+
+#: g10/gpg.c:1412
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr "VAROITUS: Hakemiston %s \"%s\" oikeudet eivät ole turvallisia\"\n"
+
+#: g10/gpg.c:1415
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "VAROITUS: Hakemiston %s \"%s\" oikeudet eivät ole turvallisia\"\n"
+
+#: g10/gpg.c:1595
+#, fuzzy, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "tuntematon asetus \"%s\"\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+#, fuzzy
+msgid "show all notations during signature listings"
+msgstr "Salaisesta avainrenkaasta ei löydy vastaavaa allekirjoitusta\n"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "annettu allekirjoituskäytännön URL on virheellinen\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr "näytä mihin avainrenkaaseen tulostettu avain kuuluu"
+
+#: g10/gpg.c:1721
+#, fuzzy
+msgid "show expiration dates during signature listings"
+msgstr "Salaisesta avainrenkaasta ei löydy vastaavaa allekirjoitusta\n"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "HUOM: Vanhat oletusarvoiset asetukset löytyvät tiedostosta \"%s\"\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "HUOM: %s ei ole normaaliin käyttöön!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, fuzzy, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "%s ei kelpaa merkistöksi\n"
+
+#: g10/gpg.c:2624
+#, fuzzy, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "%s ei kelpaa merkistöksi\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+#, fuzzy
+msgid "could not parse keyserver URL\n"
+msgstr "avainpalvelimen URI:iä ei voi jäsentää\n"
+
+#: g10/gpg.c:2659
+#, fuzzy, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: virheelliset vientivalitsimet\n"
+
+#: g10/gpg.c:2662
+#, fuzzy
+msgid "invalid keyserver options\n"
+msgstr "virheelliset vientivalitsimet\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: virheelliset tuontivalitsimet\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "virheelliset tuontivalitsimet\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: virheelliset vientivalitsimet\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "virheelliset vientivalitsimet\n"
+
+#: g10/gpg.c:2689
+#, fuzzy, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: virheelliset tuontivalitsimet\n"
+
+#: g10/gpg.c:2692
+#, fuzzy
+msgid "invalid list options\n"
+msgstr "virheelliset tuontivalitsimet\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "%s ei kelpaa merkistöksi\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "annettu allekirjoituskäytännön URL on virheellinen\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "%s ei kelpaa merkistöksi\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "%s ei kelpaa merkistöksi\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, fuzzy, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: virheelliset vientivalitsimet\n"
+
+#: g10/gpg.c:2732
+#, fuzzy
+msgid "invalid verify options\n"
+msgstr "virheelliset vientivalitsimet\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "exec-polkua kohteeseen %s ei voi asettaa\n"
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: virheelliset vientivalitsimet\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "VAROITUS: ohjelma voi luoda core-tiedoston!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "VAROITUS: %s korvaa %s:n\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s ja %s eivät ole sallittuja yhdessä!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s ja %s yhdessä on järjetöntä!\n"
+
+#: g10/gpg.c:3057
+#, fuzzy, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "erillisen allekirjoituksen voi luoda vain --pgp2-tilassa\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "--pgp2-tilassa ei voi allekirjoittaa ja salata samanaikaisesti\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+"sinun tulee käyttää tiedostoja (eikä putkitusta) kun --pgp2 on käytössä.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "viestin salaaaminen --pgp2-tilassa vaatii IDEA-salaimen\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "valittu salausalgoritmi ei kelpaa\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "valittu tiivistealgoritmi ei kelpaa\n"
+
+#: g10/gpg.c:3175
+#, fuzzy
+msgid "selected compression algorithm is invalid\n"
+msgstr "valittu salausalgoritmi ei kelpaa\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "valittu varmenteen tiivistealgoritmi ei kelpaa\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed täytyy olla suurempi kuin 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed täytyy olla suurempi kuin 1\n"
+
+#: g10/gpg.c:3200
+#, fuzzy
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth tulee olla välillä 1-255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "default-cert-level ei kelpaa; täytyy olla 0, 1, 2 tai 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "min-cert-level ei kelpaa; täytyy olla 1, 2 tai 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr ""
+"HUOM: yksinkertaista S2K-tilaa (0) ei todellakaan suositella käytettäväksi\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "virheellinen S2K-tila; täytyy olla 0, 1 tai 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "virheelliset oletusarvoiset valinnat\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "virheelliset henkilökohtaisen salaimen valinnat\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "virheelliset henkilökohtaiset tiivisteen valinnat\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "virheelliset henkilökohtaiset pakkausvalinnat\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s ja %s eivät vielä toimi yhdessä\n"
+
+#: g10/gpg.c:3310
+#, fuzzy, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "salausalgoritmia \"%s\" ei voi käyttää %s-tilassa\n"
+
+#: g10/gpg.c:3315
+#, fuzzy, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "tiivistealgoritmia \"%s\" ei voi käyttää %s-tilassa\n"
+
+#: g10/gpg.c:3320
+#, fuzzy, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "pakkausalgoritmia \"%s\" ei voi käyttää %s-tilassa\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"VAROITUS: vastaanottajia (-r) annettu käyttämättä julkisen avaimen salausta\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [tiedostonimi]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [tiedostonimi]"
+
+#: g10/gpg.c:3447
+#, fuzzy, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "avaus epäonnistui: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [tiedostonimi]"
+
+#: g10/gpg.c:3470
+#, fuzzy
+msgid "--symmetric --encrypt [filename]"
+msgstr "--sign --encrypt [tiedostonimi]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "valitsinta %s ei voi käyttää %s-tilassa\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--allekirjoita [tiedostonimi]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [tiedostonimi]"
+
+#: g10/gpg.c:3521
+#, fuzzy
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--sign --encrypt [tiedostonimi]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "valitsinta %s ei voi käyttää %s-tilassa\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [tiedostonimi]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [tiedostonimi]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [tiedostonimi]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key käyttäjätunnus"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key käyttäjätunnus"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key käyttäjätunnus [komennot]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key käyttäjätunnus"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "avainpalvelimelle lähettäminen epäonnistui: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "avainpalvelimelta vastaanotto epäonnistui: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "avaimen vienti epäonnistui: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "avainpalvelimelta etsiminen epäonnistui: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "avainpalvelimen päivitys epäonnistui: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "ascii-koodauksen purku epäonnistui: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "ascii-koodaaminen epäonnistui: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[tiedostonimi]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Kirjoita viestisi...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "annettu varmennekäytännön URL on virheellinen\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "annettu allekirjoituskäytännön URL on virheellinen\n"
+
+#: g10/gpg.c:4358
+#, fuzzy
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "annettu allekirjoituskäytännön URL on virheellinen\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "ota avaimet tästä avainrenkaasta"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "käsittele aikaleimakonfliktit pelkkinä varoituksina"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|tilatiedot kirjoitetaan FD:iin"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Käyttö: gpgv [valitsimet] [tiedostot] (-h näyttää ohjeen)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Käyttö: gpg [valitsimet] [tiedostot]\n"
+"Tarkista allekirjoituksia tunnetuille luotetuille avaimille\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Ei ohjeita saatavilla"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Ei ohjetta aiheesta \"%s\""
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "päivitä luottamustietokanta"
+
+#: g10/import.c:100
+#, fuzzy
+msgid "create a public key when importing a secret key"
+msgstr "julkinen avain ei täsmää salaiseen avaimeen!\n"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "salaista avainta ei voi käyttää"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "ohitetaan tyypin %d lohko\n"
+
+#: g10/import.c:275
+#, fuzzy, c-format
+msgid "%lu keys processed so far\n"
+msgstr "tähän mennessä käsitelty %lu avainta\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Kaikkiaan käsitelty: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " ohitetaan uudet avaimet: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " ilman käyttäjätunnuksia: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " tuotu: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " muuttamatonta: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " uusia käyttäjätunnuksia: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " uusia aliavaimia: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " uusia allekirjoituksia: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " uusia avainten mitätöintejä: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " luettuja salaisia avaimia: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " tuotuja salaisia avaimia: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " muuttamattomia salaisia avaimia: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " ei tuotu: %lu\n"
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " uusia allekirjoituksia: %lu\n"
+
+#: g10/import.c:325
+#, fuzzy, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " luettuja salaisia avaimia: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+# Ensimmäinen %s on binary, textmode tai unknown, ks. alla
+#: g10/import.c:662
+#, fuzzy, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr "%sallekirjoitus, tiivistealgoritmi %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, fuzzy, c-format
+msgid "key %s: no user ID\n"
+msgstr "avain %08lX: ei käyttäjätunnusta\n"
+
+#: g10/import.c:795
+#, fuzzy, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "avain %08lX: HKP-aliavainvirhe korjattu\n"
+
+#: g10/import.c:810
+#, fuzzy, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr ""
+"avain %08lX: käyttäjätunnus \"%s\" hyväksytty ilman omaa allekirjoitusta\n"
+
+#: g10/import.c:816
+#, fuzzy, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "avain %08lX: ei voimassaolevia käyttäjätunnuksia\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "tämän voi aiheuttaa puuttuva oma-allekirjoitus\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, fuzzy, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "avain %08lX: julkista avainta ei löydetty: %s\n"
+
+#: g10/import.c:834
+#, fuzzy, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "avain %08lX: uusi avain - ohitetaan\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "kirjoitettavissa olevaa avainrengasta ei löydy: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "kirjoitetaan kohteeseen \"%s\"\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
+
+#: g10/import.c:871
+#, fuzzy, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "avain %08lX: julkinen avain \"%s\" tuotu\n"
+
+#: g10/import.c:895
+#, fuzzy, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "avain %08lX: ei vastaa omaa kopiotamme\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, fuzzy, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "avain %08lX: alkuperäistä avainlohkoa ei löydy: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, fuzzy, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "avain %08lX. alkuperäisen avainlohko lukeminen ei onnistu: %s\n"
+
+#: g10/import.c:962
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "avain %08lX: \"%s\" 1 uusi käyttäjätunnus\n"
+
+#: g10/import.c:965
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "avain %08lX: \"%s\" %d uutta käyttäjätunnusta\n"
+
+#: g10/import.c:968
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "avain %08lX: \"%s\" 1 uusi allekirjoitus\n"
+
+#: g10/import.c:971
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "avain %08lX: \"%s\" %d uutta allekirjoitusta\n"
+
+#: g10/import.c:974
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "avain %08lX: \"%s\" 1 uusi aliavain\n"
+
+#: g10/import.c:977
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "avain %08lX: \"%s\" %d uutta aliavainta\n"
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "avain %08lX: \"%s\" %d uutta allekirjoitusta\n"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "avain %08lX: \"%s\" %d uutta allekirjoitusta\n"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "avain %08lX: \"%s\" %d uutta käyttäjätunnusta\n"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "avain %08lX: \"%s\" %d uutta käyttäjätunnusta\n"
+
+#: g10/import.c:1013
+#, fuzzy, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "avain %08lX: \"%s\" ei muutoksia\n"
+
+#: g10/import.c:1185
+#, fuzzy, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "avain %08lX: avaimella on epäkelpo salain %d - ohitetaan\n"
+
+#: g10/import.c:1196
+#, fuzzy
+msgid "importing secret keys not allowed\n"
+msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "salaiselle avainrenkaalle ei ole asetettu oletusarvoa: %s\n"
+
+#: g10/import.c:1224
+#, fuzzy, c-format
+msgid "key %s: secret key imported\n"
+msgstr "avain %08lX: salainen avain tuotu\n"
+
+#: g10/import.c:1254
+#, fuzzy, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "avain %08lX: avain on jo avainrenkaassa\n"
+
+#: g10/import.c:1264
+#, fuzzy, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "avain %08lX: salaista avainta ei löydy: %s\n"
+
+#: g10/import.c:1296
+#, fuzzy, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"avain %08lX: ei julkista avainta - mitätöintivarmennetta ei voida käyttää\n"
+
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "avain %08lX: pätemätön mitätöintivarmenne: %s - hylätty\n"
+
+#: g10/import.c:1371
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "avain %08lX: mitätöintivarmenne \"%s\" tuotu\n"
+
+#: g10/import.c:1447
+#, fuzzy, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "avain %08lX: allekirjoitukselle ei ole käyttäjätunnusta\n"
+
+#: g10/import.c:1464
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr "avain %08lX: julkisen avaimen algoritmia \"%s\" ei tueta\n"
+
+#: g10/import.c:1466
+#, fuzzy, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "avain %08lX: epäkelpo oma-allekirjoitus käyttäjätunnuksella \"%s\"\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "avain %08lX: julkisen avaimen algoritmia ei tueta\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "avain %08lX: lisättiin suora avainallekirjoitus\n"
+
+#: g10/import.c:1498
+#, fuzzy, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "avain %08lX: ei aliavainta avainten riippuvuuksiin\n"
+
+#: g10/import.c:1511
+#, fuzzy, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "avain %08lX: pätemätön aliavainriippuvuus\n"
+
+#: g10/import.c:1527
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "avain %08lX: moninkertainen aliavainriippuvuus poistettu\n"
+
+#: g10/import.c:1549
+#, fuzzy, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "avain %08lX: ei aliavainta avainten mitätöintiä varten\n"
+
+#: g10/import.c:1562
+#, fuzzy, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "avain %08lX: epäkelpo aliavaimen mitätöinti\n"
+
+#: g10/import.c:1577
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "avain %08lX: useiden aliavainten mitätöinti poistettu\n"
+
+#: g10/import.c:1618
+#, fuzzy, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "avain %08lX: käyttäjätunnus ohitettu '"
+
+#: g10/import.c:1639
+#, fuzzy, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "avain %08lX: aliavain ohitettu\n"
+
+#: g10/import.c:1666
+#, fuzzy, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr ""
+"avain %08lX: allekirjoitusta ei voida viedä (luokka %02x) - ohitetaan\n"
+
+#: g10/import.c:1676
+#, fuzzy, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "avain %08lX: mitätöintivarmenne väärässä paikassa - ohitetaan\n"
+
+#: g10/import.c:1693
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "avain %08lX: epäkelpo mitätöintivarmenne: %s - ohitetaan\n"
+
+#: g10/import.c:1707
+#, fuzzy, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "avain %08lX: aliavaimen allekirjoitus väärässä paikassa - ohitetaan\n"
+
+#: g10/import.c:1715
+#, fuzzy, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "avain %08lX: odottamaton allekirjoitusluokka (0x%02X) - ohitetaan\n"
+
+#: g10/import.c:1844
+#, fuzzy, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "avain %08lX: käyttäjätunnuksen kaksoiskappale havaittu - liitetty\n"
+
+#: g10/import.c:1906
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"VAROITUS: avain %08lX saattaa olla mitätöity: haetaan mitätöintiavain %08lX\n"
+
+#: g10/import.c:1920
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"VAROITUS: avain %08lX saattaa olla mitätöity: mitätöintiavainta %08lX \n"
+"ei saatavilla.\n"
+
+#: g10/import.c:1979
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "avain %08lX: \"%s\"-mitätöintivarmenne lisätty\n"
+
+#: g10/import.c:2013
+#, fuzzy, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "avain %08lX: lisättiin suora avainallekirjoitus\n"
+
+#: g10/import.c:2414
+#, fuzzy
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "julkinen avain ei täsmää salaiseen avaimeen!\n"
+
+#: g10/import.c:2422
+#, fuzzy
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "ohitetaan: salainen avain on jo paikalla\n"
+
+#: g10/import.c:2424
+#, fuzzy
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "ohitetaan: salainen avain on jo paikalla\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "avainrengas \"%s\" luotu\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, fuzzy, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "virhe luotaessa \"%s\": %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "avainrenkaan välimuistin uudelleenluominen epäonnistui: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[mitätöinti]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[oma-allekirjoitus]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 väärä allekirjoitus\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d väärää allekirjoitusta\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 allekirjoitus jätetty tarkistamatta puuttuvan avaimen vuoksi\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d allekirjoitusta jätetty tarkistamatta puuttuvien avainten vuoksi\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 allekirjoitus jätetty tarkistamatta virheen vuoksi\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d allekirjoitusta jätetty tarkistamatta virheiden vuoksi\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "havaittiin 1 käyttäjätunnus ilman voimassaolevaa oma-allekirjoitusta\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr ""
+"havaittiin %d käyttäjätunnusta ilman voimassaolevaa oma-allekirjoitusta\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+#, fuzzy
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Miten paljon luotat tämän käyttäjän varmistamiin muiden käyttäjien \n"
+"avaimiin (tarkistaako hän henkilöllisyydet, vertaako sormenjälkiä eri \n"
+"lähteistä...)?\n"
+"\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, fuzzy, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Luotan osittain\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, fuzzy, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Luotan täysin\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "Käyttäjätunnus \"%s\" on mitätöity."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Haluatko varmasti edelleen allekirjoittaa? (k/E) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Allekirjoittaminen ei onnistu.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "Käyttäjätunnus \"%s\" on vanhentunut."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "Käyttäjätunnuksella \"%s\" ei ole oma-allekirjoitusta."
+
+#: g10/keyedit.c:682
+#, fuzzy, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "Käyttäjätunnuksella \"%s\" ei ole oma-allekirjoitusta."
+
+#: g10/keyedit.c:684
+#, fuzzy
+msgid "Sign it? (y/N) "
+msgstr "Varmastiko allekirjoita? "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"Oma-allekirjoitus kohteessa \"%s\"\n"
+"on PGP 2.x -muodon allekirjoitus.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr ""
+"Haluatko vahventaa sen täysin vientikelpoiseksi OpenPGP-allekirjoitukseksi? "
+"(k/E) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Nykyinen allekirjoituksesi kohteessa \"%s\"\n"
+"on vanhentunut.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "Haluatko tehdä uuden allekirjoituksen korvaamaan vanhentuneen? (k/E) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Nykyinen allekirjoituksesi kohteessa \"%s\"\n"
+"on paikallinen allekirjoitus.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr ""
+"Haluatko vahventaa sen täysin vientikelpoiseksi allekirjoitukseksi? (k/E) "
+
+#: g10/keyedit.c:779
+#, fuzzy, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" on jo allekirjoitettu paikallisesti avaimella %08lX\n"
+
+#: g10/keyedit.c:782
+#, fuzzy, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" on jo allekirjoitettu avaimella %08lX\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Haluatko allekirjoittaa uudelleen joka tapauksessa? (k/E) "
+
+#: g10/keyedit.c:809
+#, fuzzy, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Avaimelle %08lX ei löydy mitään mitä allekirjoittaa\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Tämä avain on vanhentunut!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Avain vanhenee %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Haluatko allekirjoituksesi vanhenevan samaan aikaan? (K/e) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"Et voi luoda OpenPGP-allekirjoitusta PGP 2.x -avaimella --pgp2-tilassa.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Tämä tekisi avaimesta käyttökelvottoman PGP 2.x:lle.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Kuinka huolellisesti olet vahvistanut avaimen haltijan henkilöllisyyden?\n"
+"Jos et tiedä vastausta, syötä \"0\".\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) En vastaa.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) En ole tarkistanut lainkaan.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Olen suorittanut arkisen tarkistuksen.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Olen suorittanut huolellisen tarkistuksen.%s\n"
+
+#: g10/keyedit.c:932
+#, fuzzy
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Valintasi? (syöttämällä \"?\" saat lisätietoja): "
+
+#: g10/keyedit.c:956
+#, fuzzy, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Haluatko varmasti allekirjoittaa tämän avaimen\n"
+"omalla avaimellasi: \""
+
+#: g10/keyedit.c:963
+#, fuzzy
+msgid "This will be a self-signature.\n"
+msgstr ""
+"\n"
+"Tämä tulee olemaan oma-allekirjoitus.\n"
+
+#: g10/keyedit.c:969
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"VAROITUS: Tätä allekirjoitusta ei määritellä vientikelvottomaksi.\n"
+
+#: g10/keyedit.c:977
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"VAROITUS: Tätä allekirjoitusta ei määritellä mitätöimättömäksi.\n"
+
+#: g10/keyedit.c:987
+#, fuzzy
+msgid "The signature will be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"Tämä allekirjoitus määritellään vientikelvottomaksi.\n"
+
+#: g10/keyedit.c:994
+#, fuzzy
+msgid "The signature will be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"Tämä allekirjoitus määritellään mitätöimättömäksi.\n"
+
+#: g10/keyedit.c:1001
+#, fuzzy
+msgid "I have not checked this key at all.\n"
+msgstr ""
+"\n"
+"En ole tarkistanut tätä avainta lainkaan.\n"
+
+#: g10/keyedit.c:1006
+#, fuzzy
+msgid "I have checked this key casually.\n"
+msgstr ""
+"\n"
+"Olen tarkistanut avaimen arkisesti.\n"
+
+#: g10/keyedit.c:1011
+#, fuzzy
+msgid "I have checked this key very carefully.\n"
+msgstr ""
+"\n"
+"Olen tarkistanut avaimen erittäin huolellisesti.\n"
+
+#: g10/keyedit.c:1021
+#, fuzzy
+msgid "Really sign? (y/N) "
+msgstr "Varmastiko allekirjoita? "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "allekirjoitus epäonnistui: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Avainta ei ole suojattu.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Ensisijaisen avaimen salaiset osat eivät ole saatavilla.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+#, fuzzy
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Ensisijaisen avaimen salaiset osat eivät ole saatavilla.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Avain on suojattu.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Ei voi muokata avainta: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Syötä uusi salasana salaiselle avaimelle.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "salasanaa ei toistettu oikein, yritä uudestaan."
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Et halua salasanaa - tämä on todennäköisesti *huono* ajatus!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+#, fuzzy
+msgid "Do you really want to do this? (y/N) "
+msgstr "Haluatko varmasti tehdä tämän? "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "siirretään avaimen allekirjoitus oikealle paikalle\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "tallenna ja lopeta"
+
+#: g10/keyedit.c:1387
+#, fuzzy
+msgid "show key fingerprint"
+msgstr "näytä sormenjälki"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "näytä avaimet ja käyttäjätunnukset"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "valitse käyttäjätunnus N"
+
+#: g10/keyedit.c:1391
+#, fuzzy
+msgid "select subkey N"
+msgstr "valitse käyttäjätunnus N"
+
+#: g10/keyedit.c:1392
+#, fuzzy
+msgid "check signatures"
+msgstr "mitätöi allekirjoitus"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+#, fuzzy
+msgid "sign selected user IDs locally"
+msgstr "allekirjoita avain paikallisesti"
+
+#: g10/keyedit.c:1404
+#, fuzzy
+msgid "sign selected user IDs with a trust signature"
+msgstr "Vihje: Valitse allekirjoitettavat käyttäjätunnukset\n"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "lisää käyttäjätunnus"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "lisää valokuva"
+
+#: g10/keyedit.c:1414
+#, fuzzy
+msgid "delete selected user IDs"
+msgstr "poista käyttäjätunnus"
+
+#: g10/keyedit.c:1419
+#, fuzzy
+msgid "add a subkey"
+msgstr "addkey"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+#, fuzzy
+msgid "delete selected subkeys"
+msgstr "poista toissijainen avain"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "lisää mitätöintiavain"
+
+#: g10/keyedit.c:1435
+#, fuzzy
+msgid "delete signatures from the selected user IDs"
+msgstr "Varmastiko päivitä valinnat näille käyttäjätunnuksille? "
+
+#: g10/keyedit.c:1437
+#, fuzzy
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "Et voi muuttaa v3-avainten vanhentumispäivää\n"
+
+#: g10/keyedit.c:1439
+#, fuzzy
+msgid "flag the selected user ID as primary"
+msgstr "merkitse käyttäjätunnus ensisijaiseksi"
+
+#: g10/keyedit.c:1441
+#, fuzzy
+msgid "toggle between the secret and public key listings"
+msgstr "vaihda salaisten ja julkisten avainten luettelon välillä"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "näytä valinnat (asiantuntija)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "näytä valinnat (monisanaisesti)"
+
+#: g10/keyedit.c:1448
+#, fuzzy
+msgid "set preference list for the selected user IDs"
+msgstr "Varmastiko päivitä valinnat näille käyttäjätunnuksille? "
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "avainpalvelimen URI:iä ei voi jäsentää\n"
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr "Varmastiko päivitä valinnat näille käyttäjätunnuksille? "
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "muuta salasanaa"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "muuta luottamusastetta"
+
+#: g10/keyedit.c:1463
+#, fuzzy
+msgid "revoke signatures on the selected user IDs"
+msgstr "Varmastiko mitätöi kaikki valitut käyttäjätunnukset? "
+
+#: g10/keyedit.c:1465
+#, fuzzy
+msgid "revoke selected user IDs"
+msgstr "mitätöi käyttäjätunnus"
+
+#: g10/keyedit.c:1470
+#, fuzzy
+msgid "revoke key or selected subkeys"
+msgstr "mitätöi toissijainen avain"
+
+#: g10/keyedit.c:1471
+#, fuzzy
+msgid "enable key"
+msgstr "ota avain käyttöön"
+
+#: g10/keyedit.c:1472
+#, fuzzy
+msgid "disable key"
+msgstr "poista avain käytöstä"
+
+#: g10/keyedit.c:1473
+#, fuzzy
+msgid "show selected photo IDs"
+msgstr "näytä valokuvatunniste"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, fuzzy, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "virhe luettaessa salaista avainlohkoa \"%s\": %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Salainen avain on saatavilla.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Tähän tarvitaan salainen avain.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Käytä ensin komentoa \"toggle\".\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "Avain on mitätöity."
+
+#: g10/keyedit.c:1798
+#, fuzzy
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Varmastiko allekirjoita kaikki käyttäjätunnukset?"
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Vihje: Valitse allekirjoitettavat käyttäjätunnukset\n"
+
+#: g10/keyedit.c:1814
+#, fuzzy, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "tuntematon allekirjoitusluokka"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Tätä komentoa ei sallita %s-tilassa.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Sinun täytyy valita ainakin yksi käyttäjätunnus.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Et voi poistaa viimeistä käyttäjätunnusta!\n"
+
+#: g10/keyedit.c:1863
+#, fuzzy
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Varmastiko poista kaikki valitut käyttäjätunnukset? "
+
+#: g10/keyedit.c:1864
+#, fuzzy
+msgid "Really remove this user ID? (y/N) "
+msgstr "Varmastiko poista tämä käyttäjätunnus? "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+#, fuzzy
+msgid "Really move the primary key? (y/N) "
+msgstr "Varmastiko poista tämä käyttäjätunnus? "
+
+#: g10/keyedit.c:1929
+#, fuzzy
+msgid "You must select exactly one key.\n"
+msgstr "Sinun täytyy valita ainakin yksi avain.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, fuzzy, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "tiedostoa \"%s\" ei voi avata: %s\n"
+
+#: g10/keyedit.c:1988
+#, fuzzy, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Sinun täytyy valita ainakin yksi avain.\n"
+
+#: g10/keyedit.c:2015
+#, fuzzy
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Haluatko varmasti poistaa valitut avaimet? "
+
+#: g10/keyedit.c:2016
+#, fuzzy
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Haluatko varmasti poistaa tämän avaimen? "
+
+#: g10/keyedit.c:2051
+#, fuzzy
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Varmastiko mitätöi kaikki valitut käyttäjätunnukset? "
+
+#: g10/keyedit.c:2052
+#, fuzzy
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Varmastiko mitätöi tämä käyttäjätunnus? "
+
+#: g10/keyedit.c:2070
+#, fuzzy
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Haluatko varmasti mitätöidä tämän avaimen? "
+
+#: g10/keyedit.c:2081
+#, fuzzy
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Haluatko varmasti mitätöidä valitut avaimet? "
+
+#: g10/keyedit.c:2083
+#, fuzzy
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Haluatko varmasti mitätöidä tämän avaimen? "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+#, fuzzy
+msgid "Set preference list to:\n"
+msgstr "näytä valinnat"
+
+#: g10/keyedit.c:2181
+#, fuzzy
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "Varmastiko päivitä valinnat näille käyttäjätunnuksille? "
+
+#: g10/keyedit.c:2183
+#, fuzzy
+msgid "Really update the preferences? (y/N) "
+msgstr "Varmastiko päivitä valinnat? "
+
+#: g10/keyedit.c:2253
+#, fuzzy
+msgid "Save changes? (y/N) "
+msgstr "Tallenna muutokset? "
+
+#: g10/keyedit.c:2256
+#, fuzzy
+msgid "Quit without saving? (y/N) "
+msgstr "Lopeta tallentamatta muutoksia?"
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "päivitys epäonnistui: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "salaisen päivitys epäonnistui: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Päivitystä ei tarvita, koska avain ei ole muuttunut.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Tiiviste: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Ominaisuudet: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr "Notaatio: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "PGP 2.x -muodon käyttäjätunnukselle ei ole valintoja.\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Tämä avain voidaan mitätöidä %s-avaimella "
+
+#: g10/keyedit.c:2832
+#, fuzzy, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Tämä avain voidaan mitätöidä %s-avaimella "
+
+#: g10/keyedit.c:2838
+#, fuzzy
+msgid "(sensitive)"
+msgstr " (luottamuksellinen)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, fuzzy, c-format
+msgid "created: %s"
+msgstr "ei voida luoda kohdetta %s: %s\n"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, fuzzy, c-format
+msgid "revoked: %s"
+msgstr "[mitätöity] "
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, fuzzy, c-format
+msgid "expired: %s"
+msgstr " [vanhenee: %s]"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, fuzzy, c-format
+msgid "expires: %s"
+msgstr " [vanhenee: %s]"
+
+#: g10/keyedit.c:2863
+#, fuzzy, c-format
+msgid "usage: %s"
+msgstr " luottamus: %c/%c"
+
+#: g10/keyedit.c:2878
+#, fuzzy, c-format
+msgid "trust: %s"
+msgstr " luottamus: %c/%c"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr ""
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Tämä avain on poistettu käytöstä"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Huomioi, että tässä näytetty voimassaolo ei ole välttämättä\n"
+"ajan tasalla jollet käynnistä ohjelmaa uudelleen\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+#, fuzzy
+msgid "revoked"
+msgstr "[mitätöity] "
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+#, fuzzy
+msgid "expired"
+msgstr "expire"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"VAROITUS: mitään käyttäjätunnusta ei ole merkitty ensisijaiseksi. Tämän \n"
+"komennon johdosta eri käyttäjätunnus voi tulla oletetuksi ensisijaiseksi.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"VAROITUS: Tämä on PGP2-muodon avain. Valokuvan lisääminen voi\n"
+" saada jotkin PGP:n versiot hylkäämään avaimen.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Haluatko edelleen varmasti lisätä sen? (k/E) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "Et voi lisätä valokuvaa PGP2-muodon avaimeen.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Poistetaanko tämä kelvollinen allekirjoitus? (k/E/l)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Poistetaanko tämä epäkelpo allekirjoitus? (k/E/l)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Poistetaanko tämä tuntematon allekirjoitus? (k/E/l)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Varmastiko poista oma-allekirjoitus? (k/E)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "%d allekirjoitus poistettu.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "%d allekirjoitusta poistettu.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Mitään ei poistettu.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+#, fuzzy
+msgid "invalid"
+msgstr "virheellinen ascii-koodaus"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "Käyttäjätunnus \"%s\" on mitätöity."
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "Käyttäjätunnus \"%s\" on mitätöity."
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "Käyttäjätunnus \"%s\" on mitätöity."
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "käyttäjätunnus \"%s\" on jo mitätöity\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "käyttäjätunnus \"%s\" on jo mitätöity\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"VAROITUS: Tämä on PGP 2.x -muodon avain. Määrätyn mitätöijän lisääminen "
+"voi\n"
+" saada jotkin PGP:n versiot hylkäämään avaimen.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "Et voi lisätä määrättyä mitätöijää PGP 2.x -muodon avaimeen.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Syötä määrätyn mitätöijän käyttäjätunnus: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "PGP 2.x -avainta ei voi nimetä määrätyksi mitätöijäksi\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "et voi nimittää avainta sen omaksi määrätyksi mitätöijäksi\n"
+
+#: g10/keyedit.c:3561
+#, fuzzy
+msgid "this key has already been designated as a revoker\n"
+msgstr "VAROITUS: Tämän avaimen nimetty mitätöijä on mitätöinyt avaimen!\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr "VAROITUS: avaimen nimittämistä määrätyksi mitätöijäksi ei voi perua!\n"
+
+#: g10/keyedit.c:3586
+#, fuzzy
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Haluatko varmasti nimittää tämän avaimen määrätyksi mitätöijäksi? (k/E): "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Poista salaisten avainten valinnat, kiitos.\n"
+
+#: g10/keyedit.c:3653
+#, fuzzy
+msgid "Please select at most one subkey.\n"
+msgstr "Valitse korkeintaan yksi toissijainen avain, kiitos.\n"
+
+#: g10/keyedit.c:3657
+#, fuzzy
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Muutetaan toissijaisen avaimen vanhentumisaikaa.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Muutetaan ensisijaisen avaimen vanhentumisaikaa.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Et voi muuttaa v3-avainten vanhentumispäivää\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Salaisesta avainrenkaasta ei löydy vastaavaa allekirjoitusta\n"
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "VAROITUS: allekirjoitusaliavain %08lX ei ole ristiinvarmennettu\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Valitse tasan yksi käyttäjätunnus!\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, fuzzy, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "ohitetaan v3-muodon oma-allekirjoitus käyttäjätunnukselle \"%s\"\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+#, fuzzy
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Haluatko varmasti käyttää sitä (k/E)? "
+
+#: g10/keyedit.c:4260
+#, fuzzy
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Haluatko varmasti käyttää sitä (k/E)? "
+
+#: g10/keyedit.c:4322
+#, fuzzy
+msgid "Enter the notation: "
+msgstr "Allekirjoitusnotaatio: "
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "Ylikirjoita (k/E)? "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Indeksillä %d ei löydy käyttäjätunnusta\n"
+
+#: g10/keyedit.c:4604
+#, fuzzy, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Indeksillä %d ei löydy käyttäjätunnusta\n"
+
+#: g10/keyedit.c:4639
+#, fuzzy, c-format
+msgid "No subkey with index %d\n"
+msgstr "Indeksillä %d ei löydy käyttäjätunnusta\n"
+
+#: g10/keyedit.c:4774
+#, fuzzy, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "käyttäjätunnus: \""
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, fuzzy, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr " %08lX allekirjoitti tämän %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (vientiin kelpaamaton)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Tämä allekirjoitus vanheni %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Haluatko varmasti mitätöidä sen? (k/E) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Luodaanko tälle alekirjoitukselle mitätöintivarmenne? (k/E) "
+
+#: g10/keyedit.c:4842
+#, fuzzy
+msgid "Not signed by you.\n"
+msgstr " %08lX allekirjoitti tämän %s%s\n"
+
+#: g10/keyedit.c:4848
+#, fuzzy, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Olet allekirjoittanut seuraavat käyttäjätunnukset:\n"
+
+#: g10/keyedit.c:4874
+#, fuzzy
+msgid " (non-revocable)"
+msgstr " (vientiin kelpaamaton)"
+
+#: g10/keyedit.c:4881
+#, fuzzy, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr " %08lX mitätöi tämän %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Olet mitätöimässä seuraavat allekirjoitukset:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Varmastiko luo mitätöintivarmenteet? (k/E) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "salainen avain ei ole saatavilla\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "käyttäjätunnus \"%s\" on jo mitätöity\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+"VAROITUS: käyttäjätunnuksen allekirjoitus on päivätty %d sekuntin päähän "
+"tulevaisuuteen\n"
+
+#: g10/keyedit.c:5104
+#, fuzzy, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "käyttäjätunnus \"%s\" on jo mitätöity\n"
+
+#: g10/keyedit.c:5166
+#, fuzzy, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "käyttäjätunnus \"%s\" on jo mitätöity\n"
+
+#: g10/keyedit.c:5261
+#, fuzzy, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+"Näytetään valokuva %s, kokoa %ld avaimelle 0x%08lX\n"
+"(käyttäjätunnus %d)\n"
+
+#: g10/keygen.c:275
+#, fuzzy, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "valinta %c%lu on kopio\n"
+
+#: g10/keygen.c:282
+#, fuzzy
+msgid "too many cipher preferences\n"
+msgstr "liian monta \"%c\" valintaa\n"
+
+#: g10/keygen.c:284
+#, fuzzy
+msgid "too many digest preferences\n"
+msgstr "liian monta \"%c\" valintaa\n"
+
+#: g10/keygen.c:286
+#, fuzzy
+msgid "too many compression preferences\n"
+msgstr "liian monta \"%c\" valintaa\n"
+
+#: g10/keygen.c:426
+#, fuzzy, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "Valinnassa on luvaton merkki\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "kirjoitetaan suora allekirjoitus\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "kirjoitetaan oma-allekirjoitus\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "kirjoitetaan avaimen varmentava allekirjoitus\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "avaimen koko on virheellinen, käytetään %u bittiä\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "avaimen koko on pyöristetty %u bittiin\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+#, fuzzy
+msgid "Sign"
+msgstr "sign"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+#, fuzzy
+msgid "Encrypt"
+msgstr "salaa tiedot"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr ""
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, fuzzy, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%d) ElGamal (vain salaus)\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Valitse millaisen avaimen haluat:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA ja ElGamal (oletus)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA ja ElGamal (oletus)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (vain allekirjoitus)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (vain allekirjoitus)\n"
+
+#: g10/keygen.c:1698
+#, fuzzy, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (vain salaus)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (vain salaus)\n"
+
+#: g10/keygen.c:1703
+#, fuzzy, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) RSA (vain salaus)\n"
+
+#: g10/keygen.c:1704
+#, fuzzy, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (vain salaus)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Minkä kokoisen avaimen haluat? (1024) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, fuzzy, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Minkä kokoisen avaimen haluat? (1024) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Halutun avaimen koko on %u bittiä\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Kuinka kauan avaimen tulee olla voimassa.\n"
+" 0 = Avain ei vanhene koskaan\n"
+" <n> = Avain vanhenee n päivän kuluttua\n"
+" <n>w = Avain vanhenee n viikon kuluttua\n"
+" <n>m = Avain vanhenee n kuukauden kuluttua\n"
+" <n>y = Avain vanhenee n vuoden kuluttua\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Kuinka kauan allekirjoituksen tulee olla voimassa.\n"
+" 0 = Allekirjoitus ei vanhene koskaan\n"
+" <n> = Allekirjoitus vanhenee n päivän kuluttua\n"
+" <n>w = Allekirjoitus vanhenee n viikon kuluttua\n"
+" <n>m = Allekirjoitus vanhenee n kuukauden kuluttua\n"
+" <n>y = Allekirjoitus vanhenee n vuoden kuluttua\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Avain on voimassa? (0) "
+
+#: g10/keygen.c:1964
+#, fuzzy, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Allekirjoitus on voimassa? (0) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "arvo ei kelpaa\n"
+
+#: g10/keygen.c:1989
+#, fuzzy
+msgid "Key does not expire at all\n"
+msgstr "%s ei vanhene koskaan\n"
+
+#: g10/keygen.c:1990
+#, fuzzy
+msgid "Signature does not expire at all\n"
+msgstr "%s ei vanhene koskaan\n"
+
+#: g10/keygen.c:1995
+#, fuzzy, c-format
+msgid "Key expires at %s\n"
+msgstr "%s vanhenee %s\n"
+
+#: g10/keygen.c:1996
+#, fuzzy, c-format
+msgid "Signature expires at %s\n"
+msgstr "Allekirjoitus vanhenee %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Järjestelmäsi ei osaa näyttää päiväyksiä kuin vuoteen 2038.\n"
+"Se kuitenkin käsittelee päiväykset oikein vuoteen 2106.\n"
+
+#: g10/keygen.c:2013
+#, fuzzy
+msgid "Is this correct? (y/N) "
+msgstr "Onko tämä oikein (k/e) "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+#, fuzzy
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Tarviset käyttäjätunnuksen avaimesi tunnistamiseen; ohjelma muodostaa \n"
+"käyttäjätunnuksen oikeasta nimestä, huomautuksesta ja "
+"sähköpostiosoitteesta \n"
+"muodossa:\n"
+" \"Matti Meikäläinen (nuorempi) <matti.meikalainen@osoite.fi>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Oikea nimi: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Nimessä on epäkelpo merkki\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Nimi ei voi alkaa numerolla\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Nimen täytyy olla vähintään 5 merkkiä pitkä\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Sähköpostiosoite: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Sähköpostiosoite ei kelpaa\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Huomautus: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Huomautuksessa on epäkelpo merkki\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Käytät merkistöä \"%s\".\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Valitsit seuraavan käyttäjätunnuksen:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "Älä syötä sähköpostiosoitetta nimen tai huomautuksen paikalle\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnHhSsOoLl"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Muuta (N)imi, (H)uomautus, (S)ähköposti vai (L)opeta?"
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Muuta (N)imi, (H)uomautus, (S)ähköposti vai (O)k/(L)opeta?"
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Ole hyvä ja korjaa ensin virhe\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Tarvitset salasanan suojaamaan salaista avaintasi.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Et halunnut salasanaa - tämä on luultavasti *huono* ajatus!\n"
+"Jatketaan silti. Voit vaihtaa salasanaa milloin tahansa\n"
+"tämän ohjelman valitsimella \"--edit-key\".\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Tarvitaan paljon satunnaislukuja. Voit suorittaa muita toimintoja\n"
+"(kirjoittaa näppäimistöllä, liikuttaa hiirtä, käyttää levyjä)\n"
+"alkulukujen luomisen aikana, tämä antaa satunnaislukugeneraattorille\n"
+"paremmat mahdollisuudet kerätä riittävästi entropiaa.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Avaimen luonti keskeytetty.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "kirjoitan julkisen avaimen kohteeseen \"%s\"\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, fuzzy, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "kirjoitettavissa olevaa julkista avainrengasta ei löydy: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "kirjoitettavissa olevaa salaista avainrengasta ei löydy: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "virhe kirjoitettaessa julkiseen avainrenkaaseen \"%s\": %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "virhe kirjoitettaessa salaiseen avainrenkaaseen \"%s\": %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "julkinen ja salainen avain on luotu ja allekirjoitettu.\n"
+
+#: g10/keygen.c:3672
+#, fuzzy
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Huomaa, että tätä avainta ei voida käyttää salaamiseen. Käytä komentoa\n"
+"\"--edit-key\" luodaksesi toissijaisen avaimen salaustarkoitukseen.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Avaimen luonti epäonnistui: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"avain on luotu %lu sekunti tulevaisuudessa (on tapahtunut aikahyppy tai\n"
+"kellon kanssa on ongelmia)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"avain on luotu %lu sekuntia tulevaisuudessa (on tapahtunut aikahyppy tai\n"
+"kellon kanssa on ongelmia)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "HUOM: v3-aliavainten luonti ei ole OpenPGP:n mukaista\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+#, fuzzy
+msgid "Really create? (y/N) "
+msgstr "Haluatko varmasti luoda? "
+
+#: g10/keygen.c:4116
+#, fuzzy, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "avainlohkojen poisto epäonnistui: %s\n"
+
+#: g10/keygen.c:4165
+#, fuzzy, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "tiedostoa \"%s\" ei voi luoda: %s\n"
+
+#: g10/keygen.c:4191
+#, fuzzy, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "HUOM: salainen avain %08lX vanheni %s\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "ei koskaan"
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Kriittinen allekirjoituskäytäntö: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Allekirjoituskäytäntö: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Kriittinen allekirjoitusnotaatio: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Allekirjoitusnotaatio: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Avainrengas"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Ensisijaisen avaimen sormenjälki:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Aliavaimen sormenjälki:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Ensisijaisen avaimen sormenjälki:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Aliavaimen sormenjälki:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+#, fuzzy
+msgid " Key fingerprint ="
+msgstr " Avaimen sormenjälki ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, fuzzy, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "ascii-koodaaminen epäonnistui: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "VAROITUS: löytyi 2 tiedostoa, joissa on luottamuksellisia tietoja.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s säilyi muuttumattomana\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s on uusi\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Ole hyvä ja korjaa tämä mahdollinen tietoturvareikä\n"
+
+#: g10/keyring.c:1430
+#, fuzzy, c-format
+msgid "caching keyring `%s'\n"
+msgstr "tarkistetaan avainrengasta \"%s\"\n"
+
+#: g10/keyring.c:1489
+#, fuzzy, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "käsiteltiin %lu avainta (%lu allekirjoitusta)\n"
+
+#: g10/keyring.c:1501
+#, fuzzy, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "käsiteltiin %lu avainta (%lu allekirjoitusta)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: avainrengas luotu\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "annettu allekirjoituskäytännön URL on virheellinen\n"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, fuzzy, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"VAROITUS: asetukset tiedostossa \"%s\" eivät ole käytössä vielä tässä "
+"ajossa\n"
+
+#: g10/keyserver.c:544
+#, fuzzy
+msgid "disabled"
+msgstr "disable"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, fuzzy, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "virheelliset vientivalitsimet\n"
+
+#: g10/keyserver.c:932
+#, fuzzy, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "avainta \"%s\" ei löydy: %s\n"
+
+#: g10/keyserver.c:934
+#, fuzzy
+msgid "key not found on keyserver\n"
+msgstr "avainta \"%s\" ei löydy: %s\n"
+
+#: g10/keyserver.c:1177
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "pyydetään avainta %08lX kohteesta %s\n"
+
+#: g10/keyserver.c:1181
+#, fuzzy, c-format
+msgid "requesting key %s from %s\n"
+msgstr "pyydetään avainta %08lX kohteesta %s\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "etsitään \"%s\" HKP-palvelimelta %s\n"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "etsitään \"%s\" HKP-palvelimelta %s\n"
+
+#: g10/keyserver.c:1361
+#, fuzzy, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "etsitään \"%s\" HKP-palvelimelta %s\n"
+
+#: g10/keyserver.c:1365
+#, fuzzy, c-format
+msgid "sending key %s to %s\n"
+msgstr ""
+"\"\n"
+"allekirjoitettu avaimellasi %08lX %s\n"
+
+#: g10/keyserver.c:1408
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "etsitään \"%s\" HKP-palvelimelta %s\n"
+
+#: g10/keyserver.c:1411
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "etsitään \"%s\" HKP-palvelimelta %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+#, fuzzy
+msgid "no keyserver action!\n"
+msgstr "virheelliset vientivalitsimet\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr ""
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+#: g10/keyserver.c:1575
+#, fuzzy
+msgid "keyserver timed out\n"
+msgstr "avainpalvelinvirhe"
+
+#: g10/keyserver.c:1580
+#, fuzzy
+msgid "keyserver internal error\n"
+msgstr "avainpalvelinvirhe"
+
+#: g10/keyserver.c:1589
+#, fuzzy, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "avainpalvelimelta vastaanotto epäonnistui: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr ""
+
+#: g10/keyserver.c:1907
+#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "VAROITUS: tilapäistiedostoa (%s) \"%s\" ei voi poistaa: %s\n"
+
+#: g10/keyserver.c:1929
+#, fuzzy, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "pyydetään avainta %08lX kohteesta %s\n"
+
+#: g10/keyserver.c:1931
+#, fuzzy, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "pyydetään avainta %08lX kohteesta %s\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "VAROITUS: tilapäistiedostoa (%s) \"%s\" ei voi poistaa: %s\n"
+
+#: g10/keyserver.c:1993
+#, fuzzy, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "VAROITUS: tilapäistiedostoa (%s) \"%s\" ei voi poistaa: %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "outo koko salatulle istuntoavaimelle (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s-salattu istuntoavain\n"
+
+#: g10/mainproc.c:294
+#, fuzzy, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "salattu tuntemattomalla algoritmilla %d\n"
+
+#: g10/mainproc.c:360
+#, fuzzy, c-format
+msgid "public key is %s\n"
+msgstr "julkinen avain on %08lX\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "julkisella avaimella salattu data: DEK kelpaa\n"
+
+#: g10/mainproc.c:456
+#, fuzzy, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "salattu %u-bittisella %s-avaimella, tunnus %08lX, luotu %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, fuzzy, c-format
+msgid " \"%s\"\n"
+msgstr " aka \""
+
+#: g10/mainproc.c:464
+#, fuzzy, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "salattu %s-avaimella, tunnus %08lX\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "julkisen avaimen avaus epäonnistui: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "salattu %lu salasanalla\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "salattu yhdellä salasanalla\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "oletettavasti %s-salattua dataa\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+"IDEA-salain ei käytettävissä, yritetään optimistisesti \n"
+"käyttää sen sijaan salainta %s\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "avaus onnistui\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "VAROITUS: viestin eheyttä ei oltu suojattu\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "VAROITUS: salattua viestiä on muokattu!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "avaus epäonnistui: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "HUOM: lähettäjä määrittää \"vain-sinun-silmillesi\"\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "alkuperäisen tiedoston nimi=\"%.*s\"\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "itsenäinen mitätöinti - käytä \"gpg --import\" ottaaksesi käyttöön\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "Allekirjoitus täsmää lähettäjään \""
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "allekirjoituksen varmistus vaiennetaan\n"
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "näitä allekirjoituksia ei voi käsitellä\n"
+
+#: g10/mainproc.c:1598
+#, fuzzy, c-format
+msgid "Signature made %s\n"
+msgstr "Allekirjoitus vanheni %s\n"
+
+#: g10/mainproc.c:1599
+#, fuzzy, c-format
+msgid " using %s key %s\n"
+msgstr " aka \""
+
+#: g10/mainproc.c:1603
+#, fuzzy, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr ""
+"Allekirjoitus tehty %.*s käyttämällä %s-algoritmia avaintunnuksella %08lX\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Avain saatavilla kohteessa: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, fuzzy, c-format
+msgid "BAD signature from \"%s\""
+msgstr "VÄÄRÄ allekirjoitus lähettäjältä \""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, fuzzy, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Vanhentunut allekirjoitus lähettäjältä \""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, fuzzy, c-format
+msgid "Good signature from \"%s\""
+msgstr "Allekirjoitus täsmää lähettäjään \""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[ei tiedossa]"
+
+#: g10/mainproc.c:1843
+#, fuzzy, c-format
+msgid " aka \"%s\""
+msgstr " aka \""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Allekirjoitus vanheni %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Allekirjoitus vanhenee %s\n"
+
+# Ensimmäinen %s on binary, textmode tai unknown, ks. alla
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%sallekirjoitus, tiivistealgoritmi %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "binääri"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "teksti"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "tuntematon "
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Allekirjoitusta ei voi tarkistaa: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "allekirjoitus ei ole erillinen\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"VAROITUS: useita allekirjoituksia havaittu. Vain ensimmäisen voi "
+"tarkistaa.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "itsenäinen allekirjoitus luokkaa 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "vanhan tyylin (PGP 2.x) allekirjoitus\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "epäkelpo juuripaketti havaittu proc_tree():ssä\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, fuzzy, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "ei voi avata tiedostoa: %s\n"
+
+#: g10/misc.c:178
+#, fuzzy, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "trustdb: luku epäonnistui (n=%d): %s\n"
+
+#: g10/misc.c:296
+#, fuzzy, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "julkisen avaimen algorimin %d käsittely ei onnistu\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+"valittua tiivistesalgoritmia %s (%d) ei löydy vastaanottajan valinnoista\n"
+
+#: g10/misc.c:315
+#, fuzzy, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "salausalgoritmi ei ole käytössä"
+
+# Ensimmäinen %s on binary, textmode tai unknown, ks. alla
+#: g10/misc.c:330
+#, fuzzy, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "%sallekirjoitus, tiivistealgoritmi %s\n"
+
+#: g10/misc.c:335
+#, fuzzy, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr ""
+"valittua tiivistesalgoritmia %s (%d) ei löydy vastaanottajan valinnoista\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "IDEA-salaimen liitännäinen ei käytettävissä\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr " i = näytä lisätietoja\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: paheksuttava valitsin \"%s\"\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "VAROITUS: \"%s\" on paheksuttu valitsin\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "käytä valitsinta \"%s%s\" sen sijaan\n"
+
+#: g10/misc.c:774
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "VAROITUS: \"%s\" on paheksuttu valitsin\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "VAROITUS: \"%s\" on paheksuttu valitsin\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "pakkaamaton"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+#, fuzzy
+msgid "uncompressed|none"
+msgstr "pakkaamaton"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "%s ei kenties voi käsitellä tätä viestiä\n"
+
+#: g10/misc.c:1175
+#, fuzzy, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "luetaan asetukset tiedostosta \"%s\"\n"
+
+#: g10/misc.c:1200
+#, fuzzy, c-format
+msgid "unknown option `%s'\n"
+msgstr "tuntematon oletusvastaanottaja \"%s\"\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Tiedosto \"%s\" on olemassa."
+
+#: g10/openfile.c:93
+#, fuzzy
+msgid "Overwrite? (y/N) "
+msgstr "Ylikirjoita (k/E)? "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: tuntematon pääte\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Syötä uusi tiedostonimi"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "kirjoitetaan vakiotulosteeseen\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "data kohteessa \"%s\" oletetaan allekirjoitetuksi\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "uusi asetustiedosto \"%s\" luotu\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+"VAROITUS: asetukset tiedostossa \"%s\" eivät ole käytössä vielä tässä "
+"ajossa\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "julkisen avaimen algorimin %d käsittely ei onnistu\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr "VAROITUS: mahdollisesti turvaton symmetrisesti salattu istuntoavain\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "tyypin %d alipaketilla on kriittinen bitti asetettuna\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, fuzzy, c-format
+msgid "problem with the agent: %s\n"
+msgstr "agentin käytössä on ongelmia: agentti vastaa 0x%lx\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, fuzzy, c-format
+msgid " (main key ID %s)"
+msgstr " (pääavaimen tunnus %08lX)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Tarvitset salasanan avataksesi salaisen avaimen käyttäjälle:\n"
+"\"%.*s\"\n"
+"%u-bittinen %s-avain, tunnus %08lX, luotu %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Syötä salasana\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "käyttäjän peruma\n"
+
+#: g10/passphrase.c:592
+#, fuzzy, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"\n"
+"Tarvitset salasanan avataksesi salaisen avaimen käyttäjälle: \""
+
+#: g10/passphrase.c:600
+#, fuzzy, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-bittinen %s-avain, tunnus %08lX, luotu %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Valitse kuva, jota haluat käyttää valokuvatunnisteenasi. Kuvan täytyy "
+"olla \n"
+"JPEG-tiedosto. Muista, että kuva tallennetaan julkiseen avaimeesi. Jos \n"
+"käytät erittäin suurta kuvaa, myös avaimesta tulee erittäin suuri!\n"
+"Kuvan koon ollessa suunnilleen 240x288, on koko sopiva käyttöön.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Syötä JPEG-tiedostonimi valokuvatunnisteelle: "
+
+#: g10/photoid.c:117
+#, fuzzy, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "ei voi avata tiedostoa: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+#, fuzzy
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Haluatko varmasti käyttää sitä (k/E)? "
+
+#: g10/photoid.c:146
+#, fuzzy, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "\"%s\" ei ole JPEG-tiedosto\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Onko tämä oikein (k/E/l)? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "valokuvatunnistetta ei voi näyttää!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Ei eriteltyä syytä"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Avain on uusittu"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Avain on murrettu"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Avain ei ole enää käytössä"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "Käyttäjätunnus ei ole enää käytössä"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "mitätöinnin syy: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "mitätöintikommentti: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMlLoO"
+
+#: g10/pkclist.c:212
+#, fuzzy
+msgid "No trust value assigned to:\n"
+msgstr ""
+"Luottamusarvoa ei ole asetettu seuraavalle:\n"
+"%4u%c/%08lX %s \""
+
+#: g10/pkclist.c:245
+#, fuzzy, c-format
+msgid " aka \"%s\"\n"
+msgstr " aka \""
+
+#: g10/pkclist.c:255
+#, fuzzy
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "Tämä avain todennäköisesti kuuluu haltijalle\n"
+
+#: g10/pkclist.c:270
+#, fuzzy, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = En tiedä\n"
+
+#: g10/pkclist.c:272
+#, fuzzy, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = EN luota\n"
+
+#: g10/pkclist.c:278
+#, fuzzy, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Luotan ehdottomasti\n"
+
+#: g10/pkclist.c:284
+#, fuzzy
+msgid " m = back to the main menu\n"
+msgstr " m = takaisin päävalikkoon\n"
+
+#: g10/pkclist.c:287
+#, fuzzy
+msgid " s = skip this key\n"
+msgstr " o = ohita tämä avain\n"
+
+#: g10/pkclist.c:288
+#, fuzzy
+msgid " q = quit\n"
+msgstr " l = lopeta\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Valintasi? "
+
+#: g10/pkclist.c:319
+#, fuzzy
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Haluatko varmasti luottaa tähän avaimeen ehdottomasti? "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Varmennepolku ehdottomasti luotettuun julkiseen avaimeen:\n"
+
+#: g10/pkclist.c:418
+#, fuzzy, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Mikään ei takaa sitä, että allekirjoitus todella kuuluu "
+"haltijalleen.\n"
+
+#: g10/pkclist.c:423
+#, fuzzy, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Mikään ei takaa sitä, että allekirjoitus todella kuuluu "
+"haltijalleen.\n"
+
+#: g10/pkclist.c:429
+#, fuzzy
+msgid "This key probably belongs to the named user\n"
+msgstr "Tämä avain todennäköisesti kuuluu haltijalle\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Tämä on oma avain\n"
+
+#: g10/pkclist.c:460
+#, fuzzy
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"Avaimen kuulumista nimetylle käyttäjätunnukselle EI voida varmistaa.\n"
+"Jos *todella* tiedät mitä olet tekemässä, vastaa seuraavaan\n"
+"kysymykseen kyllä\n"
+"\n"
+
+#: g10/pkclist.c:479
+#, fuzzy
+msgid "Use this key anyway? (y/N) "
+msgstr "Haluatko käyttää tätä avainta kaikesta huolimatta? "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "VAROITUS: Käytettyyn avaimeen ei luoteta!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+"VAROITUS: tämä avain saattaa olla mitätöity (mitätöintiavainta ei "
+"saatavilla)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "VAROITUS: Tämän avaimen nimetty mitätöijä on mitätöinyt avaimen!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "VAROITUS: Tämän avaimen haltija on mitätöinyt avaimen!\n"
+
+#: g10/pkclist.c:533
+#, fuzzy
+msgid " This could mean that the signature is forged.\n"
+msgstr " Tämä voi merkitä sitä, että allekirjoitus on väärennös.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "VAROITUS: Haltija on mitätöinyt tämän aliavaimen!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Huom: Tämä avain on poistettu käytöstä\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Huom: Tämä avain on vanhentunut!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr ""
+"VAROITUS: Tätä avainta ei ole varmennettu luotettavalla allekirjoituksella!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" Mikään ei takaa sitä, että allekirjoitus todella kuuluu "
+"haltijalleen.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "VAROITUS: Tähän avaimeen EI luoteta!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Allekirjoitus on luultavasti VÄÄRENNÖS.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"VAROITUS: Tätä avainta ei ole varmennettu tarpeeksi luotettavalla \n"
+"allekirjoituksella!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Ei ole varmaa, että allekirjoitus kuuluu haltijalle.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: ohitettu: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: ohitettu: julkinen avain on jo olemassa\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "Et määritellyt käyttäjätunnusta. (voit käyttää valitsinta \"-r\")\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Syötä käyttäjätunnus. Lopeta tyhjällä rivillä: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Käyttäjätunnusta ei löydy.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "ohitettu: julkinen avain on jo asetettu oletusvastaanottajaksi\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Julkinen avain on poistettu käytöstä\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "ohitettu: julkinen avain on jo asetettu\n"
+
+#: g10/pkclist.c:1045
+#, fuzzy, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "tuntematon oletusvastaanottaja \"%s\"\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s ohitettu: julkinen avain on poistettu käytöstä\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "ei kelvollisia vastaanottajia\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "avain %08lX: ei käyttäjätunnusta\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "avain %08lX: ei käyttäjätunnusta\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+"dataa ei ole tallennettu, käytä valitsinta \"--output\" tallentaaksesi\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Erillinen allekirjoitus.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Anna datatiedoston nimi: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "luetaan vakiosyötettä ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "ei allekirjoitettua dataa\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "allekirjoitetun datan \"%s\" avaaminen ei onnistu\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "allekirjoitetun datan \"%s\" avaaminen ei onnistu\n"
+
+#: g10/pubkey-enc.c:105
+#, fuzzy, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "nimetön vastaanottaja; yritän käyttää salaista avainta %08lX ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "ok, nimetön vastaanottaja olet sinä.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "vanhaa DEK-koodaus ei tueta\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "salausalgoritmi %d%s on tuntematon tai poistettu käytöstä\n"
+
+#: g10/pubkey-enc.c:284
+#, fuzzy, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "HUOM: salausalgoritmia %d ei löydy valinnoista\n"
+
+#: g10/pubkey-enc.c:304
+#, fuzzy, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "HUOM: salainen avain %08lX vanheni %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "HUOM: avain on mitätöity!"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet epäonnistui: %s\n"
+
+#: g10/revoke.c:145
+#, fuzzy, c-format
+msgid "key %s has no user IDs\n"
+msgstr "avain %08lX: ei käyttäjätunnusta\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Mitätöinnin tekee:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Tämä on arkaluonteinen mitätöintiavain)\n"
+
+#: g10/revoke.c:314
+#, fuzzy
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Luo tälle avaimelle mitätöintivarmenne? "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "ASCII-koodattu tuloste määritetty.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet epäonnistui: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Mitätöintivarmenne luotu.\n"
+
+#: g10/revoke.c:411
+#, fuzzy, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "mitätöintiavainta ei löydy avaimelle \"%s\"\n"
+
+#: g10/revoke.c:470
+#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "salaista avainta \"%s\" ei löydy: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "ei vastaavaa julkista avainta: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "julkinen avain ei täsmää salaiseen avaimeen!\n"
+
+#: g10/revoke.c:515
+#, fuzzy
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Luo tälle avaimelle mitätöintivarmenne? "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "tuntematon suojausalgoritmi\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "HUOM: Tätä avainta ei ole suojattu!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Mitätöintivarmenne luotu.\n"
+"\n"
+"Ole hyvä ja siirrä se medialle, jonka voit piilottaa; jos Mallory saa \n"
+"käsiinsä tämän varmenteen, hän voi tehdä sillä avaimesta "
+"käyttökelvottoman. \n"
+"On järkevää tulostaa tämä varmenne ja tallentaa se siltä varalta, että \n"
+"mediastasi tulee lukukelvoton. Mutta varoituksen sanana: Tietokoneesi \n"
+"tulostusjärjestelmä saattaa tallentaa datan ja saattaa sen muiden "
+"saataville!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Valitse mitätöinnin syy:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Peru"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Todennäköisesti haluat valita %d tässä)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Syötä vapaaehtoinen kuvaus; lopeta tyhjään riviin:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Mitätöinnin syy: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(Kuvausta ei annettu)\n"
+
+#: g10/revoke.c:721
+#, fuzzy
+msgid "Is this okay? (y/N) "
+msgstr "Kelpaako tämä? "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "salaisen avaimen osat eivät ole käytettävissä\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "suojausalgoritmi %d%s ei ole käytettävissä\n"
+
+#: g10/seckey-cert.c:72
+#, fuzzy, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "suojausalgoritmi %d%s ei ole käytettävissä\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Salasana ei kelpaa; yritä uudestaan"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "VAROITUS: Havaittiin heikko avain - vaihda salasanaa uudestaan.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"luodaan paheksuttava 16-bittinen tarkistussumma salaisen avaimen suojaksi\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "luotu avain on heikko - yritän uudestaan\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"heikon avaimen luomista symmetriselle salaimelle ei voitu välttää; \n"
+"yritettiin %d kertaa!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "VAROITUS: allekirjoitustiiviste ei täsmää viestin kanssa\n"
+
+#: g10/sig-check.c:105
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "VAROITUS: allekirjoitusaliavain %08lX ei ole ristiinvarmennettu\n"
+
+#: g10/sig-check.c:117
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"VAROITUS: allekirjoitusaliavaimella %08lX on epäkelpo ristiinvarmennus\n"
+
+#: g10/sig-check.c:211
+#, fuzzy, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "julkinen avain %08lX on %lu sekuntia uudempi kuin allekirjoitus\n"
+
+#: g10/sig-check.c:212
+#, fuzzy, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "julkinen avain %08lX on %lu sekuntia uudempi kuin allekirjoitus\n"
+
+#: g10/sig-check.c:223
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"avain on luotu %lu sekunti tulevaisuudessa (on tapahtunut aikahyppy tai\n"
+"kellon kanssa on ongelmia)\n"
+
+#: g10/sig-check.c:225
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"avain on luotu %lu sekuntia tulevaisuudessa (on tapahtunut aikahyppy tai\n"
+"kellon kanssa on ongelmia)\n"
+
+#: g10/sig-check.c:239
+#, fuzzy, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "HUOM: allekirjoitusavain %08lX vanheni %s\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "HUOM: avain on mitätöity!"
+
+#: g10/sig-check.c:325
+#, fuzzy, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"Epäkelpo allekirjoitus avaimelta %08lX oletettavasti johtuen tuntemattomasta "
+"\"critical bit\":istä\n"
+
+#: g10/sig-check.c:591
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "avain %08lX: ei vastaavaa aliavainta aliavaimen mitätöintipaketille\n"
+
+#: g10/sig-check.c:618
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "avain %08lX: ei aliavainta aliavaimen liitosallekirjoitukselle\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"VAROITUS: %%-laajennus ei onnistu (liian suuri). Käytetään "
+"laajentamatonta.\n"
+
+#: g10/sign.c:115
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"VAROITUS: käytäntö-url:n %%-laajennus ei onnistu (liian suuri). \n"
+"Käytetään laajentamatonta.\n"
+
+#: g10/sign.c:138
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"VAROITUS: käytäntö-url:n %%-laajennus ei onnistu (liian suuri). \n"
+"Käytetään laajentamatonta.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "luodun allekirjoituksen tarkistus epäonnistui: %s\n"
+
+#: g10/sign.c:320
+#, fuzzy, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s-allekirjoitus lähettäjältä: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"voit tehdä erillisiä allekirjoituksia PGP 2.x -muodon avaimilla \n"
+"vain --pgp2-tilassa\n"
+
+#: g10/sign.c:837
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"valittua tiivistesalgoritmia %s (%d) ei löydy vastaanottajan valinnoista\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "allekirjoitetaan:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"PGP 2.x -muodon avaimilla voi allekirjoittaa tekstimuotoon \n"
+"vain --pgp2-tilassa\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "käytetään %s-salausta\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"avainta ei ole merkitty turvattomaksi - sitä ei voida käyttää jäljitellyn\n"
+"satunnaislukugeneraattorin kanssa!\n"
+
+#: g10/skclist.c:174
+#, fuzzy, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "ohitetaan \"%s\": kopio\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "ohitetaan \"%s\": %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "ohitetaan: salainen avain on jo paikalla\n"
+
+#: g10/skclist.c:208
+#, fuzzy
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"ohitetaan \"%s\": tämä on PGP:n luoma ElGamal-avain, jolla ei voi "
+"allekirjoittaa turvallisesti!\n"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "luottamustietue %lu, tyyppi %d: kirjoittaminen epäonnistui: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Luettelo annettuista luottamusarvoista, luotu %s\n"
+"# (Käytä \"gpg --import-ownertrust\" palauttaaksesi ne)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, fuzzy, c-format
+msgid "error in `%s': %s\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: g10/tdbdump.c:161
+#, fuzzy
+msgid "line too long"
+msgstr "rivi on liian pitkä\n"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+#, fuzzy
+msgid "invalid fingerprint"
+msgstr "virhe: sormenjälki on väärä\n"
+
+#: g10/tdbdump.c:180
+#, fuzzy
+msgid "ownertrust value missing"
+msgstr "tuo luottamusasteet"
+
+#: g10/tdbdump.c:216
+#, fuzzy, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "virhe etsittäessä luottamustietuetta: %s\n"
+
+#: g10/tdbdump.c:220
+#, fuzzy, c-format
+msgid "read error in `%s': %s\n"
+msgstr "lukuvirhe: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "trustdb: synkronointi epäonnistui: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "trustdb rec %lu: lseek epäonnistui: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "trustdb rec %lu: kirjoittaminen epäonnistuin (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "trustdb-tapahtuma on liian suuri\n"
+
+#: g10/tdbio.c:500
+#, fuzzy, c-format
+msgid "can't access `%s': %s\n"
+msgstr "tiedostoa \"%s\" ei voi sulkea: %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: hakemistoa ei ole olemassa!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, fuzzy, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "tiedostoa \"%s\" ei voi luoda: %s\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, fuzzy, c-format
+msgid "can't lock `%s'\n"
+msgstr "tiedostoa \"%s\" ei voi avata\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: versiotietueen luonti epäonnistui: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: luotu trustdb ei kelpaa\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: trustdb luotu\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "HUOM: trustdb:n ei voida kirjoittaa\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: trustdb ei kelpaa\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: hajautustaulukon luonti ei onnistu: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: virhe päivitettäessä versiotietuetta: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: virhe luettaessa versiotietuetta: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: virhe kirjoitettaessa versiotietuetta: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "trustdb: lseek epäonnistui: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "trustdb: luku epäonnistui (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: ei ole trustdb-tiedosto\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: versiotietue tietuenumerolla %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: tiedostoversio %d ei kelpaa\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: virhe luettaessa vapaata tietuetta: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: virhe kirjoitettaessa hakemistotietuetta: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: tietueen nollaaminen epäonnistui: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: tietueeseen lisääminen epäonnistui: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: trustdb luotu\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "yli %d merkkiä pitkiä tekstirivejä ei voi käsitellä\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "syöterivi on yli %d merkkiä pitkä\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "\"%s\" ei kelpaa pitkänä avaintunnuksena\n"
+
+#: g10/trustdb.c:252
+#, fuzzy, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "avain %08lX: hyväksytty luotettuna avaimena\n"
+
+#: g10/trustdb.c:290
+#, fuzzy, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "avain %08lX esiintyy trustdb:ssä useammin kuin kerran\n"
+
+#: g10/trustdb.c:305
+#, fuzzy, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr ""
+"avain %08lX: luotetulle avaimelle ei löydy julkista avainta - ohitetaan\n"
+
+#: g10/trustdb.c:315
+#, fuzzy, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "Avain on määritelty ehdottoman luotettavaksi.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "luottamustietue %lu, pyyntötyyppi %d: luku epäonnistui: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "luottamustietue %lu ei ole pyydettyä tyyppiä %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+#, fuzzy
+msgid "[ revoked]"
+msgstr "[mitätöity] "
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+#, fuzzy
+msgid "[ expired]"
+msgstr "[vanhentunut] "
+
+#: g10/trustdb.c:528
+#, fuzzy
+msgid "[ unknown]"
+msgstr "tuntematon "
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+#, fuzzy
+msgid "never"
+msgstr "ei koskaan"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "trustdb:n tarkistusta ei tarvita\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "seuraava trustdb tarkistus %s\n"
+
+#: g10/trustdb.c:607
+#, fuzzy, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "trustdb:n tarkistusta ei tarvita\n"
+
+#: g10/trustdb.c:622
+#, fuzzy, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "trustdb:n tarkistusta ei tarvita\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, fuzzy, c-format
+msgid "public key %s not found: %s\n"
+msgstr "julkista avainta %08lX ei löydy: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "tee --check-trustdb, kiitos\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "tarkistetaan trustdb:tä\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d avainta käsitelty (%d kelpoisuuslaskuria tyhjätty)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "ehdottomasti luotettavia avaimia ei löytynyt\n"
+
+#: g10/trustdb.c:2309
+#, fuzzy, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "ehdottomasti luotettu julkinen avain %08lX ei löytynyt\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, fuzzy, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "luottamustietue %lu, tyyppi %d: kirjoittaminen epäonnistui: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"allekirjoitusta ei voi varmistaa.\n"
+"Muista, että allekirjoitustiedosto (.sig tai .asc)\n"
+"tulee antaa komentorivillä ensimmäisenä.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "syöterivi %u on liian pitkä tai rivinvaihto puutuu\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "tiedostoa \"%s\" ei voi avata: %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "virhe tiedostoa luettaessa"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "rivi on liian pitkä\n"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "virheellinen argumentti"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "ristiriitainen komento\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "virheelliset tuontivalitsimet\n"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "ei käsitelty"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "virheelliset tuontivalitsimet\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "Komento ei kelpaa (kirjoita \"help\")\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "ei käsitelty"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "virheelliset tuontivalitsimet\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "olet löytänyt ohjelmistovian ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "ei voi avata tiedostoa: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "ascii-koodaaminen epäonnistui: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "hakemiston \"%s\" luominen ei onnistu: %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "julkista avainta %08lX ei löydy: %s\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "muuta salasanaa"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "muuta salasanaa"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Valitse mitätöinnin syy:\n"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Valitse mitätöinnin syy:\n"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, fuzzy, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: scd/app-openpgp.c:695
+#, fuzzy, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
+
+#: scd/app-openpgp.c:708
+#, fuzzy, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "avainrenkaan välimuistin uudelleenluominen epäonnistui: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, fuzzy, c-format
+msgid "reading public key failed: %s\n"
+msgstr "avainlohkojen poisto epäonnistui: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr ""
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "muuta salasanaa"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, fuzzy, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "avainpalvelimelle lähettäminen epäonnistui: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "muuta salasanaa"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "muuta salasanaa"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "Valitse mitätöinnin syy:\n"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+#, fuzzy
+msgid "error reading application data\n"
+msgstr "virhe luettaessa avainlohkoa: %s\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+#, fuzzy
+msgid "error reading fingerprint DO\n"
+msgstr "%s: virhe luettaessa vapaata tietuetta: %s\n"
+
+#: scd/app-openpgp.c:2194
+#, fuzzy
+msgid "key already exists\n"
+msgstr "\"%s\" on jo pakattu\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2200
+#, fuzzy
+msgid "generating new key\n"
+msgstr "luo uusi avainpari"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "luo uusi avainpari"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2773
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2872
+#, fuzzy
+msgid "generating key failed\n"
+msgstr "avainlohkojen poisto epäonnistui: %s\n"
+
+#: scd/app-openpgp.c:2875
+#, fuzzy, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "Avaimen luonti epäonnistui: %s\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+# Ensimmäinen %s on binary, textmode tai unknown, ks. alla
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "%sallekirjoitus, tiivistealgoritmi %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, fuzzy, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "kelvollista OpenPGP-dataa ei löytynyt.\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr ""
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+#, fuzzy
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NIMI|käytä NIMI oletusvastaanottajana"
+
+#: scd/scdaemon.c:130
+#, fuzzy
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NIMI|käytä NIMI oletusvastaanottajana"
+
+#: scd/scdaemon.c:133
+#, fuzzy
+msgid "do not use the internal CCID driver"
+msgstr "älä käytä lainkaan päätettä"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "ristiriitainen komento\n"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "epäkelpo radix64-merkki %02x ohitettu\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+#, fuzzy
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "GPG_AGENT_INFO-ympäristömuuttuja on väärin muotoiltu\n"
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "gpg-agent-protokollaversio %d ei ole tuettu\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "apua"
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "gpg-agent-protokollaversio %d ei ole tuettu\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "tiedostoa \"%s\" ei voi avata: %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "avainlohkojen poisto epäonnistui: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "HUOM: avain on mitätöity!"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "luodun allekirjoituksen tarkistus epäonnistui: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr ""
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "Tämä avain on vanhentunut!"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "Tämä avain on vanhentunut!"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "Tämä avain on vanhentunut!"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "Tämä avain on vanhentunut!"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " uusia allekirjoituksia: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "Mitätöintivarmenne luotu.\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "virheellinen varmenne"
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr ""
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "näytä sormenjälki"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "luo mitätöintivarmenne"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "luodun allekirjoituksen tarkistus epäonnistui: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr ""
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "tarkista allekirjoitus"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "valinta %c%lu on kopio\n"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "Mitätöintivarmenne luotu.\n"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr "virheellinen varmenne"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "ei"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "virhe: sormenjälki on väärä\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "virhe: sormenjälki on väärä\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Tarvitset salasanan avataksesi salaisen avaimen käyttäjälle:\n"
+"\"%.*s\"\n"
+"%u-bittinen %s-avain, tunnus %08lX, luotu %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "virhe kirjoitettaessa salaiseen avainrenkaaseen \"%s\": %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Sähköpostiosoite ei kelpaa\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "Avaimen luonti epäonnistui: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (vain allekirjoitus)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) RSA (vain salaus)\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Allekirjoitusnotaatio: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "Indeksillä %d ei löydy käyttäjätunnusta\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: virhe luettaessa vapaata tietuetta: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "poista avain käytöstä"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) RSA (salaus ja allekirjoitus)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (vain allekirjoitus)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (vain salaus)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+#, fuzzy
+msgid "No subject name given\n"
+msgstr "(Kuvausta ei annettu)\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "virheellinen tiivistealgoritmi \"%s\"\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "Sähköpostiosoite: "
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"Syötä käyttäjätunnus. Lopeta tyhjällä rivillä: "
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "Syötä uusi tiedostonimi"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr "Syötä vapaaehtoinen kuvaus; lopeta tyhjään riviin:\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr ""
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "avainta \"%s\" ei löydy: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "virhe luettaessa avainlohkoa: %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "Mitätöintivarmenne luotu.\n"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "valinta %c%lu on kopio\n"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "avainlohkojen poisto epäonnistui: %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "(Kuvausta ei annettu)\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "näytä salaiset avaimet"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "virheellinen varmenne"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "virheellinen varmenne"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "virheellinen varmenne"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "tuota ascii-koodattu tuloste"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "älä käytä lainkaan päätettä"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "eräajo: älä kysy mitään"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "oleta myönteinen vastaust useimpiin kysymyksiin"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "oleta kielteinen vastaust useimpiin kysymyksiin"
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "lisää tämä avainrengas avainrenkaiden luetteloon"
+
+#: sm/gpgsm.c:301
+#, fuzzy
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|NIMI|käytä oletusarvoisesti salaista avainta NIMI"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|PALVELIN|käytä tätä palvelinta avainten etsimiseen"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NIMI|käytä salausalgoritmia NIMI"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NIMI|käytä viestintiivistealgoritmia NIMI"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntaksi: gpg [valitsimet] [tiedostot]\n"
+"allekirjoita, tarkista, salaa tai avaa\n"
+"oletustoiminto riippuu syötteestä\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "käyttö: gpg [valitsimet] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "yhteys kohteeseen \"%s\" ei onnistu: %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "tuntematon oletusvastaanottaja \"%s\"\n"
+
+#: sm/gpgsm.c:801
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Kuvausta ei annettu)\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " o = ohita tämä avain\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "avainpalvelimen URI:iä ei voi jäsentää\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, fuzzy, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "kirjoitetaan kohteeseen \"%s\"\n"
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "tiedostoa \"%s\" ei voi sulkea: %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr "Kaikkiaan käsitelty: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "luo mitätöintivarmenne"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "virhe luotaessa avainrengasta \"%s\": %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "avainrengas \"%s\" luotu\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "TrustDB:n alustaminen ei onnistu: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: sm/keydb.c:1408
+#, fuzzy, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "rev? mitätöinnin tarkistuksessa ongelmia: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "virhe: sormenjälki on väärä\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "suojausalgoritmi %d%s ei ole käytettävissä\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "luodun allekirjoituksen tarkistus epäonnistui: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "Allekirjoitus vanheni %s\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "Allekirjoitus täsmää lähettäjään \""
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " aka \""
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr ""
+"\n"
+"Tämä tulee olemaan oma-allekirjoitus.\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "lopeta|sulje"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "avainlohkojen poisto epäonnistui: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "rivi on liian pitkä\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "tuntematon oletusvastaanottaja \"%s\"\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "allekirjoitus epäonnistui: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|käytä salasanoissa toimintatapaa N"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NIMI|käytä oletusarvoisesti salaista avainta NIMI"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NIMI|salaa vastaanottajalle NIMI"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "avainpalvelimen URI:iä ei voi jäsentää\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+#, fuzzy
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NIMI|käytä salasanoihin salausalgoritmia NIMI"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "tuntematon asetus \"%s\"\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "tuntematon asetus \"%s\"\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "käytä tulostustiedostona"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "käyttö: gpg [valitsimet] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "julkista avainta ei löydy"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Komennot:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "avaus onnistui\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "avaus onnistui\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [tiedostonimi]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s ja %s eivät ole sallittuja yhdessä!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "ei voi avata tiedostoa: %s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "hakemiston \"%s\" luominen ei onnistu: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, fuzzy, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "tiedostoa %s ei voi avata: %s\n"
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
+
+#: tools/symcryptrun.c:488
+#, fuzzy
+msgid "no --program option provided\n"
+msgstr "etäohjelman suorittamista ei tueta\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "ei voida luoda kohdetta %s: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "ei voida luoda kohdetta %s: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "päivitys epäonnistui: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "avainlohkojen poisto epäonnistui: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "päivitys epäonnistui: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "päivitys epäonnistui: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "päivitys epäonnistui: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "tiedostoa \"%s\" ei voi luoda: %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "tiedostoa \"%s\" ei voi luoda: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "suojausalgoritmi %d%s ei ole käytettävissä\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Käyttö: gpg [valitsimet] [tiedostot] (-h näyttää ohjeen)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Komento> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr "trustdb on turmeltunut; suorita \"gpg --fix-trustdb\"\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr ""
+#~ "Ilmoita ohjelmistovioista (englanniksi) osoitteeseen <gnupg-bugs@gnu."
+#~ "org>.\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr ""
+#~ "Ilmoita ohjelmistovioista (englanniksi) osoitteeseen <gnupg-bugs@gnu."
+#~ "org>.\n"
+
+#, fuzzy
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "DSA-avainparissa on 1024 bittiä.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Toista salasana\n"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "luetaan asetukset tiedostosta \"%s\"\n"
+
+#~ msgid "|[file]|make a signature"
+#~ msgstr "|[tiedosto]|tee allekirjoitus"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[tiedosto]|tee allekirjoitus"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[tiedosto]|tee selkokielinen allekirjoitus"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|NIMI|käytä NIMI oletusvastaanottajana"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "käytä oletusavainta oletusvastaanottajana"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "käytä aina v3-allekirjoituksia"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "käytä aina MDC:tä salaamiseen"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "lisää tämä salainen avainrengas luetteloon"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|NIMI|aseta päätteen merkistöksi NIMI"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|käytä pakkausalgoritmia N"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "poista avaimet julkisten avainten renkaasta"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Tämän arvon määrittäminen on sinun tehtäväsi, tätä arvoa ei koskaan \n"
+#~ "kerrota kolmansille osapuolille. Tarvitsemme sitä toteuttamaan \n"
+#~ "luottamusverkko eikä sillä ei ole mitään tekemistä (epäsuorasti "
+#~ "luotujen) \n"
+#~ "varmenneverkkojen kanssa."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Rakentaakseen luottamusverkon, GnuPG:n täytyy tietää mihin avaimiin \n"
+#~ "luotetaan ehdottomasti - nämä ovat tavallisesti ne avaimet, joiden "
+#~ "salainen \n"
+#~ "pari on sinulla. Vastaa \"kyllä\" luottaaksesi tähän avaimeen ehdoitta\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Vastaa \"kyllä\" jos haluat kaikesta huolimatta käyttää tätä "
+#~ "epäluotettavaa\n"
+#~ "avainta."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr ""
+#~ "Syötä vastaanottajan, jolle haluat lähettää viestin, käyttäjätunnus."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "Yleensä ei ole järkevää käyttää samaa avainta allekirjoitukseen\n"
+#~ "ja salaamiseen. Tätä algorimiä tulisi käyttää vain määrätyissä "
+#~ "ympäristöissä.\n"
+#~ "Ole hyvä ja kysy tietoturva-asiantuntijaltasi ensin"
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Syötä avaimen koko"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Vastaa \"kyllä\" tai \" ei\""
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Syötä pyydetty arvo kuten näkyy kehotteessa.\n"
+#~ "On mahdollista syöttää ISO-muotoinen päivä (VVVV-KK-PP),\n"
+#~ "mutta sen seurauksena et saa kunnollista virheilmoitusta \n"
+#~ "vaan järjestelmä yrittää tulkita arvon aikajaksona."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Anna avaimen haltijan nimi"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr "anna vapaaehtoinen, mutta erittäin suositeltava sähköpostiosoite"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Kirjoita vapaaehtoinen huomautus"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N muuta nimeä\n"
+#~ "C muuta kommenttia\n"
+#~ "E muuta sähköpostiosoitetta\n"
+#~ "O jatka avaimen luomista\n"
+#~ "L lopeta"
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr "Vastaa \"kyllä\" (tai vain \"k\") jos haluat luoda aliavaimen."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Allekirjoittaessasi avaimen käyttäjätunnuksen sinun tulisi varmista, "
+#~ "että \n"
+#~ "avain todella kuuluu henkilölle, joka mainitaan käyttäjätunnuksessa. "
+#~ "Muiden \n"
+#~ "on hyvä tietää kuinka huolellisesti olet varmistanut tämän. \n"
+#~ "\n"
+#~ "\"0\" tarkoittaa, että et väitä mitään siitä, kuinka huolellisesti olet\n"
+#~ " varmistanut avaimen.\n"
+#~ "\n"
+#~ "\"1\" tarkoittaa, että uskot avaimen kuuluvan henkilölle, joka väittää \n"
+#~ " hallitsevan sitä, mutta et voinut varmistaa tai et varmistanut "
+#~ "avainta \n"
+#~ " lainkaan. Tämä on hyödyllinen \"persoonan\" varmistamiseen, jossa \n"
+#~ " allekirjoitat pseudonyymin käyttäjän avaimen.\n"
+#~ "\n"
+#~ "\"2\" tarkoittaa arkista varmistusta. Esimerkiksi olet varmistanut \n"
+#~ " avaimen sormenjäljen ja tarkistanut käyttäjätunnuksen ja \n"
+#~ " valokuvatunnisteen täsmäävän.\n"
+#~ "\n"
+#~ "\"3\" tarkoittaa syvällistä henkilöllisyyden varmistamista. "
+#~ "Esimerkiksi \n"
+#~ " tämä voi tarkoittaa avaimen sormenjäljen tarkistamista avaimen "
+#~ "haltijan \n"
+#~ " kanssa henkilökohtaisesti, ja että tarkistit nimen avaimessa "
+#~ "täsmäävän \n"
+#~ " vaikeasti väärennettävän kuvallisen henkilöllisyystodistuksen "
+#~ "(kuten \n"
+#~ " passi) kanssa, ja lopuksi varmistit (sähköpostin vaihtamisella), "
+#~ "että \n"
+#~ " sähköpostiosoite kuuluu avaimen haltijalle.\n"
+#~ "\n"
+#~ "Huomaa, että yllä annetut esimerkit tasoille 2 ja 3 ovat todellakin "
+#~ "*vain* \n"
+#~ "esimerkkejä. Lopullisesti se on sinun päätöksesi mitä \"arkinen\" ja \n"
+#~ "\"syvällinen\" tarkoittaa allekirjoittaessasi muita avaimia.\n"
+#~ "\n"
+#~ "Jos et tiedä mikä olisi sopiva vastaus, vastaa \"0\"."
+
+#, fuzzy
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "Vastaa \"kyllä\" jos haluat allekirjoittaa KAIKKI käyttäjätunnukset"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Vastaa \"kyllä\", jos haluat poistaa tämän käyttäjätunnuksen.\n"
+#~ "Menetät samalla kaikki siihen liittyvät varmenteet!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Vastaa \"kyllä\", jos aliavaimen voi poistaa"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Tämä on voimassa oleva allekirjoitus tälle avaimelle, tavallisesti ei \n"
+#~ "kannata poistaa tätä allekirjoitusta koska se saattaa olla tarpeen\n"
+#~ "luottamussuhteen luomiseksi avaimeen tai johonkin toiseen tämän avaimen\n"
+#~ "varmentamaan avaimeen."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Allekirjoitusta ei voida tarkistaa koska sinulla ei ole \n"
+#~ "siihen liittyvää avainta. Lykkää sen poistamista kunnes\n"
+#~ " tiedät mitä avainta on käytetty, koska allekirjoitus \n"
+#~ "avain saattaa luoda luottamusketjun toisen, jo ennalta \n"
+#~ "varmennetun avaimen kautta."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr ""
+#~ "Allekirjoitus ei ole pätevä. Järkevintä olisi poistaa se \n"
+#~ "avainrenkaastasi."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Tämä allekirjoitus takaa avaimen haltijan henkilöllisyyden. \n"
+#~ "Tällaisen allekirjoituksen poistaminen on tavallisesti huono \n"
+#~ "ajatus. GnuPG ei kenties voi käyttää avainta enää. Poista \n"
+#~ "allekirjoitus vain, jos se ei ole jostain syystä pätevä, ja \n"
+#~ "avaimella on jo toinen allekirjoitus."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Muuta valinnat kaikille käyttäjätunnuksille (tai vain valituille)\n"
+#~ "nykyiseen luetteloon valinnoista. Kaikkien muutettujen\n"
+#~ "oma-allekirjoitusten aikaleima siirretään yhdellä sekunnilla eteenpäin.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr "Toista edellinen salasanasi varmistuaksesi siitä, mitä kirjoitit."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Anna allekirjoitetun tiedoston nimi"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Vastaa \"kyllä\", jos tiedoston voi ylikirjoittaa"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Syötä uusi tiedostonimi. Jos painat vain RETURN, käytetään\n"
+#~ "oletustiedostoa (joka näkyy sulkeissa)."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Sinun tulisi määrittää syy varmenteelle. Riippuen asiayhteydestä\n"
+#~ "voit valita tästä listasta:\n"
+#~ " \"Avain on paljastunut\"\n"
+#~ " Käytä tätä, jos sinulla on syytä uskoa, että luvattomat henkilöt \n"
+#~ " ovat saaneet salaisen avaimesi käsiinsä.\n"
+#~ " \"Avain on korvattu\"\n"
+#~ " Käytä tätä, jos olet korvannut tämän uudemmalla avaimella.\n"
+#~ " \"Avain ei ole enää käytössä\"\n"
+#~ " Käytä tätä, jost ole lopettanut tämän avaimen käytön.\n"
+#~ " \"Käyttäjätunnus ei ole enää voimassa\"\n"
+#~ " Käytä tätä ilmoittamaan, että käyttäjätunnusta ei pitäisi käyttää;\n"
+#~ " tätä normaalisti käytetään merkitsemään sähköpostiosoite "
+#~ "vanhenneeksi.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Halutessasi voit kirjoittaa tähän kuvauksen miksi julkaiset tämän\n"
+#~ "mitätöintivarmenteen. Kirjoita lyhyesti.\n"
+#~ "Tyhjä rivi päättää tekstin.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "notaatiodataa ei voi laittaa v3-allekirjoituksiin (PGP 2.x -tyyliset)\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr ""
+#~ "notaatiodataa ei voi laittaa v3-avainallekirjoituksiin (PGP 2.x -"
+#~ "tyyliset)\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "käytäntö-URL:ia ei voi laittaa v3-allekirjoituksiin (PGP 2.x -tyyliset)\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "käytäntö-URL:ia ei voi laittaa v3-avainallekirjoituksiin (PGP 2.x -"
+#~ "tyyliset)\n"
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "apua"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr "lisätietoja osoitteesta http://www.gnupg.org/faq.html\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "gpg-agent ei ole käytettävissä tässä istunnossa\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Valitse millaisen avaimen haluat:\n"
+
+#, fuzzy
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr ""
+#~ "Oikeudet eivät ole turvallisia, salainlaajennuksia \"%s\" ei ladattu\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA vaatii 160-bittisen tiivistealgoritmin käyttöä\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "agentin käytössä on ongelmia - agenttia ei käytetä\n"
+
+#, fuzzy
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "salasanan kysyminen ei onnistu eräajossa\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Syötä salasana: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Toista salasana: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [käyttäjätunnus] [avainrengas]"
+
+#, fuzzy
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "alkulukua, jossa on alle %d bittiä, ei voi luoda\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "alkulukua, jossa on alle %d bittiä, ei voi luoda\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "entropian keräysmoduulia ei havaittu\n"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "tiedostoa \"%s\" ei voi avata\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "tiedoston \"%s\" tilaa ei voi lukea: %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "\"%s\" on erikoistiedosto - ohitettiin\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "huom: random_seed-tiedosto on tyhjä\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr ""
+#~ "VAROITUS: random_seed-tiedosto on väärän kokoinen - tiedostoa ei käytetä\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "tiedostoa \"%s\" ei voi lukea: %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "huom: random_seed-tiedostoa ei päivitetty\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "tiedostoon \"%s\" ei voi kirjoittaa: %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "tiedostoa \"%s\" ei voi sulkea: %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "VAROITUS: käytetty satunnaislukugeneraattori ei ole turvallinen.\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Satunnaislukugeneraattori on pelkkä kulissi, joka mahdollistaa\n"
+#~ "ohjelman ajamisen - se ei ole vahvasti satunnainen!\n"
+#~ "\n"
+#~ "ÄLÄ KÄYTÄ OHJELMAN TUOTTAMAA DATAA!!\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Ole hyvä ja odota, entropiaa kerätään. Tee jotain työtä, jos se vaikka \n"
+#~ "estäisi sinua pitkästymästä. Se nimittäin samalla parantaa entropian "
+#~ "laatua.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Satunnaislukuja ei ole vielä tarpeeksi. Ole hyvä ja jatka työskentelyä \n"
+#~ "antaaksesi käyttöjärjestelmälle mahdollisuuden kerätä lisää entropiaa! \n"
+#~ "(Vielä tarvitaan %d tavua)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "salaista avainta ei löydy"
+
+#, fuzzy
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "gpg-agent ei ole käytettävissä tässä istunnossa\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "Olet allekirjoittanut seuraavat käyttäjätunnukset:\n"
+
+#~ msgid "general error"
+#~ msgstr "yleinen virhe"
+
+#~ msgid "unknown packet type"
+#~ msgstr "tuntematon pakettityyppi"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "tuntematon julkisen avaimen algoritmi"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "tuntematon tiivistealgoritmi"
+
+#~ msgid "bad public key"
+#~ msgstr "julkinen avain ei kelpaa"
+
+#~ msgid "bad secret key"
+#~ msgstr "salainen avain ei kelpaa"
+
+#~ msgid "bad signature"
+#~ msgstr "allekirjoitus ei täsmää"
+
+#~ msgid "checksum error"
+#~ msgstr "tarkistussumma ei täsmää"
+
+#~ msgid "unknown cipher algorithm"
+#~ msgstr "tuntematon salausalgoritmi"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "avainrenkaan avaaminen ei onnistu"
+
+#~ msgid "invalid packet"
+#~ msgstr "virheellinen paketti"
+
+#~ msgid "invalid armor"
+#~ msgstr "virheellinen ascii-koodaus"
+
+#~ msgid "no such user id"
+#~ msgstr "käyttäjätunnusta ei löydy"
+
+#~ msgid "secret key not available"
+#~ msgstr "salaista avainta ei löydy"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "käytetty salainen avain on väärä"
+
+#~ msgid "not supported"
+#~ msgstr "ei tuettu"
+
+#~ msgid "bad key"
+#~ msgstr "avain ei kelpaa"
+
+#~ msgid "file write error"
+#~ msgstr "virhe tiedostoon kirjoitettaessa"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "tuntematon pakkausalgoritmi"
+
+#~ msgid "file open error"
+#~ msgstr "virhe tiedostoa avattaessa"
+
+#~ msgid "file create error"
+#~ msgstr "virhe tiedostoa luotaessa"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "väärä salasana"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "julkisen avaimen algoritmi ei ole käytössä"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "salausalgoritmi ei ole käytössä"
+
+#~ msgid "unknown signature class"
+#~ msgstr "tuntematon allekirjoitusluokka"
+
+#~ msgid "trust database error"
+#~ msgstr "luottamustietokantavirhe"
+
+#~ msgid "resource limit"
+#~ msgstr "resurssiraja"
+
+#~ msgid "invalid keyring"
+#~ msgstr "virheellinen avainrengas"
+
+#~ msgid "malformed user id"
+#~ msgstr "väärin muotoiltu käyttäjätunnus"
+
+#~ msgid "file close error"
+#~ msgstr "virhe tiedostoa suljettaessa"
+
+#~ msgid "file rename error"
+#~ msgstr "virhe nimettäessä tiedostoa uudelleen"
+
+#~ msgid "file delete error"
+#~ msgstr "virhe tiedostoa poistettaessa"
+
+#~ msgid "unexpected data"
+#~ msgstr "odottamatonta dataa"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "aikaleima ei täsmää"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "käyttökelvoton julkisen avaimen algoritmi"
+
+#~ msgid "file exists"
+#~ msgstr "tiedosto on olemassa"
+
+#~ msgid "weak key"
+#~ msgstr "heikko avain"
+
+#~ msgid "bad URI"
+#~ msgstr "URI ei kelpaa"
+
+#~ msgid "unsupported URI"
+#~ msgstr "URI-muotoa ei tueta"
+
+#~ msgid "network error"
+#~ msgstr "verkkovirhe"
+
+#~ msgid "not processed"
+#~ msgstr "ei käsitelty"
+
+#~ msgid "unusable public key"
+#~ msgstr "julkista avainta ei voi käyttää"
+
+#~ msgid "unusable secret key"
+#~ msgstr "salaista avainta ei voi käyttää"
+
+#~ msgid "keyserver error"
+#~ msgstr "avainpalvelinvirhe"
+
+#, fuzzy
+#~ msgid "no card"
+#~ msgstr "salaamaton"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "ei allekirjoitettua dataa\n"
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "...tämä on ohjelmistovika (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "VAROITUS: käytetään suojaamatonta muistia!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "toiminto on mahdollinen vain, jos suojattu muisti alustetaan\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(olet ehkä käyttänyt tehtävään väärää ohjelmaa)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr ""
+#~ "lue lisätietoja osoitteesta http://www.gnupg.org/why-not-idea.html\n"
+
+#, fuzzy
+#~ msgid "all export-clean-* options from above"
+#~ msgstr "lue asetukset tiedostosta"
+
+#, fuzzy
+#~ msgid "all import-clean-* options from above"
+#~ msgstr "lue asetukset tiedostosta"
+
+#, fuzzy
+#~ msgid "expired: %s)"
+#~ msgstr " [vanhenee: %s]"
+
+#, fuzzy
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr "avain %08lX: odottamaton allekirjoitusluokka (0x%02X) - ohitetaan\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "komentoa %s \"%s\" ei voi suorittaa: %s\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "käyttäjätunnus \"%s\" on jo mitätöity\n"
+
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr "väärä salasana tai tuntematon salausalgoritmi (%d)\n"
+
+#~ msgid "can't set client pid for the agent\n"
+#~ msgstr "agentille ei voida asettaa pid:tä\n"
+
+#~ msgid "can't get server read FD for the agent\n"
+#~ msgstr "palvelin ei lue agentin FD:tä\n"
+
+#~ msgid "can't get server write FD for the agent\n"
+#~ msgstr "palvelin ei kirjoita agentille FD:tä\n"
+
+#~ msgid "invalid response from agent\n"
+#~ msgstr "agentin lähettämä vastaus ei kelpaa\n"
+
+#~ msgid "select secondary key N"
+#~ msgstr "valitse toissijainen avain N"
+
+#~ msgid "list signatures"
+#~ msgstr "näytä allekirjoitukset"
+
+#~ msgid "sign the key"
+#~ msgstr "allekirjoita avain"
+
+#~ msgid "add a secondary key"
+#~ msgstr "lisää toissijainen avain"
+
+#~ msgid "delete signatures"
+#~ msgstr "poista allekirjoitus"
+
+#~ msgid "change the expire date"
+#~ msgstr "muuta voimassoloaikaa"
+
+#~ msgid "set preference list"
+#~ msgstr "näytä valinnat"
+
+#~ msgid "updated preferences"
+#~ msgstr "päivitä valinnat"
+
+#~ msgid "No secondary key with index %d\n"
+#~ msgstr "Indeksillä %d ei löydy toissijaista avainta\n"
+
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--nrlsign-key käyttäjätunnus"
+
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--nrlsign-key käyttäjätunnus"
+
+#~ msgid "sign the key non-revocably"
+#~ msgstr "allekirjoita avain mitätöimättömästi"
+
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "allekirjoita avain paikallisesti ja mitätöimättömästi"
+
+#~ msgid "q"
+#~ msgstr "q"
+
+#~ msgid "list"
+#~ msgstr "list"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "debug"
+#~ msgstr "debug"
+
+#, fuzzy
+#~ msgid "name"
+#~ msgstr "enable"
+
+#, fuzzy
+#~ msgid "login"
+#~ msgstr "lsign"
+
+#, fuzzy
+#~ msgid "cafpr"
+#~ msgstr "fpr"
+
+#, fuzzy
+#~ msgid "forcesig"
+#~ msgstr "revsig"
+
+#, fuzzy
+#~ msgid "generate"
+#~ msgstr "yleinen virhe"
+
+#~ msgid "passwd"
+#~ msgstr "passwd"
+
+#~ msgid "save"
+#~ msgstr "tallenna"
+
+#~ msgid "fpr"
+#~ msgstr "fpr"
+
+#~ msgid "uid"
+#~ msgstr "uid"
+
+#~ msgid "key"
+#~ msgstr "key"
+
+#~ msgid "check"
+#~ msgstr "check"
+
+#~ msgid "c"
+#~ msgstr "c"
+
+#~ msgid "sign"
+#~ msgstr "sign"
+
+#~ msgid "s"
+#~ msgstr "s"
+
+#, fuzzy
+#~ msgid "tsign"
+#~ msgstr "sign"
+
+#~ msgid "lsign"
+#~ msgstr "lsign"
+
+#~ msgid "nrsign"
+#~ msgstr "nrsign"
+
+#~ msgid "nrlsign"
+#~ msgstr "nrlsign"
+
+#~ msgid "adduid"
+#~ msgstr "adduid"
+
+#~ msgid "addphoto"
+#~ msgstr "addphoto"
+
+#~ msgid "deluid"
+#~ msgstr "deluid"
+
+#~ msgid "delphoto"
+#~ msgstr "delphoto"
+
+#, fuzzy
+#~ msgid "addcardkey"
+#~ msgstr "addkey"
+
+#~ msgid "delkey"
+#~ msgstr "delkey"
+
+#~ msgid "addrevoker"
+#~ msgstr "addrevoker"
+
+#~ msgid "delsig"
+#~ msgstr "delsig"
+
+#~ msgid "expire"
+#~ msgstr "expire"
+
+#~ msgid "primary"
+#~ msgstr "primary"
+
+#~ msgid "toggle"
+#~ msgstr "toggle"
+
+#~ msgid "t"
+#~ msgstr "t"
+
+#~ msgid "pref"
+#~ msgstr "pref"
+
+#~ msgid "showpref"
+#~ msgstr "showpref"
+
+#~ msgid "setpref"
+#~ msgstr "setpref"
+
+#~ msgid "updpref"
+#~ msgstr "updpref"
+
+#, fuzzy
+#~ msgid "keyserver"
+#~ msgstr "avainpalvelinvirhe"
+
+#~ msgid "trust"
+#~ msgstr "trust"
+
+#~ msgid "revsig"
+#~ msgstr "revsig"
+
+#~ msgid "revuid"
+#~ msgstr "revuid"
+
+#~ msgid "revkey"
+#~ msgstr "revkey"
+
+#~ msgid "disable"
+#~ msgstr "disable"
+
+#~ msgid "enable"
+#~ msgstr "enable"
+
+#~ msgid "showphoto"
+#~ msgstr "showphoto"
+
+#~ msgid "digest algorithm `%s' is read-only in this release\n"
+#~ msgstr ""
+#~ "tiivistealgoritmia \"%s\" voidaan ainoastaan lukea tässä julkaisussa\n"
+
+#~ msgid ""
+#~ "About to generate a new %s keypair.\n"
+#~ " minimum keysize is 768 bits\n"
+#~ " default keysize is 1024 bits\n"
+#~ " highest suggested keysize is 2048 bits\n"
+#~ msgstr ""
+#~ "Luomassa uutta %s-avainparia.\n"
+#~ " pienin sallittu avainkoko on 768 bittiä\n"
+#~ " oletusavainkoko on 1024 bittiä\n"
+#~ " suurin suositeltava avainkoko on 2048 bittiä\n"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "DSA sallii avaimen koot vain väliltä 512-1024\n"
+
+#~ msgid "keysize too small; 1024 is smallest value allowed for RSA.\n"
+#~ msgstr "avainkoko on liian pieni; RSA vaatii vähintään 1024.\n"
+
+#~ msgid "keysize too small; 768 is smallest value allowed.\n"
+#~ msgstr "avainkoko on liian pieni; pienin sallittu arvo on 768.\n"
+
+#~ msgid "keysize too large; %d is largest value allowed.\n"
+#~ msgstr "avainkoko on liian suuri; suurin sallittu arvo on %d.\n"
+
+#~ msgid ""
+#~ "Keysizes larger than 2048 are not suggested because\n"
+#~ "computations take REALLY long!\n"
+#~ msgstr ""
+#~ "2048 bittiä suurempia avaimia ei suositella, koska\n"
+#~ "laskenta kestää TODELLA pitkään!\n"
+
+#, fuzzy
+#~ msgid "Are you sure that you want this keysize? (y/N) "
+#~ msgstr "Haluatko varmasti tämän kokoisen avaimen? "
+
+#~ msgid ""
+#~ "Okay, but keep in mind that your monitor and keyboard radiation is also "
+#~ "very vulnerable to attacks!\n"
+#~ msgstr ""
+#~ "Hyvä on, mutta muista että näyttösi ja näppäimistösi säteily on myös "
+#~ "alttiina salakuuntelulle!\n"
+
+#~ msgid "Experimental algorithms should not be used!\n"
+#~ msgstr "Kokeellisia algoritmeja ei pitäisi käyttää!\n"
+
+#~ msgid ""
+#~ "this cipher algorithm is deprecated; please use a more standard one!\n"
+#~ msgstr ""
+#~ "tämän salausalgoritmin käyttöä paheksutaan; ole hyvä ja käytä "
+#~ "standardimpaa!\n"
+
+#~ msgid "sorry, can't do this in batch mode\n"
+#~ msgstr "valitan, tätä ei voi tehdä eräajossa\n"
+
+#, fuzzy
+#~ msgid "can't open file `%s': %s\n"
+#~ msgstr "ei voi avata tiedostoa: %s\n"
+
+#, fuzzy
+#~ msgid " \""
+#~ msgstr " aka \""
+
+#~ msgid "key %08lX: key has been revoked!\n"
+#~ msgstr "Avain %08lX: avain on mitätöity!\n"
+
+#~ msgid "key %08lX: subkey has been revoked!\n"
+#~ msgstr "avain %08lX: aliavain on mitätöity!\n"
+
+#~ msgid "%08lX: key has expired\n"
+#~ msgstr "%08lX: avain on vanhentunut\n"
+
+#~ msgid "%08lX: We do NOT trust this key\n"
+#~ msgstr "%08lX: Avaimeen EI luoteta\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (auth only)\n"
+#~ msgstr " (%d) RSA (vain allekirjoitus)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign and auth)\n"
+#~ msgstr " (%d) RSA (salaus ja allekirjoitus)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (encrypt and auth)\n"
+#~ msgstr " (%d) RSA (vain salaus)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign, encrypt and auth)\n"
+#~ msgstr " (%d) RSA (salaus ja allekirjoitus)\n"
+
+#~ msgid "%s: can't open: %s\n"
+#~ msgstr "%s: ei voida avata kohdetta: %s\n"
+
+#~ msgid "%s: WARNING: empty file\n"
+#~ msgstr "%s: VAROITUS: tiedosto on tyhjä\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust marginally\n"
+#~ msgstr " %d = Luotan osittain\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust fully\n"
+#~ msgstr " %d = Luotan täysin\n"
+
+#, fuzzy
+#~ msgid "expires"
+#~ msgstr "expire"
+
+#, fuzzy
+#~ msgid ""
+#~ "\"\n"
+#~ "locally signed with your key %s at %s\n"
+#~ msgstr ""
+#~ "\"\n"
+#~ "allekirjoitettu paikallisesti avaimellasi %08lX %s\n"
+
+#~ msgid "%s: can't access: %s\n"
+#~ msgstr "%s: kohteeseen ei päästä: %s\n"
+
+#~ msgid "%s: can't create lock\n"
+#~ msgstr "%s: ei voi luoda lukitusta\n"
+
+#~ msgid "%s: can't make lock\n"
+#~ msgstr "%s: ei voi tehdä lukkoa\n"
+
+#~ msgid "%s: can't create: %s\n"
+#~ msgstr "%s: ei voi luoda: %s\n"
+
+#~ msgid "If you want to use this revoked key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Vastaa \"kyllä\" jos haluat kaikesta huolimatta käyttää tätä mitätöityä "
+#~ "avainta."
+
+#~ msgid "Unable to open photo \"%s\": %s\n"
+#~ msgstr "Valokuvaa \"%s\" ei voi avata: %s\n"
+
+#~ msgid "error: missing colon\n"
+#~ msgstr "virhe: kaksoispiste puuttuu\n"
+
+#~ msgid "error: no ownertrust value\n"
+#~ msgstr "virhe: ei luottamusarvoa\n"
+
+#~ msgid " (main key ID %08lX)"
+#~ msgstr " (pääavaimen tunnus %08lX)"
+
+#~ msgid "rev! subkey has been revoked: %s\n"
+#~ msgstr "rev! aliavain on mitätöity: %s\n"
+
+#~ msgid "rev- faked revocation found\n"
+#~ msgstr "rev- väärennetty mitätöinti löydetty\n"
+
+#, fuzzy
+#~ msgid " [expired: %s]"
+#~ msgstr " [vanhenee: %s]"
+
+#~ msgid " [expires: %s]"
+#~ msgstr " [vanhenee: %s]"
+
+#, fuzzy
+#~ msgid " [revoked: %s]"
+#~ msgstr "[mitätöity] "
+
+#~ msgid ""
+#~ "WARNING: digest `%s' is not part of OpenPGP. Use at your own risk!\n"
+#~ msgstr ""
+#~ "VAROITUS: tiiviste \"%s\" ei ole osa OpenPGP:tä. Käytä omalla "
+#~ "vastuullasi!\n"
+
+#~ msgid "|[files]|encrypt files"
+#~ msgstr "|[tiedostot]|salaa tiedostot"
+
+#~ msgid "store only"
+#~ msgstr "vain tallennus"
+
+#~ msgid "|[files]|decrypt files"
+#~ msgstr "|[tiedostot]|avaa tiedostot"
+
+#~ msgid "sign a key non-revocably"
+#~ msgstr "allekirjoita avain mitätöimättömästi"
+
+#~ msgid "sign a key locally and non-revocably"
+#~ msgstr "allekirjoita avain paikallisesti ja mitätöimättömästi"
+
+#~ msgid "list only the sequence of packets"
+#~ msgstr "luettele vain sarja paketteja"
+
+#~ msgid "export the ownertrust values"
+#~ msgstr "vie luottamusasteet"
+
+#~ msgid "unattended trust database update"
+#~ msgstr "automaattinen luottamustietokannan päivitys"
+
+#~ msgid "fix a corrupted trust database"
+#~ msgstr "korjaa turmeltunut luottamustietokanta"
+
+#~ msgid "De-Armor a file or stdin"
+#~ msgstr "Pura ascii-koodaus tiedostosta tai vakiosyötteestä"
+
+#~ msgid "En-Armor a file or stdin"
+#~ msgstr "Ascii-koodaa tekstitiedosto tai vakiosyöte"
+
+#~ msgid "do not force v3 signatures"
+#~ msgstr "älä käytä aina v3-allekirjoituksia"
+
+#~ msgid "force v4 key signatures"
+#~ msgstr "käytä aina v4-allekirjoituksia"
+
+#~ msgid "do not force v4 key signatures"
+#~ msgstr "älä käytä aina v3-allekirjoituksia"
+
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "älä koskaan käytä MDC:tä salaamiseen"
+
+#~ msgid "use the gpg-agent"
+#~ msgstr "käytä gpg-agentia"
+
+#~ msgid "|[file]|write status info to file"
+#~ msgstr "|[tiedosto]|kirjoita tilatiedot tiedostoon"
+
+#~ msgid "|KEYID|ultimately trust this key"
+#~ msgstr "|AVAIN_ID|luota ehdottomasti tähän avaimeen"
+
+#~ msgid "emulate the mode described in RFC1991"
+#~ msgstr "jäljittele RFC1991:ssä kuvattua toimintamuotoa"
+
+#~ msgid "set all packet, cipher and digest options to OpenPGP behavior"
+#~ msgstr ""
+#~ "aseta kaikki paketti-, salain- ja tiivistevaihtoehdot OpenPGP-muotoon"
+
+#~ msgid "set all packet, cipher and digest options to PGP 2.x behavior"
+#~ msgstr ""
+#~ "aseta kaikki paketti-, salain- ja tiivistevaihtoehdot PGP 2.x -muotoon"
+
+#~ msgid "|NAME|use message digest algorithm NAME for passphrases"
+#~ msgstr "|NIMI|käytä salasanoihin viestintiivistealgoritmia NIMI"
+
+#~ msgid "throw keyid field of encrypted packets"
+#~ msgstr "jätä avaintunnistekenttä pois salatuista paketeista"
+
+#~ msgid "Show Photo IDs"
+#~ msgstr "Näytä valokuvatunnisteet"
+
+#~ msgid "Don't show Photo IDs"
+#~ msgstr "Älä näytä valokuvatunnisteita"
+
+#~ msgid "Set command line to view Photo IDs"
+#~ msgstr "Aseta valokuvatunnisteiden katsomiskomento"
+
+#~ msgid "compress algorithm `%s' is read-only in this release\n"
+#~ msgstr ""
+#~ "tiivistealgoritmia \"%s\" voidaan ainoastaan lukea tässä julkaisussa\n"
+
+#~ msgid "compress algorithm must be in range %d..%d\n"
+#~ msgstr "pakkausalgoritmin täytyy olla väliltä %d..%d\n"
+
+#~ msgid ""
+#~ "%08lX: It is not sure that this key really belongs to the owner\n"
+#~ "but it is accepted anyway\n"
+#~ msgstr ""
+#~ "%08lX: Ei ole varmaa, että tämä avain todella kuuluu haltijalleen, "
+#~ "mutta \n"
+#~ "avain hyväksytään siitä huolimatta\n"
+
+#~ msgid "preference %c%lu is not valid\n"
+#~ msgstr "valinta %c%lu ei ole pätevä\n"
+
+#~ msgid "key %08lX: not a rfc2440 key - skipped\n"
+#~ msgstr "avain %08lX: ei ole rfc2440-avain - ohitetaan\n"
+
+#~ msgid ""
+#~ "NOTE: Elgamal primary key detected - this may take some time to import\n"
+#~ msgstr ""
+#~ "HUOM: Elgamal-ensisijainen avain havaittu - tämän tuominen voi kestää "
+#~ "hetken\n"
+
+#~ msgid " (default)"
+#~ msgstr " (oletusarvo)"
+
+#~ msgid "%s%c %4u%c/%08lX created: %s expires: %s"
+#~ msgstr "%s%c %4u%c/%08lX luotu: %s vanhenee: %s"
+
+#~ msgid "Policy: "
+#~ msgstr "Käytäntö: "
+
+#~ msgid "can't get key from keyserver: %s\n"
+#~ msgstr "avainpalvelimelta ei saa avainta: %s\n"
+
+#~ msgid "success sending to `%s' (status=%u)\n"
+#~ msgstr "kohteeseen \"%s\" lähettäminen onnistui (tila=%u)\n"
+
+#~ msgid "failed sending to `%s': status=%u\n"
+#~ msgstr "virhe lähettäessä kohteeseen \"%s\": tila=%u\n"
+
+#~ msgid "this keyserver does not support --search-keys\n"
+#~ msgstr "tämä avainpalvelin ei tue valitsinta --search-keys\n"
+
+#~ msgid "can't search keyserver: %s\n"
+#~ msgstr " avainpalvelimelta ei pysty etsimään: %s\n"
+
+#~ msgid ""
+#~ "key %08lX: this is a PGP generated ElGamal key which is NOT secure for "
+#~ "signatures!\n"
+#~ msgstr ""
+#~ "avain %08lX: tämä on PGP:n luoma ElGamal-avain, jota EI ole turvallista \n"
+#~ "käyttää allekirjoituksiin!\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu second in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "avain %08lX on luotu %lu sekuntia tulevaisuudessa (on tapahtunu aikahyppy "
+#~ "tai\n"
+#~ "kellon kanssa on ongelmia\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu seconds in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "avain %08lX on luotu %lu sekuntia tulevaisuudessa (on tapahtunut "
+#~ "aikahyppy tai\n"
+#~ "kellon kanssa on ongelmia)\n"
+
+#~ msgid "key %08lX marked as ultimately trusted\n"
+#~ msgstr "avain %08lX on määritelty ehdottoman luotettavaksi:\n"
+
+#~ msgid "signature from Elgamal signing key %08lX to %08lX skipped\n"
+#~ msgstr ""
+#~ "allekirjoitus Elgamal-allekirjoitusavaimella %08lX avaimelle %08lX "
+#~ "ohitettu\n"
+
+#~ msgid "signature from %08lX to Elgamal signing key %08lX skipped\n"
+#~ msgstr ""
+#~ "allekirjoitus avaimelta %08lX Elgamal-allekirjoitusavaimelle %08lX "
+#~ "ohitettu\n"
+
+#~ msgid "checking at depth %d signed=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+#~ msgstr ""
+#~ "tarkistetaan syvyyteen %d allekirjoitettu=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%"
+#~ "d/%d\n"
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the digital signature algorithm which can only be used\n"
+#~ "for signatures. This is the suggested algorithm because verification of\n"
+#~ "DSA signatures are much faster than those of ElGamal.\n"
+#~ "\n"
+#~ "ElGamal is an algorithm which can be used for signatures and encryption.\n"
+#~ "OpenPGP distinguishs between two flavors of this algorithms: an encrypt "
+#~ "only\n"
+#~ "and a sign+encrypt; actually it is the same, but some parameters must be\n"
+#~ "selected in a special way to create a safe key for signatures: this "
+#~ "program\n"
+#~ "does this but other OpenPGP implementations are not required to "
+#~ "understand\n"
+#~ "the signature+encryption flavor.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of "
+#~ "signing;\n"
+#~ "this is the reason why the encryption only ElGamal key is not available "
+#~ "in\n"
+#~ "this menu."
+#~ msgstr ""
+#~ "Valitse käytettävä algoritmi.\n"
+#~ "\n"
+#~ "DSA (eli DSS) on digitaalinen allekirjoitusalgoritmi, jota voidaan \n"
+#~ "käyttää vain allekirjoituksiin. DSA:ta suositellaan, koska sillä "
+#~ "tuotetut \n"
+#~ "allekirjoitukset voidaan varmistaa paljon nopeammin verrattuna ElGamal:"
+#~ "iin.\n"
+#~ "\n"
+#~ "ElGamal-algoritmia voidaan käyttää sekä allekirjoituksiin että \n"
+#~ "salaamiseen. OpenPGP erottaa seuraavat kaksi toimintatapaa toisistaan:\n"
+#~ "pelkkä allekirjoitus ja allekirjoitus+salaus. Toimintatavat ovat\n"
+#~ "itseasiassa samanlaiset, mutta joitakin parametrejä täytyy valita "
+#~ "erityisellä\n"
+#~ "tavalla luotaessa turvallista allekirjoitusavainta. Tämä ohjelma "
+#~ "pystyy \n"
+#~ "siihen, mutta toiset OpenPGP-sovellukset eivät välttämättä pysty \n"
+#~ "tulkitsemaan allekirjoitus+salaus-muotoa.\n"
+#~ "\n"
+#~ "Ensisijainen avain täytyy aina olla allekirjoittamiseen sopiva avain; \n"
+#~ "tämä on syy, miksi vain salaus-ElGamal-avain ei ole tässä valittavissa \n"
+#~ "tässä valikossa."
+
+#~ msgid ""
+#~ "Although these keys are defined in RFC2440 they are not suggested\n"
+#~ "because they are not supported by all programs and signatures created\n"
+#~ "with them are quite large and very slow to verify."
+#~ msgstr ""
+#~ "Vaikka nämä avaintyypit on määritelty RFC2440:ssa, niitä ei \n"
+#~ "suositella, koska kaikki ohjelmat eivät tue niitä, ja niillä \n"
+#~ "tuotetut allekirjoitukset ovat melko suuria ja näin ollen hitaita \n"
+#~ "tarkistaa."
+
+#~ msgid "%lu keys so far checked (%lu signatures)\n"
+#~ msgstr "tähän mennessä käsitelty %lu avainta (%lu allekirjoitusta)\n"
+
+#~ msgid "key incomplete\n"
+#~ msgstr "avain vaillinainen\n"
+
+#~ msgid "key %08lX incomplete\n"
+#~ msgstr "avain %08lX on vaillinainen\n"
diff --git a/po/fr.gmo b/po/fr.gmo
new file mode 100644
index 0000000..5c72e3b
--- /dev/null
+++ b/po/fr.gmo
Binary files differ
diff --git a/po/fr.po b/po/fr.po
new file mode 100644
index 0000000..bb18764
--- /dev/null
+++ b/po/fr.po
@@ -0,0 +1,9455 @@
+# GnuPG French translation
+# Copyright (C) 1998-2005 Free Software Foundation, Inc.
+# Gaël Quéri <gael@lautre.net>, 1998.
+#
+# Thanks to Rémi Guyomarch <rguyom@mail.dotcom.fr> and <nmorant@amadeus.net>
+# for pointing me out some errors.
+#
+# $Id$
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.4.2rc2\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2008-09-30 19:38+0200\n"
+"Last-Translator: Gaël Quéri <gael@lautre.net>\n"
+"Language-Team: French <traduc@traduc.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-1\n"
+"Content-Transfer-Encoding: 8-bit\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "impossible de stocker l'empreinte: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+#, fuzzy
+msgid "Quality:"
+msgstr "validité: %s"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "Entrez le mot de passe ; c'est une phrase secrète \n"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "ligne trop longue"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "ligne trop longue"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Caractère invalide dans le nom\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "mauvais entier en précision multiple (MPI)"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "mauvaise phrase de passe"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "mauvaise phrase de passe"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "le hachage de protection %d n'est pas supporté\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "impossible de créer `%s': %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "impossible d'ouvrir `%s': %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "erreur pendant l'obtention du nouveau code PIN: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr ""
+"erreur durant la lecture des informations contenues actuellement\n"
+"dans la clé: %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr ""
+"aucun portes-clés secret n'a été trouvé avec des droits d'écriture : %s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "la lecture de la clé publique a échoué: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "erreur durant l'écriture du porte-clés `%s': %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Entrez le mot de passe ; c'est une phrase secrète \n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "changer la phrase de passe"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr "Entrez le mot de passe ; c'est une phrase secrète \n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: la création de la table de hachage a échoué: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+#, fuzzy
+msgid "Please insert the card with serial number"
+msgstr ""
+"Supprimez la carte présente et insérez celle portant le numéro de\n"
+"série:\n"
+" %.*s\n"
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+#, fuzzy
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+"Supprimez la carte présente et insérez celle portant le numéro de\n"
+"série:\n"
+" %.*s\n"
+
+#: agent/divert-scd.c:200
+#, fuzzy
+msgid "Admin PIN"
+msgstr "|A|code PIN d'administration"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Répétez ce code PIN: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Répétez ce code PIN: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Répétez ce code PIN: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "le code PIN n'a pas été correctement répété ; recommencez"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "le code PIN n'a pas été correctement répété ; recommencez"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "le code PIN n'a pas été correctement répété ; recommencez"
+
+#: agent/divert-scd.c:310
+#, fuzzy, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "||Entrez le PIN%%0A[sigs faites: %lu]"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "erreur pendant la création de la phrase de passe: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr ""
+"%s: erreur pendant l'écriture de l'enregistrement de\n"
+"répertoire: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "Entrez la phrase de passe\n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Utiliser cette clé quand même ? (o/N) "
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"Vous avez besoin d'une phrase de passe pour protéger votre clé\n"
+"secrète.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "changer la phrase de passe"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Options:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "bavard"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "devenir beaucoup plus silencieux"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "lire les options de `%s'\n"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "chercher les clés avec un serveur de clés"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr ""
+"indiquer la liste des préférences pour le nom d'utilisateur\n"
+"sélectionné"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "mettre la base de confiance à jour"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "erreur pendant la création de la phrase de passe: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr ""
+"Signaler toutes anomalies à <@EMAIL@> (en anglais)\n"
+"et tout problème de traduction à <traduc@traduc.org>.\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Utilisation: gpg [options] [fichiers] (-h pour l'aide)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "NOTE: pas de fichier d'options par défaut `%s'\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "fichier d'options `%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "lire les options de `%s'\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "erreur pendant la création de `%s': %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "impossible de créer le répertoire `%s': %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "impossible de créer `%s': %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1525
+#, fuzzy
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "gpg-agent n'est pas disponible dans cette session\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "erreur pendant l'obtention du nouveau code PIN: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr ""
+"erreur pendant la recherche de l'enregistrement de confiance\n"
+"dans `%s': %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "la mise à jour a échoué: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "écriture de la clé secrète dans `%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "répertoire `%s' créé\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "fstat(%d) échoué dans %s: %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "impossible de créer le répertoire `%s': %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "erreur pendant la lecture de `%s': %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "la mise à jour de la clé secrète a échoué: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "%s: ignoré: %s\n"
+
+#: agent/gpg-agent.c:2232
+#, fuzzy
+msgid "no gpg-agent running in this session\n"
+msgstr "gpg-agent n'est pas disponible dans cette session\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "la variable d'environnement GPG_AGENT_INFO est mal définie\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "le protocole gpg-agent version %d n'est pas supporté\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Utilisation: gpg [options] [fichiers] (-h pour l'aide)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Commandes:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Options:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Utilisation: gpg [options] [fichiers] (-h pour l'aide)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Entrez le mot de passe ; c'est une phrase secrète \n"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Entrez le mot de passe ; c'est une phrase secrète \n"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr "Entrez le mot de passe ; c'est une phrase secrète \n"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "mauvaise phrase de passe"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "annulé"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "erreur pendant la création de la phrase de passe: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "erreur dans `%s': %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "fichier d'options `%s': %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "les parties secrètes ne sont pas disponibles\n"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "erreur de lecture dans `%s': %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "erreur pendant la lecture de `%s': %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "oui"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "changer la phrase de passe"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "erreur pendant la création de la phrase de passe: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "impossible d'ouvir les données signées `%s'\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "erreur pendant la lecture de `%s': %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr ""
+"erreur durant la lecture des informations contenues actuellement\n"
+"dans la clé: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "erreur pendant la lecture de `%s': %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "erreur pendant la lecture de `%s': %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "erreur pendant la création de `%s': %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "[Nom utilisateur introuvable]"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent n'est pas disponible dans cette session\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "impossible de se connecter à `%s': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr ""
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr ""
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "annulé par l'utilisateur\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+#, fuzzy
+msgid "problem with the agent\n"
+msgstr "problème avec l'agent - arrêt d'utilisation de l'agent\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "impossible d'empêcher la génération de fichiers «core»: %s\n"
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr ""
+"AVERTISSEMENT: le propriétaire de l'extension `%s' est peu\n"
+"sûr\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr ""
+"AVERTISSEMENT: les permissions de l'extension `%s' sont\n"
+"peu sûres\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "oui"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "oO"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "non"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "quitter"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "qQ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr "ok|ok"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr "annuler|annuler"
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr "oO"
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr "aA"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "mauvais certificat"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "mauvais certificat"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "mauvais certificat"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "mauvais certificat"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "mauvais certificat"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "mauvais certificat"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "mauvais certificat"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr "mauvais certificat"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "lister toutes les données disponibles"
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: porte-clés créé\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "validité: %s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Algorithmes supportés:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "non chiffré"
+
+#: common/audit.c:784 common/audit.c:933
+#, fuzzy
+msgid "Number of recipients"
+msgstr "Récipients actuels:\n"
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "algorithme de hachage `%s' invalide\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Signature faite le %s\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "algorithme de hachage `%s' invalide\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "l'algorithme de protection %d%s n'est pas supporté\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "vérification de signature supprimée\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "Signature faite le %s\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "Bonne signature de « %s »"
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "algorithme de hachage `%s' invalide\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "Signature faite le %s\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "Cette clé a expiré !"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr "mauvais certificat"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "mauvais certificat"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Clé disponible sur: "
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "mauvais certificat"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "mauvais certificat"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "version inconnue"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "Pas d'aide disponible pour `%s'"
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "erreur dans la ligne de remorque\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "[non positionné]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "armure: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "en-tête d'armure invalide: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "en-tête d'armure: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "en-tête de signature claire invalide\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "en-tête d'armure: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "signatures en texte clair imbriquées\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "armure inattendue: "
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "ligne échappée par `-' invalide: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "caractère %02X invalide en radix64 ignoré\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "fin de fichier prématurée (pas de CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "fin de fichier prématurée (dans le CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "CRC déformé\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "Erreur de CRC; %06lX - %06lX\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "fin de fichier prématurée (dans la remorque)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "erreur dans la ligne de remorque\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "aucune donnée OpenPGP valide n'a été trouvée.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "armure invalide: ligne plus longue que %d caractères\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"caractère cité-imprimable (quoted-printable) dans l'armure provenant\n"
+"certainement d'un agent de transfert de messages bogué\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"le nom d'une notation ne doit comporter que des caractères imprimables\n"
+"ou des espaces, et se terminer par un signe '='\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "un nom de notation utilisateur doit contenir le caractère '@'\n"
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "un nom de notation utilisateur ne doit pas plus d'un caractère '@'\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "une valeur de notation ne doit utiliser aucun caractère de contrôle\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "ATTENTION: des données de notation invalides ont été détectées\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "illisible par un humain"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "la carte OpenPGP n'est pas disponible: %s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "carte OpenPGP n° %s détectée\n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "impossible de faire cela en mode automatique\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "Cette commande n'est pas admise en mode %s.\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "les parties secrètes ne sont pas disponibles\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Votre choix ? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[non positionné]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "masculin"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "féminin"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "non spécifié"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "non forcé"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "forcé"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "Erreur: Seul l'ASCII standard est permis pour l'instant.\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "Erreur: Le caractère « < » ne peut pas être utilisé.\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "Erreur: Les espaces doubles ne sont pas permis.\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "Nom du déteneur de la carte: "
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "Prénom du déteneur de la carte: "
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "Erreur: Nom combiné trop long (la limite est %d caractères).\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "URL pour récupérer la clé publique: %s"
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "Erreur: URL trop long (la limite est %d caractères).\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "erreur durant la création du porte-clés `%s' : %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "erreur pendant la lecture de `%s': %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "erreur durant l'écriture du porte-clés `%s': %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "Données d'identification (nom du compte): "
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+"Erreur: Données d'indentification trop longues (la limite est\n"
+"%d caractères).\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr "Données DO privées: "
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "Erreur: DO privé trop long (la limite est %d caractères).\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "Préférences de langue: "
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "Erreur: longueur invalide de la chaîne de préférences.\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Erreur: caractères invalide dans la chaîne de préférences.\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "Sexe ((M)asculin, (F)éminin ou espace): "
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "Erreur: réponse invalide.\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "empreinte de l'autorité de certification: "
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "Erreur: empreinte mal formatée.\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "l'opération sur la clé n'est pas possible: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "ce n'est pas une carte OpenPGP"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr ""
+"erreur durant la lecture des informations contenues actuellement\n"
+"dans la clé: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "Remplacer la clé existante ? (o/N) "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Quelle taille de clé désirez-vous ? (%u) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Quelle taille de clé désirez-vous ? (%u) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Quelle taille de clé désirez-vous ? (%u) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "arrondie à %u bits\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "les tailles de clés %s doivent être dans l'intervalle %u-%u\n"
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr ""
+"erreur pendant la recherche de l'enregistrement de confiance\n"
+"dans `%s': %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "Faire une sauvegarde hors carte de la clé de chiffrement ? (O/n) "
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "la clé secrète est déjà stockée sur une carte\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "Remplacer les clés existantes ? (o/N) "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"Notez que les réglages d'usine des codes PIN sont\n"
+" PIN = `%s' PIN admin = `%s'\n"
+"Vous devriez les changer avec la commande --change-pin\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "Sélectionnez le type de clé à générer:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) Clé de signature\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) Clé de chiffrement\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) Clé d'authentification\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Choix invalide.\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "Sélectionnez l'endroit où stocker la clé:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "algorithme de protection de clé inconnu\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "Les parties secrètes de la clé ne sont pas disponibles.\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "la clé secrète est déjà stockée sur une carte\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "erreur durant l'écriture du porte-clés `%s': %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "quitter ce menu"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "indiquer les commandes d'administration"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "afficher cette aide"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "lister toutes les données disponibles"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "changer le nom du propriétaire de la carte"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "changer l'URL pour récupérer la clé"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "aller chercher la clé spécifiée dans l'URL de la carte"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "changer le nom d'identification"
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "changer les préférences de langue"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "changer le sexe du propriétaire de la carte"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "changer l'empreinte d'une autorité de certification"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+"inverser le paramètre obligeant à rentrer le code PIN pour les\n"
+"signatures"
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "générer de nouvelles clés"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "menu pour changer ou déverrouiller le PIN"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr "vérifier le code PIN et lister toutes les données"
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "La commande n'est utilisable qu'en mode administration\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "Les commandes d'administration sont permises\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "Les commandes d'administration ne sont pas permises\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Commande invalide (essayez «help»)\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output n'est pas compatible avec cette commande\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "impossible d'ouvrir `%s'\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "clé « %s » introuvable: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "erreur pendant la lecture du bloc de clé : %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(à moins de spécifier la clé par son empreinte)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "impossible de faire cela en mode automatique sans « --yes »\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Enlever cette clé du porte-clés ? (o/N) "
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "C'est une clé secrète ! - faut-il vraiment l'effacer ? (o/N) "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "la suppression du bloc de clés a échoué : %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "les informations de confiance au propriétaires ont été effacées\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "il y a une clé secrète pour la clé publique \"%s\" !\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "utiliser l'option «--delete-secret-keys» pour l'effacer d'abord.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "erreur pendant la création de la phrase de passe: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr ""
+"il n'est pas possible d'utiliser un paquet ESK symétrique en mode S2K\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "utilisation de l'algorithme de chiffrement %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "`%s' déjà compressé\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "AVERTISSEMENT: `%s' est un fichier vide\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"le chiffrement RSA ne se fait qu'avec des clés de moins de 2048 bits\n"
+"en mode --pgp2\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "lecture de `%s'\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"impossible d'utiliser le chiffre IDEA pour toutes les clés vers\n"
+"lesquelles vous chiffrez.\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"AVERTISSEMENT: forcer le chiffrement symétrique %s (%d) entre\n"
+"en désaccord avec les préférences du destinataire\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"AVERTISSEMENT: forcer l'algorithme de compression %s (%d) entre\n"
+"en désaccord avec les préférences du destinataire\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"forcer le chiffrement symétrique %s (%d) entre en désaccord\n"
+"avec les préferences du destinataire\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "vous ne pouvez pas utiliser %s en mode %s.\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s chiffré pour: \"%s\"\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "données chiffrées avec %s\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "chiffré avec l'algorithme inconnu %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"ATTENTION: Le message a été chiffré avec une clé faible pendant le\n"
+"chiffrement symétrique.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "problème de gestion des paquets chiffrés\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "aucun programme d'exécution distante n'est supporté\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"les appels aux programmes externes sont désactivés car les permissions\n"
+"du fichier d'options sont trop peu sûres\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"cette plateforme a besoin de fichiers temporaires pour appeler des\n"
+"programmes externes\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "impossible d'exécuter le programme `%s': %s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "impossible d'exécuter l'intérpréteur de commandes `%s': %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "erreur système pendant l'appel du programme externe: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "sortie non naturelle du programme externe\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "impossible d'exécuter le programme externe\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "impossible de lire la réponse du programme externe: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr ""
+"AVERTISSEMENT: impossible d'enlever le fichier temporaire\n"
+"(%s) `%s': %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr ""
+"AVERTISSEMENT: impossible d'effacer le répertoire temporaire `%s':\n"
+"%s\n"
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr "La signature sera marquée comme non-révocable.\n"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+#, fuzzy
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "aucune clé de révocation trouvée pour « %s »\n"
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr "révoquer la clé ou les sous-clés sélectionnées"
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "nettoyer les parties inutilisables de la clé"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "il est interdit d'exporter les clé secrètes\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "clé %s: non protégée - ignorée\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "clé %s: clé de style PGP 2.x - ignorée\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "clé %s: signature de sous-clé au mauvais endroit - ignorée\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "le stockage de la clé a échoué: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr ""
+"AVERTISSEMENT: la clé secrète %s n'a pas de somme de contrôle SK\n"
+"simple\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "ATTENTION: rien n'a été exporté\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "trop d'entrées dans le cache pk - désactivé\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[Nom utilisateur introuvable]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "erreur pendant la création de `%s': %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "empreinte de l'autorité de certification: "
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"La clé invalide %s a été rendue valide par\n"
+"--allow-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "pas de sous-clé secrète pour la clé publique %s - ignorée\n"
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr ""
+"utilisation de la sous-clé %s à la place de la clé\n"
+"principale %s\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "clé %s: clé secrète sans clé publique - non prise en compte\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "|[fichier]|faire une signature"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[fichier]|faire une signature en texte clair"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "faire une signature détachée"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "chiffrer les données"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "chiffrement symétrique seulement"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "déchiffrer les données (défaut)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "vérifier une signature"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "lister les clés"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "lister les clés et les signatures"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "lister et vérifier les signatures des clés"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "lister les clés et les empreintes"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "lister les clés secrètes"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "générer une nouvelle paire de clés"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "générer un certificat de révocation"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "enlever les clés du porte-clés public"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "enlever les clés du porte-clés secret"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "signer une clé"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "signer une clé localement"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "signer ou éditer une clé"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "changer la phrase de passe"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "exporter les clés"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "exporter les clés vers un serveur de clés"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "importer les clés d'un serveur de clés"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "chercher les clés avec un serveur de clés"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "mettre à jour les clés depuis un serveur"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "importer/fusionner les clés"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "afficher l'état de la carte"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "changer les données d'une carte"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "changer le code PIN d'une carte"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "mettre la base de confiance à jour"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|alg. [fich.]|indiquer les fonctions de hachage"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "créer une sortie ascii avec armure"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|NOM|chiffrer pour NOM"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "utiliser ce nom pour signer ou déchiffrer"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|niveau de compression N (0 désactive)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "utiliser le mode texte canonique"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "lire les options de `%s'\n"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "ne rien changer"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "demander avant d'écraser un fichier"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "utiliser strictement le comportement OpenPGP"
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Voir la page de manuel pour une liste complète des commandes et options)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Exemples:\n"
+"\n"
+" -se -r Alice [fichier] signer et chiffrer pour l'utilisateur Alice\n"
+" --clearsign [fichier] faire une signature en texte clair\n"
+" --detach-sign [fichier] faire une signature détachée\n"
+" --list-keys [utilisateur] montrer les clés\n"
+" --fingerprint [utilisateur] montrer les empreintes\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Utilisation: gpg [options] [fichiers] (-h pour l'aide)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntaxe: gpg [options] [fichiers]\n"
+"signer, vérifier, chiffrer ou déchiffrer\n"
+"l'opération par défaut dépend des données entrées\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Algorithmes supportés:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Clé publique: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Chiffrement: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Hachage: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Compression: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "utilisation: gpg [options] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "commandes en conflit\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "aucun signe = trouvé dans la définition du groupe `%s'\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr ""
+"AVERTISSEMENT: le propriétaire du répertoire personnel `%s' est\n"
+"peu sûr\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr ""
+"AVERTISSEMENT: le propriétaire du fichier de configuration `%s'\n"
+"est peu sûr\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr ""
+"AVERTISSEMENT: le propriétaire de l'extension `%s' est peu\n"
+"sûr\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr ""
+"AVERTISSEMENT: les permissions du répertoire personnel `%s'\n"
+"sont peu sûres\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr ""
+"AVERTISSEMENT: les permissions du fichier de configuration\n"
+"`%s' sont peu sûres\n"
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr ""
+"AVERTISSEMENT: les permissions de l'extension `%s' sont\n"
+"peu sûres\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr ""
+"AVERTISSEMENT: le propriétaire du répertoire contenant est peu\n"
+"sûr pour le répertoire personnel `%s'\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+"AVERTISSEMENT: le propriétaire du répertoire contenant est peu\n"
+"sûr pour le fichier de configuration `%s'\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+"AVERTISSEMENT: le propriétaire du répertoire contenant est peu\n"
+"sûr pour l'extension `%s'\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+"AVERTISSEMENT: les permissions du répertoire contenant le\n"
+"répertoire personnel `%s' sont peu sûres\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+"AVERTISSEMENT: les permissions du répertoire contenant le\n"
+"fichier de configuration `%s' sont peu sûres\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+"AVERTISSEMENT: les permissions du répertoire contenant\n"
+"l'extension `%s' sont peu sûres\n"
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "élément de configuration `%s' inconnu\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+#, fuzzy
+msgid "show all notations during signature listings"
+msgstr "Pas de signature correspondante dans le porte-clés secret\n"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "l'URL du serveur de clés favori qui a été donnée est invalide\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr ""
+"passer de la liste des clés secrètes à celle des clés privées\n"
+"et inversement"
+
+#: g10/gpg.c:1721
+#, fuzzy
+msgid "show expiration dates during signature listings"
+msgstr "Pas de signature correspondante dans le porte-clés secret\n"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "NOTE: l'ancien fichier d'options par défaut `%s' a été ignoré\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "NOTE: %s n'est pas pour une utilisation normale !\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "`%s' n'est pas une date d'expiration de signature valide\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "`%s' n'est pas un jeu de caractères valide\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "impossible d'interpréter l'URL du serveur de clés\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: les options du serveur de clés sont invalides\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "les options du serveur de clés sont invalides\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: options d'import invalides\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "options d'import invalides\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: options d'export invalides\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "options d'export invalides\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: options de liste invalides\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "options de liste invalides\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "`%s' n'est pas une date d'expiration de signature valide\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "l'URL du serveur de clés favori qui a été donnée est invalide\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "`%s' n'est pas une date d'expiration de signature valide\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "`%s' n'est pas une date d'expiration de signature valide\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: options de vérification invalides\n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "options de vérification invalides\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "impossible de mettre le chemin d'exécution à %s\n"
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: options de vérification invalides\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "ATTENTION: Le programme peut créer un fichier «core» !\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "ATTENTION: %s remplace %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s n'est pas permis avec %s !\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s n'a aucun sens avec %s !\n"
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "pas d'exécution ave une mémoire non sécurisée à cause de %s\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+"il n'est possible de faire une signature détachée ou en texte clair\n"
+"qu'en mode --pgp2\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "vous ne pouvez pas signer et chiffrer en même temps en mode --pgp2\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+"vous devez utiliser des fichiers (et pas un tube) lorsque --pgp2\n"
+"est activé.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr ""
+"chiffrer un message en mode --pgp2 nécessite l'algorithme de chiffrage IDEA\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "l'algorithme de chiffrement sélectionné est invalide\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "la fonction de hachage sélectionnée est invalide\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "l'algorithme de compression sélectionné est invalide\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "la fonction de hachage de certification sélectionnée est invalide\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "«completes-needed» doit être supérieur à 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "«marginals-needed» doit être supérieur à 1\n"
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth doit être compris entre 1 et 255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "default-cert-level invalide; doit être 0, 1, 2 ou 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "min-cert-level invalide; doit être 0, 1, 2 ou 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "NOTE: le mode S2K simple (0) est fortement déconseillé\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "mode S2K invalide; ce doit être 0, 1 ou 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "préférences par défaut invalides\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "préférences de chiffrement personnelles invalides\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "préférences de hachage personnelles invalides\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "préférences de compression personnelles invalides\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s ne marche pas encore avec %s\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr ""
+"vous ne pouvez pas utiliser l'algorithme de chiffrement `%s'\n"
+"en mode %s.\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr ""
+"vous ne pouvez pas utiliser l'algorithme de hachage `%s'\n"
+"en mode %s.\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr ""
+"vous ne pouvez pas utiliser l'algorithme de compression `%s'\n"
+"en mode %s.\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "impossible d'initialiser la base de confiance: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"AVERTISSEMENT: des destinataires (-r) ont été donnés alors que le\n"
+"chiffrement ne se fait pas par clé publique\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [nom du fichier]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [nom du fichier]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "le chiffrement symétrique de `%s' a échoué: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [nom du fichier]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [nom du fichier]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr "vous ne pouvez pas utiliser --symmetric --encrypt avec --s2k-mode 0\n"
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "vous ne pouvez pas utiliser --symmetric --encrypt en mode %s.\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [nom du fichier]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [nom du fichier]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [nom du fichier]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+"Vous ne pouvez pas utiliser --symmetric --sign --encrypt avec\n"
+"--s2k-mode 0\n"
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr ""
+"vous ne pouvez pas utiliser --symmetric --sign --encrypt\n"
+"en mode %s.\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [nom du fichier]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [nom du fichier]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [nom du fichier]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key utilisateur"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key utilisateur"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key utilisateur [commandes]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key utilisateur"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "l'envoi vers le serveur de clés a échoué: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "la réception depuis le serveur de clés a échoué: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "l'export de la clé a échoué: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "la recherche au sein du serveur de clés a échoué: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "le rafraîchissement par le serveur de clés a échoué: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "la suppression d'une armure a échoué: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "la construction d'une armure a échoué: %s \n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "algorithme de hachage `%s' invalide\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[nom du fichier]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Vous pouvez taper votre message...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "l'URL de politique de certification donnée est invalide\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "l'URL de politique de signature donnée est invalide\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "l'URL du serveur de clés favori qui a été donnée est invalide\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "enlever les clés de ce porte-clés"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr ""
+"faire en sorte que les conflits d'horodatage ne soient qu'un\n"
+"avertissement non fatal"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|écrire l'état sur ce descripteur"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Utilisation: gpgv [options] [fichiers] (-h pour l'aide)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Syntaxe: gpg [options] [fichiers]\n"
+"Verifier des signatures avec des clés de confiance connues\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Pas d'aide disponible"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Pas d'aide disponible pour `%s'"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "mettre la base de confiance à jour"
+
+#: g10/import.c:100
+#, fuzzy
+msgid "create a public key when importing a secret key"
+msgstr "la clé publique ne correspond pas à la clé secrète !\n"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "nettoyer les parties inutilisables de la clé"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "un bloc de type %d a été ignoré\n"
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu clés traitées jusqu'ici\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr " Quantité totale traitée: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " nouvelles clés ignorées: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " sans nom d'utilisateur: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importée: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " inchangée: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " nouveaux noms d'utilisateurs: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " nouvelles sous-clés: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " nouvelles signatures: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " nouvelles révocations de clés: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " clés secrètes lues: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " clés secrètes importées: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " clés secrètes inchangées: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " non importée: %lu\n"
+
+#: g10/import.c:323
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " signatures nettoyées: %lu\n"
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " noms d'utilisateur nettoyés: %lu\n"
+
+#: g10/import.c:606
+#, fuzzy, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr "AVERTISSEMENT: la clé %s contient des préferences pour des\n"
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " « %s »: préférence pour l'algorithme de chiffrement %s\n"
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " « %s »: préférence pour l'algorithme de hachage %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " « %s »: préférence pour l'algorithme de compression %s\n"
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "il est fortement suggéré de mettre à jour vos préférences et\n"
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+"redistribuer cette clé pour éviter les problèmes potentiels qui seraient\n"
+"causés par des algorithmes non appropriés\n"
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+"vous pouvez mettre à jour vos préférences avec: \n"
+"gpg --edit-key %s updpref save\n"
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "clé %s: pas de nom d'utilisateur\n"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "clé %s: corruption de sous-clé PKS réparée\n"
+
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "clé %s: nom d'utilisateur non auto-signé accepté « %s »\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "clé %s: pas de nom d'utilisateur valide\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "cela peut provenir d'une auto-signature manquante\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "clé %s: clé publique non trouvée: %s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "clé %s: nouvelle clé - ignorée\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "aucun porte-clé n'a été trouvé avec des droits d'écriture : %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "écriture de `%s'\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "erreur durant l'écriture du porte-clés `%s': %s\n"
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "clé %s: clé publique « %s » importée\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "clé %s: ne ressemble pas à notre copie\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "clé %s: impossible de trouver le bloc de clés original: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "clé %s: impossible de lire le bloc de clés original: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "clé %s: « %s » un nouvel utilisateur\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "clé %s: « %s » %d nouveaux utilisateurs\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "clé %s: « %s » une nouvelle signature\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "clé %s: « %s » %d nouvelles signatures\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "clé %s: « %s » une nouvelle sous-clé\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "clé %s: « %s » %d nouvelles sous-clés\n"
+
+#: g10/import.c:980
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "clé %s: « %s » %d signature nettoyée\n"
+
+#: g10/import.c:983
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "clé %s: « %s » %d signatures nettoyées\n"
+
+#: g10/import.c:986
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "clé %s: « %s » %d nom d'utilisateur nettoyé\n"
+
+#: g10/import.c:989
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "clé %s: « %s » %d noms d'utilisateur nettoyés\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "clé %s: « %s » n'a pas changé\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr ""
+"clé %s: clé secrète avec le chiffrement invalide %d - non prise\n"
+"en compte\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "il est interdit d'importer les clé secrètes\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "pas de porte-clés par défaut: %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "clé %s: clé secrète importée\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "clé %s: déjà dans le porte-clés secret\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "clé %s: clé secrète non trouvée: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"clé %s: pas de clé publique - le certificat de révocation ne peut\n"
+"être appliqué\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "clé %s: certificat de révocation invalide: %s - rejeté\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "clé %s: « %s » certificat de révocation importé\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "clé %s: pas de nom d'utilisateur pour la signature\n"
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"clé %s: algorithme de clé publique non supporté avec le nom\n"
+"d'utilisateur « %s »\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "clé %s: auto-signature du nom d'utilisateur « %s » invalide\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "clé %s: algorithme de clé publique non supporté\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "clé %s: ajout de la signature de clé directe\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "clé %s: pas de sous-clé pour relier la clé\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "clé %s: liaison avec la sous-clé invalide\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "clé %s: supression de liaisons multiples avec des sous-clés\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "clé %s: pas de sous-clé pour révoquer la clé\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "clé %s: révocation de sous-clé invalide\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "clé %s: suppression de la révocation de sous-clés multiples\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "clé %s: nom d'utilisateur « %s » non pris en compte\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "clé %s: sous-clé non prise en compte\n"
+
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "clé %s: signature non exportable (classe 0x%02X) - ignorée\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "clé %s: certificat de révocation au mauvais endroit - ignorée\n"
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "clé %s: certificat de révocation invalide: %s - ignorée\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "clé %s: signature de sous-clé au mauvais endroit - ignorée\n"
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "clé %s: classe de signature non attendue (0x%02X) - ignorée\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "clé %s: nom d'utilisateur en double détecté - fusion accomplie\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"AVERTISSEMENT: la clé %s est peut-être révoquée: recherche de\n"
+"la clé de révocation %s\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"AVERTISSEMENT: la clé %s est peut-être révoquée: la clé de\n"
+"révocation %s est absente.\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "clé %s: certificat de révocation « %s » ajouté\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "clé %s: ajout de la signature de clé directe\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "NOTE: le numéro de série d'une clé n'est pas celui de la carte\n"
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "NOTE: la clé primaire est en ligne et stockée sur la carte\n"
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "NOTE: la clé secondaire est en ligne et stockée sur la carte\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "erreur durant la création du porte-clés `%s' : %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "le porte-clés `%s` a été créé\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "ressource bloc de clés `%s': %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "la reconstruction du cache de porte-clés a échoué : %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[révocation]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[auto-signature]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "une mauvaise signature\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d mauvaises signatures\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "une signature non vérifiée à cause d'une clé manquante\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d signatures non vérifiées à cause de clés manquantes\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "une signature non vérifiée à cause d'une erreur\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d signatures non vérifiées à cause d'erreurs\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "un nom d'utilisateur sans auto-signature valide détecté\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "%d nom d'utilisateurs sans auto-signature valide détecté\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Décidez maintenant à quel point vous avez confiance en cet utilisateur\n"
+"pour qu'il vérifie les clés des autres utilisateurs (en vérifiant les\n"
+"passeports, en vérifiant les empreintes de plusieurs sources différentes, "
+"etc.)\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = je crois marginalement\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = je fais entièrement confiance\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"Entrez la profondeur de cette signature de confiance.\n"
+"Une profondeur supérieure à 1 permet à la clé que vous signez de faire\n"
+"des signatures de confiance de votre part.\n"
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+"Entrez un domaine pour restreindre cette signature, ou bien appuyez\n"
+"sur la touche entrée pour aucun domaine.\n"
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "Le nom d'utilisateur \"%s\" est révoqué."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Etes-vous sûr de toujours vouloir le signer ? (o/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Impossible de signer.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "Le nom d'utilisateur \"%s\" est expiré."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "Le nom d'utilisateur \"%s\" ne comporte pas d'auto-signature."
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "Le nom d'utilisateur \"%s\" est susceptible d'être signé. "
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr "Signer réellement ? (o/N) "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"L'auto-signature de \"%s\"\n"
+"est de style PGP 2.x.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Voulez vous la changer en une auto-signature OpenPGP ? (o/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Votre signature actuelle de \"%s\"\n"
+"a expiré.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+"Voulez-vous créer une nouvelle signature pour remplacer celle qui a\n"
+"expiré ? (o/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Votre signature actuelle de \"%s\"\n"
+"est locale.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "Voulez vous la rendre complètement exportable ? (o/N) "
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "« %s » a déjà été signé localement par la clé %s\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "« %s » a déjà été signé par la clé %s\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Voulez-vous vraiment le signer encore une fois ? (o/N) "
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Rien à signer avec la clé %s\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Cette clé a expiré !"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Cette clé va expirer le %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Voulez-vous que votre signature expire en même temps ? (O/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"il n'est pas possible de générer une signature OpenPGP d'une clé de style\n"
+"PGP 2.x en mode --pgp2.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Cela rendra la clé inutilisable par PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Avec quel soin avez-vous vérifié que la clé que vous allez signer\n"
+"appartient réellement à la personne sus-nommée ? Si vous ne savez\n"
+"quoi répondre, entrez \"0\".\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Je ne répondrai pas.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Je n'ai pas vérifié du tout.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) J'ai un peu vérifié.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) J'ai vérifié très soigneusement.%s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Votre sélection ? (entrer '?' pour plus d'informations): "
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Etes-vous vraiment sûr(e) que vous voulez signer cette clé\n"
+"avec votre clé « %s » (%s)\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "Ceci sera une auto-signature.\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"AVERTISSEMENT: la signature ne sera pas marquée comme\n"
+"non-exportable.\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"AVERTISSEMENT: La signature ne sera pas marquée comme\n"
+"non-révocable.\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "La signature sera marquée comme non-exportable.\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "La signature sera marquée comme non-révocable.\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "Je n'ai pas du tout vérifié cette clé.\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "J'ai un peu vérifié cette clé.\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "J'ai vérifié cette clé avec grand soin.\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "Signer réellement ? (o/N) "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "la signature a échoué: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+"La clé possède seulement des items partiels ou stockés sur carte -\n"
+"pas de phrase de passe à changer.\n"
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Cette clé n'est pas protégée.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Les parties secrètes de la clé principale ne sont pas disponibles.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr ""
+"Les parties secrètes de la clé principale sont stockées sur la\n"
+"carte.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "La clé est protégée.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Impossible d'éditer cette clé: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr "Entrez la nouvelle phrase de passe pour cette clé secrète.\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "la phrase de passe n'a pas été correctement répétée ; recommencez."
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Vous ne voulez pas de phrase de passe - cela est certainement une\n"
+"*mauvaise* idée\n"
+"\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "Voulez-vous vraiment faire cela ? (o/N) "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "replacer la signature d'une clé à l'endroit correct\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "enregistrer et quitter"
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr "afficher l'empreinte de la clé"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "lister la clé et les noms d'utilisateurs"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "sélectionner le nom d'utilisateur N"
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr "sélectionner la sous-clé N"
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr "vérifier les signatures"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+"signer les noms d'utilisateurs sélectionnés [* voir ci-dessous pour\n"
+"les commandes similaires]"
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr "signer le nom d'utilisateur sélectionné localement"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr "signer les noms d'utilisateurs sélectionnés localement"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+"signer les noms d'utilisateurs sélectionnés avec une signature\n"
+"non-révocable"
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "ajouter un utilisateur"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "ajouter une photo d'identité"
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr "enlever les noms d'utilisateur sélectionnés"
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr "ajouter une sous-clé"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr "ajouter une clé à une carte à puce"
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr "déplacer une clé vers une carte à puce"
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr "déplacer une clé de sauvegarde vers une carte à puce"
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr "enlever les sous-clés sélectionnées"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "ajouter une clé de révocation"
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr "enlever les signatures des noms d'utilisateur sélectionnés "
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "changer la date d'expiration de la clé ou des sous-clés sélectionnées"
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr "marquer le nom d'utilisateur sélectionné comme principal"
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr ""
+"passer de la liste des clés secrètes à celle des clés privées\n"
+"et inversement"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "lister les préférences (expert)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "lister les préférences (bavard)"
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr ""
+"indiquer la liste des préférences pour le nom d'utilisateur\n"
+"sélectionné"
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr ""
+"indiquer l'URL du serveur de clés préféré pour les noms d'utilisateur\n"
+"sélectionnés"
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr ""
+"indiquer la liste des préférences pour le nom d'utilisateur\n"
+"sélectionné"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "changer la phrase de passe"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "changer la confiance"
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr "révoquer les signatures des noms d'utilisateur sélectionnés"
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr "révoquer les noms d'utilisateur sélectionnés"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr "révoquer la clé ou les sous-clés sélectionnées"
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr "activer la clé"
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr "désactiver la clé"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr "montrer les photos d'identité sélectionnées"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "erreur pendant la lecture du bloc de clé secrète « %s »: %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "La clé secrète est disponible.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Il faut la clé secrète pour faire cela.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Utilisez la commande «toggle» d'abord.\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* La commande `sign' peut être précédée du caractère `l' pour les\n"
+"signatures locales (lsign), par `t' pour les signatures de confiance\n"
+"(tsign), par `nr' pour les signatures non-révocables (nrsign), ou\n"
+"bien toute combinaison possible (ltsign, tnrsign, etc.).\n"
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "La clé est révoquée."
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Signer vraiment tous les nom d'utilisateurs ? (o/N) "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Aide: Sélectionner les utilisateurs à signer\n"
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "Type de signature `%s' inconnu\n"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Cette commande n'est pas admise en mode %s.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Vous devez sélectionner au moins un utilisateur.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Vous ne pouvez pas supprimer le dernier utilisateur !\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Enlever réellement tous les noms d'utilisateurs sélectionnés ? (o/N) "
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "Enlever réellement ce nom d'utilisateur ? (o/N) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr "Enlever réellement la clé principale ? (o/N) "
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "Vous devez sélectionner exactement une clé.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr "La commande attend un nom de fichier comme argument\n"
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "Impossible d'ouvrir `%s': %s\n"
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "Erreur durant la lecture de la clé de sauvegarde de `%s' : %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Vous devez sélectionner au moins une clé.\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Voulez-vous vraiment supprimer les clés sélectionnées ? (o/N) "
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Voulez-vous vraiment supprimer cette clé ? (o/N) "
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Révoquer réellement tous les noms d'utilisateurs sélectionnés ? (o/N) "
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Révoquer réellement ce nom d'utilisateur ? (o/N) "
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Voulez-vous vraiment révoquer la clé entière ? (o/N) "
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Voulez-vous vraiment révoquer les sous-clés sélectionnées ? (o/N) "
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Voulez-vous vraiment révoquer cette sous-clé ? (o/N) "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+"La confiance du propriétaire peut ne pas être positionnée en utilisant\n"
+"la base de confiance d'un tiers\n"
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "Changer la liste de préférences en :\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+"Mettre à jour réellement les préférences des noms d'utilisateurs\n"
+"sélectionnés ? (o/N) "
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "Faut-il vraiment mettre à jour les préférences ? (o/N) "
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "Enregistrer les changements? (o/N) "
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "Quitter sans enregistrer ? (o/N) "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "la mise à jour a échoué: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "la mise à jour de la clé secrète a échoué: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "La clé n'a pas changé donc la mise à jour est inutile.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Hachage: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Fonctions: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr "Serveur de clés: pas-de-modification"
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr "Serveur de clés préféré: "
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr ""
+"@\n"
+"Options:\n"
+" "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr ""
+"Il n'y a pas de préférences dans un nom d'utilisateur du style de\n"
+"PGP 2.x.\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Cette clé a été révoquée le %s par la clé %s %s\n"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Cette clé peut être révoquée par la clé %s %s"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr "(sensible)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "créé: %s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "revoqué: %s"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "expiré: %s"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "expire: %s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "utilisation: %s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr " confiance: %s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "validité: %s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Cette clé a été désactivée"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr "n° de carte: "
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Notez que la validité affichée pour la clé n'est pas nécessairement\n"
+"correcte tant que vous n'avez pas relancé le programme.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "revoquée"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "expirée"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"AVERTISSEMENT: aucun nom d'utilisateur n'a été défini comme principal.\n"
+"Cette commande risque de rendre un autre nom d'utilisateur principal\n"
+"par défaut.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"ATTENTION: C'est une clé du style PGP2. Ajouter une photo\n"
+"d'identité peut empêcher certaines versions de PGP d'accepter\n"
+"cette clé\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Etes-vous sûr de vouloir l'ajouter ? (y/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr ""
+"Vous ne pouvez pas ajouter de photo d'identité à une clé du style PGP2.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Supprimer cette bonne signature ? (o/N/q)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Supprimer cette signature invalide ? (o/N/q)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Supprimer cette signature inconnue ? (o/N/q)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Faut-il vraiment supprimer cette auto-signature ? (o/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "%d signature supprimée.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "%d signatures supprimées\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Rien n'a été supprimé.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "invalide"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "Nom d'utilisateur \"%s\": déjà nettoyé.\n"
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "clé %s: « %s » %d signature nettoyée\n"
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "clé %s: « %s » %d signatures nettoyées\n"
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "Nom d'utilisateur \"%s\": déjà nettoyé.\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "Nom d'utilisateur \"%s\": déjà nettoyé.\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"AVERTISSEMENT: C'est une clé du style PGP2. Ajouter un révocateur\n"
+"désigné peut empêcher certaines versions de PGP d'accepter\n"
+"cette clé.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr ""
+"Vous ne pouvez pas ajouter de révocateur désigné à une clé de style PGP2.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Entrez le nom d'utilisateur du révocateur désigné: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+"impossible d'utiliser une clé de style PGP 2.x comme révocateur\n"
+"désigné.\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr ""
+"vous ne pouvez pas utiliser une clé comme son propre révocateur\n"
+"désigné\n"
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr "cette clé à déjà été désignée comme un révocateur\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"AVERTISSEMENT: l'établissement d'une clé comme révocateur désigné\n"
+"est irréversible !\n"
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Etes-vous sûr de vouloir établir cette clé comme révocateur\n"
+"désigné ? (o/N) "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Enlevez les sélections des clés secrètes.\n"
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr "Vous devez sélectionner au plus une sous-clé.\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Changer la date d'expiration d'une sous-clé.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Changer la date d'expiration de la clé principale.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Vous ne pouvez pas changer la date d'expiration d'une clé v3\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Pas de signature correspondante dans le porte-clés secret\n"
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr ""
+"AVERTISSEMENT: la sous-clé de signature %s n'a pas de certificat\n"
+"croisé\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Vous devez sélectionner exactement un utilisateur.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "l'auto-signature v3 du nom d'utilisateur « %s » a été ignorée\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr "Entrez l'URL de votre serveur de clés favori: "
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Etes-vous sûr de vouloir le remplacer ? (o/N) "
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Etes-vous sûr de vouloir le supprimer ? (o/N) "
+
+#: g10/keyedit.c:4322
+#, fuzzy
+msgid "Enter the notation: "
+msgstr "Notation de signature: "
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "Réécrire par-dessus ? (o/N) "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Pas d'utilisateur avec l'index %d\n"
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Pas de nom d'utilisateur avec le hachage %s\n"
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "Pas de sous-clé avec l'index %d\n"
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "nom d'utilisateur: « %s »\n"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "signé par votre clé %s à %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (non-exportable)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Cette signature a expiré le %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Etes-vous sûr de vouloir toujours le révoquer ? (y/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Générer un certificat de révocation pour cette signature ? (o/N) "
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr ""
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Vous avez signé ces noms d'utilisateurs sur la clé %s:\n"
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (non-révocable)"
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "révoqué par votre clé %s à %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Vous êtes sur le point de révoquer ces signatures:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Créer réellement les certificats de révocation ? (o/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "pas de clé secrète\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "Le nom d'utilisateur \"%s\" est déjà révoqué.\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+"AVERTISSEMENT: une signature de nom d'utilisateur date de %d secondes\n"
+"dans le futur\n"
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "La clé %s est déjà révoqué.\n"
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "La sous-clé %s est déjà révoquée.\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+"Affichage %s photo d'identité de taille %ld pour la clé\n"
+"0x%s (uid %d)\n"
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "préférence `%s' dupliquée\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "trop de préférences de chiffrement\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "trop de préférences de hachage\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "trop de préférences de compression\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "élément `%s' invalide dans la chaîne de préférences\n"
+
+# g10/keygen.c:123 ???
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "écriture de la signature directe\n"
+
+# g10/keygen.c:123 ???
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "écriture de l'auto-signature\n"
+
+# g10/keygen.c:161 ???
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "écriture de la signature de liaison\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "Taille invalide; utilisation de %u bits\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "taille arrondie à %u bits\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "Signer"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "Chiffrer"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "Authentifier"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr "SsCcAaQq"
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "Actions possibles pour une clé %s: "
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr "Actions actuellement permises: "
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) Inverser la capacité de signer\n"
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) Inverser la capacité de chiffrement\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) Inverser la capacité d'authentifier\n"
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) Terminé\n"
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Sélectionnez le type de clé désiré:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA et Elgamal (par défaut)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA et Elgamal (par défaut)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (signature seule)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (signature seule)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) Elgamal (chiffrement seul)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (chiffrement seul)\n"
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (indiquez vous-même les capacités)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (indiquez vous-même les capacités)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "les clés %s peuvent faire entre %u et %u bits de longueur.\n"
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Quelle taille de clé désirez-vous ? (%u) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Quelle taille de clé désirez-vous ? (%u) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "La taille demandée est %u bits\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Spécifiez combien de temps cette clé devrait être valide.\n"
+" 0 = la clé n'expire pas\n"
+" <n> = la clé expire dans n jours\n"
+" <n>w = la clé expire dans n semaines\n"
+" <n>m = la clé expire dans n mois\n"
+" <n>y = la clé expire dans n années\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Spécifiez combien de temps la signature devrait être valide.\n"
+" 0 = la signature n'expire pas\n"
+" <n> = la signature expire dans n jours\n"
+" <n>w = la signature expire dans n semaines\n"
+" <n>m = la signature expire dans n mois\n"
+" <n>y = la signature expire dans n années\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "La clé est valide pour ? (0) "
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "La signature est valide pour ? (%s) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "valeur invalide\n"
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr "La clé n'expire pas du tout\n"
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr "La signature n'expire pas du tout\n"
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "La clé expire le %s\n"
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "La signature expire le %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Votre système ne sait pas afficher les dates au-delà de 2038.\n"
+"Cependant la gestion des dates sera correcte jusqu'à 2106.\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "Est-ce correct ? (o/N) "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Vous avez besoin d'un nom d'utilisateur pour identifier votre clé; le\n"
+"programme le construit à partir du nom réel, d'un commentaire et d'une\n"
+"adresse e-mail de cette manière:\n"
+" « Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de> »\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Nom réel: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Caractère invalide dans le nom\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Le nom ne doit pas commencer par un chiffre\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Le nom doit faire au moins 5 caractères de long\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Adresse e-mail: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Ce n'est pas une adresse e-mail valide\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Commentaire: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Caractère invalide dans le commentaire\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Vous utilisez le jeu de caractères '%s'.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Vous avez sélectionné ce nom d'utilisateur:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr ""
+"Ne mettez pas d'adresse e-mail dans le nom réel ou dans le commentaire\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcEeOoQq"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Changer le (N)om, le (C)ommentaire, l'(E)-mail ou (Q)uitter ? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Changer le (N)om, le (C)ommentaire, l'(E)-mail ou (O)K/(Q)uitter ? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Corrigez l'erreur d'abord\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Vous avez besoin d'une phrase de passe pour protéger votre clé\n"
+"secrète.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "Entrez le mot de passe ; c'est une phrase secrète \n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Vous ne voulez pas de phrase de passe - c'est sûrement une *mauvaise*\n"
+"idée !\n"
+"Je l'accepte quand-même. Vous pouvez changer votre phrase de passe\n"
+"quand vous le désirez, en utilisant ce programme avec l'option\n"
+"« --edit-key ».\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Un grand nombre d'octets aléatoires doit être généré. Vous devriez faire\n"
+"autre-chose (taper au clavier, déplacer la souris, utiliser les disques)\n"
+"pendant la génération de nombres premiers; cela donne au générateur de\n"
+"nombres aléatoires une meilleure chance d'avoir assez d'entropie.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "La génération de clé a été annulée.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "écriture de la clé publique dans `%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "écriture d'une clé secrète partielle dans `%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "écriture de la clé secrète dans `%s'\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr ""
+"aucun portes-clés public n'a été trouvé avec des droits d'écriture : %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr ""
+"aucun portes-clés secret n'a été trouvé avec des droits d'écriture : %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "erreur durant l'écriture du porte-clés public `%s': %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "erreur durant l'écriture du porte-clés secret `%s': %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "les clés publique et secrète ont été créées et signées.\n"
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Notez que cette clé ne peut être utilisée pour chiffrer. Vous pouvez\n"
+"utiliser la commande «--edit-key» pour générer une sous-clé à\n"
+"cette fin.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "La génération de clé a échoué: %s\n"
+
+# on s'amuse comme on peut...
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"la clé a été créée %lu seconde dans le futur (rupture spatio-temporelle ou\n"
+"problème d'horloge)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"la clé a été créée %lu secondes dans le futur (rupture spatio-temporelle ou\n"
+"problème d'horloge\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr ""
+"NOTE: créer des sous-clés pour des clés v3 n'est pas conforme à OpenPGP\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "Créer vraiment ? (o/N) "
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "le stockage de la clé dans la carte a échoué: %s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "impossible de créer le fichier de sauvegarde `%s': %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "NOTE: sauvegarde de la clé de la carte dans `%s'\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "jamais "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Politique de signature critique: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Politique de signature: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr "Serveur de clés critique favori: "
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Notation de signature critique: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Notation de signature: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Porte-clés"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Empreinte de clé principale:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Empreinte de la sous-clé:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Empreinte de la clé principale:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Empreinte de la sous-clé:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr " Empreinte de la clé ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr "N° de série de la carte ="
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "renommer `%s' en `%s' a échoué: %s \n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr ""
+"ATTENTION: 2 fichiers avec des informations confidentielles existent.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s est le fichier original\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s est le nouveau\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Réparez ce problème de sécurité possible\n"
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "mise en antémémoire du porte-clés `%s'\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu clés en antémémoire vérifiées pour l'instant (%lu signatures)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu clés en antémémoire (%lu signatures)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: porte-clés créé\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "Entrez l'URL de votre serveur de clés favori: "
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"AVERTISSEMENT: les options de serveur de clés `%s' ne sont pas\n"
+"utilisées dans cette plateforme\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "désactivé"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "Entrez le(s) nombre(s), S)uivant, ou Q)uitter > "
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "protocole serveur de clés invalide (nous %d!=gestionnaire %d)\n"
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "clé « %s » introuvable dans le serveur de clés\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "clé non trouvée dans le serveur de clés\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "requête de la clé %s du serveur %s %s\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "requête de la clé %s de %s\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "recherche de « %s » du serveur %s %s\n"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "recherche de « %s » de %s\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "envoi de la clé %s au serveur %s %s\n"
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "envoi de la clé %s à %s\n"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "recherche de « %s » du serveur %s %s\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "recherche de « %s » de %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr "pas d'action pour le serveur de clés !\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+"AVERTISSEMENT: le gestionnaire de serveurs de clés provient d'une\n"
+"version différente de GnuPG (%s)\n"
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "le serveurs de clés n'a pas envoyé son numéro de VERSION\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "pas de serveur de clés connu (utilisez l'option --keyserver)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+"les appels externes à un serveur de clé ne sont pas supportés dans\n"
+"cette compilation\n"
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "pas de gestionnaire pour le type de serveurs de clés `%s'\n"
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+"l'action `%s' n'est pas supportée avec le type de serveurs\n"
+"de clés `%s'\n"
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "%s ne supporte pas le gestionnaire de version %d\n"
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "le délai d'attente du serveur de clés a expiré\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "erreur interne du serveur de clés\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "erreur de communication avec le serveur de clés: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "« %s » n'est pas une ID de clé: ignoré\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr ""
+"AVERTISSEMENT: impossible de rafraîchir la clé %s\n"
+"via %s: %s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "rafraîchissement d'une clé depuis %s\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "rafraîchissement de %d clés depuis %s\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr ""
+"AVERTISSEMENT: impossible de rafraîchir la clé %s\n"
+"via %s: %s\n"
+
+#: g10/keyserver.c:1993
+#, fuzzy, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr ""
+"AVERTISSEMENT: impossible de rafraîchir la clé %s\n"
+"via %s: %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "taille étonnante pour une clé de session chiffrée (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "clé de session chiffrée %s\n"
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "phrase de passe générée avec l'algorithme de hachage %d inconnu\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "la clé publique est %s\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "données chiffrées par clé publique: bonne clé de chiffrement (DEK)\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "chiffré avec une clé de %u bits %s, ID %s, créée le %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " « %s »\n"
+
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "chiffré avec une clé %s, ID %s\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "le déchiffrement par clé publique a échoué: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "chiffré avec %lu phrases de passe\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "chiffré avec 1 phrase de passe\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "on suppose des données chiffrées avec %s\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+"L'algorithme IDEA n'est pas disponible, avec un peu de chance %s marchera\n"
+"peut-être\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "le déchiffrement a réussi\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "AVERTISSEMENT: l'intégrité du message n'était pas protégée\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "AVERTISSEMENT: le message chiffré a été manipulé !\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "le déchiffrement a échoué: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "NOTE: l'expéditeur a demandé «pour vos yeux seulement»\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "nom de fichier original: '%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "révocation autonome - utilisez «gpg --import» pour l'appliquer\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "Bonne signature de « %s »"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "vérification de signature supprimée\n"
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "le traitement de ces signatures multiples est impossible\n"
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "Signature faite le %s\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " en utilisant la clé %s %s\n"
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Signature faite le %s avec la clé %s ID %s\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Clé disponible sur: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "MAUVAISE signature de « %s »"
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Signature expirée de « %s »"
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "Bonne signature de « %s »"
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[incertain]"
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " alias « %s »"
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "La signature a expiré le %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "La signature expire le %s\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "signature %s, algorithme de hachage %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "binaire"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "modetexte"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "inconnu"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Impossible de vérifier la signature: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "la signature n'est pas détachée\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"AVERTISSEMENT: plusieurs signatures ont été détéctées. Seulement la "
+"première\n"
+"sera vérifiée.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "signature autonome de classe 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "signature d'un ancien style (PGP 2.x)\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "paquet racine invalide détecté dans proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "fstat de `%s' échoué dans %s: %s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "fstat(%d) échoué dans %s: %s\n"
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr ""
+"AVERTISSEMENT: utilisation de l'algorithme expérimental à clé\n"
+"publique %s\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "AVERTISSEMENT: l'algorithme de hachage %s est déconseillé\n"
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr ""
+"AVERTISSEMENT: utilisation de l'algorithme expérimental de chiffrement\n"
+"%s\n"
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr ""
+"AVERTISSEMENT: utilisation de l'algorithme de hachage\n"
+"expérimental %s\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "AVERTISSEMENT: l'algorithme de hachage %s est déconseillé\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "le module de chiffrement IDEA n'est pas présent\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr "voir http://www.gnupg.org/fr/faq.html pour plus d'informations\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: option déconseillée \"%s\"\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "AVERTISSEMENT: \"%s\" est une option déconseillée.\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "utilisez \"%s%s\" à la place\n"
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr ""
+"AVERTISSEMENT: \"%s\" est une commande déconseillée - ne\n"
+"l'utilisez pas\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "AVERTISSEMENT: \"%s\" est une option déconseillée.\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "Non-compressé"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr "noncompressé|non"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "ce message ne sera pas utilisable par %s\n"
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "option ambiguë `%s'\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "option `%s' inconnue\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Le fichier `%s' existe. "
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "Réécrire par-dessus ? (o/N) "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: suffixe inconnu\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Entrez le nouveau nom de fichier"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "écriture vers la sortie standard\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "les données signées sont supposées être dans `%s'\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr " nouveau fichier de configuration `%s' créé\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+"AVERTISSEMENT: les options de `%s' ne sont pas encore actives cette fois\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "impossible de gérer l'algorithme à clé publique %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+"AVERISSEMENT: la clé de session chiffrée de manière symétrique est\n"
+"potentiellement non sûre\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "un sous-paquet de type %d possède un bit critique\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, fuzzy, c-format
+msgid "problem with the agent: %s\n"
+msgstr "problème avec l'agent - arrêt d'utilisation de l'agent\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (ID clé principale %s)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Vous avez besoin d'une phrase de passe pour déverrouiller la clé\n"
+"secrète pour l'utilisateur:\n"
+"\"%.*s\"\n"
+"clé %u bits %s, ID %s, créée %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Entrez la phrase de passe\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "annulé par l'utilisateur\n"
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"Vous avez besoin d'une phrase de passe pour déverrouiller la\n"
+"clé secrète pour l'utilisateur: « %s »\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "clé de %u bits %s, ID %s, créée le %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (sous-clé de la clé principale ID %s)"
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Choisissez une image à utiliser pour votre photo d'identité. L'image\n"
+"doit être un fichier JPEG. Rappelez-vous que cette image est stockée\n"
+"dans votre clé publique. Si vous utilisez une image très grosse, il\n"
+"en sera de même pour votre clé !\n"
+"La meilleure taille à utiliser est 240x288.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Entrez le nom du fichier JPEG pour la photo d'identité: "
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "impossible d'ouvrir le fichier JPEG `%s': %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "Ce JPEG est vraiment trés grand (%d octets) !\n"
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Êtes-vous sûr de vouloir l'utiliser ? (o/N) "
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "`%s' n'est pas un fichier JPEG\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Cette photo est-elle correcte (o/N/q) ? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "impossible d'afficher la photo d'identité !\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Aucune raison spécifiée"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "La clé a été remplacée"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "La clé a été compromise"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "La clé n'est plus utilisée"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "Le nom d'utilisateur n'est plus valide"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "cause de révocation: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "commentaire de révocation: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMqQsS"
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "Pas de valeur de confiance définie pour :\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " alias « %s »\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+"Jusqu'à quel point avez-vous confiance au fait que cette clé\n"
+"appartient rééllement à l'utilisateur nommé ?\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = ne sais pas ou ne dirai pas\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = je ne fais PAS confiance\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = je donne une confiance ultime\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " m = retour au menu principal\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " s = sauter cette clé\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " q = quitter\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+"Le niveau de confiance minimal pour cette clé est: %s\n"
+"\n"
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Votre décision ? "
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Voulez-vous vraiment donner une confiance ultime à cette clé ? (o/N) "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certificats conduisant vers une clé à confiance ultime:\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Rien ne dit que la clé appartient vraiment à l'utilisateur\n"
+"nommé.\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Il n'est pas vraiment sûr que la clé appartient vraiment\n"
+"à l'utilisateur nommé.\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "Cette clé appartient probablement à l'utilisateur nommé\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Cette clé nous appartient\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"Il n'est PAS certain que la clé appartient à la personne nomée dans\n"
+"le nom d'utilisateur. Si vous savez *vraiment* ce que vous faites,\n"
+"vous pouvez répondre oui à la prochaine question.\n"
+"\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "Utiliser cette clé quand même ? (o/N) "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "ATTENTION: Utilisation d'une clé sans confiance !\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+"AVERTISSEMENT: cette clé est peut-être révoquée (clé de révocation\n"
+"absente)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "AVERTISSEMENT: Cette clé à été révoquée par son révocateur désigné !\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "ATTENTION: Cette clé à été révoquée par son propriétaire !\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " Cela pourrait signifier que la signature est fausse.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "ATTENTION: Cette sous-clé à été révoquée par son propriétaire !\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Note: cette clé a été désactivée.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Note: Cette clé a expiré !\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr ""
+"ATTENTION: Cette clé n'est pas certifiée avec une signature de confiance !\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" Rien ne dit que la signature appartient à son propriétaire.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "ATTENTION: Nous ne faisons PAS confiance à cette clé !\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " La signature est certainement FAUSSE.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"ATTENTION: Les signatures de cette clé n'ont pas une confiance suffisante !\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr ""
+" Il n'est pas sûr que la signature appartient à son "
+"propriétaire.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: ignoré: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: ignoré: clé publique déjà présente\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr ""
+"Vous n'avez pas spécifié de nom d'utilisateur. (vous pouvez\n"
+"utiliser «-r»)\n"
+"\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr "Récipients actuels:\n"
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Entrez le nom d'utilisateur, en terminant par une ligne vide: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Pas d'utilisateur de ce nom.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "ignoré: la clé publique est déjà le destinataire par défaut\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "La clé publique est désactivée.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "ignoré: clé publique déjà activée\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "destinataire par défaut « %s » inconnu\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: ignoré: la clé publique est désactivée\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "pas de destinataire valide\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "clé %s: pas de nom d'utilisateur\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "clé %s: pas de nom d'utilisateur\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+"les données ne sont pas enregistrées; utilisez l'option «--output» pour\n"
+"les enregistrer\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Signature détachée.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Entrez le nom du fichier de données: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "lecture de l'entrée standard...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "pas de données signées\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "impossible d'ouvir les données signées `%s'\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "impossible d'ouvir les données signées `%s'\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "destinataire anonyme; essai de la clé secrète %s...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "d'accord, nous sommes le destinataire anonyme.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "l'ancien codage de la clé de chiffrement (DEK) n'est pas supporté\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "l'algorithme de chiffrement %d%s est inconnu ou désactivé\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr ""
+"AVERTISSEMENT: l'algorithme de chiffrement %s n'a pas été trouvé\n"
+"dans les préférences du destinataire\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "NOTE: la clé secrète %s a expiré le %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "NOTE: la clé a été révoquée"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet a échoué: %s\n"
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "clé %s: pas de nom d'utilisateur\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Doit être révoqué par:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(c'est une clé de révocation sensible)\n"
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Générer un certificat de révocation désignée pour cette clé ? (o/N) "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "sortie avec armure ASCII forcée.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet a échoué: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Certificat de révocation créé.\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "aucune clé de révocation trouvée pour « %s »\n"
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "la clé secrète « %s » n'a pas été trouvée: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "pas de clé publique correspondante: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "la clé publique ne correspond pas à la clé secrète !\n"
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Générer un certificat de révocation pour cette clé ? (o/N) "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "algorithme de protection inconnu\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "NOTE: Cette clé n'est pas protégée !\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Certificat de révocation créé.\n"
+"\n"
+"Déplacez-le dans un support que vous pouvez cacher ; si Mallory a\n"
+"accès à ce certificat il peut l'utiliser pour rendre votre clé\n"
+"inutilisable.\n"
+"Une bonne idée consiste à imprimer ce certificat puis à le stocker\n"
+"ailleurs, au cas où le support devient illisible. Mais attention :\n"
+"le système d'impression de votre machine pourrait stocker ces\n"
+"données et les rendre accessibles à d'autres personnes !\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "choisissez la cause de la révocation:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Annuler"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Vous devriez sûrement sélectionner %d ici)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Entrez une description optionnelle ; terminez-là par une ligne vide:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Cause de révocation: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(Aucune description donnée)\n"
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "Est-ce d'accord ? (o/N) "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "les parties secrètes ne sont pas disponibles\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "l'algorithme de protection %d%s n'est pas supporté\n"
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "le hachage de protection %d n'est pas supporté\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Phrase de passe invalide ; réessayez"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "ATTENTION: Clé faible détectée - changez encore la phrase de passe.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"génération de la somme de contrôle de 16 bits (dépréciée) pour protéger\n"
+"la clé secrète\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "clé faible générée - nouvel essai\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"impossible d'éviter une clé faible pour le chiffrement symétrique:\n"
+"%d essais ont eu lieu !\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "AVERTISSEMENT: conflit de hachage de signature dans le message\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+"AVERTISSEMENT: la sous-clé de signature %s n'a pas de certificat\n"
+"croisé\n"
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"AVERTISSEMENT: la sous-clé de signature %s a un certificat croisé\n"
+"invalide\n"
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "la clé publique %s est plus récente de %lu seconde que la signature\n"
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "la clé publique %s est plus récente de %lu secondes que la signature\n"
+
+# on s'amuse comme on peut...
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"la clé %s a été créée %lu seconde dans le futur (rupture\n"
+"spatio-temporelle ou problème d'horloge)\n"
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"la clé %s a été créée %lu secondes dans le futur (rupture\n"
+"spatio-temporelle ou problème d'horloge)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "NOTE: la clé de signature %s a expiré le %s\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "NOTE: la clé a été révoquée"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"la signature de la clé %s est supposée être fausse car un bit\n"
+"critique est inconnu\n"
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "clé %s: pas de sous-clé pour la signature de révocation de sous-clé\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr ""
+"clé %s: pas de sous-clé pour la signature de liaison à la\n"
+"sous-clé\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"AVERTISSEMENT: impossible de faire une expansion à base de %%\n"
+"(chaîne trop grande). Utilisation de la version non expansée.\n"
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"AVERTISSEMENT: impossible de faire une expansion à base de %% de l'URL\n"
+"de politique (trop grande). Utilisation de la version non expansée.\n"
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"AVERTISSEMENT: impossible de faire une expansion à base de %% de l'URL\n"
+"de politique (trop grande). Utilisation de la version non expansée.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "Impossible de vérifier la signature créée: %s\n"
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s signature de: « %s »\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"il n'est possible générer une signature détachée avec des clés de\n"
+"style PGP 2.x qu'en mode --pgp2\n"
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"AVERTISSEMENT: forcer l'algorithme de hachage %s (%d) entre en\n"
+"désaccord avec les préférences du destinataire\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "signature:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"il n'est possible de faire une signature en texte clair avec des clés\n"
+"de style PGP 2.x qu'en mode --pgp2\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "le chiffrement %s sera utilisé\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"la clé n'est pas marquée comme non-sûre; on ne peut pas l'utiliser avec le\n"
+"pseudo-générateur de nombres aléatiores !\n"
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "« %s » a été ignoré: dupliqué\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "« %s » a été ignoré: %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "ignoré: clé secrète déjà présente\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"c'est une clé ElGamal générée par PGP qui n'est pas sûre pour\n"
+"les signatures !"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "enregistrement de confiance %lu, type %d: l'écriture a échoué: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Liste des valeurs de confiance assignées, créée le %s\n"
+"# (Utilisez « gpg --import-ownertrust » pour les restaurer)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "erreur dans `%s': %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "ligne trop longue"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr "symbole deux-points manquant"
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "empreinte invalide"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "valeur de confiance au propriétaire manquante"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr ""
+"erreur pendant la recherche de l'enregistrement de confiance\n"
+"dans `%s': %s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "erreur de lecture dans `%s': %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "base de confiance: la synchronisation a échoué: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "enregistrement de base de confiance %lu: lseek a échoué: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr ""
+"enregistrement de la base de confiance %lu: l'écriture a échoué (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "transaction de base de confiance trop volumineuse\n"
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "impossible d'accéder à `%s': %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: le répertoire n'existe pas !\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "impossible de créer un verrou pour `%s'\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "impossible de verrouiller `%s'\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: impossible de créer un enregistrement de version: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: base de confiance invalide créée\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: base de confiance créée\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "NOTE: la base de confiance n'a pas les permissions d'écriture\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: base de confiance invalide\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: la création de la table de hachage a échoué: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: erreur pendant la mise à jour de l'enregistrement de version: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: erreur pendant la lecture de l'enregistrement de version: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: erreur pendant l'écriture de l'enregistrement de version: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "base de confiance: «lseek()» a échoué: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "base de confiance: la lecture a échoué (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: ce n'est pas un fichier de base de confiance\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: enregistrement de version avec un numéro %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: version %d du fichier invalide\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: erreur pendant la lecture de l'enregistrement libre: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr ""
+"%s: erreur pendant l'écriture de l'enregistrement de\n"
+"répertoire: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: n'a pu mettre un enregistrement à zéro: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: impossible d'ajouter un enregistrement: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: base de confiance créée\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "impossible de traiter les lignes plus longues que %d caractères\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "la ligne d'entrée est plus longue que %d caractères\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "`%s' n'est pas une identification de clé longue valide\n"
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "clé %s: acceptée comme clé de confiance.\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "la clé %s apparaît plusieurs fois dans la base de confiance\n"
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "clé %s: pas de clé publique pour la clé de confiance - ignorée\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "clé %s marquée comme ayant une confiance ultime.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr ""
+"enregistrement de confiance %lu, type de requête %d: la lecture a échoué: %"
+"s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "l'enregistrement de confiance %lu: n'est pas du type demandé %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+"impossible d'utiliser ce modèle de confiance inconnu (%d) -\n"
+"on utilise à la place le modèle de confiance %s\n"
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr "utilisation du modèle de confiance %s\n"
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr "11 le traducteur a bien lu ce qu'il fallait :)"
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr "[ revoquée]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr "[ expirée ]"
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr "[ inconnue]"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr "[indéfinie]"
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr "[marginale]"
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr "[ entière ]"
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr "[ ultime ]"
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr "indéfinie"
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr "jamais"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr "marginale"
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr "entière"
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr "ultime"
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "vérification de la base de confiance inutile\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "la prochaine vérification de la base de confiance aura lieu le %s\n"
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr ""
+"vérification de la base de confiance inutile avec le modèle de\n"
+"confiance `%s'\n"
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr ""
+"mise à jour de la base de confiance inutile avec le modèle de\n"
+"confiance `%s'\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "clé publique %s non trouvée : %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "faites un --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "vérifier la base de confiance\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d clés traitées (%d comptes de validité réinitialisés)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "aucune clé de confiance ultime n'a été trouvée\n"
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "la clé publique de la clé de confiance ultime %s est introuvable\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+"%d marginale(s) nécessaires, %d complète(s) nécessaires, modèle\n"
+"de confiance %s\n"
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+"profondeur: %d valide: %3d signé: %3d\n"
+"confiance: %d-. %dg. %dn. %dm. %df. %du\n"
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr ""
+"impossible de mettre à jour l'enregistrement de version de la\n"
+"base de confiance: l'écriture a échoué: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"impossible de vérifier la signature.\n"
+"Rappelez-vous bien que le fichier de signature (.sig ou .asc)\n"
+"doit être le premier fichier indiqué sur la ligne de commande.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr ""
+"la ligne d'entrée %u est trop longue ou il manque un caractère de saut\n"
+"de ligne\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "impossible d'ouvrir `%s': %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "Les commandes d'administration ne sont pas permises\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "erreur de lecture"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "ligne trop longue"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "argument invalide"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "La commande n'est utilisable qu'en mode administration\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "options de liste invalides\n"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "non forcé"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "options de liste invalides\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "Commande invalide (essayez «help»)\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "non forcé"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "options de liste invalides\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "vous avez trouvé un bug... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "erreur pendant la lecture de `%s': %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "la signature a échoué: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "renommer `%s' en `%s' a échoué: %s \n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "impossible de créer le répertoire `%s': %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "erreur durant l'écriture du porte-clés `%s': %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "écriture de la clé secrète dans `%s'\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "clé publique %s non trouvée : %s\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "écriture de la clé secrète dans `%s'\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Utilisation: gpg [options] [fichiers] (-h pour l'aide)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "le module RSA est manquant ou bien sa taille n'est pas %d bits\n"
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "l'exposant public RSA est manquant ou trop élevé (plus de %d bits)\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "l'appel du PIN a retourné une erreur: %s\n"
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "||Entrez le PIN%%0A[sigs faites: %lu]"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "||Entrez le PIN%%0A[sigs faites: %lu]"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "||Entrez le PIN%%0A[sigs faites: %lu]"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "||Entrez le PIN%%0A[sigs faites: %lu]"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "erreur pendant l'obtention du nouveau code PIN: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "impossible de stocker l'empreinte: %s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "impossible de stocker la date de création: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "la lecture de la clé publique a échoué: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "la réponse ne contient pas les données de clé publique\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "la réponse ne contient pas le modulo RSA\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "la réponse ne contient pas l'exposant public RSA\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||Entrez le PIN%%0A[sigs faites: %lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "||Entrez le PIN%%0A[sigs faites: %lu]"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+"Le code PIN pour CHV%d est trop court ; la longueur minimale\n"
+"est %d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "la vérification CHV%d a échoué: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "erreur pendant la récupération de l'état CHV de la carte\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "la carte est irrémédiablement bloquée !\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+"%d tentatives de PIN admin restent jusqu'à ce que la carte\n"
+"soit irrémédiablement bloquée\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "||Entrez le PIN%%0A[sigs faites: %lu]"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "||Entrez le PIN%%0A[sigs faites: %lu]"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "l'accès aux commandes d'administration n'est pas configuré\n"
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "||Entrez le PIN%%0A[sigs faites: %lu]"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, fuzzy, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+"Le code PIN pour CHV%d est trop court ; la longueur minimale\n"
+"est %d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr "|AN|Nouveau code PIN d'administration"
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr "|N|Nouveau code PIN"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "erreur pendant la lecture de données d'application\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "erreur pendant la lecture de l'empreinte DO\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "la clé existe déjà\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "la clé existante sera remplacée\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "générer une nouvelle clé\n"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "générer une nouvelle clé\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr "l'horodatage de création est manquant\n"
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+"le nombre premier RSA %s est manquant ou bien sa taille n'est pas\n"
+"%d bits\n"
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "le stockage de la clé a échoué: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "attendez que la clé se génère...\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "la génération de la clé a échoué\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "la génération de clé a été effectuée (%d secondes)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "structure de carte OpenPGP invalide (DO 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "signature %s, algorithme de hachage %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "signatures créées jusqu'ici: %lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+"la vérification du code PIN d'administration est actuellement interdite\n"
+"au travers de cette commande\n"
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "impossible d'accéder à %s - carte OpenPGP invalide ?\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+#, fuzzy
+msgid "|N|Initial New PIN"
+msgstr "|N|Nouveau code PIN"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "lire les options de `%s'\n"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr ""
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr ""
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr ""
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "indiquer les commandes d'administration"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Utilisation: gpg [options] [fichiers] (-h pour l'aide)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "caractère %02X invalide en radix64 ignoré\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+#, fuzzy
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "la variable d'environnement GPG_AGENT_INFO est mal définie\n"
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "le protocole gpg-agent version %d n'est pas supporté\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+msgid "shell"
+msgstr ""
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "le protocole gpg-agent version %d n'est pas supporté\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "Impossible d'ouvrir `%s': %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "il est interdit d'exporter les clé secrètes\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "erreur pendant la création de la phrase de passe: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "la lecture de la clé publique a échoué: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "le stockage de la clé a échoué: %s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "NOTE: la clé a été révoquée"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "Impossible de vérifier la signature créée: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr ""
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "il est interdit d'exporter les clé secrètes\n"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "Cette clé a expiré !"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "Cette clé a expiré !"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "Cette clé a expiré !"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "Cette clé a expiré !"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " signatures nettoyées: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "Certificat de révocation créé.\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "mauvais certificat"
+
+#: sm/certchain.c:1114
+#, fuzzy
+msgid " ( issuer valid from "
+msgstr "N° de série de la carte ="
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "empreinte de l'autorité de certification: "
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "générer un certificat de révocation"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "Impossible de vérifier la signature créée: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr ""
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "vérifier une signature"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "préférence `%s' dupliquée\n"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "Certificat de révocation créé.\n"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr "mauvais certificat"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "non"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "Erreur: réponse invalide.\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "Erreur: réponse invalide.\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Vous avez besoin d'une phrase de passe pour déverrouiller la clé\n"
+"secrète pour l'utilisateur:\n"
+"\"%.*s\"\n"
+"clé %u bits %s, ID %s, créée %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr ""
+"erreur durant la lecture des informations contenues actuellement\n"
+"dans la clé: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "algorithme de hachage `%s' invalide\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Ce n'est pas une adresse e-mail valide\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "erreur durant la création du porte-clés `%s' : %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "erreur durant la création du porte-clés `%s' : %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "La génération de clé a échoué: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (signature seule)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (2) Clé de chiffrement\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Notation de signature: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "Pas de sous-clé avec l'index %d\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: erreur pendant la lecture de l'enregistrement libre: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "erreur pendant l'obtention du nouveau code PIN: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "désactiver la clé"
+
+#: sm/certreqgen-ui.c:276
+#, fuzzy, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "Actions possibles pour une clé %s: "
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) DSA (signature seule)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (signature seule)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (chiffrement seul)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+#, fuzzy
+msgid "No subject name given\n"
+msgstr "(Aucune description donnée)\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "algorithme de hachage `%s' invalide\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "Adresse e-mail: "
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"Entrez le nom d'utilisateur, en terminant par une ligne vide: "
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "Entrez le nouveau nom de fichier"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr "Entrez une description optionnelle ; terminez-là par une ligne vide:\n"
+
+#: sm/certreqgen-ui.c:344
+#, fuzzy
+msgid "Enter URIs"
+msgstr "Entrez le code PIN: "
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "la clé secrète « %s » n'a pas été trouvée: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "erreur pendant la lecture du bloc de clé : %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "Certificat de révocation créé.\n"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "préférence `%s' dupliquée\n"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "la suppression du bloc de clés a échoué : %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "(Aucune description donnée)\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "lister les clés secrètes"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "mauvais certificat"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "mauvais certificat"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "mauvais certificat"
+
+#: sm/gpgsm.c:209
+#, fuzzy
+msgid "register a smartcard"
+msgstr "ajouter une clé à une carte à puce"
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "créer une sortie ascii avec armure"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr ""
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "lire les options de `%s'\n"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr ""
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr ""
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr ""
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "enlever les clés de ce porte-clés"
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr ""
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr ""
+
+#: sm/gpgsm.c:329
+#, fuzzy
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "algorithme de chiffrement inconnu"
+
+#: sm/gpgsm.c:331
+#, fuzzy
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "signature %s, algorithme de hachage %s\n"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Utilisation: gpg [options] [fichiers] (-h pour l'aide)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntaxe: gpg [options] [fichiers]\n"
+"signer, vérifier, chiffrer ou déchiffrer\n"
+"l'opération par défaut dépend des données entrées\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "utilisation: gpg [options] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "impossible de se connecter à `%s': %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "option `%s' inconnue\n"
+
+#: sm/gpgsm.c:801
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Aucune description donnée)\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = sauter cette clé\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "impossible d'interpréter l'URL du serveur de clés\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "impossible d'accéder à `%s': %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr " Quantité totale traitée: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "générer un certificat de révocation"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "le stockage de la clé a échoué: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "erreur pendant l'obtention du nouveau code PIN: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "erreur pendant la création de la phrase de passe: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "erreur pendant la lecture de `%s': %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "erreur durant la création du porte-clés `%s' : %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "le porte-clés `%s` a été créé\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "impossible de stocker l'empreinte: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr ""
+"erreur pendant la recherche de l'enregistrement de confiance\n"
+"dans `%s': %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr ""
+"erreur durant la lecture des informations contenues actuellement\n"
+"dans la clé: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "erreur pendant la lecture de `%s': %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "Erreur: empreinte mal formatée.\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "l'algorithme de protection %d%s n'est pas supporté\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "Impossible de vérifier la signature créée: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "Signature faite le %s\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr ""
+"erreur durant la lecture des informations contenues actuellement\n"
+"dans la clé: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "Bonne signature de « %s »"
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " alias « %s »"
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr "Ceci sera une auto-signature.\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "quitter"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "lire les options de `%s'\n"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Utilisation: gpg [options] [fichiers] (-h pour l'aide)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "la lecture de la clé publique a échoué: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "ligne trop longue"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "option `%s' inconnue\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "la signature a échoué: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "erreur pendant la lecture de `%s': %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr ""
+"erreur pendant la recherche de l'enregistrement de confiance\n"
+"dans `%s': %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "révoquer la clé ou les sous-clés sélectionnées"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "erreur pendant la création de la phrase de passe: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr ""
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NOM|chiffrer pour NOM"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "impossible d'interpréter l'URL du serveur de clés\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "élément de configuration `%s' inconnu\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "élément de configuration `%s' inconnu\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "utiliser comme fichier de sortie"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Utilisation: gpg [options] [fichiers] (-h pour l'aide)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "utilisation: gpg [options] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "clé publique non trouvée"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "Les commandes d'administration ne sont pas permises\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Commandes:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "le déchiffrement a réussi\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "le déchiffrement a réussi\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [nom du fichier]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Utilisation: gpg [options] [fichiers] (-h pour l'aide)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s n'est pas permis avec %s !\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "fstat de `%s' échoué dans %s: %s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "impossible de créer le répertoire `%s': %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "erreur durant l'écriture du porte-clés `%s': %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "erreur pendant la lecture de `%s': %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "erreur dans `%s': %s\n"
+
+#: tools/symcryptrun.c:488
+#, fuzzy
+msgid "no --program option provided\n"
+msgstr "aucun programme d'exécution distante n'est supporté\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "impossible de créer `%s': %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "impossible de créer `%s': %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "la mise à jour a échoué: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "la suppression du bloc de clés a échoué : %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "la mise à jour a échoué: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "la mise à jour a échoué: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "la mise à jour a échoué: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "impossible de créer le fichier de sauvegarde `%s': %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "impossible de créer le fichier de sauvegarde `%s': %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "le hachage de protection %d n'est pas supporté\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Utilisation: gpg [options] [fichiers] (-h pour l'aide)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Commande> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr "la base de confiance est corrompue; exécutez «gpg --fix-trustdb».\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to <"
+#~ msgstr ""
+#~ "Signaler toutes anomalies à <gnupg-bugs@gnu.org> (en anglais)\n"
+#~ "et tout problème de traduction à <traduc@traduc.org>.\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr ""
+#~ "Signaler toutes anomalies à <gnupg-bugs@gnu.org> (en anglais)\n"
+#~ "et tout problème de traduction à <traduc@traduc.org>.\n"
+
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "La paire de clés DSA fera %u bits.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Répétez la phrase de passe\n"
+
+#, fuzzy
+#~ msgid "||Please enter your PIN at the reader's keypad%%0A[sigs done: %lu]"
+#~ msgstr "||Entrez le PIN%%0A[sigs faites: %lu]"
+
+#~ msgid "|A|Admin PIN"
+#~ msgstr "|A|code PIN d'administration"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "lire les options de `%s'\n"
+
+#~ msgid "generate PGP 2.x compatible messages"
+#~ msgstr "générer des messages compatibles avec PGP 2.x"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[fichier]|faire une signature"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[fichier]|faire une signature en texte clair"
+
+#, fuzzy
+#~ msgid "use the default key as default recipient"
+#~ msgstr "ignoré: la clé publique est déjà le destinataire par défaut\n"
+
+#, fuzzy
+#~ msgid "force v3 signatures"
+#~ msgstr "vérifier les signatures"
+
+#, fuzzy
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "Il faut la clé secrète pour faire cela.\n"
+
+#, fuzzy
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|NOM|chiffrer pour NOM"
+
+#, fuzzy
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "algorithme de compression inconnu"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "enlever les clés du porte-clés public"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "C'est à vous d'assigner une valeur ici; cette valeur ne sera jamais\n"
+#~ "envoyée à une tierce personne. Nous en avons besoin pour créer le réseau\n"
+#~ "de confiance (web-of-trust); cela n'a rien à voir avec le réseau des\n"
+#~ "certificats (créé implicitement)"
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Pour mettre en place le Réseau de confiance (Web of Trust), GnuPG a\n"
+#~ "besoin de savoir en quelles clés votre confiance est ultime - ce sont\n"
+#~ "en général les clés dont vous avez accès à la clé secrète. Répondez\n"
+#~ "\"oui\" pour indiquer que votre confiance en cette clé est ultime\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Si vous voulez utiliser cette clé peu sûre quand-même, répondez «oui»."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr ""
+#~ "Entrez le nom d'utilisateur de la personne à qui vous voulez envoyer\n"
+#~ "le message."
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the Digital Signature Algorithm and can only be used\n"
+#~ "for signatures.\n"
+#~ "\n"
+#~ "Elgamal is an encrypt-only algorithm.\n"
+#~ "\n"
+#~ "RSA may be used for signatures or encryption.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of signing."
+#~ msgstr ""
+#~ "Sélectionnez l'algorithme à utiliser.\n"
+#~ "\n"
+#~ "DSA (connu également sous le nom de DSS) est un algorithme de signature\n"
+#~ "digitale et ne peut être utilisé que pour des signatures.\n"
+#~ "\n"
+#~ "Elgamal est un algorithme pour le chiffrement seul.\n"
+#~ "\n"
+#~ "RSA peut être utilisé pour les signatures et le chiffrement.\n"
+#~ "\n"
+#~ "La première clé (clé principale) doit toujours être une clé capable\n"
+#~ "de signer."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "En général ce n'est pas une bonne idée d'utiliser la même clé pour\n"
+#~ "signer et pour chiffrer. Cet algorithme ne doit être utilisé que\n"
+#~ "pour certains domaines.\n"
+#~ "Consultez votre expert en sécurité d'abord."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Entrez la taille de la clé"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Répondez «oui» ou «non»"
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Entrez la valeur demandée comme indiqué dans la ligne de commande.\n"
+#~ "On peut entrer une date ISO (AAAA-MM-JJ) mais le résultat d'erreur sera\n"
+#~ "mauvais - le système essaierait d'interpréter la valeur donnée comme un\n"
+#~ "intervalle."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Entrez le nom du propriétaire de la clé"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr "entrez une adresse e-mail optionnelle mais hautement recommandée"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Entrez un commentaire optionnel"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N pour changer le nom.\n"
+#~ "C pour changer le commentaire.\n"
+#~ "E pour changer l'adresse e-mail.\n"
+#~ "O pour continuer à générer la clé.\n"
+#~ "Q pour arrêter de générer de clé."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr "Répondez «oui» (ou simplement «o») pour générer la sous-clé"
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Quand vous signez un nom d'utilisateur d'une clé, vous devriez d'abord\n"
+#~ "vérifier que la clé appartient à la personne nommée. Il est utile que\n"
+#~ "les autres personnes sachent avec quel soin vous l'avez vérifié.\n"
+#~ "\n"
+#~ "\"0\" signifie que vous n'avez pas d'opinon.\n"
+#~ "\n"
+#~ "\"1\" signifie que vous croyez que la clé appartient à la personne qui\n"
+#~ "dit la posséder mais vous n'avez pas pu vérifier du tout la clé.\n"
+#~ "C'est utile lorsque vous signez la clé d'un pseudonyme.\n"
+#~ "\n"
+#~ "\"2\" signifie que vous avez un peu vérifié la clé. Par exemple, cela\n"
+#~ "pourrait être un vérification de l'empreinte et du nom de\n"
+#~ "l'utilisateur avec la photo.\n"
+#~ "\n"
+#~ "\"3\" signifie que vous avez complètement vérifié la clé. Par exemple,\n"
+#~ "cela pourrait être une vérification de l'empreinte, du nom de\n"
+#~ "l'utilisateur avec un document difficile à contrefaire (comme un\n"
+#~ "passeport) et de son adresse e-mail (vérifié par un échange de\n"
+#~ "courrier électronique).\n"
+#~ "\n"
+#~ "Notez bien que les exemples donnés ci-dessus pour les niveaux 2 et\n"
+#~ "3 ne sont *que* des exemples.\n"
+#~ "C'est à vous de décider quelle valeur mettre quand vous signez\n"
+#~ "les clés des autres personnes.\n"
+#~ "\n"
+#~ "Si vous ne savez pas quelle réponse est la bonne, répondez \"0\"."
+
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "Répondez «oui» si vous voulez signer TOUS les noms d'utilisateurs"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Répondez «oui» si vous voulez vraiment supprimer ce nom\n"
+#~ "d'utilisateur. Tous les certificats seront alors perdus en même temps !"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Répondez «oui» s'il faut vraiment supprimer la sous-clé"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "C'est une signature valide dans la clé; vous n'avez pas normalement\n"
+#~ "intérêt à supprimer cette signature car elle peut être importante pour\n"
+#~ "établir une connection de confiance vers la clé ou une autre clé "
+#~ "certifiée\n"
+#~ "par celle-là."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Cette signature ne peut pas être vérifiée parce que vous n'avez pas la\n"
+#~ "clé correspondante. Vous devriez remettre sa supression jusqu'à ce que\n"
+#~ "vous soyez sûr de quelle clé a été utilisée car cette clé de signature\n"
+#~ "peut établir une connection de confiance vers une autre clé déjà "
+#~ "certifiée."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr ""
+#~ "Cette signature n'est pas valide. Vous devriez la supprimer de votre\n"
+#~ "porte-clés."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Cette signature relie le nom d'utilisateur à la clé. Habituellement\n"
+#~ "enlever une telle signature n'est pas une bonne idée. En fait GnuPG peut\n"
+#~ "ne plus être capable d'utiliser cette clé. Donc faites ceci uniquement "
+#~ "si\n"
+#~ "cette auto-signature est invalide pour une certaine raison et si une "
+#~ "autre\n"
+#~ "est disponible."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Changer les préférences de tous les noms d'utilisateurs (ou juste\n"
+#~ "ceux qui sont sélectionnés) vers la liste actuelle. La date de toutes\n"
+#~ "les auto-signatures affectées seront avancées d'une seconde.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "Entrez le mot de passe ; c'est une phrase secrète \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr ""
+#~ "Répétez la dernière phrase de passe pour être sûr de ce que vous\n"
+#~ "avez tapé."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Donnez le nom du fichier auquel la signature se rapporte"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Répondez «oui» s'il faut vraiment réécrire le fichier"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Entrez le nouveau nom de fichier. Si vous tapez simplement ENTRÉE le\n"
+#~ "fichier par défaut (indiqué entre crochets) sera utilisé."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Vous devriez donner une raison pour la certification. Selon le contexte\n"
+#~ "vous pouvez choisir dans cette liste:\n"
+#~ " «La clé a été compromise»\n"
+#~ " Utilisez cette option si vous avez une raison de croire que des\n"
+#~ " personnes ont pu accéder à votre clé secrète sans autorisation.\n"
+#~ " «La clé a été remplacée»\n"
+#~ " Utilisez cette option si vous avez remplacé la clé par une "
+#~ "nouvelle.\n"
+#~ " «La clé n'est plus utilisée»\n"
+#~ " Utilisez cette option si cette clé n'a plus d'utilité.\n"
+#~ " «Le nom d'utilisateur n'est plus valide»\n"
+#~ " Utilisez cette option si le nom d'utilisateur ne doit plus être\n"
+#~ " utilisé. Cela sert généralement à indiquer qu'une adresse e-mail\n"
+#~ " est invalide.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Si vous le désirez, vous pouvez entrer un texte qui explique pourquoi "
+#~ "vous\n"
+#~ "avez émis ce certificat de révocation. Essayez de garder ce texte "
+#~ "concis.\n"
+#~ "Une ligne vide délimite la fin du texte.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "impossible de mettre des données de notation dans des signatures v3\n"
+#~ "(de style PGP 2.x)\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr ""
+#~ "impossible de mettres des données de notation dans des signatures de\n"
+#~ "clés v3 (de style PGP 2.x)\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "impossible de mettre une URL de politique dans des signatures v3\n"
+#~ "(de style PGP 2.x)\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "impossible de mettre une URL de politique dans des signatures de clé v3\n"
+#~ "(de style PGP 2.x)\n"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr "voir http://www.gnupg.org/fr/faq.html pour plus d'informations\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "gpg-agent n'est pas disponible dans cette session\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Sélectionnez le type de clé à générer:\n"
+
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr ""
+#~ "l'extension de chiffrement `%s' n'a pas été chargée car ses\n"
+#~ "permissions sont peu sûres\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr ""
+#~ "DSA nécessite l'utilisation d'un algorithme de hachage de 160 bits\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "problème avec l'agent - arrêt d'utilisation de l'agent\n"
+
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "impossible de demander la phrase de passe en mode automatique\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Entrez la phrase de passe: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Répétez la phrase de passe: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [utilisateur] [porte-clés]"
+
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "impossible de générer un nombre premier avec pbits=%u qbits=%u\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "impossible de générer un nombre premier avec moins de %d bits\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "aucun module de récupération d'entropie n'a été trouvé.\n"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "impossible de verrouiller `%s'\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "impossible d'accéder à `%s': %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "`%s' n'est pas un fichier régulier - ignoré\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "note: le fichier `random_seed' est vide\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr ""
+#~ "AVERTISSEMENT: la taille du fichier `random_seed' est invalide.\n"
+#~ "Celui-ci ne sera pas utilisé.\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "impossible de lire `%s': %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "note: le fichier `random_seed' n'a pas été mis à jour\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "impossible d'écrire `%s': %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "impossible de fermer `%s': %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr ""
+#~ "ATTENTION: utilisation d'un générateur de nombres aléatoires peu sûr !!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Le générateur de nombres aléatoires n'est qu'un artifice visant à "
+#~ "exécuter\n"
+#~ "GnuPG - ce n'est en aucune manière un générateur (RNG) fort!\n"
+#~ "\n"
+#~ "N'UTILISEZ PAS LES DONNÉES GÉNÉRÉES PAR CE PROGRAMME !!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Attendez s'il vous plaît que l'entropie soit récupérée. Vous pouvez\n"
+#~ "faire autre chose pour ne pas vous ennuyer, car cela donnera une\n"
+#~ "meilleure qualité à l'entropie.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Il n'y a pas assez d'octets aléatoires disponibles. Faites autre chose\n"
+#~ "pour que l'OS puisse amasser plus d'entropie ! (il faut %d octets de "
+#~ "plus)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "la clé secrète n'est pas disponible"
+
+#~ msgid "Please insert the card and hit return or enter 'c' to cancel: "
+#~ msgstr "Insérez la carte et tapez entrée ou entrez 'c' pour annuler: "
+
+#~ msgid "Hit return when ready or enter 'c' to cancel: "
+#~ msgstr "Tapez entrée quand vous êtes prêt ou entrez 'c' pour annuler: "
+
+#~ msgid "Enter New Admin PIN: "
+#~ msgstr "Entrez le nouveau code PIN admin: "
+
+#~ msgid "Enter New PIN: "
+#~ msgstr "Entrez le nouveau code PIN: "
+
+#~ msgid "Enter Admin PIN: "
+#~ msgstr "Entrez le code PIN admin: "
+
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "NOTE: %s n'est pas disponible dans cette version\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "algorithmes indisponibles sur ces noms d'utilisateurs:\n"
+
+#~ msgid "general error"
+#~ msgstr "erreur générale"
+
+#~ msgid "unknown packet type"
+#~ msgstr "type de paquet inconnu"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "algorithme à clé publique inconnu"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "algorithme de hachage inconnu"
+
+#~ msgid "bad public key"
+#~ msgstr "mauvaise clé publique"
+
+#~ msgid "bad secret key"
+#~ msgstr "mauvaise clé secrète"
+
+#~ msgid "bad signature"
+#~ msgstr "mauvaise signature"
+
+#~ msgid "checksum error"
+#~ msgstr "somme de contrôle erronée"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "impossible d'ouvrir le porte-clés"
+
+#~ msgid "invalid packet"
+#~ msgstr "paquet invalide"
+
+#~ msgid "invalid armor"
+#~ msgstr "armure invalide"
+
+#~ msgid "no such user id"
+#~ msgstr "pas d'utilisateur de ce nom"
+
+#~ msgid "secret key not available"
+#~ msgstr "la clé secrète n'est pas disponible"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "mauvaise clé secrète utilisée"
+
+#~ msgid "not supported"
+#~ msgstr "non supporté"
+
+#~ msgid "bad key"
+#~ msgstr "mauvaise clé"
+
+#~ msgid "file write error"
+#~ msgstr "erreur d'écriture"
+
+#~ msgid "file open error"
+#~ msgstr "erreur d'ouverture de fichier"
+
+#~ msgid "file create error"
+#~ msgstr "erreur de création de fichier"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "phrase de passe invalide"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "algorithme à clé publique non implanté"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "algorithme de chiffrement non implanté"
+
+#~ msgid "unknown signature class"
+#~ msgstr "classe de signature inconnue"
+
+#~ msgid "trust database error"
+#~ msgstr "erreur dans la base de confiance"
+
+#~ msgid "resource limit"
+#~ msgstr "limite de ressources atteinte"
+
+#~ msgid "invalid keyring"
+#~ msgstr "porte-clés invalide"
+
+#~ msgid "malformed user id"
+#~ msgstr "nom d'utilisateur malformé"
+
+#~ msgid "file close error"
+#~ msgstr "erreur de fermeture de fichier"
+
+#~ msgid "file rename error"
+#~ msgstr "erreur pendant le changement de nom du fichier"
+
+#~ msgid "file delete error"
+#~ msgstr "erreur pendant la suppression du fichier"
+
+#~ msgid "unexpected data"
+#~ msgstr "données inattendues"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "conflit de dates"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "algorithme de clés publiques inutilisable"
+
+#~ msgid "file exists"
+#~ msgstr "le fichier existe"
+
+#~ msgid "weak key"
+#~ msgstr "clé faible"
+
+#~ msgid "bad URI"
+#~ msgstr "mauvaise adresse (URI)"
+
+#~ msgid "unsupported URI"
+#~ msgstr "URI non supportée"
+
+#~ msgid "network error"
+#~ msgstr "erreur de réseau"
+
+#~ msgid "not processed"
+#~ msgstr "non traité"
+
+#~ msgid "unusable public key"
+#~ msgstr "clé publique inutilisable"
+
+#~ msgid "unusable secret key"
+#~ msgstr "clé secrète inutilisable"
+
+#~ msgid "keyserver error"
+#~ msgstr "erreur du serveur de clés"
+
+#~ msgid "no card"
+#~ msgstr "pas de carte"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "pas de données signées\n"
+
+#~ msgid "ERROR: "
+#~ msgstr "ERREUR: "
+
+#~ msgid "WARNING: "
+#~ msgstr "AVERTISSEMENT: "
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... c'est un bug (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "AVERTISSEMENT: l'utilisation de la mémoire n'est pas sûre !\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr ""
+#~ "l'opération n'est pas possible tant que la mémoire sûre n'est pas\n"
+#~ "initialisée\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(vous avez peut-être utilisé un programme non adapté à cette fin)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr ""
+#~ "voir http://www.gnupg.org/fr/why-not-idea.html pour plus d'informations\n"
+
+#~ msgid "expired: %s)"
+#~ msgstr "expirée: %s)"
diff --git a/po/gl.gmo b/po/gl.gmo
new file mode 100644
index 0000000..1cd9f2a
--- /dev/null
+++ b/po/gl.gmo
Binary files differ
diff --git a/po/gl.po b/po/gl.po
new file mode 100644
index 0000000..ad473b3
--- /dev/null
+++ b/po/gl.po
@@ -0,0 +1,10327 @@
+# Galician translation of GNUpg
+# Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
+# Jacobo Tarrio <jtarrio@trasno.net>, 2001, 2002, 2003.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.2.4\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2003-12-04 11:39+0100\n"
+"Last-Translator: Jacobo Tarrio <jtarrio@trasno.net>\n"
+"Language-Team: Galician <gpul-traduccion@ceu.fi.udc.es>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=iso-8859-1\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr ""
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "liña longa de máis\n"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "contrasinal demasiado longo\n"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Caracter non válido no nome\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "MPI erróneo"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "contrasinal erróneo"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "contrasinal erróneo"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "o algoritmo de protección %d%s non está soportado\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "non se pode crear `%s': %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "non se puido abrir `%s': %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "erro escribindo no chaveiro secreto `%s': %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "non se atopou un chaveiro privado no que se poida escribir: %s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "fallou o borrado do bloque de chaves: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "erro escribindo no chaveiro `%s': %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "cambia-lo contrasinal"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: fallo ao crear unha táboa hash: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+#, fuzzy
+msgid "Admin PIN"
+msgstr "Introduza o ID de usuario: "
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Repita o contrasinal: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Repita o contrasinal: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Repita o contrasinal: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "o contrasinal non se repetiu correctamente; ténteo de novo"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "o contrasinal non se repetiu correctamente; ténteo de novo"
+
+#: agent/divert-scd.c:298
+#, fuzzy
+msgid "PIN not correctly repeated; try again"
+msgstr "o contrasinal non se repetiu correctamente; ténteo de novo"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr ""
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "escribindo a `%s'\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "Introduza o contrasinal\n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "¿Empregar esta chave de tódolos xeitos?"
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"Necesita un contrasinal para protexe-la súa chave secreta.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "cambia-lo contrasinal"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opcións:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "lareto"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "ser un pouquiño máis calado"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "buscar chaves nun servidor de chaves"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr ""
+"¿Seguro que quere actualiza-las preferencias dos IDs de usuario "
+"seleccionados? "
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "actualiza-la base de datos de confianza"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr ""
+"Por favor, informe dos erros no programa a <gnupg-bugs@gnu.org>,\n"
+"e dos erros na traducción a <proxecto@trasno.net>.\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "NOTA: non existe o ficheiro de opcións por defecto `%s'\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "ficheiro de opcións `%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "lendo as opcións de `%s'\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "erro ao crear `%s': %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "non se pode crea-lo directorio `%s': %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "non foi posible crear %s: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, fuzzy, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "Revocación de certificado válida"
+
+#: agent/gpg-agent.c:1525
+#, fuzzy
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "gpg-agent non está dispoñible nesta sesión\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "erro ao enviar a `%s': %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "a actualización fallou: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "gravando a chave secreta en `%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, fuzzy, c-format
+msgid "directory `%s' created\n"
+msgstr "%s: directorio creado\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "base de datos de confianza: fallou a lectura (n=%d): %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "%s: non foi posible crear un directorio: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "o segredo da actualización fallou: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "\t%lu chaves omitidas\n"
+
+#: agent/gpg-agent.c:2232
+#, fuzzy
+msgid "no gpg-agent running in this session\n"
+msgstr "gpg-agent non está dispoñible nesta sesión\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "variable de ambiente GPG_AGENT_INFO mal formada\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "a versión %d do protocolo de gpg-agent non está soportada\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Comandos:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opcións:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "contrasinal erróneo"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "Cancelar"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "non se atopou a chave `%s': %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "hai partes da chave secreta non dispoñibles\n"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "erro de lectura: %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "si|sim"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "cambia-lo contrasinal"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "non se puido abrir un ficheiro: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "erro escribindo no chaveiro secreto `%s': %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "erro ao crear `%s': %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "%s: usuario non atopado\n"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent non está dispoñible nesta sesión\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "non se puido conectar a `%s': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "problema de comunicación con gpg-agent\n"
+
+#: common/simple-pwquery.c:416
+#, fuzzy
+msgid "problem setting the gpg-agent options\n"
+msgstr "problema co axente: o axente voltou coa resposta 0x%lx\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "cancelado polo usuario\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+#, fuzzy
+msgid "problem with the agent\n"
+msgstr "problema co axente: o axente voltou coa resposta 0x%lx\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "non é posible deshabilita-los volcados de 'core': %s\n"
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "AVISO: propiedade insegura en %s \"%s\"\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "AVISO: permisos inseguros en %s \"%s\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "si|sim"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "sS"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "non|nom"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "abandonar"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "aA"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+#, fuzzy
+msgid "cC"
+msgstr "v"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "Certificado correcto"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "Certificado correcto"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "Certificado correcto"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "Certificado correcto"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "Certificado correcto"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "Certificado correcto"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "Revocación de certificado válida"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr ""
+"Non se atoparon certificados con confianza non definida.\n"
+"\n"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "Chave dispoñible en: "
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: chaveiro creado\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "armadura: %s\n"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Algoritmos soportados:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "non cifrado"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "algoritmo de hash non válido `%s'\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "A sinatura caducou o %s\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "algoritmo de hash non válido `%s'\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "o algoritmo de protección %d%s non está soportado\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "verificación de sinatura suprimida\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "A sinatura caducou o %s\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "Sinatura correcta de \""
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "algoritmo de hash non válido `%s'\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "A sinatura caducou o %s\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "Revocación de certificado válida"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr ""
+"Non se atoparon certificados con confianza non definida.\n"
+"\n"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "Certificado correcto"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Chave dispoñible en: "
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "Certificado correcto"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "Certificado non válido"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "versión descoñecida"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "Non hai axuda dispoñible para `%s'"
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "error nunha liña adicional\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "descoñecido"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "armadura: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "cabeceira de armadura non válida: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "cabeceira de armadura: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "cabeceira de sinatura en claro non válida\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "cabeceira de armadura: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "sinaturas en texto claro aniñadas\n"
+
+#: g10/armor.c:643
+#, fuzzy
+msgid "unexpected armor: "
+msgstr "armadura inesperada:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "liña escapada cunha barra non válida: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, fuzzy, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "carácter radix64 non válido %02x omitido\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "fin de ficheiro prematura (non hai CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "fin de ficheiro prematura (no CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "CRC mal formado\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, fuzzy, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "Erro de CRC; %06lx - %06lx\n"
+
+#: g10/armor.c:919
+#, fuzzy
+msgid "premature eof (in trailer)\n"
+msgstr "fin de ficheiro prematura (nas liñas adicionais)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "error nunha liña adicional\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "non se atoparon datos OpenPGP válidos.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "armadura incorrecta: liña máis longa ca %d caracteres\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"carácter quoted-printable na armadura - seguramente empregouse un MTA con "
+"erros\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"un nome de notación só debe ter caracteres imprimibles ou espacios, e debe "
+"rematar en '='\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "un nome de notación de usuario debe conte-lo carácter '@'\n"
+
+#: g10/build-packet.c:994
+#, fuzzy
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "un nome de notación de usuario debe conte-lo carácter '@'\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "un valor de notación non pode empregar ningún carácter de control\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "AVISO: atopáronse datos de notación non válidos\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "non lexible por humanos"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, fuzzy, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "a chave secreta non está dispoñible"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr ""
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+#, fuzzy
+msgid "can't do this in batch mode\n"
+msgstr "non se pode facer iso no modo por lotes\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "Non se admite este comando no modo %s.\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "hai partes da chave secreta non dispoñibles\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "¿A súa selección? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr ""
+
+#: g10/card-util.c:512
+#, fuzzy
+msgid "male"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "female"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "unspecified"
+msgstr "Non se especificou un motivo"
+
+#: g10/card-util.c:540
+#, fuzzy
+msgid "not forced"
+msgstr "non procesado"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr ""
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr ""
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr ""
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr ""
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:693
+#, fuzzy
+msgid "URL to retrieve public key: "
+msgstr "non hai unha chave pública correspondente: %s\n"
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "erro ao crea-lo chaveiro `%s': %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "erro escribindo no chaveiro `%s': %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr ""
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:1005
+#, fuzzy
+msgid "Language preferences: "
+msgstr "preferencias actualizadas"
+
+#: g10/card-util.c:1013
+#, fuzzy
+msgid "Error: invalid length of preference string.\n"
+msgstr "caracter non válido na cadea de preferencias\n"
+
+#: g10/card-util.c:1022
+#, fuzzy
+msgid "Error: invalid characters in preference string.\n"
+msgstr "caracter non válido na cadea de preferencias\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr ""
+
+#: g10/card-util.c:1058
+#, fuzzy
+msgid "Error: invalid response.\n"
+msgstr "erro: pegada dactilar non válida\n"
+
+#: g10/card-util.c:1080
+#, fuzzy
+msgid "CA fingerprint: "
+msgstr "Pegada dactilar:"
+
+#: g10/card-util.c:1103
+#, fuzzy
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "erro: pegada dactilar non válida\n"
+
+#: g10/card-util.c:1153
+#, fuzzy, c-format
+msgid "key operation not possible: %s\n"
+msgstr "A xeración da chave fallou: %s\n"
+
+#: g10/card-util.c:1154
+#, fuzzy
+msgid "not an OpenPGP card"
+msgstr "non se atoparon datos OpenPGP válidos.\n"
+
+#: g10/card-util.c:1167
+#, fuzzy, c-format
+msgid "error getting current key info: %s\n"
+msgstr "erro escribindo no chaveiro secreto `%s': %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "¿Qué tamaño de chave quere? (1024) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "¿Qué tamaño de chave quere? (1024) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "¿Qué tamaño de chave quere? (1024) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "redondeado a %u bits\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "erro ao enviar a `%s': %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "omítese: a chave secreta xa está presente\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+
+#: g10/card-util.c:1449
+#, fuzzy
+msgid "Please select the type of key to generate:\n"
+msgstr "Por favor, seleccione o tipo de chave que quere:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+#, fuzzy
+msgid " (1) Signature key\n"
+msgstr "A sinatura caducou o %s\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+#, fuzzy
+msgid " (2) Encryption key\n"
+msgstr " (%d) RSA (só cifrar)\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr ""
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Selección non válida.\n"
+
+#: g10/card-util.c:1556
+#, fuzzy
+msgid "Please select where to store the key:\n"
+msgstr "Por favor, escolla o motivo da revocación:\n"
+
+#: g10/card-util.c:1600
+#, fuzzy
+msgid "unknown key protection algorithm\n"
+msgstr "algoritmo de protección descoñecido\n"
+
+#: g10/card-util.c:1605
+#, fuzzy
+msgid "secret parts of key are not available\n"
+msgstr "as partes secretas da chave primaria non están dispoñibles.\n"
+
+#: g10/card-util.c:1610
+#, fuzzy
+msgid "secret key already stored on a card\n"
+msgstr "omítese: a chave secreta xa está presente\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "erro escribindo no chaveiro `%s': %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "saír deste menú"
+
+#: g10/card-util.c:1684
+#, fuzzy
+msgid "show admin commands"
+msgstr "comandos conflictivos\n"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "amosar esta axuda"
+
+#: g10/card-util.c:1687
+#, fuzzy
+msgid "list all available data"
+msgstr "Chave dispoñible en: "
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr ""
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr ""
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr ""
+
+#: g10/card-util.c:1693
+#, fuzzy
+msgid "change the login name"
+msgstr "cambia-la fecha de expiración"
+
+#: g10/card-util.c:1694
+#, fuzzy
+msgid "change the language preferences"
+msgstr "cambia-la confianza sobre o dono"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr ""
+
+#: g10/card-util.c:1696
+#, fuzzy
+msgid "change a CA fingerprint"
+msgstr "amosar fingerprint"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+#, fuzzy
+msgid "generate new keys"
+msgstr "xerar un novo par de chaves"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr ""
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+#, fuzzy
+msgid "Admin-only command\n"
+msgstr "comandos conflictivos\n"
+
+#: g10/card-util.c:1895
+#, fuzzy
+msgid "Admin commands are allowed\n"
+msgstr "comandos conflictivos\n"
+
+#: g10/card-util.c:1897
+#, fuzzy
+msgid "Admin commands are not allowed\n"
+msgstr "gravando a chave secreta en `%s'\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Comando incorrecto (tente \"help\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output non traballa con este comando\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "non se puido abrir `%s'\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, fuzzy, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "non se atopou a chave `%s': %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "erro ao le-lo bloque de chaves: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(a menos que especifique a chave por pegada dactilar)\n"
+
+#: g10/delkey.c:133
+#, fuzzy
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr ""
+"iso non se pode facer no modo de procesamento por lotes sen \"--yes\"\n"
+
+#: g10/delkey.c:145
+#, fuzzy
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "¿Borrar esta chave do chaveiro? "
+
+#: g10/delkey.c:153
+#, fuzzy
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "¡Esta é unha chave secreta! - ¿está seguro de que quere borrala? "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "fallou o borrado do bloque de chaves: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "borrouse a información de confianza\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "¡hai unha chave secreta para a chave pública \"%s\"!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "empregue a opción \"--delete-secret-keys\" para borrala primeiro.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "non se pode empregar un paquete simétrico ESK debido ao modo S2K\n"
+
+#: g10/encode.c:246
+#, fuzzy, c-format
+msgid "using cipher %s\n"
+msgstr "fallou a sinatura: %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "`%s' xa está comprimido\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "AVISO: `%s' é un ficheiro baleiro\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr "só pode cifrar a chaves RSA de 2048 bits ou menos en modo --pgp2\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "lendo de `%s'\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"non se puido emprega-la cifra IDEA para tódalas chaves ás que está a "
+"cifrar.\n"
+
+#: g10/encode.c:559
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"forza-la cifra simétrica %s (%d) viola as preferencias do destinatario\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"forza-lo algoritmo de compresión %s (%d) viola as preferencias do "
+"destinatario\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"forza-la cifra simétrica %s (%d) viola as preferencias do destinatario\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "non se pode empregar %s no modo %s\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s cifrado para: \"%s\"\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "datos cifrados con %s\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "cifrado cun algoritmo descoñecido %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr "AVISO: cifrouse a mensaxe cunha chave feble no cifrado simétrico.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "problema ao manexa-lo paquete cifrado\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "non se soporta a execución remota de programas\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"as chamadas a programas externos están desactivadas debido a opcións de "
+"permisos de ficheiros non seguras\n"
+
+#: g10/exec.c:338
+#, fuzzy
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"esta plataforma precisa de ficheiros temporais ao chamar a programas "
+"externos\n"
+
+#: g10/exec.c:416
+#, fuzzy, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "non se puido executar %s \"%s\": %s\n"
+
+#: g10/exec.c:419
+#, fuzzy, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "non se puido executar %s \"%s\": %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "erro do sistema ao chamar a un programa externo: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "saída non natural do programa externo\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "non se puido executar un programa externo\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "non se puido le-la resposta do programa externo: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "AVISO: non se puido borra-lo ficheiro temporal (%s) `%s': %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "AVISO: non se puido elimina-lo directorio temporal `%s': %s\n"
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr ""
+"\n"
+"A sinatura hase marcar coma non revocable.\n"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+#, fuzzy
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "non se atoparon chaves de revocación para `%s'\n"
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr "revocar unha chave secundaria"
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "chave secreta non utilizable"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+#, fuzzy
+msgid "exporting secret keys not allowed\n"
+msgstr "gravando a chave secreta en `%s'\n"
+
+#: g10/export.c:367
+#, fuzzy, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "chave %08lX: non está protexida - omitida\n"
+
+#: g10/export.c:375
+#, fuzzy, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "chave %08lX: chave estilo PGP 2.x - omitida\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "chave %08lX: sinatura da sub-chave nun lugar incorrecto - omitida\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
+
+#: g10/export.c:584
+#, fuzzy, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr ""
+"AVISO: a chave secreta %08lX non ten unha suma de comprobación SK simple\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "AVISO: non se exportou nada\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "demasiadas entradas na caché de chaves públicas - desactivada\n"
+
+#: g10/getkey.c:175
+#, fuzzy
+msgid "[User ID not found]"
+msgstr "[Non se atopou o id de usuario]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "erro ao crear `%s': %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "Pegada dactilar:"
+
+#: g10/getkey.c:1930
+#, fuzzy, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"Chave %08lX non válida convertida en válida por --allow-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, fuzzy, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr ""
+"non hai unha sub-chave secreta para a sub-chave pública %08lX - ignórase\n"
+
+#: g10/getkey.c:2759
+#, fuzzy, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "emprégase a chave secundaria %08lX no canto da primaria %08lX\n"
+
+#: g10/getkey.c:2806
+#, fuzzy, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "chave %08lX: chave secreta sen chave pública - omitida\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "facer unha sinatura separada"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[ficheiro]|facer unha sinatura en texto claro"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "facer unha sinatura separada"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "cifrar datos"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "cifrar só con cifrado simétrico"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "descifrar datos (por defecto)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "verificar unha sinatura"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "ve-la lista de chaves"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "ve-la lista de chaves e sinaturas"
+
+#: g10/gpg.c:389
+#, fuzzy
+msgid "list and check key signatures"
+msgstr "verifica-las sinaturas das chaves"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "ve-la lista de chaves e pegadas dactilares"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "ve-la lista de chaves secretas"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "xerar un novo par de chaves"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "xerar un certificado de revocación"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "borrar chaves do chaveiro público"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "borrar chaves do chaveiro secreto"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "asinar unha chave"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "asinar unha chave localmente"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "asinar ou editar unha chave"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "cambia-lo contrasinal"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "exportar chaves"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "exportar chaves a un servidor de chaves"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "importar chaves dun servidor de chaves"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "buscar chaves nun servidor de chaves"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "actualizar tódalas chaves dun servidor de chaves"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "importar/mesturar chaves"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr ""
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr ""
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr ""
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "actualiza-la base de datos de confianza"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|algo [ficheiros]|visualizar resumos de mensaxes"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "crear saída con armadura en ascii"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|NOME|cifrar para NOME"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "empregar este id de usuario para asinar ou descifrar"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|axusta-lo nivel de compresión a N (0 desactiva)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "usar modo de texto canónico"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "non facer ningún cambio"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "avisar antes de sobrescribir"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr ""
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Vexa a páxina man para un listado completo de comandos e opcións)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Exemplos:\n"
+"\n"
+" -se -r Bob [ficheiro] asinar e cifrar para o usuario Bob\n"
+" --clearsgn [ficheiro] facer unha sinatura en texto claro\n"
+" --detach-sign [ficheiro] facer unha sinatura separada\n"
+" --list-keys [nomes] amosa-las chaves\n"
+" --fingerprint [nomes] amosa-las pegadas dactilares\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintaxe: gpg [opcións] [ficheiros]\n"
+"asinar, verificar, cifrar ou descifrar\n"
+"a operación por defecto depende dos datos de entrada\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Algoritmos soportados:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Pública: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Cifra: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Hash: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Compresión: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "uso: gpg [opcións] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "comandos conflictivos\n"
+
+#: g10/gpg.c:1176
+#, fuzzy, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "non se atopou un signo = na definición do grupo \"%s\"\n"
+
+#: g10/gpg.c:1373
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "AVISO: propiedade insegura en %s \"%s\"\n"
+
+#: g10/gpg.c:1376
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "AVISO: propiedade insegura en %s \"%s\"\n"
+
+#: g10/gpg.c:1379
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "AVISO: propiedade insegura en %s \"%s\"\n"
+
+#: g10/gpg.c:1385
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "AVISO: permisos inseguros en %s \"%s\"\n"
+
+#: g10/gpg.c:1388
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "AVISO: permisos inseguros en %s \"%s\"\n"
+
+#: g10/gpg.c:1391
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "AVISO: permisos inseguros en %s \"%s\"\n"
+
+#: g10/gpg.c:1397
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "AVISO: propiedade do directorio contedor insegura en %s \"%s\"\n"
+
+#: g10/gpg.c:1400
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr "AVISO: propiedade do directorio contedor insegura en %s \"%s\"\n"
+
+#: g10/gpg.c:1403
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "AVISO: propiedade do directorio contedor insegura en %s \"%s\"\n"
+
+#: g10/gpg.c:1409
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "AVISO: permisos do directorio contedor inseguros en %s \"%s\"\n"
+
+#: g10/gpg.c:1412
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr "AVISO: permisos do directorio contedor inseguros en %s \"%s\"\n"
+
+#: g10/gpg.c:1415
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "AVISO: permisos do directorio contedor inseguros en %s \"%s\"\n"
+
+#: g10/gpg.c:1595
+#, fuzzy, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr " creouse un novo ficheiro de configuración `%s'\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+#, fuzzy
+msgid "show all notations during signature listings"
+msgstr "Non hai unha sinatura correspondiente no chaveiro secreto\n"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "o URL de normativa de sinaturas dado non é válido\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr "amosar en que chaveiro está unha chave listada"
+
+#: g10/gpg.c:1721
+#, fuzzy
+msgid "show expiration dates during signature listings"
+msgstr "Non hai unha sinatura correspondiente no chaveiro secreto\n"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "NOTA: ignórase o antigo ficheiro de opcións por defecto `%s'\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "NOTA: ¡%s non é para uso normal!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, fuzzy, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "%s non é un xogo de caracteres válido\n"
+
+#: g10/gpg.c:2624
+#, fuzzy, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "%s non é un xogo de caracteres válido\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+#, fuzzy
+msgid "could not parse keyserver URL\n"
+msgstr "non se puido analisa-lo URI do servidor de chaves\n"
+
+#: g10/gpg.c:2659
+#, fuzzy, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: opcións de exportación non válidas\n"
+
+#: g10/gpg.c:2662
+#, fuzzy
+msgid "invalid keyserver options\n"
+msgstr "opcións de exportación non válidas\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: opcións de importación non válidas\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "opcións de importación non válidas\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: opcións de exportación non válidas\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "opcións de exportación non válidas\n"
+
+#: g10/gpg.c:2689
+#, fuzzy, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: opcións de importación non válidas\n"
+
+#: g10/gpg.c:2692
+#, fuzzy
+msgid "invalid list options\n"
+msgstr "opcións de importación non válidas\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "%s non é un xogo de caracteres válido\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "o URL de normativa de sinaturas dado non é válido\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "%s non é un xogo de caracteres válido\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "%s non é un xogo de caracteres válido\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, fuzzy, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: opcións de exportación non válidas\n"
+
+#: g10/gpg.c:2732
+#, fuzzy
+msgid "invalid verify options\n"
+msgstr "opcións de exportación non válidas\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "non se puido estabrecer exec-path a %s\n"
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: opcións de exportación non válidas\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "AVISO: ¡o programa pode crear un ficheiro 'core'!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "AVISO: %s fai que se ignore %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "¡%s non se admite con %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "¡%s non ten sentido empregándoo con %s!\n"
+
+#: g10/gpg.c:3057
+#, fuzzy, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "gravando a chave secreta en `%s'\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "só pode crear sinaturas separadas ou en claro no modo --pgp2\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "non pode asinar e cifrar ao mesmo tempo no modo --pgp2\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+"debe empregar ficheiros (e non canalizacións) ao traballar con --pgp2 "
+"activado.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "para cifrar unha mensaxe en modo --pgp2 precísase da cifra IDEA\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "o algoritmo de cifrado seleccionado non é válido\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "o algoritmo de resumo seleccionado non é válido\n"
+
+#: g10/gpg.c:3175
+#, fuzzy
+msgid "selected compression algorithm is invalid\n"
+msgstr "o algoritmo de cifrado seleccionado non é válido\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "o algoritmo de resumo de certificación seleccionado non é válido\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed debe ser superior a 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed debe ser superior a 1\n"
+
+#: g10/gpg.c:3200
+#, fuzzy
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth debe valer entre 1 e 255\n"
+
+#: g10/gpg.c:3202
+#, fuzzy
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "nivel de comprobación por defecto non válido; debe ser 0, 1, 2 ou 3\n"
+
+#: g10/gpg.c:3204
+#, fuzzy
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "nivel de comprobación por defecto non válido; debe ser 0, 1, 2 ou 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "NOTA: desaconséllase encarecidamente o modo S2K simple (0)\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "modo S2K non válido; debe ser 0, 1 ou 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "preferencias por defecto non válidas\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "preferencias de cifrado personais non válidas\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "preferencias de resumo personais non válidas\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "preferencias de compresión personais non válidas\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "¡%s aínda non traballa con %s!\n"
+
+#: g10/gpg.c:3310
+#, fuzzy, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "non se pode empregar o algoritmo de cifrado \"%s\" no modo %s\n"
+
+#: g10/gpg.c:3315
+#, fuzzy, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "non se pode empregar o algoritmo de resumo \"%s\" no modo %s\n"
+
+#: g10/gpg.c:3320
+#, fuzzy, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "non se pode empregar o algoritmo de compresión \"%s\" no modo %s\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"AVISO: deronse destinatarios (-r) sen empregar cifrado de chave pública\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [ficheiro]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [ficheiro]"
+
+#: g10/gpg.c:3447
+#, fuzzy, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "o descifrado fallou: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [ficheiro]"
+
+#: g10/gpg.c:3470
+#, fuzzy
+msgid "--symmetric --encrypt [filename]"
+msgstr "--sign --encrypt [ficheiro]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "non se pode empregar %s no modo %s\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [ficheiro]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [ficheiro]"
+
+#: g10/gpg.c:3521
+#, fuzzy
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--sign --encrypt [ficheiro]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "non se pode empregar %s no modo %s\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [ficheiro]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [ficheiro]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [ficheiro]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key id-de-usuario"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key id-de-usuario"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key id-de-usuario [comandos]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key id-de-usuario"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "o envío ao servidor de chaves fallou: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "a recepción do servidor de chaves fallou: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "a exportación da chave fallou: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "a busca no servidor de chaves fallou fallou: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "a actualización no servidor de chaves fallou: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "non se puido quita-la armadura: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "non se puido poñe-la armadura: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "algoritmo de hash non válido `%s'\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[ficheiro]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Escriba a súa mensaxe ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "o URL de normativa de certificación dado non é válido\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "o URL de normativa de sinaturas dado non é válido\n"
+
+#: g10/gpg.c:4358
+#, fuzzy
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "o URL de normativa de sinaturas dado non é válido\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "toma-las chaves deste chaveiro"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "converte-los conflictos de selo de data nun aviso"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|DF|escribi-la información de estado a este DF"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Uso: gpgv [opcións] [ficheiros] (-h para ve-la axuda)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Sintaxe: gpg [opcións] [ficheiros]\n"
+"Comproba as sinaturas contra chaves de confianza coñecidas\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Non hai axuda dispoñible"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Non hai axuda dispoñible para `%s'"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "actualiza-la base de datos de confianza"
+
+#: g10/import.c:100
+#, fuzzy
+msgid "create a public key when importing a secret key"
+msgstr "¡a chave pública con coincide coa chave secreta!\n"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "chave secreta non utilizable"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "pasando por alto un bloque de tipo %d\n"
+
+#: g10/import.c:275
+#, fuzzy, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu chaves procesadas hasta polo momento\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Número total procesado: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr "novas chaves omitidas: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " sin IDs de usuario: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importadas: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " sin cambios: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " novos IDs de usuario: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " novas sub-chaves: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " novas sinaturas: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " novas revocacións de chaves: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr "chaves secretas lidas: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr "chaves secretas importadas: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr "chaves secretas sin cambios: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " non importadas: %lu\n"
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " novas sinaturas: %lu\n"
+
+#: g10/import.c:325
+#, fuzzy, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr "chaves secretas lidas: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:662
+#, fuzzy, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr "Sinatura %s, algoritmo de resumo %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, fuzzy, c-format
+msgid "key %s: no user ID\n"
+msgstr "chave %08lX: non hai ID de usuario\n"
+
+#: g10/import.c:795
+#, fuzzy, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "chave %08lX: arranxouse a corrupción da sub-chave HKP\n"
+
+#: g10/import.c:810
+#, fuzzy, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "chave %08lX: aceptouse o ID de usuario '%s' sen auto-sinatura\n"
+
+#: g10/import.c:816
+#, fuzzy, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "chave %08lX: non hai IDs de usuario válidos\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "isto pode ser causado por unha auto-sinatura que falta\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, fuzzy, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "chave %08lX: chave pública non atopada: %s\n"
+
+#: g10/import.c:834
+#, fuzzy, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "chave %08lX: nova chave - omitida\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "non se atopou un chaveiro no que se poida escribir: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "escribindo a `%s'\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "erro escribindo no chaveiro `%s': %s\n"
+
+#: g10/import.c:871
+#, fuzzy, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "chave %08lX: chave pública \"%s\" importada\n"
+
+#: g10/import.c:895
+#, fuzzy, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "chave %08lX: non coincide coa nosa copia\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, fuzzy, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr ""
+"chave %08lX: non foi posible localiza-lo bloque de chaves original:\n"
+"%s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, fuzzy, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr ""
+"chave %08lX: non foi posible le-lo bloque de chaves original:\n"
+"%s\n"
+
+#: g10/import.c:962
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "chave %08lX: \"%s\" 1 novo ID de usuario\n"
+
+#: g10/import.c:965
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "chave %08lX: \"%s\" %d novos IDs de usuario\n"
+
+#: g10/import.c:968
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "chave %08lX: \"%s\" 1 nova sinatura\n"
+
+#: g10/import.c:971
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "chave %08lX: \"%s\" %d novas sinaturas\n"
+
+#: g10/import.c:974
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "chave %08lX: \"%s\" 1 nova sub-chave\n"
+
+#: g10/import.c:977
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "chave %08lX: \"%s\" %d novas sub-chaves\n"
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "chave %08lX: \"%s\" %d novas sinaturas\n"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "chave %08lX: \"%s\" %d novas sinaturas\n"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "chave %08lX: \"%s\" %d novos IDs de usuario\n"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "chave %08lX: \"%s\" %d novos IDs de usuario\n"
+
+#: g10/import.c:1013
+#, fuzzy, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "chave %08lX: \"%s\" sen cambios\n"
+
+#: g10/import.c:1185
+#, fuzzy, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "chave %08lX: chave secreta cunha cifra %d non válida - omitida\n"
+
+#: g10/import.c:1196
+#, fuzzy
+msgid "importing secret keys not allowed\n"
+msgstr "gravando a chave secreta en `%s'\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "non hai un chaveiro privado por defecto: %s\n"
+
+#: g10/import.c:1224
+#, fuzzy, c-format
+msgid "key %s: secret key imported\n"
+msgstr "chave %08lX: chave secreta importada\n"
+
+#: g10/import.c:1254
+#, fuzzy, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "chave %08lX: xa estaba no chaveiro secreto\n"
+
+#: g10/import.c:1264
+#, fuzzy, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "chave %08lX: chave secreta non atopada: %s\n"
+
+#: g10/import.c:1296
+#, fuzzy, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"chave %08lX: non hai chave pública - non se pode aplica-lo\n"
+"certificado de revocación\n"
+
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr ""
+"chave %08lX: certificado de revocación incorrecto:\n"
+"%s - rechazado\n"
+
+#: g10/import.c:1371
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "chave %08lX: \"%s\" certificado de revocación importado\n"
+
+#: g10/import.c:1447
+#, fuzzy, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "chave %08lX: non hai ID de usuario para a sinatura\n"
+
+#: g10/import.c:1464
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"chave %08lX: algoritmo de chave pública non soportado no ID de usuario \"%s"
+"\"\n"
+
+#: g10/import.c:1466
+#, fuzzy, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr ""
+"chave %08lX: auto-sinatura non válida no identificadr de usuario \"%s\"\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "chave %08lX: algoritmo de chave pública non soportado\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "chave %08lX: engadiuse unha sinatura de chave directa\n"
+
+#: g10/import.c:1498
+#, fuzzy, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "chave %08lX: non hai sub-chave para a ligazón da chave\n"
+
+#: g10/import.c:1511
+#, fuzzy, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "chave %08lX: ligazón de sub-chave incorrecta\n"
+
+#: g10/import.c:1527
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "chave %08lX: eliminouse unha ligazón de sub-chave múltiple\n"
+
+#: g10/import.c:1549
+#, fuzzy, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "chave %08lX: non hai unha sub-chave para a revocación da chave\n"
+
+#: g10/import.c:1562
+#, fuzzy, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "chave %08lX: revocación de sub-chave non válida\n"
+
+#: g10/import.c:1577
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "chave %08lX: eliminouse a revocación de sub-chaves múltiples\n"
+
+#: g10/import.c:1618
+#, fuzzy, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "chave %08lX: omitido o ID de usuario '"
+
+#: g10/import.c:1639
+#, fuzzy, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "chave %08lX: omitida a sub-chave\n"
+
+#: g10/import.c:1666
+#, fuzzy, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "chave %08lX: sinatura non exportable (clase %02x) - omitida\n"
+
+#: g10/import.c:1676
+#, fuzzy, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "chave %08lX: certificado de revocación no lugar erróneo - omitido\n"
+
+#: g10/import.c:1693
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "chave %08lX: certificado de revocación incorrecto: %s - omitido\n"
+
+#: g10/import.c:1707
+#, fuzzy, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "chave %08lX: sinatura da sub-chave nun lugar incorrecto - omitida\n"
+
+#: g10/import.c:1715
+#, fuzzy, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "chave %08lX: clase de sinatura non esperada (0x%02X) - omitida\n"
+
+#: g10/import.c:1844
+#, fuzzy, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "chave %08lX: ID de usuario duplicado detectado - mesturado\n"
+
+#: g10/import.c:1906
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"AVISO: a chave %08lX pode estar revocada: obtendo a chave de revocación %"
+"08lX\n"
+
+#: g10/import.c:1920
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"AVISO: a chave %08lX pode estar revocada: chave de revocación %08lX "
+"ausente.\n"
+
+#: g10/import.c:1979
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "chave %08lX: \"%s\" certificado de revocación engadido\n"
+
+#: g10/import.c:2013
+#, fuzzy, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "chave %08lX: engadiuse unha sinatura de chave directa\n"
+
+#: g10/import.c:2414
+#, fuzzy
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "¡a chave pública con coincide coa chave secreta!\n"
+
+#: g10/import.c:2422
+#, fuzzy
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "omítese: a chave secreta xa está presente\n"
+
+#: g10/import.c:2424
+#, fuzzy
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "omítese: a chave secreta xa está presente\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "erro ao crea-lo chaveiro `%s': %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "chaveiro `%s' creado\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, fuzzy, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "erro ao crear `%s': %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "fallo ao reconstruí-la caché de chaveiros: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[revocación]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[auto-sinatura]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 sinatura errónea\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d sinaturas erróneas\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 sinatura non verificada debido a unha chave que falta\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d sinaturas non verificadas debido a chaves que faltan\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 sinatura non verificada debido a un erro\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d sinaturas non verificadas debido a erros\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "detectado 1 ID de usuario sin auto-sinatura válida\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "detectados %d IDs de usuario sin auto-sinatura válida\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+#, fuzzy
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Por favor, decida canto confía en que este usuario verifique\n"
+"correctamente as chaves de outros usuarios (mirando nos pasaportes,\n"
+"comprobando pegadas dactilares de varias fontes...).\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, fuzzy, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Confío marxinalmente\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, fuzzy, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Confío totalmente\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "O ID de usuario \"%s\" está revocado."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "¿Está seguro de que quere asinalo? (s/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Non se puido asinar.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "O ID de usuario \"%s\" está caducado."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "O ID de usuario \"%s\" non está asinado por el mesmo."
+
+#: g10/keyedit.c:682
+#, fuzzy, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "O ID de usuario \"%s\" non está asinado por el mesmo."
+
+#: g10/keyedit.c:684
+#, fuzzy
+msgid "Sign it? (y/N) "
+msgstr "¿Asinar de verdade? "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"A auto-sinatura de \"%s\"\n"
+"é unha sinatura tipo PGP 2.x\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "¿Quere promovela a unha auto-sinatura OpenPGP? (s/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"A súa sinatura actual en \"%s\"\n"
+"caducou.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "¿Quere emitir unha nova sinatura que substitúa á caducada? (s/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"A súa sinatura actual en \"%s\"\n"
+"é unha sinatura local.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "¿Quere promovela a sinatura totalmente exportable? (s/N) "
+
+#: g10/keyedit.c:779
+#, fuzzy, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" xa estaba asinado localmente coa chave %08lX\n"
+
+#: g10/keyedit.c:782
+#, fuzzy, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" xa estaba asinado coa chave %08lX\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "¿Quere asinalo outra vez de tódolos xeitos? (s/N) "
+
+#: g10/keyedit.c:809
+#, fuzzy, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Nada que asinar coa chave %08lX\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "¡Esta chave caducou!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Esta chave ha caducar o %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "¿Quere que a súa sinatura caduque ao mesmo tempo? (S/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"Non pode facer unha sinatura OpenPGP nunha chave PGP 2.x no modo --pgp2.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Isto podería face-la chave non utilizable en PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"¿Con canto tino comprobou que a chave que vai asinar realmente pertence á\n"
+"persoa de enriba? Se non sabe que respostar, introduza \"0\".\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Non hei respostar.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Non o comprobei en absoluto.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Fixen algunhas comprobacións.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Fixen comprobacións moi exhaustivas.%s\n"
+
+#: g10/keyedit.c:932
+#, fuzzy
+msgid "Your selection? (enter `?' for more information): "
+msgstr "¿A súa elección? (introduza '?' para ter máis información): "
+
+#: g10/keyedit.c:956
+#, fuzzy, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"¿Esta seguro de que quere asinar esta chave\n"
+"coa súa chave: \""
+
+#: g10/keyedit.c:963
+#, fuzzy
+msgid "This will be a self-signature.\n"
+msgstr ""
+"\n"
+"Esta ha ser unha auto-sinatura.\n"
+
+#: g10/keyedit.c:969
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"AVISO: a sinatura non se ha marcar coma non exportable.\n"
+
+#: g10/keyedit.c:977
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"AVISO: A sinatura non se ha marcar coma non revocable.\n"
+
+#: g10/keyedit.c:987
+#, fuzzy
+msgid "The signature will be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"A sinatura hase marcar coma non exportable.\n"
+
+#: g10/keyedit.c:994
+#, fuzzy
+msgid "The signature will be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"A sinatura hase marcar coma non revocable.\n"
+
+#: g10/keyedit.c:1001
+#, fuzzy
+msgid "I have not checked this key at all.\n"
+msgstr ""
+"\n"
+"Non se comprobou esta chave en absoluto.\n"
+
+#: g10/keyedit.c:1006
+#, fuzzy
+msgid "I have checked this key casually.\n"
+msgstr ""
+"\n"
+"Comprobouse esta chave de xeito informal.\n"
+
+#: g10/keyedit.c:1011
+#, fuzzy
+msgid "I have checked this key very carefully.\n"
+msgstr ""
+"\n"
+"Comprobouse esta chave con moito tino.\n"
+
+#: g10/keyedit.c:1021
+#, fuzzy
+msgid "Really sign? (y/N) "
+msgstr "¿Asinar de verdade? "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "fallou a sinatura: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Esta chave non está protexida.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "as partes secretas da chave primaria non están dispoñibles.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+#, fuzzy
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "as partes secretas da chave primaria non están dispoñibles.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "A chave está protexida.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Non se pode editar esta chave: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Introduza o novo contrasinal para esta chave secreta.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "o contrasinal non se repetiu correctamente; ténteo de novo"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Non desexa un contrainal - ¡o que é unha *mala* idea!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+#, fuzzy
+msgid "Do you really want to do this? (y/N) "
+msgstr "¿Seguro que quere facer esto? "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "movendo a sinatura dunha chave ó seu sitio\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "gardar e saír"
+
+#: g10/keyedit.c:1387
+#, fuzzy
+msgid "show key fingerprint"
+msgstr "amosar fingerprint"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "listar chave e IDs de usuario"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "selecciona-lo ID de usuario N"
+
+#: g10/keyedit.c:1391
+#, fuzzy
+msgid "select subkey N"
+msgstr "selecciona-lo ID de usuario N"
+
+#: g10/keyedit.c:1392
+#, fuzzy
+msgid "check signatures"
+msgstr "revocar sinaturas"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+#, fuzzy
+msgid "sign selected user IDs locally"
+msgstr "asina-la chave localmente"
+
+#: g10/keyedit.c:1404
+#, fuzzy
+msgid "sign selected user IDs with a trust signature"
+msgstr "Pista: seleccione os IDs de usuario que desexa asinar\n"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "engadir un ID de usuario"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "engadir unha identificación fotográfica"
+
+#: g10/keyedit.c:1414
+#, fuzzy
+msgid "delete selected user IDs"
+msgstr "borrar un ID de usuario"
+
+#: g10/keyedit.c:1419
+#, fuzzy
+msgid "add a subkey"
+msgstr "addkey"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+#, fuzzy
+msgid "delete selected subkeys"
+msgstr "borrar unha chave secundaria"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "engadir unha chave de revocación"
+
+#: g10/keyedit.c:1435
+#, fuzzy
+msgid "delete signatures from the selected user IDs"
+msgstr ""
+"¿Seguro que quere actualiza-las preferencias dos IDs de usuario "
+"seleccionados? "
+
+#: g10/keyedit.c:1437
+#, fuzzy
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "Non pode cambia-la data de expiración dunha chave v3\n"
+
+#: g10/keyedit.c:1439
+#, fuzzy
+msgid "flag the selected user ID as primary"
+msgstr "marcar un ID de usuario coma primario"
+
+#: g10/keyedit.c:1441
+#, fuzzy
+msgid "toggle between the secret and public key listings"
+msgstr "cambiar entre o listado de chaves públicas e secretas"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "lista-las preferencias (expertos)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "lista-las preferencias (moitos datos)"
+
+#: g10/keyedit.c:1448
+#, fuzzy
+msgid "set preference list for the selected user IDs"
+msgstr ""
+"¿Seguro que quere actualiza-las preferencias dos IDs de usuario "
+"seleccionados? "
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "non se puido analisa-lo URI do servidor de chaves\n"
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr ""
+"¿Seguro que quere actualiza-las preferencias dos IDs de usuario "
+"seleccionados? "
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "cambia-lo contrasinal"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "cambia-la confianza sobre o dono"
+
+#: g10/keyedit.c:1463
+#, fuzzy
+msgid "revoke signatures on the selected user IDs"
+msgstr "¿Seguro de que quere revocar tódolos IDs de usuario seleccionados? "
+
+#: g10/keyedit.c:1465
+#, fuzzy
+msgid "revoke selected user IDs"
+msgstr "revocar un ID de usuario"
+
+#: g10/keyedit.c:1470
+#, fuzzy
+msgid "revoke key or selected subkeys"
+msgstr "revocar unha chave secundaria"
+
+#: g10/keyedit.c:1471
+#, fuzzy
+msgid "enable key"
+msgstr "habilitar unha chave"
+
+#: g10/keyedit.c:1472
+#, fuzzy
+msgid "disable key"
+msgstr "deshabilitar unha chave"
+
+#: g10/keyedit.c:1473
+#, fuzzy
+msgid "show selected photo IDs"
+msgstr "amosa-la identificación fotográfica"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, fuzzy, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "erro ao le-lo bloque de chave secreta `%s': %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "A chave secreta está disponible.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Cómpre a chave secreta para facer isto.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Por favor, empregue o comando \"toggle\" antes.\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "A chave está revocada."
+
+#: g10/keyedit.c:1798
+#, fuzzy
+msgid "Really sign all user IDs? (y/N) "
+msgstr "¿Seguro de que quere asinar tódolos IDs de usuario? "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Pista: seleccione os IDs de usuario que desexa asinar\n"
+
+#: g10/keyedit.c:1814
+#, fuzzy, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "clase de sinatura descoñecida"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Non se admite este comando no modo %s.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Debe seleccionar alomenos un ID de usuario.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "¡Non pode borra-lo último ID de usuario!\n"
+
+#: g10/keyedit.c:1863
+#, fuzzy
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "¿Seguro de que quere borrar tódolos IDs de usuario seleccionados? "
+
+#: g10/keyedit.c:1864
+#, fuzzy
+msgid "Really remove this user ID? (y/N) "
+msgstr "¿Seguro de que quere borrar este ID de usuario? "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+#, fuzzy
+msgid "Really move the primary key? (y/N) "
+msgstr "¿Seguro de que quere borrar este ID de usuario? "
+
+#: g10/keyedit.c:1929
+#, fuzzy
+msgid "You must select exactly one key.\n"
+msgstr "Debe seleccionar alomenos unha chave.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, fuzzy, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "non se puido abrir `%s': %s\n"
+
+#: g10/keyedit.c:1988
+#, fuzzy, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "erro ao crea-lo chaveiro `%s': %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Debe seleccionar alomenos unha chave.\n"
+
+#: g10/keyedit.c:2015
+#, fuzzy
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "¿Seguro de que quere borra-las chaves seleccionadas? "
+
+#: g10/keyedit.c:2016
+#, fuzzy
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "¿Seguro de que quere borrar esta chave? "
+
+#: g10/keyedit.c:2051
+#, fuzzy
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "¿Seguro de que quere revocar tódolos IDs de usuario seleccionados? "
+
+#: g10/keyedit.c:2052
+#, fuzzy
+msgid "Really revoke this user ID? (y/N) "
+msgstr "¿Seguro de que quere revocar este ID de usuario? "
+
+#: g10/keyedit.c:2070
+#, fuzzy
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "¿Realmente quere revocar esta chave? "
+
+#: g10/keyedit.c:2081
+#, fuzzy
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "¿Realmente quere revoca-las chaves seleccionadas? "
+
+#: g10/keyedit.c:2083
+#, fuzzy
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "¿Realmente quere revocar esta chave? "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+#, fuzzy
+msgid "Set preference list to:\n"
+msgstr "estabrece-la lista de preferencias"
+
+#: g10/keyedit.c:2181
+#, fuzzy
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+"¿Seguro que quere actualiza-las preferencias dos IDs de usuario "
+"seleccionados? "
+
+#: g10/keyedit.c:2183
+#, fuzzy
+msgid "Really update the preferences? (y/N) "
+msgstr "¿Realmente desexa actualiza-las preferencias? "
+
+#: g10/keyedit.c:2253
+#, fuzzy
+msgid "Save changes? (y/N) "
+msgstr "¿Garda-los cambios? "
+
+#: g10/keyedit.c:2256
+#, fuzzy
+msgid "Quit without saving? (y/N) "
+msgstr "¿Saír sin gardar? "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "a actualización fallou: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "o segredo da actualización fallou: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "A chave non cambiou, polo que non fai falla actualizar.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Resumo: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Características: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr "Notación: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "Non hai preferencias nun ID de usuario estilo PGP 2.x.\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Esta chave pode estar revocada por %s chave "
+
+#: g10/keyedit.c:2832
+#, fuzzy, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Esta chave pode estar revocada por %s chave "
+
+#: g10/keyedit.c:2838
+#, fuzzy
+msgid "(sensitive)"
+msgstr " (sensible)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, fuzzy, c-format
+msgid "created: %s"
+msgstr "non foi posible crear %s: %s\n"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, fuzzy, c-format
+msgid "revoked: %s"
+msgstr "[revocada] "
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, fuzzy, c-format
+msgid "expired: %s"
+msgstr " [caduca: %s]"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, fuzzy, c-format
+msgid "expires: %s"
+msgstr " [caduca: %s]"
+
+#: g10/keyedit.c:2863
+#, fuzzy, c-format
+msgid "usage: %s"
+msgstr " confianza: %c/%c"
+
+#: g10/keyedit.c:2878
+#, fuzzy, c-format
+msgid "trust: %s"
+msgstr " confianza: %c/%c"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr ""
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Esta chave está desactivada"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Teña en conta que a validez da chave amosada non é necesariamente\n"
+"correcta a menos que reinicie o programa.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+#, fuzzy
+msgid "revoked"
+msgstr "[revocada] "
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+#, fuzzy
+msgid "expired"
+msgstr "expire"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"AVISO: non se marcou ningún ID de usuario coma primario. Esta orde pode\n"
+" facer que un ID de usuario diferente se converta no primario.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"AVISO: Esta é unha chave de estilo PGP2. Se engade unha identificación\n"
+" fotográfica algunhas versións de PGP han rexeitar esta chave.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "¿Está seguro de que quere engadila? (s/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr ""
+"Non pode engadir unha identificación fotográfica a unha chave de estilo "
+"PGP2.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "¿Borrar esta sinatura correcta? (s/N/q)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "¿Borrar esta sinatura incorrecta? (s/N/q)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "¿Borrar esta sinatura descoñecida? (s/N/q)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "¿Realmente quere borrar esta auto-sinatura? (s/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Borrada %d sinatura.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "Borradas %d sinaturas.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Non se borrou nada.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+#, fuzzy
+msgid "invalid"
+msgstr "armadura non válida"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "O ID de usuario \"%s\" está revocado."
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "O ID de usuario \"%s\" está revocado."
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "O ID de usuario \"%s\" está revocado."
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "o ID de usuario \"%s\" xa está revocado\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "o ID de usuario \"%s\" xa está revocado\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"AVISO: Esta é unha chave de estilo PGP 2.x. Se engade un revocador "
+"designado\n"
+" pode facer que algunhas versións de PGP rexeiten esta chave.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr ""
+"Non pode engadir un revocador designado a unha chave de estilo PGP 2.x.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Introduza o ID de usuario do revocador designado: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+"non se pode nomear unha chave estilo PGP 2.x coma revocador designado\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "non se pode nomear unha chave coma o seu propio revocador designado\n"
+
+#: g10/keyedit.c:3561
+#, fuzzy
+msgid "this key has already been designated as a revoker\n"
+msgstr "AVISO: ¡Esta chave está revocada polo propietario!\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"AVISO: ¡o nomeamento dunha chave coma o seu propio revocador designado non "
+"se pode desfacer!\n"
+
+#: g10/keyedit.c:3586
+#, fuzzy
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"¿Está seguro de que quere nomear esta chave coma revocador designado? (s/N): "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Por favor, quite as seleccións das chaves secretas.\n"
+
+#: g10/keyedit.c:3653
+#, fuzzy
+msgid "Please select at most one subkey.\n"
+msgstr "Por favor, seleccione como máximo unha chave secundaria.\n"
+
+#: g10/keyedit.c:3657
+#, fuzzy
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Cambiando a data de expiración para a chave secundaria.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Cambiando a data de expiración da chave primaria.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Non pode cambia-la data de expiración dunha chave v3\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Non hai unha sinatura correspondiente no chaveiro secreto\n"
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr ""
+"AVISO: ¡o nomeamento dunha chave coma o seu propio revocador designado non "
+"se pode desfacer!\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Escolla exactamente un ID de usuario.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, fuzzy, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "omitindo a auto-sinatura v3 do id de usuario \"%s\"\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+#, fuzzy
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "¿Está seguro de que quere empregala (s/N)? "
+
+#: g10/keyedit.c:4260
+#, fuzzy
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "¿Está seguro de que quere empregala (s/N)? "
+
+#: g10/keyedit.c:4322
+#, fuzzy
+msgid "Enter the notation: "
+msgstr "Notación de sinaturas: "
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "¿Sobrescribir? (s/N) "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Non hai ID de usuario con índice %d\n"
+
+#: g10/keyedit.c:4604
+#, fuzzy, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Non hai ID de usuario con índice %d\n"
+
+#: g10/keyedit.c:4639
+#, fuzzy, c-format
+msgid "No subkey with index %d\n"
+msgstr "Non hai ID de usuario con índice %d\n"
+
+#: g10/keyedit.c:4774
+#, fuzzy, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "ID de usuario: \""
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, fuzzy, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr " asinada por %08lX no %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (non exportable)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Esta sinatura caducou o %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "¿Está seguro de que quere revocala? (s/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "¿Crear un certificado de revocación para esta sinatura? (s/N) "
+
+#: g10/keyedit.c:4842
+#, fuzzy
+msgid "Not signed by you.\n"
+msgstr " asinada por %08lX no %s%s\n"
+
+#: g10/keyedit.c:4848
+#, fuzzy, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Asinou estes IDs de usuario: \n"
+
+#: g10/keyedit.c:4874
+#, fuzzy
+msgid " (non-revocable)"
+msgstr " (non exportable)"
+
+#: g10/keyedit.c:4881
+#, fuzzy, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr " revocada por %08lX no %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Está a punto de revocar estas sinaturas:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "¿Realmente desexa crea-los certificados de revocación? (s/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "non hai chave secreta\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "o ID de usuario \"%s\" xa está revocado\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+"AVISO: unha sinatura de ID de usuario ten unha data %d segundos no futuro\n"
+
+#: g10/keyedit.c:5104
+#, fuzzy, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "o ID de usuario \"%s\" xa está revocado\n"
+
+#: g10/keyedit.c:5166
+#, fuzzy, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "o ID de usuario \"%s\" xa está revocado\n"
+
+#: g10/keyedit.c:5261
+#, fuzzy, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+"Amosando a id. fotográfica %s de tamaño %ld da chave 0x%08lX (uid %d)\n"
+
+#: g10/keygen.c:275
+#, fuzzy, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "preferencia %c%lu duplicada\n"
+
+#: g10/keygen.c:282
+#, fuzzy
+msgid "too many cipher preferences\n"
+msgstr "demasiadas preferencias `%c'\n"
+
+#: g10/keygen.c:284
+#, fuzzy
+msgid "too many digest preferences\n"
+msgstr "demasiadas preferencias `%c'\n"
+
+#: g10/keygen.c:286
+#, fuzzy
+msgid "too many compression preferences\n"
+msgstr "demasiadas preferencias `%c'\n"
+
+#: g10/keygen.c:426
+#, fuzzy, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "caracter non válido na cadea de preferencias\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "escribindo unha sinatura directa\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "escribindo a propia sinatura\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "escribindo unha sinatura que liga a chave\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "tamaño de chave non válido; empregando %u bits\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "tamaño de chave redondeado a %u bits\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+#, fuzzy
+msgid "Sign"
+msgstr "sign"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+#, fuzzy
+msgid "Encrypt"
+msgstr "cifrar datos"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr ""
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, fuzzy, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%d) ElGamal (só cifrar)\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Por favor, seleccione o tipo de chave que quere:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA e ElGamal (por defecto)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA e ElGamal (por defecto)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (só asinar)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (só asinar)\n"
+
+#: g10/keygen.c:1698
+#, fuzzy, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (só cifrar)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (só cifrar)\n"
+
+#: g10/keygen.c:1703
+#, fuzzy, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) RSA (só cifrar)\n"
+
+#: g10/keygen.c:1704
+#, fuzzy, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (só cifrar)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "¿Qué tamaño de chave quere? (1024) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, fuzzy, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "¿Qué tamaño de chave quere? (1024) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "O tamaño de chave requerido son %u bits\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Por favor, indique canto tempo debería ser válida a chave.\n"
+" 0 = a chave non caduca\n"
+" <n> = a chave caduca en n días\n"
+" <n>w = a chave caduca en n semanas\n"
+" <n>m = a chave caduca en n meses\n"
+" <n>y = a chave caduca en n anos\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Por favor, indique canto tempo debería ser válida a sinatura.\n"
+" 0 = a sinatura non caduca\n"
+" <n> = a sinatura caduca en n días\n"
+" <n>w = a sinatura caduca en n semanas\n"
+" <n>m = a sinatura caduca en n meses\n"
+" <n>y = a sinatura caduca en n anos\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "¿Por canto tempo é válida a chave? (0) "
+
+#: g10/keygen.c:1964
+#, fuzzy, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "¿Por canto tempo é válida a sinatura? (0) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "valor non válido\n"
+
+#: g10/keygen.c:1989
+#, fuzzy
+msgid "Key does not expire at all\n"
+msgstr "%s non caduca nunca\n"
+
+#: g10/keygen.c:1990
+#, fuzzy
+msgid "Signature does not expire at all\n"
+msgstr "%s non caduca nunca\n"
+
+#: g10/keygen.c:1995
+#, fuzzy, c-format
+msgid "Key expires at %s\n"
+msgstr "%s caduca o %s\n"
+
+#: g10/keygen.c:1996
+#, fuzzy, c-format
+msgid "Signature expires at %s\n"
+msgstr "A sinatura caduca o %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"O seu sistema non pode amosar datas máis aló do 2038.\n"
+"Aínda así, hase tratar correctamente ata o 2106.\n"
+
+#: g10/keygen.c:2013
+#, fuzzy
+msgid "Is this correct? (y/N) "
+msgstr "¿Isto é correcto? (s/n) "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+#, fuzzy
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Precisa un ID de usuario para identifica-la súa chave; o software constrúe "
+"o\n"
+"id de usuario co Nome, un Comentario e un Enderezo de E-mail deste xeito:\n"
+" \"Heinrich Heime (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Nome: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Caracter non válido no nome\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "O nome non pode comezar cun díxito\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "O nome debe ter alomenos 5 caracteres\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Enderezo de E-mail: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Non é un enderezo de e-mail válido\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Comentario: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Carácter non válido no comentario\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Está a usa-lo xogo de caracteres `%s'.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Escolleu este ID de usuario:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr ""
+"Por favor, non poña o enderezo de correo no nome real ou no comentario\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcEeAaSs"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "¿Cambia-lo (N)ome, (C)omentario, (E)-mail ou (S)aír? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "¿Cambiar (N)ome, (C)omentario, (E)-mail ou (A)ceptar/(S)aír? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Por favor, corrixa antes o erro\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Necesita un contrasinal para protexe-la súa chave secreta.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Non quere empregar un contrasinal - ¡é unha idea *moi* mala!\n"
+"Hase facer así de tódolos xeitos; pode cambia-lo contrasinal en calquera\n"
+"momento, empregando este programa coa opción \"--edit-key\".\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Cómpre xerar unha morea de bytes aleatorios. E unha boa idea facer outras\n"
+"cousas (premer teclas no teclado, move-lo rato, usa-los discos duros)\n"
+"mentres se xeran os números primos; isto proporciónalle ao xerador de\n"
+"números aleatorios unha opoertunidade de acumular entropía de abondo.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Cancelouse a xeración de chaves.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "gravando a chave pública en `%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, fuzzy, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "gravando a chave secreta en `%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "gravando a chave secreta en `%s'\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "non se atopou un chaveiro público no que se poida escribir: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "non se atopou un chaveiro privado no que se poida escribir: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "erro escribindo no chaveiro público `%s': %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "erro escribindo no chaveiro secreto `%s': %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "creáronse e asináronse as chaves pública e secreta.\n"
+
+#: g10/keygen.c:3672
+#, fuzzy
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Teña en conta que non se pode empregar esta chave para cifrar. Pode que\n"
+"queira emprega-lo comando \"--edit-key\" para xerar unha chave secundaria\n"
+"con esa finalidade.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "A xeración da chave fallou: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"creouse a chave %lu segundo no futuro (salto no tempo ou problemas co "
+"reloxo)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"creouse a chave %lu segundos no futuro (salto no tempo ou problemas co "
+"reloxo)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "NOTA: a creación de subchaves para chaves v3 non cumpre OpenPGP\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+#, fuzzy
+msgid "Really create? (y/N) "
+msgstr "¿Crear realmente? "
+
+#: g10/keygen.c:4116
+#, fuzzy, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "fallou o borrado do bloque de chaves: %s\n"
+
+#: g10/keygen.c:4165
+#, fuzzy, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "non se pode crear `%s': %s\n"
+
+#: g10/keygen.c:4191
+#, fuzzy, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "NOTA: a chave secreta %08lX caducou o %s\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "nunca "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Normativa de sinaturas críticas: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Normativa de sinaturas: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Notación de sinaturas críticas: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Notación de sinaturas: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Chaveiro"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Pegada dactilar da chave primaria:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Pegada dactilar da sub-chave:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr "Pegada dactilar da chave primaria:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Pegada dactilar da sub-chave:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+#, fuzzy
+msgid " Key fingerprint ="
+msgstr " Pegada dactilar ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, fuzzy, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "non se puido poñe-la armadura: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "AVISO: existen dous ficheiros con información confidencial.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s é o que non cambiou\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s é o novo\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Por favor, amañe este posible fallo de seguridade\n"
+
+#: g10/keyring.c:1430
+#, fuzzy, c-format
+msgid "caching keyring `%s'\n"
+msgstr "comprobando o chaveiro `%s'\n"
+
+#: g10/keyring.c:1489
+#, fuzzy, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu chaves comprobadas (%lu sinaturas)\n"
+
+#: g10/keyring.c:1501
+#, fuzzy, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu chaves comprobadas (%lu sinaturas)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: chaveiro creado\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "o URL de normativa de sinaturas dado non é válido\n"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, fuzzy, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr "AVISO: as opcións de `%s' aínda non están activas nesta execución\n"
+
+#: g10/keyserver.c:544
+#, fuzzy
+msgid "disabled"
+msgstr "disable"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, fuzzy, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "opcións de exportación non válidas\n"
+
+#: g10/keyserver.c:932
+#, fuzzy, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "non se atopou a chave `%s': %s\n"
+
+#: g10/keyserver.c:934
+#, fuzzy
+msgid "key not found on keyserver\n"
+msgstr "non se atopou a chave `%s': %s\n"
+
+#: g10/keyserver.c:1177
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "solicitando a chave %08lX de %s\n"
+
+#: g10/keyserver.c:1181
+#, fuzzy, c-format
+msgid "requesting key %s from %s\n"
+msgstr "solicitando a chave %08lX de %s\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "buscando \"%s\" no servidor HKP %s\n"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "buscando \"%s\" no servidor HKP %s\n"
+
+#: g10/keyserver.c:1361
+#, fuzzy, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "buscando \"%s\" no servidor HKP %s\n"
+
+#: g10/keyserver.c:1365
+#, fuzzy, c-format
+msgid "sending key %s to %s\n"
+msgstr ""
+"\"\n"
+"asinado coa súa chave %08lX no %s\n"
+
+#: g10/keyserver.c:1408
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "buscando \"%s\" no servidor HKP %s\n"
+
+#: g10/keyserver.c:1411
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "buscando \"%s\" no servidor HKP %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+#, fuzzy
+msgid "no keyserver action!\n"
+msgstr "opcións de exportación non válidas\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr ""
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+"non hai un servidor de chaves coñecido (empregue a opción --keyserver)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+#: g10/keyserver.c:1575
+#, fuzzy
+msgid "keyserver timed out\n"
+msgstr "erro do servidor de chaves"
+
+#: g10/keyserver.c:1580
+#, fuzzy
+msgid "keyserver internal error\n"
+msgstr "erro do servidor de chaves"
+
+#: g10/keyserver.c:1589
+#, fuzzy, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "a recepción do servidor de chaves fallou: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, fuzzy, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "%s: non é un ID de chave válido\n"
+
+#: g10/keyserver.c:1907
+#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "AVISO: non se puido borra-lo ficheiro temporal (%s) `%s': %s\n"
+
+#: g10/keyserver.c:1929
+#, fuzzy, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "solicitando a chave %08lX de %s\n"
+
+#: g10/keyserver.c:1931
+#, fuzzy, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "solicitando a chave %08lX de %s\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "AVISO: non se puido borra-lo ficheiro temporal (%s) `%s': %s\n"
+
+#: g10/keyserver.c:1993
+#, fuzzy, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "AVISO: non se puido borra-lo ficheiro temporal (%s) `%s': %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "tamaño moi estraño para unha chave de sesión cifrada (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "chave de sesión cifrada con %s\n"
+
+#: g10/mainproc.c:294
+#, fuzzy, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "cifrado cun algoritmo descoñecido %d\n"
+
+#: g10/mainproc.c:360
+#, fuzzy, c-format
+msgid "public key is %s\n"
+msgstr "a chave pública é %08lX\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "datos cifrados coa chave pública: DEK correcto\n"
+
+#: g10/mainproc.c:456
+#, fuzzy, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "cifrado cunha chave de %u bits, %s, ID %08lX, creado o %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, fuzzy, c-format
+msgid " \"%s\"\n"
+msgstr " alias \""
+
+#: g10/mainproc.c:464
+#, fuzzy, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "cifrado cunha chave %s, ID %08lX\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "fallou o descifrado de chave pública: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "cifrado con %lu contrasinais\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "cifrado con 1 contrasinal\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "supoñendo datos cifrados con %s\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "A cifra IDEA non está dispoñible, téntase empregar %s no seu canto\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "descifrado correcto\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "AVISO: a mensaxe non tiña protección de integridade\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "AVISO: ¡a mensaxe cifrada foi manipulada!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "o descifrado fallou: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "NOTA: o remitente pediu \"confidencial\"\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "nome do ficheiro orixinal='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "revocación independente - empregue \"gpg --import\" para aplicar\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "Sinatura correcta de \""
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "verificación de sinatura suprimida\n"
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "non se poden manexar estas sinaturas múltiples\n"
+
+#: g10/mainproc.c:1598
+#, fuzzy, c-format
+msgid "Signature made %s\n"
+msgstr "A sinatura caducou o %s\n"
+
+#: g10/mainproc.c:1599
+#, fuzzy, c-format
+msgid " using %s key %s\n"
+msgstr " alias \""
+
+#: g10/mainproc.c:1603
+#, fuzzy, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Sinatura feita o %.*s usando %s coa chave de ID %08lX\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Chave dispoñible en: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, fuzzy, c-format
+msgid "BAD signature from \"%s\""
+msgstr "Sinatura INCORRECTA de\""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, fuzzy, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Sinatura caducada de \""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, fuzzy, c-format
+msgid "Good signature from \"%s\""
+msgstr "Sinatura correcta de \""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[incerto]"
+
+#: g10/mainproc.c:1843
+#, fuzzy, c-format
+msgid " aka \"%s\""
+msgstr " alias \""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "A sinatura caducou o %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "A sinatura caduca o %s\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "Sinatura %s, algoritmo de resumo %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "binario"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "modo texto"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "descoñecido"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Non foi posible verifica-la sinatura: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "non é unha sinatura separada\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"AVISO: detectáronse sinaturas múltiples. Só se ha comproba-la primeira.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "sinatura independiente de clase 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "Sinatura ó vello estilo (PGP 2.x)\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "paquete raíz incorrecto detectado en proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, fuzzy, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr ""
+"a actualización da base de datos de confianza fallou:\n"
+"%s\n"
+
+#: g10/misc.c:178
+#, fuzzy, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "base de datos de confianza: fallou a lectura (n=%d): %s\n"
+
+#: g10/misc.c:296
+#, fuzzy, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "non é posible manexa-lo algoritmo de chave pública %d\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+"forza-lo algoritmo de resumo %s (%d) viola as preferencias do destinatario\n"
+
+#: g10/misc.c:315
+#, fuzzy, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "algoritmo de cifrado non implementado"
+
+#: g10/misc.c:330
+#, fuzzy, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "Sinatura %s, algoritmo de resumo %s\n"
+
+#: g10/misc.c:335
+#, fuzzy, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr ""
+"forza-lo algoritmo de resumo %s (%d) viola as preferencias do destinatario\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "o plugin de cifra IDEA non está presente\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr " i = amosar máis información\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: opción a extinguir \"%s\"\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "AVISO: \"%s\" é unha opción a extinguir\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "empregue \"%s%s\" no seu canto\n"
+
+#: g10/misc.c:774
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "AVISO: \"%s\" é unha opción a extinguir\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "AVISO: \"%s\" é unha opción a extinguir\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "Sen comprimir"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+#, fuzzy
+msgid "uncompressed|none"
+msgstr "Sen comprimir"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "esta mensaxe pode non ser utilizable por %s\n"
+
+#: g10/misc.c:1175
+#, fuzzy, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "lendo as opcións de `%s'\n"
+
+#: g10/misc.c:1200
+#, fuzzy, c-format
+msgid "unknown option `%s'\n"
+msgstr "destinatario por defecto `%s' descoñecido\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "O ficheiro `%s' xa existe. "
+
+#: g10/openfile.c:93
+#, fuzzy
+msgid "Overwrite? (y/N) "
+msgstr "¿Sobrescribir? (s/N) "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: sufixo descoñecido\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Introduza o novo nome de ficheiro"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "escribindo na saída estándar\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "suponse que hai datos asinados en `%s'\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr " creouse un novo ficheiro de configuración `%s'\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "AVISO: as opcións de `%s' aínda non están activas nesta execución\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "non é posible manexa-lo algoritmo de chave pública %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+"AVISO: chave de sesión cifrada simetricamente potencialmente insegura\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "un subpaquete de tipo %d ten o bit crítico posto\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, fuzzy, c-format
+msgid "problem with the agent: %s\n"
+msgstr "problema co axente: o axente voltou coa resposta 0x%lx\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, fuzzy, c-format
+msgid " (main key ID %s)"
+msgstr " (ID principal da chave %08lX)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Precisa un contrasinal para desbloquea-la chave secreta do usuario:\n"
+"\"%.*s\"\n"
+"Chave de %u bits, %s, ID %08lX, creada o %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Introduza o contrasinal\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "cancelado polo usuario\n"
+
+#: g10/passphrase.c:592
+#, fuzzy, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"\n"
+"Necesita un contrasinal para desbloquea-la chave secreta para\n"
+"o usuario \""
+
+#: g10/passphrase.c:600
+#, fuzzy, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-bits, chave %s, ID %08lX, creada %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Escolla unha imaxe a empregar coma identificación fotográfica. A imaxe ten\n"
+"que ser un ficheiro JPEG. Lembre que a imaxe armacénase coa súa chave\n"
+"pública. Se emprega unha imaxe moi grande, a súa chave tamén se ha volver\n"
+"moi grande. Un bo tamaño para empregar é un semellante a 240x288.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Introduza o nome do ficheiro JPEG: "
+
+#: g10/photoid.c:117
+#, fuzzy, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "non se puido abrir un ficheiro: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+#, fuzzy
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "¿Está seguro de que quere empregala (s/N)? "
+
+#: g10/photoid.c:146
+#, fuzzy, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "\"%s\" non é un ficheiro JPEG\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "¿É esta foto correcta (s/N/q)? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "¡non se pode amosa-la identificación fotográfica!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Non se especificou un motivo"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "A chave é obsoleta"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Esta chave quedou descoberta"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Xa non se emprega esta chave"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "O ID de usuario xa non é válido"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "motivo para a revocación: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "comentario de revocación: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMsSoO"
+
+#: g10/pkclist.c:212
+#, fuzzy
+msgid "No trust value assigned to:\n"
+msgstr ""
+"Non se asignou un valor de confianza a:\n"
+"%4u%c/%08lX %s \""
+
+#: g10/pkclist.c:245
+#, fuzzy, c-format
+msgid " aka \"%s\"\n"
+msgstr " alias \""
+
+#: g10/pkclist.c:255
+#, fuzzy
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "Esta chave probablemente pertenza ao propietario\n"
+
+#: g10/pkclist.c:270
+#, fuzzy, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Non sei\n"
+
+#: g10/pkclist.c:272
+#, fuzzy, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = NON confío\n"
+
+#: g10/pkclist.c:278
+#, fuzzy, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Confío absolutamente\n"
+
+#: g10/pkclist.c:284
+#, fuzzy
+msgid " m = back to the main menu\n"
+msgstr " m = voltar ao menú principal\n"
+
+#: g10/pkclist.c:287
+#, fuzzy
+msgid " s = skip this key\n"
+msgstr " o = omitir esta chave\n"
+
+#: g10/pkclist.c:288
+#, fuzzy
+msgid " q = quit\n"
+msgstr " s = saír\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "¿A súa decisión? "
+
+#: g10/pkclist.c:319
+#, fuzzy
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "¿Está seguro de querer dar confianza absoluta a esta chave? "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certificados que conducen a unha chave de confianza absoluta:\n"
+
+#: g10/pkclist.c:418
+#, fuzzy, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Non hai indicacións de que a sinatura pertenza ao seu propietario.\n"
+
+#: g10/pkclist.c:423
+#, fuzzy, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Non hai indicacións de que a sinatura pertenza ao seu propietario.\n"
+
+#: g10/pkclist.c:429
+#, fuzzy
+msgid "This key probably belongs to the named user\n"
+msgstr "Esta chave probablemente pertenza ao propietario\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Esta chave perténcenos a nós\n"
+
+#: g10/pkclist.c:460
+#, fuzzy
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"NON é seguro que a chave pertenza á persoa indicada no ID de\n"
+"usuario. Se *de verdade* sabe o que está a facer, pode\n"
+"respostar á seguinte pregunta cun \"si\"\n"
+"\n"
+
+#: g10/pkclist.c:479
+#, fuzzy
+msgid "Use this key anyway? (y/N) "
+msgstr "¿Empregar esta chave de tódolos xeitos?"
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "AVISO: ¡Emprégase unha chave que non é de confianza!\n"
+
+#: g10/pkclist.c:520
+#, fuzzy
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+"AVISO: a chave %08lX pode estar revocada: chave de revocación %08lX "
+"ausente.\n"
+
+#: g10/pkclist.c:529
+#, fuzzy
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "AVISO: ¡Esta chave está revocada polo propietario!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "AVISO: ¡Esta chave está revocada polo propietario!\n"
+
+#: g10/pkclist.c:533
+#, fuzzy
+msgid " This could mean that the signature is forged.\n"
+msgstr " Isto pode significar que a sinatura está falsificada.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "AVISO: ¡Esta subchave está revocada polo propietario!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Nota: Esta chave está desactivada.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Nota: ¡Esta chave xa caducou!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "AVISO: ¡Esta chave non está certificada cunha sinatura de confianza!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" Non hai indicacións de que a sinatura pertenza ao seu propietario.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "AVISO: ¡Esta chave NON é de confianza!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Probablemente, a sinatura estea FALSIFICADA.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"AVISO: ¡Esta chave non está certificada con sinaturas de suficiente "
+"confianza!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Non é seguro que a sinatura pertenza ao seu propietario.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: omitido: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: omitido: a chave pública xa está presente\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "Non especificou un ID de usuario. (pode empregar \"-r\")\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Introduza o ID de usuario. Remate cunha liña en branco: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Non hai tal ID de usuario.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr ""
+"omitido: a chave pública xa está estabrecida coma destinatario por defecto\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "A chave pública está desactivada.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "omitido: chave pública xa estabrecida\n"
+
+#: g10/pkclist.c:1045
+#, fuzzy, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "destinatario por defecto `%s' descoñecido\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: omitido: a chave pública está desactivada\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "non hai enderezos válidos\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "chave %08lX: non hai ID de usuario\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "chave %08lX: non hai ID de usuario\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "os datos non foron gardados; use a opción \"--output\" para gardalos\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Sinatura non adxunta.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Por favor, introduza o nome do ficheiro de datos: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "lendo de stdin ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "non hai datos asinados\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "non foi posible abri-los datos asinados `%s'\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "non foi posible abri-los datos asinados `%s'\n"
+
+#: g10/pubkey-enc.c:105
+#, fuzzy, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "destinatario anónimo; tentando a chave secreta %08lX ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "vale, nós somo-lo destinatario anónimo.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "a codificación vella do DEK non está soportada\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "o algoritmo de cifrado %d%s é descoñecido ou está desactivado\n"
+
+#: g10/pubkey-enc.c:284
+#, fuzzy, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "NOTA: o algoritmo de cifrado %d non foi atopado nas preferencias\n"
+
+#: g10/pubkey-enc.c:304
+#, fuzzy, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "NOTA: a chave secreta %08lX caducou o %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "NOTA: a chave está revocada"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "a chamada a build_packet fallou: %s\n"
+
+#: g10/revoke.c:145
+#, fuzzy, c-format
+msgid "key %s has no user IDs\n"
+msgstr "chave %08lX: non hai ID de usuario\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Ha ser revocada por:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Esta é unha chave de revocación sensible)\n"
+
+#: g10/revoke.c:314
+#, fuzzy
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "¿Crear un certificado de revocación para esta sinatura? "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "Forzouse unha saída con armadura ASCII.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "a chamada a make_keysig_packet fallou: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Creouse o certificado de revocación.\n"
+
+#: g10/revoke.c:411
+#, fuzzy, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "non se atoparon chaves de revocación para `%s'\n"
+
+#: g10/revoke.c:470
+#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "non se atopou a chave secreta `%s': %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "non hai unha chave pública correspondente: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "¡a chave pública con coincide coa chave secreta!\n"
+
+#: g10/revoke.c:515
+#, fuzzy
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "¿Crear un certificado de revocación para esta sinatura? "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "algoritmo de protección descoñecido\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "NOTA: ¡Esta chave non está protexida!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Creouse o certificado de revocación.\n"
+"\n"
+"Por favor, trasládeo a un soporte que poida agochar; se Mallory consegue\n"
+"acceso a este certificado pode empregalo para inutiliza-la súa chave.\n"
+"É unha boa idea imprimir este certificado e armacenalo, por se o soporte\n"
+"se volve ilexible. Pero teña coidado: o sistema de impresión da súa\n"
+"máquina podería armacena-los datos e deixárllelos dispoñibles a outros.\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Por favor, escolla o motivo da revocación:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Cancelar"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(probablemente queira seleccionar %d aquí)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Introduza unha descrición opcional; remátea cunha liña en branco:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Motivo para a revocación: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(Non se deu unha descrición)\n"
+
+#: g10/revoke.c:721
+#, fuzzy
+msgid "Is this okay? (y/N) "
+msgstr "¿É correcto? "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "hai partes da chave secreta non dispoñibles\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "o algoritmo de protección %d%s non está soportado\n"
+
+#: g10/seckey-cert.c:72
+#, fuzzy, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "o algoritmo de protección %d%s non está soportado\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Contrasinal non válido; por favor, ténteo de novo"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+"AVISO: Detectouse unha chave feble - por favor, cambie o contrasinal outra "
+"vez.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"xerando o checksum de 16-bits a extinguir para a protección da chave "
+"secreta\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "creouse unha chave feble - volvendo a tentalo\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"non se pode evitar unha chave feble para o cifrado simétrico; tentouse %d "
+"veces\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "AVISO: conflicto de resumo de sinatura na mensaxe\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+
+#: g10/sig-check.c:117
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"AVISO: ¡o nomeamento dunha chave coma o seu propio revocador designado non "
+"se pode desfacer!\n"
+
+#: g10/sig-check.c:211
+#, fuzzy, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "a chave pública %08lX é %lu segundo máis nova cá sinatura\n"
+
+#: g10/sig-check.c:212
+#, fuzzy, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "a chave pública %08lX é %lu segundos máis nova cá sinatura\n"
+
+#: g10/sig-check.c:223
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"creouse a chave %lu segundo no futuro (salto no tempo ou problemas co "
+"reloxo)\n"
+
+#: g10/sig-check.c:225
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"creouse a chave %lu segundos no futuro (salto no tempo ou problemas co "
+"reloxo)\n"
+
+#: g10/sig-check.c:239
+#, fuzzy, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "NOTA: a chave de sinatura %08lX caducou o %s\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "NOTA: a chave está revocada"
+
+#: g10/sig-check.c:325
+#, fuzzy, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"asumindo unha sinatura incorrecta da chave %08lX debido a un bit crítico "
+"descoñecido\n"
+
+#: g10/sig-check.c:591
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr ""
+"chave %08lX: non hai unha sub-chave para o paquete de a revocación de "
+"subchave\n"
+
+#: g10/sig-check.c:618
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "chave %08lX: non hai sub-chave para a sinatura da ligazón da chave\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"AVISO: non se pode expandir-%% a notación (grande de máis). Úsase sen "
+"expandir.\n"
+
+#: g10/sign.c:115
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr "AVISO: non se pode expandir-%% o url de normativa (grande de máis).\n"
+
+#: g10/sign.c:138
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr "AVISO: non se pode expandir-%% o url de normativa (grande de máis).\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "fallou a comprobación da sinatura creada: %s\n"
+
+#: g10/sign.c:320
+#, fuzzy, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "Sinatura %s de: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"só pode asinar nun ficheiro separado con chaves estilo PGP 2.x no modo --"
+"pgp2\n"
+
+#: g10/sign.c:837
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"forza-lo algoritmo de resumo %s (%d) viola as preferencias do destinatario\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "asinando:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "só pode asinar en claro con chaves estilo PGP 2.x no modo --pgp2\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "hase empregar cifrado %s\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"a chave non está marcada coma insegura - non se pode empregar co xerador de "
+"números aleatorios falso\n"
+
+#: g10/skclist.c:174
+#, fuzzy, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "omítese `%s': duplicada\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "omítese `%s': %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "omítese: a chave secreta xa está presente\n"
+
+#: g10/skclist.c:208
+#, fuzzy
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"omítese `%s': ¡esta é unha chave ElGamal xerada por PGP que non é segura "
+"para sinaturas!\n"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "rexistro de confianza %lu, tipo %d: fallou a escritura: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Lista de valores de confianza asignados, creada o %s\n"
+"# (Empregue \"gpg --import-ownertrust\" para restauralos)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, fuzzy, c-format
+msgid "error in `%s': %s\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: g10/tdbdump.c:161
+#, fuzzy
+msgid "line too long"
+msgstr "liña longa de máis\n"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+#, fuzzy
+msgid "invalid fingerprint"
+msgstr "erro: pegada dactilar non válida\n"
+
+#: g10/tdbdump.c:180
+#, fuzzy
+msgid "ownertrust value missing"
+msgstr "importa-los valores de confianza no propietario"
+
+#: g10/tdbdump.c:216
+#, fuzzy, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "erro ao buscar un rexistro de confianza: %s\n"
+
+#: g10/tdbdump.c:220
+#, fuzzy, c-format
+msgid "read error in `%s': %s\n"
+msgstr "erro de lectura: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "base de datos de confianza: fallou a sincronización: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "rexistro da base de datos de confianza %lu: lseek fallou: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr ""
+"rexistro da base de datos de confianza %lu: fallou a escritura (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "transacción da base de datos de confianza demasiado grande\n"
+
+#: g10/tdbio.c:500
+#, fuzzy, c-format
+msgid "can't access `%s': %s\n"
+msgstr "non se pode pechar `%s': %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: ¡o directorio non existe!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, fuzzy, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "non se pode crear `%s': %s\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, fuzzy, c-format
+msgid "can't lock `%s'\n"
+msgstr "non se puido abrir `%s'\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: non se puido crea-lo rexistro de versión: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: creouse unha base de datos de confianza incorrecta\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: creouse a base de datos de confianza\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "NOTA: non se pode escribir na base de datos de confianza\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: base de datos de confianza non válida\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: fallo ao crear unha táboa hash: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: erro ao actualiza-lo rexistro de versión: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: erro ao le-lo rexistro de versión: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: erro ao escribi-lo rexistro de versión: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "base de datos de confianza: lseek fallou: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "base de datos de confianza: fallou a lectura (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: non é un ficheiro de base de datos de confianza\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: rexistro de versión con número de rexistro %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: versión do ficheiro incorrecta %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: erro ao ler un rexistro libre: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: erro ao escribi-lo rexistro de directorios: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: non se puido pór a cero un rexistro: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: non se puido engadir un rexistro: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: creouse a base de datos de confianza\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "non é posible manexar liñas de texto maiores que %d caracteres\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "a liña de entrada contén máis de %d caracteres\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "`%s' non é un ID longo de chave válido\n"
+
+#: g10/trustdb.c:252
+#, fuzzy, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "chave %08lX: aceptada como chave de confianza\n"
+
+#: g10/trustdb.c:290
+#, fuzzy, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "a chave %08lX aparece máis dunha vez na base de datos de confianza\n"
+
+#: g10/trustdb.c:305
+#, fuzzy, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr ""
+"chave %08lX: non hai unha chave pública para a chave de confianza - omitida\n"
+
+#: g10/trustdb.c:315
+#, fuzzy, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "chave marcada coma de confianza absoluta.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "rexistro de confianza %lu, tipo da petición %d: fallou a lectura: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "o rexistro de confianza %lu non é do tipo %d solicitado\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+#, fuzzy
+msgid "[ revoked]"
+msgstr "[revocada] "
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+#, fuzzy
+msgid "[ expired]"
+msgstr "[caducada ]"
+
+#: g10/trustdb.c:528
+#, fuzzy
+msgid "[ unknown]"
+msgstr "descoñecido"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+#, fuzzy
+msgid "never"
+msgstr "nunca "
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "non se precisa comproba-la base de datos de confianza\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "hase comproba-la base de datos de confianza o %s\n"
+
+#: g10/trustdb.c:607
+#, fuzzy, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "non se precisa comproba-la base de datos de confianza\n"
+
+#: g10/trustdb.c:622
+#, fuzzy, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "non se precisa comproba-la base de datos de confianza\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, fuzzy, c-format
+msgid "public key %s not found: %s\n"
+msgstr "non se atopou a chave pública %08lX: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "por favor, execute con --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "comprobando a base de datos de confianza\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "procesáronse %d chaves (marcáronse %d contas de validez)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "non se atoparon chaves de confianza absoluta\n"
+
+#: g10/trustdb.c:2309
+#, fuzzy, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "non se atopou a chave pública da clave de confianza absoluta %08lX\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, fuzzy, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "rexistro de confianza %lu, tipo %d: fallou a escritura: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"non se puido verifica-la sinatura.\n"
+"Por favor, lembre que o ficheiro de sinatura (.sig ou .asc) debería\n"
+"se-lo primeiro ficheiro que se indique na liña de comandos.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr ""
+"a liña de entrada %u é longa de máis ou fáltalle a marca de fin de liña\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "non se puido abrir `%s': %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "gravando a chave secreta en `%s'\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "erro de lectura de ficheiro"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "liña longa de máis\n"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "argumento non válido"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "comandos conflictivos\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "opcións de importación non válidas\n"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "non procesado"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "opcións de importación non válidas\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "Comando incorrecto (tente \"help\")\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "non procesado"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "opcións de importación non válidas\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "atopou un erro ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "non se puido abrir un ficheiro: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "non se puido poñe-la armadura: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "non se pode crea-lo directorio `%s': %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "erro escribindo no chaveiro `%s': %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "gravando a chave secreta en `%s'\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "non se atopou a chave pública %08lX: %s\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "gravando a chave secreta en `%s'\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr "axusta-los valores de depuración"
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr "habilitar depuración total"
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "cambia-lo contrasinal"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "cambia-lo contrasinal"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Por favor, escolla o motivo da revocación:\n"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Por favor, escolla o motivo da revocación:\n"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, fuzzy, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: scd/app-openpgp.c:695
+#, fuzzy, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
+
+#: scd/app-openpgp.c:708
+#, fuzzy, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "fallo ao reconstruí-la caché de chaveiros: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, fuzzy, c-format
+msgid "reading public key failed: %s\n"
+msgstr "fallou o borrado do bloque de chaves: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr ""
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "cambia-lo contrasinal"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, fuzzy, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "o envío ao servidor de chaves fallou: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "cambia-lo contrasinal"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "cambia-lo contrasinal"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "Por favor, escolla o motivo da revocación:\n"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+#, fuzzy
+msgid "error reading application data\n"
+msgstr "erro ao le-lo bloque de chaves: %s\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+#, fuzzy
+msgid "error reading fingerprint DO\n"
+msgstr "%s: erro ao ler un rexistro libre: %s\n"
+
+#: scd/app-openpgp.c:2194
+#, fuzzy
+msgid "key already exists\n"
+msgstr "`%s' xa está comprimido\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2200
+#, fuzzy
+msgid "generating new key\n"
+msgstr "xerar un novo par de chaves"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "xerar un novo par de chaves"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2773
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2872
+#, fuzzy
+msgid "generating key failed\n"
+msgstr "fallou o borrado do bloque de chaves: %s\n"
+
+#: scd/app-openpgp.c:2875
+#, fuzzy, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "A xeración da chave fallou: %s\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "Sinatura %s, algoritmo de resumo %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, fuzzy, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "non se atoparon datos OpenPGP válidos.\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+#, fuzzy
+msgid "|N|Initial New PIN"
+msgstr "Introduza o ID de usuario: "
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+#, fuzzy
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NOME|empregar NOME como valor por defecto do destinatario"
+
+#: scd/scdaemon.c:130
+#, fuzzy
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NOME|empregar NOME como valor por defecto do destinatario"
+
+#: scd/scdaemon.c:133
+#, fuzzy
+msgid "do not use the internal CCID driver"
+msgstr "non usa-la terminal en absoluto"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "comandos conflictivos\n"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "carácter radix64 non válido %02x omitido\n"
+
+#: sm/call-agent.c:137
+#, fuzzy, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "erro ao pór '%s' na base de datos de confianza: %s\n"
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+#, fuzzy
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "variable de ambiente GPG_AGENT_INFO mal formada\n"
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "a versión %d do protocolo de gpg-agent non está soportada\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "axuda"
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "a versión %d do protocolo de gpg-agent non está soportada\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "non se puido abrir `%s': %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "gravando a chave secreta en `%s'\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "fallou o borrado do bloque de chaves: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "NOTA: a chave está revocada"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "fallou a comprobación da sinatura creada: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, fuzzy, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "problema de lectura do certificado: %s\n"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+#, fuzzy
+msgid "certificate not yet valid"
+msgstr "Revocación de certificado válida"
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "Revocación de certificado válida"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+#, fuzzy
+msgid "intermediate certificate not yet valid"
+msgstr "Revocación de certificado válida"
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "problema de lectura do certificado: %s\n"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "problema de lectura do certificado: %s\n"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "problema de lectura do certificado: %s\n"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "problema de lectura do certificado: %s\n"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " novas sinaturas: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "Creouse o certificado de revocación.\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "Revocación de certificado válida"
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr ""
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "Pegada dactilar:"
+
+#: sm/certchain.c:1153
+#, fuzzy
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+"Non se atoparon certificados con confianza non definida.\n"
+"\n"
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "Certificado correcto"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+#, fuzzy
+msgid "root certificate is not marked trusted"
+msgstr ""
+"Non se atoparon certificados con confianza non definida.\n"
+"\n"
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "fallou a comprobación da sinatura creada: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+#, fuzzy
+msgid "certificate chain too long\n"
+msgstr "Revocación de certificado válida"
+
+#: sm/certchain.c:1489
+#, fuzzy
+msgid "issuer certificate not found"
+msgstr "Revocación de certificado válida"
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "verificar unha sinatura"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "Revocación de certificado válida"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "certificado duplicado - borrado"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr ""
+"Non se atoparon certificados con confianza non definida.\n"
+"\n"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "non|nom"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "erro: pegada dactilar non válida\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "erro: pegada dactilar non válida\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Precisa un contrasinal para desbloquea-la chave secreta do usuario:\n"
+"\"%.*s\"\n"
+"Chave de %u bits, %s, ID %08lX, creada o %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "erro escribindo no chaveiro secreto `%s': %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "algoritmo de hash non válido `%s'\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Non é un enderezo de e-mail válido\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "erro ao crea-lo chaveiro `%s': %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "erro ao crea-lo chaveiro `%s': %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "A xeración da chave fallou: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (só asinar)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) RSA (só cifrar)\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Notación de sinaturas: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "Non hai ID de usuario con índice %d\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: erro ao ler un rexistro libre: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "deshabilitar unha chave"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) RSA (asinar e cifrar)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (só asinar)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (só cifrar)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+#, fuzzy
+msgid "No subject name given\n"
+msgstr "(Non se deu unha descrición)\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "algoritmo de hash non válido `%s'\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "Enderezo de E-mail: "
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"Introduza o ID de usuario. Remate cunha liña en branco: "
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "Introduza o novo nome de ficheiro"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr "Introduza unha descrición opcional; remátea cunha liña en branco:\n"
+
+#: sm/certreqgen-ui.c:344
+#, fuzzy
+msgid "Enter URIs"
+msgstr "Introduza o ID de usuario: "
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "non se atopou a chave `%s': %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "erro ao le-lo bloque de chaves: %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "certificado duplicado - borrado"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "certificado duplicado - borrado"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "fallou o borrado do bloque de chaves: %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "(Non se deu unha descrición)\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "ve-la lista de chaves secretas"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "Revocación de certificado válida"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "Certificado correcto"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "Certificado correcto"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "crear saída con armadura en ascii"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "non usa-la terminal en absoluto"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "modo por lotes: non preguntar nunca"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "asumir `si' na maioría das preguntas"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "asumir `non' na maioría das preguntas"
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "engadir este chaveiro á lista de chaveiros"
+
+#: sm/gpgsm.c:301
+#, fuzzy
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|NOME|empregar NOME coma chave secreta por defecto"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|HOST|empregar este servidor de chaves para buscar chaves"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NOME|emprega-lo algoritmo de cifrado NOME"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NOME|emprega-lo algoritmo de resumos de mensaxes NOME"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintaxe: gpg [opcións] [ficheiros]\n"
+"asinar, verificar, cifrar ou descifrar\n"
+"a operación por defecto depende dos datos de entrada\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "uso: gpg [opcións] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "non se puido conectar a `%s': %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "destinatario por defecto `%s' descoñecido\n"
+
+#: sm/gpgsm.c:801
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Non se deu unha descrición)\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " o = omitir esta chave\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "non se puido analisa-lo URI do servidor de chaves\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, fuzzy, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "escribindo a `%s'\n"
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "non se pode pechar `%s': %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr "Número total procesado: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "Certificado correcto"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "erro ao crea-lo chaveiro `%s': %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "chaveiro `%s' creado\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "non se puido inicializa-la base de datos de confianzas: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: sm/keydb.c:1408
+#, fuzzy, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "rev? problema ao comproba-la revocación: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "erro: pegada dactilar non válida\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "o algoritmo de protección %d%s non está soportado\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "fallou a comprobación da sinatura creada: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "A sinatura caducou o %s\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "Sinatura correcta de \""
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " alias \""
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr ""
+"\n"
+"Esta ha ser unha auto-sinatura.\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "abandonar"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "fallou o borrado do bloque de chaves: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "liña longa de máis\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "destinatario por defecto `%s' descoñecido\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "fallou a sinatura: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "erro ao enviar a `%s': %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "erro ao enviar a `%s': %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+#, fuzzy
+msgid "Options useful for debugging"
+msgstr "habilitar depuración total"
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|emprega-lo modo de contrasinal N"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NOME|empregar NOME coma chave secreta por defecto"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NOME|cifrar para NOME"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "non se puido analisa-lo URI do servidor de chaves\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+#, fuzzy
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NOME|emprega-lo algoritmo de cifrado NOME para os contrasinais"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr " creouse un novo ficheiro de configuración `%s'\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr " creouse un novo ficheiro de configuración `%s'\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "usar coma ficheiro de saída"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "uso: gpg [opcións] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "non se atopou a chave pública"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "gravando a chave secreta en `%s'\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Comandos:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "descifrado correcto\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "descifrado correcto\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [ficheiro]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "¡%s non se admite con %s!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr ""
+"a actualización da base de datos de confianza fallou:\n"
+"%s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "non se pode crea-lo directorio `%s': %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, fuzzy, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "non se puido abrir %s: %s\n"
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "erro escribindo no chaveiro `%s': %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "erro lendo `%s': %s\n"
+
+#: tools/symcryptrun.c:488
+#, fuzzy
+msgid "no --program option provided\n"
+msgstr "non se soporta a execución remota de programas\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "non foi posible crear %s: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "non foi posible crear %s: %s\n"
+
+#: tools/symcryptrun.c:552
+#, fuzzy, c-format
+msgid "could not fork: %s\n"
+msgstr "%s: non se atopou o usuario: %s\n"
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "a actualización fallou: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "fallou o borrado do bloque de chaves: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "a actualización fallou: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "a actualización fallou: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "a actualización fallou: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "non se pode crear `%s': %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "non se pode crear `%s': %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "o algoritmo de protección %d%s non está soportado\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Uso: gpg [opcións] [ficheiros] (-h para ve-la axuda)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Comando> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr ""
+#~ "a base de datos de confianza está corrompida; execute \"gpg --fix-trustdb"
+#~ "\".\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr ""
+#~ "Por favor, informe dos erros no programa a <gnupg-bugs@gnu.org>,\n"
+#~ "e dos erros na traducción a <proxecto@trasno.net>.\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr ""
+#~ "Por favor, informe dos erros no programa a <gnupg-bugs@gnu.org>,\n"
+#~ "e dos erros na traducción a <proxecto@trasno.net>.\n"
+
+#, fuzzy
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "O par de chaves DSA ha ter 1024 bits.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Repita o contrasinal\n"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "lendo as opcións de `%s'\n"
+
+#~ msgid "|[file]|make a signature"
+#~ msgstr "|[ficheiro]|facer unha sinatura"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[ficheiro]|facer unha sinatura"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[ficheiro]|facer unha sinatura en texto claro"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|NOME|empregar NOME como valor por defecto do destinatario"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "usa-la chave por defecto coma o destinatario por defecto"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "forzar sinaturas v3"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "sempre usar un MDC para cifrar"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "engadir este chaveiro secreto á lista"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|NAME|axusta-lo xogo de caracteres do terminal a NOME"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|FICHEIRO|carga-lo módulo de extensión FICHEIRO"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|emprega-lo algoritmo de compresión N"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "borrar chaves do chaveiro público"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "A asignación dun valor aquí é cousa súa; este valor nunca se ha exportar\n"
+#~ "a ningún terceiro. Precísase para implementa-la rede de confianza; non "
+#~ "ten\n"
+#~ "nada que ver coa rede de certificados."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Para construí-la Rede-de-Confianza, GnuPG precisa saber que chaves teñen\n"
+#~ "confianza absoluta - esas adoitan se-las chaves das que ten acceso á "
+#~ "chave\n"
+#~ "secreta. Responda \"si\" para lle dar confianza total a esta chave\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Se desexa empregar esta clave na que non se confía, conteste \"si\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr ""
+#~ "Introduza o ID de usuario da persoa á que lle quere manda-la mensaxe."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "En xeral non é unha boa idea emprega-la mesma chave para asinar e "
+#~ "cifrar.\n"
+#~ "Este algoritmo debería empregarse só en determinados dominios.\n"
+#~ "Consulte antes co seu experto en seguridade."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Introduza o tamaño da chave"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Conteste \"si\" ou \"non\""
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Introduza o valor requerido tal como se amosa no indicativo.\n"
+#~ "É posible introducir unha data ISO (AAA-MM-DD) pero non ha obter unha\n"
+#~ "boa resposta de erro - no canto diso, o sistema ha tratar de interpreta-"
+#~ "lo\n"
+#~ "valor proporcionado coma se fora un intervalo."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Introduza o nome do propietario da chave"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr ""
+#~ "por favor, introduza un enderezo de e-mail (opcional pero recomendado)"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Por favor, introduza un comentario (opcional)"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N para cambia-lo nome.\n"
+#~ "C para cambia-lo comentario.\n"
+#~ "E para cambia-lo enderezo de e-mail.\n"
+#~ "O para continuar coa xeración da chave.\n"
+#~ "S para saír da xeración da chave."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr "Conteste \"si\" (ou só \"s\") se é correcto xerar esta subchave."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Cando asina un ID de usuario dunha chave, debería comprobar antes\n"
+#~ "que a chave pertence á persoa que aparece no identificador. É útil para "
+#~ "os\n"
+#~ "demais saber con canto tino comprobou isto.\n"
+#~ "\n"
+#~ "\"0\" significa que non di nada do coidado co que comprobou a chave.\n"
+#~ "\n"
+#~ "\"1\" significa que cre que a chave pertence á persoa que o afirma, pero "
+#~ "non\n"
+#~ " puido ou non quixo verifica-la chave. É útil para verificacións de\n"
+#~ " \"personaxes\", nas que asina a chave dun usuario pseudónimo.\n"
+#~ "\n"
+#~ "\"2\" significa que fixo unha comprobación informal da chave. Por "
+#~ "exemplo,\n"
+#~ " pode significar que comprobou a pegada dixital da chave e comprobou\n"
+#~ " a identidade do usuario na chave contra unha identificación "
+#~ "fotográfica.\n"
+#~ "\n"
+#~ "\"3\" significa que fixo unha comprobación extensiva da chave. Por "
+#~ "exemplo,\n"
+#~ " pode significar que comprobou a pegada dixital da chave co "
+#~ "propietario\n"
+#~ " da chave en persoa, e que comprobou, cun documento difícil de "
+#~ "falsificar\n"
+#~ " cunha identificación fotográfica (coma o carnet de identidade ou\n"
+#~ " pasaporte) que o nome do propietario da chave coincide co do "
+#~ "identificador\n"
+#~ " de usuario da chave, e que comprobou (por intercambio de correo\n"
+#~ " electrónico) que o enderezo de e-mail da chave pertence ao "
+#~ "propietario\n"
+#~ " da chave.\n"
+#~ "\n"
+#~ "Teña en conta que os exemplos de enriba para os niveis 2 e 3 son *só*\n"
+#~ "exemplos. Á final, depende de vostede decidir que significan \"informal\" "
+#~ "e\n"
+#~ "\"extensivo\" ao asinar outras chaves.\n"
+#~ "\n"
+#~ "Se non sabe cal é a resposta correcta, resposte \"0\"."
+
+#, fuzzy
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "Conteste \"si\" se quere asinar TÓDOLOS IDs de usuario"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Conteste \"si\" se realmente desexa borrar este ID de usuario.\n"
+#~ "¡Tamén se han perder tódolos certificados!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Conteste \"si\" se é correcto borrar esta subchave"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Esta é unha sinatura válida na chave; normalmente non ha borrar esta\n"
+#~ "sinatura porque pode ser importante para estabrecer unha conexión de\n"
+#~ "confianza na chave ou noutra chave certificada por esta chave."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Non se pode verificar esta sinatura porque non posúe a chave\n"
+#~ "correspondente. Debería retrasa-lo borrado ata que saiba que chave\n"
+#~ "se empregou porque esta chave de sinatura podería estabrecer unha\n"
+#~ "conexión de confianza mediante outra chave xa certificada."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr "A sinatura non é correcta. Ten sentido borrala do chaveiro."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Esta é unha sinatura que liga o ID de usuario á chave. Normalmente\n"
+#~ "non é unha boa idea borrar unha sinatura como esta. De feito,\n"
+#~ "GnuPG pode non ser capaz de usar máis esta chave. Así que faga isto\n"
+#~ "só se esta auto-sinatura non é correcta por algun motivo e hai\n"
+#~ "unha segunda á súa disposición."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Cambia-las preferencias de tódolos IDs de usuario (ou só dos "
+#~ "seleccionados)\n"
+#~ "á lista actual de preferencias. A marca de tempo de tódalas auto-"
+#~ "sinaturas\n"
+#~ "afectadas ha avanzar un segundo.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "Por favor, introduza o contrasinal; esta é unha frase secreta \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr ""
+#~ "Por favor, repita o último contrasinal, para estar seguro do que tecleou."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Introduza o nome do ficheiro ao que corresponde a sinatura"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Conteste \"si\" se é correcto sobrescribi-lo ficheiro"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Por favor, introduza un novo nome de ficheiro. Se só preme ENTER, hase\n"
+#~ "emprega-lo ficheiro por defecto (que se amosa entre corchetes)."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Debería especificar un motivo para o certificado. Dependendo do contexto\n"
+#~ "pode escoller desta lista:\n"
+#~ " \"Descobreuse a chave\"\n"
+#~ " Emprégueo se ten motivos para crer que algunha persoa non "
+#~ "autorizada\n"
+#~ " obtivo acceso á súa chave secreta.\n"
+#~ " \"A chave é obsoleta\"\n"
+#~ " Emprégueo se cambiou esta chave cunha máis recente.\n"
+#~ " \"Xa non se emprega a chave\"\n"
+#~ " Emprégueo se retirou esta chave.\n"
+#~ " \"O ID de usuario xa non é válido\"\n"
+#~ " Emprégueo para indicar que o ID de usuario xa non se debería "
+#~ "empregar;\n"
+#~ " adoita empregarse para marcar un enderezo de correo non válido.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Se quere, pode introducir un texto que describa por que emite este\n"
+#~ "certificado de revocación. Por favor, manteña este texto breve.\n"
+#~ "Unha liña en branco remata o texto.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "non se pode poñer datos de notación nas sinaturas v3 (estilo PGP 2.x)\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr ""
+#~ "non se pode poñer datos de notación nas sinaturas de chave v3 (estilo PGP "
+#~ "2.x)\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "non se pode poñer un URL de política nas sinaturas v3 (estilo PGP 2.x)\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "non se pode poñer un URL de política nas sinaturas de chave v3 (estilo "
+#~ "PGP 2.x)\n"
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "axuda"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr "mire en http://www.gnupg.org/faq.html para obter máis información\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "gpg-agent non está dispoñible nesta sesión\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Por favor, seleccione o tipo de chave que quere:\n"
+
+#, fuzzy
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr ""
+#~ "non se cargou a extensión de cifrado \"%s\" debido a permisos inseguros\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA require o emprego dun algoritmo hash de 160 bits\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "problema co axente - desactivando o emprego do axente\n"
+
+#, fuzzy
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "non se pode consulta-lo contrasinal en modo de proceso por lotes\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Introduza o contrasinal: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Repita o contrasinal: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [id-de-usuario] [chaveiro]"
+
+#, fuzzy
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "non se pode xerar un número primo de menos de %d bits\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "non se pode xerar un número primo de menos de %d bits\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "non se detectou un módulo de acumulación de entropía\n"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "non se puido abrir `%s'\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "non se puido facer stat sobre `%s': %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "`%s' non é un ficheiro normal - ignórase\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "nota: o ficheiro random_seed está baleiro\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr "AVISO: tamaño do ficheiro random_seed non válido - non se emprega\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "non se pode ler de `%s': %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "nota: o ficheiro random_seed non se actualiza\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "non se pode escribir en `%s': %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "non se pode pechar `%s': %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "AVISO: ¡¡emprégase un xerador de números aleatorios inseguro!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "O xerador de números aleatorios só é un truco para poder\n"
+#~ "executalo - ¡non é de ningún xeito un xerador de números\n"
+#~ "aleatorios seguro!\n"
+#~ "\n"
+#~ "¡NON USE NINGUN DATO XERADO POR ESTE PROGRAMA!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Agarde, por favor; estase a colleitar entropía. Traballe un\n"
+#~ "pouco se iso evita que se aburra, que iso ha aumenta-la\n"
+#~ "calidade da entropía.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Non hai suficientes bytes aleatorios dispoñibles. Por favor, faga outro\n"
+#~ "traballo para lle dar ao sistema operativo unha oportunidade de acumular\n"
+#~ "máis entropía (Precísanse %d bytes máis)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "a chave secreta non está dispoñible"
+
+#, fuzzy
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "gpg-agent non está dispoñible nesta sesión\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "Asinou estes IDs de usuario: \n"
+
+#~ msgid "general error"
+#~ msgstr "erro xeral"
+
+#~ msgid "unknown packet type"
+#~ msgstr "tipo de paquete descoñecido"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "algoritmo de chave pública descoñecido"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "algoritmo de resumo descoñecido"
+
+#~ msgid "bad public key"
+#~ msgstr "chave pública errónea"
+
+#~ msgid "bad secret key"
+#~ msgstr "chave secreta errónea"
+
+#~ msgid "bad signature"
+#~ msgstr "sinatura errónea"
+
+#~ msgid "checksum error"
+#~ msgstr "error de checksum"
+
+#~ msgid "unknown cipher algorithm"
+#~ msgstr "algoritmo de cifrado descoñecido"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "non foi posible abri-lo chaveiro"
+
+#~ msgid "invalid packet"
+#~ msgstr "paquete non válido"
+
+#~ msgid "invalid armor"
+#~ msgstr "armadura non válida"
+
+#~ msgid "no such user id"
+#~ msgstr "non hai tal id de usuario"
+
+#~ msgid "secret key not available"
+#~ msgstr "a chave secreta non está dispoñible"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "empregouse unha chave secreta errónea"
+
+#~ msgid "not supported"
+#~ msgstr "non está soportado"
+
+#~ msgid "bad key"
+#~ msgstr "chave incorrecta"
+
+#~ msgid "file write error"
+#~ msgstr "erro de escritura de ficheiro"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "algoritmo de compresión descoñecido"
+
+#~ msgid "file open error"
+#~ msgstr "erro de apertura de ficheiro"
+
+#~ msgid "file create error"
+#~ msgstr "erro de creación de ficheiro"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "contrasinal incorrecto"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "algoritmo de chave pública non implementado"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "algoritmo de cifrado non implementado"
+
+#~ msgid "unknown signature class"
+#~ msgstr "clase de sinatura descoñecida"
+
+#~ msgid "trust database error"
+#~ msgstr "erro da base de datos de confianza"
+
+#~ msgid "resource limit"
+#~ msgstr "límite de recursos"
+
+#~ msgid "invalid keyring"
+#~ msgstr "chaveiro incorrecto"
+
+#~ msgid "bad certificate"
+#~ msgstr "certificado erróneo"
+
+#~ msgid "malformed user id"
+#~ msgstr "id de usuario mal formado"
+
+#~ msgid "file close error"
+#~ msgstr "erro de peche de ficheiro"
+
+#~ msgid "file rename error"
+#~ msgstr "erro de cambio de nome de ficheiro"
+
+#~ msgid "file delete error"
+#~ msgstr "erro de borrado de ficheiro"
+
+#~ msgid "unexpected data"
+#~ msgstr "datos inesperados"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "conflicto de selo de data"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "algoritmo de chave pública imposible de usar"
+
+#~ msgid "file exists"
+#~ msgstr "o ficheiro xa existe"
+
+#~ msgid "weak key"
+#~ msgstr "chave feble"
+
+#~ msgid "bad URI"
+#~ msgstr "URI incorrecto"
+
+#~ msgid "unsupported URI"
+#~ msgstr "URI non soportado"
+
+#~ msgid "network error"
+#~ msgstr "erro de rede"
+
+#~ msgid "not processed"
+#~ msgstr "non procesado"
+
+#~ msgid "unusable public key"
+#~ msgstr "chave pública non utilizable"
+
+#~ msgid "unusable secret key"
+#~ msgstr "chave secreta non utilizable"
+
+#~ msgid "keyserver error"
+#~ msgstr "erro do servidor de chaves"
+
+#, fuzzy
+#~ msgid "no card"
+#~ msgstr "non cifrado"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "non hai datos asinados\n"
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... isto é un erro (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "AVISO: ¡úsase memoria insegura!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "a operación non é posible sen memoria inicializada como segura\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(pode que usara o programa equivocado para esta tarefa)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr ""
+#~ "mire en http://www.gnupg.org/why-not-idea.html para obter máis "
+#~ "información\n"
+
+#, fuzzy
+#~ msgid "all export-clean-* options from above"
+#~ msgstr "le-las opcións dun ficheiro"
+
+#, fuzzy
+#~ msgid "all import-clean-* options from above"
+#~ msgstr "le-las opcións dun ficheiro"
+
+#, fuzzy
+#~ msgid "expired: %s)"
+#~ msgstr " [caduca: %s]"
+
+#, fuzzy
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr "chave %08lX: clase de sinatura non esperada (0x%02X) - omitida\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "non se puido executar %s \"%s\": %s\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "Non hai un ID de usuario para a chave\n"
+
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr "contrasinal incorrecto ou algoritmo de cifrado descoñecido (%d)\n"
+
+#~ msgid "can't set client pid for the agent\n"
+#~ msgstr "non se pode estabrece-lo pid do cliente para o axente\n"
+
+#~ msgid "can't get server read FD for the agent\n"
+#~ msgstr "non se pode obte-lo FD de lectura do servidor para o axente\n"
+
+#~ msgid "can't get server write FD for the agent\n"
+#~ msgstr "non se pode obte-lo FD de escritura do servidor para o axente\n"
+
+#~ msgid "invalid response from agent\n"
+#~ msgstr "resposta do axente non válida\n"
+
+#~ msgid "select secondary key N"
+#~ msgstr "selecciona-la chave secundaria N"
+
+#~ msgid "list signatures"
+#~ msgstr "listar sinaturas"
+
+#~ msgid "sign the key"
+#~ msgstr "asina-la chave"
+
+#~ msgid "add a secondary key"
+#~ msgstr "engadir unha chave secundaria"
+
+#~ msgid "delete signatures"
+#~ msgstr "borrar sinaturas"
+
+#~ msgid "change the expire date"
+#~ msgstr "cambia-la fecha de expiración"
+
+#~ msgid "set preference list"
+#~ msgstr "estabrece-la lista de preferencias"
+
+#~ msgid "updated preferences"
+#~ msgstr "preferencias actualizadas"
+
+#~ msgid "No secondary key with index %d\n"
+#~ msgstr "Non hai chave secundaria con índice %d\n"
+
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--nrsign-key id-de-usuario"
+
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--nrlsign-key id-de-usuario"
+
+#~ msgid "sign the key non-revocably"
+#~ msgstr "asina-la chave de xeito non revocable"
+
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "asina-la chave localmente e de xeito non revocable"
+
+#~ msgid "q"
+#~ msgstr "s"
+
+#~ msgid "list"
+#~ msgstr "listar"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "debug"
+#~ msgstr "depurar"
+
+#, fuzzy
+#~ msgid "name"
+#~ msgstr "enable"
+
+#, fuzzy
+#~ msgid "login"
+#~ msgstr "lsign"
+
+#, fuzzy
+#~ msgid "cafpr"
+#~ msgstr "fpr"
+
+#, fuzzy
+#~ msgid "forcesig"
+#~ msgstr "revsig"
+
+#, fuzzy
+#~ msgid "generate"
+#~ msgstr "erro xeral"
+
+#~ msgid "passwd"
+#~ msgstr "passwd"
+
+#~ msgid "save"
+#~ msgstr "gardar"
+
+#~ msgid "fpr"
+#~ msgstr "fpr"
+
+#~ msgid "uid"
+#~ msgstr "uid"
+
+#~ msgid "key"
+#~ msgstr "chave"
+
+#~ msgid "check"
+#~ msgstr "verificar"
+
+#~ msgid "c"
+#~ msgstr "v"
+
+#~ msgid "sign"
+#~ msgstr "sign"
+
+#~ msgid "s"
+#~ msgstr "f"
+
+#, fuzzy
+#~ msgid "tsign"
+#~ msgstr "sign"
+
+#~ msgid "lsign"
+#~ msgstr "lsign"
+
+#~ msgid "nrsign"
+#~ msgstr "nrsign"
+
+#~ msgid "nrlsign"
+#~ msgstr "nrlsign"
+
+#~ msgid "adduid"
+#~ msgstr "adduid"
+
+#~ msgid "addphoto"
+#~ msgstr "addphoto"
+
+#~ msgid "deluid"
+#~ msgstr "deluid"
+
+#~ msgid "delphoto"
+#~ msgstr "delphoto"
+
+#, fuzzy
+#~ msgid "addcardkey"
+#~ msgstr "addkey"
+
+#~ msgid "delkey"
+#~ msgstr "delkey"
+
+#~ msgid "addrevoker"
+#~ msgstr "addrevoker"
+
+#~ msgid "delsig"
+#~ msgstr "delsig"
+
+#~ msgid "expire"
+#~ msgstr "expire"
+
+#~ msgid "primary"
+#~ msgstr "primary"
+
+#~ msgid "toggle"
+#~ msgstr "toggle"
+
+#~ msgid "t"
+#~ msgstr "c"
+
+#~ msgid "pref"
+#~ msgstr "pref"
+
+#~ msgid "showpref"
+#~ msgstr "showpref"
+
+#~ msgid "setpref"
+#~ msgstr "setpref"
+
+#~ msgid "updpref"
+#~ msgstr "updpref"
+
+#, fuzzy
+#~ msgid "keyserver"
+#~ msgstr "erro do servidor de chaves"
+
+#~ msgid "trust"
+#~ msgstr "trust"
+
+#~ msgid "revsig"
+#~ msgstr "revsig"
+
+#~ msgid "revuid"
+#~ msgstr "revuid"
+
+#~ msgid "revkey"
+#~ msgstr "revkey"
+
+#~ msgid "disable"
+#~ msgstr "disable"
+
+#~ msgid "enable"
+#~ msgstr "enable"
+
+#~ msgid "showphoto"
+#~ msgstr "showphoto"
+
+#~ msgid "digest algorithm `%s' is read-only in this release\n"
+#~ msgstr "o algoritmo de resumo `%s' é de só lectura nesta versión\n"
+
+#~ msgid ""
+#~ "About to generate a new %s keypair.\n"
+#~ " minimum keysize is 768 bits\n"
+#~ " default keysize is 1024 bits\n"
+#~ " highest suggested keysize is 2048 bits\n"
+#~ msgstr ""
+#~ "Hase crear unh novo par de chaves %s.\n"
+#~ " tamaño de chave mínimo: 768 bits\n"
+#~ " tamaño de chave por defecto: 1024 bits\n"
+#~ " tamaño de chave máximo recomendado: 2048 bits\n"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "DSA só admite tamaños entre 512 e 1024\n"
+
+#~ msgid "keysize too small; 1024 is smallest value allowed for RSA.\n"
+#~ msgstr "chave pequena de máis; 1024 é o menor valor admitido para RSA.\n"
+
+#~ msgid "keysize too small; 768 is smallest value allowed.\n"
+#~ msgstr "chave pequena de máis; 768 é o menor valor admitido\n"
+
+#~ msgid "keysize too large; %d is largest value allowed.\n"
+#~ msgstr "chave grande de máis; %d é o maior tamaño admitido.\n"
+
+#~ msgid ""
+#~ "Keysizes larger than 2048 are not suggested because\n"
+#~ "computations take REALLY long!\n"
+#~ msgstr ""
+#~ "¡As chaves maiores de 2048 bits non se aconsellan porque\n"
+#~ "os cálculos levan MOITO tempo!\n"
+
+#, fuzzy
+#~ msgid "Are you sure that you want this keysize? (y/N) "
+#~ msgstr "¿Está seguro de que quere este tamaño de chave? "
+
+#~ msgid ""
+#~ "Okay, but keep in mind that your monitor and keyboard radiation is also "
+#~ "very vulnerable to attacks!\n"
+#~ msgstr ""
+#~ "De acordo, ¡pero teña en conta que a radiación do monitor e o teclado "
+#~ "tamén son vulnerables a ataques!\n"
+
+#~ msgid "Experimental algorithms should not be used!\n"
+#~ msgstr "¡Os algoritmos experimentais non deberían ser usados!\n"
+
+#~ msgid ""
+#~ "this cipher algorithm is deprecated; please use a more standard one!\n"
+#~ msgstr ""
+#~ "este algoritmo de cifrado está obsoleto; por favor, empregue un máis "
+#~ "estándar!\n"
+
+#~ msgid "sorry, can't do this in batch mode\n"
+#~ msgstr "sentímolo, non se pode facer isto no modo por lotes\n"
+
+#, fuzzy
+#~ msgid "can't open file `%s': %s\n"
+#~ msgstr "non se puido abrir un ficheiro: %s\n"
+
+#, fuzzy
+#~ msgid " \""
+#~ msgstr " alias \""
+
+#~ msgid "key %08lX: key has been revoked!\n"
+#~ msgstr "chave %08lX: ¡esta chave está revocada!\n"
+
+#~ msgid "key %08lX: subkey has been revoked!\n"
+#~ msgstr "chave %08lX: ¡unha subchave está revocada!\n"
+
+#~ msgid "%08lX: key has expired\n"
+#~ msgstr "%08lX: a chave caducou\n"
+
+#~ msgid "%08lX: We do NOT trust this key\n"
+#~ msgstr "%08lX: Esta chave NON é de confianza\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (auth only)\n"
+#~ msgstr " (%d) RSA (só asinar)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign and auth)\n"
+#~ msgstr " (%d) RSA (asinar e cifrar)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (encrypt and auth)\n"
+#~ msgstr " (%d) RSA (só cifrar)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign, encrypt and auth)\n"
+#~ msgstr " (%d) RSA (asinar e cifrar)\n"
+
+#~ msgid "%s: can't open: %s\n"
+#~ msgstr "%s: non se pode abrir: %s\n"
+
+#~ msgid "%s: WARNING: empty file\n"
+#~ msgstr "%s: AVISO: ficheiro baleiro\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust marginally\n"
+#~ msgstr " %d = Confío marxinalmente\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust fully\n"
+#~ msgstr " %d = Confío totalmente\n"
+
+#, fuzzy
+#~ msgid "expires"
+#~ msgstr "expire"
+
+#, fuzzy
+#~ msgid ""
+#~ "\"\n"
+#~ "locally signed with your key %s at %s\n"
+#~ msgstr ""
+#~ "\"\n"
+#~ "asinado localmente coa súa chave %08lX no %s\n"
+
+#~ msgid "%s: can't access: %s\n"
+#~ msgstr "%s: non é posible acceder: %s\n"
+
+#~ msgid "%s: can't create lock\n"
+#~ msgstr "%s: non se pode crea-lo bloqueo\n"
+
+#~ msgid "%s: can't make lock\n"
+#~ msgstr "%s: non se pode bloquear\n"
+
+#~ msgid "%s: can't create: %s\n"
+#~ msgstr "%s: non se pode crear: %s\n"
+
+#~ msgid "If you want to use this revoked key anyway, answer \"yes\"."
+#~ msgstr "Se desexa empregar esta chave revocada, conteste \"si\"."
+
+#~ msgid "Unable to open photo \"%s\": %s\n"
+#~ msgstr "Non se puido abri-la foto \"%s\": %s\n"
+
+#~ msgid "error: missing colon\n"
+#~ msgstr "erro: falla un signo de dous puntos\n"
+
+#~ msgid "error: no ownertrust value\n"
+#~ msgstr "erro: non hai un valor de confianza no propietario\n"
+
+#~ msgid " (main key ID %08lX)"
+#~ msgstr " (ID principal da chave %08lX)"
+
+#~ msgid "rev! subkey has been revoked: %s\n"
+#~ msgstr "rev! revocouse a subchave: %s\n"
+
+#~ msgid "rev- faked revocation found\n"
+#~ msgstr "rev- atopouse unha revocación falsa\n"
+
+#, fuzzy
+#~ msgid " [expired: %s]"
+#~ msgstr " [caduca: %s]"
+
+#~ msgid " [expires: %s]"
+#~ msgstr " [caduca: %s]"
+
+#, fuzzy
+#~ msgid " [revoked: %s]"
+#~ msgstr "[revocada] "
+
+#~ msgid ""
+#~ "WARNING: digest `%s' is not part of OpenPGP. Use at your own risk!\n"
+#~ msgstr ""
+#~ "AVISO: o resumo `%s' non forma parte de OpenPGP.\n"
+#~ " Emprégueo baixo a súa propia responsabilidade.\n"
+
+#~ msgid "|[files]|encrypt files"
+#~ msgstr "|[ficheiros]|cifrar ficheiros"
+
+#~ msgid "store only"
+#~ msgstr "só armacenar"
+
+#~ msgid "|[files]|decrypt files"
+#~ msgstr "|[ficheiros]|descifrar ficheiros"
+
+#~ msgid "sign a key non-revocably"
+#~ msgstr "asinar unha chave de xeito non revocable"
+
+#~ msgid "sign a key locally and non-revocably"
+#~ msgstr "asinar unha chave localmente e de xeito non revocable"
+
+#~ msgid "list only the sequence of packets"
+#~ msgstr "listar só a secuencia de paquetes"
+
+#~ msgid "export the ownertrust values"
+#~ msgstr "exporta-los valores de confianza no propietario"
+
+#~ msgid "unattended trust database update"
+#~ msgstr "actualización inatendida da base de datos de confianza"
+
+#~ msgid "fix a corrupted trust database"
+#~ msgstr "amañar unha base de datos de confianza corrompida"
+
+#~ msgid "De-Armor a file or stdin"
+#~ msgstr "Quita-la armadura a un ficheiro ou á entrada estándar"
+
+#~ msgid "En-Armor a file or stdin"
+#~ msgstr "Pór armadura a un ficheiro ou á entrada estándar"
+
+#~ msgid "do not force v3 signatures"
+#~ msgstr "non forzar sinaturas v3"
+
+#~ msgid "force v4 key signatures"
+#~ msgstr "forzar sinaturas de chave v4"
+
+#~ msgid "do not force v4 key signatures"
+#~ msgstr "non forzar sinaturas de chave v4"
+
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "nunca usar un MDC para cifrar"
+
+#~ msgid "use the gpg-agent"
+#~ msgstr "emprega-lo gpg-agent"
+
+#~ msgid "|[file]|write status info to file"
+#~ msgstr "|[ficheiro]|escribi-la información de estado no ficheiro"
+
+#~ msgid "|KEYID|ultimately trust this key"
+#~ msgstr "|IDCHAVE|confiar absolutamente nesta chave"
+
+#~ msgid "emulate the mode described in RFC1991"
+#~ msgstr "emula-lo modo descrito no RFC1991"
+
+#~ msgid "set all packet, cipher and digest options to OpenPGP behavior"
+#~ msgstr ""
+#~ "axustar tódalas opcións de paquetes, cifrado e resumo ao comportamento "
+#~ "OpenPGP"
+
+#~ msgid "set all packet, cipher and digest options to PGP 2.x behavior"
+#~ msgstr ""
+#~ "axustar tódalas opcións de paquetes, cifrado e resumo ao comportamento "
+#~ "PGP 2.x"
+
+#~ msgid "|NAME|use message digest algorithm NAME for passphrases"
+#~ msgstr "|NOME|emprega-lo algoritmo para resumos NOME para os contrasinais"
+
+#~ msgid "throw keyid field of encrypted packets"
+#~ msgstr "descarta-lo campo de id de chave dos paquetes cifrados"
+
+#~ msgid "Show Photo IDs"
+#~ msgstr "Amosar Identificacións Fotográficas"
+
+#~ msgid "Don't show Photo IDs"
+#~ msgstr "Non amosar Identificacións Fotográficas"
+
+#~ msgid "Set command line to view Photo IDs"
+#~ msgstr ""
+#~ "Estabrece-la liña de comando para ve-las Identificacións Fotográficas"
+
+#~ msgid "compress algorithm `%s' is read-only in this release\n"
+#~ msgstr "o algoritmo de compresión `%s' é de só lectura nesta versión\n"
+
+#~ msgid "compress algorithm must be in range %d..%d\n"
+#~ msgstr "o algoritmo de compresión debe estar entre %d e %d\n"
+
+#~ msgid ""
+#~ "%08lX: It is not sure that this key really belongs to the owner\n"
+#~ "but it is accepted anyway\n"
+#~ msgstr ""
+#~ "%08lX: Non é seguro que esta chave pertenza de verdade ao seu "
+#~ "propietario\n"
+#~ "pero acéptase de tódolos xeitos\n"
+
+#~ msgid "preference %c%lu is not valid\n"
+#~ msgstr "a preferencia %c%lu non é válida\n"
+
+#~ msgid "key %08lX: not a rfc2440 key - skipped\n"
+#~ msgstr "chave %08lX: non é unha chave rfc2440 - omitida\n"
+
+#~ msgid ""
+#~ "NOTE: Elgamal primary key detected - this may take some time to import\n"
+#~ msgstr ""
+#~ "NOTA: Detectouse unha clave primaria Elgamal - ha tomar algún tempo "
+#~ "importala\n"
+
+#~ msgid " (default)"
+#~ msgstr " (por defecto)"
+
+#~ msgid "%s%c %4u%c/%08lX created: %s expires: %s"
+#~ msgstr "%s%c %4u%c/%08lX creada: %s caduca: %s"
+
+#~ msgid "Policy: "
+#~ msgstr "Normativa: "
+
+#~ msgid "can't get key from keyserver: %s\n"
+#~ msgstr "non se pode obte-la chave do servidor de chaves: %s\n"
+
+#~ msgid "success sending to `%s' (status=%u)\n"
+#~ msgstr "éxito ao enviar a `%s' (estado=%u)\n"
+
+#~ msgid "failed sending to `%s': status=%u\n"
+#~ msgstr "fallo ao enviar a `%s': estado=%u\n"
+
+#~ msgid "this keyserver does not support --search-keys\n"
+#~ msgstr "este servidor de chaves non soporta --search-keys\n"
+
+#~ msgid "can't search keyserver: %s\n"
+#~ msgstr "non se pode buscar no servidor de chaves: %s\n"
+
+#~ msgid ""
+#~ "key %08lX: this is a PGP generated ElGamal key which is NOT secure for "
+#~ "signatures!\n"
+#~ msgstr ""
+#~ "chave %08lX: ¡esta é unha chave ElGamal xerada por PGP que NON é xegura "
+#~ "para sinaturas!\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu second in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "creouse a chave %08lX %lu segundo no futuro (salto no tempo ou problemas "
+#~ "co reloxo)\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu seconds in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "creouse a chave %08lX %lu segundos no futuro (salto no tempo ou problemas "
+#~ "co reloxo)\n"
+
+#~ msgid "key %08lX marked as ultimately trusted\n"
+#~ msgstr "chave %08lX marcada coma de confianza absoluta\n"
+
+#~ msgid "signature from Elgamal signing key %08lX to %08lX skipped\n"
+#~ msgstr ""
+#~ "omitiuse dende a sinatura da chave de sinatura Elgamal %08lX ata %08lX\n"
+
+#~ msgid "signature from %08lX to Elgamal signing key %08lX skipped\n"
+#~ msgstr ""
+#~ "omitiuse dende %08lX ata a sinatura da chave de sinatura Elgamal %08lX\n"
+
+#~ msgid "checking at depth %d signed=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+#~ msgstr ""
+#~ "comprobando con profundidade %d asinadas=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%"
+#~ "d/%d\n"
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the digital signature algorithm which can only be used\n"
+#~ "for signatures. This is the suggested algorithm because verification of\n"
+#~ "DSA signatures are much faster than those of ElGamal.\n"
+#~ "\n"
+#~ "ElGamal is an algorithm which can be used for signatures and encryption.\n"
+#~ "OpenPGP distinguishs between two flavors of this algorithms: an encrypt "
+#~ "only\n"
+#~ "and a sign+encrypt; actually it is the same, but some parameters must be\n"
+#~ "selected in a special way to create a safe key for signatures: this "
+#~ "program\n"
+#~ "does this but other OpenPGP implementations are not required to "
+#~ "understand\n"
+#~ "the signature+encryption flavor.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of "
+#~ "signing;\n"
+#~ "this is the reason why the encryption only ElGamal key is not available "
+#~ "in\n"
+#~ "this menu."
+#~ msgstr ""
+#~ "Seleccione o algoritmo a usar.\n"
+#~ "\n"
+#~ "DSA (tamén chamado DSS) é un algoritmo de sinatura dixital, que só se "
+#~ "pode\n"
+#~ "empregar para asinar. É o algoritmo aconsellado porque é moito máis "
+#~ "rápido\n"
+#~ "verificar unha sinatura DSA que unha sinatura ElGamal.\n"
+#~ "\n"
+#~ "ElGamal é un algoritmo que se pode empregar para asinar e cifrar. "
+#~ "OpenPGP\n"
+#~ "distingue entre dúas variantes do algoritmo: un que só cifra e outro que\n"
+#~ "asina e cifra; realmente é o mesmo, pero hai que escoller algúns "
+#~ "parámetros\n"
+#~ "dun xeito especial para crear unha clave que sexa segura para asinar: "
+#~ "este\n"
+#~ "programa faino, pero outras implementacións de OpenPGP non teñen por que\n"
+#~ "entende-la variante de asinado+cifrado.\n"
+#~ "\n"
+#~ "A primeira clave (a primaria) debe ser sempre unha clave capaz de "
+#~ "asinar;\n"
+#~ "este é o motivo polo que a clave ElGamal que só cifra non está "
+#~ "dispoñible\n"
+#~ "neste menú."
+
+#~ msgid ""
+#~ "Although these keys are defined in RFC2440 they are not suggested\n"
+#~ "because they are not supported by all programs and signatures created\n"
+#~ "with them are quite large and very slow to verify."
+#~ msgstr ""
+#~ "Aínda que estas chaves están definidas no RFC2440, non se aconsellan\n"
+#~ "porque non están soportadas por tódolos programas, e as sinaturas\n"
+#~ "creadas con elas son moi grandes e lentas de comprobar."
+
+#~ msgid "%lu keys so far checked (%lu signatures)\n"
+#~ msgstr "%lu chaves comprobadas ata o momento (%lu sinaturas)\n"
+
+#~ msgid "key incomplete\n"
+#~ msgstr "chave incompleta\n"
+
+#~ msgid "key %08lX incomplete\n"
+#~ msgstr "chave %08lX incompleta\n"
+
+#, fuzzy
+#~ msgid "quit|quit"
+#~ msgstr "quit|saír"
+
+#~ msgid " (%d) ElGamal (sign and encrypt)\n"
+#~ msgstr " (%d) ElGamal (asinar e cifrar)\n"
+
+#~ msgid ""
+#~ "The use of this algorithm is only supported by GnuPG. You will not be\n"
+#~ "able to use this key to communicate with PGP users. This algorithm is "
+#~ "also\n"
+#~ "very slow, and may not be as secure as the other choices.\n"
+#~ msgstr ""
+#~ "O emprego deste algoritmo só está soportado en GnuPG. Non ha poder "
+#~ "empregar\n"
+#~ "esta clave para se comunicar con usuarios de PGP. Este algoritmo tamén é\n"
+#~ "moi lento, e pode non ser tan seguro coma as outras opcións.\n"
+
+#~ msgid "Create anyway? "
+#~ msgstr "¿Crear de tódolos xeitos? "
+
+#~ msgid "invalid symkey algorithm detected (%d)\n"
+#~ msgstr "detectouse un algoritmo de chave simétrica non válido (%d)\n"
+
+#~ msgid "this keyserver is not fully HKP compatible\n"
+#~ msgstr "este servidor de chaves non é totalmente compatible con HKP\n"
+
+#~ msgid "The use of this algorithm is deprecated - create anyway? "
+#~ msgstr "Este algoritmo está obsoleto - ¿crear de tódolos xeitos? "
+
+#~ msgid ""
+#~ "you have to start GnuPG again, so it can read the new configuration file\n"
+#~ msgstr ""
+#~ "ten que iniciar GnuPG outra vez para que lea o novo ficheiro de "
+#~ "configuración\n"
+
+#~ msgid "changing permission of `%s' failed: %s\n"
+#~ msgstr "o cambio de permisos de `%s' fallou: %s\n"
+
+#~ msgid "|NAME=VALUE|use this notation data"
+#~ msgstr "|NOME=VALOR|usar estes datos de notación"
+
+#~ msgid ""
+#~ "the first character of a notation name must be a letter or an underscore\n"
+#~ msgstr ""
+#~ "o primeiro carácter dun nome de notación debe ser unha letra ou guión "
+#~ "baixo\n"
+
+#~ msgid "dots in a notation name must be surrounded by other characters\n"
+#~ msgstr ""
+#~ "os puntos dun nome de notación deben estar rodeados por outros "
+#~ "caracteres\n"
+
+#~ msgid ""
+#~ "WARNING: This key already has a photo ID.\n"
+#~ " Adding another photo ID may confuse some versions of PGP.\n"
+#~ msgstr ""
+#~ "AVISO: Esta chave xa ten unha identificación fotográfica.\n"
+#~ " Se engade outra pode confundir a algunhas versións de PGP.\n"
+
+#~ msgid "You may only have one photo ID on a key.\n"
+#~ msgstr "Só pode ter unha identificación fotográfica nunha chave.\n"
+
+#~ msgid " Fingerprint:"
+#~ msgstr " Pegada dactilar:"
+
+#~ msgid "too many random bits requested; the limit is %d\n"
+#~ msgstr "pedíronse demasiados bits aleatorios; o límite é %d\n"
+
+#~ msgid "|[NAMES]|check the trust database"
+#~ msgstr "|[NOMES]|verifica-la base de datos de confianza"
+
+#~ msgid "--delete-secret-key user-id"
+#~ msgstr "--delete-secret-key id-de-usuario"
+
+#~ msgid "--delete-key user-id"
+#~ msgstr "--delete-key id de usuario"
+
+#~ msgid "--delete-secret-and-public-key user-id"
+#~ msgstr "--delete-secret-key-and-public-key id-de-usuario"
+
+#~ msgid "For info see http://www.gnupg.org"
+#~ msgstr "Para obter máis información vexa http://www.gnupg.org"
+
+#~ msgid "sSmMqQ"
+#~ msgstr "iImMsS"
+
+#~ msgid ""
+#~ "Could not find a valid trust path to the key. Let's see whether we\n"
+#~ "can assign some missing owner trust values.\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Non se puido atopar unha ruta de confianza válida ata a chave. Hase ver "
+#~ "se\n"
+#~ "se pode asignar algún valor de confianza non asignado.\n"
+
+#~ msgid ""
+#~ "No path leading to one of our keys found.\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Non se atopou unha ruta que conduza a unha das nosas chaves.\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "No trust values changed.\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Non se cambiou ningún valor de confianza.\n"
+#~ "\n"
+
+#~ msgid "%08lX: no info to calculate a trust probability\n"
+#~ msgstr ""
+#~ "%08lX: non hai información para calcular unha probabilidade de confianza\n"
+
+#~ msgid "skipped: public key already set with --encrypt-to\n"
+#~ msgstr "omitida: a chave pública xa está estabrecida con --encrypt-to\n"
+
+#~ msgid "%s: error checking key: %s\n"
+#~ msgstr "%s: erro ao verifica-la chave: %s\n"
+
+#~ msgid "Do you really want to create a sign and encrypt key? "
+#~ msgstr "¿Seguro que quere crear unha chave para asinar e cifrar? "
+
+#~ msgid "Do you really need such a large keysize? "
+#~ msgstr "¿Está seguro de precisar un tamaño de chave tan grande? "
+
+#~ msgid "too many entries in unk cache - disabled\n"
+#~ msgstr "demasiadas entradas na caché de chaves descoñecidas - desactivada\n"
+
+#~ msgid "secret key %08lX not imported (use %s to allow for it)\n"
+#~ msgstr ""
+#~ "non se importou a chave secreta %08lX (empregue %s para permitilo)\n"
+
+#~ msgid "key %08lX: our copy has no self-signature\n"
+#~ msgstr "chave %08lX: a nosa copia non ten auto-sinatura\n"
+
+#~ msgid "assuming bad MDC due to an unknown critical bit\n"
+#~ msgstr "asumindo un MDC incorrecto debido a un bit crítico\n"
+
+#~ msgid "error reading dir record for LID %lu: %s\n"
+#~ msgstr "erro ao le-lo rexistro de directorio para o LID %lu: %s\n"
+
+#~ msgid "lid %lu: expected dir record, got type %d\n"
+#~ msgstr ""
+#~ "lid %lu: esperábase un rexistro de directorio, obtívose un tipo %d\n"
+
+#~ msgid "no primary key for LID %lu\n"
+#~ msgstr "non hai unha chave primaria para o LID %lu\n"
+
+#~ msgid "error reading primary key for LID %lu: %s\n"
+#~ msgstr "erro ao le-la chave primaria para o LID %lu: %s\n"
+
+#~ msgid "key %08lX: query record failed\n"
+#~ msgstr "chave %08lX: a consulta do rexistro fallou\n"
+
+#~ msgid "key %08lX: already in trusted key table\n"
+#~ msgstr "chave %08lX: xa está na tabla de chaves de confianza\n"
+
+#~ msgid "NOTE: secret key %08lX is NOT protected.\n"
+#~ msgstr "NOTA: a chave secreta %08lX NON está protexida.\n"
+
+#~ msgid "key %08lX: secret and public key don't match\n"
+#~ msgstr "chave %08lX: as chaves secreta e pública non coinciden\n"
+
+#~ msgid "key %08lX.%lu: Good subkey binding\n"
+#~ msgstr "chave %08lX.%lu: Ligadura de subchave correcta\n"
+
+#~ msgid "key %08lX.%lu: Invalid subkey binding: %s\n"
+#~ msgstr "chave %08lX.%lu: Ligadura de subchave non válida: %s\n"
+
+#~ msgid "key %08lX.%lu: Valid key revocation\n"
+#~ msgstr "chave %08lX.%lu: Revocación de chave válida\n"
+
+#~ msgid "key %08lX.%lu: Invalid key revocation: %s\n"
+#~ msgstr "chave %08lX.%lu: Revocación de chave non válida: %s\n"
+
+#~ msgid "Good self-signature"
+#~ msgstr "Auto-sinatura correcta"
+
+#~ msgid "Invalid self-signature"
+#~ msgstr "Auto-sinatura non válida"
+
+#~ msgid "Valid user ID revocation skipped due to a newer self signature"
+#~ msgstr ""
+#~ "Omítese unha revocación de ID de usuario válida debido a unha auto-"
+#~ "sinatura máis recente"
+
+#~ msgid "Valid user ID revocation"
+#~ msgstr "Revocación de ID de usuario válida"
+
+#~ msgid "Invalid user ID revocation"
+#~ msgstr "Revocación de ID de usuario non válida"
+
+#~ msgid "Invalid certificate revocation"
+#~ msgstr "Revocación de certificado non válida"
+
+#~ msgid "sig record %lu[%d] points to wrong record.\n"
+#~ msgstr "o rexistro de sinatura %lu[%d] apunta a un rexistro incorrecto.\n"
+
+#~ msgid "tdbio_search_dir failed: %s\n"
+#~ msgstr "tdbio_search_dir fallou: %s\n"
+
+#~ msgid "lid ?: insert failed: %s\n"
+#~ msgstr "lid ?: a inserción fallou: %s\n"
+
+#~ msgid "lid %lu: insert failed: %s\n"
+#~ msgstr "lid %lu: a inserción fallou: %s\n"
+
+#~ msgid "lid %lu: inserted\n"
+#~ msgstr "lid %lu: inserido\n"
+
+#~ msgid "\t%lu keys with errors\n"
+#~ msgstr "\t%lu chaves con erros\n"
+
+#~ msgid "\t%lu keys inserted\n"
+#~ msgstr "\t%lu chaves inseridas\n"
+
+#~ msgid "lid %lu: dir record w/o key - skipped\n"
+#~ msgstr "lid %lu: rexistro de directorio sen chave - ignorado\n"
+
+#~ msgid "\t%lu due to new pubkeys\n"
+#~ msgstr "\t%lu debidos a novas chaves públicas\n"
+
+#~ msgid "\t%lu keys updated\n"
+#~ msgstr "\t%lu chaves actualizadas\n"
+
+#~ msgid "Ooops, no keys\n"
+#~ msgstr "Ooops, non hai chaves\n"
+
+#~ msgid "Ooops, no user IDs\n"
+#~ msgstr "Ooops, non hai IDs de usuario\n"
+
+#~ msgid "check_trust: search dir record failed: %s\n"
+#~ msgstr ""
+#~ "check_trust:\n"
+#~ "a búsqueda de rexistro de directorio fallou: %s\n"
+
+#~ msgid "key %08lX: insert trust record failed: %s\n"
+#~ msgstr ""
+#~ "chave %08lX:\n"
+#~ "a inserción na base de datos de confianza fallou: %s\n"
+
+#~ msgid "key %08lX.%lu: inserted into trustdb\n"
+#~ msgstr "chave %08lX.%lu: inserida na base de datos de confianza\n"
+
+#~ msgid "key %08lX.%lu: created in future (time warp or clock problem)\n"
+#~ msgstr ""
+#~ "chave %08lX.%lu: creada no futuro (salto no tempo ou problema de reloxo)\n"
+
+#~ msgid "key %08lX.%lu: expired at %s\n"
+#~ msgstr "chave %08lX.%lu: caducou o %s\n"
+
+#~ msgid "key %08lX.%lu: trust check failed: %s\n"
+#~ msgstr "chave %08lX.%lu: a verificación de confianza fallou: %s\n"
+
+#~ msgid "problem finding '%s' in trustdb: %s\n"
+#~ msgstr "problema ao buscar '%s' na base de datos de confianza: %s\n"
+
+#~ msgid "user '%s' not in trustdb - inserting\n"
+#~ msgstr "o usuario '%s' non está na base de datos de confianza - inserindo\n"
+
+#~ msgid "WARNING: can't yet handle long pref records\n"
+#~ msgstr ""
+#~ "AVISO: aínda non se poden manexar rexistros de preferencias longos\n"
+
+#~ msgid "%s: can't create keyring: %s\n"
+#~ msgstr "%s: non se pode crea-lo chaveiro: %s\n"
+
+#~ msgid "do not write comment packets"
+#~ msgstr "non escribir paquetes de comentario"
+
+#~ msgid "(default is 3)"
+#~ msgstr "(por defecto é 3)"
+
+#~ msgid " (%d) ElGamal in a v3 packet\n"
+#~ msgstr " (%d) ElGamal nun paquete v3\n"
+
+#~ msgid "Key generation can only be used in interactive mode\n"
+#~ msgstr "A xeración de chaves somentes pode ser usada no modo interactivo\n"
+
+#~ msgid "RSA key cannot be used in this version\n"
+#~ msgstr "A chave RSA non pode user usada nesta version\n"
+
+#~ msgid "No key for user ID\n"
+#~ msgstr "Non hay unha chave para o ID de usuario\n"
+
+#~ msgid "no secret key for decryption available\n"
+#~ msgstr "non hai chave secreta disponible para desencriptar\n"
+
+#~ msgid ""
+#~ "RSA keys are deprecated; please consider creating a new key and use this "
+#~ "key in the future\n"
+#~ msgstr ""
+#~ "As chaves RSA están obsoletas; por favor, considere a opción de crear "
+#~ "unha\n"
+#~ "chave nova e usa-la no futuro.\n"
diff --git a/po/gnupg2.pot b/po/gnupg2.pot
new file mode 100644
index 0000000..ae577bd
--- /dev/null
+++ b/po/gnupg2.pot
@@ -0,0 +1,8085 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: GNU gnupg 2.0.19\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
+
+#: agent/call-pinentry.c:244
+#, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr ""
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr ""
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+msgid "PIN too long"
+msgstr ""
+
+#: agent/call-pinentry.c:800
+msgid "Passphrase too long"
+msgstr ""
+
+#: agent/call-pinentry.c:808
+msgid "Invalid characters in PIN"
+msgstr ""
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+msgid "Bad PIN"
+msgstr ""
+
+#: agent/call-pinentry.c:826
+msgid "Bad Passphrase"
+msgstr ""
+
+#: agent/call-pinentry.c:863
+msgid "Passphrase"
+msgstr ""
+
+#: agent/command-ssh.c:531
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr ""
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1737
+#, c-format
+msgid "no suitable card key found: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1787
+#, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1802
+#, c-format
+msgid "error writing key: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr ""
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+msgid "Please re-enter this passphrase"
+msgstr ""
+
+#: agent/command-ssh.c:2509
+#, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr ""
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr ""
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+msgid "Repeat this Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:289
+msgid "Repeat this PUK"
+msgstr ""
+
+#: agent/divert-scd.c:290
+msgid "Repeat this PIN"
+msgstr ""
+
+#: agent/divert-scd.c:295
+msgid "Reset Code not correctly repeated; try again"
+msgstr ""
+
+#: agent/divert-scd.c:297
+msgid "PUK not correctly repeated; try again"
+msgstr ""
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr ""
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr ""
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr ""
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr ""
+
+#: agent/genkey.c:153 agent/genkey.c:159
+msgid "Enter new passphrase"
+msgstr ""
+
+#: agent/genkey.c:167
+msgid "Take this one anyway"
+msgstr ""
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+
+#: agent/genkey.c:431
+msgid "Please enter the new passphrase"
+msgstr ""
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr ""
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr ""
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+msgid "|FILE|read options from FILE"
+msgstr ""
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+msgid "use a log file for the server"
+msgstr ""
+
+#: agent/gpg-agent.c:138
+msgid "use a standard location for the socket"
+msgstr ""
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+msgid "do not use the SCdaemon"
+msgstr ""
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+msgid "allow presetting passphrase"
+msgstr ""
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr ""
+
+#: agent/gpg-agent.c:342
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr ""
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr ""
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, c-format
+msgid "can't create socket: %s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+msgid "error getting nonce for the socket\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, c-format
+msgid "listen() failed: %s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, c-format
+msgid "listening on socket `%s'\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1640
+#, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1644
+#, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, c-format
+msgid "%s %s stopped\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr ""
+
+#: agent/preset-passphrase.c:98
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr ""
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+
+#: agent/protect-tool.c:166
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr ""
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr ""
+
+#: agent/protect-tool.c:1167
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr ""
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+msgid "Passphrase:"
+msgstr ""
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+msgid "cancelled\n"
+msgstr ""
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr ""
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, c-format
+msgid "error opening `%s': %s\n"
+msgstr ""
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr ""
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr ""
+
+#: agent/trustlist.c:229
+#, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr ""
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+msgid "Yes"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+msgid "Change passphrase"
+msgstr ""
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, c-format
+msgid "error creating a pipe: %s\n"
+msgstr ""
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr ""
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, c-format
+msgid "error forking process: %s\n"
+msgstr ""
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr ""
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr ""
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, c-format
+msgid "error running `%s': terminated\n"
+msgstr ""
+
+#: common/http.c:1674
+#, c-format
+msgid "error creating socket: %s\n"
+msgstr ""
+
+#: common/http.c:1718
+msgid "host not found"
+msgstr ""
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr ""
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr ""
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr ""
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr ""
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+msgid "canceled by user\n"
+msgstr ""
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr ""
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr ""
+
+#: common/sysutils.c:200
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr ""
+
+#: common/sysutils.c:232
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr ""
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr ""
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr ""
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr ""
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+msgid "|audit-log-result|No certificate"
+msgstr ""
+
+#: common/audit.c:483
+msgid "|audit-log-result|Not enabled"
+msgstr ""
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+msgid "|audit-log-result|Not used"
+msgstr ""
+
+#: common/audit.c:489
+msgid "|audit-log-result|Okay"
+msgstr ""
+
+#: common/audit.c:491
+msgid "|audit-log-result|Skipped"
+msgstr ""
+
+#: common/audit.c:493
+msgid "|audit-log-result|Some"
+msgstr ""
+
+#: common/audit.c:726
+msgid "Certificate chain available"
+msgstr ""
+
+#: common/audit.c:733
+msgid "root certificate missing"
+msgstr ""
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+msgid "Data available"
+msgstr ""
+
+#: common/audit.c:767
+msgid "Session key created"
+msgstr ""
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, c-format
+msgid "algorithm: %s"
+msgstr ""
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+
+#: common/audit.c:778 common/audit.c:925
+msgid "seems to be not encrypted"
+msgstr ""
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, c-format
+msgid "data hash algorithm: %s"
+msgstr ""
+
+#: common/audit.c:862
+#, c-format
+msgid "Signer %d"
+msgstr ""
+
+#: common/audit.c:866 common/audit.c:1065
+#, c-format
+msgid "attr hash algorithm: %s"
+msgstr ""
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+msgid "Encryption algorithm supported"
+msgstr ""
+
+#: common/audit.c:993
+msgid "Data verification succeeded"
+msgstr ""
+
+#: common/audit.c:1002
+msgid "Signature available"
+msgstr ""
+
+#: common/audit.c:1024
+msgid "Parsing data succeeded"
+msgstr ""
+
+#: common/audit.c:1036
+#, c-format
+msgid "bad data hash algorithm: %s"
+msgstr ""
+
+#: common/audit.c:1051
+#, c-format
+msgid "Signature %d"
+msgstr ""
+
+#: common/audit.c:1079
+msgid "Certificate chain valid"
+msgstr ""
+
+#: common/audit.c:1090
+msgid "Root certificate trustworthy"
+msgstr ""
+
+#: common/audit.c:1111 sm/certchain.c:935
+msgid "no CRL found for certificate"
+msgstr ""
+
+#: common/audit.c:1114 sm/certchain.c:945
+msgid "the available CRL is too old"
+msgstr ""
+
+#: common/audit.c:1119
+msgid "CRL/OCSP check of certificates"
+msgstr ""
+
+#: common/audit.c:1139
+msgid "Included certificates"
+msgstr ""
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+msgid "Unknown operation"
+msgstr ""
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, c-format
+msgid "No help available for `%s'."
+msgstr ""
+
+#: common/helpfile.c:80
+msgid "ignoring garbage line"
+msgstr ""
+
+#: common/gettime.c:503
+msgid "[none]"
+msgstr ""
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr ""
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr ""
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr ""
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr ""
+
+#: g10/armor.c:455
+msgid "unknown armor header: "
+msgstr ""
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr ""
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr ""
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr ""
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr ""
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr ""
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr ""
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr ""
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr ""
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr ""
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr ""
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr ""
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr ""
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr ""
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr ""
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr ""
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr ""
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr ""
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr ""
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr ""
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr ""
+
+#: g10/card-util.c:106
+msgid "This command is only available for version 2 cards\n"
+msgstr ""
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+msgid "Reset Code not or not anymore available\n"
+msgstr ""
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr ""
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr ""
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr ""
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr ""
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr ""
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr ""
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr ""
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr ""
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr ""
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr ""
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr ""
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr ""
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr ""
+
+#: g10/card-util.c:839
+#, c-format
+msgid "error writing `%s': %s\n"
+msgstr ""
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr ""
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr ""
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr ""
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr ""
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr ""
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr ""
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr ""
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr ""
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr ""
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr ""
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr ""
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr ""
+
+#: g10/card-util.c:1297
+#, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr ""
+
+#: g10/card-util.c:1298
+#, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr ""
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr ""
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+
+#: g10/card-util.c:1378
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr ""
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr ""
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr ""
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr ""
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr ""
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr ""
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr ""
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr ""
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr ""
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr ""
+
+#: g10/card-util.c:1623
+#, c-format
+msgid "error writing key to card: %s\n"
+msgstr ""
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr ""
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr ""
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr ""
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr ""
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr ""
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr ""
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr ""
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr ""
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr ""
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr ""
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr ""
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr ""
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr ""
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr ""
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr ""
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr ""
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr ""
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr ""
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr ""
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr ""
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr ""
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr ""
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr ""
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr ""
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr ""
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr ""
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr ""
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr ""
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr ""
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr ""
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr ""
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr ""
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr ""
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr ""
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr ""
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr ""
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr ""
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr ""
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr ""
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr ""
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr ""
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr ""
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr ""
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr ""
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr ""
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr ""
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr ""
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr ""
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr ""
+
+#: g10/export.c:61
+msgid "export signatures that are marked as local-only"
+msgstr ""
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr ""
+
+#: g10/export.c:67
+msgid "remove the passphrase from exported subkeys"
+msgstr ""
+
+#: g10/export.c:69
+msgid "remove unusable parts from key during export"
+msgstr ""
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr ""
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr ""
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr ""
+
+#: g10/export.c:386
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr ""
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr ""
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr ""
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr ""
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr ""
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr ""
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr ""
+
+#: g10/getkey.c:1120
+msgid "No fingerprint"
+msgstr ""
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr ""
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr ""
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr ""
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+msgid "make a signature"
+msgstr ""
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+msgid "make a clear text signature"
+msgstr ""
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr ""
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr ""
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr ""
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr ""
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr ""
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr ""
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr ""
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr ""
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr ""
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr ""
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr ""
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr ""
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr ""
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr ""
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr ""
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr ""
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr ""
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+msgid "change a passphrase"
+msgstr ""
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr ""
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr ""
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr ""
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr ""
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr ""
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr ""
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr ""
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr ""
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr ""
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr ""
+
+#: g10/gpg.c:436
+msgid "print message digests"
+msgstr ""
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr ""
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr ""
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr ""
+
+#: g10/gpg.c:462
+msgid "|N|set compress level to N (0 disables)"
+msgstr ""
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr ""
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+msgid "|FILE|write output to FILE"
+msgstr ""
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr ""
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr ""
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr ""
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr ""
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr ""
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr ""
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr ""
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr ""
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr ""
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr ""
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+msgid "show preferred keyserver URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+msgid "show the keyring name in key listings"
+msgstr ""
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr ""
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr ""
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr ""
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr ""
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr ""
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr ""
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr ""
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr ""
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr ""
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr ""
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr ""
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr ""
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr ""
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+msgid "show all notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+msgid "show preferred keyserver URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2714
+msgid "show user ID validity during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+msgid "show only the primary user ID in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr ""
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr ""
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr ""
+
+#: g10/gpg.c:2925
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr ""
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr ""
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr ""
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr ""
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr ""
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr ""
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr ""
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr ""
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr ""
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr ""
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr ""
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr ""
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr ""
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr ""
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr ""
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr ""
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr ""
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr ""
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr ""
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr ""
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr ""
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr ""
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr ""
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr ""
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr ""
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr ""
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr ""
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr ""
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr ""
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr ""
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr ""
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr ""
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr ""
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr ""
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr ""
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr ""
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr ""
+
+#: g10/gpg.c:3629
+msgid "--passwd <user-id>"
+msgstr ""
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr ""
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr ""
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr ""
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr ""
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr ""
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr ""
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr ""
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr ""
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr ""
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr ""
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr ""
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr ""
+
+#: g10/gpgv.c:74
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr ""
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr ""
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr ""
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr ""
+
+#: g10/gpgv.c:119
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr ""
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr ""
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+msgid "do not update the trustdb after import"
+msgstr ""
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr ""
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+msgid "remove unusable parts from key after import"
+msgstr ""
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr ""
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr ""
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr ""
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr ""
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr ""
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr ""
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr ""
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr ""
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr ""
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr ""
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr ""
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr ""
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr ""
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr ""
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr ""
+
+#: g10/import.c:323
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr ""
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr ""
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr ""
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr ""
+
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr ""
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr ""
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr ""
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr ""
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr ""
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr ""
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr ""
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr ""
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr ""
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr ""
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr ""
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr ""
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr ""
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr ""
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr ""
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr ""
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr ""
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr ""
+
+#: g10/import.c:980
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr ""
+
+#: g10/import.c:983
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr ""
+
+#: g10/import.c:986
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr ""
+
+#: g10/import.c:989
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr ""
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr ""
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr ""
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr ""
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr ""
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr ""
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr ""
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr ""
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr ""
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr ""
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr ""
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr ""
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr ""
+
+#: g10/import.c:1484
+#, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr ""
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr ""
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr ""
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr ""
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr ""
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr ""
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr ""
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr ""
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr ""
+
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr ""
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr ""
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr ""
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr ""
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr ""
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr ""
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr ""
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr ""
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr ""
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr ""
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr ""
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr ""
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr ""
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr ""
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr ""
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr ""
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr ""
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr ""
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr ""
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr ""
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr ""
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr ""
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr ""
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr ""
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr ""
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr ""
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr ""
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr ""
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr ""
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr ""
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr ""
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr ""
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr ""
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr ""
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr ""
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr ""
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr ""
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr ""
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr ""
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr ""
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr ""
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr ""
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr ""
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr ""
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr ""
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr ""
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr ""
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr ""
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr ""
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr ""
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr ""
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr ""
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr ""
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr ""
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr ""
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr ""
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr ""
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr ""
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr ""
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr ""
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr ""
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr ""
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr ""
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr ""
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr ""
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr ""
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr ""
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr ""
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr ""
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr ""
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr ""
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr ""
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr ""
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr ""
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr ""
+
+#: g10/keyedit.c:1453
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr ""
+
+#: g10/keyedit.c:1455
+msgid "set a notation for the selected user IDs"
+msgstr ""
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr ""
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr ""
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr ""
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr ""
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr ""
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr ""
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr ""
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr ""
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr ""
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr ""
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr ""
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr ""
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr ""
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr ""
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr ""
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr ""
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr ""
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr ""
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr ""
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr ""
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr ""
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr ""
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr ""
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr ""
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr ""
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr ""
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr ""
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr ""
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr ""
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+msgid "Notations: "
+msgstr ""
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr ""
+
+#: g10/keyedit.c:2810
+#, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr ""
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr ""
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr ""
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr ""
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr ""
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr ""
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr ""
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr ""
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr ""
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr ""
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr ""
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr ""
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr ""
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr ""
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr ""
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr ""
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr ""
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr ""
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr ""
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr ""
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr ""
+
+#: g10/keyedit.c:3357
+#, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr ""
+
+#: g10/keyedit.c:3364
+#, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr ""
+
+#: g10/keyedit.c:3365
+#, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr ""
+
+#: g10/keyedit.c:3373
+#, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr ""
+
+#: g10/keyedit.c:3374
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr ""
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr ""
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr ""
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr ""
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr ""
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr ""
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr ""
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr ""
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr ""
+
+#: g10/keyedit.c:3800
+#, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr ""
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr ""
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr ""
+
+#: g10/keyedit.c:4471
+msgid "Proceed? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr ""
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr ""
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr ""
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr ""
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr ""
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr ""
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr ""
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr ""
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr ""
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr ""
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr ""
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr ""
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr ""
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr ""
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr ""
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr ""
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr ""
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr ""
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr ""
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr ""
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr ""
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr ""
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr ""
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr ""
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr ""
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr ""
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr ""
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr ""
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr ""
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr ""
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr ""
+
+#: g10/keygen.c:1689
+#, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr ""
+
+#: g10/keygen.c:1691
+#, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr ""
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr ""
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr ""
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr ""
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr ""
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr ""
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr ""
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr ""
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr ""
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr ""
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr ""
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr ""
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr ""
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr ""
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr ""
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr ""
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr ""
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr ""
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr ""
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr ""
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr ""
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr ""
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr ""
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr ""
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr ""
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr ""
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr ""
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr ""
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr ""
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr ""
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr ""
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr ""
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+
+#: g10/keygen.c:2276
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr ""
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr ""
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr ""
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr ""
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr ""
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr ""
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr ""
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr ""
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr ""
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr ""
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr ""
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr ""
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr ""
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr ""
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr ""
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr ""
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr ""
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr ""
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr ""
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr ""
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr ""
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr ""
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr ""
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr ""
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr ""
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr ""
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr ""
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr ""
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr ""
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr ""
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr ""
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr ""
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr ""
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr ""
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr ""
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr ""
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+msgid "honor the preferred keyserver URL set on the key"
+msgstr ""
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr ""
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr ""
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr ""
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr ""
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1205
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1208
+#, c-format
+msgid "searching for names from %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr ""
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr ""
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr ""
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr ""
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr ""
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1987
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr ""
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr ""
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr ""
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr ""
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr ""
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr ""
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr ""
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr ""
+
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr ""
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr ""
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr ""
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr ""
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr ""
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr ""
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr ""
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr ""
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr ""
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr ""
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+msgid "no signature found\n"
+msgstr ""
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr ""
+
+#: g10/mainproc.c:1587
+msgid "can't handle this ambiguous signature data\n"
+msgstr ""
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr ""
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr ""
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr ""
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr ""
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr ""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr ""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr ""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr ""
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr ""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr ""
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr ""
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr ""
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr ""
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr ""
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr ""
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr ""
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr ""
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr ""
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr ""
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr ""
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr ""
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr ""
+
+#: g10/misc.c:302
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr ""
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr ""
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr ""
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr ""
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, c-format
+msgid "please see %s for more information\n"
+msgstr ""
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr ""
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr ""
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr ""
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr ""
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr ""
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr ""
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr ""
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr ""
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr ""
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr ""
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr ""
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr ""
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr ""
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr ""
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr ""
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr ""
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr ""
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr ""
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr ""
+
+#: g10/passphrase.c:358
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr ""
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr ""
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr ""
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr ""
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr ""
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr ""
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr ""
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr ""
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr ""
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr ""
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr ""
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr ""
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr ""
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr ""
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr ""
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr ""
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr ""
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr ""
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr ""
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr ""
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr ""
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr ""
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr ""
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr ""
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr ""
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr ""
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr ""
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr ""
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr ""
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr ""
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr ""
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr ""
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr ""
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr ""
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr ""
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr ""
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr ""
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr ""
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr ""
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr ""
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr ""
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr ""
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr ""
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr ""
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr ""
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr ""
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr ""
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr ""
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr ""
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr ""
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr ""
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr ""
+
+#: g10/pkclist.c:1503
+#, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr ""
+
+#: g10/pkclist.c:1528
+#, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr ""
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr ""
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr ""
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr ""
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr ""
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr ""
+
+#: g10/plaintext.c:607
+#, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr ""
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr ""
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr ""
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr ""
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr ""
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr ""
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr ""
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr ""
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr ""
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr ""
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr ""
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr ""
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr ""
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr ""
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr ""
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr ""
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr ""
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr ""
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr ""
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr ""
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr ""
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr ""
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr ""
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr ""
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr ""
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr ""
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr ""
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr ""
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr ""
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr ""
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr ""
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr ""
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr ""
+
+#: g10/sig-check.c:252
+#, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr ""
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr ""
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr ""
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr ""
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr ""
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr ""
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr ""
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr ""
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr ""
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr ""
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr ""
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr ""
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr ""
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr ""
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr ""
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr ""
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr ""
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr ""
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr ""
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr ""
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr ""
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr ""
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr ""
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr ""
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr ""
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr ""
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr ""
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr ""
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr ""
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr ""
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr ""
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1512
+msgid "Error: The trustdb is corrupted.\n"
+msgstr ""
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr ""
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr ""
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr ""
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr ""
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr ""
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr ""
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr ""
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr ""
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr ""
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr ""
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr ""
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr ""
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr ""
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr ""
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr ""
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr ""
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr ""
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr ""
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr ""
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr ""
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr ""
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr ""
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr ""
+
+#: g10/verify.c:253
+#, c-format
+msgid "can't open fd %d: %s\n"
+msgstr ""
+
+#: jnlib/argparse.c:180
+msgid "argument not expected"
+msgstr ""
+
+#: jnlib/argparse.c:182
+msgid "read error"
+msgstr ""
+
+#: jnlib/argparse.c:184
+msgid "keyword too long"
+msgstr ""
+
+#: jnlib/argparse.c:186
+msgid "missing argument"
+msgstr ""
+
+#: jnlib/argparse.c:188
+msgid "invalid command"
+msgstr ""
+
+#: jnlib/argparse.c:190
+msgid "invalid alias definition"
+msgstr ""
+
+#: jnlib/argparse.c:192
+msgid "out of core"
+msgstr ""
+
+#: jnlib/argparse.c:194
+msgid "invalid option"
+msgstr ""
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+msgid "out of core\n"
+msgstr ""
+
+#: jnlib/argparse.c:215
+#, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:85
+#, c-format
+msgid "error loading `%s': %s\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, c-format
+msgid "iconv_open failed: %s\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr ""
+
+#: jnlib/dotlock.c:234
+#, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr ""
+
+#: jnlib/dotlock.c:269
+#, c-format
+msgid "error writing to `%s': %s\n"
+msgstr ""
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr ""
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr ""
+
+#: jnlib/dotlock.c:501
+#, c-format
+msgid "waiting for lock %s...\n"
+msgstr ""
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr ""
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr ""
+
+#: scd/app-nks.c:1093
+msgid "||Please enter the PIN for the standard keys."
+msgstr ""
+
+#: scd/app-nks.c:1099
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr ""
+
+#: scd/app-nks.c:1101
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr ""
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr ""
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+msgid "||Please enter the PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr ""
+
+#: scd/app-openpgp.c:1680
+msgid "|A|Please enter the Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2035
+msgid "||Please enter the Reset Code for the card"
+msgstr ""
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2202
+msgid "writing new key\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr ""
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr ""
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+msgid "|FILE|write a log to FILE"
+msgstr ""
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr ""
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr ""
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr ""
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+msgid "deny the use of admin card commands"
+msgstr ""
+
+#: scd/scdaemon.c:259
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr ""
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr ""
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:297
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+msgid "shell"
+msgstr ""
+
+#: sm/certchain.c:258
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr ""
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, c-format
+msgid "failed to open `%s': %s\n"
+msgstr ""
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+msgid "certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, c-format
+msgid "number of matching certificates: %d\n"
+msgstr ""
+
+#: sm/certchain.c:587
+#, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr ""
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+msgid "failed to allocated keyDB handle\n"
+msgstr ""
+
+#: sm/certchain.c:925
+msgid "certificate has been revoked"
+msgstr ""
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, c-format
+msgid "checking the CRL failed: %s"
+msgstr ""
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr ""
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+msgid "root certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+msgid "certificate has expired"
+msgstr ""
+
+#: sm/certchain.c:1013
+msgid "root certificate has expired"
+msgstr ""
+
+#: sm/certchain.c:1014
+msgid "intermediate certificate has expired"
+msgstr ""
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+msgid "certificate with invalid validity"
+msgstr ""
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+msgid " ( signature created at "
+msgstr ""
+
+#: sm/certchain.c:1110
+msgid " (certificate created at "
+msgstr ""
+
+#: sm/certchain.c:1113
+msgid " (certificate valid from "
+msgstr ""
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr ""
+
+#: sm/certchain.c:1144
+#, c-format
+msgid "fingerprint=%s\n"
+msgstr ""
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+msgid "no issuer found in certificate"
+msgstr ""
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr ""
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr ""
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+msgid "certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+msgid "certificate is good\n"
+msgstr ""
+
+#: sm/certchain.c:1645
+msgid "intermediate certificate is good\n"
+msgstr ""
+
+#: sm/certchain.c:1646
+msgid "root certificate is good\n"
+msgstr ""
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+msgid "none"
+msgstr ""
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+msgid "[Error - invalid encoding]"
+msgstr ""
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+msgid "[Error - invalid DN]"
+msgstr ""
+
+#: sm/certdump.c:948
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr ""
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr ""
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, c-format
+msgid "line %d: not a valid email address\n"
+msgstr ""
+
+#: sm/certreqgen.c:546
+#, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr ""
+
+#: sm/certreqgen.c:558
+#, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr ""
+
+#: sm/certreqgen.c:574
+#, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr ""
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, c-format
+msgid " (%d) RSA\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:159
+#, c-format
+msgid " (%d) Existing key\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+msgid "Enter the keygrip: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+msgid "No key with this keygrip\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, c-format
+msgid "error reading the card: %s\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:233
+#, c-format
+msgid "Serial number of the card: %s\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:245
+msgid "Available keys:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:278
+#, c-format
+msgid " (%d) sign\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:279
+#, c-format
+msgid " (%d) encrypt\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+msgid "Enter email addresses"
+msgstr ""
+
+#: sm/certreqgen-ui.c:335
+msgid " (end with an empty line):\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:339
+msgid "Enter DNS names"
+msgstr ""
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+msgid " (optional; end with an empty line):\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr ""
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr ""
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, c-format
+msgid "error locking keybox: %s\n"
+msgstr ""
+
+#: sm/delete.c:143
+#, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr ""
+
+#: sm/delete.c:145
+#, c-format
+msgid "certificate `%s' deleted\n"
+msgstr ""
+
+#: sm/delete.c:175
+#, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr ""
+
+#: sm/encrypt.c:321
+msgid "no valid recipients given\n"
+msgstr ""
+
+#: sm/gpgsm.c:197
+msgid "list external keys"
+msgstr ""
+
+#: sm/gpgsm.c:199
+msgid "list certificate chain"
+msgstr ""
+
+#: sm/gpgsm.c:206
+msgid "import certificates"
+msgstr ""
+
+#: sm/gpgsm.c:207
+msgid "export certificates"
+msgstr ""
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+msgid "create base-64 encoded output"
+msgstr ""
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr ""
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+msgid "|FILE|write an audit log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr ""
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr ""
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr ""
+
+#: sm/gpgsm.c:298
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr ""
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr ""
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr ""
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr ""
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr ""
+
+#: sm/gpgsm.c:522
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr ""
+
+#: sm/gpgsm.c:525
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+
+#: sm/gpgsm.c:617
+msgid "usage: gpgsm [options] "
+msgstr ""
+
+#: sm/gpgsm.c:739
+#, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr ""
+
+#: sm/gpgsm.c:750
+#, c-format
+msgid "unknown validation model `%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr ""
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr ""
+
+#: sm/gpgsm.c:1376
+msgid "could not parse keyserver\n"
+msgstr ""
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:1597
+#, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr ""
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, c-format
+msgid "total number processed: %lu\n"
+msgstr ""
+
+#: sm/import.c:230
+msgid "error storing certificate\n"
+msgstr ""
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+msgid "failed to allocate keyDB handle\n"
+msgstr ""
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, c-format
+msgid "error getting stored flags: %s\n"
+msgstr ""
+
+#: sm/import.c:551 sm/import.c:583
+#, c-format
+msgid "error importing certificate: %s\n"
+msgstr ""
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, c-format
+msgid "error reading input: %s\n"
+msgstr ""
+
+#: sm/keydb.c:187
+#, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr ""
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, c-format
+msgid "keybox `%s' created\n"
+msgstr ""
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+msgid "failed to get the fingerprint\n"
+msgstr ""
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1356
+#, c-format
+msgid "error storing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, c-format
+msgid "error storing flags: %s\n"
+msgstr ""
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr ""
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr ""
+
+#: sm/verify.c:449
+msgid "Signature made "
+msgstr ""
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr ""
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+msgid "Good signature from"
+msgstr ""
+
+#: sm/verify.c:595
+msgid " aka"
+msgstr ""
+
+#: sm/verify.c:613
+msgid "This is a qualified signature\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+msgid "quiet"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+msgid "|FILE|run commands from FILE on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, c-format
+msgid "receiving line failed: %s\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1371
+msgid "line too long - skipped\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, c-format
+msgid "unknown command `%s'\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1761
+#, c-format
+msgid "sending line failed: %s\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:2208
+#, c-format
+msgid "error sending %s command: %s\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:2223
+#, c-format
+msgid "error sending standard options: %s\n"
+msgstr ""
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+msgid "|N|expire the passphrase after N days"
+msgstr ""
+
+#: tools/gpgconf-comp.c:561
+msgid "do not allow the reuse of old passphrases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr ""
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr ""
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+msgid "|URL|use keyserver at URL"
+msgstr ""
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+msgid "list global configuration file"
+msgstr ""
+
+#: tools/gpgconf.c:74
+msgid "check global configuration file"
+msgstr ""
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr ""
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr ""
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+msgid "usage: gpgconf [options] "
+msgstr ""
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+msgid "Component not found"
+msgstr ""
+
+#: tools/gpgconf.c:284
+msgid "No argument allowed"
+msgstr ""
+
+#: tools/symcryptrun.c:154
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+
+#: tools/symcryptrun.c:156
+msgid "decryption modus"
+msgstr ""
+
+#: tools/symcryptrun.c:157
+msgid "encryption modus"
+msgstr ""
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+msgid "program filename"
+msgstr ""
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr ""
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:288
+#, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:314
+#, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:382
+#, c-format
+msgid "error writing to %s: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:389
+#, c-format
+msgid "error reading from %s: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, c-format
+msgid "error closing %s: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, c-format
+msgid "could not create pipe: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:536
+#, c-format
+msgid "could not create pty: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, c-format
+msgid "execv failed: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:609
+#, c-format
+msgid "select failed: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:626
+#, c-format
+msgid "read failed: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:678
+#, c-format
+msgid "pty read failed: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:730
+#, c-format
+msgid "waitpid failed: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:812
+#, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, c-format
+msgid "class %s is not supported\n"
+msgstr ""
+
+#: tools/gpg-check-pattern.c:145
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr ""
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
diff --git a/po/hu.gmo b/po/hu.gmo
new file mode 100644
index 0000000..26bd973
--- /dev/null
+++ b/po/hu.gmo
Binary files differ
diff --git a/po/hu.po b/po/hu.po
new file mode 100644
index 0000000..19c68ef
--- /dev/null
+++ b/po/hu.po
@@ -0,0 +1,9983 @@
+# GnuPG Hungarian translation.
+# Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+# Nagy Ferenc László <nfl@nfllab.com>, 2003, 2004.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.2.5\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2004-06-19 21:53+0200\n"
+"Last-Translator: Nagy Ferenc László <nfl@nfllab.com>\n"
+"Language-Team: Hungarian <translation-team-hu@lists.sourceforge.net>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=iso-8859-2\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr ""
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "A sor túl hosszú!\n"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "A jelszó túl hosszú!\n"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Érvénytelen karakter a névben!\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "hibás MPI"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "rossz jelszó"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "rossz jelszó"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "%d%s védõ algoritmus nem támogatott.\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "Nem tudom létrehozni a(z) \"%s\" állományt: %s.\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "Nem tudom megnyitni a(z) \"%s\" állományt: %s.\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "Hiba a(z) \"%s\" titkoskulcs-karika írásakor: %s.\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "Nem írható titkoskulcs-karikát találtam: %s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "A kulcsblokk törlése sikertelen: %s.\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "jelszóváltoztatás"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: Hashtábla létrehozása sikertelen: %s.\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr ""
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Ismételje meg a jelszót: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Ismételje meg a jelszót: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Ismételje meg a jelszót: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "Nem ismételte meg helyesen a jelszót! Próbálja újra!"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "Nem ismételte meg helyesen a jelszót! Próbálja újra!"
+
+#: agent/divert-scd.c:298
+#, fuzzy
+msgid "PIN not correctly repeated; try again"
+msgstr "Nem ismételte meg helyesen a jelszót! Próbálja újra!"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr ""
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "Írok a \"%s\" állományba.\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "Írja be a jelszót!\n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Mégis használjuk ezt a kulcsot? "
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"Most szükség van egy jelszóra (vagy mondatra), amely a titkos kulcsát védi.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "jelszóváltoztatás"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opciók:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "bõbeszédû mód"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "még szûkszavúbb mód"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "|fájl|bõvítõ modul betöltése"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "kulcsok keresése kulcsszerveren"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr "Valóban frissíti a kijelölt felhasználóazonosítók preferenciáit? "
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "bizalmi adatbázis frissítése"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "A hibákat (angolul) a <gnupg-bugs@gnu.org> címre írja meg!\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "MEGJEGYZÉS: Nincs alapértelmezett opciós fájl (%s).\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "\"%s\" opciós fájl: %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "Az opciókat a \"%s\" állományból olvasom.\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "Hiba \"%s\" létrehozásakor: %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "Nem tudom a \"%s\" könyvtárat létrehozni: %s.\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "%s nem hozható létre: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1525
+#, fuzzy
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "GPG ügynök nem elérhetõ ebben a munkafolyamatban.\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "Hiba %s-ra/-re küldéskor: %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "Frissítés sikertelen: %s.\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "Írom a titkos kulcsot a %s állományba.\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, fuzzy, c-format
+msgid "directory `%s' created\n"
+msgstr "%s: Könyvtárat létrehoztam.\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "Bizalmi adatbázis: olvasás sikertelen (n=%d): %s.\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "%s: Nem tudom a könyvtárat létrehozni: %s.\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "Titkoskulcs-blokk frissítése sikertelen: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "%s: kihagyva: %s\n"
+
+#: agent/gpg-agent.c:2232
+#, fuzzy
+msgid "no gpg-agent running in this session\n"
+msgstr "GPG ügynök nem elérhetõ ebben a munkafolyamatban.\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "Nem megfelelõ formájú GPG_AGENT_INFO környezeti változó!\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "%d gpg-agent protokollverzió nem támogatott!\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Parancsok:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opciók:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "rossz jelszó"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "Mégsem"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "\"%s\" kulcs nem található: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "Titkos kulcsrészek nem állnak rendelkezésre.\n"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "Olvasási hiba: %s.\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "igen"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "jelszóváltoztatás"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "Nem tudom megnyitni az állományt: %s.\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "Hiba a(z) \"%s\" titkoskulcs-karika írásakor: %s.\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "Hiba \"%s\" létrehozásakor: %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "[ismeretlen kulcs]"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "GPG ügynök nem elérhetõ ebben a munkafolyamatban.\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "Nem tudok kapcsolódni \"%s\" objektumhoz: %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "Kommunikációs probléma a gpg ügynökkel!\n"
+
+#: common/simple-pwquery.c:416
+#, fuzzy
+msgid "problem setting the gpg-agent options\n"
+msgstr "Probléma az ügynökkel: ügynök válasza: 0x%lx\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "A felhasználó megszakította a mûveletet.\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+#, fuzzy
+msgid "problem with the agent\n"
+msgstr "Probléma az ügynökkel: ügynök válasza: 0x%lx\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "Nem tudom letiltani a core fájlokat: %s.\n"
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "FIGYELEM: Nem biztonságos tulajdonos: %s \"%s\"\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "FIGYELEM: nem biztonságos engedélyek: %s \"%s\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "igen"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "iI"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "nem"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "kilépés|kilepes"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "kK"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+#, fuzzy
+msgid "cC"
+msgstr "c"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "rossz igazolás"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "rossz igazolás"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "rossz igazolás"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "rossz igazolás"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "rossz igazolás"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "rossz igazolás"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "rossz igazolás"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr "rossz igazolás"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "Kulcs található: "
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: Kulcskarikát létrehoztam.\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "Páncél: %s\n"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Támogatott algoritmusok:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "nem titkosított"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Az aláírás lejárt: %s.\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "%d%s védõ algoritmus nem támogatott.\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "Aláírás-ellenõrzés elnyomva.\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "Az aláírás lejárt: %s.\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "Jó aláírás a következõtõl: \""
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "Az aláírás lejárt: %s.\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "Ez a kulcs lejárt!"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr "rossz igazolás"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "rossz igazolás"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Kulcs található: "
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "rossz igazolás"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "rossz igazolás"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "ismeretlen verzió"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "Nem áll rendelkezésre segítség \"%s\" témához."
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "Hiba a záró sorban!\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "Ismeretlen módú"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "Páncél: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "Érvénytelen páncélfejléc: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "Páncélfejléc: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "Érvénytelen aláírásfejléc!\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "Páncélfejléc: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "Egymásba ágyazott olvashatószöveg-aláírások!\n"
+
+#: g10/armor.c:643
+#, fuzzy
+msgid "unexpected armor: "
+msgstr "Váratlan páncél:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "Érvénytelen kötõjeles sor: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, fuzzy, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "Kihagytam a %02x kódú érvénytelen radix64 karaktert.\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "Korai állományvég (nincs CRC).\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "Korai állományvég (a CRC-ben).\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "Hibás formájú CRC.\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, fuzzy, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "CRC hiba; %06lx - %06lx\n"
+
+#: g10/armor.c:919
+#, fuzzy
+msgid "premature eof (in trailer)\n"
+msgstr "Korai állományvég (a lezárásban).\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "Hiba a záró sorban!\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "Nem találtam érvényes OpenPGP adatot.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "Érvénytelen páncél: %d karakternél hosszabb sor.\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"quoted printable karakter a páncélban - valószínûleg egy bugos MTA bûne.\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"Egy jelölés neve csak nyomtatható karaktereket és szóközt tartalmazhat, és = "
+"jellel kell befejezõdjön.\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "Egy felhasználójelölésnek tartalmaznia kell a \"@\" karaktert!\n"
+
+#: g10/build-packet.c:994
+#, fuzzy
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "Egy felhasználójelölésnek tartalmaznia kell a \"@\" karaktert!\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "Egy jelölés értékében nem szerepelhet vezérlõkarakter!\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "FIGYELEM: Érvénytelen jelölõ adatot találtam.\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "nem olvasható forma"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, fuzzy, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "titkos kulcs nem áll rendelkezésre"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr ""
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+#, fuzzy
+msgid "can't do this in batch mode\n"
+msgstr "Nem tudom ezt megcsinálni kötegelt módban!\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "Ez a parancs %s módban nem engedélyezett.\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "Titkos kulcsrészek nem állnak rendelkezésre.\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Mit választ? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr ""
+
+#: g10/card-util.c:512
+#, fuzzy
+msgid "male"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "female"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "unspecified"
+msgstr "Nincs megadva ok."
+
+#: g10/card-util.c:540
+#, fuzzy
+msgid "not forced"
+msgstr "nem feldolgozott"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr ""
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr ""
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr ""
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr ""
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:693
+#, fuzzy
+msgid "URL to retrieve public key: "
+msgstr "Nincs hozzá tartozó nyilvános kulcs: %s\n"
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr ""
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:1005
+#, fuzzy
+msgid "Language preferences: "
+msgstr "preferenciák frissítése"
+
+#: g10/card-util.c:1013
+#, fuzzy
+msgid "Error: invalid length of preference string.\n"
+msgstr "Érvénytelen karakter a preferenciák között!\n"
+
+#: g10/card-util.c:1022
+#, fuzzy
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Érvénytelen karakter a preferenciák között!\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr ""
+
+#: g10/card-util.c:1058
+#, fuzzy
+msgid "Error: invalid response.\n"
+msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
+
+#: g10/card-util.c:1080
+#, fuzzy
+msgid "CA fingerprint: "
+msgstr "megmutatja az ujjlenyomatot"
+
+#: g10/card-util.c:1103
+#, fuzzy
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
+
+#: g10/card-util.c:1153
+#, fuzzy, c-format
+msgid "key operation not possible: %s\n"
+msgstr "Kulcsgenerálás sikertelen: %s\n"
+
+#: g10/card-util.c:1154
+#, fuzzy
+msgid "not an OpenPGP card"
+msgstr "Nem találtam érvényes OpenPGP adatot.\n"
+
+#: g10/card-util.c:1167
+#, fuzzy, c-format
+msgid "error getting current key info: %s\n"
+msgstr "Hiba a(z) \"%s\" titkoskulcs-karika írásakor: %s.\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Milyen kulcsméretet szeretne? (1024) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Milyen kulcsméretet szeretne? (1024) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Milyen kulcsméretet szeretne? (1024) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "Felkerekítve %u bitre.\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "Hiba %s-ra/-re küldéskor: %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "Kihagytam: titkos kulcs már jelen van.\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+
+#: g10/card-util.c:1449
+#, fuzzy
+msgid "Please select the type of key to generate:\n"
+msgstr "Kérem, adja meg, milyen kulcsot kíván:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+#, fuzzy
+msgid " (1) Signature key\n"
+msgstr "Az aláírás lejárt: %s.\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+#, fuzzy
+msgid " (2) Encryption key\n"
+msgstr " (%d) RSA (csak titkosítás)\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr ""
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Érvénytelen választás.\n"
+
+#: g10/card-util.c:1556
+#, fuzzy
+msgid "Please select where to store the key:\n"
+msgstr "Kérem, válassza ki a visszavonás okát:\n"
+
+#: g10/card-util.c:1600
+#, fuzzy
+msgid "unknown key protection algorithm\n"
+msgstr "Ismeretlen védelmi algoritmus!\n"
+
+#: g10/card-util.c:1605
+#, fuzzy
+msgid "secret parts of key are not available\n"
+msgstr "Az elsõdleges kulcs titkos részei nem elérhetõk.\n"
+
+#: g10/card-util.c:1610
+#, fuzzy
+msgid "secret key already stored on a card\n"
+msgstr "Kihagytam: titkos kulcs már jelen van.\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "kilépés ebbõl a menübõl"
+
+#: g10/card-util.c:1684
+#, fuzzy
+msgid "show admin commands"
+msgstr "Egymásnak ellentmondó parancsok!\n"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "megmutatja ezt a súgót"
+
+#: g10/card-util.c:1687
+#, fuzzy
+msgid "list all available data"
+msgstr "Kulcs található: "
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr ""
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr ""
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr ""
+
+#: g10/card-util.c:1693
+#, fuzzy
+msgid "change the login name"
+msgstr "lejárat megváltoztatása"
+
+#: g10/card-util.c:1694
+#, fuzzy
+msgid "change the language preferences"
+msgstr "kulcstulajdonos megbízhatóságának beállítása"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr ""
+
+#: g10/card-util.c:1696
+#, fuzzy
+msgid "change a CA fingerprint"
+msgstr "megmutatja az ujjlenyomatot"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+#, fuzzy
+msgid "generate new keys"
+msgstr "új kulcspár létrehozása"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr ""
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+#, fuzzy
+msgid "Admin-only command\n"
+msgstr "Egymásnak ellentmondó parancsok!\n"
+
+#: g10/card-util.c:1895
+#, fuzzy
+msgid "Admin commands are allowed\n"
+msgstr "Egymásnak ellentmondó parancsok!\n"
+
+#: g10/card-util.c:1897
+#, fuzzy
+msgid "Admin commands are not allowed\n"
+msgstr "Írom a titkos kulcsot a %s állományba.\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Érvénytelen parancs! (Próbálja a súgót: \"help\".)\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "Az --output opció nem mûködik ehhez a parancshoz.\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "Nem tudom megnyitni %s-t!\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, fuzzy, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "\"%s\" kulcs nem található: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "Hiba a kulcsblokk olvasásakor: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(Kivéve, ha megad egy kulcsot az ujjlenyomatával.)\n"
+
+#: g10/delkey.c:133
+#, fuzzy
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "Nem tudom ezt megcsinálni kötegelt módban \"--yes\" nélkül.\n"
+
+#: g10/delkey.c:145
+#, fuzzy
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Töröljem ezt a kulcsot a kulcskarikáról? "
+
+#: g10/delkey.c:153
+#, fuzzy
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Ez egy titkos kulcs! Valóban töröljem? "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "A kulcsblokk törlése sikertelen: %s.\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "Kulcstulajdonos megbízhatósági adatait töröltem.\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "Van egy titkos kulcs a \"%s\" nyilvános kulcshoz!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "Elõször azt törölje a \"--delete-secret-keys\" opcióval!\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "Nem tudok szimmetrikus ESK csomagot használni a S2K mód miatt!\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "%s rejtjelezést használok.\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "\"%s\" már tömörített.\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "FIGYELEM: A(z) \"%s\" állomány üres.\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"Csak 2048 bites, vagy rövidebb RSA kulcsokkal titkosíthat --pgp2 módban!\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "Olvasok a \"%s\" állományból.\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr "Nem tudom az IDEA rejtjelezõt használni az összes címzett kulcshoz.\n"
+
+#: g10/encode.c:559
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "A %s (%d) rejtjelezõ használata sérti a címzett preferenciáit!\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr "A %s (%d) tömörítés használata sérti a címzett preferenciáit!\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "A %s (%d) rejtjelezõ használata sérti a címzett preferenciáit!\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "Lehet, hogy nem használhatja %s-t %s módban!\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s titkosítva \"%s\" számára\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s titkosított adat.\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "Ismeretlen algoritmussal (%d) titkosítva.\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"FIGYELEM: Az üzenet szimmetrikus titkosítását gyenge kulccsal végezték.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "Probléma a titkosított csomag kezelésekor!\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "Külsõ program meghívása nem támogatott.\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"A külsõ programok hívása tiltott, mert az \"options\" állomány engedélyei\n"
+"nem biztonságosak.\n"
+
+#: g10/exec.c:338
+#, fuzzy
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"Ez a platform átmeneti állományokat igényel külsõ programok hívásához.\n"
+
+#: g10/exec.c:416
+#, fuzzy, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "Nem tudom végrehajtani a következõ \"%s\"-t: \"%s\": %s.\n"
+
+#: g10/exec.c:419
+#, fuzzy, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "Nem tudom végrehajtani a következõ \"%s\"-t: \"%s\": %s.\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "Rendszerhiba külsõ program hívásakor: %s.\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "A külsõ program nem természetes módon ért véget.\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "Nem tudom a végrehajtani a külsõ programot.\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "Nem tudom beolvasni a külsõ program válaszát: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr ""
+"FIGYELEM: Nem tudom törölni az (\"%s\") átmeneti állományt: \"%s\": %s.\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "FIGYELEM: nem tudom törölni a \"%s\" átmeneti könyvtárat: %s\n"
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr ""
+"\n"
+"Az aláírást \"nem visszavonhatónak\" jelöljük.\n"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+#, fuzzy
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "Nem találtam visszavonó kulcsot a következõhöz: \"%s\".\n"
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr "másodlagos kulcs visszavonása"
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "használhatatlan titkos kulcs"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+#, fuzzy
+msgid "exporting secret keys not allowed\n"
+msgstr "Írom a titkos kulcsot a %s állományba.\n"
+
+#: g10/export.c:367
+#, fuzzy, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "%08lX kulcs: nem védett - kihagytam.\n"
+
+#: g10/export.c:375
+#, fuzzy, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "%08lX kulcs: PGP 2.x stílusú kulcs - kihagytam.\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "%08lX kulcs: Alkulcsaláírás rossz helyen - kihagytam.\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
+
+#: g10/export.c:584
+#, fuzzy, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "FIGYELEM: %08lX titkos kulcsnak nincs egyszerû SK ellenõrzõösszege.\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "FIGYELEM: Semmit sem exportáltam.\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "Túl sok bejegyzés van a nyilvánoskulcs-gyorsítótárban - letiltom.\n"
+
+#: g10/getkey.c:175
+#, fuzzy
+msgid "[User ID not found]"
+msgstr "[ismeretlen kulcs]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "Hiba \"%s\" létrehozásakor: %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "megmutatja az ujjlenyomatot"
+
+#: g10/getkey.c:1930
+#, fuzzy, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"%08lX érvénytelen kulcsot érvényesítettük az\n"
+"--allow-non-selfsigned-uid opcióval.\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, fuzzy, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr ""
+"Nincs titkos alkulcs a %08lX nyilvános alkulcshoz - figyelmen kívül hagyom.\n"
+
+#: g10/getkey.c:2759
+#, fuzzy, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "A %08lX másodlagos kulcsot használjuk a %08lX elsõdleges helyett.\n"
+
+#: g10/getkey.c:2806
+#, fuzzy, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "%08lX kulcs: titkos kulcs nyilvános kulcs nélkül - kihagytam.\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "különálló aláírás készítése"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[fájl]|olvasható szöveg aláírása"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "különálló aláírás készítése"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "adat titkosítása"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "titkosítás csak szimmetrikus rejtjelezõvel"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "adat visszafejtése (alapértelmezés)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "aláírás ellenõrzése"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "kulcsok listázása"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "kulcsok és aláírások listázása"
+
+#: g10/gpg.c:389
+#, fuzzy
+msgid "list and check key signatures"
+msgstr "kulcsaláírások ellenõrzése"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "kulcsok és ujjlenyomatok listázása"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "titkos kulcsok listázása"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "új kulcspár létrehozása"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "visszavonási igazolás készítése"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "kulcsok eltávolítása a nyilvánoskulcs-karikáról"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "kulcsok eltávolítása a titkoskulcs-karikáról"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "kulcs aláírása"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "kulcs aláírása helyileg"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "kulcs aláírása vagy szerkesztése"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "jelszóváltoztatás"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "kulcsok exportálása"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "kulcsok exportálása kulcsszerverre"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "kulcsok importálása kulcsszerverrõl"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "kulcsok keresése kulcsszerveren"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "minden kulcs frissítése kulcsszerverrõl"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "kulcsok importálása/összefûzése"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr ""
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr ""
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr ""
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "bizalmi adatbázis frissítése"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|algo [fájlok]|üzenet kivonatának kiírása"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "ascii páncélozott kimenet létrehozása"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|NÉV|titkosítás NÉV részére"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "felh. azonosító aláíráshoz és visszafejtéshez"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|tömörítési szint beállítása N-re (0: tiltás)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "kanonikus szöveges mód használata"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "|fájl|bõvítõ modul betöltése"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "ne csináljon semmi változtatást"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "felülírás elõtt rákérdezés"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr ""
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(A parancsok és opciók teljes listáját a man oldalon tekintheti meg.)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Példák:\n"
+"\n"
+" -se -r Bob [fájl] titkosítás és aláírás Bob részére\n"
+" --clearsign [fájl] olvasható szöveg aláírása\n"
+" --detach-sign [fájl] különálló aláírás készítése\n"
+" --list-keys [nevek] kulcsok kiíratása\n"
+" --fingerprint [nevek] ujjlenyomatok kiíratása\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Szintaxis: gpg [opciók] [fájlok]\n"
+"Aláírás, ellenõrzés, titkosítás vagy visszafejtés.\n"
+"Az alapértelmezett mûvelet a bemeneti adattól függ.\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Támogatott algoritmusok:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Nyilvános kulcsú (pubkey): "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Rejtjelezõ (cipher): "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Kivonatoló (hash): "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Tömörítõ (compression): "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "Használat: gpg [opciók] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "Egymásnak ellentmondó parancsok!\n"
+
+#: g10/gpg.c:1176
+#, fuzzy, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "Nem találtam = jelet a \"%s\" csoportdefinícióban!\n"
+
+#: g10/gpg.c:1373
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "FIGYELEM: Nem biztonságos tulajdonos: %s \"%s\"\n"
+
+#: g10/gpg.c:1376
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "FIGYELEM: Nem biztonságos tulajdonos: %s \"%s\"\n"
+
+#: g10/gpg.c:1379
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "FIGYELEM: Nem biztonságos tulajdonos: %s \"%s\"\n"
+
+#: g10/gpg.c:1385
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "FIGYELEM: nem biztonságos engedélyek: %s \"%s\"\n"
+
+#: g10/gpg.c:1388
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "FIGYELEM: nem biztonságos engedélyek: %s \"%s\"\n"
+
+#: g10/gpg.c:1391
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "FIGYELEM: nem biztonságos engedélyek: %s \"%s\"\n"
+
+#: g10/gpg.c:1397
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "FIGYELEM: nem biztonságos könyvtártulajdonos: %s \"%s\"\n"
+
+#: g10/gpg.c:1400
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr "FIGYELEM: nem biztonságos könyvtártulajdonos: %s \"%s\"\n"
+
+#: g10/gpg.c:1403
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "FIGYELEM: nem biztonságos könyvtártulajdonos: %s \"%s\"\n"
+
+#: g10/gpg.c:1409
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "FIGYELEM: nem biztonságos könyvtárengedélyek: %s \"%s\"\n"
+
+#: g10/gpg.c:1412
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr "FIGYELEM: nem biztonságos könyvtárengedélyek: %s \"%s\"\n"
+
+#: g10/gpg.c:1415
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "FIGYELEM: nem biztonságos könyvtárengedélyek: %s \"%s\"\n"
+
+#: g10/gpg.c:1595
+#, fuzzy, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "\"%s\": ismeretlen konfigurációs elem.\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+#, fuzzy
+msgid "show all notations during signature listings"
+msgstr "Nincs megfelelõ aláírás a titkoskulcs-karikán.\n"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "A megadott aláírási eljárásmód URL-je érvénytelen!\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr "mutatja a kilistázott kulcs kulcskarikáját is"
+
+#: g10/gpg.c:1721
+#, fuzzy
+msgid "show expiration dates during signature listings"
+msgstr "Nincs megfelelõ aláírás a titkoskulcs-karikán.\n"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "MEGJEGYZÉS: Figyelmen kívül hagytam a régi opciókat (%s).\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "MEGJEGYZÉS: %s nem normál használatra van!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, fuzzy, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "%s nem érvényes karakterkiosztás!\n"
+
+#: g10/gpg.c:2624
+#, fuzzy, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "%s nem érvényes karakterkiosztás!\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+#, fuzzy
+msgid "could not parse keyserver URL\n"
+msgstr "Értelmezhetetlen a kulcsszerver URI-ja!\n"
+
+#: g10/gpg.c:2659
+#, fuzzy, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: Érvénytelen export opciók!\n"
+
+#: g10/gpg.c:2662
+#, fuzzy
+msgid "invalid keyserver options\n"
+msgstr "Érvénytelen export opciók!\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: Érvénytelen import opciók!\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "Érvénytelen import opciók!\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: Érvénytelen export opciók!\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "Érvénytelen export opciók!\n"
+
+#: g10/gpg.c:2689
+#, fuzzy, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: Érvénytelen import opciók!\n"
+
+#: g10/gpg.c:2692
+#, fuzzy
+msgid "invalid list options\n"
+msgstr "Érvénytelen import opciók!\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "%s nem érvényes karakterkiosztás!\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "A megadott aláírási eljárásmód URL-je érvénytelen!\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "%s nem érvényes karakterkiosztás!\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "%s nem érvényes karakterkiosztás!\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, fuzzy, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: Érvénytelen export opciók!\n"
+
+#: g10/gpg.c:2732
+#, fuzzy
+msgid "invalid verify options\n"
+msgstr "Érvénytelen export opciók!\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "Nem tudom a végrehajtási elérési utat %s értékre állítani!\n"
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: Érvénytelen export opciók!\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "FIGYELEM: A program core állományt hozhat létre!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "FIGYELEM: %s hatástalanítja %s-t!\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s és %s nem használható együtt!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s értelmetlen %s mellett!\n"
+
+#: g10/gpg.c:3057
+#, fuzzy, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "Írom a titkos kulcsot a %s állományba.\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "Csak különálló és olvashatószöveg-aláírást készíthet --pgp2 módban!\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "Nem írhat alá és titkosíthat egyszerre --pgp2 módban!\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "Csak állományokat (pipe-ot nem) használhat --pgp2 módban!\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "Üzenet titkosítása --pgp2 módban IDEA rejtjelezõt igényel!\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "A kiválasztott rejtjelezõ algoritmus érvénytelen!\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "A kiválasztott kivonatoló algoritmus érvénytelen!\n"
+
+#: g10/gpg.c:3175
+#, fuzzy
+msgid "selected compression algorithm is invalid\n"
+msgstr "A kiválasztott rejtjelezõ algoritmus érvénytelen!\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "Az igazoláshoz kiválasztott kivonatoló algoritmus érvénytelen!\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed nagyobb kell legyen 0-nál!\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed nagyobb kell legyen 1-nél!\n"
+
+#: g10/gpg.c:3200
+#, fuzzy
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth 1 és 255 közé kell essen!\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "Érvénytelen default-cert-level; 0, 1, 2 vagy 3 lehet.\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "Érvénytelen min-cert-level; 0, 1, 2 vagy 3 lehet.\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "MEGJEGYZÉS: Egyszerû S2K mód (0) erõsen ellenjavallt!\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "Érvénytelen S2K mód; 0, 1 vagy 3 lehet.\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "Érvénytelen alapértelmezett preferenciák!\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "Érvénytelen személyes rejtjelezõ-preferenciák!\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "Érvénytelen személyes kivonatolópreferenciák!\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "Érvénytelen személyes tömörítõpreferenciák!\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s és %s egyelõre nem használható együtt!\n"
+
+#: g10/gpg.c:3310
+#, fuzzy, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr ""
+"Lehet, hogy nem használhatja \"%s\" rejtjelezõ algoritmust %s módban!\n"
+
+#: g10/gpg.c:3315
+#, fuzzy, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr ""
+"Lehet, hogy nem használhatja \"%s\" kivonatoló algoritmust %s módban!\n"
+
+#: g10/gpg.c:3320
+#, fuzzy, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "Lehet, hogy nem használhatja \"%s\" tömörítõ algoritmust %s módban!\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"FIGYELEM: Címzett megadva (-r), de nincs nyilvános kulcsú titkosítás!\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [fájlnév]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [fájlnév]"
+
+#: g10/gpg.c:3447
+#, fuzzy, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "Visszafejtés sikertelen: %s.\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [fájlnév]"
+
+#: g10/gpg.c:3470
+#, fuzzy
+msgid "--symmetric --encrypt [filename]"
+msgstr "--sign --encrypt [fájlnév]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "Lehet, hogy nem használhatja %s-t %s módban!\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [fájlnév]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [fájlnév]"
+
+#: g10/gpg.c:3521
+#, fuzzy
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--sign --encrypt [fájlnév]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "Lehet, hogy nem használhatja %s-t %s módban!\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [fájlnév]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [fájlnév]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [fájlnév]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key felh-azonosító"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key felh-azonosító"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key felh-azonosító [parancsok]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key felh-azonosító"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "Küldés a kulcsszerverre sikertelen: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "Vétel a kulcsszerverrõl sikertelen: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "Kulcsexportálás sikertelen: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "Keresés a kulcsszerveren sikertelen: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "Frissítés a kulcsszerverrõl sikertelen: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "Páncél eltávolítása nem sikerült: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "Páncélozás nem sikerült: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[fájlnév]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Kezdheti gépelni az üzenetet...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "A megadott igazolási eljárásmód URL-je érvénytelen!\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "A megadott aláírási eljárásmód URL-je érvénytelen!\n"
+
+#: g10/gpg.c:4358
+#, fuzzy
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "A megadott aláírási eljárásmód URL-je érvénytelen!\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "a megadott kulcskarikáról vegye a kulcsokat"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "idõbélyeg-konfliktus esetén csak figyelmeztessen"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|ÁL|állapotinformációk írása ÁL állományleíróra"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Használat: gpgv [opciók] [fájlok] (-h a súgóhoz)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Szintaxis: gpg [opciók] [fájlok]\n"
+"Ellenõrzi az aláírásokat az ismert, megbízható kulcsok segítségével.\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Nem áll rendelkezésre segítség."
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Nem áll rendelkezésre segítség \"%s\" témához."
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "bizalmi adatbázis frissítése"
+
+#: g10/import.c:100
+#, fuzzy
+msgid "create a public key when importing a secret key"
+msgstr "A nyilvános kulcs nem passzol a titkos kulcshoz!\n"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "használhatatlan titkos kulcs"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "%d típusú blokkot kihagyom.\n"
+
+#: g10/import.c:275
+#, fuzzy, c-format
+msgid "%lu keys processed so far\n"
+msgstr "Eddig %lu kulcsot dolgoztam fel.\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr " Összesen feldolgoztam: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " új kulcsok kihagyva: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " felh. azonosító nélkül: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importálva: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " változatlan: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " új felh. azonosítók: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " új alkulcsok: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " új aláírások: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " új kulcsvisszavonások: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " olvasott titkos kulcsok: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " importált titkos kulcsok: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr "változatlan titkos kulcsok: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " nem importált: %lu\n"
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " új aláírások: %lu\n"
+
+#: g10/import.c:325
+#, fuzzy, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " olvasott titkos kulcsok: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:662
+#, fuzzy, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr "%s aláírás, %s kivonatoló algoritmus.\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, fuzzy, c-format
+msgid "key %s: no user ID\n"
+msgstr "%08lX kulcs: Nincs felhasználói azonosító.\n"
+
+#: g10/import.c:795
+#, fuzzy, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "%08lX kulcs: HKP alkulcssérülés kijavítva.\n"
+
+#: g10/import.c:810
+#, fuzzy, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "%08lX kulcs: Nem önaláírt felh. azonosító (\"%s\") elfogadva.\n"
+
+#: g10/import.c:816
+#, fuzzy, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "%08lX kulcs: Nincs érvényes felhasználói azonosító.\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "Ezt okozhatja egy hiányzó önaláírás.\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, fuzzy, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "%08lX kulcs: Nyilvános kulcs nem található: %s\n"
+
+#: g10/import.c:834
+#, fuzzy, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "%08lX kulcs: új kulcs - kihagytam.\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "Nem írható kulcskarikát találtam: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "Írok a \"%s\" állományba.\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
+
+#: g10/import.c:871
+#, fuzzy, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "%08lX kulcs: \"%s\" nyilvános kulcs importálva.\n"
+
+#: g10/import.c:895
+#, fuzzy, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "%08lX kulcs: Nem egyezik a mi másolatunkkal!\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, fuzzy, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "%08lX kulcs: Nem találom az eredeti kulcsblokkot: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, fuzzy, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "%08lX kulcs: Nem tudom beolvasni az eredeti kulcsblokkot: %s\n"
+
+#: g10/import.c:962
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "%08lX kulcs: \"%s\" 1 új felhasználói azonosító.\n"
+
+#: g10/import.c:965
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "%08lX kulcs: \"%s\" %d új felhasználói azonosító.\n"
+
+#: g10/import.c:968
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "%08lX kulcs: \"%s\" 1 új aláírás.\n"
+
+#: g10/import.c:971
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "%08lX kulcs: \"%s\" %d új aláírás.\n"
+
+#: g10/import.c:974
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "%08lX kulcs: \"%s\" 1 új alkulcs.\n"
+
+#: g10/import.c:977
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "%08lX kulcs: \"%s\" %d új alkulcs.\n"
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "%08lX kulcs: \"%s\" %d új aláírás.\n"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "%08lX kulcs: \"%s\" %d új aláírás.\n"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "%08lX kulcs: \"%s\" %d új felhasználói azonosító.\n"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "%08lX kulcs: \"%s\" %d új felhasználói azonosító.\n"
+
+#: g10/import.c:1013
+#, fuzzy, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "%08lX kulcs: \"%s\" nem változott.\n"
+
+#: g10/import.c:1185
+#, fuzzy, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr ""
+"%08lX kulcs: Titkos kulcs érvénytelen (%d) rejtjelezõvel - kihagytam.\n"
+
+#: g10/import.c:1196
+#, fuzzy
+msgid "importing secret keys not allowed\n"
+msgstr "Írom a titkos kulcsot a %s állományba.\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "Nincs alapértelmezett titkoskulcs-karika: %s\n"
+
+#: g10/import.c:1224
+#, fuzzy, c-format
+msgid "key %s: secret key imported\n"
+msgstr "%08lX kulcs: Titkos kulcs importálva.\n"
+
+#: g10/import.c:1254
+#, fuzzy, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "%08lX kulcs: Már szerepel a titkoskulcs-karikán.\n"
+
+#: g10/import.c:1264
+#, fuzzy, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "%08lX kulcs: Titkos kulcs nem található: %s\n"
+
+#: g10/import.c:1296
+#, fuzzy, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr "%08lX kulcs: Nincs nyilvános kulcs - nem tudok visszavonni.\n"
+
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "%08lX kulcs: Érvénytelen visszavonó igazolás: %s - visszautasítva.\n"
+
+#: g10/import.c:1371
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "%08lX kulcs: \"%s\" visszavonó igazolást importáltam.\n"
+
+#: g10/import.c:1447
+#, fuzzy, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "%08lX kulcs: Nincs felhasználói azonosító ehhez az aláíráshoz!\n"
+
+#: g10/import.c:1464
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"%08lX kulcs: Nem támogatott nyilvános kulcsú alg. a \"%s\" felh. "
+"azonosítón!\n"
+
+#: g10/import.c:1466
+#, fuzzy, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "%08lX kulcs: Érvénytelen önaláírás a \"%s\" felh. azonosítón!\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "%08lX kulcs: Nem támogatott nyilvános kulcsú algoritmus!\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "%08lX kulcs: Kulcsaláírást hozzáadtam.\n"
+
+#: g10/import.c:1498
+#, fuzzy, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "%08lX kulcs: Nincs alkulcs a kulcskötéshez!\n"
+
+#: g10/import.c:1511
+#, fuzzy, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "%08lX kulcs: Érvénytelen alkulcskötés!\n"
+
+#: g10/import.c:1527
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "%08lX kulcs: Eltávolítottam a többszörös alkulcskötést.\n"
+
+#: g10/import.c:1549
+#, fuzzy, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "%08lX kulcs: Nincs alkulcs a kulcsvisszavonáshoz.\n"
+
+#: g10/import.c:1562
+#, fuzzy, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "%08lX kulcs: Érvénytelen alkulcsvisszavonás.\n"
+
+#: g10/import.c:1577
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "%08lX kulcs: Eltávolítottam a többszörös alkulcsvisszavonást.\n"
+
+#: g10/import.c:1618
+#, fuzzy, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "%08lX kulcs: Kihagytam a felh. azonosítót: '"
+
+#: g10/import.c:1639
+#, fuzzy, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "%08lX kulcs: Alkulcsot kihagytam.\n"
+
+#: g10/import.c:1666
+#, fuzzy, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "%08lX kulcs: Nem exportálható aláírás (%02x. osztály) - kihagytam.\n"
+
+#: g10/import.c:1676
+#, fuzzy, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "%08lX kulcs: Visszavonó igazolás rossz helyen - kihagytam.\n"
+
+#: g10/import.c:1693
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "%08lX kulcs: Érvénytelen visszavonó igazolás: %s - kihagytam.\n"
+
+#: g10/import.c:1707
+#, fuzzy, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "%08lX kulcs: Alkulcsaláírás rossz helyen - kihagytam.\n"
+
+#: g10/import.c:1715
+#, fuzzy, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "%08lX kulcs: Váratlan aláírásosztály (0x%02X) - kihagytam.\n"
+
+#: g10/import.c:1844
+#, fuzzy, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "%08lX kulcs: Duplázott felh. azonosítót találtam - összefûztem.\n"
+
+#: g10/import.c:1906
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"FIGYELEM: %08lX kulcsot visszavonhatták:\n"
+"lehívom a %08lX visszavonó kulcsot.\n"
+
+#: g10/import.c:1920
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"FIGYELEM: %08lX kulcsot visszavonhatták:\n"
+"visszavonó kulcs (%08lX) nincs jelen.\n"
+
+#: g10/import.c:1979
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "%08lX kulcs: \"%s\" visszavonó igazolást hozzáadtam.\n"
+
+#: g10/import.c:2013
+#, fuzzy, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "%08lX kulcs: Kulcsaláírást hozzáadtam.\n"
+
+#: g10/import.c:2414
+#, fuzzy
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "A nyilvános kulcs nem passzol a titkos kulcshoz!\n"
+
+#: g10/import.c:2422
+#, fuzzy
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "Kihagytam: titkos kulcs már jelen van.\n"
+
+#: g10/import.c:2424
+#, fuzzy
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "Kihagytam: titkos kulcs már jelen van.\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "\"%s\" kulcskarikát létrehoztam.\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, fuzzy, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "Hiba \"%s\" létrehozásakor: %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "Nem tudtam újraépíteni a kulcskarika cache-ét: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[visszavonás]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[önaláírás]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 rossz aláírás.\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d rossz aláírás.\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 aláírást nem ellenõriztem hiányzó kulcs miatt.\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d aláírást nem ellenõriztem hiányzó kulcs miatt.\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 aláírást nem ellenõriztem hiba miatt.\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d aláírást nem ellenõriztem hiba miatt.\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "1 felhasználóazonosítót találtam érvényes önaláírás nélkül.\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "%d felhasználóazonosítót találtam érvényes önaláírás nélkül.\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+#, fuzzy
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Kérem, döntse el, hogy mennyire bízik meg ebben a felhasználóban,\n"
+"hogy megfelelõen ellenõrzi mások kulcsait (útlevelek ellenõrzésével,\n"
+"különbözõ forrásból származó digitális ujjlenyomatokkal...)!\n"
+"\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, fuzzy, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = részlegesen megbízom benne\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, fuzzy, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = teljesen megbízom benne\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "\"%s\" felhasználói azonosítót visszavonták."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Biztos abban, hogy továbbra is alá akarja írni? (i/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Nem tudom aláírni.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "\"%s\" felhasználói azonosító lejárt."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "\"%s\" felhasználóazonosítón nincs önaláírás."
+
+#: g10/keyedit.c:682
+#, fuzzy, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "\"%s\" felhasználóazonosítón nincs önaláírás."
+
+#: g10/keyedit.c:684
+#, fuzzy
+msgid "Sign it? (y/N) "
+msgstr "Valóban aláírja? "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"\"%s\" önaláírása\n"
+"PGP 2.x stílusú.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Szeretné átalakítani OpenPGP önaláírássá? (i/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Az Ön jelenlegi aláírása a(z) \"%s\"\n"
+"kulcson lejárt.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "Szeretne kiadni egy új aláírást, amellyel lecseréli a lejártat? (i/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Az Ön jelenlegi aláírása a(z) \"%s\"\n"
+"kulcson helyi aláírás.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "Szeretné átalakítani teljes, exportálható aláírássá? (i/N) "
+
+#: g10/keyedit.c:779
+#, fuzzy, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" már alá lett írva helyileg a %08lX kulccsal!\n"
+
+#: g10/keyedit.c:782
+#, fuzzy, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" már alá lett írva a %08lX kulccsal!\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Még egyszer alá akarja írni? (i/N) "
+
+#: g10/keyedit.c:809
+#, fuzzy, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Nincs mit aláírni a %08lX kulccsal!\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Ez a kulcs lejárt!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Ez a kulcs lejár: %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Szeretné, ha az aláírása ugyanekkor járna le? (I/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"Lehet, hogy nem rakhat OpenPGP aláírást egy PGP 2.x kulcsra --pgp2 módban.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Ez használhatatlanná tenné a kulcsot PGP 2.x-ben.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Mennyire gondosan ellenõrizte, hogy a kulcs, melyet aláírni készül, valóban\n"
+"a fent nevezett személyhez tartozik? Ha nem tudja a választ, írjon \"0\"-t!\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Nem válaszolok.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Egyáltalán nem ellenõriztem.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) A szokásos ellenõrzéseket végeztem.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Nagyon alaposan ellenõriztem.%s\n"
+
+#: g10/keyedit.c:932
+#, fuzzy
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Mi a válasza? (Adjon meg \"?\"-et magyarázathoz!): "
+
+#: g10/keyedit.c:956
+#, fuzzy, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Teljesen biztos abban, hogy alá akarja írni ezt a kulcsot\n"
+"az Ön kulcsával: \""
+
+#: g10/keyedit.c:963
+#, fuzzy
+msgid "This will be a self-signature.\n"
+msgstr ""
+"\n"
+"Ez egy önaláírás lesz.\n"
+
+#: g10/keyedit.c:969
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"FIGYELEM: Az aláírás nem lesz \"nem exportálhatóként\" megjelölve.\n"
+
+#: g10/keyedit.c:977
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"FIGYELEM: Az aláírás nem lesz \"nem visszavonhatóként\" megjelölve.\n"
+
+#: g10/keyedit.c:987
+#, fuzzy
+msgid "The signature will be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"Az aláírást \"nem exportálhatónak\" jelöljük.\n"
+
+#: g10/keyedit.c:994
+#, fuzzy
+msgid "The signature will be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"Az aláírást \"nem visszavonhatónak\" jelöljük.\n"
+
+#: g10/keyedit.c:1001
+#, fuzzy
+msgid "I have not checked this key at all.\n"
+msgstr ""
+"\n"
+"Egyáltalán nem ellenõriztem ezt a kulcsot.\n"
+
+#: g10/keyedit.c:1006
+#, fuzzy
+msgid "I have checked this key casually.\n"
+msgstr ""
+"\n"
+"A szokásos módon ellenõriztem ezt a kulcsot.\n"
+
+#: g10/keyedit.c:1011
+#, fuzzy
+msgid "I have checked this key very carefully.\n"
+msgstr ""
+"\n"
+"Nagyon gondosan ellenõriztem ezt a kulcsot.\n"
+
+#: g10/keyedit.c:1021
+#, fuzzy
+msgid "Really sign? (y/N) "
+msgstr "Valóban aláírja? "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "Aláírás sikertelen: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Ez a kulcs nem védett.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Az elsõdleges kulcs titkos részei nem elérhetõk.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+#, fuzzy
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Az elsõdleges kulcs titkos részei nem elérhetõk.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "A kulcs védett.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Nem tudom szerkeszteni ezt a kulcsot: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Írja be az új jelszót ehhez a titkos kulcshoz!\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "Nem ismételte meg helyesen a jelszót! Próbálja újra!"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Ön nem akar jelszót. Ez valószínûleg *rossz* ötlet!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+#, fuzzy
+msgid "Do you really want to do this? (y/N) "
+msgstr "Valóban ezt akarja? "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "Átrakom a kulcsaláírást a megfelelõ helyre.\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "mentés és kilépés"
+
+#: g10/keyedit.c:1387
+#, fuzzy
+msgid "show key fingerprint"
+msgstr "megmutatja az ujjlenyomatot"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "kilistázza a kulcs- és felhasználóazonosítókat"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "N. felhasználói azonosító kiválasztása"
+
+#: g10/keyedit.c:1391
+#, fuzzy
+msgid "select subkey N"
+msgstr "N. felhasználói azonosító kiválasztása"
+
+#: g10/keyedit.c:1392
+#, fuzzy
+msgid "check signatures"
+msgstr "aláírások visszavonása"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+#, fuzzy
+msgid "sign selected user IDs locally"
+msgstr "kulcs helyi aláírása"
+
+#: g10/keyedit.c:1404
+#, fuzzy
+msgid "sign selected user IDs with a trust signature"
+msgstr "Javaslat: Válassza ki az aláírni kívánt felhasználóazonosítókat!\n"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "felhasználói azonosító hozzáadása"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "fotóazonosító hozzáadása"
+
+#: g10/keyedit.c:1414
+#, fuzzy
+msgid "delete selected user IDs"
+msgstr "felhasználói azonosító törlése"
+
+#: g10/keyedit.c:1419
+#, fuzzy
+msgid "add a subkey"
+msgstr "addkey"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+#, fuzzy
+msgid "delete selected subkeys"
+msgstr "másodlagos kulcs törlése"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "visszavonó kulcs hozzáadása"
+
+#: g10/keyedit.c:1435
+#, fuzzy
+msgid "delete signatures from the selected user IDs"
+msgstr "Valóban frissíti a kijelölt felhasználóazonosítók preferenciáit? "
+
+#: g10/keyedit.c:1437
+#, fuzzy
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "Nem változtathatja meg egy v3 kulcs lejárati dátumát!\n"
+
+#: g10/keyedit.c:1439
+#, fuzzy
+msgid "flag the selected user ID as primary"
+msgstr "felhasználóazonosító megjelölése elsõdlegesként"
+
+#: g10/keyedit.c:1441
+#, fuzzy
+msgid "toggle between the secret and public key listings"
+msgstr "váltás a titkos és a nyilvános kulcs listázása között"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "preferenciák listázása (szakértõ)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "preferenciák listázása (részletes)"
+
+#: g10/keyedit.c:1448
+#, fuzzy
+msgid "set preference list for the selected user IDs"
+msgstr "Valóban frissíti a kijelölt felhasználóazonosítók preferenciáit? "
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "Értelmezhetetlen a kulcsszerver URI-ja!\n"
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr "Valóban frissíti a kijelölt felhasználóazonosítók preferenciáit? "
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "jelszóváltoztatás"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "kulcstulajdonos megbízhatóságának beállítása"
+
+#: g10/keyedit.c:1463
+#, fuzzy
+msgid "revoke signatures on the selected user IDs"
+msgstr "Valóban visszavonja az összes kijelölt felhasználóazonosítót? "
+
+#: g10/keyedit.c:1465
+#, fuzzy
+msgid "revoke selected user IDs"
+msgstr "felhasználói azonosító visszavonása"
+
+#: g10/keyedit.c:1470
+#, fuzzy
+msgid "revoke key or selected subkeys"
+msgstr "másodlagos kulcs visszavonása"
+
+#: g10/keyedit.c:1471
+#, fuzzy
+msgid "enable key"
+msgstr "kulcs engedélyezése"
+
+#: g10/keyedit.c:1472
+#, fuzzy
+msgid "disable key"
+msgstr "kulcs tiltása"
+
+#: g10/keyedit.c:1473
+#, fuzzy
+msgid "show selected photo IDs"
+msgstr "fotóazonosító megmutatása"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, fuzzy, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "Hiba \"%s\" titkoskulcs-blokk olvasásakor: %s.\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Titkos kulcs rendelkezésre áll.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Ehhez szükség van a titkos kulcsra.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Kérem, használja elõbb a \"toggle\" parancsot!\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "A kulcsot visszavonták."
+
+#: g10/keyedit.c:1798
+#, fuzzy
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Valóban aláírja az összes felhasználóazonosítót? "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Javaslat: Válassza ki az aláírni kívánt felhasználóazonosítókat!\n"
+
+#: g10/keyedit.c:1814
+#, fuzzy, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "ismeretlen aláírásosztály"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Ez a parancs %s módban nem engedélyezett.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Legalább egy felhasználóazonosítót ki kell választania!\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Nem törölheti az utolsó felhasználóazonosítót!\n"
+
+#: g10/keyedit.c:1863
+#, fuzzy
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Valóban eltávolítja az összes kijelölt felhasználóazonosítót? "
+
+#: g10/keyedit.c:1864
+#, fuzzy
+msgid "Really remove this user ID? (y/N) "
+msgstr "Valóban eltávolítja ezt a felhasználóazonosítót? "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+#, fuzzy
+msgid "Really move the primary key? (y/N) "
+msgstr "Valóban eltávolítja ezt a felhasználóazonosítót? "
+
+#: g10/keyedit.c:1929
+#, fuzzy
+msgid "You must select exactly one key.\n"
+msgstr "Legalább egy kulcsot ki kell választania!\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, fuzzy, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "Nem tudom megnyitni a(z) \"%s\" állományt: %s.\n"
+
+#: g10/keyedit.c:1988
+#, fuzzy, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Legalább egy kulcsot ki kell választania!\n"
+
+#: g10/keyedit.c:2015
+#, fuzzy
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Valóban törli a kiválasztott kulcsokat? "
+
+#: g10/keyedit.c:2016
+#, fuzzy
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Valóban törli ezt a kulcsot? "
+
+#: g10/keyedit.c:2051
+#, fuzzy
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Valóban visszavonja az összes kijelölt felhasználóazonosítót? "
+
+#: g10/keyedit.c:2052
+#, fuzzy
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Valóban visszavonja ezt a felhasználóazonosítót? "
+
+#: g10/keyedit.c:2070
+#, fuzzy
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Valóban visszavonja ezt a kulcsot? "
+
+#: g10/keyedit.c:2081
+#, fuzzy
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Valóban visszavonja a kijelölt kulcsokat? "
+
+#: g10/keyedit.c:2083
+#, fuzzy
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Valóban visszavonja ezt a kulcsot? "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+#, fuzzy
+msgid "Set preference list to:\n"
+msgstr "preferencialista beállítása"
+
+#: g10/keyedit.c:2181
+#, fuzzy
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "Valóban frissíti a kijelölt felhasználóazonosítók preferenciáit? "
+
+#: g10/keyedit.c:2183
+#, fuzzy
+msgid "Really update the preferences? (y/N) "
+msgstr "Valóban frissítsem a preferenciákat? "
+
+#: g10/keyedit.c:2253
+#, fuzzy
+msgid "Save changes? (y/N) "
+msgstr "Mentsem a változtatásokat? "
+
+#: g10/keyedit.c:2256
+#, fuzzy
+msgid "Quit without saving? (y/N) "
+msgstr "Kilépjek mentés nélkül? "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "Frissítés sikertelen: %s.\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "Titkoskulcs-blokk frissítése sikertelen: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "A kulcs nem változott, nincs szükség frissítésre.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Kivonat: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Jellemzõk: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr "Jelölés: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "Nincsenek preferenciák egy PGP 2.x felhasználóazonosítón!\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Ezt a kulcsot a következõ %s kulcs visszavonhatja: "
+
+#: g10/keyedit.c:2832
+#, fuzzy, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Ezt a kulcsot a következõ %s kulcs visszavonhatja: "
+
+#: g10/keyedit.c:2838
+#, fuzzy
+msgid "(sensitive)"
+msgstr " (érzékeny)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, fuzzy, c-format
+msgid "created: %s"
+msgstr "%s nem hozható létre: %s\n"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, fuzzy, c-format
+msgid "revoked: %s"
+msgstr "[visszavont] "
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, fuzzy, c-format
+msgid "expired: %s"
+msgstr " [lejár: %s]"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, fuzzy, c-format
+msgid "expires: %s"
+msgstr " [lejár: %s]"
+
+#: g10/keyedit.c:2863
+#, fuzzy, c-format
+msgid "usage: %s"
+msgstr " bizalom: %c/%c"
+
+#: g10/keyedit.c:2878
+#, fuzzy, c-format
+msgid "trust: %s"
+msgstr " bizalom: %c/%c"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr ""
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Ez a kulcs tiltott."
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Kérem, vegye figyelembe, hogy az itt látható kulcs érvényessége nem\n"
+"feltétlenül helyes, amíg újra nem indítja a programot!\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+#, fuzzy
+msgid "revoked"
+msgstr "[visszavont] "
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+#, fuzzy
+msgid "expired"
+msgstr "expire"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"FIGYELEM: Nincs kijelölt elsõdleges felhasználóazonosító. Ez a parancs\n"
+" azt okozhatja, hogy egy másik azonosító lesz elsõdlegesként használva.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"FIGYELEM: Ez egy PGP2 stílusú kulcs. Fotóazonosító hozzáadása azt "
+"okozhatja,\n"
+" hogy a PGP egyes verziói visszautasítják ezt a kulcsot.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Továbbra is hozzá akarja adni? (i/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "Lehet, hogy nem adhat fotóazonosítót egy PGP2 stílusú kulcshoz!\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Törli ezt a jó aláírást? (i/N/k)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Törli ezt az érvénytelen aláírást? (i/N/k)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Törli ezt az ismeretlen aláírást? (i/N/k)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Valóban törli ezt az önaláírást? (i/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Töröltem %d aláírást.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "Töröltem %d aláírást.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Nem töröltem semmit.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+#, fuzzy
+msgid "invalid"
+msgstr "érvénytelen páncél"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "\"%s\" felhasználói azonosítót visszavonták."
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "\"%s\" felhasználói azonosítót visszavonták."
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "\"%s\" felhasználói azonosítót visszavonták."
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "\"%s\" felhasználói azonosítót már visszavonták.\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "\"%s\" felhasználói azonosítót már visszavonták.\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"FIGYELEM: Ez egy PGP 2.x stílusú kulcs. Kijelölt visszavonó hozzáadása\n"
+" azt okozhatja, hogy egyes PGP verziók visszautasítják ezt a "
+"kulcsot!\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr ""
+"Lehet, hogy nem adhat kijelölt visszavonót egy PGP 2.x-stílusú kulcshoz.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Írja be a kijelölt visszavonó felhasználóazonosítóját: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "Nem adhat meg PGP 2.x stílusú kulcsot kijelölt visszavonónak!\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "Nem adhat meg egy kulcsot saját kijelölt visszavonójának!\n"
+
+#: g10/keyedit.c:3561
+#, fuzzy
+msgid "this key has already been designated as a revoker\n"
+msgstr "FIGYELEM: Ezt a kulcsot a kijelölt visszavonó visszavonta!\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"FIGYELEM: A kijelölt visszavonó kulcs megadása nem csinálható vissza!\n"
+
+#: g10/keyedit.c:3586
+#, fuzzy
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr "Biztosan ez a kulcs legyen a kijelölt visszavonó? (i/N): "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Kérem, távolítsa el a kijelöléseket a titkos kulcsokról!\n"
+
+#: g10/keyedit.c:3653
+#, fuzzy
+msgid "Please select at most one subkey.\n"
+msgstr "Maximum egy másodlagos kulcsot jelöljön ki, kérem!\n"
+
+#: g10/keyedit.c:3657
+#, fuzzy
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Másodlagos kulcs lejárati idejének változtatása.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Elsõdleges kulcs lejárati idejének változtatása.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Nem változtathatja meg egy v3 kulcs lejárati dátumát!\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Nincs megfelelõ aláírás a titkoskulcs-karikán.\n"
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "FIGYELEM: %08lX aláíró alkulcs nem kereszthitelesített.\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Kérem, válasszon ki pontosan egy felhasználóazonosítót!\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, fuzzy, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "Kihagyom a v3 önaláírást a \"%s\" felhasználóazonosítón.\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+#, fuzzy
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Biztos abban, hogy használni akarja (i/N)? "
+
+#: g10/keyedit.c:4260
+#, fuzzy
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Biztos abban, hogy használni akarja (i/N)? "
+
+#: g10/keyedit.c:4322
+#, fuzzy
+msgid "Enter the notation: "
+msgstr "Aláírás-jelölés: "
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "Felülírjam (i/N)? "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Nincs %d indexû felhasználóazonosító!\n"
+
+#: g10/keyedit.c:4604
+#, fuzzy, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Nincs %d indexû felhasználóazonosító!\n"
+
+#: g10/keyedit.c:4639
+#, fuzzy, c-format
+msgid "No subkey with index %d\n"
+msgstr "Nincs %d indexû felhasználóazonosító!\n"
+
+#: g10/keyedit.c:4774
+#, fuzzy, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "Felhasználóazonosító: \""
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, fuzzy, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr " aláírva %08lX által %s%s%s idõpontban.\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (nem exportálható)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Ez az aláírás lejárt %s idõpontban.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Biztos benne, hogy mégis visszavonja? (i/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Csináljunk egy visszavonó igazolást ehhez az aláíráshoz? (i/N) "
+
+#: g10/keyedit.c:4842
+#, fuzzy
+msgid "Not signed by you.\n"
+msgstr " aláírva %08lX által %s%s idõpontban.\n"
+
+#: g10/keyedit.c:4848
+#, fuzzy, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Ön aláírta a következõ felhasználóazonosítókat:\n"
+
+#: g10/keyedit.c:4874
+#, fuzzy
+msgid " (non-revocable)"
+msgstr " (nem exportálható)"
+
+#: g10/keyedit.c:4881
+#, fuzzy, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr " visszavonva %08lX által %s idõpontban.\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "A következõ aláírásokat fogja visszavonni:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Valóban létrehozzam a visszavonó igazolást? (i/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "Nincs titkos kulcs.\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "\"%s\" felhasználói azonosítót már visszavonták.\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+"FIGYELEM: A felhasználóazonosítót %d másodperccel a jövõben írták alá.\n"
+
+#: g10/keyedit.c:5104
+#, fuzzy, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "\"%s\" felhasználói azonosítót már visszavonták.\n"
+
+#: g10/keyedit.c:5166
+#, fuzzy, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "\"%s\" felhasználói azonosítót már visszavonták.\n"
+
+#: g10/keyedit.c:5261
+#, fuzzy, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "%s fotóazonosító (méret: %ld, kulcs: 0x%08lX, felh: %d) mutatása.\n"
+
+#: g10/keygen.c:275
+#, fuzzy, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "%c%lu preferencia kétszer szerepel!\n"
+
+#: g10/keygen.c:282
+#, fuzzy
+msgid "too many cipher preferences\n"
+msgstr "Túl sok \"%c\" preferencia.\n"
+
+#: g10/keygen.c:284
+#, fuzzy
+msgid "too many digest preferences\n"
+msgstr "Túl sok \"%c\" preferencia.\n"
+
+#: g10/keygen.c:286
+#, fuzzy
+msgid "too many compression preferences\n"
+msgstr "Túl sok \"%c\" preferencia.\n"
+
+#: g10/keygen.c:426
+#, fuzzy, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "Érvénytelen karakter a preferenciák között!\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "Sima aláírást írok.\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "Önaláírást írok.\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "Összefûzõ aláírást írok.\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "Kulcsméret érvénytelen; %u bitet használok.\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "Kulcsméretet felkerekítettem %u bitre.\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+#, fuzzy
+msgid "Sign"
+msgstr "sign"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+#, fuzzy
+msgid "Encrypt"
+msgstr "adat titkosítása"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr ""
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, fuzzy, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%d) ElGamal (csak titkosítás)\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Kérem, adja meg, milyen kulcsot kíván:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA és ElGamal (alapértelmezés)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA és ElGamal (alapértelmezés)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (csak aláírás)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (csak aláírás)\n"
+
+#: g10/keygen.c:1698
+#, fuzzy, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (csak titkosítás)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (csak titkosítás)\n"
+
+#: g10/keygen.c:1703
+#, fuzzy, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) RSA (csak titkosítás)\n"
+
+#: g10/keygen.c:1704
+#, fuzzy, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (csak titkosítás)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Milyen kulcsméretet szeretne? (1024) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, fuzzy, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Milyen kulcsméretet szeretne? (1024) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "A kívánt kulcsméret %u bit.\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Kérem, adja meg, meddig legyen érvényes a kulcs!\n"
+" 0 = a kulcs soha nem jár le\n"
+" <n> = a kulcs n napig érvényes\n"
+" <n>w = a kulcs n hétig érvényes\n"
+" <n>m = a kulcs n hónapig érvényes\n"
+" <n>y = a kulcs n évig érvényes\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Kérem, adja meg, meddig legyen érvényes az aláírás!\n"
+" 0 = az aláírás soha nem jár le\n"
+" <n> = az aláírás n napig érvényes\n"
+" <n>w = az aláírás n hétig érvényes\n"
+" <n>m = az aláírás n hónapig érvényes\n"
+" <n>y = az aláírás n évig érvényes\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Meddig érvényes a kulcs? (0) "
+
+#: g10/keygen.c:1964
+#, fuzzy, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Meddig érvényes az aláírás? (0) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "Érvénytelen érték!\n"
+
+#: g10/keygen.c:1989
+#, fuzzy
+msgid "Key does not expire at all\n"
+msgstr "%s soha nem jár le.\n"
+
+#: g10/keygen.c:1990
+#, fuzzy
+msgid "Signature does not expire at all\n"
+msgstr "%s soha nem jár le.\n"
+
+#: g10/keygen.c:1995
+#, fuzzy, c-format
+msgid "Key expires at %s\n"
+msgstr "%s lejár: %s\n"
+
+#: g10/keygen.c:1996
+#, fuzzy, c-format
+msgid "Signature expires at %s\n"
+msgstr "Az aláírás lejár: %s.\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Az Ön rendszere nem tud megjeleníteni 2038 utáni dátumokat.\n"
+"Azonban kezelni helyesen tudja õket egészen 2106-ig.\n"
+
+#: g10/keygen.c:2013
+#, fuzzy
+msgid "Is this correct? (y/N) "
+msgstr "Ez így helyes (i/n)? "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+#, fuzzy
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Szüksége lesz egy felhasználói azonosítóra a kulcsa azonosításához;\n"
+"a szoftver ezt a teljes névbõl, megjegyzésbõl és e-mail címbõl állítja\n"
+"elõ a következõ formában:\n"
+" \"Heinrich Heine (a költõ) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Teljes név: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Érvénytelen karakter a névben!\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "A név lehet, hogy nem kezdõdhet számmal!\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "A név legalább 5 karakter kell legyen!\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "E-mail cím: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Ez nem érvényes e-mail cím.\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Megjegyzés: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Érvénytelen karakter a megjegyzésben!\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Ön a(z) %s karakterkódolást használja.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Ön a következõ felhasználói azonosítót választotta:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "Kérem, ne rakja az e-mail címet a teljes névbe vagy a megjegyzésbe!\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnMmEeRrKk"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "(N)év, (M)egjegyzés, (E)-mail megváltoztatása vagy (K)ilépés? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr ""
+"(N)év, (M)egjegyzés, (E)-mail megváltoztatása vagy (R)endben/(K)ilépés? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Kérem, elõbb javítsa ki a hibát!\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Most szükség van egy jelszóra (vagy mondatra), amely a titkos kulcsát védi.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Ön nem akar jelszót. Ez valószínûleg egy *rossz* ötlet!\n"
+"De azért megcsinálom. Bármikor megváltoztathatja a jelszavát\n"
+"az \"--edit-key\" opcióval.\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Nagyon sok véletlen bájtra van szükségünk. Jó ötlet, ha csinál valami\n"
+"egyéb mûveletet (gépel a billentyûzeten, mozgatja az egeret, használja\n"
+"a lemezeket) a prímszám generálása alatt. Ez segíti a véletlenszám-\n"
+"generátort, hogy entrópiát tudjon gyûjteni.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Kulcs létrehozása megszakítva.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "Írom a kulcsot a %s állományba.\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, fuzzy, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "Írom a titkos kulcsot a %s állományba.\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "Írom a titkos kulcsot a %s állományba.\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "Nem írható nyilvánoskulcs-karikát találtam: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "Nem írható titkoskulcs-karikát találtam: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "Hiba a(z) \"%s\" nyilvánoskulcs-karika írásakor: %s.\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "Hiba a(z) \"%s\" titkoskulcs-karika írásakor: %s.\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "A nyilvános és titkos kulcsokat létrehoztam és aláírtam.\n"
+
+#: g10/keygen.c:3672
+#, fuzzy
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Ez a kulcs nem használható titkosításra. Ha egy másodlagos kulcsot\n"
+"kíván ilyen célra létrehozni, azt az \"--edit-key\" parancs segítségével\n"
+"teheti meg.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Kulcsgenerálás sikertelen: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"A kulcs %lu másodperccel a jövõben készült. (Idõugrás vagy óraprobléma.)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"A kulcs %lu másodperccel a jövõben készült. (Idõugrás vagy óraprobléma.)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr ""
+"MEGJEGYZÉS: Alkulcsok létrehozása v3 kulcsokhoz nem OpenPGP-megfelelõ.\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+#, fuzzy
+msgid "Really create? (y/N) "
+msgstr "Valóban létrehozzam? "
+
+#: g10/keygen.c:4116
+#, fuzzy, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "A kulcsblokk törlése sikertelen: %s.\n"
+
+#: g10/keygen.c:4165
+#, fuzzy, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "Nem tudom létrehozni a(z) \"%s\" állományt: %s.\n"
+
+#: g10/keygen.c:4191
+#, fuzzy, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "MEGJEGYZÉS: %08lX titkos kulcs %s-kor lejárt.\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "soha "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Kritikus aláírási eljárásmód: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Aláírási eljárásmód: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Kritikus aláírás-jelölés: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Aláírás-jelölés: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Kulcskarika"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Elsõdlegeskulcs-ujjlenyomat:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Alkulcsujjlenyomat:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr "Elsõdlegeskulcs-ujjlenyomat:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Alkulcsujjlenyomat:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+#, fuzzy
+msgid " Key fingerprint ="
+msgstr " Kulcs ujjlenyomata ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, fuzzy, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "Páncélozás nem sikerült: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "FIGYELEM: 2 bizalmas információkat tartalmazó állomány van!\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s az eredeti példány.\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s az új példány.\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Kérem, oldja meg ezt a lehetséges biztonsági problémát!\n"
+
+#: g10/keyring.c:1430
+#, fuzzy, c-format
+msgid "caching keyring `%s'\n"
+msgstr "Ellenõrzöm a(z) \"%s\" kulcskarikát.\n"
+
+#: g10/keyring.c:1489
+#, fuzzy, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu kulcsot ellenõriztem (%lu aláírással).\n"
+
+#: g10/keyring.c:1501
+#, fuzzy, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu kulcsot ellenõriztem (%lu aláírással).\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: Kulcskarikát létrehoztam.\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "A megadott aláírási eljárásmód URL-je érvénytelen!\n"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, fuzzy, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"FIGYELEM: \"%s\" opciói csak a következõ futáskor lesznek érvényesek!\n"
+
+#: g10/keyserver.c:544
+#, fuzzy
+msgid "disabled"
+msgstr "disable"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, fuzzy, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "Érvénytelen export opciók!\n"
+
+#: g10/keyserver.c:932
+#, fuzzy, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "\"%s\" kulcs nem található: %s\n"
+
+#: g10/keyserver.c:934
+#, fuzzy
+msgid "key not found on keyserver\n"
+msgstr "\"%s\" kulcs nem található: %s\n"
+
+#: g10/keyserver.c:1177
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "Lekérem a %08lX kulcsot a %s kulcsszerverrõl.\n"
+
+#: g10/keyserver.c:1181
+#, fuzzy, c-format
+msgid "requesting key %s from %s\n"
+msgstr "Lekérem a %08lX kulcsot a %s kulcsszerverrõl.\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "Keresem \"%s\"-t a %s HKP szerveren.\n"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "Keresem \"%s\"-t a %s HKP szerveren.\n"
+
+#: g10/keyserver.c:1361
+#, fuzzy, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "Keresem \"%s\"-t a %s HKP szerveren.\n"
+
+#: g10/keyserver.c:1365
+#, fuzzy, c-format
+msgid "sending key %s to %s\n"
+msgstr ""
+"\"\n"
+"Aláírva az Ön %08lX kulcsával %s idõpontban.\n"
+
+#: g10/keyserver.c:1408
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "Keresem \"%s\"-t a %s HKP szerveren.\n"
+
+#: g10/keyserver.c:1411
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "Keresem \"%s\"-t a %s HKP szerveren.\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+#, fuzzy
+msgid "no keyserver action!\n"
+msgstr "Érvénytelen export opciók!\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr ""
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+#: g10/keyserver.c:1575
+#, fuzzy
+msgid "keyserver timed out\n"
+msgstr "kulcsszerverhiba"
+
+#: g10/keyserver.c:1580
+#, fuzzy
+msgid "keyserver internal error\n"
+msgstr "kulcsszerverhiba"
+
+#: g10/keyserver.c:1589
+#, fuzzy, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "Vétel a kulcsszerverrõl sikertelen: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr ""
+
+#: g10/keyserver.c:1907
+#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr ""
+"FIGYELEM: Nem tudom törölni az (\"%s\") átmeneti állományt: \"%s\": %s.\n"
+
+#: g10/keyserver.c:1929
+#, fuzzy, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "Lekérem a %08lX kulcsot a %s kulcsszerverrõl.\n"
+
+#: g10/keyserver.c:1931
+#, fuzzy, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "Lekérem a %08lX kulcsot a %s kulcsszerverrõl.\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr ""
+"FIGYELEM: Nem tudom törölni az (\"%s\") átmeneti állományt: \"%s\": %s.\n"
+
+#: g10/keyserver.c:1993
+#, fuzzy, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr ""
+"FIGYELEM: Nem tudom törölni az (\"%s\") átmeneti állományt: \"%s\": %s.\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "Furcsa méretû (%d) titkosított munkafolyamatkulcs.\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s titkosított munkafolyamatkulcs\n"
+
+#: g10/mainproc.c:294
+#, fuzzy, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "Ismeretlen algoritmussal (%d) titkosítva.\n"
+
+#: g10/mainproc.c:360
+#, fuzzy, c-format
+msgid "public key is %s\n"
+msgstr "Nyilvános kulcs: %08lX\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "Nyilvános kulccsal titkosított adat: jó DEK.\n"
+
+#: g10/mainproc.c:456
+#, fuzzy, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "Titkosítva %u bites %s kulccsal, azonosító: %08lX, létrehozva: %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, fuzzy, c-format
+msgid " \"%s\"\n"
+msgstr " azaz \""
+
+#: g10/mainproc.c:464
+#, fuzzy, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "Titkosítva %s kulccsal, azonosító: %08lX\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "Nyilvános kulcsú visszafejtés sikertelen: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "%lu jelszóval rejtjelezve\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "1 jelszóval rejtjelezve\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "%s titkosított adatot feltételezek.\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+"IDEA rejtjelezõ nem áll rendelkezésre, optimista módon megpróbálok\n"
+"%s-t használni helyette.\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "Visszafejtés rendben.\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "FIGYELEM: Az üzenetet nem látták el integritásvédelemmel.\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "FIGYELEM: A titkosított üzenetet manipulálták!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "Visszafejtés sikertelen: %s.\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "MEGJEGYZÉS: A feladó kérése: \"csak az Ön szemeinek\".\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "Eredeti fájlnév: '%.*s'.\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr ""
+"Különálló visszavonás. Használja a \"gpg --import\"-ot az alkalmazásához!\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "Jó aláírás a következõtõl: \""
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "Aláírás-ellenõrzés elnyomva.\n"
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "Nem tudom kezelni ezeket a többszörös aláírásokat!\n"
+
+#: g10/mainproc.c:1598
+#, fuzzy, c-format
+msgid "Signature made %s\n"
+msgstr "Az aláírás lejárt: %s.\n"
+
+#: g10/mainproc.c:1599
+#, fuzzy, c-format
+msgid " using %s key %s\n"
+msgstr " azaz \""
+
+#: g10/mainproc.c:1603
+#, fuzzy, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Aláírva: %.*s; kulcs: %s, %08lX.\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Kulcs található: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, fuzzy, c-format
+msgid "BAD signature from \"%s\""
+msgstr "ROSSZ aláírás a következõtõl: \""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, fuzzy, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Lejárt aláírás a következõtõl: \""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, fuzzy, c-format
+msgid "Good signature from \"%s\""
+msgstr "Jó aláírás a következõtõl: \""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[bizonytalan]"
+
+#: g10/mainproc.c:1843
+#, fuzzy, c-format
+msgid " aka \"%s\""
+msgstr " azaz \""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Az aláírás lejárt: %s.\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Az aláírás lejár: %s.\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s aláírás, %s kivonatoló algoritmus.\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "Bináris"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "Szövegmódú"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "Ismeretlen módú"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Nem tudom ellenõrizni az aláírást: %s.\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "Nem különálló aláírás.\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr "FIGYELEM: Többszörös aláírást érzékeltem. Csak az elsõt ellenõrzöm.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "0x%02x osztályú különálló aláírás.\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "Régi stílusú (PGP 2.x) aláírás.\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "Érvénytelen gyökércsomagot találtam a proc_tree() függvényben!\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, fuzzy, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "Nem tudom megnyitni az állományt: %s.\n"
+
+#: g10/misc.c:178
+#, fuzzy, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "Bizalmi adatbázis: olvasás sikertelen (n=%d): %s.\n"
+
+#: g10/misc.c:296
+#, fuzzy, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "Nem tudom kezelni a(z) %d. számú nyilvános kulcsú algoritmust!\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+"%s (%d) kivonatoló algoritmus használatának erõltetése ellentétes\n"
+"a címzett preferenciáival.\n"
+
+#: g10/misc.c:315
+#, fuzzy, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "nem megvalósított rejtjelezõ algoritmus"
+
+#: g10/misc.c:330
+#, fuzzy, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "%s aláírás, %s kivonatoló algoritmus.\n"
+
+#: g10/misc.c:335
+#, fuzzy, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr ""
+"%s (%d) kivonatoló algoritmus használatának erõltetése ellentétes\n"
+"a címzett preferenciáival.\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "Az IDEA rejtjelezõ bõvítés nincs jelen!\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr " i = további információkat kérek\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: Elavult opció: \"%s\"\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "FIGYELEM: \"%s\" elavult opció!\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "Kérem, ezt használja helyette: \"%s%s\"\n"
+
+#: g10/misc.c:774
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "FIGYELEM: \"%s\" elavult opció!\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "FIGYELEM: \"%s\" elavult opció!\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "tömörítetlen"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+#, fuzzy
+msgid "uncompressed|none"
+msgstr "tömörítetlen"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "Lehet, hogy ez az üzenet használhatatlan a %s számára!\n"
+
+#: g10/misc.c:1175
+#, fuzzy, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "Az opciókat a \"%s\" állományból olvasom.\n"
+
+#: g10/misc.c:1200
+#, fuzzy, c-format
+msgid "unknown option `%s'\n"
+msgstr "Ismeretlen alapértelmezett címzett: \"%s\"\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "\"%s\" állomány létezik. "
+
+#: g10/openfile.c:93
+#, fuzzy
+msgid "Overwrite? (y/N) "
+msgstr "Felülírjam (i/N)? "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: ismeretlen végzõdés.\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Írja be az új állománynevet"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "Írok a szabványos kimenetre.\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "Azt feltételezem, hogy az aláírt adat a %s állományban van.\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "\"%s\" új konfigurációs állományt létrehoztam.\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+"FIGYELEM: \"%s\" opciói csak a következõ futáskor lesznek érvényesek!\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "Nem tudom kezelni a(z) %d. számú nyilvános kulcsú algoritmust!\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+"FIGYELEM: A rejtjelezett munkafolyamat-kulcs lehet, hogy nem biztonságos!\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "A %d típusú alcsomag kritikus bitje beállított.\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, fuzzy, c-format
+msgid "problem with the agent: %s\n"
+msgstr "Probléma az ügynökkel: ügynök válasza: 0x%lx\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, fuzzy, c-format
+msgid " (main key ID %s)"
+msgstr ""
+" \n"
+" (fõ kulcsazonosító: %08lX)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Most meg kell adnia a jelszót, mellyel a következõ felhasználó\n"
+"titkos kulcsa használatba vehetõ:\n"
+"\"%.*s\"\n"
+"%u bites %s key, azonosító: %08lX, létrehozva: %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Írja be a jelszót!\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "A felhasználó megszakította a mûveletet.\n"
+
+#: g10/passphrase.c:592
+#, fuzzy, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"\n"
+"Jelszóra van szüksége a következõ felhasználó titkos kulcsának "
+"használatához:\n"
+"\""
+
+#: g10/passphrase.c:600
+#, fuzzy, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u bites %s kulcs, azonosító: %08lX, létrehozva: %s."
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Válasszon egy képet a fotóazonosítójához! A kép JPEG formátumú legyen!\n"
+"Emlékeztetjük, hogy a kép a nyilvános kulcsában tárolódik. Ha nagyon nagy\n"
+"képet használ, a kulcsa is nagyon nagy lesz!\n"
+"A 240x288 körüli képméret jól használható.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Adja meg egy JPEG fájl nevét a fotóazonosítóhoz: "
+
+#: g10/photoid.c:117
+#, fuzzy, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "Nem tudom megnyitni az állományt: %s.\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+#, fuzzy
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Biztos abban, hogy használni akarja (i/N)? "
+
+#: g10/photoid.c:146
+#, fuzzy, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "\"%s\" nem JPEG állomány.\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Ez a fotó megfelelõ (i/N/k)? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "Nem tudom megjeleníteni a fotóazonosítót!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Nincs megadva ok."
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "A kulcsot lecserélték."
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "A kulcs kompromittálódott."
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "A kulcs már nem használatos."
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "A felhasználói azonosító már nem érvényes."
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "Visszavonás oka: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "Megjegyzés a visszavonáshoz: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iIfFkKhH"
+
+#: g10/pkclist.c:212
+#, fuzzy
+msgid "No trust value assigned to:\n"
+msgstr ""
+"Nincs megbízhatósági érték rendelve:\n"
+"%4u%c/%08lX %s \""
+
+#: g10/pkclist.c:245
+#, fuzzy, c-format
+msgid " aka \"%s\"\n"
+msgstr " azaz \""
+
+#: g10/pkclist.c:255
+#, fuzzy
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "Ez a kulcs valószínûleg a jelzett tulajdonoshoz tartozik.\n"
+
+#: g10/pkclist.c:270
+#, fuzzy, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Nem tudom\n"
+
+#: g10/pkclist.c:272
+#, fuzzy, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = NEM bízom benne\n"
+
+#: g10/pkclist.c:278
+#, fuzzy, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = alapvetõen megbízom benne\n"
+
+#: g10/pkclist.c:284
+#, fuzzy
+msgid " m = back to the main menu\n"
+msgstr " f = visszatérés a fõmenübe\n"
+
+#: g10/pkclist.c:287
+#, fuzzy
+msgid " s = skip this key\n"
+msgstr " h = kulcs kihagyása\n"
+
+#: g10/pkclist.c:288
+#, fuzzy
+msgid " q = quit\n"
+msgstr " k = kilépés\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Mit választ? "
+
+#: g10/pkclist.c:319
+#, fuzzy
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Tényleg be akarja állítani ezt a kulcsot alapvetõen megbízhatóra? "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Alapvetõen megbízható kulcshoz vezetõ igazolások:\n"
+
+#: g10/pkclist.c:418
+#, fuzzy, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Semmi jele, hogy ez a kulcs a megadott tulajdonoshoz tartozik.\n"
+
+#: g10/pkclist.c:423
+#, fuzzy, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Semmi jele, hogy ez a kulcs a megadott tulajdonoshoz tartozik.\n"
+
+#: g10/pkclist.c:429
+#, fuzzy
+msgid "This key probably belongs to the named user\n"
+msgstr "Ez a kulcs valószínûleg a jelzett tulajdonoshoz tartozik.\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Ez a kulcs hozzánk tartozik.\n"
+
+#: g10/pkclist.c:460
+#, fuzzy
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"NEM biztos, hogy a kulcs a felhasználói azonosítóban szereplõ\n"
+"személyhez tartozik. Ha Ön *valóban* tudja, hogy mit csinál,\n"
+"a következõ kérdésre válaszolhat igennel.\n"
+"\n"
+
+#: g10/pkclist.c:479
+#, fuzzy
+msgid "Use this key anyway? (y/N) "
+msgstr "Mégis használjuk ezt a kulcsot? "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "FIGYELEM: Nem bízunk a kulcsban, amit használunk!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "FIGYELEM: a kulcsot visszavonhatták (visszavonó kulcs nincs jelen).\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "FIGYELEM: Ezt a kulcsot a kijelölt visszavonó visszavonta!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "FIGYELEM: Ezt a kulcsot a tulajdonosa visszavonta!\n"
+
+#: g10/pkclist.c:533
+#, fuzzy
+msgid " This could mean that the signature is forged.\n"
+msgstr " Ez jelentheti azt, hogy az aláírás hamis.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "FIGYELEM: Ezt az alkulcsot a tulajdonosa visszavonta!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Megjegyzés: Ez a kulcs le lett tiltva.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Megjegyzés: Ez a kulcs lejárt!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "FIGYELEM: Ez a kulcs nincs hitelesítve megbízható aláírással!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" Semmi jele, hogy ez a kulcs a megadott tulajdonoshoz tartozik.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "FIGYELEM: NEM bízunk ebben a kulcsban!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Az aláírás valószínûleg HAMIS.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"FIGYELEM: Ez a kulcs nincs igazolva kellõképpen megbízható aláírással!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Nem biztos, hogy az aláírás a tulajdonoshoz tartozik.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: kihagyva: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: kihagyva: nyilvános kulcs már szerepel\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr ""
+"Nem adott meg felhasználói azonosítót! (Használhatja a \"-r\" opciót.)\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Adja meg a felhasználói azonosítót! Üres sorral fejezze be: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Nincs ilyen felhasználói azonosító.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr ""
+"Kihagyva: Nyilvános kulcs már be lett állítva alapértelmezett címzettnek.\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Nyilvános kulcs nincs engedélyezve.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "Kihagyva: Nyilvános kulcs már be lett állítva.\n"
+
+#: g10/pkclist.c:1045
+#, fuzzy, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "Ismeretlen alapértelmezett címzett: \"%s\"\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: Kihagyva: Nyilvános kulcs nincs engedélyezve.\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "Nincsenek érvényes címzettek!\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "%08lX kulcs: Nincs felhasználói azonosító.\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "%08lX kulcs: Nincs felhasználói azonosító.\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+"Az adatot nem mentettem el. Használja az \"--output\" opciót a mentéshez!\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Különálló aláírás.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Kérem, adja meg az adatállomány nevét: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "Olvasom a szabványos bemenetet...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "Nincs aláírt adat.\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "Nem tudom megnyitni a(z) \"%s\" aláírt adatot!\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "Nem tudom megnyitni a(z) \"%s\" aláírt adatot!\n"
+
+#: g10/pubkey-enc.c:105
+#, fuzzy, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "Anonim címzett. A %08lX titkos kulcsot próbálom...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "Rendben, mi vagyunk az anonim címzett.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "A DEK régi kódolása nem támogatott.\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "A %d%s rejtjelezõ algoritmus ismeretlen vagy tiltott.\n"
+
+#: g10/pubkey-enc.c:284
+#, fuzzy, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "MEGJEGYZÉS: %d rejtjelezõ algoritmus nincs a preferenciák között.\n"
+
+#: g10/pubkey-enc.c:304
+#, fuzzy, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "MEGJEGYZÉS: %08lX titkos kulcs %s-kor lejárt.\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "MEGJEGYZÉS: A kulcsot visszavonták."
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet sikertelen: %s.\n"
+
+#: g10/revoke.c:145
+#, fuzzy, c-format
+msgid "key %s has no user IDs\n"
+msgstr "%08lX kulcs: Nincs felhasználói azonosító.\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Visszavonja:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Ez egy érzékeny visszavonó kulcs.)\n"
+
+#: g10/revoke.c:314
+#, fuzzy
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Csináljunk egy visszavonó igazolást ehhez a kulcshoz? "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "ASCII-páncélozott kimenet kiválasztva.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet sikertelen: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Visszavonó igazolás létrehozva.\n"
+
+#: g10/revoke.c:411
+#, fuzzy, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "Nem találtam visszavonó kulcsot a következõhöz: \"%s\".\n"
+
+#: g10/revoke.c:470
+#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "\"%s\" titkos kulcs nem található: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "Nincs hozzá tartozó nyilvános kulcs: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "A nyilvános kulcs nem passzol a titkos kulcshoz!\n"
+
+#: g10/revoke.c:515
+#, fuzzy
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Csináljunk egy visszavonó igazolást ehhez a kulcshoz? "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "Ismeretlen védelmi algoritmus!\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "MEGJEGYZÉS: Ez a kulcs nem védett.\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"A visszavonó igazolást létrehoztam.\n"
+"\n"
+"Kérem, tegye olyan helyre, ahol más nem fér hozzá! Ha valaki megszerzi\n"
+"ezt az igazolást, használhatatlanná teheti vele az Ön kulcsát. Okos dolog\n"
+"kinyomtatni és megõrizni ezt az igazolást, arra az esetre, ha az\n"
+"adathordozó olvashatatlanná válik. De vigyázat: az Ön gépének nyomtatási\n"
+"rendszere is tárolhatja az adatot, és mások esetleg hozzáférhetnek ehhez!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Kérem, válassza ki a visszavonás okát:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Mégsem"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Valószínûleg a(z) %d. lehetõséget akarja választani.)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Adjon meg egy nem kötelezõ leírást! Üres sorral fejezze be:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Visszavonás oka: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(Nincs leírás.)\n"
+
+#: g10/revoke.c:721
+#, fuzzy
+msgid "Is this okay? (y/N) "
+msgstr "Ez így rendben van? "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "Titkos kulcsrészek nem állnak rendelkezésre.\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "%d%s védõ algoritmus nem támogatott.\n"
+
+#: g10/seckey-cert.c:72
+#, fuzzy, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "%d%s védõ algoritmus nem támogatott.\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Érvénytelen jelszó. Próbálja újra"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+"FIGYELEM: Gyenge kulcsot találtam. Kérem, változtassa meg ismét a jelszót!\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"Elavult, 16 bites ellenõrzõösszeget hozok létre titkos kulcs védelméhez.\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "Gyenge kulcs jött létre. Újrapróbálom.\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"Nem tudom elkerülni a gyenge kulcsot a szimmetrikus titkosítóhoz.\n"
+"%d alkalommal próbáltam!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "FIGYELEM: Aláíráskivonat-konfliktus az üzenetben.\n"
+
+#: g10/sig-check.c:105
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "FIGYELEM: %08lX aláíró alkulcs nem kereszthitelesített.\n"
+
+#: g10/sig-check.c:117
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr "FIGYELEM: %08lX aláíró alkulcson érvénytelen kereszthitelesítés van.\n"
+
+#: g10/sig-check.c:211
+#, fuzzy, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "A(z) %08lX nyilvános kulcs %lu másodperccel újabb az aláírásnál!\n"
+
+#: g10/sig-check.c:212
+#, fuzzy, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "A(z) %08lX nyilvános kulcs %lu másodperccel újabb az aláírásnál!\n"
+
+#: g10/sig-check.c:223
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"A kulcs %lu másodperccel a jövõben készült. (Idõugrás vagy óraprobléma.)\n"
+
+#: g10/sig-check.c:225
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"A kulcs %lu másodperccel a jövõben készült. (Idõugrás vagy óraprobléma.)\n"
+
+#: g10/sig-check.c:239
+#, fuzzy, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "MEGJEGYZÉS: Aláíró kulcs (%08lX) lejárt: %s\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "MEGJEGYZÉS: A kulcsot visszavonták."
+
+#: g10/sig-check.c:325
+#, fuzzy, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"Rossz aláírást feltételezek a %08lX kulcstól egy ismeretlen\n"
+"kritikus bit miatt.\n"
+
+#: g10/sig-check.c:591
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "%08lX kulcs: Nincs alkulcs az alkulcsvisszavonó csomaghoz.\n"
+
+#: g10/sig-check.c:618
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "%08lX kulcs: Nincs alkulcs az alkulcskötõ aláíráshoz!\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"FIGYELEM: Nem tudom kifejteni a %% jeleket a jelölésben (túl hosszú).\n"
+"Kifejtés nélkül használom.\n"
+
+#: g10/sign.c:115
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"FIGYELEM: Nem tudom kifejteni a %% jeleket az eljárásmód URL-ben (túl "
+"hosszú).\n"
+"Kifejtés nélkül használom.\n"
+
+#: g10/sign.c:138
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"FIGYELEM: Nem tudom kifejteni a %% jeleket az eljárásmód URL-ben (túl "
+"hosszú).\n"
+"Kifejtés nélkül használom.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "A létrehozott aláírás ellenõrzése sikertelen: %s.\n"
+
+#: g10/sign.c:320
+#, fuzzy, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s aláírás a következõtõl: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"Különálló aláírást PGP 2.x stílusú kulcsokkal csak --pgp2 módban készíthet!\n"
+
+#: g10/sign.c:837
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"%s (%d) kivonatoló algoritmus használatának erõltetése ellentétes\n"
+"a címzett preferenciáival.\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "Aláírom:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"Olvasható szöveget PGP 2.x stílusú kulccsal csak --pgp2 módban írhat alá!\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "%s titkosítást fogok használni.\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"A kulcs nincs \"nem biztonságosnak\" jelölve,\n"
+"nem tudom a pótló véletlenszám-generátorral használni!\n"
+
+#: g10/skclist.c:174
+#, fuzzy, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "\"%s\"-t kihagytam: másodpéldány.\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "Kihagytam \"%s\"-t: %s.\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "Kihagytam: titkos kulcs már jelen van.\n"
+
+#: g10/skclist.c:208
+#, fuzzy
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"Kihagytam \"%s\"-t: ez egy PGP által létrehozott ElGamal kulcs, amely nem\n"
+"biztonságos aláírásokhoz!\n"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "%lu bizalmi rekord, %d típus: írás sikertelen: %s.\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Meghatározott bizalmi értékek listája, %s.\n"
+"# (Használja a \"gpg --import-ownertrust\" parancsot a visszaállításhoz!)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, fuzzy, c-format
+msgid "error in `%s': %s\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: g10/tdbdump.c:161
+#, fuzzy
+msgid "line too long"
+msgstr "A sor túl hosszú!\n"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+#, fuzzy
+msgid "invalid fingerprint"
+msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
+
+#: g10/tdbdump.c:180
+#, fuzzy
+msgid "ownertrust value missing"
+msgstr "bizalmi értékek importja"
+
+#: g10/tdbdump.c:216
+#, fuzzy, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "Hiba bizalmi rekord keresésekor: %s.\n"
+
+#: g10/tdbdump.c:220
+#, fuzzy, c-format
+msgid "read error in `%s': %s\n"
+msgstr "Olvasási hiba: %s.\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "Bizalmi adatbázis: szinkronizáció sikertelen: %s.\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "Bizalmi adatbázis %lu. rekord: lseek sikertelen: %s.\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "Bizalmi adatbázis %lu. rekord: írás sikertelen (n=%d): %s.\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "Bizalmi adatbázis tranzakciója túl nagy.\n"
+
+#: g10/tdbio.c:500
+#, fuzzy, c-format
+msgid "can't access `%s': %s\n"
+msgstr "Nem tudom bezárni a(z) \"%s\" állományt: %s.\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: Könyvtár nem létezik!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, fuzzy, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "Nem tudom létrehozni a(z) \"%s\" állományt: %s.\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, fuzzy, c-format
+msgid "can't lock `%s'\n"
+msgstr "Nem tudom megnyitni %s-t!\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: Nem sikerült verziórekordot létrehoznom: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: Érvénytelen bizalmi adatbázis jött létre.\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: Bizalmi adatbázis létrejött.\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "MEGJEGYZÉS: Bizalmi adatbázis nem írható.\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: Érvénytelen bizalmi adatbázis.\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: Hashtábla létrehozása sikertelen: %s.\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: Hiba a verziórekord frissítésekor: %s.\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: Hiba a verziórekord olvasásakor: %s.\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: Hiba a verziórekord írásakor: %s.\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "Bizalmi adatbázis: lseek sikertelen: %s.\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "Bizalmi adatbázis: olvasás sikertelen (n=%d): %s.\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: Nem bizalmi adatbázis.\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: Verziórekord, rekordszám: %lu.\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: Érvénytelen állományverzió (%d).\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: Hiba szabad rekord olvasásakor: %s.\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: Hiba könyvtárrekord írásakor: %s.\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: Nem sikerült egy rekord nullázása: %s.\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: Nem sikerült egy rekord hozzáadása: %s.\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: Bizalmi adatbázis létrejött.\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "Nem tudok %d karakternél hosszabb szövegsorokat kezelni!\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "A bemeneti sor hosszabb, mint %d karakter.\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "\"%s\" nem egy érvényes hosszú kulcsazonosító.\n"
+
+#: g10/trustdb.c:252
+#, fuzzy, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "%08lX kulcs: Elfogadva megbízható kulcsként.\n"
+
+#: g10/trustdb.c:290
+#, fuzzy, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "A(z) %08lX kulcs egynél többször szerepel a bizalmi adatbázisban.\n"
+
+#: g10/trustdb.c:305
+#, fuzzy, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr ""
+"%08lX kulcs: Nincs nyilvános kulcs a megbízható kulcshoz - kihagytam.\n"
+
+#: g10/trustdb.c:315
+#, fuzzy, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "A kulcsot alapvetõen megbízhatónak jelöltem.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "%lu bizalmi rekord, %d kéréstípus: olvasás sikertelen: %s.\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "%lu bizalmi rekord nem a kért típusú (%d).\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+#, fuzzy
+msgid "[ revoked]"
+msgstr "[visszavont] "
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+#, fuzzy
+msgid "[ expired]"
+msgstr "[lejárt] "
+
+#: g10/trustdb.c:528
+#, fuzzy
+msgid "[ unknown]"
+msgstr "Ismeretlen módú"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+#, fuzzy
+msgid "never"
+msgstr "soha "
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "Nincs szükség a bizalmi adatbázis ellenõrzésére.\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "A bizalmi adatbázis következõ ellenõrzése: %s.\n"
+
+#: g10/trustdb.c:607
+#, fuzzy, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "Nincs szükség a bizalmi adatbázis ellenõrzésére.\n"
+
+#: g10/trustdb.c:622
+#, fuzzy, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "Nincs szükség a bizalmi adatbázis ellenõrzésére.\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, fuzzy, c-format
+msgid "public key %s not found: %s\n"
+msgstr "A(z) %08lX nyilvános kulcsot nem találom: %s.\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "Kérem, hajtson végre egy --check-trustdb parancsot!\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "Ellenõrzöm a bizalmi adatbázist.\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d kulcsot feldolgoztam (%d érvényességszámlálót töröltem)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "Nem találtam alapvetõen megbízható kulcsot.\n"
+
+#: g10/trustdb.c:2309
+#, fuzzy, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "Nem találom az alapvetõen megbízható %08lX kulcs nyilvános kulcsát!\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, fuzzy, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "%lu bizalmi rekord, %d típus: írás sikertelen: %s.\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"Nem tudom ellenõrizni az aláírást.\n"
+"Ne felejtse el, hogy az aláírást tartalmazó állományt (.sig vagy .asc)\n"
+"kell az elsõ helyre írni a parancssorban!\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "A bemeneti sor (%u) túl hosszú, vagy hiányzik a soremelés.\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "Nem tudom megnyitni a(z) \"%s\" állományt: %s.\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "Írom a titkos kulcsot a %s állományba.\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "állományolvasási hiba"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "A sor túl hosszú!\n"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "érvénytelen argumentum"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "Egymásnak ellentmondó parancsok!\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "Érvénytelen import opciók!\n"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "nem feldolgozott"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "Érvénytelen import opciók!\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "Érvénytelen parancs! (Próbálja a súgót: \"help\".)\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "nem feldolgozott"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "Érvénytelen import opciók!\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "Talált egy programhibát... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "Nem tudom megnyitni az állományt: %s.\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "Páncélozás nem sikerült: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "Nem tudom a \"%s\" könyvtárat létrehozni: %s.\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "Írom a titkos kulcsot a %s állományba.\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "A(z) %08lX nyilvános kulcsot nem találom: %s.\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "Írom a titkos kulcsot a %s állományba.\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "jelszóváltoztatás"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "jelszóváltoztatás"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Kérem, válassza ki a visszavonás okát:\n"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Kérem, válassza ki a visszavonás okát:\n"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, fuzzy, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: scd/app-openpgp.c:695
+#, fuzzy, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
+
+#: scd/app-openpgp.c:708
+#, fuzzy, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "Nem tudtam újraépíteni a kulcskarika cache-ét: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, fuzzy, c-format
+msgid "reading public key failed: %s\n"
+msgstr "A kulcsblokk törlése sikertelen: %s.\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr ""
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "jelszóváltoztatás"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, fuzzy, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "Küldés a kulcsszerverre sikertelen: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "jelszóváltoztatás"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "jelszóváltoztatás"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "Kérem, válassza ki a visszavonás okát:\n"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+#, fuzzy
+msgid "error reading application data\n"
+msgstr "Hiba a kulcsblokk olvasásakor: %s\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+#, fuzzy
+msgid "error reading fingerprint DO\n"
+msgstr "%s: Hiba szabad rekord olvasásakor: %s.\n"
+
+#: scd/app-openpgp.c:2194
+#, fuzzy
+msgid "key already exists\n"
+msgstr "\"%s\" már tömörített.\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2200
+#, fuzzy
+msgid "generating new key\n"
+msgstr "új kulcspár létrehozása"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "új kulcspár létrehozása"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2773
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2872
+#, fuzzy
+msgid "generating key failed\n"
+msgstr "A kulcsblokk törlése sikertelen: %s.\n"
+
+#: scd/app-openpgp.c:2875
+#, fuzzy, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "Kulcsgenerálás sikertelen: %s\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "%s aláírás, %s kivonatoló algoritmus.\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, fuzzy, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "Nem találtam érvényes OpenPGP adatot.\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr ""
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "|fájl|bõvítõ modul betöltése"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+#, fuzzy
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NÉV|NÉV használata alapértelmezett címzettként"
+
+#: scd/scdaemon.c:130
+#, fuzzy
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NÉV|NÉV használata alapértelmezett címzettként"
+
+#: scd/scdaemon.c:133
+#, fuzzy
+msgid "do not use the internal CCID driver"
+msgstr "ne használja a terminált egyáltalán"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "Egymásnak ellentmondó parancsok!\n"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "Kihagytam a %02x kódú érvénytelen radix64 karaktert.\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+#, fuzzy
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "Nem megfelelõ formájú GPG_AGENT_INFO környezeti változó!\n"
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "%d gpg-agent protokollverzió nem támogatott!\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "help"
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "%d gpg-agent protokollverzió nem támogatott!\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "Nem tudom megnyitni a(z) \"%s\" állományt: %s.\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "Írom a titkos kulcsot a %s állományba.\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "A kulcsblokk törlése sikertelen: %s.\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "MEGJEGYZÉS: A kulcsot visszavonták."
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "A létrehozott aláírás ellenõrzése sikertelen: %s.\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr ""
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "Írom a titkos kulcsot a %s állományba.\n"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "Ez a kulcs lejárt!"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "Ez a kulcs lejárt!"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "Ez a kulcs lejárt!"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "Ez a kulcs lejárt!"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " új aláírások: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "Visszavonó igazolás létrehozva.\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "rossz igazolás"
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr ""
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "megmutatja az ujjlenyomatot"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "visszavonási igazolás készítése"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "A létrehozott aláírás ellenõrzése sikertelen: %s.\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr ""
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "aláírás ellenõrzése"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "%c%lu preferencia kétszer szerepel!\n"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "Visszavonó igazolás létrehozva.\n"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr "rossz igazolás"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "nem"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Most meg kell adnia a jelszót, mellyel a következõ felhasználó\n"
+"titkos kulcsa használatba vehetõ:\n"
+"\"%.*s\"\n"
+"%u bites %s key, azonosító: %08lX, létrehozva: %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "Hiba a(z) \"%s\" titkoskulcs-karika írásakor: %s.\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Ez nem érvényes e-mail cím.\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "Kulcsgenerálás sikertelen: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (csak aláírás)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) RSA (csak titkosítás)\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Aláírás-jelölés: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "Nincs %d indexû felhasználóazonosító!\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: Hiba szabad rekord olvasásakor: %s.\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "kulcs tiltása"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) RSA (aláírás és titkosítás)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (csak aláírás)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (csak titkosítás)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+#, fuzzy
+msgid "No subject name given\n"
+msgstr "(Nincs leírás.)\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "Érvénytelen kivonatoló algoritmus: %s\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "E-mail cím: "
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"Adja meg a felhasználói azonosítót! Üres sorral fejezze be: "
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "Írja be az új állománynevet"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr "Adjon meg egy nem kötelezõ leírást! Üres sorral fejezze be:\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr ""
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "\"%s\" kulcs nem található: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "Hiba a kulcsblokk olvasásakor: %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "Visszavonó igazolás létrehozva.\n"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "%c%lu preferencia kétszer szerepel!\n"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "A kulcsblokk törlése sikertelen: %s.\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "(Nincs leírás.)\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "titkos kulcsok listázása"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "rossz igazolás"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "rossz igazolás"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "rossz igazolás"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "ascii páncélozott kimenet létrehozása"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "ne használja a terminált egyáltalán"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "|fájl|bõvítõ modul betöltése"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "kötegelt mód: soha nem kérdez"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "igen válasz feltételezése a legtöbb kérdésre"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "nem válasz feltételezése a legtöbb kérdésre"
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "kulcskarika hozzáadása a kulcskarikalistához"
+
+#: sm/gpgsm.c:301
+#, fuzzy
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|NÉV|NÉV használata alapértelmezett titkos kulcsként"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|GÉPNÉV|kulcsszerver beállítása kulcsok kereséséhez"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NÉV|NÉV rejtjelezõ algoritmus használata"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NÉV|NÉV kivonatoló algoritmus használata"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Szintaxis: gpg [opciók] [fájlok]\n"
+"Aláírás, ellenõrzés, titkosítás vagy visszafejtés.\n"
+"Az alapértelmezett mûvelet a bemeneti adattól függ.\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "Használat: gpg [opciók] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "Nem tudok kapcsolódni \"%s\" objektumhoz: %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "Ismeretlen alapértelmezett címzett: \"%s\"\n"
+
+#: sm/gpgsm.c:801
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Nincs leírás.)\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " h = kulcs kihagyása\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "Értelmezhetetlen a kulcsszerver URI-ja!\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, fuzzy, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "Írok a \"%s\" állományba.\n"
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "Nem tudom bezárni a(z) \"%s\" állományt: %s.\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr " Összesen feldolgoztam: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "visszavonási igazolás készítése"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "Hiba a(z) \"%s\" kulcskarika létrehozásakor: %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "\"%s\" kulcskarikát létrehoztam.\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "Bizalmi adatbázis (%s) inicializálása sikertelen!\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: sm/keydb.c:1408
+#, fuzzy, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "rev? Nem tudom ellenõrizni a visszavonást: %s.\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "%d%s védõ algoritmus nem támogatott.\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "A létrehozott aláírás ellenõrzése sikertelen: %s.\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "Az aláírás lejárt: %s.\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "Jó aláírás a következõtõl: \""
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " azaz \""
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr ""
+"\n"
+"Ez egy önaláírás lesz.\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "kilépés|kilepes"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|fájl|bõvítõ modul betöltése"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "A kulcsblokk törlése sikertelen: %s.\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "A sor túl hosszú!\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "Ismeretlen alapértelmezett címzett: \"%s\"\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "Aláírás sikertelen: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "Hiba %s-ra/-re küldéskor: %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "Hiba %s-ra/-re küldéskor: %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|N. sorszámú jelszómód használata"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NÉV|NÉV használata alapértelmezett titkos kulcsként"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NÉV|titkosítás NÉV részére"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "Értelmezhetetlen a kulcsszerver URI-ja!\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+#, fuzzy
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NÉV|NÉV rejtjelezõ algoritmus haszn. jelszavakhoz"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "\"%s\": ismeretlen konfigurációs elem.\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "\"%s\": ismeretlen konfigurációs elem.\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "kimeneti állomány megadása"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "Használat: gpg [opciók] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "nyilvános kulcs nem található"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "Írom a titkos kulcsot a %s állományba.\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Parancsok:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "Visszafejtés rendben.\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "Visszafejtés rendben.\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [fájlnév]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s és %s nem használható együtt!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "Nem tudom megnyitni az állományt: %s.\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "Nem tudom a \"%s\" könyvtárat létrehozni: %s.\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, fuzzy, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "Nem tudom megnyitni %s-t: %s\n"
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "Hiba \"%s\" olvasásakor: %s\n"
+
+#: tools/symcryptrun.c:488
+#, fuzzy
+msgid "no --program option provided\n"
+msgstr "Külsõ program meghívása nem támogatott.\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "%s nem hozható létre: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "%s nem hozható létre: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "Frissítés sikertelen: %s.\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "A kulcsblokk törlése sikertelen: %s.\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "Frissítés sikertelen: %s.\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "Frissítés sikertelen: %s.\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "Frissítés sikertelen: %s.\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "Nem tudom létrehozni a(z) \"%s\" állományt: %s.\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "Nem tudom létrehozni a(z) \"%s\" állományt: %s.\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "%d%s védõ algoritmus nem támogatott.\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Használat: gpg [opciók] [fájlok] (-h a súgóhoz)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Parancs> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr "Bizalmi adatbázis sérült. Kérem, futtassa: \"gpg --fix-trustdb\".\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr "A hibákat (angolul) a <gnupg-bugs@gnu.org> címre írja meg!\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr "A hibákat (angolul) a <gnupg-bugs@gnu.org> címre írja meg!\n"
+
+#, fuzzy
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "A DSA kulcspár 1024 bites lesz.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Ismételje meg a jelszót!\n"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "Az opciókat a \"%s\" állományból olvasom.\n"
+
+#~ msgid "|[file]|make a signature"
+#~ msgstr "|[fájl]|aláírás készítése"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[fájl]|aláírás készítése"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[fájl]|olvasható szöveg aláírása"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|NÉV|NÉV használata alapértelmezett címzettként"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "alapért. kulcs haszn. alapért. címzettként"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "3-as verziójú aláírások erõltetése"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "mindig használjon MDC-t titkosításkor"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "titkoskulcs-karika hozzáadása a listához"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|NÉV|terminál karakterkódolásának megadása"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|fájl|bõvítõ modul betöltése"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|N. sorszámú tömörítõ algoritmus használata"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "kulcsok eltávolítása a nyilvánoskulcs-karikáról"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Az Ön döntésén múlik, hogy milyen értéket ad meg itt. Ezt az értéket "
+#~ "soha\n"
+#~ "nem exportáljuk mások részére. Ez a bizalmak hálózatához (web-of-trust)\n"
+#~ "szükséges, semmi köze az igazolások hálózatához (web-of-certificates)."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Hogy a bizalmak hálózatát felépítsük, a GnuPG-nek tudnia kell, hogy\n"
+#~ "mely kulcsok alapvetõen megbízhatóak - általában ezek azok a kulcsok,\n"
+#~ "melyek titkos kulcsához hozzáfér. Válaszoljon \"igen\"-nel, ha kulcsot\n"
+#~ "alapvetõen megbízhatónak jelöli!\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Ha mégis használni akarja ezt a kulcsot, melyben nem bízunk,\n"
+#~ "válaszoljon \"igen\"-nel!"
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr "Adja meg a címzett felhasználói azonosítóját!"
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "Általában nem jó ötlet ugyanazt a kulcsot használni aláíráshoz és\n"
+#~ "titkosításhoz. Ezt az algoritmust csak bizonyos területeken ajánlatos\n"
+#~ "használni. Kérem, elõször konzultáljon a biztonsági szakértõjével!"
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Adja meg a kulcs méretét!"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Kérem, adjon \"igen\" vagy \"nem\" választ!"
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Adja meg a szükséges értéket, ahogy a prompt mutatja!\n"
+#~ "Lehetséges ISO dátumot is beírni (ÉÉÉÉ-HH-NN), de nem fog rendes\n"
+#~ "hibaüzenetet kapni, hanem a rendszer megpróbálja az értéket\n"
+#~ "intervallumként értelmezni."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Adja meg a kulcs tulajdonosának a nevét!"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr "Kérem, adjon meg egy opcionális, de nagyon ajánlott e-mail címet!"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Kérem, adjon meg egy opcionális megjegyzést!"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N név változtatása\n"
+#~ "M megjegyzés változtatása\n"
+#~ "E e-mail változtatása\n"
+#~ "R kulcsgenerálás folytatása\n"
+#~ "Q kilépés a kulcsgenerálásból"
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr ""
+#~ "Válaszoljon \"igen\"-nel (vagy csak \"i\"-vel), ha kezdhetjük az alkulcs\n"
+#~ "létrehozását!"
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Mielõtt aláír egy felhasználói azonosítót egy kulcson, ellenõriznie "
+#~ "kell,\n"
+#~ "hogy a kulcs a felhasználói azonosítóban megnevezett személyhez "
+#~ "tartozik.\n"
+#~ "Mások számára hasznos lehet, ha tudják, hogy milyen gondosan ellenõrizte\n"
+#~ "Ön ezt.\n"
+#~ "\n"
+#~ "\"0\" azt jelenti, hogy nem tesz az ellenõrzés gondosságára vonatkozó\n"
+#~ " kijelentést.\n"
+#~ "\n"
+#~ "\"1\" azt jelenti, hogy Ön hiszi, hogy a kulcs annak a személynek a\n"
+#~ " tulajdona, aki azt állítja, hogy az övé, de Ön nem tudta ezt\n"
+#~ " ellenõrizni, vagy egyszerûen nem ellenõrizte ezt. Ez hasznos egy\n"
+#~ " \"persona\" típusú ellenõrzéshez, mikor Ön egy pszeudonim "
+#~ "felhasználó\n"
+#~ " kulcsát írja alá.\n"
+#~ "\n"
+#~ "\"2\" azt jelenti, hogy Ön a kulcsot hétköznapi alapossággal "
+#~ "ellenõrizte.\n"
+#~ " Például ez azt jelentheti, hogy ellenõrizte a kulcs ujjlenyomatát, "
+#~ "és\n"
+#~ " összevetette a kulcson szereplõ felhasználóazonosítót egy fényképes\n"
+#~ " igazolvánnyal.\n"
+#~ "\n"
+#~ "\"3\" azt jelenti, hogy alaposan ellenõrizte a kulcsot. Például ez azt\n"
+#~ " jelentheti, hogy a kulcs ujjlenyomatát a tulajdonossal személyesen\n"
+#~ " találkozva ellenõrizte, egy nehezen hamisítható, fényképes "
+#~ "igazolvánnyal\n"
+#~ " (mint az útlevél) meggyõzõdött arról, hogy a személy neve egyezik a\n"
+#~ " kulcson levõvel, és végül (e-mail váltással) ellenõrizte, hogy a "
+#~ "kulcson\n"
+#~ " szereplõ e-mail cím a kulcs tulajdonosához tartozik.\n"
+#~ "\n"
+#~ "A 2-es és 3-as szintekhez adott példák *csak* példák. Végsõ soron Ön "
+#~ "dönti\n"
+#~ "el, hogy mit jelentenek Önnek a \"hétköznapi\" és \"alapos\" "
+#~ "kifejezések,\n"
+#~ "amikor mások kulcsát aláírja.\n"
+#~ "\n"
+#~ "Ha nem tudja, hogy mit válaszoljon, írjon \"0\"-t!"
+
+#, fuzzy
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr ""
+#~ "Válaszoljon \"igen\"-nel, ha az ÖSSZES felhasználóazonosítót alá akarja "
+#~ "írni!"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Válaszoljon \"igen\"-nel, ha valóban törölni akarja ezt a "
+#~ "felhasználóazonosítót!\n"
+#~ "Minden igazolás törlõdik vele együtt!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Válaszoljon \"igen\"-nel, ha az alkulcs törölhetõ."
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Ez egy érvényes aláírás a kulcson. Normál esetben nincs értelme\n"
+#~ "törölni, mert fontos lehet ahhoz, hogy érvényesítse ezt a kulcsot,\n"
+#~ "vagy egy másikat, melyet ezzel a kulccsal igazolnak."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Ezt az aláírást nem tudom ellenõrizni, mert nincs meg a hozzá tartozó\n"
+#~ "kulcs. Ajánlatos lenne elhalasztani a törlést addig, amíg meg nem tudja,\n"
+#~ "hogy melyik kulcsot használták, mert ez az aláíró kulcs bizalmi\n"
+#~ "kapcsolatot hozhat létre egy már hitelesített kulcson keresztül."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr ""
+#~ "Ez az aláírás nem érvényes. Értelmetlen eltávolítani a kulcskarikáról."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Ez egy olyan aláírás, amely összeköti a felhasználóazonosítót\n"
+#~ "a kulccsal. Általában nem jó ötlet egy ilyen aláírást eltávolítani.\n"
+#~ "Az is lehetséges, hogy a GnuPG többé nem tudja használni ezt\n"
+#~ "a kulcsot. Csak akkor tegye ezt, ha valami okból ez az önaláírás nem\n"
+#~ "érvényes, és rendelkezésre áll egy másik!"
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Lecseréli az összes felhasználóazonosítóhoz (vagy csak a kijelöltekhez)\n"
+#~ "tartozó preferenciákat az aktuális preferenciákra. Minden érintett\n"
+#~ "önaláírás idõpontját egy másodperccel növeli.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "Kérem, adja meg a jelszót! Ezt egy titkos mondat. \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr "Kérem, ismételje meg az elõzõ jelszót ellenõrzésképpen!"
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Adja meg az állomány nevét, melyhez az aláírás tartozik!"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Válaszoljon \"igen\"-nel, ha felülírható az állomány!"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Kérem, adjon meg egy új fájlnevet! Ha RETURN-t/ENTER-t nyom, akkor\n"
+#~ "a szögletes zárójelben levõ alapértelmezett nevet használom."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Ajánlatos megadni a visszavonás okát. A helyzettõl függõen válasszon\n"
+#~ "a következõ listából:\n"
+#~ " \"A kulcs kompromittálódott.\"\n"
+#~ " Használja ezt akkor, ha oka van azt hinni, hogy titkos kulcsa\n"
+#~ " illetéktelen kezekbe került!\n"
+#~ " \"A kulcsot lecserélték.\"\n"
+#~ " Használja ezt akkor, ha a kulcsot lecserélte egy újabbra!\n"
+#~ " \"A kulcs már nem használatos.\"\n"
+#~ " Használja ezt akkor, ha már nem használja a kulcsot!\n"
+#~ " \"A felhasználóazonosító már nem érvényes.\"\n"
+#~ " Használja ezt akkor, ha azt állítja, hogy a felhasználóazonosító\n"
+#~ " már nem használatos! Általában érvénytelen e-mail címet jelent.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Ha akarja, megadhat egy szöveget, melyben megindokolja, hogy miért\n"
+#~ "adta ki ezt a visszavonó igazolást. Kérem, fogalmazzon tömören!\n"
+#~ "Egy üres sor jelzi a szöveg végét.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "Nem tehet jelölõadatot a v3-as (PGP 2.x stílusú) aláírásokba!\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr ""
+#~ "Nem tehet jelölõadatot a v3-as (PGP 2.x stílusú) kulcsaláírásokba!\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "Nem tehet eljárásmód-URL-t a v3-as (PGP 2.x stílusú) aláírásokba!\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "Nem tehet eljárásmód-URL-t a v3-as (PGP 2.x stílusú) kulcsaláírásokba!\n"
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "help"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr ""
+#~ "További információ a http://www.gnupg.org/faq.html címen található.\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "GPG ügynök nem elérhetõ ebben a munkafolyamatban.\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Kérem, adja meg, milyen kulcsot kíván:\n"
+
+#, fuzzy
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr "A \"%s\" rejtjelezõ bõvítést rossz engedélyek miatt töltöm be.\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "A DSA 160 bites hash (kivonatoló) algoritmust igényel.\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "Probléma van az ügynökkel. Letiltom a használatát.\n"
+
+#, fuzzy
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "Nem tudok jelszót bekérni kötegelt módban!\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Írja be a jelszót: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Ismételje meg a jelszót: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [felh-azonosító] [kulcskarika]"
+
+#, fuzzy
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "Nem tudok létrehozni %d bitesnél kisebb prímszámot.\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "Nem tudok létrehozni %d bitesnél kisebb prímszámot.\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "Nem észleltem entrópiagyûjtõ modult.\n"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "Nem tudom megnyitni %s-t!\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "Nem tudom a stat mûveletet elvégezni a(z) \"%s\" állományon: %s.\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "\"%s\" nem szabályos állomány. Figyelmen kívül hagyom.\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr ""
+#~ "Megjegyzés: random_seed állomány (véletlenszám-generátor állapota) üres.\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr "FIGYELEM: Érvénytelen méretû random_seed állomány. Nem használom.\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "Nem tudom olvasni a(z) \"%s\" állományt: %s.\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "Megjegyzés: random_seed állományt nem frissítettem.\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "Nem tudom írni a(z) \"%s\" állományt: %s.\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "Nem tudom bezárni a(z) \"%s\" állományt: %s.\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "FIGYELEM: Nem biztonságos véletlenszám-generátort használok!!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "A véletlenszám-generátor csak egy szükségmegoldás, hogy a program\n"
+#~ "elinduljon, semmiképpen nem egy erõs véletlenszám-generátor!\n"
+#~ "\n"
+#~ "NE HASZNÁLJON SEMMILYEN ADATOT, AMIT EZ A PROGRAM ELÕÁLLÍT!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Kérem, várjon, entrópiát gyûjtök! Vagy inkább csináljon közben valamit\n"
+#~ "a gépen, az az entrópiám minõségét is javítani fogja!\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Nem áll rendelkezésre elég véletlen bájt. Kérem, csináljon most valami\n"
+#~ "mást, hogy az operációs rendszer entrópiát gyûjthessen!\n"
+#~ "(Még %d bájt szükséges.)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "titkos kulcs nem áll rendelkezésre"
+
+#, fuzzy
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "GPG ügynök nem elérhetõ ebben a munkafolyamatban.\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "Ön aláírta a következõ felhasználóazonosítókat:\n"
+
+#~ msgid "general error"
+#~ msgstr "általános hiba"
+
+#~ msgid "unknown packet type"
+#~ msgstr "ismeretlen csomagtípus"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "ismeretlen nyilvános kulcsú algoritmus"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "ismeretlen kivonatoló algoritmus"
+
+#~ msgid "bad public key"
+#~ msgstr "rossz nyilvános kulcs"
+
+#~ msgid "bad secret key"
+#~ msgstr "rossz titkos kulcs"
+
+#~ msgid "bad signature"
+#~ msgstr "rossz aláírás"
+
+#~ msgid "checksum error"
+#~ msgstr "hibás ellenõrzõösszeg"
+
+#~ msgid "unknown cipher algorithm"
+#~ msgstr "ismeretlen rejtjelezõ algoritmus"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "nem lehet megnyitni a kulcskarikát"
+
+#~ msgid "invalid packet"
+#~ msgstr "érvénytelen csomag"
+
+#~ msgid "invalid armor"
+#~ msgstr "érvénytelen páncél"
+
+#~ msgid "no such user id"
+#~ msgstr "nincs ilyen felhasználói azonosító"
+
+#~ msgid "secret key not available"
+#~ msgstr "titkos kulcs nem áll rendelkezésre"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "rossz titkos kulcs használata"
+
+#~ msgid "not supported"
+#~ msgstr "nem támogatott"
+
+#~ msgid "bad key"
+#~ msgstr "rossz kulcs"
+
+#~ msgid "file write error"
+#~ msgstr "állományírási hiba"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "ismeretlen tömörítõ algoritmus"
+
+#~ msgid "file open error"
+#~ msgstr "állománymegnyitási hiba"
+
+#~ msgid "file create error"
+#~ msgstr "állománylétrehozási hiba"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "érvénytelen jelszó"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "nem megvalósított nyilvános kulcsú algoritmus"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "nem megvalósított rejtjelezõ algoritmus"
+
+#~ msgid "unknown signature class"
+#~ msgstr "ismeretlen aláírásosztály"
+
+#~ msgid "trust database error"
+#~ msgstr "hibás bizalmi adatbázis"
+
+#~ msgid "resource limit"
+#~ msgstr "erõforráshatár"
+
+#~ msgid "invalid keyring"
+#~ msgstr "érvénytelen kulcskarika"
+
+#~ msgid "malformed user id"
+#~ msgstr "rossz formájú felhasználói azonosító"
+
+#~ msgid "file close error"
+#~ msgstr "állományzárási hiba"
+
+#~ msgid "file rename error"
+#~ msgstr "állományátnevezési hiba"
+
+#~ msgid "file delete error"
+#~ msgstr "állománytörlési hiba"
+
+#~ msgid "unexpected data"
+#~ msgstr "nem várt adat"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "idõbélyeg-konfliktus"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "használhatatlan nyilvános kulcsú algoritmus"
+
+#~ msgid "file exists"
+#~ msgstr "állomány létezik"
+
+#~ msgid "weak key"
+#~ msgstr "gyenge kulcs"
+
+#~ msgid "bad URI"
+#~ msgstr "rossz URI"
+
+#~ msgid "unsupported URI"
+#~ msgstr "nem támogatott URI"
+
+#~ msgid "network error"
+#~ msgstr "hálózati hiba"
+
+#~ msgid "not processed"
+#~ msgstr "nem feldolgozott"
+
+#~ msgid "unusable public key"
+#~ msgstr "használhatatlan nyilvános kulcs"
+
+#~ msgid "unusable secret key"
+#~ msgstr "használhatatlan titkos kulcs"
+
+#~ msgid "keyserver error"
+#~ msgstr "kulcsszerverhiba"
+
+#, fuzzy
+#~ msgid "no card"
+#~ msgstr "nem titkosított"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "Nincs aláírt adat.\n"
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "Ez egy programhiba... (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "FIGYELEM: Nem biztonságos memóriát használunk!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "A mûvelet nem lehetséges biztonságos memória nélkül.\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(Lehet, hogy nem a megfelelõ programot használja a feladatra.)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr ""
+#~ "További információt a http://www.gnupg.org/why-not-idea.html oldalon "
+#~ "talál.\n"
+
+#, fuzzy
+#~ msgid "all export-clean-* options from above"
+#~ msgstr "opciók beolvasása állományból"
+
+#, fuzzy
+#~ msgid "all import-clean-* options from above"
+#~ msgstr "opciók beolvasása állományból"
+
+#, fuzzy
+#~ msgid "expired: %s)"
+#~ msgstr " [lejár: %s]"
+
+#, fuzzy
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr "%08lX kulcs: Váratlan aláírásosztály (0x%02X) - kihagytam.\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "Nem tudom végrehajtani a következõ \"%s\"-t: \"%s\": %s.\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "\"%s\" felhasználói azonosítót már visszavonták.\n"
+
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr "Rossz jelszó vagy ismeretlen rejtjelezõ algoritmus (%d).\n"
+
+#~ msgid "can't set client pid for the agent\n"
+#~ msgstr "Nem tudom beállítani a kliens pid-et az ügynöknek.\n"
+
+#~ msgid "can't get server read FD for the agent\n"
+#~ msgstr ""
+#~ "Nem tudom lekérni a szerver olvasási állományleíróját az ügynöknek.\n"
+
+#~ msgid "can't get server write FD for the agent\n"
+#~ msgstr "Nem tudom lekérni a szerver írási állományleíróját az ügynöknek.\n"
+
+#~ msgid "invalid response from agent\n"
+#~ msgstr "Érvénytelen válasz az ügynöktõl!\n"
+
+#~ msgid "select secondary key N"
+#~ msgstr "N. másodlagos kulcs kiválasztása"
+
+#~ msgid "list signatures"
+#~ msgstr "aláírások kilistázása"
+
+#~ msgid "sign the key"
+#~ msgstr "kulcs aláírása"
+
+#~ msgid "add a secondary key"
+#~ msgstr "másodlagos kulcs (alkulcs) hozzáadása"
+
+#~ msgid "delete signatures"
+#~ msgstr "aláírások törlése"
+
+#~ msgid "change the expire date"
+#~ msgstr "lejárat megváltoztatása"
+
+#~ msgid "set preference list"
+#~ msgstr "preferencialista beállítása"
+
+#~ msgid "updated preferences"
+#~ msgstr "preferenciák frissítése"
+
+#~ msgid "No secondary key with index %d\n"
+#~ msgstr "Nincs %d indexû másodlagos kulcs!\n"
+
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--nrsign-key felh-azonosító"
+
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--nrlsign-key felh-azonosító"
+
+#~ msgid "sign the key non-revocably"
+#~ msgstr "kulcs nem visszavonható aláírása"
+
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "kulcs nem visszavonható helyi aláírása"
+
+#~ msgid "q"
+#~ msgstr "q"
+
+#~ msgid "list"
+#~ msgstr "list"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "debug"
+#~ msgstr "debug"
+
+#, fuzzy
+#~ msgid "name"
+#~ msgstr "enable"
+
+#, fuzzy
+#~ msgid "login"
+#~ msgstr "lsign"
+
+#, fuzzy
+#~ msgid "cafpr"
+#~ msgstr "fpr"
+
+#, fuzzy
+#~ msgid "forcesig"
+#~ msgstr "revsig"
+
+#, fuzzy
+#~ msgid "generate"
+#~ msgstr "általános hiba"
+
+#~ msgid "passwd"
+#~ msgstr "passwd"
+
+#~ msgid "save"
+#~ msgstr "save"
+
+#~ msgid "fpr"
+#~ msgstr "fpr"
+
+#~ msgid "uid"
+#~ msgstr "uid"
+
+#~ msgid "key"
+#~ msgstr "key"
+
+#~ msgid "check"
+#~ msgstr "check"
+
+#~ msgid "c"
+#~ msgstr "c"
+
+#~ msgid "sign"
+#~ msgstr "sign"
+
+#~ msgid "s"
+#~ msgstr "s"
+
+#, fuzzy
+#~ msgid "tsign"
+#~ msgstr "sign"
+
+#~ msgid "lsign"
+#~ msgstr "lsign"
+
+#~ msgid "nrsign"
+#~ msgstr "nrsign"
+
+#~ msgid "nrlsign"
+#~ msgstr "nrlsign"
+
+#~ msgid "adduid"
+#~ msgstr "adduid"
+
+#~ msgid "addphoto"
+#~ msgstr "addphoto"
+
+#~ msgid "deluid"
+#~ msgstr "deluid"
+
+#~ msgid "delphoto"
+#~ msgstr "delphoto"
+
+#, fuzzy
+#~ msgid "addcardkey"
+#~ msgstr "addkey"
+
+#~ msgid "delkey"
+#~ msgstr "delkey"
+
+#~ msgid "addrevoker"
+#~ msgstr "addrevoker"
+
+#~ msgid "delsig"
+#~ msgstr "delsig"
+
+#~ msgid "expire"
+#~ msgstr "expire"
+
+#~ msgid "primary"
+#~ msgstr "primary"
+
+#~ msgid "toggle"
+#~ msgstr "toggle"
+
+#~ msgid "t"
+#~ msgstr "t"
+
+#~ msgid "pref"
+#~ msgstr "pref"
+
+#~ msgid "showpref"
+#~ msgstr "showpref"
+
+#~ msgid "setpref"
+#~ msgstr "setpref"
+
+#~ msgid "updpref"
+#~ msgstr "updpref"
+
+#, fuzzy
+#~ msgid "keyserver"
+#~ msgstr "kulcsszerverhiba"
+
+#~ msgid "trust"
+#~ msgstr "trust"
+
+#~ msgid "revsig"
+#~ msgstr "revsig"
+
+#~ msgid "revuid"
+#~ msgstr "revuid"
+
+#~ msgid "revkey"
+#~ msgstr "revkey"
+
+#~ msgid "disable"
+#~ msgstr "disable"
+
+#~ msgid "enable"
+#~ msgstr "enable"
+
+#~ msgid "showphoto"
+#~ msgstr "showphoto"
+
+#~ msgid "digest algorithm `%s' is read-only in this release\n"
+#~ msgstr "\"%s\" kivonatoló algoritmus csak olvasható ebben a kiadásban\n"
+
+#~ msgid ""
+#~ "About to generate a new %s keypair.\n"
+#~ " minimum keysize is 768 bits\n"
+#~ " default keysize is 1024 bits\n"
+#~ " highest suggested keysize is 2048 bits\n"
+#~ msgstr ""
+#~ "Most egy új %s kulcspárt hozunk létre.\n"
+#~ " minimális kulcsméret: 768 bit\n"
+#~ " alapértelmezett kulcsméret: 1024 bit\n"
+#~ " legnagyobb ajánlott kulcsméret: 2048 bit\n"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "A DSA csak 512 és 1024 közötti kulcsméretet támogat.\n"
+
+#~ msgid "keysize too small; 1024 is smallest value allowed for RSA.\n"
+#~ msgstr "Kulcsméret túl kicsi; 1024 a legkisebb megengedett érték RSA-hoz.\n"
+
+#~ msgid "keysize too small; 768 is smallest value allowed.\n"
+#~ msgstr "Kulcsméret túl kicsi; 768 a legkisebb megengedett érték.\n"
+
+#~ msgid "keysize too large; %d is largest value allowed.\n"
+#~ msgstr "Kulcsméret túl nagy; %d a legnagyobb megengedett érték.\n"
+
+#~ msgid ""
+#~ "Keysizes larger than 2048 are not suggested because\n"
+#~ "computations take REALLY long!\n"
+#~ msgstr ""
+#~ "2048-nál nagyobb kulcsméret nem ajánlott, mert a számítások\n"
+#~ "NAGYON sokáig fognak tartani!\n"
+
+#, fuzzy
+#~ msgid "Are you sure that you want this keysize? (y/N) "
+#~ msgstr "Biztos benne, hogy akarja ezt a kulcsméretet? "
+
+#~ msgid ""
+#~ "Okay, but keep in mind that your monitor and keyboard radiation is also "
+#~ "very vulnerable to attacks!\n"
+#~ msgstr ""
+#~ "Rendben, de vegye figyelembe, hogy a támadók a monitorának vagy\n"
+#~ "a billentyûzetének a sugárzását is felhasználhatják!\n"
+
+#~ msgid "Experimental algorithms should not be used!\n"
+#~ msgstr "Nem szabadna kísérleti algoritmusokat használni!\n"
+
+#~ msgid ""
+#~ "this cipher algorithm is deprecated; please use a more standard one!\n"
+#~ msgstr ""
+#~ "Ez a rejtjelezõ algoritmus nem ajánlott. Kérem, használjon "
+#~ "szabványosabbat!\n"
+
+#~ msgid "sorry, can't do this in batch mode\n"
+#~ msgstr "Sajnálom, ezt nem tudom megcsinálni kötegelt módban!\n"
+
+#, fuzzy
+#~ msgid "can't open file `%s': %s\n"
+#~ msgstr "Nem tudom megnyitni az állományt: %s.\n"
+
+#, fuzzy
+#~ msgid " \""
+#~ msgstr " azaz \""
+
+#~ msgid "key %08lX: key has been revoked!\n"
+#~ msgstr "%08lX kulcs vissza lett vonva!\n"
+
+#~ msgid "key %08lX: subkey has been revoked!\n"
+#~ msgstr "%08lX alkulcs vissza lett vonva!\n"
+
+#~ msgid "%08lX: key has expired\n"
+#~ msgstr "%08lX kulcs lejárt!\n"
+
+#~ msgid "%08lX: We do NOT trust this key\n"
+#~ msgstr "%08lX: Ebben a kulcsban NEM bízunk.\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (auth only)\n"
+#~ msgstr " (%d) RSA (csak aláírás)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign and auth)\n"
+#~ msgstr " (%d) RSA (aláírás és titkosítás)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (encrypt and auth)\n"
+#~ msgstr " (%d) RSA (csak titkosítás)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign, encrypt and auth)\n"
+#~ msgstr " (%d) RSA (aláírás és titkosítás)\n"
+
+#~ msgid "%s: can't open: %s\n"
+#~ msgstr "%s-t nem tudom megnyitni: %s.\n"
+
+#~ msgid "%s: WARNING: empty file\n"
+#~ msgstr "FIGYELEM: \"%s\" üres állomány.\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust marginally\n"
+#~ msgstr " %d = részlegesen megbízom benne\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust fully\n"
+#~ msgstr " %d = teljesen megbízom benne\n"
+
+#, fuzzy
+#~ msgid "expires"
+#~ msgstr "expire"
+
+#, fuzzy
+#~ msgid ""
+#~ "\"\n"
+#~ "locally signed with your key %s at %s\n"
+#~ msgstr ""
+#~ "\"\n"
+#~ "Helyileg aláírva az Ön %08lX kulcsával %s idõpontban.\n"
+
+#~ msgid "%s: can't access: %s\n"
+#~ msgstr "%s: Nem tudom elérni: %s.\n"
+
+#~ msgid "%s: can't create lock\n"
+#~ msgstr "%s: Nem tudok lock-ot létrehozni.\n"
+
+#~ msgid "%s: can't make lock\n"
+#~ msgstr "%s: Nem tudok lock-ot csinálni.\n"
+
+#~ msgid "%s: can't create: %s\n"
+#~ msgstr "%s: Nem tudom létrehozni: %s.\n"
+
+#~ msgid "If you want to use this revoked key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Ha mégis használni akarja ezt a visszavont kulcsot,\n"
+#~ "válaszoljon \"igen\"-nel!"
+
+#~ msgid "Unable to open photo \"%s\": %s\n"
+#~ msgstr "Nem tudom megnyitni a \"%s\" fotót: %s.\n"
+
+#~ msgid "error: missing colon\n"
+#~ msgstr "Hiba: Hiányzó kettõspont.\n"
+
+#~ msgid "error: no ownertrust value\n"
+#~ msgstr "Hiba: Nincs tulajdonosmegbízhatósági érték.\n"
+
+#~ msgid " (main key ID %08lX)"
+#~ msgstr ""
+#~ " \n"
+#~ " (fõ kulcsazonosító: %08lX)"
+
+#~ msgid "rev! subkey has been revoked: %s\n"
+#~ msgstr "rev! Alkulcsot visszavonták: %s.\n"
+
+#~ msgid "rev- faked revocation found\n"
+#~ msgstr "rev- Hamis visszavonást találtam!\n"
+
+#, fuzzy
+#~ msgid " [expired: %s]"
+#~ msgstr " [lejár: %s]"
+
+#~ msgid " [expires: %s]"
+#~ msgstr " [lejár: %s]"
+
+#, fuzzy
+#~ msgid " [revoked: %s]"
+#~ msgstr "[visszavont] "
+
+#~ msgid ""
+#~ "WARNING: digest `%s' is not part of OpenPGP. Use at your own risk!\n"
+#~ msgstr ""
+#~ "FIGYELEM: \"%s\" kivonatoló algoritmus nem része az OpenPGP-nek. Csak "
+#~ "saját felelõsségére használja!\n"
+
+#~ msgid "|[files]|encrypt files"
+#~ msgstr "|[fájlok]|állományok titkosítása"
+
+#~ msgid "store only"
+#~ msgstr "csak tárolás"
+
+#~ msgid "|[files]|decrypt files"
+#~ msgstr "|[fájlok]|állományok visszafejtése"
+
+#~ msgid "sign a key non-revocably"
+#~ msgstr "kulcs aláírása visszavonhatatlanul"
+
+#~ msgid "sign a key locally and non-revocably"
+#~ msgstr "kulcs aláírása helyileg és visszavonhatatlanul"
+
+#~ msgid "list only the sequence of packets"
+#~ msgstr "csak a csomagok listázása"
+
+#~ msgid "export the ownertrust values"
+#~ msgstr "bizalmi értékek exportja"
+
+#~ msgid "unattended trust database update"
+#~ msgstr "bizalmi adatbázis frissítése felügyelet nélkül"
+
+#~ msgid "fix a corrupted trust database"
+#~ msgstr "sérült bizalmi adatbázis kijavítása"
+
+#~ msgid "De-Armor a file or stdin"
+#~ msgstr "páncél eltávolítása állományról vagy bemenetrõl"
+
+#~ msgid "En-Armor a file or stdin"
+#~ msgstr "állomány vagy bemenet páncélozása"
+
+#~ msgid "do not force v3 signatures"
+#~ msgstr "ne erõltesse a 3-as verziójú aláírásokat"
+
+#~ msgid "force v4 key signatures"
+#~ msgstr "4-es verziójú aláírások erõltetése"
+
+#~ msgid "do not force v4 key signatures"
+#~ msgstr "ne erõltesse a 4-es verziójú aláírásokat"
+
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "soha ne használjon MDC-t titkosításkor"
+
+#~ msgid "use the gpg-agent"
+#~ msgstr "gpg ügynök használata"
+
+#~ msgid "|[file]|write status info to file"
+#~ msgstr "|[fájl]|állapotinformációk állományba írása"
+
+#~ msgid "|KEYID|ultimately trust this key"
+#~ msgstr "|KULCS|alapvetõen megbízunk ebben a kulcsban"
+
+#~ msgid "emulate the mode described in RFC1991"
+#~ msgstr "RFC1991-ben leírt mód emulációja"
+
+#~ msgid "set all packet, cipher and digest options to OpenPGP behavior"
+#~ msgstr "opciók OpenPGP módra állítása"
+
+#~ msgid "set all packet, cipher and digest options to PGP 2.x behavior"
+#~ msgstr "opciók PGP 2.x módra állítása"
+
+#~ msgid "|NAME|use message digest algorithm NAME for passphrases"
+#~ msgstr "|NÉV|NÉV kivonatoló algoritmus haszn. jelszavakhoz"
+
+#~ msgid "throw keyid field of encrypted packets"
+#~ msgstr "titkosított csomagok keyid mezõjének eldobása"
+
+#~ msgid "Show Photo IDs"
+#~ msgstr "fotóazonosítók mutatása"
+
+#~ msgid "Don't show Photo IDs"
+#~ msgstr "ne mutassa a fotóazonosítókat"
+
+#~ msgid "Set command line to view Photo IDs"
+#~ msgstr "parancssor állítása fotóazonosítók megnézéséhez"
+
+#~ msgid "compress algorithm `%s' is read-only in this release\n"
+#~ msgstr "\"%s\" tömörítõalgoritmus csak olvasható ebben a kiadásban.\n"
+
+#~ msgid "compress algorithm must be in range %d..%d\n"
+#~ msgstr "A tömörítõalgoritmus száma %d és %d közé kell essen!\n"
+
+#~ msgid ""
+#~ "%08lX: It is not sure that this key really belongs to the owner\n"
+#~ "but it is accepted anyway\n"
+#~ msgstr ""
+#~ "%08lX: Nem biztos, hogy ez a kulcs valóban a jelzett tulajdonoshoz\n"
+#~ "tartozik, ennek ellenére elfogadtuk.\n"
+
+#~ msgid "preference %c%lu is not valid\n"
+#~ msgstr "%c%lu preferencia érvénytelen!\n"
+
+#~ msgid "key %08lX: not a rfc2440 key - skipped\n"
+#~ msgstr "%08lX kulcs: nem rfc2440 kulcs - kihagytam.\n"
+
+#~ msgid ""
+#~ "NOTE: Elgamal primary key detected - this may take some time to import\n"
+#~ msgstr ""
+#~ "MEGJEGYZÉS: Elgamal elsõdleges kulcsot érzékeltem.\n"
+#~ "Eltarthat egy ideig az importálása.\n"
+
+#~ msgid " (default)"
+#~ msgstr " (alapértelmezés)"
+
+#~ msgid "%s%c %4u%c/%08lX created: %s expires: %s"
+#~ msgstr "%s%c %4u%c/%08lX létrehozva: %s lejár: %s"
+
+#~ msgid "Policy: "
+#~ msgstr "Eljárásmód: "
+
+#~ msgid "can't get key from keyserver: %s\n"
+#~ msgstr "Nem tudom lehívni a kulcsot a %s kulcsszerverrõl.\n"
+
+#~ msgid "success sending to `%s' (status=%u)\n"
+#~ msgstr "Sikeresen felküldtem %s kulcsszerverre. (Státusz: %u.)\n"
+
+#~ msgid "failed sending to `%s': status=%u\n"
+#~ msgstr "Nem tudtam felküldeni %s kulcsszerverre. Státusz: %u.\n"
+
+#~ msgid "this keyserver does not support --search-keys\n"
+#~ msgstr "Ez a kulcsszerver nem támogatja a --search-keys kapcsolót.\n"
+
+#~ msgid "can't search keyserver: %s\n"
+#~ msgstr "Nem tudok keresni a %s kulcsszerveren.\n"
+
+#~ msgid ""
+#~ "key %08lX: this is a PGP generated ElGamal key which is NOT secure for "
+#~ "signatures!\n"
+#~ msgstr ""
+#~ "%08lX kulcs: Ez egy PGP által létrehozott ElGamal kulcs, mely\n"
+#~ "NEM biztonságos aláírásokhoz!\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu second in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "%08lX kulcs %lu másodperccel a jövõben készült. (Idõugrás vagy "
+#~ "óraprobléma.)\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu seconds in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "%08lX kulcs %lu másodperccel a jövõben készült. (Idõugrás vagy "
+#~ "óraprobléma.)\n"
+
+#~ msgid "key %08lX marked as ultimately trusted\n"
+#~ msgstr "A(z) %08lX kulcs alapvetõen megbízhatónak lett jelölve.\n"
+
+#~ msgid "signature from Elgamal signing key %08lX to %08lX skipped\n"
+#~ msgstr ""
+#~ "%08lX Elgamal aláírókulccsal %08lX kulcshoz készült aláírást kihagytam.\n"
+
+#~ msgid "signature from %08lX to Elgamal signing key %08lX skipped\n"
+#~ msgstr ""
+#~ "%08lX kulccsal %08lX Elgamal aláírókulcshoz készült aláírást kihagytam.\n"
+
+#~ msgid "checking at depth %d signed=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+#~ msgstr ""
+#~ "Vizsgálok a(z) %d. szinten, aláírt=%d tb(-/k/n/r/t/a)=%d/%d/%d/%d/%d/%d.\n"
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the digital signature algorithm which can only be used\n"
+#~ "for signatures. This is the suggested algorithm because verification of\n"
+#~ "DSA signatures are much faster than those of ElGamal.\n"
+#~ "\n"
+#~ "ElGamal is an algorithm which can be used for signatures and encryption.\n"
+#~ "OpenPGP distinguishs between two flavors of this algorithms: an encrypt "
+#~ "only\n"
+#~ "and a sign+encrypt; actually it is the same, but some parameters must be\n"
+#~ "selected in a special way to create a safe key for signatures: this "
+#~ "program\n"
+#~ "does this but other OpenPGP implementations are not required to "
+#~ "understand\n"
+#~ "the signature+encryption flavor.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of "
+#~ "signing;\n"
+#~ "this is the reason why the encryption only ElGamal key is not available "
+#~ "in\n"
+#~ "this menu."
+#~ msgstr ""
+#~ "Válassza ki a használni kívánt algoritmust!\n"
+#~ "\n"
+#~ "A DSA (más néven DSS) egy digitális aláírási algoritmus, mely kizárólag\n"
+#~ "aláírásokhoz használható. Ez az ajánlott algoritmus, mivel a DSA "
+#~ "aláírások\n"
+#~ "ellenõrzése jóval gyorsabb az ElGamal aláírásokénál.\n"
+#~ "\n"
+#~ "Az ElGamal egy algoritmus, mely aláírásokhoz és titkosításhoz is\n"
+#~ "használható. Az OpenPGP az algoritmus két fajtáját különbözteti meg:\n"
+#~ "egy csak titkosítót, és egy aláírót és titkosítót. Tulajdonképpen ez\n"
+#~ "a kettõ ugyanaz, de néhány paramétert speciálisan kell megválasztani\n"
+#~ "ahhoz, hogy a kulcs biztonságos legyen aláírás-készítéshez. Ez a program\n"
+#~ "megteszi ezt, de más OpenPGP megvalósításoknak nem kötelezõ érteni a\n"
+#~ "az aláíró+titkosító fajtát.\n"
+#~ "\n"
+#~ "Az elsõdleges kulcsnak mindig olyannak kell lenni, amely képes aláírni.\n"
+#~ "Ez az oka annak, hogy a csak titkosító ElGamal kulcs nem szerepel ebben\n"
+#~ "a menüben."
+
+#~ msgid ""
+#~ "Although these keys are defined in RFC2440 they are not suggested\n"
+#~ "because they are not supported by all programs and signatures created\n"
+#~ "with them are quite large and very slow to verify."
+#~ msgstr ""
+#~ "Habár ezek a kulcsok definiáltak az RFC2440-ben, mégsem ajánljuk õket,\n"
+#~ "mert nem támogatottak minden programban, és az ezekkel készült aláírások\n"
+#~ "nagyon hosszúak, és nagyon lassú az ellenõrzésük."
+
+#~ msgid "%lu keys so far checked (%lu signatures)\n"
+#~ msgstr "%lu kulcsot ellenõriztem eddig (%lu aláírással).\n"
+
+#~ msgid "key incomplete\n"
+#~ msgstr "hiányos kulcs\n"
+
+#~ msgid "key %08lX incomplete\n"
+#~ msgstr "A(z) %08lX kulcs hiányos.\n"
+
+#~ msgid "quit|quit"
+#~ msgstr "kilépés"
+
+#~ msgid " (%d) ElGamal (sign and encrypt)\n"
+#~ msgstr " (%d) ElGamal (aláírás és titkosítás)\n"
+
+#~ msgid ""
+#~ "The use of this algorithm is only supported by GnuPG. You will not be\n"
+#~ "able to use this key to communicate with PGP users. This algorithm is "
+#~ "also\n"
+#~ "very slow, and may not be as secure as the other choices.\n"
+#~ msgstr ""
+#~ "Ennek az algoritmusnak a használatát csak a GnuPG támogatja. Ezzel\n"
+#~ "a kulccsal Ön nem fog tudni kommunikálni a PGP-t használókkal. Továbbá\n"
+#~ "ez az algoritmus nagyon lassú, és talán nem is olyan biztonságos, mint\n"
+#~ "a többi választható.\n"
+
+#~ msgid "Create anyway? "
+#~ msgstr "Mégis létrehozzam? "
+
+#~ msgid "invalid symkey algorithm detected (%d)\n"
+#~ msgstr "Érvénytelen szimmetrikus kulcsú algoritmust találtam (%d).\n"
+
+#~ msgid "this keyserver is not fully HKP compatible\n"
+#~ msgstr "Ez a kulcsszerver nem teljesen HKP kompatíbilis.\n"
diff --git a/po/id.gmo b/po/id.gmo
new file mode 100644
index 0000000..242052c
--- /dev/null
+++ b/po/id.gmo
Binary files differ
diff --git a/po/id.po b/po/id.po
new file mode 100644
index 0000000..c5e367f
--- /dev/null
+++ b/po/id.po
@@ -0,0 +1,9984 @@
+# translation of gnupg-id.po to Indonesian
+# gnupg 1.2.4 (Indonesian)
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+# Tedi Heriyanto <tedi_h@gmx.net>, 1999, 2000, 2001, 2002, 2003, 2004.
+# !-- user is unknown (2011-01-11)
+#
+# Designated-Translator: none
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg-id\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2004-06-17 16:32+0700\n"
+"Last-Translator: Tedi Heriyanto <tedi_h@gmx.net>\n"
+"Language-Team: Indonesian <translation-team-id@lists.sourceforge.net>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.3\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "gagal inisialisasi TrustDB: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr ""
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "baris terlalu panjang\n"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "passphrase terlalu panjang\n"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Karakter tidak valid dalam nama\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "MPI yang buruk"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "passphrase yang buruk"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "passphrase yang buruk"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "algoritma proteksi %d%s tidak didukung\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "tidak dapat membuat %s: %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "tidak dapat membuka `%s': %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "kesalahan menulis keyring rahasia `%s': %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "tidak ditemukan keyring rahasia yang dapat ditulisi: %s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "gagal menghapus keyblok: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "kesalahan menulis keyring `%s': %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "ubah passphrase"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: gagal membuat hashtable: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr ""
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Ulangi passphrase: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Ulangi passphrase: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Ulangi passphrase: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "passphrase tidak diulang dengan benar; coba lagi"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "passphrase tidak diulang dengan benar; coba lagi"
+
+#: agent/divert-scd.c:298
+#, fuzzy
+msgid "PIN not correctly repeated; try again"
+msgstr "passphrase tidak diulang dengan benar; coba lagi"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr ""
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "menulis ke `%s'\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "Masukkan passphrase\n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Tetap gunakan kunci ini? "
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"Anda perlu sebuah passphrase untuk melindungi kunci rahasia anda.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "ubah passphrase"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Pilihan:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "detil"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "lebih diam"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "|FILE|muat modul ekstensi FILE"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "cari kunci di key server"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr "Perbarui preferensi untuk user ID terpilih?"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "perbarui database trust"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Laporkan bug ke <gnupg-bugs@gnu.org>.\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "CATATAN: tidak ada file pilihan baku `%s'\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "file pilihan `%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "membaca pilihan dari `%s'\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "kesalahan penciptaan : `%s': %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "tidak dapat membuat direktori `%s': %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "tidak dapat membuat %s: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1525
+#, fuzzy
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "gpg-agent tidak tersedia untuk sesi ini\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "kesalahan mengirim ke `%s': %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "gagal memperbarui: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "menulis kunci rahasia ke `%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, fuzzy, c-format
+msgid "directory `%s' created\n"
+msgstr "%s: direktori tercipta\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "trustdb: read failed (n=%d): %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "%s: tidak dapat membuat direktori: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "gagal perbarui rahasia: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "%s: dilewati: %s\n"
+
+#: agent/gpg-agent.c:2232
+#, fuzzy
+msgid "no gpg-agent running in this session\n"
+msgstr "gpg-agent tidak tersedia untuk sesi ini\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "variabel lingkungan GPG_AGENT_INFO salah bentuk\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "protokol gpg-agent versi %d tidak didukung\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Perintah:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Pilihan:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "passphrase yang buruk"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "Batal"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "kunci '%s' tidak ditemukan: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "bagian kunci rahasia tidak tersedia\n"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "kesalahan pembacaan: %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "y|ya"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "ubah passphrase"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "tidak dapat membuka file: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "kesalahan menulis keyring rahasia `%s': %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "kesalahan penciptaan : `%s': %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "[User id tidak ditemukan]"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent tidak tersedia untuk sesi ini\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "tidak dapat terkoneksi ke `%s': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "masalah komunikasi dengan gpg-agent\n"
+
+#: common/simple-pwquery.c:416
+#, fuzzy
+msgid "problem setting the gpg-agent options\n"
+msgstr "masalah dengan agen: agen mengembalikan 0x%lx\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "dibatalkan oleh user\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+#, fuzzy
+msgid "problem with the agent\n"
+msgstr "masalah dengan agen: agen mengembalikan 0x%lx\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "tidak dapat meniadakan core dump: %s\n"
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "Peringatan: kepemilikan tidak aman pada %s \"%s\"\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "Peringatan: permisi tidak aman pada %s \"%s\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "y|ya"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "yY"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "n|t|tidak"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "tT"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "q|k|keluar"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "kK"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+#, fuzzy
+msgid "cC"
+msgstr "c"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "sertifikat yang buruk"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "sertifikat yang buruk"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "sertifikat yang buruk"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "sertifikat yang buruk"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "sertifikat yang buruk"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "sertifikat yang buruk"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "sertifikat yang buruk"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr "sertifikat yang buruk"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "Kunci tersedia di:"
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: keyring tercipta\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "armor: %s\n"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Algoritma yang didukung:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "tidak dienkripsi"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "algoritma hash tidak valid `%s'\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Signature kadaluwarsa %s\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "algoritma hash tidak valid `%s'\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "algoritma proteksi %d%s tidak didukung\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "verifikasi signature tidak diabaikan\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "Signature kadaluwarsa %s\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "Signature baik dari \""
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "algoritma hash tidak valid `%s'\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "Signature kadaluwarsa %s\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "Kunci ini telah berakhir!"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr "sertifikat yang buruk"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "sertifikat yang buruk"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Kunci tersedia di:"
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "sertifikat yang buruk"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "sertifikat yang buruk"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "versi tidak dikenal"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "Tidak tersedia bantuan untuk `%s'"
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "kesalahan dalam garis trailer\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "tidak dikenal"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "armor: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "header armor tidak valid: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "header armor: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "header clearsig tidak valid\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "header armor: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "signature teks bersarang\n"
+
+#: g10/armor.c:643
+#, fuzzy
+msgid "unexpected armor: "
+msgstr "armor tidak terduga:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "dash escaped line tidak valid: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, fuzzy, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "karakter radix64 tidak valid %02x dilewati\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "eof prematur (tanpa CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "eof prematur (dalam CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "CRC tidak tepat\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, fuzzy, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "kesalahan CRC; %06lx - %06lx\n"
+
+#: g10/armor.c:919
+#, fuzzy
+msgid "premature eof (in trailer)\n"
+msgstr "eof prematur (dalam Trailer)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "kesalahan dalam garis trailer\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "tidak ditemukan data OpenPGP yang valid.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "armor tidak valid: baris melebihi %d karakter\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"karakter yang dapat dicetak dalam armor - mungkin telah digunakan MTA yang "
+"mengandung bug\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"nama notasi harus hanya terdiri dari karakter yang dapat dicetak atau spasi, "
+"dan diakhiri dengan sebuah '='\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "nama notasi pengguna tidak boleh mengandung karakter '@'\n"
+
+#: g10/build-packet.c:994
+#, fuzzy
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "nama notasi pengguna tidak boleh mengandung karakter '@'\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "nilai notasi tidak boleh menggunakan karakter kendali\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "PERINGATAN: ditemukan notasi data tidak valid\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "tidak dapat dibaca manusia"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, fuzzy, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "kunci rahasia tidak tersedia"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr ""
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+#, fuzzy
+msgid "can't do this in batch mode\n"
+msgstr "tidak dapat melakukan hal itu dalam mode batch\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "Perintah ini tidak dibolehkan saat dalam mode %s.\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "bagian kunci rahasia tidak tersedia\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Pilihan anda? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr ""
+
+#: g10/card-util.c:512
+#, fuzzy
+msgid "male"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "female"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "unspecified"
+msgstr "Tidak ada alasan diberikan"
+
+#: g10/card-util.c:540
+#, fuzzy
+msgid "not forced"
+msgstr "tidak diproses"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr ""
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr ""
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr ""
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr ""
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:693
+#, fuzzy
+msgid "URL to retrieve public key: "
+msgstr "tidak ada kunci publik yang sesuai: %s\n"
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "kesalahan menulis keyring `%s': %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "kesalahan menulis keyring `%s': %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr ""
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:1005
+#, fuzzy
+msgid "Language preferences: "
+msgstr "perbarui preferensi"
+
+#: g10/card-util.c:1013
+#, fuzzy
+msgid "Error: invalid length of preference string.\n"
+msgstr "Karakter tidak valid dalam string preferensi\n"
+
+#: g10/card-util.c:1022
+#, fuzzy
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Karakter tidak valid dalam string preferensi\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr ""
+
+#: g10/card-util.c:1058
+#, fuzzy
+msgid "Error: invalid response.\n"
+msgstr "kesalahan: fingerprint tidak valid\n"
+
+#: g10/card-util.c:1080
+#, fuzzy
+msgid "CA fingerprint: "
+msgstr "tampilkan fingerprint"
+
+#: g10/card-util.c:1103
+#, fuzzy
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "kesalahan: fingerprint tidak valid\n"
+
+#: g10/card-util.c:1153
+#, fuzzy, c-format
+msgid "key operation not possible: %s\n"
+msgstr "Pembuatan kunci gagal: %s\n"
+
+#: g10/card-util.c:1154
+#, fuzzy
+msgid "not an OpenPGP card"
+msgstr "tidak ditemukan data OpenPGP yang valid.\n"
+
+#: g10/card-util.c:1167
+#, fuzzy, c-format
+msgid "error getting current key info: %s\n"
+msgstr "kesalahan menulis keyring rahasia `%s': %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Keysize yang anda inginkan? (1024) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Keysize yang anda inginkan? (1024) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Keysize yang anda inginkan? (1024) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "dibulatkan hingga %u bit\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "kesalahan mengirim ke `%s': %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "dilewati: kunci pribadi telah ada\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+
+#: g10/card-util.c:1449
+#, fuzzy
+msgid "Please select the type of key to generate:\n"
+msgstr "Silakan pilih kunci yang anda inginkan:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+#, fuzzy
+msgid " (1) Signature key\n"
+msgstr "Signature kadaluwarsa %s\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+#, fuzzy
+msgid " (2) Encryption key\n"
+msgstr " (%d) RSA (hanya enkripsi)\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr ""
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Pilihan tidak valid.\n"
+
+#: g10/card-util.c:1556
+#, fuzzy
+msgid "Please select where to store the key:\n"
+msgstr "Silakan pilih alasan untuk pembatalan:\n"
+
+#: g10/card-util.c:1600
+#, fuzzy
+msgid "unknown key protection algorithm\n"
+msgstr "algoritma proteksi tidak dikenal\n"
+
+#: g10/card-util.c:1605
+#, fuzzy
+msgid "secret parts of key are not available\n"
+msgstr "Bagian rahasia kunci primer tidak tersedia.\n"
+
+#: g10/card-util.c:1610
+#, fuzzy
+msgid "secret key already stored on a card\n"
+msgstr "dilewati: kunci pribadi telah ada\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "kesalahan menulis keyring `%s': %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "berhenti dari menu ini"
+
+#: g10/card-util.c:1684
+#, fuzzy
+msgid "show admin commands"
+msgstr "perintah saling konflik\n"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "tampilkan bantuan"
+
+#: g10/card-util.c:1687
+#, fuzzy
+msgid "list all available data"
+msgstr "Kunci tersedia di:"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr ""
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr ""
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr ""
+
+#: g10/card-util.c:1693
+#, fuzzy
+msgid "change the login name"
+msgstr "ubah tanggal kadaluarsa"
+
+#: g10/card-util.c:1694
+#, fuzzy
+msgid "change the language preferences"
+msgstr "ubah ownertrust"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr ""
+
+#: g10/card-util.c:1696
+#, fuzzy
+msgid "change a CA fingerprint"
+msgstr "tampilkan fingerprint"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+#, fuzzy
+msgid "generate new keys"
+msgstr "buat sepasang kunci baru"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr ""
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+#, fuzzy
+msgid "Admin-only command\n"
+msgstr "perintah saling konflik\n"
+
+#: g10/card-util.c:1895
+#, fuzzy
+msgid "Admin commands are allowed\n"
+msgstr "perintah saling konflik\n"
+
+#: g10/card-util.c:1897
+#, fuzzy
+msgid "Admin commands are not allowed\n"
+msgstr "menulis kunci rahasia ke `%s'\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Perintah tidak valid (coba \"help\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output tidak berfungsi untuk perintah ini\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "tidak dapat membuka `%s'\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, fuzzy, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "kunci '%s' tidak ditemukan: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "gagal membaca keyblock: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(kecuali anda menspesifikasikan kunci dengan fingerprint)\n"
+
+#: g10/delkey.c:133
+#, fuzzy
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "tidak dapat dilakukan dalam mode batch tanpa \"--yes\"\n"
+
+#: g10/delkey.c:145
+#, fuzzy
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Menghapus kunci ini dari keyring? "
+
+#: g10/delkey.c:153
+#, fuzzy
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Ini adalah kunci rahasia! - Yakin dihapus? "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "gagal menghapus keyblok: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "informasi ownertrust dihapus\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "terdapat kunci rahasia untuk kunci publik \"%s\"!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "gunakan pilihan \"--delete-secret-key\" untuk menghapusnya.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "tidak dapat menggunakan paket simetri ESK karena mode S2K\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "menggunakan cipher %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "`%s' sudah dikompresi\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "PERINGATAN: `%s' adalah file kosong\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"anda hanya dapat mengenkripsi ke kunci RSA 2048 bit atau kurang dalam mode --"
+"pgp2\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "Membaca dari `%s'\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"tidak dapat menggunakan cipher IDEA untuk semua kunci yang anda enkripsi.\n"
+
+#: g10/encode.c:559
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "memaksa cipher simetrik %s (%d) melanggar preferensi penerima\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr "memaksa algoritma kompresi %s (%d) melanggar preferensi penerima\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "memaksa cipher simetrik %s (%d) melanggar preferensi penerima\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "anda tidak boleh menggunakan %s saat dalam mode %s.\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s dienkripsi untuk: %s\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s data terenkripsi\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "dienkripsi dengan algoritma tidak dikenal %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"PERINGATAN: pesan dienkripsi dengan kunci lemah dalam cipher simetrik.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "masalah menangani paket terenkripsi\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "tidak ada eksekusi program remote yang didukung\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"pemanggilan program eksternal ditiadakan karena permisi opsi file tidak "
+"aman\n"
+
+#: g10/exec.c:338
+#, fuzzy
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"platform ini membutuhkan file temp ketika memanggil program eksternal\n"
+
+#: g10/exec.c:416
+#, fuzzy, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "tidak dapat mengeksekusi %s \"%s\": %s\n"
+
+#: g10/exec.c:419
+#, fuzzy, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "tidak dapat mengeksekusi %s \"%s\": %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "kesalahan sistem ketika memanggil program eksternal: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "program eksternal berhenti secara tidak natual\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "tidak dapat mengeksekusi program eksternal\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "tidak dapat membaca tanggapan program eksternal: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "PERINGATAN: tidak dapat menghapus file temp (%s) `%s': %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "PERINGATAN: tidak dapat menghapus direktori temp `%s': %s\n"
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr ""
+"\n"
+"Signature akan ditandai sebagai tidak dapat dibatalkan.\n"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+#, fuzzy
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "tidak ditemukan kunci pembatalan untuk `%s'\n"
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr "batalkan kunci sekunder"
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "kunci rahasia tidak dapat dipakai"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+#, fuzzy
+msgid "exporting secret keys not allowed\n"
+msgstr "menulis kunci rahasia ke `%s'\n"
+
+#: g10/export.c:367
+#, fuzzy, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "kunci %08lX: tidak diproteksi - dilewati\n"
+
+#: g10/export.c:375
+#, fuzzy, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "kunci %08lX: kunci gaya PGP 2.x - dilewati\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "kunci %08lX: signature subkey di tempat yang salah - dilewati\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "gagal inisialisasi TrustDB: %s\n"
+
+#: g10/export.c:584
+#, fuzzy, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr ""
+"PERINGATAN: kunci rahasia %08lX tidak memiliki sebuah checksum SK sederhana\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "PERINGATAN: tidak ada yang diekspor\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "terlalu banyak masukan dalam pk cache - ditiadakan\n"
+
+#: g10/getkey.c:175
+#, fuzzy
+msgid "[User ID not found]"
+msgstr "[User id tidak ditemukan]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "kesalahan penciptaan : `%s': %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "tampilkan fingerprint"
+
+#: g10/getkey.c:1930
+#, fuzzy, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr "kunci tidak valid %08lX dibuat valid oleh --allow-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, fuzzy, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "tidak ada subkey rahasia untuk subkey publik %08lX. diabaikan\n"
+
+#: g10/getkey.c:2759
+#, fuzzy, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "menggunakan kunci sekunder %08lX bukannya kunci primer %08lX\n"
+
+#: g10/getkey.c:2806
+#, fuzzy, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "kunci %08lX: kunci rahasia tanpa kunci publik - dilewati\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "buat detached signature"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[file]|buat signature teks"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "buat detached signature"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "enkripsi data"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "enkripsi hanya dengan symmetric cipher"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "dekripsi data (default)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "verifikasi signature"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "tampilkan kunci"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "tampilkan kunci dan signature"
+
+#: g10/gpg.c:389
+#, fuzzy
+msgid "list and check key signatures"
+msgstr "periksa signature kunci"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "tampilkan kunci dan fingerprint"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "tampilkan kunci rahasia"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "buat sepasang kunci baru"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "buat sertifikat revokasi"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "hapus kunci dari keyring publik"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "hapus kunci dari keyring pribadi"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "tandai kunci"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "tandai kunci secara lokal"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "tandai atau edit kunci"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "ubah passphrase"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "ekspor kunci"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "ekspor kunci ke key server"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "impor kunci dari key server"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "cari kunci di key server"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "update semua kunci dari keyserver"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "impor/gabung kunci"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr ""
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr ""
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr ""
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "perbarui database trust"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|algo [file]|cetak digest pesan"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "ciptakan output ascii"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|NAMA|enkripsi untuk NAMA"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "gunakan id-user ini untuk menandai/dekripsi"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|set tingkat kompresi N (0 tidak ada)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "gunakan mode teks kanonikal"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "|FILE|muat modul ekstensi FILE"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "jangan buat perubahan"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "tanya sebelum menimpa"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr ""
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Lihat man page untuk daftar lengkap semua perintah dan option)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Contoh:\n"
+"\n"
+" -se -r Bob [file] tandai dan enkripsi untuk user Bob\n"
+" --clearsign [file] buat signature berbentuk teks\n"
+" --detach-sign [file] buat signature detached\n"
+" --list-keys [nama] tampilkan kunci\n"
+" --fingerprint [nama] tampilkan fingerprint\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintaks: gpg [pilihan] [file]\n"
+"tandai, cek, enkripsi atau dekripsi\n"
+"operasi baku tergantung pada data input\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Algoritma yang didukung:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Pubkey: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Cipher: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Hash: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Kompresi: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "pemakaian: gpg [pilihan] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "perintah saling konflik\n"
+
+#: g10/gpg.c:1176
+#, fuzzy, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "tanda = tidak ditemukan dalam definisi grup \"%s\"\n"
+
+#: g10/gpg.c:1373
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "Peringatan: kepemilikan tidak aman pada %s \"%s\"\n"
+
+#: g10/gpg.c:1376
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "Peringatan: kepemilikan tidak aman pada %s \"%s\"\n"
+
+#: g10/gpg.c:1379
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "Peringatan: kepemilikan tidak aman pada %s \"%s\"\n"
+
+#: g10/gpg.c:1385
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "Peringatan: permisi tidak aman pada %s \"%s\"\n"
+
+#: g10/gpg.c:1388
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "Peringatan: permisi tidak aman pada %s \"%s\"\n"
+
+#: g10/gpg.c:1391
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "Peringatan: permisi tidak aman pada %s \"%s\"\n"
+
+#: g10/gpg.c:1397
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "Peringatan: kepemilikan direktori tidak aman pada %s \"%s\"\n"
+
+#: g10/gpg.c:1400
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr "Peringatan: kepemilikan direktori tidak aman pada %s \"%s\"\n"
+
+#: g10/gpg.c:1403
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "Peringatan: kepemilikan direktori tidak aman pada %s \"%s\"\n"
+
+#: g10/gpg.c:1409
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "Peringatan: permisi direktori tidak aman pada %s \"%s\"\n"
+
+#: g10/gpg.c:1412
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr "Peringatan: permisi direktori tidak aman pada %s \"%s\"\n"
+
+#: g10/gpg.c:1415
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "Peringatan: permisi direktori tidak aman pada %s \"%s\"\n"
+
+#: g10/gpg.c:1595
+#, fuzzy, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "Item Konfigurasi tidak dikenal \"%s\"\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+#, fuzzy
+msgid "show all notations during signature listings"
+msgstr "Tidak ada signature koresponden di ring rahasia\n"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "URL signature kebijakan yang diberikan tidak valid\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr "tampilkan keyring tempat kunci yang dipilih berada"
+
+#: g10/gpg.c:1721
+#, fuzzy
+msgid "show expiration dates during signature listings"
+msgstr "Tidak ada signature koresponden di ring rahasia\n"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "CATATAN: file pilihan baku lama `%s' diabaikan\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "CATATAN: %s tidak untuk pemakaian normal!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, fuzzy, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "%s bukanlah set karakter yang valid\n"
+
+#: g10/gpg.c:2624
+#, fuzzy, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "%s bukanlah set karakter yang valid\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+#, fuzzy
+msgid "could not parse keyserver URL\n"
+msgstr "tidak dapat memparsing URI keyserver\n"
+
+#: g10/gpg.c:2659
+#, fuzzy, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: opsi ekspor tidak valid\n"
+
+#: g10/gpg.c:2662
+#, fuzzy
+msgid "invalid keyserver options\n"
+msgstr "opsi ekspor tidak valid\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: opsi impor tidak valid\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "opsi impor tidak valid\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: opsi ekspor tidak valid\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "opsi ekspor tidak valid\n"
+
+#: g10/gpg.c:2689
+#, fuzzy, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: opsi impor tidak valid\n"
+
+#: g10/gpg.c:2692
+#, fuzzy
+msgid "invalid list options\n"
+msgstr "opsi impor tidak valid\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "%s bukanlah set karakter yang valid\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "URL signature kebijakan yang diberikan tidak valid\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "%s bukanlah set karakter yang valid\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "%s bukanlah set karakter yang valid\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, fuzzy, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: opsi ekspor tidak valid\n"
+
+#: g10/gpg.c:2732
+#, fuzzy
+msgid "invalid verify options\n"
+msgstr "opsi ekspor tidak valid\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "tidak dapat menset path exec ke %s\n"
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: opsi ekspor tidak valid\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "PERINGATAN: program mungkin membuat file core!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "PERINGATAN: %s menimpa %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s tidak dibolehkan dengan %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s tidak masuk akal dengan %s!\n"
+
+#: g10/gpg.c:3057
+#, fuzzy, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "menulis kunci rahasia ke `%s'\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+"anda hanya dapat membuat signature detached atau clear saat dalam mode --"
+"pgp2\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr ""
+"anda tidak dapat menandai dan mengenkripsi pada saat bersamaan dalam mode --"
+"pgp2\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+"anda harus menggunakan file (dan bukan pipe) saat bekerja dengan opsi --"
+"pgpg2\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "mengenkripsi pesan dalam mode --pgp2 membutuhkan cipher IDEA\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "algoritma cipher yang dipilih tidak valid\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "algoritma digest yang dipilih tidak valid\n"
+
+#: g10/gpg.c:3175
+#, fuzzy
+msgid "selected compression algorithm is invalid\n"
+msgstr "algoritma cipher yang dipilih tidak valid\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "algoritma sertifikasi digest yang dipilih tidak valid\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed harus lebih dari 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed harus lebih dari 1\n"
+
+#: g10/gpg.c:3200
+#, fuzzy
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth harus di antara 1 hingga 255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "level cert default tidak valid; harus 0, 1, 2, atau 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "level cert min tidak valid; harus 0, 1, 2, atau 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "CATATAN: mode S2K sederhana (0) tidak dianjurkan\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "mode S2K yang tidak valid; harus 0, 1 atau 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "preferensi baku tidak valid\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "preferensi cipher personal tidak valid\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "preferensi digest personal tidak valid\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "preferensi kompresi personal tidak valid\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s belum dapat dipakai dengan %s\n"
+
+#: g10/gpg.c:3310
+#, fuzzy, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr ""
+"anda tidak boleh menggunakan algoritma cipher \"%s\" saat dalam mode %s.\n"
+
+#: g10/gpg.c:3315
+#, fuzzy, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr ""
+"anda tidak boleh menggunakan algoritma digest \"%s\" saat dalam mode %s.\n"
+
+#: g10/gpg.c:3320
+#, fuzzy, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr ""
+"anda tidak boleh menggunakan algoritma kompresi \"%s\" saat dalam mode %s.\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "gagal inisialisasi TrustDB: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"Peringatan: penerima yang disebutkan (-r) tanpa menggunakan enkripsi public "
+"key \n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [namafile]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [namafile]"
+
+#: g10/gpg.c:3447
+#, fuzzy, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "dekripsi gagal: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [namafile]"
+
+#: g10/gpg.c:3470
+#, fuzzy
+msgid "--symmetric --encrypt [filename]"
+msgstr "--sign --encrypt [namafile]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "anda tidak boleh menggunakan %s saat dalam mode %s.\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [namafile]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [namafile]"
+
+#: g10/gpg.c:3521
+#, fuzzy
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--sign --encrypt [namafile]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "anda tidak boleh menggunakan %s saat dalam mode %s.\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [namafile]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [namafile]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [namafile]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key id-user"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key id-user"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key id-user [perintah]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key id-user"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "Pengiriman keyserver gagal: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "Penerimaan keyserver gagal: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "Ekspor kunci gagal: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "Pencarian keyserver gagal: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "Refresh keyserver gagal: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "gagal dearmoring: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "gagal enarmoring: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "algoritma hash tidak valid `%s'\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[namafile]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Teruskan dan ketikkan pesan anda ....\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "URL sertifikasi kebijakan yang diberikan tidak valid\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "URL signature kebijakan yang diberikan tidak valid\n"
+
+#: g10/gpg.c:4358
+#, fuzzy
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "URL signature kebijakan yang diberikan tidak valid\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "mengambil kunci ini dari keyring"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "buat timestamp konflik hanya sebagai peringatan"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|tulis info status ke FD ini"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Pemakaian: gpgv [opsi] [file] (-h untuk bantuan)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Sintaks: gpg [options] [files]\n"
+"Periksa signature terhadap kunci terpercaya\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Tidak tersedia bantuan"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Tidak tersedia bantuan untuk `%s'"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "perbarui database trust"
+
+#: g10/import.c:100
+#, fuzzy
+msgid "create a public key when importing a secret key"
+msgstr "kunci publik tidak cocok dengan kunci rahasia!\n"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "kunci rahasia tidak dapat dipakai"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "melewati blok tipe %d\n"
+
+#: g10/import.c:275
+#, fuzzy, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu kunci telah diproses\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Jumlah yang telah diproses: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " lewati kunci baru: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " tanpa ID user: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " diimpor: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " tidak berubah: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " ID user baru: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " subkey baru: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " signature baru: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " pembatalan kunci baru: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " kunci rahasia dibaca: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " kunci rahasia diimpor: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " kunci rahasia tidak berubah: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " tidak diimpor: %lu\n"
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " signature baru: %lu\n"
+
+#: g10/import.c:325
+#, fuzzy, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " kunci rahasia dibaca: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:662
+#, fuzzy, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr "%s signature, algoritma digest %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, fuzzy, c-format
+msgid "key %s: no user ID\n"
+msgstr "kunci %08lX: tidak ada ID user\n"
+
+#: g10/import.c:795
+#, fuzzy, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "kunci %08lX: subkey HKP yang rusak diperbaiki\n"
+
+#: g10/import.c:810
+#, fuzzy, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "kunci %08lX: menerima ID user '%s' yang tidak self-signed\n"
+
+#: g10/import.c:816
+#, fuzzy, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "kunci %08lX: tidak ada ID user yang valid\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "mungkin disebabkan oleh self-signature yang tidak ada\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, fuzzy, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "kunci %08lX: kunci publik tidak ditemukan: %s\n"
+
+#: g10/import.c:834
+#, fuzzy, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "kunci %08lX: kunci baru - dilewati\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "tidak ditemukan keyring yang dapat ditulisi: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "menulis ke `%s'\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "kesalahan menulis keyring `%s': %s\n"
+
+#: g10/import.c:871
+#, fuzzy, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "kunci %08lX: kunci publik \"%s\" diimpor\n"
+
+#: g10/import.c:895
+#, fuzzy, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "kunci %08lX: tidak cocok dengan duplikat kami\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, fuzzy, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "kunci %08lX: tidak dapat menemukan keyblock orisinal: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, fuzzy, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "kunci %08lX: tidak dapat membaca keyblok orisinal: %s\n"
+
+#: g10/import.c:962
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "kunci %08lX: 1 user ID baru \"%s\"\n"
+
+#: g10/import.c:965
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "kunci %08lX: \"%s\" %d user ID baru\n"
+
+#: g10/import.c:968
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "kunci %08lX: \"%s\" 1 signature baru\n"
+
+#: g10/import.c:971
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "kunci %08lX: \"%s\" %d signature baru\n"
+
+#: g10/import.c:974
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "kunci %08lX: \"%s\" 1 subkey baru\n"
+
+#: g10/import.c:977
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "kunci %08lX: \"%s\" %d subkey baru\n"
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "kunci %08lX: \"%s\" %d signature baru\n"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "kunci %08lX: \"%s\" %d signature baru\n"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "kunci %08lX: \"%s\" %d user ID baru\n"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "kunci %08lX: \"%s\" %d user ID baru\n"
+
+#: g10/import.c:1013
+#, fuzzy, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "kunci %08lX: \"%s\" tidak berubah\n"
+
+#: g10/import.c:1185
+#, fuzzy, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "kunci %08lX: kunci rahasia dengan cipher tidak valid %d - dilewati\n"
+
+#: g10/import.c:1196
+#, fuzzy
+msgid "importing secret keys not allowed\n"
+msgstr "menulis kunci rahasia ke `%s'\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "tidak ada keyring rahasia baku: %s\n"
+
+#: g10/import.c:1224
+#, fuzzy, c-format
+msgid "key %s: secret key imported\n"
+msgstr "kunci %08lX: kunci rahasia diimpor\n"
+
+#: g10/import.c:1254
+#, fuzzy, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "kunci %08lX: sudah ada di keyring rahasia\n"
+
+#: g10/import.c:1264
+#, fuzzy, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "kunci %08lX: kunci rahasia tidak ditemukan: %s\n"
+
+#: g10/import.c:1296
+#, fuzzy, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"kunci %08lX: tdk ada kunci publik-tdk dpt mengaplikasikan sertifikat "
+"pembatalan\n"
+
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "kunci %08lX: sertifikat pembatalan tidak valid: %s - ditolak\n"
+
+#: g10/import.c:1371
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "kunci %08lX: \"%s\" sertifikat pembatalan diimpor\n"
+
+#: g10/import.c:1447
+#, fuzzy, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "kunci %08lX: tidak ada ID user untuk signature\n"
+
+#: g10/import.c:1464
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr "kunci %08lX: algoritma publik key tidak didukung pada user id \"%s\"\n"
+
+#: g10/import.c:1466
+#, fuzzy, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "kunci %08lX: self-signature tidak valid pada user id \"%s\"\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "kunci %08lX: algoritma publik key tidak didukung\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "kunci %08lX: signature kunci langsung ditambahkan\n"
+
+#: g10/import.c:1498
+#, fuzzy, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "kunci %08lX: tidak ada subkey untuk key binding\n"
+
+#: g10/import.c:1511
+#, fuzzy, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "kunci %08lX: subkey binding tidak valid\n"
+
+#: g10/import.c:1527
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "kunci %08lX: hapus subkey binding ganda\n"
+
+#: g10/import.c:1549
+#, fuzzy, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "kunci %08lX: tidak ada subkey untuk pembatalan kunci\n"
+
+#: g10/import.c:1562
+#, fuzzy, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "kunci %08lX: pembatalan subkey tidak valid\n"
+
+#: g10/import.c:1577
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "kunci %08lX: hapus pembatalan subkey ganda\n"
+
+#: g10/import.c:1618
+#, fuzzy, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "kunci %08lX: melewati ID user "
+
+#: g10/import.c:1639
+#, fuzzy, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "kunci %08lX: melewati subkey\n"
+
+#: g10/import.c:1666
+#, fuzzy, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "kunci %08lX: signature tidak dapat diekpor (kelas %02x) - dilewati\n"
+
+#: g10/import.c:1676
+#, fuzzy, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "kunci %08lX: sertifikat pembatalan di tempat yang salah - dilewati\n"
+
+#: g10/import.c:1693
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "kunci %08lX: sertifikat pembatalan tidak valid: %s - dilewati\n"
+
+#: g10/import.c:1707
+#, fuzzy, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "kunci %08lX: signature subkey di tempat yang salah - dilewati\n"
+
+#: g10/import.c:1715
+#, fuzzy, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "kunci %08lX: klas signature tidak diharapkan (0x%02x) - dilewati\n"
+
+#: g10/import.c:1844
+#, fuzzy, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "kunci %08lX: terdeteksi ID user duplikat - digabungkan\n"
+
+#: g10/import.c:1906
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"Peringatan: kunci %08lX dapat dibatalkan: mengambil kunci pembatalan %08lX\n"
+
+#: g10/import.c:1920
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"Peringatan: kunci %08lX dapat dibatalkan: kunci pembatalan %08lX tidak ada\n"
+
+#: g10/import.c:1979
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "kunci %08lX: \"%s\" penambahan sertifikat pembatalan\n"
+
+#: g10/import.c:2013
+#, fuzzy, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "kunci %08lX: signature kunci langsung ditambahkan\n"
+
+#: g10/import.c:2414
+#, fuzzy
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "kunci publik tidak cocok dengan kunci rahasia!\n"
+
+#: g10/import.c:2422
+#, fuzzy
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "dilewati: kunci pribadi telah ada\n"
+
+#: g10/import.c:2424
+#, fuzzy
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "dilewati: kunci pribadi telah ada\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "kesalahan menulis keyring `%s': %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "%s: keyring tercipta\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, fuzzy, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "kesalahan penciptaan : `%s': %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "gagal membuat kembali cache keyring: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[pembatalan]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[self-signature]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 signature yang buruk\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d signature yang buruk\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 signature tidak diperiksa karena tidak ada kunci\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d signature tidak diperiksa karena tidak ada kunci\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 signature tidak diperiksa karena kesalahan\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d signature tidak diperiksa karena ada kesalahan\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "terdeteksi 1 ID user tanpa self-signature yang valid\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "terdeteksi ID %d user tanpa self-signature yang valid\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+#, fuzzy
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Silakan putuskan seberapa jauh anda percaya user ini untuk\n"
+"secara tepat memverifikasi kunci user lain (dengan melihat pada passpor,\n"
+"memeriksa fingerprint dari berbagai sumber...)?\n"
+"\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, fuzzy, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Saya cukup percaya\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, fuzzy, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Saya sangat percaya\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "User ID \"%s\" dibatalkan."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Apakah anda yakin masih ingin menandainya? (y/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr "..Tidak dapat menandai.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "User ID \"%s\" kadaluwarsa."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "User ID \"%s\" bukan self-signed."
+
+#: g10/keyedit.c:682
+#, fuzzy, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "User ID \"%s\" bukan self-signed."
+
+#: g10/keyedit.c:684
+#, fuzzy
+msgid "Sign it? (y/N) "
+msgstr "Ditandai? "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"Self-signature pada \"%s\"\n"
+"adalah signature bergaya PGP 2.x.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Anda ingin mempromosikannya ke self-signature OpenPGP ? (y/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Signature anda saat ini pada \"%s\"\n"
+"telah habis berlaku.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+"Anda ingin mengeluarkan signature baru untuk menggantikan yang telah habis "
+"berlaku? (y/N)"
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Signature anda saat ini pada \"%s\"\n"
+"adalah signature.lokal \n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "Apakah anda ingin menjadikannya signature yang full exportable? (y/N)"
+
+#: g10/keyedit.c:779
+#, fuzzy, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" Sudah ditandai secara lokal dengan kunci %08lX\n"
+
+#: g10/keyedit.c:782
+#, fuzzy, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" Sudah ditandai dengan kunci %08lX\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Apakah anda ingin menandainya lagi? (y/N) "
+
+#: g10/keyedit.c:809
+#, fuzzy, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Tidak ada yang ditandai dengan kunci %08lX\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Kunci ini telah berakhir!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Kunci ini akan kadaluarsa pada %s \n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Anda ingin signature anda kadaluarsa pada waktu yang sama? (y/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"Anda tidak boleh membuat signature OpenPGP pada sebuah kunci PGP 2.x saat "
+"dalam mode --pgp2\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Hal ini akan membuat kunci tidak dapat digunakan dalam PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Sudah seberapa teliti anda memverifikasi kunci yang akan anda gunakan untuk "
+"menandai benar benar milik\n"
+"orang tersebut? Jika anda tidak tahu jawabannya. masukkan \"0\".\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Saya tidak akan menjawab.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Saya belum memeriksanya.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Saya telah melakukan pemeriksaan biasa.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Saya telah melakukan pemeriksaan hati-hati.%s\n"
+
+#: g10/keyedit.c:932
+#, fuzzy
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Pilihan Anda? (berikan '?' untuk informasi lebih lanjut):"
+
+#: g10/keyedit.c:956
+#, fuzzy, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Apakah anda yakin untuk menandai kunci ini \n"
+"dengan kunci anda: "
+
+#: g10/keyedit.c:963
+#, fuzzy
+msgid "This will be a self-signature.\n"
+msgstr ""
+"\n"
+"Ini akan jadi self-signature.\n"
+
+#: g10/keyedit.c:969
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"Peringatan: Signature akan ditandai sebagai tidak dapat diekspor.\n"
+
+#: g10/keyedit.c:977
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"Peringatan: Signature akan ditandai sebagai tidak dapat dibatalkan.\n"
+
+#: g10/keyedit.c:987
+#, fuzzy
+msgid "The signature will be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"Signature akan ditandai sebagai tidak dapat diekspor.\n"
+
+#: g10/keyedit.c:994
+#, fuzzy
+msgid "The signature will be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"Signature akan ditandai sebagai tidak dapat dibatalkan.\n"
+
+#: g10/keyedit.c:1001
+#, fuzzy
+msgid "I have not checked this key at all.\n"
+msgstr ""
+"\n"
+"Saya belum memeriksa kunci ini sama sekali.\n"
+
+#: g10/keyedit.c:1006
+#, fuzzy
+msgid "I have checked this key casually.\n"
+msgstr ""
+"\n"
+"Saya telah memeriksa kunci ini.\n"
+
+#: g10/keyedit.c:1011
+#, fuzzy
+msgid "I have checked this key very carefully.\n"
+msgstr ""
+"\n"
+"Saya telah memeriksa kunci ini dengan sangat hati-hati.\n"
+
+#: g10/keyedit.c:1021
+#, fuzzy
+msgid "Really sign? (y/N) "
+msgstr "Ditandai? "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "gagal menandai: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Kunci ini tidak diproteksi.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Bagian rahasia kunci primer tidak tersedia.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+#, fuzzy
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Bagian rahasia kunci primer tidak tersedia.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Kunci diproteksi.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Tidak dapat mengedit kunci ini: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Masukkan passphrase baru untuk kunci rahasia ini.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "passphrase tidak diulang dengan benar; coba lagi"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Anda tidak ingin passphrase - bukan ide yang baik!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+#, fuzzy
+msgid "Do you really want to do this? (y/N) "
+msgstr "Apakah anda ingin melakukan hal ini? "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "memindahkan signature kunci ke tempat yang tepat\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "simpan dan berhenti"
+
+#: g10/keyedit.c:1387
+#, fuzzy
+msgid "show key fingerprint"
+msgstr "tampilkan fingerprint"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "tampilkan kunci dan ID user"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "pilih ID user N"
+
+#: g10/keyedit.c:1391
+#, fuzzy
+msgid "select subkey N"
+msgstr "pilih ID user N"
+
+#: g10/keyedit.c:1392
+#, fuzzy
+msgid "check signatures"
+msgstr "batalkan signature"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+#, fuzzy
+msgid "sign selected user IDs locally"
+msgstr "tandai kunci secara lokal"
+
+#: g10/keyedit.c:1404
+#, fuzzy
+msgid "sign selected user IDs with a trust signature"
+msgstr "Petunjuk: Pilih ID user untuk ditandai\n"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "tambah sebuah ID user"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "tambah sebuah photo ID"
+
+#: g10/keyedit.c:1414
+#, fuzzy
+msgid "delete selected user IDs"
+msgstr "hapus ID user"
+
+#: g10/keyedit.c:1419
+#, fuzzy
+msgid "add a subkey"
+msgstr "addkey"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+#, fuzzy
+msgid "delete selected subkeys"
+msgstr "hapus kunci sekunder"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "tambah kunci pembatalan"
+
+#: g10/keyedit.c:1435
+#, fuzzy
+msgid "delete signatures from the selected user IDs"
+msgstr "Perbarui preferensi untuk user ID terpilih?"
+
+#: g10/keyedit.c:1437
+#, fuzzy
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "Anda tidak dapat merubah batas waktu kunci v3\n"
+
+#: g10/keyedit.c:1439
+#, fuzzy
+msgid "flag the selected user ID as primary"
+msgstr "tandai ID user sebagai primer"
+
+#: g10/keyedit.c:1441
+#, fuzzy
+msgid "toggle between the secret and public key listings"
+msgstr "ubah tampilan kunci rahasia dan publik"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "tampilkan preferensi (ahli)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "tampilkan preferensi (verbose)"
+
+#: g10/keyedit.c:1448
+#, fuzzy
+msgid "set preference list for the selected user IDs"
+msgstr "Perbarui preferensi untuk user ID terpilih?"
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "tidak dapat memparsing URI keyserver\n"
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr "Perbarui preferensi untuk user ID terpilih?"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "ubah passphrase"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "ubah ownertrust"
+
+#: g10/keyedit.c:1463
+#, fuzzy
+msgid "revoke signatures on the selected user IDs"
+msgstr "Benar-benar hapus seluruh ID user terpilih? "
+
+#: g10/keyedit.c:1465
+#, fuzzy
+msgid "revoke selected user IDs"
+msgstr "batalkan sebuah ID user"
+
+#: g10/keyedit.c:1470
+#, fuzzy
+msgid "revoke key or selected subkeys"
+msgstr "batalkan kunci sekunder"
+
+#: g10/keyedit.c:1471
+#, fuzzy
+msgid "enable key"
+msgstr "aktifkan kunci"
+
+#: g10/keyedit.c:1472
+#, fuzzy
+msgid "disable key"
+msgstr "tiadakan kunci"
+
+#: g10/keyedit.c:1473
+#, fuzzy
+msgid "show selected photo IDs"
+msgstr "tampilkan photo ID"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, fuzzy, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "kesalahan membaca keyblock rahasia `%s': %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Kunci rahasia tersedia.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Perlu kunci rahasia untuk melakukan hal ini.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Silakan gunakan dulu perintah \"toogle\".\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "Kunci dibatalkan"
+
+#: g10/keyedit.c:1798
+#, fuzzy
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Tandai ID seluruh user? "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Petunjuk: Pilih ID user untuk ditandai\n"
+
+#: g10/keyedit.c:1814
+#, fuzzy, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "kelas signature tidak dikenal"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Perintah ini tidak dibolehkan saat dalam mode %s.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Anda harus memilih minimum satu ID user.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Anda tidak dapat menghapus ID user terakhir!\n"
+
+#: g10/keyedit.c:1863
+#, fuzzy
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Hapus seluruh ID user terpilih? "
+
+#: g10/keyedit.c:1864
+#, fuzzy
+msgid "Really remove this user ID? (y/N) "
+msgstr "Hapus ID user ini? "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+#, fuzzy
+msgid "Really move the primary key? (y/N) "
+msgstr "Hapus ID user ini? "
+
+#: g10/keyedit.c:1929
+#, fuzzy
+msgid "You must select exactly one key.\n"
+msgstr "Anda harus memilih minimum satu kunci.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, fuzzy, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "tidak dapat membuka `%s': %s\n"
+
+#: g10/keyedit.c:1988
+#, fuzzy, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "kesalahan menulis keyring `%s': %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Anda harus memilih minimum satu kunci.\n"
+
+#: g10/keyedit.c:2015
+#, fuzzy
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Anda ingin menghapus kunci terpilih ini? "
+
+#: g10/keyedit.c:2016
+#, fuzzy
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Anda ingin menghapus kunci ini? "
+
+#: g10/keyedit.c:2051
+#, fuzzy
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Benar-benar hapus seluruh ID user terpilih? "
+
+#: g10/keyedit.c:2052
+#, fuzzy
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Benar-benar hapus ID user ini? "
+
+#: g10/keyedit.c:2070
+#, fuzzy
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Anda ingin membatalkan kunci ini? "
+
+#: g10/keyedit.c:2081
+#, fuzzy
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Anda ingin membatalkan kunci terpilih ini? "
+
+#: g10/keyedit.c:2083
+#, fuzzy
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Anda ingin membatalkan kunci ini? "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+#, fuzzy
+msgid "Set preference list to:\n"
+msgstr "set daftar preferensi"
+
+#: g10/keyedit.c:2181
+#, fuzzy
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "Perbarui preferensi untuk user ID terpilih?"
+
+#: g10/keyedit.c:2183
+#, fuzzy
+msgid "Really update the preferences? (y/N) "
+msgstr "Update preferensi?"
+
+#: g10/keyedit.c:2253
+#, fuzzy
+msgid "Save changes? (y/N) "
+msgstr "Simpan perubahan? "
+
+#: g10/keyedit.c:2256
+#, fuzzy
+msgid "Quit without saving? (y/N) "
+msgstr "Berhenti tanpa menyimpan? "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "gagal memperbarui: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "gagal perbarui rahasia: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Kunci tidak berubah sehingga tidak perlu pembaharuan.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Digest: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Fitur: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr "Notasi: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "Tidak ada preferensi pada user ID bergaya PGP 2.x.\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Kunci ini dapat dibatalkan oleh kunci %s"
+
+#: g10/keyedit.c:2832
+#, fuzzy, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Kunci ini dapat dibatalkan oleh kunci %s"
+
+#: g10/keyedit.c:2838
+#, fuzzy
+msgid "(sensitive)"
+msgstr " (sensitive)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, fuzzy, c-format
+msgid "created: %s"
+msgstr "tidak dapat membuat %s: %s\n"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, fuzzy, c-format
+msgid "revoked: %s"
+msgstr "[revoked] "
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, fuzzy, c-format
+msgid "expired: %s"
+msgstr " [berakhir: %s]"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, fuzzy, c-format
+msgid "expires: %s"
+msgstr " [berakhir: %s]"
+
+#: g10/keyedit.c:2863
+#, fuzzy, c-format
+msgid "usage: %s"
+msgstr " trust: %c/%c"
+
+#: g10/keyedit.c:2878
+#, fuzzy, c-format
+msgid "trust: %s"
+msgstr " trust: %c/%c"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr ""
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Kunci ini telah ditiadakan"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Perhatikan bahwa validitas kunci yang ditampilkan belum tentu benar\n"
+"kecuali anda memulai kembali program.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+#, fuzzy
+msgid "revoked"
+msgstr "[revoked] "
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+#, fuzzy
+msgid "expired"
+msgstr "expire"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"PERINGATAN: Ini adalah kunci bergaya PGP2. Menambahkan sebuah photo ID "
+"dapat menyebabkan beberapa versi\n"
+" PGP menolak kunci ini.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Anda tetap ingin menambahkannya? (y/n) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "Anda tidak boleh menambahkan sebuah photo ID ke kunci bergaya PGP2 \n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Hapus signature baik ini? (y/T/q)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Hapus signature tidak valid ini? (y/T/q)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Hapus signature tidak dikenal ini? (y/T/q)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Yakin ingin menghapus self-signature ini? (y/T)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Menghapus %d signature.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "Menghapus %d signature.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Tidak ada yang dihapus.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+#, fuzzy
+msgid "invalid"
+msgstr "armor tidak valid"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "User ID \"%s\" dibatalkan."
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "User ID \"%s\" dibatalkan."
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "User ID \"%s\" dibatalkan."
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "User ID \"%s\" telah dibatalkan\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "User ID \"%s\" telah dibatalkan\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"PERINGATAN: Ini adalah kunci bergaya PGP2.x. Menambahkan sebuah revoker "
+"designated dapat\n"
+"............menyebabkan beberapa versi PGP menolak kunci ini.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "Anda tidak boleh revoker designated ke kunci bergaya PGP2.x.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Masukkan user ID pihak yang ingin dibatalkan: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+"tidak dapat menunjuk kunci bergaya PGP 2.x sebagai pihak yang dibatalkan\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr ""
+"anda tidak dapat menunjuk sebuah kunci sebagai pihak yang dibatalkan "
+"sendiri\n"
+
+#: g10/keyedit.c:3561
+#, fuzzy
+msgid "this key has already been designated as a revoker\n"
+msgstr "PERINGATAN: Kunci ini telah dibatalkan oleh pihak yang berwenang\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"PERINGATAN: menunjuk sebuah kunci sebagai pihak yang dibatalkan tidak dapat "
+"dilakukan\n"
+
+#: g10/keyedit.c:3586
+#, fuzzy
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Anda yakin ingin menunjuk kunci inin sebagai pihak yang dibatalkan? (y/N):"
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Silakan hapus pilihan dari kunci rahasia.\n"
+
+#: g10/keyedit.c:3653
+#, fuzzy
+msgid "Please select at most one subkey.\n"
+msgstr "Silakan pilih maksimum satu kunci sekunder.\n"
+
+#: g10/keyedit.c:3657
+#, fuzzy
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Merubah batas waktu untuk kunci sekunder.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Merubah batas waktu untuk kunci primer.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Anda tidak dapat merubah batas waktu kunci v3\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Tidak ada signature koresponden di ring rahasia\n"
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "PERINGATAN: subkey penandatangan %08lX tidak tersertifikasi silang\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Anda harus memilih minimum satu ID user.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, fuzzy, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "melewati self-signature v3 pada user id \"%s\"\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+#, fuzzy
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Apakah anda yakin ingin menggunakannya? (y/N) "
+
+#: g10/keyedit.c:4260
+#, fuzzy
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Apakah anda yakin ingin menggunakannya? (y/N) "
+
+#: g10/keyedit.c:4322
+#, fuzzy
+msgid "Enter the notation: "
+msgstr "Notasi signature: "
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "Ditimpa (y/T)? "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Tidak ada ID user dengan index %d\n"
+
+#: g10/keyedit.c:4604
+#, fuzzy, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Tidak ada ID user dengan index %d\n"
+
+#: g10/keyedit.c:4639
+#, fuzzy, c-format
+msgid "No subkey with index %d\n"
+msgstr "Tidak ada ID user dengan index %d\n"
+
+#: g10/keyedit.c:4774
+#, fuzzy, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "ID user: "
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, fuzzy, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr " ditandai oleh %08lX pada %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (tidak dapat diekspor)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Kunci ini akan kadaluarsa pada %s \n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Anda tetap ingin membatalkannya? (y/n) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Membuat sertifikat pembatalan untuk signature ini? (y/N)"
+
+#: g10/keyedit.c:4842
+#, fuzzy
+msgid "Not signed by you.\n"
+msgstr " ditandai oleh %08lX pada %s%s\n"
+
+#: g10/keyedit.c:4848
+#, fuzzy, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Anda telah menandai ID user ini:\n"
+
+#: g10/keyedit.c:4874
+#, fuzzy
+msgid " (non-revocable)"
+msgstr " (tidak dapat diekspor)"
+
+#: g10/keyedit.c:4881
+#, fuzzy, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr " dibatalkan oleh %08lX pada %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Anda akan membatalkan signature ini:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Ingin membuat sertifikat pembatalan? (y/T)"
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "tidak ada kunci rahasia\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "User ID \"%s\" telah dibatalkan\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr "PERINGATAN: signature user ID bertanggal %d detik di masa depan\n"
+
+#: g10/keyedit.c:5104
+#, fuzzy, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "User ID \"%s\" telah dibatalkan\n"
+
+#: g10/keyedit.c:5166
+#, fuzzy, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "User ID \"%s\" telah dibatalkan\n"
+
+#: g10/keyedit.c:5261
+#, fuzzy, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "Menampilkan photo ID %s berukuran %ld untuk kunci 0x%08lX (uid %d)\n"
+
+#: g10/keygen.c:275
+#, fuzzy, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "preferensi %c%lu ganda \n"
+
+#: g10/keygen.c:282
+#, fuzzy
+msgid "too many cipher preferences\n"
+msgstr "terlalu banyak preferensi `%c'\n"
+
+#: g10/keygen.c:284
+#, fuzzy
+msgid "too many digest preferences\n"
+msgstr "terlalu banyak preferensi `%c'\n"
+
+#: g10/keygen.c:286
+#, fuzzy
+msgid "too many compression preferences\n"
+msgstr "terlalu banyak preferensi `%c'\n"
+
+#: g10/keygen.c:426
+#, fuzzy, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "Karakter tidak valid dalam string preferensi\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "menulis signature direct\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "menulis self signature\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "menulis key binding signature\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "keysize tidak valid; menggunakan %u bit\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "keysize dibulatkan hingga %u bit\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+#, fuzzy
+msgid "Sign"
+msgstr "tandai"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+#, fuzzy
+msgid "Encrypt"
+msgstr "enkripsi data"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr ""
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, fuzzy, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%d) ElGamal (hanya enkripsi)\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Silakan pilih kunci yang anda inginkan:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA dan ElGamal (baku)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA dan ElGamal (baku)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (hanya menandai)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (hanya menandai)\n"
+
+#: g10/keygen.c:1698
+#, fuzzy, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (hanya enkripsi)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (hanya enkripsi)\n"
+
+#: g10/keygen.c:1703
+#, fuzzy, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) RSA (hanya enkripsi)\n"
+
+#: g10/keygen.c:1704
+#, fuzzy, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (hanya enkripsi)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Keysize yang anda inginkan? (1024) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, fuzzy, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Keysize yang anda inginkan? (1024) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Keysize yang diminta adalah %u bit\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Silakan spesifikasikan lama kunci tetap valid.\n"
+" 0 = kunci tidak pernah berakhir\n"
+" <n> = kunci berakhir dalam n hari\n"
+" <n>w = kunci berakhir dalam n minggu\n"
+" <n>m = kunci berakhir dalam n bulan\n"
+" <n>y = kunci berakhir dalam n tahun\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Silakan spesifikasikan lama signature tetap valid.\n"
+" 0 = signature tidak pernah berakhir\n"
+" <n> = signature berakhir dalam n hari\n"
+" <n>w = signature berakhir dalam n minggu\n"
+" <n>m = signature berakhir dalam n bulan\n"
+" <n>y = signature berakhir dalam n tahun\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Kunci valid untuk? (0) "
+
+#: g10/keygen.c:1964
+#, fuzzy, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Signature valid untuk? (0) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "nilai yang tidak valid\n"
+
+#: g10/keygen.c:1989
+#, fuzzy
+msgid "Key does not expire at all\n"
+msgstr "%s tidak pernah berakhir\n"
+
+#: g10/keygen.c:1990
+#, fuzzy
+msgid "Signature does not expire at all\n"
+msgstr "%s tidak pernah berakhir\n"
+
+#: g10/keygen.c:1995
+#, fuzzy, c-format
+msgid "Key expires at %s\n"
+msgstr "%s berakhir pada %s\n"
+
+#: g10/keygen.c:1996
+#, fuzzy, c-format
+msgid "Signature expires at %s\n"
+msgstr "Signature kadaluarsa pada %s \n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Sistem anda tidak dapat menampilkan tanggal melebihi 2038.\n"
+"Namun, ia dapat menanganinya secara benar hingga 2106.\n"
+
+#: g10/keygen.c:2013
+#, fuzzy
+msgid "Is this correct? (y/N) "
+msgstr "Benar (y/t)? "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+#, fuzzy
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Anda perlu sebuah User-ID untuk mengidentifikasi kunci anda; software "
+"membuat \n"
+"user-id dari Nama sebenarnya, Komentar dan Alamat email dalam bentuk:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Nama sebenarnya: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Karakter tidak valid dalam nama\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Nama tidak boleh dimulai dengan digit\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Nama harus berukuran minimum 5 karakter\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Alamat email: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Bukan alamat email yang valid\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Komentar: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Karakter tidak valid dalam komentar\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Anda menggunakan set karakter `%s'.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Anda memilih USER-ID ini:\n"
+" \"%s\"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "Jangan menaruh alamat email ke dalam nama sebenarnya atau komentar\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnKkEeOoQq"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Ganti (N)ama, (K)omentar, (E)mail atau (Q)uit? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Ganti (N)ama, (K)omentar, (E)mail atau (O)ke/(Q)uit? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Silakan perbaiki kesalahan ini dulu\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Anda perlu sebuah passphrase untuk melindungi kunci rahasia anda.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Anda tidak ingin sebuah passphrase - ini mungkin ide yang *buruk*!\n"
+"Namun saya akan tetap lakukan. Anda dapat merubah passphrase anda setiap "
+"saat,\n"
+"menggunakan program ini dengan pilihan \"--edit-key\".\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Kita perlu membuat banyak byte random. Adalah ide yang baik untuk melakukan\n"
+"aksi lain (mengetik pada keyboard, menggerakkan mouse, memakai disk)\n"
+"selama pembuatan prima; ini akan memberi random number generator kesempatan\n"
+"yang baik untuk memperoleh entropi.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Pembuatan kunci dibatalkan.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "menulis kunci publik ke `%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, fuzzy, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "menulis kunci rahasia ke `%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "menulis kunci rahasia ke `%s'\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "tidak ditemukan keyring publik yang dapat ditulisi: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "tidak ditemukan keyring rahasia yang dapat ditulisi: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "kesalahan menulis keyring publik `%s': %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "kesalahan menulis keyring rahasia `%s': %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "kunci publik dan rahasia dibuat dan ditandai.\n"
+
+#: g10/keygen.c:3672
+#, fuzzy
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Perhatikan bahwa kunci ini tidak dapat digunakan untuk enkripsi. Anda \n"
+"mungkin ingin menggunakan perintah \"--edit-key\" untuk membuat kunci kedua "
+"untuk tujuan ini.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Pembuatan kunci gagal: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"kunci telah diciptakan dalam %lu detik mendatang (masalah waktu atau jam)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"kunci telah diciptakan dalam %lu detik mendatang (masalah waktu atau jam)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "CATATAN: membuat subkey bagi kunci-kunci v3 tidak OpenPGP compliant\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+#, fuzzy
+msgid "Really create? (y/N) "
+msgstr "Ingin diciptakan? "
+
+#: g10/keygen.c:4116
+#, fuzzy, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "gagal menghapus keyblok: %s\n"
+
+#: g10/keygen.c:4165
+#, fuzzy, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "tidak dapat membuat %s: %s\n"
+
+#: g10/keygen.c:4191
+#, fuzzy, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "CATATAN: kunci pribadi %08lX berakhir pada %s\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "tidak pernah..."
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Kebijakan signature kritis: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Kebijakan signature: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Notasi signature kritis: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Notasi signature: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Keyring"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Fingerprint kunci primer:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Fingerprint subkunci ="
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Fingerprint kunci primer ="
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Fingerprint subkunci ="
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+#, fuzzy
+msgid " Key fingerprint ="
+msgstr " Fingerprint kunci ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, fuzzy, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "gagal enarmoring: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "PERINGATAN: terdapat 2 file dengan informasi penting.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s adalah yang tidak berubah\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s adalah yang baru\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Silakan perbaiki kemungkinan lubang keamanan ini\n"
+
+#: g10/keyring.c:1430
+#, fuzzy, c-format
+msgid "caching keyring `%s'\n"
+msgstr "memeriksa keyring `%s'\n"
+
+#: g10/keyring.c:1489
+#, fuzzy, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu kunci telah diperiksa (%lu signature)\n"
+
+#: g10/keyring.c:1501
+#, fuzzy, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu kunci telah diperiksa (%lu signature)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: keyring tercipta\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "URL signature kebijakan yang diberikan tidak valid\n"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, fuzzy, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr "PERINGATAN: opsi dalam `%s' belum aktif selama pelaksanaan ini\n"
+
+#: g10/keyserver.c:544
+#, fuzzy
+msgid "disabled"
+msgstr "disable"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, fuzzy, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "opsi ekspor tidak valid\n"
+
+#: g10/keyserver.c:932
+#, fuzzy, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "kunci '%s' tidak ditemukan: %s\n"
+
+#: g10/keyserver.c:934
+#, fuzzy
+msgid "key not found on keyserver\n"
+msgstr "kunci '%s' tidak ditemukan: %s\n"
+
+#: g10/keyserver.c:1177
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "meminta kunci %08lX dari %s\n"
+
+#: g10/keyserver.c:1181
+#, fuzzy, c-format
+msgid "requesting key %s from %s\n"
+msgstr "meminta kunci %08lX dari %s\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "mencari \"%s\" dari server HKP %s\n"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "mencari \"%s\" dari server HKP %s\n"
+
+#: g10/keyserver.c:1361
+#, fuzzy, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "mencari \"%s\" dari server HKP %s\n"
+
+#: g10/keyserver.c:1365
+#, fuzzy, c-format
+msgid "sending key %s to %s\n"
+msgstr ""
+"\"\n"
+"ditandai dengan kunci anda %08lX pada %s\n"
+
+#: g10/keyserver.c:1408
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "mencari \"%s\" dari server HKP %s\n"
+
+#: g10/keyserver.c:1411
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "mencari \"%s\" dari server HKP %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+#, fuzzy
+msgid "no keyserver action!\n"
+msgstr "opsi ekspor tidak valid\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr ""
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+#: g10/keyserver.c:1575
+#, fuzzy
+msgid "keyserver timed out\n"
+msgstr "kesalahan keyserver"
+
+#: g10/keyserver.c:1580
+#, fuzzy
+msgid "keyserver internal error\n"
+msgstr "kesalahan keyserver"
+
+#: g10/keyserver.c:1589
+#, fuzzy, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "Penerimaan keyserver gagal: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr ""
+
+#: g10/keyserver.c:1907
+#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "PERINGATAN: tidak dapat menghapus file temp (%s) `%s': %s\n"
+
+#: g10/keyserver.c:1929
+#, fuzzy, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "meminta kunci %08lX dari %s\n"
+
+#: g10/keyserver.c:1931
+#, fuzzy, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "meminta kunci %08lX dari %s\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "PERINGATAN: tidak dapat menghapus file temp (%s) `%s': %s\n"
+
+#: g10/keyserver.c:1993
+#, fuzzy, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "PERINGATAN: tidak dapat menghapus file temp (%s) `%s': %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "ukuran aneh untuk kunci sesi terenkripsi (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s kunci sesi enkripsi\n"
+
+#: g10/mainproc.c:294
+#, fuzzy, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "dienkripsi dengan algoritma tidak dikenal %d\n"
+
+#: g10/mainproc.c:360
+#, fuzzy, c-format
+msgid "public key is %s\n"
+msgstr "kunci publik adalah %08lX\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "data terenkripsi dengan kunci publik: DEK baik\n"
+
+#: g10/mainproc.c:456
+#, fuzzy, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "dienkripsi dengan %u-bit kunci %s, ID %08lX, tercipta %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, fuzzy, c-format
+msgid " \"%s\"\n"
+msgstr " alias \""
+
+#: g10/mainproc.c:464
+#, fuzzy, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "dienkripsi dengan kunci %s, ID %08lX\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "gagal dekripsi kunci publik: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "dienkripsi dengan passphrase %lu\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "dienkripsi dengan 1 passphrase\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "asumsikan %s data terenkripsi\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "Cipher IDEA tidak tersedia, secara optimis berusaha menggunakan %s\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "dekripsi lancar\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "PERINGATAN: integritas pesan tidak terlindungi\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "PERINGATAN: pesan terenkripsi telah dimanipulasi!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "dekripsi gagal: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "CATATAN: pengirim meminta \"for-your-eyes-only\"\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "original file name='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "pembatalan mandiri - gunakan \"gpg --import\" untuk mengaplikasikan\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "Signature baik dari \""
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "verifikasi signature tidak diabaikan\n"
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "tidak dapat menangani banyak signature ini\n"
+
+#: g10/mainproc.c:1598
+#, fuzzy, c-format
+msgid "Signature made %s\n"
+msgstr "Signature kadaluwarsa %s\n"
+
+#: g10/mainproc.c:1599
+#, fuzzy, c-format
+msgid " using %s key %s\n"
+msgstr " alias \""
+
+#: g10/mainproc.c:1603
+#, fuzzy, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Signature membuat %.*s menggunakan kunci %s ID %08lX\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Kunci tersedia di:"
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, fuzzy, c-format
+msgid "BAD signature from \"%s\""
+msgstr "signature BURUK dari \""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, fuzzy, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Signature kadaluarsa dari \""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, fuzzy, c-format
+msgid "Good signature from \"%s\""
+msgstr "Signature baik dari \""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[uncertain]"
+
+#: g10/mainproc.c:1843
+#, fuzzy, c-format
+msgid " aka \"%s\""
+msgstr " alias \""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Signature kadaluwarsa %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Signature kadaluarsa pada %s \n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s signature, algoritma digest %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "biner"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "modeteks"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "tidak dikenal"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Tidak dapat memeriksa signature: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "bukan detached signature\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"PERINGATAN: multi signature terdeteksi. Hanya yang pertama akan diperiksa.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "kelas signature mandiri 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "signature model lama (PGP 2.X)\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "terdeteksi root paket tidak valid dalam proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, fuzzy, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "tidak dapat membuka file: %s\n"
+
+#: g10/misc.c:178
+#, fuzzy, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "trustdb: read failed (n=%d): %s\n"
+
+#: g10/misc.c:296
+#, fuzzy, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "tidak dapat menangani algoritma kunci publik %d\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "memaksa algoritma digest %s (%d) melanggar preferensi penerima\n"
+
+#: g10/misc.c:315
+#, fuzzy, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "algoritma cipher belum diimplementasikan"
+
+#: g10/misc.c:330
+#, fuzzy, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "%s signature, algoritma digest %s\n"
+
+#: g10/misc.c:335
+#, fuzzy, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "memaksa algoritma digest %s (%d) melanggar preferensi penerima\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "plugin cipher IDEA tidak tersedia\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr " i = beri saya informasi lebih banyak lagi\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: opsi tidak digunakan lagi \"%s\"\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "WARNING: \"%s\" adalah opsi terdepresiasi\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "silakan gunakan \"%s%s\"\n"
+
+#: g10/misc.c:774
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "WARNING: \"%s\" adalah opsi terdepresiasi\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "WARNING: \"%s\" adalah opsi terdepresiasi\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "Tidak dikompresi"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+#, fuzzy
+msgid "uncompressed|none"
+msgstr "Tidak dikompresi"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "pesan ini mungkin tidak dapat digunakan oleh %s\n"
+
+#: g10/misc.c:1175
+#, fuzzy, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "membaca pilihan dari `%s'\n"
+
+#: g10/misc.c:1200
+#, fuzzy, c-format
+msgid "unknown option `%s'\n"
+msgstr "penerima baku tidak dikenal `%s'\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "File `%s' ada. "
+
+#: g10/openfile.c:93
+#, fuzzy
+msgid "Overwrite? (y/N) "
+msgstr "Ditimpa (y/T)? "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: suffix tidak dikenal\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Masukkan nama file baru"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "menulis ke stdout\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "mengasumsikan data bertanda dalam `%s'\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "file konfigurasi baru `%s' tercipta\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "PERINGATAN: opsi dalam `%s' belum aktif selama pelaksanaan ini\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "tidak dapat menangani algoritma kunci publik %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr "PERINGATAN: kunci sesi mungkin dienkripsi simetris secara tidak aman\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "subpaket tipe %d memiliki bit kritis terset\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, fuzzy, c-format
+msgid "problem with the agent: %s\n"
+msgstr "masalah dengan agen: agen mengembalikan 0x%lx\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, fuzzy, c-format
+msgid " (main key ID %s)"
+msgstr " (ID kunci utama %08lX)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Anda perlu passphrase untuk membuka kunci rahasia untuk user:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %08lX, tercipta %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Masukkan passphrase\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "dibatalkan oleh user\n"
+
+#: g10/passphrase.c:592
+#, fuzzy, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"\n"
+"Anda perlu passphrase untuk membuka kunci rahasia untuk\n"
+"pemakai: \""
+
+#: g10/passphrase.c:600
+#, fuzzy, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-bit kunci %s, ID %08lX, tercipta %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Silakan pilih sebuah gambar sebagai ID foto anda. Gambar haruslah file "
+"JPEG.\n"
+"Ingat bahwa gambar disimpan dalam kunci publik anda.. Jika anda menggunakan "
+"sebuah\n"
+"gambar yang sangat besar, kunci anda akan menjadi semakin besar pula!\n"
+"Jagalah agar gambar mendekati ukuran 240x288.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Masukkan nama file JPEG sebagai ID foto: "
+
+#: g10/photoid.c:117
+#, fuzzy, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "tidak dapat membuka file: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+#, fuzzy
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Apakah anda yakin ingin menggunakannya? (y/N) "
+
+#: g10/photoid.c:146
+#, fuzzy, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "\"%s\" bukan sebuah file JPEG\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Apakah foto ini benar (y/N/q)? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "tidak dapat menampilkan photo ID!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Tidak ada alasan diberikan"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Kunci dilampaui"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Kunci ini telah dikompromikan"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Kunci tidak lagi digunakan"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "ID User tidak lagi valid"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "Alasan pembatalan:"
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "Komentar pembatalan:"
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMqQsS"
+
+#: g10/pkclist.c:212
+#, fuzzy
+msgid "No trust value assigned to:\n"
+msgstr ""
+"Tidak ada nilai trust untuk:\n"
+"%4u%c/%08lX %s \""
+
+#: g10/pkclist.c:245
+#, fuzzy, c-format
+msgid " aka \"%s\"\n"
+msgstr " alias \""
+
+#: g10/pkclist.c:255
+#, fuzzy
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "Kunci ini mungkin milik pemiliknya\n"
+
+#: g10/pkclist.c:270
+#, fuzzy, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Tidak tahu\n"
+
+#: g10/pkclist.c:272
+#, fuzzy, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d: Saya TIDAK percaya\n"
+
+#: g10/pkclist.c:278
+#, fuzzy, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Saya sangat percaya sekali\n"
+
+#: g10/pkclist.c:284
+#, fuzzy
+msgid " m = back to the main menu\n"
+msgstr " m = kembali ke menu utama\n"
+
+#: g10/pkclist.c:287
+#, fuzzy
+msgid " s = skip this key\n"
+msgstr " s = lewati kunci ini\n"
+
+#: g10/pkclist.c:288
+#, fuzzy
+msgid " q = quit\n"
+msgstr " q = berhenti\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Keputusan anda? "
+
+#: g10/pkclist.c:319
+#, fuzzy
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Anda ingin menset kunci ini menjadi sangat percaya sekali?"
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Sertifikat mengarahkan ke kunci terpercaya:\n"
+
+#: g10/pkclist.c:418
+#, fuzzy, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Tidak ada indikasi bahwa kunci ini benar-benar milik pemiliknya\n"
+
+#: g10/pkclist.c:423
+#, fuzzy, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Tidak ada indikasi bahwa kunci ini benar-benar milik pemiliknya\n"
+
+#: g10/pkclist.c:429
+#, fuzzy
+msgid "This key probably belongs to the named user\n"
+msgstr "Kunci ini mungkin milik pemiliknya\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Kunci ini milik kita\n"
+
+#: g10/pkclist.c:460
+#, fuzzy
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"Tidak pasti bahwa kunci milik orang yang disebutkan\n"
+"Jika anda sangat tahu apa yang sedang anda lakukan, anda boleh menjawab\n"
+"pertanyaan berikut dengan ya\n"
+"\n"
+
+#: g10/pkclist.c:479
+#, fuzzy
+msgid "Use this key anyway? (y/N) "
+msgstr "Tetap gunakan kunci ini? "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "PERINGATAN: Menggunakan kunci tidak dipercaya!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+"Peringatan: kunci ini mungkin dibatalkan:(kunci pembatalan tidak ada)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "PERINGATAN: Kunci ini telah dibatalkan oleh pihak yang berwenang\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "PERINGATAN: Kunci ini telah dibatalkan oleh pemiliknya!\n"
+
+#: g10/pkclist.c:533
+#, fuzzy
+msgid " This could mean that the signature is forged.\n"
+msgstr " Hal ini dapat berarti bahwa signature adalah palsu.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "PERINGATAN: Subkey ini telah dibatalkan oleh pemiliknya!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Catatan: Kunci ini telah ditiadakan\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Catatan: Kunci ini telah berakhir!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr ""
+"PERINGATAN: Kunci ini tidak disertifikasi dengan sig yang terpercaya!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr " Tidak ada indikasi signature milik pemilik.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "PERINGATAN: Kita tidak percaya kunci ini!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Signature mungkin palsu.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"PERINGATAN: Kunci tdk disertifikasi dg signature terpercaya yg cukup!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Tidak pasti signature milik pemilik.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: dilewati: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: dilewati: kunci publik telah ada\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "Anda tidak menspesifikasikan ID user. (anda dapat gunakan \"-r\")\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Masukkan user ID. Akhiri dengan baris kosong: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Tidak ada ID user tersebut.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "dilewati: kunci publik telah diset sebagai penerima baku\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Kunci publik dimatikan.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "dilewati: kunci publik telah diset\n"
+
+#: g10/pkclist.c:1045
+#, fuzzy, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "penerima baku tidak dikenal `%s'\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: dilewati: kunci publik dimatikan\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "tidak ada alamat yang valid\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "kunci %08lX: tidak ada ID user\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "kunci %08lX: tidak ada ID user\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "data tidak disimpan; gunakan pilihan \"--output\" untuk menyimpannya\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Menghapus signature.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Silakan masukkan nama file data: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "membaca stdin ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "tidak ada data tertandai\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "tidak dapat membuka data tertandai `%s'\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "tidak dapat membuka data tertandai `%s'\n"
+
+#: g10/pubkey-enc.c:105
+#, fuzzy, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "penerima anonim; mencoba kunci rahasia %08lX ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "baik, kita adalah penerima anonim.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "encoding lama DEK tidak didukung\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "algoritma cipher %d%s tidak dikenal atau ditiadakan\n"
+
+#: g10/pubkey-enc.c:284
+#, fuzzy, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "CATATAN: algoritma cipher %d tidak ditemukan dalam preferensi\n"
+
+#: g10/pubkey-enc.c:304
+#, fuzzy, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "CATATAN: kunci pribadi %08lX berakhir pada %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "CATATAN: kunci telah dibatalkan"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet gagal: %s\n"
+
+#: g10/revoke.c:145
+#, fuzzy, c-format
+msgid "key %s has no user IDs\n"
+msgstr "kunci %08lX: tidak ada ID user\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Akan dibatalkan oleh:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Ini adalah kunci pembatalan sensitif)\n"
+
+#: g10/revoke.c:314
+#, fuzzy
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Buat sertifikat pembatalan untuk kunci ini?"
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "Pemaksaan output mode ASCII.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "gagal make_keysig_packet: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Sertifikat pembatalan tercipta.\n"
+
+#: g10/revoke.c:411
+#, fuzzy, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "tidak ditemukan kunci pembatalan untuk `%s'\n"
+
+#: g10/revoke.c:470
+#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "kunci rahasia `%s' tidak ditemukan: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "tidak ada kunci publik yang sesuai: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "kunci publik tidak cocok dengan kunci rahasia!\n"
+
+#: g10/revoke.c:515
+#, fuzzy
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Buat sertifikat pembatalan untuk kunci ini?"
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "algoritma proteksi tidak dikenal\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "CATATAN: Kunci ini tidak diproteksi!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Sertifikat pembatalan tercipta.\n"
+"\n"
+"Pindahkanlah ke media yang dapat anda sembunyikan; jika Mallory memperoleh\n"
+"akses ke sertifikat ini ia dapat menggunakannya untuk membuat kunci anda\n"
+"tidak dapat digunakan.\n"
+"Adalah hal cerdas untuk mencetak sertifikat ini dan menyimpannya, bila\n"
+"sewaktu-waktu media anda tidak dapat dibaca. Namun berhati-hatilah: Sistem "
+"pencetakan\n"
+"mesin anda mungkin menyimpan data dan menyediakannya untuk yang lain!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Silakan pilih alasan untuk pembatalan:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Batal"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Mungkin anda ingin memilih %d di sini)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr ""
+"Masukkan sebuah deskripsi opsional; akhiri dengan sebuah baris kosong:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Alasan pembatalan: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(Tidak diberikan deskripsi)\n"
+
+#: g10/revoke.c:721
+#, fuzzy
+msgid "Is this okay? (y/N) "
+msgstr "Ini oke? "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "bagian kunci rahasia tidak tersedia\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "algoritma proteksi %d%s tidak didukung\n"
+
+#: g10/seckey-cert.c:72
+#, fuzzy, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "algoritma proteksi %d%s tidak didukung\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Passphrase tidak valid; silakan coba lagi"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "PERINGATAN: terdeteksi kunci lemah - silakan ubah passphrase lagi.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr "membuat checksum 16-bit terdepresiasi untuk proteksi kunci rahasia\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "kunci lemah tercipta - mengulang\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"tidak dapat menghindari kunci lemah untuk cipher simetrik; mencoba %d kali!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "Peringatan: konflik digest signature dalam pesan\n"
+
+#: g10/sig-check.c:105
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "PERINGATAN: subkey penandatangan %08lX tidak tersertifikasi silang\n"
+
+#: g10/sig-check.c:117
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"PERINGATAN: subkey penanda tangan %08lX memiliki sertifikasi silang yang "
+"tidak valid\n"
+
+#: g10/sig-check.c:211
+#, fuzzy, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "kunci publik %08lX adalah %lu detik lebih baru daripada signature\n"
+
+#: g10/sig-check.c:212
+#, fuzzy, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "kunci publik %08lX adalah %lu detik lebih baru daripada signature\n"
+
+#: g10/sig-check.c:223
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"kunci telah diciptakan dalam %lu detik mendatang (masalah waktu atau jam)\n"
+
+#: g10/sig-check.c:225
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"kunci telah diciptakan dalam %lu detik mendatang (masalah waktu atau jam)\n"
+
+#: g10/sig-check.c:239
+#, fuzzy, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "CATATAN: kunci signature %08lX berakhir %s\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "CATATAN: kunci telah dibatalkan"
+
+#: g10/sig-check.c:325
+#, fuzzy, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"mengasumsikan signature buruk dari kunci %08lX karena ada bit kritik tidak "
+"dikenal\n"
+
+#: g10/sig-check.c:591
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "kunci %08lX: tidak ada subkey untuk pembatalan paket\n"
+
+#: g10/sig-check.c:618
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "kunci %08lX: tidak ada subkey untuk key binding signature\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"PERINGATAN: tidak dapat melakukan %%-expand notasi (terlalu besar). "
+"Menggunakan yang tidak di-expand.\n"
+
+#: g10/sign.c:115
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"PERINGATAN: tidak dapat melakukan %%-expand policy url (terlalu besar). "
+"Menggunakan yang tidak expand.\n"
+
+#: g10/sign.c:138
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"PERINGATAN: tidak dapat melakukan %%-expand policy url (terlalu besar). "
+"Menggunakan yang tidak expand.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "Gagal memeriksa signature yang dibuat: %s\n"
+
+#: g10/sign.c:320
+#, fuzzy, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s signature dari: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"anda hanya dapat detach-sign dengan kunci bergaya PGP 2.x saat dalam mode --"
+"pgp2\n"
+
+#: g10/sign.c:837
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr "memaksa algoritma digest %s (%d) melanggar preferensi penerima\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "menandai:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"anda hanya dapat clearsign dengan kunci bergaya PGP 2.x saat dalam mode --"
+"pgp2\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "%s enkripsi akan digunakan\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"kunci tidak dianggap sebagai tidak aman - tidak dapat digunakan dengan RNG "
+"palsu!\n"
+
+#: g10/skclist.c:174
+#, fuzzy, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "lewati `%s': terduplikasi\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "melewati `%s': %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "dilewati: kunci pribadi telah ada\n"
+
+#: g10/skclist.c:208
+#, fuzzy
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"melewati `%s': ini adalah kunci ElGamal yang dihasilkan PGP yang tidak aman "
+"untuk signature!\n"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "trust record %lu, tipe %d: gagal menulis: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, fuzzy, c-format
+msgid "error in `%s': %s\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: g10/tdbdump.c:161
+#, fuzzy
+msgid "line too long"
+msgstr "baris terlalu panjang\n"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+#, fuzzy
+msgid "invalid fingerprint"
+msgstr "kesalahan: fingerprint tidak valid\n"
+
+#: g10/tdbdump.c:180
+#, fuzzy
+msgid "ownertrust value missing"
+msgstr "impor nilai ownertrust"
+
+#: g10/tdbdump.c:216
+#, fuzzy, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "kesalahan: gagal menemukan catatan trust: %s\n"
+
+#: g10/tdbdump.c:220
+#, fuzzy, c-format
+msgid "read error in `%s': %s\n"
+msgstr "kesalahan pembacaan: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "trustdb: gagal sync: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "trustdb rec %lu: lseek gagal: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "trustdb rec %lu: write failed (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "transaksi trustdb terlalu besar\n"
+
+#: g10/tdbio.c:500
+#, fuzzy, c-format
+msgid "can't access `%s': %s\n"
+msgstr "tidak dapat menutup `%s': %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: direktori tidak ada!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, fuzzy, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "tidak dapat membuat %s: %s\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, fuzzy, c-format
+msgid "can't lock `%s'\n"
+msgstr "tidak dapat membuka `%s'\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: gagal membuat catatan versi: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: tercipta trustdb tidak valid\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: tercipta trustdb\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "CATATAN: trustdb tidak dapat ditulisi\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: trustdb tidak valid\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: gagal membuat hashtable: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: kesalahan memperbaharui catatan versi: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: kesalahan membaca catatan versi: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: kesalahan menulis catatan versi: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "trustdb: lseek gagal: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "trustdb: read failed (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: bukan file trustdb\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: catatan versi dengan recnum %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: versi file %d tidak valid\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: kesalahan membaca record bebas: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: kesalahan menulis dir record: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: gagal mengosongkan record: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: gagal menambahkan record: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: tercipta trustdb\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "tidak dapat menangani baris teks lebih dari %d karakter\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "baris input lebih dari %d karakter\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "'%s' bukanlah keyID panjang yang valid\n"
+
+#: g10/trustdb.c:252
+#, fuzzy, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "kunci %08lX: diterima sebagai kunci terpercaya.\n"
+
+#: g10/trustdb.c:290
+#, fuzzy, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "kunci %08lX muncul lebih dari satu kali dalam trustdb\n"
+
+#: g10/trustdb.c:305
+#, fuzzy, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "kunci %08lX: tidak ada kunci publik untuk trusted key- dilewati\n"
+
+#: g10/trustdb.c:315
+#, fuzzy, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "kunci ditandai sebagai sangat dipercaya.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "trust record %lu, req tipe %d: gagal baca: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "trust record %lu tidak dalam jenis yang diminta %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+#, fuzzy
+msgid "[ revoked]"
+msgstr "[revoked] "
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+#, fuzzy
+msgid "[ expired]"
+msgstr "[expired] "
+
+#: g10/trustdb.c:528
+#, fuzzy
+msgid "[ unknown]"
+msgstr "tidak dikenal"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+#, fuzzy
+msgid "never"
+msgstr "tidak pernah..."
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "tidak perlu memeriksa trustdb\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "pemeriksaan trustdb berikutnya pada %s\n"
+
+#: g10/trustdb.c:607
+#, fuzzy, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "tidak perlu memeriksa trustdb\n"
+
+#: g10/trustdb.c:622
+#, fuzzy, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "tidak perlu memeriksa trustdb\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, fuzzy, c-format
+msgid "public key %s not found: %s\n"
+msgstr "kunci publik %08lX tidak ditemukan: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "lakukanlah --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "memeriksa trustdb\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d kunci diproses (%d hitungan validitas dihapus)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "tidak ditemukan kunci yang benar-benar terpercaya\n"
+
+#: g10/trustdb.c:2309
+#, fuzzy, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "kunci publik yang sangat terpercaya %08lX tidak ditemukan\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, fuzzy, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "trust record %lu, tipe %d: gagal menulis: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"signature tidak dapat diverifikasi.\n"
+"Tolong ingat bahwa file signature (.sig atau .asc)\n"
+"haruslah file pertama yang diberikan pada perintah baris.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "baris input %u terlalu panjang atau hilang LF\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "tidak dapat membuka `%s': %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "menulis kunci rahasia ke `%s'\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "kesalahan baca file"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "baris terlalu panjang\n"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "argumen tidak valid"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "perintah saling konflik\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "opsi impor tidak valid\n"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "tidak diproses"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "opsi impor tidak valid\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "Perintah tidak valid (coba \"help\")\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "tidak diproses"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "opsi impor tidak valid\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "anda menemukan kesalahan ...(%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "tidak dapat membuka file: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "gagal enarmoring: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "tidak dapat membuat direktori `%s': %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "kesalahan menulis keyring `%s': %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "menulis kunci rahasia ke `%s'\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "kunci publik %08lX tidak ditemukan: %s\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "menulis kunci rahasia ke `%s'\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "ubah passphrase"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "ubah passphrase"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Silakan pilih alasan untuk pembatalan:\n"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Silakan pilih alasan untuk pembatalan:\n"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, fuzzy, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: scd/app-openpgp.c:695
+#, fuzzy, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "gagal inisialisasi TrustDB: %s\n"
+
+#: scd/app-openpgp.c:708
+#, fuzzy, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "gagal membuat kembali cache keyring: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, fuzzy, c-format
+msgid "reading public key failed: %s\n"
+msgstr "gagal menghapus keyblok: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr ""
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "ubah passphrase"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, fuzzy, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "Pengiriman keyserver gagal: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "ubah passphrase"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "ubah passphrase"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "Silakan pilih alasan untuk pembatalan:\n"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+#, fuzzy
+msgid "error reading application data\n"
+msgstr "gagal membaca keyblock: %s\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+#, fuzzy
+msgid "error reading fingerprint DO\n"
+msgstr "%s: kesalahan membaca record bebas: %s\n"
+
+#: scd/app-openpgp.c:2194
+#, fuzzy
+msgid "key already exists\n"
+msgstr "`%s' sudah dikompresi\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2200
+#, fuzzy
+msgid "generating new key\n"
+msgstr "buat sepasang kunci baru"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "buat sepasang kunci baru"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2773
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "gagal inisialisasi TrustDB: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2872
+#, fuzzy
+msgid "generating key failed\n"
+msgstr "gagal menghapus keyblok: %s\n"
+
+#: scd/app-openpgp.c:2875
+#, fuzzy, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "Pembuatan kunci gagal: %s\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "%s signature, algoritma digest %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, fuzzy, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "tidak ditemukan data OpenPGP yang valid.\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr ""
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "|FILE|muat modul ekstensi FILE"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+#, fuzzy
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NAMA|gunakan NAMA sebagai penerima baku"
+
+#: scd/scdaemon.c:130
+#, fuzzy
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NAMA|gunakan NAMA sebagai penerima baku"
+
+#: scd/scdaemon.c:133
+#, fuzzy
+msgid "do not use the internal CCID driver"
+msgstr "jangan menggunakan terminal"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "perintah saling konflik\n"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "karakter radix64 tidak valid %02x dilewati\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+#, fuzzy
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "variabel lingkungan GPG_AGENT_INFO salah bentuk\n"
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "protokol gpg-agent versi %d tidak didukung\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "bantuan"
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "protokol gpg-agent versi %d tidak didukung\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "tidak dapat membuka `%s': %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "menulis kunci rahasia ke `%s'\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "gagal menghapus keyblok: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "gagal inisialisasi TrustDB: %s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "CATATAN: kunci telah dibatalkan"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "Gagal memeriksa signature yang dibuat: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr ""
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "menulis kunci rahasia ke `%s'\n"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "Kunci ini telah berakhir!"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "Kunci ini telah berakhir!"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "Kunci ini telah berakhir!"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "Kunci ini telah berakhir!"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " signature baru: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "Sertifikat pembatalan tercipta.\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "sertifikat yang buruk"
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr ""
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "tampilkan fingerprint"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "buat sertifikat revokasi"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "Gagal memeriksa signature yang dibuat: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr ""
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "verifikasi signature"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "preferensi %c%lu ganda \n"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "Sertifikat pembatalan tercipta.\n"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr "sertifikat yang buruk"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "n|t|tidak"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "kesalahan: fingerprint tidak valid\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "kesalahan: fingerprint tidak valid\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Anda perlu passphrase untuk membuka kunci rahasia untuk user:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %08lX, tercipta %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "kesalahan menulis keyring rahasia `%s': %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "algoritma hash tidak valid `%s'\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Bukan alamat email yang valid\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "kesalahan menulis keyring `%s': %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "kesalahan menulis keyring `%s': %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "Pembuatan kunci gagal: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (hanya menandai)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) RSA (hanya enkripsi)\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Notasi signature: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "Tidak ada ID user dengan index %d\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: kesalahan membaca record bebas: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "tiadakan kunci"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) RSA (tandai dan enkripsi)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (hanya menandai)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (hanya enkripsi)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+#, fuzzy
+msgid "No subject name given\n"
+msgstr "(Tidak diberikan deskripsi)\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "algoritma hash tidak valid `%s'\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "Alamat email: "
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"Masukkan user ID. Akhiri dengan baris kosong: "
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "Masukkan nama file baru"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr ""
+"Masukkan sebuah deskripsi opsional; akhiri dengan sebuah baris kosong:\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr ""
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "kunci '%s' tidak ditemukan: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "gagal membaca keyblock: %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "Sertifikat pembatalan tercipta.\n"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "preferensi %c%lu ganda \n"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "gagal menghapus keyblok: %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "(Tidak diberikan deskripsi)\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "tampilkan kunci rahasia"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "sertifikat yang buruk"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "sertifikat yang buruk"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "sertifikat yang buruk"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "ciptakan output ascii"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "jangan menggunakan terminal"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "|FILE|muat modul ekstensi FILE"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "mode batch: tanpa tanya"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "asumsikan ya untuk seluruh pertanyaan"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "asumsikan tidak untuk seluruh pertanyaan"
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "tambah keyring ini ke daftar keyring"
+
+#: sm/gpgsm.c:301
+#, fuzzy
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|NAMA|gunakan NAMA sebagai kunci rahasia baku"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|HOST|gunakan keyserver ini utk lihat kunci"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NAMA|gunakan algoritma cipher NAMA"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NAMA|gunakan algoritma digest pesan NAMA"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintaks: gpg [pilihan] [file]\n"
+"tandai, cek, enkripsi atau dekripsi\n"
+"operasi baku tergantung pada data input\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "pemakaian: gpg [pilihan] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "tidak dapat terkoneksi ke `%s': %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "penerima baku tidak dikenal `%s'\n"
+
+#: sm/gpgsm.c:801
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Tidak diberikan deskripsi)\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = lewati kunci ini\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "tidak dapat memparsing URI keyserver\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, fuzzy, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "menulis ke `%s'\n"
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "tidak dapat menutup `%s': %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr "Jumlah yang telah diproses: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "buat sertifikat revokasi"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "gagal inisialisasi TrustDB: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "kesalahan menulis keyring `%s': %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "%s: keyring tercipta\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "gagal inisialisasi TrustDB: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: sm/keydb.c:1408
+#, fuzzy, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "rev? masalah memeriksa pembatalan: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "kesalahan: fingerprint tidak valid\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "algoritma proteksi %d%s tidak didukung\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "Gagal memeriksa signature yang dibuat: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "Signature kadaluwarsa %s\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "Signature baik dari \""
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " alias \""
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr ""
+"\n"
+"Ini akan jadi self-signature.\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "q|k|keluar"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|FILE|muat modul ekstensi FILE"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "gagal menghapus keyblok: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "baris terlalu panjang\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "penerima baku tidak dikenal `%s'\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "gagal menandai: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "kesalahan mengirim ke `%s': %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "kesalahan mengirim ke `%s': %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|gunakan passphrase mode N"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NAMA|gunakan NAMA sebagai kunci rahasia baku"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NAMA|enkripsi untuk NAMA"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "tidak dapat memparsing URI keyserver\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+#, fuzzy
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NAMA|gunakan algoritma cipher NAMA untuk passphrase"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "Item Konfigurasi tidak dikenal \"%s\"\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "Item Konfigurasi tidak dikenal \"%s\"\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "gunakan sebagai file output"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "pemakaian: gpg [pilihan] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "kunci publik tidak ditemukan"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "menulis kunci rahasia ke `%s'\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Perintah:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "dekripsi lancar\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "dekripsi lancar\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [namafile]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s tidak dibolehkan dengan %s!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "tidak dapat membuka file: %s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "tidak dapat membuat direktori `%s': %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, fuzzy, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "tidak dapat membuka %s: %s\n"
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "kesalahan menulis keyring `%s': %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "kesalahan membaca `%s': %s\n"
+
+#: tools/symcryptrun.c:488
+#, fuzzy
+msgid "no --program option provided\n"
+msgstr "tidak ada eksekusi program remote yang didukung\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "tidak dapat membuat %s: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "tidak dapat membuat %s: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "gagal memperbarui: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "gagal menghapus keyblok: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "gagal memperbarui: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "gagal memperbarui: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "gagal memperbarui: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "tidak dapat membuat %s: %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "tidak dapat membuat %s: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "algoritma proteksi %d%s tidak didukung\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Pemakaian: gpg [pilihan] [file] (-h untuk bantuan)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Perintah> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr "trustdb terkorupsi; silakan jalankan \"gpg --fix-trustdb\".\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr "Laporkan bug ke <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr "Laporkan bug ke <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "Keypair DSA akan memiliki 1024 bit.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Ulangi passphrase\n"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "membaca pilihan dari `%s'\n"
+
+#~ msgid "|[file]|make a signature"
+#~ msgstr "|[file]|buat signature"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[file]|buat signature"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[file]|buat signature teks"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|NAMA|gunakan NAMA sebagai penerima baku"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "gunakan kunci baku sebagai penerima baku"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "paksa signature v3"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "selalu gunakan MDC untuk enkripsi"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "tambah keyring rahasia ini ke daftar"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|NAMA|set charset terminal ke NAMA"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|FILE|muat modul ekstensi FILE"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|gunakan algoritma kompresi N"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "hapus kunci dari keyring publik"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Terserah anda untuk memberi nilai baru di sini; nilai ini tidak akan "
+#~ "diekspor\n"
+#~ "ke pihak ketiga. Kami perlu untuk mengimplementasikan web-of-trust; tidak "
+#~ "ada\n"
+#~ "kaitan dengan (membuat secara implisit) web-of-certificates."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Untuk membuat Web-of-Trust, GnuPG perlu tahu kunci mana yang\n"
+#~ "sangat dipercaya - mereka biasanya adalah kunci yang anda punya\n"
+#~ "akses ke kunci rahasia. Jawab \"yes\" untuk menset kunci ini ke\n"
+#~ "sangat dipercaya\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Jika anda ingin menggunakan kunci tidak terpercaya ini, jawab \"ya\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr "Masukkan ID user penerima pesan."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "Secara umum bukan ide baik untuk menggunakan kunci yang sama untuk "
+#~ "menandai dan\n"
+#~ "mengenkripsi. Algoritma ini seharusnya digunakan dalam domain tertentu.\n"
+#~ "Silakan berkonsultasi dulu dengan ahli keamanan anda."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Masukkan ukuran kunci"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Jawab \"ya\" atau \"tidak\""
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Masukkan nilai yang diperlukan seperti pada prompt.\n"
+#~ "Dapat digunakan format (YYYY-MM-DD) untuk mengisi tanggal ISO tetapi "
+#~ "anda\n"
+#~ "tidak akan mendapat respon kesalahan yang baik - sebaiknya sistem akan\n"
+#~ "berusaha menginterprestasi nilai yang diberikan sebagai sebuah interval."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Masukkan nama pemegang kunci"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr "silakan masukkan alamat email (pilihan namun sangat dianjurkan)"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Silakan masukkan komentar tambahan"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N untuk merubah nama.\n"
+#~ "K untuk merubah komentar.\n"
+#~ "E untuk merubah alamat email.\n"
+#~ "O untuk melanjutkan dengan pembuatan kunci.\n"
+#~ "K untuk menghentikan pembuatan kunci."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr "Jawab \"ya\" (atau \"y\") jika telah siap membuat subkey."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Ketika anda menandai user ID pada kunci, anda perlu memverifikasi bahwa "
+#~ "kunci\n"
+#~ "milik orang yang disebut dalam user ID. Ini penting bagi orang lain "
+#~ "untuk tahu\n"
+#~ "seberapa cermat anda memverifikasi ini.\n"
+#~ "\n"
+#~ "\"0\" berarti anda tidak melakukan klaim tentang betapa cermat anda "
+#~ "memverifikasi kunci.\n"
+#~ "\n"
+#~ "\"1\" berarti anda percaya bahwa kunci dimiliki oleh orang yang mengklaim "
+#~ "memilikinya\n"
+#~ " namun anda tidak dapat, atau tidak memverifikasi kunci sama sekali. "
+#~ "Hal ini bergunabagi\n"
+#~ " verifikasi \"persona\", yaitu anda menandai kunci user pseudonymous\n"
+#~ "\n"
+#~ "\"2\" berarti anda melakukan verifikasi kasual atas kunci. Sebagai "
+#~ "contoh, halini dapat\n"
+#~ " berarti bahwa anda memverifikasi fingerprint kunci dan memeriksa user "
+#~ "ID pada kunci\n"
+#~ " dengan photo ID.\n"
+#~ "\n"
+#~ "\"3\" berarti anda melakukan verifikasi ekstensif atas kunci. Sebagai "
+#~ "contoh, hal ini\n"
+#~ " dapat berarti anda memverifikasi fingerprint kunci dengan pemilik "
+#~ "kunci\n"
+#~ " secara personal, dan anda memeriksa, dengan menggunakan dokumen yang "
+#~ "sulit dipalsukan yang memiliki\n"
+#~ " photo ID (seperti paspor) bahwa nama pemilik kunci cocok dengan\n"
+#~ " nama user ID kunci, dan bahwa anda telah memverifikasi (dengan "
+#~ "pertukaran\n"
+#~ " email) bahwa alamat email pada kunci milik pemilik kunci.\n"
+#~ "\n"
+#~ "Contoh-contoh pada level 2 dan 3 hanyalah contoh.\n"
+#~ "Pada akhirnya, terserah anda untuk memutuskan apa arti \"kasual\" dan "
+#~ "\"ekstensif\"\n"
+#~ "bagi anda ketika menandai kunci lain.\n"
+#~ "\n"
+#~ "Jika anda tidak tahu jawaban yang tepat, jawab \"0\"."
+
+#, fuzzy
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "Jawab \"ya\" jika anda ingin menandai seluruh ID user"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Jawab \"ya\" jika anda benar-benar ingin menghapus ID user ini.\n"
+#~ "Seluruh sertifikat juga akan hilang!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Jawab \"ya\" jika ingin menghapus subkey"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Ini adalah signature valid untuk kunci; anda normalnya tdk ingin "
+#~ "menghapus\n"
+#~ "signature ini karena mungkin penting membangun koneksi trust ke kunci "
+#~ "atau\n"
+#~ "ke kunci tersertifikasi lain dengan kunci ini."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Signature ini tidak dapat diperiksa karena anda tidak memiliki kunci\n"
+#~ "korespondennya. Anda perlu menunda penghapusannya hingga anda tahu\n"
+#~ "kunci yang digunakan karena kunci penanda ini mungkin membangun suatu\n"
+#~ "koneksi trust melalui kunci yang telah tersertifikasi lain."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr ""
+#~ "Signature tidak valid. Adalah hal yang masuk akal untuk menghapusnya "
+#~ "dari\n"
+#~ "keyring anda"
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Ini adalah signature yang menghubungkan ID pemakai ke kunci. Biasanya\n"
+#~ "bukan ide yang baik untuk menghapus signature semacam itu. Umumnya\n"
+#~ "GnuPG tidak akan dapat menggunakan kunci ini lagi. Sehingga lakukan hal\n"
+#~ "ini bila self-signature untuk beberapa alasan tidak valid dan\n"
+#~ "tersedia yang kedua."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Rubah preferensi seluruh user ID (atau hanya yang terpilih)\n"
+#~ "ke daftar preferensi saat ini. Timestamp seluruh self-signature\n"
+#~ "yang terpengaruh akan bertambah satu detik.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr ""
+#~ "Silakan ulangi passphrase terakhir, sehingga anda yakin yang anda "
+#~ "ketikkan."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Beri nama file tempat berlakunya signature"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Jawab \"ya\" jika tidak apa-apa menimpa file"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Silakan masukan nama file baru. Jika anda hanya menekan RETURN nama\n"
+#~ "file baku (yang diapit tanda kurung) akan dipakai."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Anda harus menspesifikasikan alasan pembatalan. Semua ini tergantung\n"
+#~ "konteks, anda dapat memilih dari daftar berikut:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Gunakan ini jika anda punya alasan untuk percaya bahwa orang yang "
+#~ "tidak berhak\n"
+#~ " memiliki akses ke kunci pribadi anda.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Gunakan ini bila anda mengganti kunci anda dengan yang baru.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Gunakan ini bila anda telah mempensiunkan kunci ini.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Gunakan ini untuk menyatakan user ID tidak boleh digunakan lagi;\n"
+#~ " normalnya digunakan untuk menandai bahwa alamat email tidak valid "
+#~ "lagi.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Jika anda suka, anda dapat memasukkan teks menjelaskan mengapa anda\n"
+#~ "mengeluarkan sertifikat pembatalan ini. Buatlah ringkas.\n"
+#~ "Baris kosong mengakhiri teks.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "tidak dapat menaruh notasi data ke signature v3(gaya PGP 2.x)\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr ""
+#~ "tidak dapat menaruh notasi data ke kunci signature v3 (gaya PGP 2.x)\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "tidak dapat menaruh sebuah kebijakan URL ke signature v3 (gaya PGP 2.x)\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "tidak dapat menaruh sebuah kebijakan URL ke signature v3 (gaya PGP 2.x)\n"
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "bantuan"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr ""
+#~ "silakan lihat http://www.gnupg.org/faq.html untuk informasi lebih lanjut\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "gpg-agent tidak tersedia untuk sesi ini\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Silakan pilih kunci yang anda inginkan:\n"
+
+#, fuzzy
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr "ekstensi cipher \"%s\" tidak dimuat karena permisi tidak aman\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA butuh penggunaan algoritma hash 160 bit\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "masalah dengan agen - tiadakan penggunaan agen\n"
+
+#, fuzzy
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "tidak dapat meminta password dalam mode batch\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Masukkan passphrase: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Ulangi passphrase: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [id-user] [keyring]"
+
+#, fuzzy
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "tidak dapat membuat bilangan prima dengan bit kurang dari %d\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "tidak dapat membuat bilangan prima dengan bit kurang dari %d\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "modul entropi gathering tidak terdeteksi\n"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "tidak dapat membuka `%s'\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "tidak dapat melakukan statistik `%s': %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "'%s' bukan file reguler - diabaikan\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "catatan: file random_seed kosong\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr "peringatan: ukuran file random_seed tidak valid - tidak dipakai\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "tidak dapat membaca `%s': %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "catatan: file random_seed tidak diupdate\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "tidak dapat menulis `%s': %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "tidak dapat menutup `%s': %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "PERINGATAN: menggunakan random number generator yang tidak aman!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Random number generator yang digunakan tidak aman,\n"
+#~ "ia bukanlah RNG yang kuat!\n"
+#~ "\n"
+#~ "JANGAN MENGGUNAKAN DATA YANG DIHASILKAN PROGRAM INI!!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Silakan tunggu, entropi sedang dikumpulkan. Lakukan beberapa pekerjaan\n"
+#~ "bila itu tidak akan membosankan anda, karena hal tersebut akan "
+#~ "memperbaiki\n"
+#~ "kualitas entropi.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Tidak tersedia cukup byte random. Silakan melakukan aktivitas lain agar\n"
+#~ "memungkinkan SO mengumpulkan lebih banyak entropi! (Perlu %d byte lagi)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "kunci rahasia tidak tersedia"
+
+#, fuzzy
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "gpg-agent tidak tersedia untuk sesi ini\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "Anda telah menandai ID user ini:\n"
+
+#~ msgid "general error"
+#~ msgstr "Kesalahan umum"
+
+#~ msgid "unknown packet type"
+#~ msgstr "tipe paket tidak dikenal"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "algoritma pubkey tidak dikenal"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "algoritma digest tidak dikenal"
+
+#~ msgid "bad public key"
+#~ msgstr "kunci publik yang buruk"
+
+#~ msgid "bad secret key"
+#~ msgstr "kunci rahasia yang buruk"
+
+#~ msgid "bad signature"
+#~ msgstr "signature yang buruk"
+
+#~ msgid "checksum error"
+#~ msgstr "kesalahan checksum"
+
+#~ msgid "unknown cipher algorithm"
+#~ msgstr "algoritma cipher tidak dikenal"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "tidak dapat membuka keyring"
+
+#~ msgid "invalid packet"
+#~ msgstr "paket tidak valid"
+
+#~ msgid "invalid armor"
+#~ msgstr "armor tidak valid"
+
+#~ msgid "no such user id"
+#~ msgstr "tidak ada user id tsb"
+
+#~ msgid "secret key not available"
+#~ msgstr "kunci rahasia tidak tersedia"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "digunakan kunci rahasia yang salah"
+
+#~ msgid "not supported"
+#~ msgstr "tidak didukung"
+
+#~ msgid "bad key"
+#~ msgstr "kunci yang buruk"
+
+#~ msgid "file write error"
+#~ msgstr "kesalahan tulis file"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "algoritma kompresi tidak dikenal"
+
+#~ msgid "file open error"
+#~ msgstr "kesalahan buka file"
+
+#~ msgid "file create error"
+#~ msgstr "kesalahan buat file"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "passphrase tidak valid"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "algoritma pubkey belum diimplementasikan"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "algoritma cipher belum diimplementasikan"
+
+#~ msgid "unknown signature class"
+#~ msgstr "kelas signature tidak dikenal"
+
+#~ msgid "trust database error"
+#~ msgstr "kesalahan database trust"
+
+#~ msgid "resource limit"
+#~ msgstr "batasan sumber daya"
+
+#~ msgid "invalid keyring"
+#~ msgstr "keyring tidak valid"
+
+#~ msgid "malformed user id"
+#~ msgstr "user id yang tidak benar"
+
+#~ msgid "file close error"
+#~ msgstr "kesalahan tutup file"
+
+#~ msgid "file rename error"
+#~ msgstr "kesalahan ganti nama file"
+
+#~ msgid "file delete error"
+#~ msgstr "kesalahan hapus file"
+
+#~ msgid "unexpected data"
+#~ msgstr "data tidak terduga"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "konflik timestamp"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "algoritma pubkey tidak dapat digunakan"
+
+#~ msgid "file exists"
+#~ msgstr "file ada"
+
+#~ msgid "weak key"
+#~ msgstr "kunci lemah"
+
+#~ msgid "bad URI"
+#~ msgstr "URI yang buruk"
+
+#~ msgid "unsupported URI"
+#~ msgstr "URI tidak didukung"
+
+#~ msgid "network error"
+#~ msgstr "kesalahan jaringan"
+
+#~ msgid "not processed"
+#~ msgstr "tidak diproses"
+
+#~ msgid "unusable public key"
+#~ msgstr "kunci publik tidak dapat dipakai"
+
+#~ msgid "unusable secret key"
+#~ msgstr "kunci rahasia tidak dapat dipakai"
+
+#~ msgid "keyserver error"
+#~ msgstr "kesalahan keyserver"
+
+#, fuzzy
+#~ msgid "no card"
+#~ msgstr "tidak dienkripsi"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "tidak ada data tertandai\n"
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... kesalahan (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "Peringatan: menggunakan memori yang tidak aman!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "operasi tidak mungkin tanpa menginisialisasi memori yang aman\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(anda mungkin menggunakan program yang salah untuk tugas ini)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr ""
+#~ "silakan lihat http://www.gnupg.org/why-not-idea.html untuk informasi "
+#~ "lebih lanjut\n"
+
+#, fuzzy
+#~ msgid "all export-clean-* options from above"
+#~ msgstr "baca pilihan dari file"
+
+#, fuzzy
+#~ msgid "all import-clean-* options from above"
+#~ msgstr "baca pilihan dari file"
+
+#, fuzzy
+#~ msgid "expired: %s)"
+#~ msgstr " [berakhir: %s]"
+
+#, fuzzy
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr "kunci %08lX: klas signature tidak diharapkan (0x%02x) - dilewati\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "tidak dapat mengeksekusi %s \"%s\": %s\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "User ID \"%s\" telah dibatalkan\n"
+
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr "passphrase jelek atau algoritma cipher (%d) tidak dikenal\n"
+
+#~ msgid "can't set client pid for the agent\n"
+#~ msgstr "tidak dapat menset pid client untuk agen\n"
+
+#~ msgid "can't get server read FD for the agent\n"
+#~ msgstr "tidak dapat membuat server membaca FD untuk agen\n"
+
+#~ msgid "can't get server write FD for the agent\n"
+#~ msgstr "tidak dapat membuat server menulis FD untuk agen\n"
+
+#~ msgid "invalid response from agent\n"
+#~ msgstr "respon tidak valid dari agen\n"
+
+#~ msgid "select secondary key N"
+#~ msgstr "pilih kunci sekunder N"
+
+#~ msgid "list signatures"
+#~ msgstr "tampilkan signature"
+
+#~ msgid "sign the key"
+#~ msgstr "tandai kunci"
+
+#~ msgid "add a secondary key"
+#~ msgstr "tambah kunci sekunder"
+
+#~ msgid "delete signatures"
+#~ msgstr "hapus signature"
+
+#~ msgid "change the expire date"
+#~ msgstr "ubah tanggal kadaluarsa"
+
+#~ msgid "set preference list"
+#~ msgstr "set daftar preferensi"
+
+#~ msgid "updated preferences"
+#~ msgstr "perbarui preferensi"
+
+#~ msgid "No secondary key with index %d\n"
+#~ msgstr "Tidak ada kunci sekunder dengan index %d\n"
+
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--nrsign-key user-id"
+
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--nrlsign-key user-id"
+
+#~ msgid "sign the key non-revocably"
+#~ msgstr "tandai kunci sebagai tidak dapat dibatalkan"
+
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "tandai kunci secara lokal dan tidak dapat dibatalkan"
+
+#~ msgid "q"
+#~ msgstr "q"
+
+#~ msgid "list"
+#~ msgstr "tampilkan"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "debug"
+#~ msgstr "debug"
+
+#, fuzzy
+#~ msgid "name"
+#~ msgstr "enable"
+
+#, fuzzy
+#~ msgid "login"
+#~ msgstr "lsign"
+
+#, fuzzy
+#~ msgid "cafpr"
+#~ msgstr "fpr"
+
+#, fuzzy
+#~ msgid "forcesig"
+#~ msgstr "revsig"
+
+#, fuzzy
+#~ msgid "generate"
+#~ msgstr "Kesalahan umum"
+
+#~ msgid "passwd"
+#~ msgstr "passwd"
+
+#~ msgid "save"
+#~ msgstr "simpan"
+
+#~ msgid "fpr"
+#~ msgstr "fpr"
+
+#~ msgid "uid"
+#~ msgstr "uid"
+
+#~ msgid "key"
+#~ msgstr "kunci"
+
+#~ msgid "check"
+#~ msgstr "periksa"
+
+#~ msgid "c"
+#~ msgstr "c"
+
+#~ msgid "sign"
+#~ msgstr "tandai"
+
+#~ msgid "s"
+#~ msgstr "s"
+
+#, fuzzy
+#~ msgid "tsign"
+#~ msgstr "tandai"
+
+#~ msgid "lsign"
+#~ msgstr "lsign"
+
+#~ msgid "nrsign"
+#~ msgstr "nrsign"
+
+#~ msgid "nrlsign"
+#~ msgstr "nrlsign"
+
+#~ msgid "adduid"
+#~ msgstr "adduid"
+
+#~ msgid "addphoto"
+#~ msgstr "addphoto"
+
+#~ msgid "deluid"
+#~ msgstr "deluid"
+
+#~ msgid "delphoto"
+#~ msgstr "delphoto"
+
+#, fuzzy
+#~ msgid "addcardkey"
+#~ msgstr "addkey"
+
+#~ msgid "delkey"
+#~ msgstr "delkey"
+
+#~ msgid "addrevoker"
+#~ msgstr "addrevoker"
+
+#~ msgid "delsig"
+#~ msgstr "delsig"
+
+#~ msgid "expire"
+#~ msgstr "expire"
+
+#~ msgid "primary"
+#~ msgstr "primer"
+
+#~ msgid "toggle"
+#~ msgstr "toggle"
+
+#~ msgid "t"
+#~ msgstr "t"
+
+#~ msgid "pref"
+#~ msgstr "pref"
+
+#~ msgid "showpref"
+#~ msgstr "showpref"
+
+#~ msgid "setpref"
+#~ msgstr "setpref"
+
+#~ msgid "updpref"
+#~ msgstr "updpref"
+
+#, fuzzy
+#~ msgid "keyserver"
+#~ msgstr "kesalahan keyserver"
+
+#~ msgid "trust"
+#~ msgstr "trust"
+
+#~ msgid "revsig"
+#~ msgstr "revsig"
+
+#~ msgid "revuid"
+#~ msgstr "revuid"
+
+#~ msgid "revkey"
+#~ msgstr "revkey"
+
+#~ msgid "disable"
+#~ msgstr "disable"
+
+#~ msgid "enable"
+#~ msgstr "enable"
+
+#~ msgid "showphoto"
+#~ msgstr "showphoto"
+
+#~ msgid "digest algorithm `%s' is read-only in this release\n"
+#~ msgstr "algoritma digest `%s' adalah hanya-baca dalam rilis ini\n"
+
+#~ msgid ""
+#~ "About to generate a new %s keypair.\n"
+#~ " minimum keysize is 768 bits\n"
+#~ " default keysize is 1024 bits\n"
+#~ " highest suggested keysize is 2048 bits\n"
+#~ msgstr ""
+#~ "Akan dibuat satu pasang kunci baru %s.\n"
+#~ " keysize minimum adalah 768 bit\n"
+#~ " keysize default adalah 1024 bit\n"
+#~ " keysize tertinggi dianjurkan 2048 bit\n"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "DSA hanya membolehkan keysize dari 512 hingga 1024\n"
+
+#~ msgid "keysize too small; 1024 is smallest value allowed for RSA.\n"
+#~ msgstr ""
+#~ "keysize terlalu kecil; 1024 adalah nilai terendah yang diijinkan untuk "
+#~ "RSA.\n"
+
+#~ msgid "keysize too small; 768 is smallest value allowed.\n"
+#~ msgstr "keysize terlalu kecil; 768 adalah nilai terendah yang diijinkan.\n"
+
+#~ msgid "keysize too large; %d is largest value allowed.\n"
+#~ msgstr "keysize terlalu besar; %d adalah nilai tertinggi yang diijinkan.\n"
+
+#~ msgid ""
+#~ "Keysizes larger than 2048 are not suggested because\n"
+#~ "computations take REALLY long!\n"
+#~ msgstr ""
+#~ "Keysize lebih besar dari 2048 tidak dianjurkan karena\n"
+#~ "komputasi akan sangat lama!\n"
+
+#, fuzzy
+#~ msgid "Are you sure that you want this keysize? (y/N) "
+#~ msgstr "Apakah anda yakin memerlukan keysize ini? "
+
+#~ msgid ""
+#~ "Okay, but keep in mind that your monitor and keyboard radiation is also "
+#~ "very vulnerable to attacks!\n"
+#~ msgstr ""
+#~ "Oke, tetapi ingat bahwa radiasi monitor dan keyboard anda juga sangat "
+#~ "mudah diserang!\n"
+
+#~ msgid "Experimental algorithms should not be used!\n"
+#~ msgstr "Algoritma eksperimental sebaiknya tidak dipakai!\n"
+
+#~ msgid ""
+#~ "this cipher algorithm is deprecated; please use a more standard one!\n"
+#~ msgstr ""
+#~ "algoritma cipher ini didepresiasi; silakan gunakan yang lebih standar!\n"
+
+#~ msgid "sorry, can't do this in batch mode\n"
+#~ msgstr "maaf, tidak dapat melakukan hal ini dalam mode batch\n"
+
+#, fuzzy
+#~ msgid "can't open file `%s': %s\n"
+#~ msgstr "tidak dapat membuka file: %s\n"
+
+#, fuzzy
+#~ msgid " \""
+#~ msgstr " alias \""
+
+#~ msgid "key %08lX: key has been revoked!\n"
+#~ msgstr "kunci %08lX: kunci telah dibatalkan!\n"
+
+#~ msgid "key %08lX: subkey has been revoked!\n"
+#~ msgstr "kunci %08lX: subkey telah dibatalkan!\n"
+
+#~ msgid "%08lX: key has expired\n"
+#~ msgstr "%08lX: kunci telah berakhir\n"
+
+#~ msgid "%08lX: We do NOT trust this key\n"
+#~ msgstr "%08lX: Kita TIDAK percaya kunci ini\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (auth only)\n"
+#~ msgstr " (%d) RSA (hanya menandai)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign and auth)\n"
+#~ msgstr " (%d) RSA (tandai dan enkripsi)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (encrypt and auth)\n"
+#~ msgstr " (%d) RSA (hanya enkripsi)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign, encrypt and auth)\n"
+#~ msgstr " (%d) RSA (tandai dan enkripsi)\n"
+
+#~ msgid "%s: can't open: %s\n"
+#~ msgstr "%s: tidak dapat membuka: %s\n"
+
+#~ msgid "%s: WARNING: empty file\n"
+#~ msgstr "%s: PERINGATAN: file kosong\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust marginally\n"
+#~ msgstr " %d = Saya cukup percaya\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust fully\n"
+#~ msgstr " %d = Saya sangat percaya\n"
+
+#, fuzzy
+#~ msgid "expires"
+#~ msgstr "expire"
+
+#, fuzzy
+#~ msgid ""
+#~ "\"\n"
+#~ "locally signed with your key %s at %s\n"
+#~ msgstr ""
+#~ "\"\n"
+#~ "ditandai secara lokal dengan kunci anda %08lX pada %s\n"
+
+#~ msgid "%s: can't access: %s\n"
+#~ msgstr "%s: tidak dapat mengakses: %s\n"
+
+#~ msgid "%s: can't create lock\n"
+#~ msgstr "%s: tidak dapat membuat lock\n"
+
+#~ msgid "%s: can't make lock\n"
+#~ msgstr "%s: tidak dapat membuat lock\n"
+
+#~ msgid "%s: can't create: %s\n"
+#~ msgstr "%s: tidak dapat membuat: %s\n"
+
+#~ msgid "If you want to use this revoked key anyway, answer \"yes\"."
+#~ msgstr "Jika anda ingin menggunakan kunci yang dibatalkan, jawab \"ya\"."
+
+#~ msgid "Unable to open photo \"%s\": %s\n"
+#~ msgstr "Tidak dapat membuka foto \"%s\":%s\n"
+
+#~ msgid "error: missing colon\n"
+#~ msgstr "kesalahan: kurang tanda titik dua\n"
+
+#~ msgid "error: no ownertrust value\n"
+#~ msgstr "kesalahan: tidak ada nilai ownertrust\n"
+
+#~ msgid " (main key ID %08lX)"
+#~ msgstr " (ID kunci utama %08lX)"
+
+#~ msgid "rev! subkey has been revoked: %s\n"
+#~ msgstr "rev! subkey telah dibatalkan: %s\n"
+
+#~ msgid "rev- faked revocation found\n"
+#~ msgstr "rev - ditemukan pembatalan palsu\n"
+
+#, fuzzy
+#~ msgid " [expired: %s]"
+#~ msgstr " [berakhir: %s]"
+
+#~ msgid " [expires: %s]"
+#~ msgstr " [berakhir: %s]"
+
+#, fuzzy
+#~ msgid " [revoked: %s]"
+#~ msgstr "[revoked] "
+
+#~ msgid ""
+#~ "WARNING: digest `%s' is not part of OpenPGP. Use at your own risk!\n"
+#~ msgstr ""
+#~ "PERINGATAN: digest `%s' bukan merupakan bagian OpenPGP. Gunakan dan "
+#~ "tanggung sendiri risikonya!\n"
+
+#~ msgid "|[files]|encrypt files"
+#~ msgstr "|[files]|enkripsi file"
+
+#~ msgid "store only"
+#~ msgstr "hanya disimpan"
+
+#~ msgid "|[files]|decrypt files"
+#~ msgstr "|[files]|dekripsi file"
+
+#~ msgid "sign a key non-revocably"
+#~ msgstr "tandai kunci tidak dapat di-revoke"
+
+#~ msgid "sign a key locally and non-revocably"
+#~ msgstr "tandai kunci secara lokal dan tidak dapat di-revoke"
+
+#~ msgid "list only the sequence of packets"
+#~ msgstr "tampilkan hanya urutan paket"
+
+#~ msgid "export the ownertrust values"
+#~ msgstr "ekspor nilai ownertrust"
+
+#~ msgid "unattended trust database update"
+#~ msgstr "perbarui database trust secara otomatis"
+
+#~ msgid "fix a corrupted trust database"
+#~ msgstr "perbaiki database trust yang terkorupsi"
+
+#~ msgid "De-Armor a file or stdin"
+#~ msgstr "De-Armor file atau stdin"
+
+#~ msgid "En-Armor a file or stdin"
+#~ msgstr "En-Armor file atau stdin"
+
+#~ msgid "do not force v3 signatures"
+#~ msgstr "jangan paksa signature v3"
+
+#~ msgid "force v4 key signatures"
+#~ msgstr "paksa signature kunci v4"
+
+#~ msgid "do not force v4 key signatures"
+#~ msgstr "jangan paksa signature kunci v4"
+
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "jangan gunakan MDC untuk enkripsi"
+
+#~ msgid "use the gpg-agent"
+#~ msgstr "gunakan gpg-agent"
+
+#~ msgid "|[file]|write status info to file"
+#~ msgstr "|[file]|tulis status info ke file"
+
+#~ msgid "|KEYID|ultimately trust this key"
+#~ msgstr "|KEYID|sangat percayai kunci ini"
+
+#~ msgid "emulate the mode described in RFC1991"
+#~ msgstr "emulasikan mode seperti dalam RFC1991"
+
+#~ msgid "set all packet, cipher and digest options to OpenPGP behavior"
+#~ msgstr "set pilihan semua paket, cipher, digest ke perilaku OpenPGP"
+
+#~ msgid "set all packet, cipher and digest options to PGP 2.x behavior"
+#~ msgstr "set pilihan semua paket, cipher, digest ke perilaku PGP 2.x"
+
+#~ msgid "|NAME|use message digest algorithm NAME for passphrases"
+#~ msgstr "|NAMA|gunakan algoritma digest NAMA utk passphrase"
+
+#~ msgid "throw keyid field of encrypted packets"
+#~ msgstr "buang field keyid paket terenkripsi"
+
+#~ msgid "Show Photo IDs"
+#~ msgstr "Tampilkan Photo IDs"
+
+#~ msgid "Don't show Photo IDs"
+#~ msgstr "Jangan tampilkan Photo IDs"
+
+#~ msgid "Set command line to view Photo IDs"
+#~ msgstr "Set perintah baris untuk melihat Photo IDs"
+
+#~ msgid "compress algorithm `%s' is read-only in this release\n"
+#~ msgstr "algoritma kompresi `%s' adalah hanya-baca dalam rilis ini\n"
+
+#~ msgid "compress algorithm must be in range %d..%d\n"
+#~ msgstr "algoritma kompresi harus di antara %d..%d\n"
+
+#~ msgid ""
+#~ "%08lX: It is not sure that this key really belongs to the owner\n"
+#~ "but it is accepted anyway\n"
+#~ msgstr ""
+#~ "%08lX: Tidak pasti kunci ini milik pemiliknya\n"
+#~ "tapi tetap diterima\n"
+
+#~ msgid "preference %c%lu is not valid\n"
+#~ msgstr "preferensi %c%lu tidak valid\n"
+
+#~ msgid "key %08lX: not a rfc2440 key - skipped\n"
+#~ msgstr "kunci %08lX: bukan kunci rfc2440 - dilewati\n"
+
+#~ msgid ""
+#~ "NOTE: Elgamal primary key detected - this may take some time to import\n"
+#~ msgstr ""
+#~ "CATATAN: Kunci primer Elgamal terdeteksi - mungkin membutuhkan beberapa "
+#~ "saat untuk mengimpor\n"
+
+#~ msgid " (default)"
+#~ msgstr " (default)"
+
+#~ msgid "%s%c %4u%c/%08lX created: %s expires: %s"
+#~ msgstr "%s%c %4u%c/%08lX diciptakan: %s berakhir: %s"
+
+#~ msgid "Policy: "
+#~ msgstr "Kebijakan: "
+
+#~ msgid "can't get key from keyserver: %s\n"
+#~ msgstr "tidak dapat memperoleh kunci keyserver: %s\n"
+
+#~ msgid "success sending to `%s' (status=%u)\n"
+#~ msgstr "success sending to `%s' (status=%u)\n"
+
+#~ msgid "failed sending to `%s': status=%u\n"
+#~ msgstr "failed sending to `%s': status=%u\n"
+
+#~ msgid "this keyserver does not support --search-keys\n"
+#~ msgstr "keyserver ini tidak mendukung --search-keys\n"
+
+#~ msgid "can't search keyserver: %s\n"
+#~ msgstr "tidak dapat mencari keyserver: %s\n"
+
+#~ msgid ""
+#~ "key %08lX: this is a PGP generated ElGamal key which is NOT secure for "
+#~ "signatures!\n"
+#~ msgstr ""
+#~ "kunci %08lX: ini adalah kunci ElGamal ciptaan PGP yang tidak aman untuk "
+#~ "signature!\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu second in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "kunci %08lX telah diciptakan dalam %lu detik mendatang (masalah waktu "
+#~ "atau jam)\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu seconds in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "kunci %08lX telah diciptakan dalam %lu detik mendatang (masalah waktu "
+#~ "atau jam)\n"
+
+#~ msgid "key %08lX marked as ultimately trusted\n"
+#~ msgstr "kunci %08lX ditandai sebagai sangat dipercaya\n"
+
+#~ msgid "signature from Elgamal signing key %08lX to %08lX skipped\n"
+#~ msgstr ""
+#~ "signature dari kunci penandaan Elgamal %08lX hingga %08lX dilewati\n"
+
+#~ msgid "signature from %08lX to Elgamal signing key %08lX skipped\n"
+#~ msgstr "signature dari %08lX ke kunci penandaan Elgamal %08lX dilewati\n"
+
+#~ msgid "checking at depth %d signed=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+#~ msgstr "checking at depth %d signed=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the digital signature algorithm which can only be used\n"
+#~ "for signatures. This is the suggested algorithm because verification of\n"
+#~ "DSA signatures are much faster than those of ElGamal.\n"
+#~ "\n"
+#~ "ElGamal is an algorithm which can be used for signatures and encryption.\n"
+#~ "OpenPGP distinguishs between two flavors of this algorithms: an encrypt "
+#~ "only\n"
+#~ "and a sign+encrypt; actually it is the same, but some parameters must be\n"
+#~ "selected in a special way to create a safe key for signatures: this "
+#~ "program\n"
+#~ "does this but other OpenPGP implementations are not required to "
+#~ "understand\n"
+#~ "the signature+encryption flavor.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of "
+#~ "signing;\n"
+#~ "this is the reason why the encryption only ElGamal key is not available "
+#~ "in\n"
+#~ "this menu."
+#~ msgstr ""
+#~ "Pilih algoritma untuk digunakan.\n"
+#~ "\n"
+#~ "DSA (DSS) adalah algoritma signature digital yang hanya dapat digunakan \n"
+#~ "untuk signature. Ia merupakan algoritma yang disarankan karena "
+#~ "verifikasi\n"
+#~ "signature DSA jauh lebih cepat daripada ElGamal.\n"
+#~ "\n"
+#~ "ElGamal adalah suatu algoritma yang dapat digunakan untuk signature dan \n"
+#~ "enkripsi. OpenPGP membedakannya ke dalam dua bentuk yaitu: hanya "
+#~ "enkripsi\n"
+#~ "dan enkripsi+sign; sebenarnya sama, tetapi beberapa parameter harus "
+#~ "dipilih\n"
+#~ "secara khusus untuk membuat kunci yang aman untuk signature; program ini\n"
+#~ "melakukannya tetapi implementasi OpenPGP lain tidak harus memahami "
+#~ "bentuk\n"
+#~ "signature+enkripsi.\n"
+#~ "\n"
+#~ "Kunci pertama (primer) harus selalu merupakan kunci yang mampu men-sign;\n"
+#~ "hal ini merupakan alasan mengapa kunci ElGamal hanya-enkripsi tidak ada\n"
+#~ "di menu ini."
+
+#~ msgid ""
+#~ "Although these keys are defined in RFC2440 they are not suggested\n"
+#~ "because they are not supported by all programs and signatures created\n"
+#~ "with them are quite large and very slow to verify."
+#~ msgstr ""
+#~ "Meskipun kunci ini didefinisikan dalam RFC2440 mereka tidak disarankan\n"
+#~ "karena belum didukung oleh seluruh program dan signature yang dibuat\n"
+#~ "oleh mereka cukup besar dan sangat lambat untuk diverifikasi."
+
+#~ msgid "%lu keys so far checked (%lu signatures)\n"
+#~ msgstr "%lu kunci telah diperiksa (%lu signature)\n"
+
+#~ msgid "key incomplete\n"
+#~ msgstr "kunci tidak lengkap\n"
+
+#~ msgid "key %08lX incomplete\n"
+#~ msgstr "kunci %08lX tidak lengkap\n"
+
+#, fuzzy
+#~ msgid "quit|quit"
+#~ msgstr "keluar"
+
+#~ msgid " (%d) ElGamal (sign and encrypt)\n"
+#~ msgstr " (%d) ElGamal (tandai dan enkripsi)\n"
+
+#~ msgid ""
+#~ "The use of this algorithm is only supported by GnuPG. You will not be\n"
+#~ "able to use this key to communicate with PGP users. This algorithm is "
+#~ "also\n"
+#~ "very slow, and may not be as secure as the other choices.\n"
+#~ msgstr ""
+#~ "Penggunaan algoritma ini hanya didukung oleh GnuPG. Anda tidak dapat\n"
+#~ "menggunakan kunci ini untuk berkomunikasi dengan pengguna PGP. Algoritma "
+#~ "ini\n"
+#~ "juga sangat lambat, dan mungkin tidak seaman pilihan lainnya.\n"
+
+#~ msgid "Create anyway? "
+#~ msgstr "Tetap dibuat? "
+
+#~ msgid "invalid symkey algorithm detected (%d)\n"
+#~ msgstr "terdeteksi algoritma symkey tidak valid (%d)\n"
+
+#~ msgid "this keyserver is not fully HKP compatible\n"
+#~ msgstr "keyserver ini tidak kompatibel penuh dengan HKP\n"
+
+#~ msgid "The use of this algorithm is deprecated - create anyway? "
+#~ msgstr "Penggunaan algoritma ini didepresiasi - tetap ciptakan?"
diff --git a/po/insert-header.sin b/po/insert-header.sin
new file mode 100644
index 0000000..b26de01
--- /dev/null
+++ b/po/insert-header.sin
@@ -0,0 +1,23 @@
+# Sed script that inserts the file called HEADER before the header entry.
+#
+# At each occurrence of a line starting with "msgid ", we execute the following
+# commands. At the first occurrence, insert the file. At the following
+# occurrences, do nothing. The distinction between the first and the following
+# occurrences is achieved by looking at the hold space.
+/^msgid /{
+x
+# Test if the hold space is empty.
+s/m/m/
+ta
+# Yes it was empty. First occurrence. Read the file.
+r HEADER
+# Output the file's contents by reading the next line. But don't lose the
+# current line while doing this.
+g
+N
+bb
+:a
+# The hold space was nonempty. Following occurrences. Do nothing.
+x
+:b
+}
diff --git a/po/it.gmo b/po/it.gmo
new file mode 100644
index 0000000..8b19b1e
--- /dev/null
+++ b/po/it.gmo
Binary files differ
diff --git a/po/it.po b/po/it.po
new file mode 100644
index 0000000..f6041f4
--- /dev/null
+++ b/po/it.po
@@ -0,0 +1,10018 @@
+# GnuPG italian translation
+# Copyright (C) 1998, 1999, 2001, 2002 Free Software Foundation, Inc.
+# Marco d'Itri <md@linux.it>, 1998, 1999, 2001, 2002.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.1.92\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2008-05-26 12:02+0200\n"
+"Last-Translator: Marco d'Itri <md@linux.it>\n"
+"Language-Team: Italian <tp@lists.linux.it>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=iso-8859-1\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "inizializzazione del trustdb fallita: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr ""
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "Inserisci la passphrase, cioè una frase segreta \n"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "riga troppo lunga\n"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "passphrase troppo lunga\n"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Carattere non valido nel nome\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "MPI danneggiato"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "passphrase errata"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "passphrase errata"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "l'algoritmo di protezione %d%s non è gestito\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "impossibile creare `%s': %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "impossibile aprire `%s': %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "errore scrivendo il portachiavi segreto `%s': %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "non è stato trovato un portachiavi segreto scrivibile: %s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "cancellazione del keyblock fallita: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "errore scrivendo il portachiavi `%s': %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Inserisci la passphrase, cioè una frase segreta \n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "cambia la passphrase"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr "Inserisci la passphrase, cioè una frase segreta \n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: creazione della tabella hash fallita: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr ""
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Ripeti la passphrase: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Ripeti la passphrase: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Ripeti la passphrase: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "passphrase non ripetuta correttamente; prova ancora"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "passphrase non ripetuta correttamente; prova ancora"
+
+#: agent/divert-scd.c:298
+#, fuzzy
+msgid "PIN not correctly repeated; try again"
+msgstr "passphrase non ripetuta correttamente; prova ancora"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr ""
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "scrittura in `%s'\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "Inserisci la passphrase\n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Uso lo stesso questa chiave? "
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"Ti serve una passphrase per proteggere la tua chiave segreta.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "cambia la passphrase"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opzioni:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "prolisso"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "meno prolisso"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "|FILE|carica il modulo di estensione FILE"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "cerca delle chiavi su un key server"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr "Aggiorno davvero le preferenze per gli user ID selezionati? "
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "aggiorna il database della fiducia"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Per favore segnala i bug a <gnupg-bugs@gnu.org>.\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Uso: gpg [opzioni] [files] (-h per l'aiuto)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "NOTA: manca il file `%s' con le opzioni predefinite\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "file con le opzioni `%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "lettura delle opzioni da `%s'\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "errore creando `%s': %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "impossibile creare la directory `%s': %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "impossibile creare %s: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1525
+#, fuzzy
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "gpg-agent non è disponibile in questa sessione\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "aggiornamento fallito: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "scrittura della chiave segreta in `%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, fuzzy, c-format
+msgid "directory `%s' created\n"
+msgstr "%s: directory creata\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "trustdb: read fallita (n=%d): %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "%s: impossibile creare la directory: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "aggiornamento della chiave segreta fallito: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "%s: saltata: %s\n"
+
+#: agent/gpg-agent.c:2232
+#, fuzzy
+msgid "no gpg-agent running in this session\n"
+msgstr "gpg-agent non è disponibile in questa sessione\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "variabile di ambiente GPG_AGENT_INFO malformata\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "la versione %d del protocollo di gpg-agent non è gestita\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Uso: gpg [opzioni] [files] (-h per l'aiuto)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Comandi:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opzioni:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Uso: gpg [opzioni] [files] (-h per l'aiuto)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Inserisci la passphrase, cioè una frase segreta \n"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Inserisci la passphrase, cioè una frase segreta \n"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr "Inserisci la passphrase, cioè una frase segreta \n"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "passphrase errata"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "Cancella"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "chiave `%s' non trovata: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "parti della chiave segreta non sono disponibili\n"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "errore di lettura: %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "si|sì"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "cambia la passphrase"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "impossibile aprire il file: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "errore scrivendo il portachiavi segreto `%s': %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "errore creando `%s': %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "[User ID non trovato]"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent non è disponibile in questa sessione\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "impossibile connettersi a `%s': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "problema di comunicazione con gpg-agent\n"
+
+#: common/simple-pwquery.c:416
+#, fuzzy
+msgid "problem setting the gpg-agent options\n"
+msgstr "problema con l'agent: ha restituito 0x%lx\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "interrotto dall'utente\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+#, fuzzy
+msgid "problem with the agent\n"
+msgstr "problema con l'agent: ha restituito 0x%lx\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "impossibile disabilitare i core dump: %s\n"
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "ATTENZIONE: il proprietario \"%s\" di %s è insicuro\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "ATTENZIONE: i permessi \"%s\" di %s sono insicuri\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "si|sì"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "sS"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "no"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "quit"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "qQ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+#, fuzzy
+msgid "cC"
+msgstr "c"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "certificato danneggiato"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "certificato danneggiato"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "certificato danneggiato"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "certificato danneggiato"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "certificato danneggiato"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "certificato danneggiato"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "certificato danneggiato"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr "certificato danneggiato"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "Chiave disponibile presso: "
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: portachiavi creato\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "armatura: %s\n"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Algoritmi gestiti:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "non cifrato"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "algoritmo di hash non valido `%s'\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Firma scaduta il %s\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "algoritmo di hash non valido `%s'\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "l'algoritmo di protezione %d%s non è gestito\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "verifica della firma soppressa\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "Firma scaduta il %s\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "Firma valida da \""
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "algoritmo di hash non valido `%s'\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "Firma scaduta il %s\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "Questa chiave è scaduta!"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr "certificato danneggiato"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "certificato danneggiato"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Chiave disponibile presso: "
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "certificato danneggiato"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "certificato danneggiato"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "versione sconosciuta"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "Non è disponibile un aiuto per `%s'"
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "errore nella riga della coda\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "sconosciuto"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "armatura: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "header dell'armatura non valido: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "header dell'armatura: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "header della firma in chiaro non valido\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "header dell'armatura: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "firme in chiaro annidate\n"
+
+#: g10/armor.c:643
+#, fuzzy
+msgid "unexpected armor: "
+msgstr "armatura inaspettata:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "riga protetta con il trattino non valida: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, fuzzy, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "Carattere radix64 non valido %02x saltato\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "eof prematura (nessun CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "eof prematura (nel CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "CRC malformato\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, fuzzy, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "errore nel CRC; %06lx - %06lx\n"
+
+#: g10/armor.c:919
+#, fuzzy
+msgid "premature eof (in trailer)\n"
+msgstr "eof prematura (nella coda)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "errore nella riga della coda\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "Non sono stati trovati dati OpenPGP validi.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "armatura non valida: linea più lunga di %d caratteri\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"carattere quoted printable nell'armatura - probabilmente è stato usato\n"
+"un MTA buggato\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"il nome di una nota deve essere formato solo da caratteri stampabili o\n"
+"spazi e terminare con un '='\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "il valore di una nota dell'utente deve contenere il carattere '@'\n"
+
+#: g10/build-packet.c:994
+#, fuzzy
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "il valore di una nota dell'utente deve contenere il carattere '@'\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "il valore di una nota non deve usare caratteri di controllo\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "ATTENZIONE: trovati dati di una nota non validi\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "non leggibile"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, fuzzy, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "la chiave segreta non è disponibile"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr ""
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+#, fuzzy
+msgid "can't do this in batch mode\n"
+msgstr "impossibile fare questo in modo batch\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "Questo comando non è permesso in modalità %s.\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "parti della chiave segreta non sono disponibili\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Cosa scegli? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr ""
+
+#: g10/card-util.c:512
+#, fuzzy
+msgid "male"
+msgstr "abilita"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "female"
+msgstr "abilita"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "unspecified"
+msgstr "Nessuna ragione specificata"
+
+# ??? (Md)
+#: g10/card-util.c:540
+#, fuzzy
+msgid "not forced"
+msgstr "non esaminato"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr ""
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr ""
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr ""
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr ""
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:693
+#, fuzzy
+msgid "URL to retrieve public key: "
+msgstr "non c'è una chiave pubblica corrispondente: %s\n"
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "errore creando il portachiavi `%s': %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "errore scrivendo il portachiavi `%s': %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr ""
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:1005
+#, fuzzy
+msgid "Language preferences: "
+msgstr "preferenze aggiornate"
+
+#: g10/card-util.c:1013
+#, fuzzy
+msgid "Error: invalid length of preference string.\n"
+msgstr "carattere non valido nella stringa delle preferenze\n"
+
+#: g10/card-util.c:1022
+#, fuzzy
+msgid "Error: invalid characters in preference string.\n"
+msgstr "carattere non valido nella stringa delle preferenze\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr ""
+
+#: g10/card-util.c:1058
+#, fuzzy
+msgid "Error: invalid response.\n"
+msgstr "errore: impronta digitale non valida\n"
+
+#: g10/card-util.c:1080
+#, fuzzy
+msgid "CA fingerprint: "
+msgstr "mostra le impronte digitali"
+
+#: g10/card-util.c:1103
+#, fuzzy
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "errore: impronta digitale non valida\n"
+
+#: g10/card-util.c:1153
+#, fuzzy, c-format
+msgid "key operation not possible: %s\n"
+msgstr "Generazione della chiave fallita: %s\n"
+
+#: g10/card-util.c:1154
+#, fuzzy
+msgid "not an OpenPGP card"
+msgstr "Non sono stati trovati dati OpenPGP validi.\n"
+
+#: g10/card-util.c:1167
+#, fuzzy, c-format
+msgid "error getting current key info: %s\n"
+msgstr "errore scrivendo il portachiavi segreto `%s': %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Di che dimensioni vuoi la chiave? (1024) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Di che dimensioni vuoi la chiave? (1024) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Di che dimensioni vuoi la chiave? (1024) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "arrotondate a %u bit\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "saltata: chiave pubblica già presente\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+
+#: g10/card-util.c:1449
+#, fuzzy
+msgid "Please select the type of key to generate:\n"
+msgstr "Per favore scegli che tipo di chiave vuoi:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+#, fuzzy
+msgid " (1) Signature key\n"
+msgstr "Firma scaduta il %s\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+#, fuzzy
+msgid " (2) Encryption key\n"
+msgstr " (%d) RSA (cifra solo)\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr ""
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Scelta non valida.\n"
+
+#: g10/card-util.c:1556
+#, fuzzy
+msgid "Please select where to store the key:\n"
+msgstr "Per favore scegli il motivo della revoca:\n"
+
+#: g10/card-util.c:1600
+#, fuzzy
+msgid "unknown key protection algorithm\n"
+msgstr "algoritmo di protezione sconosciuto\n"
+
+#: g10/card-util.c:1605
+#, fuzzy
+msgid "secret parts of key are not available\n"
+msgstr "Parti della chiave segreta non sono disponibili.\n"
+
+#: g10/card-util.c:1610
+#, fuzzy
+msgid "secret key already stored on a card\n"
+msgstr "saltata: chiave pubblica già presente\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "errore scrivendo il portachiavi `%s': %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "abbandona questo menù"
+
+#: g10/card-util.c:1684
+#, fuzzy
+msgid "show admin commands"
+msgstr "comandi in conflitto\n"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "mostra questo aiuto"
+
+#: g10/card-util.c:1687
+#, fuzzy
+msgid "list all available data"
+msgstr "Chiave disponibile presso: "
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr ""
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr ""
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr ""
+
+#: g10/card-util.c:1693
+#, fuzzy
+msgid "change the login name"
+msgstr "cambia la data di scadenza"
+
+#: g10/card-util.c:1694
+#, fuzzy
+msgid "change the language preferences"
+msgstr "cambia il valore di fiducia"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr ""
+
+#: g10/card-util.c:1696
+#, fuzzy
+msgid "change a CA fingerprint"
+msgstr "mostra le impronte digitali"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+#, fuzzy
+msgid "generate new keys"
+msgstr "genera una nuova coppia di chiavi"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr ""
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+#, fuzzy
+msgid "Admin-only command\n"
+msgstr "comandi in conflitto\n"
+
+#: g10/card-util.c:1895
+#, fuzzy
+msgid "Admin commands are allowed\n"
+msgstr "comandi in conflitto\n"
+
+#: g10/card-util.c:1897
+#, fuzzy
+msgid "Admin commands are not allowed\n"
+msgstr "scrittura della chiave segreta in `%s'\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Comando non valido (prova \"help\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output non funziona con questo comando\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "impossibile aprire `%s'\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, fuzzy, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "chiave `%s' non trovata: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "errore leggendo il keyblock: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(a meno che la chiave sia specificata con il fingerprint)\n"
+
+#: g10/delkey.c:133
+#, fuzzy
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "impossibile fare questo in modo batch senza \"--yes\"\n"
+
+#: g10/delkey.c:145
+#, fuzzy
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Vuoi cancellare questa chiave dal portachiavi? "
+
+#: g10/delkey.c:153
+#, fuzzy
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "È una chiave segreta! - Vuoi cancellarla davvero? "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "cancellazione del keyblock fallita: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "informazioni di fiducia del possessore cancellate\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "c'è una chiave segreta per la chiave pubblica \"%s\"!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "usa prima l'opzione \"--delete-secret-keys\" per cancellarla.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr ""
+"impossibile usare un pacchetto ESK simmetrico a causa della modalità S2K\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "uso il cifrario %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "`%s' è già compresso\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "ATTENZIONE: `%s' è un file vuoto\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"in modalità --pgp2 puoi cifrare solo per chiavi RSA non più lunghe di 2048 "
+"bit\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "lettura da `%s'\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"impossibile usare il cifrario IDEA con tutti i tipi di chiavi per cui\n"
+"stai cifrando.\n"
+
+#: g10/encode.c:559
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"forzare il cifrario simmetrico %s (%d) viola le preferenze\n"
+"del destinatario\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"forzare l'algoritmo di compressione %s (%d) viola le preferenze\n"
+"del destinatario\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"forzare il cifrario simmetrico %s (%d) viola le preferenze\n"
+"del destinatario\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "non è possibile usare %s in modalità %s\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s cifrato per: \"%s\"\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "dati cifrati con %s\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "cifrato con l'algoritmo sconosciuto %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"ATTENZIONE: il messaggio era stato cifrato usando una chiave debole\n"
+"per il cifrario simmetrico\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "problema nella gestione del pacchetto cifrato\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "l'esecuzione remota dei programmi non è gestita\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"le chiamate a programmi esterni sono disattivate a causa dei permessi non\n"
+"sicuri del file delle opzioni\n"
+
+#: g10/exec.c:338
+#, fuzzy
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"questa piattaforma richiede file temporanei quando si chiamano programmi "
+"esterni\n"
+
+#: g10/exec.c:416
+#, fuzzy, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "impossibile eseguire %s \"%s\": %s\n"
+
+#: g10/exec.c:419
+#, fuzzy, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "impossibile eseguire %s \"%s\": %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "errore di sistema chiamando il programma esterno: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "uscita anormale del programma esterno\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "impossibile eseguire il programma esterno\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "impossibile leggere la risposta del programma esterno: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "ATTENZIONE: impossibile cancellare il file temporaneo (%s) `%s': %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "ATTENZIONE: impossibile rimuovere la directory temporanea `%s': %s\n"
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr ""
+"\n"
+"La firma sarà marcata come irrevocabile.\n"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+#, fuzzy
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "non sono state trovate chiavi di revoca per `%s'\n"
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr "revoca una chiave secondaria"
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "chiave segreta inutilizzabile"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+#, fuzzy
+msgid "exporting secret keys not allowed\n"
+msgstr "scrittura della chiave segreta in `%s'\n"
+
+#: g10/export.c:367
+#, fuzzy, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "chiave %08lX: non protetta - saltata\n"
+
+#: g10/export.c:375
+#, fuzzy, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "chiave %08lX: chiave in stile PGP 2.x - saltata\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "chiave %08lX: firma della subchiave nel posto sbagliato - saltata\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "inizializzazione del trustdb fallita: %s\n"
+
+#: g10/export.c:584
+#, fuzzy, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "ATTENZIONE: la chiave segreta %08lX non ha un checksum SK semplice\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "ATTENZIONE: non è stato esportato nulla\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "troppe voci nella pk cache - disabilitata\n"
+
+#: g10/getkey.c:175
+#, fuzzy
+msgid "[User ID not found]"
+msgstr "[User ID non trovato]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "errore creando `%s': %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "mostra le impronte digitali"
+
+#: g10/getkey.c:1930
+#, fuzzy, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr "Chiave %08lX non valida resa valida da --allow-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, fuzzy, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr ""
+"manca una subchiave segreta per la subchiave pubblica %08lX - ignorata\n"
+
+#: g10/getkey.c:2759
+#, fuzzy, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "uso la chiave secondaria %08lX invece della chiave primaria %08lX\n"
+
+#: g10/getkey.c:2806
+#, fuzzy, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "chiave %08lX: chiave segreta senza chiave pubblica - saltata\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "fai una firma separata"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[file]|fai una firma mantenendo il testo in chiaro"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "fai una firma separata"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "cifra dati"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "cifra solo con un cifrario simmetrico"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "decifra dati (predefinito)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "verifica una firma"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "elenca le chiavi"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "elenca le chiavi e le firme"
+
+#: g10/gpg.c:389
+#, fuzzy
+msgid "list and check key signatures"
+msgstr "controlla le firme delle chiavi"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "elenca le chiavi e le impronte digitali"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "elenca le chiavi segrete"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "genera una nuova coppia di chiavi"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "genera un certificato di revoca"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "rimuove le chiavi dal portachiavi pubblico"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "rimuove le chiavi dal portachiavi privato"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "firma una chiave"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "firma una chiave localmente"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "firma o modifica una chiave"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "cambia la passphrase"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "esporta delle chiavi"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "esporta le chiavi a un key server"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "importa le chiavi da un key server"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "cerca delle chiavi su un key server"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "aggiorna tutte le chiavi da un key server"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "importa/aggiungi delle chiavi"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr ""
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr ""
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr ""
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "aggiorna il database della fiducia"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|algo [files]|stampa tutti i message digests"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "crea un output ascii con armatura"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|NOME|cifra per NOME"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "usa questo user-id per firmare o decifrare"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|imposta il livello di compressione (0 disab.)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "usa il modo testo canonico"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "|FILE|carica il modulo di estensione FILE"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "non fa cambiamenti"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "chiede prima di sovrascrivere"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr ""
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Vedi la man page per una lista completa di tutti i comandi e opzioni)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Esempi:\n"
+"\n"
+" -se -r Bob [file] firma e cifra per l'utente Bob\n"
+" --clearsign [file] fai una firma mantenendo il testo in chiaro\n"
+" --detach-sign [file] fai una firma separata\n"
+" --list-keys [nomi] mostra le chiavi\n"
+" --fingerprint [nomi] mostra le impronte digitali\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Uso: gpg [opzioni] [files] (-h per l'aiuto)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintassi: gpg [opzioni] [files]\n"
+"firma, controlla, cifra o decifra\n"
+"l'operazione predefinita dipende dai dati di input\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Algoritmi gestiti:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "A chiave pubblica: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Cifrari: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Hash: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Compressione: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "uso: gpg [opzioni] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "comandi in conflitto\n"
+
+#: g10/gpg.c:1176
+#, fuzzy, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "non è stato trovato il segno = nella definizione del gruppo \"%s\"\n"
+
+#: g10/gpg.c:1373
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "ATTENZIONE: il proprietario \"%s\" di %s è insicuro\n"
+
+#: g10/gpg.c:1376
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "ATTENZIONE: il proprietario \"%s\" di %s è insicuro\n"
+
+#: g10/gpg.c:1379
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "ATTENZIONE: il proprietario \"%s\" di %s è insicuro\n"
+
+#: g10/gpg.c:1385
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "ATTENZIONE: i permessi \"%s\" di %s sono insicuri\n"
+
+#: g10/gpg.c:1388
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "ATTENZIONE: i permessi \"%s\" di %s sono insicuri\n"
+
+#: g10/gpg.c:1391
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "ATTENZIONE: i permessi \"%s\" di %s sono insicuri\n"
+
+#: g10/gpg.c:1397
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "ATTENZIONE: il proprietario \"%s\" di %s è insicuro\n"
+
+#: g10/gpg.c:1400
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr "ATTENZIONE: il proprietario \"%s\" di %s è insicuro\n"
+
+#: g10/gpg.c:1403
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "ATTENZIONE: il proprietario \"%s\" di %s è insicuro\n"
+
+#: g10/gpg.c:1409
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "ATTENZIONE: i permessi \"%s\" di %s sono insicuri\n"
+
+#: g10/gpg.c:1412
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr "ATTENZIONE: i permessi \"%s\" di %s sono insicuri\n"
+
+#: g10/gpg.c:1415
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "ATTENZIONE: i permessi \"%s\" di %s sono insicuri\n"
+
+#: g10/gpg.c:1595
+#, fuzzy, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "elemento della configurazione sconosciuto \"%s\"\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+#, fuzzy
+msgid "show all notations during signature listings"
+msgstr "Manca la firma corrispondente nel portachiavi segreto\n"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "l'URL della politica di firma indicato non è valido\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr "mostra in quali portachiavi sono contenute le chiavi elencate"
+
+#: g10/gpg.c:1721
+#, fuzzy
+msgid "show expiration dates during signature listings"
+msgstr "Manca la firma corrispondente nel portachiavi segreto\n"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr ""
+"NOTA: il vecchio file `%s' con le opzioni predefinite è stato ignorato\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "NOTA: %s normalmente non deve essere usato!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, fuzzy, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "%s non è un set di caratteri valido\n"
+
+#: g10/gpg.c:2624
+#, fuzzy, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "%s non è un set di caratteri valido\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+#, fuzzy
+msgid "could not parse keyserver URL\n"
+msgstr "impossibile fare il parsing dell'URI del keyserver\n"
+
+#: g10/gpg.c:2659
+#, fuzzy, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: opzioni di esportazione non valide\n"
+
+#: g10/gpg.c:2662
+#, fuzzy
+msgid "invalid keyserver options\n"
+msgstr "opzioni di esportazione non valide\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: opzioni di importazione non valide\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "opzioni di importazione non valide\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: opzioni di esportazione non valide\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "opzioni di esportazione non valide\n"
+
+#: g10/gpg.c:2689
+#, fuzzy, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: opzioni di importazione non valide\n"
+
+#: g10/gpg.c:2692
+#, fuzzy
+msgid "invalid list options\n"
+msgstr "opzioni di importazione non valide\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "%s non è un set di caratteri valido\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "l'URL della politica di firma indicato non è valido\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "%s non è un set di caratteri valido\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "%s non è un set di caratteri valido\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, fuzzy, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: opzioni di esportazione non valide\n"
+
+#: g10/gpg.c:2732
+#, fuzzy
+msgid "invalid verify options\n"
+msgstr "opzioni di esportazione non valide\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "impossibile impostare exec-path a %s\n"
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: opzioni di esportazione non valide\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "ATTENZIONE: il programma potrebbe creare un file core!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "ATTENZIONE: %s ha la precedenza su %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "Non è permesso usare %s con %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "Non ha senso usare %s con %s!\n"
+
+#: g10/gpg.c:3057
+#, fuzzy, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "scrittura della chiave segreta in `%s'\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "nella modalità --pgp2 puoi fare solo firme in chiaro o separate\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "nella modalità --pgp2 non puoi firmare e cifrare contemporaneamente\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+"devi usare dei file (e non una pipe) quando lavori con --pgp2 attivo.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr ""
+"nella modalità --pgp2 è richiesto il cifrario IDEA per cifrare un messaggio\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "l'algoritmo di cifratura selezionato non è valido\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "l'algoritmo di digest selezionato non è valido\n"
+
+#: g10/gpg.c:3175
+#, fuzzy
+msgid "selected compression algorithm is invalid\n"
+msgstr "l'algoritmo di cifratura selezionato non è valido\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "l'algoritmo di digest selezionato non è valido\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed deve essere maggiore di 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed deve essere maggiore di 1\n"
+
+#: g10/gpg.c:3200
+#, fuzzy
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth deve essere tra 1 e 255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "default-cert-level non valido; deve essere 0, 1, 2 o 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "min-cert-level non valido; deve essere 1, 2 o 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "NOTA: l'uso del modo S2K semplice (0) è fortemente scoraggiato\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "modo S2K non valido; deve essere 0, 1 o 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "preferenze predefinite non valide\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "preferenze personali del cifrario non valide\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "preferenze personali del digest non valide\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "preferenze personali di compressione non valide\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s non funziona ancora con %s\n"
+
+#: g10/gpg.c:3310
+#, fuzzy, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "non è possibile usare l'algoritmo di cifratura \"%s\" in modalità %s\n"
+
+#: g10/gpg.c:3315
+#, fuzzy, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "non è possibile usare l'algoritmo di digest \"%s\" in modalità %s\n"
+
+#: g10/gpg.c:3320
+#, fuzzy, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr ""
+"non è possibile usare l'algoritmo di compressione \"%s\" in modalità %s\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "inizializzazione del trustdb fallita: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"ATTENZIONE: sono stati indicati dei destinatari (-r) senza usare la\n"
+"crittografia a chiave pubblica\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [nomefile]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [nomefile]"
+
+#: g10/gpg.c:3447
+#, fuzzy, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "decifratura fallita: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [nomefile]"
+
+#: g10/gpg.c:3470
+#, fuzzy
+msgid "--symmetric --encrypt [filename]"
+msgstr "--sign --encrypt [nomefile]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "non è possibile usare %s in modalità %s\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [nomefile]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [nomefile]"
+
+#: g10/gpg.c:3521
+#, fuzzy
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--sign --encrypt [nomefile]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "non è possibile usare %s in modalità %s\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [nomefile]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [nomefile]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [nomefile]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key user-id"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key user-id"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key user-id [comandi]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key user-id"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "invio al keyserver fallito: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "ricezione dal keyserver fallita: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "esportazione della chiave fallita: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "ricerca nel keyserver fallita: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "aggiornamento del keyserver fallito: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "rimozione dell'armatura fallita: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "creazione dell'armatura fallita: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "algoritmo di hash non valido `%s'\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[nomefile]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Vai avanti e scrivi il messaggio...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "l'URL della politica di certificazione indicato non è valido\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "l'URL della politica di firma indicato non è valido\n"
+
+#: g10/gpg.c:4358
+#, fuzzy
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "l'URL della politica di firma indicato non è valido\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "prende le chiavi da questo portachiavi"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "segnala i conflitti di data solo con un avvertimento"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|scrivi le informazioni di stato sul FD"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Uso: gpgv [opzioni] [file] (-h per l'aiuto)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Sintassi: gpg [opzioni] [file]\n"
+"Controlla le firme con le chiavi affidabili note\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Non è disponibile un aiuto"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Non è disponibile un aiuto per `%s'"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "aggiorna il database della fiducia"
+
+#: g10/import.c:100
+#, fuzzy
+msgid "create a public key when importing a secret key"
+msgstr "la chiave pubblica non corrisponde alla chiave segreta!\n"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "chiave segreta inutilizzabile"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "salto un blocco di tipo %d\n"
+
+#: g10/import.c:275
+#, fuzzy, c-format
+msgid "%lu keys processed so far\n"
+msgstr "Per ora sono state esaminate %lu chiavi\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Numero totale esaminato: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " nuove chiavi saltate: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " senza user ID: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importate: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " non modificate: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " nuovi user ID: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " nuove subchiavi: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " nuove firme: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr "nuove revoche di chiavi: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " chiavi segrete lette: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr "chiavi segrete importate: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr "chiavi segrete non cambiate: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " importate: %lu\n"
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " nuove firme: %lu\n"
+
+#: g10/import.c:325
+#, fuzzy, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " chiavi segrete lette: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:662
+#, fuzzy, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr "Firma %s, algoritmo di digest %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, fuzzy, c-format
+msgid "key %s: no user ID\n"
+msgstr "chiave %08lX: nessun user ID\n"
+
+#: g10/import.c:795
+#, fuzzy, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "chiave %08lX: riparati i danni di HKP alla subchiave\n"
+
+#: g10/import.c:810
+#, fuzzy, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "chiave %08lX: accettato l'user ID non autofirmato '%s'\n"
+
+#: g10/import.c:816
+#, fuzzy, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "chiave %08lX: nessun user ID valido\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "questo può essere causato da una autofirma mancante\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, fuzzy, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "chiave %08lX: chiave pubblica non trovata: %s\n"
+
+#: g10/import.c:834
+#, fuzzy, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "chiave %08lX: nuova chiave - saltata\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "non è stato trovato un portachiavi scrivibile: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "scrittura in `%s'\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "errore scrivendo il portachiavi `%s': %s\n"
+
+#: g10/import.c:871
+#, fuzzy, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "chiave %08lX: importata la chiave pubblica \"%s\"\n"
+
+#: g10/import.c:895
+#, fuzzy, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "chiave %08lX: non corrisponde alla nostra copia\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, fuzzy, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "chiave %08lX: impossibile individuare il keyblock originale: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, fuzzy, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "chiave %08lX: impossibile leggere il keyblock originale: %s\n"
+
+#: g10/import.c:962
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "chiave %08lX: \"%s\" 1 nuovo user ID\n"
+
+#: g10/import.c:965
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "chiave %08lX: \"%s\" %d nuovi user ID\n"
+
+#: g10/import.c:968
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "chiave %08lX: \"%s\" una nuova firma\n"
+
+#: g10/import.c:971
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "chiave %08lX: \"%s\" %d nuove firme\n"
+
+#: g10/import.c:974
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "chiave %08lX: \"%s\" una nuova subchiave\n"
+
+#: g10/import.c:977
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "chiave %08lX: \"%s\" %d nuove subchiavi\n"
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "chiave %08lX: \"%s\" %d nuove firme\n"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "chiave %08lX: \"%s\" %d nuove firme\n"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "chiave %08lX: \"%s\" %d nuovi user ID\n"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "chiave %08lX: \"%s\" %d nuovi user ID\n"
+
+#: g10/import.c:1013
+#, fuzzy, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "chiave %08lX: \"%s\" non cambiata\n"
+
+#: g10/import.c:1185
+#, fuzzy, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "chiave %08lX: chiave segreta con cifrario %d non valido - saltata\n"
+
+#: g10/import.c:1196
+#, fuzzy
+msgid "importing secret keys not allowed\n"
+msgstr "scrittura della chiave segreta in `%s'\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "nessun portachiavi segreto predefinito: %s\n"
+
+#: g10/import.c:1224
+#, fuzzy, c-format
+msgid "key %s: secret key imported\n"
+msgstr "chiave %08lX: chiave segreta importata\n"
+
+#: g10/import.c:1254
+#, fuzzy, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "chiave %08lX: già nel portachiavi segreto\n"
+
+#: g10/import.c:1264
+#, fuzzy, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "chiave %08lX: chiave segreta non trovata: %s\n"
+
+#: g10/import.c:1296
+#, fuzzy, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"chiave %08lX: manca la chiave pubblica - impossibile applicare il\n"
+"certificato di revoca\n"
+
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "chiave %08lX: certificato di revoca non valido: %s - rifiutato\n"
+
+#: g10/import.c:1371
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "chiave %08lX: \"%s\" certificato di revoca importato\n"
+
+#: g10/import.c:1447
+#, fuzzy, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "chiave %08lX: nessun user ID per la firma\n"
+
+#: g10/import.c:1464
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"chiave %08lX: algoritmo a chiave pubblica non gestito sull'user ID \"%s\"\n"
+
+#: g10/import.c:1466
+#, fuzzy, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "chiave %08lX: autofirma non valida sull'user ID \"%s\"\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "chiave %08lX: algoritmo a chiave pubblica non gestito\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "chiave %08lX: aggiunta una firma alla chiave diretta\n"
+
+#: g10/import.c:1498
+#, fuzzy, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "chiave %08lX: non ci sono subchiavi per il legame con la chiave\n"
+
+#: g10/import.c:1511
+#, fuzzy, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "chiave %08lX: legame con la subchiave non valido:\n"
+
+#: g10/import.c:1527
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "chiave %08lX: rimossi i legami con subochiavi multiple\n"
+
+#: g10/import.c:1549
+#, fuzzy, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "chiave %08lX: non ci sono subchiavi per la revoca della chiave\n"
+
+#: g10/import.c:1562
+#, fuzzy, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "chiave %08lX: revoca della subchiave non valida\n"
+
+#: g10/import.c:1577
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "chiave %08lX: rimosse le revoche di subchiavi multiple\n"
+
+#: g10/import.c:1618
+#, fuzzy, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "chiave %08lX: saltato l'user ID '"
+
+#: g10/import.c:1639
+#, fuzzy, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "chiave %08lX: saltata la subchiave\n"
+
+#: g10/import.c:1666
+#, fuzzy, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "chiave %08lX: firma non esportabile (classe %02x) - saltata\n"
+
+#: g10/import.c:1676
+#, fuzzy, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "chiave %08lX: certificato di revoca nel posto sbagliato - saltata\n"
+
+#: g10/import.c:1693
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "chiave %08lX: certificato di revoca non valido: %s - saltata\n"
+
+#: g10/import.c:1707
+#, fuzzy, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "chiave %08lX: firma della subchiave nel posto sbagliato - saltata\n"
+
+#: g10/import.c:1715
+#, fuzzy, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "chiave %08lX: classe della firma inaspettata (0x%02x) - saltata\n"
+
+#: g10/import.c:1844
+#, fuzzy, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "chiave %08lX: trovato un user ID duplicato - unito\n"
+
+#: g10/import.c:1906
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"ATTENZIONE: la chiave %08lX può essere stata revocata: scarico la chiave\n"
+"di revoca %08lX.\n"
+
+#: g10/import.c:1920
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"ATTENZIONE: la chiave %08lX può essere stata revocata: la chiave di\n"
+"revoca %08lX non è presente.\n"
+
+#: g10/import.c:1979
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "chiave %08lX: certificato di revoca \"%s\" aggiunto\n"
+
+#: g10/import.c:2013
+#, fuzzy, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "chiave %08lX: aggiunta una firma alla chiave diretta\n"
+
+#: g10/import.c:2414
+#, fuzzy
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "la chiave pubblica non corrisponde alla chiave segreta!\n"
+
+#: g10/import.c:2422
+#, fuzzy
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "saltata: chiave pubblica già presente\n"
+
+#: g10/import.c:2424
+#, fuzzy
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "saltata: chiave pubblica già presente\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "errore creando il portachiavi `%s': %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "portachiavi `%s' creato\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, fuzzy, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "errore creando `%s': %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "rebuild della cache del portachiavi fallito: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[revoca]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[autofirma]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "una firma non corretta\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d firme non corrette\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "una firma non controllata per mancanza della chiave\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d firme non controllate per mancanza delle chiavi\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "una firma non controllata a causa di un errore\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d firme non controllate a causa di errori\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "Trovato un user ID senza autofirma valida\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "Trovati %d user ID senza autofirme valide\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+#, fuzzy
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Per favore decidi quanto hai fiducia che questo utente firmi correttamente\n"
+"le chiavi di altri utenti (guardando il loro passaporto, controllando le\n"
+"impronte digitali da diverse fonti...)?\n"
+"\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, fuzzy, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Mi fido marginalmente\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, fuzzy, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Mi fido completamente\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "L'user ID \"%s\" è stato revocato."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Sei ancora sicuro di volerla firmare? (s/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Impossibile firmarla.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "L'user ID \"%s\" è scaduto."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "L'user ID \"%s\" non è autofirmato."
+
+#: g10/keyedit.c:682
+#, fuzzy, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "L'user ID \"%s\" non è autofirmato."
+
+#: g10/keyedit.c:684
+#, fuzzy
+msgid "Sign it? (y/N) "
+msgstr "Firmo davvero? "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"L'autofirma su \"%s\"\n"
+"è una firma in stile PGP 2.x.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Vuoi promuoverla in una autofirma di OpenPGP? (s/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"La tua firma attuale su \"%s\"\n"
+"è scaduta\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "Vuoi fare una nuova firma per sostituire quella scaduta? (s/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"La tua firma attuale su \"%s\"\n"
+"è una firma locale.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "Vuoi trasformarla in una firma completa esportabile? (s/N) "
+
+#: g10/keyedit.c:779
+#, fuzzy, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" era già stato firmato localmente dalla chiave %08lX\n"
+
+#: g10/keyedit.c:782
+#, fuzzy, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" era già stato firmato dalla chiave %08lX\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Sei ancora sicuro di volerla firmare di nuovo? (s/N) "
+
+#: g10/keyedit.c:809
+#, fuzzy, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Niente da firmare con la chiave %08lX\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Questa chiave è scaduta!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Questa chiave scadrà il %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Vuoi che la tua firma scada nello stesso momento? (S/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"In modalità -pgp2 non è possibile fare firme OpenPGP su chiavi in stile PGP "
+"2.x.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Questo renderebbe la chiave non utilizzabile da PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Con quanta attenzione hai verificato che la chiave che stai per firmare\n"
+"appartiene veramente alla persona indicata sopra?\n"
+"Se non sai cosa rispondere digita \"0\".\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Preferisco non rispondere.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Non l'ho controllata per niente.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) L'ho controllata superficialmente.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) L'ho controllata molto attentamente.%s\n"
+
+#: g10/keyedit.c:932
+#, fuzzy
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Cosa scegli? (inserisci '?' per ulteriori informazioni): "
+
+#: g10/keyedit.c:956
+#, fuzzy, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Sei davvero sicuro di volere firmare questa chiave\n"
+"con la tua chiave: \""
+
+#: g10/keyedit.c:963
+#, fuzzy
+msgid "This will be a self-signature.\n"
+msgstr ""
+"\n"
+"Questa sarà una autofirma.\n"
+
+#: g10/keyedit.c:969
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"ATTENZIONE: la firma non sarà marcata come non esportabile.\n"
+
+#: g10/keyedit.c:977
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"ATTENZIONE: la firma sarà marcata come irrevocabile.\n"
+
+#: g10/keyedit.c:987
+#, fuzzy
+msgid "The signature will be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"La firma sarà marcata come non esportabile.\n"
+
+#: g10/keyedit.c:994
+#, fuzzy
+msgid "The signature will be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"La firma sarà marcata come irrevocabile.\n"
+
+#: g10/keyedit.c:1001
+#, fuzzy
+msgid "I have not checked this key at all.\n"
+msgstr ""
+"\n"
+"Non ho controllato per niente questa chiave.\n"
+
+#: g10/keyedit.c:1006
+#, fuzzy
+msgid "I have checked this key casually.\n"
+msgstr ""
+"\n"
+"Ho controllato questa chiave superficialmente.\n"
+
+#: g10/keyedit.c:1011
+#, fuzzy
+msgid "I have checked this key very carefully.\n"
+msgstr ""
+"\n"
+"Ho controllato questa chiave molto attentamente.\n"
+
+#: g10/keyedit.c:1021
+#, fuzzy
+msgid "Really sign? (y/N) "
+msgstr "Firmo davvero? "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "firma fallita: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Questa chiave non è protetta.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Parti della chiave segreta non sono disponibili.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+#, fuzzy
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Parti della chiave segreta non sono disponibili.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "La chiave è protetta.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Impossibile modificare questa chiave: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Inserisci la nuova passphrase per questa chiave segreta.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "passphrase non ripetuta correttamente; prova ancora"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Non vuoi una passphrase - questa è probabilmente una *cattiva* idea!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+#, fuzzy
+msgid "Do you really want to do this? (y/N) "
+msgstr "Vuoi veramente farlo?"
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "spostamento della firma di una chiave nel posto corretto\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "salva ed esci"
+
+#: g10/keyedit.c:1387
+#, fuzzy
+msgid "show key fingerprint"
+msgstr "mostra le impronte digitali"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "elenca le chiavi e gli user ID"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "scegli l'user ID N"
+
+#: g10/keyedit.c:1391
+#, fuzzy
+msgid "select subkey N"
+msgstr "scegli l'user ID N"
+
+#: g10/keyedit.c:1392
+#, fuzzy
+msgid "check signatures"
+msgstr "revoca firme"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+#, fuzzy
+msgid "sign selected user IDs locally"
+msgstr "firma la chiave localmente"
+
+#: g10/keyedit.c:1404
+#, fuzzy
+msgid "sign selected user IDs with a trust signature"
+msgstr "Suggerimento: seleziona gli user ID da firmare\n"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "aggiungi un user ID"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "aggiungi un ID fotografico"
+
+#: g10/keyedit.c:1414
+#, fuzzy
+msgid "delete selected user IDs"
+msgstr "cancella un user ID"
+
+#: g10/keyedit.c:1419
+#, fuzzy
+msgid "add a subkey"
+msgstr "addkey"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+#, fuzzy
+msgid "delete selected subkeys"
+msgstr "cancella una chiave secondaria"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "aggiungi una chiave di revoca"
+
+#: g10/keyedit.c:1435
+#, fuzzy
+msgid "delete signatures from the selected user IDs"
+msgstr "Aggiorno davvero le preferenze per gli user ID selezionati? "
+
+#: g10/keyedit.c:1437
+#, fuzzy
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "Non è possibile cambiare la data di scadenza di una chiave v3\n"
+
+#: g10/keyedit.c:1439
+#, fuzzy
+msgid "flag the selected user ID as primary"
+msgstr "imposta l'user ID come primario"
+
+#: g10/keyedit.c:1441
+#, fuzzy
+msgid "toggle between the secret and public key listings"
+msgstr "cambia tra visualizzare la chiave segreta e la chiave pubblica"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "elenca le preferenze (per esperti)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "elenca le preferenze (prolisso)"
+
+#: g10/keyedit.c:1448
+#, fuzzy
+msgid "set preference list for the selected user IDs"
+msgstr "Aggiorno davvero le preferenze per gli user ID selezionati? "
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "impossibile fare il parsing dell'URI del keyserver\n"
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr "Aggiorno davvero le preferenze per gli user ID selezionati? "
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "cambia la passphrase"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "cambia il valore di fiducia"
+
+#: g10/keyedit.c:1463
+#, fuzzy
+msgid "revoke signatures on the selected user IDs"
+msgstr "Revoco davvero tutti gli user ID selezionati? "
+
+#: g10/keyedit.c:1465
+#, fuzzy
+msgid "revoke selected user IDs"
+msgstr "revoca un user ID"
+
+#: g10/keyedit.c:1470
+#, fuzzy
+msgid "revoke key or selected subkeys"
+msgstr "revoca una chiave secondaria"
+
+#: g10/keyedit.c:1471
+#, fuzzy
+msgid "enable key"
+msgstr "abilita una chiave"
+
+#: g10/keyedit.c:1472
+#, fuzzy
+msgid "disable key"
+msgstr "disabilita una chiave"
+
+#: g10/keyedit.c:1473
+#, fuzzy
+msgid "show selected photo IDs"
+msgstr "mostra l'ID fotografico"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, fuzzy, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "errore leggendo il keyblock segreto `%s': %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "È disponibile una chiave segreta.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Per fare questo serve la chiave segreta.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Per favore usa prima il comando \"toggle\".\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "La chiave è stata revocata."
+
+#: g10/keyedit.c:1798
+#, fuzzy
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Firmo davvero tutti gli user ID? "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Suggerimento: seleziona gli user ID da firmare\n"
+
+#: g10/keyedit.c:1814
+#, fuzzy, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "classe della firma sconosciuta"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Questo comando non è permesso in modalità %s.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Devi selezionare almeno un user ID.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Non puoi cancellare l'ultimo user ID!\n"
+
+#: g10/keyedit.c:1863
+#, fuzzy
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Tolgo davvero tutti gli user ID selezionati? "
+
+#: g10/keyedit.c:1864
+#, fuzzy
+msgid "Really remove this user ID? (y/N) "
+msgstr "Tolgo davvero questo user ID? "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+#, fuzzy
+msgid "Really move the primary key? (y/N) "
+msgstr "Tolgo davvero questo user ID? "
+
+#: g10/keyedit.c:1929
+#, fuzzy
+msgid "You must select exactly one key.\n"
+msgstr "Devi selezionare almeno una chiave.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, fuzzy, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "impossibile aprire `%s': %s\n"
+
+#: g10/keyedit.c:1988
+#, fuzzy, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "errore creando il portachiavi `%s': %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Devi selezionare almeno una chiave.\n"
+
+#: g10/keyedit.c:2015
+#, fuzzy
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Vuoi davvero cancellare le chiavi selezionate? "
+
+#: g10/keyedit.c:2016
+#, fuzzy
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Vuoi davvero cancellare questa chiave? "
+
+#: g10/keyedit.c:2051
+#, fuzzy
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Revoco davvero tutti gli user ID selezionati? "
+
+#: g10/keyedit.c:2052
+#, fuzzy
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Revoco davvero questo user ID? "
+
+#: g10/keyedit.c:2070
+#, fuzzy
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Vuoi davvero revocare questa chiave? "
+
+#: g10/keyedit.c:2081
+#, fuzzy
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Vuoi davvero revocare le chiavi selezionate? "
+
+#: g10/keyedit.c:2083
+#, fuzzy
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Vuoi davvero revocare questa chiave? "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+#, fuzzy
+msgid "Set preference list to:\n"
+msgstr "imposta la lista di preferenze"
+
+#: g10/keyedit.c:2181
+#, fuzzy
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "Aggiorno davvero le preferenze per gli user ID selezionati? "
+
+#: g10/keyedit.c:2183
+#, fuzzy
+msgid "Really update the preferences? (y/N) "
+msgstr "Aggiorno davvero le preferenze? "
+
+#: g10/keyedit.c:2253
+#, fuzzy
+msgid "Save changes? (y/N) "
+msgstr "Salvo i cambiamenti? "
+
+#: g10/keyedit.c:2256
+#, fuzzy
+msgid "Quit without saving? (y/N) "
+msgstr "Esco senza salvare? "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "aggiornamento fallito: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "aggiornamento della chiave segreta fallito: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "La chiave non è cambiata quindi non sono necessari aggiornamenti.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Digest: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Caratteristiche: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr "Nota: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "Non esistono preferense su un user ID in stile PGP 2.x\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Questa chiave può essere revocata dalla chiave %s "
+
+#: g10/keyedit.c:2832
+#, fuzzy, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Questa chiave può essere revocata dalla chiave %s "
+
+#: g10/keyedit.c:2838
+#, fuzzy
+msgid "(sensitive)"
+msgstr " (sensibile)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, fuzzy, c-format
+msgid "created: %s"
+msgstr "impossibile creare %s: %s\n"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, fuzzy, c-format
+msgid "revoked: %s"
+msgstr "[revocata]"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, fuzzy, c-format
+msgid "expired: %s"
+msgstr "[scadenza: %s]"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, fuzzy, c-format
+msgid "expires: %s"
+msgstr "[scadenza: %s]"
+
+#: g10/keyedit.c:2863
+#, fuzzy, c-format
+msgid "usage: %s"
+msgstr " fiducia: %c/%c"
+
+#: g10/keyedit.c:2878
+#, fuzzy, c-format
+msgid "trust: %s"
+msgstr " fiducia: %c/%c"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr ""
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Questa chiave è stata disabilitata"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Nota che la validità della chiave indicata non sarà necessariamente "
+"corretta\n"
+"finchè non eseguirai di nuovo il programma.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+#, fuzzy
+msgid "revoked"
+msgstr "[revocata]"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+#, fuzzy
+msgid "expired"
+msgstr "expire"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"ATTENZIONE: nessun user ID è stato indicato come primario. Questo comando\n"
+" potrebbe fare diventare un altro user ID il primario "
+"predefinito.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"ATTENZIONE: Questa è una chiave in stile PGP2. Aggiungere un ID fotografico\n"
+" può causarne il rifiuto da parte di alcune versioni di PGP.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Sei ancora sicuro di volerlo aggiungere? (s/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr ""
+"Non è possibile aggiungere un ID fotografico a una chiave in stile PGP2.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Cancellare questa firma corretta? (s/N/q)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Cancellare questa firma non valida? (s/N/q)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Cancellare questa firma sconosciuta? (s/N/q)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Cancellare davvero questa autofirma? (s/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Cancellata %d firma.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "Cancellate %d firme.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Non è stato cancellato nulla.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+#, fuzzy
+msgid "invalid"
+msgstr "armatura non valida"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "L'user ID \"%s\" è stato revocato."
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "L'user ID \"%s\" è stato revocato."
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "L'user ID \"%s\" è stato revocato."
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "l'user ID \"%s\" è già stato revocato\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "l'user ID \"%s\" è già stato revocato\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"ATTENZIONE: Questa è una chiave in stile PGP 2.x. Aggiungere un revocatore\n"
+" designato può causarne il rifiuto da parte di alcune versioni\n"
+" di PGP.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr ""
+"Non è possibile aggiungere un revocatore designato a una chiave in stile\n"
+"PGP 2.x.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Inserisci l'user ID del revocatore designato: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+"impossibile nominare come revocatore designato una chiave in stile PGP 2.x\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr ""
+"impossibile nominare una chiave come revocatore designato di sè stessa\n"
+
+#: g10/keyedit.c:3561
+#, fuzzy
+msgid "this key has already been designated as a revoker\n"
+msgstr ""
+"ATTENZIONE: questa chiave è stata revocata dal suo revocatore designato!\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"ATTENZIONE: la nomina di una chiave a revocatrice designata non può essere\n"
+"annullata.\n"
+
+#: g10/keyedit.c:3586
+#, fuzzy
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Sei sicuro di volere nominare questa chiave revocatrice designata? (s/N):"
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Togli le selezioni dalle chiavi segrete.\n"
+
+#: g10/keyedit.c:3653
+#, fuzzy
+msgid "Please select at most one subkey.\n"
+msgstr "Seleziona al massimo una chiave secondaria.\n"
+
+#: g10/keyedit.c:3657
+#, fuzzy
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Cambio la data di scadenza per una chiave secondaria.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Cambio la data di scadenza per la chiave primaria.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Non è possibile cambiare la data di scadenza di una chiave v3\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Manca la firma corrispondente nel portachiavi segreto\n"
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr ""
+"ATTENZIONE: la sottochiave per firme %08lX non ha una certificature "
+"incrociata\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Devi selezionare esattamente un user ID.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, fuzzy, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "salto una autofirma v3 sull'user ID \"%s\"\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+#, fuzzy
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Sei sicuro di volerla usare? (s/N) "
+
+#: g10/keyedit.c:4260
+#, fuzzy
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Sei sicuro di volerla usare? (s/N) "
+
+#: g10/keyedit.c:4322
+#, fuzzy
+msgid "Enter the notation: "
+msgstr "Annotazione della firma: "
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "Sovrascrivo (s/N)? "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Nessun user ID con l'indice %d\n"
+
+#: g10/keyedit.c:4604
+#, fuzzy, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Nessun user ID con l'indice %d\n"
+
+#: g10/keyedit.c:4639
+#, fuzzy, c-format
+msgid "No subkey with index %d\n"
+msgstr "Nessun user ID con l'indice %d\n"
+
+#: g10/keyedit.c:4774
+#, fuzzy, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "user ID: \""
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, fuzzy, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr " firmata da %08lX il %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (non esportabile)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Questa chiave è scaduta il %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Sei ancora sicuro di volerlo aggiungere? (s/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Creare un certificato di revoca per questa firma? (s/N) "
+
+#: g10/keyedit.c:4842
+#, fuzzy
+msgid "Not signed by you.\n"
+msgstr " firmata da %08lX il %s%s\n"
+
+#: g10/keyedit.c:4848
+#, fuzzy, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Non puoi cancellare l'ultimo user ID!\n"
+
+#: g10/keyedit.c:4874
+#, fuzzy
+msgid " (non-revocable)"
+msgstr " (non esportabile)"
+
+#: g10/keyedit.c:4881
+#, fuzzy, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr " revocata da %08lX il %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Stai per revocare queste firme:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Creare davvero i certificati di revoca? (s/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "manca la chiave segreta\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "l'user ID \"%s\" è già stato revocato\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+"ATTENZIONE: una firma dell'user ID ha la data di %d secondi nel futuro\n"
+
+#: g10/keyedit.c:5104
+#, fuzzy, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "l'user ID \"%s\" è già stato revocato\n"
+
+#: g10/keyedit.c:5166
+#, fuzzy, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "l'user ID \"%s\" è già stato revocato\n"
+
+#: g10/keyedit.c:5261
+#, fuzzy, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+"Mostro %s ID fotografici di dimensioni %ld per la chaive 0x%08lX (uid %d)\n"
+
+#: g10/keygen.c:275
+#, fuzzy, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "la preferenza %c%lu è doppia\n"
+
+#: g10/keygen.c:282
+#, fuzzy
+msgid "too many cipher preferences\n"
+msgstr "ci sono troppe preferenze `%c'\n"
+
+#: g10/keygen.c:284
+#, fuzzy
+msgid "too many digest preferences\n"
+msgstr "ci sono troppe preferenze `%c'\n"
+
+#: g10/keygen.c:286
+#, fuzzy
+msgid "too many compression preferences\n"
+msgstr "ci sono troppe preferenze `%c'\n"
+
+#: g10/keygen.c:426
+#, fuzzy, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "carattere non valido nella stringa delle preferenze\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "scrittura della firma diretta\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "scrittura della autofirma\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "scrittura della firma di collegamento alla chiave\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "dimensione della chiave non valida; uso %u bit\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "dimensioni della chiave arrotondate a %u bit\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+#, fuzzy
+msgid "Sign"
+msgstr "sign"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+#, fuzzy
+msgid "Encrypt"
+msgstr "cifra dati"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr ""
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, fuzzy, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%d) ElGamal (cifra solo)\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Per favore scegli che tipo di chiave vuoi:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA e ElGamal (default)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA e ElGamal (default)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (firma solo)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (firma solo)\n"
+
+#: g10/keygen.c:1698
+#, fuzzy, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (cifra solo)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (cifra solo)\n"
+
+#: g10/keygen.c:1703
+#, fuzzy, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) RSA (cifra solo)\n"
+
+#: g10/keygen.c:1704
+#, fuzzy, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (cifra solo)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Di che dimensioni vuoi la chiave? (1024) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, fuzzy, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Di che dimensioni vuoi la chiave? (1024) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "La dimensione richiesta della chiave è %u bit\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Per favore specifica per quanto tempo la chiave sarà valida.\n"
+" 0 = la chiave non scadrà\n"
+" <n> = la chiave scadrà dopo n giorni\n"
+" <n>w = la chiave scadrà dopo n settimane\n"
+" <n>m = la chiave scadrà dopo n mesi\n"
+" <n>y = la chiave scadrà dopo n anni\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Per favore specifica per quanto tempo la firma sarà valida.\n"
+" 0 = la chiave non scadrà\n"
+" <n> = la chiave scadrà dopo n giorni\n"
+" <n>w = la chiave scadrà dopo n settimane\n"
+" <n>m = la chiave scadrà dopo n mesi\n"
+" <n>y = la chiave scadrà dopo n anni\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Chiave valida per? (0) "
+
+#: g10/keygen.c:1964
+#, fuzzy, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Firma valida per? (0) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "valore non valido\n"
+
+#: g10/keygen.c:1989
+#, fuzzy
+msgid "Key does not expire at all\n"
+msgstr "%s non ha scadenza\n"
+
+#: g10/keygen.c:1990
+#, fuzzy
+msgid "Signature does not expire at all\n"
+msgstr "%s non ha scadenza\n"
+
+#: g10/keygen.c:1995
+#, fuzzy, c-format
+msgid "Key expires at %s\n"
+msgstr "%s scadrà il %s\n"
+
+#: g10/keygen.c:1996
+#, fuzzy, c-format
+msgid "Signature expires at %s\n"
+msgstr "Questa firma scadrà il %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Il tuo sistema non può mostrare date oltre il 2038.\n"
+"Comunque, sarà gestita correttamente fino al 2106.\n"
+
+#: g10/keygen.c:2013
+#, fuzzy
+msgid "Is this correct? (y/N) "
+msgstr "È giusto (s/n)? "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+#, fuzzy
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Ti serve un User ID per identificare la tua chiave; il software costruisce "
+"l'user id a partire da Nome e Cognome, Commento e Indirizzo di Email "
+"indicati in questa forma:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Nome e Cognome: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Carattere non valido nel nome\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Il nome non può iniziare con una cifra\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Il nome deve essere lungo almeno 5 caratteri\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Indirizzo di Email: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "L'indirizzo di email non è valido\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Commento: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Carattere non valido nel commento\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Stai usando il set di caratteri `%s'.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Hai selezionato questo User Id:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "Per favore non mettere l'indirizzo di email nel nome o nel commento\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcEeOoQq"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Modifica (N)ome, (C)ommento, (E)mail oppure (Q)uit? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Modifica (N)ome, (C)ommento, (E)mail oppure (O)kay/(Q)uit? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Per favore correggi prima l'errore\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Ti serve una passphrase per proteggere la tua chiave segreta.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "Inserisci la passphrase, cioè una frase segreta \n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Non hai specificato una passphrase - questa è probabilmente una *cattiva*\n"
+"idea! Lo farò io comunque. Puoi cambiarla in ogni momento, usando questo\n"
+"programma con l'opzione \"--edit-key\".\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Dobbiamo generare un mucchio di byte casuali. È una buona idea eseguire\n"
+"qualche altra azione (scrivere sulla tastiera, muovere il mouse, usare i\n"
+"dischi) durante la generazione dei numeri primi; questo da al generatore di\n"
+"numeri casuali migliori possibilità di raccogliere abbastanza entropia.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Generazione della chiave annullata.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "scrittura della chiave pubblica in `%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, fuzzy, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "scrittura della chiave segreta in `%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "scrittura della chiave segreta in `%s'\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "non è stato trovato un portachiavi pubblico scrivibile: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "non è stato trovato un portachiavi segreto scrivibile: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "errore scrivendo il portachiavi pubblico `%s': %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "errore scrivendo il portachiavi segreto `%s': %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "chiavi pubbliche e segrete create e firmate.\n"
+
+#: g10/keygen.c:3672
+#, fuzzy
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Nota che questa chiave non può essere usata per cifrare. Forse vorrai usare\n"
+"il comando \"--edit-key\" per generare una chiave secondaria per questo "
+"scopo.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Generazione della chiave fallita: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"la chiave è stata creata %lu secondo nel futuro (salto nel tempo o problema\n"
+"con l'orologio)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"la chiave è stata creata %lu secondi nel futuro (salto nel tempo o problema\n"
+"con l'orologio)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "NB: la creazione di subchiavi per chiavi v3 non rispetta OpenPGP.\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+#, fuzzy
+msgid "Really create? (y/N) "
+msgstr "Crea davvero? "
+
+#: g10/keygen.c:4116
+#, fuzzy, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "cancellazione del keyblock fallita: %s\n"
+
+#: g10/keygen.c:4165
+#, fuzzy, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "impossibile creare `%s': %s\n"
+
+#: g10/keygen.c:4191
+#, fuzzy, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "NOTA: chiave %08lX scaduta il %s\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "mai "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Politica critica di firma: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Politica di firma: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Annotazione critica della firma: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Annotazione della firma: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Portachiavi"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Impronta digitale della chiave primaria:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Impronta digitale della subchiave:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Impronta digitale della chiave primaria:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Impronta digitale della subchiave:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+#, fuzzy
+msgid " Key fingerprint ="
+msgstr " Impronta digitale ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, fuzzy, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "creazione dell'armatura fallita: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "ATTENZIONE: esistono due file con informazioni confidenziali.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s è quello non modificato\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s è quello nuovo\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Per favore risolvete questo possibile problema di sicurezza\n"
+
+#: g10/keyring.c:1430
+#, fuzzy, c-format
+msgid "caching keyring `%s'\n"
+msgstr "controllo il portachiavi `%s'\n"
+
+#: g10/keyring.c:1489
+#, fuzzy, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "Sono state controllate %lu chiavi (%lu firme)\n"
+
+#: g10/keyring.c:1501
+#, fuzzy, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "Sono state controllate %lu chiavi (%lu firme)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: portachiavi creato\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "l'URL della politica di firma indicato non è valido\n"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, fuzzy, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"ATTENZIONE: le opzioni in `%s' non sono ancora attive durante questa\n"
+"esecuzione del programma\n"
+
+#: g10/keyserver.c:544
+#, fuzzy
+msgid "disabled"
+msgstr "disable"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, fuzzy, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "opzioni di esportazione non valide\n"
+
+#: g10/keyserver.c:932
+#, fuzzy, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "chiave `%s' non trovata: %s\n"
+
+#: g10/keyserver.c:934
+#, fuzzy
+msgid "key not found on keyserver\n"
+msgstr "chiave `%s' non trovata: %s\n"
+
+#: g10/keyserver.c:1177
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "richiedo la chiave %08lX a %s\n"
+
+#: g10/keyserver.c:1181
+#, fuzzy, c-format
+msgid "requesting key %s from %s\n"
+msgstr "richiedo la chiave %08lX a %s\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "cerco \"%s\" sul server HKP %s\n"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "cerco \"%s\" sul server HKP %s\n"
+
+#: g10/keyserver.c:1361
+#, fuzzy, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "cerco \"%s\" sul server HKP %s\n"
+
+#: g10/keyserver.c:1365
+#, fuzzy, c-format
+msgid "sending key %s to %s\n"
+msgstr ""
+"\"\n"
+"firmata con la tua chiave %08lX il %s\n"
+"\n"
+
+#: g10/keyserver.c:1408
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "cerco \"%s\" sul server HKP %s\n"
+
+#: g10/keyserver.c:1411
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "cerco \"%s\" sul server HKP %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+#, fuzzy
+msgid "no keyserver action!\n"
+msgstr "opzioni di esportazione non valide\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr ""
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+#: g10/keyserver.c:1575
+#, fuzzy
+msgid "keyserver timed out\n"
+msgstr "errore del keyserver"
+
+#: g10/keyserver.c:1580
+#, fuzzy
+msgid "keyserver internal error\n"
+msgstr "errore del keyserver"
+
+#: g10/keyserver.c:1589
+#, fuzzy, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "ricezione dal keyserver fallita: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr ""
+
+#: g10/keyserver.c:1907
+#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "ATTENZIONE: impossibile cancellare il file temporaneo (%s) `%s': %s\n"
+
+#: g10/keyserver.c:1929
+#, fuzzy, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "richiedo la chiave %08lX a %s\n"
+
+#: g10/keyserver.c:1931
+#, fuzzy, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "richiedo la chiave %08lX a %s\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "ATTENZIONE: impossibile cancellare il file temporaneo (%s) `%s': %s\n"
+
+#: g10/keyserver.c:1993
+#, fuzzy, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "ATTENZIONE: impossibile cancellare il file temporaneo (%s) `%s': %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "la chiave di sessione cifrata ha dimensioni strane (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "chiave di sessione cifrata con %s\n"
+
+#: g10/mainproc.c:294
+#, fuzzy, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "cifrato con l'algoritmo sconosciuto %d\n"
+
+#: g10/mainproc.c:360
+#, fuzzy, c-format
+msgid "public key is %s\n"
+msgstr "la chiave pubblica è %08lX\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "dati cifrati con la chiave pubblica: DEK corretto\n"
+
+#: g10/mainproc.c:456
+#, fuzzy, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "cifrato con la chiave %2$s di %1$u bit, ID %3$08lX, creata il %4$s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, fuzzy, c-format
+msgid " \"%s\"\n"
+msgstr " alias \""
+
+#: g10/mainproc.c:464
+#, fuzzy, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "Cifrato con la chiave %s con ID %08lX\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "decifratura della chiave pubblica fallita: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "cifratto con %lu passphrase\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "cifratto con 1 passphrase\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "suppongo che i dati siano cifrati con %s\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "Cifrario IDEA non disponibile, ottimisticamente cerco di usare %s\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "decifratura corretta\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "ATTENZIONE: l'integrità del messaggio non era protetta\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "ATTENZIONE: il messaggio cifrato è stato manipolato!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "decifratura fallita: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "NOTA: il mittente ha richiesto \"solo-per-i-tuoi-occhi\"\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "nome del file originale='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "revoca solitaria - usa \"gpg --import\" per applicarla\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "Firma valida da \""
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "verifica della firma soppressa\n"
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "impossibile gestire queste firme multiple\n"
+
+#: g10/mainproc.c:1598
+#, fuzzy, c-format
+msgid "Signature made %s\n"
+msgstr "Firma scaduta il %s\n"
+
+#: g10/mainproc.c:1599
+#, fuzzy, c-format
+msgid " using %s key %s\n"
+msgstr " alias \""
+
+#: g10/mainproc.c:1603
+#, fuzzy, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Firma fatta %.*s usando %s con ID %08lX\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Chiave disponibile presso: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, fuzzy, c-format
+msgid "BAD signature from \"%s\""
+msgstr "Firma NON corretta da \""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, fuzzy, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Firma scaduta da \""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, fuzzy, c-format
+msgid "Good signature from \"%s\""
+msgstr "Firma valida da \""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[incerta]"
+
+#: g10/mainproc.c:1843
+#, fuzzy, c-format
+msgid " aka \"%s\""
+msgstr " alias \""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Firma scaduta il %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Questa firma scadrà il %s\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "Firma %s, algoritmo di digest %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "binario"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "modo testo"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "sconosciuto"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Impossibile controllare la firma: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "non è una firma separata\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr "ATTENZIONE: trovate firme multiple. Sarà controllata solo la prima.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "firma solitaria di classe 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "firma vecchio stile (PGP 2.x)\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "individuato un pacchetto radice non valido in proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, fuzzy, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "impossibile aprire il file: %s\n"
+
+#: g10/misc.c:178
+#, fuzzy, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "trustdb: read fallita (n=%d): %s\n"
+
+#: g10/misc.c:296
+#, fuzzy, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "impossibile gestire l'algoritmo a chiave pubblica %d\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+"forzare l'algoritmo di digest %s (%d) viola le preferenze del destinatario\n"
+
+#: g10/misc.c:315
+#, fuzzy, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "algoritmo di cifratura non implementato"
+
+#: g10/misc.c:330
+#, fuzzy, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "Firma %s, algoritmo di digest %s\n"
+
+#: g10/misc.c:335
+#, fuzzy, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr ""
+"forzare l'algoritmo di digest %s (%d) viola le preferenze del destinatario\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "il plugin per il cifrario IDEA non è presente\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr " i = mostrami ulteriori informazioni\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d \"%s\" è una opzione deprecata\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "ATTENZIONE: \"%s\" è una opzione deprecata\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "usa al suo posto \"%s%s\"\n"
+
+#: g10/misc.c:774
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "ATTENZIONE: \"%s\" è una opzione deprecata\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "ATTENZIONE: \"%s\" è una opzione deprecata\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "Non compresso"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+#, fuzzy
+msgid "uncompressed|none"
+msgstr "Non compresso"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "questo messaggio può non essere utilizzabile da %s\n"
+
+#: g10/misc.c:1175
+#, fuzzy, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "lettura delle opzioni da `%s'\n"
+
+#: g10/misc.c:1200
+#, fuzzy, c-format
+msgid "unknown option `%s'\n"
+msgstr "destinatario predefinito `%s' sconosciuto\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Il file `%s' esiste. "
+
+#: g10/openfile.c:93
+#, fuzzy
+msgid "Overwrite? (y/N) "
+msgstr "Sovrascrivo (s/N)? "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: suffisso sconosciuto\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Inserire il nuovo nome del file"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "scrivo su stdout\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "suppongo che i dati firmati siano in `%s'\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "creato un nuovo file di configurazione `%s'\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+"ATTENZIONE: le opzioni in `%s' non sono ancora attive durante questa\n"
+"esecuzione del programma\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "impossibile gestire l'algoritmo a chiave pubblica %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+"ATTENZIONE: la chiave di sessione cifrata simmetricamente è potenzialmente\n"
+"non sicura\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "il sottopacchetto di tipo %d ha un bit critico impostato\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, fuzzy, c-format
+msgid "problem with the agent: %s\n"
+msgstr "problema con l'agent: ha restituito 0x%lx\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, fuzzy, c-format
+msgid " (main key ID %s)"
+msgstr " (key ID principale %08lX)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Ti serve una passphrase per sbloccare la chiave segreta dell'utente:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %08lX, created %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Inserisci la passphrase\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "interrotto dall'utente\n"
+
+#: g10/passphrase.c:592
+#, fuzzy, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"\n"
+"Ti serve una passphrase per sbloccare la chiave segreta\n"
+"dell'utente: \""
+
+#: g10/passphrase.c:600
+#, fuzzy, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "chiave %2$s di %1$u bit, ID %3$08lX, creata il %4$s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Scegli un'immagine da usare per l'identificazione fotografica. L'immagine "
+"deve\n"
+"essere un file JPEG. Ricorda che l'immagine è immagazzinata nella tua "
+"chiave\n"
+"pubblica, se usi una immagine molto grande anche la tua chiave diventerà "
+"molto\n"
+"grande! Dimensioni vicine a 240x288 sono una buona scelta.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Inserisci il nome del file JPEG per l'ID fotografico: "
+
+#: g10/photoid.c:117
+#, fuzzy, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "impossibile aprire il file: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+#, fuzzy
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Sei sicuro di volerla usare? (s/N) "
+
+#: g10/photoid.c:146
+#, fuzzy, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "\"%s\": non è un file JPEG\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Questa foto è giusta? (s/N/q) "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "impossibile mostrare l'ID fotografico\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Nessuna ragione specificata"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Questa chiave è stata sostituita"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Questa chiave è stata compromessa"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "La chiave non è più usata"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "L'user ID non è più valido"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "ragione della revoca: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "commento alla revoca: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMqQsS"
+
+#: g10/pkclist.c:212
+#, fuzzy
+msgid "No trust value assigned to:\n"
+msgstr ""
+"Nessun valore di fiducia assegnato a:\n"
+"%4u%c/%08lX %s \""
+
+#: g10/pkclist.c:245
+#, fuzzy, c-format
+msgid " aka \"%s\"\n"
+msgstr " alias \""
+
+#: g10/pkclist.c:255
+#, fuzzy
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "Questa chiave probabilmente appartiene al proprietario\n"
+
+#: g10/pkclist.c:270
+#, fuzzy, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Non lo so\n"
+
+#: g10/pkclist.c:272
+#, fuzzy, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = NON mi fido\n"
+
+#: g10/pkclist.c:278
+#, fuzzy, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Mi fido definitivamente\n"
+
+#: g10/pkclist.c:284
+#, fuzzy
+msgid " m = back to the main menu\n"
+msgstr " m = torna al menù principale\n"
+
+#: g10/pkclist.c:287
+#, fuzzy
+msgid " s = skip this key\n"
+msgstr " s = salta questa chiave\n"
+
+#: g10/pkclist.c:288
+#, fuzzy
+msgid " q = quit\n"
+msgstr " q = abbandona\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Cosa hai deciso? "
+
+#: g10/pkclist.c:319
+#, fuzzy
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Vuoi davvero assegnare fiducia definitiva a questa chiave? "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certificati che portano a chiavi definitivamente affidabili:\n"
+
+#: g10/pkclist.c:418
+#, fuzzy, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Non ci sono indicazioni che la chiave appartenga al proprietario\n"
+
+#: g10/pkclist.c:423
+#, fuzzy, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Non ci sono indicazioni che la chiave appartenga al proprietario\n"
+
+#: g10/pkclist.c:429
+#, fuzzy
+msgid "This key probably belongs to the named user\n"
+msgstr "Questa chiave probabilmente appartiene al proprietario\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Questa chiave ci appartiene\n"
+
+#: g10/pkclist.c:460
+#, fuzzy
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"NON è sicuro che la chiave appartenga alla persona indicata.\n"
+"nell'user ID. Se sai *davvero* cosa stai facendo, puoi\n"
+"rispondere sì alla prossima domanda.\n"
+"\n"
+
+#: g10/pkclist.c:479
+#, fuzzy
+msgid "Use this key anyway? (y/N) "
+msgstr "Uso lo stesso questa chiave? "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "ATTENZIONE: uso di una chiave non fidata!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+"ATTENZIONE: questa chiave può essere stata revocata (la chiave di revoca\n"
+"non è presente).\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr ""
+"ATTENZIONE: questa chiave è stata revocata dal suo revocatore designato!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "ATTENZIONE: questa chiave è stata revocata dal suo proprietario!\n"
+
+#: g10/pkclist.c:533
+#, fuzzy
+msgid " This could mean that the signature is forged.\n"
+msgstr " Questo può significare che la firma è stata falsificata.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "ATTENZIONE: questa subchiave è stata revocata dal proprietario!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Nota: questa chiave è stata disabilitata.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Nota: questa chiave è scaduta!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "ATTENZIONE: questa chiave non è certificata con una firma fidata!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" Non ci sono indicazioni che la firma appartenga al proprietario.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "ATTENZIONE: NON ci fidiamo di questa chiave!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " La firma è probabilmente un FALSO.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"ATTENZIONE: questa chiave non è certificata con firme abbastanza fidate!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Non è sicuro che la firma appartenga al proprietario.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: saltata: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: saltata: chiave pubblica già presente\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "Non hai specificato un user ID. (puoi usare \"-r\")\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Inserisci l'user ID. Termina con una riga vuota: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "User ID inesistente.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "saltata: chiave pubblica già impostata come destinatario predefinito\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "La chiave pubblica è disabilitata.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "saltata: chiave pubblica già impostata\n"
+
+#: g10/pkclist.c:1045
+#, fuzzy, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "destinatario predefinito `%s' sconosciuto\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: saltata: chiave pubblica disabilitata\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "nessun indirizzo valido\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "chiave %08lX: nessun user ID\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "chiave %08lX: nessun user ID\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+"i dati non sono stati salvati; usa l'opzione \"--output\" per salvarli\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Firma separata.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Inserisci il nome del file di dati: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "viene letto stdin...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "non ci sono dati firmati\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "impossibile aprire i dati firmati `%s'\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "impossibile aprire i dati firmati `%s'\n"
+
+#: g10/pubkey-enc.c:105
+#, fuzzy, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "destinatario anonimo; provo la chiave segreta %08lX ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "bene, siamo il destinatario anonimo.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "la vecchia codifica del DEK non è gestita\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "l'algoritmo di cifratura %d%s è sconosciuto o disattivato\n"
+
+#: g10/pubkey-enc.c:284
+#, fuzzy, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr ""
+"NOTA: l'algoritmo di cifratura %d non è stato trovato tra le preferenze\n"
+
+#: g10/pubkey-enc.c:304
+#, fuzzy, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "NOTA: chiave %08lX scaduta il %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "NOTA: la chiave è stata revocata"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet fallito: %s\n"
+
+#: g10/revoke.c:145
+#, fuzzy, c-format
+msgid "key %s has no user IDs\n"
+msgstr "chiave %08lX: nessun user ID\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Revocabile da:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Questa è una chiave di revoca sensibile)\n"
+
+#: g10/revoke.c:314
+#, fuzzy
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Creare un certificato di revoca per questa chiave? "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "Forzato l'output con armatura ASCII.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet fallito: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Certificato di revoca creato.\n"
+
+#: g10/revoke.c:411
+#, fuzzy, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "non sono state trovate chiavi di revoca per `%s'\n"
+
+#: g10/revoke.c:470
+#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "chiave segreta `%s' non trovata: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "non c'è una chiave pubblica corrispondente: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "la chiave pubblica non corrisponde alla chiave segreta!\n"
+
+#: g10/revoke.c:515
+#, fuzzy
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Creare un certificato di revoca per questa chiave? "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "algoritmo di protezione sconosciuto\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "NOTA: Questa chiave non è protetta!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Creato un certificato di revoca.\n"
+"\n"
+"Per favore spostalo su un media che puoi nascondere; se l'uomo nel mezzo\n"
+"riuscirà ad accedere a questo certificato potrà usarlo per rendere\n"
+"inutilizzabile la tua chiave. È una buona idea stamparlo ed archiviarlo,\n"
+"nel caso il media diventasse illeggibile. Ma fai attenzione: il sistema di\n"
+"stampa della tua macchina potrebbe immagazzinare i dati e renderli "
+"disponibili\n"
+"ad altri!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Per favore scegli il motivo della revoca:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Cancella"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Probabilmente volevi scegliere %d)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Inserisci una descrizione opzionale; terminala con una riga vuota:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Motivo della revoca: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(Non è stata data una descrizione)\n"
+
+#: g10/revoke.c:721
+#, fuzzy
+msgid "Is this okay? (y/N) "
+msgstr "Va bene così? "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "parti della chiave segreta non sono disponibili\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "l'algoritmo di protezione %d%s non è gestito\n"
+
+#: g10/seckey-cert.c:72
+#, fuzzy, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "l'algoritmo di protezione %d%s non è gestito\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Passphrase non valida; riprova"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+"ATTENZIONE: Individuata una chiave debole - per favore cambia ancora la\n"
+"passphrase.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"genero il checksum a 16 bit deprecato per la protezione della chiave "
+"segreta\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "creata una chiave debole - riprovo\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"Impossibile evitare una chiave debole per il cifrario simmetrico;\n"
+"ho provato %d volte!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "ATTENZIONE: conflitto del digest delle firme nel messaggio\n"
+
+#: g10/sig-check.c:105
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+"ATTENZIONE: la sottochiave per firme %08lX non ha una certificature "
+"incrociata\n"
+
+#: g10/sig-check.c:117
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"ATTENZIONE: la sottochiave per firme %08lX ha una certificature incrociata\n"
+"non valida\n"
+
+#: g10/sig-check.c:211
+#, fuzzy, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "la chiave pubblica %08lX è più recente della firma di %lu secondo\n"
+
+#: g10/sig-check.c:212
+#, fuzzy, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "la chiave pubblica %08lX è più recente della firma di %lu secondi\n"
+
+#: g10/sig-check.c:223
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"la chiave è stata creata %lu secondo nel futuro (salto nel tempo o problema\n"
+"con l'orologio)\n"
+
+#: g10/sig-check.c:225
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"la chiave è stata creata %lu secondi nel futuro (salto nel tempo o problema\n"
+"con l'orologio)\n"
+
+#: g10/sig-check.c:239
+#, fuzzy, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "NOTA: chiave per firmare %08lX scaduta il %s\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "NOTA: la chiave è stata revocata"
+
+#: g10/sig-check.c:325
+#, fuzzy, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"si suppone una firma non valida della chiave %08lX a causa di un\n"
+"bit critico sconosciuto\n"
+
+#: g10/sig-check.c:591
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr ""
+"chiave %08lX: non c'è una subchiave per il pacchetto di revoca della "
+"subchiave\n"
+
+#: g10/sig-check.c:618
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr ""
+"chiave %08lX: non c'è una subchiave per la firma di collegamento della "
+"subchiave\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"ATTENZIONE: impossibile espandere i %% nell'URL (troppo lunga). Usata "
+"inespansa.\n"
+
+#: g10/sign.c:115
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"ATTENZIONE: Impossibile espandere i %% nell'URL della policy (troppo "
+"lunga).\n"
+"Usata inespansa.\n"
+
+#: g10/sign.c:138
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"ATTENZIONE: Impossibile espandere i %% nell'URL della policy (troppo "
+"lunga).\n"
+"Usata inespansa.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "controllo della firma creata fallito: %s\n"
+
+#: g10/sign.c:320
+#, fuzzy, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "Firma %s da: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"nella modalità --pgp2 puoi fare firme separate solo con chiavi in stile PGP "
+"2.x\n"
+
+#: g10/sign.c:837
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"forzare l'algoritmo di digest %s (%d) viola le preferenze del destinatario\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "firma:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"In modalità -pgp2 puoi firmare in chiaro solo con chiavi in stile PGP 2.x\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "sarà usato il cifrario %s\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"la chiave non è indicata come insicura - impossibile usarla con il RNG "
+"finto!\n"
+
+#: g10/skclist.c:174
+#, fuzzy, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "saltata `%s': doppia\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "saltata `%s': %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "saltata: chiave pubblica già presente\n"
+
+#: g10/skclist.c:208
+#, fuzzy
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"saltata %s: questa è una chiave ElGamal generata da PGP che NON è sicura per "
+"le firme!\n"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "trust record %lu, req type %d: write fallita: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Lista dei valori della fiducia assegnati, creata il %s\n"
+"# (Usa \"gpg --import-ownertrust\" per ripristinarli)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, fuzzy, c-format
+msgid "error in `%s': %s\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: g10/tdbdump.c:161
+#, fuzzy
+msgid "line too long"
+msgstr "riga troppo lunga\n"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+#, fuzzy
+msgid "invalid fingerprint"
+msgstr "errore: impronta digitale non valida\n"
+
+#: g10/tdbdump.c:180
+#, fuzzy
+msgid "ownertrust value missing"
+msgstr "importa i valori di fiducia"
+
+#: g10/tdbdump.c:216
+#, fuzzy, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "errore cercando il record della fiducia: %s\n"
+
+#: g10/tdbdump.c:220
+#, fuzzy, c-format
+msgid "read error in `%s': %s\n"
+msgstr "errore di lettura: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "trustdb: sync fallita: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "trustdb rec %lu: lseek fallita: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "trustdb rec %lu: scrittura fallita (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "transazione del trustdb troppo grande\n"
+
+#: g10/tdbio.c:500
+#, fuzzy, c-format
+msgid "can't access `%s': %s\n"
+msgstr "impossibile chiudere `%s': %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: la directory non esiste!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, fuzzy, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "impossibile creare `%s': %s\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, fuzzy, c-format
+msgid "can't lock `%s'\n"
+msgstr "impossibile aprire `%s'\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: creazione del record della versione fallita: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: è stato creato un trustdb non valido\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: creato il trustdb\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "NOTA: il trustdb non è scrivibile\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: trustdb non valido\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: creazione della tabella hash fallita: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: errore durante l'aggiornamento del record di versione: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: errore durante la lettura del record di versione: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: errore durante la scrittura del record di versione: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "trustdb: lseek fallita: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "trustdb: read fallita (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: non è un file di trustdb\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: record di versione con recnum %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: versione %d del file non valida\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: errore durante la lettura del record libero: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: errore durante la scrittura del dir record: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: azzeramento di un record fallito: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: accodatura a un record fallita: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: creato il trustdb\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "impossibile gestire linee di testo più lunghe di %d caratteri\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "linea di input più lunga di %d caratteri\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "`%s' non è un key ID lungo valido\n"
+
+#: g10/trustdb.c:252
+#, fuzzy, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "chiave %08lX: accettata come chiave affidabile\n"
+
+#: g10/trustdb.c:290
+#, fuzzy, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "chiave %08lX: appare nel trustdb più di una volta\n"
+
+#: g10/trustdb.c:305
+#, fuzzy, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr ""
+"chiave %08lX: manca la chiave pubblica della chiave fidata - ignorata\n"
+
+#: g10/trustdb.c:315
+#, fuzzy, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "chiavi marcate definitivamente affidabili.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "trust record %lu, tipo %d: read fallita: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "il trust record %lu non è del tipo richiesto %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+#, fuzzy
+msgid "[ revoked]"
+msgstr "[revocata]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+#, fuzzy
+msgid "[ expired]"
+msgstr "[scaduta]"
+
+#: g10/trustdb.c:528
+#, fuzzy
+msgid "[ unknown]"
+msgstr "sconosciuto"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+#, fuzzy
+msgid "never"
+msgstr "mai "
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "non è necessario un controllo del trustdb\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "il prossimo controllo del trustdb sarà fatto il %s\n"
+
+#: g10/trustdb.c:607
+#, fuzzy, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "non è necessario un controllo del trustdb\n"
+
+#: g10/trustdb.c:622
+#, fuzzy, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "non è necessario un controllo del trustdb\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, fuzzy, c-format
+msgid "public key %s not found: %s\n"
+msgstr "chiave pubblica %08lX non trovata: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "per favore usa --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "controllo il trustdb\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d chiavi processate (%d conteggi di validità azzerati)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "non è stata trovata alcuna chiave definitivamente affidabile\n"
+
+#: g10/trustdb.c:2309
+#, fuzzy, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "chiave pubblica definitivamente affidabile %08lX non trovata\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, fuzzy, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "trust record %lu, req type %d: write fallita: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"non è stato possibile verificare la firma.\n"
+"Ricorda che il file con la firma (.sig or .asc) deve\n"
+"essere il primo file indicato sulla riga di comando.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "linea di input %u troppo lunga o LF mancante\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "impossibile aprire `%s': %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "scrittura della chiave segreta in `%s'\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "errore durante la lettura del file"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "riga troppo lunga\n"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "argomento non valido"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "comandi in conflitto\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "opzioni di importazione non valide\n"
+
+# ??? (Md)
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "non esaminato"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "opzioni di importazione non valide\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "Comando non valido (prova \"help\")\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+# ??? (Md)
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "non esaminato"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "opzioni di importazione non valide\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "hai trovato un bug... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "impossibile aprire il file: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "creazione dell'armatura fallita: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "impossibile creare la directory `%s': %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "errore scrivendo il portachiavi `%s': %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "scrittura della chiave segreta in `%s'\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "chiave pubblica %08lX non trovata: %s\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "scrittura della chiave segreta in `%s'\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Uso: gpg [opzioni] [files] (-h per l'aiuto)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "cambia la passphrase"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "cambia la passphrase"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Per favore scegli il motivo della revoca:\n"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Per favore scegli il motivo della revoca:\n"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, fuzzy, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: scd/app-openpgp.c:695
+#, fuzzy, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "inizializzazione del trustdb fallita: %s\n"
+
+#: scd/app-openpgp.c:708
+#, fuzzy, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "rebuild della cache del portachiavi fallito: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, fuzzy, c-format
+msgid "reading public key failed: %s\n"
+msgstr "cancellazione del keyblock fallita: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr ""
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "cambia la passphrase"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, fuzzy, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "invio al keyserver fallito: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "cambia la passphrase"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "cambia la passphrase"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "Per favore scegli il motivo della revoca:\n"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+#, fuzzy
+msgid "error reading application data\n"
+msgstr "errore leggendo il keyblock: %s\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+#, fuzzy
+msgid "error reading fingerprint DO\n"
+msgstr "%s: errore durante la lettura del record libero: %s\n"
+
+#: scd/app-openpgp.c:2194
+#, fuzzy
+msgid "key already exists\n"
+msgstr "`%s' è già compresso\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2200
+#, fuzzy
+msgid "generating new key\n"
+msgstr "genera una nuova coppia di chiavi"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "genera una nuova coppia di chiavi"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2773
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "inizializzazione del trustdb fallita: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2872
+#, fuzzy
+msgid "generating key failed\n"
+msgstr "cancellazione del keyblock fallita: %s\n"
+
+#: scd/app-openpgp.c:2875
+#, fuzzy, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "Generazione della chiave fallita: %s\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "Firma %s, algoritmo di digest %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, fuzzy, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "Non sono stati trovati dati OpenPGP validi.\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr ""
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "|FILE|carica il modulo di estensione FILE"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+#, fuzzy
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NOME|usa NOME come destinatario predefinito"
+
+#: scd/scdaemon.c:130
+#, fuzzy
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NOME|usa NOME come destinatario predefinito"
+
+#: scd/scdaemon.c:133
+#, fuzzy
+msgid "do not use the internal CCID driver"
+msgstr "non usa per niente il terminale"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "comandi in conflitto\n"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Uso: gpg [opzioni] [files] (-h per l'aiuto)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "Carattere radix64 non valido %02x saltato\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+#, fuzzy
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "variabile di ambiente GPG_AGENT_INFO malformata\n"
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "la versione %d del protocollo di gpg-agent non è gestita\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "help"
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "la versione %d del protocollo di gpg-agent non è gestita\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "impossibile aprire `%s': %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "scrittura della chiave segreta in `%s'\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "cancellazione del keyblock fallita: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "inizializzazione del trustdb fallita: %s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "NOTA: la chiave è stata revocata"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "controllo della firma creata fallito: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr ""
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "scrittura della chiave segreta in `%s'\n"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "Questa chiave è scaduta!"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "Questa chiave è scaduta!"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "Questa chiave è scaduta!"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "Questa chiave è scaduta!"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " nuove firme: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "Certificato di revoca creato.\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "certificato danneggiato"
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr ""
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "mostra le impronte digitali"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "genera un certificato di revoca"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "controllo della firma creata fallito: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr ""
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "verifica una firma"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "la preferenza %c%lu è doppia\n"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "Certificato di revoca creato.\n"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr "certificato danneggiato"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "no"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "errore: impronta digitale non valida\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "errore: impronta digitale non valida\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Ti serve una passphrase per sbloccare la chiave segreta dell'utente:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %08lX, created %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "errore scrivendo il portachiavi segreto `%s': %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "algoritmo di hash non valido `%s'\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "L'indirizzo di email non è valido\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "errore creando il portachiavi `%s': %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "errore creando il portachiavi `%s': %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "Generazione della chiave fallita: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (firma solo)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) RSA (cifra solo)\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Annotazione della firma: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "Nessun user ID con l'indice %d\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: errore durante la lettura del record libero: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "disabilita una chiave"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) RSA (firma e cifra)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (firma solo)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (cifra solo)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+#, fuzzy
+msgid "No subject name given\n"
+msgstr "(Non è stata data una descrizione)\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "algoritmo di hash non valido `%s'\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "Indirizzo di Email: "
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"Inserisci l'user ID. Termina con una riga vuota: "
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "Inserire il nuovo nome del file"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr "Inserisci una descrizione opzionale; terminala con una riga vuota:\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr ""
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "chiave `%s' non trovata: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "errore leggendo il keyblock: %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "Certificato di revoca creato.\n"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "la preferenza %c%lu è doppia\n"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "cancellazione del keyblock fallita: %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "(Non è stata data una descrizione)\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "elenca le chiavi segrete"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "certificato danneggiato"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "certificato danneggiato"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "certificato danneggiato"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "crea un output ascii con armatura"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "non usa per niente il terminale"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "|FILE|carica il modulo di estensione FILE"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "modo batch: non fa domande"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "risponde \"sì\" a quasi tutte le domande"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "risponde \"no\" a quasi tutte le domande"
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "aggiungi questo portachiavi alla lista"
+
+#: sm/gpgsm.c:301
+#, fuzzy
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|NOME|usa NOME come chiave segreta predefinita"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|HOST|cerca le chiavi in questo keyserver"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NOME|usa l'algoritmo di cifratura NOME"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NOME|usa l'algoritmo di message digest NOME"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Uso: gpg [opzioni] [files] (-h per l'aiuto)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintassi: gpg [opzioni] [files]\n"
+"firma, controlla, cifra o decifra\n"
+"l'operazione predefinita dipende dai dati di input\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "uso: gpg [opzioni] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "impossibile connettersi a `%s': %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "destinatario predefinito `%s' sconosciuto\n"
+
+#: sm/gpgsm.c:801
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Non è stata data una descrizione)\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = salta questa chiave\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "impossibile fare il parsing dell'URI del keyserver\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, fuzzy, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "scrittura in `%s'\n"
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "impossibile chiudere `%s': %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr "Numero totale esaminato: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "genera un certificato di revoca"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "inizializzazione del trustdb fallita: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "errore creando il portachiavi `%s': %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "portachiavi `%s' creato\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "inizializzazione del trustdb fallita: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: sm/keydb.c:1408
+#, fuzzy, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "rev? problema controllando la revoca: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "errore: impronta digitale non valida\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "l'algoritmo di protezione %d%s non è gestito\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "controllo della firma creata fallito: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "Firma scaduta il %s\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "Firma valida da \""
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " alias \""
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr ""
+"\n"
+"Questa sarà una autofirma.\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "quit"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|FILE|carica il modulo di estensione FILE"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Uso: gpg [opzioni] [files] (-h per l'aiuto)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "cancellazione del keyblock fallita: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "riga troppo lunga\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "destinatario predefinito `%s' sconosciuto\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "firma fallita: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|usa il modo N per la passphrase"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "errore nella creazione della passhprase: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NOME|usa NOME come chiave segreta predefinita"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NOME|cifra per NOME"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "impossibile fare il parsing dell'URI del keyserver\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+#, fuzzy
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NOME|usa l'alg. di cifratura NOME per le passphrase"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "elemento della configurazione sconosciuto \"%s\"\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "elemento della configurazione sconosciuto \"%s\"\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "usa come file di output"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Uso: gpg [opzioni] [files] (-h per l'aiuto)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "uso: gpg [opzioni] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "chiave pubblica non trovata"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "scrittura della chiave segreta in `%s'\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Comandi:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "decifratura corretta\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "decifratura corretta\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [nomefile]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Uso: gpg [opzioni] [files] (-h per l'aiuto)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "Non è permesso usare %s con %s!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "impossibile aprire il file: %s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "impossibile creare la directory `%s': %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, fuzzy, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "impossibile aprire `%s': %s\n"
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "errore scrivendo il portachiavi `%s': %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "errore leggendo `%s': %s\n"
+
+#: tools/symcryptrun.c:488
+#, fuzzy
+msgid "no --program option provided\n"
+msgstr "l'esecuzione remota dei programmi non è gestita\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "impossibile creare %s: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "impossibile creare %s: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "aggiornamento fallito: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "cancellazione del keyblock fallita: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "aggiornamento fallito: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "aggiornamento fallito: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "aggiornamento fallito: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "impossibile creare `%s': %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "impossibile creare `%s': %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "l'algoritmo di protezione %d%s non è gestito\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Uso: gpg [opzioni] [files] (-h per l'aiuto)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Comando> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr "Il trustdb è danneggiato; eseguire \"gpg --fix-trust-db\".\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr "Per favore segnala i bug a <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr "Per favore segnala i bug a <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "La coppia DSA avrà 1024 bit.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Ripeti la passphrase\n"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "lettura delle opzioni da `%s'\n"
+
+#~ msgid "|[file]|make a signature"
+#~ msgstr "|[file]|fai una firma"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[file]|fai una firma"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[file]|fai una firma mantenendo il testo in chiaro"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|NOME|usa NOME come destinatario predefinito"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "usa la chiave predefinita come destinatario predefinito"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "forza l'uso di firme v3"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "usa sempre un MDC per cifrare"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "aggiungi questo portachiavi segreto alla lista"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|NOME|imposta NOME come set di caratteri del terminale"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|FILE|carica il modulo di estensione FILE"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|usa l'algoritmo di compressione N"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "rimuove le chiavi dal portachiavi pubblico"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "E compito tuo assegnare un valore; questo valore non sarà mai esportato "
+#~ "a\n"
+#~ "terzi. Ci serve per implementare il web-of-trust; non ha nulla a che "
+#~ "fare\n"
+#~ "con il web-of-certificates (creato implicitamente)."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Per costruire il Web-Of-Trust, GnuPG ha bisogno di sapere quali chiavi "
+#~ "sono\n"
+#~ "definitivamente affidabili - di solito quelle per cui hai accesso alla "
+#~ "chiave\n"
+#~ "segreta.\n"
+#~ "Rispondi \"sì\" per impostare questa chiave come definitivamente "
+#~ "affidabile\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr "Se vuoi usare comunque questa chiave non fidata, rispondi \"si\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr ""
+#~ "Inserisci l'user ID del destinatario a cui vuoi mandare il messaggio."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "In generale non è una buona idea usare la stessa chiave per le firme e "
+#~ "la\n"
+#~ "cifratura. Questo algoritmo dovrebbe solo essere usato in determinati "
+#~ "campi.\n"
+#~ "Per favore consulta prima il tuo esperto di sicurezza."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Inserisci le dimensioni della chiave"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Rispondi \"si\" o \"no\""
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Inserisci il valore richiesto come indicato dal prompt.\n"
+#~ "È possibile inserire una data in formato ISO (YYYY-MM-DD) ma non avrai "
+#~ "un\n"
+#~ "messaggio di errore corretto: il sistema cerca di interpretare il valore\n"
+#~ "dato come un intervallo."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Inserisci il nome del proprietario della chiave"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr "Inserisci un indirizzo di email opzionale (ma fortemente suggerito)"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Inserisci un commento opzionale"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N per cambiare il nome.\n"
+#~ "C per cambiare il commento.\n"
+#~ "E per cambiare l'indirizzo di email.\n"
+#~ "O per continuare con la generazione della chiave.\n"
+#~ "Q per abbandonare il processo di generazione della chiave."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr "Rispondi \"si\" (o \"y\") se va bene generare la subchiave."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Quando firmi l'user ID di una chiave dovresti prima verificare che "
+#~ "questa\n"
+#~ "appartiene alla persona indicata nell'user ID. È utile agli altri sapere\n"
+#~ "con quanta attenzione lo hai verificato.\n"
+#~ "\n"
+#~ "\"0\" significa che non fai particolari affermazioni sull'attenzione con "
+#~ "cui\n"
+#~ " hai ferificato la chiave.\n"
+#~ "\n"
+#~ "\"1\" significa che credi che la chiave sia posseduta dalla persona che "
+#~ "dice di\n"
+#~ " possederla, ma non hai o non hai potuto verificare per niente la "
+#~ "chiave.\n"
+#~ "\n"
+#~ "\"2\" significa che hai fatto una verifica superficiale della chiave. Per "
+#~ "esempio\n"
+#~ " potrebbe significare che hai verificato l'impronta digitale e "
+#~ "confrontato\n"
+#~ " l'user ID della chiave con un documento di identità con fotografia.\n"
+#~ "\n"
+#~ "\"3\" significa che hai fatto una verifica approfondita della chiave. Per "
+#~ "esempio\n"
+#~ " potrebbe significare che hai verificato di persona l'impronta "
+#~ "digitale con\n"
+#~ " il possessore della chiave e hai controllato, per esempio per mezzo "
+#~ "di\n"
+#~ " un documento di identità con fotografia difficile da falsificare "
+#~ "(come\n"
+#~ " un passaporto), che il nome del proprietario della chiave corrisponde "
+#~ "a\n"
+#~ " quello nell'user ID della chiave, e per finire che hai verificato\n"
+#~ " (scambiando dei messaggi) che l'indirizzo di email sulla chiave "
+#~ "appartiene\n"
+#~ " al proprietario.\n"
+#~ "\n"
+#~ "Nota che gli esempi indicati per i livelli 2 e 3 sono *solo* esempi. Alla "
+#~ "fine\n"
+#~ "sta a te decidere cosa significano \"superficiale\" e \"approfondita\" "
+#~ "quando\n"
+#~ "firmi chiavi di altri.\n"
+#~ "\n"
+#~ "Se non sai cosa rispondere, rispondi \"0\"."
+
+#, fuzzy
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "Rispondi \"si\" se vuoi firmare TUTTI gli user ID"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Rispondi \"si\" se vuoi davvero cancellare questo user ID.\n"
+#~ "Tutti i certificati saranno persi!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Rispondi \"si\" se va bene cancellare la subchiave"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Questa è una firma valida per la chiave. Normalmente non vorresti "
+#~ "cancellare\n"
+#~ "questa firma perchè può essere importante per stabilire una connessione "
+#~ "di\n"
+#~ "fiducia alla chiave o a un'altra chiave certificata da questa chiave."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Questa firma non può essere verificata perchè non hai la chiave "
+#~ "corrispondente.\n"
+#~ "Dovresti rimandare la sua cancellazione finchè non saprai quale chiave è "
+#~ "stata\n"
+#~ "usata perchè questa chiave potrebbe stabilire una connessione di fiducia\n"
+#~ "attraverso una chiave già certificata."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr "La firma non è valida. Ha senso rimuoverla dal tuo portachiavi."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Questa è una firma che collega l'user id alla chiave. Solitamente non è "
+#~ "una\n"
+#~ "buona idea rimuovere questo tipo di firma. In realtà GnuPG potrebbe non "
+#~ "essere\n"
+#~ "più in grado di usare questa chiave. Quindi fallo solo se questa "
+#~ "autofirma non\n"
+#~ "è valida per qualche ragione e ne è disponibile un'altra."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Cambia le preferenze di tutti gli user ID (o solo di quelli selezionati) "
+#~ "con\n"
+#~ "la lista di preferenze corrente. L'orario di tutte le autofirme "
+#~ "coinvolte\n"
+#~ "sarà aumentato di un secondo.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "Inserisci la passphrase, cioè una frase segreta \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr "Ripeti l'ultima passphrase per essere sicuro di cosa hai scritto."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Inserisci il nome del file a cui si riferisce la firma."
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Rispondi \"si\" se va bene sovrascrivere il file."
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Inserisci il nuovo nome del file. Se premi INVIO sarà usato il nome\n"
+#~ "predefinito (quello indicato tra parentesi)."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Dovresti specificare un motivo per questa certificazione. A seconda del\n"
+#~ "contesto hai la possibilità di scegliere tra questa lista:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Usa questo se hai un motivo per credere che una persona non "
+#~ "autorizzata\n"
+#~ " abbia avuto accesso alla tua chiave segreta.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Usa questo se hai sostituito questa chiave con una più recente.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Usa questo se hai mandato in pensione questa chiave.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Usa questo per affermare che l'user ID non dovrebbe più essere "
+#~ "usato;\n"
+#~ " solitamente è usato per indicare un indirizzo di email non valido.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Se vuoi, puoi digitare un testo che descrive perché hai emesso\n"
+#~ "questo certificato di revoca. Per favore sii conciso.\n"
+#~ "Una riga vuota termina il testo.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "impossibile inserire notation data nelle firme v3 (stile PGP 2.x)\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr ""
+#~ "impossibile inserire notation data nelle firme di chiavi v3 (stile PGP 2."
+#~ "x)\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "impossibile inserire l'URL di una policy nelle firme v3 (stile PGP 2.x)\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "impossibile inserire l'URL di una policy nelle firme di chiavi v3 (stile\n"
+#~ "PGP 2.x)\n"
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "help"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr "visitare http://www.gnupg.org/faq.html per ulteriori informazioni\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "gpg-agent non è disponibile in questa sessione\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Per favore scegli che tipo di chiave vuoi:\n"
+
+#, fuzzy
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr ""
+#~ "l'estensione crittografica \"%s\" non è stata caricata a causa dei\n"
+#~ "permessi insicuri.\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA richiede l'uso di un algoritmo di hashing con almeno 160 bit\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "problema con l'agent - uso dell'agent disattivato\n"
+
+#, fuzzy
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "impossibile chiedere la password in modo batch\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Inserisci la passphrase: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Ripeti la passphrase: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [user-id] [portachiavi]"
+
+#, fuzzy
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "impossibile generare un numero primo di meno di %d bit\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "impossibile generare un numero primo di meno di %d bit\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "non è stato trovato il modulo per raccogliere l'entropia\n"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "impossibile aprire `%s'\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "impossibile eseguire stat su `%s': %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "`%s' non è un file regolare - ignorato\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "nota: il file random_seed è vuoto\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr ""
+#~ "ATTENZIONE: le dimensioni del file random_seed non sono valide - non "
+#~ "usato\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "impossibile leggere `%s': %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "nota: il file random_seed non è stato aggiornato\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "impossibile scrivere su `%s': %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "impossibile chiudere `%s': %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr ""
+#~ "ATTENZIONE: si sta usando un generatore di numeri casuali non sicuro!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Il generatore di numeri casuali è solo un ripiego per fare\n"
+#~ "funzionare il programma - non è assolutamente un RNG forte!\n"
+#~ "\n"
+#~ "NON USARE ALCUN DATO GENERATO DA QUESTO PROGRAMMA!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Attendi, sto raccogliendo entropia. Se può evitare di annoiarti lavora un "
+#~ "po',\n"
+#~ "visto che questo migliorerà la qualità dell'entropia.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Non ci sono abbastanza byte casuali disponibili. Per favore fai qualche\n"
+#~ "altra cosa per dare all'OS la possibilità di raccogliere altra entropia!\n"
+#~ "(Servono altri %d byte)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "la chiave segreta non è disponibile"
+
+#, fuzzy
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "gpg-agent non è disponibile in questa sessione\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "Non puoi cancellare l'ultimo user ID!\n"
+
+#~ msgid "general error"
+#~ msgstr "errore generale"
+
+#~ msgid "unknown packet type"
+#~ msgstr "pacchetto di tipo sconosciuto"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "algoritmo della chiave pubblica sconosciuto"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "algoritmo del digest sconosciuto"
+
+#~ msgid "bad public key"
+#~ msgstr "chiave pubblica errata"
+
+#~ msgid "bad secret key"
+#~ msgstr "chiave segreta errata"
+
+#~ msgid "bad signature"
+#~ msgstr "firma errata"
+
+#~ msgid "checksum error"
+#~ msgstr "codice di controllo errato"
+
+#~ msgid "unknown cipher algorithm"
+#~ msgstr "algoritmo di cifratura sconosciuto"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "impossibile aprire il portachiavi"
+
+#~ msgid "invalid packet"
+#~ msgstr "pacchetto non valido"
+
+#~ msgid "invalid armor"
+#~ msgstr "armatura non valida"
+
+#~ msgid "no such user id"
+#~ msgstr "l'user id non esiste"
+
+#~ msgid "secret key not available"
+#~ msgstr "la chiave segreta non è disponibile"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "è stata usata la chiave segreta sbagliata"
+
+#~ msgid "not supported"
+#~ msgstr "non gestito"
+
+#~ msgid "bad key"
+#~ msgstr "chiave sbagliata"
+
+#~ msgid "file write error"
+#~ msgstr "errore durante la scrittura del file"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "algoritmo di compressione sconosciuto"
+
+#~ msgid "file open error"
+#~ msgstr "errore durante l'apertura del file"
+
+#~ msgid "file create error"
+#~ msgstr "errore durante la creazione del file"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "passphrase non valida"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "algoritmo della chiave pubblica non implementato"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "algoritmo di cifratura non implementato"
+
+#~ msgid "unknown signature class"
+#~ msgstr "classe della firma sconosciuta"
+
+#~ msgid "trust database error"
+#~ msgstr "errore nel database della fiducia"
+
+#~ msgid "resource limit"
+#~ msgstr "limite della risorsa"
+
+#~ msgid "invalid keyring"
+#~ msgstr "portachiavi non valido"
+
+#~ msgid "malformed user id"
+#~ msgstr "user id malformato"
+
+#~ msgid "file close error"
+#~ msgstr "errore durante la chiusura del file"
+
+#~ msgid "file rename error"
+#~ msgstr "errore durante la rinominazione del file"
+
+#~ msgid "file delete error"
+#~ msgstr "errore durante la cancellazione del file"
+
+#~ msgid "unexpected data"
+#~ msgstr "dati inattesi"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "date in conflitto"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "algoritmo della chiave pubblica non utilizzabile"
+
+#~ msgid "file exists"
+#~ msgstr "il file esiste"
+
+#~ msgid "weak key"
+#~ msgstr "chiave debole"
+
+#~ msgid "bad URI"
+#~ msgstr "URI non valida"
+
+#~ msgid "unsupported URI"
+#~ msgstr "URI non gestito"
+
+#~ msgid "network error"
+#~ msgstr "errore di rete"
+
+# ??? (Md)
+#~ msgid "not processed"
+#~ msgstr "non esaminato"
+
+#~ msgid "unusable public key"
+#~ msgstr "chiave pubblica inutilizzabile"
+
+#~ msgid "unusable secret key"
+#~ msgstr "chiave segreta inutilizzabile"
+
+#~ msgid "keyserver error"
+#~ msgstr "errore del keyserver"
+
+#, fuzzy
+#~ msgid "no card"
+#~ msgstr "non cifrato"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "non ci sono dati firmati\n"
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... questo è un bug (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "ATTENZIONE: si sta usando memoria insicura!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "l'operazione non è possibile senza memoria sicura inizializzata\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(potresti avere usato il programma sbagliato per questa funzione)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr ""
+#~ "per ulteriori informazioni si veda http://www.gnupg.org/it/why-not-idea."
+#~ "html\n"
+
+#, fuzzy
+#~ msgid "all export-clean-* options from above"
+#~ msgstr "leggi le opzioni dal file"
+
+#, fuzzy
+#~ msgid "all import-clean-* options from above"
+#~ msgstr "leggi le opzioni dal file"
+
+#, fuzzy
+#~ msgid "expired: %s)"
+#~ msgstr "[scadenza: %s]"
+
+#, fuzzy
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr "chiave %08lX: classe della firma inaspettata (0x%02x) - saltata\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "impossibile eseguire %s \"%s\": %s\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "l'user ID \"%s\" è già stato revocato\n"
+
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr "passphrase errata o algoritmo di cifratura sconosciuto (%d)\n"
+
+#~ msgid "can't set client pid for the agent\n"
+#~ msgstr "impossibile impostare il pid del client dell'agent\n"
+
+#~ msgid "can't get server read FD for the agent\n"
+#~ msgstr "impossibile ottenere il FD di lettura dell'agent\n"
+
+#~ msgid "can't get server write FD for the agent\n"
+#~ msgstr "impossibile ottenere il FD di scrittura dell'agent\n"
+
+#~ msgid "invalid response from agent\n"
+#~ msgstr "risposta non valida dall'agent\n"
+
+#~ msgid "select secondary key N"
+#~ msgstr "scegli la chiave secondaria N"
+
+#~ msgid "list signatures"
+#~ msgstr "elenca le firme"
+
+#~ msgid "sign the key"
+#~ msgstr "firma la chiave"
+
+#~ msgid "add a secondary key"
+#~ msgstr "aggiungi una chiave secondaria"
+
+#~ msgid "delete signatures"
+#~ msgstr "cancella le firme"
+
+#~ msgid "change the expire date"
+#~ msgstr "cambia la data di scadenza"
+
+#~ msgid "set preference list"
+#~ msgstr "imposta la lista di preferenze"
+
+#~ msgid "updated preferences"
+#~ msgstr "preferenze aggiornate"
+
+#~ msgid "No secondary key with index %d\n"
+#~ msgstr "Nessuna chiave secondaria con l'indice %d\n"
+
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--nrsign-key user-id"
+
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--nrlsign-key user-id"
+
+#~ msgid "sign the key non-revocably"
+#~ msgstr "firma la chiave irrevocabilmente"
+
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "firma la chiave localmente e irrevocabilmente"
+
+#~ msgid "q"
+#~ msgstr "q"
+
+#~ msgid "list"
+#~ msgstr "list"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "debug"
+#~ msgstr "debug"
+
+#, fuzzy
+#~ msgid "name"
+#~ msgstr "abilita"
+
+#, fuzzy
+#~ msgid "login"
+#~ msgstr "lsign"
+
+#, fuzzy
+#~ msgid "cafpr"
+#~ msgstr "fpr"
+
+#, fuzzy
+#~ msgid "forcesig"
+#~ msgstr "revsig"
+
+#, fuzzy
+#~ msgid "generate"
+#~ msgstr "errore generale"
+
+#~ msgid "passwd"
+#~ msgstr "passwd"
+
+#~ msgid "save"
+#~ msgstr "save"
+
+#~ msgid "fpr"
+#~ msgstr "fpr"
+
+#~ msgid "uid"
+#~ msgstr "uid"
+
+#~ msgid "key"
+#~ msgstr "key"
+
+#~ msgid "check"
+#~ msgstr "check"
+
+#~ msgid "c"
+#~ msgstr "c"
+
+#~ msgid "sign"
+#~ msgstr "sign"
+
+#~ msgid "s"
+#~ msgstr "s"
+
+#, fuzzy
+#~ msgid "tsign"
+#~ msgstr "sign"
+
+#~ msgid "lsign"
+#~ msgstr "lsign"
+
+#~ msgid "nrsign"
+#~ msgstr "nrsign"
+
+#~ msgid "nrlsign"
+#~ msgstr "nrlsign"
+
+#~ msgid "adduid"
+#~ msgstr "adduid"
+
+#~ msgid "addphoto"
+#~ msgstr "addphoto"
+
+#~ msgid "deluid"
+#~ msgstr "deluid"
+
+#~ msgid "delphoto"
+#~ msgstr "delphoto"
+
+#, fuzzy
+#~ msgid "addcardkey"
+#~ msgstr "addkey"
+
+#~ msgid "delkey"
+#~ msgstr "delkey"
+
+#~ msgid "addrevoker"
+#~ msgstr "addrevoker"
+
+#~ msgid "delsig"
+#~ msgstr "delsign"
+
+#~ msgid "expire"
+#~ msgstr "expire"
+
+#~ msgid "primary"
+#~ msgstr "primary"
+
+#~ msgid "toggle"
+#~ msgstr "toggle"
+
+#~ msgid "t"
+#~ msgstr "t"
+
+#~ msgid "pref"
+#~ msgstr "pref"
+
+#~ msgid "showpref"
+#~ msgstr "showpref"
+
+#~ msgid "setpref"
+#~ msgstr "setpref"
+
+#~ msgid "updpref"
+#~ msgstr "updpref"
+
+#, fuzzy
+#~ msgid "keyserver"
+#~ msgstr "errore del keyserver"
+
+#~ msgid "trust"
+#~ msgstr "trust"
+
+#~ msgid "revsig"
+#~ msgstr "revsig"
+
+#~ msgid "revuid"
+#~ msgstr "revuid"
+
+#~ msgid "revkey"
+#~ msgstr "revkey"
+
+#~ msgid "disable"
+#~ msgstr "disable"
+
+#~ msgid "enable"
+#~ msgstr "abilita"
+
+#~ msgid "showphoto"
+#~ msgstr "showphoto"
+
+#~ msgid "digest algorithm `%s' is read-only in this release\n"
+#~ msgstr "in questa versione l'algoritmo digest `%s' è in sola lettura\n"
+
+#~ msgid ""
+#~ "About to generate a new %s keypair.\n"
+#~ " minimum keysize is 768 bits\n"
+#~ " default keysize is 1024 bits\n"
+#~ " highest suggested keysize is 2048 bits\n"
+#~ msgstr ""
+#~ "Sto per generare una nuova coppia di chiavi %s.\n"
+#~ " la dimensione minima è 768 bit\n"
+#~ " la dimensione predefinita è 1024 bit\n"
+#~ " la dimensione massima consigliata è 2048 bit\n"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "DSA permette solo chiavi di dimensioni tra 512 e 1024\n"
+
+#~ msgid "keysize too small; 1024 is smallest value allowed for RSA.\n"
+#~ msgstr ""
+#~ "la chiave è troppo corta; 1024 è il minimo valore permesso per RSA.\n"
+
+#~ msgid "keysize too small; 768 is smallest value allowed.\n"
+#~ msgstr "la chiave è troppo corta; 768 è il minimo valore permesso.\n"
+
+#~ msgid "keysize too large; %d is largest value allowed.\n"
+#~ msgstr "la chiave è troppo lunga; %d è il massimo valore permesso.\n"
+
+#~ msgid ""
+#~ "Keysizes larger than 2048 are not suggested because\n"
+#~ "computations take REALLY long!\n"
+#~ msgstr ""
+#~ "Chiavi più lunghe di 2048 non sono consigliate perchè i calcoli sono\n"
+#~ "VERAMENTE lunghi!\n"
+
+#, fuzzy
+#~ msgid "Are you sure that you want this keysize? (y/N) "
+#~ msgstr "Sei sicuro di volere una chiave di queste dimensioni? "
+
+#~ msgid ""
+#~ "Okay, but keep in mind that your monitor and keyboard radiation is also "
+#~ "very vulnerable to attacks!\n"
+#~ msgstr ""
+#~ "Va bene, ma ricordati che anche le radiazioni emesse dal tuo monitor e "
+#~ "dalla tua tastiera sono molto vulnerabili ad attacchi!\n"
+
+#~ msgid "Experimental algorithms should not be used!\n"
+#~ msgstr "Gli algoritmi sperimentali non dovrebbero essere usati!\n"
+
+#~ msgid ""
+#~ "this cipher algorithm is deprecated; please use a more standard one!\n"
+#~ msgstr ""
+#~ "questo algoritmo di cifratura è deprecato; usane uno più standard!\n"
+
+#~ msgid "sorry, can't do this in batch mode\n"
+#~ msgstr "mi dispiace, non è possibile fare questo in modo batch\n"
+
+#, fuzzy
+#~ msgid "can't open file `%s': %s\n"
+#~ msgstr "impossibile aprire il file: %s\n"
+
+#, fuzzy
+#~ msgid " \""
+#~ msgstr " alias \""
+
+#~ msgid "key %08lX: key has been revoked!\n"
+#~ msgstr "chiave %08lX: la chiave è stata revocata!\n"
+
+#~ msgid "key %08lX: subkey has been revoked!\n"
+#~ msgstr "chiave %08lX: la subchiave è stata revocata!\n"
+
+#~ msgid "%08lX: key has expired\n"
+#~ msgstr "%08lX: la chiave è scaduta\n"
+
+#~ msgid "%08lX: We do NOT trust this key\n"
+#~ msgstr "%08lX: NON ci fidiamo di questa chiave!\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (auth only)\n"
+#~ msgstr " (%d) RSA (firma solo)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign and auth)\n"
+#~ msgstr " (%d) RSA (firma e cifra)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (encrypt and auth)\n"
+#~ msgstr " (%d) RSA (cifra solo)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign, encrypt and auth)\n"
+#~ msgstr " (%d) RSA (firma e cifra)\n"
+
+#~ msgid "%s: can't open: %s\n"
+#~ msgstr "%s: impossibile aprire: %s\n"
+
+#~ msgid "%s: WARNING: empty file\n"
+#~ msgstr "%s: ATTENZIONE: file vuoto\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust marginally\n"
+#~ msgstr " %d = Mi fido marginalmente\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust fully\n"
+#~ msgstr " %d = Mi fido completamente\n"
+
+#, fuzzy
+#~ msgid "expires"
+#~ msgstr "expire"
+
+#, fuzzy
+#~ msgid ""
+#~ "\"\n"
+#~ "locally signed with your key %s at %s\n"
+#~ msgstr ""
+#~ "\"\n"
+#~ "firmata localmente con la tua chiave %08lX il %s\n"
+#~ "\n"
+
+#~ msgid "%s: can't access: %s\n"
+#~ msgstr "%s: impossibile acedere a: %s\n"
+
+#~ msgid "%s: can't create lock\n"
+#~ msgstr "%s: impossibile creare il lock\n"
+
+#~ msgid "%s: can't make lock\n"
+#~ msgstr "%s: impossibile creare il lock\n"
+
+#~ msgid "%s: can't create: %s\n"
+#~ msgstr "%s: impossibile creare: %s\n"
+
+#~ msgid "If you want to use this revoked key anyway, answer \"yes\"."
+#~ msgstr "Se vuoi usare comunque questa chiave revocata, rispondi \"si\"."
+
+#~ msgid "Unable to open photo \"%s\": %s\n"
+#~ msgstr "Impossibile aprire la foto \"%s\": %s\n"
+
+#~ msgid "error: missing colon\n"
+#~ msgstr "errore: mancano due punti\n"
+
+#~ msgid "error: no ownertrust value\n"
+#~ msgstr "errore: non c'è il valore della fiducia\n"
+
+#~ msgid " (main key ID %08lX)"
+#~ msgstr " (key ID principale %08lX)"
+
+#~ msgid "rev! subkey has been revoked: %s\n"
+#~ msgstr "rev! la subchiave è stata revocata: %s\n"
+
+#~ msgid "rev- faked revocation found\n"
+#~ msgstr "rev- trovata una revoca falsificata\n"
+
+#, fuzzy
+#~ msgid " [expired: %s]"
+#~ msgstr "[scadenza: %s]"
+
+#~ msgid " [expires: %s]"
+#~ msgstr "[scadenza: %s]"
+
+#, fuzzy
+#~ msgid " [revoked: %s]"
+#~ msgstr "[revocata]"
+
+#~ msgid ""
+#~ "WARNING: digest `%s' is not part of OpenPGP. Use at your own risk!\n"
+#~ msgstr ""
+#~ "ATTENZIONE: il digest `%s' non fa parte di OpenPGP.\n"
+#~ "Da usare a proprio rischio!\n"
+
+#~ msgid "|[files]|encrypt files"
+#~ msgstr "|[file]|cifra i file"
+
+#~ msgid "store only"
+#~ msgstr "immagazzina soltanto"
+
+#~ msgid "|[files]|decrypt files"
+#~ msgstr "|[file]|decifra i file"
+
+#~ msgid "sign a key non-revocably"
+#~ msgstr "firma una chiave irrevocabilmente"
+
+#~ msgid "sign a key locally and non-revocably"
+#~ msgstr "firma una chiave localmente e irrevocabilmente"
+
+#~ msgid "list only the sequence of packets"
+#~ msgstr "elenca solo la sequenza dei pacchetti"
+
+#~ msgid "export the ownertrust values"
+#~ msgstr "esporta i valori di fiducia"
+
+#~ msgid "unattended trust database update"
+#~ msgstr "aggiornamento non presidiato del database della fiducia"
+
+#~ msgid "fix a corrupted trust database"
+#~ msgstr "ripara un database della fiducia rovinato"
+
+#~ msgid "De-Armor a file or stdin"
+#~ msgstr "rimuovi l'armatura a un file o a stdin"
+
+#~ msgid "En-Armor a file or stdin"
+#~ msgstr "crea l'armatura a un file o a stdin"
+
+#~ msgid "do not force v3 signatures"
+#~ msgstr "non forza l'uso di firme v3"
+
+#~ msgid "force v4 key signatures"
+#~ msgstr "forza l'uso di firme v4"
+
+#~ msgid "do not force v4 key signatures"
+#~ msgstr "non forza l'uso di firme v4"
+
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "non usa mai un MDC per cifrare"
+
+#~ msgid "use the gpg-agent"
+#~ msgstr "usa gpg-agent"
+
+#~ msgid "|[file]|write status info to file"
+#~ msgstr "|[file]|scrivi le informazioni di stato nel file"
+
+#~ msgid "|KEYID|ultimately trust this key"
+#~ msgstr "|KEYID|assegna fiducia definitiva a questa chiave"
+
+#~ msgid "emulate the mode described in RFC1991"
+#~ msgstr "emula il modo descritto in RFC 1991"
+
+#~ msgid "set all packet, cipher and digest options to OpenPGP behavior"
+#~ msgstr ""
+#~ "imposta tutte le opzioni di pacchetto,\n"
+#~ "cifrario e digest per OpenPGP"
+
+#~ msgid "set all packet, cipher and digest options to PGP 2.x behavior"
+#~ msgstr ""
+#~ "imposta tutte le opzioni di pacchetto, cifrario e digest per PGP 2.x"
+
+#~ msgid "|NAME|use message digest algorithm NAME for passphrases"
+#~ msgstr "|NOME|usa l'algoritmo di message digest NOME per le passphrase"
+
+#~ msgid "throw keyid field of encrypted packets"
+#~ msgstr "elimina il campo keyid dei pacchetti cifrati"
+
+#~ msgid "Show Photo IDs"
+#~ msgstr "Mostra le fotografie"
+
+#~ msgid "Don't show Photo IDs"
+#~ msgstr "Non mostra le fotografie"
+
+#~ msgid "Set command line to view Photo IDs"
+#~ msgstr "Imposta la riga di comando per vedere le fotografie"
+
+#~ msgid "compress algorithm `%s' is read-only in this release\n"
+#~ msgstr ""
+#~ "in questa versione l'algoritmo di compressione `%s' è in sola lettura\n"
+
+#~ msgid "compress algorithm must be in range %d..%d\n"
+#~ msgstr "l'algoritmo di compressione deve essere tra %d e %d\n"
+
+#~ msgid ""
+#~ "%08lX: It is not sure that this key really belongs to the owner\n"
+#~ "but it is accepted anyway\n"
+#~ msgstr ""
+#~ "%08lX: Non è sicuro che questa chiave appartenga veramente al "
+#~ "proprietario\n"
+#~ "ma è accettata comunque\n"
+
+#~ msgid "preference %c%lu is not valid\n"
+#~ msgstr "la preferenza %c%lu non è valida\n"
+
+#~ msgid "key %08lX: not a rfc2440 key - skipped\n"
+#~ msgstr "chiave %08lX: chiave non rfc2440 - saltata\n"
+
+#~ msgid ""
+#~ "NOTE: Elgamal primary key detected - this may take some time to import\n"
+#~ msgstr ""
+#~ "NOTA: trovata una chiave primaria Elgamal - importarla può essere lungo\n"
+
+#~ msgid " (default)"
+#~ msgstr " (predefinito)"
+
+#~ msgid "%s%c %4u%c/%08lX created: %s expires: %s"
+#~ msgstr "%s%c %4u%c/%08lX creata: %s scade: %s"
+
+#~ msgid "Policy: "
+#~ msgstr "Policy: "
+
+#~ msgid "can't get key from keyserver: %s\n"
+#~ msgstr "impossibile scaricare la chiave dal keyserver: %s\n"
+
+#~ msgid "success sending to `%s' (status=%u)\n"
+#~ msgstr "inviata con successo a `%s' (status=%u)\n"
+
+#~ msgid "failed sending to `%s': status=%u\n"
+#~ msgstr "invio a `%s' fallito: status=%u\n"
+
+#~ msgid "this keyserver does not support --search-keys\n"
+#~ msgstr "questo keyserver non gestisce --search-keys\n"
+
+#~ msgid "can't search keyserver: %s\n"
+#~ msgstr "impossibile cercare sul keyserver: %s\n"
+
+#~ msgid ""
+#~ "key %08lX: this is a PGP generated ElGamal key which is NOT secure for "
+#~ "signatures!\n"
+#~ msgstr ""
+#~ "chiave %08lX: questa è una chiave ElGamal generata da PGP che NON è "
+#~ "sicura per le firme!\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu second in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "la chiave %08lX è stata creata %lu secondo nel futuro (salto nel tempo\n"
+#~ "o problema con l'orologio)\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu seconds in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "la chiave %08lX è stata creata %lu secondi nel futuro (salto nel tempo\n"
+#~ "o problema con l'orologio)\n"
+
+#~ msgid "key %08lX marked as ultimately trusted\n"
+#~ msgstr "chiavi %08lX marcate come definitivamente affidabile\n"
+
+#~ msgid "signature from Elgamal signing key %08lX to %08lX skipped\n"
+#~ msgstr "ignorata la firma dalla chiave per firme Elgamal %08lX a %08lX\n"
+
+#~ msgid "signature from %08lX to Elgamal signing key %08lX skipped\n"
+#~ msgstr "ignorata la firma da %08lX alla chiave per firme Elgamal %08lX\n"
+
+#~ msgid "checking at depth %d signed=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+#~ msgstr ""
+#~ "controllo al livello %d firmato=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the digital signature algorithm which can only be used\n"
+#~ "for signatures. This is the suggested algorithm because verification of\n"
+#~ "DSA signatures are much faster than those of ElGamal.\n"
+#~ "\n"
+#~ "ElGamal is an algorithm which can be used for signatures and encryption.\n"
+#~ "OpenPGP distinguishs between two flavors of this algorithms: an encrypt "
+#~ "only\n"
+#~ "and a sign+encrypt; actually it is the same, but some parameters must be\n"
+#~ "selected in a special way to create a safe key for signatures: this "
+#~ "program\n"
+#~ "does this but other OpenPGP implementations are not required to "
+#~ "understand\n"
+#~ "the signature+encryption flavor.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of "
+#~ "signing;\n"
+#~ "this is the reason why the encryption only ElGamal key is not available "
+#~ "in\n"
+#~ "this menu."
+#~ msgstr ""
+#~ "Seleziona l'algoritmo da usare.\n"
+#~ "\n"
+#~ "DSA (alias DSS) è un algoritmo usabile solo per firmare. E l'algoritmo\n"
+#~ "suggerito perché verificare firme DSA è molto più veloce di quelle "
+#~ "ElGamal.\n"
+#~ "\n"
+#~ "ElGamal è un algoritmo usabile per firmare e cifrare.\n"
+#~ "OpenPGP distingue tra due versioni di questo algoritmo: una solo per "
+#~ "firmare\n"
+#~ "e una per firmare e cifrare. In realtà è sempre lo stesso, ma per creare\n"
+#~ "firme sicure per la cifratura occorre scegliere in un modo particolare "
+#~ "alcuni\n"
+#~ "parametri: questo programma lo fa ma non è richiesto che altre "
+#~ "implementazioni\n"
+#~ "di OpenPGP capiscano la versione per firmare e cifrare.\n"
+#~ "\n"
+#~ "La prima chiave (primaria) deve sempre essere una chiave in grado di "
+#~ "firmare;\n"
+#~ "questo è il motivo per cui le chiavi ElGamal solo per cifrare non sono\n"
+#~ "disponibili in questo menù."
+
+#~ msgid ""
+#~ "Although these keys are defined in RFC2440 they are not suggested\n"
+#~ "because they are not supported by all programs and signatures created\n"
+#~ "with them are quite large and very slow to verify."
+#~ msgstr ""
+#~ "Anche se queste chiavi sono definite da RFC2400 non sono suggerite perché "
+#~ "non\n"
+#~ "sono gestite da tutti i programmi e le firme create sono grandi e lunghe "
+#~ "da\n"
+#~ "verificare."
+
+#~ msgid "%lu keys so far checked (%lu signatures)\n"
+#~ msgstr "Per ora sono state controllate %lu chiavi (%lu firme)\n"
+
+#~ msgid "key incomplete\n"
+#~ msgstr "chiave incompleta\n"
+
+#~ msgid "key %08lX incomplete\n"
+#~ msgstr "chiave %08lX incompleta\n"
diff --git a/po/ja.gmo b/po/ja.gmo
new file mode 100644
index 0000000..4fa8aff
--- /dev/null
+++ b/po/ja.gmo
Binary files differ
diff --git a/po/ja.po b/po/ja.po
new file mode 100644
index 0000000..f806035
--- /dev/null
+++ b/po/ja.po
@@ -0,0 +1,9453 @@
+# Japanese messages for GnuPG
+# Copyright (C) 1999, 2000, 2002, 2003, 2004 Free Software Foundation, Inc.
+# IIDA Yosiaki <iida@gnu.org>, 1999, 2000, 2002, 2003, 2004.
+# Yoshihiro Kajiki <kajiki@ylug.org>, 1999.
+# This file is distributed under the same license as the GnuPG package.
+# Special thanks to "Takashi P.KATOH".
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.3.92\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2004-11-23 11:14+0900\n"
+"Last-Translator: IIDA Yosiaki <iida@gnu.org>\n"
+"Language-Team: Japanese <translation-team-ja@lists.sourceforge.net>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=EUC-JP\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "»ØÌæ¤ÎÊݴɤ˼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+#, fuzzy
+msgid "Quality:"
+msgstr "Í­¸úÀ­: %s"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤ÏÈëÌ©¤Îʸ¾Ï¤Î¤³¤È¤Ç¤¹ \n"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "¹Ô¤¬Ä¹¤¹¤®¤Þ¤¹"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤¬Ä¹¤¹¤®¤Þ¤¹\n"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "̾Á°¤Ë̵¸ú¤Êʸ»ú¤¬¤¢¤ê¤Þ¤¹\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "ÉÔÀµ¤ÊMPI¤Ç¤¹"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤¬ÉÔÀµ¤Ç¤¹"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤¬ÉÔÀµ¤Ç¤¹"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "ÊݸîÍ×Ìó%d¤Ï¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "¡Ö%s¡×¤¬ºîÀ®¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "¡Ö%s¡×¤¬³«¤±¤Þ¤»¤ó: %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "ÄÌÈ֤μèÆÀ¥¨¥é¡¼: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "¸½¹Ô¸°¾ðÊó¤Î¼èÆÀ¥¨¥é¡¼: %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "½ñ¹þ¤ß²Äǽ¤ÊÈëÌ©¸°Îؤ¬¸«¤Ä¤«¤ê¤Þ¤»¤ó: %s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "¸°¤ÎÆɽФ·¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "¸°ÎØ¡Ö%s¡×¤Î½ñ¹þ¤ß¥¨¥é¡¼: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤ÏÈëÌ©¤Îʸ¾Ï¤Î¤³¤È¤Ç¤¹ \n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÊѹ¹"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤ÏÈëÌ©¤Îʸ¾Ï¤Î¤³¤È¤Ç¤¹ \n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: ¥Ï¥Ã¥·¥åɽ¤ÎºîÀ®¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+#, fuzzy
+msgid "Please insert the card with serial number"
+msgstr ""
+"º£¤Î¥«¡¼¥É¤òÈ´¤­¡¢¼¡¤ÎÄÌÈ֤Τ½¤ì¤òÆþ¤ì¤Æ¤¯¤À¤µ¤¤:\n"
+" %.*s\n"
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+#, fuzzy
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+"º£¤Î¥«¡¼¥É¤òÈ´¤­¡¢¼¡¤ÎÄÌÈ֤Τ½¤ì¤òÆþ¤ì¤Æ¤¯¤À¤µ¤¤:\n"
+" %.*s\n"
+
+#: agent/divert-scd.c:200
+#, fuzzy
+msgid "Admin PIN"
+msgstr "|A|Admin PIN"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "PIN¤òºÆÆþÎÏ: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "PIN¤òºÆÆþÎÏ: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "PIN¤òºÆÆþÎÏ: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "PIN¤ò¤Á¤ã¤ó¤È·«¤êÊÖ¤·¤Æ¤¤¤Þ¤»¤ó¡£ºÆÆþÎϤ·¤Æ¤¯¤À¤µ¤¤"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "PIN¤ò¤Á¤ã¤ó¤È·«¤êÊÖ¤·¤Æ¤¤¤Þ¤»¤ó¡£ºÆÆþÎϤ·¤Æ¤¯¤À¤µ¤¤"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "PIN¤ò¤Á¤ã¤ó¤È·«¤êÊÖ¤·¤Æ¤¤¤Þ¤»¤ó¡£ºÆÆþÎϤ·¤Æ¤¯¤À¤µ¤¤"
+
+#: agent/divert-scd.c:310
+#, fuzzy, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "PIN [½ð̾ºÑ: %lu]"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "%s: ¥Ç¥£¥ì¥¯¥È¥ê¡¼¡¦¥ì¥³¡¼¥É¤Î½ñ¹þ¤ß¥¨¥é¡¼: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎÏ\n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "¤½¤ì¤Ç¤â¤³¤Î¸°¤ò»È¤¤¤Þ¤¹¤«? (y/N) "
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"ÈëÌ©¸°¤òÊݸ¤ë¤¿¤á¤Ë¥Ñ¥¹¥Õ¥ì¡¼¥º¤¬¤¤¤ê¤Þ¤¹¡£\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÊѹ¹"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"¥ª¥×¥·¥ç¥ó:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "¾éĹ"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "¤ä¤äÀŤ«"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "¡Ö%s¡×¤«¤é¥ª¥×¥·¥ç¥ó¤òÆɤ߽Ф·¤Þ¤¹\n"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "¸°¥µ¡¼¥Ð¡¼¤Î¸°¤ò¸¡º÷¤¹¤ë"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr "ÁªÂò¤·¤¿¥æ¡¼¥¶¡¼ID¤ÎÁª¹¥¤òËÜÅö¤Ë¹¹¿·¤·¤Þ¤¹¤«? (y/N) "
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤ò¹¹¿·"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "¥Ð¥°¤ò¸«¤Ä¤±¤¿¤é <@EMAIL@> ¤Þ¤Ç¤´Êó¹ð¤¯¤À¤µ¤¤¡£\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "»È¤¤Êý: gpg [¥ª¥×¥·¥ç¥ó] [¥Õ¥¡¥¤¥ë] (¥Ø¥ë¥×¤Ï -h)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "Ãí°Õ: ´ûÄê¤Î¥ª¥×¥·¥ç¥ó¡¦¥Õ¥¡¥¤¥ë¡Ö%s¡×¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "¥ª¥×¥·¥ç¥ó¡¦¥Õ¥¡¥¤¥ë¡Ö%s¡×: %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "¡Ö%s¡×¤«¤é¥ª¥×¥·¥ç¥ó¤òÆɤ߽Ф·¤Þ¤¹\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "¡Ö%s¡×¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "¥Ç¥£¥ì¥¯¥È¥ê¡¼¡Ö%s¡×¤¬ºîÀ®¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "¡Ö%s¡×¤¬ºîÀ®¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1525
+#, fuzzy
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "¤³¤Î¥»¥Ã¥·¥ç¥ó¤Çgpg-agent¤Ï̵¸ú¤Ç¤¹\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "¿·¤·¤¤PIN¤Î¼èÆÀ¥¨¥é¡¼: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "¡Ö%s¡×¤Ç¿®Íѥ쥳¡¼¥É¤Î¸¡º÷¥¨¥é¡¼: %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "¹¹¿·¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "¡Ö%s¡×¤ØÈëÌ©¸°¤ò½ñ¤­¹þ¤ß¤Þ¤¹\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "¥Ç¥£¥ì¥¯¥È¥ê¡¼¡Ö%s¡×¤¬¤Ç¤­¤Þ¤·¤¿\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "fstat(%d)¤¬%s¤Ç¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "¥Ç¥£¥ì¥¯¥È¥ê¡¼¡Ö%s¡×¤¬ºîÀ®¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "¡Ö%s¡×¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "ÈëÌ©¤Î¹¹¿·¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "%s: ¥¹¥­¥Ã¥×: %s\n"
+
+#: agent/gpg-agent.c:2232
+#, fuzzy
+msgid "no gpg-agent running in this session\n"
+msgstr "¤³¤Î¥»¥Ã¥·¥ç¥ó¤Çgpg-agent¤Ï̵¸ú¤Ç¤¹\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "GPG_AGENT_INFO´Ä¶­ÊÑ¿ô¤Î½ñ¼°¤¬Àµ¤·¤¯¤¢¤ê¤Þ¤»¤ó\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "gpg-agent¥×¥í¥È¥³¥ë¡¦¥Ð¡¼¥¸¥ç¥ó%d¤Ï¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "»È¤¤Êý: gpg [¥ª¥×¥·¥ç¥ó] [¥Õ¥¡¥¤¥ë] (¥Ø¥ë¥×¤Ï -h)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@¥³¥Þ¥ó¥É:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"¥ª¥×¥·¥ç¥ó:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "»È¤¤Êý: gpg [¥ª¥×¥·¥ç¥ó] [¥Õ¥¡¥¤¥ë] (¥Ø¥ë¥×¤Ï -h)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤ÏÈëÌ©¤Îʸ¾Ï¤Î¤³¤È¤Ç¤¹ \n"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤ÏÈëÌ©¤Îʸ¾Ï¤Î¤³¤È¤Ç¤¹ \n"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤ÏÈëÌ©¤Îʸ¾Ï¤Î¤³¤È¤Ç¤¹ \n"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤¬ÉÔÀµ¤Ç¤¹"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "¥­¥ã¥ó¥»¥ë"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "¡Ö%s¡×¤Ç¥¨¥é¡¼: %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "¥ª¥×¥·¥ç¥ó¡¦¥Õ¥¡¥¤¥ë¡Ö%s¡×: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "ÈëÌ©Éôʬ¤¬ÆÀ¤é¤ì¤Þ¤»¤ó\n"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "¡Ö%s¡×¤ÇÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "¡Ö%s¡×¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "yes"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÊѹ¹"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "½ð̾¤µ¤ì¤¿¥Ç¡¼¥¿¡Ö%s¡×¤¬³«¤±¤Þ¤»¤ó\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "¡Ö%s¡×¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "¸½¹Ô¸°¾ðÊó¤Î¼èÆÀ¥¨¥é¡¼: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "¡Ö%s¡×¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "¡Ö%s¡×¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "¡Ö%s¡×¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "[¥æ¡¼¥¶¡¼ID¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó]"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "¤³¤Î¥»¥Ã¥·¥ç¥ó¤Çgpg-agent¤Ï̵¸ú¤Ç¤¹\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "¡Ö%s¡×¤ØÀܳ¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "gpg-agent¤È¤ÎÄÌ¿®¾ã³²\n"
+
+#: common/simple-pwquery.c:416
+#, fuzzy
+msgid "problem setting the gpg-agent options\n"
+msgstr "¥¨¡¼¥¸¥§¥ó¥È¤Ë¾ã³²: ¥¨¡¼¥¸¥§¥ó¥È¤¬0x%lx¤òÊÖµÑ\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "¥æ¡¼¥¶¡¼¤Ë¤è¤ë¼è¾Ã¤·\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+#, fuzzy
+msgid "problem with the agent\n"
+msgstr "¥¨¡¼¥¸¥§¥ó¥È¤Ë¾ã³²: ¥¨¡¼¥¸¥§¥ó¥È¤¬0x%lx¤òÊÖµÑ\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "¥³¥¢¡¦¥À¥ó¥×¤ò»ÈÍѶػߤˤǤ­¤Þ¤»¤ó: %s\n"
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "·Ù¹ð: ³ÈÄ¥¡Ö%s¡×¤Î°ÂÁ´¤Ç¤Ê¤¤½êÍ­¼Ô\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "·Ù¹ð: ³ÈÄ¥¡Ö%s¡×¤Î°ÂÁ´¤Ç¤Ê¤¤µö²Ä\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "yes"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "yY"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "no"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "quit"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "qQ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr "okay|okay"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr "cancel|cancel"
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr "oO"
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr "cC"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "Á´Í­¸ú¥Ç¡¼¥¿¤òɽ¼¨"
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: ¸°Îؤ¬¤Ç¤­¤Þ¤·¤¿\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "Í­¸úÀ­: %s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë¥¢¥ë¥´¥ê¥º¥à:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "°Å¹æ²½¤µ¤ì¤Æ¤¤¤Þ¤»¤ó"
+
+#: common/audit.c:784 common/audit.c:933
+#, fuzzy
+msgid "Number of recipients"
+msgstr "º£¤Î¼õ¼è¿Í:\n"
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "̵¸ú¤Ê¥Ï¥Ã¥·¥å¡¦¥¢¥ë¥´¥ê¥º¥à¡Ö%s¡×¤Ç¤¹\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "%s¤Ë»Ü¤µ¤ì¤¿½ð̾\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "̵¸ú¤Ê¥Ï¥Ã¥·¥å¡¦¥¢¥ë¥´¥ê¥º¥à¡Ö%s¡×¤Ç¤¹\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "Êݸ¥ë¥´¥ê¥º¥à%d%s¤Ï¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "½ð̾¤Î¸¡¾Ú¤ò¾Êά\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "%s¤Ë»Ü¤µ¤ì¤¿½ð̾\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "¡È%s¡É¤«¤é¤ÎÀµ¤·¤¤½ð̾"
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "̵¸ú¤Ê¥Ï¥Ã¥·¥å¡¦¥¢¥ë¥´¥ê¥º¥à¡Ö%s¡×¤Ç¤¹\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "%s¤Ë»Ü¤µ¤ì¤¿½ð̾\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "¤³¤Î¸°¤ÏËþλ¤Ç¤¹!"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "°Ê²¼¤Ë¸°¤¬¤¢¤ê¤Þ¤¹: "
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "̤ÃΤΥС¼¥¸¥ç¥ó¤Ç¤¹"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "¡Ö%s¡×¤Î¥Ø¥ë¥×¤Ï¤¢¤ê¤Þ¤»¤ó"
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "¸åÈø¤Î¹Ô¤Ë¥¨¥é¡¼¤¬¤¢¤ê¤Þ¤¹\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "[̤ÀßÄê]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "ÊñÁõ: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "̵¸ú¤ÊÊñÁõ¥Ø¥Ã¥À¡¼: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "ÊñÁõ¥Ø¥Ã¥À¡¼: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "̵¸ú¤Ê¥¯¥ê¥¢½ð̾¥Ø¥Ã¥À¡¼\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "ÊñÁõ¥Ø¥Ã¥À¡¼: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "Æþ¤ì»Ò¤Î¥¯¥ê¥¢½ð̾\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "ͽ´ü¤»¤ÌÊñÁõ: "
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "̵¸ú¤Ê¥À¥Ã¥·¥å¤Ç¥¨¥¹¥±¡¼¥×¤µ¤ì¤¿¹Ô: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "̵¸ú¤Ê64¿Êʸ»ú%02X¤ò¤È¤Ð¤·¤Þ¤·¤¿\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "¥Õ¥¡¥¤¥ëËöÈø¤¬Á᤹¤®¤Þ¤¹ (CRC¤¬¤¢¤ê¤Þ¤»¤ó)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "¥Õ¥¡¥¤¥ëËöÈø¤¬Á᤹¤®¤Þ¤¹ (CRC¤ÎÅÓÃæ)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "CRC¤Î½ñ¼°¤¬Àµ¤·¤¯¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "CRC¥¨¥é¡¼¡£%06lX - %06lX\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "¥Õ¥¡¥¤¥ëËöÈø¤¬Á᤹¤®¤Þ¤¹ (¸åÈøÉô¤ÎÃæ¤Ë¤¢¤ê¤Þ¤¹)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "¸åÈø¤Î¹Ô¤Ë¥¨¥é¡¼¤¬¤¢¤ê¤Þ¤¹\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "Í­¸ú¤ÊOpenPGP¥Ç¡¼¥¿¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó¡£\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "̵¸ú¤ÊÊñÁõ: ¹Ô¤ÎŤµ¤¬%dʸ»ú¤òĶ¤¨¤Æ¤¤¤Þ¤¹\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"ÊñÁõ¤ÎÃæ¤Ëquoted printableʸ»ú¤¬¤¢¤ê¤Þ¤¹¡£¤ª¤½¤é¤¯¥Ð¥°¤Î¤¢¤ë\n"
+"MTA¤ò»È¤Ã¤¿¤Î¤Ç¤·¤ç¤¦\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"Ãí¼á̾¤Ë¤Ï°õ»ú²Äǽ¤Êʸ»ú¤«¶õÇò¤Î¤ß¤ò»È¤¤¡¢'='¤Ç½ª¤ï¤é¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "¥æ¡¼¥¶¡¼Ãí¼á̾¤Ï¡¢'@'ʸ»ú¤ò´Þ¤Þ¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó\n"
+
+#: g10/build-packet.c:994
+#, fuzzy
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "¥æ¡¼¥¶¡¼Ãí¼á̾¤Ï¡¢'@'ʸ»ú¤ò´Þ¤Þ¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "Ãí¼á̾¤ÎÃͤËÀ©¸æʸ»ú¤ò»È¤Ã¤Æ¤Ï¤¤¤±¤Þ¤»¤ó\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "·Ù¹ð: ̵¸ú¤ÊÃí¼á¥Ç¡¼¥¿¤òȯ¸«\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "¿Í¤Ë¤ÏÆɤá¤Þ¤»¤ó"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "OpenPGP¥«¡¼¥É¤¬Ìµ¸ú¤Ç¤¹: %s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "OpenPGP¥«¡¼¥Éno. %s¤ò¸¡½Ð\n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "¤½¤ì¤Ï¥Ð¥Ã¥Á¡¦¥â¡¼¥É¤Ç¤Ï¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "%s¥â¡¼¥É¤Ç¤³¤Î¥³¥Þ¥ó¥É¤Ï¶Ø»ß¤Ç¤¹¡£\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "ÈëÌ©Éôʬ¤¬ÆÀ¤é¤ì¤Þ¤»¤ó\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "ÁªÂò¤Ï? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[̤ÀßÄê]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "ÃË"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "½÷"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "̵»ØÄê"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "̤½èÍý"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "¶¯À©"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "¥¨¥é¡¼¡§ ¤Î¤Ù¤¿¤ó¤ÎASCII¤À¤±¤¬º£¡¢µö²Ä¤µ¤ì¤Æ¤¤¤Þ¤¹¡£\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "¥¨¥é¡¼: ¡È<¡Éʸ»ú¤Ï»È¤¨¤Þ¤»¤ó¡£\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "¥¨¥é¡¼: Æó½Å¤Î¶õÇò¤Ï¶Ø»ß¤Ç¤¹¡£\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "¥«¡¼¥É½êÍ­¼Ô¤ÎÀ« (surname): "
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "¥«¡¼¥É½êÍ­¼Ô¤Î̾ (given name): "
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "¥¨¥é¡¼: ¤Ä¤Ê¤¤¤À̾Á°¤¬Ä¹¤¹¤®¤Þ¤¹ (¾å¸Â%dʸ»ú)¡£\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "¸ø³«¸°¤òõº÷¤¹¤ëURL: "
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "¥¨¥é¡¼: URL¤¬Ä¹¤¹¤®¤Þ¤¹ (¾å¸Â%dʸ»ú)¡£\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "¸°ÎØ¡Ö%s¡×¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "¡Ö%s¡×¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "¸°ÎØ¡Ö%s¡×¤Î½ñ¹þ¤ß¥¨¥é¡¼: %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "¥í¥°¥¤¥ó¡¦¥Ç¡¼¥¿ (¥¢¥«¥¦¥ó¥È̾): "
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "¥¨¥é¡¼: ¥í¥°¥¤¥ó¡¦¥Ç¡¼¥¿¤¬Ä¹¤¹¤®¤Þ¤¹ (¾å¸Â%dʸ»ú)¡£\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, fuzzy, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "¥¨¥é¡¼: URL¤¬Ä¹¤¹¤®¤Þ¤¹ (¾å¸Â%dʸ»ú)¡£\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "¸À¸ì¤ÎÁª¹¥: "
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "¥¨¥é¡¼: Áª¹¥Ê¸»úÎó¤ÎŤµ¤¬Ìµ¸ú¤Ç¤¹¡£\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "¥¨¥é¡¼: Áª¹¥Ê¸»úÎó¤Ë̵¸ú¤Êʸ»ú¤¬¤¢¤ê¤Þ¤¹¡£\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "À­ÊÌ ((M)ÃË¡¢(F)½÷¡¢¶õÇò): "
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "¥¨¥é¡¼: ̵¸ú¤Ê±þÅú¡£\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "CA¤Î»ØÌæ: "
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "¥¨¥é¡¼: ̵¸ú¤Ê·Á¼°¤Î»ØÌæ¡£\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "¸°¤ÏÁàºî¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "OpenPGP¥«¡¼¥É¤Ç¤¢¤ê¤Þ¤»¤ó"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "¸½¹Ô¸°¾ðÊó¤Î¼èÆÀ¥¨¥é¡¼: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "´û¸¤Î¸°¤ò¸ò´¹¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "¤É¤Î¸°Ä¹¤Ë¤·¤Þ¤¹¤«? (1024) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "¤É¤Î¸°Ä¹¤Ë¤·¤Þ¤¹¤«? (1024) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "¤É¤Î¸°Ä¹¤Ë¤·¤Þ¤¹¤«? (1024) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "%u¥Ó¥Ã¥È¤Ë´Ý¤á¤Þ¤¹\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "¡Ö%s¡×¤Ç¿®Íѥ쥳¡¼¥É¤Î¸¡º÷¥¨¥é¡¼: %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "°Å¹æ¸°¤ò¥«¡¼¥É³°¤Ë¥Ð¥Ã¥¯¥¢¥Ã¥×¤·¤Þ¤¹¤«? (Y/n) "
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "ÈëÌ©¸°¤Ï¤â¤¦¥«¡¼¥É¤ËÊݴɤ·¤Æ¤¢¤ê¤Þ¤¹\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "´û¸¤Î¸°·²¤ò¸ò´¹¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"½Ð²Ù»þ¤ÎPINÀßÄê¤Ï\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"¼¡¤Î¥³¥Þ¥ó¥É¤ò»È¤Ã¤ÆÊѹ¹¤¹¤Ù¤­¤Ç¤¹ --change-pin\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "À¸À®¤¹¤ë¸°¤Î·¿¤òÁªÂò¤·¤Æ¤¯¤À¤µ¤¤:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) ½ð̾¸°\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) °Å¹æ²½¸°\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) ǧ¾Ú¸°\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "̵¸ú¤ÊÁªÂò¤Ç¤¹¡£\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "¸°¤ÎÊݴɾì½ê¤òÁªÂò¤·¤Æ¤¯¤À¤µ¤¤:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "̤ÃΤθ°Êݸ¥ë¥´¥ê¥º¥à¤Ç¤¹\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "¸°¤ÎÈëÌ©Éôʬ¤¬Ìµ¸ú¤Ç¤¹\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "ÈëÌ©¸°¤Ï¤â¤¦¥«¡¼¥É¤ËÊݴɤ·¤Æ¤¢¤ê¤Þ¤¹\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "¸°ÎØ¡Ö%s¡×¤Î½ñ¹þ¤ß¥¨¥é¡¼: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "¤³¤Î¥á¥Ë¥å¡¼¤ò½ªÎ»"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "´ÉÍý¥³¥Þ¥ó¥É¤òɽ¼¨"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "¤³¤Î¥Ø¥ë¥×¤òɽ¼¨"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "Á´Í­¸ú¥Ç¡¼¥¿¤òɽ¼¨"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "¥«¡¼¥É½êÍ­¼Ô¤Î̾Á°¤ÎÊѹ¹"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "¸°¤òõº÷¤¹¤ëURL¤ÎÊѹ¹"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "¥«¡¼¥ÉURL¤Ç»ØÄꤵ¤ì¤¿¸°¤Î°ú¤­½Ð¤·"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "¥í¥°¥¤¥ó̾¤ÎÊѹ¹"
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "¸À¸ìÁª¹¥¤ÎÊѹ¹"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "¥«¡¼¥É½êÍ­¼Ô¤ÎÀ­Ê̤ÎÊѹ¹"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "CA»ØÌæ¤ÎÊѹ¹"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr "½ð̾¶¯À©PIN¥Õ¥é¥°¤òȿž"
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "¿·¤·¤¤¸°·²¤òÀ¸À®"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "PIN¥Ö¥í¥Ã¥¯¤Î²ò½ü¤äÊѹ¹¤Î¥á¥Ë¥å¡¼"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "´ÉÍýÀìÍÑ¥³¥Þ¥ó¥É\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "´ÉÍý¥³¥Þ¥ó¥É¤¬µö²Ä¤µ¤ì¤Æ¤¤¤Þ¤¹\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "´ÉÍý¥³¥Þ¥ó¥É¤Ï¶Ø»ß¤µ¤ì¤Æ¤¤¤Þ¤¹\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "̵¸ú¤Ê¥³¥Þ¥ó¥É (¡Èhelp¡É¤ò»²¾È)\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "¤³¤Î¥³¥Þ¥ó¥É¤Ç--output¤Ïµ¡Ç½¤·¤Þ¤»¤ó\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "¡Ö%s¡×¤¬³«¤±¤Þ¤»¤ó\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "¸°¡È%s¡É¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "¸°¥Ö¥í¥Ã¥¯¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(¤¢¤ë¤¤¤Ï¡¢»ØÌæ¤Ç¸°¤ò»ØÄê)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "¡È--yes¡É¤Î¤Ê¤¤¥Ð¥Ã¥Á¡¦¥â¡¼¥É¤Ç¤Ï¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "¤³¤Î¸°¤ò¸°Îؤ«¤éºï½ü¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "¤³¤ì¤ÏÈëÌ©¸°¤Ç¤¹! ËÜÅö¤Ëºï½ü¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "¸°¥Ö¥í¥Ã¥¯¤Îºï½ü¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "½êÍ­¼Ô¿®ÍѾðÊó¤ò¥¯¥ê¥¢¤·¤Þ¤·¤¿\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "¤³¤Î¸ø³«¸°¤Ë¤¿¤¤¤¹¤ëÈëÌ©¸°¡È%s¡É¤¬¤¢¤ê¤Þ¤¹!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "¤Þ¤º¡È--delete-secret-keys¡É¥ª¥×¥·¥ç¥ó¤Ç¤³¤ì¤òºï½ü¤·¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "S2K¥â¡¼¥É¤Î¤¿¤á¡¢ÂоÎESK¥Ñ¥±¥Ã¥È¤ò»È¤¨¤Þ¤»¤ó\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "%s°Å¹æË¡¤ò»È¤¤¤Þ¤¹\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "¡Ö%s¡×¤Ï¤â¤¦°µ½ÌºÑ¤ß¤Ç¤¹\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "·Ù¹ð: ¡Ö%s¡×¤Ï¶õ¤Î¥Õ¥¡¥¤¥ë¤Ç¤¹\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr "--pgp2¥â¡¼¥É¤Ç¤Ï2048¥Ó¥Ã¥È°Ê²¼¤ÎRSA¸°¤Ç°Å¹æ²½¤·¤«¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "¡Ö%s¡×¤«¤éÆɤ߽Ф·¤Þ¤¹\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr "°Å¹æ²½¤·¤è¤¦¤È¤·¤Æ¤¤¤ë¸°¤ÏÁ´ÉôIDEA°Å¹æ¤ò»È¤¨¤Þ¤»¤ó¡£\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "·Ù¹ð: ÂоΰŹæË¡ %s (%d) ¤Î¶¯À©¤¬¡¢¼õ¼è¿Í¤ÎÁª¹¥¤ÈÂÐΩ¤·¤Þ¤¹\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr "·Ù¹ð: °µ½Ì¥¢¥ë¥´¥ê¥º¥à %s (%d) ¤Î¶¯À©¤¬¡¢¼õ¼è¿Í¤ÎÁª¹¥¤ÈÂÐΩ¤·¤Þ¤¹\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "ÂоΰŹæË¡ %s (%d) ¤Î¶¯À©¤¬¡¢¼õ¼è¿Í¤ÎÁª¹¥¤ÈÂÐΩ¤·¤Þ¤¹\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "%s¤ò%s¥â¡¼¥É¤Ç»È¤¦¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s°Å¹æ²½ ¼õ¿®¼Ô:¡È%s¡É\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s°Å¹æ²½ºÑ¤ß¥Ç¡¼¥¿\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "̤ÃΤΥ¢¥ë¥´¥ê¥º¥à%d¤Ë¤è¤ë°Å¹æ²½\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr "·Ù¹ð: ¥á¥Ã¥»¡¼¥¸¤ÏÂоΰŹæË¡¤Î¼å¤¤¸°¤Ç°Å¹æ²½¤µ¤ì¤Æ¤¤¤Þ¤¹¡£\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "°Å¹æ²½¥Ñ¥±¥Ã¥È¤Î¼è°·¤¤¤Ç¾ã³²\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "±ó³Ö¥×¥í¥°¥é¥à¤Î¼Â¹Ô¤Ï¡¢¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"¥ª¥×¥·¥ç¥ó¡¦¥Õ¥¡¥¤¥ë¤Îµö²Ä¥â¡¼¥É¤¬¡¢°ÂÁ´¤Ç¤Ï¤Ê¤¤¤Î¤Ç¡¢\n"
+"³°Éô¥×¥í¥°¥é¥à¤Î¸Æ½Ð¤·¤Ï¡¢»ÈÍѶػߤǤ¹¡£\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"¤³¤Î¥×¥é¥Ã¥È¥Û¡¼¥à¤À¤È¡¢³°Éô¥×¥í¥°¥é¥à¤Î¸Æ½Ð¤·¤Ë¤Ï¡¢°ì»þ¥Õ¥¡¥¤¥ë¤¬É¬ÍפǤ¹\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "¡Ö%s¡×¤ò¼Â¹Ô¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "¥·¥§¥ë¡Ö%s¡×¤ò¼Â¹Ô¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "³°Éô¥×¥í¥°¥é¥à¤Î¸Æ½Ð¤·¤Ç¥·¥¹¥Æ¥à¡¦¥¨¥é¡¼: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "³°Éô¥×¥í¥°¥é¥à¤¬¡¢ÉÔ¼«Á³¤Ë½ªÎ»\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "³°Éô¥×¥í¥°¥é¥à¤ò¼Â¹Ô¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "³°Éô¥×¥í¥°¥é¥à¤Î±þÅú¤òÆɤ߽Ф»¤Þ¤»¤ó: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "·Ù¹ð: °ì»þ¥Õ¥¡¥¤¥ë¤òºï½ü¤Ç¤­¤Þ¤»¤ó (%s) ¡Ö%s¡×: %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "·Ù¹ð: °ì»þ¥Ç¥£¥ì¥¯¥È¥ê¡¼¡Ö%s¡×¤òºï½ü¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr "½ð̾¤Ï¡¢¼º¸úÉԲĤËÀßÄꤵ¤ì¤Þ¤¹¡£\n"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+#, fuzzy
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "¡È%s¡ÉÍѤμº¸ú¸°¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó\n"
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr "Éû¸°¤Î¼º¸ú"
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "»ÈÍѤǤ­¤Ê¤¤ÈëÌ©¸°¤Ç¤¹"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "ÈëÌ©¸°¤Î½ñ½Ð¤·¤Ï¶Ø»ß¤Ç¤¹\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "¸°%s: Êݸ¤ì¤Æ¤¤¤Þ¤»¤ó - ¤È¤Ð¤·¤Þ¤¹\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "¸°%s: PGP 2.x·Á¼°¤Î¸°¤Ç¤¹ - ¤È¤Ð¤·¤Þ¤¹\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "¸°%s: Éû¸°½ð̾¤Î¾ì½ê¤¬¡¢¸í¤Ã¤Æ¤¤¤Þ¤¹ - ¤È¤Ð¤·¤Þ¤¹\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "¸°¤ÎÊݴɤ˼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "·Ù¹ð: ÈëÌ©¸°%s¤Ë¤Ï¡¢Ã±½ã¤ÊSK¥Á¥§¥Ã¥¯¥µ¥à¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "·Ù¹ð: ²¿¤â½ñ¤­½Ð¤·¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "pk¥­¥ã¥Ã¥·¥å¤Î¥¨¥ó¥È¥ê¡¼¤¬Â¿¤¹¤®¤Þ¤¹ - »ÈÍѶػß\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[¥æ¡¼¥¶¡¼ID¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "¡Ö%s¡×¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "CA¤Î»ØÌæ: "
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr "--allow-non-selfsigned-uid¤ÇÍ­¸ú¤Ë¤µ¤ì¤¿Ìµ¸ú¤Ê¸°%s¤Ç¤¹\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "¸ø³«Éû¸°%s¤Ë¤¿¤¤¤¹¤ëÈëÌ©Éû¸°¤¬¤¢¤ê¤Þ¤»¤ó - ̵»ë\n"
+
+#: g10/getkey.c:2759
+#, fuzzy, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "Éû¸°%s¤ò¼ç¸°%s¤ËÂåÍѤ·¤Þ¤¹\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "¸°%s: ¸ø³«¸°¤Î¤Ê¤¤ÈëÌ©¸°¤Ç¤¹ - ¤È¤Ð¤·¤Þ¤¹\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "¿®Íѽð̾¤òºîÀ®"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[¥Õ¥¡¥¤¥ë]|¥¯¥ê¥¢½ð̾¤òºîÀ®"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "ʬΥ½ð̾¤òºîÀ®"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "¥Ç¡¼¥¿¤ò°Å¹æ²½"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "°Å¹æ²½¤Ë¤ÏÂоΰŹæË¡¤Î¤ß¤ò»ÈÍÑ"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "¥Ç¡¼¥¿¤òÉü¹æ (´ûÄê)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "½ð̾¤ò¸¡¾Ú"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "¸°¤Î°ìÍ÷"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "¸°¤È½ð̾¤Î°ìÍ÷"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "¸°½ð̾¤Î¸¡ºº¤È°ìÍ÷"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "¸°¤È»ØÌæ¤Î°ìÍ÷"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "ÈëÌ©¸°¤Î°ìÍ÷"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "¿·¤·¤¤¸°ÂФòÀ¸À®"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "¼º¸ú¾ÚÌÀ½ñ¤òÀ¸À®"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "¸ø³«¸°Îؤ«¤é¸°·²¤òºï½ü"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "ÈëÌ©¸°Îؤ«¤é¸°·²¤òºï½ü"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "¸°¤Ë½ð̾"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "¸°¤ØÆâÉôŪ¤Ë½ð̾"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "¸°¤Ø¤Î½ð̾¤äÊÔ½¸"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÊѹ¹"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "¸°¤ò½ñ¤­½Ð¤¹"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "¸°¥µ¡¼¥Ð¡¼¤Ë¸°¤ò½ñ¤­½Ð¤¹"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "¸°¥µ¡¼¥Ð¡¼¤«¤é¸°¤òÆɤ߹þ¤à"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "¸°¥µ¡¼¥Ð¡¼¤Î¸°¤ò¸¡º÷¤¹¤ë"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "¸°¥µ¡¼¥Ð¡¼¤«¤é¸°¤òÁ´Éô¹¹¿·¤¹¤ë"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "¸°¤ÎÆɹþ¤ß/Ê»¹ç"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "¥«¡¼¥É¾õÂÖ¤òɽ¼¨"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "¥«¡¼¥É¤Î¥Ç¡¼¥¿¤òÊѹ¹"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "¥«¡¼¥É¤ÎPIN¤òÊѹ¹"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤ò¹¹¿·"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|¥¢¥ë¥´¥ê¥º¥à [¥Õ¥¡¥¤¥ë]|¥á¥Ã¥»¡¼¥¸Í×Ìó¤òɽ¼¨"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "ASCII·Á¼°¤ÎÊñÁõ¤òºîÀ®"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|̾Á°|¡Ö̾Á°¡×ÍѤ˰Ź沽"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr ""
+"½ð̾¤äÉü¹æ¤Ë¤³¤Î¥æ¡¼¥¶¡¼id\n"
+"¤ò»ÈÍÑ"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr ""
+"|N|°µ½Ì¥ì¥Ù¥ë¤òN¤ËÀßÄê\n"
+"(0¤ÏÈó°µ½Ì)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "Àµ½à¥Æ¥­¥¹¥È¡¦¥â¡¼¥É¤ò»ÈÍÑ"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "¡Ö%s¡×¤«¤é¥ª¥×¥·¥ç¥ó¤òÆɤ߽Ф·¤Þ¤¹\n"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "̵Êѹ¹"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "¾å½ñ¤­Á°¤Ë³Îǧ"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "¸·Ì©¤ÊOpenPGP¤Î¿¶Éñ¤òºÎÍÑ"
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(¥³¥Þ¥ó¥É¤È¥ª¥×¥·¥ç¥óÁ´Éô¤Î°ìÍ÷¤Ï¡¢\n"
+"¥Þ¥Ë¥å¥¢¥ë¡¦¥Ú¡¼¥¸¤ò¤´Í÷¤¯¤À¤µ¤¤)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Îã:\n"
+"\n"
+" -se -r Bob [¥Õ¥¡¥¤¥ë] ½ð̾¤È¥æ¡¼¥¶¡¼Bob¤Ø¤Î°Å¹æ²½\n"
+" --clearsign [¥Õ¥¡¥¤¥ë] ¥¯¥ê¥¢½ð̾¤òºîÀ®\n"
+" --detach-sign [¥Õ¥¡¥¤¥ë] ʬΥ½ð̾¤òºîÀ®\n"
+" --list-keys [̾Á°] ¸°¤òɽ¼¨\n"
+" --fingerprint [̾Á°] »ØÌæ¤òɽ¼¨\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "»È¤¤Êý: gpg [¥ª¥×¥·¥ç¥ó] [¥Õ¥¡¥¤¥ë] (¥Ø¥ë¥×¤Ï -h)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"½ñ¼°: gpg [¥ª¥×¥·¥ç¥ó] [¥Õ¥¡¥¤¥ë]\n"
+"½ð̾¡¢¸¡ºº¡¢°Å¹æ²½¤äÉü¹æ\n"
+"´ûÄê¤ÎÁàºî¤Ï¡¢ÆþÎϥǡ¼¥¿¤Ë°Í¸\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë¥¢¥ë¥´¥ê¥º¥à:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "¸ø³«¸°: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "°Å¹æË¡: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "¥Ï¥Ã¥·¥å: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "°µ½Ì: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "»È¤¤Êý: gpg [¥ª¥×¥·¥ç¥ó] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "ÂÐΩ¤¹¤ë¥³¥Þ¥ó¥É\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "=µ­¹æ¤¬¡¢¥°¥ë¡¼¥×ÄêµÁ¡Ö%s¡×Æâ¤Ë¸«¤Ä¤«¤ê¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "·Ù¹ð: homedir ¡Ö%s¡×¤Î°ÂÁ´¤Ç¤Ê¤¤½êÍ­¼Ô\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "·Ù¹ð: ¹½À®¥Õ¥¡¥¤¥ë¡Ö%s¡×¤Î°ÂÁ´¤Ç¤Ê¤¤½êÍ­¼Ô\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "·Ù¹ð: ³ÈÄ¥¡Ö%s¡×¤Î°ÂÁ´¤Ç¤Ê¤¤½êÍ­¼Ô\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "·Ù¹ð: homedir ¡Ö%s¡×¤Î°ÂÁ´¤Ç¤Ê¤¤µö²Ä\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "·Ù¹ð: ¹½À®¥Õ¥¡¥¤¥ë¡Ö%s¡×¤Î°ÂÁ´¤Ç¤Ê¤¤µö²Ä\n"
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "·Ù¹ð: ³ÈÄ¥¡Ö%s¡×¤Î°ÂÁ´¤Ç¤Ê¤¤µö²Ä\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "·Ù¹ð: homedir ¡Ö%s¡×¤Î°ÂÁ´¤Ç¤Ê¤¤¾å°Ì¥Ç¥£¥ì¥¯¥È¥ê¡¼½êÍ­¼Ô\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr "·Ù¹ð: ¹½À®¥Õ¥¡¥¤¥ë¡Ö%s¡×¤Î°ÂÁ´¤Ç¤Ê¤¤¾å°Ì¥Ç¥£¥ì¥¯¥È¥ê¡¼½êÍ­¼Ô\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "·Ù¹ð: ³ÈÄ¥¡Ö%s¡×¤Î°ÂÁ´¤Ç¤Ê¤¤¾å°Ì¥Ç¥£¥ì¥¯¥È¥ê¡¼½êÍ­¼Ô\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "·Ù¹ð: homedir ¡Ö%s¡×¤Î°ÂÁ´¤Ç¤Ê¤¤¾å°Ì¥Ç¥£¥ì¥¯¥È¥ê¡¼µö²Ä\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr "·Ù¹ð: ¹½À®¥Õ¥¡¥¤¥ë¡Ö%s¡×¤Î°ÂÁ´¤Ç¤Ê¤¤¾å°Ì¥Ç¥£¥ì¥¯¥È¥ê¡¼µö²Ä\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "·Ù¹ð: ³ÈÄ¥¡Ö%s¡×¤Î°ÂÁ´¤Ç¤Ê¤¤¾å°Ì¥Ç¥£¥ì¥¯¥È¥ê¡¼µö²Ä\n"
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "̤ÃΤι½À®¹àÌÜ¡Ö%s¡×\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+#, fuzzy
+msgid "show all notations during signature listings"
+msgstr "ÈëÌ©¸°ÎؤËÂбþ¤¹¤ë½ð̾¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "»ØÄꤵ¤ì¤¿Áª¹¥¸°¥µ¡¼¥Ð¡¼URL¤Ï̵¸ú¤Ç¤¹\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr "ÈëÌ©¸°¤È¸ø³«¸°¤Î°ìÍ÷¤Îȿž"
+
+#: g10/gpg.c:1721
+#, fuzzy
+msgid "show expiration dates during signature listings"
+msgstr "ÈëÌ©¸°ÎؤËÂбþ¤¹¤ë½ð̾¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "Ãí°Õ: ÀΡ¢´ûÄê¤À¤Ã¤¿¥ª¥×¥·¥ç¥ó¡¦¥Õ¥¡¥¤¥ë¡Ö%s¡×¤Ï¡¢Ìµ»ë¤µ¤ì¤Þ¤¹\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "Ãí°Õ: ÉáÄÌ%s¤Ï»È¤¤¤Þ¤»¤ó!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, fuzzy, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "¡Ö%s¡×¤Ï¡¢Í­¸ú¤Êʸ»ú½¸¹ç¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "¡Ö%s¡×¤Ï¡¢Í­¸ú¤Êʸ»ú½¸¹ç¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "¸°¥µ¡¼¥Ð¡¼¤ÎURL¤ò²òÀÏÉÔǽ\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: ̵¸ú¤Ê¸°¥µ¡¼¥Ð¡¼¡¦¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "̵¸ú¤Ê¸°¥µ¡¼¥Ð¡¼¡¦¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: ̵¸ú¤ÊÆɹþ¤ß¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "̵¸ú¤ÊÆɹþ¤ß¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: ̵¸ú¤Ê½ñ½Ð¤·¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "̵¸ú¤Ê½ñ½Ð¤·¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: ̵¸ú¤Ê°ìÍ÷¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "̵¸ú¤Ê°ìÍ÷¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "¡Ö%s¡×¤Ï¡¢Í­¸ú¤Êʸ»ú½¸¹ç¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "»ØÄꤵ¤ì¤¿Áª¹¥¸°¥µ¡¼¥Ð¡¼URL¤Ï̵¸ú¤Ç¤¹\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "¡Ö%s¡×¤Ï¡¢Í­¸ú¤Êʸ»ú½¸¹ç¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "¡Ö%s¡×¤Ï¡¢Í­¸ú¤Êʸ»ú½¸¹ç¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: ̵¸ú¤Ê¸¡¾Ú¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "̵¸ú¤Ê¸¡¾Ú¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "exec-path¤ò%s¤ËÀßÄêÉÔǽ\n"
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: ̵¸ú¤Ê¸¡¾Ú¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "·Ù¹ð: ¥×¥í¥°¥é¥à¤Î¥³¥¢¡¦¥Õ¥¡¥¤¥ë¤¬¤Ç¤­¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "·Ù¹ð: %s¤Ï%s¤è¤êÍ¥Àè\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s¤Ï%s¤È¤È¤â¤Ë»È¤¦¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s¤Ï%s¤È¤È¤â¤Ë»È¤Ã¤Æ¤â̵°ÕÌ£¤Ç¤¹!\n"
+
+#: g10/gpg.c:3057
+#, fuzzy, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "¡Ö%s¡×¤ØÈëÌ©¸°¥¹¥¿¥Ö¤ò½ñ¤­¹þ¤ß¤Þ¤¹\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "--pgp2¥â¡¼¥É¤Ç¤ÏʬΥ½ð̾¤«¥¯¥ê¥¢½ð̾¤À¤±¤·¤«¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "--pgp2¥â¡¼¥É¤Ç¤Ï½ð̾¤È°Å¹æ²½¤òƱ»þ¤Ë¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "--pgp2¤ò»ØÄꤷ¤¿¤é¡¢(¥Ñ¥¤¥×¤Ç¤Ê¤¯) ¥Õ¥¡¥¤¥ë¤ò»ØÄꤻ¤Í¤Ð¤Ê¤ê¤Þ¤»¤ó¡£\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "--pgp2¥â¡¼¥É¤Î¥á¥Ã¥»¡¼¥¸°Å¹æ²½¤Ç¤Ï¡¢IDEA°Å¹æË¡¤¬É¬ÍפǤ¹\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "ÁªÂò¤µ¤ì¤¿°Å¹æ¥¢¥ë¥´¥ê¥º¥à¤Ï¡¢Ìµ¸ú¤Ç¤¹\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "ÁªÂò¤µ¤ì¤¿Í×Ì󥢥르¥ê¥º¥à¤Ï¡¢Ìµ¸ú¤Ç¤¹\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "ÁªÂò¤µ¤ì¤¿°µ½Ì¥¢¥ë¥´¥ê¥º¥à¤Ï¡¢Ìµ¸ú¤Ç¤¹\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "ÁªÂò¤µ¤ì¤¿¾ÚÌÀ½ñÍ×Ì󥢥르¥ê¥º¥à¤Ï¡¢Ìµ¸ú¤Ç¤¹\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed¤ÏÀµ¤ÎÃͤ¬É¬ÍפǤ¹\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed¤Ï1¤è¤êÂ礭¤ÊÃͤ¬É¬ÍפǤ¹\n"
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth¤Ï1¤«¤é255¤ÎÈϰϤǤʤ±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "̵¸ú¤Êdefault-cert-level¡£0¤«1¤«2¤«3¤Ç¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "̵¸ú¤Êmin-cert-level¡£0¤«1¤«2¤«3¤Ç¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "Ãí°Õ: ñ½ã¤ÊS2K¥â¡¼¥É(0)¤Î»ÈÍѤˤ϶¯¤¯È¿ÂФ·¤Þ¤¹\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "̵¸ú¤ÊS2K¥â¡¼¥É¡£0¤«1¤«3¤Ç¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "̵¸ú¤Ê´ûÄê¤ÎÁª¹¥\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "̵¸ú¤Ê¸Ä¿ÍÍѰŹæË¡¤ÎÁª¹¥\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "̵¸ú¤Ê¸Ä¿ÍÍÑÍ×Ìó¤ÎÁª¹¥\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "̵¸ú¤Ê¸Ä¿ÍÍÑ°µ½Ì¤ÎÁª¹¥\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s¤Ï%s¤Çµ¡Ç½¤·¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "°Å¹æ¥¢¥ë¥´¥ê¥º¥à¡Ö%s¡×¤ò%s¥â¡¼¥É¤Ç»È¤¦¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "Í×Ì󥢥르¥ê¥º¥à¡Ö%s¡×¤ò%s¥â¡¼¥É¤Ç»È¤¦¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "°µ½Ì¥¢¥ë¥´¥ê¥º¥à¡Ö%s¡×¤ò%s¥â¡¼¥É¤Ç»È¤¦¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤Î½é´ü²½¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr "·Ù¹ð: ¸ø³«¸°°Å¹æ¤ò»È¤ï¤º¤Ë¡¢¼õ¼è¿Í (-r) ¤ò»ØÄꤷ¤Æ¤¤¤Þ¤¹\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [¥Õ¥¡¥¤¥ë̾]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [¥Õ¥¡¥¤¥ë̾]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "¡Ö%s¡×¤ÎÂоΰŹæ¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [¥Õ¥¡¥¤¥ë̾]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [¥Õ¥¡¥¤¥ë̾]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr "--symmetric --encrypt¤ò--s2k-mode 0¤Ç»È¤¦¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "--symmetric --encrypt¤ò%s¥â¡¼¥É¤Ç»È¤¦¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [¥Õ¥¡¥¤¥ë̾]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [¥Õ¥¡¥¤¥ë̾]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [¥Õ¥¡¥¤¥ë̾]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr "--symmetric --sign --encrypt¤ò--s2k-mode 0¤Ç»È¤¦¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "--symmetric --sign --encrypt¤ò%s¥â¡¼¥É¤Ç»È¤¦¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [¥Õ¥¡¥¤¥ë̾]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [¥Õ¥¡¥¤¥ë̾]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [¥Õ¥¡¥¤¥ë̾]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key ¥æ¡¼¥¶¡¼id"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key ¥æ¡¼¥¶¡¼id"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key ¥æ¡¼¥¶¡¼id [¥³¥Þ¥ó¥É]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key ¥æ¡¼¥¶¡¼id"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "¸°¥µ¡¼¥Ð¡¼¤Ø¤ÎÁ÷¿®¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "¸°¥µ¡¼¥Ð¡¼¤«¤é¤Î¼õ¿®¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "¸°¤Î½ñ½Ð¤·¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "¸°¥µ¡¼¥Ð¡¼¤Î¸¡º÷¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "¸°¥µ¡¼¥Ð¡¼¤Î²óÉü¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "ÊñÁõ½üµî¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "ÊñÁõ¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "̵¸ú¤Ê¥Ï¥Ã¥·¥å¡¦¥¢¥ë¥´¥ê¥º¥à¡Ö%s¡×¤Ç¤¹\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[¥Õ¥¡¥¤¥ë̾]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "³«»Ï¤·¤Þ¤¹¡£¥á¥Ã¥»¡¼¥¸¤òÂǤäƤ¯¤À¤µ¤¤ ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "¤¢¤¿¤¨¤é¤ì¤¿¾ÚÌÀ½ñ¥Ý¥ê¥·¡¼URL¤Ï̵¸ú¤Ç¤¹\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "¤¢¤¿¤¨¤é¤ì¤¿½ð̾¥Ý¥ê¥·¡¼URL¤Ï̵¸ú¤Ç¤¹\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "»ØÄꤵ¤ì¤¿Áª¹¥¸°¥µ¡¼¥Ð¡¼URL¤Ï̵¸ú¤Ç¤¹\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "¤³¤Î¸°¤ò¸°Îؤ«¤éºï½ü¤·¤Þ¤¹"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "Æü»þ¤ÎÌ·½â¤ò·Ù¹ð¤À¤±¤Ë¤·¤Þ¤¹"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr ""
+"|¥Õ¥¡¥¤¥ëµ­½Ò»Ò|¤³¤Î¥Õ¥¡¥¤¥ëµ­½Ò»Ò¤Ë¾õÂÖ¤ò\n"
+"½ñ¤­¹þ¤à"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "»È¤¤Êý: gpgv [¥ª¥×¥·¥ç¥ó] [¥Õ¥¡¥¤¥ë] (¥Ø¥ë¥×¤Ï -h)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"¹½Ê¸: gpg [¥ª¥×¥·¥ç¥ó] [¥Õ¥¡¥¤¥ë]\n"
+"´ûÃΤο®ÍѤ·¤¿¸°¤Ç½ð̾¤ò¸¡ºº\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "¥Ø¥ë¥×¤Ï¤¢¤ê¤Þ¤»¤ó"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "¡Ö%s¡×¤Î¥Ø¥ë¥×¤Ï¤¢¤ê¤Þ¤»¤ó"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤ò¹¹¿·"
+
+#: g10/import.c:100
+#, fuzzy
+msgid "create a public key when importing a secret key"
+msgstr "¸ø³«¸°¤ÈÈëÌ©¸°¤¬¾È¹ç¤·¤Þ¤»¤ó!\n"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "»ÈÍѤǤ­¤Ê¤¤ÈëÌ©¸°¤Ç¤¹"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "·¿%d¤Î¥Ö¥í¥Ã¥¯¤ò¤È¤Ð¤·¤Þ¤¹\n"
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu¸°¤Þ¤Ç½èÍý\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr " ½èÍý¿ô¤Î¹ç·×: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr "¤È¤Ð¤·¤¿¿·¤·¤¤¸°: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " ¥æ¡¼¥¶¡¼ID¤Ê¤·: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " Æɹþ¤ß: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " Êѹ¹¤Ê¤·: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr "¿·¤·¤¤¥æ¡¼¥¶¡¼ID: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " ¿·¤·¤¤Éû¸°: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " ¿·¤·¤¤½ð̾: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " ¿·¤·¤¤¸°¤Î¼º¸ú: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " ÈëÌ©¸°¤ÎÆɽФ·: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " ÈëÌ©¸°¤ÎÆɹþ¤ß: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " ̵Êѹ¹¤ÎÈëÌ©¸°: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " ̤Æɹþ¤ß: %lu\n"
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr "¤³¤ì¤Þ¤Ç¤ËºîÀ®¤µ¤ì¤¿½ð̾: %lu\n"
+
+#: g10/import.c:325
+#, fuzzy, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " ÈëÌ©¸°¤ÎÆɽФ·: %lu\n"
+
+#: g10/import.c:606
+#, fuzzy, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr "·Ù¹ð: ¸°%s¤Ë¤Ï¡¢»ÈÍÑÉԲĤȤ¤¤¦Áª¹¥¤¬¤¢¤ê¤Þ¤¹\n"
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " \"%s\": °Å¹æ¥¢¥ë¥´¥ê¥º¥à¤ÎÁª¹¥ %s\n"
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " \"%s\": Í×Ì󥢥르¥ê¥º¥à¤ÎÁª¹¥ %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " \"%s\": °µ½Ì¥¢¥ë¥´¥ê¥º¥à¤ÎÁª¹¥ %s\n"
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "it is strongly suggested that you update your preferences and\n"
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+"ÀøºßŪ¤Ê¥¢¥ë¥´¥ê¥º¥àÉÔ°ìÃ×ÌäÂê¤òÈò¤±¤ë¤¿¤á¡¢¤³¤Î¸°¤òºÆÇÛÉÛ¤·¤Æ¤¯¤À¤µ¤¤\n"
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr "°Ê²¼¤Ç¡¢Áª¹¥¤¬¹¹¿·¤Ç¤­¤Þ¤¹: gpg --edit-key %s updpref save\n"
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "¸°%s: ¥æ¡¼¥¶¡¼ID¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "¸°%s: PKS¤ÎÉû¸°ÊѤ¤ò½¤Éü\n"
+
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "¸°%s: ¼õÍý¤·¤¿Ì¤¼«¸Ê½ð̾¤Î¥æ¡¼¥¶¡¼ID¡È%s¡É\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "¸°%s: Í­¸ú¤Ê¥æ¡¼¥¶¡¼ID¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "¼«¸Ê½ð̾¤Î¤Ê¤¤¤»¤¤¤Ç¤·¤ç¤¦\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "¸°%s: ¸ø³«¸°¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó: %s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "¸°%s: ¿·¤·¤¤¸°¤Ç¤¹ - ¤È¤Ð¤·¤Þ¤¹\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "½ñ¹þ¤ß²Äǽ¤Ê¸°Îؤ¬¸«¤Ä¤«¤ê¤Þ¤»¤ó: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "¡Ö%s¡×¤Ø¤Î½ñ¹þ¤ß\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "¸°ÎØ¡Ö%s¡×¤Î½ñ¹þ¤ß¥¨¥é¡¼: %s\n"
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "¸°%s: ¸ø³«¸°¡È%s¡É¤òÆɤ߹þ¤ß¤Þ¤·¤¿\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "¸°%s: ¤³¤Á¤é¤ÎÊ£À½¤È¹ç¤¤¤Þ¤»¤ó\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "¸°%s: ¸µ¤Î¸°¥Ö¥í¥Ã¥¯¤Ë°ÌÃ֤Ť±¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "¸°%s: ¸µ¤Î¸°¥Ö¥í¥Ã¥¯¤òÆɤ߽Ф»¤Þ¤»¤ó: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "¸°%s:¡È%s¡É¿·¤·¤¤¥æ¡¼¥¶¡¼ID¤ò1¸Ä\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "¸°%s:¡È%s¡É¿·¤·¤¤¥æ¡¼¥¶¡¼ID¤ò%d¸Ä\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "¸°%s:¡È%s¡É¿·¤·¤¤½ð̾¤ò1¸Ä\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "¸°%s:¡È%s¡É¿·¤·¤¤½ð̾¤ò%d¸Ä\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "¸°%s:¡È%s¡É¿·¤·¤¤Éû¸°¤ò1¸Ä\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "¸°%s:¡È%s¡É¿·¤·¤¤Éû¸°¤ò%d¸Ä\n"
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "¸°%s:¡È%s¡É¿·¤·¤¤½ð̾¤ò%d¸Ä\n"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "¸°%s:¡È%s¡É¿·¤·¤¤½ð̾¤ò%d¸Ä\n"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "¸°%s:¡È%s¡É¿·¤·¤¤¥æ¡¼¥¶¡¼ID¤ò%d¸Ä\n"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "¸°%s:¡È%s¡É¿·¤·¤¤¥æ¡¼¥¶¡¼ID¤ò%d¸Ä\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "¸°%s:¡È%s¡ÉÊѹ¹¤Ê¤·\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "¸°%s: ̵¸ú¤Ê°Å¹æË¡%d¤ÎÈëÌ©¸°¤Ç¤¹ - ¤È¤Ð¤·¤Þ¤¹\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "ÈëÌ©¸°¤ÎÆɹþ¤ß¤Ï¶Ø»ß¤Ç¤¹\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "´ûÄê¤ÎÈëÌ©¸°Îؤ¬¤¢¤ê¤Þ¤»¤ó: %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "¸°%s: ÈëÌ©¸°¤òÆɤ߹þ¤ß¤Þ¤·¤¿\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "¸°%s: ¤â¤¦ÈëÌ©¸°Îؤˤ¢¤ê¤Þ¤¹\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "¸°%s: ÈëÌ©¸°¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr "¸°%s: ¸ø³«¸°¤¬¤¢¤ê¤Þ¤»¤ó - ¼º¸ú¾ÚÌÀ½ñ¤òŬÍѤǤ­¤Þ¤»¤ó\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "¸°%s: ̵¸ú¤Ê¼º¸ú¾ÚÌÀ½ñ: %s - µñÈÝ\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "¸°%s:¡È%s¡É¼º¸ú¾ÚÌÀ½ñ¤òÆɤ߹þ¤ß¤Þ¤·¤¿\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "¸°%s: ½ð̾¤ËÂбþ¤¹¤ë¥æ¡¼¥¶¡¼ID¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr "¸°%s: ¥æ¡¼¥¶¡¼ID¡È%s¡É¤Î¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Ê¤¤¸ø³«¸°¥¢¥ë¥´¥ê¥º¥à¤Ç¤¹\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "¸°%s: ¥æ¡¼¥¶¡¼ID¡È%s¡É¤Î¼«¸Ê½ð̾¤¬¡¢Ìµ¸ú¤Ç¤¹\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "¸°%s: ¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Ê¤¤¸ø³«¸°¥¢¥ë¥´¥ê¥º¥à¤Ç¤¹\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "¸°%s: ľÀܸ°½ð̾¤òÄɲÃ\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "¸°%s: ¸°¤ËÂбþ¤¹¤ëÉû¸°¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "¸°%s: ̵¸ú¤ÊÉû¸°¤ÎÂбþ¤Ç¤¹\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "¸°%s: ¿½ÅÉû¸°¤ÎÂбþ¤òºï½ü¤·¤Þ¤¹\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "¸°%s: ¸°¼º¸ú¤Ë¤¿¤¤¤¹¤ëÉû¸°¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "¸°%s: ̵¸ú¤ÊÉû¸°¼º¸ú¤Ç¤¹\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "¸°%s: ̵¸ú¤ÊÉû¸°¤Î¿½Å¼º¸ú¤òºï½ü¤·¤Þ¤¹\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "¸°%s: ¤È¤Ð¤·¤¿¥æ¡¼¥¶¡¼ID¡È%s¡É\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "¸°%s: ¤È¤Ð¤·¤¿Éû¸°\n"
+
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "¸°%s: ½ñ½Ð¤·ÉԲĤʽð̾ (¥¯¥é¥¹%02X) - ¤È¤Ð¤·¤Þ¤¹\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "¸°%s: ¼º¸ú¾ÚÌÀ½ñ¤¬¸í¤Ã¤ÆÀßÄꤵ¤ì¤Æ¤¤¤Þ¤¹ - ¤È¤Ð¤·¤Þ¤¹\n"
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "¸°%s: ̵¸ú¤Ê¼º¸ú¾ÚÌÀ½ñ: %s - ¤È¤Ð¤·¤Þ¤¹\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "¸°%s: Éû¸°½ð̾¤Î¾ì½ê¤¬¡¢¸í¤Ã¤Æ¤¤¤Þ¤¹ - ¤È¤Ð¤·¤Þ¤¹\n"
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "¸°%s: ͽ´ü¤»¤Ì½ð̾¥¯¥é¥¹ (0x%02X) - ¤È¤Ð¤·¤Þ¤¹\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "¸°%s: ½ÅÊ£¤·¤¿¥æ¡¼¥¶¡¼ID¤Î¸¡½Ð - Ê»¹ç\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr "·Ù¹ð: ¸°%s¤Ï¼º¸ú¤µ¤ì¤¿¤è¤¦¤Ç¤¹: ¼º¸ú¸°%s¤Î°ú¤­½Ð¤·\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr "·Ù¹ð: ¸°%s¤Ï¼º¸ú¤µ¤ì¤¿¤è¤¦¤Ç¤¹: ¼º¸ú¸°%s¤ÏÉԺߡ£\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "¸°%s:¡È%s¡É¼º¸ú¾ÚÌÀ½ñ¤ÎÄɲÃ\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "¸°%s: ľÀܸ°½ð̾¤òÄɲÃ\n"
+
+#: g10/import.c:2414
+#, fuzzy
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "¸ø³«¸°¤ÈÈëÌ©¸°¤¬¾È¹ç¤·¤Þ¤»¤ó!\n"
+
+#: g10/import.c:2422
+#, fuzzy
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "ÈëÌ©¸°¤Ï¤â¤¦¥«¡¼¥É¤ËÊݴɤ·¤Æ¤¢¤ê¤Þ¤¹\n"
+
+#: g10/import.c:2424
+#, fuzzy
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "ÈëÌ©¸°¤Ï¤â¤¦¥«¡¼¥É¤ËÊݴɤ·¤Æ¤¢¤ê¤Þ¤¹\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "¸°ÎØ¡Ö%s¡×¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "¸°ÎØ¡Ö%s¡×¤¬¤Ç¤­¤Þ¤·¤¿\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, fuzzy, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "¡Ö%s¡×¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "¸°ÎØ¥­¥ã¥Ã¥·¥å¤ÎºÆ¹½Ãۤ˼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[¼º¸ú]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[¼«¸Ê½ð̾]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "ÉÔÀµ¤Ê½ð̾1¸Ä\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "ÉÔÀµ¤Ê½ð̾%d¸Ä\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "¸°¤¬¤Ê¤¤¤¿¤á1¸Ä¤Î½ð̾¤ò¸¡ºº¤·¤Þ¤»¤ó\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "¸°¤¬¤Ê¤¤¤¿¤á%d¸Ä¤Î½ð̾¤ò¸¡ºº¤·¤Þ¤»¤ó\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "¥¨¥é¡¼¤Î¤¿¤á1¸Ä¤Î½ð̾¤ò¸¡ºº¤·¤Þ¤»¤ó\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "¥¨¥é¡¼¤Î¤¿¤á%d¸Ä¤Î½ð̾¤ò¸¡ºº¤·¤Þ¤»¤ó\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "Í­¸ú¤Ê¼«¸Ê½ð̾¤Î¤Ê¤¤¥æ¡¼¥¶¡¼ID¤ò1¸Ä¸¡½Ð\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "Í­¸ú¤Ê¼«¸Ê½ð̾¤Î¤Ê¤¤¥æ¡¼¥¶¡¼ID¤ò%d¸Ä¸¡½Ð\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"¾¤Î¥æ¡¼¥¶¡¼¤Î¸°¤òÀµ¤·¤¯¸¡¾Ú¤¹¤ë¤¿¤á¤Ë¡¢¤³¤Î¥æ¡¼¥¶¡¼¤Î¿®ÍÑÅÙ¤ò·è¤á¤Æ¤¯¤À¤µ"
+"¤¤\n"
+"(¥Ñ¥¹¥Ý¡¼¥È¤ò¸«¤»¤Æ¤â¤é¤Ã¤¿¤ê¡¢Â¾¤«¤éÆÀ¤¿»ØÌæ¤ò¸¡ºº¤·¤¿¤ê¡¢¤Ê¤É¤Ê¤É)\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = ¤¢¤ëÄøÅÙ¿®ÍѤ¹¤ë\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = ´°Á´¤Ë¿®ÍѤ¹¤ë\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"¿®Íѽð̾¤Î¿¼¤µ¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£\n"
+"¿¼¤µ¤¬1¤è¤êÂ礭¤¤¤È¡¢½ð̾¤·¤è¤¦¤È¤·¤Æ¤¤¤ë¸°¤Ç¿®Íѽð̾¤òºî¤ì¤Þ¤¹¡£\n"
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr "½ð̾¤òÀ©¸Â¤¹¤ë¥É¥á¡¼¥ó¤«¡¢¤½¤ì¤Î¤Ê¤¤¾ì¹ç¤Ïenter¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "¥æ¡¼¥¶¡¼ID¡È%s¡É¤Ï¡¢¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤¹¡£"
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "¤½¤ì¤Ç¤â¤³¤Î¸°¤Ë½ð̾¤·¤¿¤¤¤Ç¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " ½ð̾ÉÔǽ¡£\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "¥æ¡¼¥¶¡¼ID¡È%s¡É¤Ï¡¢Ëþλ¤Ç¤¹¡£"
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "¥æ¡¼¥¶¡¼ID¡È%s¡É¤Ï¡¢¼«¸Ê½ð̾¤µ¤ì¤Æ¤¤¤Þ¤»¤ó¡£"
+
+#: g10/keyedit.c:682
+#, fuzzy, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "¥æ¡¼¥¶¡¼ID¡È%s¡É¤Ï¡¢¼«¸Ê½ð̾¤µ¤ì¤Æ¤¤¤Þ¤»¤ó¡£"
+
+#: g10/keyedit.c:684
+#, fuzzy
+msgid "Sign it? (y/N) "
+msgstr "ËÜÅö¤Ë½ð̾¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"¡È%s¡É¤Ë¤¿¤¤¤¹¤ë¼«¸Ê½ð̾¤Ï¡¢\n"
+"PGP 2.x·Á¼°¤Î½ð̾¤Ç¤¹¡£\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "OpenPGP¤Î¼«¸Ê½ð̾¤Ë³Ê¾å¤²¤·¤¿¤¤¤Ç¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"¡È%s¡É¤Ë¤¿¤¤¤¹¤ë¤¢¤Ê¤¿¤Îº£¤Î½ð̾\n"
+"¤ÏËþλ¤Ç¤¹¡£\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "¿·¤·¤¤½ð̾¤òȯ¹Ô¤·¡¢´ü¸ÂÀÚ¤ì½ð̾¤È¸ò´¹¤·¤¿¤¤¤Ç¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"¡È%s¡É¤Ë¤¿¤¤¤¹¤ë¤¢¤Ê¤¿¤Îº£¤Î½ð̾\n"
+"¤ÏÆâÉô½ð̾¤Ç¤¹¡£\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "½ñ½Ð¤·²Äǽ¤Ê½ð̾¤Ë³Ê¾å¤²¤·¤¿¤¤¤Ç¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "¡È%s¡É¤Ï¸°%s¤Ç¤â¤¦ÆâÉô½ð̾¤·¤Æ¤¢¤ê¤Þ¤¹\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "¡È%s¡É¤Ï¸°%s¤Ç¤â¤¦½ð̾¤·¤Æ¤¢¤ê¤Þ¤¹\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "¤½¤ì¤Ç¤âºÆ½ð̾¤·¤¿¤¤¤Ç¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "¸°%s¤Ç½ð̾¤¹¤Ù¤­¤â¤Î¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "¤³¤Î¸°¤ÏËþλ¤Ç¤¹!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "¤³¤Î¸°¤Ï%s¤ÇËþλ¤·¤Þ¤¹¡£\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Ʊ»þ¤Ë½ð̾¤âËþλ¤Ë¤·¤¿¤¤¤Ç¤¹¤«? (Y/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr "--pgp2¥â¡¼¥É¤Ç¤ÏPGP 2.x¸°¤ÇOpenPGP½ð̾¤¬¤Ç¤­¤Þ¤»¤ó¡£\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "¤³¤Î¸°¤ÏPGP 2.x¤Ç»ÈÍѤǤ­¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"½ð̾¤·¤è¤¦¤È¤·¤Æ¤¤¤ë¸°¤¬¼ÂºÝ¤Ë¾åµ­¤Î̾Á°¤Î¿Í¤Î¤â¤Î¤«¤É¤¦¤«¡¢¤É¤ÎÄøÅÙ\n"
+"Ãí°Õ¤·¤Æ¸¡¾Ú¤·¤Þ¤·¤¿¤«? Åú¤¬¤ï¤«¤é¤Ê¤±¤ì¤Ð¡¢¡È0¡É¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Åú¤¨¤Þ¤»¤ó¡£%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Á´Á³¡¢¸¡ºº¤·¤Æ¤¤¤Þ¤»¤ó¡£%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) °ì±þ¡¢¸¡ºº¤·¤Þ¤·¤¿¡£%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) ¤«¤Ê¤êÃí°Õ¤·¤Æ¸¡ºº¤·¤Þ¤·¤¿¡£%s\n"
+
+#: g10/keyedit.c:932
+#, fuzzy
+msgid "Your selection? (enter `?' for more information): "
+msgstr "ÁªÂò¤Ï? (¾ÜºÙ¤Ï '?' ¤Ç): "
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"ËÜÅö¤Ë¤³¤Î¸°¤Ë¤¢¤Ê¤¿¤Î¸°¡È%s¡É¤Ç½ð̾¤·¤Æ¤è¤¤¤Ç¤¹¤«\n"
+"(%s)\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "¼«¸Ê½ð̾¤Ë¤Ê¤ë¤Ç¤·¤ç¤¦¡£\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr "·Ù¹ð: ½ð̾¤Ï¡¢½ñ½Ð¤·ÉԲĤËÀßÄꤵ¤ì¤Þ¤»¤ó¡£\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr "·Ù¹ð: ½ð̾¤Ï¡¢¼º¸úÉԲĤËÀßÄꤵ¤ì¤Þ¤»¤ó¡£\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "½ð̾¤Ï¡¢½ñ½Ð¤·ÉԲĤËÀßÄꤵ¤ì¤Þ¤¹¡£\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "½ð̾¤Ï¡¢¼º¸úÉԲĤËÀßÄꤵ¤ì¤Þ¤¹¡£\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "¤³¤Î¸°¤ÏÁ´Á³¡¢¸¡ºº¤·¤Æ¤¤¤Þ¤»¤ó¡£\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "¤³¤Î¸°¤Ï°ì±þ¡¢¸¡ºº¤·¤Þ¤·¤¿¡£\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "¤³¤Î¸°¤Ï¡¢¤«¤Ê¤êÃí°Õ¤·¤Æ¸¡ºº¤·¤Þ¤·¤¿¡£\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "ËÜÅö¤Ë½ð̾¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "½ð̾¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "¤³¤Î¸°¤ÏÊݸ¤ì¤Æ¤¤¤Þ¤»¤ó¡£\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "¼ç¸°¤ÎÈëÌ©Éôʬ¤¬ÆÀ¤é¤ì¤Þ¤»¤ó¡£\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+#, fuzzy
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "¼ç¸°¤ÎÈëÌ©Éôʬ¤¬ÆÀ¤é¤ì¤Þ¤»¤ó¡£\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "¸°¤ÏÊݸ¤ì¤Æ¤¤¤Þ¤¹¡£\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "¤³¤Î¸°¤ÏÊÔ½¸¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"¤³¤ÎÈëÌ©¸°¤Î¿·¤·¤¤¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤ò¤Á¤ã¤ó¤È·«¤êÊÖ¤·¤Æ¤¤¤Þ¤»¤ó¡£ºÆÆþÎϤ·¤Æ¤¯¤À¤µ¤¤"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"¥Ñ¥¹¥Õ¥ì¡¼¥º¤¬ÉÔɬÍפʤ褦¤Ç¤¹¤¬¡¢\n"
+"¤ª¤½¤é¤¯¤½¤ì¤Ï¡ö¤í¤¯¤Ç¤â¤Ê¤¤¡ö¹Í¤¨¤Ç¤¹!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "ËÜÅö¤Ë¼Â¹Ô¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "¸°¤Î½ð̾¤òÀµ¤·¤¤¾ì½ê¤Ë°ÜÆ°¤·¤Þ¤¹\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "Êݸ¤·¤Æ½ªÎ»"
+
+#: g10/keyedit.c:1387
+#, fuzzy
+msgid "show key fingerprint"
+msgstr "»ØÌæ¤òɽ¼¨"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "¸°¤È¥æ¡¼¥¶¡¼ID¤Î°ìÍ÷"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "¥æ¡¼¥¶¡¼ID N¤ÎÁªÂò"
+
+#: g10/keyedit.c:1391
+#, fuzzy
+msgid "select subkey N"
+msgstr "¥æ¡¼¥¶¡¼ID N¤ÎÁªÂò"
+
+#: g10/keyedit.c:1392
+#, fuzzy
+msgid "check signatures"
+msgstr "½ð̾¤Î¼º¸ú"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+#, fuzzy
+msgid "sign selected user IDs locally"
+msgstr "¸°¤ØÆâÉôŪ¤Ë½ð̾"
+
+#: g10/keyedit.c:1404
+#, fuzzy
+msgid "sign selected user IDs with a trust signature"
+msgstr "¥³¥Ä: ¤Þ¤º½ð̾¤¹¤ë¥æ¡¼¥¶¡¼ID¤òÁªÂò¤·¤Þ¤¹\n"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "¥æ¡¼¥¶¡¼ID¤ÎÄɲÃ"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "¥Õ¥©¥ÈID¤ÎÄɲÃ"
+
+#: g10/keyedit.c:1414
+#, fuzzy
+msgid "delete selected user IDs"
+msgstr "¥æ¡¼¥¶¡¼ID¤Îºï½ü"
+
+#: g10/keyedit.c:1419
+#, fuzzy
+msgid "add a subkey"
+msgstr "addkey"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr "¥¹¥Þ¡¼¥È¥«¡¼¥É¤Ø¸°¤ÎÄɲÃ"
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr "¥¹¥Þ¡¼¥È¥«¡¼¥É¤Î¸°¤Ø¤Î°ÜÆ°"
+
+#: g10/keyedit.c:1427
+#, fuzzy
+msgid "move a backup key to a smartcard"
+msgstr "¥¹¥Þ¡¼¥È¥«¡¼¥É¤Î¸°¤Ø¤Î°ÜÆ°"
+
+#: g10/keyedit.c:1431
+#, fuzzy
+msgid "delete selected subkeys"
+msgstr "Éû¸°¤Îºï½ü"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "¼º¸ú¸°¤ÎÄɲÃ"
+
+#: g10/keyedit.c:1435
+#, fuzzy
+msgid "delete signatures from the selected user IDs"
+msgstr "ÁªÂò¤·¤¿¥æ¡¼¥¶¡¼ID¤ÎÁª¹¥¤òËÜÅö¤Ë¹¹¿·¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:1437
+#, fuzzy
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "v3¸°¤ÎÍ­¸ú´ü¸Â¤ÏÊѹ¹¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/keyedit.c:1439
+#, fuzzy
+msgid "flag the selected user ID as primary"
+msgstr "¥æ¡¼¥¶¡¼ID¤ò¼ç¤Ë¤¹¤ë"
+
+#: g10/keyedit.c:1441
+#, fuzzy
+msgid "toggle between the secret and public key listings"
+msgstr "ÈëÌ©¸°¤È¸ø³«¸°¤Î°ìÍ÷¤Îȿž"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "Áª¹¥¤Î°ìÍ÷ (¥¨¥­¥¹¥Ñ¡¼¥È)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "Áª¹¥¤Î°ìÍ÷ (¾éĹ)"
+
+#: g10/keyedit.c:1448
+#, fuzzy
+msgid "set preference list for the selected user IDs"
+msgstr "ÁªÂò¤·¤¿¥æ¡¼¥¶¡¼ID¤ÎÁª¹¥¤òËÜÅö¤Ë¹¹¿·¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "Áª¹¥¸°¥µ¡¼¥Ð¡¼¤ÎURI¤òÀßÄê"
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr "ÁªÂò¤·¤¿¥æ¡¼¥¶¡¼ID¤ÎÁª¹¥¤òËÜÅö¤Ë¹¹¿·¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÊѹ¹"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "½êÍ­¼Ô¿®ÍѤÎÊѹ¹"
+
+#: g10/keyedit.c:1463
+#, fuzzy
+msgid "revoke signatures on the selected user IDs"
+msgstr "ÁªÂò¤·¤¿Á´¥æ¡¼¥¶¡¼ID¤òËÜÅö¤Ë¼º¸ú¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:1465
+#, fuzzy
+msgid "revoke selected user IDs"
+msgstr "¥æ¡¼¥¶¡¼ID¤Î¼º¸ú"
+
+#: g10/keyedit.c:1470
+#, fuzzy
+msgid "revoke key or selected subkeys"
+msgstr "Éû¸°¤Î¼º¸ú"
+
+#: g10/keyedit.c:1471
+#, fuzzy
+msgid "enable key"
+msgstr "¸°¤Î»ÈÍѤòµö²Ä¤¹¤ë"
+
+#: g10/keyedit.c:1472
+#, fuzzy
+msgid "disable key"
+msgstr "¸°¤Î»ÈÍѤò¶Ø»ß¤¹¤ë"
+
+#: g10/keyedit.c:1473
+#, fuzzy
+msgid "show selected photo IDs"
+msgstr "¥Õ¥©¥ÈID¤òɽ¼¨"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "ÈëÌ©¸°¥Ö¥í¥Ã¥¯¡È%s¡É¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "ÈëÌ©¸°¤¬»ÈÍѤǤ­¤Þ¤¹¡£\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "¤³¤Î¼Â¹Ô¤Ë¤ÏÈëÌ©¸°¤¬¤¤¤ê¤Þ¤¹¡£\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "¤Þ¤º¡Ètoggle¡É¥³¥Þ¥ó¥É¤ò»È¤Ã¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "¸°¤Ï¡¢¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤¹¡£"
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "ËÜÅö¤ËÁ´¥æ¡¼¥¶¡¼ID¤Ë½ð̾¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "¥³¥Ä: ¤Þ¤º½ð̾¤¹¤ë¥æ¡¼¥¶¡¼ID¤òÁªÂò¤·¤Þ¤¹\n"
+
+#: g10/keyedit.c:1814
+#, fuzzy, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "̤ÃΤνð̾¥¯¥é¥¹¤Ç¤¹"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "%s¥â¡¼¥É¤Ç¤³¤Î¥³¥Þ¥ó¥É¤Ï¶Ø»ß¤Ç¤¹¡£\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "¥æ¡¼¥¶¡¼ID¤ò¾¯¤Ê¤¯¤È¤â¤Ò¤È¤ÄÁªÂò¤·¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "ºÇ¸å¤Î¥æ¡¼¥¶¡¼ID¤Ïºï½ü¤Ç¤­¤Þ¤»¤ó!\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "ÁªÂò¤·¤¿Á´¥æ¡¼¥¶¡¼ID¤òËÜÅö¤Ëºï½ü¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "¤³¤Î¥æ¡¼¥¶¡¼ID¤òËÜÅö¤Ëºï½ü¤·¤Þ¤¹¤«? (y/N) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr "¤³¤Î¼ç¸°¤òËÜÅö¤Ë°ÜÆ°¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "¸°¤ò¤­¤Ã¤«¤ê1ËÜÁªÂò¤·¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, fuzzy, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "¡Ö%s¡×¤¬³«¤±¤Þ¤»¤ó: %s\n"
+
+#: g10/keyedit.c:1988
+#, fuzzy, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "¸°ÎØ¡Ö%s¡×¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "¸°¤ò¾¯¤Ê¤¯¤È¤â1ËÜÁªÂò¤·¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "ÁªÂò¤·¤¿¸°¤òËÜÅö¤Ëºï½ü¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "¤³¤Î¸°¤òËÜÅö¤Ëºï½ü¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "ÁªÂò¤·¤¿Á´¥æ¡¼¥¶¡¼ID¤òËÜÅö¤Ë¼º¸ú¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr "¤³¤Î¥æ¡¼¥¶¡¼ID¤òËÜÅö¤Ë¼º¸ú¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:2070
+#, fuzzy
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "¤³¤Î¸°¤òËÜÅö¤Ë¼º¸ú¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:2081
+#, fuzzy
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "ÁªÂò¤·¤¿¸°¤òËÜÅö¤Ë¼º¸ú¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:2083
+#, fuzzy
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "¤³¤Î¸°¤òËÜÅö¤Ë¼º¸ú¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+"ÍøÍѼԻØÄê¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤ÎÍøÍÑÃæ¡¢½êÍ­¼Ô¿®ÍѤÏÀßÄꤵ¤ì¤Ê¤¤¤³¤È¤â¤¢¤ê¤Þ"
+"¤¹¡£\n"
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "Áª¹¥¤Î°ìÍ÷¤òÀßÄê:\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "ÁªÂò¤·¤¿¥æ¡¼¥¶¡¼ID¤ÎÁª¹¥¤òËÜÅö¤Ë¹¹¿·¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "Áª¹¥¤òËÜÅö¤Ë¹¹¿·¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "Êѹ¹¤òÊݸ¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "Êݸ¤»¤º¤Ë½ªÎ»¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "¹¹¿·¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "ÈëÌ©¤Î¹¹¿·¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "¸°¤Ï̵Êѹ¹¤Ê¤Î¤Ç¹¹¿·¤ÏÉÔÍפǤ¹¡£\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Í×Ìó: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "µ¡Ç½: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr "̵½¤Àµ¸°¥µ¡¼¥Ð¡¼"
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr "Áª¹¥¸°¥µ¡¼¥Ð¡¼: "
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr ""
+"@\n"
+"¥ª¥×¥·¥ç¥ó:\n"
+" "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "PGP 2.x·Á¼°¥æ¡¼¥¶¡¼ID¤ÎÁª¹¥¤¬¡¢¤¢¤ê¤Þ¤»¤ó¡£\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "¤³¤Î¸°¤Ï¡¢%s¸°%s¤Ë¤è¤Ã¤Æ¼º¸ú¤µ¤ì¤¿¤è¤¦¤Ç¤¹"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "¤³¤Î¸°¤Ï¡¢%s¸°%s¤Ë¤è¤Ã¤Æ¼º¸ú¤µ¤ì¤¿¤è¤¦¤Ç¤¹"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr "(¥Ç¥ê¥±¡¼¥È)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "ºîÀ®: %s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "¼º¸ú: %s"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "Ëþλ: %s"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "Ëþλ: %s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "ÍøÍÑË¡: %s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr "¿®ÍÑ: %s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "Í­¸úÀ­: %s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "¤³¤Î¸°¤Ï»ÈÍѶػߤËÀßÄꤵ¤ì¤Æ¤¤¤Þ¤¹"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr "¥«¡¼¥ÉÈÖ¹æ: "
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"¥×¥í¥°¥é¥à¤òºÆµ¯Æ°¤¹¤ë¤Þ¤Ç¡¢É½¼¨¤µ¤ì¤¿¸°¤ÎÍ­¸úÀ­¤ÏÀµ¤·¤¯¤Ê¤¤¤«¤â¤·¤ì¤Ê¤¤¡¢\n"
+"¤È¤¤¤¦¤³¤È¤òǰƬ¤Ë¤ª¤¤¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "¼º¸ú"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "Ëþλ"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"·Ù¹ð: ¼ç¤¿¤ë¥æ¡¼¥¶¡¼ID¤¬¤¢¤ê¤Þ¤»¤ó¡£¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢Ê̤Ê\n"
+" ¥æ¡¼¥¶¡¼ID¤¬¼ç¤Ë¤Ê¤ë¤È²¾Äꤹ¤ë¾ì¹ç¤¬¤¢¤ê¤Þ¤¹¡£\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"·Ù¹ð: ¤³¤ì¤ÏPGP2·Á¼°¤Î¸°¤Ç¤¹¡£¥Õ¥©¥ÈID¤ÎÄɲäǡ¢°ìÉô¤ÎÈǤÎPGP¤Ï¡¢\n"
+" ¤³¤Î¸°¤òµñÈݤ¹¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "¤½¤ì¤Ç¤âÄɲä·¤¿¤¤¤Ç¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "PGP2·Á¼°¤Î¸°¤Ë¤Ï¥Õ¥©¥ÈID¤òÄɲäǤ­¤Þ¤»¤ó¡£\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "¤³¤ÎÀµ¤·¤¤½ð̾¤òºï½ü¤·¤Þ¤¹¤«? (y/N/q)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "¤³¤Î̵¸ú¤Ê½ð̾¤òºï½ü¤·¤Þ¤¹¤«? (y/N/q)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "¤³¤Î̤ÃΤνð̾¤òºï½ü¤·¤Þ¤¹¤«? (y/N/q)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "¤³¤Î¼«¸Ê½ð̾¤òËÜÅö¤Ëºï½ü¤·¤Þ¤¹¤«? (y/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "%d¸Ä¤Î½ð̾¤òºï½ü¤·¤Þ¤·¤¿¡£\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "%d¸Ä¤Î½ð̾¤òºï½ü¤·¤Þ¤·¤¿¡£\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "²¿¤âºï½ü¤·¤Æ¤¤¤Þ¤»¤ó¡£\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+#, fuzzy
+msgid "invalid"
+msgstr "̵¸ú¤ÊÊñÁõ¤Ç¤¹"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "¥æ¡¼¥¶¡¼ID¡È%s¡É¤Ï¡¢¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤¹¡£"
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "¥æ¡¼¥¶¡¼ID¡È%s¡É¤Ï¡¢¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤¹¡£"
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "¥æ¡¼¥¶¡¼ID¡È%s¡É¤Ï¡¢¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤¹¡£"
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "¥æ¡¼¥¶¡¼ID¡È%s¡É¤Ï¡¢¤â¤¦¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤¹\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "¥æ¡¼¥¶¡¼ID¡È%s¡É¤Ï¡¢¤â¤¦¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤¹\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"·Ù¹ð: ¤³¤ì¤ÏPGP 2.x·Á¼°¤Î¸°¤Ç¤¹¡£»Ø̾¼º¸ú¼Ô¤ÎÄɲäǡ¢°ìÉô¤ÎÈǤÎPGP¤Ï¡¢\n"
+" ¤³¤Î¸°¤òµñÈݤ¹¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "PGP 2.x·Á¼°¤Î¸°¤Ë¤Ï»Ø̾¼º¸ú¼Ô¤òÄɲäǤ­¤Þ¤»¤ó¡£\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "»Ø̾¼º¸ú¼Ô¤Î¥æ¡¼¥¶¡¼ID¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "PGP 2.x·Á¼°¤Î¸°¤Ï¡¢»Ø̾¼º¸ú¼Ô¤ËǤ̿¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "»Ø̾¼º¸ú¼Ô¤Ë¤Ï¡¢¤½¤Î¸°¼«ÂΤòǤ̿¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr "¤³¤Î¸°¤Ï¼º¸ú¼Ô¤È¤·¤Æ¤â¤¦»Ø̾¤µ¤ì¤Æ¤¤¤Þ¤¹\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr "·Ù¹ð: ¤¢¤ë¸°¤ò»Ø̾¼º¸ú¼Ô¤ËÀßÄꤹ¤ë¤È¡¢¸µ¤ËÌ᤻¤Þ¤»¤ó!\n"
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr "ËÜÅö¤Ë¤³¤Î¸°¤ò»Ø̾¼º¸ú¼Ô¤ËǤ̿¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "ÈëÌ©¸°¤ÎÁªÂò¤ò¤È¤¤¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#: g10/keyedit.c:3653
+#, fuzzy
+msgid "Please select at most one subkey.\n"
+msgstr "¹â¡¹1¸Ä¤ÎÉû¸°¤òÁªÂò¤·¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#: g10/keyedit.c:3657
+#, fuzzy
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Éû¸°¤ÎÍ­¸ú´ü¸Â¤òÊѹ¹¤·¤Þ¤¹¡£\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "¼ç¸°¤ÎÍ­¸ú´ü¸Â¤òÊѹ¹¤·¤Þ¤¹¡£\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "v3¸°¤ÎÍ­¸ú´ü¸Â¤ÏÊѹ¹¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "ÈëÌ©¸°ÎؤËÂбþ¤¹¤ë½ð̾¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "·Ù¹ð: ½ð̾Éû¸°%s¤Ï¡¢Áê¸ß¾ÚÌÀ¤Ç¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "¥æ¡¼¥¶¡¼ID¤ò¤­¤Ã¤«¤ê¤Ò¤È¤ÄÁªÂò¤·¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "¥æ¡¼¥¶¡¼ID¡È%s¡É¤Îv3¼«¸Ê½ð̾¤ò¤È¤Ð¤·¤Þ¤¹\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr "Áª¹¥¸°¥µ¡¼¥Ð¡¼URL¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤: "
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "ËÜÅö¤Ë¸ò´¹¤·¤¿¤¤¤Ç¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "ËÜÅö¤Ëºï½ü¤·¤¿¤¤¤Ç¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:4322
+#, fuzzy
+msgid "Enter the notation: "
+msgstr "½ð̾Ãí¼á: "
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "¾å½ñ¤­¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "%dÈ֤Υ桼¥¶¡¼ID¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/keyedit.c:4604
+#, fuzzy, c-format
+msgid "No user ID with hash %s\n"
+msgstr "%dÈ֤Υ桼¥¶¡¼ID¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/keyedit.c:4639
+#, fuzzy, c-format
+msgid "No subkey with index %d\n"
+msgstr "%dÈ֤Υ桼¥¶¡¼ID¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "¥æ¡¼¥¶¡¼ID:¡È%s¡É\n"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "%s¤Ç%s%s%s¤Ë½ð̾¤µ¤ì¤Æ¤¤¤Þ¤¹\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (½ñ½Ð¤·ÉÔ²Ä)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "¤³¤Î½ð̾¤Ï%s¤ÇËþλ¤Ç¤¹¡£\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "¤½¤ì¤Ç¤âËÜÅö¤Ë¼º¸ú¤·¤¿¤¤¤Ç¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "¤³¤Î½ð̾¤Ë¤¿¤¤¤¹¤ë¼º¸ú¾ÚÌÀ½ñ¤òºîÀ®¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr ""
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "¤³¤ì¤é¤Î¥æ¡¼¥¶¡¼ID¤Ë¸°%s¤Ç½ð̾¤·¤Þ¤·¤¿:\n"
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (¼º¸úÉÔ²Ä)"
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "¤¢¤Ê¤¿¤Î¸°%s¤Ç%s¤Ë¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤¹\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "¤³¤ì¤é¤Î½ð̾¤ò¼º¸ú¤·¤è¤¦¤È¤·¤Æ¤¤¤Þ¤¹:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "¼º¸ú¾ÚÌÀ½ñ¤òËÜÅö¤ËºîÀ®¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "ÈëÌ©¸°¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "¥æ¡¼¥¶¡¼ID¡È%s¡É¤Ï¡¢¤â¤¦¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤¹\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr "·Ù¹ð: ¥æ¡¼¥¶¡¼ID½ð̾¤¬¡¢%dÉÃ̤Íè¤Ç¤¹\n"
+
+#: g10/keyedit.c:5104
+#, fuzzy, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "¥æ¡¼¥¶¡¼ID¡È%s¡É¤Ï¡¢¤â¤¦¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤¹\n"
+
+#: g10/keyedit.c:5166
+#, fuzzy, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "¥æ¡¼¥¶¡¼ID¡È%s¡É¤Ï¡¢¤â¤¦¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤¹\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "%s (Â礭¤µ%ld) ¤Î¸°%s (uid %d) ¤Î¥Õ¥©¥ÈID¤È¤·¤Æɽ¼¨\n"
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "Áª¹¥¡Ö%s¡×¤Î½ÅÊ£\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "¿¤¹¤®¤ë°Å¹æË¡Áª¹¥\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "¿¤¹¤®¤ëÍ×ÌóÁª¹¥\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "¿¤¹¤®¤ë°µ½ÌÁª¹¥\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "Áª¹¥Ê¸»úÎó¤Ë̵¸ú¤Ê¹àÌÜ¡Ö%s¡×¤¬¤¢¤ê¤Þ¤¹\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "ľÀܽð̾¤ò½ñ¤­¹þ¤ß¤Þ¤¹\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "¼«¸Ê½ð̾¤ò½ñ¤­¹þ¤ß¤Þ¤¹\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "¸°Âбþ¤Ø¤Î½ð̾¤ò½ñ¤­¹þ¤ß¤Þ¤¹\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "̵¸ú¤Ê¸°Ä¹¡£%u¥Ó¥Ã¥È¤Ë¤·¤Þ¤¹\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "¸°Ä¹¤ò%u¥Ó¥Ã¥È¤Ë´Ý¤á¤Þ¤¹\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "Sign"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "Encrypt"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "Authenticate"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr "SsEeAaQq"
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "¸°%s¤Ë²Äǽ¤ÊÁàºî: "
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr "º£¡¢²Äǽ¤ÊÁàºî: "
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) ½ð̾ÎϤÎȿž\n"
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) °Å¹æÎϤÎȿž\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) ǧ¾ÚÎϤÎȿž\n"
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) ´°Î»\n"
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "¤´´õ˾¤Î¸°¤Î¼ïÎà¤òÁªÂò¤·¤Æ¤¯¤À¤µ¤¤:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA¤ÈElgamal (´ûÄê)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA¤ÈElgamal (´ûÄê)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (½ð̾¤Î¤ß)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (½ð̾¤Î¤ß)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) Elgamal (°Å¹æ²½¤Î¤ß)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (°Å¹æ²½¤Î¤ß)\n"
+
+#: g10/keygen.c:1703
+#, fuzzy, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) RSA (Æȼ«Ç½ÎϤòÀßÄê)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (Æȼ«Ç½ÎϤòÀßÄê)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "¤É¤Î¸°Ä¹¤Ë¤·¤Þ¤¹¤«? (1024) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, fuzzy, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "¤É¤Î¸°Ä¹¤Ë¤·¤Þ¤¹¤«? (1024) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Í׵ᤵ¤ì¤¿¸°Ä¹¤Ï%u¥Ó¥Ã¥È\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"¸°¤ÎÍ­¸ú´ü¸Â¤ò»ØÄꤷ¤Æ¤¯¤À¤µ¤¤¡£\n"
+" 0 = ¸°¤Ï̵´ü¸Â\n"
+" <n> = ¸°¤Ï n Æü´Ö¤ÇËþλ\n"
+" <n>w = ¸°¤Ï n ½µ´Ö¤ÇËþλ\n"
+" <n>m = ¸°¤Ï n ¤«·î´Ö¤ÇËþλ\n"
+" <n>y = ¸°¤Ï n ǯ´Ö¤ÇËþλ\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"½ð̾¤ÎÍ­¸ú´ü¸Â¤ò»ØÄꤷ¤Æ¤¯¤À¤µ¤¤¡£\n"
+" 0 = ½ð̾¤Ï̵´ü¸Â\n"
+" <n> = ½ð̾¤Ï n Æü´Ö¤ÇËþλ\n"
+" <n>w = ½ð̾¤Ï n ½µ´Ö¤ÇËþλ\n"
+" <n>m = ½ð̾¤Ï n ¤«·î´Ö¤ÇËþλ\n"
+" <n>y = ½ð̾¤Ï n ǯ´Ö¤ÇËþλ\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "¸°¤ÎÍ­¸ú´ü´Ö¤Ï? (0)"
+
+#: g10/keygen.c:1964
+#, fuzzy, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "½ð̾¤ÎÍ­¸ú´ü´Ö¤Ï? (0)"
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "̵¸ú¤ÊÃÍ\n"
+
+#: g10/keygen.c:1989
+#, fuzzy
+msgid "Key does not expire at all\n"
+msgstr "%s¤Ï̵´ü¸Â¤Ç¤¹\n"
+
+#: g10/keygen.c:1990
+#, fuzzy
+msgid "Signature does not expire at all\n"
+msgstr "%s¤Ï̵´ü¸Â¤Ç¤¹\n"
+
+#: g10/keygen.c:1995
+#, fuzzy, c-format
+msgid "Key expires at %s\n"
+msgstr "%s¤Ï%s¤ÇËþλ¤·¤Þ¤¹\n"
+
+#: g10/keygen.c:1996
+#, fuzzy, c-format
+msgid "Signature expires at %s\n"
+msgstr "¤³¤Î½ð̾¤Ï%s¤ÇËþλ¤Ç¤¹\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"¤³¤Î¥·¥¹¥Æ¥à¤Ç¤Ï¡¢2038ǯ°Ê¹ß¤ÎÆüÉÕ¤òɽ¼¨¤Ç¤­¤Þ¤»¤ó¤¬¡¢\n"
+"2106ǯ¤Þ¤Ç¤Ê¤éÀµ¤·¤¯¼è¤ê°·¤¨¤Þ¤¹¡£\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "¤³¤ì¤ÇÀµ¤·¤¤¤Ç¤¹¤«? (y/N) "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"¤¢¤Ê¤¿¤Î¸°¤òƱÄꤹ¤ë¤¿¤á¤Ë¥æ¡¼¥¶¡¼ID¤¬É¬ÍפǤ¹¡£\n"
+"¤³¤Î¥½¥Õ¥È¤ÏËÜ̾¡¢¥³¥á¥ó¥È¡¢ÅŻҥ᡼¥ë¡¦¥¢¥É¥ì¥¹¤«¤é\n"
+"¼¡¤Î½ñ¼°¤Ç¥æ¡¼¥¶¡¼ID¤ò¹½À®¤·¤Þ¤¹:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "ËÜ̾: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "̾Á°¤Ë̵¸ú¤Êʸ»ú¤¬¤¢¤ê¤Þ¤¹\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "̾Á°¤ò¿ô»ú¤Ç»Ï¤á¤Æ¤Ï¤¤¤±¤Þ¤»¤ó\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "̾Á°¤Ï5ʸ»ú°Ê¾å¤Ç¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "ÅŻҥ᡼¥ë¡¦¥¢¥É¥ì¥¹: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Í­¸ú¤ÊÅŻҥ᡼¥ë¡¦¥¢¥É¥ì¥¹¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "¥³¥á¥ó¥È: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "¥³¥á¥ó¥È¤Ë̵¸ú¤Êʸ»ú¤¬¤¢¤ê¤Þ¤¹\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "¤¢¤Ê¤¿¤Ïʸ»ú½¸¹ç¡Ö%s¡×¤ò»È¤Ã¤Æ¤¤¤Þ¤¹¡£\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"¼¡¤Î¥æ¡¼¥¶¡¼ID¤òÁªÂò¤·¤Þ¤·¤¿:\n"
+" ¡È%s¡É\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "ÅŻҥ᡼¥ë¤Î¥¢¥É¥ì¥¹¤òËÜ̾¤ä¥³¥á¥ó¥È¤ËÆþ¤ì¤Ê¤¤¤è¤¦¤Ë\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcEeOoQq"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "̾Á°(N)¡¢¥³¥á¥ó¥È(C)¡¢ÅŻҥ᡼¥ë(E)¤ÎÊѹ¹¡¢¤Þ¤¿¤Ï½ªÎ»(Q)? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "̾Á°(N)¡¢¥³¥á¥ó¥È(C)¡¢ÅŻҥ᡼¥ë(E)¤ÎÊѹ¹¡¢¤Þ¤¿¤ÏOK(O)¤«½ªÎ»(Q)? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "¤Þ¤º¥¨¥é¡¼¤ò½¤Àµ¤·¤Æ¤¯¤À¤µ¤¤\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"ÈëÌ©¸°¤òÊݸ¤ë¤¿¤á¤Ë¥Ñ¥¹¥Õ¥ì¡¼¥º¤¬¤¤¤ê¤Þ¤¹¡£\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤ÏÈëÌ©¤Îʸ¾Ï¤Î¤³¤È¤Ç¤¹ \n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"¥Ñ¥¹¥Õ¥ì¡¼¥º¤¬ÉÔɬÍפʤ褦¤Ç¤¹¤¬¡¢¤ª¤½¤é¤¯¤½¤ì¤Ï¤í¤¯¤Ç¤â¤Ê¤¤\n"
+"¹Í¤¨¤Ç¤¹! ¤¤¤Á¤ª¤¦Â³¹Ô¤·¤Þ¤¹¡£¥Ñ¥¹¥Õ¥ì¡¼¥º¤Ï¡¢¤³¤Î¥×¥í¥°¥é¥à\n"
+"¤Î¡È--edit-key¡É¥ª¥×¥·¥ç¥ó¤Ç¤¤¤Ä¤Ç¤âÊѹ¹¤Ç¤­¤Þ¤¹¡£\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"º£¤«¤éŤ¤Íð¿ô¤òÀ¸À®¤·¤Þ¤¹¡£¥­¡¼¥Ü¡¼¥É¤òÂǤĤȤ«¡¢¥Þ¥¦¥¹¤òÆ°¤«¤¹\n"
+"¤È¤«¡¢¥Ç¥£¥¹¥¯¤Ë¥¢¥¯¥»¥¹¤¹¤ë¤È¤«¤Î¾¤Î¤³¤È¤ò¤¹¤ë¤È¡¢Íð¿ôÀ¸À®»Ò¤Ç\n"
+"Í𻨤µ¤ÎÂ礭¤Ê¤¤¤¤Íð¿ô¤òÀ¸À®¤·¤ä¤¹¤¯¤Ê¤ë¤Î¤Ç¡¢¤ª´«¤á¤¤¤¿¤·¤Þ¤¹¡£\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "¸°¤ÎÀ¸À®¤¬¼è¤ê¾Ã¤µ¤ì¤Þ¤·¤¿¡£\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "¡Ö%s¡×¤Ø¸ø³«¸°¤ò½ñ¤­¹þ¤ß¤Þ¤¹\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "¡Ö%s¡×¤ØÈëÌ©¸°¥¹¥¿¥Ö¤ò½ñ¤­¹þ¤ß¤Þ¤¹\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "¡Ö%s¡×¤ØÈëÌ©¸°¤ò½ñ¤­¹þ¤ß¤Þ¤¹\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "½ñ¹þ¤ß²Äǽ¤Ê¸ø³«¸°Îؤ¬¸«¤Ä¤«¤ê¤Þ¤»¤ó: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "½ñ¹þ¤ß²Äǽ¤ÊÈëÌ©¸°Îؤ¬¸«¤Ä¤«¤ê¤Þ¤»¤ó: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "¸ø³«¸°ÎØ¡Ö%s¡×¤Î½ñ¹þ¤ß¥¨¥é¡¼: %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "ÈëÌ©¸°ÎØ¡Ö%s¡×¤Î½ñ¹þ¤ß¥¨¥é¡¼: %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "¸ø³«¸°¤ÈÈëÌ©¸°¤òºîÀ®¤·¡¢½ð̾¤·¤Þ¤·¤¿¡£\n"
+
+#: g10/keygen.c:3672
+#, fuzzy
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"¤³¤Î¸°¤Ï°Å¹æ²½¤Ë¤Ï»ÈÍѤǤ­¤Ê¤¤¤³¤È¤ËÃí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£°Å¹æ²½¤ò¹Ô¤¦¤Ë¤Ï¡¢\n"
+"¡È--edit-key¡É¥³¥Þ¥ó¥É¤ò»È¤Ã¤ÆÉû¸°¤òÀ¸À®¤·¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "¸°¤ÎÀ¸À®¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr "¸°¤Ï%luÉÃ̤Íè¤Ë¤Ç¤­¤Þ¤·¤¿ (»þ´Öι¹Ô¤«»þ·×¤Î¾ã³²¤Ç¤·¤ç¤¦)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr "¸°¤Ï%luÉÃ̤Íè¤Ë¤Ç¤­¤Þ¤·¤¿ (»þ´Öι¹Ô¤«»þ·×¤Î¾ã³²¤Ç¤·¤ç¤¦)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "Ãí°Õ: v3¸°¤ÎÉû¸°¤ÎºîÀ®¤Ï¡¢OpenPGP¤ËŬ¹ç¤·¤Þ¤»¤ó\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "ËÜÅö¤ËºîÀ®¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "¥«¡¼¥É¤Ø¤Î¸°¤ÎÊݴɤ˼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "¥Ð¥Ã¥¯¥¢¥Ã¥×¡¦¥Õ¥¡¥¤¥ë¡Ö%s¡×¤¬ºîÀ®¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "Ãí°Õ: ¥«¡¼¥É¸°¤Î¥Ð¥Ã¥¯¥¢¥Ã¥×¤¬¡Ö%s¡×¤ØÊݸ¤µ¤ì¤Þ¤¹\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "̵´ü¸Â "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "¥¯¥ê¥Æ¥£¥«¥ë¤Ê½ð̾¥Ý¥ê¥·¡¼: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "½ð̾¥Ý¥ê¥·¡¼: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr "º£¤ÎÁª¹¥¸°¥µ¡¼¥Ð¡¼: "
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "¥¯¥ê¥Æ¥£¥«¥ë¤Ê½ð̾Ãí¼á: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "½ð̾Ãí¼á: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "¸°ÎØ"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "¼ç¸°¤Î»ØÌæ:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr "Éû¸°¤Î»ØÌæ:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " ¼ç¸°¤Î»ØÌæ:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Éû¸°¤Î»ØÌæ:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr " »ØÌæ ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr " ¥«¡¼¥É¤ÎÄÌÈÖ ="
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "¡Ö%s¡×¤«¤é¡Ö%s¡×¤Ø¤Î°ÜÆ°¤Ë¼ºÇÔ: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "·Ù¹ð: ¿®ÍѾðÊó¤ò¤â¤Ã¤¿2¤Ä¤Î¥Õ¥¡¥¤¥ë¤¬Â¸ºß¤·¤Þ¤¹¡£\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s¤ÏÊѹ¹¤Î¤Ê¤¤Êý¤Ç¤¹\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s¤Ï¿·¤·¤¤Êý¤Ç¤¹\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "¤³¤ÎÀøºßŪ¤Ê°ÂÁ´¾å¤Î·ç´Ù¤ò½¤Àµ¤·¤Æ¤¯¤À¤µ¤¤\n"
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "¸°ÎØ¡Ö%s¡×¤ò¥­¥ã¥Ã¥·¥å¤·¤Þ¤¹\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu¸Ä¤Î¸°¤Þ¤Ç¥­¥ã¥Ã¥·¥åºÑ (%lu¸Ä¤Î½ð̾)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu¸Ä¤Î¸°¤ò¥­¥ã¥Ã¥·¥åºÑ (%lu¸Ä¤Î½ð̾)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: ¸°Îؤ¬¤Ç¤­¤Þ¤·¤¿\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "Áª¹¥¸°¥µ¡¼¥Ð¡¼URL¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤: "
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"·Ù¹ð: ¸°¥µ¡¼¥Ð¡¼¤Î¥ª¥×¥·¥ç¥ó¡Ö%s¡×¤Ï¡¢¤³¤Î¥×¥é¥Ã¥È¥Û¡¼¥à¤Ç¤Ï»È¤¨¤Þ¤»¤ó\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "disabled"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "ÈÖ¹æ(s)¡¢N)¼¡¡¢¤Þ¤¿¤ÏQ)Ãæ»ß¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤ >"
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "̵¸ú¤Ê¸°¥µ¡¼¥Ð¡¼¡¦¥×¥í¥È¥³¥ë¤Ç¤¹ (us %d!=handler %d)\n"
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "¸°¡È%s¡É¤¬¸°¥µ¡¼¥Ð¡¼¤Ë¸«¤Ä¤«¤ê¤Þ¤»¤ó\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "¸°¤¬¸°¥µ¡¼¥Ð¡¼¤Ë¸«¤Ä¤«¤ê¤Þ¤»¤ó\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "¸°%s¤ò%s¤«¤é¥µ¡¼¥Ð¡¼%s¤ËÍ×µá\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "¸°%s¤ò%s¤ËÍ×µá\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "¡È%s¡É¤ò%s¥µ¡¼¥Ð¡¼%s¤«¤é¸¡º÷\n"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "¡È%s¡É¤ò¥µ¡¼¥Ð¡¼%s¤«¤é¸¡º÷\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "¸°%s¤ò%s¥µ¡¼¥Ð¡¼%s¤ØÁ÷¿®\n"
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "¸°%s¤ò%s¤ØÁ÷¿®\n"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "¡È%s¡É¤ò%s¥µ¡¼¥Ð¡¼%s¤«¤é¸¡º÷\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "¡È%s¡É¤ò¥µ¡¼¥Ð¡¼%s¤«¤é¸¡º÷\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr "¸°¥µ¡¼¥Ð¡¼¡¦¥¢¥¯¥·¥ç¥ó¤¬¤¢¤ê¤Þ¤»¤ó!\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr "·Ù¹ð: ÊÌÈÇ (%s) ¤ÎGnuPG¤Î¸°¥µ¡¼¥Ð¡¼¡¦¥Ï¥ó¥É¥é\n"
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "¸°¥µ¡¼¥Ð¡¼¤ÏVERSION¤òÁ÷¿®¤·¤Þ¤»¤ó¤Ç¤·¤¿\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "´ûÃΤθ°¥µ¡¼¥Ð¡¼¤¬¤¢¤ê¤Þ¤»¤ó (¥ª¥×¥·¥ç¥ó--keyserver¤ò»È¤¤¤Þ¤·¤ç¤¦)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr "¤³¤Î¹½ÃۤǤϡ¢³°Éô¸°¥µ¡¼¥Ð¡¼¤Î¸Æ½Ð¤·¤Ï¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "¸°¥µ¡¼¥Ð¡¼¡¦¥¹¥­¡¼¥à¡Ö%s¡×ÍѤΥϥó¥É¥é¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr "Áàºî¡Ö%s¡×¤Ï¡¢¸°¥µ¡¼¥Ð¡¼¡¦¥¹¥­¡¼¥à¡Ö%s¡×¤Ç¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: g10/keyserver.c:1568
+#, fuzzy, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "gpgkeys_%s¤Ï¡¢¥Ï¥ó¥É¥é%dÈǤò¥µ¥Ý¡¼¥È¤·¤Þ¤»¤ó\n"
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "¸°¥µ¡¼¥Ð¡¼¤Î¥¿¥¤¥à¥¢¥¦¥È\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "¸°¥µ¡¼¥Ð¡¼¤ÎÆâÉô¥¨¥é¡¼\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "¸°¥µ¡¼¥Ð¡¼ÄÌ¿®¥¨¥é¡¼: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "¡È%s¡É¸°ID¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó: ¤È¤Ð¤·¤Þ¤¹\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "·Ù¹ð: ¸°%s¤ò%s·Ðͳ¤Ç²óÉü¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "1Ëܤθ°¤ò%s¤«¤é²óÉü\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "%dËܤθ°¤ò%s¤«¤é²óÉü\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "·Ù¹ð: ¸°%s¤ò%s·Ðͳ¤Ç²óÉü¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: g10/keyserver.c:1993
+#, fuzzy, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "·Ù¹ð: ¸°%s¤ò%s·Ðͳ¤Ç²óÉü¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "ÊѤÊŤµ¤Î°Å¹æ²½ºÑ¤ß¥»¥Ã¥·¥ç¥ó¸° (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s °Å¹æ²½ºÑ¤ß¥»¥Ã¥·¥ç¥ó¸°\n"
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "̤ÃΤÎÍ×Ì󥢥르¥ê¥º¥à¤ÇÀ¸À®¤µ¤ì¤¿¥Ñ¥¹¥Õ¥ì¡¼¥º %d\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "¸ø³«¸°¤Ï%s¤Ç¤¹\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "¸ø³«¸°¤Ë¤è¤ë°Å¹æ²½ºÑ¤ß¥Ç¡¼¥¿: Àµ¤·¤¤DEK¤Ç¤¹\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "%u-¥Ó¥Ã¥È%s¸°, ID %s, ÆüÉÕ%s¤Ë°Å¹æ²½¤µ¤ì¤Þ¤·¤¿\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " ¡È%s¡É\n"
+
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "%s¸°, ID %s¤Ç°Å¹æ²½¤µ¤ì¤Þ¤·¤¿\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "¸ø³«¸°¤ÎÉü¹æ¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "%lu ¸Ä¤Î¥Ñ¥¹¥Õ¥ì¡¼¥º¤Ç°Å¹æ²½\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "1 ¸Ä¤Î¥Ñ¥¹¥Õ¥ì¡¼¥º¤Ç°Å¹æ²½\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "%s°Å¹æ²½ºÑ¤ß¥Ç¡¼¥¿¤ò²¾Äê\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "IDEA°Å¹æË¡¤ÏÍøÍÑÉÔǽ¤Ê¤Î¤Ç¡¢³ÚŷŪ¤Ç¤¹¤¬%s¤ÇÂåÍѤ·¤è¤¦¤È¤·¤Æ¤¤¤Þ¤¹\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "Éü¹æ¤ËÀ®¸ù\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "·Ù¹ð: ¥á¥Ã¥»¡¼¥¸¤Î´°Á´À­¤ÏÊݸ¤ì¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "·Ù¹ð: °Å¹æ²½¤µ¤ì¤¿¥á¥Ã¥»¡¼¥¸¤Ï²þã⤵¤ì¤Æ¤¤¤Þ¤¹!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "Éü¹æ¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "Ãí°Õ: Á÷¿®¼Ô¤Ï¡ÈÆâ½ï¤Ë¤¹¤ë¡É¤è¤¦¤Ëµá¤á¤Æ¤¤¤Þ¤¹\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "¸µ¤Î¥Õ¥¡¥¤¥ë̾='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "ÆÈΩ¼º¸ú¡£¡Ègpg --import¡É¤ò»È¤Ã¤ÆŬÍѤ·¤Æ¤¯¤À¤µ¤¤\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "¡È%s¡É¤«¤é¤ÎÀµ¤·¤¤½ð̾"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "½ð̾¤Î¸¡¾Ú¤ò¾Êά\n"
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "¤³¤Î¿½Å½ð̾¤Ï¼è¤ê°·¤¨¤Þ¤»¤ó\n"
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "%s¤Ë»Ü¤µ¤ì¤¿½ð̾\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " %s¸°%s¤ò»ÈÍÑ\n"
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "%s¤Ë%s¸°ID %s¤Ç»Ü¤µ¤ì¤¿½ð̾\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "°Ê²¼¤Ë¸°¤¬¤¢¤ê¤Þ¤¹: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "¡È%s¡É¤«¤é¤Î ÉÔÀµ¤Ê ½ð̾"
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "¡È%s¡É¤«¤é¤Î´ü¸ÂÀÚ¤ì¤Î½ð̾"
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "¡È%s¡É¤«¤é¤ÎÀµ¤·¤¤½ð̾"
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[ÉÔ³ÎÄê]"
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " ÊÌ̾¡È%s¡É"
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "´ü¸ÂÀÚ¤ì¤Î½ð̾ %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "¤³¤Î½ð̾¤Ï%s¤ÇËþλ¤Ç¤¹\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s½ð̾¡¢Í×Ì󥢥르¥ê¥º¥à %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "¥Ð¥¤¥Ê¥ê¡¼"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "¥Æ¥­¥¹¥È¥â¡¼¥É"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "̤ÃΤÎ"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "½ð̾¤ò¸¡ºº¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "ʬΥ½ð̾¤Ç¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr "·Ù¹ð: ¿½Å½ð̾¤Î¸¡½Ð¡£ºÇ½é¤Î¤â¤Î¤À¤±¸¡ºº¤·¤Þ¤¹¡£\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "¥¯¥é¥¹0x%02x¤ÎÆÈΩ½ð̾\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "¸Å¤¤·Á¼° (PGP 2.x) ¤Î½ð̾\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "proc_tree() ¤ÎÃæ¤Ë̵¸ú¤Ê¥ë¡¼¥È¡¦¥Ñ¥±¥Ã¥È¤ò¸¡½Ð¤·¤Þ¤·¤¿\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "¡Ö%s¡×¤Îfstat¤¬%s¤Ç¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "fstat(%d)¤¬%s¤Ç¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/misc.c:296
+#, fuzzy, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "¸ø³«¸°¤Î¥¢¥ë¥´¥ê¥º¥à%d¤Ï¡¢¼è¤ê°·¤¨¤Þ¤»¤ó\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "·Ù¹ð: Í×Ì󥢥르¥ê¥º¥à %s (%d) ¤Î¶¯À©¤¬¡¢¼õ¼è¿Í¤ÎÁª¹¥¤ÈÂÐΩ¤·¤Þ¤¹\n"
+
+#: g10/misc.c:315
+#, fuzzy, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "̤¼ÂÁõ¤Î°Å¹æ¥¢¥ë¥´¥ê¥º¥à¤Ç¤¹"
+
+#: g10/misc.c:330
+#, fuzzy, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "%s½ð̾¡¢Í×Ì󥢥르¥ê¥º¥à %s\n"
+
+#: g10/misc.c:335
+#, fuzzy, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "·Ù¹ð: Í×Ì󥢥르¥ê¥º¥à %s (%d) ¤Î¶¯À©¤¬¡¢¼õ¼è¿Í¤ÎÁª¹¥¤ÈÂÐΩ¤·¤Þ¤¹\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "IDEA°Å¹æË¡¤Î¥×¥é¥°¥¤¥ó¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr "¾ÜºÙ¤Ïhttp://www.gnupg.org/faq.html¤ò¤´Í÷¤¯¤À¤µ¤¤\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: ÌäÂê»ë¤µ¤ì¤Æ¤¤¤ë¥ª¥×¥·¥ç¥ó¡È%s¡É\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "·Ù¹ð:¡È%s¡É¤Ï¡¢ÌäÂê»ë¤µ¤ì¤Æ¤¤¤ë¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "¡È%s%s¡É¤òÂå¤ï¤ê¤Ë»È¤Ã¤Æ¤¯¤À¤µ¤¤\n"
+
+#: g10/misc.c:774
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "·Ù¹ð:¡È%s¡É¤Ï¡¢ÌäÂê»ë¤µ¤ì¤Æ¤¤¤ë¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "·Ù¹ð:¡È%s¡É¤Ï¡¢ÌäÂê»ë¤µ¤ì¤Æ¤¤¤ë¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "̵°µ½Ì"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr "̵°µ½Ì|¤Ê¤·"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "¤³¤Î¥á¥Ã¥»¡¼¥¸¤Ï¡¢%s¤Ç¤Ï»ÈÍѤǤ­¤Þ¤»¤ó\n"
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "¤¢¤¤¤Þ¤¤¤Ê¥ª¥×¥·¥ç¥ó¡Ö%s¡×\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "̤ÃΤΥª¥×¥·¥ç¥ó¡Ö%s¡×\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "¥Õ¥¡¥¤¥ë¡Ö%s¡×¤Ï´û¤Ë¸ºß¤·¤Þ¤¹¡£"
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "¾å½ñ¤­¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: ̤ÃΤγÈÄ¥»Ò\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "¿·¤·¤¤¥Õ¥¡¥¤¥ë̾¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "ɸ½à½ÐÎϤ˽ñ¤­¹þ¤ß¤Þ¤¹\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "½ð̾¤µ¤ì¤¿¥Ç¡¼¥¿¤¬¡Ö%s¡×¤Ë¤¢¤ë¤ÈÁÛÄꤷ¤Þ¤¹\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "¿·¤·¤¤¹½À®¥Õ¥¡¥¤¥ë¡Ö%s¡×¤¬¤Ç¤­¤Þ¤·¤¿\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "·Ù¹ð: ¡Ö%s¡×¤Î¥ª¥×¥·¥ç¥ó¤Ïµ¯Æ°¤·¤Æ¤¤¤ë´Ö¡¢Í­¸ú¤Ë¤Ê¤ê¤Þ¤»¤ó\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "¸ø³«¸°¤Î¥¢¥ë¥´¥ê¥º¥à%d¤Ï¡¢¼è¤ê°·¤¨¤Þ¤»¤ó\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr "·Ù¹ð: ÀøºßŪ¤Ë·õÆݤÊÂоΰŹ沽¥»¥Ã¥·¥ç¥ó¸°¤Ç¤¹\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "·¿%d¤Î²¼°Ì¥Ñ¥±¥Ã¥È¤Ë¥¯¥ê¥Æ¥£¥«¥ë¡¦¥Ó¥Ã¥È¤òȯ¸«\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, fuzzy, c-format
+msgid "problem with the agent: %s\n"
+msgstr "¥¨¡¼¥¸¥§¥ó¥È¤Ë¾ã³²: ¥¨¡¼¥¸¥§¥ó¥È¤¬0x%lx¤òÊÖµÑ\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (¼ç¸°ID %s)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"¼¡¤Î¥æ¡¼¥¶¡¼¤ÎÈëÌ©¸°¤Î¥í¥Ã¥¯¤ò²ò½ü¤¹¤ë¤Ë¤Ï¥Ñ¥¹¥Õ¥ì¡¼¥º¤¬¤¤¤ê¤Þ¤¹:\n"
+"\"%.*s\"\n"
+"%u¥Ó¥Ã¥È%s¸°, ID %sºîÀ®ÆüÉÕ¤Ï%s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎÏ\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "¥æ¡¼¥¶¡¼¤Ë¤è¤ë¼è¾Ã¤·\n"
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"¼¡¤Î¥æ¡¼¥¶¡¼¤ÎÈëÌ©¸°¤Î¥í¥Ã¥¯¤ò²ò½ü¤¹¤ë¤Ë¤Ï\n"
+"¥Ñ¥¹¥Õ¥ì¡¼¥º¤¬¤¤¤ê¤Þ¤¹:¡È%s¡É\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u¥Ó¥Ã¥È%s¸°, ID %sºîÀ®ÆüÉÕ¤Ï%s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (¼ç¸°ID %s ¤ÎÉû¸°)"
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"¤¢¤Ê¤¿¤Î¥Õ¥©¥ÈID¤Ë»È¤¦²èÁü¤ò·è¤á¤Æ¤¯¤À¤µ¤¤¡£²èÁü¤ÏJPEG¥Õ¥¡¥¤¥ë¤Ç¤¢¤ëɬ\n"
+"Íפ¬¤¢¤ê¤Þ¤¹¡£²èÁü¤Ï¸ø³«¸°¤È¤¤¤Ã¤·¤ç¤Ë³ÊǼ¤µ¤ì¤ë¡¢¤È¤¤¤¦¤³¤È¤òǰƬ¤Ë¤ª\n"
+"¤¤¤Æ¤ª¤­¤Þ¤·¤ç¤¦¡£¤â¤·Â礭¤Ê¼Ì¿¿¤ò»È¤¦¤È¡¢¤¢¤Ê¤¿¤Î¸°¤âƱÍͤËÂ礭¤¯¤Ê¤ê\n"
+"¤Þ¤¹! 240x288¤¯¤é¤¤¤Ë¤ª¤µ¤Þ¤ëÂ礭¤µ¤Î²èÁü¤Ï¡¢»È¤¤¤è¤¤¤Ç¤·¤ç¤¦¡£\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "¥Õ¥©¥ÈIDÍѤÎJPEG¥Õ¥¡¥¤¥ë̾¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤: "
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "JPEG¥Õ¥¡¥¤¥ë¡Ö%s¡×¤¬³«¤±¤Þ¤»¤ó: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "¤³¤ÎJPEG¤Ï¡¢ËÜÅö¤ËÂ礭¤¤ (%d¥Ð¥¤¥È) !\n"
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "ËÜÅö¤Ë»È¤¤¤¿¤¤¤Ç¤¹¤«? (y/N) "
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "¡Ö%s¡×¤Ï¡¢JPEG¥Õ¥¡¥¤¥ë¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "¤³¤Î¼Ì¿¿¤ÏÀµ¤·¤¤¤Ç¤¹¤« (y/N/q)? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "¥Õ¥©¥ÈID¤¬É½¼¨ÉÔǽ!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Íýͳ¤Ï»ØÄꤵ¤ì¤Æ¤¤¤Þ¤»¤ó"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "¸°¤¬¤È¤ê¤«¤ï¤Ã¤Æ¤¤¤Þ¤¹"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "¸°¤¬¥Ñ¥¯¤é¤ì¤Þ¤·¤¿"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "¸°¤Ï¤â¤¦ÉÔÍѤǤ¹"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "¥æ¡¼¥¶¡¼ID¤¬¤â¤¦Í­¸ú¤Ç¤¢¤ê¤Þ¤»¤ó"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "¼º¸úÍýͳ: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "¼º¸ú¤Î¥³¥á¥ó¥È: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMqQsS"
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "¿®ÍÑÅÙ¤¬»ØÄꤵ¤ì¤Æ¤¤¤Þ¤»¤ó:\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " ÊÌ̾¡È%s¡É\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+"¤³¤Î¸°¤¬¤³¤Î¥æ¡¼¥¶¡¼¤ò¤Ê¤Î¤ëËܿͤΤâ¤Î¤«¤É¤¦¤«¡¢¤É¤ì¤¯¤é¤¤¿®ÍѤǤ­¤Þ¤¹¤«?\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = ÃΤé¤Ê¤¤¡¢¤Þ¤¿¤Ï²¿¤È¤â¸À¤¨¤Ê¤¤\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = ¿®ÍѤ· ¤Ê¤¤\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = ÀäÂÐŪ¤Ë¿®ÍѤ¹¤ë\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " m = ¥á¡¼¥ó¡¦¥á¥Ë¥å¡¼¤ËÌá¤ë\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " s = ¤³¤Î¸°¤Ï¤È¤Ð¤¹\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " q = ½ªÎ»\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr "¤³¤Î¸°¤ÎºÇ¾®¿®ÍÑ¥ì¥Ù¥ë: %s\n"
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "¤¢¤Ê¤¿¤Î·èÄê¤Ï? "
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "ËÜÅö¤Ë¤³¤Î¸°¤òÀäÂÐŪ¤Ë¿®ÍѤ·¤Þ¤¹¤«? (y/N) "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "ÀäÂÐŪ¤Ë¿®ÍѤ·¤¿¸°¤Ø¤Î¾ÚÌÀ½ñ:\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr "%s: ¤³¤Î¸°¤¬ËÜÅö¤ËËܿͤΤâ¤Î¤Ç¤¢¤ë¡¢¤È¤¤¤¦Ãû¸õ¤¬¡¢¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr "%s: ¤³¤Î¸°¤¬ËÜÅö¤ËËܿͤΤâ¤Î¤Ç¤¢¤ë¡¢¤È¤¤¤¦Ãû¸õ¤¬¡¢¾¯¤·¤·¤«¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "¤³¤Î¸°¤Ï¤¿¤Ö¤óËܿͤΤâ¤Î¤Ç¤¹\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "¤³¤Î¸°¤Ï¼«Ê¬¤Î¤â¤Î¤Ç¤¹\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"¤³¤Î¸°¤Ï¡¢¤³¤Î¥æ¡¼¥¶¡¼ID¤ò¤Ê¤Î¤ëËܿͤΤâ¤Î¤«¤É¤¦¤«³Î¿®¤Ç¤­\n"
+"¤Þ¤»¤ó¡£º£¤«¤é¹Ô¤¦¤³¤È¤ò¡öËÜÅö¤Ë¡öÍý²ò¤·¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ë¤Ï¡¢\n"
+"¼¡¤Î¼ÁÌä¤Ë¤Ïno¤ÈÅú¤¨¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "¤½¤ì¤Ç¤â¤³¤Î¸°¤ò»È¤¤¤Þ¤¹¤«? (y/N) "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "·Ù¹ð: ¿®ÍѤǤ­¤Ê¤¤¸°¤ò»È¤Ã¤Æ¤¤¤Þ¤¹!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "·Ù¹ð: ¤³¤Î¸°¤Ï¼º¸ú¤µ¤ì¤¿¤è¤¦¤Ç¤¹ (¼º¸ú¸°¤ÏÉÔºß)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "·Ù¹ð: ¤³¤Î¸°¤Ï»Ø̾¼º¸ú¼Ô¤Ë¤è¤Ã¤Æ¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤¹!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "·Ù¹ð: ¤³¤Î¸°¤Ï½êÍ­¼Ô¤Ë¤è¤Ã¤Æ¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤¹!\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " ½ð̾¤¬µ¶Êª¤Ê¤³¤È¤â¤¢¤ë¡¢¤È¤¤¤¦¤³¤È¤Ç¤¹¡£\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "·Ù¹ð: ¤³¤ÎÉû¸°¤Ï½êÍ­¼Ô¤Ë¤è¤Ã¤Æ¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤¹!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Ãí°Õ: ¤³¤Î¸°¤Ï»ÈÍѶػߤËÀßÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Ãí°Õ: ¤³¤Î¸°¤ÏËþλ¤Ç¤¹!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "·Ù¹ð: ¤³¤Î¸°¤Ï¿®ÍѤǤ­¤ë½ð̾¤Ç¾ÚÌÀ¤µ¤ì¤Æ¤¤¤Þ¤»¤ó!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr " ¤³¤Î½ð̾¤¬½êÍ­¼Ô¤Î¤â¤Î¤«¤É¤¦¤«¤Î¸¡¾Ú¼êÃʤ¬¤¢¤ê¤Þ¤»¤ó¡£\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "·Ù¹ð: ¤³¤Î¸°¤Ï¿®ÍѤǤ­¤Þ ¤»¤ó!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " ¤³¤Î½ð̾¤Ï¤ª¤½¤é¤¯ µ¶Êª ¤Ç¤¹¡£\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr "·Ù¹ð: ¤³¤Î¸°¤Ï½½Ê¬¤Ë¿®ÍѤǤ­¤ë½ð̾¤Ç¾ÚÌÀ¤µ¤ì¤Æ¤¤¤Þ¤»¤ó!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " ¤³¤Î½ð̾¤¬½êÍ­¼Ô¤Î¤â¤Î¤«¤É¤¦¤«³Î¿®¤Ç¤­¤Þ¤»¤ó¡£\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: ¥¹¥­¥Ã¥×: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: ¥¹¥­¥Ã¥×: ¸ø³«¸°¤Ï¤â¤¦¤¢¤ê¤Þ¤¹\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "¥æ¡¼¥¶¡¼ID¤ò»ØÄꤷ¤Æ¤¤¤Þ¤»¤ó (¡È-r¡É¤ò»È¤¤¤Þ¤·¤ç¤¦) ¡£\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr "º£¤Î¼õ¼è¿Í:\n"
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"¥æ¡¼¥¶¡¼ID¤òÆþÎÏ¡£¶õ¹Ô¤Ç½ªÎ»: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "¤½¤Î¥æ¡¼¥¶¡¼ID¤Ï¤¢¤ê¤Þ¤»¤ó¡£\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "¥¹¥­¥Ã¥×: ¸ø³«¸°¤Ï´ûÄê¤Î¼õ¼è¿Í¤È¤·¤Æ¤â¤¦ÀßÄêºÑ¤ß¤Ç¤¹\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "¸ø³«¸°¤Ï»ÈÍѶػߤǤ¹¡£\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "¥¹¥­¥Ã¥×: ¸ø³«¸°¤Ï¤â¤¦ÀßÄêºÑ¤ß¤Ç¤¹\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "´ûÄê¤Î¼õ¼è¿Í¡È%s¡É¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: ¥¹¥­¥Ã¥×: ¸ø³«¸°¤Ï»ÈÍѶػߤǤ¹\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "Í­¸ú¤Ê°¸À褬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "¸°%s¤Ë¤Ï¥æ¡¼¥¶¡¼ID¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "¸°%s¤Ë¤Ï¥æ¡¼¥¶¡¼ID¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+"¥Ç¡¼¥¿¤ÏÊݸ¤µ¤ì¤Æ¤¤¤Þ¤»¤ó¡£\n"
+"Êݸ¤¹¤ë¤Ë¤Ï¡È--output¡É¥ª¥×¥·¥ç¥ó¤ò»È¤Ã¤Æ¤¯¤À¤µ¤¤\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "ʬΥ½ð̾¡£\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "¥Ç¡¼¥¿¡¦¥Õ¥¡¥¤¥ë¤Î̾Á°¤òÆþÎÏ: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "ɸ½àÆþÎϤè¤êÆɽФ·Ãæ ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "½ð̾¤µ¤ì¤¿¥Ç¡¼¥¿¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "½ð̾¤µ¤ì¤¿¥Ç¡¼¥¿¡Ö%s¡×¤¬³«¤±¤Þ¤»¤ó\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "½ð̾¤µ¤ì¤¿¥Ç¡¼¥¿¡Ö%s¡×¤¬³«¤±¤Þ¤»¤ó\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "ƿ̾¤Î¼õ¼è¿ÍÍѤǤ¹¡£ÈëÌ©¸°%s¤ò»î¤·¤Þ¤¹ ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "½ªÎ»¡£Æ¿Ì¾¤Î¼õ¼è¿ÍÍѤǤ¹¡£\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "µì¼°¤ÎDEKÉä¹æ¤Ï¡¢¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "°Å¹æ¥¢¥ë¥´¥ê¥º¥à%d%s¤Ï̤ÃΤ«»ÈÍѶػߤǤ¹\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "·Ù¹ð: °Å¹æ¥¢¥ë¥´¥ê¥º¥à%s¤Ï¼õ¼è¿Í¤ÎÁª¹¥¤ËÆþ¤Ã¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "Ãí°Õ: ÈëÌ©¸°%s¤Ï%s¤ÇËþλ¤Ç¤¹\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "Ãí°Õ: ¸°¤Ï¼º¸úºÑ¤ß¤Ç¤¹"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet ¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "¸°%s¤Ë¤Ï¥æ¡¼¥¶¡¼ID¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "¼º¸ú¼Ô:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(¤³¤ì¤Ï¡¢¥Ç¥ê¥±¡¼¥È¤Ê¼º¸ú¸°¤Ç¤¹)\n"
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "¤³¤Î¸°¤Ë¤¿¤¤¤¹¤ë»Ø̾¼º¸ú¾ÚÌÀ½ñ¤òºîÀ®¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "ASCIIÊñÁõ½ÐÎϤò¶¯À©¤·¤Þ¤¹¡£\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet ¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "¼º¸ú¾ÚÌÀ½ñ¤òºîÀ®¡£\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "¡È%s¡ÉÍѤμº¸ú¸°¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó\n"
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "ÈëÌ©¸°¡È%s¡É¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "Âбþ¤¹¤ë¸ø³«¸°¤¬¤¢¤ê¤Þ¤»¤ó: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "¸ø³«¸°¤ÈÈëÌ©¸°¤¬¾È¹ç¤·¤Þ¤»¤ó!\n"
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "¤³¤Î¸°¤Ë¤¿¤¤¤¹¤ë¼º¸ú¾ÚÌÀ½ñ¤òºîÀ®¤·¤Þ¤¹¤«? (y/N) "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "̤ÃΤÎÊݸ¥ë¥´¥ê¥º¥à¤Ç¤¹\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "Ãí°Õ: ¤³¤Î¸°¤ÏÊݸ¤ì¤Æ¤¤¤Þ¤»¤ó!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"¼º¸ú¾ÚÌÀ½ñ¤òºîÀ®¤·¤Þ¤·¤¿¡£\n"
+"\n"
+"¸«¤Ä¤«¤é¤Ê¤¤¤è¤¦¤ÊÇÞÂΤ˰ÜÆ°¤·¤Æ¤¯¤À¤µ¤¤¡£¤â¤·¥ï¥ë¤¬¤³¤Î¾ÚÌÀ½ñ¤Ø¤Î\n"
+"¥¢¥¯¥»¥¹¤òÆÀ¤ë¤È¡¢¤½¤¤¤Ä¤Ï¤¢¤Ê¤¿¤Î¸°¤ò»È¤¨¤Ê¤¯¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£\n"
+"ÇÞÂΤ¬ÆɽФ·ÉÔǽ¤Ë¤Ê¤Ã¤¿¾ì¹ç¤ËÈ÷¤¨¤Æ¡¢¤³¤Î¾ÚÌÀ½ñ¤ò°õºþ¤·¤ÆÊݴɤ¹¤ë¤Î\n"
+"¤¬¸­ÌÀ¤Ç¤¹¡£¤·¤«¤·¡¢¤´Ãí°Õ¤¯¤À¤µ¤¤¡£¤¢¤Ê¤¿¤Î¥Þ¥·¥ó¤Î°õ»ú¥·¥¹¥Æ¥à¤Ï¡¢\n"
+"¤À¤ì¤Ç¤â¸«¤¨¤ë¾ì½ê¤Ë¥Ç¡¼¥¿¤ò¤ª¤¯¤³¤È¤¬¤¢¤ê¤Þ¤¹!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "¼º¸ú¤ÎÍýͳ¤òÁªÂò¤·¤Æ¤¯¤À¤µ¤¤:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "¥­¥ã¥ó¥»¥ë"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(¤³¤³¤Ç¤Ï¤¿¤Ö¤ó%d¤òÁª¤Ó¤Þ¤¹)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "ͽÈ÷¤ÎÀâÌÀ¤òÆþÎÏ¡£¶õ¹Ô¤Ç½ªÎ»:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "¼º¸úÍýͳ: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(ÀâÌÀ¤Ï¤¢¤ê¤Þ¤»¤ó)\n"
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "¤è¤í¤·¤¤¤Ç¤¹¤«? (y/N) "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "ÈëÌ©Éôʬ¤¬ÆÀ¤é¤ì¤Þ¤»¤ó\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "Êݸ¥ë¥´¥ê¥º¥à%d%s¤Ï¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "ÊݸîÍ×Ìó%d¤Ï¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "̵¸ú¤Ê¥Ñ¥¹¥Õ¥ì¡¼¥º¤Ç¤¹¡£ºÆÆþÎϤ·¤Æ¤¯¤À¤µ¤¤"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "·Ù¹ð: ¼å¤¤¸°¤ò¸¡½Ð¤·¤Þ¤·¤¿¡£¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÊѹ¹¤·¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr "ÌäÂê»ë¤µ¤ì¤¿16¥Ó¥Ã¥È¤Î¥Á¥§¥Ã¥¯¥µ¥à¤òÈëÌ©¸°¤ÎÊݸî¤ËÀ¸À®\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "¼å¤¤¸°¤¬¤Ç¤­¤Þ¤·¤¿ - ºÆ¼Â¹Ô\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr "ÂоΰŹæË¡¤Î¼å¤¤¸°¤ò²óÈò¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¡£%d²ó»î¤ß¤Þ¤·¤¿!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "·Ù¹ð: ½ð̾¤ÎÍ×Ì󤬡¢¥á¥Ã¥»¡¼¥¸¤ÈÌ·½â¤·¤Þ¤¹\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "·Ù¹ð: ½ð̾Éû¸°%s¤Ï¡¢Áê¸ß¾ÚÌÀ¤Ç¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr "·Ù¹ð: ̵¸ú¤ÊÁê¸ß¾ÚÌÀ¤¬¡¢½ð̾Éû¸°%s¤Ë¤¢¤ê¤Þ¤¹\n"
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "¸ø³«¸°%s¤Ï¡¢½ð̾¤Î%luÉÃÁ°¤Ç¤¹\n"
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "¸ø³«¸°%s¤Ï¡¢½ð̾¤Î%luÉÃÁ°¤Ç¤¹\n"
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr "¸°%s¤Ï%luÉÃ̤Íè¤Ë¤Ç¤­¤Þ¤·¤¿ (»þ´Öι¹Ô¤«»þ·×¤Î¾ã³²¤Ç¤·¤ç¤¦)\n"
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr "¸°%s¤Ï%luÉÃ̤Íè¤Ë¤Ç¤­¤Þ¤·¤¿ (»þ´Öι¹Ô¤«»þ·×¤Î¾ã³²¤Ç¤·¤ç¤¦)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "Ãí°Õ: ½ð̾¸°%s¤Ï%s¤ËËþλ¤Ç¤¹\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "Ãí°Õ: ¸°¤Ï¼º¸úºÑ¤ß¤Ç¤¹"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr "̤ÃΤΥ¯¥ê¥Æ¥£¥«¥ë¡¦¥Ó¥Ã¥È¤Ë¤è¤ê¡¢¸°%s¤Î½ð̾¤òÉÔÀµ¤È¤ß¤Ê¤·¤Þ¤¹\n"
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "¸°%s: Éû¸°¼º¸ú½ð̾¤Ë¤¿¤¤¤¹¤ëÉû¸°¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "¸°%s: Éû¸°Âбþ¤Ø¤Î½ð̾¤Ë¤¿¤¤¤¹¤ëÉû¸°¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr "·Ù¹ð: ɽµ­¤ò%%³ÈÄ¥ÉÔǽ (Â礭¤¹¤®)¡£Èó³ÈÄ¥¤ò»ÈÍÑ¡£\n"
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr "·Ù¹ð: ¥Ý¥ê¥·¡¼URL¤ò%%³ÈÄ¥ÉÔǽ (Â礭¤¹¤®)¡£Èó³ÈÄ¥¤ò»ÈÍÑ¡£\n"
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr "·Ù¹ð: Áª¹¥¸°¥µ¡¼¥Ð¡¼URL¤ò%%³ÈÄ¥ÉÔǽ (Â礭¤¹¤®)¡£Èó³ÈÄ¥¤ò»ÈÍÑ¡£\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "ºîÀ®¤µ¤ì¤¿½ð̾¤Î¸¡ºº¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s½ð̾¡£½ð̾¼Ô:¡È%s¡É\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "--pgp2¥â¡¼¥É¤Ç¤Ï¡¢PGP 2.x·Á¼°¤Î¸°¤ÇʬΥ½ð̾¤Ç¤­¤ë¤À¤±¤Ç¤¹\n"
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr "·Ù¹ð: Í×Ì󥢥르¥ê¥º¥à %s (%d) ¤Î¶¯À©¤¬¡¢¼õ¼è¿Í¤ÎÁª¹¥¤ÈÂÐΩ¤·¤Þ¤¹\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "½ð̾:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "--pgp2¥â¡¼¥É¤Ç¤ÏPGP 2.x·Á¼°¤Î¸°¤Ç¥¯¥ê¥¢½ð̾¤·¤«¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "%s°Å¹æ²½¤ò»ÈÍѤ·¤Þ¤¹\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"·õÆݤǤ¢¤ë¤È¤¤¤¦¥Õ¥é¥°¤¬¸°¤Ë¤ÏÀßÄꤵ¤ì¤Æ¤¤¤Þ¤»¤ó¡£\n"
+"µ¶ÊªÍð¿ôÀ¸À®»Ò¤È¤Ï¤¤¤Ã¤·¤ç¤Ë»È¤¨¤Þ¤»¤ó!\n"
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "¡È%s¡É¤ò¤È¤Ð¤·¤Þ¤¹: ½ÅÊ£\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "¡È%s¡É¤ò¤È¤Ð¤·¤Þ¤¹: %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "¥¹¥­¥Ã¥×: ÈëÌ©¸°¤Ï¤â¤¦¤¢¤ê¤Þ¤¹\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr "¤³¤ì¤ÏPGP¤ÎÀ¸À®¤·¤¿Elgamal¸°¤Ç¡¢½ð̾ÍѤˤϰÂÁ´¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó!"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "¿®Íѥ쥳¡¼¥É%lu, ·¿%d: ½ñ¹þ¤ß¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Sitei sareta sin'youdo itiran %s\n"
+"# (\"gpg --import-ownertrust\" wo tukatte hukkyuu dekimasu)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "¡Ö%s¡×¤Ç¥¨¥é¡¼: %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "¹Ô¤¬Ä¹¤¹¤®¤Þ¤¹"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr "¥³¥í¥ó¤¬¤¢¤ê¤Þ¤»¤ó"
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "̵¸ú¤Ê»ØÌæ"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "½êÍ­¼Ô¿®ÍÑÅÙ¤¬¤¢¤ê¤Þ¤»¤ó"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "¡Ö%s¡×¤Ç¿®Íѥ쥳¡¼¥É¤Î¸¡º÷¥¨¥é¡¼: %s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "¡Ö%s¡×¤ÇÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "¿®Íѥǡ¼¥¿¥Ù¡¼¥¹: Ʊ´ü¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "¿®Íѥǡ¼¥¿¥Ù¡¼¥¹ ¥ì¥³¡¼¥É%lu: ¥·¡¼¥¯¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "¿®Íѥǡ¼¥¿¥Ù¡¼¥¹ ¥ì¥³¡¼¥É%lu: ½ñ¹þ¤ß¤Ë¼ºÇÔ¤·¤Þ¤·¤¿ (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤Î¥È¥é¥ó¥¶¥¯¥·¥ç¥ó¤¬Â礭¤¹¤®¤Þ¤¹\n"
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "¡Ö%s¡×¤Ë¥¢¥¯¥»¥¹¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: ¥Ç¥£¥ì¥¯¥È¥ê¡¼¤¬¤¢¤ê¤Þ¤»¤ó!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "¡Ö%s¡×¤Î¥í¥Ã¥¯¤òºîÀ®¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "¡Ö%s¡×¤¬¥í¥Ã¥¯¤Ç¤­¤Þ¤»¤ó\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: ¥Ð¡¼¥¸¥ç¥ó¡¦¥ì¥³¡¼¥É¤ÎºîÀ®¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: ̵¸ú¤Ê¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤òºîÀ®\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: ¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤¬¤Ç¤­¤Þ¤·¤¿\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "Ãí°Õ: ¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤¬¡¢½ñ¹þ¤ßÉÔǽ¤Ç¤¹\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: ̵¸ú¤Ê¿®Íѥǡ¼¥¿¥Ù¡¼¥¹\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: ¥Ï¥Ã¥·¥åɽ¤ÎºîÀ®¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: ¥Ð¡¼¥¸¥ç¥ó¡¦¥ì¥³¡¼¥É¤Î¹¹¿·¥¨¥é¡¼: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: ¥Ð¡¼¥¸¥ç¥ó¡¦¥ì¥³¡¼¥É¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: ¥Ð¡¼¥¸¥ç¥ó¡¦¥ì¥³¡¼¥É¤Î½ñ¹þ¤ß¥¨¥é¡¼: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "¿®Íѥǡ¼¥¿¥Ù¡¼¥¹: ¥·¡¼¥¯¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "¿®Íѥǡ¼¥¿¥Ù¡¼¥¹: ÆɽФ·¤Ë¼ºÇÔ¤·¤Þ¤·¤¿ (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: ¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¡¦¥Õ¥¡¥¤¥ë¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: ¥ì¥³¡¼¥ÉÈÖ¹æ%luÈ֤ΥС¼¥¸¥ç¥ó¡¦¥ì¥³¡¼¥É\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: ̵¸ú¤Ê¥Õ¥¡¥¤¥ë¡¦¥Ð¡¼¥¸¥ç¥ó%d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: ¶õ¤­¥ì¥³¡¼¥É¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: ¥Ç¥£¥ì¥¯¥È¥ê¡¼¡¦¥ì¥³¡¼¥É¤Î½ñ¹þ¤ß¥¨¥é¡¼: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: ¥ì¥³¡¼¥É¤Î½é´ü²½¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: ¥ì¥³¡¼¥É¤ÎÄɲä˼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: ¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤¬¤Ç¤­¤Þ¤·¤¿\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "%dʸ»ú°Ê¾å¤ÎŤµ¤Î¥Æ¥­¥¹¥È¹Ô¤Ï¡¢¼è¤ê°·¤¨¤Þ¤»¤ó\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "ÆþÎϹԤÎŤµ¤¬%dʸ»ú¤òĶ¤¨¤Æ¤¤¤Þ¤¹\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "¡Ö%s¡×¤Ï¡¢Í­¸ú¤ÊÂç·¿¸°ID¤Ç¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "¸°%s: ¿®ÍѤ¹¤ë¸°¤È¤·¤Æ¼õÍý¤·¤Þ¤·¤¿\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "¸°%s¤¬¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤ËÊ£¿ô¤¢¤ê¤Þ¤¹\n"
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "¸°%s: ¿®ÍѤµ¤ì¤ë¸°¤Î¸ø³«¸°¤¬¤¢¤ê¤Þ¤»¤ó - ¤È¤Ð¤·¤Þ¤¹\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "¸°%s¤òÀäÂÐŪ¤Ë¿®ÍѤ¹¤ë¤è¤¦µ­Ï¿¤·¤Þ¤·¤¿\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "¿®Íѥ쥳¡¼¥É%lu, ¥ê¥¯¥¨¥¹¥È·¿%d: ÆɽФ·¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "¿®Íѥ쥳¡¼¥É%lu¤¬Í׵ᤵ¤ì¤¿·¿%d¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr "̤ÃΤο®ÍÑ¥â¥Ç¥ë (%d) ¤Ï»È¤¨¤Þ¤»¤ó - %s¿®ÍÑ¥â¥Ç¥ë¤ò²¾Äê\n"
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr "%s¿®ÍÑ¥â¥Ç¥ë¤ò»ÈÍÑ\n"
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+#, fuzzy
+msgid "[ revoked]"
+msgstr "¼º¸ú"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+#, fuzzy
+msgid "[ expired]"
+msgstr "Ëþλ"
+
+#: g10/trustdb.c:528
+#, fuzzy
+msgid "[ unknown]"
+msgstr "̤ÃΤÎ"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+#, fuzzy
+msgid "[marginal]"
+msgstr "¤¢¤ëÄøÅÙ"
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+#, fuzzy
+msgid "[ultimate]"
+msgstr "ÀäÂÐŪ"
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr "̤ÄêµÁ"
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr "̵´ü¸Â"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr "¤¢¤ëÄøÅÙ"
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr "´°Á´"
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr "ÀäÂÐŪ"
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤Î¸¡ºº¤Ï¡¢ÉÔÍפǤ¹\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "¼¡²ó¤Î¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¸¡ºº¤Ï¡¢%s¤Ç¤¹\n"
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "¿®ÍÑ¥â¥Ç¥ë¡Ö%s¡×¤Ç¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤Î¸¡ºº¤Ï¡¢ÉÔÍפǤ¹\n"
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "¿®ÍÑ¥â¥Ç¥ë¡Ö%s¡×¤Ç¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤Î¹¹¿·¤Ï¡¢ÉÔÍפǤ¹\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "¸ø³«¸°%s¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "--check-trustdb¤ò¼Â¹Ô¤·¤Æ¤¯¤À¤µ¤¤\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤Î¸¡ºº\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%dËܤθ°¤ò½èÍý (¤¦¤Á%dËܤÎÍ­¸úÀ­¿ô¤ò¥¯¥ê¥¢)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "ÀäÂÐŪ¤Ë¿®ÍѤ¹¤ë¸°¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó\n"
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "ÀäÂÐŪ¤Ë¿®ÍѤ¹¤ë¸°%s¤Î¸ø³«¸°¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr "ºÇ¾®¤Î¡Ö¤¢¤ëÄøÅ٤ο®ÍÑ¡×%d¡¢ºÇ¾®¤Î¡ÖÁ´ÌÌŪ¿®ÍÑ¡×%d¡¢%s¿®ÍÑ¥â¥Ç¥ë\n"
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr "¿¼¤µ: %d Í­¸úÀ­: %3d ½ð̾: %3d ¿®ÍÑ: %d-, %dq, %dn, %dm, %df, %du\n"
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr ""
+"¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤Î¥Ð¡¼¥¸¥ç¥ó¡¦¥ì¥³¡¼¥É¤¬¹¹¿·¤Ç¤­¤Þ¤»¤ó: ½ñ¹þ¤ß¤Ë¼ºÇÔ¤·¤Þ¤·"
+"¤¿: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"½ð̾¤ò¸¡¾Ú¤Ç¤­¤Þ¤»¤ó¤Ç¤·¤¿¡£½ð̾¥Õ¥¡¥¤¥ë\n"
+"(.sig¤ä.asc)¤¬¥³¥Þ¥ó¥É¹Ô¤ÎºÇ½é¤Ç¤Ê¤±¤ì¤Ð\n"
+"¤Ê¤é¤Ê¤¤¤³¤È¤òǰƬ¤Ë¤ª¤¤¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "ÆþÎϤÎ%u¹ÔÌܤ¬Ä¹¤¹¤®¤ë¤«¡¢LF¤¬¤Ê¤¤¤è¤¦¤Ç¤¹\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "¡Ö%s¡×¤¬³«¤±¤Þ¤»¤ó: %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "´ÉÍý¥³¥Þ¥ó¥É¤Ï¶Ø»ß¤µ¤ì¤Æ¤¤¤Þ¤¹\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "¥Õ¥¡¥¤¥ë¤ÎÆɽФ·¥¨¥é¡¼"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "¹Ô¤¬Ä¹¤¹¤®¤Þ¤¹"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "̵¸ú¤Ê»ØÄê¤Ç¤¹"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "´ÉÍýÀìÍÑ¥³¥Þ¥ó¥É\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "̵¸ú¤Ê°ìÍ÷¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "̤½èÍý"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "̵¸ú¤Ê°ìÍ÷¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "̵¸ú¤Ê¥³¥Þ¥ó¥É (¡Èhelp¡É¤ò»²¾È)\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "̤½èÍý"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "̵¸ú¤Ê°ìÍ÷¥ª¥×¥·¥ç¥ó¤Ç¤¹\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "¥Ð¥°¤òȯ¸« ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "¡Ö%s¡×¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "½ð̾¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "¡Ö%s¡×¤«¤é¡Ö%s¡×¤Ø¤Î°ÜÆ°¤Ë¼ºÇÔ: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "¥Ç¥£¥ì¥¯¥È¥ê¡¼¡Ö%s¡×¤¬ºîÀ®¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "¸°ÎØ¡Ö%s¡×¤Î½ñ¹þ¤ß¥¨¥é¡¼: %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "¡Ö%s¡×¤ØÈëÌ©¸°¤ò½ñ¤­¹þ¤ß¤Þ¤¹\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "¸ø³«¸°%s¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó: %s\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "¡Ö%s¡×¤ØÈëÌ©¸°¤ò½ñ¤­¹þ¤ß¤Þ¤¹\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "»È¤¤Êý: gpg [¥ª¥×¥·¥ç¥ó] [¥Õ¥¡¥¤¥ë] (¥Ø¥ë¥×¤Ï -h)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, fuzzy, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "¸ø³«»Ø¿ô¤¬Â礭¤¹¤®¤Þ¤¹ (32¥Ó¥Ã¥È¤è¤êÂç)\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN¥³¡¼¥ë¥Ð¥Ã¥¯¤¬¥¨¥é¡¼¤òÌᤷ¤Þ¤·¤¿: %s\n"
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "PIN [½ð̾ºÑ: %lu]"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "PIN [½ð̾ºÑ: %lu]"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "PIN [½ð̾ºÑ: %lu]"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "PIN [½ð̾ºÑ: %lu]"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "¿·¤·¤¤PIN¤Î¼èÆÀ¥¨¥é¡¼: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "»ØÌæ¤ÎÊݴɤ˼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "À¸À®Æü¤ÎÊݴɤ˼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, fuzzy, c-format
+msgid "reading public key failed: %s\n"
+msgstr "¸°¤ÎÆɽФ·¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "±þÅú¤Ë¸ø³«¸°¥Ç¡¼¥¿¤¬´Þ¤Þ¤ì¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "±þÅú¤ËRSA¤ÎË¡(modulus)¤¬´Þ¤Þ¤ì¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "±þÅú¤ËRSA¸ø³«»Ø¿ô¤¬´Þ¤Þ¤ì¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, fuzzy, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "PIN [½ð̾ºÑ: %lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "PIN [½ð̾ºÑ: %lu]"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "CHV%d¤ÎPIN¤¬Ã»¤¹¤®¤Þ¤¹¡£ºÇû¤Ç%d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "CHV%d¤Î¸¡¾Ú¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "¥«¡¼¥É¤«¤é¤ÎCHV¾õÂ֤θ¡º÷¤Ç¥¨¥é¡¼\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "¥«¡¼¥É¤¬±Êµ×¤Ë¥í¥Ã¥¯¤µ¤ì¤Þ¤¹!\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr "¥«¡¼¥É¤Î±Êµ×¥í¥Ã¥¯Á°¤Ë%d¤ÎAdmin PIN¤¬»î¤µ¤ì¤Æ¤¤¤Þ¤¹\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "PIN [½ð̾ºÑ: %lu]"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "PIN [½ð̾ºÑ: %lu]"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "´ÉÍý¥³¥Þ¥ó¥É¤Ø¤Î¥¢¥¯¥»¥¹¤¬½é´üÀßÄꤵ¤ì¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "PIN [½ð̾ºÑ: %lu]"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, fuzzy, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "CHV%d¤ÎPIN¤¬Ã»¤¹¤®¤Þ¤¹¡£ºÇû¤Ç%d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+#, fuzzy
+msgid "|AN|New Admin PIN"
+msgstr "|A|¿·¤·¤¤Admin PIN"
+
+#: scd/app-openpgp.c:2068
+#, fuzzy
+msgid "|N|New PIN"
+msgstr "¿·¤·¤¤PIN"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¡¦¥Ç¡¼¥¿¤ÎÆɽФ·¥¨¥é¡¼\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "»ØÌæ¥Ç¡¼¥¿¡¦¥ª¥Ö¥¸¥§¥¯¥È¤ÎÆɽФ·¥¨¥é¡¼\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "¸°¤Ï¤â¤¦¤¢¤ê¤Þ¤¹\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "´û¸¤Î¸°¤Ï¸ò´¹¤µ¤ì¤Þ¤¹\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "¿·¤·¤¤¸°¤òÀ¸À®\n"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "¿·¤·¤¤¸°¤òÀ¸À®\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "¸°¤ÎÊݴɤ˼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "¸°À¸À®¤Î´Ö¡¢¤ªÂÔ¤Á¤¯¤À¤µ¤¤ ...\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "¸°¤ÎÀ¸À®¤Ë¼ºÇÔ¤·¤Þ¤·¤¿\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "¸°¤ÎÀ¸À®¤¬´°Î»¤·¤Þ¤·¤¿ (%dÉÃ)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "OpenPGP¥«¡¼¥É¤Ë̵¸ú¤Ê¹½Â¤ (¥Ç¡¼¥¿¡¦¥ª¥Ö¥¸¥§¥¯¥È 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "%s½ð̾¡¢Í×Ì󥢥르¥ê¥º¥à %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "¤³¤ì¤Þ¤Ç¤ËºîÀ®¤µ¤ì¤¿½ð̾: %lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "%s¤Ë¥¢¥¯¥»¥¹¤Ç¤­¤Þ¤»¤ó - ̵¸ú¤ÊOpenPGP¥«¡¼¥É?\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+#, fuzzy
+msgid "|N|Initial New PIN"
+msgstr "¿·¤·¤¤PIN"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "¡Ö%s¡×¤«¤é¥ª¥×¥·¥ç¥ó¤òÆɤ߽Ф·¤Þ¤¹\n"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr ""
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr ""
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr ""
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "´ÉÍý¥³¥Þ¥ó¥É¤òɽ¼¨"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "»È¤¤Êý: gpg [¥ª¥×¥·¥ç¥ó] [¥Õ¥¡¥¤¥ë] (¥Ø¥ë¥×¤Ï -h)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "̵¸ú¤Ê64¿Êʸ»ú%02X¤ò¤È¤Ð¤·¤Þ¤·¤¿\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+#, fuzzy
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "GPG_AGENT_INFO´Ä¶­ÊÑ¿ô¤Î½ñ¼°¤¬Àµ¤·¤¯¤¢¤ê¤Þ¤»¤ó\n"
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "gpg-agent¥×¥í¥È¥³¥ë¡¦¥Ð¡¼¥¸¥ç¥ó%d¤Ï¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+#, fuzzy
+msgid "chain"
+msgstr "admin"
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "help"
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "gpg-agent¥×¥í¥È¥³¥ë¡¦¥Ð¡¼¥¸¥ç¥ó%d¤Ï¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "¡Ö%s¡×¤¬³«¤±¤Þ¤»¤ó: %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "ÈëÌ©¸°¤Î½ñ½Ð¤·¤Ï¶Ø»ß¤Ç¤¹\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "ÄÌÈ֤μèÆÀ¥¨¥é¡¼: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "¸°¤ÎÆɽФ·¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "¸°¤ÎÊݴɤ˼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "Ãí°Õ: ¸°¤Ï¼º¸úºÑ¤ß¤Ç¤¹"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "ºîÀ®¤µ¤ì¤¿½ð̾¤Î¸¡ºº¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr ""
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "ÈëÌ©¸°¤Î½ñ½Ð¤·¤Ï¶Ø»ß¤Ç¤¹\n"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "¤³¤Î¸°¤ÏËþλ¤Ç¤¹!"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "¤³¤Î¸°¤ÏËþλ¤Ç¤¹!"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "¤³¤Î¸°¤ÏËþλ¤Ç¤¹!"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "¤³¤Î¸°¤ÏËþλ¤Ç¤¹!"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr "¤³¤ì¤Þ¤Ç¤ËºîÀ®¤µ¤ì¤¿½ð̾: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "¼º¸ú¾ÚÌÀ½ñ¤òºîÀ®¡£\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: sm/certchain.c:1114
+#, fuzzy
+msgid " ( issuer valid from "
+msgstr " ¥«¡¼¥É¤ÎÄÌÈÖ ="
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "CA¤Î»ØÌæ: "
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "¼º¸ú¾ÚÌÀ½ñ¤òÀ¸À®"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "ºîÀ®¤µ¤ì¤¿½ð̾¤Î¸¡ºº¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr ""
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "½ð̾¤ò¸¡¾Ú"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "Áª¹¥¡Ö%s¡×¤Î½ÅÊ£\n"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "¼º¸ú¾ÚÌÀ½ñ¤òºîÀ®¡£\n"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "no"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "¥¨¥é¡¼: ̵¸ú¤Ê±þÅú¡£\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "¥¨¥é¡¼: ̵¸ú¤Ê±þÅú¡£\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"¼¡¤Î¥æ¡¼¥¶¡¼¤ÎÈëÌ©¸°¤Î¥í¥Ã¥¯¤ò²ò½ü¤¹¤ë¤Ë¤Ï¥Ñ¥¹¥Õ¥ì¡¼¥º¤¬¤¤¤ê¤Þ¤¹:\n"
+"\"%.*s\"\n"
+"%u¥Ó¥Ã¥È%s¸°, ID %sºîÀ®ÆüÉÕ¤Ï%s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "¸½¹Ô¸°¾ðÊó¤Î¼èÆÀ¥¨¥é¡¼: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "̵¸ú¤Ê¥Ï¥Ã¥·¥å¡¦¥¢¥ë¥´¥ê¥º¥à¡Ö%s¡×¤Ç¤¹\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Í­¸ú¤ÊÅŻҥ᡼¥ë¡¦¥¢¥É¥ì¥¹¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "¸°ÎØ¡Ö%s¡×¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "¸°ÎØ¡Ö%s¡×¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "¸°¤ÎÀ¸À®¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (½ð̾¤Î¤ß)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (2) °Å¹æ²½¸°\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "½ð̾Ãí¼á: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "%dÈ֤Υ桼¥¶¡¼ID¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: ¶õ¤­¥ì¥³¡¼¥É¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "ÄÌÈ֤μèÆÀ¥¨¥é¡¼: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "¸°¤Î»ÈÍѤò¶Ø»ß¤¹¤ë"
+
+#: sm/certreqgen-ui.c:276
+#, fuzzy, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "¸°%s¤Ë²Äǽ¤ÊÁàºî: "
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) DSA (½ð̾¤Î¤ß)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (½ð̾¤Î¤ß)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (°Å¹æ²½¤Î¤ß)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+#, fuzzy
+msgid "No subject name given\n"
+msgstr "(ÀâÌÀ¤Ï¤¢¤ê¤Þ¤»¤ó)\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "̵¸ú¤Ê¥Ï¥Ã¥·¥å¡¦¥¢¥ë¥´¥ê¥º¥à¡Ö%s¡×¤Ç¤¹\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "ÅŻҥ᡼¥ë¡¦¥¢¥É¥ì¥¹: "
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"¥æ¡¼¥¶¡¼ID¤òÆþÎÏ¡£¶õ¹Ô¤Ç½ªÎ»: "
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "¿·¤·¤¤¥Õ¥¡¥¤¥ë̾¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr "ͽÈ÷¤ÎÀâÌÀ¤òÆþÎÏ¡£¶õ¹Ô¤Ç½ªÎ»:\n"
+
+#: sm/certreqgen-ui.c:344
+#, fuzzy
+msgid "Enter URIs"
+msgstr "PIN¤ÎÆþÎÏ: "
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "ÈëÌ©¸°¡È%s¡É¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "¸°¥Ö¥í¥Ã¥¯¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "¼º¸ú¾ÚÌÀ½ñ¤òºîÀ®¡£\n"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "Áª¹¥¡Ö%s¡×¤Î½ÅÊ£\n"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "¸°¥Ö¥í¥Ã¥¯¤Îºï½ü¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "(ÀâÌÀ¤Ï¤¢¤ê¤Þ¤»¤ó)\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "ÈëÌ©¸°¤Î°ìÍ÷"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Ç¤¹"
+
+#: sm/gpgsm.c:209
+#, fuzzy
+msgid "register a smartcard"
+msgstr "¥¹¥Þ¡¼¥È¥«¡¼¥É¤Ø¸°¤ÎÄɲÃ"
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "ASCII·Á¼°¤ÎÊñÁõ¤òºîÀ®"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr ""
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "¡Ö%s¡×¤«¤é¥ª¥×¥·¥ç¥ó¤òÆɤ߽Ф·¤Þ¤¹\n"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr ""
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr ""
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr ""
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "¤³¤Î¸°¤ò¸°Îؤ«¤éºï½ü¤·¤Þ¤¹"
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr ""
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr ""
+
+#: sm/gpgsm.c:329
+#, fuzzy
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "̤ÃΤΰŹ楢¥ë¥´¥ê¥º¥à¤Ç¤¹"
+
+#: sm/gpgsm.c:331
+#, fuzzy
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "%s½ð̾¡¢Í×Ì󥢥르¥ê¥º¥à %s\n"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "»È¤¤Êý: gpg [¥ª¥×¥·¥ç¥ó] [¥Õ¥¡¥¤¥ë] (¥Ø¥ë¥×¤Ï -h)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"½ñ¼°: gpg [¥ª¥×¥·¥ç¥ó] [¥Õ¥¡¥¤¥ë]\n"
+"½ð̾¡¢¸¡ºº¡¢°Å¹æ²½¤äÉü¹æ\n"
+"´ûÄê¤ÎÁàºî¤Ï¡¢ÆþÎϥǡ¼¥¿¤Ë°Í¸\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "»È¤¤Êý: gpg [¥ª¥×¥·¥ç¥ó] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "¡Ö%s¡×¤ØÀܳ¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "̤ÃΤΥª¥×¥·¥ç¥ó¡Ö%s¡×\n"
+
+#: sm/gpgsm.c:801
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(ÀâÌÀ¤Ï¤¢¤ê¤Þ¤»¤ó)\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = ¤³¤Î¸°¤Ï¤È¤Ð¤¹\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "¸°¥µ¡¼¥Ð¡¼¤ÎURL¤ò²òÀÏÉÔǽ\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "¡Ö%s¡×¤Ë¥¢¥¯¥»¥¹¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr " ½èÍý¿ô¤Î¹ç·×: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "¼º¸ú¾ÚÌÀ½ñ¤òÀ¸À®"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "¸°¤ÎÊݴɤ˼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "¿·¤·¤¤PIN¤Î¼èÆÀ¥¨¥é¡¼: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "ÄÌÈ֤μèÆÀ¥¨¥é¡¼: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "¡Ö%s¡×¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "¸°ÎØ¡Ö%s¡×¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "¸°ÎØ¡Ö%s¡×¤¬¤Ç¤­¤Þ¤·¤¿\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "»ØÌæ¤ÎÊݴɤ˼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "ÄÌÈ֤μèÆÀ¥¨¥é¡¼: %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "ÄÌÈ֤μèÆÀ¥¨¥é¡¼: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "¡Ö%s¡×¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "¥¨¥é¡¼: ̵¸ú¤Ê·Á¼°¤Î»ØÌæ¡£\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "Êݸ¥ë¥´¥ê¥º¥à%d%s¤Ï¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "ºîÀ®¤µ¤ì¤¿½ð̾¤Î¸¡ºº¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "%s¤Ë»Ü¤µ¤ì¤¿½ð̾\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "ÄÌÈ֤μèÆÀ¥¨¥é¡¼: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "¡È%s¡É¤«¤é¤ÎÀµ¤·¤¤½ð̾"
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " ÊÌ̾¡È%s¡É"
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr "¼«¸Ê½ð̾¤Ë¤Ê¤ë¤Ç¤·¤ç¤¦¡£\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "quit"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "¡Ö%s¡×¤«¤é¥ª¥×¥·¥ç¥ó¤òÆɤ߽Ф·¤Þ¤¹\n"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "»È¤¤Êý: gpg [¥ª¥×¥·¥ç¥ó] [¥Õ¥¡¥¤¥ë] (¥Ø¥ë¥×¤Ï -h)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "¸°¤ÎÆɽФ·¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "¹Ô¤¬Ä¹¤¹¤®¤Þ¤¹"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "̤ÃΤΥª¥×¥·¥ç¥ó¡Ö%s¡×\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "½ð̾¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "¡Ö%s¡×¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "¡Ö%s¡×¤Ç¿®Íѥ쥳¡¼¥É¤Î¸¡º÷¥¨¥é¡¼: %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "Éû¸°¤Î¼º¸ú"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎºîÀ®¥¨¥é¡¼: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr ""
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|̾Á°|¡Ö̾Á°¡×ÍѤ˰Ź沽"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "¸°¥µ¡¼¥Ð¡¼¤ÎURL¤ò²òÀÏÉÔǽ\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "̤ÃΤι½À®¹àÌÜ¡Ö%s¡×\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "̤ÃΤι½À®¹àÌÜ¡Ö%s¡×\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "½ÐÎÏ¥Õ¥¡¥¤¥ë¤È¤·¤Æ»ÈÍÑ"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "»È¤¤Êý: gpg [¥ª¥×¥·¥ç¥ó] [¥Õ¥¡¥¤¥ë] (¥Ø¥ë¥×¤Ï -h)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "»È¤¤Êý: gpg [¥ª¥×¥·¥ç¥ó] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "¸ø³«¸°¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "´ÉÍý¥³¥Þ¥ó¥É¤Ï¶Ø»ß¤µ¤ì¤Æ¤¤¤Þ¤¹\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@¥³¥Þ¥ó¥É:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "Éü¹æ¤ËÀ®¸ù\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "Éü¹æ¤ËÀ®¸ù\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [¥Õ¥¡¥¤¥ë̾]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "»È¤¤Êý: gpg [¥ª¥×¥·¥ç¥ó] [¥Õ¥¡¥¤¥ë] (¥Ø¥ë¥×¤Ï -h)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s¤Ï%s¤È¤È¤â¤Ë»È¤¦¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "¡Ö%s¡×¤Îfstat¤¬%s¤Ç¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "¥Ç¥£¥ì¥¯¥È¥ê¡¼¡Ö%s¡×¤¬ºîÀ®¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "¸°ÎØ¡Ö%s¡×¤Î½ñ¹þ¤ß¥¨¥é¡¼: %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "¡Ö%s¡×¤ÎÆɽФ·¥¨¥é¡¼: %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "¡Ö%s¡×¤Ç¥¨¥é¡¼: %s\n"
+
+#: tools/symcryptrun.c:488
+#, fuzzy
+msgid "no --program option provided\n"
+msgstr "±ó³Ö¥×¥í¥°¥é¥à¤Î¼Â¹Ô¤Ï¡¢¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "¡Ö%s¡×¤¬ºîÀ®¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "¡Ö%s¡×¤¬ºîÀ®¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "¹¹¿·¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "¸°¥Ö¥í¥Ã¥¯¤Îºï½ü¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "¹¹¿·¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "¹¹¿·¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "¹¹¿·¤Ë¼ºÇÔ¤·¤Þ¤·¤¿: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "¥Ð¥Ã¥¯¥¢¥Ã¥×¡¦¥Õ¥¡¥¤¥ë¡Ö%s¡×¤¬ºîÀ®¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "¥Ð¥Ã¥¯¥¢¥Ã¥×¡¦¥Õ¥¡¥¤¥ë¡Ö%s¡×¤¬ºîÀ®¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "ÊݸîÍ×Ìó%d¤Ï¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "»È¤¤Êý: gpg [¥ª¥×¥·¥ç¥ó] [¥Õ¥¡¥¤¥ë] (¥Ø¥ë¥×¤Ï -h)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "¥³¥Þ¥ó¥É> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr ""
+#~ "¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤¬²õ¤ì¤Æ¤¤¤Þ¤¹¡£¡Ègpg --fix-trustdb¡É¤ò¼Â¹Ô¤·¤Æ¤¯¤À¤µ"
+#~ "¤¤¡£\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to <"
+#~ msgstr "¥Ð¥°¤ò¸«¤Ä¤±¤¿¤é <gnupg-bugs@gnu.org> ¤Þ¤Ç¤´Êó¹ð¤¯¤À¤µ¤¤¡£\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr "¥Ð¥°¤ò¸«¤Ä¤±¤¿¤é <gnupg-bugs@gnu.org> ¤Þ¤Ç¤´Êó¹ð¤¯¤À¤µ¤¤¡£\n"
+
+#, fuzzy
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "DSA¸°ÂФÏ1024¥Ó¥Ã¥È¤Ë¤Ê¤ê¤Þ¤¹¡£\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤òºÆÆþÎÏ\n"
+
+#, fuzzy
+#~ msgid "||Please enter your PIN at the reader's keypad%%0A[sigs done: %lu]"
+#~ msgstr "PIN [½ð̾ºÑ: %lu]"
+
+#~ msgid "|A|Admin PIN"
+#~ msgstr "|A|Admin PIN"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "¡Ö%s¡×¤«¤é¥ª¥×¥·¥ç¥ó¤òÆɤ߽Ф·¤Þ¤¹\n"
+
+#~ msgid "|[file]|make a signature"
+#~ msgstr "|[¥Õ¥¡¥¤¥ë]|½ð̾¤òºîÀ®"
+
+#~ msgid "generate PGP 2.x compatible messages"
+#~ msgstr "PGP 2.x¸ß´¹¤Î¥á¥Ã¥»¡¼¥¸¤òÀ¸À®"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[¥Õ¥¡¥¤¥ë]|½ð̾¤òºîÀ®"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[¥Õ¥¡¥¤¥ë]|¥¯¥ê¥¢½ð̾¤òºîÀ®"
+
+#, fuzzy
+#~ msgid "use the default key as default recipient"
+#~ msgstr "¥¹¥­¥Ã¥×: ¸ø³«¸°¤Ï´ûÄê¤Î¼õ¼è¿Í¤È¤·¤Æ¤â¤¦ÀßÄêºÑ¤ß¤Ç¤¹\n"
+
+#, fuzzy
+#~ msgid "force v3 signatures"
+#~ msgstr "½ð̾¤Î¼º¸ú"
+
+#, fuzzy
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "¤³¤Î¼Â¹Ô¤Ë¤ÏÈëÌ©¸°¤¬¤¤¤ê¤Þ¤¹¡£\n"
+
+#, fuzzy
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|̾Á°|¡Ö̾Á°¡×ÍѤ˰Ź沽"
+
+#, fuzzy
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "̤ÃΤΰµ½Ì¥¢¥ë¥´¥ê¥º¥à¤Ç¤¹"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "¸ø³«¸°Îؤ«¤é¸°·²¤òºï½ü"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "¤³¤ÎÃͤλØÄê¤Ï¡¢¤¢¤Ê¤¿¼¡Âè¤Ç¤¹¡£¤³¤ÎÃͤϡ¢Âè»°¼Ô¤Ë·è¤·\n"
+#~ "¤ÆÄ󶡤µ¤ì¤Þ¤»¤ó¡£¤³¤ì¤Ï¡¢web-of-trust ¤Î¼ÂÁõ¤ËɬÍפǡ¢\n"
+#~ "(°ÅÌÛŪ¤Ë¤Ç¤­¤¿) web-of-certificates ¤È¤Ï̵´Ø·¸¤Ç¤¹¡£"
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Web-of-Trust¤ò¹½ÃÛ¤¹¤ë¤¿¤áGnuPG¤Ï¡¢¤É¤Î¸°¤òÀäÂÐŪ¤Ë¿®ÍѤ¹¤ë\n"
+#~ "¤Î¤«¤òÃΤëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤½¤ì¤Ï¤Õ¤Ä¤¦¡¢ÈëÌ©¸°¤Ë¥¢¥¯¥»¥¹¤Ç¤­\n"
+#~ "¤ë¸°¤Î¤³¤È¤Ç¤¹¡£¤³¤Î¸°¤òÀäÂÐŪ¤Ë¿®ÍѤ¹¤ë¤³¤È¤Ë¤¹¤ë¤Ê¤é¡¢\n"
+#~ "¡Èyes¡É¤ÈÅú¤¨¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr "¤³¤Î¿®ÍѤǤ­¤Ê¤¤¸°¤ò»È¤¤¤¿¤¯¤Ê¤±¤ì¤Ð¡¢¡Èno¡É¤ÈÅú¤¨¤Æ¤¯¤À¤µ¤¤¡£"
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr "¤¢¤Ê¤¿¤ÎÁ÷¤ë¥á¥Ã¥»¡¼¥¸°¸Àè¤Î¥æ¡¼¥¶¡¼ID¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£"
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the Digital Signature Algorithm and can only be used\n"
+#~ "for signatures.\n"
+#~ "\n"
+#~ "Elgamal is an encrypt-only algorithm.\n"
+#~ "\n"
+#~ "RSA may be used for signatures or encryption.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of signing."
+#~ msgstr ""
+#~ "»ÈÍѤ¹¤ë¥¢¥ë¥´¥ê¥º¥à¤òÁªÂò¤·¤Æ¤¯¤À¤µ¤¤¡£\n"
+#~ "\n"
+#~ "DSA (ÊÌ̾DSS) ¤Ï¡¢½ð̾ÀìÍѤÎÅŻҽð̾¥¢¥ë¥´¥ê¥º¥à¤Ç¤¹¡£\n"
+#~ "\n"
+#~ "Elgamal¤Ï¡¢°Å¹æ²½¤Î¤ß¤Î¥¢¥ë¥´¥ê¥º¥à¤Ç¤¹¡£\n"
+#~ "\n"
+#~ "RSA¤Ï¡¢½ð̾¤Ë¤â°Å¹æ²½¤Ë¤â»È¤¨¤Þ¤¹¡£\n"
+#~ "\n"
+#~ "ºÇ½é¤Î¸°(¼ç¸°)¤Ï¡¢½ð̾¤Ë»ÈÍѤǤ­¤ë¸°¤Ç¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£"
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "°ìÈ̤ˡ¢½ð̾¤È°Å¹æ²½¤ËƱ¤¸¸°¤ò»È¤¦¤Î¤Ï¡¢¤è¤í¤·¤¯¤¢¤ê¤Þ¤»¤ó¡£\n"
+#~ "¤³¤Î¥¢¥ë¥´¥ê¥º¥à¤Ï¡¢°ìÄê¤ÎÈÏ°ÏÆâ¤À¤±¤Ç»È¤ï¤ì¤ë¤Ù¤­¤Ç¤¹¡£\n"
+#~ "¤Þ¤º¡¢¥»¥­¥å¥ê¥Æ¥£¡¼¤ÎÀìÌç²È¤Ë¤´ÁêÃ̤¯¤À¤µ¤¤¡£"
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "¸°¤ÎŤµ¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "¡Èyes¡É¤«¡Èno¡É¤ÇÅú¤¨¤Æ¤¯¤À¤µ¤¤"
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "¥×¥í¥ó¥×¥È¤Ë¼¨¤¹½ñ¼°¤ÇÃͤòÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£\n"
+#~ "ISO¤ÎÆüÉդνñ¼° (YYYY-MM-DD) ¤Ç¤âÆþÎϤǤ­¤Þ¤¹¤¬¡¢Àµ¤·¤¤¥¨¥é¡¼¤Ï\n"
+#~ "ɽ¼¨¤µ¤ì¤Ê¤¤¤Ç¤·¤ç¤¦¡£¤½¤ÎÂå¤ï¤ê¡¢¥·¥¹¥Æ¥à¤ÏÆþÎÏÃͤò´ü´Ö¤ØÊÑ´¹\n"
+#~ "¤¹¤ë¤è¤¦¤Ë»î¤ß¤Þ¤¹¡£"
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "¸°½êÍ­¼Ô¤Î̾Á°¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr ""
+#~ "¥ª¥×¥·¥ç¥ó¤Ç¤¹¤¬¡¢ÅŻҥ᡼¥ë¤Î¥¢¥É¥ì¥¹¤òÆþÎϤ¹¤ë¤³¤È¤ò¶¯¤¯¿ä¾©¤·¤Þ¤¹"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "¥ª¥×¥·¥ç¥ó¤Î¥³¥á¥ó¥È¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N ̾Á°¤ÎÊѹ¹¡£\n"
+#~ "C ¥³¥á¥ó¥È¤ÎÊѹ¹¡£\n"
+#~ "E ÅŻҥ᡼¥ë¡¦¥¢¥É¥ì¥¹¤ÎÊѹ¹¡£\n"
+#~ "O ¸°À¸À®¤Î³¹Ô¡£\n"
+#~ "Q ¸°À¸À®¤Î½ªÎ»¡£"
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr ""
+#~ "Éû¸°¤òÀ¸À®¤·¤Æ¤è¤±¤ì¤Ð¡¢¡Èyes¡É(¤Þ¤¿¤Ï¡¢Ã±¤Ë¡Èy¡É) ¤ÈÅú¤¨¤Æ¤¯¤À¤µ¤¤¡£"
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "¸°¤Î¥æ¡¼¥¶¡¼ID¤Ë½ð̾¤¹¤ë¤È¤­¤Ï¡¢¸°¤Î¥æ¡¼¥¶¡¼ID¤Î̾Á°¤Î¿Í¤¬¸°\n"
+#~ "¤ò½êÍ­¤·¤Æ¤¤¤ë¡¢¤È¤¤¤¦¤³¤È¤ò¸¡¾Ú¤¹¤ë¤Ù¤­¤Ç¤¹¡£¤¢¤Ê¤¿¤¬¤É¤ÎÄø\n"
+#~ "ÅÙÃí°Õ¿¼¤¯³Îǧ¤·¤¿¤Î¤«¤ò¾¤Î¿Í¤¿¤Á¤ËÃΤ餻¤ë¤È¡¢ÊØÍø¤Ç¤¹¡£\n"
+#~ "\n"
+#~ "\"0\" ¤Ï¡¢¤¢¤Ê¤¿¤¬¤É¤ÎÄøÅÙÃí°Õ¿¼¤¯³Îǧ¤·¤¿¤Î¤«¤ò¡¢Æä˼çÄ¥¤·¤Ê\n"
+#~ " ¤¤¤È¤¤¤¦°ÕÌ£¤Ç¤¹¡£\n"
+#~ "\n"
+#~ "\"1\" ¤Ï¡¢¸°¤Î½êÍ­¼Ô¤È¼çÄ¥¤·¤Æ¤¤¤ë¿Í¤¬¤½¤Î¸°¤ò½êÍ­¤·¤Æ¤¤¤ë¡¢¤È\n"
+#~ " ¤¢¤Ê¤¿¤Ï¿®¤¸¤Æ¤Ï¤¤¤ë¤â¤Î¤Î¡¢¸¡¾Ú¤ÏÁ´Á³¤·¤Æ¤Ê¤«¤Ã¤¿¡¢¤Þ¤¿\n"
+#~ " ¤Ï¤Ç¤­¤Ê¤«¤Ã¤¿¡¢¤È¤¤¤¦°ÕÌ£¤Ç¤¹¡£¤³¤ì¤Ï¡¢¥Ú¥ó¥Í¡¼¥à¤ò»È¤¦\n"
+#~ " ¥æ¡¼¥¶¡¼¤Î¸°¤Ë½ð̾¤¹¤ë¾ì¹ç¤Î¡¢¡Ö¥Ú¥ë¥½¥Ê¡×³Îǧ¤ËÊØÍø¤Ç¤¹¡£\n"
+#~ "\n"
+#~ "\"2\" ¤Ï¡¢¤¢¤Ê¤¿¤¬°ì±þ¸°¤Î³Îǧ¤ò¤·¤¿¡¢¤È¤¤¤¦°ÕÌ£¤Ç¤¹¡£¤¿¤È¤¨¤Ð\n"
+#~ " ¸°¤Î»ØÌæ¤ò¸¡¾Ú¤·¡¢¥Õ¥©¥ÈID¤Ë¤¿¤¤¤·¤Æ¸°¤Î¥æ¡¼¥¶¡¼ID¤ò¸¡ºº\n"
+#~ " ¤·¤¿¾ì¹ç¤¬¤½¤¦¤Ç¤¹¡£\n"
+#~ "\n"
+#~ "\"3\" ¤Ï¡¢¤¢¤Ê¤¿¤¬¹­ÈϰϤˤ錄¤ê¸°¤ò¸¡¾Ú¤·¤¿¡¢¤È¤¤¤¦°ÕÌ£¤Ç¤¹¡£\n"
+#~ " ¤¿¤È¤¨¤Ð¡¢¸°¤Î½êÍ­¼ÔËܿͤȸ°¤Î»ØÌæ¤ò¸¡¾Ú¤·¡¢(¥Ñ¥¹¥Ý¡¼¥È\n"
+#~ " ¤Î¤è¤¦¤Ê) µ¶Â¤¤Î¤à¤Ä¤«¤·¤¤¡¢¥Õ¥©¥ÈID¤Ä¤­¤Î¼êÃʤǡ¢¸°¤Î½ê\n"
+#~ " Í­¼Ô¤Î̾Á°¤¬¡¢¸°¤Î¥æ¡¼¥¶¡¼ID¤Î̾Á°¤È°ìÃפ¹¤ë¤³¤È¤ò¸¡ºº¤·\n"
+#~ " ¤Æ¡¢(ÅŻҥ᡼¥ë¤Î¸ò´¹¤Ê¤É¤Ç) ¸°¤ÎÅŻҥ᡼¥ë¡¦¥¢¥É¥ì¥¹¤¬\n"
+#~ " ¸°¤Î½êÍ­¼Ô¤Ë°¤·¤Æ¤¤¤ë¤³¤È¤ò¸¡¾Ú¤·¤¿¾ì¹ç¤¬¤½¤¦¤Ç¤¹¡£\n"
+#~ "\n"
+#~ "¾åµ­2¤È3¤ÎÎã¤Ï¡¢*ñ¤Ê¤ë*Îã¤Ë¤¹¤®¤Ê¤¤¡¢¤È¤¤¤¦¤³¤È¤òǰƬ¤Ë¤ª¤¤\n"
+#~ "¤Æ¤¯¤À¤µ¤¤¡£Â¾¤Î¸°¤Ë½ð̾¤¹¤ëºÝ¡¢¡Ø°ì±þ¡Ù¤ä¡Ø¹­ÈÏ°Ï¡Ù¤¬²¿¤ò°Õ\n"
+#~ "Ì£¤¹¤ë¤«¤òºÇ½ªÅª¤Ë·è¤á¤ë¤Î¤Ï¡¢¤¢¤Ê¤¿¤Ç¤¹¡£\n"
+#~ "\n"
+#~ "Àµ¤·¤¤Åú¤Î¤ï¤«¤é¤Ê¤¤¾ì¹ç¤Ï¡¢¡Ö0¡×¤ÇÅú¤¨¤Æ¤¯¤À¤µ¤¤¡£"
+
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "Á´¤Æ¤Î ¥æ¡¼¥¶¡¼ID¤Ë½ð̾¤·¤¿¤±¤ì¤Ð¡¢¡Èyes¡É¤ÈÅú¤¨¤Æ¤¯¤À¤µ¤¤"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "¤³¤Î¥æ¡¼¥¶¡¼ID¤òËÜÅö¤Ëºï½ü¤·¤¿¤±¤ì¤Ð¡¢¡Èyes¡É¤ÈÅú¤¨¤Æ¤¯¤À¤µ¤¤¡£\n"
+#~ "¾ÚÌÀ½ñ¤âÁ´ÉôƱ»þ¤Ë¾Ãµî¤·¤Þ¤¹!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "¤³¤ÎÉû¸°¤òºï½ü¤·¤Æ¤è¤±¤ì¤Ð¡¢¡Èyes¡É¤ÈÅú¤¨¤Æ¤¯¤À¤µ¤¤"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "¤³¤ì¤Ï¸°¤Ë¤¿¤¤¤¹¤ëÍ­¸ú¤Ê½ð̾¤Ç¤¹¡£ÉáÄ̤³¤Î½ð̾¤òºï½ü¤¹¤ë¤Ù¤­¤Ç\n"
+#~ "¤Ï¤Ê¤¤¤Ç¤·¤ç¤¦¡£¤Ê¤¼¤Ê¤é¡¢¤³¤Î½ð̾¤Ï¡¢¸°¤Ø¤Î¿®ÍѤÎÎؤκîÀ®¤ä¡¢\n"
+#~ "¤³¤Î¸°¤Ë¤è¤ë¾ÚÌÀ¤Ë¤È¤Ã¤Æ½ÅÍפÀ¤«¤é¤Ç¤¹¡£"
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "¤³¤Î½ð̾¤È°ìÃפ¹¤ë¸°¤òÊÝÍ­¤·¤Æ¤¤¤Ê¤¤¤Î¤Ç¡¢¤³¤Î½ð̾¤Ï¸¡ºº¤Ç¤­¤Þ¤»¤ó¡£\n"
+#~ "¤½¤Î¸°¤¬»ÈÍѤµ¤ì¤ë¤Þ¤Ç¤Ï¡¢¤¢¤Ê¤¿¤Ï¤³¤Î½ð̾¤Îºï½ü¤òÊÝα¤¹¤ë¤Ù¤­¤Ç¤¹¡£\n"
+#~ "¤Ê¤¼¤Ê¤é¡¢¤³¤Î½ð̾¤Î¸°¤Ï¡¢¤â¤¦¾ÚÌÀ¤µ¤ì¤¿Â¾¤Î¸°¤Ç¿®ÍѤÎÎؤò·ÁÀ®¤¹¤ë\n"
+#~ "¤«¤â¤·¤ì¤Ê¤¤¤«¤é¤Ç¤¹¡£"
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr ""
+#~ "¤³¤Î½ð̾¤ÏÍ­¸ú¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£¤³¤Î¤³¤È¤Ï¡¢¤¢¤Ê¤¿¤Î¸°Îؤ«¤éºï½ü¤¹¤Ù¤­¤À\n"
+#~ "¤È¤¤¤¦°ÕÌ£¤Ç¤¹¡£"
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "¤³¤ì¤Ï¡¢¸°¤Î¥æ¡¼¥¶¡¼ID¤ËÂбþ¤·¤¿½ð̾¤Ç¤¹¡£Ä̾¤³¤Î½ð̾¤òºï½ü¤¹¤ë¤Î¤Ï\n"
+#~ "¤¤¤¤¹Í¤¨¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£¼ÂºÝ¤Ë¤Ï¡¢GnuPG¤Ï¤â¤Ï¤ä¤³¤Î¸°¤ò»È¤¨¤Ê¤¤¤Î¤«¤â\n"
+#~ "¤·¤ì¤Þ¤»¤ó¡£¤è¤Ã¤Æ¡¢¤³¤Î¼«¸Ê½ð̾¤¬²¿¤é¤«¤ÎÍýͳ¤Ë¤è¤êÍ­¸ú¤Ç¤Ï¤Ê¤¯¤Æ¡¢\n"
+#~ "ÂåÂؤȤʤ븰¤¬¤¢¤ë¾ì¹ç¤Ë¤Î¤ß¡¢ºï½ü¤ò¼Â¹Ô¤·¤Æ¤¯¤À¤µ¤¤¡£"
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Á´Éô (¤Þ¤¿¤ÏÁªÂò¤·¤¿) ¥æ¡¼¥¶¡¼ID¤ÎÁª¹¥¤ò¡¢º£¤ÎÁª¹¥°ìÍ÷¤ËÊѹ¹\n"
+#~ "¤·¤Þ¤¹¡£´Ø·¸¤¹¤ë¼«¸Ê½ð̾¤ÎÆü»þ¤Ï¡¢1É乤¹¤ß¤Þ¤¹¡£\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£¤³¤ì¤ÏÈëÌ©¤Îʸ¾Ï¤Î¤³¤È¤Ç¤¹ \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr "ÆþÎϤ·¤¿¥Ñ¥¹¥Õ¥ì¡¼¥º¤Î³Îǧ¤Î¤¿¤á¡¢ºÆÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£"
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "½ð̾¤ò¹Ô¤¦¥Õ¥¡¥¤¥ë¤Î̾Á°¤ò»ØÄꤷ¤Æ¤¯¤À¤µ¤¤"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "¾å½ñ¤­¤·¤Æ¤è¤±¤ì¤Ð¡¢¡Èyes¡É¤ÈÅú¤¨¤Æ¤¯¤À¤µ¤¤"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "¿·¤·¤¤¥Õ¥¡¥¤¥ë̾¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£Ã±¤ËRETURN¤òÂǤĤȡ¢\n"
+#~ "(³ç¸Ì¤Ç¼¨¤·¤¿) ´ûÄê¤Î¥Õ¥¡¥¤¥ë̾¤ò»ÈÍѤ·¤Þ¤¹¡£"
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "¾ÚÌÀÍýͳ¤ò»ØÄꤹ¤Ù¤­¤Ç¤¹¡£Á°¸å´Ø·¸¤Ë¤·¤¿¤¬¤Ã¤Æ¡¢\n"
+#~ "°Ê²¼¤Î°ìÍ÷¤«¤éÁª¤Ö¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£\n"
+#~ " ¡Ö¸°¤¬¥Ñ¥¯¤é¤ì¤Þ¤·¤¿¡×\n"
+#~ " ǧ¾Ú¤µ¤ì¤Æ¤¤¤Ê¤¤¿Í¤¬ÈëÌ©¸°¤Ø¤Î¥¢¥¯¥»¥¹¤òÆÀ¤¿¡¢¤È¿®¤º¤ë\n"
+#~ " ¤Ë­¤ëÍýͳ¤Î¤¢¤ë¤È¤­¤Ë¡¢¤³¤ì¤ò»È¤¤¤Þ¤¹¡£\n"
+#~ " ¡Ö¸°¤¬¤È¤ê¤«¤ï¤Ã¤Æ¤¤¤Þ¤¹¡×\n"
+#~ " ¤³¤Î¸°¤ò¼«Ê¬¤Ç¿·¤·¤¤¸°¤È¸ò´¹¤·¤¿¤È¤­¤Ë»È¤¤¤Þ¤¹¡£\n"
+#~ " ¡Ö¸°¤Ï¤â¤¦ÉÔÍѤǤ¹¡×\n"
+#~ " ¤³¤Î¸°¤ò»È¤¦¤Î¤ò¤ä¤á¤¿¤È¤­¤Ë»È¤¤¤Þ¤¹¡£\n"
+#~ " ¡Ö¥æ¡¼¥¶¡¼ID¤¬¤â¤¦Ìµ¸ú¤Ç¤¹¡×\n"
+#~ " ¤â¤¦¤½¤Î¥æ¡¼¥¶¡¼ID¤Ï»È¤¦¤Ù¤­¤Ç¤Ê¤¤¡¢¤È¤¤¤¦¤È¤­¤Ë»È¤¤\n"
+#~ " ¤Þ¤¹¡£¤³¤ì¤ÏÉáÄÌ¡¢ÅŻҥ᡼¥ë¤Î¥¢¥É¥ì¥¹¤¬Ìµ¸ú¤Ë¤Ê¤Ã¤¿¤È\n"
+#~ " ¤­¤Ë»È¤¤¤Þ¤¹¡£\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "¤â¤·¤½¤¦¤·¤¿¤±¤ì¤Ð¡¢¤Ê¤¼¼º¸ú¾ÚÌÀ½ñ¤òȯ¹Ô¤¹¤ë¤Î¤«¤òÀâÌÀ¤¹¤ë\n"
+#~ "ʸ¾Ï¤òÆþÎϤ¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£Ê¸¾Ï¤Ï´Ê·é¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£\n"
+#~ "¶õ¹Ô¤Ç½ª¤ï¤ê¤Ë¤Ê¤ê¤Þ¤¹¡£\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "Ãí¼á¥Ç¡¼¥¿¤Ï¡¢(PGP 2.x·Á¼°¤Î) v3½ð̾¤Ë¤ÏÆþ¤ê¤Þ¤»¤ó\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr "Ãí¼á¥Ç¡¼¥¿¤Ï¡¢(PGP 2.x·Á¼°¤Î) v3¸°½ð̾¤Ë¤ÏÆþ¤ê¤Þ¤»¤ó\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "¥Ý¥ê¥·¡¼URL¤Ï¡¢(PGP 2.x·Á¼°¤Î) v3½ð̾¤Ë¤ÏÆþ¤ê¤Þ¤»¤ó\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr "¥Ý¥ê¥·¡¼URL¤Ï¡¢(PGP 2.x·Á¼°¤Î) v3¸°½ð̾¤Ë¤ÏÆþ¤ê¤Þ¤»¤ó\n"
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "help"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr "¾ÜºÙ¤Ïhttp://www.gnupg.org/faq.html¤ò¤´Í÷¤¯¤À¤µ¤¤\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "¤³¤Î¥»¥Ã¥·¥ç¥ó¤Çgpg-agent¤Ï̵¸ú¤Ç¤¹\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "À¸À®¤¹¤ë¸°¤Î·¿¤òÁªÂò¤·¤Æ¤¯¤À¤µ¤¤:\n"
+
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr "°ÂÁ´¤Ç¤Ê¤¤µö²Ä¤Î¤¿¤á¡¢°Å¹æË¡³ÈÄ¥¡Ö%s¡×¤ò¥í¡¼¥É¤·¤Þ¤»¤ó\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA¤Ç¤Ï160¥Ó¥Ã¥È¤Î¥Ï¥Ã¥·¥å¡¦¥¢¥ë¥´¥ê¥º¥à¤Î»ÈÍѤ¬É¬ÍפǤ¹\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "¥¨¡¼¥¸¥§¥ó¥È¤Ë¾ã³²: ¥¨¡¼¥¸¥§¥ó¥ÈÍøÍѶػß\n"
+
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "¥Ð¥Ã¥Á¡¦¥â¡¼¥É¤Ç¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÏÌä¹ç¤»¤Ç¤­¤Þ¤»¤ó\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎÏ: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤òºÆÆþÎÏ: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [¥æ¡¼¥¶¡¼id] [¸°ÎØ]"
+
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "pbits=%u qbits=%u¤ÎÁÇ¿ô¤ÏÀ¸À®¤Ç¤­¤Þ¤»¤ó\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "%d ¥Ó¥Ã¥È̤Ëþ¤ÎÁÇ¿ô¤ÏÀ¸À®¤Ç¤­¤Þ¤»¤ó\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "¥¨¥ó¥È¥í¥Ô¡¼¼ý½¸¥â¥¸¥å¡¼¥ë¤¬¡¢¸¡½Ð¤µ¤ì¤Æ¤¤¤Þ¤»¤ó\n"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "¡Ö%s¡×¤¬¥í¥Ã¥¯¤Ç¤­¤Þ¤»¤ó\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "¡Ö%s¡×¤òÄ´¤Ù¤ë¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "¡Ö%s¡×¤ÏÉáÄ̤Υե¡¥¤¥ë¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó - ̵»ë\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "Ãí°Õ: random_seed ¥Õ¥¡¥¤¥ë¤Ï¶õ¤Ç¤¹\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr "·Ù¹ð: ̵¸ú¤ÊŤµ¤Î random_seed ¥Õ¥¡¥¤¥ë - »È¤¤¤Þ¤»¤ó\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "¡Ö%s¡×¤òÆɤá¤Þ¤»¤ó: %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "Ãí°Õ: random_seed ¥Õ¥¡¥¤¥ë¤Î¹¹¿·¤ò¤·¤Þ¤»¤ó\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "¡Ö%s¡×¤Ë½ñ¤­¹þ¤á¤Þ¤»¤ó: %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "¡Ö%s¡×¤òÊĤ¸¤é¤ì¤Þ¤»¤ó: %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "·Ù¹ð: ·õÆݤÊÍð¿ôÀ¸À®»Ò¤¬»È¤ï¤ì¤Æ¤¤¤Þ¤¹!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "ÅëºÜ¤µ¤ì¤Æ¤¤¤ëÍð¿ôÀ¸À®»Ò¤Ï¡¢°Å¹æÍѤȤ·¤Æ¤Ï¤ª¤½¤Þ¤Ä¤Ç¡¢\n"
+#~ "¶¯¤¤Íð¿ô¤¬¤Ç¤­¤Þ¤»¤ó!\n"
+#~ "\n"
+#~ "¤³¤Î¥×¥í¥°¥é¥à¤ÎÀ¸À®¤·¤¿¥Ç¡¼¥¿¤ò°ìÀڻȤäƤϤ¤¤±¤Þ¤»¤ó!!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Í𻨤µ¤ò¼ý½¸¤·¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢¤ªÂÔ¤Á¤¯¤À¤µ¤¤¡£Í𻨤µ¤Î¼Á¤¬¸þ¾å\n"
+#~ "¤·¤Þ¤¹¤Î¤Ç¡¢¤â¤·Ë°¤­¤¿¤é²¿¤«ºî¶È¤·¤Æ¤¯¤À¤µ¤¤¡£\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "½½Ê¬¤ÊŤµ¤ÎÍð¿ô¤¬ÆÀ¤é¤ì¤Þ¤»¤ó¡£OS¤¬¤â¤Ã¤ÈÍ𻨤µ¤ò¼ý½¸\n"
+#~ "¤Ç¤­¤ë¤è¤¦¡¢²¿¤«¤·¤Æ¤¯¤À¤µ¤¤! (¤¢¤È%d¥Ð¥¤¥È¤¤¤ê¤Þ¤¹)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "ÈëÌ©¸°¤¬ÆÀ¤é¤ì¤Þ¤»¤ó"
+
+#~ msgid "Please insert the card and hit return or enter 'c' to cancel: "
+#~ msgstr "¥«¡¼¥É¤òÁÞÆþ¤·return¤òÂǤĤ«¡¢'c'¤Ç¼è¾Ã¤·: "
+
+#~ msgid "Hit return when ready or enter 'c' to cancel: "
+#~ msgstr "ÍÑ°Õ¤·¤Æreturn¤òÂǤĤ«¡¢'c'¤Ç¼è¾Ã¤·: "
+
+#, fuzzy
+#~ msgid "Enter New Admin PIN: "
+#~ msgstr "Admin PIN¤ÎÆþÎÏ: "
+
+#, fuzzy
+#~ msgid "Enter New PIN: "
+#~ msgstr "PIN¤ÎÆþÎÏ: "
+
+#~ msgid "Enter Admin PIN: "
+#~ msgstr "Admin PIN¤ÎÆþÎÏ: "
+
+#, fuzzy
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "¤³¤Î¥»¥Ã¥·¥ç¥ó¤Çgpg-agent¤Ï̵¸ú¤Ç¤¹\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "¤³¤ì¤é¤Î¥æ¡¼¥¶¡¼ID¤Î¥¢¥ë¥´¥ê¥º¥à:\n"
+
+#~ msgid "general error"
+#~ msgstr "°ìÈÌŪ¤Ê¥¨¥é¡¼"
+
+#~ msgid "unknown packet type"
+#~ msgstr "̤ÃΤΥѥ±¥Ã¥È·¿¤Ç¤¹"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "̤ÃΤθø³«¸°¥¢¥ë¥´¥ê¥º¥à¤Ç¤¹"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "̤ÃΤÎÍ×Ì󥢥르¥ê¥º¥à¤Ç¤¹"
+
+#~ msgid "bad public key"
+#~ msgstr "¸ø³«¸°¤¬ÉÔÀµ¤Ç¤¹"
+
+#~ msgid "bad secret key"
+#~ msgstr "ÈëÌ©¸°¤¬ÉÔÀµ¤Ç¤¹"
+
+#~ msgid "bad signature"
+#~ msgstr "½ð̾¤¬ÉÔÀµ¤Ç¤¹"
+
+#~ msgid "checksum error"
+#~ msgstr "¥Á¥§¥Ã¥¯¥µ¥à¡¦¥¨¥é¡¼"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "¸°Îؤ¬³«¤±¤Þ¤»¤ó"
+
+#~ msgid "invalid packet"
+#~ msgstr "̵¸ú¤Ê¥Ñ¥±¥Ã¥È¤Ç¤¹"
+
+#~ msgid "invalid armor"
+#~ msgstr "̵¸ú¤ÊÊñÁõ¤Ç¤¹"
+
+#~ msgid "no such user id"
+#~ msgstr "¤½¤Î¥æ¡¼¥¶¡¼ID¤Ï¤¢¤ê¤Þ¤»¤ó"
+
+#~ msgid "secret key not available"
+#~ msgstr "ÈëÌ©¸°¤¬ÆÀ¤é¤ì¤Þ¤»¤ó"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "¸í¤Ã¤¿ÈëÌ©¸°¤¬»È¤ï¤ì¤Æ¤¤¤Þ¤¹"
+
+#~ msgid "not supported"
+#~ msgstr "¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó"
+
+#~ msgid "bad key"
+#~ msgstr "¸°¤¬ÉÔÀµ¤Ç¤¹"
+
+#~ msgid "file write error"
+#~ msgstr "¥Õ¥¡¥¤¥ë¤Î½ñ¹þ¤ß¥¨¥é¡¼"
+
+#~ msgid "file open error"
+#~ msgstr "¥Õ¥¡¥¤¥ë¤Î¥ª¡¼¥×¥ó¡¦¥¨¥é¡¼"
+
+#~ msgid "file create error"
+#~ msgstr "¥Õ¥¡¥¤¥ë¤ÎºîÀ®¥¨¥é¡¼"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "¥Ñ¥¹¥Õ¥ì¡¼¥º¤¬Ìµ¸ú¤Ç¤¹"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "̤¼ÂÁõ¤Î¸ø³«¸°¥¢¥ë¥´¥ê¥º¥à¤Ç¤¹"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "̤¼ÂÁõ¤Î°Å¹æ¥¢¥ë¥´¥ê¥º¥à¤Ç¤¹"
+
+#~ msgid "unknown signature class"
+#~ msgstr "̤ÃΤνð̾¥¯¥é¥¹¤Ç¤¹"
+
+#~ msgid "trust database error"
+#~ msgstr "¿®Íѥǡ¼¥¿¥Ù¡¼¥¹¤Î¥¨¥é¡¼¤Ç¤¹"
+
+#~ msgid "resource limit"
+#~ msgstr "¥ê¥½¡¼¥¹¤¬¸Â³¦¤Ç¤¹"
+
+#~ msgid "invalid keyring"
+#~ msgstr "̵¸ú¤Ê¸°ÎؤǤ¹"
+
+#~ msgid "malformed user id"
+#~ msgstr "¥æ¡¼¥¶¡¼ID¤Î½ñ¼°¤¬Àµ¤·¤¯¤¢¤ê¤Þ¤»¤ó"
+
+#~ msgid "file close error"
+#~ msgstr "¥Õ¥¡¥¤¥ë¤Î¥¯¥í¡¼¥º¡¦¥¨¥é¡¼"
+
+#~ msgid "file rename error"
+#~ msgstr "¥Õ¥¡¥¤¥ë̾¤ÎÊѹ¹¥¨¥é¡¼"
+
+#~ msgid "file delete error"
+#~ msgstr "¥Õ¥¡¥¤¥ë¤Îºï½ü¥¨¥é¡¼"
+
+#~ msgid "unexpected data"
+#~ msgstr "ͽ´ü¤»¤Ì¥Ç¡¼¥¿¤Ç¤¹"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "Æü»þ¤¬Ì·½â¤·¤Æ¤¤¤Þ¤¹"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "»ÈÍѤǤ­¤Ê¤¤¸ø³«¸°¥¢¥ë¥´¥ê¥º¥à¤Ç¤¹"
+
+#~ msgid "file exists"
+#~ msgstr "¥Õ¥¡¥¤¥ë¤¬Â¸ºß¤·¤Æ¤¤¤Þ¤¹"
+
+#~ msgid "weak key"
+#~ msgstr "¼å¤¤¸°¤Ç¤¹"
+
+#~ msgid "bad URI"
+#~ msgstr "URI¤¬ÉÔÀµ¤Ç¤¹"
+
+#~ msgid "unsupported URI"
+#~ msgstr "¤½¤ÎURI¤Ï¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Þ¤»¤ó"
+
+#~ msgid "network error"
+#~ msgstr "¥Í¥Ã¥È¥ï¡¼¥¯¡¦¥¨¥é¡¼"
+
+#~ msgid "not processed"
+#~ msgstr "̤½èÍý"
+
+#~ msgid "unusable public key"
+#~ msgstr "»ÈÍѤǤ­¤Ê¤¤¸ø³«¸°¤Ç¤¹"
+
+#~ msgid "unusable secret key"
+#~ msgstr "»ÈÍѤǤ­¤Ê¤¤ÈëÌ©¸°¤Ç¤¹"
+
+#~ msgid "keyserver error"
+#~ msgstr "¸°¥µ¡¼¥Ð¡¼¤Î¥¨¥é¡¼"
+
+#~ msgid "no card"
+#~ msgstr "¥«¡¼¥É¤¬¤¢¤ê¤Þ¤»¤ó"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "½ð̾¤µ¤ì¤¿¥Ç¡¼¥¿¤¬¤¢¤ê¤Þ¤»¤ó\n"
+
+#~ msgid "ERROR: "
+#~ msgstr "¥¨¥é¡¼: "
+
+#~ msgid "WARNING: "
+#~ msgstr "·Ù¹ð: "
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... ¥Ð¥°¤Ç¤¹ (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "·Ù¹ð: ·õÆݤʥá¥â¥ê¡¼¤ò»ÈÍѤ·¤Æ¤¤¤Þ¤¹!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "½é´ü²½ºÑ¤ß¤Î°ÂÁ´¤Ê¥á¥â¥ê¡¼¤¬¤Ê¤¤¾ì¹ç¤Ë¤ÏÁàºî¤Ç¤­¤Þ¤»¤ó\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(¤³¤ÎÌÜŪ¤Ë¤Ï¸í¤Ã¤¿¥×¥í¥°¥é¥à¤ò»È¤Ã¤¿¤Î¤Ç¤·¤ç¤¦)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr "¾ÜºÙ¤Ï¡¢http://www.gnupg.org/why-not-idea.html¤ò¤´Í÷¤¯¤À¤µ¤¤\n"
+
+#~ msgid "expired: %s)"
+#~ msgstr "Ëþλ: %s)"
+
+#, fuzzy
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr "¸°%s: ͽ´ü¤»¤Ì½ð̾¥¯¥é¥¹ (0x%02X) - ¤È¤Ð¤·¤Þ¤¹\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "¡Ö%s¡×¤ò¼Â¹Ô¤Ç¤­¤Þ¤»¤ó: %s\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "¥æ¡¼¥¶¡¼ID¡È%s¡É¤Ï¡¢¤â¤¦¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤¹\n"
+
+#~ msgid "length of RSA modulus is not %d\n"
+#~ msgstr "RSA¤ÎË¡(modulus)¤ÎŤµ¤¬%d¤Ç¤¢¤ê¤Þ¤»¤ó\n"
+
+#~ msgid "length of an RSA prime is not %d\n"
+#~ msgstr "RSA¤ÎÁÇ¿ô¤¬%d¤Ç¤¢¤ê¤Þ¤»¤ó\n"
+
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr "ÉÔÀµ¤Ê¥Ñ¥¹¥Õ¥ì¡¼¥º¤Þ¤¿¤Ï̤ÃΤΰŹ楢¥ë¥´¥ê¥º¥à¤Ç¤¹(%d)\n"
+
+#~ msgid "can't set client pid for the agent\n"
+#~ msgstr "¥¨¡¼¥¸¥§¥ó¥È¤Î¥¯¥é¥¤¥¢¥ó¥Èpid¤òÀßÄê¤Ç¤­¤Þ¤»¤ó\n"
+
+#~ msgid "can't get server read FD for the agent\n"
+#~ msgstr "¥¨¡¼¥¸¥§¥ó¥ÈÍѤΥµ¡¼¥Ð¡¼ÆɽФ·FD¤ò¼èÆÀ¤Ç¤­¤Þ¤»¤ó\n"
+
+#~ msgid "can't get server write FD for the agent\n"
+#~ msgstr "¥¨¡¼¥¸¥§¥ó¥ÈÍѤΥµ¡¼¥Ð¡¼½ñ¹þ¤ßFD¤ò¼èÆÀ¤Ç¤­¤Þ¤»¤ó\n"
+
+#~ msgid "invalid response from agent\n"
+#~ msgstr "¥¨¡¼¥¸¥§¥ó¥È¤«¤é¤Î̵¸ú¤Ê±þÅú\n"
+
+#~ msgid "select secondary key N"
+#~ msgstr "Éû¸°N¤ÎÁªÂò"
+
+#~ msgid "list signatures"
+#~ msgstr "½ð̾¤Î°ìÍ÷"
+
+#~ msgid "sign the key"
+#~ msgstr "¸°¤Ø½ð̾"
+
+#~ msgid "add a secondary key"
+#~ msgstr "Éû¸°¤ÎÄɲÃ"
+
+#~ msgid "delete signatures"
+#~ msgstr "½ð̾¤Îºï½ü"
+
+#~ msgid "change the expire date"
+#~ msgstr "ËþλÆü¤ÎÊѹ¹"
+
+#~ msgid "set preference list"
+#~ msgstr "Áª¹¥¤Î°ìÍ÷¤òÀßÄê"
+
+#~ msgid "updated preferences"
+#~ msgstr "Áª¹¥¤Î°ìÍ÷¤ò¹¹¿·"
+
+#~ msgid "No secondary key with index %d\n"
+#~ msgstr "%dÈÖ¤ÎÉû¸°¤Ï¤¢¤ê¤Þ¤»¤ó\n"
+
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--nrsign-key ¥æ¡¼¥¶¡¼id"
+
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--nrlsign-key ¥æ¡¼¥¶¡¼id"
+
+#~ msgid "sign the key non-revocably"
+#~ msgstr "¼º¸ú¤Ç¤­¤Ê¤¤¤è¤¦¸°¤Ø½ð̾"
+
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "¼º¸ú¤Ç¤­¤Ê¤¤¤è¤¦¸°¤ØÆâÉôŪ¤Ë½ð̾"
+
+#~ msgid "q"
+#~ msgstr "q"
+
+#~ msgid "list"
+#~ msgstr "list"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "debug"
+#~ msgstr "debug"
+
+#~ msgid "name"
+#~ msgstr "name"
+
+#~ msgid "url"
+#~ msgstr "url"
+
+#~ msgid "fetch"
+#~ msgstr "fetch"
+
+#~ msgid "login"
+#~ msgstr "login"
+
+#~ msgid "lang"
+#~ msgstr "lang"
+
+#~ msgid "sex"
+#~ msgstr "sex"
+
+#~ msgid "cafpr"
+#~ msgstr "cafpr"
+
+#~ msgid "forcesig"
+#~ msgstr "forcesig"
+
+#~ msgid "generate"
+#~ msgstr "generate"
+
+#~ msgid "passwd"
+#~ msgstr "passwd"
+
+#~ msgid "save"
+#~ msgstr "save"
+
+#~ msgid "fpr"
+#~ msgstr "fpr"
+
+#~ msgid "uid"
+#~ msgstr "uid"
+
+#~ msgid "key"
+#~ msgstr "key"
+
+#~ msgid "check"
+#~ msgstr "check"
+
+#~ msgid "c"
+#~ msgstr "c"
+
+#~ msgid "sign"
+#~ msgstr "sign"
+
+#~ msgid "s"
+#~ msgstr "s"
+
+#~ msgid "tsign"
+#~ msgstr "tsign"
+
+#~ msgid "lsign"
+#~ msgstr "lsign"
+
+#~ msgid "nrsign"
+#~ msgstr "nrsign"
+
+#~ msgid "nrlsign"
+#~ msgstr "nrlsign"
+
+#~ msgid "adduid"
+#~ msgstr "adduid"
+
+#~ msgid "addphoto"
+#~ msgstr "addphoto"
+
+#~ msgid "deluid"
+#~ msgstr "deluid"
+
+#~ msgid "delphoto"
+#~ msgstr "delphoto"
+
+#~ msgid "addcardkey"
+#~ msgstr "addcardkey"
+
+#~ msgid "keytocard"
+#~ msgstr "keytocard"
+
+#~ msgid "delkey"
+#~ msgstr "delkey"
+
+#~ msgid "addrevoker"
+#~ msgstr "addrevoker"
+
+#~ msgid "delsig"
+#~ msgstr "delsig"
+
+#~ msgid "expire"
+#~ msgstr "expire"
+
+#~ msgid "primary"
+#~ msgstr "primary"
+
+#~ msgid "toggle"
+#~ msgstr "toggle"
+
+#~ msgid "t"
+#~ msgstr "t"
+
+#~ msgid "pref"
+#~ msgstr "pref"
+
+#~ msgid "showpref"
+#~ msgstr "showpref"
+
+#~ msgid "setpref"
+#~ msgstr "setpref"
+
+#~ msgid "updpref"
+#~ msgstr "updpref"
+
+#~ msgid "keyserver"
+#~ msgstr "keyserver"
+
+#~ msgid "trust"
+#~ msgstr "trust"
+
+#~ msgid "revsig"
+#~ msgstr "revsig"
+
+#~ msgid "revuid"
+#~ msgstr "revuid"
+
+#~ msgid "revkey"
+#~ msgstr "revkey"
+
+#~ msgid "disable"
+#~ msgstr "disable"
+
+#~ msgid "enable"
+#~ msgstr "enable"
+
+#~ msgid "showphoto"
+#~ msgstr "showphoto"
+
+#~ msgid "digest algorithm `%s' is read-only in this release\n"
+#~ msgstr "Í×Ì󥢥르¥ê¥º¥à¡Ö%s¡×¤Ï¡¢¤³¤ÎÈǤÀ¤ÈÆɽФ·¤À¤±¤Ç¤¹\n"
+
+#~ msgid "[%8.8s] "
+#~ msgstr "[%8.8s] "
+
+#~ msgid ""
+#~ "About to generate a new %s keypair.\n"
+#~ " minimum keysize is 768 bits\n"
+#~ " default keysize is 1024 bits\n"
+#~ " highest suggested keysize is 2048 bits\n"
+#~ msgstr ""
+#~ "¿·¤·¤¤%s¸°ÂФòÀ¸À®¤·¤Þ¤¹¡£\n"
+#~ " ºÇû¤Î¸°Ä¹¤Ï 768 ¥Ó¥Ã¥È\n"
+#~ " ´ûÄê¤Î¸°Ä¹¤Ï 1024 ¥Ó¥Ã¥È\n"
+#~ " ºÇĹ¤Î¿ä¾©¸°Ä¹¤Ï 2048 ¥Ó¥Ã¥È\n"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "DSA¤Î¸°Ä¹¤Ï512¤«¤é1024¤Þ¤Ç¤Ç¤¹\n"
+
+#~ msgid "keysize too small; 1024 is smallest value allowed for RSA.\n"
+#~ msgstr "¸°Ä¹¤¬¾®¤µ¤¹¤®¤Þ¤¹¡£RSA¤ÏºÇ¾®¤Ç¤â1024¤Ç¤¹¡£\n"
+
+#~ msgid "keysize too small; 768 is smallest value allowed.\n"
+#~ msgstr "¸°Ä¹¤¬¾®¤µ¤¹¤®¤Þ¤¹¡£ºÇ¾®¤Ç¤â768¤Ç¤¹¡£\n"
+
+#~ msgid "keysize too large; %d is largest value allowed.\n"
+#~ msgstr "¸°Ä¹¤¬Â礭¤¹¤®¤Þ¤¹¡£%d¤¬ºÇÂç¤Ç¤¹¡£\n"
+
+#~ msgid ""
+#~ "Keysizes larger than 2048 are not suggested because\n"
+#~ "computations take REALLY long!\n"
+#~ msgstr ""
+#~ "2048¤è¤êÂ礭¤Ê¸°Ä¹¤Ï¡¢·×»»»þ´Ö¤¬ Èó¾ï¤Ë Ť¯¤Ê¤ë¤Î¤Ç\n"
+#~ "¿ä¾©¤·¤Þ¤»¤ó!\n"
+
+#~ msgid "Are you sure that you want this keysize? (y/N) "
+#~ msgstr "¤³¤Î¸°Ä¹¤ÇËÜÅö¤Ë¤è¤¤¤Ç¤¹¤«? (y/N) "
+
+#~ msgid ""
+#~ "Okay, but keep in mind that your monitor and keyboard radiation is also "
+#~ "very vulnerable to attacks!\n"
+#~ msgstr ""
+#~ "¤ï¤«¤ê¤Þ¤·¤¿¡£¤·¤«¤·¡¢¤¢¤Ê¤¿¤Î¥â¥Ë¥¿¡¼¤ä¥­¡¼¥Ü¡¼¥Éíռͤϡ¢\n"
+#~ "¹¶·â¤Ë¤¿¤¤¤·¤ÆÀȼå¤Ç¤¢¤ë¤³¤È¤òǰƬ¤Ë¤ª¤¤¤Æ¤¯¤À¤µ¤¤!\n"
+
+#~ msgid "Experimental algorithms should not be used!\n"
+#~ msgstr "¼Â¸³Ãæ¤Î¥¢¥ë¥´¥ê¥º¥à¤Ï»ÈÍѤ¹¤Ù¤­¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó!\n"
+
+#~ msgid ""
+#~ "this cipher algorithm is deprecated; please use a more standard one!\n"
+#~ msgstr ""
+#~ "¤³¤Î°Å¹æ¥¢¥ë¥´¥ê¥º¥à¤Ï¡¢ÌäÂê»ë¤µ¤ì¤Æ¤¤¤Þ¤¹¡£\n"
+#~ "¤â¤Ã¤Èɸ½àŪ¤Ê¥¢¥ë¥´¥ê¥º¥à¤ò»È¤Ã¤Æ¤¯¤À¤µ¤¤!\n"
diff --git a/po/nb.gmo b/po/nb.gmo
new file mode 100644
index 0000000..dbf1022
--- /dev/null
+++ b/po/nb.gmo
Binary files differ
diff --git a/po/nb.po b/po/nb.po
new file mode 100644
index 0000000..7b223c1
--- /dev/null
+++ b/po/nb.po
@@ -0,0 +1,8824 @@
+# Norwegian translation (bokmål dialect) of GnuPG.
+# Copyright (C) 2004 Free Software Foundation, Inc.
+# This file is distributed under the same license as the GnuPG package.
+# Trond Endrestøl <Trond.Endrestol@fagskolen.gjovik.no>, 2004.
+#
+# Send this file to:
+# translations@gnupg.org
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.4.3\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2006-06-13 20:31+0200\n"
+"Last-Translator: Trond Endrestøl <Trond.Endrestol@fagskolen.gjovik.no>\n"
+"Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=iso-8859-1\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "klarte ikke å lagre fingeravtrykket: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+#, fuzzy
+msgid "Quality:"
+msgstr "gyldighet: %s"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "for lang linje"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "for lang linje"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Ugyldig tegn i navn\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "ugyldig MPI"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "ugyldig passfrase"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "ugyldig passfrase"
+
+#: agent/command-ssh.c:531
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr ""
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "kan ikke opprette «%s»: %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "kan ikke åpne «%s»: %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "feil ved henting av ny PIN: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "feil ved henting av nåværende nøkkelinfo: %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "ingen skrivbart hemmelig nøkkelknippe ble funnet: %s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "lesing av offentlig nøkkel mislyktes: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "feil ved skriving av nøkkelknippet «%s»: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Tast inn den nye passfrasen for denne hemmelige nøkklen.\n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "endre passfrasen"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"Du trenger en passfrase for å beskytte din hemmelige nøkkel.\n"
+"\n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "klarte ikke å lagre nøkkelen: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+#, fuzzy
+msgid "Please insert the card with serial number"
+msgstr ""
+"Vennligst fjern det nåværende kortet og sett inn kortet med serienummeret:\n"
+" %.*s\n"
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+#, fuzzy
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+"Vennligst fjern det nåværende kortet og sett inn kortet med serienummeret:\n"
+" %.*s\n"
+
+#: agent/divert-scd.c:200
+#, fuzzy
+msgid "Admin PIN"
+msgstr "|A|Admin PIN"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Gjenta denne PIN: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Gjenta denne PIN: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Gjenta denne PIN: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "PIN ble ikke gjentatt korrekt; prøv igjen"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "PIN ble ikke gjentatt korrekt; prøv igjen"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "PIN ble ikke gjentatt korrekt; prøv igjen"
+
+#: agent/divert-scd.c:310
+#, fuzzy, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "||Vennligst tast inn PIN%%0A[signaturer utført: %lu]"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "feil ved opprettelse av passfrase: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "feil ved skriving av nøkkelknippet «%s»: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "Tast inn passfrase\n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Bruke denne nøkkelen likevel? (j/N) "
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"Du trenger en passfrase for å beskytte din hemmelige nøkkel.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "endre passfrasen"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Valg:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "fyldig output"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "være noenlunde stille"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "leser valg fra «%s»\n"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "søke etter nøkler på en nøkkelserver"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr "sette en notasjon for de valgte brukeridene"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "ikke oppdatér tillitsdatabasen etter import"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "feil ved opprettelse av passfrase: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Vennligst rapporter feil til <gnupg-bugs@gnu.org>.\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Bruksmåte: gpg [valg] [filer] (-h for hjelp)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "MERK: ingen standard valgfil «%s»\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "valgfil «%s»: %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "leser valg fra «%s»\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "kan ikke opprette katalogen «%s»: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "kan ikke opprette «%s»: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "feil ved henting av ny PIN: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "feil ved søking etter tillitspost i «%s»: %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "oppdatering mislyktes: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "skriver hemmelig nøkkel til «%s»\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "katalogen «%s» ble opprettet\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "fstat(%d) mislyktes in %s: %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "kan ikke opprette katalogen «%s»: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "feil ved lesing av «%s»: %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "oppdatering av hemmelig mislyktes: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "%s: hoppet over: %s\n"
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr ""
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Bruksmåte: gpg [valg] [filer] (-h for hjelp)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Kommandoer:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Valg:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Bruksmåte: gpg [valg] [filer] (-h for hjelp)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr ""
+
+#: agent/protect-tool.c:1167
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr ""
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "ugyldig passfrase"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "cancel|cancel"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "feil ved opprettelse av passfrase: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "feil med «%s»: %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "valgfil «%s»: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "hemmelig nøkkel er ikke tilgjengelig"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "lesefeil ved «%s»: %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "feil ved lesing av «%s»: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "ja"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "endre passfrasen"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "feil ved opprettelse av passfrase: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "kan ikke åpne nøkkelknippet"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "feil ved lesing av «%s»: %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "feil ved henting av nåværende nøkkelinfo: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "feil ved lesing av «%s»: %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "feil ved lesing av «%s»: %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "feil ved lesing av nøkkelblokk: %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "[Brukerid ikke funnet]"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr ""
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr ""
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr ""
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr ""
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+msgid "canceled by user\n"
+msgstr ""
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr ""
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr ""
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "ADVARSEL: utrygt eierskap på utvidelsen «%s»\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "ADVARSEL: utrygge rettigheter på utvidelsen «%s»\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "ja"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "jJ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "nei"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "avslutt"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "aA"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr "okay|okay"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr "cancel|cancel"
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr "oO"
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr "cC"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "ugyldig sertifikat"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "ugyldig sertifikat"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "ugyldig sertifikat"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "ugyldig sertifikat"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "ugyldig sertifikat"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "ugyldig sertifikat"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "ugyldig sertifikat"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr "ugyldig sertifikat"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "vis alle tilgjengelige data"
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "nøkkelknippet «%s» ble opprettet\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "gyldighet: %s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Støttede algoritmer:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "ikke kryptert"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "ugyldig hashalgoritme «%s»\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Signatur opprettet %s\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "ugyldig hashalgoritme «%s»\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "kryptert med en ukjent algoritme %d\n"
+
+#: common/audit.c:993
+msgid "Data verification succeeded"
+msgstr ""
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "Signatur opprettet %s\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "ingen signatur ble funnet\n"
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "ugyldig hashalgoritme «%s»\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "Signatur opprettet %s\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "Denne nøkkelen er utgått!"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr "ugyldig sertifikat"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "ugyldig sertifikat"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Nøkkel tilgjengelig ved: "
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "ugyldig sertifikat"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "ugyldig sertifikat"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "ukjent versjon"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, c-format
+msgid "No help available for `%s'."
+msgstr ""
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "feil i trailerlinje\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "[ikke satt]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "armor: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "ugyldig armorheader: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "armorheader: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "ugyldig clearsigheader\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "armorheader: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "nøstede klartekstsignaturer\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "uforventet armering:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "ugyldig bindestrekbeskyttet linje: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "hoppet over ugyldig radix64-tegn %02x\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "for tidlig eof (ingen CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "for tidlig eof (i CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "misdannet CRC\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "CRC-feil; %06lX - %06lX\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "for tidlig eof (i trailer)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "feil i trailerlinje\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "ingen gyldig OpenPGP-data funnet.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "ugyldig armor: linje lengre enn %d tegn\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"quoted printable-tegn i armor - antakelig har en MTA med feil blitt brukt\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr ""
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr ""
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr ""
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+#, fuzzy
+msgid "WARNING: invalid notation data found\n"
+msgstr "ingen gyldig OpenPGP-data funnet.\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr ""
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "OpenPGP-kort er ikke tilgjengelig: %s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "OpenPGP-kortnummer %s oppdaget\n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "kan ikke gjøre dette i batchmodus\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "Denne kommandoen er ikke tillatt i %s-modus.\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+msgid "Reset Code not or not anymore available\n"
+msgstr ""
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Ditt valg? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[ikke satt]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "mann"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "dame"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "uspesifisert"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "ikke tvunget"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "tvunget"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "Feil: Bare ren ASCII er foreløpig tillatt.\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "Feil: Tegnet «<» kan ikke brukes.\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "Feil: Doble mellomrom er ikke tillatt.\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "Kortholders etternavn: "
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "Kortholders fornavn: "
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "Feil: Det kombinerte navnet er for langt (grensa går ved %d tegn).\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "URL for å hente offentlig nøkkel: "
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "Feil: URL er for lang (grensa går ved %d tegn).\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "feil ved opprettelse av nøkkelknippet «%s»: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "feil ved lesing av «%s»: %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "feil ved skriving av nøkkelknippet «%s»: %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "Logindata (kontonavn): "
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "Feil: Logindata er for langt (grensa går ved %d tegn).\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr "Privat DO-data: "
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "Feil: Privat DO for lang (grensa går ved %d tegn).\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "Språkpreferanser:"
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "Feil: ugyldig lengde på preferansestrengen.\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Feil: ugyldig tegn i preferansestrengen.\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "Kjønn ((M)ale, (F)emale eller mellomrom): "
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "Feil: ugyldig respons.\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "CA-fingeravtrykk: "
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "Feil: ugyldig formattert fingeravtrykk.\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "nøkkeloperasjonen er umulig: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "ikke et OpenPGP-kort"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "feil ved henting av nåværende nøkkelinfo: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "Erstatte eksisterende nøkkel? (j/N) "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Hvilken nøkkelstørrelse vil du ha? (%u) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Hvilken nøkkelstørrelse vil du ha? (%u) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Hvilken nøkkelstørrelse vil du ha? (%u) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "rundet opp til %u bits\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "feil ved søking etter tillitspost i «%s»: %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "Lage sikkerhetskopi av krypteringsnøkler utenfor kortet? (J/n) "
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "hemmelig nøkkel er allerede lagret på et kort\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "Erstatte eksisterende nøkler? (j/N) "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"Vær obs på at fabrikkinnstilingene for PIN-kodene er\n"
+" PIN = «%s» Admin PIN = «%s»\n"
+"Du bør endre dem med kommandoen --change-pin\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "Vennligst velg hvilken type nøkkel du vil generere:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) Signaturnøkkel\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) Krypteringsnøkkel\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) Autentiseringsnøkkel\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Ugyldig valg.\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "Vennligst velg hvor nøkkelen skal lagres:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "ukjent nøkkelbeskyttelsesalgoritme\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "hemmelige deler av nøkkelen er ikke tilgjengelig.\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "hemmelig nøkkel er allerede lagret på et kort\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "feil ved skriving av nøkkelknippet «%s»: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "avslutte denne menyen"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "vise admin-kommandoer"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "vise denne hjelpen"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "vis alle tilgjengelige data"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "endre kortholders navn"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "endre URL for å hente nøkkel"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "hente nøkkelen angitt i URL som er lagret i kortet"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "endre loginnavnet"
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "endre språkpreferansene"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "endre kortholders kjønn"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "vise et CA-fingeravtrykk"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr "veksle tving-signatur-PIN-flagget"
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "generere nye nøkler"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "meny for å endre eller fjerne blokkering av PIN"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr "bekrefte PIN og vise alle data"
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "Admin-reservert kommando\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "Admin-kommandoer er tillatt\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "Admin-kommandoer er ikke tillatt\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Ugyldig kommando (prøv «help»)\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output virker ikke for denne kommandoen\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "kan ikke åpne «%s»\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "nøkkelen «%s» ble ikke funnet: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "feil ved lesing av nøkkelblokk: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(med mindre du angir nøkkelen ved hjelp av fingeravtrykk)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "kan ikke gjøre dette i batchmode uten «--yes»\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Slette denne nøkkelen fra nøkkelknippet? (j/N)"
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Dette er en hemmelig nøkkel! - virkelig slette den? (j/N)"
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "sleting av nøkkelblokk mislyktes: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "nullstilt informasjon om eiertillit\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "det finnes en hemmelig nøkkel for offentlig nøkkel «%s»!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "bruk valget «--delete-secret-keys» for å slette den først.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "feil ved opprettelse av passfrase: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "kan ikke bruke en symmetrisk ESK-pakke på grunn av S2K-modusen\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "bruker cipher %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "«%s» er allerede komprimert\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "ADVARSEL: «%s» er en tom fil\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"du kan bare kryptere med RSA-nøkler med lengder på 2048 bits eller mindre i "
+"--pgp2-modus\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "leser fra «%s»\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"klarte ikke å bruke IDEA-algoritmen for alle nøklene du krypterer til.\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"ADVARSEL: påtvinging av symmetrisk cipher %s (%d) bryter med mottakerens "
+"preferanser\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"ADVARSEL: tvang av kompresjonsalgoritme %s (%d) bryter med mottakerens "
+"preferanser\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"påtvinging av symmetrisk cipher %s (%d) bryter med mottakerens preferanser\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "du kan ikke bruke %s i %s modus\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s kryptert for: \"%s\"\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s krypterte data\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "kryptert med en ukjent algoritme %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"ADVARSEL: meldingen er kryptert med en svak nøkkel for den symmetriske "
+"cipher.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "problem ved håndtering av kryptert pakke\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "fjernutføring av programmer er ikke støttet\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"eksterne programkall er utkoblet på grunn av utrygge rettigheter på "
+"konfigurasjonsfila\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"denne plattformen krever midlertidige filer ved kall på eksterne programmer\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "kunne ikke utføre program «%s»: %s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "kunne ikke utføre skallet «%s»: %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "systemfeil under kall på eksternt program: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "unaturlig avslutning av eksternt program\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "klarte ikke å kjøre eksternt program\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "klarte ikke å lese reponsen fra eksternt program: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "ADVARSEL: klarte ikke å fjerne midlertidig fil (%s) «%s»: %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "ADVARSEL: klarte ikke å fjerne midlertidig katalog «%s»: %s\n"
+
+#: g10/export.c:61
+msgid "export signatures that are marked as local-only"
+msgstr "eksportere signaturer som er markert som bare-lokale"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr ""
+
+#: g10/export.c:67
+msgid "remove the passphrase from exported subkeys"
+msgstr ""
+
+#: g10/export.c:69
+msgid "remove unusable parts from key during export"
+msgstr ""
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "eksportering av hemmelige nøkler er ikke tillatt\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "nøkkel %s: ikke beskyttet - hoppet over\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "nøkkel %s: PGP 2.x-aktig nøkkel - hoppet over\n"
+
+#: g10/export.c:386
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "nøkkel %s: nøkkelmateriell på kort - hoppet over\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "klarte ikke å fjerne beskyttelsen på undernøkkelen: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "ADVARSEL: hemmelig nøkkel %s har ikke en enkel SK-sjekksum\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "ADVARSEL: ingenting eksportert\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "for mange innslag i pk-cachen - utkoblet\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[Brukerid ikke funnet]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "feil ved lesing av «%s»: %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "CA-fingeravtrykk: "
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr "Ugyldig nøkkel %s gjort gyldig av --allow-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "ingen hemmelig undernøkkel for offentlig undernøkkel %s - ignorerer\n"
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "bruker undernøkkel %s i stedet for primærnøkkel %s\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "nøkkel %s: hemmelig nøkkel uten offentlig nøkkel - hoppet over\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "|[fil]|lage en signatur"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[fil]|lage en klartekstsignatur"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "lage en adskilt signatur"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "kryptere data"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "kryptering med bare symmetrisk cipher"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "dekryptere data (standard)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "bekrefte en signatur"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "liste nøkler"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "liste nøkler og signaturer"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "vise og sjekke nøkkelsignaturer"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "liste nøkler og fingeravtrykk"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "liste hemmelige nøkler"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "generere et nytt nøkkelpar"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "generere et opphevingssertifikat"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "fjerne nøkler fra det offentlige nøkkelknippet"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "fjerne nøkler fra det hemmelige nøkkelknippet"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "signere en nøkkel"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "signere en nøkkel lokalt"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "signere eller redigere en nøkkel"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "endre passfrasen"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "eksportere nøkler"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "eksportere nøkler til en nøkkelserver"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "importere nøkler fra en nøkkelserver"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "søke etter nøkler på en nøkkelserver"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "oppdatere alle nøklene fra en nøkkelserver"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "importere/flette nøkler"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "vis kortets status"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "endre data på et kort"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "endre PIN på et kort"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "oppdatere tillitsdatabasen"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|algo [filer]|skrive meldingsdigester"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "lage ASCII-beskyttet output"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|NAVN|kryptere for NAVN"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "bruke denne brukeriden for signering eller dekryptering"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|sette kompresjonsnivå til N (0 slår av kompresjon)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "bruk kanonisk tekstmodus"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "leser valg fra «%s»\n"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "ikke gjør noen endringer"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "spør før overskriving"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "bruk streng OpenPGP-oppførsel"
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Se mansiden for en komplett liste over alle kommandoene og valgene)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Eksempler:\n"
+"\n"
+" -se -r Bob [fil] signere og kryptere for brukeren Bob\n"
+" --clearsign [fil] lage en klartekstsignatur\n"
+" --detach-sign [fil] lage en adskilt signatur\n"
+" --list-keys [navn] vise nøkler\n"
+" --fingerprint [navn] vise fingeravtrykk\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Bruksmåte: gpg [valg] [filer] (-h for hjelp)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Bruksmåte: gpg [valg] [filer]\n"
+"signere, sjekke, kryptere eller dekryptere\n"
+"standard operasjon avhenger av inputdata\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Støttede algoritmer:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Offentlig nøkkel: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Cipher: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Hash: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Kompresjon: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "bruksmåte: gpg [valg] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "motstridende kommandoer\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "fant ingen «=»-tegn i gruppedefinisjonen «%s»\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "ADVARSEL: utrygt eierskap på hjemmekatalogen «%s»\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "ADVARSEL: utrygt eierskap på konfigurasjonsfilen «%s»\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "ADVARSEL: utrygt eierskap på utvidelsen «%s»\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "ADVARSEL: utrygge rettigheter på hjemmekatalogen «%s»\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "ADVARSEL: utrygge rettigheter på konfigurasjonsfilen «%s»\n"
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "ADVARSEL: utrygge rettigheter på utvidelsen «%s»\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr ""
+"ADVARSEL: utrygt eierskap på katalogene på nivåene over hjemmekatalogen «%s»\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+"ADVARSEL: utrygt eierskap på katalogene på nivåene over konfigurasjonsfilen «%"
+"s»\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+"ADVARSEL: utrygt eierskap på katalogene på nivåene over utvidelsen «%s»\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+"ADVARSEL: utrygge rettigheter på katalogene på nivåene over hjemmekatalogen «%"
+"s»\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+"ADVARSEL: utrygge rettigheter på katalogene på nivåene over "
+"konfigurasjonsfilen «%s»\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+"ADVARSEL: utrygge rettigheter på katalogene på nivåene over utvidelsen «%s»\n"
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "ukjent konfigurasjonspunkt «%s»\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+msgid "show preferred keyserver URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+msgid "show the keyring name in key listings"
+msgstr "vise navnet til nøkkelknippene i nøkkellister"
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "MERK: den gamle valgfila «%s» ble ignorert\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "MERK: %s er ikke for vanlig bruk!\n"
+
+# Tenk litt på denne du, Trond.
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "«%s» er ikke en gyldig signaturutgåelse\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "«%s» er ikke et gyldig tegnsett\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "kunne ikke parse nøkkelserverens URL\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: ugyldige valg for nøkkelserver\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "ugyldige valg for nøkkelserver\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: ugyldige importvalg\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "ugyldige importvalg\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: ugyldige eksportvalg\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "ugyldige eksportvalg\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: ugyldige listevalg\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "ugyldige listevalg\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+msgid "show all notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+msgid "show preferred keyserver URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2714
+msgid "show user ID validity during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+msgid "show only the primary user ID in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: ugyldige valg for bekreftelse\n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "ugyldige valg for bekreftelse\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "kunne ikke sette exec-path til %s\n"
+
+#: g10/gpg.c:2925
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: ugyldig auto-key-locate-liste\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "ADVARSEL: programmet kan opprette en corefil!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "ADVARSEL: %s overstyrere %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s er ikke tillatt sammen med %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s er ikke fornuftig med %s!\n"
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr ""
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "du kan bare lage adskilte eller klare signaturer i --pgp2-modus\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "du kan ikke signere og kryptere samtidig i --pgp2-modus\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "du må bruke filer (og ikke en pipe) når --pgp2 er påslått\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "kryptering en melding i --pgp2-modus krever IDEA-algoritmen\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "valgt krypteringsalgoritme er ugyldig\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "valg digestalgoritme er ugyldig\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "valgt kompresjonsalgoritme er ugyldig\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "valgt sertifikasjondigestalgoritme er ugyldig\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed må være større enn 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-neede må være større enn 1\n"
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth må være i intervallet fra 1 til 255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "ugyldig default-cert-level; må være 0, 1, 2 eller 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "ugyldig min-cert-level; må være 0, 1, 2 eller 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "MERK: enkel S2K-modus (0) er sterkt frarådet\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "ugyldig S2K-modus; må være 0, 1 eller 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "ugyldig standard preferanser\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "ugyldig personlig cipherpreferanser\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "ugyldig personlig digestpreferanser\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "ugyldig personlig kompresjonspreferanser\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s virker ikke ennå med %s\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "du kan ikke bruke cipheralgoritmen «%s» i %s-modus\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "du kan ikke bruke digestalgoritmen «%s» i %s-modus\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "du kan ikke bruke kompresjonsalgoritmen «%s» i %s-modus\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "klarte ikke å initialisere tillitsdatabasen: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"ADVARSEL: mottakere (-r) angitt uten å bruke offentlig nøkkelkryptering\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [filnavn]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [filnavn]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "symmetrisk kryptering av «%s» mislyktes: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [filnavn]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [filnavn]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "du kan ikke bruke --symmtric --encrypt i %s-modus\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [filnavn]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [filnavn]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [filnavn]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "du kan ikke bruke --symmetric --sign --encrypt i %s-modus\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [filnavn]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [filnavn]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [filnavn]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key brukerid"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key brukerid"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key brukerid [kommandoer]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key brukerid"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "sending til nøkkelserver mislyktes: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "mottak fra nøkkelserver mislyktes: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "nøkkeleksport mislyktes: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "søk på nøkkelserver mislyktes: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "refresh på nøkkelserver mislyktes: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "dearmoring failed: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "enarmoring failed: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "ugyldig hashalgoritme «%s»\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[filnavn]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Sett i gang og tast inn meldingen din ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "den angitte URLen for sertifikasjonspolicyen er ugyldig\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "den angitte URLen for signaturpolicy er ugyldig\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "den angitte URLen for den foretrukkede nøkkelserveren er ugyldig\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "hent nøklene fra dette nøkkelknippet"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "la konflikter mellom tidsstempler bare være en advarsel"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|skrive statusinfo til denne FD"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Bruksmåte: gpgv [valg] [filer] (-h for hjelp)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Bruksmåte: gpgv [valg] [filer]\n"
+"Sjekke signaturer mot kjente betrodde nøkler\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr ""
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr ""
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+msgid "do not update the trustdb after import"
+msgstr "ikke oppdatér tillitsdatabasen etter import"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr ""
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+msgid "remove unusable parts from key after import"
+msgstr ""
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "hopper over blokk av typen %d\n"
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu nøkler behandlet hittil\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Totalt antall behandlet: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr "nye nøkler som ble hoppet over: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " uten brukerider: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importert: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " uendret: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " nye brukerider: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " nye undernøkler: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " nye signaturer: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " nye nøkkelopphevinger: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " leste hemmelige nøkler: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " importerte hemmelige nøkler: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " uforandrede hemmelige nøkler: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " ikke importert: %lu\n"
+
+#: g10/import.c:323
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " oppryddete signaturer: %lu\n"
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " oppryddete brukerider: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " «%s» preferanse for digestalgoritme %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "nøkkel %s: ingen brukerid\n"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "nøkkel %s: PKS-undernøkkel reparert\n"
+
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "nøkkel %s: akseptert ikke-selvsignert brukerid «%s»\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "nøkkel %s: ingen gyldig brukerid\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "dette kan skyldes en manglende selvsignatur\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "nøkkel %s: offentlig nøkkel ikke funnet: %s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "nøkkel %s: ny nøkkel - hoppet over\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "ingen skrivbart nøkkelknippe funnet: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "skriver til «%s»\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "feil ved skriving av nøkkelknippet «%s»: %s\n"
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "nøkkel %s: offentlig nøkkel «%s» importert\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "nøkkel %s: stemmer ikke med vår kopi\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "nøkkel %s: kan ikke finne original nøkkelblokk: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "nøkkel %s: kan ikke lese original nøkkelblokk: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "nøkkel %s: «%s» 1 ny brukerid\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "nøkkel %s: «%s» %d nye brukerider\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "nøkkel %s: «%s» 1 ny signatur\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "nøkkel: %s: «%s» %d nye signaturer\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "nøkkel %s: «%s» 1 ny undernøkkel\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "nøkkel %s: «%s» %d nye undernøkler\n"
+
+#: g10/import.c:980
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "nøkkel: %s: «%s» %d nye signaturer\n"
+
+#: g10/import.c:983
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "nøkkel: %s: «%s» %d nye signaturer\n"
+
+#: g10/import.c:986
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "nøkkel %s: «%s» %d nye brukerider\n"
+
+#: g10/import.c:989
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "nøkkel %s: «%s» %d nye brukerider\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "nøkkel %s: «%s» ikke endret\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "nøkkel %s: hemmelig nøkkel med ugyldig cipher %d - hoppet over\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "import av hemmelig nøkkel er ikke tillatt\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "ingen standard hemmelig nøkkelknippe: %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "nøkkel %s: hemmelig nøkkel importert\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "nøkkel %s: finnes allerede i hemmelig nøkkelknippe\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "nøkkel %s: hemmelig nøkkel ikke funnet: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"nøkkel %s: ingen offentlig nøkkel - kan ikke anvende opphevingssertifikat\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "nøkkel %s: ugyldig opphevingssertifikat: %s - avvist\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "nøkkel %s: «%s» opphevingssertifikat importert\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "nøkkel %s: ingen brukerid for signatur\n"
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr "nøkkel %s: ustøttet offentlig nøkkelalgoritme for brukerid «%s»\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "nøkkel %s: ugyldig selvsignatur for brukerid «%s»\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "nøkkel %s: ustøttet offentlig nøkkelalgoritme\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "nøkkel %s: direkte nøkkelsignatur lagt til\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "nøkkel %s: ingen undernøkkel for nøkkelbinding\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "nøkkel %s: ugyldig undernøkkelbinding\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "nøkkel %s: fjernet flere undernøkkelbindinger\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "nøkkel %s: ingen undernøkkel for nøkkeloppheving\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "nøkkel %s: ugyldig undernøkkeloppheving\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "nøkkel %s: fjernet flere undernøkkelopphevinger\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "nøkkel %s: hoppet over brukerid «%s»\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "nøkkel %s: hoppet over undernøkkel\n"
+
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "nøkkel %s: ikke-eksporterbar signatur (klasse 0x%02X) - hoppet over\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "nøkkel %s: opphevingssertifikat på feil plass - hoppet over\n"
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "nøkkel %s: ugyldig opphevingssertifikat: %s - hoppet over\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "nøkkel %s: undernøkkelsignatur på feil plass - hoppet over\n"
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "nøkkel %s: uforventet signaturklasse (0x%02X) - hoppet over\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "nøkkel %s: duplikert brukerid oppdaget - flettet sammen\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr "ADVARSEL: nøkkel %s kan være opphevet: henter opphevingsnøkkel %s\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"ADVARSEL: nøkkel %s kan være opphevet: opphevingsnøkkel %s ikke tilstede.\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "nøkkel %s: «%s» opphevingssertifikat lagt til\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "nøkkel %s: direkte nøkkelsignatur lagt til\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr ""
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr ""
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr ""
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "feil ved opprettelse av nøkkelknippet «%s»: %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "nøkkelknippet «%s» ble opprettet\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "nøkkelblokkressurs «%s»: %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr ""
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[oppheving]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[selvsignatur]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 ubrukelig signatur\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d ubrukelige signaturer\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 signatur ble ikke sjekket på grunn av en manglende nøkkel\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d signaturer ble ikke sjekket på grunn av manglende nøkler\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 signatur ble ikke sjekket på grunn av en feil\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d signaturer ble ikke sjekket på grunn av feil\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "1 brukerid uten gyldig selvsignatur ble oppdaget\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "%d brukerider uten gyldige selvsignaturer ble oppdaget\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Vennligst bestem hvor mye du tiltror denne brukeren korrekt å bekrefte\n"
+"andre brukeres nøkler (ved å se på pass, sjekke fingeravtrykk fra\n"
+"forskjellige kilder, osv.)\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Jeg stoler marginalt\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Jeg stoler fullt\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "Brukerid «%s» er opphevet."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Er du fortsatt sikker på at du vil signerere den? (j/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Kunne ikke signere.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "Brukerid «%s» er utgått."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "Brukeriden «%s» er ikke selvsignert."
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "Brukeriden «%s» er signerbar."
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr "Signere den? (j/N) "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"Selvsignaturen på «%s»\n"
+"er en PGP 2.x-aktig signatur.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Vil du forfremme den til en OpenPGP-selvsignatur? (j/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Din nåværende signatur på «%s»\n"
+"er utgått.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "Vil du utstede en ny signatur for å erstatte den som er utgått? (j/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Din nåværede signatur på «%s»\n"
+"er en lokal signatur.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "Vil du forfremme den til en fullt eksporterbar signatur? (j/N) "
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "«%s» var allerede lokalt signert av nøkkelen %s\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "«%s» var allerede signert av nøkkelen %s\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Vil du likevel signere den igjen? (j/N) "
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Ingenting å signere med nøkkelen %s\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Denne nøkkelen er utgått!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Denne nøkkelen utgår den %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Vil du at signaturen skal utgå på samme tidspunkt? (J/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"Du kan ikke lage en OpenPGP-signatur på en PGP-2.x-nøkkel i --pgp2-modus.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Dette ville gjøre nøkkelen ubrukelig i PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Hvor nøyaktig har du bekreftet at nøkkelen du skal signere faktisk\n"
+"tilhører den overnevnte personen? Tast inn «0» dersom du ikke vet\n"
+"svaret.\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Jeg vil ikke svare.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Jeg har ikke sjekket i det hele tatt.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Jeg har gjort en vanlig sjekk.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Jeg har sjekket veldig nøye.%s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Ditt valg? (angi «?» for mer informasjon): "
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Er du virkelig sikker på at du vil signerere denne nøkkelen med din\n"
+"nøkkel «%s» (%s)\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "Dette vil være en selvsignatur.\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr "ADVARSEL: signaturen vil ikke bli markert som ikke-eksporterbar.\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr "ADVARSEL: signaturen vil ikke bli markert som ikke-opphevbar.\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "Signaturen vil bli markert som ikke-eksporterbar.\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "Signaturen vil bli markert som ikke-opphevbar.\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "Jeg har ikke sjekket denne nøkkelen i det hele tatt.\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "Jeg har sjekket denne nøkkelen på vanlig måte.\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "Jeg har sjekket denne nøkkelen veldig nøye.\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "Virkelig signere? (j/N) "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "signering mislyktes: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Denne nøkkelen er ikke beskyttet.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Hemmelige deler av primærnøkkelen er ikke tilgjengelig.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Hemmelige deler av primærnøkkelen er lagret på kort.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Nøkkelen er beskyttet.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Kan ikke redigere denne nøkkelen: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr "Tast inn den nye passfrasen for denne hemmelige nøkklen.\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "passfrasen ble ikke gjentatt korrekt; prøv igjen"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr "Du ønsker ikke en passfrase - dette er sannsynligvis en *dum* idé!\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "Vil du virkelig gjøre dette? (j/N) "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "flytter en nøkkelsignatur til den rette plassen\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "lagre og avslutte"
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr "vise nøkkelens fingeravtrykk"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "liste nøkler og brukerider"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "velger brukerid N"
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr "velger brukerid N"
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr "sjekke signaturer"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr "signerere utvalgte brukerider lokalt"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr "signere utvalgte brukerider med en tillitssignatur"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "legge til en brukerid"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "legge til en fotoid"
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr "slette utvalgte brukerider"
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr "legge til en undernøkkel"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr "slette utvalgte undernøkler"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "legge til en opphevingsnøkkel"
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr "slette signaturene fra de utvalgte brukeridene"
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr ""
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr "markere den valgte brukeriden som den primære"
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr "veksle mellom hemmelig og offentlig nøkkellisting"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "liste preferanser (ekspert)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "liste preferanser (fyldig)"
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr "sette preferanseliste for de valgte brukeridene"
+
+#: g10/keyedit.c:1453
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "sette URL for foretrukket nøkkelserver for de valgte brukeridene"
+
+#: g10/keyedit.c:1455
+msgid "set a notation for the selected user IDs"
+msgstr "sette en notasjon for de valgte brukeridene"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "endre passfrasen"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "endre eiertilliten"
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr "oppheve signaturene på de valgte brukeridene"
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr "oppheve utvalgte brukerider"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr "oppheve nøkkel eller utvalgte undernøkler"
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr "innkoble en nøkkel"
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr "utkoble en nøkkel"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr "vise utvalgte fotoider"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "feil ved lesing av hemmelig nøkkelblokk «%s»: %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Hemmelig nøkkel er tilgjengelig\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Trenger den hemmelige nøkkelen for å gjøre dette.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Vennligst bruk kommandoen «toggle» først.\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "Nøkkelen er opphevet."
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Virkelig signerere alle brukerider? (j/N) "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Tips: Velg brukeriden som skal signeres\n"
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "Ukjent signaturtype «%s»\n"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Denne kommandoen er ikke tillatt i %s-modus.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Du må velge minst en brukerid.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Du kan ikke slette den siste brukeriden!\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Virkelig fjerne alle valgte brukerider? (j/N) "
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "Virkelig fjerne denne brukeriden? (j/N) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr "Virkelig flytte primærnøkkelen? (j/N) "
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "Du må velge minst en nøkkel.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "Kan ikke åpne «%s»: %s\n"
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "Feil ved lesing av sikkerhetskopiert nøkkel «%s»: %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Du må velge minst en nøkkel.\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Vil du virkelig slette den valgte nøkkelen? (j/N) "
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Vil du virkelig slette denne nøkkelen? (j/N) "
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Virkelig oppheve alle de valgte brukeridene? (j/N) "
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Virkelig oppheve denne brukeriden? (j/N) "
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Vil du virkelig oppheve hele nøkkelen? (j/N) "
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Vil du virkelig oppheve de valgte undernøklene? (j/N) "
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Vil du virkelig oppheve denne undernøkkelen? (j/N) "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "sette preferanseliste til:\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "Virkelig oppdatere preferansene for de valgte brukeridene? (j/N) "
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "Virkelig oppdatere preferansene? (j/N) "
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "Lagre endringene? (j/N) "
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "Avslutte uten å lagre? (j/N) "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "oppdatering mislyktes: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "oppdatering av hemmelig mislyktes: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Nøkkelen ble ikke endret, så ingen oppdatering er nødvendig.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Digest: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Særtrekk: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+msgid "Notations: "
+msgstr "Notasjoner: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "Det er ingen preferanser for en PGP 2.x-aktig brukerid.\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Denne nøkkelen ble opphevet den %s av %s med nøkkelen %s\n"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Denne nøkkelen kan bli opphevet av %s med nøkkelen %s"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr "(sensitiv)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "opprettet: %s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "opphevet: %s"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "utgikk: %s"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "utgår: %s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "bruksmåte: %s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr "tillit: %s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "gyldighet: %s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Denne nøkkelen har blitt utkoblet"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "opphevet"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "utgått"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Er du sikker på at du vil legge den til? (j/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Slette denne gode signaturen? (j/N/a)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr ""
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr ""
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr ""
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Slettet %d signatur.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "Slettet %d signaturer.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Ingen ble slettet.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "ugyldig"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "brukerid «%s»: allerede renset\n"
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "nøkkel: %s: «%s» %d nye signaturer\n"
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "nøkkel: %s: «%s» %d nye signaturer\n"
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "brukerid «%s»: allerede renset\n"
+
+#: g10/keyedit.c:3374
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "brukerid «%s»: allerede renset\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr ""
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr ""
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr ""
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Er du fortsatt sikker på at du vil gjøre denne nøkkelen til en opphever? (j/"
+"N) "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr ""
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr "Vennligst velg minst en undernøkkel.\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr ""
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr ""
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr ""
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "Undernøkkel %s er allerede opphevet.\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr ""
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "hopper over v3 selvsignatur for brukerid «%s»\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Er du sikker på at du vil erstatte den? (j/N) "
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Er du sikker på at du vil slette den? (j/N) "
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr ""
+
+#: g10/keyedit.c:4471
+msgid "Proceed? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr ""
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr ""
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr ""
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr ""
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr ""
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (ikke-eksporterbar)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Denne signaturen utgikk den %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr ""
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr ""
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (ikke-opphevbar)"
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr ""
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr ""
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "ingen hemmelig nøkkel\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "brukerid «%s» er allerede opphevet\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr "ADVARSEL: en brukeridsignatur er datert %d sekunder i fremtiden\n"
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "Nøkkelen %s er allerede opphevet.\n"
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "Undernøkkel %s er allerede opphevet.\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "preferansen %s er duplisert\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "for mange cipher-preferanser\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "for mange digest-preferanser\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "for mange kompresjons-preferanser\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "ugyldig oppføring «%s» i preferansestreng\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "skriver direkte signatur\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "skriver selvsignatur\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "skriver nøkkelbindende signatur\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "nøkkelstørrelsen er ugyldig; bruker %u bits\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "nøkkelstørrelsen ble rundet opp til %u bits\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "Signere"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr "Bekrefte"
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "Kryptere data"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "Autentisere"
+
+# S og s for signering
+# K og k for kryptering
+# A og a for autentisering
+# Q og q for avslutte
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr "SsKkAaQq"
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr ""
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Vennligst velg hvilken type nøkkel du vil ha:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA og ElGamal (standard)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA og ElGamal (standard)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (bare signering)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (bare signering)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (bare kryptering)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (bare kryptering)\n"
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (sette dine egne muligheter)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (sette dine egne muligheter)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Hvilken nøkkelstørrelse vil du ha? (%u) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Hvilken nøkkelstørrelse vil du ha? (%u) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Ønsket nøkkelstørrelse er %u bits\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Vennligst angi hvor lenge nøkkelen skal være gyldig.\n"
+" 0 = nøkkelen utgår ikke\n"
+" <n> = nøkkelen utgår om n days\n"
+" <n>w = nøkkelen utgår om n weeks\n"
+" <n>m = nøkkelen utgår om n months\n"
+" <n>y = nøkkelen utgår om n years\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Vennligst angi hvor lenge signaturen skal være gyldig.\n"
+" 0 = signaturen utgår ikke\n"
+" <n> = signaturen utgår om n days\n"
+" <n>w = signaturen utgår om n weeks\n"
+" <n>m = signaturen utgår om n months\n"
+" <n>y = signaturen utgår om n years\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Nøkkelen er gyldig for? (0) "
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Signaturen er gyldig for? (%s) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "ugyldig verdi\n"
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr "Nøkkel utgår ikke i det hele tatt\n"
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr "Signaturen utgår ikke i det hele tatt\n"
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "Nøkkel utgår den %s\n"
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "Signaturen utgår den %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Systemet ditt kan ikke vise datoer etter 2038.\n"
+"Likevel vil det bli håndtert korrekt opp til 2106.\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "Er dette korrekt (j/N)? "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Du trenger en brukerid for å identifisere nøkkelen din;\n"
+"programvaren konstruerer brukeriden ut fra fullt navn, kommentar og\n"
+"epostadresse til denne formen:\n"
+" «Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>»\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Fullt navn: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Ugyldig tegn i navn\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Navnet kan ikke starte med et siffer\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Navnet må være minst 5 tegn langt\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Epostadresse: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Ikke en gyldig epostadresse\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Kommentar: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Ugyldig tegn i kommentar\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Du bruker tegnsettet «%s».\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Du valgte denne brukeriden:\n"
+" «%s»\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr ""
+"Vennligst ikke putt epostadressen inn i fullt navn eller i kommentaren\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnKeEeRrAa"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Endre (N)avn, (K)ommentar, (E)postadresse eller (A)vslutt? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Endre (N)avn, (K)ommentar, (E)postadresse eller (R)iktig/(A)vslutt? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Vennligst korriger feilen først\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Du trenger en passfrase for å beskytte din hemmelige nøkkel.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+"Du trenger en passfrase for å beskytte din hemmelige nøkkel.\n"
+"\n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Du vil ikke ha en passfrase - dette er sannsynligvis en *dum* idé!\n"
+"Jeg fortsetter likevel. Du kan endre passfrasen din når som helst ved\n"
+"hjelp av dette programmet og valget «--edit-key».\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Vi trenger å generere ganske mange tilfeldige byter. Det er en god idé\n"
+"å utføre andre oppgaver (skrive på tastaturet, flytte på musa, la\n"
+"diskene jobbe) under primtallgenereringen; dette gir\n"
+"tilfeldig-tall-generatoren en bedre sjanse til å samle nok entropy.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Nøkkelgenereringen ble avbrutt.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "skriver offentlig nøkkel til «%s»\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "skriver foreløpig hemmelig nøkkel til «%s»\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "skriver hemmelig nøkkel til «%s»\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "ingen skrivbart offentlig nøkkelknippe ble funnet: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "ingen skrivbart hemmelig nøkkelknippe ble funnet: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "feil ved skriving av offentlig nøkkelknippe «%s»: %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "feil ved skriving av hemmelig nøkkelknippe «%s»: %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "offentlig og hemmelig nøkkel opprettet og signert.\n"
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Merk at denne nøkkelen ikke kan brukes for kryptering. Du ønsker\n"
+"kanskje å bruke kommandoen «--edit-key» for å generere en\n"
+"sekundærnøkkel for dette formålet.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Nøkkelgenerering mislyktes: %s\n"
+
+# Er dette entallsformen av denne strengen?
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"nøkkel har blitt opprettet %lu sekund i fremtiden (time warp eller "
+"klokkeproblem)\n"
+
+# Er dette flertallsformen av denne og den forrige strengen?
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"nøkkel har blitt opprettet %lu sekunder i fremtiden (time warp eller "
+"klokkeproblem)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr ""
+"MERK: opprettelse av undernøkler for v3-nøkler er ikke i samsvar med "
+"OpenPGP\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "Virkelig opprette? (j/N)"
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "lagring av nøkkel på kort mislyktes: %s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "kan ikke opprette sikkerhetskopifil «%s»: %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr ""
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr ""
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr ""
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr ""
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr ""
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr ""
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Nøkkelknippe"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Fingeravtrykk for primærnøkkel:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Fingeravtrykk for undernøkkel:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Fingeravtrykk for primærnøkkel:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Fingeravstrykk for undernøkkel:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr " Nøkkelfingeravtrykk ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr " Serienummer for kort ="
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "omdøping fra «%s» til «%s» mislyktes: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "ADVARSEL: 2 filer med konfidensiell informasjon finnes.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr ""
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr ""
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr ""
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "cacher nøkkelknippet «%s»\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu nøkler cachet så langt (%lu signaturer)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu nøkler cachet (%lu signaturer)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr ""
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+msgid "honor the preferred keyserver URL set on the key"
+msgstr ""
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"ADVARSEL: nøkkelserver-valget «%s» er ikke i bruk på denne plattformen\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "utkoblet"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr ""
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "nøkkelen «%s» ble ikke funnet på nøkkelserveren\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "nøkkelen ble ikke funnet på nøkkelserver\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "ber om nøkkelen %s fra %s server %s\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "ber om nøkkel %s fra %s\n"
+
+#: g10/keyserver.c:1205
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "søke etter navn fra %s server %s\n"
+
+#: g10/keyserver.c:1208
+#, c-format
+msgid "searching for names from %s\n"
+msgstr "søker etter navn fra %s\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "søke etter «%s» fra %s server %s\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "søker etter «%s» fra %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr "ingen handling for nøkkelserver!\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "nøkkelserver sendte ikke VERSION\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "nøkkelserver svarte ikke tidsnok\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "intern feil ved nøkkelserver\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "kommunikasjonsfeil med nøkkelserver: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr ""
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "ADVARSEL: klarte ikke å oppfriske nøkkel %s via %s: %s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "oppfrisker 1 nøkkel fra %s\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "oppfrisker %d nøkler fra %s\n"
+
+#: g10/keyserver.c:1987
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "ADVARSEL: klarte ikke å fange URI %s: %s\n"
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "ADVARSEL: klarte ikke å parse URI %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "merkelig størrelse for en kryptert sesjonsnøkkel (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr ""
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "passfrase er generert med en ukjent digest-algoritme %d\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "offentlig nøkkel er %s\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "offentlig nøkkel-kryptert data: god DEK\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "kryptert med %u-bit %s-nøkkel, ID %s, opprettet %s\n"
+
+# Do we really need to translate this string.
+# The must some bug in the code.
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " «%s»\n"
+
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "kryptert med %s-nøkkel, ID %s\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "offentlig nøkkel-dekryptering mislyktes: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr ""
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr ""
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr ""
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr ""
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr ""
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr ""
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "dekryptering mislyktes: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr ""
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "opprinnelig filnavn=«%.*s»\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr ""
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+msgid "no signature found\n"
+msgstr "ingen signatur ble funnet\n"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr ""
+
+#: g10/mainproc.c:1587
+msgid "can't handle this ambiguous signature data\n"
+msgstr ""
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "Signatur opprettet %s\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " bruker %s nøkkel %s\n"
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Signatur laget %s ved hjelp av %s-nøkkel ID %s\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Nøkkel tilgjengelig ved: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "DÅRLIG signatur fra «%s»"
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Utgått signatur fra «%s»"
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "God signatur fra «%s»"
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[usikker]"
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " aka «%s»"
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Signatur utgått %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Signatur utgår %s\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s signatur, digestalgoritme %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "binær"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "tekstmodus"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "ukjent"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr ""
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr ""
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr ""
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr ""
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr ""
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "fstat(%d) mislyktes in %s: %s\n"
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "ADVARSEL: bruker eksperimentell offentlig nøkkel-algoritme %s\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "ADVARSEL: digestalgoritmen «%s» er avlegs\n"
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "ADVARSEL: bruker eksperimentell cipheralgoritme %s\n"
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "ADVARSEL: bruker eksperimentell digest-algoritme %s\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "ADVARSEL: digestalgoritmen «%s» er avlegs\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr ""
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, c-format
+msgid "please see %s for more information\n"
+msgstr "vennligst se %s for mer informasjon\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr ""
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr ""
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr ""
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr ""
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr ""
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr ""
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "flertydig valg «%s»\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "ukjent valg «%s»\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Fila «%s» finnes. "
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "Overskrive (j/N) "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr ""
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Tast inn nytt filnavn"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "skriver til stdout\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "antar at signert data er i «%s»\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "ny konfigurasjonsfil «%s» ble opprettet\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "ADVARSEL: valgene i «%s» er ikke aktive under denne kjøringen\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr ""
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr ""
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr ""
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (hovednøkkelid %s)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Du trenger en passfrase for å låse opp den hemmelige nøkkelen for brukeren:\n"
+"«%.*s»\n"
+"%u-bit %s nøkkel, ID %s, opprettet %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Tast inn passfrase\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr ""
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"Du trenger en passfrase for å låse opp den hemmelige nøkkelen for\n"
+"brukeren: «%s»\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-bit %s-nøkkel, ID %s, opprettet %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr ""
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "kan ikke åpne JPEG-fil «%s»: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Er du sikker på at du vil bruke den? (j/N) "
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "«%s» er ikke et JPEG-fil\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr ""
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr ""
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Ingen grunn er angitt"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Nøkkelen er overgått"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Nøkkelen har blitt kompromittert"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Nøkkelen er ikke lengre i bruk"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "Brukerid er ikke lengre gyldig"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "grunnen for opphevelse: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "kommentar til opphevelse: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMqQsS"
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "Ingen tillitsverdi tilordnet til:\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " aka «%s»\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+"Hvor mye stoler du på at denne nøkkelen faktisk tilhører den angitte "
+"brukeren?\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Jeg vet ikke eller vil ikke uttale meg\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = Jeg stoler IKKE på den\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Jeg stoler fullstendig på den\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " m = tilbake til hovedmenyen\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " s = hopp over denne nøkkelen\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " q = avslutt\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Valget ditt? "
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Vil du virkelig sette denne nøkkelen til fullstendig tillit? (j/N) "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Sertifikater som fører til en fullstendig betrodd nøkkel:\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Det finnes ingen indikasjon på at denne nøkkelen faktisk tilhører den "
+"angitte eieren\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Det er begrenset indikasjon på at denne nøkkelen faktisk tilhører den "
+"angitte eieren\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "Denne nøkkelen tilhører sannsynligvis den angitte eieren\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "denne nøkkelen tilhører oss\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"Det er IKKE sikkert at nøkkelen tilhører personen som er angitt i\n"
+"brukeriden. Dersom du *virkelig* vet hva du gjør, kan du besvare det\n"
+"neste spørsmålet med ja.\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "Bruke denne nøkkelen likevel? (j/N) "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "ADVARSEL: Bruker ubetrodd nøkkel!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+"ADVARSEL: nøkkel %s kan være opphevet: opphevingsnøkkel %s ikke tilstede.\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr ""
+"ADVARSEL: Denne nøkkelen har blitt opphevet av den utpekte oppheveren!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "ADVARSEL: Denne nøkkelen har blitt opphevet av dens eier!\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " Dette kan bety at signaturen er falsk.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "ADVARSEL: Denne undernøkkelen har blitt opphevet av eieren!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Merk: Denne nøkkelen har blitt utkoblet.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Merk: Denne nøkkelen er utgått!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr ""
+"ADVARSEL: Denne nøkkelen er ikke sertifisert med en betrodd signatur!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr " Det er ingen indikasjon på at signaturen tilhører eieren.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "ADVARSEL: Vi stoler IKKE på denne nøkkelen!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Signaturen er sannsynligvis et FALSKNERI.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"ADVARSEL: Denne nøkkelen er ikke sertifisert med tilstrekkelige betrodde "
+"signaturer!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Det er ikke sikkert at signaturen tilhører brukeren.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: hoppet over: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: hoppet over: offentlig nøkkel er allerede tilstede\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "Du oppga ikke en brukerid. (Du kan bruke «-r»)\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Tast inn brukeriden. Avslutt med en blank linje: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Det finnes ingen slik brukerid.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "hoppet over: offentlig nøkkel allerede satt som standard mottaker\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Offentlig nøkkel er utkoblet.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "hoppet over: offentlig nøkkel er allerede satt\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "ukjent standardmottaker «%s»\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: hoppet over: offentlig nøkkel er utkoblet\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "ingen gyldige adressater\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "nøkkel %s: ingen brukerid\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "nøkkel %s: ingen brukerid\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr ""
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr ""
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr ""
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr ""
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr ""
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "kan ikke åpne «%s»: %s\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr ""
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr ""
+"påtvinging av kompresjonsalgoritme %s bryter med mottakerens preferanser\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "NOTIS: hemmelig nøkkel %s utgikk den %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr ""
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr ""
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "nøkkel %s: ingen brukerid\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr ""
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr ""
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Lage et utpekt opphevingssertifikat for denne nøkkelen? (j/N) "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr ""
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr ""
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr ""
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr ""
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "hemmelig nøkkel «%s» ble ikke funnet: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr ""
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr ""
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Lage et opphevingssertifikat for denne nøkkelen? (j/N) "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr ""
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr ""
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr ""
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr ""
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr ""
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr ""
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr ""
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr ""
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "Er dette i orden? (j/N) "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr ""
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr ""
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr ""
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Ugyldig passfrase; vennligst prøv igjen"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr ""
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "svak nøkkel ble opprettet - prøver på nytt\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"kan ikke unngå svak nøkkel for symmetrisk krypteringsalgorime; prøvde %d "
+"ganger!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr ""
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr ""
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr ""
+
+# Er dette entallsformen av denne strengen?
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"nøkkel %s ble opprettet %lu sekund i fremtiden (time warp eller "
+"klokkeproblem)\n"
+
+# Er dette flertallsformen av denne og den forrige strengen?
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"nøkkel %s ble opprettet %lu sekunder i fremtiden (time warp eller "
+"klokkeproblem)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "NOTIS: signaturnøkkelen %s utgikk %s\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "NOTIS: signaturnøkkelen %s utgikk %s\n"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "nøkkel %s: ingen undernøkkel for undernøkkelopphevingssignatur\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "nøkkel %s: ingen undernøkkel for undernøkkelbindingssignatur\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr ""
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s-signatur fra: «%s»\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"ADVARSEL: påtvinging av kompresjonsalgoritme %s (%d) bryter med mottakerens "
+"preferanser\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr ""
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr ""
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "hoppet over «%s»: er duplikat\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "hoppet over «%s»: %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr ""
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr ""
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "feil med «%s»: %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "for lang linje"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "ugyldig fingeravtrykk"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "verdi for eiertillit mangler"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "feil ved søking etter tillitspost i «%s»: %s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "lesefeil ved «%s»: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr ""
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr ""
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "kan ikke aksere «%s»: %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr ""
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "kan ikke opprette lås for «%s»\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "kan ikke låse «%s»\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr ""
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr ""
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr ""
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr ""
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr ""
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr ""
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr ""
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr ""
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1512
+msgid "Error: The trustdb is corrupted.\n"
+msgstr ""
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr ""
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr ""
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr ""
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "nøkkel %s: godtatt som betrodd nøkkel\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr ""
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "nøkkel %s: ingen offentlig nøkkel for betrodd nøkkel - hoppet over\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "nøkkel %s markert som endelig betrodd.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr ""
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr ""
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr "[ opphevet]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr "[ utgått]"
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr "[ ukjent]"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr "[ udef ]"
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr ""
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr ""
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr ""
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "fant ikke offentlig nøkkel %s: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr ""
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr ""
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr ""
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr ""
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr ""
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr ""
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr ""
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "kan ikke åpne «%s»: %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "Admin-kommandoer er ikke tillatt\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "feil ved lesing av fil"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "for lang linje"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "ugydig argument"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "Admin-reservert kommando\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "ugyldige listevalg\n"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "ikke tvunget"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "ugyldige listevalg\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "Ugyldig kommando (prøv «help»)\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "ikke tvunget"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "ugyldige listevalg\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "du fant en feil ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "feil ved lesing av «%s»: %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "signering mislyktes: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "omdøping fra «%s» til «%s» mislyktes: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "kan ikke opprette katalogen «%s»: %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "feil ved skriving av nøkkelknippet «%s»: %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "venter på låsing av «%s» ...\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "fant ikke offentlig nøkkel %s: %s\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "venter på låsing av «%s» ...\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Bruksmåte: gpg [valg] [filer] (-h for hjelp)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "RSA-modulus mangler eller har ikke en størrelse på %d bits\n"
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "offentlig RSA-eksponent mangler eller er større enn %d bits\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN-callback returnerte en feil: %s\n"
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "||Vennligst tast inn PIN%%0A[signaturer utført: %lu]"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "||Vennligst tast inn PIN%%0A[signaturer utført: %lu]"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "||Vennligst tast inn PIN%%0A[signaturer utført: %lu]"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "||Vennligst tast inn PIN%%0A[signaturer utført: %lu]"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "feil ved henting av ny PIN: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "klarte ikke å lagre fingeravtrykket: %s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "klarte ikke å lagre opprettelsesdatoen: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "lesing av offentlig nøkkel mislyktes: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "respons inneholder ikke data om offentlig nøkkel\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "respons inneholder ikke RSA-modulus\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "respons inneholder ikke den offentlige RSA-eksponenten\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||Vennligst tast inn PIN%%0A[signaturer utført: %lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "||Vennligst tast inn PIN%%0A[signaturer utført: %lu]"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "PIN for CHV%d er for kort; minum lengde er %d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "bekreftelse av CHV%d mislyktes: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "feil ved henting av CHV-status fra kort\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "kort er permanent låst!\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr "%d Admin PIN-forsøk før kortet blir låst permanent\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "||Vennligst tast inn PIN%%0A[signaturer utført: %lu]"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "||Vennligst tast inn PIN%%0A[signaturer utført: %lu]"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "tilgang til admin-kommandoer er ikke konfigurert\n"
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "||Vennligst tast inn PIN%%0A[signaturer utført: %lu]"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, fuzzy, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "PIN for CHV%d er for kort; minum lengde er %d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr "|AN|Ny Admin PIN"
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr "|N|Ny PIN"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "feil ved lesing av applikasjonsdata\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "feil ved lesing av fingeravtrykk DO\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "nøkkel finnes allerede\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "eksisterende nøkkel vil bli erstattet\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "generere en ny nøkkel\n"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "generere en ny nøkkel\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr "tidsstempel for opprettelse mangler\n"
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr "RSA-primtall %s mangler eller har ikke en størrelse på %d bits\n"
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "klarte ikke å lagre nøkkelen: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "vennligst vent mens nøkkel blir generert ...\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "nøkkelgenerering mislyktes\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "nøkkelgenerering fullført (%d sekunder)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "ugyldig struktur i OpenPGP-kort (DO 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "kortet støtter ikke digestalgoritme %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "signaturer opprettet så langt: %lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr "bekrefting av Admin PIN er foreløpig nektet gjennom denne kommandoen\n"
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "kan ikke aksere %s - ugyldig OpenPGP-kort?\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+#, fuzzy
+msgid "|N|Initial New PIN"
+msgstr "|N|Ny PIN"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "leser valg fra «%s»\n"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr ""
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr ""
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr ""
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "vise admin-kommandoer"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Bruksmåte: gpg [valg] [filer] (-h for hjelp)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "hoppet over ugyldig radix64-tegn %02x\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:297
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+msgid "shell"
+msgstr ""
+
+#: sm/certchain.c:258
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr ""
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "Kan ikke åpne «%s»: %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "eksportering av hemmelige nøkler er ikke tillatt\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "feil ved opprettelse av passfrase: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "lesing av offentlig nøkkel mislyktes: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "klarte ikke å lagre nøkkelen: %s\n"
+
+#: sm/certchain.c:925
+msgid "certificate has been revoked"
+msgstr ""
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "sleting av nøkkelblokk mislyktes: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr ""
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "eksportering av hemmelige nøkler er ikke tillatt\n"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "Denne nøkkelen er utgått!"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "Denne nøkkelen er utgått!"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "Denne nøkkelen er utgått!"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "Denne nøkkelen er utgått!"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " oppryddete signaturer: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "preferansen %s er duplisert\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "ugyldig sertifikat"
+
+#: sm/certchain.c:1114
+#, fuzzy
+msgid " ( issuer valid from "
+msgstr " Serienummer for kort ="
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "CA-fingeravtrykk: "
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "generere et opphevingssertifikat"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "omdøping fra «%s» til «%s» mislyktes: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr ""
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "bekrefte en signatur"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "preferansen %s er duplisert\n"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "nøkkel %s: ugyldig opphevingssertifikat: %s - avvist\n"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr "ugyldig sertifikat"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "nei"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "Feil: ugyldig respons.\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "Feil: ugyldig respons.\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Du trenger en passfrase for å låse opp den hemmelige nøkkelen for brukeren:\n"
+"«%.*s»\n"
+"%u-bit %s nøkkel, ID %s, opprettet %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "feil ved henting av nåværende nøkkelinfo: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "ugyldig hashalgoritme «%s»\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Ikke en gyldig epostadresse\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "feil ved opprettelse av nøkkelknippet «%s»: %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "feil ved opprettelse av nøkkelknippet «%s»: %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "Nøkkelgenerering mislyktes: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (bare signering)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (2) Krypteringsnøkkel\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+msgid "Enter the keygrip: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+msgid "No key with this keygrip\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "feil ved lesing av «%s»: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "feil ved henting av ny PIN: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "utkoble en nøkkel"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) DSA (bare signering)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (bare signering)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (bare kryptering)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "ugyldig hashalgoritme «%s»\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "Epostadresse: "
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"Tast inn brukeriden. Avslutt med en blank linje: "
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "Tast inn nytt filnavn"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr ""
+"\n"
+"Tast inn brukeriden. Avslutt med en blank linje: "
+
+#: sm/certreqgen-ui.c:344
+#, fuzzy
+msgid "Enter URIs"
+msgstr "Tast inn PIN: "
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "hemmelig nøkkel «%s» ble ikke funnet: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "feil ved lesing av nøkkelblokk: %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "nøkkel %s: ugyldig opphevingssertifikat: %s - avvist\n"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "preferansen %s er duplisert\n"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "sleting av nøkkelblokk mislyktes: %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "ingen gyldige adressater\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "liste hemmelige nøkler"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "ugyldig sertifikat"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "ugyldig sertifikat"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "ugyldig sertifikat"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "lage ASCII-beskyttet output"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr ""
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "leser valg fra «%s»\n"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr ""
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr ""
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr ""
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "hent nøklene fra dette nøkkelknippet"
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr ""
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr ""
+
+#: sm/gpgsm.c:329
+#, fuzzy
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "ukjent kryptoalgoritme"
+
+#: sm/gpgsm.c:331
+#, fuzzy
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "%s signatur, digestalgoritme %s\n"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Bruksmåte: gpg [valg] [filer] (-h for hjelp)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Bruksmåte: gpg [valg] [filer]\n"
+"signere, sjekke, kryptere eller dekryptere\n"
+"standard operasjon avhenger av inputdata\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "bruksmåte: gpg [valg] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "kan ikke opprette «%s»: %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "ukjent valg «%s»\n"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr ""
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = hopp over denne nøkkelen\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "kunne ikke parse nøkkelserverens URL\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "kan ikke aksere «%s»: %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr "Totalt antall behandlet: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "generere et opphevingssertifikat"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "klarte ikke å lagre nøkkelen: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "feil ved henting av ny PIN: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "feil ved opprettelse av passfrase: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "feil ved lesing av «%s»: %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "feil ved opprettelse av nøkkelknippet «%s»: %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "nøkkelknippet «%s» ble opprettet\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "klarte ikke å lagre fingeravtrykket: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "feil ved søking etter tillitspost i «%s»: %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "feil ved henting av nåværende nøkkelinfo: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "feil ved lesing av «%s»: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "Feil: ugyldig formattert fingeravtrykk.\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr ""
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr ""
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "Signatur opprettet %s\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "feil ved henting av nåværende nøkkelinfo: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "God signatur fra «%s»"
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " aka «%s»"
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr "Dette vil være en selvsignatur.\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "avslutt"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "leser valg fra «%s»\n"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Bruksmåte: gpg [valg] [filer] (-h for hjelp)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "lesing av offentlig nøkkel mislyktes: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "for lang linje"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "ukjent valg «%s»\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "signering mislyktes: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "feil ved lesing av «%s»: %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "feil ved søking etter tillitspost i «%s»: %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+msgid "|N|expire the passphrase after N days"
+msgstr ""
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "feil ved opprettelse av passfrase: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr ""
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NAVN|kryptere for NAVN"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "kunne ikke parse nøkkelserverens URL\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "ukjent konfigurasjonspunkt «%s»\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "ukjent konfigurasjonspunkt «%s»\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "bruk som outputfil"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Bruksmåte: gpg [valg] [filer] (-h for hjelp)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "bruksmåte: gpg [valg] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "fant ikke offentlig nøkkel"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "Admin-kommandoer er ikke tillatt\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Kommandoer:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "dekryptering mislyktes: %s\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "kryptere data"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [filnavn]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Bruksmåte: gpg [valg] [filer] (-h for hjelp)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s er ikke tillatt sammen med %s!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "%s er ikke tillatt sammen med %s!\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "kan ikke opprette katalogen «%s»: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "feil ved skriving av nøkkelknippet «%s»: %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "feil ved lesing av «%s»: %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "feil med «%s»: %s\n"
+
+#: tools/symcryptrun.c:488
+#, fuzzy
+msgid "no --program option provided\n"
+msgstr "fjernutføring av programmer er ikke støttet\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "kan ikke opprette «%s»: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "kan ikke opprette «%s»: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "oppdatering mislyktes: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "sleting av nøkkelblokk mislyktes: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "oppdatering mislyktes: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "oppdatering mislyktes: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "oppdatering mislyktes: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "kan ikke opprette sikkerhetskopifil «%s»: %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "kan ikke opprette sikkerhetskopifil «%s»: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "ikke støttet"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Bruksmåte: gpg [valg] [filer] (-h for hjelp)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Kommando> "
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr "Vennligst rapporter feil til <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr "Vennligst rapporter feil til <gnupg-bugs@gnu.org>.\n"
+
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "DSA-nøkkelpar vil ha %u bits.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Gjenta passfrase\n"
+
+#, fuzzy
+#~ msgid "||Please enter your PIN at the reader's keypad%%0A[sigs done: %lu]"
+#~ msgstr "||Vennligst tast inn PIN%%0A[signaturer utført: %lu]"
+
+#~ msgid "|A|Admin PIN"
+#~ msgstr "|A|Admin PIN"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "leser valg fra «%s»\n"
+
+#~ msgid "generate PGP 2.x compatible messages"
+#~ msgstr "generere PGP 2.x-kompatible meldinger"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[fil]|lage en signatur"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[fil]|lage en klartekstsignatur"
+
+#, fuzzy
+#~ msgid "use the default key as default recipient"
+#~ msgstr "hoppet over: offentlig nøkkel allerede satt som standard mottaker\n"
+
+#, fuzzy
+#~ msgid "force v3 signatures"
+#~ msgstr "sjekke signaturer"
+
+#, fuzzy
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "Trenger den hemmelige nøkkelen for å gjøre dette.\n"
+
+#, fuzzy
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|NAVN|kryptere for NAVN"
+
+#, fuzzy
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "ukjent kompresjonsalgoritme"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "fjerne nøkler fra det offentlige nøkkelknippet"
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Når du signerer en brukerid på en nøkkel, bør du først bekrefte at\n"
+#~ "nøkkelen tilhører den personen som er angitt i brukeriden. Det er\n"
+#~ "nyttig for andre å vite hvor nøyaktig du bekreftet dette.\n"
+#~ "\n"
+#~ "\"0\" betyr at du forteller hvor nøye du bekreftet nøkkelen.\n"
+#~ "\n"
+#~ "\"1\" betyr at du tror at nøkkelen eies av den personen som påstår å eie\n"
+#~ " nøkkelen, men du kunne ikke eller bekreftet ikke nøkkelen i det hele\n"
+#~ " tatt. Dette er nyttig for en identitetskontroll hvor du signerer\n"
+#~ " nøkkelen til et pseudonym.\n"
+#~ "\n"
+#~ "\"2\" betyr at du gjorde en vanlig bekreftelse av nøkkelen. For "
+#~ "eksempel,\n"
+#~ " dette kunne bety at du bekreftet nøkkelens fingeravtrykk og sjekket\n"
+#~ " brukeriden mot et fotografisk id.\n"
+#~ "\n"
+#~ "\"3\" betyr at du gjorde en utfyllende bekreftelse av nøkkelen. For\n"
+#~ " eksempel, dette kunne bety at du og eieren av nøkkelen bekreftet\n"
+#~ " personlig nøkkelens fingeravtrykk og at du sjekket ved hjelp av et\n"
+#~ " dokument med fotografi som er vanskelig å forfalske at navnet på\n"
+#~ " nøkkeleieren stemmer med navnet i brukeriden til nøkkelen og til "
+#~ "slutt\n"
+#~ " at du bekreftet at epostadressen i nøkkelen tilhører nøkkelens eier.\n"
+#~ "\n"
+#~ "Vær obs på at eksemplene gitt over for nivåene 2 og 3 *bare* er\n"
+#~ "eksempler. Alt i alt er det opp til deg å bestemme hva «vanlig» og\n"
+#~ "«utfyllende» betyr når du signerer andres nøkler.\n"
+#~ "\n"
+#~ "Svar «0» dersom du ikke vet hva det riktige svaret er."
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr "vennligst se http://www.gnupg.org/faq.html for mere informasjon\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Vennligst velg hvilken type nøkkel du vil generere:\n"
+
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr ""
+#~ "cipherutvidelse «%s» ble ikke lastet på grunn av utrygge rettigheter\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA krever bruk av en 160-bit hashalgoritme\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "kan ikke spørre om passfrase i batchmodus\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Tast inn passfrase: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Gjenta passfrase: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [brukerid] [nøkkelknippe]"
+
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "kan ikke generere et primtall med pbits=%u qbits=%u\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "kan ikke generere et primtall med mindre enn %d bit\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "ingen entropy-innsamlingsmodul ble oppdaget\n"
+
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "kan ikke låse «%s»: %s\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "kan ikke stat() «%s»: %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "«%s» er ikke en vanlig fil - ignorert\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "merk: random_seed-fila er tom\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr "ADVARSEL: ugyldig størrelse på random_seed-fila - ikke brukt\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "kan ikke lese «%s»: %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "merk: random_seed-fila ble ikke oppdatert\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "kan ikke skrive «%s»: %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "kan ikke lukke «%s»: %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "ADVARSEL: bruke usikker tilfeldig-tall-generator!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Denne tilfeldig-tall-generatoren er bare en omvei for å få programmet\n"
+#~ "til å kjøre - den er på ingen måte en sterk RNG!\n"
+#~ "\n"
+#~ "IKKE BRUK NOE DATA GENERERT AV DETTE PROGRAMMET!!\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Vennligst vent, entropy blir innsamlet. Gjør noe arbeid dersom det\n"
+#~ "hindrer deg fra å kjede deg, fordi arbeidet vil forbedre kvaliteten på\n"
+#~ "entropyen.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Ikke nok tilfeldige byter tilgjengelig. Vennligst gjør noe annet\n"
+#~ "arbeid for å gi operativsystemet en sjanse til å samle mer entropy!\n"
+#~ "(Trenger %d flere byter)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "hemmelig nøkkel er ikke tilgjengelig"
+
+#~ msgid "Please insert the card and hit return or enter 'c' to cancel: "
+#~ msgstr ""
+#~ "Vennligst sett inn kortet og trykk på enter eller tast inn «c» for å "
+#~ "avbryte: "
+
+#~ msgid "Hit return when ready or enter 'c' to cancel: "
+#~ msgstr "Trykk på enter når du er klar eller tast «c» for å avbryte: "
+
+#~ msgid "Enter New Admin PIN: "
+#~ msgstr "Tast inn ny Admin-PIN: "
+
+#~ msgid "Enter New PIN: "
+#~ msgstr "Tast inn ny PIN: "
+
+#~ msgid "Enter Admin PIN: "
+#~ msgstr "Tast inn Admin-PIN: "
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr " nye brukerider: %lu\n"
+
+#~ msgid "general error"
+#~ msgstr "generell feil"
+
+#~ msgid "unknown packet type"
+#~ msgstr "ukjent pakketype"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "ukjent pubkey-algoritme"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "ukjent digest-algoritme"
+
+#~ msgid "bad public key"
+#~ msgstr "ugyldig offentlig nøkkel"
+
+#~ msgid "bad secret key"
+#~ msgstr "ugyldig hemmelig nøkkel"
+
+#~ msgid "bad signature"
+#~ msgstr "ugyldig signatur"
+
+#~ msgid "checksum error"
+#~ msgstr "sjekksumfeil"
+
+#~ msgid "invalid packet"
+#~ msgstr "ugyldig pakke"
+
+#~ msgid "invalid armor"
+#~ msgstr "ugyldig beskyttelse"
+
+#~ msgid "no such user id"
+#~ msgstr "det finnes ingen slik brukerid"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "feil hemmelig nøkkel ble brukt"
+
+#~ msgid "bad key"
+#~ msgstr "ugyldig nøkkel"
+
+#~ msgid "file write error"
+#~ msgstr "feil ved skriving av fil"
+
+#~ msgid "file open error"
+#~ msgstr "feil ved åpning av fil"
+
+#~ msgid "file create error"
+#~ msgstr "feil ved opprettelse av fil"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "ugyldig passfrase"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "uimplementert pubkey-algoritme"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "uimplementert kryptoalgoritme"
+
+#~ msgid "unknown signature class"
+#~ msgstr "ukjent signaturklasse"
+
+#~ msgid "trust database error"
+#~ msgstr "feil med tillitsdatabasen"
+
+#~ msgid "resource limit"
+#~ msgstr "ressursgrense"
+
+#~ msgid "invalid keyring"
+#~ msgstr "ugyldig nøkkelknippe"
+
+#~ msgid "malformed user id"
+#~ msgstr "vansired brukerid"
+
+#~ msgid "file close error"
+#~ msgstr "feil ved lukking av fil"
+
+#~ msgid "file rename error"
+#~ msgstr "feil ved omdøping av fil"
+
+#~ msgid "file delete error"
+#~ msgstr "feil ved sletting av fil"
+
+#~ msgid "unexpected data"
+#~ msgstr "uforventet data"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "konflikt mellom tidsstempler"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "ubrukelig pubkey algoritme"
+
+#~ msgid "file exists"
+#~ msgstr "fila finnes fra før av"
+
+#~ msgid "weak key"
+#~ msgstr "svak nøkkel"
+
+#~ msgid "bad URI"
+#~ msgstr "ugyldig URI"
+
+#~ msgid "unsupported URI"
+#~ msgstr "ustøttet URI"
+
+#~ msgid "network error"
+#~ msgstr "nettverksfeil"
+
+#~ msgid "not processed"
+#~ msgstr "ikke behandlet"
+
+#~ msgid "unusable public key"
+#~ msgstr "ubrukelig offentlig nøkkel"
+
+#~ msgid "unusable secret key"
+#~ msgstr "ubrukelig hemmelig nøkkel"
+
+#~ msgid "keyserver error"
+#~ msgstr "feil med nøkkelserver"
+
+#~ msgid "no data"
+#~ msgstr "ingen data"
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... dette er en feil (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "ADVARSEL: bruker usikkert minne!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "operasjonen er ikke mulig uten initialisert sikkert minne\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(du kan ha brukt feil program for denne oppgaven)\n"
diff --git a/po/pl.gmo b/po/pl.gmo
new file mode 100644
index 0000000..46f395d
--- /dev/null
+++ b/po/pl.gmo
Binary files differ
diff --git a/po/pl.po b/po/pl.po
new file mode 100644
index 0000000..4e95250
--- /dev/null
+++ b/po/pl.po
@@ -0,0 +1,8479 @@
+# Gnu Privacy Guard.
+# Copyright (C) 1998, 1999, 2000, 2001, 2002,
+# 2007 Free Software Foundation, Inc.
+# Janusz A. Urbanowicz <alex@bofh.net.pl>, 1999, 2000, 2001, 2002, 2003-2004
+# Jakub Bogusz <qboosh@pld-linux.org>, 2003-2011.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg-2.0.17\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2011-01-12 08:34+0100\n"
+"Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n"
+"Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-2\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
+"|| n%100>=20) ? 1 : 2);\n"
+
+#: agent/call-pinentry.c:244
+#, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "nie uda³o siê uzyskaæ blokady pinentry: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr "|pinentry-label|_OK"
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr "|pinentry-label|_Anuluj"
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr "|pinentry-label|PIN:"
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr "Jako¶æ:"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+"Jako¶æ wpisanego wy¿ej tekstu.\n"
+"Kryteria jako¶ci mo¿na uzyskaæ od administratora."
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr "Proszê wprowadziæ swój PIN, ¿eby odblokowaæ klucz tajny dla tej sesji"
+
+#: agent/call-pinentry.c:719
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+"Proszê wprowadziæ swoje has³o, ¿eby odblokowaæ klucz tajny dla tej sesji"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr "SETERROR %s (próba %d z %d)"
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+msgid "PIN too long"
+msgstr "PIN zbyt d³ugi"
+
+#: agent/call-pinentry.c:800
+msgid "Passphrase too long"
+msgstr "Has³o zbyt d³ugie"
+
+#: agent/call-pinentry.c:808
+msgid "Invalid characters in PIN"
+msgstr "Niew³a¶ciwy znak w PIN-ie"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr "PIN zbyt krótki"
+
+#: agent/call-pinentry.c:825
+msgid "Bad PIN"
+msgstr "Niepoprawny PIN"
+
+#: agent/call-pinentry.c:826
+msgid "Bad Passphrase"
+msgstr "Niepoprawne has³o"
+
+#: agent/call-pinentry.c:863
+msgid "Passphrase"
+msgstr "Has³o"
+
+#: agent/command-ssh.c:531
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "klucze ssh wiêksze ni¿ %d bitów nie s± obs³ugiwane\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "nie mo¿na utworzyæ ,,%s'': %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "nie mo¿na otworzyæ ,,%s'': %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "b³±d pobierania numeru seryjnego karty: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr "wykryto kartê o numerze seryjnym: %s\n"
+
+#: agent/command-ssh.c:1717
+#, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "b³±d pobierania domy¶lnego keyID uwierzytelnienia karty: %s\n"
+
+#: agent/command-ssh.c:1737
+#, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "nie znaleziono pasuj±cego klucza karty: %s\n"
+
+#: agent/command-ssh.c:1787
+#, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "zaciemnienie klucza nie powiod³o siê: %s\n"
+
+#: agent/command-ssh.c:1802
+#, c-format
+msgid "error writing key: %s\n"
+msgstr "b³±d zapisu klucza: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Proszê wprowadziæ has³o dla klucza ssh%0A %c"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+msgid "Please re-enter this passphrase"
+msgstr "Proszê ponownie wprowadziæ to has³o"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"Proszê wprowadziæ has³o do zabezpieczenia odebranego klucza tajnego%%0A %s%"
+"%0A w miejscu przechowywania kluczy gpg-agenta"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr "nie pasuj± - proszê spróbowaæ jeszcze raz"
+
+#: agent/command-ssh.c:3054
+#, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "nie uda³o siê utworzyæ strumienia z gniazda: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr "Proszê w³o¿yæ kartê z numerem seryjnym"
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr "Proszê wyj±æ obecn± kartê i w³o¿yæ kartê z numerem seryjnym"
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr "PIN administracyjny"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr "PUK"
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr "Kod resetuj±cy"
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr "%s%%0A%%0ADo wpisywania nale¿y u¿yæ klawiatury czytnika."
+
+#: agent/divert-scd.c:287
+msgid "Repeat this Reset Code"
+msgstr "Powtórz ten kod resetuj±cy"
+
+#: agent/divert-scd.c:289
+msgid "Repeat this PUK"
+msgstr "Powtórz ten PUK"
+
+#: agent/divert-scd.c:290
+msgid "Repeat this PIN"
+msgstr "Powtórz ten PIN"
+
+#: agent/divert-scd.c:295
+msgid "Reset Code not correctly repeated; try again"
+msgstr "Kod resetuj±cy nie powtórzony poprawnie; spróbuj jeszcze raz"
+
+#: agent/divert-scd.c:297
+msgid "PUK not correctly repeated; try again"
+msgstr "PUK nie powtórzony poprawnie; spróbuj jeszcze raz"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "PIN nie powtórzony poprawnie; spróbuj jeszcze raz"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "Proszê wprowadziæ PIN%s%s%s aby odblokowaæ kartê"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "b³±d tworzenia pliku tymczasowego: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "b³±d zapisu do pliku tymczasowego: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+msgid "Enter new passphrase"
+msgstr "Wprowad¼ nowe has³o"
+
+#: agent/genkey.c:167
+msgid "Take this one anyway"
+msgstr "Przyjmij je mimo to"
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+"Uwaga: Wprowadzono has³o, które nie jest bezpieczne.%%0AHas³o powinno mieæ "
+"przynajmniej %u znak d³ugo¶ci."
+msgstr[1] ""
+"Uwaga: Wprowadzono has³o, które nie jest bezpieczne.%%0AHas³o powinno mieæ "
+"przynajmniej %u znaki d³ugo¶ci."
+msgstr[2] ""
+"Uwaga: Wprowadzono has³o, które nie jest bezpieczne.%%0AHas³o powinno mieæ "
+"przynajmniej %u znaków d³ugo¶ci."
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+"Uwaga: Wprowadzono has³o, które nie jest bezpieczne.%%0AHas³o powinno mieæ "
+"przynajmniej %u cyfrê lub%%0Aznak specjalny."
+msgstr[1] ""
+"Uwaga: Wprowadzono has³o, które nie jest bezpieczne.%%0AHas³o powinno mieæ "
+"przynajmniej %u cyfry lub%%0Aznaki specjalne."
+msgstr[2] ""
+"Uwaga: Wprowadzono has³o, które nie jest bezpieczne.%%0AHas³o powinno mieæ "
+"przynajmniej %u cyfr lub%%0Aznaków specjalnych."
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+"Uwaga: Wprowadzono has³o, które nie jest bezpieczne.%%0AHas³o nie mo¿e byæ "
+"znanym s³owem ani pasowaæ%%0Ado okre¶lonego wzorca."
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr "Nie wprowadzono has³a!%0APuste has³o nie jest dozwolone."
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+"Nie wprowadzono has³a - to jest ogólnie z³y pomys³!%0AProszê potwierdziæ, ¿e "
+"naprawdê ma nie byæ ¿adnej ochrony tego klucza."
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr "Tak, ochrona nie jest potrzebna"
+
+#: agent/genkey.c:308
+#, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr "Proszê wprowadziæ has³o do%0Azabezpieczenia swojego nowego klucza"
+
+#: agent/genkey.c:431
+msgid "Please enter the new passphrase"
+msgstr "Proszê wprowadziæ nowe has³o"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@Opcje:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr "uruchomienie w trybie serwera (pierwszoplanowo)"
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr "uruchomienie w trybie demona (w tle)"
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "z dodatkowymi informacjami"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "mniej komunikatów"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr "wyj¶cie poleceñ w stylu sh"
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr "wyj¶cie poleceñ w stylu csh"
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+msgid "|FILE|read options from FILE"
+msgstr "|PLIK|odczyt opcji z PLIKU"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr "nie odczepianie od konsoli"
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr "nie przechwytywanie klawiatury i myszy"
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+msgid "use a log file for the server"
+msgstr "u¿ycie pliku loga dla serwera"
+
+#: agent/gpg-agent.c:138
+msgid "use a standard location for the socket"
+msgstr "u¿ycie standardowego po³o¿enia gniazda"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr "|PGM|u¿ycie PGM jako programu do wprowadzania PIN-u"
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr "|PGM|u¿ycie PGM jako programu SCdaemon"
+
+#: agent/gpg-agent.c:145
+msgid "do not use the SCdaemon"
+msgstr "nie u¿ywanie SCdaemona"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr "ignorowanie ¿±dañ zmiany TTY"
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr "ignorowanie ¿±dañ zmiany ekranu X"
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr "|N|przedawnienie pamiêtanych PIN-ów po N sekundach"
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr "nie u¿ywanie pamiêci PIN-ów przy podpisywaniu"
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr "zezwolenie klientom na oznaczanie kluczy jako \"zaufanych\""
+
+#: agent/gpg-agent.c:179
+msgid "allow presetting passphrase"
+msgstr "zezwolenie na predefiniowane has³o"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr "w³±czenie emulacji ssh-agenta"
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr "|PLIK|zapis ustawieñ ¶rodowiska tak¿e do PLIKU"
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "B³êdy prosimy zg³aszaæ na adres <@EMAIL@>.\n"
+
+#: agent/gpg-agent.c:342
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Wywo³anie: gpg-agent [opcje] (-h podaje pomoc)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+"Sk³adnia: gpg-agent [opcje] [polecenie [argumenty]]\n"
+"Zarz±dzanie kluczem tajnym dla GnuPG\n"
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr "podano b³êdny poziom diagnostyki ,,%s''\n"
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr "biblioteka %s jest zbyt stara (potrzebna %s, zainstalowana %s)\n"
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "UWAGA: brak domy¶lnego pliku opcji ,,%s''\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "plik opcji ,,%s'': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "odczyt opcji z ,,%s''\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "b³±d tworzenia ,,%s'': %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "nie mo¿na utworzyæ katalogu ,,%s'': %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr "nazwa gniazda zbyt d³uga\n"
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, c-format
+msgid "can't create socket: %s\n"
+msgstr "nie mo¿na utworzyæ gniazda: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "nazwa gniazda `%s' zbyt d³uga\n"
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "gpg-agent ju¿ dzia³a - nie uruchamianie nowego\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+msgid "error getting nonce for the socket\n"
+msgstr "b³±d podczas pobierania nonce z gniazda\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "b³±d podczas przypisywania gniazda do ,,%s'': %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, c-format
+msgid "listen() failed: %s\n"
+msgstr "listen() nie powiod³o siê: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, c-format
+msgid "listening on socket `%s'\n"
+msgstr "nas³uchiwanie na gnie¼dzie ,,%s''\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "katalog ,,%s'' utworzony\n"
+
+#: agent/gpg-agent.c:1640
+#, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "stat() nie powiod³o siê dla ,,%s'': %s\n"
+
+#: agent/gpg-agent.c:1644
+#, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "nie mo¿na u¿yæ ,,%s'' jako katalogu domowego\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "b³±d odczytu nonce z fd %d: %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr "obs³uga 0x%lx dla fd %d uruchomiona\n"
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr "obs³uga 0x%lx dla fd %d zakoñczona\n"
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr "obs³uga ssh 0x%lx dla fd %d uruchomiona\n"
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr "obs³uga ssh 0x%lx dla fd %d zakoñczona\n"
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "pth_select nie powiod³o siê: %s - czekanie 1s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, c-format
+msgid "%s %s stopped\n"
+msgstr "%s %s zatrzymany\n"
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr "brak dzia³aj±cego gpg-agenta w tej sesji\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "z³y format zmiennej ¶rodowiskowej GPG_AGENT_INFO\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "wersja %d protoko³u agenta nie jest obs³ugiwana\n"
+
+#: agent/preset-passphrase.c:98
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr ""
+"Wywo³anie: gpg-preset-passphrase [opcje] UCHWYT_KLUCZA (-h podaje pomoc)\n"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+"Sk³adnia: gpg-preset-passphrase [opcje] UCHWYT_KLUCZA\n"
+"Utrzymuwanie pamiêci hase³\n"
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Polecenia:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opcje:\n"
+" "
+
+#: agent/protect-tool.c:166
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Wywo³anie: gpg-protect-tool [opcje] (-h podaje pomoc)\n"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+"Sk³adnia: gpg-protect-tool [opcje] [argumenty]\n"
+"Narzêdzie do utrzymywania kluczy tajnych\n"
+
+#: agent/protect-tool.c:1162
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Proszê wprowadziæ has³o do odbezpieczenia obiektu PKCS#12."
+
+#: agent/protect-tool.c:1167
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Proszê wprowadziæ has³o do zabezpieczenia obiektu PKCS#12."
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+"Proszê wprowadziæ has³o do zabezpieczenia wa¿nego obiektu w systemie GnuPG."
+
+#: agent/protect-tool.c:1178
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+"Proszê wprowadziæ has³o lub PIN\n"
+"Potrzebny do zakoñczenia tej operacji."
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+msgid "Passphrase:"
+msgstr "Has³o:"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+msgid "cancelled\n"
+msgstr "anulowano\n"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "b³±d podczas pytania o has³o: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, c-format
+msgid "error opening `%s': %s\n"
+msgstr "b³±d podczas otwierania ,,%s'': %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "plik ,,%s'', linia %d: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr "instrukcja \"%s\" zignorowana w ,,%s'', w linii %d\n"
+
+#: agent/trustlist.c:185
+#, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "systemowa lista zaufania ,,%s'' niedostêpna\n"
+
+#: agent/trustlist.c:229
+#, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "b³êdny odcisk w ,,%s'', w linii %d\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr "nieprawid³owa flaga klucza w ,,%s'', w linii %d\n"
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "b³±d odczytu ,,%s'', w linii %d: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr "b³±d odczytu listy zaufanych certyfikatów g³ównych\n"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+"Czy absolutnie ufasz, ¿e%%0A ,,%s''%%0Apoprawnie po¶wiadcza certyfikaty "
+"u¿ytkowników?"
+
+#: agent/trustlist.c:620 common/audit.c:467
+msgid "Yes"
+msgstr "Tak"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr "Nie"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+"Proszê sprawdziæ, ¿e certyfikat zidentyfikowany jako:%%0a ,,%s''%%0Ama "
+"odcisk:%%0A %s"
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr "Akceptuj"
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr "Odrzuæ"
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr "Uwaga: To has³o nie by³o nigdy zmieniane.%0AProszê zmieniæ je teraz."
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+"To has³o nie zosta³o zmienione%%0Aod %.4s-%.2s-%.2s. Proszê zmieniæ je teraz."
+
+#: agent/findkey.c:187 agent/findkey.c:194
+msgid "Change passphrase"
+msgstr "Zmiana has³a"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr "Zmieniê je pó¼niej"
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "b³±d tworzenia potoku: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "nie mo¿na wykonaæ fdopen do odczytu na potoku: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, c-format
+msgid "error forking process: %s\n"
+msgstr "b³±d podczas tworzenia procesu: %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr "oczekiwanie na zakoñczenie procesu %d nie powiod³o siê: %s\n"
+
+#: common/exechelp.c:819
+#, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "b³±d odczytu kodu zakoñczenia procesu %d: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "b³±d uruchamiania ,,%s'': kod wyj¶cia %d\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr "b³±d uruchamiania ,,%s'': prawdopodobnie nie zainstalowany\n"
+
+#: common/exechelp.c:885
+#, c-format
+msgid "error running `%s': terminated\n"
+msgstr "b³±d uruchamiania ,,%s'': zakoñczono\n"
+
+#: common/http.c:1674
+#, c-format
+msgid "error creating socket: %s\n"
+msgstr "b³±d tworzenia gniazda: %s\n"
+
+#: common/http.c:1718
+msgid "host not found"
+msgstr "nie znaleziono hosta"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent nie jest dostêpny w tej sesji\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "nie mo¿na siê po³±czyæ z ,,%s'': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "problem z komunikacj± z gpg-agentem\n"
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr "problem z ustawieniem opcji gpg-agenta\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+msgid "canceled by user\n"
+msgstr "anulowano przez u¿ytkownika\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr "problem z agentem\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "nie mo¿na wy³±czyæ zrzutów pamiêci: %s\n"
+
+#: common/sysutils.c:200
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "Ostrze¿enie: niebezpieczne prawa w³asno¶ci do %s ,,%s''\n"
+
+#: common/sysutils.c:232
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "Ostrze¿enie: niebezpieczne prawa dostêpu do %s ,,%s''\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "tak"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "tT"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "nie"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "wyj¶cie"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "wW"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr "ok|ok"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr "anuluj|anuluj"
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr "oO"
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr "aA"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr "brak miejsca w bezpiecznej pamiêci podczas przydzielania %lu bajtów"
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr "brak miejsca podczas przydzielania %lu bajtów"
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr "gpg-agent nie dzia³a - uruchamianie\n"
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr "oczekiwanie (%d s) na uruchomienie agenta\n"
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr "nie mo¿na po³±czyæ siê z agentem - próba fallbacku\n"
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr "|audit-log-result|Dobry"
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr "|audit-log-result|Z³y"
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr "|audit-log-result|Nieobs³ugiwany"
+
+#: common/audit.c:481
+msgid "|audit-log-result|No certificate"
+msgstr "|audit-log-result|Brak certyfikatu"
+
+#: common/audit.c:483
+msgid "|audit-log-result|Not enabled"
+msgstr "|audit-log-result|Nie w³±czony"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr "|audit-log-result|B³±d"
+
+#: common/audit.c:487
+msgid "|audit-log-result|Not used"
+msgstr "|audit-log-result|Nie u¿ywany"
+
+#: common/audit.c:489
+msgid "|audit-log-result|Okay"
+msgstr "|audit-log-result|OK"
+
+#: common/audit.c:491
+msgid "|audit-log-result|Skipped"
+msgstr "|audit-log-result|Pominiêto"
+
+#: common/audit.c:493
+msgid "|audit-log-result|Some"
+msgstr "|audit-log-result|Czê¶ciowo"
+
+#: common/audit.c:726
+msgid "Certificate chain available"
+msgstr "£añcuch certyfikatów dostêpny"
+
+#: common/audit.c:733
+msgid "root certificate missing"
+msgstr "brak certyfikatu g³ównego"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr "Szyfrowanie danych zakoñczone"
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+msgid "Data available"
+msgstr "Dane dostêpne"
+
+#: common/audit.c:767
+msgid "Session key created"
+msgstr "Klucz sesji utworzony"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, c-format
+msgid "algorithm: %s"
+msgstr "algorytm: %s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, c-format
+msgid "unsupported algorithm: %s"
+msgstr "nieobs³ugiwany algorytm: %s"
+
+#: common/audit.c:778 common/audit.c:925
+msgid "seems to be not encrypted"
+msgstr "nie wygl±da na zaszyfrowan± wiadomo¶æ"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr "Liczba odbiorców"
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr "Odbiorca %d"
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr "Podpisywanie danych zakoñczone"
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, c-format
+msgid "data hash algorithm: %s"
+msgstr "algorytm skrótu danych: %s"
+
+#: common/audit.c:862
+#, c-format
+msgid "Signer %d"
+msgstr "Podpisuj±cy %d"
+
+#: common/audit.c:866 common/audit.c:1065
+#, c-format
+msgid "attr hash algorithm: %s"
+msgstr "algorytm skrótu atrybutów: %s"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr "Odszyfrowywanie danych zakoñczone"
+
+#: common/audit.c:910
+msgid "Encryption algorithm supported"
+msgstr "Algorytm szyfrowania obs³ugiwany"
+
+#: common/audit.c:993
+msgid "Data verification succeeded"
+msgstr "Weryfikacja danych zakoñczona"
+
+#: common/audit.c:1002
+msgid "Signature available"
+msgstr "Podpis dostêpny"
+
+#: common/audit.c:1024
+msgid "Parsing data succeeded"
+msgstr "Analiza danych zakoñczona"
+
+#: common/audit.c:1036
+#, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "niew³a¶ciwy algorytm skrótu danych: %s"
+
+#: common/audit.c:1051
+#, c-format
+msgid "Signature %d"
+msgstr "Podpis %d"
+
+#: common/audit.c:1079
+msgid "Certificate chain valid"
+msgstr "£añcuch certyfikatów poprawny"
+
+#: common/audit.c:1090
+msgid "Root certificate trustworthy"
+msgstr "Certyfikat g³ówny jest zaufany"
+
+#: common/audit.c:1111 sm/certchain.c:935
+msgid "no CRL found for certificate"
+msgstr "nie znaleziono CRL dla certyfikatu"
+
+#: common/audit.c:1114 sm/certchain.c:945
+msgid "the available CRL is too old"
+msgstr "dostêpny CRL jest zbyt stary"
+
+#: common/audit.c:1119
+msgid "CRL/OCSP check of certificates"
+msgstr "weryfikacja CRL/OCSP certyfikatów"
+
+#: common/audit.c:1139
+msgid "Included certificates"
+msgstr "Do³±czone certyfikaty"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr "Brak wpisów w logu."
+
+#: common/audit.c:1243
+msgid "Unknown operation"
+msgstr "Nieznana operacja"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr "Gpg-Agent sprawny"
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr "Dirmngr sprawny"
+
+#: common/audit.c:1307
+#, c-format
+msgid "No help available for `%s'."
+msgstr "Brak pomocy dla ,,%s''."
+
+#: common/helpfile.c:80
+msgid "ignoring garbage line"
+msgstr "zignorowano b³êdn± liniê"
+
+#: common/gettime.c:503
+msgid "[none]"
+msgstr "[brak]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "opakowanie: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "niepoprawny nag³ówek opakowania: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "nag³ówek opakowania: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "niew³a¶ciwy nag³ówek dokumentu z podpisem na koñcu\n"
+
+#: g10/armor.c:455
+msgid "unknown armor header: "
+msgstr "nieznany nag³ówek opakowania: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "zagnie¿d¿one podpisy na koñcu dokumentu\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "nieoczekiwane opakowanie: "
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "niepoprawne oznaczenie linii minusami: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "niew³a¶ciwy znak formatu radix64 ,,%02X'' zosta³ pominiêty\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "przedwczesny koniec pliku (brak CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "przedwczesny koniec pliku (w CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "b³±d formatu CRC\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "B³±d sumy CRC; %06lX - %06lX\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "przedwczesny koniec pliku (w linii koñcz±cej)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "b³±d w linii koñcz±cej\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "nie odnaleziono poprawnych danych w formacie OpenPGP.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "b³±d opakowania: linia d³u¿sza ni¿ %d znaków\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"znak kodowania quoted-printable w opakowaniu ASCII - prawdopodobnie\n"
+"przek³amanie wprowadzone przez serwer pocztowy\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"nazwa adnotacji musi zawieraæ tylko znaki drukowalne lub spacje i koñczyæ "
+"siê znakiem ,,=''\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "nazwa adnotacji u¿ytkownika musi zawieraæ znak ,,@''\n"
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "nazwa adnotacjinie mo¿e zawieraæ wiêcej ni¿ jednego znaku ,,@''\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "warto¶æ adnotacji nie mo¿e zawieraæ ¿adnych znaków steruj±cych\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "OSTRZE¯ENIE: napotkano b³êdne dane adnotacji\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "nieczytelne dla cz³owieka"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "Karta OpenPGP niedostêpna: %s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "Wykryto kartê OpenPGP nr %s\n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "nie dzia³a w trybie wsadowym\n"
+
+#: g10/card-util.c:106
+msgid "This command is only available for version 2 cards\n"
+msgstr "To polecenie jest dostêpne tylko dla kart w wersji 2\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+msgid "Reset Code not or not anymore available\n"
+msgstr "Kod resetuj±cy nie jest (ju¿ lub w ogóle) dostêpny\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Twój wybór? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[nie ustawiono]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "mê¿czyzna"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "kobieta"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "nie podano"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "nie wymuszono"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "wymuszono"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "B³±d: aktualnie dopuszczalne jest tylko czyste ASCII.\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "B³±d: znak ,,<'' nie mo¿e byæ u¿yty.\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "B³±d: podwójne spacje nie s± dopuszczalne.\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "Nazwisko posiadacza karty: "
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "Imiê posiadacza karty: "
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "B³±d: pe³ne personalia zbyt d³ugie (limit to %d znaków).\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "URL do odczytania klucza publicznego: "
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "B³±d: URL zbyt d³ugi (limit to %d znaków).\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "b³±d przydzielania wystarczaj±cej ilo¶ci pamiêci: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "b³±d odczytu ,,%s'': %s\n"
+
+#: g10/card-util.c:839
+#, c-format
+msgid "error writing `%s': %s\n"
+msgstr "b³±d zapisu ,,%s'': %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "Dane logowania (nazwa konta): "
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "B³±d: dane logowania zbyt d³ugie (limit to %d znaków).\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr "Prywatne dane DO: "
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "B³±d: prywatne DO zbyt d³ugie (limit to %d znaków).\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "Preferowane jêzyki: "
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "B³±d: niew³a¶ciwa d³ugo¶æ tekstu preferencji.\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "B³±d: niew³a¶ciwe znaki w tek¶cie preferencji.\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "P³eæ (M - mê¿czyzna, F - kobieta lub spacja): "
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "B³±d: niew³a¶ciwa odpowied¼.\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "Odcisk CA:"
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "B³±d: niew³a¶ciwie sformatowany odcisk.\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "operacja na kluczu niewykonalna: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "to nie jest karta OpenPGP"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "b³±d podczas odczytu aktualnych informacji o kluczu: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "Zast±piæ istniej±cy klucz? (t/N) "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+"UWAGA: Nie ma gwarancji, ¿e karta obs³uguje ¿±dany rozmiar.\n"
+" Je¶li tworzenie klucza nie powiedzie siê, proszê sprawdziæ\n"
+" dokumentacjê karty, aby poznaæ dozwolone rozmiary.\n"
+
+#: g10/card-util.c:1295
+#, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Jakiej d³ugo¶ci klucz do podpisywania wygenerowaæ? (%u) "
+
+#: g10/card-util.c:1297
+#, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Jakiej d³ugo¶ci klucz do szyfrowania wygenerowaæ? (%u) "
+
+#: g10/card-util.c:1298
+#, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Jakiej d³ugo¶ci klucz do uwierzytelniania wygenerowaæ? (%u) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "zaokr±glono do %u bitów\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "Rozmiary kluczy %s musz± byæ z przedzia³u %u-%u\n"
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr "Karta zostanie przekonfigurowana do tworzenia klucza %u-bitowego\n"
+
+#: g10/card-util.c:1342
+#, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "b³±d podczas zmiany rozmiaru klucza %d na %u bitów: %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "Stworzyæ poza kart± kopiê zapasow± klucza szyfruj±cego? (T/n) "
+
+#: g10/card-util.c:1378
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "UWAGA: klucze s± ju¿ zapisane na karcie!\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "Zast±piæ istniej±ce klucze? (t/N) "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"Fabryczne ustawienia PIN-ów to\n"
+" PIN = ,,%s'' PIN administracyjny = ,,%s''\n"
+"Nale¿y je zmieniæ przy u¿yciu polecenia --change-pin\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "Proszê wybraæ rodzaj klucza do wygenerowania:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) Klucz do podpisów\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) Klucz do szyfrowania\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) Klucz do uwierzytelniania\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Niew³a¶ciwy wybór.\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "Proszê wybraæ gdzie zapisaæ klucz:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "nieznany algorytm ochrony klucza\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "czê¶ci tajne klucza s± niedostêpne\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "klucz prywatny jest ju¿ zapisany na karcie\n"
+
+#: g10/card-util.c:1623
+#, c-format
+msgid "error writing key to card: %s\n"
+msgstr "b³±d zapisu klucza na karcie: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "wyj¶cie z tego menu"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "pokazanie poleceñ administratora"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "ten tekst pomocy"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "wypisanie wszystkich dostêpnych danych"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "zmiana nazwy posiadacza karty"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "zmiana URL-a do odczytu klucza"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "pobranie klucza okre¶lonego w URL-u karty"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "zmiana nazwy logowania"
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "zmiana preferowanych jêzyków"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "zmiana p³ci posiadacza karty"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "zmiana odcisku CA"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr "zmiana flagi wymuszenia PIN-u do podpisu"
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "wygenerowanie nowych kluczy"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "menu do zmiany lub odblokowania PIN-u"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr "sprawdzenie PIN-u i wypisanie wszystkich danych"
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr "odblokowanie PIN-u przy u¿yciu kodu resetuj±cego"
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr "gpg/karta> "
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "Polecenie tylko dla administratora\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "Polecenia dla administratora s± dozwolone\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "Polecenia dla administratora nie s± dozwolone\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Niepoprawne polecenie (spróbuj ,,help'')\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "opcja --output nie dzia³a z tym poleceniem\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "nie mo¿na otworzyæ ,,%s''\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "klucz ,,%s'' nie zosta³ odnaleziony: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "b³±d odczytu bloku kluczy: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(chyba, ¿e klucz zostaje wybrany przez podanie odcisku)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "bez opcji ,,--yes'' nie dzia³a w trybie wsadowym\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Usun±æ ten klucz ze zbioru? (t/N) "
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "To jest klucz tajny! - czy na pewno go usun±æ? (t/N) "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "usuniêcie bloku klucza nie powiod³o siê: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "informacja o zaufaniu dla w³a¶ciciela klucza zosta³a wymazana\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "dla klucza publicznego ,,%s'' istnieje klucz prywatny!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "aby go usun±æ nale¿y najpierw u¿yæ opcji \"--delete-secret-key\".\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "b³±d podczas tworzenia has³a: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr ""
+"ustawiony tryb S2K nie pozwala u¿yæ pakietu ESK dla szyfru symetrycznego\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "szyfrem %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr ",,%s'' ju¿ jest skompresowany\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "OSTRZE¯ENIE: plik ,,%s'' jest pusty\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"w trybie --pgp2 mo¿na szyfrowaæ dla kluczy RSA krótszych od 2048 bitów\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "odczyt z ,,%s''\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"nie mo¿na u¿yæ szyfru IDEA z wszystkimi kluczami dla których szyfrujesz.\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"OSTRZE¯ENIE: wymuszone u¿ycie szyfru %s (%d) k³óci siê z ustawieniami "
+"adresata\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"OSTRZE¯ENIE: wymuszone u¿ycie kompresji %s (%d) k³óci siê z ustawieniami "
+"adresata\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "wymuszone u¿ycie szyfru %s (%d) k³óci siê z ustawieniami adresata\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "%s nie jest dostêpne w trybie %s\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s zaszyfrowany dla: ,,%s''\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "dane zaszyfrowano za pomoc± %s\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "dane zaszyfrowano nieznanym algorytmem numer %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"OSTRZE¯ENIE: wiadomo¶æ by³a szyfrowana kluczem s³abym szyfru symetrycznego.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "problem podczas obróbki pakietu szyfrowego\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "odwo³ania do zewnêtrznych programów s± wy³±czone\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"nieszczelne uprawnienia ustawieñ - wo³anie zewnêtrznych programów wy³±czone\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"platforma wymaga u¿ycia plików tymczasowych do wo³ania zewnêtrznych "
+"programów\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "nie mo¿na uruchomiæ programu ,,%s'': %s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "nie mo¿na uruchomiæ pow³oki ,,%s'': %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "b³±d systemu podczas wo³ania programu zewnêtrznego: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "nienaturalne zakoñczenie pracy zewnêtrznego programu\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "nie mo¿na uruchomiæ zewnêtrznego programu\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "nie mo¿na odczytaæ odpowiedzi programu zewnêtrznego: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "OSTRZE¯ENIE: nie mo¿na skasowaæ pliku tymczasowego (%s) ,,%s'': %s.\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "OSTRZE¯ENIE: nie mo¿na skasowaæ tymczasowego katalogu ,,%s'': %s.\n"
+
+#: g10/export.c:61
+msgid "export signatures that are marked as local-only"
+msgstr "eksport podpisów oznaczonych jako tylko lokalne"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr "eksport atrybutów ID u¿ytkownika (ogólnie ID zdjêæ)"
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "eksport kluczy uniewa¿niaj±cych oznaczonych jako ,,poufne''"
+
+#: g10/export.c:67
+msgid "remove the passphrase from exported subkeys"
+msgstr "usuniêcie has³a z wyeksportowanych podkluczy"
+
+#: g10/export.c:69
+msgid "remove unusable parts from key during export"
+msgstr "usuniêcie bezu¿ytecznych czê¶ci z klucza przy eksporcie"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr "usuniêcie jak najwiêkszej czê¶ci klucza przy eksporcie"
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr "eksport kluczy w formacie opartym na S-wyra¿eniach"
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "eksport kluczy tajnych nie jest dozwolony\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "klucz %s: nie jest chroniony - pominiêty\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "klucz %s: klucz PGP 2.x - pominiêty\n"
+
+#: g10/export.c:386
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "klucz %s: zawarto¶æ klucza na karcie - pominiêto\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr "ma byæ wyeksportowany niezabezpieczony podklucz\n"
+
+#: g10/export.c:560
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "nie powiod³o siê odbezpieczanie podklucza: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "OSTRZE¯ENIE: klucz prywatny %s nie ma prostej sumy kontrolnej SK.\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "OSTRZE¯ENIE: nic nie zosta³o wyeksportowane!\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "zbyt wiele wpisów w buforze kluczy publicznych - wy³±czony\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[brak identyfikatora u¿ytkownika]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr "automatycznie pobrano `%s' poprzez %s\n"
+
+#: g10/getkey.c:1118
+#, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "b³±d odtwarzania ,,%s'' poprzez %s: %s\n"
+
+#: g10/getkey.c:1120
+msgid "No fingerprint"
+msgstr "Brak odcisku"
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"Opcja --allow-non-selfsigned-uid wymusi³a uznanie za poprawny klucza %s.\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "brak prywatnego odpowiednika podklucza publicznego %s - pominiêty\n"
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "u¿ywany jest podklucz %s zamiast klucza g³ównego %s\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "klucz %s: klucz tajny bez klucza jawnego - pominiêty\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+msgid "make a signature"
+msgstr "z³o¿enie podpisu"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+msgid "make a clear text signature"
+msgstr "z³o¿enie podpisu pod dokumentem"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "z³o¿enie podpisu oddzielonego od dokumentu"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "szyfrowanie danych"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "szyfrowanie tylko szyfrem symetrycznym"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "odszyfrowywanie danych (domy¶lne)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "sprawdzenie podpisu"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "lista kluczy"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "lista kluczy i podpisów"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "wypisanie i sprawdzenie podpisów kluczy"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "lista kluczy i ich odcisków"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "lista kluczy prywatnych"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "generacja nowej pary kluczy"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "tworzenie certyfikatu uniewa¿nienia klucza"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "usuniêcie klucza ze zbioru kluczy publicznych"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "usuniêcie klucza ze zbioru kluczy prywatnych"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "z³o¿enie podpisu na kluczu"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "z³o¿enie prywatnego podpisu na kluczu"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "podpisanie lub modyfikacja klucza"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+msgid "change a passphrase"
+msgstr "zmiana has³a"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "eksport kluczy do pliku"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "eksport kluczy do serwera kluczy"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "import kluczy z serwera kluczy"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "szukanie kluczy na serwerze"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "od¶wie¿enie wszystkich kluczy z serwera"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "import/do³±czenie kluczy"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "wy¶wietlenie stanu karty"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "zmiana danych na karcie"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "zmiana PIN-u karty"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "uaktualnienie bazy zaufania"
+
+#: g10/gpg.c:436
+msgid "print message digests"
+msgstr "wypisanie skrótów wiadomo¶ci"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr "uruchomienie w trybie serwera"
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "opakowanie ASCII pliku wynikowego"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|U¯YTKOWNIK|szyfrowanie dla odbiorcy o tym identyfikatorze"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr ""
+"|U¯YTKOWNIK|u¿ycie tego identyfikatora u¿ytkownika do podpisania lub "
+"odszyfrowania"
+
+#: g10/gpg.c:462
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|ustawienie poziomu kompresji N (0 - bez)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "kanoniczny format tekstowy"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+msgid "|FILE|write output to FILE"
+msgstr "|PLIK|zapis wyj¶cia do PLIKU"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "pozostawienie bez zmian"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "pytanie przed nadpisaniem plików"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "¶cis³e zachowanie OpenPGP"
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Pe³n± listê poleceñ i opcji mo¿na znale¼æ w podrêczniku systemowym.)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Przyk³ady:\n"
+"\n"
+" -se -r Bob [plik] podpisanie i zaszyfrowanie kluczem Boba\n"
+" --clearsign [plik] podpisanie z pozostawieniem czytelno¶ci "
+"dokumentu\n"
+" --detach-sign [plik] podpisanie z umieszczeniem podpisu w osobnym "
+"pliku\n"
+" --list-keys [nazwy] pokazanie klucze\n"
+" --fingerprint [nazwy] pokazanie odcisków kluczy\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Wywo³anie: gpg [opcje] [pliki] (-h podaje pomoc)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sk³adnia: gpg [opcje] [pliki]\n"
+"podpisywanie, sprawdzanie podpisów, szyfrowanie, deszyfrowanie\n"
+"domy¶lnie wykonywana operacja zale¿y od danych wej¶ciowych\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Obs³ugiwane algorytmy:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Asymetryczne: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Symetryczne: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Skrótów: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Kompresji: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "wywo³anie: gpg [opcje]"
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "sprzeczne polecenia\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "w definicji grupy ,,%s'' brak znaku ,,=''\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr ""
+"OSTRZE¯ENIE: niebezpieczne prawa w³asno¶ci do katalogu domowego ,,%s''\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr ""
+"OSTRZE¯ENIE: niebezpieczne prawa w³asno¶ci do pliku konfiguracyjnego ,,%s''\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "OSTRZE¯ENIE: niebezpieczne prawa w³asno¶ci do rozszerzenia ,,%s''\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "OSTRZE¯ENIE: niebezpieczne prawa dostêpu do katalogu domowego ,,%s''\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr ""
+"OSTRZE¯ENIE: niebezpieczne prawa dostêpu do pliku konfiguracyjnego ,,%s''\n"
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "OSTRZE¯ENIE: niebezpieczne prawa dostêpu do rozszerzenia ,,%s''\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr ""
+"OSTRZE¯ENIE: niebezpieczne prawa w³asno¶ci do katalogu zawieraj±cego katalog "
+"domowy ,,%s''\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+"OSTRZE¯ENIE: niebezpieczne prawa w³asno¶ci do katalogu zawieraj±cego plik "
+"konfiguracyjny ,,%s''\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+"OSTRZE¯ENIE: niebezpieczne prawa w³asno¶ci do katalogu zawieraj±cego "
+"rozszerzenie ,,%s''\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+"OSTRZE¯ENIE: niebezpieczne prawa dostêpu do katalogu zawieraj±cego katalog "
+"domowy ,,%s''\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+"OSTRZE¯ENIE: niebezpieczne prawa dostêpu do katalogu zawieraj±cego plik "
+"konfiguracyjny ,,%s''\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+"OSTRZE¯ENIE: niebezpieczne prawa dostêpu do katalogu zawieraj±cego "
+"rozszerzenie ,,%s''\n"
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "nieznana opcja konfiguracyjna ,,%s''\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr "wy¶wietlenie ID zdjêæ przy wypisywaniu kluczy"
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr "pokazywanie URL-i polityk przy wypisywaniu podpisów"
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr "pokazywanie wszystkich adnotacji przy wypisywaniu podpisów"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr "pokazywanie standardowych adnotacji IETF przy wypisywaniu podpisów"
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr "pokazywanie adnotacji u¿ytkownika przy wypisywaniu podpisów"
+
+#: g10/gpg.c:1711
+msgid "show preferred keyserver URLs during signature listings"
+msgstr ""
+"pokazywanie URL-i preferowanych serwerów kluczy przy wypisywaniu podpisów"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr "pokazywanie poprawno¶ci ID u¿ytkownika przy wypisywaniu kluczy"
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+"pokazywanie uniewa¿nionych i wygas³ych ID u¿ytkownika na listach kluczy"
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr "pokazywanie uniewa¿nionych i wygas³ych podkluczy na listach kluczy"
+
+#: g10/gpg.c:1719
+msgid "show the keyring name in key listings"
+msgstr "pokazywanie nazwy zbioru kluczy na listach kluczy"
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr "pokazywanie dat wyga¶niêcia przy wypisywaniu podpisów"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "UWAGA: stary domy¶lny plik opcji ,,%s'' zosta³ zignorowany\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+"biblioteka libgcrypt jest zbyt stara (potrzebna %s, zainstalowana %s)\n"
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "UWAGA: %s nie jest do normalnego u¿ytku!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr ",,%s'' nie jest poprawnym czasem wyga¶niêcia podpisu\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr ",,%s'' nie jest poprawn± nazw± zestawu znaków\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "niezrozumia³y URL serwera kluczy\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: niepoprawne opcje serwera kluczy\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "niepoprawne opcje serwera kluczy\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: niepoprawne opcje wczytania kluczy\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "niepoprawne opcje wczytania kluczy\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d niepoprawne opcje eksportu kluczy\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "niepoprawne opcje eksportu kluczy\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: niepoprawne opcje wypisywania\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "niepoprawne opcje wypisywania\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr "wy¶wietlanie ID zdjêæ przy sprawdzaniu podpisów"
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr "pokazywanie URL-i polityk przy sprawdzaniu podpisów"
+
+#: g10/gpg.c:2704
+msgid "show all notations during signature verification"
+msgstr "pokazywanie wszystkich adnotacji przy sprawdzaniu podpisów"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr "pokazywanie standardowych adnotacji IETF przy sprawdzaniu podpisów"
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr "pokazywanie adnotacji u¿ytkownika przy sprawdzaniu podpisów"
+
+#: g10/gpg.c:2712
+msgid "show preferred keyserver URLs during signature verification"
+msgstr ""
+"pokazywanie URL-i preferowanych serwerów kluczy przy sprawdzaniu podpisów"
+
+#: g10/gpg.c:2714
+msgid "show user ID validity during signature verification"
+msgstr "pokazywanie poprawno¶ci ID u¿ytkownika przy sprawdzaniu podpisów"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+"pokazywanie uniewa¿nionych i wygas³ych ID u¿ytkownika przy sprawdzaniu "
+"podpisów"
+
+#: g10/gpg.c:2718
+msgid "show only the primary user ID in signature verification"
+msgstr "pokazywanie tylko g³ównego ID u¿ytkownika przy sprawdzaniu podpisu"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr "sprawdzanie podpisów z danymi PKA"
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr "zwiêkszenie zaufania podpisów z poprawnymi danymi PKA"
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: niepoprawne opcje sprawdzania\n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "niepoprawne opcje sprawdzania\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "nie mo¿na ustawiæ ¶cie¿ki programów wykonywalnych na %s\n"
+
+#: g10/gpg.c:2925
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: niepoprawna lista auto-key-locate\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr "Niepoprawna lista auto-key-locate\n"
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "OSTRZE¯ENIE: program mo¿e stworzyæ plik zrzutu pamiêci!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "OSTRZE¯ENIE: %s powoduje obej¶cie %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "Nie wolno u¿ywaæ %s z %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s nie ma sensu w po³±czeniu z %s!\n"
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "nie zadzia³a z niebezpieczn± pamiêci± z powodu %s\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+"w trybie --pgp2 mo¿na sk³adaæ tylko podpisy oddzielne lub do³±czone do "
+"tekstu\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "w trybie --pgp2 nie mo¿na jednocze¶nie szyfrowaæ i podpisywaæ\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "w trybie --pgp2 trzeba u¿ywaæ plików a nie potoków.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "szyfrowanie wiadomo¶ci w trybie --pgp2 wymaga modu³u szyfru IDEA\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "wybrany algorytm szyfruj±cy jest niepoprawny\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "wybrany algorytm skrótów wiadomo¶ci jest niepoprawny\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "wybrany algorytm kompresji jest niepoprawny\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "wybrany algorytm skrótów po¶wiadczeñ jest niepoprawny\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "warto¶æ completes-needed musi byæ wiêksza od 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "warto¶æ marginals-needed musi byæ wiêksza od 1\n"
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "warto¶æ max-cert-depth musi mie¶ciæ siê w zakresie od 1 do 255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr ""
+"niew³a¶ciwy domy¶lny poziom sprawdzania; musi mieæ warto¶æ 0, 1, 2 lub 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr ""
+"niew³a¶ciwy minimalny poziom sprawdzania; musi mieæ warto¶æ 0, 1, 2 lub 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "UWAGA: prosty tryb S2K (0) jest stanowczo odradzany\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "niepoprawny tryb S2K; musi mieæ warto¶æ 0, 1 lub 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "niew³a¶ciwe domy¶lne ustawienia\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "niew³a¶ciwe ustawienia szyfrów\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "niew³a¶ciwe ustawienia skrótów\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "niew³a¶ciwe ustawienia algorytmów kompresji\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s jeszcze nie dzia³a z %s!\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "szyfr ,,%s'' nie jest dostêpny w trybie %s\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "skrót ,,%s'' nie jest dostêpny w trybie %s\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "kompresja ,,%s'' nie jest dostêpna w trybie %s\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "inicjowanie Bazy Zaufania nie powiod³o siê: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr "OSTRZE¯ENIE: podano adresatów (-r) w dzia³aniu które ich nie dotyczy\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [plik]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [plik]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "szyfrowanie symetryczne ,,%s'' nie powiod³o siê: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [plik]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [plik]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr "nie mo¿na u¿yæ --symmetric --encrypt wraz z --s2k-mode 0\n"
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "nie mo¿na u¿yæ --symmetric --encrypt w trybie %s\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [plik]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [plik]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [plik]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr "nie mo¿na u¿yæ --symmetric --sign --encrypt wraz z --s2k-mode 0\n"
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "nie mo¿na u¿yæ --symmetric --sign --encrypt w trybie %s\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [plik]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [plik]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [plik]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key nazwa u¿ytkownika"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key nazwa u¿ytkownika"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key nazwa u¿ytkownika [polecenia]"
+
+#: g10/gpg.c:3629
+msgid "--passwd <user-id>"
+msgstr "--passwd <id-u¿ytkownika>"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "wysy³ka do serwera kluczy nie powiod³a siê: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "odbiór z serwera kluczy nie powiód³ siê: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "eksport kluczy nie powiód³ siê: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "szukanie w serwerze kluczy nie powiod³o siê: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "od¶wie¿enie kluczy z serwera nie powiod³o siê: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "zdjêcie opakowania ASCII nie powiod³o siê: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "opakowywanie ASCII nie powiod³o siê: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "niew³a¶ciwy algorytm skrótu ,,%s''\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[nazwa pliku]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Wpisz tutaj swoj± wiadomo¶æ ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "podany URL regulaminu po¶wiadczania jest niepoprawny\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "podany URL regulaminu podpisów jest niepoprawny\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "podany preferowany URL serwera kluczy jest niepoprawny\n"
+
+#: g10/gpgv.c:74
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "|PLIK|pobieranie kluczy ze zbioru PLIK"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "nie traktowaæ konfliktu datowników jako b³êdu"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|pisanie opisu stanu do deskryptora FD"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Wywo³anie: gpgv [opcje] [pliki] (-h podaje pomoc)"
+
+#: g10/gpgv.c:119
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Sk³adnia: gpgv [opcje] [pliki]\n"
+"Sprawdzanie podpisów ze znanych zaufanych kluczy\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Pomoc niedostêpna"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Brak pomocy o ,,%s''"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr "import podpisów oznaczonych jako tylko lokalne"
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr "naprawienie uszkodzeñ z serwera pks przy imporcie"
+
+#: g10/import.c:98
+msgid "do not update the trustdb after import"
+msgstr "nie uaktualnianie bazy zaufania po imporcie"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr "tworzenie kluczy publicznych przy imporcie kluczy tajnych"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr "przyjmowanie tylko uaktualnieñ istniej±cych kluczy"
+
+#: g10/import.c:104
+msgid "remove unusable parts from key after import"
+msgstr "usuwanie bezu¿ytecznych czê¶ci kluczy po imporcie"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr "usuwanie jak najwiêkszej czê¶ci kluczy po imporcie"
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "blok typu %d zostaje pominiêty\n"
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu kluczy przetworzonych do tej chwili\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Ogó³em przetworzonych kluczy: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " pominiêtych nowych kluczy: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " bez identyfikatora: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " do³±czono do zbioru: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " bez zmian: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " nowych identyfikatorów: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " nowych podkluczy: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " nowych podpisów: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " nowych uniewa¿nieñ kluczy: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " tajnych kluczy wczytanych: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " tajnych kluczy dodanych: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " tajnych kluczy bez zmian: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " nie w³±czono do zbioru: %lu\n"
+
+#: g10/import.c:323
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " podpisów wyczyszczonych: %lu\n"
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr "ID u¿ytkownika wyczyszczonych: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+"OSTRZE¯ENIE: klucz %s zawiera preferencje dla niedostêpnych\n"
+"algorytmów dla tych ID u¿ytkownika:\n"
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " ,,%s'': preferowany szyfr %s\n"
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " ,,%s'': preferowany algorytm skrótu %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " ,,%s'': preferowany algorytm kompresji %s\n"
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "zdecydowanie sugerowane jest uaktualnienie ustawieñ i ponowne\n"
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr "rozes³anie tego klucza w celu unikniêcia niezgodno¶ci algorytmów\n"
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+"mo¿na uaktualniæ swoje ustawienia poprzez: gpg --edit-key %s updpref save\n"
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "klucz %s: brak identyfikatora u¿ytkownika\n"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "klucz %s: podklucz uszkodzony przez serwer zosta³ naprawiony\n"
+
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "klucz %s: przyjêto identyfikator nie podpisany nim samym ,,%s''\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "klucz %s: brak poprawnych identyfikatorów u¿ytkownika\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "to mo¿e byæ spowodowane brakiem podpisu klucza nim samym\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "klucz %s: brak klucza publicznego: %s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "klucz %s: nowy klucz - pominiêty\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "brak zapisywalnego zbioru kluczy: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "zapis do ,,%s''\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "b³±d zapisu zbioru kluczy ,,%s'': %s\n"
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "klucz %s: klucz publiczny ,,%s'' wczytano do zbioru\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "klucz %s: nie zgadza siê z lokaln± kopi±\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "klucz %s: brak oryginalnego bloku klucza; %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "klucz %s: nie mo¿na odczytaæ oryginalnego bloku klucza: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "klucz %s: ,,%s'' 1 nowy identyfikator u¿ytkownika\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "klucz %s: ,,%s'' %d nowych identyfikatorów u¿ytkownika\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "klucz %s: ,,%s'' 1 nowy podpis\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "klucz %s: ,,%s'' %d nowych podpisów\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "klucz %s: ,,%s'' 1 nowy podklucz\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "klucz %s: ,,%s'' %d nowych podkluczy\n"
+
+#: g10/import.c:980
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "klucz %s: ,,%s'' %d podpis wyczyszczony\n"
+
+#: g10/import.c:983
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "klucz %s: ,,%s'' %d podpisów wyczyszczonych\n"
+
+#: g10/import.c:986
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "klucz %s: ,,%s'' %d identyfikator u¿ytkownika wyczyszczony\n"
+
+#: g10/import.c:989
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "klucz %s: ,,%s'' %d identyfikatorów u¿ytkownika wyczyszczonych\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "klucz %s: ,,%s'' bez zmian\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "klucz %s: klucz tajny z b³êdnym szyfrem %d - pominiêty\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "wczytywanie kluczy tajnych nie jest dozwolone\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "brak domy¶lnego zbioru kluczy tajnych: %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "klucz %s: klucz tajny wczytany do zbioru\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "klucz %s: ten klucz tajny ju¿ znajduje siê w zbiorze\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "klucz %s: brak klucza tajnego: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"klucz %s: brak klucza publicznego którego dotyczy wczytany certyfikat\n"
+" uniewa¿nienia\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "klucz %s: niepoprawny certyfikat uniewa¿nienia: %s - odrzucony\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "klucz %s: ,,%s'' certyfikat uniewa¿nienia zosta³ ju¿ wczytany\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "klucz %s: brak identyfikatora u¿ytkownika do podpisu\n"
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr "klucz %s: algorytm asymetryczny dla id ,,%s'' nie jest obs³ugiwany\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "klucz %s: niepoprawny podpis na identyfikatorze ,,%s''\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "klucz %s: nieobs³ugiwany algorytm asymetryczny\n"
+
+#: g10/import.c:1484
+#, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "klucz %s: nieprawid³owy bezpo¶redni podpis\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "klucz %s: brak podklucza do dowi±zania\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "klucz %s: niepoprawne dowi±zanie podklucza\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "klucz %s: usuniêto wielokrotne dowi±zanie podklucza\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "klucz %s: brak podklucza, którego dotyczy uniewa¿nienie\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "klucz %s: niepoprawne uniewa¿nienie podklucza\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "klucz %s: usuniêto wielokrotne uniewa¿nienie podklucza\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "klucz %s: pominiêto identyfikator u¿ytkownika ,,%s''\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "klucz %s: podklucz pominiêty\n"
+
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "klucz %s: podpis nieeksportowalny (klasy 0x%02X) - pominiêty\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr ""
+"klucz %s: pominiêto certyfikat uniewa¿nienia umieszczony\n"
+" w niew³a¶ciwym miejscu\n"
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "klucz %s: pominiêto - niepoprawny certyfikat uniewa¿nienia: %s\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "klucz %s: pominiêto - podpis na podkluczu w niew³a¶ciwym miejscu\n"
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "klucz %s: pominiêto - nieoczekiwana klasa podpisu (0x%02X)\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "key %s: do³±czono powtórzony identyfikator u¿ytkownika\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"OSTRZE¯ENIE: klucz %s móg³ zostaæ uniewa¿niony:\n"
+" zapytanie o uniewa¿niaj±cy klucz %s w serwerze kluczy\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"OSTRZE¯ENIE: klucz %s móg³ zostaæ uniewa¿niony:\n"
+" brak uniewa¿niaj±cego klucza %s.\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "klucz %s: ,,%s'' dodany certyfikat uniewa¿nienia\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "klucz %s: dodano bezpo¶redni podpis\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "UWAGA: numer seryjny klucza nie zgadza siê z numerem karty\n"
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "UWAGA: klucz g³ówny jest aktywny i zapisany na karcie\n"
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "UWAGA: klucz dodatkowy jest aktywny i zapisany na karcie\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "b³±d tworzenia zbioru kluczy `%s': %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "zbiór kluczy ,,%s'' zosta³ utworzony\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "zasób bloku klucza `%s': %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "nie powiod³a siê odbudowa bufora bazy: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[uniewa¿nienie]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[podpis klucza nim samym]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 niepoprawny podpis\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d niepoprawnych podpisów\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 podpis nie zosta³ sprawdzony z powodu braku klucza\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d podpisów nie zosta³o sprawdzonych z powodu braku kluczy\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 podpis nie zosta³ sprawdzony z powodu b³êdu\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d podpisów nie sprawdzonych z powodu b³êdów\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "wykryto 1 identyfikator u¿ytkownika niepodpisany tym samym kluczem\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr ""
+"wykryto %d identyfikatorów u¿ytkownika niepodpisanych tym samym kluczem\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Zastanów siê jak bardzo ufasz temu u¿ytkownikowi w kwestii sprawdzania\n"
+"to¿samo¶ci innych u¿ytkowników (czy sprawdzi on odciski kluczy pobrane\n"
+"z ró¿nych ¼róde³, dokumenty potwierdzaj±ce to¿samo¶æ, itd.).\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = mam ograniczone zaufanie\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = mam pe³ne zaufanie\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"Proszê wpisaæ poziom tego podpisu zaufania.\n"
+"Poziom wy¿szy ni¿ 1 umo¿liwia u¿ywanie podpisywanego w³a¶nie klucza\n"
+"do wykonywania zaufanych podpisów w twoim imieniu.\n"
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr "Proszê wpisaæ domenê ograniczaj±c± ten podpis lub Enter dla ¿adnej.\n"
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "Identyfikator u¿ytkownika ,,%s'' zosta³ uniewa¿niony."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Czy na pewno chcesz podpisaæ? (t/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Nie da siê z³o¿yæ podpisu.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "Identyfikator u¿ytkownika ,,%s'' przekroczy³ swój termin wa¿no¶ci."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "Identyfikator ,,%s'' nie jest podpisany swoim kluczem."
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "Identyfikator u¿ytkownika ,,%s'' jest podpisywalny. "
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr "Podpisaæ go? (t/N) "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"Podpis klucza nim samym na ,,%s''\n"
+"jest podpisem z³o¿onym przez PGP 2.x.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Czy chcesz zamieniæ go na podpis OpenPGP? (t/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Twój podpis na ,,%s''\n"
+"przekroczy³ datê wa¿no¶ci.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "Czy chcesz zast±piæ przeterminowany podpis nowym? (t/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Twój podpis na ,,%s''\n"
+"jest podpisem prywatnym (lokalnym).\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr ""
+"Czy chcesz zamieniæ go na pe³ny, publiczny, eksportowalny podpis? (t/N) "
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr ",,%s'' jest ju¿ lokalnie podpisany kluczem %s\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr ",,%s'' jest ju¿ podpisany kluczem %s\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Czy na pewno chcesz to podpisaæ jeszcze raz? (t/N) "
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Nie ma nic do podpisania kluczem %s\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Data wa¿no¶ci tego klucza up³ynê³a!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Wa¿no¶æ tego klucza wygasa %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr ""
+"Czy chcesz ¿eby wa¿no¶æ Twojego podpisu wygasa³a w tej samej chwili? (T/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"W trybie --pgp2 nie mo¿na podpisywaæ kluczy PGP 2.x podpisami OpenPGP.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "To uczyni ten klucz nieu¿ytecznym dla PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Jak dok³adnie zosta³a przez Ciebie sprawdzona to¿samo¶æ tej osoby?\n"
+"Je¶li nie wiesz co odpowiedzieæ, podaj ,,0''.\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Nie odpowiem na to pytanie. %s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) W ogóle nie.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Pobie¿nie.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Bardzo dok³adnie.%s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Twój wybór (,,?'' podaje wiêcej informacji): "
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Czy jeste¶ naprawdê pewien, ¿e chcesz podpisaæ ten klucz\n"
+"swoim kluczem ,,%s'' (%s)\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "To bêdzie podpis klucza nim samym.\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"OSTRZE¯ENIE: podpis nie zostanie oznaczony jako prywatny "
+"(nieeksportowalny).\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"OSTRZE¯ENIE: podpis nie zostanie oznaczony jako nie podlegaj±cy "
+"uniewa¿nieniu.\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "Podpis zostanie oznaczony jako prywatny (nieeksportowalny).\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "Podpis zostanie oznaczony jako nie podlegaj±cy uniewa¿nieniu.\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "To¿samo¶æ u¿ytkownika nie zosta³a w ogóle sprawdzona.\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "To¿samo¶æ u¿ytkownika zosta³a sprawdzona pobie¿nie.\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "To¿samo¶æ u¿ytkownika zosta³a dok³adnie sprawdzona.\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "Czy na pewno podpisaæ? (t/N) "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "z³o¿enie podpisu nie powiod³o siê: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+"Klucz ma tylko za¶lepkê albo elementy na karcie - nie ma has³a do zmiany.\n"
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Ten klucz nie jest chroniony.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Czê¶æ tajna g³ównego klucza jest niedostêpna.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Czê¶æ tajna g³ównego klucza jest zapisana na karcie.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Klucz jest chroniony.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Tego klucza nie mo¿na modyfikowaæ: %s.\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Wprowad¼ nowe d³ugie, skomplikowane has³o dla tego klucza tajnego.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "has³o nie zosta³o poprawnie powtórzone; jeszcze jedna próba"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Nie chcesz has³a - to *z³y* pomys³!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "Czy na pewno chcesz to zrobiæ? (t/N) "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "przenoszê podpis klucza na w³a¶ciwe miejsce\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "zapis zmian i wyj¶cie"
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr "okazanie odcisku klucza"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "lista kluczy i identyfikatorów u¿ytkownika"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "wybór identyfikatora u¿ytkownika N"
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr "wybór podklucza N"
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr "sprawdzenie podpisów"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+"z³o¿enie podpisu na wybranych identyfikatorach u¿ytkownika [* poni¿ej "
+"powi±zane polecenia]"
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr ""
+"z³o¿enie prywatnego (lokalnego) podpisu na wybranych identyfikatorach "
+"u¿ytkownika"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr "podpisanie wybranych identyfikatorów u¿ytkownika sygnatur± zaufania"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+"podpisanie wybranych identyfikatorów u¿ytkownika sygnatur± nie podlegaj±c± "
+"uniewa¿nieniu"
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "dodanie nowego identyfikatora u¿ytkownika do klucza"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "dodanie zdjêcia u¿ytkownika do klucza"
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr "usuniêcie wybranych identyfikatorów u¿ytkownika z klucza"
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr "dodanie podklucza"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr "dodanie klucza do karty procesorowej"
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr "przeniesienie klucza na kartê procesorow±"
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr "przeniesienie klucza zapasowego na kartê procesorow±"
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr "usuniêcie wybranych podkluczy"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "dodanie klucza uniewa¿niaj±cego"
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr "usuniêcie podpisów z wybranych identyfikatorów u¿ytkownika"
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "zmiana daty wyga¶niêcia dla klucza lub wybranych podkluczy"
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr "oznaczenie wybranego identyfikatora u¿ytkownika jako g³ównego"
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr "prze³±czenie pomiêdzy listami kluczy tajnych i publicznych"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "ustawienia (zaawansowane)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "rozbudowana lista ustawieñ"
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr "ustawienie listy preferencji dla wybranych identyfikatorów u¿ytkownika"
+
+#: g10/keyedit.c:1453
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr ""
+"ustawienie URL-a preferowanego serwera kluczy dla wybranych identyfikatorów "
+"u¿ytkownika"
+
+#: g10/keyedit.c:1455
+msgid "set a notation for the selected user IDs"
+msgstr "ustawienie adnotacji dla wybranych identyfikatorów u¿ytkownika"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "zmiana has³a klucza"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "zmiana zaufania w³a¶ciciela"
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr "uniewa¿nienie podpisów na wybranych identyfikatorach u¿ytkownika"
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr "uniewa¿nienie wybranych identyfikatorów u¿ytkownika"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr "uniewa¿nienie klucza lub wybranych podkluczy"
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr "w³±czenie klucza do u¿ycia"
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr "wy³±czenie klucza z u¿ycia"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr "okazanie wybranych identyfikatorów - zdjêæ"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+"zagêszczanie bezu¿ytecznych ID u¿ytkowników i usuwanie bezu¿ytecznych "
+"podpisów z kluczy"
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+"zagêszczanie bezu¿ytecznych ID u¿ytkowników i usuwanie wszystkich podpisów z "
+"kluczy"
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "b³±d odczytu bloku klucza tajnego ,,%s'': %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Dostêpny jest klucz tajny.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Do wykonania tej operacji potrzebny jest klucz tajny.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Najpierw trzeba u¿yæ polecenia \"prze³\".\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* Polecenie `sign' mo¿na poprzedziæ ,,l'' dla lokalnych sygnatur (lsign),\n"
+" ,,t'' dla sygnatur zaufania (tsign) albo ,,nr'' dla sygnatur nie\n"
+" podlegaj±cych uniewa¿nieniu (nrsign), albo dowoln± ich kombinacj± "
+"(ltsign,\n"
+" tnrsign itd.).\n"
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "Klucz uniewa¿niony."
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Czy na pewno podpisaæ wszystkie identyfikatory u¿ytkownika? (t/N) "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Podpowied¼: wybierz identyfikatory u¿ytkownika do podpisania.\n"
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "Nieznany rodzaj podpisu ,,%s''\n"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "To polecenie nie jest dostêpne w trybie %s.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Musisz wybraæ co najmniej jeden identyfikator u¿ytkownika.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Nie mo¿esz usun±æ ostatniego identyfikatora u¿ytkownika!\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr ""
+"Czy na pewno usun±æ wszystkie wybrane identyfikatory u¿ytkownika? (t/N) "
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "Czy na pewno usun±æ ten identyfikator u¿ytkownika? (t/N) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr "Czy na pewno przenie¶æ g³ówny klucz (t/N) "
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "Musisz wybraæ dok³adnie jeden klucz.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr "Polecenie oczekuje argumentu bêd±cego nazw± pliku\n"
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "Nie mo¿na otworzyæ ,,%s'': %s\n"
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "B³±d podczas odczytu klucza zapasowego z `%s': %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Musisz wybraæ co najmniej jeden klucz.\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Czy na pewno chcesz usun±æ wybrane klucze? (t/N) "
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Czy na pewno chcesz usun±æ ten klucz? (t/N) "
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr ""
+"Czy na pewno uniewa¿niæ wszystkie wybrane identyfikatory u¿ytkownika? (t/N) "
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Czy na pewno uniewa¿niæ ten identyfikator u¿ytkownika? (t/N) "
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Czy na pewno chcesz uniewa¿niæ ca³y klucz? (t/N) "
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Czy na pewno chcesz uniewa¿niæ wybrane podklucze? (t/N) "
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Czy na pewno chcesz uniewa¿niæ ten podklucz? (t/N) "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+"Zaufanie u¿ytkownika nie mo¿e byæ ustawione podczas u¿ywania bazy zaufania\n"
+"dostarczonej przez u¿ytkownika\n"
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "Ustawienie listy ustawieñ na:\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+"Czy na pewno uaktualniæ ustawienia dla wybranych identyfikatorów? (t/N) "
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "Czy na pewno uaktualniæ ustawienia? (t/N) "
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "Zapisaæ zmiany? (t/N) "
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "Wyj¶æ bez zapisania zmian? (t/N) "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "zapis zmian nie powiód³ siê: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "zapis zmian na kluczu prywatnym nie powiód³ siê: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Klucz nie zosta³ zmieniony wiêc zapis zmian nie jest konieczny.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Skrót: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Ustawienia: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr "no-modify dla serwera kluczy"
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr "Preferowany serwer kluczy: "
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+msgid "Notations: "
+msgstr "Adnotacje: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "Klucze PGP 2.x nie zawieraj± opisu ustawieñ.\n"
+
+#: g10/keyedit.c:2810
+#, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Ten klucz zosta³ uniewa¿niony %s przez klucz u¿ytkownika %s %s\n"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Klucz mo¿e zostaæ uniewa¿niony przez klucz %s u¿ytkownika %s"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr "(poufne)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "utworzono: %s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "uniewa¿niono: %s"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "wygas³: %s"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "wygasa: %s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "u¿ycie: %s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr "zaufanie: %s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "poprawno¶æ: %s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Ten klucz zosta³ wy³±czony z u¿ytku"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr "nr-karty: "
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Pokazana warto¶æ wiarygodno¶ci klucza mo¿e byæ niepoprawna,\n"
+"dopóki program nie zostanie uruchomiony ponownie.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "uniewa¿niony"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "wygas³"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"OSTRZE¯ENIE: ¿aden identyfikator u¿ytkownika nie zosta³ oznaczony explicite\n"
+" jako g³ówny. Wykonanie tego polecenie mo¿e wiêc spowodowaæ\n"
+" wy¶wietlanie innego identyfikatora jako domy¶lnego g³ównego.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"OSTRZE¯ENIE: To jest klucz PGP wersji 2. Dodanie zdjêcia spowoduje, ¿e\n"
+" niektóre wersje przestan± go rozumieæ.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Czy dalej chcesz je dodaæ? (t/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "Do klucza dla PGP 2.x nie mo¿na dodaæ zdjêcia.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Usun±æ ten poprawny podpis? (t/N/w) "
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Usun±æ ten niepoprawny podpis? (t/N/w) "
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Usun±æ ten nieznany podpis? (t/N/w) "
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Na pewno usun±æ ten podpis klucza nim samym? (t/N) "
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "%d podpis usuniêty.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "%d podpisów usuniêtych.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Nic nie zosta³o usuniête.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "niepoprawny"
+
+#: g10/keyedit.c:3357
+#, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "Identyfikator u¿ytkownika ,,%s'' upakowany: %s\n"
+
+#: g10/keyedit.c:3364
+#, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "Identyfikator u¿ytkownika ,,%s'': %d podpis wyczyszczony\n"
+
+#: g10/keyedit.c:3365
+#, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "Identyfikator u¿ytkownika ,,%s'': %d podpisów wyczyszczonych\n"
+
+#: g10/keyedit.c:3373
+#, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "Identyfikator u¿ytkownika ,,%s'': ju¿ zmniejszony.\n"
+
+#: g10/keyedit.c:3374
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "Identyfikator u¿ytkownika ,,%s'': ju¿ czysty.\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"OSTRZE¯ENIE: To jest klucz PGP wersji 2.x. Wyznaczenie mu klucza\n"
+" uniewa¿niaj±cego spowoduje, ¿e niektóre wersje PGP przestan±\n"
+" go rozumieæ.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "Do klucza dla PGP 2.x nie mo¿na wyznaczyæ klucza uniewa¿niaj±cego.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Podaj identyfikator klucza uniewa¿niaj±cego: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "klucza PGP 2.x nie mo¿na wyznaczyæ jako uniewa¿niaj±cego\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "nie mo¿na wyznaczyæ klucza do uniewa¿niania jego samego\n"
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr "ten klucz zosta³ ju¿ uznany kluczem uniewa¿niaj±cym\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"OSTRZE¯ENIE: nie mo¿na cofn±æ wyznaczenia klucza jako uniewa¿niaj±cego!\n"
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr "Czy na pewno chcesz wyznaczyæ ten klucz jako uniewa¿niaj±cy? (t/N) "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Proszê usun±æ znacznik wyboru z kluczy prywatnych.\n"
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr "Proszê wybraæ najwy¿ej jeden podklucz.\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Zmiana daty wa¿no¶ci podklucza.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Zmiana daty wa¿no¶ci g³ównego klucza.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Nie mo¿na zmieniæ daty wa¿no¶ci klucza w wersji 3.\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Brak odpowiadaj±cego podpisu w zbiorze kluczy prywatnych\n"
+
+#: g10/keyedit.c:3800
+#, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "podklucz podpisuj±cy %s jest ju¿ skro¶nie podpisany\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+"podklucz %s nie jest podpisuj±cy, wiêc nie musi byæ skro¶nie podpisany\n"
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Proszê wybraæ dok³adnie jeden identyfikator u¿ytkownika.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "podpis w wersji 3 na identyfikatorze ,,%s'' zostaje pominiêty\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr "Podaj preferowany URL serwera kluczy: "
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Czy na pewno chcesz go zast±piæ? (t/N) "
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Czy na pewno chcesz go usun±æ? (t/N) "
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr "Adnotacje: "
+
+#: g10/keyedit.c:4471
+msgid "Proceed? (y/N) "
+msgstr "Kontynuowaæ? (t/N) "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Brak identyfikatora u¿ytkownika o numerze %d.\n"
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Brak identyfikatora u¿ytkownika o skrócie %s\n"
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "Brak podklucza o numerze %d.\n"
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "identyfikator u¿ytkownika: ,,%s''\n"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "podpisany twoim kluczem %s w %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (podpis nieeksportowalny) "
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Wa¿no¶æ tego klucza wygas³a %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Czy dalej chcesz go uniewa¿niæ? (t/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Stworzyæ certyfikat uniewa¿nienia tego podpisu? (t/N) "
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr "Nie podpisane przez ciebie.\n"
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Te identyfikatory na kluczu %s s± podpisane przez Ciebie:\n"
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (podpis nieuniewa¿nialny) "
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "uniewa¿niony przez twój klucz %s w %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Czy na pewno chcesz uniewa¿niæ te podpisy:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Na pewno utworzyæ certyfikaty uniewa¿nienia ? (t/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "brak klucza tajnego\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "identyfikator u¿ytkownika ,,%s'' zosta³ ju¿ uniewa¿niony\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+"OSTRZE¯ENIE: identyfikator u¿ytkownika podpisany za %d sekund (w "
+"przysz³o¶ci)\n"
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "Klucz %s jest ju¿ uniewa¿niony.\n"
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "Podklucz %s jest ju¿ uniewa¿niony.\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+"Wy¶wietlanie zdjêcia w formacie %s o rozmiarze %ld bajtów dla klucza %s (id %"
+"d).\n"
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "ustawienie ,,%s'' powtarza siê\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "zbyt wiele ustawieñ szyfru\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "zbyt wiele ustawieñ funkcji skrótu\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "zbyt wiele ustawieñ kompresji\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "niew³a¶ciwy element `%s' w tek¶cie ustawieñ\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "zapis podpisu bezpo¶redniego\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "zapis podpisu klucza nim samym\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "zapis podpisu wi±¿±cego klucz\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "niew³a¶ciwa d³ugo¶æ klucza; wykorzystano %u bitów\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "rozmiar klucza zaokr±glony w górê do %u bitów\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+"OSTRZE¯ENIE: niektóre programy OpenPGP nie potrafi± obs³u¿yæ klucza RSA o "
+"tej d³ugo¶ci skrótu\n"
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "Podpisywanie"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr "Certyfikowanie"
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "Szyfrowanie"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "Uwierzytelnianie"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr "PpSsUuZz"
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "Mo¿liwe akcje dla klucza %s: "
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr "Aktualnie dopuszczalne akcje: "
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) Prze³±czenie mo¿liwo¶ci podpisywania\n"
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) Prze³±czenie mo¿liwo¶ci szyfrowania\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) Prze³±czenie mo¿liwo¶ci uwierzytelniania\n"
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) Zakoñczenie\n"
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Proszê wybraæ rodzaj klucza:\n"
+
+#: g10/keygen.c:1689
+#, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) RSA i RSA (domy¶lne)\n"
+
+#: g10/keygen.c:1691
+#, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA i Elgamala\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (tylko do podpisywania)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (tylko do podpisywania)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) Elgamala (tylko do szyfrowania)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (tylko do szyfrowania)\n"
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (mo¿liwo¶ci do ustawienia)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (mo¿liwo¶ci do ustawienia)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "Klucze %s bêd± mia³y od %u do %u bitów d³ugo¶ci.\n"
+
+#: g10/keygen.c:1820
+#, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Jakiej d³ugo¶ci podklucz wygenerowaæ? (%u) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Jakiej d³ugo¶ci klucz wygenerowaæ? (%u) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "¯±dana d³ugo¶æ klucza to %u bitów.\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Okres wa¿no¶ci klucza.\n"
+" 0 = klucz nie ma okre¶lonego terminu wa¿no¶ci\n"
+" <n> = termin wa¿no¶ci klucza up³ywa za n dni\n"
+" <n>w = termin wa¿no¶ci klucza up³ywa za n tygodni\n"
+" <n>m = termin wa¿no¶ci klucza up³ywa za n miesiêcy\n"
+" <n>y = termin wa¿no¶ci klucza up³ywa za n lat\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Okres wa¿no¶ci podpisu.\n"
+" 0 = klucz nie ma okre¶lonego terminu wa¿no¶ci\n"
+" <n> = termin wa¿no¶ci podpisu up³ywa za n dni\n"
+" <n>w = termin wa¿no¶ci podpisu up³ywa za n tygodni\n"
+" <n>m = termin wa¿no¶ci podpisu up³ywa za n miesiêcy\n"
+" <n>y = termin wa¿no¶ci podpisu up³ywa za n lat\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Okres wa¿no¶ci klucza? (0) "
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Okres wa¿no¶ci podpisu? (%s) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "niepoprawna warto¶æ\n"
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr "Klucz nie wyga¶nie w ogóle\n"
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr "Podpis nie wyga¶nie w ogóle\n"
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "Klucz traci wa¿no¶æ %s\n"
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "Wa¿no¶æ podpisu wygasa %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Twój system nie potrafi pokazaæ daty po roku 2038.\n"
+"Niemniej daty do roku 2106 bêd± poprawnie obs³ugiwane.\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "Czy wszystko siê zgadza (t/N)? "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+"\n"
+"GnuPG musi utworzyæ identyfikator u¿ytkownika do identyfikacji klucza.\n"
+"\n"
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Musisz podaæ identyfikator u¿ytkownika aby mo¿na by³o rozpoznaæ twój klucz;\n"
+"program z³o¿y go z twojego imienia i nazwiska, komentarza i adresu poczty\n"
+"elektronicznej. Bêdzie on mia³, na przyk³ad, tak± postaæ:\n"
+" \"Tadeusz ¯eleñski (Boy) <tzb@ziemianska.pl>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Imiê i nazwisko: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Niew³a¶ciwy znak w imieniu lub nazwisku\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Imiê lub nazwisko nie mo¿e zaczynaæ siê od cyfry\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Imiê i nazwisko musz± mieæ co najmniej 5 znaków d³ugo¶ci.\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Adres poczty elektronicznej: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "To nie jest poprawny adres poczty elektronicznej\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Komentarz: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Niew³a¶ciwy znak w komentarzu\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "U¿ywasz zestawu znaków %s.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Twój identyfikator u¿ytkownika bêdzie wygl±da³ tak:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr ""
+"Nie nale¿y umieszczaæ adresu poczty elektronicznej w polu nazwiska czy\n"
+"komentarza.\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr "Taki identyfikator u¿ytkownika ju¿ istnieje na tym kluczu!\n"
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "IiKkEeDdWw"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Zmieniæ (I)miê/nazwisko, (K)omentarz, adres (E)mail, czy (W)yj¶æ? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr ""
+"Zmieniæ (I)miê/nazwisko, (K)omentarz, adres (E)mail, przej¶æ (D)alej,\n"
+"czy (W)yj¶æ z programu? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Najpierw trzeba poprawiæ ten b³±d\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Musisz podaæ d³ugie, skomplikowane has³o aby ochroniæ swój klucz tajny.\n"
+"\n"
+
+#: g10/keygen.c:2276
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+"Proszê wprowadziæ has³o do zabezpieczenia kopii zapasowej poza kart± nowego "
+"klucza szyfruj±cego."
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Nie chcesz podaæ has³a - to *z³y* pomys³!\n"
+"W ka¿dej chwili mo¿esz ustawiæ has³o u¿ywaj±c tego programu i opcji\n"
+"\"--edit-key\".\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Musimy wygenerowaæ du¿o losowych bajtów. Dobrym pomys³em aby pomóc "
+"komputerowi\n"
+"podczas generowania liczb pierwszych jest wykonywanie w tym czasie innych\n"
+"dzia³añ (pisanie na klawiaturze, poruszanie myszk±, odwo³anie siê do "
+"dysków);\n"
+"dziêki temu generator liczb losowych ma mo¿liwo¶æ zebrania odpowiedniej "
+"ilo¶ci\n"
+"entropii.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Procedura generacji klucza zosta³a anulowana.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "zapisujê klucz publiczny w ,,%s''\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "zapisujê za¶lepkê klucza tajnego w ,,%s''\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "zapisujê klucz tajny w ,,%s''\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "brak zapisywalnego zbioru kluczy publicznych: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "brak zapisywalnego zbioru kluczy tajnych: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "b³±d podczas zapisu zbioru kluczy publicznych ,,%s'': %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "b³±d podczas zapisu zbioru kluczy tajnych ,,%s'': %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "klucz publiczny i prywatny (tajny) zosta³y utworzone i podpisane.\n"
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Ten klucz nie mo¿e byæ wykorzystany do szyfrowania. Komend± \"--edit-key\"\n"
+"mo¿na dodaæ do niego podklucz szyfruj±cy.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Generacja klucza nie powiod³a siê: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"klucz zosta³ stworzony %lu sekundê w przysz³o¶ci (zaburzenia\n"
+"czasoprzestrzeni, lub ¼le ustawiony zegar systemowy)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"klucz zosta³ stworzony %lu sekund w przysz³o¶ci (zaburzenia\n"
+"czasoprzestrzeni, lub ¼le ustawiony zegar systemowy)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr ""
+"UWAGA: tworzenie podkluczy dla kluczy wersji 3 jest niezgodne z OpenPGP.\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "Czy na pewno utworzyæ? (t/N) "
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "zapis klucza na karcie nie powiód³ siê: %s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "nie mo¿na utworzyæ pliku kopii zapasowej ,,%s'': %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "UWAGA: kopia zapasowa klucza karty zapisana do ,,%s''\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "nigdy "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Krytyczny regulamin podpisu: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Regulamin podpisu: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr "Krytyczny preferowany serwer kluczy: "
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Krytyczne adnotacje podpisu: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Adnotacje podpisu: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Zbiór kluczy"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Odcisk klucza g³ównego:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Odcisk podklucza:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Odcisk klucza g³ównego:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Odcisk podklucza:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr " Odcisk klucza ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr " Nr seryjny karty ="
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "zmiana nazwy ,,%s'' na ,,%s'' nie powiod³a siê: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "OSTRZE¯ENIE: Istniej± dwa pliki z poufnymi informacjami.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s pozosta³ bez zmian\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s zosta³ utworzony\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Proszê usun±æ to naruszenie zasad bezpieczeñstwa\n"
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "buforowanie zbioru kluczy ,,%s''\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu kluczy zbuforowano do tej pory (%lu podpisów)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu kluczy zbuforowano (%lu podpisów)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: zbiór kluczy utworzony\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr "w³±czenie uniewa¿nionych kluczy do wyników wyszukiwania"
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr "w³±czenie podkluczy przy poszukiwaniu po ID klucza"
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+"u¿ycie plików tymczasowych do przekazywania danych do modu³ów obs³ugi "
+"serwera kluczy"
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr "nie usuwanie plików tymczasowych po u¿yciu ich"
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr "automatyczne pobieranie kluczy przy sprawdzaniu podpisów"
+
+#: g10/keyserver.c:85
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "honorowanie URL-a preferowanego serwera kluczy ustawionego w kluczu"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr "honorowanie rekordu PKA ustawionego w kluczu przy pobieraniu kluczy"
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"OSTRZE¯ENIE: opcja serwera kluczy ,,%s'' nie jest u¿ywana na tej "
+"platformie.\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "wy³±czony"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "Wprowad¼ numer(y), N)astêpny lub Q)uit > "
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "niepoprawny protokó³ serwera kluczy (nasz %d != modu³ obs³ugi %d)\n"
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "klucz ,,%s'' nie zosta³ odnaleziony na serwerze kluczy\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "klucz nie zosta³ odnaleziony na serwerze kluczy\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "zapytanie o klucz %s z serwera %s %s\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "zapytanie o klucz %s z %s\n"
+
+#: g10/keyserver.c:1205
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "poszukiwanie nazw z serwera %s %s\n"
+
+#: g10/keyserver.c:1208
+#, c-format
+msgid "searching for names from %s\n"
+msgstr "poszukiwanie nazw z %s\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "wysy³anie klucza %s na serwer %s %s\n"
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "wysy³anie klucza %s na %s\n"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "poszukiwanie ,,%s'' z serwera %s %s\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "poszukiwanie ,,%s'' z %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr "brak akcji serwera kluczy!\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr "OSTRZE¯ENIE: modu³ obs³ugi serwera kluczy z innej wersji GnuPG (%s)\n"
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "serwer kluczy nie wys³a³ VERSION\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "brak znanyk serwerów kluczy (u¿yj opcji --keyserver)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+"zewnêtrzne wywo³ania serwera kluczy nie s± obs³ugiwane w tej kompilacji\n"
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "brak modu³u obs³ugi dla schematu serwera kluczy ,,%s''\n"
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+"akcja ,,%s'' nie jest obs³ugiwana przez schemat serwera kluczy ,,%s''\n"
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "%s nie obs³uguje modu³u obs³ugi w wersji %d\n"
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "zbyt d³ugi czas oczekiwania na serwer kluczy\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "b³±d wewnêtrzny serwera kluczy\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "b³±d komunikacji z serwerem kluczy: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr ",,%s'' nie jest identyfikatorem klucza - pominiêto\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "OSTRZE¯ENIE: nie mo¿na od¶wie¿yæ klucza %s przez %s: %s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "od¶wie¿anie 1 klucza z %s\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "od¶wie¿anie %d kluczy z %s\n"
+
+#: g10/keyserver.c:1987
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "OSTRZE¯ENIE: nie mo¿na pobraæ URI %s: %s\n"
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "OSTRZE¯ENIE: nie mo¿na przeanalizowaæ URI %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "dziwny rozmiar jak na zaszyfrowany klucz sesyjny (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "klucz sesyjny zaszyfrowany %s\n"
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "has³o wygenerowane nieznanym algorytmem skrótu %d\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "klucz publiczny to %s\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "dane zaszyfrowane kluczem publicznym: poprawny klucz sesyjny\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr ""
+"zaszyfrowano %u-bitowym kluczem %s o identyfikatorze %s, stworzonym %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " ,,%s''\n"
+
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "zaszyfrowano kluczem %s o identyfikatorze %s\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "b³±d odszyfrowywania kluczem publicznym: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "zaszyfrowane za pomoc± %lu hase³\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "zaszyfrowane jednym has³em\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "przyjmuj±c ¿e dane zosta³y zaszyfrowane za pomoc± %s\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "szyfr IDEA nie jest dostêpny, próba u¿ycia %s zamiast niego\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "odszyfrowanie poprawne\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "OSTRZE¯ENIE: wiadomo¶æ nie by³a zabezpieczona przed manipulacj±\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "OSTRZE¯ENIE: zaszyfrowana wiadomo¶æ by³a manipulowana!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr "wyczyszczono has³o zapamiêtane z ID: %s\n"
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "b³±d odszyfrowywania: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "UWAGA: nadawca zaznaczy³ ¿e wiadomo¶æ nie powinna byæ zapisywana\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "pierwotna nazwa pliku='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr "OSTRZE¯ENIE: widziano wiele czystych tekstów\n"
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr ""
+"osobny certyfikat uniewa¿nienia - u¿yj ,,gpg --import'' aby go wczytaæ\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+msgid "no signature found\n"
+msgstr "nie znaleziono podpisu\n"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "wymuszono pominiêcie sprawdzenia podpisu\n"
+
+#: g10/mainproc.c:1587
+msgid "can't handle this ambiguous signature data\n"
+msgstr "nie mo¿na obs³u¿yæ tych wieloznacznych danych podpisu\n"
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "Podpisano w %s\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " przy u¿yciu klucza %s %s\n"
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Podpisano w %s kluczem %s o numerze %s\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Klucz dostêpny w: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "NIEPOPRAWNY podpis z³o¿ony przez ,,%s''"
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Przeterminowany podpis z³o¿ony przez ,,%s''"
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "Poprawny podpis z³o¿ony przez ,,%s''"
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[niepewne]"
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " alias ,,%s''"
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Wa¿no¶æ podpisu wygas³a %s.\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Wa¿no¶æ podpisu wygasa %s.\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "podpis %s, skrót %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "binarny"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "tekstowy"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "nieznany"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Nie mo¿na sprawdziæ podpisu: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "nie jest oddzielonym podpisem.\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"OSTRZE¯ENIE: wielokrotne podpisy. Tylko pierwszy zostanie sprawdzony.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "oddzielony podpis klasy 0x%02x.\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "podpis starego typu (PGP 2.x).\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "wykryto niepoprawny pakiet pierwotny w proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "fstat na ,,%s'' nie powiod³o siê w %s: %s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "fstat(%d) nie powiod³o siê w %s: %s\n"
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr ""
+"OSTRZE¯ENIE: u¿ycie eksperymentalnego algorytmu klucza publicznego %s\n"
+
+#: g10/misc.c:302
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+"OSTRZE¯ENIE: klucze do podpisywania i szyfrowania Elgamala s± odradzane\n"
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "OSTRZE¯ENIE: u¿ycie eksperymentalnego szyfru %s\n"
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "OSTRZE¯ENIE: u¿ycie eksperymentalnego algorytmu skrótu %s\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "OSTRZE¯ENIE: algorytm skrótu %s jest odradzany\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "modu³ szyfru IDEA nie jest dostêpny\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, c-format
+msgid "please see %s for more information\n"
+msgstr "obja¶nienie mo¿na przeczytaæ tutaj: %s\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d jest przestarza³± opcj± ,,%s''\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "OSTRZE¯ENIE: ,,%s'' jest przestarza³± opcj±.\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "w jej miejsce nale¿y u¿yæ ,,%s%s''\n"
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr ""
+"OSTRZE¯ENIE: ,,%s'' jest przestarza³ym poleceniem - nie nale¿y go u¿ywaæ\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr "%s:%u: przestarza³a opcja ,,%s'' - nie ma efektu\n"
+
+#: g10/misc.c:787
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "OSTRZE¯ENIE: ,,%s'' jest przestarza³± opcj± - nie ma efektu\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "Nieskompresowany"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr "nieskompresowany|brak"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "ta wiadomo¶æ mo¿e nie daæ siê odczytaæ za pomoc± %s\n"
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "niejednoznaczna opcja ,,%s''\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "nieznana opcja ,,%s''\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Plik ,,%s'' ju¿ istnieje. "
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "Nadpisaæ? (t/N) "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: nieznana koñcówka nazwy\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Nazwa pliku"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "zapisywanie na wyj¶cie standardowe\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "przyjêto obecno¶æ podpisanych danych w '%s'\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "nowy plik ustawieñ ,,%s'' zosta³ utworzony\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "OSTRZE¯ENIE: opcje w ,,%s'' nie s± jeszcze uwzglêdnione.\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "nie mo¿na obs³u¿yæ tego algorytmu klucza publicznego: %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+"OSTRZE¯ENIE: symetrycznie zaszyfrowany klucz sesyjny mo¿e nie byæ "
+"bezpieczny\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "podpakiet typu %d ma ustawiony krytyczny bit\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr "problem z agentem: %s\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (ID g³ównego klucza %s)"
+
+#: g10/passphrase.c:358
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Musisz podaæ has³o, aby odbezpieczyæ klucz tajny certyfikatu OpenPGP:\n"
+",,%.*s''.\n"
+"Klucz o d³ugo¶ci %u bitów, typ %s, ID %s,\n"
+"stworzony %s%s.\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Has³o\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "anulowano przez u¿ytkownika\n"
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"Musisz podaæ has³o aby odbezpieczyæ klucz prywatny u¿ytkownika:\n"
+",,%s''\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "d³ugo¶æ %u bitów, typ %s, numer %s, stworzony %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (podklucz dla g³ównego klucza o ID %s)"
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Wybierz zdjêcie które chcesz do³±czyæ do swojego klucza jako identyfikator.\n"
+"Musi to byæ plik w formacie JPEG. Zostanie on zapisany w Twoim kluczu\n"
+"publicznym. Je¶li bêdzie du¿y, powiêkszy to tak¿e rozmiar Twojego klucza!\n"
+"Dobry rozmiar to oko³o 240 na 288 pikseli.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Nazwa pliku ze zdjêciem w formacie JPEG: "
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "nie mo¿na otworzyæ pliku JPEG ,,%s'': %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "Ten JPEG jest naprawdê du¿y (%d bajtów)!\n"
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Czy na pewno chcesz go u¿yæ? (t/N) "
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr ",,%s'' nie jest plikiem JPEG\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Czy zdjêcie jest w porz±dku? (t/N/w) "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "nie mo¿na wy¶wietliæ zdjêcia!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "nie podano przyczyny"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "klucz zosta³ zast±piony"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "klucz zosta³ skompromitowany"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "klucz nie jest ju¿ u¿ywany"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "identyfikator u¿ytkownika przesta³ byæ poprawny"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "powód uniewa¿nienia: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "komentarz do uniewa¿nienia: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMwWpP"
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "Brak warto¶ci zaufania dla:\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " alias ,,%s''\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "Jak bardzo ufasz, ¿e ten klucz naprawdê nale¿y do tej osoby?\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = nie wiem albo nie powiem\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = NIE ufam\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = ufam absolutnie\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " m = powrót do g³ównego menu\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " p = pominiêcie tego klucza\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " w = wyj¶cie\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+"Minimalny poziom zaufania dla tego klucza to: %s\n"
+"\n"
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Twoja decyzja? "
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Czy na pewno chcesz przypisaæ absolutne zaufanie temu kluczowi? (t/N) "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certyfikaty prowadz±ce do ostatecznie zaufanego klucza:\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr "%s: Nie ma ¿adnej pewno¶ci, czy ten klucz nale¿y do tej osoby\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr "%s: Nie ma ca³kowitej pewno¶ci, czy ten klucz nale¿y do tej osoby\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "Ten klucz prawdopodobnie nale¿y do tej osoby\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Ten klucz nale¿y do nas\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"NIE MA pewno¶ci, czy klucz nale¿y do osoby wymienionej w identyfikatorze.\n"
+"Je¶li nie masz co do tego ¿adnych w±tpliwo¶ci i *naprawdê* wiesz co robisz,\n"
+"mo¿esz odpowiedzieæ ,,tak'' na nastêpne pytanie.\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "U¿yæ tego klucza pomimo to? (t/N) "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "OSTRZE¯ENIE: u¿ywany jest klucz nie obdarzony zaufaniem!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+"OSTRZE¯ENIE: ten klucz móg³ zostaæ uniewa¿niony\n"
+" (brak klucza uniewa¿niaj±cego aby to sprawdziæ)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "OSTRZE¯ENIE: Ten klucz zosta³ uniewa¿niony kluczem uniewa¿niaj±cym!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "OSTRZE¯ENIE: Ten klucz zosta³ uniewa¿niony przez w³a¶ciciela!\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " To mo¿e oznaczaæ, ¿e podpis jest fa³szerstwem.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "OSTRZE¯ENIE: Ten podklucz zosta³ uniewa¿niony przez w³a¶ciciela!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Uwaga: Ten klucz zosta³ wy³±czony z u¿ytku.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr "Uwaga: Sprawdzony adres pospisuj±cego to `%s'\n"
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr "Uwaga: Adres podpisuj±cego `%s' nie pasuje do wpisu DNS\n"
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+"poziom zaufania poprawiony na PE£NY ze wzglêdu na poprawne informacje PKA\n"
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+"poziom zaufania poprawiony na ¯ADEN ze wzglêdu na b³êdne informacje PKA\n"
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Uwaga: Data wa¿no¶ci tego klucza up³ynê³a!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "OSTRZE¯ENIE: Ten klucz nie jest po¶wiadczony zaufanym podpisem!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" Nie ma pewno¶ci co do to¿samo¶ci osoby która z³o¿y³a podpis.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "OSTRZE¯ENIE: NIE UFAMY temu kluczowi!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Ten podpis prawdopodobnie jest FA£SZYWY.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"OSTRZE¯ENIE: Tego klucza nie po¶wiadczaj± wystarczaj±co zaufane podpisy!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr ""
+" Nie ma pewno¶ci co do to¿samo¶ci osoby która z³o¿y³a ten "
+"podpis.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: pominiêty: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: pominiêty: zosta³ ju¿ wybrany w innej opcji\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "Nie zosta³ podany identyfikator u¿ytkownika (np. za pomoc± ,,-r'')\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr "Aktualni odbiorcy:\n"
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Identyfikator u¿ytkownika (pusta linia oznacza koniec): "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Brak takiego identyfikatora u¿ytkownika.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "pominiêty: klucz publiczny ju¿ jest domy¶lnym adresatem\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Klucz publiczny wy³±czony z u¿ycia.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "pominiêty: zosta³ ju¿ wybrany w innej opcji\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "nieznany domy¶lny adresat ,,%s''\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: pominiêty: klucz publiczny wy³±czony z u¿ytku\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "brak poprawnych adresatów\n"
+
+#: g10/pkclist.c:1503
+#, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "Uwaga: klucz %s nie ma cechy %s\n"
+
+#: g10/pkclist.c:1528
+#, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "Uwaga: klucz %s nie ma preferencji dla %s\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+"dane nie zosta³y zapisane; aby to zrobiæ, nale¿y u¿yæ opcji \"--output\"\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Podpis oddzielony od danych.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Nazwa pliku danych: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "czytam strumieñ standardowego wej¶cia\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "brak podpisanych danych\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "nie mo¿na otworzyæ podpisanego pliku ,,%s''\n"
+
+#: g10/plaintext.c:607
+#, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "nie mo¿na otworzyæ podpisanych danych z fd=%d: %s\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "adresat anonimowy; sprawdzanie klucza tajnego %s...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "OK, to my jeste¶my adresatem anonimowym.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "stary, nieobs³ugiwany algorytm szyfrowania klucza sesyjnego\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "algorytm szyfruj±cy %d%s jest nieznany lub zosta³ wy³±czony\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "OSTRZE¯ENIE: brak algorytmu szyfruj±cego %s w ustawieniach odbiorcy\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "UWAGA: wa¿no¶æ klucza tajnego %s wygas³a %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "UWAGA: klucz zosta³ uniewa¿niony"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "wywo³anie funkcji build_packet nie powiod³o siê: %s\n"
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "klucz %s nie ma identyfikatorów u¿ytkownika\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Zostanie uniewa¿niony przez:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(to jest czu³y klucz uniewa¿niaj±cy)\n"
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Stworzyæ certyfikat uniewa¿nienia tego klucza? (t/N) "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "wymuszono opakowanie ASCII wyniku.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "wywo³anie funkcji make_keysig_packet nie powiod³o siê: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Certyfikat uniewa¿nienia zosta³ utworzony.\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "brak kluczy uniewa¿niaj±cych dla ,,%s''\n"
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "klucz prywatny ,,%s'' nie zosta³ odnaleziony: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "brak odpowiadaj±cego klucza publicznego: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "klucz publiczny nie pasuje do klucza prywatnego!\n"
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Stworzyæ certyfikat uniewa¿nienia tego klucza? (t/N) "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "nieznany algorytm ochrony\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "UWAGA: Ten klucz nie jest chroniony!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Certyfikat uniewa¿nienia zosta³ utworzony.\n"
+"\n"
+"Nale¿y przenie¶æ go na no¶nik który mo¿na bezpiecznie ukryæ; je¶li ¼li "
+"ludzie\n"
+"dostan± ten certyfikat w swoje rêce, mog± u¿yæ go do uczynienia klucza\n"
+"nieu¿ytecznym.\n"
+"\n"
+"Niez³ym pomys³em jest wydrukowanie certyfikatu uniewa¿nienia i schowanie\n"
+"wydruku w bezpiecznym miejscu, na wypadek gdyby no¶nik z certyfikatem sta³ "
+"siê\n"
+"nieczytelny. Ale nale¿y zachowaæ ostro¿no¶æ, systemy drukowania ró¿nych\n"
+"komputerów mog± zachowaæ tre¶æ wydruku i udostêpniæ j± osobom "
+"nieupowa¿nionym.\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Proszê wybraæ powód uniewa¿nienia:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Anuluj"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Prawdopodobnie chcesz tu wybraæ %d)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Wprowad¼ opis (nieobowi±zkowy) i zakoñcz go pust± lini±:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Powód uniewa¿nienia: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(nie podano)\n"
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "Informacje poprawne? (t/N) "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "tajne czê¶ci klucza s± niedostêpne\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "algorytm ochrony %d%s nie jest obs³ugiwany\n"
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "algorytm ochrony %d nie jest obs³ugiwany\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Niepoprawne has³o; proszê spróbowaæ ponownie"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "OSTRZE¯ENIE: Wykryto s³aby klucz - nale¿y ponownie zmieniæ has³o.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"tworzenie przestarza³ej 16-bitowej sumy kontrolnej dla ochrony klucza\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "wygenerowano s³aby klucz - operacja zostaje powtórzona\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"brak mo¿liwo¶ci generacji dobrego klucza dla szyfru symetrycznego;\n"
+"operacja by³a powtarzana %d razy!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr "DSA wymaga d³ugo¶ci skrótu bêd±cego wielokrotno¶ci± 8 bitów\n"
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr "Klucz DSA %s u¿ywa niebezpiecznego (%u-bitowego) skrótu\n"
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr "Klucz DSA %s wymaga %u-bitowego lub wiêkszego skrótu\n"
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "OSTRZE¯ENIE: konflikt skrótów podpisów w wiadomo¶ci\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "OSTRZE¯ENIE: podklucz podpisuj±cy %s nie jest skro¶nie podpisany\n"
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"OSTRZE¯ENIE: podklucz podpisuj±cy %s jest niepoprawnie skro¶nie podpisany\n"
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "klucz publiczny %s jest o %lu sekundê m³odszy od podpisu\n"
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "klucz publiczny %s jest o %lu sekund(y) m³odszy od podpisu\n"
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"klucz %s zosta³ stworzony %lu sekundê w przysz³o¶ci (zaburzenia\n"
+"czasoprzestrzeni lub ¼le ustawiony zegar systemowy)\n"
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"klucz %s zosta³ stworzony %lu sekund w przysz³o¶ci (zaburzenia\n"
+"czasoprzestrzeni lub ¼le ustawiony zegar systemowy)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "UWAGA: klucz podpisuj±cy %s przekroczy³ datê wa¿no¶ci %s\n"
+
+#: g10/sig-check.c:252
+#, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "UWAGA: klucz podpisuj±cy %s zosta³ uniewa¿niony\n"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"uznano za z³y podpis utworzony kluczem %s z powodu nieznanego bitu "
+"krytycznego\n"
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "klucz %s: brak podklucza dla podpisu uniewa¿nienia podklucza\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "klucz %s: brak podklucza dowi±zywanego podpisem\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"OSTRZE¯ENIE: nie mo¿na rozwin±æ %% w URL adnotacji (jest zbyt d³ugi).\n"
+" U¿yty zostanie nie rozwiniêty.\n"
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"OSTRZE¯ENIE: nie mo¿na rozwin±æ znaczników %% w URL regulaminu\n"
+" (jest zbyt d³ugi). U¿yty zostanie nie rozwiniêty.\n"
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"OSTRZE¯ENIE: nie mo¿na rozwin±æ znaczników %% w URL-u preferowanego\n"
+" serwera kluczy (jest zbyt d³ugi). U¿yty zostanie nie rozwiniêty.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "sprawdzenie z³o¿onego podpisu nie powiod³o siê: %s\n"
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "podpis %s/%s z³o¿ony przez: ,,%s''\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"kluczami PGP 2 w trybie --pgp2 mo¿na podpisywaæ tylko do oddzielonych "
+"podpisów\n"
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"OSTRZE¯ENIE: wymuszone u¿ycie skrótu %s (%d) k³óci siê z ustawieniami "
+"adresata\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "podpis:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "w trybie --pgp2 mo¿na podpisywaæ tylko za pomoc± kluczy z wersji 2.x\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "zostanie u¿yty szyfr %s\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"klucz nie jest oznaczony jako niepewny - nie mo¿na go u¿yæ z atrap±\n"
+"generatora liczb losowych!\n"
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "pominiêty ,,%s'': duplikat\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "pominiêty ,,%s'': %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "pominiêty: klucz prywatny jest ju¿ wpisany\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"klucz algorytmu Elgamala wygenerowany przez PGP nie zapewniaj±cy "
+"bezpiecznych podpisów!"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "wpis zaufania %lu, typ zapytania %d: zapis nie powiód³ siê: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Lista przypisanych warto¶ci zaufania, stworzona %s\n"
+"# (u¿yj \"gpg --import-ownertrust\" aby j± przywróciæ)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "b³±d w ,,%s'': %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "linia zbyt d³uga"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr "brak dwukropka"
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "niew³a¶ciwy odcisk"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "brak warto¶ci zaufania w³a¶ciciela"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "b³±d podczas szukania zapisu warto¶ci zaufania w ,,%s'': %s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "b³±d odczytu w ,,%s'': %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "baza zaufania: synchronizacja nie powiod³a siê %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "baza zaufania, wpis %lu: funkcja lseek() nie powiod³a siê: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "baza zaufania, wpis %lu: zapis nie powiód³ siê (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "zbyt du¿e zlecenie dla bazy zaufania\n"
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "nie mo¿na dostaæ siê do ,,%s'': %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: katalog nie istnieje!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "nie mo¿na utworzyæ blokady dla ,,%s''\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "nie mo¿na zablokowaæ ,,%s''\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: stworzenie zapisu o wersji nie powiod³o siê: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: stworzony niepoprawny plik bazy zaufania\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: baza zaufania utworzona\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "UWAGA: nie mo¿na zapisywaæ bazy zaufania\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: niepoprawny plik bazy zaufania\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: tworzenie tablicy skrótów nie powiod³o siê: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: b³±d przy uaktualnianiu numeru wersji: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: b³±d odczytu numeru wersji: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: b³±d zapisu numeru wersji: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "baza zaufania: funkcja lseek() zawiod³a: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "baza zaufania: funkcja read() (n=%d) zawiod³a: %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: to nie jest plik bazy zaufania\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: wpis wersji z numerem %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: niew³a¶ciwa wersja pliku %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: b³±d odczytu pustego wpisu: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: b³±d zapisu wpisu katalogowego: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: zerowanie rekordu nie powiod³o siê: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: dopisanie rekordu nie powiod³o siê: %s\n"
+
+#: g10/tdbio.c:1512
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "B³±d: uszkodzona baza zaufania.\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "nie mo¿na obs³u¿yæ linii tekstu d³u¿szej ni¿ %d znaków\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "linia d³u¿sza ni¿ %d znaków\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr ",,%s'' nie jest poprawnym d³ugim numerem klucza\n"
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "klucz %s: zaakceptowany jako klucz zaufany\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "klucz %s jest wpisany wiêcej ni¿ raz w bazie zaufania\n"
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "klucz %s: brak klucza publicznego dla zaufanego klucza - pominiêty\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "klucz %s zosta³ oznaczony jako obdarzony absolutnym zaufaniem.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "wpis zaufania %lu, typ zapytania %d: odczyt nie powiód³ siê: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "wpis zaufania %lu jest typu innego ni¿ poszukiwany %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr "Mo¿na próbowaæ odtworzyæ bazê zaufania przy u¿yciu poleceñ:\n"
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr "Je¶li to nie dzia³a, nale¿y poradziæ siê instrukcji\n"
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+"nie mo¿na u¿yæ nieznanego modelu zaufania (%d) - przyjêto model zaufania %s\n"
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr "u¿ycie modelu zaufania %s\n"
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr "17"
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr "[ uniewa¿niony ]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr "[przeterminowany]"
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr "[ nieznane ]"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr "[ nieokre¶lone ]"
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr "[ marginalne ]"
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr "[ pe³ne ]"
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr "[ absolutne ]"
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr "nieokre¶lone"
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr "nigdy"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr "marginalne"
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr "pe³ne"
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr "absolutne"
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "sprawdzanie bazy jest niepotrzebne\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "nastêpne sprawdzanie bazy odbêdzie siê %s\n"
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "sprawdzanie bazy jest niepotrzebne przy modelu zaufania ,,%s''\n"
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "aktualizacja bazy jest niepotrzebna przy modelu zaufania ,,%s''\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "klucz publiczny %s nie odnaleziony: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "nale¿y uruchomiæ gpg z opcj± ,,--check-trustdb''\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "sprawdzanie bazy zaufania\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "przetworzono %d kluczy (rozwi±zano %d przeliczeñ zaufania)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "brak absolutnie zaufanych kluczy\n"
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "klucz publiczny absolutnie zaufanego klucza %s nie odnaleziony\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr "potrzeba %d marginalnych, %d pe³nych, model zaufania %s\n"
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+"poziom: %d poprawnych: %3d podpisanych: %3d zaufanie: %d-,%dq,%dn,%dm,%df,%"
+"du\n"
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr ""
+"nie mo¿na uaktualniæ rekordu wersji bazy zaufania: zapis nie powiód³ siê: %"
+"s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"nie mo¿na sprawdziæ podpisu.\n"
+"Nale¿y pamiêtaæ o podawaniu pliku podpisu (.sig lub .asc) jako pierwszego\n"
+"argumentu linii poleceñ.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "linia wej¶cia %u zbyt d³uga lub brak znaku LF\n"
+
+#: g10/verify.c:253
+#, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "nie mo¿na otworzyæ fd %d: %s\n"
+
+#: jnlib/argparse.c:180
+msgid "argument not expected"
+msgstr "nieoczekiwany argument"
+
+#: jnlib/argparse.c:182
+msgid "read error"
+msgstr "b³±d odczytu"
+
+#: jnlib/argparse.c:184
+msgid "keyword too long"
+msgstr "s³owo kluczowe zbyt d³ugie"
+
+#: jnlib/argparse.c:186
+msgid "missing argument"
+msgstr "brak argumentu"
+
+#: jnlib/argparse.c:188
+msgid "invalid command"
+msgstr "b³êdne polecenie"
+
+#: jnlib/argparse.c:190
+msgid "invalid alias definition"
+msgstr "b³êdna definicja aliasu"
+
+#: jnlib/argparse.c:192
+msgid "out of core"
+msgstr "brak pamiêci"
+
+#: jnlib/argparse.c:194
+msgid "invalid option"
+msgstr "b³êdna opcja"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr "brak argumentu dla opcji ,,%.50s''\n"
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr "opcja ,,%.50s'' nie mo¿e mieæ argumentów\n"
+
+#: jnlib/argparse.c:207
+#, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "b³êdne polecenie ,,%.50s''\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr "opcja ,,%.50s'' jest niejednoznaczna\n"
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr "polecenie ,,%.50s'' jest niejednoznaczne\n"
+
+#: jnlib/argparse.c:213
+msgid "out of core\n"
+msgstr "brak pamiêci\n"
+
+#: jnlib/argparse.c:215
+#, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "b³êdna opcja ,,%.50s''\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "znalaz³e¶(a¶) b³±d w programie ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, c-format
+msgid "error loading `%s': %s\n"
+msgstr "b³±d odczytu ,,%s'': %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr "konwersja z ,,%s'' do ,,%s'' niedostêpna\n"
+
+#: jnlib/utf8conv.c:131
+#, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "iconv_open nie powiod³o siê: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "konwersja z ,,%s'' do ,,%s'' nie powiod³a siê: %s\n"
+
+#: jnlib/dotlock.c:234
+#, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "nie uda³o siê utworzyæ pliku tymczasowego ,,%s'': %s\n"
+
+#: jnlib/dotlock.c:269
+#, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "b³±d zapisu do ,,%s'': %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr "usuwanie nieaktualnego pliku blokady (utworzonego przez %d)\n"
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr " - prawdopodobnie martwy - usuwanie blokady"
+
+#: jnlib/dotlock.c:469
+#, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "oczekiwanie na blokadê (trzyman± przez %d%s) %s...\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr "(zakleszczenie?) "
+
+#: jnlib/dotlock.c:493
+#, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "blokada ,,%s'' nie za³o¿ona: %s\n"
+
+#: jnlib/dotlock.c:501
+#, c-format
+msgid "waiting for lock %s...\n"
+msgstr "oczekiwanie na blokadê %s...\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr "ustawienie flag diagnostycznych"
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr "w³±czenie pe³nej diagnostyki"
+
+#: kbx/kbxutil.c:117
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Wywo³anie: kbxutil [opcje] [pliki] (-h podaje pomoc)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+"Sk³adnia: kbxutil [opcje] [pliki]\n"
+"wypisywanie, eksport, import danych Keybox\n"
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "reszta RSA brakuj±ca lub o rozmiarze innym ni¿ %d bity\n"
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "publiczny wyk³adnik RSA brakuj±cy lub wiêkszy ni¿ %d bity\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "Zapytanie zwrotne o PIN zwróci³o b³±d: %s\n"
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr "NullPIN nie zosta³ jeszcze zmieniony\n"
+
+#: scd/app-nks.c:1092
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "|N|Proszê wprowadziæ nowy PIN dla zwyk³ych kluczy."
+
+#: scd/app-nks.c:1093
+msgid "||Please enter the PIN for the standard keys."
+msgstr "||Proszê wprowadziæ PIN dla zwyk³ych kluczy."
+
+#: scd/app-nks.c:1099
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr ""
+"|NP|Proszê wprowadziæ nowy kod oblokowuj±cy PIN (PUK) dla zwyk³ych kluczy."
+
+#: scd/app-nks.c:1101
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "|P|Proszê wprowadziæ kod odblokowuj±cy PIN (PUK) dla zwyk³ych kluczy."
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+"|N|Proszê wprowadziæ nowy PIN dla klucza do tworzenia podpisów "
+"kwalifikowanych."
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+"||Proszê wprowadziæ PIN PIN dla klucza do tworzenia podpisów kwalifikowanych."
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|NP|Proszê wprowadziæ nowy kod odblokowuj±cy PIN (PUK) dla klucza do "
+"tworzenia podpisów kwalifikowanych."
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|P|Proszê wprowadziæ kod odblokowuj±cy PIN (PUK) dla klucza do tworzenia "
+"podpisów kwalifikowanych."
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "b³±d podczas odczytu nowego PIN-u: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "nie powiód³ siê zapis odcisku: %s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "nie powiód³ siê zapis daty utworzenia: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "odczyt klucza publicznego nie powiód³ siê: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "odpowied¼ nie zawiera danych klucza publicznego\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "odpowied¼ nie zawiera wspó³czynnika RSA\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "odpowied¼ nie zawiera publicznego wyk³adnika RSA\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr "u¿ycie domy¶lnego PIN-u jako %s\n"
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+"nie uda³o siê u¿yæ domy¶lnego PIN-u jako %s: %s - wy³±czenie dalszego "
+"domy¶lnego u¿ycia\n"
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||Proszê wpisaæ PIN%%0A[podpisów wykonanych: %lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+msgid "||Please enter the PIN"
+msgstr "||Proszê wpisaæ PIN"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "PIN dla CHV%d jest zbyt krótki; minimalna d³ugo¶æ to %d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "weryfikacja CHV%d nie powiod³a siê: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "b³±d podczas odczytu stanu CHV z karty\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "karta zosta³a trwale zablokowana!\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+"Zosta³o %d prób PIN-u administracyjnego do trwa³ego zablokowania karty\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "|A|Proszê wprowadziæ PIN administracyjny%%0A[pozosta³o prób: %d]"
+
+#: scd/app-openpgp.c:1680
+msgid "|A|Please enter the Admin PIN"
+msgstr "|A|Proszê wprowadziæ PIN administracyjny"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "dostêp do poleceñ administratora nie zosta³ skonfigurowany\n"
+
+#: scd/app-openpgp.c:2035
+msgid "||Please enter the Reset Code for the card"
+msgstr "||Proszê wprowadziæ kod resetuj±cy dla karty"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "Kod resetuj±cy zbyt krótki; minimalna d³ugo¶æ to %d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr "|RN|Nowy kod resetuj±cy"
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr "|AN|Nowy PIN administracyjny"
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr "|N|Nowy PIN"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "b³±d podczas odczytu danych aplikacji\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "b³±d podczas odczytu odcisku DO\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "klucz ju¿ istnieje\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "istniej±cy klucz zostanie zast±piony\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "generowanie nowego klucza\n"
+
+#: scd/app-openpgp.c:2202
+msgid "writing new key\n"
+msgstr "zapisywanie nowego klucza\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr "brak datownika utworzenia\n"
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr "liczba pierwsza %s RSA brakuj±ca lub o rozmiarze innym ni¿ %d bitów\n"
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "nie powiód³ siê zapis klucza: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "proszê czekaæ na wygenerowanie klucza...\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "generowanie klucza nie powiod³o siê\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "generowanie klucza zakoñczone (%d sekund)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "niepoprawna struktura karty OpenPGP (DO 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr "odcisk na karcie nie zgadza siê z ¿±danym\n"
+
+#: scd/app-openpgp.c:3099
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "karta nie obs³uguje algorytmu skrótu %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "dotychczas stworzono podpisów: %lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+"weryfikacja PIN-u administracyjnego tym poleceniem jest aktualnie "
+"zabroniona\n"
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "nie mo¿na dostaæ siê do %s - niepoprawna karta OpenPGP?\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr "||Proszê wprowadziæ PIN na klawiaturze czytnika"
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr "|N|Pocz±tkowy nowy PIN"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr "uruchomienie w trybie serwera (pierwszoplanowo)"
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr "|POZIOM|ustawienie POZIOMU diagnostyki"
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+msgid "|FILE|write a log to FILE"
+msgstr "|PLIK|zapisanie logów do PLIKu"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr "|N|po³±czenie z czytnikiem na porcie N"
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NAZWA|u¿ycie NAZWY jako sterownika ct-API"
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NAZWA|u¿ycie NAZWY jako sterownika PC/SC"
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr "nie u¿ywanie wewnêtrznego sterownika CCID"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr "|N|od³±czenie karty po N sekundach nieaktywno¶ci"
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr "nie u¿ywanie klawiatury czytnika"
+
+#: scd/scdaemon.c:144
+msgid "deny the use of admin card commands"
+msgstr "zabronienie u¿ywania poleceñ karty administratora"
+
+#: scd/scdaemon.c:259
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Wywo³anie: scdaemon [opcje] (-h podaje pomoc)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+"Sk³adnia: scdaemon [opcje] [polecenie [argumenty]]\n"
+"Demon kart procesorowych dla GnuPG\n"
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr "proszê u¿yæ opcji ,,--daemon'' do uruchomienia programu w tle\n"
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr "obs³uga fd %d uruchomiona\n"
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr "obs³uga fd %d zakoñczona\n"
+
+#: sm/base64.c:325
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "niew³a¶ciwy znak formatu radix64 %02x zosta³ pominiêty\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "nie uda³o siê przekazaæ zapytania %s do klienta\n"
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr "dirmngr nie dzia³a - uruchamianie ,,%s''\n"
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "z³y format zmiennej ¶rodowiskowej DIRMNGR_INFO\n"
+
+#: sm/call-dirmngr.c:297
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "wersja %d protoko³u dirmngr nie jest obs³ugiwana\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr "nie mo¿na po³±czyæ siê z dirmngr - próba fallbacku\n"
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr "model poprawno¶ci ¿±dany przez certyfikat: %s"
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr "³añcuchowy"
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+msgid "shell"
+msgstr "pow³okowy"
+
+#: sm/certchain.c:258
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "krytyczne rozszerzenie certyfikatu %s nie jest obs³ugiwane"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr "wystawca certyfikatu nie jest oznaczony jako CA"
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr "polityka oznaczona jako krytyczna bez skonfigurowanych polityk"
+
+#: sm/certchain.c:345
+#, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "nie uda³o siê otworzyæ ,,%s'': %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr "uwaga: niekrytyczna polityka certyfikatu niedozwolona"
+
+#: sm/certchain.c:357 sm/certchain.c:386
+msgid "certificate policy not allowed"
+msgstr "polityka certyfikatu niedozwolona"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr "poszukiwanie wystawcy na zewn±trz\n"
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr "liczba pasuj±cych wystawców: %d\n"
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr "poszukiwanie wystawcy w pamiêci podrêcznej Dirmngr\n"
+
+#: sm/certchain.c:585
+#, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "liczba pasuj±cych certyfikatów: %d\n"
+
+#: sm/certchain.c:587
+#, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr ""
+"wyszukiwanie klucza tylko w pamiêci podrêcznej dirmngr nie powiod³o siê: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+msgid "failed to allocated keyDB handle\n"
+msgstr "nie uda³o siê przydzieliæ uchwytu keyDB\n"
+
+#: sm/certchain.c:925
+msgid "certificate has been revoked"
+msgstr "certyfikat zosta³ uniewa¿niony"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr "status certyfikatu jest nieznany"
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr "proszê upewniæ siê, ¿e ,,dirmngr'' jest poprawnie zainstalowany\n"
+
+#: sm/certchain.c:953
+#, c-format
+msgid "checking the CRL failed: %s"
+msgstr "sprawdzenie CRL nie powiod³o siê: %s"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "certyfikat o niewa¿nej wa¿no¶ci: %s"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr "certyfikat jeszcze nie jest wa¿ny"
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+msgid "root certificate not yet valid"
+msgstr "certyfikat g³ówny jeszcze nie jest wa¿ny"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr "certyfikat po¶redni jeszcze nie jest wa¿ny"
+
+#: sm/certchain.c:1012
+msgid "certificate has expired"
+msgstr "certyfikat wygas³"
+
+#: sm/certchain.c:1013
+msgid "root certificate has expired"
+msgstr "certyfikat g³ówny wygas³"
+
+#: sm/certchain.c:1014
+msgid "intermediate certificate has expired"
+msgstr "certyfikat po¶redni wygas³"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr "brak wymaganych atrybutów certyfikatu: %s%s%s"
+
+#: sm/certchain.c:1065
+msgid "certificate with invalid validity"
+msgstr "certyfikat o niewa¿nej wa¿no¶ci"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr "podpis nie utworzony w czasie ¿ycia certyfikatu"
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr "certyfikat nie utworzony w czasie ¿ycia wystawcy"
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr "po¶redni certyfikat nie utworzony w czasie ¿ycia wystawcy"
+
+#: sm/certchain.c:1109
+msgid " ( signature created at "
+msgstr " ( podpis utworzony "
+
+#: sm/certchain.c:1110
+msgid " (certificate created at "
+msgstr " (certyfikat utworzony "
+
+#: sm/certchain.c:1113
+msgid " (certificate valid from "
+msgstr " (certyfikat wa¿ny od "
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr " ( wystawca wa¿ny od "
+
+#: sm/certchain.c:1144
+#, c-format
+msgid "fingerprint=%s\n"
+msgstr "odcisk=%s\n"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr "g³ówny certyfikat nie zosta³ oznaczony jako zaufany\n"
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr "interaktywne oznaczanie zaufania nie w³±czone w gpg-agencie\n"
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr "interaktywne oznaczanie zaufania wy³±czone dla tej sesji\n"
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr "UWAGA: czas utworzenia podpisu nie jest znany - przyjêto czas bie¿±cy"
+
+#: sm/certchain.c:1293
+msgid "no issuer found in certificate"
+msgstr "nie znaleziono wystawcy w certyfikacie"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr "w³asnorêcznie podpisany certyfikat ma Z£Y podpis"
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr "g³ówny certyfikat nie jest oznaczony jako zaufany"
+
+#: sm/certchain.c:1448
+#, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "sprawdzenie listy zaufania nie powiod³o siê: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr "³añcuch certyfikatów zbyt d³ugi\n"
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr "nie znaleziono wystawcy certyfikatu"
+
+#: sm/certchain.c:1522
+msgid "certificate has a BAD signature"
+msgstr "certyfikat ma Z£Y podpis"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr "znaleziono inny byæ mo¿e pasuj±cy certyfikat CA - ponawianie próby"
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr "³añcuch certyfikatów d³u¿szy ni¿ zezwala CA (%d)"
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+msgid "certificate is good\n"
+msgstr "certyfikat jest dobry\n"
+
+#: sm/certchain.c:1645
+msgid "intermediate certificate is good\n"
+msgstr "certyfikat po¶redni jest dobry\n"
+
+#: sm/certchain.c:1646
+msgid "root certificate is good\n"
+msgstr "certyfikat g³ówny jest dobry\n"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr "prze³±czanie do modelu ³añcuchowego"
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr "u¿yty model poprawno¶ci: %s"
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr "Klucz %s u¿ywa niebezpiecznego (%u-bitowego) skrótu\n"
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr "skrót %u-bitowy nie jest poprawny dla %u-bitowego klucza %s\n"
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr "(to jest algorytm MD2)\n"
+
+#: sm/certdump.c:60 sm/certdump.c:143
+msgid "none"
+msgstr "brak"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+msgid "[Error - invalid encoding]"
+msgstr "[B³±d - niew³a¶ciwe kodowanie]"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr "[B³±d - brak pamiêci]"
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr "[B³±d - Brak nazwy]"
+
+#: sm/certdump.c:679 sm/certdump.c:738
+msgid "[Error - invalid DN]"
+msgstr "[B³±d - niew³a¶ciwe DN]"
+
+#: sm/certdump.c:948
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Proszê wprowadziæ has³o aby odbezpieczyæ klucz tajny certyfikatu X.509:\n"
+",,%s''\n"
+"S/N %s, ID 0x%08lX,\n"
+"stworzony %s, wygasa %s.\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+"nie okre¶lono sposobu wykorzystania klucza - przyjêto wszystkie sposoby\n"
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "b³±d podczas pobierania informacji o wykorzystaniu klucza: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr "certyfikat nie powinien byæ u¿ywany do po¶wiadczania\n"
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr "certyfikat nie powinien byæ u¿ywany do podpisywania odpowiedzi OCSP\n"
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr "certyfikat nie powinien byæ u¿ywany do szyfrowania\n"
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr "certyfikat nie powinien byæ u¿ywany do podpisywania\n"
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr "certyfikat nie nadaje siê do szyfrowania\n"
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr "certyfikat nie nadaje siê do podpisywania\n"
+
+#: sm/certreqgen.c:474
+#, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "linia %d: niew³a¶ciwy algorytm\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr "linia %d: niew³a¶ciwa d³ugo¶æ klucza %u (poprawne s± od %d do %d)\n"
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr "linia %d: nie podano nazwy przedmiotu\n"
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr "linia %d: niew³a¶ciwa etykieta nazwy przedmiotu ,,%.*s''\n"
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr "linia %d: niew³a¶ciwa nazwa przedmiotu ,,%s'' na pozycji %d\n"
+
+#: sm/certreqgen.c:534
+#, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "linia %d: niepoprawny adres e-mail\n"
+
+#: sm/certreqgen.c:546
+#, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "linia %d: b³±d odczytu klucza ,,%s'' z karty: %s\n"
+
+#: sm/certreqgen.c:558
+#, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "linia %d: b³±d pobierania klucza z uchwytu ,,%s'': %s\n"
+
+#: sm/certreqgen.c:574
+#, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "linia %d: generowanie klucza nie powiod³o siê: %s <%s>\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+"Aby zakoñczyæ to ¿±danie certyfikatu proszê wprowadziæ jeszcze raz has³o dla "
+"utworzonego klucza.\n"
+
+#: sm/certreqgen-ui.c:158
+#, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA\n"
+
+#: sm/certreqgen-ui.c:159
+#, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) Istniej±cy klucz\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr " (%d) Istniej±cy klucz z karty\n"
+
+#: sm/certreqgen-ui.c:202
+msgid "Enter the keygrip: "
+msgstr "Uchwyt klucza: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr "Nieprawid³owy uchwyt klucza (oczekiwano 40 cyfr szesnastkowych)\n"
+
+#: sm/certreqgen-ui.c:212
+msgid "No key with this keygrip\n"
+msgstr "Brak klucza o tym uchwycie\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, c-format
+msgid "error reading the card: %s\n"
+msgstr "b³±d odczytu karty: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "Numer seryjny karty: %s\n"
+
+#: sm/certreqgen-ui.c:245
+msgid "Available keys:\n"
+msgstr "Dostêpne klucze:\n"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "Mo¿liwe akcje dla klucza %s:\n"
+
+#: sm/certreqgen-ui.c:277
+#, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) podpisywanie, szyfrowanie\n"
+
+#: sm/certreqgen-ui.c:278
+#, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) podpisywanie\n"
+
+#: sm/certreqgen-ui.c:279
+#, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) szyfrowanie\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr "Nazwa przedmiotu X.509: "
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr "Nie podano nazwy przedmiotu\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr "Nieprawid³owa etykieta nazwy przedmiotu ,,%.*s''\n"
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "Nieprawid³owa nazwa przedmiotu ,,%s''\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr "33"
+
+#: sm/certreqgen-ui.c:334
+msgid "Enter email addresses"
+msgstr "Adresy poczty elektronicznej"
+
+#: sm/certreqgen-ui.c:335
+msgid " (end with an empty line):\n"
+msgstr " (pusta linia oznacza koniec):\n"
+
+#: sm/certreqgen-ui.c:339
+msgid "Enter DNS names"
+msgstr "Nazwy DNS"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+msgid " (optional; end with an empty line):\n"
+msgstr " (opcjonalne; pusta linia oznacza koniec):\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr "URI"
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr "Parametry, które bêd± u¿yte przy ¿±daniu certyfikatu:\n"
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr "Tworzenie ¿±dania certyfikatu. Mo¿e to chwilê potrwaæ...\n"
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+"Gotowe. Teraz nale¿y wys³aæ to ¿±danie do w³asnego centrum certyfikacji.\n"
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr "problem z zasobami: brak pamiêci\n"
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr "(to jest algorytm RC2)\n"
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr "(to nie wygl±da na zaszyfrowan± wiadomo¶æ)\n"
+
+#: sm/delete.c:51 sm/delete.c:112
+#, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "nie znaleziono certyfikatu ,,%s'': %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, c-format
+msgid "error locking keybox: %s\n"
+msgstr "b³±d blokowania keyboksa: %s\n"
+
+#: sm/delete.c:143
+#, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "powtórzony certyfikat ,,%s'' usuniêty\n"
+
+#: sm/delete.c:145
+#, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "certyfikat ,,%s'' usuniêty\n"
+
+#: sm/delete.c:175
+#, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "usuniêcie certyfikatu ,,%s'' nie powiod³o siê: %s\n"
+
+#: sm/encrypt.c:321
+msgid "no valid recipients given\n"
+msgstr "nie podano poprawnych adresatów\n"
+
+#: sm/gpgsm.c:197
+msgid "list external keys"
+msgstr "wypisanie kluczy zewnêtrznych"
+
+#: sm/gpgsm.c:199
+msgid "list certificate chain"
+msgstr "wypisanie ³añcucha certyfikatów"
+
+#: sm/gpgsm.c:206
+msgid "import certificates"
+msgstr "import certyfikatów"
+
+#: sm/gpgsm.c:207
+msgid "export certificates"
+msgstr "eksport certyfikatów"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr "zarejestrowanie karty procesorowej"
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr "przekazanie polecenia do dirmngr"
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr "wywo³anie gpg-protect-tool"
+
+#: sm/gpgsm.c:230
+msgid "create base-64 encoded output"
+msgstr "tworzenie wyj¶cia zakodowanego base-64"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr "przyjêcie wej¶cia w formacie PEM"
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr "przyjêcie wej¶cia w formacie base-64"
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr "przyjêcie wej¶cia w formacie binarnym"
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr "u¿ycie systemowego dirmngr je¶li jest dostêpny"
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr "pominiêcie CRL"
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr "sprawdzenie poprawno¶ci przy u¿yciu OCSP"
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr "|N|liczba certyfikatów do do³±czenia"
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr "|PLIK|pobranie informacji o polityce z PLIKU"
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr "nie sprawdzanie polityk certyfikatów"
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr "pobranie brakuj±cych certyfikatów wystawców"
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "nie u¿ywanie w ogóle terminala"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr "|PLIK|zapisanie logów trybu serwerowego do PLIKU"
+
+#: sm/gpgsm.c:290
+msgid "|FILE|write an audit log to FILE"
+msgstr "|PLIK|zapisanie logów audytowych do PLIKU"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "tryb wsadowy: bez ¿adnych pytañ"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "przyjêcie odpowiedzi ,,tak'' na wiêkszo¶æ pytañ"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "przyjêcie odpowiedzi ,,nie'' na wiêkszo¶æ pytañ"
+
+#: sm/gpgsm.c:298
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "|PLIK|dodanie tego zbioru kluczy do listy zbiorów kluczy"
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|U¯YTKOWNIK|u¿ycie tego identyfikatora jako domy¶lnego klucza tajnego"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|u¿ycie tego serwera do wyszukiwania kluczy"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NAZWA|u¿ycie tego algorytmu szyfrowania NAZWA"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NAZWA|u¿ycie tego algorytmu skrótu wiadomo¶ci"
+
+#: sm/gpgsm.c:522
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Wywo³anie: gpgsm [opcje] [pliki] (-h podaje pomoc)"
+
+#: sm/gpgsm.c:525
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sk³adnia: gpgsm [opcje] [pliki]\n"
+"podpisywanie, sprawdzanie podpisów, szyfrowanie, deszyfrowanie z u¿yciem S/"
+"MIME\n"
+"domy¶lnie wykonywana operacja zale¿y od danych wej¶ciowych\n"
+
+#: sm/gpgsm.c:617
+msgid "usage: gpgsm [options] "
+msgstr "wywo³anie: gpgsm [opcje]"
+
+#: sm/gpgsm.c:739
+#, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "UWAGA: nie mo¿na zaszyfrowaæ do ,,%s'': %s\n"
+
+#: sm/gpgsm.c:750
+#, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "nieznany model poprawno¶ci ,,%s''\n"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: nie podano nazwy hosta\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: podano has³o bez u¿ytkownika\n"
+
+#: sm/gpgsm.c:841
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: linia pominiêta\n"
+
+#: sm/gpgsm.c:1376
+msgid "could not parse keyserver\n"
+msgstr "niezrozumia³y adres serwera kluczy\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr "OSTRZE¯ENIE: dzia³anie z fa³szywym czasem systemowym: "
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "import wspólnych certyfikatów ,,%s''\n"
+
+#: sm/gpgsm.c:1597
+#, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "nie mo¿na podpisaæ z u¿yciem ,,%s'': %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr "b³êdne polecenie (nie ma polecenia domy¶lnego)\n"
+
+#: sm/import.c:111
+#, c-format
+msgid "total number processed: %lu\n"
+msgstr "ca³kowita liczba przetworzonych: %lu\n"
+
+#: sm/import.c:230
+msgid "error storing certificate\n"
+msgstr "b³±d zapisywania certyfikatu\n"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+"podstawowe sprawdzenia certyikatu nie powiod³y siê - nie zaimportowany\n"
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+msgid "failed to allocate keyDB handle\n"
+msgstr "nie uda³o siê przydzieliæ uchwytu keyDB\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "b³±d pobierania zapisanych flag: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, c-format
+msgid "error importing certificate: %s\n"
+msgstr "b³±d importu certyfikatu: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, c-format
+msgid "error reading input: %s\n"
+msgstr "b³±d odczytu wej¶cia: %s\n"
+
+#: sm/keydb.c:187
+#, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "b³±d tworzenia keyboksa ,,%s'': %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr "mo¿na najpierw uruchomiæ najpierw gpg-agenta\n"
+
+#: sm/keydb.c:195
+#, c-format
+msgid "keybox `%s' created\n"
+msgstr "keybox ,,%s'' utworzony\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+msgid "failed to get the fingerprint\n"
+msgstr "nie uda³o siê pobraæ odcisku\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr "problem odszukaniem istniej±cego certyfikatu: %s\n"
+
+#: sm/keydb.c:1348
+#, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "b³±d podczas szukania zapisywalnego keyDB: %s\n"
+
+#: sm/keydb.c:1356
+#, c-format
+msgid "error storing certificate: %s\n"
+msgstr "b³±d zapisywania certyfikatu: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "problem z ponownym odszukaniem certyfikatu: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, c-format
+msgid "error storing flags: %s\n"
+msgstr "b³±d zapisywania flag: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr "B³±d - "
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+"GPG_TTY nie zosta³o ustawione - u¿ycie byæ mo¿e nieprawid³owego domy¶lnego\n"
+
+#: sm/qualified.c:105
+#, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "niew³a¶ciwie sformatowany odcisk w ,,%s'', w linii %d\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr "niew³a¶ciwy kod kraju w ,,%s'', w linii %d\n"
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+"Ta operacja z³o¿y podpis przy u¿yciu certyfikatu:\n"
+",,%s''\n"
+"Utworzy to kwalifikowany podpis równowa¿ny prawnie podpisowi odrêcznemu.\n"
+"\n"
+"%s%sNa pewno chcesz to zrobiæ?"
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+"Nale¿y zauwa¿yæ, ¿e to oprogramowaie nie jest oficjalnie zatwierdzone do "
+"tworzenia i sprawdzania takich podpisów.\n"
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+"Ta operacja z³o¿y podpis przy u¿yciu certyfikatu:\n"
+",,%s''\n"
+"Nale¿y zauwa¿yæ, ¿e ten certyfikat NIE utworzy kwalifikowanego podpisu!"
+
+#: sm/sign.c:449
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr ""
+"algorytm skrótu %d (%s) dla podpisuj±cego %d nie jest obs³ugiwany; u¿ycie %"
+"s\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr "algorytm skrótu u¿yty dla podpisuj±cego %d: %s (%s)\n"
+
+#: sm/sign.c:513
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "sprawdzenie certyfikatu kwalifikowanego nie powiod³o siê: %s\n"
+
+#: sm/verify.c:449
+msgid "Signature made "
+msgstr "Podpisano w "
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr "[nie podano daty]"
+
+#: sm/verify.c:454
+#, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr " przy u¿yciu certyfikatu o ID 0x%08lX\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr "b³êdny podpis: atrybut skrótu wiadomo¶ci nie zgadza siê z obliczonym\n"
+
+#: sm/verify.c:594
+msgid "Good signature from"
+msgstr "Poprawny podpis z³o¿ony przez"
+
+#: sm/verify.c:595
+msgid " aka"
+msgstr " alias"
+
+#: sm/verify.c:613
+msgid "This is a qualified signature\n"
+msgstr "To jest podpis kwalifikowany\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+msgid "quiet"
+msgstr "cicho"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr "wypisanie danych zakodowanych szesnastkowo"
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr "dekodowanie otrzymanych linii danych"
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr "|NAZWA|po³±czenie z gniazdem Assuan o tej nazwie"
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr "uruchomienie serwera Assuan podanego z linii poleceñ"
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr "nie u¿ywanie rozszerzonego trybu po³±czenia"
+
+#: tools/gpg-connect-agent.c:80
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|PLIK|uruchomienie poleceñ z PLIKU przy starcie"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr "uruchomienie /subst przy starcie"
+
+#: tools/gpg-connect-agent.c:184
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Wywo³anie: gpg-connect-agent [opcje] (-h podaje pomoc)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+"Sk³adnia: gpg-connect-agent [opcje]\n"
+"Po³±czenie z dzia³aj±cym agentem i wysy³anie poleceñ\n"
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr "opcja ,,%s'' wymaga programu i opcjonalnych argumentów\n"
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr "opcja ,,%s'' zignorowana z powodu ,,%s''\n"
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, c-format
+msgid "receiving line failed: %s\n"
+msgstr "odbieranie linii nie powiod³o siê: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+msgid "line too long - skipped\n"
+msgstr "linia zbyt d³uga - pominiêta\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr "linia skrócona z powodu osadzonego znaku Nul\n"
+
+#: tools/gpg-connect-agent.c:1743
+#, c-format
+msgid "unknown command `%s'\n"
+msgstr "nieznane polecenie ,,%s''\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, c-format
+msgid "sending line failed: %s\n"
+msgstr "wysy³anie linii nie powiod³o siê: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, c-format
+msgid "error sending %s command: %s\n"
+msgstr "b³±d wysy³ania polecenia %s: %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, c-format
+msgid "error sending standard options: %s\n"
+msgstr "b³±d wysy³ania standardowych opcji: %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr "Opcje steruj±ce wyj¶ciem diagnostycznym"
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr "Opcje steruj±ce konfiguracj±"
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr "Opcje przydatne do diagnostyki"
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr "|PLIK|zapisanie logów trybu serwerowego do PLIKu"
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr "Opcje steruj±ce bezpieczeñstwem"
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr "|N|przedawnienie kluczy SSH po N sekundach"
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+"|N|ustawienie maksymalnego czasu ¿ycia pamiêci podrêcznej PIN-ów na N sekund"
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr "|N|ustawienie maksymalnego czasu ¿ycia kluczy SSH na N sekund"
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr "Opcje wymuszaj±ce politykê hase³"
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr "nie zezwalanie na pominiêcie polityki hase³"
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr "|N|ustawienie minimalnej d³ugo¶ci nowych hase³ na N"
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr "|N|wymaganie przynajmniej N znaków niealfanumerycznych w nowym ha¶le"
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr "|PLIK|sprawdzanie nowych hase³ pod k±tem wzorców z PLIKU"
+
+#: tools/gpgconf-comp.c:557
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|przedawnianie hase³ po N dniach"
+
+#: tools/gpgconf-comp.c:561
+msgid "do not allow the reuse of old passphrases"
+msgstr "nie zezwalanie na ponowne u¿ycie starych hase³"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NAZWA|u¿ycie NAZWY jako domy¶lnego klucza tajnego"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NAZWA|szyfrowanie tak¿e dla odbiorcy NAZWA"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr "|SPEC|okre¶l adres email"
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr "Konfiguracja dla serwerów kluczy"
+
+#: tools/gpgconf-comp.c:688
+msgid "|URL|use keyserver at URL"
+msgstr "|URL|u¿ywaj serwera kluczy URL"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr "zezwolenie na wyszukiwania PKA (¿±dania DNS)"
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+"|MECHANIZMY|wykorzystaj MECHANIZMY do wyszukiwania kluczy na podstawie "
+"adresów e-mail"
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr "zablokuj dostêp do dirmngr"
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NAZWA|u¿ycie kodowania NAZWA dla hase³ PKCS#12"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr "nie sprawdzanie CRL dla g³ównych certyfikatów"
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr "Opcje steruj±ce formatem wyj¶cia"
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr "Opcje steruj±ce interaktywno¶ci± i wymuszaniem"
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr "Konfiguracja dla serwerów HTTP"
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr "u¿ycie systemowego ustawienia proxy HTTP"
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr "Konfiguracja u¿ywanych serwerów LDAP"
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr "lista serwerów LDAP"
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr "Konfiguracja dla OCSP"
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr "Zewnêtrzna weryfikacja komponentu %s nie powiod³a siê"
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr "Uwaga, okre¶lenia grup s± ignorowane\n"
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr "lista wszystkich komponentów"
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr "sprawdzenie wszystkich programów"
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr "|KOMPONENT|wypisanie opcji"
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr "|KOMPONENT|zmiana opcji"
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr "|KOMPONENT|zaznaczenie opcji"
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr "zastosowanie globalnych warto¶ci domy¶lnych"
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr "katalogi konfiguracyjne programu gpgconf"
+
+#: tools/gpgconf.c:72
+msgid "list global configuration file"
+msgstr "wy¶wietl globalny plik konfiguracyjny"
+
+#: tools/gpgconf.c:74
+msgid "check global configuration file"
+msgstr "sprawdzenie globalnego pliku konfiguracyjnego"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "plik wyj¶ciowy"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr "uaktywnienie zmian w czasie dzia³ania o ile to mo¿liwe"
+
+#: tools/gpgconf.c:105
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Wywo³anie: gpgconf [opcje] (-h podaje pomoc)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+"Sk³adnia: gpgconf [opcje]\n"
+"Zarz±dzanie opcjami konfiguracji dla narzêdzi z systemu GnuPG\n"
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+msgid "usage: gpgconf [options] "
+msgstr "wywo³anie: gpgconf [opcje]"
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr "Wymagany jest jeden argument komponentu"
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+msgid "Component not found"
+msgstr "Nie znaleziono komponentu"
+
+#: tools/gpgconf.c:284
+msgid "No argument allowed"
+msgstr "Argument nie jest dozwolony"
+
+#: tools/symcryptrun.c:154
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@\n"
+"Polecenia:\n"
+" "
+
+#: tools/symcryptrun.c:156
+msgid "decryption modus"
+msgstr "tryb deszyfrowania"
+
+#: tools/symcryptrun.c:157
+msgid "encryption modus"
+msgstr "tryb szyfrowania"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr "klasa narzêdzia (confucius)"
+
+#: tools/symcryptrun.c:162
+msgid "program filename"
+msgstr "nazwa programu"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr "plik klucza tajnego (wymagany)"
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr "nazwa pliku wej¶ciowego (domy¶lnie standardowe wej¶cie)"
+
+#: tools/symcryptrun.c:209
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Wywo³anie: symcryptrun [opcje] (-h podaje pomoc)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+"Sk³adnia: symcryptrun --class KLASA --program PROGRAM --keyfile PLIK_KLUCZA "
+"[opcje...] POLECENIE [plik-we¶ciowy]\n"
+"Wywo³anie prostego narzêdzia do szyfrowania symetrycznego\n"
+
+#: tools/symcryptrun.c:281
+#, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s na %s przerwany ze stanem %i\n"
+
+#: tools/symcryptrun.c:288
+#, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "%s na %s nie powiód³ siê ze stanem %i\n"
+
+#: tools/symcryptrun.c:314
+#, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "nie mo¿na utworzyæ katalogu tymczasowego,,%s'': %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "nie uda³o siê otworzyæ %s do zapisu: %s\n"
+
+#: tools/symcryptrun.c:382
+#, c-format
+msgid "error writing to %s: %s\n"
+msgstr "b³±d zapisu do %s: %s\n"
+
+#: tools/symcryptrun.c:389
+#, c-format
+msgid "error reading from %s: %s\n"
+msgstr "b³±d odczytu z %s: %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, c-format
+msgid "error closing %s: %s\n"
+msgstr "b³±d zamykania %s: %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr "nie podano opcji --program\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr "obs³ugiwane s± tylko --decrypt i --encrypt\n"
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr "nie podano opcji --keyfile\n"
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr "nie mo¿na przydzieliæ wektora args\n"
+
+#: tools/symcryptrun.c:529
+#, c-format
+msgid "could not create pipe: %s\n"
+msgstr "nie uda³o siê utworzyæ potoku: %s\n"
+
+#: tools/symcryptrun.c:536
+#, c-format
+msgid "could not create pty: %s\n"
+msgstr "nie uda³o siê utworzyæ pty: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr "nie uda³o siê wykonaæ fork: %s\n"
+
+#: tools/symcryptrun.c:580
+#, c-format
+msgid "execv failed: %s\n"
+msgstr "execv nie powiod³o siê: %s\n"
+
+#: tools/symcryptrun.c:609
+#, c-format
+msgid "select failed: %s\n"
+msgstr "select nie powiod³o siê: %s\n"
+
+#: tools/symcryptrun.c:626
+#, c-format
+msgid "read failed: %s\n"
+msgstr "odczyt nie powiód³ siê: %s\n"
+
+#: tools/symcryptrun.c:678
+#, c-format
+msgid "pty read failed: %s\n"
+msgstr "odczyt pty nie powiód³ siê: %s\n"
+
+#: tools/symcryptrun.c:730
+#, c-format
+msgid "waitpid failed: %s\n"
+msgstr "waitpid nie powiod³o siê: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr "potomek zosta³ przerwany ze stanem %i\n"
+
+#: tools/symcryptrun.c:799
+#, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "nie mo¿na przydzieliæ ³añcucha pliku wej¶ciowego: %s\n"
+
+#: tools/symcryptrun.c:812
+#, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "nie mo¿na przydzieliæ ³añcucha pliku wyj¶ciowego: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr "musi byæ podane %s lub %s\n"
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr "nie podano klasy\n"
+
+#: tools/symcryptrun.c:1022
+#, c-format
+msgid "class %s is not supported\n"
+msgstr "klasa %s nie jest obs³ugiwana\n"
+
+#: tools/gpg-check-pattern.c:145
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Wywo³anie: gpg-check-pattern [opcje] plik-wzorców (-h podaje pomoc)\n"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+"Sk³adnia: gpg-check-pattern [opcje] plik-wzorców\n"
+"Sprawdzanie has³a ze standardowego wej¶cia wzglêdem pliku wzorców\n"
diff --git a/po/pt.gmo b/po/pt.gmo
new file mode 100644
index 0000000..2097466
--- /dev/null
+++ b/po/pt.gmo
Binary files differ
diff --git a/po/pt.po b/po/pt.po
new file mode 100644
index 0000000..25bce8b
--- /dev/null
+++ b/po/pt.po
@@ -0,0 +1,9962 @@
+# pt messages for gnupg
+# Copyright (C) 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
+# Pedro Morais <morais@kde.org>
+#
+# Based on pt_PT work done by:
+# Thiago Jung Bauermann <jungmann@cwb.matrix.com.br>
+# Rafael Caetano dos Santos <rcaetano@linux.ime.usp.br>
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2002-09-13 18:26+0100\n"
+"Last-Translator: Pedro Morais <morais@kde.org>\n"
+"Language-Team: pt <morais@kde.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=iso-8859-1\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "falha ao inicializar a base de dados de confiança: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr ""
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "Por favor digite a frase secreta \n"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "frase secreta demasiado longa\n"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "frase secreta demasiado longa\n"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Caracter inválido no nome\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "MPI incorreto"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "frase secreta incorrecta"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "frase secreta incorrecta"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "algoritmo de protecção %d%s não é suportado\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "impossível criar `%s': %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "impossível abrir `%s': %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "erro ao escrever no porta-chaves secreto `%s': %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "nenhum porta-chaves secreto com permissões de escrita encontrado: %s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "remoção do bloco de chave falhou: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "erro na escrita do porta-chaves `%s': %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Por favor digite a frase secreta \n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "muda a frase secreta"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr "Por favor digite a frase secreta \n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: falha ao criar tabela de dispersão: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr ""
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Repita a frase secreta: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Repita a frase secreta: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Repita a frase secreta: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "a frase secreta não foi repetida corretamente; tente outra vez"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "a frase secreta não foi repetida corretamente; tente outra vez"
+
+#: agent/divert-scd.c:298
+#, fuzzy
+msgid "PIN not correctly repeated; try again"
+msgstr "a frase secreta não foi repetida corretamente; tente outra vez"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr ""
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "a escrever para `%s'\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "Insira a frase secreta\n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Usar esta chave de qualquer modo? "
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"Você precisa de uma frase secreta para proteger a sua chave.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "muda a frase secreta"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opções:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "detalhado"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "ser mais silencioso"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "|FICHEIRO|carregar módulo de extensão FICHEIRO"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "procurar chaves num servidor de chaves"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr ""
+"Realmente actualizar as preferências para os utilizadores seleccionados?"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "actualizar a base de dados de confiança"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Por favor comunique bugs para <gnupg-bugs@gnu.org>.\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "NOTA: ficheiro de opções por omissão `%s' inexistente\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "ficheiro de opções `%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "a ler opções de `%s'\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "erro ao criar `%s': %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, fuzzy, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "%s: impossível criar directoria: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "impossível criar %s: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1525
+#, fuzzy
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "o gpg-agent não está disponível nesta sessão\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "erro ao enviar para `%s': %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "actualização falhou: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "a escrever chave privada para `%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, fuzzy, c-format
+msgid "directory `%s' created\n"
+msgstr "%s: directoria criada\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "base de dados de confiança: leitura falhou (n=%d): %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "%s: impossível criar directoria: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "actualização da chave secreta falhou: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "%s: ignorado: %s\n"
+
+#: agent/gpg-agent.c:2232
+#, fuzzy
+msgid "no gpg-agent running in this session\n"
+msgstr "o gpg-agent não está disponível nesta sessão\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "variável de ambiente GPG_AGENT_INFO inválida\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "a versão %d do protocolo gpg-agent não é suportada\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Comandos:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opções:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Por favor digite a frase secreta \n"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Por favor digite a frase secreta \n"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr "Por favor digite a frase secreta \n"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "frase secreta incorrecta"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "cancelado pelo utilizador\n"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "chave `%s' não encontrada: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "partes da chave secreta não disponíveis\n"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "armadura: %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "sim"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "muda a frase secreta"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "impossível abrir %s: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "erro ao escrever no porta-chaves secreto `%s': %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "erro ao criar `%s': %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "[Utilizador não encontrado]"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "o gpg-agent não está disponível nesta sessão\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "impossível ligar a `%s': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "problemas na comunicação com o gpg-agent\n"
+
+#: common/simple-pwquery.c:416
+#, fuzzy
+msgid "problem setting the gpg-agent options\n"
+msgstr "problema com o agente: o agente returnou 0x%lx\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "cancelado pelo utilizador\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+#, fuzzy
+msgid "problem with the agent\n"
+msgstr "problema com o agente: o agente returnou 0x%lx\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "impossível desactivar core dumps: %s\n"
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+#, fuzzy
+msgid "yes"
+msgstr "sim"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "sS"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "não"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "sair"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "qQ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+#, fuzzy
+msgid "cC"
+msgstr "c"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "certificado incorrecto"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "certificado incorrecto"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "certificado incorrecto"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "certificado incorrecto"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "certificado incorrecto"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "certificado incorrecto"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "certificado incorrecto"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr "certificado incorrecto"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "Nenhuma ajuda disponível"
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: porta-chaves criado\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "armadura: %s\n"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Algoritmos suportados:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "não cifrado"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "algoritmo de dispersão inválido `%s'\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Esta assinatura expirou em %s.\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "algoritmo de dispersão inválido `%s'\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "algoritmo de protecção %d%s não é suportado\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "verificação de assinatura suprimida\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "Esta assinatura expirou em %s.\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "Assinatura correcta de \""
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "algoritmo de dispersão inválido `%s'\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "Esta assinatura expirou em %s.\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "Esta chave expirou!"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr "certificado incorrecto"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "certificado incorrecto"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Nenhuma ajuda disponível"
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "certificado incorrecto"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "certificado incorrecto"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "versão desconhecida"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "Nenhuma ajuda disponível para `%s'"
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "erro na última linha\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "versão desconhecida"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "armadura: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "cabeçalho de armadura inválido: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "cabeçalho de armadura: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "cabeçalho de assinatura em texto puro inválido\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "cabeçalho de armadura: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "assinaturas em texto puro aninhadas\n"
+
+#: g10/armor.c:643
+#, fuzzy
+msgid "unexpected armor: "
+msgstr "armadura inesperada:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "linha com hífen inválida: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, fuzzy, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "caracter radix64 inválido %02x ignorado\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "fim de ficheiro prematuro (sem CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "fim de ficheiro prematuro (no CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "CRC malformado\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, fuzzy, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "erro de CRC; %06lx - %06lx\n"
+
+#: g10/armor.c:919
+#, fuzzy
+msgid "premature eof (in trailer)\n"
+msgstr "fim de ficheiro prematuro (no \"Trailer\")\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "erro na última linha\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "nenhum dado OpenPGP válido encontrado.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "armadura inválida: linha maior que %d caracteres\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"caracter \"quoted printable\" na armadura - provavelmente um MTA com bugs "
+"foi usado\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"um nome de notação deve ter apenas caracteres imprimíveis ou espaços, e "
+"terminar com um '='\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "um valor de notação de utilizador não deve conter o caracter '@'\n"
+
+#: g10/build-packet.c:994
+#, fuzzy
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "um valor de notação de utilizador não deve conter o caracter '@'\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "um valor de notação não deve usar caracteres de controle\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "AVISO: dados de notação inválidos encontrados\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "não legível por humanos"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, fuzzy, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "chave secreta não disponível"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr ""
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+#, fuzzy
+msgid "can't do this in batch mode\n"
+msgstr "impossível fazer isso em modo não-interativo\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "Este comando não é permitido no modo %s.\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "partes da chave secreta não disponíveis\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Opção? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr ""
+
+#: g10/card-util.c:512
+#, fuzzy
+msgid "male"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "female"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "unspecified"
+msgstr "Nenhum motivo especificado"
+
+#: g10/card-util.c:540
+#, fuzzy
+msgid "not forced"
+msgstr "não processado"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr ""
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr ""
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr ""
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr ""
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:693
+#, fuzzy
+msgid "URL to retrieve public key: "
+msgstr "a escrever chave pública para `%s'\n"
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "erro ao criar porta-chaves `%s': %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "erro na escrita do porta-chaves `%s': %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr ""
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:1005
+#, fuzzy
+msgid "Language preferences: "
+msgstr "preferências actualizadas"
+
+#: g10/card-util.c:1013
+#, fuzzy
+msgid "Error: invalid length of preference string.\n"
+msgstr "caracter inválido na cadeia de caractéres da preferência\n"
+
+#: g10/card-util.c:1022
+#, fuzzy
+msgid "Error: invalid characters in preference string.\n"
+msgstr "caracter inválido na cadeia de caractéres da preferência\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr ""
+
+#: g10/card-util.c:1058
+#, fuzzy
+msgid "Error: invalid response.\n"
+msgstr "%s: versão de ficheiro inválida %d\n"
+
+#: g10/card-util.c:1080
+#, fuzzy
+msgid "CA fingerprint: "
+msgstr "mostra impressão digital"
+
+#: g10/card-util.c:1103
+#, fuzzy
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "%s: versão de ficheiro inválida %d\n"
+
+#: g10/card-util.c:1153
+#, fuzzy, c-format
+msgid "key operation not possible: %s\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: g10/card-util.c:1154
+#, fuzzy
+msgid "not an OpenPGP card"
+msgstr "nenhum dado OpenPGP válido encontrado.\n"
+
+#: g10/card-util.c:1167
+#, fuzzy, c-format
+msgid "error getting current key info: %s\n"
+msgstr "erro ao escrever no porta-chaves secreto `%s': %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Qual o tamanho de chave desejado? (1024) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Qual o tamanho de chave desejado? (1024) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Qual o tamanho de chave desejado? (1024) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "arredondado para %u bits\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "erro ao enviar para `%s': %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "ignorado: a chave secreta já está presente\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+
+#: g10/card-util.c:1449
+#, fuzzy
+msgid "Please select the type of key to generate:\n"
+msgstr "Por favor selecione o tipo de chave desejado:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+#, fuzzy
+msgid " (1) Signature key\n"
+msgstr "Esta assinatura expirou em %s.\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+#, fuzzy
+msgid " (2) Encryption key\n"
+msgstr " (%d) RSA (apenas cifragem)\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr ""
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Opção inválida.\n"
+
+#: g10/card-util.c:1556
+#, fuzzy
+msgid "Please select where to store the key:\n"
+msgstr "motivo da revocação: "
+
+#: g10/card-util.c:1600
+#, fuzzy
+msgid "unknown key protection algorithm\n"
+msgstr "algoritmo de compressão desconhecido"
+
+#: g10/card-util.c:1605
+#, fuzzy
+msgid "secret parts of key are not available\n"
+msgstr "Componentes secretas da chave primária não disponíveis.\n"
+
+#: g10/card-util.c:1610
+#, fuzzy
+msgid "secret key already stored on a card\n"
+msgstr "ignorado: a chave secreta já está presente\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "erro na escrita do porta-chaves `%s': %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "sair deste menu"
+
+#: g10/card-util.c:1684
+#, fuzzy
+msgid "show admin commands"
+msgstr "comandos em conflito\n"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "mostra esta ajuda"
+
+#: g10/card-util.c:1687
+#, fuzzy
+msgid "list all available data"
+msgstr "Nenhuma ajuda disponível"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr ""
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr ""
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr ""
+
+#: g10/card-util.c:1693
+#, fuzzy
+msgid "change the login name"
+msgstr "muda a data de validade"
+
+#: g10/card-util.c:1694
+#, fuzzy
+msgid "change the language preferences"
+msgstr "muda os valores de confiança"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr ""
+
+#: g10/card-util.c:1696
+#, fuzzy
+msgid "change a CA fingerprint"
+msgstr "mostra impressão digital"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+#, fuzzy
+msgid "generate new keys"
+msgstr "gerar um novo par de chaves"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr ""
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+#, fuzzy
+msgid "Admin-only command\n"
+msgstr "comandos em conflito\n"
+
+#: g10/card-util.c:1895
+#, fuzzy
+msgid "Admin commands are allowed\n"
+msgstr "comandos em conflito\n"
+
+#: g10/card-util.c:1897
+#, fuzzy
+msgid "Admin commands are not allowed\n"
+msgstr "a escrever chave privada para `%s'\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Comando inválido (tente \"help\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output não funciona para este comando\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "impossível abrir `%s'\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, fuzzy, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "chave `%s' não encontrada: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "erro na leitura do bloco de chave: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(a não ser que escolha a chave pela sua impressão digital)\n"
+
+#: g10/delkey.c:133
+#, fuzzy
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "impossível fazer isso em modo não-interactivo sem utilizar \"--yes\"\n"
+
+#: g10/delkey.c:145
+#, fuzzy
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Remover esta chave do porta-chaves?"
+
+#: g10/delkey.c:153
+#, fuzzy
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Esta chave é secreta! - apagar de qualquer modo? "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "remoção do bloco de chave falhou: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "informações de 'ownertrust' limpas\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "há uma chave secreta para a chave pública \"%s\"!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "utilize a opção \"--delete-secret-keys\" para a apagar primeiro.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "não é possível utilizar o pacote ESK simétrico devido ao modo S2K\n"
+
+#: g10/encode.c:246
+#, fuzzy, c-format
+msgid "using cipher %s\n"
+msgstr "assinatura falhou: %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "%s' já comprimido\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "AVISO: `%s' é um ficheiro vazio\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr "no modo --pgp2 só pode cifrar com chaves RSA de 2048 bits ou menos\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "lendo de `%s'\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"impossível utilizar a cifra IDEA para todas as chaves para que está a "
+"cifrar.\n"
+
+#: g10/encode.c:559
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"ao forçar a cifra simétrica %s (%d) viola as preferências do destinatário\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"ao forçar o algoritmo de compressão %s (%d) viola as preferências do "
+"destinatário\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"ao forçar a cifra simétrica %s (%d) viola as preferências do destinatário\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s cifrado para: \"%s\"\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "dados cifrados com %s\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "cifrado com algoritmo desconhecido %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"AVISO: A mensagem foi cifrada com uma chave fraca na cifragem simétrica.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "problema ao tratar pacote cifrado\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr ""
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+
+#: g10/exec.c:338
+#, fuzzy
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr "%s: erro ao ler registo de versão: %s\n"
+
+#: g10/exec.c:416
+#, fuzzy, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "não foi possível alterar o exec-path para %s\n"
+
+#: g10/exec.c:419
+#, fuzzy, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "não foi possível alterar o exec-path para %s\n"
+
+#: g10/exec.c:510
+#, fuzzy, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "%s: erro ao ler registo de versão: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr ""
+
+#: g10/exec.c:536
+#, fuzzy
+msgid "unable to execute external program\n"
+msgstr "não foi possível alterar o exec-path para %s\n"
+
+#: g10/exec.c:553
+#, fuzzy, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "não foi possível alterar o exec-path para %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr ""
+
+#: g10/exec.c:611
+#, fuzzy, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr ""
+"\n"
+"A assinatura será marcada como não-revocável.\n"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr ""
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr "revoga uma chave secundária"
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "chave secreta não utilizável"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+#, fuzzy
+msgid "exporting secret keys not allowed\n"
+msgstr "a escrever chave privada para `%s'\n"
+
+#: g10/export.c:367
+#, fuzzy, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "chave %08lX: não está protegida - ignorada\n"
+
+#: g10/export.c:375
+#, fuzzy, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "chave %08lX: tipo PGP 2.x - ignorada\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "chave %08lX: assintura da subchave no local errado - ignorado\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "falha ao inicializar a base de dados de confiança: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr ""
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "AVISO: nada exportado\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "entradas demais no cache pk - desactivado\n"
+
+#: g10/getkey.c:175
+#, fuzzy
+msgid "[User ID not found]"
+msgstr "[Utilizador não encontrado]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "erro ao criar `%s': %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "mostra impressão digital"
+
+#: g10/getkey.c:1930
+#, fuzzy, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr "Chave inválida %08lX tornada válida por --allow-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, fuzzy, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "há uma chave secreta para a chave pública \"%s\"!\n"
+
+#: g10/getkey.c:2759
+#, fuzzy, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "usando chave secundária %08lX ao invés de chave primária %08lX\n"
+
+#: g10/getkey.c:2806
+#, fuzzy, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "chave %08lX: chave secreta sem chave pública - ignorada\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "fazer uma assinatura separada"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[ficheiro]|fazer uma assinatura em texto puro"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "fazer uma assinatura separada"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "cifrar dados"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "cifrar apenas com cifra simétrica"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "decifrar dados (acção por omissão)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "verificar uma assinatura"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "listar as chaves"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "listar as chaves e as assinaturas"
+
+#: g10/gpg.c:389
+#, fuzzy
+msgid "list and check key signatures"
+msgstr "verificar as assinaturas das chaves"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "listar as chaves e as impressões digitais"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "listar as chaves secretas"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "gerar um novo par de chaves"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "gerar um certificado de revogação"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "remover chaves do porta-chaves público"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "remover chaves do porta-chaves secreto"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "assinar uma chave"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "assinar uma chave localmente"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "assinar ou editar uma chave"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "muda a frase secreta"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "exportar chaves"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "exportar chaves para um servidor de chaves"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "importar chaves de um servidor de chaves"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "procurar chaves num servidor de chaves"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "actualizar todas as chaves a partir de um servidor de chaves"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "importar/fundir chaves"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr ""
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr ""
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr ""
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "actualizar a base de dados de confiança"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|algo [ficheiros]|imprimir \"digests\" de mensagens"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "criar saída com armadura ascii"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|NOME|cifrar para NOME"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr ""
+"usar este identificador de utilizador para\n"
+"assinar ou decifrar"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr ""
+"|N|estabelecer nível de compressão N\n"
+"(0 desactiva)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "usar modo de texto canônico"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "|FICHEIRO|carregar módulo de extensão FICHEIRO"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "não fazer alterações"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "perguntar antes de sobrepôr"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr ""
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Veja a página man para uma lista completa de comandos e opções)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Exemplos:\n"
+"\n"
+" -se -r Bob [ficheiro] assinar e cifrar para o utilizador Bob\n"
+" --clearsign [ficheiro] criar uma assinatura em texto puro\n"
+" --detach-sign [ficheiro] criar uma assinatura separada\n"
+" --list-keys [nomes] mostrar chaves\n"
+" --fingerprint [nomes] mostrar impressões digitais\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintaxe: gpg [opções] [ficheiros]\n"
+"assina, verifica, cifra ou decifra\n"
+"a operação por omissão depende dos dados de entrada\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Algoritmos suportados:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Chave pública: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Cifra: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Dispersão: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Compressão: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "uso: gpg [opções] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "comandos em conflito\n"
+
+#: g10/gpg.c:1176
+#, fuzzy, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "nenhum sinal = encontrada na definição de grupo \"%s\"\n"
+
+#: g10/gpg.c:1373
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
+
+#: g10/gpg.c:1376
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
+
+#: g10/gpg.c:1379
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
+
+#: g10/gpg.c:1385
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
+
+#: g10/gpg.c:1388
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
+
+#: g10/gpg.c:1391
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
+
+#: g10/gpg.c:1397
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
+
+#: g10/gpg.c:1400
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
+
+#: g10/gpg.c:1403
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
+
+#: g10/gpg.c:1409
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
+
+#: g10/gpg.c:1412
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
+
+#: g10/gpg.c:1415
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
+
+#: g10/gpg.c:1595
+#, fuzzy, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "criado um novo ficheiro de configuração `%s'\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+#, fuzzy
+msgid "show all notations during signature listings"
+msgstr "Nenhuma assinatura correspondente no porta-chaves secreto\n"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "a URL de política de assinatura dada é inválida\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr "mostrar em que porta-chave a chave está"
+
+#: g10/gpg.c:1721
+#, fuzzy
+msgid "show expiration dates during signature listings"
+msgstr "Nenhuma assinatura correspondente no porta-chaves secreto\n"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "NOTA: o ficheiro antigo de opções por omissão `%s' foi ignorado\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "NOTA: %s não é para uso normal!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, fuzzy, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "%s não é um conjunto de caracteres válido\n"
+
+#: g10/gpg.c:2624
+#, fuzzy, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "%s não é um conjunto de caracteres válido\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+#, fuzzy
+msgid "could not parse keyserver URL\n"
+msgstr "não consegui processar a URI do servidor de chaves\n"
+
+#: g10/gpg.c:2659
+#, fuzzy, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: opções de exportação inválidas\n"
+
+#: g10/gpg.c:2662
+#, fuzzy
+msgid "invalid keyserver options\n"
+msgstr "opções de exportação inválidas\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: opções de importação inválidas\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "opções de importação inválidas\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: opções de exportação inválidas\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "opções de exportação inválidas\n"
+
+#: g10/gpg.c:2689
+#, fuzzy, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: opções de importação inválidas\n"
+
+#: g10/gpg.c:2692
+#, fuzzy
+msgid "invalid list options\n"
+msgstr "opções de importação inválidas\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "%s não é um conjunto de caracteres válido\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "a URL de política de assinatura dada é inválida\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "%s não é um conjunto de caracteres válido\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "%s não é um conjunto de caracteres válido\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, fuzzy, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: opções de exportação inválidas\n"
+
+#: g10/gpg.c:2732
+#, fuzzy
+msgid "invalid verify options\n"
+msgstr "opções de exportação inválidas\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "não foi possível alterar o exec-path para %s\n"
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: opções de exportação inválidas\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "AVISO: O programa pode criar um ficheiro core!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "AVISO: %s sobrepõe %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s não é permitido com %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s não faz sentido com %s!\n"
+
+#: g10/gpg.c:3057
+#, fuzzy, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "a escrever chave privada para `%s'\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "só pode fazer assinaturas separadas ou em texto puro no modo --pgp2\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "não pode assinar e cifrar ao mesmo tempo no modo --pgp2\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+"deve utilizar ficheiros (e não um 'pipe') quando trabalho no modo --pgp2.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "cifrar uma mensagem no modo --pgp2 necessita da cifra IDEA\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "o algoritmo de cifragem selecionado é inválido\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "o algoritmo de \"digest\" selecionado é inválido\n"
+
+#: g10/gpg.c:3175
+#, fuzzy
+msgid "selected compression algorithm is invalid\n"
+msgstr "o algoritmo de cifragem selecionado é inválido\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "o algoritmo de \"digest\" de certificação selecionado é inválido\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed deve ser maior que 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed deve ser maior que 1\n"
+
+#: g10/gpg.c:3200
+#, fuzzy
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth deve estar na entre 1 e 255\n"
+
+#: g10/gpg.c:3202
+#, fuzzy
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "nível de verificação por omissão inválido: deve ser 0, 1, 2 ou 3\n"
+
+#: g10/gpg.c:3204
+#, fuzzy
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "nível de verificação por omissão inválido: deve ser 0, 1, 2 ou 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "NOTA: o modo S2K simples (0) não é recomendável\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "modo S2K inválido: deve ser 0, 1 ou 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "preferências por omissão inválidas\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "preferências pessoais de cifra inválidas\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "preferências pessoais de 'digest' inválidas\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "preferências pessoais de compressão inválidas\n"
+
+#: g10/gpg.c:3263
+#, fuzzy, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s não faz sentido com %s!\n"
+
+#: g10/gpg.c:3310
+#, fuzzy, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
+
+#: g10/gpg.c:3315
+#, fuzzy, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
+
+#: g10/gpg.c:3320
+#, fuzzy, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "falha ao inicializar a base de dados de confiança: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"AVISO: destinatários (-r) dados sem utilizar uma cifra de chave pública\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [nome_do_ficheiro]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [nome_do_ficheiro]"
+
+#: g10/gpg.c:3447
+#, fuzzy, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "decifragem falhou: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [nome_do_ficheiro]"
+
+#: g10/gpg.c:3470
+#, fuzzy
+msgid "--symmetric --encrypt [filename]"
+msgstr "--sign --encrypt [nome_do_ficheiro]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [nome_do_ficheiro]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [nome_do_ficheiro]"
+
+#: g10/gpg.c:3521
+#, fuzzy
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--sign --encrypt [nome_do_ficheiro]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "não pode utilizar %s enquanto estiver no modo %s\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [nome_do_ficheiro]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [nome_do_ficheiro]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [nome_do_ficheiro]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key id-utilizador"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key id-utilizador"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key id-utilizador [comandos]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key id-utilizador"
+
+#: g10/gpg.c:3716
+#, fuzzy, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: g10/gpg.c:3718
+#, fuzzy, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: g10/gpg.c:3720
+#, fuzzy, c-format
+msgid "key export failed: %s\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: g10/gpg.c:3731
+#, fuzzy, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: g10/gpg.c:3741
+#, fuzzy, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "actualização da chave secreta falhou: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "retirada de armadura falhou: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "criação de armadura falhou: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "algoritmo de dispersão inválido `%s'\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[nome_do_ficheiro]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Digite a sua mensagem ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "a URL de política de certificação dada é inválida\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "a URL de política de assinatura dada é inválida\n"
+
+#: g10/gpg.c:4358
+#, fuzzy
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "a URL de política de assinatura dada é inválida\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "Remover esta chave do porta-chaves?"
+
+#: g10/gpgv.c:76
+#, fuzzy
+msgid "make timestamp conflicts only a warning"
+msgstr "conflito de \"timestamp\""
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr ""
+"|DF|escrever informações de estado para o\n"
+"descritor de ficheiro DF"
+
+#: g10/gpgv.c:117
+#, fuzzy
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
+
+#: g10/gpgv.c:119
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Nenhuma ajuda disponível"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Nenhuma ajuda disponível para `%s'"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "actualizar a base de dados de confiança"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr ""
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "chave secreta não utilizável"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "ignorando bloco do tipo %d\n"
+
+#: g10/import.c:275
+#, fuzzy, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu chaves processadas até agora\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Número total processado: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " ignorei novas chaves: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " sem IDs de utilizadores: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importados: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " não modificados: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " novos IDs de utilizadores: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " novas subchaves: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " novas assinaturas: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " novas revogações de chaves: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " chaves secretas lidas: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " chaves secretas importadas: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " chaves secretas não modificadas: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " não importadas: %lu\n"
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " novas assinaturas: %lu\n"
+
+#: g10/import.c:325
+#, fuzzy, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " chaves secretas lidas: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:662
+#, fuzzy, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr "assinatura %s de: \"%s\"\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, fuzzy, c-format
+msgid "key %s: no user ID\n"
+msgstr "chave %08lX: sem ID de utilizador\n"
+
+#: g10/import.c:795
+#, fuzzy, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "chave %08lX: subchave HKP corrompida foi reparada\n"
+
+#: g10/import.c:810
+#, fuzzy, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "chave %08lX: aceite ID de utilizador sem auto-assinatura '%s'\n"
+
+#: g10/import.c:816
+#, fuzzy, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "chave %08lX: sem IDs de utilizadores válidos\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "isto pode ser causado por falta de auto-assinatura\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, fuzzy, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "chave %08lX: chave pública não encontrada: %s\n"
+
+#: g10/import.c:834
+#, fuzzy, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "chave %08lX: chave nova - ignorada\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "não foi encontrada nenhum porta-chaves onde escrever: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "a escrever para `%s'\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "erro na escrita do porta-chaves `%s': %s\n"
+
+#: g10/import.c:871
+#, fuzzy, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "chave %08lX: chave pública \"%s\" importada\n"
+
+#: g10/import.c:895
+#, fuzzy, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "chave %08lX: não corresponde à nossa cópia\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, fuzzy, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "chave %08lX: impossível localizar bloco de chaves original: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, fuzzy, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "chave %08lX: impossível ler bloco de chaves original: %s\n"
+
+#: g10/import.c:962
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "chave %8lX: \"%s\" 1 novo ID de utilizador\n"
+
+#: g10/import.c:965
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "chave %08lX: \"%s\" %d novos IDs de utilizadores\n"
+
+#: g10/import.c:968
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "chave %08lX: \"%s\" 1 nova assinatura\n"
+
+#: g10/import.c:971
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "chave %08lX: \"%s\" %d novas assinaturas\n"
+
+#: g10/import.c:974
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "chave %08lX: \"%s\" 1 nova subchave\n"
+
+#: g10/import.c:977
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "chave %08lX: \"%s\" %d novas subchaves\n"
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "chave %08lX: \"%s\" %d novas assinaturas\n"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "chave %08lX: \"%s\" %d novas assinaturas\n"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "chave %08lX: \"%s\" %d novos IDs de utilizadores\n"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "chave %08lX: \"%s\" %d novos IDs de utilizadores\n"
+
+#: g10/import.c:1013
+#, fuzzy, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "chave %08lX: \"%s\" não modificada\n"
+
+#: g10/import.c:1185
+#, fuzzy, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "chave %08lX: chave secreta com cifra inválida %d - ignorada\n"
+
+#: g10/import.c:1196
+#, fuzzy
+msgid "importing secret keys not allowed\n"
+msgstr "a escrever chave privada para `%s'\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "sem porta-chaves público por omissão: %s\n"
+
+#: g10/import.c:1224
+#, fuzzy, c-format
+msgid "key %s: secret key imported\n"
+msgstr "chave %08lX: chave secreta importada\n"
+
+#: g10/import.c:1254
+#, fuzzy, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "chave %08lX: já está no porta-chaves secreto\n"
+
+#: g10/import.c:1264
+#, fuzzy, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "chave %08lX: chave secreta não encontrada: %s\n"
+
+#: g10/import.c:1296
+#, fuzzy, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"chave %08lX: sem chave pública - impossível aplicar certificado\n"
+"de revogação\n"
+
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "chave %08lX: certificado de revogação inválido: %s - rejeitado\n"
+
+#: g10/import.c:1371
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "chave %08lX: \"%s\" certificado de revogação importado\n"
+
+#: g10/import.c:1447
+#, fuzzy, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "chave %08lX: nenhum ID de utilizador para assinatura\n"
+
+#: g10/import.c:1464
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"chave %08lX: algoritmo de chave pública não suportado no utilizador \"%s\"\n"
+
+#: g10/import.c:1466
+#, fuzzy, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "chave %08lX: auto-assinatura inválida do utilizador \"%s\"\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "chave %08lX: algoritmo de chave pública não suportado\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "chave %08lX: assinatura directa de chave adicionada\n"
+
+#: g10/import.c:1498
+#, fuzzy, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "chave %08lX: sem subchave para ligação de chaves\n"
+
+#: g10/import.c:1511
+#, fuzzy, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "chave %08lX: ligação de subchave inválida\n"
+
+#: g10/import.c:1527
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "chave %08lX: apagada ligação múltipla de subchave \n"
+
+#: g10/import.c:1549
+#, fuzzy, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "chave %08lX: sem subchave para revocação de chave\n"
+
+#: g10/import.c:1562
+#, fuzzy, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "chave %08lX: revocação de subchave inválida\n"
+
+#: g10/import.c:1577
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "chave %08lX: removida revogação múltiplace de subchaves\n"
+
+#: g10/import.c:1618
+#, fuzzy, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "chave %08lX: ignorado ID de utilizador '"
+
+#: g10/import.c:1639
+#, fuzzy, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "chave %08lX: subchave ignorada\n"
+
+#: g10/import.c:1666
+#, fuzzy, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "chave %08lX: assinatura não exportável (classe %02x) - ignorada\n"
+
+#: g10/import.c:1676
+#, fuzzy, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "chave %08lX: certificado de revogação no local errado - ignorado\n"
+
+#: g10/import.c:1693
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "chave %08lX: certificado de revogação inválido: %s - ignorado\n"
+
+#: g10/import.c:1707
+#, fuzzy, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "chave %08lX: assintura da subchave no local errado - ignorado\n"
+
+#: g10/import.c:1715
+#, fuzzy, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "chave %08lX: classe de assinatura inesperada (%02x) - ignorada\n"
+
+#: g10/import.c:1844
+#, fuzzy, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "chave %08lX: detectado ID de utilizador duplicado - fundido\n"
+
+#: g10/import.c:1906
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"AVISO: a chave %08lX pode estar revocada: a transferir a chave de revocação %"
+"08lX\n"
+
+#: g10/import.c:1920
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"AVISO: a chave %08lX pode estar revocada: chave de revocação %08lX não "
+"presente.\n"
+
+#: g10/import.c:1979
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
+
+#: g10/import.c:2013
+#, fuzzy, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "chave %08lX: assinatura directa de chave adicionada\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr ""
+
+#: g10/import.c:2422
+#, fuzzy
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "ignorado: a chave secreta já está presente\n"
+
+#: g10/import.c:2424
+#, fuzzy
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "ignorado: a chave secreta já está presente\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "erro ao criar porta-chaves `%s': %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "porta-chaves `%s' criado\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, fuzzy, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "erro ao criar `%s': %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "falha ao criar 'cache' do porta-chaves: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[revogação]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[auto-assinatura]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 assinatura incorrecta\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d assinaturas incorrectas\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 assinatura não verificada por falta de chave\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d assinaturas não verificadas por falta de chaves\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 assinatura não verificada devido a um erro\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d assinaturas não verificadas devido a erros\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "1 ID de utilizador sem auto-assinatura válida detectado\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "%d IDs de utilizadores sem auto-assinaturas válidas detectados\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+#, fuzzy
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Por favor decida quanto confia neste utilizador para\n"
+"verificar correctamente as chaves de outros utilizadores\n"
+"(vendo passaportes, verificando impressões digitais...)?\n"
+"\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, fuzzy, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Confio moderadamente\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, fuzzy, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Confio plenamente\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "Utilizador \"%s\" está revocado."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Você tem certeza de que quer adicioná-la de qualquer forma? (s/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Não foi possível assinar.\n"
+
+#: g10/keyedit.c:626
+#, fuzzy, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "Utilizador \"%s\" está revocado."
+
+#: g10/keyedit.c:654
+#, fuzzy, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "AVISO: o ID do utilizador \"%s\" não é auto-assinado.\n"
+
+#: g10/keyedit.c:682
+#, fuzzy, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "AVISO: o ID do utilizador \"%s\" não é auto-assinado.\n"
+
+#: g10/keyedit.c:684
+#, fuzzy
+msgid "Sign it? (y/N) "
+msgstr "Realmente assinar? "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"A sua auto-assinatura em \"%s\"\n"
+"é uma assinatura do tipo PGP 2.x.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Quer promovê-la a uma auto-assinatura OpenPGP? (s/N) "
+
+#: g10/keyedit.c:729
+#, fuzzy, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"A sua assinatura actual em \"%s\"\n"
+"é uma assinatura local.\n"
+
+#: g10/keyedit.c:733
+#, fuzzy
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "Quer que a sua assinatura expire na mesma altura? (S/n) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"A sua assinatura actual em \"%s\"\n"
+"é uma assinatura local.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "Quer promovê-la a uma assinatura exportável? (s/N)"
+
+#: g10/keyedit.c:779
+#, fuzzy, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" já foi assinado localmente pela chave %08lX\n"
+
+#: g10/keyedit.c:782
+#, fuzzy, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" já foi assinado pela chave %08lX\n"
+
+#: g10/keyedit.c:787
+#, fuzzy
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Você tem certeza de que quer adicioná-la de qualquer forma? (s/N) "
+
+#: g10/keyedit.c:809
+#, fuzzy, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Nada para assinar com a chave %08lX\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Esta chave expirou!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Esta chave vai expirar em %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Quer que a sua assinatura expire na mesma altura? (S/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"Não pode criar uma assinatura OpenPGP numa chave PGP 2.x no modo --pgp2.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Isto tornaria a chave inutilizável no PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Com que cuidado é que verificou que chave que está prestes a assinar "
+"pertence\n"
+"à pessoa correcta? Se não sabe o que responder, escolha \"0\".\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Não vou responder.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Não verifiquei.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Verifiquei por alto.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Verifiquei com bastante cuidado.%s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr ""
+
+#: g10/keyedit.c:956
+#, fuzzy, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Você tem certeza de que quer assinar esta chave com\n"
+"a sua chave: \""
+
+#: g10/keyedit.c:963
+#, fuzzy
+msgid "This will be a self-signature.\n"
+msgstr ""
+"\n"
+"Isto será uma auto-assinatura.\n"
+
+#: g10/keyedit.c:969
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"AVISO: a assinatura não será marcada como não-exportável.\n"
+
+#: g10/keyedit.c:977
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"AVISO: a assinatura não será marcada como não-revocável.\n"
+
+#: g10/keyedit.c:987
+#, fuzzy
+msgid "The signature will be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"A assinatura será marcada como não-exportável.\n"
+
+#: g10/keyedit.c:994
+#, fuzzy
+msgid "The signature will be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"A assinatura será marcada como não-revocável.\n"
+
+#: g10/keyedit.c:1001
+#, fuzzy
+msgid "I have not checked this key at all.\n"
+msgstr ""
+"\n"
+"Não verifiquei esta chave.\n"
+
+#: g10/keyedit.c:1006
+#, fuzzy
+msgid "I have checked this key casually.\n"
+msgstr ""
+"\n"
+"Verifiquei por alto esta chave.\n"
+
+#: g10/keyedit.c:1011
+#, fuzzy
+msgid "I have checked this key very carefully.\n"
+msgstr ""
+"\n"
+"Verifiquei esta chave com muito cuidado.\n"
+
+#: g10/keyedit.c:1021
+#, fuzzy
+msgid "Really sign? (y/N) "
+msgstr "Realmente assinar? "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "assinatura falhou: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Esta chave não é protegida.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Componentes secretas da chave primária não disponíveis.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+#, fuzzy
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Componentes secretas da chave primária não disponíveis.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "A chave é protegida.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Impossível editar esta chave: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Digite a nova frase para esta chave secreta.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "a frase secreta não foi repetida corretamente; tente outra vez"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Você não quer uma frase secreta - provavelmente isto é uma *má* idéia!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+#, fuzzy
+msgid "Do you really want to do this? (y/N) "
+msgstr "Você quer realmente fazer isso? "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "a mover a assinatura da chave para o local correcto\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "gravar e sair"
+
+#: g10/keyedit.c:1387
+#, fuzzy
+msgid "show key fingerprint"
+msgstr "mostra impressão digital"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "lista chave e identificadores de utilizadores"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "seleciona ID de utilizador N"
+
+#: g10/keyedit.c:1391
+#, fuzzy
+msgid "select subkey N"
+msgstr "seleciona ID de utilizador N"
+
+#: g10/keyedit.c:1392
+#, fuzzy
+msgid "check signatures"
+msgstr "revoga assinaturas"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+#, fuzzy
+msgid "sign selected user IDs locally"
+msgstr "assina a chave localmente"
+
+#: g10/keyedit.c:1404
+#, fuzzy
+msgid "sign selected user IDs with a trust signature"
+msgstr "Sugestão: Selecione os IDs de utilizador para assinar\n"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "adiciona um novo ID de utilizador"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "adiciona um identificador fotográfico"
+
+#: g10/keyedit.c:1414
+#, fuzzy
+msgid "delete selected user IDs"
+msgstr "remove ID de utilizador"
+
+#: g10/keyedit.c:1419
+#, fuzzy
+msgid "add a subkey"
+msgstr "addkey"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+#, fuzzy
+msgid "delete selected subkeys"
+msgstr "remove uma chave secundária"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "adiciona uma chave de revocação"
+
+#: g10/keyedit.c:1435
+#, fuzzy
+msgid "delete signatures from the selected user IDs"
+msgstr ""
+"Realmente actualizar as preferências para os utilizadores seleccionados?"
+
+#: g10/keyedit.c:1437
+#, fuzzy
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "Você não pode modificar a data de validade de uma chave v3\n"
+
+#: g10/keyedit.c:1439
+#, fuzzy
+msgid "flag the selected user ID as primary"
+msgstr "seleccionar o identificador do utilizador como primário"
+
+#: g10/keyedit.c:1441
+#, fuzzy
+msgid "toggle between the secret and public key listings"
+msgstr "alterna entre listagem de chave secreta e pública"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "lista preferências (perito)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "lista preferências (detalhadamente)"
+
+#: g10/keyedit.c:1448
+#, fuzzy
+msgid "set preference list for the selected user IDs"
+msgstr ""
+"Realmente actualizar as preferências para os utilizadores seleccionados?"
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "não consegui processar a URI do servidor de chaves\n"
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr ""
+"Realmente actualizar as preferências para os utilizadores seleccionados?"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "muda a frase secreta"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "muda os valores de confiança"
+
+#: g10/keyedit.c:1463
+#, fuzzy
+msgid "revoke signatures on the selected user IDs"
+msgstr "Realmente revocar todos os IDs de utilizador seleccionados? "
+
+#: g10/keyedit.c:1465
+#, fuzzy
+msgid "revoke selected user IDs"
+msgstr "revocar um ID de utilizador"
+
+#: g10/keyedit.c:1470
+#, fuzzy
+msgid "revoke key or selected subkeys"
+msgstr "revoga uma chave secundária"
+
+#: g10/keyedit.c:1471
+#, fuzzy
+msgid "enable key"
+msgstr "activa uma chave"
+
+#: g10/keyedit.c:1472
+#, fuzzy
+msgid "disable key"
+msgstr "desactiva uma chave"
+
+#: g10/keyedit.c:1473
+#, fuzzy
+msgid "show selected photo IDs"
+msgstr "mostrar identificador fotográfico"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, fuzzy, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "erro na leitura do bloco de chave secreto `%s': %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Chave secreta disponível.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "A chave secreta é necessária para fazer isto.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Por favor utilize o comando \"toggle\" primeiro.\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "A chave está revogada."
+
+#: g10/keyedit.c:1798
+#, fuzzy
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Realmente assinar todos os IDs de utilizador? "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Sugestão: Selecione os IDs de utilizador para assinar\n"
+
+#: g10/keyedit.c:1814
+#, fuzzy, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "classe de assinatura desconhecida"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Este comando não é permitido no modo %s.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Você precisa selecionar pelo menos um ID de utilizador.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Você não pode remover o último ID de utilizador!\n"
+
+#: g10/keyedit.c:1863
+#, fuzzy
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Realmente remover todos os IDs de utilizador seleccionados? "
+
+#: g10/keyedit.c:1864
+#, fuzzy
+msgid "Really remove this user ID? (y/N) "
+msgstr "Realmente remover este ID de utilizador? "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+#, fuzzy
+msgid "Really move the primary key? (y/N) "
+msgstr "Realmente remover este ID de utilizador? "
+
+#: g10/keyedit.c:1929
+#, fuzzy
+msgid "You must select exactly one key.\n"
+msgstr "Você deve selecionar pelo menos uma chave.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, fuzzy, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "impossível abrir `%s': %s\n"
+
+#: g10/keyedit.c:1988
+#, fuzzy, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "erro ao criar porta-chaves `%s': %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Você deve selecionar pelo menos uma chave.\n"
+
+#: g10/keyedit.c:2015
+#, fuzzy
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Você quer realmente remover as chaves selecionadas? "
+
+#: g10/keyedit.c:2016
+#, fuzzy
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Você quer realmente remover esta chave? "
+
+#: g10/keyedit.c:2051
+#, fuzzy
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Realmente revocar todos os IDs de utilizador seleccionados? "
+
+#: g10/keyedit.c:2052
+#, fuzzy
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Realmente revocar este ID de utilizador? "
+
+#: g10/keyedit.c:2070
+#, fuzzy
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Você quer realmente revogar esta chave? "
+
+#: g10/keyedit.c:2081
+#, fuzzy
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Você quer realmente revogar as chaves selecionadas? "
+
+#: g10/keyedit.c:2083
+#, fuzzy
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Você quer realmente revogar esta chave? "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+#, fuzzy
+msgid "Set preference list to:\n"
+msgstr "configurar lista de preferências"
+
+#: g10/keyedit.c:2181
+#, fuzzy
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+"Realmente actualizar as preferências para os utilizadores seleccionados?"
+
+#: g10/keyedit.c:2183
+#, fuzzy
+msgid "Really update the preferences? (y/N) "
+msgstr "Realmente actualizar as preferências?"
+
+#: g10/keyedit.c:2253
+#, fuzzy
+msgid "Save changes? (y/N) "
+msgstr "Gravar alterações? "
+
+#: g10/keyedit.c:2256
+#, fuzzy
+msgid "Quit without saving? (y/N) "
+msgstr "Sair sem gravar? "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "actualização falhou: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "actualização da chave secreta falhou: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Chave não alterada, nenhuma actualização é necessária.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "'Digest': "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Características: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr "Notação: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "Não há preferências no ID de utilizador tipo PGP 2.x.\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Esta chave pode ser revogada pela chave %s "
+
+#: g10/keyedit.c:2832
+#, fuzzy, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Esta chave pode ser revogada pela chave %s "
+
+#: g10/keyedit.c:2838
+#, fuzzy
+msgid "(sensitive)"
+msgstr " (sensível)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, fuzzy, c-format
+msgid "created: %s"
+msgstr "impossível criar %s: %s\n"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, fuzzy, c-format
+msgid "revoked: %s"
+msgstr "revkey"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, fuzzy, c-format
+msgid "expired: %s"
+msgstr "[expira: %s]"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, fuzzy, c-format
+msgid "expires: %s"
+msgstr "[expira: %s]"
+
+#: g10/keyedit.c:2863
+#, fuzzy, c-format
+msgid "usage: %s"
+msgstr " confiança: %c/%c"
+
+#: g10/keyedit.c:2878
+#, fuzzy, c-format
+msgid "trust: %s"
+msgstr " confiança: %c/%c"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr ""
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Esta chave foi desactivada"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Não se esqueça que a validade de chave mostrada não é necessáriamente a\n"
+"correcta a não ser que reinicie o programa.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+#, fuzzy
+msgid "revoked"
+msgstr "revkey"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+#, fuzzy
+msgid "expired"
+msgstr "expire"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"AVISO: Esta chave é do tipo PGP2. Se adicionar um identificador fotográfico\n"
+" algumas versão do PGP podem rejeitá-la.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Tem a certeza de que quer adicioná-la de qualquer forma? (s/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr ""
+"Não pode adicionar um identificador fotográfico a uma chave tipo PGP2.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Apagar esta assinatura válida? (s/N/q)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Apagar esta assinatura inválida? (s/N/q)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Apagar esta assinatura desconhecida? (s/N/q)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Realmente remover esta auto-assinatura? (s/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "%d assinatura removida.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "%d assinaturas removidas.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Nada removido.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+#, fuzzy
+msgid "invalid"
+msgstr "armadura inválida"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "Utilizador \"%s\" está revocado."
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "Utilizador \"%s\" está revocado."
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "Utilizador \"%s\" está revocado."
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "o utilizador com o id \"%s\" já está revocado\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "o utilizador com o id \"%s\" já está revocado\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"AVISO: Esta chave é do tipo PGP 2.x. Se adicionar um revogador designado\n"
+" algumas versão do PGP podem rejeitá-la.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "Não pode adicionar um revogador designado a uma chave tipo PGP 2.x.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Insira o ID de utilizador do revogador escolhido: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "não pode escolher uma chave do tipo PGP 2.x como revogadora\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "não pode escolher uma chave como revogadora de si mesmo\n"
+
+#: g10/keyedit.c:3561
+#, fuzzy
+msgid "this key has already been designated as a revoker\n"
+msgstr "AVISO: Esta chave foi revogada pelo seu dono!\n"
+
+#: g10/keyedit.c:3580
+#, fuzzy
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr "não pode escolher uma chave como revogadora de si mesmo\n"
+
+#: g10/keyedit.c:3586
+#, fuzzy
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr "não pode escolher uma chave como revogadora de si mesmo\n"
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Por favor remova as selecções das chaves secretas.\n"
+
+#: g10/keyedit.c:3653
+#, fuzzy
+msgid "Please select at most one subkey.\n"
+msgstr "Por favor seleccione no máximo uma chave secundária.\n"
+
+#: g10/keyedit.c:3657
+#, fuzzy
+msgid "Changing expiration time for a subkey.\n"
+msgstr "A modificar a data de validade para uma chave secundária.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Modificar a data de validade para uma chave primária.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Você não pode modificar a data de validade de uma chave v3\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Nenhuma assinatura correspondente no porta-chaves secreto\n"
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "não pode escolher uma chave como revogadora de si mesmo\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Seleccione exactamente um identificador de utilizador.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, fuzzy, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "a ignorar auto-assinatura v3 no utilizar com o id \"%s\"\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+#, fuzzy
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Você tem certeza de que quer adicioná-la de qualquer forma? (s/N) "
+
+#: g10/keyedit.c:4260
+#, fuzzy
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Você tem certeza de que quer adicioná-la de qualquer forma? (s/N) "
+
+#: g10/keyedit.c:4322
+#, fuzzy
+msgid "Enter the notation: "
+msgstr "Notação de assinatura: "
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "Escrever por cima (s/N)? "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Nenhum ID de utilizador com índice %d\n"
+
+#: g10/keyedit.c:4604
+#, fuzzy, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Nenhum ID de utilizador com índice %d\n"
+
+#: g10/keyedit.c:4639
+#, fuzzy, c-format
+msgid "No subkey with index %d\n"
+msgstr "Nenhum ID de utilizador com índice %d\n"
+
+#: g10/keyedit.c:4774
+#, fuzzy, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "ID de utilizador: \""
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, fuzzy, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr " assinado por %08lX em %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (não-exportável)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Esta assinatura expirou em %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Tem a certeza de que quer revogá-la de qualquer forma? (s/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Gerar um certificado de revogação para esta assinatura? (s/N)"
+
+#: g10/keyedit.c:4842
+#, fuzzy
+msgid "Not signed by you.\n"
+msgstr " assinado por %08lX em %s%s\n"
+
+#: g10/keyedit.c:4848
+#, fuzzy, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Assinou estes identificadores de utilizadores:\n"
+
+#: g10/keyedit.c:4874
+#, fuzzy
+msgid " (non-revocable)"
+msgstr " (não-exportável)"
+
+#: g10/keyedit.c:4881
+#, fuzzy, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr " revogado por %08lX em %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Está prestes a revogar estas assinaturas:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Realmente criar os certificados de revogação? (s/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "nenhuma chave secreta\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "o utilizador com o id \"%s\" já está revocado\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+"AVISO: a assintura do ID do utilizador tem data %d segundos no futuro\n"
+
+#: g10/keyedit.c:5104
+#, fuzzy, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "o utilizador com o id \"%s\" já está revocado\n"
+
+#: g10/keyedit.c:5166
+#, fuzzy, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "o utilizador com o id \"%s\" já está revocado\n"
+
+#: g10/keyedit.c:5261
+#, fuzzy, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+"A mostrar a fotografia %s com o tamanho %ld da chave 0x%08lX (uid %d)\n"
+
+#: g10/keygen.c:275
+#, fuzzy, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "preferência %c%lu duplicada\n"
+
+#: g10/keygen.c:282
+#, fuzzy
+msgid "too many cipher preferences\n"
+msgstr "demasiadas preferências `%c'\n"
+
+#: g10/keygen.c:284
+#, fuzzy
+msgid "too many digest preferences\n"
+msgstr "demasiadas preferências `%c'\n"
+
+#: g10/keygen.c:286
+#, fuzzy
+msgid "too many compression preferences\n"
+msgstr "demasiadas preferências `%c'\n"
+
+#: g10/keygen.c:426
+#, fuzzy, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "caracter inválido na cadeia de caractéres da preferência\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "a escrever a assinatura directa\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "a escrever a auto-assinatura\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "a escrever a assinatura ligada a uma chave\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "tamanho de chave inválido; a utilizar %u bits\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "tamanho da chave arredondado para %u bits\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+#, fuzzy
+msgid "Sign"
+msgstr "sign"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+#, fuzzy
+msgid "Encrypt"
+msgstr "cifrar dados"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr ""
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, fuzzy, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%d) ElGamal (apenas cifragem)\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Por favor selecione o tipo de chave desejado:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA e ElGamal (por omissão)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA e ElGamal (por omissão)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (apenas assinatura)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (apenas assinatura)\n"
+
+#: g10/keygen.c:1698
+#, fuzzy, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (apenas cifragem)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (apenas cifragem)\n"
+
+#: g10/keygen.c:1703
+#, fuzzy, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) RSA (apenas cifragem)\n"
+
+#: g10/keygen.c:1704
+#, fuzzy, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (apenas cifragem)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Qual o tamanho de chave desejado? (1024) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, fuzzy, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Qual o tamanho de chave desejado? (1024) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "O tamanho de chave pedido é %u bits\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Por favor especifique por quanto tempo a chave deve ser válida.\n"
+" 0 = chave não expira\n"
+" <n> = chave expira em n dias\n"
+" <n>w = chave expira em n semanas\n"
+" <n>m = chave expira em n meses\n"
+" <n>y = chave expira em n anos\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Por favor especifique por quanto tempo a assinatura deve ser válida.\n"
+" 0 = assinatura não expira\n"
+" <n> = assinatura expira em n dias\n"
+" <n>w = assinatura expira em n semanas\n"
+" <n>m = assinatura expira em n meses\n"
+" <n>y = assinatura expira em n anos\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "A chave é valida por? (0) "
+
+#: g10/keygen.c:1964
+#, fuzzy, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "A assinatura é valida por? (0) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "valor inválido\n"
+
+#: g10/keygen.c:1989
+#, fuzzy
+msgid "Key does not expire at all\n"
+msgstr "A %s não expira nunca\n"
+
+#: g10/keygen.c:1990
+#, fuzzy
+msgid "Signature does not expire at all\n"
+msgstr "A %s não expira nunca\n"
+
+#: g10/keygen.c:1995
+#, fuzzy, c-format
+msgid "Key expires at %s\n"
+msgstr "%s expira em %s\n"
+
+#: g10/keygen.c:1996
+#, fuzzy, c-format
+msgid "Signature expires at %s\n"
+msgstr "Esta assinatura expirou em %s.\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"O seu sistema não consegue mostrar datas para além de 2038.\n"
+"No entanto, estas vão ser tratadas correctamente até 2106.\n"
+
+#: g10/keygen.c:2013
+#, fuzzy
+msgid "Is this correct? (y/N) "
+msgstr "Está correto (s/n)? "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+#, fuzzy
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Você precisa de um identificador de utilizador para identificar sua chave; "
+"o\n"
+"programa constrói o identificador a partir do Nome Completo, Comentário e\n"
+"Endereço Eletrónico desta forma:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Nome completo: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Caracter inválido no nome\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "O nome não pode começar com um dígito\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "O nome deve ter pelo menos 5 caracteres\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Endereço de correio eletrónico: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Endereço eletrónico inválido\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Comentário: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Caracter inválido no comentário\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Você está usando o conjunto de caracteres `%s'.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Você selecionou este identificador de utilizador:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr ""
+"Por favor não coloque o endereço de email no nome verdadeiro ou no "
+"comentário\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcEeOoSs"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Mudar (N)ome, (C)omentário, (E)mail ou (S)air? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Mudar (N)ome, (C)omentário, (E)ndereço ou (O)k/(S)air? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Por favor corrija primeiro o erro\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Você precisa de uma frase secreta para proteger a sua chave.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "Por favor digite a frase secreta \n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Você não quer uma frase secreta - provavelmente isto é uma *má* idéia!\n"
+"Vou continuar assim mesmo. Você pode mudar sua frase secreta a\n"
+"qualquer hora, usando este programa com a opção \"--edit-key\".\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Precisamos gerar muitos bytes aleatórios. É uma boa ideia realizar outra\n"
+"actividade (escrever no teclado, mover o rato, usar os discos) durante a\n"
+"geração dos números primos; isso dá ao gerador de números aleatórios\n"
+"uma hipótese maior de ganhar entropia suficiente.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Geração de chave cancelada.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "a escrever chave pública para `%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, fuzzy, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "a escrever chave privada para `%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "a escrever chave privada para `%s'\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "nenhum porta-chaves público com permissões de escrita encontrado: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "nenhum porta-chaves secreto com permissões de escrita encontrado: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "erro ao escrever no porta-chaves público `%s': %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "erro ao escrever no porta-chaves secreto `%s': %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "chaves pública e privada criadas e assinadas.\n"
+
+#: g10/keygen.c:3672
+#, fuzzy
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Note que esta chave não pode ser usada para cifragem. Você pode usar\n"
+"o comando \"--edit-key\" para gerar uma chave secundária para esse fim.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"a chave foi criada %lu segundo no futuro\n"
+"(viagem no tempo ou problema no relógio)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"a chave foi criada %lu segundos no futuro\n"
+"(viagem no tempo ou problema no relógio)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "NOTA: a criação de sub-chave para chaves v3 não respeito o OpenPGP\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+#, fuzzy
+msgid "Really create? (y/N) "
+msgstr "Realmente criar? "
+
+#: g10/keygen.c:4116
+#, fuzzy, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "remoção do bloco de chave falhou: %s\n"
+
+#: g10/keygen.c:4165
+#, fuzzy, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "impossível criar `%s': %s\n"
+
+#: g10/keygen.c:4191
+#, fuzzy, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "NOTA: chave secreta %08lX expirou em %s\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr ""
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Politica de assinatura crítica: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Politica de assinatura: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Notação de assinatura crítica: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Notação de assinatura: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Porta-chaves"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Impressão da chave primária:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Impressão da subchave:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr "Impressão da chave primária:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Impressão da subchave:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+#, fuzzy
+msgid " Key fingerprint ="
+msgstr " Impressão da chave ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, fuzzy, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "criação de armadura falhou: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "AVISO: existem 2 ficheiros com informações confidenciais.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s é o não modificado\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s é o novo\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Por favor conserte esta possível falha de segurança\n"
+
+#: g10/keyring.c:1430
+#, fuzzy, c-format
+msgid "caching keyring `%s'\n"
+msgstr "a verificar o porta chaves `%s'\n"
+
+#: g10/keyring.c:1489
+#, fuzzy, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu chave verificadas (%lu assinaturas)\n"
+
+#: g10/keyring.c:1501
+#, fuzzy, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu chave verificadas (%lu assinaturas)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: porta-chaves criado\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "a URL de política de assinatura dada é inválida\n"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, fuzzy, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr "AVISO: opções em `%s' ainda não estão activas nesta execução\n"
+
+#: g10/keyserver.c:544
+#, fuzzy
+msgid "disabled"
+msgstr "disable"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, fuzzy, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "opções de exportação inválidas\n"
+
+#: g10/keyserver.c:932
+#, fuzzy, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "chave `%s' não encontrada: %s\n"
+
+#: g10/keyserver.c:934
+#, fuzzy
+msgid "key not found on keyserver\n"
+msgstr "chave `%s' não encontrada: %s\n"
+
+#: g10/keyserver.c:1177
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "a pedir a chave %08lX de %s\n"
+
+#: g10/keyserver.c:1181
+#, fuzzy, c-format
+msgid "requesting key %s from %s\n"
+msgstr "a pedir a chave %08lX de %s\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "a procurar por \"%s\" no servidor HKP %s\n"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "a procurar por \"%s\" no servidor HKP %s\n"
+
+#: g10/keyserver.c:1361
+#, fuzzy, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "a procurar por \"%s\" no servidor HKP %s\n"
+
+#: g10/keyserver.c:1365
+#, fuzzy, c-format
+msgid "sending key %s to %s\n"
+msgstr ""
+"\"\n"
+"assinado com a sua chave %08lX em %s\n"
+
+#: g10/keyserver.c:1408
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "a procurar por \"%s\" no servidor HKP %s\n"
+
+#: g10/keyserver.c:1411
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "a procurar por \"%s\" no servidor HKP %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+#, fuzzy
+msgid "no keyserver action!\n"
+msgstr "opções de exportação inválidas\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr ""
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+#: g10/keyserver.c:1575
+#, fuzzy
+msgid "keyserver timed out\n"
+msgstr "erro do servidor de chaves"
+
+#: g10/keyserver.c:1580
+#, fuzzy
+msgid "keyserver internal error\n"
+msgstr "erro do servidor de chaves"
+
+#: g10/keyserver.c:1589
+#, fuzzy, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr ""
+
+#: g10/keyserver.c:1907
+#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
+
+#: g10/keyserver.c:1929
+#, fuzzy, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "a pedir a chave %08lX de %s\n"
+
+#: g10/keyserver.c:1931
+#, fuzzy, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "a pedir a chave %08lX de %s\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
+
+#: g10/keyserver.c:1993
+#, fuzzy, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "tamanho estranho para uma chave de sessão cifrada (%d)\n"
+
+#: g10/mainproc.c:284
+#, fuzzy, c-format
+msgid "%s encrypted session key\n"
+msgstr "tamanho estranho para uma chave de sessão cifrada (%d)\n"
+
+#: g10/mainproc.c:294
+#, fuzzy, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "cifrado com algoritmo desconhecido %d\n"
+
+#: g10/mainproc.c:360
+#, fuzzy, c-format
+msgid "public key is %s\n"
+msgstr "a chave pública é %08lX\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "dados cifrados com chave pública: DEK válido\n"
+
+#: g10/mainproc.c:456
+#, fuzzy, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "cifrado com chave %u-bit %s, ID %08lX, criada em %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, fuzzy, c-format
+msgid " \"%s\"\n"
+msgstr " ou \""
+
+#: g10/mainproc.c:464
+#, fuzzy, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "cifrado com chave %s, ID %08lX\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "decifragem de chave pública falhou: %s\n"
+
+#: g10/mainproc.c:495
+#, fuzzy, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "Repita a frase secreta\n"
+
+#: g10/mainproc.c:497
+#, fuzzy
+msgid "encrypted with 1 passphrase\n"
+msgstr "Repita a frase secreta\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "a assumir dados cifrados %s\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "Cifra IDEO não disponível, a tentar utilizar %s em substituição\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "decifragem correcta\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "AVISO: a mensagem não tinha a sua integridade protegida\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "CUIDADO: a mensagem cifrada foi manipulada!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "decifragem falhou: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "NOTA: o remetente solicitou \"apenas-para-seus-olhos\"\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "nome do ficheiro original='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "revocação solitária - utilize \"gpg --import\" para aplicar\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "Assinatura correcta de \""
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "verificação de assinatura suprimida\n"
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "não consigo tratar estas assinaturas múltiplas\n"
+
+#: g10/mainproc.c:1598
+#, fuzzy, c-format
+msgid "Signature made %s\n"
+msgstr "Esta assinatura expirou em %s.\n"
+
+#: g10/mainproc.c:1599
+#, fuzzy, c-format
+msgid " using %s key %s\n"
+msgstr " ou \""
+
+#: g10/mainproc.c:1603
+#, fuzzy, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Assinatura feita em %.*s usando %s, ID da chave %08lX\n"
+
+#: g10/mainproc.c:1623
+#, fuzzy
+msgid "Key available at: "
+msgstr "Nenhuma ajuda disponível"
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, fuzzy, c-format
+msgid "BAD signature from \"%s\""
+msgstr "Assinatura INCORRECTA de \""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, fuzzy, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Assinatura expirada de \""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, fuzzy, c-format
+msgid "Good signature from \"%s\""
+msgstr "Assinatura correcta de \""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[incerto]"
+
+#: g10/mainproc.c:1843
+#, fuzzy, c-format
+msgid " aka \"%s\""
+msgstr " ou \""
+
+#: g10/mainproc.c:1941
+#, fuzzy, c-format
+msgid "Signature expired %s\n"
+msgstr "Esta assinatura expirou em %s.\n"
+
+#: g10/mainproc.c:1946
+#, fuzzy, c-format
+msgid "Signature expires %s\n"
+msgstr "Esta assinatura expirou em %s.\n"
+
+#: g10/mainproc.c:1949
+#, fuzzy, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "assinatura %s de: \"%s\"\n"
+
+#: g10/mainproc.c:1950
+#, fuzzy
+msgid "binary"
+msgstr "primary"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr ""
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+#, fuzzy
+msgid "unknown"
+msgstr "versão desconhecida"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Impossível verificar assinatura: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "não é uma assinatura separada\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"AVISO: várias assinaturas detectadas. Apenas a primeira será verificada.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "assinatura de classe 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "formato de assinatura antigo (PGP2.x)\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "pacote raiz inválido detectado em proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, fuzzy, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "impossível abrir %s: %s\n"
+
+#: g10/misc.c:178
+#, fuzzy, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "base de dados de confiança: leitura falhou (n=%d): %s\n"
+
+#: g10/misc.c:296
+#, fuzzy, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "impossível manipular algoritmo de chave pública %d\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+"forçar o algoritmo de 'digest' %s (%d) viola as preferências do "
+"destinatário\n"
+
+#: g10/misc.c:315
+#, fuzzy, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "algoritmo de criptografia não implementado"
+
+#: g10/misc.c:330
+#, fuzzy, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "assinatura %s de: \"%s\"\n"
+
+#: g10/misc.c:335
+#, fuzzy, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr ""
+"forçar o algoritmo de 'digest' %s (%d) viola as preferências do "
+"destinatário\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "o 'plugin' com a cifra IDEA não está presente\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr " i = mostrar mais informações\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: opção depreciada \"%s\"\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "AVISO: \"%s\" é uma opção depreciada\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "por favor utilize \"%s%s\" em vez dela\n"
+
+#: g10/misc.c:774
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "AVISO: \"%s\" é uma opção depreciada\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "AVISO: \"%s\" é uma opção depreciada\n"
+
+#: g10/misc.c:848
+#, fuzzy
+msgid "Uncompressed"
+msgstr "não processado"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+#, fuzzy
+msgid "uncompressed|none"
+msgstr "não processado"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "esta mensagem poderá não ser utilizável pelo %s\n"
+
+#: g10/misc.c:1175
+#, fuzzy, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "a ler opções de `%s'\n"
+
+#: g10/misc.c:1200
+#, fuzzy, c-format
+msgid "unknown option `%s'\n"
+msgstr "destinatário por omissão desconhecido `%s'\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Arquivo `%s' já existe. "
+
+#: g10/openfile.c:93
+#, fuzzy
+msgid "Overwrite? (y/N) "
+msgstr "Escrever por cima (s/N)? "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: sufixo desconhecido\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Digite novo nome de ficheiro"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "a escrever em \"stdout\"\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "a assumir dados assinados em `%s'\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "criado um novo ficheiro de configuração `%s'\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "AVISO: opções em `%s' ainda não estão activas nesta execução\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "impossível manipular algoritmo de chave pública %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "subpacote do tipo %d tem bit crítico ligado\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, fuzzy, c-format
+msgid "problem with the agent: %s\n"
+msgstr "problema com o agente: o agente returnou 0x%lx\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, fuzzy, c-format
+msgid " (main key ID %s)"
+msgstr " (ID principal da chave %08lX)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Precisa de uma frase secreta para desbloquear a chave secreta do "
+"utilizador:\n"
+"\n"
+"\"%.*s\"\n"
+"chave %u bits %s, ID %08lx, criada %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Insira a frase secreta\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "cancelado pelo utilizador\n"
+
+#: g10/passphrase.c:592
+#, fuzzy, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"\n"
+"Você precisa de uma frase secreta para desbloquear a chave secreta do\n"
+"utilizador: \""
+
+#: g10/passphrase.c:600
+#, fuzzy, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "chave de %u-bit/%s, ID %08lX, criada em %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr ""
+
+#: g10/photoid.c:117
+#, fuzzy, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "impossível abrir %s: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+#, fuzzy
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Você tem certeza de que quer adicioná-la de qualquer forma? (s/N) "
+
+#: g10/photoid.c:146
+#, fuzzy, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "%s: não é um base de dados de confiança\n"
+
+#: g10/photoid.c:165
+#, fuzzy
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Está correto (s/n)? "
+
+#: g10/photoid.c:373
+#, fuzzy
+msgid "unable to display photo ID!\n"
+msgstr "não foi possível alterar o exec-path para %s\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Nenhum motivo especificado"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "A chave foi substituída"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "A chave foi comprometida"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "A chave já não é utilizada"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "O identificador do utilizador já não é válido"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "motivo da revocação: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "comentário da revocação: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMqQsS"
+
+#: g10/pkclist.c:212
+#, fuzzy
+msgid "No trust value assigned to:\n"
+msgstr ""
+"Nenhum valor de confiança designado para:\n"
+"%4u%c/%08lX %s \""
+
+#: g10/pkclist.c:245
+#, fuzzy, c-format
+msgid " aka \"%s\"\n"
+msgstr " ou \""
+
+#: g10/pkclist.c:255
+#, fuzzy
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "Esta chave provavelmente pertence ao dono\n"
+
+#: g10/pkclist.c:270
+#, fuzzy, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Não sei\n"
+
+#: g10/pkclist.c:272
+#, fuzzy, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = Eu NÃO confio\n"
+
+#: g10/pkclist.c:278
+#, fuzzy, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Confio de forma total\n"
+
+#: g10/pkclist.c:284
+#, fuzzy
+msgid " m = back to the main menu\n"
+msgstr " m = voltar ao menu principal\n"
+
+#: g10/pkclist.c:287
+#, fuzzy
+msgid " s = skip this key\n"
+msgstr " s = saltar esta chave\n"
+
+#: g10/pkclist.c:288
+#, fuzzy
+msgid " q = quit\n"
+msgstr " q = sair\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Decisão? "
+
+#: g10/pkclist.c:319
+#, fuzzy
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Tem a certeza que quer confiar totalmente nesta chave?"
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certificados que levam a uma chave confiada plenamente:\n"
+
+#: g10/pkclist.c:418
+#, fuzzy, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%08lx: Não há indicação de que a assinatura pertence realmente ao dono.\n"
+
+#: g10/pkclist.c:423
+#, fuzzy, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%08lx: Não há indicação de que a assinatura pertence realmente ao dono.\n"
+
+#: g10/pkclist.c:429
+#, fuzzy
+msgid "This key probably belongs to the named user\n"
+msgstr "Esta chave provavelmente pertence ao dono\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Esta chave pertence-nos\n"
+
+#: g10/pkclist.c:460
+#, fuzzy
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"NÃO se tem certeza de que esta chave pertence ao seu dono.\n"
+"Se você *realmente* sabe o que está a fazer, pode responder\n"
+"sim à próxima pergunta\n"
+"\n"
+
+#: g10/pkclist.c:479
+#, fuzzy
+msgid "Use this key anyway? (y/N) "
+msgstr "Usar esta chave de qualquer modo? "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "AVISO: A utilizar uma chave que não é de confiança!\n"
+
+#: g10/pkclist.c:520
+#, fuzzy
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+"AVISO: a chave %08lX pode estar revocada: chave de revocação %08lX não "
+"presente.\n"
+
+#: g10/pkclist.c:529
+#, fuzzy
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "AVISO: Esta chave foi revogada pelo seu dono!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "AVISO: Esta chave foi revogada pelo seu dono!\n"
+
+#: g10/pkclist.c:533
+#, fuzzy
+msgid " This could mean that the signature is forged.\n"
+msgstr " Isto pode significar que a assinatura é falsificada.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "AVISO: Esta subchave foi revogada pelo seu dono!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Nota: Esta chave foi desactivada.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Nota: Esta chave expirou!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "AVISO: Esta chave não está certificada com uma assinatura confiável!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr " Não há indicação de que a assinatura pertence ao dono.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "AVISO: Nós NÃO confiamos nesta chave!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " A assinatura é provavelmente uma FALSIFICAÇÃO.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"AVISO: Esta chave não está certificada com assinaturas suficientemente\n"
+" confiáveis!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Não se tem certeza de que a assinatura pertence ao dono.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: ignorado: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: ignorado: a chave pública já está presente\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "Não especificou um identificador de utilizador. (pode usar \"-r\")\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Insira o identificador do utilizador. Termine com uma linha vazia: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Identificador de utilizador inexistente.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "ignorado: chave pública já colocada como destinatário por omissão\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "A chave pública está desativada.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "ignorado: a chave pública já está presente\n"
+
+#: g10/pkclist.c:1045
+#, fuzzy, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "destinatário por omissão desconhecido `%s'\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: ignorado: a chave pública está desactivada\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "nenhum endereço válido\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "chave %08lX: sem ID de utilizador\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "chave %08lX: sem ID de utilizador\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "dados não gravados; use a opção \"--output\" para gravá-los\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Assinatura separada.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Por favor digite o nome do ficheiro de dados: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "lendo do \"stdin\" ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "não há dados assinados\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "impossível abrir dados assinados `%s'\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "impossível abrir dados assinados `%s'\n"
+
+#: g10/pubkey-enc.c:105
+#, fuzzy, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "destinatário anónimo; a tentar chave secreta %08lX ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "certo, nós somos o destinatário anónimo.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "codificação antiga do DEK não suportada\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "algoritmo de cifra %d%s é desconhecido ou foi desactivado\n"
+
+#: g10/pubkey-enc.c:284
+#, fuzzy, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "NOTA: algoritmo de cifragem %d não encontrado nas preferências\n"
+
+#: g10/pubkey-enc.c:304
+#, fuzzy, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "NOTA: chave secreta %08lX expirou em %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "NOTA: a chave foi revogada"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, fuzzy, c-format
+msgid "build_packet failed: %s\n"
+msgstr "actualização falhou: %s\n"
+
+#: g10/revoke.c:145
+#, fuzzy, c-format
+msgid "key %s has no user IDs\n"
+msgstr "chave %08lX: sem ID de utilizador\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr ""
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr ""
+
+#: g10/revoke.c:314
+#, fuzzy
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Gerar um certificado de revogação para esta assinatura? (s/N)"
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr ""
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, fuzzy, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "actualização da chave secreta falhou: %s\n"
+
+#: g10/revoke.c:405
+#, fuzzy
+msgid "Revocation certificate created.\n"
+msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr ""
+
+#: g10/revoke.c:470
+#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "chave `%s' não encontrada: %s\n"
+
+#: g10/revoke.c:497
+#, fuzzy, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "a escrever chave pública para `%s'\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr ""
+
+#: g10/revoke.c:515
+#, fuzzy
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Gerar um certificado de revogação para esta assinatura? (s/N)"
+
+#: g10/revoke.c:532
+#, fuzzy
+msgid "unknown protection algorithm\n"
+msgstr "algoritmo de compressão desconhecido"
+
+#: g10/revoke.c:540
+#, fuzzy
+msgid "NOTE: This key is not protected!\n"
+msgstr "Esta chave não é protegida.\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+
+#: g10/revoke.c:633
+#, fuzzy
+msgid "Please select the reason for the revocation:\n"
+msgstr "motivo da revocação: "
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr ""
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr ""
+
+#: g10/revoke.c:686
+#, fuzzy
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr ""
+"\n"
+"Insira o identificador do utilizador. Termine com uma linha vazia: "
+
+#: g10/revoke.c:714
+#, fuzzy, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "motivo da revocação: "
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr ""
+
+#: g10/revoke.c:721
+#, fuzzy
+msgid "Is this okay? (y/N) "
+msgstr "Usar esta chave de qualquer modo? "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "partes da chave secreta não disponíveis\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "algoritmo de protecção %d%s não é suportado\n"
+
+#: g10/seckey-cert.c:72
+#, fuzzy, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "algoritmo de protecção %d%s não é suportado\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Frase secreta inválida; por favor tente novamente"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+"AVISO: Chave fraca detectada - por favor mude a frase secreta novamente.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"a gerar a 'checksum' (depreciada) de 16-bit para protecção da chave secreta\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "chave fraca criada - tentando novamente\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"impossível evitar chave fraca para criptografia simétrica;\n"
+"tentei %d vezes!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "AVISO: conflito no 'digest' de assinatura da mensagem\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+
+#: g10/sig-check.c:117
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr "não pode escolher uma chave como revogadora de si mesmo\n"
+
+#: g10/sig-check.c:211
+#, fuzzy, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "a chave pública %08lX é %lu segundo mais nova que a assinatura\n"
+
+#: g10/sig-check.c:212
+#, fuzzy, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "a chave pública %08lX é %lu segundos mais nova que a assinatura\n"
+
+#: g10/sig-check.c:223
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"a chave foi criada %lu segundo no futuro\n"
+"(viagem no tempo ou problema no relógio)\n"
+
+#: g10/sig-check.c:225
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"a chave foi criada %lu segundos no futuro\n"
+"(viagem no tempo ou problema no relógio)\n"
+
+#: g10/sig-check.c:239
+#, fuzzy, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "NOTA: chave de assinatura %08lx expirou %s\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "NOTA: a chave foi revogada"
+
+#: g10/sig-check.c:325
+#, fuzzy, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"assumindo assinatura incorrecta na chave %08lX devido a um bit crítico "
+"desconhecido\n"
+
+#: g10/sig-check.c:591
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "chave %08lX: sem subchave para o pacote revocação de subchave\n"
+
+#: g10/sig-check.c:618
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "chave %08lX: sem subchave para ligação de chaves\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"AVISO: impossível expandir-%% a url de política (demasiado grande). A "
+"utilizar não expandida.\n"
+
+#: g10/sign.c:115
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"AVISO: impossível expandir-%% a url de política (demasiado grande).\n"
+"A utilizar não expandida.\n"
+
+#: g10/sign.c:138
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"AVISO: impossível expandir-%% a url de política (demasiado grande).\n"
+"A utilizar não expandida.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "verificação da assinatura criada falhou: %s\n"
+
+#: g10/sign.c:320
+#, fuzzy, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "assinatura %s de: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "só pode assinar-desligar com chaves do tipo PGP 2.x no modo --pgp2\n"
+
+#: g10/sign.c:837
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"forçar o algoritmo de 'digest' %s (%d) viola as preferências do "
+"destinatário\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "a assinar:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "só pode assinar à vista com chaves do tipo PGP 2.x no modo --pgp2\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "será utilizada a cifragem %s\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"a chave não está marcada insegura - impossível usá-la com o RNG falso!\n"
+
+#: g10/skclist.c:174
+#, fuzzy, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "ignorado `%s': duplicada\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "ignorado `%s': %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "ignorado: a chave secreta já está presente\n"
+
+#: g10/skclist.c:208
+#, fuzzy
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"ignorado `%s': esta é uma chave ElGamal gerada pelo PGP que não é segura "
+"para assinaturas!\n"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "registo de confiança %lu, tipo %d: escrita falhou: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, fuzzy, c-format
+msgid "error in `%s': %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: g10/tdbdump.c:161
+#, fuzzy
+msgid "line too long"
+msgstr "frase secreta demasiado longa\n"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+#, fuzzy
+msgid "invalid fingerprint"
+msgstr "%s: versão de ficheiro inválida %d\n"
+
+#: g10/tdbdump.c:180
+#, fuzzy
+msgid "ownertrust value missing"
+msgstr "importar os valores de confiança"
+
+#: g10/tdbdump.c:216
+#, fuzzy, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "%s: erro ao escrever registo de diretório: %s\n"
+
+#: g10/tdbdump.c:220
+#, fuzzy, c-format
+msgid "read error in `%s': %s\n"
+msgstr "armadura: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "base de dados de confiança: sincronização falhou: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "base de dados de confiança rec %lu: lseek falhou: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "base de dados de confiança rec %lu: escrita falhou (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "transação de base de dados de confiança muito grande\n"
+
+#: g10/tdbio.c:500
+#, fuzzy, c-format
+msgid "can't access `%s': %s\n"
+msgstr "impossível fechar `%s': %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: diretoria inexistente!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, fuzzy, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "impossível criar `%s': %s\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, fuzzy, c-format
+msgid "can't lock `%s'\n"
+msgstr "impossível abrir `%s'\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: falha ao criar registo de versão: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: base de dados de confiança inválida criada\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: base de dados de confiança criada\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "NOTA: não é possível escrever na trustdb\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: base de dados de confiança inválida\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: falha ao criar tabela de dispersão: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: erro a actualizar registo de versão: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: erro ao ler registo de versão: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: erro ao escrever registo de versão: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "base de dados de confiança: lseek falhou: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "base de dados de confiança: leitura falhou (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: não é um base de dados de confiança\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: registo de versão com recnum %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: versão de ficheiro inválida %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: erro ao ler registo livre: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: erro ao escrever registo de diretório: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: falha ao zerar um registo: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: falha ao anexar um registo: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: base de dados de confiança criada\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "impossível manipular linhas de texto maiores que %d caracteres\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "linha de entrada maior que %d caracteres\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "`%s' não é um identificador longo de chave válido\n"
+
+#: g10/trustdb.c:252
+#, fuzzy, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "chave %08lX: aceite como chave de confiança\n"
+
+#: g10/trustdb.c:290
+#, fuzzy, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "chave %08lX ocrreu mais do que uma vez na base de dados de confiança\n"
+
+#: g10/trustdb.c:305
+#, fuzzy, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr ""
+"chave %08lX: nenhuma chave pública para chave de confiança - ignorada\n"
+"\n"
+
+#: g10/trustdb.c:315
+#, fuzzy, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "chave marcada como de confiança absoluta\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "registo de confiança %lu, tipo req %d: falha na leitura: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "registo de confiança %lu não é do tipo pedido %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+#, fuzzy
+msgid "[ revoked]"
+msgstr "revkey"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+#, fuzzy
+msgid "[ expired]"
+msgstr "expire"
+
+#: g10/trustdb.c:528
+#, fuzzy
+msgid "[ unknown]"
+msgstr "versão desconhecida"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr ""
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "não é necessária uma verificação da base de dados de confiança\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "proxima verificação da base de dados de confiança a %s\n"
+
+#: g10/trustdb.c:607
+#, fuzzy, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "não é necessária uma verificação da base de dados de confiança\n"
+
+#: g10/trustdb.c:622
+#, fuzzy, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "não é necessária uma verificação da base de dados de confiança\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, fuzzy, c-format
+msgid "public key %s not found: %s\n"
+msgstr "chave pública %08lX não encontrada: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr ""
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "a verificar a base de dados de confiança\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr ""
+
+#: g10/trustdb.c:2295
+#, fuzzy
+msgid "no ultimately trusted keys found\n"
+msgstr ""
+"chave pública da chave absolutamente de confiança %08lX não encontrada\n"
+
+#: g10/trustdb.c:2309
+#, fuzzy, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr ""
+"chave pública da chave absolutamente de confiança %08lX não encontrada\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, fuzzy, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "registo de confiança %lu, tipo %d: escrita falhou: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"a assinatura não pode ser verificada.\n"
+"Não se esqueça que o ficheiro com a assinatura (.sig ou .asc)\n"
+"deve ser o primeiro a ser dado na linha de comando.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "linha de entrada %u demasiado longa ou falta o LF\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "impossível abrir `%s': %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "a escrever chave privada para `%s'\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "erro de leitura"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "frase secreta demasiado longa\n"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "argumento inválido"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "comandos em conflito\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "opções de importação inválidas\n"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "não processado"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "opções de importação inválidas\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "Comando inválido (tente \"help\")\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "não processado"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "opções de importação inválidas\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "você encontrou um bug ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "impossível abrir %s: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "criação de armadura falhou: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "%s: impossível criar directoria: %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "erro na escrita do porta-chaves `%s': %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "a escrever chave privada para `%s'\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "chave pública %08lX não encontrada: %s\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "a escrever chave privada para `%s'\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "muda a frase secreta"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "muda a frase secreta"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "motivo da revocação: "
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "motivo da revocação: "
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, fuzzy, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: scd/app-openpgp.c:695
+#, fuzzy, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "falha ao inicializar a base de dados de confiança: %s\n"
+
+#: scd/app-openpgp.c:708
+#, fuzzy, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "falha ao criar 'cache' do porta-chaves: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, fuzzy, c-format
+msgid "reading public key failed: %s\n"
+msgstr "remoção do bloco de chave falhou: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr ""
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "muda a frase secreta"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, fuzzy, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "muda a frase secreta"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "muda a frase secreta"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "motivo da revocação: "
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+#, fuzzy
+msgid "error reading application data\n"
+msgstr "erro na leitura do bloco de chave: %s\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+#, fuzzy
+msgid "error reading fingerprint DO\n"
+msgstr "%s: erro ao ler registo livre: %s\n"
+
+#: scd/app-openpgp.c:2194
+#, fuzzy
+msgid "key already exists\n"
+msgstr "%s' já comprimido\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2200
+#, fuzzy
+msgid "generating new key\n"
+msgstr "gerar um novo par de chaves"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "gerar um novo par de chaves"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2773
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "falha ao inicializar a base de dados de confiança: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2872
+#, fuzzy
+msgid "generating key failed\n"
+msgstr "remoção do bloco de chave falhou: %s\n"
+
+#: scd/app-openpgp.c:2875
+#, fuzzy, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "assinatura %s de: \"%s\"\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, fuzzy, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "nenhum dado OpenPGP válido encontrado.\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr ""
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "|FICHEIRO|carregar módulo de extensão FICHEIRO"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+#, fuzzy
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NOME|usar NOME como destinatário por omissão"
+
+#: scd/scdaemon.c:130
+#, fuzzy
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NOME|usar NOME como destinatário por omissão"
+
+#: scd/scdaemon.c:133
+#, fuzzy
+msgid "do not use the internal CCID driver"
+msgstr "nunca usar o terminal"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "comandos em conflito\n"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "caracter radix64 inválido %02x ignorado\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+#, fuzzy
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "variável de ambiente GPG_AGENT_INFO inválida\n"
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "a versão %d do protocolo gpg-agent não é suportada\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "help"
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "a versão %d do protocolo gpg-agent não é suportada\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "impossível abrir `%s': %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "a escrever chave privada para `%s'\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "remoção do bloco de chave falhou: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "falha ao inicializar a base de dados de confiança: %s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "NOTA: a chave foi revogada"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "verificação da assinatura criada falhou: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr ""
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "a escrever chave privada para `%s'\n"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "Esta chave expirou!"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "Esta chave expirou!"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "Esta chave expirou!"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "Esta chave expirou!"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " novas assinaturas: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "certificado incorrecto"
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr ""
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "mostra impressão digital"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "gerar um certificado de revogação"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "verificação da assinatura criada falhou: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr ""
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "verificar uma assinatura"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "preferência %c%lu duplicada\n"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr "certificado incorrecto"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "não"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "%s: versão de ficheiro inválida %d\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "%s: versão de ficheiro inválida %d\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Precisa de uma frase secreta para desbloquear a chave secreta do "
+"utilizador:\n"
+"\n"
+"\"%.*s\"\n"
+"chave %u bits %s, ID %08lx, criada %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "erro ao escrever no porta-chaves secreto `%s': %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "algoritmo de dispersão inválido `%s'\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Endereço eletrónico inválido\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "erro ao criar porta-chaves `%s': %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "erro ao criar porta-chaves `%s': %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (apenas assinatura)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) RSA (apenas cifragem)\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Notação de assinatura: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "Nenhum ID de utilizador com índice %d\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: erro ao ler registo livre: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "desactiva uma chave"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) RSA (assinatura e cifragem)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (apenas assinatura)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (apenas cifragem)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "algoritmo de dispersão inválido `%s'\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "Endereço de correio eletrónico: "
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"Insira o identificador do utilizador. Termine com uma linha vazia: "
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "Digite novo nome de ficheiro"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr ""
+"\n"
+"Insira o identificador do utilizador. Termine com uma linha vazia: "
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr ""
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "chave `%s' não encontrada: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "erro na leitura do bloco de chave: %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "chave %08lX: certificado de revogação \"%s\" adicionado\n"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "preferência %c%lu duplicada\n"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "remoção do bloco de chave falhou: %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "resposta do agente inválida\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "listar as chaves secretas"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "certificado incorrecto"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "certificado incorrecto"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "certificado incorrecto"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "criar saída com armadura ascii"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "nunca usar o terminal"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "|FICHEIRO|carregar módulo de extensão FICHEIRO"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "modo não-interactivo: nunca perguntar"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "assumir sim para a maioria das perguntas"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "assumir não para a maioria das perguntas"
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr ""
+"adicionar este porta-chaves\n"
+"à lista de porta-chaves"
+
+#: sm/gpgsm.c:301
+#, fuzzy
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|NOME|usar NOME como chave secreta por omissão"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|ENDEREÇO|usar este servidor para buscar chaves"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NOME|usar algoritmo de criptografia NOME"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NOME|usar algoritmo de \"digest\" de mensagens NOME"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintaxe: gpg [opções] [ficheiros]\n"
+"assina, verifica, cifra ou decifra\n"
+"a operação por omissão depende dos dados de entrada\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "uso: gpg [opções] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "impossível ligar a `%s': %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "destinatário por omissão desconhecido `%s'\n"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr ""
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = saltar esta chave\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "não consegui processar a URI do servidor de chaves\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, fuzzy, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "a escrever para `%s'\n"
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "impossível fechar `%s': %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr "Número total processado: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "gerar um certificado de revogação"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "falha ao inicializar a base de dados de confiança: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "erro ao criar porta-chaves `%s': %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "porta-chaves `%s' criado\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "falha ao inicializar a base de dados de confiança: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: sm/keydb.c:1408
+#, fuzzy, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "rev? problema ao verificar revogação: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "%s: versão de ficheiro inválida %d\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "algoritmo de protecção %d%s não é suportado\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "verificação da assinatura criada falhou: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "Esta assinatura expirou em %s.\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "Assinatura correcta de \""
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " ou \""
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr ""
+"\n"
+"Isto será uma auto-assinatura.\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "sair"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|FICHEIRO|carregar módulo de extensão FICHEIRO"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "remoção do bloco de chave falhou: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "frase secreta demasiado longa\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "destinatário por omissão desconhecido `%s'\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "assinatura falhou: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "erro ao enviar para `%s': %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "erro ao enviar para `%s': %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|usar mode de frase secreta N"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NOME|usar NOME como chave secreta por omissão"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NOME|cifrar para NOME"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "não consegui processar a URI do servidor de chaves\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+#, fuzzy
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr ""
+"|NOME|usar algoritmo de criptografia NOME para\n"
+"frases secretas"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "criado um novo ficheiro de configuração `%s'\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "criado um novo ficheiro de configuração `%s'\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "usar como ficheiro de saída"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "uso: gpg [opções] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "chave pública não encontrada"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "a escrever chave privada para `%s'\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Comandos:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "decifragem correcta\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "decifragem correcta\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [nome_do_ficheiro]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s não é permitido com %s!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "impossível abrir %s: %s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "%s: impossível criar directoria: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, fuzzy, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "impossível abrir %s: %s\n"
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "erro na escrita do porta-chaves `%s': %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "impossível criar %s: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "impossível criar %s: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "actualização falhou: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "remoção do bloco de chave falhou: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "actualização falhou: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "actualização falhou: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "actualização falhou: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "impossível criar `%s': %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "impossível criar `%s': %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "algoritmo de protecção %d%s não é suportado\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Uso: gpg [opções] [ficheiros] (-h para ajuda)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Comando> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr ""
+#~ "A base de dados de confiança está danificada; por favor execute\n"
+#~ "\"gpg --fix-trustdb\".\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr "Por favor comunique bugs para <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr "Por favor comunique bugs para <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "O par de chaves DSA terá 1024 bits.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Repita a frase secreta\n"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "a ler opções de `%s'\n"
+
+#~ msgid "|[file]|make a signature"
+#~ msgstr "|[ficheiro]|fazer uma assinatura"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[ficheiro]|fazer uma assinatura"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[ficheiro]|fazer uma assinatura em texto puro"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|NOME|usar NOME como destinatário por omissão"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "usar a chave por omissão como destinatário por omissão"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "forçar assinaturas v3"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "sempre usar um MDC para cifrar"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "adicionar este porta-chaves secreto à lista"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr ""
+#~ "|NOME|definir mapa de caracteres do terminal como\n"
+#~ "NOME"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|FICHEIRO|carregar módulo de extensão FICHEIRO"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|usar algoritmo de compressão N"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "remover chaves do porta-chaves público"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Você decide que valor usar aqui; este valor nunca será exportado para\n"
+#~ "terceiros. Precisamos dele implementar a rede de confiança, que não tem\n"
+#~ "nada a ver com a rede de certificados (implicitamente criada)."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Para construir a Teia-de-Confiança ('Web-of-Trust'), o GnuPG precisa de\n"
+#~ "saber quais são as chaves em que deposita confiança absoluta - "
+#~ "normalmente\n"
+#~ "estas são as chaves a que tem acesso à chave privada. Responda \"sim\" "
+#~ "para\n"
+#~ "que esta chave seja de confiança absoluta.\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Se você quiser usar esta chave, não de confiança, assim mesmo, responda "
+#~ "\"sim\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr ""
+#~ "Digite o ID de utilizador do destinatário para quem quer enviar a\n"
+#~ "mensagem."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "Em geral não é uma boa ideia utilizar a mesma chave para assinar e para\n"
+#~ "cifrar. Este algoritmo só deve ser utilizado em alguns domínios.\n"
+#~ "Por favor consulte primeiro o seu perito em segurança."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Insira o tamanho da chave"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Responda \"sim\" ou \"não\""
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Digite o valor necessário conforme pedido.\n"
+#~ "É possível digitar uma data ISO (AAAA-MM-DD) mas você não terá uma boa\n"
+#~ "reacção a erros - o sistema tentará interpretar o valor dado como um "
+#~ "intervalo."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Digite o nome do possuidor da chave"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr "por favor digite um endereço de email (opcional mas recomendado)"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Por favor digite um comentário (opcional)"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N para mudar o nome.\n"
+#~ "C para mudar o comentário.\n"
+#~ "E para mudar o endereço de email\n"
+#~ "O para continuar a geração da chave.\n"
+#~ "S para interromper a geração da chave."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr "Responda \"sim\" (ou apenas \"s\") se quiser gerar a subchave."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Quando assina uma chave de identificação de um utilizador, deve primeiro\n"
+#~ "verificar que a chave pertence realmente à pessoa em questão. É útil "
+#~ "para\n"
+#~ "terceiros saberem com que cuidado é que efectuou esta verificação.\n"
+#~ "\n"
+#~ "\"0\" significa que não deseja declarar a forma com verificou a chave\n"
+#~ "\n"
+#~ "\"1\" significa que acredita que a chave pertence à pessoa em questão, "
+#~ "mas\n"
+#~ " não conseguiu ou não tentou verificar. Este grau é útil para quando\n"
+#~ " assina a chave de uma utilizador pseudo-anónimo.\n"
+#~ "\n"
+#~ "\"2\" significa que efectuou uma verificação normal da chave. Por "
+#~ "exemplo,\n"
+#~ " isto pode significar que verificou a impressão digital da chave e\n"
+#~ " verificou o identificador de utilizador da chave contra uma "
+#~ "identificação\n"
+#~ " fotográfica.\n"
+#~ "\n"
+#~ "\"3\" significa que efectuou uma verificação exaustiva da chave. Por "
+#~ "exemplo,\n"
+#~ " isto pode significar que efectuou a verificação pessoalmente, e que \n"
+#~ " utilizou um documento, com fotografia, difícil de falsificar \n"
+#~ " (como por exemplo um passaporte) que o nome do dono da chave é o\n"
+#~ " mesmo do que o identificador da chave, e que, finalmente, verificou\n"
+#~ " (através de troca de e-mail) que o endereço de email da chave "
+#~ "pertence\n"
+#~ " ao done da chave.\n"
+#~ "\n"
+#~ "Atenção: os exemplos dados para os níveis 2 e 3 são *apenas* exemplos.\n"
+#~ "Compete-lhe a si decidir o que considera, ao assinar chaves, uma "
+#~ "verificação\n"
+#~ "\"normal\" e uma verificação \"exaustiva\".\n"
+#~ "\n"
+#~ "Se não sabe qual é a resposta correcta, responda \"0\"."
+
+#, fuzzy
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "Responda \"sim\" se quiser assinar TODOS os IDs de utilizador"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Responda \"sim\" se quiser realmente remover este ID de utilizador.\n"
+#~ "Todos os certificados também serão perdidos!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Responda \"sim\" se quiser remover a subchave"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Esta é uma assinatura válida na chave; normalmente não é desejável\n"
+#~ "remover esta assinatura porque ela pode ser importante para estabelecer\n"
+#~ "uma conexão de confiança à chave ou a outra chave certificada por esta."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Esta assinatura não pode ser verificada porque você não tem a chave\n"
+#~ "correspondente. Você deve adiar sua remoção até saber que chave foi "
+#~ "usada\n"
+#~ "porque a chave desta assinatura pode estabelecer uma conexão de "
+#~ "confiança\n"
+#~ "através de outra chave já certificada."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr ""
+#~ "A assinatura não é válida. Faz sentido removê-la do seu porta-chaves."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Esta é uma assinatura que liga o ID de utilizador à chave. Geralmente\n"
+#~ "não é uma boa idéia remover tal assinatura. É possível que o GnuPG\n"
+#~ "não consiga mais usar esta chave. Faça isto apenas se por alguma\n"
+#~ "razão esta auto-assinatura não for válida e há uma segunda disponível."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Muda as preferências de todos os identificadores de utilizadores\n"
+#~ "(ou apenas dos seleccionados) para a lista actual de preferências.\n"
+#~ "O 'timestamp' de todas as auto-assinaturas afectuadas será avançado\n"
+#~ "em um segundo.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "Por favor digite a frase secreta \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr "Por favor repita a frase secreta, para ter certeza do que digitou."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Dê o nome para o ficheiro ao qual a assinatura se aplica"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Responda \"sim\" se quiser escrever por cima do ficheiro"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Por favor digite um novo nome de ficheiro. Se você apenas carregar em "
+#~ "RETURN\n"
+#~ "o ficheiro por omissão (que é mostrado entre parênteses) será utilizado."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Deve especificar uma razão para a emissão do certificado. Dependendo no\n"
+#~ "contexto, pode escolher as seguintes opções desta lista:\n"
+#~ " \"A chave foi comprometida\"\n"
+#~ " Utilize esta opção se tem razões para acreditar que indivíduos não\n"
+#~ " autorizados obtiveram acesso à sua chave secreta.\n"
+#~ " \"A chave foi substituida\"\n"
+#~ " Utilize esta opção se substituiu esta chave com uma mais recente.\n"
+#~ " \"A chave já não é utilizada\"\n"
+#~ " Utilize esta opção se já não utiliza a chave.\n"
+#~ " \"O identificador do utilizador já não é válido\"\n"
+#~ " Utilize esta opção para comunicar que o identificador do utilizador\n"
+#~ " não deve ser mais utilizado; normalmente utilizada para indicar\n"
+#~ " que um endereço de email é inválido.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Se desejar, pode inserir uma texto descrevendo a razão pela qual criou\n"
+#~ "este certificado de revogação. Por favor mantenha este texto conciso.\n"
+#~ "Uma linha vazia termina o texto.\n"
+
+#, fuzzy
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "não pode escolher uma chave do tipo PGP 2.x como revogadora\n"
+
+#, fuzzy
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr "não pode escolher uma chave do tipo PGP 2.x como revogadora\n"
+
+#, fuzzy
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "não pode escolher uma chave do tipo PGP 2.x como revogadora\n"
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "help"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr ""
+#~ "por favor veja http://www.gnupg.org/faq.html para mais informações\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "o gpg-agent não está disponível nesta sessão\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Por favor selecione o tipo de chave desejado:\n"
+
+#, fuzzy
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr ""
+#~ "a extensão de cifra \"%s\" não foi carregada devido às suas permissões "
+#~ "inseguras\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr ""
+#~ "DSA necessita de utilização de uma algoritmo de dispersão de 160 bit\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "problema com o agente - a desactivar a utilização deste\n"
+
+#, fuzzy
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "impossível pedir senha em modo não-interactivo\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Digite a frase secreta: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Repita a frase secreta: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [id-utilizador] [porta-chaves]"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "nenhum módulo de recolha de entropia detectado\n"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "impossível abrir `%s'\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "impossível 'stat' a `%s': %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "`%s' não é um ficheiro normal - ignorado\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "nota: random_seed está vazia\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr ""
+#~ "AVISO: o ficheiro random_seed tem um tamanho inválido - não utilizado\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "impossível ler `%s': %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "nota: ficheiro random_seed não actualizado\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "impossível escrever `%s': %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "impossível fechar `%s': %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "AVISO: a utilizar gerador de números aleatórios inseguro!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "O gerador de números aleatórios é apenas um \"remendo\"\n"
+#~ "para poder funcionar - não é de modo algum um bom gerador!\n"
+#~ "\n"
+#~ "NÃO USE NENHUM DADO GERADO POR ESTE PROGRAMA!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Não há bytes aleatórios suficientes. Por favor, faça outro trabalho para\n"
+#~ "que o sistema possa recolher mais entropia! (São necessários mais %d "
+#~ "bytes)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "chave secreta não disponível"
+
+#, fuzzy
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "o gpg-agent não está disponível nesta sessão\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "Assinou estes identificadores de utilizadores:\n"
+
+#~ msgid "general error"
+#~ msgstr "erro geral"
+
+#~ msgid "unknown packet type"
+#~ msgstr "formato de pacote desconhecido"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "algoritmo de chave pública desconhecido"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "algoritmo de \"digest\" desconhecido"
+
+#~ msgid "bad public key"
+#~ msgstr "chave pública incorrecta"
+
+#~ msgid "bad secret key"
+#~ msgstr "chave secreta incorrecta"
+
+#~ msgid "bad signature"
+#~ msgstr "assinatura incorrecta"
+
+#~ msgid "checksum error"
+#~ msgstr "erro de \"checksum\""
+
+#~ msgid "unknown cipher algorithm"
+#~ msgstr "algoritmo de criptografia desconhecido"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "não é possível abrir o porta-chaves"
+
+#~ msgid "invalid packet"
+#~ msgstr "pacote inválido"
+
+#~ msgid "invalid armor"
+#~ msgstr "armadura inválida"
+
+#~ msgid "no such user id"
+#~ msgstr "identificador de utilizador inexistente"
+
+#~ msgid "secret key not available"
+#~ msgstr "chave secreta não disponível"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "chave secreta incorrecta"
+
+#~ msgid "not supported"
+#~ msgstr "não suportado"
+
+#~ msgid "bad key"
+#~ msgstr "chave incorrecta"
+
+#~ msgid "file write error"
+#~ msgstr "erro de escrita"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "algoritmo de compressão desconhecido"
+
+#~ msgid "file open error"
+#~ msgstr "erro na abertura do ficheiro"
+
+#~ msgid "file create error"
+#~ msgstr "erro na criação do ficheiro"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "frase-secreta inválida"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "algoritmo de chave pública não implementado"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "algoritmo de criptografia não implementado"
+
+#~ msgid "unknown signature class"
+#~ msgstr "classe de assinatura desconhecida"
+
+#~ msgid "trust database error"
+#~ msgstr "erro na base de dados de confiança"
+
+#~ msgid "resource limit"
+#~ msgstr "limite de recursos"
+
+#~ msgid "invalid keyring"
+#~ msgstr "porta-chaves inválido"
+
+#~ msgid "malformed user id"
+#~ msgstr "identificador de utilizador malformado"
+
+#~ msgid "file close error"
+#~ msgstr "erro ao fechar ficheiro"
+
+#~ msgid "file rename error"
+#~ msgstr "erro na renomeação do ficheiro"
+
+#~ msgid "file delete error"
+#~ msgstr "erro na remoção do ficheiro"
+
+#~ msgid "unexpected data"
+#~ msgstr "dados inesperados"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "conflito de \"timestamp\""
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "algoritmo de chave pública inutilizável"
+
+#~ msgid "file exists"
+#~ msgstr "o ficheiro já existe"
+
+#~ msgid "weak key"
+#~ msgstr "chave fraca"
+
+#~ msgid "bad URI"
+#~ msgstr "URI incorrecto"
+
+#~ msgid "unsupported URI"
+#~ msgstr "URI não suportado"
+
+#~ msgid "network error"
+#~ msgstr "erro na rede"
+
+#~ msgid "not processed"
+#~ msgstr "não processado"
+
+#~ msgid "unusable public key"
+#~ msgstr "chave pública não utilizável"
+
+#~ msgid "unusable secret key"
+#~ msgstr "chave secreta não utilizável"
+
+#~ msgid "keyserver error"
+#~ msgstr "erro do servidor de chaves"
+
+#, fuzzy
+#~ msgid "no card"
+#~ msgstr "não cifrado"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "não há dados assinados\n"
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... isto é um bug (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "AVISO: a utilizar memória insegura!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "a operação não é possível sem memória segura inicializada\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(você pode ter usado o programa errado para esta tarefa)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr "veja http://www.gnupg.org/why-not-idea.html para mais informações\n"
+
+#, fuzzy
+#~ msgid "all export-clean-* options from above"
+#~ msgstr "ler opções do ficheiro"
+
+#, fuzzy
+#~ msgid "all import-clean-* options from above"
+#~ msgstr "ler opções do ficheiro"
+
+#, fuzzy
+#~ msgid "expired: %s)"
+#~ msgstr "[expira: %s]"
+
+#, fuzzy
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr "chave %08lX: classe de assinatura inesperada (%02x) - ignorada\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "não foi possível alterar o exec-path para %s\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "o utilizador com o id \"%s\" já está revocado\n"
+
+#, fuzzy
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr "algoritmo de criptografia desconhecido"
+
+#~ msgid "can't set client pid for the agent\n"
+#~ msgstr "não consegui colocar o pid do cliente no agente\n"
+
+#~ msgid "can't get server read FD for the agent\n"
+#~ msgstr "não consigo obter FD de leitura no servidor para o agente\n"
+
+#~ msgid "can't get server write FD for the agent\n"
+#~ msgstr "não consigo obter FD de escrita no servidor para o agente\n"
+
+#~ msgid "select secondary key N"
+#~ msgstr "seleciona chave secundária N"
+
+#~ msgid "list signatures"
+#~ msgstr "lista assinaturas"
+
+#~ msgid "sign the key"
+#~ msgstr "assina a chave"
+
+#~ msgid "add a secondary key"
+#~ msgstr "adiciona nova chave secundária"
+
+#~ msgid "delete signatures"
+#~ msgstr "remove assinaturas"
+
+#~ msgid "change the expire date"
+#~ msgstr "muda a data de validade"
+
+#~ msgid "set preference list"
+#~ msgstr "configurar lista de preferências"
+
+#~ msgid "updated preferences"
+#~ msgstr "preferências actualizadas"
+
+#~ msgid "No secondary key with index %d\n"
+#~ msgstr "Nenhuma chave secundária com índice %d\n"
+
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--nrsign-key id-utilizador"
+
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--nrlsign-key id-utilizador"
+
+#~ msgid "sign the key non-revocably"
+#~ msgstr "assina a chave de forma não-revogável"
+
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "assinar a chave localmente e de forma não revogável"
+
+#~ msgid "q"
+#~ msgstr "q"
+
+#~ msgid "list"
+#~ msgstr "list"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "debug"
+#~ msgstr "debug"
+
+#, fuzzy
+#~ msgid "name"
+#~ msgstr "enable"
+
+#, fuzzy
+#~ msgid "login"
+#~ msgstr "lsign"
+
+#, fuzzy
+#~ msgid "cafpr"
+#~ msgstr "fpr"
+
+#, fuzzy
+#~ msgid "forcesig"
+#~ msgstr "revsig"
+
+#, fuzzy
+#~ msgid "generate"
+#~ msgstr "erro geral"
+
+#~ msgid "passwd"
+#~ msgstr "passwd"
+
+#~ msgid "save"
+#~ msgstr "save"
+
+#~ msgid "fpr"
+#~ msgstr "fpr"
+
+#~ msgid "uid"
+#~ msgstr "uid"
+
+#~ msgid "key"
+#~ msgstr "key"
+
+#~ msgid "check"
+#~ msgstr "check"
+
+#~ msgid "c"
+#~ msgstr "c"
+
+#~ msgid "sign"
+#~ msgstr "sign"
+
+#~ msgid "s"
+#~ msgstr "s"
+
+#, fuzzy
+#~ msgid "tsign"
+#~ msgstr "sign"
+
+#~ msgid "lsign"
+#~ msgstr "lsign"
+
+#~ msgid "nrsign"
+#~ msgstr "nrsign"
+
+#~ msgid "nrlsign"
+#~ msgstr "nrlsign"
+
+#~ msgid "adduid"
+#~ msgstr "adduid"
+
+#~ msgid "addphoto"
+#~ msgstr "addphoto"
+
+#~ msgid "deluid"
+#~ msgstr "deluid"
+
+#~ msgid "delphoto"
+#~ msgstr "delphoto"
+
+#, fuzzy
+#~ msgid "addcardkey"
+#~ msgstr "addkey"
+
+#~ msgid "delkey"
+#~ msgstr "delkey"
+
+#~ msgid "addrevoker"
+#~ msgstr "addrevoker"
+
+#~ msgid "delsig"
+#~ msgstr "delsig"
+
+#~ msgid "expire"
+#~ msgstr "expire"
+
+#~ msgid "primary"
+#~ msgstr "primary"
+
+#~ msgid "toggle"
+#~ msgstr "toggle"
+
+#~ msgid "t"
+#~ msgstr "t"
+
+#~ msgid "pref"
+#~ msgstr "pref"
+
+#~ msgid "showpref"
+#~ msgstr "showpref"
+
+#~ msgid "setpref"
+#~ msgstr "setpref"
+
+#~ msgid "updpref"
+#~ msgstr "updpref"
+
+#, fuzzy
+#~ msgid "keyserver"
+#~ msgstr "erro do servidor de chaves"
+
+#~ msgid "trust"
+#~ msgstr "trust"
+
+#~ msgid "revsig"
+#~ msgstr "revsig"
+
+#~ msgid "revuid"
+#~ msgstr "revuid"
+
+#~ msgid "revkey"
+#~ msgstr "revkey"
+
+#~ msgid "disable"
+#~ msgstr "disable"
+
+#~ msgid "enable"
+#~ msgstr "enable"
+
+#~ msgid "showphoto"
+#~ msgstr "showphoto"
+
+#~ msgid ""
+#~ "About to generate a new %s keypair.\n"
+#~ " minimum keysize is 768 bits\n"
+#~ " default keysize is 1024 bits\n"
+#~ " highest suggested keysize is 2048 bits\n"
+#~ msgstr ""
+#~ "Prestes a gerar um novo par de chaves %s.\n"
+#~ " tamanho mínimo é 768 bits\n"
+#~ " tamanho por omissão é 1024 bits\n"
+#~ " tamanho máximo sugerido é 2048 bits\n"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "DSA permite apenas tamanhos de 512 a 1024\n"
+
+#~ msgid "keysize too small; 1024 is smallest value allowed for RSA.\n"
+#~ msgstr "tamanho muito pequeno; 1024 é o valor mínimo permitido para RSA.\n"
+
+#~ msgid "keysize too small; 768 is smallest value allowed.\n"
+#~ msgstr "tamanho muito pequeno; 768 é o valor mínimo permitido.\n"
+
+#~ msgid "keysize too large; %d is largest value allowed.\n"
+#~ msgstr "tamanho muito grande; %d é o valor máximo permitido.\n"
+
+#~ msgid ""
+#~ "Keysizes larger than 2048 are not suggested because\n"
+#~ "computations take REALLY long!\n"
+#~ msgstr ""
+#~ "Tamanhos de chave maiores que 2048 não são recomendados\n"
+#~ "porque o tempo de computação é REALMENTE longo!\n"
+
+#, fuzzy
+#~ msgid "Are you sure that you want this keysize? (y/N) "
+#~ msgstr "Você tem certeza de que quer este tamanho de chave? "
+
+#~ msgid ""
+#~ "Okay, but keep in mind that your monitor and keyboard radiation is also "
+#~ "very vulnerable to attacks!\n"
+#~ msgstr ""
+#~ "Tudo bem, mas não se esqueça que a radiação do seu monitor e teclado "
+#~ "também é extremamente vulnerável a ataques!\n"
+
+#~ msgid "Experimental algorithms should not be used!\n"
+#~ msgstr "Algoritmos experimentais não devem ser usados!\n"
+
+#~ msgid ""
+#~ "this cipher algorithm is deprecated; please use a more standard one!\n"
+#~ msgstr ""
+#~ "este algoritmo de criptografia está desctualizado; por favor use um "
+#~ "algoritmo mais standard!x\n"
+
+#, fuzzy
+#~ msgid "sorry, can't do this in batch mode\n"
+#~ msgstr "impossível fazer isso em modo não-interativo\n"
+
+#, fuzzy
+#~ msgid "can't open file `%s': %s\n"
+#~ msgstr "impossível abrir %s: %s\n"
+
+#, fuzzy
+#~ msgid " \""
+#~ msgstr " ou \""
+
+#~ msgid "key %08lX: key has been revoked!\n"
+#~ msgstr "chave %08lX: a chave foi revogada!\n"
+
+#~ msgid "key %08lX: subkey has been revoked!\n"
+#~ msgstr "chave %08lX: a subchave foi revogada!\n"
+
+#~ msgid "%08lX: key has expired\n"
+#~ msgstr "%08lX: a chave expirou\n"
+
+#~ msgid "%08lX: We do NOT trust this key\n"
+#~ msgstr "%08lX: Nós NÃO confiamos nesta chave\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (auth only)\n"
+#~ msgstr " (%d) RSA (apenas assinatura)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign and auth)\n"
+#~ msgstr " (%d) RSA (assinatura e cifragem)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (encrypt and auth)\n"
+#~ msgstr " (%d) RSA (apenas cifragem)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign, encrypt and auth)\n"
+#~ msgstr " (%d) RSA (assinatura e cifragem)\n"
+
+#~ msgid "%s: can't open: %s\n"
+#~ msgstr "%s: impossível abrir: %s\n"
+
+#~ msgid "%s: WARNING: empty file\n"
+#~ msgstr "%s: AVISO: ficheiro vazio\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust marginally\n"
+#~ msgstr " %d = Confio moderadamente\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust fully\n"
+#~ msgstr " %d = Confio plenamente\n"
+
+#, fuzzy
+#~ msgid "expires"
+#~ msgstr "expire"
+
+#, fuzzy
+#~ msgid ""
+#~ "\"\n"
+#~ "locally signed with your key %s at %s\n"
+#~ msgstr ""
+#~ "\"\n"
+#~ "assinada localmente com a sua chave %08lX em %s\n"
+
+#~ msgid "%s: can't access: %s\n"
+#~ msgstr "%s: impossível aceder: %s\n"
+
+#~ msgid "%s: can't create lock\n"
+#~ msgstr "%s: impossível criar tranca\n"
+
+#~ msgid "%s: can't make lock\n"
+#~ msgstr "%s: impossível criar tranca\n"
+
+#~ msgid "%s: can't create: %s\n"
+#~ msgstr "%s: impossível criar: %s\n"
+
+#~ msgid "If you want to use this revoked key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Se você quiser usar esta chave revogada assim mesmo, responda \"sim\"."
+
+#, fuzzy
+#~ msgid "Unable to open photo \"%s\": %s\n"
+#~ msgstr "não foi possível alterar o exec-path para %s\n"
+
+#, fuzzy
+#~ msgid "error: no ownertrust value\n"
+#~ msgstr "exportar os valores de confiança"
+
+#~ msgid " (main key ID %08lX)"
+#~ msgstr " (ID principal da chave %08lX)"
+
+#~ msgid "rev! subkey has been revoked: %s\n"
+#~ msgstr "rev! subchave foi revogada: %s\n"
+
+#~ msgid "rev- faked revocation found\n"
+#~ msgstr "rev- revogação falsa encontrada\n"
+
+#, fuzzy
+#~ msgid " [expired: %s]"
+#~ msgstr "[expira: %s]"
+
+#~ msgid " [expires: %s]"
+#~ msgstr "[expira: %s]"
+
+#, fuzzy
+#~ msgid " [revoked: %s]"
+#~ msgstr "revkey"
+
+#~ msgid "|[files]|encrypt files"
+#~ msgstr "|[ficheiros]|cifrar ficheiros"
+
+#~ msgid "store only"
+#~ msgstr "apenas armazenar"
+
+#~ msgid "|[files]|decrypt files"
+#~ msgstr "|[ficheiros]|decifrar ficheiros"
+
+#~ msgid "sign a key non-revocably"
+#~ msgstr "assinar uma chave de forma não revocável"
+
+#~ msgid "sign a key locally and non-revocably"
+#~ msgstr "assinar uma chave localmente e de forma não revocável"
+
+#~ msgid "list only the sequence of packets"
+#~ msgstr "listar apenas as sequências de pacotes"
+
+#~ msgid "export the ownertrust values"
+#~ msgstr "exportar os valores de confiança"
+
+#~ msgid "unattended trust database update"
+#~ msgstr "actualizar automaticamente a base de dados de confiança"
+
+#~ msgid "fix a corrupted trust database"
+#~ msgstr "consertar uma base de dados de confiança"
+
+#~ msgid "De-Armor a file or stdin"
+#~ msgstr "retirar armadura de um ficheiro ou do \"stdin\""
+
+#~ msgid "En-Armor a file or stdin"
+#~ msgstr "criar armadura para um ficheiro ou \"stdin\""
+
+#~ msgid "do not force v3 signatures"
+#~ msgstr "não forçar assinaturas v3"
+
+#~ msgid "force v4 key signatures"
+#~ msgstr "forçar assinaturas v4"
+
+#~ msgid "do not force v4 key signatures"
+#~ msgstr "não forçar assinaturas v4"
+
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "nunca usar um MDC para cifrar"
+
+#~ msgid "use the gpg-agent"
+#~ msgstr "utilizar o gpg-agent"
+
+#~ msgid "|[file]|write status info to file"
+#~ msgstr "|[ficheiro]|escrever ifnroamções de estado para o ficheiro"
+
+#~ msgid "|KEYID|ultimately trust this key"
+#~ msgstr "|KEYID|confiar totalmente nesta chave"
+
+#~ msgid "emulate the mode described in RFC1991"
+#~ msgstr "emular o modo descrito no RFC1991"
+
+#~ msgid "set all packet, cipher and digest options to OpenPGP behavior"
+#~ msgstr ""
+#~ "configurar todas as opções de pacote, cifragem e \"digest\"\n"
+#~ "para comportamento OpenPGP"
+
+#~ msgid "set all packet, cipher and digest options to PGP 2.x behavior"
+#~ msgstr ""
+#~ "configurar todas as opções de pacote, cifragem e \"digest\"\n"
+#~ "para comportamento PGP 2.x"
+
+#~ msgid "|NAME|use message digest algorithm NAME for passphrases"
+#~ msgstr ""
+#~ "|NOME|usar algoritmo de \"digest\" de mensagens NOME\n"
+#~ "para frases secretas"
+
+#~ msgid "throw keyid field of encrypted packets"
+#~ msgstr "eliminar campo keyid dos pacotes cifrados"
+
+#~ msgid "Show Photo IDs"
+#~ msgstr "Mostrar IDs Fotográficos"
+
+#~ msgid "Don't show Photo IDs"
+#~ msgstr "Não mostrar IDs Fotográficos"
+
+#~ msgid "Set command line to view Photo IDs"
+#~ msgstr "Configurar linha de comandos para ver fotografias"
+
+#, fuzzy
+#~ msgid "compress algorithm `%s' is read-only in this release\n"
+#~ msgstr "o algoritmo de compressão deve estar na faixa %d..%d\n"
+
+#~ msgid "compress algorithm must be in range %d..%d\n"
+#~ msgstr "o algoritmo de compressão deve estar na faixa %d..%d\n"
+
+#~ msgid ""
+#~ "%08lX: It is not sure that this key really belongs to the owner\n"
+#~ "but it is accepted anyway\n"
+#~ msgstr ""
+#~ "%08lX: Não se tem certeza de que esta chave realmente pertence ao dono,\n"
+#~ "mas é aceite de qualquer modo\n"
+
+#~ msgid "preference %c%lu is not valid\n"
+#~ msgstr "preferência %c%lu não é válida\n"
+
+#~ msgid "key %08lX: not a rfc2440 key - skipped\n"
+#~ msgstr "chave %08lX: não é uma chave rfc2440 - ignorada\n"
+
+#~ msgid ""
+#~ "NOTE: Elgamal primary key detected - this may take some time to import\n"
+#~ msgstr ""
+#~ "NOTA: Chave primária Elgamal detectada - pode demorar algum tempo a "
+#~ "importar\n"
+
+#~ msgid " (default)"
+#~ msgstr " (por omissão)"
+
+#~ msgid "%s%c %4u%c/%08lX created: %s expires: %s"
+#~ msgstr "%s%c %4u%c/%08lX criada: %s expira: %s"
+
+#~ msgid "Policy: "
+#~ msgstr "Política: "
+
+#~ msgid "can't get key from keyserver: %s\n"
+#~ msgstr "não consigo obter chave do servidor: %s\n"
+
+#~ msgid "success sending to `%s' (status=%u)\n"
+#~ msgstr "sucesso ao enviar para `%s' (estado=%u)\n"
+
+#~ msgid "failed sending to `%s': status=%u\n"
+#~ msgstr "erro ao enviar para `%s': estado=%u\n"
+
+#~ msgid "can't search keyserver: %s\n"
+#~ msgstr "não consigo procurar no servidor de chaves: %s\n"
+
+#~ msgid ""
+#~ "key %08lX: this is a PGP generated ElGamal key which is NOT secure for "
+#~ "signatures!\n"
+#~ msgstr ""
+#~ "chave: %08lX: esta é uma chave ElGamal gerada pelo PGP que NÃO é segura "
+#~ "para assinaturas!\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu second in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "a chave %08lX foi criada %lu segundo no futuro\n"
+#~ "(viagem no tempo ou problema no relógio)\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu seconds in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "a chave %08lX foi criada %lu segundos no futuro\n"
+#~ "(viagem no tempo ou problema no relógio)\n"
+
+#~ msgid "key %08lX marked as ultimately trusted\n"
+#~ msgstr "chave %08lX marcada como de confiança absoluta\n"
+
+#~ msgid "checking at depth %d signed=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+#~ msgstr ""
+#~ "a verificar à profundidade %d assinado=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%"
+#~ "d\n"
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the digital signature algorithm which can only be used\n"
+#~ "for signatures. This is the suggested algorithm because verification of\n"
+#~ "DSA signatures are much faster than those of ElGamal.\n"
+#~ "\n"
+#~ "ElGamal is an algorithm which can be used for signatures and encryption.\n"
+#~ "OpenPGP distinguishs between two flavors of this algorithms: an encrypt "
+#~ "only\n"
+#~ "and a sign+encrypt; actually it is the same, but some parameters must be\n"
+#~ "selected in a special way to create a safe key for signatures: this "
+#~ "program\n"
+#~ "does this but other OpenPGP implementations are not required to "
+#~ "understand\n"
+#~ "the signature+encryption flavor.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of "
+#~ "signing;\n"
+#~ "this is the reason why the encryption only ElGamal key is not available "
+#~ "in\n"
+#~ "this menu."
+#~ msgstr ""
+#~ "Seleccione o algoritmo a ser usado.\n"
+#~ "\n"
+#~ "DSA (ou DSS) é o algoritmo de assinatura digital que pode ser usado "
+#~ "apenas\n"
+#~ "para assinaturas. Este é o algoritmo recomendado porque a verificação de\n"
+#~ "assinaturas DSA é muito mais rápida que a verificação de ElGamal.\n"
+#~ "\n"
+#~ "ElGamal é um algoritmo que pode ser usado para assinatura e cifragem.\n"
+#~ "O OpenPGP distingue dois tipos deste algoritmo: um apenas para cifragem\n"
+#~ "e outro para assinatura+cifragem; na verdade são iguais, mas alguns\n"
+#~ "parâmetros precisam ser escolhidos de modo especial para criar uma chave\n"
+#~ "segura para assinatura: este programa faz isso, mas algumas outras\n"
+#~ "implementações do OpenPGP não vão necessariamente entender o tipo\n"
+#~ "assinatura+cifragem.\n"
+#~ "\n"
+#~ "A chave primária precisa sempre ser uma chave capaz de fazer "
+#~ "assinaturas;\n"
+#~ "este é o motivo pelo qual a chave ElGamal apenas para cifragem não está\n"
+#~ "disponível neste menu."
+
+#~ msgid ""
+#~ "Although these keys are defined in RFC2440 they are not suggested\n"
+#~ "because they are not supported by all programs and signatures created\n"
+#~ "with them are quite large and very slow to verify."
+#~ msgstr ""
+#~ "Apesar de estas chaves estarem definidas no RFC2440, elas não são "
+#~ "recomendadas\n"
+#~ "porque não são suportadas por todos os programas e assinaturas criadas "
+#~ "com\n"
+#~ "elas são grandes e sua verificação é lenta."
+
+#~ msgid "%lu keys so far checked (%lu signatures)\n"
+#~ msgstr "%lu chaves verificadas até agora (%lu assinaturas)\n"
+
+#, fuzzy
+#~ msgid "key %08lX incomplete\n"
+#~ msgstr "chave %08lX: sem ID de utilizador\n"
+
+#, fuzzy
+#~ msgid "quit|quit"
+#~ msgstr "sair"
+
+#~ msgid " (%d) ElGamal (sign and encrypt)\n"
+#~ msgstr " (%d) ElGamal (assinatura e cifragem)\n"
+
+#~ msgid ""
+#~ "The use of this algorithm is only supported by GnuPG. You will not be\n"
+#~ "able to use this key to communicate with PGP users. This algorithm is "
+#~ "also\n"
+#~ "very slow, and may not be as secure as the other choices.\n"
+#~ msgstr ""
+#~ "A utilização deste algoritmo só é suportada pelo GnuPG. Não poderá "
+#~ "utilizar\n"
+#~ "esta chave para comunicar com utilizadores do PGP. Este algoritmo é "
+#~ "para\n"
+#~ "além disto muito lento, e pode não ser tão seguro como as outras opções.\n"
+
+#~ msgid "Create anyway? "
+#~ msgstr "Criar mesmo assim?"
+
+#~ msgid "invalid symkey algorithm detected (%d)\n"
+#~ msgstr "algoritmo de 'symkey' inválido detectado (%d)\n"
+
+#~ msgid "this keyserver is not fully HKP compatible\n"
+#~ msgstr "o servidor de chaves não é totalmente compatível com HKP\n"
diff --git a/po/pt_BR.gmo b/po/pt_BR.gmo
new file mode 100644
index 0000000..8aa49dd
--- /dev/null
+++ b/po/pt_BR.gmo
Binary files differ
diff --git a/po/pt_BR.po b/po/pt_BR.po
new file mode 100644
index 0000000..f1ecae7
--- /dev/null
+++ b/po/pt_BR.po
@@ -0,0 +1,10177 @@
+# Portuguese (Brazilian) messages for gnupg
+# Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+# Thiago Jung Bauermann <jungmann@cwb.matrix.com.br>, 1999.
+# Revised by Rafael Caetano dos Santos <rcaetano@linux.ime.usp.br>.
+# I tried to make this one close to es_ES by Urko Lusa
+#
+# Rafael Caetano dos Santos <rcaetano@linux.ime.usp.br> used to be
+# the last translator but he can't continue his work.
+#
+# Designated-Translator: none
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.0\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2007-08-16 11:35+0200\n"
+"Last-Translator:\n"
+"Language-Team: ?\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-1\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "falha ao inicializar o banco de dados de confiabilidade: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr ""
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "Por favor digite a frase secreta"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "linha muito longa\n"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "linha muito longa\n"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Caractere inválido no nome\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "MPI incorreto"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "frase secreta incorreta"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "frase secreta incorreta"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "algoritmo de proteção %d não é suportado\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, fuzzy, c-format
+msgid "can't create `%s': %s\n"
+msgstr "impossível criar %s: %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "impossível abrir `%s': %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "impossível bloquear chaveiro secreto: %s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "enumeração de blocos de chaves falhou: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "erro na escrita do chaveiro `%': %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Por favor digite a frase secreta"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "muda a frase secreta"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr "Por favor digite a frase secreta"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: falha ao criar tabela de \"hash\": %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+#, fuzzy
+msgid "Admin PIN"
+msgstr "Digite o identificador de usuário: "
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Repita a frase secreta: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Repita a frase secreta: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Repita a frase secreta: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "A frase secreta não foi repetida corretamente; tente outra vez.\n"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "A frase secreta não foi repetida corretamente; tente outra vez.\n"
+
+#: agent/divert-scd.c:298
+#, fuzzy
+msgid "PIN not correctly repeated; try again"
+msgstr "A frase secreta não foi repetida corretamente; tente outra vez.\n"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr ""
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "erro na escrita do chaveiro `%': %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "Digite a frase secreta: "
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Usa esta chave de qualquer modo? "
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"Você precisa de uma frase secreta para proteger sua chave.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "muda a frase secreta"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opções:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "detalhado"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "ser mais silencioso"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "|ARQUIVO|carregar módulo de extensão ARQUIVO"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "exportar chaves para um servidor"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr "Realmente remover todos os IDs de usuário selecionados? "
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "atualizar o banco de dados de confiabilidade"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Por favor comunique bugs para <gnupg-bugs@gnu.org>.\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Uso: gpg [opções] [arquivos] (-h para ajuda)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "NOTA: arquivo de opções padrão `%s' inexistente\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "arquivo de opções `%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "lendo opções de `%s'\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, fuzzy, c-format
+msgid "error creating `%s': %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, fuzzy, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "%s: impossível criar diretório: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "impossível criar %s: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, fuzzy, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "Certificado de revogação válido"
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "atualização falhou: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "escrevendo certificado privado para `%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, fuzzy, c-format
+msgid "directory `%s' created\n"
+msgstr "%s: diretório criado\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "banco de dados de confiabilidade: leitura falhou (n=%d): %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "%s: impossível criar diretório: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "atualização da chave secreta falhou: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "\t%lu chaves ignoradas\n"
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, fuzzy, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "algoritmo de proteção %d não é suportado\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Uso: gpg [opções] [arquivos] (-h para ajuda)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Comandos:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opções:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Uso: gpg [opções] [arquivos] (-h para ajuda)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Por favor digite a frase secreta"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Por favor digite a frase secreta"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr "Por favor digite a frase secreta"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "frase secreta incorreta"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+msgid "cancelled\n"
+msgstr ""
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "usuário `%s' não encontrado: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "chave secreta não disponível"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "erro de leitura: %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "sim"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "muda a frase secreta"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "impossível abrir arquivo: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "%s: usuário não encontrado\n"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr ""
+
+#: common/simple-pwquery.c:395
+#, fuzzy, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "impossível abrir `%s': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr ""
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr ""
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+msgid "canceled by user\n"
+msgstr ""
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr ""
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "impossível desativar core dumps: %s\n"
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+#, fuzzy
+msgid "yes"
+msgstr "sim"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "sS"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "não"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+# INICIO MENU
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "sair"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "qQ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+#, fuzzy
+msgid "cC"
+msgstr "c"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "Certificado correto"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "Certificado correto"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "Certificado correto"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "Certificado correto"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "Certificado correto"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "Certificado correto"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "Certificado de revogação válido"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr ""
+"Nenhum certificado com confiança indefinida encontrado.\n"
+"\n"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "Nenhuma ajuda disponível"
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: chaveiro criado\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "armadura: %s\n"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Algoritmos suportados:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "não criptografado"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+# "hash" poderia ser "espalhamento", mas não fica claro
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "algoritmo de hash inválido `%s'\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Esta chave não é protegida.\n"
+
+# "hash" poderia ser "espalhamento", mas não fica claro
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "algoritmo de hash inválido `%s'\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "algoritmo de proteção %d não é suportado\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "verificação de assinatura suprimida\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "Esta chave não é protegida.\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "Assinatura correta de \""
+
+# "hash" poderia ser "espalhamento", mas não fica claro
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "algoritmo de hash inválido `%s'\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "Esta chave não é protegida.\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "Certificado de revogação válido"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr ""
+"Nenhum certificado com confiança indefinida encontrado.\n"
+"\n"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "Certificado correto"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Nenhuma ajuda disponível"
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "Certificado correto"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "Certificado inválido"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "versão desconhecida"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "Nenhuma ajuda disponível para `%s'"
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "erro na linha \"trailer\"\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "versão desconhecida"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "armadura: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "cabeçalho de armadura inválido: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "cabeçalho de armadura: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "cabeçalho de assinatura em texto puro inválido\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "cabeçalho de armadura: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "assinaturas em texto puro aninhadas\n"
+
+#: g10/armor.c:643
+#, fuzzy
+msgid "unexpected armor: "
+msgstr "armadura inesperada:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "linha com hífen inválida: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, fuzzy, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "caractere radix64 inválido %02x ignorado\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "fim de arquivo prematuro (sem CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "fim de arquivo prematuro (no CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "CRC malformado\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, fuzzy, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "erro de CRC; %06lx - %06lx\n"
+
+#: g10/armor.c:919
+#, fuzzy
+msgid "premature eof (in trailer)\n"
+msgstr "fim de arquivo prematuro (no \"Trailer\")\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "erro na linha \"trailer\"\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "nenhum dado OpenPGP válido encontrado.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "armadura inválida: linha maior que %d caracteres\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"caractere \"quoted printable\" na armadura - provavelmente um MTA com bugs "
+"foi usado\n"
+
+#: g10/build-packet.c:976
+#, fuzzy
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"um nome de notação deve ter apenas letras, dígitos, pontos ou sublinhados e "
+"terminar com '='\n"
+
+#: g10/build-packet.c:988
+#, fuzzy
+msgid "a user notation name must contain the '@' character\n"
+msgstr "um valor de notação não deve usar caracteres de controle\n"
+
+#: g10/build-packet.c:994
+#, fuzzy
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "um valor de notação não deve usar caracteres de controle\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "um valor de notação não deve usar caracteres de controle\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "AVISO: dados de notação inválidos encontrados\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr ""
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, fuzzy, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "chave secreta não disponível"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr ""
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+#, fuzzy
+msgid "can't do this in batch mode\n"
+msgstr "impossível fazer isso em modo não-interativo\n"
+
+#: g10/card-util.c:106
+msgid "This command is only available for version 2 cards\n"
+msgstr ""
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "a chave pública não está mais disponível"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Sua opção? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr ""
+
+#: g10/card-util.c:512
+#, fuzzy
+msgid "male"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "female"
+msgstr "enable"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr ""
+
+#: g10/card-util.c:540
+#, fuzzy
+msgid "not forced"
+msgstr "não processado(s)"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr ""
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr ""
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr ""
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr ""
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:693
+#, fuzzy
+msgid "URL to retrieve public key: "
+msgstr "escrevendo certificado público para `%s'\n"
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr ""
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:1005
+#, fuzzy
+msgid "Language preferences: "
+msgstr "lista preferências"
+
+#: g10/card-util.c:1013
+#, fuzzy
+msgid "Error: invalid length of preference string.\n"
+msgstr "Caractere inválido no nome\n"
+
+#: g10/card-util.c:1022
+#, fuzzy
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Caractere inválido no nome\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr ""
+
+#: g10/card-util.c:1058
+#, fuzzy
+msgid "Error: invalid response.\n"
+msgstr "erro: impressão digital inválida\n"
+
+#: g10/card-util.c:1080
+#, fuzzy
+msgid "CA fingerprint: "
+msgstr "Impressão digital:"
+
+#: g10/card-util.c:1103
+#, fuzzy
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "erro: impressão digital inválida\n"
+
+#: g10/card-util.c:1153
+#, fuzzy, c-format
+msgid "key operation not possible: %s\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: g10/card-util.c:1154
+#, fuzzy
+msgid "not an OpenPGP card"
+msgstr "nenhum dado OpenPGP válido encontrado.\n"
+
+#: g10/card-util.c:1167
+#, fuzzy, c-format
+msgid "error getting current key info: %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: g10/card-util.c:1254
+#, fuzzy
+msgid "Replace existing key? (y/N) "
+msgstr "Realmente assinar? "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Que tamanho de chave você quer? (1024) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Que tamanho de chave você quer? (1024) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Que tamanho de chave você quer? (1024) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "arredondado para %u bits\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "ignorado: a chave secreta já está presente\n"
+
+#: g10/card-util.c:1381
+#, fuzzy
+msgid "Replace existing keys? (y/N) "
+msgstr "Realmente assinar? "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+
+#: g10/card-util.c:1449
+#, fuzzy
+msgid "Please select the type of key to generate:\n"
+msgstr "Por favor selecione o tipo de chave desejado:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+#, fuzzy
+msgid " (1) Signature key\n"
+msgstr "Esta chave não é protegida.\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+#, fuzzy
+msgid " (2) Encryption key\n"
+msgstr " (%d) ElGamal (apenas criptografia)\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr ""
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Opção inválida.\n"
+
+#: g10/card-util.c:1556
+#, fuzzy
+msgid "Please select where to store the key:\n"
+msgstr "rev- revogações de chaves incorreta\n"
+
+#: g10/card-util.c:1600
+#, fuzzy
+msgid "unknown key protection algorithm\n"
+msgstr "algoritmo de compressão desconhecido"
+
+#: g10/card-util.c:1605
+#, fuzzy
+msgid "secret parts of key are not available\n"
+msgstr "chave secreta não disponível"
+
+#: g10/card-util.c:1610
+#, fuzzy
+msgid "secret key already stored on a card\n"
+msgstr "ignorado: a chave secreta já está presente\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "erro na escrita do chaveiro `%': %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "sair deste menu"
+
+#: g10/card-util.c:1684
+#, fuzzy
+msgid "show admin commands"
+msgstr "comandos conflitantes\n"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "mostra esta ajuda"
+
+#: g10/card-util.c:1687
+#, fuzzy
+msgid "list all available data"
+msgstr "Nenhuma ajuda disponível"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr ""
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr ""
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr ""
+
+#: g10/card-util.c:1693
+#, fuzzy
+msgid "change the login name"
+msgstr "muda a data de validade"
+
+#: g10/card-util.c:1694
+#, fuzzy
+msgid "change the language preferences"
+msgstr "muda os valores de confiança"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr ""
+
+#: g10/card-util.c:1696
+#, fuzzy
+msgid "change a CA fingerprint"
+msgstr "mostra impressão digital"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+#, fuzzy
+msgid "generate new keys"
+msgstr "gerar um novo par de chaves"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr ""
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+#, fuzzy
+msgid "Admin-only command\n"
+msgstr "comandos conflitantes\n"
+
+#: g10/card-util.c:1895
+#, fuzzy
+msgid "Admin commands are allowed\n"
+msgstr "comandos conflitantes\n"
+
+#: g10/card-util.c:1897
+#, fuzzy
+msgid "Admin commands are not allowed\n"
+msgstr "escrevendo certificado privado para `%s'\n"
+
+# help ou ajuda ???
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Comando inválido (tente \"help\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr ""
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "impossível abrir `%s'\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, fuzzy, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "usuário `%s' não encontrado: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, fuzzy, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr ""
+
+#: g10/delkey.c:133
+#, fuzzy
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "impossível fazer isso em modo não-interativo sem \"--yes\"\n"
+
+#: g10/delkey.c:145
+#, fuzzy
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Deletar esta chave do chaveiro? "
+
+#: g10/delkey.c:153
+#, fuzzy
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Esta é uma chave secreta! - realmente deletar? "
+
+#: g10/delkey.c:163
+#, fuzzy, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "enumeração de blocos de chaves falhou: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr ""
+
+#: g10/delkey.c:204
+#, fuzzy, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "há uma chave secreta para esta chave pública!\n"
+
+#: g10/delkey.c:206
+#, fuzzy
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "use a opção \"--delete-secret-key\" para deletá-la antes.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr ""
+
+#: g10/encode.c:246
+#, fuzzy, c-format
+msgid "using cipher %s\n"
+msgstr "assinatura falhou: %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, fuzzy, c-format
+msgid "`%s' already compressed\n"
+msgstr "%lu chaves processadas\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "AVISO: `%s' é um arquivo vazio\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "lendo de `%s'\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+
+#: g10/encode.c:559
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "NOTA: algoritmo de criptografia %d não encontrado nas preferências\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr "NOTA: algoritmo de criptografia %d não encontrado nas preferências\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr ""
+
+#: g10/encode.c:848
+#, fuzzy, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s criptografado para: %s\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "dados criptografados com %s\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "criptografado com algoritmo desconhecido %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"AVISO: A mensagem foi criptografada com uma chave fraca na criptografia\n"
+"simétrica.\n"
+
+#: g10/encr-data.c:154
+#, fuzzy
+msgid "problem handling encrypted packet\n"
+msgstr "eliminar o campo keyid dos pacotes criptografados\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr ""
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+
+#: g10/exec.c:338
+#, fuzzy
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr "%s: erro lendo registro de versão: %s\n"
+
+#: g10/exec.c:416
+#, fuzzy, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "impossível abrir %s: %s\n"
+
+#: g10/exec.c:419
+#, fuzzy, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "impossível abrir %s: %s\n"
+
+#: g10/exec.c:510
+#, fuzzy, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "%s: erro lendo registro de versão: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr ""
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr ""
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr ""
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr ""
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr ""
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr ""
+"A assinatura será marcada como não-exportável.\n"
+"\n"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr ""
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr "revoga uma chave secundária"
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "chave secreta incorreta"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+#, fuzzy
+msgid "exporting secret keys not allowed\n"
+msgstr "escrevendo certificado privado para `%s'\n"
+
+#: g10/export.c:367
+#, fuzzy, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "chave %08lX: não é uma chave rfc2440 - ignorada\n"
+
+#: g10/export.c:375
+#, fuzzy, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "chave %08lX: não é uma chave rfc2440 - ignorada\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "chave %08lX: certificado de revogação no local errado - ignorada\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "falha ao inicializar o banco de dados de confiabilidade: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr ""
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "AVISO: nada exportado\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "entradas demais no cache pk - desativado\n"
+
+#: g10/getkey.c:175
+#, fuzzy
+msgid "[User ID not found]"
+msgstr "[usuário não encontrado]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "Impressão digital:"
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, fuzzy, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "há uma chave secreta para esta chave pública!\n"
+
+#: g10/getkey.c:2759
+#, fuzzy, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "usando chave secundária %08lX ao invés de chave primária %08lX\n"
+
+#: g10/getkey.c:2806
+#, fuzzy, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "chave %08lX: chave secreta sem chave pública - ignorada\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "fazer uma assinatura separada"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[arquivo]|fazer uma assinatura em texto puro"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "fazer uma assinatura separada"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "criptografar dados"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr ""
+"criptografar apenas com criptografia\n"
+"simétrica"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "descriptografar dados (padrão)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "verificar uma assinatura"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "listar as chaves"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "listar as chaves e as assinaturas"
+
+#: g10/gpg.c:389
+#, fuzzy
+msgid "list and check key signatures"
+msgstr "verificar as assinaturas das chaves"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "listar as chaves e as impressões digitais"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "listar as chaves secretas"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "gerar um novo par de chaves"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "gerar um certificado de revogação"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+#, fuzzy
+msgid "remove keys from the public keyring"
+msgstr "remover a chave do chaveiro público"
+
+#: g10/gpg.c:397
+#, fuzzy
+msgid "remove keys from the secret keyring"
+msgstr "remover a chave do chaveiro secreto"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "assinar uma chave"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "assinar uma chave localmente"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "assinar ou editar uma chave"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "muda a frase secreta"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "exportar chaves"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "exportar chaves para um servidor"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "importar chaves de um servidor"
+
+#: g10/gpg.c:408
+#, fuzzy
+msgid "search for keys on a key server"
+msgstr "exportar chaves para um servidor"
+
+#: g10/gpg.c:410
+#, fuzzy
+msgid "update all keys from a keyserver"
+msgstr "importar chaves de um servidor"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "importar/fundir chaves"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr ""
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr ""
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr ""
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "atualizar o banco de dados de confiabilidade"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "imprime todos os \"digests\" de mensagens"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "criar saída com armadura ascii"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|NOME|criptografar para NOME"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr ""
+"usar este identificador de usuário para\n"
+"assinar ou descriptografar"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr ""
+"|N|estabelecer nível de compressão N\n"
+"(0 desabilita)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "usar modo de texto canônico"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "|ARQUIVO|carregar módulo de extensão ARQUIVO"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "não fazer alterações"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr ""
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr ""
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Exemplos:\n"
+"\n"
+" -se -r Bob [arquivo] assinar e criptografar para usuário Bob\n"
+" --clearsign [arquivo] criar uma assinatura em texto puro\n"
+" --detach-sign [arquivo] criar uma assinatura separada\n"
+" --list-keys [nomes] mostrar chaves\n"
+" --fingerprint [nomes] mostrar impressões digitais\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Uso: gpg [opções] [arquivos] (-h para ajuda)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintaxe: gpg [opções] [arquivos]\n"
+"assina, verifica, criptografa ou descriptografa\n"
+"a operação padrão depende dos dados de entrada\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Algoritmos suportados:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr ""
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr ""
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr ""
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+#, fuzzy
+msgid "Compression: "
+msgstr "Comentário: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "uso: gpg [opções] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "comandos conflitantes\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr ""
+
+#: g10/gpg.c:1373
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/gpg.c:1376
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/gpg.c:1379
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/gpg.c:1385
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/gpg.c:1388
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/gpg.c:1391
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/gpg.c:1397
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/gpg.c:1400
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/gpg.c:1403
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/gpg.c:1409
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/gpg.c:1412
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/gpg.c:1415
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/gpg.c:1595
+#, fuzzy, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+#, fuzzy
+msgid "show all notations during signature listings"
+msgstr "Nenhuma assinatura correspondente no chaveiro secreto\n"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "a URL de política dada é inválida\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr "alterna entre listagem de chave secreta e pública"
+
+#: g10/gpg.c:1721
+#, fuzzy
+msgid "show expiration dates during signature listings"
+msgstr "Nenhuma assinatura correspondente no chaveiro secreto\n"
+
+#: g10/gpg.c:1855
+#, fuzzy, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "NOTA: arquivo de opções padrão `%s' inexistente\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "NOTA: %s não é para uso normal!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, fuzzy, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "%s não é um conjunto de caracteres válido\n"
+
+#: g10/gpg.c:2624
+#, fuzzy, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "%s não é um conjunto de caracteres válido\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+#, fuzzy
+msgid "could not parse keyserver URL\n"
+msgstr "impossível escrever para o chaveiro: %s\n"
+
+#: g10/gpg.c:2659
+#, fuzzy, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "AVISO: `%s' é um arquivo vazio\n"
+
+#: g10/gpg.c:2662
+#, fuzzy
+msgid "invalid keyserver options\n"
+msgstr "chaveiro inválido"
+
+#: g10/gpg.c:2669
+#, fuzzy, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "AVISO: `%s' é um arquivo vazio\n"
+
+#: g10/gpg.c:2672
+#, fuzzy
+msgid "invalid import options\n"
+msgstr "armadura inválida"
+
+#: g10/gpg.c:2679
+#, fuzzy, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "AVISO: `%s' é um arquivo vazio\n"
+
+#: g10/gpg.c:2682
+#, fuzzy
+msgid "invalid export options\n"
+msgstr "chaveiro inválido"
+
+#: g10/gpg.c:2689
+#, fuzzy, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "AVISO: `%s' é um arquivo vazio\n"
+
+#: g10/gpg.c:2692
+#, fuzzy
+msgid "invalid list options\n"
+msgstr "armadura inválida"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "%s não é um conjunto de caracteres válido\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "a URL de política dada é inválida\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "%s não é um conjunto de caracteres válido\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "%s não é um conjunto de caracteres válido\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, fuzzy, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "AVISO: `%s' é um arquivo vazio\n"
+
+#: g10/gpg.c:2732
+#, fuzzy
+msgid "invalid verify options\n"
+msgstr "chaveiro inválido"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr ""
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "AVISO: `%s' é um arquivo vazio\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "AVISO: O programa pode criar um arquivo core!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr ""
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s não é permitido com %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s não faz sentido com %s!\n"
+
+#: g10/gpg.c:3057
+#, fuzzy, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "escrevendo certificado privado para `%s'\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr ""
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "o algoritmo de criptografia selecionado não é válido\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "o algoritmo de \"digest\" selecionado não é válido\n"
+
+#: g10/gpg.c:3175
+#, fuzzy
+msgid "selected compression algorithm is invalid\n"
+msgstr "o algoritmo de criptografia selecionado não é válido\n"
+
+#: g10/gpg.c:3181
+#, fuzzy
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "o algoritmo de \"digest\" selecionado não é válido\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed deve ser maior que 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed deve ser maior que 1\n"
+
+#: g10/gpg.c:3200
+#, fuzzy
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth deve estar na entre 1 e 255\n"
+
+#: g10/gpg.c:3202
+#, fuzzy
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "modo S2K inválido: deve ser 0, 1 ou 3\n"
+
+#: g10/gpg.c:3204
+#, fuzzy
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "modo S2K inválido: deve ser 0, 1 ou 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "NOTA: o modo S2K simples (0) não é recomendável\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "modo S2K inválido: deve ser 0, 1 ou 3\n"
+
+#: g10/gpg.c:3218
+#, fuzzy
+msgid "invalid default preferences\n"
+msgstr "lista preferências"
+
+#: g10/gpg.c:3222
+#, fuzzy
+msgid "invalid personal cipher preferences\n"
+msgstr "lista preferências"
+
+#: g10/gpg.c:3226
+#, fuzzy
+msgid "invalid personal digest preferences\n"
+msgstr "lista preferências"
+
+#: g10/gpg.c:3230
+#, fuzzy
+msgid "invalid personal compress preferences\n"
+msgstr "lista preferências"
+
+#: g10/gpg.c:3263
+#, fuzzy, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s não faz sentido com %s!\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3320
+#, fuzzy, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "o algoritmo de criptografia selecionado não é válido\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "falha ao inicializar o banco de dados de confiabilidade: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [nome_do_arquivo]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [nome_do_arquivo]"
+
+#: g10/gpg.c:3447
+#, fuzzy, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "descriptografia falhou: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [nome_do_arquivo]"
+
+#: g10/gpg.c:3470
+#, fuzzy
+msgid "--symmetric --encrypt [filename]"
+msgstr "--sign --encrypt [nome_do_arquivo]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [nome_do_arquivo]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [nome_do_arquivo]"
+
+#: g10/gpg.c:3521
+#, fuzzy
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--sign --encrypt [nome_do_arquivo]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr ""
+
+#: g10/gpg.c:3546
+#, fuzzy
+msgid "--sign --symmetric [filename]"
+msgstr "--symmetric [nome_do_arquivo]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [nome_do_arquivo]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [nome_do_arquivo]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key id-usuário"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key id-usuário"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key id-usuário [comandos]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key id-usuário"
+
+#: g10/gpg.c:3716
+#, fuzzy, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: g10/gpg.c:3718
+#, fuzzy, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "enumeração de chaves secretas falhou: %s\n"
+
+#: g10/gpg.c:3720
+#, fuzzy, c-format
+msgid "key export failed: %s\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: g10/gpg.c:3731
+#, fuzzy, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "get_dir_record: search_record falhou: %s\n"
+
+#: g10/gpg.c:3741
+#, fuzzy, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "enumeração de chaves secretas falhou: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "retirada de armadura falhou: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "criação de armadura falhou: %s\n"
+
+# "hash" poderia ser "espalhamento", mas não fica claro
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "algoritmo de hash inválido `%s'\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[nome_do_arquivo]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Vá em frente e digite sua mensagem ...\n"
+
+#: g10/gpg.c:4323
+#, fuzzy
+msgid "the given certification policy URL is invalid\n"
+msgstr "a URL de política dada é inválida\n"
+
+#: g10/gpg.c:4325
+#, fuzzy
+msgid "the given signature policy URL is invalid\n"
+msgstr "a URL de política dada é inválida\n"
+
+#: g10/gpg.c:4358
+#, fuzzy
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "a URL de política dada é inválida\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "Deletar esta chave do chaveiro? "
+
+#: g10/gpgv.c:76
+#, fuzzy
+msgid "make timestamp conflicts only a warning"
+msgstr "conflito de \"timestamp\""
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr ""
+"|DA|escrever informações de estado para o\n"
+"descritor de arquivo DA"
+
+#: g10/gpgv.c:117
+#, fuzzy
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Uso: gpg [opções] [arquivos] (-h para ajuda)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Sintaxe: gpgm [opções] [arquivos]\n"
+"Utilitário de manutenção do GnuPG\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Nenhuma ajuda disponível"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Nenhuma ajuda disponível para `%s'"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "atualizar o banco de dados de confiabilidade"
+
+#: g10/import.c:100
+#, fuzzy
+msgid "create a public key when importing a secret key"
+msgstr "lid %lu não tem chave\n"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "chave secreta incorreta"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "ignorando bloco do tipo %d\n"
+
+#: g10/import.c:275
+#, fuzzy, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu chaves processadas até agora\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Número total processado: %lu\n"
+
+#: g10/import.c:294
+#, fuzzy, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " novas subchaves: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " sem IDs de usuários: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importados: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " não modificados: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " novos IDs de usuários: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " novas subchaves: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " novas assinaturas: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " novas revogações de chaves: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " chaves secretas lidas: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " chaves secretas importadas: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " chaves secretas não modificadas: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, fuzzy, c-format
+msgid " not imported: %lu\n"
+msgstr " importados: %lu"
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " novas assinaturas: %lu\n"
+
+#: g10/import.c:325
+#, fuzzy, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " chaves secretas lidas: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:662
+#, fuzzy, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr "assinatura %s de: %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, fuzzy, c-format
+msgid "key %s: no user ID\n"
+msgstr "chave %08lX: sem ID de usuário\n"
+
+#: g10/import.c:795
+#, fuzzy, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "chave %08lX: sem subchave para ligação de chaves\n"
+
+#: g10/import.c:810
+#, fuzzy, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "chave %08lX: aceito ID de usuário sem auto-assinatura '"
+
+#: g10/import.c:816
+#, fuzzy, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "chave %08lX: sem IDs de usuários válidos\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "isto pode ser causado por falta de auto-assinatura\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, fuzzy, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "chave %08lX: chave pública não encontrada: %s\n"
+
+#: g10/import.c:834
+#, fuzzy, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "chave %08lX: não é uma chave rfc2440 - ignorada\n"
+
+#: g10/import.c:843
+#, fuzzy, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "impossível escrever chaveiro: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "escrevendo para `%s'\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: g10/import.c:871
+#, fuzzy, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "chave %08lX: chave pública importada\n"
+
+#: g10/import.c:895
+#, fuzzy, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "chave %08lX: não corresponde à nossa cópia\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, fuzzy, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "chave %08lX: impossível localizar bloco de chaves original: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, fuzzy, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "chave %08lX: impossível ler bloco de chaves original: %s\n"
+
+#: g10/import.c:962
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "chave %8lX: 1 novo ID de usuário\n"
+
+#: g10/import.c:965
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "chave %08lX: %d novos IDs de usuários\n"
+
+#: g10/import.c:968
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "chave %08lX: 1 nova assinatura\n"
+
+#: g10/import.c:971
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "chave %08lX: %d novas assinaturas\n"
+
+#: g10/import.c:974
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "chave %08lX: 1 nova subchave\n"
+
+#: g10/import.c:977
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "chave %08lX: %d novas subchaves\n"
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "chave %08lX: %d novas assinaturas\n"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "chave %08lX: %d novas assinaturas\n"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "chave %08lX: %d novos IDs de usuários\n"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "chave %08lX: %d novos IDs de usuários\n"
+
+#: g10/import.c:1013
+#, fuzzy, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "chave %08lX: não modificada\n"
+
+#: g10/import.c:1185
+#, fuzzy, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "chave %08lX: chave secreta sem chave pública - ignorada\n"
+
+#: g10/import.c:1196
+#, fuzzy
+msgid "importing secret keys not allowed\n"
+msgstr "escrevendo certificado privado para `%s'\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, fuzzy, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "impossível bloquear chaveiro secreto: %s\n"
+
+#: g10/import.c:1224
+#, fuzzy, c-format
+msgid "key %s: secret key imported\n"
+msgstr "chave %08lX: chave secreta importada\n"
+
+#: g10/import.c:1254
+#, fuzzy, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "chave %08lX: já está no chaveiro secreto\n"
+
+#: g10/import.c:1264
+#, fuzzy, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "chave %08lX: chave secreta não encontrada: %s\n"
+
+#: g10/import.c:1296
+#, fuzzy, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"chave %08lX: sem chave pública - impossível aplicar certificado\n"
+"de revogação\n"
+
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "chave %08lX: certificado de revogação inválido: %s - rejeitado\n"
+
+#: g10/import.c:1371
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "chave %08lX: certificado de revogação importado\n"
+
+#: g10/import.c:1447
+#, fuzzy, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "chave %08lX: nenhum ID de usuário para assinatura\n"
+
+#: g10/import.c:1464
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr "chave %08lX: algoritmo de chave pública não suportado\n"
+
+#: g10/import.c:1466
+#, fuzzy, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "chave %08lX: auto-assinatura inválida\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "chave %08lX: algoritmo de chave pública não suportado\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "chave %08lX: %d novas assinaturas\n"
+
+#: g10/import.c:1498
+#, fuzzy, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "chave %08lX: sem subchave para ligação de chaves\n"
+
+#: g10/import.c:1511
+#, fuzzy, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "chave %08lX: ligação de subchave inválida\n"
+
+#: g10/import.c:1527
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "chave %08lX: ligação de subchave inválida\n"
+
+#: g10/import.c:1549
+#, fuzzy, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "chave %08lX: sem subchave para ligação de chaves\n"
+
+#: g10/import.c:1562
+#, fuzzy, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "chave %08lX.%lu: Revogação de subchave válida\n"
+
+#: g10/import.c:1577
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "chave %08lX: ligação de subchave inválida\n"
+
+#: g10/import.c:1618
+#, fuzzy, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "chave %08lX: ignorado ID de usuário '"
+
+#: g10/import.c:1639
+#, fuzzy, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "chave %08lX: subchave ignorada\n"
+
+#: g10/import.c:1666
+#, fuzzy, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "chave %08lX: assinatura não exportável (classe %02x) - ignorada\n"
+
+#: g10/import.c:1676
+#, fuzzy, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "chave %08lX: certificado de revogação no local errado - ignorada\n"
+
+#: g10/import.c:1693
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "chave %08lX: certificado de revogação inválido: %s - ignorada\n"
+
+#: g10/import.c:1707
+#, fuzzy, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "chave %08lX: certificado de revogação no local errado - ignorada\n"
+
+#: g10/import.c:1715
+#, fuzzy, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "chave %08lX: assinatura não exportável (classe %02x) - ignorada\n"
+
+#: g10/import.c:1844
+#, fuzzy, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "chave %08lX: detectado ID de usuário duplicado - unido\n"
+
+#: g10/import.c:1906
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr "AVISO: Esta chave foi revogada pelo seu dono!\n"
+
+#: g10/import.c:1920
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr "AVISO: Esta chave foi revogada pelo seu dono!\n"
+
+#: g10/import.c:1979
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "chave %08lX: certificado de revogação adicionado\n"
+
+#: g10/import.c:2013
+#, fuzzy, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "chave %08lX: %d novas assinaturas\n"
+
+#: g10/import.c:2414
+#, fuzzy
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "lid %lu não tem chave\n"
+
+#: g10/import.c:2422
+#, fuzzy
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "ignorado: a chave secreta já está presente\n"
+
+#: g10/import.c:2424
+#, fuzzy
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "ignorado: a chave secreta já está presente\n"
+
+#: g10/keydb.c:181
+#, fuzzy, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: g10/keydb.c:187
+#, fuzzy, c-format
+msgid "keyring `%s' created\n"
+msgstr "%s: chaveiro criado\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, fuzzy, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "%s: erro de leitura de bloco de chaves: %s\n"
+
+#: g10/keydb.c:719
+#, fuzzy, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "%s: falha ao criar tabela de \"hash\": %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[revogação]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[auto-assinatura]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 assinatura incorreta\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d assinaturas incorretas\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 assinatura não verificada por falta de chave\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d assinaturas não verificadas por falta de chaves\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 assinatura não verificada devido a um erro\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d assinaturas não verificadas devido a erros\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "1 ID de usuário sem auto-assinatura válida detectado\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "%d IDs de usuários sem auto-assinaturas válidas detectados\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+#, fuzzy
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Por favor decida quanto você confia neste usuário para\n"
+"verificar corretamente as chaves de outros usuários\n"
+"(olhando em passaportes, checando impressões digitais\n"
+"de outras fontes...)?\n"
+"\n"
+" 1 = Não sei\n"
+" 2 = Eu NÃO confio\n"
+" 3 = Eu confio moderadamente\n"
+" 4 = Eu confio completamente\n"
+" s = Mostrar mais informações\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, fuzzy, c-format
+msgid " %d = I trust marginally\n"
+msgstr "%s: não é um banco de dados de confiabilidade\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, fuzzy, c-format
+msgid " %d = I trust fully\n"
+msgstr "%s: não é um banco de dados de confiabilidade\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, fuzzy, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "A chave é protegida.\n"
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+#, fuzzy
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Você tem certeza de que quer este tamanho de chave? "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr ""
+
+#: g10/keyedit.c:626
+#, fuzzy, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "A chave é protegida.\n"
+
+#: g10/keyedit.c:654
+#, fuzzy, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "AVISO: `%s' é um arquivo vazio\n"
+
+#: g10/keyedit.c:682
+#, fuzzy, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "AVISO: `%s' é um arquivo vazio\n"
+
+#: g10/keyedit.c:684
+#, fuzzy
+msgid "Sign it? (y/N) "
+msgstr "Realmente assinar? "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr ""
+
+#: g10/keyedit.c:779
+#, fuzzy, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "Já assinado pela chave %08lX\n"
+
+#: g10/keyedit.c:782
+#, fuzzy, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "Já assinado pela chave %08lX\n"
+
+#: g10/keyedit.c:787
+#, fuzzy
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Você tem certeza de que quer este tamanho de chave? "
+
+#: g10/keyedit.c:809
+#, fuzzy, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Nada para assinar com a chave %08lX\n"
+
+#: g10/keyedit.c:824
+#, fuzzy
+msgid "This key has expired!"
+msgstr "Nota: Esta chave expirou!\n"
+
+#: g10/keyedit.c:842
+#, fuzzy, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Esta chave não é protegida.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr ""
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr ""
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr ""
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr ""
+
+#: g10/keyedit.c:956
+#, fuzzy, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Você tem certeza de que quer assinar esta chave com\n"
+"sua chave: \""
+
+#: g10/keyedit.c:963
+#, fuzzy
+msgid "This will be a self-signature.\n"
+msgstr "isto pode ser causado por falta de auto-assinatura\n"
+
+#: g10/keyedit.c:969
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"A assinatura será marcada como não-exportável.\n"
+"\n"
+
+#: g10/keyedit.c:977
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"A assinatura será marcada como não-exportável.\n"
+"\n"
+
+#: g10/keyedit.c:987
+#, fuzzy
+msgid "The signature will be marked as non-exportable.\n"
+msgstr ""
+"A assinatura será marcada como não-exportável.\n"
+"\n"
+
+#: g10/keyedit.c:994
+#, fuzzy
+msgid "The signature will be marked as non-revocable.\n"
+msgstr ""
+"A assinatura será marcada como não-exportável.\n"
+"\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr ""
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr ""
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr ""
+
+#: g10/keyedit.c:1021
+#, fuzzy
+msgid "Really sign? (y/N) "
+msgstr "Realmente assinar? "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "assinatura falhou: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Esta chave não é protegida.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+#, fuzzy
+msgid "Secret parts of primary key are not available.\n"
+msgstr "chave secreta não disponível"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+#, fuzzy
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "chave secreta não disponível"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "A chave é protegida.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Impossível editar esta chave: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Digite a nova frase para esta chave secreta.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+#, fuzzy
+msgid "passphrase not correctly repeated; try again"
+msgstr "A frase secreta não foi repetida corretamente; tente outra vez.\n"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Você não quer uma frase secreta - provavelmente isto é uma *má* idéia!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+#, fuzzy
+msgid "Do you really want to do this? (y/N) "
+msgstr "Você realmente quer fazer isso? "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "movendo a assinatura da chave para o local correto\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "gravar e sair"
+
+#: g10/keyedit.c:1387
+#, fuzzy
+msgid "show key fingerprint"
+msgstr "mostra impressão digital"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "lista chave e identificadores de usuários"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "seleciona ID de usuário N"
+
+#: g10/keyedit.c:1391
+#, fuzzy
+msgid "select subkey N"
+msgstr "seleciona ID de usuário N"
+
+#: g10/keyedit.c:1392
+#, fuzzy
+msgid "check signatures"
+msgstr "revoga assinaturas"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+#, fuzzy
+msgid "sign selected user IDs locally"
+msgstr "assina a chave localmente"
+
+#: g10/keyedit.c:1404
+#, fuzzy
+msgid "sign selected user IDs with a trust signature"
+msgstr "lid %lu: id de usuário sem assinatura\n"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "adiciona um novo ID de usuário"
+
+#: g10/keyedit.c:1412
+#, fuzzy
+msgid "add a photo ID"
+msgstr "adiciona um novo ID de usuário"
+
+#: g10/keyedit.c:1414
+#, fuzzy
+msgid "delete selected user IDs"
+msgstr "remove ID de usuário"
+
+#: g10/keyedit.c:1419
+#, fuzzy
+msgid "add a subkey"
+msgstr "addkey"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+#, fuzzy
+msgid "delete selected subkeys"
+msgstr "remove uma chave secundária"
+
+#: g10/keyedit.c:1433
+#, fuzzy
+msgid "add a revocation key"
+msgstr "adiciona nova chave secundária"
+
+#: g10/keyedit.c:1435
+#, fuzzy
+msgid "delete signatures from the selected user IDs"
+msgstr "Realmente remover todos os IDs de usuário selecionados? "
+
+#: g10/keyedit.c:1437
+#, fuzzy
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "Você não pode modificar a data de validade de uma chave v3\n"
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr ""
+
+#: g10/keyedit.c:1441
+#, fuzzy
+msgid "toggle between the secret and public key listings"
+msgstr "alterna entre listagem de chave secreta e pública"
+
+#: g10/keyedit.c:1444
+#, fuzzy
+msgid "list preferences (expert)"
+msgstr "lista preferências"
+
+#: g10/keyedit.c:1446
+#, fuzzy
+msgid "list preferences (verbose)"
+msgstr "lista preferências"
+
+#: g10/keyedit.c:1448
+#, fuzzy
+msgid "set preference list for the selected user IDs"
+msgstr "Realmente remover todos os IDs de usuário selecionados? "
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "Realmente remover todos os IDs de usuário selecionados? "
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr "Realmente remover todos os IDs de usuário selecionados? "
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "muda a frase secreta"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "muda os valores de confiança"
+
+#: g10/keyedit.c:1463
+#, fuzzy
+msgid "revoke signatures on the selected user IDs"
+msgstr "Realmente remover todos os IDs de usuário selecionados? "
+
+#: g10/keyedit.c:1465
+#, fuzzy
+msgid "revoke selected user IDs"
+msgstr "adiciona um novo ID de usuário"
+
+#: g10/keyedit.c:1470
+#, fuzzy
+msgid "revoke key or selected subkeys"
+msgstr "revoga uma chave secundária"
+
+#: g10/keyedit.c:1471
+#, fuzzy
+msgid "enable key"
+msgstr "ativa uma chave"
+
+#: g10/keyedit.c:1472
+#, fuzzy
+msgid "disable key"
+msgstr "desativa uma chave"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr ""
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, fuzzy, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Chave secreta disponível.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "A chave secreta é necessária para fazer isto.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr ""
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+#, fuzzy
+msgid "Key is revoked."
+msgstr "A chave é protegida.\n"
+
+#: g10/keyedit.c:1798
+#, fuzzy
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Realmente assinar todos os IDs de usuário? "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Sugestão: Selecione os IDs de usuário para assinar\n"
+
+#: g10/keyedit.c:1814
+#, fuzzy, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "classe de assinatura desconhecida"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr ""
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Você precisa selecionar pelo menos um ID de usuário.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Você não pode remover o último ID de usuário!\n"
+
+#: g10/keyedit.c:1863
+#, fuzzy
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Realmente remover todos os IDs de usuário selecionados? "
+
+#: g10/keyedit.c:1864
+#, fuzzy
+msgid "Really remove this user ID? (y/N) "
+msgstr "Realmente remover este ID de usuário? "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+#, fuzzy
+msgid "Really move the primary key? (y/N) "
+msgstr "Realmente remover este ID de usuário? "
+
+#: g10/keyedit.c:1929
+#, fuzzy
+msgid "You must select exactly one key.\n"
+msgstr "Você deve selecionar pelo menos uma chave.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, fuzzy, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "impossível abrir `%s': %s\n"
+
+#: g10/keyedit.c:1988
+#, fuzzy, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Você deve selecionar pelo menos uma chave.\n"
+
+#: g10/keyedit.c:2015
+#, fuzzy
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Você realmente quer remover as chaves selecionadas? "
+
+#: g10/keyedit.c:2016
+#, fuzzy
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Você realmente quer remover esta chave? "
+
+#: g10/keyedit.c:2051
+#, fuzzy
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Realmente remover todos os IDs de usuário selecionados? "
+
+#: g10/keyedit.c:2052
+#, fuzzy
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Realmente remover este ID de usuário? "
+
+#: g10/keyedit.c:2070
+#, fuzzy
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Você realmente quer revogar esta chave? "
+
+#: g10/keyedit.c:2081
+#, fuzzy
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Você realmente quer revogar as chaves selecionadas? "
+
+#: g10/keyedit.c:2083
+#, fuzzy
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Você realmente quer revogar esta chave? "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+#, fuzzy
+msgid "Set preference list to:\n"
+msgstr "lista preferências"
+
+#: g10/keyedit.c:2181
+#, fuzzy
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "Realmente remover todos os IDs de usuário selecionados? "
+
+#: g10/keyedit.c:2183
+#, fuzzy
+msgid "Really update the preferences? (y/N) "
+msgstr "Realmente gerar os certificados de revogação? (s/N)"
+
+#: g10/keyedit.c:2253
+#, fuzzy
+msgid "Save changes? (y/N) "
+msgstr "Salvar alterações? "
+
+#: g10/keyedit.c:2256
+#, fuzzy
+msgid "Quit without saving? (y/N) "
+msgstr "Sair sem salvar? "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "atualização falhou: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "atualização da chave secreta falhou: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Chave não alterada, nenhuma atualização é necessária.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr ""
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr ""
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr "Notação: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr ""
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "AVISO: Esta chave foi revogada pelo seu dono!\n"
+
+#: g10/keyedit.c:2832
+#, fuzzy, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "AVISO: Esta chave foi revogada pelo seu dono!\n"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr ""
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, fuzzy, c-format
+msgid "created: %s"
+msgstr "impossível criar %s: %s\n"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, fuzzy, c-format
+msgid "revoked: %s"
+msgstr "revkey"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, fuzzy, c-format
+msgid "expired: %s"
+msgstr "A chave expira em %s\n"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, fuzzy, c-format
+msgid "expires: %s"
+msgstr "A chave expira em %s\n"
+
+#: g10/keyedit.c:2863
+#, fuzzy, c-format
+msgid "usage: %s"
+msgstr "trust"
+
+#: g10/keyedit.c:2878
+#, fuzzy, c-format
+msgid "trust: %s"
+msgstr "trust"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr ""
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Esta chave foi desativada"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+#, fuzzy
+msgid "revoked"
+msgstr "revkey"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+#, fuzzy
+msgid "expired"
+msgstr "expire"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+#, fuzzy
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Você tem certeza de que quer este tamanho de chave? "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Deletar esta assinatura válida? (s/N/q)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Deletar esta assinatura inválida? (s/N/q)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Deletar esta assinatura desconhecida? (s/N/q)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Realmente remover esta auto-assinatura? (s/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "%d assinatura removida.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "%d assinaturas removidas.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Nada removido.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+#, fuzzy
+msgid "invalid"
+msgstr "armadura inválida"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "A chave é protegida.\n"
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "A chave é protegida.\n"
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "A chave é protegida.\n"
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "A chave é protegida.\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "A chave é protegida.\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr ""
+
+#: g10/keyedit.c:3499
+#, fuzzy
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Digite o tamanho da chave"
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr ""
+
+#: g10/keyedit.c:3561
+#, fuzzy
+msgid "this key has already been designated as a revoker\n"
+msgstr "AVISO: Esta chave foi revogada pelo seu dono!\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+
+#: g10/keyedit.c:3586
+#, fuzzy
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr "Você tem certeza de que quer este tamanho de chave? "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Por favor remova as seleções das chaves secretas.\n"
+
+#: g10/keyedit.c:3653
+#, fuzzy
+msgid "Please select at most one subkey.\n"
+msgstr "Por favor selecione no máximo uma chave secundária.\n"
+
+#: g10/keyedit.c:3657
+#, fuzzy
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Modificando a data de validade para uma chave secundária.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Modificando a data de validade para uma chave primária.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Você não pode modificar a data de validade de uma chave v3\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Nenhuma assinatura correspondente no chaveiro secreto\n"
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "A chave é protegida.\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+#, fuzzy
+msgid "Please select exactly one user ID.\n"
+msgstr "Você precisa selecionar pelo menos um ID de usuário.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, fuzzy, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "chave %08lX: auto-assinatura inválida\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+#, fuzzy
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Você tem certeza de que quer este tamanho de chave? "
+
+#: g10/keyedit.c:4260
+#, fuzzy
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Você tem certeza de que quer este tamanho de chave? "
+
+#: g10/keyedit.c:4322
+#, fuzzy
+msgid "Enter the notation: "
+msgstr "Notação: "
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "Sobrescrever (s/N)? "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Nenhum ID de usuário com índice %d\n"
+
+#: g10/keyedit.c:4604
+#, fuzzy, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Nenhum ID de usuário com índice %d\n"
+
+#: g10/keyedit.c:4639
+#, fuzzy, c-format
+msgid "No subkey with index %d\n"
+msgstr "Nenhum ID de usuário com índice %d\n"
+
+#: g10/keyedit.c:4774
+#, fuzzy, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "ID de usuário: \""
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, fuzzy, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr " assinado por %08lX em %s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr ""
+
+#: g10/keyedit.c:4783
+#, fuzzy, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Esta chave não é protegida.\n"
+
+#: g10/keyedit.c:4787
+#, fuzzy
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Você tem certeza de que quer este tamanho de chave? "
+
+#: g10/keyedit.c:4791
+#, fuzzy
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Gerar um certificado de revogação para esta assinatura? (s/N)"
+
+#: g10/keyedit.c:4842
+#, fuzzy
+msgid "Not signed by you.\n"
+msgstr " assinado por %08lX em %s\n"
+
+#: g10/keyedit.c:4848
+#, fuzzy, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Você assinou estes IDs de usuário:\n"
+
+#: g10/keyedit.c:4874
+#, fuzzy
+msgid " (non-revocable)"
+msgstr "assinar uma chave localmente"
+
+#: g10/keyedit.c:4881
+#, fuzzy, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr " revogado por %08lX em %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Você está prestes a revogar estas assinaturas:\n"
+
+#: g10/keyedit.c:4923
+#, fuzzy
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Realmente gerar os certificados de revogação? (s/N)"
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "nenhuma chave secreta\n"
+
+#: g10/keyedit.c:5023
+#, fuzzy, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "A chave é protegida.\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+
+#: g10/keyedit.c:5104
+#, fuzzy, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "A chave é protegida.\n"
+
+#: g10/keyedit.c:5166
+#, fuzzy, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "A chave é protegida.\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+
+#: g10/keygen.c:275
+#, fuzzy, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "ignorado `%s': duplicado\n"
+
+# muitas ou demais ???
+#: g10/keygen.c:282
+#, fuzzy
+msgid "too many cipher preferences\n"
+msgstr "Preferências demais"
+
+# muitas ou demais ???
+#: g10/keygen.c:284
+#, fuzzy
+msgid "too many digest preferences\n"
+msgstr "Preferências demais"
+
+# muitas ou demais ???
+#: g10/keygen.c:286
+#, fuzzy
+msgid "too many compression preferences\n"
+msgstr "Preferências demais"
+
+#: g10/keygen.c:426
+#, fuzzy, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "Caractere inválido no nome\n"
+
+#: g10/keygen.c:910
+#, fuzzy
+msgid "writing direct signature\n"
+msgstr "escrevendo auto-assinatura\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "escrevendo auto-assinatura\n"
+
+# key binding ???
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "escrevendo assinatura ligada a uma chave\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, fuzzy, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "O tamanho de chave pedido é %u bits\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, fuzzy, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "arredondado para %u bits\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+#, fuzzy
+msgid "Sign"
+msgstr "sign"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+#, fuzzy
+msgid "Encrypt"
+msgstr "criptografar dados"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr ""
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, fuzzy, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%d) ElGamal (apenas criptografia)\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Por favor selecione o tipo de chave desejado:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA e ElGamal (padrão)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA e ElGamal (padrão)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (apenas assinatura)\n"
+
+#: g10/keygen.c:1694
+#, fuzzy, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) DSA (apenas assinatura)\n"
+
+#: g10/keygen.c:1698
+#, fuzzy, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (apenas criptografia)\n"
+
+#: g10/keygen.c:1699
+#, fuzzy, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) ElGamal (apenas criptografia)\n"
+
+#: g10/keygen.c:1703
+#, fuzzy, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) ElGamal (apenas criptografia)\n"
+
+#: g10/keygen.c:1704
+#, fuzzy, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) ElGamal (apenas criptografia)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Que tamanho de chave você quer? (1024) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, fuzzy, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Que tamanho de chave você quer? (1024) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "O tamanho de chave pedido é %u bits\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Por favor especifique por quanto tempo a chave deve ser válida.\n"
+" 0 = chave não expira\n"
+" <n> = chave expira em n dias\n"
+" <n>w = chave expira em n semanas\n"
+" <n>m = chave expira em n meses\n"
+" <n>y = chave expira em n anos\n"
+
+#: g10/keygen.c:1936
+#, fuzzy
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Por favor especifique por quanto tempo a chave deve ser válida.\n"
+" 0 = chave não expira\n"
+" <n> = chave expira em n dias\n"
+" <n>w = chave expira em n semanas\n"
+" <n>m = chave expira em n meses\n"
+" <n>y = chave expira em n anos\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "A chave é valida por? (0) "
+
+#: g10/keygen.c:1964
+#, fuzzy, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "A chave é valida por? (0) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "valor inválido\n"
+
+#: g10/keygen.c:1989
+#, fuzzy
+msgid "Key does not expire at all\n"
+msgstr "A chave não expira nunca\n"
+
+#: g10/keygen.c:1990
+#, fuzzy
+msgid "Signature does not expire at all\n"
+msgstr "A chave não expira nunca\n"
+
+#: g10/keygen.c:1995
+#, fuzzy, c-format
+msgid "Key expires at %s\n"
+msgstr "A chave expira em %s\n"
+
+#: g10/keygen.c:1996
+#, fuzzy, c-format
+msgid "Signature expires at %s\n"
+msgstr "Esta chave não é protegida.\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Seu sistema não consegue mostrar datas além de 2038.\n"
+"Apesar disso, elas serão corretamente manipuladas até 2106.\n"
+
+#: g10/keygen.c:2013
+#, fuzzy
+msgid "Is this correct? (y/N) "
+msgstr "Está correto (s/n)? "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+#, fuzzy
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Você precisa de um identificador de usuário para identificar sua chave; o\n"
+"programa constrói o identificador a partir do Nome Completo, Comentário e\n"
+"Endereço Eletrônico desta forma:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Nome completo: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Caractere inválido no nome\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "O nome não pode começar com um dígito\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "O nome deve ter pelo menos 5 caracteres\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Endereço de correio eletrônico: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Endereço eletrônico inválido\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Comentário: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Caractere inválido no comentário\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Você está usando o conjunto de caracteres `%s'.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Você selecionou este identificador de usuário:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr ""
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcEeOoSs"
+
+#: g10/keygen.c:2211
+#, fuzzy
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Muda (N)ome, (C)omentário, (E)ndereço ou (O)k/(S)air? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Muda (N)ome, (C)omentário, (E)ndereço ou (O)k/(S)air? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr ""
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Você precisa de uma frase secreta para proteger sua chave.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "Por favor digite a frase secreta"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr ""
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Você não quer uma frase secreta - provavelmente isto é uma *má* idéia!\n"
+"Vou continuar assim mesmo. Você pode mudar sua frase secreta a\n"
+"qualquer hora, usando este programa com a opção \"--edit-key\".\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Precisamos gerar muitos bytes aleatórios. É uma boa idéia realizar outra\n"
+"atividade (digitar no teclado, mover o mouse, usar os discos) durante a\n"
+"geração dos números primos; isso dá ao gerador de números aleatórios\n"
+"uma chance melhor de conseguir entropia suficiente.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Geração de chave cancelada.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, fuzzy, c-format
+msgid "writing public key to `%s'\n"
+msgstr "escrevendo certificado público para `%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, fuzzy, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "escrevendo certificado privado para `%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, fuzzy, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "escrevendo certificado privado para `%s'\n"
+
+#: g10/keygen.c:3598
+#, fuzzy, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "chave %08lX: chave pública não encontrada: %s\n"
+
+#: g10/keygen.c:3605
+#, fuzzy, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "impossível bloquear chaveiro secreto: %s\n"
+
+#: g10/keygen.c:3625
+#, fuzzy, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: g10/keygen.c:3633
+#, fuzzy, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "chaves pública e privada criadas e assinadas.\n"
+
+#: g10/keygen.c:3672
+#, fuzzy
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Note que esta chave não pode ser usada para criptografia. Você pode usar\n"
+"o comando \"--edit-key\" para gerar uma chave secundária para esse fim.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"a chave foi criada %lu segundo no futuro\n"
+"(viagem no tempo ou problema no relógio)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"a chave foi criada %lu segundos no futuro\n"
+"(viagem no tempo ou problema no relógio)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr ""
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+#, fuzzy
+msgid "Really create? (y/N) "
+msgstr "Realmente criar? "
+
+#: g10/keygen.c:4116
+#, fuzzy, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "enumeração de blocos de chaves falhou: %s\n"
+
+#: g10/keygen.c:4165
+#, fuzzy, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "impossível criar %s: %s\n"
+
+#: g10/keygen.c:4191
+#, fuzzy, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "NOTA: chave secreta %08lX expirou %s\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr ""
+
+#: g10/keylist.c:273
+#, fuzzy
+msgid "Critical signature policy: "
+msgstr "assinatura %s de: %s\n"
+
+#: g10/keylist.c:275
+#, fuzzy
+msgid "Signature policy: "
+msgstr "assinatura %s de: %s\n"
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+#, fuzzy
+msgid "Critical signature notation: "
+msgstr "Notação: "
+
+#: g10/keylist.c:369
+#, fuzzy
+msgid "Signature notation: "
+msgstr "Notação: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr ""
+
+#: g10/keylist.c:1526
+#, fuzzy
+msgid "Primary key fingerprint:"
+msgstr "listar as chaves e as impressões digitais"
+
+#: g10/keylist.c:1528
+#, fuzzy
+msgid " Subkey fingerprint:"
+msgstr " Impressão digital:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+#, fuzzy
+msgid " Primary key fingerprint:"
+msgstr " Impressão digital:"
+
+#: g10/keylist.c:1537
+#, fuzzy
+msgid " Subkey fingerprint:"
+msgstr " Impressão digital:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+#, fuzzy
+msgid " Key fingerprint ="
+msgstr " Impressão digital:"
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, fuzzy, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "criação de armadura falhou: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "AVISO: existem 2 arquivos com informações confidenciais.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s é o não modificado\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s é o novo\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Por favor conserte este possível furo de segurança\n"
+
+#: g10/keyring.c:1430
+#, fuzzy, c-format
+msgid "caching keyring `%s'\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: g10/keyring.c:1489
+#, fuzzy, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "listar as chaves e as assinaturas"
+
+#: g10/keyring.c:1501
+#, fuzzy, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "listar as chaves e as assinaturas"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: chaveiro criado\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "a URL de política dada é inválida\n"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+
+#: g10/keyserver.c:544
+#, fuzzy
+msgid "disabled"
+msgstr "disable"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, fuzzy, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "chaveiro inválido"
+
+#: g10/keyserver.c:932
+#, fuzzy, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "usuário `%s' não encontrado: %s\n"
+
+#: g10/keyserver.c:934
+#, fuzzy
+msgid "key not found on keyserver\n"
+msgstr "usuário `%s' não encontrado: %s\n"
+
+#: g10/keyserver.c:1177
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "impossível escrever para o chaveiro: %s\n"
+
+#: g10/keyserver.c:1181
+#, fuzzy, c-format
+msgid "requesting key %s from %s\n"
+msgstr "impossível escrever para o chaveiro: %s\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "exportar chaves para um servidor"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "lendo opções de `%s'\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr ""
+
+#: g10/keyserver.c:1365
+#, fuzzy, c-format
+msgid "sending key %s to %s\n"
+msgstr ""
+"\"\n"
+"assinado com sua chave %08lX em %s\n"
+
+#: g10/keyserver.c:1408
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "exportar chaves para um servidor"
+
+#: g10/keyserver.c:1411
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "lendo opções de `%s'\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+#, fuzzy
+msgid "no keyserver action!\n"
+msgstr "chaveiro inválido"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr ""
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+#: g10/keyserver.c:1575
+#, fuzzy
+msgid "keyserver timed out\n"
+msgstr "erro geral"
+
+#: g10/keyserver.c:1580
+#, fuzzy
+msgid "keyserver internal error\n"
+msgstr "erro geral"
+
+#: g10/keyserver.c:1589
+#, fuzzy, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "enumeração de chaves secretas falhou: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, fuzzy, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "%s não é um mapa de caracteres válido\n"
+
+#: g10/keyserver.c:1907
+#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/keyserver.c:1929
+#, fuzzy, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "impossível escrever para o chaveiro: %s\n"
+
+#: g10/keyserver.c:1931
+#, fuzzy, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "impossível escrever para o chaveiro: %s\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/keyserver.c:1993
+#, fuzzy, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr ""
+
+#: g10/mainproc.c:284
+#, fuzzy, c-format
+msgid "%s encrypted session key\n"
+msgstr "dados criptografados com %s\n"
+
+#: g10/mainproc.c:294
+#, fuzzy, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "criptografado com algoritmo desconhecido %d\n"
+
+#: g10/mainproc.c:360
+#, fuzzy, c-format
+msgid "public key is %s\n"
+msgstr "a chave pública é %08lX\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "dados criptografados com chave pública: DEK válido\n"
+
+#: g10/mainproc.c:456
+#, fuzzy, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "criptografado com chave %u-bit %s, ID %08lX, criada em %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, fuzzy, c-format
+msgid " \"%s\"\n"
+msgstr " ou \""
+
+#: g10/mainproc.c:464
+#, fuzzy, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "criptografado com chave %s, ID %08lX\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "descriptografia de chave pública falhou: %s\n"
+
+#: g10/mainproc.c:495
+#, fuzzy, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "Repita a frase secreta: "
+
+#: g10/mainproc.c:497
+#, fuzzy
+msgid "encrypted with 1 passphrase\n"
+msgstr "Repita a frase secreta: "
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, fuzzy, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "dados criptografados com %s\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "descriptografia correta\n"
+
+#: g10/mainproc.c:574
+#, fuzzy
+msgid "WARNING: message was not integrity protected\n"
+msgstr "AVISO: nada exportado\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "CUIDADO: a mensagem criptografada foi manipulada!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "descriptografia falhou: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "NOTA: o remetente solicitou \"apenas-para-seus-olhos\"\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "nome de arquivo original='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "revogação isolada - use \"gpg --import\" para aplicá-la\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "Assinatura correta de \""
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "verificação de assinatura suprimida\n"
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "fazer uma assinatura separada"
+
+#: g10/mainproc.c:1598
+#, fuzzy, c-format
+msgid "Signature made %s\n"
+msgstr "Esta chave não é protegida.\n"
+
+#: g10/mainproc.c:1599
+#, fuzzy, c-format
+msgid " using %s key %s\n"
+msgstr " ou \""
+
+#: g10/mainproc.c:1603
+#, fuzzy, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Assinatura feita em %.*s usando %s, ID da chave %08lX\n"
+
+#: g10/mainproc.c:1623
+#, fuzzy
+msgid "Key available at: "
+msgstr "Nenhuma ajuda disponível"
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, fuzzy, c-format
+msgid "BAD signature from \"%s\""
+msgstr "Assinatura INCORRETA de \""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, fuzzy, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Assinatura correta de \""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, fuzzy, c-format
+msgid "Good signature from \"%s\""
+msgstr "Assinatura correta de \""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr ""
+
+#: g10/mainproc.c:1843
+#, fuzzy, c-format
+msgid " aka \"%s\""
+msgstr " ou \""
+
+#: g10/mainproc.c:1941
+#, fuzzy, c-format
+msgid "Signature expired %s\n"
+msgstr "Esta chave não é protegida.\n"
+
+#: g10/mainproc.c:1946
+#, fuzzy, c-format
+msgid "Signature expires %s\n"
+msgstr "Esta chave não é protegida.\n"
+
+#: g10/mainproc.c:1949
+#, fuzzy, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "assinatura %s de: %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr ""
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr ""
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+#, fuzzy
+msgid "unknown"
+msgstr "versão desconhecida"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Impossível verificar assinatura: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+#, fuzzy
+msgid "not a detached signature\n"
+msgstr "fazer uma assinatura separada"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "assinatura isolada da classe 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "formato de assinatura antigo (PGP2.x)\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "pacote raiz inválido detectado em proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, fuzzy, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "atualização do banco de dados de confiabilidade falhou: %s\n"
+
+#: g10/misc.c:178
+#, fuzzy, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "banco de dados de confiabilidade: leitura falhou (n=%d): %s\n"
+
+#: g10/misc.c:296
+#, fuzzy, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "impossível manipular algoritmo de chave pública %d\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "NOTA: algoritmo de criptografia %d não encontrado nas preferências\n"
+
+#: g10/misc.c:315
+#, fuzzy, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "algoritmo de criptografia não implementado"
+
+#: g10/misc.c:330
+#, fuzzy, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "assinatura %s de: %s\n"
+
+#: g10/misc.c:335
+#, fuzzy, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "NOTA: algoritmo de criptografia %d não encontrado nas preferências\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr ""
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr "rev- revogações de chaves incorreta\n"
+
+#: g10/misc.c:761
+#, fuzzy, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "AVISO: `%s' é um arquivo vazio\n"
+
+#: g10/misc.c:765
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "AVISO: `%s' é um arquivo vazio\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr ""
+
+#: g10/misc.c:774
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "AVISO: `%s' é um arquivo vazio\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "AVISO: `%s' é um arquivo vazio\n"
+
+#: g10/misc.c:848
+#, fuzzy
+msgid "Uncompressed"
+msgstr "não processado(s)"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+#, fuzzy
+msgid "uncompressed|none"
+msgstr "não processado(s)"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr ""
+
+#: g10/misc.c:1175
+#, fuzzy, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "lendo opções de `%s'\n"
+
+#: g10/misc.c:1200
+#, fuzzy, c-format
+msgid "unknown option `%s'\n"
+msgstr "destinatário padrão desconhecido `%s'\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Arquivo `%s' já existe. "
+
+#: g10/openfile.c:93
+#, fuzzy
+msgid "Overwrite? (y/N) "
+msgstr "Sobrescrever (s/N)? "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: sufixo desconhecido\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Digite novo nome de arquivo"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "escrevendo em \"stdout\"\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "assumindo dados assinados em `%s'\n"
+
+#: g10/openfile.c:395
+#, fuzzy, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "impossível manipular algoritmo de chave pública %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "subpacote do tipo %d tem bit crítico ligado\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr ""
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, fuzzy, c-format
+msgid " (main key ID %s)"
+msgstr " (ID principal da chave %08lX)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"\n"
+"Você precisa de uma frase secreta para desbloquear a chave secreta do\n"
+"usuário: \"%.*s\"\n"
+"%u-bit %s chave, ID %08lX, criada %s%s\n"
+
+#: g10/passphrase.c:384
+#, fuzzy
+msgid "Enter passphrase\n"
+msgstr "Digite a frase secreta: "
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr ""
+
+#: g10/passphrase.c:592
+#, fuzzy, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"\n"
+"Você precisa de uma frase secreta para desbloquear a chave secreta do\n"
+"usuário: \""
+
+#: g10/passphrase.c:600
+#, fuzzy, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "chave de %u-bit/%s, ID %08lX, criada em %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr ""
+
+#: g10/photoid.c:117
+#, fuzzy, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "impossível abrir arquivo: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+#, fuzzy
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Você tem certeza de que quer este tamanho de chave? "
+
+#: g10/photoid.c:146
+#, fuzzy, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "%s: não é um banco de dados de confiabilidade\n"
+
+#: g10/photoid.c:165
+#, fuzzy
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Está correto (s/n)? "
+
+#: g10/photoid.c:373
+#, fuzzy
+msgid "unable to display photo ID!\n"
+msgstr "impossível abrir %s: %s\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr ""
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+#, fuzzy
+msgid "Key is superseded"
+msgstr "A chave é protegida.\n"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+#, fuzzy
+msgid "Key has been compromised"
+msgstr "Esta chave foi desativada"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr ""
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr ""
+
+#: g10/pkclist.c:72
+#, fuzzy
+msgid "reason for revocation: "
+msgstr "rev- revogações de chaves incorreta\n"
+
+#: g10/pkclist.c:89
+#, fuzzy
+msgid "revocation comment: "
+msgstr "[revogação]"
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr ""
+
+#: g10/pkclist.c:212
+#, fuzzy
+msgid "No trust value assigned to:\n"
+msgstr ""
+"Nenhum valor de confiança designado para %lu:\n"
+"%4u%c/%08lX %s \""
+
+#: g10/pkclist.c:245
+#, fuzzy, c-format
+msgid " aka \"%s\"\n"
+msgstr " ou \""
+
+#: g10/pkclist.c:255
+#, fuzzy
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "Esta chave provavelmente pertence ao dono\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr ""
+
+#: g10/pkclist.c:272
+#, fuzzy, c-format
+msgid " %d = I do NOT trust\n"
+msgstr "%08lX: Nós NÃO confiamos nesta chave\n"
+
+#: g10/pkclist.c:278
+#, fuzzy, c-format
+msgid " %d = I trust ultimately\n"
+msgstr "%s: não é um banco de dados de confiabilidade\n"
+
+#: g10/pkclist.c:284
+#, fuzzy
+msgid " m = back to the main menu\n"
+msgstr " m = voltar ao menu principal\n"
+
+#: g10/pkclist.c:287
+#, fuzzy
+msgid " s = skip this key\n"
+msgstr "chave %08lX: subchave ignorada\n"
+
+#: g10/pkclist.c:288
+#, fuzzy
+msgid " q = quit\n"
+msgstr " q = sair\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Sua decisão? "
+
+#: g10/pkclist.c:319
+#, fuzzy
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Você realmente quer remover esta chave? "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certificados que levam a uma chave confiada plenamente:\n"
+
+#: g10/pkclist.c:418
+#, fuzzy, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr " Não há indicação de que a assinatura pertence ao dono.\n"
+
+#: g10/pkclist.c:423
+#, fuzzy, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr " Não há indicação de que a assinatura pertence ao dono.\n"
+
+#: g10/pkclist.c:429
+#, fuzzy
+msgid "This key probably belongs to the named user\n"
+msgstr "Esta chave provavelmente pertence ao dono\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Esta chave pertence a nós\n"
+
+#: g10/pkclist.c:460
+#, fuzzy
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"Não se tem certeza de que esta chave pertence a seu dono.\n"
+"Se você *realmente* sabe o que está fazendo, pode responder\n"
+"sim à próxima pergunta\n"
+"\n"
+
+#: g10/pkclist.c:479
+#, fuzzy
+msgid "Use this key anyway? (y/N) "
+msgstr "Usa esta chave de qualquer modo? "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "AVISO: Usando chave não confiável!\n"
+
+#: g10/pkclist.c:520
+#, fuzzy
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "AVISO: Esta chave foi revogada pelo seu dono!\n"
+
+#: g10/pkclist.c:529
+#, fuzzy
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "AVISO: Esta chave foi revogada pelo seu dono!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "AVISO: Esta chave foi revogada pelo seu dono!\n"
+
+#: g10/pkclist.c:533
+#, fuzzy
+msgid " This could mean that the signature is forged.\n"
+msgstr " Isto pode significar que a assinatura é falsificada.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "AVISO: Esta subchave foi revogada pelo seu dono!\n"
+
+#: g10/pkclist.c:544
+#, fuzzy
+msgid "Note: This key has been disabled.\n"
+msgstr "Esta chave foi desativada"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Nota: Esta chave expirou!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "AVISO: Esta chave não está certificada com uma assinatura confiável!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr " Não há indicação de que a assinatura pertence ao dono.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "AVISO: Nós NÃO confiamos nesta chave!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " A assinatura é provavelmente uma FALSIFICAÇÃO.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"AVISO: Esta chave não está certificada com assinaturas suficientemente\n"
+" confiáveis!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Não se tem certeza de que a assinatura pertence ao dono.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: ignorado: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: ignorado: a chave pública já está presente\n"
+
+#: g10/pkclist.c:896
+#, fuzzy
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr ""
+"Você não especificou um identificador de usuário. (pode-se usar \"-r\")\n"
+"\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Identificador de usuário inexistente.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "ignorado: chave pública já marcada como destinatário padrão\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "A chave pública está desativada.\n"
+
+#: g10/pkclist.c:1010
+#, fuzzy
+msgid "skipped: public key already set\n"
+msgstr "%s: ignorado: a chave pública já está presente\n"
+
+#: g10/pkclist.c:1045
+#, fuzzy, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "destinatário padrão desconhecido `%s'\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: ignorado: a chave pública está desativada\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "nenhum endereço válido\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "chave %08lX: sem ID de usuário\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "chave %08lX: sem ID de usuário\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "dados não salvos; use a opção \"--output\" para salvá-los\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Assinatura separada.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Por favor digite o nome do arquivo de dados: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "lendo de \"stdin\" ...\n"
+
+#: g10/plaintext.c:557
+#, fuzzy
+msgid "no signed data\n"
+msgstr "no dados assinados\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "impossível abrir dados assinados `%s'\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "impossível abrir dados assinados `%s'\n"
+
+#: g10/pubkey-enc.c:105
+#, fuzzy, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "destinatário anônimo; tentando chave secreta %08lX ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "certo, nós somos o destinatário anônimo.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "codificação antiga do DEK não suportada\n"
+
+#: g10/pubkey-enc.c:246
+#, fuzzy, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "algoritmo de proteção %d não é suportado\n"
+
+#: g10/pubkey-enc.c:284
+#, fuzzy, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "NOTA: algoritmo de criptografia %d não encontrado nas preferências\n"
+
+#: g10/pubkey-enc.c:304
+#, fuzzy, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "NOTA: chave secreta %08lX expirou %s\n"
+
+#: g10/pubkey-enc.c:310
+#, fuzzy
+msgid "NOTE: key has been revoked"
+msgstr "chave %08lX: a chave foi revogada!\n"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, fuzzy, c-format
+msgid "build_packet failed: %s\n"
+msgstr "atualização falhou: %s\n"
+
+#: g10/revoke.c:145
+#, fuzzy, c-format
+msgid "key %s has no user IDs\n"
+msgstr "chave %08lX: sem ID de usuário\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr ""
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr ""
+
+#: g10/revoke.c:314
+#, fuzzy
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Gerar um certificado de revogação para esta assinatura? (s/N)"
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr ""
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, fuzzy, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "enumeração de blocos de chaves falhou: %s\n"
+
+#: g10/revoke.c:405
+#, fuzzy
+msgid "Revocation certificate created.\n"
+msgstr "chave %08lX: certificado de revogação adicionado\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr ""
+
+#: g10/revoke.c:470
+#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "usuário `%s' não encontrado: %s\n"
+
+#: g10/revoke.c:497
+#, fuzzy, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "escrevendo certificado público para `%s'\n"
+
+#: g10/revoke.c:508
+#, fuzzy
+msgid "public key does not match secret key!\n"
+msgstr "lid %lu não tem chave\n"
+
+#: g10/revoke.c:515
+#, fuzzy
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Gerar um certificado de revogação para esta assinatura? (s/N)"
+
+#: g10/revoke.c:532
+#, fuzzy
+msgid "unknown protection algorithm\n"
+msgstr "algoritmo de compressão desconhecido"
+
+#: g10/revoke.c:540
+#, fuzzy
+msgid "NOTE: This key is not protected!\n"
+msgstr "Esta chave não é protegida.\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+
+#: g10/revoke.c:633
+#, fuzzy
+msgid "Please select the reason for the revocation:\n"
+msgstr "rev- revogações de chaves incorreta\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr ""
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr ""
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr ""
+
+#: g10/revoke.c:714
+#, fuzzy, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "rev- revogações de chaves incorreta\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr ""
+
+#: g10/revoke.c:721
+#, fuzzy
+msgid "Is this okay? (y/N) "
+msgstr "Usa esta chave de qualquer modo? "
+
+#: g10/seckey-cert.c:55
+#, fuzzy
+msgid "secret key parts are not available\n"
+msgstr "chave secreta não disponível"
+
+#: g10/seckey-cert.c:61
+#, fuzzy, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "algoritmo de proteção %d não é suportado\n"
+
+#: g10/seckey-cert.c:72
+#, fuzzy, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "algoritmo de proteção %d não é suportado\n"
+
+#: g10/seckey-cert.c:291
+#, fuzzy
+msgid "Invalid passphrase; please try again"
+msgstr "Frase secreta inválida; por favor tente novamente ...\n"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr ""
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+"AVISO: Chave fraca detectada - por favor mude a frase secreta novamente.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "chave fraca criada - tentando novamente\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"impossível evitar chave fraca para criptografia simétrica;\n"
+"%d tentativas!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr ""
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+
+#: g10/sig-check.c:211
+#, fuzzy, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "a chave pública é %lu segundo mais nova que a assinatura\n"
+
+#: g10/sig-check.c:212
+#, fuzzy, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "a chave pública é %lu segundos mais nova que a assinatura\n"
+
+#: g10/sig-check.c:223
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"a chave foi criada %lu segundo no futuro\n"
+"(viagem no tempo ou problema no relógio)\n"
+
+#: g10/sig-check.c:225
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"a chave foi criada %lu segundos no futuro\n"
+"(viagem no tempo ou problema no relógio)\n"
+
+#: g10/sig-check.c:239
+#, fuzzy, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "NOTA: chave de assinatura %08lX expirou %s\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "chave %08lX: a chave foi revogada!\n"
+
+#: g10/sig-check.c:325
+#, fuzzy, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr "assumindo assinatura incorreta devido a um bit crítico desconhecido\n"
+
+#: g10/sig-check.c:591
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "chave %08lX: sem subchave para ligação de chaves\n"
+
+#: g10/sig-check.c:618
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "chave %08lX: sem subchave para ligação de chaves\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+
+#: g10/sign.c:311
+#, fuzzy, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "leitura de registro de assinatura falhou: %s\n"
+
+#: g10/sign.c:320
+#, fuzzy, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "assinatura %s de: %s\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/sign.c:837
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr "NOTA: algoritmo de criptografia %d não encontrado nas preferências\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "assinando:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+
+#: g10/sign.c:1263
+#, fuzzy, c-format
+msgid "%s encryption will be used\n"
+msgstr "descriptografia falhou: %s\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"a chave não está marcada como insegura - impossível usá-la com o pseudo "
+"RNG!\n"
+
+#: g10/skclist.c:174
+#, fuzzy, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "ignorado `%s': duplicado\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "ignorado `%s': %s\n"
+
+#: g10/skclist.c:190
+#, fuzzy
+msgid "skipped: secret key already present\n"
+msgstr "ignorado: a chave secreta já está presente\n"
+
+#: g10/skclist.c:208
+#, fuzzy
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"ignorado `%s': esta é uma chave ElGamal gerada pelo PGP que não é segura "
+"para assinaturas!\n"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "registro de confiança %lu, tipo %d: escrita falhou: %s\n"
+
+#: g10/tdbdump.c:106
+#, fuzzy, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Lista de valores de confiança designados, criada em %s\n"
+"# (Use \"gpgm --import-ownertrust\" para restaurá-los)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, fuzzy, c-format
+msgid "error in `%s': %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: g10/tdbdump.c:161
+#, fuzzy
+msgid "line too long"
+msgstr "linha muito longa\n"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+#, fuzzy
+msgid "invalid fingerprint"
+msgstr "erro: impressão digital inválida\n"
+
+#: g10/tdbdump.c:180
+#, fuzzy
+msgid "ownertrust value missing"
+msgstr "importar os valores de confiança"
+
+#: g10/tdbdump.c:216
+#, fuzzy, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "erro lendo registro de diretório: %s\n"
+
+#: g10/tdbdump.c:220
+#, fuzzy, c-format
+msgid "read error in `%s': %s\n"
+msgstr "erro de leitura: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "banco de dados de confiabilidade: sincronização falhou: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "banco de dados de confiabilidade rec %lu: lseek falhou: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "banco de dados de confiabilidade rec %lu: escrita falhou (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "transação de banco de dados de confiabilidade muito grande\n"
+
+#: g10/tdbio.c:500
+#, fuzzy, c-format
+msgid "can't access `%s': %s\n"
+msgstr "impossível abrir `%s': %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: diretório inexistente!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, fuzzy, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "impossível criar %s: %s\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, fuzzy, c-format
+msgid "can't lock `%s'\n"
+msgstr "impossível abrir `%s'\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: falha ao criar registro de versão: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: banco de dados de confiabilidade inválido criado\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: banco de dados de confiabilidade criado\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr ""
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: banco de dados de confiabilidade inválido\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: falha ao criar tabela de \"hash\": %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: erro atualizando registro de versão: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: erro lendo registro de versão: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: erro escrevendo registro de versão: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "banco de dados de confiabilidade: lseek falhou: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "banco de dados de confiabilidade: leitura falhou (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: não é um banco de dados de confiabilidade\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: registro de versão com recnum %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: versão de arquivo inválida %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: erro lendo registro livre: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: erro escrevendo registro de diretório: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: falha ao zerar um registro: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: falha ao anexar um registro: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: banco de dados de confiabilidade criado\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "impossível manipular linhas de texto maiores que %d caracteres\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "linha de entrada maior que %d caracteres\n"
+
+#: g10/trustdb.c:221
+#, fuzzy, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "%s não é um mapa de caracteres válido\n"
+
+#: g10/trustdb.c:252
+#, fuzzy, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "chave %08lX: aceita como chave confiável.\n"
+
+#: g10/trustdb.c:290
+#, fuzzy, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr ""
+"chave %08lX: impossível colocá-la no banco de dados de confiabilidade\n"
+
+#: g10/trustdb.c:305
+#, fuzzy, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "chave %08lX: chave secreta sem chave pública - ignorada\n"
+
+#: g10/trustdb.c:315
+#, fuzzy, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "Certificados que levam a uma chave confiada plenamente:\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "registro de confiança %lu, tipo req %d: falha na leitura: %s\n"
+
+#: g10/trustdb.c:345
+#, fuzzy, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "registro de confiança %lu: remoção falhou: %s\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+#, fuzzy
+msgid "[ revoked]"
+msgstr "revkey"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+#, fuzzy
+msgid "[ expired]"
+msgstr "expire"
+
+#: g10/trustdb.c:528
+#, fuzzy
+msgid "[ unknown]"
+msgstr "versão desconhecida"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr ""
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+#, fuzzy
+msgid "no need for a trustdb check\n"
+msgstr "%s: não é um banco de dados de confiabilidade\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, fuzzy, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "inserção de registro de confiança falhou: %s\n"
+
+#: g10/trustdb.c:607
+#, fuzzy, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "%s: não é um banco de dados de confiabilidade\n"
+
+#: g10/trustdb.c:622
+#, fuzzy, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "%s: não é um banco de dados de confiabilidade\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, fuzzy, c-format
+msgid "public key %s not found: %s\n"
+msgstr "chave pública não encontrada"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr ""
+
+#: g10/trustdb.c:1057
+#, fuzzy
+msgid "checking the trustdb\n"
+msgstr "muda os valores de confiança"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr ""
+
+#: g10/trustdb.c:2295
+#, fuzzy
+msgid "no ultimately trusted keys found\n"
+msgstr "Certificados que levam a uma chave confiada plenamente:\n"
+
+#: g10/trustdb.c:2309
+#, fuzzy, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "Certificados que levam a uma chave confiada plenamente:\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, fuzzy, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "registro de confiança %lu, tipo %d: escrita falhou: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"a assinatura não pôde ser verificada.\n"
+"Por favor lembre-se de que o arquivo com a assinatura (.sig ou .asc)\n"
+"deve ser o primeiro arquivo dado na linha de comando.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "linha %u muito longa ou sem LF\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "impossível abrir `%s': %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "escrevendo certificado privado para `%s'\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "erro de leitura"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "linha muito longa\n"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "argumento inválido"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "comandos conflitantes\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "armadura inválida"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "não processado(s)"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "armadura inválida"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+# help ou ajuda ???
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "Comando inválido (tente \"help\")\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "não processado(s)"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "armadura inválida"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "você encontrou um bug ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "impossível abrir arquivo: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "criação de armadura falhou: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "%s: impossível criar diretório: %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "escrevendo certificado privado para `%s'\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "chave pública não encontrada"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "escrevendo certificado privado para `%s'\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr "definir parâmetros de depuração"
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr "habilitar depuração completa"
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Uso: gpg [opções] [arquivos] (-h para ajuda)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "muda a frase secreta"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "muda a frase secreta"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "rev- revogações de chaves incorreta\n"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "rev- revogações de chaves incorreta\n"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, fuzzy, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: scd/app-openpgp.c:695
+#, fuzzy, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "falha ao inicializar o banco de dados de confiabilidade: %s\n"
+
+#: scd/app-openpgp.c:708
+#, fuzzy, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "%s: falha ao criar tabela de \"hash\": %s\n"
+
+#: scd/app-openpgp.c:1156
+#, fuzzy, c-format
+msgid "reading public key failed: %s\n"
+msgstr "enumeração de blocos de chaves falhou: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr ""
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "muda a frase secreta"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, fuzzy, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "muda a frase secreta"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "muda a frase secreta"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "rev- revogações de chaves incorreta\n"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+#, fuzzy
+msgid "error reading application data\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+#, fuzzy
+msgid "error reading fingerprint DO\n"
+msgstr "%s: erro lendo registro livre: %s\n"
+
+#: scd/app-openpgp.c:2194
+#, fuzzy
+msgid "key already exists\n"
+msgstr "%lu chaves processadas\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2200
+#, fuzzy
+msgid "generating new key\n"
+msgstr "gerar um novo par de chaves"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "gerar um novo par de chaves"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2773
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "falha ao inicializar o banco de dados de confiabilidade: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2872
+#, fuzzy
+msgid "generating key failed\n"
+msgstr "enumeração de blocos de chaves falhou: %s\n"
+
+#: scd/app-openpgp.c:2875
+#, fuzzy, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "assinatura %s de: %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, fuzzy, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "nenhum dado OpenPGP válido encontrado.\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+#, fuzzy
+msgid "|N|Initial New PIN"
+msgstr "Digite o identificador de usuário: "
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "|ARQUIVO|carregar módulo de extensão ARQUIVO"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+#, fuzzy
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NOME|usar NOME como destinatário padrão"
+
+#: scd/scdaemon.c:130
+#, fuzzy
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NOME|usar NOME como destinatário padrão"
+
+#: scd/scdaemon.c:133
+#, fuzzy
+msgid "do not use the internal CCID driver"
+msgstr "nunca usar o terminal"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "comandos conflitantes\n"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Uso: gpgm [opções] [arquivos] (-h para ajuda)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "caractere radix64 inválido %02x ignorado\n"
+
+#: sm/call-agent.c:137
+#, fuzzy, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "falha ao colocar `%s' no banco de dados de confiabilidade: %s\n"
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "algoritmo de proteção %d não é suportado\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "help"
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "algoritmo de proteção %d não é suportado\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "impossível abrir `%s': %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "escrevendo certificado privado para `%s'\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "enumeração de blocos de chaves falhou: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "falha ao inicializar o banco de dados de confiabilidade: %s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "chave %08lX: a chave foi revogada!\n"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "leitura de registro de assinatura falhou: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, fuzzy, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "erro de leitura do certificado: %s\n"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+#, fuzzy
+msgid "certificate not yet valid"
+msgstr "Certificado de revogação válido"
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "Certificado de revogação válido"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+#, fuzzy
+msgid "intermediate certificate not yet valid"
+msgstr "Certificado de revogação válido"
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "erro de leitura do certificado: %s\n"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "erro de leitura do certificado: %s\n"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "erro de leitura do certificado: %s\n"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "erro de leitura do certificado: %s\n"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " novas assinaturas: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "chave %08lX: certificado de revogação adicionado\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "Certificado de revogação válido"
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr ""
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "Impressão digital:"
+
+#: sm/certchain.c:1153
+#, fuzzy
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+"Nenhum certificado com confiança indefinida encontrado.\n"
+"\n"
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "Certificado correto"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+#, fuzzy
+msgid "root certificate is not marked trusted"
+msgstr ""
+"Nenhum certificado com confiança indefinida encontrado.\n"
+"\n"
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "leitura de registro de assinatura falhou: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+#, fuzzy
+msgid "certificate chain too long\n"
+msgstr "Certificado de revogação válido"
+
+#: sm/certchain.c:1489
+#, fuzzy
+msgid "issuer certificate not found"
+msgstr "Certificado de revogação válido"
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "verificar uma assinatura"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "Certificado de revogação válido"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "certificado duplicado - removido"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr ""
+"Nenhum certificado com confiança indefinida encontrado.\n"
+"\n"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "não"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "erro: impressão digital inválida\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "erro: impressão digital inválida\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"\n"
+"Você precisa de uma frase secreta para desbloquear a chave secreta do\n"
+"usuário: \"%.*s\"\n"
+"%u-bit %s chave, ID %08lX, criada %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+# "hash" poderia ser "espalhamento", mas não fica claro
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "algoritmo de hash inválido `%s'\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Endereço eletrônico inválido\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "A geração de chaves falhou: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) DSA (apenas assinatura)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) ElGamal (apenas criptografia)\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Notação: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "Nenhum ID de usuário com índice %d\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: erro lendo registro livre: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "desativa uma chave"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) ElGamal (assinatura e criptografia)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (apenas assinatura)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) ElGamal (apenas criptografia)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+# "hash" poderia ser "espalhamento", mas não fica claro
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "algoritmo de hash inválido `%s'\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "Endereço de correio eletrônico: "
+
+#: sm/certreqgen-ui.c:335
+msgid " (end with an empty line):\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "Digite novo nome de arquivo"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+msgid " (optional; end with an empty line):\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:344
+#, fuzzy
+msgid "Enter URIs"
+msgstr "Digite o identificador de usuário: "
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "usuário `%s' não encontrado: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "certificado duplicado - removido"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "certificado duplicado - removido"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "enumeração de blocos de chaves falhou: %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "nenhum endereço válido\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "listar as chaves secretas"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "Certificado de revogação válido"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "Certificado correto"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "Certificado correto"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "criar saída com armadura ascii"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "nunca usar o terminal"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "|ARQUIVO|carregar módulo de extensão ARQUIVO"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "modo não-interativo: nunca perguntar"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "assumir sim para a maioria das perguntas"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "assumir não para a maioria das perguntas"
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "adicionar este chaveiro à lista de chaveiros"
+
+#: sm/gpgsm.c:301
+#, fuzzy
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|NOME|usar NOME como chave secreta padrão"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|ENDEREÇO|usar este servidor para buscar chaves"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NOME|usar algoritmo de criptografia NOME"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NOME|usar algoritmo de \"digest\" de mensagens NOME"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Uso: gpgm [opções] [arquivos] (-h para ajuda)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintaxe: gpg [opções] [arquivos]\n"
+"assina, verifica, criptografa ou descriptografa\n"
+"a operação padrão depende dos dados de entrada\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "Uso: gpgm [opções] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "impossível abrir `%s': %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "destinatário padrão desconhecido `%s'\n"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr ""
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "chave %08lX: subchave ignorada\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "impossível escrever para o chaveiro: %s\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, fuzzy, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "escrevendo para `%s'\n"
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "impossível abrir `%s': %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr "Número total processado: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "Certificado correto"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "falha ao inicializar o banco de dados de confiabilidade: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "%s: chaveiro criado\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "falha ao inicializar o banco de dados de confiabilidade: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "erro: impressão digital inválida\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "algoritmo de proteção %d não é suportado\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "leitura de registro de assinatura falhou: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "Esta chave não é protegida.\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "Assinatura correta de \""
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " ou \""
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr "isto pode ser causado por falta de auto-assinatura\n"
+
+# INICIO MENU
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "sair"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|ARQUIVO|carregar módulo de extensão ARQUIVO"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Uso: gpg [opções] [arquivos] (-h para ajuda)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "enumeração de blocos de chaves falhou: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "linha muito longa\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "destinatário padrão desconhecido `%s'\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "assinatura falhou: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+#, fuzzy
+msgid "Options useful for debugging"
+msgstr "habilitar depuração completa"
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|usar frase secreta modo N"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "erro na criação da frase secreta: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NOME|usar NOME como chave secreta padrão"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NOME|criptografar para NOME"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "impossível escrever para o chaveiro: %s\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+#, fuzzy
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr ""
+"|NOME|usar algoritmo de criptografia NOME para\n"
+"frases secretas"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "%s: novo arquivo de opções criado\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "usar como arquivo de saída"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Uso: gpg [opções] [arquivos] (-h para ajuda)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "uso: gpg [opções] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "chave pública não encontrada"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "escrevendo certificado privado para `%s'\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Comandos:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "descriptografia correta\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "descriptografia correta\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [nome_do_arquivo]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Uso: gpg [opções] [arquivos] (-h para ajuda)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s não é permitido com %s!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "atualização do banco de dados de confiabilidade falhou: %s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "%s: impossível criar diretório: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, fuzzy, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "impossível abrir %s: %s\n"
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "erro na escrita do chaveiro `%s': %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "erro na leitura de `%s': %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "impossível criar %s: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "impossível criar %s: %s\n"
+
+#: tools/symcryptrun.c:552
+#, fuzzy, c-format
+msgid "could not fork: %s\n"
+msgstr "%s: usuário não encontrado: %s\n"
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "atualização falhou: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "enumeração de blocos de chaves falhou: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "atualização falhou: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "atualização falhou: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "atualização falhou: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "impossível criar %s: %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "impossível criar %s: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "algoritmo de proteção %d não é suportado\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Uso: gpg [opções] [arquivos] (-h para ajuda)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Comando> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr ""
+#~ "O banco de dados de confiabilidade está danificado; por favor rode\n"
+#~ "\"gpg --fix-trust-db\".\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr "Por favor comunique bugs para <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr "Por favor comunique bugs para <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "O par de chaves DSA terá 1024 bits.\n"
+
+#, fuzzy
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Repita a frase secreta: "
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "lendo opções de `%s'\n"
+
+#~ msgid "|[file]|make a signature"
+#~ msgstr "|[arquivo]|fazer uma assinatura"
+
+#~ msgid "|algo [files]|print message digests"
+#~ msgstr "|algo [arquivos]|imprimir \"digests\" de mensagens"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[arquivo]|fazer uma assinatura"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[arquivo]|fazer uma assinatura em texto puro"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|NOME|usar NOME como destinatário padrão"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "usar a chave padrão como destinatário padrão"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "forçar assinaturas v3"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "sempre usar um MDC para criptografar"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "adicionar este chaveiro secreto à lista"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr ""
+#~ "|NOME|definir mapa de caracteres do terminal como\n"
+#~ "NOME"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|ARQUIVO|carregar módulo de extensão ARQUIVO"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|usar algoritmo de compressão N"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "remover a chave do chaveiro público"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Você decide que valor usar aqui; este valor nunca será exportado para\n"
+#~ "terceiros. Precisamos dele implementar a rede de confiança, que não tem\n"
+#~ "nada a ver com a rede de certificados (implicitamente criada)."
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Se você quiser usar esta chave não confiável assim mesmo, responda \"sim"
+#~ "\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr ""
+#~ "Digite o ID de usuário do destinatário para o qual você quer enviar a\n"
+#~ "mensagem."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Digite o tamanho da chave"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Responda \"sim\" ou \"não\""
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Digite o valor necessário conforme pedido.\n"
+#~ "É possível digitar uma data ISO (AAAA-MM-DD) mas você não terá uma boa\n"
+#~ "reação a erros - o sistema tentará interpretar o valor dado como um "
+#~ "intervalo."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Digite o nome do possuidor da chave"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr "por favor digite um endereço de email (opcional mas recomendado)"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Por favor digite um comentário (opcional)"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N para mudar o nome.\n"
+#~ "C para mudar o comentário.\n"
+#~ "E para mudar o endereço de correio eletrônico.\n"
+#~ "O para continuar a geração da chave.\n"
+#~ "S para interromper a geração da chave."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr "Responda \"sim\" (ou apenas \"s\") se quiser gerar a subchave."
+
+#, fuzzy
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "Responda \"sim\" se quiser assinar TODOS os IDs de usuário"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Responda \"sim\" se quiser realmente remover este ID de usuário.\n"
+#~ "Todos os certificados também serão perdidos!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Responda \"sim\" se quiser remover a subchave"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Esta é uma assinatura válida na chave; normalmente não é desejável\n"
+#~ "remover esta assinatura porque ela pode ser importante para estabelecer\n"
+#~ "uma conexão de confiança à chave ou a outra chave certificada por esta."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Esta assinatura não pode ser verificada porque você não tem a chave\n"
+#~ "correspondente. Você deve adiar sua remoção até saber que chave foi "
+#~ "usada\n"
+#~ "porque a chave desta assinatura pode estabelecer uma conexão de "
+#~ "confiança\n"
+#~ "através de outra chave já certificada."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr "A assinatura não é válida. Faz sentido removê-la de seu chaveiro."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Esta é uma assinatura que liga o ID de usuário à chave. Geralmente\n"
+#~ "não é uma boa idéia remover tal assinatura. É possível que o GnuPG\n"
+#~ "não consiga mais usar esta chave. Faça isto apenas se por alguma\n"
+#~ "razão esta auto-assinatura não for válida e há uma segunda disponível."
+
+#, fuzzy
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "Por favor digite a frase secreta"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr ""
+#~ "Por favor repita a última frase secreta, para ter certeza do que você "
+#~ "digitou."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Dê o nome para o arquivo ao qual a assinatura se aplica"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Responda \"sim\" se quiser sobrescrever o arquivo"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Por favor digite um novo nome de arquivo. Se você apenas apertar RETURN "
+#~ "o\n"
+#~ "arquivo padrão (que é mostrado em colchetes) será usado."
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "help"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr "rev- revogações de chaves incorreta\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Por favor selecione o tipo de chave desejado:\n"
+
+#, fuzzy
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "impossível pedir senha em modo não-interativo\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Digite a frase secreta: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Repita a frase secreta: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [id-usuário] [chaveiro]"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "impossível abrir `%s'\n"
+
+#, fuzzy
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "impossível abrir `%s': %s\n"
+
+#, fuzzy
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr "AVISO: dados de notação inválidos encontrados\n"
+
+#, fuzzy
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "impossível abrir `%s': %s\n"
+
+#, fuzzy
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "impossível abrir `%s': %s\n"
+
+#, fuzzy
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "impossível abrir `%s': %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "AVISO: usando gerador de números aleatórios inseguro!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "O gerador de números aleatórios é apenas um \"remendo\"\n"
+#~ "para poder funcionar - não é de modo algum um bom gerador!\n"
+#~ "\n"
+#~ "NÃO USE NENHUM DADO GERADO POR ESTE PROGRAMA!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Não há bytes aleatórios suficientes. Por favor, faça algum outro "
+#~ "trabalho\n"
+#~ "para que o sistema possa coletar mais entropia!\n"
+#~ "(São necessários mais %d bytes)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "chave secreta não disponível"
+
+#, fuzzy
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "chave RSA não pode ser usada nesta versão\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "Você assinou estes IDs de usuário:\n"
+
+#~ msgid "general error"
+#~ msgstr "erro geral"
+
+#~ msgid "unknown packet type"
+#~ msgstr "formato de pacote desconhecido"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "algoritmo de chave pública desconhecido"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "algoritmo de \"digest\" desconhecido"
+
+#~ msgid "bad public key"
+#~ msgstr "chave pública incorreta"
+
+#~ msgid "bad secret key"
+#~ msgstr "chave secreta incorreta"
+
+#~ msgid "bad signature"
+#~ msgstr "assinatura incorreta"
+
+#~ msgid "checksum error"
+#~ msgstr "erro de \"checksum\""
+
+#~ msgid "unknown cipher algorithm"
+#~ msgstr "algoritmo de criptografia desconhecido"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "não é possível abrir o chaveiro"
+
+#~ msgid "invalid packet"
+#~ msgstr "pacote inválido"
+
+#~ msgid "invalid armor"
+#~ msgstr "armadura inválida"
+
+#~ msgid "no such user id"
+#~ msgstr "identificador de usuário inexistente"
+
+#~ msgid "secret key not available"
+#~ msgstr "chave secreta não disponível"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "chave secreta incorreta"
+
+# suportado ???
+#~ msgid "not supported"
+#~ msgstr "não suportado"
+
+#~ msgid "bad key"
+#~ msgstr "chave incorreta"
+
+#~ msgid "file write error"
+#~ msgstr "erro de escrita"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "algoritmo de compressão desconhecido"
+
+#~ msgid "file open error"
+#~ msgstr "erro na abertura de arquivo"
+
+#~ msgid "file create error"
+#~ msgstr "erro na criação de arquivo"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "frase secreta inválida"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "algoritmo de chave pública não implementado"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "algoritmo de criptografia não implementado"
+
+#~ msgid "unknown signature class"
+#~ msgstr "classe de assinatura desconhecida"
+
+#~ msgid "trust database error"
+#~ msgstr "erro no banco de dados de confiabilidade"
+
+#~ msgid "resource limit"
+#~ msgstr "limite de recurso"
+
+#~ msgid "invalid keyring"
+#~ msgstr "chaveiro inválido"
+
+#~ msgid "bad certificate"
+#~ msgstr "certificado incorreto"
+
+#~ msgid "malformed user id"
+#~ msgstr "identificador de usuário malformado"
+
+#~ msgid "file close error"
+#~ msgstr "erro no fechamento de arquivo"
+
+#~ msgid "file rename error"
+#~ msgstr "erro na renomeação de arquivo"
+
+#~ msgid "file delete error"
+#~ msgstr "erro na remoção de arquivo"
+
+#~ msgid "unexpected data"
+#~ msgstr "dados inesperados"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "conflito de \"timestamp\""
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "algoritmo de chave pública inutilizável"
+
+#~ msgid "file exists"
+#~ msgstr "o arquivo já existe"
+
+#~ msgid "weak key"
+#~ msgstr "chave fraca"
+
+#~ msgid "bad URI"
+#~ msgstr "URI incorreto"
+
+#~ msgid "unsupported URI"
+#~ msgstr "URI não suportado"
+
+#~ msgid "network error"
+#~ msgstr "erro na rede"
+
+#~ msgid "not processed"
+#~ msgstr "não processado(s)"
+
+#, fuzzy
+#~ msgid "unusable public key"
+#~ msgstr "chave pública incorreta"
+
+#, fuzzy
+#~ msgid "unusable secret key"
+#~ msgstr "chave secreta incorreta"
+
+#, fuzzy
+#~ msgid "keyserver error"
+#~ msgstr "erro geral"
+
+#, fuzzy
+#~ msgid "no card"
+#~ msgstr "não criptografado"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "no dados assinados\n"
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... isto é um bug (%s:%d:%s)\n"
+
+#, fuzzy
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "Aviso: usando memória insegura!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "a operação não é possível sem memória segura inicializada\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(você pode ter usado o programa errado para esta tarefa)\n"
+
+#, fuzzy
+#~ msgid "all export-clean-* options from above"
+#~ msgstr "ler opções do arquivo"
+
+#, fuzzy
+#~ msgid "all import-clean-* options from above"
+#~ msgstr "ler opções do arquivo"
+
+#, fuzzy
+#~ msgid "expired: %s)"
+#~ msgstr "A chave expira em %s\n"
+
+#, fuzzy
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr "chave %08lX: assinatura não exportável (classe %02x) - ignorada\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "impossível abrir %s: %s\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "Nenhum identificador de usuário para chave\n"
+
+#, fuzzy
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr "algoritmo de criptografia desconhecido"
+
+#~ msgid "select secondary key N"
+#~ msgstr "seleciona chave secundária N"
+
+#~ msgid "list signatures"
+#~ msgstr "lista assinaturas"
+
+#~ msgid "sign the key"
+#~ msgstr "assina a chave"
+
+#~ msgid "add a secondary key"
+#~ msgstr "adiciona nova chave secundária"
+
+#~ msgid "delete signatures"
+#~ msgstr "remove assinaturas"
+
+#~ msgid "change the expire date"
+#~ msgstr "muda a data de validade"
+
+#, fuzzy
+#~ msgid "set preference list"
+#~ msgstr "lista preferências"
+
+#, fuzzy
+#~ msgid "updated preferences"
+#~ msgstr "lista preferências"
+
+#~ msgid "No secondary key with index %d\n"
+#~ msgstr "Nenhuma chave secundária com índice %d\n"
+
+#, fuzzy
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--sign-key id-usuário"
+
+#, fuzzy
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--sign-key id-usuário"
+
+#, fuzzy
+#~ msgid "sign the key non-revocably"
+#~ msgstr "assina a chave localmente"
+
+#, fuzzy
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "assina a chave localmente"
+
+#~ msgid "q"
+#~ msgstr "q"
+
+#~ msgid "list"
+#~ msgstr "list"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "debug"
+#~ msgstr "debug"
+
+#, fuzzy
+#~ msgid "name"
+#~ msgstr "enable"
+
+#, fuzzy
+#~ msgid "login"
+#~ msgstr "lsign"
+
+#, fuzzy
+#~ msgid "cafpr"
+#~ msgstr "fpr"
+
+#, fuzzy
+#~ msgid "forcesig"
+#~ msgstr "revsig"
+
+#, fuzzy
+#~ msgid "generate"
+#~ msgstr "erro geral"
+
+#~ msgid "passwd"
+#~ msgstr "passwd"
+
+#~ msgid "save"
+#~ msgstr "save"
+
+#~ msgid "fpr"
+#~ msgstr "fpr"
+
+#~ msgid "uid"
+#~ msgstr "uid"
+
+#~ msgid "key"
+#~ msgstr "key"
+
+#~ msgid "check"
+#~ msgstr "check"
+
+#~ msgid "c"
+#~ msgstr "c"
+
+#~ msgid "sign"
+#~ msgstr "sign"
+
+#~ msgid "s"
+#~ msgstr "s"
+
+#, fuzzy
+#~ msgid "tsign"
+#~ msgstr "sign"
+
+#~ msgid "lsign"
+#~ msgstr "lsign"
+
+#, fuzzy
+#~ msgid "nrsign"
+#~ msgstr "sign"
+
+#, fuzzy
+#~ msgid "nrlsign"
+#~ msgstr "sign"
+
+#~ msgid "adduid"
+#~ msgstr "adduid"
+
+#~ msgid "deluid"
+#~ msgstr "deluid"
+
+#, fuzzy
+#~ msgid "addcardkey"
+#~ msgstr "addkey"
+
+#~ msgid "delkey"
+#~ msgstr "delkey"
+
+#, fuzzy
+#~ msgid "addrevoker"
+#~ msgstr "revkey"
+
+#~ msgid "delsig"
+#~ msgstr "delsig"
+
+#~ msgid "expire"
+#~ msgstr "expire"
+
+#~ msgid "toggle"
+#~ msgstr "toggle"
+
+#~ msgid "t"
+#~ msgstr "t"
+
+#~ msgid "pref"
+#~ msgstr "pref"
+
+#, fuzzy
+#~ msgid "showpref"
+#~ msgstr "showpref"
+
+#, fuzzy
+#~ msgid "setpref"
+#~ msgstr "pref"
+
+#, fuzzy
+#~ msgid "updpref"
+#~ msgstr "pref"
+
+#, fuzzy
+#~ msgid "keyserver"
+#~ msgstr "erro geral"
+
+#~ msgid "trust"
+#~ msgstr "trust"
+
+#~ msgid "revsig"
+#~ msgstr "revsig"
+
+#, fuzzy
+#~ msgid "revuid"
+#~ msgstr "revsig"
+
+#~ msgid "revkey"
+#~ msgstr "revkey"
+
+#~ msgid "disable"
+#~ msgstr "disable"
+
+#~ msgid "enable"
+#~ msgstr "enable"
+
+#~ msgid ""
+#~ "About to generate a new %s keypair.\n"
+#~ " minimum keysize is 768 bits\n"
+#~ " default keysize is 1024 bits\n"
+#~ " highest suggested keysize is 2048 bits\n"
+#~ msgstr ""
+#~ "Prestes a gerar novo par de chaves %s.\n"
+#~ " tamanho mínimo é 768 bits\n"
+#~ " tamanho padrão é 1024 bits\n"
+#~ " tamanho máximo sugerido é 2048 bits\n"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "DSA permite apenas tamanhos de 512 a 1024\n"
+
+#, fuzzy
+#~ msgid "keysize too small; 1024 is smallest value allowed for RSA.\n"
+#~ msgstr "tamanho muito pequeno; 768 é o valor mínimo permitido.\n"
+
+#~ msgid "keysize too small; 768 is smallest value allowed.\n"
+#~ msgstr "tamanho muito pequeno; 768 é o valor mínimo permitido.\n"
+
+#~ msgid "keysize too large; %d is largest value allowed.\n"
+#~ msgstr "tamanho muito grande; %d é o valor máximo permitido.\n"
+
+#~ msgid ""
+#~ "Keysizes larger than 2048 are not suggested because\n"
+#~ "computations take REALLY long!\n"
+#~ msgstr ""
+#~ "Tamanhos de chave maiores que 2048 não são recomendados\n"
+#~ "porque o tempo de computação é REALMENTE longo!\n"
+
+#, fuzzy
+#~ msgid "Are you sure that you want this keysize? (y/N) "
+#~ msgstr "Você tem certeza de que quer este tamanho de chave? "
+
+#~ msgid ""
+#~ "Okay, but keep in mind that your monitor and keyboard radiation is also "
+#~ "very vulnerable to attacks!\n"
+#~ msgstr ""
+#~ "Tudo bem, mas tenha em mente que a radiação de seu monitor e teclado "
+#~ "também é vulnerável a ataques!\n"
+
+#~ msgid "Experimental algorithms should not be used!\n"
+#~ msgstr "Algoritmos experimentais não devem ser usados!\n"
+
+#, fuzzy
+#~ msgid ""
+#~ "this cipher algorithm is deprecated; please use a more standard one!\n"
+#~ msgstr ""
+#~ "este algoritmo de criptografia é depreciado; por favor use algum\n"
+#~ "algoritmo padrão!\n"
+
+#, fuzzy
+#~ msgid "sorry, can't do this in batch mode\n"
+#~ msgstr "impossível fazer isso em modo não-interativo\n"
+
+#, fuzzy
+#~ msgid "can't open file `%s': %s\n"
+#~ msgstr "impossível abrir arquivo: %s\n"
+
+#, fuzzy
+#~ msgid " \""
+#~ msgstr " ou \""
+
+#~ msgid "key %08lX: key has been revoked!\n"
+#~ msgstr "chave %08lX: a chave foi revogada!\n"
+
+#~ msgid "key %08lX: subkey has been revoked!\n"
+#~ msgstr "chave %08lX: a subchave foi revogada!\n"
+
+#~ msgid "%08lX: key has expired\n"
+#~ msgstr "%08lX: a chave expirou\n"
+
+#~ msgid "%08lX: We do NOT trust this key\n"
+#~ msgstr "%08lX: Nós NÃO confiamos nesta chave\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (auth only)\n"
+#~ msgstr " (%d) DSA (apenas assinatura)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign and auth)\n"
+#~ msgstr " (%d) ElGamal (assinatura e criptografia)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (encrypt and auth)\n"
+#~ msgstr " (%d) ElGamal (apenas criptografia)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign, encrypt and auth)\n"
+#~ msgstr " (%d) ElGamal (assinatura e criptografia)\n"
+
+#~ msgid "%s: can't open: %s\n"
+#~ msgstr "%s: impossível abrir: %s\n"
+
+#~ msgid "%s: WARNING: empty file\n"
+#~ msgstr "%s: AVISO: arquivo vazio\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust fully\n"
+#~ msgstr "%s: não é um banco de dados de confiabilidade\n"
+
+#~ msgid "Really sign? "
+#~ msgstr "Realmente assinar? "
+
+#, fuzzy
+#~ msgid "expires"
+#~ msgstr "expire"
+
+#, fuzzy
+#~ msgid ""
+#~ "\"\n"
+#~ "locally signed with your key %s at %s\n"
+#~ msgstr ""
+#~ "\"\n"
+#~ "assinado com sua chave %08lX em %s\n"
+
+#~ msgid "%s: can't access: %s\n"
+#~ msgstr "%s: impossível acessar: %s\n"
+
+#~ msgid "%s: can't create lock\n"
+#~ msgstr "%s: impossível criar trava\n"
+
+#, fuzzy
+#~ msgid "%s: can't make lock\n"
+#~ msgstr "%s: impossível criar trava\n"
+
+#~ msgid "%s: can't create: %s\n"
+#~ msgstr "%s: impossível criar: %s\n"
+
+#~ msgid "If you want to use this revoked key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Se você quiser usar esta chave revogada assim mesmo, responda \"sim\"."
+
+#, fuzzy
+#~ msgid "Unable to open photo \"%s\": %s\n"
+#~ msgstr "impossível abrir %s: %s\n"
+
+#~ msgid "error: missing colon\n"
+#~ msgstr "erro: falta dois pontos\n"
+
+#~ msgid "error: no ownertrust value\n"
+#~ msgstr "erro: nenhum valor de confiança\n"
+
+#~ msgid " (main key ID %08lX)"
+#~ msgstr " (ID principal da chave %08lX)"
+
+#, fuzzy
+#~ msgid "rev! subkey has been revoked: %s\n"
+#~ msgstr "rev! a subchave foi revogada: %s\n"
+
+#, fuzzy
+#~ msgid "rev- faked revocation found\n"
+#~ msgstr "rev- revogações de chaves incorreta\n"
+
+#, fuzzy
+#~ msgid " [expired: %s]"
+#~ msgstr "A chave expira em %s\n"
+
+#, fuzzy
+#~ msgid " [expires: %s]"
+#~ msgstr "A chave expira em %s\n"
+
+#, fuzzy
+#~ msgid " [revoked: %s]"
+#~ msgstr "revkey"
+
+#~ msgid "store only"
+#~ msgstr "apenas armazenar"
+
+#, fuzzy
+#~ msgid "sign a key locally and non-revocably"
+#~ msgstr "assinar uma chave localmente"
+
+#~ msgid "list only the sequence of packets"
+#~ msgstr "listar apenas as seqüências de pacotes"
+
+# ownertrust ???
+#~ msgid "export the ownertrust values"
+#~ msgstr "exportar os valores de confiança"
+
+#, fuzzy
+#~ msgid "unattended trust database update"
+#~ msgstr "atualizar o banco de dados de confiabilidade"
+
+#~ msgid "fix a corrupted trust database"
+#~ msgstr ""
+#~ "consertar um banco de dados de confiabilidade\n"
+#~ "danificado"
+
+#~ msgid "De-Armor a file or stdin"
+#~ msgstr "retirar a armadura de um arquivo ou de \"stdin\""
+
+#~ msgid "En-Armor a file or stdin"
+#~ msgstr "criar armadura para um arquivo ou \"stdin\""
+
+#, fuzzy
+#~ msgid "do not force v3 signatures"
+#~ msgstr "forçar assinaturas v3"
+
+#, fuzzy
+#~ msgid "force v4 key signatures"
+#~ msgstr "forçar assinaturas v3"
+
+#, fuzzy
+#~ msgid "do not force v4 key signatures"
+#~ msgstr "forçar assinaturas v3"
+
+#, fuzzy
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "sempre usar um MDC para criptografar"
+
+#, fuzzy
+#~ msgid "|[file]|write status info to file"
+#~ msgstr ""
+#~ "|DA|escrever informações de estado para o\n"
+#~ "descritor de arquivo DA"
+
+#~ msgid "emulate the mode described in RFC1991"
+#~ msgstr "emular o modo descrito no RFC1991"
+
+#~ msgid "set all packet, cipher and digest options to OpenPGP behavior"
+#~ msgstr ""
+#~ "configurar todas as opções de pacote,\n"
+#~ "criptografia e \"digest\" para comportamento\n"
+#~ "OpenPGP"
+
+#, fuzzy
+#~ msgid "set all packet, cipher and digest options to PGP 2.x behavior"
+#~ msgstr ""
+#~ "configurar todas as opções de pacote,\n"
+#~ "criptografia e \"digest\" para comportamento\n"
+#~ "OpenPGP"
+
+#~ msgid "|NAME|use message digest algorithm NAME for passphrases"
+#~ msgstr ""
+#~ "|NOME|usar algoritmo de \"digest\" de mensagens NOME\n"
+#~ "para frases secretas"
+
+#~ msgid "throw keyid field of encrypted packets"
+#~ msgstr ""
+#~ "eliminar o campo keyid dos pacotes\n"
+#~ "criptografados"
+
+#, fuzzy
+#~ msgid "compress algorithm `%s' is read-only in this release\n"
+#~ msgstr "o algoritmo de compressão deve estar na faixa %d..%d\n"
+
+#~ msgid "compress algorithm must be in range %d..%d\n"
+#~ msgstr "o algoritmo de compressão deve estar na faixa %d..%d\n"
+
+#~ msgid ""
+#~ "%08lX: It is not sure that this key really belongs to the owner\n"
+#~ "but it is accepted anyway\n"
+#~ msgstr ""
+#~ "%08lX: Não se tem certeza de que esta chave realmente pertence ao dono,\n"
+#~ "mas é aceita de qualquer modo\n"
+
+#~ msgid "key %08lX: not a rfc2440 key - skipped\n"
+#~ msgstr "chave %08lX: não é uma chave rfc2440 - ignorada\n"
+
+#, fuzzy
+#~ msgid " (default)"
+#~ msgstr "(o padrão é 1)"
+
+#~ msgid "Policy: "
+#~ msgstr "Política: "
+
+#, fuzzy
+#~ msgid "can't get key from keyserver: %s\n"
+#~ msgstr "impossível escrever para o chaveiro: %s\n"
+
+#, fuzzy
+#~ msgid ""
+#~ "key %08lX: this is a PGP generated ElGamal key which is NOT secure for "
+#~ "signatures!\n"
+#~ msgstr ""
+#~ "esta é uma chave ElGamal gerada pelo PGP que NÃO é segura para "
+#~ "assinaturas!\n"
+
+#, fuzzy
+#~ msgid ""
+#~ "key %08lX has been created %lu second in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "a chave foi criada %lu segundo no futuro\n"
+#~ "(viagem no tempo ou problema no relógio)\n"
+
+#, fuzzy
+#~ msgid ""
+#~ "key %08lX has been created %lu seconds in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "a chave foi criada %lu segundos no futuro\n"
+#~ "(viagem no tempo ou problema no relógio)\n"
+
+#, fuzzy
+#~ msgid "key %08lX marked as ultimately trusted\n"
+#~ msgstr "Certificados que levam a uma chave confiada plenamente:\n"
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the digital signature algorithm which can only be used\n"
+#~ "for signatures. This is the suggested algorithm because verification of\n"
+#~ "DSA signatures are much faster than those of ElGamal.\n"
+#~ "\n"
+#~ "ElGamal is an algorithm which can be used for signatures and encryption.\n"
+#~ "OpenPGP distinguishs between two flavors of this algorithms: an encrypt "
+#~ "only\n"
+#~ "and a sign+encrypt; actually it is the same, but some parameters must be\n"
+#~ "selected in a special way to create a safe key for signatures: this "
+#~ "program\n"
+#~ "does this but other OpenPGP implementations are not required to "
+#~ "understand\n"
+#~ "the signature+encryption flavor.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of "
+#~ "signing;\n"
+#~ "this is the reason why the encryption only ElGamal key is not available "
+#~ "in\n"
+#~ "this menu."
+#~ msgstr ""
+#~ "Selecione o algoritmo a ser usado.\n"
+#~ "\n"
+#~ "DSA (ou DSS) é o algoritmo de assinatura digital que pode ser usado "
+#~ "apenas\n"
+#~ "para assinaturas. Este é o algoritmo recomendado porque a verificação de\n"
+#~ "assinaturas DSA é muito mais rápida que a verificação de ElGamal.\n"
+#~ "\n"
+#~ "ElGamal é um algoritmo que pode ser usado para assinatura e "
+#~ "criptografia.\n"
+#~ "O OpenPGP distingue dois tipos deste algoritmo: um apenas para "
+#~ "criptografia\n"
+#~ "e outro para assinatura+criptografia; na verdade são iguais, mas alguns\n"
+#~ "parâmetros precisam ser escolhidos de modo especial para criar uma chave\n"
+#~ "segura para asssinatura: este programa faz isso, mas algumas outras\n"
+#~ "implementações do OpenPGP não vão necessariamente entender o tipo\n"
+#~ "assinatura+criptografia.\n"
+#~ "\n"
+#~ "A chave primária precisa sempre ser uma chave capaz de fazer "
+#~ "assinaturas;\n"
+#~ "este é o motivo pelo qual a chave ElGamal apenas para criptografia não "
+#~ "está\n"
+#~ "disponível neste menu."
+
+#~ msgid ""
+#~ "Although these keys are defined in RFC2440 they are not suggested\n"
+#~ "because they are not supported by all programs and signatures created\n"
+#~ "with them are quite large and very slow to verify."
+#~ msgstr ""
+#~ "Apesar de estas chaves estarem definidas no RFC2440, elas não são "
+#~ "recomendadas\n"
+#~ "porque não são suportadas por todos os programas e assinaturas criadas "
+#~ "com\n"
+#~ "elas são grandes e sua verificação é lenta."
+
+#, fuzzy
+#~ msgid "%lu keys so far checked (%lu signatures)\n"
+#~ msgstr "%lu chaves processadas até agora\n"
+
+#, fuzzy
+#~ msgid "key %08lX incomplete\n"
+#~ msgstr "chave %08lX: sem ID de usuário\n"
+
+# INICIO MENU
+#, fuzzy
+#~ msgid "quit|quit"
+#~ msgstr "sair"
+
+#~ msgid " (%d) ElGamal (sign and encrypt)\n"
+#~ msgstr " (%d) ElGamal (assinatura e criptografia)\n"
+
+#, fuzzy
+#~ msgid "Create anyway? "
+#~ msgstr "Usa esta chave de qualquer modo? "
+
+# "hash" poderia ser "espalhamento", mas não fica claro
+#, fuzzy
+#~ msgid "invalid symkey algorithm detected (%d)\n"
+#~ msgstr "algoritmo de hash inválido `%s'\n"
+
+#, fuzzy
+#~ msgid ""
+#~ "you have to start GnuPG again, so it can read the new configuration file\n"
+#~ msgstr ""
+#~ "você deve reiniciar o GnuPG, para que ele possa ler o novo arquivo\n"
+#~ "de opções\n"
+
+#~ msgid " Fingerprint:"
+#~ msgstr " Impressão digital:"
+
+#~ msgid "|NAME=VALUE|use this notation data"
+#~ msgstr "|NOME=VALOR|usar estes dados de notação"
+
+#~ msgid ""
+#~ "the first character of a notation name must be a letter or an underscore\n"
+#~ msgstr ""
+#~ "o primeiro caractere de um nome de notação deve ser uma letra ou um "
+#~ "sublinhado\n"
+
+#~ msgid "dots in a notation name must be surrounded by other characters\n"
+#~ msgstr ""
+#~ "pontos em um nome de notação devem estar cercados por outros caracteres\n"
+
+#, fuzzy
+#~ msgid "Are you sure you still want to sign it?\n"
+#~ msgstr "Você tem certeza de que quer este tamanho de chave? "
+
+#, fuzzy
+#~ msgid " Are you sure you still want to sign it?\n"
+#~ msgstr "Você tem certeza de que quer este tamanho de chave? "
+
+#~ msgid "key %08lX: our copy has no self-signature\n"
+#~ msgstr "chave %08lX: nossa cópia não tem auto-assinatura\n"
+
+#~ msgid "Do you really need such a large keysize? "
+#~ msgstr "Você realmente precisa de uma chave tão grande? "
+
+#~ msgid " signed by %08lX at %s\n"
+#~ msgstr " assinado por %08lX em %s\n"
+
+#~ msgid "--delete-secret-key user-id"
+#~ msgstr "--delete-secret-key id-usuário"
+
+#~ msgid "--delete-key user-id"
+#~ msgstr "--delete-key id-usuário"
+
+#, fuzzy
+#~ msgid "--delete-secret-and-public-key user-id"
+#~ msgstr "--delete-secret-and-public-key id-usuário"
+
+#~ msgid "skipped: public key already set with --encrypt-to\n"
+#~ msgstr "ignorado: chave pública já marcada com --encrypt-to\n"
+
+#, fuzzy
+#~ msgid ""
+#~ "\n"
+#~ "WARNING: This is a PGP2-style key\n"
+#~ msgstr "AVISO: `%s' é um arquivo vazio\n"
+
+#~ msgid "sSmMqQ"
+#~ msgstr "sSmMqQ"
+
+#, fuzzy
+#~ msgid "duplicate (short) key ID %08lX\n"
+#~ msgstr "a chave pública é %08lX\n"
+
+#, fuzzy
+#~ msgid "%lu key(s) to refresh\n"
+#~ msgstr "\t%lu chaves com erros\n"
+
+#~ msgid "|[NAMES]|check the trust database"
+#~ msgstr "|[NOMES]|verificar o banco de dados de confiabilidade"
+
+#~ msgid ""
+#~ "Could not find a valid trust path to the key. Let's see whether we\n"
+#~ "can assign some missing owner trust values.\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Não foi possível encontrar uma rota de confiança válida para a chave.\n"
+#~ "Vamos ver se é possível designar alguns valores de confiança ausentes.\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "No path leading to one of our keys found.\n"
+#~ "\n"
+#~ msgstr "Nenhuma rota encontrada que leve a uma de nossas chaves.\n"
+
+#~ msgid ""
+#~ "No trust values changed.\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Nenhum valor de confiança modificado.\n"
+#~ "\n"
+
+#~ msgid "%08lX: no info to calculate a trust probability\n"
+#~ msgstr "%08lX: sem informação para calcular probabilidade de confiança\n"
+
+#~ msgid "%s: error checking key: %s\n"
+#~ msgstr "%s: erro na verificação da chave: %s\n"
+
+#~ msgid "too many entries in unk cache - disabled\n"
+#~ msgstr "entradas demais no cache unk - desativado\n"
+
+#~ msgid "assuming bad MDC due to an unknown critical bit\n"
+#~ msgstr "assumindo MDC incorreto devido a um bit crítico desconhecido\n"
+
+#~ msgid "error reading dir record for LID %lu: %s\n"
+#~ msgstr "erro lendo registro de diretório para LID %lu: %s\n"
+
+#~ msgid "lid %lu: expected dir record, got type %d\n"
+#~ msgstr "lid %lu: registro de diretório esperado, tipo %d recebido\n"
+
+#~ msgid "no primary key for LID %lu\n"
+#~ msgstr "nenhuma chave primária para LID %lu\n"
+
+#~ msgid "error reading primary key for LID %lu: %s\n"
+#~ msgstr "erro lendo chave primária para LID %lu: %s\n"
+
+#~ msgid "key %08lX: query record failed\n"
+#~ msgstr "chave %08lX: pedido de registro falhou\n"
+
+#~ msgid "key %08lX: already in trusted key table\n"
+#~ msgstr "chave %08lX: já está na tabela de chaves confiáveis\n"
+
+#~ msgid "NOTE: secret key %08lX is NOT protected.\n"
+#~ msgstr "NOTA: a chave secreta %08lX NÃO está protegida.\n"
+
+#~ msgid "key %08lX: secret and public key don't match\n"
+#~ msgstr "chave %08lX: chaves secreta e pública não são correspondentes\n"
+
+#~ msgid "key %08lX.%lu: Good subkey binding\n"
+#~ msgstr "chave %08lX.%lu: Ligação de subchave válida\n"
+
+#~ msgid "key %08lX.%lu: Invalid subkey binding: %s\n"
+#~ msgstr "chave %08lX.%lu: Ligação de subchave inválida: %s\n"
+
+#~ msgid "key %08lX.%lu: Valid key revocation\n"
+#~ msgstr "chave %08lX.%lu: Revogação de chave válida\n"
+
+#~ msgid "key %08lX.%lu: Invalid key revocation: %s\n"
+#~ msgstr "chave %08lX.%lu: Revogação de chave inválida: %s\n"
+
+#~ msgid "Good self-signature"
+#~ msgstr "Auto-assinatura válida"
+
+#~ msgid "Invalid self-signature"
+#~ msgstr "Auto-assinatura inválida"
+
+#~ msgid "Valid user ID revocation skipped due to a newer self signature"
+#~ msgstr ""
+#~ "Revogação válida de ID de usuário ignorada devido a nova auto-assinatura"
+
+#~ msgid "Valid user ID revocation"
+#~ msgstr "Revogação de ID de usuário válida"
+
+#~ msgid "Invalid user ID revocation"
+#~ msgstr "Revogação de ID de usuário inválida"
+
+#~ msgid "Invalid certificate revocation"
+#~ msgstr "Certificado de revogação inválido"
+
+#~ msgid "sig record %lu[%d] points to wrong record.\n"
+#~ msgstr "registro de assinatura %lu[%d] aponta para registro errado.\n"
+
+#~ msgid "tdbio_search_dir failed: %s\n"
+#~ msgstr "tdbio_search_dir falhou: %s\n"
+
+#~ msgid "lid ?: insert failed: %s\n"
+#~ msgstr "lid ?: inserção falhou: %s\n"
+
+#~ msgid "lid %lu: insert failed: %s\n"
+#~ msgstr "lid %lu: inserção falhou: %s\n"
+
+#~ msgid "lid %lu: inserted\n"
+#~ msgstr "lid %lu: inserido\n"
+
+#~ msgid "\t%lu keys inserted\n"
+#~ msgstr "\t%lu chaves inseridas\n"
+
+#~ msgid "lid %lu: dir record w/o key - skipped\n"
+#~ msgstr "lid %lu: registro de diretório sem chave - ignorado\n"
+
+#~ msgid "\t%lu due to new pubkeys\n"
+#~ msgstr "\t%lu devido a novas chaves públicas\n"
+
+#~ msgid "\t%lu keys updated\n"
+#~ msgstr "\t%lu chaves atualizadas\n"
+
+#~ msgid "Ooops, no keys\n"
+#~ msgstr "Ooops, nenhuma chave\n"
+
+#~ msgid "Ooops, no user IDs\n"
+#~ msgstr "Ooops, nenhum ID de usuário\n"
+
+#~ msgid "check_trust: search dir record failed: %s\n"
+#~ msgstr "check_trust: busca de registro de diretório falhou: %s\n"
+
+#~ msgid "key %08lX: insert trust record failed: %s\n"
+#~ msgstr "chave %08lX: inserção de registro de confiança falhou: %s\n"
+
+#~ msgid "key %08lX.%lu: inserted into trustdb\n"
+#~ msgstr "chave %08lX.%lu: inserida no banco de dados de confiabilidade\n"
+
+#~ msgid "key %08lX.%lu: created in future (time warp or clock problem)\n"
+#~ msgstr ""
+#~ "chave %08lX.%lu: criada no futuro (viagem no tempo ou problema no "
+#~ "relogio)\n"
+
+#~ msgid "key %08lX.%lu: expired at %s\n"
+#~ msgstr "chave %08lX.%lu: expirou em %s\n"
+
+#~ msgid "key %08lX.%lu: trust check failed: %s\n"
+#~ msgstr "chave %08lX.%lu: verificação de confiança falhou: %s\n"
+
+#~ msgid "user '%s' not found: %s\n"
+#~ msgstr "usuário `%s' não encontrado: %s\n"
+
+#~ msgid "problem finding '%s' in trustdb: %s\n"
+#~ msgstr ""
+#~ "problemas na procura de `%s' no banco de dados de confiabilidade: %s\n"
+
+#~ msgid "user '%s' not in trustdb - inserting\n"
+#~ msgstr ""
+#~ "usuário `%s' não encontrado no banco de dados de confiabilidade - "
+#~ "inserindo\n"
+
+#~ msgid "Do you really want to create a sign and encrypt key? "
+#~ msgstr ""
+#~ "Você realmente quer criar uma chave para assinatura e criptografia? "
+
+#~ msgid "no default public keyring\n"
+#~ msgstr "sem chaveiro público padrão\n"
+
+#~ msgid "can't lock keyring `%s': %s\n"
+#~ msgstr "impossível bloquear chaveiro `%s': %s\n"
+
+#~ msgid "WARNING: can't yet handle long pref records\n"
+#~ msgstr ""
+#~ "AVISO: ainda é impossível manipular registros de preferências longos\n"
+
+#~ msgid "%s: can't create keyring: %s\n"
+#~ msgstr "%s: impossível criar chaveiro: %s\n"
+
+#~ msgid "No key for user ID\n"
+#~ msgstr "Nenhuma chave para identificador de usuário\n"
+
+#~ msgid "no secret key for decryption available\n"
+#~ msgstr "nenhuma chave secreta para descriptografia disponível\n"
+
+#~ msgid ""
+#~ "RSA keys are deprecated; please consider creating a new key and use this "
+#~ "key in the future\n"
+#~ msgstr ""
+#~ "Chaves RSA não são recomendáveis; por favor considere criar uma nova "
+#~ "chave e usá-la no futuro\n"
+
+#~ msgid "do not write comment packets"
+#~ msgstr "não escrever pacotes de comentário"
+
+#~ msgid "(default is 3)"
+#~ msgstr "(o padrão é 3)"
+
+#~ msgid " (%d) ElGamal in a v3 packet\n"
+#~ msgstr " (%d) ElGamal em um pacote v3\n"
+
+#~ msgid "Key generation can only be used in interactive mode\n"
+#~ msgstr "A geração de chaves só pode ser feita em modo interativo\n"
+
+#, fuzzy
+#~ msgid "tdbio_search_sdir failed: %s\n"
+#~ msgstr "tdbio_search_dir falhou: %s\n"
+
+#~ msgid "NOTE: sig rec %lu[%d] in hintlist of %lu but marked as checked\n"
+#~ msgstr ""
+#~ "NOTA: assinatura rec %lu[%d] está na lista de sugestões de %lu mas está\n"
+#~ " marcada como verificada\n"
+
+#~ msgid "NOTE: sig rec %lu[%d] in hintlist of %lu but not marked\n"
+#~ msgstr ""
+#~ "NOTA: assinatura rec %lu[%d] está na lista de sugestões de %lu mas não "
+#~ "está\n"
+#~ " marcada\n"
+
+#~ msgid "sig rec %lu[%d] in hintlist of %lu does not point to a dir record\n"
+#~ msgstr ""
+#~ "assinatura rec %lu[%d] na lista de sugestões de %lu não aponta para\n"
+#~ "um registro de diretório\n"
+
+#~ msgid "lid %lu: no primary key\n"
+#~ msgstr "lid %lu: nenhuma chave primária\n"
+
+#~ msgid "lid %lu: user id not found in keyblock\n"
+#~ msgstr "lid %lu: id de usuário não encontrado no bloco de chaves\n"
+
+#~ msgid "lid %lu: self-signature in hintlist\n"
+#~ msgstr "lid %lu: auto-assinatura na lista de sugestões\n"
+
+#~ msgid "very strange: no public key\n"
+#~ msgstr "muito estranho: nenhuma chave pública\n"
+
+#~ msgid "hintlist %lu[%d] of %lu does not point to a dir record\n"
+#~ msgstr ""
+#~ "lista de sugestões %lu[%d] de %lu não aponta para registro de diretório\n"
+
+#~ msgid "lid %lu: can't get keyblock: %s\n"
+#~ msgstr "lid %lu: impossível pegar bloco de chaves: %s\n"
+
+#~ msgid "Too many preference items"
+#~ msgstr "Muitos itens de preferência"
+
+# trauzir sombra ???
+#~ msgid "uid %08lX.%lu/%02X%02X: has shadow dir %lu but is not yet marked.\n"
+#~ msgstr ""
+#~ "uid %08lX.%lu/%02X%02X: tem diretório \"shadow\" %lu mas ainda não está\n"
+#~ "marcado\n"
+
+#~ msgid "insert_trust_record: keyblock not found: %s\n"
+#~ msgstr "insert_trust_record: bloco de chaves não encontrado: %s\n"
+
+#~ msgid "lid %lu: update failed: %s\n"
+#~ msgstr "lid %lu: atualização falhou %s\n"
+
+#~ msgid "lid %lu: updated\n"
+#~ msgstr "lid %lu: atualizado\n"
+
+#~ msgid "lid %lu: okay\n"
+#~ msgstr "lid %lu: correto\n"
+
+#~ msgid "%s: update failed: %s\n"
+#~ msgstr "%s: atualização falhou: %s\n"
+
+#~ msgid "%s: updated\n"
+#~ msgstr "%s: atualizado\n"
+
+#~ msgid "%s: okay\n"
+#~ msgstr "%s: correto\n"
+
+#~ msgid "lid %lu: keyblock not found: %s\n"
+#~ msgstr "lid %lu: bloco de chaves não encontrado: %s\n"
+
+#~ msgid "can't lock keyring `%': %s\n"
+#~ msgstr "impossível bloquear chaveiro `%': %s\n"
+
+#~ msgid "writing keyblock\n"
+#~ msgstr "escrevendo bloco de chaves\n"
+
+#~ msgid "can't write keyblock: %s\n"
+#~ msgstr "impossível escrever bloco de chaves: %s\n"
+
+#, fuzzy
+#~ msgid "encrypted message is valid\n"
+#~ msgstr "algoritmo de \"digest\" selecionado não é válido\n"
+
+#, fuzzy
+#~ msgid "Can't check MDC: %s\n"
+#~ msgstr "Impossível verificar assinatura: %s\n"
+
+#, fuzzy
+#~ msgid "chained sigrec %lu has a wrong owner\n"
+#~ msgstr "sigrec em cadeia %lu possui dono errado\n"
+
+#, fuzzy
+#~ msgid "lid %lu: read dir record failed: %s\n"
+#~ msgstr "lid %lu: leitura de registro de diretório falhou: %s\n"
+
+#~ msgid "lid %lu: read key record failed: %s\n"
+#~ msgstr "lid %lu: leitura de registro de chave falhou: %s\n"
+
+#~ msgid "lid %lu: read uid record failed: %s\n"
+#~ msgstr "lid %lu: leitura de registro de uid falhou: %s\n"
+
+#, fuzzy
+#~ msgid "lid %lu: read pref record failed: %s\n"
+#~ msgstr "lid %lu: leitura de registro de preferências falhou: %s\n"
+
+#, fuzzy
+#~ msgid "user '%s' read problem: %s\n"
+#~ msgstr "erro de leitura do usuário `%s': %s\n"
+
+#, fuzzy
+#~ msgid "user '%s' list problem: %s\n"
+#~ msgstr "erro de listagem do usuário `%s': %s\n"
+
+#, fuzzy
+#~ msgid "user '%s' not in trustdb\n"
+#~ msgstr "usuário `%s' não está no banco de dados de confiabilidade\n"
+
+#~ msgid "directory record w/o primary key\n"
+#~ msgstr "registro de diretório sem chave primária\n"
+
+#~ msgid "key not in trustdb, searching ring.\n"
+#~ msgstr ""
+#~ "chave não encontrada no banco de dados de confiabilidade, procurando no "
+#~ "chaveiro\n"
+
+#~ msgid "key not in ring: %s\n"
+#~ msgstr "chave não encontrada no chaveiro: %s\n"
+
+#~ msgid "Oops: key is now in trustdb???\n"
+#~ msgstr "Oops: agora a chave está no banco de dados de confiabilidade???\n"
+
+#~ msgid "Hmmm, public key lost?"
+#~ msgstr "Hmmm, chave pública perdida?"
+
+#~ msgid "did not use primary key for insert_trust_record()\n"
+#~ msgstr "você usou a chave primária para insert_trust_record()\n"
+
+#~ msgid "invalid clear text header: "
+#~ msgstr "cabeçalho de texto puro inválido: "
+
+#~ msgid "LID %lu: changing trust from %u to %u\n"
+#~ msgstr "LID %lu: mudando confiança de %u para %u\n"
+
+#~ msgid "LID %lu: setting trust to %u\n"
+#~ msgstr "LID %lu: estabelecendo confiança para %u\n"
diff --git a/po/quot.sed b/po/quot.sed
new file mode 100644
index 0000000..0122c46
--- /dev/null
+++ b/po/quot.sed
@@ -0,0 +1,6 @@
+s/"\([^"]*\)"/“\1â€/g
+s/`\([^`']*\)'/‘\1’/g
+s/ '\([^`']*\)' / ‘\1’ /g
+s/ '\([^`']*\)'$/ ‘\1’/g
+s/^'\([^`']*\)' /‘\1’ /g
+s/“â€/""/g
diff --git a/po/remove-potcdate.sin b/po/remove-potcdate.sin
new file mode 100644
index 0000000..2436c49
--- /dev/null
+++ b/po/remove-potcdate.sin
@@ -0,0 +1,19 @@
+# Sed script that remove the POT-Creation-Date line in the header entry
+# from a POT file.
+#
+# The distinction between the first and the following occurrences of the
+# pattern is achieved by looking at the hold space.
+/^"POT-Creation-Date: .*"$/{
+x
+# Test if the hold space is empty.
+s/P/P/
+ta
+# Yes it was empty. First occurrence. Remove the line.
+g
+d
+bb
+:a
+# The hold space was nonempty. Following occurrences. Do nothing.
+x
+:b
+}
diff --git a/po/ro.gmo b/po/ro.gmo
new file mode 100644
index 0000000..9d52891
--- /dev/null
+++ b/po/ro.gmo
Binary files differ
diff --git a/po/ro.po b/po/ro.po
new file mode 100644
index 0000000..205c745
--- /dev/null
+++ b/po/ro.po
@@ -0,0 +1,9850 @@
+# Mesajele în limba românã pentru gnupg.
+# Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+# Acest fiºier este distribuit sub aceeaºi licenþã ca ºi pachetul gnupg.
+# Laurentiu Buzdugan <lbuz@rolix.org>, 2003, 2004, 2005.
+#
+#
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.4.2rc1\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2005-05-31 22:00-0500\n"
+"Last-Translator: Laurentiu Buzdugan <lbuz@rolix.org>\n"
+"Language-Team: Romanian <translation-team-ro@lists.sourceforge.net>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-2\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "am eºuat sã stochez amprenta: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+#, fuzzy
+msgid "Quality:"
+msgstr "validitate: %s"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+"Vã rugãm introduceþi fraza-parolã; aceasta este o propoziþie secretã \n"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "linie prea lungã"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "frazã-parolã prea lungã\n"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Caracter invalid în nume\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "MPI incorect"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "frazã-parolã incorectã"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "frazã-parolã incorectã"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "algoritm rezumat %d nu este suportat\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "nu pot crea `%s': %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "nu pot deschide `%s': %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "eroare la obþinerea numãrului serial: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "eroare la obþinerea informaþiei pentru cheia curentã: %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "nu am gãsit nici un inel de chei secret de scris: %s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "citirea cheii publice a eºuat: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "eroare la scrierea inelului de chei `%s': %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr ""
+"Vã rugãm introduceþi fraza-parolã; aceasta este o propoziþie secretã \n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "schimbã fraza-parolã"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"Vã rugãm introduceþi fraza-parolã; aceasta este o propoziþie secretã \n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: am eºuat sã creez hashtable: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+#, fuzzy
+msgid "Please insert the card with serial number"
+msgstr ""
+"Vã rugãm scoateþi cardul curent ºi introducaþi unul cu numãr de serie:\n"
+" %.*s\n"
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+#, fuzzy
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+"Vã rugãm scoateþi cardul curent ºi introducaþi unul cu numãr de serie:\n"
+" %.*s\n"
+
+#: agent/divert-scd.c:200
+#, fuzzy
+msgid "Admin PIN"
+msgstr "|A|PIN Admin"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Repetaþi acest PIN: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Repetaþi acest PIN: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Repetaþi acest PIN: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "PIN-ul nu a fost repetat corect; mai încercaþi o datã"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "PIN-ul nu a fost repetat corect; mai încercaþi o datã"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "PIN-ul nu a fost repetat corect; mai încercaþi o datã"
+
+#: agent/divert-scd.c:310
+#, fuzzy, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "||Vã rugãm introduceþi PIN%%0A[semnãturi fãcute: %lu]"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "eroare la crearea frazei-parolã: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "%s: eroare scriere înregistrare dir: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "Introduceþi fraza-parolã\n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Folosiþi oricum aceastã cheie? (d/N) "
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"Aveþi nevoie de o frazã-parolã pentru a vã proteja cheia secretã.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "schimbã fraza-parolã"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opþiuni:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "locvace"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "fii oarecum mai tãcut"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "|FIªIER|încarcã modulul extensie FIªIER"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "cautã pentru chei pe un server de chei"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr "seteazã lista de preferinþe pentru ID-urile utilizator selectate"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "actualizeazã baza de date de încredere"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "eroare la crearea frazei-parolã: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Raportaþi bug-uri la <gnupg-bugs@gnu.org>.\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Folosire: gpg [opþiuni] [fiºiere] (-h pentru ajutor)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "NOTÃ: nici un fiºier opþiuni implicit `%s'\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "fiºier opþiuni `%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "citesc opþiuni din `%s'\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "eroare la creearea `%s': %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "nu pot crea directorul `%s': %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "nu pot crea `%s': %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1525
+#, fuzzy
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "gpg-agent nu este disponibil în aceastã sesiune\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "eroare la obþinere noului PIN: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "eroare trimitere la `%s': %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "actualizarea a eºuat: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "scriu cheia secretã în `%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "director `%s' creat\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "fstat(%d) a eºuat în %s: %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "%s: nu pot crea director: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "eroare la citire `%s': %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "actualizarea secretului a eºuat: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "%s: sãritã: %s\n"
+
+#: agent/gpg-agent.c:2232
+#, fuzzy
+msgid "no gpg-agent running in this session\n"
+msgstr "gpg-agent nu este disponibil în aceastã sesiune\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "variabila de mediu GPG_AGENT_INFO anormalã\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "gpg-agent versiune protocol %d nu este suportat\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Folosire: gpg [opþiuni] [fiºiere] (-h pentru ajutor)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Comenzi:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Opþiuni:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Folosire: gpg [opþiuni] [fiºiere] (-h pentru ajutor)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr ""
+"Vã rugãm introduceþi fraza-parolã; aceasta este o propoziþie secretã \n"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr ""
+"Vã rugãm introduceþi fraza-parolã; aceasta este o propoziþie secretã \n"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+"Vã rugãm introduceþi fraza-parolã; aceasta este o propoziþie secretã \n"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "frazã-parolã incorectã"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "anulatã"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "eroare la crearea frazei-parolã: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "eroare în `%s': %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "fiºier opþiuni `%s': %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "pãrþi ale cheii secrete nu sunt disponibile\n"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "eroare citire în `%s': %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "eroare la citire `%s': %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "da"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "schimbã fraza-parolã"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "eroare la crearea frazei-parolã: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "nu pot deschide fiºierul: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "eroare la citire `%s': %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "eroare la obþinerea informaþiei pentru cheia curentã: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "eroare la citire `%s': %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "eroare la citire `%s': %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "eroare la creearea `%s': %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "[ID utilizator nu a fost gãsit]"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent nu este disponibil în aceastã sesiune\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "nu mã pot conecta la `%s': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "probleme de comunicare cu gpg-agent\n"
+
+#: common/simple-pwquery.c:416
+#, fuzzy
+msgid "problem setting the gpg-agent options\n"
+msgstr "problemã cu agentul: agentul returneazã 0x%lx\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "anulatã de utilizator\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+#, fuzzy
+msgid "problem with the agent\n"
+msgstr "problemã cu agentul: agentul returneazã 0x%lx\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "nu pot deactiva generarea fiºierelor core: %s\n"
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "AVERTISMENT: proprietate nesigurã (unsafe) pentru extensia `%s'\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "AVERTISMENT: permisiuni nesigure (unsafe) pentru extensia `%s'\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "da"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "dD"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "nu"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "terminã"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "tT"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr "OK|OK"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr "renunþã|renunþã"
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr "oO"
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr "cC"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "certificat incorect"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "certificat incorect"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "certificat incorect"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "certificat incorect"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "certificat incorect"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "certificat incorect"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "certificat incorect"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr "certificat incorect"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "afiºeazã toate datele disponibile"
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: inelul de chei creat\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "validitate: %s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Algoritmuri suportate:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "necifrat"
+
+#: common/audit.c:784 common/audit.c:933
+#, fuzzy
+msgid "Number of recipients"
+msgstr "Destinatari curenþi:\n"
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "algoritm hash invalid `%s'\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Semnãturã fãcutã %s\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "algoritm hash invalid `%s'\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "algoritm de protecþie %d%s nu este suportat\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "verificare semnãturã eliminatã\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "Semnãturã fãcutã %s\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "Semnãturã bunã din \"%s\""
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "algoritm hash invalid `%s'\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "Semnãturã fãcutã %s\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "Aceastã cheie a expirat!"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr "certificat incorect"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "certificat incorect"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Cheie disponibilã la: "
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "certificat incorect"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "certificat incorect"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "versiune necunoscutã"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "Nici un disponibil disponibil pentru `%s'"
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "eroare linia de trailer\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "[nesetat(ã)]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "armurã: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "header armurã invalid: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "header armurã: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "header clearsig invalid\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "header armurã: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "semnãturi text în clar încuibãrite\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "armurã neaºteptatã: "
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "linie cu liniuþã escape invalidã: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "caracter radix64 invalid %02X sãrit\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "eof prematur (nici un CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "eof prematur (în CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "CRC anormal\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "eroare CRC; %06lX - %06lX\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "eof prematur (în trailer)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "eroare linia de trailer\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "nici o datã OpenPGP validã gãsitã.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "armurã invalidã: linie mai lungã de %d caractere\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"caracter printabil în ghilimele în armurã - probabil a fost folosit un MTA "
+"cu bug-uri\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"un nume de notaþie trebuie sã conþinã numai caractere imprimabile sau spaþii "
+"ºi sã se termine cu un '='\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "un nume de notaþie utilizator trebuie sã conþinã caracterul '@'\n"
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "un nume de notaþie trebuie sã nu conþinã mai mult de un caracter '@'\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr ""
+"o valoare de notaþie trebuie sã nu foloseascã nici un caracter de control\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "AVERTISMENT: am gãsit date de notare invalide\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "ilizibil"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "cardul OpenPGP nu e disponibil: %s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "cardul OpenPGP nr. %s detectat\n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "nu pot face acest lucru în modul batch\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "Aceastã comandã nu este permisã în modul %s.\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "pãrþi ale cheii secrete nu sunt disponibile\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Selecþia d-voastrã? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[nesetat(ã)]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "masculin"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "feminin"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "nespecificat(ã)"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "neforþat(ã)"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "forþat(ã)"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "Eroare: Deocamdatã sunt permise numai caractere ASCII.\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "Eroare: Caracterul \"<\" nu poate fi folosit.\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "Eroare: Spaþiile duble nu sunt permise.\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "Numele de familie al proprietarului cardului: "
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "Prenumele proprietarului cardului: "
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "Eroare: Nume combinat prea lung (limita este de %d caractere).\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "URL pentru a aduce cheia publicã: "
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "Eroare: URL prea lung (limita este de %d caractere).\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "eroare la crearea inelului de chei `%s': %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "eroare la citire `%s': %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "eroare la scrierea inelului de chei `%s': %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "Date login (nume cont): "
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "Eroare: datele de login prea lungi (limita este de %d caractere).\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr "Date DO personale: "
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "Eroare DO personal pre lung (limita este de %d caractere).\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "Preferinþe limbã: "
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "Eroare: lungime invalidã pentru ºir preferinþe.\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Eroare: caractere invalide în ºir preferinþe.\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "Sex ((M)asculin, (F)eminin sau spaþiu): "
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "Eroare: rãspuns invalid.\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "Amprenta CA: "
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "Eroare: amprentã formatatã invalid.\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "operaþia pe cheie nu e posibilã: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "nu este un card OpenPGP"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "eroare la obþinerea informaþiei pentru cheia curentã: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "Înlocuiesc cheia existentã? (d/N) "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Ce lungime de cheie doriþi? (%u) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Ce lungime de cheie doriþi? (%u) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Ce lungime de cheie doriþi? (%u) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "rotunjitã prin adaos la %u biþi\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "dimensiunile cheii %s trebuie sã fie în intervalul %u-%u\n"
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "eroare trimitere la `%s': %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "Creez copie de rezervã a cheii de cifrare în afara cardului? (d/N) "
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "cheia secretã deja stocatã pe un card\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "Înlocuiesc cheile existente? (d/N) "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"Vã rugãm sã observaþi cã setãrile din fabricã ale PIN-urilor sunt\n"
+" PIN = `%s' PIN Admin = `%s'\n"
+"Ar trebui sã le schimbaþi folosind comanda --change-pin\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "Vã rugãm selectaþi tipul de cheie de generat:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) Cheie de semnare\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) Cheie de cifrare\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) Cheie de autentificare\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Selecþie invalidã.\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "Vã rugãm selectaþi unde sã fie stocatã cheia:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "algoritm de protecþie a cheii necunoscut\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "pãrþi secrete ale cheii nu sunt disponibile\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "cheia secretã deja stocatã pe un card\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "eroare la scrierea inelului de chei `%s': %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "ieºi din acest meniu"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "aratã comenzi administrare"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "afiºeazã acest mesaj"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "afiºeazã toate datele disponibile"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "schimbã numele purtãtorului cardului"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "schimbã URL-ul de unde sã fie adusã cheia"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "adu cheia specificatã de URL-ul de pe card"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "schimbã numele de login"
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "schimbã preferinþele de limbã"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "schimbã sexul purtãtorului cardului"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "schimbã o amprentã CA"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr "comutã fanionul PIN de forþare a semnãturii"
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "genereazã noi chei"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "meniu pentru a schimba sau debloca PIN-ul"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr "verificã PIN-ul ºi listeazã toate datele"
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "Comandã numai-administrare\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "Sunt permise comenzi administrare\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "Nu sunt permise comenzi administrare\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Comandã invalidã (încercaþi \"ajutor\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output nu merge pentru aceastã comandã\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "nu pot deschide `%s'\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "cheia \"%s\" nu a fost gãsitã: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "eroare la citire keyblock: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(dacã nu specificaþi cheia prin amprentã)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "nu pot face acest lucru în mod batch fãrã \"--yes\"\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "ªterge aceastã cheie din inelul de chei? (d/N) "
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Aceasta este o cheie secretã! - chiar doriþi sã o ºtergeþi? (d/N) "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "stergere keyblock a eºuat: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "informaþii încredere-proprietar curãþate\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "existã o cheie secretã pentru cheia publicã \"%s\"!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr ""
+"folosiþi opþiunea \"--delete-secret-keys\" pentru a o ºterge pe aceasta mai "
+"întâi.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "eroare la crearea frazei-parolã: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "nu pot crea un pachet ESK simetric datoritã modului S2K\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "folosesc cifrul %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "`%s' deja compresat\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "AVERTISMENT: `%s' este un fiºier gol\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"în modul --pgp2 puteþi cifra numai cu chei RSA de 2048 biþi sau mai puþin\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "citesc din `%s'\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"nu pot folosi cifrul IDEA pentru pentru toate cheile pentru care cifraþi.\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"AVERTISMENT: forþând cifrul simetric %s (%d) violaþi preferinþele "
+"destinatarului\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"AVERTISMENT: forþând algoritmul de compresie %s (%d) violaþi preferinþele "
+"destinatarului\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "forþând cifrul simetric %s (%d) violaþi preferinþele destinatarului\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "nu puteþi folosi %s câtã vreme în modul %s\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s cifrat pentru: \"%s\"\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s date cifrate\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "cifrat cu un algoritm necunoscut %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"AVERTISMENT: mesajul a fost cifrat cu o cheie slabã din cifrul simetric.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "problemã cu mânuirea pachetului cifrat\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "nu este suportatã execuþia nici unui program la distanþã\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"chemarea programelor externe sunt deactivate datoritã opþiunilor nesigure "
+"pentru permisiunile fiºierului\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"aceastã platformã necesitã fiºiere temporare când sunt chemate programe "
+"externe\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "nu pot executa programul `%s': %s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "nu pot executa shell-ul `%s': %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "eroare de sistem la chemarea programului extern: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "ieºire nenaturalã a programului extern\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "nu pot executa programul extern\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "nu pot citi rãspunsul programului extern: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "AVERTISMENT: nu pot ºterge fiºierul temporar (%s) `%s': %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "AVERTISMENT: nu pot ºterge directorul temporar `%s': %s\n"
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr "Semnãtura va fi marcatã ca non-revocabilã.\n"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+#, fuzzy
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "nici o cheie de revocare gãsitã pentru \"%s\"\n"
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr "revocã cheia sau subcheile selectate"
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "cheie secretã de nefolosit"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "exportul cheilor secrete nu este permis\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "cheia %s: nu e protejatã - sãritã\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "cheia %s: cheie stil PGP 2.x - sãritã\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "cheia %s: semnãturã subcheie într-un loc greºit - sãritã\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "am eºuat sã stochez cheia: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "AVERTISMENT: cheia secretã %s nu are un checksum SK simplu\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "AVERTISMENT: nimic exportat\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "prea multe intrãri în cache-ul pk - deactivat\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[ID utilizator nu a fost gãsit]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "eroare la creearea `%s': %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "Amprenta CA: "
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr "Cheia invalidã %s fãcutã validã de --allow-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "nici o subcheie secretã pentru subcheia publicã %s - ignoratã\n"
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "folosim subcheia %s în loc de cheia primarã %s\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "cheia %s: cheie secretã fãrã cheie publicã - sãritã\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "|[fiºier]|creazã o semnãturã"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[fiºier]|creazã o semnãturã text în clar"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "creazã o semnãturã detaºatã"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "cifreazã datele"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "cifreazã numai cu cifru simetric"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "decripteazã datele (implicit)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "verificã o semnãturã"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "enumerã chei"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "enumerã chei ºi semnãturi"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "enumerã ºi verificã semnãturile cheii"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "enumerã chei ºi amprente"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "enumerã chei secrete"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "genereazã o nouã perechi de chei"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "genereazã un certificat de revocare"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "ºterge chei de pe inelul de chei public"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "ºterge chei de pe inelul de chei secret"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "semneazã o cheie"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "semneazã o cheie local"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "semneazã sau editeazã o cheie"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "schimbã fraza-parolã"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "exportã chei"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "exportã chei pentru un server de chei"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "importã chei de la un server de chei"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "cautã pentru chei pe un server de chei"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "actualizeazã toate cheile de la un server de chei"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "importã/combinã chei"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "afiºeazã starea cardului"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "schimbã data de pe card"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "schimbã PIN-ul unui card"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "actualizeazã baza de date de încredere"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|algo [fiºiere]|afiºeazã rezumate mesaje"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "creazã ieºire în armurã ascii"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|NUME|cifrare pentru NUME"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "foloseºte acest id-utilizator pentru a semna sau decripta"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|seteazã nivel de compresie N (0 deactiveazã)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "foloseºte modul text canonic"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "|FIªIER|încarcã modulul extensie FIªIER"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "nu face nici o schimbare"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "întreabã înainte de a suprascrie"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "foloseºte comportament strict OpenPGP"
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Aratã pagina man pentru o listã completã a comenzilor ºi opþiunilor)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Exemple:\n"
+"\n"
+" -se -r Dan [fiºier] semneazã ºi cifreazã pentru utilizatorul Dan\n"
+" --clearsign [fiºier] creazã o semnãturã text în clar\n"
+" --detach-sign [fiºier] creazã o semnãturã detaºatã\n"
+" --list-keys [nume] aratã chei\n"
+" --fingerprint [nume] aratã amprente\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Folosire: gpg [opþiuni] [fiºiere] (-h pentru ajutor)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintaxã: gpg [opþiuni] [fiºiere]\n"
+"sign, check, encrypt sau decrypt\n"
+"operaþiunea implicitã depinde de datele de intrare\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Algoritmuri suportate:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Pubkey: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Cifru: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Hash: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Compresie: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "folosire: gpg [opþiuni] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "comenzi în conflict\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "nu am gãsit nici un semn = în definiþia grupului `%s'\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr ""
+"AVERTISMENT: proprietate nesigurã (unsafe) pentru directorul home `%s'\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr ""
+"AVERTISMENT: proprietate nesigurã (unsafe) pentru fiºier configurare `%s'\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "AVERTISMENT: proprietate nesigurã (unsafe) pentru extensia `%s'\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr ""
+"AVERTISMENT: permisiuni nesigure (unsafe) pentru directorul home `%s'\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr ""
+"AVERTISMENT: permisiuni nesigure (unsafe) pentru fiºier configurare `%s'\n"
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "AVERTISMENT: permisiuni nesigure (unsafe) pentru extensia `%s'\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr ""
+"AVERTISMENT: proprietate director incluziuni nesigur (unsafe) pentru "
+"directorul home `%s'\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+"AVERTISMENT: proprietate director incluziuni nesigur (unsafe) pentru fiºier "
+"configurare `%s'\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+"AVERTISMENT: proprietate director incluziuni nesigur (unsafe) pentru "
+"extensia `%s'\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+"AVERTISMENT: permisiuni director incluziuni nesigure (unsafe) pentru "
+"directorul home `%s'\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+"AVERTISMENT: permisiuni director incluziuni nesigure (unsafe) pentru fiºier "
+"configurare `%s'\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+"AVERTISMENT: permisiuni director incluziuni nesigure (unsafe) pentru "
+"extensia `%s'\n"
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "articol configurare necunoscut `%s'\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+#, fuzzy
+msgid "show all notations during signature listings"
+msgstr "Nici o semnãturã corespunzãtoare în inelul secret\n"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "URL-ul serverului de chei preferat furnizat este invalid\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr "aratã cãruia dintre inelele de chei îi aparþine o cheie enumeratã"
+
+#: g10/gpg.c:1721
+#, fuzzy
+msgid "show expiration dates during signature listings"
+msgstr "Nici o semnãturã corespunzãtoare în inelul secret\n"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "NOTÃ: fisier opþiuni implicite vechi `%s' ignorat\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "NOTÃ: %s nu este pentru o folosire normalã!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "`%s' nu este expirare de semnãturã validã\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "`%s' nu este un set de carectere valid\n"
+
+#
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "nu am putut interpreta URL-ul serverului de chei\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: opþiuni server de chei invalide\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "opþiuni server de chei invalide\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: opþiuni import invalide\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "opþiuni import invalide\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: opþiuni export invalide\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "opþiuni export invalide\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: opþiuni enumerare invalide\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "opþiuni enumerare invalide\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "`%s' nu este expirare de semnãturã validã\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "URL-ul serverului de chei preferat furnizat este invalid\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "`%s' nu este expirare de semnãturã validã\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "`%s' nu este expirare de semnãturã validã\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: opþiuni verificare invalide\n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "opþiuni verificare invalide\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "nu pot seta cale-execuþie ca %s\n"
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: opþiuni verificare invalide\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "AVERTISMENT: programul ar putea crea un fiºier core!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "AVERTISMENT: %s înlocuieºte %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s nu este permis cu %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s nu are sens cu %s!\n"
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "nu va rula cu memorie neprotejatã (insecure) pentru cã %s\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+"puteþi crea doar semnãturi detaºate sau în clar câtã vreme sunteþi în modul "
+"--pgp2\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr ""
+"nu puteþi semna ºi cifra în acelaºi timp câtã vreme sunteþi în modul --pgp2\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+"trebuie sã folosiþi fiºiere (ºi nu un pipe) când lucraþi cu modul --pgp2 "
+"activat.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "cifrarea unui mesaj în modul --pgp2 necesitã un cifru IDEA\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "algoritm cifrare selectat este invalid\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "algoritm rezumat selectat este invalid\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "algoritm compresie selectat este invalid\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "algoritm rezumat certificare selectat este invalid\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed trebuie sã fie mai mare decât 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed trebuie sã fie mai mare decât 1\n"
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth trebuie sã fie în intervalul de la 1 la 255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "default-cert-level invalid; trebuie sã fie 0, 1, 2 sau 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "min-cert-level invalid; trebuie sã fie 0, 1, 2 sau 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "NOTÃ: modul S2K simplu (0) este contraindicat cu insistenþã\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "mod S2K invalid; trebuie sã fie 0, 1 sau 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "preferinþe implicite invalide\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "preferinþe cifrare personale invalide\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "preferinþe rezumat personale invalide\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "preferinþe compresie personale invalide\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s nu merge încã cu %s!\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "nu puteþi folosi algoritmul de cifrare `%s' câtã vreme în modul %s\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "nu puteþi folosi algorimul de rezumat `%s' câtã vreme în modul %s\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "nu puteþi folosi algoritmul de compresie `%s' câtã vreme în modul %s\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "am eºuat sã iniþializez TrustDB:%s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"AVERTISMENT: destinatari (-r) furnizaþi fãrã a folosi cifrare cu cheie "
+"publicã\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [nume_fiºier]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [nume_fiºier]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "cifrarea simetricã a lui `%s' a eºuat: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [nume_fiºier]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [nume_fiºier]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr "nu puteþi folosi --symmetric --encrypt cu --s2k-mode 0\n"
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "nu puteþi folosi --symmetric --encrypt câtã vreme în modul %s\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [nume_fiºier]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [nume_fiºier]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [nume_fiºier]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr "nu puteþi folosi --symmetric --sign --encrypt cu --s2k-mode 0\n"
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "nu puteþi folosi --symmetric --sign --encrypt câtã vreme în modul %s\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [nume_fiºier]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [nume_fiºier]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [nume_fiºier]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key id-utilizator"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key id-utilizator"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key id-utilizator [comenzi]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key id-utilizator"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "trimitere server de chei eºuatã: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "recepþie server de chei eºuatã: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "export cheie eºuat: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "cãutare server de chei eºuatã: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "actualizare server de chei eºuatã: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "eliminarea armurii a eºuat: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "punerea armurii a eºuat: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "algoritm hash invalid `%s'\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[nume_fiºier]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Daþi-i drumul ºi scrieþi mesajul ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "URL-ul politicii de certificare furnizat este invalid\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "URL-ul politicii de semnãturi furnizat este invalid\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "URL-ul serverului de chei preferat furnizat este invalid\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "ia cheile de pe acest inel de chei"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "dã numai un avertisment la conflicte de timestamp"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|scrie informaþii de stare în acest FD"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Folosire: gpgv [opþiuni] [fiºiere] (-h pentru ajutor)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Sintaxã: gpg [opþiuni] [fiºiere]\n"
+"Verificã semnãturi folosind cheile cunoscute ca fiind de încredere\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Nici un ajutor disponibil"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Nici un disponibil disponibil pentru `%s'"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "actualizeazã baza de date de încredere"
+
+#: g10/import.c:100
+#, fuzzy
+msgid "create a public key when importing a secret key"
+msgstr "cheia publicã nu se potriveºte cu cheia secretã!\n"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "cheie secretã de nefolosit"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "bloc de tip %d sãrit\n"
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu chei procesate pânã acum\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Numãr total procesate: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " chei noi sãrite: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " fãrã ID-uri utilizator: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importate: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " neschimbate: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " noi ID-uri utilizator: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " noi subchei: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " noi semnãturi: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " noi revocãri de chei: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " chei secrete citite: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " chei secrete importate: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr "chei secrete neschimbate: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " ne importate: %lu\n"
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr "semnãturi create pânã acum: %lu\n"
+
+#: g10/import.c:325
+#, fuzzy, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " chei secrete citite: %lu\n"
+
+#: g10/import.c:606
+#, fuzzy, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr "AVERTISMENT: cheia %s conþine preferinþe pentru indisponibil\n"
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " \"%s\": preferinþã pentru algoritm de cifrare %s\n"
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " \"%s\": preferinþã pentru algoritm rezumat %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " \"%s\": preferinþã pentru algoritm compresie %s\n"
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+"este puternic sugerat sã vã actualizaþi preferinþele ºi re-distribuiþi\n"
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+"aceastã cheie pentru a avita probleme potenþiale de ne-potrivire de "
+"algoritm\n"
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr "vã puteþi actualiza preferinþele cu: gpg --edit-key %s updpref save\n"
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "cheia %s: nici un ID utilizator\n"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "cheia %s: subcheia HPK coruptã a fost reparatã\n"
+
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "cheia %s: am acceptat ID-ul utilizator ce nu e auto-semnat \"%s\"\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "cheia %s: nici un ID utilizator valid\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "aceasta poate fi cauzatã de o auto-semnãturã ce lipseºte\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "cheia %s: cheia publicã nu a fost gãsitã: %s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "cheia %s: cheie nouã - sãritã\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "n-am gãsit nici un inel de chei ce poate fi scris: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "scriu în `%s'\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "eroare la scrierea inelului de chei `%s': %s\n"
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "cheia %s: cheia publicã \"%s\" importatã\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "cheia %s: nu se potriveºte cu copia noastrã\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "cheia %s: nu pot gãsi keyblock-ul original: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "cheia %s: nu pot citi keyblock-ul original: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "cheia %s: \"%s\" 1 nou ID utilizator\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "cheia %s: \"%s\" %d noi ID-uri utilizator\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "cheia %s: \"%s\" 1 nouã semnãturã\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "cheia %s: \"%s\" %d noi semnãturi\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "cheia %s: \"%s\" 1 nouã subcheie\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "cheia %s: \"%s\" %d noi subchei\n"
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "cheia %s: \"%s\" %d noi semnãturi\n"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "cheia %s: \"%s\" %d noi semnãturi\n"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "cheia %s: \"%s\" %d noi ID-uri utilizator\n"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "cheia %s: \"%s\" %d noi ID-uri utilizator\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "cheia %s: \"%s\" nu a fost schimbatã\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "cheia %s: cheie secretã cu cifru invalid %d - sãritã\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "importul de chei secrete nu este permis\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "nici un inel de chei secrete implicit: %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "cheia %s: cheie secretã importatã\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "cheia %s: deja în inelul de chei secrete\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "cheia %s: cheia secretã nu a fost gãsitã: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"cheia %s: nici o cheie publicã - nu pot aplica certificatul de revocare\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "cheia %s: certificat de revocare invalid: %s - respins\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "cheia %s: certificatul de revocare \"%s\" importat\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "cheia %s: nici un ID utilizator pentru semnãturã\n"
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"cheia %s: algoritm cu cheie publicã nesuportat pentru ID-ul utilizator \"%s"
+"\"\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "cheia %s: auto-semnãturã invalidã pentru ID-ul utilizator \"%s\"\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "cheia %s: algoritm cu cheie publicã nesuportat\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "cheia %s: am adãugat semnãtura de cheie directã\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "cheia %s: nici o subcheie pentru legarea cheii\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "cheia %s: legare subcheie invalidã\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "cheia %s: am ºters multiple legãturi de subchei\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "cheia %s: nici o subcheie pentru revocare de cheie\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "cheia %s: revocare de subcheie invalidã\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "cheia %s: am ºters multiple revocãri de subcheie\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "cheia %s: am sãrit ID-ul utilizator \"%s\"\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "cheia %s: am sãrit subcheia\n"
+
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "cheia %s: semnãtura nu poate fi exportatã (clasa 0x%02X) - sãritã\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "cheia %s: certificat de revocare într-un loc greºit - sãrit\n"
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "cheia %s: certificat de revocare invalid: %s - sãrit\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "cheia %s: semnãturã subcheie într-un loc greºit - sãritã\n"
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "cheia %s: clasã de semnãturã neaºteptatã (0x%02X) - sãritã\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "cheia %s: am detectat un ID utilizator duplicat - combinate\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr "AVERTISMENT: cheia %s poate fi revocatã: aduc revocarea cheii %s\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"AVERTISMENT: cheia %s poate fi revocatã: cheia de revocare %s nu este "
+"prezentã.\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "cheia %s: am adãugat certificatul de revocare \"%s\"\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "cheia %s: am adãugat semnãtura de cheie directã\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "NOTÃ: S/N-ul unei chei nu se potriveºte cu cel al cardului\n"
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "NOTÃ: cheia primarã este online ºi stocatã pe card\n"
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "NOTÃ: cheia secundarã este online ºi stocatã pe card\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "eroare la crearea inelului de chei `%s': %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "inelul de chei `%s' creat\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "resursã keyblock `%s': %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "am eºuat sã reconstruiesc cache-ul inelului de chei: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[revocare]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[auto-semnãturã]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 semnãturã incorectã\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d semnãturi incorecte\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 semnãturã nu a fost verificatã din cauza unei chei lipsã\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d semnãturi nu au fost verificate din cauza unor chei lipsã\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 semnãturã nu a fost verificatã din cauza unei erori\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d semnãturi nu au fost verificate din cauza unor erori\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "am gãsit 1 ID utilizator fãrã auto-semnãturã validã\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "am gãsit %d ID-uri utilizator fãrã auto-semnãturi valide\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Vã rugãm decideþi cât de multã încredere aveþi în acest utilizator\n"
+"pentru a verifica cheile altor utilizatori (folosind paºapoarte,\n"
+"verificând amprentele din diferite surse, etc.)\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Am o încredere marginalã\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Am toatã încrederea\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"Vã rugãm sã introduceþi adâncimea acestei semnãturi de încredere.\n"
+"O adâncime mai mare de 1 permite ca cheia pe care o semnaþi sã facã\n"
+"semnãturi de încredere în numele d-voastrã.\n"
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+"Vã rugãm sã introduceþi domeniul de restricþionare al acestei semnãturi, sau "
+"apãsaþi enter pentru niciunul.\n"
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "ID utilizator \"%s\" a fost revocat."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Sunteþi sigur(ã) cã doriþi sã ºtergeþi permanent \"%s\"? (d/N)"
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Nu pot semna.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "ID utilizator \"%s\" este expirat."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "ID-ul utilizator \"%s\" nu este auto-semnat."
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "ID-ul utilizator \"%s\" poate fi semnat. "
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr "Doriþi sã-l semnaþi? (d/N) "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"Auto-semnãtura pe \"%s\"\n"
+"este o semnãturã stil PGP 2.x.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Doriþi sã o promovaþi la o auto-semnãturã OpenPGP? (d/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Semnãtura d-voastrã curentã pe \"%s\"\n"
+"a expirat.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+"Doriþi sã creaþi o nouã semnãturã pentru a o înlocui pe cea expiratã? (d/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Semnãtura d-voastrã curentã pe \"%s\"\n"
+"semnãturã localã.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "Doriþi sã o promovaþi la o semnãturã total exportabilã? (d/N) "
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" a fost deja semnatã local de cheia %s\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" a fost deja semnatã de cheia %s\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Doriþi sã o semnaþi oricum din nou? (d/N) "
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Nimic de semnat cu cheia %s\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Aceastã cheie a expirat!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Aceastã cheie va expira pe %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Doriþi ca semnãtura d-voastrã sã expire în acelaºi timp? (D/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"Nu puteþi crea o semnãturã OpenPGP pe o cheie PGP 2.x câtã vreme sunteþi în "
+"modul --pgp2.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Aceasta va face cheia de nefolosit în PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Cât de atent aþi verificat cã cheia pe care sunteþi pe cale a o semna "
+"aparþine\n"
+"într-adevãr persoanei numite deasupra? Dacã nu ºtiþi ce sã rãspundeþi,\n"
+"introduceþi \"0\".\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Nu voi rãspunde.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Nu am verificat deloc.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Am fãcut ceva verificãri superficiale.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Am fãcut verificãri foarte atente.%s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Selecþia dvs.? (introduceþi `?' pentru informaþii suplimentare): "
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Sunteþi într-adevãr sigur(ã) cã doriþi sã semnaþi\n"
+"aceastã cheie cu cheia d-voastrã \"%s\" (%s)\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "Aceasta va fi o auto-semnãturã.\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr "AVERTISMENT: semnãtura nu va fi marcatã ca non-exportabilã.\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr "AVERTISMENT: semnãtura nu va fi marcatã ca non-revocabilã.\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "Semnãtura va fi marcatã ca non-exportabilã.\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "Semnãtura va fi marcatã ca non-revocabilã.\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "Nu am verificat aceastã cheie deloc.\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "Am verificat aceastã cheie superficial.\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "Am verificat aceastã cheie foarte atent.\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "Doriþi cu adevãrat sã semnaþi? (d/N) "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "semnarea a eºuat: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+"Cheia are numai articole de cheie sau talon (stub) pe card - nici o frazã "
+"parolã de schimbat.\n"
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Aceastã cheie nu este protejatã.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Pãrþile secrete ale cheii primare nu sunt disponibile.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Pãrþi secrete ale cheii primare sunt stacate pe card.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Cheia este protejatã.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Nu pot edita aceastã cheie: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Introduceþi noua frazã-parolã pentru acestã cheie secretã.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "fraza-parolã nu a fost repetatã corect; mai încercaþi o datã"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Nu doriþi o frazã-parolã - aceasta este probabil o idee *proastã*!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "Doriþi într-adevãr sã faceþi acest lucru? (d/N) "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "mut o semnãturã de cheie în locul corect\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "salveazã ºi terminã"
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr "afiºeazã amprenta cheii"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "enumerã chei ºi ID-uri utilizator"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "selecteazã ID utilizator N"
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr "selecteazã subcheia N"
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr "verificã semnãturi"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+"semneazã ID-urile utilizator selectate [* vezi mai jos pentru comenzi "
+"relevante]"
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr "semneazã ID-urile utilizatorilor selectaþi local"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr "semneazã ID-urile utilizatorilor selectaþi cu o semnãturã de încredere"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr "semneazã ID-urile utilizatorilor selectaþi cu o semnãturã irevocabilã"
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "adaugã un ID utilizator"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "adaugã o pozã ID"
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr "ºterge ID-urile utilizator selectate"
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr "adaugã o subcheie"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr "adaugã o cheie la un smartcard"
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr "mutã o cheie pe un smartcard"
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr "mutã o cheie de rezervã pe un smartcard"
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr "ºterge subcheile selectate"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "adaugã o cheie de revocare"
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr "ºterge semnãturile de pe ID-urile utilizator selectate"
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "schimbã data de expirare pentru cheia sau subcheile selectate"
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr "marcheazã ID-ul utilizator selectat ca primar"
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr "comutã între listele de chei secrete ºi publice"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "enumerã preferinþele (expert)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "afiºeazã preferinþele (detaliat)"
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr "seteazã lista de preferinþe pentru ID-urile utilizator selectate"
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr ""
+"seteazã URL-ul serverului de chei preferat pentru ID-urile utilizator "
+"selectate"
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr "seteazã lista de preferinþe pentru ID-urile utilizator selectate"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "schimbã fraza-parolã"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "schimbã încrederea pentru proprietar"
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr "revocã semnãturile pentru ID-urile utilizator selectate"
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr "revocã ID-urile utilizator selectate"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr "revocã cheia sau subcheile selectate"
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr "activeazã cheia"
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr "deactiveazã cheia"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr "aratã pozele pentru ID-urile utilizator selectate"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "eroare la citire keyblock secret \"%s\": %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Cheia secretã este disponibilã.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Aveþi nevoie de cheia secretã pentru a face aceasta.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Vã rugãm folosiþi mai întâi comanda \"toggle\".\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* Comanda `sign' (semneazã) poate fi prefixatã cu un `l' pentru semnãturi\n"
+" locale (lsign), un `t' pentru semnãturi de încredere (tsign), un `nr'\n"
+" pentru semnãturi irevocabile (nrsign), sau orice combinaþie a acestora\n"
+" (ltsign, tnrsign, etc.).\n"
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "Cheia este revocatã."
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Semnaþi într-adevãr toate ID-urile utilizator? (d/N) "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Sugestie: Selectaþi ID-ul utilizator de semnat\n"
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "Tip de semnãturã necunoscut `%s'\n"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Aceastã comandã nu este permisã în modul %s.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Trebuie mai întâi sã selectaþi cel puþin un ID utilizator.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Nu puteþi ºterge ultimul ID utilizator!\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "ªtergeþi într-adevãr toate ID-urile utilizator selectate? (d/N) "
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "ªtergeþi într-adevãr acest ID utilizator? (d/N) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr "Mutaþi într-adevãr cheia primarã? (d/N) "
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "Trebuie sã selectaþi exact o cheie.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr "Comanda aºteaptã un nume de fiºier ca argument\n"
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "Nu pot deschide `%s': %s\n"
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "Eroare citind cheia de rezervã de pe `%s': %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Trebuie sã selectaþi cel puþin o cheie.\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Doriþi într-adevãr sã ºtergeþi cheile selectate? (d/N) "
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Doriþi într-adevãr sã ºtergeþi aceastã cheie? (d/N) "
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr ""
+"Doriþi într-adevãr sã revocaþi toate ID-urile utilizator selectate? (d/N) "
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Doriþi într-adevãr sã revocaþi acest ID utilizator? (d/N) "
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Doriþi într-adevãr sã revocaþi toatã cheia? (d/N) "
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Doriþi într-adevãr sã revocaþi subcheile selectate? (d/N) "
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Doriþi într-adevãr sã revocaþi aceastã subcheie? (d/N) "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+"Încrederea proprietar nu poate fi setatã când este folositã o bazã de date "
+"de încredere furnizatã de utilizator\n"
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "Seteazã lista de preferinþe ca:\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+"Doriþi într-adevãr sã actualizaþi preferinþele pentru ID-urile utilizator "
+"selectate? (d/N) "
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "Doriþi într-adevãr sã actualizaþi preferinþele? (d/N) "
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "Salvaþi schimbãrile? (d/N) "
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "Terminaþi fãrã a salva? (d/N) "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "actualizarea a eºuat: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "actualizarea secretului a eºuat: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Cheia nu a fost schimbatã aºa cã nici o actualizare a fost necesarã.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Rezumat: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Capabilitãþi: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr "Server de chei no-modify"
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr "Server de chei preferat: "
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr "Notaþie:"
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "Nu existã nici o preferinþã pentru un ID utilizator stil PGP 2.x.\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Aceastã cheie a fost revocatã pe %s de %s cheia %s\n"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Aceastã cheie poate fi revocatã de %s cheia %s"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr " (senzitiv)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "creatã: %s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "revocatã: %s"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "expiratã: %s"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "expirã: %s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "folosire: %s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr "încredere: %s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "validitate: %s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Aceastã cheie a fost deactivatã"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr "nr-card: "
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Vã rugãm observaþi cã validitatea cheii arãtate nu este în mod necesar\n"
+"corectã dacã nu reporniþi programul.\n"
+
+#
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "revocatã"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "expiratã"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"AVERTISMENT: nici un ID utilizator nu a fost marcat ca primar.\n"
+" Aceastã comandã poate cauza ca un alt ID utilizator\n"
+" sã devinã ID-ul utilizator primar presupus.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"AVERTISMENT: Aceasta este o cheie stil PGP2. Adãugarea unei poze ID poate\n"
+" cauza unele versiuni de PGP sã respingã aceastã cheie.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Sunteþi încã sigur(ã) cã doriþi sã o adãugaþi? (d/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "Nu puteþi adãuga o pozã ID la o cheie stil PGP2.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "ªtergeþi aceastã semnãturã bunã? (d/N/t)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "ªtergeþi aceastã semnãturã invalidã? (d/N/t)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "ªtergeþi aceastã semnãturã necunoscutã? (d/N/t)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "ªtergeþi într-adevãr aceastã auto-semnãturã? (d/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Am ºters %d semnãturi.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "Am ºters %d semnãturi.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Nu am ºters nimic.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "invalid(ã)"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "ID utilizator \"%s\" a fost revocat."
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "ID utilizator \"%s\" a fost revocat."
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "ID utilizator \"%s\" a fost revocat."
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "ID-ul utilizator \"%s\": este deja curat.\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "ID-ul utilizator \"%s\": este deja curat.\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"AVERTISMENT: Aceasta este o cheie stil PGP 2.x. Adãugarea unui revocator\n"
+" desemnat poate face ca unele versiuni de PGP sã respingã "
+"cheia.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "Nu puteþi adãuga un revocator desemnat la o cheie stil PGP 2.x.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Introduceþi ID-ul utilizator al revocatorului desemnat: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "nu pot desemna o cheie stil PGP 2.x ca un revocator desemnat\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "nu puteþi desemna o cheie ca propriul sãu revocator desemnat\n"
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr "aceastã cheie a fost deja desemnatã ca un revocator\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"AVERTISMENT: desemnarea unei chei ca un revocator desemnat nu poate fi "
+"anulatã!\n"
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Sunteþi sigur(ã) cã doriþi sã desemnaþi aceastã cheie ca ºi un revocator "
+"desemnat? (d/N) "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Vã rugãm ºtergeþi selecþiile din cheile secrete.\n"
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr "Vã rugãm selectaþi cel mult o subcheie.\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Schimb timpul de expirare pentru o subcheie.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Schimb timpul de expirare pentru cheia primarã.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Nu puteþi schimba data de expirare a unei chei v3\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Nici o semnãturã corespunzãtoare în inelul secret\n"
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr ""
+"AVERTISMENT: subcheia de semnare %s nu este certificatã reciproc (cross-"
+"certified)\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Vã rugãm selectaþi exact un ID utilizator.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "auto-semnãturã v3 sãritã pentru ID-ul utilizator \"%s\"\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr "Introduceþi URL-ul serverului de chei preferat: "
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Sunteþi sigur(ã) cã doriþi sã o folosiþi? (d/N) "
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Sunteþi sigur(ã) cã doriþi sã o folosiþi? (d/N) "
+
+#: g10/keyedit.c:4322
+#, fuzzy
+msgid "Enter the notation: "
+msgstr "Notare semnãturã: "
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "Suprascriu? (d/N) "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Nici un ID utilizator cu indicele %d\n"
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Nici un ID utilizator cu hash-ul %s\n"
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "Nici o subcheie cu indicele %d\n"
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "ID utilizator: \"%s\"\n"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "semnatã de cheia d-voastrã %s la %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (non-exportabilã)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Aceastã semnãturã a expirat pe %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Sunteþi încã sigur(ã) cã doriþi sã o revocaþi? (d/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Creaþi un certificat de revocare pentru aceastã semnãturã? (d/N) "
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr ""
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Aþi semnat aceste ID-uri utilizator pe cheia %s:\n"
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (non-revocabilã)"
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "revocatã de cheia d-voastrã %s pe %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Sunteþi pe cale sã revocaþi aceste semnãturi:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Doriþi într-adevãr sã creaþi certificatele de revocare? (d/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "nici o cheie secretã\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "ID-ul utilizator \"%s\" este deja revocat\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+"AVERTISMENT: o semnãturã ID utilizator este datatã %d secunde în viitor\n"
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "Cheia %s este deja revocatã.\n"
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "Subcheia %s este deja revocatã.\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "Afiºez poza ID %s de dimensiune %ld pentru cheia %s (uid %d)\n"
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "preferinþa `%s' duplicatã\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "prea multe preferinþe de cifrare\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "prea multe preferinþe de rezumat\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "prea multe preferinþe de compresie\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "articol invalid `%s' în ºirul de preferinþe\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "scriu semnãturã directã\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "scriu auto semnãturã\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "scriu semnãturã legatã de cheie\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "lungime cheie invalidã; folosesc %u biþi\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "lungime cheie rotunjitã la %u biþi\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "Semneazã"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "Cifreazã"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "Autentificã"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr "SsCcAaTt"
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "Acþiuni posibile pentru o cheie %s: "
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr "Acþiuni permise curent: "
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) Comutã capabilitatea de semnare\n"
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) Comutã capabilitatea de cifrare\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) Comutã capabilitatea de autentificare\n"
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) Terminat\n"
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Selectaþi ce fel de cheie doriþi:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA ºi Elgamal (implicit)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA ºi Elgamal (implicit)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (numai semnare)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (numai semnare)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) Elgamal (numai cifrare)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (numai cifrare)\n"
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (seteazã singur capabilitãþile)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (seteazã singur capabilitãþile)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "cheile %s pot avea lungimea între %u ºi %u biþi.\n"
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Ce lungime de cheie doriþi? (%u) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Ce lungime de cheie doriþi? (%u) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Lungimea cheii necesarã este %u biþi\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Specificaþi cât de mult timp doriþi sã fie validã cheia.\n"
+" 0 = cheia nu expirã\n"
+" <n> = cheia expirã în n zile\n"
+" <n>w = cheia expirã în n sãptãmâni\n"
+" <n>m = cheia expirã în n luni\n"
+" <n>y = cheia expirã în n ani\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Specificaþi cât de mult timp doriþi sã fie validã semnãtura.\n"
+" 0 = semnãtura nu expirã\n"
+" <n> = semnãtura expirã în n zile\n"
+" <n>w = semnãtura expirã în n sãptãmâni\n"
+" <n>m = semnãtura expirã în n luni\n"
+" <n>y = semnãtura expirã în n ani\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Cheia este validã pentru? (0) "
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Semnãtura este validã pentru? (%s) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "valoare invalidã\n"
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr "Cheia nu expirã deloc\n"
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr "Semnãtura nu expirã deloc\n"
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "Cheia expirã pe %s\n"
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "Semnãtura expirã pe %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Sistemul d-voastrã nu poate afiºa date dupã 2038.\n"
+"Totuºi, acestea vor fi corect mânuite pânã în 2106.\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "Este aceasta corect? (d/N) "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Aveþi nevoie de un ID utilizator pentru a identifica cheia; software-ul\n"
+"construieºte ID-ul utilizator din Numele Real, Comentariul ºi Adresa de "
+"Email\n"
+"în aceastã formã:\n"
+" \"Popa Ioan (popicã) <popa.ioan@compania.ro>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Nume real: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Caracter invalid în nume\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Numele nu poate începe cu o cifrã\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Numele trebuie sã fie de cel puþin 5 caractere\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Adresã de email: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Nu este o adresã de email validã\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Comentariu: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Caracter invalid în comentariu\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Folosiþi setul de caractere `%s'\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Aþi selectat acest ID-UTILIZATOR:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "Vã rugãm nu puneþi adresa de email în numele real sau comentariu\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcEeOoTt"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Schimbã (N)ume, (C)omentariu, (E)mail sau (T)Terminã? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Schimbã (N)ume, (C)omentariu, (E)mail sau (O)K/(T)Terminã? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Vã rugãm corectaþi mai întâi eroarea\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Aveþi nevoie de o frazã-parolã pentru a vã proteja cheia secretã.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+"Vã rugãm introduceþi fraza-parolã; aceasta este o propoziþie secretã \n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Nu aveþi nevoie de o frazã-parolã - aceasta este probabil o idee *proastã*!\n"
+"O sã o fac oricum. Puteþi schimba fraza-parolã oricând, folosind acest\n"
+"program cu opþiunea \"--edit-key\".\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Trebuie sã generãm o grãmadã de octeþi aleatori. Este o idee bunã sã faceþi\n"
+"altceva (tastaþi la tastaturã, miºcaþi mausul, utilizaþi discurile)\n"
+"în timpul generãrii numerelor prime; aceasta dã o ºansã generatorului de\n"
+"numere aleatoare o ºansã mai bunã de a aduna destulã entropie.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Generarea cheii a fost anulatã.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "scriu cheia publicã în `%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "scriu talonul (stub) cheii secrete în `%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "scriu cheia secretã în `%s'\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "nu am gãsit nici un inel de chei public de scris: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "nu am gãsit nici un inel de chei secret de scris: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "eroare la scrierea inelului de chei public `%s': %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "eroare la scrierea inelului de chei secret `%s': %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "cheile secretã ºi publicã au fost create ºi semnate.\n"
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"De notat cã aceastã cheie nu poate fi folositã pentru cifrare. Poate "
+"doriþi\n"
+"sã folosiþi comanda \"--edit-key\" pentru a genera o subcheie secundarã\n"
+"pentru acest scop.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Generarea cheii a eºuat: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"cheia a fost creatã %lu secundã în viitor (warp în timp sau probleme cu "
+"ceasul)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"cheia a fost creatã %lu secunde în viitor (warp în timp sau probleme cu "
+"ceasul)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "NOTÃ: crearea de subchei pentru chei v3 nu este conform OpenPGP\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "Creaþi într-adevãr? (d/N) "
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "stocarea cheii pe card a eºuat: %s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "nu pot crea fiºier de rezervã `%s': %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "NOTÃ: copia de siguranþa a cheii cardului salvatã la `%s'\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "niciodatã "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Politicã de semnãturi criticã: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Politicã de semnãturi: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr "Server de chei preferat critic: "
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Notare semnãturã criticã: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Notare semnãturã: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Inel de chei"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Amprentã cheie primarã:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Amprentã subcheie:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Amprentã cheie primarã:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Amprentã subcheie:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr " Amprentã cheie ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr " Card nr. serie ="
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "redenumirea `%s' ca `%s' a eºuat: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "AVERTISMENT: existã 2 fiºiere cu informaþii confidenþiale.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s este cel neschimbat\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s este cel nou\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Vã rugãm reparaþi aceastã deficienþã posibilã de securitate\n"
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "pun în cache inelul de chei `%s'\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu chei puse în cache pânã acum (%lu semnãturi)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu chei puse în cache (%lu semnãturi)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: inelul de chei creat\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "Introduceþi URL-ul serverului de chei preferat: "
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"AVERTISMENT: opþiunile serverului de chei `%s' nu sunt folosite pe aceastã "
+"platformã\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "deactivat(ã)"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "Introduceþi numãr/numere, N)ext (urmãtor), sau Q)uit (terminã) > "
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "protocol server de chei invalid (us %d!=handler %d)\n"
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "cheia \"%s\" nu a fost gãsitã pe serverul de chei\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "cheia nu a fost gãsitã pe serverul de chei\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "cer cheia %s de la serverul %s %s\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "cer cheia %s de la %s\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "caut \"%s\" de pe serverul %s %s\n"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "caut \"%s\" de pe %s\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "trimit cheia %s serverului %s %s\n"
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "trimit cheia %s lui %s\n"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "caut \"%s\" de pe serverul %s %s\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "caut \"%s\" de pe %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr "nici o acþiune pentru serverul de chei!\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+"AVERTISMENT: manipulator server de chei dintr-o versiune diferitã de GnuPG (%"
+"s)\n"
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "serverul de chei nu a trimis VERSION (versiune)\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "nici un server de chei cunoscut (folosiþi opþiunea --keyserver)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+"apeluri cãtre server de chei extern nu este suportat de acest program\n"
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "nici un manipulator (handler) pentru schema serverului de chei `%s'\n"
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr "acþiunea `%s' nu este suportatã cu schema serverului de chei `%s'\n"
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "%s nu suportã versiunea de manipulator (handler) %d\n"
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "serverul de chei a epuizat timpul de aºteptare (timed out)\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "eroare internã server de chei\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "eroare de comunicare server de chei: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "\"%s\" nu este un ID de cheie: sãrit\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "AVERTISMENT: nu pot reactualiza cheia %s via %s: %s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "reactualizez 1 cheie de la %s\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "reactualizez %d chei de la %s\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "AVERTISMENT: nu pot reactualiza cheia %s via %s: %s\n"
+
+#: g10/keyserver.c:1993
+#, fuzzy, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "AVERTISMENT: nu pot reactualiza cheia %s via %s: %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "dimensiune ciudatã pentru o cheie de sesiune cifratã (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s cheie de sesiune cifratã\n"
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "fraza-parolã generatã cu un algoritm rezumat necunoscut %d\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "cheia publicã este %s\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "date cigrate cu cheie publicã: DEK bun\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "cifrat cu cheia %u-bit %s, ID %s, creatã %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " \"%s\"\n"
+
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "cifrat cu cheia %s, ID %s\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "decriptarea cu cheie publicã a eºuat: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "cifratã cu %lu fraze-parolã\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "cifratã cu 1 frazã-parolã\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "presupunem date cifrate %s\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "cifru IDEA indisponibil, vom încerca sã folosim %s în loc\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "decriptare OK\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "AVERTISMENT: mesajul nu a avut integritatea protejatã\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "AVERTISMENT: mesajul cifrat a fost manipulat!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "decriptarea a eºuat: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "NOTÃ: expeditorul a cerut \"doar-pentru-ochii-d-voastrã\"\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "nume fiºier original='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "revocare standalone - folosiþi \"gpg --import\" pentru a aplica\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "Semnãturã bunã din \"%s\""
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "verificare semnãturã eliminatã\n"
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "nu pot mânui aceste semnãturi multiple\n"
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "Semnãturã fãcutã %s\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " folosind cheia %s %s\n"
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Semnãturã fãcutã %s folosind cheia %s cu ID %s\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Cheie disponibilã la: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "Semnãturã INCORECTÃ din \"%s\""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Semnãturã expiratã din \"%s\""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "Semnãturã bunã din \"%s\""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[nesigur]"
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " aka \"%s\""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Semnãturã expiratã %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Semnãtura expirã %s\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "semnãturã %s, algoritm rezumat %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "binar"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "modtext"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "necunoscut"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Nu pot verifica semnãtura: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "nu o semnãturã detaºatã\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"AVERTISMENT: am detectat multiple semnãturi. Numai prima va fi verificatã.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "semnãturã de sine stãtãtoare (standalone) de clasã 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "semnãturã de stil vechi (PGP 2.x)\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "pachet root invalid detectat în proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "fstat pentru `%s' a eºuat în %s: %s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "fstat(%d) a eºuat în %s: %s\n"
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "AVERTISMENT: folosesc algoritmul cu cheie publicã experimental %s\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "AVERTISMENT: algoritmul rezumat %s este prea vechi (deprecated)\n"
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "AVERTISMENT: folosesc algoritmul de cifrare experimental %s\n"
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "AVERTISMENT: folosesc algoritmul rezumat experimental %s\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "AVERTISMENT: algoritmul rezumat %s este prea vechi (deprecated)\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "plugin-ul pentru cifrare IDEA nu este prezent\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr " i = aratã-mi mai multe informaþii\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: opþiune învechitã \"%s\"\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "AVERTISMENT: \"%s\" este o opþiune învechitã\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "vã rugãm folosiþi \"%s%s\" în loc\n"
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "AVERTISMENT: \"%s\" este o comandã învechitã - nu o folosiþi\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "AVERTISMENT: \"%s\" este o opþiune învechitã\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "Necompresat"
+
+#
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr "necompresat|niciunul"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "acest mesaj s-ar putea sã nu poatã fi folosit de %s\n"
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "opþiune ambiguã `%s'\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "opþiune necunoscutã `%s'\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Fiºierul `%s' existã. "
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "Suprascriu? (d/N) "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: sufix necunoscut\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Introduceþi un nou nume-fiºier"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "scriu la stdout\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "presupun date semnate în `%s'\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "fiºier de configurare nou `%s' creat\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+"AVERTISMENT: opþiunile din %s nu sunt încã active în timpul acestei rulãri\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "nu pot mânui algoritmul cu cheie publicã %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+"AVERTISMENT: cheie de sesiune cifratã simetric potenþial nesigurã "
+"(insecure)\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "subpachetul de tip %d are bitul critic setat\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, fuzzy, c-format
+msgid "problem with the agent: %s\n"
+msgstr "problemã cu agentul: agentul returneazã 0x%lx\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (ID cheie principalã %s)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Aveþi nevoie de o frazã-parolã pentru a descuia cheia secretã pt. "
+"utilizator:\n"
+"\"%.*s\"\n"
+"cheia %u-bit %s, ID %s, creatã %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Introduceþi fraza-parolã\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "anulatã de utilizator\n"
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"Aveþi nevoie de o frazã-parolã pentru a descuia cheia secretã pentru\n"
+"utilizator: \"%s\"\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "cheia %u-bit %s, ID %s, creatã %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (subcheie pe cheia principalã ID %s)"
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Alegeþi o imagine pentru a o folosi ca pozã ID. Imaginea trebuie sã fie un\n"
+"fiºier JPEG. Amintiþi-vã cã imaginea este pãstratã în cheia d-voastrã "
+"publicã.\n"
+"Dacã folosiþi o imagine foarte largã, cheia d-voastrã va deveni de asemenea\n"
+"foarte largã!\n"
+"Încercaþi sã folosiþi o imagine de aproximativ 240x288 pixeli.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Introduceþi nume-fiºier JPEG pentru pozã ID: "
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "nu pot deschide fiºierul JPEG `%s': %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "Acest JPEG este foarte mare (%d octeþi) !\n"
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Sunteþi sigur(ã) cã doriþi sã îl folosiþi? (d/N) "
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "`%s' nu este un fiºier JPEG\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Este aceastã pozã corectã (d/N/t)? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "nu pot afiºa poza ID!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Nici un motiv specificat"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Cheia este înlocuitã"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Cheia a fost compromisã"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Cheia nu mai este folositã"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "ID utilizator nu mai este valid"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "motiv pentru revocare: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "comentariu revocare: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMtTsS"
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "Nici o valoare de încredere atribuitã lui:\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " aka \"%s\"\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+"Cât de mult credeþi cã aceastã cheie aparþine într-adevãr utilizatorului "
+"numit?\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Nu ºtiu sau nu vreau sã mã pronunþ\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = NU am încredere\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Am încredere supremã\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " m = înapoi la meniul principal\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " s = sãri peste cheia asta\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " t = terminã\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+"Nivelul minim de încredere pentru aceastã cheie este: %s\n"
+"\n"
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Decizia d-voastrã? "
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr ""
+"Doriþi într-adevãr sã setaþi aceastã cheie cu încredere supremã? (d/N) "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certificatele ce conduc la o cheie cu încredere supremã:\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Nu existã nici o indicaþie cã aceastã cheie aparþine într-adevãr "
+"utilizatorului numit\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Nu existã nici o indicaþie cã aceastã cheie aparþine într-adevãr "
+"utilizatorului numit\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "Aceastã cheie aparþine probabil utilizatorului numit\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Aceastã cheie ne aparþine\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"NU este sigur cã cheia aparþine persoanei numite în ID-ul\n"
+"utilizator. Dacã ºtiþi *cu adevãrat* ce faceþi, puteþi\n"
+"rãspunde cu da la urmãtoarea întrebare.\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "Folosiþi oricum aceastã cheie? (d/N) "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "AVERTISMENT: Folosiþi o cheie fãrã încredere!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+"AVERTISMENT: aceastã cheie poate fi revocatã (cheia de revocare nu este "
+"prezentã)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "AVERTISMENT: Aceastã cheie a fost revocatã revocatorul desemnat!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "AVERTISMENT: Aceastã cheie a fost revocatã de proprietarul ei!\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " Aceasta ar putea însemna cã semnãtura e falsificatã.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "AVERTISMENT: Aceastã cheie a fost revocatã de proprietarul ei!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Notã: Aceastã cheie a fost deactivatã.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Notã: Aceastã cheie a expirat!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr ""
+"AVERTISMENT: Aceastã cheie nu este certificatã de o semnãturã de încredere!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" Nu existã nici o indicaþie cã semnãtura aparþine proprietarului.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "AVERTISMENT: Noi NU avem încredere în aceastã cheie!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Semnãtura este probabil un FALS.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"AVERTISMENT: Aceastã cheie nu este certificatã cu suficiente semnãturi de "
+"încredere!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Nu este sigur cã semnãtura aparþine proprietarului.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: sãritã: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: sãritã: cheia publicã este deja prezentã\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "Nu aþi specificat un ID utilizator. (puteþi folosi \"-r\")\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr "Destinatari curenþi:\n"
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Introduceþi ID-ul utilizator. Terminaþi cu o linie nouã: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Nu existã acest ID utilizator.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "sãritã: cheia publicã setatã deja ca destinatar implicit\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Cheia publicã este deactivatã.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "sãritã: cheia publicã setatã deja\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "destinatar implicit necunoscut \"%s\"\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: sãritã: cheia publicã este deactivatã\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "nici un destinatar valid\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "cheia %s nu are nici un ID utilizator\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "cheia %s nu are nici un ID utilizator\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+"datele nu au fost salvate: folosiþi opþiunea \"--output\" pentru a le salva\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Semnãturã detaºatã.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Vã rugãm introduceþi numele fiºierului de date: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "citesc stdin ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "nici o datã semnatã\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "nu pot deschide date semnate `%s'\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "nu pot deschide date semnate `%s'\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "destinator anonim; încerc cheia secretã %s ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "OK, noi suntem destinatarul anonim.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "vechea encodare a lui DEK nu este suportatã\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "algoritm cifrare %d%s este necunoscut sau deactivat\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr ""
+"AVERTISMENT: algoritm cifrare %s nu a fost gãsit în preferinþele "
+"destinatarului\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "NOTÃ: cheia secretã %s a expirat la %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "NOTÃ: cheia a fost revocatã"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet a eºuat: %s\n"
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "cheia %s nu are nici un ID utilizator\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Pentru a fi revocat de:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Aceasta este o cheie de revocare senzitivã)\n"
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Creaþi un certificat de revocare desemnat pentru aceastã cheie? (d/N) "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "Ieºire în armurã ASCII forþatã.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet a eºuat: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Certificat de revocare creat.\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "nici o cheie de revocare gãsitã pentru \"%s\"\n"
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "cheia secretã \"%s\" nu a fost gãsitã: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "nici o cheie publicã corespunzãtoare: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "cheia publicã nu se potriveºte cu cheia secretã!\n"
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Creaþi un certificat de revocare pentru aceastã cheie? (d/N) "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "algoritm de protecþie necunoscut\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "NOTÃ: Aceastã cheie nu este protejatã!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Certificat de revocare creat.\n"
+"\n"
+"Vã rugãm mutaþi-l pe un medium pe care îl puteþi ascunde; dacã cineva pune\n"
+"mâna pe acest certificat l-ar putea folosi sã vã facã cheia inutilizabilã.\n"
+"Este indicat sã tipãriþi acest certificat ºi sã-l pãstraþi undeva sigur, în\n"
+"caz cã mediumul este deteriorat. Dar fiþi atent: sistemul de tipãrire al\n"
+"maºinii d-voastrã ar putea pãstra datele ºi sã le facã accesibile altora!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Vã rugãm selectaþi motivul pentru revocare:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Renunþã"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Probabil doriþi sã selectaþi %d aici)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Introduceþi o descriere opþionalã; terminaþi cu o linie goalã:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Motiv pentru revocare: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(Nici o descriere datã)\n"
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "Este aceasta OK? (d/N) "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "pãrþi ale cheii secrete nu sunt disponibile\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "algoritm de protecþie %d%s nu este suportat\n"
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "algoritm rezumat %d nu este suportat\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Frazã-parolã invalidã; vã rugãm mai încercaþi o datã"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+"AVERTISMENT: Cheie slabã detectatã - vã rugãm schimbaþi din nou fraza-"
+"parolã.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr "generez învechitul checksum de 16-bit pentru protecþia cheii secrete\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "cheie slabã creatã - reîncerc\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr "nu pot evita cheie slabã pentru cifru simetric; am încercat %d ori!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "AVERTISMENT: conflict pentru rezumat semnãturã în mesaj\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+"AVERTISMENT: subcheia de semnare %s nu este certificatã reciproc (cross-"
+"certified)\n"
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"AVERTISMENT: subcheia de semnare %s are o certificare-reciprocã invalidã "
+"(invalid cross-certification)\n"
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "cheie publicã %s este mai nouã cu %lu secundã decât semnãtura\n"
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "cheie publicã %s este mai nouã cu %lu secunde decât semnãtura\n"
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"cheia %s a fost creatã %lu secundã în viitor (warp în timp sau probleme cu "
+"ceasul)\n"
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"cheia %s a fost creatã %lu secunde în viitor (warp în timp sau probleme cu "
+"ceasul)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "NOTÃ: cheia semnãturii %s a expirat %s\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "NOTÃ: cheia a fost revocatã"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"presupun semnãturã incorectã din cheia %s datoritã unui bit critic "
+"necunoscut\n"
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "cheia %s: nici o subcheie pentru semnãtura de revocare a subcheii\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "cheia %s: nici o subcheie pentru semnãtura legatã de subcheie\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"AVERTISMENT: nu pot %%-expanda notarea (prea mare). Folosesc neexpandat.\n"
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"AVERTISMENT: nu pot %%-expanda URL-ul de politici (prea mare). Îl folosesc "
+"neexpandat.\n"
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"AVERTISMENT: nu pot %%-expanda URL-ul serverului de chei (prea mare). Îl "
+"folosesc neexpandat.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "verificarea semnãturii create a eºuat: %s\n"
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s semnãturã de la: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "puteþi semna-dataºat cu chei stil PGP 2.x numai în modul --pgp2\n"
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"AVERTISMENT: forþarea algoritmului rezumat %s (%d) violeazã preferinþele "
+"destinatarului\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "semnare:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "puteþi semna-în-clar cu chei stil PGP 2.x în modul --pgp2\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "va fi folositã cifrarea %s\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr "cheia nu este marcatã ca sigurã - nu o pot folosi cu GNA falsificat!\n"
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "sãritã \"%s\": duplicatã\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "sãritã \"%s\": %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "sãritã: cheia secretã deja prezentã\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"aceasta este o cheie ElGamal generatã de PGP care nu e sigurã pentru "
+"semnãturi!"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "înregistrare încredere %lu, tip %d: scrierea a eºuat: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Listã cu valori de încredere atribuite, creatã %s\n"
+"# (Folosiþi \"gpg --import-ownertrust\" pentru a le reface)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "eroare în `%s': %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "linie prea lungã"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr "caracter : lipsã"
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "amprentã invalidã"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "lipseºte valorea încrederii în proprietari (ownertrust)"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "eroare gãsire înregistrare încredere în `%s': %s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "eroare citire în `%s': %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "trustdb: sincronizarea a eºuat: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "trustdb rec %lu: lseek a eºuat: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "trustdb rec %lu: scrierea a eºuat (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "tranzacþia trustdb prea mare\n"
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "nu pot accesa `%s': %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: directorul nu existã!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "nu pot crea încuietoare (lock) pentru `%s'\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "nu pot încuia (lock) `%s'\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: am eºuat sã creez înregistrare versiune: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: a fost creat trustdb invalid\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: a fost creat trustdb\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "NOTÃ: nu poate fi scris în trustdb\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: trustdb invalid\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: am eºuat sã creez hashtable: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: eroare actualizare înregistrare versiune: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: eroare citire înregistrare versiune: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: eroare scriere înregistrare versiune: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "trustdb: lseek a eºuat: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "trustdb: citirea a eºuat (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: nu e un fiºier trustdb\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: înregistrare versiune cu recnum %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: versiune fiºier invalidã %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: eroare citire înregistrare liberã: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: eroare scriere înregistrare dir: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: eroare setere la zero a înregistrãrii: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: adãugarea unei înregistrãri a eºuat: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: a fost creat trustdb\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "nu pot mânui linii de text mai lungi de %d caractere\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "linii de intrare mai lungi de %d caractere\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "`%s' nu este un ID-cheie de lungime validã\n"
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "cheia %s: acceptatã ca cheie de încredere\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "cheia %s apare de mai multe ori în trustdb\n"
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "cheia %s: nici o cheie publicã pentru cheia de încredere - sãritã\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "cheia %s marcatã ca având încredere supremã\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "înregistrare încredere %lu, tip req %d: citirea a eºuat: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "înregistrare încredere %lu nu este de tipul cerut %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+"nu pot folosi model de încredere (%d) - presupun model de încredere %s\n"
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr "folosesc model de încredere %s\n"
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr "10 traducãtor vezi trustdb.c:uid_trust_string_fixed"
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr "[revocatã]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr "[expiratã] "
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr "[necunoscutã]"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr "[ nedef ]"
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr "[marginal]"
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr "[ deplinã]"
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr "[ supremã]"
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr "nedefinitã"
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr "niciodatã"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr "marginal"
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr "deplinã"
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr "supremã"
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "nu e nevoie de o verificare trustdb\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "urmãtoarea verificare trustdb programatã pe %s\n"
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "nu e nevoie de o verificare trustdb cu modelul de încredere `%s'\n"
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "nu e nevoie de o actualizare trustdb cu modelul de încredere `%s'\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "cheia publicã %s nu a fost gãsitã: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "vã rugãm faceþi un --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "verific trustdb\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d chei procesate (%d numãrãtori valide anulate)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "nu am gãsit nici o cheie cu încredere supremã\n"
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "cheia publicã a cheii cu încredere supremã %s nu a fost gãsitã\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+"%d marginal(e) necesare, %d complet(e) necesare, model de încredere %s\n"
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+"adânc: %d valid: %3d semnat: %3d încredere: %d-, %dq, %dn, %dm, %df, %du\n"
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr ""
+"nu pot actualiza înregistrare versiunii trustdb: scrierea a eºuat: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"semnãtura nu a putut fi verificatã.\n"
+"Vã rugãm amintiþi-vã cã fiºierul de semnãturã (.sig sau .asc)\n"
+"ar trebui sã fie primul dat în linia de comandã.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "linia de intrare %u prea lungã sau lipseºte LF\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "nu pot deschide `%s': %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "Nu sunt permise comenzi administrare\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "eroare citire fiºier"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "linie prea lungã"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "argument invalid"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "Comandã numai-administrare\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "opþiuni enumerare invalide\n"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "neforþat(ã)"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "opþiuni enumerare invalide\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "Comandã invalidã (încercaþi \"ajutor\")\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "neforþat(ã)"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "opþiuni enumerare invalide\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "aþi gãsit un bug ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "eroare la citire `%s': %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "nu pot deschide fiºierul: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "redenumirea `%s' ca `%s' a eºuat: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "nu pot crea directorul `%s': %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "eroare la scrierea inelului de chei `%s': %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "scriu cheia secretã în `%s'\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "cheia publicã %s nu a fost gãsitã: %s\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "scriu cheia secretã în `%s'\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Folosire: gpg [opþiuni] [fiºiere] (-h pentru ajutor)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "modulus-ul RSA lipseºte sau nu are %d biþi\n"
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, fuzzy, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "exponentul public RSA lipseºte sau are mai mult de %d biþi\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "apelul PIN a returnat eroare: %s\n"
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "||Vã rugãm introduceþi PIN%%0A[semnãturi fãcute: %lu]"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "||Vã rugãm introduceþi PIN%%0A[semnãturi fãcute: %lu]"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "||Vã rugãm introduceþi PIN%%0A[semnãturi fãcute: %lu]"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "||Vã rugãm introduceþi PIN%%0A[semnãturi fãcute: %lu]"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "eroare la obþinere noului PIN: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "am eºuat sã stochez amprenta: %s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "am eºuat sã stochez data creãrii: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "citirea cheii publice a eºuat: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "rãspunsul nu conþine datele cheii publice\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "rãspunsul nu conþine modulul RSA\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "rãspunsul nu conþine exponentul public RSA\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||Vã rugãm introduceþi PIN%%0A[semnãturi fãcute: %lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "||Vã rugãm introduceþi PIN%%0A[semnãturi fãcute: %lu]"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "PIN-ul pentru CHV%d este prea scurt; lungimea minimã este %d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "verificarea CHV%d a eºuat: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "eroare la recuperarea stãrii CHV de pe card\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "cardul este încuiat permanent!\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr "%d încercãri PIN Admin rãmase înainte de a încuia cardul permanent\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "||Vã rugãm introduceþi PIN%%0A[semnãturi fãcute: %lu]"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "||Vã rugãm introduceþi PIN%%0A[semnãturi fãcute: %lu]"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "accesul la comenzile de administrare nu este configuratã\n"
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "||Vã rugãm introduceþi PIN%%0A[semnãturi fãcute: %lu]"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, fuzzy, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "PIN-ul pentru CHV%d este prea scurt; lungimea minimã este %d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr "|AN|PIN Admin Nou"
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr "|N|PIN Nou"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "eroare la citirea datelor aplicaþiei\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "eroare la citirea amprentei DO\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "cheia existã deja\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "cheia existentã va fi înlocuitã\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "generez o nouã cheie\n"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "generez o nouã cheie\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr "timestamp-ul de creare lipseºte\n"
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr "prime-ul RSA %s lipseºte sau nu are %d biþi\n"
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "am eºuat sã stochez cheia: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "vã rugãm aºteptaþi câtã vreme este creatã noua cheie ...\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "generarea cheii a eºuat\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "generarea cheii este completã (%d secunde)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "structurã invalidã a cardului OpenPGP (DO 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "semnãturã %s, algoritm rezumat %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "semnãturi create pânã acum: %lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+"verificarea PIN-ului Admin este deocamdatã interzisã prin aceastã comandã\n"
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "nu pot accesa %s - card OpenPGP invalid?\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+#, fuzzy
+msgid "|N|Initial New PIN"
+msgstr "|N|PIN Nou"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "|FIªIER|încarcã modulul extensie FIªIER"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+#, fuzzy
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NUME|foloseºte NUME ca destinatar implicit"
+
+#: scd/scdaemon.c:130
+#, fuzzy
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NUME|foloseºte NUME ca destinatar implicit"
+
+#: scd/scdaemon.c:133
+#, fuzzy
+msgid "do not use the internal CCID driver"
+msgstr "nu folosi deloc terminalul"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "aratã comenzi administrare"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Folosire: gpg [opþiuni] [fiºiere] (-h pentru ajutor)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "caracter radix64 invalid %02X sãrit\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+#, fuzzy
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "variabila de mediu GPG_AGENT_INFO anormalã\n"
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "gpg-agent versiune protocol %d nu este suportat\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "ajutor"
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "gpg-agent versiune protocol %d nu este suportat\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "Nu pot deschide `%s': %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "exportul cheilor secrete nu este permis\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "eroare la obþinerea numãrului serial: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "citirea cheii publice a eºuat: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "am eºuat sã stochez cheia: %s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "NOTÃ: cheia a fost revocatã"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "verificarea semnãturii create a eºuat: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr ""
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "exportul cheilor secrete nu este permis\n"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "Aceastã cheie a expirat!"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "Aceastã cheie a expirat!"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "Aceastã cheie a expirat!"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "Aceastã cheie a expirat!"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr "semnãturi create pânã acum: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "Certificat de revocare creat.\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "certificat incorect"
+
+#: sm/certchain.c:1114
+#, fuzzy
+msgid " ( issuer valid from "
+msgstr " Card nr. serie ="
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "Amprenta CA: "
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "genereazã un certificat de revocare"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "verificarea semnãturii create a eºuat: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr ""
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "verificã o semnãturã"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "preferinþa `%s' duplicatã\n"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "Certificat de revocare creat.\n"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr "certificat incorect"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "nu"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "Eroare: rãspuns invalid.\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "Eroare: rãspuns invalid.\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Aveþi nevoie de o frazã-parolã pentru a descuia cheia secretã pt. "
+"utilizator:\n"
+"\"%.*s\"\n"
+"cheia %u-bit %s, ID %s, creatã %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "eroare la obþinerea informaþiei pentru cheia curentã: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "algoritm hash invalid `%s'\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Nu este o adresã de email validã\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "eroare la crearea inelului de chei `%s': %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "eroare la crearea inelului de chei `%s': %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "Generarea cheii a eºuat: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (numai semnare)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (2) Cheie de cifrare\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Notare semnãturã: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "Nici o subcheie cu indicele %d\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: eroare citire înregistrare liberã: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "eroare la obþinerea numãrului serial: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "deactiveazã cheia"
+
+#: sm/certreqgen-ui.c:276
+#, fuzzy, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "Acþiuni posibile pentru o cheie %s: "
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) RSA (semnare ºi cifrare)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (numai semnare)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (numai cifrare)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+#, fuzzy
+msgid "No subject name given\n"
+msgstr "(Nici o descriere datã)\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "algoritm hash invalid `%s'\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "Adresã de email: "
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"Introduceþi ID-ul utilizator. Terminaþi cu o linie nouã: "
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "Introduceþi un nou nume-fiºier"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr "Introduceþi o descriere opþionalã; terminaþi cu o linie goalã:\n"
+
+#: sm/certreqgen-ui.c:344
+#, fuzzy
+msgid "Enter URIs"
+msgstr "Introduceþi PIN: "
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "cheia secretã \"%s\" nu a fost gãsitã: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "eroare la citire keyblock: %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "Certificat de revocare creat.\n"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "preferinþa `%s' duplicatã\n"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "stergere keyblock a eºuat: %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "(Nici o descriere datã)\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "enumerã chei secrete"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "certificat incorect"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "certificat incorect"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "certificat incorect"
+
+#: sm/gpgsm.c:209
+#, fuzzy
+msgid "register a smartcard"
+msgstr "adaugã o cheie la un smartcard"
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "creazã ieºire în armurã ascii"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "nu folosi deloc terminalul"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "|FIªIER|încarcã modulul extensie FIªIER"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "modul batch: nu întreba niciodatã"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "presupune da la cele mai multe întrebãri"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "presupune nu la cele mai multe întrebãri"
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "adaugã acest inel de chei la lista inelelor de chei"
+
+#: sm/gpgsm.c:301
+#, fuzzy
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|NUME|foloseºte NUME ca cheie secretã implicitã"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|HOST|foloseºte acest server de chei pentru a cãuta chei"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NUME|foloseºte algoritm cifrare NUME"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NUME|foloseºte algoritm rezumat mesaj NUME"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Folosire: gpg [opþiuni] [fiºiere] (-h pentru ajutor)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sintaxã: gpg [opþiuni] [fiºiere]\n"
+"sign, check, encrypt sau decrypt\n"
+"operaþiunea implicitã depinde de datele de intrare\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "folosire: gpg [opþiuni] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "nu mã pot conecta la `%s': %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "opþiune necunoscutã `%s'\n"
+
+#: sm/gpgsm.c:801
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(Nici o descriere datã)\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = sãri peste cheia asta\n"
+
+#
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "nu am putut interpreta URL-ul serverului de chei\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "nu pot accesa `%s': %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr "Numãr total procesate: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "genereazã un certificat de revocare"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "am eºuat sã stochez cheia: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "eroare la obþinere noului PIN: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "eroare la obþinerea numãrului serial: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "eroare la citire `%s': %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "eroare la crearea inelului de chei `%s': %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "inelul de chei `%s' creat\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "am eºuat sã stochez amprenta: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "eroare la obþinerea numãrului serial: %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "eroare la obþinerea numãrului serial: %s\n"
+
+#: sm/keydb.c:1408
+#, fuzzy, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "rev? probleme la verificare revocãrii: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "eroare la citire `%s': %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "Eroare: amprentã formatatã invalid.\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "algoritm de protecþie %d%s nu este suportat\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "verificarea semnãturii create a eºuat: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "Semnãturã fãcutã %s\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "eroare la obþinerea numãrului serial: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "Semnãturã bunã din \"%s\""
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " aka \"%s\""
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr "Aceasta va fi o auto-semnãturã.\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "terminã"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|FIªIER|încarcã modulul extensie FIªIER"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Folosire: gpg [opþiuni] [fiºiere] (-h pentru ajutor)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "citirea cheii publice a eºuat: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "linie prea lungã"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "opþiune necunoscutã `%s'\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "semnarea a eºuat: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "eroare trimitere la `%s': %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "eroare trimitere la `%s': %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|foloseºte modul frazã-parolã N"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "eroare la crearea frazei-parolã: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NUME|foloseºte NUME ca cheie secretã implicitã"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NUME|cifrare pentru NUME"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "nu am putut interpreta URL-ul serverului de chei\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+#, fuzzy
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NUME|foloseºte algoritm cifrare NUME pentru fraza-parolã"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "articol configurare necunoscut `%s'\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "articol configurare necunoscut `%s'\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "foloseºte ca fiºier ieºire"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Folosire: gpg [opþiuni] [fiºiere] (-h pentru ajutor)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "folosire: gpg [opþiuni] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "cheia publicã nu a fost gãsitã"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "Nu sunt permise comenzi administrare\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Comenzi:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "decriptare OK\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "decriptare OK\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [nume_fiºier]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Folosire: gpg [opþiuni] [fiºiere] (-h pentru ajutor)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s nu este permis cu %s!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "fstat pentru `%s' a eºuat în %s: %s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "nu pot crea directorul `%s': %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, fuzzy, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "nu pot deschide %s: %s\n"
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "eroare la scrierea inelului de chei `%s': %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "eroare la citire `%s': %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "eroare în `%s': %s\n"
+
+#: tools/symcryptrun.c:488
+#, fuzzy
+msgid "no --program option provided\n"
+msgstr "nu este suportatã execuþia nici unui program la distanþã\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "nu pot crea `%s': %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "nu pot crea `%s': %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "actualizarea a eºuat: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "stergere keyblock a eºuat: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "actualizarea a eºuat: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "actualizarea a eºuat: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "actualizarea a eºuat: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "nu pot deschide fiºierul: %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "nu pot crea fiºier de rezervã `%s': %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "algoritm rezumat %d nu este suportat\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Folosire: gpg [opþiuni] [fiºiere] (-h pentru ajutor)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Comandã> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr "trustdb este coruptã; rulaþi \"gpg --fix-trustdb\".\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr "Raportaþi bug-uri la <gnupg-bugs@gnu.org>.\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr "Raportaþi bug-uri la <gnupg-bugs@gnu.org>.\n"
+
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "Perechea de chei DSA va avea %u biþi.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Repetaþi fraza-parolã\n"
+
+#, fuzzy
+#~ msgid "||Please enter your PIN at the reader's keypad%%0A[sigs done: %lu]"
+#~ msgstr "||Vã rugãm introduceþi PIN%%0A[semnãturi fãcute: %lu]"
+
+#~ msgid "|A|Admin PIN"
+#~ msgstr "|A|PIN Admin"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "citesc opþiuni din `%s'\n"
+
+#~ msgid "generate PGP 2.x compatible messages"
+#~ msgstr "genereazã mesaje compatibile cu PGP 2.x"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[fiºier]|creazã o semnãturã"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[fiºier]|creazã o semnãturã text în clar"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|NUME|foloseºte NUME ca destinatar implicit"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "foloseºte cheia implicitã ca destinatar implicit"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "forþeazã semnãturi v3"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "foloseºte întotdeauna un MDC pentru cifrare"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "adaugã acest inel de chei secret la listã"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|NUME|seteazã charset-ul pentru terminal ca NUME"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|FIªIER|încarcã modulul extensie FIªIER"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|foloseºte algoritm compresie N"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "ºterge chei de pe inelul de chei public"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Este sarcina d-voastrã sã atribuiþi o valoare aici; aceastã valoare\n"
+#~ "nu va fi niciodatã exportatã pentru o terþã parte. Trebuie sã\n"
+#~ "implementãm reþeaua-de-încredere; aceasta nu are nimic în comun cu\n"
+#~ "certificatele-de-reþea (create implicit)."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Pentru a construi Reþeaua-de-Încredere, GnuPG trebuie sã ºtie care chei\n"
+#~ "au nivel de încredere suprem - acestea de obicei sunt cheile pentru care\n"
+#~ "aveþi acces la cheia secretã. Rãspundeþi \"da\" pentru a seta\n"
+#~ "aceastã cheie cu nivel de încredere suprem\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Dacã doriþi oricum sã folosiþi aceastã cheie fãrã încredere, rãspundeþi "
+#~ "\"da\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr "Introduceþi ID-ul utilizator al destinatarului mesajului."
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the Digital Signature Algorithm and can only be used\n"
+#~ "for signatures.\n"
+#~ "\n"
+#~ "Elgamal is an encrypt-only algorithm.\n"
+#~ "\n"
+#~ "RSA may be used for signatures or encryption.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of signing."
+#~ msgstr ""
+#~ "Selectaþi algoritmul de folosit.\n"
+#~ "\n"
+#~ "DSA (aka DSS) este Digital Signature Algorithm ºi poate fi folosit numai\n"
+#~ "pentru semnãturi.\n"
+#~ "\n"
+#~ "Elgamal este un algoritm numai pentru cifrare.\n"
+#~ "\n"
+#~ "RSA poate fi folosit pentru semnãturi sau cifrare.\n"
+#~ "\n"
+#~ "Prima cheie (primarã) trebuie sã fie întotdeauna o cheie cu care se poate "
+#~ "semna."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "În general nu este o idee bunã sã folosiþi aceeaºi cheie ºi pentru\n"
+#~ "semnare ºi pentru cifrare. Acest algoritm ar trebui folosit numai\n"
+#~ "în anumite domenii. Vã rugãm consultaþi mai întâi un expert în domeniu."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Introduceþi lungimea cheii"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Rãspundeþi \"da\" sau \"nu\""
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Introduceþi valoarea cerutã precum a arãtat la prompt.\n"
+#~ "Este posibil sã introduceþi o datã ISO (AAAA-LL-ZZ) dar nu veþi\n"
+#~ "obþine un rãspuns de eroare bun - în loc sistemul încearcã sã\n"
+#~ "interpreteze valoare datã ca un interval."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Introduceþi numele deþinãtorului cheii"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr "vã rugãm introduceþi o adresã de email (opþionalã dar recomandatã)"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Vã rugãm introduceþi un comentriu opþional"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N pentru a schimba numele.\n"
+#~ "C pentru a schimba comentariul.\n"
+#~ "E pentru a schimba adresa de email.\n"
+#~ "O pentru a continua cu generarea cheii.\n"
+#~ "T pentru a termina generarea cheii."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr ""
+#~ "Rãspundeþi \"da\" (sau numai \"d\") dacã sunteþi OK sã generaþi subcheia."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Când semnaþi un ID utilizator pe o cheie ar trebui sã verificaþi mai "
+#~ "întâi\n"
+#~ "cã cheia aparþine persoanei numite în ID-ul utilizator. Este util ºi "
+#~ "altora\n"
+#~ "sã ºtie cât de atent aþi verificat acest lucru.\n"
+#~ "\n"
+#~ "\"0\" înseamnã cã nu pretindeþi nimic despre cât de atent aþi verificat "
+#~ "cheia\n"
+#~ "\"1\" înseamnã cã credeþi cã cheia este a persoanei ce pretinde cã este\n"
+#~ " proprietarul ei, dar n-aþi putut, sau nu aþi verificat deloc cheia.\n"
+#~ " Aceasta este utilã pentru verificare \"persona\", unde semnaþi cheia\n"
+#~ " unui utilizator pseudonim.\n"
+#~ "\n"
+#~ "\"2\" înseamnã cã aþi fãcut o verificare supericialã a cheii. De "
+#~ "exemplu,\n"
+#~ " aceasta ar putea însemna cã aþi verificat amprenta cheii ºi aþi "
+#~ "verificat\n"
+#~ " ID-ul utilizator de pe cheie cu un ID cu pozã.\n"
+#~ "\n"
+#~ "\"3\" înseamnã cã aþi fãcut o verificare extensivã a cheii. De exemplu,\n"
+#~ " aceasta ar putea însemna cã aþi verificat amprenta cheii cu "
+#~ "proprietarul\n"
+#~ " cheii în persoanã, cã aþi verificat folosind un document dificil de\n"
+#~ " falsificat cu pozã (cum ar fi un paºaport) cã numele proprietarului "
+#~ "cheii\n"
+#~ " este acelaºi cu numele ID-ului utilizator al cheii ºi cã aþi "
+#~ "verificat\n"
+#~ " (schimbând emailuri) cã adresa de email de pe cheie aparþine "
+#~ "proprietarului\n"
+#~ "cheii.\n"
+#~ "\n"
+#~ "De notat cã exemplele date pentru nivelele 2 ºi 3 ceva mai sus sunt "
+#~ "*numai*\n"
+#~ "exemple. La urma urmei, d-voastrã decideþi ce înseamnã \"superficial\" "
+#~ "ºi\n"
+#~ "\"extensiv\" pentru d-voastrã când semnaþi alte chei.\n"
+#~ "\n"
+#~ "Dacã nu ºtiþi care este rãspunsul, rãspundeþi \"0\"."
+
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "Rãspundeþi \"da\" dacã doriþi sã semnaþi TOATE ID-urile utilizator"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Rãspundeþi \"da\" dacã într-adevãr doriþi sã ºtergeþi acest ID "
+#~ "utilizator.\n"
+#~ "Toate certificatele sunt de asemenea pierdute!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Rãspundeþi \"da\" dacã este OK sã ºtergeþi subcheia"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Aceasta este o semnãturã validã pe cheie; în mod normal n-ar trebui\n"
+#~ "sã ºtergeþi aceastã semnãturã pentru cã aceasta ar putea fi importantãla "
+#~ "stabilirea conexiunii de încredere la cheie sau altã cheie certificatã\n"
+#~ "de aceastã cheie."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Aceastã semnãturã nu poate fi verificatã pentru cã nu aveþi cheia\n"
+#~ "corespunzãtoare. Ar trebui sã amânaþi ºtergerea sa pânã ºtiþi care\n"
+#~ "cheie a fost folositã pentru cã aceastã cheie de semnare ar putea\n"
+#~ "constitui o conexiune de încredere spre o altã cheie deja certificatã."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr ""
+#~ "Semnãtura nu este validã. Aceasta ar trebui ºtearsã de pe inelul\n"
+#~ "d-voastrã de chei."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Aceasta este o semnãturã care leagã ID-ul utilizator de cheie.\n"
+#~ "De obicei nu este o idee bunã sã ºtergeþi o asemenea semnãturã.\n"
+#~ "De fapt, GnuPG ar putea sã nu mai poatã folosi aceastã cheie.\n"
+#~ "Aºa cã faceþi acest lucru numai dacã aceastã auto-semnãturã este\n"
+#~ "dintr-o oarecare cauzã invalidã ºi o a doua este disponibilã."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Schimbaþi toate preferinþele ale tuturor ID-urilor utilizator (sau doar\n"
+#~ "cele selectate) conform cu lista curentã de preferinþe. Timestamp-urile\n"
+#~ "tuturor auto-semnãturilor afectate vor fi avansate cu o secundã.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr ""
+#~ "Vã rugãm introduceþi fraza-parolã; aceasta este o propoziþie secretã \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr ""
+#~ "Vã rugãm repetaþi ultima frazã-parolã, pentru a fi sigur(ã) ce aþi tastat."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Daþi numele fiºierului la care se aplicã semnãtura"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Rãspundeþi \"da\" dacã este OK sã suprascrieþi fiºierul"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Vã rugãm introduceþi un nou nume-fiºier. Dacã doar apãsaþi RETURN,\n"
+#~ "va fi folosit fiºierul implicit (arãtat în paranteze)."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Ar trebui sã specificaþi un motiv pentru certificare. În funcþie de\n"
+#~ "context aveþi posibilitatea sã alegeþi din aceastã listã:\n"
+#~ " \"Cheia a fost compromisã\"\n"
+#~ " Folosiþi aceastã opþiune dacã aveþi un motiv sã credeþi cã "
+#~ "persoane\n"
+#~ " neautorizate au avut acces la cheia d-voastrã secretã.\n"
+#~ " \"Cheia este înlocuitã\"\n"
+#~ " Folosiþi aceastã opþiune dacã înlocuiþi cheia cu una nouã.\n"
+#~ " \"Cheia nu mai este folositã\"\n"
+#~ " Folosiþi aceastã opþiune dacã pensionaþi cheia.\n"
+#~ " \"ID-ul utilizator nu mai este valid\"\n"
+#~ " Folosiþi aceastã opþiune dacã ID-ul utilizator nu mai trebuie "
+#~ "folosit;\n"
+#~ " de obicei folositã pentru a marca o adresã de email ca invalidã.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Dacã doriþi, puteþi introduce un text descriind de ce publicaþi acest\n"
+#~ "certificat de revocare. Vã rugãm fiþi concis.\n"
+#~ "O linie goalã terminã textul.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "nu pot pune date notare în semnãturi v3 (stil PGP 2.x)\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr "nu pot pune date notare în semnãturi de chei v3 (stil PGP 2.x)\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "nu pot pune un URL de politicã în semnãturi v3 (stil PGP 2.x)\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr ""
+#~ "nu pot pune un URL de politicã în semnãturi de chei v3 (stil PGP 2.x)\n"
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "ajutor"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr ""
+#~ "vedeþi http://www.gnupg.org/faq.html pentru informaþii suplimentare\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "gpg-agent nu este disponibil în aceastã sesiune\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Vã rugãm selectaþi tipul de cheie de generat:\n"
+
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr ""
+#~ "extensie cifru `%s' nu a fost încãrcat din cauza permisiunilor nesigure "
+#~ "(unsafe)\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA necesitã folosirea unui algoritm cu hash de 160 biþi\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "problemã cu agentul - deactivez folosirea agentului\n"
+
+#
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "nu pot cere fraza-parolã în modul batch\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Introduceþi fraza-parolã: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Repetaþi fraza-parolã: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [id-utilizator] [inel_chei]"
+
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "nu pot genera un numãr prim cu pbiþi=%u qbiþi=%u\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "nu pot genera un numãr prim cu mai puþin de %d biþi\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "nu a fost gãsit nici un modul de adunare a entropiei\n"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "nu pot încuia (lock) `%s'\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "nu pot obþine statistici `%s': %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "`%s' nu este un fiºier normal - ignorat\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "notã: fiºier random_seed este gol\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr ""
+#~ "AVERTISMENT: dimensiune invalidã pentru fiºierul random_seed - nu va fi "
+#~ "folositã\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "nu pot citi `%s': %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "notã: fiºierul random_seed nu a fost actualizat\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "nu pot scrie `%s': %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "nu pot închide `%s': %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr ""
+#~ "AVERISMENT: este folosit un generator de numere aleatoare nesigur "
+#~ "(insecure)!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Generatorul de numere aleatoare este doar ceva temporar pentru\n"
+#~ "a-l face sã meargã - nu este nicidecum un GNA sigur (secure)!\n"
+#~ "\n"
+#~ "NU FOLOSIÞI NICI O DATÃ GENERATÃ DE ACEST PROGRAM!!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Vã rugãm aºteptaþi, este adunatã entropia. Faceþi ceva dacã vã ajutã sã\n"
+#~ "nu vã plictisiþi, pentru cã va îmbunãtãþi calitatea entropiei.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Nu sunt disponibili destui octeþi aleatori. Vã rugãm faceþi ceva pentru\n"
+#~ "a da sistemului de operare o ºansã de a colecta mai multã entropie\n"
+#~ "(Mai sunt necesari %d octeþi)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "cheia secretã nu e disponibilã"
+
+#~ msgid "Please insert the card and hit return or enter 'c' to cancel: "
+#~ msgstr ""
+#~ "Vã rugãm introduceþi cardul ºi apãsaþi return sau apãsaþi 'c' pentru a "
+#~ "renunþa: "
+
+#~ msgid "Hit return when ready or enter 'c' to cancel: "
+#~ msgstr "Apãsaþi return când sunteþi gata sau apãsaþi 'c' pentru a renunþa: "
+
+#~ msgid "Enter New Admin PIN: "
+#~ msgstr "Introduceþi noul PIN Admin: "
+
+#~ msgid "Enter New PIN: "
+#~ msgstr "introduceþi noul PIN: "
+
+#~ msgid "Enter Admin PIN: "
+#~ msgstr "Introduceþi PIN Admin: "
+
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "NOTÃ: %s nu este disponibil în aceastã sesiune\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "algoritmuri pentru aceste ID-uri utilizator:\n"
+
+#~ msgid "general error"
+#~ msgstr "eroare generalã"
+
+#~ msgid "unknown packet type"
+#~ msgstr "tip de pachet necunoscut"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "algoritm pubkey necunoscut"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "algoritm rezumat necunoscut"
+
+#~ msgid "bad public key"
+#~ msgstr "cheie publicã incorectã"
+
+#~ msgid "bad secret key"
+#~ msgstr "cheie secretã incorectã"
+
+#~ msgid "bad signature"
+#~ msgstr "semnãturã incorectã"
+
+#~ msgid "checksum error"
+#~ msgstr "eroare checksum"
+
+#~ msgid "unknown cipher algorithm"
+#~ msgstr "algoritm cifrare necunoscut"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "nu pot deschide inelul de chei"
+
+#~ msgid "invalid packet"
+#~ msgstr "pachet invalid"
+
+#~ msgid "invalid armor"
+#~ msgstr "armurã invalidã"
+
+#~ msgid "no such user id"
+#~ msgstr "nu existã acest id utilizator"
+
+#~ msgid "secret key not available"
+#~ msgstr "cheia secretã nu e disponibilã"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "a fost folositã o cheie secretã greºitã"
+
+#~ msgid "not supported"
+#~ msgstr "nu este suportat(ã)"
+
+#~ msgid "bad key"
+#~ msgstr "cheie incorectã"
+
+#~ msgid "file write error"
+#~ msgstr "eroare scriere fiºier"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "algoritm compresie necunoscut"
+
+#~ msgid "file open error"
+#~ msgstr "eroare deschidere fiºier"
+
+#~ msgid "file create error"
+#~ msgstr "eroare creare fiºier"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "frazã-parolã invalidã"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "algoritm pubkey neimplementat"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "algoritm cifrare neimplementat"
+
+#~ msgid "unknown signature class"
+#~ msgstr "clasã semnãturi necunoscutã"
+
+#~ msgid "trust database error"
+#~ msgstr "eroare bazã de date încredere"
+
+#~ msgid "resource limit"
+#~ msgstr "limitã resurse"
+
+#~ msgid "invalid keyring"
+#~ msgstr "inel de chei invalid"
+
+#~ msgid "malformed user id"
+#~ msgstr "id utilizator anormal"
+
+#~ msgid "file close error"
+#~ msgstr "eroare închidere fiºier"
+
+#~ msgid "file rename error"
+#~ msgstr "eroare redenumire fiºier"
+
+#~ msgid "file delete error"
+#~ msgstr "eroare ºtergere fiºier"
+
+#~ msgid "unexpected data"
+#~ msgstr "date neaºteptate"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "conflict timestamp"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "algoritm pubkey nefolosibil"
+
+#~ msgid "file exists"
+#~ msgstr "fiºierul existã"
+
+#~ msgid "weak key"
+#~ msgstr "cheie slabã"
+
+#~ msgid "bad URI"
+#~ msgstr "URI incorect"
+
+#~ msgid "unsupported URI"
+#~ msgstr "URI nesuportat"
+
+#~ msgid "network error"
+#~ msgstr "eroare reþea"
+
+#~ msgid "not processed"
+#~ msgstr "neprocesat"
+
+#~ msgid "unusable public key"
+#~ msgstr "cheie publicã de nefolosit"
+
+#~ msgid "unusable secret key"
+#~ msgstr "cheie secretã de nefolosit"
+
+#~ msgid "keyserver error"
+#~ msgstr "eroare server de chei"
+
+#~ msgid "no card"
+#~ msgstr "nici un card"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "nici o datã semnatã\n"
+
+#~ msgid "ERROR: "
+#~ msgstr "EROARE: "
+
+#~ msgid "WARNING: "
+#~ msgstr "AVERTISMENT: "
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... acesta este un bug (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "AVERTISMENT: este folositã memorie neprotejatã (insecure)!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr ""
+#~ "operaþia nu este posibilã fãrã memorie protejatã (secure) iniþializatã\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr ""
+#~ "(aþi folosit probabil un program nepotrivit pentru aceastã sarcinã)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr ""
+#~ "vedeþi http://www.gnupg.org/why-not-idea.html pentru informaþii "
+#~ "suplimentare\n"
+
+#, fuzzy
+#~ msgid "all export-clean-* options from above"
+#~ msgstr "citeºte opþiuni din fiºier"
+
+#, fuzzy
+#~ msgid "all import-clean-* options from above"
+#~ msgstr "citeºte opþiuni din fiºier"
+
+#~ msgid "expired: %s)"
+#~ msgstr "expirat: %s)"
+
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr "cheia %s: semnãturã expiratã de la cheia %s - sãritã\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "nu pot executa programul `%s': %s\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "ID-ul utilizator \"%s\" este deja revocat\n"
+
+#~ msgid "length of RSA modulus is not %d\n"
+#~ msgstr "lungimea modulului RSA nu este %d\n"
+
+#~ msgid "length of an RSA prime is not %d\n"
+#~ msgstr "lungimea unui prim RSA nu este %d\n"
+
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr "frazã=parolã greºitã sau algoritm cifrare necunoscut (%d)\n"
+
+#~ msgid "can't set client pid for the agent\n"
+#~ msgstr "nu pot seta pid-ul client pentru agent\n"
+
+#~ msgid "can't get server read FD for the agent\n"
+#~ msgstr "nu pot convinge serverul sã citeascã FD pentru agent\n"
+
+#~ msgid "can't get server write FD for the agent\n"
+#~ msgstr "nu pot convinge serverul sã scrie FD pentru agent\n"
+
+#~ msgid "invalid response from agent\n"
+#~ msgstr "rãspuns invalid de la agent\n"
+
+#~ msgid "digest algorithm `%s' is read-only in this release\n"
+#~ msgstr "algoritm rezumat `%s' este numai-citire în acestã ediþie\n"
+
+#~ msgid ""
+#~ "WARNING: digest `%s' is not part of OpenPGP. Use at your own risk!\n"
+#~ msgstr ""
+#~ "AVERTISMENT: rezumatul `%s' nu este parte din OpenPGP. Folosiþi-l pe "
+#~ "riscul dvs.!\n"
+
+#~ msgid "|[files]|encrypt files"
+#~ msgstr "|[fiºiere]|cifreazã fiºiere"
+
+#~ msgid "store only"
+#~ msgstr "doar pãstreazã"
+
+#~ msgid "|[files]|decrypt files"
+#~ msgstr "|[fiºiere]|decripteazã fiºiere"
+
+#~ msgid "sign a key non-revocably"
+#~ msgstr "semneazã o cheie irevocabil"
+
+#~ msgid "sign a key locally and non-revocably"
+#~ msgstr "semneazã o cheie local ºi irevocabil"
+
+#~ msgid "list only the sequence of packets"
+#~ msgstr "enumerã numai secvenþa de pachete"
+
+#~ msgid "export the ownertrust values"
+#~ msgstr "exportã valorile încrederii în proprietari"
+
+#~ msgid "unattended trust database update"
+#~ msgstr "actualizare fãrã supraveghere a bazei de date de încredere"
+
+#~ msgid "fix a corrupted trust database"
+#~ msgstr "reparã o bazã de date de încredere coruptã"
+
+#~ msgid "De-Armor a file or stdin"
+#~ msgstr "Eliminã armura unui fiºier sau intrãrii standard (stdin)"
+
+#~ msgid "En-Armor a file or stdin"
+#~ msgstr "Pune armura unui fiºier sau intrãrii standard (stdin)"
+
+#~ msgid "do not force v3 signatures"
+#~ msgstr "nu forþa semnãturi v3"
+
+#~ msgid "force v4 key signatures"
+#~ msgstr "forþeazã semnãturi de chei v4"
+
+#~ msgid "do not force v4 key signatures"
+#~ msgstr "nu forþa semnãturi de chei v4"
+
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "nu folosi niciodatã un MDC pentru cifrare"
+
+#~ msgid "use the gpg-agent"
+#~ msgstr "foloseºte gpg-agent"
+
+#~ msgid "|[file]|write status info to file"
+#~ msgstr "|[fiºier]|scrie informaþii de stare în fiºier"
+
+#~ msgid "|KEYID|ultimately trust this key"
+#~ msgstr "|IDCHEIE|ai încredere deplinã în aceastã cheie"
+
+#~ msgid "emulate the mode described in RFC1991"
+#~ msgstr "emuleazã modul descris în RFC1991"
+
+#~ msgid "set all packet, cipher and digest options to OpenPGP behavior"
+#~ msgstr ""
+#~ "seteazã toate opþiunile pentru pachete, cifru ºi rezumat ca pentru "
+#~ "comportamentul OpenPGP"
+
+#~ msgid "set all packet, cipher and digest options to PGP 2.x behavior"
+#~ msgstr ""
+#~ "seteazã toate opþiunile pentru pachete, cifru ºi rezumat ca pentru "
+#~ "comportamentul PGP 2.x"
+
+#~ msgid "|NAME|use message digest algorithm NAME for passphrases"
+#~ msgstr "|NUME|foloseºte algoritm rezumat mesaj NUME pentru fraza-parolã"
+
+#~ msgid "throw keyid field of encrypted packets"
+#~ msgstr "ignorã câmp keyid pentru pachete cifrate"
+
+#~ msgid "Show Photo IDs"
+#~ msgstr "Aratã poze ID-uri"
+
+#~ msgid "Don't show Photo IDs"
+#~ msgstr "Nu arãta poze ID-uri"
+
+#~ msgid "Set command line to view Photo IDs"
+#~ msgstr "Seteazã linia de comandã pentru a vedea poze ID-uri"
+
+#~ msgid "compress algorithm `%s' is read-only in this release\n"
+#~ msgstr "algoritm compresie `%s' este numai-citire în acestã ediþie\n"
+
+#~ msgid "compress algorithm must be in range %d..%d\n"
+#~ msgstr "algoritm compresie trebuie sã fie în intervalul %d..%d\n"
+
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--nrsign-key id-utilizator"
+
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--nrlsign-key id-utilizator"
+
+#~ msgid "key %08lX: key has been revoked!\n"
+#~ msgstr "cheia %08lX: cheia a fost revocatã!\n"
+
+#~ msgid "key %08lX: subkey has been revoked!\n"
+#~ msgstr "cheie %08lX: subcheia a fost revocatã!\n"
+
+#~ msgid "%08lX: key has expired\n"
+#~ msgstr "%08lX: cheia a expirat\n"
+
+#~ msgid "%08lX: We do NOT trust this key\n"
+#~ msgstr "%08lX: Noi NU avem încredere în acestã cheie\n"
+
+#~ msgid ""
+#~ "%08lX: It is not sure that this key really belongs to the owner\n"
+#~ "but it is accepted anyway\n"
+#~ msgstr ""
+#~ "%08lX: Nu este sigur dacã aceastã cheie aparþine într-adevãr\n"
+#~ "proprietarului, dar este oricum acceptatã\n"
+
+#~ msgid "preference %c%lu is not valid\n"
+#~ msgstr "preferinþa %c%lu nu este validã\n"
+
+#~ msgid ""
+#~ "About to generate a new %s keypair.\n"
+#~ " minimum keysize is 768 bits\n"
+#~ " default keysize is 1024 bits\n"
+#~ " highest suggested keysize is 2048 bits\n"
+#~ msgstr ""
+#~ "Pe cale sã generaþi o nouã pereche de chei %s.\n"
+#~ " lungimea minimã este 768 bits\n"
+#~ " lungimea implicitã este 1024 bits\n"
+#~ " cea mai lungã cheie sugeratã este 2048 bits\n"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "DSA permite numai chei de la 512 la 1024\n"
+
+#~ msgid "keysize too small; 1024 is smallest value allowed for RSA.\n"
+#~ msgstr ""
+#~ "lungime cheie prea micã; 1024 este cea mai micã valoare permisã pentru "
+#~ "RSA.\n"
+
+#~ msgid "keysize too small; 768 is smallest value allowed.\n"
+#~ msgstr "lungime cheie prea micã; 768 este cea mai micã valoare permisã.\n"
+
+#~ msgid "keysize too large; %d is largest value allowed.\n"
+#~ msgstr "lungime cheie prea mare; %d este cea mai mare valoare permisã.\n"
+
+#~ msgid ""
+#~ "Keysizes larger than 2048 are not suggested because\n"
+#~ "computations take REALLY long!\n"
+#~ msgstr ""
+#~ "Lungimi pentru chei mai mari de 2048 nu sunt sugerate\n"
+#~ "deoarece calculele iau FOARTE MULT timp!\n"
+
+#~ msgid "Are you sure that you want this keysize? "
+#~ msgstr "Sunteþi sigur(ã) cã doriþi aceastã lungime de cheie? "
+
+#~ msgid ""
+#~ "Okay, but keep in mind that your monitor and keyboard radiation is also "
+#~ "very vulnerable to attacks!\n"
+#~ msgstr ""
+#~ "Bine, dar þineþi minte cã radiaþia monitorului ºi tastaturii d-voastrã "
+#~ "este de asemenea vulnerabilã la atacuri!\n"
+
+#~ msgid "%s: can't open: %s\n"
+#~ msgstr "%s: nu pot deschide: %s\n"
+
+#~ msgid "%s: WARNING: empty file\n"
+#~ msgstr "%s: AVERTISMENT: fiºier gol\n"
+
+#~ msgid "key %08lX: not a rfc2440 key - skipped\n"
+#~ msgstr "cheia %08lX: nu e o cheie rfc2440 - sãritã\n"
+
+#~ msgid ""
+#~ "NOTE: Elgamal primary key detected - this may take some time to import\n"
+#~ msgstr ""
+#~ "NOTÃ: cheie primarã Elgamal detectatã - poate lua ceva timp pentru a "
+#~ "importa\n"
+
+#~ msgid " (default)"
+#~ msgstr "(implicit)"
+
+#~ msgid "q"
+#~ msgstr "t"
+
+#~ msgid "save"
+#~ msgstr "salveazã"
+
+#~ msgid "fpr"
+#~ msgstr "ampr"
+
+#~ msgid "list"
+#~ msgstr "enumerã"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "uid"
+#~ msgstr "uid"
+
+#~ msgid "key"
+#~ msgstr "cheie"
+
+#~ msgid "select secondary key N"
+#~ msgstr "selecteazã cheie secundarã N"
+
+#~ msgid "check"
+#~ msgstr "verificã"
+
+#~ msgid "list signatures"
+#~ msgstr "enumerã semnãturi"
+
+#~ msgid "sign the key"
+#~ msgstr "semneazã cheia"
+
+#~ msgid "s"
+#~ msgstr "s"
+
+#~ msgid "lsign"
+#~ msgstr "lsign"
+
+#~ msgid "nrsign"
+#~ msgstr "nrsign"
+
+#~ msgid "sign the key non-revocably"
+#~ msgstr "semneazã cheia irevocabil"
+
+#~ msgid "nrlsign"
+#~ msgstr "nrlsign"
+
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "semneazã cheia local ºi irevocabil"
+
+#~ msgid "debug"
+#~ msgstr "depanare"
+
+#~ msgid "adduid"
+#~ msgstr "adduid"
+
+#~ msgid "addphoto"
+#~ msgstr "addphoto"
+
+#~ msgid "deluid"
+#~ msgstr "deluid"
+
+#~ msgid "delphoto"
+#~ msgstr "delphoto"
+
+#~ msgid "add a secondary key"
+#~ msgstr "adaugã o cheie secundarã"
+
+#~ msgid "delkey"
+#~ msgstr "stecheie"
+
+#~ msgid "addrevoker"
+#~ msgstr "adarev"
+
+#~ msgid "delsig"
+#~ msgstr "stesem"
+
+#~ msgid "delete signatures"
+#~ msgstr "ºterge semnãturi"
+
+#~ msgid "primary"
+#~ msgstr "primar"
+
+#~ msgid "toggle"
+#~ msgstr "comuta"
+
+#~ msgid "t"
+#~ msgstr "t"
+
+#~ msgid "pref"
+#~ msgstr "pref"
+
+#~ msgid "showpref"
+#~ msgstr "showpref"
+
+#~ msgid "setpref"
+#~ msgstr "setpref"
+
+#~ msgid "updpref"
+#~ msgstr "updpref"
+
+#~ msgid "passwd"
+#~ msgstr "parola"
+
+#~ msgid "trust"
+#~ msgstr "încredere"
+
+#~ msgid "revsig"
+#~ msgstr "revsem"
+
+#~ msgid "revoke signatures"
+#~ msgstr "revocã semnãturi"
+
+#~ msgid "revuid"
+#~ msgstr "revuid"
+
+#~ msgid "revoke a user ID"
+#~ msgstr "revocã un ID utilizator"
+
+#~ msgid "revkey"
+#~ msgstr "revkey"
+
+#~ msgid "showphoto"
+#~ msgstr "showphoto"
+
+#~ msgid "%s%c %4u%c/%08lX created: %s expires: %s"
+#~ msgstr "%s%c %4u%c/%08lX creatã: %s expirã: %s"
+
+#~ msgid "rev! subkey has been revoked: %s\n"
+#~ msgstr "rev! subcheia a fost revocatã: %s\n"
+
+#~ msgid "rev- faked revocation found\n"
+#~ msgstr "rev- a fost gãsitã o revocare falsificatã\n"
+
+#~ msgid ""
+#~ "\"\n"
+#~ "locally signed with your key %08lX at %s\n"
+#~ msgstr ""
+#~ "\"\n"
+#~ "semnatã local cu cheie d-voastrã %08lX pe %s\n"
+
+#~ msgid " signed by %08lX at %s%s%s\n"
+#~ msgstr " semnatã de %08lX pe %s%s%s\n"
+
+#~ msgid " signed by %08lX at %s%s\n"
+#~ msgstr " semnatã de %08lX pe %s%s\n"
+
+#~ msgid "Policy: "
+#~ msgstr "Politica: "
+
+#~ msgid "Experimental algorithms should not be used!\n"
+#~ msgstr "Algoritme experimentale nu ar trebui folosite!\n"
+
+#~ msgid ""
+#~ "this cipher algorithm is deprecated; please use a more standard one!\n"
+#~ msgstr ""
+#~ "acest algoritm de cifrare este învechit; vã rugãm folosiþi unul "
+#~ "standard!\n"
+
+#~ msgid "can't get key from keyserver: %s\n"
+#~ msgstr "nu pot obþine cheia de la serverul de chei: %s\n"
+
+#~ msgid "success sending to `%s' (status=%u)\n"
+#~ msgstr "succes trimitere la `%s' (stare=%u)\n"
+
+#~ msgid "failed sending to `%s': status=%u\n"
+#~ msgstr "a eºuat trimiterea la `%s': stare=%u\n"
+
+#~ msgid "this keyserver does not support --search-keys\n"
+#~ msgstr "acest sercer de chei nu suportã --search-keys\n"
+
+#~ msgid "can't search keyserver: %s\n"
+#~ msgstr "nu pot cãuta serverul de chei: %s\n"
+
+#~ msgid ""
+#~ "key %08lX: this is a PGP generated ElGamal key which is NOT secure for "
+#~ "signatures!\n"
+#~ msgstr ""
+#~ "cheie %08lX: aceasta este o cheie ElGamal generatã de PGP care NU este "
+#~ "sigurã pentru semnãturi!\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu second in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "cheia %08lX a fost creatã %lu secundã în viitor (warp în timp sau "
+#~ "probleme cu ceasul)\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu seconds in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "cheia %08lX a fost creatã %lu secunde în viitor (warp în timp sau "
+#~ "probleme cu ceasul)\n"
+
+#~ msgid "%s: can't access: %s\n"
+#~ msgstr "%s: nu pot accesa: %s\n"
+
+#~ msgid "%s: can't create lock\n"
+#~ msgstr "%s: nu pot crea încuietoare(lock)\n"
+
+#~ msgid "%s: can't make lock\n"
+#~ msgstr "%s: nu pot crea încuietoare(lock)\n"
+
+#~ msgid "%s: can't create: %s\n"
+#~ msgstr "%s: nu pot crea: %s\n"
+
+#~ msgid "key %08lX marked as ultimately trusted\n"
+#~ msgstr "cheia %08lX marcatã ca având încredere supremã\n"
+
+#~ msgid "signature from Elgamal signing key %08lX to %08lX skipped\n"
+#~ msgstr "semnãturã de la cheia de semnare Elgamal %08lX la %08lX sãritã\n"
+
+#~ msgid "signature from %08lX to Elgamal signing key %08lX skipped\n"
+#~ msgstr "semnãturã de la %08lX la cheia de semnare Elgamal %08lX sãritã\n"
+
+#~ msgid "checking at depth %d signed=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+#~ msgstr ""
+#~ "verificare la nivel %d semnat=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+
+#~ msgid "If you want to use this revoked key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Dacã doriþi oricum sã folosiþi aceastã cheie revocatã, rãspundeþi \"da\"."
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the digital signature algorithm which can only be used\n"
+#~ "for signatures. This is the suggested algorithm because verification of\n"
+#~ "DSA signatures are much faster than those of ElGamal.\n"
+#~ "\n"
+#~ "ElGamal is an algorithm which can be used for signatures and encryption.\n"
+#~ "OpenPGP distinguishs between two flavors of this algorithms: an encrypt "
+#~ "only\n"
+#~ "and a sign+encrypt; actually it is the same, but some parameters must be\n"
+#~ "selected in a special way to create a safe key for signatures: this "
+#~ "program\n"
+#~ "does this but other OpenPGP implementations are not required to "
+#~ "understand\n"
+#~ "the signature+encryption flavor.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of "
+#~ "signing;\n"
+#~ "this is the reason why the encryption only ElGamal key is not available "
+#~ "in\n"
+#~ "this menu."
+#~ msgstr ""
+#~ "Selectaþi algoritmul de folosit.\n"
+#~ "\n"
+#~ "DSA (sau DSS) este algoritmul de semnãturã digitalã care poate fi "
+#~ "folosit\n"
+#~ "doar pentru semnãturi. Acesta este algoritmul sugerat pentru cã "
+#~ "verificarea\n"
+#~ "semnãturilor DSA este mult mai rapidã decât a celor ElGamal.\n"
+#~ "\n"
+#~ "ElGamal este un algoritm ce poate fi folosit pentru semnãturi ºi "
+#~ "cifrare.\n"
+#~ "OpenPGP face distincþie între cele douã variante ale acestui algoritm: "
+#~ "cel\n"
+#~ "numai pentru cifrare ºi cel pentru semnare+cifrare; algoritmul este "
+#~ "acelaºi\n"
+#~ "dar câþiva parametrii trebuie selectaþi într-un mod special pentru a "
+#~ "crea\n"
+#~ "o cheie sigurã pentru semnãturi: acest program face acest lucru, dar "
+#~ "alte\n"
+#~ "implementãri OpenPGP ar putea sã nu înþeleagã varianta de semnare"
+#~ "+cifrare.\n"
+#~ "\n"
+#~ "Prima cheie (primarã) trebuie sã fie întotdeauna capabilã de semnare;\n"
+#~ "acesta este motivul pentru care cheia ElGamal nu este disponibilã în\n"
+#~ "acest meniu."
+
+#~ msgid ""
+#~ "Although these keys are defined in RFC2440 they are not suggested\n"
+#~ "because they are not supported by all programs and signatures created\n"
+#~ "with them are quite large and very slow to verify."
+#~ msgstr ""
+#~ "Deºî aceste chei sunt definite în RFC2440 ele nu sunt sugerate pentru\n"
+#~ "cã nu sunt suportate de toate programele ºi semnãturile create cu ele\n"
+#~ "sunt destul de lungi ºi verificarea lor este foarte lentã."
+
+#~ msgid "%lu keys so far checked (%lu signatures)\n"
+#~ msgstr "%lu chei pânã acum verificate (%lu semnãturi)\n"
+
+#~ msgid "key incomplete\n"
+#~ msgstr "cheie incompletã\n"
+
+#~ msgid "key %08lX incomplete\n"
+#~ msgstr "cheie %08lX incompletã\n"
+
+#~ msgid "sorry, can't do this in batch mode\n"
+#~ msgstr "îmi pare rãu, nu pot face acest lucru în modul batch\n"
+
+#~ msgid "error: missing colon\n"
+#~ msgstr "eroare: `:' lipsã\n"
+
+#~ msgid "error: no ownertrust value\n"
+#~ msgstr "eroare: nici o valoare încredere pentru proprietar\n"
+
+#~ msgid " (%d) ElGamal (sign and encrypt)\n"
+#~ msgstr " (%d) ElGamal (semnare ºi cifrare)\n"
+
+#~ msgid ""
+#~ "The use of this algorithm is only supported by GnuPG. You will not be\n"
+#~ "able to use this key to communicate with PGP users. This algorithm is "
+#~ "also\n"
+#~ "very slow, and may not be as secure as the other choices.\n"
+#~ msgstr ""
+#~ "Folosirea acestui algoritm este suportatã numai de GnuPG. Nu veþi putea\n"
+#~ "folosi aceastã cheie pentru a comunica cu alþi utilizatori PGP. Mai "
+#~ "mult,\n"
+#~ "acest algoritm este foarte lent ºi ar putea fi mai puþin sigur decât\n"
+#~ "celelalte opþiuni.\n"
+
+#~ msgid "Create anyway? "
+#~ msgstr "Creaþi oricum? "
+
+#~ msgid "invalid symkey algorithm detected (%d)\n"
+#~ msgstr "am detectat algoritm symkey invalid (%d)\n"
+
+#~ msgid "this keyserver is not fully HKP compatible\n"
+#~ msgstr "acest server de chei nu este în totalitate compatibil cu HKP\n"
diff --git a/po/ru.gmo b/po/ru.gmo
new file mode 100644
index 0000000..b0104fe
--- /dev/null
+++ b/po/ru.gmo
Binary files differ
diff --git a/po/ru.po b/po/ru.po
new file mode 100644
index 0000000..af5c6d4
--- /dev/null
+++ b/po/ru.po
@@ -0,0 +1,8427 @@
+# Copyright (C)2006 Free Software Foundation, Inc.
+# This file is distributed under the same license as the GnuPG package.
+# Maxim Britov <maxim.britov@gmail.com>, 2006.
+# !-- no such user (2011-01-11)
+# Thanks Pawel I. Shajdo <pshajdo@gmail.com>.
+# Thanks Cmecb for the inspiration.
+#
+# Designated-Translator: none
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: GnuPG 2.0.10\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2008-12-21 00:40+0200\n"
+"Last-Translator: Maxim Britov <maxim.britov@gmail.com>\n"
+"Language-Team: Russian <gnupg-ru@gnupg.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11) ? 0 : ((n%10>=2 && n%"
+"10<=4 && (n%100<10 || n%100>=20)) ? 1 : 2);\n"
+
+#: agent/call-pinentry.c:244
+#, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr ""
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr "СтойкоÑÑ‚ÑŒ:"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+"СтойкоÑÑ‚ÑŒ введенного выше текÑта. Можете прокоÑультироватьÑÑ Ñƒ Вашего "
+"админиÑтратора о критериÑÑ… оценки ÑтойкоÑти."
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr "Введите PIN-код Ð´Ð»Ñ Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ð´Ð¾Ñтупа к закрытому ключу"
+
+#: agent/call-pinentry.c:719
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "Введите фразу-пароль Ð´Ð»Ñ Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ð´Ð¾Ñтупа к закрытому ключу"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr "SETERROR %s (попытка %d из %d)"
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+msgid "PIN too long"
+msgstr "PIN Ñлишком длинен"
+
+#: agent/call-pinentry.c:800
+msgid "Passphrase too long"
+msgstr "фраза-пароль Ñлишком длиннаÑ"
+
+#: agent/call-pinentry.c:808
+msgid "Invalid characters in PIN"
+msgstr "ÐедопуÑтимый Ñимвол в PIN-коде"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr "PIN-код Ñлишком короткий"
+
+#: agent/call-pinentry.c:825
+msgid "Bad PIN"
+msgstr "плохой PIN"
+
+#: agent/call-pinentry.c:826
+msgid "Bad Passphrase"
+msgstr "ÐÐµÐ²ÐµÑ€Ð½Ð°Ñ Ñ„Ñ€Ð°Ð·Ð°-пароль"
+
+#: agent/call-pinentry.c:863
+msgid "Passphrase"
+msgstr "Фраза-пароль"
+
+#: agent/command-ssh.c:531
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "не поддерживаютÑÑ ssh ключи превышающие %d бит\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "не могу Ñоздать `%s': %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "не могу открыть `%s': %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "ошибка Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ñерийного номера карты: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr "обнаружена карта, Ñерийный номер: %s\n"
+
+#: agent/command-ssh.c:1717
+#, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "ошибка Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¾Ð½Ð½Ð¾Ð³Ð¾ keyID по умолчанию карты: %s\n"
+
+#: agent/command-ssh.c:1737
+#, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "в карте не обнаружен пригодный ключ: %s\n"
+
+#: agent/command-ssh.c:1787
+#, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1802
+#, c-format
+msgid "error writing key: %s\n"
+msgstr "Ñбой запиÑи ключа: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Введите фразу-пароль Ð´Ð»Ñ ssh ключа%0A %c"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+msgid "Please re-enter this passphrase"
+msgstr "Повторно введите фразу-пароль:"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"Введите фразу-пароль Ð´Ð»Ñ Ð·Ð°Ñ‰Ð¸Ñ‚Ñ‹ принÑтого закрытого ключа%%0A %s%%0Aвнутри "
+"хранилища ключей gpg-agent"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr "не Ñовпало, попробуйте еще раз"
+
+#: agent/command-ssh.c:3054
+#, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "Ñбой ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð¿Ð¾Ñ‚Ð¾ÐºÐ° из Ñокета: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr "ÐдминиÑтративный PID"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+msgid "Repeat this Reset Code"
+msgstr "Повторить Reset Code"
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Повторите ввод PIN"
+
+#: agent/divert-scd.c:290
+msgid "Repeat this PIN"
+msgstr "Повторите ввод PIN"
+
+#: agent/divert-scd.c:295
+msgid "Reset Code not correctly repeated; try again"
+msgstr "Reset Code не повторен корректно; попробуйте еще раз"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "повторный PIN не Ñовпал; попробуйте еще раз"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "повторный PIN не Ñовпал; попробуйте еще раз"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "Введите PIN%s%s%s Ð´Ð»Ñ Ð´Ð¾Ñтупа к карте"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "ошибка ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð²Ñ€ÐµÐ¼ÐµÐ½Ð½Ð¾Ð³Ð¾ файла: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "ошибка запиÑи во временный файл: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+msgid "Enter new passphrase"
+msgstr "Введите новую фразу-пароль"
+
+#: agent/genkey.c:167
+msgid "Take this one anyway"
+msgstr "ПринÑÑ‚ÑŒ как еÑÑ‚ÑŒ"
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+"Внимание: Ð’Ñ‹ ввели небезопаÑную фразу-пароль.%%0AДлина фразы-Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð´Ð¾Ð»Ð¶Ð½Ð° "
+"Ñодержать не менее %u знака."
+msgstr[1] ""
+"Внимание: Ð’Ñ‹ ввели небезопаÑную фразу-пароль.%%0AДлина фразы-Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð´Ð¾Ð»Ð¶Ð½Ð° "
+"Ñодержать не менее %u знаков."
+msgstr[2] ""
+"Внимание: Ð’Ñ‹ ввели небезопаÑную фразу-пароль.%%0AДлина фразы-Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð´Ð¾Ð»Ð¶Ð½Ð° "
+"Ñодержать не менее %u знаков."
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+"Внимание: Ð’Ñ‹ ввели небезопаÑную фразу-пароль.%%0AФраза-пароль должна "
+"Ñодержать не менее %u Ñимвола, либо %%0AÑпециальный Ñимвол."
+msgstr[1] ""
+"Внимание: Ð’Ñ‹ ввели небезопаÑную фразу-пароль.%%0AФраза-пароль должна "
+"Ñодержать не менее %u Ñимвола, либо %%0AÑпециальных Ñимвола."
+msgstr[2] ""
+"Внимание: Ð’Ñ‹ ввели небезопаÑную фразу-пароль.%%0AФраза-пароль должна "
+"Ñодержать не менее %u Ñимволов, либо %%0AÑпециальный Ñимволов."
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+"Внимание: Ð’Ñ‹ ввели небезопаÑную фразу-пароль.%%0AФраза-пароль не должна быть "
+"извеÑтным Ñловом и не должна ÑодержатьÑÑ%%0Aв образце."
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr "Ð’Ñ‹ не ввели фразу-пароль!%0AПуÑÑ‚Ð°Ñ Ñ„Ñ€Ð°Ð·Ð°-пароль недопуÑтима."
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+"Ð’Ñ‹ не ввели фразу-пароль - Ñто веÑьма неудачное решение!%0A Подтвердите, что "
+"Ð’Ñ‹ дейÑтвительно не хотите защитить Ваш ключ."
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr "Да, защита мне не нужна"
+
+#: agent/genkey.c:308
+#, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr "Введите фразу-пароль%0AÐ´Ð»Ñ Ð·Ð°Ñ‰Ð¸Ñ‚Ñ‹ нового ключа"
+
+#: agent/genkey.c:431
+msgid "Please enter the new passphrase"
+msgstr "Введите новую фразу-пароль"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@Параметры:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr "запуÑк в режиме Ñервера (foreground)"
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr "запуÑк в режиме демона (background)"
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "подробно"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "уменьшить количеÑтво выводимой информации"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr "вывод результатов в sh-Ñтиле"
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr "вывод результатов в csh-Ñтиле"
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+msgid "|FILE|read options from FILE"
+msgstr "|FILE|взÑÑ‚ÑŒ параметры из FILE"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr "не отÑоединÑÑ‚ÑŒÑÑ Ð¾Ñ‚ конÑоли"
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr "не перехватывать ÑÐ¾Ð±Ñ‹Ñ‚Ð¸Ñ Ð¼Ñ‹ÑˆÐ¸ и клавиатуры"
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+msgid "use a log file for the server"
+msgstr "иÑпользовать файл журнала Ð´Ð»Ñ Ñервера"
+
+#: agent/gpg-agent.c:138
+msgid "use a standard location for the socket"
+msgstr "Ñтандартное раÑположение Ñокета"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr "|PGM|иÑпользовать PGM как PIN-Entry"
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr "|PGM| иÑпользовать PGM как SCdaemon"
+
+#: agent/gpg-agent.c:145
+msgid "do not use the SCdaemon"
+msgstr "не иÑпользовать SCdaemon"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr "игнорировать запроÑÑ‹ Ñмены TTY"
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr "игнорировать запроÑÑ‹ Ñмены X диÑплеÑ"
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr "|N|кеш PIN проÑрочен поÑле N Ñекунд"
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr "не иÑпользовать кеш PIN при подпиÑывании"
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr "позволить клиентам помечать ключи как \"доверÑемые\""
+
+#: agent/gpg-agent.c:179
+msgid "allow presetting passphrase"
+msgstr "разрешить предуÑтановленную фразу-пароль"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr "разрешить ÑмулÑцию ssh-агента"
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr "|FILE|Ñохранить ÑоÑтоÑние Ð¾ÐºÑ€ÑƒÐ¶ÐµÐ½Ð¸Ñ Ð¸ в файл"
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "О найденных ошибка Ñообщайте <@EMAIL@>.\n"
+
+#: agent/gpg-agent.c:342
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "ИÑпользование: gpg-agent [параметры] (-h Ð´Ð»Ñ Ð¿Ð¾Ð´Ñказки)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+"СинтакÑиÑ: gpg-agent [параметры] [команда [аргументы]]\n"
+"Управление закрытыми ключами Ð´Ð»Ñ GnuPG\n"
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr "запрошен недупуÑтимый уровень отладки `%s'\n"
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr "%s Ñлишком уÑтарело (требуетÑÑ %s, имеетÑÑ %s)\n"
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "ЗÐМЕЧÐÐИЕ: файл конфигурации `%s' не обнаружен\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "файл конфигурации `%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "параметры конфигурации из файла `%s'\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "ошибка ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ `%s': %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "не могу Ñоздать каталог `%s': %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr "Ð¸Ð¼Ñ Ñокета Ñлишком длинное\n"
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, c-format
+msgid "can't create socket: %s\n"
+msgstr "не могу Ñоздать Ñокет: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "Ð¸Ð¼Ñ Ñокета `%s' Ñлишком длинное\n"
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "gpg-agent уже запущен - еще один, новый, запущен не будет\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+msgid "error getting nonce for the socket\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "ошибка ÑвÑÐ·Ñ‹Ð²Ð½Ð¸Ñ Ñокета Ñ `%s': %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, c-format
+msgid "listen() failed: %s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, c-format
+msgid "listening on socket `%s'\n"
+msgstr "Ñлушаем Ñокет `%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "Ñоздан каталог `%s'\n"
+
+#: agent/gpg-agent.c:1640
+#, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1644
+#, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "невозможно иÑпользовать `%s' как домашний каталог\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr ""
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, c-format
+msgid "%s %s stopped\n"
+msgstr "%s %s: оÑтановлен\n"
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr "нет gpg-agent доÑтупого Ð´Ð»Ñ Ð´Ð°Ð½Ð½Ð¾Ð¹ ÑеÑÑии\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "Ð½ÐµÐ¿Ñ€Ð°Ð²Ð¸Ð»ÑŒÐ½Ð°Ñ Ð¿ÐµÑ€ÐµÐ¼ÐµÐ½Ð½Ð°Ñ Ð¾ÐºÑ€ÑƒÐ¶ÐµÐ½Ð¸Ñ GPG_AGENT_INFO\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "протокол gpg-agent верÑии %d не поддерживаетÑÑ\n"
+
+#: agent/preset-passphrase.c:98
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr ""
+"ИÑпользование: gpg-preset-passphrase [параметры] KEYGRIP (-h Ð´Ð»Ñ Ð¿Ð¾Ð´Ñказки)\n"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+"СинтакÑиÑ: gpg-preset-passphrase [параметры] KEYGRIP\n"
+"Кеширование паролей\n"
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Команды:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Параметры:\n"
+" "
+
+#: agent/protect-tool.c:166
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "ИÑпользование: gpg-protect-tool [параметры] (-h Ð´Ð»Ñ Ð¿Ð¾Ð´Ñказки)\n"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+"СинтакÑиÑ: gpg-protect-tool [параметры] [аргументы]\n"
+"ИнÑтрумент Ð´Ð»Ñ Ñ€Ð°Ð±Ð¾Ñ‚Ñ‹ Ñ Ð·Ð°ÐºÑ€Ñ‹Ñ‚Ñ‹Ð¼Ð¸ ключами\n"
+
+#: agent/protect-tool.c:1162
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Введите фразу-пароль Ð´Ð»Ñ Ð´Ð¾Ñтупа к PKCS#12 объекту."
+
+#: agent/protect-tool.c:1167
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Введите фразу-пароль Ð´Ð»Ñ Ð·Ð°Ñ‰Ð¸Ñ‚Ñ‹ нового PKCS#12 объекта."
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr "Введите фразу-пароль Ð´Ð»Ñ Ð·Ð°Ñ‰Ð¸Ñ‚Ñ‹ импортированных в GnuPG объектов."
+
+#: agent/protect-tool.c:1178
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+"Введите фразу-пароль или PIN\n"
+"необходимые Ð´Ð»Ñ Ð²Ñ‹Ð¿Ð¾Ð»ÐµÐ½Ð¸Ñ Ð´Ð°Ð½Ð½Ð¾Ð¹ операции."
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+msgid "Passphrase:"
+msgstr "Фраза-пароль:"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+msgid "cancelled\n"
+msgstr "отменено\n"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "ошибка запроÑа ввода фразы-паролÑ: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, c-format
+msgid "error opening `%s': %s\n"
+msgstr "ошибка Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ð¸Ñ `%s': %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "файл `%s', Ñтрока %d: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "ÑиÑтемный ÑпиÑок доверий `%s' не доÑтупен\n"
+
+#: agent/trustlist.c:229
+#, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "недопуÑтимый отпечаток в `%s', Ñтрока %d\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ `%s', Ñтрока %d: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ ÑпиÑка доверÑемых корневых Ñертификатов\n"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+"ДейÑтвительно абÑолютно доверÑÑ‚ÑŒ%%0A \"%s\"%%0Aкорректно подпиÑанным "
+"Ñертификатам пользователÑ?"
+
+#: agent/trustlist.c:620 common/audit.c:467
+msgid "Yes"
+msgstr "Да"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr "Ðет"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+"Проверьте, что Ñертификат идентифицированный как:%%0A \"%s\"%%0Aимеет "
+"отпечаток:%%0A %s"
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr "Подтверждаю"
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+"Замечание: Фразу-пароль ни разу не ÑменÑли.%0AПожалуйÑта, Ñмените ее ÑейчаÑ."
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+"Фраза пароль не ÑменÑлаÑÑŒ%%0AÑ %.4s-%.2s-%.2s. ПожалуйÑта, Ñмените ее "
+"ÑейчаÑ."
+
+#: agent/findkey.c:187 agent/findkey.c:194
+msgid "Change passphrase"
+msgstr "Cменить фразу-пароль"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr "Сменю позже"
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, c-format
+msgid "error creating a pipe: %s\n"
+msgstr ""
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr ""
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, c-format
+msgid "error forking process: %s\n"
+msgstr ""
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "ошибка Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ ÐºÐ¾Ð´Ð° возврата процеÑÑа %d: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ `%s': ÑÑ‚Ð°Ñ‚ÑƒÑ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð¸Ñ %d\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr "ошибка запуÑка `%s': позможно не уÑтановлен\n"
+
+#: common/exechelp.c:885
+#, c-format
+msgid "error running `%s': terminated\n"
+msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ `%s': прервано\n"
+
+#: common/http.c:1674
+#, c-format
+msgid "error creating socket: %s\n"
+msgstr ""
+
+#: common/http.c:1718
+msgid "host not found"
+msgstr "хоÑÑ‚ не найден"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent недоÑтупен в данной ÑеÑÑии\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "не могу подключитьÑÑ Ðº `%s': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "проблема ÑвÑзи Ñ gpg-agent\n"
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr "проблема Ð·Ð°Ð´Ð°Ð½Ð¸Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð² gpg-agent\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+msgid "canceled by user\n"
+msgstr "прервано пользователем\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr "проблема Ñ Ð°Ð³ÐµÐ½Ñ‚Ð¾Ð¼\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "не могу отключить Ñоздание файла дампа образа памÑти: %s\n"
+
+#: common/sysutils.c:200
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "Ð’ÐИМÐÐИЕ: небезопаÑный владелец %s \"%s\"\n"
+
+#: common/sysutils.c:232
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "Ð’ÐИМÐÐИЕ: небезопаÑные права доÑтупа %s \"%s\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "да|Да|yes|Yes"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "yY"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "нет|Ðет|no|No"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "quit"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr ""
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr "выход за безопаÑный предел памÑти при раÑпределении %lu байтов"
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr "выход за границы при раÑпределении %lu байтов"
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr "нет работающих gpg-agent - запуÑкаем\n"
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr "невозможно подключитьÑÑ Ðº агенту - пробуем откатитьÑÑ Ð½Ð°Ð·Ð°Ð´\n"
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "импорт Ñертификатов"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "импорт Ñертификатов"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "импорт Ñертификатов"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "импорт Ñертификатов"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "импорт Ñертификатов"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "импорт Ñертификатов"
+
+#: common/audit.c:726
+msgid "Certificate chain available"
+msgstr "ДоÑтупна цепочка Ñертификатов"
+
+#: common/audit.c:733
+msgid "root certificate missing"
+msgstr "отÑутÑтвует корневой Ñертификат"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr "Данные зашифрованы"
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+msgid "Data available"
+msgstr "Данные доÑтупны"
+
+#: common/audit.c:767
+msgid "Session key created"
+msgstr "СеÑÑионный ключ Ñоздан"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, c-format
+msgid "algorithm: %s"
+msgstr "алгоритм: %s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, c-format
+msgid "unsupported algorithm: %s"
+msgstr "неподдерживаемый алгоритм: %s"
+
+#: common/audit.c:778 common/audit.c:925
+msgid "seems to be not encrypted"
+msgstr "похоже на не зашифрованное"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr "КоличеÑтво получателей"
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr "Получатель %d"
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr "Данные подпиÑаны"
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "ÐедопуÑÑ‚Ð¸Ð¼Ð°Ñ Ñ…Ñш-функциÑ: %s"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "ПодпиÑÑŒ %d"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "ÐедопуÑÑ‚Ð¸Ð¼Ð°Ñ Ñ…Ñш-функциÑ: %s"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr "Данные раÑшифрованы"
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "метод защиты %d%s не поддерживаетÑÑ\n"
+
+#: common/audit.c:993
+msgid "Data verification succeeded"
+msgstr "Данные проверены"
+
+#: common/audit.c:1002
+msgid "Signature available"
+msgstr "ПодпиÑÑŒ доÑтупна"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "Разбор подпиÑи завершен"
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "ÐедопуÑÑ‚Ð¸Ð¼Ð°Ñ Ñ…Ñш-функциÑ: %s"
+
+#: common/audit.c:1051
+#, c-format
+msgid "Signature %d"
+msgstr "ПодпиÑÑŒ %d"
+
+#: common/audit.c:1079
+msgid "Certificate chain valid"
+msgstr "Цепочка ÑÐµÑ€Ñ‚Ð¸Ñ„Ð¸Ñ†Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ð´ÐµÐ¹Ñтвительна"
+
+#: common/audit.c:1090
+msgid "Root certificate trustworthy"
+msgstr "Корневой Ñертификат доÑтоверен"
+
+#: common/audit.c:1111 sm/certchain.c:935
+msgid "no CRL found for certificate"
+msgstr "не найдена CRL Ð´Ð»Ñ Ñертификата"
+
+#: common/audit.c:1114 sm/certchain.c:945
+msgid "the available CRL is too old"
+msgstr "доÑÑ‚Ð¿ÑƒÐ½Ð°Ñ CRL Ñлишком Ñтара"
+
+#: common/audit.c:1119
+msgid "CRL/OCSP check of certificates"
+msgstr "проверка CRL/OCSP Ñертификата"
+
+#: common/audit.c:1139
+msgid "Included certificates"
+msgstr "ЗадейÑтвованные Ñертификаты"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr "ЗапиÑи журнала аудита отÑутÑтвуют."
+
+#: common/audit.c:1243
+msgid "Unknown operation"
+msgstr "ÐеизвеÑÑ‚Ð½Ð°Ñ Ð¾Ð¿ÐµÑ€Ð°Ñ†Ð¸Ñ"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr "Gpg-Agent доÑтупен"
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr "Dirmgr доÑтупен"
+
+#: common/audit.c:1307
+#, c-format
+msgid "No help available for `%s'."
+msgstr "Ðет Ñправки Ð´Ð»Ñ `%s'."
+
+#: common/helpfile.c:80
+msgid "ignoring garbage line"
+msgstr "игнорируем дефектную Ñтроку"
+
+#: common/gettime.c:503
+msgid "[none]"
+msgstr "[нет]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "формат ASCII: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "неправильный заголовок ASCII: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "заголовок ASCII: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "неправильный заголовок прозрачной подпиÑи\n"
+
+#: g10/armor.c:455
+msgid "unknown armor header: "
+msgstr "недопуÑтимый заголовок ASCII: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "вложенные прозрачные подпиÑи\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "неожидаемый формат ASCII:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "неправильный отÑтуп из минуÑов: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "недопуÑтимый Ñимвол radix64 %02X пропущен\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "преждевременный конец файла (нет CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "преждевременный конец файла (в CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "поврежденный CRC\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "ошибка CRC; %06lX - %06lX\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "преждевременный конец файла (в дополнении)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "ошибка в Ñтроке дополнениÑ\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "не найдено данных формата OpenPGP.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "неправильный ASCII формат: Ñтрока длиннее %d Ñимволов\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"Ñимволы quoted printable в кодировке ASCII - вероÑтно иÑпользовалÑÑ Ð¿Ð»Ð¾Ñ…Ð¾Ð¹ "
+"MTA\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"Ð¸Ð¼Ñ Ð¿Ñ€Ð¸Ð¼ÐµÑ‡Ð°Ð½Ð¸Ñ Ð´Ð¾Ð»Ð¶Ð½Ð¾ Ñодеражать только печатные Ñимволы и пробелы, и '=' на "
+"конце\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "Ð¸Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»ÑŒÑкого Ð¿Ñ€Ð¸Ð¼ÐµÑ‡Ð°Ð½Ð¸Ñ Ð´Ð¾Ð»Ð¶Ð½Ð¾ Ñодержать Ñимвол '@'\n"
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "Ð¸Ð¼Ñ Ð¿Ñ€Ð¸Ð¼ÐµÑ‡Ð°Ð½Ð¸Ñ Ð´Ð¾Ð»Ð¶Ð½Ð¾ Ñодержать не более одного Ñимвола '@'\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "значение Ð¿Ñ€Ð¸Ð¼ÐµÑ‡Ð°Ð½Ð¸Ñ Ð½Ðµ должно Ñодержать управлÑющих Ñимволов\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "Ð’ÐИМÐÐИЕ: обнаружено недопуÑтимое примечание\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "не читаемое человеком"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "Карта OpenPGP недоÑтупна: %s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "Обнаружена карта OpenPGP номер %s \n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "невозможно Ñделать Ñто в пакетном режиме\n"
+
+#: g10/card-util.c:106
+msgid "This command is only available for version 2 cards\n"
+msgstr "Ð”Ð°Ð½Ð½Ð°Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° допуÑтима только Ð´Ð»Ñ ÐºÐ°Ñ€Ñ‚ верÑии 2\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+msgid "Reset Code not or not anymore available\n"
+msgstr "Reset Code не задан или недоÑтупен\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Ваш выбор (?-подробнее)? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[не уÑтановлено]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "мужÑкой"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "женÑкий"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "не задан"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "отключен"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "включен"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "Ошибка: ДопуÑтим только чиÑтый ASCII.\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "Ошибка: ÐÐµÐ»ÑŒÐ·Ñ Ð¸Ñпользовать Ñимвол \"<\".\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "Ошибка: Двойные пробелы недопуÑтимы.\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "Ð¤Ð°Ð¼Ð¸Ð»Ð¸Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†Ð° карты:"
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "Ð˜Ð¼Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†Ð° карты:"
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "Ошибка: Скомбинированное Ð¸Ð¼Ñ Ñлишком длинное (предел %d Ñимволов).\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "URL Ð´Ð»Ñ Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ð¾Ð³Ð¾ ключа: "
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "Ошибка: URL Ñлишком длинный (предел - %d Ñимволов).\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "ошибка раÑÐ¿Ñ€ÐµÐ´ÐµÐ»ÐµÐ½Ð¸Ñ Ð¿Ð°Ð¼Ñти: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ `%s': %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "ошибка запиÑи в `%s': %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "Ð£Ñ‡ÐµÑ‚Ð½Ð°Ñ Ð·Ð°Ð¿Ð¸ÑÑŒ (имÑ):"
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "Ошибка: Данные учетной запиÑи Ñлишком длинные (предел %d Ñимволов).\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr "Секретные DO данные:"
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "Ошибка: Секретные DO данные Ñлишком длинные (предел %d Ñимволов).\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "Предпочитаемый Ñзык: "
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "Ошибка: недопуÑÑ‚Ð¸Ð¼Ð°Ñ Ð´Ð»Ð¸Ð½Ð° Ñтроки предпочтений.\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Ошибка: недопуÑтимые Ñимволы в Ñтроке предпочтений.\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "Пол ((M)МужÑкой, (F)ЖенÑкий или пробел): "
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "Ошибка: недопуÑтимый ответ.\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "отпечаток CA: "
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "Ошибка: неправильный формат отпечатка.\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "Ð¾Ð¿ÐµÑ€Ð°Ñ†Ð¸Ñ Ñ ÐºÐ»ÑŽÑ‡Ð¾Ð¼ невозможна: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "карта не OpenPGP"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "ошибка при Ñчитывании информации ключа: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "Заменить ÑущеÑтвующий ключ? (y/N) "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Какой размер ключа необходим? (%u) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Какой размер ключа необходим? (%u) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Какой размер ключа необходим? (%u) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "округлен до %u бит\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "размер ключей %s должен быть в пределах %u-%u\n"
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "ошибка ÑвÑÐ·Ñ‹Ð²Ð½Ð¸Ñ Ñокета Ñ `%s': %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "Сделать резервную копию ключа ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ð²Ð½Ðµ карты? (Y/n)"
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "Ñекретный ключ уже Ñохранен в карте\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "Заменить ÑущеÑтвующие ключи? (y/N) "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"Учтите, что заводÑкие уÑтановки PIN кодов\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"Следует изменить их иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñƒ --change-pin\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "Выберите тип Ñоздаваемого ключа:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) Ключ подпиÑи\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) Ключ шифрованиÑ\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) Ключ аутентификации\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Ðеправильный выбор.\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "Выберите, где Ñохранить ключ:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "неизвеÑтный алгоритм защиты ключа\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "Ñекретные чаÑти ключа недоÑтупны\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "Ñекретный ключ уже Ñохранен в карте\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "Ñбой запиÑи ключа: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "выйти из Ñтого меню"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "показать управлÑющие команды"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "показать данную Ñправку"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "вывеÑти вÑе доÑтупные данные"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "изменить Ð¸Ð¼Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†Ð° карты"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "изменить URL Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ ÐºÐ»ÑŽÑ‡Ð°"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "запроÑить ключ, указанный по заданному картой URL"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "изменить учетное имÑ"
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "изменить Ñзыковые предпочтениÑ"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "изменение пола владельца карты"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "Ñменить отпечаток CA"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "Ñгенерировать новые ключи"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "меню Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð¸Ð»Ð¸ разблокировки PIN"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr "проверить PIN и показать вÑе данные"
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr "разблокировать PIN иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ Reset Code"
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "Команды админиÑтратора\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "Команды админиÑÑ‚Ñ€Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ñ€Ð°Ð·Ñ€ÐµÑˆÐµÐ½Ñ‹\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "Команды админиÑÑ‚Ñ€Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ð½Ðµ разрешены\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "ÐедопуÑÑ‚Ð¸Ð¼Ð°Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° (ÑпиÑок команд: \"help\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output не работает Ð´Ð»Ñ Ð´Ð°Ð½Ð½Ð¾Ð¹ команды\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "не могу открыть `%s'\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "ключ \"%s\" не найден: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð±Ð»Ð¾ÐºÐ° ключей: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(еÑли только ключ не задан отпечатком)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "не могу выполнить в пакетном режиме без \"--yes\"\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Удалить данный ключ из таблицы ключей? (y/N)"
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Это Ñекретный ключ! - дейÑтвительно удалить? (y/N)"
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "Ñбой при удалении блока ключа: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "Ð¸Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ñ Ð¾ доверии владельцу очищена\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "имеетÑÑ Ñекретный ключ Ð´Ð»Ñ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ð¾Ð³Ð¾ ключа \"%s\"!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr ""
+"Ñначала воÑпользуйтеÑÑŒ \"--delete-secret-keys\" Ð´Ð»Ñ ÑƒÐ´Ð°Ð»ÐµÐ½Ð¸Ñ Ð·Ð°ÐºÑ€Ñ‹Ñ‚Ð¾Ð³Ð¾ "
+"ключа.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "ошибка ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ñ„Ñ€Ð°Ð·Ñ‹-паролÑ: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "не могу иÑпользовать Ñимметричный пакет ESK в S2K режиме\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "иÑпользутÑÑ Ð°Ð»Ð³Ð¾Ñ€Ð¸Ñ‚Ð¼ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "`%s' уже Ñжат\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "Ð’ÐИМÐÐИЕ: `%s' пуÑтой файл\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr "в режиме --pgp2 ключ RSA Ð´Ð»Ñ ÑˆÐ¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ð´Ð¾Ð»Ð¶ÐµÐ½ быть не более 2048 бит\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "читаю из `%s'\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr "не могу иÑпользовать шифр IDEA Ð´Ð»Ñ Ð²Ñех ключей.\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: иÑпользование шифра %s (%d) противоречит предпочтениÑм получателÑ\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr "Ð’ÐИМÐÐИЕ: Ñжатие алгоритмом %s (%d) нарушает Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð¿Ð¾Ð»ÑƒÑ‡Ð°Ñ‚ÐµÐ»Ñ\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "иÑпользование шифра %s (%d) противоречит предпочтениÑм получателÑ\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "ÐÐµÐ»ÑŒÐ·Ñ Ð¸Ñпользовать %s в режиме %s\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s зашифровано длÑ: \"%s\"\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "Данные зашифрованы алгоритмом %s\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "зашифровано неизвеÑтным алгоритмом %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: Ñообщение было зашифровано Ñлабым ключом Ñимметричного шифра.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "проблема обработки зашифрованного пакета\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "удаленный запуÑк программы не поддерживаетÑÑ\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr "вызов внешних программ отключен из-за небезопаÑных прав доÑтупа\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"на данной платформе требуетÑÑ Ð¸Ñпользование временных файлов при вызове "
+"внешних программ\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "не могу запуÑтить программу `%s': %s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "не могу запуÑтить оболочку `%s': %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "ошибка ÑиÑтемы при вызове внешней программы: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "ненормальное завершение внешней программы\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "не могу запуÑтить внешнюю программу\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "не могу прочитать ответ внешней программы: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "Ð’ÐИМÐÐИЕ: не могу удалить временный файл (%s) `%s': %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "Ð’ÐИМÐÐИЕ: не могу удалить временный каталог `%s': %s\n"
+
+#: g10/export.c:61
+msgid "export signatures that are marked as local-only"
+msgstr "ÑкÑпорт подпиÑей, помеченных как локальные"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr "ÑкÑпорт атрибутов UserID (обычно PhotoID)"
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "ÑкÑпорт отзывающих ключей помеченных \"sensitive\""
+
+#: g10/export.c:67
+msgid "remove the passphrase from exported subkeys"
+msgstr "удаление фразы-Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð¸Ð· ÑкÑпортируемых подключей"
+
+#: g10/export.c:69
+msgid "remove unusable parts from key during export"
+msgstr "удаление неиÑпользуемых чаÑтей из ключа при ÑкÑпорте"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr "удалить макÑимум возможного из ключа при ÑкÑпортировании"
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "ÑкÑпорт Ñекретных ключей не разрешен\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "ключ %s: не защищен - пропущен\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "ключ %s: ÑÑ‚Ð¸Ð»Ñ PGP 2.x - пропущен\n"
+
+#: g10/export.c:386
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "ключ %s: ключ находитÑÑ Ð½Ð° карте - пропущен\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr "ÑкÑпорт незащищенного подключа\n"
+
+#: g10/export.c:560
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "Ñбой ÑнÑÑ‚Ð¸Ñ Ð·Ð°Ñ‰Ð¸Ñ‚Ñ‹ Ñ Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡Ð°: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "Ð’ÐИМÐÐИЕ: Ñекретный ключ %s не имеет проÑтой контрольной Ñуммы SK\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "Ð’ÐИМÐÐИЕ: нечего ÑкÑпортировать\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "Ñлишком много входов в pk кÑше - отключено\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[User ID не найден]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr "автоматичеÑки полученный `%s' via %s\n"
+
+#: g10/getkey.c:1118
+#, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "ошибка Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ `%s' через %s: %s\n"
+
+#: g10/getkey.c:1120
+msgid "No fingerprint"
+msgstr "Ðет отпечатка"
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"Дефектный ключ %s признан пригодным ÑоглаÑно параметра --allow-non-"
+"selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "нет Ñекретного подключа Ð´Ð»Ñ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ð¾Ð³Ð¾ подключа %s - игнорируем\n"
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "иÑпользую подклключ %s вмеÑто главного ключа %s\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "ключ %s: Ñекретный ключ без открытого ключа - пропущен\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+msgid "make a signature"
+msgstr "Ñоздать подпиÑÑŒ"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+msgid "make a clear text signature"
+msgstr "Ñоздать прозрачную подпиÑÑŒ"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "Ñоздать отделенную подпиÑÑŒ"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "зашифровать данные"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "зашифровать только Ñимметричным шифром"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "раÑшифровать данные (по умолчанию)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "проверить подпиÑÑŒ"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "вывеÑти ÑпиÑок ключей"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "вывеÑти ÑпиÑок ключей и подпиÑи"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "вывеÑти и проверить подпиÑи"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "вывеÑти ÑпиÑок ключей c отпечатками"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "вывеÑти ÑпиÑок Ñекретных ключей"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "Ñоздать новую пару ключей"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "Ñоздать Ñертификат отзыва"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "удалить ключи из таблицы открытых ключей"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "удалить ключи из таблицы закрытых ключей"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "подпиÑать ключ"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "подпиÑать ключ локально"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "подпиÑать или редактировать ключ"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+msgid "change a passphrase"
+msgstr "Ñменить фразу-пароль"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "ÑкÑпортировать ключи"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "ÑкÑпортировать ключи на Ñервер ключей"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "импортировать ключи Ñ Ñервера ключей"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "иÑкать ключи на Ñервере ключей"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "обновить вÑе ключи Ñ Ñервера ключей"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "импортировать/объединить ключи"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "показать ÑоÑтоÑние карты"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "изменить данные на карте"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "Ñменить PIN карты"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "обновить таблицу доверий"
+
+#: g10/gpg.c:436
+msgid "print message digests"
+msgstr "вывеÑти Ñ…Ñши файлов"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr "запуÑк в режиме Ñервера"
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "вывод в ASCII формате"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|USER-ID|зашифровать Ð´Ð»Ñ USER-ID"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "|USER-ID|иÑпользовать USER-ID Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑ‹Ð²Ð°Ð½Ð¸Ñ Ð¸ раÑшифрованиÑ"
+
+#: g10/gpg.c:462
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|уÑтановить уровень ÑÐ¶Ð°Ñ‚Ð¸Ñ N (0 без ÑжатиÑ)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "иÑпользовать каноничеÑкий текÑтовый режим"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+msgid "|FILE|write output to FILE"
+msgstr "|FILE|взÑÑ‚ÑŒ параметры из FILE"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "не делать никаких изменений"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "ÑпроÑить перед перезапиÑью"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "Ñтрого Ñледовать Ñтандарту OpenPGP"
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(См. документацию Ð´Ð»Ñ Ð±Ð¾Ð»ÐµÐµ полного Ð¾Ð·Ð½Ð°ÐºÐ¾Ð¼Ð»ÐµÐ½Ð¸Ñ Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð°Ð¼Ð¸ и параметрами)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Примеры:\n"
+"\n"
+" -se -r Bob [файл] подпиÑать и зашифровать Ð´Ð»Ñ Ð¿Ð¾Ð»ÑƒÑ‡Ð°Ñ‚ÐµÐ»Ñ Bob\n"
+" --clearsign [файл] Ñоздать прозрачную подпиÑÑŒ\n"
+" --detach-sign [файл] Ñоздать отделенную подпиÑÑŒ\n"
+" --list-keys [имена] показать ключи\n"
+" --fingerprint [имена] показать отпечатки\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "ИÑпользование: gpg [параметры] [файлы] (-h Ð´Ð»Ñ Ð¿Ð¾Ð´Ñказки)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"СинтакÑиÑ: gpg [параметры] [файлы]\n"
+"ПодпиÑи и их проверка, зашифрование и раÑшифрование.\n"
+"ДейÑтвие по умолчанию завиÑит от входных данных.\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"ПоддерживаютÑÑ Ñледующие алгоритмы:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr " Ñ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ñ‹Ð¼ ключом: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr " Ñимметричные шифры: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr " Ñ…Ñш-функции: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr " алгоритмы ÑжатиÑ: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "иÑпользование: gpg [параметры] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "неÑовмеÑтимые команды\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "отÑутÑтвует знак = в определении группы `%s'\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "Ð’ÐИМÐÐИЕ: небезопаÑный владелец домашнего каталога `%s'\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "Ð’ÐИМÐÐИЕ: небезопаÑный владелец файла конфигурации `%s'\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "Ð’ÐИМÐÐИЕ: небезопаÑный владелец файла Ð¼Ð¾Ð´ÑƒÐ»Ñ Ñ€Ð°ÑÑˆÐ¸Ñ€ÐµÐ½Ð¸Ñ `%s'\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "Ð’ÐИМÐÐИЕ: небезопаÑные права доÑтупа у домашнего каталога `%s'\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "Ð’ÐИМÐÐИЕ: небезопаÑные права доÑтупа у файла конфигурации `%s'\n"
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "Ð’ÐИМÐÐИЕ: небезопаÑные права доÑтупа у файла Ð¼Ð¾Ð´ÑƒÐ»Ñ Ñ€Ð°ÑÑˆÐ¸Ñ€ÐµÐ½Ð¸Ñ `%s'\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: небезопаÑный владелец каталога Ñодержащего домашний каталог `%s'\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: небезопаÑный владелец каталога Ñодержащего файл конфигурации `%s'\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: небезопаÑный владелец каталога Ñодержащего модуль раÑÑˆÐ¸Ñ€ÐµÐ½Ð¸Ñ `%s'\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: небезопаÑные права доÑтупа у каталога Ñодержащего домашний каталог "
+"`%s'\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: небезопаÑные права доÑтупа у каталога Ñодержащего файл "
+"конфигурации `%s'\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: небезопаÑные права доÑтупа у каталогу Ñодержащего файл Ð¼Ð¾Ð´ÑƒÐ»Ñ "
+"раÑÑˆÐ¸Ñ€ÐµÐ½Ð¸Ñ `%s'\n"
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "неизвеÑтный параметр в файле конфигурации `%s'\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr "отображать Фото ID при раÑпечатке ключей"
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr "показывать ÑÑылку на политики при раÑпечатке подпиÑей"
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr "показывать вÑе Ð¿Ñ€Ð¸Ð¼ÐµÑ‡Ð°Ð½Ð¸Ñ Ð¿Ñ€Ð¸ раÑпечатке подпиÑей"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr "показывать Ñтандартные IETF Ð¿Ñ€Ð¸Ð¼ÐµÑ‡Ð°Ð½Ð¸Ñ Ð¿Ñ€Ð¸ раÑпечатке подпиÑей"
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+"показывать добавленные пользователем Ð¿Ñ€Ð¸Ð¼ÐµÑ‡Ð°Ð½Ð¸Ñ Ð¿Ñ€Ð¸ раÑпечатке подпиÑей"
+
+#: g10/gpg.c:1711
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "показывать предпочитаемый Ñервер ключей при раÑпечатке подпиÑей"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr "показывать дейÑтвительноÑÑ‚ÑŒ Used ID при раÑпечатке ключей"
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr "показывать отозванные и проÑроченные User ID при раÑпечатке ключей"
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr "показывать отозванные и проÑроченные ключи при раÑпечатке ключей"
+
+#: g10/gpg.c:1719
+msgid "show the keyring name in key listings"
+msgstr "печатать Ð¸Ð¼Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ† ключей при раÑпечатке ключей"
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr "печатать даты иÑÑ‚ÐµÑ‡ÐµÐ½Ð¸Ñ Ð¿Ñ€Ð¸ раÑпечатке подпиÑей"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "ЗÐМЕЧÐÐИЕ: Ñтарый файл конфигурации по умолчанию `%s' проигнорирован\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr "libcrypt Ñлишком Ñтарой верÑии (требуетÑÑ %s, обнаружено %s)\n"
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "ЗÐМЕЧÐÐИЕ: %s не предназначен Ð´Ð»Ñ Ð¾Ð±Ñ‹Ñ‡Ð½Ð¾Ð³Ð¾ применениÑ!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "`%s' недопуÑтимый Ñрок дейÑÑ‚Ð²Ð¸Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "`%s' недопуÑÑ‚Ð¸Ð¼Ð°Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ð° Ñимволов\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "не могу проанализировать URL Ñервера ключей\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: недопуÑтимые параметры Ð´Ð»Ñ Ñервера ключей\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "недопуÑтимые параметры Ð´Ð»Ñ Ñервера ключей\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: недопуÑтимые параметры импорта\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "недопуÑтимые параметры импорта\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: недопуÑтимые параметры ÑкÑпорта\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "недопуÑтимые параметры ÑкÑпорта\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: недопуÑтимый ÑпиÑок параметров\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "недопуÑтимый ÑпиÑок параметров\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr "отображать Фото ID при проверке подпиÑи"
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr "печатать ÑÑылку на политики при проверке подпиÑи"
+
+#: g10/gpg.c:2704
+msgid "show all notations during signature verification"
+msgstr "печатать вÑе Ð¿Ñ€Ð¸Ð¼ÐµÑ‡Ð°Ð½Ð¸Ñ Ð² процеÑÑе проверки подпиÑей"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr "печатать Ñтандартные IETF Ð¿Ñ€Ð¸Ð¼ÐµÑ‡Ð°Ð½Ð¸Ñ Ð² процеÑÑе проверки подпиÑей"
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr "печатать добавленные пользователем Ð¿Ñ€Ð¸Ð¼ÐµÑ‡Ð°Ð½Ð¸Ñ Ð¿Ñ€Ð¸ проверке подпиÑей"
+
+#: g10/gpg.c:2712
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "печатать предпочитаемые Ñерверы ключей при проверке подпиÑей"
+
+#: g10/gpg.c:2714
+msgid "show user ID validity during signature verification"
+msgstr "печатать дейÑтвительноÑÑ‚ÑŒ UserID при проверке подпиÑей"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr "печатать отозванные и проÑроченные User ID при проверке подпиÑей"
+
+#: g10/gpg.c:2718
+msgid "show only the primary user ID in signature verification"
+msgstr "печатать только главный User ID при проверке подпиÑей"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: недопуÑтимые параметры проверки \n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "недопуÑтимые параметры проверки\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "не могу определить путь запуÑка Ð´Ð»Ñ %s\n"
+
+#: g10/gpg.c:2925
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: недопуÑтимый ÑпиÑок auto-key-locate\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr "недопуÑтимый ÑпиÑок auto-key-locate\n"
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "Ð’ÐИМÐÐИЕ: возможно Ñоздание файла дампа памÑти программы!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "Ð’ÐИМÐÐИЕ: %s замеÑтит %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s не допуÑкаетÑÑ Ð¸Ñпользовать Ñ %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s не имеет ÑмыÑла ÑовмеÑтно Ñ %s!\n"
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "не будет работать Ñ Ð½ÐµÐ±ÐµÐ·Ð¾Ð¿Ð°Ñной памÑтью из-за %s\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+"можно Ñделать только отделенную или прозрачную подпиÑÑŒ в режиме --pgp2\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "ÐÐµÐ»ÑŒÐ·Ñ Ð¾Ð´Ð½Ð¾Ð²Ñ€ÐµÐ¼ÐµÐ½Ð½Ð¾ подпиÑать и зашифровать в режиме --pgp2\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "Следует иÑпользовать файлы (а не каналы (pipe)) в режиме --pgp2.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "Ð´Ð»Ñ Ð·Ð°ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ ÑÐ¾Ð¾Ð±Ñ‰ÐµÐ½Ð¸Ñ Ð² режиме --pgp2 требуетÑÑ ÑˆÐ¸Ñ„Ñ€ IDEA\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "выбран неверный алгоритм шифрованиÑ\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "выбрана Ð½ÐµÐ²ÐµÑ€Ð½Ð°Ñ Ñ…Ñш-функциÑ\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "выбран неверный алгоритм ÑжатиÑ\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "выбрана Ð½ÐµÐ²ÐµÑ€Ð½Ð°Ñ Ñ…Ñш-Ñ„ÑƒÐ½ÐºÑ†Ð¸Ñ Ð´Ð»Ñ Ñертификации\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed должен быть больше 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed должен быть больше 1\n"
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth должен быть в диапазоне от 1 до 255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "недопуÑтимый default-cert-level; должен быть 0, 1, 2 или 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "недопуÑтимый min-cert-level; должен быть 0, 1, 2 или 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "ЗÐМЕЧÐÐИЕ: проÑтой режим S2K (0) Ñтрого не рекомендуетÑÑ\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "недопуÑтимый режим S2K; должно быть 0, 1 или 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "недопуÑтимые Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð¿Ð¾ умолчанию\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "недопуÑтимые перÑональные Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚ÐµÐ½Ð¸Ñ ÑˆÐ¸Ñ„Ñ€Ð°\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "недопуÑтимые перÑональные Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ñ…Ñш-функции\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "недопуÑтимые перÑональные Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð°Ð»Ð³Ð¾Ñ€Ð¸Ñ‚Ð¼Ð¾Ð² ÑжатиÑ\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s пока не работает ÑовмеÑтно Ñ %s\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "Ð½ÐµÐ»ÑŒÐ·Ñ Ð¸Ñпользовать шифрование `%s' в режиме %s\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "Ð½ÐµÐ»ÑŒÐ·Ñ Ð¸Ñпользовать Ñ…Ñш-функцию `%s' в режиме %s\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "Ð½ÐµÐ»ÑŒÐ·Ñ Ð¸Ñпользовать Ñжатие `%s' в режиме %s\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "Ñбой инициализации таблицы доверий: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: получатели (-r) заданы без иÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ñ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ñ‹Ð¼ "
+"ключом\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [файл]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [файл]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "Ñимметричное шифрование `%s' не удалоÑÑŒ: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [файл]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [файл]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr "Ð½ÐµÐ»ÑŒÐ·Ñ Ð¸Ñпользовать --symmetric --encrypt ÑовмеÑтно Ñ --s2k-mode 0\n"
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "невозможно иÑпользовать --symmetric --encrypt в режиме %s\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [файл]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [файл]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [файл]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+"Ð½ÐµÐ»ÑŒÐ·Ñ Ð¸Ñпользовать --symmetric --sign --encrypt ÑовмеÑтно Ñ --s2k-mode 0\n"
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "невозможно иÑпользовать --symmetric --sign --encrypt в режиме %s\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [файл]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [файл]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [файл]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key user-id"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key user-id"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key user-id [команды]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key user-id"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "Ñбой при отправке на Ñервер ключей: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "Ñбой при получении Ñ Ñервера ключей: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "Ñбой при ÑкÑпорте ключа: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "Ñбой при поиÑке на Ñервере ключей: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "Ñбой при обновлении Ñ Ñервера ключей: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "ошибка Ð¿Ñ€ÐµÐ¾Ð±Ñ€Ð°Ð·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð¸Ð· ASCII формата: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "ошибка Ð¿Ñ€ÐµÐ¾Ð±Ñ€Ð°Ð·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð² ASCII формат: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "недопуÑÑ‚Ð¸Ð¼Ð°Ñ Ñ…Ñш-Ñ„ÑƒÐ½ÐºÑ†Ð¸Ñ `%s'\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[имÑфайла]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Ðабирайте Ваше Ñообщение ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "заданный URL политики Ñертификации неверен\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "заданный URL политики подпиÑи неверен\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "заданный URL предпочитаемого Ñервера ключей неправилен\n"
+
+#: g10/gpgv.c:74
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "|FILE|взÑÑ‚ÑŒ ключи из FILE ÑвÑзок ключей"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "при неÑоответÑтвии отметки времени - только предупреждением"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|выводить инфромацию в файл Ñ Ð´ÐµÑкриптором FD"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "ИÑпользовать: gpgv [параметры] [файлы] (-h Ð´Ð»Ñ Ð¿Ð¾Ð´Ñказки)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"СинтакÑиÑ: gpg [параметры] [файлы]\n"
+"Проверка подпиÑей Ñделанных доверÑемыми ключами\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Ðет доÑтупной Ñправки"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Ðет Ñправки Ð´Ð»Ñ `%s'"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr "импорт подпиÑи помеченной как локальнаÑ"
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+msgid "do not update the trustdb after import"
+msgstr "не обновлÑÑ‚ÑŒ таблицу доверий поÑле импорта"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr "Ñоздать открытый ключ при импорте Ñекретного ключа"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr "принимать только Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ Ð¸Ð¼ÐµÑŽÑ‰Ð¸Ñ…ÑÑ ÐºÐ»ÑŽÑ‡ÐµÐ¹"
+
+#: g10/import.c:104
+msgid "remove unusable parts from key after import"
+msgstr "удалÑÑ‚ÑŒ неиÑпользуемые чаÑти из ключа поÑле импорта"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr "удалÑÑ‚ÑŒ вÑÑ‘ что возможно из ключа поÑле импорта"
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "пропущен блок типа %d\n"
+
+# test it
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu ключей обработано\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Ð’Ñего обработано: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " пропущено новых ключей: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " без User ID: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " импортировано: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " неизмененных: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " новых User ID: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " новых подключей: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " новых подпиÑей: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " новых отзывов ключей: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " прочитано Ñекретных ключей: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr "импортировано Ñекретных ключей: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " неизмененных Ñекретных ключей: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " не импортировано: %lu\n"
+
+#: g10/import.c:323
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " подпиÑей очищено: %lu\n"
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " очищено User ID: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: ключ %s Ñодержит Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð´Ð»Ñ Ð½ÐµÐ´Ð¾Ñтупных\n"
+"алгоритмов Ð´Ð»Ñ Ð´Ð°Ð½Ð½Ñ‹Ñ… User IDs:\n"
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " \"%s\": предпочитает шифр %s\n"
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " \"%s\": предпочитает хеш-функцию %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " \"%s\": предпочитает Ñжатие %s\n"
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "крайне желательно, чтобы Ð’Ñ‹ обновили Ваши Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð¸\n"
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+"раÑпроÑтраните данный ключ, чтобы избежать потенциальных проблем "
+"неÑÐ¾Ð²Ð¿Ð°Ð´ÐµÐ½Ð¸Ñ Ð°Ð»Ð³Ð¾Ñ€Ð¸Ñ‚Ð¼Ð¾Ð²\n"
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+"можете обновить ÑпиÑок предпочтений иÑпользуÑ: gpg --edit-key %s updpref "
+"save\n"
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "ключ %s: не имеет User ID\n"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "ключ %s: PKS повреждение подключа иÑправлено\n"
+
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "ключ %s: принÑÑ‚ неÑамоподпиÑанный User ID \"%s\"\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "ключ %s: нет дейÑтвительных User ID\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "причиной Ñтого может быть отÑутÑтвие ÑамоподпиÑи\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "ключ %s: не найден открытый ключ: %s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "ключ %s: новый ключ - пропущен\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "нет доÑтупной Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñи таблицы ключей: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "ÑохранÑÑŽ в `%s'\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "ошибка запиÑи таблицы ключей `%s': %s\n"
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "ключ %s: открытый ключ \"%s\" импортирован\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "ключ %s: не Ñовпадает Ñ ÐºÐ¾Ð¿Ð¸ÐµÐ¹ хранимой у наÑ\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "ключ %s: не нахожу оригинальный блок ключей: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "ключ %s: не могу прочитать оригинальный блок ключей: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "ключ %s: \"%s\" 1 новый User ID\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "ключ %s: \"%s\" %d новых User ID\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "ключ %s: \"%s\" 1 Ð½Ð¾Ð²Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "ключ %s: \"%s\" %d новых подпиÑей\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "ключ %s: \"%s\" 1 новый подключ\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "ключ %s: \"%s\" %d новых подключей\n"
+
+#: g10/import.c:980
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "ключ %s: \"%s\" %d подпиÑÑŒ очищена\n"
+
+#: g10/import.c:983
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "ключ %s: \"%s\" %d очищеных подпиÑей\n"
+
+#: g10/import.c:986
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "ключ %s: \"%s\" %d User ID очищен\n"
+
+#: g10/import.c:989
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "ключ %s: \"%s\" %d очищенных User ID\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "ключ %s: \"%s\" не изменен\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "ключ %s: Ñекретный ключ Ñ Ð½ÐµÐ´Ð¾Ð¿ÑƒÑтимым шифром %d - пропущен\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "импортирование Ñекретного ключа не позволено\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "нет оÑновной таблицы Ñекретных ключей: %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "ключ %s: Ñекретный ключ импортирован\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "ключ %s: уже еÑÑ‚ÑŒ в таблице Ñекретных ключей\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "ключ %s: не найден Ñекретный ключ: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr "ключ %s: нет открытого ключа - не могу применить Ñертификат отзыва\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "ключ %s: неправильный Ñертификат отзыва: %s - отвергнут\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "ключ %s: \"%s\" Ñертификат отзыва импортирован\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "ключ %s: нет User ID Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи\n"
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"ключ %s: неподдерживаемый алгоритм Ñ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ñ‹Ð¼ ключом у User ID \"%s\"\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "ключ %s: Ð½ÐµÐ¿Ñ€Ð°Ð²Ð¸Ð»ÑŒÐ½Ð°Ñ ÑамоподпиÑÑŒ на User ID \"%s\"\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "ключ %s: неподдерживаемый алгоритм Ñ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ñ‹Ð¼ ключом\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "ключ %s: direct key signature добавлена\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "ключ %s: нет подключа Ð´Ð»Ñ ÑвÑÐ·Ñ‹Ð²Ð°Ð½Ð¸Ñ Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡ÐµÐ¹\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "ключ %s: Ð½ÐµÐ¿Ñ€Ð°Ð²Ð¸Ð»ÑŒÐ½Ð°Ñ ÑвÑзь подключей\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "ключ %s: удалено многократное ÑвÑзывание подключей\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "ключ %s: нет подключа Ð´Ð»Ñ Ð¾Ñ‚Ð·Ñ‹Ð²Ð°ÑŽÑ‰ÐµÐ³Ð¾ ключа\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "ключ %s: неправильный отзыв подключа\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "ключ %s: удалена многожеÑтвенноÑÑ‚ÑŒ подключей отзыва\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "ключ %s: пропущен User ID \"%s\"\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "ключ %s: пропущен подключ\n"
+
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "ключ %s: не ÑкÑÐ¿Ð¾Ñ€Ñ‚Ð¸Ñ€ÑƒÐµÐ¼Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ (клаÑÑ 0x%02X) - пропущена\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "ключ %s: Ñертификат отзыва в неправильном меÑте - пропущен\n"
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "ключ %s: неправильный Ñертификат отзыва: %s - пропущен\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "ключ %s: подпиÑÑŒ подключа в неправильном меÑте - пропущена\n"
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "ключ %s: неизвеÑтный клаÑÑ Ð¿Ð¾Ð´Ð¿Ð¸Ñи (0x%02X) - пропущена\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "ключ %s: обнаружено дублирование User ID - объединены\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr "Ð’ÐИМÐÐИЕ: ключ %s возможно отозван: запрашиваю ключ отзыва %s\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr "Ð’ÐИМÐÐИЕ: ключ %s возможно отозван: ключ отзыва %s не получен.\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "ключ %s: \"%s\" добавлен Ñертификат отзыва\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "ключ %s: direct key signature добавлена\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "ПРЕДУПРЕЖДÐЮ: S/N ключа не ÑоответÑтвует S/N ключа на карте\n"
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "ПРЕДУПРЕЖДÐЮ: главный ключ готов и Ñохранен в карте\n"
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "ПРЕДУПРЕЖДÐЮ: вторичный ключ готов и Ñохранен в карте\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "ошибка ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ñ‹ ключей `%s': %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "Ñоздана таблица ключей `%s'\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr ""
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "Ñбой переÑтройки кÑша таблицы ключей: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[отозван]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[ÑамоподпиÑÑŒ]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 Ð¿Ð»Ð¾Ñ…Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d плохих подпиÑей\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 подпиÑÑŒ не проверена за отÑутÑтвием ключа\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d подпиÑей не проверено за отÑутÑтвием ключей\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 подпиÑÑŒ не проверена из-за ошибки\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d подпиÑей не проверено из-за ошибок\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "обнаружен 1 User ID без дейÑтвительной ÑамоподпиÑи\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "обнаружено %d User ID без дейÑтвительной ÑамоподпиÑи\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Укажите наÑколько Ð’Ñ‹ доверÑете данному пользователю в\n"
+"вопроÑах проверки доÑтоверноÑти ключей других пользователей.\n"
+"ПроверÑет паÑпорт, ÑверÑет отпечатки ключей и Ñ‚.п.?\n"
+"\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = ДоверÑÑŽ ограниченно\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = ПолноÑтью доверÑÑŽ\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"Введите глубину доверий Ð´Ð»Ñ Ð´Ð°Ð½Ð½Ð¾Ð¹ подпиÑи.\n"
+"Глубина Ð¿Ñ€ÐµÐ²Ñ‹ÑˆÐ°ÑŽÑ‰Ð°Ñ 1 позволит подпиÑываемому ключу делать\n"
+"доверенные подпиÑи от Вашего лица.\n"
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+"Введите домен, ограничивающий иÑпользование данной подпиÑи, или пуÑтую "
+"Ñтроку, еÑли нет ограничений.\n"
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "User ID \"%s\" отозван."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Ð’Ñ‹ уверены, что хотите подпиÑать? (y/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Ðе могу подпиÑать.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "User ID \"%s\" проÑрочен."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "User ID \"%s\" без ÑамоподпиÑи."
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "User ID \"%s\" подпиÑываем."
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr "ДейÑтвительно подпиÑать? (y/N)"
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"СамоподпиÑÑŒ у \"%s\"\n"
+"Ñто подпиÑÑŒ PGP 2.x -ÑтилÑ.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Хотите Ñделать Ñто ÑамоподпиÑью OpenPGP? (y/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Ваша Ñ‚ÐµÐºÑƒÑ‰Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ на \"%s\"\n"
+"проÑрочена.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "Хотите Ñделать новую подпиÑÑŒ Ð´Ð»Ñ Ð·Ð°Ð¼ÐµÐ½Ñ‹ проÑроченной? (y/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Ваша Ñ‚ÐµÐºÑƒÑ‰Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ на \"%s\"\n"
+"ÑвлÑетÑÑ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾Ð¹.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "Хотите Ñделать Ñто полноÑтью ÑкÑпортируемой подпиÑью? (y/N) "
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" уже локально подпиÑан ключом %s\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" уже подпиÑан ключом %s\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "ДейÑтвительно хотите Ñнова подпиÑать Ñто? (y/N)"
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Ðечего подпиÑывать ключом %s\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Данный ключ проÑрочен!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Срок дейÑтвительноÑти данного ключа иÑтекает %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Хотите чтобы Ваша подпиÑÑŒ была дейÑтвительна до того же времени?(Y/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr "ÐÐµÐ»ÑŒÐ·Ñ Ñделать OpenPGP подпиÑÑŒ на PGP 2.x ключе в режиме --pgp2.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Это Ñделает ключ неÑовмеÑтимым Ñ PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Как хорошо проверено то, что ключ дейÑтвительно принадлежит человеку,\n"
+"чье Ð¸Ð¼Ñ ÑƒÐºÐ°Ð·Ð°Ð½Ð¾ в User ID ключа?\n"
+" ЕÑли не уверены как ответить, введите \"0\".\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Ðе буду отвечать.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Я не проверÑл ÑовÑем.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Я проверил чаÑтично.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Я проверил очень тщательно.%s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Ваше решение? (введите '?' Ð´Ð»Ñ Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ð¸Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ð¸)"
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Уверены в том, что хотите подпиÑать Ñтот ключ\n"
+"Ñвоим ключом: \"%s\" (%s)\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "Это будет ÑамоподпиÑÑŒ.\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr "Ð’ÐИМÐÐИЕ: подпиÑÑŒ не будет помечена как не ÑкÑпортируемаÑ.\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr "Ð’ÐИМÐÐИЕ: подпиÑÑŒ не будет помечена как не отзываемаÑ.\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "ПодпиÑÑŒ будет помечена как не ÑкÑпортируемаÑ.\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "ПодпиÑÑŒ будет помечена как не отзываемаÑ.\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "Я ÑовÑем не проверÑл Ñтот ключ.\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "Я проверил Ñтот ключ только чаÑтично.\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "Я очень тщательно проверил Ñтот ключ.\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "ДейÑтвительно подпиÑать? (y/N)"
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "не удалоÑÑŒ подпиÑать: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Данный ключ не защищен.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Ð¡ÐµÐºÑ€ÐµÑ‚Ð½Ð°Ñ Ñ‡Ð°ÑÑ‚ÑŒ главного ключа отÑутÑтвует.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Ð¡ÐµÐºÑ€ÐµÑ‚Ð½Ð°Ñ Ñ‡Ð°ÑÑ‚ÑŒ главного ключа Ñохранена на карте.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Ключ защищен.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Ðе могу редактировать данный ключ: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Введите новую фразу-пароль Ð´Ð»Ñ Ð´Ð°Ð½Ð½Ð¾Ð³Ð¾ Ñекретного ключа.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "повторный ввод фразы-Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð½ÐµÐºÐ¾Ñ€Ñ€ÐµÐºÑ‚ÐµÐ½; попробуйте еще раз"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Ðе хотите задать фразу-пароль? Это очень *ПЛОХÐЯ* идеÑ!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "ДейÑтвительно хотите Ñделать Ñто? (y/N)"
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "перемещение подпиÑи ключа в правильное меÑто\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "Ñохранить и выйти"
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr "показать отпечаток ключа"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "вывеÑти ÑпиÑок ключей и User ID"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "выбрать User ID N"
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr "выбрать подключ N"
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr "проверка подпиÑей"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr "подпиÑать выбранные User ID [* опиÑание Ñоотв. команд Ñм. ниже]"
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr "локально подпиÑать выбранные User ID"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr "подпиÑать выбранные User ID - trust подпиÑью"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr "подпиÑать выбранные User ID без возможноÑти отзыва"
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "добавить User ID"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "добавить фото ID"
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr "удалить выбранные User ID"
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr "добавить подключ"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr "добавить ключ на карту"
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr "перемеÑтить ключ на карту"
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr "перемеÑтить резервную копию на Ñмарткарту"
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr "удалить выбранные подключи"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "добавить ключ отзыва"
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr "удалить подпиÑи у выбранных User ID"
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "Ñменить Ñрок дейÑтвительноÑти ключа или выбранных подключей"
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr "пометить выбранный User ID как главный"
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr "переключение между проÑмотром открытых и закрытых ключей"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "ÑпиÑок предпочтений (ÑкÑпертам)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "ÑпиÑок предпочтений (подробный)"
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr "уÑтановить ÑпиÑок предпочтений Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ… User ID"
+
+#: g10/keyedit.c:1453
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "уÑтановить URL предпочитаемого Ñервера ключей Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ… User ID"
+
+#: g10/keyedit.c:1455
+msgid "set a notation for the selected user IDs"
+msgstr "уÑтановить примечание Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ… User ID"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "Ñменить фразу-пароль"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "изменить уровень Ð´Ð¾Ð²ÐµÑ€Ð¸Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†Ñƒ"
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr "отозвать подпиÑи у выбранных User ID"
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr "отзыв выбранных User ID"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr "отзыв ключа или выбранных подключей"
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr "включить ключ"
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr "отключить ключ"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr "показать выбранные фото ID"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr "Ñжать неиÑпользуемые User ID и удалить неиÑпользуемые подпиÑи Ñ ÐºÐ»ÑŽÑ‡Ð°"
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr "Ñжать неиÑпользуемые User ID и удалить вÑе подпиÑи Ñ ÐºÐ»ÑŽÑ‡Ð°"
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ñекретного блока ключа \"%s\": %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Секретный ключ доÑтупен.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Ð”Ð»Ñ Ð´Ð°Ð½Ð½Ð¾Ð³Ð¾ дейÑÑ‚Ð²Ð¸Ñ Ð½ÑƒÐ¶ÐµÐ½ Ñекретный ключ.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Сначала воÑпользуйтеÑÑŒ командой \"toggle\".\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* Команда `sign' может быть дополнена префикÑом: `l' - локально подпиÑать "
+"lsign),\n"
+" `t' - trust подпиÑÑŒ (tsign), `nr' - без возможноÑти отзыва\n"
+" (nrsign) или любым их Ñочетанием (ltsign, tnrsign и Ñ‚.д.).\n"
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "Ключ отозван."
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "ДейÑтвительно хотите подпиÑать ВСЕ User ID? (y/N)"
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Совет: Выберите User ID Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑаниÑ\n"
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "ÐеизвеÑтный тип подпиÑи `%s'\n"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Ð”Ð°Ð½Ð½Ð°Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° не допуÑтима в режиме %s.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Следует выбрать Ñ…Ð¾Ñ‚Ñ Ð±Ñ‹ один User ID.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "ÐÐµÐ»ÑŒÐ·Ñ ÑƒÐ´Ð°Ð»Ð¸Ñ‚ÑŒ поÑледний User ID!\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "ДейÑтвительно хотите удалить ВСЕ выбранные User IDs? (y/N)"
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "ДейÑтвительно хотите удалить данный User ID? (y/N)"
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr "ДейÑтвительно удалить главный ключ? (y/N)"
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "Следует выбрать Ñ…Ð¾Ñ‚Ñ Ð±Ñ‹ один ключ.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr "Команда ожидает аргумент: Ð¸Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°\n"
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "Ðе могу открыть `%s': %s\n"
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "Ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ñ€ÐµÐ·ÐµÑ€Ð²Ð½Ð¾Ð³Ð¾ ключа Ñ `%s': %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Следует выбрать Ñ…Ð¾Ñ‚Ñ Ð±Ñ‹ один ключ.\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "ДейÑтвительно хотите удалить выбранные ключи? (y/N)"
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "ДейÑтвительно хотите удалить данный ключ? (y/N)"
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "ДейÑтвительно отозвать ВСЕ выбранные User ID? (y/N)"
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr "ДейÑтвительно отозвать данный User ID? (y/N)"
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "ДейÑтвительно хотите отозвать ключ целиком? (y/N)"
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "ДейÑтвительно хотите отозвать выбранные подключи? (y/N)"
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "ДейÑтвительно хотите отозвать данный подключ? (y/N)"
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+"Доверие владельцу не может быть наÑтроено Ñ Ð¿Ñ€ÐµÐ´Ð¾Ñтавленной пользователем "
+"таблицы доверий\n"
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "УÑтановить Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð²:\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "ДейÑтвительно обновить Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð´Ð»Ñ Ð²Ñ‹Ð±Ñ€Ð°Ð½Ð½Ñ‹Ñ… User ID? (y/N)"
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "ДейÑтвительно обновить предпочтениÑ? (y/N)"
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "Сохранить изменениÑ? (y/N)"
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "Выйти без ÑохранениÑ? (y/N)"
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "Ñбой при обновлении: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "Ñбой при обновлений Ñекретного ключа: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Ключ не изменÑлÑÑ - обновление не нужно.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Ð¥Ñш-функции: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Опции: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr "Предпочитаемый Ñервер ключей: "
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+msgid "Notations: "
+msgstr "ПримечаниÑ: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "Ðе может быть предпочтений в PGP 2.x-Ñтиле User ID.\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Данный ключ был отозван %s - %s ключом %s\n"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Данный ключ может быть отозван %s ключом %s "
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr ""
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "Ñоздан: %s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "отозван: %s"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "проÑрочен Ñ: %s"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "годен до: %s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "применÑемоÑÑ‚ÑŒ: %s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr "доверие: %s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "доÑтоверноÑÑ‚ÑŒ: %s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Данный ключ отключен"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Учтите, что показанные Ñтепени доÑтоверноÑти могут быть неверными,\n"
+"пока программа не будет перезапущена.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "отозван"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "проÑрочен Ñ"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: нет User ID помеченного как главный. Ð”Ð°Ð½Ð½Ð°Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° может\n"
+" воÑпользоватьÑÑ Ð´Ñ€ÑƒÐ³Ð¸Ð¼ user ID, иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ ÐµÐ³Ð¾ как главный.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: Это ключ PGP2. Добавление фото ID может в некоторых верÑиÑÑ…\n"
+" PGP вызвать выбраковку ключа.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Ð’Ñ‹ уверены, что хотите добавить Ñто? (y/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "ÐÐµÐ»ÑŒÐ·Ñ Ð´Ð¾Ð±Ð°Ð²Ð»ÑÑ‚ÑŒ фото ID в ключ PGP2-типа.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Удалить данную дейÑтвительную подпиÑÑŒ? (y/N/q)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Удалить данную недейÑтвительную подпиÑÑŒ? (y/N/q)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Удалить данную неизвеÑтную подпиÑÑŒ? (y/N/q)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "ДейÑтвительно удалить данную ÑамоподпиÑÑŒ? (y/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Удалена %d подпиÑÑŒ.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "Удалено %d подпиÑи.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Ðичего не удалено.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "недопуÑтимый"
+
+#: g10/keyedit.c:3357
+#, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "User ID \"%s\": Ñжат: %s\n"
+
+#: g10/keyedit.c:3364
+#, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "User ID \"%s\": %d подпиÑÑŒ удалена\n"
+
+#: g10/keyedit.c:3365
+#, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "User ID \"%s\": %d удалено подпиÑей\n"
+
+#: g10/keyedit.c:3373
+#, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "User ID \"%s\": уже минимизирован\n"
+
+#: g10/keyedit.c:3374
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "User ID \"%s\": уже очищен\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: Это ключ PGP 2.x. Добавление назначенного отзывающим ключа\n"
+" может в некоторых верÑиÑÑ… PGP вызвать выбраковку ключа.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "ÐÐµÐ»ÑŒÐ·Ñ Ð´Ð¾Ð±Ð°Ð²Ð»ÑÑ‚ÑŒ назначенный отзывающим ключ в PGP 2.x ключ.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Укажите User ID ключа, назначенного отзывающим: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "Ð½ÐµÐ»ÑŒÐ·Ñ Ð½Ð°Ð·Ð½Ð°Ñ‡Ð¸Ñ‚ÑŒ ключ PGP 2.x отзывающим\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "ключ не может быть назначен отзывающим Ñам ÑебÑ\n"
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr "Ñтот ключ уже назначен отзывающим\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr "Ð’ÐИМÐÐИЕ: назначение ключа отзывающим невозможно будет отменить!\n"
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr "Вы уверены, что хотите назначить данный ключ отзывающим? (y/N)"
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Снимите выделение Ñ Ñекретного ключа.\n"
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr "Выделите не менее одного подключа.\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Смена Ñрока дейÑтвительноÑти подключа.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Смена Ñрока дейÑÑ‚Ð²Ð¸Ñ Ð³Ð»Ð°Ð²Ð½Ð¾Ð³Ð¾ ключа\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "ÐÐµÐ»ÑŒÐ·Ñ Ð¸Ð·Ð¼ÐµÐ½ÑÑ‚ÑŒ Ñрок дейÑÑ‚Ð²Ð¸Ñ v3 ключа\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Ðет ÑоответÑтвующей подпиÑи в ÑвÑзке Ñекретных\n"
+
+#: g10/keyedit.c:3800
+#, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "подпиÑываемый подключ %s уже имеет перекреÑтную Ñертификацию\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr "подключ %s не подпиÑывающий и не нуждаетÑÑ Ð² перекреÑтной подпиÑи\n"
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Выберите только один User ID.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "пропуÑк v3 ÑамоподпиÑи на User ID \"%s\"\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr "Введите URL предпочтаемого Ñервера ключей: "
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "ДейÑтвительно хотите заменить его? (y/N)"
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "ДейÑтвительно хотите удалить его? (y/N)"
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr "Введите примечание:"
+
+#: g10/keyedit.c:4471
+msgid "Proceed? (y/N) "
+msgstr "Обработать? (y/N) "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Ðет User ID Ñ Ð¸Ð½Ð´ÐµÐºÑом %d\n"
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Ðет User ID Ñ Ñ…ÐµÑˆÐµÐ¼ %s\n"
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "Ðет подключа Ñ Ð¸Ð½Ð´ÐµÐºÑом %d\n"
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "User ID: \"%s\"\n"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "подпиÑано Вашим ключом %s от %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (не ÑкÑпортируемаÑ)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Срок дейÑтвительноÑти подпиÑи закончилÑÑ %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Вы уверены, что хотите отозвать? (y/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Создать Ñертификат отзыва Ð´Ð»Ñ Ð´Ð°Ð½Ð½Ð¾Ð¹ подпиÑи? (y/N) "
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr ""
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Ð’Ñ‹ подпиÑали данные User ID на ключе %s:\n"
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (не отзываемаÑ)"
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "отзыв Вашим ключом %s от %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Ð’Ñ‹ отзываете Ñледующие подпиÑи:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "ДейÑтвительно Ñоздать Ñертификат отзыва? (y/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "нет Ñекретного ключа\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "User ID \"%s\" уже отозван\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr "Ð’ÐИМÐÐИЕ: User ID подпиÑÑŒ датирована %d Ñекундами в будущем\n"
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "Ключ %s уже отозван\n"
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "Подключ %s уже отозван\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "Показ %s фото ID размера %ld Ð´Ð»Ñ ÐºÐ»ÑŽÑ‡Ð° %s (uid %d)\n"
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "предпочтение `%s' дублируетÑÑ\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "Ñлишком много предпочтений Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð°\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "Ñлишком много предпочтений Ð´Ð»Ñ Ñ…Ñш-функций\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "Ñлишком много предпочтений Ð´Ð»Ñ Ð¼ÐµÑ‚Ð¾Ð´Ð¾Ð² ÑжатиÑ\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "недопуÑтимое вхождение `%s' в Ñтроке предпочтений\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr ""
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "ÑохранÑем ÑамоподпиÑÑŒ\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "ÑохранÑем объединÑющую подпиÑÑŒ\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "неверный размер ключа; иÑпользуетÑÑ %u бит\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "размер ключа приведен к %u битам\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: некоторые реализации OpenPGP не Ñмогут обработать DSA ключи Ñ "
+"такой длиной хеш-функции\n"
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "ПодпиÑать"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr "Сертифицировать"
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "Зашифровать"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "Ðтентифицировать"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "Возможные дейÑÑ‚Ð²Ð¸Ñ Ð´Ð»Ñ ÐºÐ»ÑŽÑ‡Ð° %s:"
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr "ДопуÑтимы дейÑтвиÑ:"
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) Переключить возможноÑÑ‚ÑŒ иÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи\n"
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) Переключить возможноÑÑ‚ÑŒ иÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) Переключить возможноÑÑ‚ÑŒ иÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð´Ð»Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸\n"
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) Завершено\n"
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Выберите требуемый тип ключа:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA и ElGamal (по умолчанию)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA и ElGamal (по умолчанию)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (только Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (только Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (только Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (только Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ)\n"
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (Ñ Ñ‚Ñ€ÐµÐ±ÑƒÐµÐ¼Ñ‹Ð¼Ð¸ возможноÑÑ‚Ñми)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (Ñ Ñ‚Ñ€ÐµÐ±ÑƒÐµÐ¼Ñ‹Ð¼Ð¸ возможноÑÑ‚Ñми)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "ключи %s могут иметь длину от %u до %u бит.\n"
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Какой размер ключа необходим? (%u) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Какой размер ключа необходим? (%u) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Запрашиваемый размер ключа %u бит\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Выберите Ñрок дейÑÑ‚Ð²Ð¸Ñ ÐºÐ»ÑŽÑ‡Ð°.\n"
+" 0 = без Ð¾Ð³Ñ€Ð°Ð½Ð¸Ñ‡ÐµÐ½Ð¸Ñ Ñрока дейÑтвительноÑти\n"
+" <n> = Ñрок дейÑтвительноÑти n дней\n"
+" <n>w = Ñрок дейÑтвительноÑти n недель\n"
+" <n>m = Ñрок дейÑтвительноÑти n меÑÑцев\n"
+" <n>y = Ñрок дейÑтвительноÑти n лет\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Выберите Ñрок дейÑÑ‚Ð²Ð¸Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи.\n"
+" 0 = подпиÑÑŒ без Ð¾Ð³Ñ€Ð°Ð½Ð¸Ñ‡ÐµÐ½Ð¸Ñ Ñрока дейÑтвительноÑти\n"
+" <n> = Ñрок дейÑтвительноÑти подпиÑи n дней\n"
+" <n>w = Ñрок дейÑтвительноÑти подпиÑи n недель\n"
+" <n>m = Ñрок дейÑтвительноÑти подпиÑи n меÑÑцев\n"
+" <n>y = Ñрок дейÑтвительноÑти подпиÑи n лет\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Ключ дейÑтвителен до? (0) "
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "ПодпиÑÑŒ дейÑтвительна до? (%s) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "недопуÑтимое значение\n"
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr "Ключ не имеет Ð¾Ð³Ñ€Ð°Ð½Ð¸Ñ‡ÐµÐ½Ð¸Ñ Ñрока дейÑтвительноÑти\n"
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr "ПодпиÑÑŒ не имеет Ð¾Ð³Ñ€Ð°Ð½Ð¸Ñ‡ÐµÐ½Ð¸Ñ Ñрока дейÑтвительноÑти\n"
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "Ключ дейÑтвителен до: %s\n"
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "ПодпиÑÑŒ дейÑтвительна до: %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Ваша ÑиÑтема не может корректно отображать даты поÑле 2038.\n"
+"Однако, даты не превышающие 2106 будут обработаны корректно.\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "Ð’Ñе верно? (y/N) "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+"\n"
+"GnuPG необходимо ÑоÑтавить UserID в качеÑтве идентификатора ключа.\n"
+"\n"
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Ð”Ð»Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ Вашего ключа необходим User ID\n"
+"Программа ÑоздаÑÑ‚ его из Вашего имени, ÐºÐ¾Ð¼Ð¼ÐµÐ½Ñ‚Ð°Ñ€Ð¸Ñ Ð¸ адреÑа e-mail в виде:\n"
+" \"Baba Yaga (pensioner) <yaga@deepforest.ru>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Ваше наÑтоÑщее имÑ: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "ÐедопуÑтимый Ñимвол в Имени\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Ð˜Ð¼Ñ Ð½Ðµ должно начинатьÑÑ Ñ Ñ†Ð¸Ñ„Ñ€Ñ‹\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Ð˜Ð¼Ñ Ð½Ðµ должно быть короче 5 Ñимволов\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "Email-адреÑ: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Ðеправильный e-mail адреÑ\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Комментарий: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "ÐедопуÑтимый Ñимвол в комментарии\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "ИÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÐµÐ¼Ð°Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ð° Ñимволов: `%s'.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Ð’Ñ‹ выбрали Ñледующий User ID:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "Ðе вÑтавлÑйте email-Ð°Ð´Ñ€ÐµÑ Ð² Ð¸Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ Ð¸Ð»Ð¸ комментарий\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr ""
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Сменить (N)ИмÑ, (C)Комментарий, (E)email-Ð°Ð´Ñ€ÐµÑ Ð¸Ð»Ð¸ (Q)Выход? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr ""
+"Сменить (N)ИмÑ, (C)Комментарий, (E)email-Ð°Ð´Ñ€ÐµÑ Ð¸Ð»Ð¸ (O)ПринÑÑ‚ÑŒ/(Q)Выход? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Сначала иÑправьте ошибку\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Ð”Ð»Ñ Ð·Ð°Ñ‰Ð¸Ñ‚Ñ‹ Ñекретного ключа необходима фраза-пароль.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "Введите фразу-пароль Ð´Ð»Ñ Ð·Ð°Ñ‰Ð¸Ñ‚Ñ‹ импортированных в GnuPG объектов."
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Вам не нужна фраза-пароль? Это ОЧЕÐЬ ПЛОХÐЯ мыÑль!\n"
+"Работа будет продолжена. Фразу-пароль можно Ñменит в любое времÑ,\n"
+"запуÑтив данную программу Ñ ÐºÐ»ÑŽÑ‡Ð¾Ð¼ \"--edit-key\".\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Ðеобходимо Ñгенерировать много Ñлучайных чиÑел. Желательно, что бы Ð’Ñ‹\n"
+"выполнÑли некоторые другие активные дейÑÑ‚Ð²Ð¸Ñ (печать на клавиатуре, Ð´Ð²Ð¸Ð¶ÐµÐ½Ð¸Ñ "
+"мышью,\n"
+"Ð¾Ð±Ñ€Ð°Ñ‰ÐµÐ½Ð¸Ñ Ðº диÑкам) в процеÑÑе генерации; Ñто даÑÑ‚ генератору\n"
+"Ñлучайных чиÑел возможноÑÑ‚ÑŒ получить лучшую Ñнтропию.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Создание ключа прервано.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "Ñохранение открытого ключа в `%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "Ñохранение заглушки Ñекретного ключа в `%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "Ñохранение Ñекретного ключа в `%s'\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "нет доÑтупной Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñи таблицы открытых ключей: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "нет доÑтупной Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñи таблицы закрытых ключей: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "ошибка запиÑи таблицы открытых ключей `%s': %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "ошибка запиÑи таблицы Ñекретных ключей `%s': %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "открытый и закрытый ключи Ñозданы и подпиÑаны.\n"
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Учтите, данный ключ не может иÑпользоватьÑÑ Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ. Можно\n"
+"воÑпользоватьÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾Ð¹ \"--edit-key\" и Ñоздать подключ Ð´Ð»Ñ Ñтих целей.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Сбой при Ñоздании ключа: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"ключ был Ñоздан на %lu Ñекунд в будущем (time warp или проблемы Ñ Ñ‡Ð°Ñами)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"ключ был Ñоздан на %lu Ñекунд в будущем (time warp или проблемы Ñ Ñ‡Ð°Ñами)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "ЗÐМЕЧÐÐИЕ: Ñоздание подключа Ð´Ð»Ñ ÐºÐ»ÑŽÑ‡ÐµÐ¹ v3 не ÑовмеÑтимо Ñ OpenPGP\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "ДейÑтвительно Ñоздать? (y/N)"
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "Ñбой ÑÐ¾Ñ…Ñ€Ð°Ð½ÐµÐ½Ð¸Ñ ÐºÐ»ÑŽÑ‡Ð° на карту: %s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "не могу Ñоздать резервную копию, файл `%s': %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "ЗÐМЕЧÐÐИЕ: Ð°Ñ€Ñ…Ð¸Ð²Ð½Ð°Ñ ÐºÐ¾Ð¿Ð¸Ñ ÐºÐ»ÑŽÑ‡Ð° карты Ñохранена в `%s'\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "никогда "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Критичные правила Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Политика подпиÑи: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr "Критично предпочитаемые Ñерверы ключей:"
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Критичное примечание к подпиÑи: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Примечание к подпиÑи"
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Таблица ключей"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr " Отпечаток главного ключа:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Отпечаток подключа:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Отпечаток главного ключа:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Отпечаток подключа:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr "Отпечаток ключа ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "при переименовании `%s' в `%s' произошел Ñбой: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "Ð’ÐИМÐÐИЕ: СущеÑтвуют 2 файла Ñ ÐºÐ¾Ð½Ñ„Ð¸Ð´ÐµÐ½Ñ†Ð¸Ð°Ð»ÑŒÐ½Ð¾Ð¹ информацией.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s оÑталоÑÑŒ без изменений\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s новых\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "ИÑправьте Ñту прореху безопаÑноÑти\n"
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "кеширую ÑвÑзки ключей `%s'\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu ключей закешировано за Ñто Ð²Ñ€ÐµÐ¼Ñ (%lu подпиÑей)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu ключей закешированно (%lu подпиÑей)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: таблица ключей Ñоздана\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr "включать отозванные ключи в резутатах поиÑка"
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr "Ð²ÐºÐ»ÑŽÑ‡Ð°Ñ Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡Ð¸ при поиÑке по Key ID"
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr "не удалÑÑ‚ÑŒ временные файлы поÑле иÑпользованиÑ"
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr "автоматичеÑки получать ключи при проверке подпиÑей"
+
+#: g10/keyserver.c:85
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "введите URL предпочтаемого Ñервера ключей: "
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: параметр Ñервера ключей `%s' не иÑпользуетÑÑ Ð½Ð° данной платформе\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "disable"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "Введите чиÑло(а), N) Следующий или Q) Выход> "
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "invalid keyserver protocol (us %d!=handler %d)\n"
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "ключ \"%s\" не найден на Ñервере ключей\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "ключ не найден на Ñервере ключей\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "запрашиваю ключ %s Ñ %s Ñервера %s\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "получение ключа %s Ñ %s\n"
+
+#: g10/keyserver.c:1205
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "поиÑк по именам %s на Ñервере %s\n"
+
+#: g10/keyserver.c:1208
+#, c-format
+msgid "searching for names from %s\n"
+msgstr "поиÑк по именам на %s\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "отправлÑÑŽ ключ %s на %s Ñервер %s\n"
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "отправка ключа %s на %s\n"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "поиÑк \"%s\" на %s Ñервере %s\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "поиÑк \"%s\" на %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr ""
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr "Ð’ÐИМÐÐИЕ: обработчик Ñервера ключей от другой верÑии GnuPG (%s)\n"
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "Ñервер ключей не приÑлал VERSION\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "не заданы Ñерверы ключей (иÑпользуйте --keyserver)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr "Ð´Ð°Ð½Ð½Ð°Ñ Ñборка не поддерживает внешние вызовы Ð´Ð»Ñ Ñервера ключей.\n"
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "нет обработчика Ð´Ð»Ñ Ñхемы Ñервера ключей `%s'\n"
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr "дейÑтвие `%s' не поддерживаетÑÑ Ñхемой Ñервера ключей `%s'\n"
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "%s не поддерживает верÑию обработчика %d\n"
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "превышено Ð²Ñ€ÐµÐ¼Ñ Ð¾Ð¶Ð¸Ð´Ð°Ð½Ð¸Ñ Ñервера ключей\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "ошибка Ñервера ключей\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "ошибка ÑвÑзи Ñ Ñервером ключей: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "\"%s\" не идентификатор ключа: пропущен\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "Ð’ÐИМÐÐИЕ: невозможно обновить ключ %s Ñ %s: %s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "обновление 1 ключа из %s\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "обновление %d ключей из %s\n"
+
+#: g10/keyserver.c:1987
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "Ð’ÐИМÐÐИЕ: невозможно загрузить ÑÑылку %s: %s\n"
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "Ð’ÐИМÐÐИЕ: невозможно проанализировать ÑÑылку %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "Ñтранный размер зашифрованного ÑеанÑового ключа (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "ÑеанÑовый ключ зашифрован %s\n"
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "фраза-пароль Ñоздана Ñ Ð½ÐµÐ·Ð½Ð°ÐºÐ¾Ð¼Ð¾Ð¹ хеш-фкнкцией %d\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "открытый ключ %s\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "данные зашифрованы открытым ключом: правильный DEK\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "зашифровано %u-битным ключом %s, Ñ ID %s, Ñозданным %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " \"%s\"\n"
+
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "зашифровано ключом %s Ñ ID %s\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "Ñбой раÑÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ñ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ñ‹Ð¼ ключом: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "зашифровано Ñ %lu фразами-паролÑми\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "зашифровано Ñ 1 фразой-паролем\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "принÑтие %s зашифрованных данных\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "шифр IDEA недоÑтупен, попробуйте иÑпользовать взамен %s\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "раÑшифровано\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "Ð’ÐИМÐÐИЕ: целоÑтноÑÑ‚ÑŒ ÑÐ¾Ð¾Ð±Ñ‰ÐµÐ½Ð¸Ñ Ð½Ðµ защищена\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "Ð’ÐИМÐÐИЕ: зашифрованное Ñообщение было изменено!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "Ñбой раÑшифрованиÑ: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "ЗÐМЕЧÐÐИЕ: отправитель требует \"только Ð´Ð»Ñ Ð¿Ñ€Ð¾Ñмотра Вами\"\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "оригинальное Ð¸Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "ÑамоÑтоÑтельный Ñертификат отзыва: \"gpg --import\" Ð´Ð»Ñ Ð¿Ñ€Ð¸Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+msgid "no signature found\n"
+msgstr "подпиÑÑŒ не найдена\n"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "проверка подпиÑи подавлена\n"
+
+#: g10/mainproc.c:1587
+msgid "can't handle this ambiguous signature data\n"
+msgstr "не могу обработать Ñти множеÑтвенные подпиÑи\n"
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "ПодпиÑÑŒ Ñделана %s\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " ключом %s Ñ ID %s\n"
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "ПодпиÑÑŒ Ñоздана %s ключом %s Ñ ID %s\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Ключ доÑтупен на:"
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "ПЛОХÐЯ подпиÑÑŒ от \"%s\""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "ПроÑÑ€Ð¾Ñ‡ÐµÐ½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ от \"%s\""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "ДейÑÑ‚Ð²Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ от \"%s\""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[Ñомнительно]"
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " aka \"%s\""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "ПодпиÑÑŒ проÑрочена %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "ПодпиÑÑŒ дейÑтвительна до %s\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s подпиÑÑŒ, Ñ…Ñш-Ñ„ÑƒÐ½ÐºÑ†Ð¸Ñ %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "двоичный"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "текÑтовый"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "неизвеÑтно"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Ðе могу проверить подпиÑÑŒ: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "не Ð¾Ñ‚Ð´ÐµÐ»ÐµÐ½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: обнаружено множеÑтво подпиÑей. Только Ð¿ÐµÑ€Ð²Ð°Ñ Ð±ÑƒÐ´ÐµÑ‚ проверена.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "ÑамоÑтоÑÑ‚ÐµÐ»ÑŒÐ½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ клаÑÑа 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "Ñтарый (PGP 2.x) Ñтиль подпиÑи\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr ""
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr ""
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr ""
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: иÑпользуетÑÑ ÑкÑпериментальный алгоритм %s ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ñ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ñ‹Ð¼ "
+"ключом\n"
+
+#: g10/misc.c:302
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: Ключи Elgamal Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ+Ñжатие более не поддерживаютÑÑ\n"
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: иÑпользуетÑÑ ÑкÑпериментальный алгоритм Ñимметричного ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ %"
+"s\n"
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "Ð’ÐИМÐÐИЕ: иÑпользуетÑÑ ÑкÑÐ¿ÐµÑ€Ð¸Ð¼ÐµÐ½Ñ‚Ð°Ð»ÑŒÐ½Ð°Ñ Ñ…ÐµÑˆ-Ñ„ÑƒÐ½ÐºÑ†Ð¸Ñ %s\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "Ð’ÐИМÐÐИЕ: хеш-Ñ„ÑƒÐ½ÐºÑ†Ð¸Ñ %s ÑчитаетÑÑ ÑƒÑтаревшей\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "модуль поддержки шифра IDEA не обнаружен\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, c-format
+msgid "please see %s for more information\n"
+msgstr "Ð´Ð»Ñ Ð´Ð¾Ð¿Ð¾Ð»Ð½Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ð¾Ð¹ информации Ñм. %s\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: не Ñ€ÐµÐºÐ¾Ð¼ÐµÐ½Ð´ÑƒÐµÐ¼Ð°Ñ Ð¾Ð¿Ñ†Ð¸Ñ \"%s\"\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "Ð’ÐИМÐÐИЕ: \"%s\" не Ñ€ÐµÐºÐ¾Ð¼ÐµÐ½Ð´ÑƒÐµÐ¼Ð°Ñ Ð¾Ð¿Ñ†Ð¸Ñ\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "иÑпользуйте \"%s%s\" взамен\n"
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: команда \"%s\" ÑвлÑетÑÑ ÑƒÑтаревшей - не Ñледует применÑÑ‚ÑŒ ее\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "Ð’ÐИМÐÐИЕ: \"%s\" уÑтаревший параметр - он не задейÑтвован\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "без ÑжатиÑ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr ""
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "данное Ñообщение может быть не пригодно Ð´Ð»Ñ %s\n"
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "двуÑмыÑленный параметр `%s'\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "неизвеÑтный параметр `%s'\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Файл `%s' ÑущеÑтвует. "
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "ПерезапиÑать (y/N)? "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: неизвеÑтное окончание\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Введите новое Ð¸Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "Вывод в stdout\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "принÑтие подпиÑанных данных в `%s'\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "Ñоздан новый файл наÑтроек `%s'\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "Ð’ÐИМÐÐИЕ: параметры в `%s' еще не активны при Ñтом запуÑке\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "не могу иÑпользовать алгоритм Ñ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ñ‹Ð¼ ключом %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: потенциально небезопаÑный ÑеанÑовый ключ, зашифрованный "
+"Ñимметричным шифром\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "подпакет типа %d имеет выÑтавленный критичеÑкий бит\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr "проблема Ñ Ð°Ð³ÐµÐ½Ñ‚Ð¾Ð¼: %s\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (главный ключ ID %s)"
+
+#: g10/passphrase.c:358
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Ðеобходима фраза-пароль Ð´Ð»Ñ Ð´Ð¾Ñтупа к Ñекретному ключу OpenPGP Ñертификата:\n"
+"\"%.*s\"\n"
+"%u-бит %s ключ, ID %s,\n"
+"Ñоздан %s%s.\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Введите фразу-пароль\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "прервано пользователем\n"
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"Ðеобходима фраза-пароль Ð´Ð»Ñ Ð´Ð¾Ñтупа к Ñекретному ключу пользователÑ: \"%s\"\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-бит %s ключ, ID %s, Ñоздан %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (подключ на главном ключе %s)"
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Выберите изображение Ð´Ð»Ñ Ð¸ÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð² качеÑтве Вашего Фото ID.\n"
+"Изображение должно быть в формате JPEG. Помните, что оно будет хранитьÑÑ\n"
+"Ñ Ð’Ð°ÑˆÐ¸Ð¼ открытым ключом и увеличит его размер, Ñ‚.е. не Ñледует брать очень\n"
+"большое изображение. Рекомендуемый размер около 240x288.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Введите Ð¸Ð¼Ñ JPEG файла Ð´Ð»Ñ Ð¤Ð¾Ñ‚Ð¾ ID: "
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "Ðе могу открыть JPEG файл `%s': %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "Этот JPEG очень велик (%d байт)!\n"
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "ДейÑтвительно хотите иÑпользовать его? (y/N)"
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "`%s' - не JPEG файл\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Данное фото правильное (y/N/q)? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "не могу отобразить Фото ID!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Без ÑƒÐºÐ°Ð·Ð°Ð½Ð¸Ñ Ð¿Ñ€Ð¸Ñ‡Ð¸Ð½Ñ‹"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Ключ заменён другим"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Ключ был Ñкомпрометирован"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Ключ больше не иÑпользуетÑÑ"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "User ID больше не дейÑтвителен"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "причина отзыва: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "прокомментируйте отзыв: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr ""
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "Ðе задано значение Ð´Ð¾Ð²ÐµÑ€Ð¸Ñ Ð´Ð»Ñ:\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " aka \"%s\"\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+"Какова уверенноÑÑ‚ÑŒ в принадлежноÑти данного ключа лицу указанному в User ID "
+"ключа?\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Ðе знаю или не буду отвечать\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = Ðе доверÑÑŽ\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = ÐбÑолютно доверÑÑŽ\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " m = вернутьÑÑ Ð² главное меню\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " s = пропуÑтить Ñтот ключ\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " q = выход\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+"Минимальный уровень Ð´Ð¾Ð²ÐµÑ€Ð¸Ñ Ð´Ð°Ð½Ð½Ð¾Ð¼Ñƒ ключу: %s\n"
+"\n"
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Ваше решение (?-подробнее)? "
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr ""
+"ДейÑтвительно хотите уÑтановить ÐБСОЛЮТÐОЕ доверие к владельцу данного "
+"ключа? (y/N)"
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Сертификаты, приводÑщие к абÑолютно доверÑемому ключу:\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Ðет ÑвидетельÑтв принадлежноÑти данного ключа лицу указанному в User ID "
+"ключа\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Мало ÑвидетельÑтв принадлежноÑти данного ключа лицу указанному в User ID "
+"ключа\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "Этот ключ вероÑтно принадлежит названному владельцу\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Данный ключ принадлежит нам\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"Ðет уверенноÑти принадлежноÑти ключа человеку указанному\n"
+"в User ID ключа. ЕÑли ТОЧÐО знаете, что делаете,\n"
+"можете ответить на Ñледующий Ð²Ð¾Ð¿Ñ€Ð¾Ñ ÑƒÑ‚Ð²ÐµÑ€Ð´Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ð¾.\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "Ð’ÑÑ‘ равно иÑпользовать данный ключ? (y/N)"
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "Ð’ÐИМÐÐИЕ: ИÑпользование недоверÑемого ключа!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "Ð’ÐИМÐÐИЕ: возможно данный ключ отозван (ключ отзыва отÑутÑтвует)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "Ð’ÐИМÐÐИЕ: Данный ключ отозван ключом назначенным отзывающим!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "Ð’ÐИМÐÐИЕ: Данный ключ отозван его владельцем!\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " Это может означать, что подпиÑÑŒ поддельнаÑ.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "Ð’ÐИМÐÐИЕ: Данный подключ был отозван его владельцем!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Замечание: Данный ключ отключен.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr "ЗÐМЕЧÐÐИЕ: Проверенный Ð°Ð´Ñ€ÐµÑ Ð¿Ð¾Ð´Ð¿Ð¸Ñавшего `%s'\n"
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr "ЗÐМЕЧÐÐИЕ: ÐÐ´Ñ€ÐµÑ Ð¿Ð¾Ð´Ð¿Ð¸Ñавшего `%s' не ÑоответÑтвует формату DNS\n"
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Замечание: Данный ключ проÑрочен!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "Ð’ÐИМÐÐИЕ: Данный ключ не заверен доверенной подпиÑью!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr " Ðет указаний на то, что подпиÑÑŒ принадлежит владельцу.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "Ð’ÐИМÐÐИЕ: ÐЕТ ДОВЕРИЯ данному ключу!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Возможно, что подпиÑÑŒ ПОДДЕЛÐÐÐ.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: Этот ключ не заверен доÑтаточным количеÑтвом доверÑемых подпиÑей!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Ðет уверенноÑти в том, что подпиÑÑŒ принадлежит владельцу.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: пропущено: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: пропущено: открытый ключ уже имеетÑÑ\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "Ðе задан User ID. (можете иÑпользовать \"-r\")\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr "Текущие получатели:\n"
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Введите User ID. ПуÑÑ‚Ð°Ñ Ñтрока Ð´Ð»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð¸Ñ: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Ðет такого User ID.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "пропущено: открытый ключ уже уÑтановлен Ð´Ð»Ñ Ð¿Ð¾Ð»ÑƒÑ‡Ð°Ñ‚ÐµÐ»Ñ Ð¿Ð¾ умолчанию\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Открытый ключ отключен.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "пропущено: открытый ключ уже уÑтановлен\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "неизвеÑтный получатель по умолчанию \"%s\"\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: пропущено: открытый ключ отключен\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "нет дейÑтвительных адреÑов\n"
+
+#: g10/pkclist.c:1503
+#, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "Замечание: ключ %s не умеет %s\n"
+
+#: g10/pkclist.c:1528
+#, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "Замечание: ключ %s не имеет Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð´Ð»Ñ %s\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "данные не Ñохранены; иÑпользуйте \"--output\" Ð´Ð»Ñ ÑохранениÑ\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "ÐžÑ‚Ð´ÐµÐ»ÐµÐ½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Введите Ð¸Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð° Ñ Ð´Ð°Ð½Ð½Ñ‹Ð¼Ð¸: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "читаю stdin ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "не подпиÑанные данные\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "не могу открыть подпиÑанные данные `%s'\n"
+
+#: g10/plaintext.c:607
+#, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "не могу открыть подпиÑанные данные fd=%d: %s\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "анонимный получатель; пробую Ñекретный ключ %s ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "отлично, мы анонимный получатель.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "Ñтарое шифрование DEK не поддерживаетÑÑ\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "алгоритм ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ %d%s неизвеÑтен или отключен\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: алгоритм ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ %s не найден в ÑпиÑке предпочтений получателÑ\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "ЗÐМЕЧÐÐИЕ: Ñекретный ключ %s проÑрочен Ñ %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "ЗÐМЕЧÐÐИЕ: ключ был отозван"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr ""
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "ключ %s не имеет User ID\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Будет отозван:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Это - sensitive ключ отзыва)\n"
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Создать Ñертификат отзыва данного ключа? (y/N)"
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "Ð”Ð»Ñ Ð²Ñ‹Ð²Ð¾Ð´Ð° иÑпользован ASCII формат.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr ""
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Сертификат отзыва Ñоздан.\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "ключи отзыва Ð´Ð»Ñ \"%s\" не найдены\n"
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "Ñекретный ключ \"%s\" не найден: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "нет ÑоотвеÑтвующего открытого ключа: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "открытый ключ не ÑоотвеÑтвует Ñекретному!\n"
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Создать Ñертификат отзыва данного ключа? (y/N)"
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "неизвеÑтный алгоритм защиты\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "ЗÐМЕЧÐÐИЕ: Данный ключ не защищен!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Сертификат отзыва Ñоздан.\n"
+"\n"
+"ПомеÑтите его в Ñкрытое меÑто; еÑли поÑторонний получит доÑтуп\n"
+"к данному Ñертификату, он может иÑпользовать его, чтобы Ñделать\n"
+"Ваш ключ непригодным к иÑпользованию. Можно раÑпечатать данный\n"
+"Ñертификат и ÑпрÑтать подальше, на Ñлучай еÑли Ваш оÑновной\n"
+"ноÑитель будет поврежден, но будьте оÑторожны: ÑиÑтема печати\n"
+"может Ñохранить данные и Ñделать их доÑтупными Ð´Ð»Ñ Ð´Ñ€ÑƒÐ³Ð¸Ñ…!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Укажите причину отзыва:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Отмена"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Возможно Ð’Ñ‹ хотите выбрать здеÑÑŒ %d)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Введите необÑзательное поÑÑнение; закончите пуÑтой Ñтрокой:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Причина отзыва: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(ПоÑÑÐ½ÐµÐ½Ð¸Ñ Ð¾Ñ‚ÑутÑтвуют)\n"
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "Ð’Ñе правильно? (y/N) "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "ÑÐµÐºÑ€ÐµÑ‚Ð½Ð°Ñ Ñ‡Ð°ÑÑ‚ÑŒ ключ не доÑтупна\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "метод защиты %d%s не поддерживаетÑÑ\n"
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "метод защиты %d не поддерживаетÑÑ\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "ÐÐµÐ²ÐµÑ€Ð½Ð°Ñ Ñ„Ñ€Ð°Ð·Ð°-пароль; попробуйте еще раз"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "Ð’ÐИМÐÐИЕ: обнаружен Ñлабый ключ - Ñмените фразу-пароль еще раз.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"Ñоздание нерекомендуемой 16-битной контрольной Ñуммы Ð´Ð»Ñ Ð·Ð°Ñ‰Ð¸Ñ‚Ñ‹ ключа\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "Ñоздан Ñлабый ключ - повторение\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"невозможно избежать Ñлабого ключа Ð´Ð»Ñ Ñимметричного шифра; %d попыток!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr "DSA тебует размер хеша кратного 8 битам\n"
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr "ключ DSA %s иÑпользует небезопаÑный (%u бит) хеш\n"
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr "Ð´Ð»Ñ ÐºÐ»ÑŽÑ‡Ð° DSA %s требуетÑÑ Ñ…ÐµÑˆ не менее %u бит\n"
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "Ð’ÐИМÐÐИЕ: конфликт Ñ…Ñшей подпиÑей в Ñообщении\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: подпиÑываемый подключ %s не имеет перекреÑтной Ñертификации\n"
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: подпиÑываемый подключ %s имеет недоÑтоверную перекреÑтную "
+"Ñертификацию\n"
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "открытый ключ %s на %lu Ñекунд моложе подпиÑи\n"
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "открытый ключ %s на %lu Ñекунд моложе подпиÑи\n"
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"ключ %s был Ñоздан на %lu Ñекунд в будущем (time warp или проблемы Ñ "
+"чаÑами)\n"
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"ключ %s был Ñоздан на %lu Ñекунд в будущем (time warp или проблемы Ñ "
+"чаÑами)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "ЗÐМЕЧÐÐИЕ: подпиÑавший ключ %s - проÑрочен %s\n"
+
+#: g10/sig-check.c:252
+#, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "ЗÐМЕЧÐÐИЕ: ключ %s подпиÑи - отозван\n"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr "принÑта Ð¿Ð»Ð¾Ñ…Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ ключа %s Ñ Ð½ÐµÐ¸Ð·Ð²ÐµÑтным критичеÑким битом\n"
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "ключ %s: нет подключа Ð´Ð»Ñ Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡Ð° отзывающей подпиÑи\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "ключ %s: нет подключа Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи ÑвÑзи подключей\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: не могу развернуть %% запиÑÑŒ (длинный). ИÑпользую неразвернутым.\n"
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: не могу развернуть %% url правил (длинный). ИÑпользую "
+"неразвернутым.\n"
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: невозможно развернуть %% URL предпочитаемого Ñервера ключей "
+"(Ñлишком длинно). ИÑпользую неразвернутым.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "Ñбой проверки Ñозданной подпиÑи: %s\n"
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s подпиÑÑŒ от: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "только Ð¾Ñ‚Ð´ÐµÐ»ÐµÐ½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ доÑтупна Ñ PGP 2.x ключом в режиме --pgp2\n"
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"Ð’ÐИМÐÐИЕ: иÑпользование Ñ…Ñш-функции %s (%d) нарушает Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚ÐµÐ½Ð¸Ñ "
+"получателÑ\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "подпиÑÑŒ:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "только Ð¿Ñ€Ð¾Ð·Ñ€Ð°Ñ‡Ð½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ доÑтупна Ñ PGP 2.x ключом в режиме --pgp2\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "будет иÑпользовано %s шифрование\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"ключ не помечен как ненадежный - не могу иÑпользовать его Ñ Ð½ÐµÐ½Ð°Ð´ÐµÐ¶Ð½Ñ‹Ð¼ RNG!\n"
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "пропущено \"%s\": дубликат\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "пропущено \"%s\": %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "пропущено: Ñекретный ключ уже имеетÑÑ\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"Ñто Ñозданный PGP ElGamal ключ, не обеÑпечивающий безопаÑноÑÑ‚ÑŒ подпиÑи!"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "запиÑÑŒ о доверии %lu, тип %d: ошибка запиÑи: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# СпиÑок приÑвоенных значений Ð´Ð¾Ð²ÐµÑ€Ð¸Ñ Ñоздан %s\n"
+"# (ИÑпользуйте \"gpg --import-ownertrust\" Ð´Ð»Ñ Ð¸Ñ… воÑÑтановлениÑ)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "ошибка в `%s': %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "Ñтрока Ñлишком длиннаÑ"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr "пропущено двоеточие"
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "неверный отпечаток"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "пропущено значение Ñтепени Ð´Ð¾Ð²ÐµÑ€Ð¸Ñ Ð²Ð»Ð°Ð´ÐµÐ»ÑŒÑ†Ñƒ"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "ошибка при поиÑке запиÑи о доверии в `%s': %s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð² `%s': %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr ""
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "trustdb Ñ‚Ñ€Ð°Ð½Ð·Ð°ÐºÑ†Ð¸Ñ Ñлишком длиннаÑ\n"
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "нет доÑтупа к `%s': %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: каталог не ÑущеÑтвует!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "невозможно Ñоздать блокировку Ð´Ð»Ñ `%s'\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "невозможно заблокировать `%s'\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: Ñбой ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð·Ð°Ð¿Ð¸Ñи о верÑии: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: Ñоздана недейÑÑ‚Ð²Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ð°Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ð° доверий\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: Ñоздана таблица доверий\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "ЗÐМЕЧÐÐИЕ: таблица доверий доÑтупна только Ð´Ð»Ñ Ñ‡Ñ‚ÐµÐ½Ð¸Ñ\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: недейÑÑ‚Ð²Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ð°Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ð° доверий\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: Ñбой ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ñ‹ Ñ…Ñшей: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: ошибка Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ Ð·Ð°Ð¿Ð¸Ñи о верÑии: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð·Ð°Ð¿Ð¸Ñи о верÑии: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: ошибка ÑÐ¾Ñ…Ñ€Ð°Ð½ÐµÐ½Ð¸Ñ Ð·Ð°Ð¿Ð¸Ñи о верÑии: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr ""
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: не ÑвлÑетÑÑ Ñ„Ð°Ð¹Ð»Ð¾Ð¼ таблицы доверий\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: запиÑÑŒ о верÑии Ñ Ð½Ð¾Ð¼ÐµÑ€Ð¾Ð¼ запиÑи %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: Ð½ÐµÐ¿Ñ€Ð°Ð²Ð¸Ð»ÑŒÐ½Ð°Ñ Ð²ÐµÑ€ÑÐ¸Ñ Ñ„Ð°Ð¹Ð»Ð° %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ñвободной запиÑи: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: ошибка внеÑÐµÐ½Ð¸Ñ Ð·Ð°Ð¿Ð¸Ñи каталога: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: Ñбой Ð¾Ð±Ð½ÑƒÐ»ÐµÐ½Ð¸Ñ Ð·Ð°Ð¿Ð¸Ñи: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: Ñбой Ð´Ð¾Ð±Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ð·Ð°Ð¿Ð¸Ñи: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: Ñоздана таблица доверий\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "не могу обработать Ñтроки текÑта длиннее %d Ñимволов\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ð°Ñ Ñтрока превышает %d Ñимволов\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "`%s' не ÑвлÑетÑÑ Ð´Ð¾Ð¿ÑƒÑтимым длинным ID ключа\n"
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "ключ %s: принÑÑ‚ как доверÑемый ключ\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "ключ %s вÑтречаетÑÑ Ð±Ð¾Ð»ÐµÐµ одного раза в таблице доверий\n"
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "ключ %s: нет открытого ключа Ð´Ð»Ñ Ð´Ð¾Ð²ÐµÑ€Ñемого ключа - пропущен\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "ключ %s помечен как абÑолютно доверÑемый.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "запиÑÑŒ о доверии %lu, тип запроÑа %d: Ñбой чтениÑ: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "запиÑÑŒ о доверии %lu не запрашиваемого типа %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+"не могу иÑпользовать неизвеÑтную модель (%d) - иÑпользую %s модель доверий\n"
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr "иÑпользую %s модель доверий\n"
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr "[ отозван]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr "[проÑрочн]"
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr "[неизвÑтн]"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr "[неопредл]"
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr "[ограничн]"
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr "[ полное ]"
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr "[абÑолютн]"
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr "неопределено"
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr "никогда"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr "ограниченно"
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr "полное"
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr "абÑолютно"
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "нет необходимоÑти в проверке таблицы доверий\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "Ñрок Ñледующей проверки таблицы доверий %s\n"
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "нет необходимоÑти проверÑÑ‚ÑŒ таблицу доверий при `%s' модели доверий\n"
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "нет необходимоÑти обновлÑÑ‚ÑŒ таблицу доверий при '%s' модели доверий\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "открытый ключ %s не найден: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "выполните --check-trustdb, пожалуйÑта\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "проверка таблицы доверий\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d ключей обработано (%d дейÑтвующих запиÑей очищено)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "не найдено абÑолютно доверÑемых ключей\n"
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "открытый ключ Ð´Ð»Ñ Ð°Ð±Ñолютно доверÑемого ключа %s не найден\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+"%d ограниченных необходимо, %d выполненных необходимо, %s модель довериÑ\n"
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+"глубина: %d корректных: %3d подпиÑанных: %3d довериÑ: %d-, %dq, %dn, %dm, "
+"%df, %du\n"
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr ""
+"невозможно обновить запиÑÑŒ о верÑии таблицы доверий: ошибка запиÑи: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"Ðе могу проверить подпиÑÑŒ.\n"
+"Файл подпиÑи (.sig или .asc) должен быть\n"
+"первым из файлов в командной Ñтроке.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "Ð²Ñ…Ð¾Ð´Ð½Ð°Ñ Ñтрока %u Ñлишком Ð´Ð»Ð¸Ð½Ð½Ð°Ñ Ð¸Ð»Ð¸ пропущен LF\n"
+
+#: g10/verify.c:253
+#, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "не могу открыть fd %d: %s\n"
+
+#: jnlib/argparse.c:180
+msgid "argument not expected"
+msgstr "неожиданный параметр"
+
+#: jnlib/argparse.c:182
+msgid "read error"
+msgstr "ошибка чтениÑ"
+
+#: jnlib/argparse.c:184
+msgid "keyword too long"
+msgstr "ключевое Ñлово Ñлишком длинное"
+
+#: jnlib/argparse.c:186
+msgid "missing argument"
+msgstr "пропущен аргумент"
+
+#: jnlib/argparse.c:188
+msgid "invalid command"
+msgstr "недопуÑÑ‚Ð¸Ð¼Ð°Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð°"
+
+#: jnlib/argparse.c:190
+msgid "invalid alias definition"
+msgstr ""
+
+#: jnlib/argparse.c:192
+msgid "out of core"
+msgstr ""
+
+#: jnlib/argparse.c:194
+msgid "invalid option"
+msgstr "недопуÑтимый параметр"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr "параметр \"%.50s\" не ожидает аргумента\n"
+
+#: jnlib/argparse.c:207
+#, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "ÐедопуÑÑ‚Ð¸Ð¼Ð°Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° \"%.50s\"\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr "параметр \"%.50s\" не понÑÑ‚\n"
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr "команда \"%.50s\" не понÑта\n"
+
+#: jnlib/argparse.c:213
+msgid "out of core\n"
+msgstr ""
+
+#: jnlib/argparse.c:215
+#, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "недопуÑтимый параметр \"%.50s\"\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "Вы нашли ошибку ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, c-format
+msgid "error loading `%s': %s\n"
+msgstr "ошибка загрузки `%s': %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr "преобразование из `%s' в `%s' недоÑтупно\n"
+
+#: jnlib/utf8conv.c:131
+#, c-format
+msgid "iconv_open failed: %s\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "Ñбой Ð¿Ñ€ÐµÐ¾Ð±Ñ€Ð°Ð·Ð¾Ð²Ð°Ð½Ð¸Ñ `%s' в `%s': %s\n"
+
+#: jnlib/dotlock.c:234
+#, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "невозможно Ñоздание временного файла `%s': %s\n"
+
+#: jnlib/dotlock.c:269
+#, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "ошибка запиÑи в `%s': %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr ""
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr ""
+
+#: jnlib/dotlock.c:501
+#, c-format
+msgid "waiting for lock %s...\n"
+msgstr ""
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "ИÑпользование: kbxutil [параметры] [файлы] (-h Ð´Ð»Ñ Ð¿Ð¾Ð´Ñказки)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+"СинтакÑиÑ: kbxutil [параметры] [файлы]\n"
+"проÑморт, ÑкÑпорт, импорт данных Keybox\n"
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "Модули RSA пропущены или не имеют размер %d бит\n"
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "отÑутÑтвует Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ð°Ñ ÑкÑпонента RSA или превышает %d бит\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr "NullPIN вÑÑ‘ еще не изменен\n"
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "|A|Введите Admin PIN на клавиатуре ÑчитывателÑ"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "|A|Введите Admin PIN на клавиатуре ÑчитывателÑ"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "||Введите Reset Code к карте"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "||Введите Reset Code к карте"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "ошибка при получении нового PIN: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "Ñбой ÑÐ¾Ñ…Ñ€Ð°Ð½ÐµÐ½Ð¸Ñ Ð¾Ñ‚Ð¿ÐµÑ‡Ð°Ñ‚ÐºÐ°: %s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "Ñбой ÑÐ¾Ñ…Ñ€Ð°Ð½ÐµÐ½Ð¸Ñ Ð´Ð°Ñ‚Ñ‹ ÑозданиÑ: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "Ñбой Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ð¾Ð³Ð¾ ключа: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "ответ не Ñодержит данных открытого ключа\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "в ответе отÑутÑтвует модуль RSA\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "в ответе отÑутÑтвует Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ð°Ñ ÑкÑпонента RSA\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||Введите PIN%%0A[подпиÑей: %lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+msgid "||Please enter the PIN"
+msgstr "||Введите PIN"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "PIN Ð´Ð»Ñ CHV%d Ñлишком короток, Ð¼Ð¸Ð½Ð¸Ð¼Ð°Ð»ÑŒÐ½Ð°Ñ Ð´Ð»Ð¸Ð½Ð° %d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "при проверке CHV%d Ñбой: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "ошибка Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ ÑтатуÑа CHV Ñ ÐºÐ°Ñ€Ñ‚Ñ‹\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "карта заблокирована!\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr "оÑталоÑÑŒ %d попыток ввода админиÑтративного PIN до блокировки карты\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr ""
+"|A|Введите Admin PID на клавиатуре ÑчитывателÑ%%0A[оÑталоÑÑŒ попыток: %d]"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "||Введите PIN"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "доÑтуп к командам ÑƒÐ¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ð½Ðµ наÑтроен\n"
+
+#: scd/app-openpgp.c:2035
+msgid "||Please enter the Reset Code for the card"
+msgstr "||Введите Reset Code к карте"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "Reset Code Ñлишком короток, Ð¼Ð¸Ð½Ð¸Ð¼Ð°Ð»ÑŒÐ½Ð°Ñ Ð´Ð»Ð¸Ð½Ð° %d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr "|RN| Ðовый Reset Code"
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr "|AN|Ðовый админиÑтративный PIN"
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr "|N|Ðовый PIN"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð´Ð°Ð½Ð½Ñ‹Ñ… приложениÑ\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð¾Ñ‚Ð¿ÐµÑ‡Ð°Ñ‚ÐºÐ° DO\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "ключ уже ÑущеÑтвует\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "ÑущеÑтвующий ключ будет заменен\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "Ð³ÐµÐ½ÐµÑ€Ð°Ñ†Ð¸Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ ключа\n"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "Ð³ÐµÐ½ÐµÑ€Ð°Ñ†Ð¸Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ ключа\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr "пропущен штамп ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ ÑозданиÑ\n"
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr "ПроÑтое чиÑло RSA %s пропущено или не имеет размер %d бит\n"
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "Ñбой ÑÐ¾Ñ…Ñ€Ð°Ð½ÐµÐ½Ð¸Ñ ÐºÐ»ÑŽÑ‡Ð°: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "пожалуйÑта, подождите, пока будет генерироватьÑÑ ÐºÐ»ÑŽÑ‡ ...\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "Ñбой при генерации ключа\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "ключ Ñгенерирован (%d Ñекунд)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "Ð½ÐµÐ´Ð¾Ð¿ÑƒÑ‚Ð¸Ð¼Ð°Ñ Ñтруктура OpenPGP карты (DO 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "карта не поддерживает функцию Ñ…ÐµÑˆÐ¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "подпиÑей Ñоздано: %lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+"проверка админиÑтративного PIN в данный момент запрещена Ñтой командой\n"
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "нет доÑтупа %s - неработоÑпоÑÐ¾Ð±Ð½Ð°Ñ ÐºÐ°Ñ€Ñ‚Ð° OpenPGP?\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr "|N|Ðовый PIN"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr "|LEVEL|уÑтановить уровень отладки в LEVEL"
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+msgid "|FILE|write a log to FILE"
+msgstr "|FILE|ÑохранÑÑ‚ÑŒ журнал в FILE"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr "|N|подключатьÑÑ Ðº Ñчитывателю на порт N"
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr ""
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr ""
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr "не иÑпользовать вÑтроенный CCID драйвер"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr "|N|отÑоединить карту по иÑтечении N Ñекунд неактивноÑти"
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr "не иÑпользовать клавиатуру ÑчитывателÑ"
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "позволить иÑпользовать управлÑющие команды"
+
+#: scd/scdaemon.c:259
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "ИÑпользование: scdaemon [параметры] (-h Ð´Ð»Ñ Ð¿Ð¾Ð´Ñказки)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+"СинтакÑиÑ: scdaemon [параметры] [команда [аргументы]]\n"
+"Демон Ñмарткарт Ð´Ð»Ñ GnuPG\n"
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+"ИÑпользуйте параметр `--daemon' Ð´Ð»Ñ Ð·Ð°Ð¿ÑƒÑка Ð¿Ñ€Ð¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð² фоновом режиме\n"
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr "обработчик fd %d запущен\n"
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr "обработчик fd %d оÑтановлен\n"
+
+#: sm/base64.c:325
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "недопуÑтимый Ñимвол radix64 %02X пропущен\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr "нет запущеного dirmngr - запуÑк `%s'\n"
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "Ð½ÐµÐ¿Ñ€Ð°Ð²Ð¸Ð»ÑŒÐ½Ð°Ñ Ð¿ÐµÑ€ÐµÐ¼ÐµÐ½Ð½Ð°Ñ Ð¾ÐºÑ€ÑƒÐ¶ÐµÐ½Ð¸Ñ GPG_AGENT_INFO\n"
+
+#: sm/call-dirmngr.c:297
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "протокол dirmngr верÑии %d не поддерживаетÑÑ\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr "не могу подÑоединитьÑÑ Ðº dirmngr - пытаемÑÑ Ð¾Ñ‚ÐºÐ°Ñ‚Ð¸Ñ‚ÑŒÑÑ Ð½Ð°Ð·Ð°Ð´\n"
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+msgid "shell"
+msgstr ""
+
+#: sm/certchain.c:258
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "критичное дополнение Ñертификата %s не поддерживаетÑÑ"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr "издатель Ñертификата не помечен как CA"
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr "Ð¿Ð¾Ð¼ÐµÑ‡ÐµÐ½Ð½Ð°Ñ ÐºÑ€Ð¸Ñ‚Ð¸Ñ‡Ð½Ð¾Ð¹ политика без наÑтроенных политик"
+
+#: sm/certchain.c:345
+#, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "не могу открыть `%s': %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr "замечание: не критичные политики Ñертификана не позволÑÑŽÑ‚ÑÑ"
+
+#: sm/certchain.c:357 sm/certchain.c:386
+msgid "certificate policy not allowed"
+msgstr "политика Ñертификата не дозволена"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr "чиÑло Ñовпавших издателей: %d\n"
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "чиÑло ÑоотвеÑтвий Ñертификатов: %d\n"
+
+#: sm/certchain.c:587
+#, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr ""
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+msgid "failed to allocated keyDB handle\n"
+msgstr ""
+
+#: sm/certchain.c:925
+msgid "certificate has been revoked"
+msgstr "Ñертификат был отозван"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr "ÑÑ‚Ð°Ñ‚ÑƒÑ Ñертификата не извеÑтен"
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr "проверьте, что \"dirmngr\" уÑтановлен корректно\n"
+
+#: sm/certchain.c:953
+#, c-format
+msgid "checking the CRL failed: %s"
+msgstr "Ñбой проверки CRL: %s"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "Ñертификат недоÑтоверный: %s"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr "Ñертификат еще не доÑтоверен"
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+msgid "root certificate not yet valid"
+msgstr "корневой Ñертификат еще не доÑтоверен"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr "промежуточный Ñертификат еще не доÑтоверен"
+
+#: sm/certchain.c:1012
+msgid "certificate has expired"
+msgstr "Ñертификат проÑрочен"
+
+#: sm/certchain.c:1013
+msgid "root certificate has expired"
+msgstr "корневой Ñертификат проÑрочен"
+
+#: sm/certchain.c:1014
+msgid "intermediate certificate has expired"
+msgstr "промежуточный Ñертификат проÑрочен"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr "Ñертификат не имеет требуемых атрибутов: %s%s%s"
+
+#: sm/certchain.c:1065
+msgid "certificate with invalid validity"
+msgstr "Ñертификат недоÑтоверен"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr "подпиÑÑŒ Ñоздана вне времени дейÑтвительноÑти Ñертификата"
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr "Ñертификат Ñоздан вне времени дейÑтвительноÑти издателÑ"
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr "промежуточный Ñертификат Ñоздан вне времени дейÑтвительноÑти издателÑ"
+
+#: sm/certchain.c:1109
+msgid " ( signature created at "
+msgstr " ( подпиÑей Ñоздано "
+
+#: sm/certchain.c:1110
+msgid " (certificate created at "
+msgstr " (Ñертификатов Ñоздано "
+
+#: sm/certchain.c:1113
+msgid " (certificate valid from "
+msgstr " (Ñертификат доÑтоверен Ñ "
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr " ( издатель доÑтоверен Ñ "
+
+#: sm/certchain.c:1144
+#, c-format
+msgid "fingerprint=%s\n"
+msgstr "отпечаток=%s\n"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr "корневой Ñертификат теперь помечен доверÑемым\n"
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr "в gpg-agent Ð½ÐµÐ»ÑŒÐ·Ñ Ñделать Ñертификат доверÑемым интерактивно\n"
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+"Ð´Ð»Ñ Ð´Ð°Ð½Ð½Ð¾Ð¹ ÑеÑÑии запрещено делать Ñертификат доверÑемым интерактивно\n"
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+msgid "no issuer found in certificate"
+msgstr "не найден издатель в Ñертификате"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr "ÑамоподпиÑанный\tÑертификат имеет ПЛОХУЮ подпиÑÑŒ"
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr "корневой Ñертификат не помечен доверÑемым"
+
+#: sm/certchain.c:1448
+#, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "Ñбой проверки ÑпиÑка доверий: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr "цепочка Ñертификации Ñлишком длиннаÑ\n"
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr "не найден издатель Ñертификата"
+
+#: sm/certchain.c:1522
+msgid "certificate has a BAD signature"
+msgstr "Ñертификат имеет ПЛОХУЮ подпиÑÑŒ"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr "найдено еще одно ÑоответÑтвие CA Ñертификата - Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð°Ñ Ð¿Ð¾Ð¿Ñ‹Ñ‚ÐºÐ¸"
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr "цепочка Ñертификации длиннее дозволенной CA (%d)"
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+msgid "certificate is good\n"
+msgstr ""
+
+#: sm/certchain.c:1645
+msgid "intermediate certificate is good\n"
+msgstr ""
+
+#: sm/certchain.c:1646
+msgid "root certificate is good\n"
+msgstr ""
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr "%s ключ иÑпользует небезопаÑный (%u бит) хеш\n"
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr "(Ñто MD2 алгоритм)\n"
+
+#: sm/certdump.c:60 sm/certdump.c:143
+msgid "none"
+msgstr "нет"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+msgid "[Error - invalid encoding]"
+msgstr "[Ошибка - недопуÑÑ‚Ð¸Ð¼Ð°Ñ ÐºÐ¾Ð´Ð¸Ñ€Ð¾Ð²ÐºÐ°]"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr "[Ошибка - Ðет имени]"
+
+#: sm/certdump.c:679 sm/certdump.c:738
+msgid "[Error - invalid DN]"
+msgstr "[Ошибка - недопуÑтимый DN]"
+
+#: sm/certdump.c:948
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Введите фразу-пароль Ð´Ð»Ñ Ð´Ð¾Ñтупа к Ñекретному ключу к X.509 Ñертификату:\"%s"
+"\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"Ñоздан %s, иÑтекает %s.\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr "не задана применимоÑÑ‚ÑŒ ключа - подразумеваем вÑе\n"
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "ошибка Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ð¸Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ð¸ применимоÑти ключа: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr "Ñертификат не Ñледует иÑпользовать Ð´Ð»Ñ Ñертификации\n"
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr "Ñертификат не Ñледует иÑпользовать Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ\n"
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr "Ñертификат не Ñледует иÑпользовать Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑываниÑ\n"
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr "Ñертификат не применим Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ\n"
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr "Ñертификат не применим Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи\n"
+
+#: sm/certreqgen.c:474
+#, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "Ñтрока %d: недопуÑтимый алгоритм\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr "Ñтрока %d: недопуÑÑ‚Ð¸Ð¼Ð°Ñ Ð´Ð»Ð¸Ð½Ð° ключа %u (допуÑтимо от %d до %d)\n"
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Ñтрока %d: нет допуÑтимого e-mail адреÑа\n"
+
+#: sm/certreqgen.c:546
+#, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "Ñтрока %d: ошибка Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ ÐºÐ»ÑŽÑ‡Ð° `%s' из карты %s\n"
+
+#: sm/certreqgen.c:558
+#, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "Ñтрока %d: ошибка Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ keygrip ключа `%s': %s\n"
+
+#: sm/certreqgen.c:574
+#, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "Ñтрока %d: cбой ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ ÐºÐ»ÑŽÑ‡Ð°: %s <%s>\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA\n"
+
+#: sm/certreqgen-ui.c:159
+#, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) ИмеющийÑÑ ÐºÐ»ÑŽÑ‡\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr " (%d) ИмеющийÑÑ Ð½Ð° карте ключ\n"
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Введите примечание:"
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "Ðет подключа Ñ Ð¸Ð½Ð´ÐµÐºÑом %d\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ñвободной запиÑи: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "ошибка Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ñерийного номера карты: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "отключить ключ"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "Возможные дейÑÑ‚Ð²Ð¸Ñ Ð´Ð»Ñ ÐºÐ»ÑŽÑ‡Ð° %s:\n"
+
+#: sm/certreqgen-ui.c:277
+#, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) подпиÑÑŒ, шифрование\n"
+
+#: sm/certreqgen-ui.c:278
+#, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) подпиÑÑŒ\n"
+
+#: sm/certreqgen-ui.c:279
+#, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) шифрование\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+msgid "Enter email addresses"
+msgstr "Введите Email-адреÑ: "
+
+#: sm/certreqgen-ui.c:335
+msgid " (end with an empty line):\n"
+msgstr "(пуÑÑ‚Ð°Ñ Ñтрока Ð´Ð»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð¸Ñ):\n"
+
+#: sm/certreqgen-ui.c:339
+msgid "Enter DNS names"
+msgstr "Введите DNS имÑ"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+msgid " (optional; end with an empty line):\n"
+msgstr " (опционаьно; пуÑÑ‚Ð°Ñ Ñтрока Ð´Ð»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð¸Ñ):\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr "Введите URIs"
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr "Параметры необходимые Ð´Ð»Ñ ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð·Ð°Ð¿Ñ€Ð¾Ñа на Ñертификацию:\n"
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+"СоздаетÑÑ Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð½Ð° Ñертификацию. Это может занÑÑ‚ÑŒ немного времени...\n"
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr "Готово. Данный Ð·Ð°Ð¿Ñ€Ð¾Ñ Ñ‚ÐµÐ¿ÐµÑ€ÑŒ Ñледует передать на подпиÑÑŒ в CA.\n"
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr "(Ñто RC2 алгоритм)\n"
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr "(Ñто не похоже не зашифрованное Ñообщение)\n"
+
+#: sm/delete.c:51 sm/delete.c:112
+#, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "Ñертификат `%s' не найден: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, c-format
+msgid "error locking keybox: %s\n"
+msgstr "ошибка блокировки keybox: %s\n"
+
+#: sm/delete.c:143
+#, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "дупликат Ñертификата `%s' удален\n"
+
+#: sm/delete.c:145
+#, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "Ñертификат `%s' удален\n"
+
+#: sm/delete.c:175
+#, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "удаление Ñертификата \"%s\" неудачно: %s\n"
+
+#: sm/encrypt.c:321
+msgid "no valid recipients given\n"
+msgstr "не заданы получатели\n"
+
+#: sm/gpgsm.c:197
+msgid "list external keys"
+msgstr "вывеÑти ÑпиÑок внешних ключей"
+
+#: sm/gpgsm.c:199
+msgid "list certificate chain"
+msgstr "вывеÑти ÑпиÑок правил Ñертификатов"
+
+#: sm/gpgsm.c:206
+msgid "import certificates"
+msgstr "импорт Ñертификатов"
+
+#: sm/gpgsm.c:207
+msgid "export certificates"
+msgstr "ÑкÑпорт Ñертификатов"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr "зарегиÑтрировать Ñмарткарту"
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr "передать команду dirmngr"
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr "вызываем gpg-protect-tool"
+
+#: sm/gpgsm.c:230
+msgid "create base-64 encoded output"
+msgstr "вывод в BASE64"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr "предполагаем получение в формате PEM"
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr "предполагаем получение в формате BASE64"
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr "предполагаем получение в двоичном формате"
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr "иÑпользуем ÑиÑтемный dirmngr, еÑли доÑтупен"
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr "не ÑверÑÑ‚ÑŒ Ñ CRL"
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr "проверка дейÑтвительноÑти иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ OCSP"
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr "|N|чиÑло включаемых Ñертификатов"
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr "|FILE|взÑÑ‚ÑŒ информацию о политиках из FILE"
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr "не проверÑÑ‚ÑŒ политики Ñертификата"
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr "запроÑить пропущенных издаталей Ñертификатов"
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "не иÑпользовать терминал ÑовÑем"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr "|FILE|ÑохранÑÑ‚ÑŒ журнал режима Ñервера в FILE"
+
+#: sm/gpgsm.c:290
+msgid "|FILE|write an audit log to FILE"
+msgstr "|FILE|ÑохранÑÑ‚ÑŒ журнал аудита в FILE"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "пакетный режим: ничего не запрашивать"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "предполагать Да на большинÑтво вопроÑов"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "предполагать Ðет на большинÑтво вопроÑов"
+
+#: sm/gpgsm.c:298
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "|FILE|добавить таблицу ключей в ÑпиÑок таблиц ключей"
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|USER-ID|иÑпользовать USER-ID как Ñекретный ключ по умолчанию"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|иÑпользовать данный Ñервер ключей Ð´Ð»Ñ Ð¿Ð¾Ð¸Ñка ключей"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NAME|иÑпользовать алгоритм ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ NAME"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NAME|иÑпользовать хеш-функцию NAME"
+
+#: sm/gpgsm.c:522
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "ИÑпользование: gpgsm [параметры] [файлы] (-h Ð´Ð»Ñ Ð¿Ð¾Ð´Ñказки)"
+
+#: sm/gpgsm.c:525
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"СинтакÑиÑ: gpgsm [параметры] [файлы]\n"
+"подпиÑать и проверить, зашифровать или раÑшифровать иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ S/MIME "
+"протокол\n"
+"Ð¾Ð¿ÐµÑ€Ð°Ñ†Ð¸Ñ Ð¿Ð¾ умолчанию завиÑит от входных данных\n"
+
+#: sm/gpgsm.c:617
+msgid "usage: gpgsm [options] "
+msgstr "иÑпользование: gpgsm [параметры] "
+
+#: sm/gpgsm.c:739
+#, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "Замечание: не могу зашифровать Ð´Ð»Ñ `%s': %s\n"
+
+#: sm/gpgsm.c:750
+#, c-format
+msgid "unknown validation model `%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr ""
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: не обрабатываем Ñту Ñтроку\n"
+
+#: sm/gpgsm.c:1376
+msgid "could not parse keyserver\n"
+msgstr ""
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr "Ð’ÐИМÐÐИЕ: выполнÑемÑÑ Ñ Ð¿Ð¾Ð´Ð´ÐµÐ»Ð°Ð½Ð½Ñ‹Ð¼ ÑиÑтемным временем: "
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:1597
+#, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "невозможно подпиÑать иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÑ `%s': %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, c-format
+msgid "total number processed: %lu\n"
+msgstr "вÑего обработано: %lu\n"
+
+#: sm/import.c:230
+msgid "error storing certificate\n"
+msgstr "ошибка ÑÐ¾Ñ…Ñ€Ð°Ð½ÐµÐ½Ð¸Ñ Ñертификата\n"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr "ошибка базовой проверки Ñертификата - не импортирован\n"
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+msgid "failed to allocate keyDB handle\n"
+msgstr ""
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "ошибка Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ñохраненных флагов: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, c-format
+msgid "error importing certificate: %s\n"
+msgstr "ошибка Ð¸Ð¼Ð¿Ð¾Ñ€Ñ‚Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ñертификата: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, c-format
+msgid "error reading input: %s\n"
+msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð²Ð²Ð¾Ð´Ð°: %s\n"
+
+#: sm/keydb.c:187
+#, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "ошибка ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ keybox `%s': %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr "возможно Ñледует запуÑтить gpg-agent Ñперва\n"
+
+#: sm/keydb.c:195
+#, c-format
+msgid "keybox `%s' created\n"
+msgstr "Ñоздан keybox `%s'\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+msgid "failed to get the fingerprint\n"
+msgstr "Ñбой Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ð¾Ñ‚Ð¿ÐµÑ‡Ð°Ñ‚ÐºÐ°\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1356
+#, c-format
+msgid "error storing certificate: %s\n"
+msgstr "ошибка ÑÐ¾Ñ…Ñ€Ð°Ð½ÐµÐ½Ð¸Ñ Ñертификата: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, c-format
+msgid "error storing flags: %s\n"
+msgstr "ошибка ÑÐ¾Ñ…Ñ€Ð°Ð½ÐµÐ½Ð¸Ñ Ñ„Ð»Ð°Ð³Ð¾Ð²: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr "Ошибка - "
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+"GPG_TTY не уÑтановлено - возможно иÑпользование подделанного умолчаниÑ\n"
+
+#: sm/qualified.c:105
+#, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "неверное Ñформатированный отпечаток в `%s', Ñтрока %d\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr "недопуÑтиÑый код Ñтраны в `%s', Ñтрока %d\n"
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+"Учтите, что Ð´Ð»Ñ Ð´Ð°Ð½Ð½Ð¾Ð¹ программы официально не одобрено Ñоздание и проверка "
+"подобных подпиÑей.\n"
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "хеш-Ñ„ÑƒÐ½ÐºÑ†Ð¸Ñ %d (%s) Ð´Ð»Ñ %d не поддерживаетÑÑ; иÑпользую %s\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr ""
+
+#: sm/verify.c:449
+msgid "Signature made "
+msgstr "ПодпиÑÑŒ Ñделана"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr "[дата не указана]"
+
+#: sm/verify.c:454
+#, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "Ñ Ð¸Ñпользованием Ñертификата ID 0x%08lX\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+"недопуÑÑ‚Ð¸Ð¼Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ: атрибут дайджеÑта ÑÐ¾Ð¾Ð±Ñ‰ÐµÐ½Ð¸Ñ Ð½Ðµ ÑоответÑтвует "
+"вычиÑленному\n"
+
+#: sm/verify.c:594
+msgid "Good signature from"
+msgstr "ДейÑÑ‚Ð²Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ от"
+
+#: sm/verify.c:595
+msgid " aka"
+msgstr " aka"
+
+#: sm/verify.c:613
+msgid "This is a qualified signature\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+msgid "quiet"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|FILE|выполнить команды из FILE при запуÑке"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr "выполнить /substr при запуÑке"
+
+#: tools/gpg-connect-agent.c:184
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "ИÑпользование: gpg-connect-agent [параметры] (-h Ð´Ð»Ñ Ð¿Ð¾Ð´Ñказки)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+"СинтакÑиÑ: gpg-connect-agent: [параметры]\n"
+"СвÑзываетÑÑ Ñ Ð·Ð°Ð¿ÑƒÑ‰ÐµÐ½Ð½Ñ‹Ð¼ агентом и отcылает команды\n"
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr "параметр \"%s\" требует программы и опциональных аргументов\n"
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr "параметр \"%s\" игнорирован по причине \"%s\"\n"
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, c-format
+msgid "receiving line failed: %s\n"
+msgstr "Ñбой Ð¿Ð¾Ð»ÑƒÑ‡ÐµÐ½Ð¸Ñ Ñтроки: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+msgid "line too long - skipped\n"
+msgstr "Ñтрока Ñлишком Ð´Ð»Ð¸Ð½Ð½Ð°Ñ - пропущено\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, c-format
+msgid "unknown command `%s'\n"
+msgstr "неизвеÑÑ‚Ð½Ð°Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° `%s'\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, c-format
+msgid "sending line failed: %s\n"
+msgstr "Ñбой отправки Ñтроки: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, c-format
+msgid "error sending %s command: %s\n"
+msgstr "ошибка отправки %s команды: %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, c-format
+msgid "error sending standard options: %s\n"
+msgstr "ошибка отправки Ñтандартных параметров: %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr "Параметры контролирующие вывод диагноÑтики"
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr "Параметры контролирующие конфигурацию"
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr "Параметры полезные Ð´Ð»Ñ Ð¾Ñ‚Ð»Ð°Ð´ÐºÐ¸"
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr "|FILE|ÑохранÑÑ‚ÑŒ журнал режима Ñервера в FILE"
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr "Параметры контролирующие безопаÑноÑÑ‚ÑŒ"
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr "|N|Ñчитать ключ SSH иÑтекшим по иÑтечении N Ñекунд"
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr "|N|уÑтановить макÑимальный Ñрок кешированного PIN N Ñекунд"
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr "|N|уÑтановить макÑимальный Ñрок дейÑÑ‚Ð²Ð¸Ñ SSH ключа N Ñекунд"
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr "|N|уÑтановить минимальную длину фразы-Ð¿Ð°Ñ€Ð¾Ð»Ñ Ñ€Ð°Ð²Ð½Ð¾Ð¹ N"
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr "|n|требовать не менее N не алфавитных Ñимволов Ð´Ð»Ñ Ð½Ð¾Ð²Ð¾Ð¹ фразы-паролÑ"
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr "|FILE|проверÑÑ‚ÑŒ новую фразу-пароль по файлу образцов FILE"
+
+#: tools/gpgconf-comp.c:557
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|Ñрок жизни фразы-Ð¿Ð°Ñ€Ð¾Ð»Ñ N дней"
+
+#: tools/gpgconf-comp.c:561
+msgid "do not allow the reuse of old passphrases"
+msgstr "не разрешать повторное иÑпользование Ñтарых фраз-паролей"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NAME|иÑпользовать NAME как Ñекретный ключ по умолчанию"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NAME|зашифровать Ð´Ð»Ñ User ID: NAME"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr "ÐšÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ Ñерверов ключей"
+
+#: tools/gpgconf-comp.c:688
+msgid "|URL|use keyserver at URL"
+msgstr "|URL|иÑпользовать Ñевер ключей по URL"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr "полноÑтью запретить доÑтуп к dirmngr"
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NAME|иÑпользовать кодировку NAME Ð´Ð»Ñ PKCS#12 фраз-паролей"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr "не проверÑÑ‚ÑŒ CRLd Ð´Ð»Ñ ÐºÐ¾Ñ€Ð½ÐµÐ²Ñ‹Ñ… Ñертификатов"
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr "Параметры контрролирующие формат вывода"
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr "ÐаÑтройки HTTP Ñерверов"
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr "иÑпользовать ÑиÑтемные наÑтройки HTTP проки"
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr "ÐаÑтройки LDAP Ñерверов"
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr "ÐаÑтройки OCSP"
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr "вывод ÑпиÑка вÑех компонентов"
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr "|COMPONENT|вывод ÑпиÑка параметров"
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr "|COMPONENT|изменить параметры"
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr "|COMPONENT|проверить параметры"
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+msgid "list global configuration file"
+msgstr ""
+
+#: tools/gpgconf.c:74
+msgid "check global configuration file"
+msgstr "проверить глобальный файл конфигурации"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "вывод в указанный файл"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr "применить Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð²Ð¾ Ð²Ñ€ÐµÐ¼Ñ Ð¸ÑполнениÑ, еÑли возможно"
+
+#: tools/gpgconf.c:105
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "ИÑпользование: gpgconf [параметры] (-h Ð´Ð»Ñ Ð¿Ð¾Ð´Ñказки)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+"СинтакÑиÑ: gpgconf [параметры]\n"
+"УправлÑет параметрами конфигурации инÑÑ‚Ñ€ÑƒÐ¼ÐµÐ½Ñ‚Ð°Ñ€Ð¸Ñ GnuPG\n"
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+msgid "usage: gpgconf [options] "
+msgstr "иÑпользование: gpgconf [параметры] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr "ТребуетÑÑ Ð¾Ð´Ð½Ð¾ÐºÐ¾Ð¼Ð¿Ð¾Ð½ÐµÐ½Ñ‚Ð½Ñ‹Ð¹ аргумент"
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+msgid "Component not found"
+msgstr "Компонент не найден"
+
+#: tools/gpgconf.c:284
+msgid "No argument allowed"
+msgstr "Ðргументы не разрешены"
+
+#: tools/symcryptrun.c:154
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@\n"
+"Команды:\n"
+" "
+
+#: tools/symcryptrun.c:156
+msgid "decryption modus"
+msgstr "режим раÑшифрованиÑ"
+
+#: tools/symcryptrun.c:157
+msgid "encryption modus"
+msgstr "режим зашифровываниÑ"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+msgid "program filename"
+msgstr ""
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr "файл Ñекретного ключа (требуетÑÑ)"
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr "ввод имени файла (stdin по умолчанию)"
+
+#: tools/symcryptrun.c:209
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "ИÑпользование: symcryptrun [параметры] (-h Ð´Ð»Ñ Ð¿Ð¾Ð´Ñказки)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+"СинтакÑиÑ: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[параметры...] COMMAND [файл-иÑточник]\n"
+"Вызывает проÑтой инÑтрумент шифрованиÑ\n"
+
+#: tools/symcryptrun.c:281
+#, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s над %s прервано, ÑÑ‚Ð°Ñ‚ÑƒÑ %i\n"
+
+#: tools/symcryptrun.c:288
+#, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "Ñбой %s над %s, ÑÑ‚Ð°Ñ‚ÑƒÑ %i\n"
+
+#: tools/symcryptrun.c:314
+#, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "невозможно Ñоздание временного каталога `%s': %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "невозможно открытие %s на запиÑÑŒ: %s\n"
+
+#: tools/symcryptrun.c:382
+#, c-format
+msgid "error writing to %s: %s\n"
+msgstr "ошибка запиÑи в %s: %s\n"
+
+#: tools/symcryptrun.c:389
+#, c-format
+msgid "error reading from %s: %s\n"
+msgstr "ошибка Ñ‡Ñ‚ÐµÐ½Ð¸Ñ Ð¸Ð· %s: %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, c-format
+msgid "error closing %s: %s\n"
+msgstr "ошибка Ð·Ð°ÐºÑ€Ñ‹Ñ‚Ð¸Ñ %s: %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr "не задан параметр --program\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr "поддерживаютÑÑ Ñ‚Ð¾Ð»ÑŒÐºÐ¾ параметры --decrypt и --encrypt\n"
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr "не задан параметр --keyfile\n"
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, c-format
+msgid "could not create pipe: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:536
+#, c-format
+msgid "could not create pty: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, c-format
+msgid "execv failed: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:609
+#, c-format
+msgid "select failed: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:626
+#, c-format
+msgid "read failed: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:678
+#, c-format
+msgid "pty read failed: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:730
+#, c-format
+msgid "waitpid failed: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr "потомок завершилÑÑ, ÑÑ‚Ð°Ñ‚ÑƒÑ %i\n"
+
+#: tools/symcryptrun.c:799
+#, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:812
+#, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr "Ñледует задать %s либо %s\n"
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr "не задан клаÑÑ\n"
+
+#: tools/symcryptrun.c:1022
+#, c-format
+msgid "class %s is not supported\n"
+msgstr "клаÑÑ %s не поддерживаетÑÑ\n"
+
+#: tools/gpg-check-pattern.c:145
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr ""
+"ИÑпользование: gpg-check-pattern [параметры] patternfile (-h Ð´Ð»Ñ Ð¿Ð¾Ð´Ñказки)\n"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Команда> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr "таблица доверий повреждена; запуÑтите \"gpg --fix-trustdb\".\n"
+
+#~ msgid "Please report bugs to <"
+#~ msgstr "О найденных ошибках Ñообщайте <"
+
+#~ msgid "Please report bugs to "
+#~ msgstr "О найденных ошибка Ñообщайте "
+
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "Пара ключей DSA будет иметь длину %u бит.\n"
+
+#~ msgid "this command has not yet been implemented\n"
+#~ msgstr "Ð´Ð°Ð½Ð½Ð°Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ñ‹ вÑÑ‘ еще не реализована\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Повторите ввод фразы-паролÑ\n"
+
+#~ msgid "||Please enter your PIN at the reader's keypad%%0A[sigs done: %lu]"
+#~ msgstr "||Введите PIN на клавиатуре ÑчитывателÑ%%0A[подпиÑей: %lu]"
+
+#~ msgid "|A|Admin PIN"
+#~ msgstr "|A|ÐдминиÑтративный PID"
diff --git a/po/sk.gmo b/po/sk.gmo
new file mode 100644
index 0000000..664e108
--- /dev/null
+++ b/po/sk.gmo
Binary files differ
diff --git a/po/sk.po b/po/sk.po
new file mode 100644
index 0000000..79eea1e
--- /dev/null
+++ b/po/sk.po
@@ -0,0 +1,9989 @@
+# GnuPG Slovak translation
+# Copyright (C) 1998 - 2004 Free Software Foundation, Inc.
+# Michal Majer <mmajer@econ.umb.sk>, 2002 - 2004
+# !-- bounces (2011-01-11)
+#
+# Designated-Translator: none
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.2.5\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2004-07-20 15:52+0200\n"
+"Last-Translator: Michal Majer <mmajer@econ.umb.sk>\n"
+"Language-Team: Slovak <sk-i18n@lists.linux.sk>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=iso-8859-2\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "nemô¾em inicializova» databázu dôvery: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr ""
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "Prosím, vlo¾te heslo; toto je tajná veta \n"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "riadok je príli¹ dlhý\n"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "heslo je príli¹ dlhé\n"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "Neplatný znak ve mene\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "nesprávne MPI"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "nesprávne heslo"
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "nesprávne heslo"
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "ochranný algoritmus %d%s nie je podporováný\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "nemô¾em vytvori» `%s': %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "nemô¾em otvori» `%s': %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "chyba pri zápise do súboru tajných kµúèov `%s': %s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "nenájdený zapisovateµný súbor tajných kµúèov (secring): %s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "zmazanie bloku kµúèa sa nepodarilo: %s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "chyba pri zápise súboru kµúèov (keyring) `%s': %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Prosím, vlo¾te heslo; toto je tajná veta \n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "zmeni» heslo"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr "Prosím, vlo¾te heslo; toto je tajná veta \n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s: nepodarilo sa vytvori» hashovaciu tabuµku: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr ""
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "Opakujte heslo: "
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Opakujte heslo: "
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "Opakujte heslo: "
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "heslo nie je zopakované správne; skúste to znovu"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "heslo nie je zopakované správne; skúste to znovu"
+
+#: agent/divert-scd.c:298
+#, fuzzy
+msgid "PIN not correctly repeated; try again"
+msgstr "heslo nie je zopakované správne; skúste to znovu"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr ""
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "zapisujem do '%s'\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "Vlo¾i» heslo\n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "Pou¾i» napriek tomu tento kµúè? "
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"Na ochranu Vá¹ho tajného kµúèa musíte zada» heslo.\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "zmeni» heslo"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"Mo¾nosti:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "s dodatoènými informáciami"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "by» o trochu tich¹í"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "|SÚBOR|nahra» roz¹irujúci modul SÚBOR"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "vyhµada» kµúèe na serveri kµúèov"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr "Skutoène aktualizova» predvoµby pre vybrané id u¾ívateµa? "
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "aktualizova» databázu dôvery"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr ""
+"Chyby oznámte, prosím, na adresu <gnupg-bugs@gnu.org>.\n"
+"Pripomienky k prekladu <sk-i18n@lists.linux.sk>.\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Pou¾itie: gpg [mo¾nosti] [súbory] (-h pre pomoc)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "POZNÁMKA: neexistuje implicitný súbor s mo¾nos»ami `%s'\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "súbor s mo¾nos»ami `%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "èítam mo¾nosti z `%s'\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "chyba pri vytváraní `%s': %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "nemô¾em vytvori» adresár `%s': %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "%s: nemô¾em vytvori»: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1525
+#, fuzzy
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "gpg-agent nie je v tomto sedení dostupný\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "chyba pri posielaní na `%s': %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "aktualizácia zlyhala: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "zapisujem tajný kµúè do `%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, fuzzy, c-format
+msgid "directory `%s' created\n"
+msgstr "%s: adresár vytvorený\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "databáza dôvery: procedúra read() (n=%d) zlyhala: %s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "%s: nemô¾em vytvori» adresár: %s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "chyba pri èítaní `%s': %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "aktualizácia tajného kµúèa zlyhala: %s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "%s: preskoèené: %s\n"
+
+#: agent/gpg-agent.c:2232
+#, fuzzy
+msgid "no gpg-agent running in this session\n"
+msgstr "gpg-agent nie je v tomto sedení dostupný\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "zlý formát premennej prostredia GPG_AGENT_INFO\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "gpg-agent protokol verzie %d nie je podporovaný\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "Pou¾itie: gpg [mo¾nosti] [súbory] (-h pre pomoc)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Príkazy:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Mo¾nosti:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Pou¾itie: gpg [mo¾nosti] [súbory] (-h pre pomoc)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Prosím, vlo¾te heslo; toto je tajná veta \n"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Prosím, vlo¾te heslo; toto je tajná veta \n"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr "Prosím, vlo¾te heslo; toto je tajná veta \n"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "nesprávne heslo"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "Zru¹i»"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "chyba pri èítaní `%s': %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "kµúè `%s' nebol nájdený: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "tajné èasti kµúèa nie sú dostupné\n"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "chyba pri èítaní: %s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "chyba pri èítaní `%s': %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "ano"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "zmeni» heslo"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "nemo¾no otvori» súbor: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "chyba pri èítaní `%s': %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "chyba pri zápise do súboru tajných kµúèov `%s': %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "chyba pri èítaní `%s': %s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "chyba pri èítaní `%s': %s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "chyba pri vytváraní `%s': %s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "[User id not found]"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent nie je v tomto sedení dostupný\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "nemô¾em sa pripoji» k `%s': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "problém v komunikácii s gpg-agentom\n"
+
+#: common/simple-pwquery.c:416
+#, fuzzy
+msgid "problem setting the gpg-agent options\n"
+msgstr "problém s agentom: agent vracia 0x%lx\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "zru¹ené u¾ívateµom\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+#, fuzzy
+msgid "problem with the agent\n"
+msgstr "problém s agentom: agent vracia 0x%lx\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "nemô¾em vypnú» vytváranie core súborov: %s\n"
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "VAROVANIE: vlastníctvo pre %s nastavené nebezpeène \"%s\"\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "VAROVANIE: prístupové práva pre %s nie sú nastavené bezpeène \"%s\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "ano"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "aAyY"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "nie"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "ukonèi»"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "uUqQ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr ""
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr ""
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr ""
+
+#: common/yesno.c:117
+#, fuzzy
+msgid "cC"
+msgstr "c"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "nesprávny certifikát"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "nesprávny certifikát"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "nesprávny certifikát"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "nesprávny certifikát"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "nesprávny certifikát"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "nesprávny certifikát"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "nesprávny certifikát"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr "nesprávny certifikát"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "Kµúè k dispozícii na: "
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s: súbor kµúèov (keyring) vytvorený\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "ASCII kódovanie: %s\n"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"Podporované algoritmy:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "neza¹ifrované"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr ""
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "neplatný hashovací algoritmus `%s'\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Platnos» podpisu vypr¹ala %s\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "neplatný hashovací algoritmus `%s'\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "ochranný algoritmus %d%s nie je podporováný\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "verifikácia podpisu potlaèená\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "Platnos» podpisu vypr¹ala %s\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "Dobrý podpis od \""
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "neplatný hashovací algoritmus `%s'\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "Platnos» podpisu vypr¹ala %s\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "Platnos» kµúèa vypr¹ala!"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr "nesprávny certifikát"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "nesprávny certifikát"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "Kµúè k dispozícii na: "
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "nesprávny certifikát"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "nesprávny certifikát"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "neznáma verzia"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "Pomoc nie je dostupná pre '%s'"
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "chyba v pätièke\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "neznáme"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "ASCII kódovanie: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "neplatná hlavièka ASCII kódovania: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "ASCII hlavièka: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "neplatná hlavièka podpisu v èitateµnom formáte\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "ASCII hlavièka: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "vnorené podpisy v èitateµnom formátu\n"
+
+#: g10/armor.c:643
+#, fuzzy
+msgid "unexpected armor: "
+msgstr "neoèakávané kódovanie ASCII:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "nesprávne oznaèenie riadku mínusmi: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, fuzzy, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "neplatný znak vo formáte radix64 %02x bol preskoèený\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "predèasný koniec súboru (¾iadne CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "predèasný koniec súboru (v CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "nesprávny formát CRC\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, fuzzy, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "Chyba CRC; %06lx - %06lx\n"
+
+#: g10/armor.c:919
+#, fuzzy
+msgid "premature eof (in trailer)\n"
+msgstr "predèasný koniec súboru (v pätièke)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "chyba v pätièke\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "nenájdené ¾iadne platné dáta vo formáte OpenPGP.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "neplatné kódovanie ASCII: riadok je dlh¹í ako %d znakov\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"neplatný znak (quoted-printable) v ASCII kódovaní - pravdepodobne bol "
+"pou¾itý nesprávny MTA\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"meno mô¾e obsahova» len písmená, èíslice, bodky, podèiarníky alebo medzery a "
+"konèi» s '='\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "hodnota musí obsahova» znak '@'\n"
+
+#: g10/build-packet.c:994
+#, fuzzy
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "hodnota musí obsahova» znak '@'\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "hodnota nesmie obsahova» ¾iadne kontrolné znaky\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "VAROVANIE: nájdený neplatný formát zápisu dátumu\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "nie je v priamo èitateµnom formáte"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, fuzzy, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "tajný kµúè nie je dostupný"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr ""
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+#, fuzzy
+msgid "can't do this in batch mode\n"
+msgstr "nemo¾no previes» v dávkovom móde\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "Tento príkaz nie je v módoch %s dovolený.\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "tajné èasti kµúèa nie sú dostupné\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Vá¹ výber? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr ""
+
+#: g10/card-util.c:512
+#, fuzzy
+msgid "male"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "female"
+msgstr "enable"
+
+#: g10/card-util.c:513
+#, fuzzy
+msgid "unspecified"
+msgstr "Dôvod nebol ¹pecifikovaný"
+
+#: g10/card-util.c:540
+#, fuzzy
+msgid "not forced"
+msgstr "nespracované"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr ""
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr ""
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr ""
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr ""
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:693
+#, fuzzy
+msgid "URL to retrieve public key: "
+msgstr "¾iadny zodpovedajúci verejný kµúè: %s\n"
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "chyba pri vytváraní súboru kµúèov (keyring)`%s': %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "chyba pri èítaní `%s': %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "chyba pri zápise súboru kµúèov (keyring) `%s': %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr ""
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr ""
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+
+#: g10/card-util.c:1005
+#, fuzzy
+msgid "Language preferences: "
+msgstr "aktualizova» predvoµby"
+
+#: g10/card-util.c:1013
+#, fuzzy
+msgid "Error: invalid length of preference string.\n"
+msgstr "neplatný znak v re»azci s predvoµbami\n"
+
+#: g10/card-util.c:1022
+#, fuzzy
+msgid "Error: invalid characters in preference string.\n"
+msgstr "neplatný znak v re»azci s predvoµbami\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr ""
+
+#: g10/card-util.c:1058
+#, fuzzy
+msgid "Error: invalid response.\n"
+msgstr "chyba: neplatný odtlaèok\n"
+
+#: g10/card-util.c:1080
+#, fuzzy
+msgid "CA fingerprint: "
+msgstr "vypísa» fingerprint"
+
+#: g10/card-util.c:1103
+#, fuzzy
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "chyba: neplatný odtlaèok\n"
+
+#: g10/card-util.c:1153
+#, fuzzy, c-format
+msgid "key operation not possible: %s\n"
+msgstr "Vytvorenie kµúèa sa nepodarilo: %s\n"
+
+#: g10/card-util.c:1154
+#, fuzzy
+msgid "not an OpenPGP card"
+msgstr "nenájdené ¾iadne platné dáta vo formáte OpenPGP.\n"
+
+#: g10/card-util.c:1167
+#, fuzzy, c-format
+msgid "error getting current key info: %s\n"
+msgstr "chyba pri zápise do súboru tajných kµúèov `%s': %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Akú veµkos» kµúèa si prajete? (1024) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Akú veµkos» kµúèa si prajete? (1024) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Akú veµkos» kµúèa si prajete? (1024) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "zaokrúhlené na %u bitov\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr ""
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "chyba pri posielaní na `%s': %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr ""
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "preskoèené: tajný kµúè je u¾ v databáze\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr ""
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+
+#: g10/card-util.c:1449
+#, fuzzy
+msgid "Please select the type of key to generate:\n"
+msgstr "Prosím, vyberte druh kµúèa, ktorý chcete:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+#, fuzzy
+msgid " (1) Signature key\n"
+msgstr "Platnos» podpisu vypr¹ala %s\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+#, fuzzy
+msgid " (2) Encryption key\n"
+msgstr " (%d) RSA (len na ¹ifrovanie)\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr ""
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Neplatný výber.\n"
+
+#: g10/card-util.c:1556
+#, fuzzy
+msgid "Please select where to store the key:\n"
+msgstr "Prosím výberte dôvod na revokáciu:\n"
+
+#: g10/card-util.c:1600
+#, fuzzy
+msgid "unknown key protection algorithm\n"
+msgstr "neznámy ochranný algoritmus\n"
+
+#: g10/card-util.c:1605
+#, fuzzy
+msgid "secret parts of key are not available\n"
+msgstr "Tajné èasti primárneho kµúèa nie sú dostupné.\n"
+
+#: g10/card-util.c:1610
+#, fuzzy
+msgid "secret key already stored on a card\n"
+msgstr "preskoèené: tajný kµúè je u¾ v databáze\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "chyba pri zápise súboru kµúèov (keyring) `%s': %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "ukonèi» toto menu"
+
+#: g10/card-util.c:1684
+#, fuzzy
+msgid "show admin commands"
+msgstr "konfliktné príkazy\n"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "ukáza» túto pomoc"
+
+#: g10/card-util.c:1687
+#, fuzzy
+msgid "list all available data"
+msgstr "Kµúè k dispozícii na: "
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr ""
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr ""
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr ""
+
+#: g10/card-util.c:1693
+#, fuzzy
+msgid "change the login name"
+msgstr "zmeni» dobu platnosti"
+
+#: g10/card-util.c:1694
+#, fuzzy
+msgid "change the language preferences"
+msgstr "zmeni» dôveryhodnos» vlastníka kµúèa"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr ""
+
+#: g10/card-util.c:1696
+#, fuzzy
+msgid "change a CA fingerprint"
+msgstr "vypísa» fingerprint"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr ""
+
+#: g10/card-util.c:1698
+#, fuzzy
+msgid "generate new keys"
+msgstr "vytvori» nový pár kµúèov"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr ""
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr ""
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+#, fuzzy
+msgid "Admin-only command\n"
+msgstr "konfliktné príkazy\n"
+
+#: g10/card-util.c:1895
+#, fuzzy
+msgid "Admin commands are allowed\n"
+msgstr "konfliktné príkazy\n"
+
+#: g10/card-util.c:1897
+#, fuzzy
+msgid "Admin commands are not allowed\n"
+msgstr "zapisujem tajný kµúè do `%s'\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Neplatný príkaz (skúste \"help\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output pre tento príkaz nefunguje\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "nemo¾no otvori» `%s'\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, fuzzy, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "kµúè `%s' nebol nájdený: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "chyba pri èítaní bloku kµúèa: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(pokiaµ neurèíte kµúè jeho fingerprintom)\n"
+
+#: g10/delkey.c:133
+#, fuzzy
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "bez parametra \"--yes\" to nemo¾no v dávkovom móde previes»\n"
+
+#: g10/delkey.c:145
+#, fuzzy
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Zmaza» tento kµúè zo súboru kµúèov? "
+
+#: g10/delkey.c:153
+#, fuzzy
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Toto je tajný kµúè! - skutoène zmaza»? "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "zmazanie bloku kµúèa sa nepodarilo: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "informácie o dôveryhodnosti vlastníka kµúèa vymazané\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "existuje tajný kµúè pre tento verejný kµúè \"%s\"!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "aby ste ho zmazali, pou¾ite najprv prepínaè \"--delete-secret-key\".\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "v móde S2K nemo¾no pou¾i» symetrický ESK paket\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "pou¾itá ¹ifra %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "`%s' je u¾ skomprimovaný\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "VAROVANIE: súbor `%s' je prázdny\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"v móde --pgp2 mô¾ete ¹ifrova» len RSA kµúèom s då¾kou 2048 bitov a menej\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "èítam z `%s'\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr "algoritmus IDEA nemo¾no pou¾i» na v¹etky kµúèe, pre ktoré ¹ifrujete.\n"
+
+#: g10/encode.c:559
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "vy¾iadaná symetrická ¹ifra %s (%d) nevyhovuje predvoµbám príjemcu\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"vy¾iadaný kompresný algoritmus %s (%d) nevyhovuje predvoµbám príjemcu\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "vy¾iadaná symetrická ¹ifra %s (%d) nevyhovuje predvoµbám príjemcu\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr ""
+"pou¾itie %s nie je v móde %s dovolené\n"
+"\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s za¹ifrovaný pre: %s\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s za¹ifrované dáta\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "za¹ifrované neznámym algoritmom %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"VAROVANIE: správa bola za¹ifrovaná slabým kµúèom v symetrickej ¹ifre.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "problém so za¹ifrovaným paketom\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "¾iadne vzialené vykonávanie programu nie je podporované\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"volanie externého programu zru¹ené kvôli nebezpeèným právam súboru "
+"nastavení\n"
+
+#: g10/exec.c:338
+#, fuzzy
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"táto platforma potrebuje doèasné súbory na spustenie externého programu\n"
+
+#: g10/exec.c:416
+#, fuzzy, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "nemo¾no spusti» %s \"%s\": %s\n"
+
+#: g10/exec.c:419
+#, fuzzy, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "nemo¾no spusti» %s \"%s\": %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "systémová chyba pri volaní externého programu: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "nekorektné ukonèenie externého programu\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "nemo¾no spusti» externý program\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "nemo¾no cíta» odozvu externého programu: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "VAROVANIE: nemô¾em vymaza» doèasný súbor (%s) `%s': %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "VAROVANIE: nemô¾em vymaza» doèasný adresár `%s': %s\n"
+
+#: g10/export.c:61
+#, fuzzy
+msgid "export signatures that are marked as local-only"
+msgstr ""
+"\n"
+"Podpis bude oznaèený ako neodvolateµný (non-revocable).\n"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+
+#: g10/export.c:65
+#, fuzzy
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "¾iadne revokaèné kµúèe pre `%s' nenájdené\n"
+
+#: g10/export.c:67
+#, fuzzy
+msgid "remove the passphrase from exported subkeys"
+msgstr "revokova» sekundárny kµúè"
+
+#: g10/export.c:69
+#, fuzzy
+msgid "remove unusable parts from key during export"
+msgstr "nepou¾iteµný tajný kµúè"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr ""
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+#, fuzzy
+msgid "exporting secret keys not allowed\n"
+msgstr "zapisujem tajný kµúè do `%s'\n"
+
+#: g10/export.c:367
+#, fuzzy, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "kµúè %08lX: nie je chránený - preskoèené\n"
+
+#: g10/export.c:375
+#, fuzzy, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "kµúè %08lX: PGP 2.x kµúè - preskoèené\n"
+
+#: g10/export.c:386
+#, fuzzy, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "kµúè %08lX: podpis subkµúèa na zlom mieste - preskoèené \n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr ""
+
+#: g10/export.c:560
+#, fuzzy, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "nemô¾em inicializova» databázu dôvery: %s\n"
+
+#: g10/export.c:584
+#, fuzzy, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "VAROVANIE: tajný kµúè %08lX nemá jednoduchý SK kontrolný súèet\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "VAROVANIE: niè nebolo vyexportované\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "príli¹ veµa polo¾iek v bufferi verejných kµúèov - vypnuté\n"
+
+#: g10/getkey.c:175
+#, fuzzy
+msgid "[User ID not found]"
+msgstr "[User id not found]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr ""
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "chyba pri vytváraní `%s': %s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "vypísa» fingerprint"
+
+# c-format
+#: g10/getkey.c:1930
+#, fuzzy, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"Neplatný kµúè %08lX zmenený na platný pomocou --always-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, fuzzy, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "existuje tajný kµúè pre tento verejný kµúè %08lX!\n"
+
+#: g10/getkey.c:2759
+#, fuzzy, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "pou¾ívam sekundárny kµúè %08lX namiesto primárneho kµúèa %08lX\n"
+
+#: g10/getkey.c:2806
+#, fuzzy, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "kµúè %08lX: tajný kµúè bez verejného kµúèa - preskoèené\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "vytvori» podpis oddelený od dokumentu"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[súbor]|vytvori» podpis v èitateµnom dokumente"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "vytvori» podpis oddelený od dokumentu"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "¹ifrova» dáta"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "¹ifrovanie len so symetrickou ¹ifrou"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "de¹ifrova» dáta (implicitne)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "verifikova» podpis"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "vypísa» zoznam kµúèov"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "vypísa» zoznam kµúèov a podpisov"
+
+#: g10/gpg.c:389
+#, fuzzy
+msgid "list and check key signatures"
+msgstr "skontrolova» podpisy kµúèov"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "vypísa» zoznam kµúèov a fingerprintov"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "vypísa» zoznam tajných kµúèov"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "vytvori» nový pár kµúèov"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "vytvori» revokaèný certifikát"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "odstráni» kµúè zo súboru verejných kµúèov"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "odstráni» kµúè zo súboru tajných kµúèov"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "podpísa» kµúè"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "podpísa» kµúè lokálne"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "podpísa» alebo modifikova» kµúè"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "zmeni» heslo"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "exportova» kµúèe"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "exportova» kµúèe na server kµúèov"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "importova» kµúèe zo servera kµúèov"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "vyhµada» kµúèe na serveri kµúèov"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "aktualizova» v¹etky kµúèe zo servera kµúèov"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "importova»/zlúèi» kµúèe"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr ""
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr ""
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr ""
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "aktualizova» databázu dôvery"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|algo [súbory]|vypí¹ hash"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "vytvor výstup zakódovaný pomocou ASCII"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|MENO|¹ifrova» pre MENO"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr ""
+"pou¾i» toto id u¾ívateµa na podpísanie\n"
+" alebo de¹ifrovanie"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr ""
+"|N|nastavi» úroveò komprimácie N (0 - ¾iadna\n"
+" komprimácia)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "pou¾i» kánonický textový mód"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "|SÚBOR|nahra» roz¹irujúci modul SÚBOR"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "nevykona» ¾iadne zmeny"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "vy¾iada» potvrdenie pred prepísaním"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr ""
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Pou¾ite manuálové stránky pre kompletný zoznam v¹etkých príkazov a "
+"mo¾ností)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Príklady:\n"
+"\n"
+" -se -r Bob [súbor] podpísa» a za¹ifrova» pre u¾ívateµa Bob\n"
+" --clearsign [súbor] vytvori» podpis èitateµného dokumentu\n"
+" --detach-sign [súbor] vytvori» podpis oddelený od dokumentu\n"
+" --list-keys [mená] vypísa» kµúèe\n"
+" --fingerprint [mená] vypísa» fingerprinty\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Pou¾itie: gpg [mo¾nosti] [súbory] (-h pre pomoc)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntax: gpg [mo¾nosti] [súbory]\n"
+"podpísa», overi», ¹ifrova» alebo de¹ifrova»\n"
+"implicitné operácie závisia od vstupných dát\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Podporované algoritmy:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Verejné kµúèe: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "©ifry: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Hash: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Kompresia: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "pou¾itie: gpg [mo¾nosti] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "konfliktné príkazy\n"
+
+#: g10/gpg.c:1176
+#, fuzzy, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "no = podpis nájdený v definícii skupiny \"%s\"\n"
+
+#: g10/gpg.c:1373
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "VAROVANIE: vlastníctvo pre %s nastavené nebezpeène \"%s\"\n"
+
+#: g10/gpg.c:1376
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "VAROVANIE: vlastníctvo pre %s nastavené nebezpeène \"%s\"\n"
+
+#: g10/gpg.c:1379
+#, fuzzy, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "VAROVANIE: vlastníctvo pre %s nastavené nebezpeène \"%s\"\n"
+
+#: g10/gpg.c:1385
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "VAROVANIE: prístupové práva pre %s nie sú nastavené bezpeène \"%s\"\n"
+
+#: g10/gpg.c:1388
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "VAROVANIE: prístupové práva pre %s nie sú nastavené bezpeène \"%s\"\n"
+
+#: g10/gpg.c:1391
+#, fuzzy, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "VAROVANIE: prístupové práva pre %s nie sú nastavené bezpeène \"%s\"\n"
+
+#: g10/gpg.c:1397
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "VAROVANIE: vlastníctvo adresára %s nastavené nebezpeène \"%s\"\n"
+
+#: g10/gpg.c:1400
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr "VAROVANIE: vlastníctvo adresára %s nastavené nebezpeène \"%s\"\n"
+
+#: g10/gpg.c:1403
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "VAROVANIE: vlastníctvo adresára %s nastavené nebezpeène \"%s\"\n"
+
+#: g10/gpg.c:1409
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+"VAROVANIE: prístupové práva adresára %s nie sú nastavené bezpeène \"%s\"\n"
+
+#: g10/gpg.c:1412
+#, fuzzy, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+"VAROVANIE: prístupové práva adresára %s nie sú nastavené bezpeène \"%s\"\n"
+
+#: g10/gpg.c:1415
+#, fuzzy, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+"VAROVANIE: prístupové práva adresára %s nie sú nastavené bezpeène \"%s\"\n"
+
+#: g10/gpg.c:1595
+#, fuzzy, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "neznáma polo¾ka konfigurácie \"%s\"\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr ""
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1703
+#, fuzzy
+msgid "show all notations during signature listings"
+msgstr "V súbore tajných kµúèov chýba zodpovedajúci podpis\n"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr ""
+
+#: g10/gpg.c:1711
+#, fuzzy
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "zadané URL pre podpisovú politiku je neplatné\n"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr ""
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+
+#: g10/gpg.c:1719
+#, fuzzy
+msgid "show the keyring name in key listings"
+msgstr "uká¾ v ktorom súbore kµúèov je vypísaný kµúè"
+
+#: g10/gpg.c:1721
+#, fuzzy
+msgid "show expiration dates during signature listings"
+msgstr "V súbore tajných kµúèov chýba zodpovedajúci podpis\n"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "POZNÁMKA: starý implicitný súbor s mo¾nos»ami `%s ignorovaný'\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "POZNÁMKA: %s nie je pre normálne pou¾itie!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, fuzzy, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "%s nie je platná znaková sada\n"
+
+#: g10/gpg.c:2624
+#, fuzzy, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "%s nie je platná znaková sada\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+#, fuzzy
+msgid "could not parse keyserver URL\n"
+msgstr "nemo¾no pou¾i» URI servera kµúèov - chyba analýzy URI\n"
+
+#: g10/gpg.c:2659
+#, fuzzy, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: neplatný parameter pre export\n"
+
+#: g10/gpg.c:2662
+#, fuzzy
+msgid "invalid keyserver options\n"
+msgstr "neplatný parameter pre export\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: neplatný parameter pre import\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "neplatný parameter pre import\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: neplatný parameter pre export\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "neplatný parameter pre export\n"
+
+#: g10/gpg.c:2689
+#, fuzzy, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: neplatný parameter pre import\n"
+
+#: g10/gpg.c:2692
+#, fuzzy
+msgid "invalid list options\n"
+msgstr "neplatný parameter pre import\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2704
+#, fuzzy
+msgid "show all notations during signature verification"
+msgstr "%s nie je platná znaková sada\n"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr ""
+
+#: g10/gpg.c:2712
+#, fuzzy
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "zadané URL pre podpisovú politiku je neplatné\n"
+
+#: g10/gpg.c:2714
+#, fuzzy
+msgid "show user ID validity during signature verification"
+msgstr "%s nie je platná znaková sada\n"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "%s nie je platná znaková sada\n"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr ""
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr ""
+
+#: g10/gpg.c:2729
+#, fuzzy, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: neplatný parameter pre export\n"
+
+#: g10/gpg.c:2732
+#, fuzzy
+msgid "invalid verify options\n"
+msgstr "neplatný parameter pre export\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "nemo¾no nastavi» exec-path na %s\n"
+
+#: g10/gpg.c:2925
+#, fuzzy, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: neplatný parameter pre export\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr ""
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "VAROVANIE: program mô¾e vytvori» súbor core!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "VAROVANIE: %s prepí¹e %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "Nie je dovolené pou¾íva» %s s %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s nedáva s %s zmysel!\n"
+
+#: g10/gpg.c:3057
+#, fuzzy, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "zapisujem tajný kµúè do `%s'\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+"v móde --pgp2 mô¾ete vytvára» len oddelené podpisy alebo podpisy èitateµné "
+"ako text\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "v móde --pgp2 nemo¾no súèasne ¹ifrova» a podpisova»\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "v móde --pgp2 musíte pou¾i» súbor (nie rúru).\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "¹ifrovanie správ v móde --pgp2 vy¾aduje algoritmus IDEA\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "vybraný ¹ifrovací algoritmus je neplatný\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "vybraný hashovací algoritmus je neplatný\n"
+
+#: g10/gpg.c:3175
+#, fuzzy
+msgid "selected compression algorithm is invalid\n"
+msgstr "vybraný ¹ifrovací algoritmus je neplatný\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "vybraný hashovací algoritmus je neplatný\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "polo¾ka completes-needed musí by» väè¹ia ako 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "polo¾ka marginals-needed musí by» väè¹ia ako 1\n"
+
+#: g10/gpg.c:3200
+#, fuzzy
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "polo¾ka max-cert-depth musí by» v rozmedzí od 1 do 255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "neplatná implicitná úroveò certifikácie; musí by» 0, 1, 2 alebo 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "neplatná minimálna úroveò certifikácie; musí by» 0, 1, 2 alebo 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "POZNÁMKA: jednoduchý mód S2K (0) je dôrazne nedoporuèovaný\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "neplatný mód S2K; musí by» 0, 1 alebo 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "neplatné defaultné predvoµby\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "neplatné u¾ívateµské predvoµby pre ¹ifrovanie\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "neplatné u¾ívateµské predvoµby pre hashovanie\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "neplatné u¾ívateµské predvoµby pre kompresiu\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s e¹te nepracuje s %s\n"
+
+#: g10/gpg.c:3310
+#, fuzzy, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "nemô¾ete pou¾i» ¹ifrovací algoritmus \"%s\" v móde %s\n"
+
+#: g10/gpg.c:3315
+#, fuzzy, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "nemô¾ete pou¾i» hashovací algoritmus \"%s\" v móde %s\n"
+
+#: g10/gpg.c:3320
+#, fuzzy, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "nemô¾ete pou¾i» kompresný algoritmus \"%s\" v móde %s\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "nemô¾em inicializova» databázu dôvery: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"VAROVANIE: daný adresát (-r) bez pou¾itia ¹ifrovania s verejným kµúèom\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [meno súboru]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [meno súboru]"
+
+#: g10/gpg.c:3447
+#, fuzzy, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "de¹ifrovanie zlyhalo: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [meno súboru]"
+
+#: g10/gpg.c:3470
+#, fuzzy
+msgid "--symmetric --encrypt [filename]"
+msgstr "--sign --encrypt [meno súboru]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3475
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr ""
+"pou¾itie %s nie je v móde %s dovolené\n"
+"\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [meno súboru]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [meno súboru]"
+
+#: g10/gpg.c:3521
+#, fuzzy
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--sign --encrypt [meno súboru]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+
+#: g10/gpg.c:3526
+#, fuzzy, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr ""
+"pou¾itie %s nie je v móde %s dovolené\n"
+"\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [meno súboru]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [meno súboru]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [meno súboru]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key id u¾ívateµa"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key id u¾ívateµa"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key id u¾ívateµa [príkazy]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key id u¾ívateµa"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "nepodarilo posla» kµúè na server: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "nepodarilo sa prija» kµúè zo servera: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "nepodaril sa export kµúèa: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "nepodarilo sa nájs» server: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "aktualizácia servera zlyhala: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "dekódovanie z ASCII formátu zlyhalo: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "kódovanie do ASCII formátu zlyhalo: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "neplatný hashovací algoritmus `%s'\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[meno súboru]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Zaènite písa» svoju správu ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "zadané URL pre certifikaènú politiku je neplatné\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "zadané URL pre podpisovú politiku je neplatné\n"
+
+#: g10/gpg.c:4358
+#, fuzzy
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "zadané URL pre podpisovú politiku je neplatné\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "Zmaza» tento kµúè zo súboru kµúèov? "
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "konflikt èasového razítka"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|zapísa» informácie o stave do tohto FD"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Pou¾itie: gpgv [mo¾nosti] [súbory] (-h pre pomoc)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Syntax: gpg [nastavenia] [súbory]\n"
+"Skontroluje podpisy oproti známym dôveryhodným kµúèom\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Pomoc nie je k dispozícii"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Pomoc nie je dostupná pre '%s'"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr ""
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr ""
+
+#: g10/import.c:98
+#, fuzzy
+msgid "do not update the trustdb after import"
+msgstr "aktualizova» databázu dôvery"
+
+#: g10/import.c:100
+#, fuzzy
+msgid "create a public key when importing a secret key"
+msgstr "verejný kµúè nesúhlasí s tajným!\n"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr ""
+
+#: g10/import.c:104
+#, fuzzy
+msgid "remove unusable parts from key after import"
+msgstr "nepou¾iteµný tajný kµúè"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr ""
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "blok typu %d bol preskoèený\n"
+
+#: g10/import.c:275
+#, fuzzy, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu kµúèe boli doteraz spracované\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Celkovo spracovaných kµúèov: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " preskoèené nové kµúèe: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " bez identifikátorov: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importované: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " bez zmien: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " nové id u¾ívateµov: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " nové podkµúèe: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " nové podpisy: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " nové revokácie kµúèov: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " preèítané tajné kµúèe: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " importované tajné kµúèe: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " tajné kµúèe nezmenené: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " neimportované: %lu\n"
+
+#: g10/import.c:323
+#, fuzzy, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " nové podpisy: %lu\n"
+
+#: g10/import.c:325
+#, fuzzy, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " preèítané tajné kµúèe: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:662
+#, fuzzy, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr "%s podpis, hashovací algoritmus %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr ""
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+
+#: g10/import.c:766 g10/import.c:1179
+#, fuzzy, c-format
+msgid "key %s: no user ID\n"
+msgstr "kµúè %08lX: chyba identifikátor u¾ívateµa\n"
+
+#: g10/import.c:795
+#, fuzzy, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "kµúè %08lX: HKP po¹kodenie podkµúèa opravené\n"
+
+# c-format
+#: g10/import.c:810
+#, fuzzy, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr ""
+"kµúè %08lX: prijaté id u¾ívateµa '%s', ktorý nie je podpísaný ním samým\n"
+
+#: g10/import.c:816
+#, fuzzy, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "kµúè %08lX: chýba platný identifikátor u¾ívateµa\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "mô¾e to by» spôsobené chýbajúcim podpisom kµúèa ním samým\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, fuzzy, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "kµúè %08lX: verejný kµúè nenájdený: %s\n"
+
+#: g10/import.c:834
+#, fuzzy, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "kµúè %08lX: nový kµúè - preskoèený\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "nenájdený zapisovateµný súbor kµúèov (keyring): %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "zapisujem do '%s'\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "chyba pri zápise súboru kµúèov (keyring) `%s': %s\n"
+
+#: g10/import.c:871
+#, fuzzy, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "kµúè %08lX: verejný kµúè \"%s\" importovaný\n"
+
+#: g10/import.c:895
+#, fuzzy, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "kµúè %08lX: nezodpovedá na¹ej kópii\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, fuzzy, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "kµúè %08lX: nemô¾em nájs» originálny blok kµúèa: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, fuzzy, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "kµúè %08lX: nemô¾em èíta» originálny blok kµúèa: %s\n"
+
+#: g10/import.c:962
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "kµúè %08lX: \"%s\" 1 nový identifikátor u¾ívateµa\n"
+
+#: g10/import.c:965
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "kµúè %08lX: \"%s\" %d nových identifikátorov u¾ívateµa\n"
+
+#: g10/import.c:968
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "kµúè %08lX: \"%s\" 1 nový podpis\n"
+
+#: g10/import.c:971
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "kµúè %08lX: \"%s\" %d nových podpisov\n"
+
+#: g10/import.c:974
+#, fuzzy, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "kµúè %08lX: \"%s\" 1 nový podkµúè\n"
+
+#: g10/import.c:977
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "kµúè %08lX: \"%s\" %d nových podkµúèov\n"
+
+#: g10/import.c:980
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "kµúè %08lX: \"%s\" %d nových podpisov\n"
+
+#: g10/import.c:983
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "kµúè %08lX: \"%s\" %d nových podpisov\n"
+
+#: g10/import.c:986
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "kµúè %08lX: \"%s\" %d nových identifikátorov u¾ívateµa\n"
+
+#: g10/import.c:989
+#, fuzzy, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "kµúè %08lX: \"%s\" %d nových identifikátorov u¾ívateµa\n"
+
+#: g10/import.c:1013
+#, fuzzy, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "kµúè %08lX: \"%s\" bez zmeny\n"
+
+#: g10/import.c:1185
+#, fuzzy, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "kµúè %08lX: tajný kµúè bez verejného kµúèa %d - preskoèené\n"
+
+#: g10/import.c:1196
+#, fuzzy
+msgid "importing secret keys not allowed\n"
+msgstr "zapisujem tajný kµúè do `%s'\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "nie je nastavený implicitný súbor tajných kµúèov %s\n"
+
+#: g10/import.c:1224
+#, fuzzy, c-format
+msgid "key %s: secret key imported\n"
+msgstr "kµúè %08lX: tajný kµúè importovaný\n"
+
+#: g10/import.c:1254
+#, fuzzy, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "kµúè %08lX: je u¾ v súbore tajných kµúèov\n"
+
+#: g10/import.c:1264
+#, fuzzy, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "kµúè %08lX: nebol nájdený tajný kµúè: %s\n"
+
+#: g10/import.c:1296
+#, fuzzy, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"kµúè %08lX: chýba verejný kµúè - nemô¾em aplikova» revokaèný certifikát\n"
+
+#: g10/import.c:1339
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "kµúè %08lX: neplatný revokaèný certifikát: %s - zamietnuté\n"
+
+#: g10/import.c:1371
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "kµúè %08lX: \"%s\" revokaèný certifikát importovaný\n"
+
+#: g10/import.c:1447
+#, fuzzy, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "kµúè %08lX: neexistuje id u¾ívateµa pre podpis\n"
+
+#: g10/import.c:1464
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"kµúè %08lX: nepodporovaný algoritmus verejného kµúèa u u¾ívateµského id \"%s"
+"\"\n"
+
+#: g10/import.c:1466
+#, fuzzy, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr ""
+"kµúè %08lX: neplatný podpis kµúèa ním samým u u¾ívateµského id \"%s\"\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, fuzzy, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "kµúè %08lX: nepodporovaný algoritmus verejného kµúèa\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "kµúè %08lX: podpis kµúèa ním samým (direct key signature)\n"
+
+#: g10/import.c:1498
+#, fuzzy, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "kµúè %08lX: neexistuje podkµúè pre viazanie kµúèov\n"
+
+#: g10/import.c:1511
+#, fuzzy, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "kµúè %08lX: neplatná väzba podkµúèa\n"
+
+#: g10/import.c:1527
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "kµúè %08lX: zmazaná viacnásobná väzba podkµúèa\n"
+
+#: g10/import.c:1549
+#, fuzzy, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "kµúè %08lX: neexistuje podkµúè na revokáciu kµúèa\n"
+
+#: g10/import.c:1562
+#, fuzzy, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "kµúè %08lX: neplatný revokaèný podkµúè\n"
+
+#: g10/import.c:1577
+#, fuzzy, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "kµúè %08lX: zmazaná viacnásobná revokácia podkµúèa\n"
+
+#: g10/import.c:1618
+#, fuzzy, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "kµúè %08lX: identifikátor u¾ívateµa preskoèený '"
+
+#: g10/import.c:1639
+#, fuzzy, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "kµúè %08lX: podkµúè preskoèený\n"
+
+#: g10/import.c:1666
+#, fuzzy, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "kµúè %08lX: podpis nie je exportovateµný (trieda %02x) - preskoèené\n"
+
+#: g10/import.c:1676
+#, fuzzy, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "kµúè %08lX: revokaèný certifikát na zlom mieste - preskoèené \n"
+
+#: g10/import.c:1693
+#, fuzzy, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "kµúè %08lX: neplatný revokaèný certifikát: %s - preskoèené\n"
+
+#: g10/import.c:1707
+#, fuzzy, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "kµúè %08lX: podpis subkµúèa na zlom mieste - preskoèené \n"
+
+#: g10/import.c:1715
+#, fuzzy, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "kµúè %08lX: neoèakávaná podpisová trieda (0x%02X) - preskoèené\n"
+
+#: g10/import.c:1844
+#, fuzzy, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "kµúè %08lX: zistený duplikovaný identifikátor u¾ívateµa - zlúèený\n"
+
+#: g10/import.c:1906
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"VAROVANIE: kµúè %08lX mô¾e by» revokovaný: skú¹am získa» revokaèný kµúè %"
+"08lX\n"
+
+#: g10/import.c:1920
+#, fuzzy, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"VAROVANIE: kµúè %08lX mô¾e by» revokovaný: revokaèný kµúè %08lX nenájdený.\n"
+
+#: g10/import.c:1979
+#, fuzzy, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "kµúè %08lX: pridaný revokaèný certifikát \"%s\"\n"
+
+#: g10/import.c:2013
+#, fuzzy, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "kµúè %08lX: podpis kµúèa ním samým (direct key signature)\n"
+
+#: g10/import.c:2414
+#, fuzzy
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "verejný kµúè nesúhlasí s tajným!\n"
+
+#: g10/import.c:2422
+#, fuzzy
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "preskoèené: tajný kµúè je u¾ v databáze\n"
+
+#: g10/import.c:2424
+#, fuzzy
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "preskoèené: tajný kµúè je u¾ v databáze\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "chyba pri vytváraní súboru kµúèov (keyring)`%s': %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "súbor kµúèov (keyring) `%s' vytvorený\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, fuzzy, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "chyba pri vytváraní `%s': %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "zlyhalo obnovenie vyrovnávacej pamäti kµúèov: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[revokácia]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[podpis kµúèa ním samým]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 zlý podpis\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d zlých podpisov\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 podpis neoverený, preto¾e chýba kµúè\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d podpisov neoverených, preto¾e chýba kµúè\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 podpis neoverený, preto¾e vznikla chyba\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d podpisov neoverených, preto¾e vznikli chyby\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "zistený 1 identifikátor u¾ívateµa bez platného podpisu ním samým\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr ""
+"zistených %d identifikátorov u¾ívateµa bez platného podpisu ním samým\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+#, fuzzy
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Prosím rozhodnite, nakoµko dôverujete tomuto u¾ívateµovi, ¾e správne\n"
+"verifikuje kµúèe iných u¾ívateµov (prezretím cestovných pasov,\n"
+"kontrolou fingerprintov z rôznych zdrojov...)?\n"
+"\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, fuzzy, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Dôverujem èiastoène\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, fuzzy, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Dôverujem úplne\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "U¾ívateµské ID \"%s\" je revokované."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Ste si istý, ¾e stále chcete podpísa» tento kµúè? (a/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Nemo¾no podpísa».\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "U¾ívateµské ID \"%s\" je revokované."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "ID u¾ívateµa \"%s\" nie je podpísané ním samým."
+
+#: g10/keyedit.c:682
+#, fuzzy, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "ID u¾ívateµa \"%s\" nie je podpísané ním samým."
+
+#: g10/keyedit.c:684
+#, fuzzy
+msgid "Sign it? (y/N) "
+msgstr "Skutoène podpísa»? "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"Podpis kµúèa \"%s\" ním samým je\n"
+"podpis vo formáte PGP 2.x.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Prajete si ho zmeni» na formát OpenPGP? (a/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Vá¹ súèasný podpis na \"%s\"\n"
+"je len lokálny.\n"
+"\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "Chcete, aby platnos» Vá¹ho podpisu vypr¹ala v rovnakom èase? (A/n) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Vá¹ súèasný podpis na \"%s\"\n"
+"je len lokálny.\n"
+"\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "Prajete si ho zmeni» na plne exportovateµný podpis? (a/N) "
+
+#: g10/keyedit.c:779
+#, fuzzy, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" je u¾ lokálne podpísaný kµúèom %08lX\n"
+
+#: g10/keyedit.c:782
+#, fuzzy, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" je u¾ podpísaný kµúèom %08lX\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Ste si istý, ¾e stále chcete podpísa» tento kµúè? (a/N) "
+
+#: g10/keyedit.c:809
+#, fuzzy, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Niè na podpísanie kµúèom %08lX\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Platnos» kµúèa vypr¹ala!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Platnos» kµúèa vypr¹í %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Chcete, aby platnos» Vá¹ho podpisu vypr¹ala v rovnakom èase? (A/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"Nemô¾ete vytvori» OpenPGP podpis kµúèa typu PGP 2.x, keï ste v --pgp2 móde.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "To by spôsobilo nepou¾itelnos» kµúèa v PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"S akou istotou ste preverili, ¾e kµúè, ktorý chcete podpísa»\n"
+"patrí vy¹¹ie uvedenej osobe?\n"
+"Pokiaµ nepoznáte odpoveï, zadajte \"0\".\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Neodpoviem.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Vôbec som to nekontroloval(a).%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Èiastoène som to overil(a).%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Veµmi dôkladne som to overil(a).%s\n"
+
+#: g10/keyedit.c:932
+#, fuzzy
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Vá¹ výber? ('?' - viac informácií): "
+
+#: g10/keyedit.c:956
+#, fuzzy, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Ste si istý, ¾e chcete podpísa» tento kµúè\n"
+"svojím kµúèom: \""
+
+#: g10/keyedit.c:963
+#, fuzzy
+msgid "This will be a self-signature.\n"
+msgstr ""
+"\n"
+"Ide o podpis kµúèa ním samým\n"
+
+#: g10/keyedit.c:969
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"VAROVANIE: podpis nebude oznaèený ako neexportovateµný.\n"
+
+#: g10/keyedit.c:977
+#, fuzzy
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"VAROVANIE: podpis nebude oznaèený ako neodvolateµný (non-revocable).\n"
+
+#: g10/keyedit.c:987
+#, fuzzy
+msgid "The signature will be marked as non-exportable.\n"
+msgstr ""
+"\n"
+"Podpis bude oznaèený ako neexportovateµný.\n"
+"\n"
+
+#: g10/keyedit.c:994
+#, fuzzy
+msgid "The signature will be marked as non-revocable.\n"
+msgstr ""
+"\n"
+"Podpis bude oznaèený ako neodvolateµný (non-revocable).\n"
+
+#: g10/keyedit.c:1001
+#, fuzzy
+msgid "I have not checked this key at all.\n"
+msgstr ""
+"\n"
+"Vôbec som tento kµúè neoveril.\n"
+
+#: g10/keyedit.c:1006
+#, fuzzy
+msgid "I have checked this key casually.\n"
+msgstr ""
+"\n"
+"Èiastoène som overil tento kµúè.\n"
+
+#: g10/keyedit.c:1011
+#, fuzzy
+msgid "I have checked this key very carefully.\n"
+msgstr ""
+"\n"
+"Velmi dôkladne som overil tento kµúè.\n"
+
+#: g10/keyedit.c:1021
+#, fuzzy
+msgid "Really sign? (y/N) "
+msgstr "Skutoène podpísa»? "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "podpisovanie zlyhalo: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Tento kµúè nie je chránený.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Tajné èasti primárneho kµúèa nie sú dostupné.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+#, fuzzy
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Tajné èasti primárneho kµúèa nie sú dostupné.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "kµúè je chránený.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Nie je mo¾né editova» tento kµúè: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Vlo¾te nové heslo (passphrase) pre tento tajný kµúè.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "heslo nie je zopakované správne; skúste to znovu"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Nechcete heslo - to je *zlý* nápad!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+#, fuzzy
+msgid "Do you really want to do this? (y/N) "
+msgstr "Skutoène to chcete urobi»? "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "presúvam podpis kµúèa na správne miesto\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "ulo¾i» a ukonèi»"
+
+#: g10/keyedit.c:1387
+#, fuzzy
+msgid "show key fingerprint"
+msgstr "vypísa» fingerprint"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "vypísa» zoznam kµúèov a id u¾ívateµov"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "vyberte identifikátor u¾ívateµa N"
+
+#: g10/keyedit.c:1391
+#, fuzzy
+msgid "select subkey N"
+msgstr "vyberte identifikátor u¾ívateµa N"
+
+#: g10/keyedit.c:1392
+#, fuzzy
+msgid "check signatures"
+msgstr "revokova» podpisy"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+
+#: g10/keyedit.c:1402
+#, fuzzy
+msgid "sign selected user IDs locally"
+msgstr "podpísa» kµúè lokálne"
+
+#: g10/keyedit.c:1404
+#, fuzzy
+msgid "sign selected user IDs with a trust signature"
+msgstr "Nápoveda: Vyberte id u¾ívateµa na podpísanie\n"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "prida» identifikátor u¾ívateµa"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "prida» fotografické ID"
+
+#: g10/keyedit.c:1414
+#, fuzzy
+msgid "delete selected user IDs"
+msgstr "zmaza» identifikátor u¾ívateµa"
+
+#: g10/keyedit.c:1419
+#, fuzzy
+msgid "add a subkey"
+msgstr "addkey"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr ""
+
+#: g10/keyedit.c:1431
+#, fuzzy
+msgid "delete selected subkeys"
+msgstr "zmaza» sekundárny kµúè"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "prida» revokaèný kµúè"
+
+#: g10/keyedit.c:1435
+#, fuzzy
+msgid "delete signatures from the selected user IDs"
+msgstr "Skutoène aktualizova» predvoµby pre vybrané id u¾ívateµa? "
+
+#: g10/keyedit.c:1437
+#, fuzzy
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "Nemô¾ete zmeni» dobu platnosti kµúèa verzie 3\n"
+
+#: g10/keyedit.c:1439
+#, fuzzy
+msgid "flag the selected user ID as primary"
+msgstr "oznaèi» u¾ívateµské ID ako primárne"
+
+#: g10/keyedit.c:1441
+#, fuzzy
+msgid "toggle between the secret and public key listings"
+msgstr "prepnú» medzi vypísaním zoznamu tajných a verejných kµúèov"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "vypísa» zoznam predvolieb (pre expertov)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "vypísa» zoznam predvolieb (podrobne)"
+
+#: g10/keyedit.c:1448
+#, fuzzy
+msgid "set preference list for the selected user IDs"
+msgstr "Skutoène aktualizova» predvoµby pre vybrané id u¾ívateµa? "
+
+#: g10/keyedit.c:1453
+#, fuzzy
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "nemo¾no pou¾i» URI servera kµúèov - chyba analýzy URI\n"
+
+#: g10/keyedit.c:1455
+#, fuzzy
+msgid "set a notation for the selected user IDs"
+msgstr "Skutoène aktualizova» predvoµby pre vybrané id u¾ívateµa? "
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "zmeni» heslo"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "zmeni» dôveryhodnos» vlastníka kµúèa"
+
+#: g10/keyedit.c:1463
+#, fuzzy
+msgid "revoke signatures on the selected user IDs"
+msgstr "Skutoène revokova» v¹etky vybrané id u¾ívateµa? "
+
+#: g10/keyedit.c:1465
+#, fuzzy
+msgid "revoke selected user IDs"
+msgstr "revokova» identifikátor u¾ívateµa"
+
+#: g10/keyedit.c:1470
+#, fuzzy
+msgid "revoke key or selected subkeys"
+msgstr "revokova» sekundárny kµúè"
+
+#: g10/keyedit.c:1471
+#, fuzzy
+msgid "enable key"
+msgstr "nastavi» kµúè ako platný (enable)"
+
+#: g10/keyedit.c:1472
+#, fuzzy
+msgid "disable key"
+msgstr "nastavi» kµúè ako neplatný (disable)"
+
+#: g10/keyedit.c:1473
+#, fuzzy
+msgid "show selected photo IDs"
+msgstr "ukáza» fotografické ID"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+
+#: g10/keyedit.c:1601
+#, fuzzy, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "chyba pri èítaní bloku tajného kµúèa `%s': %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Tajný kµúè je dostupný.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Na vykonanie tejto operácie je potrebný tajný kµúè.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Prosím, najskôr pou¾ite príkaz \"toggle\" (prepnú»).\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "Kµúè revokovaný."
+
+#: g10/keyedit.c:1798
+#, fuzzy
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Skutoène podpísa» v¹etky id u¾ívateµa? "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Nápoveda: Vyberte id u¾ívateµa na podpísanie\n"
+
+#: g10/keyedit.c:1814
+#, fuzzy, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "neznáma trieda podpisu"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Tento príkaz nie je v módoch %s dovolený.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Musíte vybra» aspoò jedno id u¾ívateµa.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Nemô¾ete zmaza» posledné id u¾ívateµa!\n"
+
+#: g10/keyedit.c:1863
+#, fuzzy
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Skutoène odstráni» v¹etky vybrané id u¾ívateµa? "
+
+#: g10/keyedit.c:1864
+#, fuzzy
+msgid "Really remove this user ID? (y/N) "
+msgstr "Skutoène odstráni» toto id u¾ívateµa? "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+#, fuzzy
+msgid "Really move the primary key? (y/N) "
+msgstr "Skutoène odstráni» toto id u¾ívateµa? "
+
+#: g10/keyedit.c:1929
+#, fuzzy
+msgid "You must select exactly one key.\n"
+msgstr "Musíte vybra» aspoò jeden kµúè.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr ""
+
+#: g10/keyedit.c:1971
+#, fuzzy, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "nemô¾em otvori» `%s': %s\n"
+
+#: g10/keyedit.c:1988
+#, fuzzy, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "chyba pri vytváraní súboru kµúèov (keyring)`%s': %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Musíte vybra» aspoò jeden kµúè.\n"
+
+#: g10/keyedit.c:2015
+#, fuzzy
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Skutoène chcete zmaza» vybrané kµúèe? "
+
+#: g10/keyedit.c:2016
+#, fuzzy
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Skutoène chcete zmaza» tento kµúè? "
+
+#: g10/keyedit.c:2051
+#, fuzzy
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Skutoène revokova» v¹etky vybrané id u¾ívateµa? "
+
+#: g10/keyedit.c:2052
+#, fuzzy
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Skutoène revokova» toto id u¾ívateµa? "
+
+#: g10/keyedit.c:2070
+#, fuzzy
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Skutoène chcete revokova» tento kµúè? "
+
+#: g10/keyedit.c:2081
+#, fuzzy
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Skutoène chcete revokova» vybrané kµúèe? "
+
+#: g10/keyedit.c:2083
+#, fuzzy
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Skutoène chcete revokova» tento kµúè? "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+
+#: g10/keyedit.c:2175
+#, fuzzy
+msgid "Set preference list to:\n"
+msgstr "nastavi» zoznam predvolieb"
+
+#: g10/keyedit.c:2181
+#, fuzzy
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "Skutoène aktualizova» predvoµby pre vybrané id u¾ívateµa? "
+
+#: g10/keyedit.c:2183
+#, fuzzy
+msgid "Really update the preferences? (y/N) "
+msgstr "Skutoène aktualizova» predvoµby? "
+
+#: g10/keyedit.c:2253
+#, fuzzy
+msgid "Save changes? (y/N) "
+msgstr "Ulo¾i» zmeny? "
+
+#: g10/keyedit.c:2256
+#, fuzzy
+msgid "Quit without saving? (y/N) "
+msgstr "Ukonèi» bez ulo¾enia? "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "aktualizácia zlyhala: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "aktualizácia tajného kµúèa zlyhala: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "kµúè nebol zmenený, tak¾e nie je potrebné ho aktualizova».\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Digest: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Charakteristiky: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr ""
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr ""
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+#, fuzzy
+msgid "Notations: "
+msgstr "Notácie: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "U¾ívateµské ID vo formáte PGP 2.x nemá ¾iadne predvoµby\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Tento kµúè mô¾e by» revokovaný kµúèom %s "
+
+#: g10/keyedit.c:2832
+#, fuzzy, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Tento kµúè mô¾e by» revokovaný kµúèom %s "
+
+#: g10/keyedit.c:2838
+#, fuzzy
+msgid "(sensitive)"
+msgstr "(citlivá informácia)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, fuzzy, c-format
+msgid "created: %s"
+msgstr "%s: nemô¾em vytvori»: %s\n"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, fuzzy, c-format
+msgid "revoked: %s"
+msgstr "[revokované]"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, fuzzy, c-format
+msgid "expired: %s"
+msgstr " [platnos» skonèí: %s]"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, fuzzy, c-format
+msgid "expires: %s"
+msgstr " [platnos» skonèí: %s]"
+
+#: g10/keyedit.c:2863
+#, fuzzy, c-format
+msgid "usage: %s"
+msgstr " dôvera: %c/%c"
+
+#: g10/keyedit.c:2878
+#, fuzzy, c-format
+msgid "trust: %s"
+msgstr " dôvera: %c/%c"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr ""
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Tento kµúè bol oznaèený za neplatný (disabled)"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr ""
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Prosím nezabúdajte, ¾e zobrazované údaje o platnosti kµúèov nemusia\n"
+"by» správne, pokiaµ znovu nespustíte program.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+#, fuzzy
+msgid "revoked"
+msgstr "[revokované]"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+#, fuzzy
+msgid "expired"
+msgstr "expire"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"VAROVANIE: ¾iadne ID u¾ívateµa nebolo oznaèené ako primárne. Tento príkaz\n"
+"spôsobí, ¾e iné ID u¾ívateµa sa bude pova¾ova» primárne.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"VAROVANIE: Toto je PGP2 kµúè. Pridanie fotografického ID mô¾e v niektorých\n"
+" verziách PGP vies» k odmietnutiu tohto kµúèa.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Ste si istý, ¾e ho chcete stále prida»? (a/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "Nemali by ste pridáva» fotografické ID k PGP2 kµúèu.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Zmaza» tento dobrý podpis? (a/N/u)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Zmaza» tento neplatný podpis? (a/N/u)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Zmaza» tento neznámy podpis? (a/N/u)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Skutoène zmaza» tento podpis podpísaný sebou samým? (a/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Zmazaný %d podpis.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "Zmazaných %d podpisov.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Niè nebolo zmaznané.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+#, fuzzy
+msgid "invalid"
+msgstr "neplatný spôsob reprezentácie v ASCII"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "U¾ívateµské ID \"%s\" je revokované."
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "U¾ívateµské ID \"%s\" je revokované."
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "U¾ívateµské ID \"%s\" je revokované."
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "u¾ívateµské ID \"%s\" je u¾ revokované\n"
+
+#: g10/keyedit.c:3374
+#, fuzzy, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "u¾ívateµské ID \"%s\" je u¾ revokované\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"VAROVANIE: Toto je PGP2 kµúè. Pridanie fotografického ID mô¾e v niektorých\n"
+" verziách PGP vies» k odmietnutiu tohoto kµúèa.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "Nemali by ste pridáva» fotografické ID k PGP2 kµúèu.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Vlo¾te identifikátor u¾ívateµa povereného revokáciou: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "kµúè vo formáte PGP 2.x nemo¾no poveri» revokáciou\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "kµúè nemo¾no poveri» revokáciou ním samým\n"
+
+#: g10/keyedit.c:3561
+#, fuzzy
+msgid "this key has already been designated as a revoker\n"
+msgstr "VAROVANIE: Tento kµúè bol revokovaný jeho urèeným revokátorom/!\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr "VAROVANIE: oznaèenie kµúèa ako revokovací u¾ nemô¾e by» zru¹ené!\n"
+
+#: g10/keyedit.c:3586
+#, fuzzy
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr "Ste si istý, ¾e chcete oznaèi» tento kµúè ako revokovací? (a/N): "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Prosím, odstráòte výber z tajných kµúèov.\n"
+
+#: g10/keyedit.c:3653
+#, fuzzy
+msgid "Please select at most one subkey.\n"
+msgstr "Prosím, vyberte najviac jeden sekundárny kµúè.\n"
+
+#: g10/keyedit.c:3657
+#, fuzzy
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Mením dobu platnosti sekundárneho kµúèa.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Mením dobu platnosti primárneho kµúèa.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Nemô¾ete zmeni» dobu platnosti kµúèa verzie 3\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "V súbore tajných kµúèov chýba zodpovedajúci podpis\n"
+
+#: g10/keyedit.c:3800
+#, fuzzy, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "VAROVANIE: podpisovací podkµúè %08lX nie je krí¾ovo certifikovaný\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Prosím, vyberte práve jedno id u¾ívateµa.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, fuzzy, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "preskoèený v3 podpis kµúèa ním samým u u¾ívateµského id \"%s\"\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr ""
+
+#: g10/keyedit.c:4259
+#, fuzzy
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Ste si istý, ¾e ho chcete pou¾i»? (a/N) "
+
+#: g10/keyedit.c:4260
+#, fuzzy
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Ste si istý, ¾e ho chcete pou¾i»? (a/N) "
+
+#: g10/keyedit.c:4322
+#, fuzzy
+msgid "Enter the notation: "
+msgstr "Podpisová notácia: "
+
+#: g10/keyedit.c:4471
+#, fuzzy
+msgid "Proceed? (y/N) "
+msgstr "Prepísa» (a/N)? "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Neexistuje identifikátor u¾ívateµa s indexom %d\n"
+
+#: g10/keyedit.c:4604
+#, fuzzy, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Neexistuje identifikátor u¾ívateµa s indexom %d\n"
+
+#: g10/keyedit.c:4639
+#, fuzzy, c-format
+msgid "No subkey with index %d\n"
+msgstr "Neexistuje identifikátor u¾ívateµa s indexom %d\n"
+
+#: g10/keyedit.c:4774
+#, fuzzy, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "id u¾ívateµa: \""
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, fuzzy, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr " podpísané %08lX v %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (nexeportovateµné)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Platnos» podpisu vypr¹í %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Ste si istý, ¾e ho chcete stále revokova»? (a/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Vytvori» pre tento podpis revokaèný certifikát? (a/N)"
+
+#: g10/keyedit.c:4842
+#, fuzzy
+msgid "Not signed by you.\n"
+msgstr " podpísané %08lX v %s%s\n"
+
+#: g10/keyedit.c:4848
+#, fuzzy, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Podpísali ste nasledujúce identifikátory u¾ívateµa:\n"
+
+#: g10/keyedit.c:4874
+#, fuzzy
+msgid " (non-revocable)"
+msgstr " (nexeportovateµné)"
+
+#: g10/keyedit.c:4881
+#, fuzzy, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr " revokované %08lX v %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Chystáte sa revokova» tieto podpisy:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Skutoène vytvori» revokaèné certifikáty? (a/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "neexistuje tajný kµúè\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "u¾ívateµské ID \"%s\" je u¾ revokované\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr "VAROVANIE: podpis pou¾ivateµkého ID vznikol %d sekund v budúcnosti\n"
+
+#: g10/keyedit.c:5104
+#, fuzzy, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "u¾ívateµské ID \"%s\" je u¾ revokované\n"
+
+#: g10/keyedit.c:5166
+#, fuzzy, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "u¾ívateµské ID \"%s\" je u¾ revokované\n"
+
+#: g10/keyedit.c:5261
+#, fuzzy, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+"Zobrazujem %s fotografické ID s veµkos»ou %ld pre kµúè 0x%08lX (uid %d)\n"
+
+#: g10/keygen.c:275
+#, fuzzy, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "duplicita predvoµby %c%lu\n"
+
+#: g10/keygen.c:282
+#, fuzzy
+msgid "too many cipher preferences\n"
+msgstr "príli¹ veµa `%c' predvolieb\n"
+
+#: g10/keygen.c:284
+#, fuzzy
+msgid "too many digest preferences\n"
+msgstr "príli¹ veµa `%c' predvolieb\n"
+
+#: g10/keygen.c:286
+#, fuzzy
+msgid "too many compression preferences\n"
+msgstr "príli¹ veµa `%c' predvolieb\n"
+
+#: g10/keygen.c:426
+#, fuzzy, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "neplatný znak v re»azci s predvoµbami\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "zapisujem podpis kµúèa ním samým (direct signature)\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "zapisujem podpis kµúèa sebou samým\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "zapisujem \"key-binding\" podpis\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "neplatná då¾ka kµúèa; pou¾ijem %u bitov\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "då¾ka kµúèa zaokrúhlená na %u bitov\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+#, fuzzy
+msgid "Sign"
+msgstr "sign"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr ""
+
+#: g10/keygen.c:1564
+#, fuzzy
+msgid "Encrypt"
+msgstr "¹ifrova» dáta"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr ""
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr ""
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr ""
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr ""
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr ""
+
+#: g10/keygen.c:1620
+#, fuzzy, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%d) ElGamal (len na ¹ifrovanie)\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr ""
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Prosím, vyberte druh kµúèa, ktorý chcete:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA a ElGamal (implicitný)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA a ElGamal (implicitný)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (len na podpis)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (len na podpis)\n"
+
+#: g10/keygen.c:1698
+#, fuzzy, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (len na ¹ifrovanie)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (len na ¹ifrovanie)\n"
+
+#: g10/keygen.c:1703
+#, fuzzy, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) RSA (len na ¹ifrovanie)\n"
+
+#: g10/keygen.c:1704
+#, fuzzy, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (len na ¹ifrovanie)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr ""
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Akú veµkos» kµúèa si prajete? (1024) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, fuzzy, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Akú veµkos» kµúèa si prajete? (1024) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Po¾adovaná då¾ka kµúèa je %u bitov.\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Prosím urète, ako dlho by mal kµúè platit.\n"
+" 0 = doba platnosti kµúèa nie je obmedzená\n"
+" <n> = doba platnosti kµúèa skonèí za n dní\n"
+" <n>w = doba platnosti kµúèa skonèí za n tý¾dòov\n"
+" <n>m = doba platnosti kµúèa skonèí za n mesiacov\n"
+" <n>y = doba platnosti kµúèa skonèí za n rokov\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Prosím urète, ako dlho by mal podpis platit.\n"
+" 0 = doba platnosti podpisu nie je onmedzená\n"
+" <n> = doba platnosti podpisu skonèí za n dní\n"
+" <n>w = doba platnosti podpisu skonèí za n tý¾dòov\n"
+" <n>m = doba platnosti podpisu skonèí za n mesiacov\n"
+" <n>y = doba platnosti podpisu skonèí za n rokov\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Kµúè je platný na? (0) "
+
+#: g10/keygen.c:1964
+#, fuzzy, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Podpis je platný na? (0) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "neplatná hodnota\n"
+
+#: g10/keygen.c:1989
+#, fuzzy
+msgid "Key does not expire at all\n"
+msgstr "platnos» %s neskonèí\n"
+
+#: g10/keygen.c:1990
+#, fuzzy
+msgid "Signature does not expire at all\n"
+msgstr "platnos» %s neskonèí\n"
+
+#: g10/keygen.c:1995
+#, fuzzy, c-format
+msgid "Key expires at %s\n"
+msgstr "platnos» %s skonèí %s\n"
+
+#: g10/keygen.c:1996
+#, fuzzy, c-format
+msgid "Signature expires at %s\n"
+msgstr "Platnos» podpisu vypr¹í %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Vá¹ systém nevie zobrazi» dátumy po roku 2038.\n"
+"V ka¾dom prípade budú dátumy korektne spracovávané do roku 2106.\n"
+
+#: g10/keygen.c:2013
+#, fuzzy
+msgid "Is this correct? (y/N) "
+msgstr "Je to správne (a/n)? "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+#, fuzzy
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Aby bolo mo¾né rozpozna» Vá¹ kµúè, musíte pozna» identifikátor u¾ívateµa;\n"
+"program ho zlo¾í z Vá¹ho mena a priezviska, komentára a e-mailu v tomto "
+"tvare:\n"
+" \"Jozko Mrkvicka (student) <jozko@mrkvicka.sk>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Meno a priezvisko: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Neplatný znak ve mene\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Meno nemô¾e zaèína» èíslicou\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Meno musí by» dlhé aspoò 5 znakov\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "E-mailová adresa: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Neplatná e-mailová adresa\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Komentár: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Neplatný znak v komentári\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Pou¾ívate znakovú sadu `%s'.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Zvolili ste tento identifikátor u¾ívateµa:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "Do poµa meno alebo komentár nepí¹te, prosím, e-mailovú adresu.\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "mMkKeEPpUu"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Zmeni» (M)eno, (K)omentár, (E)-mail alebo (U)konèi»? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Zmeni» (M)eno, (K)omentár, (E)-mail alebo (P)okraèova»/(U)konèi»? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Najskôr, prosím, opravte chybu\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Na ochranu Vá¹ho tajného kµúèa musíte zada» heslo.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "Prosím, vlo¾te heslo; toto je tajná veta \n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Nechcete heslo - to *nie je* dobrý nápad!\n"
+"Dobre, budem pokraèova» bez hesla. Kedykoµvek mô¾ete heslo zmeni» pou¾itím\n"
+"tohto programu s parametrom \"--edit-key\".\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Je potrebné vytvori» veµa náhodných bajtov. Poèas vytvárania mô¾ete\n"
+"vykonáva» inú prácu na poèítaèi (písa» na klávesnici, pohybova» my¹ou,\n"
+"pou¾íva» disky); vïaka tomu má generátor lep¹iu ¹ancu získa» dostatok "
+"entropie.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Vytváranie kµúèa bolo zru¹ené.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "zapisujem verejný kµúè do `%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, fuzzy, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "zapisujem tajný kµúè do `%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "zapisujem tajný kµúè do `%s'\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "nenájdený zapisovateµný súbor verejných kµúèov (pubring): %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "nenájdený zapisovateµný súbor tajných kµúèov (secring): %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "chyba pri zápise do súboru verejných kµúèov `%s': %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "chyba pri zápise do súboru tajných kµúèov `%s': %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "verejný a tajný kµúè boli vytvorené a podpísané.\n"
+
+#: g10/keygen.c:3672
+#, fuzzy
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Tento kµúè nemô¾e by» pou¾itý na ¹ifrovanie. Pre vytvorenie\n"
+"sekundárneho kµúèa na tento úèel mô¾ete pou¾i» príkaz \"--edit-key\".\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Vytvorenie kµúèa sa nepodarilo: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"kµúè bol vytvorený %lu sekund v budúcnosti (do¹lo k zmene èasu alebo\n"
+"je problém so systémovým èasom)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"kµúè bol vytvorený %lu sekund v budúcnosti (do¹lo k zmene èasu alebo\n"
+"je problém so systémovým èasom)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "POZNÁMKA: vytvorenie podkµúèa pre kµúèe v3 nie je v súlade s OpenPGP\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+#, fuzzy
+msgid "Really create? (y/N) "
+msgstr "Skutoène vytvori»? "
+
+#: g10/keygen.c:4116
+#, fuzzy, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "zmazanie bloku kµúèa sa nepodarilo: %s\n"
+
+#: g10/keygen.c:4165
+#, fuzzy, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "nemô¾em vytvori» `%s': %s\n"
+
+#: g10/keygen.c:4191
+#, fuzzy, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "POZNÁMKA: platnos» tajného kµúèa %08lX skonèila %s\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "nikdy "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Kritická podpisová politika: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Podpisová politika: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr ""
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Kritická podpisová notácia: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Podpisová notácia: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "súbor kµúèov (keyring)"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Primárny fingerprint kµúèa:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Fingerprint podkµúèa:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Primárny fingerprint kµúèa:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Fingerprint podkµúèa:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+#, fuzzy
+msgid " Key fingerprint ="
+msgstr " Fingerprint kµúèa ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr ""
+
+#: g10/keyring.c:1297
+#, fuzzy, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "kódovanie do ASCII formátu zlyhalo: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "VAROVANIE: Existujú dva súbory s tajnými informáciami.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s je bez zmeny\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s je nový\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Prosím, opravte tento mo¾ný bezpeènostný problém\n"
+
+#: g10/keyring.c:1430
+#, fuzzy, c-format
+msgid "caching keyring `%s'\n"
+msgstr "kontrolujem súbor kµúèov (keyring) `%s'\n"
+
+#: g10/keyring.c:1489
+#, fuzzy, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu kµúèov skontrolovaných (%lu podpisov)\n"
+
+#: g10/keyring.c:1501
+#, fuzzy, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu kµúèov skontrolovaných (%lu podpisov)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: súbor kµúèov (keyring) vytvorený\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr ""
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr ""
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr ""
+
+#: g10/keyserver.c:85
+#, fuzzy
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "zadané URL pre podpisovú politiku je neplatné\n"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+
+#: g10/keyserver.c:153
+#, fuzzy, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr "VAROVANIE: nastavenie v `%s' e¹te nie je aktívne\n"
+
+#: g10/keyserver.c:544
+#, fuzzy
+msgid "disabled"
+msgstr "disable"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr ""
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, fuzzy, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "neplatný parameter pre export\n"
+
+#: g10/keyserver.c:932
+#, fuzzy, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "kµúè `%s' nebol nájdený: %s\n"
+
+#: g10/keyserver.c:934
+#, fuzzy
+msgid "key not found on keyserver\n"
+msgstr "kµúè `%s' nebol nájdený: %s\n"
+
+#: g10/keyserver.c:1177
+#, fuzzy, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "po¾adujem kµúè %08lX z %s\n"
+
+#: g10/keyserver.c:1181
+#, fuzzy, c-format
+msgid "requesting key %s from %s\n"
+msgstr "po¾adujem kµúè %08lX z %s\n"
+
+#: g10/keyserver.c:1205
+#, fuzzy, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "vyhµadávam \"%s\" na HKP serveri %s\n"
+
+#: g10/keyserver.c:1208
+#, fuzzy, c-format
+msgid "searching for names from %s\n"
+msgstr "vyhµadávam \"%s\" na HKP serveri %s\n"
+
+#: g10/keyserver.c:1361
+#, fuzzy, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "vyhµadávam \"%s\" na HKP serveri %s\n"
+
+#: g10/keyserver.c:1365
+#, fuzzy, c-format
+msgid "sending key %s to %s\n"
+msgstr ""
+"\"\n"
+"podpísané Va¹ím kµúèom %08lX v %s\n"
+
+#: g10/keyserver.c:1408
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "vyhµadávam \"%s\" na HKP serveri %s\n"
+
+#: g10/keyserver.c:1411
+#, fuzzy, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "vyhµadávam \"%s\" na HKP serveri %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+#, fuzzy
+msgid "no keyserver action!\n"
+msgstr "neplatný parameter pre export\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr ""
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr ""
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr ""
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr ""
+
+#: g10/keyserver.c:1575
+#, fuzzy
+msgid "keyserver timed out\n"
+msgstr "chyba servera kµúèov"
+
+#: g10/keyserver.c:1580
+#, fuzzy
+msgid "keyserver internal error\n"
+msgstr "chyba servera kµúèov"
+
+#: g10/keyserver.c:1589
+#, fuzzy, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "nepodarilo sa prija» kµúè zo servera: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr ""
+
+#: g10/keyserver.c:1907
+#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "VAROVANIE: nemô¾em vymaza» doèasný súbor (%s) `%s': %s\n"
+
+#: g10/keyserver.c:1929
+#, fuzzy, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "po¾adujem kµúè %08lX z %s\n"
+
+#: g10/keyserver.c:1931
+#, fuzzy, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "po¾adujem kµúè %08lX z %s\n"
+
+#: g10/keyserver.c:1987
+#, fuzzy, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "VAROVANIE: nemô¾em vymaza» doèasný súbor (%s) `%s': %s\n"
+
+#: g10/keyserver.c:1993
+#, fuzzy, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "VAROVANIE: nemô¾em vymaza» doèasný súbor (%s) `%s': %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "zvlá¹tna veµkos» ¹ifrovacieho kµúèa pre sedenie (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s kµúè ¹ifrovaného sedenia\n"
+
+#: g10/mainproc.c:294
+#, fuzzy, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "za¹ifrované neznámym algoritmom %d\n"
+
+#: g10/mainproc.c:360
+#, fuzzy, c-format
+msgid "public key is %s\n"
+msgstr "verejný kµúè je %08lX\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "dáta za¹ifrované verejným kµúèom: správny DEK\n"
+
+#: g10/mainproc.c:456
+#, fuzzy, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "za¹ifrované %u-bitovým %s kµúèom, ID %08lX, vytvoreným %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, fuzzy, c-format
+msgid " \"%s\"\n"
+msgstr " alias \""
+
+# Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
+# [kw]
+#: g10/mainproc.c:464
+#, fuzzy, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "za¹ifrovaná %s kµúèom, ID %08lX\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "de¹ifrovanie verejným kµúèom zlyhalo: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "za¹ifrované s %lu heslami\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "za¹ifrované jedným heslom\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "predpokladám %s ¹ifrovaných dát\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+"algoritmus IDEA nie je dostupný; optimisticky sa ho pokúsime nahradi» "
+"algoritmom %s\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "de¹ifrovanie o.k.\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "VAROVANIE: správa nemá ochranu integrity\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "VAROVANIE: so za¹ifrovanou správou bolo manipulované!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "de¹ifrovanie zlyhalo: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "POZNÁMKA: odosielateµ po¾adoval (\"for-your-eyes-only\")\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "pôvodné meno súboru='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr ""
+"samostatný revokaèný certifikát - pou¾ite \"gpg --import\", ak ho chcete "
+"vyu¾i»\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+#, fuzzy
+msgid "no signature found\n"
+msgstr "Dobrý podpis od \""
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "verifikácia podpisu potlaèená\n"
+
+#: g10/mainproc.c:1587
+#, fuzzy
+msgid "can't handle this ambiguous signature data\n"
+msgstr "neviem pracova» s týmito násobnými podpismi\n"
+
+#: g10/mainproc.c:1598
+#, fuzzy, c-format
+msgid "Signature made %s\n"
+msgstr "Platnos» podpisu vypr¹ala %s\n"
+
+#: g10/mainproc.c:1599
+#, fuzzy, c-format
+msgid " using %s key %s\n"
+msgstr " alias \""
+
+# Scripte scannen lt. dl1bke auf "ID (0-9A-F)+" deswegen muß "ID" rein :-(
+#: g10/mainproc.c:1603
+#, fuzzy, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Podpis vytvorený %.*s pomocou %s kµúèa ID %08lX\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Kµúè k dispozícii na: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, fuzzy, c-format
+msgid "BAD signature from \"%s\""
+msgstr "ZLÝ podpis od \""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, fuzzy, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Podpis s vypr¹anou platnos»ou od \""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, fuzzy, c-format
+msgid "Good signature from \"%s\""
+msgstr "Dobrý podpis od \""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[neistý] "
+
+#: g10/mainproc.c:1843
+#, fuzzy, c-format
+msgid " aka \"%s\""
+msgstr " alias \""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Platnos» podpisu vypr¹ala %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Platnos» podpisu vypr¹í %s\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s podpis, hashovací algoritmus %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "binárne"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "textový mód"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "neznáme"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Nemô¾em overi» podpis: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "toto nie je podpis oddelený od dokumentu\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr "VAROVANIE: Nájdené viacnásobne podpisy. Skontrolovaný bude len prvý.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "samostatný podpis triedy 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "podpis starého typu (PGP 2.x)\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "nájdený neplatný koreòový paket v proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, fuzzy, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "nemo¾no otvori» súbor: %s\n"
+
+#: g10/misc.c:178
+#, fuzzy, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "databáza dôvery: procedúra read() (n=%d) zlyhala: %s\n"
+
+#: g10/misc.c:296
+#, fuzzy, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "nemô¾em pracova» s algoritmom verejného kµúèa %d\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+"vy¾iadaný hashovací algoritmus %s (%d) nevyhovuje predvoµbám príjemcu\n"
+
+#: g10/misc.c:315
+#, fuzzy, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "¹ifrovací algoritmus nie je implementovaný"
+
+#: g10/misc.c:330
+#, fuzzy, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "%s podpis, hashovací algoritmus %s\n"
+
+#: g10/misc.c:335
+#, fuzzy, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr ""
+"vy¾iadaný hashovací algoritmus %s (%d) nevyhovuje predvoµbám príjemcu\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "IDEA modul pre GnuPG nenájdený\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, fuzzy, c-format
+msgid "please see %s for more information\n"
+msgstr " i = prosím o viac informácíi\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: pou¾itie parametra \"%s\" sa neodporúèa\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "VAROVÁNÍ: pou¾itie parametra \"%s\" sa neodporúèa\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "pou¾ite namiesto neho \"%s%s\" \n"
+
+#: g10/misc.c:774
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "VAROVÁNÍ: pou¾itie parametra \"%s\" sa neodporúèa\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "VAROVÁNÍ: pou¾itie parametra \"%s\" sa neodporúèa\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "Nekomprimované"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+#, fuzzy
+msgid "uncompressed|none"
+msgstr "Nekomprimované"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "táto správa nemusí pou¾iteµná s %s\n"
+
+#: g10/misc.c:1175
+#, fuzzy, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "èítam mo¾nosti z `%s'\n"
+
+#: g10/misc.c:1200
+#, fuzzy, c-format
+msgid "unknown option `%s'\n"
+msgstr "neznámy implicitný adresát `%s'\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Súbor `%s' existuje. "
+
+#: g10/openfile.c:93
+#, fuzzy
+msgid "Overwrite? (y/N) "
+msgstr "Prepísa» (a/N)? "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: neznáma prípona\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Vlo¾te nový názov súboru"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "zapisujem na ¹tandardný výstup (stdout)\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "predpokladám podpísané dáta v `%s'\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "vytvorený nový konfiguraèný súbor `%s'\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "VAROVANIE: nastavenie v `%s' e¹te nie je aktívne\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "nemô¾em pracova» s algoritmom verejného kµúèa %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+"VAROVANIE: pravdepodobne nebezpeèný symetricky ¹ifrovaný kµúè sedenia\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "podpaket typu %d má nastavený kritický bit\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, fuzzy, c-format
+msgid "problem with the agent: %s\n"
+msgstr "problém s agentom: agent vracia 0x%lx\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, fuzzy, c-format
+msgid " (main key ID %s)"
+msgstr " (hlavné ID kµúèa %08lX)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Potrebujete heslo, aby ste odomkli tajný kµúè pre u¾ívateµa:\n"
+"\"%.*s\"\n"
+"kµúè s då¾kou %u bitov, typ %s, ID %08lX, vytvorený %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Vlo¾i» heslo\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "zru¹ené u¾ívateµom\n"
+
+#: g10/passphrase.c:592
+#, fuzzy, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"\n"
+"Musíte pozna» heslo, aby ste odomkli tajný kµúè pre\n"
+"u¾ívateµa: \""
+
+#: g10/passphrase.c:600
+#, fuzzy, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "då¾ka %u bitov, typ %s, ID %08lX, vytvorený %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr ""
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Vyberte si obrázok, ktorý bude pou¾itý ako fotografické ID. Tento obrázok\n"
+"musí by» vo formáte JPEG. Pamätajte, ¾e bude ulo¾ený vo Va¹om verejnom "
+"kµúèi.\n"
+"Ak pou¾ijete veµmi veµký obrázok, kµúè bude tie¾ veµký! Odporúèaná veµkos»\n"
+"obrázka je okolo 240x288.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Meno súbor s fotografiou vo formáte JPEG: "
+
+#: g10/photoid.c:117
+#, fuzzy, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "nemo¾no otvori» súbor: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr ""
+
+#: g10/photoid.c:130
+#, fuzzy
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Ste si istý, ¾e ho chcete pou¾i»? (a/N) "
+
+#: g10/photoid.c:146
+#, fuzzy, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "\"%s\" nie je súbor JPEG\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Je táto fotografia správna (a/N/u)? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "nemo¾no nastavi» exec-path na %s\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Dôvod nebol ¹pecifikovaný"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Kµúè je nahradený"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Kµúè bol skompromitovaný"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Kµúè sa u¾ nepou¾íva"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "Identifikátor u¾ívateµa u¾ neplatí"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "dôvod na revokáciu: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "revokaèná poznámka: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMuUsS"
+
+#: g10/pkclist.c:212
+#, fuzzy
+msgid "No trust value assigned to:\n"
+msgstr ""
+"Nie je priradená ¾iadna hodnota dôvery k:\n"
+"%4u%c/%08lX %s \""
+
+#: g10/pkclist.c:245
+#, fuzzy, c-format
+msgid " aka \"%s\"\n"
+msgstr " alias \""
+
+#: g10/pkclist.c:255
+#, fuzzy
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "Tento kµúè pravdepodobne patrí jeho majiteµovi\n"
+
+#: g10/pkclist.c:270
+#, fuzzy, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Neviem\n"
+
+#: g10/pkclist.c:272
+#, fuzzy, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = Nedôverujem\n"
+
+#: g10/pkclist.c:278
+#, fuzzy, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Dôverujem absolútne\n"
+
+#: g10/pkclist.c:284
+#, fuzzy
+msgid " m = back to the main menu\n"
+msgstr " m = spä» do hlavného menu\n"
+
+#: g10/pkclist.c:287
+#, fuzzy
+msgid " s = skip this key\n"
+msgstr " s = preskoèi» tento kµúè\n"
+
+#: g10/pkclist.c:288
+#, fuzzy
+msgid " q = quit\n"
+msgstr " u = ukonèi»\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Va¹e rozhodnutie? "
+
+#: g10/pkclist.c:319
+#, fuzzy
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Skutoène chcete nastavi» pre tento kµúè absolútnu dôveru? "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certifikáty vedúce k finálnemu dôveryhodnému kµúèu:\n"
+
+#: g10/pkclist.c:418
+#, fuzzy, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Niè nenaznaèuje tomu, ¾e tento podpis patrí vlastníkovi kµúèa.\n"
+
+#: g10/pkclist.c:423
+#, fuzzy, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%08lX: Niè nenaznaèuje tomu, ¾e tento podpis patrí vlastníkovi kµúèa.\n"
+
+#: g10/pkclist.c:429
+#, fuzzy
+msgid "This key probably belongs to the named user\n"
+msgstr "Tento kµúè pravdepodobne patrí jeho majiteµovi\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Tento kµúè patrí nám (máme zodpovedajúci tajný kµúè)\n"
+
+#: g10/pkclist.c:460
+#, fuzzy
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"NIE JE isté, ¾e tento kµúè patrí osobe, ktorá sa vydáva za jeho\n"
+"vlastníka. Pokiaµ *skutoène* viete, èo robíte, mô¾ete na otázku\n"
+"odpoveda» áno\n"
+"\n"
+
+#: g10/pkclist.c:479
+#, fuzzy
+msgid "Use this key anyway? (y/N) "
+msgstr "Pou¾i» napriek tomu tento kµúè? "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "VAROVANIE: Je pou¾itý nedôveryhodný kµúè!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "VAROVANIE: kµúè mô¾e by» revokovaný (revokaèný kµúè neexistuje)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "VAROVANIE: Tento kµúè bol revokovaný jeho urèeným revokátorom/!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "VAROVANIE: Tento kµúè bol revokovaný jeho vlastníkom!\n"
+
+#: g10/pkclist.c:533
+#, fuzzy
+msgid " This could mean that the signature is forged.\n"
+msgstr " To mô¾e znamena», ¾e podpis je falo¹ný.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "VAROVANIE: Tento podkµúè bol revokovaný jeho vlastníkom!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Poznámka: Tento kµúè bol oznaèený ako neplatný (disabled).\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr ""
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr ""
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr ""
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Poznámka: Skonèila platnos» tohto kµúèa!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "VAROVANIE: Tento kµúè nie certifikovaný dôveryhodným podpisom!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" Niè nenaznaèuje tomu, ¾e tento podpis patrí vlastníkovi kµúèa.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "VAROVANIE: NEdôverujeme tomuto kµúèu!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Tento podpis je pravdepodobne FALO©NÝ.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"VAROVANIE: Tento kµúè nie je certifikovaný dostatoène dôveryhodnými "
+"podpismi!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Nie je isté, ¾e tento podpis patrí vlastníkovi.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: preskoèené: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: preskoèené: verejný kµúè je u¾ obsiahnutý v databáze\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr ""
+"Ne¹pecifikovali ste identifikátor u¾ívateµa (user ID). Mô¾ete pou¾i» \"-r\"\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr ""
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Napí¹te identifikátor u¾ívateµa (user ID). Ukonèite prázdnym riadkom: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Takýto identifikátor u¾ívateµa neexistuje.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "preskoèené: verejný kµúè je u¾ nastavený podµa implicitného adresáta\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Verejný kµúè je neplatný (disabled).\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "preskoèené: verejný kµúè je u¾ nastavený\n"
+
+#: g10/pkclist.c:1045
+#, fuzzy, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "neznámy implicitný adresát `%s'\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: preskoèené: verejný kµúè je neplatný (disabled)\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "¾iadne platné adresy\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "kµúè %08lX: chyba identifikátor u¾ívateµa\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "kµúè %08lX: chyba identifikátor u¾ívateµa\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "dáta neboli ulo¾ené; na ich ulo¾enie pou¾ite prepínaè \"--output\"\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Podpis oddelený od dokumentu.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Prosím, vlo¾te názov dátového súboru: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "èítam ¹tandardný vstup (stdin) ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "chýbajú podpísané dáta\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "nemô¾em otvori» podpísané dáta '%s'\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "nemô¾em otvori» podpísané dáta '%s'\n"
+
+#: g10/pubkey-enc.c:105
+#, fuzzy, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "anonymný adresát; skú¹am tajný kµúè %08lX ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "o.k., my sme anonymný adresát.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "staré kódovanie DEK nie je podporováné\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "¹ifrovací algoritmus %d%s je neznamý alebo je zakázaný\n"
+
+#: g10/pubkey-enc.c:284
+#, fuzzy, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "POZNÁMKA: v predvoµbách nenájdený ¹ifrovací algoritmus %d\n"
+
+#: g10/pubkey-enc.c:304
+#, fuzzy, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "POZNÁMKA: platnos» tajného kµúèa %08lX skonèila %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "POZNÁMKA: kµúè bol revokovaný"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet zlyhala: %s\n"
+
+#: g10/revoke.c:145
+#, fuzzy, c-format
+msgid "key %s has no user IDs\n"
+msgstr "kµúè %08lX: chyba identifikátor u¾ívateµa\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Bude revokovaný:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Toto je citlivý revokaèný kµúè)\n"
+
+#: g10/revoke.c:314
+#, fuzzy
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Vytvori» pre tento podpis revokaèný certifikát? "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "Vynútený ASCII textový výstup.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet zlyhala: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Revokaèný certifikát bol vytvorený.\n"
+
+#: g10/revoke.c:411
+#, fuzzy, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "¾iadne revokaèné kµúèe pre `%s' nenájdené\n"
+
+#: g10/revoke.c:470
+#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "tajný kµúè `%s' nebol nájdený: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "¾iadny zodpovedajúci verejný kµúè: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "verejný kµúè nesúhlasí s tajným!\n"
+
+#: g10/revoke.c:515
+#, fuzzy
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Vytvori» pre tento podpis revokaèný certifikát? "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "neznámy ochranný algoritmus\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "POZNÁMKA: Tento kµúè nie je chránený!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Bol vytvorený revokaèný certifikát.\n"
+"\n"
+"Presuòte ho na médium, ktoré mô¾ete schova»; ak Mallory získa k\n"
+"tomuto certifikátu prístup, mô¾e znefunkèni» Vá¹ kµúè. Jednoduché je\n"
+"vytlaèi» certifikát a schova» ho, pre prípad ¾e by médium bolo neèitateµné.\n"
+"Ale hrozí nebezpeèenstvo: Tlaèový systém Vá¹ho poèítaèa mô¾e uklada» dáta a\n"
+"sprístupni» ich iným!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Prosím výberte dôvod na revokáciu:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Zru¹i»"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Pravdepodobne ste chceli vybra» %d)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Ak chcete, napí¹te popis; ukonèite prázdnym riadkom:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Dôvod na revokáciu: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(®iadny popis)\n"
+
+#: g10/revoke.c:721
+#, fuzzy
+msgid "Is this okay? (y/N) "
+msgstr "Je to v poriadku? "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "tajné èasti kµúèa nie sú dostupné\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "ochranný algoritmus %d%s nie je podporováný\n"
+
+#: g10/seckey-cert.c:72
+#, fuzzy, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "ochranný algoritmus %d%s nie je podporováný\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Neplatné heslo; prosím, skúste to znovu"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "VAROVANIE: Zistený slabý kµúè - zmeòte, prosím, znovu heslo.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"generujem zastaralý 16 bitový kontrolný súèet na ochranu tajného kµúèa\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "vytvorený slabý kµúè - skú¹am znovu\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"nemô¾em sa vyvarova» slabého kµúèa pre symetrickú ¹ifru; operáciu som skúsil "
+"%d krát!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr ""
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr ""
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "VAROVANIE: konflikt hashu podpisu v správe\n"
+
+#: g10/sig-check.c:105
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "VAROVANIE: podpisovací podkµúè %08lX nie je krí¾ovo certifikovaný\n"
+
+#: g10/sig-check.c:117
+#, fuzzy, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"VAROVANIE: podpisovací podkµúè %08lX má neplatnú krí¾ovú certifikáciu\n"
+
+#: g10/sig-check.c:211
+#, fuzzy, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "verejný kµúè %08lX je o %lu sekund nov¹í ne¾ podpis\n"
+
+#: g10/sig-check.c:212
+#, fuzzy, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "verejný kµúè %08lX je o %lu sekund nov¹í ne¾ podpis\n"
+
+#: g10/sig-check.c:223
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"kµúè bol vytvorený %lu sekund v budúcnosti (do¹lo k zmene èasu alebo\n"
+"je problém so systémovým èasom)\n"
+
+#: g10/sig-check.c:225
+#, fuzzy, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"kµúè bol vytvorený %lu sekund v budúcnosti (do¹lo k zmene èasu alebo\n"
+"je problém so systémovým èasom)\n"
+
+#: g10/sig-check.c:239
+#, fuzzy, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "POZNÁMKA: podpisovému kµúèu %08lX skonèila platnos» %s\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "POZNÁMKA: kµúè bol revokovaný"
+
+#: g10/sig-check.c:325
+#, fuzzy, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"predpokladám neplatný podpis kµúèom %08lX, preto¾e je nastavený neznámy "
+"kritický bit\n"
+
+#: g10/sig-check.c:591
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "kµúè %08lX: neexistuje podkµúè pre revokáciu kµúèa\n"
+
+#: g10/sig-check.c:618
+#, fuzzy, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "kµúè %08lX: neexistuje podkµúè pre viazanie podkµúèov\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"VAROVANIE: nemo¾no %%-expandova» notácie (príli¹ dlhé). Pou¾ité "
+"neexpandované.\n"
+
+#: g10/sign.c:115
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"VAROVANIE: nemô¾em %%-expandova» URL politiky (príli¹ dlhé). Pou¾ité "
+"neexpandované.\n"
+
+#: g10/sign.c:138
+#, fuzzy, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"VAROVANIE: nemô¾em %%-expandova» URL politiky (príli¹ dlhé). Pou¾ité "
+"neexpandované.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "kontrola vytvoreného podpisu sa nepodarila: %s\n"
+
+#: g10/sign.c:320
+#, fuzzy, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s podpis od: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"v móde --pgp2 mô¾ete vytvori» len oddelený podpis kµúèa vo formáte PGP-2.x\n"
+
+#: g10/sign.c:837
+#, fuzzy, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"vy¾iadaný hashovací algoritmus %s (%d) nevyhovuje predvoµbám príjemcu\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "podpisujem:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"v móde --pgp2 mô¾ete vytvára» èitateµné podpisy len s kµúèmi formátu PGP-2."
+"x\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "bude pou¾ité ¹ifrovanie %s\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"kµúè nie je oznaèený ako nedostatoène bezpeèný - nemô¾em ho pou¾i» s "
+"falo¹ným RNG!\n"
+
+#: g10/skclist.c:174
+#, fuzzy, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "preskoèený `%s': duplikovaný\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, fuzzy, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "preskoèený `%s': %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "preskoèené: tajný kµúè je u¾ v databáze\n"
+
+#: g10/skclist.c:208
+#, fuzzy
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"preskoèený `%s': toto je vygenerovaný PGP kµúè podµa algoritmu ElGamal,\n"
+"podpisy vytvorené týmto kµúèom nie sú bezpeèné!\n"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "záznam dôvery %lu, typ %d: zápis zlyhal: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Zoznam pridelených hodnôt dôveryhodnosti, vytvorený %s\n"
+"# (Pou¾ite \"gpg --import-ownertrust\" na obnovenie)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, fuzzy, c-format
+msgid "error in `%s': %s\n"
+msgstr "chyba pri èítaní `%s': %s\n"
+
+#: g10/tdbdump.c:161
+#, fuzzy
+msgid "line too long"
+msgstr "riadok je príli¹ dlhý\n"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ""
+
+#: g10/tdbdump.c:175
+#, fuzzy
+msgid "invalid fingerprint"
+msgstr "chyba: neplatný odtlaèok\n"
+
+#: g10/tdbdump.c:180
+#, fuzzy
+msgid "ownertrust value missing"
+msgstr ""
+"importova» hodnoty dôveryhodnosti\n"
+" vlastníka kµúèa"
+
+#: g10/tdbdump.c:216
+#, fuzzy, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "chyba pri hµadaní záznamu dôvery: %s\n"
+
+#: g10/tdbdump.c:220
+#, fuzzy, c-format
+msgid "read error in `%s': %s\n"
+msgstr "chyba pri èítaní: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "databáza dôvery: synchronizácia zlyhala %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "záznam v databáze dôvery %lu: lseek() sa nepodaril: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "záznam v databáze dôvery %lu: zápis sa nepodaril (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "transakcia s databázou dôvery je príli¹ dlhá\n"
+
+#: g10/tdbio.c:500
+#, fuzzy, c-format
+msgid "can't access `%s': %s\n"
+msgstr "nemô¾em zavrie» `%s': %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: adresár neexistuje!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, fuzzy, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "nemô¾em vytvori» `%s': %s\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, fuzzy, c-format
+msgid "can't lock `%s'\n"
+msgstr "nemo¾no otvori» `%s'\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: nepodarilo sa vytvori» záznam verzie: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: vytvorená neplatná databáza dôvery\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: databáza dôvery vytvorená\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "POZNÁMKA: do trustdb nemo¾no zapisova»\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: neplatná databáze dôvery\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: nepodarilo sa vytvori» hashovaciu tabuµku: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: chyba pri aktualizácii záznamu verzie: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: chyba pri èítaní záznamu verzie: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: chyba pri zápise záznamu verzie: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "databáze dôvery: procedúra lseek() zlyhala: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "databáza dôvery: procedúra read() (n=%d) zlyhala: %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: nie je súbor databázy dôvery\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: záznam verzie s èíslom %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: neplatná verzia súboru %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: chyba pri èítaní voµného záznamu: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: chyba pri zápise adresárového záznamu: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: vynulovanie záznamu zlyhalo: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: pridanie záznamu zlyhalo: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: databáza dôvery vytvorená\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "nemô¾em pracova» s riadkami dlh¹ími ako %d znakov\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "vstupný riadok je dlh¹í ako %d znakov\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "`%s' nie je platné dlhé keyID\n"
+
+#: g10/trustdb.c:252
+#, fuzzy, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "kµúè %08lX: akceptovaný ako dôveryhodný kµúè\n"
+
+#: g10/trustdb.c:290
+#, fuzzy, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "kµúè %08lX sa v databáze dôvery vyskytuje viac ako raz\n"
+
+#: g10/trustdb.c:305
+#, fuzzy, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr ""
+"kµúè %08lX: nenájdený verejný kµúè k dôveryhodnému kµúèu - preskoèené\n"
+
+#: g10/trustdb.c:315
+#, fuzzy, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "kµúè oznaèený ako absolútne dôveryhodný.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "záznam dôvery %lu, typ po¾. %d: èítanie zlyhalo: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "záznam dôvery %lu nie je po¾adovaného typu %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr ""
+
+#: g10/trustdb.c:522
+#, fuzzy
+msgid "[ revoked]"
+msgstr "[revokované]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+#, fuzzy
+msgid "[ expired]"
+msgstr "[expirované]"
+
+#: g10/trustdb.c:528
+#, fuzzy
+msgid "[ unknown]"
+msgstr "neznáme"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr ""
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr ""
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr ""
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr ""
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr ""
+
+#: g10/trustdb.c:549
+#, fuzzy
+msgid "never"
+msgstr "nikdy "
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr ""
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr ""
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr ""
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "nie je nutné kontrolova» databázu dôvery\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "dal¹ia kontrola databázy dôvery %s\n"
+
+#: g10/trustdb.c:607
+#, fuzzy, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "nie je nutné kontrolova» databázu dôvery\n"
+
+#: g10/trustdb.c:622
+#, fuzzy, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "nie je nutné kontrolova» databázu dôvery\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, fuzzy, c-format
+msgid "public key %s not found: %s\n"
+msgstr "verejný kµúè %08lX nebol nájdený: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "prosím vykonajte --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "kontrolujem databázu dôvery\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d kµúèov spracovaných (%d poètov platnosti vymazaných)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "neboli nájdené ¾iadne absolútne dôveryhodné kµúèe\n"
+
+#: g10/trustdb.c:2309
+#, fuzzy, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "verejný kµúè k absolútne dôveryhodnému kµúèu %08lX nebol nájdený\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr ""
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+
+#: g10/trustdb.c:2493
+#, fuzzy, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "záznam dôvery %lu, typ %d: zápis zlyhal: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"podpis nebolo mo¾né overi».\n"
+"Prosím, nezabúdajte, ¾e súbor s podpisom (.sig alebo .asc)\n"
+"by mal by» prvým súborom zadaným na príkazovom riadku.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "vstupný riadok %u je príli¹ dlhý alebo na konci chýba znak LF\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "nemô¾em otvori» `%s': %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "zapisujem tajný kµúè do `%s'\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "chyba pri èítaní súboru"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "riadok je príli¹ dlhý\n"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "neplatný argument"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "konfliktné príkazy\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "neplatný parameter pre import\n"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "nespracované"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "neplatný parameter pre import\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "Neplatný príkaz (skúste \"help\")\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "nespracované"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "neplatný parameter pre import\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "nájdená chyba v programe ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "chyba pri èítaní `%s': %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "nemo¾no otvori» súbor: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "kódovanie do ASCII formátu zlyhalo: %s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "nemô¾em vytvori» adresár `%s': %s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "chyba pri zápise súboru kµúèov (keyring) `%s': %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "zapisujem tajný kµúè do `%s'\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "verejný kµúè %08lX nebol nájdený: %s\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "zapisujem tajný kµúè do `%s'\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Pou¾itie: gpg [mo¾nosti] [súbory] (-h pre pomoc)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr ""
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "zmeni» heslo"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "zmeni» heslo"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Prosím výberte dôvod na revokáciu:\n"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "Prosím výberte dôvod na revokáciu:\n"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, fuzzy, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: scd/app-openpgp.c:695
+#, fuzzy, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "nemô¾em inicializova» databázu dôvery: %s\n"
+
+#: scd/app-openpgp.c:708
+#, fuzzy, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "zlyhalo obnovenie vyrovnávacej pamäti kµúèov: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, fuzzy, c-format
+msgid "reading public key failed: %s\n"
+msgstr "zmazanie bloku kµúèa sa nepodarilo: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr ""
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "zmeni» heslo"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, fuzzy, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "nepodarilo posla» kµúè na server: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "zmeni» heslo"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "zmeni» heslo"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "Prosím výberte dôvod na revokáciu:\n"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr ""
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+#, fuzzy
+msgid "error reading application data\n"
+msgstr "chyba pri èítaní bloku kµúèa: %s\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+#, fuzzy
+msgid "error reading fingerprint DO\n"
+msgstr "%s: chyba pri èítaní voµného záznamu: %s\n"
+
+#: scd/app-openpgp.c:2194
+#, fuzzy
+msgid "key already exists\n"
+msgstr "`%s' je u¾ skomprimovaný\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2200
+#, fuzzy
+msgid "generating new key\n"
+msgstr "vytvori» nový pár kµúèov"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "vytvori» nový pár kµúèov"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2773
+#, fuzzy, c-format
+msgid "failed to store the key: %s\n"
+msgstr "nemô¾em inicializova» databázu dôvery: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2872
+#, fuzzy
+msgid "generating key failed\n"
+msgstr "zmazanie bloku kµúèa sa nepodarilo: %s\n"
+
+#: scd/app-openpgp.c:2875
+#, fuzzy, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "Vytvorenie kµúèa sa nepodarilo: %s\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr ""
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, fuzzy, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "%s podpis, hashovací algoritmus %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, fuzzy, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "nenájdené ¾iadne platné dáta vo formáte OpenPGP.\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr ""
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "|SÚBOR|nahra» roz¹irujúci modul SÚBOR"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+#, fuzzy
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|MENO|pou¾i» MENO ako implicitného adresáta"
+
+#: scd/scdaemon.c:130
+#, fuzzy
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|MENO|pou¾i» MENO ako implicitného adresáta"
+
+#: scd/scdaemon.c:133
+#, fuzzy
+msgid "do not use the internal CCID driver"
+msgstr "vôbec nepou¾íva» terminál"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "konfliktné príkazy\n"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Pou¾itie: gpg [mo¾nosti] [súbory] (-h pre pomoc)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "neplatný znak vo formáte radix64 %02x bol preskoèený\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+#, fuzzy
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "zlý formát premennej prostredia GPG_AGENT_INFO\n"
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "gpg-agent protokol verzie %d nie je podporovaný\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+#, fuzzy
+msgid "shell"
+msgstr "help"
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "gpg-agent protokol verzie %d nie je podporovaný\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "nemô¾em otvori» `%s': %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "zapisujem tajný kµúè do `%s'\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "zmazanie bloku kµúèa sa nepodarilo: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "nemô¾em inicializova» databázu dôvery: %s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "POZNÁMKA: kµúè bol revokovaný"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "kontrola vytvoreného podpisu sa nepodarila: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr ""
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "zapisujem tajný kµúè do `%s'\n"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "Platnos» kµúèa vypr¹ala!"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "Platnos» kµúèa vypr¹ala!"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "Platnos» kµúèa vypr¹ala!"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "Platnos» kµúèa vypr¹ala!"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " nové podpisy: %lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "Revokaèný certifikát bol vytvorený.\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "nesprávny certifikát"
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr ""
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "vypísa» fingerprint"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "vytvori» revokaèný certifikát"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "kontrola vytvoreného podpisu sa nepodarila: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr ""
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "verifikova» podpis"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "duplicita predvoµby %c%lu\n"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "Revokaèný certifikát bol vytvorený.\n"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr "nesprávny certifikát"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr ""
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "nie"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "chyba: neplatný odtlaèok\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "chyba: neplatný odtlaèok\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Potrebujete heslo, aby ste odomkli tajný kµúè pre u¾ívateµa:\n"
+"\"%.*s\"\n"
+"kµúè s då¾kou %u bitov, typ %s, ID %08lX, vytvorený %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "chyba pri zápise do súboru tajných kµúèov `%s': %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "neplatný hashovací algoritmus `%s'\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Neplatná e-mailová adresa\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "chyba pri vytváraní súboru kµúèov (keyring)`%s': %s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "chyba pri vytváraní súboru kµúèov (keyring)`%s': %s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "Vytvorenie kµúèa sa nepodarilo: %s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (len na podpis)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) RSA (len na ¹ifrovanie)\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Podpisová notácia: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "Neexistuje identifikátor u¾ívateµa s indexom %d\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: chyba pri èítaní voµného záznamu: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "nastavi» kµúè ako neplatný (disable)"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) RSA (pro ¹ifrování a podpis)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (len na podpis)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (len na ¹ifrovanie)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+#, fuzzy
+msgid "No subject name given\n"
+msgstr "(®iadny popis)\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "neplatný hashovací algoritmus `%s'\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "E-mailová adresa: "
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"Napí¹te identifikátor u¾ívateµa (user ID). Ukonèite prázdnym riadkom: "
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "Vlo¾te nový názov súboru"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr "Ak chcete, napí¹te popis; ukonèite prázdnym riadkom:\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr ""
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "kµúè `%s' nebol nájdený: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "chyba pri èítaní bloku kµúèa: %s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "Revokaèný certifikát bol vytvorený.\n"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "duplicita predvoµby %c%lu\n"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "zmazanie bloku kµúèa sa nepodarilo: %s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "(®iadny popis)\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "vypísa» zoznam tajných kµúèov"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "nesprávny certifikát"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "nesprávny certifikát"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "nesprávny certifikát"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr ""
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "vytvor výstup zakódovaný pomocou ASCII"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "vôbec nepou¾íva» terminál"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "|SÚBOR|nahra» roz¹irujúci modul SÚBOR"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "dávkový re¾im: nikdy sa na niè nepýta»"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "automaticky odpoveda» áno na väè¹inu otázok"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "automaticky odpoveda» NIE na väè¹inu otázok"
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr ""
+"prida» tento súbor kµúèov do zoznamu\n"
+" pou¾ívaných súborov kµúèov"
+
+#: sm/gpgsm.c:301
+#, fuzzy
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|MENO|pou¾i MENO ako implicitný tajný kµúè"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+#, fuzzy
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr ""
+"|POÈÍTAÈ|pou¾i tento server kµúèov na vyhµadávanie\n"
+" kµúèov"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|ALG|pou¾i» ¹ifrovací algoritmus ALG"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|ALG|pou¾i» hashovací algoritmus ALG"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Pou¾itie: gpg [mo¾nosti] [súbory] (-h pre pomoc)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntax: gpg [mo¾nosti] [súbory]\n"
+"podpísa», overi», ¹ifrova» alebo de¹ifrova»\n"
+"implicitné operácie závisia od vstupných dát\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "pou¾itie: gpg [mo¾nosti] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "nemô¾em sa pripoji» k `%s': %s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "neznámy implicitný adresát `%s'\n"
+
+#: sm/gpgsm.c:801
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(®iadny popis)\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = preskoèi» tento kµúè\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "nemo¾no pou¾i» URI servera kµúèov - chyba analýzy URI\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, fuzzy, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "zapisujem do '%s'\n"
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "nemô¾em zavrie» `%s': %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr "Celkovo spracovaných kµúèov: %lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "vytvori» revokaèný certifikát"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "nemô¾em inicializova» databázu dôvery: %s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "chyba pri èítaní `%s': %s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "chyba pri vytváraní súboru kµúèov (keyring)`%s': %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "súbor kµúèov (keyring) `%s' vytvorený\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "nemô¾em inicializova» databázu dôvery: %s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: sm/keydb.c:1408
+#, fuzzy, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "rev? problém overenia revokácie: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "chyba pri èítaní `%s': %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "chyba: neplatný odtlaèok\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "ochranný algoritmus %d%s nie je podporováný\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "kontrola vytvoreného podpisu sa nepodarila: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "Platnos» podpisu vypr¹ala %s\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "Dobrý podpis od \""
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " alias \""
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr ""
+"\n"
+"Ide o podpis kµúèa ním samým\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "ukonèi»"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|SÚBOR|nahra» roz¹irujúci modul SÚBOR"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Pou¾itie: gpg [mo¾nosti] [súbory] (-h pre pomoc)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "zmazanie bloku kµúèa sa nepodarilo: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "riadok je príli¹ dlhý\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "neznámy implicitný adresát `%s'\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "podpisovanie zlyhalo: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "chyba pri posielaní na `%s': %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "chyba pri posielaní na `%s': %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|pou¾i» mód hesla N"
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|MENO|pou¾i MENO ako implicitný tajný kµúè"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|MENO|¹ifrova» pre MENO"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "nemo¾no pou¾i» URI servera kµúèov - chyba analýzy URI\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+#, fuzzy
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|ALG|pou¾i» ¹ifrovací algoritmus ALG pre heslá"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "neznáma polo¾ka konfigurácie \"%s\"\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "neznáma polo¾ka konfigurácie \"%s\"\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "pou¾i» ako výstupný súbor"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Pou¾itie: gpg [mo¾nosti] [súbory] (-h pre pomoc)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "pou¾itie: gpg [mo¾nosti] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "verejný kµúè nenájdený"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "zapisujem tajný kµúè do `%s'\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@Príkazy:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "de¹ifrovanie o.k.\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "de¹ifrovanie o.k.\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [meno súboru]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Pou¾itie: gpg [mo¾nosti] [súbory] (-h pre pomoc)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "Nie je dovolené pou¾íva» %s s %s!\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "nemo¾no otvori» súbor: %s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "nemô¾em vytvori» adresár `%s': %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, fuzzy, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "nemo¾no otvori» %s: %s\n"
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "chyba pri zápise súboru kµúèov (keyring) `%s': %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "chyba pri èítaní `%s': %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "chyba pri èítaní `%s': %s\n"
+
+#: tools/symcryptrun.c:488
+#, fuzzy
+msgid "no --program option provided\n"
+msgstr "¾iadne vzialené vykonávanie programu nie je podporované\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "%s: nemô¾em vytvori»: %s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "%s: nemô¾em vytvori»: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "aktualizácia zlyhala: %s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "zmazanie bloku kµúèa sa nepodarilo: %s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "aktualizácia zlyhala: %s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "aktualizácia zlyhala: %s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "aktualizácia zlyhala: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "nemô¾em vytvori» `%s': %s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "nemô¾em vytvori» `%s': %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "ochranný algoritmus %d%s nie je podporováný\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Pou¾itie: gpg [mo¾nosti] [súbory] (-h pre pomoc)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "Príkaz> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr ""
+#~ "databáza dôvery je po¹kodená; prosím spustite \"gpg --fix-trustdb\".\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr ""
+#~ "Chyby oznámte, prosím, na adresu <gnupg-bugs@gnu.org>.\n"
+#~ "Pripomienky k prekladu <sk-i18n@lists.linux.sk>.\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr ""
+#~ "Chyby oznámte, prosím, na adresu <gnupg-bugs@gnu.org>.\n"
+#~ "Pripomienky k prekladu <sk-i18n@lists.linux.sk>.\n"
+
+#, fuzzy
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "Pár kµúèov DSA bude ma» då¾ku 1024 bitov.\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Opakova» heslo\n"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "èítam mo¾nosti z `%s'\n"
+
+#~ msgid "|[file]|make a signature"
+#~ msgstr "|[súbor]|vytvori» podpis"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[súbor]|vytvori» podpis"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[súbor]|vytvori» podpis v èitateµnom dokumente"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|MENO|pou¾i» MENO ako implicitného adresáta"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr ""
+#~ "pou¾i» implicitný kµúè ako implicitného\n"
+#~ " adresáta"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "vynúti» podpisy verzie 3"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "na ¹ifrovanie v¾dy pou¾i» MDC"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "prida» tento súbor tajných kµúèov do zoznamu"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|MENO|nastav znakovú sadu terminálu na MENO"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|SÚBOR|nahra» roz¹irujúci modul SÚBOR"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|pou¾i» kompresný algoritmus N"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "odstráni» kµúè zo súboru verejných kµúèov"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Je na Vás, aby ste sem priradili hodnotu; táto hodnota nebude nikdy\n"
+#~ "exportovaná tretej strane. Potrebujeme ju k implementácii \"pavuèiny\n"
+#~ "dôvery\"; nemá to niè spoloèné s (implicitne vytvorenou) \"pavuèinou\n"
+#~ "certifikátov\"."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "Aby bolo mo¾né vybudova» pavuèinu dôvery, musí GnuPG vedie», ktorým "
+#~ "kµúèom\n"
+#~ "dôverujete absolútne - obyèajne sú to tie kµúèe, pre ktoré máte prístup\n"
+#~ "k tajným kµúèom. Odpovedzte \"ano\", aby ste nastavili tieto kµúèe\n"
+#~ "ako absolútne dôveryhodné\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Pokiaµ aj tak chcete pou¾i» tento nedôveryhodný kµúè, odpovedzte \"ano\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr "Vlo¾te identifikátor adresáta, ktorému chcete posla» správu."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "V¹ebecne nemo¾no odporúèa» pou¾íva» rovnaký kµúè na ¹ifrovanie a "
+#~ "podeisovanie\n"
+#~ "Tento algoritmus je vhodné pou¾i» len za urèitých podmienok.\n"
+#~ "Kontaktujte prosím najprv bezpeènostného ¹pecialistu."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Vlo¾te då¾ku kµúèa"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Odpovedzte \"ano\" alebo \"nie\""
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Vlo¾te po¾adovanú hodnotu tak, ako je uvedené v príkazovom riadku.\n"
+#~ "Je mo¾né vlo¾i» dátum vo formáte ISO (RRRR-MM-DD), ale nedostanete\n"
+#~ "správnu chybovú hlá¹ku - miesto toho systém skúsi interpretova»\n"
+#~ "zadanú hodnotu ako interval."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Vlo¾te meno dr¾iteµa kµúèa"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr "prosím, vlo¾te e-mailovú adresu (nepovinné, ale veµmi odporúèané)"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Prosím, vlo¾te nepovinný komentár"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N pre zmenu názvu.\n"
+#~ "C pre zmenu komentára.\n"
+#~ "E pre zmenu e-mailovej adresy.\n"
+#~ "O pre pokraèovanie generovania kµúèa.\n"
+#~ "Q pre ukonèenie generovania kµúèa."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr "Ak chcete generova» podkµúè, odpovedzte \"ano\" (alebo len \"a\")."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "Skôr ako podpí¹ete id u¾ívateµa, mali by ste najprv overi», èi kµúè\n"
+#~ "patrí osobe, ktorej meno je uvedené v identifikátore u¾ívateµa.\n"
+#~ "Je veµmi u¾itoèné, keï ostatní vedia, ako dôsledne ste previedli\n"
+#~ "takéto overenie.\n"
+#~ "\n"
+#~ "\"0\" znamená, ¾e neuvádzate, ako dôsledne ste pravos» kµúèa overili\n"
+#~ "\n"
+#~ "\"1\" znamená, ¾e veríte tomu, ¾e kµúè patrí osobe, ktorá je uvedená,\n"
+#~ " v u¾ívateµskom ID, ale nemohli ste alebo jste nepreverili túto "
+#~ "skutoènos».\n"
+#~ " To je u¾itoèné pre \"osobnú\" verifikáciu, keï podpisujete kµúèe, "
+#~ "ktoré\n"
+#~ " pou¾ívajú pseudonym u¾ívateµa.\n"
+#~ "\n"
+#~ "\"2\" znamená, ¾e ste èiastoène overili pravos» kµúèa. Napr. ste overili\n"
+#~ " fingerprint kµúèa a skontrolovali identifikátor u¾ívateµa\n"
+#~ " uvedený na kµúèi s fotografickým id.\n"
+#~ "\n"
+#~ "\"3\" Znamená, ¾e ste vykonali veµmi dôkladné overenie pravosti kµúèa.\n"
+#~ " To mô¾e napríklad znamena», ¾e ste overili fingerprint kµúèa \n"
+#~ " jeho vlastníka osobne a ïalej ste pomocou ta¾ko fal¹ovateµného \n"
+#~ " dokumentu s fotografiou (napríklad pasu) overili, ¾e meno majiteµa\n"
+#~ " kµúèa sa zhoduje s menom uvedeným v u¾ívateµskom ID a ïalej ste \n"
+#~ " overili (výmenou elektronických dopisov), ¾e elektronická adresa "
+#~ "uvedená \n"
+#~ " v ID u¾ívateµa patrí majiteµovi kµúèa.\n"
+#~ "\n"
+#~ "Prosím nezabúdajte, ¾e príklady uvedené pre úroveò 2 a 3 sú *len*\n"
+#~ "príklady.\n"
+#~ "Je len na Va¹om rozhodnutí, èo \"èiastoèné\" a \"dôkladné\" overenie "
+#~ "znamená\n"
+#~ "keï budete podpisova» kµúèe iným u¾ívateµom.\n"
+#~ "\n"
+#~ "Pokiaµ neviete, aká je správna odpoveï, odpovedzte \"0\"."
+
+#, fuzzy
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr ""
+#~ "Pokiaµ chcete podpísa» V©ETKY identifikátory u¾ívateµov, odpovedzte \"ano"
+#~ "\""
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "Pokiaµ skutoène chcete zmaza» tento identifikátor u¾ívateµa, odpovedzte "
+#~ "\"ano\".\n"
+#~ "V¹etky certifikáty budú tie¾ stratené!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "Odpovedzte \"ano\", pokiaµ chcete zmaza» podkµúè"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "Toto je platný podpis kµúèa; normálne nechcete tento podpis zmaza»,\n"
+#~ "preto¾e mô¾e by» dôle¾itý pri vytváraní dôvery kµúèa alebo iného kµúèa\n"
+#~ "ceritifikovaného týmto kµúèom."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "Tento podpis nemô¾e by» overený, preto¾e nemáte zodpovedajúci verejný "
+#~ "kµúè.\n"
+#~ "Jeho zmazanie by ste mali odlo¾i» do èasu, keï budete vedie», ktorý kµúè\n"
+#~ "bol pou¾itý, preto¾e tento podpisovací kµúè mô¾e vytvori» dôveru\n"
+#~ "prostredníctvom iného u¾ certifikovaného kµúèa."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr "Podpis je neplatný. Je rozumné ho odstráni» z Vá¹ho súboru kµúèov."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "Toto je podpis, ktorý via¾e identifikátor u¾ívateµa ku kµúèu. Zvyèajne\n"
+#~ "nie je dobré takýto podpis odstráni». GnuPG nemô¾e tento kµúè naïalej\n"
+#~ "pou¾íva». Urobte to len v prípade, keï je tento podpis kµúèa\n"
+#~ "ním samým z nejakého dôvodu neplatný a keï je k dispozícii iný kµúè."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "Zmeni» predvoµby pre v¹etky u¾ívateµské ID (alebo len pre oznaèené)\n"
+#~ "na aktuálny zoznam predvolieb. Èasové razítka v¹etkých dotknutých "
+#~ "podpisov\n"
+#~ "kµúèov nimi samotnými budú posunuté o jednu sekundu dopredu.\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "Prosím, vlo¾te heslo; toto je tajná veta \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr ""
+#~ "Prosím, zopakujte posledné heslo, aby ste si boli istý, èo ste napísali."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "Zadajte názov súboru, ku ktorému sa podpis vz»ahuje"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "Ak si prajete prepísanie súboru, odpovedzte \"ano\""
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "Prosím, vlo¾te nový názov súboru. Ak len stlaèíte RETURN, bude\n"
+#~ "pou¾itý implicitný súbor (ktorý je zobrazený v zátvorkách)."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "Mali by ste ¹pecifikova» dôvod certifikácie. V závislosti na kontexte\n"
+#~ "máte mo¾nos» si vybra» zo zoznamu:\n"
+#~ " \"kµúè bol kompromitovaný\"\n"
+#~ " Toto pou¾ite, pokiaµ si myslíte, ¾e k Vá¹mu tajnému kµúèu získali\n"
+#~ " prístup neoprávnené osoby.\n"
+#~ " \"kµúè je nahradený\"\n"
+#~ " Toto pou¾ite, pokiaµ ste tento kµúè nahradili nov¹ím kµúèom.\n"
+#~ " \"kµúè sa u¾ nepou¾íva\"\n"
+#~ " Toto pou¾ite, pokiaµ tento kµúè u¾ nepou¾ívate.\n"
+#~ " \"Identifikátor u¾ívateµa u¾ nie je platný\"\n"
+#~ " Toto pou¾ite, pokiaµ by sa identifikátor u¾ívateµa u¾ nemal "
+#~ "pou¾íva»;\n"
+#~ " normálne sa pou¾íva na oznaèenie neplatnej e-mailové adresy.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "Ak chcete, mô¾ete vlo¾i» text popisujúcí pôvod vzniku tohto revokaèného\n"
+#~ "ceritifikátu. Prosím, struène. \n"
+#~ "Text konèí prázdnym riadkom.\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "nemô¾em prida» dodatoèné údaje do v3 (PGP 2.x ¹týl) podpisov\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr ""
+#~ "nemô¾em prida» dodatoèné údaje do v3 (PGP 2.x ¹týl) podpisov kµúèov\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "nemô¾em prida» politiku URL do v3 (PGP 2.x ¹týl) podpisov\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr "nemô¾em prida» politiku URL do v3 (PGP 2.x ¹týl) podpisov kµúèov\n"
+
+#, fuzzy
+#~ msgid "shelll"
+#~ msgstr "help"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr "Viac informácií nájdete na adrese http://www.gnupg.org/faq.html\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "gpg-agent nie je v tomto sedení dostupný\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "Prosím, vyberte druh kµúèa, ktorý chcete:\n"
+
+#, fuzzy
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr ""
+#~ "¹ifra \"%s\" nebola nahraná, preto¾e prístupové práva nie sú nastavené "
+#~ "bezpeène\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA po¾aduje pou¾itie 160 bitového hashovacieho algoritmu\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "problém s agentom - pou¾ívanie agenta vypnuté\n"
+
+#, fuzzy
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "v dávkovom re¾ime sa nemô¾em pýta» na heslo\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "Vlo¾te heslo: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "Opakujte heslo: "
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [id u¾ívateµa] [súbor s kµúèmi (keyring)]"
+
+#, fuzzy
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "nemô¾em vytvori» prvoèíslo s då¾kou menej ako %d bitov\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "nemô¾em vytvori» prvoèíslo s då¾kou menej ako %d bitov\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "nebol detekovaný ¾iadny modul na získanie entropie\n"
+
+#, fuzzy
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "nemo¾no otvori» `%s'\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "nemô¾em pou¾i» príkaz stat na `%s': %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "`%s' nie je normálny súbor - ignorované\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "poznámka: súbor random_seed je prázdny\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr "varovanie: neplatná veµkos» random_seed - súbor nepou¾itý\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "nemô¾em èíta» `%s': %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "poznámka: súbor random_seed nie je aktualizovaný\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "nemô¾em zapisova» do `%s': %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "nemô¾em zavrie» `%s': %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "VAROVANIE: pou¾itý generátor náhodných èísel nie je bezpeèný!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "Generátor náhodných èísel je len atrapa, aby program mohol be¾a»,\n"
+#~ "v ¾iadnom prípade nie je kryptograficky bezpeèný!\n"
+#~ "\n"
+#~ "NEPOU®ÍVAJTE ®IADNE DÁTA VYTVORENÉ TÝMTO PROGRAMOM!!\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "Prosím èakajte, získava sa entropia. Robte zatiaµ nejakú inú prácu\n"
+#~ "aby ste sa nenudili a zvý¹ite tým kvalitu entropie.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "Nedostatok náhodných bajtov. Prosím, pracujte s operaèným systémom, aby\n"
+#~ "ste mu umo¾nili získa» viac entropie (je potrebných %d bajtov).\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "tajný kµúè nie je dostupný"
+
+#, fuzzy
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "gpg-agent nie je v tomto sedení dostupný\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr "Podpísali ste nasledujúce identifikátory u¾ívateµa:\n"
+
+#~ msgid "general error"
+#~ msgstr "v¹eobecná chyba"
+
+#~ msgid "unknown packet type"
+#~ msgstr "neznámy typ paketu"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "neznámy algoritmus verejného kµúèa"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "neznámy hashovací algoritmus"
+
+#~ msgid "bad public key"
+#~ msgstr "neplatný verejný kµúè"
+
+#~ msgid "bad secret key"
+#~ msgstr "neplatný tajný kµúè"
+
+#~ msgid "bad signature"
+#~ msgstr "neplatný podpis"
+
+#~ msgid "checksum error"
+#~ msgstr "chyba kontrolného súètu"
+
+#~ msgid "unknown cipher algorithm"
+#~ msgstr "neznámy ¹ifrovací algoritmus"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "nemô¾em otvori» súbor kµúèov"
+
+#~ msgid "invalid packet"
+#~ msgstr "neplatný paket"
+
+#~ msgid "invalid armor"
+#~ msgstr "neplatný spôsob reprezentácie v ASCII"
+
+#~ msgid "no such user id"
+#~ msgstr "u¾ívateµ s týmto id neexistuje"
+
+#~ msgid "secret key not available"
+#~ msgstr "tajný kµúè nie je dostupný"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "bol pou¾itý nesprávny tajný kµúè"
+
+#~ msgid "not supported"
+#~ msgstr "nepodporované"
+
+#~ msgid "bad key"
+#~ msgstr "nesprávny kµúè"
+
+#~ msgid "file write error"
+#~ msgstr "chyba pri zápise súboru"
+
+#~ msgid "unknown compress algorithm"
+#~ msgstr "neznámy kompresný algoritmus"
+
+#~ msgid "file open error"
+#~ msgstr "chyba pri otváraní súboru"
+
+#~ msgid "file create error"
+#~ msgstr "chyba pri vytváraní súboru"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "nesprávne heslo"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "algoritmus verejného kµúèa nie je implementovaný"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "¹ifrovací algoritmus nie je implementovaný"
+
+#~ msgid "unknown signature class"
+#~ msgstr "neznáma trieda podpisu"
+
+#~ msgid "trust database error"
+#~ msgstr "chyba v databáze dôvery"
+
+#~ msgid "resource limit"
+#~ msgstr "obmedzenie zdrojov"
+
+#~ msgid "invalid keyring"
+#~ msgstr "neplatný súbor kµúèov"
+
+#~ msgid "malformed user id"
+#~ msgstr "nesprávny formát id u¾ívateµa"
+
+#~ msgid "file close error"
+#~ msgstr "chyba pri zatváraní súboru"
+
+#~ msgid "file rename error"
+#~ msgstr "chyba pri premenovávaní súboru"
+
+#~ msgid "file delete error"
+#~ msgstr "chyba pri mazaní súboru"
+
+#~ msgid "unexpected data"
+#~ msgstr "neoèakávané dáta"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "konflikt èasového razítka"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "nepou¾iteµný algoritmus s verejným kµúèom"
+
+#~ msgid "file exists"
+#~ msgstr "súbor existuje"
+
+#~ msgid "weak key"
+#~ msgstr "slabý kµúè"
+
+#~ msgid "bad URI"
+#~ msgstr "nesprávne URI"
+
+#~ msgid "unsupported URI"
+#~ msgstr "toto URI nie je podporované"
+
+#~ msgid "network error"
+#~ msgstr "chyba siete"
+
+#~ msgid "not processed"
+#~ msgstr "nespracované"
+
+#~ msgid "unusable public key"
+#~ msgstr "nepou¾iteµný verejný kµúè"
+
+#~ msgid "unusable secret key"
+#~ msgstr "nepou¾iteµný tajný kµúè"
+
+#~ msgid "keyserver error"
+#~ msgstr "chyba servera kµúèov"
+
+#, fuzzy
+#~ msgid "no card"
+#~ msgstr "neza¹ifrované"
+
+#, fuzzy
+#~ msgid "no data"
+#~ msgstr "chýbajú podpísané dáta\n"
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... toto je chyba v programe (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "VAROVANIE: Pou¾ívaná pamä» nie je bezpeèná!\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr ""
+#~ "vykonanie operácie nie je mo¾né bez inicializovanej bezpeènej pamäte\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(pravdepodobne ste na túto úlohu pou¾ili nesprávny program)\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr ""
+#~ "viac informácií nájdete v dokumente http://www.gnupg.cz/why-not-idea."
+#~ "html\n"
+
+#, fuzzy
+#~ msgid "all export-clean-* options from above"
+#~ msgstr "èíta» nastavenia zo súboru"
+
+#, fuzzy
+#~ msgid "all import-clean-* options from above"
+#~ msgstr "èíta» nastavenia zo súboru"
+
+#, fuzzy
+#~ msgid "expired: %s)"
+#~ msgstr " [platnos» skonèí: %s]"
+
+#, fuzzy
+#~ msgid "key %s: expired signature from key %s - skipped\n"
+#~ msgstr "kµúè %08lX: neoèakávaná podpisová trieda (0x%02X) - preskoèené\n"
+
+#, fuzzy
+#~ msgid "Unable to clean `%s'\n"
+#~ msgstr "nemo¾no spusti» %s \"%s\": %s\n"
+
+#, fuzzy
+#~ msgid "No user IDs are removable.\n"
+#~ msgstr "u¾ívateµské ID \"%s\" je u¾ revokované\n"
+
+#~ msgid "bad passphrase or unknown cipher algorithm (%d)\n"
+#~ msgstr "nesprávne heslo alebo neznámy ¹ifrovací algoritmus (%d)\n"
+
+#~ msgid "can't set client pid for the agent\n"
+#~ msgstr "nemô¾em nastavi» PID klienta pre gpg-agenta\n"
+
+#~ msgid "can't get server read FD for the agent\n"
+#~ msgstr "nemo¾no získa» server read file descriptor pre agenta\n"
+
+#~ msgid "can't get server write FD for the agent\n"
+#~ msgstr "nemo¾no získa» server write file descriptor pre agenta\n"
+
+#~ msgid "invalid response from agent\n"
+#~ msgstr "neplatná reakcia od agenta\n"
+
+#~ msgid "select secondary key N"
+#~ msgstr "vyberte sekundárny kµúè N"
+
+#~ msgid "list signatures"
+#~ msgstr "vypísa» zoznam podpisov"
+
+#~ msgid "sign the key"
+#~ msgstr "podpísa» kµúè"
+
+#~ msgid "add a secondary key"
+#~ msgstr "prida» sekundárny kµúè"
+
+#~ msgid "delete signatures"
+#~ msgstr "zmaza» podpisy"
+
+#~ msgid "change the expire date"
+#~ msgstr "zmeni» dobu platnosti"
+
+#~ msgid "set preference list"
+#~ msgstr "nastavi» zoznam predvolieb"
+
+#~ msgid "updated preferences"
+#~ msgstr "aktualizova» predvoµby"
+
+#~ msgid "No secondary key with index %d\n"
+#~ msgstr "Neexistuje sekundárny kµúè s indexom %d\n"
+
+#~ msgid "--nrsign-key user-id"
+#~ msgstr "--nrsign-key id u¾ívateµa"
+
+#~ msgid "--nrlsign-key user-id"
+#~ msgstr "--nrlsign-key id u¾ívateµa"
+
+#~ msgid "sign the key non-revocably"
+#~ msgstr "podpísa» kµúè bez mo¾nosti odvola» podpis (non-revocably)"
+
+#~ msgid "sign the key locally and non-revocably"
+#~ msgstr "podpísa» kµúè lokálne a bez mo¾nosti odvola» podpis (non-revocably)"
+
+#~ msgid "q"
+#~ msgstr "u"
+
+#~ msgid "list"
+#~ msgstr "list"
+
+#~ msgid "l"
+#~ msgstr "l"
+
+#~ msgid "debug"
+#~ msgstr "debug"
+
+#, fuzzy
+#~ msgid "name"
+#~ msgstr "enable"
+
+#, fuzzy
+#~ msgid "login"
+#~ msgstr "lsign"
+
+#, fuzzy
+#~ msgid "cafpr"
+#~ msgstr "fpr"
+
+#, fuzzy
+#~ msgid "forcesig"
+#~ msgstr "revsig"
+
+#, fuzzy
+#~ msgid "generate"
+#~ msgstr "v¹eobecná chyba"
+
+#~ msgid "passwd"
+#~ msgstr "passwd"
+
+#~ msgid "save"
+#~ msgstr "ulo¾i»"
+
+#~ msgid "fpr"
+#~ msgstr "fpr"
+
+#~ msgid "uid"
+#~ msgstr "uid"
+
+#~ msgid "key"
+#~ msgstr "key"
+
+#~ msgid "check"
+#~ msgstr "check"
+
+#~ msgid "c"
+#~ msgstr "c"
+
+#~ msgid "sign"
+#~ msgstr "sign"
+
+#~ msgid "s"
+#~ msgstr "s"
+
+#, fuzzy
+#~ msgid "tsign"
+#~ msgstr "sign"
+
+#~ msgid "lsign"
+#~ msgstr "lsign"
+
+#~ msgid "nrsign"
+#~ msgstr "nrsign"
+
+#~ msgid "nrlsign"
+#~ msgstr "nrlsign"
+
+#~ msgid "adduid"
+#~ msgstr "adduid"
+
+#~ msgid "addphoto"
+#~ msgstr "addphoto"
+
+#~ msgid "deluid"
+#~ msgstr "deluid"
+
+#~ msgid "delphoto"
+#~ msgstr "delphoto"
+
+#, fuzzy
+#~ msgid "addcardkey"
+#~ msgstr "addkey"
+
+#~ msgid "delkey"
+#~ msgstr "delkey"
+
+#~ msgid "addrevoker"
+#~ msgstr "addrevoker"
+
+#~ msgid "delsig"
+#~ msgstr "delsig"
+
+#~ msgid "expire"
+#~ msgstr "expire"
+
+#~ msgid "primary"
+#~ msgstr "primary"
+
+#~ msgid "toggle"
+#~ msgstr "toggle"
+
+#~ msgid "t"
+#~ msgstr "t"
+
+#~ msgid "pref"
+#~ msgstr "pref"
+
+#~ msgid "showpref"
+#~ msgstr "showpref"
+
+#~ msgid "setpref"
+#~ msgstr "setpref"
+
+#~ msgid "updpref"
+#~ msgstr "updpref"
+
+#, fuzzy
+#~ msgid "keyserver"
+#~ msgstr "chyba servera kµúèov"
+
+#~ msgid "trust"
+#~ msgstr "trust"
+
+#~ msgid "revsig"
+#~ msgstr "revsig"
+
+#~ msgid "revuid"
+#~ msgstr "revsig"
+
+#~ msgid "revkey"
+#~ msgstr "revkey"
+
+#~ msgid "disable"
+#~ msgstr "disable"
+
+#~ msgid "enable"
+#~ msgstr "enable"
+
+#~ msgid "showphoto"
+#~ msgstr "showphoto"
+
+#~ msgid "digest algorithm `%s' is read-only in this release\n"
+#~ msgstr "hashovací algoritmus `%s' je len na èítanie v tejto verzii\n"
+
+#~ msgid ""
+#~ "About to generate a new %s keypair.\n"
+#~ " minimum keysize is 768 bits\n"
+#~ " default keysize is 1024 bits\n"
+#~ " highest suggested keysize is 2048 bits\n"
+#~ msgstr ""
+#~ "Chystám sa vytvori» nový pár kµúèov %s.\n"
+#~ " minimálna veµkos» kµúèa je 768 bitov\n"
+#~ " implicitná veµkos» kµúèa je 1024 bitov\n"
+#~ " najvy¹¹ia navrhovaná veµkos» kµúèa je 2048 bitov\n"
+
+#~ msgid "DSA only allows keysizes from 512 to 1024\n"
+#~ msgstr "kµúè DSA musí ma» veµkos» od 512 do 1024 bitov.\n"
+
+#~ msgid "keysize too small; 1024 is smallest value allowed for RSA.\n"
+#~ msgstr ""
+#~ "veµkos» kµúèa je príli¹ malá; minimálna povolená veµkos» pre RSA je 1024 "
+#~ "bitov.\n"
+
+#~ msgid "keysize too small; 768 is smallest value allowed.\n"
+#~ msgstr ""
+#~ "veµkos» kµúèa je príli¹ malá; minimálna povolená veµkos» je 768 bitov.\n"
+
+#~ msgid "keysize too large; %d is largest value allowed.\n"
+#~ msgstr "veµkos» kµúèa je príli¹ veµká; maximálna povolená hodnota je %d.\n"
+
+#~ msgid ""
+#~ "Keysizes larger than 2048 are not suggested because\n"
+#~ "computations take REALLY long!\n"
+#~ msgstr ""
+#~ "Veµkosti kµúèov väè¹ie ako 2048 bitov se neodporúèajú, preto¾e\n"
+#~ "výpoèty potom trvajú VE¥MI dlho!\n"
+
+#, fuzzy
+#~ msgid "Are you sure that you want this keysize? (y/N) "
+#~ msgstr "Skutoène chcete vytvori» kµúè tejto då¾ky? "
+
+#~ msgid ""
+#~ "Okay, but keep in mind that your monitor and keyboard radiation is also "
+#~ "very vulnerable to attacks!\n"
+#~ msgstr ""
+#~ "Dobre, ale nezabúdajte, ¾e informácie mô¾u by» vyzradené z poèítaèa aj "
+#~ "elektromagnetickým vy¾arovaním monitora alebo klávesnice!\n"
+
+#~ msgid "Experimental algorithms should not be used!\n"
+#~ msgstr "Experimentálne algoritmy by sa nemali pou¾íva»!\n"
+
+#~ msgid ""
+#~ "this cipher algorithm is deprecated; please use a more standard one!\n"
+#~ msgstr ""
+#~ "tento ¹ifrovací algoritmus je zastaralý; prosím, pou¾ite nejaký "
+#~ "¹tandardnej¹í!\n"
+
+#~ msgid "sorry, can't do this in batch mode\n"
+#~ msgstr "nemo¾no previes» v dávkovom móde\n"
+
+#, fuzzy
+#~ msgid "can't open file `%s': %s\n"
+#~ msgstr "nemo¾no otvori» súbor: %s\n"
+
+#, fuzzy
+#~ msgid " \""
+#~ msgstr " alias \""
+
+#~ msgid "key %08lX: key has been revoked!\n"
+#~ msgstr "kµúè %08lX: kµúè bol revokovaný\n"
+
+#~ msgid "key %08lX: subkey has been revoked!\n"
+#~ msgstr "kµúè %08lX: podkµúè bol revokovaný!\n"
+
+#~ msgid "%08lX: key has expired\n"
+#~ msgstr "%08lX: skonèila platnos» kµúèa\n"
+
+#~ msgid "%08lX: We do NOT trust this key\n"
+#~ msgstr "%08lX: NEdôverujeme tomuto kµúèu!\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (auth only)\n"
+#~ msgstr " (%d) RSA (len na podpis)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign and auth)\n"
+#~ msgstr " (%d) RSA (pro ¹ifrování a podpis)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (encrypt and auth)\n"
+#~ msgstr " (%d) RSA (len na ¹ifrovanie)\n"
+
+#, fuzzy
+#~ msgid " (%d) RSA (sign, encrypt and auth)\n"
+#~ msgstr " (%d) RSA (pro ¹ifrování a podpis)\n"
+
+#~ msgid "%s: can't open: %s\n"
+#~ msgstr "%s: nemô¾em otvori»: %s\n"
+
+#~ msgid "%s: WARNING: empty file\n"
+#~ msgstr "%s: VAROVANIE: súbor je prázdny\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust marginally\n"
+#~ msgstr " %d = Dôverujem èiastoène\n"
+
+#, fuzzy
+#~ msgid " (%d) I trust fully\n"
+#~ msgstr " %d = Dôverujem úplne\n"
+
+#, fuzzy
+#~ msgid "expires"
+#~ msgstr "expire"
+
+#, fuzzy
+#~ msgid ""
+#~ "\"\n"
+#~ "locally signed with your key %s at %s\n"
+#~ msgstr ""
+#~ "\"\n"
+#~ "lokálne podpísané Va¹ím kµúèom %08lX v %s\n"
+
+#~ msgid "%s: can't access: %s\n"
+#~ msgstr "%s: nemô¾em pristupova» k: %s\n"
+
+#~ msgid "%s: can't create lock\n"
+#~ msgstr "%s: nemô¾em vytvori» zámok\n"
+
+#~ msgid "%s: can't make lock\n"
+#~ msgstr "%s: nemô¾em zamknú»\n"
+
+#~ msgid "%s: can't create: %s\n"
+#~ msgstr "%s: nemô¾em vytvori»: %s\n"
+
+#~ msgid "If you want to use this revoked key anyway, answer \"yes\"."
+#~ msgstr ""
+#~ "Pokiaµ aj tak chcete pou¾i» tento revokovaný kµúè, odpovedzte \"ano\"."
+
+#~ msgid "Unable to open photo \"%s\": %s\n"
+#~ msgstr "Nemo¾no otvori» fotografiu \"%s\": %s\n"
+
+#~ msgid "error: missing colon\n"
+#~ msgstr "chyba: chýba èiarka\n"
+
+#~ msgid "error: no ownertrust value\n"
+#~ msgstr "chyba: ¾iadna úroveò dôveryhodnosti\n"
+
+#~ msgid " (main key ID %08lX)"
+#~ msgstr " (hlavné ID kµúèa %08lX)"
+
+#~ msgid "rev! subkey has been revoked: %s\n"
+#~ msgstr "rev! podkµúè bol revokovaný: %s\n"
+
+#~ msgid "rev- faked revocation found\n"
+#~ msgstr "rev- nájdená falo¹ná revokácia\n"
+
+#, fuzzy
+#~ msgid " [expired: %s]"
+#~ msgstr " [platnos» skonèí: %s]"
+
+#~ msgid " [expires: %s]"
+#~ msgstr " [platnos» skonèí: %s]"
+
+#, fuzzy
+#~ msgid " [revoked: %s]"
+#~ msgstr "[revokované]"
+
+#~ msgid ""
+#~ "WARNING: digest `%s' is not part of OpenPGP. Use at your own risk!\n"
+#~ msgstr ""
+#~ "VAROVANIE: hash `%s' nie je súèas»ou OpenPGP. Pou¾itie na vlastné "
+#~ "nebezpeèie!\n"
+
+#~ msgid "|[files]|encrypt files"
+#~ msgstr "|[súbor]|¹ifrova» súbor"
+
+#~ msgid "store only"
+#~ msgstr "len ulo¾enie"
+
+#~ msgid "|[files]|decrypt files"
+#~ msgstr "|[súbor]|de¹ifrova» súbor"
+
+#~ msgid "sign a key non-revocably"
+#~ msgstr "podpísa» kµúè bez mo¾nosti revokácie podpisu"
+
+#~ msgid "sign a key locally and non-revocably"
+#~ msgstr ""
+#~ "podpísa» kµúè lokálne a bez mo¾nosti\n"
+#~ " revokácie podpisu"
+
+#~ msgid "list only the sequence of packets"
+#~ msgstr "vypísa» len poradie paketov"
+
+#~ msgid "export the ownertrust values"
+#~ msgstr ""
+#~ "exportova» hodnoty dôveryhodnosti\n"
+#~ " vlastníka kµúèa"
+
+#~ msgid "unattended trust database update"
+#~ msgstr "neinteraktívna aktualizácia databázy dôvery"
+
+#~ msgid "fix a corrupted trust database"
+#~ msgstr "opravi» naru¹enú databázu dôvery"
+
+#~ msgid "De-Armor a file or stdin"
+#~ msgstr "Dekódova» ASCII súbor alebo std. vstup"
+
+#~ msgid "En-Armor a file or stdin"
+#~ msgstr "Zakódova» súbor alebo std. vstup do ASCII"
+
+#~ msgid "do not force v3 signatures"
+#~ msgstr "nevynucova» podpisy verzie 3"
+
+#~ msgid "force v4 key signatures"
+#~ msgstr "vynúti» podpisy verzie 4"
+
+#~ msgid "do not force v4 key signatures"
+#~ msgstr "nevynucova» podpisy verzie 4"
+
+#~ msgid "never use a MDC for encryption"
+#~ msgstr "na ¹ifrovanie nikdy nepou¾i» MDC"
+
+#~ msgid "use the gpg-agent"
+#~ msgstr "pou¾ite gpg-agenta"
+
+#~ msgid "|[file]|write status info to file"
+#~ msgstr "|[súbor]|zapí¹ informáciu o stave do súboru"
+
+#~ msgid "|KEYID|ultimately trust this key"
+#~ msgstr "|kµúè|úplne dôverova» tomuto kµúèu"
+
+#~ msgid "emulate the mode described in RFC1991"
+#~ msgstr "emulova» mód popísaný v RFC1991"
+
+#~ msgid "set all packet, cipher and digest options to OpenPGP behavior"
+#~ msgstr ""
+#~ "nastav v¹etky vlastnosti paketov, ¹ifier\n"
+#~ " a hashov ako v OpenPGP"
+
+#~ msgid "set all packet, cipher and digest options to PGP 2.x behavior"
+#~ msgstr ""
+#~ "nastav v¹etky vlastnosti paketov, ¹ifier\n"
+#~ " a hashov ako v PGP 2.x"
+
+#~ msgid "|NAME|use message digest algorithm NAME for passphrases"
+#~ msgstr "|ALG|pou¾i» hashovací algoritmus ALG pre heslá"
+
+#~ msgid "throw keyid field of encrypted packets"
+#~ msgstr ""
+#~ "zahodi» identifikátor kµúèa zo ¹ifrovaných\n"
+#~ " paketov"
+
+#~ msgid "Show Photo IDs"
+#~ msgstr "Zobrazi» fotografické ID"
+
+#~ msgid "Don't show Photo IDs"
+#~ msgstr "Nezobrazova» fotografické ID"
+
+#~ msgid "Set command line to view Photo IDs"
+#~ msgstr ""
+#~ "Nastavi» príkazový riadok na prehliadanie\n"
+#~ " fotografického ID"
+
+#~ msgid "compress algorithm `%s' is read-only in this release\n"
+#~ msgstr "hashovací algoritmus `%s' je len na èítanie v tejto verzii\n"
+
+#~ msgid "compress algorithm must be in range %d..%d\n"
+#~ msgstr "kompresný algoritmus musí by» v rozmedzí %d..%d\n"
+
+#~ msgid ""
+#~ "%08lX: It is not sure that this key really belongs to the owner\n"
+#~ "but it is accepted anyway\n"
+#~ msgstr ""
+#~ "%08lX: Nie je isté, èi tento podpis patrí vlastníkovi, napriek\n"
+#~ "tomu je akceptovaný\n"
+
+#~ msgid "preference %c%lu is not valid\n"
+#~ msgstr "predvoµba %c%lu nie je platná\n"
+
+#~ msgid "key %08lX: not a rfc2440 key - skipped\n"
+#~ msgstr "kµúè %08lX: nie je vo formáte RFC 2440 - preskoèené\n"
+
+#~ msgid ""
+#~ "NOTE: Elgamal primary key detected - this may take some time to import\n"
+#~ msgstr ""
+#~ "POZNÁMKA: Nájdený primárny kµúè Elgamal - import mô¾e chvíµu trva»\n"
+
+#~ msgid " (default)"
+#~ msgstr "de¹ifrova» dáta (implicitne)"
+
+#~ msgid "%s%c %4u%c/%08lX created: %s expires: %s"
+#~ msgstr "%s%c %4u%c/%08lX vytvorený: %s platnos» do: %s"
+
+#~ msgid "Policy: "
+#~ msgstr "Politika: "
+
+#~ msgid "can't get key from keyserver: %s\n"
+#~ msgstr "nemô¾em dosta» kµúè zo servera kµúèov: %s\n"
+
+#~ msgid "success sending to `%s' (status=%u)\n"
+#~ msgstr "úspe¹né odoslanie na `%s' (status=%u)\n"
+
+#~ msgid "failed sending to `%s': status=%u\n"
+#~ msgstr "zlyhalo posielanie na `%s': (status=%u)\n"
+
+#~ msgid "this keyserver does not support --search-keys\n"
+#~ msgstr "tento server kµúèov nepodporuje --search-keys\n"
+
+#~ msgid "can't search keyserver: %s\n"
+#~ msgstr "nemô¾em prehµadáva» server kµúèov: %s\n"
+
+#~ msgid ""
+#~ "key %08lX: this is a PGP generated ElGamal key which is NOT secure for "
+#~ "signatures!\n"
+#~ msgstr ""
+#~ "kµúè %08lX: toto je kµúè algoritmu ElGamal vygenerovaný v PGP - podpisy "
+#~ "ním vytvorené NIE SÚ bezpeèné!\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu second in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "kµúè %08lX bol vytvorený %lu sekund v budúcnosti (do¹lo ku zmene èasu "
+#~ "alebo\n"
+#~ "je problém so systémovým èasom)\n"
+
+#~ msgid ""
+#~ "key %08lX has been created %lu seconds in future (time warp or clock "
+#~ "problem)\n"
+#~ msgstr ""
+#~ "kµúè %08lX bol vytvorený %lu sekund v budúcnosti (do¹lo ke zmene èasu "
+#~ "alebo\n"
+#~ "je problém so systémovým èasom)\n"
+
+#~ msgid "key %08lX marked as ultimately trusted\n"
+#~ msgstr "kµúè %08lX oznaèený ako absolútne dôveryhodný.\n"
+
+#~ msgid "signature from Elgamal signing key %08lX to %08lX skipped\n"
+#~ msgstr "podpis od podpisového kµúèa Elgamal %08lX po %08lX preskoèený\n"
+
+#~ msgid "signature from %08lX to Elgamal signing key %08lX skipped\n"
+#~ msgstr "podpis od %08lX po podpisový kµúè Elgamal %08lX preskoèený\n"
+
+#~ msgid "checking at depth %d signed=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+#~ msgstr ""
+#~ "kontrola v håbke %d podpísané=%d ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the digital signature algorithm which can only be used\n"
+#~ "for signatures. This is the suggested algorithm because verification of\n"
+#~ "DSA signatures are much faster than those of ElGamal.\n"
+#~ "\n"
+#~ "ElGamal is an algorithm which can be used for signatures and encryption.\n"
+#~ "OpenPGP distinguishs between two flavors of this algorithms: an encrypt "
+#~ "only\n"
+#~ "and a sign+encrypt; actually it is the same, but some parameters must be\n"
+#~ "selected in a special way to create a safe key for signatures: this "
+#~ "program\n"
+#~ "does this but other OpenPGP implementations are not required to "
+#~ "understand\n"
+#~ "the signature+encryption flavor.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of "
+#~ "signing;\n"
+#~ "this is the reason why the encryption only ElGamal key is not available "
+#~ "in\n"
+#~ "this menu."
+#~ msgstr ""
+#~ "Vyberte algoritmus.\n"
+#~ "\n"
+#~ "DSA (nazývaný tie¾ DSS) je algoritmus digitálneho podpisu, ktorý mô¾e "
+#~ "by»\n"
+#~ "pou¾itý len pre podpisy. Je to odporúèaný algoritmus, preto¾e overenie\n"
+#~ "DSA podpisov je oveµa rýchlej¹í ako v algoritme ElGamal.\n"
+#~ "\n"
+#~ "Algoritmus ElGamal mô¾e by» pou¾ívaný ako na podpisy tak na ¹ifrovanie.\n"
+#~ "©tandard OpenPGP rozli¹uje medzi dvoma re¾imami tohto algoritmu:\n"
+#~ "len ¹ifrovanie a ¹ifrovanie+podpis; v podstate je to rovnaké, ale "
+#~ "niekoµko\n"
+#~ "parametrov musí by» vybraných ¹peciálnym spôsobom pre vytvorenie "
+#~ "bezpeèného kµúèa\n"
+#~ "pre podpisy: tento program to vie, ale nie je vy¾adované, aby aj iné\n"
+#~ "implementácie OpenPGP pracovali v re¾ime podpis+¹ifrovanie.\n"
+#~ "\n"
+#~ "Prvý (primárny) kµúè musí by» v¾dy kµúè, ktorý je schopný podpisova»;\n"
+#~ "to je dôvod, preèo v tomto menu nie je k dispozícii kµúè algoritmu "
+#~ "ElGamal\n"
+#~ "urèený len na ¹ifrovanie."
+
+#~ msgid ""
+#~ "Although these keys are defined in RFC2440 they are not suggested\n"
+#~ "because they are not supported by all programs and signatures created\n"
+#~ "with them are quite large and very slow to verify."
+#~ msgstr ""
+#~ "Hoci sú tieto kµúèe definované v RFC2440, nie sú odporúèané,\n"
+#~ "preto¾e nie sú podporováné v¹etkými programami a podpisy nimi vytvorené\n"
+#~ "sú dos» veµké a na overenie veµmi pomalé."
+
+#~ msgid "%lu keys so far checked (%lu signatures)\n"
+#~ msgstr "%lu kµúèov u¾ skontrolovaných (%lu podpisov)\n"
+
+#~ msgid "key incomplete\n"
+#~ msgstr "kµúè nekompletný\n"
+
+#~ msgid "key %08lX incomplete\n"
+#~ msgstr "kµúè %08lX: nekompletný\n"
diff --git a/po/stamp-po b/po/stamp-po
new file mode 100644
index 0000000..9788f70
--- /dev/null
+++ b/po/stamp-po
@@ -0,0 +1 @@
+timestamp
diff --git a/po/sv.gmo b/po/sv.gmo
new file mode 100644
index 0000000..e7386d8
--- /dev/null
+++ b/po/sv.gmo
Binary files differ
diff --git a/po/sv.po b/po/sv.po
new file mode 100644
index 0000000..fd72943
--- /dev/null
+++ b/po/sv.po
@@ -0,0 +1,8836 @@
+# Swedish messages for gnupg
+# Copyright (C) 1999-2011 Free Software Foundation, Inc.
+# Per Tunedal <info@clipanish.com>, 2004.
+# Daniel Resare <daniel@resare.com>, 1999-2002.
+# Daniel Nylander <po@danielnylander.se>, 2006, 2007, 2008, 2011.
+#
+# ===================================================
+# This a completely revised and extended translation.
+# All translations have been revised and updated 2002.
+# In 2004 new strings where translated and most errors
+# where corrected. The translations were checked for
+# consistency and some expressions where given new
+# translations.
+# 2004/12/01 Per Tunedal
+# ===================================================
+#
+# First translator Daniel Resare <daniel@resare.com>, 1999-2002,
+# who sends his thanks to André Dahlqvist <andre@beta.telenordia.se>
+# and to his wife Olivia <olivia@resare.com>.
+#
+# $Id$
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg trunk\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2011-01-12 14:53+0100\n"
+"Last-Translator: Daniel Nylander <po@danielnylander.se>\n"
+"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: agent/call-pinentry.c:244
+#, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "misslyckades med att ta kontroll över PIN-inmatningslåset: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr "_OK"
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr "_Avbryt"
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr "PIN-kod:"
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr "Kvalitet:"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+"Denna rad indikerar kvaliteten för ovan angiven lösenfras.\n"
+"GnuPG anser att lösenfrasen är för svag så länge som den visar rött.\n"
+"En stark lösenfras bygger man genom att blanda versaler, gemener, siffror\n"
+"och specialtecken. Fråga din administratör om mer exakt information hur\n"
+"man anger säkra lösenfraser."
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+"Ange din PIN-kod så att den hemliga nyckeln kan låsas upp för den här "
+"sessionen"
+
+#: agent/call-pinentry.c:719
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+"Ange din lösenfras så att den hemliga nyckeln kan låsas upp för denna session"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr "SETERROR %s (försök %d av %d)"
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+msgid "PIN too long"
+msgstr "PIN-koden är för lång"
+
+#: agent/call-pinentry.c:800
+msgid "Passphrase too long"
+msgstr "Lösenfrasen är för lång"
+
+#: agent/call-pinentry.c:808
+msgid "Invalid characters in PIN"
+msgstr "Ogiltiga tecken i PIN-kod"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr "PIN-kod för kort"
+
+# MPI står för Multiple Precision Integer (tror jag)
+#: agent/call-pinentry.c:825
+msgid "Bad PIN"
+msgstr "Felaktig PIN-kod"
+
+#: agent/call-pinentry.c:826
+msgid "Bad Passphrase"
+msgstr "Felaktig lösenfras"
+
+#: agent/call-pinentry.c:863
+msgid "Passphrase"
+msgstr "Lösenfras"
+
+# Skyddssammandraget låter underligt
+# Kontrollsumma?
+#: agent/command-ssh.c:531
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "ssh-nycklar större än %d bitar stöds inte\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "kan inte skapa \"%s\": %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "kan inte öppna \"%s\": %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "fel när serienumret hämtades från kortet: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr "identifierade kort med serienummer: %s\n"
+
+#: agent/command-ssh.c:1717
+#, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "fel när nyckel-id för autentisering hämtades från kortet: %s\n"
+
+#: agent/command-ssh.c:1737
+#, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "ingen lämplig kortnyckel hittades: %s\n"
+
+#: agent/command-ssh.c:1787
+#, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "skuggning av nyckeln misslyckades: %s\n"
+
+#: agent/command-ssh.c:1802
+#, c-format
+msgid "error writing key: %s\n"
+msgstr "fel vid skrivning av nyckel: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Ange lösenfrasen för ssh-nyckeln%0A %c"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+msgid "Please re-enter this passphrase"
+msgstr "Ange denna lösenfras igen"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"Ange en lösenfras för att skydda den mottagna hemliga nyckeln%%0A %s%%0Ai "
+"gpg-agents nyckellager"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr "stämmer inte överens - försök igen"
+
+#: agent/command-ssh.c:3054
+#, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "misslyckades med att skapa flöde från uttag: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr "Mata in kortet med serienummer"
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr "Ta bort det aktuella kortet och mata in det med serienummer"
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr "Admin PIN-kod"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr "PUK-kod"
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr "Nollställ kod"
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr "%s%%0A%%0AAnvänd läsarens knappsats för inmatning."
+
+#: agent/divert-scd.c:287
+msgid "Repeat this Reset Code"
+msgstr "Upprepa denna nollställningskod"
+
+#: agent/divert-scd.c:289
+msgid "Repeat this PUK"
+msgstr "Upprepa denna PUK-kod"
+
+#: agent/divert-scd.c:290
+msgid "Repeat this PIN"
+msgstr "Upprepa denna PIN-kod"
+
+#: agent/divert-scd.c:295
+msgid "Reset Code not correctly repeated; try again"
+msgstr "Nollställningskoden repeterades inte korrekt; försök igen"
+
+#: agent/divert-scd.c:297
+msgid "PUK not correctly repeated; try again"
+msgstr "PUK-koden repeterades inte korrekt; försök igen"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "PIN-kod repeterades inte korrekt; försök igen"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "Ange PIN-koden%s%s%s för att låsa upp kortet"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "fel när temporärfil skapades: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "fel vid skrivning till temporärfil: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+msgid "Enter new passphrase"
+msgstr "Ange ny lösenfras"
+
+#: agent/genkey.c:167
+msgid "Take this one anyway"
+msgstr "Ta den här ändå"
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+"Varning: Du har angivit en lösenfras som inte är säker.%%0AEn lösenfras ska "
+"vara minst %u tecken lång."
+msgstr[1] ""
+"Varning: Du har angivit en lösenfras som inte är säker.%%0AEn lösenfras ska "
+"vara minst %u tecken lång."
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+"Varning: Du har angivit en lösenfras som inte är säker.%%0AEn lösenfras ska "
+"innehålla minst %u tecken eller%%0Aspecialtecken."
+msgstr[1] ""
+"Varning: Du har angivit en lösenfras som inte är säker.%%0AEn lösenfras ska "
+"innehålla minst %u tecken eller%%0Aspecialtecken."
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+"Varning: Du har angivit en lösenfras som inte är säker.%%0AEn lösenfras får "
+"inte vara ett känd ord eller matcha%%0Avissa mönster."
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr "Du har inte angivit en lösenfras!%0AEn tom lösenfras tillåts inte."
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+"Du har inte angivet en lösenfras - det här är oftast en dålig idé!%"
+"0ABekräfta att du inte vill ha något som helst skydd för din nyckel."
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr "Ja, skydd behövs inte"
+
+# fel kapitalisering i originalet?
+#: agent/genkey.c:308
+#, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr "Ange lösenfrasen för%0Aför att skydda din nya nyckel"
+
+#: agent/genkey.c:431
+msgid "Please enter the new passphrase"
+msgstr "Ange den nya lösenfrasen"
+
+# Här bruksanvisning för kommandoraden. Resultatet har jag översatt med "inställningar", eftersom flaggorna även kan förekomma i en inställningsfil.
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@Flaggor:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr "kör i serverläge (förgrund)"
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr "kör i demonläge (bakgrund)"
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "utförlig"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "var något tystare"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr "sh-liknande kommandoutdata"
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr "csh-liknande kommandoutdata"
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+msgid "|FILE|read options from FILE"
+msgstr "|FIL|läs inställningar från FIL"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr "frigör inte från konsollen"
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr "fånga inte tangentbord och mus"
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+msgid "use a log file for the server"
+msgstr "använd en loggfil för servern"
+
+#: agent/gpg-agent.c:138
+msgid "use a standard location for the socket"
+msgstr "använd en standardplats för uttaget"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr "|PRG|använd PRG som PIN-inmatningsprogrammet"
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr "|PRG|använd PRG som SCdaemon-programmet"
+
+#: agent/gpg-agent.c:145
+msgid "do not use the SCdaemon"
+msgstr "använd inte SCdaemon"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr "ignorera begäran om att ändra TTY"
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr "ignorera begäran om att ändra X-display"
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr "|N|låt mellanlagrade PIN-koder gå ut efter N sekunder"
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr "använd inte mellanlagring av PIN-kod vid signering"
+
+# Antar att värdet inte ska översättas.
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr "tillåt klienter att markera nycklar som \"trusted\""
+
+#: agent/gpg-agent.c:179
+msgid "allow presetting passphrase"
+msgstr "tillåt förinställning av lösenfras"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr "aktivera ssh-agent-emulering"
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr "|FIL|skriv även miljöinställningar till FIL"
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr ""
+"Rapportera fel till <@EMAIL@>.\n"
+"Skicka synpunkter på översättningen till <tp-sv@listor.tp-sv.se>.\n"
+
+#: agent/gpg-agent.c:342
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Användning: gpg-agent [flaggor] (-h för hjälp)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+"Syntax: gpg-agent [flaggor] [kommando [argument]]\n"
+"Hantering av hemliga nycklar för GnuPG\n"
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr "ogiltig debug-level \"%s\" angiven\n"
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr "%s är för gammal (behöver %s, har %s)\n"
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "OBS: inställningsfilen \"%s\" saknas\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "inställningsfil \"%s\": %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "läser inställningar från \"%s\"\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "Fel när \"%s\" skapades: %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "%s: kan inte skapa katalog: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr "namnet på uttaget är för långt\n"
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, c-format
+msgid "can't create socket: %s\n"
+msgstr "kan inte skapa uttag: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "namnet på uttaget \"%s\" är för långt\n"
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "en gpg-agent är redan igång - startar inte en till\n"
+
+# Jag har valt att inte översätta nonce. Nonce är data eller information som endast används en gång
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+msgid "error getting nonce for the socket\n"
+msgstr "fel vid hämtning av nonce för uttaget\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "fel när \"%s\" bands till uttag: %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, c-format
+msgid "listen() failed: %s\n"
+msgstr "listen() misslyckades: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, c-format
+msgid "listening on socket `%s'\n"
+msgstr "lyssnar på uttaget \"%s\"\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "katalogen \"%s\" skapades\n"
+
+#: agent/gpg-agent.c:1640
+#, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "stat() misslyckades för \"%s\": %s\n"
+
+#: agent/gpg-agent.c:1644
+#, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "kan inte använda \"%s\" som hemkatalog\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "fel vid läsning av nonce på fd %d: %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr "hanteraren 0x%lx för fd %d startad\n"
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr "hanteraren 0x%lx för fd %d avslutad\n"
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr "ssh-hanteraren 0x%lx för fd %d startad\n"
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr "ssh-hanteraren 0x%lx för fd %d avslutad\n"
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "pth_select misslyckades: %s - väntar 1 s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, c-format
+msgid "%s %s stopped\n"
+msgstr "%s %s stoppad\n"
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr "ingen gpg-agent kör i den här sessionen\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "miljövariabeln GPG_AGENT_INFO är felformaterad\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "GPG-Agent protokoll version %d stöds inte\n"
+
+# KEYGRIP är ett hexadecimalt värde som representerar hashen för den publika nyckeln
+#: agent/preset-passphrase.c:98
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr ""
+"Användning: gpg-preset-passphrase [flaggor] NYCKELHASH (-h för hjälp)\n"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+"Syntax: gpg-preset-passphrase [flaggor] NYCKELHASH\n"
+"Underhåll av lösenordscache\n"
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Kommandon:\n"
+" "
+
+# Här bruksanvisning för kommandoraden. Resultatet har jag översatt med "inställningar", eftersom flaggorna även kan förekomma i en inställningsfil.
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Flaggor:\n"
+" "
+
+#: agent/protect-tool.c:166
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Användning: gpg-protect-tool [flaggor] (-h för hjälp)\n"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+"Syntax: gpg-protect-tool [flaggor] [argument]\n"
+"Underhållsverktyg för hemliga nycklar\n"
+
+#: agent/protect-tool.c:1162
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Ange lösenfrasen för att avskydda PKCS#12-objektet."
+
+#: agent/protect-tool.c:1167
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Ange lösenfrasen för att skydda det nya PKCS#12-objektet."
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+"Ange lösenfrasen för att skydda det importerade objektet inom GnuPG-systemet."
+
+#: agent/protect-tool.c:1178
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+"Ange lösenfrasen eller PIN-koden som\n"
+"behövs för att färdigställa denna åtgärd."
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+msgid "Passphrase:"
+msgstr "Lösenfras:"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+msgid "cancelled\n"
+msgstr "avbruten\n"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "fel vid fråga efter lösenfrasen: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, c-format
+msgid "error opening `%s': %s\n"
+msgstr "fel vid öppnandet av \"%s\": %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "fil \"%s\", rad %d: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr "uttrycket \"%s\" ignorerat i \"%s\", rad %d\n"
+
+#: agent/trustlist.c:185
+#, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "systemets tillitslista \"%s\" är inte tillgänglig\n"
+
+#: agent/trustlist.c:229
+#, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "felaktigt fingeravtryck i \"%s\", rad %d\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr "ogiltig nyckelflagga i \"%s\", rad %d\n"
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "fel vid läsning av \"%s\", rad %d: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr "fel vid inläsning av betrodda rotcertifikat\n"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+"Litar du förbehållslöst på%%0A \"%s\"%%0Aatt korrekt certifiera "
+"användarcertifikat?"
+
+#: agent/trustlist.c:620 common/audit.c:467
+msgid "Yes"
+msgstr "Ja"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr "Nej"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+"Validera att certifikatet identifierat som:%%0A \"%s\"%%0Ahar "
+"fingeravtrycket:%%0A %s"
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr "Korrekt"
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr "Fel"
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+"Observera: Den här lösenfrasen har aldrig blivit ändrad.%0ADu bör ändra den "
+"nu."
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+"Den här lösenfrasen har inte ändrats%%0Asedan %.4s-%.2s-%.2s. Du bör ändra "
+"den nu."
+
+#: agent/findkey.c:187 agent/findkey.c:194
+msgid "Change passphrase"
+msgstr "ändra lösenfras"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr "Jag ändrar den senare"
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "fel när ett rör skapades: %s\n"
+
+# se förra kommentaren
+#: common/exechelp.c:599 common/exechelp.c:658
+#, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "kan inte fdopen rör för läsning: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, c-format
+msgid "error forking process: %s\n"
+msgstr "fel vid grening av process: %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr "misslyckades med att vänta på att processen %d skulle avslutas: %s\n"
+
+#: common/exechelp.c:819
+#, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "fel vid hämtning av avslutskod för processen %d: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "fel vid körning av \"%s\": avslutsstatus %d\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr "fel vid körning av \"%s\": antagligen inte installerat\n"
+
+#: common/exechelp.c:885
+#, c-format
+msgid "error running `%s': terminated\n"
+msgstr "fel vid körning av \"%s\": avslutades\n"
+
+#: common/http.c:1674
+#, c-format
+msgid "error creating socket: %s\n"
+msgstr "fel när uttag skapades: %s\n"
+
+#: common/http.c:1718
+msgid "host not found"
+msgstr "värden hittades inte"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "kunde inte få tillgång till GPG-Agent i denna session\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "kan inte ansluta till \"%s\": %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "kommunikationsproblem med gpg-agent\n"
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr "inställningsproblem för gpg-agent\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+msgid "canceled by user\n"
+msgstr "avbruten av användaren\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr "problem med agenten\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "kan inte stänga av minnesutskrifter: %s\n"
+
+#: common/sysutils.c:200
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "Varning: osäkert ägarskap på %s \"%s\"\n"
+
+# Extension är vad? FIXME
+#: common/sysutils.c:232
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "Varning: osäkra rättigheter på %s \"%s\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "ja"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "jJ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "nej"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "avsluta"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "aA"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr "okay|okej|ok"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr "avbryt|stoppa"
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr "oO"
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr "aAsS"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr "slut på kärna i säkert minne vid allokering av %lu byte"
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr "slut på kärna vid allokering av %lu byte"
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr "ingen körande gpg-agent - startar en\n"
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr "väntar %d sekunder för att agenten ska komma igång\n"
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr "kan inte ansluta till agenten - försöker falla tillbaka\n"
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr "|audit-log-result|Bra"
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr "|audit-log-result|DÃ¥lig"
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr "|audit-log-result|Stöds inte"
+
+#: common/audit.c:481
+msgid "|audit-log-result|No certificate"
+msgstr "|audit-log-result|Inget certifikat"
+
+#: common/audit.c:483
+msgid "|audit-log-result|Not enabled"
+msgstr "|audit-log-result|Inte aktiverat"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr "|audit-log-result|Fel"
+
+#: common/audit.c:487
+msgid "|audit-log-result|Not used"
+msgstr "|audit-log-result|Används inte"
+
+#: common/audit.c:489
+msgid "|audit-log-result|Okay"
+msgstr "|audit-log-result|Okej"
+
+#: common/audit.c:491
+msgid "|audit-log-result|Skipped"
+msgstr "|audit-log-result|Hoppades över"
+
+#: common/audit.c:493
+msgid "|audit-log-result|Some"
+msgstr "|audit-log-result|NÃ¥gra"
+
+#: common/audit.c:726
+msgid "Certificate chain available"
+msgstr "Certifikatkedja tillgänglig"
+
+#: common/audit.c:733
+msgid "root certificate missing"
+msgstr "rotcertifikatet saknas"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr "Datakryptering lyckades"
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+msgid "Data available"
+msgstr "Data tillgängligt"
+
+#: common/audit.c:767
+msgid "Session key created"
+msgstr "Sessionsnyckel skapad"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, c-format
+msgid "algorithm: %s"
+msgstr "algoritm: %s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, c-format
+msgid "unsupported algorithm: %s"
+msgstr "algoritmen stöds inte: %s"
+
+#: common/audit.c:778 common/audit.c:925
+msgid "seems to be not encrypted"
+msgstr "verkar inte vara krypterat"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr "Antal mottagare"
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr "Mottagare %d"
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr "Datasignering lyckades"
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, c-format
+msgid "data hash algorithm: %s"
+msgstr "hashalgoritm för data: %s"
+
+#: common/audit.c:862
+#, c-format
+msgid "Signer %d"
+msgstr "Signerare %d"
+
+#: common/audit.c:866 common/audit.c:1065
+#, c-format
+msgid "attr hash algorithm: %s"
+msgstr "hashalgoritm för attr: %s"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr "Datadekryptering lyckades"
+
+#: common/audit.c:910
+msgid "Encryption algorithm supported"
+msgstr "Krypteringsalgoritmen stöds"
+
+#: common/audit.c:993
+msgid "Data verification succeeded"
+msgstr "Datavalidering lyckades"
+
+#: common/audit.c:1002
+msgid "Signature available"
+msgstr "Signatur tillgänglig"
+
+#: common/audit.c:1024
+msgid "Parsing data succeeded"
+msgstr "Tolkning av data lyckades"
+
+#: common/audit.c:1036
+#, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "felaktig hashalgoritm för data: %s"
+
+#: common/audit.c:1051
+#, c-format
+msgid "Signature %d"
+msgstr "Signatur %d"
+
+#: common/audit.c:1079
+msgid "Certificate chain valid"
+msgstr "Certifikatkedjan är giltig"
+
+#: common/audit.c:1090
+msgid "Root certificate trustworthy"
+msgstr "rotcertifikatet är pålitligt"
+
+#: common/audit.c:1111 sm/certchain.c:935
+msgid "no CRL found for certificate"
+msgstr "ingen spärrlista hittades för certifikatet"
+
+#: common/audit.c:1114 sm/certchain.c:945
+msgid "the available CRL is too old"
+msgstr "den tillgängliga spärrlistan är för gammal"
+
+#: common/audit.c:1119
+msgid "CRL/OCSP check of certificates"
+msgstr "CRL/OCSP-kontroll av certifikat"
+
+#: common/audit.c:1139
+msgid "Included certificates"
+msgstr "Inkluderade certifikat"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr "Inga poster i granskningslogg."
+
+#: common/audit.c:1243
+msgid "Unknown operation"
+msgstr "Okänd åtgärd"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr "Gpg-Agent användbar"
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr "Dirmngr användbar"
+
+#: common/audit.c:1307
+#, c-format
+msgid "No help available for `%s'."
+msgstr "Det finns ingen hjälp tillgänglig för \"%s\"."
+
+#: common/helpfile.c:80
+msgid "ignoring garbage line"
+msgstr "ignorerar skräprad"
+
+#: common/gettime.c:503
+msgid "[none]"
+msgstr "[ingen]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "ASCII-skal: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "ogiltig rubrikrad i ASCII-skalet: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "ASCII-skal: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "ogiltig rubrikrad i klartextsignatur\n"
+
+#: g10/armor.c:455
+msgid "unknown armor header: "
+msgstr "okänt ASCII-skalhuvud: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "flera klartextsignaturer går in i varandra\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "oväntat skal: "
+
+# rader i klartexten som inleds med bindestreck får ett extra bindestreck vid klartextsignatur (för att lättare hitta "---- Begin ..."
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "ogiltig rad som börjar med bindestreck: "
+
+# överhoppad eller hoppades över?
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "ogiltigt radix64-tecken %02X hoppades över\n"
+
+# CRC Cyclic Redundancy Checksum används för att upptäcka fel i ascii-skalet. Används allmänt, trots att det inte höjer säkerheten.
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "för tidigt filslut (ingen CRC-summa)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "för tidigt filslut (i CRC-summan)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "felformaterad CRC-summa\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "CRC-fel; %06lX - %06lX\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "för tidigt filslut (i den avslutande raden)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "fel i avslutande rad\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "hittade ingen giltig OpenPGP-data.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "ogiltigt ASCII-skal: raden är längre än %d tecken\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"tecken kodade enligt \"quoted printable\"-standarden hittades i skalet - "
+"detta\n"
+"beror sannolikt på att en felaktig e-postserver eller e-postklient har "
+"använts\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"ett notationsnamn får endast innehålla skrivbara tecken eller blanksteg, och "
+"sluta med ett \"'=\"\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "en användares notationsnamn måste innehåller tecknet \"@\"\n"
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "ett notationsnamn får inte innehålla fler än ett \"@\"-tecken\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "ett notationsvärde får inte använda några styrtecken\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "VARNING: ogiltig notationsdata hittades\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "inte läsbart"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "OpenPGP-kort är inte tillgängligt: %s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "OpenPGP-kort nr. %s identifierades\n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "kan inte göra detta i satsläge\n"
+
+#: g10/card-util.c:106
+msgid "This command is only available for version 2 cards\n"
+msgstr "Detta kommando är endast tillgängligt för kort av version 2\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+msgid "Reset Code not or not anymore available\n"
+msgstr "Återställningskoden är inte tillgänglig längre\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Vad väljer du? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[inte inställt]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "man"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "kvinna"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "ej angiven"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "inte tvingad"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "tvingad"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "Fel: Endast ren ASCII tillåts för närvarande.\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "Fel: Tecknet \"<\" får inte användas.\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "Fel: Dubbla blanksteg tillåts inte.\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "Kortinnehavarens efternamn: "
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "Kortinnehavarens förnamn: "
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "Fel: Fullständigt namn för långt (gränsen är %d tecken).\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "Url för att hämta publik nyckel: "
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "Fel: URL:en är för lång (gränsen är %d tecken).\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "fel vid allokering av tillräckligt mycket minne: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "fel vid läsning av \"%s\": %s\n"
+
+#: g10/card-util.c:839
+#, c-format
+msgid "error writing `%s': %s\n"
+msgstr "fel vid skrivning till \"%s\": %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "Inloggningsdata (kontonamn): "
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "Fel: Inloggningsdata är för långt (gräns är %d tecken).\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr "Privat DO-data: "
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "Fel: Privat DO för långt (gränsen är %d tecken).\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "Språkinställningar: "
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "Fel: ogiltig längd på inställningssträngen\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Fel: ogiltiga tecken i inställningssträngen.\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "Kön ((M)an, Kvinna(F) eller blanksteg): "
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "Fel: ogiltigt svar.\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "CA-fingeravtryck: "
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "Fel: ogiltigt formaterat fingeravtryck.\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "nyckelåtgärden är inte möjlig: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "inte ett OpenPGP-kort"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "fel vid hämtning av aktuell nyckelinformation: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "Ersätt existerande nyckel? (j/N) "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+"OBSERVERA: Det finns ingen garanti för att kortet har stöd för den\n"
+" begärda storleken. Om nyckelgenereringen inte lyckas så bör du\n"
+" kontrollera dokumentationen för ditt kort för att se vilka storlekar\n"
+" som tillåts.\n"
+
+#: g10/card-util.c:1295
+#, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Vilken nyckelstorlek vill du använda för signaturnyckeln? (%u) "
+
+#: g10/card-util.c:1297
+#, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Vilken nyckelstorlek vill du använda för krypteringsnyckeln? (%u) "
+
+#: g10/card-util.c:1298
+#, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Vilken nyckelstorlek vill du använda för autentiseringsnyckeln? (%u) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "avrundade uppåt till %u bitar\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "%s nyckelstorlekar måste vara inom intervallet %u-%u\n"
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+"Kortet kommer nu att konfigureras om för att generera en nyckel med %u "
+"bitar\n"
+
+#: g10/card-util.c:1342
+#, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "fel vid ändring av storlek för nyckel %d till %u bitar: %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "Skapa säkerhetskopia av krypteringsnyckel utanför kortet? (J/n) "
+
+#: g10/card-util.c:1378
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "OBSERVERA: nycklar har redan lagrats på kortet!\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "Ersätt existerande nycklar? (j/N) "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"Observera dock att fabriksinställningarna för PIN-koderna är\n"
+" PIN-kod = \"%s\" Admin PIN-kod = \"%s\"\n"
+"Du bör ändra dem med kommandot --change-pin\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "Välj vilken typ av nyckel som ska genereras:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) Signeringsnyckel\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) Krypteringsnyckel\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) Autentiseringsnyckel\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Ogiltigt val.\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "Välj var nyckeln ska sparas:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "okänd nyckelskyddsalgoritm\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "hemliga delar av nyckeln är inte tillgängliga.\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "hemlig nyckel redan lagrad på ett kort\n"
+
+#: g10/card-util.c:1623
+#, c-format
+msgid "error writing key to card: %s\n"
+msgstr "fel vid skrivning av nyckel till kort: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "avsluta denna meny"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "visa administratörskommandon"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "visa denna hjälp"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "lista allt tillgängligt data"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "ändra kortinnehavarens namn"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "ändra url för att hämta nyckel"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "hämta nyckel som anges i kortets url"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "ändra inloggningsnamnet"
+
+# originalet borde ha ett value
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "ändra språkinställningarna"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "ändra kortinnehavarens kön"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "ändra ett CA-fingeravtryck"
+
+# den låter skum
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr "växla flagga för att tvinga signatur-PIN-kod"
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "generera nya nycklar"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "meny för att ändra eller avblockera PIN-koden"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr "validera PIN-koden och lista allt data"
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr "lås upp PIN-koden med en nollställningskod"
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr "gpg/kort> "
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "Kommandon endast för administratör\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "Administrationskommandon tillåts\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "Administrationskommandon tillåts inte\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Ogiltigt kommando (prova med \"help\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output kan inte användas för detta kommando\n"
+
+# se förra kommentaren
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "kan inte öppna \"%s\"\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "nyckeln \"%s\" hittades inte: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "fel vid läsning av nyckelblock: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(om du inte anger nyckeln med hjälp av fingeravtrycket)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "kan inte göra så i satsläge utan \"--yes\"\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Ta bort denna nyckel från nyckelringen? (j/N) "
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Detta är en hemlig nyckel! - verkligen ta bort den? (j/N) "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "misslyckades med att radera nyckelblock: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "raderat information om ägartillit\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "det finns en hemlig nyckel för denna publika nyckeln \"%s\"!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "använd flaggan \"--delete-secret-keys\"för att ta bort den först.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "fel när lösenfras skapades: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "kan inte använda symmetriska ESK-paket pga S2K-läge\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "använder %s-chiffer\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "\"%s\" är redan komprimerad\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "VARNING: \"%s\" är en tom fil\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"du kan endast kryptera till RSA-nycklar som är högst 2048 bitar långa i --"
+"pgp2-läge\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "läser från \"%s\"\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr "kan inte använda IDEA-chiffer för alla nycklar du krypterar till.\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"VARNING: tvinga symmetriskt chiffer med %s (%d) strider mot "
+"mottagarinställningarna\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"VARNING: tvinga komprimeringsalgoritmen %s (%d) strider mot "
+"mottagarinställningarna\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"tvinga symmetriskt chiffer med %s (%d) strider mot mottagarinställningarna\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "du kan inte använda %s när du är i %s-läget\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s krypterad för: \"%s\"\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s-krypterad data\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "krypterad med en okänd algoritm %d\n"
+
+# I vissa algoritmer kan svaga nycklar förekomma. Dessa ska inte användas.
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"VARNING: meddelandet krypterades med en svag nyckel\n"
+"i det symmetriska chiffret.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "problem vid hanteringen av krypterat paket\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "ingen körning av fjärrprogram stöds\n"
+
+# Behörighet att komma åt inställningarna, tror jag. Inte behörigheter i inställningsfilen.
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"anrop av externa program är inaktiverat pga osäkra behörigheter för\n"
+"inställningsfilen\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr "denna plattform kräver temporärfiler vid anrop till externa program\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "kunde inte köra programmet \"%s\": %s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "kunde inte köra skalet \"%s\": %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "systemfel när externa program anropades: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "externt program avslutades felaktigt\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "kunde inte köra det externa programmet\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "kan inte läsa svaret från det externa programmet: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "VARNING: kan inte ta bort tempfil (%s) \"%s\": %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "VARNING: kunde inte ta bort temp-katalogen \"%s\": %s\n"
+
+#: g10/export.c:61
+msgid "export signatures that are marked as local-only"
+msgstr "exportera signaturer som är märkta som endast lokala"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr "exportera attribut i användaridentiteter (vanligtvis foto-id)"
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "exportera spärrnycklar markerade som \"känslig\""
+
+#: g10/export.c:67
+msgid "remove the passphrase from exported subkeys"
+msgstr "ta bort lösenfrasen från exporterade undernycklar"
+
+#: g10/export.c:69
+msgid "remove unusable parts from key during export"
+msgstr "ta bort oanvändbara delar från nyckeln under exportering"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr "ta bort så mycket som möjligt från nyckeln under exportering"
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr "exportera nycklar i ett S-uttrycksbaserat format"
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "export av hemliga nycklar tillåts inte\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "nyckeln %s: inte skyddad - hoppade över\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "nyckeln %s: nyckel av PGP 2.x-typ - hoppade över\n"
+
+#: g10/export.c:386
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "nyckeln %s: nyckelmaterial på kortet - hoppade över\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr "på väg att exportera en oskyddad undernyckel\n"
+
+#: g10/export.c:560
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "misslyckades med att ta bort skydd på undernyckel: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "VARNING: hemliga nyckeln %s har ingen enkel SK-kontrollsumma\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "VARNING: ingenting exporterat\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "för många poster i pk-cachen - inaktiverad\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[Användaridentiteten hittades inte]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr "hämtade \"%s\" automatiskt via %s\n"
+
+#: g10/getkey.c:1118
+#, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "fel vid hämtning av \"%s\" via %s: %s\n"
+
+#: g10/getkey.c:1120
+msgid "No fingerprint"
+msgstr "Inget fingeravtryck"
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"Ogiltiga nyckeln %s tvingades till giltig med --allow-non-selfsigned-uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "ingen hemlig undernyckel för publika undernyckeln %s - hoppar över\n"
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "använder undernyckeln %s istället för primära nyckeln %s\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "nyckel %s: hemlig nyckel utan publik nyckel - hoppades över\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+msgid "make a signature"
+msgstr "skapa en signatur"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+msgid "make a clear text signature"
+msgstr "skapa en klartextsignatur"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "skapa signatur i en separat fil"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "kryptera data"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "kryptering endast med symmetriskt chiffer"
+
+# gnupg dekrypterar data om inget kommando anges dvs. kommandot "decrypt" behöver inte användas.
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "dekryptera data (standard)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "validera en signatur"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "lista nycklar"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "lista nycklar och signaturer"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "lista och kontrollera nyckelsignaturer"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "lista nycklar och fingeravtryck"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "lista hemliga nycklar"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "generera ett nytt nyckelpar"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "generera ett spärrcertifikat"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "ta bort nycklar från den publika nyckelringen"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "ta bort nycklar från den hemliga nyckelringen"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "signera en nyckel"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "signera en nyckel lokalt"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "signera eller redigera en nyckel"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+msgid "change a passphrase"
+msgstr "ändra en lösenfras"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "exportera nycklar"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "exportera nycklar till en nyckelserver"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "importera nycklar från en nyckelserver"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "sök efter nycklar hos en nyckelserver"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "uppdatera alla nycklar nycklar från en nyckelserver"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "importera/slå samman nycklar"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "skriv ut kortstatus"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "ändra data på ett kort"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "ändra PIN-kod för ett kort"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "uppdatera tillitsdatabasen"
+
+#: g10/gpg.c:436
+msgid "print message digests"
+msgstr "skriv ut kontrollsummor"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr "kör i serverläge"
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "skapa utdata med ett ascii-skal"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|ANVÄNDAR-ID|kryptera för ANVÄNDAR-ID"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "|ANVÄNDAR-ID|använd ANVÄNDAR-ID för att signera eller dekryptera"
+
+#: g10/gpg.c:462
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|ställ in komprimeringsnivån till N (0 för att inaktivera)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "använd \"ursprunglig text\"-läget"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+msgid "|FILE|write output to FILE"
+msgstr "|FIL|skriv utdata till FIL"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "gör inga ändringar"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "fråga innan överskrivning"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "använd strikt OpenPGP-beteende"
+
+# inställningar istället för flaggor?
+# Nej, här är det bruksanvisningen för kommandoraden.
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Se manualsidan för en fullständig lista över alla kommandon och flaggor)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Exempel:\n"
+"\n"
+"-se -r Bosse [fil] signera och kryptera för användaren Bosse\n"
+"--clearsign [fil] skapa en klartextsignatur\n"
+"--detach-sign [fil] skapa signatur i en separat fil\n"
+"--list-keys [namn] visa nycklar\n"
+"--fingerprint [namn] visa fingeravtryck\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Användning: gpg [flaggor] [filer] (-h för hjälp)"
+
+# Om inget kommando anges (decrypt/encrypt etc) väljs åtgärd efter indata.
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntax: gpg [flaggor] [filer]\n"
+"signera, kontrollera, kryptera eller dekryptera\n"
+"standardåtgärden beror på inmatningsdata\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Algoritmer som stöds:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Publik nyckel: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Chiffer: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Kontrollsumma: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Komprimering: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "användning: gpg [flaggor] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "motstridiga kommandon\n"
+
+# Vad betyder detta?
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "no = signatur hittad i gruppdefinitionen \"%s\"\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "VARNING: osäkert ägarskap på hemkatalogen \"%s\"\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "VARNING: osäkert ägarskap på konfigurationsfilen \"%s\"\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "VARNING: osäkert ägarskap på tillägget \"%s\"\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "VARNING: osäkra rättigheter på hemkatalogen \"%s\"\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "VARNING: osäkra rättigheter på konfigurationsfilen \"%s\"\n"
+
+# Extension är vad? FIXME
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "VARNING: osäkra rättigheter på tillägget \"%s\"\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr ""
+"VARNING: osäkert ägarskap på inneslutande katalog för hemkatalogen \"%s\"\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+"VARNING: osäkert ägarskap på inneslutande katalog för konfigurationsfilen \"%"
+"s\"\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+"VARNING: osäkert ägarskap på inneslutande katalog för tillägget \"%s\"\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+"VARNING: osäkra rättigheter på inneslutande katalog för hemkatalogen \"%s\"\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+"VARNING: osäkra rättigheter på inneslutande katalog för konfigurationsfilen "
+"\"%s\"\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+"VARNING: osäkra rättigheter på inneslutande katalog för tillägget \"%s\"\n"
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "okänd konfigurationspost \"%s\"\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr "visa foto-id under nyckellistning"
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr "visa policy-url:er under signaturlistningar"
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr "visa alla notationer under signaturlistningar"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr "visa IETF-standardnotationer under signaturlistningar"
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr "visa användarangivna notationer under signaturlistningar"
+
+#: g10/gpg.c:1711
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "visa url:er till föredragna nyckelservrar under signaturlistningar"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr "visa giltighet för användaridentitet vid nyckellistningar "
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr "visa spärrade och utgångna användaridentiteter i nyckellistningar"
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr "visa spärrade och utgångna undernycklar i nyckellistningar"
+
+#: g10/gpg.c:1719
+msgid "show the keyring name in key listings"
+msgstr "visa nyckelringens namn i nyckellistningar"
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr "visa utgångsdatum under signaturlistningar"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "OBS: den gamla inställningsfilen \"%s\" används inte\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr "libgcrypt är för gammalt (behöver %s, har %s)\n"
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "OBS: %s är inte för normal användning!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "\"%s\" är inte ett giltigt utgångsdatum för en signatur\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "\"%s\" är ingen giltig teckentabell\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "kunde inte tolka url till nyckelserver\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: ogiltiga flaggor för nyckelserver\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "ogiltiga flaggor för nyckelserver\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: ogiltiga importeringsflaggor\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "ogiltiga importflaggor\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: ogiltiga exportflaggor\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "ogiltiga exportinställningar\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: ogiltiga listflaggor\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "ogiltiga listflaggor\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr "visa foto-id under signaturvalidering"
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr "visa policy-url:er under signaturvalidering"
+
+#: g10/gpg.c:2704
+msgid "show all notations during signature verification"
+msgstr "visa alla notationer under signaturvalidering"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr "visa IETF-standardnotationer under signaturvalidering"
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr "visa användarangivna notationer under signaturvalidering"
+
+#: g10/gpg.c:2712
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "visa url:er till föredragna nyckelserver under signaturvalidering"
+
+#: g10/gpg.c:2714
+msgid "show user ID validity during signature verification"
+msgstr "visa giltighet för användaridentitet vid signaturvalidering"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr "visa spärrade och utgångna användaridentiteter i signaturvalidering"
+
+#: g10/gpg.c:2718
+msgid "show only the primary user ID in signature verification"
+msgstr "visa endast primär användaridentitet i signaturvalidering"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr "validera signaturer med PKA-data"
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr "öka tillit på signaturer med giltigt PKA-data"
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: ogiltiga flaggor för validering\n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "ogiltiga flaggor för validering\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "kunde inte ställa in exec-path till %s\n"
+
+#: g10/gpg.c:2925
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: ogiltig auto-key-locate-lista\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr "ogiltig auto-key-locate-lista\n"
+
+# Programmet skapar en avbildning (image) av minnet för att lättare kunna spåra fel.
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "VARNING: programmet kan komma att skapa en minnesavbild!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "VARNING: %s gäller istället för %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s är inte tillåten tillsammans med %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "det är ingen poäng att använda %s tillsammans med %s!\n"
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "kommer inte att köra med osäkert minne på grund av %s\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr ""
+"du kan bara göra signaturer i en separat fil eller klartextsignaturer\n"
+"i --pgp2-läge\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "du kan inte signera och kryptera samtidigt i --pgp2-läge\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "du måste använda filer (och inte rör) i --pgp2-läge\n"
+
+# IDEA-algoritmen är patenterat i flera länder och finns därför inte med i GnuPG som standard.
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "kryptering av meddelanden i --pgp2-läge kräver IDEA-chiffret\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "den valda chifferalgoritmen är ogiltig\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "vald sammandragsalgoritm är ogiltig\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "vald komprimeringsalgoritm är ogiltig\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "vald algoritm för certifieringssammandrag är felaktig\n"
+
+# antalet betrodda signaturer som behövs (1-3) för att du ska lita på en nyckel du inte själv verifierat.
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "variabeln \"completes-needed\" måste ha ett värde som är större än 0\n"
+
+# antalet delvis betrodda signaturer som behövs (1-3) för att du ska lita på en nyckel du inte själv verifierat.
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "variabeln \"marginals-needed\" måste vara större än 1\n"
+
+# Hur djupt GnuPG ska leta i Web-of-trust.
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth måste vara inom intervallet från 1 till 255\n"
+
+# Det är nivån för hurväl du har kontrollerat att nyckeln tillhör innehavaren.
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr ""
+"ogiltigt standardvärde för certifieringsnivån; måste vara 0, 1, 2 eller 3\n"
+
+# Det är nivån för hurväl du har kontrollerat att nyckeln tillhör innehavaren.
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "ogiltigt minimivärde för certifieringsnivån; måste vara 1, 2 eller 3\n"
+
+# S2K har med krypteringen av hemliga nyckeln att göra
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "OBS: enkelt S2K-läge (0) rekommenderas inte\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "ogiltigt S2K-läge; måste vara 0, 1 eller 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "ogiltiga standardinställningar\n"
+
+# Du kan ange de algoritmer du föredrar i prioritetsordning. Då avgör inte enbart standard (symmetrisk kryptering) eller mottagarens preferenser (kryptering till öppen nyckel).
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "ogiltig inställning av personligt chiffer\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "ogiltig inställning av föredragna kontrollsummealgoritmer\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "ogiltig inställning av föredragna kompressionsalgoritmer\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s fungerar ännu inte med %s\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "du får inte använda chifferalgoritmen \"%s\" när du är i %s-läget\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr ""
+"du får inte använda sammandragsalgoritmen \"%s\" när du är i %s-läget\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr ""
+"du får inte använda komprimeringsalgoritmen \"%s\" när du är i %s-läget\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "misslyckades med att initialisera tillitsdatabasen: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"VARNING: mottagare (-r) angivna utan att använda publik nyckel-kryptering\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [filnamn]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [filnamn]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "symmetrisk kryptering av \"%s\" misslyckades: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [filnamn]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [filnamn]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr "du kan inte använda --symmetric --encrypt med --s2k-mode 0\n"
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "du kan inte använda --symmetric --encrypt i %s-läget\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [filnamn]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [filnamn]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [filnamn]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr "du kan inte använda --symmetric --sign --encrypt med --s2k-mode 0\n"
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr ""
+"du kan inte använda --symmetric --sign --encrypt när du är i %s-läget\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [filnamn]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [filnamn]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [filnamn]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key användaridentitet"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key användaridentitet"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key användaridentitet [kommandon]"
+
+#: g10/gpg.c:3629
+msgid "--passwd <user-id>"
+msgstr "--passwd <användaridentitet>"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "sändning till nyckelservern misslyckades: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "hämtning från nyckelservern misslyckades: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "export av nyckeln misslyckades: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "sökning på nyckelservern misslyckades: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "uppdatering av nyckeln från en nyckelserver misslyckades: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "misslyckades med att ta bort ASCII-skalet: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "misslyckades med att skapa ASCII-skal: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "ogiltig kontrollsummealgoritm \"%s\"\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[filnamn]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Skriv ditt meddelande här ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "den angivna URL som beskriver certifieringsspolicy är ogiltig\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "den angivna URL som beskriver signaturpolicy är ogiltig\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "den angivna föredragna nyckelserver-url:n är ogiltig\n"
+
+#: g10/gpgv.c:74
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "|FIL|ta nycklarna från nyckelringen FIL "
+
+# Med detta kommando ger gnupg enbart en varning när ett meddelande är tidsstämplat i framtiden. Annars avslutas gnupg med ett felmeddelande.
+# Kommandot är avsett att användas i "near online system".
+# Krav från RIPE.
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "utfärda enbart en varning när tidsstämpeln är orimlig"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|skriv statusinformation till denna FD"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Användning: gpgv [flaggor] [filer] (-h för hjälp)"
+
+#: g10/gpgv.c:119
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Syntax: gpgv [flaggor] [filer]\n"
+"Kontrollera signaturer mot kända, pålitliga nycklar\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Det finns ingen hjälp tillgänglig"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Det finns ingen hjälp tillgänglig för \"%s\""
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr "importera signaturer som är markerade som endast lokala"
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr "reparera skada från pks-nyckelservern under importering"
+
+#: g10/import.c:98
+msgid "do not update the trustdb after import"
+msgstr "uppdatera inte tillitsdatabasen efter importering"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr "skapa en publik nyckel när en hemlig nyckel importeras"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr "acceptera endast uppdateringar till befintliga nycklar"
+
+#: g10/import.c:104
+msgid "remove unusable parts from key after import"
+msgstr "ta bort oanvändbara delar från nyckeln efter importering"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr "ta bort så mycket som möjligt från nyckeln efter importering"
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "hoppar över block av typen %d\n"
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "%lu nycklar behandlade än så länge\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Totalt antal behandlade enheter: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " överhoppade nya nycklar: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " utan användaridentiteter: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " importerade: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " oförändrade: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " nya användaridentiteter: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " nya undernycklar: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " nya signaturer: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " nya nyckelspärrningar: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " antal lästa hemliga nycklar: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " importerade hemliga nycklar: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " oförändrade hemliga nycklar: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " inte importerade: %lu\n"
+
+#: g10/import.c:323
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " signaturer rensade: %lu\n"
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " användaridentiteter rensade: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+"VARNING: nyckeln %s innehåller inställningar för otillgängliga\n"
+"algoritmer för dessa användaridentiteter:\n"
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " \"%s\": inställning för chifferalgoritmen %s\n"
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " \"%s\": inställning för sammandragsalgoritmen %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " \"%s\": inställning för komprimeringsalgoritmen %s\n"
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "det rekommenderas starkt att du uppdaterar dina inställningar\n"
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+"och distribuerar denna nyckel igen för att undvika tänkbara problem\n"
+"med att algoritmerna inte stämmer\n"
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+"du kan uppdatera dina inställningar med: gpg --edit-key %s updpref save\n"
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "nyckel %s: ingen användaridentitet\n"
+
+# Undernyckeln är skadad på HKP-servern. Vanligt fel vid många undernycklar.
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "nyckeln %s: PKS-skadad undernyckel reparerades\n"
+
+# vad innebär fnutten i slutet?
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "nyckel %s: accepterade icke-självsignerad användaridentitet \"%s\"\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "nyckel %s: inga giltiga användaridentiteter\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "detta kan bero på att det saknas en självsignatur\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "nyckel %s: hittade ingen publik nyckel: %s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "nyckel %s: ny nyckel - hoppade över\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "hittade ingen nyckelring som gick att skriva till: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "skriver till \"%s\"\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "fel vid skrivning av nyckelringen \"%s\": %s\n"
+
+# fixme: I appended the %s -wk
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "nyckel %s: publika nyckeln \"%s\" importerades\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "nyckel %s: stämmer inte mot vår lokala kopia\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "nyckel %s: kan inte hitta det ursprungliga nyckelblocket: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "nyckel %s: kan inte läsa det ursprungliga nyckelblocket %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "nyckel %s: \"%s\" 1 ny användaridentitet\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "nyckel %s: \"%s\" %d nya användaridentiteter\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "nyckel %s: \"%s\" 1 ny signatur\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "nyckel %s: \"%s\" %d nya signaturer\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "nyckel %s: \"%s\" 1 ny undernyckel\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "nyckel %s: \"%s\" %d nya undernycklar\n"
+
+#: g10/import.c:980
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "nyckel %s: \"%s\" %d signatur rensad\n"
+
+#: g10/import.c:983
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "nyckel %s: \"%s\" %d signaturer rensade\n"
+
+#: g10/import.c:986
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "nyckel %s: \"%s\" %d användaridentitet rensad\n"
+
+#: g10/import.c:989
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "nyckel %s: \"%s\" %d användaridentiteter rensade\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "nyckel %s: \"%s\" inte ändrad\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "nyckel %s: hemlig nyckel med ogiltigt chiffer %d - hoppade över\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "import av hemliga nycklar tillåts inte\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "ingen hemlig nyckelring angiven som standard: %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "nyckel %s: hemlig nyckel importerades\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "nyckel %s: finns redan i hemliga nyckelringen\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "nyckel %s: hittade inte hemlig nyckel: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr "nyckel %s: ingen publik nyckel - kan inte verkställa spärrcertifikat\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "nyckel %s: ogiltigt spärrcertifikat: %s - avvisat\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "nyckel %s: \"%s\" spärrcertifikat importerat\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "nyckel %s: ingen användaridentitet för signaturen\n"
+
+# fixme: I appended the %s -wk
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"nyckel %s: algoritmen för publika nycklar stöds inte för "
+"användaridentiteten \"%s\"\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "nyckel %s: ogiltig självsignatur på användaridentiteten \"%s\"\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "nyckel %s: algoritmen för publika nycklar stöds inte\n"
+
+#: g10/import.c:1484
+#, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "nyckel %s: ogiltig direkt nyckelsignatur\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "nyckel %s: ingen undernyckel för nyckelbindning\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "nyckel %s: ogiltig undernyckelbindning\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "nyckel %s: tog bort flera undernyckelbindningar\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "nyckel %s: ingen undernyckel för nyckelspärrning\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "nyckel %s: ogiltig spärr av undernyckel\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "nyckel %s: tog bort flera spärrar av undernyckel\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "nyckel %s: hoppade över användaridentiteten \"%s\"\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "nyckel %s: hoppade över undernyckel\n"
+
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "nyckel %s: icke-exporterbar signatur (klass 0x%02X) - hoppade över\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "nyckel %s: spärrcertifikat på fel plats - hoppade över\n"
+
+# nyckeln eller certifikatet??
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "nyckel %s: ogiltigt spärrcertifikat: %s - hoppade över\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "nyckel %s: signatur på undernyckel på fel plats - hoppade över\n"
+
+# nyckeln eller klassen?
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "nyckel %s: oväntad signaturklass (0x%02X) - hoppade över\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr ""
+"nyckel %s: dubblett av användaridentiteten hittades - slog samman dem\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr "VARNING: nyckeln %s kan ha spärrats: hämtar spärrnyckeln %s\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr "VARNING: nyckeln %s kan ha spärrats: spärrnyckeln %s saknas.\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "nyckel %s: \"%s\" spärrcertifikat lades till\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "nyckel %s: lade till direkt nyckelsignatur\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr ""
+"OBSERVERA: serienumret för en nyckel stämmer inte med kortets serienummer\n"
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "OBSERVERA: primärnyckeln är ansluten och lagrad på kort\n"
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "OBSERVERA: sekundärnyckeln är ansluten och lagrad på kort\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "fel när nyckelringen \"%s\" skapades: %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "%s: nyckelring skapad\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "nyckelblockresurs \"%s\": %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "misslyckades med att återskapa nyckelringscache: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[spärr]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[självsignatur]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 felaktig signatur\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d felaktiga signaturer\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 signatur validerades inte eftersom nyckeln saknades\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d signaturer validerades inte eftersom nycklar saknades\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 signatur validerades inte eftersom ett fel uppstod\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d signaturer validerades inte eftersom fel uppstod\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "1 användaridentitet utan giltig självsignatur hittades\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "%d användaridentiteter utan giltiga självsignaturer hittades\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Bestäm hur mycket du litar på denna användare när det gäller att\n"
+"korrekt validera andra användares nycklar (genom att undersöka pass,\n"
+"undersöka fingeravtryck från olika källor, etc.)\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Jag litar marginellt\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Jag litar fullständigt\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"Ange djupet för den här tillitssignaturen.\n"
+"Ett djup större än 1 tillåter att nyckeln som du signerar kan\n"
+"skapa tillitssignaturer åt dig.\n"
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+"Ange en domän för att begränsa denna signatur. eller Enter för ingen.\n"
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "Användaridentiteten \"%s\" är spärrad."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Vill du verkligen fortfarande signera den? (j/N)"
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Kan inte signera.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "Giltighetstiden för användaridentiteten \"%s\" har gått ut."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "Användaridentiteten \"%s\" är inte självsignerad."
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "Användaridentiteten \"%s\" är signerbar. "
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr "Signera den? (j/N) "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"Självsignaturen på \"%s\"\n"
+"är en signatur av PGP 2.x-typ.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "Vill du göra om den till en självsignatur av OpenPGP-typ? (j/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Giltighetstiden för din nuvarande signatur på \"%s\"\n"
+"har gått ut.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+"Vill du skapa en ny signatur som ersätter den vars giltighetstid gått ut? (J/"
+"n) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Din nuvarande signatur på \"%s\"\n"
+"är en lokal signatur.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "Vill du ändra den till en fullständig exporterbar signatur? (j/N) "
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" var redan lokalt signerad med nyckeln %s\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" var redan signerad av nyckeln %s\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Vill du verkligen signera den igen ändå?(j/N)"
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Det finns inget att signera med nyckeln %s\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Giltighetstiden för denna nyckel har gått ut!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Denna nyckels giltighetstid går ut vid %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr ""
+"Vill du att giltighetstiden för signaturen ska upphöra vid samma tid? (J/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"Du kan inte göra en OpenPGP-signatur på en PGP 2.x-nyckel när du är i --pgp2-"
+"läge\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Detta skulle göra nyckeln oanvändbar i PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Hur noga har du kontrollerat att nyckeln du ska signera verkligen tillhör\n"
+"personen som nämns ovan? Om du inte vet vad du ska svara, svara \"0\".\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Jag vill inte svara.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Jag har inte kontrollerat alls.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Jag har gjort viss kontroll.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Jag har gjort en noggrann kontroll.%s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Ditt val? (skriv \"?\" för mer information): "
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Är du verkligen säker på att du vill signera denna nyckel\n"
+"med din nyckel \"%s\" (%s)\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "Detta kommer att bli en självsignatur.\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr "VARNING: signaturen kommer inte att markeras som icke-exporterbar.\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr "VARNING: signaturen kommer att markeras som icke-spärrbar.\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "Signaturen kommer att markeras som icke-exporterbar.\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "Signaturen kommer att märkas som icke möjlig att spärra.\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "Jag har inte kontrollerat denna nyckel alls.\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "Jag har gjort viss kontroll av denna nyckel.\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "Jag har gjort en noggrann kontroll av denna nyckel.\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "Verkligen signera? (j/N) "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "signeringen misslyckades: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+"Nyckeln har endast en stump eller nyckelobjekt på kortet - ingen lösenfras "
+"att ändra.\n"
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Denna nyckel är inte skyddad.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "De hemliga delarna av den primära nyckeln är inte tillgängliga.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Hemliga delar av den primära nyckeln är lagrade på kortet.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Nyckeln är skyddad.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Kan inte redigera denna nyckel: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Skriv in den nya lösenfrasen för den hemliga nyckeln.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "lösenfrasen repeterades inte korrekt; försök igen."
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Du vill inte ha någon lösenfras - detta är möjligen en *dålig* idé!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "Vill du verkligen göra detta? (j/N) "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "flyttar en nyckelsignatur till den rätta platsen\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "spara och avsluta"
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr "visa nyckelns fingeravtryck"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "lista nycklar och användaridentiteter"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "välj användaridentiteten N"
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr "välj undernyckel N"
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr "kontrollera signaturer"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+"signera valda användaridentiteter [* se nedan för relaterade kommandon]"
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr "signera valda användaridentiteter lokalt"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr "signera valda användaridentiteter med en tillitssignatur"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr "signera valda användaridentiteter med en icke-spärrbar signatur"
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "lägg till en användaridentitet"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "lägg till ett foto-id"
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr "ta bort valda användaridentiteter"
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr "lägg till en undernyckel"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr "lägg till en nyckel till ett smartkort"
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr "flytta en nyckel till ett smartkort"
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr "flytta en nyckelkopia till ett smartkort"
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr "ta bort valda undernycklar"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "lägg till en spärrnyckel"
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr "ta bort signaturer från valda användaridentiteter"
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "ändra utgångsdatumet för nyckeln eller valda undernycklar"
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr "flagga vald användaridentitet som primär"
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr "växla mellan att lista hemliga och publika nycklar"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "lista inställningar (expertläge)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "lista inställningar (utförligt)"
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr "ställ in inställningslista för valda användaridentiteter"
+
+#: g10/keyedit.c:1453
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr ""
+"ställ in url till föredragen nyckelserver för valda användaridentiteter"
+
+#: g10/keyedit.c:1455
+msgid "set a notation for the selected user IDs"
+msgstr "ställ in en notation för valda användaridentiteter"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "ändra lösenfrasen"
+
+# originalet borde ha ett value
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "ändra ägartillitsvärdet"
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr "spärra signaturer på valda användaridentiteter"
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr "spärra valda användaridentiteter"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr "spärra nyckel eller valda undernycklar"
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr "aktivera nyckel"
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr "inaktivera nyckel"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr "visa valda foto-id:n"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+"komprimera oanvändbara användaridentiteter och ta bort oanvändbara "
+"signaturer från nyckeln"
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+"komprimera oanvändbara användaridentiteter och ta bort alla signaturer från "
+"nyckeln"
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "fel vid läsning av hemligt nyckelblock \"%s\": %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Den hemliga nyckeln finns tillgänglig.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Den hemliga nyckeln behövs för att göra detta.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "Använd kommandot \"toggle\" först.\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* Kommandot \"sign\" kan inledas med ett \"l\" för lokal signaturer "
+"(lsign),\n"
+" ett \"t\" för tillitssignaturer (tsign), ett \"nr\" för icke-sprärrbara "
+"signaturer\n"
+" (nrsign), eller en kombination av dessa (ltsign, tnrsign, etc.).\n"
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "Nyckeln är spärrad."
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Verkligen signera alla användaridentiteter? (j/N) "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Tips: Välj de användaridentiteter som du vill signera\n"
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "Okänd signaturtyp \"%s\"\n"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Detta kommando är inte tillåtet när du är i %s-läge.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Du måste välja åtminstone en användaridentitet.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Du kan inte ta bort den sista användaridentiteten!\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Verkligen ta bort alla valda användaridentiteter? (j/N) "
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "Verkligen ta bort denna användaridentitet? (j/N) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr "Verkligen flytta den primära nyckeln? (j/N) "
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "Du måste välja exakt en nyckel.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr "Kommandot förväntar ett filnamnsargument\n"
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "Kan inte öppna \"%s\": %s\n"
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "Fel vid läsning av säkerhetskopierad nyckel från \"%s\": %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Du måste välja åtminstone en nyckel.\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Vill du verkligen ta bort de valda nycklarna? (j/N) "
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Vill du verkligen ta bort denna nyckel? (j/N) "
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Verkligen spärra alla valda användaridentiteter? (j/N) "
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Verkligen spärra denna användaridentitet? (j/N) "
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Vill du verkligen spärra hela nyckeln? (j/N) "
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Vill du verkligen spärra de valda undernycklarna? (j/N) "
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Vill du verkligen spärra denna undernyckel? (j/N) "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+"Ägartillit får inte ställas in när en tillitsdatabas används som användaren "
+"tillhandahåller\n"
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "Ställ in inställningslista till:\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+"Vill du verkligen uppdatera inställningarna för valda användaridentiteter? "
+"(j/N) "
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "Vill du verkligen uppdatera inställningarna? (j/N) "
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "Spara ändringar? (j/N) "
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "Avsluta utan att spara? (j/N) "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "uppdateringen misslyckades: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "misslyckades med att uppdatera hemligheten: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Nyckeln är oförändrad så det behövs ingen uppdatering.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Sammandrag: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Funktioner: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr "Nyckelserver no-modify"
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr "Föredragen nyckelserver: "
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+msgid "Notations: "
+msgstr "Notationer: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr ""
+"Du kan inte ange några inställningar för en användaridentitet av PGP 2.x-"
+"typ.\n"
+
+#: g10/keyedit.c:2810
+#, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Följande nyckel blev spärrad den %s av %s nyckel %s\n"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Den här nyckeln kan vara spärrad av %s nyckel %s"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr "(känsligt)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "skapat: %s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "spärrad: %s"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "utgånget: %s"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "går ut: %s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "användning: %s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr "tillit: %s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "giltighet: %s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Denna nyckel har stängts av"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr "kortnummer: "
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Observera! Den visade nyckelgiltigheten kan vara felaktig\n"
+"såvida inte du startar om programmet.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "spärrad"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "utgånget"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"VARNING: ingen användaridentitet har markerats som primär.\n"
+"Detta kommando kan göra att en annan användaridentitet antas\n"
+"vara den primära identiteten.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"VARNING: Detta är en nyckel av PGP2-typ. Om du lägger till ett foto-id kan\n"
+" vissa versioner av PGP avvisa denna nyckel.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Vill du verkligen fortfarande lägga till den? (j/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "Du kan inte lägga till ett foto-id till en nyckel av PGP 2-typ.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Vill du radera denna korrekta signatur? (j/N/a)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Vill du radera denna ogiltiga signatur? (j/N/a)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Vill du radera denna okända signatur? (j/N/a)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Verkligen ta bort denna självsignatur? (j/N)"
+
+# skulle lika gärna kunna heta 1 signatur va?
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Raderade %d signatur.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "Raderade %d signaturer.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Ingenting raderat.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "ogiltigt"
+
+#: g10/keyedit.c:3357
+#, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "Användaridentiteten \"%s\" komprimerad: %s\n"
+
+#: g10/keyedit.c:3364
+#, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "Användaridentitet \"%s\": %d signaturer borttagna\n"
+
+#: g10/keyedit.c:3365
+#, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "Användaridentitet \"%s\": %d signaturer borttagna\n"
+
+#: g10/keyedit.c:3373
+#, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "Användaridentitet \"%s\": redan minimerad\n"
+
+#: g10/keyedit.c:3374
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "Användaridentitet \"%s\": redan rensad\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"VARNING: Detta är en PGP 2.x-nyckel. Om du lägger till en spärrnyckel kan "
+"denna\n"
+" nyckel inte användas i vissa versioner av PGP.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "Du får inte lägga till en spärrnyckel för en PGP 2.x-nyckel.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Ange användaridentiteten för spärrnyckeln: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "det går inte att använda en PGP 2.x-nyckel som spärrnyckel\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "du kan inte ange en nyckel som sin egen spärrnyckel\n"
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr "den här nyckeln har redan markerats som en spärrnyckel\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr "VARNING: det går aldrig att ångra om du utser en spärrnyckel!\n"
+
+# designated = angiven (utnämnd, utpekad, bestämd, utsedd, avsedd, angiven, designerad)
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Är du säker på att du vill använda den här nyckeln för spärrning? (j/N) "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Tag bort markeringar från de hemliga nycklarna.\n"
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr "Välj som mest en undernyckel.\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Ändrar utgångstid för en undernyckel.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Ändrar giltighetstid för den primära nyckeln.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Du kan inte ändra giltighetsdatum för en v3-nyckel\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Det finns ingen motsvarande signatur i den hemliga nyckelringen\n"
+
+# Vad betyder det?
+#: g10/keyedit.c:3800
+#, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "signeringsundernyckeln %s är redan korscertifierad\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr "undernyckeln %s signerar inte och behöver inte korscertifieras\n"
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Välj endast en användaridentitet.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "hoppar över v3-självsignatur på användaridentiteten \"%s\"\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr "Ange din föredragna nyckelserver-url: "
+
+# Obs! Syftar på bildfilen med ditt foto. Meddelandet visas om du valt en mycket stor fil.
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Är du säker på att du vill ersätta det? (j/N) "
+
+# Obs! Syftar på bildfilen med ditt foto. Meddelandet visas om du valt en mycket stor fil.
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Är du säker på att du vill ta bort det? (j/N) "
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr "Ange notationen: "
+
+#: g10/keyedit.c:4471
+msgid "Proceed? (y/N) "
+msgstr "Fortsätt? (j/N) "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Ingen användaridentitet med indexet %d\n"
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Ingen användaridentitet med hashen %s\n"
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "Ingen undernyckel med indexet %d\n"
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "användaridentitet: \"%s\"\n"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "signerat av din nyckel %s den %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (icke exporterbar)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Denna signatur gick ut den %s.\n"
+
+# nyckel? signatur?
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Är du säker på att du fortfarande vill spärra den? (j/N)"
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Vill du skapa ett spärrcertifikat för denna signatur? (j/N)"
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr "Inte signerad av dig.\n"
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Du har signerat följande användaridentiteter med nyckeln %s:\n"
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (inte spärrbar)"
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "spärrad av din nyckel %s den %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Du är på väg att spärra dessa signaturer:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Vill du verkligen skapa spärrcertifikatet? (j/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "ingen hemlig nyckel\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "användaridentiteten \"%s\" är redan spärrad\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+"VARNING: en signatur på en användaridentitet är daterad %d sekunder in i "
+"framtiden\n"
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "Nyckeln %s är redan spärrad.\n"
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "Undernyckeln %s är redan spärrad.\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "Visar %s foto-id med storleken %ld för nyckeln %s (uid %d)\n"
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "inställningen \"%s\" förekommer flera gånger\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "för många chifferinställningar\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "för många sammandragsinställningar\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "för många komprimeringsinställningar\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "ogiltig post \"%s\" i inställningssträngen\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "skriver direkt signatur\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "skriver självsignatur\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "skriver signatur knuten till nyckeln\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "ogiltig nyckelstorlek; använder %u bitar\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "nyckelstorleken avrundad uppåt till %u bitar\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+"VARNING: vissa OpenPGP-program kan inte hantera en DSA-nyckel med den här "
+"sammandragsstorleken\n"
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "Signera"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr "Certifiera"
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "Kryptera"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "Autentisera"
+
+# S = Signera
+# K = Kryptera
+# A = Authentisera
+# Q = Avsluta
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr "SsKkAaQq"
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "Möjliga åtgärder för en %s-nyckel: "
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr "För närvarande tillåtna åtgärder: "
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) Växla signeringsförmågan\n"
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) Växla krypteringsförmågan\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) Växla autentiseringsförmågan\n"
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) Färdig\n"
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Välj vilken typ av nyckel du vill ha:\n"
+
+#: g10/keygen.c:1689
+#, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) RSA och RSA (standard)\n"
+
+#: g10/keygen.c:1691
+#, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA och Elgamal\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (endast signering)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (endast signering)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) Elgamal (endast kryptering)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (endast kryptering)\n"
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (ställ in dina egna förmågor)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (ställ in dina egna förmågor)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "%s-nycklar kan vara mellan %u och %u bitar långa.\n"
+
+#: g10/keygen.c:1820
+#, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Vilken nyckelstorlek vill du använda för undernyckeln? (%u) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Vilken nyckelstorlek vill du ha? (%u) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Den efterfrågade nyckelstorleken är %u bitar\n"
+
+# borde kolla upp möjligheterna i källkoden att använda v m å istället för wmy
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Specificera hur länge nyckeln skall vara giltig.\n"
+" 0 = nyckeln blir aldrig ogiltig\n"
+" <n> = nyckeln blir ogiltig efter n dagar\n"
+" <n>w = nyckeln blir ogiltig efter n veckor\n"
+" <n>m = nyckeln blir ogiltig efter n månader\n"
+" <n>y = nyckeln blir ogiltig efter n år\n"
+
+# borde kolla upp möjligheterna i källkoden att använda v m å istället för wmy
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Specificera hur länge nyckeln skall vara giltig.\n"
+" 0 = signaturen blir aldrig ogiltig\n"
+" <n> = signaturen blir ogiltig efter n dagar\n"
+" <n>w = signaturen blir ogiltig efter n veckor\n"
+" <n>m = signaturen blir ogiltig efter n månader\n"
+" <n>y = signaturen blir ogiltig efter n år\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "För hur lång tid ska nyckeln vara giltig? (0) "
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Signaturen är giltig hur länge? (%s) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "ogiltigt värde\n"
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr "Nyckeln går aldrig ut\n"
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr "Signaturen går aldrig ut\n"
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "Nyckeln går ut %s\n"
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "Signaturen går ut %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Ditt system kan inte visa datum senare än år 2038.\n"
+"Datum fram till år 2106 kommer dock att hanteras korrekt.\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "Stämmer detta? (j/N) "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+"\n"
+"GnuPG behöver konstruera en användaridentitet för att identifiera din "
+"nyckel.\n"
+"\n"
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Du behöver en användaridentitet för att identifiera din nyckel; "
+"programvaran\n"
+"konstruerar en användaridentitet från verkligt namn, kommentar och e-"
+"postadress\n"
+"enligt följande format: \n"
+" \"Gustav Vasa (Brutal kung) <gustav@trekronor.se>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Namn: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Ogiltigt tecken i namnet\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Namnet får inte börja med en siffra\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Namnet måste vara åtminstone 5 tecken långt\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "E-postadress: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "E-postadressen är ogiltig\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Kommentar: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Ogiltigt tecken i kommentaren\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Du använder teckentabellen \"%s\"\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Du valde följande ANVÄNDAR-ID:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "Ange inte e-postadressen som namn eller kommentar\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr "En sådan användaridentitet finns redan på denna nyckel!\n"
+
+# Ej solklart vad förkortningarna står för
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnKkEeOoAa"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Ändra (N)amn, (K)ommentar, (E)post eller (A)vsluta? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "Ändra (N)amn, (K)ommentar, (E)post eller (O)k/(A)vsluta? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Rätta först felet\n"
+
+# fel kapitalisering i originalet?
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Du behöver en lösenfras för att skydda din hemliga nyckel\n"
+"\n"
+
+#: g10/keygen.c:2276
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+"Ange en lösenfras för att skydda säkerhetskopian av den nya "
+"krypteringsnyckeln."
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Du vill inte ha någon lösenfras - det är möjligen en *dålig* idé!\n"
+"Jag kommer att göra det ändå. Du kan ändra din lösenfras när som helst\n"
+"om du använder detta program med flaggan \"--edit-key\".\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Vi behöver generera ett stor mängd slumpmässig data. Det är en bra idé\n"
+"att göra något annat (skriva på tangentbordet, röra musen, använda\n"
+"hårddisken) under primtalsgenereringen; detta ger slumptalsgeneratorn\n"
+"en större chans att samla ihop en tillräcklig mängd slumpmässig data.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Skapandet av nycklar avbröts.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "skriver den publika nyckeln till \"%s\"\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "skriver hemliga nyckelstumpen till \"%s\"\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "skriver hemlig nyckel till \"%s\"\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "ingen skrivbar publik nyckelring hittades: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "ingen skrivbar hemlig nyckelring hittades: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "fel vid skrivning av publika nyckelringen \"%s\": %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "fel vid skrivning av hemliga nyckelringen \"%s\": %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "den publika och den hemliga nyckeln är skapade och signerade.\n"
+
+# Flagga.. inte kommando
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Observera att denna nyckel inte kan användas för kryptering. Du kanske\n"
+"vill använda flaggan \"--edit-key\" för att skapa en undernyckel för detta "
+"syfte.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Nyckelgenereringen misslyckades: %s\n"
+
+# c-format behövs inte i singularis
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"nyckeln är skapad %lu sekund in i framtiden (problemet är\n"
+"relaterat till tidsresande eller en felställd klocka)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"nyckeln är skapad %lu sekunder in i framtiden (problemet är\n"
+"relaterat till tidsresande eller en felställd klocka)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "OBS: att skapa undernycklar till v3-nycklar bryter mot OpenPGP\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "Verkligen skapa? (j/N) "
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "misslyckades med att lagra nyckeln på kortet: %s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "kan inte skapa säkerhetskopian \"%s\": %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "OBSERVERA: säkerhetskopia av kortnyckeln sparades i \"%s\"\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "aldrig"
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Viktig signaturpolicy: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Signaturpolicy: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr "Föredragen kritisk nyckelserver: "
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Kritisk signaturnotation: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Signaturnotation: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Nyckelring"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Primära nyckelns fingeravtryck:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Undernyckelns fingeravtryck:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr "Primära nyckelns fingeravtryck:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Undernyckelns fingeravtryck:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr "Nyckelns fingeravtryck ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr " Kortets serienr ="
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "namnbyte från \"%s\" till \"%s\" misslyckades: %s\n"
+
+# Enligt Werner uppstår detta om något går snett när den hemliga nyckeln uppdateras.
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "VARNING: det finns 2 filer med konfidentiell information.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s är den oförändrade\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s är den nya\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Lös detta potentiella säkerhetsproblem\n"
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "mellanlagrar nyckelringen \"%s\"\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "%lu nycklar mellanlagrade än så länge (%lu signaturer)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu nycklar mellanlagrade (%lu signaturer)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: nyckelring skapad\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr "inkludera spärrade nycklar i sökresultatet"
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr "inkludera undernycklar vid sökning efter nyckel-id"
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+"använd temporärfiler för att skicka data till nyckelserverns hjälpprogram"
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr "ta inte bort temporärfiler efter de använts"
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr "hämta automatiskt nycklar vid validering av signaturer"
+
+#: g10/keyserver.c:85
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "respektera föredragen nyckelserver-url inställd i nyckeln"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr "respektera PKA-posten inställd på en nyckel när nycklar hämtas"
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"VARNING: nyckelserverflaggan \"%s\" används inte på den här plattformen\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "inaktiverad"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "Ange nummer, N)ästa, eller Q) för Avsluta > "
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "ogiltigt nyckelserverprotokoll (vi %d!=hanterare %d)\n"
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "nyckeln \"%s\" hittades inte på nyckelservern\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "nyckeln hittades inte på nyckelservern\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "begär nyckeln %s från %s-servern %s\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "begär nyckeln %s från %s\n"
+
+#: g10/keyserver.c:1205
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "söker efter namn från %s-servern %s\n"
+
+#: g10/keyserver.c:1208
+#, c-format
+msgid "searching for names from %s\n"
+msgstr "söker efter namn från %s\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "skickar nyckeln %s till %s-servern %s\n"
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "skickar nyckeln %s till %s\n"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "söker efter \"%s\" från %s-servern %s\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "söker efter \"%s\" från %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr "ingen nyckelserveråtgärd!\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr "VARNING: nyckelserverhanteraren från en annan version av GnuPG (%s)\n"
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "nyckelserver skickade inte VERSION\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "ingen nyckelserver är känd (använd flaggan --keyserver)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr "externa anrop till nyckelserver stöds inte i detta bygge\n"
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "ingen hanterare för nyckelserverschemat \"%s\"\n"
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr "åtgärden \"%s\" stöds inte med nyckelserverschemat \"%s\"\n"
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "%s har inte stöd för hanterarversionen %d\n"
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "tidsgräns överstigen för nyckelserver\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "internt fel i nyckelserver\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "kommunikationsfel mot nyckelserver: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "\"%s\" inte ett nyckel-id: hoppar över\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "VARNING: kunde inte uppdatera nyckeln %s via %s: %s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "uppdaterar 1 nyckel från %s\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "uppdaterar %d nycklar från %s\n"
+
+#: g10/keyserver.c:1987
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "VARNING: kunde inte hämta uri:n %s: %s\n"
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "VARNING: kunde inte tolka uri:n %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "egendomlig storlek på en krypterad sessionsnyckel (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s krypterad sessionsnyckel\n"
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "lösenfras genererad med okänd sammandragsalgoritm %d\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "publik nyckel är %s\n"
+
+# Men jag ändrade så det blev närmare originalet. Per
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "Data krypterat med publik nyckel: korrekt DEK\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "krypterad med %u-bitars %s-nyckel, id %s, skapad %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " \"%s\"\n"
+
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "krypterad med %s-nyckel, id %s\n"
+
+# Motsatsen till kryptering med symmetrisk nyckel.
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "dekryptering med publik nyckel misslyckades: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "krypterad med %lu lösenfraser\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "krypterad med with 1 lösenfras\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "antar att %s krypterade data\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+"IDEA-chiffer är inte tillgängligt. Försöker optimistiskt att använda %s "
+"istället\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "dekrypteringen lyckades\n"
+
+# Äldre krypteringalgoritmer skapar ingen mdc dvs. "minisignatur" som skyddar mot att delar av den krypterade texten byts ut/tas bort. Alla nya 128-bitars algoritmer använder mdc: AES, AES192, AES256, BLOWFISH.
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "VARNING: detta meddelande var inte integritetsskyddat\n"
+
+# Meddelandet innebär alltså att kontrollen av mdc visade att meddelandet förändrats/manipulerats sedan det krypterades. Block kan ha tagits bort eller bytts ut.
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "VARNING: det krypterade meddelandet har ändrats!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr "tömde mellanlagrad lösenfras med ID: %s\n"
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "dekrypteringen misslyckades: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "OBS: avsändaren begärde \"endast-för-dina-ögon\"\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "ursprungligt filnamn=\"%.*s\"\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr "VARNING: multipla klartexter har påträffats\n"
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr ""
+"fristående spärrcertifikat - använd \"gpg --import\" för\n"
+"att verkställa\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+msgid "no signature found\n"
+msgstr "ingen signatur hittades\n"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "signaturvalidering utlämnad\n"
+
+#: g10/mainproc.c:1587
+msgid "can't handle this ambiguous signature data\n"
+msgstr "kan inte hantera detta tvetydliga signaturdata\n"
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "Signatur gjord %s\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " med %s-nyckeln %s\n"
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "Signatur gjordes %s med %s nyckel-id %s\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Nyckeln tillgänglig hos: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "FELAKTIG signatur från \"%s\""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Utgången signatur från \"%s\""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "Korrekt signatur från \"%s\""
+
+# Visas vid ogiltig signatur:
+# Eftersom signaturen är ogiltig kan man inte vara säker på att angivet namn och nyckel-id är riktigt.
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[osäkert]"
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " även känd som \"%s\""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Giltighetstiden för signaturen har upphört %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Giltighetstiden för signaturen går ut %s\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s signatur, sammandragsalgoritm %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "binär"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "textläge"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "okänd"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Kan inte kontrollera signaturen: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "detta är inte någon signatur i en separat fil\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr ""
+"VARNING: multipla signaturer upptäckta. Endast den första kommer att "
+"kontrolleras.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "fristående signatur av klassen 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "signatur av den gamla (PGP 2.x) typen\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "ogiltigt rotpaket hittades i proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "fstat för \"%s\" misslyckades i %s: %s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "fstat(%d) misslyckades i %s: %s\n"
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "VARNING: använder experimentella algoritmen %s för publik nyckel\n"
+
+#: g10/misc.c:302
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "VARNING: Elgamal-nycklar för kryptering/signering är föråldrade\n"
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "VARNING: använder experimentella chifferalgoritmen %s\n"
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "VARNING: använder experimentella sammandragsalgoritmen %s\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "VARNING: sammandragsalgoritmen %s är föråldrad\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "insticksmodul för IDEA-chiffer är inte installerat\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, c-format
+msgid "please see %s for more information\n"
+msgstr "se %s för mer information\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: flaggan är föråldrad \"%s\"\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "VARNING: inställningen \"%s\" är föråldrad\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "Använd \"%s%s\" istället\n"
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "VARNING: \"%s\" är ett föråldrat kommando - använd det inte\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr "%s:%u: föråldrad flagga \"%s\" - den har ingen effekt\n"
+
+#: g10/misc.c:787
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "VARNING: \"%s\" är en föråldrad flagga - den har ingen effekt\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "Okomprimerad"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr "okomprimerad|ingen"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "detta meddelande kanske inte kan användas av %s\n"
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "tvetydlig flagga \"%s\"\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "okänd flagga \"%s\"\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Filen \"%s\" finns. "
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "Skriv över? (j/N) "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: okänt suffix\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Ange nytt filnamn"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "skriver till standard ut\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "antar att signerad data finns i filen \"%s\"\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "ny konfigurationsfil \"%s\" skapad\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+"VARNING: inställningar i \"%s\" är ännu inte aktiva under denna körning\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "kan inte hantera algoritmen %d för publika nycklar\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr "VARNING: potentiellt osäker symmetriskt krypterad sessionsnyckel\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "underpaket av typen %d har den bit satt som markerar den som kritisk\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr "problem med agenten: %s\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (primära nyckelns id %s)"
+
+#: g10/passphrase.c:358
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Ange lösenfrasen för att låsa upp den hemliga nyckeln för OpenPGP-"
+"certifikatet:\n"
+"\"%.*s\"\n"
+"%u-bitars %s-nyckel, ID %s,\n"
+"skapad %s%s.\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Ange lösenfrasen\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "avbruten av användaren\n"
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"Du behöver en lösenfras för att låsa upp den hemliga\n"
+"nyckeln för användaren: \"%s\"\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-bitars %s-nyckel, id %s, skapad %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (undernyckel på primärt nyckel-id %s)"
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Välj en bild att använda som ditt foto-id. Bilden måste vara en JPEG-fil.\n"
+"Kom ihåg att bilden sparas inuti din publika nyckel: Om du väljer\n"
+"en mycket stor bild, så blir din nyckel också väldigt stor!\n"
+"Försök att använda en bild som har ungefär formatet 240x288 pixlar.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Skriv JPEG-filnamnet för foto-id: "
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "kunde inte öppna JPEG-filen \"%s\": %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "Den här JPEG-bilden är verkligen stor (%d byte)!\n"
+
+# Obs! Syftar på bildfilen med ditt foto. Meddelandet visas om du valt en mycket stor fil.
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Vill du verkligen använda den? (j/N)? "
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "\"%s\" är inte en JPEG-fil\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Är detta foto korrekt (j/N/a)? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "kan inte visa foto-id!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Ingen anledning har angivits"
+
+# tveksam översättning. funderar på "ersatt av något bättre" men det
+# känns inte heller bra. Betyder att nyckeln inte används längre, utan användaren har skapat en ny nyckel som ersätter den gamla.
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Nyckeln är åsidosatt"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Nyckeln har blivit komprometterad"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Nyckeln används inte längre"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "Användaridentiteten är inte längre giltig"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "anledning för spärrning: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "spärrningskommentar: "
+
+# ej kristallklart vad förkortningarna står för
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImHhAsS"
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "Inget tillitsvärde tilldelat till:\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " även känd som \"%s\"\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+"Hur mycket litar du på att nyckeln faktiskt tillhör den angivna användaren?\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = Jag vet inte eller kan inte säga något\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = Jag litar INTE\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Jag litar förbehållslöst\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " h = gå tillbaka till huvudmenyn\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " s = hoppa över denna nyckel\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " a = avsluta\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+"Minimum tillitsnivå för denna nyckel är: %s\n"
+"\n"
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Vad väljer du? "
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "Vill du verkligen ge denna nyckel förbehållslöst förtroende? (j/N) "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Certifikat som leder till en nyckel med förbehållslöst förtroende:\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Det finns inget som säger att nyckeln tillhör den angivna användaren\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Det finns viss information om att nyckeln tillhör den angivna "
+"användaren\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "Den här nyckel tillhör antagligen den namngivna användaren\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Denna nyckel tillhör oss\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"Det är INTE säkert att nyckeln tillhör den namngivna personen i\n"
+"användaridentiteten. Om du *verkligen* vet vad du gör, kan du svara\n"
+"ja på nästkommande fråga.\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "Vill du använda nyckeln ändå? (j/N) "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "VARNING: Använder en nyckel som inte är betrodd!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "VARNING: denna nyckel kan ha spärrats (spärrnyckeln saknas)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "VARNING: Denna nyckel har spärrats med sin spärrnyckel!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "VARNING: Denna nyckel har spärrats av sin ägare!\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " Detta kan betyda att signaturen är förfalskad.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "VARNING: Denna undernyckel har spärrats av sin ägare!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Obs: Denna nyckel har stängts av.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr "Observera: Validerad adress för signeraren är \"%s\"\n"
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr "Observera: Signerarens adress \"%s\" matchar inte DNS-objektet\n"
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr "trustlevel justerad till FULL på grund av giltig PKA-info\n"
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr "trustlevel justerad till NEVER på grund av felaktig PKA-info\n"
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Obs: Giltighetstiden för denna nyckel har gått ut!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "VARNING: Denna nyckel är inte certifierad med en pålitlig signatur!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+" Det finns inget som indikerar att signaturen tillhör ägaren.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "VARNING: Vi litar INTE på denna nyckel!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Signaturen är sannolikt en FÖRFALSKNING.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"VARNING: Denna nyckel är inte certifierad med signaturer med ett\n"
+"tillräckligt högt tillitsvärde!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Det är inte säkert att signaturen tillhör ägaren.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: hoppade över: %s\n"
+
+# överhoppad?
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: hoppades över: publik nyckel finns redan\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "Du angav ingen användaridentitet. (du kan använda \"-r\")\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr "Nuvarande mottagare:\n"
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Ange användaridentiteten. Avsluta med en tom rad: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Ingen sådan användaridentitet.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr ""
+"hoppade över: den publika nyckeln är redan inställd som standardmottagare\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Den publika nyckeln är inaktiverad.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "hoppade över: publik nyckel redan angiven\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "okänd standardmottagare \"%s\"\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: hoppades över: den publika nyckeln är inaktiverad\n"
+
+# plural av adressee
+# dvs. den som meddelandet är adresserat till.
+# Åtskillnad görs mellan adressee och receiver.
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "inga giltiga adressater\n"
+
+#: g10/pkclist.c:1503
+#, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "Observera: nyckeln %s har ingen %s-förmåga\n"
+
+#: g10/pkclist.c:1528
+#, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "Observera: nyckeln %s har ingen inställning för %s\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "data sparades inte, använd flaggan \"--output\" för att spara det\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Signatur i en separat fil.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Ange namnet på datafilen: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "läser från standard in ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "ingen signerad data\n"
+
+# se förra kommentaren
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "kan inte öppna signerat data \"%s\"\n"
+
+# se förra kommentaren
+#: g10/plaintext.c:607
+#, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "kan inte öppna signerad data fd=%d: %s\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "anonym mottagare; provar med den hemliga nyckeln %s ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "ok, vi är den anonyma mottagaren.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "gammal kodning av krypteringsnyckeln stöds inte\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "chifferalgoritmen %d%s är okänd eller inaktiverad\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr ""
+"VARNING: chifferalgoritmen %s hittades inte i mottagarinställningarna\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "OBSERVERA: hemliga nyckeln %s gick ut %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "OBSERVERA: nyckeln har spärrats"
+
+# Vad?
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet misslyckades: %s\n"
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "nyckeln %s har inga användaridentiteter\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Kommer att spärras av:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Detta är en känslig spärrnyckel)\n"
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "Skapa ett spärrcertifikat för denna nyckel? (j/N) "
+
+# --force översatt med:
+# genomdriv (använd alltid?)
+# -do-not-force översatt med:
+# genomdriv inte
+# I detta fall gäller det ett revokeringscertifikat, som gnupg alltid skapar i ASCII-format för att det ska gå att skriva ut.
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "utdata med ett ascii-skal genomdrivet.\n"
+
+# Vad menas???
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet misslyckades: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Spärrcertifikat skapat.\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "inga spärrnycklar hittades för \"%s\"\n"
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "hemliga nyckeln \"%s\" hittades inte: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "ingen motsvarande publik nyckel: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "publik nyckel passar inte ihop med den hemliga nyckeln!\n"
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Skapa ett spärrcertifikat för denna nyckel? (j/N) "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "okänd skyddsalgoritm\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "OBS: Denna nyckel är oskyddad!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Spärrcertifikat skapat.\n"
+"\n"
+"Var vänlig flytta det till ett media du kan gömma; om Mallory får\n"
+"tillgång till detta certifikatet kan han göra din nyckel oanvändbar.\n"
+"Det är klokt att skriva ut detta certifikat och gömma det, ifall ditt\n"
+"media blir oläsligt. Men se upp: Utskriftsfunktionen på\n"
+"din dator kan spara data så att det blir åtkomligt för andra!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Välj anledning till varför nyckeln spärras:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Avbryt"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Troligen vill du välja %d här)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Ange en valfri beskrivning; avsluta med en tom rad:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Anledning för spärrning: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(Ingen beskrivning angiven)\n"
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "Är detta OK? (j/N) "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "de hemliga nyckeldelarna är inte tillgängliga\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "skyddsalgoritmen %d%s stöds inte\n"
+
+# Skyddssammandraget låter underligt
+# Kontrollsumma?
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "skyddssammandraget %d stöds inte\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Ogiltig lösenfras; försök igen"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+# För vissa krypteringsalgoritmer är det känt att vissa svaga nycklar kan förekomma. Dessa ska aldrig användas. GnuPG vill på detta sätt hindra dig från att skapa en sådan nyckel.
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "VARNING: Upptäckte en svag nyckel - byt lösenfras igen.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"skapar den föråldrade 16-bit kontrollsumman för skydd av den hemliga "
+"nyckeln\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "skapade en svag nyckel - försöker igen\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"kan inte undvika en svag nyckel för symmetriskt chiffer;\n"
+"försökte %d gånger!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr "DSA kräver att hashlängden är delbar med 8 bitar\n"
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr "DSA-nyckeln %s använder en osäker hash (%u bitar)\n"
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr "DSA-nyckeln %s kräver en hash med %u bitar eller större\n"
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "VARNING: konflikt mellan signatursammandrag i meddelandet\n"
+
+# Vad betyder det?
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "VARNING: signeringsundernyckeln %s är inte korscertifierad\n"
+
+# cross-certification?
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr "VARNING signeringsundernyckel %s har en ogiltig korscertifiering\n"
+
+# behövs verkligen c-format här?
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "den publika nyckeln %s är %lu sekund nyare än signaturen\n"
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "den publika nyckeln %s är %lu sekunder nyare än signaturen\n"
+
+# c-format behövs inte i singularis
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"nyckeln %s skapades %lu sekund in i framtiden (tidsresande eller felinställd "
+"klocka)\n"
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"nyckeln %s skapades %lu sekunder in i framtiden (tidsresande eller "
+"felinställd klocka)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "OBSERVERA: signaturnyckeln %s gick ut %s\n"
+
+#: g10/sig-check.c:252
+#, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "OBSERVERA: signaturnyckeln %s har spärrats\n"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"antar felaktig signatur från nyckeln %s på grund av en okänd kritisk bit\n"
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "nyckel %s: ingen undernyckel med spärrsignatur för undernyckel\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "nyckeln %s: ingen undernyckel för signaturbindning av undernyckel\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"VARNING: kan inte %%-expandera anteckning (för stor). Använder den utan "
+"expansion.\n"
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"VARNING: kunde inte %%-expandera policy-url (för stor). Använder "
+"oexpanderad.\n"
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"VARNING: kunde inte %%-expandera url för föredragen nyckelserver (för "
+"stor). Använder oexpanderad.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "kontroll av den skapade signaturen misslyckades: %s\n"
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s signatur från: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"du kan bara skapa signaturer i en separat fil med nycklar av PGP 2.x-typ\n"
+"när du är i --pgp2-läge\n"
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"VARNING: tvinga sammandragsalgoritmen %s (%d) strider mot "
+"mottagarinställningarna\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "signerar:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"du kan bara göra klartextsignaturer med en PGP 2.x-nyckel\n"
+"när du är i --pgp2-läge\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "krypteringen %s kommer att användas\n"
+
+# Slumptalsgenerator: Random Number Generator
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"nyckeln är inte markerad som osäker - det går inte att använda den med "
+"fejkad slumptalsgenerator!\n"
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "hoppade över \"%s\": förekommer flera gånger\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "hoppade över \"%s\": %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "hoppade över: hemlig nyckel finns redan\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"det här är en PGP-genererad Elgamal-nyckel som inte är säker för signaturer!"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "tillitspost: %lu, typ %d: kunde inte skriva: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Skapat lista över tilldelade tillitsvärden %s\n"
+"# (Använd \"gpg --import-ownertrust\" för att återställa dem)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "fel i \"%s\": %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "raden är för lång"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr "kolon saknas"
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "ogiltigt fingeravtryck"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "värde för ägartillit saknas"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "fel vid sökning av tillitsvärde i \"%s\": %s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "läsfel i \"%s\": %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "tillitsdatabas: synkronisering misslyckades: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "tillitsdatabasposten %lu: lseek misslyckades: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "tillitsdatabasposten %lu: skrivning misslyckades (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "tillitsdatabastransaktion för stor\n"
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "kan inte komma åt \"%s\": %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: katalogen finns inte!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "kan inte skapa lås för \"%s\"\n"
+
+# se förra kommentaren
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "kan inte låsa \"%s\"\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: misslyckades med att skapa versionspost: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: ogiltig tillitsdatabas skapad\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: tillitsdatabas skapad\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "OBS: det går inte att skriva till tillitsdatabasen\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: ogiltig tillitsdatabas\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: misslyckades med att skapa kontrollsummetabell: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: fel vid uppdatering av versionspost: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: fel vid läsning av versionspost: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: fel vid skrivning av versionspost: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "tillitsdatabas: lseek misslyckades: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "tillitsdatabas: läsning misslyckades (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: detta är inte en tillitsdatabasfil\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: versionspost med postnummer %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: ogiltig filversion %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: fel vid läsning av ledig post: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: fel vid läsning av katalogpost: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: misslyckades med att nollställa en post: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: misslyckades med att lägga till en post: %s\n"
+
+#: g10/tdbio.c:1512
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "Fel: Tillitsdatabasen är skadad.\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "kan inte hantera text med rader längre än %d tecken\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "indataraden är längre än %d tecken\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "\"%s\" är inget giltigt långt nyckel-id\n"
+
+# trusted??
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "nyckel %s: accepterad som betrodd nyckel\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "nyckeln %s förekommer fler än en gång i tillitsdatabasen\n"
+
+# nyckeln?
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "nyckel %s: ingen publik nyckel för pålitlig nyckel - hoppades över\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "nyckeln %s är markerad med förbehållslöst förtroende\n"
+
+# req står för request
+# kollat med Werner. Per
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "tillitspost %lu, begäran av typ %d: kunde inte läsa: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "tillitsvärdet %lu är inte av begärd typ %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr "Du kan försöka att skapa tillitsdatabasen igen med dessa kommandon:\n"
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr "Referera till handboken om detta inte fungerar för dig\n"
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+"kunde inte använda okänd tillitsmodell (%d) - antar tillitsmodellen %s\n"
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr "använder tillitsmodellen %s\n"
+
+# Denna måste testas.
+# /* NOTE TO TRANSLATOR: these strings are similar to those in
+# trust_value_to_string(), but are a fixed length. This is needed to
+# make attractive information listings where columns line up
+# properly. The value "10" should be the length of the strings you
+# choose to translate to. This is the length in printable columns.
+# It gets passed to atoi() so everything after the number is
+# essentially a comment and need not be translated. Either key and
+# uid are both NULL, or neither are NULL. */
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr "15"
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr "[ spärrad ]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr "[ utgånget ]"
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr "[ okänt ]"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr "[ odefinierad ]"
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr "[ marginell ]"
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr "[ fullständig ]"
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr "[förbehållslös]"
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr "odefinierad"
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr "aldrig"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr "marginell"
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr "fullständig"
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr "förbehållslös"
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "det behövs ingen kontroll av tillitsdatabasen\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "nästa kontroll av tillitsdatabasen kommer att äga rum %s\n"
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr ""
+"det behövs ingen kontroll av tillitsdatabasen med tillitsmodellen \"%s\"\n"
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr ""
+"det behövs ingen uppdatering av tillitsdatabasen med tillitsmodellen \"%s\"\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "publika nyckeln %s hittades inte: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "gör en kontroll av tillitsdatabasen --check-trustdb\n"
+
+# originalet borde ha ett value
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "kontrollerar tillitsdatabasen\n"
+
+# Vad är detta!?
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d nycklar behandlade (%d validity counts rensade)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "hittade inga nycklar med förbehållslöst förtroende\n"
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "publik nyckel för förbehållslöst betrodda nyckeln %s hittades inte\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr "%d marginal(er) behövs, %d fullständig(a) behövs, tillitsmodell %s\n"
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+"djup: %d giltig: %3d signerad: %3d tillit: %d-, %dq, %dn, %dm, %df, %du\n"
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr ""
+"kunde inte uppdatera versionspost i tillitsdatabasen: skrivning "
+"misslyckades: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"signaturen kunde inte valideras.\n"
+"Kom ihåg att signaturfilen (.sig eller .asc)\n"
+"ska vara den först angivna filen på kommandoraden\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "raden %u är för lång, eller saknar nyradstecken\n"
+
+#: g10/verify.c:253
+#, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "kan inte öppna fd %d: %s\n"
+
+#: jnlib/argparse.c:180
+msgid "argument not expected"
+msgstr "argument förväntades inte"
+
+#: jnlib/argparse.c:182
+msgid "read error"
+msgstr "läsfel"
+
+#: jnlib/argparse.c:184
+msgid "keyword too long"
+msgstr "nyckelordet är för långt"
+
+#: jnlib/argparse.c:186
+msgid "missing argument"
+msgstr "argument saknas"
+
+#: jnlib/argparse.c:188
+msgid "invalid command"
+msgstr "ogiltigt kommando"
+
+#: jnlib/argparse.c:190
+msgid "invalid alias definition"
+msgstr "ogiltig aliasdefinition"
+
+#: jnlib/argparse.c:192
+msgid "out of core"
+msgstr "slut på minne"
+
+#: jnlib/argparse.c:194
+msgid "invalid option"
+msgstr "ogiltig flagga"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr "argument för flaggan \"%.50s\" saknas\n"
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr "flaggan \"%.50s\" förväntar sig inte ett argument\n"
+
+#: jnlib/argparse.c:207
+#, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "ogiltigt kommando \"%.50s\"\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr "flagga \"%.50s\" är tvetydig\n"
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr "kommandot \"%.50s\" är tvetydigt\n"
+
+#: jnlib/argparse.c:213
+msgid "out of core\n"
+msgstr "slut på minne\n"
+
+#: jnlib/argparse.c:215
+#, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "ogiltig flagga \"%.50s\"\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "du har hittat ett fel i programmet ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, c-format
+msgid "error loading `%s': %s\n"
+msgstr "fel vid inläsning av \"%s\": %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr "konvertering från \"%s\" till \"%s\" är inte tillgänglig\n"
+
+#: jnlib/utf8conv.c:131
+#, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "iconv_open misslyckades: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "konvertering från \"%s\" till \"%s\" misslyckades: %s\n"
+
+#: jnlib/dotlock.c:234
+#, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "misslyckades med att skapa temporärfilen \"%s\": %s\n"
+
+#: jnlib/dotlock.c:269
+#, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "fel vid skrivning till \"%s\": %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr "tar bort gammal låsfil (skapad av %d)\n"
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr " - antagligen död - tar bort lås"
+
+#: jnlib/dotlock.c:469
+#, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "väntar på lås (hålls av %d%s) %s...\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr "(dödläge?) "
+
+#: jnlib/dotlock.c:493
+#, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "låset \"%s\" gjordes inte: %s\n"
+
+#: jnlib/dotlock.c:501
+#, c-format
+msgid "waiting for lock %s...\n"
+msgstr "väntar på låset %s...\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr "ställ in felsökningsflaggor"
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr "aktivera fullständigt felsökningsläge"
+
+#: kbx/kbxutil.c:117
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Användning: kbxutil [flaggor] [filer] (-h för hjälp)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+"Syntax: kbxutil [flaggor] [filer]\n"
+"lista, exportera, importera nyckelskåpsdata\n"
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "RSA modulus saknas eller är inte %d bitar stor\n"
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "Publik RSA-exponent saknas eller större än %d bitar\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN-Ã¥teranrop returnerade fel: %s\n"
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr "NullPIN har ännu inte ändrats\n"
+
+#: scd/app-nks.c:1092
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "|N|Ange en ny PIN-kod för standardnycklarna."
+
+#: scd/app-nks.c:1093
+msgid "||Please enter the PIN for the standard keys."
+msgstr "||Ange PIN-koden för standardnycklarna."
+
+#: scd/app-nks.c:1099
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "|NP|Ange en ny upplåsningskod (PUK-kod) för standardnycklarna."
+
+#: scd/app-nks.c:1101
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "|P|Ange upplåsningskoden (PUK-kod) för standardnycklarna."
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+"|N|Ange en ny PIN-kod för nyckeln att skapa kvalificerade signaturer med."
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr "||Ange PIN-koden för nyckeln att skapa kvalificerade signaturer med."
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|NP|Ange en ny upplåsningskod (PUK-kod) för nyckeln att skapa kvalificerade "
+"signaturer med."
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|P|Ange upplåsningskoden (PUK-koden) för nyckeln att skapa kvalificerade "
+"signaturer med."
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "fel vid hämtning av ny PIN-kod: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "misslyckades med att lagra fingeravtrycket: %s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "misslyckades med att lagra datum för skapandet: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "läsning av publik nyckel misslyckades: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "svaret innehåller inte publikt nyckeldata\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "svaret innehåller inte en RSA-modulus\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "svaret innehåller inte den publika RSA-exponenten\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr "använder standard-PIN som %s\n"
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+"misslyckades med att använda standard-PIN som %s: %s - inaktiverar "
+"ytterligare standardanvändning\n"
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||Ange PIN-koden%%0A[signaturer kvar: %lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+msgid "||Please enter the PIN"
+msgstr "||Ange PIN-koden"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "PIN-kod för CHV%d är för kort; minimumlängd är %d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "validering av CHV%d misslyckades: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "fel vid hämtning av CHV-status från kort\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "kortet är låst permanent!\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr "%d försök för Admin PIN-koden återstår innan kortet låses permanent\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "|A|Ange administratörens PIN-kod%%0A[återstående försök: %d]"
+
+#: scd/app-openpgp.c:1680
+msgid "|A|Please enter the Admin PIN"
+msgstr "|A|Ange administratörens PIN-kod"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "åtkomst till administrationskommandon är inte konfigurerat\n"
+
+#: scd/app-openpgp.c:2035
+msgid "||Please enter the Reset Code for the card"
+msgstr "||Ange nollställningskoden för kortet"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "Nollställningskoden är för kort; minimumlängd är %d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr "|RN|Ny nollställningskod"
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr "|AN|Ny Admin PIN-kod"
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr "|N|Ny PIN-kod"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "fel vid läsning av programdata\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "fel vid läsning av fingeravtryckets DO\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "nyckeln finns redan\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "befintlig nyckel kommer att ersättas\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "genererar ny nyckel\n"
+
+#: scd/app-openpgp.c:2202
+msgid "writing new key\n"
+msgstr "skriver ny nyckel\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr "tidsstämpel för skapandet saknas\n"
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr "RSA-primtal %s saknas eller inte %d bitar stor\n"
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "misslyckades med att lagra nyckeln: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "var god vänta under tiden nyckeln genereras ...\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "nyckelgenereringen misslyckades\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "nyckelgenereringen är färdig (%d sekunder)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "ogiltig struktur för OpenPGP-kort (DO 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr "avtrycket på kortet stämmer inte med den begärda\n"
+
+#: scd/app-openpgp.c:3099
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "kortet har inte stöd för sammandragsalgoritmen %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "signaturer skapade hittills: %lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr ""
+"validering av Admin PIN-kod är för närvarande förbjudet genom detta "
+"kommando\n"
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "kan inte komma åt %s - ogiltigt OpenPGP-kort?\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr "||Knappa in din PIN-kod på läsarens knappsats"
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr "|N|Initial PIN-kod"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr "kör i multiserverläge (förgrund)"
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr "|NIVÅ|ställ in felsökningsnivån till NIVÅ"
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+msgid "|FILE|write a log to FILE"
+msgstr "|FIL|skriv en logg till FIL"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr "|N|anslut till läsare på port N"
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NAMN|använd NAMN som ct-API-drivrutin"
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NAMN|använd NAMN som PC/SC-drivrutin"
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr "använd inte den interna CCID-drivrutinen"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr "|N|koppla från kortet efter N sekunder inaktivitet"
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr "använd inte läsarens knappsats"
+
+#: scd/scdaemon.c:144
+msgid "deny the use of admin card commands"
+msgstr "neka användning av administratörskommandon för kort"
+
+#: scd/scdaemon.c:259
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Användning: scdaemon [flaggor] (-h för hjälp)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+"Syntax: scdaemon [flaggor] [kommando [argument]]\n"
+"Smartkortsdemon för GnuPG\n"
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr "använd flaggan \"--daemon\" för att köra programmet i bakgrunden\n"
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr "hanterare för fd %d startad\n"
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr "hanterare för fd %d avslutad\n"
+
+# överhoppad eller hoppades över?
+#: sm/base64.c:325
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "ogiltigt radix64-tecken %02x hoppades över\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "misslyckades med att förmedla %s-begäran till klient\n"
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr "ingen körande dirmngr - startar \"%s\"\n"
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "miljövariabeln DIRMNGR_INFO är felformaterad\n"
+
+#: sm/call-dirmngr.c:297
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "dirmngr-protokoll version %d stöds inte\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr "kan inte ansluta till dirmngr - försöker falla tillbaka\n"
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr "valideringsmodellen begärd av certifikat: %s"
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr "kedja"
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+msgid "shell"
+msgstr "skal"
+
+#: sm/certchain.c:258
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "kritiska certifikattillägget %s stöds inte"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr "utfärdarens certifikat är inte markerat som en CA"
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr "kritisk markerad policy utan konfigurerade policier"
+
+#: sm/certchain.c:345
+#, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "misslyckades med att öppna \"%s\": %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr "observera: icke-kritisk certifikatpolicy tillåts inte"
+
+#: sm/certchain.c:357 sm/certchain.c:386
+msgid "certificate policy not allowed"
+msgstr "certifikatpolicy tillåts inte"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr "slår upp utfärdare på extern plats\n"
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr "antal utfärdare som matchar: %d\n"
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr "slår upp utfärdare från Dirmngr-cachen\n"
+
+#: sm/certchain.c:585
+#, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "antal matchande certifikat: %d\n"
+
+#: sm/certchain.c:587
+#, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "uppslag av endast-mellanlagrad dirmngr-nyckel misslyckades: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+msgid "failed to allocated keyDB handle\n"
+msgstr "misslyckades med att allokera keyDB-hanterare\n"
+
+#: sm/certchain.c:925
+msgid "certificate has been revoked"
+msgstr "certifikatet har spärrats"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr "status för certifikatet är okänt"
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr "se till att \"dirmngr\" är korrekt installerat\n"
+
+#: sm/certchain.c:953
+#, c-format
+msgid "checking the CRL failed: %s"
+msgstr "kontroll mot spärrlistan misslyckades: %s"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "certifikat med felaktig giltighetstid: %s"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr "certifikatet är ännu inte giltigt"
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+msgid "root certificate not yet valid"
+msgstr "rotcertifikatet är ännu inte giltigt"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr "tillfälligt certifikat är ännu inte giltigt"
+
+#: sm/certchain.c:1012
+msgid "certificate has expired"
+msgstr "certifikatet har gått ut"
+
+#: sm/certchain.c:1013
+msgid "root certificate has expired"
+msgstr "rotcertifikatet har gått ut"
+
+#: sm/certchain.c:1014
+msgid "intermediate certificate has expired"
+msgstr "tillfälligt certifikat har gått ut"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr "nödvändiga certifikattillägg saknas: %s%s%s"
+
+#: sm/certchain.c:1065
+msgid "certificate with invalid validity"
+msgstr "certifikat med felaktig giltighetstid"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr "signaturen inte skapad under certifikatets livstid"
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr "certifikatet skapades inte under utfärdarens livstid"
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr "tillfälligt certifikat är inte skapat under utfärdarens livstid"
+
+#: sm/certchain.c:1109
+msgid " ( signature created at "
+msgstr " ( signatur skapad "
+
+#: sm/certchain.c:1110
+msgid " (certificate created at "
+msgstr " (certifikat skapat "
+
+#: sm/certchain.c:1113
+msgid " (certificate valid from "
+msgstr " (certifikat giltigt från "
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr " ( utfärdare giltig från "
+
+#: sm/certchain.c:1144
+#, c-format
+msgid "fingerprint=%s\n"
+msgstr "fingeravtryck=%s\n"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr "rotcertifikatet har nu markerats som betrott\n"
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr "interaktiv markering som betrodd inte aktiverad i gpg-agent\n"
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr "interaktiv markering som betrodd inaktiverad för den här sessionen\n"
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+"VARNING: tid för skapandet av signaturen är inte känd - antar aktuell tid"
+
+#: sm/certchain.c:1293
+msgid "no issuer found in certificate"
+msgstr "ingen utfärdare hittades i certifikatet"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr "självsignerat certifikat har en FELAKTIG signatur"
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr "rotcertifikatet har inte markerats som betrott"
+
+#: sm/certchain.c:1448
+#, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "kontroll mot tillitslistan misslyckades: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr "certifikatkedjan är för lång\n"
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr "utfärdarens certifikat hittades inte"
+
+#: sm/certchain.c:1522
+msgid "certificate has a BAD signature"
+msgstr "certifikatet har en FELAKTIG signatur"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr "hittade ett annat möjligen matchande CA-certifikat - försöker igen"
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr "certifikatkedjan längre än vad som tillåts av CA (%d)"
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+msgid "certificate is good\n"
+msgstr "certifikatet är korrekt\n"
+
+#: sm/certchain.c:1645
+msgid "intermediate certificate is good\n"
+msgstr "tillfälligt certifikat är korrekt\n"
+
+#: sm/certchain.c:1646
+msgid "root certificate is good\n"
+msgstr "rotcertifikatet är korrekt\n"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr "växlar till kedjemodell"
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr "valideringsmodell använd: %s"
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr "%s-nyckeln använder en osäker hash (%u bitar)\n"
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr "en %u-bitars hash är inte giltig för en %u-bitars %s-nyckel\n"
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr "(det här är MD2-algoritmen)\n"
+
+#: sm/certdump.c:60 sm/certdump.c:143
+msgid "none"
+msgstr "ingen"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+msgid "[Error - invalid encoding]"
+msgstr "[Fel - ogiltig kodning]"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr "[Fel - slut på kärna]"
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr "[Fel - Inget namn]"
+
+#: sm/certdump.c:679 sm/certdump.c:738
+msgid "[Error - invalid DN]"
+msgstr "[Fel - ogiltigt DN]"
+
+#: sm/certdump.c:948
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Ange lösenfrasen för att låsa upp den hemliga nyckeln för X.509-"
+"certifikatet:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"skapad %s, går ut %s.\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr "ingen nyckelanvändning angiven - antar alla användningsområden\n"
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "fel vid hämtning av nyckelanvändningsinformation: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr "certifikatet skulle inte använts för certifiering\n"
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr "certifikatet skulle inte använts för signering av OCSP-svar\n"
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr "certifikatet skulle inte använts för kryptering\n"
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr "certifikatet skulle inte använts för signering\n"
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr "certifikatet är inte användbart för kryptering\n"
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr "certifikatet är inte användbart för signering\n"
+
+#: sm/certreqgen.c:474
+#, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "rad %d: ogiltig algoritm\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr "rad %d: ogiltig nyckellängd %u (giltiga är %d till %d)\n"
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr "rad %d: inget ämnesnamn angivit\n"
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr "rad %d: ogiltig ämnesnamnsetikett \"%.*s\"\n"
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr "rad %d: ogiltigt ämnesnamn \"%s\" på position %d\n"
+
+#: sm/certreqgen.c:534
+#, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "rad %d: inte en giltig e-postadress\n"
+
+#: sm/certreqgen.c:546
+#, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "rad %d: fel vid läsning av nyckeln \"%s\" från kortet: %s\n"
+
+# keygrip (i.e. a hash over the public key
+# parameters) formatted as a hex string.
+#: sm/certreqgen.c:558
+#, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "rad %d: fel vid hämtning av nyckelhashen \"%s\": %s\n"
+
+#: sm/certreqgen.c:574
+#, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "rad %d: nyckelgenerering misslyckades: %s <%s>\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+"Ange lösenfrasen en gång till för nyckeln som du just skapade för att "
+"färdigställa denna certifikatbegäran.\n"
+
+#: sm/certreqgen-ui.c:158
+#, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA\n"
+
+#: sm/certreqgen-ui.c:159
+#, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) Befintlig nyckel\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr " (%d) Befintlig nyckel från kort\n"
+
+#: sm/certreqgen-ui.c:202
+msgid "Enter the keygrip: "
+msgstr "Ange nyckelhashen: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr "Inte en giltig nyckelhash (förväntade 40 hexadecimala siffror)\n"
+
+#: sm/certreqgen-ui.c:212
+msgid "No key with this keygrip\n"
+msgstr "Ingen nyckel med denna nyckelhash\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, c-format
+msgid "error reading the card: %s\n"
+msgstr "fel vid läsning av kortet: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "Serienummer för kortet: %s\n"
+
+#: sm/certreqgen-ui.c:245
+msgid "Available keys:\n"
+msgstr "Tillgängliga nycklar:\n"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "Möjliga åtgärder för en %s-nyckel:\n"
+
+#: sm/certreqgen-ui.c:277
+#, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) signering, kryptering\n"
+
+#: sm/certreqgen-ui.c:278
+#, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) signering\n"
+
+#: sm/certreqgen-ui.c:279
+#, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) kryptering\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr "Ange ämnesnamn för X.509: "
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr "Inget ämnesnamn angivet\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr "Ogiltig ämnesnamnsetikett \"%.*s\"\n"
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "Ogiltigt ämnesnamn \"%s\"\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr "20"
+
+#: sm/certreqgen-ui.c:334
+msgid "Enter email addresses"
+msgstr "Ange e-postadresser"
+
+#: sm/certreqgen-ui.c:335
+msgid " (end with an empty line):\n"
+msgstr " (avsluta med en tom rad):\n"
+
+#: sm/certreqgen-ui.c:339
+msgid "Enter DNS names"
+msgstr "Ange DNS-namn"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+msgid " (optional; end with an empty line):\n"
+msgstr " (valfritt: avsluta med en tom rad:\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr "Ange URI:er"
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr "Parametrar som ska användas för denna certifikatbegäran:\n"
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr "Skapar nu en certifikatbegäran. Det kan ta en stund ...\n"
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+"Färdig. Du bör nu skicka denna begäran till din certifikatutfärdare.\n"
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr "resursproblem: slut på minne\n"
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr "(det här är RC2-algoritmen)\n"
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr "(det här verkar inte vara ett krypterat meddelande)\n"
+
+#: sm/delete.c:51 sm/delete.c:112
+#, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "certifikatet \"%s\" hittades inte: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, c-format
+msgid "error locking keybox: %s\n"
+msgstr "fel vid låsning av nyckelskåp: %s\n"
+
+#: sm/delete.c:143
+#, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "dubblett av certifikatet \"%s\" borttaget\n"
+
+#: sm/delete.c:145
+#, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "certifikatet \"%s\" togs bort\n"
+
+#: sm/delete.c:175
+#, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "borttagning av certifikatet \"%s\" misslyckades: %s\n"
+
+#: sm/encrypt.c:321
+msgid "no valid recipients given\n"
+msgstr "inga giltiga mottagare angavs\n"
+
+#: sm/gpgsm.c:197
+msgid "list external keys"
+msgstr "lista externa nycklar"
+
+#: sm/gpgsm.c:199
+msgid "list certificate chain"
+msgstr "lista certifikatkedja"
+
+#: sm/gpgsm.c:206
+msgid "import certificates"
+msgstr "importera certifikat"
+
+#: sm/gpgsm.c:207
+msgid "export certificates"
+msgstr "exportera certifikat"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr "registrera ett smartkort"
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr "skicka ett kommando till dirmngr"
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr "starta gpg-protect-tool"
+
+#: sm/gpgsm.c:230
+msgid "create base-64 encoded output"
+msgstr "skapa base-64-kodat utdata"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr "anta att inmatning är i PEM-format"
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr "anta att inmatning är i base-64-format"
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr "anta att inmatning är i binärformat"
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr "använd systemets dirmngr om tillgängligt"
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr "kontrollera aldrig mot spärrlista"
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr "kontrollera giltigheten med OCSP"
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr "|N|antal certifikat att inkludera"
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr "|FIL|hämta policyinformation från FIL"
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr "kontrollera inte certifikatpolicier"
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr "hämta saknade utfärdarcertifikat"
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "använd inte terminalen alls"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr "|FIL|skriv en serverlägeslogg till FIL"
+
+#: sm/gpgsm.c:290
+msgid "|FILE|write an audit log to FILE"
+msgstr "|FIL|skriv en granskningslogg till FIL"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "satsläge: fråga aldrig"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "anta ja på de flesta frågorna"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "anta nej på de flesta frågorna"
+
+#: sm/gpgsm.c:298
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "|FIL|lägg till nyckelring till listan över nyckelringar"
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|ANVÄNDAR-ID|använd ANVÄNDAR-ID som förvald hemlig nyckel"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|använd denna nyckelserver för att slå upp nycklar"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NAMN|använd chifferalgoritmen NAMN"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|NAMN|använd algoritmen NAMN för kontrollsummor"
+
+#: sm/gpgsm.c:522
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Användning: gpgsm [flaggor] [filer] (-h för hjälp)"
+
+# Om inget kommando anges (decrypt/encrypt etc) väljs åtgärd efter indata.
+#: sm/gpgsm.c:525
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Syntax: gpgsm [flaggor] [filer]\n"
+"signera, kontrollera, kryptera eller dekryptera med S/MIME-protokollet\n"
+"standardåtgärden beror på inmatningsdata\n"
+
+#: sm/gpgsm.c:617
+msgid "usage: gpgsm [options] "
+msgstr "användning: gpgsm [flaggor] "
+
+#: sm/gpgsm.c:739
+#, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "OBSERVERA: kommer inte att kunna kryptera till \"%s\": %s\n"
+
+#: sm/gpgsm.c:750
+#, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "okänd valideringsmodell \"%s\"\n"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: inget värdnamn angivet\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: lösenord angivet utan användare\n"
+
+#: sm/gpgsm.c:841
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: hoppar över denna rad\n"
+
+#: sm/gpgsm.c:1376
+msgid "could not parse keyserver\n"
+msgstr "kunde inte tolka nyckelserver\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr "VARNING: kör med falsk systemtid: "
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "importerar vanliga certifikat \"%s\"\n"
+
+#: sm/gpgsm.c:1597
+#, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "kan inte signera med \"%s\": %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr "ogiltigt kommando (det finns inget implicit kommando)\n"
+
+#: sm/import.c:111
+#, c-format
+msgid "total number processed: %lu\n"
+msgstr "totalt antal behandlade: %lu\n"
+
+#: sm/import.c:230
+msgid "error storing certificate\n"
+msgstr "fel vid lagring av certifikat\n"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr "enkla certifikatkontroller misslyckades - importeras inte\n"
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+msgid "failed to allocate keyDB handle\n"
+msgstr "misslyckades med att allokera keyDB-hanterare\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "fel vid hämtning av lagrade flaggor: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, c-format
+msgid "error importing certificate: %s\n"
+msgstr "fel vid import av certifikat: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, c-format
+msgid "error reading input: %s\n"
+msgstr "fel vid läsning av indata: %s\n"
+
+#: sm/keydb.c:187
+#, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "fel när nyckelskåpet \"%s\" skapades: %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr "du kanske vill starta gpg-agent först\n"
+
+#: sm/keydb.c:195
+#, c-format
+msgid "keybox `%s' created\n"
+msgstr "nyckelskåpet \"%s\" skapat\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+msgid "failed to get the fingerprint\n"
+msgstr "misslyckades med att få fingeravtrycket\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr "problem vid sökandet efter befintligt certifikat: %s\n"
+
+#: sm/keydb.c:1348
+#, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "fel vid sökning efter skrivbar keyDB: %s\n"
+
+#: sm/keydb.c:1356
+#, c-format
+msgid "error storing certificate: %s\n"
+msgstr "fel vid lagring av certifikat: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "problem vid ytterligare sökning efter certifikat: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, c-format
+msgid "error storing flags: %s\n"
+msgstr "fel vid lagring av flaggor: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr "Fel - "
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+"GPG_TTY har inte ställts in - använder kanske felaktigt standardvärde\n"
+
+#: sm/qualified.c:105
+#, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "ogiltigt formaterat fingeravtryck i \"%s\", rad %d\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr "ogiltig landskod i \"%s\", rad %d\n"
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+"Du är på väg att skapa en signatur med ditt certifikat:\n"
+"\"%s\"\n"
+"Det här kommer att skapa en kvalificerad signatur som kan likställas med en "
+"handskriven signatur.\n"
+"\n"
+"%s%sÄr du säker på att du vill göra det här?"
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+"Observera att den här programvaran inte officiellt godkänts för att skapa "
+"eller validera sådana signaturer.\n"
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+"Du är på väg att skapa en signatur med ditt certifikat:\n"
+"\"%s\"\n"
+"Observera att det här certifikatet INTE kommer att skapa en kvalificerad "
+"signatur!"
+
+#: sm/sign.c:449
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "hashalgoritm %d (%s) för signerare %d stöds inte; använder %s\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr "hashalgoritm som används för signerare %d: %s (%s)\n"
+
+#: sm/sign.c:513
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "sökande efter kvalificerat certifikat misslyckades: %s\n"
+
+#: sm/verify.c:449
+msgid "Signature made "
+msgstr "Signatur gjord "
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr "[datum inte angivet]"
+
+#: sm/verify.c:454
+#, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr " använder certifikat-id 0x%08lX\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+"ogiltig signatur: attribut för kontrollsumma matchar inte den beräknade\n"
+
+#: sm/verify.c:594
+msgid "Good signature from"
+msgstr "Korrekt signatur från"
+
+#: sm/verify.c:595
+msgid " aka"
+msgstr " även känd som"
+
+#: sm/verify.c:613
+msgid "This is a qualified signature\n"
+msgstr "Det här är en kvalificerad signatur\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+msgid "quiet"
+msgstr "tyst"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr "skriv ut data hexkodat"
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr "avkoda mottagna datarader"
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr "|NAMN|anslut till Assuan-uttaget NAMN"
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr "kör Assuan-servern som angivits på kommandoraden"
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr "använd inte utökat anslutningsläge"
+
+#: tools/gpg-connect-agent.c:80
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|FIL|kör kommandon från FIL vid uppstart"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr "kör /subst vid uppstart"
+
+#: tools/gpg-connect-agent.c:184
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Användning: gpg-connect-agent [flaggor] (-h för hjälp)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+"Syntax: gpg-connect-agent [flaggor]\n"
+"Anslut till en körande agent och skicka kommandon\n"
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr "flaggan \"%s\" kräver ett program och valfria argument\n"
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr "flaggan \"%s\" ignoreras på grund av \"%s\"\n"
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, c-format
+msgid "receiving line failed: %s\n"
+msgstr "mottagande rad misslyckades: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+msgid "line too long - skipped\n"
+msgstr "raden är för lång - hoppades över\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr "rad nerkortad på grund av inbäddat Nul-tecken\n"
+
+#: tools/gpg-connect-agent.c:1743
+#, c-format
+msgid "unknown command `%s'\n"
+msgstr "okänt kommando \"%s\"\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, c-format
+msgid "sending line failed: %s\n"
+msgstr "sändande rad misslyckades: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, c-format
+msgid "error sending %s command: %s\n"
+msgstr "fel vid sändning av %s-kommando: %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, c-format
+msgid "error sending standard options: %s\n"
+msgstr "fel vid sändning av standardflaggor: %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr "Flaggor som kontrollerar diagnosutdata"
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr "Flaggor som kontrollerar konfigurationen"
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr "Flaggor användbara för felsökning"
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr "|FIL|skriv serverlägesloggar till FIL"
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr "Flaggor som kontrollerar säkerheten"
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr "|N|låt mellanlagrade SSH-nycklar gå ut efter N sekunder"
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr "|N|ställ in maximal livstid för PIN-cache till N sekunder"
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr "|N|ställ in maximal livstid för SSH-nyckel till N sekunder"
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr "Flaggor som tvingar igenom en lösenfraspolicy"
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr "tillåt inte att gå förbi lösenfraspolicyn"
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr "|N|ställ in minimal nödvändig längd för nya lösenfraser till N"
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr "|N|kräv minst N icke-alfabetiska tecken för en ny lösenfras"
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr "|FIL|kontrollera nya lösenfraser mot mönster i FIL"
+
+#: tools/gpgconf-comp.c:557
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|låt mellanlagrad lösenfras gå ut efter N dagar"
+
+#: tools/gpgconf-comp.c:561
+msgid "do not allow the reuse of old passphrases"
+msgstr "tillåt inte återanvändning av gamla lösenfraser"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NAMN|använd NAMN som förvald hemlig nyckel"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NAMN|kryptera även till användaridentiteten NAMN"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr "|SPEC|ange e-postalias (ett eller flera)"
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr "Konfiguration för nyckelservrar"
+
+#: tools/gpgconf-comp.c:688
+msgid "|URL|use keyserver at URL"
+msgstr "|URL| använd nyckelservern på URL"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr "tillåt PKA-uppslag (DNS-förfrågningar)"
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr "|MEKANISMER|använd MEKANISMER för att hitta nycklar efter e-postadress"
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr "inaktivera all åtkomst till dirmngr"
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|NAMN|använd kodningen NAMN för PKCS#12-lösenfraser"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr "kontrollera inte spärrlistor för rotcertifikat"
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr "Flaggor som kontrollerar formatet på utdata"
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr "Flaggor som kontrollerar interaktivitet och framtvingande"
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr "Konfiguration för HTTP-servrar"
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr "använd systemets HTTP-proxyinställningar"
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr "Konfiguration av LDAP-servrar som ska användas"
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr "LDAP-serverlista"
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr "Konfiguration för OCSP"
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr "Extern validering av komponenten %s misslyckades"
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr "Observera att gruppspecifikationer ignoreras\n"
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr "lista alla komponenter"
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr "kontrollera alla program"
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr "|KOMPONENT|lista flaggor"
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr "|KOMPONENT|ändra flaggor"
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr "|KOMPONENT|kontrollera flaggor"
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr "tillämpa globala standardvärden"
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr "hämta konfigurationskatalogerna för gpgconf"
+
+#: tools/gpgconf.c:72
+msgid "list global configuration file"
+msgstr "lista global konfigurationsfil"
+
+#: tools/gpgconf.c:74
+msgid "check global configuration file"
+msgstr "kontrollera global konfigurationsfil"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "använd som fil för utdata"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr "aktivera ändringar vid körtid, om möjligt"
+
+#: tools/gpgconf.c:105
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Användning: gpgconf [flaggor] (-h för hjälp)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+"Syntax: gpgconf [flaggor]\n"
+"Hantera konfigurationsinställningar för verktygen i GnuPG-systemet\n"
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+msgid "usage: gpgconf [options] "
+msgstr "användning: gpgconf [flaggor] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr "Behöver ett komponentargument"
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+msgid "Component not found"
+msgstr "Komponenten hittades inte"
+
+#: tools/gpgconf.c:284
+msgid "No argument allowed"
+msgstr "Inget argument tillåts"
+
+#: tools/symcryptrun.c:154
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@\n"
+"Kommandon:\n"
+" "
+
+#: tools/symcryptrun.c:156
+msgid "decryption modus"
+msgstr "dekrypteringsmodus"
+
+#: tools/symcryptrun.c:157
+msgid "encryption modus"
+msgstr "krypteringsmodus"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr "verktygsklass (confucius)"
+
+#: tools/symcryptrun.c:162
+msgid "program filename"
+msgstr "programfilnamn"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr "hemlig nyckelfil (krävs)"
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr "filnamn för inmatning (standardvärde är standard in)"
+
+#: tools/symcryptrun.c:209
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Användning: symcryptrun [flaggor] (-h för hjälp)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+"Syntax: symcryptrun --class KLASS --program PROGRAM --keyfile NYCKELFIL "
+"[flaggor...] KOMMANDO [inmatningsfil]\n"
+"Anropa ett enkelt symmetriskt krypteringsverktyg\n"
+
+#: tools/symcryptrun.c:281
+#, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s på %s avbröts med status %i\n"
+
+#: tools/symcryptrun.c:288
+#, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "%s på %s misslyckades med status %i\n"
+
+#: tools/symcryptrun.c:314
+#, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "kan inte skapa temporärkatalogen \"%s\": %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "kunde inte öppna %s för skrivning: %s\n"
+
+#: tools/symcryptrun.c:382
+#, c-format
+msgid "error writing to %s: %s\n"
+msgstr "fel vid skrivning till %s: %s\n"
+
+#: tools/symcryptrun.c:389
+#, c-format
+msgid "error reading from %s: %s\n"
+msgstr "fel vid läsning från %s: %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, c-format
+msgid "error closing %s: %s\n"
+msgstr "fel vid stängning av %s: %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr "flaggan --program angavs inte\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr "endast --decrypt och --encrypt stöds\n"
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr "flaggan --keyfile angavs inte\n"
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr "kan inte allokera argumentvektor\n"
+
+#: tools/symcryptrun.c:529
+#, c-format
+msgid "could not create pipe: %s\n"
+msgstr "kunde inte skapa rör: %s\n"
+
+#: tools/symcryptrun.c:536
+#, c-format
+msgid "could not create pty: %s\n"
+msgstr "kunde inte skapa pty: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr "kunde inte grena process: %s\n"
+
+#: tools/symcryptrun.c:580
+#, c-format
+msgid "execv failed: %s\n"
+msgstr "execv misslyckades: %s\n"
+
+#: tools/symcryptrun.c:609
+#, c-format
+msgid "select failed: %s\n"
+msgstr "val misslyckades: %s\n"
+
+#: tools/symcryptrun.c:626
+#, c-format
+msgid "read failed: %s\n"
+msgstr "läsning misslyckades: %s\n"
+
+#: tools/symcryptrun.c:678
+#, c-format
+msgid "pty read failed: %s\n"
+msgstr "pty-läsning misslyckades: %s\n"
+
+#: tools/symcryptrun.c:730
+#, c-format
+msgid "waitpid failed: %s\n"
+msgstr "waitpid misslyckades: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr "barnprocess avbröts med status %i\n"
+
+#: tools/symcryptrun.c:799
+#, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "kan inte allokera infilssträng: %s\n"
+
+#: tools/symcryptrun.c:812
+#, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "kan inte allokera utfilssträng: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr "antingen %s eller %s måste anges\n"
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr "ingen klass tillhandahölls\n"
+
+# Skyddssammandraget låter underligt
+# Kontrollsumma?
+#: tools/symcryptrun.c:1022
+#, c-format
+msgid "class %s is not supported\n"
+msgstr "klassen %s stöds inte\n"
+
+#: tools/gpg-check-pattern.c:145
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "Användning: gpg-check-pattern [flaggor] mönsterfil (-h för hjälp)\n"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+"Syntax: gpg-check-pattern [flaggor] mönsterfil\n"
+"Kontrollera en lösenfras angiven på standard in mot mönsterfilen\n"
+
+#~ msgid "Command> "
+#~ msgstr "Kommando> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr "tillitsdatabasen är trasig, kör \"gpg --fix-trustdb\".\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr ""
+#~ "Rapportera fel till <gnupg-bugs@gnu.org>\n"
+#~ "Skicka synpunkter på översättningen till <tp-sv@listor.tp-sv.se>\n"
+
+#~ msgid "Please report bugs to "
+#~ msgstr "Rapportera fel till "
+
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "DSA-nyckelparet kommer att ha %u bitar.\n"
+
+#~ msgid "this command has not yet been implemented\n"
+#~ msgstr "det här kommandot har ännu inte implementerats\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Repetera lösenfrasen\n"
+
+#~ msgid "||Please enter your PIN at the reader's keypad%%0A[sigs done: %lu]"
+#~ msgstr ""
+#~ "||Ange din PIN-kod på läsarens knappsats%%0A[signaturer gjorda: %lu]"
+
+#~ msgid "|A|Admin PIN"
+#~ msgstr "|A|Admin PIN-kod"
+
+#~ msgid "read options from file"
+#~ msgstr "läs inställningar från fil"
+
+#~ msgid "Used libraries:"
+#~ msgstr "Använda bibliotek:"
+
+#~ msgid "generate PGP 2.x compatible messages"
+#~ msgstr "generera PGP 2.x-kompatibla meddelanden"
+
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[FIL]|skapa en signatur"
+
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[FIL]|skapa en klartext-signatur"
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|NAMN|använd NAMN som standardmottagare"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "använd standardnyckeln som standardmottagare"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "tvinga v3-signaturer"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "använd alltid en MDC för kryptering"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "lägg till denna hemliga nyckelring till listan"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|NAMN|ställ in terminalteckentabell till NAMN"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|FIL|läs in tilläggsmodulen FIL"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|använd komprimeringsalgoritmen N"
+
+#~ msgid "remove key from the public keyring"
+#~ msgstr "ta bort nyckel från den publika nyckelringen"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "Det är upp till dig att ange ett värde här. Detta värde kommer aldrig "
+#~ "att\n"
+#~ "exporteras till någon tredje part. Vi behöver det för att implementera\n"
+#~ "\"Web of trust\". Det har inget att göra med det (implicit skapade)\n"
+#~ "nätet av certifikat."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "För att kunna bygga förtroendeväven \"Web-of-Trust\",\n"
+#~ "måste GnuPG veta vilka nycklar som du litar förbehållslöst på\n"
+#~ "- det är vanligen de nycklar som du disponerar den hemliga nyckeln för.\n"
+#~ "Svara \"ja\" för att markera att du litar förbehållslöst på denna "
+#~ "nyckel.\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr "Om du vill använda denna otillförlitliga nyckel ändå, svara \"ja\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr ""
+#~ "Ange användaridentiteten för den adressat du vill skicka meddelandet till."
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the Digital Signature Algorithm and can only be used\n"
+#~ "for signatures.\n"
+#~ "\n"
+#~ "Elgamal is an encrypt-only algorithm.\n"
+#~ "\n"
+#~ "RSA may be used for signatures or encryption.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of signing."
+#~ msgstr ""
+#~ "Välj vilken algoritm som ska användas.\n"
+#~ "\n"
+#~ "DSA (även känd som DSS) är Digital Signature Algorithm och kan endast\n"
+#~ "användas för signaturer.\n"
+#~ "\n"
+#~ "Elgamal är en algoritm som endast kan användas för kryptering.\n"
+#~ "\n"
+#~ "RSA kan användas för signaturer eller kryptering.\n"
+#~ "\n"
+#~ "Första (primär) nyckel måste alltid vara en nyckel som är kapabel att "
+#~ "signera."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "Som regel är det ingen bra idé att använda samma nyckel för signering\n"
+#~ "och kryptering. Denna algoritm ska endast användas inom särskilda\n"
+#~ "områden. Rådgör med din egen säkerhetsexpert först!"
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "Ange storleken på nyckeln"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "Svara \"ja\" eller \"nej\""
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "Ange värdet som krävs som det visas vid prompten.\n"
+#~ "Det är möjligt att ange ett ISO-datum (ÅÅÅÅ-MM-DD) men du kommer\n"
+#~ "inte att få något vettigt felmeddelande - istället kommer systemet\n"
+#~ "att försöka tolka det angivna värdet som ett intervall."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "Ange namnet på nyckelns ägare"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr "ange en e-postadress. Detta är frivilligt, men rekommenderas varmt"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "Ange en kommentar (frivilligt)"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N för att ändra namnet.\n"
+#~ "C för att ändra kommentaren.\n"
+#~ "E för att ändra e-postadressen.\n"
+#~ "O för att fortsätta med nyckelgenerering.\n"
+#~ "Q för att avsluta nyckelgenereringen."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr ""
+#~ "Svara \"ja\" (eller bara \"j\") om du vill generera denna undernyckel."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "När du signerar en användaridentitet på en nyckel, måste du först "
+#~ "kontrollera att nyckeln\n"
+#~ "verkligen tillhör den person som nämns i användaridentiteten. Det är "
+#~ "viktigt för andra att\n"
+#~ "få veta hur noga du har kontrollerat detta.\n"
+#~ "\n"
+#~ "\"0\" betyder att du inte påstår någonting om hur noga du kontrollerat "
+#~ "nyckeln.\n"
+#~ "\n"
+#~ "\"1\" betyder att du tror att nyckeln tillhör den person som påstår sig "
+#~ "göra det\n"
+#~ " men du kunde inte, eller ville inte kontrollera nyckeln alls. Detta "
+#~ "är användbartför\n"
+#~ " en \"persona\" kontroll, där du signerar nyckeln för en användare med "
+#~ "pseudonym.\n"
+#~ "\n"
+#~ "\"2\" betyder att du gjorde viss kontroll av nyckeln. Det kan t.ex. "
+#~ "betyda att\n"
+#~ " du kontrollerade fingeravtrycket och kontrollerade "
+#~ "användaridentiteten för nyckeln\n"
+#~ " mot en fotolegitimation.\n"
+#~ "\n"
+#~ "\"3\" betyder att du gjorde en noggrann och uttömmande kontroll av "
+#~ "nyckeln. Detta kan\n"
+#~ " t.ex. betyda att du kontrollerade nyckelns fingeravtryck direkt med "
+#~ "nyckelinnehavaren\n"
+#~ " och att du kontrollerade, med hjälp av svårförfalskade "
+#~ "identitetsdokument\n"
+#~ "a\n"
+#~ " med foto (t.ex. ett körkort) att namnet på innehavaren stämmer med\n"
+#~ " namnet i användaridentiteten på nyckeln, och slutligen att du "
+#~ "kontrollerade att\n"
+#~ " (genom att utväxla e-postmeddelanden) att e-postadressen på nyckeln "
+#~ "tillhör\n"
+#~ " nyckelinnehavaren.\n"
+#~ "\n"
+#~ "Observera! Ovanstående exempel för nivåerna 2 och 3 är bara förslag.\n"
+#~ "Slutligen är det bara du själv som avgör vad \"viss\" and \"noggrann\"\n"
+#~ "betyder när du signerar andras nycklar.\n"
+#~ "\n"
+#~ "Om du inte vet vad du ska svara, så svara \"0\"."
diff --git a/po/tr.gmo b/po/tr.gmo
new file mode 100644
index 0000000..73e5975
--- /dev/null
+++ b/po/tr.gmo
Binary files differ
diff --git a/po/tr.po b/po/tr.po
new file mode 100644
index 0000000..36410a0
--- /dev/null
+++ b/po/tr.po
@@ -0,0 +1,8531 @@
+# Turkish translations for GnuPG messages.
+# Copyright (C) 2006 Free Software Foundation, Inc.
+#
+# Nilgün Belma Bugüner <nilgun@belgeler.gen.tr>, 2001, ..., 2008.
+# Nilgün Belma Bugüner <nilgunbelma@gmail.com>.
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 2.0.10rc1\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2008-12-14 23:25+0200\n"
+"Last-Translator: Nilgün Belma Bugüner <nilgun@belgeler.gen.tr>\n"
+"Language-Team: Turkish\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: KBabel 1.11.4\n"
+
+#: agent/call-pinentry.c:244
+#, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "PIN giriÅŸ kilidi edinilemedi: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr "Kalite:"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+"Lütfen PIN'inizi giriniz, böylelikle bu oturumda bu gizli anahtar kilitsiz "
+"olabilecek"
+
+#: agent/call-pinentry.c:719
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+"Lütfen anahtar parolanızı giriniz, böylelikle bu oturumda bu gizli anahtar "
+"kilitsiz olabilecek"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr "SETERROR %s (%d/%d dene)"
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+msgid "PIN too long"
+msgstr "PIN çok uzun"
+
+#: agent/call-pinentry.c:800
+msgid "Passphrase too long"
+msgstr "Anahtar Parolası çok uzun"
+
+#: agent/call-pinentry.c:808
+msgid "Invalid characters in PIN"
+msgstr "PIN içinde geçersiz karakterler var"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr "PIN çok kısa"
+
+#: agent/call-pinentry.c:825
+msgid "Bad PIN"
+msgstr "PIN hatalı"
+
+#: agent/call-pinentry.c:826
+msgid "Bad Passphrase"
+msgstr "Anahtar Parolası hatalı"
+
+#: agent/call-pinentry.c:863
+msgid "Passphrase"
+msgstr "Anahtar Parolası"
+
+#: agent/command-ssh.c:531
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "%d bitlikten daha büyük SSH anahtarları desteklenmiyor\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "\"%s\" oluşturulamıyor: %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "`%s' açılamıyor: %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "kartın seri numarası alınırken hata: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr "Algılanan kartın seri nr: %s\n"
+
+#: agent/command-ssh.c:1717
+#, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "kartın öntanımlı kimlik doğrulama anahtar kimliği alınırken hata: %s\n"
+
+#: agent/command-ssh.c:1737
+#, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "uygun bir kart anahtarı yok: %s\n"
+
+#: agent/command-ssh.c:1787
+#, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "anahtar gölgelenemedi: %s\n"
+
+#: agent/command-ssh.c:1802
+#, c-format
+msgid "error writing key: %s\n"
+msgstr "anahtarı yazarken hata: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Lütfen SSH anahtarı %0A %c için anahtar parolasını giriniz"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+msgid "Please re-enter this passphrase"
+msgstr "Lütfen bu anahtar parolasını tekrar girin"
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"gpg-agent'in anahtar deposuna korumak için alınan gizli anahtar %%0A %s%%0A "
+"için lütfen anahtar parolası giriniz"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr "aynı değiller - tekrar deneyin"
+
+#: agent/command-ssh.c:3054
+#, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "sokette akım oluşturulamadı: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr "Yönetici PIN'i"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr "Sıfırlama Kodu"
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+msgid "Repeat this Reset Code"
+msgstr "Bu Sıfırlama Kodu tekrarlansın"
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "Bu PIN tekrarlansın "
+
+#: agent/divert-scd.c:290
+msgid "Repeat this PIN"
+msgstr "Bu PIN tekrarlansın "
+
+#: agent/divert-scd.c:295
+msgid "Reset Code not correctly repeated; try again"
+msgstr "Sıfırlama Kodu doğru tekrarlanmadı; tekrar deneyin"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "PIN doğru tekrarlanmadı; tekrar deneyin"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "PIN doğru tekrarlanmadı; tekrar deneyin"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "Kartın kilidini açmak için lütfen PIN%s%s%s giriniz"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "geçici dosya oluşturulurken hata: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "geçeci dosyaya yazma hatası: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+msgid "Enter new passphrase"
+msgstr "Yeni anahtar parolasını giriniz"
+
+#: agent/genkey.c:167
+msgid "Take this one anyway"
+msgstr "Ne olursa olsun bunu al"
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+"Uyarı: Girdiğiniz anahtar parolası güvenli değil.%%0AParola en az %u "
+"karakterlik olmalı."
+msgstr[1] ""
+"Uyarı: Girdiğiniz anahtar parolası güvenli değil.%%0AParola en az %u "
+"karakterlik olmalı."
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+"Uyarı: Girdiğiniz anahtar parolası güvenli değil.%%0AParola en az %u rakam "
+"veya%%0Aözel karakter içermeli."
+msgstr[1] ""
+"Uyarı: Girdiğiniz anahtar parolası güvenli değil.%%0AParola en az %u rakam "
+"veya%%0Aözel karakter içermeli."
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+"Uyarı: Girdiğiniz anahtar parolası güvenli değil.%%0AParola bilinen bir "
+"terim olmamalı ve%%0Abelli bir kalıpla eşleşmemeli."
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr "Bir anahtar parolası girmediniz!%0ABoş parolaya izin verilmez."
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+"Bir anahtar parolası girmediniz - bu aslında kötü bir fikir!%0A Lütfen "
+"anahtarınıza herhangi bir koruma istemediğinizi onaylayınız."
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr "Evet, korumak gereksiz"
+
+#: agent/genkey.c:308
+#, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr "Yeni anahtarınızı korumak için Lütfen%0AAnahtar Parolanızı giriniz"
+
+#: agent/genkey.c:431
+msgid "Please enter the new passphrase"
+msgstr "Lütfen yeni anahtar parolasını girin"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@Seçenekler:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr "sunucu olarak (önalanda) çalışır"
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr "artalan süreci olarak çalışır"
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "ayrıntılı"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "biraz daha sessiz olur"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr "sh tarzı komut çıktısı"
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr "csh tarzı komut çıktısı"
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+msgid "|FILE|read options from FILE"
+msgstr "|DOSYA|seçenekler DOSYAdan okunur"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr "konsoldan kopulmaz"
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr "klavye ve fare gaspedilmez"
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+msgid "use a log file for the server"
+msgstr "sunucu için bir günlük dosyası kullanılır"
+
+#: agent/gpg-agent.c:138
+msgid "use a standard location for the socket"
+msgstr "soket için standart bir yer kullanılır"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr "|UYG|PIN girme uygulaması olarak UYG kullanılır"
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr "[UYG|Akıllı kart uygulaması olarak UYG kullanılır"
+
+#: agent/gpg-agent.c:145
+msgid "do not use the SCdaemon"
+msgstr "Akıllı kart süreci kullanılmaz"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr "TTY değiştirme istekleri yoksayılır"
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr "X birimi değiştirme istekleri yoksayılır"
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr "|N|arabellekteki PINler N saniyede zamanaşımına uğrar"
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr "imzalarken PIN arabelleği kullanılmaz"
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr "istemcilerin anahtarları \"güvenilir\" olarak imlemesine izin verilir"
+
+#: agent/gpg-agent.c:179
+msgid "allow presetting passphrase"
+msgstr "anahtar parolasının önceden atanmasına izin verilir"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr "ssh-agent öykünümü etkinleşir"
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr "|DOSYA|ortam ayarlarını ayrıca DOSYAya da yazar"
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+#, fuzzy
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Yazılım hatalarını lütfen <"
+
+#: agent/gpg-agent.c:342
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "Kullanımı: gpg [seçenekler] (yardım için -h)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+"Sözdizimi: gpg-agent [seçenekler] [komut [arg ...]]\n"
+"GnuPG için gizli anahtar yönetimi\n"
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr "belirtilen hata seviyesi `%s' geçersiz\n"
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr "%s çok eski (gereken %s, sizinki %s)\n"
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "BİLGİ: \"%s\" öntanımlı seçenek dosyası yok\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "seçenek dosyası \"%s\": %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "\"%s\"den seçenekler okunuyor\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "`%s' oluÅŸturulurken hata: %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "`%s' dizini oluşturulamıyor: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr "soketin ismi çok uzun\n"
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, c-format
+msgid "can't create socket: %s\n"
+msgstr "soket oluşturulamıyor: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "soketin ismi `%s' çok uzun\n"
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "çalışan bir gpg-agent zaten var - bir yenisi başlatılmayacak\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+msgid "error getting nonce for the socket\n"
+msgstr "soket için tuz alınırken hata\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "soket `%s'e bağlanırken hata: %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, c-format
+msgid "listen() failed: %s\n"
+msgstr "soket dinleme başarısız: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, c-format
+msgid "listening on socket `%s'\n"
+msgstr "`%s' soketi dinlemede\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "dizin `%s' oluÅŸturuldu\n"
+
+#: agent/gpg-agent.c:1640
+#, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "%s için stat() başarısız oldu: %s\n"
+
+#: agent/gpg-agent.c:1644
+#, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "`%s' ev dizini olarak kullanılamıyor\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "fd %d üzerinde tuz okunurken hata: %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr "tutamak 0x%lx, fd %d için başlatıldı\n"
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr "tutamak 0x%lx, fd %d için sonlandırıldı\n"
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr "ssh tutamağı 0x%lx, fd %d için başlatıldı\n"
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr "ssh tutamağı 0x%lx, fd %d için sonlandırıldı\n"
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "pth_select başarısız: %s - 1s bekliyor\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, c-format
+msgid "%s %s stopped\n"
+msgstr "%s %s durdu\n"
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr "bu oturumda çalışan gpg-agent yok\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "GPG_AGENT_INFO çevre değişkeni hatalı\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "gpg-agent protokolü sürüm %d desteklenmiyor\n"
+
+#: agent/preset-passphrase.c:98
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr ""
+"Kullanımı: gpg-preset-passphrase [seçenekler] ANHMAŞASI (yardım için -h)\n"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+"Sözdizimi: gpg-preset-passphrase [seçenekler] ANHMAŞASI\n"
+"Parola arabelleği bakımcısı\n"
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Komutlar:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Seçenekler:\n"
+" "
+
+#: agent/protect-tool.c:166
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "Kullanımı: gpg-protect-tool [seçenekler] (yardım için -h)\n"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+"Sözdizimi: gpg-protect-tool [seçenekler] [arg ...]\n"
+"Gizli anahtar bakım aracı\n"
+
+#: agent/protect-tool.c:1162
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr ""
+"PKCS#12 nesnesinin korumasını aşmak için lütfen anahtar parolasını giriniz."
+
+#: agent/protect-tool.c:1167
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "PKCS#12 nesnesini korumak için lütfen anahtar parolasını giriniz."
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+"Lütfen GnuPG sistemine ithal edilen nesneyi koruyacak anahtar parolasını "
+"giriniz."
+
+#: agent/protect-tool.c:1178
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+"Lütfen bu işlemi tamamlamak için gereken\n"
+"PIN'i veya anahtar parolasını giriniz."
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+msgid "Passphrase:"
+msgstr "Anahtar Parolası:"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+msgid "cancelled\n"
+msgstr "iptal edildi\n"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "anahtar parolası sorulurken hata: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, c-format
+msgid "error opening `%s': %s\n"
+msgstr "'%s' açılırken hata: %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "`%s' dosyası, %d. satır: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr "`%2$s' dosyasının %3$d. satırındaki \"%1$s\" deyimi yoksayıldı\n"
+
+#: agent/trustlist.c:185
+#, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "sistem güvence listesi `%s' kullanım dışı\n"
+
+#: agent/trustlist.c:229
+#, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "`%s', %d. satırda parmakizi hatalı\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr "`%s', %d. satırda anahtar bayrağı geçersiz\n"
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "`%s' okunurken %d. satırda hata: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr "güvenilir kök sertifika listesinin okunmasında hata\n"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+"Kullanıcı sertifikalarının%%0A \"%s\"%%0Aile doğru olarak onaylanacağından "
+"son derece emin misiniz?"
+
+#: agent/trustlist.c:620 common/audit.c:467
+msgid "Yes"
+msgstr "Evet"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr "Hayır"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+"Sertifikanın böyle tanındığını lütfen doğrulayın:%%0A \"%s\"%%0Abu "
+"parmakizine sahip:%%0A %s"
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr "DoÄŸru"
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+"Bilginize: Bu anahtar parolası hiç değişmedi%0ALütfen şimdi değiştirin."
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+"Bu anahtar parolası %.4s-%.2s-%.2s tarihinden beri hiç değişmedi%%0ALütfen "
+"ÅŸimdi deÄŸiÅŸtirin."
+
+#: agent/findkey.c:187 agent/findkey.c:194
+msgid "Change passphrase"
+msgstr "Anahtar parolasını değiştir"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr "Sonra deÄŸiÅŸtireceÄŸim"
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "boru oluÅŸturulurken hata: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "okumak için boruya fdopen yapılamadı: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, c-format
+msgid "error forking process: %s\n"
+msgstr "süreç çatallanırken hata: %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr "süreç %d sonlanacak diye beklerken başarısızlık: %s\n"
+
+#: common/exechelp.c:819
+#, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "süreç %d çıkış kodu alınırken hata: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "`%s' çalışırken hata: çıkış durumu: %d\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr "`%s' çalıştırılırken hata: muhtemelen kurulu değil\n"
+
+#: common/exechelp.c:885
+#, c-format
+msgid "error running `%s': terminated\n"
+msgstr "`%s' çalışırken hata: sonlandırıldı\n"
+
+#: common/http.c:1674
+#, c-format
+msgid "error creating socket: %s\n"
+msgstr "soket oluÅŸturulurken hata: %s\n"
+
+#: common/http.c:1718
+msgid "host not found"
+msgstr "konak yok"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent bu oturumda kullanılamaz\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "\"%s\" sunucusuna bağlanılamadı: %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "gpg-agent ile haberleÅŸme problemi\n"
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr "gpg-agent seçenekleri ayarlanırken sorun çıktı\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+msgid "canceled by user\n"
+msgstr "kullanıcı tarafından iptal edildi\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr "aracı ile sorun var\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "\"core\" oluÅŸumu iptal edilemedi: %s\n"
+
+#: common/sysutils.c:200
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "UYARI: %s üzerinde sahiplik güvensiz: \"%s\"\n"
+
+#: common/sysutils.c:232
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "UYARI: %s üzerinde izinler güvensiz: \"%s\"\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "evet"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "eE"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "hayır"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "hH"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "çık"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "çÇ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr "tamam|tamam"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr "iptal|iptal"
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr "tT"
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr "iÄ°"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr "%lu bayt ayrılırken güvenli bellekte nüve dışına çıkıldı"
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr "%lu bayt ayrılırken nüve dışına çıkıldı"
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr "çalışan gpg-agent yok - bir tane başlatılıyor\n"
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr "aracıya bağlanılamıyor - son çareye başvuruluyor\n"
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "sertifikaları ithal eder"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "sertifikaları ithal eder"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "sertifikaları ithal eder"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "sertifikaları ithal eder"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "sertifikaları ithal eder"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "sertifikaları ithal eder"
+
+#: common/audit.c:726
+msgid "Certificate chain available"
+msgstr "Sertifika zinciri mevcut"
+
+#: common/audit.c:733
+msgid "root certificate missing"
+msgstr "kök sertifika kayıp"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr "Veri şifreleme başarılı"
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+msgid "Data available"
+msgstr "Veri kullanılabilir"
+
+#: common/audit.c:767
+msgid "Session key created"
+msgstr "Oturum anahtarı oluşturuldu"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, c-format
+msgid "algorithm: %s"
+msgstr "algoritma: %s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, c-format
+msgid "unsupported algorithm: %s"
+msgstr "desteklenmeyen algoritma: %s"
+
+#: common/audit.c:778 common/audit.c:925
+msgid "seems to be not encrypted"
+msgstr "şifrelenmemiş görünüyor"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr "Alıcı sayısı"
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr "%d. alıcı"
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr "Verinin imzalanması başarılı"
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "Kötü çittirim algoritması: %s"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "Ä°mza %d"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "Kötü çittirim algoritması: %s"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr "Verinin şifresinin çözülmesi başarılı"
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "koruma algoritması %d%s desteklenmiyor\n"
+
+#: common/audit.c:993
+msgid "Data verification succeeded"
+msgstr "Verinin doğrulanması başarılı"
+
+#: common/audit.c:1002
+msgid "Signature available"
+msgstr "İmza kullanılabilir"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "İmzanın çözümlenmesi başarılı"
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "Kötü çittirim algoritması: %s"
+
+#: common/audit.c:1051
+#, c-format
+msgid "Signature %d"
+msgstr "Ä°mza %d"
+
+#: common/audit.c:1079
+msgid "Certificate chain valid"
+msgstr "Sertifika zinciri geçerli"
+
+#: common/audit.c:1090
+msgid "Root certificate trustworthy"
+msgstr "Kök sertifika güvenilir"
+
+#: common/audit.c:1111 sm/certchain.c:935
+msgid "no CRL found for certificate"
+msgstr "sertifika için bir CRL yok"
+
+#: common/audit.c:1114 sm/certchain.c:945
+msgid "the available CRL is too old"
+msgstr "mevcut CRL çok eski"
+
+#: common/audit.c:1119
+msgid "CRL/OCSP check of certificates"
+msgstr "sertifikalar için CRL/OCSP sınaması"
+
+#: common/audit.c:1139
+msgid "Included certificates"
+msgstr "İçerilen sertifikalar"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr "Hiç denetim günlük girdisi yok."
+
+#: common/audit.c:1243
+msgid "Unknown operation"
+msgstr "Bilinmeyen iÅŸlem"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr "Gpg-Agent elveriÅŸli"
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr "Dirmngr elveriÅŸli"
+
+#: common/audit.c:1307
+#, c-format
+msgid "No help available for `%s'."
+msgstr "`%s' için yardım mevcut değil."
+
+#: common/helpfile.c:80
+msgid "ignoring garbage line"
+msgstr "bozuk satır yok sayılıyor"
+
+#: common/gettime.c:503
+msgid "[none]"
+msgstr "[yok]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "zırh: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "zırh başlığı geçersiz: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "zırh başlığı: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "açıkça okunabilen imza başlığı geçersiz\n"
+
+#: g10/armor.c:455
+msgid "unknown armor header: "
+msgstr "bilinmeyen zırh başlığı: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "açıkça okunabilen imzalar dahil edildi\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "beklenmeyen zırh: "
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "araçizgisi escape'lı satır geçersiz: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "geçersiz radix64 karakteri %02X atlandı\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "dosya sonu belirsiz (CRC yok)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "dosya sonu belirsiz (CRC içinde)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "CRC bozulmuÅŸ\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "CRC hatası; %06lX - %06lX\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "dosya sonu belirsiz (kuyruk içinde)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "kuyruk satırında hata\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "geçerli OpenPGP verisi yok\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "geçersiz zırh: satır %d karakterden uzun\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"zırh içinde uluslararası karakterler - büyük olasılıkla hatalı bir e-posta "
+"sunucusu kullanılmış\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"bir simgelem ismi sadece harfler, rakamlar ve altçizgiler içerebilir ve "
+"sonuna bir '=' gelir.\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "bir kullanıcı simgelem ismi '@' karakteri içermeli\n"
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "bir simgelem isminin birden fazla '@' karakteri içermemesi gerekir\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "bir simgelem değerinde kontrol karakterleri kullanılamaz\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "UYARI: geçersiz simgelem verisi bulundu\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "insan okuyabilir deÄŸil"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "OpenPGP anahtarı kullanılabilir değil: %s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "%s numaralı OpenPGP kartı saptandı\n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "bu önceden betik kipinde yapılamaz\n"
+
+#: g10/card-util.c:106
+msgid "This command is only available for version 2 cards\n"
+msgstr "Bu komut sadece 2. sürüm kartlar için kullanılabilir\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+msgid "Reset Code not or not anymore available\n"
+msgstr "Sıfırlama kodu ya yok ya da kullanım dışı\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Seçiminiz? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[belirtilmedi]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "erkek"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "diÅŸi"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "belirtilmemiÅŸ"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "zorlanmadı"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "zorlandı"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "Hata: Şimdilik sadece US-ASCII mümkün.\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "Hata: \"<\" karakteri kullanılmamalı.\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "Hata: Çift boşluğa izin verilmez.\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "Kart sahibinin soyadı: "
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "Kart sahibinin adı: "
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "Hata: İsimler birlikte çok uzun oluyor (sınır: %d karakter).\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "genel anahtarın alınacağı URL: "
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "Hata: URL çok uzun (sınır: %d karakter).\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "yeterli bellek ayrılırken hata: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "\"%s\" okunurken hata: %s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "`%s' yazılırken hata: %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "Oturum açma verisi (hesap adı): "
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "Hata: Oturum açma verisi çok uzun (sınır: %d karakter).\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr "Özel DO verisi: "
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "Hata: Özel DO çok uzun (sınır: %d karakter).\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "Dil tercihleri: "
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "Hata: tercih dizgesinin uzunluğu geçersiz.\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Hata: tercih dizgesindeki karakterler geçersiz.\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "Cinsiyet ((E)rkek, (D)iÅŸi veya boÅŸluk): "
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "Hata: yanıt geçersiz.\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "CA parmak izi: "
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "Hata: biçimli parmakizi geçersiz\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "anahtar işlemi mümkün değil: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "bir OpenPGP kartı değil"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "geçerli anahtar bilgisi alınırken hata: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "Mevcut anahtar deÄŸiÅŸtirilsin mi? (e/H ya da y/N) "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Ä°stediÄŸiniz anahtar uzunluÄŸu nedir? (%u) "
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Ä°stediÄŸiniz anahtar uzunluÄŸu nedir? (%u) "
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Ä°stediÄŸiniz anahtar uzunluÄŸu nedir? (%u) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "%u bite yuvarlandı\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "%s anahtar uzunlukları %u-%u aralığında olmalı\n"
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "soket `%s'e bağlanırken hata: %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "Şifreli anahtarın kartsız yedeği yapılsın mı? (E/h ya da Y/n) "
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "gizli anahtar zaten bir kartın üzerinde saklı\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "Mevcut anahtarlar deÄŸiÅŸtirilsin mi? (e/H ya da y/N) "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"Lütfen dikkat edin, PIN'lerin öntanımlı ayarları böyledir:\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"Bunları --change-pin komutunu kullanarak değiştirmelisiniz\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "Lütfen üretilecek anahtar türünü seçiniz:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) İmzalama anahtarı\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) Şifreleme anahtarı\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) Kimlik kanıtlama anahtarı\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Seçim geçersiz.\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "Lütfen anahtarın saklanacağı yeri seçiniz:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "bilinmeyen anahtar koruma algoritması\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "anahtarın gizli parçaları kullanılabilir değil\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "gizli anahtar zaten bir kartın üzerinde saklı\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "anahtarı yazarken hata: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "bu menüden çık"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "yönetici komutlarını gösterir"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "bunu gösterir"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "tüm kullanılabilir veriyi listeler"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "kart sahibinin ismini deÄŸiÅŸtirir"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "anahtarın alınacağı URL değiştirilir"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "kart URL'sinde belirtilmiş anahtarı alır"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "oturum açma ismini değiştirir"
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "dil tercihlerini deÄŸiÅŸtirir"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "kart sahibinin cinsiyetini deÄŸiÅŸtirir"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "bir CA parmakizini deÄŸiÅŸtirir"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr "imza zorlama PIN'i bayrağını değiştirir"
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "yeni anahtarlar üretir"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "PIN'i değiştirme veya engelleme menüsü"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr "PIN'i doğrular ve tüm veriyi listeler"
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr "Bir Sıfırlama Kodu kullanarak PIN'in engelini kaldır"
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "Yöneticiye özel komut\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "Yönetici komutlarına izin verilir\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "Yönetici komutlarına izin verilmez\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Komut geçersiz (\"help\" komutunu deneyin)\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output seçeneği bu komutla çalışmaz\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "`%s' açılamadı\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "anahtar \"%s\" yok: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "anahtar bloÄŸu okunurken hata: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(anahtarı parmak izi ile belirtmedikçe)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "betik kipinde \"--yes\" olmaksızın bu yapılamaz\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Bu anahtar, anahtar zincirinden silinsin mi? (e/H ya da y/N) "
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Bu bir gizli anahtar! - gerçekten silinecek mi? (e/H veya y/N)"
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "anahtar bloÄŸu silinemedi: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "sahibinin güvencesi bilgisi temizlendi\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "genel anahtar \"%s\" için bir gizli anahtar var!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "onu önce \"--delete-secret-keys\" ile silmelisiniz.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "anahtar parolası oluşturulurken hata: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "S2K kipi sayesinde bir simetrik ESK paketi kullanılamıyor\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "%s şifrelemesi kullanılıyor\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "`%s' zaten sıkıştırılmış\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "UYARI: \"%s\" dosyası boş\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"--pgp2 kipinde sadece 2048 bitlik RSA anahtarları ile şifreleme "
+"yapabilirsiniz\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "`%s'den okunuyor\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr "tüm anahtarları şifrelemek için IDEA şifresi kullanılamaz.\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"UYARI: alıcının tercihleriyle çelişen %s (%d) simetrik şifre kullanımı "
+"zorlanıyor\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"UYARI: alıcının tercihleriyle çelişen %s (%d) sıkıştırma algoritması "
+"kullanılmak isteniyor\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"alıcının tercihleriyle çelişen %s (%d) simetrik şifre kullanımı zorlanıyor\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "%2$s kipindeyken %1$s kullanılamayabilir.\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s \"%s\" için şifrelendi\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s ÅŸifreli veri\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "bilinmeyen algoritma %d ile ÅŸifrelenmiÅŸ\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr "UYARI: ileti simetrik şifre içindeki zayıf bir anahtarla şifrelendi.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "ÅŸifreli paketin elde edilmesinde sorun var\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "uzaktan uygulama çalıştırılması desteklenmiyor\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"güvensiz options dosyası yetkilerinden dolayı dış program çağrıları iptal\n"
+"edildi\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"bu platformda, dış uygulamalar çalıştırılırken geçici dosyalar gerekiyor\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr " '%s' çalıştırılamıyor: %s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "'%s' kabuğu çalıştırılamıyor: %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "dış uygulama çalıştırılırken sistem hatası: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "Dış uygulamamnın doğal olmayan çıkışı\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "dış uygulama çalıştırılamıyor\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "dış uygulamanın yanıtı okunamıyor: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "UYARI: geçici dosya silinemiyor (%s) `%s': %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "UYARI: %s geçici dizini silinemiyor: %s\n"
+
+#: g10/export.c:61
+msgid "export signatures that are marked as local-only"
+msgstr "sadece-yerel olarak imli imzalar ihraç edilir"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+"öznitelik kullanıcı kimliklerini (genellikle foto kimliklerini) ihraç eder"
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "\"hassas\" olarak imli yürürlükten kaldırma anahtarlarını ihraç eder"
+
+#: g10/export.c:67
+msgid "remove the passphrase from exported subkeys"
+msgstr "ihracedilen yardımcı anahtarlardan anahtar parolasını kaldırır"
+
+#: g10/export.c:69
+msgid "remove unusable parts from key during export"
+msgstr "ihraç sırasında anahtardan kullanışsız parçalar kaldırılır"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr "ihraç sırasında anahtardan mümkün olduğunca çok şey kaldırılır"
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr "anahtarları bir S ifadesine dayalı biçimde ihraceder"
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "gizli anahtarların ihracına izin verilmez\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "anahtar %s: korunmamış - atlandı\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "anahtar %s: PGP 2.x tarzı bir anahtar - atlandı\n"
+
+#: g10/export.c:386
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "anahtar %s: anahtar malzemesi kartta - atlandı\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr "korunmamış bir yardımcı anahtar ihraca hazır\n"
+
+#: g10/export.c:560
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "yardımcı anahtarın koruması kaldırılamadı: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "UYARI: gizli anahtar %s basit bir SK sağlamasına sahip değil\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "UYARI: hiçbir şey dışarı aktarılmadı\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "pk belleğinde çok fazla girdi - iptal edildi\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[Kullanıcı kimliği yok]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr "`%s' %s üzerinden özdevinimli olarak alındı\n"
+
+#: g10/getkey.c:1118
+#, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "`%s' %s üzerinden alınırken hata: %s\n"
+
+#: g10/getkey.c:1120
+msgid "No fingerprint"
+msgstr "Parmak izi yok"
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"Geçersiz %s anahtarı --allow-non-selfsigned-uid kullanılarak geçerli oldu\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr ""
+"yardımcı genel anahtar %s için gizli yardımcı anahtar yok - yoksayılıyor\n"
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "yardımcı anahtar %s, asıl anahtar %s yerine kullanılıyor\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "anahtar %s: genel anahtarsız gizli anahtar - atlandı\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+msgid "make a signature"
+msgstr "bir imza yapar"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+msgid "make a clear text signature"
+msgstr "açıkça okunabilen bir imza yapar"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "bağımsız bir imza yapar"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "veriyi ÅŸifreler"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "sadece simetrik ÅŸifre ile ÅŸifreler"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "veri şifresini açar (öntanımlı)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "bir imzayı doğrular"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "anahtarları listeler"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "anahtarları ve imzaları listeler"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "anahtar imzalarını listeler ve sınar"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "anahtarları ve parmak izlerini listeler"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "gizli anahtarları listeler"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "yeni bir anahtar çifti üretir"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "bir yürürlükten kaldırma sertifikası üretir"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "anahtarları genel anahtar zincirinden siler"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "anahtarları gizli anahtar zincirinden siler"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "bir anahtarı imzalar"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "bir anahtarı yerel olarak imzalar"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "bir anahtarı düzenler ve imzalar"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+msgid "change a passphrase"
+msgstr "anahtar parolası değiştirir"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "anahtarları gönderir"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "anahtarları bir anahtar sunucusuna gönderir"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "anahtarları bir anahtar sunucusundan indirir"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "bir anahtar sunucusunda anahtarları arar"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "anahtarları bir anahtar sunucusundan günceller"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "anahtarları indirir/katıştırır"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "kart durumunu basar"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "kart üzerindeki veriyi değiştirir"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "bir kartın PIN'ini değiştirir"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "güvence veritabanını günceller"
+
+#: g10/gpg.c:436
+msgid "print message digests"
+msgstr "ileti özetlerini gösterir"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr "sunucu kipinde çalışır"
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "ascii zırhlı çıktı oluşturur"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|KULLANICI-KİMLİĞİ|KULLANICI-KİMLİĞİ için şifreleme yapar"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr ""
+"|KULLANICI-KİMLİĞİ|imzalamak ya da şifre çözmek için KULLANICI-KİMLİĞİ "
+"kullanılır"
+
+#: g10/gpg.c:462
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|sıkıştırma seviyesi N olarak ayarlanır (0 iptal eder)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "kurallı metin kipini kullanır"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+msgid "|FILE|write output to FILE"
+msgstr "|DOSYA|çıktı DOSYAya yazılır"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "hiçbir değişiklik yapmaz"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "üzerine yazmadan önce sorar"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "kesin OpenPGP davranışı etkin olur"
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Tüm komut ve seçeneklerin komple listesi için man sayfalarına bakın)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Örnekler:\n"
+"\n"
+" -se -r Ali [dosya] kullanıcı Ali için imzalar ve şifreler\n"
+" --clearsign [dosya] açıkça okunabilir bir imza yapar\n"
+" --detach-sign [dosya] bağımsız bir imza yapar\n"
+" --list-keys [isimler] anahtarları listeler\n"
+" --fingerprint [isimler] parmak izlerini gösterir\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "Kullanımı: gpg [seçenekler] [dosyalar] (yardım için -h)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Yazılışı: gpg [seçenekler] [dosyalar]\n"
+"imzalama, kontrol, şifreleme veya çözme\n"
+"öntanımlı işlem girilen veriye bağımlıdır\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Desteklenen algoritmalar:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "GenAnah: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Åžifre: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Hash: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "Sıkıştırma: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "kullanımı: gpg [seçenekler] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "çelişen komutlar\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "grup tanımı '%s' içinde = işareti yok\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "UYARI: '%s' evdizininde güvensiz iyelik\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "UYARI: '%s' yapılandırma dosyasında güvensiz iyelik\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "UYARI: '%s' eklentisinde güvensiz iyelik\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "UYARI: UYARI: '%s' evdizininde güvensiz izinler\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "UYARI: '%s' yapılandırma dosyasında güvensiz izinler\n"
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "UYARI: '%s' eklentisinde güvensiz izinler\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "UYARI: '%s' evdizinindeki ilgili dizinin iyeliği güvensiz\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr "UYARI: '%s' yapılandırma dosyasını içeren dizinin iyeliği güvensiz\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "UYARI: '%s' eklentisini içeren dizinin iyeliği güvensiz\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "UYARI: '%s' evdizinindeki ilgili dizinin izinleri güvensiz\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr "UYARI: '%s' yapılandırma dosyasını içeren dizinin izinleri güvensiz\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "UYARI: '%s' eklentisini içeren dizinin izinleri güvensiz\n"
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "yapılandırma öğesi '%s' bilinmiyor\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr "anahtarların listelenmesi sırasında foto kimliklerini gösterir"
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr "imza listelemesi sırasında poliçe URLleri gösterilir"
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr "imza listelemesi sırasında tüm simgelemi gösterir"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr "imza listelemesi sırasında IETF standart simgelemlerini gösterir"
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr "imza listelemesi sırasında kullanıcı kanaklı simgelemleri gösterir"
+
+#: g10/gpg.c:1711
+msgid "show preferred keyserver URLs during signature listings"
+msgstr ""
+"imza listelemesi sırasında tercih edilen anahtar sunucusu adresi gösterilir"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr "anahtar listelemesi sırasında kullanıcı kimliği geçerliliğini gösterir"
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+"anahtar listelerinde yürürlükten kaldırılmış ve zamanaşımına uğramış "
+"kullanıcı kimlikleri gösterilir"
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr ""
+"anahtar listelerinde yürürlükten kaldırılmış ve zamanaşımına uğramış "
+"yardımcı anahtarlar gösterilir"
+
+#: g10/gpg.c:1719
+msgid "show the keyring name in key listings"
+msgstr "anahtar zinciri ismini anahtar listelerinde gösterir"
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr "imza listelemesi sırasında zamanaşımı tarihleri gösterilir"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "BİLGİ: eski öntanımlı seçenekler dosyası `%s' yoksayıldı\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr "libgcrypt çok eski (%s lazım, sizinki %s)\n"
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "BİLGİ: %s normal kullanım için değil!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "'%s' geçerli bir imza zamanaşımı değil\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "'%s' geçerli bir karakter kümesi değil\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "anahtar sunucusunun adresi çözümlenemedi\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: anahtar sunucusu seçenekleri geçersiz\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "anahtar sunucusu seçenekleri geçersiz\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: geçersiz içselleştirme seçenekleri\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "içselleştirme seçenekleri geçersiz\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d geçersiz dışsallaştırma seçenekleri\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "dışsallaştırma seçenekleri geçersiz\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: liste seçenekleri geçersiz\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "liste seçenekleri geçersiz\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr "imza doğrulaması sırasında foto kimliklerini gösterir"
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr "imza doğrulaması sırasında poliçe adreslerini gösterir"
+
+#: g10/gpg.c:2704
+msgid "show all notations during signature verification"
+msgstr "imza doğrulaması sırasında tüm simgelemi gösterir"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr "imza doğrulaması sırasında IETF standart simgelemlerini gösterir"
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr "imza doğrulaması sırasında kullanıcı kaynaklı simgelemleri gösterir"
+
+#: g10/gpg.c:2712
+msgid "show preferred keyserver URLs during signature verification"
+msgstr ""
+"imza doğrulaması sırasında tercih edilen anahtar sunucusu adresleri "
+"gösterilir"
+
+#: g10/gpg.c:2714
+msgid "show user ID validity during signature verification"
+msgstr "imza doğrulaması sırasında kullanıcı kimliği geçerliliğini gösterir"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+"imza doğrulamasında yürürlükten kaldırılan ve zamanaşımına uğrayan kullanıcı "
+"kimlikleri gösterilir"
+
+#: g10/gpg.c:2718
+msgid "show only the primary user ID in signature verification"
+msgstr "imza doğrulamasında sadece birincil kullanıcı kimlik gösterilir"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr "imzaları PKA verisi ile doğrular"
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr "imzaların güvenilirliğini geçerli PKA verisi ile yükseltir"
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d doğrulama seçenekleri geçersiz\n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "doğrulama seçenekleri geçersiz\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "çalıştırılabilirlerin patikası %s yapılamıyor\n"
+
+#: g10/gpg.c:2925
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: özdevinimli anahtar konumlama listesi geçersiz\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr "özdevinimli anahtar konumlama listesi geçersiz\n"
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "UYARI: program bir \"core\" dosyası oluşturabilir!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "UYARI: %s %s'i aşıyor\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s ile %s birlikte kullanılmaz!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s, %s ile etkisiz olur!\n"
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "%s olmasından dolayı güvensiz bellekle çalıştırılmayacak\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "--pgp2 kipindeyken sadece ayrık veya sade imzalar yapabilirsiniz\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "--pgp2 kipinde aynı anda hem imzalama hem de şifreleme yapamazsınız\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "--pgp2 ile çalışırken veri yolu yerine dosyaları kullanmalısınız.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "--pgp2 kipinde ileti ÅŸifrelemesi IDEA ÅŸifresi gerektirir\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "seçilen şifre algoritması geçersiz\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "seçilen özet algoritması geçersiz\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "seçilen şifre algoritması geçersiz\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "seçilen sertifikalama özet algoritması geçersiz\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "\"completes-needed\" 0 dan büyük olmalı\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "\"marginals-needed\" 1 den büyük olmalı\n"
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "\"max-cert-depth\" 1 ile 255 arasında olmalı\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "öntanımlı sertifika seviyesi geçersiz; 0, 1, 2, ya da 3 olabilir\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "asgari sertifika seviyesi geçersiz; 1, 2, ya da 3 olabilir\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "BÄ°LGÄ°: basit S2K kipi (0) kesinlikle tavsiye edilmez\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "S2K kipi geçersiz; 0, 1 veya 3 olmalı\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "öntanımlı tercihler geçersiz\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "kişisel şifre tercihleri geçersiz\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "kişisel özet tercihleri geçersiz\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "kişisel sıkıştırma tercihleri geçersiz\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s, %s ile henüz çalışmıyor\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "%2$s kipindeyken '%1$s' şifreleme algoritması kullanılamaz\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "%2$s kipindeyken '%1$s' özet algoritması kullanılamaz\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "%2$s kipindeyken '%1$s' sıkıştırma algoritması kullanılamaz\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "\"TrustDB\" güvence veritabanı başlangıç aşamasında başarısız: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"UYARI: alıcılar (-r) genel anahtar şifrelemesi kullanılmadan belirtilmiş\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [dosyaismi]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [dosyaismi]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "`%s' için simetrik şifreleme başarısız: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [dosyaismi]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [dosyaismi]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr "--s2k-mode 0 ile --symmetric --encrypt kullanamazsınız\n"
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "%s kipindeyken --symmetric --encrypt kullanamazsınız\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [dosyaismi]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [dosyaismi]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [dosyaismi]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr "--s2k-mode 0 ile --symmetric --sign --encrypt kullanamazsınız\n"
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "%s kipindeyken --symmetric --sign --encrypt kullanamazsınız.\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [DOSYA]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [dosyaismi]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [dosyaismi]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key kullanıcı-kimliği"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key kullanıcı-kimliği"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key kullanıcı-kimliği [komutlar]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key kullanıcı-kimliği"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "anahtar sunucusuna gönderim başarısızlığa uğradı: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "anahtar sunucusundan alım başarısızlığa uğradı: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "anahtar ihracı başarısızlığa uğradı: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "anahtar sunucusunda arama başarısız: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "anahtar sunucusunda tazeleme başarısız: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "zırhın kaldırılması başarısız: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "zırhlama başarısız: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "`%s' çittirim algoritması geçersiz\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[dosyaismi]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "İletinizi yazın ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "belirtilen sertifika güvence adresi geçersiz\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "belirtilen imza güvence adresi geçersiz\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "belirtilen anahtar sunucusu adresi geçersiz\n"
+
+#: g10/gpgv.c:74
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "|DOSYA|anahtarlar DOSYA anahtar zincirinden alınır"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "zaman damgası çelişkilerini uyarı olarak bildirir"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|durum bilgisini bu FD'ye yazar"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "Kullanımı: gpgv [seçenekler] [dosyalar] (yardım için -h)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"Kullanımı: gpg [seçenekler] [dosyalar]\n"
+"Bilinen güvenli anahtarlara göre imzaları kontrol eder\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "yardım mevcut değil"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "\"%s\" için yardım mevcut değil"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr "salt-yerel olarak imlenmiş imzaları ithal eder"
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr "ithalat sırasında pks anahtar sunucusundaki bozukluğu giderir"
+
+#: g10/import.c:98
+msgid "do not update the trustdb after import"
+msgstr "ithalat sonrası güvence veritabanını güncellemez"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr "bir gizli anahtar ithal ederken bir genel anahtar oluÅŸturur"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr "güncellemeleri sadece mevcut anahtarlar için kabul eder"
+
+#: g10/import.c:104
+msgid "remove unusable parts from key after import"
+msgstr "ithalat sonrası anahtardan kullanışsız parçaları kaldırır"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr "ithalat sonrası anahtardan mümkün olduğunca çok şey kaldırır"
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "%d türündeki blok atlanıyor\n"
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "ÅŸu ana kadar %lu anahtar iÅŸlendi\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Ä°ÅŸlenmiÅŸ toplam miktar: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " yeni anahtarlar atlandı: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " kullanıcı kimliksiz: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " alınan: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " deÄŸiÅŸmedi: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " yeni kullanıcı kimliği: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " yeni yardımcı anahtarlar: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " yeni imzalar: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " yeni anahtar iptalleri: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " gizli anahtarlar okundu: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " gizli anahtarlar indirildi: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " gizli anahtarlar deÄŸiÅŸmedi: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " alınamadı: %lu\n"
+
+#: g10/import.c:323
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " temizlenen imzalar: %lu\n"
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " temizlenen kullanıcı kimlikleri: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+"UYARI: anahtar %s bu kullanıcı kimliklerde kullanışsız algoritmalar için "
+"tercihler içeriyor:\n"
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " \"%s\": şifreleme algoritması %s için tercih edilir\n"
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " \"%s\": özet algoritması %s için tercih edilir\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr ""
+" \"%s\": sıkıştırma algoritması %s için tercih edilir\n"
+"\n"
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "tercihlerinizi güncellemenizi ve\n"
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+"olası algoritma uyuşmazlığı sorunlarından kaçınmak için bu anahtarı\n"
+"tekrar dağıtmanızı şiddetle öneririz.\n"
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+"tercihlerinizi böyle güncelleyemezsiniz: gpg --edit-key %s updpref save\n"
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "anahtar %s: kullanıcı kimliği yok\n"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "anahtar %s: PKS yardımcı anahtar bozulması giderildi\n"
+
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "anahtar %s: öz-imzalı olmayan kullanıcı kimliği \"%s\" kabul edildi\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "anahtar %s: geçerli kullanıcı kimliği yok\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "bu kayıp bir öz-imza yüzünden meydana gelebilir\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "anahtar %s: genel anahtar yok: %s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "anahtar %s: yeni anahtar - atlandı\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "yazılabilir bir anahtar zinciri yok: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "\"%s\"e yazıyor\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "\"%s\" anahtarlığına yazarken hata oluştu: %s\n"
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "anahtar %s: genel anahtar \"%s\" alındı\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "anahtar %s: bizim kopyamızla eşleşmiyor\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "anahtar %s: özgün anahtar bloku bulunamadı: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "anahtar %s: özgün anahtar bloku okunamadı: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "anahtar %s: \"%s\" 1 yeni kullanıcı kimliği\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "anahtar %s: \"%s\" %d yeni kullanıcı kimliği\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "anahtar %s: \"%s\" 1 yeni imza\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "anahtar %s: \"%s\" %d yeni imza\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "anahtar %s: %s 1 yeni yardımcı anahtar\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "anahtar %s: \"%s\" %d yeni yardımcı anahtar\n"
+
+#: g10/import.c:980
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "anahtar %s: \"%s\" %d imza temizlendi\n"
+
+#: g10/import.c:983
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "anahtar %s: \"%s\" %d imza temizlendi\n"
+
+#: g10/import.c:986
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "anahtar %s: \"%s\" %d kullanıcı kimliği temizlendi\n"
+
+#: g10/import.c:989
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "anahtar %s: \"%s\" %d kullanıcı kimliği temizlendi\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "anahtar %s: \"%s\" deÄŸiÅŸmedi\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "anahtar %s: geçersiz şifreli (%d) gizli anahtar - atlandı\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "gizli anahtarı alımına izin verilmez\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "öntanımlı gizli anahtar zinciri yok: %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "anahtar %s: gizli anahtar alındı\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "anahtar %s: zaten gizli anahtar zincirinde\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "anahtar %s: gizli anahtar yok: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"anahtar %s: genel anahtar değil - yürürlükten kaldırma sertifikası "
+"uygulanamaz\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr ""
+"anahtar %s: yürürlükten kaldırma sertifikası geçersiz: %s - reddedildi\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "anahtar %s: \"%s\" yürürlükten kaldırma sertifikası alındı\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "anahtar %s: imza için kullanıcı kimliği yok\n"
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"anahtar %s: genel anahtar algoritması, kullanıcı kimliği \"%s\" için "
+"desteklenmiyor\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "anahtar %s: kullanıcı kimliği \"%s\" için öz-imza geçersiz\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "anahtar %s: genel anahtar algoritması desteklenmiyor\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "anahtar %s: doğrudan anahtar imzası eklendi\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "anahtar %s: anahtarı garantilemek için yardımcı anahtar yok\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "anahtar %s: yardımcı anahtar garantileme geçersiz\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "anahtar %s: çok sayıda yardımcı anahtar bağlantısı silindi\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "anahtar %s: anahtarı yürürlükten kaldırılacak yardımcı anahtar yok\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "anahtar %s: yardımcı anahtar yürürlükten kaldırması geçersiz\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr ""
+"anahtar %s: çok sayıda yardımcı anahtar yürürlükten kaldırması silindi\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "anahtar %s: kullanıcı kimliği \"%s\" atlandı\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "anahtar %s: yardımcı anahtar atlandı\n"
+
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "anahtar %s: imza gönderilebilir değil (0x%02X sınıfı) - atlandı\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "anahtar %s: yürürlükten kaldırma sertifikası yanlış yerde - atlandı\n"
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "anahtar %s: yürürlükten kaldırma sertifikası geçersiz: %s - atlandı\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "anahtar %s: yardımcı anahtar imzası yanlış yerde - atlandı\n"
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "anahtar %s: umulmayan imza sınıfı (0x%02X) - atlandı\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "anahtar %s: çift kullanıcı kimliği saptandı - birleştirildi\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr ""
+"UYARI: anahtar %s yürürlükten kaldırılmış olmalı: yürürlükten kaldırma "
+"anahtarı %s alınıyor\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr ""
+"UYARI: anahtar %s yürürlükten kaldırılmış olabilir: yürürlükten kaldırma "
+"anahtarı %s mevcut değil.\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "anahtar %s: \"%s\" yürürlükten kaldırma sertifikası eklendi\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "anahtar %s: doğrudan anahtar imzası eklendi\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "BİLGİ: bir anahtarın seri numarası kartlardan biriyle uyuşmuyor\n"
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "BİLGİ: asıl anahtar kart üzerinde saklı ve kullanılabilir\n"
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "BİLGİ: ikincil anahtar kart üzerinde saklı ve kullanılabilir\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "`%s' anahtarlığı oluşturulurken hata: %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "`%s' anahtarlığı oluşturuldu\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "anahtar bloku özkaynağı `%s': %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "anahtar zinciri önbelleği yeniden oluşturulurken hata: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[yürürlükten kaldırma]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[öz-imza]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 kötü imza\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d kötü imza\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 imza kayıp bir anahtar yüzünden kontrol edilmedi\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d imza kayıp bir anahtar yüzünden kontrol edilmedi\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 imza bir hata yüzünden kontrol edilmedi\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d imza hatalardan dolayı kontrol edilmedi\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "1 öz-imzası geçersiz kullanıcı kimliği saptandı\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "%d öz-imzası geçersiz kullanıcı kimliği saptandı\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"Diğer kullanıcıların anahtarlarını doğrulayacak bu kullanıcının güven\n"
+"derecesine lütfen karar verin. (pasportuna mı bakarsınız yoksa farklı\n"
+"kaynaklardan parmakizlerini mi kontrol edersiniz...) kararınızı verin\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Şöyle böyle güveniyorum\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Tamamen güveniyorum\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"Lütfen bu güvence imzasının derinliğini belirtin.\n"
+"1'den büyük bir derinlik, imzaladığınız anhatarın kendi yararınıza\n"
+"güvence imzaları yapmayı mümkün kılar.\n"
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr "Bu imzayı kısıtlayacak bir etki alanı girin, yoksa <enter> tuşlayın.\n"
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "Kullanıcı kimliği \"%s\" yürürlükten kaldırıldı."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Onu yine de imzalamak istiyor musunuz? (e/H veya y/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " İmzalanamıyor.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "Kullanıcı kimliği \"%s\" zamanaşımına uğradı."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "Kullanıcı kimliği \"%s\" öz-imzalı değil."
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "Kullanıcı kimliği \"%s\" imzalanabilir. "
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr "İmzalayacak mısınız? (e/H veya y/N) "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"\"%s\" üzerindeki öz-imza\n"
+"bir PGP 2.x tarzı imza.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr ""
+"Bir OpenPGP öz-imzası haline getirilmesini istiyor musunuz? (e/H veya y/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"\"%s\" üzerindeki imzanızın\n"
+"kullanım süresi dolmuş.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr ""
+"Yeni imzanızın süresi dolmuş biriyle değiştirilmesini ister misiniz? (e/H "
+"veya y/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"\"%s\" üzerindeki imzanız\n"
+"dahili bir imza.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr ""
+"Bu imzanın dışarda da geçerli hale getirilmesini istiyor musunuz? (e/H veya "
+"y/N) "
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" zaten %s anahtarıyla yerel olarak imzalanmış\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" zaten %s anahtarıyla imzalanmış\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Onu yine de imzalamak istiyor musunuz? (e/H veya y/N) "
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "%s anahtarı ile imzalanacak hiçbir şey yok\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Bu anahtarın kullanım süresi dolmuş!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Bu anahtarın geçerliliği %s de bitiyor.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr ""
+"İmzanızın da aynı süreyle geçerli olmasını ister misiniz? (E/h veya Y/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr ""
+"--pgp2 kipinde bir PGP 2.x anahtarlara bir OpenPGP imzası "
+"uygulanamayabilir.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Bu, anahtarı PGP 2.x için kullanışsız yapacak.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"Bu anahtarın ismi yukarda yazılı kişiye ait olduğunu ne kadar dikkatli\n"
+"doğruladınız? Bu sorunun cevabını bilmiyorsanız \"0\" yazın.\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Cevabı bilmiyorum. %s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Tamamen kontrol edildi.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) İlişkisel denetim yaptım.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Çok dikkatli bir denetim yaptım.%s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Seçiminiz? (daha fazla bilgi için: '?'): "
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"Bu anahtarı kendi \"%s\" (%s) anahtarınızla imzalamak istediğinize "
+"gerçekten\n"
+"emin misiniz?\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "Bu bir öz-imza olacak.\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr "UYARI: imza dışarı gönderilemez olarak imlenmeyecek.\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr "UYARI: imza yürürlükten kaldırılamaz olarak imlenmeyecek.\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "İmza dışarı gönderilemez olarak imlenecek.\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "İmza yürürlükten kaldırılamaz olarak imlenecek.\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "Her şeyiyle bu anahtarı sınayamadım.\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "Bu anahtarı karşılaştırmalı olarak sınadım.\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "Bu anahtarı çok dikkatle sınadım.\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "Gerçekten imzalayacak mısınız? (e/H veya y/N) "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "imzalama başarısız: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+"Anahtar sadece kısa veya karta özel öğeler içeriyor,\n"
+"değiştirilecek bir anahtar parolası yok.\n"
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Bu anahtar korunmamış.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Asıl anahtarın gizli parçaları kullanılamaz.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Asıl anahtarın gizli parçaları kart üzerinde saklı.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Anahtar korunmuÅŸ.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Bu anahtar üzerinde düzenleme yapılamaz: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Bu gizli anahtar için yeni anahtar parolasını giriniz.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr ""
+"ikinci kez yazdığınız anahtar parolası ilkiyle aynı değil; işlem "
+"tekrarlanacak"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Bir anahtar parolası vermediniz - bu çok *kötü* bir fikir!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "Gerçekten bunu yapmak istiyor musunuz? (e/H ya da y/N) "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "bir anahtar imzası doğru yere taşınıyor\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "kaydet ve çık"
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr "parmakizini gösterir"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "anahtarı ve kullanıcı kimliğini gösterir"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "N kullanıcı kimliğini seçer"
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr "N yardımcı anahtarını"
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr "imzaları sınar"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+"seçilen kullanıcı kimliği imzalar [* ilgili komutlar için aşağıya bakın]"
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr "kullanıcı kimlikleri yerel olarak imzalar"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr "seçili kullanıcı kimlikleri bir güvence imzasıyla imzalar"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+"seçili kullanıcı kimlikleri yürürlükten kaldırılamayan bir imzayla imzalar"
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "bir kullanıcı kimliği ekler"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "bir foto kimliÄŸi ekler"
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr "seçili kullanıcı kimlikleri siler"
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr "bir yardımcı anahtar ekler"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr "bir akıllı karta bir anahtar ekler"
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr "bir akıllı karttan bir anahtarı taşır"
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr "bir akıllı karttan bir yedekleme anahtarını taşır"
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr "seçili yardımcı anahtarları siler"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "bir yürürlükten kaldırma anahtarı ekler"
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr "seçili kullanıcı kimliklerden imzaları siler"
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr ""
+"anahtar için ya da seçili yardımcı anahtarlar için zamanaşımı tarihini "
+"deÄŸiÅŸtirir"
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr "seçili kullanıcı kimliğini asıl olarak imler"
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr "genel ve gizli anahtar listeleri arasında yer değiştirir"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "tercihleri listeler (uzman)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "tercihleri listeler (ayrıntılı)"
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr "Seçili kullanıcı kimlikler için tercih listesini belirler "
+
+#: g10/keyedit.c:1453
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr ""
+"seçili kullanıcı kimlikler için tercih edilen anahtar sunucu adresini "
+"belirler"
+
+#: g10/keyedit.c:1455
+msgid "set a notation for the selected user IDs"
+msgstr "seçili kullanıcı kimlikleri için bir simgelem belirler"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "anahtar parolasını değiştirir"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "sahibiningüvencesini değiştirir"
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr "Seçili tüm kullanıcı kimliklerdeki imzaları yürürlükten kaldırır"
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr "Seçili tüm kullanıcı kimlikleri yürürlükten kaldırır"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr "anahtarı ya da seçili yardımcı anahtarları yürürlükten kaldırır"
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr "anahtarı kullanıma sokar"
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr "anahtarı iptal eder"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr "seçili foto kimlikleri gösterir"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+"kullanışsız kullanıcı kimlikleri sıkıştırır ve kullanışsız imzaları "
+"anahtardan kaldırır"
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+"kullanışsız kullanıcı kimlikleri sıkıştırır ve tüm imzaları anahtardan "
+"kaldırır"
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "gizli anahtar bloÄŸu \"%s\" okunurken hata oluÅŸtu: %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "Gizli anahtar mevcut.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Bunu yapmak için gizli anahtar gerekli.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "lütfen önce \"seçmece\" komutunu kullanın.\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* `sign' komutu şu harflerden bir veya birkaçı ile başlayabilir:\n"
+" güvence imzaları için 't' (tsign), yürürlükten kaldırılmayan imzalar\n"
+" için 'nr', yerel imzalar için 'l' (lsign) veya buların karışımı olarak "
+"(ltsign, tnrsign gibi).\n"
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "Anahtar yürürlükten kaldırıldı."
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "Tüm kullanıcı kimlikler gerçekten imzalanacak mı? (e/H ya da y/N)"
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "İpucu: İmzalamak için bir kullanıcı kimliği seçiniz\n"
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "imza türü `%s' bilinmiyor\n"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "%s kipindeyken bu komut kullanılamaz.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "En az bir kullanıcı kimliği seçmelisiniz.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Son kullanıcı kimliğini silemezsiniz!\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr ""
+"Seçilen tüm kullanıcı kimlikler gerçekten silinecek mi? (e/H ya da y/N) "
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "Bu kullanıcı kimliği gerçekten silinecek mi? (e/H ya da y/N) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr "Bu öz-imza gerçekten taşınacak mı? (e/H ya da y/N) "
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "Sadece ve sadece bir anahtar seçmelisiniz.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr "Komut deÄŸiÅŸtirge olarak bir dosya ismi gerektiriyor\n"
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "`%s' açılamıyor: %s\n"
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "yedekleme anahtarı `%s' den okunurken hata oluştu: %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "En az bir anahtar seçmelisiniz.\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Seçili anahtarları gerçekten silmek istiyor musunuz? (e/H ya da y/N) "
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Bu anahtarı gerçekten silmek istiyor musunuz? (e/H ya da y/N) "
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr ""
+"Seçilen tüm kullanıcı kimlikleri gerçekten yürülükten kaldırılacak mı? (e/H "
+"ya da y/N) "
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr ""
+"Bu kullanıcı kimliği gerçekten yürürlükten kaldırılacak mı? (e/H ya da y/N) "
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr ""
+"Anahtarın tamamını yürürlükten kaldırmayı gerçekten istiyor musunuz? (e/H ya "
+"da y/N) "
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr ""
+"Seçili yardımcı anahtarları gerçekten yürürlükten kaldırmak istiyor musunuz? "
+"(e/H ya da y/N) "
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr ""
+"Bu yardımcı anahtarı gerçekten yürürlükten kaldırmak istiyor musunuz? (e/H "
+"ya da y/N) "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+"Kullanıcı taraından sağlanmış bir güvence veritabanı kullanılarak "
+"sahibiningüvencesi belirlenemez\n"
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "Belirlenecek tercih listesi:\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+"Seçili kullanıcı kimlikler için tercihleri gerçekten güncellemek istiyor "
+"musunuz? (e/H ya da y/N) "
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "Tercihleri gerçekten güncellemek istiyor musunuz? (e/H ya da y/N) "
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "DeÄŸiÅŸiklikler kaydedilecek mi? (e/H ya da y/N) "
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "Kaydetmeden çıkılsın mı? (e/H ya da y/N) "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "güncelleme başarısız: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "gizliyi güncelleme başarısız: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Güncelleme gereği olmadığından anahtar değişmedi.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Özet: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "Özellikler: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr "Anahtar sunucusu deÄŸiÅŸmez"
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr "Tercih edilen anahtar sunucusu: "
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+msgid "Notations: "
+msgstr "Simgelemler: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "Bir PGP 2.x tarzı kullanıcı kimliğine uygun tercih yok.\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr ""
+"Bu anahtar %2$s tarafından %3$s anahtarıyla %1$s üzerinde yürürlükten "
+"kaldırılmış\n"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr ""
+"Bu anahtar %s tarafından %s anahtarıyla yürürlükten kaldırılmış olabilir"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr "(duyarlı)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "oluÅŸturuldu: %s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "yürürlükten kaldırıldı: %s"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "son kullanma tarihi: %s"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "son kullanma tarihi: %s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "kullanımı: %s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr "güvencesi: %s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "geçerliliği: %s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Bu anahtar iptal edilmiÅŸti"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr "kart-no: "
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Gösterilen anahtarın, uygulamayı yeniden başlatıncaya kadar, gerekli\n"
+"doğrulukta olmayacağını lütfen gözönüne alınız.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "yürürlükten kaldırıldı"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "zamanaşımına uğradı"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"UYARI: birincil olarak imlenmiş bir kullanıcı kimlik yok. Bu komutla\n"
+" farklı bir kullanıcı kimliğin birincil kullanıcı kimlik olarak\n"
+" kabul edilmesini saÄŸlayabilirsiniz.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"UYARI: Bu PGP-2 tarzı bir anahtar. Bir foto kimliği eklenmesi bu anahtarın\n"
+" bazı PGP sürümleri tarafından reddedilmesi ile sonuçlanabilir.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Onu yine de eklemek istiyor musunuz? (e/H veya y/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "PGP2 tarzı bir anahtara bir foto kimliği ekleyemeyebilirsiniz.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Bu doÄŸru imza silinsin mi? (e/H/k veya y/N/k)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Bu geçersiz imza silinsin mi? (e/H/k veya y/N/k)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Bu bilinmeyen imza silinsin mi? (e/H/k veya y/N/k)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Bu öz-imza gerçekten silinecek mi? (e/H veya y/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "%d imza silindi.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "%d imza silindi.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Hiçbir şey silinmedi.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "geçersiz"
+
+#: g10/keyedit.c:3357
+#, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "kullanıcı kimliği \"%s\" yoğun: %s\n"
+
+#: g10/keyedit.c:3364
+#, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "Kullanıcı kimliği \"%s\": %d imza temizlendi\n"
+
+#: g10/keyedit.c:3365
+#, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "Kullanıcı kimliği \"%s\": %d imza temizlendi\n"
+
+#: g10/keyedit.c:3373
+#, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "kullanıcı kimliği \"%s\": zaten küçük\n"
+
+#: g10/keyedit.c:3374
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "kullanıcı kimliği \"%s\": zaten temiz\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"UYARI: Bu PGP-2 tarzı bir anahtar. Tasarlanmış bir yürürlükten kaldırıcı\n"
+" eklenmesi bu anahtarın bazı PGP sürümleri tarafından reddedilmesi\n"
+" ile sonuçlanabilir.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr ""
+"PGP2 tarzı bir anahtara tasarlanmış bir yürürlükten kaldırıcı "
+"ekleyemeyebilirsiniz.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr ""
+"Tasarlanmış yürürlükten kaldırma anahtarının kullanıcı kimliğini giriniz: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr ""
+"bir PGP 2.x tarzı anahtar bir tasarlanmış yürürlükten kaldırma anahtarı "
+"olarak atanamaz\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr ""
+"bir anahtarı kendisini yürürlükten kaldıracak anahtar olarak "
+"kullanamazsınız\n"
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr "bu anahtar zaten onu üreten tarafından yürürlükten kaldırılmıştı\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"UYARI: yürürlükten kaldıran olarak tasarlanmış bir anahtar başka amaçla\n"
+" kullanılamaz!\n"
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Bu anahtarın, yürürlükten kaldıran anahtar olmasını istediğinizden emin "
+"misiniz? (e/H ya da y/N) "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Lütfen gizli anahtarlardan seçilenleri silin.\n"
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr "Lütfen en fazla bir yardımcı anahtar seçin.\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Bir yardımcı anahtar için son kullanma tarihi değiştiriliyor.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Asıl anahtar için son kullanma tarihi değiştiriliyor.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Bir v3 anahtarının son kullanma tarihini değiştiremezsiniz\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Gizli anahtar demetinde uygun/benzer imza yok\n"
+
+#: g10/keyedit.c:3800
+#, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "yardımcı imzalama anahtarı %s zaten çapraz sertifikalı\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+"yardımcı anahtar %s imzalamıyor, dolayısıyla çapraz sertifikalı olması "
+"gerekmiyor\n"
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Lütfen sadece ve sadece bir kullanıcı kimlik seçiniz.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "kullanıcı kimliği \"%s\" için v3 öz-imzası atlanıyor\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr "Tercih ettiÄŸiniz sunucunun adresini girin: "
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Onu deÄŸiÅŸtirmek istediÄŸinizden emin misiniz? (e/H ya da y/N) "
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Onu silmek istediÄŸinizden emin misiniz? (e/H ya da y/N) "
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr "Simgelemi giriniz: "
+
+#: g10/keyedit.c:4471
+msgid "Proceed? (y/N) "
+msgstr "Devam? (e/H ya da y/N) "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "%d endeksine sahip kullanıcı kimliği yok\n"
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "%s çittirmeli kullanıcı kimliği yok\n"
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "%d indisli bir yardımcı anahtar yok\n"
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "Kullanıcı kimliği: \"%s\"\n"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "%s anahtarınızla %s%s%s de imzalandı\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (dışarda geçersiz)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Bu anahtarın geçerliliği %s de bitti.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Onu yine de yürürlükten kaldırmak istiyor musunuz? (e/H veya y/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr ""
+"Bu imza için bir yürürlükten kaldırma sertifikası oluşturulsun mu? (e/H veya "
+"y/N) "
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr ""
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Bu kullanıcı kimliklerini %s anahtarı üzerinde imzalamışsınız:\n"
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (yürülükten kaldırılmaz)"
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "%s tarafından %s de yürürlükten kaldırılmış\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Bu imzaları yürürlükten kaldırmak üzeresiniz:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr ""
+"Bu yürürlükten kaldırma sertifikalarını gerçekten oluşturacak mısınız? (e/H "
+"veya y/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "gizli anahtar yok\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "kullanıcı kimliği \"%s\" zaten iptal edilmişti\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr "UYARI: bir kullanıcı kimliği imzası %d saniye gelecekte oluşturuldu\n"
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "Anahtar %s zaten yürürlükten kaldırılmış.\n"
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "Yardımcı anahtar %s zaten yürürlükten kaldırılmış.\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr ""
+"Anahtar 0x%3$s (kull-kiml %4$d) için %2$ld uzunluktaki %1$s foto kimliği "
+"gösteriliyor\n"
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "'%s' tercihi yinelendi\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "çok fazla şifreleme tercihi\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "çok fazla özet tercihi\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "çok fazla sıkıştırma tercihi\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "tercih dizgesindeki '%s' öğesi geçersiz\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "doğrudan imza yazılıyor\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "öz-imza yazılıyor\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "anahtarı garantileyen imzayı yazıyor\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "anahtar uzunluğu geçersiz; %u bit kullanılıyor\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "anahtar uzunluğu %u bite yuvarlandı\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+"UYARI: bazı OpenPGP uygulamaları bu özet boyutlu bir DSA anahtarıyla "
+"çalışamayabilir\n"
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "Ä°mzalama"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr "Onayla"
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "Åžifrele"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "Kimlik kanıtla"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr "OoŞşKkçÇ"
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "bir %s anahtarı için olası eylemler: "
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr "Şimdilik mümkün eylemler: "
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) İmzalama yeteneğini açar/kapar\n"
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) Şifreleme yeteneğini açar/kapar\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) Kimlik kanıtlama yeteneğini açar/kapar\n"
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) Bitti\n"
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Lütfen istediğiniz anahtarı seçiniz:\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA ve ElGamal (öntanımlı)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA ve ElGamal (öntanımlı)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (yalnız imzalamak için)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (sadece imzalamak için)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (yalnız şifrelemek için)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (sadece şifrelemek için)\n"
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (yeteneklerini belirtin)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (yeteneklerini belirtin)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "%s anahtarları %u bit ile %u bit arasında olmalı.\n"
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Ä°stediÄŸiniz anahtar uzunluÄŸu nedir? (%u) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Ä°stediÄŸiniz anahtar uzunluÄŸu nedir? (%u) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Ä°stenen anahtar uzunluÄŸu: %u bit\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Lütfen anahtarın ne kadar süreyle geçerli olacağını belirtin.\n"
+" 0 = anahtar süresiz geçerli\n"
+" <n> = anahtar n gün geçerli\n"
+" <n>w = anahtar n hafta geçerli\n"
+" <n>m = anahtar n ay geçerli\n"
+" <n>y = anahtar n yıl geçerli\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Lütfen imzanınn ne kadar süreyle geçerli olacağını belirtin.\n"
+" 0 = imza süresiz geçerli\n"
+" <n> = imza n gün geçerli\n"
+" <n>w = imza n hafta geçerli\n"
+" <n>m = imza n ay geçerli\n"
+" <n>y = imza n yıl geçerli\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Anahtar ne kadar geçerli olacak? (0) "
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "İmza ne kadar geçerli olacak? (%s) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "değer hatalı\n"
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr "Anahtar hep geçerli olacak\n"
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr "İmza hep geçerli olacak\n"
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "Anahtarın geçerliliği %s de bitecek.\n"
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "İmzanın geçerliliği %s de bitecek.\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"Sisteminiz 2038 yılından sonraki tarihleri gösteremiyor.\n"
+"Ama emin olun ki 2106 yılına kadar elde edilebilecek.\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "Bu doÄŸru mu? (e/H ya da y/N) "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+"\n"
+"GnuPG anahtarınızı betimlemek için bir kullanıcı kimliği oluşturmaya ihtiyaç "
+"duyuyor.\n"
+"\n"
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Anahtarınızın size ait olduğunu belirten bir Kullanıcı-Kimliği olmalı;\n"
+"Kullanıcı-Kimliği, Gerçek İsminiz, Bir Önbilgi ve e-Posta Adresiniz\n"
+"alanlarının birleşiminden oluşur. Örneğin:\n"
+"\t\"Fatih Sultan Mehmed (Padisah) <padisah@ottoman.gov>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Adınız ve Soyadınız: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Ad ve soyadınızda geçersiz karakter var\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Ad ve soyadınız bir rakamla başlamamalı\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Ad ve soyadınız en az 5 harfli olmalı\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "E-posta adresiniz: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "geçerli bir E-posta adresi değil\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Önbilgi: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Önbilgi alanında geçersiz karakter var\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "`%s' karakter kümesini kullanıyorsunuz.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Seçtiğiniz KULLANICI-KİMLİĞİ:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr ""
+"Lütfen E-posta adresinizi Adı ve Soyadı veya Açıklama alanı içine koymayın\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "AaYyEeTtKk"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "(A)dı ve Soyadı, (Y)orum, (E)posta alanlarını değiştir ya da Çı(k)? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr ""
+"(A)dı ve Soyadı, (Y)orum, (E)posta alanlarını değiştir ya da (T)amam/Çı(k)? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Lütfen önce hatayı düzeltin\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Gizli anahtarınızı korumak için bir Anahtar Parolanız olmalı.\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+"Lütfen GnuPG sistemine ithal edilen nesneyi koruyacak anahtar parolasını "
+"giriniz."
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Bir anahtar parolası istemediniz - bu *kötü* bir fikir!\n"
+"Nasıl isterseniz. Anahtar parolanızı bu programı \"--edit-key\"\n"
+"seçeneği ile kullanarak her zaman değiştirebilirsiniz.\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Bir miktar rasgele bayt üretilmesi gerekiyor. İlk üretim sırasında biraz\n"
+"hareket (klavyeyi kullanmak, fareyi hareket ettirmek, disklerden "
+"yararlanmak)\n"
+"iyi olacaktır; bu yeterli rasgele bayt kazanmak için rasgele sayı\n"
+"üretecine yardımcı olur. \n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Anahtar üretimi durduruldu.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "genel anahtarı `%s'e yazıyor\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "gizli anahtar koçanı `%s'e yazılıyor\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "gizli anahtarı `%s'e yazıyor\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "yazılabilir bir genel anahtar zinciri yok: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "yazılabilir bir gizli anahtar zinciri yok: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "`%s' genel anahtarlığa yazılırken hata oluştu: %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "`%s' gizli anahtarlığa yazılırken hata oluştu: %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "genel ve gizli anahtar üretildi ve imzalandı.\n"
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Bu anahtar şifreleme için kullanılamaz. Şifreleme için yardımcı anahtarı\n"
+"\"--edit-key\" seçeneğini kullanarak üretebilirsiniz.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Anahtar üretimi başarısızlığa uğradı: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"anahtar %lu saniye sonra üretilmiş (zaman sapması veya saat problemi)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"anahtar bundan %lu saniye sonra üretilmiş (zaman sapması veya saat "
+"problemi)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr ""
+"BİLGİ: v3 anahtarları için yardımcı anahtar üretimi OpenPGP uyumlu değildir\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "Gerçekten oluşturulsun mu? (e/H ya da y/N) "
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "anahtarın kart üzerinde saklanması başarısız: %s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "'%s' yedek dosyası oluşturulamıyor: %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "BİLGİ: kart anahtarının yedeklemesi '%s' e kaydedildi\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "asla "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Kritik imza guvencesi: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "imza guvencesi: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr "Kritik tercihli anahtar sunucusu: "
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Kritik imza simgelemi: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "imza simgelemi: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Anahtar zinciri"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "Birincil anahtar parmak izi:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr "Yardımcı anahtar parmak izi:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr "Birincil anahtar parmak izi:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr "Yardımcı anahtar parmak izi:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr " Anahtar parmakizi ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr " Kart seri no. ="
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "`%s' > `%s' isim değişikliği başarısız: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "UYARI: gizli bilgi içeren 2 dosya mevcut.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s deÄŸiÅŸmeyenlerden\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s yenilerden\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Lütfen bu güvenlik çatlağını giderin\n"
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "`%s' anahtar zinciri önbellekleniyor\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "ÅŸimdiye kadar %lu anahtar arabelleklendi (%lu imza)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "%lu anahtar arabelleklendi (%lu imza)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: anahtar zinciri oluÅŸturuldu\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr "yürürlükten kaldırılan anahtarlar arama sonuçlarına dahil edilir"
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr ""
+"anahtar kimliğine göre arama yapılırken yardımcı anahtarlar dahil edilir"
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+"anahtar sunucusu yardımcılarına veri aktaracak geçici dosyalar kullanılır"
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr "geçici dosyaları kullandıktan sonra silmez"
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr "imzaları doğrularken anahtarları özdevinimli olarak alır"
+
+#: g10/keyserver.c:85
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "tercihli anahtar sunucusunun adresini adrese atar"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr "anahtarları alırken PKA kaydını bir anahtara atar"
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr "UYARI: anahtar sunucusu seçeneği `%s' bu platformda kullanımda değil\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "iptal edildi"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "Sayıyı/sayıları girin veya S)onraki ya da Ç)ık >"
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "anahtar sunucu protokolü geçersiz (bizimki %d!=eylemci %d)\n"
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "anahtar \"%s\" anahtar sunucusunda yok\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "anahtar, anahtar sunucusunda yok\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "%1$s anahtarı %3$s sunucusunun %2$s adresinden isteniyor\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "%s anahtarı %s adresinden isteniyor\n"
+
+#: g10/keyserver.c:1205
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "%2$s sunucusunda %1$s içindeki isimler aranıyor\n"
+
+#: g10/keyserver.c:1208
+#, c-format
+msgid "searching for names from %s\n"
+msgstr "%s içindeki isimler aranıyor\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "anahtar %1$s, %3$s sunucusunun %2$s adresine gönderiliyor\n"
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "%s anahtarı %s adresine gönderiliyor\n"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "%3$s sunucusunun %2$s adresinde \"%1$s\" aranıyor\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "%2$s adresinde \"%1$s\" aranıyor\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr "bir anahtar sunucusu eylemi yok!\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr "UYARI: GnuPG'nin başka bir sürümünün anahtar sunucusu eylemcisi (%s)\n"
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "anahtar sunucusu VERSION göndermiyor\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "bilinen bir anahtar sunucusu yok (--keyserver seçeneğini kullanın)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr "harici anahtar sunucusu çağrıları bu kurulumda desteklenmiyor\n"
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "`%s' anahtar sunucusu şeması için eylemci yok\n"
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr "`%s' eylemi `%s' anahtar sunucusu şeması ile desteklenmiyor\n"
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "%s %d sürümü eylemciyi desteklemiyor\n"
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "anahtar sunucusu zamanaşımına uğradı\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "anahtar sunucusu iç hatası\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "anahtar sunucusuyla iletişim hatası: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "\"%s\" bir anahtar kimliği değil: atlanıyor\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "UYARI: %s anahtarı %s üzerinden tazelenemiyor: %s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "1 anahtar %s adresinden tazeleniyor\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "%d anahtar %s adresinden tazeleniyor\n"
+
+#: g10/keyserver.c:1987
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "UYARI: Betimleyici %s alınamıyor: %s\n"
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "UYARI: Betimleyici %s çözümlenemiyor\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "bir şifreli oturum anahtarı (%d) için tuhaf uzunluk\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s şifreli oturum anahtarı\n"
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "bilinmeyen özet algoritması ile üretilmiş anahtar parolası %d\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "genel anahtar: %s\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "genel anahtarla ÅŸifreli veri: doÄŸru DEK\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr ""
+"%u bitlik %s anahtarı ve %s kullanıcı kimliği ile şifrelendi, %s tarihinde "
+"oluÅŸturuldu\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " \"%s\"\n"
+
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "%s anahtarı ve %s kullanıcı kimliği ile şifrelenmiş\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "genel anahtar şifre çözümü başarısız: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "%lu anahtar parolası ile şifrelenmiş\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "1 anahtar parolası ile şifrelenmiş\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "%s şifreli veri varsayılıyor\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr ""
+"IDEA şifre kullanışsız, iyimserlikle yerine %s kullanılmaya çalışılıyor\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "Şifre çözme tamam\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "UYARI: ileti bütünlük korumalı değildi\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "UYARI: ÅŸifreli ileti tahrip edilmiÅŸ!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "şifre çözme başarısız: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "BİLGİ: gönderen \"yalnız-gözleriniz-için\" ricasında bulundu\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "özgün dosya adı = '%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr "UYAR: çok sayıda salt metin görüldü\n"
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr ""
+"tek başına yürürlükten kaldırma - uygulamak için \"gpg --import\" kullanın\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+msgid "no signature found\n"
+msgstr "hiç imza yok\n"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "imza doÄŸrulama engellendi\n"
+
+#: g10/mainproc.c:1587
+msgid "can't handle this ambiguous signature data\n"
+msgstr "bu belirsiz imza verisi elde edilemiyor\n"
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "Ä°mza %s de\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " %s kullanılarak anahtar %s ile yapılmış\n"
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "%s imzası, %s anahtarı ve %s kullanıcı kimliği ile yapılmış\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Anahtar burada:"
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "\"%s\" deki imza KÖTÜ"
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "\"%s\" deki imza zamanaşımına uğramış"
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "\"%s\" deki imza iyi"
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[şüpheli]"
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " nam-ı diğer \"%s\""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Bu imzanın geçerliliği %s de bitti.\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "Bu imzanın geçerliliği %s de bitecek.\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s imzası, %s özet algoritması\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "ikili"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "metinkipi"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "bilinmeyen"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Ä°mza kontrol edilemedi: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "bir bağımsız imza değil\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr "UYARI: çoklu imzalar saptandı. Sadece ilki denetlenecek.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "0x%02x sınıfı tek başına imza\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "eski stil (PGP 2.x) imza\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "proc_tree() içinde geçersiz kök paket saptandı\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "`%s' için %s de durum bilgisi alınamıyor: %s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "fstat(%d) %s de başarısız: %s\n"
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "UYARI: deneysel %s genel anahtar algoritması kullanılıyor\n"
+
+#: g10/misc.c:302
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "UYARI: Elgamal imza+şifre anahtarları artık önerilmiyor\n"
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "UYARI: deneysel %s şifreleme algoritması kullanılıyor\n"
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "UYARI: deneysel %s özet algoritması kullanılıyor\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "UYARI: %s özet algoritması artık önerilmiyor.\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "IDEA ÅŸifre eklentisi yok\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, c-format
+msgid "please see %s for more information\n"
+msgstr "daha fazla bilgi için lütfen %s adresine bakınız\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: \"%s\" seçeneği kullanımdan kaldırılmak üzere.\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "UYARI: %s seçeneği kullanımdan kaldırılmak üzere.\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "lütfen yerine \"%s%s\" kullanınız\n"
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "UYARI: \"%s\" komutu artık önerilmiyor - kullanmayın onu\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr "%s:%u: eskimiş seçenek \"%s\" - artık etkisiz\n"
+
+#: g10/misc.c:787
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "UYARI: \"%s\" seçeneği eskidi - artık etkisiz\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "Sıkıştırılmamış"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr "Sıkıştırılmamış|yok"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "bu ileti %s tarafından kullanılamayabilir\n"
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "`%s' seçeneği belirsiz\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "`%s' seçeneği bilinmiyor\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "\"%s\" dosyası var. "
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "Üzerine yazılsın mı? (e/H ya da y/N) "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: bilinmeyen sonek\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Yeni dosya ismini giriniz"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "standart çıktıya yazıyor\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "\"%s\" içindeki veri imzalı kabul ediliyor\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "yeni yapılandırma dosyası `%s' oluşturuldu\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr ""
+"UYARI: `%s' deki seçenekler bu çalıştırma sırasında henüz etkin değil\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "%d genel anahtar algoritması kullanılamadı\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr "UYARI: simetrik şifreli oturum anahtarı potansiyel olarak güvensiz\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "%d tipi alt paket kritik bit kümesine sahip\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr "aracı ile sorun var: %s\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (asıl anahtar kimliği %s)"
+
+#: g10/passphrase.c:358
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"OpenPGP sertifikası için gizli anahtarı açacak anahtar parolasını giriniz:\n"
+"\"%.*s\"\n"
+"%u bitlik %s anahtarı, kimlik %s,\n"
+"oluÅŸturma tarihi %s%s.\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Anahtar parolasını giriniz\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "kullanıcı tarafından durduruldu\n"
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"Gizli anahtarın kilidini açmak için bir anahtar parolasına ihtiyacınız var.\n"
+"Anahtarın sahibi: \"%s\"\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u bitlik %s anahtarı, %s kimliği ile %s tarihinde üretilmiş"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (asıl anahtar kimliği %s üzerinde yardımcı anahtar)"
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Foto kimliği olarak kullanılmak üzere bir resim seçiniz. Resim bir JPEG\n"
+"dosyası olmalıdır. Bu resim genel anahtarınızda saklanacağından, çok büyük\n"
+"bir resim kullanırsanız genel anahtarınız da çok büyük olacaktır. Resim\n"
+"boyutlarının 240x288 civarında seçilmesi uygun olacaktır.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Foto kimliği için JPEG dosya ismini giriniz: "
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "JPEG dosyası `%s' açılamıyor: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "Bu JPEG gerçekten büyük (%d bayt)!\n"
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Onu kullanmak istediÄŸinizden emin misiniz? (e/H ya da y/N) "
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "'%s' bir JPEG dosyası değil\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Bu foto doğru mu? (e/H/ç veya y/N/ç) "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "foto kimliği gösterilemiyor!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "BelirtilmiÅŸ bir neden yok"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Anahtarın yerine başkası konulmuş ve iptal edilmiştir"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Anahtar tehlikede"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Anahtar artık kullanılmayacak"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "Kullanıcı kimliği artık geçersiz"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "yürürlükten kaldırma sebebi: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "yürürlükten kaldırma açıklaması: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "bBmMaAkK"
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "Güven değeri belirtilmemiş:\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " namı-diğer \"%s\"\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+"%s: Bu anahtarın gerçekten sahibine ait olduğuna dair bir belirti yok\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = bilmiyorum, kem küm\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = güvence vermem\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = Son derece güveniyorum\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " m = ana menüye dön\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " a = bu anahtarı atla\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " ç = çık\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+"Bu anahtar için asgari güvence seviyesi: %s\n"
+"\n"
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Kararınız? "
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr ""
+"Bu anahtarı gerçekten son derece güvenli yapmak istiyor musunuz? (e/H ya da "
+"y/N) "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Son derece güvenli bir anahtarla sonuçlanan sertifikalar:\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Bu anahtarın gerçekten ismi belirtilen şahsa ait olduğuna dair bir "
+"belirti yok\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Bu anahtarın gerçekten ismi belirtilen şahsa ait olduğuna dair sınırlı "
+"bir belirti var\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "Bu anahtarın ismi belirtilen şahsa ait olduğu umuluyor\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Bu anahtar bizim\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"Bu anahtarın kullanıcı kimliğinde ismi belirtilen şahsa ait\n"
+"olduğu kesin DEĞİL. *Gerçekten* ne yaptığınızı biliyorsanız,\n"
+"sonraki soruya da evet cevabı verebilirsiniz.\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "Bu anahtar yine de kullanılsın mı? (e/H ya da y/N) "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "UYARI: Güven derecesiz anahtar kullanılıyor!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr ""
+"UYARI: bu anahtar yürürlükten kaldırılmamış olabilir (yürürlükten kaldırma "
+"anahtarı mevcut değil)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "UYARI: Bu anahtar onu üreten tarafından yürürlükten kaldırılmıştı!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "UYARI: Bu anahtar sahibi tarafından yürürlükten kaldırılmıştı!\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " Bu imza sahte anlamına gelebilir.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr ""
+"UYARI: Bu yardımcı anahtar sahibi tarafından yürürlükten kaldırılmıştı!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "Bilgi: Bu anahtar iptal edildi.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr "Bilgi: Doğrulanmış imzacının adresi: `%s'\n"
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr "Bilgi: İmzacının adresi `%s', DNS girdisiyle eşleşmiyor\n"
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr "geçerli PKA bilgisinden dolayı güvence seviyesi TAM olarak ayarlandı\n"
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr "kötü PKA bilgisinden dolayı güvence seviyesi ASLA olarak ayarlandı\n"
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "Bilgi: Bu anahtarın kullanım süresi dolmuştu!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "UYARI: Bu anahtar güven dereceli bir imza ile sertifikalanmamış!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr " Bu imzanın sahibine ait olduğuna dair bir belirti yok.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "UYARI: Bu anahtara güven-mi-yoruz!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " Bu imza SAHTE olabilir.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr ""
+"UYARI: Bu anahtar yeterli güven derecesine sahip imzalarla "
+"sertifikalanmamış!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " Bu imzanın sahibine ait olduğu kesin değil.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: atlandı: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: atlandı: genel anahtar zaten var\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "Bir kullanıcı kimliği belirtmediniz. (\"-r\" kullanabilirsiniz)\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr "Şimdiki alıcılar:\n"
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Kullanıcı kimliğini girin. Boş bir satır işlemi sonlandırır:"
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Böyle bir kullanıcı kimliği yok.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "atlandı: genel anahtar zaten öntanımlı alıcı olarak ayarlanmış\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Genel anahtar iptal edildi.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "atlandı: genel anahtar zaten belirtilmiş\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "öntanımlı alıcı \"%s\" bilinmiyor\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: atlandı: genel anahtar iptal edildi\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "geçerli adresler yok\n"
+
+#: g10/pkclist.c:1503
+#, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "Bilginize: anahtar %s %s özelliğine sahip değil\n"
+
+#: g10/pkclist.c:1528
+#, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "Bilginize: anahtar %s %s için bir tercihe sahip değil\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "veri kaydedilmedi; kaydetmek için \"--output\" seçeneğini kullanın\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Bağımsız imza.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Lütfen veri dosyasının ismini girin: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "standart girdiden okuyor ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "imzalı veri yok\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "imzalı veri '%s' açılamadı\n"
+
+#: g10/plaintext.c:607
+#, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "imzalı veri fd=%d açılamadı: %s\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "anonim alıcı: %s gizli anahtarı deneniyor ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "tamam, biz anonim alıcıyız.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "DEK'in eski kodlaması desteklenmiyor\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "şifre algoritması %d%s bilinmiyor ya da iptal edilmiş\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "UYARI: %s şifre algoritması alıcı tercihlerinde yok\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "BİLGİ: %s gizli anahtarının %s tarihinde kullanım süresi doldu\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "BİLGİ: anahtar yürürlükten kaldırılmıştı"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet başarısız: %s\n"
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "anahtar %s: kullanıcı kimliği yok\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Yürürlükten kaldıran:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Bu bir duyarlı yürürlükten kaldırma anahtarı)\n"
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr ""
+"Bu imza için bir yürürlükten kaldırma sertifikası oluşturulsun mu? (e/H ya "
+"da y/N) "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "ASCII zırhlı çıktı istendi.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet başarısız: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Yürürlükten kaldırma sertifikası üretildi.\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "\"%s\" için yürürlükten kaldırma anahtarları yok\n"
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "gizli anahtar \"%s\" yok: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "karşılığı olan genel anahtar yok: `%s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "genel anahtar gizli anahtarla uyuÅŸmuyor!\n"
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr ""
+"Bu anahtar için bir yürürlükten kaldırma sertifikası oluşturulsun mu? (e/H "
+"ya da y/N) "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "bilinmeyen sıkıştırma algoritması\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "BİLGİ: Bu anahtar korunmamış!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Yürürlükten kaldırma sertifikası üretildi.\n"
+"\n"
+"Sertifika başkalarının kolayca erişebileceği yerlerde saklanmamalıdır.\n"
+"Aksi takdirde, yürürlükten kaldırma sertifikanız bilginiz dışında\n"
+"yayınlandığında geçerli olan genel anahtarınızın geçersiz hale gelebilir.\n"
+"Sertifika kısa olacağından isterseniz, bir yazıcı çıktısı olarak alıp\n"
+"bir kasada da muhafaza edebilirsiniz.\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Lütfen bir yürürlükten kaldırma sebebi seçiniz:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "Ä°ptal"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Burada %d seçtiğiniz varsayılıyor)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr ""
+"İsteğe bağlı açıklamayı girebilirsiniz; Boş bir satır işlemi sonlandırır:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Yürürlükten kaldırma sebebi: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(açıklama verilmedi)\n"
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "Bu tamam mı? (e/H ya da y/N) "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "gizli anahtar parçaları kullanım dışı\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "koruma algoritması %d%s desteklenmiyor\n"
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "koruma özeti %d desteklenmiyor\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Anahtar parolası geçersiz; lütfen tekrar deneyin"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr ""
+"UYARI: Zayıf anahtar saptandı - lütfen anahtar parolasını tekrar "
+"deÄŸiÅŸtirin.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"gizli anahtarın güvenliği için eski tarz 16 bitlik sağlama toplamı "
+"üretiliyor\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "zayıf anahtar oluşturuldu - yeniden deneniyor\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"simetrik şifre için zayıf anahtarın önlenmesi mümkün olamadı: %d kere "
+"denendi!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr "DSA sekizin katlarında bir çittirim uzunluğu gerektirir\n"
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr "DSA anahtarı %s, güvensiz bir çittirim (%u bitlik) kullanıyor\n"
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr "DSA anahtarı %s, %u bitlik veya daha geniş bir çittirim gerektiriyor\n"
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "UYARI: iletideki imza özeti çelişkili\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "UYARI: yardımcı imzalama anahtarı %s çapraz sertifikalı değil\n"
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"UYARI: yardımcı imzalama anahtarı %s geçersiz çapraz sertifikalamaya sahip\n"
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "genel anahtar %s imzadan %lu saniye daha yeni\n"
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "genel anahtar %s imzadan %lu saniye daha yeni.\n"
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"anahtar %s %lu saniye sonra üretilmiş (zaman sapması veya saat problemi)\n"
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"anahtar %s bundan %lu saniye sonra üretilmiş (zaman sapması veya saat "
+"problemi)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "BİLGİ: %s imza anahtarının kullanım süresi %s sularında dolmuş\n"
+
+#: g10/sig-check.c:252
+#, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "BİLGİ: imza anahtarı %s yürürlükten kaldırılmıştı\n"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"hatalı imzanın bilinmeyen bir kritik bitten dolayı %s anahtarından "
+"kaynaklandığı sanılıyor\n"
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr ""
+"anahtar %s: anahtarı yürürlükten kaldırma imzası için yardımcı anahtar yok\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr ""
+"anahtar %s: yardımcı anahtarı garantileme imzası için yardımcı anahtar yok\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"UYARI: %% genişletmeli simgelem imkansız (çok büyük). Genişletilmeden "
+"kullanılıyor.\n"
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"UYARI: güvence adresi için %%lik uzatma imkansız (çok büyük).\n"
+"Uzatılmadan kullanılıyor.\n"
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"UYARI: tercih edilen anahtar sunucu adresi için %%lik uzatma imkansız\n"
+"(çok büyük). Uzatılmadan kullanılıyor.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "oluşturulan imzanın denetimi başarısız: %s\n"
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s imza: \"%s\" den\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"--pgp2 kipinde sadece PGP 2.x tarzı anahtarlarla ayrık imza yapabilirsiniz\n"
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"UYARI: alıcının tercihleriyle çelişen %s (%d) özet algoritması kullanılmak "
+"isteniyor\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "imzalanıyor:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"--pgp2 kipinde sadece PGP 2.x tarzı anahtarlarla açık imzalama "
+"yapabilirsiniz\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "%s şifrelemesi kullanılmayacak\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr "anahtar güvenli olarak imlenmemiş - onu sahte RSÜ ile kullanmayın!\n"
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "\"%s\" atlandı: tekrarlanmış\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "\"%s\" atlandı: %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "atlandı: gizli anahtar zaten var\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr "bu, imzalar için güvenli olmayan PGP üretimi bir ElGamal anahtarı!"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "güvence veritabanının %lu. kaydı, %d türünde: yazma başarısız: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# Atanan güvencedeğerlerinin listesi %s oluşturuldu\n"
+"# (Eski haline getirmek için \"gpg --import-ownertrust\" kullanın\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "'%s' de hata: %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "satır çok uzun"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr ": imi eksik"
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "parmakizi geçersiz"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "sahibiningüvencesi değeri kayıp"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "`%s' deki güvence kaydını ararken hata: %s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "`%s' için okuma hatası: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "güvence veritabanı: eşzamanlama başarısız: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "güvence veritabanı %lu kaydı: erişim başarısız: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "güvence veritabanı %lu kaydı: yazma başarısız (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "güvence veritabanı işlemi çok uzun\n"
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "'%s' eriÅŸilemiyor: %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: dizin yok!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "`%s' için kilit oluşturulamıyor\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "`%s' kiltlenemedi\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: sürüm kaydı oluşturmada başarısız: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: geçersiz güvence veritabanı oluşturuldu\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: güvence veritabanı oluşturuldu\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "BİLGİ: güvence veritabanına yazılamıyor\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: güvence veritabanı geçersiz\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: çittirim tablosu oluşturulamadı: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: sürüm kaydının güncellenmesinde hata: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: sürüm kaydının okunmasında hata: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: sürüm kaydının yazılmasında hata: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "güvence veritabanı: erişim başarısız: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "güvence veritabanı: okuma başarısız (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: bir güvence veritabanı dosyası değil\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: %lu kayıt numarası ile sürüm kaydı\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: dosya sürümü %d geçersiz\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: serbest kaydı okuma hatası: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: dizin kaydını yazma hatası: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: kayıt sıfırlama başarısız: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: kayıt ekleme başarısız: %s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s: güvence veritabanı oluşturuldu\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "%d karakterden daha uzun metin satırları okunamıyor\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "girdi satırı %d karakterden daha uzun\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "`%s' geçerli bir anahtar kimliği değil\n"
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "anahtar %s: güvenli anahtar olarak kabul edildi\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "anahtar %s güvence veritabanında birden fazla görünüyor\n"
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "anahtar %s: güvenli anahtar için genel anahtar yok - atlandı\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "anahtar %s son derece güvenli olarak imlendi.\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "güvence veritabanı kaydı %lu, istek tipi %d: okuma başarısız: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "güvence veritabanının %lu. kaydı %d istek türünde değil\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+"bilinmeyen güvence modeli (%d) kullanılamıyor - %s güvence modeli "
+"varsayılıyor\n"
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr "%s güvence modeli kullanılıyor\n"
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr "20 translator seen trustdb.c:uid_trust_string_fixed"
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr "[yürürlükten kalktı]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr "[ süresi doldu ]"
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr "[ bilinmeyen ]"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr "[ tanımsız ]"
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr "[ şöyle böyle ]"
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr "[ tamamen ]"
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr "[ son derece ]"
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr "tanımsız"
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr "asla "
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr "şöyle böyle"
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr "tamamen"
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr "son derece"
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "bir güvence veritabanı denetimi gereksiz\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "sonraki güvence veritabanı denetimi %s de\n"
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "`%s' güvence modelli güvence veritabanı sınaması için gereksiz\n"
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "`%s' güvence modelli güvence veritabanı güncellemesi için gereksiz\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "genel anahtar %s yok: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "lütfen bir --check-trustdb yapın\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "güvence veritabanı denetleniyor\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "%d anahtar iÅŸlendi (%d doÄŸrulama temizlendi)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "son derece güvenli bir anahtar yok\n"
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "son derece güvenli %s için genel anahtar yok\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr "%d şöyle böyle gerekli, %d tamamen gerekli, %s güvence modeli\n"
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+"derinlik: %d geçerli: %3d imzalı: %3d güvenilir: %d-, %dq, %dn, %dm, %df, "
+"%du\n"
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr ""
+"güvence veritabanının sürüm kaydı güncellenemedi: yazma başarısız: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"imza doğrulanamadı.\n"
+"İmza dosyasının (.sig veya .asc) komut satırında verilecek\n"
+"ilk dosya olması gerektiğini lütfen hatırlayın.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "girdi satırı %u ya çok uzun ya da sonunda satırsonu karakteri yok\n"
+
+#: g10/verify.c:253
+#, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "fd %d açılamıyor: %s\n"
+
+#: jnlib/argparse.c:180
+msgid "argument not expected"
+msgstr "deÄŸiÅŸtirge beklenmiyordu"
+
+#: jnlib/argparse.c:182
+msgid "read error"
+msgstr "okuma hatası"
+
+#: jnlib/argparse.c:184
+msgid "keyword too long"
+msgstr "anahtar sözcük çok uzun"
+
+#: jnlib/argparse.c:186
+msgid "missing argument"
+msgstr "eksik deÄŸiÅŸtirge"
+
+#: jnlib/argparse.c:188
+msgid "invalid command"
+msgstr "geçersiz komut"
+
+#: jnlib/argparse.c:190
+msgid "invalid alias definition"
+msgstr "geçersiz rumuz tanımı"
+
+#: jnlib/argparse.c:192
+msgid "out of core"
+msgstr "nüve dışı"
+
+#: jnlib/argparse.c:194
+msgid "invalid option"
+msgstr "geçersiz seçenek"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr "\"%.50s\" seçeneği için değiştirge eksik\n"
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr "\"%.50s\" seçeneğinin değiştirge ihtiyacı yok\n"
+
+#: jnlib/argparse.c:207
+#, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "geçersiz komut \"%.50s\"\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr "\"%.50s\" seçeneği belirsiz\n"
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr "\"%.50s\" komutu belirsiz\n"
+
+#: jnlib/argparse.c:213
+msgid "out of core\n"
+msgstr "nüve dışında\n"
+
+#: jnlib/argparse.c:215
+#, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "geçersiz seçenekler \"%.50s\"\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "bir yazılım hatası buldunuz ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, c-format
+msgid "error loading `%s': %s\n"
+msgstr "`%s' yüklenirken hata: %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr "`%s' > `%s' dönüşümü elverişli değil\n"
+
+#: jnlib/utf8conv.c:131
+#, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "iconv_open başarısız: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "`%s' > `%s' dönüşümü başarısız: %s\n"
+
+#: jnlib/dotlock.c:234
+#, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "`%s' geçici dosyası oluşturulamıyor: %s\n"
+
+#: jnlib/dotlock.c:269
+#, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "`%s' yazılırken hata: %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr "bayat kilit dosyası siliniyor (%d tarafından oluşturulmuş)\n"
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr " - muhtemelen ölü - kilit siliniyor"
+
+#: jnlib/dotlock.c:469
+#, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "kilit için bekleniyor (%d%s tarafından tutulmuş) %s...\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr "(ölükilit?) "
+
+#: jnlib/dotlock.c:493
+#, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "kilit `%s' yapılmadı: %s\n"
+
+#: jnlib/dotlock.c:501
+#, c-format
+msgid "waiting for lock %s...\n"
+msgstr "%s kilidi için bekleniyor...\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr "hata ayıklama bayrakları ayarlanır"
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr "tam hata ayıklama etkin olur"
+
+#: kbx/kbxutil.c:117
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "Kullanımı: kbxutil [seçenekler] [dosyalar] (yardım için -h)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+"Sözdizimi: kbxutil [seçenekler] [dosyalar]\n"
+"Anahtar kutusu verisini listeler, ithal ve ihraç eder\n"
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "RSA modülü ya eksik ya da %d bitlik değil\n"
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "RSA genel üstel sayısı ya eksik ya da %d bitten büyük\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN eylemcisi hata döndürdü: %s\n"
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr "BoşPIN henüz değişmedi\n"
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "||Lütfen PIN'inizi okuyucunun tuştakımından giriniz"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "|A|Lütfen Yönetici PIN'ini okuyucu tuştakımından giriniz"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "||Lütfen kart için Sıfırlama Kodunu giriniz"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "||Lütfen kart için Sıfırlama Kodunu giriniz"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "yeni PIN alınırken hata: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "parmakizinin saklanması başarısız oldu: %s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "oluşturma tarihinin saklanması başarısız oldu: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "genel anahtar okuması başarısız: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "yanıt genel anahtar verisi içermiyor\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "yanıt RSA modülü içermiyor\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "yanıt RSA genel bileşenini içermiyor\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr "%s olarak öntanımlı PIN kullanılıyor\n"
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+"%s olarak öntanımlı PIN kullanılamadı: %s - öntanımlı kullanımı iptal "
+"ediliyor\n"
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||Lütfen PIN'i giriniz%%0A[yapılan imza: %lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+msgid "||Please enter the PIN"
+msgstr "||Lütfen PIN'i giriniz"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "CHV%d için PIN çok kısa; asgari uzunluk: %d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "CHV%d doğrulaması başarısız oldu: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "karttan CHV durumu alınırken hata\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "kart kalıcı olarak kilitli!\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+"kart kalıcı olarak kilitlenmeden önce %d Yönetici PIN kalmasına çalışılıyor\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr ""
+"|A|Lütfen Yönetici PIN'ini okuyucu tuştakımından giriniz%%0A[kalan deneme: %"
+"d]"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "||Lütfen PIN'i giriniz"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "yönetici komutlarına erişim yapılandırılmamış\n"
+
+#: scd/app-openpgp.c:2035
+msgid "||Please enter the Reset Code for the card"
+msgstr "||Lütfen kart için Sıfırlama Kodunu giriniz"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "Sıfırlama Kodu çok kısa; asgari uzunluk: %d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr "|YSK|Yeni Sıfırlama Kodu"
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr "|YYP|Yeni Yönetici PIN'i"
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr "|N|Yeni PIN"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "uygulama verisi okunurken hata\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "parmakizi DO okunurken hata\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "anahtar zaten mevcut\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "mevcut anahtar konulacak\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "yeni anahtar üretiliyor\n"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "yeni anahtar üretiliyor\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr "oluşturum zaman damgası kayıp\n"
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr "RSA asal sayısı %s ya eksik la da %d bitlik değil\n"
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "anahtarın saklanması başarısız: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "anahtar üretilene kadar lütfen bekleyiniz ....\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "anahtar üretimi başarısızlığa uğradı\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "anahtar üretimi tamamlandı (%d saniye)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "OpenPGP kartının yapısı geçersiz (DO 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr "karttaki parmak izi istenenle eÅŸleÅŸmiyor\n"
+
+#: scd/app-openpgp.c:3099
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "kart %s özet algoritmasını desteklemiyor\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "ÅŸu ana kadar oluÅŸturulan imzalar: %lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr "Yönetici PIN'inin doğrulanması bu komut yüzünden şimdilik yasaktır\n"
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "%s erişilebilir değil - OpenPGP kartı geçersiz olabilir mi?\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr "||Lütfen PIN'inizi okuyucunun tuştakımından giriniz"
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr "|N|Ä°lk Yeni PIN"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr "çoklu sunucu kipinde çalışır (önalanda)"
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr "|LDÜZEY|hata ayıklama düzeyini DÜZEY yapar"
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+msgid "|FILE|write a log to FILE"
+msgstr "|DOSYA|DOSYAya bir günce yazar"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr "|N|N. porttaki okuyucuya bağlanır"
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|İSİM|ct-API sürücüsü olarak İSİM kullanılır"
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|İSİM|PC/SC sürücüsü olarak İSİM kullanılır"
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr "dahili CCID sürücüsü kullanılmaz"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr "|N|N saniyelik durgunluktan sonra kartı ayırır"
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr "bir okuyucu tuştakımı kullanılmaz"
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "yönetici kartı komutları kullanımına izin verir"
+
+#: scd/scdaemon.c:259
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "Kullanımı: scdaemon [seçenekler] (yardım için -h)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+"Sözdizimi: scdaemon [seçenekler] [komut [arg ...]]\n"
+"GnuPG için akıllı kart artalan süreci\n"
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+"Programı artalanda çalışır bırakmak için lütfen `--daemon' seçeneğini "
+"kullanın\n"
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr "fd %d için eylemci başlatıldı\n"
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr "fd %d için eylemci sonlandı\n"
+
+#: sm/base64.c:325
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "geçersiz radix64 karakteri %02x atlandı\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr "çalışan dirmngr yok - `%s' başlatılıyor\n"
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "DIRMNGR_INFO ortam değişkeni hatalı\n"
+
+#: sm/call-dirmngr.c:297
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "dirmngr protokolünün %d. sürümü desteklenmiyor\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr "dirmngr'a bağlanılamıyor - son çareye başvuruluyor\n"
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr "sertifika tarafından istenen geçerlilik modeli: %s"
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr "zincir"
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+msgid "shell"
+msgstr "kabuk"
+
+#: sm/certchain.c:258
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "kritik sertifika eklentisi %s desteklenmiyor"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr "sertifikacı onu bir CA gibi imlememiş"
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr "yapılandırılmış poliçeler olmaksızın kritik imli poliçe"
+
+#: sm/certchain.c:345
+#, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "`%s' açılamadı: %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr "bilgi: kritik olmayan sertifika poliçesine izin verilmez"
+
+#: sm/certchain.c:357 sm/certchain.c:386
+msgid "certificate policy not allowed"
+msgstr "sertifika poliçesine izin verilmiyor"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr "harici bir sertifikacı arar\n"
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr "eşleşen sertifikacı sayısı: %d\n"
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr "Dirmngr önbelleğinde sertifikacıyı arar\n"
+
+#: sm/certchain.c:585
+#, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "eşleşen sertifika sayısı: %d\n"
+
+#: sm/certchain.c:587
+#, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "dirmngr sadece-önbellek anahtar araması başarısızi: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+msgid "failed to allocated keyDB handle\n"
+msgstr "ayrılmış anahtar veritabanı elde edilemedi: %s\n"
+
+#: sm/certchain.c:925
+msgid "certificate has been revoked"
+msgstr "sertifika yürürlükten kaldırılmıştı"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr "sertifika durumu bilinmiyor"
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr "\"dirmngr\"'ın düzgün olarak kurulu olduğundan lütfen emin olunuz\n"
+
+#: sm/certchain.c:953
+#, c-format
+msgid "checking the CRL failed: %s"
+msgstr "CRL sınaması başarısız: %s"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "geçersiz doğrulukla sertifika: %s"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr "sertifika henüz geçersiz"
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+msgid "root certificate not yet valid"
+msgstr "kök sertifika henüz geçersiz"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr "ara sertifika henüz geçersiz"
+
+#: sm/certchain.c:1012
+msgid "certificate has expired"
+msgstr "sertifika kullanım süresi dolmuş"
+
+#: sm/certchain.c:1013
+msgid "root certificate has expired"
+msgstr "kök sertifikanın kullanım süresi dolmuş"
+
+#: sm/certchain.c:1014
+msgid "intermediate certificate has expired"
+msgstr "ara sertifikanın kullanım süresi dolmuş"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr "gerekli sertifika özellikleri eksik: %s%s%s"
+
+#: sm/certchain.c:1065
+msgid "certificate with invalid validity"
+msgstr "geçersiz doğrulukla sertifika"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr "sertifika yaşam süresi boyunca imza oluşturulmadı"
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr "sertifikacının yaşam süresi boyunca sertifika oluşturulmadı"
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr "sertifikacının yaşam süresi boyunca ara sertifika oluşturulmadı"
+
+#: sm/certchain.c:1109
+msgid " ( signature created at "
+msgstr " ( imzanın oluşturuluşu: "
+
+#: sm/certchain.c:1110
+msgid " (certificate created at "
+msgstr " ( sertifikanın oluşturuluşu: "
+
+#: sm/certchain.c:1113
+msgid " (certificate valid from "
+msgstr " (sertifika geçerlilik başlangıcı: "
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr " (sertifikacı geçerlilik başlangıcı: "
+
+#: sm/certchain.c:1144
+#, c-format
+msgid "fingerprint=%s\n"
+msgstr "parmakizi=%s\n"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr "kök sertifika artık güvenilir olarak imlenmiş oldu\n"
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr "güvenilir olarak etkileşimli imleme gpg-agent'ta etkin değil\n"
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr "güvenilir olarak etkileşimli imleme bu oturum için iptal edildi\n"
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+"UYARI: imzanın oluşturulma zamanı bilinmiyor - şimdiki zaman varsayılıyor"
+
+#: sm/certchain.c:1293
+msgid "no issuer found in certificate"
+msgstr "sertifikacı kim belli değil"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr "öz-imzalı sertifika KÖTÜ bir imzaya sahip"
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr "kök sertifika güvenilir olarak imli değil"
+
+#: sm/certchain.c:1448
+#, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "güvence listesinin sınanması başarısız: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr "sertifika zinciri çok uzun\n"
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr "sertifikacı belli değil"
+
+#: sm/certchain.c:1522
+msgid "certificate has a BAD signature"
+msgstr "sertifika KÖTÜ bir imzaya sahip"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr "başka bir eşleşmesi olası CA sertifikası var - tekrar deneniyor"
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr "sertifika zinciri CA tarafından izin verilenden uzun (%d)"
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+msgid "certificate is good\n"
+msgstr "sertifika iyi durumda\n"
+
+#: sm/certchain.c:1645
+msgid "intermediate certificate is good\n"
+msgstr "ara sertifika iyi durumda\n"
+
+#: sm/certchain.c:1646
+msgid "root certificate is good\n"
+msgstr "kök sertifika iyi durumda\n"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr "zincir modeline geçiş"
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr "kullanılan geçerlilik modeli: %s"
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr "%s anahtarı, güvensiz bir çittirim (%u bitlik) kullanıyor\n"
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr "%u bitlik çittirim %u bitlik %s anahtarı için geçersiz\n"
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr "(bu, MD2 algoritmasıdır)\n"
+
+#: sm/certdump.c:60 sm/certdump.c:143
+msgid "none"
+msgstr "yok"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+msgid "[Error - invalid encoding]"
+msgstr "[Hata - kodlama geçersiz]"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr "[Hata - nüve dışında]"
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr "[Hata - Adsız]"
+
+#: sm/certdump.c:679 sm/certdump.c:738
+msgid "[Error - invalid DN]"
+msgstr "[Hata - DN geçersiz]"
+
+#: sm/certdump.c:948
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"X.509 sertifikası için gizli anahtarı açacak anahtar parolasını lütfen "
+"giriniz:\n"
+"\"%s\"\n"
+"S/N: %s, Kimlik: 0x%08lX,\n"
+"oluşturuluşu: %s, süre bitimi: %s.\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr "hiç anahtar kullanımı belirtilmemiş - tüm kullanımlar var sayılıyor\n"
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "anahtar kullanım bilgisi alınırken hata: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr "sertifika onaylama için kullanılmamalıydı\n"
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr "sertifika, OCSP yanıtının imzalanması için kullanılmamalıydı\n"
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr "sertifika şifreleme için kullanılmamalıydı\n"
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr "sertifika imzalama için kullanılmamalıydı\n"
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr "sertifika şifreleme için elverişli değil\n"
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr "sertifika imzalama için elverişli değil\n"
+
+#: sm/certreqgen.c:474
+#, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "`%d. satır: algoritma geçersiz\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr "%d. satır: anahtar uzunluğu %u geçersiz (%d .. %d geçerli)\n"
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr "%d. satır: konu ismi belirtilmemiş\n"
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr "%d. satır: konu ismi yaftası `%.*s' geçersiz\n"
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr "%1$d. satır: %3$d konumundaki konu ismi %2$s' geçersiz\n"
+
+#: sm/certreqgen.c:534
+#, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "%d. satır: geçerli bir eposta adresi değil\n"
+
+#: sm/certreqgen.c:546
+#, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "%d. satır: `%s' anahtarı karttan okunurken hata: %s\n"
+
+#: sm/certreqgen.c:558
+#, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "%d. satır: `%s' anahtar maşası tarafından alınırken hata: %s\n"
+
+#: sm/certreqgen.c:574
+#, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "%d. satır: anahtar üretimi başarısızlığa uğradı: %s <%s>\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+"Bu sertifika isteğini tamamlamak için lütfen anahtar parolanızı girip "
+"anahtarınızı bir kere daha oluşturun.\n"
+
+#: sm/certreqgen-ui.c:158
+#, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA\n"
+
+#: sm/certreqgen-ui.c:159
+#, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) Mevcut anahtar\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr " (%d) Karttaki mevcut anahtar\n"
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "Simgelemi giriniz: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "%d indisli bir yardımcı anahtar yok\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s: serbest kaydı okuma hatası: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "kartın seri numarası alınırken hata: %s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "anahtarı iptal eder"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "bir %s anahtarı için olası eylemler:\n"
+
+#: sm/certreqgen-ui.c:277
+#, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) imza, ÅŸifreleme\n"
+
+#: sm/certreqgen-ui.c:278
+#, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) imza\n"
+
+#: sm/certreqgen-ui.c:279
+#, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) ÅŸifreleme\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr "X.509 konu ismini girin: "
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr "Konu ismi belirtilmemiÅŸ\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr "Geçersiz konu ismi yaftası `%.*s'\n"
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "Geçersiz konu ismi`%s'\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr "22 çevirmen: bakınız certreg-ui.c:gpgsm_gencertreq_tty"
+
+#: sm/certreqgen-ui.c:334
+msgid "Enter email addresses"
+msgstr "E-posta adresinizi girin"
+
+#: sm/certreqgen-ui.c:335
+msgid " (end with an empty line):\n"
+msgstr " (ve boş bir satır ile bitirin):\n"
+
+#: sm/certreqgen-ui.c:339
+msgid "Enter DNS names"
+msgstr "DNS isimlerini giriniz"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+msgid " (optional; end with an empty line):\n"
+msgstr " (seçimlik; boş bir satır işlemi sonlandırır):\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr "URI'leri girin"
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr "Sertifika isteği için kullanılacak değiştirgeler:\n"
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr "Sertifika isteÄŸi oluÅŸturuluyor. Bu biraz vakit alabilir...\n"
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr "Hazır. Bu isteği şimdi Sertifika Yetkilinize (CA) göndermelisiniz.\n"
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr "özkaynak sorunu: nüve dışı\n"
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr "(bu, RC2 algoritmasıdır)\n"
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr "(bu bir şifreli iletiymiş gibi görünmüyor)\n"
+
+#: sm/delete.c:51 sm/delete.c:112
+#, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "sertifika \"%s\" yok: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, c-format
+msgid "error locking keybox: %s\n"
+msgstr "anahtar bloÄŸu kilitlenirken hata: %s\n"
+
+#: sm/delete.c:143
+#, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "yinelenmiÅŸ sertifika `%s' silindi\n"
+
+#: sm/delete.c:145
+#, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "sertifika `%s' silindi\n"
+
+#: sm/delete.c:175
+#, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "\"%s\" sertifikası silinemedi: %s\n"
+
+#: sm/encrypt.c:321
+msgid "no valid recipients given\n"
+msgstr "geçerli alıcılar verilmedi\n"
+
+#: sm/gpgsm.c:197
+msgid "list external keys"
+msgstr "harici anahtarları listeler"
+
+#: sm/gpgsm.c:199
+msgid "list certificate chain"
+msgstr "sertifika zincirini listeler"
+
+#: sm/gpgsm.c:206
+msgid "import certificates"
+msgstr "sertifikaları ithal eder"
+
+#: sm/gpgsm.c:207
+msgid "export certificates"
+msgstr "sertifikaları ihraç eder"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr "bir akıllı kartı kayda alır"
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr "dirmngr'a bir komut aktarır"
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr "gpg-protect-tool'u çalıştırır"
+
+#: sm/gpgsm.c:230
+msgid "create base-64 encoded output"
+msgstr "base-64 kodlu çıktı oluşturur"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr "girdinin PEM biçiminde olduğu kabul edilir"
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr "girdinin base-64 biçiminde olduğu kabul edilir"
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr "girdinin ikilik biçimde olduğu kabul edilir"
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr "elverişliyse sistemin dirmngr'ı kullanılır"
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr "asla bir CRL sormaz"
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr "doğruluğu OCSP kullarak sınar"
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr "|N|içerilecek sertifika sayısı"
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr "|DOSYA|poliçe bilgisi DOSYAdan alınır"
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr "sertifika poliçeleri sınanmaz"
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr "kayıp sertifikacı sertifikalarını alır"
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "terminali hiç kullanma"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr "|DOSYA|bir sunucu kipi günlüğü DOSYAya yazar"
+
+#: sm/gpgsm.c:290
+msgid "|FILE|write an audit log to FILE"
+msgstr "|DOSYA|bir denetim günlüğünü DOSYAya yazar"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "önceden belirlenmiş işlemler kipi: hiç sormaz"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "soruların çoğunda cevap evet farzedilir"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "soruların çoğunda cevap hayır farzedilir"
+
+#: sm/gpgsm.c:298
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "|DOSYA|anahtar zincirini anahtar zincirleri listesine ekler"
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr ""
+"|KULLANICI-KİMLİĞİ|öntanımlı gizli anahtar olarak KULLANICI-KİMLİĞİ "
+"kullanılır"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|BELİRTİM|anahtarları aramak için bu anahtar sunucusu kullanılır"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|İSİM|şifre algoritması olarak İSİM kullanılır"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|İSİM|özet algoritması olarak İSİM kullanılır"
+
+#: sm/gpgsm.c:522
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "Kullanımı: gpgsm [seçenekler] [dosyalar] (yardım için -h)"
+
+#: sm/gpgsm.c:525
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"Sözdizimi: gpgsm [seçenekler] [dosyalar]\n"
+"imzalama, kontrol, şifreleme veya çözme S/MIME protokolü kullanarak yapılır\n"
+"öntanımlı işlem girilen veriye bağımlıdır\n"
+
+#: sm/gpgsm.c:617
+msgid "usage: gpgsm [options] "
+msgstr "kullanımı: gpgsm [seçenekler] "
+
+#: sm/gpgsm.c:739
+#, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "BÄ°LGÄ°:`%s'e ÅŸifrelenemez: %s\n"
+
+#: sm/gpgsm.c:750
+#, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "`%s' geçerlilik modeli bilinmiyor\n"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: konak adı belirtilmemiş\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: kullanıcısız parola verilmiş\n"
+
+#: sm/gpgsm.c:841
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: bu satır atlanıyor\n"
+
+#: sm/gpgsm.c:1376
+msgid "could not parse keyserver\n"
+msgstr "anahtar sunucusu çözümlenemedi\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr "UYARI: sahte sistem zamanıyla çalışıyor: "
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "ortak sertifikalar `%s' ithal ediliyor\n"
+
+#: sm/gpgsm.c:1597
+#, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "`%s' kullanarak imzalanamıyor: %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr "geçersiz komut (hiç dolaylı komut yok)\n"
+
+#: sm/import.c:111
+#, c-format
+msgid "total number processed: %lu\n"
+msgstr "iÅŸlenmiÅŸ toplam miktar: %lu\n"
+
+#: sm/import.c:230
+msgid "error storing certificate\n"
+msgstr "sertifika saklanırken hata\n"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr "temel sertifika sınamaları başarısız oldu - ithal edilmedi\n"
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+msgid "failed to allocate keyDB handle\n"
+msgstr "anahtar veritabanı eylemcisine yer ayrılması başarısız oldu\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "saklanmış bayraklar alınırken hata: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, c-format
+msgid "error importing certificate: %s\n"
+msgstr "sertifika ithal edilirken hata: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, c-format
+msgid "error reading input: %s\n"
+msgstr "girdi okunurken hata: %s\n"
+
+#: sm/keydb.c:187
+#, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "anahtar bloku `%s' oluÅŸturulurken hata: %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr "gpg-agent'ı önce başlatmak isteyebilirsiniz\n"
+
+#: sm/keydb.c:195
+#, c-format
+msgid "keybox `%s' created\n"
+msgstr "`%s' anahtar bloÄŸu oluÅŸturuldu\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+msgid "failed to get the fingerprint\n"
+msgstr "parmakizinin alınması başarısız oldu\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr "mevcut sertifika aranırken sorun çıktı: %s\n"
+
+#: sm/keydb.c:1348
+#, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "yazılabilir anahtar veritabanı bulunurken hata: %s\n"
+
+#: sm/keydb.c:1356
+#, c-format
+msgid "error storing certificate: %s\n"
+msgstr "serifika saklanırken hata: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "sertifika yeniden aranırken sorun çıktı: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, c-format
+msgid "error storing flags: %s\n"
+msgstr "bayraklar saklanırken hata: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr "Hata - "
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr "GPG_TTY atanmamıştı - kullanımı sorunlara yolaçabilir\n"
+
+#: sm/qualified.c:105
+#, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "`%s', %d. satırındaki biçimli parmakizi geçersiz\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr "`%s', %d. satırındaki ülke kodu geçersiz\n"
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+"Sertifikanızı kullanarak bir imza oluşturmaya hazırsınız:\n"
+"\"%s\"\n"
+"Bu, kanunen elyazısı imzaya eşdeğer nitelikte bir imza oluşturacak.\n"
+"\n"
+"%s%sBunu yapmak istediÄŸinizden emin misiniz?"
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+"Bu yazılımın böyle imzaları oluşturmak ve doğrulamak için resmi onaylı "
+"olmadığına dikkat ediniz.\n"
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+"Sertifikanızı kullanarak bir imza oluşturmaya hazırsınız:\n"
+"\"%s\"\n"
+"Bu sertifkanın nitelikli bir imza üretmeyeceğine dikkat ediniz!"
+
+#: sm/sign.c:449
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr ""
+"çittirim algoritması %d (%s) imzacı %d için desteklenmiyor; %s kullanılıyor\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr "%d imzacı için kullanılan çittirim algoritması: %s (%s)\n"
+
+#: sm/sign.c:513
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "nitelikli sertifika için sınama başarısız: %s\n"
+
+#: sm/verify.c:449
+msgid "Signature made "
+msgstr "Ä°mza "
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr "[belirtilmeyen tarihte]"
+
+#: sm/verify.c:454
+#, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr " sertifika kimliği 0x%08lX kullanılarak yapıldı\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr "geçersiz imza: ileti özeti özelliği hesaplananla uyuşmuyor\n"
+
+#: sm/verify.c:594
+msgid "Good signature from"
+msgstr "Buradaki imzeler iyi:"
+
+#: sm/verify.c:595
+msgid " aka"
+msgstr " nam-ı diğer"
+
+#: sm/verify.c:613
+msgid "This is a qualified signature\n"
+msgstr "Bu bir nitelikli imzadır.\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+msgid "quiet"
+msgstr "sessiz"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr "veri çıktısını onaltılık kodlamayla basar"
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr "alınan veri satırlarının kodunu açar"
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr "|İSİM|Assuan soketi İSİMe bağlanır"
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr "komut satırında verilen Assuan sunucu çalıştırılır"
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr "ek bağlantı kipi kullanılmaz"
+
+#: tools/gpg-connect-agent.c:80
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|DOSYA|DOSYAdaki komutlar başlangıçta çalıştırılır"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr "/subst başlangıçta çalıştırılır"
+
+#: tools/gpg-connect-agent.c:184
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "Kullanımı: gpg-connect-agent [seçenekler] (yardım için -h)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+"Sözdizimi: gpg-connect-agent [seçenekler]\n"
+"Çalışan bir aracıya bağlanıp komutları gönderir\n"
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr "\"%s\" seçeneği bir program ve seçimlik değiştirgeler gerektirir\n"
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr "\"%2$s\" nedeniyle \"%1$s\" seçeneği yoksayıldı\n"
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, c-format
+msgid "receiving line failed: %s\n"
+msgstr "satır alımı başarısız: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+msgid "line too long - skipped\n"
+msgstr "satır çok uzun - atlandı\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr "gömülü boş karakterden dolayı satır kısaldı\n"
+
+#: tools/gpg-connect-agent.c:1743
+#, c-format
+msgid "unknown command `%s'\n"
+msgstr "komut `%s' bilinmiyor\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, c-format
+msgid "sending line failed: %s\n"
+msgstr "satır göndirimi başarısız: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, c-format
+msgid "error sending %s command: %s\n"
+msgstr "%s komutu gönderilirken hata: %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, c-format
+msgid "error sending standard options: %s\n"
+msgstr "standart seçenekler gönderilirken hata: %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr "Tanı çıktısını denetleyen seçenekler"
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr "Yapılandırmayı denetleyen seçenekler"
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr "Hata ayıklamaya elverişli seçenekler"
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr "|DOSYA|sunucu kipi günlükleri DOSYAya yazar"
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr "Güvenliği denetleyen seçenekler"
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr "|N|SSH anahtarları N saniyede zamanaşımına uğrar"
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr "|N|azami PIN önbelleği ömrü N saniyeye ayarlanır"
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr "|N|azami SSH anahtarı ömrü N saniyeye ayarlanır"
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr "Bir anahtar parolası kuralını zorlayan seçenekler"
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr "anahtar parolası kuralının atlanmasına izin verilmez"
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr "|N|yeni anahtar parolası için gereken en küçük uzunluk N'ye ayarlanır"
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+"|N|yeni bir anahtar parolası için en azından harf olmayan N karakter gerekir"
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr "|DOSYA|yeni anahtar parolası DOSYAdaki kalıba göre sınanır"
+
+#: tools/gpgconf-comp.c:557
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|anahtar parolası N gün sonra zaman aşımına uğrar"
+
+#: tools/gpgconf-comp.c:561
+msgid "do not allow the reuse of old passphrases"
+msgstr "eski anahtar parolalarının yeniden kullanılmasına izin vermez"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|İSİM|öntanımlı gizli anahtar olarak İSİM kullanılır"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|İSİM|İSİM kullanıcısı için de şifreleme yapar"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr "|BELİRTİM|eposta rumuzlarını ayarlar"
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr "Anahtar sunucular için yapılandırma"
+
+#: tools/gpgconf-comp.c:688
+msgid "|URL|use keyserver at URL"
+msgstr "|URL| URL'si veriler anahtar sunucusu kullanılır"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr "PKA aramalarına izin verilir (DNS istekleri)"
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+"|MEKANİZMALAR|anahtarları eposta adreslerine göre konumlamak için "
+"MEKANİZMALAR kullanılır"
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr "dirmngr'a tüm erişim iptal edilir"
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|İSİM|PKCS#12 anahtar parolaları için kodlama olarak İSİM kullanılır"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr "kök sertifikalar için CRLler sınanmaz"
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr "Çıktı biçimini denetleyen seçenekler"
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr "Etkileşimliliği ve zorlamayı denetleyen seçenekler"
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr "HTTP sunucuları için yapılandırma"
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr "sistemin HTTP vekil ayarları kullanılır"
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr "Kullanılacak LDAP sunucularının yapılandırması"
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr "LDAP sunucu listesi"
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr "OCSP için yapılandırma"
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr "%s bileşeninin harici doğrulaması başarısız oldu"
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr "Grup belirtimlerinin yoksayıldığına dikkat edin\n"
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr "tüm bileşenleri listeler"
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr "tüm programları sınar"
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr "|BİLEŞEN|seçenekleri listeler"
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr "|BİLEŞEN|seçenekleri değiştirir"
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr "|BİLEŞEN|seçenekleri sınar"
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr "öntanımlı küresel değerleri uygular"
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr "gpgconf için yapılandırma dizinlerini getirir"
+
+#: tools/gpgconf.c:72
+msgid "list global configuration file"
+msgstr "küresel yapılandırma dosyasını listeler"
+
+#: tools/gpgconf.c:74
+msgid "check global configuration file"
+msgstr "küresel yapılandırma dosayasını sınar"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "çıktı dosyası olarak kullanılır"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr "mümkünse değişiklikleri çalışma sırasında etkin kılar"
+
+#: tools/gpgconf.c:105
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "Kullanımı: gpgconf [seçenekler] (yardım için -h)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+"Sözdizimi: gpgconf [seçenekler]\n"
+"GnuPG sisteminin araçları için yapılandırma seçeneklerini yönetir\n"
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+msgid "usage: gpgconf [options] "
+msgstr "kullanımı: gpgconf [seçenekler] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr "Tek bileÅŸenlik deÄŸiÅŸtirge gerekli"
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+msgid "Component not found"
+msgstr "BileÅŸen yok"
+
+#: tools/gpgconf.c:284
+msgid "No argument allowed"
+msgstr "DeÄŸiÅŸtirgeye izin verilmez"
+
+#: tools/symcryptrun.c:154
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@\n"
+"Komutlar:\n"
+" "
+
+#: tools/symcryptrun.c:156
+msgid "decryption modus"
+msgstr "şifre çözme kipi"
+
+#: tools/symcryptrun.c:157
+msgid "encryption modus"
+msgstr "ÅŸifreleme kipi"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr "araç sınıfı (Konfüçyüs)"
+
+#: tools/symcryptrun.c:162
+msgid "program filename"
+msgstr "program dosyaismi"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr "gizli anahtar dosyası (gerekli)"
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr "girdi dosyası ismi (std girdi öntanımlı)"
+
+#: tools/symcryptrun.c:209
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "Kullanımı: symcryptrun [seçenekler] (yardım için -h)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+"Sözdizimi: symcryptrun --class SINIF --program PROGRAM --keyfile ANHDOSYA "
+"[seçenekler...] KOMUT [girdi-dosyası]\n"
+"Basit bir simetrik şifreleme aracı çalıştırır\n"
+
+#: tools/symcryptrun.c:281
+#, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%2$s üzerindeki %1$s %3$i durumuyla çıktı\n"
+
+#: tools/symcryptrun.c:288
+#, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "%2$s üzerindeki %1$s %3$i durumuyla başarısız oldu\n"
+
+#: tools/symcryptrun.c:314
+#, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "`%s' geçici dizini oluşturulamıyor: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "%s yazmak için açılamadı: %s\n"
+
+#: tools/symcryptrun.c:382
+#, c-format
+msgid "error writing to %s: %s\n"
+msgstr "%s yazılırken hata: %s\n"
+
+#: tools/symcryptrun.c:389
+#, c-format
+msgid "error reading from %s: %s\n"
+msgstr "%s okunurken hata: %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, c-format
+msgid "error closing %s: %s\n"
+msgstr "%s kapanırken hata: %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr "--program diye bir seçenek yok\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr "sadece --decrypt ve --encrypt destekleniyor\n"
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr "--keyfile diye bir seçenek yok\n"
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr "argüman dizgeleri dizisi ayrılamıyor\n"
+
+#: tools/symcryptrun.c:529
+#, c-format
+msgid "could not create pipe: %s\n"
+msgstr "boru oluşturulamadı: %s\n"
+
+#: tools/symcryptrun.c:536
+#, c-format
+msgid "could not create pty: %s\n"
+msgstr "pty oluşturulamadı: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr "çatallanamadı: %s\n"
+
+#: tools/symcryptrun.c:580
+#, c-format
+msgid "execv failed: %s\n"
+msgstr "execv başarısız: %s\n"
+
+#: tools/symcryptrun.c:609
+#, c-format
+msgid "select failed: %s\n"
+msgstr "select başarısız: %s\n"
+
+#: tools/symcryptrun.c:626
+#, c-format
+msgid "read failed: %s\n"
+msgstr "read başarısız: %s\n"
+
+#: tools/symcryptrun.c:678
+#, c-format
+msgid "pty read failed: %s\n"
+msgstr "pty okuması başarısız: %s\n"
+
+#: tools/symcryptrun.c:730
+#, c-format
+msgid "waitpid failed: %s\n"
+msgstr "waitpid başarısız: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr "alt süreç %i durumu ile çıktı\n"
+
+#: tools/symcryptrun.c:799
+#, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "dosya içi dizge ayrılamıyor: %s\n"
+
+#: tools/symcryptrun.c:812
+#, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "dosya dışı dizge ayrılamıyor: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr "ya %s verilmeli ya da %s\n"
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr "hiç sınıf sağlanmamış\n"
+
+#: tools/symcryptrun.c:1022
+#, c-format
+msgid "class %s is not supported\n"
+msgstr "%s sınıfı desteklenmiyor\n"
+
+#: tools/gpg-check-pattern.c:145
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr ""
+"Kullanım: gpg-check-pattern [seçenekler] örüntüdosyası (yardım için -h)\n"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+"Kullanım: gpg-check-pattern [seçenekler] örüntüdosyası\n"
+"Standart girdiden verilen anahtar parolasını örüntü dosyasıyla "
+"karşılaştırır\n"
+
+#~ msgid "Command> "
+#~ msgstr "Komut> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr ""
+#~ "güvence veritabanı bozulmuş; lütfen \"gpg --fix-trustdb\" çalıştırın.\n"
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr ""
+#~ "Yazılım hatalarını lütfen <gnupg-bugs@gnu.org> adresine,\n"
+#~ "çeviri hatalarını ise <gnu-tr@belgeler.org> adresine bildiriniz.\n"
+
+#~ msgid "Please report bugs to "
+#~ msgstr "Yazılım hatalarını lütfen "
+
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "DSA anahtar çifti %u bit olacak.\n"
+
+#~ msgid "this command has not yet been implemented\n"
+#~ msgstr "bu komut henüz gerçeklenmedi\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "Parolayı tekrar yazınız\n"
+
+#~ msgid "||Please enter your PIN at the reader's keypad%%0A[sigs done: %lu]"
+#~ msgstr ""
+#~ "||Lütfen PIN'inizi okuyucu tuştakımından giriniz%%0A[yapılan imza: %lu]"
+
+#~ msgid "|A|Admin PIN"
+#~ msgstr "|A|Yönetici PIN'i"
diff --git a/po/uk.gmo b/po/uk.gmo
new file mode 100644
index 0000000..d718694
--- /dev/null
+++ b/po/uk.gmo
Binary files differ
diff --git a/po/uk.po b/po/uk.po
new file mode 100644
index 0000000..3acecc1
--- /dev/null
+++ b/po/uk.po
@@ -0,0 +1,8541 @@
+# Ukrainian translation for gnupg2
+# Copyright (C) 2011 Free Software Foundation, Inc.
+# This file is distributed under the same license as the GnuPG package.
+#
+# Yuri Chornoivan <yurchor@ukr.net>, 2011.
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg2\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2011-08-28 10:55+0300\n"
+"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
+"Language-Team: Ukrainian <kde-i18n-uk@kde.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: uk\n"
+"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%"
+"10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
+"X-Generator: Lokalize 1.2\n"
+
+#: agent/call-pinentry.c:244
+#, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "не вдалоÑÑ Ð²Ñтановити Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ð¿Ð¸Ñу пінкоду: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr "_Гаразд"
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr "_СкаÑувати"
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr "Пінкод:"
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr "ЯкіÑÑ‚ÑŒ:"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+"ЯкіÑÑ‚ÑŒ введеного вище текÑту.\n"
+"Дані щодо критеріїв ÑкоÑÑ‚Ñ– можна отримати у вашого адмініÑтратора."
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+"Будь лаÑка, вкажіть ваш пінкод, щоб ключ можна було розблокувати Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ "
+"ÑеанÑу"
+
+#: agent/call-pinentry.c:719
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr ""
+"Будь лаÑка, вкажіть ваш пароль, щоб ключ можна було розблокувати Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ "
+"ÑеанÑу"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr "SETERROR %s (Ñпроба %d з %d)"
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+msgid "PIN too long"
+msgstr "Занадто довгий пінкод"
+
+#: agent/call-pinentry.c:800
+msgid "Passphrase too long"
+msgstr "Занадто довгий пароль"
+
+#: agent/call-pinentry.c:808
+msgid "Invalid characters in PIN"
+msgstr "Ðекоректні Ñимволи у пінкоді"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr "Занадто короткий пінкод"
+
+#: agent/call-pinentry.c:825
+msgid "Bad PIN"
+msgstr "Помилковий пінкод"
+
+#: agent/call-pinentry.c:826
+msgid "Bad Passphrase"
+msgstr "Помилковий пароль"
+
+#: agent/call-pinentry.c:863
+msgid "Passphrase"
+msgstr "Пароль"
+
+#: agent/command-ssh.c:531
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr ""
+"підтримки ключів ssh, що ÑкладаютьÑÑ Ð· понад %d бітів, не передбачено\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "не вдалоÑÑ Ñтворити «%s»: %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ «%s»: %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ñерійного номера картки: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr "виÑвлено картку з Ñерійним номером: %s\n"
+
+#: agent/command-ssh.c:1717
+#, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr ""
+"помилка під Ñ‡Ð°Ñ Ñпроби Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ñ‚Ð¸Ð¿Ð¾Ð²Ð¾Ð³Ð¾ розпізнавального keyID картки: %s\n"
+
+#: agent/command-ssh.c:1737
+#, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "не виÑвлено відповідних ключів картки: %s\n"
+
+#: agent/command-ssh.c:1787
+#, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð°: %s\n"
+
+#: agent/command-ssh.c:1802
+#, c-format
+msgid "error writing key: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби запиÑу ключа: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+"ПроцеÑом ssh надіÑлано запит щодо викориÑÑ‚Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð°%%0A %s%%0A (%s)%%"
+"0AÐадати доÑтуп до цього ключа?"
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr "Ðадати"
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr "Заборонити"
+
+#: agent/command-ssh.c:2155
+#, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "Будь лаÑка, вкажіть пароль до ключа ssh%%0A %F%%0A (%c)"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+msgid "Please re-enter this passphrase"
+msgstr "Будь лаÑка, повторіть Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ"
+
+#: agent/command-ssh.c:2509
+#, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"Будь лаÑка, вкажіть пароль Ð´Ð»Ñ Ð·Ð°Ñ…Ð¸Ñту отриманого закритого ключа%%0A %s%%"
+"0A %s%%0Aу Ñховищі ключів gpg-agent"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr "паролі не збігаютьÑÑ, повторіть Ñпробу"
+
+#: agent/command-ssh.c:3054
+#, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "не вдалоÑÑ Ñтворити потік даних з Ñокета: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr "Будь лаÑка, вÑтавте картку з Ñерійним номером"
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr "Будь лаÑка, вийміть поточну картку Ñ– вÑтавте картку з Ñерійним номером"
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr "ÐдмініÑтративний пінкод"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr "PUK"
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr "Код ÑкиданнÑ"
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr "%s%%0A%%0AСкориÑтайтеÑÑ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ð¾ÑŽ клавіатурою зчитувача Ð´Ð»Ñ Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ."
+
+#: agent/divert-scd.c:287
+msgid "Repeat this Reset Code"
+msgstr "Повторіть Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ коду ÑкиданнÑ"
+
+#: agent/divert-scd.c:289
+msgid "Repeat this PUK"
+msgstr "Повторіть Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ PUK"
+
+#: agent/divert-scd.c:290
+msgid "Repeat this PIN"
+msgstr "Повторіть Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ пінкоду"
+
+#: agent/divert-scd.c:295
+msgid "Reset Code not correctly repeated; try again"
+msgstr "Помилка під Ñ‡Ð°Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ ÐºÐ¾Ð´Ñƒ ÑкиданнÑ, повторіть Ñпробу"
+
+#: agent/divert-scd.c:297
+msgid "PUK not correctly repeated; try again"
+msgstr "Помилка під Ñ‡Ð°Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ PUK, повторіть Ñпробу"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "Помилка під Ñ‡Ð°Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ñ–Ð½ÐºÐ¾Ð´Ñƒ, повторіть Ñпробу"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "Будь лаÑка, введіть пінкод%s%s%s Ð´Ð»Ñ Ñ€Ð¾Ð·Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ°Ñ€Ñ‚ÐºÐ¸"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "помилка ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñ‚Ð¸Ð¼Ñ‡Ð°Ñового файла: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби запиÑу до тимчаÑового файла: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+msgid "Enter new passphrase"
+msgstr "Вкажіть новий пароль"
+
+#: agent/genkey.c:167
+msgid "Take this one anyway"
+msgstr "СкориÑтатиÑÑ Ñ†Ð¸Ð¼"
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+"ПопередженнÑ: вами введено занадто проÑтий пароль.%%0AПароль має ÑкладатиÑÑ "
+"не менше ніж з %u Ñимволу."
+msgstr[1] ""
+"ПопередженнÑ: вами введено занадто проÑтий пароль.%%0AПароль має ÑкладатиÑÑ "
+"не менше ніж з %u Ñимволів."
+msgstr[2] ""
+"ПопередженнÑ: вами введено занадто проÑтий пароль.%%0AПароль має ÑкладатиÑÑ "
+"не менше ніж з %u Ñимволів."
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+"ПопередженнÑ: вами введено занадто проÑтий пароль.%%0AПароль має міÑтити "
+"принаймні %u цифру або%%0AÑпеціальний Ñимвол."
+msgstr[1] ""
+"ПопередженнÑ: вами введено занадто проÑтий пароль.%%0AПароль має міÑтити "
+"принаймні %u цифри або%%0AÑпеціальних Ñимволи."
+msgstr[2] ""
+"ПопередженнÑ: вами введено занадто проÑтий пароль.%%0AПароль має міÑтити "
+"принаймні %u цифр або%%0AÑпеціальних Ñимволів."
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+"ПопередженнÑ: вами вказано занадто проÑтий пароль.%%0AПаролем не повинно "
+"бути Ñлово зі Ñловника або Ñлово%%0A, що відповідає певному зразку."
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr "Вами не вказано паролÑ!%0AВикориÑÑ‚Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ€Ð¾Ð¶Ð½Ñ–Ñ… паролів заборонено."
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+"Вами не вказано паролÑ. Цього не варто робити!%0AБудь лаÑка, підтвердіть, що "
+"ваш ключ не Ñлід захищати взагалі."
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr "Так, у захиÑÑ‚Ñ– немає потреби"
+
+#: agent/genkey.c:308
+#, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr "Вкажіть пароль до%0Aз метою захиÑту вашого нового ключа"
+
+#: agent/genkey.c:431
+msgid "Please enter the new passphrase"
+msgstr "Вкажіть новий пароль"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@Параметри:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr "запуÑтити у режимі Ñервера (оÑновному)"
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr "запуÑтити у режимі фонової Ñлужби (фоновий)"
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "докладний режим"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "дещо зменшити кількіÑÑ‚ÑŒ повідомлень"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr "Ð²Ð¸Ð²ÐµÐ´ÐµÐ½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´ у форматі sh"
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr "Ð²Ð¸Ð²ÐµÐ´ÐµÐ½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´ у форматі csh"
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+msgid "|FILE|read options from FILE"
+msgstr "прочитати параметри з вказаного файла"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr "не від’єднувати від конÑолі"
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr "не захоплювати ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ»Ð°Ð²Ñ–Ð°Ñ‚ÑƒÑ€Ð¾ÑŽ Ñ– мишею"
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+msgid "use a log file for the server"
+msgstr "викориÑтовувати файл журналу Ð´Ð»Ñ Ñервера"
+
+#: agent/gpg-agent.c:138
+msgid "use a standard location for the socket"
+msgstr "викориÑтовувати Ð´Ð»Ñ Ñокета Ñтандартне розташуваннÑ"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr "викориÑтовувати вказану програму пінзапиÑів"
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr "викориÑтовувати вказану програму SCdaemon"
+
+#: agent/gpg-agent.c:145
+msgid "do not use the SCdaemon"
+msgstr "не викориÑтовувати SCdaemon"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr "ігнорувати запити щодо зміни TTY"
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr "ігнорувати запити щодо зміни графічного диÑплеÑ"
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr "вважати кешовані пінкоди за вказану кількіÑÑ‚ÑŒ Ñекунд"
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr "не викориÑтовувати кеш пін-кодів Ð´Ð»Ñ Ð¿Ñ–Ð´Ð¿Ð¸ÑуваннÑ"
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr "дозволити клієнтам позначати ключі Ñк надійні"
+
+#: agent/gpg-agent.c:179
+msgid "allow presetting passphrase"
+msgstr "дозволити попереднє вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr "увімкнути емулÑцію ssh-агента"
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr "запиÑати параметри Ñередовища Ñ– до файла"
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "Будь лаÑка, надÑилайте Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾ помилки на <@EMAIL@>.\n"
+
+#: agent/gpg-agent.c:342
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "ВикориÑтаннÑ: gpg-agent [параметри] (-h — довідка)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+"СинтакÑиÑ: gpg-agent [параметри] [команда [аргументи]]\n"
+"ÐšÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°ÐºÑ€Ð¸Ñ‚Ð¸Ð¼Ð¸ ключами у GnuPG\n"
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr "вказано некоректне Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ€Ñ–Ð²Ð½Ñ Ð´Ñ–Ð°Ð³Ð½Ð¾Ñтики «%s»\n"
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr "%s Ñ” занадто заÑтарілою (потрібно %s, маємо %s)\n"
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "ЗÐУВÐЖЕÐÐЯ: не виÑвлено файла типових параметрів «%s»\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "файл параметрів «%s»: %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "прочитати параметри з «%s»\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "помилка ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Â«%s»: %s.\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "не вдалоÑÑ Ñтворити каталог «%s»: %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr "назва Ñокета Ñ” надто довгою\n"
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, c-format
+msgid "can't create socket: %s\n"
+msgstr "не вдалоÑÑ Ñтворити Ñокет: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "назва Ñокета «%s» Ñ” надто довгою\n"
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "gpg-agent вже запущено, потреби у запуÑку нової копії немає\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+msgid "error getting nonce for the socket\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ‚Ð¾Ñ‡Ð½Ð¾Ð³Ð¾ Ñтану Ñокета\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби прив’ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ Ñокета до «%s»: %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, c-format
+msgid "listen() failed: %s\n"
+msgstr "помилка listen(): %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, c-format
+msgid "listening on socket `%s'\n"
+msgstr "Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… на Ñокеті «%s»\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "Ñтворено каталог «%s»\n"
+
+#: agent/gpg-agent.c:1640
+#, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "помилка stat() щодо «%s»: %s\n"
+
+#: agent/gpg-agent.c:1644
+#, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "не можна викориÑтовувати Ñк домашній каталог «%s»\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr ""
+"помилка під Ñ‡Ð°Ñ Ñпроби Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ‚Ð¾Ñ‡Ð½Ð¾Ð³Ð¾ Ñтану на файловому деÑкрипторі %d: %"
+"s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr "запущено обробки 0x%lx Ð´Ð»Ñ Ñ„Ð°Ð¹Ð»Ð¾Ð²Ð¾Ð³Ð¾ деÑкриптора %d\n"
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr "обробник 0x%lx деÑкриптора файла %d завершив роботу\n"
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr "запущено обробник ssh 0x%lx Ð´Ð»Ñ Ð´ÐµÑкриптора файла %d\n"
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr "обробник ssh 0x%lx деÑкриптора файла %d завершив роботу\n"
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "помилка pth_select: %s — Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ñƒ 1 Ñ\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, c-format
+msgid "%s %s stopped\n"
+msgstr "%s %s зупинено\n"
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr "у цьому ÑеанÑÑ– не запущено gpg-agent\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "помилкове Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð¼Ñ–Ð½Ð½Ð¾Ñ— Ñередовища GPG_AGENT_INFO\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "підтримки верÑÑ–Ñ— протоколу gpg-agent %d не передбачено\n"
+
+#: agent/preset-passphrase.c:98
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr ""
+"ВикориÑтаннÑ: gpg-preset-passphrase [параметри] KEYGRIP (-h — довідка)\n"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+"СинтакÑиÑ: gpg-preset-passphrase [параметри] KEYGRIP\n"
+"ÐšÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐµÑˆÐµÐ¼ паролів\n"
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@Команди:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"Параметри:\n"
+" "
+
+#: agent/protect-tool.c:166
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "ВикориÑтаннÑ: gpg-protect-tool [параметри] (-h — довідка)\n"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+"СинтакÑиÑ: gpg-protect-tool [параметри] [аргументи]\n"
+"ІнÑтрумент ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°ÐºÑ€Ð¸Ñ‚Ð¸Ð¼Ð¸ ключами\n"
+
+#: agent/protect-tool.c:1162
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "Будь лаÑка, вкажіть пароль Ð´Ð»Ñ Ð·Ð½ÑÑ‚Ñ‚Ñ Ð·Ð°Ñ…Ð¸Ñту з об’єкта PKCS#12."
+
+#: agent/protect-tool.c:1167
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "Будь лаÑка, вкажіть пароль Ð´Ð»Ñ Ð·Ð°Ñ…Ð¸Ñту нового об’єкта PKCS#12."
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+"Будь лаÑка, введіть пароль Ð´Ð»Ñ Ð·Ð°Ñ…Ð¸Ñту імпортованого об’єкта у ÑиÑтемі GnuPG."
+
+#: agent/protect-tool.c:1178
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+"Будь лаÑка, вкажіть пароль або пінкод,\n"
+"потрібні Ð´Ð»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñ†Ñ–Ñ”Ñ— дії."
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+msgid "Passphrase:"
+msgstr "Пароль:"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+msgid "cancelled\n"
+msgstr "ÑкаÑовано\n"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби запиту паролÑ: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, c-format
+msgid "error opening `%s': %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ñ‚Ñ Â«%s»: %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "файл «%s», Ñ€Ñдок %d: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr "проігноровано інÑтрукцію «%s» у «%s», Ñ€Ñдок %d\n"
+
+#: agent/trustlist.c:185
+#, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "ÑпиÑок довіри ÑиÑтеми «%s» недоÑтупний\n"
+
+#: agent/trustlist.c:229
+#, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "помилковий відбиток у «%s», Ñ€Ñдок %d\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr "некоректна позначка ключа у «%s», Ñ€Ñдок %d\n"
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Â«%s», Ñ€Ñдок %d: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ ÑпиÑку надійних кореневих Ñертифікатів\n"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+"Бажаєте вÑтановити абÑолютний рівень довіри до%%0A «%s»%%0Aз метою належної "
+"Ñертифікації Ñертифікатів кориÑтувача?"
+
+#: agent/trustlist.c:620 common/audit.c:467
+msgid "Yes"
+msgstr "Так"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr "ÐÑ–"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+"Будь лаÑка, перевірте, чи Ñертифікат, ідентифікований Ñк%%0A \"%s\"%%0Aмає "
+"відбиток:%%0A %s"
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr "Підтверджую"
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr "Ðе підтверджую"
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+"ЗауваженнÑ: цей пароль ще не змінювавÑÑ.%0AБудь лаÑка, змініть його зараз."
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+"Цей пароль не змінювавÑÑ%%0Aз %.4s-%.2s-%.2s. Будь лаÑка, змініть його "
+"зараз."
+
+#: agent/findkey.c:187 agent/findkey.c:194
+msgid "Change passphrase"
+msgstr "Змінити пароль"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr "Я зміню його пізніше"
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ°Ð½Ð°Ð»Ñƒ: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ fdopen щодо каналу Ð´Ð»Ñ Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, c-format
+msgid "error forking process: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ñ€Ð¾Ð·Ð³Ð°Ð»ÑƒÐ¶ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ñ†ÐµÑу: %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr "не вдалоÑÑ Ð´Ð¾Ñ‡ÐµÐºÐ°Ñ‚Ð¸ÑÑ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ñ†ÐµÑу %d: %s\n"
+
+#: common/exechelp.c:819
+#, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ ÐºÐ¾Ð´Ñƒ виходу процеÑу %d: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Â«%s»: Ñтан виходу %d\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+"помилка під Ñ‡Ð°Ñ Ñпроби Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Â«%s»: ймовірно, програму не вÑтановлено\n"
+
+#: common/exechelp.c:885
+#, c-format
+msgid "error running `%s': terminated\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Â«%s»: Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÑ€Ð²Ð°Ð½Ð¾\n"
+
+#: common/http.c:1674
+#, c-format
+msgid "error creating socket: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñокета: %s\n"
+
+#: common/http.c:1718
+msgid "host not found"
+msgstr "вузол не знайдено"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent недоÑтупний у цьому ÑеанÑÑ–\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "не вдалоÑÑ Ð²Ñтановити Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· «%s»: %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "проблема під Ñ‡Ð°Ñ Ñпроби обміну даними з gpg-agent\n"
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr "проблема під Ñ‡Ð°Ñ Ñпроби вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ñ–Ð² gpg-agent\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+msgid "canceled by user\n"
+msgstr "ÑкаÑовано кориÑтувачем\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr "проблема з агентом\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "не вдалоÑÑ Ð²Ð¸Ð¼ÐºÐ½ÑƒÑ‚Ð¸ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð´Ð°Ð¼Ð¿Ñ–Ð² образів у пам’ÑÑ‚Ñ–: %s\n"
+
+#: common/sysutils.c:200
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "Увага: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²Ð»Ð°Ñника не Ñ” безпечним Ð´Ð»Ñ %s — «%s»\n"
+
+#: common/sysutils.c:232
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "Увага: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ð² доÑтупу не Ñ” безпечним Ð´Ð»Ñ %s — «%s»\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "yes|так"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "yYтТ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "no|ні"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nNнÐ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "quit|вийти"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "qQвВ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr "okay|гаразд"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr "cancel|ÑкаÑувати"
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr "oOгГ"
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr "cCÑС"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+"вихід за межі безпечної облаÑÑ‚Ñ– пам’ÑÑ‚Ñ– під Ñ‡Ð°Ñ Ñпроби Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ %lu байтів"
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr "вихід за межі облаÑÑ‚Ñ– під Ñ‡Ð°Ñ Ñпроби Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ %lu байтів"
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr "не запущено gpg-agent — запуÑкаємо його\n"
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr "Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ %d на працездатніÑÑ‚ÑŒ агента\n"
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+"не вдалоÑÑ Ð²Ñтановити Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· агентом, викориÑтовуємо резервний варіант\n"
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr "|audit-log-result|Перевірку пройдено"
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr "|audit-log-result|Перевірку не пройдено"
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr "|audit-log-result|Ðе підтримуєтьÑÑ"
+
+#: common/audit.c:481
+msgid "|audit-log-result|No certificate"
+msgstr "|audit-log-result|Ðемає Ñертифіката"
+
+#: common/audit.c:483
+msgid "|audit-log-result|Not enabled"
+msgstr "|audit-log-result|Ðе увімкнено"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr "|audit-log-result|Помилка"
+
+#: common/audit.c:487
+msgid "|audit-log-result|Not used"
+msgstr "|audit-log-result|Ðе викориÑтано"
+
+#: common/audit.c:489
+msgid "|audit-log-result|Okay"
+msgstr "|audit-log-result|Гаразд"
+
+#: common/audit.c:491
+msgid "|audit-log-result|Skipped"
+msgstr "|audit-log-result|Пропущено"
+
+#: common/audit.c:493
+msgid "|audit-log-result|Some"
+msgstr "|audit-log-result|Декілька"
+
+#: common/audit.c:726
+msgid "Certificate chain available"
+msgstr "ДоÑтупний ланцюжок Ñертифікації"
+
+#: common/audit.c:733
+msgid "root certificate missing"
+msgstr "не виÑвлено кореневого Ñертифіката"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr "Дані зашифровано"
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+msgid "Data available"
+msgstr "Дані доÑтупні"
+
+#: common/audit.c:767
+msgid "Session key created"
+msgstr "Створено ключ ÑеанÑу"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, c-format
+msgid "algorithm: %s"
+msgstr "алгоритм: %s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, c-format
+msgid "unsupported algorithm: %s"
+msgstr "непідтримуваний алгоритм: %s"
+
+#: common/audit.c:778 common/audit.c:925
+msgid "seems to be not encrypted"
+msgstr "здаєтьÑÑ, не зашифровано"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr "КількіÑÑ‚ÑŒ отримувачів"
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr "Отримувач %d"
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr "Дані підпиÑано"
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, c-format
+msgid "data hash algorithm: %s"
+msgstr "алгоритм Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ…: %s"
+
+#: common/audit.c:862
+#, c-format
+msgid "Signer %d"
+msgstr "ПідпиÑувач %d"
+
+#: common/audit.c:866 common/audit.c:1065
+#, c-format
+msgid "attr hash algorithm: %s"
+msgstr "алгоритм Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð°Ñ‚Ñ€Ð¸Ð±ÑƒÑ‚Ñ–Ð²: %s"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr "Дані розшифровано"
+
+#: common/audit.c:910
+msgid "Encryption algorithm supported"
+msgstr "Підтримуваний алгоритм шифруваннÑ"
+
+#: common/audit.c:993
+msgid "Data verification succeeded"
+msgstr "Дані перевірено"
+
+#: common/audit.c:1002
+msgid "Signature available"
+msgstr "ДоÑтупний підпиÑ"
+
+#: common/audit.c:1024
+msgid "Parsing data succeeded"
+msgstr "Дані оброблено"
+
+#: common/audit.c:1036
+#, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "помилковий алгоритм Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ…: %s"
+
+#: common/audit.c:1051
+#, c-format
+msgid "Signature %d"
+msgstr "ÐŸÑ–Ð´Ð¿Ð¸Ñ %d"
+
+#: common/audit.c:1079
+msgid "Certificate chain valid"
+msgstr "Ланцюжок Ñертифікації Ñ” чинним"
+
+#: common/audit.c:1090
+msgid "Root certificate trustworthy"
+msgstr "Кореневий Ñертифікат Ñ” гідним довіри"
+
+#: common/audit.c:1111 sm/certchain.c:935
+msgid "no CRL found for certificate"
+msgstr "не знайдено ÑпиÑку Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ Ð´Ð»Ñ Ñертифіката"
+
+#: common/audit.c:1114 sm/certchain.c:945
+msgid "the available CRL is too old"
+msgstr "доÑтупний ÑпиÑок Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ Ñ” занадто Ñтарим"
+
+#: common/audit.c:1119
+msgid "CRL/OCSP check of certificates"
+msgstr "перевірка Ñертифікатів за допомогою CRL/OCSP"
+
+#: common/audit.c:1139
+msgid "Included certificates"
+msgstr "Включені Ñертифікати"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr "Ðемає запиÑів журналу перевірки."
+
+#: common/audit.c:1243
+msgid "Unknown operation"
+msgstr "Ðевідома діÑ"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr "Gpg-Agent придатний до викориÑтаннÑ"
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr "Dirmngr придатна до викориÑтаннÑ"
+
+#: common/audit.c:1307
+#, c-format
+msgid "No help available for `%s'."
+msgstr "Довідки щодо «%s» не виÑвлено."
+
+#: common/helpfile.c:80
+msgid "ignoring garbage line"
+msgstr "ігноруємо беззміÑтовний Ñ€Ñдок"
+
+#: common/gettime.c:503
+msgid "[none]"
+msgstr "[немає]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "формат ASCII: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "некоректний заголовок ASCII: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "заголовок ASCII: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "некоректний заголовок прозорого підпиÑу\n"
+
+#: g10/armor.c:455
+msgid "unknown armor header: "
+msgstr "некоректний заголовок ASCII: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "вкладені підпиÑи нешифрованим текÑтом\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "неочікуваний формат ASCII: "
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "некоректний екранований дефіÑами Ñ€Ñдок: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "пропущено некоректний Ñимвол radix64 %02X\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "завчаÑний кінець файла (немає CRC)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "завчаÑний кінець файла (у CRC)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "помилкове Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ CRC\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "помилка CRC; %06lX - %06lX\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "завчаÑний кінець файла (у додатку)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "помилка у Ñ€Ñдку доповненнÑ\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "не виÑвлено коректних даних OpenPGP.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "некоректний формат ASCII: Ñ€Ñдок Ñ” довшим за %d Ñимволів\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr ""
+"Ñимволи quoted printable у кодуванні ASCII — ймовірно, викориÑтано "
+"помилковий MTA\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+"назва примітки має ÑкладатиÑÑ Ð· друкованих Ñимволів або пробілів Ñ– "
+"завершуватиÑÑ Ñимволом «=»\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "назва примітки кориÑтувача має міÑтити Ñимвол «@»\n"
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "назва примітки не повинна міÑтити більше за один Ñимвол «@»\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "у значенні примітки не повинно міÑтитиÑÑ ÐºÐµÑ€Ñ–Ð²Ð½Ð¸Ñ… Ñимволів\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "УВÐГÐ: виÑвлено некоректні дані примітки\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "незручне Ð´Ð»Ñ Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "Ðе вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ доÑтуп до картки OpenPGP: %s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "ВиÑвлено картку OpenPGP з номером %s\n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "це не можна робити у пакетному режимі\n"
+
+#: g10/card-util.c:106
+msgid "This command is only available for version 2 cards\n"
+msgstr "Цією командою можна кориÑтуватиÑÑ Ð»Ð¸ÑˆÐµ Ð´Ð»Ñ ÐºÐ°Ñ€Ñ‚Ð¾Ðº верÑÑ–Ñ— 2\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+msgid "Reset Code not or not anymore available\n"
+msgstr "Ðемає коду ÑÐºÐ¸Ð´Ð°Ð½Ð½Ñ Ð°Ð±Ð¾ код ÑÐºÐ¸Ð´Ð°Ð½Ð½Ñ Ð²Ð¶Ðµ недоÑтупний\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "Ваш вибір? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[не вÑтановлено]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "чоловіча"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "жіноча"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "не вказано"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "не увімкнено"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "увімкнено"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr ""
+"Помилка: у поточній верÑÑ–Ñ— можна викориÑтовувати лише звичайний ASCII.\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "Помилка: Ñимвол «<» не можна викориÑтовувати.\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "Помилка: не можна викориÑтовувати подвійні пробіли.\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "Прізвище влаÑника картки: "
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "Ð†Ð¼â€™Ñ Ð²Ð»Ð°Ñника картки: "
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "Помилка: Ñкладена назва Ñ” занадто довгою (макÑимум — %d Ñимволів).\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "ÐдреÑа Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¾Ð³Ð¾ ключа: "
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "Помилка: адреÑа Ñ” занадто довгою (макÑимум — %d Ñимволів).\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби розподілу пам’ÑÑ‚Ñ–: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Â«%s»: %s\n"
+
+#: g10/card-util.c:839
+#, c-format
+msgid "error writing `%s': %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Â«%s»: %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "Дані кориÑтувача (назва запиÑу): "
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr ""
+"Помилка: дані кориÑтувача Ñ” занадто довгими (макÑимум — %d Ñимволів).\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr "ОÑобиÑÑ‚Ñ– дані DO: "
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr ""
+"Помилка: оÑобиÑÑ‚Ñ– дані D0 Ñ” занадто довгими (макÑимум — %d Ñимволів).\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "ОÑновна мова: "
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "Помилка: некоректна довжина Ñ€Ñдка оÑновної мови.\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "Помилка: некоректні Ñимволи у Ñ€Ñдку оÑновної мови.\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "Стать (чоловіча (M), жіноча (F) або пробіл): "
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "Помилка: некоректна відповідь.\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "Відбиток CA: "
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "Помилка: некоректне Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñ–Ð´Ð±Ð¸Ñ‚ÐºÐ°.\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "Ð´Ñ–Ñ Ð½Ð°Ð´ ключем неможлива: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "не є карткою OpenPGP"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… поточного ключа: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "Замінити вже Ñтворений ключ? (y/N або Ñ‚/Ð) "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+"ЗÐУВÐЖЕÐÐЯ: не можна гарантувати підтримку карткою бажаного\n"
+" розміру. Якщо ключ не вдаÑÑ‚ÑŒÑÑ Ñтворити, будь лаÑка,\n"
+" ознайомтеÑÑ Ð· документацією до вашої картки, щоб\n"
+" визначити дозволені розміри.\n"
+
+#: g10/card-util.c:1295
+#, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "Якому розміру ключа підпиÑÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ð¸ надаєте перевагу? (%u) "
+
+#: g10/card-util.c:1297
+#, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "Яким має бути розмір ключа Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ? (%u) "
+
+#: g10/card-util.c:1298
+#, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "Якому розміру ключа Ð´Ð»Ñ Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ Ð²Ð¸ надаєте перевагу? (%u) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "округлено до %u бітів\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "Розміри ключів %s мають перебувати у діапазоні %u—%u\n"
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+"Зараз Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ°Ñ€Ñ‚ÐºÐ¸ буде змінено Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ %u-бітового ключа\n"
+
+#: g10/card-util.c:1342
+#, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби зміни розміру ключа з %d на %u: %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "Створити резервну копію ключа ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ð·Ð° карткою? (Y/n або Т/н) "
+
+#: g10/card-util.c:1378
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "ЗÐУВÐЖЕÐÐЯ: ключі вже збережено на картці!\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "Замірити вже Ñтворені ключі? (y/N або Ñ‚/Ð) "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"Зауважте, що типовими параметрами пінкоду є\n"
+" PIN = «%s» ÐдмініÑтративний PIN = «%s»\n"
+"Вам Ñлід змінити параметри за допомогою команди --change-pin\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "Виберіть тип ключа, Ñкий Ñлід Ñтворити:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) Ключ підпиÑуваннÑ\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) Ключ шифруваннÑ\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) Ключ розпізнаваннÑ\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "Ðекоректний вибір.\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "Виберіть Ñховище Ð´Ð»Ñ Ð·Ð±ÐµÑ€Ñ–Ð³Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð°:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "невідомий алгоритм захиÑту ключа\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "закриті чаÑтини ключа недоÑтупні\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "закритий ключ вже збережено на картці\n"
+
+#: g10/card-util.c:1623
+#, c-format
+msgid "error writing key to card: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби запиÑу ключа на картку: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "вийти з цього меню"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "показати керівні команди"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "показати цю довідкову інформацію"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "показати вÑÑ– доÑтупні дані"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "змінити Ñ–Ð¼â€™Ñ Ð²Ð»Ð°Ñника картки"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "змінити адреÑу Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð°"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "отримати ключ, вказаний у полі адреÑи картки"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "змінити Ñ–Ð¼â€™Ñ ÐºÐ¾Ñ€Ð¸Ñтувача"
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "змінити оÑновну мову"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "змінити поле Ñтаті влаÑника картки"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "змінити відбиток CA"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr "увімкнути або вимкнути позначку примуÑового пінкоду підпиÑу"
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "Ñтворити ключі"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "меню зміни або Ñ€Ð¾Ð·Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð½ÐºÐ¾Ð´Ñƒ"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr "перевірити пінкод Ñ– показати ÑпиÑок вÑÑ–Ñ… даних"
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr "розблокувати під коду за допомогою коду ÑкиданнÑ"
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr "gpg/картка> "
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "Команда адмініÑтратора\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "Команди адмініÑÑ‚Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð¾Ð·Ð²Ð¾Ð»ÐµÐ½Ð¾\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "Команди адмініÑÑ‚Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ð±Ð¾Ñ€Ð¾Ð½ÐµÐ½Ð¾\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "Ðекоректна команда (ÑкориÑтайтеÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ «help»)\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output не працює з цією командою\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ «%s»\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "ключ «%s» не знайдено: %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð°: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(Ñкщо ключ не задано відбитком)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "цього не можна робити у пакетному режимі без «--yes»\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "Вилучити цей ключ зі Ñховища? (y/N або Ñ‚/Ð) "
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "Цей ключ Ñ” закритим! Вилучити його? (y/N або Ñ‚/Ð) "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "не вдалоÑÑ Ð²Ð¸Ð»ÑƒÑ‡Ð¸Ñ‚Ð¸ Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð°: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "дані щодо довіри до влаÑника вилучено\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "маємо закритий ключ Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¾Ð³Ð¾ ключа «%s»!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr ""
+"Ñпершу ÑкориÑтайтеÑÑ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ «--delete-secret-keys» Ð´Ð»Ñ Ð¹Ð¾Ð³Ð¾ вилученнÑ.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "не можна викориÑтовувати Ñиметричний пакет ESK через режим S2K\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "викориÑтано шифр %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "«%s» вже ÑтиÑнено\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "УВÐГÐ: файл «%s» Ñ” порожнім\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr ""
+"шифрувати ключами RSA з розміром у 2048 бітів або менше лише у режимі --"
+"pgp2\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð· «%s»\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr ""
+"не можна викориÑтовувати шифр IDEA Ð´Ð»Ñ Ð²ÑÑ–Ñ… ключів, Ñкими виконуєтьÑÑ "
+"шифруваннÑ.\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"УВÐГÐ: примуÑове викориÑÑ‚Ð°Ð½Ð½Ñ Ñиметричного шифру %s (%d) не відповідає "
+"параметрам отримувача\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr ""
+"УВÐГÐ: примуÑове викориÑÑ‚Ð°Ð½Ð½Ñ Ð°Ð»Ð³Ð¾Ñ€Ð¸Ñ‚Ð¼Ñƒ ÑтиÑÐ½ÐµÐ½Ð½Ñ %s (%d) не відповідає "
+"параметрам отримувача\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr ""
+"примуÑове викориÑÑ‚Ð°Ð½Ð½Ñ Ñиметричного шифру %s (%d) не відповідає параметрам "
+"отримувача\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "не можна викориÑтовувати %s у режимі %s\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s зашифровано Ð´Ð»Ñ Â«%s»\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "Дані, зашифровані за алгоритмом %s\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "зашифровано за допомогою невідомого алгоритму %d\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr ""
+"УВÐГÐ: Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð·Ð°ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¾ Ñлабким ключем з Ñиметричним шифруваннÑм.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "проблема з обробкою зашифрованого пакета\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð²Ñ–Ð´Ð´Ð°Ð»ÐµÐ½Ð¸Ñ… програм не передбачено\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr ""
+"виклик зовнішніх програм вимкнено через невідповідніÑÑ‚ÑŒ прав доÑтупу до "
+"файла параметрами безпеки\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr ""
+"на цій платформі Ñлід викориÑтовувати тимчаÑові файли під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ»Ð¸ÐºÑƒ "
+"зовнішніх програм\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ програму «%s»: %s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ оболонку «%s»: %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "ÑиÑтемна помилка під Ñ‡Ð°Ñ Ñпроби виклику зовнішньої програми: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "неприродний вихід з зовнішньої програми\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ зовнішню програму\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "не вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ відповідь зовнішньої програми: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "УВÐГÐ: не вдалоÑÑ Ð²Ð¸Ð»ÑƒÑ‡Ð¸Ñ‚Ð¸ тимчаÑовий файл (%s) «%s»: %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "УВÐГÐ: не вдалоÑÑ Ð²Ð¸Ð»ÑƒÑ‡Ð¸Ñ‚Ð¸ тимчаÑовий каталог «%s»: %s\n"
+
+#: g10/export.c:61
+msgid "export signatures that are marked as local-only"
+msgstr ""
+"екÑпортувати підпиÑи, Ñкі позначено Ñк придатні лише Ð´Ð»Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾Ð³Ð¾ "
+"викориÑтаннÑ"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr ""
+"екÑпортувати ідентифікатори кориÑтувача атрибута (типово фотоідентифікатори)"
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "екÑпортувати ключі відкликаннÑ, позначені Ñк «важливі»"
+
+#: g10/export.c:67
+msgid "remove the passphrase from exported subkeys"
+msgstr "вилучити пароль з екÑпортованих підключів"
+
+#: g10/export.c:69
+msgid "remove unusable parts from key during export"
+msgstr "вилучити невикориÑтовувані чаÑтини ключа під Ñ‡Ð°Ñ ÐµÐºÑпортуваннÑ"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr "вилучити макÑимум чаÑтин з ключа під Ñ‡Ð°Ñ ÐµÐºÑпортуваннÑ"
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr "екÑпортувати ключі у форматі, заÑнованому на S-виразах"
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "екÑÐ¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°ÐºÑ€Ð¸Ñ‚Ð¸Ñ… ключів заборонено\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "ключ %s: не захищено — пропущено\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "ключ %s: ключ у Ñтилі PGP 2.x — пропущено\n"
+
+#: g10/export.c:386
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "ключ %s: матеріал ключа на карті — пропущено\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr "Ñпроба екÑÐ¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð½ÐµÐ·Ð°Ñ…Ð¸Ñ‰ÐµÐ½Ð¾Ð³Ð¾ підключа\n"
+
+#: g10/export.c:560
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "не вдалоÑÑ Ð·Ð½Ñти захиÑÑ‚ з підключа: %s\n"
+
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "УВÐГÐ: закритий ключ %s не має проÑтої контрольної Ñуми ЗК\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "УВÐГÐ: нічого не екÑпортовано\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "занадто багато запиÑів у кеші pk — вимкнено\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[Ідентифікатор не знайдено]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr "автоматично отримано «%s» за допомогою %s\n"
+
+#: g10/getkey.c:1118
+#, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Â«%s» за допомогою %s: %s\n"
+
+#: g10/getkey.c:1120
+msgid "No fingerprint"
+msgstr "Без відбитка"
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr ""
+"Ðекоректний ключ %s визнано чинним через параметр --allow-non-selfsigned-"
+"uid\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "немає закритого підключа Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¾Ð³Ð¾ підключа %s — пропуÑкаємо\n"
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "викориÑтовуємо підключ %s заміÑÑ‚ÑŒ оÑновного ключа %s\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "ключ %s: закритий ключ без відкритого ключа — пропущено\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+msgid "make a signature"
+msgstr "Ñтворити підпиÑ"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+msgid "make a clear text signature"
+msgstr "Ñтворити текÑтовий підпиÑ"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "Ñтворити від’єднаний підпиÑ"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "зашифрувати дані"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "шифрувати лише за допомогою Ñиметричного шифру"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "розшифрувати дані (типова діÑ)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "перевірити підпиÑ"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "показати ÑпиÑок ключів"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "показати ÑпиÑок ключів Ñ– підпиÑів"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "показати ÑпиÑок Ñ– перевірити підпиÑи ключів"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "показати ÑпиÑок ключів Ñ– відбитків"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "показати ÑпиÑок закритих ключів"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "Ñтворити пару ключів"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "Ñтворити Ñертифікат відкликаннÑ"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "вилучити ключі з відкритого Ñховища ключів"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "вилучити ключів з закритого Ñховища ключів"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "підпиÑати ключ"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "підпиÑати ключ локально"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "підпиÑати або редагувати ключ"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+msgid "change a passphrase"
+msgstr "змінити пароль"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "екÑпортувати ключі"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "екÑпортувати ключі на Ñервер ключів"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "імпортувати ключі з Ñервера ключів"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "шукати ключі на Ñервері ключів"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "оновити вÑÑ– ключів з Ñервера ключів"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "імпортувати/об’єднати ключі"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "показати дані про Ñтан картки"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "змінити дані на картці"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "змінити пінкод картки"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "оновити базу даних довіри"
+
+#: g10/gpg.c:436
+msgid "print message digests"
+msgstr "показати контрольні Ñуми повідомлень"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr "запуÑтити у режимі Ñервера"
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "Ñтворити дані у форматі ASCII"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|USER-ID|зашифрувати Ð´Ð»Ñ Ð²ÐºÐ°Ð·Ð°Ð½Ð¾Ð³Ð¾ ідентифікатора"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr ""
+"|USER-ID|викориÑтовувати Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñів або Ñ€Ð¾Ð·ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð²ÐºÐ°Ð·Ð°Ð½Ð¸Ð¹ "
+"ідентифікатор"
+
+#: g10/gpg.c:462
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|вÑтановити рівень ÑтиÑÐ½ÐµÐ½Ð½Ñ (0 — вимкнути)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "викориÑтовувати канонічний текÑтовий режим"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+msgid "|FILE|write output to FILE"
+msgstr "|FILE|запиÑати дані до вказаного файла"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "не вноÑити змін"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "запитувати перед перезапиÑом"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "Ñтрого викориÑтовувати Ñтандарт OpenPGP"
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(Щоб ознайомитиÑÑ Ð·Ñ– ÑпиÑком команд Ñ– параметрів, ÑкориÑтайтеÑÑ Ñторінкою "
+"довідника (man))\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"Приклади:\n"
+"\n"
+" -se -r Bob [файл] підпиÑати Ñ– зашифрувати дані Ð´Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувача "
+"Bob\n"
+" --clearsign [файл] Ñтворити текÑтовий підпиÑ\n"
+" --detach-sign [файл] Ñтворити від’єднаний підпиÑ\n"
+" --list-keys [назви] показати ключі\n"
+" --fingerprint [назви] показати відбитки\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "ВикориÑтаннÑ: gpg [параметри] [файли] (-h — довідка)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"СинтакÑиÑ: gpg [параметри] [файли]\n"
+"ПідпиÑуваннÑ, перевірка підпиÑів, ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð°Ð±Ð¾ розшифруваннÑ\n"
+"Типова Ð´Ñ–Ñ Ð·Ð°Ð»ÐµÐ¶Ð°Ñ‚Ð¸Ð¼Ðµ від вхідних даних\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"Підтримувані алгоритми:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "Відкритий ключ: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "Шифр: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "Хеш: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "СтиÑненнÑ: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "викориÑтаннÑ: gpg [параметри] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "неÑуміÑні команди\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "у визначенні групи «%s» немає знаку «=»\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "УВÐГÐ: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²Ð»Ð°Ñника домашнього каталогу «%s» не Ñ” безпечним\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "УВÐГÐ: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²Ð»Ð°Ñника у файлі налаштувань «%s» не Ñ” безпечним\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "УВÐГÐ: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²Ð»Ð°Ñника додатка «%s» не Ñ” безпечним\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr ""
+"УВÐГÐ: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ð² доÑтупу до домашнього каталогу «%s» не Ñ” безпечним\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr ""
+"УВÐГÐ: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ð² доÑтупу до файла налаштувань «%s» не Ñ” безпечним\n"
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "УВÐГÐ: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ð² доÑтупу до додатка «%s» не Ñ” безпечним\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr ""
+"УВÐГÐ: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²Ð»Ð°Ñника підлеглого каталогу домашнього каталогу «%s» не Ñ” "
+"безпечним\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr ""
+"УВÐГÐ: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²Ð»Ð°Ñника у підлеглому каталозі, визначеному файлом "
+"налаштувань «%s», не є безпечним\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr ""
+"УВÐГÐ: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²Ð»Ð°Ñника підлеглого каталогу у додатку «%s» не Ñ” безпечним\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr ""
+"УВÐГÐ: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ð² доÑтупу до підлеглого каталогу домашнього каталогу «%"
+"s» не є безпечним\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr ""
+"УВÐГÐ: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ð² доÑтупу до підлеглого каталогу, визначеного файлом "
+"налаштувань «%s», не є безпечним\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr ""
+"УВÐГÐ: Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ð² доÑтупу до підлеглого каталогу у додатку «%s» не Ñ” "
+"безпечним\n"
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "невідомий пункт налаштувань «%s»\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr "показувати фотоідентифікатори у ÑпиÑках ключів"
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr "показувати адреÑи правил у ÑпиÑках підпиÑів"
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr "показувати вÑÑ– примітки у ÑпиÑках підпиÑів"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr "показувати Ñтандартні примітки IETF у ÑпиÑках підпиÑів"
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr "показувати примітки кориÑтувача у ÑпиÑках підпиÑів"
+
+#: g10/gpg.c:1711
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "показувати адреÑи оÑновних Ñерверів ключів у ÑпиÑках підпиÑів"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr "показувати чинніÑÑ‚ÑŒ ідентифікаторів кориÑтувачів у ÑпиÑках ключів"
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr ""
+"показувати відкликані та заÑтарілі ідентифікатори кориÑтувачів у ÑпиÑках "
+"ключів"
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr "показувати відкликані та заÑтарілі підключі у ÑпиÑках ключів"
+
+#: g10/gpg.c:1719
+msgid "show the keyring name in key listings"
+msgstr "показувати назву Ñховища ключів у ÑпиÑках ключів"
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr "показувати дати Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñтроків дії у ÑпиÑку підпиÑів"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "ЗÐУВÐЖЕÐÐЯ: заÑтарілий файл типових параметрів «%s» проігноровано\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr "libgcrypt занадто Ñтара (потрібна — %s, маємо %s)\n"
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "ЗÐУВÐЖЕÐÐЯ: %s не призначено Ð´Ð»Ñ Ð·Ð²Ð¸Ñ‡Ð°Ð¹Ð½Ð¾Ð³Ð¾ викориÑтаннÑ!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "«%s» не Ñ” коректним запиÑом Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñтроку дії підпиÑу\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "«%s» не Ñ” коректним набором Ñимволів\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "не вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ адреÑу Ñервера ключів\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: некоректні параметри Ñервера ключів\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "некоректні параметри Ñервера ключів\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: некоректні параметри імпортуваннÑ\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "некоректні параметри імпортуваннÑ\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: некоректні параметри екÑпортуваннÑ\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "некоректні параметри екÑпортуваннÑ\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: некоректні параметри побудови ÑпиÑку\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "некоректні параметри побудови ÑпиÑку\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr "показувати фотоідентифікатори під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ підпиÑів"
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr "показувати адреÑи правил під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ підпиÑів"
+
+#: g10/gpg.c:2704
+msgid "show all notations during signature verification"
+msgstr "показувати вÑÑ– примітки під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ підпиÑів"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr "показувати Ñтандартні примітки IETF під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ підпиÑів"
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr "показувати вказані кориÑтувачем примітки під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ підпиÑів"
+
+#: g10/gpg.c:2712
+msgid "show preferred keyserver URLs during signature verification"
+msgstr ""
+"показувати адреÑи оÑновних Ñерверів ключів у ÑпиÑках перевірки підпиÑів"
+
+#: g10/gpg.c:2714
+msgid "show user ID validity during signature verification"
+msgstr ""
+"показувати чинніÑÑ‚ÑŒ ідентифікаторів кориÑтувача під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ підпиÑів"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr ""
+"показувати відкликані та заÑтарілі ідентифікатори кориÑтувачів у ÑпиÑках "
+"перевірки підпиÑів"
+
+#: g10/gpg.c:2718
+msgid "show only the primary user ID in signature verification"
+msgstr ""
+"показувати лише оÑновний ідентифікатор кориÑтувача під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ підпиÑів"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr "перевірити підпиÑи за допомогою даних PKA"
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr "піднÑти рівень довіри до підпиÑів з коректними даними PKA"
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: некоректні параметри перевірки\n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "некоректні параметри перевірки\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "не вдалоÑÑ Ð²Ñтановити шлÑÑ… Ð´Ð»Ñ Ð·Ð°Ð¿ÑƒÑку у Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ %s\n"
+
+#: g10/gpg.c:2925
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: некоректний ÑпиÑок auto-key-locate\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr "некоректний ÑпиÑок auto-key-locate\n"
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "УВÐГÐ: можливе ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð´Ð°Ð¼Ð¿Ñƒ пам’ÑÑ‚Ñ– програми!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "УВÐГÐ: %s перевизначає %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s не можна викориÑтовувати разом з %s!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s Ñ” зайвим, Ñкщо викориÑтано %s!\n"
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "не буде запущено з помилками у захиÑÑ‚Ñ– пам’ÑÑ‚Ñ– через %s\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "від’єднані та текÑтові підпиÑи можна Ñтворювати лише у режимі --pgp2\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "у режимі --pgp2 не можна одночаÑно підпиÑувати Ñ– зашифровувати дані\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr ""
+"вам Ñлід викориÑтовувати файли (не канали даних) під Ñ‡Ð°Ñ Ñ€Ð¾Ð±Ð¾Ñ‚Ð¸ з увімкненим "
+"--pgp2.\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr ""
+"ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½ÑŒ у режимі --pgp2 потребує викориÑÑ‚Ð°Ð½Ð½Ñ ÑˆÐ¸Ñ„Ñ€Ñƒ IDEA\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "вибраний алгоритм ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ” некоректним\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "вибраний алгоритм побудови контрольних Ñум Ñ” некоректним\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "вибраний алгоритм ÑтиÑÐºÐ°Ð½Ð½Ñ Ñ” некоректним\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr ""
+"вибраний алгоритм ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»ÑŒÐ½Ð¸Ñ… Ñум Ð´Ð»Ñ Ñертифікації Ñ” некоректним\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ completes-needed має бути більшим за 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ marginals-needed має перевищувати 1\n"
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ max-cert-depth має перебувати у діапазоні від 1 до 255\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "некоректне Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ default-cert-level; має бути 0, 1, 2 або 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "некоректне Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ min-cert-level; має бути 1, 2 або 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr ""
+"ЗÐУВÐЖЕÐÐЯ: наполегливо не рекомендуємо вам кориÑтуватиÑÑ Ð¿Ñ€Ð¾Ñтим режимом "
+"S2K (0)\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "некоректний режим S2K; мало бути вказано 0, 1 або 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "некоректні типові параметри\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "некоректні оÑобиÑÑ‚Ñ– параметри шифруваннÑ\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "некоректні оÑобиÑÑ‚Ñ– параметри контрольної Ñуми\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "некоректні оÑобиÑÑ‚Ñ– параметри ÑтиÑканнÑ\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s ще не може працювати разом з %s\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "не можна викориÑтовувати алгоритм ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Â«%s» у режимі %s\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr ""
+"не можна викориÑтовувати алгоритм ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»ÑŒÐ½Ð¸Ñ… Ñум «%s» у режимі %s\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "не можна викориÑтовувати алгоритм ÑтиÑÐºÐ°Ð½Ð½Ñ Â«%s» у режимі %s\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "не вдалоÑÑ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·ÑƒÐ²Ð°Ñ‚Ð¸ базу даних надійноÑÑ‚Ñ– (TrustDB): %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr ""
+"УВÐГÐ: отримувачів (-r) вказано без викориÑÑ‚Ð°Ð½Ð½Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸Ð¼ "
+"ключем\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [назва файла]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [назва файла]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ñиметричного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Â«%s»: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [назва файла]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [назва файла]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr ""
+"не можна викориÑтовувати комбінацію --symmetric --encrypt у режимі --s2k-"
+"mode 0\n"
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr ""
+"не можна викориÑтовувати комбінацію --symmetric --encrypt у режимі %s\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [назва файла]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [назва файла]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [назва файла]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr ""
+"не можна викориÑтовувати комбінацію --symmetric --sign --encrypt у режимі --"
+"s2k-mode 0\n"
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr ""
+"не можна викориÑтовувати комбінацію --symmetric --sign --encrypt у режимі %"
+"s\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [назва файла]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [назва файла]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [назва файла]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key user-id"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key user-id"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key user-id [команди]"
+
+#: g10/gpg.c:3629
+msgid "--passwd <user-id>"
+msgstr "--passwd <ідентифікатор-кориÑтувача>"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ð½Ð°Ð´ÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… на Ñервер ключів: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… з Ñервера ключів: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби екÑÐ¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð°: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "помилка пошуку на Ñервері ключів: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "помилка Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð· Ñервера ключів: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "помилка Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð· формату ASCII: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "помилка Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñƒ формат ASCII: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "некоректний алгоритм Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Â«%s»\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[назва файла]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "Почніть вводити ваше повідомленнÑ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "вказана адреÑа правил Ñертифікації Ñ” некоректною\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "вказана адреÑа правил підпиÑÑƒÐ²Ð°Ð½Ð½Ñ Ñ” некоректною\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "вказана адреÑа оÑновного Ñервера ключів Ñ” некоректною\n"
+
+#: g10/gpgv.c:74
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "визначити ключі з файла Ñховища ключів ФÐЙЛ"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "Ñупроводжувати конфлікти чаÑових позначок лише попередженнÑми"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "запиÑувати до деÑкриптора файла дані щодо Ñтану"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "ВикориÑтаннÑ: gpgv [параметри] [файли] (-h — довідка)"
+
+#: g10/gpgv.c:119
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"СинтакÑиÑ: gpgv [параметри] [файли]\n"
+"Перевірити підпиÑи за допомогою відомих надійних ключів\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "Довідки не передбачено"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "Довідки щодо %s не виÑвлено"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr "імпортувати підпиÑи, позначені Ñк лише локальні"
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr "відновлювати Ð¿Ð¾ÑˆÐºÐ¾Ð´Ð¶ÐµÐ½Ð½Ñ Ñервером ключів pks під Ñ‡Ð°Ñ Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ"
+
+#: g10/import.c:98
+msgid "do not update the trustdb after import"
+msgstr "не оновлювати базу даних довіри піÑÐ»Ñ Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr "Ñтворити відкритий ключ під Ñ‡Ð°Ñ Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°ÐºÑ€Ð¸Ñ‚Ð¾Ð³Ð¾ ключа"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr "приймати Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð»Ð¸ÑˆÐµ вже Ñтворених ключів"
+
+#: g10/import.c:104
+msgid "remove unusable parts from key after import"
+msgstr "вилучити невикориÑтані чаÑтини ключа піÑÐ»Ñ Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr "вилучити макÑимум чаÑтин з ключа піÑÐ»Ñ Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ"
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "пропуÑкаємо блок типу %d\n"
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "оброблено %lu ключів\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "Загалом оброблено: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " пропущено нових ключів: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " без ід. кориÑтувача: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " імпортовано: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " без змін: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " нових ід. кориÑтувачів: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " нових підключів: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " нових підпиÑів: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " відкликань нових ключів: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " прочитано закритих ключів: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " імпортовано закр. ключів: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " закр. ключів без змін: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " не імпортовано: %lu\n"
+
+#: g10/import.c:323
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " вилучених підпиÑів: %lu\n"
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " вилучених ід. кориÑÑ‚.: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr ""
+"УВÐГÐ: у ключі %s міÑÑ‚ÑÑ‚ÑŒÑÑ Ð·Ð°Ð¿Ð¸Ñи Ð½Ð°Ð´Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÐ²Ð°Ð³Ð¸\n"
+"недоÑтупним алгоритмам Ð´Ð»Ñ Ñ‚Ð°ÐºÐ¸Ñ… ід. кориÑтувачів:\n"
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " «%s»: перевага алгоритму ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ %s\n"
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " «%s»: перевага алгоритму контрольних Ñум %s\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " «%s»: перевага алгоритму ÑтиÑÐºÐ°Ð½Ð½Ñ %s\n"
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "наполегливо рекомендуємо вам оновити запиÑи переваг Ñ–\n"
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr ""
+"повторно поширити цей ключ, щоб уникнути потенційних проблем з алгоритмами\n"
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr ""
+"оновити запиÑи перевад можна за допомогою команди: gpg --edit-key %s updpref "
+"save\n"
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "ключ %s: немає ідентифікатор кориÑтувача\n"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "ключ %s: відновлено пошкоджений підключ PKS\n"
+
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "ключ %s: прийнÑто неÑамопідпиÑаний ідентифікатор кориÑтувача «%s»\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "ключ %s: немає чинних ідентифікаторів кориÑтувача\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "причиною цього може бути те, що немає ÑамопідпиÑу\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "ключ %s: не знайдено відкритий ключ: %s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "ключ %s: новий ключ — пропущено\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "не виÑвлено придатного до запиÑу Ñховища ключів: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "запиÑуємо до «%s»\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби запиÑу Ñховища ключів «%s»: %s\n"
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "ключ %s: імпортовано відкритий ключ «%s»\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "ключ %s: не відповідає нашій копії\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "ключ %s: не вдалоÑÑ Ð·Ð½Ð°Ð¹Ñ‚Ð¸ початковий блок ключів: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "ключ %s: не вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ початковий блок ключів: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "ключ %s: «%s» 1 новий ідентифікатор кориÑтувача\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "ключ %s: «%s» %d нових ідентифікаторів кориÑтувачів\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "ключ %s: «%s» 1 новий підпиÑ\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "ключ %s: «%s» %d нових підпиÑів\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "ключ %s: «%s» 1 новий підключ\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "ключ %s: «%s» %d нових підключів\n"
+
+#: g10/import.c:980
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "ключ %s: «%s» вилучено %d підпиÑ\n"
+
+#: g10/import.c:983
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "ключ %s: «%s» вилучено %d підпиÑів\n"
+
+#: g10/import.c:986
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "ключ %s: «%s» Ñпорожнено %d ідентифікатор кориÑтувача\n"
+
+#: g10/import.c:989
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "ключ %s: «%s» Ñпорожнено %d ідентифікаторів кориÑтувачів\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "ключ %s: «%s» не змінено\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "ключ %s: закритий ключ з некоректним шифром %d — пропущено\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°ÐºÑ€Ð¸Ñ‚Ð¸Ñ… ключів заборонено\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "немає типового Ñховища закритих ключів: %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "ключ %s: імпортовано закритий ключ\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "ключ %s: вже у Ñховищі закритих ключів\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "ключ %s: закритий ключ не знайдено: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr ""
+"ключ %s: немає відкритого ключа — не можна заÑтоÑовувати Ñертифікат "
+"відкликаннÑ\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "ключ %s: некоректний Ñертифікат відкликаннÑ: %s — відкинуто\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "ключ %s: імпортовано Ñертифікат Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ Â«%s»\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "ключ %s: немає ідентифікатор кориÑтувача Ð´Ð»Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñу\n"
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr ""
+"ключ %s: непідтримуваний алгоритм ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¾Ð³Ð¾ ключа Ð´Ð»Ñ "
+"ідентифікатора кориÑтувача «%s»\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "ключ %s: некоректний ÑÐ°Ð¼Ð¾Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð´Ð»Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° кориÑтувача «%s»\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "ключ %s: непідтримуваний алгоритм ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¾Ð³Ð¾ ключа\n"
+
+#: g10/import.c:1484
+#, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "ключ %s: некоректний безпоÑередній Ð¿Ñ–Ð´Ð¿Ð¸Ñ ÐºÐ»ÑŽÑ‡Ð°\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "ключ %s: немає підключа Ð´Ð»Ñ Ð·Ð²â€™ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ñ–Ð²\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "ключ %s: некоректне зв’ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡Ñ–Ð²\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "ключ %s: вилучено кратне зв’ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡Ñ–Ð²\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "ключ %s: немає підключа Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð°\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "ключ %s: некоректне Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡Ð°\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "ключ %s: вилучено кратне Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡Ð°\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "ключ %s: пропущено ідентифікатор кориÑтувача «%s»\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "ключ %s: пропущено підключ\n"
+
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "ключ %s: непридатний до екÑпорту Ð¿Ñ–Ð´Ð¿Ð¸Ñ (ÐºÐ»Ð°Ñ 0x%02X) — пропущено\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "ключ %s: Ñертифікат Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ Ñƒ помилковому міÑці — пропущено\n"
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "ключ %s: некоректний Ñертифікат відкликаннÑ: %s — пропущено\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "ключ %s: Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡Ð° у помилковому міÑці — пропущено\n"
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "ключ %s: неочікуваний ÐºÐ»Ð°Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñу (0x%02X) — пропущено\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "ключ %s: виÑвлено Ð´ÑƒÐ±Ð»ÑŽÐ²Ð°Ð½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ñ–Ð² кориÑтувача — об’єднано\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr "УВÐГÐ: ключ %s могло бути відкликано: отримуємо ключ Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ %s\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr "УВÐГÐ: ключ %s могло бути відкликано: ключа Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ %s немає.\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "ключ %s: додано Ñертифікат Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ Â«%s»\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "ключ %s: додано безпоÑередній Ð¿Ñ–Ð´Ð¿Ð¸Ñ ÐºÐ»ÑŽÑ‡Ð°\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr ""
+"ЗÐУВÐЖЕÐÐЯ: Ñерійний номер ключа не збігаєтьÑÑ Ð· Ñерійним номером ключа на "
+"картці\n"
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "ЗÐУВÐЖЕÐÐЯ: оÑновний ключ викориÑтано Ñ– збережено на картці\n"
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "ЗÐУВÐЖЕÐÐЯ: вторинний ключ викориÑтано Ñ– збережено на картці\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñховища ключів «%s»: %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "Ñтворено Ñховище ключів «%s»\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "реÑÑƒÑ€Ñ Ð±Ð»Ð¾ÐºÑƒ ключів «%s»: %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "не вдалоÑÑ Ð¿ÐµÑ€ÐµÐ±ÑƒÐ´ÑƒÐ²Ð°Ñ‚Ð¸ кеш Ñховища ключів: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[відкликаннÑ]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[ÑамопідпиÑ]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 помилковий підпиÑ\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d помилкових підпиÑів\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "1 Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð½Ðµ перевірено через те, що немає ключа\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "%d підпиÑів не перевірено через те, що немає ключів\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "1 Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð½Ðµ перевірено через помилку\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "%d підпиÑів не перевірено через помилки\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "виÑвлено 1 ідентифікатор кориÑтувача без коректного ÑамопідпиÑу\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "виÑвлено %d ідентифікаторів кориÑтувачів без коректних ÑамопідпиÑів\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"ВизначтеÑÑ Ñ‰Ð¾Ð´Ð¾ Ñ€Ñ–Ð²Ð½Ñ Ð´Ð¾Ð²Ñ–Ñ€Ð¸ до цього кориÑтувача Ð´Ð»Ñ Ð½Ð°Ð»ÐµÐ¶Ð½Ð¾Ñ— перевірки "
+"ключів інших\n"
+"кориÑтувачів (за паÑпортами, відбитками з інших джерел тощо)\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = Я довірÑÑŽ не повніÑÑ‚ÑŽ\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = Я довірÑÑŽ повніÑÑ‚ÑŽ\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"Будь лаÑка, вкажіть глибину довіри до цього підпиÑу.\n"
+"Глибина, більша за 1, дозволÑÑ” ключу, Ñкий ви підпиÑуєте, Ñтворювати\n"
+"надійні підпиÑи від вашого імені.\n"
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr ""
+"Будь лаÑка, вкажіть домен Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ підпиÑу або натиÑніть Enter, Ñкщо "
+"такого домену немає.\n"
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "Ідентифікатор кориÑтувача «%s» відкликано."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "Ви певні, що вÑе ще бажаєте підпиÑати його? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " Ðеможливо підпиÑати.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "Строк дії ідентифікатор кориÑтувача «%s» Ñплив."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "Ідентифікатор кориÑтувача «%s» не Ñ” ÑамопідпиÑаним."
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "Ідентифікатор кориÑтувача «%s» можна підпиÑувати. "
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr "ПідпиÑати його? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"Ð¡Ð°Ð¼Ð¾Ð¿Ñ–Ð´Ð¿Ð¸Ñ Â«%s»\n"
+"Ñ” підпиÑом у форматі PGP 2.x.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr ""
+"Бажаєте розширити Ñферу викориÑÑ‚Ð°Ð½Ð½Ñ Ð´Ð¾ ÑамопідпиÑу OpenPGP? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"Строк дії вашого поточного підпиÑу «%s»\n"
+"завершено.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "Бажаєте видати новий Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð´Ð»Ñ Ð·Ð°Ð¼Ñ–Ð½Ð¸ заÑтарілого? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"Ваш поточний Ð¿Ñ–Ð´Ð¿Ð¸Ñ Â«%s»\n"
+"Ñ” локальним підпиÑом.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr ""
+"Бажаєте розширити Ñферу викориÑÑ‚Ð°Ð½Ð½Ñ Ð´Ð¾ повніÑÑ‚ÑŽ екÑпортованого підпиÑу? (y/"
+"N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "«%s» вже було локально підпиÑано ключем %s\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "«%s» вже було підпиÑано ключем %s\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "Бажаєте підпиÑати його попри вÑе? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "Ðічого підпиÑувати ключем %s\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "Строк дії цього ключа вичерпано!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "Строк дії цього ключа завершитьÑÑ %s.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "Бажаєте, щоб Ñтрок дії вашого підпиÑу був таким Ñамим? (Y/n або Т/н) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr "Ðе можна Ñтворювати Ð¿Ñ–Ð´Ð¿Ð¸Ñ OpenPGP ключа PGP 2.x у режимі --pgp2.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "Це може зробити ключ непридатним до викориÑÑ‚Ð°Ð½Ð½Ñ Ñƒ PGP 2.x.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"ÐаÑкільки ретельно ви перевірили те, що ключ, Ñкий ви маєте намір "
+"підпиÑати,\n"
+"Ñправді належить оÑобі, Ñ–Ð¼â€™Ñ Ñкої вказано вище? Якщо ви не знаєте відповіді, "
+"введіть «0».\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) Ðе буду відповідати.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) Мною не виконувалоÑÑ Ð½Ñ–Ñких перевірок.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) Мною виконано чаÑткову перевірку.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) Мною виконано ретельну перевірку.%s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr "Ваш вибір? (введіть «?», щоб дізнатиÑÑ Ð±Ñ–Ð»ÑŒÑˆÐµ): "
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr "Ви Ñправді бажаєте підпиÑати цей ключ вашим ключем «%s» (%s)\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "Це буде ÑамопідпиÑ.\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr "УВÐГÐ: Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð½Ðµ буде позначено Ñк непридатний до екÑпортуваннÑ.\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr "УВÐГÐ: Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð½Ðµ буде позначено Ñк непридатний до відкликаннÑ.\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "ÐŸÑ–Ð´Ð¿Ð¸Ñ Ð±ÑƒÐ´Ðµ позначено Ñк непридатний до екÑпортуваннÑ.\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "ÐŸÑ–Ð´Ð¿Ð¸Ñ Ð±ÑƒÐ´Ðµ позначено Ñк непридатний до відкликаннÑ.\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "Цей ключ не перевірÑвÑÑ Ð¼Ð½Ð¾ÑŽ.\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "Цей ключ перевірено мною чаÑтково.\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "Цей ключ ретельно перевірено мною.\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "ПідпиÑати? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби підпиÑуваннÑ: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr ""
+"До ключа включено лише типовий заповнювач або запиÑи ключа з картки — ніÑких "
+"паролів не потрібно змінювати.\n"
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "Цей ключ не захищено.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "Закриті чаÑтини оÑновного ключа недоÑтупні.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "Закриті чаÑтини оÑновного ключа зберігаютьÑÑ Ð½Ð° картці.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "Ключ захищено.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "Ð ÐµÐ´Ð°Ð³ÑƒÐ²Ð°Ð½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ ключа неможливе: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"Вкажіть новий пароль Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ закритого ключа.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "помилка під Ñ‡Ð°Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ, повторіть Ñпробу"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"Ви не викориÑтовуєте Ð¿Ð°Ñ€Ð¾Ð»Ñ â€” дуже погана робота!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "Ви Ñправді цього бажаєте? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "переÑÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñу ключа у належне міÑце\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "зберегти і вийти"
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr "показати відбиток ключа"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "показати ÑпиÑок ключів та ідентифікаторів кориÑтувача"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "вибрати вказаний ідентифікатор кориÑтувача"
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr "вибрати вказаний підключ"
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr "перевірити підпиÑи"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr ""
+"підпиÑати вибрані ідентифікатори кориÑтувачів [* нижче наведено відповідні "
+"команди]"
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr "підпиÑати вибрані ідентифікатори кориÑтувача локально"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr "підпиÑати вибрані ідентифікатори кориÑтувача підпиÑом надійноÑÑ‚Ñ–"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr ""
+"підпиÑати вибрані ідентифікатори кориÑтувача підпиÑом, Ñкий не можна "
+"відкликати"
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "додати ідентифікатор кориÑтувача"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "додати фотоідентифікатор"
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr "вилучити вибрані ідентифікатори кориÑтувача"
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr "додати підключ"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr "додати ключ на картку пам’ÑÑ‚Ñ–"
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr "переÑунути ключ на картку пам’ÑÑ‚Ñ–"
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr "переÑунути резервний ключ на картку пам’ÑÑ‚Ñ–"
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr "вилучити вибрані підключі"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "додати ключ відкликаннÑ"
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr "вилучити підпиÑи з вибраних ідентифікаторів кориÑтувача"
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "змінити дату Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñтроку дії ключа або вибраних ключів"
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr "позначити вибраний ідентифікатор кориÑтувача Ñк оÑновний"
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr "перемкнутиÑÑ Ð¼Ñ–Ð¶ ÑпиÑками закритих Ñ– відкритих ключів"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "ÑпиÑок переваг (екÑпертний)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "ÑпиÑок переваг (докладний)"
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr "вÑтановити ÑпиÑок параметрів Ð´Ð»Ñ Ð²Ð¸Ð±Ñ€Ð°Ð½Ð¸Ñ… ідентифікаторів кориÑтувачів"
+
+#: g10/keyedit.c:1453
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr ""
+"вÑтановити адреÑу оÑновного Ñервера ключів Ð´Ð»Ñ Ð²Ð¸Ð±Ñ€Ð°Ð½Ð¸Ñ… ідентифікаторів "
+"кориÑтувачів"
+
+#: g10/keyedit.c:1455
+msgid "set a notation for the selected user IDs"
+msgstr "вÑтановити примітку Ð´Ð»Ñ Ð²Ð¸Ð±Ñ€Ð°Ð½Ð¾Ð³Ð¾ ідентифікатора кориÑтувача"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "змінити пароль"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "змінити рівень довіри до влаÑника"
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr "відкликати підпиÑи Ð´Ð»Ñ Ð²Ð¸Ð±Ñ€Ð°Ð½Ð¸Ñ… ідентифікаторів кориÑтувачів"
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr "відкликати вибрані ідентифікатори кориÑтувачів"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr "відкликати ключ або вибрані підключі"
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr "увімкнути ключ"
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr "вимкнути ключ"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr "показати вибрані фотоідентифікатори"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr ""
+"ущільнити непридатні до викориÑÑ‚Ð°Ð½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð¸ кориÑтувачів Ñ– вилучити "
+"невикориÑтані підпиÑи з ключа"
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr ""
+"ущільнити непридатні до викориÑÑ‚Ð°Ð½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð¸ кориÑтувачів Ñ– вилучити "
+"вÑÑ– підпиÑи з ключа"
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð±Ð»Ð¾ÐºÑƒ ключів «%s»: %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "ДоÑтупний закритий ключ.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "Ð”Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ потрібен закритий ключ.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "СкориÑтайтеÑÑ Ñпочатку командою «toggle».\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* До команди «sign» можна додати «l» Ð´Ð»Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¸Ñ… підпиÑів (lsign),\n"
+" «t» Ð´Ð»Ñ Ð½Ð°Ð´Ñ–Ð¹Ð½Ð¸Ñ… підпиÑів (tsign), «nr» Ð´Ð»Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñів без відкликаннÑ\n"
+" (nrsign) або будь-Ñку комбінацію (ltsign, tnrsign тощо).\n"
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "Ключ відкликано."
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "ПідпиÑати вÑÑ– ідентифікатори кориÑтувача? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "Підказка: виберіть ідентифікатори кориÑтувача Ð´Ð»Ñ Ð¿Ñ–Ð´Ð¿Ð¸ÑуваннÑ\n"
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "Ðевідомий тип підпиÑу «%s»\n"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "Цією командою не можна кориÑтуватиÑÑ Ñƒ режимі %s.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "Вам Ñлід вибрати принаймні один ідентифікатор кориÑтувача.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "Ðе можна вилучати оÑтанній ідентифікатор кориÑтувача!\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "Вилучити вÑÑ– вибрані ідентифікатори кориÑтувачів? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "Вилучити цей ідентифікатор кориÑтувача? (y/N або Ñ‚/Ð) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr "Вилучити оÑновний ключ? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "Вам Ñлід вибрати лише один ключ.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr "Ð”Ð»Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸ Ñлід вказати аргумент з назвою файла\n"
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "Ðе вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ «%s»: %s\n"
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "Помилка Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ñ€ÐµÐ·ÐµÑ€Ð²Ð½Ð¾Ð³Ð¾ ключа з «%s»: %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "Вам Ñлід вибрати принаймні один ключ.\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "Справді бажаєте вилучити вибрані ключі? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "Справді бажаєте вилучити цей ключ? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "Відкликати вÑÑ– вибрані ідентифікатори кориÑтувачів? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr "Відкликати цей ідентифікатор кориÑтувача? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "Ви Ñправді бажаєте відкликати веÑÑŒ ключ? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "Ви Ñправді бажаєте відкликати позначені підключі? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "Ви Ñправді бажаєте відкликати цей підключ? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr ""
+"Ðе можна вÑтановлювати довіру до влаÑника, Ñкщо викориÑтовуєтьÑÑ Ð²ÐºÐ°Ð·Ð°Ð½Ð° "
+"кориÑтувачем база даних довіри\n"
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "Ð’Ñтановити ÑпиÑок переваг:\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr ""
+"Оновити переваги Ð´Ð»Ñ Ð²Ð¸Ð±Ñ€Ð°Ð½Ð¸Ñ… ідентифікаторів кориÑтувачів? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "Оновити параметри? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "Зберегти зміни? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "Вийти без збереженнÑ? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "помилка оновленнÑ: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "Ñпроба Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð·Ð°Ð·Ð½Ð°Ð»Ð° невдачі: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "Ключ не змінено, отже Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð½ÐµÐ¿Ð¾Ñ‚Ñ€Ñ–Ð±Ð½Ðµ.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "Контрольна Ñума: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "МожливоÑÑ‚Ñ–: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr "Сервер ключів без можливоÑÑ‚Ñ– зміни"
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr "ОÑновний Ñервер ключів: "
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+msgid "Notations: "
+msgstr "Примітки: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr ""
+"Переваг Ð´Ð»Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ñ–Ð² кориÑтувачів у форматі PGP 2.x не передбачено.\n"
+
+#: g10/keyedit.c:2810
+#, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "Вказаний нижче ключ було відкликано %s %s ключем %s\n"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "Цей ключ може бути відкликано %s ключем %s"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr "(важливий)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "Ñтворено: %s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "відкликано: %s"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "не діє з: %s"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "діє до: %s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "викориÑтаннÑ: %s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr "надійніÑÑ‚ÑŒ: %s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "чинніÑÑ‚ÑŒ: %s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "Цей ключ було вимкнено"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr "номер картки: "
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"Зауважте, що показані дані щодо чинноÑÑ‚Ñ– ключів не обов’Ñзково Ñ” коректними\n"
+"до перезапуÑку програми.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "відкликано"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "збіг Ñтрок дії"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"УВÐГÐ: жоден з ідентифікаторів кориÑтувача не позначено Ñк оÑновний. За "
+"допомогою\n"
+" цієї команди можна зробити оÑновним інший ідентифікатор "
+"кориÑтувача.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"УВÐГÐ: це ключ у форматі PGP2. Ð”Ð¾Ð´Ð°Ð²Ð°Ð½Ð½Ñ Ñ„Ð¾Ñ‚Ð¾Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° може призвеÑти "
+"до відмови\n"
+" у викориÑтанні цього ключа деÑкими верÑÑ–Ñми PGP.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "Ви Ñправді бажаєте додати його? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "Ðе можна додавати фотоідентифікатор до ключа у форматі PGP2.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "Вилучити цей дійÑний підпиÑ? (y/N/q або Ñ‚/Ð/в)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "Вилучити цей некоректний підпиÑ? (y/N/q або Ñ‚/Ð/в)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "Вилучити цей невідомий підпиÑ? (y/N/q або Ñ‚/Ð/в)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "Вилучити цей ÑамопідпиÑ? (y/N або Ñ‚/Ð)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "Вилучено %d підпиÑ.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "Вилучено %d підпиÑів.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "Ðічого не вилучено.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "некоректний"
+
+#: g10/keyedit.c:3357
+#, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "Ідентифікатор кориÑтувача «%s» ущільнено: %s\n"
+
+#: g10/keyedit.c:3364
+#, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "Ідентифікатор кориÑтувача «%s»: вилучено %d підпиÑ\n"
+
+#: g10/keyedit.c:3365
+#, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "Ідентифікатор кориÑтувача «%s»: вилучено %d підпиÑів\n"
+
+#: g10/keyedit.c:3373
+#, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "Ідентифікатор кориÑтувача «%s»: вже мінімізовано\n"
+
+#: g10/keyedit.c:3374
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "Ідентифікатор кориÑтувача «%s»: вже очищено\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"УВÐГÐ: це ключ у форматі PGP 2. Ð”Ð¾Ð´Ð°Ð²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñаного Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ Ð¼Ð¾Ð¶Ðµ "
+"призвеÑти до відмови\n"
+" у викориÑтанні цього ключа деÑкими верÑÑ–Ñми PGP.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "Ðе можна додавати підпиÑане Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ Ð´Ð¾ ключа у форматі PGP 2.x.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "Вкажіть ідентифікатор кориÑтувача підпиÑаного відкликаннÑ: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "не можна призначати ключ у форматі PGP 2.x підпиÑаним відкликаннÑм\n"
+
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "не можна призначати ключ влаÑним підпиÑаним відкликаннÑм\n"
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr "цей ключ вже було позначено Ñк призначений Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr ""
+"УВÐГÐ: Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° Ñк підпиÑаного Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ Ð½Ðµ можна ÑкаÑовувати!\n"
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr ""
+"Ви Ñправді бажаєте призначити цей ключ Ñк підпиÑане відкликаннÑ? (y/N або Ñ‚/"
+"Ð) "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "Будь лаÑка, вилучіть вказане з закритих ключів.\n"
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr "Будь лаÑка, виберіть не більше одного ключа.\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr "Зміна чаÑу Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñтроку дії Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡Ð°.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "Зміна чаÑу Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñтроку дії Ð´Ð»Ñ Ð¾Ñновного ключа.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "Ðе можна змінювати дату Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñтроку дії ключа v3\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "Ðемає відповідного підпиÑу у Ñховищі закритих ключів\n"
+
+#: g10/keyedit.c:3800
+#, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "підпиÑÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡Ð° %s вже перехреÑно Ñертифіковано\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr ""
+"підключ %s не призначено Ð´Ð»Ñ Ð¿Ñ–Ð´Ð¿Ð¸ÑуваннÑ, отже його не потрібно перехреÑно "
+"Ñертифікувати\n"
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "Будь лаÑка, виберіть лише один ідентифікатор кориÑтувача.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "пропуÑкаємо ÑÐ°Ð¼Ð¾Ð¿Ñ–Ð´Ð¿Ð¸Ñ v3 Ð´Ð»Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° кориÑтувача «%s»\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr "Вкажіть адреÑу вашого оÑновного Ñервера ключів: "
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "Ви Ñправді бажаєте замінити його? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "Ви Ñправді бажаєте вилучити його? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr "Вкажіть примітку: "
+
+#: g10/keyedit.c:4471
+msgid "Proceed? (y/N) "
+msgstr "Продовжувати? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "Ідентифікатора кориÑтувача з індекÑом %d не Ñ–Ñнує\n"
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "Ідентифікатора кориÑтувача з хешем %s не Ñ–Ñнує\n"
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "Підключа з індекÑом %d не Ñ–Ñнує\n"
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "Ідентифікатор кориÑтувача: «%s»\n"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "підпиÑано вашим ключем %s %s%s%s\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (неекÑпортовний)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "Строк дії цього підпиÑу завершуєтьÑÑ %s.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "Ви Ñправді бажаєте відкликати його? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "Створити Ñертифікат Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ підпиÑу? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr "Ðе підпиÑано вами.\n"
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "Вами підпиÑано ці ідентифікатори кориÑтувачів у ключі %s:\n"
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (невідкликуваний)"
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "відкликано вашим ключем %s у %s\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "Ви маєте намір відкликати ці підпиÑи:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "Справді Ñтворити Ñертифікати відкликаннÑ? (y/N або Ñ‚/Ð) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "немає закритого ключа\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "ідентифікатор кориÑтувача «%s» вже відкликано\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr ""
+"УВÐГÐ: Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° кориÑтувача позначено датою на %d Ñекунд у "
+"майбутньому\n"
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "Ключ %s вже відкликано.\n"
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "Підключ %s вже відкликано.\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "Показ фотоідентифікатора %s розміру %ld Ð´Ð»Ñ ÐºÐ»ÑŽÑ‡Ð° %s (uid %d)\n"
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "Ð·Ð°Ð¿Ð¸Ñ Ð¿ÐµÑ€ÐµÐ²Ð°Ð³Ð¸ «%s» продубльовано\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "занадто багато запиÑів переваг шифрів\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "занадто багато запиÑів переваг контрольних Ñум\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "занадто багато запиÑів переваг ÑтиÑканнÑ\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "некоректний Ð·Ð°Ð¿Ð¸Ñ Â«%s» у Ñ€Ñдку переваг\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "запиÑÑƒÐ²Ð°Ð½Ð½Ñ Ð±ÐµÐ·Ð¿Ð¾Ñереднього підпиÑу\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "запиÑÑƒÐ²Ð°Ð½Ð½Ñ ÑамопідпиÑу\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "запиÑÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñу прив’ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð°\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "некоректний розмір ключа; викориÑтовуємо %u-бітовий\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "розмір ключа округлено до %u-бітового\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+"УВÐГÐ: деÑкі з програм OpenPGP не можуть працювати з ключем DSA з таким "
+"розміром контрольної Ñуми\n"
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "ПідпиÑати"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr "Сертифікувати"
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "Зашифрувати"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "Пройти розпізнаваннÑ"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr "SsEeAaQq"
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "Можливі дії з ключем %s: "
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr "Поточні дозволені дії: "
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) увімкнути або вимкнути можливіÑÑ‚ÑŒ підпиÑуваннÑ\n"
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) увімкнути або вимкнути можливіÑÑ‚ÑŒ шифруваннÑ\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr ""
+" (%c) увімкнути або вимкнути можливіÑÑ‚ÑŒ викориÑÑ‚Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ\n"
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) вийти\n"
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "Вкажіть потрібний вам тип ключа:\n"
+
+#: g10/keygen.c:1689
+#, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) RSA і RSA (типовий)\n"
+
+#: g10/keygen.c:1691
+#, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA Ñ– Elgamal\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (лише підпиÑуваннÑ)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (лише підпиÑуваннÑ)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) Elgamal (лише шифруваннÑ)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (лише шифруваннÑ)\n"
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (із визначеннÑм можливоÑтей влаÑноруч)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (із визначеннÑм можливоÑтей влаÑноруч)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "ключі %s можуть мати довжину від %u до %u бітів.\n"
+
+#: g10/keygen.c:1820
+#, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "Якою має бути довжина підключа? (%u) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "Якою має бути довжина ключа? (%u) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "Запитана довжина ключа — %u бітів\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"Вкажіть Ñтрок чинноÑÑ‚Ñ– ключа.\n"
+" 0 = Ñтрок чинноÑÑ‚Ñ– не обмежено\n"
+" <n> = Ñтрок чинноÑÑ‚Ñ– у n днів\n"
+" <n>w = Ñтрок чинноÑÑ‚Ñ– у n тижнів\n"
+" <n>m = Ñтрок чинноÑÑ‚Ñ– у n міÑÑців\n"
+" <n>y = Ñтрок чинноÑÑ‚Ñ– у n років\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"Вкажіть Ñтрок чинноÑÑ‚Ñ– підпиÑу.\n"
+" 0 = Ñтрок чинноÑÑ‚Ñ– підпиÑу не обмежено\n"
+" <n> = Ñтрок чинноÑÑ‚Ñ– підпиÑу у n днів\n"
+" <n>w = Ñтрок чинноÑÑ‚Ñ– підпиÑу у n тижнів\n"
+" <n>m = Ñтрок чинноÑÑ‚Ñ– підпиÑу у n міÑÑців\n"
+" <n>y = Ñтрок чинноÑÑ‚Ñ– підпиÑу у n років\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "Яким Ñ” Ñтрок чинноÑÑ‚Ñ– ключа? (0) "
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "Яким Ñ” Ñтрок чинноÑÑ‚Ñ– підпиÑу? (%s) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "некоректне значеннÑ\n"
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr "Ключ не має Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ñтроку дії\n"
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr "ÐŸÑ–Ð´Ð¿Ð¸Ñ Ð½Ðµ має Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ñтроку дії\n"
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "Ключ діє до %s\n"
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "ÐŸÑ–Ð´Ð¿Ð¸Ñ Ð´Ñ–Ñ” до %s\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"У вашій ÑиÑтемі неможливий показ дат піÑÐ»Ñ 2038 року.\n"
+"Ðле програма коректно оброблÑтиме ці дати до 2106 року.\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "Ð’Ñе правильно? (y/N або Ñ‚/Ð) "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+"\n"
+"GnuPG має побудувати ідентифікатор кориÑтувача Ð´Ð»Ñ Ñ€Ð¾Ð·Ð¿Ñ–Ð·Ð½Ð°Ð²Ð°Ð½Ð½Ñ Ð²Ð°ÑˆÐ¾Ð³Ð¾ "
+"ключа.\n"
+"\n"
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"Вам потрібен ідентифікатор кориÑтувача Ð´Ð»Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ— вашого ключа; "
+"програма Ñтворити ідентифікатор кориÑтувача\n"
+"на оÑнові Ñправжнього імені, ÐºÐ¾Ð¼ÐµÐ½Ñ‚Ð°Ñ€Ñ Ñ– адреÑи електронної пошти у такому "
+"форматі:\n"
+" \"Ivan Ivanenko (farmer) <iivanenko@moyahata.ua>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "Справжнє ім’Ñ: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "Ðекоректний Ñимвол у імені\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "Ð†Ð¼â€™Ñ Ð½Ðµ може починатиÑÑ Ð· цифри\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "Ð†Ð¼â€™Ñ Ð¼Ð°Ñ” бути не коротшим за 5 літер\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "ÐдреÑа ел. пошти: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "Ðекоректна адреÑа електронної пошти\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "Коментар: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "Ðекоректний Ñимвол у коментарі\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "Вами викориÑтано таблицю Ñимволів «%s».\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"Вами вибрано такий ідентифікатор (USER-ID):\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr ""
+"Будь лаÑка, не викориÑтовуйте адреÑу електронної пошти у полÑÑ… Ñправжнього "
+"імені або коментарÑ\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr "У цьому ключі вже Ñ–Ñнує такий ідентифікатор кориÑтувача!\n"
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcEeOoQq"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "Змінити назву (N), коментар (C), ел. пошту (E) або вийти (Q)? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr ""
+"Змінити назву (N), коментар (C), ел. пошту (E) або гаразд (O) чи вийти (Q)? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "Спочатку виправте помилку\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"Вам потрібен пароль Ð´Ð»Ñ Ð·Ð°Ñ…Ð¸Ñту вашого закритого ключа.\n"
+"\n"
+
+#: g10/keygen.c:2276
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr ""
+"Будь лаÑка, вкажіть пароль Ð´Ð»Ñ Ð·Ð°Ñ…Ð¸Ñту позакарткової резервної копії нового "
+"ключа шифруваннÑ."
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"Ви не викориÑтовуєте Ð¿Ð°Ñ€Ð¾Ð»Ñ â€” дуже погана робота!\n"
+"Вашу забаганку буде виконано. Пізніше ви зможете змінити пароль,\n"
+"за допомогою цієї програми з параметром «--edit-key».\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"Потрібно буде Ñтворити багато пÑевдовипадкових байтів. Варто виконувати\n"
+"ÑкіÑÑŒ інші дії (натиÑкати клавіші, переÑувати мишу, викориÑтовувати диÑки)\n"
+"під Ñ‡Ð°Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ñтого чиÑла. Це надаÑÑ‚ÑŒ змогу генератору\n"
+"пÑевдовипадкових чиÑел Ñтворити краще випадкове чиÑло.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "Ð¡Ñ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° ÑкаÑовано.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "запиÑуємо відкритий ключ до «%s»\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "Ñпроба запиÑу заглушки закритого ключа до «%s»\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "Ñпроба запиÑу закритого ключа до «%s»\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "не знайдено придатного до запиÑу Ñховища відкритих ключів: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "не виÑвлено придатного до запиÑу Ñховища закритих ключів: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби запиÑу до Ñховища відкритих ключів «%s»: %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби запиÑу до Ñховища закритих ключів «%s»: %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "відкритий Ñ– закритий ключі Ñтворено Ñ– підпиÑано.\n"
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"Зауважте, що цей ключ не може бути викориÑтано Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ. Ви можете\n"
+"ÑкориÑтатиÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ «--edit-key» Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡Ð° з цією метою.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Помилка під Ñ‡Ð°Ñ Ñпроби ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð°: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr ""
+"ключ було Ñтворено з позначкою на %lu Ñекунд у майбутньому (чаÑова Ð¿ÐµÑ‚Ð»Ñ Ð°Ð±Ð¾ "
+"проблема з годинником)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr ""
+"ключ було Ñтворено з позначкою на %lu Ñекунду у майбутньому (чаÑова Ð¿ÐµÑ‚Ð»Ñ "
+"або проблема з годинником)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "ЗÐУВÐЖЕÐÐЯ: ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡Ñ–Ð² Ð´Ð»Ñ ÐºÐ»ÑŽÑ‡Ñ–Ð² v3 неÑуміÑне з OpenPGP\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "Створити? (y/N або Ñ‚/Ð) "
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "Ñпроба Ð·Ð±ÐµÑ€Ñ–Ð³Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° на картці зазнала невдачі: %s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "не вдалоÑÑ Ñтворити файл резервної копії «%s»: %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "ЗÐУВÐЖЕÐÐЯ: резервну копію ключа на картці збережено до «%s»\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "ніколи "
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "Критичні правила підпиÑу: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "Правила підпиÑу: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr "Критичний оÑновний Ñервер ключів: "
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "Критична примітка підпиÑу: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "Примітка підпиÑу: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "Сховище ключів"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "ОÑновний відбиток ключа:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " Відбиток підключа:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " Відбиток оÑновного ключа:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " Відбиток підключа:"
+
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr " Відбиток ключа ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr " Серійний номер картки ="
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "Ñпроба Ð¿ÐµÑ€ÐµÐ¹Ð¼ÐµÐ½ÑƒÐ²Ð°Ð½Ð½Ñ Â«%s» на «%s» зазнала невдачі: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "УВÐГÐ: Ñ–Ñнує 2 файли з конфіденційними даними.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s є незмінним\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s є новим\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "Будь лаÑка, виправте цю можливу ваду захиÑту\n"
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "ÐºÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ñховища ключів «%s»\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "зараз кешовано %lu ключів (%lu підпиÑів)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "кешовано %lu ключів (%lu підпиÑів)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: Ñтворено Ñховище ключів\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr "включити до результатів пошуку відкликані ключі"
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr "включити підключі до пошуку за ідентифікатором ключа"
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr ""
+"викориÑтовувати тимчаÑові файли Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ð²Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… до допоміжних програм "
+"Ñервера ключів"
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr "не вилучати тимчаÑові файли піÑÐ»Ñ Ñ—Ñ…Ð½ÑŒÐ¾Ð³Ð¾ викориÑтаннÑ"
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr "автоматично отримувати ключі під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ підпиÑів"
+
+#: g10/keyserver.c:85
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "брати до уваги адреÑу оÑновного Ñервера ключів, вÑтановлену у ключі"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr ""
+"брати до уваги Ð·Ð°Ð¿Ð¸Ñ PKA, вÑтановлений у ключі під Ñ‡Ð°Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ñ–Ð²"
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr ""
+"УВÐГÐ: параметр Ñервера ключів «%s» не викориÑтовуєтьÑÑ Ð½Ð° цій платформі\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "вимкнено"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "Вкажіть номер, далі (N) чи вийти (Q) > "
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "некоректний протокол Ñервера ключів (наш %d!=%d обробника)\n"
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "ключ «%s» не знайдено на Ñервері ключів\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "ключ не знайдено на Ñервері ключів\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "надÑилаємо запит щодо ключа %s до %s Ñервера %s\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "надÑилаємо запит щодо ключа %s з %s\n"
+
+#: g10/keyserver.c:1205
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "шукаємо назви з %s Ñервера %s\n"
+
+#: g10/keyserver.c:1208
+#, c-format
+msgid "searching for names from %s\n"
+msgstr "шукаємо назви на %s\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "надÑилаємо ключ %s до %s Ñервера %s\n"
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "надÑилаємо ключ %s на %s\n"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "шукаємо «%s» на %s Ñервера %s\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "шукаємо «%s» з %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr "немає дії щодо Ñервера ключів!\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr ""
+"УВÐГÐ: заÑіб обробки даних Ñервера ключів взÑто з іншої верÑÑ–Ñ— GnuPG (%s)\n"
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "Ñервер ключів не надіÑлав Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ VERSION\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr ""
+"не вказано жодного Ñервера ключів (ÑкориÑтайтеÑÑ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ --keyserver)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr "викликів зовнішнього Ñервера ключів у цій збірці не передбачено\n"
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "немає обробника Ñхеми Ñервера ключів «%s»\n"
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr "дії «%s» не передбачено Ð´Ð»Ñ Ñхеми Ñервера ключів «%s»\n"
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "у %s не передбачено підтримки обробника верÑÑ–Ñ— %d\n"
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "Ð¿ÐµÑ€ÐµÐ²Ð¸Ñ‰ÐµÐ½Ð½Ñ Ñ‡Ð°Ñу Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… від Ñервера ключів\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¿Ð¾Ð¼Ð¸Ð»ÐºÐ° Ñервера ключів\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ð¾Ð±Ð¼Ñ–Ð½Ñƒ даними з Ñервером ключів: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "«%s» не Ñ” ідентифікатором ключа: пропуÑкаємо\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "УВÐГÐ: не вдалоÑÑ Ð¾Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ ключ %s за допомогою %s: %s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "оновлюємо 1 ключ з %s\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "оновлюємо %d ключів з %s\n"
+
+#: g10/keyserver.c:1987
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "УВÐГÐ: не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ адреÑу %s: %s\n"
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "УВÐГÐ: не вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ адреÑу %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "дивний розмір Ð´Ð»Ñ Ð·Ð°ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¾Ð³Ð¾ ключа ÑеанÑу (%d)\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "зашифрований %s ключ ÑеанÑу\n"
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr ""
+"пароль Ñтворено за допомогою невідомого алгоритму ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»ÑŒÐ½Ð¸Ñ… Ñум %"
+"d\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "відкритий ключ — %s\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "зашифровані відкритим ключем дані: належний DEK\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr ""
+"зашифровано за допомогою %u-бітового %s ключа, ідентифікатор %s, Ñтворено %"
+"s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " «%s»\n"
+
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "зашифровано ключем %s, ідентифікатор %s\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "невдала Ñпроба Ñ€Ð¾Ð·ÑˆÐ¸Ñ„Ñ€Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸Ð¼ ключем: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "зашифровано за допомогою %lu паролів\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "зашифровано за допомогою 1 паролÑ\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "припуÑкаємо, що дані зашифровано %s\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "Шифр IDEA недоÑтупний, Ñпробуємо ÑкориÑтатиÑÑ Ð·Ð°Ð¼Ñ–ÑÑ‚ÑŒ нього %s\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "розшифровано\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "УВÐГÐ: ціліÑніÑÑ‚ÑŒ Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð½Ðµ захищено\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "УВÐГÐ: зашифроване Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð±ÑƒÐ»Ð¾ змінено!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr "текÑтовий пароль кешовано з ідентифікатором: %s\n"
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "невдала Ñпроба розшифруваннÑ: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "ЗÐУВÐЖЕÐÐЯ: вимога відправника: «лише Ð´Ð»Ñ Ð’Ð°Ñ»\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "початкова назва файла=«%.*s»\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr "УВÐГÐ: виÑвлено декілька фрагментів нешифрованого текÑту\n"
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr ""
+"окреме Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ â€” ÑкориÑтайтеÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ «gpg --import» Ð´Ð»Ñ Ð·Ð°ÑтоÑуваннÑ\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+msgid "no signature found\n"
+msgstr "підпиÑу не знайдено\n"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "перевірку підпиÑів придушено\n"
+
+#: g10/mainproc.c:1587
+msgid "can't handle this ambiguous signature data\n"
+msgstr "не вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ ці дані з неоднозначним підпиÑом\n"
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "ÐŸÑ–Ð´Ð¿Ð¸Ñ Ñтворено %s\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " за допомогою %s ключа %s\n"
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "ÐŸÑ–Ð´Ð¿Ð¸Ñ Ñтворено %s ключем %s з ідентифікатором %s\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "Ключ доÑтупний на: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "ПОМИЛКОВИЙ Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð²Ñ–Ð´ «%s»"
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "ПроÑтрочений Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð²Ñ–Ð´ «%s»"
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "Ðалежний Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð²Ñ–Ð´ «%s»"
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[непевний]"
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " або «%s»"
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "Строк дії підпиÑу вичерпано %s\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "ÐŸÑ–Ð´Ð¿Ð¸Ñ Ð´Ñ–Ñ” до %s\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s підпиÑ, алгоритм контрольної Ñуми %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "двійковий"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "текÑтовий"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "невідомо"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "Ðе вдалоÑÑ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€Ð¸Ñ‚Ð¸ підпиÑ: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "не Ñ” від’єднаним підпиÑом\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr "УВÐГÐ: виÑвлено кратні підпиÑи. Буде перевірено лише перший.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "окремий Ð¿Ñ–Ð´Ð¿Ð¸Ñ ÐºÐ»Ð°Ñу 0x%02x\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ñƒ заÑтарілому форматі (PGP 2.x)\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "виÑвлено некоректний кореневий пакет у proc_tree()\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "помилка fstat щодо «%s» у %s: %s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "помилка fstat(%d) у %s: %s\n"
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr ""
+"УВÐГÐ: викориÑтовуємо екÑпериментальний алгоритм ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¾Ð³Ð¾ ключа %"
+"s\n"
+
+#: g10/misc.c:302
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr ""
+"УВÐГÐ: ключі підпиÑÑƒÐ²Ð°Ð½Ð½Ñ Ñ– ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Elgamal вважаютьÑÑ Ð·Ð°Ñтарілими\n"
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "УВÐГÐ: викориÑтовуємо екÑпериментальний алгоритм ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ %s\n"
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr ""
+"УВÐГÐ: викориÑтовуємо екÑпериментальний алгоритм обчиÑÐ»ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»ÑŒÐ½Ð¸Ñ… Ñум %"
+"s\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "УВÐГÐ: алгоритм обчиÑÐ»ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»ÑŒÐ½Ð¸Ñ… Ñум %s вважаєтьÑÑ Ð·Ð°Ñтарілим\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "не виÑвлено додатка ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ IDEA\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, c-format
+msgid "please see %s for more information\n"
+msgstr "будь лаÑка, ознайомтеÑÑ Ð· %s, щоб дізнатиÑÑ Ð±Ñ–Ð»ÑŒÑˆÐµ\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: заÑтарілий параметр «%s»\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "УВÐГÐ: «%s» вважаєтьÑÑ Ð·Ð°Ñтарілим параметром\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "будь лаÑка, ÑкориÑтайтеÑÑ Â«%s%s»\n"
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "УВÐГÐ: «%s» вважаєтьÑÑ Ð·Ð°Ñтарілою командою — не кориÑтуйтеÑÑ Ð½ÐµÑŽ\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr "%s:%u: заÑтарілий параметр «%s» — він не працюватиме\n"
+
+#: g10/misc.c:787
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "УВÐГÐ: «%s» Ñ” заÑтарілим параметром — він не працюватиме\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "ÐеÑтиÑнений"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr "uncompressed|немає"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "викориÑÑ‚Ð°Ð½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñ‰Ð¾Ð´Ð¾ %s може бути неможливим\n"
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "неоднозначний параметр «%s»\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "невідомий параметр «%s»\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "Файл «%s» Ñ–Ñнує. "
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "ПерезапиÑати? (y/N або Ñ‚/Ð) "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: невідомий ÑуфікÑ\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "Введіть нову назву файла"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "запиÑуємо до stdout\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "припуÑкаємо підпиÑані дані у «%s»\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "Ñтворено новий файл налаштувань «%s»\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "УВÐГÐ: параметри у «%s» ще не Ñ” активними під Ñ‡Ð°Ñ Ñ†ÑŒÐ¾Ð³Ð¾ запуÑку\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "робота з алгоритмом ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¾Ð³Ð¾ ключа %d неможлива\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr ""
+"УВÐГÐ: потенційно небезпечний зашифрований Ñиметричним алгоритмом ключ "
+"ÑеанÑу\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "підпакет типу %d міÑтить критичний набір бітів\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr "проблема з агентом: %s\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (ідентифікатор оÑновного ключа %s)"
+
+#: g10/passphrase.c:358
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"Вкажіть пароль Ð´Ð»Ñ Ñ€Ð¾Ð·Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°ÐºÑ€Ð¸Ñ‚Ð¾Ð³Ð¾ ключа Ð´Ð»Ñ Ñертифіката OpenPGP:\n"
+"«%.*s»\n"
+"%u-бітовий ключ %s, ідентифікатор %s,\n"
+"Ñтворено %s%s.\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "Вкажіть пароль\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "ÑкаÑовано кориÑтувачем\n"
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"Вам потрібен пароль Ð´Ð»Ñ Ñ€Ð¾Ð·Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°ÐºÑ€Ð¸Ñ‚Ð¾Ð³Ð¾ ключа\n"
+"Ð´Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувача: «%s»\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u-бітовий ключ %s, ідентифікатор %s, Ñтворено %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (підключ у ідентифікаторі оÑновного ключа %s)"
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"Виберіть зображеннÑ, Ñке буде викориÑтано Ñк ваш фотоідентифікатор.\n"
+"Дані мають зберігатиÑÑ Ñƒ форматі JPEG. Пам’Ñтайте, що зображеннÑ\n"
+"зберігатиметьÑÑ Ñƒ вашому відкритому ключі. Якщо ви викориÑтаєте\n"
+"дуже велике зображеннÑ, ваш ключ також Ñтане дуже великим!\n"
+"Варто дотримуватиÑÑ Ñ€Ð¾Ð·Ð¼Ñ–Ñ€Ñ–Ð², близьких до 240x288.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "Вкажіть назву файла JPEG Ð´Ð»Ñ Ñ„Ð¾Ñ‚Ð¾Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð°: "
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ файл JPEG «%s»: %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "Цей файл JPEG є дуже великим (%d байтів)!\n"
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "Вам Ñправді хочетьÑÑ Ð½Ð¸Ð¼ ÑкориÑтатиÑÑ? (y/N або Ñ‚/Ð) "
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "«%s» не є файлом JPEG\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "Це потрібна вам Ñ„Ð¾Ñ‚Ð¾Ð³Ñ€Ð°Ñ„Ñ–Ñ (y/N/q)? "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "показ фотоідентифікатора неможливий!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "Причину не вказано"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "Ключ замінено"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "Ключ Ñкомпрометовано"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "Ключ більше не викориÑтовуєтьÑÑ"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "Ідентифікатор кориÑтувача втратив чинніÑÑ‚ÑŒ"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "причина відкликаннÑ: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "коментар щодо відкликаннÑ: "
+
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMqQsS"
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "Ðе вказано Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð¾Ð²Ñ–Ñ€Ð¸ до:\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " або «%s»\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr ""
+"ÐаÑкільки ви певні, що цей ключ Ñправді належить кориÑтувачеві з вказаним "
+"іменем?\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = не знаю або не Ñкажу\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = ÐЕ довірÑÑŽ\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = довірÑÑŽ без обмежень\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " m = повернутиÑÑ Ð´Ð¾ головного меню\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " s = пропуÑтити цей ключ\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " q = вийти\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+"Мінімальним рівнем довіри до цього ключа є %s\n"
+"\n"
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "Ваше рішеннÑ? "
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr ""
+"Ви Ñправді хочете вÑтановити необмежену довіру до цього ключа? (y/N або Ñ‚/Ð) "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "Сертифікати, що призводÑÑ‚ÑŒ до необмеженої довіри до ключа:\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr ""
+"%s: немає певноÑÑ‚Ñ– щодо належноÑÑ‚Ñ– цього ключа кориÑтувачеві з вказаним "
+"іменем\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr ""
+"%s: Ñ” певні ÑÐ²Ñ–Ð´Ñ‡ÐµÐ½Ð½Ñ Ð½Ð°Ð»ÐµÐ¶Ð½Ð¾ÑÑ‚Ñ– цього ключа кориÑтувачеві з вказаним "
+"іменем\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "Ймовірно, цей ключ належить кориÑтувачеві з вказаним іменем\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "Цей ключ належить нам\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"Ðе можна з певніÑÑ‚ÑŽ вважати, що ключ належить оÑобі,\n"
+"вказаній у ідентифікаторі кориÑтувача. Якщо вам *точно*\n"
+"відомі наÑлідки ваших дій, можете Ñтвердно відповіÑти\n"
+"на наÑтупне питаннÑ.\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "Попри вÑе викориÑтовувати цей ключ? (y/N або Ñ‚/Ð) "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "УВÐГÐ: викориÑтовуємо ненадійний ключ!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "УВÐГÐ: цей ключ могло бути відкликано (немає ключа відкликаннÑ)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "УВÐГÐ: цей ключ було відкликано відповідною оÑобою!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "УВÐГÐ: цей ключ було відкликано влаÑником!\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " Це може означати, що Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð±ÑƒÐ»Ð¾ підроблено.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "УВÐГÐ: цей підключ було відкликано його влаÑником!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "ЗауваженнÑ: цей ключ було вимкнено.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr "ЗауваженнÑ: перевіреною адреÑою автора підпиÑу Ñ” «%s»\n"
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr "ЗауваженнÑ: адреÑа автора підпиÑу «%s» не збігаєтьÑÑ Ð· запиÑом DNS\n"
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr "рівень довіри змінено на FULL (повна) через коректніÑÑ‚ÑŒ даних PKA\n"
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr "рівень довіри змінено на NEVER (ніколи) через помилки у даних PKA\n"
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "ЗауваженнÑ: Ñтрок дії цього ключа вичерпано!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "УВÐГÐ: цей ключ не Ñертифіковано за допомогою надійного підпиÑу!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr " Ðемає підтверджень належноÑÑ‚Ñ– підпиÑу його влаÑнику.\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "УВÐГÐ: ми ÐЕ довірÑємо цьому ключу!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " ПідпиÑ, ймовірно, Ñ” ПІДРОБКОЮ.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr "УВÐГÐ: цей ключ не Ñертифіковано доÑтатньо надійними підпиÑами!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " ПевноÑÑ‚Ñ– у належноÑÑ‚Ñ– підпиÑу його влаÑнику немає.\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: пропущено: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: пропущено: відкритий ключ вже Ñ–Ñнує\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr ""
+"Вами не вказано ідентифікатора кориÑтувача. (можете ÑкориÑтатиÑÑ Â«-r»)\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr "Поточні отримувачі:\n"
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"Вкажіть ідентифікатор кориÑтувача. Дані Ñлід завершити порожнім Ñ€Ñдком: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "Ðемає такого ідентифікатора кориÑтувача.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "пропущено: відкритий ключ вже вÑтановлено Ð´Ð»Ñ Ñ‚Ð¸Ð¿Ð¾Ð²Ð¾Ð³Ð¾ отримувача\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "Відкритий ключ вимкнено.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "пропущено: відкритий ключ вже вÑтановлено\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "невідомий типовий отримувач «%s»\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: пропущено: відкритий ключ вимкнено\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "немає коректних адреÑ\n"
+
+#: g10/pkclist.c:1503
+#, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "ЗауваженнÑ: у ключі %s не передбачено можливоÑÑ‚Ñ– %s\n"
+
+#: g10/pkclist.c:1528
+#, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "ЗауваженнÑ: у ключі %s не передбачено переваг Ð´Ð»Ñ %s\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr ""
+"дані не збережено; ÑкориÑтайтеÑÑ Ð´Ð»Ñ Ñ—Ñ…Ð½ÑŒÐ¾Ð³Ð¾ Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ «--"
+"output»\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "Від’єднаний підпиÑ.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "Будь лаÑка, вкажіть назву файла даних: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "читаємо дані з stdin...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "немає підпиÑаних даних\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ підпиÑані дані «%s»\n"
+
+#: g10/plaintext.c:607
+#, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ підпиÑані дані fd=%d: %s\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "анонімний отримувач; Ñпробуємо закритий ключ %s ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "добре, ми є анонімним отримувачем.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "заÑтаріле ÐºÐ¾Ð´ÑƒÐ²Ð°Ð½Ð½Ñ DEK не підтримуєтьÑÑ\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "алгоритм ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ %d%s Ñ” невідомим або вимкненим\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "УВÐГÐ: не виÑвлено алгоритму ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ %s у перевагах отримувача\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "ЗÐУВÐЖЕÐÐЯ: Ñтрок дії закритого ключа %s завершивÑÑ %s\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "ЗÐУВÐЖЕÐÐЯ: ключ було відкликано"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "помилка build_packet: %s\n"
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "у ключа %s немає ідентифікатора кориÑтувача\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "Буде відкликано:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(Це критичний ключ відкликаннÑ)\n"
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr ""
+"Створити підпиÑаний Ñертифікат Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ ключа? (y/N або Ñ‚/Ð) "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "Призначено Ð²Ð¸Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ñƒ форматі ASCII.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "помилка make_keysig_packet: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "Створено Ñертифікат відкликаннÑ.\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "Ð´Ð»Ñ Â«%s» не знайдено ключів відкликаннÑ\n"
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "закритий ключ «%s» не знайдено: %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "немає відповідного відкритого ключа: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "відкритий ключ не відповідає закритому ключу!\n"
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "Створити Ñертифікат Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ ключа? (y/N або Ñ‚/Ð) "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "невідомий алгоритм захиÑту\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "ЗÐУВÐЖЕÐÐЯ: цей ключ не захищено!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"Створено Ñертифікат відкликаннÑ.\n"
+"\n"
+"ПереÑуньте його на ноÑій, Ñкий можна Ñховати. Якщо хтоÑÑŒ Ñторонній\n"
+"отримає доÑтуп до цього Ñертифіката, він зможе зробити ваш ключ\n"
+"непридатним до викориÑтаннÑ. Варто надрукувати цей Ñертифікат Ñ–\n"
+"зберігати його у конфіденційному міÑці, Ñкщо дані з ноÑÑ–Ñ Ð½Ðµ\n"
+"можна буде прочитати. Ðле зауважте: ÑиÑтема друку вашого комп’ютера\n"
+"може зберігати дані друку, доÑтуп до Ñких зможуть отримати\n"
+"Ñторонні люди!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "Будь лаÑка, вкажіть причину відкликаннÑ:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "СкаÑувати"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(Ймовірно, вам варто тут вибрати %d)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "Вкажіть необов’Ñзковий опиÑ; завершіть його порожнім Ñ€Ñдком:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "Причина відкликаннÑ: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(ОпиÑу не надано)\n"
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "Ð’Ñе правильно? (y/N або Ñ‚/Ð) "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "закриті чаÑтини ключа недоÑтупні\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "підтримки алгоритму захиÑту %d%s не передбачено\n"
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "підтримки контрольної Ñуми захиÑту %d не передбачено\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "Ðекоректний пароль; повторіть Ñпробу"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s…\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "УВÐГÐ: виÑвлено Ñлабкий ключ — будь лаÑка, змініть пароль.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr ""
+"Ñтворюємо заÑтарілу 16-бітову контрольну Ñуму Ð´Ð»Ñ Ð·Ð°Ñ…Ð¸Ñту закритого ключа\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "Ñтворено Ñлабкий ключ — повторюємо Ñпробу\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr ""
+"не вдалоÑÑ Ñтворити Ñтійкий ключ Ð´Ð»Ñ Ñиметричного шифруваннÑ; Ñпроба "
+"виконувалаÑÑ %d разів!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr "Ð”Ð»Ñ DSA довжина хешу має бути кратною до 8 бітів\n"
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr "Ключ DSA %s викориÑтовує небезпечне (%u-бітове) хешуваннÑ\n"
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr "Ключ DSA %s потребує хешу з %u або більшої кількоÑÑ‚Ñ– бітів\n"
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "УВÐГÐ: конфлікт контрольних Ñум підпиÑів у повідомленні\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "УВÐГÐ: підпиÑÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡Ð° %s не Ñ” перехреÑно Ñертифікованим\n"
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr ""
+"УВÐГÐ: підпиÑÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡Ð° %s міÑтить некоректну перехреÑну Ñертифікацію\n"
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "відкритий ключ %s Ñ” на %lu Ñекунду новішим за підпиÑ\n"
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "відкритий ключ %s Ñ” на %lu Ñекунд новішим за підпиÑ\n"
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr ""
+"ключ %s було Ñтворено з позначкою на %lu Ñекунду у майбутньому (чаÑова Ð¿ÐµÑ‚Ð»Ñ "
+"або проблема з годинником)\n"
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr ""
+"ключ %s було Ñтворено з позначкою на %lu Ñекунд у майбутньому (чаÑова Ð¿ÐµÑ‚Ð»Ñ "
+"або проблема з годинником)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "ЗÐУВÐЖЕÐÐЯ: Ñтрок дії ключа підпиÑу %s завершивÑÑ %s\n"
+
+#: g10/sig-check.c:252
+#, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "ЗÐУВÐЖЕÐÐЯ: ключ підпиÑу %s було відкликано\n"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr ""
+"припуÑкаємо помилковий підпиÑу від ключа %s через невідомий критичний біт\n"
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "ключ %s: немає підключа Ð´Ð»Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñу Ð²Ñ–Ð´ÐºÐ»Ð¸ÐºÐ°Ð½Ð½Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡Ð°\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "ключ %s: немає підключа Ð´Ð»Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñу прив’ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡Ð°\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr ""
+"УВÐГÐ: не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ %%-Ñ€Ð¾Ð·Ð³Ð¾Ñ€Ñ‚Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¸Ð¼Ñ–Ñ‚ÐºÐ¸ (занадто велика). "
+"ВикориÑтовуємо нерозгорнутою.\n"
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr ""
+"УВÐГÐ: не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ %%-Ñ€Ð¾Ð·Ð³Ð¾Ñ€Ñ‚Ð°Ð½Ð½Ñ Ð°Ð´Ñ€ÐµÑи правил (занадто велика). "
+"ВикориÑтовуємо нерозгорнутою.\n"
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr ""
+"УВÐГÐ: не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ð½Ð°Ñ‚Ð¸ %%-Ñ€Ð¾Ð·Ð³Ð¾Ñ€Ñ‚Ð°Ð½Ð½Ñ Ð°Ð´Ñ€ÐµÑи оÑновного Ñервера ключів "
+"(занадто велика). ВикориÑтовуємо нерозгорнутою.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "невдала Ñпроба перевірити Ñтворений підпиÑ: %s\n"
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð²Ñ–Ð´: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"підпиÑÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñ–Ð´â€™Ñ”Ð´Ð½Ð°Ð½Ð¸Ð¼ ключем можливе лише за допомогою ключів у форматі "
+"PGP 2.x у режимі --pgp2\n"
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr ""
+"УВÐГÐ: примуÑове викориÑÑ‚Ð°Ð½Ð½Ñ Ð°Ð»Ð³Ð¾Ñ€Ð¸Ñ‚Ð¼Ñƒ контрольних Ñум %s (%d) не "
+"відповідає параметрам отримувача\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "підпиÑуваннÑ:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr ""
+"підпиÑÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚ÐµÐºÑтовим ключем можливе лише за допомогою ключів у форматі PGP "
+"2.x у режимі --pgp2\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "Буде викориÑтано ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ %s\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr ""
+"ключ не було позначено Ñк ненадійний — не можна викориÑтовувати його з "
+"фіктивним RNG!\n"
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "пропущено «%s»: дублюваннÑ\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "пропущено «%s»: %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "пропущено: закритий ключ вже Ñ–Ñнує\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr ""
+"це ключ Elgamal Ñтворений за допомогою PGP, цей ключ недоÑтатньо безпечний "
+"Ð´Ð»Ñ Ð¿Ñ–Ð´Ð¿Ð¸ÑуваннÑ!"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "Ð·Ð°Ð¿Ð¸Ñ Ñ‰Ð¾Ð´Ð¾ довіри %lu, тип %d: помилка запиÑуваннÑ: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# СпиÑок призначених значень довіри, Ñтворено %s\n"
+"# (СкориÑтайтеÑÑ Â«gpg --import-ownertrust» Ð´Ð»Ñ Ñ—Ñ…Ð½ÑŒÐ¾Ð³Ð¾ відновленнÑ)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "помилка у «%s»: %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "занадто довгий Ñ€Ñдок"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr "не виÑтачає двокрапки"
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "некоректний відбиток"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "пропущено Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð¾Ð²Ñ–Ñ€Ð¸ до влаÑника"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "не вдалоÑÑ Ð·Ð½Ð°Ð¹Ñ‚Ð¸ Ð·Ð°Ð¿Ð¸Ñ Ð´Ð¾Ð²Ñ–Ñ€Ð¸ у «%s»: %s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "помилка Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ñƒ «%s»: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "trustdb: помилка Ñинхронізації: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "Ð·Ð°Ð¿Ð¸Ñ trustdb %lu: помилка lseek: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "Ð·Ð°Ð¿Ð¸Ñ trustdb %lu: помилка запиÑу (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "занадто велика Ð¾Ð¿ÐµÑ€Ð°Ñ†Ñ–Ñ trustdb\n"
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "немає доÑтупу до «%s»: %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: каталогу не Ñ–Ñнує!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "не вдалоÑÑ Ñтворити Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Â«%s»\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "не вдалоÑÑ Ð·Ð°Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ñ‚Ð¸ «%s»\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: не вдалоÑÑ Ñтворити Ð·Ð°Ð¿Ð¸Ñ Ñ‰Ð¾Ð´Ð¾ верÑÑ–Ñ—: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: Ñтворено некоректну trustdb\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: Ñтворено trustdb\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "ЗÐУВÐЖЕÐÐЯ: Ð·Ð°Ð¿Ð¸Ñ Ð´Ð¾ trustdb заборонено\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: некоректна trustdb\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: не вдалоÑÑ Ñтворити таблицю хешів: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: помилка Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð·Ð°Ð¿Ð¸Ñу верÑÑ–Ñ—: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: помилка Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð·Ð°Ð¿Ð¸Ñу верÑÑ–Ñ—: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: помилка запиÑÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ð¿Ð¸Ñу верÑÑ–Ñ—: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "trustdb: помилка lseek: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "trustdb: помилка Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: не є файлом trustdb\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: Ð·Ð°Ð¿Ð¸Ñ Ð²ÐµÑ€ÑÑ–Ñ— з номером запиÑу %lu\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: некоректна верÑÑ–Ñ Ñ„Ð°Ð¹Ð»Ð° %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: помилка під Ñ‡Ð°Ñ Ñпроби Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð²Ñ–Ð»ÑŒÐ½Ð¾Ð³Ð¾ запиÑу: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: помилка запиÑÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ð¿Ð¸Ñу каталогу (dir): %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: не вдалоÑÑ Ð¾Ð±Ð½ÑƒÐ»Ð¸Ñ‚Ð¸ запиÑ: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: не вдалоÑÑ Ð´Ð¾Ð´Ð°Ñ‚Ð¸ запиÑ: %s\n"
+
+#: g10/tdbio.c:1512
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "Помилка: trustdb пошкоджено.\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr ""
+"обробка текÑтових Ñ€Ñдків з довжиною, що перевищує %d Ñимволів, неможлива\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "Ñ€Ñдок вхідних даних довший за %d Ñимволів\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "«%s» не є коректним довгим ідентифікатором ключа\n"
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "ключ %s: прийнÑто Ñк надійний ключ\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "ключ %s зуÑтрічаєтьÑÑ Ñƒ trustdb декілька разів\n"
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "ключ %s: немає відкритого ключа Ð´Ð»Ñ Ð½Ð°Ð´Ñ–Ð¹Ð½Ð¾Ð³Ð¾ ключа — пропущено\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "ключ %s позначено Ñк ключ з необмеженою довірою\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "Ð·Ð°Ð¿Ð¸Ñ Ð´Ð¾Ð²Ñ–Ñ€Ð¸ %lu, тип запиту %d: помилка читаннÑ: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "Ð·Ð°Ð¿Ð¸Ñ Ð´Ð¾Ð²Ñ–Ñ€Ð¸ %lu не належить до вказаного типу %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr "Ви можете Ñпробувати повторно Ñтворити trustdb за допомогою команд:\n"
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+"Якщо результат буде незадовільним, будь лаÑка, звернітьÑÑ Ð´Ð¾ підручника\n"
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr ""
+"викориÑÑ‚Ð°Ð½Ð½Ñ Ð½ÐµÐ²Ñ–Ð´Ð¾Ð¼Ð¾Ñ— моделі довіри (%d) неможливе — припуÑкаємо модель "
+"довіри %s\n"
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr "викориÑтовуємо модель довіри %s\n"
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr "10 translator see trustdb.c:uid_trust_string_fixed"
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr "[відклик.]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr "[заÑтаріл]"
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr "[невідома]"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr "[не визн.]"
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr "[неповна ]"
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr "[ повна ]"
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr "[безмежна]"
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr "не визначено"
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr "ніколи"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr "неповна"
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr "повна"
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr "безмежна"
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "потреби у перевірці trustdb немає\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "наÑтупну перевірку trustdb призначено на %s\n"
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "потреби у перевірці trustdb на оÑнові моделі довіри «%s» немає\n"
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "потреби у оновленні trustdb на оÑнові моделі довіри «%s» немає\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "відкритий ключ %s не знайдено: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "будь лаÑка, ÑкориÑтайтеÑÑ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "перевірка trustdb\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "Оброблено %d ключів (очищено %d значень чинноÑÑ‚Ñ–)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "не знайдено ключів з необмеженою довірою\n"
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "не знайдено відкритий ключ ключа з необмеженою довірою %s\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr "потрібно %d обмежених, потрібно %d повних, модель довіри %s\n"
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+"глибина: %d чинніÑÑ‚ÑŒ: %3d підпиÑано: %3d надійніÑÑ‚ÑŒ: %d-, %dq, %dn, %dm, %"
+"df, %du\n"
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "не вдалоÑÑ Ð¾Ð½Ð¾Ð²Ð¸Ñ‚Ð¸ Ð·Ð°Ð¿Ð¸Ñ Ð²ÐµÑ€ÑÑ–Ñ— trustdb: помилка запиÑу: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"не вдалоÑÑ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€Ð¸Ñ‚Ð¸ підпиÑ.\n"
+"Будь лаÑка, пам’Ñтайте, що файл підпиÑу (.sig або .asc)\n"
+"має бути першим файлом, вказаним у командному Ñ€Ñдку.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "у Ñ€Ñдку вхідних даних %u занадто багато Ñимволів або не вказано LF\n"
+
+#: g10/verify.c:253
+#, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ fd %d: %s\n"
+
+#: jnlib/argparse.c:180
+msgid "argument not expected"
+msgstr "неочікуваний аргумент"
+
+#: jnlib/argparse.c:182
+msgid "read error"
+msgstr "помилка читаннÑ"
+
+#: jnlib/argparse.c:184
+msgid "keyword too long"
+msgstr "занадто довге ключове Ñлово"
+
+#: jnlib/argparse.c:186
+msgid "missing argument"
+msgstr "не виÑтачає аргументу"
+
+#: jnlib/argparse.c:188
+msgid "invalid command"
+msgstr "некоректна команда"
+
+#: jnlib/argparse.c:190
+msgid "invalid alias definition"
+msgstr "некоректне Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð°Ð¼Ñ–Ð½Ð½Ð¸ÐºÐ°"
+
+#: jnlib/argparse.c:192
+msgid "out of core"
+msgstr "вихід за межі облаÑÑ‚Ñ– пам’ÑÑ‚Ñ–"
+
+#: jnlib/argparse.c:194
+msgid "invalid option"
+msgstr "некоректний параметр"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr "не вказано аргументу до параметра «%.50s»\n"
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr "Ð´Ð»Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð° «%.50s» аргументи не потрібно вказувати\n"
+
+#: jnlib/argparse.c:207
+#, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "некоректна команда «%.50s»\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr "параметр «%.50s» є неоднозначним\n"
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr "команда «%.50s» є неоднозначною\n"
+
+#: jnlib/argparse.c:213
+msgid "out of core\n"
+msgstr "вихід за межі облаÑÑ‚Ñ– пам’ÑÑ‚Ñ–\n"
+
+#: jnlib/argparse.c:215
+#, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "некоректний параметр «%.50s»\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "ви виÑвили ваду… (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, c-format
+msgid "error loading `%s': %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Â«%s»: %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr "Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð· «%s» у «%s» недоÑтупне\n"
+
+#: jnlib/utf8conv.c:131
+#, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "помилка iconv_open: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "помилка Ð¿ÐµÑ€ÐµÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð· «%s» у «%s»: %s\n"
+
+#: jnlib/dotlock.c:234
+#, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "не вдалоÑÑ Ñтворити тимчаÑовий файл «%s»: %s\n"
+
+#: jnlib/dotlock.c:269
+#, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби запиÑу до «%s»: %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr "Ð²Ð¸Ð»ÑƒÑ‡ÐµÐ½Ð½Ñ Ð·Ð°Ñтарілого файла Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ (Ñтворено %d)\n"
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr " — ймовірно, не викориÑтовуєтьÑÑ â€” знімаємо блокуваннÑ"
+
+#: jnlib/dotlock.c:469
+#, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ (зайнÑто %d%s) %s...\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr "(заÑтаріле блокуваннÑ?) "
+
+#: jnlib/dotlock.c:493
+#, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Â«%s» не виконано: %s\n"
+
+#: jnlib/dotlock.c:501
+#, c-format
+msgid "waiting for lock %s...\n"
+msgstr "Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ %s…\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr "вÑтановити прапорці діагноÑтики"
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr "увімкнути повну діагноÑтику"
+
+#: kbx/kbxutil.c:117
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "ВикориÑтаннÑ: kbxutil [параметри] [файли] (-h — довідка)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+"СинтакÑиÑ: kbxutil [параметри] [файли]\n"
+"переглÑд, екÑпортуваннÑ, Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… Keybox\n"
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr ""
+"Ðе знайдено оÑнови чиÑÐ»ÐµÐ½Ð½Ñ RSA або оÑнова чиÑÐ»ÐµÐ½Ð½Ñ Ð½Ðµ належить до %d-"
+"бітових\n"
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr ""
+"Ðе виÑтачає відкритого показника RSA або розмірніÑÑ‚ÑŒ показника перевищує %d "
+"бітів\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "Зворотний виклик пінкоду повернув Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾ помилку: %s\n"
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr "NullPIN ще не було змінено\n"
+
+#: scd/app-nks.c:1092
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "|N|Вкажіть новий пінкод Ð´Ð»Ñ Ñтандартних ключів."
+
+#: scd/app-nks.c:1093
+msgid "||Please enter the PIN for the standard keys."
+msgstr "||Вкажіть пінкод Ð´Ð»Ñ Ñтандартних ключів."
+
+#: scd/app-nks.c:1099
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr ""
+"|NP|Будь лаÑка, вкажіть новий код Ñ€Ð¾Ð·Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð½ÐºÐ¾Ð´Ñƒ (PUK) Ð´Ð»Ñ "
+"Ñтандартних ключів."
+
+#: scd/app-nks.c:1101
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr ""
+"|P|Будь лаÑка, вкажіть код Ñ€Ð¾Ð·Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð½ÐºÐ¾Ð´Ñƒ (PUK) Ð´Ð»Ñ Ñтандартних "
+"ключів."
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+"|N|Будь лаÑка, вкажіть новий пінкод Ð´Ð»Ñ ÐºÐ»ÑŽÑ‡Ð°, призначеного Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ "
+"ÑкіÑних підпиÑів."
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+"||Будь лаÑка, вкажіть пінкод Ð´Ð»Ñ ÐºÐ»ÑŽÑ‡Ð°, призначеного Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÑкіÑних "
+"підпиÑів."
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|NP|Будь лаÑка, вкажіть новий код Ñ€Ð¾Ð·Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð½ÐºÐ¾Ð´Ñƒ (PUK) Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ "
+"ÑкіÑних підпиÑів."
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+"|P|Будь лаÑка, вкажіть код Ñ€Ð¾Ð·Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð½ÐºÐ¾Ð´Ñƒ (PUK) Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÑкіÑних "
+"підпиÑів."
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ пінкоду: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "не вдалоÑÑ Ð·Ð±ÐµÑ€ÐµÐ³Ñ‚Ð¸ відбиток: %s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "не вдалоÑÑ Ð·Ð±ÐµÑ€ÐµÐ³Ñ‚Ð¸ дату ÑтвореннÑ: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "помилка Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¾Ð³Ð¾ ключа: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "відповідь не міÑтить даних відкритого ключа\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "відповідь не міÑтить оÑнови чиÑÐ»ÐµÐ½Ð½Ñ RSA\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "відповідь не міÑтить відкритого показника RSA\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr "викориÑтовуємо типовий пінкод Ñк %s\n"
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+"не вдалоÑÑ Ð²Ð¸ÐºÐ¾Ñ€Ð¸Ñтати типовий пінкод Ñк %s: %s — вимикаємо подальше типове "
+"викориÑтаннÑ\n"
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||Будь лаÑка, вкажіть пінкод%%0A[підпиÑів: %lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+msgid "||Please enter the PIN"
+msgstr "||Вкажіть пінкод"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "Пінкод Ð´Ð»Ñ CHV%d занадто короткий; мінімальна довжина — %d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "помилка перевірки CHV%d: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "помилка Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ñтану CHV з картки\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "картку заблоковано!\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr ""
+"залишилоÑÑ %d Ñпроб Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð°Ð´Ð¼Ñ–Ð½Ñ–Ñтративного пінкоду перед тим, Ñк "
+"картку буде оÑтаточно заблоковано\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr ""
+"|A|Будь лаÑка, вкажіть адмініÑтративний пінкод%%0A[залишилоÑÑ Ñпроб: %d]"
+
+#: scd/app-openpgp.c:1680
+msgid "|A|Please enter the Admin PIN"
+msgstr "|A|Вкажіть адмініÑтративний пінкод"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "доÑтуп до адмініÑтративних команд не налаштовано\n"
+
+#: scd/app-openpgp.c:2035
+msgid "||Please enter the Reset Code for the card"
+msgstr "||Вкажіть код ÑÐºÐ¸Ð´Ð°Ð½Ð½Ñ ÐºÐ¾Ð´Ñƒ картки"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "Занадто короткий код ÑкиданнÑ; мінімальна довжина — %d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr "|RN|Ðовий код ÑкиданнÑ"
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr "|AN|Ðовий адмініÑтративний пінкод"
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr "|N|Ðовий пінкод"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "помилка Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… програми\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "помилка Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð²Ñ–Ð´Ð±Ð¸Ñ‚ÐºÐ° DO\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "ключ вже Ñ–Ñнує\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "вже Ñтворений ключ буде замінено\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ ключа\n"
+
+#: scd/app-openpgp.c:2202
+msgid "writing new key\n"
+msgstr "запиÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð¾Ð²Ð¾Ð³Ð¾ ключа\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr "не вказано чаÑової позначки ÑтвореннÑ\n"
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr ""
+"Ðе знайдено проÑтого чиÑла RSA %s або чиÑло не належить до %d-бітових\n"
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "не вдалоÑÑ Ð·Ð±ÐµÑ€ÐµÐ³Ñ‚Ð¸ ключ: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "зачекайте на Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð°...\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "помилка під Ñ‡Ð°Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð°\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° завершено (за %d Ñекунд)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "некоректна Ñтруктура картки OpenPGP (DO 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr "відбиток на картці не відповідає запитаному\n"
+
+#: scd/app-openpgp.c:3099
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "карткою не підтримуєтьÑÑ Ð°Ð»Ð³Ð¾Ñ€Ð¸Ñ‚Ð¼ контрольних Ñум %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "вже Ñтворено підпиÑів: %lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr "перевірку адмініÑтративного пінкоду заборонено цією командою\n"
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ доÑтуп до %s — некоректна картка OpenPGP?\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr "||Вкажіть ваш пінкод за допомогою клавіатурної панелі зчитувача"
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr "|N|Початковий новий пінкод"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr "запуÑтити у режимі декількох Ñерверів (оÑновному режимі)"
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr "|LEVEL|вÑтановити вказаний рівень діагноÑтики"
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+msgid "|FILE|write a log to FILE"
+msgstr "|FILE|запиÑувати журнал до файла"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr "|N|з’єднатиÑÑ Ð·Ñ– зчитувачем на вказаному порту"
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|NAME|викориÑтовувати вказаний драйвер ct-API"
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|NAME|викориÑтовувати вказаний драйвер PC/SC"
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr "не викориÑтовувати вбудованого драйвера CCID"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr "|N|від’єднати бездіÑльну вказану кількіÑÑ‚ÑŒ Ñекунд картку"
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr "не викориÑтовувати додаткову клавіатуру зчитувача"
+
+#: scd/scdaemon.c:144
+msgid "deny the use of admin card commands"
+msgstr "заборонити викориÑÑ‚Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´ з адмініÑÑ‚Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ°Ñ€Ñ‚ÐºÐ¸"
+
+#: scd/scdaemon.c:259
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "ВикориÑтаннÑ: scdaemon [параметри] (-h — довідка)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+"СинтакÑиÑ: scdaemon [параметри] [команди [аргументи]]\n"
+"Фонова Ñлужба карток пам’ÑÑ‚Ñ– Ð´Ð»Ñ GnuPG\n"
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+"будь лаÑка, ÑкориÑтайтеÑÑ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ «--daemon» Ð´Ð»Ñ Ð·Ð°Ð¿ÑƒÑку програми у "
+"фоновому режимі\n"
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr "запущено запуÑк обробки Ð´Ð»Ñ Ð´ÐµÑкриптора %d\n"
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr "роботу обробника Ð´Ð»Ñ Ð´ÐµÑкриптора %d перервано\n"
+
+#: sm/base64.c:325
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "пропущено некоректний Ñимвол radix64 %02x\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "не вдалоÑÑ Ð¿Ñ€Ð¾Ð¿ÑƒÑтити через прокÑÑ– запит %s до клієнта\n"
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr "dirmngr не запущено — запуÑкаємо «%s»\n"
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "помилкове Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð¼Ñ–Ð½Ð½Ð¾Ñ— Ñередовища DIRMNGR_INFO\n"
+
+#: sm/call-dirmngr.c:297
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "підтримки протоколу dirmngr верÑÑ–Ñ— %d не передбачено\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+"не вдалоÑÑ Ð²Ñтановити Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· dirmngr — намагаємоÑÑ ÑкориÑтатиÑÑ "
+"резервним\n"
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr "модель перевірки, запитана Ñертифікатом: %s"
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr "ланцюжок"
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+msgid "shell"
+msgstr "оболонка"
+
+#: sm/certchain.c:258
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "не підтримуєтьÑÑ ÐºÑ€Ð¸Ñ‚Ð¸Ñ‡Ð½Ðµ Ñ€Ð¾Ð·ÑˆÐ¸Ñ€ÐµÐ½Ð½Ñ Ñертифікації %s"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr "Ñертифікат Ð²Ð¸Ð´Ð°Ð²Ñ†Ñ Ð½Ðµ позначено Ñк Ñертифікат Ñлужби Ñертифікації (CA)"
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr "правила, позначені Ñк критичні, без налаштуваннÑ"
+
+#: sm/certchain.c:345
+#, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ «%s»: %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr "зауваженнÑ: заборонено некритичні правила Ñертифікації"
+
+#: sm/certchain.c:357 sm/certchain.c:386
+msgid "certificate policy not allowed"
+msgstr "заборонено правила Ñертифікації"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr "пошук Ð²Ð¸Ð´Ð°Ð²Ñ†Ñ Ð·Ð° зовнішньою адреÑою\n"
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr "кількіÑÑ‚ÑŒ відповідних видавців: %d\n"
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr "пошук Ð²Ð¸Ð´Ð°Ð²Ñ†Ñ Ñƒ кеші dirmngr\n"
+
+#: sm/certchain.c:585
+#, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "кількіÑÑ‚ÑŒ відповідних Ñертифікатів: %d\n"
+
+#: sm/certchain.c:587
+#, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "помилка пошуку ключів лише з dirmngr: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+msgid "failed to allocated keyDB handle\n"
+msgstr "не вдалоÑÑ Ñ€Ð¾Ð·Ð¼Ñ–Ñтити обробник keyDB\n"
+
+#: sm/certchain.c:925
+msgid "certificate has been revoked"
+msgstr "Ñертифікат відкликано"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr "Ñтан Ñертифікату Ñ” невідомим"
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr "будь лаÑка, переконайтеÑÑ, що «dirmngr» вÑтановлено належним чином\n"
+
+#: sm/certchain.c:953
+#, c-format
+msgid "checking the CRL failed: %s"
+msgstr "помилка під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ CRL: %s"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "Ñертифікат з некоректною чинніÑÑ‚ÑŽ: %s"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr "Ñертифікат ще не набув чинноÑÑ‚Ñ–"
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+msgid "root certificate not yet valid"
+msgstr "кореневий Ñертифікат ще не набув чинноÑÑ‚Ñ–"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr "проміжний Ñертифікат ще не набув чинноÑÑ‚Ñ–"
+
+#: sm/certchain.c:1012
+msgid "certificate has expired"
+msgstr "Ñтрок дії Ñертифіката завершивÑÑ"
+
+#: sm/certchain.c:1013
+msgid "root certificate has expired"
+msgstr "Ñтрок дії кореневого Ñертифіката завершивÑÑ"
+
+#: sm/certchain.c:1014
+msgid "intermediate certificate has expired"
+msgstr "Ñтрок дії проміжного Ñертифіката завершивÑÑ"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr "не виÑтачає обов’Ñзкових атрибутів Ñертифіката: %s%s%s"
+
+#: sm/certchain.c:1065
+msgid "certificate with invalid validity"
+msgstr "Ñертифікат з некоректною чинніÑÑ‚ÑŽ"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr "Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð½Ðµ було Ñтворено під Ñ‡Ð°Ñ Ñтроку дії Ñертифіката"
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr "Ñертифікат не було Ñтворено під Ñ‡Ð°Ñ Ñтроку чинноÑÑ‚Ñ– видавцÑ"
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr "проміжний Ñертифікат не було Ñтворено під Ñ‡Ð°Ñ Ñтроку чинноÑÑ‚Ñ– видавцÑ"
+
+#: sm/certchain.c:1109
+msgid " ( signature created at "
+msgstr " ( Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ñтворено "
+
+#: sm/certchain.c:1110
+msgid " (certificate created at "
+msgstr " ( Ñертифікат Ñтворено "
+
+#: sm/certchain.c:1113
+msgid " (certificate valid from "
+msgstr " ( Ñертифікат чинний з "
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr " ( видавець чинний з "
+
+#: sm/certchain.c:1144
+#, c-format
+msgid "fingerprint=%s\n"
+msgstr "відбиток=%s\n"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr "кореневий Ñертифікат було позначено Ñк надійний\n"
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr "не увімкнено інтерактивне Ð¿Ð¾Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð½Ð°Ð´Ñ–Ð¹Ð½Ð¾ÑÑ‚Ñ– у gpg-agent\n"
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr "інтерактивне Ð¿Ð¾Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð½Ð°Ð´Ñ–Ð¹Ð½Ð¾ÑÑ‚Ñ– вимкнено Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ ÑеанÑу\n"
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr "УВÐГÐ: невідомий Ñ‡Ð°Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñу — припуÑкаємо поточний чаÑ"
+
+#: sm/certchain.c:1293
+msgid "no issuer found in certificate"
+msgstr "у Ñертифікаті не було знайдено даних щодо видавцÑ"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr "ÑамопідпиÑаний Ñертифікат має ПОМИЛКОВИЙ підпиÑ"
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr "кореневий Ñертифікат не позначено Ñк надійний"
+
+#: sm/certchain.c:1448
+#, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "помилка перевірки ÑпиÑку довіри: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr "занадто довгий ланцюжок Ñертифікації\n"
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr "не знайдено Ð²Ð¸Ð´Ð°Ð²Ñ†Ñ Ñертифіката"
+
+#: sm/certchain.c:1522
+msgid "certificate has a BAD signature"
+msgstr "Ñертифікат має ПОМИЛКОВИЙ підпиÑ"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+"виÑвлено інший можливий відповідний Ñертифікат Ñлужби Ñертифікації (CA) — "
+"повторюємо Ñпробу"
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr "ланцюжок Ñертифікації Ñ” довшим за дозволений CA (%d)"
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+msgid "certificate is good\n"
+msgstr "Ñертифікат Ñ” належним\n"
+
+#: sm/certchain.c:1645
+msgid "intermediate certificate is good\n"
+msgstr "належний проміжний Ñертифікат\n"
+
+#: sm/certchain.c:1646
+msgid "root certificate is good\n"
+msgstr "належний кореневий Ñертифікат\n"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr "перемикаємоÑÑ Ð½Ð° ланцюгову модель"
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr "викориÑтана модель перевірки: %s"
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr "Ключ %s викориÑтовує недоÑтатньо міцний (%u-бітовий) хеш\n"
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr "%u-бітовий хеш не Ñ” коректним Ð´Ð»Ñ %u-бітового ключа %s\n"
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr "(це алгоритм MD2)\n"
+
+#: sm/certdump.c:60 sm/certdump.c:143
+msgid "none"
+msgstr "немає"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+msgid "[Error - invalid encoding]"
+msgstr "[Помилка — некоректне кодуваннÑ]"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr "[Помилка — вихід за межі пам’ÑÑ‚Ñ–]"
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr "[Помилка — немає назви]"
+
+#: sm/certdump.c:679 sm/certdump.c:738
+msgid "[Error - invalid DN]"
+msgstr "[Помилка — некоректний DN]"
+
+#: sm/certdump.c:948
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"Будь лаÑка, вкажіть пароль Ð´Ð»Ñ Ñ€Ð¾Ð·Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°ÐºÑ€Ð¸Ñ‚Ð¾Ð³Ð¾ ключа Ð´Ð»Ñ Ñертифіката "
+"X.509:\n"
+"«%s»\n"
+"С/Р%s, ідентифікатор 0x%08lX,\n"
+"Ñтворено %s, заÑтаріває %s.\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr "не вказано викориÑÑ‚Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° — припуÑкаємо вÑÑ– можливі викориÑтаннÑ\n"
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… щодо викориÑÑ‚Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð°: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr "Ñертифікат не мав викориÑтовуватиÑÑ Ð´Ð»Ñ Ñертифікації\n"
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr "Ñертифікат не мав викориÑтовуватиÑÑ Ð´Ð»Ñ Ð¿Ñ–Ð´Ð¿Ð¸ÑÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´ÐµÐ¹ OCSP\n"
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr "Ñертифікат не мав викориÑтовуватиÑÑ Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ\n"
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr "Ñертифікат не мав викориÑтовуватиÑÑ Ð´Ð»Ñ Ð¿Ñ–Ð´Ð¿Ð¸ÑуваннÑ\n"
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr "Ñертифікат непридатний Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ\n"
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr "Ñертифікат непридатний Ð´Ð»Ñ Ð¿Ñ–Ð´Ð¿Ð¸ÑуваннÑ\n"
+
+#: sm/certreqgen.c:474
+#, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "Ñ€Ñдок %d: некоректний алгоритм\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+"Ñ€Ñдок %d: некоректна довжина ключа %u (коректні значеннÑ: від %d до %d)\n"
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr "Ñ€Ñдок %d: не вказано назви призначеннÑ\n"
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr "Ñ€Ñдок %d: некоректна мітка назви Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Â«%.*s»\n"
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr "Ñ€Ñдок %d: некоректна назва Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Â«%s» на позиції %d\n"
+
+#: sm/certreqgen.c:534
+#, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "Ñ€Ñдок %d: некоректна адреÑа електронної пошти\n"
+
+#: sm/certreqgen.c:546
+#, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "Ñ€Ñдок %d: помилка Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° «%s» з картки: %s\n"
+
+#: sm/certreqgen.c:558
+#, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr ""
+"Ñ€Ñдок %d: помилка під Ñ‡Ð°Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° за допомогою keygrip «%s»: %s\n"
+
+#: sm/certreqgen.c:574
+#, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "Ñ€Ñдок %d: помилка ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð°: %s <%s>\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+"Щоб завершити цей запит щодо Ñертифікації, будь лаÑка, ще раз вкажіть пароль "
+"Ð´Ð»Ñ ÐºÐ»ÑŽÑ‡Ð°, Ñкий ви щойно Ñтворили.\n"
+
+#: sm/certreqgen-ui.c:158
+#, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA\n"
+
+#: sm/certreqgen-ui.c:159
+#, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) Вже запиÑаний ключ\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr " (%d) Вже запиÑаний ключ з картки\n"
+
+#: sm/certreqgen-ui.c:202
+msgid "Enter the keygrip: "
+msgstr "Вкажіть keygrip: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr "Ðекоректний keygrip (мало бути вказано 40 шіÑтнадцÑткових цифр)\n"
+
+#: sm/certreqgen-ui.c:212
+msgid "No key with this keygrip\n"
+msgstr "Ðемає ключів з таким значеннÑм keygrip\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, c-format
+msgid "error reading the card: %s\n"
+msgstr "помилка Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ ÐºÐ°Ñ€Ñ‚ÐºÐ¸: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "Серійний номер картки: %s\n"
+
+#: sm/certreqgen-ui.c:245
+msgid "Available keys:\n"
+msgstr "ДоÑтупні ключі:\n"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "Можливі дії Ð´Ð»Ñ ÐºÐ»ÑŽÑ‡Ð° %s:\n"
+
+#: sm/certreqgen-ui.c:277
+#, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) підпиÑуваннÑ, шифруваннÑ\n"
+
+#: sm/certreqgen-ui.c:278
+#, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) підпиÑуваннÑ\n"
+
+#: sm/certreqgen-ui.c:279
+#, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) шифруваннÑ\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr "Вкажіть назву Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ X.509: "
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr "Ðе вказано назви призначеннÑ\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr "Ðекоректна мітка назви Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Â«%.*s»\n"
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "Ðекор. назва призн. «%s»\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+
+#: sm/certreqgen-ui.c:334
+msgid "Enter email addresses"
+msgstr "Вкажіть адреÑи ел.пошти"
+
+#: sm/certreqgen-ui.c:335
+msgid " (end with an empty line):\n"
+msgstr " (завершіть порожнім Ñ€Ñдком):\n"
+
+#: sm/certreqgen-ui.c:339
+msgid "Enter DNS names"
+msgstr "Вкажіть назви DNS"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+msgid " (optional; end with an empty line):\n"
+msgstr " (необов’Ñзковий; завершуєтьÑÑ Ð¿Ð¾Ñ€Ð¾Ð¶Ð½Ñ–Ð¼ Ñ€Ñдком):\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr "Вкажіть адреÑи"
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr "Параметри, Ñкі буде викориÑтано Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ñƒ Ñертифікації:\n"
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+"Створюємо запит щодо Ñертифікації. Його обробка триватиме певний чаÑ…\n"
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+"Готово. Тепер вам Ñлід надіÑлати цей запит до вашої Ñлужби Ñертифікації "
+"(CA).\n"
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr "проблема з реÑурÑами: вихід за межі пам’ÑÑ‚Ñ–\n"
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr "(це алгоритм RC2)\n"
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr "(здаєтьÑÑ, це не зашифроване повідомленнÑ)\n"
+
+#: sm/delete.c:51 sm/delete.c:112
+#, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "Ñертифіката «%s» не знайдено: %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, c-format
+msgid "error locking keybox: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ñховища ключів: %s\n"
+
+#: sm/delete.c:143
+#, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "вилучено дублікат Ñертифіката «%s»\n"
+
+#: sm/delete.c:145
+#, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "Ñертифікат «%s» вилучено\n"
+
+#: sm/delete.c:175
+#, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð²Ð¸Ð»ÑƒÑ‡ÐµÐ½Ð½Ñ Ñертифіката «%s»: %s\n"
+
+#: sm/encrypt.c:321
+msgid "no valid recipients given\n"
+msgstr "не вказано коректних отримувачів\n"
+
+#: sm/gpgsm.c:197
+msgid "list external keys"
+msgstr "показати ключ зовнішніх ключів"
+
+#: sm/gpgsm.c:199
+msgid "list certificate chain"
+msgstr "показати ланцюжок Ñертифікації"
+
+#: sm/gpgsm.c:206
+msgid "import certificates"
+msgstr "імпортувати Ñертифікати"
+
+#: sm/gpgsm.c:207
+msgid "export certificates"
+msgstr "екÑпортувати Ñертифікати"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr "зареєÑтрувати картку пам’ÑÑ‚Ñ–"
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr "передати команду dirmngr"
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr "виклик gpg-protect-tool"
+
+#: sm/gpgsm.c:230
+msgid "create base-64 encoded output"
+msgstr "Ñтворити дані, закодовані у BASE64"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr "вважати вхідні дані даними у форматі PEM"
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr "вважати вхідні дані даними у форматі BASE64"
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr "вважати вхідні дані даними у двійковому форматі"
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr "викориÑтовувати доÑтупний ÑиÑтемний dirmngr"
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr "не викориÑтовувати СÐС"
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr "перевірÑти чинніÑÑ‚ÑŒ за допомогою OCSP"
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr "кількіÑÑ‚ÑŒ Ñертифікатів, Ñкі Ñлід включити"
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr "взÑти дані щодо правил з вказаного файла"
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr "не перевірÑти правила Ñертифікатів"
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr "ÐадіÑлати запит щодо незнайдених Ñертифікатів видавцÑ"
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "взагалі не викориÑтовувати термінал"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr "запиÑувати журнал режиму Ñервера до файла"
+
+#: sm/gpgsm.c:290
+msgid "|FILE|write an audit log to FILE"
+msgstr "запиÑувати журнал перевірки до файла"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "пакетний режим: нічого не запитувати"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "вважати відповіддю на більшіÑÑ‚ÑŒ питань «так»"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "вважати відповіддю на більшіÑÑ‚ÑŒ питань «ні»"
+
+#: sm/gpgsm.c:298
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "додати Ñховище ключів до ÑпиÑку Ñховищ ключів"
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr ""
+"|USER-ID|викориÑтовувати ідентифікатор кориÑтувача Ñк типовий закритий ключ"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "викориÑтовувати цей Ñервер ключів Ð´Ð»Ñ Ð¿Ð¾ÑˆÑƒÐºÑƒ"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|NAME|викориÑтовувати вказаний алгоритм шифруваннÑ"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr ""
+"|NAME|викориÑтовувати вказаний алгоритм обчиÑÐ»ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»ÑŒÐ½Ð¾Ñ— Ñуми "
+"повідомленнÑ"
+
+#: sm/gpgsm.c:522
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "ВикориÑтаннÑ: gpgsm [параметри] [файли] (-h — довідка)"
+
+#: sm/gpgsm.c:525
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"СинтакÑиÑ: gpgsm [параметри] [файли]\n"
+"ПідпиÑуваннÑ, перевірка підпиÑів, ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð°Ð±Ð¾ Ñ€Ð¾Ð·ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð° допомогою "
+"протоколу S/MIME\n"
+"Типова Ð´Ñ–Ñ Ð·Ð°Ð»ÐµÐ¶Ð°Ñ‚Ð¸Ð¼Ðµ від вхідних даних\n"
+
+#: sm/gpgsm.c:617
+msgid "usage: gpgsm [options] "
+msgstr "викориÑтаннÑ: gpgsm [параметри] "
+
+#: sm/gpgsm.c:739
+#, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "ЗÐУВÐЖЕÐÐЯ: не вдаÑÑ‚ÑŒÑÑ Ð·Ð°ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ñ‚Ð¸ до «%s»: %s\n"
+
+#: sm/gpgsm.c:750
+#, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "невідома модель перевірки «%s»\n"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: не вказано назви вузла\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: вказано пароль, але не вказано кориÑтувача\n"
+
+#: sm/gpgsm.c:841
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: пропуÑкаємо цей Ñ€Ñдок\n"
+
+#: sm/gpgsm.c:1376
+msgid "could not parse keyserver\n"
+msgstr "не вдалоÑÑ Ð¾Ð±Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸ Ñервер ключів\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr "УВÐГÐ: запущено з фіктивним ÑиÑтемним чаÑом: "
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "імпортуємо загальні Ñертифікати «%s»\n"
+
+#: sm/gpgsm.c:1597
+#, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "підпиÑÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð° допомогою «%s» неможливе: %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr "некоректна команда (немає неÑвної команди)\n"
+
+#: sm/import.c:111
+#, c-format
+msgid "total number processed: %lu\n"
+msgstr "загалом оброблено: %lu\n"
+
+#: sm/import.c:230
+msgid "error storing certificate\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ñертифіката\n"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ð¾Ñновних перевірок Ñертифіката — не імпортовано\n"
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+msgid "failed to allocate keyDB handle\n"
+msgstr "не вдалоÑÑ Ñ€Ð¾Ð·Ð¼Ñ–Ñтити деÑкриптор keyDB\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð¸Ñ… прапорців: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, c-format
+msgid "error importing certificate: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñертифіката: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, c-format
+msgid "error reading input: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð²Ñ…Ñ–Ð´Ð½Ð¸Ñ… даних: %s\n"
+
+#: sm/keydb.c:187
+#, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñховища ключів «%s»: %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr "вам варто Ñпочатку запуÑтити gpg-agent\n"
+
+#: sm/keydb.c:195
+#, c-format
+msgid "keybox `%s' created\n"
+msgstr "Ñтворено Ñховище ключів «%s»\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+msgid "failed to get the fingerprint\n"
+msgstr "не вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ відбиток\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr "проблем з пошуком вже Ñтвореного Ñертифіката: %s\n"
+
+#: sm/keydb.c:1348
+#, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби знайти придатну до запиÑу keyDB: %s\n"
+
+#: sm/keydb.c:1356
+#, c-format
+msgid "error storing certificate: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ñертифіката: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "проблема з повторним пошуком Ñертифіката: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, c-format
+msgid "error storing flags: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ð¿Ð¾Ð·Ð½Ð°Ñ‡Ð¾Ðº: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr "Помилка - "
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+"GPG_TTY не вÑтановлено — можливе викориÑÑ‚Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´Ñ€Ð¾Ð±Ð½Ð¾Ð³Ð¾ типового значеннÑ\n"
+
+#: sm/qualified.c:105
+#, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "некоректне Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñ–Ð´Ð±Ð¸Ñ‚ÐºÐ° у «%s», Ñ€Ñдок %d\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr "некоректний код країни у «%s», Ñ€Ñдок %d\n"
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+"Ви робите Ñпробу ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñу за допомогою вашого Ñертифіката:\n"
+"«%s»\n"
+"Буде Ñтворено ÑкіÑний підпиÑ, юридично еквівалентний рукопиÑному підпиÑу.\n"
+"\n"
+"%s%sВи Ñправді хочете це зробити?"
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+"Зауважте, що це програмне Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ Ð½Ðµ Ñ” офіційно Ñхваленим Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ "
+"або перевірки таких підпиÑів.\n"
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+"Ви робите Ñпробу ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñу за допомогою вашого Ñертифіката:\n"
+"«%s»\n"
+"Зауважте, що цей Ñертифікат ÐЕ Ñтворюватиме ÑкіÑного підпиÑу!"
+
+#: sm/sign.c:449
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr ""
+"підтримки алгоритму Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ %d (%s) Ð´Ð»Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñувальника %d не передбачено; "
+"викориÑтовуємо %s\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr "алгоритм хешуваннÑ, викориÑтаний Ð´Ð»Ñ Ð¿Ñ–Ð´Ð¿Ð¸Ñувача %d: %s (%s)\n"
+
+#: sm/sign.c:513
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "помилка перевірки ÑкоÑÑ‚Ñ– Ñертифікатів: %s\n"
+
+#: sm/verify.c:449
+msgid "Signature made "
+msgstr "ÐŸÑ–Ð´Ð¿Ð¸Ñ Ñтворено "
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr "[дату не вказано]"
+
+#: sm/verify.c:454
+#, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr " викориÑтовуємо ідентифікатор Ñертифіката 0x%08lX\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+"некоректний підпиÑ: атрибут контрольної Ñуми Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð½Ðµ збігаєтьÑÑ Ð· "
+"обчиÑленою Ñумою\n"
+
+#: sm/verify.c:594
+msgid "Good signature from"
+msgstr "Правильний Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð²Ñ–Ð´"
+
+#: sm/verify.c:595
+msgid " aka"
+msgstr " або"
+
+#: sm/verify.c:613
+msgid "This is a qualified signature\n"
+msgstr "Це ÑкіÑний підпиÑ\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+msgid "quiet"
+msgstr "без повідомлень"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr "вивеÑти дані у шіÑтнадцÑтковому форматі"
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr "декодувати отримані Ñ€Ñдки даних"
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr "|NAME|вÑтановити Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· вказаним Ñокетом Assuan"
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr "запуÑтити Ñервер Assuan, вказаний у командному Ñ€Ñдку"
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr "не викориÑтовувати розширений режим з’єднаннÑ"
+
+#: tools/gpg-connect-agent.c:80
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|FILE|виконати команди з вказаного файла під Ñ‡Ð°Ñ Ð·Ð°Ð¿ÑƒÑку"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr "виконати /subst під Ñ‡Ð°Ñ Ð·Ð°Ð¿ÑƒÑку"
+
+#: tools/gpg-connect-agent.c:184
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "ВикориÑтаннÑ: gpg-connect-agent [параметри] (-h — довідка)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+"СинтакÑиÑ: gpg-connect-agent [параметри]\n"
+"Ð’Ñтановити Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· запущеним агентом Ñ– надіÑлати команди\n"
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+"щоб ÑкориÑтатиÑÑ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð¾Ð¼ «%s», Ñлід вказати програму та додаткові "
+"аргументи\n"
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr "параметр «%s» проігноровано через «%s»\n"
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, c-format
+msgid "receiving line failed: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ñ€Ñдка: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+msgid "line too long - skipped\n"
+msgstr "Ñ€Ñдок Ñ” надто довгим, його пропущено\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr "Ñ€Ñдок Ñкорочено через вбудований Ñимвол Nul\n"
+
+#: tools/gpg-connect-agent.c:1743
+#, c-format
+msgid "unknown command `%s'\n"
+msgstr "невідома команда «%s»\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, c-format
+msgid "sending line failed: %s\n"
+msgstr "помилка надÑÐ¸Ð»Ð°Ð½Ð½Ñ Ñ€Ñдка: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, c-format
+msgid "error sending %s command: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби надÑÐ¸Ð»Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸ %s: %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, c-format
+msgid "error sending standard options: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби надÑÐ¸Ð»Ð°Ð½Ð½Ñ Ñтандартних параметрів: %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr "Параметри ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ñ–Ð°Ð³Ð½Ð¾Ñтичним виводом"
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr "Параметри ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñми"
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr "Параметри діагноÑтики"
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr "|FILE|запиÑувати журнал режиму Ñервера до файла"
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr "Параметри ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ñ…Ð¸Ñтом"
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr "|N|завершувати Ñтрок дії ключів SSH за N Ñекунд"
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr "|N|вÑтановити макÑимальний Ñтрок дії кешу пінкодів у Ñекундах"
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr "|N|вÑтановити макÑимальний Ñтрок дії ключа SSH у Ñекундах"
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr "Параметри примуÑового викориÑÑ‚Ð°Ð½Ð½Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð» паролів"
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr "не дозволÑти обхід правил паролів"
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr "|N|вÑтановити вказану мінімальну довжину нових паролів"
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr "|N|вимагати у нових паролÑÑ… не менше вказаної кількоÑÑ‚Ñ– нелітер"
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr "|FILE|перевірÑти нові паролі за зразком з вказаного файла"
+
+#: tools/gpgconf-comp.c:557
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|завершувати Ñтрок дії паролів за вказану кількіÑÑ‚ÑŒ днів"
+
+#: tools/gpgconf-comp.c:561
+msgid "do not allow the reuse of old passphrases"
+msgstr "не дозволÑти повторне викориÑÑ‚Ð°Ð½Ð½Ñ Ñтарих паролів"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|NAME|викориÑтовувати вказаний типовий закритий ключ"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|NAME|шифрувати також до вказаного ідентифікатора кориÑтувача"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr "|SPEC|вÑтановити замінники адреÑи електронної пошти"
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ñерверів ключів"
+
+#: tools/gpgconf-comp.c:688
+msgid "|URL|use keyserver at URL"
+msgstr "|URL|викориÑтовувати Ñервер ключів за адреÑою"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr "дозволити пошук PKA (запити до DNS)"
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+"|MECHANISMS|викориÑтовувати вказаний механізм Ð´Ð»Ñ Ð¿Ð¾ÑˆÑƒÐºÑƒ ключів за адреÑою"
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr "заборонити доÑтуп до dirmngr"
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "викориÑтовувати вказане ÐºÐ¾Ð´ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð¿Ð°Ñ€Ð¾Ð»Ñ–Ð² PKCS#12"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr "не шукати у ÑпиÑках відкликаних Ñертифікатів кореневі Ñертифікати"
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr "Параметри ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ„Ð¾Ñ€Ð¼Ð°Ñ‚Ð¾Ð¼ виведеннÑ"
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr "Параметри ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ–Ð½Ñ‚ÐµÑ€Ð°ÐºÑ‚Ð¸Ð²Ð½Ñ–ÑÑ‚ÑŽ та примуÑом"
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ñерверів HTTP"
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr "викориÑтовувати загальноÑиÑтемний прокÑÑ–-Ñервер HTTP"
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ Ñерверів LDAP"
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr "ÑпиÑок Ñерверів LDAP"
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ OCSP"
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr "Помилка зовнішньої перевірки компонента %s"
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr "Зауважте, що Ñпецифікації груп буде проігноровано\n"
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr "показати ÑпиÑок вÑÑ–Ñ… компонентів"
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr "перевірити вÑÑ– програми"
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr "|COMPONENT|показати ÑпиÑок параметрів"
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr "|COMPONENT|змінити параметри"
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr "|COMPONENT|перевірити параметри"
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr "заÑтоÑувати загальні типові значеннÑ"
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr "отримати назви каталогів налаштувань Ð´Ð»Ñ gpgconf"
+
+#: tools/gpgconf.c:72
+msgid "list global configuration file"
+msgstr "показати загальний файл налаштувань"
+
+#: tools/gpgconf.c:74
+msgid "check global configuration file"
+msgstr "перевірити загальний файл налаштувань"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "викориÑтати файл Ð´Ð»Ñ Ð²Ð¸Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ…"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr "Ñкщо можна, задіÑти зміни у динамічному режимі"
+
+#: tools/gpgconf.c:105
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "ВикориÑтаннÑ: gpgconf [параметри] (-h — довідка)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+"СинтакÑиÑ: gpgconf [параметри]\n"
+"ÐšÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð°Ð¼Ð¸ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ–Ð½Ñтрументів ÑиÑтеми GnuPG\n"
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+msgid "usage: gpgconf [options] "
+msgstr "викориÑтаннÑ: gpgconf [параметри] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr "Слід вказати один аргумент компонента"
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+msgid "Component not found"
+msgstr "Компонент не знайдено"
+
+#: tools/gpgconf.c:284
+msgid "No argument allowed"
+msgstr "Ðе можна вказувати аргументів"
+
+#: tools/symcryptrun.c:154
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@\n"
+"Команди:\n"
+" "
+
+#: tools/symcryptrun.c:156
+msgid "decryption modus"
+msgstr "ÑпоÑіб розшифруваннÑ"
+
+#: tools/symcryptrun.c:157
+msgid "encryption modus"
+msgstr "ÑпоÑіб шифруваннÑ"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr "ÐºÐ»Ð°Ñ Ñ–Ð½Ñтрумента (confucius)"
+
+#: tools/symcryptrun.c:162
+msgid "program filename"
+msgstr "назва файла програми"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr "файл закритого ключа (обов’Ñзковий)"
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr "назва файла виведених даних (типово stdin)"
+
+#: tools/symcryptrun.c:209
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "ВикориÑтаннÑ: symcryptrun [параметри] (-h — довідка)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+"СинтакÑиÑ: symcryptrun --class КЛÐС --program ПРОГРÐМР--keyfile ФÐЙЛ_КЛЮЧР"
+"[параметри...] КОМÐÐДР[файл_вхідних_даних]\n"
+"Виклик інÑтрумента проÑтого Ñиметричного шифруваннÑ\n"
+
+#: tools/symcryptrun.c:281
+#, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "перервано Ñпробу Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ %s Ð´Ð»Ñ %s зі Ñтаном %i\n"
+
+#: tools/symcryptrun.c:288
+#, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "невдала Ñпроба Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ %s Ð´Ð»Ñ %s зі Ñтаном %i\n"
+
+#: tools/symcryptrun.c:314
+#, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "не вдалоÑÑ Ñтворити тимчаÑовий каталог «%s»: %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "не вдалоÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸ %s Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñу: %s\n"
+
+#: tools/symcryptrun.c:382
+#, c-format
+msgid "error writing to %s: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ð·Ð°Ð¿Ð¸Ñу до %s: %s\n"
+
+#: tools/symcryptrun.c:389
+#, c-format
+msgid "error reading from %s: %s\n"
+msgstr "помилка Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð· %s: %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, c-format
+msgid "error closing %s: %s\n"
+msgstr "помилка під Ñ‡Ð°Ñ Ñпроби закрити %s: %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr "не вказано параметра --program\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr "передбачено підтримку лише --decrypt і --encrypt\n"
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr "параметра --keyfile не передбачено\n"
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr "не вдалоÑÑ Ñ€Ð¾Ð·Ð¼Ñ–Ñтити у пам’ÑÑ‚Ñ– вектор аргументів\n"
+
+#: tools/symcryptrun.c:529
+#, c-format
+msgid "could not create pipe: %s\n"
+msgstr "не вдалоÑÑ Ñтворити канал: %s\n"
+
+#: tools/symcryptrun.c:536
+#, c-format
+msgid "could not create pty: %s\n"
+msgstr "не вдалоÑÑ Ñтворити pty: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr "не вдалоÑÑ Ñтворити відгалуженнÑ: %s\n"
+
+#: tools/symcryptrun.c:580
+#, c-format
+msgid "execv failed: %s\n"
+msgstr "помилка execv: %s\n"
+
+#: tools/symcryptrun.c:609
+#, c-format
+msgid "select failed: %s\n"
+msgstr "помилка select: %s\n"
+
+#: tools/symcryptrun.c:626
+#, c-format
+msgid "read failed: %s\n"
+msgstr "помилка читаннÑ: %s\n"
+
+#: tools/symcryptrun.c:678
+#, c-format
+msgid "pty read failed: %s\n"
+msgstr "помилка Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð· pty: %s\n"
+
+#: tools/symcryptrun.c:730
+#, c-format
+msgid "waitpid failed: %s\n"
+msgstr "помилка waitpid: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr "Ð´Ð¾Ñ‡Ñ–Ñ€Ð½Ñ Ð¿Ñ–Ð´Ð¿Ñ€Ð¾Ð³Ñ€Ð°Ð¼Ð° завершила роботу зі Ñтаном %i\n"
+
+#: tools/symcryptrun.c:799
+#, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "не вдалоÑÑ Ñ€Ð¾Ð·Ð¼Ñ–Ñтити у пам’ÑÑ‚Ñ– Ñ€Ñдок infile: %s\n"
+
+#: tools/symcryptrun.c:812
+#, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "не вдалоÑÑ Ñ€Ð¾Ð·Ð¼Ñ–Ñтити у пам’ÑÑ‚Ñ– Ñ€Ñдок outfile: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr "має бути вказано %s або %s\n"
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr "не вказано клаÑ\n"
+
+#: tools/symcryptrun.c:1022
+#, c-format
+msgid "class %s is not supported\n"
+msgstr "підтримки клаÑу %s не передбачено\n"
+
+#: tools/gpg-check-pattern.c:145
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr ""
+"ВикориÑтаннÑ: gpg-check-pattern [параметри] файл_шаблонів (-h — довідка)\n"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+"СинтакÑиÑ: gpg-check-pattern [параметри] файл_шаблонів\n"
+"Перевірити пароль, вказаний у stdin, за допомогою файла_шаблонів\n"
diff --git a/po/zh_CN.gmo b/po/zh_CN.gmo
new file mode 100644
index 0000000..820c095
--- /dev/null
+++ b/po/zh_CN.gmo
Binary files differ
diff --git a/po/zh_CN.po b/po/zh_CN.po
new file mode 100644
index 0000000..bc5734b
--- /dev/null
+++ b/po/zh_CN.po
@@ -0,0 +1,9056 @@
+# Simplified Chinese(zh-CN) messages for GnuPG
+# Copyright (C) 2006 Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# Meng Jie <zuxyhere@eastday.com>, 2004.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnupg 1.4.4\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2009-07-09 10:03+0200\n"
+"Last-Translator: Meng Jie <zuxyhere@eastday.com>\n"
+"Language-Team: Chinese (simplified) <i18n-translation@lists.linux.net.cn>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Chinese\n"
+"X-Poedit-Country: CHINA\n"
+"X-Poedit-SourceCharset: iso-8859-1\n"
+"X-Poedit-Basepath: d:\\msys\\source\\gnupg-1.4.3\n"
+
+#: agent/call-pinentry.c:244
+#, fuzzy, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "无法存储指纹:%s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr ""
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr ""
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr ""
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+#, fuzzy
+msgid "Quality:"
+msgstr "有效性:%s"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr ""
+
+#: agent/call-pinentry.c:719
+#, fuzzy
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "请输入密ç ï¼šè¿™æ˜¯ä¸€ä¸ªç§˜å¯†çš„å¥å­ \n"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr ""
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+#, fuzzy
+msgid "PIN too long"
+msgstr "列太长"
+
+#: agent/call-pinentry.c:800
+#, fuzzy
+msgid "Passphrase too long"
+msgstr "列太长"
+
+#: agent/call-pinentry.c:808
+#, fuzzy
+msgid "Invalid characters in PIN"
+msgstr "姓åå«æœ‰æ— æ•ˆçš„字符\n"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr ""
+
+#: agent/call-pinentry.c:825
+#, fuzzy
+msgid "Bad PIN"
+msgstr "æŸå的多精度整数(MPI)"
+
+#: agent/call-pinentry.c:826
+#, fuzzy
+msgid "Bad Passphrase"
+msgstr "错误的密ç "
+
+#: agent/call-pinentry.c:863
+#, fuzzy
+msgid "Passphrase"
+msgstr "错误的密ç "
+
+#: agent/command-ssh.c:531
+#, fuzzy, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "ä¸æ”¯æŒä¿æŠ¤æ•£åˆ— %d\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "无法建立‘%s’:%s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "无法打开‘%s’: %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, fuzzy, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "获å–æ–° PIN 时出错:%s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr ""
+
+#: agent/command-ssh.c:1717
+#, fuzzy, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "å–得当å‰å¯†é’¥ä¿¡æ¯æ—¶å‡ºé”™ï¼š%s\n"
+
+#: agent/command-ssh.c:1737
+#, fuzzy, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "找ä¸åˆ°å¯å†™çš„ç§é’¥é’¥åŒ™çŽ¯ï¼š%s\n"
+
+#: agent/command-ssh.c:1787
+#, fuzzy, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "无法读出公钥:%s\n"
+
+#: agent/command-ssh.c:1802
+#, fuzzy, c-format
+msgid "error writing key: %s\n"
+msgstr "写入钥匙环‘%s’时出错: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr ""
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr ""
+
+#: agent/command-ssh.c:2155
+#, fuzzy, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "请输入密ç ï¼šè¿™æ˜¯ä¸€ä¸ªç§˜å¯†çš„å¥å­ \n"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+#, fuzzy
+msgid "Please re-enter this passphrase"
+msgstr "更改密ç "
+
+#: agent/command-ssh.c:2509
+#, fuzzy, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr "请输入密ç ï¼šè¿™æ˜¯ä¸€ä¸ªç§˜å¯†çš„å¥å­ \n"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr ""
+
+#: agent/command-ssh.c:3054
+#, fuzzy, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "%s:建立散列表失败:%s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+#, fuzzy
+msgid "Please insert the card with serial number"
+msgstr ""
+"请å–出当å‰çš„å¡ï¼Œå¹¶æ’入有下列åºåˆ—å·çš„å¡ï¼š\n"
+" %.*s\n"
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+#, fuzzy
+msgid "Please remove the current card and insert the one with serial number"
+msgstr ""
+"请å–出当å‰çš„å¡ï¼Œå¹¶æ’入有下列åºåˆ—å·çš„å¡ï¼š\n"
+" %.*s\n"
+
+#: agent/divert-scd.c:200
+#, fuzzy
+msgid "Admin PIN"
+msgstr "|A|管ç†å‘˜ PIN"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr ""
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr ""
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr ""
+
+#: agent/divert-scd.c:287
+#, fuzzy
+msgid "Repeat this Reset Code"
+msgstr "å†æ¬¡è¾“入此 PIN:"
+
+#: agent/divert-scd.c:289
+#, fuzzy
+msgid "Repeat this PUK"
+msgstr "å†æ¬¡è¾“入此 PIN:"
+
+#: agent/divert-scd.c:290
+#, fuzzy
+msgid "Repeat this PIN"
+msgstr "å†æ¬¡è¾“入此 PIN:"
+
+#: agent/divert-scd.c:295
+#, fuzzy
+msgid "Reset Code not correctly repeated; try again"
+msgstr "PIN å†æ¬¡è¾“入时与首次输入ä¸ç¬¦ï¼›è¯·å†è¯•ä¸€æ¬¡"
+
+#: agent/divert-scd.c:297
+#, fuzzy
+msgid "PUK not correctly repeated; try again"
+msgstr "PIN å†æ¬¡è¾“入时与首次输入ä¸ç¬¦ï¼›è¯·å†è¯•ä¸€æ¬¡"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "PIN å†æ¬¡è¾“入时与首次输入ä¸ç¬¦ï¼›è¯·å†è¯•ä¸€æ¬¡"
+
+#: agent/divert-scd.c:310
+#, fuzzy, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, fuzzy, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "生æˆå¯†ç çš„时候å‘生错误:%s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, fuzzy, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "%s:写入目录记录时出错:%s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+#, fuzzy
+msgid "Enter new passphrase"
+msgstr "请输入密ç \n"
+
+#: agent/genkey.c:167
+#, fuzzy
+msgid "Take this one anyway"
+msgstr "无论如何还是使用这把密钥å—?(y/N)"
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr ""
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr ""
+
+#: agent/genkey.c:308
+#, fuzzy, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr ""
+"您需è¦ä¸€ä¸ªå¯†ç æ¥ä¿æŠ¤æ‚¨çš„ç§é’¥ã€‚\n"
+"\n"
+
+#: agent/genkey.c:431
+#, fuzzy
+msgid "Please enter the new passphrase"
+msgstr "更改密ç "
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+#, fuzzy
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@\n"
+"选项:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr ""
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr ""
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "详细模å¼"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "å°½é‡å‡å°‘æ示信æ¯"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr ""
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+#, fuzzy
+msgid "|FILE|read options from FILE"
+msgstr "从‘%s’读å–选项\n"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr ""
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr ""
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+#, fuzzy
+msgid "use a log file for the server"
+msgstr "在公钥æœåŠ¡å™¨ä¸Šæœå¯»å¯†é’¥"
+
+#: agent/gpg-agent.c:138
+#, fuzzy
+msgid "use a standard location for the socket"
+msgstr "为所选用户标识的设定注记"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr ""
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr ""
+
+#: agent/gpg-agent.c:145
+#, fuzzy
+msgid "do not use the SCdaemon"
+msgstr "导入åŽä¸æ›´æ–°ä¿¡ä»»åº¦æ•°æ®åº“"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr ""
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr ""
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr ""
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr ""
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr ""
+
+#: agent/gpg-agent.c:179
+#, fuzzy
+msgid "allow presetting passphrase"
+msgstr "生æˆå¯†ç çš„时候å‘生错误:%s\n"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr ""
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr ""
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr ""
+"è¯·å‘ <@EMAIL@> 报告程åºç¼ºé™·ã€‚\n"
+"è¯·å‘ <zuxyhere@eastday.com> å映简体中文翻译的问题。\n"
+
+#: agent/gpg-agent.c:342
+#, fuzzy
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "用法: gpg [选项] [文件] (用 -h 求助)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr ""
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr ""
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "注æ„:没有默认é…置文件‘%s’\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "é…置文件‘%s’:%s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "从‘%s’读å–选项\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "建立‘%s’时å‘生错误:%s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "无法建立目录‘%s’:%s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, fuzzy, c-format
+msgid "can't create socket: %s\n"
+msgstr "无法建立‘%s’:%s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1525
+#, fuzzy
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "gpg-agent 在此次èˆè¯ä¸­æ— æ³•ä½¿ç”¨\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+#, fuzzy
+msgid "error getting nonce for the socket\n"
+msgstr "获å–æ–° PIN 时出错:%s\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, fuzzy, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "在‘%s’中寻找信任度记录时出错:%s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, fuzzy, c-format
+msgid "listen() failed: %s\n"
+msgstr "更新失败:%s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, fuzzy, c-format
+msgid "listening on socket `%s'\n"
+msgstr "正在将ç§é’¥å†™è‡³`%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "已创建目录‘%s’\n"
+
+#: agent/gpg-agent.c:1640
+#, fuzzy, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "fstat(%d) 在 %s 中出错:%s\n"
+
+#: agent/gpg-agent.c:1644
+#, fuzzy, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "无法建立目录‘%s’:%s\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, fuzzy, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "读å–‘%s’时出错:%s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr ""
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, fuzzy, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "æ›´æ–°ç§é’¥å¤±è´¥ï¼š%s\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, fuzzy, c-format
+msgid "%s %s stopped\n"
+msgstr "%s:已跳过:%s\n"
+
+#: agent/gpg-agent.c:2232
+#, fuzzy
+msgid "no gpg-agent running in this session\n"
+msgstr "gpg-agent 在此次èˆè¯ä¸­æ— æ³•ä½¿ç”¨\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "GPG_AGENT_INFO 环境å˜é‡æ ¼å¼é”™è¯¯\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "ä¸æ”¯æŒ gpg-agent å议版本 %d\n"
+
+#: agent/preset-passphrase.c:98
+#, fuzzy
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "用法: gpg [选项] [文件] (用 -h 求助)"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@指令:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"选项:\n"
+" "
+
+#: agent/protect-tool.c:166
+#, fuzzy
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "用法: gpg [选项] [文件] (用 -h 求助)"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+
+#: agent/protect-tool.c:1162
+#, fuzzy
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "请输入密ç ï¼šè¿™æ˜¯ä¸€ä¸ªç§˜å¯†çš„å¥å­ \n"
+
+#: agent/protect-tool.c:1167
+#, fuzzy
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "请输入密ç ï¼šè¿™æ˜¯ä¸€ä¸ªç§˜å¯†çš„å¥å­ \n"
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr ""
+
+#: agent/protect-tool.c:1178
+#, fuzzy
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr "请输入密ç ï¼šè¿™æ˜¯ä¸€ä¸ªç§˜å¯†çš„å¥å­ \n"
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+#, fuzzy
+msgid "Passphrase:"
+msgstr "错误的密ç "
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+#, fuzzy
+msgid "cancelled\n"
+msgstr "å·²å–消"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, fuzzy, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "生æˆå¯†ç çš„时候å‘生错误:%s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, fuzzy, c-format
+msgid "error opening `%s': %s\n"
+msgstr "‘%s’中出错:%s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, fuzzy, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "é…置文件‘%s’:%s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:185
+#, fuzzy, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "ç§é’¥éƒ¨åˆ†ä¸å¯ç”¨\n"
+
+#: agent/trustlist.c:229
+#, fuzzy, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "读å–‘%s’错误:%s\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr ""
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, fuzzy, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "读å–‘%s’时出错:%s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr ""
+
+#: agent/trustlist.c:620 common/audit.c:467
+#, fuzzy
+msgid "Yes"
+msgstr "yes"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr ""
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr ""
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr ""
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr ""
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr ""
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr ""
+
+#: agent/findkey.c:187 agent/findkey.c:194
+#, fuzzy
+msgid "Change passphrase"
+msgstr "更改密ç "
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr ""
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, fuzzy, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "生æˆå¯†ç çš„时候å‘生错误:%s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, fuzzy, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "无法打开有签åçš„æ•°æ®â€˜%s’\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, fuzzy, c-format
+msgid "error forking process: %s\n"
+msgstr "读å–‘%s’时出错:%s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr ""
+
+#: common/exechelp.c:819
+#, fuzzy, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "å–得当å‰å¯†é’¥ä¿¡æ¯æ—¶å‡ºé”™ï¼š%s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, fuzzy, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "读å–‘%s’时出错:%s\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr ""
+
+#: common/exechelp.c:885
+#, fuzzy, c-format
+msgid "error running `%s': terminated\n"
+msgstr "读å–‘%s’时出错:%s\n"
+
+#: common/http.c:1674
+#, fuzzy, c-format
+msgid "error creating socket: %s\n"
+msgstr "建立‘%s’时å‘生错误:%s\n"
+
+#: common/http.c:1718
+#, fuzzy
+msgid "host not found"
+msgstr "[找ä¸åˆ°ç”¨æˆ·æ ‡è¯†]"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent 在此次èˆè¯ä¸­æ— æ³•ä½¿ç”¨\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "无法连接至‘%s’:%s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr ""
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr ""
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+#, fuzzy
+msgid "canceled by user\n"
+msgstr "用户å–消\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+#, fuzzy
+msgid "problem with the agent\n"
+msgstr "代ç†ç¨‹åºæœ‰é—®é¢˜â€•â€•æ­£åœ¨åœç”¨ä»£ç†ç¨‹åº\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "无法ç¦ç”¨æ ¸å¿ƒå†…存转储:%s\n"
+
+#: common/sysutils.c:200
+#, fuzzy, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "警告:扩展模å—‘%s’所有æƒä¸å®‰å…¨\n"
+
+#: common/sysutils.c:232
+#, fuzzy, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "警告:扩展模å—‘%s’æƒé™ä¸å®‰å…¨\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "yes"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "yY"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "no"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "quit"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "qQ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr "okay|ok"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr "cancel|cancel"
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr "oO"
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr "cC"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr ""
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr ""
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr ""
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr ""
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr ""
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr ""
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr ""
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr ""
+
+#: common/audit.c:481
+#, fuzzy
+msgid "|audit-log-result|No certificate"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: common/audit.c:483
+#, fuzzy
+msgid "|audit-log-result|Not enabled"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr ""
+
+#: common/audit.c:487
+#, fuzzy
+msgid "|audit-log-result|Not used"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: common/audit.c:489
+#, fuzzy
+msgid "|audit-log-result|Okay"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: common/audit.c:491
+#, fuzzy
+msgid "|audit-log-result|Skipped"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: common/audit.c:493
+#, fuzzy
+msgid "|audit-log-result|Some"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: common/audit.c:726
+#, fuzzy
+msgid "Certificate chain available"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: common/audit.c:733
+#, fuzzy
+msgid "root certificate missing"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr ""
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+#, fuzzy
+msgid "Data available"
+msgstr "列出所有å¯ç”¨æ•°æ®"
+
+#: common/audit.c:767
+#, fuzzy
+msgid "Session key created"
+msgstr "%s:钥匙环已建立\n"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, fuzzy, c-format
+msgid "algorithm: %s"
+msgstr "有效性:%s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, fuzzy, c-format
+msgid "unsupported algorithm: %s"
+msgstr ""
+"\n"
+"支æŒçš„算法:\n"
+
+#: common/audit.c:778 common/audit.c:925
+#, fuzzy
+msgid "seems to be not encrypted"
+msgstr "未被加密"
+
+#: common/audit.c:784 common/audit.c:933
+#, fuzzy
+msgid "Number of recipients"
+msgstr "当å‰æ”¶ä»¶äººï¼š\n"
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr ""
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr ""
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, fuzzy, c-format
+msgid "data hash algorithm: %s"
+msgstr "无效的‘%s’散列算法\n"
+
+#: common/audit.c:862
+#, fuzzy, c-format
+msgid "Signer %d"
+msgstr "ç­¾å建立于 %s\n"
+
+#: common/audit.c:866 common/audit.c:1065
+#, fuzzy, c-format
+msgid "attr hash algorithm: %s"
+msgstr "无效的‘%s’散列算法\n"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr ""
+
+#: common/audit.c:910
+#, fuzzy
+msgid "Encryption algorithm supported"
+msgstr "ä¿æŠ¤ç®—法 %d%s 未被支æŒ\n"
+
+#: common/audit.c:993
+#, fuzzy
+msgid "Data verification succeeded"
+msgstr "ç­¾å验è¯å·²è¢«æŠ‘制\n"
+
+#: common/audit.c:1002
+#, fuzzy
+msgid "Signature available"
+msgstr "ç­¾å建立于 %s\n"
+
+#: common/audit.c:1024
+#, fuzzy
+msgid "Parsing data succeeded"
+msgstr "未找到签å\n"
+
+#: common/audit.c:1036
+#, fuzzy, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "无效的‘%s’散列算法\n"
+
+#: common/audit.c:1051
+#, fuzzy, c-format
+msgid "Signature %d"
+msgstr "ç­¾å建立于 %s\n"
+
+#: common/audit.c:1079
+#, fuzzy
+msgid "Certificate chain valid"
+msgstr "这把密钥已ç»è¿‡æœŸï¼"
+
+#: common/audit.c:1090
+#, fuzzy
+msgid "Root certificate trustworthy"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: common/audit.c:1111 sm/certchain.c:935
+#, fuzzy
+msgid "no CRL found for certificate"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: common/audit.c:1114 sm/certchain.c:945
+#, fuzzy
+msgid "the available CRL is too old"
+msgstr "å¯ç”¨çš„密钥在:"
+
+#: common/audit.c:1119
+#, fuzzy
+msgid "CRL/OCSP check of certificates"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: common/audit.c:1139
+#, fuzzy
+msgid "Included certificates"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr ""
+
+#: common/audit.c:1243
+#, fuzzy
+msgid "Unknown operation"
+msgstr "未知的版本"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr ""
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr ""
+
+#: common/audit.c:1307
+#, fuzzy, c-format
+msgid "No help available for `%s'."
+msgstr "‘%s’没有å¯ç”¨çš„帮助"
+
+#: common/helpfile.c:80
+#, fuzzy
+msgid "ignoring garbage line"
+msgstr "结尾行有问题\n"
+
+#: common/gettime.c:503
+#, fuzzy
+msgid "[none]"
+msgstr "[未设定]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "ASCII å°è£…:%s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "无效的 ASCII å°è£…头:"
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "ASCII å°è£…头:"
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "无效的明文签å头\n"
+
+#: g10/armor.c:455
+#, fuzzy
+msgid "unknown armor header: "
+msgstr "ASCII å°è£…头:"
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "多层明文签å\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "与预期ä¸ç¬¦çš„ ASCII å°è£…:"
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "以连字符开头的行格å¼é”™è¯¯ï¼š"
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "跳过无效的 64 进制字符 %02x\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "文件先于预期结æŸ(没有 CRC 部分)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "文件先于预期结æŸ(CRC 部分未结æŸ)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "异常的 CRC\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "CRC 错误:%06lx - %06lx\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "文件先于预期结æŸ(于结尾处)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "结尾行有问题\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "找ä¸åˆ°æœ‰æ•ˆçš„ OpenPGP æ•°æ®ã€‚\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "无效的 ASCII å°è£…:一行超过 %d 字符\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr "å°è£…里出现括上的å¯æ‰“å°å­—符――å¯èƒ½æ˜¯æœ‰ç¼ºé™·çš„信件传输程åºé€ æˆçš„\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr ""
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr ""
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr ""
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr ""
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+#, fuzzy
+msgid "WARNING: invalid notation data found\n"
+msgstr "找ä¸åˆ°æœ‰æ•ˆçš„ OpenPGP æ•°æ®ã€‚\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr ""
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "OpenPGP å¡ä¸å¯ç”¨ï¼š%s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "检测到 OpenPGP å¡å· %s\n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "在批处ç†æ¨¡å¼ä¸­æ— æ³•å®Œæˆæ­¤æ“作\n"
+
+#: g10/card-util.c:106
+#, fuzzy
+msgid "This command is only available for version 2 cards\n"
+msgstr "在 %s 模å¼ä¸­ä¸å…许使用这个指令。\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+#, fuzzy
+msgid "Reset Code not or not anymore available\n"
+msgstr "ç§é’¥éƒ¨åˆ†ä¸å¯ç”¨\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "您的选择? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[未设定]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "男性"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "女性"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "未定义"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "å¯é€‰"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "å¿…é¡»"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "错误:目å‰åªå…许使用 ASCII 字符。\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "错误:ä¸èƒ½ä½¿ç”¨å­—符“<â€ã€‚\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "错误:ä¸å…许出现两个空格。\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "å¡æŒæœ‰äººçš„姓:"
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "å¡æŒæœ‰äººçš„å:"
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "错误:åˆæˆçš„姓å太长(至多 %d 个字符)。\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "获å–公钥的 URL:"
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "错误:URL 太长(至多 %d 个字符)\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, fuzzy, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "建立钥匙环‘%s’时å‘生错误:%s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "读å–‘%s’时出错:%s\n"
+
+#: g10/card-util.c:839
+#, fuzzy, c-format
+msgid "error writing `%s': %s\n"
+msgstr "写入钥匙环‘%s’时出错: %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "登录数æ®(å¸å·å):"
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "错误:登录数æ®å¤ªé•¿(至多 %d 个字符)。\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr "个人 DO æ•°æ®ï¼š"
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "错误:个人 DO 太长(至多 %d 个字符)。\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "首选语言:"
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "错误:首选项字符串长度无效。\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "错误:首选项字符串里有无效字符。\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "性别(男性输入 M,女性输入 F,ä¸æŒ‡å®šè¾“入空格):"
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "错误:无效的å“应。\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "CA 指纹:"
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "错误:指纹格å¼æ— æ•ˆã€‚\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "针对密钥的æ“作无法实现:%s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "ä¸æ˜¯ä¸€ä¸ª OpenPGP å¡"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "å–得当å‰å¯†é’¥ä¿¡æ¯æ—¶å‡ºé”™ï¼š%s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "替æ¢å·²æœ‰çš„密钥?(y/N)"
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+
+#: g10/card-util.c:1295
+#, fuzzy, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "您想è¦ç”¨å¤šå¤§çš„密钥尺寸?(%u)"
+
+#: g10/card-util.c:1297
+#, fuzzy, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "您想è¦ç”¨å¤šå¤§çš„密钥尺寸?(%u)"
+
+#: g10/card-util.c:1298
+#, fuzzy, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "您想è¦ç”¨å¤šå¤§çš„密钥尺寸?(%u)"
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "èˆå…¥åˆ° %u ä½\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "%s 密钥尺寸必须在 %u 与 %u 间\n"
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr ""
+
+#: g10/card-util.c:1342
+#, fuzzy, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "在‘%s’中寻找信任度记录时出错:%s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "是å¦ä¸ºåŠ å¯†å¯†é’¥åˆ›å»ºå¡å¤–的备份?(Y/n)"
+
+#: g10/card-util.c:1378
+#, fuzzy
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "ç§é’¥å·²å­˜å‚¨åœ¨å¡ä¸Š\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "替æ¢å·²æœ‰çš„密钥?(y/N)"
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"请注æ„,PIN 在出厂时被设置为:\n"
+" PIN = ‘%s’ 管ç†å‘˜ PIN = ‘%s’\n"
+"您应当使用 --change-pin 命令æ¥æ›´æ”¹å®ƒä»¬\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "请选择您è¦ä½¿ç”¨çš„密钥ç§ç±»ï¼š\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) ç­¾å密钥\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) 加密密钥\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) 认è¯å¯†é’¥\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "无效的选择。\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "请选择在哪里存储密钥:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "ä¸æ”¯æŒçš„密钥ä¿æŠ¤ç®—法\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "ç§é’¥éƒ¨åˆ†ä¸å¯ç”¨\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "ç§é’¥å·²å­˜å‚¨åœ¨å¡ä¸Š\n"
+
+#: g10/card-util.c:1623
+#, fuzzy, c-format
+msgid "error writing key to card: %s\n"
+msgstr "写入钥匙环‘%s’时出错: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "离开这个èœå•"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "显示管ç†å‘˜å‘½ä»¤"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "显示这份在线说明"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "列出所有å¯ç”¨æ•°æ®"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "更改å¡æŒæœ‰äººçš„姓å"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "更改获å–密钥的 URL"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "æ ¹æ®å¡ä¸­æŒ‡å®šçš„ URL 获å–密钥"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "更改登录å"
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "更改首选语言首选"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "更改å¡æŒæœ‰äººçš„性别"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "更改一个 CA 指纹"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr "设定 PIN ç­¾å是å¦å¿…é¡»"
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "生æˆæ–°çš„密钥"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "æ›´æ”¹æˆ–è§£é” PIN çš„èœå•"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr "éªŒè¯ PIN 并列出所有数æ®"
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr ""
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr ""
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "仅供管ç†å‘˜ä½¿ç”¨çš„命令\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "å…许使用管ç†å‘˜å‘½ä»¤\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "ä¸å…许使用管ç†å‘˜å‘½ä»¤\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "无效的指令(å°è¯•â€œhelpâ€)\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output 在这个命令中ä¸èµ·ä½œç”¨\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "无法打开‘%s’\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "密钥‘%s’找ä¸åˆ°ï¼š%s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "读å–密钥区å—æ—¶å‘生错误:%s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(除éžæ‚¨ç”¨æŒ‡çº¹æŒ‡å®šå¯†é’¥)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "在批处ç†æ¨¡å¼ä¸­ï¼Œæ²¡æœ‰â€œ--yesâ€å°±æ— æ³•è¿™ä¹ˆåš\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "è¦ä»Žé’¥åŒ™çŽ¯é‡Œåˆ é™¤è¿™æŠŠå¯†é’¥å—?(y/N)"
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "这是一把ç§é’¥ï¼â€•â€•çœŸçš„è¦åˆ é™¤å—?(y/N)"
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "删除密钥区å—时失败:%s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "信任度信æ¯å·²è¢«æ¸…除\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "公钥“%sâ€æœ‰å¯¹åº”çš„ç§é’¥ï¼\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "请先使用“--delete-secret-keysâ€é€‰é¡¹æ¥åˆ é™¤å®ƒã€‚\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "生æˆå¯†ç çš„时候å‘生错误:%s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "在此 S2K 模å¼ä¸‹æ— æ³•ä½¿ç”¨å¯¹ç§°çš„ ESK 包\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "使用对称加密算法 %s\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "‘%s’已被压缩\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "警告:‘%s’是一个空文件\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr "在 --pgp2 模å¼ä¸­ï¼Œæ‚¨åªèƒ½ä½¿ç”¨ 2048 ä½åŠä»¥ä¸‹çš„ RSA 密钥加密\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "正在从‘%s’读å–\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr "您正è¦ç”¨æ¥åŠ å¯†çš„所有密钥都ä¸èƒ½ä½¿ç”¨ IDEA 算法。\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "警告:强行使用的 %s (%d)对称加密算法ä¸åœ¨æ”¶ä»¶è€…的首选项中\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr "警告:强行使用的 %s (%d)压缩算法ä¸åœ¨æ”¶ä»¶è€…的首选项中\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "强行使用的 %s (%d)对称加密算法ä¸åœ¨æ”¶ä»¶è€…的首选项中\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "您ä¸è¯¥å°† %s 用于 %s 模å¼ä¸­\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s å·²ç»åŠ å¯†ç»™ï¼šâ€œ%sâ€\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s 加密过的数æ®\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "以未知的算法 %d 加密\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr "警告:报文被使用对称加密算法的弱密钥加密。\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "处ç†åŠ å¯†åŒ…有问题\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "ä¸æ”¯æŒè¿œç¨‹è°ƒç”¨\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr "由于é…置文件æƒé™ä¸å®‰å…¨ï¼Œå¤–部程åºè°ƒç”¨è¢«ç¦ç”¨\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr "在这个æ“作平å°ä¸Šè°ƒç”¨å¤–部程åºæ—¶éœ€è¦ä¸´æ—¶æ–‡ä»¶\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "无法执行程åºâ€˜%s’:%s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "无法在命令解释环境中执行‘%s’:%s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "调用外部程åºæ—¶å‘生系统错误:%s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "外部程åºå¼‚常退出\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "无法执行外部程åº\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "无法读å–外部程åºå“应:%s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "警告:无法删除临时文件(%s)‘%s’:%s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "警告:无法删除临时目录‘%s’:%s\n"
+
+#: g10/export.c:61
+msgid "export signatures that are marked as local-only"
+msgstr "导出被标记为局部的密å"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr "导出属性用户标识(一般为照片标识)"
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "导出被标记为“æ•æ„Ÿâ€çš„åŠé”€å¯†é’¥"
+
+#: g10/export.c:67
+msgid "remove the passphrase from exported subkeys"
+msgstr "从导出的å­é’¥ä¸­åˆ é™¤æ‰€æœ‰å¯†ç "
+
+#: g10/export.c:69
+msgid "remove unusable parts from key during export"
+msgstr "导出时清除密钥中的ä¸å¯ç”¨éƒ¨åˆ†"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr "导出时尽å¯èƒ½æ¸…除密钥中的å¯é€‰éƒ¨åˆ†"
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr ""
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "ä¸å…许导出ç§é’¥\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "密钥 %s:未被ä¿æŠ¤â€•â€•å·²è·³è¿‡\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "密钥 %s:PGP 2.x æ ·å¼çš„密钥――已跳过\n"
+
+#: g10/export.c:386
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "密钥 %s:密钥在å¡ä¸Šâ€”—已跳过\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr "准备导出一把ä¸å—ä¿æŠ¤çš„å­é’¥\n"
+
+#: g10/export.c:560
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "无法å–消ä¿æŠ¤å­é’¥ï¼š%s\n"
+
+# I hope this warning doesn't confuse people.
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "警告:ç§é’¥ %s ä¸å­˜åœ¨ç®€å• SK 检验和\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "警告:没有导出任何东西\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "pk 缓存里项目太多――已ç¦ç”¨\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[找ä¸åˆ°ç”¨æˆ·æ ‡è¯†]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr "自动获å–‘%s’,通过 %s\n"
+
+#: g10/getkey.c:1118
+#, fuzzy, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "建立‘%s’时å‘生错误:%s\n"
+
+#: g10/getkey.c:1120
+#, fuzzy
+msgid "No fingerprint"
+msgstr "CA 指纹:"
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr "--allow-non-selfsigned-uid 使无效密钥 %s 生效\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "公钥 %s 没有相对应的ç§é’¥â€•â€•å¿½ç•¥\n"
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "使用å­é’¥ %s 而éžä¸»é’¥ %s\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "密钥 %s:无相应公钥的ç§é’¥â€•â€•å·²è·³è¿‡\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+#, fuzzy
+msgid "make a signature"
+msgstr "|[文件å]|生æˆä¸€ä»½ç­¾å"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+#, fuzzy
+msgid "make a clear text signature"
+msgstr "|[文件å]|生æˆä¸€ä»½æ˜Žæ–‡ç­¾å"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "生æˆä¸€ä»½åˆ†ç¦»çš„ç­¾å"
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "加密数æ®"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "仅使用对称加密"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "解密数æ®(默认)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "验è¯ç­¾å"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "列出密钥"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "列出密钥和签å"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "列出并检查密钥签å"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "列出密钥和指纹"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "列出ç§é’¥"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "生æˆä¸€å‰¯æ–°çš„密钥对"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "生æˆä¸€ä»½åŠé”€è¯ä¹¦"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "从公钥钥匙环里删除密钥"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "从ç§é’¥é’¥åŒ™çŽ¯é‡Œåˆ é™¤å¯†é’¥"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "为æŸæŠŠå¯†é’¥æ·»åŠ ç­¾å"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "为æŸæŠŠå¯†é’¥æ·»åŠ æœ¬åœ°ç­¾å"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "编辑æŸæŠŠå¯†é’¥æˆ–为其添加签å"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+#, fuzzy
+msgid "change a passphrase"
+msgstr "更改密ç "
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "导出密钥"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "把密钥导出到æŸä¸ªå…¬é’¥æœåŠ¡å™¨ä¸Š"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "从公钥æœåŠ¡å™¨ä¸Šå¯¼å…¥å¯†é’¥"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "在公钥æœåŠ¡å™¨ä¸Šæœå¯»å¯†é’¥"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "从公钥æœåŠ¡å™¨æ›´æ–°æ‰€æœ‰çš„本地密钥"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "导入/åˆå¹¶å¯†é’¥"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "打å°å¡çŠ¶æ€"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "更改å¡ä¸Šçš„æ•°æ®"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "更改å¡çš„ PIN"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "更新信任度数æ®åº“"
+
+#: g10/gpg.c:436
+#, fuzzy
+msgid "print message digests"
+msgstr "|算法 [文件]|使用指定的散列算法打å°æŠ¥æ–‡æ•£åˆ—值"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr ""
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "è¾“å‡ºç» ASCII å°è£…"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+#, fuzzy
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|æŸç”²|为收件者“æŸç”²â€åŠ å¯†"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+#, fuzzy
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "使用这个用户标识æ¥ç­¾å或解密"
+
+#: g10/gpg.c:462
+#, fuzzy
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|设定压缩等级为 N (0 表示ä¸åŽ‹ç¼©)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "使用标准的文本模å¼"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+#, fuzzy
+msgid "|FILE|write output to FILE"
+msgstr "从‘%s’读å–选项\n"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "ä¸åšä»»ä½•æ”¹å˜"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "覆盖å‰å…ˆè¯¢é—®"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "行为严格éµå¾ª OpenPGP 定义"
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(请å‚考在线说明以获得所有命令和选项的完整清å•)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"范例:\n"
+"\n"
+" -se -r Bob [文件å] 为 Bob 这个收件人签ååŠåŠ å¯†\n"
+" --clearsign [文件å] åšå‡ºæ˜Žæ–‡ç­¾å\n"
+" --detach-sign [文件å] åšå‡ºåˆ†ç¦»å¼ç­¾å\n"
+" --list-keys [æŸç”²] 显示密钥\n"
+" --fingerprint [æŸç”²] 显示指纹\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "用法: gpg [选项] [文件] (用 -h 求助)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"语法:gpg [选项] [文件å]\n"
+"ç­¾åã€æ£€æŸ¥ã€åŠ å¯†æˆ–解密\n"
+"默认的æ“作ä¾è¾“入数æ®è€Œå®š\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"支æŒçš„算法:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "公钥:"
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "对称加密:"
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "散列:"
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "压缩:"
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "用法:gpg [选项] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "冲çªçš„指令\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "在‘%s’组定义里找ä¸åˆ°ç­‰å·(=)\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "警告:用户目录‘%s’所有æƒä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "警告:é…置文件‘%s’所有æƒä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "警告:扩展模å—‘%s’所有æƒä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "警告:用户目录‘%s’æƒé™ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "警告:é…置文件‘%s’æƒé™ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "警告:扩展模å—‘%s’æƒé™ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "警告:用户目录‘%s’的关闭目录所有æƒä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr "警告:é…置文件‘%s’的关闭目录所有æƒä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "警告:扩展模å—‘%s’的关闭目录所有æƒä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "警告:用户目录‘%s’的关闭目录æƒé™ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr "警告:é…置文件‘%s’的关闭目录æƒé™ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "警告:扩展模å—‘%s’的关闭目录æƒé™ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "未知的é…置项‘%s’\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr "列出密钥时显示用户标识"
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr "列出签å时显示策略 URL"
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr "列出签å时显示 IETF 标准注记"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr "列出签å时显示 IETF 标准注记"
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr "列出签å时显示用户æ供的注记"
+
+#: g10/gpg.c:1711
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "列出密钥时显示首选公钥æœåŠ¡å™¨ URL"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr "列出密钥时显示用户标识的有效性"
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr "列出密钥时显示已åŠé”€æˆ–已过期的用户标识"
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr "列出密钥时显示已åŠé”€æˆ–已过期的å­é’¥"
+
+#: g10/gpg.c:1719
+msgid "show the keyring name in key listings"
+msgstr "列出密钥时显示钥匙环的å称"
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr "列出签å时显示过期日期"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "注æ„:旧å¼çš„默认é…置文件‘%s’已被忽略\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr ""
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "注æ„:一般情况下ä¸ä¼šç”¨åˆ° %sï¼\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "‘%s’ä¸æ˜¯ä¸€ä¸ªæœ‰æ•ˆçš„ç­¾å过期日期\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "‘%s’ä¸æ˜¯ä¸€ä¸ªæœ‰æ•ˆçš„字符集\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "无法解æžå…¬é’¥æœåŠ¡å™¨ URL\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d:无效的公钥æœåŠ¡å™¨é€‰é¡¹\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "无效的公钥æœåŠ¡å™¨é€‰é¡¹\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d:无效的导入选项\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "无效的导入选项\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d:无效的导出选项\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "无效的导出选项\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d:无效的列表选项\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "无效的列表选项\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr "验è¯ç­¾å时显示照片标识"
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr "验è¯ç­¾å时显示策略 URL"
+
+#: g10/gpg.c:2704
+msgid "show all notations during signature verification"
+msgstr "验è¯ç­¾å时显示所有注记"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr "验è¯ç­¾å时显示 IETF 标准注记"
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr "验è¯ç­¾å时显示用户æ供的注记"
+
+#: g10/gpg.c:2712
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "验è¯ç­¾å时显示首选公钥æœåŠ¡å™¨ URL"
+
+#: g10/gpg.c:2714
+msgid "show user ID validity during signature verification"
+msgstr "验è¯ç­¾å时显示用户标识的有效性"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr "验è¯å¯†é’¥æ—¶æ˜¾ç¤ºå·²åŠé”€æˆ–已过期的å­é’¥"
+
+#: g10/gpg.c:2718
+#, fuzzy
+msgid "show only the primary user ID in signature verification"
+msgstr "验è¯å¯†é’¥æ—¶æ˜¾ç¤ºå·²åŠé”€æˆ–已过期的å­é’¥"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr "使用 PKA æ•°æ®éªŒè¯ç­¾å的有效性"
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr "æå‡å¸¦æœ‰æœ‰æ•ˆ PKA æ•°æ®çš„ç­¾å的信任度"
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d:无效的校验选项\n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "无效的校验选项\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "无法把è¿è¡Œè·¯å¾„è®¾æˆ %s\n"
+
+#: g10/gpg.c:2925
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d:无效的 auto-key-locate 清å•\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr "无效的 auto-key-locate 清å•\n"
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "警告:程åºå¯èƒ½ä¼šåˆ›å»ºæ ¸å¿ƒå†…存转储ï¼\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "警告:%s 会使得 %s 失效\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s ä¸å¯ä¸Ž %s 并用\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s 与 %s 并用无æ„义ï¼\n"
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "ä¸ä¼šåœ¨å†…å­˜ä¸å®‰å…¨çš„情况下è¿è¡Œï¼ŒåŽŸå› æ˜¯ %s\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "您åªæœ‰åœ¨ --pgp2 模å¼ä¸‹æ‰èƒ½åšåˆ†ç¦»å¼æˆ–明文签å\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "您在 --pgp2 模å¼ä¸‹æ—¶ï¼Œä¸èƒ½åŒæ—¶ç­¾å和加密\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "å¯ç”¨ --pgp2 时您应该åªä½¿ç”¨æ–‡ä»¶ï¼Œè€Œéžç®¡é“\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "在 --pgp2 模å¼ä¸‹åŠ å¯†æŠ¥æ–‡éœ€è¦ IDEA 算法\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "所选的对称加密算法无效\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "所选的散列算法无效\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "所选的压缩算法无效\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "所选的è¯ä¹¦æ•£åˆ—算法无效\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "需è¦çš„完全å¯ä¿¡ç­¾å数一定è¦å¤§äºŽ 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "需è¦çš„勉强å¯ä¿¡ç­¾å数一定è¦å¤§äºŽ 1\n"
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "最大验è¯æ·±åº¦ä¸€å®šè¦ä»‹äºŽ 1 å’Œ 255 之间\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "无效的默认验è¯çº§åˆ«ï¼›ä¸€å®šè¦æ˜¯ 0,1,2 或 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "无效的最å°éªŒè¯çº§åˆ«ï¼›ä¸€å®šè¦æ˜¯ 1,2 或 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "注æ„:强烈ä¸å»ºè®®ä½¿ç”¨ç®€å•çš„ S2K 模å¼(0)\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "无效的 S2K 模å¼ï¼›å¿…须是 0,1 或 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "无效的默认首选项\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "无效的个人对称加密算法首选项\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "无效的个人散列算法首选项\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "无效的个人压缩算法首选项\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s å°šä¸èƒ½å’Œ %s 并用\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "您ä¸èƒ½åœ¨ %s 模å¼ä¸‹ä½¿ç”¨â€˜%s’对称加密算法\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "您ä¸èƒ½åœ¨ %s 模å¼ä¸‹ä½¿ç”¨â€˜%s’散列算法\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "您ä¸èƒ½åœ¨ %s 模å¼ä¸‹ä½¿ç”¨â€˜%s’压缩算法\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "åˆå§‹åŒ–信任度数æ®åº“失败:%s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr "警告:给定了收件人(-r)但并未使用公钥加密\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [文件å]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [文件å]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "对称加密‘%s’失败:%s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [文件å]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [文件å]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr "使用 --symmetric --encrypt æ—¶ä¸èƒ½ä½¿ç”¨ --s2k-mode 0\n"
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "您ä¸èƒ½åœ¨ %s 模å¼ä¸‹ä½¿ç”¨ --symmetric -encrypt\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [文件å]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [文件å]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [文件å]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr "使用 --symmetric --sign --encrypt æ—¶ä¸èƒ½ä½¿ç”¨ --s2k-mode 0\n"
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "您ä¸èƒ½åœ¨ %s 模å¼ä¸‹ä½¿ç”¨ --symmetric --sign -encrypt\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [文件å]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [文件å]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [文件å]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key 用户标识"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key 用户标识"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key 用户标识 [指令]"
+
+#: g10/gpg.c:3629
+#, fuzzy
+msgid "--passwd <user-id>"
+msgstr "--sign-key 用户标识"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "上传至公钥æœåŠ¡å™¨å¤±è´¥ï¼š%s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "从公钥æœåŠ¡å™¨æŽ¥æ”¶å¤±è´¥ï¼š%s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "导出密钥失败:%s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "æœå¯»å…¬é’¥æœåŠ¡å™¨å¤±è´¥ï¼š%s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "从公钥æœåŠ¡å™¨æ›´æ–°å¤±è´¥ï¼š%s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "解开 ASCII å°è£…失败:%s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "进行 ASCII å°è£…失败:%s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "无效的‘%s’散列算法\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[文件å]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "请开始键入您的报文……\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "给定的的验è¯ç­–ç•¥ URL 无效\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "给定的签åç­–ç•¥ URL 无效\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "给定的首选公钥æœåŠ¡å™¨ URL 无效\n"
+
+#: g10/gpgv.c:74
+#, fuzzy
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "从这个钥匙环里å–用密钥"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "把时间戳矛盾仅视为警告"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|FD|把状æ€ä¿¡æ¯å†™å…¥æ–‡ä»¶æ述符 FD"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "用法:gpgv [选项] [文件] (用 -h 求助)"
+
+#: g10/gpgv.c:119
+#, fuzzy
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"语法:gpg [选项] [文件]\n"
+"用已知的å—信任密钥æ¥æ£€æŸ¥ç­¾å\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "没有å¯ç”¨çš„帮助"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "‘%s’没有å¯ç”¨çš„帮助"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr "导入被标记为局部的签å"
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr "å¯¼å…¥æ—¶ä¿®å¤ PKS 公钥æœåŠ¡å™¨å¯¼è‡´çš„æŸå"
+
+#: g10/import.c:98
+msgid "do not update the trustdb after import"
+msgstr "导入åŽä¸æ›´æ–°ä¿¡ä»»åº¦æ•°æ®åº“"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr "导入ç§é’¥æ—¶åˆ›å»ºå¯¹åº”的公钥"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr "åªæŽ¥å—对已有密钥的更新"
+
+#: g10/import.c:104
+msgid "remove unusable parts from key after import"
+msgstr "导入åŽæ¸…除密钥中无用的部分"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr "导入åŽå°½å¯èƒ½æ¸…除密钥中的å¯é€‰éƒ¨åˆ†"
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "跳过 %d æ ·å¼çš„区å—\n"
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "ç›®å‰å·²å¤„ç† %lu 把密钥\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "åˆè®¡è¢«å¤„ç†çš„æ•°é‡ï¼š%lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " 已跳过的新密钥:%lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " é—失用户标识:%lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " 已导入:%lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " 未改å˜ï¼š%lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " 新用户标识:%lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " æ–°çš„å­é’¥ï¼š%lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " æ–°çš„ç­¾å:%lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " 新的密钥åŠé”€ï¼š%lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " 读å–çš„ç§é’¥ï¼š%lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " 导入的ç§é’¥ï¼š%lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " 未改å˜çš„ç§é’¥ï¼š%lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " 未被导入:%lu\n"
+
+#: g10/import.c:323
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " 清除的签å:%lu\n"
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " 清除的用户标识:%lu\n"
+
+#: g10/import.c:606
+#, fuzzy, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr "警告:密钥 %s 下列用户标识的首选项中包å«ä¸å¯ç”¨çš„算法:\n"
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " “%sâ€ï¼šå¯¹ç§°åŠ å¯†ç®—法 %s 对应首选项\n"
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " “%sâ€ï¼šæ•£åˆ—算法 %s 对应首选项\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " “%sâ€ï¼šåŽ‹ç¼©ç®—法 %s 对应首选项\n"
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "强烈建议您更新您的首选项并é‡æ–°åˆ†å‘这把密钥,\n"
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr "以é¿å…å¯èƒ½çš„算法ä¸åŒ¹é…问题\n"
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr "您å¯ä»¥è¿™æ ·æ›´æ–°æ‚¨çš„首选项:gpg --edit-key %s updpref save\n"
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "密钥 %s:没有用户标识\n"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "密钥 %s:PKS å­é’¥ç ´æŸå·²ä¿®å¤\n"
+
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "密钥 %s:已接å—ä¸å«è‡ªèº«ç­¾å的用户标识“%sâ€\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "密钥 %s:没有有效的用户标识\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "è¿™å¯èƒ½ç”±äºŽé—失自身签å所致\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "密钥 %s:找ä¸åˆ°å…¬é’¥ï¼š%s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "密钥 %s:新密钥――已跳过\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "找ä¸åˆ°å¯å†™çš„钥匙环:%s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "正在写入‘%s’\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "写入钥匙环‘%s’时出错: %s\n"
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "密钥 %s:公钥“%sâ€å·²å¯¼å…¥\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "密钥 %s:与我们的副本ä¸å»åˆ\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "密钥 %s:无法定ä½åŽŸå§‹çš„密钥区å—:%s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "密钥 %s:无法读å–原始的密钥区å—: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "密钥 %s:“%sâ€ä¸€ä¸ªæ–°çš„用户标识\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "密钥 %s:“%sâ€%d 个新的用户标识\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "密钥 %s:“%sâ€1 个新的签å\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "密钥 %s:“%sâ€%d 个新的签å\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "密钥 %s:“%sâ€1 个新的å­é’¥\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "密钥 %s:“%sâ€%d 个新的å­é’¥\n"
+
+#: g10/import.c:980
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "密钥 %s:“%sâ€%d 个签å被清除\n"
+
+#: g10/import.c:983
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "密钥 %s:“%sâ€%d 个签å被清除\n"
+
+#: g10/import.c:986
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "密钥 %s:“%sâ€%d 个用户标识被清除\n"
+
+#: g10/import.c:989
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "密钥 %s:“%sâ€%d 个用户标识被清除\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "密钥 %s:“%sâ€æœªæ”¹å˜\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "密钥 %s:ç§é’¥ä½¿ç”¨äº†æ— æ•ˆçš„加密算法 %d――已跳过\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "ä¸å…许导入ç§é’¥\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "没有默认的ç§é’¥é’¥åŒ™çŽ¯ï¼š %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "密钥 %s:ç§é’¥å·²å¯¼å…¥\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "密钥 %s:已在ç§é’¥é’¥åŒ™çŽ¯ä¸­\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "密钥 %s:找ä¸åˆ°ç§é’¥ï¼š%s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr "密钥 %s:没有公钥――无法应用åŠé”€è¯ä¹¦\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "密钥 %s:无效的åŠé”€è¯ä¹¦ï¼š%s――已拒ç»\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "密钥 %s:“%sâ€åŠé”€è¯ä¹¦å·²è¢«å¯¼å…¥\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "密钥 %s:签å没有用户标识\n"
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr "密钥 %s:用户标识“%sâ€ä½¿ç”¨äº†ä¸æ”¯æŒçš„公钥算法\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "密钥 %s:用户标识“%sâ€è‡ªèº«ç­¾å无效\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "密钥 %s:ä¸æ”¯æŒçš„公钥算法\n"
+
+#: g10/import.c:1484
+#, fuzzy, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "密钥 %s:已新增直接密钥签å\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "密钥 %s:没有å¯ä¾›ç»‘定的å­é’¥\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "密钥 %s:无效的å­é’¥ç»‘定\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "密钥 %s:已删除多é‡å­é’¥ç»‘定\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "密钥 %s:没有用于密钥åŠé”€çš„å­é’¥\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "密钥 %s:无效的å­é’¥åŠé”€\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "密钥 %s:已删除多é‡å­é’¥åŠé”€\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "密钥 %s:已跳过用户标识“%sâ€\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "密钥 %s:已跳过å­é’¥\n"
+
+# here we violate the rfc a bit by still allowing
+# * to import non-exportable signature when we have the
+# * the secret key used to create this signature - it
+# * seems that this makes sense
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "密钥 %s:ä¸å¯å¯¼å‡ºçš„ç­¾å(验è¯çº§åˆ« 0x%02X)――已跳过\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "密钥 %s:åŠé”€è¯ä¹¦ä½ç½®é”™è¯¯â€•â€•å·²è·³è¿‡\n"
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "密钥 %s:无效的åŠé”€è¯ä¹¦ï¼š%s――已跳过\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "密钥 %s:å­é’¥ç­¾åä½ç½®é”™è¯¯â€•â€•å·²è·³è¿‡\n"
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "密钥 %s:与预期ä¸ç¬¦çš„ç­¾å验è¯çº§åˆ«(0x%02X)――已跳过\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "密钥 %s:检测到é‡å¤çš„用户标识――已åˆå¹¶\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr "警告:密钥 %s å¯èƒ½å·²è¢«åŠé”€ï¼šæ­£åœ¨å–回åŠé”€å¯†é’¥ %s\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr "警告:密钥 %s å¯èƒ½å·²è¢«åŠé”€ï¼šåŠé”€å¯†é’¥ %s ä¸å­˜åœ¨ã€‚\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "密钥 %s:已新增åŠé”€è¯ä¹¦â€œ%sâ€\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "密钥 %s:已新增直接密钥签å\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "注æ„:密钥的åºåˆ—å·ä¸Žå¡çš„ä¸ç¬¦\n"
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "注æ„:主钥在线,存储在å¡ä¸Š\n"
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "注æ„:å­é’¥åœ¨çº¿ï¼Œå­˜å‚¨åœ¨å¡ä¸Š\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "建立钥匙环‘%s’时å‘生错误:%s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "钥匙环‘%s’已建立\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "密钥å—资æºâ€˜%s’:%s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "é‡æ–°å»ºç«‹é’¥åŒ™çŽ¯ç¼“存失败: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[åŠé”€]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[自身签å]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 个æŸåçš„ç­¾å\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d 个æŸåçš„ç­¾å\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "有 1 份签å因为é—失密钥而未被检查\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "有 %d 份签å因为é—失密钥而未被检查\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "有 1 份签å因为æŸä¸ªé”™è¯¯è€Œæœªè¢«æ£€æŸ¥\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "有 %d 份签å因为æŸäº›é”™è¯¯è€Œæœªè¢«æ£€æŸ¥\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "检测到 1 个没有有效自身签å的用户标识\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "检测到 %d 个没有有效自身签å的用户标识\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"您是å¦ç›¸ä¿¡è¿™ä½ç”¨æˆ·æœ‰èƒ½åŠ›éªŒè¯å…¶ä»–用户密钥的有效性(查对身份è¯ã€é€šè¿‡ä¸åŒçš„渠é“检"
+"查\n"
+"指纹等)?\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = 我勉强相信\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = 我完全相信\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"请输入这份信任签å的深度。\n"
+"深度若大于 1 则您将签å的这把密钥将å¯ä»¥ä»¥æ‚¨çš„å义åšå‡ºä¿¡ä»»ç­¾å。\n"
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr "请输入这份签åçš„é™åˆ¶åŸŸï¼Œå¦‚果没有请按回车。\n"
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "用户标识“%sâ€å·²è¢«åŠé”€ã€‚"
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "您ä»ç„¶æƒ³è¦ä¸ºå®ƒç­¾åå—?(y/N)"
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " 无法添加签å。\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "用户标识“%sâ€å·²è¿‡æœŸã€‚"
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "警告:用户标识“%sâ€ä¸å«è‡ªèº«ç­¾å。"
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "å¯ä»¥ä¸ºç”¨æˆ·æ ‡è¯†â€œ%sâ€æ·»åŠ ç­¾å。"
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr "为其添加签åå—?(y/N)"
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"“%sâ€çš„自身签å是 PGP 2.x æ ·\n"
+"å¼çš„ç­¾å。\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "您是å¦æƒ³è¦å°†å®ƒå‡çº§æˆ OpenPGP 的自身签å?(y/N)"
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr "您目å‰ä¸ºâ€œ%sâ€çš„ç­¾åå·²ç»è¿‡æœŸäº†ã€‚\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "您想è¦å‘布一份新的签åæ¥å–代已过期的那一个å—?(y/N)"
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr "您目å‰ä¸ºâ€œ%sâ€çš„ç­¾å是一份本地签å。\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "您是å¦æƒ³è¦æŠŠå®ƒå‡çº§æˆå¯ä»¥å®Œå…¨å¯¼å‡ºçš„ç­¾å?(y/N)"
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "“%sâ€å·²ç”±å¯†é’¥ %s 在本地签å\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "“%sâ€å·²ç”±å¯†é’¥ %s ç­¾å\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "您ä»ç„¶æƒ³è¦ä¸ºå®ƒå†æ¬¡ç­¾åå—?(y/N)"
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "没有东西å¯ä»¥è®©å¯†é’¥ %s ç­¾å\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "这把密钥已ç»è¿‡æœŸï¼"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "这把密钥将在 %s 过期。\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "您想è¦è®©æ‚¨çš„ç­¾å也åŒæ—¶è¿‡æœŸå—? (Y/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr "您ä¸èƒ½åœ¨ --pgp2 模å¼ä¸‹ï¼Œç”¨ PGP 2.x å¯†é’¥ç”Ÿæˆ OpenPGP ç­¾å。\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "这会让这把密钥在 PGP 2.x 模å¼ä¸‹ä¸å¯ä½¿ç”¨ã€‚\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"您是å¦è°¨æ…Žåœ°æ£€æŸ¥è¿‡ï¼Œç¡®è®¤æ­£è¦ç­¾å的密钥的确属于以上它所声称的所有者呢?\n"
+"如果您ä¸çŸ¥é“这个问题的答案,请输入“0â€ã€‚\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) 我ä¸ä½œç­”。 %s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) 我根本没有检查过。 %s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) 我éšæ„检查过。 %s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) 我éžå¸¸å°å¿ƒåœ°æ£€æŸ¥è¿‡ã€‚ %s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr "您的选择?(输入‘?’以获得更多的信æ¯):"
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"您真的确定è¦ç­¾å这把密钥,使用您的密钥\n"
+"“%sâ€(%s)\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "这将是一个自身签å。\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr "警告:这份签åä¸ä¼šè¢«æ ‡è®°ä¸ºä¸å¯å¯¼å‡ºã€‚\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr "警告:这份签åä¸ä¼šè¢«æ ‡è®°æˆä¸å¯åŠé”€ã€‚\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "这份签å会被标记æˆä¸å¯å¯¼å‡ºã€‚\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "这份签å会被标记æˆä¸å¯åŠé”€ã€‚\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "我根本没有检查过这把密钥。\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "我éšæ„检查过这把密钥。\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "我éžå¸¸å°å¿ƒåœ°æ£€æŸ¥è¿‡è¿™æŠŠå¯†é’¥ã€‚\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "真的è¦ç­¾åå—?(y/N)"
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "ç­¾å时失败: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr "åªæœ‰å ä½å¯†é’¥ï¼Œæˆ–者密钥存储在å¡ä¸Šâ€”—没有密ç å¯ä»¥æ›´æ”¹ã€‚\n"
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "这把密钥没有被ä¿æŠ¤ã€‚\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "主钥的ç§é’¥éƒ¨åˆ†æ— æ³•å–用。\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "主钥的ç§é’¥éƒ¨åˆ†å­˜å‚¨åœ¨å¡ä¸Šã€‚\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "密钥å—ä¿æŠ¤ã€‚\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "无法编辑这把密钥: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"输入è¦ç»™è¿™æŠŠç§é’¥ç”¨çš„新密ç ã€‚\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "密ç å†æ¬¡è¾“入时与首次输入ä¸ç¬¦ï¼›è¯·å†è¯•ä¸€æ¬¡"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"您ä¸æƒ³è¦ç”¨å¯†ç â€•â€•è¿™å¤§æ¦‚是个å主æ„ï¼\n"
+"\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "您真的想è¦è¿™ä¹ˆåšå—?(y/N)"
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "正在把密钥的签å移动到正确的ä½ç½®åŽ»\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "ä¿å­˜å¹¶ç¦»å¼€"
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr "显示密钥指纹"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "列出密钥和用户标识"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "选择用户标识 N"
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr "选择å­é’¥ N"
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr "检查签å"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr "为所选用户标识添加签å[* å‚è§ä¸‹é¢çš„相关命令]"
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr "为所选用户标识添加本地签å"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr "为所选用户标识添加信任签å"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr "为所选用户标识添加ä¸å¯åŠé”€ç­¾å"
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "增加一个用户标识"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "增加一个照片标识"
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr "删除选定的用户标识"
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr "添加一个å­é’¥"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr "在智能å¡ä¸Šæ·»åŠ ä¸€æŠŠå¯†é’¥"
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr "将一把密钥移动到智能å¡ä¸Š"
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr "将备份密钥转移到å¡ä¸Š"
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr "删除选定的å­é’¥"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "增加一把åŠé”€å¯†é’¥"
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr "删除所选用户标识上的签å"
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "å˜æ›´å¯†é’¥æˆ–所选å­é’¥çš„使用期é™"
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr "将所选的用户标识设为首选用户标识"
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr "在ç§é’¥å’Œå…¬é’¥æ¸…å•é—´åˆ‡æ¢"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "列出首选项(专家模å¼)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "列出首选项(详细模å¼)"
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr "设定所选用户标识的首选项"
+
+#: g10/keyedit.c:1453
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "设定所选用户标识的首选公钥æœåŠ¡å™¨çš„ URL"
+
+#: g10/keyedit.c:1455
+msgid "set a notation for the selected user IDs"
+msgstr "为所选用户标识的设定注记"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "更改密ç "
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "更改信任度"
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr "åŠé”€æ‰€é€‰ç”¨æˆ·æ ‡è¯†ä¸Šçš„ç­¾å"
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr "åŠé”€é€‰å®šçš„用户标识"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr "åŠé”€å¯†é’¥æˆ–选定的å­é’¥"
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr "å¯ç”¨å¯†é’¥"
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr "ç¦ç”¨å¯†é’¥"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr "显示选定的照片标识"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr "压缩ä¸å¯ç”¨çš„用户标识并删除ä¸å¯ç”¨çš„ç­¾å"
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr "压缩ä¸å¯ç”¨çš„用户标识并删除所有签å"
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "读å–ç§é’¥åŒºå—“%sâ€æ—¶å‡ºé”™ï¼š%s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "ç§é’¥å¯ç”¨ã€‚\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "è¦æœ‰ç§é’¥æ‰èƒ½è¿™ä¹ˆåšã€‚\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "请先使用“toggleâ€æŒ‡ä»¤ã€‚\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* ‘sign’命令å¯ä»¥å¸¦â€˜l’å‰ç¼€(lsign)以添加本地签å,或‘t’å‰ç¼€(tsign)以添加\n"
+" 信任签å,或‘nr’å‰ç¼€(nrsign)以添加ä¸å¯åŠé”€ç­¾å,或者以上三ç§å‰ç¼€çš„任何组\n"
+" åˆ(ltsignã€tnrsign ç­‰)。\n"
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "密钥已被åŠé”€ã€‚"
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "真的为所有的用户标识签åå—?(y/N)"
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "æ示:选择è¦æ·»åŠ ç­¾å的用户标识\n"
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "未知的签å类型‘%s’\n"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "在 %s 模å¼ä¸­ä¸å…许使用这个指令。\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "您至少得选择一个用户标识。\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "您ä¸èƒ½åˆ é™¤æœ€åŽä¸€ä¸ªç”¨æˆ·æ ‡è¯†ï¼\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "真的è¦åˆ é™¤æ‰€æœ‰é€‰å®šçš„用户标识å—?(y/N)"
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "真的è¦åˆ é™¤è¿™ä¸ªç”¨æˆ·æ ‡è¯†å—?(y/N)"
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+#, fuzzy
+msgid "Really move the primary key? (y/N) "
+msgstr "真的è¦åˆ é™¤ä¸»é’¥å—?(y/N)"
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "您必须指定一把密钥。\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr "命令需è¦ä¸€ä¸ªæ–‡ä»¶å作为å‚æ•°\n"
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "无法打开‘%s’:%s\n"
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "从‘%s’读å–备份密钥时出错:%s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "您必须选择至少一把密钥。\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "您真的想è¦åˆ é™¤é€‰å®šçš„密钥å—?(y/N)"
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "您真的è¦åˆ é™¤è¿™æŠŠå¯†é’¥å—?(y/N)"
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "真的è¦åŠé”€æ‰€æœ‰é€‰å®šçš„用户标识å—?(y/N)"
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr "真的è¦åŠé”€è¿™ä¸ªç”¨æˆ·æ ‡è¯†å—?(y/N)"
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "您真的è¦åŠé”€æ•´æŠŠå¯†é’¥å—?(y/N)"
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "您真的è¦åŠé”€é€‰å®šçš„å­é’¥å—?(y/N)"
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "您真的è¦åŠé”€è¿™æŠŠå­é’¥å—?(y/N)"
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr "使用用户æ供的信任度数æ®åº“时信任度å¯èƒ½å¹¶æœªè¢«è®¾å®š\n"
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "设为首选项列表为:\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "真的è¦æ›´æ–°æ‰€é€‰ç”¨æˆ·æ ‡è¯†çš„首选项å—?(y/N)"
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "真的è¦æ›´æ–°é¦–选项å—?(y/N)"
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "è¦ä¿å­˜å˜åŠ¨å—?(y/N)"
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "è¦ä¸ä¿å­˜è€Œç¦»å¼€å—?(y/N)"
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "更新失败:%s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "æ›´æ–°ç§é’¥å¤±è´¥ï¼š%s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "密钥没有å˜åŠ¨æ‰€ä»¥ä¸éœ€è¦æ›´æ–°ã€‚\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "散列:"
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "特点:"
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr "公钥æœåŠ¡å™¨ä¸å¯å˜é€ "
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr "首选公钥æœåŠ¡å™¨ï¼š"
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+msgid "Notations: "
+msgstr "注记:"
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "PGP 2.x æ ·å¼çš„用户标识没有首选项。\n"
+
+#: g10/keyedit.c:2810
+#, fuzzy, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "此密钥已于 %s 被 %s 密钥 %s 所åŠé”€\n"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "这把密钥å¯è¢« %s 密钥 %s åŠé”€"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr " (æ•æ„Ÿçš„)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "创建于:%s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "å·²åŠé”€ï¼š%s"
+
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "已过期:%s"
+
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "有效至:%s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "å¯ç”¨äºŽï¼š%s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr "信任度:%s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "有效性:%s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "这把密钥已ç»è¢«ç¦ç”¨"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr "å¡å·ï¼š"
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr "请注æ„,在您é‡å¯ç¨‹åºä¹‹å‰ï¼Œæ˜¾ç¤ºçš„密钥有效性未必正确,\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "å·²åŠé”€"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "已过期"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"警告:没有首选用户标识。此指令å¯èƒ½å‡å®šä¸€ä¸ªä¸åŒçš„用户标识为首选用户标识。\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"警告:这是一把 PGP2 æ ·å¼çš„密钥。\n"
+" 增加照片标识å¯èƒ½ä¼šå¯¼è‡´æŸäº›ç‰ˆæœ¬çš„ PGP ä¸èƒ½è¯†åˆ«è¿™æŠŠå¯†é’¥ã€‚\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "您确定ä»ç„¶æƒ³è¦å¢žåŠ å—?(y/N)"
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "您ä¸å¯ä»¥æŠŠç…§ç‰‡æ ‡è¯†å¢žåŠ åˆ° PGP2 æ ·å¼çš„密钥里。\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "删除这个完好的签åå—?(y/N/q)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "删除这个无效的签åå—?(y/N/q)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "删除这个未知的签åå—?(y/N/q)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "真的è¦åˆ é™¤è¿™ä¸ªè‡ªèº«ç­¾åå—?(y/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "å·²ç»åˆ é™¤äº† %d 个签å。\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "å·²ç»åˆ é™¤äº† %d 个签å。\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "没有东西被删除。\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "无效"
+
+#: g10/keyedit.c:3357
+#, fuzzy, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "用户标识“%sâ€ï¼šæ— ç”¨éƒ¨åˆ†å·²æ¸…除\n"
+
+#: g10/keyedit.c:3364
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "密钥 %s:“%sâ€%d 个签å被清除\n"
+
+#: g10/keyedit.c:3365
+#, fuzzy, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "密钥 %s:“%sâ€%d 个签å被清除\n"
+
+#: g10/keyedit.c:3373
+#, fuzzy, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "用户标识“%sâ€ï¼šæ— ç”¨éƒ¨åˆ†å·²æ¸…除\n"
+
+#: g10/keyedit.c:3374
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "用户标识“%sâ€ï¼šæ— ç”¨éƒ¨åˆ†å·²æ¸…除\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"警告:这是一把 PGP2 æ ·å¼çš„密钥。\n"
+" 增加指定åŠé”€è€…å¯èƒ½ä¼šå¯¼è‡´æŸäº›ç‰ˆæœ¬çš„ PGP 无法识别这把密钥。\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "您ä¸å¯ä»¥ä¸º PGP 2.x æ ·å¼çš„密钥添加指定åŠé”€è€…。\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "输入指定åŠé”€è€…的用户标识:"
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "无法将 PGP 2.x æ ·å¼çš„密钥设为指定åŠé”€è€…\n"
+
+# This actually causes no harm (after all, a key that
+# designates itself as a revoker is the same as a
+# regular key), but it's easy enough to check.
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "您ä¸èƒ½å°†æŸæŠŠå¯†é’¥è®¾ä¸ºå®ƒè‡ªå·±çš„指定åŠé”€è€…\n"
+
+# This actually causes no harm (after all, a key that
+# designates itself as a revoker is the same as a
+# regular key), but it's easy enough to check.
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr "这把密钥已被指定为一个åŠé”€è€…\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr "警告:将æŸæŠŠå¯†é’¥æŒ‡æ´¾ä¸ºæŒ‡å®šåŠé”€è€…çš„æ“作无法撤销ï¼\n"
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr "您确定è¦å°†è¿™æŠŠå¯†é’¥è®¾ä¸ºæŒ‡å®šåŠé”€è€…å—?(y/N):"
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "请从ç§é’¥ä¸­åˆ é™¤é€‰æ‹©ã€‚\n"
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr "请至多选择一个å­é’¥ã€‚\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr "å°†è¦å˜æ›´å­é’¥çš„使用期é™ã€‚\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "å°†è¦å˜æ›´ä¸»é’¥çš„使用期é™ã€‚\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "您ä¸èƒ½å˜æ›´ v3 密钥的使用期é™\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "在ç§é’¥çŽ¯é‡Œæ²¡æœ‰ç›¸åº”çš„ç­¾å\n"
+
+#: g10/keyedit.c:3800
+#, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "ç­¾åçš„å­é’¥ %s å·²ç»äº¤å‰éªŒè¯\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr "å­é’¥ %s ä¸ç­¾å,因此ä¸éœ€è¦äº¤å‰éªŒè¯\n"
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "请精确地选择一个用户标识。\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "跳过用户标识“%sâ€çš„ v3 自身签å\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr "输入您首选的公钥æœåŠ¡å™¨çš„ URL:"
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "您确定è¦æ›¿æ¢å®ƒå—?(y/N)"
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "您确定è¦åˆ é™¤å®ƒå—?(y/N)"
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr "输入注记:"
+
+#: g10/keyedit.c:4471
+msgid "Proceed? (y/N) "
+msgstr "继续?(y/N)"
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "没有索引为 %d 的用户标识\n"
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "没有散列值为 %s 的用户标识\n"
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "没有索引为 %d çš„å­é’¥\n"
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "用户标识:“%sâ€\n"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "由您的密钥 %s 于 %s%s%s ç­¾å\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (ä¸å¯å¯¼å‡º)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "这份签å已在 %s 过期。\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "您确定您ä»ç„¶æƒ³è¦åŠé”€å®ƒå—?(y/N)"
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "è¦ä¸ºè¿™ä»½ç­¾å生æˆä¸€ä»½åŠé”€è¯ä¹¦å—?(y/N)"
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr ""
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "您已ç»ä¸ºè¿™äº›å¯†é’¥ %s 上的这些用户标识添加签å:\n"
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (ä¸å¯åŠé”€)"
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "由您的密钥 %s 于 %s åŠé”€\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "您正在åŠé”€è¿™äº›ç­¾å:\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "真的è¦ç”ŸæˆåŠé”€è¯ä¹¦å—?(y/N)"
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "没有ç§é’¥\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "用户标识“%sâ€å·²ç»è¢«åŠé”€ã€‚\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr "警告:有一份用户标识签å的日期标记为 %d 秒åŽçš„未æ¥\n"
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "密钥 %s 已被åŠé”€ã€‚\n"
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "å­é’¥ %s 已被åŠé”€ã€‚\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "正在显示 %s 照片标识(大å°ä¸º %ld,属于密钥 %s,用户标识 %d)\n"
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "首选项‘%s’é‡å¤\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "太多对称加密算法首选项\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "太多散列算法首选项\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "太多首选压缩算法\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "首选项字符串里有无效项‘%s’\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "正在写入直接签å\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "正在写入自身签å\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "正在写入密钥绑定签å\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "密钥尺寸无效:改用 %u ä½\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "密钥尺寸èˆå…¥åˆ° %u ä½\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr ""
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "ç­¾å"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr "验è¯"
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "加密"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "认è¯"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr "SsEeAaQq"
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "%s 密钥å¯èƒ½çš„æ“作:"
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr "ç›®å‰å…许的æ“作:"
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) 选择是å¦ç”¨äºŽç­¾å\n"
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) 选择是å¦ç”¨äºŽåŠ å¯†\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) 选择是å¦ç”¨äºŽè®¤è¯\n"
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) 已完æˆ\n"
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "请选择您è¦ä½¿ç”¨çš„密钥ç§ç±»ï¼š\n"
+
+#: g10/keygen.c:1689
+#, fuzzy, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) DSA 和 ElGamal (默认)\n"
+
+#: g10/keygen.c:1691
+#, fuzzy, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA 和 ElGamal (默认)\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (仅用于签å)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (仅用于签å)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) ElGamal (仅用于加密)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (仅用于加密)\n"
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (自定义用途)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (自定义用途)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "%s 密钥长度应在 %u ä½ä¸Ž %u ä½ä¹‹é—´ã€‚\n"
+
+#: g10/keygen.c:1820
+#, fuzzy, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "您想è¦ç”¨å¤šå¤§çš„密钥尺寸?(%u)"
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "您想è¦ç”¨å¤šå¤§çš„密钥尺寸?(%u)"
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "您所è¦æ±‚的密钥尺寸是 %u ä½\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"请设定这把密钥的有效期é™ã€‚\n"
+" 0 = 密钥永ä¸è¿‡æœŸ\n"
+" <n> = 密钥在 n 天åŽè¿‡æœŸ\n"
+" <n>w = 密钥在 n 周åŽè¿‡æœŸ\n"
+" <n>m = 密钥在 n 月åŽè¿‡æœŸ\n"
+" <n>y = 密钥在 n å¹´åŽè¿‡æœŸ\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"请设定这份签å的有效期é™ã€‚\n"
+" 0 = ç­¾åæ°¸ä¸è¿‡æœŸ\n"
+" <n> = ç­¾å在 n 天åŽè¿‡æœŸ\n"
+" <n>w = ç­¾å在 n 周åŽè¿‡æœŸ\n"
+" <n>m = ç­¾å在 n 月åŽè¿‡æœŸ\n"
+" <n>y = ç­¾å在 n å¹´åŽè¿‡æœŸ\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "密钥的有效期é™æ˜¯ï¼Ÿ(0) "
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "ç­¾å的有效期é™æ˜¯å¤šä¹…?(%s) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "无效的数值\n"
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr "密钥永远ä¸ä¼šè¿‡æœŸ\n"
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr "ç­¾å永远ä¸ä¼šè¿‡æœŸ\n"
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "密钥于 %s 过期\n"
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "ç­¾å于 %s 过期\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"您的系统无法显示 2038 年以åŽçš„日期。\n"
+"ä¸è¿‡ï¼Œå®ƒå¯ä»¥æ­£ç¡®å¤„ç† 2106 年之å‰çš„年份。\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "以上正确å—?(y/n)"
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"您需è¦ä¸€ä¸ªç”¨æˆ·æ ‡è¯†æ¥è¾¨è¯†æ‚¨çš„密钥;本软件会用真实姓åã€æ³¨é‡Šå’Œç”µå­é‚®ä»¶åœ°å€ç»„"
+"åˆ\n"
+"æˆç”¨æˆ·æ ‡è¯†ï¼Œå¦‚下所示:\n"
+" “Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>â€\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "真实姓å:"
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "姓åå«æœ‰æ— æ•ˆçš„字符\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "姓åä¸å¯ä»¥ç”¨æ•°å­—开头\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "姓å至少è¦æœ‰äº”个字符长\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "电å­é‚®ä»¶åœ°å€ï¼š"
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "电å­é‚®ä»¶åœ°å€æ— æ•ˆ\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "注释:"
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "注释å«æœ‰æ— æ•ˆçš„字符\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "您正在使用‘%s’字符集。\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"您选定了这个用户标识:\n"
+" “%sâ€\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "请ä¸è¦æŠŠç”µå­é‚®ä»¶åœ°å€æ”¾è¿›æ‚¨çš„真实姓å或注释里\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcEeOoQq"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "更改姓å(N)ã€æ³¨é‡Š(C)ã€ç”µå­é‚®ä»¶åœ°å€(E)或退出(Q)?"
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "更改姓å(N)ã€æ³¨é‡Š(C)ã€ç”µå­é‚®ä»¶åœ°å€(E)或确定(O)/退出(Q)?"
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "请先改正错误\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"您需è¦ä¸€ä¸ªå¯†ç æ¥ä¿æŠ¤æ‚¨çš„ç§é’¥ã€‚\n"
+"\n"
+
+#: g10/keygen.c:2276
+#, fuzzy
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "请输入密ç ï¼šè¿™æ˜¯ä¸€ä¸ªç§˜å¯†çš„å¥å­ \n"
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"您ä¸æƒ³è¦æœ‰å¯†ç â€•â€•è¿™ä¸ªæƒ³æ³•å®žåœ¨æ˜¯é­é€äº†ï¼\n"
+"ä¸è¿‡ï¼Œæˆ‘ä»ç„¶ä¼šç…§æ‚¨æƒ³çš„去åšã€‚您任何时候都å¯ä»¥å˜æ›´æ‚¨çš„密ç ï¼Œä»…需è¦\n"
+"å†æ¬¡æ‰§è¡Œè¿™ä¸ªç¨‹åºï¼Œå¹¶ä¸”使用“--edit-keyâ€é€‰é¡¹å³å¯ã€‚\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"我们需è¦ç”Ÿæˆå¤§é‡çš„éšæœºå­—节。这个时候您å¯ä»¥å¤šåšäº›ç事(åƒæ˜¯æ•²æ‰“键盘ã€ç§»åŠ¨\n"
+"é¼ æ ‡ã€è¯»å†™ç¡¬ç›˜ä¹‹ç±»çš„),这会让éšæœºæ•°å­—å‘生器有更好的机会获得足够的熵数。\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "密钥生æˆå·²å–消。\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "正在将公钥写至`%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "å‘‘%s’写入ç§é’¥å ä½ç¬¦\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "正在将ç§é’¥å†™è‡³`%s'\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "找ä¸åˆ°å¯å†™çš„公钥钥匙环:%s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "找ä¸åˆ°å¯å†™çš„ç§é’¥é’¥åŒ™çŽ¯ï¼š%s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "写入公钥钥匙环‘%s’时å‘生错误: %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "写入ç§é’¥é’¥åŒ™çŽ¯â€˜%s’时å‘生错误: %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "公钥和ç§é’¥å·²ç»ç”Ÿæˆå¹¶ç»ç­¾å。\n"
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"请注æ„这把密钥还ä¸èƒ½ç”¨æ¥åŠ å¯†ï¼Œæ‚¨å¿…须先用“--edit-keyâ€æŒ‡ä»¤\n"
+"生æˆç”¨äºŽåŠ å¯†çš„å­é’¥ã€‚\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "生æˆå¯†é’¥å¤±è´¥ï¼š%s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr "密钥是在 %lu 秒åŽçš„未æ¥ç”Ÿæˆçš„(å¯èƒ½æ˜¯å› ä¸ºæ—¶ç©ºæ‰­æ›²æˆ–时钟的问题)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr "密钥是在 %lu 秒åŽçš„未æ¥ç”Ÿæˆçš„(å¯èƒ½æ˜¯å› ä¸ºæ—¶ç©ºæ‰­æ›²æˆ–时钟的问题)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "注æ„:为 v3 密钥生æˆå­é’¥ä¼šå¤±åŽ» OpenPGP 兼容性\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "真的è¦å»ºç«‹å—?(y/N)"
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "å‘å¡ä¸Šå­˜å‚¨å¯†é’¥æ—¶å¤±è´¥ï¼š%s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "ä¸èƒ½åˆ›å»ºå¤‡ä»½æ–‡ä»¶â€˜%s’:%s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "注æ„:å¡å¯†é’¥çš„备份已ä¿å­˜åˆ°â€˜%s’\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "æ°¸ä¸è¿‡æœŸ"
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "关键签å策略:"
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "ç­¾å策略:"
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr "关键首选公钥æœåŠ¡å™¨ï¼š"
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "关键签å注记:"
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "ç­¾å注记:"
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "钥匙环"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr "主钥指纹:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr "å­é’¥æŒ‡çº¹ï¼š"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " 主钥指纹:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " å­é’¥æŒ‡çº¹ï¼š"
+
+# use tty
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr "密钥指纹 ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr "å¡åºåˆ—å· ="
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "将‘%s’é‡å‘½å为‘%s’时失败:%s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "警告:两个文件存在有互相矛盾的信æ¯ã€‚\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s 是没有改å˜çš„那一个\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s 是新的那一个\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "请修补这个å¯èƒ½çš„安全性æ¼æ´ž\n"
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "缓存钥匙环‘%s’\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "ç›®å‰å·²ç¼“å­˜ %lu 把密钥(%lu 份签å)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "缓存了 %lu 把密钥(%lu 份签å)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s:钥匙环已建立\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr "在æœç´¢ç»“果中包å«å·²åŠé”€çš„密钥"
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr "按钥匙å·æœç´¢æ—¶åŒ…å«å­é’¥"
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr "å‘公钥æœåŠ¡å™¨è¾…助程åºä¼ é€’æ•°æ®æ—¶ä½¿ç”¨ä¸´æ—¶æ–‡ä»¶"
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr "ä¸åˆ é™¤ä½¿ç”¨è¿‡çš„临时文件"
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr "验è¯ç­¾å时自动下载密钥"
+
+#: g10/keyserver.c:85
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "使用密钥中指定的首选公钥æœåŠ¡å™¨ URL"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr "获å–密钥时使用密钥上的 PKA 记录"
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr "警告:公钥æœåŠ¡å™¨é€‰é¡¹â€˜%s’在此平å°ä¸Šæ²¡æœ‰è¢«ä½¿ç”¨\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "å·²ç¦ç”¨"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "输入数字以选择,输入 N 翻页,输入 Q 退出 >"
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "无效的公钥æœåŠ¡å™¨åè®®(us %d!=handler %d)\n"
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "在公钥æœåŠ¡å™¨ä¸Šæ‰¾ä¸åˆ°å¯†é’¥â€œ%sâ€\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "在公钥æœåŠ¡å™¨ä¸Šæ‰¾ä¸åˆ°å¯†é’¥\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "下载密钥‘%s’,从 %s æœåŠ¡å™¨ %s\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "下载密钥 %s,从 %s\n"
+
+#: g10/keyserver.c:1205
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "在 %s æœåŠ¡å™¨ %s 上æœç´¢åå­—\n"
+
+#: g10/keyserver.c:1208
+#, c-format
+msgid "searching for names from %s\n"
+msgstr "在 %s 上æœç´¢åå­—\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "将密钥‘%s’上传到 %s æœåŠ¡å™¨ %s\n"
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "将密钥‘%s’上传到 %s\n"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "æœç´¢â€œ%sâ€ï¼Œåœ¨ %s æœåŠ¡å™¨ %s 上\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "æœç´¢â€œ%sâ€ï¼Œåœ¨ %s 上\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr "公钥æœåŠ¡å™¨æ— åŠ¨ä½œï¼\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr "警告:处ç†å…¬é’¥æœåŠ¡å™¨çš„程åºæ¥è‡ªä¸åŒç‰ˆæœ¬çš„ GnuPG (%s)\n"
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "公钥æœåŠ¡å™¨æœªå‘é€ VERSION\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "未给出公钥æœåŠ¡å™¨(使用 --keyserver 选项)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr "这一编译版本ä¸æ”¯æŒå¤–部调用公钥æœåŠ¡å™¨\n"
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "没有处ç†â€˜%s’公钥æœåŠ¡å™¨çš„程åº\n"
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr "‘%s’æ“作ä¸ä¸ºâ€˜%s’公钥æœåŠ¡å™¨æ‰€æ”¯æŒ\n"
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "%s ä¸æ”¯æŒå¯¹ç‰ˆæœ¬ %d 的处ç†\n"
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "公钥æœåŠ¡å™¨è¶…æ—¶\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "公钥æœåŠ¡å™¨å†…部错误\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "公钥æœåŠ¡å™¨é€šè®¯é”™è¯¯ï¼š%s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "“%sâ€ä¸æ˜¯ä¸€ä¸ªç”¨æˆ·æ ‡è¯†ï¼šè·³è¿‡\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "警告:无法更新密钥 %s,通过 %s:%s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "1 个密钥正从 %s 得到更新\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "%d 个密钥正从 %s 得到更新\n"
+
+#: g10/keyserver.c:1987
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "è­¦å‘Šï¼šæ— æ³•èŽ·å– URI %s:%s\n"
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "ä¸èƒ½è§£æž URI %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "加密过的会è¯å¯†é’¥å°ºå¯¸(%d)诡异\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s 加密过的会è¯å¯†é’¥\n"
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "密ç ç”±æœªçŸ¥çš„散列算法 %d 生æˆ\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "公钥是 %s\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "公钥加密过的数æ®ï¼šå®Œå¥½çš„æ•°æ®åŠ å¯†å¯†é’¥\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "ç”± %u ä½çš„ %s 密钥加密,钥匙å·ä¸º %sã€ç”ŸæˆäºŽ %s\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " “%sâ€\n"
+
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "ç”± %s 密钥加密ã€é’¥åŒ™å·ä¸º %s\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "公钥解密失败:%s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "以 %lu 个密ç åŠ å¯†\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "以 1 个密ç åŠ å¯†\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "å‡å®š %s 为加密过的数æ®\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "IDEA 算法ä¸å¯ç”¨ï¼Œè¯•ä»¥ %s 代替\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "解密æˆåŠŸ\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "警告:报文未å—到完整的ä¿æŠ¤\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "警告:加密过的报文已ç»å˜é€ ï¼\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr ""
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "解密失败:%s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "注æ„:å‘件者è¦æ±‚您“åªé˜…读ä¸å­˜ç›˜â€\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "原始文件å =‘%.*s’\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr ""
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "独立的åŠé”€è¯ä¹¦â€•â€•è¯·ç”¨â€œgpg --importâ€æ¥åº”用\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+msgid "no signature found\n"
+msgstr "未找到签å\n"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "ç­¾å验è¯å·²è¢«æŠ‘制\n"
+
+#: g10/mainproc.c:1587
+msgid "can't handle this ambiguous signature data\n"
+msgstr "无法处ç†è¿™äº›æœ‰æ­§ä¹‰çš„ç­¾å\n"
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "ç­¾å建立于 %s\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " 使用 %s 密钥 %s\n"
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "于 %s 创建的签å,使用 %sï¼Œé’¥åŒ™å· %s\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "å¯ç”¨çš„密钥在:"
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "å·²æŸåçš„ç­¾å,æ¥è‡ªäºŽâ€œ%sâ€"
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "过期的签å,æ¥è‡ªäºŽâ€œ%sâ€"
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "完好的签å,æ¥è‡ªäºŽâ€œ%sâ€"
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[ä¸ç¡®å®š]"
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " 亦å³â€œ%sâ€"
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "这份签å已于 %s 过期。\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "这份签å在 %s 过期。\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s ç­¾å,散列算法 %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "二进制"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "文本模å¼"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "未知"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "无法检查签å:%s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "ä¸æ˜¯ä¸€ä»½åˆ†ç¦»çš„ç­¾å\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr "警告:检测到多é‡ç­¾å。åªæ£€æŸ¥ç¬¬ä¸€ä¸ªç­¾å。\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "等级 0x%02x 的独立签å\n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "æ—§å¼(PGP 2.x)ç­¾å\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "在 proc_tree() 中检测到无效的根包\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "‘%s’的 fstat 在 %s 中出错:%s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "fstat(%d) 在 %s 中出错:%s\n"
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "警告: 使用试验性质的公钥算法 %s\n"
+
+#: g10/misc.c:302
+#, fuzzy
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "警告:ä¸å»ºè®®ä½¿ç”¨æ•£åˆ—算法 %s\n"
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "警告:使用试验性质的对称加密算法 %s\n"
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "警告:使用试验性质的散列算法 %s\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "警告:ä¸å»ºè®®ä½¿ç”¨æ•£åˆ—算法 %s\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "IDEA 算法æ’件ä¸å­˜åœ¨\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, c-format
+msgid "please see %s for more information\n"
+msgstr "请å‚è§ %s 以得到更多信æ¯ã€‚\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d:ä¸å»ºè®®ä½¿ç”¨è¯¥é€‰é¡¹â€œ%sâ€\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "警告:“%sâ€é€‰é¡¹å·²ä¸å»ºè®®ä½¿ç”¨\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "请以“%s%sâ€ä»£æ›¿\n"
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "警告:“%sâ€å‘½ä»¤å·²ä¸å»ºè®®ä½¿ç”¨â€”—ä¸è¦ä½¿ç”¨å®ƒ\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr ""
+
+#: g10/misc.c:787
+#, fuzzy, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "警告:“%sâ€é€‰é¡¹å·²ä¸å»ºè®®ä½¿ç”¨\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "ä¸åŽ‹ç¼©"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr "未压缩|无"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "%s 也许ä¸èƒ½ä½¿ç”¨è¿™ä¸ªæŠ¥æ–‡\n"
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "有歧义的选项‘%s’\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "未知的选项 '%s'\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "文件‘%s’已存在。 "
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "是å¦è¦†ç›–?(y/N)"
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s:未知的åŽç¼€å\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "请输入新的文件å"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "正在写入到标准输出\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "å‡å®šè¢«ç­¾åçš„æ•°æ®æ˜¯â€˜%s’\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "æ–°çš„é…置文件‘%s’已建立\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "警告:在‘%s’里的选项于此次è¿è¡ŒæœŸé—´æœªè¢«ä½¿ç”¨\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "无法æ“作公钥算法 %d\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr "警告:潜在ä¸å®‰å…¨çš„对称加密会è¯å¯†é’¥\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "%d 类别的å­åŒ…设定了关键ä½\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, fuzzy, c-format
+msgid "problem with the agent: %s\n"
+msgstr "代ç†ç¨‹åºæœ‰é—®é¢˜â€•â€•æ­£åœ¨åœç”¨ä»£ç†ç¨‹åº\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (ä¸»é’¥åŒ™å· %s)"
+
+#: g10/passphrase.c:358
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"您需è¦è¿™ä¸ªç”¨æˆ·çš„密ç æ¥è§£å¼€ç§é’¥ï¼š\n"
+"“%.*sâ€\n"
+"%u ä½çš„ %s å¯†é’¥ï¼Œé’¥åŒ™å· %s,建立于 %s%s\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "请输入密ç \n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "用户å–消\n"
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr "您需è¦è¾“入密ç ï¼Œæ‰èƒ½è§£å¼€è¿™ä¸ªç”¨æˆ·çš„ç§é’¥ï¼šâ€œ%sâ€\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u ä½çš„ %s å¯†é’¥ï¼Œé’¥åŒ™å· %s,建立于 %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (主钥 %s çš„å­é’¥)"
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"请挑选一张图片作为您的照片标识 。这张图片一定è¦æ˜¯JPEG文件。请记ä½è¿™å¼ å›¾\n"
+"片会被存放在您的公钥里。如果您挑了éžå¸¸å¤§çš„图片的è¯ï¼Œæ‚¨çš„密钥也会å˜å¾—éž\n"
+"常大ï¼è¯·å°½é‡æŠŠå›¾ç‰‡å°ºå¯¸æŽ§åˆ¶åœ¨240x288å·¦å³ï¼Œè¿™æ˜¯ä¸ªç†æƒ³çš„尺寸。\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "输入è¦å½“作相片标识的JPEG文件å: "
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "无法打开 JPEG 文件‘%s’:%s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "这个 JPEG 文件太大了(%d 字节)ï¼\n"
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "您确定è¦ç”¨å®ƒå—?(y/N)"
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "“%sâ€ä¸æ˜¯ä¸€ä¸ª JPEG 文件\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "这张照片正确å—?(y/N/q)"
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "无法显示照片标识ï¼\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "未指定原因"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "密钥被替æ¢"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "密钥已泄æ¼"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "密钥ä¸å†ä½¿ç”¨"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "用户标识ä¸å†æœ‰æ•ˆ"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "åŠé”€åŽŸå› ï¼š"
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "åŠé”€æ³¨é‡Šï¼š"
+
+# a string with valid answers
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMqQsS"
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "下列项目没有指定信任度:\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " 亦å³â€œ%sâ€\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "您是å¦ç›¸ä¿¡è¿™æŠŠå¯†é’¥å±žäºŽå®ƒæ‰€å£°ç§°çš„æŒæœ‰è€…?\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = 我ä¸çŸ¥é“或我ä¸ä½œç­”\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = 我ä¸ç›¸ä¿¡\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = 我ç»å¯¹ç›¸ä¿¡\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " m = 回到主èœå•\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " s = 跳过这把密钥\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " q = 退出\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+"这把密钥的最å°ä¿¡ä»»ç­‰çº§ä¸ºï¼š%s\n"
+"\n"
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "您的决定是什么?"
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "您真的è¦æŠŠè¿™æŠŠå¯†é’¥è®¾æˆç»å¯¹ä¿¡ä»»ï¼Ÿ(y/N)"
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "被ç»å¯¹ä¿¡ä»»çš„密钥的è¯ä¹¦ï¼š\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr "%s:没有è¯æ®è¡¨æ˜Žè¿™æŠŠå¯†é’¥çœŸçš„属于它所声称的æŒæœ‰è€…\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr "%s:åªæœ‰æœ‰é™çš„è¯æ®è¡¨æ˜Žè¿™æŠŠå¯†é’¥å±žäºŽå®ƒæ‰€å£°ç§°çš„æŒæœ‰è€…\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "这把密钥有å¯èƒ½å±žäºŽå®ƒæ‰€å£°ç§°çš„æŒæœ‰è€…\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "这把密钥是属于我们的\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"这把密钥并ä¸ä¸€å®šå±žäºŽç”¨æˆ·æ ‡è¯†å£°ç§°çš„那个人。如果您真的知é“自\n"
+"己在åšä»€ä¹ˆï¼Œæ‚¨å¯ä»¥åœ¨ä¸‹ä¸€ä¸ªé—®é¢˜å›žç­” yes。\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "无论如何还是使用这把密钥å—?(y/N)"
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "警告:正在使用ä¸è¢«ä¿¡ä»»çš„密钥ï¼\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "警告:此密钥å¯èƒ½å·²è¢«åŠé”€(åŠé”€å¯†é’¥ä¸å­˜åœ¨)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "警告:这把密钥已ç»è¢«å®ƒçš„指定åŠé”€è€…åŠé”€äº†ï¼\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "警告:这把密钥已ç»è¢«å®ƒçš„æŒæœ‰è€…åŠé”€äº†ï¼\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " 这表明这个签å有å¯èƒ½æ˜¯ä¼ªé€ çš„。\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "警告:这把å­é’¥å·²ç»è¢«å®ƒçš„æŒæœ‰è€…åŠé”€äº†ï¼\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "注æ„:这把密钥已ç»è¢«ç¦ç”¨äº†ã€‚\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr "注æ„:验è¯è¿‡çš„ç­¾å者的地å€æ˜¯â€˜%s’\n"
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr "注æ„:签å者的地å€â€˜%s’ä¸åŒ¹é…任何 DNS 记录\n"
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr "PKA ä¿¡æ¯æœ‰æ•ˆï¼Œä¿¡ä»»çº§åˆ«è°ƒæ•´åˆ°â€œå®Œå…¨â€\n"
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr "PKA ä¿¡æ¯æ— æ•ˆï¼Œä¿¡ä»»çº§åˆ«è°ƒæ•´åˆ°â€œä»Žä¸â€\n"
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "注æ„:这把密钥已ç»è¿‡æœŸäº†ï¼\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "警告:这把密钥未ç»å—信任的签å认è¯ï¼\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr " 没有è¯æ®è¡¨æ˜Žè¿™ä¸ªç­¾å属于它所声称的æŒæœ‰è€…。\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "警告:我们ä¸ä¿¡ä»»è¿™æŠŠå¯†é’¥ï¼\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " 这个签å很有å¯èƒ½æ˜¯ä¼ªé€ çš„。\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr "警告:这把密钥未ç»æœ‰è¶³å¤Ÿä¿¡ä»»åº¦çš„ç­¾å所认è¯ã€‚\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " 这份签å并ä¸ä¸€å®šå±žäºŽå®ƒæ‰€å£°ç§°çš„æŒæœ‰è€…\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s:已跳过:%s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: 已跳过:公钥已存在\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "您没有指定用户标识。(您å¯ä»¥åœ¨å‘½ä»¤è¡Œä¸­ç”¨â€œ-râ€æŒ‡å®š)\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr "当å‰æ”¶ä»¶äººï¼š\n"
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"输入用户标识。以空白行结æŸï¼š"
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "没有这个用户标识。\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "已跳过:公钥已被设为默认收件者\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "公钥被ç¦ç”¨ã€‚\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "已跳过:公钥已被设定\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "未知的默认收件者“%sâ€\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s:已跳过:公钥已被ç¦ç”¨\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "没有有效的地å€\n"
+
+#: g10/pkclist.c:1503
+#, fuzzy, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "密钥 %s:没有有效的用户标识\n"
+
+#: g10/pkclist.c:1528
+#, fuzzy, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "密钥 %s:没有有效的用户标识\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "æ•°æ®æœªè¢«ä¿å­˜ï¼›è¯·ç”¨â€œ--outputâ€é€‰é¡¹æ¥ä¿å­˜å®ƒä»¬\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "分离的签å。\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "请输入数æ®æ–‡ä»¶çš„å称: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "æ­£åœ¨ä»Žæ ‡å‡†è¾“å…¥è¯»å– ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "ä¸å«ç­¾åçš„æ•°æ®\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "无法打开有签åçš„æ•°æ®â€˜%s’\n"
+
+#: g10/plaintext.c:607
+#, fuzzy, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "无法打开有签åçš„æ•°æ®â€˜%s’\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "匿å收件者;正在å°è¯•ä½¿ç”¨ç§é’¥ %s ……\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "很好,我们就是匿å收件者。\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "ä¸æ”¯æŒæ—§å¼çš„ DEK ç¼–ç \n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "对称加密算法 %d%s 未知或已åœç”¨\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "注æ„:收件人的首选项中找ä¸åˆ°åŠ å¯†ç®—法 %s\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "注æ„:ç§é’¥ %s 已于 %s 过期\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "注æ„:密钥已被åŠé”€"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet 失败:%s\n"
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "密钥 %s:没有有效的用户标识\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "将被åŠé”€ï¼ŒåŠé”€è€…:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(这是一把æ•æ„Ÿçš„åŠé”€å¯†é’¥)\n"
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "è¦ä¸ºè¿™æŠŠå¯†é’¥å»ºç«‹ä¸€ä»½æŒ‡å®šåŠé”€è€…è¯ä¹¦å—?(y/N)"
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "已强行使用 ASCII å°è£…过的输出。\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet 失败: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "已建立åŠé”€è¯ä¹¦ã€‚\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "没有找到“%sâ€çš„åŠé”€å¯†é’¥\n"
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "找ä¸åˆ°ç§é’¥â€œ%sâ€ï¼š%s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "没有相对应的公钥:%s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "公钥与ç§é’¥ä¸å»åˆï¼\n"
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "è¦ä¸ºè¿™æŠŠå¯†é’¥å»ºç«‹ä¸€ä»½åŠé”€è¯ä¹¦å—?(y/N)"
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "未知的ä¿æŠ¤ç®—法\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "注æ„:这把密钥没有被ä¿æŠ¤ï¼\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"已建立åŠé”€è¯ä¹¦ã€‚\n"
+"\n"
+"请把这个文件转移到一个å¯éšè—èµ·æ¥çš„介质(如软盘)上;如果å人能够å–å¾—è¿™\n"
+"份è¯ä¹¦çš„è¯ï¼Œé‚£ä¹ˆä»–就能让您的密钥无法继续使用。把这份凭è¯æ‰“å°å‡ºæ¥å†è—\n"
+"到安全的地方也是很好的方法,以å…您的ä¿å­˜åª’体æŸæ¯è€Œæ— æ³•è¯»å–。但是åƒä¸‡\n"
+"å°å¿ƒï¼šæ‚¨çš„机器上的打å°ç³»ç»Ÿå¯èƒ½ä¼šåœ¨æ‰“å°è¿‡ç¨‹ä¸­æŠŠè¿™äº›æ•°æ®ä¸´æ—¶åœ¨æŸä¸ªå…¶ä»–\n"
+"人也能够看得到的地方ï¼\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "请选择åŠé”€çš„原因:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "å–消"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(也许您会想è¦åœ¨è¿™é‡Œé€‰æ‹© %d)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "请输入æè¿°(å¯é€‰);以空白行结æŸï¼š\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "åŠé”€åŽŸå› ï¼š%s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(ä¸ç»™å®šæè¿°)\n"
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "这样å¯ä»¥å—? (y/N)"
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "ç§é’¥éƒ¨åˆ†ä¸å¯ç”¨\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "ä¿æŠ¤ç®—法 %d%s 未被支æŒ\n"
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "ä¸æ”¯æŒä¿æŠ¤æ•£åˆ— %d\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "无效的密ç ï¼›è¯·å†è¯•ä¸€æ¬¡"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s……\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "警告:检测到弱密钥――请更æ¢å¯†ç ã€‚\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr "正在产生ç§é’¥ä¿æŠ¤ä½¿ç”¨çš„æ—§å¼ 16 ä½æ ¡éªŒå’Œ\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "建立了弱密钥――正在é‡è¯•\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr "对称加密无法é¿å…生æˆå¼±å¯†é’¥ï¼›å·²ç»å°è¯• %d 次ï¼\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr "DSA 需è¦æ•£åˆ—值长度为 8 ä½çš„å€æ•°\n"
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr "DSA 密钥 %s 使用ä¸å®‰å…¨çš„(%u ä½)的散列\n"
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr "DSA 密钥 %s éœ€è¦ %u ä½æˆ–更长的散列\n"
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "警告:签å散列值与报文ä¸ä¸€è‡´\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "警告:签åçš„å­é’¥ %s 未ç»äº¤å‰éªŒè¯\n"
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr "警告:签åçš„å­é’¥ %s 交å‰éªŒè¯æ— æ•ˆ\n"
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "公钥 %s 在其签ååŽ %lu 秒生æˆ\n"
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "公钥 %s 在其签ååŽ %lu 秒生æˆ\n"
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr "密钥 %s 是在 %lu 秒åŽçš„未æ¥ç”Ÿæˆçš„(å¯èƒ½æ˜¯å› ä¸ºæ—¶ç©ºæ‰­æ›²æˆ–时钟的问题)\n"
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr "密钥 %s 是在 %lu 秒åŽçš„未æ¥ç”Ÿæˆçš„(å¯èƒ½æ˜¯å› ä¸ºæ—¶ç©ºæ‰­æ›²æˆ–时钟的问题)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "注æ„:签å密钥 %s 已于 %s 过期\n"
+
+#: g10/sig-check.c:252
+#, fuzzy, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "注æ„:密钥已被åŠé”€"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr "å‡å®šå¯†é’¥ %s çš„ç­¾å由于æŸä¸ªæœªçŸ¥çš„关键ä½å‡ºé”™è€ŒæŸå\n"
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "密钥 %s:没有å­é’¥åŠé”€ç­¾å所需的å­é’¥\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "密钥 %s:没有å­é’¥ç»‘定签å所需的å­é’¥\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr "警告:注记 %% 无法扩展(太大了)。现在使用未扩展的。\n"
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr "警告:无法 %%-扩展策略 URL (太大了)。现在使用未扩展的。\n"
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr "警告:无法 %%-扩展首选公钥æœåŠ¡å™¨ URL (太大了)。现在使用未扩展的。\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "检查已建立的签åæ—¶å‘生错误: %s\n"
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s ç­¾åæ¥è‡ªï¼šâ€œ%sâ€\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "您在 --pgp2 模å¼ä¸‹åªèƒ½å¤Ÿä½¿ç”¨ PGP 2.x æ ·å¼çš„密钥æ¥åšåˆ†ç¦»ç­¾å\n"
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr "警告:强行使用的 %s (%d)散列算法ä¸åœ¨æ”¶ä»¶è€…的首选项中\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "正在签å:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "您在 --pgp2 模å¼ä¸‹åªèƒ½å¤Ÿä½¿ç”¨ PGP 2.x æ ·å¼çš„密钥æ¥åšæ˜Žæ–‡ç­¾å\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "%s 加密将被采用\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr "密钥未被标示为ä¸å®‰å…¨â€•â€•ä¸èƒ½ä¸Žå‡çš„éšæœºæ•°å‘生器共åŒä½¿ç”¨ï¼\n"
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "“%sâ€å·²è·³è¿‡ï¼šé‡å¤\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "“%sâ€å·²è·³è¿‡ï¼š%s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "已跳过:ç§é’¥å·²å­˜åœ¨\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr "这是一把由 PGP 生æˆçš„ ElGamal 密钥,用于签åä¸å®‰å…¨ï¼"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "信任记录 %lu,类别 %d:写入失败:%s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# 已指定的信任度的清å•ï¼Œå»ºç«‹äºŽ %s \n"
+"# (请用“gpg --import-ownertrustâ€å¯¼å…¥è¿™äº›ä¿¡ä»»åº¦)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "‘%s’中出错:%s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "列太长"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr "冒å·ç¼ºå¤±"
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "指纹无效"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "没有信任度"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "在‘%s’中寻找信任度记录时出错:%s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "读å–‘%s’错误:%s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "信任度数æ®åº“:åŒæ­¥å¤±è´¥ï¼š%s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "信任度数æ®åº“记录 %lu:lseek 失败:%s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "信任度数æ®åº“记录 %lu:write 失败 (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "信任度数æ®åº“处ç†é‡è¿‡å¤§\n"
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "无法存å–‘%s’:%s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s:目录ä¸å­˜åœ¨ï¼\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "ä¸èƒ½ä¸ºâ€˜%s’创建é”定\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "无法é”定‘%s’\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s:建立版本记录失败:%s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s:建立了无效的信任度数æ®åº“\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s:建立了信任度数æ®åº“\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "注æ„:信任度数æ®åº“ä¸å¯å†™å…¥\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s:无效的信任度数æ®åº“\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s:建立散列表失败:%s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s:更新版本记录时出错: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s:读å–版本记录时出错: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s:写入版本记录时出错:%s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "信任度数æ®åº“:lseek 失败:%s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "信任度数æ®åº“:read 失败(n=%d):%s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s:ä¸æ˜¯ä¸€ä¸ªä¿¡ä»»åº¦æ•°æ®åº“文件\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s:记录编å·ä¸º%lu的版本记录\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s:无效的文件版本%d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s:读å–自由记录时出错:%s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s:写入目录记录时出错:%s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s:记录归零时失败:%s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s:附加记录时失败:%s\n"
+
+#: g10/tdbio.c:1512
+#, fuzzy
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "%s:建立了信任度数æ®åº“\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "无法处ç†é•¿äºŽ %d 字符的文本行\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "输入行长度超过 %d 字符\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "‘%s’ä¸æ˜¯ä¸€ä¸ªæœ‰æ•ˆçš„é•¿å¼é’¥åŒ™å·\n"
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "密钥 %s:å—信任,已接å—\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "密钥 %s 在信任度数æ®åº“中é‡å¤å‡ºçŽ°\n"
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "密钥 %s:å—信任的密钥没有公钥――已跳过\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "密钥 %s 被标记为ç»å¯¹ä¿¡ä»»\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "信任记录 %lu,请求类别 %d:读å–失败:%s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "信任记录 %lu ä¸å±žäºŽæ‰€è¯·æ±‚的类别 %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr ""
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr ""
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr "无法使用未知的信任模型(%d)――å‡å®šä½¿ç”¨ %s 信任模型\n"
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr "使用 %s 信任模型\n"
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr "10 translator see trustdb.c:uid_trust_string_fixed"
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr "[å·²åŠé”€]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr "[已过期]"
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr "[ 未知 ]"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr "[未定义]"
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr "[ 勉强 ]"
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr "[ 完全 ]"
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr "[ ç»å¯¹ ]"
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr "未定义"
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr "从ä¸"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr "勉强"
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr "完全"
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr "ç»å¯¹"
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "ä¸éœ€è¦æ£€æŸ¥ä¿¡ä»»åº¦æ•°æ®åº“\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "下次信任度数æ®åº“检查将于 %s 进行\n"
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "使用‘%s’信任模型时ä¸éœ€è¦æ£€æŸ¥ä¿¡ä»»åº¦æ•°æ®åº“\n"
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "使用‘%s’信任模型时ä¸éœ€è¦æ›´æ–°ä¿¡ä»»åº¦æ•°æ®åº“\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "找ä¸åˆ°å…¬é’¥ %s:%s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "请执行一次 --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "正在检查信任度数æ®åº“\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "å·²ç»å¤„ç†äº† %d 把密钥(共计已解决了 %d 份的有效性)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "没有找到任何ç»å¯¹ä¿¡ä»»çš„密钥\n"
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "ç»å¯¹ä¿¡ä»»çš„密钥 %s 的公钥未被找到\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr "éœ€è¦ %d 份勉强信任和 %d 份完全信任,%s 信任模型\n"
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr ""
+"深度:%d 有效性:%3d 已签å:%3d 信任度:%d-,%dq,%dn,%dm,%df,%du\n"
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "无法更新信任度数æ®åº“版本记录:写入失败:%s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"ç­¾å无法被验è¯ã€‚\n"
+"请记ä½ç­¾å文件(.sig或.asc)\n"
+"应该是在命令行中给定的第一个文件。\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "输入行 %u 太长或者行末的æ¢è¡Œç¬¦ LF é—失\n"
+
+#: g10/verify.c:253
+#, fuzzy, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "无法打开‘%s’: %s\n"
+
+#: jnlib/argparse.c:180
+#, fuzzy
+msgid "argument not expected"
+msgstr "ä¸å…许使用管ç†å‘˜å‘½ä»¤\n"
+
+#: jnlib/argparse.c:182
+#, fuzzy
+msgid "read error"
+msgstr "文件读å–错误"
+
+#: jnlib/argparse.c:184
+#, fuzzy
+msgid "keyword too long"
+msgstr "列太长"
+
+#: jnlib/argparse.c:186
+#, fuzzy
+msgid "missing argument"
+msgstr "无效的å‚æ•°"
+
+#: jnlib/argparse.c:188
+#, fuzzy
+msgid "invalid command"
+msgstr "仅供管ç†å‘˜ä½¿ç”¨çš„命令\n"
+
+#: jnlib/argparse.c:190
+#, fuzzy
+msgid "invalid alias definition"
+msgstr "无效的列表选项\n"
+
+#: jnlib/argparse.c:192
+#, fuzzy
+msgid "out of core"
+msgstr "å¯é€‰"
+
+#: jnlib/argparse.c:194
+#, fuzzy
+msgid "invalid option"
+msgstr "无效的列表选项\n"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr ""
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr ""
+
+#: jnlib/argparse.c:207
+#, fuzzy, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "无效的指令(å°è¯•â€œhelpâ€)\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr ""
+
+#: jnlib/argparse.c:213
+#, fuzzy
+msgid "out of core\n"
+msgstr "å¯é€‰"
+
+#: jnlib/argparse.c:215
+#, fuzzy, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "无效的列表选项\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "您找到一个程åºç¼ºé™·äº†â€¦â€¦(%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, fuzzy, c-format
+msgid "error loading `%s': %s\n"
+msgstr "读å–‘%s’时出错:%s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr ""
+
+#: jnlib/utf8conv.c:131
+#, fuzzy, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "ç­¾å时失败: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, fuzzy, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "将‘%s’é‡å‘½å为‘%s’时失败:%s\n"
+
+#: jnlib/dotlock.c:234
+#, fuzzy, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "无法建立目录‘%s’:%s\n"
+
+#: jnlib/dotlock.c:269
+#, fuzzy, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "写入钥匙环‘%s’时出错: %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr ""
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr ""
+
+#: jnlib/dotlock.c:469
+#, fuzzy, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "等待‘%s’上的é”\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr ""
+
+#: jnlib/dotlock.c:493
+#, fuzzy, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "找ä¸åˆ°å…¬é’¥ %s:%s\n"
+
+#: jnlib/dotlock.c:501
+#, fuzzy, c-format
+msgid "waiting for lock %s...\n"
+msgstr "等待‘%s’上的é”\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr ""
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr ""
+
+#: kbx/kbxutil.c:117
+#, fuzzy
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "用法: gpg [选项] [文件] (用 -h 求助)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "RSA 余数缺失或者ä¸æ˜¯ %d ä½é•¿\n"
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "RSA 公钥指数缺失或长于 %d ä½\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "PIN 回调返回错误:%s\n"
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr ""
+
+#: scd/app-nks.c:1092
+#, fuzzy
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
+
+#: scd/app-nks.c:1093
+#, fuzzy
+msgid "||Please enter the PIN for the standard keys."
+msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
+
+#: scd/app-nks.c:1099
+#, fuzzy
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
+
+#: scd/app-nks.c:1101
+#, fuzzy
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr ""
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "获å–æ–° PIN 时出错:%s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "无法存储指纹:%s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "无法存储创建日期:%s\n"
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "无法读出公钥:%s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "å“应未包å«å…¬é’¥æ•°æ®\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "å“åº”æœªåŒ…å« RSA 余数\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "å“åº”æœªåŒ…å« RSA 公钥指数\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr ""
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+#, fuzzy
+msgid "||Please enter the PIN"
+msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "CHV%d çš„ PIN 太短;最å°é•¿åº¦ä¸º %d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "éªŒè¯ CHV%d 失败:%s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "从å¡ä¸­èŽ·å– CHV 状æ€æ—¶å‡ºé”™\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "å¡è¢«æ°¸ä¹…é”定ï¼\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr "å°è¯•ç®¡ç†å‘˜ PIN %d 次åŽï¼Œå¡å°†è¢«æ°¸ä¹…é”定ï¼\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, fuzzy, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
+
+#: scd/app-openpgp.c:1680
+#, fuzzy
+msgid "|A|Please enter the Admin PIN"
+msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "尚未é…置管ç†å‘˜å‘½ä»¤çš„æƒé™\n"
+
+#: scd/app-openpgp.c:2035
+#, fuzzy
+msgid "||Please enter the Reset Code for the card"
+msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, fuzzy, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "CHV%d çš„ PIN 太短;最å°é•¿åº¦ä¸º %d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr ""
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr "|AN|新的管ç†å‘˜ PIN"
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr "æ–°çš„ PIN"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "读å–应用程åºæ•°æ®æ—¶å‡ºé”™\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "读å–指纹 D0 出错\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "密钥已存在\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "现有的密钥将被替æ¢\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "生æˆæ–°å¯†é’¥\n"
+
+#: scd/app-openpgp.c:2202
+#, fuzzy
+msgid "writing new key\n"
+msgstr "生æˆæ–°å¯†é’¥\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr "缺少创建时间戳\n"
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr "RSA 质数 %s 缺失或者ä¸æ˜¯ %d ä½é•¿\n"
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "无法存储密钥:%s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "请ç¨å€™ï¼Œæ­£åœ¨ç”Ÿæˆå¯†é’¥â€¦â€¦\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "生æˆå¯†é’¥å¤±è´¥\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "密钥已生æˆ(耗时 %d 秒)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "无效的 OpenPGP å¡ç»“æž„(D0 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr ""
+
+#: scd/app-openpgp.c:3099
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "å¡ä¸æ”¯æŒæ•£åˆ—算法 %s\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "ç›®å‰å·²åˆ›å»ºçš„ç­¾å:%lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr "ç›®å‰ç¦æ­¢é€šè¿‡æ­¤å‘½ä»¤éªŒè¯ç®¡ç†å‘˜ PIN\n"
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "ä¸èƒ½å­˜å– %s――无效的 OpenPGP å¡ï¼Ÿ\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr ""
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+#, fuzzy
+msgid "|N|Initial New PIN"
+msgstr "æ–°çš„ PIN"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr ""
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr ""
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+#, fuzzy
+msgid "|FILE|write a log to FILE"
+msgstr "从‘%s’读å–选项\n"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr ""
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr ""
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr ""
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr ""
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr ""
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr ""
+
+#: scd/scdaemon.c:144
+#, fuzzy
+msgid "deny the use of admin card commands"
+msgstr "显示管ç†å‘˜å‘½ä»¤"
+
+#: scd/scdaemon.c:259
+#, fuzzy
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "用法: gpg [选项] [文件] (用 -h 求助)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr ""
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr ""
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr ""
+
+#: sm/base64.c:325
+#, fuzzy, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "跳过无效的 64 进制字符 %02x\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr ""
+
+#: sm/call-dirmngr.c:285
+#, fuzzy
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "GPG_AGENT_INFO 环境å˜é‡æ ¼å¼é”™è¯¯\n"
+
+#: sm/call-dirmngr.c:297
+#, fuzzy, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "ä¸æ”¯æŒ gpg-agent å议版本 %d\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr ""
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr ""
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr ""
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+msgid "shell"
+msgstr ""
+
+#: sm/certchain.c:258
+#, fuzzy, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "ä¸æ”¯æŒ gpg-agent å议版本 %d\n"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr ""
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr ""
+
+#: sm/certchain.c:345
+#, fuzzy, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "无法打开‘%s’:%s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr ""
+
+#: sm/certchain.c:357 sm/certchain.c:386
+#, fuzzy
+msgid "certificate policy not allowed"
+msgstr "ä¸å…许导出ç§é’¥\n"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr ""
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr ""
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr ""
+
+#: sm/certchain.c:585
+#, fuzzy, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "生æˆå¯†ç çš„时候å‘生错误:%s\n"
+
+#: sm/certchain.c:587
+#, fuzzy, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "无法读出公钥:%s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+#, fuzzy
+msgid "failed to allocated keyDB handle\n"
+msgstr "无法存储密钥:%s\n"
+
+#: sm/certchain.c:925
+#, fuzzy
+msgid "certificate has been revoked"
+msgstr "注æ„:密钥已被åŠé”€"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr ""
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr ""
+
+#: sm/certchain.c:953
+#, fuzzy, c-format
+msgid "checking the CRL failed: %s"
+msgstr "检查已建立的签åæ—¶å‘生错误: %s\n"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr ""
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+#, fuzzy
+msgid "root certificate not yet valid"
+msgstr "ä¸å…许导出ç§é’¥\n"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr ""
+
+#: sm/certchain.c:1012
+#, fuzzy
+msgid "certificate has expired"
+msgstr "这把密钥已ç»è¿‡æœŸï¼"
+
+#: sm/certchain.c:1013
+#, fuzzy
+msgid "root certificate has expired"
+msgstr "这把密钥已ç»è¿‡æœŸï¼"
+
+#: sm/certchain.c:1014
+#, fuzzy
+msgid "intermediate certificate has expired"
+msgstr "这把密钥已ç»è¿‡æœŸï¼"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr ""
+
+#: sm/certchain.c:1065
+#, fuzzy
+msgid "certificate with invalid validity"
+msgstr "这把密钥已ç»è¿‡æœŸï¼"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr ""
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr ""
+
+#: sm/certchain.c:1109
+#, fuzzy
+msgid " ( signature created at "
+msgstr " 清除的签å:%lu\n"
+
+#: sm/certchain.c:1110
+#, fuzzy
+msgid " (certificate created at "
+msgstr "已建立åŠé”€è¯ä¹¦ã€‚\n"
+
+#: sm/certchain.c:1113
+#, fuzzy
+msgid " (certificate valid from "
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: sm/certchain.c:1114
+#, fuzzy
+msgid " ( issuer valid from "
+msgstr "å¡åºåˆ—å· ="
+
+#: sm/certchain.c:1144
+#, fuzzy, c-format
+msgid "fingerprint=%s\n"
+msgstr "CA 指纹:"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr ""
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr ""
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr ""
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr ""
+
+#: sm/certchain.c:1293
+#, fuzzy
+msgid "no issuer found in certificate"
+msgstr "生æˆä¸€ä»½åŠé”€è¯ä¹¦"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr ""
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr ""
+
+#: sm/certchain.c:1448
+#, fuzzy, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "检查已建立的签åæ—¶å‘生错误: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr ""
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr ""
+
+#: sm/certchain.c:1522
+#, fuzzy
+msgid "certificate has a BAD signature"
+msgstr "验è¯ç­¾å"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr ""
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr ""
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "首选项‘%s’é‡å¤\n"
+
+#: sm/certchain.c:1645
+#, fuzzy
+msgid "intermediate certificate is good\n"
+msgstr "已建立åŠé”€è¯ä¹¦ã€‚\n"
+
+#: sm/certchain.c:1646
+#, fuzzy
+msgid "root certificate is good\n"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr ""
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr ""
+
+#: sm/certcheck.c:97
+#, fuzzy, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr "DSA 密钥 %s 使用ä¸å®‰å…¨çš„(%u ä½)的散列\n"
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr ""
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr ""
+
+#: sm/certdump.c:60 sm/certdump.c:143
+#, fuzzy
+msgid "none"
+msgstr "no"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+#, fuzzy
+msgid "[Error - invalid encoding]"
+msgstr "错误:无效的å“应。\n"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr ""
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr ""
+
+#: sm/certdump.c:679 sm/certdump.c:738
+#, fuzzy
+msgid "[Error - invalid DN]"
+msgstr "错误:无效的å“应。\n"
+
+#: sm/certdump.c:948
+#, fuzzy, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"您需è¦è¿™ä¸ªç”¨æˆ·çš„密ç æ¥è§£å¼€ç§é’¥ï¼š\n"
+"“%.*sâ€\n"
+"%u ä½çš„ %s å¯†é’¥ï¼Œé’¥åŒ™å· %s,建立于 %s%s\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr ""
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, fuzzy, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "å–得当å‰å¯†é’¥ä¿¡æ¯æ—¶å‡ºé”™ï¼š%s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr ""
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr ""
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr ""
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr ""
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr ""
+
+#: sm/certreqgen.c:474
+#, fuzzy, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "无效的‘%s’散列算法\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr ""
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr ""
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr ""
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr ""
+
+#: sm/certreqgen.c:534
+#, fuzzy, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "电å­é‚®ä»¶åœ°å€æ— æ•ˆ\n"
+
+#: sm/certreqgen.c:546
+#, fuzzy, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "建立钥匙环‘%s’时å‘生错误:%s\n"
+
+#: sm/certreqgen.c:558
+#, fuzzy, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "建立钥匙环‘%s’时å‘生错误:%s\n"
+
+#: sm/certreqgen.c:574
+#, fuzzy, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "生æˆå¯†é’¥å¤±è´¥ï¼š%s\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:158
+#, fuzzy, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA (仅用于签å)\n"
+
+#: sm/certreqgen-ui.c:159
+#, fuzzy, c-format
+msgid " (%d) Existing key\n"
+msgstr " (2) 加密密钥\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:202
+#, fuzzy
+msgid "Enter the keygrip: "
+msgstr "输入注记:"
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:212
+#, fuzzy
+msgid "No key with this keygrip\n"
+msgstr "没有索引为 %d çš„å­é’¥\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, fuzzy, c-format
+msgid "error reading the card: %s\n"
+msgstr "%s:读å–自由记录时出错:%s\n"
+
+#: sm/certreqgen-ui.c:233
+#, fuzzy, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "获å–æ–° PIN 时出错:%s\n"
+
+#: sm/certreqgen-ui.c:245
+#, fuzzy
+msgid "Available keys:\n"
+msgstr "ç¦ç”¨å¯†é’¥"
+
+#: sm/certreqgen-ui.c:276
+#, fuzzy, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "%s 密钥å¯èƒ½çš„æ“作:"
+
+#: sm/certreqgen-ui.c:277
+#, fuzzy, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) DSA (仅用于签å)\n"
+
+#: sm/certreqgen-ui.c:278
+#, fuzzy, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) DSA (仅用于签å)\n"
+
+#: sm/certreqgen-ui.c:279
+#, fuzzy, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) RSA (仅用于加密)\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr ""
+
+#: sm/certreqgen-ui.c:307
+#, fuzzy
+msgid "No subject name given\n"
+msgstr "(ä¸ç»™å®šæè¿°)\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr ""
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, fuzzy, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "无效的‘%s’散列算法\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr ""
+
+#: sm/certreqgen-ui.c:334
+#, fuzzy
+msgid "Enter email addresses"
+msgstr "电å­é‚®ä»¶åœ°å€ï¼š"
+
+#: sm/certreqgen-ui.c:335
+#, fuzzy
+msgid " (end with an empty line):\n"
+msgstr ""
+"\n"
+"输入用户标识。以空白行结æŸï¼š"
+
+#: sm/certreqgen-ui.c:339
+#, fuzzy
+msgid "Enter DNS names"
+msgstr "请输入新的文件å"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+#, fuzzy
+msgid " (optional; end with an empty line):\n"
+msgstr "请输入æè¿°(å¯é€‰);以空白行结æŸï¼š\n"
+
+#: sm/certreqgen-ui.c:344
+#, fuzzy
+msgid "Enter URIs"
+msgstr "输入 PIN:"
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr ""
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr ""
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr ""
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr ""
+
+#: sm/delete.c:51 sm/delete.c:112
+#, fuzzy, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "找ä¸åˆ°ç§é’¥â€œ%sâ€ï¼š%s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, fuzzy, c-format
+msgid "error locking keybox: %s\n"
+msgstr "读å–密钥区å—æ—¶å‘生错误:%s\n"
+
+#: sm/delete.c:143
+#, fuzzy, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "已建立åŠé”€è¯ä¹¦ã€‚\n"
+
+#: sm/delete.c:145
+#, fuzzy, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "首选项‘%s’é‡å¤\n"
+
+#: sm/delete.c:175
+#, fuzzy, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "删除密钥区å—时失败:%s\n"
+
+#: sm/encrypt.c:321
+#, fuzzy
+msgid "no valid recipients given\n"
+msgstr "(ä¸ç»™å®šæè¿°)\n"
+
+#: sm/gpgsm.c:197
+#, fuzzy
+msgid "list external keys"
+msgstr "列出ç§é’¥"
+
+#: sm/gpgsm.c:199
+#, fuzzy
+msgid "list certificate chain"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: sm/gpgsm.c:206
+#, fuzzy
+msgid "import certificates"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: sm/gpgsm.c:207
+#, fuzzy
+msgid "export certificates"
+msgstr "è¯ä¹¦å·²æŸå"
+
+#: sm/gpgsm.c:209
+#, fuzzy
+msgid "register a smartcard"
+msgstr "在智能å¡ä¸Šæ·»åŠ ä¸€æŠŠå¯†é’¥"
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr ""
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr ""
+
+#: sm/gpgsm.c:230
+#, fuzzy
+msgid "create base-64 encoded output"
+msgstr "è¾“å‡ºç» ASCII å°è£…"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr ""
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr ""
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr ""
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr ""
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr ""
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr ""
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr ""
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr ""
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr ""
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr ""
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr ""
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr ""
+
+#: sm/gpgsm.c:290
+#, fuzzy
+msgid "|FILE|write an audit log to FILE"
+msgstr "从‘%s’读å–选项\n"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr ""
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr ""
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr ""
+
+#: sm/gpgsm.c:298
+#, fuzzy
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "从这个钥匙环里å–用密钥"
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr ""
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr ""
+
+#: sm/gpgsm.c:329
+#, fuzzy
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "未知的对称加密算法"
+
+#: sm/gpgsm.c:331
+#, fuzzy
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "%s ç­¾å,散列算法 %s\n"
+
+#: sm/gpgsm.c:522
+#, fuzzy
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "用法: gpg [选项] [文件] (用 -h 求助)"
+
+#: sm/gpgsm.c:525
+#, fuzzy
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"语法:gpg [选项] [文件å]\n"
+"ç­¾åã€æ£€æŸ¥ã€åŠ å¯†æˆ–解密\n"
+"默认的æ“作ä¾è¾“入数æ®è€Œå®š\n"
+
+#: sm/gpgsm.c:617
+#, fuzzy
+msgid "usage: gpgsm [options] "
+msgstr "用法:gpg [选项] "
+
+#: sm/gpgsm.c:739
+#, fuzzy, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "无法连接至‘%s’:%s\n"
+
+#: sm/gpgsm.c:750
+#, fuzzy, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "未知的选项 '%s'\n"
+
+#: sm/gpgsm.c:801
+#, fuzzy, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "(ä¸ç»™å®šæè¿°)\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr ""
+
+#: sm/gpgsm.c:841
+#, fuzzy, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr " s = 跳过这把密钥\n"
+
+#: sm/gpgsm.c:1376
+#, fuzzy
+msgid "could not parse keyserver\n"
+msgstr "无法解æžå…¬é’¥æœåŠ¡å™¨ URL\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr ""
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr ""
+
+#: sm/gpgsm.c:1597
+#, fuzzy, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "无法存å–‘%s’:%s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr ""
+
+#: sm/import.c:111
+#, fuzzy, c-format
+msgid "total number processed: %lu\n"
+msgstr "åˆè®¡è¢«å¤„ç†çš„æ•°é‡ï¼š%lu\n"
+
+#: sm/import.c:230
+#, fuzzy
+msgid "error storing certificate\n"
+msgstr "生æˆä¸€ä»½åŠé”€è¯ä¹¦"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr ""
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+#, fuzzy
+msgid "failed to allocate keyDB handle\n"
+msgstr "无法存储密钥:%s\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, fuzzy, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "获å–æ–° PIN 时出错:%s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, fuzzy, c-format
+msgid "error importing certificate: %s\n"
+msgstr "生æˆå¯†ç çš„时候å‘生错误:%s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, fuzzy, c-format
+msgid "error reading input: %s\n"
+msgstr "读å–‘%s’时出错:%s\n"
+
+#: sm/keydb.c:187
+#, fuzzy, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "建立钥匙环‘%s’时å‘生错误:%s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr ""
+
+#: sm/keydb.c:195
+#, fuzzy, c-format
+msgid "keybox `%s' created\n"
+msgstr "钥匙环‘%s’已建立\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+#, fuzzy
+msgid "failed to get the fingerprint\n"
+msgstr "无法存储指纹:%s\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1348
+#, fuzzy, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "在‘%s’中寻找信任度记录时出错:%s\n"
+
+#: sm/keydb.c:1356
+#, fuzzy, c-format
+msgid "error storing certificate: %s\n"
+msgstr "å–得当å‰å¯†é’¥ä¿¡æ¯æ—¶å‡ºé”™ï¼š%s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr ""
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, fuzzy, c-format
+msgid "error storing flags: %s\n"
+msgstr "读å–‘%s’时出错:%s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr ""
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr ""
+
+#: sm/qualified.c:105
+#, fuzzy, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "错误:指纹格å¼æ— æ•ˆã€‚\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr ""
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr ""
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+
+#: sm/sign.c:449
+#, fuzzy, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "ä¿æŠ¤ç®—法 %d%s 未被支æŒ\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr ""
+
+#: sm/sign.c:513
+#, fuzzy, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "检查已建立的签åæ—¶å‘生错误: %s\n"
+
+#: sm/verify.c:449
+#, fuzzy
+msgid "Signature made "
+msgstr "ç­¾å建立于 %s\n"
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr ""
+
+#: sm/verify.c:454
+#, fuzzy, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr "å–得当å‰å¯†é’¥ä¿¡æ¯æ—¶å‡ºé”™ï¼š%s\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr ""
+
+#: sm/verify.c:594
+#, fuzzy
+msgid "Good signature from"
+msgstr "完好的签å,æ¥è‡ªäºŽâ€œ%sâ€"
+
+#: sm/verify.c:595
+#, fuzzy
+msgid " aka"
+msgstr " 亦å³â€œ%sâ€"
+
+#: sm/verify.c:613
+#, fuzzy
+msgid "This is a qualified signature\n"
+msgstr "这将是一个自身签å。\n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+#, fuzzy
+msgid "quiet"
+msgstr "quit"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:80
+#, fuzzy
+msgid "|FILE|run commands from FILE on startup"
+msgstr "从‘%s’读å–选项\n"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:184
+#, fuzzy
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "用法: gpg [选项] [文件] (用 -h 求助)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, fuzzy, c-format
+msgid "receiving line failed: %s\n"
+msgstr "无法读出公钥:%s\n"
+
+#: tools/gpg-connect-agent.c:1371
+#, fuzzy
+msgid "line too long - skipped\n"
+msgstr "列太长"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr ""
+
+#: tools/gpg-connect-agent.c:1743
+#, fuzzy, c-format
+msgid "unknown command `%s'\n"
+msgstr "未知的选项 '%s'\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, fuzzy, c-format
+msgid "sending line failed: %s\n"
+msgstr "ç­¾å时失败: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, fuzzy, c-format
+msgid "error sending %s command: %s\n"
+msgstr "读å–‘%s’时出错:%s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, fuzzy, c-format
+msgid "error sending standard options: %s\n"
+msgstr "在‘%s’中寻找信任度记录时出错:%s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr ""
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr ""
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr ""
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr ""
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr ""
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr ""
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr ""
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr ""
+
+#: tools/gpgconf-comp.c:557
+#, fuzzy
+msgid "|N|expire the passphrase after N days"
+msgstr "从导出的å­é’¥ä¸­åˆ é™¤æ‰€æœ‰å¯†ç "
+
+#: tools/gpgconf-comp.c:561
+#, fuzzy
+msgid "do not allow the reuse of old passphrases"
+msgstr "生æˆå¯†ç çš„时候å‘生错误:%s\n"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr ""
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+#, fuzzy
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|æŸç”²|为收件者“æŸç”²â€åŠ å¯†"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:688
+#, fuzzy
+msgid "|URL|use keyserver at URL"
+msgstr "无法解æžå…¬é’¥æœåŠ¡å™¨ URL\n"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr ""
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr ""
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr ""
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr ""
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr ""
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr ""
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr ""
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr ""
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr ""
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr ""
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr ""
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr ""
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr ""
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr ""
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr ""
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr ""
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr ""
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr ""
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr ""
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr ""
+
+#: tools/gpgconf.c:72
+#, fuzzy
+msgid "list global configuration file"
+msgstr "未知的é…置项‘%s’\n"
+
+#: tools/gpgconf.c:74
+#, fuzzy
+msgid "check global configuration file"
+msgstr "未知的é…置项‘%s’\n"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "指定输出文件"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr ""
+
+#: tools/gpgconf.c:105
+#, fuzzy
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "用法: gpg [选项] [文件] (用 -h 求助)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+#, fuzzy
+msgid "usage: gpgconf [options] "
+msgstr "用法:gpg [选项] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr ""
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+#, fuzzy
+msgid "Component not found"
+msgstr "找ä¸åˆ°å…¬é’¥"
+
+#: tools/gpgconf.c:284
+#, fuzzy
+msgid "No argument allowed"
+msgstr "ä¸å…许使用管ç†å‘˜å‘½ä»¤\n"
+
+#: tools/symcryptrun.c:154
+#, fuzzy
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@指令:\n"
+" "
+
+#: tools/symcryptrun.c:156
+#, fuzzy
+msgid "decryption modus"
+msgstr "解密æˆåŠŸ\n"
+
+#: tools/symcryptrun.c:157
+#, fuzzy
+msgid "encryption modus"
+msgstr "解密æˆåŠŸ\n"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr ""
+
+#: tools/symcryptrun.c:162
+#, fuzzy
+msgid "program filename"
+msgstr "--store [文件å]"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr ""
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr ""
+
+#: tools/symcryptrun.c:209
+#, fuzzy
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "用法: gpg [选项] [文件] (用 -h 求助)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+
+#: tools/symcryptrun.c:281
+#, fuzzy, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s ä¸å¯ä¸Ž %s 并用\n"
+
+#: tools/symcryptrun.c:288
+#, fuzzy, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "‘%s’的 fstat 在 %s 中出错:%s\n"
+
+#: tools/symcryptrun.c:314
+#, fuzzy, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "无法建立目录‘%s’:%s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:382
+#, fuzzy, c-format
+msgid "error writing to %s: %s\n"
+msgstr "写入钥匙环‘%s’时出错: %s\n"
+
+#: tools/symcryptrun.c:389
+#, fuzzy, c-format
+msgid "error reading from %s: %s\n"
+msgstr "读å–‘%s’时出错:%s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, fuzzy, c-format
+msgid "error closing %s: %s\n"
+msgstr "‘%s’中出错:%s\n"
+
+#: tools/symcryptrun.c:488
+#, fuzzy
+msgid "no --program option provided\n"
+msgstr "ä¸æ”¯æŒè¿œç¨‹è°ƒç”¨\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr ""
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr ""
+
+#: tools/symcryptrun.c:529
+#, fuzzy, c-format
+msgid "could not create pipe: %s\n"
+msgstr "无法建立‘%s’:%s\n"
+
+#: tools/symcryptrun.c:536
+#, fuzzy, c-format
+msgid "could not create pty: %s\n"
+msgstr "无法建立‘%s’:%s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr ""
+
+#: tools/symcryptrun.c:580
+#, fuzzy, c-format
+msgid "execv failed: %s\n"
+msgstr "更新失败:%s\n"
+
+#: tools/symcryptrun.c:609
+#, fuzzy, c-format
+msgid "select failed: %s\n"
+msgstr "删除密钥区å—时失败:%s\n"
+
+#: tools/symcryptrun.c:626
+#, fuzzy, c-format
+msgid "read failed: %s\n"
+msgstr "更新失败:%s\n"
+
+#: tools/symcryptrun.c:678
+#, fuzzy, c-format
+msgid "pty read failed: %s\n"
+msgstr "更新失败:%s\n"
+
+#: tools/symcryptrun.c:730
+#, fuzzy, c-format
+msgid "waitpid failed: %s\n"
+msgstr "更新失败:%s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr ""
+
+#: tools/symcryptrun.c:799
+#, fuzzy, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "ä¸èƒ½åˆ›å»ºå¤‡ä»½æ–‡ä»¶â€˜%s’:%s\n"
+
+#: tools/symcryptrun.c:812
+#, fuzzy, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "ä¸èƒ½åˆ›å»ºå¤‡ä»½æ–‡ä»¶â€˜%s’:%s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr ""
+
+#: tools/symcryptrun.c:1022
+#, fuzzy, c-format
+msgid "class %s is not supported\n"
+msgstr "ä¸æ”¯æŒä¿æŠ¤æ•£åˆ— %d\n"
+
+#: tools/gpg-check-pattern.c:145
+#, fuzzy
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "用法: gpg [选项] [文件] (用 -h 求助)"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+
+#~ msgid "Command> "
+#~ msgstr "命令> "
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr "信任度数æ®åº“å·²æŸå;请执行“gpg --fix-trustdbâ€ã€‚\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to <"
+#~ msgstr ""
+#~ "è¯·å‘ <gnupg-bugs@gnu.org> 报告程åºç¼ºé™·ã€‚\n"
+#~ "è¯·å‘ <zuxyhere@eastday.com> å映简体中文翻译的问题。\n"
+
+#, fuzzy
+#~ msgid "Please report bugs to "
+#~ msgstr ""
+#~ "è¯·å‘ <gnupg-bugs@gnu.org> 报告程åºç¼ºé™·ã€‚\n"
+#~ "è¯·å‘ <zuxyhere@eastday.com> å映简体中文翻译的问题。\n"
+
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "DSA 密钥对会有 %u ä½ã€‚\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "请å†è¾“入一次密ç \n"
+
+#, fuzzy
+#~ msgid "||Please enter your PIN at the reader's keypad%%0A[sigs done: %lu]"
+#~ msgstr "||请输入 PIN%%0A[完æˆçš„签字:%lu]"
+
+#~ msgid "|A|Admin PIN"
+#~ msgstr "|A|管ç†å‘˜ PIN"
+
+#, fuzzy
+#~ msgid "read options from file"
+#~ msgstr "从‘%s’读å–选项\n"
+
+#~ msgid "generate PGP 2.x compatible messages"
+#~ msgstr "生æˆä¸Ž PGP 2.x 兼容的报文"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[文件å]|生æˆä¸€ä»½ç­¾å"
+
+#, fuzzy
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[文件å]|生æˆä¸€ä»½æ˜Žæ–‡ç­¾å"
+
+#, fuzzy
+#~ msgid "use the default key as default recipient"
+#~ msgstr "已跳过:公钥已被设为默认收件者\n"
+
+#, fuzzy
+#~ msgid "force v3 signatures"
+#~ msgstr "检查签å"
+
+#, fuzzy
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "è¦æœ‰ç§é’¥æ‰èƒ½è¿™ä¹ˆåšã€‚\n"
+
+#, fuzzy
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|æŸç”²|为收件者“æŸç”²â€åŠ å¯†"
+
+#, fuzzy
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "未知的压缩算法"
+
+#, fuzzy
+#~ msgid "remove key from the public keyring"
+#~ msgstr "从公钥钥匙环里删除密钥"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "在这里指定的数值完全由您自己决定;这些数值永远ä¸ä¼šè¢«è¾“出给任何第三方。\n"
+#~ "我们需è¦å®ƒæ¥å®žçŽ°â€œä¿¡ä»»ç½‘络â€ï¼›è¿™è·Ÿéšå«å»ºç«‹èµ·æ¥çš„“验è¯ç½‘络â€æ— å…³ã€‚"
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "è¦å»ºç«‹èµ·ä¿¡ä»»ç½‘络,GnuPG 需è¦çŸ¥é“哪些密钥是å¯ç»å¯¹ä¿¡ä»»çš„――通常\n"
+#~ "就是您拥有ç§é’¥çš„那些密钥。回答“yesâ€å°†æ­¤å¯†é’¥è®¾æˆå¯ç»å¯¹ä¿¡ä»»çš„\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr "如果您无论如何è¦ä½¿ç”¨è¿™æŠŠæœªè¢«ä¿¡ä»»çš„密钥,请回答“yesâ€ã€‚"
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr "输入您è¦é€’é€çš„报文的接收者的用户标识。"
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the Digital Signature Algorithm and can only be used\n"
+#~ "for signatures.\n"
+#~ "\n"
+#~ "Elgamal is an encrypt-only algorithm.\n"
+#~ "\n"
+#~ "RSA may be used for signatures or encryption.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of signing."
+#~ msgstr ""
+#~ "选择使用的算法。\n"
+#~ "\n"
+#~ "DSA (ä¹Ÿå« DSS)å³â€œæ•°å­—ç­¾å算法â€(美国国家标准),åªèƒ½å¤Ÿç”¨ä½œç­¾å。\n"
+#~ "\n"
+#~ "Elgamal 是一ç§åªèƒ½ç”¨ä½œåŠ å¯†çš„算法。\n"
+#~ "\n"
+#~ "RSA å¯ä»¥ç”¨ä½œç­¾å或加密。\n"
+#~ "\n"
+#~ "第一把密钥(主钥)必须具有签å的能力。"
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "通常æ¥è¯´ç”¨åŒä¸€æŠŠå¯†é’¥ç­¾ååŠåŠ å¯†å¹¶ä¸æ˜¯ä¸ªå¥½ä¸»æ„。这个算法åªåœ¨ç‰¹å®šçš„情况\n"
+#~ "下使用。请先咨询安全方é¢çš„专家。"
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "请输入密钥的尺寸"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "请回答“yesâ€æˆ–“noâ€"
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "请输入æ示所è¦æ±‚的数值。\n"
+#~ "您å¯ä»¥è¾“å…¥ ISO 日期格å¼(YYYY-MM-DD),但是出错时您ä¸ä¼šå¾—到å‹å¥½çš„å“应\n"
+#~ "――系统会å°è¯•å°†ç»™å®šå€¼è§£é‡Šä¸ºæ—¶é—´é—´éš”。"
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "请输入密钥æŒæœ‰äººçš„åå­—"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr "请输入电å­é‚®ä»¶åœ°å€(å¯é€‰é¡¹ï¼Œä½†å¼ºçƒˆæŽ¨è使用)"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "请输入注释(å¯é€‰é¡¹)"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N 修改姓å。\n"
+#~ "C 修改注释。\n"
+#~ "E 修改电å­é‚®ä»¶åœ°å€ã€‚\n"
+#~ "O 继续产生密钥。\n"
+#~ "Q 中止产生密钥。"
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr "如果您å…许生æˆå­é’¥ï¼Œè¯·å›žç­”“yesâ€(或者“yâ€)。"
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "当您为æŸæŠŠå¯†é’¥ä¸ŠæŸä¸ªç”¨æˆ·æ ‡è¯†æ·»åŠ ç­¾å时,您必须首先验è¯è¿™æŠŠå¯†é’¥ç¡®å®žå±žäºŽ\n"
+#~ "ç½²å于它的用户标识上的那个人。了解到您曾多么谨慎地对此进行过验è¯ï¼Œå¯¹å…¶\n"
+#~ "他人是éžå¸¸æœ‰ç”¨çš„\n"
+#~ "\n"
+#~ "“0†表示您对您有多么仔细地验è¯è¿™æŠŠå¯†é’¥çš„问题ä¸è¡¨æ€ã€‚\n"
+#~ "\n"
+#~ "“1†表示您相信这把密钥属于那个声明是主人的人,但是您ä¸èƒ½æˆ–根本没有验\n"
+#~ " è¯è¿‡ã€‚如果您为一把属于类似虚拟人物的密钥签å,这个选择很有用。\n"
+#~ "\n"
+#~ "“2†表示您éšæ„地验è¯äº†é‚£æŠŠå¯†é’¥ã€‚例如,您验è¯äº†è¿™æŠŠå¯†é’¥çš„指纹,或比对\n"
+#~ " 照片验è¯äº†ç”¨æˆ·æ ‡è¯†ã€‚\n"
+#~ "\n"
+#~ "“3†表示您åšäº†å¤§é‡è€Œè¯¦å°½çš„验è¯å¯†é’¥å·¥ä½œã€‚例如,您åŒå¯†é’¥æŒæœ‰äººéªŒè¯äº†å¯†\n"
+#~ " 钥指纹,而且通过查验附带照片而难以伪造的è¯ä»¶(如护照)确认了密钥æŒ\n"
+#~ " 有人的姓å与密钥上的用户标识一致,最åŽæ‚¨è¿˜(通过电å­é‚®ä»¶å¾€æ¥)验è¯\n"
+#~ " 了密钥上的电å­é‚®ä»¶åœ°å€ç¡®å®žå±žäºŽå¯†é’¥æŒæœ‰äººã€‚\n"
+#~ "\n"
+#~ "请注æ„上述关于验è¯çº§åˆ« 2 å’Œ 3 的说明仅是例å­è€Œå·²ã€‚最终还是由您自己决定\n"
+#~ "当您为其他密钥签å时,什么是“éšæ„â€ï¼Œè€Œä»€ä¹ˆæ˜¯â€œå¤§é‡è€Œè¯¦å°½â€ã€‚\n"
+#~ "\n"
+#~ "如果您ä¸çŸ¥é“应该选什么答案的è¯ï¼Œå°±é€‰â€œ0â€ã€‚"
+
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "如果您想è¦ä¸ºæ‰€æœ‰ç”¨æˆ·æ ‡è¯†ç­¾åçš„è¯å°±é€‰â€œyesâ€"
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "如果您真的想è¦åˆ é™¤è¿™ä¸ªç”¨æˆ·æ ‡è¯†çš„è¯å°±å›žç­”“yesâ€ã€‚\n"
+#~ "所有相关认è¯åœ¨æ­¤ä¹‹åŽä¹Ÿä¼šä¸¢å¤±ï¼"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "如果å¯ä»¥åˆ é™¤è¿™æŠŠå­é’¥ï¼Œè¯·å›žç­”“yesâ€"
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "这是一份在这把密钥上有效的签å;通常您ä¸ä¼šæƒ³è¦åˆ é™¤è¿™ä»½ç­¾å,\n"
+#~ "因为è¦ä¸Žè¿™æŠŠå¯†é’¥æˆ–拥有这把密钥的签å的密钥建立认è¯å…³ç³»å¯èƒ½\n"
+#~ "相当é‡è¦ã€‚"
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "这份签å无法被检验,因为您没有相应的密钥。您应该暂缓删除它,\n"
+#~ "直到您知é“此签å使用了哪一把密钥;因为用æ¥ç­¾å的密钥å¯èƒ½ä¸Ž\n"
+#~ "其他已ç»éªŒè¯çš„密钥存在信任关系。"
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr "这份签å无效。应当把它从您的钥匙环里删除。"
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "这是一份将密钥与用户标识相è”系的签å。通常ä¸åº”删除这样的签å。\n"
+#~ "事实上,一旦删除,GnuPGå¯èƒ½ä»Žæ­¤å°±ä¸èƒ½å†ä½¿ç”¨è¿™æŠŠå¯†é’¥äº†ã€‚因此,\n"
+#~ "åªæœ‰åœ¨è¿™æŠŠå¯†é’¥çš„第一个自身签åå› æŸäº›åŽŸå› å¤±æ•ˆï¼Œè€Œæœ‰ç¬¬äºŒä¸ªè‡ªèº«ç­¾\n"
+#~ "å­—å¯ç”¨çš„情况下æ‰è¿™ä¹ˆåšã€‚"
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "用现有的首选项更新所有(或选定的)用户标识的首选项。所有å—å½±å“的自身签\n"
+#~ "字的时间戳都会增加一秒钟。\n"
+
+#~ msgid "Please enter the passhrase; this is a secret sentence \n"
+#~ msgstr "请输入密ç ï¼šè¿™æ˜¯ä¸€ä¸ªç§˜å¯†çš„å¥å­ \n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr "请å†æ¬¡è¾“入上次的密ç ï¼Œä»¥ç¡®å®šæ‚¨åˆ°åº•é”®å…¥äº†äº›ä»€ä¹ˆã€‚"
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "请给定è¦æ·»åŠ ç­¾å的文件å"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "如果å¯ä»¥è¦†ç›–这个文件,请回答“yesâ€"
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "请输入一个新的文件å。如果您直接按下了回车,那么就会使用显示在括\n"
+#~ "å·ä¸­çš„默认的文件å。"
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "您应该为这份åŠé”€è¯ä¹¦æŒ‡å®šä¸€ä¸ªåŽŸå› ã€‚æ ¹æ®æƒ…境的ä¸åŒï¼Œæ‚¨å¯ä»¥ä»Žä¸‹åˆ—清å•ä¸­\n"
+#~ "选出一项:\n"
+#~ " “密钥已泄æ¼â€\n"
+#~ " 如果您相信有æŸä¸ªæœªç»è®¸å¯çš„人已å–得了您的ç§é’¥ï¼Œè¯·é€‰æ­¤é¡¹ã€‚\n"
+#~ " “密钥已替æ¢â€\n"
+#~ " 如果您已用一把新密钥代替旧的,请选此项。\n"
+#~ " “密钥ä¸å†è¢«ä½¿ç”¨â€\n"
+#~ " 如果您已决定让这把密钥退休,请选此项\n"
+#~ " “用户标识ä¸å†æœ‰æ•ˆâ€\n"
+#~ " 如果这个用户标识ä¸å†è¢«ä½¿ç”¨äº†ï¼Œè¯·é€‰æ­¤é¡¹ï¼›è¿™é€šå¸¸ç”¨è¡¨æ˜ŽæŸä¸ªç”µå­é‚®\n"
+#~ " 件地å€å·²ä¸å†æœ‰æ•ˆã€‚\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "您也å¯ä»¥è¾“入一串文字,æè¿°å‘布这份åŠé”€è¯ä¹¦çš„ç†ç”±ã€‚请尽é‡ä½¿è¿™æ®µæ–‡\n"
+#~ "字简明扼è¦ã€‚\n"
+#~ "键入一空行以结æŸè¾“入。\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "无法在 v3 (PGP 2.xæ ·å¼)çš„ç­¾å内放入注记数æ®\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr "无法在 v3 (PGP 2.xæ ·å¼)的密钥签å内放入注记数æ®\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "无法在 v3 (PGP 2.xæ ·å¼)çš„ç­¾å内放入策略 URL\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr "无法在 v3 (PGP 2.xæ ·å¼)的密钥签å内放入策略 URL\n"
+
+#, fuzzy
+#~ msgid ""
+#~ "please see http://www.gnupg.org/download/iconv.html for more information\n"
+#~ msgstr "请访问 http://www.gnupg.org/faq.html 以获得更详细的信æ¯\n"
+
+#, fuzzy
+#~ msgid "key generation is not available from the commandline\n"
+#~ msgstr "gpg-agent 在此次èˆè¯ä¸­æ— æ³•ä½¿ç”¨\n"
+
+#, fuzzy
+#~ msgid "please use the script \"%s\" to generate a new key\n"
+#~ msgstr "请选择您è¦ä½¿ç”¨çš„密钥ç§ç±»ï¼š\n"
+
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr "对称加算密法扩展模å—‘%s’因为æƒé™ä¸å®‰å…¨è€Œæœªè¢«è½½å…¥\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA è¦æ±‚使用 160 ä½çš„散列算法\n"
+
+#, fuzzy
+#~ msgid ".\n"
+#~ msgstr "%s.\n"
+
+#~ msgid "problem with the agent - disabling agent use\n"
+#~ msgstr "代ç†ç¨‹åºæœ‰é—®é¢˜â€•â€•æ­£åœ¨åœç”¨ä»£ç†ç¨‹åº\n"
+
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "在批处ç†æ¨¡å¼ä¸­æ— æ³•æŸ¥è¯¢å¯†ç \n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "请输入密ç ï¼š"
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "请å†è¾“入一次密ç ï¼š"
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [用户标识] [钥匙环]"
+
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "当 pbits=%u 而 qbits=%u æ—¶ä¸èƒ½ç”Ÿæˆè´¨æ•°\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "少于 %d ä½æ—¶ä¸èƒ½ç”Ÿæˆè´¨æ•°\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "检测ä¸åˆ°ç†µæœé›†æ¨¡å—\n"
+
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "无法é”定‘%s’:%s\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "无法获得文件‘%s’的信æ¯ï¼š %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "‘%s’ä¸æ˜¯ä¸€ä¸ªæ™®é€šæ–‡ä»¶â€•â€•å·²å¿½ç•¥\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "注æ„:éšæœºæ•°ç§å­æ–‡ä»¶ä¸ºç©º\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr "警告:éšæœºæ•°ç§å­æ–‡ä»¶å¤§å°æ— æ•ˆâ€•â€•æœªä½¿ç”¨\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "无法读å–‘%s’:%s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "注æ„:éšæœºæ•°ç§å­æ–‡ä»¶æœªè¢«æ›´æ–°\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "无法写入‘%s’:%s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "无法关闭‘%s’:%s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "警告:正在使用ä¸å®‰å…¨çš„éšæœºæ•°å‘生器ï¼ï¼\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "使用这个éšæœºæ•°å­—å‘生器纯粹是为了使程åºç¼–译通过──它\n"
+#~ "根本就ä¸æ˜¯çœŸæ­£æ„义上的强éšæœºæ•°å‘生器ï¼\n"
+#~ "\n"
+#~ "ç»å¯¹ä¸è¦åœ¨çŽ°å®žä¸–界中使用这个程åºäº§ç”Ÿçš„任何数æ®ï¼ï¼\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "请ç¨å¾…片刻,系统此时正在æœé›†ç†µã€‚如果您觉得无èŠçš„è¯ï¼Œä¸å¦¨åšäº›\n"
+#~ "别的事——事实上这甚至能够让熵数的å“质更好。\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "éšæœºå­—节ä¸å¤Ÿå¤šã€‚请å†åšä¸€äº›å…¶ä»–çš„ç事,以使æ“作系统能æœé›†åˆ°æ›´å¤šçš„熵ï¼\n"
+#~ "(还需è¦%d字节)\n"
+
+#, fuzzy
+#~ msgid "card reader not available\n"
+#~ msgstr "ç§é’¥ä¸å¯ç”¨"
+
+#~ msgid "Please insert the card and hit return or enter 'c' to cancel: "
+#~ msgstr "请æ’å…¥å¡å¹¶å›žè½¦ï¼Œæˆ–输入‘c’æ¥å–消:"
+
+#~ msgid "Hit return when ready or enter 'c' to cancel: "
+#~ msgstr "就绪åŽè¯·å›žè½¦ï¼Œæˆ–输入‘c’å–消"
+
+#~ msgid "Enter New Admin PIN: "
+#~ msgstr "输入新的管ç†å‘˜ PIN:"
+
+#~ msgid "Enter New PIN: "
+#~ msgstr "输入新的 PIN:"
+
+#~ msgid "Enter Admin PIN: "
+#~ msgstr "输入管ç†å‘˜ PIN:"
+
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "注æ„:%s 本版本中ä¸å¯ç”¨\n"
+
+#, fuzzy
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr " 新用户标识:%lu\n"
+
+#~ msgid "no photo viewer set\n"
+#~ msgstr "没有设置照片查看程åº\n"
+
+#~ msgid "general error"
+#~ msgstr "常规错误"
+
+#~ msgid "unknown packet type"
+#~ msgstr "未知的包类型"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "未知的公钥算法"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "未知的散列算法"
+
+#~ msgid "bad public key"
+#~ msgstr "公钥已ç»æŸå"
+
+#~ msgid "bad secret key"
+#~ msgstr "ç§é’¥å·²ç»æŸå"
+
+#~ msgid "bad signature"
+#~ msgstr "ç­¾åå·²ç»æŸå"
+
+#~ msgid "checksum error"
+#~ msgstr "校验和错误"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "无法打开钥匙环"
+
+#~ msgid "invalid packet"
+#~ msgstr "无效包"
+
+#~ msgid "invalid armor"
+#~ msgstr "无效的 ASCII å°è£…æ ¼å¼"
+
+#~ msgid "no such user id"
+#~ msgstr "没有这个用户标识"
+
+#~ msgid "secret key not available"
+#~ msgstr "ç§é’¥ä¸å¯ç”¨"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "使用了错误的ç§é’¥"
+
+#~ msgid "not supported"
+#~ msgstr "未被支æŒ"
+
+#~ msgid "bad key"
+#~ msgstr "密钥已æŸå"
+
+#~ msgid "file write error"
+#~ msgstr "文件写入错误"
+
+#~ msgid "file open error"
+#~ msgstr "文件打开错误"
+
+#~ msgid "file create error"
+#~ msgstr "文件建立错误"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "无效的密ç "
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "未实现的公钥算法"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "未实现的对称加密算法"
+
+#~ msgid "unknown signature class"
+#~ msgstr "未知的签å等级"
+
+#~ msgid "trust database error"
+#~ msgstr "信任度数æ®åº“错误"
+
+#~ msgid "resource limit"
+#~ msgstr "资æºé™åˆ¶"
+
+#~ msgid "invalid keyring"
+#~ msgstr "无效的钥匙环"
+
+#~ msgid "malformed user id"
+#~ msgstr "被å˜é€ è¿‡çš„用户标识"
+
+#~ msgid "file close error"
+#~ msgstr "文件关闭错误"
+
+#~ msgid "file rename error"
+#~ msgstr "文件é‡å‘½å错误"
+
+#~ msgid "file delete error"
+#~ msgstr "文件删除错误"
+
+#~ msgid "unexpected data"
+#~ msgstr "éžé¢„期的数æ®"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "时间戳冲çª"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "无法使用的公钥算法"
+
+#~ msgid "file exists"
+#~ msgstr "文件已存在"
+
+#~ msgid "weak key"
+#~ msgstr "弱密钥"
+
+#~ msgid "bad URI"
+#~ msgstr "URI å·²æŸå"
+
+#~ msgid "unsupported URI"
+#~ msgstr "未被支æŒçš„ URI"
+
+#~ msgid "network error"
+#~ msgstr "网络错误"
+
+#~ msgid "not processed"
+#~ msgstr "未被处ç†"
+
+#~ msgid "unusable public key"
+#~ msgstr "ä¸å¯ç”¨çš„公钥"
+
+#~ msgid "unusable secret key"
+#~ msgstr "ä¸å¯ç”¨çš„ç§é’¥"
+
+#~ msgid "keyserver error"
+#~ msgstr "公钥æœåŠ¡å™¨é”™è¯¯"
+
+#~ msgid "no card"
+#~ msgstr "没有å¡"
+
+#~ msgid "no data"
+#~ msgstr "æ— æ•°æ®"
+
+#~ msgid "ERROR: "
+#~ msgstr "错误:"
+
+#~ msgid "WARNING: "
+#~ msgstr "警告:"
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "……这是个程åºç¼ºé™·(%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "警告:正在使用ä¸å®‰å…¨çš„内存ï¼\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "安全内存未åˆå§‹åŒ–,ä¸èƒ½è¿›è¡Œæ“作\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(您å¯èƒ½ä½¿ç”¨äº†é”™è¯¯çš„程åºæ¥å®Œæˆæ­¤é¡¹ä»»åŠ¡)\n"
diff --git a/po/zh_TW.gmo b/po/zh_TW.gmo
new file mode 100644
index 0000000..7fdbf4b
--- /dev/null
+++ b/po/zh_TW.gmo
Binary files differ
diff --git a/po/zh_TW.po b/po/zh_TW.po
new file mode 100644
index 0000000..f978eff
--- /dev/null
+++ b/po/zh_TW.po
@@ -0,0 +1,8907 @@
+# Traditional Chinese(zh-tw) messages for GnuPG
+# Copyright (C) 2002 Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# Jedi Lin <Jedi@Jedi.org>, 2003~2011.
+#
+# Special thanks to "Audrey Tang <audreyt@audreyt.org>".
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: GNU gnupg 2.0.17-git56b2bc2\n"
+"Report-Msgid-Bugs-To: translations@gnupg.org\n"
+"POT-Creation-Date: 2012-03-27 10:23+0200\n"
+"PO-Revision-Date: 2011-08-05 01:24+0800\n"
+"Last-Translator: Jedi Lin <Jedi@Jedi.org>\n"
+"Language-Team: Chinese (traditional) <zh-l10n@linux.org.tw>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Basepath: gnupg-2.0.17-git56b2bc2/\n"
+"X-Poedit-Language: Chinese\n"
+"X-Poedit-Country: TAIWAN\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+
+#: agent/call-pinentry.c:244
+#, c-format
+msgid "failed to acquire the pinentry lock: %s\n"
+msgstr "個人識別碼項目鎖定ç²å–失敗: %s\n"
+
+#. TRANSLATORS: These are labels for buttons etc used in
+#. Pinentries. An underscore indicates that the next letter
+#. should be used as an accelerator. Double the underscore for
+#. a literal one. The actual to be translated text starts after
+#. the second vertical bar.
+#: agent/call-pinentry.c:401
+msgid "|pinentry-label|_OK"
+msgstr "|pinentry-label|_OK"
+
+#: agent/call-pinentry.c:402
+msgid "|pinentry-label|_Cancel"
+msgstr "|pinentry-label|å–消 (_C)"
+
+#: agent/call-pinentry.c:403
+msgid "|pinentry-label|PIN:"
+msgstr "|pinentry-label|個人識別碼 (PIN):"
+
+#. TRANSLATORS: This string is displayed by Pinentry as the label
+#. for the quality bar.
+#: agent/call-pinentry.c:649
+msgid "Quality:"
+msgstr "å“質: %s"
+
+#. TRANSLATORS: This string is a tooltip, shown by pinentry when
+#. hovering over the quality bar. Please use an appropriate
+#. string to describe what this is about. The length of the
+#. tooltip is limited to about 900 characters. If you do not
+#. translate this entry, a default english text (see source)
+#. will be used.
+#: agent/call-pinentry.c:671
+msgid "pinentry.qualitybar.tooltip"
+msgstr ""
+"輸入在上é¢çš„文字的å“質.\n"
+"關於此è¦ç¯„的細節, 請洽你的系統管ç†è€…."
+
+#: agent/call-pinentry.c:716
+msgid ""
+"Please enter your PIN, so that the secret key can be unlocked for this "
+"session"
+msgstr "請輸入你的個人識別碼 (PIN) 以便在此階段作業中解開密鑰"
+
+#: agent/call-pinentry.c:719
+msgid ""
+"Please enter your passphrase, so that the secret key can be unlocked for "
+"this session"
+msgstr "請輸入你的密語以便在此階段作業中解開ç§é‘°"
+
+#: agent/call-pinentry.c:776
+#, c-format
+msgid "SETERROR %s (try %d of %d)"
+msgstr "設定錯誤 %s (第 %d 次嘗試, 最多 %d 次)"
+
+#: agent/call-pinentry.c:799 agent/call-pinentry.c:811
+msgid "PIN too long"
+msgstr "個人識別碼 (PIN) 太長"
+
+#: agent/call-pinentry.c:800
+msgid "Passphrase too long"
+msgstr "密語太長"
+
+#: agent/call-pinentry.c:808
+msgid "Invalid characters in PIN"
+msgstr "個人識別碼 (PIN) å«æœ‰ç„¡æ•ˆçš„字符"
+
+#: agent/call-pinentry.c:813
+msgid "PIN too short"
+msgstr "個人識別碼 (PIN) 太短"
+
+#: agent/call-pinentry.c:825
+msgid "Bad PIN"
+msgstr "ä¸è‰¯çš„個人識別碼 (PIN)"
+
+#: agent/call-pinentry.c:826
+msgid "Bad Passphrase"
+msgstr "ä¸è‰¯çš„密語"
+
+#: agent/call-pinentry.c:863
+msgid "Passphrase"
+msgstr "密語"
+
+#: agent/command-ssh.c:531
+#, c-format
+msgid "ssh keys greater than %d bits are not supported\n"
+msgstr "未支æ´å¤§æ–¼ %d ä½å…ƒçš„ ssh 金鑰\n"
+
+#: agent/command-ssh.c:690 g10/card-util.c:833 g10/exec.c:473 g10/gpg.c:1122
+#: g10/keygen.c:3394 g10/keygen.c:3427 g10/keyring.c:1237 g10/keyring.c:1569
+#: g10/openfile.c:275 g10/openfile.c:368 g10/sign.c:801 g10/sign.c:1110
+#: g10/tdbio.c:550 jnlib/dotlock.c:310
+#, c-format
+msgid "can't create `%s': %s\n"
+msgstr "無法建立 `%s': %s\n"
+
+#: agent/command-ssh.c:702 common/helpfile.c:47 g10/card-util.c:787
+#: g10/dearmor.c:60 g10/dearmor.c:107 g10/decrypt.c:70 g10/encode.c:194
+#: g10/encode.c:504 g10/gpg.c:1123 g10/import.c:192 g10/keygen.c:2877
+#: g10/keyring.c:1595 g10/openfile.c:192 g10/openfile.c:353
+#: g10/plaintext.c:511 g10/sign.c:783 g10/sign.c:978 g10/sign.c:1094
+#: g10/sign.c:1250 g10/tdbdump.c:142 g10/tdbdump.c:150 g10/tdbio.c:554
+#: g10/tdbio.c:618 g10/verify.c:99 g10/verify.c:162 sm/gpgsm.c:2044
+#: sm/gpgsm.c:2074 sm/gpgsm.c:2112 sm/gpgsm.c:2150 sm/qualified.c:66
+#, c-format
+msgid "can't open `%s': %s\n"
+msgstr "無法開啟 `%s': %s\n"
+
+#: agent/command-ssh.c:1708 agent/command-ssh.c:1726
+#, c-format
+msgid "error getting serial number of card: %s\n"
+msgstr "å–å¾—æ­¤å¡ç‰‡åºè™Ÿæ™‚出錯: %s\n"
+
+#: agent/command-ssh.c:1712
+#, c-format
+msgid "detected card with S/N: %s\n"
+msgstr "åµæ¸¬åˆ°å¡ç‰‡, å…¶åºè™Ÿç‚º: %s\n"
+
+#: agent/command-ssh.c:1717
+#, c-format
+msgid "error getting default authentication keyID of card: %s\n"
+msgstr "å–å¾—æ­¤å¡ç‰‡çš„é è¨­èªè­‰é‡‘é‘° ID 時出錯: %s\n"
+
+#: agent/command-ssh.c:1737
+#, c-format
+msgid "no suitable card key found: %s\n"
+msgstr "找ä¸åˆ°åˆé©çš„å¡ç‰‡é‡‘é‘°: %s\n"
+
+#: agent/command-ssh.c:1787
+#, c-format
+msgid "shadowing the key failed: %s\n"
+msgstr "é®è”½é‡‘鑰時失敗: %s\n"
+
+#: agent/command-ssh.c:1802
+#, c-format
+msgid "error writing key: %s\n"
+msgstr "寫入金鑰時出錯: %s\n"
+
+#: agent/command-ssh.c:2139
+#, c-format
+msgid ""
+"An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to "
+"allow this?"
+msgstr ""
+"有æŸå€‹ ssh 程åºæ出使用金鑰 %%0A %s%%0A (%s)%%0A 之請求, è«‹å•æ˜¯å¦å…許?"
+
+#: agent/command-ssh.c:2146
+msgid "Allow"
+msgstr "å…許"
+
+#: agent/command-ssh.c:2146
+msgid "Deny"
+msgstr "拒絕"
+
+#: agent/command-ssh.c:2155
+#, c-format
+msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)"
+msgstr "請輸入此 ssh 金鑰的密語 %%0A %F%%0A (%c)"
+
+#: agent/command-ssh.c:2484 agent/genkey.c:310 agent/genkey.c:432
+msgid "Please re-enter this passphrase"
+msgstr "è«‹å†æ¬¡è¼¸å…¥å¯†èªž"
+
+#: agent/command-ssh.c:2509
+#, c-format
+msgid ""
+"Please enter a passphrase to protect the received secret key%%0A %s%%0A %"
+"s%%0Awithin gpg-agent's key storage"
+msgstr ""
+"請輸入密語以ä¿è­·æ”¶åˆ°çš„ç§é‘° %%0A %s%%0A %s%%0A æ–¼ gpg-agent 的金鑰存放處"
+
+#: agent/command-ssh.c:2548 agent/genkey.c:340 agent/genkey.c:463
+#: tools/symcryptrun.c:436
+msgid "does not match - try again"
+msgstr "å‰å¾Œä¸ä¸€è‡´ - è«‹å†è©¦ä¸€æ¬¡"
+
+#: agent/command-ssh.c:3054
+#, c-format
+msgid "failed to create stream from socket: %s\n"
+msgstr "從 socket 建立串æµå¤±æ•—: %s\n"
+
+#: agent/divert-scd.c:92 g10/call-agent.c:923
+msgid "Please insert the card with serial number"
+msgstr "è«‹æ’入下列åºè™Ÿçš„å¡ç‰‡:"
+
+#: agent/divert-scd.c:93 g10/call-agent.c:924
+msgid "Please remove the current card and insert the one with serial number"
+msgstr "請移除ç¾ç”¨ä¸­çš„å¡ç‰‡ä¸¦æ’入下列åºè™Ÿçš„å¡ç‰‡:"
+
+#: agent/divert-scd.c:200
+msgid "Admin PIN"
+msgstr "管ç†è€…個人識別碼 (PIN)"
+
+#. TRANSLATORS: A PUK is the Personal Unblocking Code
+#. used to unblock a PIN.
+#: agent/divert-scd.c:205
+msgid "PUK"
+msgstr "PIN é‡è¨­ç¢¼ (PUK)"
+
+#: agent/divert-scd.c:212
+msgid "Reset Code"
+msgstr "é‡è¨­ç¢¼"
+
+#: agent/divert-scd.c:238
+#, c-format
+msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgstr "%s%%0A%%0A使用讀å¡æ©Ÿçš„éµç›¤ä¾†è¼¸å…¥."
+
+#: agent/divert-scd.c:287
+msgid "Repeat this Reset Code"
+msgstr "è«‹å†æ¬¡è¼¸å…¥é‡è¨­ç¢¼"
+
+#: agent/divert-scd.c:289
+msgid "Repeat this PUK"
+msgstr "è«‹å†æ¬¡è¼¸å…¥ PUK"
+
+#: agent/divert-scd.c:290
+msgid "Repeat this PIN"
+msgstr "è«‹å†æ¬¡è¼¸å…¥å€‹äººè­˜åˆ¥ç¢¼ (PIN)"
+
+#: agent/divert-scd.c:295
+msgid "Reset Code not correctly repeated; try again"
+msgstr "å‰å¾Œå…©æ¬¡è¼¸å…¥çš„é‡è¨­ç¢¼ä¸ä¸€è‡´; è«‹å†è©¦ä¸€æ¬¡"
+
+#: agent/divert-scd.c:297
+msgid "PUK not correctly repeated; try again"
+msgstr "å‰å¾Œå…©æ¬¡è¼¸å…¥çš„ PUK ä¸ä¸€è‡´; è«‹å†è©¦ä¸€æ¬¡"
+
+#: agent/divert-scd.c:298
+msgid "PIN not correctly repeated; try again"
+msgstr "å‰å¾Œå…©æ¬¡è¼¸å…¥çš„個人識別碼 (PIN) ä¸ä¸€è‡´; è«‹å†è©¦ä¸€æ¬¡"
+
+#: agent/divert-scd.c:310
+#, c-format
+msgid "Please enter the PIN%s%s%s to unlock the card"
+msgstr "請輸入個人識別碼 (PIN)%s%s%s 以解開å¡ç‰‡"
+
+#: agent/genkey.c:108 sm/certreqgen-ui.c:384 sm/export.c:638 sm/export.c:654
+#: sm/import.c:667 sm/import.c:692
+#, c-format
+msgid "error creating temporary file: %s\n"
+msgstr "建立暫存檔時出錯: %s\n"
+
+#: agent/genkey.c:115 sm/export.c:645 sm/import.c:675
+#, c-format
+msgid "error writing to temporary file: %s\n"
+msgstr "寫入暫存檔時出錯: %s\n"
+
+#: agent/genkey.c:153 agent/genkey.c:159
+msgid "Enter new passphrase"
+msgstr "請輸入新密語"
+
+#: agent/genkey.c:167
+msgid "Take this one anyway"
+msgstr "無論如何還是è¦ç”¨é€™å€‹"
+
+#: agent/genkey.c:193
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u character long."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
+"at least %u characters long."
+msgstr[0] "警告: 你輸入了ä¸å®‰å…¨çš„密語.%%0A密語至少得è¦æœ‰ %u 個字符長."
+
+#: agent/genkey.c:214
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
+"contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+"警告: 你輸入了ä¸å®‰å…¨çš„密語.%%0A密語至少得è¦å«æœ‰ %u 個數字或特別字符."
+
+#: agent/genkey.c:237
+#, c-format
+msgid ""
+"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
+"a known term or match%%0Acertain pattern."
+msgstr ""
+"警告: 你輸入了ä¸å®‰å…¨çš„密語.%%0A密語ä¸å¾—å«æœ‰å·²çŸ¥çš„è©žå½™, 亦ä¸å¾—與確知的樣å¼å»"
+"åˆ."
+
+#: agent/genkey.c:253
+#, c-format
+msgid ""
+"You have not entered a passphrase!%0AAn empty passphrase is not allowed."
+msgstr "你還沒有輸入密語!%0A空密語是ä¸è¡Œçš„."
+
+#: agent/genkey.c:255
+#, c-format
+msgid ""
+"You have not entered a passphrase - this is in general a bad idea!%0APlease "
+"confirm that you do not want to have any protection on your key."
+msgstr ""
+"你還沒有輸入密語 - 通常這å¯ä¸æ˜¯å€‹å¥½ä¸»æ„!%0A請確èªä½ ä¸æƒ³è¦å°ä½ çš„金鑰åšä»»ä½•ä¿"
+"è­·."
+
+#: agent/genkey.c:264
+msgid "Yes, protection is not needed"
+msgstr "是, ä¸éœ€è¦ä»»ä½•ä¿è­·"
+
+#: agent/genkey.c:308
+#, c-format
+msgid "Please enter the passphrase to%0Ato protect your new key"
+msgstr "請輸入密語至%0A以ä¿è­·ä½ çš„新金鑰"
+
+#: agent/genkey.c:431
+msgid "Please enter the new passphrase"
+msgstr "請輸入新的密語"
+
+#: agent/gpg-agent.c:121 agent/preset-passphrase.c:72 scd/scdaemon.c:103
+#: tools/gpg-check-pattern.c:70
+msgid ""
+"@Options:\n"
+" "
+msgstr ""
+"@é¸é …:\n"
+" "
+
+#: agent/gpg-agent.c:123 scd/scdaemon.c:105
+msgid "run in server mode (foreground)"
+msgstr "以伺æœå™¨æ¨¡å¼åŸ·è¡Œ (å‰æ™¯)"
+
+#: agent/gpg-agent.c:124 scd/scdaemon.c:108
+msgid "run in daemon mode (background)"
+msgstr "以æœå‹™æ¨¡å¼åŸ·è¡Œ (背景)"
+
+#: agent/gpg-agent.c:125 g10/gpg.c:488 g10/gpgv.c:71 kbx/kbxutil.c:88
+#: scd/scdaemon.c:109 sm/gpgsm.c:281 tools/gpg-connect-agent.c:69
+#: tools/gpgconf.c:80 tools/symcryptrun.c:166
+msgid "verbose"
+msgstr "囉唆模å¼"
+
+#: agent/gpg-agent.c:126 g10/gpgv.c:72 kbx/kbxutil.c:89 scd/scdaemon.c:110
+#: sm/gpgsm.c:282
+msgid "be somewhat more quiet"
+msgstr "盡é‡å®‰éœäº›"
+
+#: agent/gpg-agent.c:127 scd/scdaemon.c:111
+msgid "sh-style command output"
+msgstr "sh 樣å¼çš„指令輸出"
+
+#: agent/gpg-agent.c:128 scd/scdaemon.c:112
+msgid "csh-style command output"
+msgstr "csh 樣å¼çš„指令輸出"
+
+#: agent/gpg-agent.c:129 scd/scdaemon.c:113 sm/gpgsm.c:312
+#: tools/symcryptrun.c:169
+msgid "|FILE|read options from FILE"
+msgstr "|檔案|從「檔案ã€ä¸­è®€å–é¸é …"
+
+#: agent/gpg-agent.c:134 scd/scdaemon.c:123
+msgid "do not detach from the console"
+msgstr "ä¸è¦å¾ž console 分離"
+
+#: agent/gpg-agent.c:135
+msgid "do not grab keyboard and mouse"
+msgstr "ä¸è¦å¥ªå–éµç›¤åŠæ»‘é¼ "
+
+#: agent/gpg-agent.c:136 tools/symcryptrun.c:168
+msgid "use a log file for the server"
+msgstr "為伺æœå™¨ä½¿ç”¨æ—¥èªŒæª”"
+
+#: agent/gpg-agent.c:138
+msgid "use a standard location for the socket"
+msgstr "為 socket 使用標準的ä½ç½®"
+
+#: agent/gpg-agent.c:141
+msgid "|PGM|use PGM as the PIN-Entry program"
+msgstr "|PGM|使用 PGM åšç‚º PIN-Entry 程å¼"
+
+#: agent/gpg-agent.c:144
+msgid "|PGM|use PGM as the SCdaemon program"
+msgstr "|PGM|使用 PGM åšç‚º SCdaemon 程å¼"
+
+#: agent/gpg-agent.c:145
+msgid "do not use the SCdaemon"
+msgstr "ä¸è¦ä½¿ç”¨ SCdaemon"
+
+#: agent/gpg-agent.c:157
+msgid "ignore requests to change the TTY"
+msgstr "忽略變更 TTY çš„è¦æ±‚"
+
+#: agent/gpg-agent.c:159
+msgid "ignore requests to change the X display"
+msgstr "忽略變更 X display çš„è¦æ±‚"
+
+#: agent/gpg-agent.c:162
+msgid "|N|expire cached PINs after N seconds"
+msgstr "|N|讓快å–ä½çš„個人識別碼 (PIN) 在 N 秒後到期"
+
+#: agent/gpg-agent.c:175
+msgid "do not use the PIN cache when signing"
+msgstr "簽署時ä¸è¦ä½¿ç”¨å€‹äººè­˜åˆ¥ç¢¼ (PIN) å¿«å–"
+
+#: agent/gpg-agent.c:177
+msgid "allow clients to mark keys as \"trusted\""
+msgstr "å…許用戶端將金鑰標記為 \"已信任\""
+
+#: agent/gpg-agent.c:179
+msgid "allow presetting passphrase"
+msgstr "å…許é å…ˆè¨­å®šå¯†èªž"
+
+#: agent/gpg-agent.c:180
+msgid "enable ssh-agent emulation"
+msgstr "啟用 ssh-agent 模擬"
+
+#: agent/gpg-agent.c:182
+msgid "|FILE|write environment settings also to FILE"
+msgstr "|檔案|將環境設定也寫至「檔案ã€"
+
+#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
+#. reporting address. This is so that we can change the
+#. reporting address without breaking the translations.
+#: agent/gpg-agent.c:333 agent/preset-passphrase.c:94 agent/protect-tool.c:163
+#: g10/gpg.c:814 g10/gpgv.c:114 kbx/kbxutil.c:113 scd/scdaemon.c:246
+#: sm/gpgsm.c:519 tools/gpg-connect-agent.c:181 tools/gpgconf.c:102
+#: tools/symcryptrun.c:206 tools/gpg-check-pattern.c:141
+msgid "Please report bugs to <@EMAIL@>.\n"
+msgstr "翻譯瑕疵請回報給 <Jedi@Jedi.org>, 程å¼ç‘•ç–µå‰‡è«‹å›žå ±çµ¦ <@EMAIL@>.\n"
+
+#: agent/gpg-agent.c:342
+msgid "Usage: gpg-agent [options] (-h for help)"
+msgstr "用法: gpg-agent [é¸é …] (或用 -h 求助)"
+
+#: agent/gpg-agent.c:344
+msgid ""
+"Syntax: gpg-agent [options] [command [args]]\n"
+"Secret key management for GnuPG\n"
+msgstr ""
+"語法: gpg-agent [é¸é …] [指令 [引數]]\n"
+"GnuPG ç§é‘°ç®¡ç†\n"
+
+#: agent/gpg-agent.c:390 g10/gpg.c:1007 scd/scdaemon.c:318 sm/gpgsm.c:669
+#, c-format
+msgid "invalid debug-level `%s' given\n"
+msgstr "給定的除錯等級 `%s' 無效\n"
+
+#: agent/gpg-agent.c:610 agent/protect-tool.c:1033 kbx/kbxutil.c:428
+#: scd/scdaemon.c:424 sm/gpgsm.c:911 sm/gpgsm.c:914 tools/symcryptrun.c:998
+#: tools/gpg-check-pattern.c:177
+#, c-format
+msgid "%s is too old (need %s, have %s)\n"
+msgstr "%s 太舊了 (éœ€è¦ %s, 但是祇有 %s)\n"
+
+#: agent/gpg-agent.c:725 g10/gpg.c:2111 scd/scdaemon.c:510 sm/gpgsm.c:1010
+#, c-format
+msgid "NOTE: no default option file `%s'\n"
+msgstr "請注æ„: 沒有é è¨­é¸é …檔 `%s'\n"
+
+#: agent/gpg-agent.c:736 agent/gpg-agent.c:1348 g10/gpg.c:2115
+#: scd/scdaemon.c:515 sm/gpgsm.c:1014 tools/symcryptrun.c:931
+#, c-format
+msgid "option file `%s': %s\n"
+msgstr "é¸é …檔 `%s': %s\n"
+
+#: agent/gpg-agent.c:744 g10/gpg.c:2122 scd/scdaemon.c:523 sm/gpgsm.c:1021
+#, c-format
+msgid "reading options from `%s'\n"
+msgstr "從 `%s' 讀å–é¸é …中\n"
+
+#: agent/gpg-agent.c:1117 g10/plaintext.c:140 g10/plaintext.c:145
+#: g10/plaintext.c:162
+#, c-format
+msgid "error creating `%s': %s\n"
+msgstr "建立 `%s' 時出錯: %s\n"
+
+#: agent/gpg-agent.c:1461 agent/gpg-agent.c:1579 agent/gpg-agent.c:1583
+#: agent/gpg-agent.c:1624 agent/gpg-agent.c:1628 g10/exec.c:188
+#: g10/openfile.c:429 scd/scdaemon.c:1020
+#, c-format
+msgid "can't create directory `%s': %s\n"
+msgstr "無法建立目錄 `%s': %s\n"
+
+#: agent/gpg-agent.c:1475 scd/scdaemon.c:1034
+msgid "name of socket too long\n"
+msgstr "socket å稱太長\n"
+
+#: agent/gpg-agent.c:1498 scd/scdaemon.c:1057
+#, c-format
+msgid "can't create socket: %s\n"
+msgstr "無法建立 socket: %s\n"
+
+#: agent/gpg-agent.c:1507
+#, c-format
+msgid "socket name `%s' is too long\n"
+msgstr "socket å稱 `%s' 太長\n"
+
+#: agent/gpg-agent.c:1525
+msgid "a gpg-agent is already running - not starting a new one\n"
+msgstr "已經有一份 gpg-agent 在執行了 - ä¸æœƒå†å•Ÿå‹•ä¸€ä»½æ–°çš„\n"
+
+#: agent/gpg-agent.c:1536 scd/scdaemon.c:1076
+msgid "error getting nonce for the socket\n"
+msgstr "為 socket å–å¾— nonce 時出錯\n"
+
+#: agent/gpg-agent.c:1541 scd/scdaemon.c:1079
+#, c-format
+msgid "error binding socket to `%s': %s\n"
+msgstr "ç¶å®š socket 至 `%s' 時出錯: %s\n"
+
+#: agent/gpg-agent.c:1553 scd/scdaemon.c:1088
+#, c-format
+msgid "listen() failed: %s\n"
+msgstr "listen() 失敗: %s\n"
+
+#: agent/gpg-agent.c:1559 scd/scdaemon.c:1095
+#, c-format
+msgid "listening on socket `%s'\n"
+msgstr "æ­£åœ¨å€™è½ socket `%s'\n"
+
+#: agent/gpg-agent.c:1587 agent/gpg-agent.c:1634 g10/openfile.c:432
+#, c-format
+msgid "directory `%s' created\n"
+msgstr "`%s' 目錄已建立\n"
+
+#: agent/gpg-agent.c:1640
+#, c-format
+msgid "stat() failed for `%s': %s\n"
+msgstr "stat() 失敗於 `%s': %s\n"
+
+#: agent/gpg-agent.c:1644
+#, c-format
+msgid "can't use `%s' as home directory\n"
+msgstr "無法使用 `%s' åšç‚ºå®¶ç›®éŒ„\n"
+
+#: agent/gpg-agent.c:1777 scd/scdaemon.c:1111
+#, c-format
+msgid "error reading nonce on fd %d: %s\n"
+msgstr "æ–¼ fd %d è®€å– nonce 時出錯: %s\n"
+
+#: agent/gpg-agent.c:1799
+#, c-format
+msgid "handler 0x%lx for fd %d started\n"
+msgstr "ç¶“æ‰‹ç¨‹å¼ 0x%lx (用於 fd %d) 已啟動\n"
+
+#: agent/gpg-agent.c:1804
+#, c-format
+msgid "handler 0x%lx for fd %d terminated\n"
+msgstr "ç¶“æ‰‹ç¨‹å¼ 0x%lx (用於 fd %d) 已終止\n"
+
+#: agent/gpg-agent.c:1824
+#, c-format
+msgid "ssh handler 0x%lx for fd %d started\n"
+msgstr "ssh ç¶“æ‰‹ç¨‹å¼ 0x%lx (用於 fd %d) 已啟動\n"
+
+#: agent/gpg-agent.c:1829
+#, c-format
+msgid "ssh handler 0x%lx for fd %d terminated\n"
+msgstr "ssh ç¶“æ‰‹ç¨‹å¼ 0x%lx (用於 fd %d) 已終止\n"
+
+#: agent/gpg-agent.c:1973 scd/scdaemon.c:1248
+#, c-format
+msgid "pth_select failed: %s - waiting 1s\n"
+msgstr "pth_select 失敗: %s - ç­‰ 1 秒é˜\n"
+
+#: agent/gpg-agent.c:2096 scd/scdaemon.c:1315
+#, c-format
+msgid "%s %s stopped\n"
+msgstr "%s %s å·²åœæ­¢\n"
+
+#: agent/gpg-agent.c:2232
+msgid "no gpg-agent running in this session\n"
+msgstr "在此階段中沒有執行中的 gpg-agent\n"
+
+#: agent/gpg-agent.c:2243 common/simple-pwquery.c:352 common/asshelp.c:403
+#: tools/gpg-connect-agent.c:2168
+msgid "malformed GPG_AGENT_INFO environment variable\n"
+msgstr "被變造的 GPG_AGENT_INFO 環境變數\n"
+
+#: agent/gpg-agent.c:2256 common/simple-pwquery.c:364 common/asshelp.c:415
+#: tools/gpg-connect-agent.c:2179
+#, c-format
+msgid "gpg-agent protocol version %d is not supported\n"
+msgstr "gpg-agent å”定版本 %d 未被支æ´\n"
+
+#: agent/preset-passphrase.c:98
+msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
+msgstr "用法: gpg-preset-passphrase [é¸é …] 金鑰鑰柄 (或用 -h 求助)\n"
+
+#: agent/preset-passphrase.c:101
+msgid ""
+"Syntax: gpg-preset-passphrase [options] KEYGRIP\n"
+"Password cache maintenance\n"
+msgstr ""
+"語法: gpg-preset-passphrase [é¸é …] 金鑰鑰柄\n"
+"密碼快å–維護\n"
+
+#: agent/protect-tool.c:113 g10/gpg.c:373 kbx/kbxutil.c:71 sm/gpgsm.c:186
+#: tools/gpgconf.c:60
+msgid ""
+"@Commands:\n"
+" "
+msgstr ""
+"@指令:\n"
+" "
+
+#: agent/protect-tool.c:127 g10/gpg.c:441 g10/gpgv.c:69 kbx/kbxutil.c:81
+#: sm/gpgsm.c:226 tools/gpg-connect-agent.c:67 tools/gpgconf.c:77
+#: tools/symcryptrun.c:159
+msgid ""
+"@\n"
+"Options:\n"
+" "
+msgstr ""
+"@\n"
+"é¸é …:\n"
+" "
+
+#: agent/protect-tool.c:166
+msgid "Usage: gpg-protect-tool [options] (-h for help)\n"
+msgstr "用法: gpg-protect-tool [é¸é …] (或用 -h 求助)\n"
+
+#: agent/protect-tool.c:168
+msgid ""
+"Syntax: gpg-protect-tool [options] [args]\n"
+"Secret key maintenance tool\n"
+msgstr ""
+"語法: gpg-protect-tool [é¸é …] [引數]\n"
+"ç§é‘°ç¶­è­·å·¥å…·\n"
+
+#: agent/protect-tool.c:1162
+msgid "Please enter the passphrase to unprotect the PKCS#12 object."
+msgstr "請輸入密語來å–消 PKCS#12 物件的ä¿è­·."
+
+#: agent/protect-tool.c:1167
+msgid "Please enter the passphrase to protect the new PKCS#12 object."
+msgstr "請輸入密語來ä¿è­·æ–°çš„ PKCS#12 物件."
+
+#: agent/protect-tool.c:1173
+msgid ""
+"Please enter the passphrase to protect the imported object within the GnuPG "
+"system."
+msgstr "請輸入密語以ä¿è­·åŒ¯å…¥è‡³ GnuPG 系統內的物件."
+
+#: agent/protect-tool.c:1178
+msgid ""
+"Please enter the passphrase or the PIN\n"
+"needed to complete this operation."
+msgstr ""
+"請輸入完æˆé€™é …æ“作所需的\n"
+"密語或個人識別碼 (PIN)."
+
+#: agent/protect-tool.c:1183 tools/symcryptrun.c:437
+msgid "Passphrase:"
+msgstr "密語:"
+
+#: agent/protect-tool.c:1188 tools/symcryptrun.c:448
+msgid "cancelled\n"
+msgstr "å·²å–消\n"
+
+#: agent/protect-tool.c:1190 tools/symcryptrun.c:444
+#, c-format
+msgid "error while asking for the passphrase: %s\n"
+msgstr "è©¢å•å¯†èªžæ™‚出錯: %s\n"
+
+#: agent/trustlist.c:136 agent/trustlist.c:334
+#, c-format
+msgid "error opening `%s': %s\n"
+msgstr "開啟 `%s' 時出錯: %s\n"
+
+#: agent/trustlist.c:151 common/helpfile.c:63 common/helpfile.c:79
+#, c-format
+msgid "file `%s', line %d: %s\n"
+msgstr "檔案 `%s', 第 %d 列: %s\n"
+
+#: agent/trustlist.c:171 agent/trustlist.c:179
+#, c-format
+msgid "statement \"%s\" ignored in `%s', line %d\n"
+msgstr "命令 \"%s\" 忽略於 `%s', 第 %d 列\n"
+
+#: agent/trustlist.c:185
+#, c-format
+msgid "system trustlist `%s' not available\n"
+msgstr "沒有系統信任清單 `%s' å¯ç”¨\n"
+
+#: agent/trustlist.c:229
+#, c-format
+msgid "bad fingerprint in `%s', line %d\n"
+msgstr "ä¸è‰¯çš„指紋於 `%s', 第 %d 列\n"
+
+#: agent/trustlist.c:254 agent/trustlist.c:261
+#, c-format
+msgid "invalid keyflag in `%s', line %d\n"
+msgstr "無效的金鑰旗標於 `%s', 第 %d 列\n"
+
+#: agent/trustlist.c:295 common/helpfile.c:126
+#, c-format
+msgid "error reading `%s', line %d: %s\n"
+msgstr "è®€å– `%s' 時出錯, 第 %d 列: %s\n"
+
+#: agent/trustlist.c:400 agent/trustlist.c:450
+msgid "error reading list of trusted root certificates\n"
+msgstr "讀å–已信任根憑證清單時出錯\n"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry
+#. and has one special property: A "%%0A" is used by
+#. Pinentry to insert a line break. The double
+#. percent sign is actually needed because it is also
+#. a printf format string. If you need to insert a
+#. plain % sign, you need to encode it as "%%25". The
+#. "%s" gets replaced by the name as stored in the
+#. certificate.
+#: agent/trustlist.c:611
+#, c-format
+msgid ""
+"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
+"certificates?"
+msgstr "è«‹å•ä½ æ˜¯å¦å¾¹åº•ä¿¡ä»»%%0A \"%s\"%%0A正確驗證使用者憑證的能力?"
+
+#: agent/trustlist.c:620 common/audit.c:467
+msgid "Yes"
+msgstr "Yes"
+
+#: agent/trustlist.c:620 common/audit.c:469
+msgid "No"
+msgstr "No"
+
+#. TRANSLATORS: This prompt is shown by the Pinentry and has
+#. one special property: A "%%0A" is used by Pinentry to
+#. insert a line break. The double percent sign is actually
+#. needed because it is also a printf format string. If you
+#. need to insert a plain % sign, you need to encode it as
+#. "%%25". The second "%s" gets replaced by a hexdecimal
+#. fingerprint string whereas the first one receives the name
+#. as stored in the certificate.
+#: agent/trustlist.c:654
+#, c-format
+msgid ""
+"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
+"fingerprint:%%0A %s"
+msgstr "請驗證憑證與此完全相åŒ:%%0A \"%s\"%%0A其指紋為:%%0A %s"
+
+#. TRANSLATORS: "Correct" is the label of a button and intended
+#. to be hit if the fingerprint matches the one of the CA. The
+#. other button is "the default "Cancel" of the Pinentry.
+#: agent/trustlist.c:668
+msgid "Correct"
+msgstr "正確"
+
+#: agent/trustlist.c:668
+msgid "Wrong"
+msgstr "錯了"
+
+#: agent/findkey.c:157
+#, c-format
+msgid "Note: This passphrase has never been changed.%0APlease change it now."
+msgstr "請注æ„: 密語從未變更éŽ.%0Aè«‹ç¾åœ¨å°±è®Šæ›´."
+
+#: agent/findkey.c:173
+#, c-format
+msgid ""
+"This passphrase has not been changed%%0Asince %.4s-%.2s-%.2s. Please change "
+"it now."
+msgstr "密語從下列時刻起就沒有變更éŽ:%%0A%.4s-%.2s-%.2s. è«‹ç¾åœ¨å°±è®Šæ›´."
+
+#: agent/findkey.c:187 agent/findkey.c:194
+msgid "Change passphrase"
+msgstr "更改密語"
+
+#: agent/findkey.c:195
+msgid "I'll change it later"
+msgstr "我ç¨å¾Œå†è®Šæ›´"
+
+#: common/exechelp.c:528 common/exechelp.c:625 tools/gpgconf-comp.c:1475
+#: tools/gpgconf-comp.c:1814
+#, c-format
+msgid "error creating a pipe: %s\n"
+msgstr "建立管é“時出錯: %s\n"
+
+#: common/exechelp.c:599 common/exechelp.c:658
+#, c-format
+msgid "can't fdopen pipe for reading: %s\n"
+msgstr "無法將管é“打開æµä»¥è®€å–: %s\n"
+
+#: common/exechelp.c:637 common/exechelp.c:765 common/exechelp.c:1002
+#, c-format
+msgid "error forking process: %s\n"
+msgstr "è¡ç”ŸåŸ·è¡Œç¨‹åºæ™‚出錯: %s\n"
+
+#: common/exechelp.c:811 common/exechelp.c:864
+#, c-format
+msgid "waiting for process %d to terminate failed: %s\n"
+msgstr "等候 %d 處ç†ç¨‹åºçµ‚止時失敗: %s\n"
+
+#: common/exechelp.c:819
+#, c-format
+msgid "error getting exit code of process %d: %s\n"
+msgstr "å–å¾— %d 執行程åºçµæŸç¢¼æ™‚出錯: %s\n"
+
+#: common/exechelp.c:825 common/exechelp.c:877
+#, c-format
+msgid "error running `%s': exit status %d\n"
+msgstr "執行 `%s' 時出錯: çµæŸç‹€æ…‹ %d\n"
+
+#: common/exechelp.c:870
+#, c-format
+msgid "error running `%s': probably not installed\n"
+msgstr "執行 `%s' 時出錯: å¯èƒ½å°šæœªå®‰è£\n"
+
+#: common/exechelp.c:885
+#, c-format
+msgid "error running `%s': terminated\n"
+msgstr "執行 `%s' 時出錯: 已終止\n"
+
+#: common/http.c:1674
+#, c-format
+msgid "error creating socket: %s\n"
+msgstr "建立 socket 時出錯: %s\n"
+
+#: common/http.c:1718
+msgid "host not found"
+msgstr "找ä¸åˆ°ä¸»æ©Ÿ"
+
+#: common/simple-pwquery.c:338
+msgid "gpg-agent is not available in this session\n"
+msgstr "gpg-agent 在此階段無法使用\n"
+
+#: common/simple-pwquery.c:395
+#, c-format
+msgid "can't connect to `%s': %s\n"
+msgstr "無法連接至 `%s': %s\n"
+
+#: common/simple-pwquery.c:406
+msgid "communication problem with gpg-agent\n"
+msgstr "與 gpg-agent çš„æºé€šå•é¡Œ\n"
+
+#: common/simple-pwquery.c:416
+msgid "problem setting the gpg-agent options\n"
+msgstr "設定 gpg-agent é¸é …時發生å•é¡Œ\n"
+
+#: common/simple-pwquery.c:579 common/simple-pwquery.c:675
+msgid "canceled by user\n"
+msgstr "由使用者å–消\n"
+
+#: common/simple-pwquery.c:594 common/simple-pwquery.c:681
+msgid "problem with the agent\n"
+msgstr "代ç†ç¨‹å¼çš„å•é¡Œ\n"
+
+#: common/sysutils.c:105
+#, c-format
+msgid "can't disable core dumps: %s\n"
+msgstr "無法讓系統åœæ­¢å‚¾å°æ ¸å¿ƒæª”: %s\n"
+
+#: common/sysutils.c:200
+#, c-format
+msgid "Warning: unsafe ownership on %s \"%s\"\n"
+msgstr "警告: %s 的所有權 \"%s\" 並ä¸å®‰å…¨\n"
+
+#: common/sysutils.c:232
+#, c-format
+msgid "Warning: unsafe permissions on %s \"%s\"\n"
+msgstr "警告: %s çš„æ¬Šé™ \"%s\" 並ä¸å®‰å…¨\n"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:35 common/yesno.c:72
+msgid "yes"
+msgstr "yes"
+
+#: common/yesno.c:36 common/yesno.c:77
+msgid "yY"
+msgstr "yY"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:38 common/yesno.c:74
+msgid "no"
+msgstr "no"
+
+#: common/yesno.c:39 common/yesno.c:78
+msgid "nN"
+msgstr "nN"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:76
+msgid "quit"
+msgstr "quit"
+
+#: common/yesno.c:79
+msgid "qQ"
+msgstr "qQ"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:113
+msgid "okay|okay"
+msgstr "okay|okay"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: common/yesno.c:115
+msgid "cancel|cancel"
+msgstr "cancel|cancel"
+
+#: common/yesno.c:116
+msgid "oO"
+msgstr "oO"
+
+#: common/yesno.c:117
+msgid "cC"
+msgstr "cC"
+
+#: common/miscellaneous.c:77
+#, c-format
+msgid "out of core in secure memory while allocating %lu bytes"
+msgstr "在安全記憶體é…ç½® %lu ä½å…ƒçµ„時超出核心"
+
+#: common/miscellaneous.c:80
+#, c-format
+msgid "out of core while allocating %lu bytes"
+msgstr "é…ç½® %lu ä½å…ƒçµ„時超出核心"
+
+#: common/asshelp.c:293 tools/gpg-connect-agent.c:2129
+msgid "no running gpg-agent - starting one\n"
+msgstr "沒有執行中的 gpg-agent - 正在啟動一份\n"
+
+#: common/asshelp.c:349
+#, c-format
+msgid "waiting %d seconds for the agent to come up\n"
+msgstr "必須等候 %d 秒讓代ç†ç¨‹å¼å‡ºç¾\n"
+
+#: common/asshelp.c:426
+msgid "can't connect to the agent - trying fall back\n"
+msgstr "無法連線至代ç†ç¨‹å¼ - 正試著退回\n"
+
+#. TRANSLATORS: Copy the prefix between the vertical bars
+#. verbatim. It will not be printed.
+#: common/audit.c:474
+msgid "|audit-log-result|Good"
+msgstr "|audit-log-result|良好"
+
+#: common/audit.c:477
+msgid "|audit-log-result|Bad"
+msgstr "|audit-log-result|ä¸è‰¯"
+
+#: common/audit.c:479
+msgid "|audit-log-result|Not supported"
+msgstr "|audit-log-result|ä¸æ”¯æ´"
+
+#: common/audit.c:481
+msgid "|audit-log-result|No certificate"
+msgstr "|audit-log-result|沒有憑證"
+
+#: common/audit.c:483
+msgid "|audit-log-result|Not enabled"
+msgstr "|audit-log-result|未啟用"
+
+#: common/audit.c:485
+msgid "|audit-log-result|Error"
+msgstr "|audit-log-result|錯誤"
+
+#: common/audit.c:487
+msgid "|audit-log-result|Not used"
+msgstr "|audit-log-result|未使用"
+
+#: common/audit.c:489
+msgid "|audit-log-result|Okay"
+msgstr "|audit-log-result|æ²’å•é¡Œ"
+
+#: common/audit.c:491
+msgid "|audit-log-result|Skipped"
+msgstr "|audit-log-result|已跳éŽ"
+
+#: common/audit.c:493
+msgid "|audit-log-result|Some"
+msgstr "|audit-log-result|有些"
+
+#: common/audit.c:726
+msgid "Certificate chain available"
+msgstr "有å¯ç”¨çš„憑證éˆ"
+
+#: common/audit.c:733
+msgid "root certificate missing"
+msgstr "根憑證éºå¤±"
+
+#: common/audit.c:759
+msgid "Data encryption succeeded"
+msgstr "資料已加密æˆåŠŸ"
+
+#: common/audit.c:764 common/audit.c:830 common/audit.c:906 common/audit.c:997
+msgid "Data available"
+msgstr "有å¯ç”¨çš„資料"
+
+#: common/audit.c:767
+msgid "Session key created"
+msgstr "階段金鑰已建立"
+
+#: common/audit.c:772 common/audit.c:912 common/audit.c:919
+#, c-format
+msgid "algorithm: %s"
+msgstr "演算法: %s"
+
+#: common/audit.c:774 common/audit.c:776 common/audit.c:921 common/audit.c:923
+#, c-format
+msgid "unsupported algorithm: %s"
+msgstr "未支æ´çš„演算法: %s"
+
+#: common/audit.c:778 common/audit.c:925
+msgid "seems to be not encrypted"
+msgstr "看起來未加密"
+
+#: common/audit.c:784 common/audit.c:933
+msgid "Number of recipients"
+msgstr "收件者數é‡"
+
+#: common/audit.c:792 common/audit.c:956
+#, c-format
+msgid "Recipient %d"
+msgstr "收件者 %d"
+
+#: common/audit.c:825
+msgid "Data signing succeeded"
+msgstr "資料已簽署æˆåŠŸ"
+
+#: common/audit.c:839 common/audit.c:1033 common/audit.c:1060
+#, c-format
+msgid "data hash algorithm: %s"
+msgstr "資料雜湊演算法: %s"
+
+#: common/audit.c:862
+#, c-format
+msgid "Signer %d"
+msgstr "簽署者 %d"
+
+#: common/audit.c:866 common/audit.c:1065
+#, c-format
+msgid "attr hash algorithm: %s"
+msgstr "屬性雜湊演算法: %s"
+
+#: common/audit.c:901
+msgid "Data decryption succeeded"
+msgstr "資料已解密æˆåŠŸ"
+
+#: common/audit.c:910
+msgid "Encryption algorithm supported"
+msgstr "支æ´çš„加密演算法"
+
+#: common/audit.c:993
+msgid "Data verification succeeded"
+msgstr "資料驗證æˆåŠŸ"
+
+#: common/audit.c:1002
+msgid "Signature available"
+msgstr "有å¯ç”¨çš„簽章"
+
+#: common/audit.c:1024
+msgid "Parsing data succeeded"
+msgstr "剖æžè³‡æ–™æˆåŠŸ"
+
+#: common/audit.c:1036
+#, c-format
+msgid "bad data hash algorithm: %s"
+msgstr "ä¸è‰¯çš„資料雜湊演算法: %s"
+
+#: common/audit.c:1051
+#, c-format
+msgid "Signature %d"
+msgstr "簽章 %d"
+
+#: common/audit.c:1079
+msgid "Certificate chain valid"
+msgstr "憑證éˆæœ‰æ•ˆ"
+
+#: common/audit.c:1090
+msgid "Root certificate trustworthy"
+msgstr "根憑證å¯ä¿¡è³´"
+
+#: common/audit.c:1111 sm/certchain.c:935
+msgid "no CRL found for certificate"
+msgstr "找ä¸åˆ°ç”¨æ–¼æ†‘證的 CRL"
+
+#: common/audit.c:1114 sm/certchain.c:945
+msgid "the available CRL is too old"
+msgstr "å¯ç”¨çš„ CRL 太舊了"
+
+#: common/audit.c:1119
+msgid "CRL/OCSP check of certificates"
+msgstr "CRL/OCSP 憑證檢查"
+
+#: common/audit.c:1139
+msgid "Included certificates"
+msgstr "包å«åœ¨å…§çš„憑證"
+
+#: common/audit.c:1194
+msgid "No audit log entries."
+msgstr "沒有稽核日誌項目."
+
+#: common/audit.c:1243
+msgid "Unknown operation"
+msgstr "未知的æ“作"
+
+#: common/audit.c:1261
+msgid "Gpg-Agent usable"
+msgstr "Gpg-Agent å¯ä»¥ä½¿ç”¨"
+
+#: common/audit.c:1271
+msgid "Dirmngr usable"
+msgstr "Dirmngr å¯ä»¥ä½¿ç”¨"
+
+#: common/audit.c:1307
+#, c-format
+msgid "No help available for `%s'."
+msgstr "`%s' 沒有å¯ç”¨çš„說明."
+
+#: common/helpfile.c:80
+msgid "ignoring garbage line"
+msgstr "忽略垃圾列"
+
+#: common/gettime.c:503
+msgid "[none]"
+msgstr "[ ç„¡ ]"
+
+#: g10/armor.c:379
+#, c-format
+msgid "armor: %s\n"
+msgstr "å°è£: %s\n"
+
+#: g10/armor.c:418
+msgid "invalid armor header: "
+msgstr "無效的å°è£æª”é ­: "
+
+#: g10/armor.c:429
+msgid "armor header: "
+msgstr "å°è£æª”é ­: "
+
+#: g10/armor.c:442
+msgid "invalid clearsig header\n"
+msgstr "無效的明文簽章檔頭\n"
+
+#: g10/armor.c:455
+msgid "unknown armor header: "
+msgstr "未知的å°è£æª”é ­: "
+
+#: g10/armor.c:508
+msgid "nested clear text signatures\n"
+msgstr "多層明文簽章\n"
+
+#: g10/armor.c:643
+msgid "unexpected armor: "
+msgstr "未é æœŸçš„å°è£: "
+
+#: g10/armor.c:655
+msgid "invalid dash escaped line: "
+msgstr "無效的破折號逸出列: "
+
+#: g10/armor.c:810 g10/armor.c:1420
+#, c-format
+msgid "invalid radix64 character %02X skipped\n"
+msgstr "無效的 64 進ä½å­—符 %02x 已跳éŽ\n"
+
+#: g10/armor.c:853
+msgid "premature eof (no CRC)\n"
+msgstr "檔案未é æœŸçš„çµæŸ (沒有 CRC 的部分)\n"
+
+#: g10/armor.c:887
+msgid "premature eof (in CRC)\n"
+msgstr "檔案未é æœŸçš„çµæŸ (CRC 的部分未çµæŸ)\n"
+
+#: g10/armor.c:895
+msgid "malformed CRC\n"
+msgstr "CRC 被變造éŽ\n"
+
+#: g10/armor.c:899 g10/armor.c:1457
+#, c-format
+msgid "CRC error; %06lX - %06lX\n"
+msgstr "CRC 錯誤; %06lX - %06lX\n"
+
+#: g10/armor.c:919
+msgid "premature eof (in trailer)\n"
+msgstr "檔案未é æœŸçš„çµæŸ (æ–¼çµå°¾è™•)\n"
+
+#: g10/armor.c:923
+msgid "error in trailer line\n"
+msgstr "çµå°¾åˆ—有å•é¡Œ\n"
+
+#: g10/armor.c:1234
+msgid "no valid OpenPGP data found.\n"
+msgstr "找ä¸åˆ°æœ‰æ•ˆçš„ OpenPGP 資料.\n"
+
+#: g10/armor.c:1239
+#, c-format
+msgid "invalid armor: line longer than %d characters\n"
+msgstr "無效的å°è£: 列長超出 %d 字符\n"
+
+#: g10/armor.c:1243
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgstr "å°è£è£¡å‡ºç¾è¢«å¼•è™Ÿæ‹¬ä½çš„å¯åˆ—å°å­—符 - å¯èƒ½æ˜¯æœ‰ç‘•ç–µçš„é€ä¿¡ç¨‹å¼é€ æˆçš„\n"
+
+#: g10/build-packet.c:976
+msgid ""
+"a notation name must have only printable characters or spaces, and end with "
+"an '='\n"
+msgstr "標記å稱一定è¦æŽ¡ç”¨å¯å°å‡ºçš„字符或空白, 並以一個 '=' 來çµå°¾\n"
+
+#: g10/build-packet.c:988
+msgid "a user notation name must contain the '@' character\n"
+msgstr "使用者標記å稱一定è¦å«æœ‰ '@' 字符\n"
+
+#: g10/build-packet.c:994
+msgid "a notation name must not contain more than one '@' character\n"
+msgstr "使用者標記å稱ä¸å¾—å«æœ‰å…©å€‹æˆ–更多的 '@' 字符\n"
+
+#: g10/build-packet.c:1012
+msgid "a notation value must not use any control characters\n"
+msgstr "標記值一定ä¸èƒ½ä½¿ç”¨ä»»ä½•çš„控制字符\n"
+
+#: g10/build-packet.c:1046 g10/build-packet.c:1055
+msgid "WARNING: invalid notation data found\n"
+msgstr "警告: 找到無效的標記資料\n"
+
+#: g10/build-packet.c:1077 g10/build-packet.c:1079
+msgid "not human readable"
+msgstr "ä¸æ˜¯äººé¡žèƒ½è®€å¾—懂的"
+
+#: g10/card-util.c:85 g10/card-util.c:374
+#, c-format
+msgid "OpenPGP card not available: %s\n"
+msgstr "沒有å¯ç”¨çš„ OpenPGP å¡ç‰‡: %s\n"
+
+#: g10/card-util.c:90
+#, c-format
+msgid "OpenPGP card no. %s detected\n"
+msgstr "åµæ¸¬åˆ° OpenPGP å¡ç‰‡ç·¨è™Ÿ %s\n"
+
+#: g10/card-util.c:98 g10/card-util.c:1773 g10/delkey.c:126 g10/keyedit.c:1551
+#: g10/keygen.c:3068 g10/revoke.c:216 g10/revoke.c:455
+msgid "can't do this in batch mode\n"
+msgstr "無法在批次模å¼ä¸­é€™æ¨£åš\n"
+
+#: g10/card-util.c:106
+msgid "This command is only available for version 2 cards\n"
+msgstr "祇有第二版å¡ç‰‡çº”能用這個指令\n"
+
+#: g10/card-util.c:108 scd/app-openpgp.c:2029
+msgid "Reset Code not or not anymore available\n"
+msgstr "(å†ä¹Ÿ) 沒有é‡è¨­ç¢¼\n"
+
+#: g10/card-util.c:141 g10/card-util.c:1458 g10/card-util.c:1568
+#: g10/keyedit.c:424 g10/keyedit.c:445 g10/keyedit.c:459 g10/keygen.c:1630
+#: g10/keygen.c:1711 sm/certreqgen-ui.c:165 sm/certreqgen-ui.c:249
+#: sm/certreqgen-ui.c:283
+msgid "Your selection? "
+msgstr "ä½ è¦é¸å“ªä¸€å€‹? "
+
+#: g10/card-util.c:272 g10/card-util.c:322
+msgid "[not set]"
+msgstr "[未設定]"
+
+#: g10/card-util.c:512
+msgid "male"
+msgstr "男性"
+
+#: g10/card-util.c:513
+msgid "female"
+msgstr "女性"
+
+#: g10/card-util.c:513
+msgid "unspecified"
+msgstr "未特定"
+
+#: g10/card-util.c:540
+msgid "not forced"
+msgstr "ä¸å¼·è¿«ä½¿ç”¨"
+
+#: g10/card-util.c:540
+msgid "forced"
+msgstr "強迫使用"
+
+#: g10/card-util.c:631
+msgid "Error: Only plain ASCII is currently allowed.\n"
+msgstr "錯誤: ç›®å‰ç¥‡å…許使用單純的 ASCII 字符.\n"
+
+#: g10/card-util.c:633
+msgid "Error: The \"<\" character may not be used.\n"
+msgstr "錯誤: ä¸èƒ½ä½¿ç”¨ \"<\" 字符.\n"
+
+#: g10/card-util.c:635
+msgid "Error: Double spaces are not allowed.\n"
+msgstr "錯誤: 並ä¸å…許使用連續兩個以上的空格.\n"
+
+#: g10/card-util.c:652
+msgid "Cardholder's surname: "
+msgstr "å¡ç‰‡æŒæœ‰è€…的姓æ°: "
+
+#: g10/card-util.c:654
+msgid "Cardholder's given name: "
+msgstr "å¡ç‰‡æŒæœ‰è€…çš„åå­—: "
+
+#: g10/card-util.c:672
+#, c-format
+msgid "Error: Combined name too long (limit is %d characters).\n"
+msgstr "錯誤: åˆä½µå¾Œçš„å字太長 (上é™æ˜¯ %d 個字符).\n"
+
+#: g10/card-util.c:693
+msgid "URL to retrieve public key: "
+msgstr "å–回公鑰的 URL: "
+
+#: g10/card-util.c:701
+#, c-format
+msgid "Error: URL too long (limit is %d characters).\n"
+msgstr "錯誤: URL 太長 (上é™æ˜¯ %d 個字符).\n"
+
+#: g10/card-util.c:794 tools/no-libgcrypt.c:30
+#, c-format
+msgid "error allocating enough memory: %s\n"
+msgstr "é…置足夠的記憶體時出錯: %s\n"
+
+#: g10/card-util.c:806 g10/import.c:280
+#, c-format
+msgid "error reading `%s': %s\n"
+msgstr "è®€å– `%s' 時出錯: %s\n"
+
+#: g10/card-util.c:839
+#, c-format
+msgid "error writing `%s': %s\n"
+msgstr "寫入 `%s' 時出錯: %s\n"
+
+#: g10/card-util.c:866
+msgid "Login data (account name): "
+msgstr "登入資料 (帳號å稱): "
+
+#: g10/card-util.c:876
+#, c-format
+msgid "Error: Login data too long (limit is %d characters).\n"
+msgstr "錯誤: 登入資料太長 (上é™æ˜¯ %d 個字符).\n"
+
+#: g10/card-util.c:912
+msgid "Private DO data: "
+msgstr "ç§äººçš„ DO 資料: "
+
+#: g10/card-util.c:922
+#, c-format
+msgid "Error: Private DO too long (limit is %d characters).\n"
+msgstr "錯誤: ç§äººçš„ DO 太長 (上é™æ˜¯ %d 個字符).\n"
+
+#: g10/card-util.c:1005
+msgid "Language preferences: "
+msgstr "介é¢èªžè¨€å好設定: "
+
+#: g10/card-util.c:1013
+msgid "Error: invalid length of preference string.\n"
+msgstr "錯誤: 無效的å好設定字串長度\n"
+
+#: g10/card-util.c:1022
+msgid "Error: invalid characters in preference string.\n"
+msgstr "錯誤: å好設定字串中å«æœ‰ç„¡æ•ˆçš„字符\n"
+
+#: g10/card-util.c:1044
+msgid "Sex ((M)ale, (F)emale or space): "
+msgstr "性別 ((M)男性, (F)女性或留空): "
+
+#: g10/card-util.c:1058
+msgid "Error: invalid response.\n"
+msgstr "錯誤: 無效的回應.\n"
+
+#: g10/card-util.c:1080
+msgid "CA fingerprint: "
+msgstr "憑證中心 (CA) 指紋: "
+
+#: g10/card-util.c:1103
+msgid "Error: invalid formatted fingerprint.\n"
+msgstr "錯誤: 無效的格å¼åŒ–指紋.\n"
+
+#: g10/card-util.c:1153
+#, c-format
+msgid "key operation not possible: %s\n"
+msgstr "ä¸å¯èƒ½é€²è¡Œé‡‘é‘°æ“作: %s\n"
+
+#: g10/card-util.c:1154
+msgid "not an OpenPGP card"
+msgstr "這ä¸æ˜¯ OpenPGP å¡ç‰‡"
+
+#: g10/card-util.c:1167
+#, c-format
+msgid "error getting current key info: %s\n"
+msgstr "å–å¾—ç¾ç”¨é‡‘鑰資訊時出錯: %s\n"
+
+#: g10/card-util.c:1254
+msgid "Replace existing key? (y/N) "
+msgstr "是å¦è¦å–代既有的金鑰? (y/N) "
+
+#: g10/card-util.c:1270
+msgid ""
+"NOTE: There is no guarantee that the card supports the requested size.\n"
+" If the key generation does not succeed, please check the\n"
+" documentation of your card to see what sizes are allowed.\n"
+msgstr ""
+"請注æ„: 我們完全無法ä¿è­‰å¡ç‰‡æ”¯æ´ä½ æƒ³ç”¨çš„尺寸.\n"
+" 如果金鑰產生失敗了, 煩請查閱你å¡ç‰‡ä¸Šçš„文件,\n"
+" 看看這張å¡ç‰‡æ”¯æ´å“ªäº›å°ºå¯¸.\n"
+
+#: g10/card-util.c:1295
+#, c-format
+msgid "What keysize do you want for the Signature key? (%u) "
+msgstr "你的簽署金鑰想è¦ç”¨å¤šå¤§çš„金鑰尺寸? (%u) "
+
+#: g10/card-util.c:1297
+#, c-format
+msgid "What keysize do you want for the Encryption key? (%u) "
+msgstr "你的加密金鑰想è¦ç”¨å¤šå¤§çš„金鑰尺寸? (%u) "
+
+#: g10/card-util.c:1298
+#, c-format
+msgid "What keysize do you want for the Authentication key? (%u) "
+msgstr "ä½ çš„èªè­‰é‡‘鑰想è¦ç”¨å¤šå¤§çš„金鑰尺寸? (%u) "
+
+#: g10/card-util.c:1309 g10/keygen.c:1844 g10/keygen.c:1850
+#: sm/certreqgen-ui.c:194
+#, c-format
+msgid "rounded up to %u bits\n"
+msgstr "加大到 %u ä½å…ƒ\n"
+
+#: g10/card-util.c:1317 g10/keygen.c:1831 sm/certreqgen-ui.c:184
+#, c-format
+msgid "%s keysizes must be in the range %u-%u\n"
+msgstr "%s 金鑰尺寸一定è¦ä»‹æ–¼ %u 到 %u 之間\n"
+
+#: g10/card-util.c:1322
+#, c-format
+msgid "The card will now be re-configured to generate a key of %u bits\n"
+msgstr "這張å¡ç‰‡å°‡é‡æ–°åŠ ä»¥çµ„æ…‹, 以便產生 %u ä½å…ƒçš„金鑰\n"
+
+#: g10/card-util.c:1342
+#, c-format
+msgid "error changing size of key %d to %u bits: %s\n"
+msgstr "將金鑰 %d 尺寸變更至 %u ä½å…ƒæ™‚出錯: %s\n"
+
+#: g10/card-util.c:1364
+msgid "Make off-card backup of encryption key? (Y/n) "
+msgstr "是å¦è¦ç‚ºåŠ å¯†ç”¨é‡‘鑰建立å¡å¤–備份? (Y/n) "
+
+#: g10/card-util.c:1378
+msgid "NOTE: keys are already stored on the card!\n"
+msgstr "請注æ„: 金鑰已經存放在å¡ç‰‡ä¸Šäº†!\n"
+
+#: g10/card-util.c:1381
+msgid "Replace existing keys? (y/N) "
+msgstr "是å¦è¦å–代既有的金鑰? (y/N) "
+
+#: g10/card-util.c:1393
+#, c-format
+msgid ""
+"Please note that the factory settings of the PINs are\n"
+" PIN = `%s' Admin PIN = `%s'\n"
+"You should change them using the command --change-pin\n"
+msgstr ""
+"請注æ„個人識別碼 (PIN) 的出廠設定值為\n"
+" PIN = `%s' 管ç†è€… PIN = `%s'\n"
+"你應該用 --change-pin 指令來加以變更\n"
+
+#: g10/card-util.c:1449
+msgid "Please select the type of key to generate:\n"
+msgstr "è«‹é¸æ“‡ä½ è¦ç”¢ç”Ÿçš„金鑰種類:\n"
+
+#: g10/card-util.c:1451 g10/card-util.c:1559
+msgid " (1) Signature key\n"
+msgstr " (1) 簽署用金鑰\n"
+
+#: g10/card-util.c:1452 g10/card-util.c:1561
+msgid " (2) Encryption key\n"
+msgstr " (2) 加密用金鑰\n"
+
+#: g10/card-util.c:1453 g10/card-util.c:1563
+msgid " (3) Authentication key\n"
+msgstr " (3) 憑證用金鑰\n"
+
+#: g10/card-util.c:1469 g10/card-util.c:1588 g10/keyedit.c:945
+#: g10/keygen.c:1634 g10/keygen.c:1662 g10/keygen.c:1764 g10/revoke.c:683
+msgid "Invalid selection.\n"
+msgstr "無效的é¸æ“‡.\n"
+
+#: g10/card-util.c:1556
+msgid "Please select where to store the key:\n"
+msgstr "è«‹é¸æ“‡è¦æŠŠé‡‘鑰存放在哪裡:\n"
+
+#: g10/card-util.c:1600
+msgid "unknown key protection algorithm\n"
+msgstr "未知的金鑰ä¿è­·æ¼”算法\n"
+
+#: g10/card-util.c:1605
+msgid "secret parts of key are not available\n"
+msgstr "ç§é‘°éƒ¨åˆ†ç„¡æ³•å–用\n"
+
+#: g10/card-util.c:1610
+msgid "secret key already stored on a card\n"
+msgstr "ç§é‘°å·²ç¶“存放在å¡ç‰‡ä¸Šäº†\n"
+
+#: g10/card-util.c:1623
+#, c-format
+msgid "error writing key to card: %s\n"
+msgstr "金鑰寫入å¡ç‰‡æ™‚出錯: %s\n"
+
+#: g10/card-util.c:1682 g10/keyedit.c:1382
+msgid "quit this menu"
+msgstr "離開這個é¸å–®"
+
+#: g10/card-util.c:1684
+msgid "show admin commands"
+msgstr "顯示管ç†è€…指令"
+
+#: g10/card-util.c:1685 g10/keyedit.c:1385
+msgid "show this help"
+msgstr "顯示這份線上說明"
+
+#: g10/card-util.c:1687
+msgid "list all available data"
+msgstr "列出所有å¯ç”¨çš„資料"
+
+#: g10/card-util.c:1690
+msgid "change card holder's name"
+msgstr "變更å¡ç‰‡æŒæœ‰äººçš„åå­—"
+
+#: g10/card-util.c:1691
+msgid "change URL to retrieve key"
+msgstr "變更å–回金鑰的 URL"
+
+#: g10/card-util.c:1692
+msgid "fetch the key specified in the card URL"
+msgstr "從å¡ç‰‡ URL å–回指定的金鑰"
+
+#: g10/card-util.c:1693
+msgid "change the login name"
+msgstr "變更登入å稱"
+
+#: g10/card-util.c:1694
+msgid "change the language preferences"
+msgstr "變更介é¢èªžè¨€å好設定"
+
+#: g10/card-util.c:1695
+msgid "change card holder's sex"
+msgstr "變更å¡ç‰‡æŒæœ‰è€…的性別"
+
+#: g10/card-util.c:1696
+msgid "change a CA fingerprint"
+msgstr "變更æŸå€‹æ†‘證中心 (CA) 的指紋"
+
+#: g10/card-util.c:1697
+msgid "toggle the signature force PIN flag"
+msgstr "切æ›ç°½ç« æ˜¯å¦å¼·åˆ¶ä½¿ç”¨å€‹äººè­˜åˆ¥ç¢¼ (PIN) 的旗標"
+
+#: g10/card-util.c:1698
+msgid "generate new keys"
+msgstr "產生新的金鑰"
+
+#: g10/card-util.c:1699
+msgid "menu to change or unblock the PIN"
+msgstr "變更或é‡è¨­å€‹äººè­˜åˆ¥ç¢¼ (PIN) çš„é¸å–®"
+
+#: g10/card-util.c:1700
+msgid "verify the PIN and list all data"
+msgstr "驗證個人識別碼 (PIN) 並列出所有的資料"
+
+#: g10/card-util.c:1701
+msgid "unblock the PIN using a Reset Code"
+msgstr "用é‡è¨­ç¢¼ä¾†è§£å‡å€‹äººè­˜åˆ¥ç¢¼ (PIN)"
+
+#: g10/card-util.c:1823
+msgid "gpg/card> "
+msgstr "gpg/å¡ç‰‡> "
+
+#: g10/card-util.c:1864
+msgid "Admin-only command\n"
+msgstr "é™ç®¡ç†è€…使用的指令\n"
+
+#: g10/card-util.c:1895
+msgid "Admin commands are allowed\n"
+msgstr "å…許使用管ç†è€…指令\n"
+
+#: g10/card-util.c:1897
+msgid "Admin commands are not allowed\n"
+msgstr "未å…許使用管ç†è€…指令\n"
+
+#: g10/card-util.c:1988 g10/keyedit.c:2292
+msgid "Invalid command (try \"help\")\n"
+msgstr "無效的指令 (試試看 \"help\")\n"
+
+#: g10/decrypt.c:110 g10/encode.c:876
+msgid "--output doesn't work for this command\n"
+msgstr "--output 在這個指令中沒有作用\n"
+
+#: g10/decrypt.c:166 g10/gpg.c:4019 g10/keyring.c:387 g10/keyring.c:698
+#, c-format
+msgid "can't open `%s'\n"
+msgstr "無法開啟 `%s'\n"
+
+#: g10/delkey.c:73 g10/export.c:324 g10/keyedit.c:3514 g10/keyserver.c:1737
+#: g10/revoke.c:226
+#, c-format
+msgid "key \"%s\" not found: %s\n"
+msgstr "找ä¸åˆ°é‡‘é‘° \"%s\": %s\n"
+
+#: g10/delkey.c:81 g10/export.c:354 g10/import.c:2480 g10/keyserver.c:1751
+#: g10/revoke.c:232 g10/revoke.c:477
+#, c-format
+msgid "error reading keyblock: %s\n"
+msgstr "讀å–金鑰å€å¡Šæ™‚出錯: %s\n"
+
+#: g10/delkey.c:127 g10/delkey.c:134
+msgid "(unless you specify the key by fingerprint)\n"
+msgstr "(除éžä½ ç”¨æŒ‡ç´‹æŒ‡å®šäº†é‡‘é‘°)\n"
+
+#: g10/delkey.c:133
+msgid "can't do this in batch mode without \"--yes\"\n"
+msgstr "沒有 \"--yes\" 就沒辦法在批次模å¼ä¸­é€™éº¼åš\n"
+
+#: g10/delkey.c:145
+msgid "Delete this key from the keyring? (y/N) "
+msgstr "è¦å¾žé‘°åŒ™åœˆè£¡åˆªé™¤é€™æŠŠé‡‘é‘°å—Ž? (y/N) "
+
+#: g10/delkey.c:153
+msgid "This is a secret key! - really delete? (y/N) "
+msgstr "這是一把ç§é‘°! - 真的è¦åˆªé™¤å—Ž? (y/N) "
+
+#: g10/delkey.c:163
+#, c-format
+msgid "deleting keyblock failed: %s\n"
+msgstr "刪除金鑰å€å¡Šæ™‚失敗: %s\n"
+
+#: g10/delkey.c:173
+msgid "ownertrust information cleared\n"
+msgstr "主觀信任資訊已清除\n"
+
+#: g10/delkey.c:204
+#, c-format
+msgid "there is a secret key for public key \"%s\"!\n"
+msgstr "公鑰 \"%s\" 有相å°æ‡‰çš„ç§é‘°!\n"
+
+#: g10/delkey.c:206
+msgid "use option \"--delete-secret-keys\" to delete it first.\n"
+msgstr "請先以 \"--delete-secret-keys\" é¸é …來刪除它.\n"
+
+#: g10/encode.c:226 g10/sign.c:1269
+#, c-format
+msgid "error creating passphrase: %s\n"
+msgstr "建立密語時出錯: %s\n"
+
+#: g10/encode.c:232
+msgid "can't use a symmetric ESK packet due to the S2K mode\n"
+msgstr "因處於 S2K 模å¼ä¸‹è€Œç„¡æ³•ä½¿ç”¨å°ç¨±å¼ ESK å°åŒ…\n"
+
+#: g10/encode.c:246
+#, c-format
+msgid "using cipher %s\n"
+msgstr "正在使用 %s 編密法\n"
+
+#: g10/encode.c:256 g10/encode.c:577
+#, c-format
+msgid "`%s' already compressed\n"
+msgstr "`%s' 已經被壓縮了\n"
+
+#: g10/encode.c:311 g10/encode.c:611 g10/sign.c:564
+#, c-format
+msgid "WARNING: `%s' is an empty file\n"
+msgstr "警告: `%s' 是個空檔案\n"
+
+#: g10/encode.c:485
+msgid "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
+msgstr "在 --pgp2 模å¼ä¸­, 你祇能以 2048 ä½å…ƒä»¥ä¸‹çš„ RSA 金鑰加密\n"
+
+#: g10/encode.c:510
+#, c-format
+msgid "reading from `%s'\n"
+msgstr "正在從 `%s' 讀å–中\n"
+
+#: g10/encode.c:541
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgstr "ä½ æ­£è¦ç”¨ä¾†åŠ å¯†çš„所有金鑰都ä¸èƒ½ä½¿ç”¨ IDEA 編密法.\n"
+
+#: g10/encode.c:559
+#, c-format
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "警告: 強迫使用 %s (%d) å°ç¨±å¼ç·¨å¯†æ³•æœƒé•å收件者å好設定\n"
+
+#: g10/encode.c:655 g10/sign.c:939
+#, c-format
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
+msgstr "警告: 強迫使用 %s (%d) 壓縮演算法會é•å收件者å好設定\n"
+
+#: g10/encode.c:751
+#, c-format
+msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgstr "強迫使用 %s (%d) å°ç¨±å¼ç·¨å¯†æ³•æœƒé•å收件者å好設定\n"
+
+#: g10/encode.c:821 g10/pkclist.c:813 g10/pkclist.c:862
+#, c-format
+msgid "you may not use %s while in %s mode\n"
+msgstr "ä½ ä¸èƒ½å¤ å°‡ %s 用於 %s 模å¼ä¸­\n"
+
+#: g10/encode.c:848
+#, c-format
+msgid "%s/%s encrypted for: \"%s\"\n"
+msgstr "%s/%s 已加密給: \"%s\"\n"
+
+#: g10/encr-data.c:93 g10/mainproc.c:286
+#, c-format
+msgid "%s encrypted data\n"
+msgstr "%s 已加密的資料\n"
+
+#: g10/encr-data.c:96 g10/mainproc.c:290
+#, c-format
+msgid "encrypted with unknown algorithm %d\n"
+msgstr "以 %d 未知演算法所加密\n"
+
+#: g10/encr-data.c:142 sm/decrypt.c:126
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgstr "警告: 訊æ¯å·²ç”¨å°ç¨±å¼ç·¨å¯†æ³•çš„弱金鑰加密了.\n"
+
+#: g10/encr-data.c:154
+msgid "problem handling encrypted packet\n"
+msgstr "處ç†å·²åŠ å¯†å°åŒ…有å•é¡Œ\n"
+
+#: g10/exec.c:57
+msgid "no remote program execution supported\n"
+msgstr "沒有支æ´çš„é ç«¯ç¨‹å¼åŸ·è¡Œ\n"
+
+#: g10/exec.c:308
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
+msgstr "因為ä¸å®‰å…¨çš„檔案權é™é¸é …, 而ç¦ç”¨äº†å¤–部程å¼å«ç”¨\n"
+
+#: g10/exec.c:338
+msgid "this platform requires temporary files when calling external programs\n"
+msgstr "在這個作業平å°ä¸Šå«ç”¨å¤–部程å¼æ™‚需è¦æš«å­˜æª”\n"
+
+#: g10/exec.c:416
+#, c-format
+msgid "unable to execute program `%s': %s\n"
+msgstr "ç„¡æ³•åŸ·è¡Œç¨‹å¼ `%s': %s\n"
+
+#: g10/exec.c:419
+#, c-format
+msgid "unable to execute shell `%s': %s\n"
+msgstr "無法執行 shell `%s': %s\n"
+
+#: g10/exec.c:510
+#, c-format
+msgid "system error while calling external program: %s\n"
+msgstr "å«ç”¨å¤–部程å¼æ™‚發生系統錯誤: %s\n"
+
+#: g10/exec.c:521 g10/exec.c:588
+msgid "unnatural exit of external program\n"
+msgstr "外部程å¼ä¸è‡ªç„¶åœ°é›¢é–‹\n"
+
+#: g10/exec.c:536
+msgid "unable to execute external program\n"
+msgstr "無法執行外部程å¼\n"
+
+#: g10/exec.c:553
+#, c-format
+msgid "unable to read external program response: %s\n"
+msgstr "無法讀å–外部程å¼å›žæ‡‰: %s\n"
+
+#: g10/exec.c:599 g10/exec.c:606
+#, c-format
+msgid "WARNING: unable to remove tempfile (%s) `%s': %s\n"
+msgstr "警告: 無法移除暫存檔 (%s) `%s': %s\n"
+
+#: g10/exec.c:611
+#, c-format
+msgid "WARNING: unable to remove temp directory `%s': %s\n"
+msgstr "警告: 無法移除暫存目錄 `%s': %s\n"
+
+#: g10/export.c:61
+msgid "export signatures that are marked as local-only"
+msgstr "匯出標記為僅é™æœ¬æ©Ÿä½¿ç”¨çš„簽章"
+
+#: g10/export.c:63
+msgid "export attribute user IDs (generally photo IDs)"
+msgstr "匯出署å使用者 ID (通常是照片 ID)"
+
+#: g10/export.c:65
+msgid "export revocation keys marked as \"sensitive\""
+msgstr "匯出標記為 \"機密\" 的撤銷金鑰"
+
+#: g10/export.c:67
+msgid "remove the passphrase from exported subkeys"
+msgstr "從匯出所得的å­é‘°ä¸­ç§»é™¤å¯†èªž"
+
+#: g10/export.c:69
+msgid "remove unusable parts from key during export"
+msgstr "匯出時從金鑰中移除無法使用的部分"
+
+#: g10/export.c:71
+msgid "remove as much as possible from key during export"
+msgstr "匯出時盡å¯èƒ½åœ°å¾žé‡‘鑰中移除"
+
+#: g10/export.c:73
+msgid "export keys in an S-expression based format"
+msgstr "匯出金鑰æˆä»¥ S-expression 為基礎的格å¼"
+
+#: g10/export.c:338
+msgid "exporting secret keys not allowed\n"
+msgstr "ä¸å…許匯出ç§é‘°\n"
+
+#: g10/export.c:367
+#, c-format
+msgid "key %s: not protected - skipped\n"
+msgstr "金鑰 %s: 未å—ä¿è­· - 已跳éŽ\n"
+
+#: g10/export.c:375
+#, c-format
+msgid "key %s: PGP 2.x style key - skipped\n"
+msgstr "金鑰 %s: PGP 2.x 型態的金鑰 - 已跳éŽ\n"
+
+#: g10/export.c:386
+#, c-format
+msgid "key %s: key material on-card - skipped\n"
+msgstr "金鑰 %s: 金鑰資料在å¡ç‰‡ä¸Š - 已跳éŽ\n"
+
+#: g10/export.c:537
+msgid "about to export an unprotected subkey\n"
+msgstr "æ­£è¦åŒ¯å‡ºæœªå—ä¿è­·çš„å­é‘°\n"
+
+#: g10/export.c:560
+#, c-format
+msgid "failed to unprotect the subkey: %s\n"
+msgstr "解除å­é‘°ä¿è­·å¤±æ•—: %s\n"
+
+# I hope this warning doesn't confuse people.
+#: g10/export.c:584
+#, c-format
+msgid "WARNING: secret key %s does not have a simple SK checksum\n"
+msgstr "警告: ç§é‘° %s 並沒有任的何單一 SK 加總檢查\n"
+
+#: g10/export.c:633
+msgid "WARNING: nothing exported\n"
+msgstr "警告: 沒有匯出任何æ±è¥¿\n"
+
+#: g10/getkey.c:152
+msgid "too many entries in pk cache - disabled\n"
+msgstr "pk å¿«å–裡有太多項目 - å·²ç¦ç”¨\n"
+
+#: g10/getkey.c:175
+msgid "[User ID not found]"
+msgstr "[找ä¸åˆ°ä½¿ç”¨è€… ID]"
+
+#: g10/getkey.c:1113
+#, c-format
+msgid "automatically retrieved `%s' via %s\n"
+msgstr "已自動å–回 `%s' (經由 %s )\n"
+
+#: g10/getkey.c:1118
+#, c-format
+msgid "error retrieving `%s' via %s: %s\n"
+msgstr "å–å¾— `%s' æ–¼ %s 時出錯: %s\n"
+
+#: g10/getkey.c:1120
+msgid "No fingerprint"
+msgstr "沒有指紋"
+
+#: g10/getkey.c:1930
+#, c-format
+msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n"
+msgstr "無效的金鑰 %s å¯ä»¥è—‰ç”± --allow-non-selfsigned-uid 而生效\n"
+
+#: g10/getkey.c:2533 g10/keyedit.c:3839
+#, c-format
+msgid "no secret subkey for public subkey %s - ignoring\n"
+msgstr "公鑰 %s 沒有相å°æ‡‰çš„ç§é‘° - 正在忽略\n"
+
+#: g10/getkey.c:2759
+#, c-format
+msgid "using subkey %s instead of primary key %s\n"
+msgstr "使用å­é‘° %s 來替æ›ä¸»é‘° %s\n"
+
+#: g10/getkey.c:2806
+#, c-format
+msgid "key %s: secret key without public key - skipped\n"
+msgstr "金鑰 %s: 祇有ç§é‘°è€Œæ²’有公鑰 - 已跳éŽ\n"
+
+#: g10/gpg.c:375 sm/gpgsm.c:188
+msgid "make a signature"
+msgstr "建立簽章"
+
+#: g10/gpg.c:376 sm/gpgsm.c:189
+msgid "make a clear text signature"
+msgstr "建立明文簽章"
+
+#: g10/gpg.c:377 sm/gpgsm.c:190
+msgid "make a detached signature"
+msgstr "建立分離å¼ç°½ç« "
+
+#: g10/gpg.c:378 sm/gpgsm.c:191
+msgid "encrypt data"
+msgstr "加密資料"
+
+#: g10/gpg.c:380 sm/gpgsm.c:192
+msgid "encryption only with symmetric cipher"
+msgstr "僅使用å°ç¨±å¼ç·¨å¯†æ³•ä¾†åŠ å¯†"
+
+#: g10/gpg.c:382 sm/gpgsm.c:193
+msgid "decrypt data (default)"
+msgstr "資料解密 (é è¨­)"
+
+#: g10/gpg.c:384 sm/gpgsm.c:194
+msgid "verify a signature"
+msgstr "驗證簽章"
+
+#: g10/gpg.c:386 sm/gpgsm.c:195
+msgid "list keys"
+msgstr "列出金鑰"
+
+#: g10/gpg.c:388
+msgid "list keys and signatures"
+msgstr "列出金鑰和簽章"
+
+#: g10/gpg.c:389
+msgid "list and check key signatures"
+msgstr "列出並檢查金鑰簽章"
+
+#: g10/gpg.c:390 sm/gpgsm.c:200
+msgid "list keys and fingerprints"
+msgstr "列出金鑰和指紋"
+
+#: g10/gpg.c:391 sm/gpgsm.c:198
+msgid "list secret keys"
+msgstr "列出ç§é‘°"
+
+#: g10/gpg.c:392 sm/gpgsm.c:201
+msgid "generate a new key pair"
+msgstr "產生新的金鑰å°"
+
+#: g10/gpg.c:393
+msgid "generate a revocation certificate"
+msgstr "產生撤銷憑證"
+
+#: g10/gpg.c:395 sm/gpgsm.c:203
+msgid "remove keys from the public keyring"
+msgstr "從公鑰鑰匙圈裡移除金鑰"
+
+#: g10/gpg.c:397
+msgid "remove keys from the secret keyring"
+msgstr "從ç§é‘°é‘°åŒ™åœˆè£¡ç§»é™¤é‡‘é‘°"
+
+#: g10/gpg.c:398
+msgid "sign a key"
+msgstr "簽署金鑰"
+
+#: g10/gpg.c:399
+msgid "sign a key locally"
+msgstr "僅在本機簽署金鑰"
+
+#: g10/gpg.c:400
+msgid "sign or edit a key"
+msgstr "簽署或編輯金鑰"
+
+#: g10/gpg.c:402 sm/gpgsm.c:215
+msgid "change a passphrase"
+msgstr "更改密語"
+
+#: g10/gpg.c:404
+msgid "export keys"
+msgstr "匯出金鑰"
+
+#: g10/gpg.c:405 sm/gpgsm.c:204
+msgid "export keys to a key server"
+msgstr "把金鑰匯出至金鑰伺æœå™¨"
+
+#: g10/gpg.c:406 sm/gpgsm.c:205
+msgid "import keys from a key server"
+msgstr "從金鑰伺æœå™¨åŒ¯å…¥é‡‘é‘°"
+
+#: g10/gpg.c:408
+msgid "search for keys on a key server"
+msgstr "在金鑰伺æœå™¨ä¸Šæœå°‹é‡‘é‘°"
+
+#: g10/gpg.c:410
+msgid "update all keys from a keyserver"
+msgstr "從金鑰伺æœå™¨æ›´æ–°æ‰€æœ‰çš„金鑰"
+
+#: g10/gpg.c:415
+msgid "import/merge keys"
+msgstr "匯入/åˆä½µé‡‘é‘°"
+
+#: g10/gpg.c:418
+msgid "print the card status"
+msgstr "列å°å¡ç‰‡ç‹€æ…‹"
+
+#: g10/gpg.c:419
+msgid "change data on a card"
+msgstr "變更å¡ç‰‡ä¸Šçš„資料"
+
+#: g10/gpg.c:420
+msgid "change a card's PIN"
+msgstr "變更å¡ç‰‡çš„個人識別碼 (PIN)"
+
+#: g10/gpg.c:429
+msgid "update the trust database"
+msgstr "更新信任資料庫"
+
+#: g10/gpg.c:436
+msgid "print message digests"
+msgstr "å°å‡ºè¨Šæ¯æ‘˜è¦"
+
+#: g10/gpg.c:439 sm/gpgsm.c:210
+msgid "run in server mode"
+msgstr "以伺æœå™¨æ¨¡å¼åŸ·è¡Œ"
+
+#: g10/gpg.c:443 sm/gpgsm.c:228
+msgid "create ascii armored output"
+msgstr "建立以 ASCII å°è£éŽçš„輸出"
+
+#: g10/gpg.c:446 sm/gpgsm.c:241
+msgid "|USER-ID|encrypt for USER-ID"
+msgstr "|使用者-ID|以「使用者-IDã€ä½œç‚ºåŠ å¯†å°è±¡"
+
+#: g10/gpg.c:459 sm/gpgsm.c:278
+msgid "|USER-ID|use USER-ID to sign or decrypt"
+msgstr "|使用者-ID|拿「使用者-IDã€ä¾†ç°½ç½²æˆ–解密"
+
+#: g10/gpg.c:462
+msgid "|N|set compress level to N (0 disables)"
+msgstr "|N|設定壓縮等級為 N (0 表示ä¸å£“縮)"
+
+#: g10/gpg.c:468
+msgid "use canonical text mode"
+msgstr "使用標準的文字模å¼"
+
+#: g10/gpg.c:485 sm/gpgsm.c:280
+msgid "|FILE|write output to FILE"
+msgstr "|檔案|將輸出寫入至「檔案ã€"
+
+#: g10/gpg.c:501 kbx/kbxutil.c:90 sm/gpgsm.c:292 tools/gpgconf.c:82
+msgid "do not make any changes"
+msgstr "ä¸è¦åšä»»ä½•æ”¹è®Š"
+
+#: g10/gpg.c:502
+msgid "prompt before overwriting"
+msgstr "覆寫å‰å…ˆè©¢å•"
+
+#: g10/gpg.c:554
+msgid "use strict OpenPGP behavior"
+msgstr "使用嚴謹的 OpenPGP 行為"
+
+#: g10/gpg.c:585 sm/gpgsm.c:336
+msgid ""
+"@\n"
+"(See the man page for a complete listing of all commands and options)\n"
+msgstr ""
+"@\n"
+"(è«‹åƒç…§ç·šä¸Šèªªæ˜Žé é¢ä¾†å–得所有命令和é¸é …的完整清單)\n"
+
+#: g10/gpg.c:588 sm/gpgsm.c:339
+msgid ""
+"@\n"
+"Examples:\n"
+"\n"
+" -se -r Bob [file] sign and encrypt for user Bob\n"
+" --clearsign [file] make a clear text signature\n"
+" --detach-sign [file] make a detached signature\n"
+" --list-keys [names] show keys\n"
+" --fingerprint [names] show fingerprints\n"
+msgstr ""
+"@\n"
+"範例:\n"
+"\n"
+" -se -r Bob [檔案] å° Bob 這個使用者簽署åŠåŠ å¯†\n"
+" --clearsign [檔案] åšå‡ºæ˜Žæ–‡ç°½ç« \n"
+" --detach-sign [檔案] åšå‡ºåˆ†é›¢å¼ç°½ç« \n"
+" --list-keys [åå­—] 顯示金鑰\n"
+" --fingerprint [åå­—] 顯示指紋\n"
+
+#: g10/gpg.c:836
+msgid "Usage: gpg [options] [files] (-h for help)"
+msgstr "用法: gpg [é¸é …] [檔案] (或用 -h 求助)"
+
+#: g10/gpg.c:839
+msgid ""
+"Syntax: gpg [options] [files]\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
+msgstr ""
+"語法: gpg [é¸é …] [檔案]\n"
+"簽署, 檢查, 加密或解密\n"
+"é è¨­çš„æ“作會ä¾è¼¸å…¥è³‡æ–™è€Œå®š\n"
+
+#: g10/gpg.c:850 sm/gpgsm.c:543
+msgid ""
+"\n"
+"Supported algorithms:\n"
+msgstr ""
+"\n"
+"已支æ´çš„演算法:\n"
+
+#: g10/gpg.c:853
+msgid "Pubkey: "
+msgstr "公鑰: "
+
+#: g10/gpg.c:860 g10/keyedit.c:2423
+msgid "Cipher: "
+msgstr "編密法: "
+
+#: g10/gpg.c:867
+msgid "Hash: "
+msgstr "雜湊: "
+
+#: g10/gpg.c:874 g10/keyedit.c:2468
+msgid "Compression: "
+msgstr "壓縮: "
+
+#: g10/gpg.c:944
+msgid "usage: gpg [options] "
+msgstr "用法: gpg [é¸é …] "
+
+#: g10/gpg.c:1158 sm/gpgsm.c:716
+msgid "conflicting commands\n"
+msgstr "指令彼此矛盾\n"
+
+#: g10/gpg.c:1176
+#, c-format
+msgid "no = sign found in group definition `%s'\n"
+msgstr "在群組定義 `%s' 裡找ä¸åˆ° = 記號\n"
+
+#: g10/gpg.c:1373
+#, c-format
+msgid "WARNING: unsafe ownership on homedir `%s'\n"
+msgstr "警告: 家目錄 `%s' 的所有權並ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1376
+#, c-format
+msgid "WARNING: unsafe ownership on configuration file `%s'\n"
+msgstr "警告: 組態檔案 `%s' 的所有權並ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1379
+#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "警告: 延伸模組 `%s' 的所有權並ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1385
+#, c-format
+msgid "WARNING: unsafe permissions on homedir `%s'\n"
+msgstr "警告: 家目錄 `%s' 的權é™ä¸¦ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1388
+#, c-format
+msgid "WARNING: unsafe permissions on configuration file `%s'\n"
+msgstr "警告: 組態檔案 `%s' 的權é™ä¸¦ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1391
+#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "警告: 延伸模組 `%s' 的權é™ä¸¦ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1397
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
+msgstr "警告: 家目錄 `%s' çš„å°å…¥ç›®éŒ„所有權並ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1400
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgstr "警告: 組態檔案 `%s' çš„å°å…¥ç›®éŒ„所有權並ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1403
+#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "警告: 延伸模組 `%s' çš„å°å…¥ç›®éŒ„所有權並ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1409
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
+msgstr "警告: 家目錄 `%s' çš„å°å…¥ç›®éŒ„權é™ä¸¦ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1412
+#, c-format
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgstr "警告: 組態檔案 `%s' çš„å°å…¥ç›®éŒ„權é™ä¸¦ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1415
+#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "警告: 延伸模組 `%s' çš„å°å…¥ç›®éŒ„權é™ä¸¦ä¸å®‰å…¨\n"
+
+#: g10/gpg.c:1595
+#, c-format
+msgid "unknown configuration item `%s'\n"
+msgstr "未知的組態項目 `%s'\n"
+
+#: g10/gpg.c:1699
+msgid "display photo IDs during key listings"
+msgstr "列出金鑰時顯示照片 ID"
+
+#: g10/gpg.c:1701
+msgid "show policy URLs during signature listings"
+msgstr "列出簽章時顯示原則 URL"
+
+#: g10/gpg.c:1703
+msgid "show all notations during signature listings"
+msgstr "列出簽章時顯示所有的註記"
+
+#: g10/gpg.c:1705
+msgid "show IETF standard notations during signature listings"
+msgstr "列出簽章時顯示 IETF 標準註記"
+
+#: g10/gpg.c:1709
+msgid "show user-supplied notations during signature listings"
+msgstr "列出簽章時顯示使用者æ供的註記"
+
+#: g10/gpg.c:1711
+msgid "show preferred keyserver URLs during signature listings"
+msgstr "列出簽章時顯示å好的金鑰伺æœå™¨ URL"
+
+#: g10/gpg.c:1713
+msgid "show user ID validity during key listings"
+msgstr "列出金鑰時顯示使用者 ID 有效性"
+
+#: g10/gpg.c:1715
+msgid "show revoked and expired user IDs in key listings"
+msgstr "列出金鑰時顯示已撤銷或éŽæœŸçš„使用者 ID"
+
+#: g10/gpg.c:1717
+msgid "show revoked and expired subkeys in key listings"
+msgstr "列出金鑰時顯示已撤銷或éŽæœŸçš„å­é‘°"
+
+#: g10/gpg.c:1719
+msgid "show the keyring name in key listings"
+msgstr "在金鑰清單中顯示鑰匙圈å稱"
+
+#: g10/gpg.c:1721
+msgid "show expiration dates during signature listings"
+msgstr "列出簽章時顯示有效期é™"
+
+#: g10/gpg.c:1855
+#, c-format
+msgid "NOTE: old default options file `%s' ignored\n"
+msgstr "請注æ„: 已忽略舊有的é è¨­é¸é …檔 `%s'\n"
+
+#: g10/gpg.c:1948
+#, c-format
+msgid "libgcrypt is too old (need %s, have %s)\n"
+msgstr "libgcrypt 太舊了 (éœ€è¦ %s, 但是祇有 %s)\n"
+
+#: g10/gpg.c:2346 g10/gpg.c:3037 g10/gpg.c:3049
+#, c-format
+msgid "NOTE: %s is not for normal use!\n"
+msgstr "請注æ„: 一般情æ³ä¸‹ä¸æœƒç”¨åˆ° %s!\n"
+
+#: g10/gpg.c:2530 g10/gpg.c:2542
+#, c-format
+msgid "`%s' is not a valid signature expiration\n"
+msgstr "`%s' ä¸æ˜¯å€‹æœ‰æ•ˆçš„簽章使用期é™\n"
+
+#: g10/gpg.c:2624
+#, c-format
+msgid "`%s' is not a valid character set\n"
+msgstr "`%s' ä¸æ˜¯å€‹æœ‰æ•ˆçš„字元集\n"
+
+#: g10/gpg.c:2647 g10/gpg.c:2842 g10/keyedit.c:4197
+msgid "could not parse keyserver URL\n"
+msgstr "無法剖æžé‡‘鑰伺æœå™¨ URL\n"
+
+#: g10/gpg.c:2659
+#, c-format
+msgid "%s:%d: invalid keyserver options\n"
+msgstr "%s:%d: 無效的金鑰伺æœå™¨é¸é …\n"
+
+#: g10/gpg.c:2662
+msgid "invalid keyserver options\n"
+msgstr "無效的金鑰伺æœå™¨é¸é …\n"
+
+#: g10/gpg.c:2669
+#, c-format
+msgid "%s:%d: invalid import options\n"
+msgstr "%s:%d: 無效的匯入é¸é …\n"
+
+#: g10/gpg.c:2672
+msgid "invalid import options\n"
+msgstr "無效的匯入é¸é …\n"
+
+#: g10/gpg.c:2679
+#, c-format
+msgid "%s:%d: invalid export options\n"
+msgstr "%s:%d: 無效的匯出é¸é …\n"
+
+#: g10/gpg.c:2682
+msgid "invalid export options\n"
+msgstr "無效的匯出é¸é …\n"
+
+#: g10/gpg.c:2689
+#, c-format
+msgid "%s:%d: invalid list options\n"
+msgstr "%s:%d: 無效的清單é¸é …\n"
+
+#: g10/gpg.c:2692
+msgid "invalid list options\n"
+msgstr "無效的清單é¸é …\n"
+
+#: g10/gpg.c:2700
+msgid "display photo IDs during signature verification"
+msgstr "驗證簽章時顯示照片 ID"
+
+#: g10/gpg.c:2702
+msgid "show policy URLs during signature verification"
+msgstr "驗證簽章時顯示原則 URL"
+
+#: g10/gpg.c:2704
+msgid "show all notations during signature verification"
+msgstr "驗證簽章時顯示所有的註記"
+
+#: g10/gpg.c:2706
+msgid "show IETF standard notations during signature verification"
+msgstr "驗證簽章時顯示 IETF 標準註記"
+
+#: g10/gpg.c:2710
+msgid "show user-supplied notations during signature verification"
+msgstr "驗證簽章時顯示使用者æ供的註記"
+
+#: g10/gpg.c:2712
+msgid "show preferred keyserver URLs during signature verification"
+msgstr "驗證簽章時顯示å好的金鑰伺æœå™¨ URL"
+
+#: g10/gpg.c:2714
+msgid "show user ID validity during signature verification"
+msgstr "驗證簽章時顯示使用者 ID 有效性"
+
+#: g10/gpg.c:2716
+msgid "show revoked and expired user IDs in signature verification"
+msgstr "驗證簽章時顯示已撤銷或éŽæœŸçš„使用者 ID"
+
+#: g10/gpg.c:2718
+msgid "show only the primary user ID in signature verification"
+msgstr "驗證簽章時祇顯示主è¦çš„使用者 ID"
+
+#: g10/gpg.c:2720
+msgid "validate signatures with PKA data"
+msgstr "以 PKA 資料驗證簽章"
+
+#: g10/gpg.c:2722
+msgid "elevate the trust of signatures with valid PKA data"
+msgstr "æ高å°æŒæœ‰æœ‰æ•ˆ PKA 資料之簽章的信任"
+
+#: g10/gpg.c:2729
+#, c-format
+msgid "%s:%d: invalid verify options\n"
+msgstr "%s:%d: 無效的驗證é¸é …\n"
+
+#: g10/gpg.c:2732
+msgid "invalid verify options\n"
+msgstr "無效的驗證é¸é …\n"
+
+#: g10/gpg.c:2739
+#, c-format
+msgid "unable to set exec-path to %s\n"
+msgstr "ç„¡æ³•æŠŠåŸ·è¡Œæª”è·¯å¾‘è¨­æˆ %s\n"
+
+#: g10/gpg.c:2925
+#, c-format
+msgid "%s:%d: invalid auto-key-locate list\n"
+msgstr "%s:%d: 無效的自動金鑰定å€æ¸…å–®\n"
+
+#: g10/gpg.c:2928
+msgid "invalid auto-key-locate list\n"
+msgstr "無效的自動金鑰定å€æ¸…å–®\n"
+
+#: g10/gpg.c:3026 sm/gpgsm.c:1439
+msgid "WARNING: program may create a core file!\n"
+msgstr "警告: 程å¼å¯èƒ½æœƒå‚¾å°å‡ºæ ¸å¿ƒæª”!\n"
+
+#: g10/gpg.c:3030
+#, c-format
+msgid "WARNING: %s overrides %s\n"
+msgstr "警告: %s 會推翻 %s\n"
+
+#: g10/gpg.c:3039
+#, c-format
+msgid "%s not allowed with %s!\n"
+msgstr "%s ä¸å…許跟 %s 併用!\n"
+
+#: g10/gpg.c:3042
+#, c-format
+msgid "%s makes no sense with %s!\n"
+msgstr "%s è·Ÿ %s 放在一起沒有æ„義!\n"
+
+#: g10/gpg.c:3057
+#, c-format
+msgid "will not run with insecure memory due to %s\n"
+msgstr "因為 %s 而ä¸æœƒåœ¨ä¸å®‰å…¨çš„記憶體中執行\n"
+
+#: g10/gpg.c:3071
+msgid "you can only make detached or clear signatures while in --pgp2 mode\n"
+msgstr "你祇有在 --pgp2 模å¼ä¸‹çº”能åšå‡ºåˆ†é›¢å¼æˆ–明文簽章\n"
+
+#: g10/gpg.c:3077
+msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
+msgstr "你在 --pgp2 模å¼ä¸‹æ™‚, ä¸èƒ½åŒæ™‚簽署和加密\n"
+
+#: g10/gpg.c:3083
+msgid "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
+msgstr "啟用 --pgp2 時你祇應該使用檔案, 而éžç®¡é“\n"
+
+#: g10/gpg.c:3096
+msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
+msgstr "在 --pgp2 模å¼ä¸‹åŠ å¯†è¨Šæ¯éœ€è¦ IDEA 編密法\n"
+
+#: g10/gpg.c:3163 g10/gpg.c:3187 sm/gpgsm.c:1511
+msgid "selected cipher algorithm is invalid\n"
+msgstr "所é¸çš„編密演算法無效\n"
+
+#: g10/gpg.c:3169 g10/gpg.c:3193 sm/gpgsm.c:1517 sm/gpgsm.c:1523
+msgid "selected digest algorithm is invalid\n"
+msgstr "所é¸çš„摘è¦æ¼”算法無效\n"
+
+#: g10/gpg.c:3175
+msgid "selected compression algorithm is invalid\n"
+msgstr "所é¸çš„壓縮演算法無效\n"
+
+#: g10/gpg.c:3181
+msgid "selected certification digest algorithm is invalid\n"
+msgstr "所é¸çš„憑證摘è¦æ¼”算法無效\n"
+
+#: g10/gpg.c:3196
+msgid "completes-needed must be greater than 0\n"
+msgstr "completes-needed 一定è¦å¤§æ–¼ 0\n"
+
+#: g10/gpg.c:3198
+msgid "marginals-needed must be greater than 1\n"
+msgstr "marginals-needed 一定è¦å¤§æ–¼ 1\n"
+
+#: g10/gpg.c:3200
+msgid "max-cert-depth must be in the range from 1 to 255\n"
+msgstr "max-cert-depth 一定è¦ä»‹æ–¼ 1 å’Œ 255 之間\n"
+
+#: g10/gpg.c:3202
+msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
+msgstr "無效的 default-cert-level; 一定è¦æ˜¯ 0, 1, 2 或 3\n"
+
+#: g10/gpg.c:3204
+msgid "invalid min-cert-level; must be 1, 2, or 3\n"
+msgstr "無效的 min-cert-level; 一定è¦æ˜¯ 1, 2 或 3\n"
+
+#: g10/gpg.c:3207
+msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgstr "請注æ„: 強烈ä¸å»ºè­°ä½¿ç”¨å–®ç´”çš„ S2K æ¨¡å¼ (0)\n"
+
+#: g10/gpg.c:3211
+msgid "invalid S2K mode; must be 0, 1 or 3\n"
+msgstr "無效的 S2K 模å¼; 一定è¦æ˜¯ 0, 1 或 3\n"
+
+#: g10/gpg.c:3218
+msgid "invalid default preferences\n"
+msgstr "無效的é è¨­å好\n"
+
+#: g10/gpg.c:3222
+msgid "invalid personal cipher preferences\n"
+msgstr "無效的個人編密法å好\n"
+
+#: g10/gpg.c:3226
+msgid "invalid personal digest preferences\n"
+msgstr "無效的個人摘è¦å好\n"
+
+#: g10/gpg.c:3230
+msgid "invalid personal compress preferences\n"
+msgstr "無效的個人壓縮å好\n"
+
+#: g10/gpg.c:3263
+#, c-format
+msgid "%s does not yet work with %s\n"
+msgstr "%s 還沒辦法跟 %s 一起é‹ä½œ\n"
+
+#: g10/gpg.c:3310
+#, c-format
+msgid "you may not use cipher algorithm `%s' while in %s mode\n"
+msgstr "ä½ ä¸è©²å°‡ `%s' 編密演算法用於 %s 模å¼ä¸­\n"
+
+#: g10/gpg.c:3315
+#, c-format
+msgid "you may not use digest algorithm `%s' while in %s mode\n"
+msgstr "ä½ ä¸è©²å°‡ `%s' 摘è¦æ¼”算法用於 %s 模å¼ä¸­\n"
+
+#: g10/gpg.c:3320
+#, c-format
+msgid "you may not use compression algorithm `%s' while in %s mode\n"
+msgstr "ä½ ä¸è©²å°‡ `%s' 壓縮演算法用於 %s 模å¼ä¸­\n"
+
+#: g10/gpg.c:3406
+#, c-format
+msgid "failed to initialize the TrustDB: %s\n"
+msgstr "信任資料庫啟始失敗: %s\n"
+
+#: g10/gpg.c:3417
+msgid "WARNING: recipients (-r) given without using public key encryption\n"
+msgstr "警告: 給定的收件者 (-r) 未使用公鑰加密\n"
+
+#: g10/gpg.c:3438
+msgid "--store [filename]"
+msgstr "--store [檔å]"
+
+#: g10/gpg.c:3445
+msgid "--symmetric [filename]"
+msgstr "--symmetric [檔å]"
+
+#: g10/gpg.c:3447
+#, c-format
+msgid "symmetric encryption of `%s' failed: %s\n"
+msgstr "`%s' å°ç¨±å¼åŠ å¯†å¤±æ•—: %s\n"
+
+#: g10/gpg.c:3457
+msgid "--encrypt [filename]"
+msgstr "--encrypt [檔å]"
+
+#: g10/gpg.c:3470
+msgid "--symmetric --encrypt [filename]"
+msgstr "--symmetric --encrypt [檔å]"
+
+#: g10/gpg.c:3472
+msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
+msgstr "ä½ ä¸èƒ½åœ¨ --s2k-mode 0 中使用 --symmetric --encrypt\n"
+
+#: g10/gpg.c:3475
+#, c-format
+msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+msgstr "ä½ ä¸èƒ½åœ¨ %s 模å¼ä¸­ä½¿ç”¨ --symmetric --encrypt\n"
+
+#: g10/gpg.c:3493
+msgid "--sign [filename]"
+msgstr "--sign [檔å]"
+
+#: g10/gpg.c:3506
+msgid "--sign --encrypt [filename]"
+msgstr "--sign --encrypt [檔å]"
+
+#: g10/gpg.c:3521
+msgid "--symmetric --sign --encrypt [filename]"
+msgstr "--symmetric --sign --encrypt [檔å]"
+
+#: g10/gpg.c:3523
+msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
+msgstr "ä½ ä¸èƒ½åœ¨ --s2k-mode 0 中使用 --symmetric --sign --encrypt\n"
+
+#: g10/gpg.c:3526
+#, c-format
+msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+msgstr "ä½ ä¸èƒ½åœ¨ %s 模å¼ä¸­ä½¿ç”¨ --symmetric --sign --encrypt\n"
+
+#: g10/gpg.c:3546
+msgid "--sign --symmetric [filename]"
+msgstr "--sign --symmetric [檔å]"
+
+#: g10/gpg.c:3555
+msgid "--clearsign [filename]"
+msgstr "--clearsign [檔å]"
+
+#: g10/gpg.c:3580
+msgid "--decrypt [filename]"
+msgstr "--decrypt [檔å]"
+
+#: g10/gpg.c:3588
+msgid "--sign-key user-id"
+msgstr "--sign-key 使用者ID"
+
+#: g10/gpg.c:3592
+msgid "--lsign-key user-id"
+msgstr "--lsign-key 使用者ID"
+
+#: g10/gpg.c:3613
+msgid "--edit-key user-id [commands]"
+msgstr "--edit-key 使用者ID [指令]"
+
+#: g10/gpg.c:3629
+msgid "--passwd <user-id>"
+msgstr "--passwd 使用者ID"
+
+#: g10/gpg.c:3716
+#, c-format
+msgid "keyserver send failed: %s\n"
+msgstr "é€è‡³é‡‘鑰伺æœå™¨å¤±æ•—: %s\n"
+
+#: g10/gpg.c:3718
+#, c-format
+msgid "keyserver receive failed: %s\n"
+msgstr "從金鑰伺æœå™¨æŽ¥æ”¶å¤±æ•—: %s\n"
+
+#: g10/gpg.c:3720
+#, c-format
+msgid "key export failed: %s\n"
+msgstr "金鑰匯出失敗: %s\n"
+
+#: g10/gpg.c:3731
+#, c-format
+msgid "keyserver search failed: %s\n"
+msgstr "用金鑰伺æœå™¨æœå°‹å¤±æ•—: %s\n"
+
+#: g10/gpg.c:3741
+#, c-format
+msgid "keyserver refresh failed: %s\n"
+msgstr "從金鑰伺æœå™¨æ›´æ–°å¤±æ•—: %s\n"
+
+#: g10/gpg.c:3792
+#, c-format
+msgid "dearmoring failed: %s\n"
+msgstr "解開å°è£å¤±æ•—: %s\n"
+
+#: g10/gpg.c:3800
+#, c-format
+msgid "enarmoring failed: %s\n"
+msgstr "進行å°è£å¤±æ•—: %s\n"
+
+#: g10/gpg.c:3890
+#, c-format
+msgid "invalid hash algorithm `%s'\n"
+msgstr "無效的 `%s' 雜湊演算法\n"
+
+#: g10/gpg.c:4005
+msgid "[filename]"
+msgstr "[檔å]"
+
+#: g10/gpg.c:4009
+msgid "Go ahead and type your message ...\n"
+msgstr "è«‹é–‹å§‹è¼¸å…¥ä½ çš„è¨Šæ¯ ...\n"
+
+#: g10/gpg.c:4323
+msgid "the given certification policy URL is invalid\n"
+msgstr "給定的的憑證原則 URL 無效\n"
+
+#: g10/gpg.c:4325
+msgid "the given signature policy URL is invalid\n"
+msgstr "給定的簽章原則 URL 無效\n"
+
+#: g10/gpg.c:4358
+msgid "the given preferred keyserver URL is invalid\n"
+msgstr "給定的å好金鑰伺æœå™¨ URL 無效\n"
+
+#: g10/gpgv.c:74
+msgid "|FILE|take the keys from the keyring FILE"
+msgstr "|檔案|從鑰匙圈「檔案ã€è£¡å–用金鑰"
+
+#: g10/gpgv.c:76
+msgid "make timestamp conflicts only a warning"
+msgstr "僅把時間戳å°çŸ›ç›¾è¦–為警告"
+
+#: g10/gpgv.c:78 sm/gpgsm.c:326
+msgid "|FD|write status info to this FD"
+msgstr "|檔案æè¿°|把狀態資訊寫入此「檔案æè¿°ã€"
+
+#: g10/gpgv.c:117
+msgid "Usage: gpgv [options] [files] (-h for help)"
+msgstr "用法: gpgv [é¸é …] [檔案] (或用 -h 求助)"
+
+#: g10/gpgv.c:119
+msgid ""
+"Syntax: gpgv [options] [files]\n"
+"Check signatures against known trusted keys\n"
+msgstr ""
+"語法: gpgv [é¸é …] [檔案]\n"
+"用已知的å—信任金鑰來檢查簽章\n"
+
+#: g10/helptext.c:72
+msgid "No help available"
+msgstr "沒有å¯ç”¨çš„說明"
+
+#: g10/helptext.c:82
+#, c-format
+msgid "No help available for `%s'"
+msgstr "`%s' 沒有å¯ç”¨çš„說明"
+
+#: g10/import.c:94
+msgid "import signatures that are marked as local-only"
+msgstr "匯入標記為僅é™æœ¬æ©Ÿä½¿ç”¨çš„簽章"
+
+#: g10/import.c:96
+msgid "repair damage from the pks keyserver during import"
+msgstr "匯入時修復來自 pks 金鑰伺æœå™¨çš„æ壞"
+
+#: g10/import.c:98
+msgid "do not update the trustdb after import"
+msgstr "匯入後ä¸è¦æ›´æ–°ä¿¡ä»»è³‡æ–™åº«"
+
+#: g10/import.c:100
+msgid "create a public key when importing a secret key"
+msgstr "匯入ç§é‘°æ™‚亦建立公鑰"
+
+#: g10/import.c:102
+msgid "only accept updates to existing keys"
+msgstr "祇接å—既有金鑰的更新"
+
+#: g10/import.c:104
+msgid "remove unusable parts from key after import"
+msgstr "匯入後從金鑰中移除無法使用的部分"
+
+#: g10/import.c:106
+msgid "remove as much as possible from key after import"
+msgstr "匯入後盡å¯èƒ½åœ°å¾žé‡‘鑰中移除"
+
+#: g10/import.c:266
+#, c-format
+msgid "skipping block of type %d\n"
+msgstr "æ­£åœ¨è·³éŽ %d åž‹æ…‹çš„å€å¡Š\n"
+
+#: g10/import.c:275
+#, c-format
+msgid "%lu keys processed so far\n"
+msgstr "ç›®å‰å·²è™•ç† %lu 把金鑰\n"
+
+#: g10/import.c:292
+#, c-format
+msgid "Total number processed: %lu\n"
+msgstr "處ç†ç¸½é‡: %lu\n"
+
+#: g10/import.c:294
+#, c-format
+msgid " skipped new keys: %lu\n"
+msgstr " 已跳éŽçš„新金鑰: %lu\n"
+
+#: g10/import.c:297
+#, c-format
+msgid " w/o user IDs: %lu\n"
+msgstr " 沒有使用者的 ID: %lu\n"
+
+#: g10/import.c:299 sm/import.c:114
+#, c-format
+msgid " imported: %lu"
+msgstr " 已匯入: %lu"
+
+#: g10/import.c:305 sm/import.c:118
+#, c-format
+msgid " unchanged: %lu\n"
+msgstr " 未改變的: %lu\n"
+
+#: g10/import.c:307
+#, c-format
+msgid " new user IDs: %lu\n"
+msgstr " 新的使用者 ID: %lu\n"
+
+#: g10/import.c:309
+#, c-format
+msgid " new subkeys: %lu\n"
+msgstr " æ–°çš„å­é‘°: %lu\n"
+
+#: g10/import.c:311
+#, c-format
+msgid " new signatures: %lu\n"
+msgstr " 新的簽章: %lu\n"
+
+#: g10/import.c:313
+#, c-format
+msgid " new key revocations: %lu\n"
+msgstr " 新的金鑰撤銷: %lu\n"
+
+#: g10/import.c:315 sm/import.c:120
+#, c-format
+msgid " secret keys read: %lu\n"
+msgstr " 已讀å–çš„ç§é‘°: %lu\n"
+
+#: g10/import.c:317 sm/import.c:122
+#, c-format
+msgid " secret keys imported: %lu\n"
+msgstr " 已匯入的ç§é‘°: %lu\n"
+
+#: g10/import.c:319 sm/import.c:124
+#, c-format
+msgid " secret keys unchanged: %lu\n"
+msgstr " 未改變的ç§é‘°: %lu\n"
+
+#: g10/import.c:321 sm/import.c:126
+#, c-format
+msgid " not imported: %lu\n"
+msgstr " 未被匯入: %lu\n"
+
+#: g10/import.c:323
+#, c-format
+msgid " signatures cleaned: %lu\n"
+msgstr " 已清除的簽章: %lu\n"
+
+#: g10/import.c:325
+#, c-format
+msgid " user IDs cleaned: %lu\n"
+msgstr " 已清除的使用者 ID: %lu\n"
+
+#: g10/import.c:606
+#, c-format
+msgid ""
+"WARNING: key %s contains preferences for unavailable\n"
+"algorithms on these user IDs:\n"
+msgstr "警告: 金鑰 %s çš„å好設定å«æœ‰é€™äº›ä½¿ç”¨è€… ID 無法使用的演算法:\n"
+
+#: g10/import.c:647
+#, c-format
+msgid " \"%s\": preference for cipher algorithm %s\n"
+msgstr " \"%s\": 編密演算法 %s çš„å好設定\n"
+
+#: g10/import.c:662
+#, c-format
+msgid " \"%s\": preference for digest algorithm %s\n"
+msgstr " \"%s\": 摘è¦æ¼”算法 %s çš„å好設定\n"
+
+#: g10/import.c:674
+#, c-format
+msgid " \"%s\": preference for compression algorithm %s\n"
+msgstr " \"%s\": 壓縮演算法 %s çš„å好設定\n"
+
+#: g10/import.c:687
+msgid "it is strongly suggested that you update your preferences and\n"
+msgstr "我們強烈建議你更新å好設定, 並é‡æ–°\n"
+
+#: g10/import.c:689
+msgid "re-distribute this key to avoid potential algorithm mismatch problems\n"
+msgstr "散佈此金鑰, 以é¿å…潛在的演算法ä¸ä¸€è‡´å•é¡Œ.\n"
+
+#: g10/import.c:713
+#, c-format
+msgid "you can update your preferences with: gpg --edit-key %s updpref save\n"
+msgstr "ä½ å¯ä»¥åƒé€™æ¨£ä¾†æ›´æ–°å好設定: gpg --edit-key %s updpref save\n"
+
+#: g10/import.c:766 g10/import.c:1179
+#, c-format
+msgid "key %s: no user ID\n"
+msgstr "金鑰 %s: 沒有使用者 ID\n"
+
+#: g10/import.c:795
+#, c-format
+msgid "key %s: PKS subkey corruption repaired\n"
+msgstr "金鑰 %s: PKS å­é‘°çš„訛誤已被修復\n"
+
+#: g10/import.c:810
+#, c-format
+msgid "key %s: accepted non self-signed user ID \"%s\"\n"
+msgstr "金鑰 %s: 已接å—éžè‡ªæˆ‘簽署的使用者 ID \"%s\"\n"
+
+#: g10/import.c:816
+#, c-format
+msgid "key %s: no valid user IDs\n"
+msgstr "金鑰 %s: 沒有有效的使用者 ID\n"
+
+#: g10/import.c:818
+msgid "this may be caused by a missing self-signature\n"
+msgstr "這å¯èƒ½è‚‡å› æ–¼éºå¤±è‡ªæˆ‘簽章所致\n"
+
+#: g10/import.c:828 g10/import.c:1303
+#, c-format
+msgid "key %s: public key not found: %s\n"
+msgstr "金鑰 %s: 找ä¸åˆ°å…¬é‘°: %s\n"
+
+#: g10/import.c:834
+#, c-format
+msgid "key %s: new key - skipped\n"
+msgstr "金鑰 %s: 新的金鑰 - 已跳éŽ\n"
+
+#: g10/import.c:843
+#, c-format
+msgid "no writable keyring found: %s\n"
+msgstr "找ä¸åˆ°å¯å¯«å…¥çš„鑰匙圈: %s\n"
+
+#: g10/import.c:848 g10/openfile.c:278 g10/sign.c:805 g10/sign.c:1114
+#, c-format
+msgid "writing to `%s'\n"
+msgstr "寫入 `%s' 中\n"
+
+#: g10/import.c:852 g10/import.c:952 g10/import.c:1219 g10/import.c:1364
+#: g10/import.c:2494 g10/import.c:2516
+#, c-format
+msgid "error writing keyring `%s': %s\n"
+msgstr "寫入鑰匙圈 `%s' 時出錯: %s\n"
+
+#: g10/import.c:871
+#, c-format
+msgid "key %s: public key \"%s\" imported\n"
+msgstr "金鑰 %s: 公鑰 \"%s\" 已匯入\n"
+
+#: g10/import.c:895
+#, c-format
+msgid "key %s: doesn't match our copy\n"
+msgstr "金鑰 %s: 跟我們的副本ä¸å»åˆ\n"
+
+#: g10/import.c:912 g10/import.c:1321
+#, c-format
+msgid "key %s: can't locate original keyblock: %s\n"
+msgstr "金鑰 %s: 無法定å€åŽŸå§‹çš„金鑰å€å¡Š: %s\n"
+
+#: g10/import.c:920 g10/import.c:1328
+#, c-format
+msgid "key %s: can't read original keyblock: %s\n"
+msgstr "金鑰 %s: 無法讀å–原始的金鑰å€å¡Š: %s\n"
+
+#: g10/import.c:962
+#, c-format
+msgid "key %s: \"%s\" 1 new user ID\n"
+msgstr "金鑰 %s: \"%s\" 1 個新的使用者 ID\n"
+
+#: g10/import.c:965
+#, c-format
+msgid "key %s: \"%s\" %d new user IDs\n"
+msgstr "金鑰 %s: \"%s\" %d 個新的使用者 ID\n"
+
+#: g10/import.c:968
+#, c-format
+msgid "key %s: \"%s\" 1 new signature\n"
+msgstr "金鑰 %s: \"%s\" 1 份新的簽章\n"
+
+#: g10/import.c:971
+#, c-format
+msgid "key %s: \"%s\" %d new signatures\n"
+msgstr "金鑰 %s: \"%s\" %d 份新的簽章\n"
+
+#: g10/import.c:974
+#, c-format
+msgid "key %s: \"%s\" 1 new subkey\n"
+msgstr "金鑰 %s: \"%s\" 1 把新的å­é‘°\n"
+
+#: g10/import.c:977
+#, c-format
+msgid "key %s: \"%s\" %d new subkeys\n"
+msgstr "金鑰 %s: \"%s\" %d 把新的å­é‘°\n"
+
+#: g10/import.c:980
+#, c-format
+msgid "key %s: \"%s\" %d signature cleaned\n"
+msgstr "金鑰 %s: \"%s\" 已清除 %d 份簽章\n"
+
+#: g10/import.c:983
+#, c-format
+msgid "key %s: \"%s\" %d signatures cleaned\n"
+msgstr "金鑰 %s: \"%s\" 已清除 %d 份簽章\n"
+
+#: g10/import.c:986
+#, c-format
+msgid "key %s: \"%s\" %d user ID cleaned\n"
+msgstr "金鑰 %s: \"%s\" 已清除 %d 個使用者 ID\n"
+
+#: g10/import.c:989
+#, c-format
+msgid "key %s: \"%s\" %d user IDs cleaned\n"
+msgstr "金鑰 %s: \"%s\" 已清除 %d 個使用者 ID\n"
+
+#: g10/import.c:1013
+#, c-format
+msgid "key %s: \"%s\" not changed\n"
+msgstr "金鑰 %s: \"%s\" 未改變\n"
+
+#: g10/import.c:1185
+#, c-format
+msgid "key %s: secret key with invalid cipher %d - skipped\n"
+msgstr "金鑰 %s: ç§é‘°ä½¿ç”¨äº†ç„¡æ•ˆçš„ %d 編密法 - 已跳éŽ\n"
+
+#: g10/import.c:1196
+msgid "importing secret keys not allowed\n"
+msgstr "未å…許匯入ç§é‘°\n"
+
+#: g10/import.c:1213 g10/import.c:2509
+#, c-format
+msgid "no default secret keyring: %s\n"
+msgstr "沒有é è¨­çš„ç§é‘°é‘°åŒ™åœˆ: %s\n"
+
+#: g10/import.c:1224
+#, c-format
+msgid "key %s: secret key imported\n"
+msgstr "金鑰 %s: ç§é‘°å·²åŒ¯å…¥\n"
+
+#: g10/import.c:1254
+#, c-format
+msgid "key %s: already in secret keyring\n"
+msgstr "金鑰 %s: 已在ç§é‘°é‘°åŒ™åœˆä¹‹ä¸­äº†\n"
+
+#: g10/import.c:1264
+#, c-format
+msgid "key %s: secret key not found: %s\n"
+msgstr "金鑰 %s: 找ä¸åˆ°ç§é‘°: %s\n"
+
+#: g10/import.c:1296
+#, c-format
+msgid "key %s: no public key - can't apply revocation certificate\n"
+msgstr "金鑰 %s: 沒有公鑰 - 無法套用撤銷憑證\n"
+
+#: g10/import.c:1339
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - rejected\n"
+msgstr "金鑰 %s: 無效的撤銷憑證: %s - å·²é§å›ž\n"
+
+#: g10/import.c:1371
+#, c-format
+msgid "key %s: \"%s\" revocation certificate imported\n"
+msgstr "金鑰 %s: \"%s\" 撤銷憑證已匯入\n"
+
+#: g10/import.c:1447
+#, c-format
+msgid "key %s: no user ID for signature\n"
+msgstr "金鑰 %s: 簽章沒有使用者 ID\n"
+
+#: g10/import.c:1464
+#, c-format
+msgid "key %s: unsupported public key algorithm on user ID \"%s\"\n"
+msgstr "金鑰 %s: 使用者 ID \"%s\" 用了未支æ´çš„公鑰演算法\n"
+
+#: g10/import.c:1466
+#, c-format
+msgid "key %s: invalid self-signature on user ID \"%s\"\n"
+msgstr "金鑰 %s: 使用者 ID \"%s\" 的自我簽章無效\n"
+
+#: g10/import.c:1483 g10/import.c:1509 g10/import.c:1560
+#, c-format
+msgid "key %s: unsupported public key algorithm\n"
+msgstr "金鑰 %s: 未支æ´çš„公鑰演算法\n"
+
+#: g10/import.c:1484
+#, c-format
+msgid "key %s: invalid direct key signature\n"
+msgstr "金鑰 %s: 無效的直接金鑰簽章\n"
+
+#: g10/import.c:1498
+#, c-format
+msgid "key %s: no subkey for key binding\n"
+msgstr "金鑰 %s: 沒有å¯ä¾›é™„帶的å­é‘°\n"
+
+#: g10/import.c:1511
+#, c-format
+msgid "key %s: invalid subkey binding\n"
+msgstr "金鑰 %s: 無效的附帶å­é‘°\n"
+
+#: g10/import.c:1527
+#, c-format
+msgid "key %s: removed multiple subkey binding\n"
+msgstr "金鑰 %s: 多é‡é™„帶å­é‘°å·²ç§»é™¤\n"
+
+#: g10/import.c:1549
+#, c-format
+msgid "key %s: no subkey for key revocation\n"
+msgstr "金鑰 %s: 沒有å­é‘°å¯ä¾›é‡‘鑰撤銷\n"
+
+#: g10/import.c:1562
+#, c-format
+msgid "key %s: invalid subkey revocation\n"
+msgstr "金鑰 %s: 無效的å­é‘°æ’¤éŠ·\n"
+
+#: g10/import.c:1577
+#, c-format
+msgid "key %s: removed multiple subkey revocation\n"
+msgstr "金鑰 %s: 多é‡å­é‘°æ’¤éŠ·å·²ç§»é™¤\n"
+
+#: g10/import.c:1618
+#, c-format
+msgid "key %s: skipped user ID \"%s\"\n"
+msgstr "金鑰 %s: 使用者 ID \"%s\" 已跳éŽ\n"
+
+#: g10/import.c:1639
+#, c-format
+msgid "key %s: skipped subkey\n"
+msgstr "金鑰 %s: å­é‘°å·²è·³éŽ\n"
+
+# here we violate the rfc a bit by still allowing
+# * to import non-exportable signature when we have the
+# * the secret key used to create this signature - it
+# * seems that this makes sense
+#: g10/import.c:1666
+#, c-format
+msgid "key %s: non exportable signature (class 0x%02X) - skipped\n"
+msgstr "金鑰 %s: ä¸å¯åŒ¯å‡ºçš„簽章 (等級 0x%02X) - 已跳éŽ\n"
+
+#: g10/import.c:1676
+#, c-format
+msgid "key %s: revocation certificate at wrong place - skipped\n"
+msgstr "金鑰 %s: 撤銷憑證在錯誤的地方 - 已跳éŽ\n"
+
+#: g10/import.c:1693
+#, c-format
+msgid "key %s: invalid revocation certificate: %s - skipped\n"
+msgstr "金鑰 %s: 無效的撤銷憑證: %s - 已跳éŽ\n"
+
+#: g10/import.c:1707
+#, c-format
+msgid "key %s: subkey signature in wrong place - skipped\n"
+msgstr "金鑰 %s: å­é‘°ç°½ç« åœ¨éŒ¯èª¤çš„地方 - 已跳éŽ\n"
+
+#: g10/import.c:1715
+#, c-format
+msgid "key %s: unexpected signature class (0x%02X) - skipped\n"
+msgstr "金鑰 %s: éžé æœŸçš„簽章等級 (0x%02X) - 已跳éŽ\n"
+
+#: g10/import.c:1844
+#, c-format
+msgid "key %s: duplicated user ID detected - merged\n"
+msgstr "金鑰 %s: åµæ¸¬åˆ°é‡è¤‡çš„使用者 ID - å·²åˆä½µ\n"
+
+#: g10/import.c:1906
+#, c-format
+msgid "WARNING: key %s may be revoked: fetching revocation key %s\n"
+msgstr "警告: 金鑰 %s å¯èƒ½è¢«æ’¤éŠ·äº†: 正在å–回撤銷金鑰 %s\n"
+
+#: g10/import.c:1920
+#, c-format
+msgid "WARNING: key %s may be revoked: revocation key %s not present.\n"
+msgstr "警告: 金鑰 %s å¯èƒ½è¢«æ’¤éŠ·äº†: 撤銷金鑰 %s 未出ç¾.\n"
+
+#: g10/import.c:1979
+#, c-format
+msgid "key %s: \"%s\" revocation certificate added\n"
+msgstr "金鑰 %s: 已新增 \"%s\" 撤銷憑證\n"
+
+#: g10/import.c:2013
+#, c-format
+msgid "key %s: direct key signature added\n"
+msgstr "金鑰 %s: 已新增直接金鑰簽章\n"
+
+#: g10/import.c:2414
+msgid "NOTE: a key's S/N does not match the card's one\n"
+msgstr "請注æ„: 金鑰的åºè™Ÿ (S/N) 與å¡ç‰‡ä¸Šçš„並ä¸ä¸€è‡´\n"
+
+#: g10/import.c:2422
+msgid "NOTE: primary key is online and stored on card\n"
+msgstr "請注æ„: 主鑰在線上且已存放於å¡ç‰‡ä¸Šäº†\n"
+
+#: g10/import.c:2424
+msgid "NOTE: secondary key is online and stored on card\n"
+msgstr "請注æ„: å­é‘°åœ¨ç·šä¸Šä¸”已存放於å¡ç‰‡ä¸Šäº†\n"
+
+#: g10/keydb.c:181
+#, c-format
+msgid "error creating keyring `%s': %s\n"
+msgstr "建立 `%s' 鑰匙圈時出錯: %s\n"
+
+#: g10/keydb.c:187
+#, c-format
+msgid "keyring `%s' created\n"
+msgstr "`%s' 鑰匙圈已建立\n"
+
+#: g10/keydb.c:333 g10/keydb.c:336
+#, c-format
+msgid "keyblock resource `%s': %s\n"
+msgstr "`%s' 金鑰å€å¡Šè³‡æº: %s\n"
+
+#: g10/keydb.c:719
+#, c-format
+msgid "failed to rebuild keyring cache: %s\n"
+msgstr "é‡æ–°å»ºç«‹é‘°åŒ™åœˆå¿«å–失敗: %s\n"
+
+#: g10/keyedit.c:265
+msgid "[revocation]"
+msgstr "[撤銷]"
+
+#: g10/keyedit.c:266
+msgid "[self-signature]"
+msgstr "[自我簽章]"
+
+#: g10/keyedit.c:344 g10/keylist.c:398
+msgid "1 bad signature\n"
+msgstr "1 份æ壞的簽章\n"
+
+#: g10/keyedit.c:346 g10/keylist.c:400
+#, c-format
+msgid "%d bad signatures\n"
+msgstr "%d 份æ壞的簽章\n"
+
+#: g10/keyedit.c:348 g10/keylist.c:402
+msgid "1 signature not checked due to a missing key\n"
+msgstr "有 1 份簽章因為éºå¤±é‡‘鑰而未被檢查\n"
+
+#: g10/keyedit.c:350 g10/keylist.c:404
+#, c-format
+msgid "%d signatures not checked due to missing keys\n"
+msgstr "有 %d 份簽章因為éºå¤±é‡‘鑰而未被檢查\n"
+
+#: g10/keyedit.c:352 g10/keylist.c:406
+msgid "1 signature not checked due to an error\n"
+msgstr "有 1 份簽章因錯誤而未被檢查\n"
+
+#: g10/keyedit.c:354 g10/keylist.c:408
+#, c-format
+msgid "%d signatures not checked due to errors\n"
+msgstr "有 %d 份簽章因錯誤而未被檢查\n"
+
+#: g10/keyedit.c:356
+msgid "1 user ID without valid self-signature detected\n"
+msgstr "åµæ¸¬åˆ° 1 個沒有有效自我簽章的使用者 ID\n"
+
+#: g10/keyedit.c:358
+#, c-format
+msgid "%d user IDs without valid self-signatures detected\n"
+msgstr "åµæ¸¬åˆ° %d 個沒有有效自我簽章的使用者 ID\n"
+
+#: g10/keyedit.c:414 g10/pkclist.c:262
+msgid ""
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
+msgstr ""
+"請判斷你有多信任這ä½ä½¿ç”¨è€…確實驗證其他使用者的金鑰\n"
+"(åƒæ˜¯æŸ¥å°èº«ä»½è­‰, 或從ä¸åŒçš„來æºæª¢æŸ¥æŒ‡ç´‹ç­‰...)的能力\n"
+
+#: g10/keyedit.c:418 g10/pkclist.c:274
+#, c-format
+msgid " %d = I trust marginally\n"
+msgstr " %d = 我勉強信任\n"
+
+#: g10/keyedit.c:419 g10/pkclist.c:276
+#, c-format
+msgid " %d = I trust fully\n"
+msgstr " %d = 我完全信任\n"
+
+#: g10/keyedit.c:438
+msgid ""
+"Please enter the depth of this trust signature.\n"
+"A depth greater than 1 allows the key you are signing to make\n"
+"trust signatures on your behalf.\n"
+msgstr ""
+"請輸入此信任簽章的深度.\n"
+"深度大於 1 的話就表示你信任這把正被簽署的金鑰,\n"
+"åŒæ™‚也信任這把金鑰所簽署的信任簽章.\n"
+
+#: g10/keyedit.c:454
+msgid "Please enter a domain to restrict this signature, or enter for none.\n"
+msgstr "請輸入約æŸæ­¤ç°½ç« çš„網域, 若無請直接按下 [Enter].\n"
+
+#: g10/keyedit.c:598
+#, c-format
+msgid "User ID \"%s\" is revoked."
+msgstr "使用者 ID \"%s\" 已撤銷."
+
+#: g10/keyedit.c:607 g10/keyedit.c:635 g10/keyedit.c:662 g10/keyedit.c:830
+#: g10/keyedit.c:895 g10/keyedit.c:1785
+msgid "Are you sure you still want to sign it? (y/N) "
+msgstr "ä½ ä»ç„¶æƒ³è¦ç°½ç½²å®ƒå—Ž? (y/N) "
+
+#: g10/keyedit.c:621 g10/keyedit.c:649 g10/keyedit.c:676 g10/keyedit.c:836
+#: g10/keyedit.c:1791
+msgid " Unable to sign.\n"
+msgstr " 無法簽署.\n"
+
+#: g10/keyedit.c:626
+#, c-format
+msgid "User ID \"%s\" is expired."
+msgstr "使用者 ID \"%s\" å·²éŽæœŸ."
+
+#: g10/keyedit.c:654
+#, c-format
+msgid "User ID \"%s\" is not self-signed."
+msgstr "使用者 ID \"%s\" 未經自我簽署."
+
+#: g10/keyedit.c:682
+#, c-format
+msgid "User ID \"%s\" is signable. "
+msgstr "使用者 ID \"%s\" å¯è¢«ç°½ç½²."
+
+#: g10/keyedit.c:684
+msgid "Sign it? (y/N) "
+msgstr "是å¦è¦ç°½ç½²? (y/N) "
+
+#: g10/keyedit.c:706
+#, c-format
+msgid ""
+"The self-signature on \"%s\"\n"
+"is a PGP 2.x-style signature.\n"
+msgstr ""
+"\"%s\" 裡的自我簽章\n"
+"是 PGP 2.x 型態的簽章.\n"
+
+#: g10/keyedit.c:715
+msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
+msgstr "你是å¦æƒ³è¦å°‡å®ƒå‡ç´šæˆ OpenPGP 自我簽章? (y/N) "
+
+#: g10/keyedit.c:729
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"has expired.\n"
+msgstr ""
+"ä½ ç›®å‰åœ¨ \"%s\" 的簽章\n"
+"已經éŽæœŸäº†.\n"
+
+#: g10/keyedit.c:733
+msgid "Do you want to issue a new signature to replace the expired one? (y/N) "
+msgstr "你想è¦ç™¼ä½ˆä¸€ä»½æ–°çš„簽章來å–代已éŽæœŸçš„那個嗎? (y/N) "
+
+#: g10/keyedit.c:754
+#, c-format
+msgid ""
+"Your current signature on \"%s\"\n"
+"is a local signature.\n"
+msgstr ""
+"ä½ ç›®å‰åœ¨ \"%s\" 的簽章\n"
+"是一份本機簽章.\n"
+
+#: g10/keyedit.c:758
+msgid "Do you want to promote it to a full exportable signature? (y/N) "
+msgstr "你是å¦æƒ³è¦æŠŠä»–å‡ç´šæˆå¯ä»¥å®Œå…¨åŒ¯å‡ºçš„簽章? (y/N) "
+
+#: g10/keyedit.c:779
+#, c-format
+msgid "\"%s\" was already locally signed by key %s\n"
+msgstr "\"%s\" 已經被金鑰 %s 在本機簽署了\n"
+
+#: g10/keyedit.c:782
+#, c-format
+msgid "\"%s\" was already signed by key %s\n"
+msgstr "\"%s\" 已經被金鑰 %s 簽署了\n"
+
+#: g10/keyedit.c:787
+msgid "Do you want to sign it again anyway? (y/N) "
+msgstr "ä½ ä»ç„¶æƒ³è¦å†æ¬¡ç°½ç½²å®ƒå—Ž? (y/N) "
+
+#: g10/keyedit.c:809
+#, c-format
+msgid "Nothing to sign with key %s\n"
+msgstr "沒有æ±è¥¿å¯ä»¥è®“金鑰 %s 簽署\n"
+
+#: g10/keyedit.c:824
+msgid "This key has expired!"
+msgstr "這把金鑰已經éŽæœŸäº†!"
+
+#: g10/keyedit.c:842
+#, c-format
+msgid "This key is due to expire on %s.\n"
+msgstr "這把金鑰將在 %s éŽæœŸ.\n"
+
+#: g10/keyedit.c:848
+msgid "Do you want your signature to expire at the same time? (Y/n) "
+msgstr "你想è¦è®“你的簽章也在åŒä¸€å€‹æ™‚候éŽæœŸå—Ž? (Y/n) "
+
+#: g10/keyedit.c:888
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
+msgstr "ä½ ä¸èƒ½åœ¨ --pgp2 模å¼ä¸‹, æ‹¿ PGP 2.x 金鑰åšå‡º OpenPGP 簽章.\n"
+
+#: g10/keyedit.c:890
+msgid "This would make the key unusable in PGP 2.x.\n"
+msgstr "這會讓這把金鑰在 PGP 2.x 模å¼ä¸‹ç„¡æ³•ä½¿ç”¨.\n"
+
+#: g10/keyedit.c:915
+msgid ""
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
+"to the person named above? If you don't know what to answer, enter \"0\".\n"
+msgstr ""
+"你有多謹慎檢查正è¦ç°½ç½²çš„金鑰確實屬於上é¢é‚£å€‹äººçš„åå­—å‘¢?\n"
+"如果你ä¸çŸ¥é“這個å•é¡Œçš„答案, 請輸入 \"0\".\n"
+
+#: g10/keyedit.c:920
+#, c-format
+msgid " (0) I will not answer.%s\n"
+msgstr " (0) 我ä¸ä½œç­”.%s\n"
+
+#: g10/keyedit.c:922
+#, c-format
+msgid " (1) I have not checked at all.%s\n"
+msgstr " (1) 我根本沒有檢查éŽ.%s\n"
+
+#: g10/keyedit.c:924
+#, c-format
+msgid " (2) I have done casual checking.%s\n"
+msgstr " (2) 我隨æ„檢查éŽäº†.%s\n"
+
+#: g10/keyedit.c:926
+#, c-format
+msgid " (3) I have done very careful checking.%s\n"
+msgstr " (3) 我éžå¸¸å°å¿ƒåœ°æª¢æŸ¥éŽäº†.%s\n"
+
+#: g10/keyedit.c:932
+msgid "Your selection? (enter `?' for more information): "
+msgstr "ä½ çš„é¸æ“‡æ˜¯? (輸入 `?' 以å–得更多資訊): "
+
+#: g10/keyedit.c:956
+#, c-format
+msgid ""
+"Are you sure that you want to sign this key with your\n"
+"key \"%s\" (%s)\n"
+msgstr ""
+"你真的確定è¦ç”¨ä½ çš„金鑰 \"%s\" (%s)\n"
+"來簽署這把金鑰嗎\n"
+
+#: g10/keyedit.c:963
+msgid "This will be a self-signature.\n"
+msgstr "這將會是一份自我簽章.\n"
+
+#: g10/keyedit.c:969
+msgid "WARNING: the signature will not be marked as non-exportable.\n"
+msgstr "警告: 這份簽章ä¸æœƒè¢«æ¨™è¨˜ç‚ºä¸å¯åŒ¯å‡º.\n"
+
+#: g10/keyedit.c:977
+msgid "WARNING: the signature will not be marked as non-revocable.\n"
+msgstr "警告: 這份簽章ä¸æœƒè¢«æ¨™è¨˜æˆä¸å¯æ’¤éŠ·.\n"
+
+#: g10/keyedit.c:987
+msgid "The signature will be marked as non-exportable.\n"
+msgstr "這份簽章會被標記æˆä¸å¯åŒ¯å‡º.\n"
+
+#: g10/keyedit.c:994
+msgid "The signature will be marked as non-revocable.\n"
+msgstr "這份簽章會被標記æˆä¸å¯æ’¤éŠ·.\n"
+
+#: g10/keyedit.c:1001
+msgid "I have not checked this key at all.\n"
+msgstr "我根本沒有檢查éŽé€™æŠŠé‡‘é‘°.\n"
+
+#: g10/keyedit.c:1006
+msgid "I have checked this key casually.\n"
+msgstr "我隨æ„檢查éŽé€™æŠŠé‡‘鑰了.\n"
+
+#: g10/keyedit.c:1011
+msgid "I have checked this key very carefully.\n"
+msgstr "我éžå¸¸å°å¿ƒåœ°æª¢æŸ¥éŽé€™æŠŠé‡‘鑰了.\n"
+
+#: g10/keyedit.c:1021
+msgid "Really sign? (y/N) "
+msgstr "真的è¦ç°½ç½²å—Ž? (y/N)"
+
+#: g10/keyedit.c:1066 g10/keyedit.c:4965 g10/keyedit.c:5056 g10/keyedit.c:5120
+#: g10/keyedit.c:5181 g10/sign.c:316
+#, c-format
+msgid "signing failed: %s\n"
+msgstr "簽署時失敗: %s\n"
+
+#: g10/keyedit.c:1131
+msgid "Key has only stub or on-card key items - no passphrase to change.\n"
+msgstr "金鑰祇剩下殘骸或者祇å«æœ‰å¡ä¸Šé‡‘é‘°é …ç›® - 沒有å¯è®Šæ›´çš„密語.\n"
+
+#: g10/keyedit.c:1142 g10/keygen.c:3774
+msgid "This key is not protected.\n"
+msgstr "這把金鑰未被ä¿è­·.\n"
+
+#: g10/keyedit.c:1146 g10/keygen.c:3761 g10/revoke.c:536
+msgid "Secret parts of primary key are not available.\n"
+msgstr "主鑰的ç§é‘°éƒ¨åˆ†ç„¡æ³•å–用.\n"
+
+#: g10/keyedit.c:1150 g10/keygen.c:3777
+msgid "Secret parts of primary key are stored on-card.\n"
+msgstr "主鑰的ç§é‘°éƒ¨åˆ†å­˜æ”¾æ–¼å¡ä¸Š.\n"
+
+#: g10/keyedit.c:1156 g10/keygen.c:3781
+msgid "Key is protected.\n"
+msgstr "金鑰已ä¿è­·.\n"
+
+#: g10/keyedit.c:1186
+#, c-format
+msgid "Can't edit this key: %s\n"
+msgstr "無法編輯這把金鑰: %s\n"
+
+#: g10/keyedit.c:1192
+msgid ""
+"Enter the new passphrase for this secret key.\n"
+"\n"
+msgstr ""
+"請輸入è¦çµ¦é€™æŠŠç§é‘°ç”¨çš„新密語.\n"
+"\n"
+
+#: g10/keyedit.c:1207 g10/keygen.c:2291
+msgid "passphrase not correctly repeated; try again"
+msgstr "å‰å¾Œå…©æ¬¡è¼¸å…¥çš„密語ä¸ä¸€è‡´; è«‹å†è©¦ä¸€æ¬¡"
+
+#: g10/keyedit.c:1212
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"\n"
+msgstr ""
+"ä½ ä¸æƒ³è¦ç”¨å¯†èªž - 這大概是個 *糟* 點å­!\n"
+"\n"
+
+#: g10/keyedit.c:1215
+msgid "Do you really want to do this? (y/N) "
+msgstr "你真的想è¦é€™éº¼åšå—Ž? (y/N) "
+
+#: g10/keyedit.c:1298
+msgid "moving a key signature to the correct place\n"
+msgstr "正在把金鑰的簽章æ¬ç§»åˆ°æ­£ç¢ºçš„ä½ç½®åŽ»\n"
+
+#: g10/keyedit.c:1384
+msgid "save and quit"
+msgstr "儲存並離開"
+
+#: g10/keyedit.c:1387
+msgid "show key fingerprint"
+msgstr "顯示金鑰指紋"
+
+#: g10/keyedit.c:1388
+msgid "list key and user IDs"
+msgstr "列出金鑰和使用者 ID"
+
+#: g10/keyedit.c:1390
+msgid "select user ID N"
+msgstr "é¸æ“‡ä½¿ç”¨è€… ID N"
+
+#: g10/keyedit.c:1391
+msgid "select subkey N"
+msgstr "é¸æ“‡å­é‘° N"
+
+#: g10/keyedit.c:1392
+msgid "check signatures"
+msgstr "檢查簽章"
+
+#: g10/keyedit.c:1397
+msgid "sign selected user IDs [* see below for related commands]"
+msgstr "簽署所é¸çš„使用者 ID [* è«‹åƒè¦‹åº•ä¸‹ç›¸é—œçš„註解]"
+
+#: g10/keyedit.c:1402
+msgid "sign selected user IDs locally"
+msgstr "僅在本機簽署所é¸çš„使用者 ID"
+
+#: g10/keyedit.c:1404
+msgid "sign selected user IDs with a trust signature"
+msgstr "用信任簽章來簽署所é¸çš„使用者 ID"
+
+#: g10/keyedit.c:1406
+msgid "sign selected user IDs with a non-revocable signature"
+msgstr "用ä¸å¯æ’¤éŠ·çš„簽章來簽署所é¸çš„使用者 ID"
+
+#: g10/keyedit.c:1410
+msgid "add a user ID"
+msgstr "增加使用者 ID"
+
+#: g10/keyedit.c:1412
+msgid "add a photo ID"
+msgstr "增加照片 ID"
+
+#: g10/keyedit.c:1414
+msgid "delete selected user IDs"
+msgstr "刪除所é¸çš„使用者 ID"
+
+#: g10/keyedit.c:1419
+msgid "add a subkey"
+msgstr "增加å­é‘°"
+
+#: g10/keyedit.c:1423
+msgid "add a key to a smartcard"
+msgstr "將金鑰加到智慧å¡"
+
+#: g10/keyedit.c:1425
+msgid "move a key to a smartcard"
+msgstr "將金鑰移動到智慧å¡"
+
+#: g10/keyedit.c:1427
+msgid "move a backup key to a smartcard"
+msgstr "將備份金鑰移動到智慧å¡"
+
+#: g10/keyedit.c:1431
+msgid "delete selected subkeys"
+msgstr "刪除所é¸çš„å­é‘°"
+
+#: g10/keyedit.c:1433
+msgid "add a revocation key"
+msgstr "增加撤銷金鑰"
+
+#: g10/keyedit.c:1435
+msgid "delete signatures from the selected user IDs"
+msgstr "從所é¸çš„使用者 ID 中刪除簽章"
+
+#: g10/keyedit.c:1437
+msgid "change the expiration date for the key or selected subkeys"
+msgstr "變更金鑰或所é¸å­é‘°çš„使用期é™"
+
+#: g10/keyedit.c:1439
+msgid "flag the selected user ID as primary"
+msgstr "把所é¸çš„使用者 ID 標為主è¦"
+
+#: g10/keyedit.c:1441
+msgid "toggle between the secret and public key listings"
+msgstr "在ç§é‘°æ¸…單和公鑰清單間切æ›"
+
+#: g10/keyedit.c:1444
+msgid "list preferences (expert)"
+msgstr "列出å好 (專家模å¼)"
+
+#: g10/keyedit.c:1446
+msgid "list preferences (verbose)"
+msgstr "列出å好 (囉唆模å¼)"
+
+#: g10/keyedit.c:1448
+msgid "set preference list for the selected user IDs"
+msgstr "設定所é¸ä½¿ç”¨è€… ID çš„å好清單"
+
+#: g10/keyedit.c:1453
+msgid "set the preferred keyserver URL for the selected user IDs"
+msgstr "為所é¸çš„使用者 ID 設定å好的金鑰伺æœå™¨ URL"
+
+#: g10/keyedit.c:1455
+msgid "set a notation for the selected user IDs"
+msgstr "為所é¸çš„使用者 ID 設定註記"
+
+#: g10/keyedit.c:1457
+msgid "change the passphrase"
+msgstr "更改密語"
+
+#: g10/keyedit.c:1461
+msgid "change the ownertrust"
+msgstr "更改主觀信任"
+
+#: g10/keyedit.c:1463
+msgid "revoke signatures on the selected user IDs"
+msgstr "撤銷所é¸ä½¿ç”¨è€… ID 的簽章"
+
+#: g10/keyedit.c:1465
+msgid "revoke selected user IDs"
+msgstr "撤銷所é¸çš„使用者 ID"
+
+#: g10/keyedit.c:1470
+msgid "revoke key or selected subkeys"
+msgstr "撤銷金鑰或所é¸çš„å­é‘°"
+
+#: g10/keyedit.c:1471
+msgid "enable key"
+msgstr "啟用金鑰"
+
+#: g10/keyedit.c:1472
+msgid "disable key"
+msgstr "åœç”¨é‡‘é‘°"
+
+#: g10/keyedit.c:1473
+msgid "show selected photo IDs"
+msgstr "顯示所é¸çš„照片 ID"
+
+#: g10/keyedit.c:1475
+msgid "compact unusable user IDs and remove unusable signatures from key"
+msgstr "從金鑰中精簡無法使用的使用者 ID 並移除無法使用的簽章"
+
+#: g10/keyedit.c:1477
+msgid "compact unusable user IDs and remove all signatures from key"
+msgstr "從金鑰中精簡無法使用的使用者 ID 並移除所有的簽章"
+
+#: g10/keyedit.c:1601
+#, c-format
+msgid "error reading secret keyblock \"%s\": %s\n"
+msgstr "讀å–ç§é‘°å€å¡Š \"%s\" 時出錯: %s\n"
+
+#: g10/keyedit.c:1619
+msgid "Secret key is available.\n"
+msgstr "ç§é‘°å¯ç”¨.\n"
+
+#: g10/keyedit.c:1702
+msgid "Need the secret key to do this.\n"
+msgstr "è¦æœ‰ç§é‘°çº”能這麼åš.\n"
+
+#: g10/keyedit.c:1710
+msgid "Please use the command \"toggle\" first.\n"
+msgstr "請先使用 \"toggle\" 指令.\n"
+
+#: g10/keyedit.c:1729
+msgid ""
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
+" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
+msgstr ""
+"* 這個 `sign' 指令也å¯ä»¥åœ¨å‰é¢åŠ ä¸Šä¸€å€‹ `l' å­—æ¯, 來表示本機簽章 (lsign),\n"
+" 加上 `t' 的話就是信任簽章 (tsign), 加上 `nr' 的話就是ä¸å¯æ’¤éŠ·ç°½ç« \n"
+" (nrsign), 當然也å¯ä»¥ä»»æ„組åˆé€™äº›é¸é … (åƒæ˜¯ ltsign, tnrsign 等等.).\n"
+
+#: g10/keyedit.c:1779
+msgid "Key is revoked."
+msgstr "金鑰已撤銷."
+
+#: g10/keyedit.c:1798
+msgid "Really sign all user IDs? (y/N) "
+msgstr "真的è¦ç°½ç½²æ‰€æœ‰çš„使用者 ID å—Ž? (y/N) "
+
+#: g10/keyedit.c:1805
+msgid "Hint: Select the user IDs to sign\n"
+msgstr "æ示: é¸æ“‡ä½¿ç”¨è€… ID 來加以簽署\n"
+
+#: g10/keyedit.c:1814
+#, c-format
+msgid "Unknown signature type `%s'\n"
+msgstr "未知的 `%s' 簽章種類\n"
+
+#: g10/keyedit.c:1837
+#, c-format
+msgid "This command is not allowed while in %s mode.\n"
+msgstr "在 %s 模å¼ä¸­ä¸å…許使用這個指令.\n"
+
+#: g10/keyedit.c:1859 g10/keyedit.c:1879 g10/keyedit.c:2048
+msgid "You must select at least one user ID.\n"
+msgstr "你至少得é¸æ“‡ä¸€å€‹ä½¿ç”¨è€… ID.\n"
+
+#: g10/keyedit.c:1861
+msgid "You can't delete the last user ID!\n"
+msgstr "ä½ ä¸èƒ½åˆªé™¤æœ€å¾Œä¸€å€‹ä½¿ç”¨è€… ID!\n"
+
+#: g10/keyedit.c:1863
+msgid "Really remove all selected user IDs? (y/N) "
+msgstr "真的è¦ç§»é™¤æ‰€æœ‰è¢«é¸æ“‡çš„使用者 ID å—Ž? (y/N) "
+
+#: g10/keyedit.c:1864
+msgid "Really remove this user ID? (y/N) "
+msgstr "真的è¦ç§»é™¤é€™å€‹ä½¿ç”¨è€… ID å—Ž? (y/N) "
+
+#. TRANSLATORS: Please take care: This is about
+#. moving the key and not about removing it.
+#: g10/keyedit.c:1917
+msgid "Really move the primary key? (y/N) "
+msgstr "真的è¦ç§»å‹•ä¸»é‘°å—Ž? (y/N) "
+
+#: g10/keyedit.c:1929
+msgid "You must select exactly one key.\n"
+msgstr "你一定祇得é¸æ“‡ä¸€æŠŠé‡‘é‘°.\n"
+
+#: g10/keyedit.c:1957
+msgid "Command expects a filename argument\n"
+msgstr "這項指令è¦æ‹¿ä¸€å€‹æª”å來當作引數\n"
+
+#: g10/keyedit.c:1971
+#, c-format
+msgid "Can't open `%s': %s\n"
+msgstr "無法開啟 `%s': %s\n"
+
+#: g10/keyedit.c:1988
+#, c-format
+msgid "Error reading backup key from `%s': %s\n"
+msgstr "從 `%s' 讀å–備份金鑰時出錯: %s\n"
+
+#: g10/keyedit.c:2012
+msgid "You must select at least one key.\n"
+msgstr "你至少得é¸æ“‡ä¸€æŠŠé‡‘é‘°.\n"
+
+#: g10/keyedit.c:2015
+msgid "Do you really want to delete the selected keys? (y/N) "
+msgstr "你真的想è¦åˆªé™¤æ‰€é¸çš„金鑰嗎? (y/N) "
+
+#: g10/keyedit.c:2016
+msgid "Do you really want to delete this key? (y/N) "
+msgstr "你真的想è¦åˆªé™¤é€™æŠŠé‡‘é‘°å—Ž? (y/N) "
+
+#: g10/keyedit.c:2051
+msgid "Really revoke all selected user IDs? (y/N) "
+msgstr "真的è¦æ’¤éŠ·æ‰€æœ‰æ‰€é¸çš„使用者 ID å—Ž? (y/N) "
+
+#: g10/keyedit.c:2052
+msgid "Really revoke this user ID? (y/N) "
+msgstr "真的è¦æ’¤éŠ·é€™å€‹ä½¿ç”¨è€… ID å—Ž? (y/N) "
+
+#: g10/keyedit.c:2070
+msgid "Do you really want to revoke the entire key? (y/N) "
+msgstr "你真的想è¦æ’¤éŠ·é€™æ•´æŠŠé‡‘é‘°å—Ž? (y/N) "
+
+#: g10/keyedit.c:2081
+msgid "Do you really want to revoke the selected subkeys? (y/N) "
+msgstr "你真的想è¦æ’¤éŠ·æ‰€é¸çš„å­é‘°å—Ž? (y/N) "
+
+#: g10/keyedit.c:2083
+msgid "Do you really want to revoke this subkey? (y/N) "
+msgstr "你真的想è¦æ’¤éŠ·é€™æŠŠå­é‘°å—Ž? (y/N) "
+
+#: g10/keyedit.c:2133
+msgid "Owner trust may not be set while using a user provided trust database\n"
+msgstr "使用使用者所æ供的信任資料庫時å¯èƒ½ç„¡æ³•è¨­å®šä¸»è§€ä¿¡ä»»\n"
+
+#: g10/keyedit.c:2175
+msgid "Set preference list to:\n"
+msgstr "設定å好清單至:\n"
+
+#: g10/keyedit.c:2181
+msgid "Really update the preferences for the selected user IDs? (y/N) "
+msgstr "真的è¦æ›´æ–°æ‰€é¸ä½¿ç”¨è€… ID çš„å好設定嗎? (y/N) "
+
+#: g10/keyedit.c:2183
+msgid "Really update the preferences? (y/N) "
+msgstr "真的è¦æ›´æ–°å好設定嗎? (y/N) "
+
+#: g10/keyedit.c:2253
+msgid "Save changes? (y/N) "
+msgstr "è¦å„²å­˜è®Šæ›´å—Ž? (y/N) "
+
+#: g10/keyedit.c:2256
+msgid "Quit without saving? (y/N) "
+msgstr "è¦ä¸å„²å­˜å°±é›¢é–‹å—Ž? (y/N) "
+
+#: g10/keyedit.c:2266
+#, c-format
+msgid "update failed: %s\n"
+msgstr "更新失敗: %s\n"
+
+#: g10/keyedit.c:2273 g10/keyedit.c:2351
+#, c-format
+msgid "update secret failed: %s\n"
+msgstr "æ›´æ–°ç§é‘°å¤±æ•—: %s\n"
+
+#: g10/keyedit.c:2280
+msgid "Key not changed so no update needed.\n"
+msgstr "金鑰沒有變更所以ä¸éœ€è¦æ›´æ–°.\n"
+
+#: g10/keyedit.c:2446
+msgid "Digest: "
+msgstr "摘è¦: "
+
+#: g10/keyedit.c:2497
+msgid "Features: "
+msgstr "特點: "
+
+#: g10/keyedit.c:2508
+msgid "Keyserver no-modify"
+msgstr "金鑰伺æœå™¨ç„¡ä¿®æ”¹"
+
+#: g10/keyedit.c:2523 g10/keylist.c:316
+msgid "Preferred keyserver: "
+msgstr "å好的金鑰伺æœå™¨: "
+
+#: g10/keyedit.c:2531 g10/keyedit.c:2532
+msgid "Notations: "
+msgstr "註記: "
+
+#: g10/keyedit.c:2753
+msgid "There are no preferences on a PGP 2.x-style user ID.\n"
+msgstr "PGP 2.x 型態的使用者 ID 沒有å好設定.\n"
+
+#: g10/keyedit.c:2810
+#, c-format
+msgid "The following key was revoked on %s by %s key %s\n"
+msgstr "下列金鑰已經在 %s 時被 %s 金鑰 %s 所撤銷\n"
+
+#: g10/keyedit.c:2832
+#, c-format
+msgid "This key may be revoked by %s key %s"
+msgstr "這把金鑰å¯èƒ½è¢« %s 金鑰 %s 所撤銷"
+
+#: g10/keyedit.c:2838
+msgid "(sensitive)"
+msgstr "(機密)"
+
+#: g10/keyedit.c:2854 g10/keyedit.c:2910 g10/keyedit.c:2971 g10/keyedit.c:2986
+#: g10/keylist.c:202 g10/keyserver.c:532
+#, c-format
+msgid "created: %s"
+msgstr "建立: %s"
+
+#: g10/keyedit.c:2857 g10/keylist.c:834 g10/keylist.c:928 g10/mainproc.c:997
+#, c-format
+msgid "revoked: %s"
+msgstr "撤銷: %s"
+
+# of subkey
+#: g10/keyedit.c:2859 g10/keylist.c:805 g10/keylist.c:840 g10/keylist.c:934
+#, c-format
+msgid "expired: %s"
+msgstr "éŽæœŸ: %s"
+
+# of subkey
+#: g10/keyedit.c:2861 g10/keyedit.c:2912 g10/keyedit.c:2973 g10/keyedit.c:2988
+#: g10/keylist.c:204 g10/keylist.c:811 g10/keylist.c:846 g10/keylist.c:940
+#: g10/keylist.c:961 g10/keyserver.c:538 g10/mainproc.c:1003
+#, c-format
+msgid "expires: %s"
+msgstr "到期: %s"
+
+#: g10/keyedit.c:2863
+#, c-format
+msgid "usage: %s"
+msgstr "用途: %s"
+
+#: g10/keyedit.c:2878
+#, c-format
+msgid "trust: %s"
+msgstr "ä¿¡ä»»: %s"
+
+#: g10/keyedit.c:2882
+#, c-format
+msgid "validity: %s"
+msgstr "有效性: %s"
+
+#: g10/keyedit.c:2889
+msgid "This key has been disabled"
+msgstr "這把金鑰已經åœç”¨äº†"
+
+#: g10/keyedit.c:2917 g10/keylist.c:208
+msgid "card-no: "
+msgstr "å¡ç‰‡ç·¨è™Ÿ: "
+
+#: g10/keyedit.c:2941
+msgid ""
+"Please note that the shown key validity is not necessarily correct\n"
+"unless you restart the program.\n"
+msgstr ""
+"請注æ„顯示出來的金鑰有效性ä¸éœ€è¦æ›´æ­£,\n"
+"除éžä½ é‡æ–°åŸ·è¡Œç¨‹å¼.\n"
+
+#: g10/keyedit.c:3005 g10/keyedit.c:3351 g10/keyserver.c:542
+#: g10/mainproc.c:1850 g10/trustdb.c:1204 g10/trustdb.c:1732
+msgid "revoked"
+msgstr "已撤銷"
+
+#: g10/keyedit.c:3007 g10/keyedit.c:3353 g10/keyserver.c:546
+#: g10/mainproc.c:1852 g10/trustdb.c:547 g10/trustdb.c:1734
+msgid "expired"
+msgstr "å·²éŽæœŸ"
+
+#: g10/keyedit.c:3072
+msgid ""
+"WARNING: no user ID has been marked as primary. This command may\n"
+" cause a different user ID to become the assumed primary.\n"
+msgstr ""
+"警告: 沒有任何使用者 ID è¢«æ¨™ç¤ºç‚ºä¸»è¦ ID. 這項指令å¯èƒ½æœƒ\n"
+" 導致ä¸åŒçš„使用者 ID 被當æˆä¸»è¦ ID.\n"
+
+#: g10/keyedit.c:3133
+msgid ""
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
+" of PGP to reject this key.\n"
+msgstr ""
+"警告: 這是一把 PGP2 型態的金鑰.\n"
+" 增加照片 ID å¯èƒ½æœƒå°Žè‡´æŸäº›ç‰ˆæœ¬çš„ PGP é§å›žé€™æŠŠé‡‘é‘°.\n"
+
+#: g10/keyedit.c:3138 g10/keyedit.c:3473
+msgid "Are you sure you still want to add it? (y/N) "
+msgstr "你確定ä»ç„¶æƒ³è¦å¢žåŠ å—Ž? (y/N) "
+
+#: g10/keyedit.c:3144
+msgid "You may not add a photo ID to a PGP2-style key.\n"
+msgstr "ä½ ä¸å¯ä»¥æŠŠç…§ç‰‡ ID 增加到 PGP2 型態的金鑰裡.\n"
+
+#: g10/keyedit.c:3284
+msgid "Delete this good signature? (y/N/q)"
+msgstr "刪除這份完好的簽章嗎? (y/N/q)"
+
+#: g10/keyedit.c:3294
+msgid "Delete this invalid signature? (y/N/q)"
+msgstr "刪除這份無效的簽章嗎? (y/N/q)"
+
+#: g10/keyedit.c:3298
+msgid "Delete this unknown signature? (y/N/q)"
+msgstr "刪除這份未知的簽章嗎? (y/N/q)"
+
+#: g10/keyedit.c:3304
+msgid "Really delete this self-signature? (y/N)"
+msgstr "真的è¦åˆªé™¤é€™ä»½è‡ªæˆ‘簽章嗎? (y/N)"
+
+#: g10/keyedit.c:3318
+#, c-format
+msgid "Deleted %d signature.\n"
+msgstr "已經刪除了 %d 份簽章.\n"
+
+#: g10/keyedit.c:3319
+#, c-format
+msgid "Deleted %d signatures.\n"
+msgstr "已經刪除了 %d 份簽章.\n"
+
+#: g10/keyedit.c:3322
+msgid "Nothing deleted.\n"
+msgstr "沒有刪除任何æ±è¥¿.\n"
+
+#: g10/keyedit.c:3355 g10/trustdb.c:1736
+msgid "invalid"
+msgstr "無效"
+
+#: g10/keyedit.c:3357
+#, c-format
+msgid "User ID \"%s\" compacted: %s\n"
+msgstr "使用者 ID \"%s\" 已精簡: %s\n"
+
+#: g10/keyedit.c:3364
+#, c-format
+msgid "User ID \"%s\": %d signature removed\n"
+msgstr "使用者 ID \"%s\": 已移除 %d 份簽章\n"
+
+#: g10/keyedit.c:3365
+#, c-format
+msgid "User ID \"%s\": %d signatures removed\n"
+msgstr "使用者 ID \"%s\": 已移除 %d 份簽章\n"
+
+#: g10/keyedit.c:3373
+#, c-format
+msgid "User ID \"%s\": already minimized\n"
+msgstr "使用者 ID \"%s\": 已經最å°åŒ–了\n"
+
+#: g10/keyedit.c:3374
+#, c-format
+msgid "User ID \"%s\": already clean\n"
+msgstr "使用者 ID \"%s\": 已經是乾淨的了\n"
+
+#: g10/keyedit.c:3468
+msgid ""
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
+" some versions of PGP to reject this key.\n"
+msgstr ""
+"警告: 這是一把 PGP2 型態的金鑰.\n"
+" 增加指定撤銷者å¯èƒ½æœƒå°Žè‡´æŸäº›ç‰ˆæœ¬çš„ PGP é§å›žé€™æŠŠé‡‘é‘°.\n"
+
+#: g10/keyedit.c:3479
+msgid "You may not add a designated revoker to a PGP 2.x-style key.\n"
+msgstr "ä½ ä¸å¯ä»¥æŠŠæŒ‡å®šæ’¤éŠ·è€…增加到 PGP2 型態的金鑰裡.\n"
+
+#: g10/keyedit.c:3499
+msgid "Enter the user ID of the designated revoker: "
+msgstr "輸入指定撤銷者的使用者 ID: "
+
+#: g10/keyedit.c:3524
+msgid "cannot appoint a PGP 2.x style key as a designated revoker\n"
+msgstr "無法將 PGP 2.x 型態的金鑰指派為指定撤銷者\n"
+
+# This actually causes no harm (after all, a key that
+# designates itself as a revoker is the same as a
+# regular key), but it's easy enough to check.
+#: g10/keyedit.c:3539
+msgid "you cannot appoint a key as its own designated revoker\n"
+msgstr "ä½ ä¸èƒ½æŒ‡æ´¾æŸæŠŠé‡‘鑰為它自己的指定撤銷者\n"
+
+#: g10/keyedit.c:3561
+msgid "this key has already been designated as a revoker\n"
+msgstr "已指定這把金鑰為撤銷者了\n"
+
+#: g10/keyedit.c:3580
+msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
+msgstr "警告: 一旦把æŸæŠŠé‡‘鑰指派為指定撤銷者後, 就無法å悔了!\n"
+
+#: g10/keyedit.c:3586
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgstr "你確定è¦æŒ‡æ´¾é€™æŠŠé‡‘鑰為指定撤銷者嗎? (y/N) "
+
+#: g10/keyedit.c:3647
+msgid "Please remove selections from the secret keys.\n"
+msgstr "請從ç§é‘°ä¸­ç§»é™¤é¸æ“‡.\n"
+
+#: g10/keyedit.c:3653
+msgid "Please select at most one subkey.\n"
+msgstr "請至多é¸æ“‡ä¸€æŠŠå­é‘°.\n"
+
+#: g10/keyedit.c:3657
+msgid "Changing expiration time for a subkey.\n"
+msgstr "正在變更å­é‘°çš„使用期é™.\n"
+
+#: g10/keyedit.c:3660
+msgid "Changing expiration time for the primary key.\n"
+msgstr "正在變更主鑰的使用期é™.\n"
+
+#: g10/keyedit.c:3706
+msgid "You can't change the expiration date of a v3 key\n"
+msgstr "ä½ ä¸èƒ½è®Šæ›´ v3 金鑰的使用期é™\n"
+
+#: g10/keyedit.c:3722
+msgid "No corresponding signature in secret ring\n"
+msgstr "在ç§é‘°åœˆè£¡æ²’有一致的簽章\n"
+
+#: g10/keyedit.c:3800
+#, c-format
+msgid "signing subkey %s is already cross-certified\n"
+msgstr "簽署å­é‘° %s 已經交å‰èªè­‰éŽäº†\n"
+
+#: g10/keyedit.c:3806
+#, c-format
+msgid "subkey %s does not sign and so does not need to be cross-certified\n"
+msgstr "å­é‘° %s ä¸åšç°½ç½²ä¹‹ç”¨, 因此無須交å‰é©—è­‰\n"
+
+#: g10/keyedit.c:3969
+msgid "Please select exactly one user ID.\n"
+msgstr "請祇é¸æ“‡ä¸€å€‹ä½¿ç”¨è€… ID.\n"
+
+#: g10/keyedit.c:4008 g10/keyedit.c:4118 g10/keyedit.c:4238 g10/keyedit.c:4379
+#, c-format
+msgid "skipping v3 self-signature on user ID \"%s\"\n"
+msgstr "正在跳éŽä½¿ç”¨è€… ID \"%s\" çš„ v3 自我簽章\n"
+
+#: g10/keyedit.c:4179
+msgid "Enter your preferred keyserver URL: "
+msgstr "請輸入你的å好金鑰伺æœå™¨ URL: "
+
+#: g10/keyedit.c:4259
+msgid "Are you sure you want to replace it? (y/N) "
+msgstr "你確定è¦å–代它嗎? (y/N) "
+
+#: g10/keyedit.c:4260
+msgid "Are you sure you want to delete it? (y/N) "
+msgstr "你確定è¦åˆªé™¤å®ƒå—Žï¼Ÿ (y/N) "
+
+#: g10/keyedit.c:4322
+msgid "Enter the notation: "
+msgstr "請輸入註記: "
+
+#: g10/keyedit.c:4471
+msgid "Proceed? (y/N) "
+msgstr "是å¦ç¹¼çºŒ? (y/N) "
+
+#: g10/keyedit.c:4543
+#, c-format
+msgid "No user ID with index %d\n"
+msgstr "索引 %d 沒有å°æ‡‰åˆ°ä½¿ç”¨è€… ID\n"
+
+#: g10/keyedit.c:4604
+#, c-format
+msgid "No user ID with hash %s\n"
+msgstr "雜湊 %s 沒有å°æ‡‰åˆ°ä½¿ç”¨è€… ID\n"
+
+#: g10/keyedit.c:4639
+#, c-format
+msgid "No subkey with index %d\n"
+msgstr "索引 %d 沒有å°æ‡‰åˆ°å­é‘°\n"
+
+#: g10/keyedit.c:4774
+#, c-format
+msgid "user ID: \"%s\"\n"
+msgstr "使用者 ID: \"%s\"\n"
+
+#: g10/keyedit.c:4777 g10/keyedit.c:4871 g10/keyedit.c:4914
+#, c-format
+msgid "signed by your key %s on %s%s%s\n"
+msgstr "已被你的金鑰 %s 於 %s%s%s 所簽署\n"
+
+#: g10/keyedit.c:4779 g10/keyedit.c:4873 g10/keyedit.c:4916
+msgid " (non-exportable)"
+msgstr " (ä¸å¯åŒ¯å‡º)"
+
+#: g10/keyedit.c:4783
+#, c-format
+msgid "This signature expired on %s.\n"
+msgstr "這份簽章已經在 %s éŽæœŸäº†.\n"
+
+#: g10/keyedit.c:4787
+msgid "Are you sure you still want to revoke it? (y/N) "
+msgstr "你確定ä»ç„¶æƒ³è¦æ’¤éŠ·å®ƒå—Ž? (y/N) "
+
+#: g10/keyedit.c:4791
+msgid "Create a revocation certificate for this signature? (y/N) "
+msgstr "è¦ç‚ºé€™ä»½ç°½ç« å»ºç«‹ä¸€ä»½æ’¤éŠ·æ†‘證嗎? (y/N) "
+
+#: g10/keyedit.c:4842
+msgid "Not signed by you.\n"
+msgstr "並éžç”±ä½ æ‰€ç°½ç½².\n"
+
+#: g10/keyedit.c:4848
+#, c-format
+msgid "You have signed these user IDs on key %s:\n"
+msgstr "你已經簽署了金鑰 %s 上的這些使用者 ID:\n"
+
+#: g10/keyedit.c:4874
+msgid " (non-revocable)"
+msgstr " (ä¸å¯æ’¤éŠ·)"
+
+#: g10/keyedit.c:4881
+#, c-format
+msgid "revoked by your key %s on %s\n"
+msgstr "被你的金鑰 %s 於 %s 所撤銷了\n"
+
+#: g10/keyedit.c:4903
+msgid "You are about to revoke these signatures:\n"
+msgstr "ä½ æ­£è¦æ’¤éŠ·é€™äº›ç°½ç« :\n"
+
+#: g10/keyedit.c:4923
+msgid "Really create the revocation certificates? (y/N) "
+msgstr "真的è¦å»ºç«‹æ’¤éŠ·æ†‘證嗎? (y/N) "
+
+#: g10/keyedit.c:4953
+msgid "no secret key\n"
+msgstr "沒有ç§é‘°\n"
+
+#: g10/keyedit.c:5023
+#, c-format
+msgid "user ID \"%s\" is already revoked\n"
+msgstr "使用者 ID \"%s\" 已撤銷\n"
+
+#: g10/keyedit.c:5040
+#, c-format
+msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
+msgstr "警告: 有一份使用者 ID 的簽章日期為 %d 秒後的未來\n"
+
+#: g10/keyedit.c:5104
+#, c-format
+msgid "Key %s is already revoked.\n"
+msgstr "金鑰 %s 已撤銷.\n"
+
+#: g10/keyedit.c:5166
+#, c-format
+msgid "Subkey %s is already revoked.\n"
+msgstr "å­é‘° %s 已撤銷.\n"
+
+#: g10/keyedit.c:5261
+#, c-format
+msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
+msgstr "正在顯示 %s 照片 ID, 其尺寸為 %ld, 屬於金鑰 %s (uid %d) 的照片\n"
+
+#: g10/keygen.c:275
+#, c-format
+msgid "preference `%s' duplicated\n"
+msgstr "å好設定 `%s' é‡è¤‡äº†\n"
+
+#: g10/keygen.c:282
+msgid "too many cipher preferences\n"
+msgstr "編密å好éŽå¤š\n"
+
+#: g10/keygen.c:284
+msgid "too many digest preferences\n"
+msgstr "摘è¦å好éŽå¤š\n"
+
+#: g10/keygen.c:286
+msgid "too many compression preferences\n"
+msgstr "壓縮å好éŽå¤š\n"
+
+#: g10/keygen.c:426
+#, c-format
+msgid "invalid item `%s' in preference string\n"
+msgstr "å好字串中å«æœ‰ç„¡æ•ˆçš„ `%s' é …ç›®\n"
+
+#: g10/keygen.c:910
+msgid "writing direct signature\n"
+msgstr "寫入直接簽章中\n"
+
+#: g10/keygen.c:952
+msgid "writing self signature\n"
+msgstr "寫入自我簽章中\n"
+
+#: g10/keygen.c:1009
+msgid "writing key binding signature\n"
+msgstr "寫入附鑰簽章中\n"
+
+#: g10/keygen.c:1179 g10/keygen.c:1290 g10/keygen.c:1295 g10/keygen.c:1441
+#: g10/keygen.c:3269
+#, c-format
+msgid "keysize invalid; using %u bits\n"
+msgstr "金鑰尺寸無效; 改用 %u ä½å…ƒ\n"
+
+#: g10/keygen.c:1185 g10/keygen.c:1301 g10/keygen.c:1309 g10/keygen.c:1447
+#: g10/keygen.c:3275
+#, c-format
+msgid "keysize rounded up to %u bits\n"
+msgstr "金鑰尺寸增大到 %u ä½å…ƒ\n"
+
+#: g10/keygen.c:1335
+msgid ""
+"WARNING: some OpenPGP programs can't handle a DSA key with this digest size\n"
+msgstr "警告: æŸäº› OpenPGP 程å¼ç„¡æ³•è™•ç†å…·æœ‰æ­¤æ‘˜è¦å°ºå¯¸çš„ DSA 金鑰\n"
+
+#: g10/keygen.c:1558
+msgid "Sign"
+msgstr "簽署"
+
+#: g10/keygen.c:1561
+msgid "Certify"
+msgstr "ä¿è­‰"
+
+#: g10/keygen.c:1564
+msgid "Encrypt"
+msgstr "加密"
+
+#: g10/keygen.c:1567
+msgid "Authenticate"
+msgstr "鑑定"
+
+#. TRANSLATORS: Please use only plain ASCII characters for the
+#. translation. If this is not possible use single digits. The
+#. string needs to 8 bytes long. Here is a description of the
+#. functions:
+#.
+#. s = Toggle signing capability
+#. e = Toggle encryption capability
+#. a = Toggle authentication capability
+#. q = Finish
+#.
+#: g10/keygen.c:1585
+msgid "SsEeAaQq"
+msgstr "SsEeAaQq"
+
+#: g10/keygen.c:1608
+#, c-format
+msgid "Possible actions for a %s key: "
+msgstr "%s 金鑰å¯èƒ½çš„動作: "
+
+#: g10/keygen.c:1612
+msgid "Current allowed actions: "
+msgstr "ç›®å‰å¯é€²è¡Œçš„動作: "
+
+#: g10/keygen.c:1617
+#, c-format
+msgid " (%c) Toggle the sign capability\n"
+msgstr " (%c) 切æ›ç°½ç½²æ€§èƒ½\n"
+
+#: g10/keygen.c:1620
+#, c-format
+msgid " (%c) Toggle the encrypt capability\n"
+msgstr " (%c) 切æ›åŠ å¯†æ€§èƒ½\n"
+
+#: g10/keygen.c:1623
+#, c-format
+msgid " (%c) Toggle the authenticate capability\n"
+msgstr " (%c) 切æ›é‘‘定性能\n"
+
+#: g10/keygen.c:1626
+#, c-format
+msgid " (%c) Finished\n"
+msgstr " (%c) 已完æˆ\n"
+
+#: g10/keygen.c:1686 sm/certreqgen-ui.c:157
+msgid "Please select what kind of key you want:\n"
+msgstr "è«‹é¸æ“‡ä½ è¦ä½¿ç”¨çš„金鑰種類:\n"
+
+#: g10/keygen.c:1689
+#, c-format
+msgid " (%d) RSA and RSA (default)\n"
+msgstr " (%d) RSA å’Œ RSA (é è¨­)\n"
+
+#: g10/keygen.c:1691
+#, c-format
+msgid " (%d) DSA and Elgamal\n"
+msgstr " (%d) DSA 和 Elgamal\n"
+
+#: g10/keygen.c:1693
+#, c-format
+msgid " (%d) DSA (sign only)\n"
+msgstr " (%d) DSA (僅能用於簽署)\n"
+
+#: g10/keygen.c:1694
+#, c-format
+msgid " (%d) RSA (sign only)\n"
+msgstr " (%d) RSA (僅能用於簽署)\n"
+
+#: g10/keygen.c:1698
+#, c-format
+msgid " (%d) Elgamal (encrypt only)\n"
+msgstr " (%d) Elgamal (僅能用於加密)\n"
+
+#: g10/keygen.c:1699
+#, c-format
+msgid " (%d) RSA (encrypt only)\n"
+msgstr " (%d) RSA (僅能用於加密)\n"
+
+#: g10/keygen.c:1703
+#, c-format
+msgid " (%d) DSA (set your own capabilities)\n"
+msgstr " (%d) DSA (你能自己設定性能)\n"
+
+#: g10/keygen.c:1704
+#, c-format
+msgid " (%d) RSA (set your own capabilities)\n"
+msgstr " (%d) RSA (你能自己設定性能)\n"
+
+#: g10/keygen.c:1812
+#, c-format
+msgid "%s keys may be between %u and %u bits long.\n"
+msgstr "%s 金鑰的長度å¯èƒ½ä»‹æ–¼ %u ä½å…ƒå’Œ %u ä½å…ƒä¹‹é–“.\n"
+
+#: g10/keygen.c:1820
+#, c-format
+msgid "What keysize do you want for the subkey? (%u) "
+msgstr "ä½ çš„å­é‘°æƒ³è¦ç”¨å¤šå¤§çš„金鑰尺寸? (%u) "
+
+#: g10/keygen.c:1823 sm/certreqgen-ui.c:179
+#, c-format
+msgid "What keysize do you want? (%u) "
+msgstr "你想è¦ç”¨å¤šå¤§çš„金鑰尺寸? (%u) "
+
+#: g10/keygen.c:1837 sm/certreqgen-ui.c:189
+#, c-format
+msgid "Requested keysize is %u bits\n"
+msgstr "你所è¦æ±‚的金鑰尺寸是 %u ä½å…ƒ\n"
+
+#: g10/keygen.c:1925
+msgid ""
+"Please specify how long the key should be valid.\n"
+" 0 = key does not expire\n"
+" <n> = key expires in n days\n"
+" <n>w = key expires in n weeks\n"
+" <n>m = key expires in n months\n"
+" <n>y = key expires in n years\n"
+msgstr ""
+"請指定這把金鑰的有效期é™æ˜¯å¤šä¹….\n"
+" 0 = 金鑰ä¸æœƒéŽæœŸ\n"
+" <n> = 金鑰在 n 天後會到期\n"
+" <n>w = 金鑰在 n 週後會到期\n"
+" <n>m = 金鑰在 n 月後會到期\n"
+" <n>y = 金鑰在 n 年後會到期\n"
+
+#: g10/keygen.c:1936
+msgid ""
+"Please specify how long the signature should be valid.\n"
+" 0 = signature does not expire\n"
+" <n> = signature expires in n days\n"
+" <n>w = signature expires in n weeks\n"
+" <n>m = signature expires in n months\n"
+" <n>y = signature expires in n years\n"
+msgstr ""
+"請指定這份簽章的有效期é™æ˜¯å¤šä¹….\n"
+" 0 = 簽章ä¸æœƒéŽæœŸ\n"
+" <n> = 簽章在 n 天後會到期\n"
+" <n>w = 簽章在 n 週後會到期\n"
+" <n>m = 簽章在 n 月後會到期\n"
+" <n>y = 簽章在 n 年後會到期\n"
+
+#: g10/keygen.c:1959
+msgid "Key is valid for? (0) "
+msgstr "金鑰的有效期é™æ˜¯å¤šä¹…? (0) "
+
+#: g10/keygen.c:1964
+#, c-format
+msgid "Signature is valid for? (%s) "
+msgstr "簽章的有效期é™æ˜¯å¤šä¹…? (%s) "
+
+#: g10/keygen.c:1982 g10/keygen.c:2007
+msgid "invalid value\n"
+msgstr "無效的數值\n"
+
+#: g10/keygen.c:1989
+msgid "Key does not expire at all\n"
+msgstr "金鑰完全ä¸æœƒéŽæœŸ\n"
+
+#: g10/keygen.c:1990
+msgid "Signature does not expire at all\n"
+msgstr "簽章完全ä¸æœƒéŽæœŸ\n"
+
+#: g10/keygen.c:1995
+#, c-format
+msgid "Key expires at %s\n"
+msgstr "金鑰將會在 %s 到期\n"
+
+#: g10/keygen.c:1996
+#, c-format
+msgid "Signature expires at %s\n"
+msgstr "簽章將會在 %s 到期.\n"
+
+#: g10/keygen.c:2000
+msgid ""
+"Your system can't display dates beyond 2038.\n"
+"However, it will be correctly handled up to 2106.\n"
+msgstr ""
+"你的系統無法顯示 2038 年以後的日期.\n"
+"ä¸éŽ, 它å¯ä»¥æ­£ç¢ºè™•ç†ç›´åˆ° 2106 年之å‰çš„年份.\n"
+
+#: g10/keygen.c:2013
+msgid "Is this correct? (y/N) "
+msgstr "以上正確嗎? (y/N) "
+
+#: g10/keygen.c:2063
+msgid ""
+"\n"
+"GnuPG needs to construct a user ID to identify your key.\n"
+"\n"
+msgstr ""
+"\n"
+"GnuPG 需è¦å»ºæ§‹ä½¿ç”¨è€… ID 以識別你的金鑰.\n"
+"\n"
+
+#. TRANSLATORS: This string is in general not anymore used
+#. but you should keep your existing translation. In case
+#. the new string is not translated this old string will
+#. be used.
+#: g10/keygen.c:2078
+msgid ""
+"\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
+"from the Real Name, Comment and Email Address in this form:\n"
+" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
+"\n"
+msgstr ""
+"\n"
+"你需è¦ä¸€å€‹ä½¿ç”¨è€… ID 來辨識你的金鑰; 這個軟體會用真實姓å,\n"
+"註釋和電å­éƒµä»¶åœ°å€çµ„åˆæˆä½¿ç”¨è€… ID 如下:\n"
+" \"Ke-Huan Lin (Jedi) <Jedi@Jedi.org>\"\n"
+"\n"
+
+#: g10/keygen.c:2097
+msgid "Real name: "
+msgstr "真實姓å: "
+
+#: g10/keygen.c:2105
+msgid "Invalid character in name\n"
+msgstr "姓åå«æœ‰ç„¡æ•ˆçš„字符\n"
+
+#: g10/keygen.c:2107
+msgid "Name may not start with a digit\n"
+msgstr "姓åä¸å¯ä»¥ç”¨æ•¸å­—é–‹é ­\n"
+
+#: g10/keygen.c:2109
+msgid "Name must be at least 5 characters long\n"
+msgstr "姓å至少è¦æœ‰äº”個字符長\n"
+
+#: g10/keygen.c:2117
+msgid "Email address: "
+msgstr "é›»å­éƒµä»¶åœ°å€: "
+
+#: g10/keygen.c:2123
+msgid "Not a valid email address\n"
+msgstr "ä¸æ˜¯æœ‰æ•ˆçš„é›»å­éƒµä»¶åœ°å€\n"
+
+#: g10/keygen.c:2131
+msgid "Comment: "
+msgstr "註釋: "
+
+#: g10/keygen.c:2137
+msgid "Invalid character in comment\n"
+msgstr "註釋å«æœ‰ç„¡æ•ˆçš„字符\n"
+
+#: g10/keygen.c:2159
+#, c-format
+msgid "You are using the `%s' character set.\n"
+msgstr "你正在使用 `%s' 字元集.\n"
+
+#: g10/keygen.c:2165
+#, c-format
+msgid ""
+"You selected this USER-ID:\n"
+" \"%s\"\n"
+"\n"
+msgstr ""
+"ä½ é¸æ“‡äº†é€™å€‹ä½¿ç”¨è€… ID:\n"
+" \"%s\"\n"
+"\n"
+
+#: g10/keygen.c:2170
+msgid "Please don't put the email address into the real name or the comment\n"
+msgstr "è«‹ä¸è¦æŠŠé›»å­éƒµä»¶åœ°å€æ”¾é€²ä½ çš„真實姓å或註釋裡\n"
+
+#: g10/keygen.c:2185
+msgid "Such a user ID already exists on this key!\n"
+msgstr "這把金鑰上已經有這樣å­çš„使用者 ID 了!\n"
+
+#. TRANSLATORS: These are the allowed answers in
+#. lower and uppercase. Below you will find the matching
+#. string which should be translated accordingly and the
+#. letter changed to match the one in the answer string.
+#.
+#. n = Change name
+#. c = Change comment
+#. e = Change email
+#. o = Okay (ready, continue)
+#. q = Quit
+#.
+#: g10/keygen.c:2201
+msgid "NnCcEeOoQq"
+msgstr "NnCcEeOoQq"
+
+#: g10/keygen.c:2211
+msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgstr "變更姓å(N), 註釋(C), é›»å­éƒµä»¶åœ°å€(E)或退出(Q)? "
+
+#: g10/keygen.c:2212
+msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgstr "變更姓å(N), 註釋(C), é›»å­éƒµä»¶åœ°å€(E)或確定(O)/退出(Q)? "
+
+#: g10/keygen.c:2231
+msgid "Please correct the error first\n"
+msgstr "請先訂正錯誤\n"
+
+#: g10/keygen.c:2273
+msgid ""
+"You need a Passphrase to protect your secret key.\n"
+"\n"
+msgstr ""
+"你需è¦ä¸€å€‹å¯†èªžä¾†ä¿è­·ä½ çš„ç§é‘°.\n"
+"\n"
+
+#: g10/keygen.c:2276
+msgid ""
+"Please enter a passphrase to protect the off-card backup of the new "
+"encryption key."
+msgstr "請輸入密語以ä¿è­·æ–°åŠ å¯†é‡‘é‘°çš„å¡ç‰‡å¤–備份."
+
+#: g10/keygen.c:2292
+#, c-format
+msgid "%s.\n"
+msgstr "%s.\n"
+
+#: g10/keygen.c:2298
+msgid ""
+"You don't want a passphrase - this is probably a *bad* idea!\n"
+"I will do it anyway. You can change your passphrase at any time,\n"
+"using this program with the option \"--edit-key\".\n"
+"\n"
+msgstr ""
+"ä½ ä¸æƒ³è¦æœ‰å¯†èªž - 這個想法實在是 **é­é€äº†**!\n"
+"我ä»ç„¶æœƒç…§ä½ æƒ³çš„去åš. 你任何時候都å¯ä»¥è®Šæ›´ä½ çš„密語,\n"
+"僅需è¦å†æ¬¡åŸ·è¡Œé€™å€‹ç¨‹å¼, 並且使用 \"--edit-key\" é¸é …å³å¯.\n"
+"\n"
+
+#: g10/keygen.c:2322
+msgid ""
+"We need to generate a lot of random bytes. It is a good idea to perform\n"
+"some other action (type on the keyboard, move the mouse, utilize the\n"
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n"
+msgstr ""
+"我們需è¦ç”¢ç”Ÿå¤§é‡çš„隨機ä½å…ƒçµ„. 這個時候你å¯ä»¥å¤šåšä¸€äº›äº‹æƒ…\n"
+"(åƒæ˜¯æ•²æ‰“éµç›¤, 移動滑鼠, 讀寫硬碟之類的)\n"
+"這會讓隨機數字產生器有更多的機會ç²å¾—夠多的亂數.\n"
+
+#: g10/keygen.c:3209 g10/keygen.c:3236
+msgid "Key generation canceled.\n"
+msgstr "金鑰產生已å–消.\n"
+
+#: g10/keygen.c:3441 g10/keygen.c:3611
+#, c-format
+msgid "writing public key to `%s'\n"
+msgstr "正在寫入公鑰至 `%s'\n"
+
+#: g10/keygen.c:3443 g10/keygen.c:3614
+#, c-format
+msgid "writing secret key stub to `%s'\n"
+msgstr "正在寫入ç§é‘° stub 至 `%s'\n"
+
+#: g10/keygen.c:3446 g10/keygen.c:3617
+#, c-format
+msgid "writing secret key to `%s'\n"
+msgstr "正在寫入ç§é‘°è‡³ `%s'\n"
+
+#: g10/keygen.c:3598
+#, c-format
+msgid "no writable public keyring found: %s\n"
+msgstr "找ä¸åˆ°å¯å¯«å…¥çš„公鑰鑰匙圈: %s\n"
+
+#: g10/keygen.c:3605
+#, c-format
+msgid "no writable secret keyring found: %s\n"
+msgstr "找ä¸åˆ°å¯å¯«å…¥çš„ç§é‘°é‘°åŒ™åœˆ: %s\n"
+
+#: g10/keygen.c:3625
+#, c-format
+msgid "error writing public keyring `%s': %s\n"
+msgstr "寫入公鑰鑰匙圈 `%s' 時出錯: %s\n"
+
+#: g10/keygen.c:3633
+#, c-format
+msgid "error writing secret keyring `%s': %s\n"
+msgstr "寫入ç§é‘°é‘°åŒ™åœˆ `%s' 時出錯: %s\n"
+
+#: g10/keygen.c:3661
+msgid "public and secret key created and signed.\n"
+msgstr "公鑰和ç§é‘°å·²å»ºç«‹åŠç°½ç½².\n"
+
+#: g10/keygen.c:3672
+msgid ""
+"Note that this key cannot be used for encryption. You may want to use\n"
+"the command \"--edit-key\" to generate a subkey for this purpose.\n"
+msgstr ""
+"請注æ„這把金鑰ä¸èƒ½ç”¨æ–¼åŠ å¯†. 也許你會想藉由 \"--edit-key\" 指令\n"
+"來產生加密用的å­é‘°.\n"
+
+#: g10/keygen.c:3685 g10/keygen.c:3831 g10/keygen.c:3952
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "產生金鑰失敗: %s\n"
+
+#: g10/keygen.c:3741 g10/keygen.c:3882 g10/sign.c:241
+#, c-format
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
+msgstr "金鑰已經在 %lu 秒後的未來製妥 (å¯èƒ½æ˜¯å› ç‚ºæ™‚光旅行或時é˜çš„å•é¡Œ)\n"
+
+#: g10/keygen.c:3743 g10/keygen.c:3884 g10/sign.c:243
+#, c-format
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgstr "金鑰已經在 %lu 秒後的未來製妥 (å¯èƒ½æ˜¯å› ç‚ºæ™‚光旅行或時é˜çš„å•é¡Œ)\n"
+
+#: g10/keygen.c:3754 g10/keygen.c:3895
+msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgstr "請注æ„: å° v3 金鑰製造å­é‘°æœƒå¤±åŽ» OpenPGP 相容性\n"
+
+#: g10/keygen.c:3795 g10/keygen.c:3928
+msgid "Really create? (y/N) "
+msgstr "真的è¦å»ºç«‹å—Ž? (y/N) "
+
+#: g10/keygen.c:4116
+#, c-format
+msgid "storing key onto card failed: %s\n"
+msgstr "儲存金鑰到å¡ç‰‡ä¸Šæ™‚失敗: %s\n"
+
+#: g10/keygen.c:4165
+#, c-format
+msgid "can't create backup file `%s': %s\n"
+msgstr "無法建立備份檔案 `%s': %s\n"
+
+#: g10/keygen.c:4191
+#, c-format
+msgid "NOTE: backup of card key saved to `%s'\n"
+msgstr "請注æ„: å¡ç‰‡é‡‘鑰的備份已儲存至 `%s'\n"
+
+#: g10/keyid.c:539 g10/keyid.c:551 g10/keyid.c:563 g10/keyid.c:575
+msgid "never "
+msgstr "æ°¸é ä¸éŽæœŸ"
+
+#: g10/keylist.c:273
+msgid "Critical signature policy: "
+msgstr "é—œéµç°½ç« åŽŸå‰‡: "
+
+#: g10/keylist.c:275
+msgid "Signature policy: "
+msgstr "簽章原則: "
+
+#: g10/keylist.c:314
+msgid "Critical preferred keyserver: "
+msgstr "執æ„å好的金鑰伺æœå™¨: "
+
+#: g10/keylist.c:367
+msgid "Critical signature notation: "
+msgstr "é—œéµç°½ç« è¨»è¨˜: "
+
+#: g10/keylist.c:369
+msgid "Signature notation: "
+msgstr "簽章註記: "
+
+#: g10/keylist.c:479
+msgid "Keyring"
+msgstr "鑰匙圈"
+
+#: g10/keylist.c:1526
+msgid "Primary key fingerprint:"
+msgstr " 主鑰指紋:"
+
+#: g10/keylist.c:1528
+msgid " Subkey fingerprint:"
+msgstr " å­é‘°æŒ‡ç´‹:"
+
+#. TRANSLATORS: this should fit into 24 bytes to that the
+#. * fingerprint data is properly aligned with the user ID
+#: g10/keylist.c:1535
+msgid " Primary key fingerprint:"
+msgstr " 主鑰指紋:"
+
+#: g10/keylist.c:1537
+msgid " Subkey fingerprint:"
+msgstr " å­é‘°æŒ‡ç´‹:"
+
+# use tty
+#: g10/keylist.c:1541 g10/keylist.c:1545
+msgid " Key fingerprint ="
+msgstr " 金鑰指紋 ="
+
+#: g10/keylist.c:1612
+msgid " Card serial no. ="
+msgstr " å¡ç‰‡åºè™Ÿ ="
+
+#: g10/keyring.c:1297
+#, c-format
+msgid "renaming `%s' to `%s' failed: %s\n"
+msgstr "把 `%s' é‡æ–°æ–°å‘½æˆ `%s' 時失敗: %s\n"
+
+#: g10/keyring.c:1326
+msgid "WARNING: 2 files with confidential information exists.\n"
+msgstr "警告: 2 個檔案存在有互相矛盾的資訊.\n"
+
+#: g10/keyring.c:1327
+#, c-format
+msgid "%s is the unchanged one\n"
+msgstr "%s 是沒有改變的那一個\n"
+
+#: g10/keyring.c:1328
+#, c-format
+msgid "%s is the new one\n"
+msgstr "%s 是新的那一個\n"
+
+#: g10/keyring.c:1329
+msgid "Please fix this possible security flaw\n"
+msgstr "請修補這個å¯èƒ½çš„安全æ¼æ´ž\n"
+
+#: g10/keyring.c:1430
+#, c-format
+msgid "caching keyring `%s'\n"
+msgstr "å¿«å–鑰匙圈 `%s' 中\n"
+
+#: g10/keyring.c:1489
+#, c-format
+msgid "%lu keys cached so far (%lu signatures)\n"
+msgstr "ç›®å‰å·²æª¢æŸ¥ %lu 把金鑰 (å…± %lu 份簽章)\n"
+
+#: g10/keyring.c:1501
+#, c-format
+msgid "%lu keys cached (%lu signatures)\n"
+msgstr "已檢查 %lu 把金鑰 (共 %lu 份簽章)\n"
+
+#: g10/keyring.c:1573
+#, c-format
+msgid "%s: keyring created\n"
+msgstr "%s: 鑰匙圈已建立\n"
+
+#: g10/keyserver.c:74
+msgid "include revoked keys in search results"
+msgstr "在æœå°‹çµæžœä¸­ä¹ŸåŒ…å«å·²æ’¤éŠ·çš„金鑰"
+
+#: g10/keyserver.c:75
+msgid "include subkeys when searching by key ID"
+msgstr "以金鑰 ID æœå°‹æ™‚也æœå°‹å­é‘°"
+
+#: g10/keyserver.c:77
+msgid "use temporary files to pass data to keyserver helpers"
+msgstr "用暫存檔來將資料éžé€çµ¦é‡‘鑰伺æœå™¨å”助程å¼"
+
+#: g10/keyserver.c:79
+msgid "do not delete temporary files after using them"
+msgstr "使用暫存檔後ä¸è¦åŠ ä»¥åˆªé™¤"
+
+#: g10/keyserver.c:83
+msgid "automatically retrieve keys when verifying signatures"
+msgstr "驗證簽章時自動å–回金鑰"
+
+#: g10/keyserver.c:85
+msgid "honor the preferred keyserver URL set on the key"
+msgstr "å°Šé‡é‡‘鑰上所設定的å好金鑰伺æœå™¨ URL"
+
+#: g10/keyserver.c:87
+msgid "honor the PKA record set on a key when retrieving keys"
+msgstr "å–回金鑰時尊é‡é‡‘鑰所設定的 PKA 記錄"
+
+#: g10/keyserver.c:153
+#, c-format
+msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+msgstr "警告: 金鑰伺æœå™¨é¸é … `%s' 並未用於此平å°\n"
+
+#: g10/keyserver.c:544
+msgid "disabled"
+msgstr "å·²åœç”¨"
+
+#: g10/keyserver.c:747
+msgid "Enter number(s), N)ext, or Q)uit > "
+msgstr "請輸入數字, N)下一é , 或 Q)離開 > "
+
+#: g10/keyserver.c:831 g10/keyserver.c:1458
+#, c-format
+msgid "invalid keyserver protocol (us %d!=handler %d)\n"
+msgstr "無效的金鑰伺æœå™¨å”定 (我們用 %d!=ç¶“æ‰‹ç¨‹å¼ %d)\n"
+
+#: g10/keyserver.c:932
+#, c-format
+msgid "key \"%s\" not found on keyserver\n"
+msgstr "在金鑰伺æœå™¨ä¸Šæ‰¾ä¸åˆ°é‡‘é‘° \"%s\"\n"
+
+#: g10/keyserver.c:934
+msgid "key not found on keyserver\n"
+msgstr "在金鑰伺æœå™¨ä¸Šæ‰¾ä¸åˆ°é‡‘é‘°\n"
+
+#: g10/keyserver.c:1177
+#, c-format
+msgid "requesting key %s from %s server %s\n"
+msgstr "正在請求金鑰 %s 自 %s 伺æœå™¨ %s\n"
+
+#: g10/keyserver.c:1181
+#, c-format
+msgid "requesting key %s from %s\n"
+msgstr "正在請求金鑰 %s 自 %s\n"
+
+#: g10/keyserver.c:1205
+#, c-format
+msgid "searching for names from %s server %s\n"
+msgstr "正在從 %s 伺æœå™¨ %s æœå°‹åå­—\n"
+
+#: g10/keyserver.c:1208
+#, c-format
+msgid "searching for names from %s\n"
+msgstr "正在從 %s æœå°‹åå­—\n"
+
+#: g10/keyserver.c:1361
+#, c-format
+msgid "sending key %s to %s server %s\n"
+msgstr "éžé€é‡‘é‘° %s 至 %s 伺æœå™¨ %s\n"
+
+#: g10/keyserver.c:1365
+#, c-format
+msgid "sending key %s to %s\n"
+msgstr "éžé€é‡‘é‘° %s 至 %s\n"
+
+#: g10/keyserver.c:1408
+#, c-format
+msgid "searching for \"%s\" from %s server %s\n"
+msgstr "正在æœå°‹ \"%s\" æ–¼ %s 伺æœå™¨ %s\n"
+
+#: g10/keyserver.c:1411
+#, c-format
+msgid "searching for \"%s\" from %s\n"
+msgstr "正在æœå°‹ \"%s\" æ–¼ %s\n"
+
+#: g10/keyserver.c:1418 g10/keyserver.c:1514
+msgid "no keyserver action!\n"
+msgstr "沒有金鑰伺æœå™¨å‹•ä½œ!\n"
+
+#: g10/keyserver.c:1466
+#, c-format
+msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
+msgstr "警告: 金鑰伺æœå™¨ç¶“手程å¼ä¿‚來自ä¸åŒç‰ˆæœ¬çš„ GnuPG (%s)\n"
+
+#: g10/keyserver.c:1475
+msgid "keyserver did not send VERSION\n"
+msgstr "金鑰伺æœå™¨ä¸¦æœªé€å‡ºç‰ˆæœ¬ (VERSION)\n"
+
+#: g10/keyserver.c:1537 g10/keyserver.c:2066
+msgid "no keyserver known (use option --keyserver)\n"
+msgstr "沒有已知的金鑰伺æœå™¨ (使用 --keyserver é¸é …)\n"
+
+#: g10/keyserver.c:1543
+msgid "external keyserver calls are not supported in this build\n"
+msgstr "本版並ä¸æ”¯æ´å¤–部金鑰伺æœå™¨å«ç”¨\n"
+
+#: g10/keyserver.c:1555
+#, c-format
+msgid "no handler for keyserver scheme `%s'\n"
+msgstr "沒有 `%s' 金鑰伺æœå™¨æž¶æ§‹çš„經手程å¼\n"
+
+#: g10/keyserver.c:1560
+#, c-format
+msgid "action `%s' not supported with keyserver scheme `%s'\n"
+msgstr "`%s' 動作在 `%s' 金鑰伺æœå™¨æž¶æ§‹ä¸­æœªæ”¯æ´\n"
+
+#: g10/keyserver.c:1568
+#, c-format
+msgid "%s does not support handler version %d\n"
+msgstr "%s 並ä¸æ”¯æ´ç¬¬ %d 版經手程å¼\n"
+
+#: g10/keyserver.c:1575
+msgid "keyserver timed out\n"
+msgstr "金鑰伺æœå™¨é€¾æ™‚\n"
+
+#: g10/keyserver.c:1580
+msgid "keyserver internal error\n"
+msgstr "金鑰伺æœå™¨å…§éƒ¨éŒ¯èª¤\n"
+
+#: g10/keyserver.c:1589
+#, c-format
+msgid "keyserver communications error: %s\n"
+msgstr "金鑰伺æœå™¨é€šè¨ŠéŒ¯èª¤: %s\n"
+
+#: g10/keyserver.c:1614 g10/keyserver.c:1648
+#, c-format
+msgid "\"%s\" not a key ID: skipping\n"
+msgstr "\"%s\" 並éžé‡‘é‘° ID: è·³éŽä¸­\n"
+
+#: g10/keyserver.c:1907
+#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "警告: 無法更新金鑰 %s 於 %s: %s\n"
+
+#: g10/keyserver.c:1929
+#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "更新 1 份金鑰中 (從 %s )\n"
+
+#: g10/keyserver.c:1931
+#, c-format
+msgid "refreshing %d keys from %s\n"
+msgstr "更新 %d 份金鑰中 (從 %s )\n"
+
+#: g10/keyserver.c:1987
+#, c-format
+msgid "WARNING: unable to fetch URI %s: %s\n"
+msgstr "警告: ç„¡æ³•æŠ“å– URI %s: %s\n"
+
+#: g10/keyserver.c:1993
+#, c-format
+msgid "WARNING: unable to parse URI %s\n"
+msgstr "警告: ç„¡æ³•å‰–æž URI %s\n"
+
+#: g10/mainproc.c:231
+#, c-format
+msgid "weird size for an encrypted session key (%d)\n"
+msgstr "加密éŽçš„階段金鑰 (%d) 尺寸詭異\n"
+
+#: g10/mainproc.c:284
+#, c-format
+msgid "%s encrypted session key\n"
+msgstr "%s 加密éŽçš„階段金鑰\n"
+
+#: g10/mainproc.c:294
+#, c-format
+msgid "passphrase generated with unknown digest algorithm %d\n"
+msgstr "密語係以未知的 %d 摘è¦æ¼”算法所產生\n"
+
+#: g10/mainproc.c:360
+#, c-format
+msgid "public key is %s\n"
+msgstr "公鑰為 %s\n"
+
+#: g10/mainproc.c:423
+msgid "public key encrypted data: good DEK\n"
+msgstr "公鑰加密éŽçš„資料: 完好的 DEK\n"
+
+#: g10/mainproc.c:456
+#, c-format
+msgid "encrypted with %u-bit %s key, ID %s, created %s\n"
+msgstr "已用 %u ä½å…ƒé•·çš„ %s 金鑰, ID %s, 建立於 %s 所加密\n"
+
+#: g10/mainproc.c:460 g10/pkclist.c:217
+#, c-format
+msgid " \"%s\"\n"
+msgstr " \"%s\"\n"
+
+#: g10/mainproc.c:464
+#, c-format
+msgid "encrypted with %s key, ID %s\n"
+msgstr "已用 %s 金鑰, ID %s 所加密\n"
+
+#: g10/mainproc.c:479
+#, c-format
+msgid "public key decryption failed: %s\n"
+msgstr "公鑰解密失敗: %s\n"
+
+#: g10/mainproc.c:495
+#, c-format
+msgid "encrypted with %lu passphrases\n"
+msgstr "已用 %lu 個密語加密了\n"
+
+#: g10/mainproc.c:497
+msgid "encrypted with 1 passphrase\n"
+msgstr "已用 1 個密語加密了\n"
+
+#: g10/mainproc.c:529 g10/mainproc.c:551
+#, c-format
+msgid "assuming %s encrypted data\n"
+msgstr "å‡å®š %s 為加密éŽçš„資料\n"
+
+#: g10/mainproc.c:537
+#, c-format
+msgid "IDEA cipher unavailable, optimistically attempting to use %s instead\n"
+msgstr "IDEA 編密法ä¸å¯ç”¨, 我們樂觀地試著改以 %s 代替\n"
+
+#: g10/mainproc.c:570
+msgid "decryption okay\n"
+msgstr "解密æˆåŠŸ\n"
+
+#: g10/mainproc.c:574
+msgid "WARNING: message was not integrity protected\n"
+msgstr "警告: 訊æ¯æœªå—到完整的ä¿è­·\n"
+
+#: g10/mainproc.c:587
+msgid "WARNING: encrypted message has been manipulated!\n"
+msgstr "警告: 加密éŽçš„訊æ¯å·²ç¶“被變造了!\n"
+
+#: g10/mainproc.c:595
+#, c-format
+msgid "cleared passphrase cached with ID: %s\n"
+msgstr "清除此 ID 被快å–ä½çš„密語: %s\n"
+
+#: g10/mainproc.c:600
+#, c-format
+msgid "decryption failed: %s\n"
+msgstr "解密失敗: %s\n"
+
+#: g10/mainproc.c:621
+msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgstr "請注æ„: 寄件者è¦æ±‚了 \"你應該祇用眼ç›çœ‹\"\n"
+
+#: g10/mainproc.c:623
+#, c-format
+msgid "original file name='%.*s'\n"
+msgstr "原始的檔å ='%.*s'\n"
+
+#: g10/mainproc.c:711
+msgid "WARNING: multiple plaintexts seen\n"
+msgstr "警告: 看到了多份明文\n"
+
+#: g10/mainproc.c:850
+msgid "standalone revocation - use \"gpg --import\" to apply\n"
+msgstr "ç¨ç«‹æ’¤éŠ· - 請用 \"gpg --import\" 來套用\n"
+
+#: g10/mainproc.c:1203 g10/mainproc.c:1240
+msgid "no signature found\n"
+msgstr "找ä¸åˆ°ç°½ç« \n"
+
+#: g10/mainproc.c:1478
+msgid "signature verification suppressed\n"
+msgstr "簽章驗證已抑制\n"
+
+#: g10/mainproc.c:1587
+msgid "can't handle this ambiguous signature data\n"
+msgstr "無法處ç†é€™å€‹ä¸æ˜Žç¢ºçš„簽章資料\n"
+
+#: g10/mainproc.c:1598
+#, c-format
+msgid "Signature made %s\n"
+msgstr "由 %s 建立的簽章\n"
+
+#: g10/mainproc.c:1599
+#, c-format
+msgid " using %s key %s\n"
+msgstr " 使用 %s 金鑰 %s\n"
+
+#: g10/mainproc.c:1603
+#, c-format
+msgid "Signature made %s using %s key ID %s\n"
+msgstr "由 %s 建立的簽章, 使用 %s 金鑰 ID %s\n"
+
+#: g10/mainproc.c:1623
+msgid "Key available at: "
+msgstr "å¯ç”¨çš„金鑰於: "
+
+#: g10/mainproc.c:1756 g10/mainproc.c:1804
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "*æ壞* 的簽章來自於 \"%s\""
+
+#: g10/mainproc.c:1758 g10/mainproc.c:1806
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "éŽæœŸçš„簽章來自於 \"%s\""
+
+#: g10/mainproc.c:1760 g10/mainproc.c:1808
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "完好的簽章來自於 \"%s\""
+
+#: g10/mainproc.c:1810
+msgid "[uncertain]"
+msgstr "[ ä¸ç¢ºå®š ]"
+
+#: g10/mainproc.c:1843
+#, c-format
+msgid " aka \"%s\""
+msgstr " äº¦å³ \"%s\""
+
+#: g10/mainproc.c:1941
+#, c-format
+msgid "Signature expired %s\n"
+msgstr "這份簽署已經在 %s éŽæœŸäº†\n"
+
+#: g10/mainproc.c:1946
+#, c-format
+msgid "Signature expires %s\n"
+msgstr "這份簽署將在 %s 到期\n"
+
+#: g10/mainproc.c:1949
+#, c-format
+msgid "%s signature, digest algorithm %s\n"
+msgstr "%s 簽章, 摘è¦æ¼”算法 %s\n"
+
+#: g10/mainproc.c:1950
+msgid "binary"
+msgstr "二進制"
+
+#: g10/mainproc.c:1951
+msgid "textmode"
+msgstr "文字模å¼"
+
+#: g10/mainproc.c:1951 g10/trustdb.c:546
+msgid "unknown"
+msgstr "未知"
+
+#: g10/mainproc.c:1971
+#, c-format
+msgid "Can't check signature: %s\n"
+msgstr "無法檢查簽章: %s\n"
+
+#: g10/mainproc.c:2055 g10/mainproc.c:2071 g10/mainproc.c:2167
+msgid "not a detached signature\n"
+msgstr "ä¸æ˜¯ä¸€ä»½åˆ†é›¢çš„簽章\n"
+
+#: g10/mainproc.c:2098
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgstr "警告: åµæ¸¬åˆ°å¤šé‡ç°½ç« . 祇有第一個簽章纔會被核é¸.\n"
+
+#: g10/mainproc.c:2106
+#, c-format
+msgid "standalone signature of class 0x%02x\n"
+msgstr "等級 0x%02x çš„ç¨ç«‹ç°½ç« \n"
+
+#: g10/mainproc.c:2171
+msgid "old style (PGP 2.x) signature\n"
+msgstr "舊型 (PGP 2.x) 簽章\n"
+
+#: g10/mainproc.c:2181
+msgid "invalid root packet detected in proc_tree()\n"
+msgstr "在 proc_tree() 中åµæ¸¬åˆ°ç„¡æ•ˆçš„ root å°åŒ…\n"
+
+#: g10/misc.c:109 g10/misc.c:139 g10/misc.c:215
+#, c-format
+msgid "fstat of `%s' failed in %s: %s\n"
+msgstr "`%s' 的 fstat 失敗於 %s: %s\n"
+
+#: g10/misc.c:178
+#, c-format
+msgid "fstat(%d) failed in %s: %s\n"
+msgstr "fstat(%d) 失敗於 %s: %s\n"
+
+#: g10/misc.c:296
+#, c-format
+msgid "WARNING: using experimental public key algorithm %s\n"
+msgstr "警告: 正在使用實驗性的 %s 公鑰演算法\n"
+
+#: g10/misc.c:302
+msgid "WARNING: Elgamal sign+encrypt keys are deprecated\n"
+msgstr "警告: å·²ä¸å»ºè­°ä½¿ç”¨ Elgamal 簽署暨加密金鑰\n"
+
+#: g10/misc.c:315
+#, c-format
+msgid "WARNING: using experimental cipher algorithm %s\n"
+msgstr "警告: 正在使用實驗性的 %s 編密演算法\n"
+
+#: g10/misc.c:330
+#, c-format
+msgid "WARNING: using experimental digest algorithm %s\n"
+msgstr "警告: 正在使用實驗性的 %s 摘è¦æ¼”算法\n"
+
+#: g10/misc.c:335
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "警告: å·²ä¸å»ºè­°ä½¿ç”¨ %s 摘è¦æ¼”算法\n"
+
+#: g10/misc.c:503
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "IDEA 編密法外掛模組ä¸å­˜åœ¨\n"
+
+#: g10/misc.c:504 g10/sig-check.c:107 jnlib/utf8conv.c:87
+#, c-format
+msgid "please see %s for more information\n"
+msgstr "è«‹åƒè€ƒ %s 上進一步的資訊\n"
+
+#: g10/misc.c:761
+#, c-format
+msgid "%s:%d: deprecated option \"%s\"\n"
+msgstr "%s:%d: ä¸å»ºè­°ä½¿ç”¨çš„é¸é … \"%s\"\n"
+
+#: g10/misc.c:765
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated option\n"
+msgstr "警告: å·²ä¸å»ºè­°ä½¿ç”¨ \"%s\" é¸é …\n"
+
+#: g10/misc.c:767
+#, c-format
+msgid "please use \"%s%s\" instead\n"
+msgstr "請改以 \"%s%s\" 代替\n"
+
+#: g10/misc.c:774
+#, c-format
+msgid "WARNING: \"%s\" is a deprecated command - do not use it\n"
+msgstr "警告: \"%s\" 是個棄而ä¸é¡§çš„指令 - 別å†ç”¨äº†\n"
+
+#: g10/misc.c:784
+#, c-format
+msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgstr "%s:%u: 廢棄的 \"%s\" é¸é … - 沒有任何影響\n"
+
+#: g10/misc.c:787
+#, c-format
+msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgstr "警告: \"%s\" 是已廢棄的é¸é … - 沒有效果\n"
+
+#: g10/misc.c:848
+msgid "Uncompressed"
+msgstr "未壓縮"
+
+#. TRANSLATORS: See doc/TRANSLATE about this string.
+#: g10/misc.c:873
+msgid "uncompressed|none"
+msgstr "uncompressed|none|未壓縮|無"
+
+#: g10/misc.c:1000
+#, c-format
+msgid "this message may not be usable by %s\n"
+msgstr "這個訊æ¯å° %s 來說無法使用\n"
+
+#: g10/misc.c:1175
+#, c-format
+msgid "ambiguous option `%s'\n"
+msgstr "ä¸æ˜Žç¢ºçš„ `%s' é¸é …\n"
+
+#: g10/misc.c:1200
+#, c-format
+msgid "unknown option `%s'\n"
+msgstr "未知的 `%s' é¸é …\n"
+
+#: g10/openfile.c:89
+#, c-format
+msgid "File `%s' exists. "
+msgstr "檔案 `%s' 已存在. "
+
+#: g10/openfile.c:93
+msgid "Overwrite? (y/N) "
+msgstr "是å¦è¦†å¯«? (y/N) "
+
+#: g10/openfile.c:126
+#, c-format
+msgid "%s: unknown suffix\n"
+msgstr "%s: 未知的副檔å\n"
+
+#: g10/openfile.c:150
+msgid "Enter new filename"
+msgstr "請輸入新的檔å"
+
+#: g10/openfile.c:195
+msgid "writing to stdout\n"
+msgstr "寫到標準輸出中\n"
+
+#: g10/openfile.c:316
+#, c-format
+msgid "assuming signed data in `%s'\n"
+msgstr "å‡è¨­è¢«ç°½ç½²çš„資料在 `%s'\n"
+
+#: g10/openfile.c:395
+#, c-format
+msgid "new configuration file `%s' created\n"
+msgstr "新的設定檔 `%s' 被建立了\n"
+
+#: g10/openfile.c:397
+#, c-format
+msgid "WARNING: options in `%s' are not yet active during this run\n"
+msgstr "警告: 在 `%s' 裡的é¸é …於這次執行期間並沒有被啟用\n"
+
+#: g10/parse-packet.c:201
+#, c-format
+msgid "can't handle public key algorithm %d\n"
+msgstr "無法æ“作 %d 公開金鑰演算法\n"
+
+#: g10/parse-packet.c:822
+msgid "WARNING: potentially insecure symmetrically encrypted session key\n"
+msgstr "警告: å¯èƒ½ä¸¦ä¸å®‰å…¨çš„å°ç¨±å¼åŠ å¯†éšŽæ®µé‡‘é‘°\n"
+
+#: g10/parse-packet.c:1273
+#, c-format
+msgid "subpacket of type %d has critical bit set\n"
+msgstr "%d 類別的å­å°åŒ…設定了關éµä½å…ƒ\n"
+
+#: g10/passphrase.c:75 g10/passphrase.c:418 g10/passphrase.c:481
+#, c-format
+msgid "problem with the agent: %s\n"
+msgstr "代ç†ç¨‹å¼çš„å•é¡Œ: %s\n"
+
+#: g10/passphrase.c:344 g10/passphrase.c:613
+#, c-format
+msgid " (main key ID %s)"
+msgstr " (主è¦é‡‘é‘° ID %s)"
+
+#: g10/passphrase.c:358
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the OpenPGP "
+"certificate:\n"
+"\"%.*s\"\n"
+"%u-bit %s key, ID %s,\n"
+"created %s%s.\n"
+msgstr ""
+"請輸入密語來解開 OpenPGP 憑證所需的ç§é‘°:\n"
+"\"%.*s\"\n"
+"%u ä½å…ƒé•·çš„ %s 金鑰, ID %s,\n"
+"建立於 %s%s.\n"
+
+#: g10/passphrase.c:384
+msgid "Enter passphrase\n"
+msgstr "請輸入密語\n"
+
+#: g10/passphrase.c:412
+msgid "cancelled by user\n"
+msgstr "由使用者所å–消\n"
+
+#: g10/passphrase.c:592
+#, c-format
+msgid ""
+"You need a passphrase to unlock the secret key for\n"
+"user: \"%s\"\n"
+msgstr ""
+"你需è¦ç”¨å¯†èªžä¾†è§£é–‹ä¸‹åˆ—使用者的\n"
+"ç§é‘°: \"%s\"\n"
+
+#: g10/passphrase.c:600
+#, c-format
+msgid "%u-bit %s key, ID %s, created %s"
+msgstr "%u ä½å…ƒé•·çš„ %s 金鑰, ID %s, 建立於 %s"
+
+#: g10/passphrase.c:609
+#, c-format
+msgid " (subkey on main key ID %s)"
+msgstr " (在主鑰 ID %s 上的å­é‘°)"
+
+#: g10/photoid.c:74
+msgid ""
+"\n"
+"Pick an image to use for your photo ID. The image must be a JPEG file.\n"
+"Remember that the image is stored within your public key. If you use a\n"
+"very large picture, your key will become very large as well!\n"
+"Keeping the image close to 240x288 is a good size to use.\n"
+msgstr ""
+"\n"
+"請挑é¸ä¸€å¼µåœ–片來當æˆä½ çš„照片 ID. 這張圖片一定è¦æ˜¯ JPEG 圖檔纔行.\n"
+"請記ä½é€™å¼µåœ–片會被存放在你的公鑰裡. 如果你挑了éžå¸¸å¤§çš„圖片的話,\n"
+"你的金鑰也會變æˆéžå¸¸åœ°å¤§!\n"
+"盡é‡æŠŠåœ–片尺寸控制在 240x288 å·¦å³, 會是個éžå¸¸ç†æƒ³çš„大å°.\n"
+
+#: g10/photoid.c:96
+msgid "Enter JPEG filename for photo ID: "
+msgstr "輸入è¦ç•¶ä½œç…§ç‰‡ ID çš„ JPEG 檔å: "
+
+#: g10/photoid.c:117
+#, c-format
+msgid "unable to open JPEG file `%s': %s\n"
+msgstr "無法開啟 JPEG 圖檔 `%s': %s\n"
+
+#: g10/photoid.c:128
+#, c-format
+msgid "This JPEG is really large (%d bytes) !\n"
+msgstr "這個 JPEG 檔案真的很大 (%d ä½å…ƒçµ„) !\n"
+
+#: g10/photoid.c:130
+msgid "Are you sure you want to use it? (y/N) "
+msgstr "你確定è¦ç”¨å®ƒå—Ž? (y/N) "
+
+#: g10/photoid.c:146
+#, c-format
+msgid "`%s' is not a JPEG file\n"
+msgstr "`%s' ä¸æ˜¯ä¸€å€‹ JPEG 圖檔\n"
+
+#: g10/photoid.c:165
+msgid "Is this photo correct (y/N/q)? "
+msgstr "這張照片正確嗎? (y/N/q) "
+
+#: g10/photoid.c:373
+msgid "unable to display photo ID!\n"
+msgstr "無法顯示照片 ID!\n"
+
+#: g10/pkclist.c:60 g10/revoke.c:621
+msgid "No reason specified"
+msgstr "未指定原因"
+
+#: g10/pkclist.c:62 g10/revoke.c:623
+msgid "Key is superseded"
+msgstr "金鑰被代æ›äº†"
+
+#: g10/pkclist.c:64 g10/revoke.c:622
+msgid "Key has been compromised"
+msgstr "金鑰已經被洩æ¼äº†"
+
+#: g10/pkclist.c:66 g10/revoke.c:624
+msgid "Key is no longer used"
+msgstr "金鑰ä¸å†è¢«ä½¿ç”¨äº†"
+
+#: g10/pkclist.c:68 g10/revoke.c:625
+msgid "User ID is no longer valid"
+msgstr "使用者 ID ä¸å†æœ‰æ•ˆäº†"
+
+#: g10/pkclist.c:72
+msgid "reason for revocation: "
+msgstr "撤銷原因: "
+
+#: g10/pkclist.c:89
+msgid "revocation comment: "
+msgstr "撤銷註釋: "
+
+# a string with valid answers
+#: g10/pkclist.c:204
+msgid "iImMqQsS"
+msgstr "iImMqQsS"
+
+#: g10/pkclist.c:212
+msgid "No trust value assigned to:\n"
+msgstr "下列項目沒有å°æ‡‰çš„信任值:\n"
+
+#: g10/pkclist.c:245
+#, c-format
+msgid " aka \"%s\"\n"
+msgstr " äº¦å³ \"%s\"\n"
+
+#: g10/pkclist.c:255
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
+msgstr "你有多信任這把金鑰真的屬於å«é€™å€‹å字的使用者?\n"
+
+#: g10/pkclist.c:270
+#, c-format
+msgid " %d = I don't know or won't say\n"
+msgstr " %d = 我ä¸çŸ¥é“或ä¸æƒ³èªª\n"
+
+#: g10/pkclist.c:272
+#, c-format
+msgid " %d = I do NOT trust\n"
+msgstr " %d = 我*ä¸*ä¿¡ä»»\n"
+
+#: g10/pkclist.c:278
+#, c-format
+msgid " %d = I trust ultimately\n"
+msgstr " %d = 我徹底信任\n"
+
+#: g10/pkclist.c:284
+msgid " m = back to the main menu\n"
+msgstr " m = 回到主é¸å–®\n"
+
+#: g10/pkclist.c:287
+msgid " s = skip this key\n"
+msgstr " s = è·³éŽé€™æŠŠé‡‘é‘°\n"
+
+#: g10/pkclist.c:288
+msgid " q = quit\n"
+msgstr " q = 離開\n"
+
+#: g10/pkclist.c:292
+#, c-format
+msgid ""
+"The minimum trust level for this key is: %s\n"
+"\n"
+msgstr ""
+"這把金鑰的最å°ä¿¡ä»»ç­‰ç´šç‚º: %s\n"
+"\n"
+
+#: g10/pkclist.c:298 g10/revoke.c:650
+msgid "Your decision? "
+msgstr "你的決定是甚麼? "
+
+#: g10/pkclist.c:319
+msgid "Do you really want to set this key to ultimate trust? (y/N) "
+msgstr "è«‹å•ä½ æ˜¯å¦çœŸçš„想把這把金鑰設æˆå¾¹åº•ä¿¡ä»»å‘¢? (y/N) "
+
+#: g10/pkclist.c:333
+msgid "Certificates leading to an ultimately trusted key:\n"
+msgstr "被徹底信任金鑰的憑證:\n"
+
+#: g10/pkclist.c:418
+#, c-format
+msgid "%s: There is no assurance this key belongs to the named user\n"
+msgstr "%s: 沒法ä¿è­‰é€™æŠŠé‡‘鑰真的屬於å«é€™å€‹å字的使用者\n"
+
+#: g10/pkclist.c:423
+#, c-format
+msgid "%s: There is limited assurance this key belongs to the named user\n"
+msgstr "%s: 祇能有é™çš„ä¿è­‰é€™æŠŠé‡‘鑰真的屬於å«é€™å€‹å字的使用者\n"
+
+#: g10/pkclist.c:429
+msgid "This key probably belongs to the named user\n"
+msgstr "這把金鑰很å¯èƒ½å±¬æ–¼å«é€™å€‹å字的使用者\n"
+
+#: g10/pkclist.c:434
+msgid "This key belongs to us\n"
+msgstr "這把金鑰是屬於我們自己的\n"
+
+#: g10/pkclist.c:460
+msgid ""
+"It is NOT certain that the key belongs to the person named\n"
+"in the user ID. If you *really* know what you are doing,\n"
+"you may answer the next question with yes.\n"
+msgstr ""
+"這把金鑰並 *ä¸* 確定屬於使用者 ID 裡的那個人.\n"
+"除éžä½  **真的** 知é“自己在åšç”šéº¼,\n"
+"å¦å‰‡ä½ æœ€å¥½åœ¨ä¸‹ä¸€å€‹å•é¡Œå›žç­” no\n"
+
+#: g10/pkclist.c:479
+msgid "Use this key anyway? (y/N) "
+msgstr "無論如何還是使用這把金鑰嗎? (y/N) "
+
+#: g10/pkclist.c:513
+msgid "WARNING: Using untrusted key!\n"
+msgstr "警告: 正在使用ä¸è¢«ä¿¡ä»»çš„金鑰!\n"
+
+#: g10/pkclist.c:520
+msgid "WARNING: this key might be revoked (revocation key not present)\n"
+msgstr "警告: 這把金鑰å¯èƒ½å·²æ’¤éŠ· (撤銷金鑰未出ç¾)\n"
+
+#: g10/pkclist.c:529
+msgid "WARNING: This key has been revoked by its designated revoker!\n"
+msgstr "警告: 這把金鑰已被指定撤銷者所撤銷!\n"
+
+#: g10/pkclist.c:532
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr "警告: 這把金鑰已被其æŒæœ‰äººæ‰€æ’¤éŠ·!\n"
+
+#: g10/pkclist.c:533
+msgid " This could mean that the signature is forged.\n"
+msgstr " 這很有å¯èƒ½è¡¨ç¤ºæ­¤ç°½ç« æ˜¯å½é€ çš„.\n"
+
+#: g10/pkclist.c:539
+msgid "WARNING: This subkey has been revoked by its owner!\n"
+msgstr "警告: 這把å­é‘°å·²è¢«å…¶æŒæœ‰äººæ‰€æ’¤éŠ·!\n"
+
+#: g10/pkclist.c:544
+msgid "Note: This key has been disabled.\n"
+msgstr "請注æ„: 這把金鑰已åœç”¨.\n"
+
+#: g10/pkclist.c:564
+#, c-format
+msgid "Note: Verified signer's address is `%s'\n"
+msgstr "請注æ„: 已驗證的簽署者地å€ç‚º `%s'\n"
+
+#: g10/pkclist.c:571
+#, c-format
+msgid "Note: Signer's address `%s' does not match DNS entry\n"
+msgstr "請注æ„: ç°½ç½²è€…åœ°å€ `%s' 與 DNS 項目並ä¸å»åˆ\n"
+
+#: g10/pkclist.c:583
+msgid "trustlevel adjusted to FULL due to valid PKA info\n"
+msgstr "信任等級因有效的 PKA 資訊而調整為 *完全*\n"
+
+#: g10/pkclist.c:591
+msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
+msgstr "信任等級因ä¸è‰¯çš„ PKA 資訊而調整為 *æ°¸é ä¸æœƒ*\n"
+
+#: g10/pkclist.c:602
+msgid "Note: This key has expired!\n"
+msgstr "請注æ„: 這把金鑰已經éŽæœŸäº†!\n"
+
+#: g10/pkclist.c:613
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr "警告: 這把金鑰並éžä»¥å—信任的簽章所èªè­‰!\n"
+
+#: g10/pkclist.c:615
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
+msgstr " 沒有證據指出這個簽章屬於這個æŒæœ‰è€….\n"
+
+#: g10/pkclist.c:623
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr "警告: 我們 *ä¸* 信任這把金鑰!\n"
+
+#: g10/pkclist.c:624
+msgid " The signature is probably a FORGERY.\n"
+msgstr " 這個簽章很有å¯èƒ½æ˜¯ *å½é€ çš„*.\n"
+
+#: g10/pkclist.c:632
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgstr "警告: 這把金鑰並éžä»¥è¶³å¤ ä¿¡ä»»çš„簽章所èªè­‰!\n"
+
+#: g10/pkclist.c:634
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr " 這份簽章並ä¸å±¬æ–¼é€™å€‹æŒæœ‰è€…\n"
+
+#: g10/pkclist.c:833 g10/pkclist.c:875 g10/pkclist.c:1087 g10/pkclist.c:1157
+#, c-format
+msgid "%s: skipped: %s\n"
+msgstr "%s: 已跳éŽ: %s\n"
+
+#: g10/pkclist.c:845 g10/pkclist.c:1125
+#, c-format
+msgid "%s: skipped: public key already present\n"
+msgstr "%s: 已跳éŽ: 公鑰已存在\n"
+
+#: g10/pkclist.c:896
+msgid "You did not specify a user ID. (you may use \"-r\")\n"
+msgstr "你沒有指定使用者 ID. (ä½ å¯èƒ½å¾—用 \"-r\")\n"
+
+#: g10/pkclist.c:920
+msgid "Current recipients:\n"
+msgstr "ç›®å‰çš„收件者:\n"
+
+#: g10/pkclist.c:946
+msgid ""
+"\n"
+"Enter the user ID. End with an empty line: "
+msgstr ""
+"\n"
+"請輸入使用者 ID. 以空白列çµæŸ: "
+
+#: g10/pkclist.c:971
+msgid "No such user ID.\n"
+msgstr "沒有這個使用者 ID.\n"
+
+#: g10/pkclist.c:980 g10/pkclist.c:1054
+msgid "skipped: public key already set as default recipient\n"
+msgstr "已跳éŽ: 公鑰已經被設æˆé è¨­æ”¶ä»¶è€…\n"
+
+#: g10/pkclist.c:1001
+msgid "Public key is disabled.\n"
+msgstr "公鑰已åœç”¨.\n"
+
+#: g10/pkclist.c:1010
+msgid "skipped: public key already set\n"
+msgstr "已跳éŽ: 公鑰已設éŽ\n"
+
+#: g10/pkclist.c:1045
+#, c-format
+msgid "unknown default recipient \"%s\"\n"
+msgstr "未知的é è¨­æ”¶ä»¶è€… \"%s\"\n"
+
+#: g10/pkclist.c:1103
+#, c-format
+msgid "%s: skipped: public key is disabled\n"
+msgstr "%s: 已跳éŽ: 公鑰已åœç”¨\n"
+
+#: g10/pkclist.c:1165
+msgid "no valid addressees\n"
+msgstr "沒有有效的地å€\n"
+
+#: g10/pkclist.c:1503
+#, c-format
+msgid "Note: key %s has no %s feature\n"
+msgstr "請注æ„: 金鑰 %s 沒有 %s 功能\n"
+
+#: g10/pkclist.c:1528
+#, c-format
+msgid "Note: key %s has no preference for %s\n"
+msgstr "警告: 金鑰 %s 沒有 %s çš„å好設定\n"
+
+#: g10/plaintext.c:95
+msgid "data not saved; use option \"--output\" to save it\n"
+msgstr "資料未被儲存; 請用 \"--output\" é¸é …來儲存\n"
+
+#: g10/plaintext.c:480
+msgid "Detached signature.\n"
+msgstr "分離的簽章.\n"
+
+#: g10/plaintext.c:487
+msgid "Please enter name of data file: "
+msgstr "請輸入資料檔的å稱: "
+
+#: g10/plaintext.c:519
+msgid "reading stdin ...\n"
+msgstr "正在讀å–標準輸入中 ...\n"
+
+#: g10/plaintext.c:557
+msgid "no signed data\n"
+msgstr "沒有被簽署éŽçš„資料\n"
+
+#: g10/plaintext.c:573
+#, c-format
+msgid "can't open signed data `%s'\n"
+msgstr "無法開啟被簽署éŽçš„資料 `%s'\n"
+
+#: g10/plaintext.c:607
+#, c-format
+msgid "can't open signed data fd=%d: %s\n"
+msgstr "無法開啟被簽署éŽçš„資料 fd=%d: %s\n"
+
+#: g10/pubkey-enc.c:105
+#, c-format
+msgid "anonymous recipient; trying secret key %s ...\n"
+msgstr "匿å收件者; 正在嘗試使用ç§é‘° %s ...\n"
+
+#: g10/pubkey-enc.c:136
+msgid "okay, we are the anonymous recipient.\n"
+msgstr "很好, 我們就是匿å收件者.\n"
+
+#: g10/pubkey-enc.c:225
+msgid "old encoding of the DEK is not supported\n"
+msgstr "ä¸æ”¯æ´èˆŠå¼çš„ DEK 編碼\n"
+
+#: g10/pubkey-enc.c:246
+#, c-format
+msgid "cipher algorithm %d%s is unknown or disabled\n"
+msgstr "%d%s 編密演算法未知或已åœç”¨\n"
+
+#: g10/pubkey-enc.c:284
+#, c-format
+msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
+msgstr "警告: 收件者å好設定中找ä¸åˆ° %s 編密演算法\n"
+
+#: g10/pubkey-enc.c:304
+#, c-format
+msgid "NOTE: secret key %s expired at %s\n"
+msgstr "請注æ„: ç§é‘° %s 在 %s éŽæœŸäº†\n"
+
+#: g10/pubkey-enc.c:310
+msgid "NOTE: key has been revoked"
+msgstr "請注æ„: 金鑰已撤銷"
+
+#: g10/revoke.c:102 g10/revoke.c:116 g10/revoke.c:128 g10/revoke.c:174
+#: g10/revoke.c:186 g10/revoke.c:585
+#, c-format
+msgid "build_packet failed: %s\n"
+msgstr "build_packet 失敗: %s\n"
+
+#: g10/revoke.c:145
+#, c-format
+msgid "key %s has no user IDs\n"
+msgstr "金鑰 %s 沒有使用者 ID\n"
+
+#: g10/revoke.c:306
+msgid "To be revoked by:\n"
+msgstr "將被撤銷:\n"
+
+#: g10/revoke.c:310
+msgid "(This is a sensitive revocation key)\n"
+msgstr "(這是把機密的撤銷金鑰)\n"
+
+#: g10/revoke.c:314
+msgid "Create a designated revocation certificate for this key? (y/N) "
+msgstr "è¦ç‚ºé€™æŠŠé‡‘鑰建立一份指定撤銷憑證嗎? (y/N) "
+
+#: g10/revoke.c:327 g10/revoke.c:551
+msgid "ASCII armored output forced.\n"
+msgstr "已強迫使用 ASCII å°è£éŽçš„輸出.\n"
+
+#: g10/revoke.c:342 g10/revoke.c:565
+#, c-format
+msgid "make_keysig_packet failed: %s\n"
+msgstr "make_keysig_packet 失敗: %s\n"
+
+#: g10/revoke.c:405
+msgid "Revocation certificate created.\n"
+msgstr "已建立撤銷憑證.\n"
+
+#: g10/revoke.c:411
+#, c-format
+msgid "no revocation keys found for \"%s\"\n"
+msgstr "沒有找到 \"%s\" 用的撤銷金鑰\n"
+
+#: g10/revoke.c:470
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "找ä¸åˆ°ç§é‘° \"%s\": %s\n"
+
+#: g10/revoke.c:497
+#, c-format
+msgid "no corresponding public key: %s\n"
+msgstr "沒有相å°æ‡‰çš„公鑰: %s\n"
+
+#: g10/revoke.c:508
+msgid "public key does not match secret key!\n"
+msgstr "公鑰與ç§é‘°ä¸¦ä¸å»åˆ!\n"
+
+#: g10/revoke.c:515
+msgid "Create a revocation certificate for this key? (y/N) "
+msgstr "è¦ç‚ºé€™æŠŠé‡‘鑰建立一份撤銷憑證嗎? (y/N) "
+
+#: g10/revoke.c:532
+msgid "unknown protection algorithm\n"
+msgstr "未知的ä¿è­·æ¼”算法\n"
+
+#: g10/revoke.c:540
+msgid "NOTE: This key is not protected!\n"
+msgstr "請注æ„: 這把金鑰未å—ä¿è­·!\n"
+
+#: g10/revoke.c:591
+msgid ""
+"Revocation certificate created.\n"
+"\n"
+"Please move it to a medium which you can hide away; if Mallory gets\n"
+"access to this certificate he can use it to make your key unusable.\n"
+"It is smart to print this certificate and store it away, just in case\n"
+"your media become unreadable. But have some caution: The print system of\n"
+"your machine might store the data and make it available to others!\n"
+msgstr ""
+"已建立撤銷憑證.\n"
+"\n"
+"請把這個檔案æ¬ç§»åˆ°å¦ä¸€å€‹ä½ èƒ½å¤ å°‡ä¹‹è—起來的媒介上;\n"
+"如果有人能夠å–得這份憑證的話, 那麼他也能夠讓你的\n"
+"金鑰無法繼續使用. 把這份憑證列å°å‡ºä¾†å†è—到別的地\n"
+"方也是很好的方法, 以å…你的儲存媒介æ毀而無法讀å–.\n"
+"但是åƒè¬å°å¿ƒ: 你的機器上的列å°ç³»çµ±å¯èƒ½æœƒåœ¨åˆ—å°éŽ\n"
+"程中把這些資料暫存在æŸå€‹å…¶ä»–人也能夠看得到的地方!\n"
+
+#: g10/revoke.c:633
+msgid "Please select the reason for the revocation:\n"
+msgstr "è«‹é¸æ“‡æ’¤éŠ·çš„原因:\n"
+
+#: g10/revoke.c:643
+msgid "Cancel"
+msgstr "å–消"
+
+#: g10/revoke.c:645
+#, c-format
+msgid "(Probably you want to select %d here)\n"
+msgstr "(也許你會想è¦åœ¨é€™è£¡é¸æ“‡ %d)\n"
+
+#: g10/revoke.c:686
+msgid "Enter an optional description; end it with an empty line:\n"
+msgstr "請輸入é¸ç”¨çš„æè¿°; 以空白列çµæŸ:\n"
+
+#: g10/revoke.c:714
+#, c-format
+msgid "Reason for revocation: %s\n"
+msgstr "撤銷原因: %s\n"
+
+#: g10/revoke.c:716
+msgid "(No description given)\n"
+msgstr "(沒有給定æè¿°)\n"
+
+#: g10/revoke.c:721
+msgid "Is this okay? (y/N) "
+msgstr "這樣å¯ä»¥å—Ž? (y/N) "
+
+#: g10/seckey-cert.c:55
+msgid "secret key parts are not available\n"
+msgstr "ç§é‘°éƒ¨åˆ†ç„¡æ³•å–用\n"
+
+#: g10/seckey-cert.c:61
+#, c-format
+msgid "protection algorithm %d%s is not supported\n"
+msgstr "%d%s ä¿è­·æ¼”算法未支æ´\n"
+
+#: g10/seckey-cert.c:72
+#, c-format
+msgid "protection digest %d is not supported\n"
+msgstr "%d ä¿è­·æ‘˜è¦æœªæ”¯æ´\n"
+
+#: g10/seckey-cert.c:291
+msgid "Invalid passphrase; please try again"
+msgstr "無效的密語; è«‹å†è©¦ä¸€æ¬¡"
+
+#: g10/seckey-cert.c:292
+#, c-format
+msgid "%s ...\n"
+msgstr "%s ...\n"
+
+#: g10/seckey-cert.c:361
+msgid "WARNING: Weak key detected - please change passphrase again.\n"
+msgstr "警告: åµæ¸¬åˆ°é‡‘é‘°è–„å¼± - è«‹å†æ›´æ›ä¸€æ¬¡å¯†èªž.\n"
+
+#: g10/seckey-cert.c:404
+msgid "generating the deprecated 16-bit checksum for secret key protection\n"
+msgstr "正在產生ç§é‘°ä¿è­·æœƒç”¨åˆ°çš„èˆŠå¼ 16 ä½å…ƒåŠ ç¸½æª¢æŸ¥\n"
+
+#: g10/seskey.c:61 sm/encrypt.c:119
+msgid "weak key created - retrying\n"
+msgstr "建立了弱金鑰 - é‡è©¦ä¸­\n"
+
+#: g10/seskey.c:65
+#, c-format
+msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
+msgstr "無法é¿å…å°ç¨±å¼ç·¨å¯†æ³•çš„弱金鑰; 已經試了 %d 次了!\n"
+
+#: g10/seskey.c:227 sm/certcheck.c:85
+msgid "DSA requires the hash length to be a multiple of 8 bits\n"
+msgstr "DSA éœ€è¦ 8 ä½å…ƒå€æ•¸çš„雜湊長度\n"
+
+#: g10/seskey.c:240
+#, c-format
+msgid "DSA key %s uses an unsafe (%u bit) hash\n"
+msgstr "DSA 金鑰 %s 使用ä¸å®‰å…¨ (%u ä½å…ƒ) 的雜湊\n"
+
+#: g10/seskey.c:252
+#, c-format
+msgid "DSA key %s requires a %u bit or larger hash\n"
+msgstr "DSA 金鑰 %s éœ€è¦ %u ä½å…ƒä»¥ä¸Šçš„雜湊\n"
+
+#: g10/sig-check.c:80
+msgid "WARNING: signature digest conflict in message\n"
+msgstr "警告: 簽章摘è¦èˆ‡è¨Šæ¯ä¸ä¸€è‡´\n"
+
+#: g10/sig-check.c:105
+#, c-format
+msgid "WARNING: signing subkey %s is not cross-certified\n"
+msgstr "警告: 簽署å­é‘° %s 未經交å‰èªè­‰\n"
+
+#: g10/sig-check.c:117
+#, c-format
+msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
+msgstr "警告: 簽署å­é‘° %s 有無效的交å‰æ†‘è­‰\n"
+
+#: g10/sig-check.c:211
+#, c-format
+msgid "public key %s is %lu second newer than the signature\n"
+msgstr "公鑰 %s 比簽章還è¦æ–°äº† %lu 秒\n"
+
+#: g10/sig-check.c:212
+#, c-format
+msgid "public key %s is %lu seconds newer than the signature\n"
+msgstr "公鑰 %s 比簽章還è¦æ–°äº† %lu 秒\n"
+
+#: g10/sig-check.c:223
+#, c-format
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgstr "金鑰 %s 已經在 %lu 秒後的未來製妥 (å¯èƒ½æ˜¯å› ç‚ºæ™‚光旅行或時é˜çš„å•é¡Œ)\n"
+
+#: g10/sig-check.c:225
+#, c-format
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgstr "金鑰 %s 已經在 %lu 秒後的未來製妥 (å¯èƒ½æ˜¯å› ç‚ºæ™‚光旅行或時é˜çš„å•é¡Œ)\n"
+
+#: g10/sig-check.c:239
+#, c-format
+msgid "NOTE: signature key %s expired %s\n"
+msgstr "請注æ„: 簽章金鑰 %s 已於 %s éŽæœŸ\n"
+
+#: g10/sig-check.c:252
+#, c-format
+msgid "NOTE: signature key %s has been revoked\n"
+msgstr "請注æ„: 簽署金鑰 %s 已撤銷\n"
+
+#: g10/sig-check.c:325
+#, c-format
+msgid "assuming bad signature from key %s due to an unknown critical bit\n"
+msgstr "å‡è¨­é‡‘é‘° %s çš„æ壞簽章導因於æŸå€‹æœªçŸ¥çš„é—œéµä½å…ƒ\n"
+
+#: g10/sig-check.c:591
+#, c-format
+msgid "key %s: no subkey for subkey revocation signature\n"
+msgstr "金鑰 %s: 沒有å­é‘°å¯ä¾›å­é‘°æ’¤éŠ·ç°½ç« ä½¿ç”¨\n"
+
+#: g10/sig-check.c:618
+#, c-format
+msgid "key %s: no subkey for subkey binding signature\n"
+msgstr "金鑰 %s: 沒有å­é‘°å¯ä¾›é™„å­é‘°ç°½ç« ä¹‹ç”¨\n"
+
+#: g10/sign.c:89
+#, c-format
+msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
+msgstr "警告: 註記 %% 無法擴張 (太大了). ç¾åœ¨ä½¿ç”¨æœªæ“´å¼µçš„.\n"
+
+#: g10/sign.c:115
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgstr "警告: 原則 URL çš„ %% 無法擴張 (太大了). ç¾åœ¨ä½¿ç”¨æœªæ“´å¼µçš„.\n"
+
+#: g10/sign.c:138
+#, c-format
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
+msgstr "警告: å好金鑰伺æœå™¨ URL çš„ %% 無法擴張 (太大了). ç¾åœ¨ä½¿ç”¨æœªæ“´å¼µçš„.\n"
+
+#: g10/sign.c:311
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "檢查已建立的簽章時出錯: %s\n"
+
+#: g10/sign.c:320
+#, c-format
+msgid "%s/%s signature from: \"%s\"\n"
+msgstr "%s/%s 簽章來自: \"%s\"\n"
+
+#: g10/sign.c:761
+msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "你在 --pgp2 模å¼ä¸‹ç¥‡èƒ½å¤ ä½¿ç”¨ PGP 2.x 型態的金鑰來åšåˆ†é›¢ç°½ç½²\n"
+
+#: g10/sign.c:837
+#, c-format
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgstr "警告: 強迫使用 %s (%d) 摘è¦æ¼”算法會é•å收件者å好設定\n"
+
+#: g10/sign.c:964
+msgid "signing:"
+msgstr "簽署:"
+
+#: g10/sign.c:1079
+msgid "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
+msgstr "你在 --pgp2 模å¼ä¸‹ç¥‡èƒ½å¤ ä½¿ç”¨ PGP 2.x 型態的金鑰來åšæ˜Žæ–‡ç°½ç½²\n"
+
+#: g10/sign.c:1263
+#, c-format
+msgid "%s encryption will be used\n"
+msgstr "%s 加密將被採用\n"
+
+#: g10/skclist.c:140 g10/skclist.c:217
+msgid "key is not flagged as insecure - can't use it with the faked RNG!\n"
+msgstr "金鑰未被標示為ä¸å®‰å…¨ - ä¸èƒ½å¤ æ‹¿ä¾†è·Ÿå‡çš„隨機數字產生器併用!\n"
+
+#: g10/skclist.c:174
+#, c-format
+msgid "skipped \"%s\": duplicated\n"
+msgstr "å·²è·³éŽ \"%s\": é‡è¤‡äº†\n"
+
+#: g10/skclist.c:182 g10/skclist.c:195 g10/skclist.c:207
+#, c-format
+msgid "skipped \"%s\": %s\n"
+msgstr "å·²è·³éŽ \"%s\": %s\n"
+
+#: g10/skclist.c:190
+msgid "skipped: secret key already present\n"
+msgstr "已跳éŽ: ç§é‘°å·²ç¶“存在\n"
+
+#: g10/skclist.c:208
+msgid "this is a PGP generated Elgamal key which is not secure for signatures!"
+msgstr "這是由 PGP 產生的 ElGamal 金鑰, 用於簽章並ä¸å®‰å…¨!"
+
+#: g10/tdbdump.c:58 g10/trustdb.c:360
+#, c-format
+msgid "trust record %lu, type %d: write failed: %s\n"
+msgstr "信任記錄 %lu, 類別 %d: 寫入失敗: %s\n"
+
+#: g10/tdbdump.c:106
+#, c-format
+msgid ""
+"# List of assigned trustvalues, created %s\n"
+"# (Use \"gpg --import-ownertrust\" to restore them)\n"
+msgstr ""
+"# 相å°æ‡‰çš„信任值清單被建立於 %s\n"
+"# (請用 \"gpg --import-ownertrust\" 來å–回它們)\n"
+
+#: g10/tdbdump.c:161 g10/tdbdump.c:169 g10/tdbdump.c:174 g10/tdbdump.c:179
+#, c-format
+msgid "error in `%s': %s\n"
+msgstr "在 `%s' 中出錯: %s\n"
+
+#: g10/tdbdump.c:161
+msgid "line too long"
+msgstr "列太長"
+
+#: g10/tdbdump.c:169
+msgid "colon missing"
+msgstr "冒號缺æ¼"
+
+#: g10/tdbdump.c:175
+msgid "invalid fingerprint"
+msgstr "無效的指紋"
+
+#: g10/tdbdump.c:180
+msgid "ownertrust value missing"
+msgstr "主觀信任值缺æ¼"
+
+#: g10/tdbdump.c:216
+#, c-format
+msgid "error finding trust record in `%s': %s\n"
+msgstr "在 `%s' 中尋找信任記錄時出錯: %s\n"
+
+#: g10/tdbdump.c:220
+#, c-format
+msgid "read error in `%s': %s\n"
+msgstr "è®€å– `%s' 錯誤: %s\n"
+
+#: g10/tdbdump.c:229 g10/trustdb.c:375
+#, c-format
+msgid "trustdb: sync failed: %s\n"
+msgstr "信任資料庫: åŒæ­¥åŒ–失敗: %s\n"
+
+#: g10/tdbio.c:128 g10/tdbio.c:1456
+#, c-format
+msgid "trustdb rec %lu: lseek failed: %s\n"
+msgstr "信任資料庫記錄 %lu: 本機æœå°‹å¤±æ•—: %s\n"
+
+#: g10/tdbio.c:135 g10/tdbio.c:1463
+#, c-format
+msgid "trustdb rec %lu: write failed (n=%d): %s\n"
+msgstr "信任資料庫記錄 %lu: 寫入失敗 (n=%d): %s\n"
+
+#: g10/tdbio.c:245
+msgid "trustdb transaction too large\n"
+msgstr "信任資料庫更動é‡éŽå¤§\n"
+
+#: g10/tdbio.c:500
+#, c-format
+msgid "can't access `%s': %s\n"
+msgstr "ç„¡æ³•å­˜å– `%s': %s\n"
+
+#: g10/tdbio.c:527
+#, c-format
+msgid "%s: directory does not exist!\n"
+msgstr "%s: 目錄ä¸å­˜åœ¨!\n"
+
+#: g10/tdbio.c:537 g10/tdbio.c:560 g10/tdbio.c:601 sm/keydb.c:219
+#, c-format
+msgid "can't create lock for `%s'\n"
+msgstr "無法為 `%s' 建立鎖定\n"
+
+#: g10/tdbio.c:539 g10/tdbio.c:604
+#, c-format
+msgid "can't lock `%s'\n"
+msgstr "無法鎖定 `%s'\n"
+
+#: g10/tdbio.c:565
+#, c-format
+msgid "%s: failed to create version record: %s"
+msgstr "%s: 建立版本記錄失敗: %s"
+
+#: g10/tdbio.c:569
+#, c-format
+msgid "%s: invalid trustdb created\n"
+msgstr "%s: 建立了無效的信任資料庫\n"
+
+#: g10/tdbio.c:572
+#, c-format
+msgid "%s: trustdb created\n"
+msgstr "%s: 建立了信任資料庫\n"
+
+#: g10/tdbio.c:615
+msgid "NOTE: trustdb not writable\n"
+msgstr "請注æ„: 信任資料庫ä¸å¯å¯«å…¥\n"
+
+#: g10/tdbio.c:623
+#, c-format
+msgid "%s: invalid trustdb\n"
+msgstr "%s: 無效的信任資料庫\n"
+
+#: g10/tdbio.c:655
+#, c-format
+msgid "%s: failed to create hashtable: %s\n"
+msgstr "%s: 建立雜湊表失敗: %s\n"
+
+#: g10/tdbio.c:663
+#, c-format
+msgid "%s: error updating version record: %s\n"
+msgstr "%s: 更新版本記錄時錯誤: %s\n"
+
+#: g10/tdbio.c:680 g10/tdbio.c:701 g10/tdbio.c:717 g10/tdbio.c:731
+#: g10/tdbio.c:761 g10/tdbio.c:1388 g10/tdbio.c:1415
+#, c-format
+msgid "%s: error reading version record: %s\n"
+msgstr "%s: 讀å–版本記錄時錯誤: %s\n"
+
+#: g10/tdbio.c:740
+#, c-format
+msgid "%s: error writing version record: %s\n"
+msgstr "%s: 寫入版本記錄時錯誤: %s\n"
+
+#: g10/tdbio.c:1181
+#, c-format
+msgid "trustdb: lseek failed: %s\n"
+msgstr "信任資料庫: 本機æœå°‹å¤±æ•—: %s\n"
+
+#: g10/tdbio.c:1190
+#, c-format
+msgid "trustdb: read failed (n=%d): %s\n"
+msgstr "信任資料庫: 讀å–失敗 (n=%d): %s\n"
+
+#: g10/tdbio.c:1211
+#, c-format
+msgid "%s: not a trustdb file\n"
+msgstr "%s: ä¸æ˜¯ä¸€å€‹ä¿¡ä»»è³‡æ–™åº«æª”案\n"
+
+#: g10/tdbio.c:1230
+#, c-format
+msgid "%s: version record with recnum %lu\n"
+msgstr "%s: 記錄編號為 %lu 的版本記錄\n"
+
+#: g10/tdbio.c:1235
+#, c-format
+msgid "%s: invalid file version %d\n"
+msgstr "%s: 無效的檔案版本 %d\n"
+
+#: g10/tdbio.c:1421
+#, c-format
+msgid "%s: error reading free record: %s\n"
+msgstr "%s: 讀å–å¯ç”¨ç©ºé–“記錄時出錯: %s\n"
+
+#: g10/tdbio.c:1429
+#, c-format
+msgid "%s: error writing dir record: %s\n"
+msgstr "%s: 寫入目錄記錄時出錯: %s\n"
+
+#: g10/tdbio.c:1439
+#, c-format
+msgid "%s: failed to zero a record: %s\n"
+msgstr "%s: 記錄歸零失敗: %s\n"
+
+#: g10/tdbio.c:1469
+#, c-format
+msgid "%s: failed to append a record: %s\n"
+msgstr "%s: 附加記錄失敗: %s\n"
+
+#: g10/tdbio.c:1512
+msgid "Error: The trustdb is corrupted.\n"
+msgstr "錯誤: 信任資料庫已毀æ.\n"
+
+#: g10/textfilter.c:147
+#, c-format
+msgid "can't handle text lines longer than %d characters\n"
+msgstr "無法處ç†é•·æ–¼ %d 字符的文字列\n"
+
+#: g10/textfilter.c:247
+#, c-format
+msgid "input line longer than %d characters\n"
+msgstr "輸入列比 %d 字符還長\n"
+
+#: g10/trustdb.c:221
+#, c-format
+msgid "`%s' is not a valid long keyID\n"
+msgstr "`%s' ä¸æ˜¯ä¸€å€‹æœ‰æ•ˆçš„é•·å¼é‡‘é‘° ID\n"
+
+#: g10/trustdb.c:252
+#, c-format
+msgid "key %s: accepted as trusted key\n"
+msgstr "金鑰 %s: 如å—信任的金鑰般被接å—了\n"
+
+#: g10/trustdb.c:290
+#, c-format
+msgid "key %s occurs more than once in the trustdb\n"
+msgstr "金鑰 %s 在信任資料庫中出ç¾äº†ä¸æ­¢ä¸€æ¬¡\n"
+
+#: g10/trustdb.c:305
+#, c-format
+msgid "key %s: no public key for trusted key - skipped\n"
+msgstr "金鑰 %s: å—信任的金鑰沒有公鑰 - 已跳éŽ\n"
+
+#: g10/trustdb.c:315
+#, c-format
+msgid "key %s marked as ultimately trusted\n"
+msgstr "金鑰 %s 已標記æˆå¾¹åº•ä¿¡ä»»äº†\n"
+
+#: g10/trustdb.c:339
+#, c-format
+msgid "trust record %lu, req type %d: read failed: %s\n"
+msgstr "信任記錄 %lu, 請求類別 %d: 讀å–失敗: %s\n"
+
+#: g10/trustdb.c:345
+#, c-format
+msgid "trust record %lu is not of requested type %d\n"
+msgstr "信任記錄 %lu ä¸æ˜¯æ‰€è«‹æ±‚的類別 %d\n"
+
+#: g10/trustdb.c:418
+msgid "You may try to re-create the trustdb using the commands:\n"
+msgstr "ä½ å¯ä»¥è©¦è‘—用下列指令來é‡å»ºä¿¡ä»»è³‡æ–™åº«:\n"
+
+#: g10/trustdb.c:427
+msgid "If that does not work, please consult the manual\n"
+msgstr "如果行ä¸é€šçš„話, 請查閱手冊\n"
+
+#: g10/trustdb.c:462
+#, c-format
+msgid "unable to use unknown trust model (%d) - assuming %s trust model\n"
+msgstr "無法使用未知的信任模型 (%d) - ç¾åœ¨æŽ¡ç”¨ %s 信任模型\n"
+
+#: g10/trustdb.c:468
+#, c-format
+msgid "using %s trust model\n"
+msgstr "正在使用 %s 信任模型\n"
+
+#: g10/trustdb.c:520
+msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+msgstr "10 譯者請åƒè¦‹ trustdb.c:uid_trust_string_fixed"
+
+#: g10/trustdb.c:522
+msgid "[ revoked]"
+msgstr "[ 已撤銷 ]"
+
+#: g10/trustdb.c:524 g10/trustdb.c:529
+msgid "[ expired]"
+msgstr "[ å·²éŽæœŸ ]"
+
+#: g10/trustdb.c:528
+msgid "[ unknown]"
+msgstr "[ 未知 ]"
+
+#: g10/trustdb.c:530
+msgid "[ undef ]"
+msgstr "[ 未定義 ]"
+
+#: g10/trustdb.c:531
+msgid "[marginal]"
+msgstr "[ 勉強 ]"
+
+#: g10/trustdb.c:532
+msgid "[ full ]"
+msgstr "[ 完全 ]"
+
+#: g10/trustdb.c:533
+msgid "[ultimate]"
+msgstr "[ 徹底 ]"
+
+#: g10/trustdb.c:548
+msgid "undefined"
+msgstr "未定義"
+
+#: g10/trustdb.c:549
+msgid "never"
+msgstr "æ°¸é ä¸æœƒ"
+
+#: g10/trustdb.c:550
+msgid "marginal"
+msgstr "勉強"
+
+#: g10/trustdb.c:551
+msgid "full"
+msgstr "完全"
+
+#: g10/trustdb.c:552
+msgid "ultimate"
+msgstr "徹底"
+
+#: g10/trustdb.c:592
+msgid "no need for a trustdb check\n"
+msgstr "ä¸éœ€è¦æª¢æŸ¥ä¿¡ä»»è³‡æ–™åº«\n"
+
+#: g10/trustdb.c:598 g10/trustdb.c:2487
+#, c-format
+msgid "next trustdb check due at %s\n"
+msgstr "下次信任資料庫檢查將於 %s 進行\n"
+
+#: g10/trustdb.c:607
+#, c-format
+msgid "no need for a trustdb check with `%s' trust model\n"
+msgstr "在 `%s' 信任模型中並ä¸éœ€è¦æª¢æŸ¥ä¿¡ä»»è³‡æ–™åº«\n"
+
+#: g10/trustdb.c:622
+#, c-format
+msgid "no need for a trustdb update with `%s' trust model\n"
+msgstr "在 `%s' 信任模型中並ä¸éœ€è¦æ›´æ–°ä¿¡ä»»è³‡æ–™åº«\n"
+
+#: g10/trustdb.c:857 g10/trustdb.c:1310
+#, c-format
+msgid "public key %s not found: %s\n"
+msgstr "找ä¸åˆ°å…¬é‘° %s: %s\n"
+
+#: g10/trustdb.c:1053
+msgid "please do a --check-trustdb\n"
+msgstr "è«‹åšä¸€æ¬¡ --check-trustdb\n"
+
+#: g10/trustdb.c:1057
+msgid "checking the trustdb\n"
+msgstr "正在檢查信任資料庫\n"
+
+#: g10/trustdb.c:2230
+#, c-format
+msgid "%d keys processed (%d validity counts cleared)\n"
+msgstr "已經處ç†äº† %d 把金鑰 (共計已解決了 %d 份有效性)\n"
+
+#: g10/trustdb.c:2295
+msgid "no ultimately trusted keys found\n"
+msgstr "沒有找到任何徹底信任的金鑰\n"
+
+#: g10/trustdb.c:2309
+#, c-format
+msgid "public key of ultimately trusted key %s not found\n"
+msgstr "找ä¸åˆ°å¾¹åº•ä¿¡ä»»é‡‘é‘° %s 的公鑰\n"
+
+#: g10/trustdb.c:2332
+#, c-format
+msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
+msgstr "%d å€‹å‹‰å¼·ä¿¡ä»»ä»¥åŠ %d 個完全信任是 %s 信任模型的最å°éœ€æ±‚\n"
+
+#: g10/trustdb.c:2418
+#, c-format
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgstr "深度: %d 有效: %3d 已簽署: %3d 信任: %d-, %dq, %dn, %dm, %df, %du\n"
+
+#: g10/trustdb.c:2493
+#, c-format
+msgid "unable to update trustdb version record: write failed: %s\n"
+msgstr "無法更新信任資料庫版本記錄: 寫入失敗: %s\n"
+
+#: g10/verify.c:118
+msgid ""
+"the signature could not be verified.\n"
+"Please remember that the signature file (.sig or .asc)\n"
+"should be the first file given on the command line.\n"
+msgstr ""
+"簽章無法驗證.\n"
+"請記ä½ç°½ç« æª” (.sig 或 .asc)\n"
+"應該是第一個命令列給定的檔案.\n"
+
+#: g10/verify.c:205
+#, c-format
+msgid "input line %u too long or missing LF\n"
+msgstr "輸入列 %u 太長或者列末的 LF éºå¤±äº†\n"
+
+#: g10/verify.c:253
+#, c-format
+msgid "can't open fd %d: %s\n"
+msgstr "無法開啟 fd %d: %s\n"
+
+#: jnlib/argparse.c:180
+msgid "argument not expected"
+msgstr "沒料到有引數"
+
+#: jnlib/argparse.c:182
+msgid "read error"
+msgstr "讀å–錯誤"
+
+#: jnlib/argparse.c:184
+msgid "keyword too long"
+msgstr "é—œéµå­—太長"
+
+#: jnlib/argparse.c:186
+msgid "missing argument"
+msgstr "無效的引數"
+
+#: jnlib/argparse.c:188
+msgid "invalid command"
+msgstr "無效的指令"
+
+#: jnlib/argparse.c:190
+msgid "invalid alias definition"
+msgstr "無效的別å定義"
+
+#: jnlib/argparse.c:192
+msgid "out of core"
+msgstr "超出核心"
+
+#: jnlib/argparse.c:194
+msgid "invalid option"
+msgstr "無效的é¸é …"
+
+#: jnlib/argparse.c:202
+#, c-format
+msgid "missing argument for option \"%.50s\"\n"
+msgstr "\"%.50s\" é¸é …éºå¤±äº†å¼•æ•¸\n"
+
+#: jnlib/argparse.c:204
+#, c-format
+msgid "option \"%.50s\" does not expect an argument\n"
+msgstr "\"%.50s\" é¸é …沒料到會有引數\n"
+
+#: jnlib/argparse.c:207
+#, c-format
+msgid "invalid command \"%.50s\"\n"
+msgstr "無效的指令 \"%.50s\"\n"
+
+#: jnlib/argparse.c:209
+#, c-format
+msgid "option \"%.50s\" is ambiguous\n"
+msgstr "\"%.50s\" é¸é …ä¸æ˜Žç¢º\n"
+
+#: jnlib/argparse.c:211
+#, c-format
+msgid "command \"%.50s\" is ambiguous\n"
+msgstr "\"%.50s\" 指令ä¸æ˜Žç¢º\n"
+
+#: jnlib/argparse.c:213
+msgid "out of core\n"
+msgstr "超出核心\n"
+
+#: jnlib/argparse.c:215
+#, c-format
+msgid "invalid option \"%.50s\"\n"
+msgstr "無效的é¸é … \"%.50s\"\n"
+
+#: jnlib/logging.c:647
+#, c-format
+msgid "you found a bug ... (%s:%d)\n"
+msgstr "你找到一個瑕疵了 ... (%s:%d)\n"
+
+#: jnlib/utf8conv.c:85
+#, c-format
+msgid "error loading `%s': %s\n"
+msgstr "載入 `%s' 時出錯: %s\n"
+
+#: jnlib/utf8conv.c:123
+#, c-format
+msgid "conversion from `%s' to `%s' not available\n"
+msgstr "沒有從 `%s' 到 `%s' 之間的轉æ›å¯ç”¨\n"
+
+#: jnlib/utf8conv.c:131
+#, c-format
+msgid "iconv_open failed: %s\n"
+msgstr "iconv_open 失敗: %s\n"
+
+#: jnlib/utf8conv.c:388 jnlib/utf8conv.c:654
+#, c-format
+msgid "conversion from `%s' to `%s' failed: %s\n"
+msgstr "從 `%s' 轉æ›æˆ `%s' 失敗: %s\n"
+
+#: jnlib/dotlock.c:234
+#, c-format
+msgid "failed to create temporary file `%s': %s\n"
+msgstr "無法建立暫存檔 `%s': %s\n"
+
+#: jnlib/dotlock.c:269
+#, c-format
+msgid "error writing to `%s': %s\n"
+msgstr "寫入 %s 時出錯: %s\n"
+
+#: jnlib/dotlock.c:453
+#, c-format
+msgid "removing stale lockfile (created by %d)\n"
+msgstr "正在移除陳è…的鎖定檔 (ç”± %d 所建立)\n"
+
+#: jnlib/dotlock.c:459
+msgid " - probably dead - removing lock"
+msgstr " - å¯èƒ½å·²ç¶“掛掉了 - 正在移除鎖定"
+
+#: jnlib/dotlock.c:469
+#, c-format
+msgid "waiting for lock (held by %d%s) %s...\n"
+msgstr "正在等候鎖定 (被 %d%s æŒæœ‰) %s...\n"
+
+#: jnlib/dotlock.c:470
+msgid "(deadlock?) "
+msgstr "(æ­»çµå—Ž?) "
+
+#: jnlib/dotlock.c:493
+#, c-format
+msgid "lock `%s' not made: %s\n"
+msgstr "未鎖定 `%s': %s\n"
+
+#: jnlib/dotlock.c:501
+#, c-format
+msgid "waiting for lock %s...\n"
+msgstr "正在等候 `%s' 鎖定...\n"
+
+#: kbx/kbxutil.c:92
+msgid "set debugging flags"
+msgstr "設定除錯旗標"
+
+#: kbx/kbxutil.c:93
+msgid "enable full debugging"
+msgstr "啟用完整除錯"
+
+#: kbx/kbxutil.c:117
+msgid "Usage: kbxutil [options] [files] (-h for help)"
+msgstr "用法: kbxutil [é¸é …] [檔案] (或用 -h 求助)"
+
+#: kbx/kbxutil.c:120
+msgid ""
+"Syntax: kbxutil [options] [files]\n"
+"list, export, import Keybox data\n"
+msgstr ""
+"語法: kbxutil [é¸é …] [檔案]\n"
+"列出, 匯出, 匯入金鑰鑰匙盒資料\n"
+
+#: scd/app-nks.c:713 scd/app-openpgp.c:2647
+#, c-format
+msgid "RSA modulus missing or not of size %d bits\n"
+msgstr "RSA 模組缺æ¼æˆ–è€…ä¸¦éž %d ä½å…ƒå¤§\n"
+
+#: scd/app-nks.c:721 scd/app-openpgp.c:2659
+#, c-format
+msgid "RSA public exponent missing or larger than %d bits\n"
+msgstr "RSA 公用指數缺æ¼æˆ–者大於 %d ä½å…ƒ\n"
+
+#: scd/app-nks.c:801 scd/app-openpgp.c:1549 scd/app-openpgp.c:1568
+#: scd/app-openpgp.c:1729 scd/app-openpgp.c:1746 scd/app-openpgp.c:1994
+#: scd/app-openpgp.c:2039 scd/app-dinsig.c:303
+#, c-format
+msgid "PIN callback returned error: %s\n"
+msgstr "收回個人識別碼 (PIN) 時傳回錯誤: %s\n"
+
+#: scd/app-nks.c:834
+msgid "the NullPIN has not yet been changed\n"
+msgstr "NullPIN 還沒有變更éŽ\n"
+
+#: scd/app-nks.c:1092
+msgid "|N|Please enter a new PIN for the standard keys."
+msgstr "|N|請輸入標準金鑰將採用的新個人識別碼 (PIN)."
+
+#: scd/app-nks.c:1093
+msgid "||Please enter the PIN for the standard keys."
+msgstr "||請輸入標準金鑰的個人識別碼 (PIN)."
+
+#: scd/app-nks.c:1099
+msgid "|NP|Please enter a new PIN Unblocking Code (PUK) for the standard keys."
+msgstr "|NP|請輸入標準金鑰將採用的 PIN é‡è¨­ç¢¼ (PUK)."
+
+#: scd/app-nks.c:1101
+msgid "|P|Please enter the PIN Unblocking Code (PUK) for the standard keys."
+msgstr "|P|請輸入標準金鑰的 PIN é‡è¨­ç¢¼ (PUK)."
+
+#: scd/app-nks.c:1109
+msgid "|N|Please enter a new PIN for the key to create qualified signatures."
+msgstr "|N|請輸入金鑰的新個人識別碼 (PIN) 以建立完善的簽章."
+
+#: scd/app-nks.c:1111
+msgid "||Please enter the PIN for the key to create qualified signatures."
+msgstr "||請輸入金鑰的個人識別碼 (PIN) 以建立完善的簽章."
+
+#: scd/app-nks.c:1119
+msgid ""
+"|NP|Please enter a new PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr "|NP|請輸入金鑰的新 PIN é‡è¨­ç¢¼ (PUK) 以建立完善的簽章."
+
+#: scd/app-nks.c:1121
+msgid ""
+"|P|Please enter the PIN Unblocking Code (PUK) for the key to create "
+"qualified signatures."
+msgstr "|P|請輸入金鑰的 PIN é‡è¨­ç¢¼ (PUK) 以建立完善的簽章."
+
+#: scd/app-nks.c:1222 scd/app-openpgp.c:2072 scd/app-dinsig.c:532
+#, c-format
+msgid "error getting new PIN: %s\n"
+msgstr "å–得新的個人識別碼 (PIN) 時出錯: %s\n"
+
+#: scd/app-openpgp.c:695
+#, c-format
+msgid "failed to store the fingerprint: %s\n"
+msgstr "存放指紋失敗: %s\n"
+
+#: scd/app-openpgp.c:708
+#, c-format
+msgid "failed to store the creation date: %s\n"
+msgstr "存放創生日期失敗: %s\n"
+
+#: scd/app-openpgp.c:1156
+#, c-format
+msgid "reading public key failed: %s\n"
+msgstr "讀å–公鑰時失敗: %s\n"
+
+#: scd/app-openpgp.c:1164 scd/app-openpgp.c:2882
+msgid "response does not contain the public key data\n"
+msgstr "回應中未包å«å…¬é‘°è³‡æ–™\n"
+
+#: scd/app-openpgp.c:1172 scd/app-openpgp.c:2890
+msgid "response does not contain the RSA modulus\n"
+msgstr "å›žæ‡‰ä¸­æœªåŒ…å« RSA 系數\n"
+
+#: scd/app-openpgp.c:1181 scd/app-openpgp.c:2900
+msgid "response does not contain the RSA public exponent\n"
+msgstr "å›žæ‡‰ä¸­æœªåŒ…å« RSA 公用指數\n"
+
+#: scd/app-openpgp.c:1501
+#, c-format
+msgid "using default PIN as %s\n"
+msgstr "以 %s åšç‚ºé è¨­ PIN\n"
+
+#: scd/app-openpgp.c:1508
+#, c-format
+msgid "failed to use default PIN as %s: %s - disabling further default use\n"
+msgstr "使用 %s åšç‚ºé è¨­å€‹äººè­˜åˆ¥ç¢¼ (PIN) 失敗: %s - 正在åœç”¨ä¹‹å¾Œçš„é è¨­ä½¿ç”¨\n"
+
+#: scd/app-openpgp.c:1523
+#, c-format
+msgid "||Please enter the PIN%%0A[sigs done: %lu]"
+msgstr "||請輸入 PIN%%0A[簽署完æˆ: %lu]"
+
+#: scd/app-openpgp.c:1534 scd/app-openpgp.c:1988
+msgid "||Please enter the PIN"
+msgstr "||請輸入個人識別碼 (PIN)"
+
+#: scd/app-openpgp.c:1575 scd/app-openpgp.c:1753 scd/app-openpgp.c:2001
+#, c-format
+msgid "PIN for CHV%d is too short; minimum length is %d\n"
+msgstr "用於 CHV%d 的個人識別碼 (PIN) 太短; 長度最少è¦æœ‰ %d\n"
+
+#: scd/app-openpgp.c:1588 scd/app-openpgp.c:1627 scd/app-openpgp.c:1765
+#: scd/app-openpgp.c:3200
+#, c-format
+msgid "verify CHV%d failed: %s\n"
+msgstr "驗證 CHV%d 失敗: %s\n"
+
+#: scd/app-openpgp.c:1656 scd/app-openpgp.c:2020 scd/app-openpgp.c:3498
+msgid "error retrieving CHV status from card\n"
+msgstr "從å¡ç‰‡å–回 CHV 狀態時出錯\n"
+
+#: scd/app-openpgp.c:1662 scd/app-openpgp.c:3507
+msgid "card is permanently locked!\n"
+msgstr "å¡ç‰‡æ°¸ä¹…鎖定了!!\n"
+
+#: scd/app-openpgp.c:1669
+#, c-format
+msgid "%d Admin PIN attempts remaining before card is permanently locked\n"
+msgstr "%d 管ç†è€…個人識別碼 (PIN) 試圖在å¡ç‰‡æ°¸ä¹…鎖定å‰éºç•™ä¸‹ä¾†\n"
+
+#. TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+#. the start of the string. Use %%0A to force a linefeed.
+#: scd/app-openpgp.c:1676
+#, c-format
+msgid "|A|Please enter the Admin PIN%%0A[remaining attempts: %d]"
+msgstr "|A|請在上輸入管ç†è€… PIN%%0A[剩餘嘗試次數: %d]"
+
+#: scd/app-openpgp.c:1680
+msgid "|A|Please enter the Admin PIN"
+msgstr "|A|請輸入管ç†è€… PIN"
+
+#: scd/app-openpgp.c:1701
+msgid "access to admin commands is not configured\n"
+msgstr "管ç†è€…指令存å–權é™å°šæœªçµ„æ…‹\n"
+
+#: scd/app-openpgp.c:2035
+msgid "||Please enter the Reset Code for the card"
+msgstr "||請輸入å¡ç‰‡çš„é‡è¨­ç¢¼"
+
+#: scd/app-openpgp.c:2045 scd/app-openpgp.c:2097
+#, c-format
+msgid "Reset Code is too short; minimum length is %d\n"
+msgstr "é‡è¨­ç¢¼å¤ªçŸ­; 長度最少è¦æœ‰ %d\n"
+
+#: scd/app-openpgp.c:2067
+msgid "|RN|New Reset Code"
+msgstr "|RN|新增é‡è¨­ç¢¼"
+
+#: scd/app-openpgp.c:2068
+msgid "|AN|New Admin PIN"
+msgstr "|AN|新增管ç†è€…個人識別碼 (PIN)"
+
+#: scd/app-openpgp.c:2068
+msgid "|N|New PIN"
+msgstr "|N|新增個人識別碼 (PIN)"
+
+#: scd/app-openpgp.c:2178 scd/app-openpgp.c:2968
+msgid "error reading application data\n"
+msgstr "讀å–應用程å¼è³‡æ–™æ™‚出錯\n"
+
+#: scd/app-openpgp.c:2184 scd/app-openpgp.c:2975
+msgid "error reading fingerprint DO\n"
+msgstr "讀å–指紋 DO 時出錯\n"
+
+#: scd/app-openpgp.c:2194
+msgid "key already exists\n"
+msgstr "金鑰已存在\n"
+
+#: scd/app-openpgp.c:2198
+msgid "existing key will be replaced\n"
+msgstr "既有的金鑰將被å–代\n"
+
+#: scd/app-openpgp.c:2200
+msgid "generating new key\n"
+msgstr "正在產生新的金鑰\n"
+
+#: scd/app-openpgp.c:2202
+msgid "writing new key\n"
+msgstr "正在寫入新的金鑰\n"
+
+#: scd/app-openpgp.c:2627
+msgid "creation timestamp missing\n"
+msgstr "缺æ¼å‰µç”Ÿæ™‚間戳å°\n"
+
+#: scd/app-openpgp.c:2669 scd/app-openpgp.c:2677
+#, c-format
+msgid "RSA prime %s missing or not of size %d bits\n"
+msgstr "RSA 質數 %s 缺æ¼æˆ–è€…ä¸¦éž %d ä½å…ƒå¤§\n"
+
+#: scd/app-openpgp.c:2773
+#, c-format
+msgid "failed to store the key: %s\n"
+msgstr "存放金鑰失敗: %s\n"
+
+#: scd/app-openpgp.c:2859
+msgid "please wait while key is being generated ...\n"
+msgstr "正在產生金鑰中, è«‹ç¨å€™ ...\n"
+
+#: scd/app-openpgp.c:2872
+msgid "generating key failed\n"
+msgstr "產生金鑰時失敗\n"
+
+#: scd/app-openpgp.c:2875
+#, c-format
+msgid "key generation completed (%d seconds)\n"
+msgstr "金鑰產生完畢 (%d 秒)\n"
+
+#: scd/app-openpgp.c:2933
+msgid "invalid structure of OpenPGP card (DO 0x93)\n"
+msgstr "無效的 OpenPGP å¡ç‰‡çµæ§‹ (DO 0x93)\n"
+
+#: scd/app-openpgp.c:2983
+msgid "fingerprint on card does not match requested one\n"
+msgstr "å¡ç‰‡ä¸Šçš„指紋與所è¦æ±‚的那個並ä¸å»åˆ\n"
+
+#: scd/app-openpgp.c:3099
+#, c-format
+msgid "card does not support digest algorithm %s\n"
+msgstr "å¡ç‰‡ä¸æ”¯æ´ %s 摘è¦æ¼”算法\n"
+
+#: scd/app-openpgp.c:3175
+#, c-format
+msgid "signatures created so far: %lu\n"
+msgstr "ç›®å‰å»ºç«‹çš„簽章: %lu\n"
+
+#: scd/app-openpgp.c:3512
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
+msgstr "ç›®å‰åœ¨æ­¤æŒ‡ä»¤ä¸­çš„管ç†è€… PIN 驗證被ç¦æ­¢äº†\n"
+
+#: scd/app-openpgp.c:3737 scd/app-openpgp.c:3748
+#, c-format
+msgid "can't access %s - invalid OpenPGP card?\n"
+msgstr "ç„¡æ³•å­˜å– %s - 無效的 OpenPGP å¡ç‰‡?\n"
+
+#: scd/app-dinsig.c:299
+msgid "||Please enter your PIN at the reader's keypad"
+msgstr "||請在讀å¡æ©Ÿéµç›¤ä¸Šè¼¸å…¥ä½ çš„個人識別碼 (PIN)"
+
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
+#: scd/app-dinsig.c:529
+msgid "|N|Initial New PIN"
+msgstr "|N|開始新增個人識別碼 (PIN)"
+
+#: scd/scdaemon.c:107
+msgid "run in multi server mode (foreground)"
+msgstr "以多é‡ä¼ºæœå™¨æ¨¡å¼åŸ·è¡Œ (å‰æ™¯)"
+
+#: scd/scdaemon.c:117 sm/gpgsm.c:316
+msgid "|LEVEL|set the debugging level to LEVEL"
+msgstr "|等級|設定除錯等級為「等級ã€"
+
+#: scd/scdaemon.c:124 tools/gpgconf-comp.c:620
+msgid "|FILE|write a log to FILE"
+msgstr "|檔案|將日誌寫入至「檔案ã€"
+
+#: scd/scdaemon.c:126
+msgid "|N|connect to reader at port N"
+msgstr "|N|從 N 埠連線至讀å¡æ©Ÿ"
+
+#: scd/scdaemon.c:128
+msgid "|NAME|use NAME as ct-API driver"
+msgstr "|å稱|使用「å稱ã€åšç‚º ct-API 驅動程å¼"
+
+#: scd/scdaemon.c:130
+msgid "|NAME|use NAME as PC/SC driver"
+msgstr "|å稱|使用「å稱ã€åšç‚º PC/SC 驅動程å¼"
+
+#: scd/scdaemon.c:133
+msgid "do not use the internal CCID driver"
+msgstr "ä¸è¦ä½¿ç”¨å…§éƒ¨çš„ CCID 驅動程å¼"
+
+#: scd/scdaemon.c:139
+msgid "|N|disconnect the card after N seconds of inactivity"
+msgstr "|N|æ²’æœ‰æ´»å‹•é” N 秒後就與å¡ç‰‡æ–·ç·š"
+
+#: scd/scdaemon.c:141
+msgid "do not use a reader's keypad"
+msgstr "ä¸è¦ä½¿ç”¨è®€å¡æ©Ÿéµç›¤"
+
+#: scd/scdaemon.c:144
+msgid "deny the use of admin card commands"
+msgstr "ç¦ç”¨ç®¡ç†è€…å¡ç‰‡æŒ‡ä»¤"
+
+#: scd/scdaemon.c:259
+msgid "Usage: scdaemon [options] (-h for help)"
+msgstr "用法: scdaemon [é¸é …] (或用 -h 求助)"
+
+#: scd/scdaemon.c:261
+msgid ""
+"Syntax: scdaemon [options] [command [args]]\n"
+"Smartcard daemon for GnuPG\n"
+msgstr ""
+"語法: scdaemon [é¸é …] [指令 [引數]]\n"
+"GnuPg 智慧å¡æœå‹™\n"
+
+#: scd/scdaemon.c:766
+msgid "please use the option `--daemon' to run the program in the background\n"
+msgstr "請使用 `--daemon' é¸é …來將此程å¼åŸ·è¡Œæ–¼èƒŒæ™¯\n"
+
+#: scd/scdaemon.c:1120
+#, c-format
+msgid "handler for fd %d started\n"
+msgstr "用於 fd %d 的經手程å¼å·²å•Ÿå‹•\n"
+
+#: scd/scdaemon.c:1132
+#, c-format
+msgid "handler for fd %d terminated\n"
+msgstr "用於 fd %d 的經手程å¼å·²çµ‚æ­¢\n"
+
+#: sm/base64.c:325
+#, c-format
+msgid "invalid radix64 character %02x skipped\n"
+msgstr "已跳éŽç„¡æ•ˆçš„ radix64 字符 %02x\n"
+
+#: sm/call-agent.c:137
+#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "以 %s 代ç†ä¼ºæœå™¨æŸ¥è©¢ç”¨æˆ¶ç«¯æ™‚失敗\n"
+
+#: sm/call-dirmngr.c:252
+#, c-format
+msgid "no running dirmngr - starting `%s'\n"
+msgstr "沒有執行中的 dirmngr - 正在啟動 `%s'\n"
+
+#: sm/call-dirmngr.c:285
+msgid "malformed DIRMNGR_INFO environment variable\n"
+msgstr "被變造的 DIRMNGR_INFO 環境變數\n"
+
+#: sm/call-dirmngr.c:297
+#, c-format
+msgid "dirmngr protocol version %d is not supported\n"
+msgstr "æœªæ”¯æ´ dirmngr å”定版本 %d\n"
+
+#: sm/call-dirmngr.c:317
+msgid "can't connect to the dirmngr - trying fall back\n"
+msgstr "無法連線至 dirmngr - 正試著退回\n"
+
+#: sm/certchain.c:196
+#, c-format
+msgid "validation model requested by certificate: %s"
+msgstr "憑證所è¦æ±‚的驗證模型: %s"
+
+#: sm/certchain.c:197 sm/certchain.c:1828
+msgid "chain"
+msgstr "chain"
+
+#: sm/certchain.c:198 sm/certchain.c:1828
+msgid "shell"
+msgstr "shell"
+
+#: sm/certchain.c:258
+#, c-format
+msgid "critical certificate extension %s is not supported"
+msgstr "未支æ´é—œéµæ†‘證延伸 %s"
+
+#: sm/certchain.c:297
+msgid "issuer certificate is not marked as a CA"
+msgstr "發行者憑證並未標記為 CA"
+
+#: sm/certchain.c:335
+msgid "critical marked policy without configured policies"
+msgstr "é—œéµå·²æ¨™è¨˜åŽŸå‰‡æ²’有已組態的原則"
+
+#: sm/certchain.c:345
+#, c-format
+msgid "failed to open `%s': %s\n"
+msgstr "開啟 `%s' 失敗: %s\n"
+
+#: sm/certchain.c:353 sm/certchain.c:382
+msgid "note: non-critical certificate policy not allowed"
+msgstr "請注æ„: ä¸å…許éžé—œéµçš„憑證原則"
+
+#: sm/certchain.c:357 sm/certchain.c:386
+msgid "certificate policy not allowed"
+msgstr "未å…許憑證原則"
+
+#: sm/certchain.c:498
+msgid "looking up issuer at external location\n"
+msgstr "從外部ä½ç½®å°‹æ‰¾ç™¼è¡Œè€…\n"
+
+#: sm/certchain.c:517
+#, c-format
+msgid "number of issuers matching: %d\n"
+msgstr "å»åˆçš„發行者數é‡: %d\n"
+
+#: sm/certchain.c:561
+msgid "looking up issuer from the Dirmngr cache\n"
+msgstr "從 Dirmngr å¿«å–尋找發行者\n"
+
+#: sm/certchain.c:585
+#, c-format
+msgid "number of matching certificates: %d\n"
+msgstr "å»åˆçš„憑證數é‡: %d\n"
+
+#: sm/certchain.c:587
+#, c-format
+msgid "dirmngr cache-only key lookup failed: %s\n"
+msgstr "尋找é™æ–¼ dirmngr å¿«å–的金鑰時失敗: %s\n"
+
+#: sm/certchain.c:759 sm/certchain.c:1252 sm/certchain.c:1856 sm/decrypt.c:261
+#: sm/encrypt.c:335 sm/sign.c:335 sm/verify.c:113
+msgid "failed to allocated keyDB handle\n"
+msgstr "é…ç½® keyDB handle 失敗\n"
+
+#: sm/certchain.c:925
+msgid "certificate has been revoked"
+msgstr "憑證已撤銷"
+
+#: sm/certchain.c:940
+msgid "the status of the certificate is unknown"
+msgstr "憑證的狀態未知"
+
+#: sm/certchain.c:947
+msgid "please make sure that the \"dirmngr\" is properly installed\n"
+msgstr "è«‹ç¢ºèª \"dirmngr\" 已安è£å¦¥å–„\n"
+
+#: sm/certchain.c:953
+#, c-format
+msgid "checking the CRL failed: %s"
+msgstr "檢查 CRL 時失敗: %s"
+
+#: sm/certchain.c:982 sm/certchain.c:1050
+#, c-format
+msgid "certificate with invalid validity: %s"
+msgstr "有效性無效的憑證: %s"
+
+#: sm/certchain.c:997 sm/certchain.c:1082
+msgid "certificate not yet valid"
+msgstr "憑證尚未生效"
+
+#: sm/certchain.c:998 sm/certchain.c:1083
+msgid "root certificate not yet valid"
+msgstr "根憑證尚未生效"
+
+#: sm/certchain.c:999 sm/certchain.c:1084
+msgid "intermediate certificate not yet valid"
+msgstr "媒介憑證尚未生效"
+
+#: sm/certchain.c:1012
+msgid "certificate has expired"
+msgstr "憑證已éŽæœŸ"
+
+#: sm/certchain.c:1013
+msgid "root certificate has expired"
+msgstr "根憑證已éŽæœŸ"
+
+#: sm/certchain.c:1014
+msgid "intermediate certificate has expired"
+msgstr "媒介憑證已éŽæœŸ"
+
+#: sm/certchain.c:1056
+#, c-format
+msgid "required certificate attributes missing: %s%s%s"
+msgstr "éºå¤±æ‰€éœ€çš„憑證屬性: %s%s%s"
+
+#: sm/certchain.c:1065
+msgid "certificate with invalid validity"
+msgstr "有效性無效的憑證"
+
+#: sm/certchain.c:1102
+msgid "signature not created during lifetime of certificate"
+msgstr "簽章並éžåœ¨æ†‘證生存時間內所造"
+
+#: sm/certchain.c:1104
+msgid "certificate not created during lifetime of issuer"
+msgstr "憑證並éžåœ¨ç™¼è¡Œè€…生存時間內所造"
+
+#: sm/certchain.c:1105
+msgid "intermediate certificate not created during lifetime of issuer"
+msgstr "媒介憑證並éžåœ¨ç™¼è¡Œè€…生存時間內所造"
+
+#: sm/certchain.c:1109
+msgid " ( signature created at "
+msgstr " ( 簽章建立於 "
+
+#: sm/certchain.c:1110
+msgid " (certificate created at "
+msgstr " ( 憑證建立於 "
+
+#: sm/certchain.c:1113
+msgid " (certificate valid from "
+msgstr " (憑證有效自 "
+
+#: sm/certchain.c:1114
+msgid " ( issuer valid from "
+msgstr " ( 發行者有效自 "
+
+#: sm/certchain.c:1144
+#, c-format
+msgid "fingerprint=%s\n"
+msgstr "指紋=%s\n"
+
+#: sm/certchain.c:1153
+msgid "root certificate has now been marked as trusted\n"
+msgstr "根憑證ç¾åœ¨å·²æ¨™è¨˜ç‚ºå·²ä¿¡ä»»\n"
+
+#: sm/certchain.c:1166
+msgid "interactive marking as trusted not enabled in gpg-agent\n"
+msgstr "在 gpg-agent 中未啟用互動å¼æ¨™è¨˜ç‚ºå·²ä¿¡ä»»\n"
+
+#: sm/certchain.c:1172
+msgid "interactive marking as trusted disabled for this session\n"
+msgstr "互動å¼æ¨™è¨˜ç‚ºå·²ä¿¡ä»»åœ¨æ­¤ä½œæ¥­éšŽæ®µä¸­å·²åœç”¨\n"
+
+#: sm/certchain.c:1229
+msgid "WARNING: creation time of signature not known - assuming current time"
+msgstr "警告: 簽章創造時間未知 - å‡è¨­ç‚ºæ­¤åˆ»"
+
+#: sm/certchain.c:1293
+msgid "no issuer found in certificate"
+msgstr "憑證中找ä¸åˆ°ç™¼è¡Œè€…"
+
+#: sm/certchain.c:1366
+msgid "self-signed certificate has a BAD signature"
+msgstr "自簽憑證有 ä¸è‰¯ 簽章"
+
+#: sm/certchain.c:1435
+msgid "root certificate is not marked trusted"
+msgstr "根憑證未標記為已信任"
+
+#: sm/certchain.c:1448
+#, c-format
+msgid "checking the trust list failed: %s\n"
+msgstr "檢查信任清單時失敗: %s\n"
+
+#: sm/certchain.c:1477 sm/import.c:160
+msgid "certificate chain too long\n"
+msgstr "憑證éˆå¤ªé•·\n"
+
+#: sm/certchain.c:1489
+msgid "issuer certificate not found"
+msgstr "找ä¸åˆ°ç™¼è¡Œè€…憑證"
+
+#: sm/certchain.c:1522
+msgid "certificate has a BAD signature"
+msgstr "憑證有 ä¸è‰¯ 簽章"
+
+#: sm/certchain.c:1553
+msgid "found another possible matching CA certificate - trying again"
+msgstr "找到了å¦ä¸€å€‹å¯èƒ½å»åˆçš„ CA 憑證 - æ­£å†è©¦ä¸€æ¬¡"
+
+#: sm/certchain.c:1604
+#, c-format
+msgid "certificate chain longer than allowed by CA (%d)"
+msgstr "憑證éˆæ¯” CA 所å…許的 (%d) é‚„é•·"
+
+#: sm/certchain.c:1644 sm/certchain.c:1927
+msgid "certificate is good\n"
+msgstr "憑證完好\n"
+
+#: sm/certchain.c:1645
+msgid "intermediate certificate is good\n"
+msgstr "媒介憑證良好\n"
+
+#: sm/certchain.c:1646
+msgid "root certificate is good\n"
+msgstr "根憑證完好\n"
+
+#: sm/certchain.c:1817
+msgid "switching to chain model"
+msgstr "切æ›è‡³éˆæ¨¡åž‹"
+
+#: sm/certchain.c:1826
+#, c-format
+msgid "validation model used: %s"
+msgstr "已使用的驗證模型: %s"
+
+#: sm/certcheck.c:97
+#, c-format
+msgid "%s key uses an unsafe (%u bit) hash\n"
+msgstr "金鑰 %s 使用ä¸å®‰å…¨ (%u ä½å…ƒ) 的雜湊\n"
+
+#: sm/certcheck.c:107
+#, c-format
+msgid "a %u bit hash is not valid for a %u bit %s key\n"
+msgstr "%u ä½å…ƒçš„é›œæ¹Šå° %u ä½å…ƒçš„ %s 金鑰來說是無效的\n"
+
+#: sm/certcheck.c:244 sm/verify.c:201
+msgid "(this is the MD2 algorithm)\n"
+msgstr "(這是 MD2 演算法)\n"
+
+#: sm/certdump.c:60 sm/certdump.c:143
+msgid "none"
+msgstr "ç„¡"
+
+#: sm/certdump.c:564 sm/certdump.c:609 sm/certdump.c:674 sm/certdump.c:732
+msgid "[Error - invalid encoding]"
+msgstr "[錯誤 - 無效的編碼]"
+
+#: sm/certdump.c:572 sm/certdump.c:617
+msgid "[Error - out of core]"
+msgstr "[錯誤 - 超出核心]"
+
+#: sm/certdump.c:654 sm/certdump.c:710
+msgid "[Error - No name]"
+msgstr "[錯誤 - 沒有å稱]"
+
+#: sm/certdump.c:679 sm/certdump.c:738
+msgid "[Error - invalid DN]"
+msgstr "[錯誤 - 無效的 DN]"
+
+#: sm/certdump.c:948
+#, c-format
+msgid ""
+"Please enter the passphrase to unlock the secret key for the X.509 "
+"certificate:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"created %s, expires %s.\n"
+msgstr ""
+"請輸入密語來解開 X.509 憑證所需的ç§é‘°:\n"
+"\"%s\"\n"
+"S/N %s, ID 0x%08lX,\n"
+"建立於 %s, 於 %s 到期.\n"
+
+#: sm/certlist.c:122
+msgid "no key usage specified - assuming all usages\n"
+msgstr "沒有指定的金鑰用途 - å‡è¨­ç‚ºæ‰€æœ‰çš„用途\n"
+
+#: sm/certlist.c:132 sm/keylist.c:272
+#, c-format
+msgid "error getting key usage information: %s\n"
+msgstr "å–得金鑰用途資訊時出錯: %s\n"
+
+#: sm/certlist.c:142
+msgid "certificate should have not been used for certification\n"
+msgstr "憑證應該還未被用於憑證\n"
+
+#: sm/certlist.c:154
+msgid "certificate should have not been used for OCSP response signing\n"
+msgstr "憑證應該還未被用於 OCSP 回應簽署\n"
+
+#: sm/certlist.c:165
+msgid "certificate should have not been used for encryption\n"
+msgstr "憑證應該還未被用於加密\n"
+
+#: sm/certlist.c:166
+msgid "certificate should have not been used for signing\n"
+msgstr "憑證應該還未被用於簽署\n"
+
+#: sm/certlist.c:167
+msgid "certificate is not usable for encryption\n"
+msgstr "憑證無法用於加密\n"
+
+#: sm/certlist.c:168
+msgid "certificate is not usable for signing\n"
+msgstr "憑證無法用於簽署\n"
+
+#: sm/certreqgen.c:474
+#, c-format
+msgid "line %d: invalid algorithm\n"
+msgstr "第 %d 列: 無效的演算法\n"
+
+#: sm/certreqgen.c:487
+#, c-format
+msgid "line %d: invalid key length %u (valid are %d to %d)\n"
+msgstr "第 %d 列: 金鑰長度 %u 無效 (有效範åœæ˜¯å¾ž %d 至 %d)\n"
+
+#: sm/certreqgen.c:505
+#, c-format
+msgid "line %d: no subject name given\n"
+msgstr "第 %d 列: 沒有給定的物件å稱\n"
+
+#: sm/certreqgen.c:514
+#, c-format
+msgid "line %d: invalid subject name label `%.*s'\n"
+msgstr "第 %d 列: 無效的物件å稱標籤 `%.*s'\n"
+
+#: sm/certreqgen.c:517
+#, c-format
+msgid "line %d: invalid subject name `%s' at pos %d\n"
+msgstr "第 %d 列: 無效的物件å稱 `%s' æ–¼ pos %d\n"
+
+#: sm/certreqgen.c:534
+#, c-format
+msgid "line %d: not a valid email address\n"
+msgstr "第 %d 列: ä¸æ˜¯æœ‰æ•ˆçš„é›»å­éƒµä»¶åœ°å€\n"
+
+#: sm/certreqgen.c:546
+#, c-format
+msgid "line %d: error reading key `%s' from card: %s\n"
+msgstr "第 %d 列: 從å¡ç‰‡è®€å–金鑰 `%s' 時出錯: %s\n"
+
+#: sm/certreqgen.c:558
+#, c-format
+msgid "line %d: error getting key by keygrip `%s': %s\n"
+msgstr "第 %d 列: 以金鑰鑰柄 `%s' å–得金鑰時出錯: %s\n"
+
+#: sm/certreqgen.c:574
+#, c-format
+msgid "line %d: key generation failed: %s <%s>\n"
+msgstr "第 %d 列: 金鑰產生失敗: %s <%s>\n"
+
+#: sm/certreqgen.c:806
+msgid ""
+"To complete this certificate request please enter the passphrase for the key "
+"you just created once more.\n"
+msgstr "如欲完æˆæ­¤æ†‘證請求, è«‹å†è¼¸å…¥ä¸€æ¬¡ä½ å‰›æ‰å»ºç«‹çš„金鑰密語.\n"
+
+#: sm/certreqgen-ui.c:158
+#, c-format
+msgid " (%d) RSA\n"
+msgstr " (%d) RSA\n"
+
+#: sm/certreqgen-ui.c:159
+#, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) ç¾æœ‰çš„金鑰\n"
+
+#: sm/certreqgen-ui.c:160
+#, c-format
+msgid " (%d) Existing key from card\n"
+msgstr " (%d) å¡ç‰‡ä¸Šç¾å­˜çš„金鑰\n"
+
+#: sm/certreqgen-ui.c:202
+msgid "Enter the keygrip: "
+msgstr "請輸入金鑰鑰柄: "
+
+#: sm/certreqgen-ui.c:210
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr "ä¸æ˜¯æœ‰æ•ˆçš„金鑰鑰柄 (應該è¦æ˜¯ 40 ä½å六進制數值)\n"
+
+#: sm/certreqgen-ui.c:212
+msgid "No key with this keygrip\n"
+msgstr "沒有金鑰有此金鑰鑰柄\n"
+
+#: sm/certreqgen-ui.c:230 sm/certreqgen-ui.c:239
+#, c-format
+msgid "error reading the card: %s\n"
+msgstr "讀å–å¡ç‰‡æ™‚出錯: %s\n"
+
+#: sm/certreqgen-ui.c:233
+#, c-format
+msgid "Serial number of the card: %s\n"
+msgstr "å¡ç‰‡åºè™Ÿ: %s\n"
+
+#: sm/certreqgen-ui.c:245
+msgid "Available keys:\n"
+msgstr "å¯ç”¨é‡‘é‘°:\n"
+
+#: sm/certreqgen-ui.c:276
+#, c-format
+msgid "Possible actions for a %s key:\n"
+msgstr "%s 金鑰å¯èƒ½çš„動作:\n"
+
+#: sm/certreqgen-ui.c:277
+#, c-format
+msgid " (%d) sign, encrypt\n"
+msgstr " (%d) 簽署, 加密\n"
+
+#: sm/certreqgen-ui.c:278
+#, c-format
+msgid " (%d) sign\n"
+msgstr " (%d) 簽署\n"
+
+#: sm/certreqgen-ui.c:279
+#, c-format
+msgid " (%d) encrypt\n"
+msgstr " (%d) 加密\n"
+
+#: sm/certreqgen-ui.c:303
+msgid "Enter the X.509 subject name: "
+msgstr "請輸入 X.509 主旨å稱: "
+
+#: sm/certreqgen-ui.c:307
+msgid "No subject name given\n"
+msgstr "沒有給定的物件å稱\n"
+
+#: sm/certreqgen-ui.c:311
+#, c-format
+msgid "Invalid subject name label `%.*s'\n"
+msgstr "無效的物件å稱標籤 `%.*s'\n"
+
+#. TRANSLATORS: The 22 in the second string is the
+#. length of the first string up to the "%s". Please
+#. adjust it do the length of your translation. The
+#. second string is merely passed to atoi so you can
+#. drop everything after the number.
+#: sm/certreqgen-ui.c:320
+#, c-format
+msgid "Invalid subject name `%s'\n"
+msgstr "無效的物件å稱 `%s'\n"
+
+#: sm/certreqgen-ui.c:322
+msgid "22 translator: see certreg-ui.c:gpgsm_gencertreq_tty"
+msgstr "22"
+
+#: sm/certreqgen-ui.c:334
+msgid "Enter email addresses"
+msgstr "請輸入電å­éƒµä»¶åœ°å€"
+
+#: sm/certreqgen-ui.c:335
+msgid " (end with an empty line):\n"
+msgstr " (以空白列çµæŸ):\n"
+
+#: sm/certreqgen-ui.c:339
+msgid "Enter DNS names"
+msgstr "請輸入 DNS å稱"
+
+#: sm/certreqgen-ui.c:340 sm/certreqgen-ui.c:345
+msgid " (optional; end with an empty line):\n"
+msgstr " (éžå¿…è¦; 以空白列çµæŸ):\n"
+
+#: sm/certreqgen-ui.c:344
+msgid "Enter URIs"
+msgstr "請輸入 URI"
+
+#: sm/certreqgen-ui.c:371
+msgid "Parameters to be used for the certificate request:\n"
+msgstr "用於憑證請求的åƒæ•¸:\n"
+
+#: sm/certreqgen-ui.c:389
+msgid "Now creating certificate request. This may take a while ...\n"
+msgstr "ç¾åœ¨æ­£åœ¨å»ºç«‹æ†‘證請求. 這å¯èƒ½æœƒèŠ±ä¸Šä¸€æ®µæ™‚é–“ ...\n"
+
+#: sm/certreqgen-ui.c:398
+msgid "Ready. You should now send this request to your CA.\n"
+msgstr "準備好了. ä½ ç¾åœ¨å°±è©²æŠŠæ­¤è«‹æ±‚é€åˆ°ä½ çš„ CA.\n"
+
+#: sm/certreqgen-ui.c:403
+msgid "resource problem: out of core\n"
+msgstr "資æºå•é¡Œ: 超出核心\n"
+
+#: sm/decrypt.c:330
+msgid "(this is the RC2 algorithm)\n"
+msgstr "(這是 RC2 演算法)\n"
+
+#: sm/decrypt.c:332
+msgid "(this does not seem to be an encrypted message)\n"
+msgstr "(這看起來ä¸åƒæ˜¯å€‹åŠ å¯†éŽçš„訊æ¯)\n"
+
+#: sm/delete.c:51 sm/delete.c:112
+#, c-format
+msgid "certificate `%s' not found: %s\n"
+msgstr "找ä¸åˆ°æ†‘è­‰ `%s': %s\n"
+
+#: sm/delete.c:122 sm/keydb.c:1397 sm/keydb.c:1499
+#, c-format
+msgid "error locking keybox: %s\n"
+msgstr "鎖ä½é‡‘鑰鑰匙盒時出錯: %s\n"
+
+#: sm/delete.c:143
+#, c-format
+msgid "duplicated certificate `%s' deleted\n"
+msgstr "é‡è¤‡çš„ `%s' 憑證已刪除\n"
+
+#: sm/delete.c:145
+#, c-format
+msgid "certificate `%s' deleted\n"
+msgstr "憑證 `%s' 已刪除\n"
+
+#: sm/delete.c:175
+#, c-format
+msgid "deleting certificate \"%s\" failed: %s\n"
+msgstr "刪除憑證 \"%s\" 時失敗: %s\n"
+
+#: sm/encrypt.c:321
+msgid "no valid recipients given\n"
+msgstr "沒有給定有效的收件者\n"
+
+#: sm/gpgsm.c:197
+msgid "list external keys"
+msgstr "列出外部金鑰"
+
+#: sm/gpgsm.c:199
+msgid "list certificate chain"
+msgstr "列出憑證éˆ"
+
+#: sm/gpgsm.c:206
+msgid "import certificates"
+msgstr "匯入憑證"
+
+#: sm/gpgsm.c:207
+msgid "export certificates"
+msgstr "匯出憑證"
+
+#: sm/gpgsm.c:209
+msgid "register a smartcard"
+msgstr "註冊智慧å¡"
+
+#: sm/gpgsm.c:212
+msgid "pass a command to the dirmngr"
+msgstr "將指令éžé€çµ¦ dirmngr"
+
+#: sm/gpgsm.c:214
+msgid "invoke gpg-protect-tool"
+msgstr "å«ç”¨ gpg-protect-tool"
+
+#: sm/gpgsm.c:230
+msgid "create base-64 encoded output"
+msgstr "建立以 base-64 編碼éŽçš„輸出"
+
+#: sm/gpgsm.c:235
+msgid "assume input is in PEM format"
+msgstr "å‡è¨­è¼¸å…¥çš„是 PEM æ ¼å¼"
+
+#: sm/gpgsm.c:237
+msgid "assume input is in base-64 format"
+msgstr "å‡è¨­è¼¸å…¥çš„是 base-64 æ ¼å¼"
+
+#: sm/gpgsm.c:239
+msgid "assume input is in binary format"
+msgstr "å‡è¨­è¼¸å…¥çš„是二進制格å¼"
+
+#: sm/gpgsm.c:244
+msgid "use system's dirmngr if available"
+msgstr "如果系統有 dirmngr 的話就拿來用"
+
+#: sm/gpgsm.c:247
+msgid "never consult a CRL"
+msgstr "æ°¸é ä¸è¦æŸ¥é–± CRL"
+
+#: sm/gpgsm.c:257
+msgid "check validity using OCSP"
+msgstr "用 OCSP 檢查有效性"
+
+#: sm/gpgsm.c:262
+msgid "|N|number of certificates to include"
+msgstr "|N|è¦åŒ…å«çš„憑證數é‡"
+
+#: sm/gpgsm.c:265
+msgid "|FILE|take policy information from FILE"
+msgstr "|檔案|從「檔案ã€ä¸­å–得原則資訊"
+
+#: sm/gpgsm.c:268
+msgid "do not check certificate policies"
+msgstr "ä¸è¦æª¢æŸ¥æ†‘證原則"
+
+#: sm/gpgsm.c:272
+msgid "fetch missing issuer certificates"
+msgstr "å–回éºå¤±çš„發行者憑證"
+
+#: sm/gpgsm.c:283
+msgid "don't use the terminal at all"
+msgstr "完全ä¸è¦ä½¿ç”¨çµ‚端機"
+
+#: sm/gpgsm.c:285
+msgid "|FILE|write a server mode log to FILE"
+msgstr "|檔案|將伺æœå™¨æ¨¡å¼æ—¥èªŒå¯«å…¥è‡³ã€Œæª”案ã€"
+
+#: sm/gpgsm.c:290
+msgid "|FILE|write an audit log to FILE"
+msgstr "|檔案|將稽核日誌寫入至「檔案ã€"
+
+#: sm/gpgsm.c:293
+msgid "batch mode: never ask"
+msgstr "批次模å¼: æ°¸é ä¸è©¢å•"
+
+#: sm/gpgsm.c:294
+msgid "assume yes on most questions"
+msgstr "å‡è¨­å¤§éƒ¨åˆ†çš„å•é¡Œéƒ½å›žç­”是"
+
+#: sm/gpgsm.c:295
+msgid "assume no on most questions"
+msgstr "å‡è¨­å¤§éƒ¨åˆ†çš„å•é¡Œéƒ½å›žç­”å¦"
+
+#: sm/gpgsm.c:298
+msgid "|FILE|add keyring to the list of keyrings"
+msgstr "|檔案|將此金鑰鑰匙圈加到金鑰鑰匙圈清單「檔案ã€ä¸­"
+
+#: sm/gpgsm.c:301
+msgid "|USER-ID|use USER-ID as default secret key"
+msgstr "|使用者-ID|使用「使用者-IDã€åšç‚ºé è¨­ç§é‘°"
+
+#: sm/gpgsm.c:311 tools/gpgconf-comp.c:745
+msgid "|SPEC|use this keyserver to lookup keys"
+msgstr "|SPEC|使用此金鑰伺æœå™¨ä¾†æŸ¥æ‰¾é‡‘é‘°"
+
+#: sm/gpgsm.c:329
+msgid "|NAME|use cipher algorithm NAME"
+msgstr "|å稱|使用「å稱ã€ç·¨å¯†æ¼”算法"
+
+#: sm/gpgsm.c:331
+msgid "|NAME|use message digest algorithm NAME"
+msgstr "|å稱|使用「å稱ã€è¨Šæ¯æ‘˜è¦æ¼”算法"
+
+#: sm/gpgsm.c:522
+msgid "Usage: gpgsm [options] [files] (-h for help)"
+msgstr "用法: gpgsm [é¸é …] [檔案] (或用 -h 求助)"
+
+#: sm/gpgsm.c:525
+msgid ""
+"Syntax: gpgsm [options] [files]\n"
+"sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"default operation depends on the input data\n"
+msgstr ""
+"語法: gpgsm [é¸é …] [檔案]\n"
+"用 S/MIME å”定來簽署, 檢查, 加密或解密\n"
+"é è¨­çš„æ“作會ä¾è¼¸å…¥è³‡æ–™è€Œå®š\n"
+
+#: sm/gpgsm.c:617
+msgid "usage: gpgsm [options] "
+msgstr "用法: gpgsm [é¸é …] "
+
+#: sm/gpgsm.c:739
+#, c-format
+msgid "NOTE: won't be able to encrypt to `%s': %s\n"
+msgstr "請注æ„: 將無法加密為 `%s': %s\n"
+
+#: sm/gpgsm.c:750
+#, c-format
+msgid "unknown validation model `%s'\n"
+msgstr "未知的驗證模型 `%s'\n"
+
+#: sm/gpgsm.c:801
+#, c-format
+msgid "%s:%u: no hostname given\n"
+msgstr "%s:%u: 沒有給定主機å稱\n"
+
+#: sm/gpgsm.c:820
+#, c-format
+msgid "%s:%u: password given without user\n"
+msgstr "%s:%u: 給定的密碼沒有使用者\n"
+
+#: sm/gpgsm.c:841
+#, c-format
+msgid "%s:%u: skipping this line\n"
+msgstr "%s:%u: 正在跳éŽé€™ä¸€åˆ—\n"
+
+#: sm/gpgsm.c:1376
+msgid "could not parse keyserver\n"
+msgstr "無法剖æžé‡‘鑰伺æœå™¨\n"
+
+#: sm/gpgsm.c:1456
+msgid "WARNING: running with faked system time: "
+msgstr "警告: 正在å½é€ çš„系統時間中執行: "
+
+#: sm/gpgsm.c:1556
+#, c-format
+msgid "importing common certificates `%s'\n"
+msgstr "正在匯入通用憑證 `%s'\n"
+
+#: sm/gpgsm.c:1597
+#, c-format
+msgid "can't sign using `%s': %s\n"
+msgstr "無法用 `%s' 來簽署: %s\n"
+
+#: sm/gpgsm.c:1931
+msgid "invalid command (there is no implicit command)\n"
+msgstr "無效的指令 (沒有這樣的指令)\n"
+
+#: sm/import.c:111
+#, c-format
+msgid "total number processed: %lu\n"
+msgstr "處ç†ç¸½é‡: %lu\n"
+
+#: sm/import.c:230
+msgid "error storing certificate\n"
+msgstr "存放憑證時出錯\n"
+
+#: sm/import.c:238
+msgid "basic certificate checks failed - not imported\n"
+msgstr "基本的憑證檢查失敗了 - 未匯入\n"
+
+#: sm/import.c:435 sm/keydb.c:1319 sm/keydb.c:1387
+msgid "failed to allocate keyDB handle\n"
+msgstr "é…ç½® keyDB handle 失敗\n"
+
+#: sm/import.c:492 sm/keydb.c:1417 sm/keydb.c:1511
+#, c-format
+msgid "error getting stored flags: %s\n"
+msgstr "å–得已存放的旗標時出錯: %s\n"
+
+#: sm/import.c:551 sm/import.c:583
+#, c-format
+msgid "error importing certificate: %s\n"
+msgstr "匯入憑證時出錯: %s\n"
+
+#: sm/import.c:684 tools/gpg-connect-agent.c:1346
+#, c-format
+msgid "error reading input: %s\n"
+msgstr "讀å–輸入時出錯: %s\n"
+
+#: sm/keydb.c:187
+#, c-format
+msgid "error creating keybox `%s': %s\n"
+msgstr "建立金鑰鑰匙盒 `%s' 時出錯: %s\n"
+
+#: sm/keydb.c:190
+msgid "you may want to start the gpg-agent first\n"
+msgstr "ä½ å¯èƒ½æœƒå…ˆæƒ³å•Ÿå‹• gpg-agent\n"
+
+#: sm/keydb.c:195
+#, c-format
+msgid "keybox `%s' created\n"
+msgstr "`%s' 鑰匙盒已建立\n"
+
+#: sm/keydb.c:1312 sm/keydb.c:1380
+msgid "failed to get the fingerprint\n"
+msgstr "å–得指紋失敗\n"
+
+#: sm/keydb.c:1340
+#, c-format
+msgid "problem looking for existing certificate: %s\n"
+msgstr "查找既有憑證的å•é¡Œ: %s\n"
+
+#: sm/keydb.c:1348
+#, c-format
+msgid "error finding writable keyDB: %s\n"
+msgstr "尋找å¯å¯«å…¥çš„ keyDB 時出錯: %s\n"
+
+#: sm/keydb.c:1356
+#, c-format
+msgid "error storing certificate: %s\n"
+msgstr "存放憑證時出錯: %s\n"
+
+#: sm/keydb.c:1408
+#, c-format
+msgid "problem re-searching certificate: %s\n"
+msgstr "é‡æ–°æœå°‹æ†‘證的å•é¡Œ: %s\n"
+
+#: sm/keydb.c:1429 sm/keydb.c:1522
+#, c-format
+msgid "error storing flags: %s\n"
+msgstr "存放旗標時出錯: %s\n"
+
+#: sm/keylist.c:642
+msgid "Error - "
+msgstr "錯誤 - "
+
+#: sm/misc.c:55
+msgid "GPG_TTY has not been set - using maybe bogus default\n"
+msgstr "尚未設定 GPG_TTY - 使用å¯èƒ½æ˜¯å½é€ çš„é è¨­å€¼\n"
+
+#: sm/qualified.c:105
+#, c-format
+msgid "invalid formatted fingerprint in `%s', line %d\n"
+msgstr "無效的格å¼åŒ–指紋於 `%s', 第 %d 列\n"
+
+#: sm/qualified.c:123
+#, c-format
+msgid "invalid country code in `%s', line %d\n"
+msgstr "無效的國家代碼於 `%s', 第 %d 列\n"
+
+#: sm/qualified.c:202
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"This will create a qualified signature by law equated to a handwritten "
+"signature.\n"
+"\n"
+"%s%sAre you really sure that you want to do this?"
+msgstr ""
+"ä½ æ­£è¦ç”¨ä½ çš„這個憑證來建立簽章:\n"
+"\"%s\"\n"
+"這會建立出在法律上與簽å等效的åˆæ ¼ç°½ç« .\n"
+"\n"
+"%s%sè«‹å•ä½ æ˜¯å¦çœŸçš„確定è¦é€™æ¨£åšäº†?"
+
+#: sm/qualified.c:211 sm/verify.c:616
+msgid ""
+"Note, that this software is not officially approved to create or verify such "
+"signatures.\n"
+msgstr "請注æ„, 本軟體並未正å¼è¢«èªå¯ä¾†å»ºç«‹æˆ–驗證這樣的簽章.\n"
+
+#: sm/qualified.c:278
+#, c-format
+msgid ""
+"You are about to create a signature using your certificate:\n"
+"\"%s\"\n"
+"Note, that this certificate will NOT create a qualified signature!"
+msgstr ""
+"ä½ æ­£è¦ç”¨ä½ çš„這個憑證來建立簽章:\n"
+"\"%s\"\n"
+"請注æ„, 這個憑證並 ä¸æœƒ 建立出åˆæ ¼çš„簽章!"
+
+#: sm/sign.c:449
+#, c-format
+msgid "hash algorithm %d (%s) for signer %d not supported; using %s\n"
+msgstr "雜湊演算法 %d (%s) 為簽署者 %d 所用, 但並ä¸æ”¯æ´; 改用 %s\n"
+
+#: sm/sign.c:463
+#, c-format
+msgid "hash algorithm used for signer %d: %s (%s)\n"
+msgstr "簽署者 %d 所用的雜湊演算法: %s (%s)\n"
+
+#: sm/sign.c:513
+#, c-format
+msgid "checking for qualified certificate failed: %s\n"
+msgstr "檢查åˆæ ¼æ†‘證時失敗: %s\n"
+
+#: sm/verify.c:449
+msgid "Signature made "
+msgstr "簽章建立於 "
+
+#: sm/verify.c:453
+msgid "[date not given]"
+msgstr "[ 未給定日期 ]"
+
+#: sm/verify.c:454
+#, c-format
+msgid " using certificate ID 0x%08lX\n"
+msgstr " 以憑證 ID 0x%08lX\n"
+
+#: sm/verify.c:473
+msgid ""
+"invalid signature: message digest attribute does not match computed one\n"
+msgstr "無效的簽章: 訊æ¯æ‘˜è¦å±¬æ€§èˆ‡è¨ˆç®—而得的ä¸å»åˆ\n"
+
+#: sm/verify.c:594
+msgid "Good signature from"
+msgstr "完好的簽章來自於"
+
+#: sm/verify.c:595
+msgid " aka"
+msgstr " 亦å³"
+
+#: sm/verify.c:613
+msgid "This is a qualified signature\n"
+msgstr "這是一份åˆæ ¼ç°½ç« \n"
+
+#: tools/gpg-connect-agent.c:70 tools/gpgconf.c:81 tools/symcryptrun.c:167
+msgid "quiet"
+msgstr "安éœæ¨¡å¼"
+
+#: tools/gpg-connect-agent.c:71
+msgid "print data out hex encoded"
+msgstr "列å°è³‡æ–™è¶…出å六進制編碼範åœ"
+
+#: tools/gpg-connect-agent.c:72
+msgid "decode received data lines"
+msgstr "å°å·²æ”¶åˆ°çš„資料列解碼"
+
+#: tools/gpg-connect-agent.c:74
+msgid "|NAME|connect to Assuan socket NAME"
+msgstr "|å稱|連線至 Assuan socket「å稱ã€"
+
+#: tools/gpg-connect-agent.c:76
+msgid "run the Assuan server given on the command line"
+msgstr "執行命令列所給定的 Assuan 伺æœå™¨"
+
+#: tools/gpg-connect-agent.c:78
+msgid "do not use extended connect mode"
+msgstr "ä¸è¦ä½¿ç”¨å»¶ä¼¸é€£ç·šæ¨¡å¼"
+
+#: tools/gpg-connect-agent.c:80
+msgid "|FILE|run commands from FILE on startup"
+msgstr "|檔案|啟動時執行「檔案ã€ä¸­çš„指令"
+
+#: tools/gpg-connect-agent.c:81
+msgid "run /subst on startup"
+msgstr "啟動時執行 /subst"
+
+#: tools/gpg-connect-agent.c:184
+msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgstr "用法: gpg-connect-agent [é¸é …] (或用 -h 求助)"
+
+#: tools/gpg-connect-agent.c:187
+msgid ""
+"Syntax: gpg-connect-agent [options]\n"
+"Connect to a running agent and send commands\n"
+msgstr ""
+"語法: gpg-connect-agent [é¸é …]\n"
+"連線至é‹ä½œä¸­çš„代ç†ç¨‹å¼ä¸¦é€å‡ºæŒ‡ä»¤\n"
+
+#: tools/gpg-connect-agent.c:1201
+#, c-format
+msgid "option \"%s\" requires a program and optional arguments\n"
+msgstr "\"%s\" é¸é …需è¦æœ‰ç¨‹å¼åŠé¸ç”¨çš„引數\n"
+
+#: tools/gpg-connect-agent.c:1210
+#, c-format
+msgid "option \"%s\" ignored due to \"%s\"\n"
+msgstr "\"%s\" é¸é …因為 \"%s\" 而被忽略了\n"
+
+#: tools/gpg-connect-agent.c:1281 tools/gpg-connect-agent.c:1771
+#, c-format
+msgid "receiving line failed: %s\n"
+msgstr "接收列時失敗: %s\n"
+
+#: tools/gpg-connect-agent.c:1371
+msgid "line too long - skipped\n"
+msgstr "列太長 - 已跳éŽ\n"
+
+#: tools/gpg-connect-agent.c:1375
+msgid "line shortened due to embedded Nul character\n"
+msgstr "列因嵌入的 Nul 字符而縮短了\n"
+
+#: tools/gpg-connect-agent.c:1743
+#, c-format
+msgid "unknown command `%s'\n"
+msgstr "未知的指令 `%s'\n"
+
+#: tools/gpg-connect-agent.c:1761
+#, c-format
+msgid "sending line failed: %s\n"
+msgstr "é€å‡ºåˆ—時失敗: %s\n"
+
+#: tools/gpg-connect-agent.c:2208
+#, c-format
+msgid "error sending %s command: %s\n"
+msgstr "é€å‡º `%s' 指令時出錯: %s\n"
+
+#: tools/gpg-connect-agent.c:2223
+#, c-format
+msgid "error sending standard options: %s\n"
+msgstr "é€å‡ºæ¨™æº–é¸é …時出錯: %s\n"
+
+#: tools/gpgconf-comp.c:473 tools/gpgconf-comp.c:577 tools/gpgconf-comp.c:644
+#: tools/gpgconf-comp.c:712 tools/gpgconf-comp.c:799
+msgid "Options controlling the diagnostic output"
+msgstr "控制著診斷性輸出的é¸é …"
+
+#: tools/gpgconf-comp.c:486 tools/gpgconf-comp.c:590 tools/gpgconf-comp.c:657
+#: tools/gpgconf-comp.c:725 tools/gpgconf-comp.c:822
+msgid "Options controlling the configuration"
+msgstr "控制著組態的é¸é …"
+
+#: tools/gpgconf-comp.c:496 tools/gpgconf-comp.c:615 tools/gpgconf-comp.c:673
+#: tools/gpgconf-comp.c:750 tools/gpgconf-comp.c:829
+msgid "Options useful for debugging"
+msgstr "å°é™¤éŒ¯æœ‰å¹«åŠ©çš„é¸é …"
+
+#: tools/gpgconf-comp.c:501 tools/gpgconf-comp.c:678 tools/gpgconf-comp.c:755
+#: tools/gpgconf-comp.c:837
+msgid "|FILE|write server mode logs to FILE"
+msgstr "|檔案|將伺æœå™¨æ¨¡å¼æ—¥èªŒå¯«å…¥è‡³ã€Œæª”案ã€"
+
+#: tools/gpgconf-comp.c:509 tools/gpgconf-comp.c:625 tools/gpgconf-comp.c:763
+msgid "Options controlling the security"
+msgstr "控制著安全性的é¸é …"
+
+#: tools/gpgconf-comp.c:516
+msgid "|N|expire SSH keys after N seconds"
+msgstr "|N|在 N 秒之後讓 SSH 金鑰éŽæœŸ"
+
+#: tools/gpgconf-comp.c:520
+msgid "|N|set maximum PIN cache lifetime to N seconds"
+msgstr "|N|把個人識別碼 (PIN) å¿«å–æœ€å¤§ç”Ÿå­˜æ™‚é–“è¨­æˆ N 秒"
+
+#: tools/gpgconf-comp.c:524
+msgid "|N|set maximum SSH key lifetime to N seconds"
+msgstr "|N|把 SSH é‡‘é‘°æœ€å¤§ç”Ÿå­˜æ™‚é–“è¨­æˆ N 秒"
+
+#: tools/gpgconf-comp.c:538
+msgid "Options enforcing a passphrase policy"
+msgstr "強制執行密語原則的é¸é …"
+
+#: tools/gpgconf-comp.c:541
+msgid "do not allow to bypass the passphrase policy"
+msgstr "ä¸å…許略éŽå¯†èªžåŽŸå‰‡"
+
+#: tools/gpgconf-comp.c:545
+msgid "|N|set minimal required length for new passphrases to N"
+msgstr "|N|æŠŠæ–°å¯†èªžæ‰€éœ€çš„æœ€çŸ­é•·åº¦è¨­æˆ N"
+
+#: tools/gpgconf-comp.c:549
+msgid "|N|require at least N non-alpha characters for a new passphrase"
+msgstr "|N|新密語至少è¦æœ‰ N 個éžå­—æ¯çš„字符"
+
+#: tools/gpgconf-comp.c:553
+msgid "|FILE|check new passphrases against pattern in FILE"
+msgstr "|檔案|用「檔案ã€ä¸­çš„樣å¼ä¾†æª¢æŸ¥æ–°å¯†èªž"
+
+#: tools/gpgconf-comp.c:557
+msgid "|N|expire the passphrase after N days"
+msgstr "|N|在 N 天之後讓密語éŽæœŸ"
+
+#: tools/gpgconf-comp.c:561
+msgid "do not allow the reuse of old passphrases"
+msgstr "ä¸å…許é‡è¤‡ä½¿ç”¨èˆŠå¯†èªž"
+
+#: tools/gpgconf-comp.c:659 tools/gpgconf-comp.c:727
+msgid "|NAME|use NAME as default secret key"
+msgstr "|åå­—|使用「åå­—ã€åšç‚ºé è¨­ç§é‘°"
+
+#: tools/gpgconf-comp.c:662 tools/gpgconf-comp.c:730
+msgid "|NAME|encrypt to user ID NAME as well"
+msgstr "|åå­—|也加密給使用者 ID「åå­—ã€"
+
+#: tools/gpgconf-comp.c:665
+msgid "|SPEC|set up email aliases"
+msgstr "|SPEC|設定電å­éƒµä»¶åˆ¥å"
+
+#: tools/gpgconf-comp.c:686
+msgid "Configuration for Keyservers"
+msgstr "金鑰伺æœå™¨çµ„æ…‹"
+
+#: tools/gpgconf-comp.c:688
+msgid "|URL|use keyserver at URL"
+msgstr "|URL|使用ä½æ–¼ URL 的金鑰伺æœå™¨"
+
+#: tools/gpgconf-comp.c:691
+msgid "allow PKA lookups (DNS requests)"
+msgstr "å…許 PKA 查找 (DNS 請求)"
+
+#: tools/gpgconf-comp.c:694
+msgid "|MECHANISMS|use MECHANISMS to locate keys by mail address"
+msgstr "|MECHANISMS|使用 MECHANISMS 機制來從郵件地å€æ‰¾å‡ºé‡‘é‘°"
+
+#: tools/gpgconf-comp.c:739
+msgid "disable all access to the dirmngr"
+msgstr "åœç”¨æ‰€æœ‰çš„ dirmngr å­˜å–"
+
+#: tools/gpgconf-comp.c:742
+msgid "|NAME|use encoding NAME for PKCS#12 passphrases"
+msgstr "|å稱|將「å稱ã€ç·¨ç¢¼ç”¨æ–¼ PKCS#12 密語"
+
+#: tools/gpgconf-comp.c:768
+msgid "do not check CRLs for root certificates"
+msgstr "ä¸è¦ç‚ºæ ¹æ†‘證檢查 CRL"
+
+#: tools/gpgconf-comp.c:812
+msgid "Options controlling the format of the output"
+msgstr "控制著輸出格å¼çš„é¸é …"
+
+#: tools/gpgconf-comp.c:848
+msgid "Options controlling the interactivity and enforcement"
+msgstr "控制著互動åŠå¼·åˆ¶åŸ·è¡Œçš„é¸é …"
+
+#: tools/gpgconf-comp.c:858
+msgid "Configuration for HTTP servers"
+msgstr "HTTP 伺æœå™¨çµ„æ…‹"
+
+#: tools/gpgconf-comp.c:869
+msgid "use system's HTTP proxy setting"
+msgstr "使用系統的 HTTP 代ç†ä¼ºæœå™¨è¨­å®š"
+
+#: tools/gpgconf-comp.c:874
+msgid "Configuration of LDAP servers to use"
+msgstr "è¦ç”¨çš„ LDAP 伺æœå™¨çµ„æ…‹"
+
+#: tools/gpgconf-comp.c:903
+msgid "LDAP server list"
+msgstr "LDAP 伺æœå™¨æ¸…å–®"
+
+#: tools/gpgconf-comp.c:911
+msgid "Configuration for OCSP"
+msgstr "OCSP 組態"
+
+#: tools/gpgconf-comp.c:3077
+#, c-format
+msgid "External verification of component %s failed"
+msgstr "元件 %s 的外部驗證失敗"
+
+#: tools/gpgconf-comp.c:3227
+msgid "Note that group specifications are ignored\n"
+msgstr "請注æ„群組è¦æ ¼å·²å¿½ç•¥\n"
+
+#: tools/gpgconf.c:62
+msgid "list all components"
+msgstr "列出所有的元件"
+
+#: tools/gpgconf.c:63
+msgid "check all programs"
+msgstr "檢查所有的程å¼"
+
+#: tools/gpgconf.c:64
+msgid "|COMPONENT|list options"
+msgstr "|元件|列出é¸é …"
+
+#: tools/gpgconf.c:65
+msgid "|COMPONENT|change options"
+msgstr "|元件|變更é¸é …"
+
+#: tools/gpgconf.c:66
+msgid "|COMPONENT|check options"
+msgstr "|元件|檢查é¸é …"
+
+#: tools/gpgconf.c:68
+msgid "apply global default values"
+msgstr "套用全域é è¨­å€¼"
+
+#: tools/gpgconf.c:70
+msgid "get the configuration directories for gpgconf"
+msgstr "å–å¾— gpgconf 的組態目錄"
+
+#: tools/gpgconf.c:72
+msgid "list global configuration file"
+msgstr "列出全域組態檔"
+
+#: tools/gpgconf.c:74
+msgid "check global configuration file"
+msgstr "檢查全域組態檔案"
+
+#: tools/gpgconf.c:79
+msgid "use as output file"
+msgstr "當作輸出檔案來使用"
+
+#: tools/gpgconf.c:83
+msgid "activate changes at runtime, if possible"
+msgstr "如果å¯èƒ½çš„話, 在執行期啟用變更"
+
+#: tools/gpgconf.c:105
+msgid "Usage: gpgconf [options] (-h for help)"
+msgstr "用法: gpgconf [é¸é …] (或用 -h 求助)"
+
+#: tools/gpgconf.c:108
+msgid ""
+"Syntax: gpgconf [options]\n"
+"Manage configuration options for tools of the GnuPG system\n"
+msgstr ""
+"語法: gpgconf [é¸é …]\n"
+"ç®¡ç† GnuPG 系統工具的組態é¸é …\n"
+
+#: tools/gpgconf.c:214 tools/gpgconf.c:282
+msgid "usage: gpgconf [options] "
+msgstr "用法: gpgconf [é¸é …] "
+
+#: tools/gpgconf.c:216
+msgid "Need one component argument"
+msgstr "需è¦ä¸€å€‹å…ƒä»¶å¼•æ•¸"
+
+#: tools/gpgconf.c:225 tools/gpgconf.c:258
+msgid "Component not found"
+msgstr "找ä¸åˆ°å…ƒä»¶"
+
+#: tools/gpgconf.c:284
+msgid "No argument allowed"
+msgstr "未å…許使用引數"
+
+#: tools/symcryptrun.c:154
+msgid ""
+"@\n"
+"Commands:\n"
+" "
+msgstr ""
+"@\n"
+"指令:\n"
+" "
+
+#: tools/symcryptrun.c:156
+msgid "decryption modus"
+msgstr "解密方å¼"
+
+#: tools/symcryptrun.c:157
+msgid "encryption modus"
+msgstr "加密方å¼"
+
+#: tools/symcryptrun.c:161
+msgid "tool class (confucius)"
+msgstr "工具類別 (confucius)"
+
+#: tools/symcryptrun.c:162
+msgid "program filename"
+msgstr "程å¼æª”å"
+
+#: tools/symcryptrun.c:164
+msgid "secret key file (required)"
+msgstr "ç§é‘°æª”案 (å¿…è¦)"
+
+#: tools/symcryptrun.c:165
+msgid "input file name (default stdin)"
+msgstr "輸入檔å (é è¨­æ˜¯æ¨™æº–輸入)"
+
+#: tools/symcryptrun.c:209
+msgid "Usage: symcryptrun [options] (-h for help)"
+msgstr "用法: symcryptrun [é¸é …] (或用 -h 求助)"
+
+#: tools/symcryptrun.c:212
+msgid ""
+"Syntax: symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE "
+"[options...] COMMAND [inputfile]\n"
+"Call a simple symmetric encryption tool\n"
+msgstr ""
+"語法: symcryptrun --class 型別 --program ç¨‹å¼ --keyfile 金鑰檔案 [é¸é …...] 指"
+"令 [輸入檔案]\n"
+"å«ç”¨å–®ç´”å°ç¨±å¼åŠ å¯†å·¥å…·\n"
+
+#: tools/symcryptrun.c:281
+#, c-format
+msgid "%s on %s aborted with status %i\n"
+msgstr "%s 於 %s 以 %i 狀態中止了\n"
+
+#: tools/symcryptrun.c:288
+#, c-format
+msgid "%s on %s failed with status %i\n"
+msgstr "%s 於 %s 以 %i 狀態失敗了\n"
+
+#: tools/symcryptrun.c:314
+#, c-format
+msgid "can't create temporary directory `%s': %s\n"
+msgstr "無法建立暫存目錄 `%s': %s\n"
+
+#: tools/symcryptrun.c:354 tools/symcryptrun.c:371
+#, c-format
+msgid "could not open %s for writing: %s\n"
+msgstr "無法開啟 %s 來寫入: %s\n"
+
+#: tools/symcryptrun.c:382
+#, c-format
+msgid "error writing to %s: %s\n"
+msgstr "寫入 %s 時出錯: %s\n"
+
+#: tools/symcryptrun.c:389
+#, c-format
+msgid "error reading from %s: %s\n"
+msgstr "è®€å– %s 時出錯: %s\n"
+
+#: tools/symcryptrun.c:396 tools/symcryptrun.c:403
+#, c-format
+msgid "error closing %s: %s\n"
+msgstr "關閉 %s 時出錯: %s\n"
+
+#: tools/symcryptrun.c:488
+msgid "no --program option provided\n"
+msgstr "沒有æä¾› --program é¸é …\n"
+
+#: tools/symcryptrun.c:494
+msgid "only --decrypt and --encrypt are supported\n"
+msgstr "ç¥‡æ”¯æ´ --decrypt å’Œ --encrypt\n"
+
+#: tools/symcryptrun.c:500
+msgid "no --keyfile option provided\n"
+msgstr "沒有æä¾› --keyfile é¸é …\n"
+
+#: tools/symcryptrun.c:511
+msgid "cannot allocate args vector\n"
+msgstr "無法é…置引數å‘é‡\n"
+
+#: tools/symcryptrun.c:529
+#, c-format
+msgid "could not create pipe: %s\n"
+msgstr "無法建立管é“: %s\n"
+
+#: tools/symcryptrun.c:536
+#, c-format
+msgid "could not create pty: %s\n"
+msgstr "無法建立 pty: %s\n"
+
+#: tools/symcryptrun.c:552
+#, c-format
+msgid "could not fork: %s\n"
+msgstr "無法è¡ç”Ÿ: %s\n"
+
+#: tools/symcryptrun.c:580
+#, c-format
+msgid "execv failed: %s\n"
+msgstr "execv 失敗: %s\n"
+
+#: tools/symcryptrun.c:609
+#, c-format
+msgid "select failed: %s\n"
+msgstr "挑é¸å¤±æ•—: %s\n"
+
+#: tools/symcryptrun.c:626
+#, c-format
+msgid "read failed: %s\n"
+msgstr "讀å–失敗: %s\n"
+
+#: tools/symcryptrun.c:678
+#, c-format
+msgid "pty read failed: %s\n"
+msgstr "pty 讀å–失敗: %s\n"
+
+#: tools/symcryptrun.c:730
+#, c-format
+msgid "waitpid failed: %s\n"
+msgstr "waitpid 失敗: %s\n"
+
+#: tools/symcryptrun.c:744
+#, c-format
+msgid "child aborted with status %i\n"
+msgstr "å­ä»£ä»¥ %i 狀態中止了\n"
+
+#: tools/symcryptrun.c:799
+#, c-format
+msgid "cannot allocate infile string: %s\n"
+msgstr "無法é…置檔內字串: %s\n"
+
+#: tools/symcryptrun.c:812
+#, c-format
+msgid "cannot allocate outfile string: %s\n"
+msgstr "無法é…置檔外字串: %s\n"
+
+#: tools/symcryptrun.c:986
+#, c-format
+msgid "either %s or %s must be given\n"
+msgstr "一定è¦çµ¦å®š %s 或 %s 其中之一\n"
+
+#: tools/symcryptrun.c:1013
+msgid "no class provided\n"
+msgstr "沒有æ供類別\n"
+
+#: tools/symcryptrun.c:1022
+#, c-format
+msgid "class %s is not supported\n"
+msgstr "æœªæ”¯æ´ %s 類別\n"
+
+#: tools/gpg-check-pattern.c:145
+msgid "Usage: gpg-check-pattern [options] patternfile (-h for help)\n"
+msgstr "用法: gpg-check-pattern [é¸é …] 樣å¼æª”案 (或用 -h 求助)\n"
+
+#: tools/gpg-check-pattern.c:148
+msgid ""
+"Syntax: gpg-check-pattern [options] patternfile\n"
+"Check a passphrase given on stdin against the patternfile\n"
+msgstr ""
+"語法: gpg-check-pattern [é¸é …] 樣å¼æª”案\n"
+"用樣å¼æª”案來檢查由標準輸入給定的密語\n"
+
+#~ msgid "Command> "
+#~ msgstr "指令> "
+
+#~ msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
+#~ msgstr ""
+#~ "è«‹å‘ <gnupg-bugs@gnu.org> 回報程å¼ç‘•ç–µ, å‘ <Jedi@Jedi.org> 回報翻譯瑕疵.\n"
+
+#~ msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
+#~ msgstr "信任資料庫已æ毀; 請執行 \"gpg --fix-trustdb\".\n"
+
+#~ msgid "Please report bugs to "
+#~ msgstr "翻譯瑕疵請回報給 Jedi@Jedi.org ; 程å¼ç‘•ç–µå‰‡è«‹å›žå ±çµ¦"
+
+#~ msgid "DSA keypair will have %u bits.\n"
+#~ msgstr "DSA 金鑰å°æœƒæœ‰ %u ä½å…ƒé•·.\n"
+
+#~ msgid "this command has not yet been implemented\n"
+#~ msgstr "這個指令尚未實åšå®Œæˆ\n"
+
+#~ msgid "Repeat passphrase\n"
+#~ msgstr "è«‹å†è¼¸å…¥ä¸€æ¬¡å¯†èªž\n"
+
+#~ msgid "||Please enter your PIN at the reader's keypad%%0A[sigs done: %lu]"
+#~ msgstr "||請在讀å¡æ©Ÿéµç›¤ä¸Šè¼¸å…¥ä½ çš„ PIN%%0A[簽署完æˆ: %lu]"
+
+#~ msgid "|A|Admin PIN"
+#~ msgstr "|A|管ç†è€… PIN"
+
+#~ msgid "read options from file"
+#~ msgstr "從檔案中讀å–é¸é …"
+
+#~ msgid "Used libraries:"
+#~ msgstr "已使用的函示庫:"
+
+#~ msgid "generate PGP 2.x compatible messages"
+#~ msgstr "產生 PGP 2.x 相容性訊æ¯"
+
+#~ msgid "|[FILE]|make a signature"
+#~ msgstr "|[檔案]|åšå‡ºç°½ç« "
+
+#~ msgid "|[FILE]|make a clear text signature"
+#~ msgstr "|[檔案]|åšå‡ºæ˜Žæ–‡ç°½ç« "
+
+#~ msgid "|NAME|use NAME as default recipient"
+#~ msgstr "|åå­—|使用「åå­—ã€åšç‚ºé è¨­æ”¶ä»¶è€…"
+
+#~ msgid "use the default key as default recipient"
+#~ msgstr "使用é è¨­çš„金鑰åšç‚ºé è¨­çš„收件者"
+
+#~ msgid "force v3 signatures"
+#~ msgstr "強迫使用第三版簽章"
+
+#~ msgid "always use a MDC for encryption"
+#~ msgstr "總是使用 MDC 來加密"
+
+#~ msgid "add this secret keyring to the list"
+#~ msgstr "將此ç§é‘°é‘°åŒ™åœˆåŠ åˆ°æ¸…單中"
+
+#~ msgid "|NAME|set terminal charset to NAME"
+#~ msgstr "|å稱|將終端機字元集設為「å稱ã€"
+
+#~ msgid "|FILE|load extension module FILE"
+#~ msgstr "|檔案|載入延伸模組「檔案ã€"
+
+#~ msgid "|N|use compress algorithm N"
+#~ msgstr "|N|使用壓縮演算法 N"
+
+#~ msgid "remove key from the public keyring"
+#~ msgstr "從公鑰鑰匙圈裡移除金鑰"
+
+#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
+#~ msgstr "無法以 %u ä½å…ƒé•·çš„ p åŠ %u ä½å…ƒé•·çš„ q 產生質數\n"
+
+#~ msgid "can't generate a prime with less than %d bits\n"
+#~ msgstr "無法產生少於 %d ä½å…ƒçš„質數\n"
+
+#~ msgid "no entropy gathering module detected\n"
+#~ msgstr "åµæ¸¬ä¸åˆ°äº‚數è’集模組\n"
+
+#~ msgid "can't lock `%s': %s\n"
+#~ msgstr "無法鎖定 `%s': %s\n"
+
+#~ msgid "can't stat `%s': %s\n"
+#~ msgstr "無法å–得檔案 `%s' 的資訊: %s\n"
+
+#~ msgid "`%s' is not a regular file - ignored\n"
+#~ msgstr "`%s' ä¸æ˜¯ä¸€å€‹æ¨™æº–的檔案 - 已略éŽ\n"
+
+#~ msgid "note: random_seed file is empty\n"
+#~ msgstr "請注æ„: random_seed 檔案是空的\n"
+
+#~ msgid "WARNING: invalid size of random_seed file - not used\n"
+#~ msgstr "警告: random_seed 檔案大å°ç„¡æ•ˆ - ä¸äºˆæŽ¡ç”¨\n"
+
+#~ msgid "can't read `%s': %s\n"
+#~ msgstr "ç„¡æ³•è®€å– `%s': %s\n"
+
+#~ msgid "note: random_seed file not updated\n"
+#~ msgstr "請注æ„: random_seed 檔案未更新\n"
+
+#~ msgid "can't write `%s': %s\n"
+#~ msgstr "無法寫入 `%s': %s\n"
+
+#~ msgid "can't close `%s': %s\n"
+#~ msgstr "無法關閉 `%s': %s\n"
+
+#~ msgid "WARNING: using insecure random number generator!!\n"
+#~ msgstr "警告: 正在使用ä¸å®‰å…¨çš„隨機數字產生器!!\n"
+
+#~ msgid ""
+#~ "The random number generator is only a kludge to let\n"
+#~ "it run - it is in no way a strong RNG!\n"
+#~ "\n"
+#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
+#~ "\n"
+#~ msgstr ""
+#~ "這個隨機數字產生器根本就是七拼八湊出來的鳥æ±è¥¿ -\n"
+#~ "它根本就ä¸æ˜¯å¼·è€Œæœ‰åŠ›çš„亂數產生器!\n"
+#~ "\n"
+#~ "*** 絕å°ä¸è¦æŠŠé€™å€‹ç¨‹å¼ç”¢ç”Ÿçš„任何資料拿來用!! ***\n"
+#~ "\n"
+
+#~ msgid ""
+#~ "Please wait, entropy is being gathered. Do some work if it would\n"
+#~ "keep you from getting bored, because it will improve the quality\n"
+#~ "of the entropy.\n"
+#~ msgstr ""
+#~ "è«‹ç¨å¾…片刻, 系統此時正在è’集亂數. 如果你會覺得無èŠçš„話,\n"
+#~ "ä¸å¦¨åšäº›åˆ¥çš„事, 這樣å­ç”šè‡³èƒ½å¤ è®“亂數的å“質更好.\n"
+
+#~ msgid ""
+#~ "\n"
+#~ "Not enough random bytes available. Please do some other work to give\n"
+#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
+#~ msgstr ""
+#~ "\n"
+#~ "隨機ä½å…ƒçµ„ä¸å¤ å¤š. 請多åšä¸€äº›æœ‰çš„沒的事情, \n"
+#~ "這樣作業系統纔能è’集到更多的亂數! (é‚„éœ€è¦ %d ä½å…ƒçµ„)\n"
+
+#~ msgid "card reader not available\n"
+#~ msgstr "沒有讀å¡æ©Ÿå¯ç”¨\n"
+
+#~ msgid "Please insert the card and hit return or enter 'c' to cancel: "
+#~ msgstr "è«‹æ’å…¥å¡ç‰‡ä¸¦æŒ‰ä¸‹ [Enter], 或者輸入 'c' å–消: "
+
+#~ msgid "Hit return when ready or enter 'c' to cancel: "
+#~ msgstr "準備好時請按下 [Enter], 或者輸入 'c' å–消: "
+
+#~ msgid "Enter New Admin PIN: "
+#~ msgstr "請輸入新的管ç†è€… PIN: "
+
+#~ msgid "Enter New PIN: "
+#~ msgstr "請輸入新的 PIN: "
+
+#~ msgid "Enter Admin PIN: "
+#~ msgstr "請輸入管ç†è€… PIN: "
+
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr "編密法延伸模組 `%s' 因為權é™ä¸å®‰å…¨è€Œæœªè¼‰å…¥\n"
+
+#~ msgid "NOTE: %s is not available in this version\n"
+#~ msgstr "請注æ„: %s 在本版中無法使用\n"
+
+#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
+#~ msgstr "-k[v][v][v][c] [使用者ID] [鑰匙圈]"
+
+#~ msgid ""
+#~ "It's up to you to assign a value here; this value will never be exported\n"
+#~ "to any 3rd party. We need it to implement the web-of-trust; it has "
+#~ "nothing\n"
+#~ "to do with the (implicitly created) web-of-certificates."
+#~ msgstr ""
+#~ "在這裡指派的數值完全是看你自己決定; 這些數值永é ä¸æœƒåŒ¯å‡ºçµ¦å…¶ä»–人.\n"
+#~ "我們需è¦å®ƒä¾†å¯¦æ–½ä¿¡ä»»ç¶²çµ¡; 這跟 (自動建立起的) 憑證網絡一點關係也沒有."
+
+#~ msgid ""
+#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
+#~ "ultimately trusted - those are usually the keys for which you have\n"
+#~ "access to the secret key. Answer \"yes\" to set this key to\n"
+#~ "ultimately trusted\n"
+#~ msgstr ""
+#~ "è¦å»ºç«‹èµ·ä¿¡ä»»ç¶²çµ¡, GnuPG 需è¦çŸ¥é“哪些金鑰是被徹底信任的 -\n"
+#~ "那些金鑰通常就是你有辦法存å–到ç§é‘°çš„. 回答 \"yes\" 來將這些\n"
+#~ "金鑰設æˆå¾¹åº•ä¿¡ä»»\n"
+
+#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
+#~ msgstr "如果你無論如何都想è¦ç”¨é€™æŠŠæœªè¢«ä¿¡ä»»çš„金鑰, 請回答 \"yes\"."
+
+#~ msgid ""
+#~ "Enter the user ID of the addressee to whom you want to send the message."
+#~ msgstr "輸入你è¦éžé€çš„訊æ¯æŽ¥æ”¶è€…的使用者 ID."
+
+#~ msgid ""
+#~ "Select the algorithm to use.\n"
+#~ "\n"
+#~ "DSA (aka DSS) is the Digital Signature Algorithm and can only be used\n"
+#~ "for signatures.\n"
+#~ "\n"
+#~ "Elgamal is an encrypt-only algorithm.\n"
+#~ "\n"
+#~ "RSA may be used for signatures or encryption.\n"
+#~ "\n"
+#~ "The first (primary) key must always be a key which is capable of signing."
+#~ msgstr ""
+#~ "è«‹é¸æ“‡è¦ä½¿ç”¨çš„演算法.\n"
+#~ "\n"
+#~ "DSA (äº¦å³ DSS) 是數ä½ç°½ç« æ¼”算法 (Digital Signature Algorithm),\n"
+#~ "祇能用於簽署.\n"
+#~ "\n"
+#~ "Elgamal 是祇能用於加密的演算法.\n"
+#~ "\n"
+#~ "RSA å¯ä»¥è¢«ç”¨ä¾†ç°½ç½²åŠåŠ å¯†.\n"
+#~ "\n"
+#~ "第一把 (主è¦çš„) 金鑰一定è¦å«æœ‰èƒ½ç”¨æ–¼ç°½ç½²çš„金鑰."
+
+#~ msgid ""
+#~ "In general it is not a good idea to use the same key for signing and\n"
+#~ "encryption. This algorithm should only be used in certain domains.\n"
+#~ "Please consult your security expert first."
+#~ msgstr ""
+#~ "通常來說用åŒä¸€æŠŠé‡‘鑰簽署åŠåŠ å¯†ä¸¦ä¸æ˜¯å€‹å¥½ä¸»æ„.\n"
+#~ "這個演算法應該祇被用於特定的情æ³ä¸‹.\n"
+#~ "è«‹å…ˆè¯çµ¡ä½ çš„安全專家."
+
+#~ msgid "Enter the size of the key"
+#~ msgstr "請輸入金鑰尺寸"
+
+#~ msgid "Answer \"yes\" or \"no\""
+#~ msgstr "請回答 \"yes\" 或 \"no\""
+
+#~ msgid ""
+#~ "Enter the required value as shown in the prompt.\n"
+#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
+#~ "get a good error response - instead the system tries to interpret\n"
+#~ "the given value as an interval."
+#~ msgstr ""
+#~ "請輸入æ示裡所è¦æ±‚的數值.\n"
+#~ "ä½ å¯ä»¥è¼¸å…¥ ISO æ—¥æœŸæ ¼å¼ (YYYY-MM-DD), 但是ä¸æœƒå¾—到良好的錯誤回應 -\n"
+#~ "å之, 系統會試著把給定的數值中斷æˆè‹¥å¹²ç‰‡æ®µ."
+
+#~ msgid "Enter the name of the key holder"
+#~ msgstr "請輸入金鑰æŒæœ‰äººçš„åå­—"
+
+#~ msgid "please enter an optional but highly suggested email address"
+#~ msgstr "請輸入é¸ç”¨ (但強烈建議使用) çš„é›»å­éƒµä»¶ä½å€"
+
+#~ msgid "Please enter an optional comment"
+#~ msgstr "請輸入é¸ç”¨çš„註釋"
+
+#~ msgid ""
+#~ "N to change the name.\n"
+#~ "C to change the comment.\n"
+#~ "E to change the email address.\n"
+#~ "O to continue with key generation.\n"
+#~ "Q to to quit the key generation."
+#~ msgstr ""
+#~ "N 修改姓å.\n"
+#~ "C 修改註釋.\n"
+#~ "E 修改電å­éƒµä»¶ä½å€.\n"
+#~ "O 繼續產生金鑰.\n"
+#~ "Q 中止產生金鑰."
+
+#~ msgid ""
+#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
+#~ msgstr "如果你覺得å¯ä»¥ç”¢ç”Ÿå­é‘°çš„話, 就回答 \"yes\" (或者祇 \"y\" 就好)."
+
+#~ msgid ""
+#~ "When you sign a user ID on a key, you should first verify that the key\n"
+#~ "belongs to the person named in the user ID. It is useful for others to\n"
+#~ "know how carefully you verified this.\n"
+#~ "\n"
+#~ "\"0\" means you make no particular claim as to how carefully you verified "
+#~ "the\n"
+#~ " key.\n"
+#~ "\n"
+#~ "\"1\" means you believe the key is owned by the person who claims to own "
+#~ "it\n"
+#~ " but you could not, or did not verify the key at all. This is useful "
+#~ "for\n"
+#~ " a \"persona\" verification, where you sign the key of a pseudonymous "
+#~ "user.\n"
+#~ "\n"
+#~ "\"2\" means you did casual verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint and checked the user ID on "
+#~ "the\n"
+#~ " key against a photo ID.\n"
+#~ "\n"
+#~ "\"3\" means you did extensive verification of the key. For example, this "
+#~ "could\n"
+#~ " mean that you verified the key fingerprint with the owner of the key "
+#~ "in\n"
+#~ " person, and that you checked, by means of a hard to forge document "
+#~ "with a\n"
+#~ " photo ID (such as a passport) that the name of the key owner matches "
+#~ "the\n"
+#~ " name in the user ID on the key, and finally that you verified (by "
+#~ "exchange\n"
+#~ " of email) that the email address on the key belongs to the key "
+#~ "owner.\n"
+#~ "\n"
+#~ "Note that the examples given above for levels 2 and 3 are *only* "
+#~ "examples.\n"
+#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
+#~ "\"\n"
+#~ "mean to you when you sign other keys.\n"
+#~ "\n"
+#~ "If you don't know what the right answer is, answer \"0\"."
+#~ msgstr ""
+#~ "當你è¦åœ¨é‡‘鑰上簽署使用者 ID 時, 你首先必須先驗證那把金鑰\n"
+#~ "確實屬於那個使用者 ID 上å«é‚£å€‹å字的人. 這å°é‚£äº›çŸ¥é“你多\n"
+#~ "å°å¿ƒé©—證的人來說很有用.\n"
+#~ "\n"
+#~ "\"0\" 表示你ä¸èƒ½æ出任何特別的主張來表明\n"
+#~ " 你多仔細驗證那把金鑰\n"
+#~ "\n"
+#~ "\"1\" 表示你相信這把金鑰屬於那個主張是主人的人,\n"
+#~ " 但是你ä¸èƒ½æˆ–沒有驗證那把金鑰.\n"
+#~ " 這å°é‚£äº›ç¥‡æƒ³è¦ \"個人的\" 驗證的人來說很有用,\n"
+#~ " 因為你簽署了一把擬似匿å使用者的金鑰.\n"
+#~ "\n"
+#~ "\"2\" 表示你真的仔細驗證了那把金鑰.\n"
+#~ " 例如說, 這能表示你驗證了這把金鑰的指紋和\n"
+#~ " 使用者 ID, 並比å°äº†ç…§ç‰‡ ID.\n"
+#~ "\n"
+#~ "\"3\" 表示你真的åšäº†å¤§è¦æ¨¡çš„驗證金鑰工作.\n"
+#~ " 例如說, 這能表示你å‘金鑰æŒæœ‰äººé©—證了金鑰指紋,\n"
+#~ " 而且你é€éŽé™„帶照片而難以å½é€ çš„文件 (åƒæ˜¯è­·ç…§)\n"
+#~ " 確èªäº†é‡‘é‘°æŒæœ‰äººçš„姓å與金鑰上使用者 ID 的一致,\n"
+#~ " 最後你還 (é€éŽé›»å­éƒµä»¶å¾€ä¾†) 驗證了金鑰上的\n"
+#~ " é›»å­éƒµä»¶ä½å€ç¢ºå¯¦å±¬æ–¼é‡‘é‘°æŒæœ‰äºº.\n"
+#~ "\n"
+#~ "請注æ„上述關於等級 2 å’Œ 3 çš„ä¾‹å­ \"祇是\" 例å­è€Œå·².\n"
+#~ "最後, 還是得由你自己決定當你簽署其他金鑰時,\n"
+#~ "甚麼是 \"漫ä¸ç¶“心\", 而甚麼是 \"超級謹慎\".\n"
+#~ "\n"
+#~ "如果你ä¸çŸ¥é“應該é¸ç”šéº¼ç­”案的話, å°±é¸ \"0\"."
+
+#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
+#~ msgstr "如果你想è¦ç°½ç½² *所有* 使用者 ID 的話就回答 \"yes\""
+
+#~ msgid ""
+#~ "Answer \"yes\" if you really want to delete this user ID.\n"
+#~ "All certificates are then also lost!"
+#~ msgstr ""
+#~ "如果你真的想è¦åˆªé™¤é€™å€‹ä½¿ç”¨è€… ID 的話就回答 \"yes\".\n"
+#~ "所有的憑證在那之後也都會失去!"
+
+#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
+#~ msgstr "如果å¯ä»¥åˆªé™¤é€™æŠŠå­é‘°çš„話就回答 \"yes\""
+
+#~ msgid ""
+#~ "This is a valid signature on the key; you normally don't want\n"
+#~ "to delete this signature because it may be important to establish a\n"
+#~ "trust connection to the key or another key certified by this key."
+#~ msgstr ""
+#~ "這是一份在這把金鑰上的有效簽章; 通常你ä¸æœƒæƒ³è¦åˆªé™¤é€™ä»½ç°½ç« ,\n"
+#~ "因為è¦è·Ÿé€™æŠŠé‡‘鑰或其他由這把金鑰所驗證的金鑰建立起信任連çµ\n"
+#~ "時, 會相當é‡è¦."
+
+#~ msgid ""
+#~ "This signature can't be checked because you don't have the\n"
+#~ "corresponding key. You should postpone its deletion until you\n"
+#~ "know which key was used because this signing key might establish\n"
+#~ "a trust connection through another already certified key."
+#~ msgstr ""
+#~ "這份簽章無法被檢驗, 因為你沒有符åˆçš„金鑰. 你應該延緩刪除它,\n"
+#~ "直到你知é“哪一把金鑰被使用了; 因為這把來簽署的金鑰å¯èƒ½é€éŽ\n"
+#~ "其他已經驗證的金鑰建立了一個信任連çµ."
+
+#~ msgid ""
+#~ "The signature is not valid. It does make sense to remove it from\n"
+#~ "your keyring."
+#~ msgstr "這份簽章無效. 從你的鑰匙圈中將它移除相當åˆç†."
+
+#~ msgid ""
+#~ "This is a signature which binds the user ID to the key. It is\n"
+#~ "usually not a good idea to remove such a signature. Actually\n"
+#~ "GnuPG might not be able to use this key anymore. So do this\n"
+#~ "only if this self-signature is for some reason not valid and\n"
+#~ "a second one is available."
+#~ msgstr ""
+#~ "這是一份和這個金鑰使用者 ID 相繫的簽章. 通常\n"
+#~ "把這樣的簽章移除ä¸æœƒæ˜¯å€‹å¥½é»žå­. 事實上 GnuPG\n"
+#~ "å¯èƒ½å¾žæ­¤å°±ä¸èƒ½å†ä½¿ç”¨é€™æŠŠé‡‘鑰了. 所以祇有在這\n"
+#~ "把金鑰的第一個自我簽章因æŸäº›åŽŸå› ç„¡æ•ˆ, 而第二\n"
+#~ "個還å¯ç”¨çš„情æ³ä¸‹çº”這麼åš."
+
+#~ msgid ""
+#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
+#~ "to the current list of preferences. The timestamp of all affected\n"
+#~ "self-signatures will be advanced by one second.\n"
+#~ msgstr ""
+#~ "變更所有 (或祇有被é¸å–的那幾個) 使用者 ID çš„å好æˆç¾ç”¨çš„å好清單.\n"
+#~ "所有å—到影響的自我簽章的時間戳記都會增加一秒é˜.\n"
+
+#~ msgid ""
+#~ "Please repeat the last passphrase, so you are sure what you typed in."
+#~ msgstr "è«‹å†æ¬¡è¼¸å…¥æœ€å¾Œçš„密語, 以確定你到底éµå…¥äº†äº›ç”šéº¼."
+
+#~ msgid "Give the name of the file to which the signature applies"
+#~ msgstr "請給定簽章所è¦å¥—用的檔案å稱"
+
+#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
+#~ msgstr "如果å¯ä»¥è¦†å¯«é€™å€‹æª”案的話就回答 \"yes\""
+
+#~ msgid ""
+#~ "Please enter a new filename. If you just hit RETURN the default\n"
+#~ "file (which is shown in brackets) will be used."
+#~ msgstr ""
+#~ "請輸入一個新的檔å. 如果你直接按下 Enter, 那麼就\n"
+#~ "會使用é è¨­çš„檔案 (顯示在括號中)."
+
+#~ msgid ""
+#~ "You should specify a reason for the certification. Depending on the\n"
+#~ "context you have the ability to choose from this list:\n"
+#~ " \"Key has been compromised\"\n"
+#~ " Use this if you have a reason to believe that unauthorized persons\n"
+#~ " got access to your secret key.\n"
+#~ " \"Key is superseded\"\n"
+#~ " Use this if you have replaced this key with a newer one.\n"
+#~ " \"Key is no longer used\"\n"
+#~ " Use this if you have retired this key.\n"
+#~ " \"User ID is no longer valid\"\n"
+#~ " Use this to state that the user ID should not longer be used;\n"
+#~ " this is normally used to mark an email address invalid.\n"
+#~ msgstr ""
+#~ "你應該為這份憑證指定一個原因.\n"
+#~ "根據情境的ä¸åŒ, 你應該å¯ä»¥å¾žé€™å€‹æ¸…單中é¸å‡ºä¸€é …:\n"
+#~ " \"金鑰已經被洩æ¼äº†\"\n"
+#~ " 如果你相信有æŸå€‹æœªç¶“許å¯çš„傢伙å–得了你的ç§é‘°,\n"
+#~ " å°±é¸é€™å€‹.\n"
+#~ " \"金鑰被代æ›äº†\"\n"
+#~ " 如果你把金鑰æ›æˆæ–°çš„了, å°±é¸é€™å€‹.\n"
+#~ " \"金鑰ä¸å†è¢«ä½¿ç”¨äº†\"\n"
+#~ " 如果你已經撤回了這把金鑰, å°±é¸é€™å€‹.\n"
+#~ " \"使用者 ID ä¸å†æœ‰æ•ˆäº†\"\n"
+#~ " 如果這個使用者 ID ä¸å†è¢«ä½¿ç”¨äº†, å°±é¸é€™å€‹;\n"
+#~ " 這通常用來表示æŸå€‹é›»å­éƒµä»¶ä½å€ä¸å†æœ‰æ•ˆäº†.\n"
+
+#~ msgid ""
+#~ "If you like, you can enter a text describing why you issue this\n"
+#~ "revocation certificate. Please keep this text concise.\n"
+#~ "An empty line ends the text.\n"
+#~ msgstr ""
+#~ "你也å¯ä»¥è¼¸å…¥ä¸€ä¸²æ–‡å­—來æ述為甚麼發佈這份撤銷憑證的ç†ç”±.\n"
+#~ "請讓這段文字ä¿æŒç°¡æ˜Žæ‰¼è¦.\n"
+#~ "用空白列來çµæŸé€™æ®µæ–‡å­—.\n"
+
+#~ msgid " algorithms on these user IDs:\n"
+#~ msgstr " 無法使用:\n"
+
+#~ msgid "can't query passphrase in batch mode\n"
+#~ msgstr "無法在批次模å¼ä¸­æŸ¥è©¢å¯†èªž\n"
+
+#~ msgid "Enter passphrase: "
+#~ msgstr "請輸入密語: "
+
+#~ msgid "Repeat passphrase: "
+#~ msgstr "è«‹å†è¼¸å…¥ä¸€æ¬¡å¯†èªž: "
+
+#~ msgid "no photo viewer set\n"
+#~ msgstr "沒有設定照片檢視程å¼\n"
+
+#~ msgid "general error"
+#~ msgstr "一般性錯誤"
+
+#~ msgid "unknown packet type"
+#~ msgstr "未知的å°åŒ…åž‹æ…‹"
+
+#~ msgid "unknown pubkey algorithm"
+#~ msgstr "未知的公鑰演算法"
+
+#~ msgid "unknown digest algorithm"
+#~ msgstr "未知的摘è¦æ¼”算法"
+
+#~ msgid "bad public key"
+#~ msgstr "æ壞的公鑰"
+
+#~ msgid "bad secret key"
+#~ msgstr "æ壞的ç§é‘°"
+
+#~ msgid "bad signature"
+#~ msgstr "æ壞的簽章"
+
+#~ msgid "checksum error"
+#~ msgstr "加總檢查錯誤"
+
+#~ msgid "can't open the keyring"
+#~ msgstr "沒辦法開啟鑰匙圈"
+
+#~ msgid "invalid packet"
+#~ msgstr "無效的å°åŒ…"
+
+#~ msgid "invalid armor"
+#~ msgstr "無效的å°è£"
+
+#~ msgid "no such user id"
+#~ msgstr "沒有這個使用者 ID"
+
+#~ msgid "wrong secret key used"
+#~ msgstr "用了錯誤的ç§é‘°"
+
+#~ msgid "not supported"
+#~ msgstr "未支æ´"
+
+#~ msgid "bad key"
+#~ msgstr "æ壞的金鑰"
+
+#~ msgid "file write error"
+#~ msgstr "檔案寫入錯誤"
+
+#~ msgid "file open error"
+#~ msgstr "檔案開啟錯誤"
+
+#~ msgid "file create error"
+#~ msgstr "檔案建立錯誤"
+
+#~ msgid "invalid passphrase"
+#~ msgstr "無效的密語"
+
+#~ msgid "unimplemented pubkey algorithm"
+#~ msgstr "尚未實åšçš„公鑰演算法"
+
+#~ msgid "unimplemented cipher algorithm"
+#~ msgstr "尚未實åšçš„編密演算法"
+
+#~ msgid "unknown signature class"
+#~ msgstr "未知的簽章層級"
+
+#~ msgid "trust database error"
+#~ msgstr "信任資料庫錯誤"
+
+#~ msgid "resource limit"
+#~ msgstr "資æºé™åˆ¶"
+
+#~ msgid "invalid keyring"
+#~ msgstr "無效的鑰匙圈"
+
+#~ msgid "malformed user id"
+#~ msgstr "變造éŽçš„使用者 ID"
+
+#~ msgid "file close error"
+#~ msgstr "檔案關閉錯誤"
+
+#~ msgid "file rename error"
+#~ msgstr "檔案更å錯誤"
+
+#~ msgid "file delete error"
+#~ msgstr "檔案刪除錯誤"
+
+#~ msgid "unexpected data"
+#~ msgstr "未é æœŸçš„資料"
+
+#~ msgid "timestamp conflict"
+#~ msgstr "時間戳å°æœ‰çŸ›ç›¾"
+
+#~ msgid "unusable pubkey algorithm"
+#~ msgstr "無法使用的公鑰演算法"
+
+#~ msgid "file exists"
+#~ msgstr "檔案已存在"
+
+#~ msgid "weak key"
+#~ msgstr "金鑰薄弱"
+
+#~ msgid "bad URI"
+#~ msgstr "æ壞的 URI"
+
+#~ msgid "unsupported URI"
+#~ msgstr "未支æ´çš„ URI"
+
+#~ msgid "network error"
+#~ msgstr "網路錯誤"
+
+#~ msgid "not processed"
+#~ msgstr "未處ç†"
+
+#~ msgid "unusable public key"
+#~ msgstr "ä¸å¯ç”¨çš„公鑰"
+
+#~ msgid "unusable secret key"
+#~ msgstr "ä¸å¯ç”¨çš„ç§é‘°"
+
+#~ msgid "keyserver error"
+#~ msgstr "金鑰伺æœå™¨éŒ¯èª¤"
+
+#~ msgid "no card"
+#~ msgstr "沒有å¡ç‰‡"
+
+#~ msgid "no data"
+#~ msgstr "沒有資料"
+
+#~ msgid "ERROR: "
+#~ msgstr "錯誤: "
+
+#~ msgid "WARNING: "
+#~ msgstr "警告: "
+
+#~ msgid "... this is a bug (%s:%d:%s)\n"
+#~ msgstr "... 這是個瑕疵 (%s:%d:%s)\n"
+
+#~ msgid "WARNING: using insecure memory!\n"
+#~ msgstr "警告: 正在使用ä¸å®‰å…¨çš„記憶體!\n"
+
+#~ msgid "please see http://www.gnupg.org/faq.html for more information\n"
+#~ msgstr "è«‹åƒè€ƒ http://www.gnupg.org/faq.html 上進一步的資訊\n"
+
+#~ msgid "operation is not possible without initialized secure memory\n"
+#~ msgstr "尚未啟用安全的記憶體時, ä¸å¯èƒ½é€²è¡Œæ“作\n"
+
+#~ msgid "(you may have used the wrong program for this task)\n"
+#~ msgstr "(也許你é¸éŒ¯ç¨‹å¼ä¾†åšé€™ä»¶äº‹äº†)\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "無法在 v3 (PGP 2.x 型態) 的簽章內放入標記資料\n"
+
+#~ msgid "can't put notation data into v3 (PGP 2.x style) key signatures\n"
+#~ msgstr "無法在 v3 (PGP 2.x 型態) 的金鑰簽章內放入標記資料\n"
+
+#~ msgid "can't put a policy URL into v3 (PGP 2.x style) signatures\n"
+#~ msgstr "無法在 v3 (PGP 2.x 型態) 的簽章內放入原則 URL\n"
+
+#~ msgid "can't put a policy URL into v3 key (PGP 2.x style) signatures\n"
+#~ msgstr "無法在 v3 (PGP 2.x 型態) 的金鑰簽章內放入原則 URL\n"
+
+#~ msgid ""
+#~ "please see http://www.gnupg.org/why-not-idea.html for more information\n"
+#~ msgstr "è«‹åƒè€ƒ http://www.gnupg.org/why-not-idea.html å–得更多資訊\n"
+
+#~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
+#~ msgstr "DSA è¦æ±‚使用 160 ä½å…ƒçš„雜湊演算法\n"
diff --git a/scd/ChangeLog-2011 b/scd/ChangeLog-2011
new file mode 100644
index 0000000..d686058
--- /dev/null
+++ b/scd/ChangeLog-2011
@@ -0,0 +1,2427 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2011-08-04 Werner Koch <wk@g10code.com>
+
+ * pcsc-wrapper.c (handle_open): Remove unused var LISTLEN.
+
+ * scdaemon.c (main): Remove var MAY_COREDUMP.
+
+2011-01-25 NIIBE Yutaka <gniibe@fsij.org>,
+ Grant Olson <kgo@grant-olson.net> (wk)
+
+ * command.c (do_reset, get_reader_slot)
+ (update_reader_status_file): Fix handling of the VALID flag for
+ unplugged readers.
+
+2010-03-17 Werner Koch <wk@g10code.com>
+
+ * command.c (open_card): Return GPG_ERR_NOT_OPERATIONAL if no
+ card services are available.
+ (get_reader_slot): Detect no services status.
+ (cmd_serialno): No reset if there are no services.
+ (scd_command_handler): Stop scdaemon in that case.
+ * apdu.c (pcsc_no_service): New.
+ (open_pcsc_reader_direct): Set it.
+ (apdu_open_reader): Add arg R_NO_SERVICE.
+
+2010-02-11 Marcus Brinkmann <marcus@g10code.de>
+
+ From trunk 2009-09-23, 2009-10-16, 2009-11-02, 2009-11-04, 2009-11-05,
+ 2009-11-25:
+
+ * Makefile.am (AM_CFLAGS, scdaemon_LDADD): Use libassuan instead
+ of libassuan-pth.
+ * scdaemon.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
+ (main): Update to new Assuan API. Call assuan_set_system_hooks
+ and assuan_sock_init.
+ * command.c: Include "scdaemon.h" before <assuan.h> because of
+ GPG_ERR_SOURCE_DEFAULT check.
+ (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
+ (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
+ (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
+ (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
+ (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
+ (cmd_killscd): Return gpg_error_t instead of int.
+ (scd_command_handler): Allocate assuan context before starting server.
+ Call assuan_init_socket_server, not assuan_init_socket_server_ext.
+ Use assuan_fd_t and assuan_fdopen on fds.
+ (reset_notify): Take LINE arg and return error.
+ (register_commands): Use assuan_handler_t type.
+ Add NULL arg to assuan_register_command. Add help arg to
+ assuan_register_command. Add help strings to all commands.
+
+2009-12-03 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (set_debug): Allow for numerical debug levels. Print
+ active debug flags.
+
+2009-09-03 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_decipher): Compute required Le.
+ * iso7816.c (iso7816_decipher): Add new arg LE.
+ * app-nks.c (do_decipher): Adjust for change.
+
+ * iso7816.c (iso7816_put_data, iso7816_put_data_odd): Turn DATA
+ into a void ptr.
+
+2009-08-05 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (change_keyattr_from_string): New.
+ (do_setattr): Support KEY-ATTR.
+
+2009-07-29 Marcus Brinkmann <marcus@g10code.com>
+
+ * ccid-driver.c (print_pr_data): Fix 64 bit compat problem.
+
+2009-07-24 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (parse_ccid_descriptor): Enable hack for SCR 3320.
+
+2009-07-21 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c [HAVE_PTH]: Include pth.h.
+ (my_sleep): New.
+ (bulk_in): s/gnupg_sleep/my_sleep/.
+
+2009-07-20 Werner Koch <wk@g10code.com>
+
+ * apdu.c [GNUPG_MAJOR_VERSION==1]: Include dynload.h.
+
+2009-07-16 Werner Koch <wk@g10code.com>
+
+ * command.c (update_reader_status_file): Test for unplugged reader.
+ (TEST_CARD_REMOVAL): Ditto.
+ * app.c (select_application): Ditto.
+ * ccid-driver.c (bulk_out): Return CCID_DRIVER_ERR_NO_READER if a
+ reader was unplugged.
+ (struct ccid_driver_s): Turn nonnull_nad into an unsigned char.
+ Turn apdu_level, auto_ifsd, powered_off, has_pinpad into
+ bitfields. Add enodev_seen.
+ * apdu.c (apdu_prepare_exit): New.
+ (get_status_ccid): Return the status word and nut just -1.
+ * scdaemon.c (scd_exit): Call it.
+
+2009-07-13 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (struct ccid_driver_s): Add fields last_progress,
+ progress_cb and progress_cb_arg.
+ (ccid_set_progress_cb): New.
+ (print_progress): New.
+ (ccid_transceive): Call print_progress for wait time extensions.
+ * apdu.c (struct reader_table_s): Add field set_progress_cb.
+ (new_reader_slot): Clear that field.
+ (open_ccid_reader): Set it to ..
+ (set_progress_cb_ccid_reader): ... new fucntion.
+ * app.c (print_progress_line): New.
+ (lock_reader): Add arg CTRL to set a progress callback and
+ change all callers to provide it.
+ (unlock_reader): Remove the progress callback.
+
+2009-07-10 Werner Koch <wk@g10code.com>
+
+ * iso7816.c (iso7816_compute_ds): Add args EXTENDED_MODE and LE.
+ Change all callers to use 0.
+ (iso7816_internal_authenticate): Add args EXTENDED_MODE and LE.
+ * app-openpgp.c (do_sign): Take exmode and Le from card
+ capabilities and pass them to iso7816_compute_ds.
+ (do_auth): Ditto for iso7816_internal_authenticate.
+ (change_keyattr): Reset CHV verification status.
+
+2009-07-09 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (change_keyattr): New.
+ (do_writekey): Call it.
+
+ * app-openpgp.c (does_key_exist): Add arg GENERATING. Change
+ callers.
+
+2009-06-30 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (ccid_transceive): Set RESYNCING flag.
+
+2009-06-29 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (ccid_transceive): Add a hack to support extended
+ length for Omnikey readers.
+ (is_exlen_apdu): New.
+ (parse_ccid_descriptor): Track short+extended apdu exchange level.
+
+2009-06-18 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (verify_chv2): Remove special case for v2 cards.
+ (get_public_key): Use extended mode.
+
+2009-06-17 Werner Koch <wk@g10code.com>
+
+ * iso7816.c (iso7816_get_data): Add arg EXTENDED_MODE. Change all
+ callers.
+ * app-openpgp.c (data_objects): Use bit flags. Add flag
+ TRY_EXTLENGTH.
+ (get_cached_data): Add arg TRY_EXTLEN and use it for iso7816_get_data.
+ (get_one_do): Use extended length APDU if necessary.
+
+2009-06-10 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (store_fpr): Change first arg to app_t; adjust
+ callers. Flush the cache.
+
+2009-06-09 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_readcert): Return NOT_FOUND if the retrieved
+ data has a length of zero.
+ (do_getattr): Add EXTCAP subkey "sm".
+
+2009-05-20 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (verify_chv2): Add case for v2 cards.
+ (verify_chv3): Factor some code out to ..
+ (build_enter_admin_pin_prompt): .. new.
+ (do_change_pin): Properly handle v2 cards.
+
+2009-05-19 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (create_server_socket): Use SUN_LEN.
+ (JNLIB_NEED_AFLOCAL): Define.
+
+2009-05-13 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (abort_cmd): Add arg SEQNO and change callers.
+ (bulk_in): Retry on seqno mismatch.
+
+ * apdu.c (send_le): Release result_buffer.
+ (apdu_send_direct): Implemend extended length.
+ * command.c (cmd_apdu): Add option "--exlen".
+
+2009-05-11 Werner Koch <wk@g10code.com>
+
+ * apdu.c (send_le): Replace log_error by log_info.
+
+2009-05-08 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_genkey): Allow larger key sizes.
+ (do_decipher): Ditto.
+ * iso7816.c (do_generate_keypair): Add arg EXTENDED_MODE an LE.
+ (iso7816_generate_keypair, iso7816_read_public_key): Ditto.
+ Changed all callers.
+ * apdu.c (send_le): Implement extended length return values.
+
+ * ccid-driver.c (bulk_in): Retry on EAGAIN.
+ (abort_cmd): Change seqno handling.
+
+2009-04-28 Werner Koch <wk@g10code.com>
+
+ * app-help.c (app_help_count_bits): New.
+
+ * app-nks.c (switch_application): Detect mass signature cards.
+ Take care of new NEED_APP_SELECT flag.
+ (do_sign): Don't allow mass signature cards.
+ (all_zero_p): New.
+ (do_readkey): New.
+ (app_select_nks): Register do_readkey.
+
+2009-04-01 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_setattr, do_writekey): Prepare for extended
+ length cards.
+
+2009-03-31 Werner Koch <wk@g10code.com>
+
+ * command.c (percent_plus_unescape): Remove.
+ (cmd_setattr): Use percent_plus_unescape_inplace.
+
+2009-03-30 Werner Koch <wk@g10code.com>
+
+ * app-nks.c (do_decipher): Make it work for TCOS 3.
+ * iso7816.c (iso7816_decipher): Add arg EXTENDED_MODE.
+ * apdu.c (apdu_send): Add arg EXTENDED_MODE and change all callers.
+ (apdu_send_le): Ditto.
+ (apdu_send_direct): Ditto, but not yet functional.
+ (send_le): Fix command chaining. Implement extended length option.
+ * ccid-driver.c (ccid_transceive): Remove restriction on apdu length.
+ (struct ccid_driver_s): Add field IFSC.
+ (ccid_get_atr): Set IFSC.
+ (ccid_transceive): Use negotiated IFSC and support S(IFS) command.
+
+2009-03-26 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_pksign): Allow more hash algorithms.
+
+ * scdaemon.h (MAX_DIGEST_LEN): Change to 64.
+
+ * apdu.c (open_ccid_reader): Clear the is_to flag.
+
+ * app-nks.c (filelist): Add field KID.
+ (do_getattr): Change standard authentication key.
+ (do_sign): Setup a security environment for TCOS 3 cards and support
+ all SHA-2 algorithms.
+
+2009-03-24 Werner Koch <wk@g10code.com>
+
+ * command.c (struct server_local_s): Add flag
+ APP_CTX_MARKED_FOR_RELEASE.
+ (do_reset): Set the flag.
+ (open_card): Act on this flag.
+ * app-common.h (struct app_ctx_s): Add flag NO_REUSE.
+ (application_notify_card_reset): Set the flag.
+ * app.c (select_application, release_application): Take care of
+ that flag.
+
+2009-03-20 Werner Koch <wk@g10code.com>
+
+ * app-nks.c (keygripstr_from_pk_file): Fix for TCOS 3 cards.
+
+2009-03-18 Werner Koch <wk@g10code.com>
+
+ * apdu.c (open_pcsc_reader_wrapped): Use close_all_fds.
+
+ * command.c (cmd_learn): Add option --keypairinfo.
+ * app.c (app_write_learn_status): Add arg FLAGS.
+ * app-common.h (struct app_ctx_s): Add arg FLAGS to LEARN_STATUS.
+ Change all implementors.
+ * app-p15.c (do_learn_status): Take care of flag bit 0.
+ * app-nks.c (do_learn_status, do_learn_status_core): Ditto.
+
+2009-03-10 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (send_key_attr): New.
+ (do_getattr): New attribute KEY_ATTR.
+ * command.c (send_status_direct): New.
+
+2009-03-06 Werner Koch <wk@g10code.com>
+
+ * app-nks.c (do_learn_status): Factor code out to..
+ (do_learn_status_core): .. new.
+ (do_readcert, do_sign, do_decipher): Switch to SigG if needed.
+ (verify_pin): Use DESC also for keypad based verify.
+
+2009-03-05 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (verify_a_chv): Remove special case for keypads.
+ (verify_chv3): Ditto.
+
+ * app-nks.c (get_chv_status): New.
+ (parse_pwidstr): New.
+ (verify_pin): Add args PWID and DESC and use them. Remove the
+ CHV1 caching.
+ (do_change_pin): Allow PIN selection and add reset mode.
+ (do_learn_status): Use NKS-NKS3 tag for TCOS 3 cards.
+ (do_readcert, do_sign): Allow NKS-NKS3 tag.
+
+2009-03-04 Werner Koch <wk@g10code.com>
+
+ * app-nks.c (do_getattr): New.
+ (app_select_nks): Register it.
+ (verify_pin): Factor some code out to...
+ (basic_pin_checks): New.
+ (do_change_pin): Call the basic check.
+ (app_select_nks): Move AID to ..
+ (aid_nks): .. new.
+ (aid_sigg): New.
+ (switch_application): New.
+ (do_getattr, do_learn_status, do_readcert, do_sign, do_decipher)
+ (do_change_pin, do_check_pin): Make sure we are in NKS mode.
+
+2009-03-03 Werner Koch <wk@g10code.com>
+
+ * command.c (scd_command_handler): Remove dereference of STOPME
+ after free.
+
+2009-02-27 Werner Koch <wk@g10code.com>
+
+ * app.c (get_supported_applications): New.
+ * command.c (cmd_getinfo): New subcommand "app_list"
+ (cmd_killscd): New.
+ (register_commands): Register command KILLSCD.
+ (struct server_local_s): Add field STOPME.
+ (scd_command_handler): Act upon this.
+
+2009-02-25 Werner Koch <wk@g10code.com>
+
+ * apdu.c (apdu_get_status): Factor all code out to ...
+ (apdu_private_get_status): .. new. Add arg NO_ATR_RESET.
+ (apdu_connect): Call new function.
+
+ * scdaemon.c: New option --debug-log-tid.
+ (tid_log_callback): New.
+ (main): Move debug-wait code after debug stream init.
+
+2009-02-24 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (ccid_get_atr): Move debug output to ..
+ (print_r2p_parameters): .. new.
+ (print_r2p_header, print_pr_data, print_r2p_unknown)
+ (print_r2p_datablock, print_r2p_slotstatus, print_r2p_escape)
+ (print_r2p_datarate): New.
+ (bulk_in): Call parameter printing.
+ (ccid_set_debug_level): Add debug level 3.
+ (convert_le_u16): New.
+ (print_p2r_header, print_p2r_iccpoweron, print_p2r_iccpoweroff)
+ (print_p2r_getslotstatus, print_p2r_xfrblock)
+ (print_p2r_getparameters, print_p2r_resetparameters)
+ (print_p2r_setparameters, print_p2r_escape, print_p2r_iccclock)
+ (print_p2r_to0apdu, print_p2r_secure, print_p2r_mechanical)
+ (print_p2r_abort, print_p2r_setdatarate, print_r2p_unknown): New.
+ (bulk_out): Add arg NO_DEBUG and change all callers to pass 0.
+ Call parameter printing.
+ (ccid_slot_status): Call with NO_DEBUG set.
+ (abort_cmd, send_escape_cmd, ccid_get_atr, ccid_get_atr)
+ (ccid_transceive_apdu_level, ccid_transceive)
+ (ccid_transceive_secure): Remove old debug print code.
+
+2009-02-12 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_getinfo): Add new subcommand "deny_admin".
+
+2009-01-28 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (main): Make --allow-admin the default and make the
+ option a dummy.
+
+2009-01-27 Werner Koch <wk@g10code.com>
+
+ * app-geldkarte.c: Changed to use an AID.
+
+ * app.c (app_munge_serialno): Add case for no serialno.
+ (app_get_serial_and_stamp): Ditto.
+
+2009-01-26 Werner Koch <wk@g10code.com>
+
+ * app-geldkarte.c: New.
+ * Makefile.am (card_apps): Add new file.
+ * app.c (select_application): Test for geldkarte.
+
+2009-01-12 Werner Koch <wk@g10code.com>
+
+ * command.c (send_client_notifications) [HAVE_W32_SYSTEM]: Fix
+ brackets.
+
+2009-01-08 Werner Koch <wk@g10code.com>
+
+ * iso7816.c (iso7816_read_record, iso7816_read_binary): Pass 0 for
+ L_e because the problem with the CCID driver has gone.
+ (iso7816_apdu_direct): New.
+
+ * app-nks.c (filelist): Add NKS_VER field. Add NKS 3 specific
+ entries.
+ (app_local_s, do_deinit): New.
+ (get_nks_version): New.
+ (app_select_nks): Setup local data.
+ (keygripstr_from_pk_file): Replace SLOT by APP and take care of
+ NKS version > 2.
+ (do_learn_status): Take care of NKS version.
+
+2009-01-05 Werner Koch <wk@g10code.com>
+
+ * apdu.c (apdu_get_status): Save the last status.
+
+2008-12-18 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (abort_cmd): New.
+ (bulk_in): Call abort_cmd after severe errors.
+
+ * apdu.c (reader_table_s): Add field ANY_STATUS.
+ (new_reader_slot): Clear it.
+ (apdu_get_status): Use ANY_STATUS to update the change counter.
+ Remove the use of the flag bit from LAST_STATUS everywhere.
+ * command.c (update_reader_status_file): Factor code out to ...
+ (send_client_notifications): New. Track signals already sent.
+ (update_reader_status_file): Shutdown the reader after a failed
+ apdu_get_status.
+
+2008-12-09 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (main): Call i18n_init before init_common_subsystems.
+
+2008-12-08 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (handle_connections): Sync ticker to the next full
+ interval.
+ (TIMERTICK_INTERVAL_USEC): Change to 500ms.
+
+2008-12-05 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (app_local_s): Add field ALGO_ATTR_CHANGE.
+ (app_select_openpgp): Parse new capability.
+ (show_caps): Show new capability.
+
+2008-12-03 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (opts): Use ARGPARSE_ macros. Add option
+ --card-timeout.
+ * command.c (update_reader_status_file): Implement it.
+
+2008-11-18 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (make_libversion): New.
+ (my_strusage): Print libgcrypt and libksba version.
+
+2008-11-03 Werner Koch <wk@g10code.com>
+
+ * command.c (server_local_s): Add field DISCONNECT_ALLOWED.
+ (cmd_disconnect): Implement command.
+ (open_card): Reset disconnect flag.
+ (update_reader_status_file): Disconnect if allowed.
+
+ * app-common.h (app_ctx_s): Remove INITIALIZED. Make REF_COUNT
+ unsigned.
+ * app.c (select_application): Remove INITIALIZED.
+ (app_write_learn_status, app_readcert, app_readkey, app_getattr)
+ (app_setattr, app_sign, app_decipher, app_writecert)
+ (app_writekey, app_get_challenge, app_change_pin, app_check_pin):
+ Replace INITIALIZED by REF_COUNT check.
+ (application_notify_card_removed): Rename to ..
+ (application_notify_card_reset): .. this. Change all callers.
+ * command.c (do_reset): Call application_notify_card_reset after
+ sending a reset.
+ (update_reader_status_file): Add arg SET_CARD_REMOVED.
+ (scd_update_reader_status_file): Pass true for new flag.
+ (do_reset): Pass false for new flag.
+
+ * app.c (app_get_serial_and_stamp): Use bin2hex.
+ * app-help.c (app_help_get_keygrip_string): Ditto.
+ * app-p15.c (send_certinfo, send_keypairinfo, do_getattr): Ditto.
+ * app-openpgp.c (send_fpr_if_not_null, send_key_data)
+ (retrieve_fpr_from_card, send_keypair_info): Ditto.
+ * app-nks.c (keygripstr_from_pk_file): Ditto.
+ * command.c (cmd_apdu): Ditto.
+
+2008-10-21 Marcus Brinkmann <marcus@g10code.com>
+
+ * command.c (open_card): If connect error is SW_HOST_NO_CARD,
+ return a more descriptive error.
+
+2008-10-20 Werner Koch <wk@g10code.com>
+
+ * pcsc-wrapper.c (read_32): Use provided arg and not stdin. Is
+ called with stdin, though.
+ (handle_close): Mark unused arg.
+ (handle_status, handle_reset): Ditto.
+
+ * ccid-driver.c (ccid_check_card_presence): Mark not yet used arg.
+
+ * scdaemon.c (scd_deinit_default_ctrl): Mark unused arg.
+ * command.c (cmd_unlock, cmd_restart, cmd_disconnect): Ditto.
+ * apdu.c (ct_get_status): Ditto.
+ (ct_send_apdu, pcsc_send_apdu_wrapped)
+ (apdu_open_remote_reader): Ditto.
+ * app.c (select_application): Ditto.
+ * app-openpgp.c (do_writecert, do_change_pin, do_writekey): Ditto.
+ * app-nks.c (do_change_pin, do_check_pin): Ditto.
+
+2008-10-16 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_disconnect): New dummy command.
+ (register_commands): Register command.
+
+2008-10-15 Werner Koch <wk@g10code.com>
+
+ * command.c (scd_command_handler): Return true if there is no more
+ active session.
+ * scdaemon.c (start_connection_thread): Set shutdown flag if
+ requested by command handler.
+ (main): Make PIPE_SERVER module global.
+ (handle_connections): Disable listen_fd if a shutdown is pending.
+
+2008-10-14 Werner Koch <wk@g10code.com>
+
+ * apdu.c (reader_table_s): Add fields connect_card and
+ disconnect_card.
+ (new_reader_slot): Set them to NULL.
+ (apdu_connect, apdu_disconnect): New.
+ (apdu_close_reader, apdu_shutdown_reader): Call apdu_disconnect.
+ (connect_pcsc_card, disconnect_pcsc_card): new.
+ (reset_pcsc_reader_direct): Implement in terms of
+ disconnect_pcsc_card and connect_pcsc_card.
+ (apdu_get_atr): Return NULL if there is no ATR.
+ * sc-copykeys.c (main): Add call to apdu_connect.
+ * command.c (open_card): Ditto.
+
+ * apdu.h (SW_HOST_ALREADY_CONNECTED): New.
+ (APDU_CARD_USABLE, APDU_CARD_PRESENT, APDU_CARD_ACTIVE): New.
+ * apdu.c: Replace constants by the new macros.
+ (open_pcsc_reader): Factor code out to ...
+ (open_pcsc_reader_direct, open_pcsc_reader_wrapped): New.
+ (reset_pcsc_reader): Factor code out to ...
+ (reset_pcsc_reader_direct, reset_pcsc_reader_wrapped): New.
+ (pcsc_get_status): Factor code out to ...
+ (pcsc_get_status_direct, pcsc_get_status_wrapped): New.
+ (pcsc_send_apdu): Factor code out to ...
+ (pcsc_send_apdu_direct, pcsc_send_apdu_wrapped): New.
+ (close_pcsc_reader): Factor code out to ...
+ (close_pcsc_reader_direct, close_pcsc_reader_wrapped): New.
+
+ * command.c (update_reader_status_file): Open the reader if not
+ yet done.
+
+ * scdaemon.c (TIMERTICK_INTERVAL_SEC, TIMERTICK_INTERVAL_USEC):
+ New to replace TIMERTICK_INTERVAL. Chnage from 2s (4 under W32)
+ to 250ms.
+
+2008-10-13 Werner Koch <wk@g10code.com>
+
+ * command.c (option_handler) [W32]: Use strtoul with base 16.
+ (update_reader_status_file) [W32]: Set Event.
+ (scd_command_handler): Use INT2FD to silent warning.
+
+2008-09-29 Werner Koch <wk@g10code.com>
+
+ * scdaemon.h (GCRY_MD_USER): Rename to GCRY_MODULE_ID_USER.
+ (GCRY_MD_USER_TLS_MD5SHA1): Rename to MD_USER_TLS_MD5SHA1 and
+ change all users.
+
+2008-09-28 Marcus Brinkmann <marcus@g10code.com>
+
+ * apdu.c (pcsc_get_status): Fix last change.
+
+2008-09-25 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_setattr): Do not allow setting of the reset
+ code.
+ (do_change_pin): Allow setting of the reset code.
+
+2008-09-24 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (verify_chv3): Set the did_chv3 flag which was
+ accidently removed on 2008-03-26.
+ (verify_chv2): Revert last change.
+ (do_change_pin): Do not change CHV2. Add reset code logic for v2
+ cards.
+ * iso7816.c (iso7816_reset_retry_counter_with_rc): New.
+
+ * app-openpgp.c (add_tlv, build_privkey_template): New.
+ (do_writekey): Support v2 keys and other key lengths than 1024.
+ * iso7816.c (iso7816_put_data_odd): New.
+
+2008-09-23 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_sign): Support SHA-2 digests.
+ (verify_chv2): No CHV auto-sync for v2 cards.
+ (do_auth): Allow 2048 bit keys.
+ (parse_algorithm_attribute): New.
+ (rsa_key_format_t): New.
+ (struct app_local_s): Add struct KEYATTR.
+
+2008-09-23 Marcus Brinkmann <marcus@g10code.com>
+
+ * apdu.c (pcsc_get_status): Be more relaxed with the usable flag
+ under Windows.
+
+2008-09-23 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_setattr): Use command chaining for long
+ values.
+ * iso7816.c (iso7816_put_data): Add arg EXTENDED_MODE. Change all
+ callers.
+ * apdu.c (apdu_send_simple): Add arg EXTENDED_MODE. Change all
+ callers.
+ (send_le): Implement command chaining.
+ * ccid-driver.c (ccid_transceive_apdu_level): Increase allowed
+ APDU size.
+ (ccid_transceive): Alow for APDUS of up to 259 bytes.
+ * apdu.h: Add new SW_ codes.
+
+2008-09-16 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_writecert): New.
+ (register_commands): Register it.
+ * app-common.h (app_ctx_s): Add member WRITECERT.
+ * app.c (app_writecert): New.
+ * app-openpgp.c (do_writecert): New.
+ (parse_historical): New.
+ (show_extcap): New.
+ (dump_all_do): Print only the length of longs DOs.
+ * command.c (cmd_writekey, cmd_apdu, cmd_pksign)
+ (cmd_passwd): Replace open coding by skip_options.
+
+2008-08-30 Moritz <moritz@gnu.org>
+
+ * scdaemon.c (main): Use estream_asprintf instead of asprintf.
+ * command.c (update_reader_status_file): Likewise.
+ (cmd_serialno): Use estream_asprintf instead of asprintf
+ and xfree instead of free to release memory allocated
+ through (estream_)asprintf.
+ (cmd_learn): Likewise.
+ (pin_cb): Likewise.
+ * app-openpgp.c (get_public_key): Likewise.
+
+2008-08-18 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_setattr): Fix test for v2 cards.
+
+2008-08-11 Werner Koch <wk@g10code.com>
+
+ * apdu.c (reset_pcsc_reader, open_pcsc_reader)
+ (reset_rapdu_reader, open_rapdu_reader): Allow ATRs of up to 33
+ bytes. Provide maximum size of ATR buffer using DIM. Such long
+ ATR are never seen in reality but the PC/SC library of MAC OS X is
+ just too buggy. Reported by Ludovic Rousseau. Fixes bug #948.
+
+2008-07-30 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (verify_a_chv): Use xtrymalloc and make the prompt
+ for CHV2 more user friendly.
+
+2008-07-03 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_readcert): New.
+ (app_local_s): Add fields IS_V2 and MAX_CERTLEN_3.
+ (app_select_openpgp): Set them and register do_readcert.
+ (do_setattr): Allow storing of the certificate.
+
+2008-06-25 Werner Koch <wk@g10code.com>
+
+ * app-dinsig.c (do_sign): Allow for SHA256.
+
+2008-06-24 Werner Koch <wk@g10code.com>
+
+ * app-common.h (app_ctx_s): Renamed reset_mode parameter of
+ change_pin to mode_Flags and make it an unsigned int.
+ (APP_CHANGE_FLAG_RESET, APP_CHANGE_FLAG_NULLPIN): New.
+ * app-openpgp.c (do_change_pin): Adjust for that.
+
+ * command.c (cmd_passwd): Add option --nullpin.
+ * app-nks.c (do_check_pin, do_change_pin): New.
+ (app_select_nks): Register new functions.
+
+2008-04-21 Moritz Schulte <mo@g10code.com> (wk)
+
+ * app-openpgp.c (verify_a_chv): Make use of the default CHV flag.
+
+2008-03-26 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (verify_chv3): Support the keypad.
+
+2008-02-09 Marcus Brinkmann <marcus@g10code.de>
+
+ * scdaemon.c (main): Use CONFIG_FILENAME as filename if it is set
+ in gpgconf-list output.
+
+2007-12-10 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_decipher): Take care of cryptograms shorter
+ that 128 bytes. Fixes bug#851.
+
+2007-11-14 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (main): Pass STANDARD_SOCKET flag to
+ create_server_socket.
+
+2007-11-13 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (start_connection_thread): Do not call
+ assuan_sock_check_nonce if we are running in --server mode.
+
+2007-11-07 Werner Koch <wk@g10code.com>
+
+ * scdaemon.h: Remove errors.h.
+
+2007-10-02 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_getinfo): Add "pid" subcommand.
+
+2007-10-01 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (create_server_socket): Use Assuan socket wrappers
+ and remove Windows specific code.
+ (socket_nonce): New.
+ (start_connection_thread): Check nonce.
+
+2007-09-14 Marcus Brinkmann <marcus@g10code.de>
+
+ * scdaemon.c (main): New variable STANDARD_SOCKET, which is 1 for
+ W32 targets. Use it for create_socket_name.
+
+2007-08-07 Werner Koch <wk@g10code.com>
+
+ * tlv.c, tlv.h: Move to ../common/.
+
+2007-08-02 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c: Include gc-opt-flags.h and remove their definition
+ here.
+
+2007-08-01 Werner Koch <wk@g10code.com>
+
+ * apdu.c (send_le): Implement exact length hack. Suggested by
+ Sten Lindgren.
+
+2007-07-05 Werner Koch <wk@g10code.com>
+
+ * command.c (has_option_name, skip_options): New.
+ (cmd_genkey): Add option --timestamp.
+ (cmd_writekey): Enter confidential mode while inquiring the key data.
+
+ * app.c (app_genkey): Add arg CREATETIME.
+ * app-common.h (app_ctx_s): Likewise
+ * app-openpgp.c (do_genkey): Ditto. Use it.
+
+
+2007-07-04 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_getinfo): New subcommand "version".
+
+ * scdaemon.c (TIMERTICK_INTERVAL): New.
+ (handle_connections) [W32]: Enable a dummy sigs event.
+ (handle_connections): Use a proper count for select and not
+ FD_SETSIZE.
+ (fixed_gcry_pth_init, main): Kludge to fix pth initialization.
+
+2007-06-21 Werner Koch <wk@g10code.com>
+
+ * scdaemon.h (ctrl_t): Remove. It is now declared in ../common/util.h.
+
+2007-06-18 Marcus Brinkmann <marcus@g10code.de>
+
+ * scdaemon.c (main): Percent escape output of --gpgconf-list.
+
+2007-06-12 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (main): Replace some calls by init_common_subsystems.
+
+2007-06-11 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (scdaemon_LDADD): Use libcommonpth macro.
+
+ * command.c (initialize_module_command): New.
+ * scdaemon.c (main) [W32]: Do not use sigpipe code.
+ (main): Call initialize_module_command.
+
+2007-06-06 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_sign): Fix arithmetic on void*.
+
+ * app.c (dump_mutex_state) [W32]: Handle the W32Pth case.
+
+ * apdu.c: Remove dynload.h.
+
+ * scdaemon.c (i18n_init): Remove.
+
+2007-04-20 Werner Koch <wk@g10code.com>
+
+ * sc-copykeys.c (my_gcry_logger): Removed.
+ (main): Call setup_libgcrypt_logging helper.
+ * scdaemon.c (my_gcry_logger): Removed.
+ (main): Call setup_libgcrypt_logging helper.
+
+2007-04-03 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_getinfo): New subcommand "reader_list".
+ * ccid-driver.c (scan_or_find_devices): Ignore EBUSY in scan mode
+ for special transports.
+
+2007-03-07 Werner Koch <wk@g10code.com>
+
+ * app-dinsig.c: Include i18n.h.
+ (verify_pin): Support PIN pads.
+ * app-nks.c (verify_pin): Ditto.
+
+ * ccid-driver.c (bulk_in): Handle time extension before checking
+ the message type.
+ (ccid_transceive_secure): Support the Cherry XX44 keyboard.
+ Kudos to the nice folks at Cherry for helping with that.
+
+2007-02-18 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (DEFAULT_PCSC_DRIVER): Add a default for OS X.
+
+2007-01-25 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (scdaemon_LDADD): Added LIBICONV. Noted by Billy
+ Halsey.
+
+2006-12-21 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (verify_chv2): Factored most code out into...
+ (verify_a_chv): ... new.
+ (do_sign): Factored verification code out to new function and
+ take care of a keypad entered PIN.
+ (compare_fingerprint): Print an additional diagnostic.
+
+2006-11-28 Werner Koch <wk@g10code.com>
+
+ * apdu.c (send_le, apdu_send_direct): Increase RESULTLEN to 258 to
+ allow for full 256 byte and the status word. This might break
+ some old PC/SC drivers or cards, but we will see. Suggested by
+ Kenneth Wang.
+
+2006-11-23 Werner Koch <wk@g10code.com>
+
+ * command.c (scd_command_handler): Fixed use of CTRL.
+
+2006-11-21 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (libexec_PROGRAMS): Put pscs-wrapper into libexec.
+ Renamed to gnupg-pcsc-wrapper.
+ * apdu.c (open_pcsc_reader): Use GNUPG_LIBEXECDIR to accces the
+ wrapper. Suggested by Eric Dorland.
+
+2006-11-20 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (verify_chv2): Support for keypads (only CHV2).
+
+ * ccid-driver.c (ccid_transceive_secure): Made it work for Kaan
+ and SCM.
+
+2006-11-17 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (scan_or_find_devices): Use DEBUGOUT_2 instead of
+ log_debug. Removed few other log_debug.
+
+ * iso7816.c (iso7816_check_keypad): Allow for a SW of 0.
+
+ * command.c (pin_cb): New mode to prompt for a keypad entry.
+
+ * scdaemon.c (main) <gpgconf-list>: Add disable-keypad.
+
+2006-11-15 Werner Koch <wk@g10code.com>
+
+ * app-p15.c (read_ef_odf): Cast one printf arg.
+
+ * scdaemon.h (struct server_control_s): Add field THREAD_STARTUP.
+ * command.c (scd_command_handler): Add new arg CTRL.
+ * scdaemon.c (scd_init_default_ctrl): Made static.
+ (scd_deinit_default_ctrl): New.
+ (start_connection_thread): Call init/deinit of ctrl.
+ (handle_connections): Allocate CTRL.
+
+ * apdu.c (PCSC_ERR_MASK): New.
+ (reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu)
+ (close_pcsc_reader, open_pcsc_reader): Use it after shifting error
+ values. Reported by Henrik Nordstrom. Fixes bug #724.
+
+2006-10-24 Werner Koch <wk@g10code.com>
+
+ * scdaemon.h (GCRY_MD_USER_TLS_MD5SHA1): New.
+ (MAX_DIGEST_LEN): Increased to 36.
+ * app-p15.c (do_sign): Support for TLS_MD5SHA1.
+ (do_auth): Detect TLS_MD5SHA1.
+ (do_sign): Tweaks for that digest.
+
+2006-10-23 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (main): New command --gpgconf-test.
+
+2006-10-17 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (scdaemon_LDADD): Link against libcommonpth.
+
+2006-10-12 Werner Koch <wk@g10code.com>
+
+ * apdu.c: Include pth.h after unistd.h for the sake of newer Pth
+ versions.
+
+2006-10-11 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_sign): Redirect to do_auth for OpenPGP.3.
+
+2006-10-06 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (AM_CFLAGS): Use PTH version of libassuan.
+ (scdaemon_LDADD): Ditto.
+
+ * scdaemon.h (send_status_info): Mark with sentinel attribute.
+
+2006-10-02 Marcus Brinkmann <marcus@g10code.de>
+
+ * command.c (update_reader_status_file): Increase buffer of
+ NUMBUF2 (fixing typo).
+
+2006-09-24 Marcus Brinkmann <marcus@g10code.de>
+
+ * app-openpgp.c (do_sign): Advance INDATA by the SHA1 resp. RMD160
+ prefix length.
+
+2006-09-14 Werner Koch <wk@g10code.com>
+
+ Replaced all call gpg_error_from_errno(errno) by
+ gpg_error_from_syserror().
+
+ * command.c (scd_command_handler): Replaced
+ init_connected_socket_server by init_socket_server_ext.
+
+2006-09-07 Werner Koch <wk@g10code.com>
+
+ * command.c (update_reader_status_file): Execute an event handler
+ if available.
+
+2006-09-06 Werner Koch <wk@g10code.com>
+
+ * apdu.c (pcsc_end_transaction):
+ * pcsc-wrapper.c (pcsc_end_transaction: Fixed dclaration.
+ Reported by Bob Dunlop.
+
+ * scdaemon.h (CTRL,APP): Removed and changed everywhere to
+ ctrl_t/app_t.
+
+ Replaced all Assuan error codes by libgpg-error codes. Removed
+ all map_to_assuan_status and map_assuan_err.
+
+ * scdaemon.c (main): Call assuan_set_assuan_err_source to have Assuan
+ switch to gpg-error codes.
+ * command.c (set_error): Adjusted.
+
+2006-09-02 Marcus Brinkmann <marcus@g10code.de>
+
+ * command.c (get_reader_slot): Return the slot_table index, not
+ the APDU slot number.
+ (update_reader_status_file): Use the slot_table index in the
+ update_card_removed invocation.
+
+2006-09-01 Marcus Brinkmann <marcus@g10code.de>
+
+ * command.c (cmd_getinfo): Handle status command.
+
+2006-08-30 Marcus Brinkmann <marcus@g10code.de>
+
+ * command.c (do_reset): Delay resetting CTRL->reader_slot until
+ after update_card_removed invocation.
+
+2006-08-28 Marcus Brinkmann <marcus@g10code.de>
+
+ * app-openpgp.c (do_decipher, do_sign): Allow "OPENPGP.2"
+ resp. "OPENPGP.1" for KEYIDSTR.
+
+2006-08-21 Werner Koch <wk@g10code.com>
+
+ * pcsc-wrapper.c (handle_open, handle_close): Reset card and
+ protocol on error/close.
+ (handle_status): Don't set the state if the state is unknown.
+ (handle_reset): Ignore an error if already disconnected. May
+ happen due to system wake-up after hibernation. Suggested by Bob
+ Dunlop.
+
+2006-06-28 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_writekey): Fixed computation of memmove
+ length. This led to garbled keys if E was larger than one byte.
+ Thanks to Achim Pietig for hinting at the garbled E.
+
+2006-06-09 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (scdaemon_LDADD): Add $(NETLIBS).
+
+2006-04-14 Marcus Brinkmann <marcus@g10code.de>
+
+ * app.c (select_application): Cover up a slot mismatch error in
+ case it happens (it shouldn't happen).
+ (release_application): Use APP->slot. Lock the reader.
+ (application_notify_card_removed): Lock the reader.
+
+2006-04-11 Werner Koch <wk@g10code.com>
+
+ * command.c (hex_to_buffer): New.
+ (cmd_apdu): New.
+
+2006-04-03 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c [__GLIBC__]: Default to libpcsclite.so.1.
+
+2006-03-21 Werner Koch <wk@g10code.com>
+
+ * command.c (cmd_pksign): Add --hash option.
+
+2006-03-01 Werner Koch <wk@g10code.com>
+
+ * command.c (status_file_update_lock): New.
+ (scd_update_reader_status_file): Use lock and factor existing code
+ out to ..
+ (update_reader_status_file): .. this.
+ (do_reset): Use the lock and call update_reader_status_file.
+
+2006-02-20 Werner Koch <wk@g10code.com>
+
+ * apdu.c (open_pcsc_reader): Fixed double free. Thanks to Moritz.
+
+2006-02-09 Werner Koch <wk@g10code.com>
+
+ * command.c (get_reader_slot, do_reset)
+ (scd_update_reader_status_file): Rewrote.
+
+ * app.c (release_application): Factored code out to ..
+ (deallocate_app): new function.
+ (select_application): Introduce new saved application stuff.
+ (application_notify_card_removed): New.
+ * command.c (update_card_removed): Call it here.
+ (do_reset): And here.
+
+ * app.c (check_application_conflict): New.
+ * command.c (open_card): Use it here.
+ (cmd_restart): New command.
+
+ * command.c (cmd_lock): Fixed --wait option to actually terminate.
+
+2006-02-08 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (ccid_get_atr): Read Parameter and select T=1
+ using these parameters.
+ (scan_or_find_devices): Check for NULL r_fd.
+
+2006-02-02 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (special_transport): New
+ (ccid_open_reader, do_close_reader, ccid_shutdown_reader)
+ (bulk_out, bulk_in): Add support for CardMan 4040 reader.
+
+ * ccid-driver.c (scan_or_find_devices): Factored most code out to
+ (scan_or_find_usb_device): .. new.
+ (make_reader_id): Fixed vendor mask.
+
+2006-01-01 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_sign): Give user error if hash algorithm is
+ not supported by the card.
+
+2005-12-06 Werner Koch <wk@g10code.com>
+
+ * apdu.c (open_pcsc_reader): Check that pcsc-wrapper is actually
+ installed.
+
+2005-11-23 Werner Koch <wk@g10code.com>
+
+ * app-nks.c (verify_pin): Give a special error message for a Nullpin.
+
+2005-10-29 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (send_escape_cmd): New args RESULT, RESULTLEN and
+ RESULTMAX. Changed all callers.
+ (ccid_transceive_escape): New.
+
+2005-10-27 Werner Koch <wk@g10code.com>
+
+ * apdu.c [__CYGWIN__]: Make cygwin environment similar to _WIN32.
+ Suggested by John P. Clizbe.
+ * scdaemon.c [__CYGWIN__]: Set default PC/SC driver to winscard.dll.
+
+2005-10-19 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.h (CCID_DRIVER_ERR_NO_KEYPAD): New.
+ * apdu.h (SW_HOST_NO_KEYPAD): New.
+ * iso7816.h (struct iso7816_pininfo_s): New.
+ * iso7816.c (map_sw): Support new code.
+ (iso7816_check_keypad): New.
+ (iso7816_verify_kp, iso7816_change_reference_data_kp)
+ (iso7816_reset_retry_counter_kp): New. Extended versions of the
+ original functions.
+ * apdu.c (host_sw_string): Support new code.
+ (reader_table_s): New field CHECK_KEYPAD.
+ (new_reader_slot, open_ct_reader, open_pcsc_reader)
+ (open_ccid_reader, open_rapdu_reader): Initialize it.
+ (check_ccid_keypad): New.
+ (apdu_check_keypad): New.
+ (apdu_send_le): Factored all code out to ...
+ (send_le): .. new. Takes an additional arg; changed all callers
+ of the orginal function to use this one with a NULL for the new
+ arg.
+ (apdu_send_simple_kp): New.
+ (ct_send_apdu, pcsc_send_apdu, my_rapdu_send_apdu)
+ (send_apdu_ccid): New arg PININFO.
+ (send_apdu_ccid): Use the new arg.
+
+ * scdaemon.c: New option --disable-keypad.
+
+2005-10-08 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (scdaemon_LDADD): Add ../gl/libgnu.a after
+ ../common/libcommon.a.
+
+2005-09-20 Werner Koch <wk@g10code.com>
+
+ * app-dinsig.c (verify_pin): Try ISO 9564 BCD encoding.
+
+ * iso7816.c (iso7816_select_application): Add arg FLAGS. Changed
+ all callers to pass 0.
+ * app-openpgp.c (app_select_openpgp): But this one requires a
+ special flag.
+
+ * app-p15.c (app_select_p15): Don't use select application for the
+ BELPIC.
+
+2005-09-09 Werner Koch <wk@g10code.com>
+
+ * pcsc-wrapper.c (main): Removed bogus free.
+
+ * app-p15.c (do_auth): New.
+ (do_getattr): New attribs $AUTHKEYID and $DISPSERIALNO.
+ * app-openpgp.c (do_getattr): Ditto.
+
+2005-09-08 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_getattr): New key $AUTHKEYID.
+
+2005-09-06 Werner Koch <wk@g10code.com>
+
+ * app-p15.c (do_sign): Tweaked for BELPIC cards.
+ (read_home_df): New arg R_BELPIC.
+ (app_select_p15): Set card type for BELPIC.
+
+2005-09-05 Werner Koch <wk@g10code.com>
+
+ * iso7816.c (iso7816_select_path): New.
+ * app-p15.c (select_ef_by_path): Allow for direct path selection.
+ (app_select_p15): Try using the Belgian variant of pkcs#15.
+ (read_home_df): New.
+ (read_ef_odf): Generalized.
+ (read_ef_tokeninfo): New.
+ (read_p15_info): Set serialnumber from TokenInfo.
+ (app_select_p15): Don't munge serialNumber - that must be done
+ only once.
+
+ * iso7816.c (iso7816_read_binary): Use Le=0 when reading all
+ data. Handle 6C00 error and take 6B00 as indication for EOF.
+ * apdu.h (SW_EXACT_LENGTH_P): New.
+ * apdu.c (new_reader_slot, reset_pcsc_reader, pcsc_get_status)
+ (open_pcsc_reader): Set new reader state IS_T0.
+ (apdu_send_le): When doing T=0 make sure not to send Lc and Le.
+ Problem reported by Carl Meijer.
+ (apdu_send_direct): Initialize RESULTLEN.
+ * pcsc-wrapper.c (handle_status): Return the current protocol as
+ a new third word.
+
+2005-08-05 Werner Koch <wk@g10code.com>
+
+ * apdu.c (open_rapdu_reader): Set the reader number.
+
+2005-07-05 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_readkey): Return a mallcoed copy of the key as
+ required by the description. Thanks to Moritz for tracking this
+ problem down.
+
+2005-06-21 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (main): ifdef call to ccid_set_debug_level.
+
+ * apdu.c (reset_pcsc_reader, open_pcsc_reader): Cast size_t to
+ ulong for printf.
+
+2005-06-06 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (main): New option --debug-allow-core-dump.
+
+2005-06-03 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (handle_connections): Make sure that the signals we
+ are handling are not blocked.Block signals while creating new
+ threads.
+ (handle_connections): Include the file descriptor into the name of
+ the thread.
+
+2005-06-02 Werner Koch <wk@g10code.com>
+
+ * app.c (app_dump_state, dump_mutex_state): New.
+ * scdaemon.c (handle_signal): Print it on SIGUSR1.
+
+ * app-openpgp.c (do_writekey): Typo fix.
+
+ * command.c (open_card): Check for locked state even if an
+ application context is available.
+
+ * app-common.h: Add REF_COUNT field.
+ * app.c (release_application, select_application): Implement
+ reference counting to share the context beween connections.
+
+ * app.c (lock_reader, unlock_reader): Take SLOT instead of APP as
+ argument. Changed all callers.
+ (select_application): Unlock the reader on error. This should fix
+ the hangs I noticed last week.
+
+ * scdaemon.h: Removed card_ctx_t cruft.
+
+2005-06-01 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c: Include mkdtemp.h.
+
+2005-05-31 Werner Koch <wk@g10code.com>
+
+ * tlv.c [GNUPG_MAJOR_VERSION==1]: Define constants instead of
+ including a gnupg 1.4 header.
+
+2005-05-30 Werner Koch <wk@g10code.com>
+
+ * tlv.c: Add hack to compile without gpg-error.h when used with
+ GnuPG 1.4.
+
+2005-05-23 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Do not build sc-copykeys anymore.
+
+ * app-openpgp.c (app_openpgp_storekey, app_openpgp_readkey)
+ (app_openpgp_cardinfo): Removed.
+
+ * ccid-driver.c (parse_ccid_descriptor): SCR335 FW version 5.14 is
+ good.
+ (do_close_reader): Never do a reset. The caller should instead
+ make sure that the reader has been closed properly. The new retry
+ code in ccid_slot_status will make sure that the readersatrts up
+ fine even if the last process didn't closed the USB connection
+ properly.
+ (ccid_get_atr): For certain readers try switching to ISO mode.
+ Thanks to Ludovic Rousseau for this hint and the magic numbers.
+ (print_command_failed): New.
+ (bulk_in): Use it here. Add new arg NO_DEBUG.
+ (ccid_slot_status): Disabled debugging.
+
+2005-05-21 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (handle_signal): Print thread info on SIGUSR1.
+
+2005-05-20 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c: Replaced macro DEBUG_T1 by a new debug level.
+ (parse_ccid_descriptor): Mark SCR335 firmware version 5.18 good.
+ (ccid_transceive): Arghhh. The seqno is another bit in the
+ R-block than in the I block, this was wrong at one place.
+
+ * scdaemon.c: New options --debug-ccid-driver and
+ --debug-disable-ticker.
+
+ * app-openpgp.c (do_genkey, do_writekey): Factored code to check
+ for existing key out into ..
+ (does_key_exist): .. New function.
+
+2005-05-19 Werner Koch <wk@g10code.com>
+
+ * tlv.c (parse_sexp): New.
+
+ * command.c (cmd_writekey): New.
+ * app.c (app_writekey): New.
+ * app-common.c (app_t): Add function ptr WRITEKEY.
+ * app-openpgp.c (do_writekey): New.
+
+ * app-openpgp.c (do_readkey) [GNUPG_MAJOR_VERSION==1]: Return error.
+ * app-common.h (app_t) [GNUPG_MAJOR_VERSION==1]: Add a field to
+ store the Assuan context.
+
+2005-05-17 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c: Removed non-pth code paths.
+ (create_socket_name, create_server_socket): New. Taken from
+ ../agent/gpg-agent.
+ (cleanup): Changed to adjust for SOCKET_NAME now being malloced.
+ (ticker_thread): Always use pth_event_occurred; it is again
+ defined for all decent PTH versions.
+ (handle_connections): New. Based on the gpg-agent code.
+ (start_connection_thread): Ditto.
+ (ticker_thread): Removed.
+ (cleanup_sh): Removed.
+ (main): Run the handler for the pipe server in a separate
+ thread. This replaces the old ticker thread.
+ (scd_get_socket_name): New.
+ * command.c (cmd_getinfo): New command GETINFO.
+ (scd_command_handler): Renamed argument and changed code to use an
+ already connected FD.
+
+2005-05-15 Werner Koch <wk@g10code.com>
+
+ * app.c, app-common.h, app-nks.c, app-p15.c, app-dinsig.c
+ * app-openpgp.c: Change most function return types from int to
+ gpg_error_t.
+ * command.c (pin_cb): Ditto.
+ * sc-copykeys.c (pincb): Ditto.
+
+ * app.c (lock_reader, unlock_reader): New. Changed call handler
+ wrappers to make use of these functions.
+
+2005-05-07 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (do_close_reader): Don't do a reset before close.
+ Some folks reported that it makes the SCR335 hang less often.
+ Look at the source on how to re-enable it.
+
+2005-04-27 Werner Koch <wk@g10code.com>
+
+ * app-p15.c (micardo_mse): New.
+ (do_sign): Call it.
+ * iso7816.c (iso7816_manage_security_env): Allow passing DATA as
+ NULL to indicate an empty Lc.
+ * tlv.c (find_tlv): Check that a found object fits into the
+ buffer.
+ (find_tlv_unchecked): New as replacement for the old non-checking
+ variant.
+ * app.c (select_application): Keep on using the non-checking
+ variant.
+ * app-openpgp.c (get_one_do, dump_all_do): Ditto.
+
+
+ Removal of the old OpenSC based code.
+
+ * app-p15.c: New. Basic support for pkcs15 cards without OpenSC.
+ There are quite a couple of things missing but at least I can use
+ my old TCOS cards from the Aegypten-1 development for signing.
+ * app.c (select_application): Detect pkcs15 applications.
+ * Makefile.am (scdaemon_SOURCES): Removed card.c, card-common.h
+ and card-p15.c because they are now obsolete. Added app-p15.c.
+ Removed all OpenSC stuff.
+ * command.c (do_reset, open_card, cmd_serialno, cmd_learn)
+ (cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkdecrypt): Removed
+ all special cases for the old card.c based mechanisms.
+ * scdaemon.c, apdu.c: Removed all special cases for OpenSC.
+
+2005-04-20 Werner Koch <wk@g10code.com>
+
+ * command.c: Use GPG_ERR_LOCKED instead of EBUSY.
+
+2005-04-14 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (retrieve_key_material): Rewritten. Return a
+ proper error code.
+ (retrieve_next_token): Removed.
+ (retrieve_fpr_from_card): Rewritten to make use of DO caching and
+ to take the KEYNO as arg.
+ (get_public_key): Renamed variable for clarity.
+
+2005-04-12 Werner Koch <wk@g10code.com>
+
+ Basic support for several sessions.
+
+ * command.c (scd_command_handler): Replace the primary_connection
+ stuff by a real connection list. Release the local context on
+ exit.
+ (scd_update_reader_status_file): Update accordingly. Send signal
+ to all connections who registered an event signal.
+ (cmd_lock, cmd_unlock, register_commands): New commands LOCK and
+ UNLOCK.
+ (cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt, cmd_setattr)
+ (cmd_genkey, cmd_passwd, cmd_checkpin): Return an error if reader
+ is locked.
+ (do_reset): Handle locking.
+ (open_card): Ditto. Share the reader slot with other sessions.
+ (get_reader_slot): New.
+ (update_card_removed): New. Use it in the TEST_CARD_REMOVAL macro.
+
+2005-04-07 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_check_pin): Add hack to allow verification of
+ CHV3.
+ (get_public_key): Don't use gcry functions to create S-expressions.
+ (do_deinit, do_readkey, do_genkey, send_keypair_info): Adjust for
+ above change.
+
+2005-03-29 Moritz Schulte <moritz@g10code.com>
+
+ * app-openpgp.c (retrieve_fpr_from_card): New function.
+ (retrieve_next_token): New function.
+ (retrieve_key_material): New function.
+ (get_public_key): Implement retrival of key through expernal
+ helper (gpg) in case the openpgp card is not cooperative enough.
+
+2005-03-16 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (parse_ccid_descriptor): Make SCM workaround
+ reader type specific.
+ (scan_or_find_devices): Do not check the interface subclass in the
+ SPR532 kludge, as this depends on the firmware version.
+ (ccid_get_atr): Get the Slot status first. This solves the
+ problem with readers hanging on recent Linux 2.6.x.
+ (bulk_in): Add argument TIMEOUT and changed all callers to pass an
+ appropriate one. Change the standard timeout from 10 to 5 seconds.
+ (ccid_slot_status): Add a retry code with an initial short timeout.
+ (do_close_reader): Do an usb_reset before closing the reader.
+
+2005-02-25 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (get_public_key): Make sure not to return negative
+ numbers.
+ (do_sign): Allow passing of indata with algorithm prefix.
+ (do_auth): Allow OPENPGP.3 as an alternative ID.
+
+ * app.c (app_getattr): Return just the S/N but not the timestamp.
+
+2005-02-24 Werner Koch <wk@g10code.com>
+
+ * app.c (app_getattr): Return APPTYPE or SERIALNO type even if the
+ application does dot support the getattr call.
+
+ * app-openpgp.c (get_one_do): Never try to get a non cacheable
+ object from the cache.
+ (get_one_do): Add new arg to return an error code. Changed all
+ callers.
+ (do_getattr): Let it return a proper error code.
+
+ * app.c (select_application): Return an error code and the
+ application context in an new arg.
+ * command.c (open_card): Adjusted for that. Don't use the
+ fallback if no card is present. Return an error if the card has
+ been removed without a reset.
+ (do_reset, cmd_serialno): Clear that error flag.
+ (TEST_CARD_REMOVAL): New. Use it with all command handlers.
+ (scd_update_reader_status_file): Set the error flag on all changes.
+
+ * scdaemon.c (ticker_thread): Termintate if a shutdown is pending.
+
+ * apdu.c: Added some PCSC error codes.
+ (pcsc_error_to_sw): New.
+ (reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu)
+ (open_pcsc_reader): Do proper error code mapping.
+
+2005-03-16 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (parse_ccid_descriptor): Make SCM workaround
+ reader type specific.
+ (scan_or_find_devices): Do not check the interface subclass in the
+ SPR532 kludge, as this depends on the firmware version.
+ (ccid_get_atr): Get the Slot status first. This solves the
+ problem with readers hanging on recent Linux 2.6.x.
+
+2005-02-22 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (app_local_s): New field PK.
+ (do_deinit, do_genkey, app_openpgp_storekey): Clear it.
+ (get_public_key, send_keypair_info): New.
+ (do_learn_status): Send KEYPAIR info
+
+ * app-common.h (app_ctx_t): Add function pointer READKEY.
+ * app.c (app_readkey): New.
+ * command.c (cmd_readkey): Use READKEY function if possible.
+
+2005-01-26 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (parse_ccid_descriptor): Need the CSM workaround
+ also for newer firmware versions. Need to get a list of fixed
+ firmware versions and use that.
+
+2005-01-25 Werner Koch <wk@g10code.com>
+
+ * apdu.c (apdu_send_le, apdu_send_direct): Fix some compiler
+ warnings.
+
+ * app-openpgp.c (get_cached_data): New arg GET_IMMEDIATE to bypass
+ the cache. Changed all callers.
+ (get_one_do): Bypass the cache if the value would have been read
+ directly for v1.1 cards.It makes things a bit slower but obnly for
+ 1.0 cards and there are not that many cards out in the wild. This
+ is required to fix a caching bug when generating new keys; as a
+ side effect of the retrieval of the the C4 DO from the 6E DO the
+ cached fingerprint will get updated to the old value and later
+ when signing the generated key the checking of the fingerprint
+ fails because it won't match the new one. Thanks to Moritz for
+ analyzing this problem.
+ (verify_chv3): Removed the CHV status reread logic because we
+ won't cache the C4 DO anymore.
+
+2004-12-28 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (find_endpoint): New.
+ (scan_or_find_devices): Add new args to return endpoint info and
+ interface number.
+ (ccid_open_reader, ccid_shutdown_reader): Take care of these new
+ args.
+ (bulk_in, bulk_out): Use the correct endpoints.
+ (ccid_transceive_apdu_level): New.
+ (ccid_transceive): Divert to above.
+ (parse_ccid_descriptor): Allow APDU level exchange mode.
+ (do_close_reader): Pass the interface number to usb_release_interface.
+
+2004-12-21 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (main): Use default_homedir().
+
+2004-12-18 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c (main) [W32]: Remove special Pth initialize..
+
+ * scdaemon.h (map_assuan_err): Define in terms of
+ map_assuan_err_with_source.
+
+2004-12-15 Werner Koch <wk@g10code.com>
+
+ * scdaemon.c [W32]: Various hacks to make it run under W32.
+
+ * command.c (scd_update_reader_status_file) [W32]: Don't use kill.
+
+ * apdu.c [W32]: Disable use of pcsc_wrapper.
+
+ * Makefile.am (scdaemon_LDADD): Reorder libs.
+ (sc_copykeys_LDADD): Add libassuan because it is needed for W32.
+
+2004-12-06 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (pkglib_PROGRAMS): Build only for W32.
+
+2004-10-22 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (verify_chv3): The minium length for CHV3 is
+ 8. Changed string to match the other ones.
+
+2004-10-21 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (do_sign): Replace asprintf by direct allocation.
+ This avoids problems with missing vasprintf implementations in
+ gnupg 1.4.
+
+ * app-common.h (app_openpgp_storekey: Add prototype.
+
+2004-10-20 Werner Koch <wk@g10code.com>
+
+ * sc-investigate: Removed.
+ * Makefile.am (sc_investigate): Removed.
+
+ * pcsc-wrapper.c (load_pcsc_driver): Load get_status_change func.
+ (handle_open): Succeed even without a present card.
+ (handle_status, handle_reset): New.
+
+ * apdu.c (apdu_open_reader): Load pcsc_get_status_change fucntion.
+ (pcsc_get_status): Implemented.
+ (reset_pcsc_reader): Implemented.
+ (open_pcsc_reader): Succeed even with no card inserted.
+ (open_ccid_reader): Set LAST_STATUS.
+
+ * iso7816.c (iso7816_select_application): Always use 0 for P1.
+
+2004-10-18 Werner Koch <wk@g10code.com>
+
+ * ccid-driver.c (ccid_get_atr): Reset T=1 state info.
+
+2004-10-14 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (parse_login_data): New.
+ (app_select_openpgp): Call it.
+ (do_setattr): Reparse it after change.
+
+2004-10-06 Werner Koch <wk@g10code.de>
+
+ * ccid-driver.c (ccid_open_reader): Store the vendor ID.
+ (ccid_transceive_secure): New.
+ (parse_ccid_descriptor): Workaround for an SCM reader problem.
+
+2004-10-04 Werner Koch <wk@g10code.de>
+
+ * ccid-driver.c (send_escape_cmd): New.
+
+2004-09-30 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Adjusted for gettext 0.14.
+
+ * app-openpgp.c (do_sign): Add the error string to the verify
+ failed messages.
+
+2004-09-27 Werner Koch <wk@g10code.com>
+
+ From gnupg 1.3
+
+ * app-openpgp.c: Made all strings translatable.
+ (verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin
+ available for use in gnupg 2.
+ (verify_chv3): Reimplemented countdown showing to use only
+ functions from this module. Flush the CVH status cache on a
+ successful read.
+ (get_one_do): Hack to bypass the cache for cards versions > 1.0.
+ (store_fpr): Store the creation date for card version > 1.0.
+
+ * app-openpgp.c (app_openpgp_storekey): Call flush_cache.
+ (get_cached_data): Move local data initialization to ..
+ (app_select_openpgp): .. here. Read some flags for later use.
+ (do_getattr): New read-only attribute EXTCAP.
+
+ * apdu.c (open_pcsc_reader): Do not print empty reader string.
+
+ * ccid-driver.c (do_close_reader): Factored some code out from ...
+ (ccid_close_reader): ..here.
+ (ccid_shutdown_reader): New.
+
+ * apdu.c (apdu_shutdown_reader): New.
+ (shutdown_ccid_reader): New.
+
+ * apdu.c (open_ccid_reader): New arg PORTSTR. Pass it to
+ ccid_open_reader.
+ (apdu_open_reader): Pass portstr to open_ccid_reader.
+ (apdu_open_reader): No fallback if a full CCID reader id has been
+ given.
+
+ * ccid-driver.c (ccid_get_reader_list): New.
+ (ccid_open_reader): Changed API to take a string for the reader.
+ Removed al the cruft for the libusb development vesion which seems
+ not to be maintained anymore and there are no packages anyway.
+ The stable library works just fine.
+ (struct ccid_reader_id_s): Deleted and replaced everywhere by a
+ simple string.
+ (usb_get_string_simple): Removed.
+ (bulk_in): Do valgrind hack here and not just everywhere.
+
+ * ccid-driver.c (read_device_info): Removed.
+ (make_reader_id, scan_or_find_devices): New.
+ (ccid_open_reader): Simplified by make use of the new functions.
+ (ccid_set_debug_level): New. Changed the macros to make use of
+ it. It has turned out that it is often useful to enable debugging
+ at runtime so I added this option.
+
+ From gnupg 1.3 - David Shaw <dshaw@jabberwocky.com>
+
+ * app-openpgp.c (verify_chv3): Show a countdown of how many wrong
+ admin PINs can be entered before the card is locked.
+
+ * app-openpgp.c (get_cached_data): Avoid mallocing zero since it
+ breaks us when using --enable-m-guard.
+
+ * ccid-driver.c (usb_get_string_simple): Replacement function to
+ work with older libusb.
+
+ * ccid-driver.c (read_device_info): Fix segfault when usb device
+ is not accessible.
+ (ccid_open_reader): Allow working with an even older version of
+ libusb (usb_busses global instead of usb_get_busses()).
+
+2004-09-11 Werner Koch <wk@g10code.com>
+
+ * app-openpgp.c (app_select_openpgp): Its app_munge_serialno and
+ not app_number_serialno.
+
+2004-08-20 Werner Koch <wk@g10code.de>
+
+ * app.c (select_application): Fixed serial number extraction and
+ added the BMI card workaround.
+ (app_munge_serialno): New.
+ * app-openpgp.c (app_select_openpgp): Try munging serialno.
+
+2004-08-05 Werner Koch <wk@g10code.de>
+
+ * scdaemon.c (main): New option --disable-application.
+ * app.c (is_app_allowed): New.
+ (select_application): Use it to check for disabled applications.
+
+ * ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New.
+ * ccid-driver.c (ccid_open_reader): Support the stable 0.1 version
+ of libusb.
+ (ccid_get_atr): Handle short messages.
+
+ * apdu.c (my_rapdu_get_status): Implemented.
+
+2004-07-27 Moritz Schulte <moritz@g10code.com>
+
+ * apdu.c: Include <signal.h>.
+
+ * Makefile.am: Use @DL_LIBS@ instead of -ldl.
+
+2004-07-22 Werner Koch <wk@g10code.de>
+
+ * Makefile.am: Make OpenSC lib link after libgcrypt. Do not link
+ to pth.
+ * apdu.c: Don't use Pth if we use OpenSC.
+ * sc-investigate.c, scdaemon.c: Disable use of pth if OpenSC is used.
+
+ * scdaemon.c (main): Bumbed thread stack size up to 512k.
+
+2004-07-16 Werner Koch <wk@gnupg.org>
+
+ * apdu.c (reader_table_s): Add function pointers for the backends.
+ (apdu_close_reader, apdu_get_status, apdu_activate)
+ (send_apdu): Make use of them.
+ (new_reader_slot): Intialize them to NULL.
+ (dump_ccid_reader_status, ct_dump_reader_status): New.
+ (dump_pcsc_reader_status): New.
+ (open_ct_reader, open_pcsc_reader, open_ccid_reader)
+ (open_osc_reader, open_rapdu_reader): Intialize function pointers.
+ (ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu)
+ (error_string): Removed. Replaced by apdu_strerror.
+ (get_ccid_error_string): Removed.
+ (ct_activate_card): Remove the unused loop.
+ (reset_ct_reader): Implemented.
+ (ct_send_apdu): Activate the card if not yet done.
+ (pcsc_send_apdu): Ditto.
+
+2004-07-15 Werner Koch <wk@gnupg.org>
+
+ * ccid-driver.h: Add error codes.
+ * ccid-driver.c: Implement more or less proper error codes all
+ over the place.
+
+ * apdu.c (apdu_send_direct): New.
+ (get_ccid_error_string): Add some error code mappings.
+ (send_apdu): Pass error codes along for drivers already supporting
+ them.
+ (host_sw_string): New.
+ (get_ccid_error_string): Use above.
+ (send_apdu_ccid): Reset the reader if it has not yet been done.
+ (open_ccid_reader): Don't care if the ATR can't be read.
+ (apdu_activate_card): New.
+ (apdu_strerror): New.
+ (dump_reader_status): Only enable it with opt.VERBOSE.
+ * iso7816.c (map_sw): Add mappings for the new error codes.
+
+2004-07-02 Werner Koch <wk@gnupg.org>
+
+ * apdu.c (open_ct_reader, open_pcsc_reader, open_ccid_reader)
+ (reset_ccid_reader, open_osc_reader): Call dump_reader_status only
+ in verbose mode.
+
+2004-07-01 Werner Koch <wk@gnupg.org>
+
+ * sc-investigate.c: Initialize Pth which is now required.
+ (interactive_shell): New command "readpk".
+
+ * app-openpgp.c (do_getattr): Fix for sending CA-FPR.
+
+2004-06-30 Werner Koch <wk@gnupg.org>
+
+ * app-openpgp.c (app_openpgp_readkey): Fixed check for valid
+ exponent.
+
+2004-06-18 Werner Koch <wk@g10code.com>
+
+ * sc-investigate.c (my_read_line): Renamed from read_line.
+
+2004-06-16 Werner Koch <wk@gnupg.org>
+
+ * apdu.c (osc_get_status): Fixed type in function name. Noted by
+ Axel Thimm. Yes, I didn't tested it with OpenSC :-(.
+
+2004-04-28 Werner Koch <wk@gnupg.org>
+
+ * app-openpgp.c (do_setattr): Sync FORCE_CHV1.
+
+2004-04-27 Werner Koch <wk@gnupg.org>
+
+ * app-common.h: Do not include ksba.h for gnupg 1.
+
+2004-04-26 Werner Koch <wk@gnupg.org>
+
+ * app-common.h: New members FNC.DEINIT and APP_LOCAL.
+ * app.c (release_application): Call new deconstructor.
+ * app-openpgp.c (do_deinit): New.
+ (get_cached_data, flush_cache_item, flush_cache_after_error)
+ (flush_cache): New.
+ (get_one_do): Replaced arg SLOT by APP. Make used of cached data.
+ (verify_chv2, verify_chv3): Flush some cache item after error.
+ (do_change_pin): Ditto.
+ (do_sign): Ditto.
+ (do_setattr): Flush cache item.
+ (do_genkey): Flush the entire cache.
+ (compare_fingerprint): Use cached data.
+
+ * scdaemon.c (main): Do the last change the usual way. This is so
+ that we can easily test for versioned config files above.
+
+2004-04-26 Marcus Brinkmann <marcus@g10code.de>
+
+ * scdaemon.c (main): For now, always print default filename for
+ --gpgconf-list, and never /dev/null.
+
+2004-04-21 Werner Koch <wk@gnupg.org>
+
+ * command.c (scd_update_reader_status_file): Send a signal back to
+ the client.
+ (option_handler): Parse the new event-signal option.
+
+ * scdaemon.c (handle_signal): Do not use SIGUSR{1,2} anymore for
+ changing the verbosity.
+
+2004-04-20 Werner Koch <wk@gnupg.org>
+
+ * command.c (scd_update_reader_status_file): Write status files.
+
+ * app-help.c (app_help_read_length_of_cert): Fixed calculation of
+ R_CERTOFF.
+
+ * pcsc-wrapper.c: New.
+ * Makefile.am (pkglib_PROGRAMS): Install it here.
+ * apdu.c (writen, readn): New.
+ (open_pcsc_reader, pcsc_send_apdu, close_pcsc_reader): Use the
+ pcsc-wrapper if we are using Pth.
+ (apdu_send_le): Reinitialize RESULTLEN. Handle SW_EOF_REACHED
+ like SW_SUCCESS.
+
+2004-04-19 Werner Koch <wk@gnupg.org>
+
+ * ccid-driver.c (parse_ccid_descriptor): Store some of the reader
+ features away. New arg HANDLE
+ (read_device_info): New arg HANDLE. Changed caller.
+ (bulk_in): Handle time extension requests.
+ (ccid_get_atr): Setup parameters and the IFSD.
+ (compute_edc): New. Factored out code.
+ (ccid_transceive): Use default NADs when required.
+
+2004-04-14 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.h (server_control_s): Add member READER_SLOT.
+ * scdaemon.c (scd_init_default_ctrl): Initialize READER_SLOT to -1.
+ * command.c (open_card): Reuse an open slot.
+ (reset_notify): Just reset the slot if supported by the reader.
+ (do_reset): Factored code from above out.
+ (scd_command_handler): Use it for cleanup.
+
+ * apdu.h: New pseudo stati SW_HOST_NOT_SUPPORTED,
+ SW_HOST_LOCKING_FAILED and SW_HOST_BUSY.
+ * iso7816.c (map_sw): Map it.
+
+ * ccid-driver.c (ccid_slot_status): Add arg STATUSBITS.
+ * apdu.c (apdu_get_status): New.
+ (ct_get_status, pcsc_get_status, ocsc_get_status): New stubs.
+ (get_status_ccid): New.
+ (apdu_reset): New.
+ (reset_ct_reader, reset_pcsc_reader, reset_osc_reader): New stubs.
+ (reset_ccid_reader): New.
+ (apdu_enum_reader): New.
+
+ * apdu.c (lock_slot, trylock_slot, unlock_slot): New helpers.
+ (new_reader_slot) [USE_GNU_PTH]: Init mutex.
+ (apdu_reset, apdu_get_status, apdu_send_le): Run functions
+ in locked mode.
+
+ * command.c (scd_update_reader_status_file): New.
+ * scdaemon.c (handle_tick): Call it.
+
+2004-04-13 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.c: Convert to a Pth application.
+ (handle_signal, ticker_thread, handle_tick): New.
+ (main): Fire up the ticker thread in server mode.
+
+2004-03-23 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.c (main) <gpgconf_list>: Fixed output for pcsc_driver.
+
+2004-03-17 Werner Koch <wk@gnupg.org>
+
+ * tlv.c (parse_ber_header): Do not check for tag overflow - it
+ does not make sense. Simplified the check for length overflow.
+
+ * scdaemon.c (main) <gpgconf>: Fixed default value quoting.
+
+2004-03-16 Werner Koch <wk@gnupg.org>
+
+ * app-dinsig.c: Implemented. Based on app-nks.c and card-dinsig.c
+ * app-nks.c (get_length_of_cert): Removed.
+ * app-help.c: New.
+ (app_help_read_length_of_cert): New. Code taken from above. New
+ optional arg R_CERTOFF.
+
+ * card-dinsig.c: Removed.
+ * card.c (card_get_serial_and_stamp): Do not bind to the old and
+ never finsiged card-dinsig.c.
+
+ * iso7816.c (iso7816_read_binary): Allow for an NMAX > 254.
+
+2004-03-11 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.h (out_of_core): Removed. Replaced callers by standard
+ gpg_error function.
+
+ * apdu.c, iso7816.c, ccid-driver.c [GNUPG_SCD_MAIN_HEADER]: Allow
+ to include a header defined by the compiler. This helps us to
+ reuse the source in other software.
+
+2004-03-10 Werner Koch <wk@gnupg.org>
+
+ * iso7816.c (iso7816_read_record): New arg SHORT_EF. Changed all
+ callers.
+
+2004-02-18 Werner Koch <wk@gnupg.org>
+
+ * sc-investigate.c (main): Setup the used character set.
+ * scdaemon.c (main): Ditto.
+
+ * scdaemon.c (set_debug): New. Add option --debug-level.
+ (main): Add option --gpgconf-list.
+
+2004-02-12 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am: Include cmacros.am for common flags.
+
+2004-01-29 Werner Koch <wk@gnupg.org>
+
+ * command.c (reset_notify): Release the application context and
+ close the reader.
+
+2004-01-28 Werner Koch <wk@gnupg.org>
+
+ * iso7816.c (iso7816_manage_security_env): New.
+ (iso7816_decipher): Add PADIND argument.
+
+2004-01-27 Werner Koch <wk@gnupg.org>
+
+ * command.c (cmd_readcert, cmd_readkey): Work on a copy of LINE.
+
+ * app-common.h (app_ctx_s): Added readcert field.
+ * app.c (app_readcert): New.
+ * tlv.c (parse_ber_header): Added; taken from libksba.
+
+2004-01-26 Werner Koch <wk@gnupg.org>
+
+ * card.c (map_sc_err): Use SCD as the error source.
+
+ * command.c (open_card): ADD arg NAME to allow requesting a
+ specific application. Changed all callers.
+ (cmd_serialno): Allow optional argument to select the desired
+ application.
+
+ * app-nks.c: New.
+
+ * scdaemon.h (opt): Add READER_PORT.
+ * scdaemon.c (main): Set it here.
+ * app.c (app_set_default_reader_port): Removed.
+ (select_application): Add NAME arg and figure out a
+ default serial number from the GDO. Add SLOT arg and remove all
+ reader management.
+ (release_application): New.
+ (app_write_learn_status): Output an APPTYPE status line.
+ * command.c (open_card): Adapt for select_application change.
+ * app-openpgp.c (app_select_openpgp): Removed SN and SNLEN args
+ and set it directly. Changed all callers.
+
+2004-01-25 Werner Koch <wk@gnupg.org>
+
+ * iso7816.c (iso7816_select_application): P1 kludge for OpenPGP
+ card.
+ * app-openpgp.c (find_tlv): Factor out this function to ..
+ * tlv.c, tlv.h: .. new.
+
+ * scdaemon.h: Introduced app_t and ctrl_t as the new types for APP
+ and CTRL.
+
+2004-01-21 Werner Koch <wk@gnupg.org>
+
+ * apdu.c (apdu_send_le): Treat SW_EOF_REACHED as a warning.
+
+2004-01-20 Werner Koch <wk@gnupg.org>
+
+ * iso7816.c (iso7816_read_binary): New.
+ (iso7816_select_file): New.
+ (iso7816_list_directory): New.
+
+ * sc-investigate.c: Add option -i.
+ (select_app, read_line, interactive_shell): New.
+
+2004-01-16 Werner Koch <wk@gnupg.org>
+
+ * apdu.h: Add SW_FILE_NOT_FOUND.
+ * iso7816.c (map_sw): Map it to GPG_ERR_ENOENT.
+ * iso7816.c (iso7816_select_file): New.
+
+ * app-dinsig.c: New file w/o any real code yet.
+ * Makefile.am (scdaemon_SOURCES,sc_investigate_SOURCES): Add file.
+
+ * sc-investigate.c: Add option --disable-ccid.
+
+2003-12-19 Werner Koch <wk@gnupg.org>
+
+ * apdu.c (apdu_send_le): Send a get_response with the indicated
+ length and not the 64 bytes we used for testing.
+
+ * app-openpgp.c (verify_chv2, verify_chv3, do_sign): Check the
+ minimum length of the passphrase, so that we don't need to
+ decrement the retry counter.
+
+2003-12-17 Werner Koch <wk@gnupg.org>
+
+ * card-p15.c (p15_enum_keypairs): Replaced KRC by RC.
+ * card-dinsig.c (dinsig_enum_keypairs): Ditto.
+
+2003-12-16 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.c (main): Set the prefixes for assuan logging.
+
+2003-11-17 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.c, scdaemon.h: New options --allow-admin and --deny-admin.
+ * app-openpgp.c (verify_chv3): Check it here.
+
+2003-11-12 Werner Koch <wk@gnupg.org>
+
+ Adjusted for API changes in Libksba.
+
+2003-10-30 Werner Koch <wk@gnupg.org>
+
+ * apdu.c (close_ct_reader, close_pcsc_reader): Implemented.
+ (get_ccid_error_string): New. Not very useful messages, though.
+
+2003-10-25 Werner Koch <wk@gnupg.org>
+
+ * ccid-driver.c (ccid_open_reader): Return an error if no USB
+ devices are found.
+
+ * command.c (cmd_genkey, cmd_passwd): Fixed faulty use of
+ !spacep().
+
+ * apdu.c (apdu_open_reader): Hacks for PC/SC under Windows.
+
+2003-10-20 Werner Koch <wk@gnupg.org>
+
+ * command.c (cmd_checkpin): New.
+ (register_commands): Add command CHECKPIN.
+ * app.c (app_check_pin): New.
+ * app-openpgp.c (check_against_given_fingerprint): New. Factored
+ out that code elsewhere.
+ (do_check_pin): New.
+
+2003-10-10 Werner Koch <wk@gnupg.org>
+
+ * ccid-driver.c (ccid_close_reader): New.
+
+ * apdu.c (close_ccid_reader, close_ct_reader, close_csc_reader)
+ (close_osc_reader, apdu_close_reader): New. Not all are properly
+ implemented yet.
+
+2003-10-09 Werner Koch <wk@gnupg.org>
+
+ * ccid-driver.c (ccid_transceive): Add T=1 chaining for sending.
+
+2003-10-08 Werner Koch <wk@gnupg.org>
+
+ * app-openpgp.c (do_getattr): Support SERIALNO and AID.
+
+2003-10-01 Werner Koch <wk@gnupg.org>
+
+ * ccid-driver.c: Detect GnuPG 1.3 and include appropriate files.
+ * apdu.c: Ditto.
+ * app-openpgp.c: Ditto.
+ * iso7816.c: Ditto.
+ (generate_keypair): Renamed to ..
+ (do_generate_keypair): .. this.
+ * app-common.h [GNUPG_MAJOR_VERSION]: New.
+ * iso7816.h [GNUPG_MAJOR_VERSION]: Include cardglue.h
+
+2003-09-30 Werner Koch <wk@gnupg.org>
+
+ * command.c (cmd_getattr): New command GETATTR.
+ * app.c (app_setattr): New.
+ (do_getattr): New.
+ (do_learn_status): Reimplemented in terms of do_getattr.
+
+ * app-openpgp.c (do_change_pin): Make sure CVH1 and CHV2 are
+ always synced.
+ (verify_chv2, verify_chv3): New. Factored out common code.
+ (do_setattr, do_sign, do_auth, do_decipher): Change the names of
+ the prompts to match that we have only 2 different PINs.
+ (app_select_openpgp): Check whether the card enforced CHV1.
+ (convert_sig_counter_value): New. Factor out code from
+ get_sig_counter.
+
+2003-09-28 Werner Koch <wk@gnupg.org>
+
+ * app-openpgp.c (dump_all_do): Use gpg_err_code and not gpg_error.
+
+2003-09-19 Werner Koch <wk@gnupg.org>
+
+ * ccid-driver.c (parse_ccid_descriptor): New.
+ (read_device_info): New.
+ (ccid_open_reader): Check that the device has all required features.
+
+2003-09-06 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.c (main): --pcsc-driver again defaults to pcsclite.
+ David Corcoran was so kind to remove the GPL incompatible
+ advertisng clause from pcsclite.
+ * apdu.c (apdu_open_reader): Actually make pcsc-driver option work.
+
+2003-09-05 Werner Koch <wk@gnupg.org>
+
+ * ccid-driver.c: More work, data can now actually be retrieved.
+ * ccid-driver.c, ccid-driver.h: Alternativley allow use under BSD
+ conditions.
+
+2003-09-02 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.c, scdaemon.h: New option --pcsc-ccid.
+ * ccid-driver.c, ccid-driver.h: New but far from being useful.
+ * Makefile.am: Add above.
+ * apdu.c: Add support for that ccid driver.
+
+2003-08-26 Timo Schulz <twoaday@freakmail.de>
+
+ * apdu.c (new_reader_slot): Only set 'is_osc' when OpenSC
+ is used.
+
+2003-08-25 Werner Koch <wk@gnupg.org>
+
+ * command.c (cmd_setattr): Use a copy of LINE.
+ (cmd_genkey): Use a copy of KEYNO.
+ (cmd_passwd): Use a copy of CHVNOSTR.
+ (cmd_pksign, cmd_pkauth, cmd_pkdecrypt): s/strdup/xtrystrdup/.
+
+2003-08-19 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.c, scdaemon.h: New option --pcsc-driver.
+ * apdu.c (apdu_open_reader): Use that option here instead of a
+ hardcoded one.
+
+2003-08-18 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am: Add OPENSC_LIBS to all programs.
+
+ * scdaemon.c, scdaemon.h: New option --disable-opensc.
+ * card.c (card_open): Implement it.
+ * apdu.c (open_osc_reader, osc_send_apdu): New.
+ (apdu_open_reader) [HAVE_OPENSC]: Use the opensc driver if not
+ disabled.
+ (error_string) [HAVE_OPENSC]: Use sc_strerror.
+ (send_apdu) [HAVE_OPENSC]: Call osc_apdu_send.
+
+ * card-p15.c (p15_enum_keypairs, p15_prepare_key): Adjusted for
+ libgpg-error.
+
+2003-08-14 Timo Schulz <twoaday@freakmail.de>
+
+ * apdu.c (ct_activate_card): Change the code a little to avoid
+ problems with other readers.
+ * Always use 'dynload.h' instead of 'dlfcn.h'.
+
+2003-08-05 Werner Koch <wk@gnupg.org>
+
+ * app-openpgp.c (dump_all_do): Don't analyze constructed DOs after
+ an error.
+
+2003-08-04 Werner Koch <wk@gnupg.org>
+
+ * app.c (app_set_default_reader_port): New.
+ (select_application): Use it here.
+ * scdaemon.c (main): and here.
+ * sc-copykeys.c: --reader-port does now take a string.
+ * sc-investigate.c, scdaemon.c: Ditto.
+ * apdu.c (apdu_open_reader): Ditto. Load pcsclite if no ctapi
+ driver is configured. Always include code for ctapi.
+ (new_reader_slot): Don't test for already used ports and remove
+ port arg.
+ (open_pcsc_reader, pcsc_send_apdu, pcsc_error_string): New.
+ (apdu_send_le): Changed RC to long to cope with PC/SC.
+
+ * scdaemon.c, scdaemon.h: New option --ctapi-driver.
+ * sc-investigate.c, sc-copykeys.c: Ditto.
+
+2003-07-31 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (scdaemon_LDADD): Added INTLLIBS.
+
+2003-07-28 Werner Koch <wk@gnupg.org>
+
+ * app-openpgp.c (do_setattr): Change implementation. Allow all
+ useful DOs.
+
+2003-07-27 Werner Koch <wk@gnupg.org>
+
+ Adjusted for gcry_mpi_print and gcry_mpi_scan API change.
+
+2003-07-24 Werner Koch <wk@gnupg.org>
+
+ * app-openpgp.c (do_learn_status): Print more status information.
+ (app_select_openpgp): Store the card version.
+ (store_fpr): Add argument card_version and fix DOs for old cards.
+ (app_openpgp_storekey): Likewise.
+
+2003-07-23 Werner Koch <wk@gnupg.org>
+
+ * command.c (cmd_pkauth): New.
+ (cmd_setdata): Check whether data was given at all to avoid
+ passing 0 to malloc.
+
+ * app.c (app_auth): New.
+ * app-openpgp.c (do_auth): New.
+
+2003-07-22 Werner Koch <wk@gnupg.org>
+
+ * command.c (cmd_passwd): New.
+ * app.c (app_change_pin): New.
+ * app-openpgp.c (do_change_pin): New.
+ * iso7816.c (iso7816_reset_retry_counter): Implemented.
+
+ * sc-investigate.c (main): New option --gen-random.
+ * iso7816.c (iso7816_get_challenge): Don't create APDUs with a
+ length larger than 255.
+
+2003-07-17 Werner Koch <wk@gnupg.org>
+
+ * command.c (cmd_random): New command RANDOM.
+
+ * iso7816.c (map_sw): New. Use it in this file to return
+ meaningful error messages. Changed all public fucntions to return
+ a gpg_error_t.
+ (iso7816_change_reference_data): New.
+ * apdu.c (apdu_open_reader): Use faked status words for soem
+ system errors.
+
+2003-07-16 Werner Koch <wk@gnupg.org>
+
+ * apdu.c (apdu_send_simple): Use apdu_send_le so that we can
+ specify not to send Le as it should be.
+
+2003-07-15 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am: Add sc-copykeys program.
+ * sc-copykeys.c: New.
+ * app-openpgp.c (app_openpgp_storekey): New.
+ (app_openpgp_cardinfo): New.
+ (count_bits): New.
+ (store_fpr): And use it here to get the actual length in bit.
+
+2003-07-03 Werner Koch <wk@gnupg.org>
+
+ * app-openpgp.c (do_setattr): Add setting of the URL.
+ (app_select_openpgp): Dump card data only in very verbose mode.
+ (do_decipher): New.
+
+2003-07-02 Werner Koch <wk@gnupg.org>
+
+ * app-openpgp.c (get_sig_counter): New.
+ (do_sign): Print the signature counter and enable the PIN callback.
+ (do_genkey): Implement the PIN callback.
+
+2003-07-01 Werner Koch <wk@gnupg.org>
+
+ * app-openpgp.c (store_fpr): Fixed fingerprint calculation.
+
+2003-06-26 Werner Koch <wk@gnupg.org>
+
+ * app-openpgp.c (find_tlv): Fixed length header parsing.
+
+ * app.c (app_genkey): New.
+ * command.c (cmd_genkey): New.
+
+2003-06-25 Werner Koch <wk@gnupg.org>
+
+ * command.c (percent_plus_unescape): New.
+ (cmd_setattr): New.
+
+2003-06-24 Werner Koch <wk@gnupg.org>
+
+ * command.c (send_status_info): New.
+
+ * app-openpgp.c (app_select_openpgp): Replace SLOT arg by APP arg
+ and setup the function pointers in APP on success. Changed callers.
+ * app.c: New.
+ * app-common.h: New.
+ * scdaemon.h (APP): New type to handle applications.
+ (server_control_s): Add an APP context field.
+
+ * command.c (cmd_serialno): Handle applications.
+ (cmd_pksign): Ditto.
+ (cmd_pkdecrypt): Ditto.
+ (reset_notify): Ditto.
+ (cmd_learn): For now return error for application contexts.
+ (cmd_readcert): Ditto.
+ (cmd_readkey): Ditto.
+
+2003-06-04 Werner Koch <wk@gnupg.org>
+
+ * card.c (map_sc_err): Renamed gpg_make_err to gpg_err_make.
+
+ Renamed error codes from INVALID to INV and removed _ERROR suffixes.
+
+2003-06-03 Werner Koch <wk@gnupg.org>
+
+ Changed all error codes in all files to the new libgpg-error scheme.
+
+ * scdaemon.h: Include gpg-error.h and errno.h
+ * card.c (map_sc_err): Use unknown for the error source.
+ * Makefile.am: Link with libgpg-error
+
+2003-05-14 Werner Koch <wk@gnupg.org>
+
+ * atr.c, atr.h: New.
+ * sc-investigate.c: Dump the ATR in a human readable format.
+
+2003-05-08 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.h (DBG_CARD_IO_VALUE): New.
+
+ * sc-investigate.c: New.
+ * scdaemon.c (main): Removed --print-atr option.
+
+ * iso7816.c, iso7816.h, app-openpgp.c: New.
+
+2003-04-29 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.c: New options --print-atr and --reader-port
+ * apdu.c, apdu.h: New
+
+ * card.c, card-p15.c, card-dinsig.c: Allow build without OpenSC.
+
+ * Makefile.am (LDFLAGS): Removed.
+
+ * command.c (register_commands): Adjusted for new Assuan semantics.
+
+2002-08-21 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.c (main): New option --daemon so that the program is
+ not accidently started in the background.
+
+2002-08-16 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.c: Include i18n.h.
+
+ * card-common.h (struct p15_private_s): Forward declaration. Add
+ it to card_ctx_s.
+ * card.c (card_close): Make sure private data is released.
+ (card_enum_certs): New.
+ * card-p15.c (p15_release_private_data): New.
+ (init_private_data): New to work around an OpenSC weirdness.
+ (p15_enum_keypairs): Do an OpenSC get_objects only once.
+ (p15_enum_certs): New.
+ (card_p15_bind): Bind new function.
+ * command.c (cmd_learn): Return information about the certificates.
+
+2002-08-09 Werner Koch <wk@gnupg.org>
+
+ * card.c (card_get_serial_and_stamp): Use the tokeinfo serial
+ number as a fallback. Add a special prefix for serial numbers.
+
+2002-07-30 Werner Koch <wk@gnupg.org>
+
+ Changes to cope with OpenSC 0.7.0:
+
+ * card.c: Removed the check for the packed opensc version.
+ Changed include file names of opensc.
+ (map_sc_err): Adjusted error codes for new opensc version.
+ * card-p15.c: Changed include filename of opensc.
+ * card-dinsig.c: Ditto.
+
+ * card-p15.c (p15_decipher): Add flags argument to OpenSC call.
+
+2002-07-24 Werner Koch <wk@gnupg.org>
+
+ * card.c (find_simple_tlv, find_iccsn): New.
+ (card_get_serial_and_stamp): Improved serial number parser.
+
+2002-06-27 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.c (main): Use GNUPG_DEFAULT_HOMEDIR constant.
+
+2002-06-15 Werner Koch <wk@gnupg.org>
+
+ * card-dinsig.c: Documented some stuff from the DIN norm.
+
+2002-04-15 Werner Koch <wk@gnupg.org>
+
+ * command.c (cmd_pksign, cmd_pkdecrypt): Use a copy of the key ID.
+
+2002-04-12 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.c: New option --debug-sc N.
+ * card.c (card_open): set it here.
+
+ * card-p15.c (p15_prepare_key): Factored out common code from ...
+ (p15_sign, p15_decipher): here and made the decryption work the
+ regular way.
+
+2002-04-10 Werner Koch <wk@gnupg.org>
+
+ * card.c (card_open): Return immediately when no reader is available.
+
+2002-03-27 Werner Koch <wk@gnupg.org>
+
+ * card.c (card_open, card_close): Adjusted for changes in OpenSC.
+
+2002-03-10 Werner Koch <wk@gnupg.org>
+
+ * card-p15.c, card-dinsig.c, card-common.h: New.
+ * card.c: Factored most code out to the new modules, so that we
+ can better support different types of card applications.
+
+2002-01-26 Werner Koch <wk@gnupg.org>
+
+ * scdaemon.c scdaemon.h, command.c: New. Based on the code from
+ the gpg-agent.
+
+
+ Copyright 2002, 2003, 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/scd/Makefile.am b/scd/Makefile.am
new file mode 100644
index 0000000..58e2f9b
--- /dev/null
+++ b/scd/Makefile.am
@@ -0,0 +1,71 @@
+# Copyright (C) 2002, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+## Process this file with automake to produce Makefile.in
+
+bin_PROGRAMS = scdaemon
+if ! HAVE_W32_SYSTEM
+libexec_PROGRAMS = gnupg-pcsc-wrapper
+endif
+
+EXTRA_DIST = ChangeLog-2011
+
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common
+
+include $(top_srcdir)/am/cmacros.am
+
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) \
+ $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
+
+
+card_apps = app-openpgp.c app-nks.c app-dinsig.c app-p15.c app-geldkarte.c
+
+scdaemon_SOURCES = \
+ scdaemon.c scdaemon.h \
+ command.c \
+ apdu.c apdu.h \
+ ccid-driver.c ccid-driver.h \
+ iso7816.c iso7816.h \
+ app.c app-common.h app-help.c $(card_apps)
+
+
+scdaemon_LDADD = $(libcommonpth) ../jnlib/libjnlib.a ../gl/libgnu.a \
+ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(PTH_LIBS) \
+ $(LIBUSB_LIBS) $(GPG_ERROR_LIBS) \
+ $(LIBINTL) $(DL_LIBS) $(NETLIBS) $(LIBICONV)
+
+# Removed for now: We need to decide whether it makes sense to
+# continue it at all, given that gpg has now all required
+# functionality.
+#sc_copykeys_SOURCES = \
+# sc-copykeys.c scdaemon.h \
+# apdu.c apdu.h \
+# ccid-driver.c ccid-driver.h \
+# iso7816.c iso7816.h \
+# atr.c atr.h \
+# app.c app-common.h app-help.c $(card_apps)
+#
+#sc_copykeys_LDADD = \
+# ../jnlib/libjnlib.a ../common/libcommon.a \
+# ../common/libsimple-pwquery.a \
+# $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(PTH_LIBS) \
+# $(LIBUSB_LIBS) \
+# -lgpg-error @LIBINTL@ @DL_LIBS@
+#
+gnupg_pcsc_wrapper_SOURCES = pcsc-wrapper.c
+gnupg_pcsc_wrapper_LDADD = $(DL_LIBS)
+gnupg_pcsc_wrapper_CFLAGS =
diff --git a/scd/Makefile.in b/scd/Makefile.in
new file mode 100644
index 0000000..d3a924c
--- /dev/null
+++ b/scd/Makefile.in
@@ -0,0 +1,763 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2002, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+# cmacros.am - C macro definitions
+# Copyright (C) 2004 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+bin_PROGRAMS = scdaemon$(EXEEXT)
+@HAVE_W32_SYSTEM_FALSE@libexec_PROGRAMS = gnupg-pcsc-wrapper$(EXEEXT)
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/am/cmacros.am
+@HAVE_DOSISH_SYSTEM_FALSE@am__append_1 = -DGNUPG_BINDIR="\"$(bindir)\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBEXECDIR="\"$(libexecdir)\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_DATADIR="\"$(datadir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\""
+
+
+# If a specific protect tool program has been defined, pass its name
+# to cc. Note that these macros should not be used directly but via
+# the gnupg_module_name function.
+@GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
+@GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
+@GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+subdir = scd
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)"
+PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
+am_gnupg_pcsc_wrapper_OBJECTS = \
+ gnupg_pcsc_wrapper-pcsc-wrapper.$(OBJEXT)
+gnupg_pcsc_wrapper_OBJECTS = $(am_gnupg_pcsc_wrapper_OBJECTS)
+am__DEPENDENCIES_1 =
+gnupg_pcsc_wrapper_DEPENDENCIES = $(am__DEPENDENCIES_1)
+gnupg_pcsc_wrapper_LINK = $(CCLD) $(gnupg_pcsc_wrapper_CFLAGS) \
+ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+am__objects_1 = app-openpgp.$(OBJEXT) app-nks.$(OBJEXT) \
+ app-dinsig.$(OBJEXT) app-p15.$(OBJEXT) app-geldkarte.$(OBJEXT)
+am_scdaemon_OBJECTS = scdaemon.$(OBJEXT) command.$(OBJEXT) \
+ apdu.$(OBJEXT) ccid-driver.$(OBJEXT) iso7816.$(OBJEXT) \
+ app.$(OBJEXT) app-help.$(OBJEXT) $(am__objects_1)
+scdaemon_OBJECTS = $(am_scdaemon_OBJECTS)
+scdaemon_DEPENDENCIES = $(libcommonpth) ../jnlib/libjnlib.a \
+ ../gl/libgnu.a $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/scripts/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(gnupg_pcsc_wrapper_SOURCES) $(scdaemon_SOURCES)
+DIST_SOURCES = $(gnupg_pcsc_wrapper_SOURCES) $(scdaemon_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = $(datadir)/locale
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+EXTRA_DIST = ChangeLog-2011
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl \
+ -I$(top_srcdir)/common -DLOCALEDIR=\"$(localedir)\" \
+ $(am__append_1) $(am__append_2) $(am__append_3) \
+ $(am__append_4) $(am__append_5) $(am__append_6)
+
+# Convenience macros
+libcommon = ../common/libcommon.a
+libcommonpth = ../common/libcommonpth.a
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) \
+ $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
+
+card_apps = app-openpgp.c app-nks.c app-dinsig.c app-p15.c app-geldkarte.c
+scdaemon_SOURCES = \
+ scdaemon.c scdaemon.h \
+ command.c \
+ apdu.c apdu.h \
+ ccid-driver.c ccid-driver.h \
+ iso7816.c iso7816.h \
+ app.c app-common.h app-help.c $(card_apps)
+
+scdaemon_LDADD = $(libcommonpth) ../jnlib/libjnlib.a ../gl/libgnu.a \
+ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(PTH_LIBS) \
+ $(LIBUSB_LIBS) $(GPG_ERROR_LIBS) \
+ $(LIBINTL) $(DL_LIBS) $(NETLIBS) $(LIBICONV)
+
+
+# Removed for now: We need to decide whether it makes sense to
+# continue it at all, given that gpg has now all required
+# functionality.
+#sc_copykeys_SOURCES = \
+# sc-copykeys.c scdaemon.h \
+# apdu.c apdu.h \
+# ccid-driver.c ccid-driver.h \
+# iso7816.c iso7816.h \
+# atr.c atr.h \
+# app.c app-common.h app-help.c $(card_apps)
+#
+#sc_copykeys_LDADD = \
+# ../jnlib/libjnlib.a ../common/libcommon.a \
+# ../common/libsimple-pwquery.a \
+# $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(PTH_LIBS) \
+# $(LIBUSB_LIBS) \
+# -lgpg-error @LIBINTL@ @DL_LIBS@
+#
+gnupg_pcsc_wrapper_SOURCES = pcsc-wrapper.c
+gnupg_pcsc_wrapper_LDADD = $(DL_LIBS)
+gnupg_pcsc_wrapper_CFLAGS =
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/am/cmacros.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu scd/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu scd/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(bindir)" && rm -f $$files
+
+clean-binPROGRAMS:
+ -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(libexecdir)" && rm -f $$files
+
+clean-libexecPROGRAMS:
+ -test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
+gnupg-pcsc-wrapper$(EXEEXT): $(gnupg_pcsc_wrapper_OBJECTS) $(gnupg_pcsc_wrapper_DEPENDENCIES)
+ @rm -f gnupg-pcsc-wrapper$(EXEEXT)
+ $(gnupg_pcsc_wrapper_LINK) $(gnupg_pcsc_wrapper_OBJECTS) $(gnupg_pcsc_wrapper_LDADD) $(LIBS)
+scdaemon$(EXEEXT): $(scdaemon_OBJECTS) $(scdaemon_DEPENDENCIES)
+ @rm -f scdaemon$(EXEEXT)
+ $(LINK) $(scdaemon_OBJECTS) $(scdaemon_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/apdu.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app-dinsig.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app-geldkarte.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app-help.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app-nks.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app-openpgp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app-p15.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ccid-driver.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/command.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnupg_pcsc_wrapper-pcsc-wrapper.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iso7816.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scdaemon.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+gnupg_pcsc_wrapper-pcsc-wrapper.o: pcsc-wrapper.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gnupg_pcsc_wrapper_CFLAGS) $(CFLAGS) -MT gnupg_pcsc_wrapper-pcsc-wrapper.o -MD -MP -MF $(DEPDIR)/gnupg_pcsc_wrapper-pcsc-wrapper.Tpo -c -o gnupg_pcsc_wrapper-pcsc-wrapper.o `test -f 'pcsc-wrapper.c' || echo '$(srcdir)/'`pcsc-wrapper.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gnupg_pcsc_wrapper-pcsc-wrapper.Tpo $(DEPDIR)/gnupg_pcsc_wrapper-pcsc-wrapper.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pcsc-wrapper.c' object='gnupg_pcsc_wrapper-pcsc-wrapper.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gnupg_pcsc_wrapper_CFLAGS) $(CFLAGS) -c -o gnupg_pcsc_wrapper-pcsc-wrapper.o `test -f 'pcsc-wrapper.c' || echo '$(srcdir)/'`pcsc-wrapper.c
+
+gnupg_pcsc_wrapper-pcsc-wrapper.obj: pcsc-wrapper.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gnupg_pcsc_wrapper_CFLAGS) $(CFLAGS) -MT gnupg_pcsc_wrapper-pcsc-wrapper.obj -MD -MP -MF $(DEPDIR)/gnupg_pcsc_wrapper-pcsc-wrapper.Tpo -c -o gnupg_pcsc_wrapper-pcsc-wrapper.obj `if test -f 'pcsc-wrapper.c'; then $(CYGPATH_W) 'pcsc-wrapper.c'; else $(CYGPATH_W) '$(srcdir)/pcsc-wrapper.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gnupg_pcsc_wrapper-pcsc-wrapper.Tpo $(DEPDIR)/gnupg_pcsc_wrapper-pcsc-wrapper.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pcsc-wrapper.c' object='gnupg_pcsc_wrapper-pcsc-wrapper.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gnupg_pcsc_wrapper_CFLAGS) $(CFLAGS) -c -o gnupg_pcsc_wrapper-pcsc-wrapper.obj `if test -f 'pcsc-wrapper.c'; then $(CYGPATH_W) 'pcsc-wrapper.c'; else $(CYGPATH_W) '$(srcdir)/pcsc-wrapper.c'; fi`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \
+ clean-generic clean-libexecPROGRAMS ctags distclean \
+ distclean-compile distclean-generic distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-binPROGRAMS install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-libexecPROGRAMS install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+ uninstall-am uninstall-binPROGRAMS uninstall-libexecPROGRAMS
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/scd/apdu.c b/scd/apdu.c
new file mode 100644
index 0000000..b68cd71
--- /dev/null
+++ b/scd/apdu.c
@@ -0,0 +1,3543 @@
+/* apdu.c - ISO 7816 APDU functions and low level I/O
+ * Copyright (C) 2003, 2004, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* NOTE: This module is also used by other software, thus the use of
+ the macro USE_GNU_PTH is mandatory. For GnuPG this macro is
+ guaranteed to be defined true. */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <signal.h>
+#ifdef USE_GNU_PTH
+# include <unistd.h>
+# include <fcntl.h>
+# include <pth.h>
+#endif
+
+
+/* If requested include the definitions for the remote APDU protocol
+ code. */
+#ifdef USE_G10CODE_RAPDU
+#include "rapdu.h"
+#endif /*USE_G10CODE_RAPDU*/
+
+#if defined(GNUPG_SCD_MAIN_HEADER)
+#include GNUPG_SCD_MAIN_HEADER
+#elif GNUPG_MAJOR_VERSION == 1
+/* This is used with GnuPG version < 1.9. The code has been source
+ copied from the current GnuPG >= 1.9 and is maintained over
+ there. */
+#include "options.h"
+#include "errors.h"
+#include "memory.h"
+#include "util.h"
+#include "i18n.h"
+#include "dynload.h"
+#include "cardglue.h"
+#else /* GNUPG_MAJOR_VERSION != 1 */
+#include "scdaemon.h"
+#include "exechelp.h"
+#endif /* GNUPG_MAJOR_VERSION != 1 */
+
+#include "apdu.h"
+#include "ccid-driver.h"
+
+
+/* Due to conflicting use of threading libraries we usually can't link
+ against libpcsclite. Instead we use a wrapper program. */
+#ifdef USE_GNU_PTH
+#if !defined(HAVE_W32_SYSTEM) && !defined(__CYGWIN__)
+#define NEED_PCSC_WRAPPER 1
+#endif
+#endif
+
+
+#define MAX_READER 4 /* Number of readers we support concurrently. */
+
+
+#if defined(_WIN32) || defined(__CYGWIN__)
+#define DLSTDCALL __stdcall
+#else
+#define DLSTDCALL
+#endif
+
+
+/* Helper to pass parameters related to keypad based operations. */
+struct pininfo_s
+{
+ int mode;
+ int minlen;
+ int maxlen;
+ int padlen;
+};
+
+/* A structure to collect information pertaining to one reader
+ slot. */
+struct reader_table_s {
+ int used; /* True if slot is used. */
+ unsigned short port; /* Port number: 0 = unused, 1 - dev/tty */
+
+ /* Function pointers intialized to the various backends. */
+ int (*connect_card)(int);
+ int (*disconnect_card)(int);
+ int (*close_reader)(int);
+ int (*shutdown_reader)(int);
+ int (*reset_reader)(int);
+ int (*get_status_reader)(int, unsigned int *);
+ int (*send_apdu_reader)(int,unsigned char *,size_t,
+ unsigned char *, size_t *, struct pininfo_s *);
+ int (*check_keypad)(int, int, int, int, int, int);
+ void (*dump_status_reader)(int);
+ int (*set_progress_cb)(int, gcry_handler_progress_t, void*);
+
+ struct {
+ ccid_driver_t handle;
+ } ccid;
+ struct {
+ unsigned long context;
+ unsigned long card;
+ unsigned long protocol;
+#ifdef NEED_PCSC_WRAPPER
+ int req_fd;
+ int rsp_fd;
+ pid_t pid;
+#endif /*NEED_PCSC_WRAPPER*/
+ } pcsc;
+#ifdef USE_G10CODE_RAPDU
+ struct {
+ rapdu_t handle;
+ } rapdu;
+#endif /*USE_G10CODE_RAPDU*/
+ char *rdrname; /* Name of the connected reader or NULL if unknown. */
+ int any_status; /* True if we have seen any status. */
+ int last_status;
+ int status;
+ int is_t0; /* True if we know that we are running T=0. */
+ unsigned char atr[33];
+ size_t atrlen; /* A zero length indicates that the ATR has
+ not yet been read; i.e. the card is not
+ ready for use. */
+ unsigned int change_counter;
+#ifdef USE_GNU_PTH
+ int lock_initialized;
+ pth_mutex_t lock;
+#endif
+};
+typedef struct reader_table_s *reader_table_t;
+
+/* A global table to keep track of active readers. */
+static struct reader_table_s reader_table[MAX_READER];
+
+
+/* ct API function pointer. */
+static char (* DLSTDCALL CT_init) (unsigned short ctn, unsigned short Pn);
+static char (* DLSTDCALL CT_data) (unsigned short ctn, unsigned char *dad,
+ unsigned char *sad, unsigned short lc,
+ unsigned char *cmd, unsigned short *lr,
+ unsigned char *rsp);
+static char (* DLSTDCALL CT_close) (unsigned short ctn);
+
+/* PC/SC constants and function pointer. */
+#define PCSC_SCOPE_USER 0
+#define PCSC_SCOPE_TERMINAL 1
+#define PCSC_SCOPE_SYSTEM 2
+#define PCSC_SCOPE_GLOBAL 3
+
+#define PCSC_PROTOCOL_T0 1
+#define PCSC_PROTOCOL_T1 2
+#define PCSC_PROTOCOL_RAW 4
+
+#define PCSC_SHARE_EXCLUSIVE 1
+#define PCSC_SHARE_SHARED 2
+#define PCSC_SHARE_DIRECT 3
+
+#define PCSC_LEAVE_CARD 0
+#define PCSC_RESET_CARD 1
+#define PCSC_UNPOWER_CARD 2
+#define PCSC_EJECT_CARD 3
+
+#define PCSC_UNKNOWN 0x0001
+#define PCSC_ABSENT 0x0002 /* Card is absent. */
+#define PCSC_PRESENT 0x0004 /* Card is present. */
+#define PCSC_SWALLOWED 0x0008 /* Card is present and electrical connected. */
+#define PCSC_POWERED 0x0010 /* Card is powered. */
+#define PCSC_NEGOTIABLE 0x0020 /* Card is awaiting PTS. */
+#define PCSC_SPECIFIC 0x0040 /* Card is ready for use. */
+
+#define PCSC_STATE_UNAWARE 0x0000 /* Want status. */
+#define PCSC_STATE_IGNORE 0x0001 /* Ignore this reader. */
+#define PCSC_STATE_CHANGED 0x0002 /* State has changed. */
+#define PCSC_STATE_UNKNOWN 0x0004 /* Reader unknown. */
+#define PCSC_STATE_UNAVAILABLE 0x0008 /* Status unavailable. */
+#define PCSC_STATE_EMPTY 0x0010 /* Card removed. */
+#define PCSC_STATE_PRESENT 0x0020 /* Card inserted. */
+#define PCSC_STATE_ATRMATCH 0x0040 /* ATR matches card. */
+#define PCSC_STATE_EXCLUSIVE 0x0080 /* Exclusive Mode. */
+#define PCSC_STATE_INUSE 0x0100 /* Shared mode. */
+#define PCSC_STATE_MUTE 0x0200 /* Unresponsive card. */
+
+/* Some PC/SC error codes. */
+#define PCSC_E_CANCELLED 0x80100002
+#define PCSC_E_CANT_DISPOSE 0x8010000E
+#define PCSC_E_INSUFFICIENT_BUFFER 0x80100008
+#define PCSC_E_INVALID_ATR 0x80100015
+#define PCSC_E_INVALID_HANDLE 0x80100003
+#define PCSC_E_INVALID_PARAMETER 0x80100004
+#define PCSC_E_INVALID_TARGET 0x80100005
+#define PCSC_E_INVALID_VALUE 0x80100011
+#define PCSC_E_NO_MEMORY 0x80100006
+#define PCSC_E_UNKNOWN_READER 0x80100009
+#define PCSC_E_TIMEOUT 0x8010000A
+#define PCSC_E_SHARING_VIOLATION 0x8010000B
+#define PCSC_E_NO_SMARTCARD 0x8010000C
+#define PCSC_E_UNKNOWN_CARD 0x8010000D
+#define PCSC_E_PROTO_MISMATCH 0x8010000F
+#define PCSC_E_NOT_READY 0x80100010
+#define PCSC_E_SYSTEM_CANCELLED 0x80100012
+#define PCSC_E_NOT_TRANSACTED 0x80100016
+#define PCSC_E_READER_UNAVAILABLE 0x80100017
+#define PCSC_W_REMOVED_CARD 0x80100069
+
+/* The PC/SC error is defined as a long as per specs. Due to left
+ shifts bit 31 will get sign extended. We use this mask to fix
+ it. */
+#define PCSC_ERR_MASK(a) ((a) & 0xffffffff)
+
+
+struct pcsc_io_request_s
+{
+ unsigned long protocol;
+ unsigned long pci_len;
+};
+
+typedef struct pcsc_io_request_s *pcsc_io_request_t;
+
+struct pcsc_readerstate_s
+{
+ const char *reader;
+ void *user_data;
+ unsigned long current_state;
+ unsigned long event_state;
+ unsigned long atrlen;
+ unsigned char atr[33];
+};
+
+typedef struct pcsc_readerstate_s *pcsc_readerstate_t;
+
+long (* DLSTDCALL pcsc_establish_context) (unsigned long scope,
+ const void *reserved1,
+ const void *reserved2,
+ unsigned long *r_context);
+long (* DLSTDCALL pcsc_release_context) (unsigned long context);
+long (* DLSTDCALL pcsc_list_readers) (unsigned long context,
+ const char *groups,
+ char *readers, unsigned long*readerslen);
+long (* DLSTDCALL pcsc_get_status_change) (unsigned long context,
+ unsigned long timeout,
+ pcsc_readerstate_t readerstates,
+ unsigned long nreaderstates);
+long (* DLSTDCALL pcsc_connect) (unsigned long context,
+ const char *reader,
+ unsigned long share_mode,
+ unsigned long preferred_protocols,
+ unsigned long *r_card,
+ unsigned long *r_active_protocol);
+long (* DLSTDCALL pcsc_reconnect) (unsigned long card,
+ unsigned long share_mode,
+ unsigned long preferred_protocols,
+ unsigned long initialization,
+ unsigned long *r_active_protocol);
+long (* DLSTDCALL pcsc_disconnect) (unsigned long card,
+ unsigned long disposition);
+long (* DLSTDCALL pcsc_status) (unsigned long card,
+ char *reader, unsigned long *readerlen,
+ unsigned long *r_state,
+ unsigned long *r_protocol,
+ unsigned char *atr, unsigned long *atrlen);
+long (* DLSTDCALL pcsc_begin_transaction) (unsigned long card);
+long (* DLSTDCALL pcsc_end_transaction) (unsigned long card,
+ unsigned long disposition);
+long (* DLSTDCALL pcsc_transmit) (unsigned long card,
+ const pcsc_io_request_t send_pci,
+ const unsigned char *send_buffer,
+ unsigned long send_len,
+ pcsc_io_request_t recv_pci,
+ unsigned char *recv_buffer,
+ unsigned long *recv_len);
+long (* DLSTDCALL pcsc_set_timeout) (unsigned long context,
+ unsigned long timeout);
+
+/* Flag set if PC/SC returned the no-service error. */
+static int pcsc_no_service;
+
+
+/* Prototypes. */
+static int pcsc_get_status (int slot, unsigned int *status);
+static int reset_pcsc_reader (int slot);
+static int apdu_get_status_internal (int slot, int hang, int no_atr_reset,
+ unsigned int *status,
+ unsigned int *changed);
+
+
+
+/*
+ Helper
+ */
+
+
+/* Find an unused reader slot for PORTSTR and put it into the reader
+ table. Return -1 on error or the index into the reader table. */
+static int
+new_reader_slot (void)
+{
+ int i, reader = -1;
+
+ for (i=0; i < MAX_READER; i++)
+ {
+ if (!reader_table[i].used && reader == -1)
+ reader = i;
+ }
+ if (reader == -1)
+ {
+ log_error ("new_reader_slot: out of slots\n");
+ return -1;
+ }
+#ifdef USE_GNU_PTH
+ if (!reader_table[reader].lock_initialized)
+ {
+ if (!pth_mutex_init (&reader_table[reader].lock))
+ {
+ log_error ("error initializing mutex: %s\n", strerror (errno));
+ return -1;
+ }
+ reader_table[reader].lock_initialized = 1;
+ }
+#endif /*USE_GNU_PTH*/
+ reader_table[reader].connect_card = NULL;
+ reader_table[reader].disconnect_card = NULL;
+ reader_table[reader].close_reader = NULL;
+ reader_table[reader].shutdown_reader = NULL;
+ reader_table[reader].reset_reader = NULL;
+ reader_table[reader].get_status_reader = NULL;
+ reader_table[reader].send_apdu_reader = NULL;
+ reader_table[reader].check_keypad = NULL;
+ reader_table[reader].dump_status_reader = NULL;
+ reader_table[reader].set_progress_cb = NULL;
+
+ reader_table[reader].used = 1;
+ reader_table[reader].any_status = 0;
+ reader_table[reader].last_status = 0;
+ reader_table[reader].is_t0 = 1;
+#ifdef NEED_PCSC_WRAPPER
+ reader_table[reader].pcsc.req_fd = -1;
+ reader_table[reader].pcsc.rsp_fd = -1;
+ reader_table[reader].pcsc.pid = (pid_t)(-1);
+#endif
+
+ return reader;
+}
+
+
+static void
+dump_reader_status (int slot)
+{
+ if (!opt.verbose)
+ return;
+
+ if (reader_table[slot].dump_status_reader)
+ reader_table[slot].dump_status_reader (slot);
+
+ if (reader_table[slot].status != -1
+ && reader_table[slot].atrlen)
+ {
+ log_info ("slot %d: ATR=", slot);
+ log_printhex ("", reader_table[slot].atr, reader_table[slot].atrlen);
+ }
+}
+
+
+
+static const char *
+host_sw_string (long err)
+{
+ switch (err)
+ {
+ case 0: return "okay";
+ case SW_HOST_OUT_OF_CORE: return "out of core";
+ case SW_HOST_INV_VALUE: return "invalid value";
+ case SW_HOST_NO_DRIVER: return "no driver";
+ case SW_HOST_NOT_SUPPORTED: return "not supported";
+ case SW_HOST_LOCKING_FAILED: return "locking failed";
+ case SW_HOST_BUSY: return "busy";
+ case SW_HOST_NO_CARD: return "no card";
+ case SW_HOST_CARD_INACTIVE: return "card inactive";
+ case SW_HOST_CARD_IO_ERROR: return "card I/O error";
+ case SW_HOST_GENERAL_ERROR: return "general error";
+ case SW_HOST_NO_READER: return "no reader";
+ case SW_HOST_ABORTED: return "aborted";
+ case SW_HOST_NO_KEYPAD: return "no keypad";
+ case SW_HOST_ALREADY_CONNECTED: return "already connected";
+ default: return "unknown host status error";
+ }
+}
+
+
+const char *
+apdu_strerror (int rc)
+{
+ switch (rc)
+ {
+ case SW_EOF_REACHED : return "eof reached";
+ case SW_EEPROM_FAILURE : return "eeprom failure";
+ case SW_WRONG_LENGTH : return "wrong length";
+ case SW_CHV_WRONG : return "CHV wrong";
+ case SW_CHV_BLOCKED : return "CHV blocked";
+ case SW_USE_CONDITIONS : return "use conditions not satisfied";
+ case SW_BAD_PARAMETER : return "bad parameter";
+ case SW_NOT_SUPPORTED : return "not supported";
+ case SW_FILE_NOT_FOUND : return "file not found";
+ case SW_RECORD_NOT_FOUND:return "record not found";
+ case SW_REF_NOT_FOUND : return "reference not found";
+ case SW_BAD_LC : return "bad Lc";
+ case SW_BAD_P0_P1 : return "bad P0 or P1";
+ case SW_INS_NOT_SUP : return "instruction not supported";
+ case SW_CLA_NOT_SUP : return "class not supported";
+ case SW_SUCCESS : return "success";
+ default:
+ if ((rc & ~0x00ff) == SW_MORE_DATA)
+ return "more data available";
+ if ( (rc & 0x10000) )
+ return host_sw_string (rc);
+ return "unknown status error";
+ }
+}
+
+
+
+/*
+ ct API Interface
+ */
+
+static const char *
+ct_error_string (long err)
+{
+ switch (err)
+ {
+ case 0: return "okay";
+ case -1: return "invalid data";
+ case -8: return "ct error";
+ case -10: return "transmission error";
+ case -11: return "memory allocation error";
+ case -128: return "HTSI error";
+ default: return "unknown CT-API error";
+ }
+}
+
+
+static void
+ct_dump_reader_status (int slot)
+{
+ log_info ("reader slot %d: %s\n", slot,
+ reader_table[slot].status == 1? "Processor ICC present" :
+ reader_table[slot].status == 0? "Memory ICC present" :
+ "ICC not present" );
+}
+
+
+/* Wait for the card in SLOT and activate it. Return a status word
+ error or 0 on success. */
+static int
+ct_activate_card (int slot)
+{
+ int rc;
+ unsigned char dad[1], sad[1], cmd[11], buf[256];
+ unsigned short buflen;
+
+ /* Check whether card has been inserted. */
+ dad[0] = 1; /* Destination address: CT. */
+ sad[0] = 2; /* Source address: Host. */
+
+ cmd[0] = 0x20; /* Class byte. */
+ cmd[1] = 0x13; /* Request status. */
+ cmd[2] = 0x00; /* From kernel. */
+ cmd[3] = 0x80; /* Return card's DO. */
+ cmd[4] = 0x00;
+
+ buflen = DIM(buf);
+
+ rc = CT_data (slot, dad, sad, 5, cmd, &buflen, buf);
+ if (rc || buflen < 2 || buf[buflen-2] != 0x90)
+ {
+ log_error ("ct_activate_card: can't get status of reader %d: %s\n",
+ slot, ct_error_string (rc));
+ return SW_HOST_CARD_IO_ERROR;
+ }
+
+ /* Connected, now activate the card. */
+ dad[0] = 1; /* Destination address: CT. */
+ sad[0] = 2; /* Source address: Host. */
+
+ cmd[0] = 0x20; /* Class byte. */
+ cmd[1] = 0x12; /* Request ICC. */
+ cmd[2] = 0x01; /* From first interface. */
+ cmd[3] = 0x01; /* Return card's ATR. */
+ cmd[4] = 0x00;
+
+ buflen = DIM(buf);
+
+ rc = CT_data (slot, dad, sad, 5, cmd, &buflen, buf);
+ if (rc || buflen < 2 || buf[buflen-2] != 0x90)
+ {
+ log_error ("ct_activate_card(%d): activation failed: %s\n",
+ slot, ct_error_string (rc));
+ if (!rc)
+ log_printhex (" received data:", buf, buflen);
+ return SW_HOST_CARD_IO_ERROR;
+ }
+
+ /* Store the type and the ATR. */
+ if (buflen - 2 > DIM (reader_table[0].atr))
+ {
+ log_error ("ct_activate_card(%d): ATR too long\n", slot);
+ return SW_HOST_CARD_IO_ERROR;
+ }
+
+ reader_table[slot].status = buf[buflen - 1];
+ memcpy (reader_table[slot].atr, buf, buflen - 2);
+ reader_table[slot].atrlen = buflen - 2;
+ return 0;
+}
+
+
+static int
+close_ct_reader (int slot)
+{
+ CT_close (slot);
+ reader_table[slot].used = 0;
+ return 0;
+}
+
+static int
+reset_ct_reader (int slot)
+{
+ /* FIXME: Check is this is sufficient do do a reset. */
+ return ct_activate_card (slot);
+}
+
+
+static int
+ct_get_status (int slot, unsigned int *status)
+{
+ (void)slot;
+ /* The status we returned is wrong but we don't care becuase ctAPI
+ is not anymore required. */
+ *status = APDU_CARD_USABLE|APDU_CARD_PRESENT|APDU_CARD_ACTIVE;
+ return 0;
+}
+
+/* Actually send the APDU of length APDULEN to SLOT and return a
+ maximum of *BUFLEN data in BUFFER, the actual retruned size will be
+ set to BUFLEN. Returns: CT API error code. */
+static int
+ct_send_apdu (int slot, unsigned char *apdu, size_t apdulen,
+ unsigned char *buffer, size_t *buflen, struct pininfo_s *pininfo)
+{
+ int rc;
+ unsigned char dad[1], sad[1];
+ unsigned short ctbuflen;
+
+ (void)pininfo;
+
+ /* If we don't have an ATR, we need to reset the reader first. */
+ if (!reader_table[slot].atrlen
+ && (rc = reset_ct_reader (slot)))
+ return rc;
+
+ dad[0] = 0; /* Destination address: Card. */
+ sad[0] = 2; /* Source address: Host. */
+ ctbuflen = *buflen;
+ if (DBG_CARD_IO)
+ log_printhex (" CT_data:", apdu, apdulen);
+ rc = CT_data (slot, dad, sad, apdulen, apdu, &ctbuflen, buffer);
+ *buflen = ctbuflen;
+
+ return rc? SW_HOST_CARD_IO_ERROR: 0;
+}
+
+
+
+/* Open a reader and return an internal handle for it. PORT is a
+ non-negative value with the port number of the reader. USB readers
+ do have port numbers starting at 32769. */
+static int
+open_ct_reader (int port)
+{
+ int rc, reader;
+
+ if (port < 0 || port > 0xffff)
+ {
+ log_error ("open_ct_reader: invalid port %d requested\n", port);
+ return -1;
+ }
+ reader = new_reader_slot ();
+ if (reader == -1)
+ return reader;
+ reader_table[reader].port = port;
+
+ rc = CT_init (reader, (unsigned short)port);
+ if (rc)
+ {
+ log_error ("apdu_open_ct_reader failed on port %d: %s\n",
+ port, ct_error_string (rc));
+ reader_table[reader].used = 0;
+ return -1;
+ }
+
+ /* Only try to activate the card. */
+ rc = ct_activate_card (reader);
+ if (rc)
+ {
+ reader_table[reader].atrlen = 0;
+ rc = 0;
+ }
+
+ reader_table[reader].close_reader = close_ct_reader;
+ reader_table[reader].reset_reader = reset_ct_reader;
+ reader_table[reader].get_status_reader = ct_get_status;
+ reader_table[reader].send_apdu_reader = ct_send_apdu;
+ reader_table[reader].check_keypad = NULL;
+ reader_table[reader].dump_status_reader = ct_dump_reader_status;
+
+ dump_reader_status (reader);
+ return reader;
+}
+
+
+/*
+ PC/SC Interface
+ */
+
+#ifdef NEED_PCSC_WRAPPER
+static int
+writen (int fd, const void *buf, size_t nbytes)
+{
+ size_t nleft = nbytes;
+ int nwritten;
+
+/* log_printhex (" writen:", buf, nbytes); */
+
+ while (nleft > 0)
+ {
+#ifdef USE_GNU_PTH
+ nwritten = pth_write (fd, buf, nleft);
+#else
+ nwritten = write (fd, buf, nleft);
+#endif
+ if (nwritten < 0 && errno == EINTR)
+ continue;
+ if (nwritten < 0)
+ return -1;
+ nleft -= nwritten;
+ buf = (const char*)buf + nwritten;
+ }
+ return 0;
+}
+
+/* Read up to BUFLEN bytes from FD and return the number of bytes
+ actually read in NREAD. Returns -1 on error or 0 on success. */
+static int
+readn (int fd, void *buf, size_t buflen, size_t *nread)
+{
+ size_t nleft = buflen;
+ int n;
+/* void *orig_buf = buf; */
+
+ while (nleft > 0)
+ {
+#ifdef USE_GNU_PTH
+# ifdef HAVE_W32_SYSTEM
+# error Cannot use pth_read here because it expects a system HANDLE.
+# endif
+ n = pth_read (fd, buf, nleft);
+#else
+ n = read (fd, buf, nleft);
+#endif
+ if (n < 0 && errno == EINTR)
+ continue;
+ if (n < 0)
+ return -1; /* read error. */
+ if (!n)
+ break; /* EOF */
+ nleft -= n;
+ buf = (char*)buf + n;
+ }
+ if (nread)
+ *nread = buflen - nleft;
+
+/* log_printhex (" readn:", orig_buf, *nread); */
+
+ return 0;
+}
+#endif /*NEED_PCSC_WRAPPER*/
+
+static const char *
+pcsc_error_string (long err)
+{
+ const char *s;
+
+ if (!err)
+ return "okay";
+ if ((err & 0x80100000) != 0x80100000)
+ return "invalid PC/SC error code";
+ err &= 0xffff;
+ switch (err)
+ {
+ case 0x0002: s = "cancelled"; break;
+ case 0x000e: s = "can't dispose"; break;
+ case 0x0008: s = "insufficient buffer"; break;
+ case 0x0015: s = "invalid ATR"; break;
+ case 0x0003: s = "invalid handle"; break;
+ case 0x0004: s = "invalid parameter"; break;
+ case 0x0005: s = "invalid target"; break;
+ case 0x0011: s = "invalid value"; break;
+ case 0x0006: s = "no memory"; break;
+ case 0x0013: s = "comm error"; break;
+ case 0x0001: s = "internal error"; break;
+ case 0x0014: s = "unknown error"; break;
+ case 0x0007: s = "waited too long"; break;
+ case 0x0009: s = "unknown reader"; break;
+ case 0x000a: s = "timeout"; break;
+ case 0x000b: s = "sharing violation"; break;
+ case 0x000c: s = "no smartcard"; break;
+ case 0x000d: s = "unknown card"; break;
+ case 0x000f: s = "proto mismatch"; break;
+ case 0x0010: s = "not ready"; break;
+ case 0x0012: s = "system cancelled"; break;
+ case 0x0016: s = "not transacted"; break;
+ case 0x0017: s = "reader unavailable"; break;
+ case 0x0065: s = "unsupported card"; break;
+ case 0x0066: s = "unresponsive card"; break;
+ case 0x0067: s = "unpowered card"; break;
+ case 0x0068: s = "reset card"; break;
+ case 0x0069: s = "removed card"; break;
+ case 0x006a: s = "inserted card"; break;
+ case 0x001f: s = "unsupported feature"; break;
+ case 0x0019: s = "PCI too small"; break;
+ case 0x001a: s = "reader unsupported"; break;
+ case 0x001b: s = "duplicate reader"; break;
+ case 0x001c: s = "card unsupported"; break;
+ case 0x001d: s = "no service"; break;
+ case 0x001e: s = "service stopped"; break;
+ default: s = "unknown PC/SC error code"; break;
+ }
+ return s;
+}
+
+/* Map PC/SC error codes to our special host status words. */
+static int
+pcsc_error_to_sw (long ec)
+{
+ int rc;
+
+ switch ( PCSC_ERR_MASK (ec) )
+ {
+ case 0: rc = 0; break;
+
+ case PCSC_E_CANCELLED: rc = SW_HOST_ABORTED; break;
+ case PCSC_E_NO_MEMORY: rc = SW_HOST_OUT_OF_CORE; break;
+ case PCSC_E_TIMEOUT: rc = SW_HOST_CARD_IO_ERROR; break;
+ case PCSC_E_SHARING_VIOLATION: rc = SW_HOST_LOCKING_FAILED; break;
+ case PCSC_E_NO_SMARTCARD: rc = SW_HOST_NO_CARD; break;
+ case PCSC_W_REMOVED_CARD: rc = SW_HOST_NO_CARD; break;
+
+ case PCSC_E_INVALID_TARGET:
+ case PCSC_E_INVALID_VALUE:
+ case PCSC_E_INVALID_HANDLE:
+ case PCSC_E_INVALID_PARAMETER:
+ case PCSC_E_INSUFFICIENT_BUFFER: rc = SW_HOST_INV_VALUE; break;
+
+ default: rc = SW_HOST_GENERAL_ERROR; break;
+ }
+
+ return rc;
+}
+
+static void
+dump_pcsc_reader_status (int slot)
+{
+ if (reader_table[slot].pcsc.card)
+ {
+ log_info ("reader slot %d: active protocol:", slot);
+ if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T0))
+ log_printf (" T0");
+ else if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T1))
+ log_printf (" T1");
+ else if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_RAW))
+ log_printf (" raw");
+ log_printf ("\n");
+ }
+ else
+ log_info ("reader slot %d: not connected\n", slot);
+}
+
+
+#ifndef NEED_PCSC_WRAPPER
+static int
+pcsc_get_status_direct (int slot, unsigned int *status)
+{
+ long err;
+ struct pcsc_readerstate_s rdrstates[1];
+
+ memset (rdrstates, 0, sizeof *rdrstates);
+ rdrstates[0].reader = reader_table[slot].rdrname;
+ rdrstates[0].current_state = PCSC_STATE_UNAWARE;
+ err = pcsc_get_status_change (reader_table[slot].pcsc.context,
+ 0,
+ rdrstates, 1);
+ if (err == PCSC_E_TIMEOUT)
+ err = 0; /* Timeout is no error error here. */
+ if (err)
+ {
+ log_error ("pcsc_get_status_change failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ return pcsc_error_to_sw (err);
+ }
+
+ /* log_debug */
+ /* ("pcsc_get_status_change: %s%s%s%s%s%s%s%s%s%s\n", */
+ /* (rdrstates[0].event_state & PCSC_STATE_IGNORE)? " ignore":"", */
+ /* (rdrstates[0].event_state & PCSC_STATE_CHANGED)? " changed":"", */
+ /* (rdrstates[0].event_state & PCSC_STATE_UNKNOWN)? " unknown":"", */
+ /* (rdrstates[0].event_state & PCSC_STATE_UNAVAILABLE)?" unavail":"", */
+ /* (rdrstates[0].event_state & PCSC_STATE_EMPTY)? " empty":"", */
+ /* (rdrstates[0].event_state & PCSC_STATE_PRESENT)? " present":"", */
+ /* (rdrstates[0].event_state & PCSC_STATE_ATRMATCH)? " atr":"", */
+ /* (rdrstates[0].event_state & PCSC_STATE_EXCLUSIVE)? " excl":"", */
+ /* (rdrstates[0].event_state & PCSC_STATE_INUSE)? " unuse":"", */
+ /* (rdrstates[0].event_state & PCSC_STATE_MUTE)? " mute":"" ); */
+
+ *status = 0;
+ if ( (rdrstates[0].event_state & PCSC_STATE_PRESENT) )
+ *status |= APDU_CARD_PRESENT;
+ if ( !(rdrstates[0].event_state & PCSC_STATE_MUTE) )
+ *status |= APDU_CARD_ACTIVE;
+#ifndef HAVE_W32_SYSTEM
+ /* We indicate a useful card if it is not in use by another
+ application. This is because we only use exclusive access
+ mode. */
+ if ( (*status & (APDU_CARD_PRESENT|APDU_CARD_ACTIVE))
+ == (APDU_CARD_PRESENT|APDU_CARD_ACTIVE)
+ && !(rdrstates[0].event_state & PCSC_STATE_INUSE) )
+ *status |= APDU_CARD_USABLE;
+#else
+ /* Some winscard drivers may set EXCLUSIVE and INUSE at the same
+ time when we are the only user (SCM SCR335) under Windows. */
+ if ((*status & (APDU_CARD_PRESENT|APDU_CARD_ACTIVE))
+ == (APDU_CARD_PRESENT|APDU_CARD_ACTIVE))
+ *status |= APDU_CARD_USABLE;
+#endif
+
+ return 0;
+}
+#endif /*!NEED_PCSC_WRAPPER*/
+
+
+#ifdef NEED_PCSC_WRAPPER
+static int
+pcsc_get_status_wrapped (int slot, unsigned int *status)
+{
+ long err;
+ reader_table_t slotp;
+ size_t len, full_len;
+ int i, n;
+ unsigned char msgbuf[9];
+ unsigned char buffer[16];
+ int sw = SW_HOST_CARD_IO_ERROR;
+
+ slotp = reader_table + slot;
+
+ if (slotp->pcsc.req_fd == -1
+ || slotp->pcsc.rsp_fd == -1
+ || slotp->pcsc.pid == (pid_t)(-1) )
+ {
+ log_error ("pcsc_get_status: pcsc-wrapper not running\n");
+ return sw;
+ }
+
+ msgbuf[0] = 0x04; /* STATUS command. */
+ len = 0;
+ msgbuf[1] = (len >> 24);
+ msgbuf[2] = (len >> 16);
+ msgbuf[3] = (len >> 8);
+ msgbuf[4] = (len );
+ if ( writen (slotp->pcsc.req_fd, msgbuf, 5) )
+ {
+ log_error ("error sending PC/SC STATUS request: %s\n",
+ strerror (errno));
+ goto command_failed;
+ }
+
+ /* Read the response. */
+ if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9)
+ {
+ log_error ("error receiving PC/SC STATUS response: %s\n",
+ i? strerror (errno) : "premature EOF");
+ goto command_failed;
+ }
+ len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4];
+ if (msgbuf[0] != 0x81 || len < 4)
+ {
+ log_error ("invalid response header from PC/SC received\n");
+ goto command_failed;
+ }
+ len -= 4; /* Already read the error code. */
+ err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16)
+ | (msgbuf[7] << 8 ) | msgbuf[8]);
+ if (err)
+ {
+ log_error ("pcsc_status failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ /* This is a proper error code, so return immediately. */
+ return pcsc_error_to_sw (err);
+ }
+
+ full_len = len;
+
+ /* The current version returns 3 words but we allow also for old
+ versions returning only 2 words. */
+ n = 12 < len ? 12 : len;
+ if ((i=readn (slotp->pcsc.rsp_fd, buffer, n, &len))
+ || (len != 8 && len != 12))
+ {
+ log_error ("error receiving PC/SC STATUS response: %s\n",
+ i? strerror (errno) : "premature EOF");
+ goto command_failed;
+ }
+
+ slotp->is_t0 = (len == 12 && !!(buffer[11] & PCSC_PROTOCOL_T0));
+
+
+ full_len -= len;
+ /* Newer versions of the wrapper might send more status bytes.
+ Read them. */
+ while (full_len)
+ {
+ unsigned char dummybuf[128];
+
+ n = full_len < DIM (dummybuf) ? full_len : DIM (dummybuf);
+ if ((i=readn (slotp->pcsc.rsp_fd, dummybuf, n, &len)) || len != n)
+ {
+ log_error ("error receiving PC/SC TRANSMIT response: %s\n",
+ i? strerror (errno) : "premature EOF");
+ goto command_failed;
+ }
+ full_len -= n;
+ }
+
+ /* We are lucky: The wrapper already returns the data in the
+ required format. */
+ *status = buffer[3];
+ return 0;
+
+ command_failed:
+ close (slotp->pcsc.req_fd);
+ close (slotp->pcsc.rsp_fd);
+ slotp->pcsc.req_fd = -1;
+ slotp->pcsc.rsp_fd = -1;
+ kill (slotp->pcsc.pid, SIGTERM);
+ slotp->pcsc.pid = (pid_t)(-1);
+ slotp->used = 0;
+ return sw;
+}
+#endif /*NEED_PCSC_WRAPPER*/
+
+
+static int
+pcsc_get_status (int slot, unsigned int *status)
+{
+#ifdef NEED_PCSC_WRAPPER
+ return pcsc_get_status_wrapped (slot, status);
+#else
+ return pcsc_get_status_direct (slot, status);
+#endif
+}
+
+
+#ifndef NEED_PCSC_WRAPPER
+static int
+pcsc_send_apdu_direct (int slot, unsigned char *apdu, size_t apdulen,
+ unsigned char *buffer, size_t *buflen,
+ struct pininfo_s *pininfo)
+{
+ long err;
+ struct pcsc_io_request_s send_pci;
+ unsigned long recv_len;
+
+ if (!reader_table[slot].atrlen
+ && (err = reset_pcsc_reader (slot)))
+ return err;
+
+ if (DBG_CARD_IO)
+ log_printhex (" PCSC_data:", apdu, apdulen);
+
+ if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T1))
+ send_pci.protocol = PCSC_PROTOCOL_T1;
+ else
+ send_pci.protocol = PCSC_PROTOCOL_T0;
+ send_pci.pci_len = sizeof send_pci;
+ recv_len = *buflen;
+ err = pcsc_transmit (reader_table[slot].pcsc.card,
+ &send_pci, apdu, apdulen,
+ NULL, buffer, &recv_len);
+ *buflen = recv_len;
+ if (err)
+ log_error ("pcsc_transmit failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+
+ return pcsc_error_to_sw (err);
+}
+#endif /*!NEED_PCSC_WRAPPER*/
+
+
+#ifdef NEED_PCSC_WRAPPER
+static int
+pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen,
+ unsigned char *buffer, size_t *buflen,
+ struct pininfo_s *pininfo)
+{
+ long err;
+ reader_table_t slotp;
+ size_t len, full_len;
+ int i, n;
+ unsigned char msgbuf[9];
+ int sw = SW_HOST_CARD_IO_ERROR;
+
+ (void)pininfo;
+
+ if (!reader_table[slot].atrlen
+ && (err = reset_pcsc_reader (slot)))
+ return err;
+
+ if (DBG_CARD_IO)
+ log_printhex (" PCSC_data:", apdu, apdulen);
+
+ slotp = reader_table + slot;
+
+ if (slotp->pcsc.req_fd == -1
+ || slotp->pcsc.rsp_fd == -1
+ || slotp->pcsc.pid == (pid_t)(-1) )
+ {
+ log_error ("pcsc_send_apdu: pcsc-wrapper not running\n");
+ return sw;
+ }
+
+ msgbuf[0] = 0x03; /* TRANSMIT command. */
+ len = apdulen;
+ msgbuf[1] = (len >> 24);
+ msgbuf[2] = (len >> 16);
+ msgbuf[3] = (len >> 8);
+ msgbuf[4] = (len );
+ if ( writen (slotp->pcsc.req_fd, msgbuf, 5)
+ || writen (slotp->pcsc.req_fd, apdu, len))
+ {
+ log_error ("error sending PC/SC TRANSMIT request: %s\n",
+ strerror (errno));
+ goto command_failed;
+ }
+
+ /* Read the response. */
+ if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9)
+ {
+ log_error ("error receiving PC/SC TRANSMIT response: %s\n",
+ i? strerror (errno) : "premature EOF");
+ goto command_failed;
+ }
+ len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4];
+ if (msgbuf[0] != 0x81 || len < 4)
+ {
+ log_error ("invalid response header from PC/SC received\n");
+ goto command_failed;
+ }
+ len -= 4; /* Already read the error code. */
+ err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16)
+ | (msgbuf[7] << 8 ) | msgbuf[8]);
+ if (err)
+ {
+ log_error ("pcsc_transmit failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ return pcsc_error_to_sw (err);
+ }
+
+ full_len = len;
+
+ n = *buflen < len ? *buflen : len;
+ if ((i=readn (slotp->pcsc.rsp_fd, buffer, n, &len)) || len != n)
+ {
+ log_error ("error receiving PC/SC TRANSMIT response: %s\n",
+ i? strerror (errno) : "premature EOF");
+ goto command_failed;
+ }
+ *buflen = n;
+
+ full_len -= len;
+ if (full_len)
+ {
+ log_error ("pcsc_send_apdu: provided buffer too short - truncated\n");
+ err = SW_HOST_INV_VALUE;
+ }
+ /* We need to read any rest of the response, to keep the
+ protocol running. */
+ while (full_len)
+ {
+ unsigned char dummybuf[128];
+
+ n = full_len < DIM (dummybuf) ? full_len : DIM (dummybuf);
+ if ((i=readn (slotp->pcsc.rsp_fd, dummybuf, n, &len)) || len != n)
+ {
+ log_error ("error receiving PC/SC TRANSMIT response: %s\n",
+ i? strerror (errno) : "premature EOF");
+ goto command_failed;
+ }
+ full_len -= n;
+ }
+
+ return err;
+
+ command_failed:
+ close (slotp->pcsc.req_fd);
+ close (slotp->pcsc.rsp_fd);
+ slotp->pcsc.req_fd = -1;
+ slotp->pcsc.rsp_fd = -1;
+ kill (slotp->pcsc.pid, SIGTERM);
+ slotp->pcsc.pid = (pid_t)(-1);
+ slotp->used = 0;
+ return sw;
+}
+#endif /*NEED_PCSC_WRAPPER*/
+
+
+/* Send the APDU of length APDULEN to SLOT and return a maximum of
+ *BUFLEN data in BUFFER, the actual returned size will be stored at
+ BUFLEN. Returns: A status word. */
+static int
+pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen,
+ unsigned char *buffer, size_t *buflen,
+ struct pininfo_s *pininfo)
+{
+#ifdef NEED_PCSC_WRAPPER
+ return pcsc_send_apdu_wrapped (slot, apdu, apdulen, buffer, buflen, pininfo);
+#else
+ return pcsc_send_apdu_direct (slot, apdu, apdulen, buffer, buflen, pininfo);
+#endif
+}
+
+
+#ifndef NEED_PCSC_WRAPPER
+static int
+close_pcsc_reader_direct (int slot)
+{
+ pcsc_release_context (reader_table[slot].pcsc.context);
+ xfree (reader_table[slot].rdrname);
+ reader_table[slot].rdrname = NULL;
+ reader_table[slot].used = 0;
+ return 0;
+}
+#endif /*!NEED_PCSC_WRAPPER*/
+
+
+#ifdef NEED_PCSC_WRAPPER
+static int
+close_pcsc_reader_wrapped (int slot)
+{
+ long err;
+ reader_table_t slotp;
+ size_t len;
+ int i;
+ unsigned char msgbuf[9];
+
+ slotp = reader_table + slot;
+
+ if (slotp->pcsc.req_fd == -1
+ || slotp->pcsc.rsp_fd == -1
+ || slotp->pcsc.pid == (pid_t)(-1) )
+ {
+ log_error ("close_pcsc_reader: pcsc-wrapper not running\n");
+ return 0;
+ }
+
+ msgbuf[0] = 0x02; /* CLOSE command. */
+ len = 0;
+ msgbuf[1] = (len >> 24);
+ msgbuf[2] = (len >> 16);
+ msgbuf[3] = (len >> 8);
+ msgbuf[4] = (len );
+ if ( writen (slotp->pcsc.req_fd, msgbuf, 5) )
+ {
+ log_error ("error sending PC/SC CLOSE request: %s\n",
+ strerror (errno));
+ goto command_failed;
+ }
+
+ /* Read the response. */
+ if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9)
+ {
+ log_error ("error receiving PC/SC CLOSE response: %s\n",
+ i? strerror (errno) : "premature EOF");
+ goto command_failed;
+ }
+ len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4];
+ if (msgbuf[0] != 0x81 || len < 4)
+ {
+ log_error ("invalid response header from PC/SC received\n");
+ goto command_failed;
+ }
+ len -= 4; /* Already read the error code. */
+ err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16)
+ | (msgbuf[7] << 8 ) | msgbuf[8]);
+ if (err)
+ log_error ("pcsc_close failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+
+ /* We will close the wrapper in any case - errors are merely
+ informational. */
+
+ command_failed:
+ close (slotp->pcsc.req_fd);
+ close (slotp->pcsc.rsp_fd);
+ slotp->pcsc.req_fd = -1;
+ slotp->pcsc.rsp_fd = -1;
+ kill (slotp->pcsc.pid, SIGTERM);
+ slotp->pcsc.pid = (pid_t)(-1);
+ slotp->used = 0;
+ return 0;
+}
+#endif /*NEED_PCSC_WRAPPER*/
+
+
+static int
+close_pcsc_reader (int slot)
+{
+#ifdef NEED_PCSC_WRAPPER
+ return close_pcsc_reader_wrapped (slot);
+#else
+ return close_pcsc_reader_direct (slot);
+#endif
+}
+
+
+/* Connect a PC/SC card. */
+#ifndef NEED_PCSC_WRAPPER
+static int
+connect_pcsc_card (int slot)
+{
+ long err;
+
+ assert (slot >= 0 && slot < MAX_READER);
+
+ if (reader_table[slot].pcsc.card)
+ return SW_HOST_ALREADY_CONNECTED;
+
+ reader_table[slot].atrlen = 0;
+ reader_table[slot].last_status = 0;
+ reader_table[slot].is_t0 = 0;
+
+ err = pcsc_connect (reader_table[slot].pcsc.context,
+ reader_table[slot].rdrname,
+ PCSC_SHARE_EXCLUSIVE,
+ PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1,
+ &reader_table[slot].pcsc.card,
+ &reader_table[slot].pcsc.protocol);
+ if (err)
+ {
+ reader_table[slot].pcsc.card = 0;
+ if (err != PCSC_E_NO_SMARTCARD)
+ log_error ("pcsc_connect failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ }
+ else
+ {
+ char reader[250];
+ unsigned long readerlen, atrlen;
+ unsigned long card_state, card_protocol;
+
+ atrlen = DIM (reader_table[0].atr);
+ readerlen = sizeof reader -1 ;
+ err = pcsc_status (reader_table[slot].pcsc.card,
+ reader, &readerlen,
+ &card_state, &card_protocol,
+ reader_table[slot].atr, &atrlen);
+ if (err)
+ log_error ("pcsc_status failed: %s (0x%lx) %lu\n",
+ pcsc_error_string (err), err, readerlen);
+ else
+ {
+ if (atrlen > DIM (reader_table[0].atr))
+ log_bug ("ATR returned by pcsc_status is too large\n");
+ reader_table[slot].atrlen = atrlen;
+ /* If we got to here we know that a card is present
+ and usable. Remember this. */
+ reader_table[slot].last_status = ( APDU_CARD_USABLE
+ | APDU_CARD_PRESENT
+ | APDU_CARD_ACTIVE);
+ reader_table[slot].is_t0 = !!(card_protocol & PCSC_PROTOCOL_T0);
+ }
+ }
+
+ dump_reader_status (slot);
+ return pcsc_error_to_sw (err);
+}
+#endif /*!NEED_PCSC_WRAPPER*/
+
+
+/* Disconnect a PC/SC card. Note that this succeeds even if the card
+ is not connected. */
+#ifndef NEED_PCSC_WRAPPER
+static int
+disconnect_pcsc_card (int slot)
+{
+ long err;
+
+ assert (slot >= 0 && slot < MAX_READER);
+
+ if (!reader_table[slot].pcsc.card)
+ return 0;
+
+ err = pcsc_disconnect (reader_table[slot].pcsc.card, PCSC_LEAVE_CARD);
+ if (err)
+ {
+ log_error ("pcsc_disconnect failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ return SW_HOST_CARD_IO_ERROR;
+ }
+ reader_table[slot].pcsc.card = 0;
+ return 0;
+}
+#endif /*!NEED_PCSC_WRAPPER*/
+
+
+#ifndef NEED_PCSC_WRAPPER
+static int
+reset_pcsc_reader_direct (int slot)
+{
+ int sw;
+
+ sw = disconnect_pcsc_card (slot);
+ if (!sw)
+ sw = connect_pcsc_card (slot);
+
+ return sw;
+}
+#endif /*NEED_PCSC_WRAPPER*/
+
+
+#ifdef NEED_PCSC_WRAPPER
+static int
+reset_pcsc_reader_wrapped (int slot)
+{
+ long err;
+ reader_table_t slotp;
+ size_t len;
+ int i, n;
+ unsigned char msgbuf[9];
+ unsigned int dummy_status;
+ int sw = SW_HOST_CARD_IO_ERROR;
+
+ slotp = reader_table + slot;
+
+ if (slotp->pcsc.req_fd == -1
+ || slotp->pcsc.rsp_fd == -1
+ || slotp->pcsc.pid == (pid_t)(-1) )
+ {
+ log_error ("pcsc_get_status: pcsc-wrapper not running\n");
+ return sw;
+ }
+
+ msgbuf[0] = 0x05; /* RESET command. */
+ len = 0;
+ msgbuf[1] = (len >> 24);
+ msgbuf[2] = (len >> 16);
+ msgbuf[3] = (len >> 8);
+ msgbuf[4] = (len );
+ if ( writen (slotp->pcsc.req_fd, msgbuf, 5) )
+ {
+ log_error ("error sending PC/SC RESET request: %s\n",
+ strerror (errno));
+ goto command_failed;
+ }
+
+ /* Read the response. */
+ if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9)
+ {
+ log_error ("error receiving PC/SC RESET response: %s\n",
+ i? strerror (errno) : "premature EOF");
+ goto command_failed;
+ }
+ len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4];
+ if (msgbuf[0] != 0x81 || len < 4)
+ {
+ log_error ("invalid response header from PC/SC received\n");
+ goto command_failed;
+ }
+ len -= 4; /* Already read the error code. */
+ if (len > DIM (slotp->atr))
+ {
+ log_error ("PC/SC returned a too large ATR (len=%lx)\n",
+ (unsigned long)len);
+ sw = SW_HOST_GENERAL_ERROR;
+ goto command_failed;
+ }
+ err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16)
+ | (msgbuf[7] << 8 ) | msgbuf[8]);
+ if (err)
+ {
+ log_error ("PC/SC RESET failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ /* If the error code is no smart card, we should not considere
+ this a major error and close the wrapper. */
+ sw = pcsc_error_to_sw (err);
+ if (err == PCSC_E_NO_SMARTCARD)
+ return sw;
+ goto command_failed;
+ }
+
+ /* The open function may return a zero for the ATR length to
+ indicate that no card is present. */
+ n = len;
+ if (n)
+ {
+ if ((i=readn (slotp->pcsc.rsp_fd, slotp->atr, n, &len)) || len != n)
+ {
+ log_error ("error receiving PC/SC RESET response: %s\n",
+ i? strerror (errno) : "premature EOF");
+ goto command_failed;
+ }
+ }
+ slotp->atrlen = len;
+
+ /* Read the status so that IS_T0 will be set. */
+ pcsc_get_status (slot, &dummy_status);
+
+ return 0;
+
+ command_failed:
+ close (slotp->pcsc.req_fd);
+ close (slotp->pcsc.rsp_fd);
+ slotp->pcsc.req_fd = -1;
+ slotp->pcsc.rsp_fd = -1;
+ kill (slotp->pcsc.pid, SIGTERM);
+ slotp->pcsc.pid = (pid_t)(-1);
+ slotp->used = 0;
+ return sw;
+}
+#endif /* !NEED_PCSC_WRAPPER */
+
+
+/* Send an PC/SC reset command and return a status word on error or 0
+ on success. */
+static int
+reset_pcsc_reader (int slot)
+{
+#ifdef NEED_PCSC_WRAPPER
+ return reset_pcsc_reader_wrapped (slot);
+#else
+ return reset_pcsc_reader_direct (slot);
+#endif
+}
+
+
+/* Open the PC/SC reader without using the wrapper. Returns -1 on
+ error or a slot number for the reader. */
+#ifndef NEED_PCSC_WRAPPER
+static int
+open_pcsc_reader_direct (const char *portstr)
+{
+ long err;
+ int slot;
+ char *list = NULL;
+ unsigned long nreader, listlen;
+ char *p;
+
+ slot = new_reader_slot ();
+ if (slot == -1)
+ return -1;
+
+ /* Fixme: Allocating a context for each slot is not required. One
+ global context should be sufficient. */
+ err = pcsc_establish_context (PCSC_SCOPE_SYSTEM, NULL, NULL,
+ &reader_table[slot].pcsc.context);
+ if (err)
+ {
+ log_error ("pcsc_establish_context failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ reader_table[slot].used = 0;
+ if (err == 0x8010001d)
+ pcsc_no_service = 1;
+ return -1;
+ }
+ pcsc_no_service = 0;
+
+ err = pcsc_list_readers (reader_table[slot].pcsc.context,
+ NULL, NULL, &nreader);
+ if (!err)
+ {
+ list = xtrymalloc (nreader+1); /* Better add 1 for safety reasons. */
+ if (!list)
+ {
+ log_error ("error allocating memory for reader list\n");
+ pcsc_release_context (reader_table[slot].pcsc.context);
+ reader_table[slot].used = 0;
+ return -1 /*SW_HOST_OUT_OF_CORE*/;
+ }
+ err = pcsc_list_readers (reader_table[slot].pcsc.context,
+ NULL, list, &nreader);
+ }
+ if (err)
+ {
+ log_error ("pcsc_list_readers failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ pcsc_release_context (reader_table[slot].pcsc.context);
+ reader_table[slot].used = 0;
+ xfree (list);
+ return -1;
+ }
+
+ listlen = nreader;
+ p = list;
+ while (nreader)
+ {
+ if (!*p && !p[1])
+ break;
+ if (*p)
+ log_info ("detected reader `%s'\n", p);
+ if (nreader < (strlen (p)+1))
+ {
+ log_error ("invalid response from pcsc_list_readers\n");
+ break;
+ }
+ nreader -= strlen (p)+1;
+ p += strlen (p) + 1;
+ }
+
+ reader_table[slot].rdrname = xtrymalloc (strlen (portstr? portstr : list)+1);
+ if (!reader_table[slot].rdrname)
+ {
+ log_error ("error allocating memory for reader name\n");
+ pcsc_release_context (reader_table[slot].pcsc.context);
+ reader_table[slot].used = 0;
+ return -1;
+ }
+ strcpy (reader_table[slot].rdrname, portstr? portstr : list);
+ xfree (list);
+ list = NULL;
+
+ reader_table[slot].pcsc.card = 0;
+ reader_table[slot].atrlen = 0;
+ reader_table[slot].last_status = 0;
+
+ reader_table[slot].connect_card = connect_pcsc_card;
+ reader_table[slot].disconnect_card = disconnect_pcsc_card;
+ reader_table[slot].close_reader = close_pcsc_reader;
+ reader_table[slot].reset_reader = reset_pcsc_reader;
+ reader_table[slot].get_status_reader = pcsc_get_status;
+ reader_table[slot].send_apdu_reader = pcsc_send_apdu;
+ reader_table[slot].dump_status_reader = dump_pcsc_reader_status;
+
+ dump_reader_status (slot);
+ return slot;
+}
+#endif /*!NEED_PCSC_WRAPPER */
+
+
+/* Open the PC/SC reader using the pcsc_wrapper program. This is
+ needed to cope with different thread models and other peculiarities
+ of libpcsclite. */
+#ifdef NEED_PCSC_WRAPPER
+static int
+open_pcsc_reader_wrapped (const char *portstr)
+{
+ int slot;
+ reader_table_t slotp;
+ int fd, rp[2], wp[2];
+ int n, i;
+ pid_t pid;
+ size_t len;
+ unsigned char msgbuf[9];
+ int err;
+ unsigned int dummy_status;
+ /*int sw = SW_HOST_CARD_IO_ERROR;*/
+
+ /* Note that we use the constant and not the fucntion because this
+ code won't be be used under Windows. */
+ const char *wrapperpgm = GNUPG_LIBEXECDIR "/gnupg-pcsc-wrapper";
+
+ if (access (wrapperpgm, X_OK))
+ {
+ log_error ("can't run PC/SC access module `%s': %s\n",
+ wrapperpgm, strerror (errno));
+ return -1;
+ }
+
+ slot = new_reader_slot ();
+ if (slot == -1)
+ return -1;
+ slotp = reader_table + slot;
+
+ /* Fire up the PC/SCc wrapper. We don't use any fork/exec code from
+ the common directy but implement it directly so that this file
+ may still be source copied. */
+
+ if (pipe (rp) == -1)
+ {
+ log_error ("error creating a pipe: %s\n", strerror (errno));
+ slotp->used = 0;
+ return -1;
+ }
+ if (pipe (wp) == -1)
+ {
+ log_error ("error creating a pipe: %s\n", strerror (errno));
+ close (rp[0]);
+ close (rp[1]);
+ slotp->used = 0;
+ return -1;
+ }
+
+ pid = fork ();
+ if (pid == -1)
+ {
+ log_error ("error forking process: %s\n", strerror (errno));
+ close (rp[0]);
+ close (rp[1]);
+ close (wp[0]);
+ close (wp[1]);
+ slotp->used = 0;
+ return -1;
+ }
+ slotp->pcsc.pid = pid;
+
+ if (!pid)
+ { /*
+ === Child ===
+ */
+
+ /* Double fork. */
+ pid = fork ();
+ if (pid == -1)
+ _exit (31);
+ if (pid)
+ _exit (0); /* Immediate exit this parent, so that the child
+ gets cleaned up by the init process. */
+
+ /* Connect our pipes. */
+ if (wp[0] != 0 && dup2 (wp[0], 0) == -1)
+ log_fatal ("dup2 stdin failed: %s\n", strerror (errno));
+ if (rp[1] != 1 && dup2 (rp[1], 1) == -1)
+ log_fatal ("dup2 stdout failed: %s\n", strerror (errno));
+
+ /* Send stderr to the bit bucket. */
+ fd = open ("/dev/null", O_WRONLY);
+ if (fd == -1)
+ log_fatal ("can't open `/dev/null': %s", strerror (errno));
+ if (fd != 2 && dup2 (fd, 2) == -1)
+ log_fatal ("dup2 stderr failed: %s\n", strerror (errno));
+
+ /* Close all other files. */
+ close_all_fds (3, NULL);
+
+ execl (wrapperpgm,
+ "pcsc-wrapper",
+ "--",
+ "1", /* API version */
+ opt.pcsc_driver, /* Name of the PC/SC library. */
+ NULL);
+ _exit (31);
+ }
+
+ /*
+ === Parent ===
+ */
+ close (wp[0]);
+ close (rp[1]);
+ slotp->pcsc.req_fd = wp[1];
+ slotp->pcsc.rsp_fd = rp[0];
+
+ /* Wait for the intermediate child to terminate. */
+#ifdef USE_GNU_PTH
+#define WAIT pth_waitpid
+#else
+#define WAIT waitpid
+#endif
+ while ( (i=WAIT (pid, NULL, 0)) == -1 && errno == EINTR)
+ ;
+#undef WAIT
+
+ /* Now send the open request. */
+ msgbuf[0] = 0x01; /* OPEN command. */
+ len = portstr? strlen (portstr):0;
+ msgbuf[1] = (len >> 24);
+ msgbuf[2] = (len >> 16);
+ msgbuf[3] = (len >> 8);
+ msgbuf[4] = (len );
+ if ( writen (slotp->pcsc.req_fd, msgbuf, 5)
+ || (portstr && writen (slotp->pcsc.req_fd, portstr, len)))
+ {
+ log_error ("error sending PC/SC OPEN request: %s\n",
+ strerror (errno));
+ goto command_failed;
+ }
+ /* Read the response. */
+ if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9)
+ {
+ log_error ("error receiving PC/SC OPEN response: %s\n",
+ i? strerror (errno) : "premature EOF");
+ goto command_failed;
+ }
+ len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4];
+ if (msgbuf[0] != 0x81 || len < 4)
+ {
+ log_error ("invalid response header from PC/SC received\n");
+ goto command_failed;
+ }
+ len -= 4; /* Already read the error code. */
+ if (len > DIM (slotp->atr))
+ {
+ log_error ("PC/SC returned a too large ATR (len=%lx)\n",
+ (unsigned long)len);
+ goto command_failed;
+ }
+ err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16)
+ | (msgbuf[7] << 8 ) | msgbuf[8]);
+ if (err)
+ {
+ log_error ("PC/SC OPEN failed: %s\n", pcsc_error_string (err));
+ /*sw = pcsc_error_to_sw (err);*/
+ goto command_failed;
+ }
+
+ slotp->last_status = 0;
+
+ /* The open request may return a zero for the ATR length to
+ indicate that no card is present. */
+ n = len;
+ if (n)
+ {
+ if ((i=readn (slotp->pcsc.rsp_fd, slotp->atr, n, &len)) || len != n)
+ {
+ log_error ("error receiving PC/SC OPEN response: %s\n",
+ i? strerror (errno) : "premature EOF");
+ goto command_failed;
+ }
+ /* If we got to here we know that a card is present
+ and usable. Thus remember this. */
+ slotp->last_status = ( APDU_CARD_USABLE
+ | APDU_CARD_PRESENT
+ | APDU_CARD_ACTIVE);
+ }
+ slotp->atrlen = len;
+
+ reader_table[slot].close_reader = close_pcsc_reader;
+ reader_table[slot].reset_reader = reset_pcsc_reader;
+ reader_table[slot].get_status_reader = pcsc_get_status;
+ reader_table[slot].send_apdu_reader = pcsc_send_apdu;
+ reader_table[slot].dump_status_reader = dump_pcsc_reader_status;
+
+ /* Read the status so that IS_T0 will be set. */
+ pcsc_get_status (slot, &dummy_status);
+
+ dump_reader_status (slot);
+ return slot;
+
+ command_failed:
+ close (slotp->pcsc.req_fd);
+ close (slotp->pcsc.rsp_fd);
+ slotp->pcsc.req_fd = -1;
+ slotp->pcsc.rsp_fd = -1;
+ kill (slotp->pcsc.pid, SIGTERM);
+ slotp->pcsc.pid = (pid_t)(-1);
+ slotp->used = 0;
+ /* There is no way to return SW. */
+ return -1;
+
+}
+#endif /*NEED_PCSC_WRAPPER*/
+
+
+static int
+open_pcsc_reader (const char *portstr)
+{
+#ifdef NEED_PCSC_WRAPPER
+ return open_pcsc_reader_wrapped (portstr);
+#else
+ return open_pcsc_reader_direct (portstr);
+#endif
+}
+
+
+
+#ifdef HAVE_LIBUSB
+/*
+ Internal CCID driver interface.
+ */
+
+
+static void
+dump_ccid_reader_status (int slot)
+{
+ log_info ("reader slot %d: using ccid driver\n", slot);
+}
+
+static int
+close_ccid_reader (int slot)
+{
+ ccid_close_reader (reader_table[slot].ccid.handle);
+ reader_table[slot].used = 0;
+ return 0;
+}
+
+
+static int
+shutdown_ccid_reader (int slot)
+{
+ ccid_shutdown_reader (reader_table[slot].ccid.handle);
+ return 0;
+}
+
+
+static int
+reset_ccid_reader (int slot)
+{
+ int err;
+ reader_table_t slotp = reader_table + slot;
+ unsigned char atr[33];
+ size_t atrlen;
+
+ err = ccid_get_atr (slotp->ccid.handle, atr, sizeof atr, &atrlen);
+ if (err)
+ return err;
+ /* If the reset was successful, update the ATR. */
+ assert (sizeof slotp->atr >= sizeof atr);
+ slotp->atrlen = atrlen;
+ memcpy (slotp->atr, atr, atrlen);
+ dump_reader_status (slot);
+ return 0;
+}
+
+
+static int
+set_progress_cb_ccid_reader (int slot, gcry_handler_progress_t cb, void *cb_arg)
+{
+ reader_table_t slotp = reader_table + slot;
+
+ return ccid_set_progress_cb (slotp->ccid.handle, cb, cb_arg);
+}
+
+
+static int
+get_status_ccid (int slot, unsigned int *status)
+{
+ int rc;
+ int bits;
+
+ rc = ccid_slot_status (reader_table[slot].ccid.handle, &bits);
+ if (rc)
+ return rc;
+
+ if (bits == 0)
+ *status = (APDU_CARD_USABLE|APDU_CARD_PRESENT|APDU_CARD_ACTIVE);
+ else if (bits == 1)
+ *status = APDU_CARD_PRESENT;
+ else
+ *status = 0;
+
+ return 0;
+}
+
+
+/* Actually send the APDU of length APDULEN to SLOT and return a
+ maximum of *BUFLEN data in BUFFER, the actual returned size will be
+ set to BUFLEN. Returns: Internal CCID driver error code. */
+static int
+send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen,
+ unsigned char *buffer, size_t *buflen,
+ struct pininfo_s *pininfo)
+{
+ long err;
+ size_t maxbuflen;
+
+ /* If we don't have an ATR, we need to reset the reader first. */
+ if (!reader_table[slot].atrlen
+ && (err = reset_ccid_reader (slot)))
+ return err;
+
+ if (DBG_CARD_IO)
+ log_printhex (" raw apdu:", apdu, apdulen);
+
+ maxbuflen = *buflen;
+ if (pininfo)
+ err = ccid_transceive_secure (reader_table[slot].ccid.handle,
+ apdu, apdulen,
+ pininfo->mode,
+ pininfo->minlen,
+ pininfo->maxlen,
+ pininfo->padlen,
+ buffer, maxbuflen, buflen);
+ else
+ err = ccid_transceive (reader_table[slot].ccid.handle,
+ apdu, apdulen,
+ buffer, maxbuflen, buflen);
+ if (err)
+ log_error ("ccid_transceive failed: (0x%lx)\n",
+ err);
+
+ return err;
+}
+
+
+/* Check whether the CCID reader supports the ISO command code COMMAND
+ on the keypad. Return 0 on success. For a description of the pin
+ parameters, see ccid-driver.c */
+static int
+check_ccid_keypad (int slot, int command, int pin_mode,
+ int pinlen_min, int pinlen_max, int pin_padlen)
+{
+ unsigned char apdu[] = { 0, 0, 0, 0x81 };
+
+ apdu[1] = command;
+ return ccid_transceive_secure (reader_table[slot].ccid.handle,
+ apdu, sizeof apdu,
+ pin_mode, pinlen_min, pinlen_max, pin_padlen,
+ NULL, 0, NULL);
+}
+
+
+/* Open the reader and try to read an ATR. */
+static int
+open_ccid_reader (const char *portstr)
+{
+ int err;
+ int slot;
+ reader_table_t slotp;
+
+ slot = new_reader_slot ();
+ if (slot == -1)
+ return -1;
+ slotp = reader_table + slot;
+
+ err = ccid_open_reader (&slotp->ccid.handle, portstr);
+ if (err)
+ {
+ slotp->used = 0;
+ return -1;
+ }
+
+ err = ccid_get_atr (slotp->ccid.handle,
+ slotp->atr, sizeof slotp->atr, &slotp->atrlen);
+ if (err)
+ {
+ slotp->atrlen = 0;
+ err = 0;
+ }
+ else
+ {
+ /* If we got to here we know that a card is present
+ and usable. Thus remember this. */
+ reader_table[slot].last_status = (APDU_CARD_USABLE
+ | APDU_CARD_PRESENT
+ | APDU_CARD_ACTIVE);
+ }
+
+ reader_table[slot].close_reader = close_ccid_reader;
+ reader_table[slot].shutdown_reader = shutdown_ccid_reader;
+ reader_table[slot].reset_reader = reset_ccid_reader;
+ reader_table[slot].get_status_reader = get_status_ccid;
+ reader_table[slot].send_apdu_reader = send_apdu_ccid;
+ reader_table[slot].check_keypad = check_ccid_keypad;
+ reader_table[slot].dump_status_reader = dump_ccid_reader_status;
+ reader_table[slot].set_progress_cb = set_progress_cb_ccid_reader;
+ /* Our CCID reader code does not support T=0 at all, thus reset the
+ flag. */
+ reader_table[slot].is_t0 = 0;
+
+ dump_reader_status (slot);
+ return slot;
+}
+
+
+
+#endif /* HAVE_LIBUSB */
+
+
+
+#ifdef USE_G10CODE_RAPDU
+/*
+ The Remote APDU Interface.
+
+ This uses the Remote APDU protocol to contact a reader.
+
+ The port number is actually an index into the list of ports as
+ returned via the protocol.
+ */
+
+
+static int
+rapdu_status_to_sw (int status)
+{
+ int rc;
+
+ switch (status)
+ {
+ case RAPDU_STATUS_SUCCESS: rc = 0; break;
+
+ case RAPDU_STATUS_INVCMD:
+ case RAPDU_STATUS_INVPROT:
+ case RAPDU_STATUS_INVSEQ:
+ case RAPDU_STATUS_INVCOOKIE:
+ case RAPDU_STATUS_INVREADER: rc = SW_HOST_INV_VALUE; break;
+
+ case RAPDU_STATUS_TIMEOUT: rc = SW_HOST_CARD_IO_ERROR; break;
+ case RAPDU_STATUS_CARDIO: rc = SW_HOST_CARD_IO_ERROR; break;
+ case RAPDU_STATUS_NOCARD: rc = SW_HOST_NO_CARD; break;
+ case RAPDU_STATUS_CARDCHG: rc = SW_HOST_NO_CARD; break;
+ case RAPDU_STATUS_BUSY: rc = SW_HOST_BUSY; break;
+ case RAPDU_STATUS_NEEDRESET: rc = SW_HOST_CARD_INACTIVE; break;
+
+ default: rc = SW_HOST_GENERAL_ERROR; break;
+ }
+
+ return rc;
+}
+
+
+
+static int
+close_rapdu_reader (int slot)
+{
+ rapdu_release (reader_table[slot].rapdu.handle);
+ reader_table[slot].used = 0;
+ return 0;
+}
+
+
+static int
+reset_rapdu_reader (int slot)
+{
+ int err;
+ reader_table_t slotp;
+ rapdu_msg_t msg = NULL;
+
+ slotp = reader_table + slot;
+
+ err = rapdu_send_cmd (slotp->rapdu.handle, RAPDU_CMD_RESET);
+ if (err)
+ {
+ log_error ("sending rapdu command RESET failed: %s\n",
+ err < 0 ? strerror (errno): rapdu_strerror (err));
+ rapdu_msg_release (msg);
+ return rapdu_status_to_sw (err);
+ }
+ err = rapdu_read_msg (slotp->rapdu.handle, &msg);
+ if (err)
+ {
+ log_error ("receiving rapdu message failed: %s\n",
+ err < 0 ? strerror (errno): rapdu_strerror (err));
+ rapdu_msg_release (msg);
+ return rapdu_status_to_sw (err);
+ }
+ if (msg->cmd != RAPDU_STATUS_SUCCESS || !msg->datalen)
+ {
+ int sw = rapdu_status_to_sw (msg->cmd);
+ log_error ("rapdu command RESET failed: %s\n",
+ rapdu_strerror (msg->cmd));
+ rapdu_msg_release (msg);
+ return sw;
+ }
+ if (msg->datalen > DIM (slotp->atr))
+ {
+ log_error ("ATR returned by the RAPDU layer is too large\n");
+ rapdu_msg_release (msg);
+ return SW_HOST_INV_VALUE;
+ }
+ slotp->atrlen = msg->datalen;
+ memcpy (slotp->atr, msg->data, msg->datalen);
+
+ rapdu_msg_release (msg);
+ return 0;
+}
+
+
+static int
+my_rapdu_get_status (int slot, unsigned int *status)
+{
+ int err;
+ reader_table_t slotp;
+ rapdu_msg_t msg = NULL;
+ int oldslot;
+
+ slotp = reader_table + slot;
+
+ oldslot = rapdu_set_reader (slotp->rapdu.handle, slot);
+ err = rapdu_send_cmd (slotp->rapdu.handle, RAPDU_CMD_GET_STATUS);
+ rapdu_set_reader (slotp->rapdu.handle, oldslot);
+ if (err)
+ {
+ log_error ("sending rapdu command GET_STATUS failed: %s\n",
+ err < 0 ? strerror (errno): rapdu_strerror (err));
+ return rapdu_status_to_sw (err);
+ }
+ err = rapdu_read_msg (slotp->rapdu.handle, &msg);
+ if (err)
+ {
+ log_error ("receiving rapdu message failed: %s\n",
+ err < 0 ? strerror (errno): rapdu_strerror (err));
+ rapdu_msg_release (msg);
+ return rapdu_status_to_sw (err);
+ }
+ if (msg->cmd != RAPDU_STATUS_SUCCESS || !msg->datalen)
+ {
+ int sw = rapdu_status_to_sw (msg->cmd);
+ log_error ("rapdu command GET_STATUS failed: %s\n",
+ rapdu_strerror (msg->cmd));
+ rapdu_msg_release (msg);
+ return sw;
+ }
+ *status = msg->data[0];
+
+ rapdu_msg_release (msg);
+ return 0;
+}
+
+
+/* Actually send the APDU of length APDULEN to SLOT and return a
+ maximum of *BUFLEN data in BUFFER, the actual returned size will be
+ set to BUFLEN. Returns: APDU error code. */
+static int
+my_rapdu_send_apdu (int slot, unsigned char *apdu, size_t apdulen,
+ unsigned char *buffer, size_t *buflen,
+ struct pininfo_s *pininfo)
+{
+ int err;
+ reader_table_t slotp;
+ rapdu_msg_t msg = NULL;
+ size_t maxlen = *buflen;
+
+ slotp = reader_table + slot;
+
+ *buflen = 0;
+ if (DBG_CARD_IO)
+ log_printhex (" APDU_data:", apdu, apdulen);
+
+ if (apdulen < 4)
+ {
+ log_error ("rapdu_send_apdu: APDU is too short\n");
+ return SW_HOST_INV_VALUE;
+ }
+
+ err = rapdu_send_apdu (slotp->rapdu.handle, apdu, apdulen);
+ if (err)
+ {
+ log_error ("sending rapdu command APDU failed: %s\n",
+ err < 0 ? strerror (errno): rapdu_strerror (err));
+ rapdu_msg_release (msg);
+ return rapdu_status_to_sw (err);
+ }
+ err = rapdu_read_msg (slotp->rapdu.handle, &msg);
+ if (err)
+ {
+ log_error ("receiving rapdu message failed: %s\n",
+ err < 0 ? strerror (errno): rapdu_strerror (err));
+ rapdu_msg_release (msg);
+ return rapdu_status_to_sw (err);
+ }
+ if (msg->cmd != RAPDU_STATUS_SUCCESS || !msg->datalen)
+ {
+ int sw = rapdu_status_to_sw (msg->cmd);
+ log_error ("rapdu command APDU failed: %s\n",
+ rapdu_strerror (msg->cmd));
+ rapdu_msg_release (msg);
+ return sw;
+ }
+
+ if (msg->datalen > maxlen)
+ {
+ log_error ("rapdu response apdu too large\n");
+ rapdu_msg_release (msg);
+ return SW_HOST_INV_VALUE;
+ }
+
+ *buflen = msg->datalen;
+ memcpy (buffer, msg->data, msg->datalen);
+
+ rapdu_msg_release (msg);
+ return 0;
+}
+
+static int
+open_rapdu_reader (int portno,
+ const unsigned char *cookie, size_t length,
+ int (*readfnc) (void *opaque,
+ void *buffer, size_t size),
+ void *readfnc_value,
+ int (*writefnc) (void *opaque,
+ const void *buffer, size_t size),
+ void *writefnc_value,
+ void (*closefnc) (void *opaque),
+ void *closefnc_value)
+{
+ int err;
+ int slot;
+ reader_table_t slotp;
+ rapdu_msg_t msg = NULL;
+
+ slot = new_reader_slot ();
+ if (slot == -1)
+ return -1;
+ slotp = reader_table + slot;
+
+ slotp->rapdu.handle = rapdu_new ();
+ if (!slotp->rapdu.handle)
+ {
+ slotp->used = 0;
+ return -1;
+ }
+
+ rapdu_set_reader (slotp->rapdu.handle, portno);
+
+ rapdu_set_iofunc (slotp->rapdu.handle,
+ readfnc, readfnc_value,
+ writefnc, writefnc_value,
+ closefnc, closefnc_value);
+ rapdu_set_cookie (slotp->rapdu.handle, cookie, length);
+
+ /* First try to get the current ATR, but if the card is inactive
+ issue a reset instead. */
+ err = rapdu_send_cmd (slotp->rapdu.handle, RAPDU_CMD_GET_ATR);
+ if (err == RAPDU_STATUS_NEEDRESET)
+ err = rapdu_send_cmd (slotp->rapdu.handle, RAPDU_CMD_RESET);
+ if (err)
+ {
+ log_info ("sending rapdu command GET_ATR/RESET failed: %s\n",
+ err < 0 ? strerror (errno): rapdu_strerror (err));
+ goto failure;
+ }
+ err = rapdu_read_msg (slotp->rapdu.handle, &msg);
+ if (err)
+ {
+ log_info ("receiving rapdu message failed: %s\n",
+ err < 0 ? strerror (errno): rapdu_strerror (err));
+ goto failure;
+ }
+ if (msg->cmd != RAPDU_STATUS_SUCCESS || !msg->datalen)
+ {
+ log_info ("rapdu command GET ATR failed: %s\n",
+ rapdu_strerror (msg->cmd));
+ goto failure;
+ }
+ if (msg->datalen > DIM (slotp->atr))
+ {
+ log_error ("ATR returned by the RAPDU layer is too large\n");
+ goto failure;
+ }
+ slotp->atrlen = msg->datalen;
+ memcpy (slotp->atr, msg->data, msg->datalen);
+
+ reader_table[slot].close_reader = close_rapdu_reader;
+ reader_table[slot].reset_reader = reset_rapdu_reader;
+ reader_table[slot].get_status_reader = my_rapdu_get_status;
+ reader_table[slot].send_apdu_reader = my_rapdu_send_apdu;
+ reader_table[slot].check_keypad = NULL;
+ reader_table[slot].dump_status_reader = NULL;
+
+ dump_reader_status (slot);
+ rapdu_msg_release (msg);
+ return slot;
+
+ failure:
+ rapdu_msg_release (msg);
+ rapdu_release (slotp->rapdu.handle);
+ slotp->used = 0;
+ return -1;
+}
+
+#endif /*USE_G10CODE_RAPDU*/
+
+
+
+/*
+ Driver Access
+ */
+
+
+static int
+lock_slot (int slot)
+{
+#ifdef USE_GNU_PTH
+ if (!pth_mutex_acquire (&reader_table[slot].lock, 0, NULL))
+ {
+ log_error ("failed to acquire apdu lock: %s\n", strerror (errno));
+ return SW_HOST_LOCKING_FAILED;
+ }
+#endif /*USE_GNU_PTH*/
+ return 0;
+}
+
+static int
+trylock_slot (int slot)
+{
+#ifdef USE_GNU_PTH
+ if (!pth_mutex_acquire (&reader_table[slot].lock, TRUE, NULL))
+ {
+ if (errno == EBUSY)
+ return SW_HOST_BUSY;
+ log_error ("failed to acquire apdu lock: %s\n", strerror (errno));
+ return SW_HOST_LOCKING_FAILED;
+ }
+#endif /*USE_GNU_PTH*/
+ return 0;
+}
+
+static void
+unlock_slot (int slot)
+{
+#ifdef USE_GNU_PTH
+ if (!pth_mutex_release (&reader_table[slot].lock))
+ log_error ("failed to release apdu lock: %s\n", strerror (errno));
+#endif /*USE_GNU_PTH*/
+}
+
+
+/* Open the reader and return an internal slot number or -1 on
+ error. If PORTSTR is NULL we default to a suitable port (for ctAPI:
+ the first USB reader. For PC/SC the first listed reader). */
+int
+apdu_open_reader (const char *portstr, int *r_no_service)
+{
+ static int pcsc_api_loaded, ct_api_loaded;
+ int slot;
+
+ if (r_no_service)
+ *r_no_service = 0;
+
+#ifdef HAVE_LIBUSB
+ if (!opt.disable_ccid)
+ {
+ int i;
+ const char *s;
+
+ slot = open_ccid_reader (portstr);
+ if (slot != -1)
+ return slot; /* got one */
+
+ /* If a CCID reader specification has been given, the user does
+ not want a fallback to other drivers. */
+ if (portstr)
+ for (s=portstr, i=0; *s; s++)
+ if (*s == ':' && (++i == 3))
+ return -1;
+ }
+
+#endif /* HAVE_LIBUSB */
+
+ if (opt.ctapi_driver && *opt.ctapi_driver)
+ {
+ int port = portstr? atoi (portstr) : 32768;
+
+ if (!ct_api_loaded)
+ {
+ void *handle;
+
+ handle = dlopen (opt.ctapi_driver, RTLD_LAZY);
+ if (!handle)
+ {
+ log_error ("apdu_open_reader: failed to open driver: %s\n",
+ dlerror ());
+ return -1;
+ }
+ CT_init = dlsym (handle, "CT_init");
+ CT_data = dlsym (handle, "CT_data");
+ CT_close = dlsym (handle, "CT_close");
+ if (!CT_init || !CT_data || !CT_close)
+ {
+ log_error ("apdu_open_reader: invalid CT-API driver\n");
+ dlclose (handle);
+ return -1;
+ }
+ ct_api_loaded = 1;
+ }
+ return open_ct_reader (port);
+ }
+
+
+ /* No ctAPI configured, so lets try the PC/SC API */
+ if (!pcsc_api_loaded)
+ {
+#ifndef NEED_PCSC_WRAPPER
+ void *handle;
+
+ handle = dlopen (opt.pcsc_driver, RTLD_LAZY);
+ if (!handle)
+ {
+ log_error ("apdu_open_reader: failed to open driver `%s': %s\n",
+ opt.pcsc_driver, dlerror ());
+ return -1;
+ }
+
+ pcsc_establish_context = dlsym (handle, "SCardEstablishContext");
+ pcsc_release_context = dlsym (handle, "SCardReleaseContext");
+ pcsc_list_readers = dlsym (handle, "SCardListReaders");
+#if defined(_WIN32) || defined(__CYGWIN__)
+ if (!pcsc_list_readers)
+ pcsc_list_readers = dlsym (handle, "SCardListReadersA");
+#endif
+ pcsc_get_status_change = dlsym (handle, "SCardGetStatusChange");
+#if defined(_WIN32) || defined(__CYGWIN__)
+ if (!pcsc_get_status_change)
+ pcsc_get_status_change = dlsym (handle, "SCardGetStatusChangeA");
+#endif
+ pcsc_connect = dlsym (handle, "SCardConnect");
+#if defined(_WIN32) || defined(__CYGWIN__)
+ if (!pcsc_connect)
+ pcsc_connect = dlsym (handle, "SCardConnectA");
+#endif
+ pcsc_reconnect = dlsym (handle, "SCardReconnect");
+#if defined(_WIN32) || defined(__CYGWIN__)
+ if (!pcsc_reconnect)
+ pcsc_reconnect = dlsym (handle, "SCardReconnectA");
+#endif
+ pcsc_disconnect = dlsym (handle, "SCardDisconnect");
+ pcsc_status = dlsym (handle, "SCardStatus");
+#if defined(_WIN32) || defined(__CYGWIN__)
+ if (!pcsc_status)
+ pcsc_status = dlsym (handle, "SCardStatusA");
+#endif
+ pcsc_begin_transaction = dlsym (handle, "SCardBeginTransaction");
+ pcsc_end_transaction = dlsym (handle, "SCardEndTransaction");
+ pcsc_transmit = dlsym (handle, "SCardTransmit");
+ pcsc_set_timeout = dlsym (handle, "SCardSetTimeout");
+
+ if (!pcsc_establish_context
+ || !pcsc_release_context
+ || !pcsc_list_readers
+ || !pcsc_get_status_change
+ || !pcsc_connect
+ || !pcsc_reconnect
+ || !pcsc_disconnect
+ || !pcsc_status
+ || !pcsc_begin_transaction
+ || !pcsc_end_transaction
+ || !pcsc_transmit
+ /* || !pcsc_set_timeout */)
+ {
+ /* Note that set_timeout is currently not used and also not
+ available under Windows. */
+ log_error ("apdu_open_reader: invalid PC/SC driver "
+ "(%d%d%d%d%d%d%d%d%d%d%d%d)\n",
+ !!pcsc_establish_context,
+ !!pcsc_release_context,
+ !!pcsc_list_readers,
+ !!pcsc_get_status_change,
+ !!pcsc_connect,
+ !!pcsc_reconnect,
+ !!pcsc_disconnect,
+ !!pcsc_status,
+ !!pcsc_begin_transaction,
+ !!pcsc_end_transaction,
+ !!pcsc_transmit,
+ !!pcsc_set_timeout );
+ dlclose (handle);
+ return -1;
+ }
+#endif /*!NEED_PCSC_WRAPPER*/
+ pcsc_api_loaded = 1;
+ }
+
+ slot = open_pcsc_reader (portstr);
+ if (slot == -1 && r_no_service && pcsc_no_service)
+ *r_no_service = 1;
+
+ return slot;
+}
+
+
+/* Open an remote reader and return an internal slot number or -1 on
+ error. This function is an alternative to apdu_open_reader and used
+ with remote readers only. Note that the supplied CLOSEFNC will
+ only be called once and the slot will not be valid afther this.
+
+ If PORTSTR is NULL we default to the first availabe port.
+*/
+int
+apdu_open_remote_reader (const char *portstr,
+ const unsigned char *cookie, size_t length,
+ int (*readfnc) (void *opaque,
+ void *buffer, size_t size),
+ void *readfnc_value,
+ int (*writefnc) (void *opaque,
+ const void *buffer, size_t size),
+ void *writefnc_value,
+ void (*closefnc) (void *opaque),
+ void *closefnc_value)
+{
+#ifdef USE_G10CODE_RAPDU
+ return open_rapdu_reader (portstr? atoi (portstr) : 0,
+ cookie, length,
+ readfnc, readfnc_value,
+ writefnc, writefnc_value,
+ closefnc, closefnc_value);
+#else
+ (void)portstr;
+ (void)cookie;
+ (void)length;
+ (void)readfnc;
+ (void)readfnc_value;
+ (void)writefnc;
+ (void)writefnc_value;
+ (void)closefnc;
+ (void)closefnc_value;
+#ifdef _WIN32
+ errno = ENOENT;
+#else
+ errno = ENOSYS;
+#endif
+ return -1;
+#endif
+}
+
+
+int
+apdu_close_reader (int slot)
+{
+ int sw;
+
+ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
+ return SW_HOST_NO_DRIVER;
+ sw = apdu_disconnect (slot);
+ if (sw)
+ return sw;
+ if (reader_table[slot].close_reader)
+ return reader_table[slot].close_reader (slot);
+ return SW_HOST_NOT_SUPPORTED;
+}
+
+
+/* Function suitable for a cleanup function to close all reader. It
+ should not be used if the reader will be opened again. The reason
+ for implementing this to properly close USB devices so that they
+ will startup the next time without error. */
+void
+apdu_prepare_exit (void)
+{
+ static int sentinel;
+ int slot;
+
+ if (!sentinel)
+ {
+ sentinel = 1;
+ for (slot = 0; slot < MAX_READER; slot++)
+ if (reader_table[slot].used)
+ {
+ apdu_disconnect (slot);
+ if (reader_table[slot].close_reader)
+ reader_table[slot].close_reader (slot);
+ reader_table[slot].used = 0;
+ }
+ sentinel = 0;
+ }
+}
+
+
+/* Shutdown a reader; that is basically the same as a close but keeps
+ the handle ready for later use. A apdu_reset_reader or apdu_connect
+ should be used to get it active again. */
+int
+apdu_shutdown_reader (int slot)
+{
+ int sw;
+
+ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
+ return SW_HOST_NO_DRIVER;
+ sw = apdu_disconnect (slot);
+ if (sw)
+ return sw;
+ if (reader_table[slot].shutdown_reader)
+ return reader_table[slot].shutdown_reader (slot);
+ return SW_HOST_NOT_SUPPORTED;
+}
+
+/* Enumerate all readers and return information on whether this reader
+ is in use. The caller should start with SLOT set to 0 and
+ increment it with each call until an error is returned. */
+int
+apdu_enum_reader (int slot, int *used)
+{
+ if (slot < 0 || slot >= MAX_READER)
+ return SW_HOST_NO_DRIVER;
+ *used = reader_table[slot].used;
+ return 0;
+}
+
+
+/* Connect a card. This is used to power up the card and make sure
+ that an ATR is available. */
+int
+apdu_connect (int slot)
+{
+ int sw;
+
+ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
+ return SW_HOST_NO_DRIVER;
+
+ /* Only if the access method provides a connect function we use it.
+ If not, we expect that the card has been implicitly connected by
+ apdu_open_reader. */
+ if (reader_table[slot].connect_card)
+ {
+ sw = lock_slot (slot);
+ if (!sw)
+ {
+ sw = reader_table[slot].connect_card (slot);
+ unlock_slot (slot);
+ }
+ }
+ else
+ sw = 0;
+
+ /* We need to call apdu_get_status_internal, so that the last-status
+ machinery gets setup properly even if a card is inserted while
+ scdaemon is fired up and apdu_get_status has not yet been called.
+ Without that we would force a reset of the card with the next
+ call to apdu_get_status. */
+ apdu_get_status_internal (slot, 1, 1, NULL, NULL);
+
+ return sw;
+}
+
+
+int
+apdu_disconnect (int slot)
+{
+ int sw;
+
+ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
+ return SW_HOST_NO_DRIVER;
+
+ if (reader_table[slot].disconnect_card)
+ {
+ sw = lock_slot (slot);
+ if (!sw)
+ {
+ sw = reader_table[slot].disconnect_card (slot);
+ unlock_slot (slot);
+ }
+ }
+ else
+ sw = 0;
+ return sw;
+}
+
+
+/* Set the progress callback of SLOT to CB and its args to CB_ARG. If
+ CB is NULL the progress callback is removed. */
+int
+apdu_set_progress_cb (int slot, gcry_handler_progress_t cb, void *cb_arg)
+{
+ int sw;
+
+ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
+ return SW_HOST_NO_DRIVER;
+
+ if (reader_table[slot].set_progress_cb)
+ {
+ sw = lock_slot (slot);
+ if (!sw)
+ {
+ sw = reader_table[slot].set_progress_cb (slot, cb, cb_arg);
+ unlock_slot (slot);
+ }
+ }
+ else
+ sw = 0;
+ return sw;
+}
+
+
+/* Do a reset for the card in reader at SLOT. */
+int
+apdu_reset (int slot)
+{
+ int sw;
+
+ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
+ return SW_HOST_NO_DRIVER;
+
+ if ((sw = lock_slot (slot)))
+ return sw;
+
+ reader_table[slot].last_status = 0;
+ if (reader_table[slot].reset_reader)
+ sw = reader_table[slot].reset_reader (slot);
+
+ if (!sw)
+ {
+ /* If we got to here we know that a card is present
+ and usable. Thus remember this. */
+ reader_table[slot].last_status = (APDU_CARD_USABLE
+ | APDU_CARD_PRESENT
+ | APDU_CARD_ACTIVE);
+ }
+
+ unlock_slot (slot);
+ return sw;
+}
+
+
+/* Activate a card if it has not yet been done. This is a kind of
+ reset-if-required. It is useful to test for presence of a card
+ before issuing a bunch of apdu commands. It does not wait on a
+ locked card. */
+int
+apdu_activate (int slot)
+{
+ int sw;
+ unsigned int s;
+
+ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
+ return SW_HOST_NO_DRIVER;
+
+ if ((sw = trylock_slot (slot)))
+ return sw;
+
+ if (reader_table[slot].get_status_reader)
+ sw = reader_table[slot].get_status_reader (slot, &s);
+
+ if (!sw)
+ {
+ if (!(s & 2)) /* Card not present. */
+ sw = SW_HOST_NO_CARD;
+ else if ( ((s & 2) && !(s & 4))
+ || !reader_table[slot].atrlen )
+ {
+ /* We don't have an ATR or a card is present though inactive:
+ do a reset now. */
+ if (reader_table[slot].reset_reader)
+ {
+ reader_table[slot].last_status = 0;
+ sw = reader_table[slot].reset_reader (slot);
+ if (!sw)
+ {
+ /* If we got to here we know that a card is present
+ and usable. Thus remember this. */
+ reader_table[slot].last_status = (APDU_CARD_USABLE
+ | APDU_CARD_PRESENT
+ | APDU_CARD_ACTIVE);
+ }
+ }
+ }
+ }
+
+ unlock_slot (slot);
+ return sw;
+}
+
+
+unsigned char *
+apdu_get_atr (int slot, size_t *atrlen)
+{
+ unsigned char *buf;
+
+ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
+ return NULL;
+ if (!reader_table[slot].atrlen)
+ return NULL;
+ buf = xtrymalloc (reader_table[slot].atrlen);
+ if (!buf)
+ return NULL;
+ memcpy (buf, reader_table[slot].atr, reader_table[slot].atrlen);
+ *atrlen = reader_table[slot].atrlen;
+ return buf;
+}
+
+
+
+/* Retrieve the status for SLOT. The function does only wait for the
+ card to become available if HANG is set to true. On success the
+ bits in STATUS will be set to
+
+ APDU_CARD_USABLE (bit 0) = card present and usable
+ APDU_CARD_PRESENT (bit 1) = card present
+ APDU_CARD_ACTIVE (bit 2) = card active
+ (bit 3) = card access locked [not yet implemented]
+
+ For must applications, testing bit 0 is sufficient.
+
+ CHANGED will receive the value of the counter tracking the number
+ of card insertions. This value may be used to detect a card
+ change.
+*/
+static int
+apdu_get_status_internal (int slot, int hang, int no_atr_reset,
+ unsigned int *status, unsigned int *changed)
+{
+ int sw;
+ unsigned int s;
+
+ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
+ return SW_HOST_NO_DRIVER;
+
+ if ((sw = hang? lock_slot (slot) : trylock_slot (slot)))
+ return sw;
+
+ if (reader_table[slot].get_status_reader)
+ sw = reader_table[slot].get_status_reader (slot, &s);
+
+ unlock_slot (slot);
+
+ if (sw)
+ {
+ reader_table[slot].last_status = 0;
+ return sw;
+ }
+
+ /* Keep track of changes. */
+ if (s != reader_table[slot].last_status
+ || !reader_table[slot].any_status )
+ {
+ reader_table[slot].change_counter++;
+ /* Make sure that the ATR is invalid so that a reset will be
+ triggered by apdu_activate. */
+ if (!no_atr_reset)
+ reader_table[slot].atrlen = 0;
+ }
+ reader_table[slot].any_status = 1;
+ reader_table[slot].last_status = s;
+
+ if (status)
+ *status = s;
+ if (changed)
+ *changed = reader_table[slot].change_counter;
+ return 0;
+}
+
+
+/* See above for a description. */
+int
+apdu_get_status (int slot, int hang,
+ unsigned int *status, unsigned int *changed)
+{
+ return apdu_get_status_internal (slot, hang, 0, status, changed);
+}
+
+
+/* Check whether the reader supports the ISO command code COMMAND on
+ the keypad. Return 0 on success. For a description of the pin
+ parameters, see ccid-driver.c */
+int
+apdu_check_keypad (int slot, int command, int pin_mode,
+ int pinlen_min, int pinlen_max, int pin_padlen)
+{
+ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
+ return SW_HOST_NO_DRIVER;
+
+ if (reader_table[slot].check_keypad)
+ return reader_table[slot].check_keypad (slot, command,
+ pin_mode, pinlen_min, pinlen_max,
+ pin_padlen);
+ else
+ return SW_HOST_NOT_SUPPORTED;
+}
+
+
+/* Dispatcher for the actual send_apdu function. Note, that this
+ function should be called in locked state. */
+static int
+send_apdu (int slot, unsigned char *apdu, size_t apdulen,
+ unsigned char *buffer, size_t *buflen, struct pininfo_s *pininfo)
+{
+ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
+ return SW_HOST_NO_DRIVER;
+
+ if (reader_table[slot].send_apdu_reader)
+ return reader_table[slot].send_apdu_reader (slot,
+ apdu, apdulen,
+ buffer, buflen,
+ pininfo);
+ else
+ return SW_HOST_NOT_SUPPORTED;
+}
+
+
+/* Core APDU tranceiver function. Parameters are described at
+ apdu_send_le with the exception of PININFO which indicates keypad
+ related operations if not NULL. If EXTENDED_MODE is not 0
+ command chaining or extended length will be used according to these
+ values:
+ n < 0 := Use command chaining with the data part limited to -n
+ in each chunk. If -1 is used a default value is used.
+ n == 0 := No extended mode or command chaining.
+ n == 1 := Use extended length for input and output without a
+ length limit.
+ n > 1 := Use extended length with up to N bytes.
+
+*/
+static int
+send_le (int slot, int class, int ins, int p0, int p1,
+ int lc, const char *data, int le,
+ unsigned char **retbuf, size_t *retbuflen,
+ struct pininfo_s *pininfo, int extended_mode)
+{
+#define SHORT_RESULT_BUFFER_SIZE 258
+ /* We allocate 8 extra bytes as a safety margin towards a driver bug. */
+ unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10];
+ unsigned char *result_buffer = NULL;
+ size_t result_buffer_size;
+ unsigned char *result;
+ size_t resultlen;
+ unsigned char short_apdu_buffer[5+256+1];
+ unsigned char *apdu_buffer = NULL;
+ size_t apdu_buffer_size;
+ unsigned char *apdu;
+ size_t apdulen;
+ int sw;
+ long rc; /* We need a long here due to PC/SC. */
+ int did_exact_length_hack = 0;
+ int use_chaining = 0;
+ int use_extended_length = 0;
+ int lc_chunk;
+
+ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
+ return SW_HOST_NO_DRIVER;
+
+ if (DBG_CARD_IO)
+ log_debug ("send apdu: c=%02X i=%02X p1=%02X p2=%02X lc=%d le=%d em=%d\n",
+ class, ins, p0, p1, lc, le, extended_mode);
+
+ if (lc != -1 && (lc > 255 || lc < 0))
+ {
+ /* Data does not fit into an APDU. What we do now depends on
+ the EXTENDED_MODE parameter. */
+ if (!extended_mode)
+ return SW_WRONG_LENGTH; /* No way to send such an APDU. */
+ else if (extended_mode > 0)
+ use_extended_length = 1;
+ else if (extended_mode < 0)
+ {
+ /* Send APDU using chaining mode. */
+ if (lc > 16384)
+ return SW_WRONG_LENGTH; /* Sanity check. */
+ if ((class&0xf0) != 0)
+ return SW_HOST_INV_VALUE; /* Upper 4 bits need to be 0. */
+ use_chaining = extended_mode == -1? 255 : -extended_mode;
+ use_chaining &= 0xff;
+ }
+ else
+ return SW_HOST_INV_VALUE;
+ }
+ else if (lc == -1 && extended_mode > 0)
+ use_extended_length = 1;
+
+ if (le != -1 && (le > (extended_mode > 0? 255:256) || le < 0))
+ {
+ /* Expected Data does not fit into an APDU. What we do now
+ depends on the EXTENDED_MODE parameter. Note that a check
+ for command chaining does not make sense because we are
+ looking at Le. */
+ if (!extended_mode)
+ return SW_WRONG_LENGTH; /* No way to send such an APDU. */
+ else if (use_extended_length)
+ ; /* We are already using extended length. */
+ else if (extended_mode > 0)
+ use_extended_length = 1;
+ else
+ return SW_HOST_INV_VALUE;
+ }
+
+ if ((!data && lc != -1) || (data && lc == -1))
+ return SW_HOST_INV_VALUE;
+
+ if (use_extended_length)
+ {
+ if (reader_table[slot].is_t0)
+ return SW_HOST_NOT_SUPPORTED;
+
+ /* Space for: cls/ins/p1/p2+Z+2_byte_Lc+Lc+2_byte_Le. */
+ apdu_buffer_size = 4 + 1 + (lc >= 0? (2+lc):0) + 2;
+ apdu_buffer = xtrymalloc (apdu_buffer_size + 10);
+ if (!apdu_buffer)
+ return SW_HOST_OUT_OF_CORE;
+ apdu = apdu_buffer;
+ }
+ else
+ {
+ apdu_buffer_size = sizeof short_apdu_buffer;
+ apdu = short_apdu_buffer;
+ }
+
+ if (use_extended_length && (le > 256 || le < 0))
+ {
+ result_buffer_size = le < 0? 4096 : le;
+ result_buffer = xtrymalloc (result_buffer_size + 10);
+ if (!result_buffer)
+ {
+ xfree (apdu_buffer);
+ return SW_HOST_OUT_OF_CORE;
+ }
+ result = result_buffer;
+ }
+ else
+ {
+ result_buffer_size = SHORT_RESULT_BUFFER_SIZE;
+ result = short_result_buffer;
+ }
+#undef SHORT_RESULT_BUFFER_SIZE
+
+ if ((sw = lock_slot (slot)))
+ {
+ xfree (apdu_buffer);
+ xfree (result_buffer);
+ return sw;
+ }
+
+ do
+ {
+ if (use_extended_length)
+ {
+ use_chaining = 0;
+ apdulen = 0;
+ apdu[apdulen++] = class;
+ apdu[apdulen++] = ins;
+ apdu[apdulen++] = p0;
+ apdu[apdulen++] = p1;
+ apdu[apdulen++] = 0; /* Z byte: Extended length marker. */
+ if (lc >= 0)
+ {
+ apdu[apdulen++] = ((lc >> 8) & 0xff);
+ apdu[apdulen++] = (lc & 0xff);
+ memcpy (apdu+apdulen, data, lc);
+ data += lc;
+ apdulen += lc;
+ }
+ if (le != -1)
+ {
+ apdu[apdulen++] = ((le >> 8) & 0xff);
+ apdu[apdulen++] = (le & 0xff);
+ }
+ }
+ else
+ {
+ apdulen = 0;
+ apdu[apdulen] = class;
+ if (use_chaining && lc > 255)
+ {
+ apdu[apdulen] |= 0x10;
+ assert (use_chaining < 256);
+ lc_chunk = use_chaining;
+ lc -= use_chaining;
+ }
+ else
+ {
+ use_chaining = 0;
+ lc_chunk = lc;
+ }
+ apdulen++;
+ apdu[apdulen++] = ins;
+ apdu[apdulen++] = p0;
+ apdu[apdulen++] = p1;
+ if (lc_chunk != -1)
+ {
+ apdu[apdulen++] = lc_chunk;
+ memcpy (apdu+apdulen, data, lc_chunk);
+ data += lc_chunk;
+ apdulen += lc_chunk;
+ /* T=0 does not allow the use of Lc together with Le;
+ thus disable Le in this case. */
+ if (reader_table[slot].is_t0)
+ le = -1;
+ }
+ if (le != -1 && !use_chaining)
+ apdu[apdulen++] = le; /* Truncation is okay (0 means 256). */
+ }
+
+ exact_length_hack:
+ /* As a safeguard don't pass any garbage to the driver. */
+ assert (apdulen <= apdu_buffer_size);
+ memset (apdu+apdulen, 0, apdu_buffer_size - apdulen);
+ resultlen = result_buffer_size;
+ rc = send_apdu (slot, apdu, apdulen, result, &resultlen, pininfo);
+ if (rc || resultlen < 2)
+ {
+ log_info ("apdu_send_simple(%d) failed: %s\n",
+ slot, apdu_strerror (rc));
+ unlock_slot (slot);
+ xfree (apdu_buffer);
+ xfree (result_buffer);
+ return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE;
+ }
+ sw = (result[resultlen-2] << 8) | result[resultlen-1];
+ if (!use_extended_length
+ && !did_exact_length_hack && SW_EXACT_LENGTH_P (sw))
+ {
+ apdu[apdulen-1] = (sw & 0x00ff);
+ did_exact_length_hack = 1;
+ goto exact_length_hack;
+ }
+ }
+ while (use_chaining && sw == SW_SUCCESS);
+
+ if (apdu_buffer)
+ {
+ xfree (apdu_buffer);
+ apdu_buffer = NULL;
+ apdu_buffer_size = 0;
+ }
+
+ /* Store away the returned data but strip the statusword. */
+ resultlen -= 2;
+ if (DBG_CARD_IO)
+ {
+ log_debug (" response: sw=%04X datalen=%d\n",
+ sw, (unsigned int)resultlen);
+ if ( !retbuf && (sw == SW_SUCCESS || (sw & 0xff00) == SW_MORE_DATA))
+ log_printhex (" dump: ", result, resultlen);
+ }
+
+ if (sw == SW_SUCCESS || sw == SW_EOF_REACHED)
+ {
+ if (retbuf)
+ {
+ *retbuf = xtrymalloc (resultlen? resultlen : 1);
+ if (!*retbuf)
+ {
+ unlock_slot (slot);
+ xfree (result_buffer);
+ return SW_HOST_OUT_OF_CORE;
+ }
+ *retbuflen = resultlen;
+ memcpy (*retbuf, result, resultlen);
+ }
+ }
+ else if ((sw & 0xff00) == SW_MORE_DATA)
+ {
+ unsigned char *p = NULL, *tmp;
+ size_t bufsize = 4096;
+
+ /* It is likely that we need to return much more data, so we
+ start off with a large buffer. */
+ if (retbuf)
+ {
+ *retbuf = p = xtrymalloc (bufsize);
+ if (!*retbuf)
+ {
+ unlock_slot (slot);
+ xfree (result_buffer);
+ return SW_HOST_OUT_OF_CORE;
+ }
+ assert (resultlen < bufsize);
+ memcpy (p, result, resultlen);
+ p += resultlen;
+ }
+
+ do
+ {
+ int len = (sw & 0x00ff);
+
+ if (DBG_CARD_IO)
+ log_debug ("apdu_send_simple(%d): %d more bytes available\n",
+ slot, len);
+ apdu_buffer_size = sizeof short_apdu_buffer;
+ apdu = short_apdu_buffer;
+ apdulen = 0;
+ apdu[apdulen++] = class;
+ apdu[apdulen++] = 0xC0;
+ apdu[apdulen++] = 0;
+ apdu[apdulen++] = 0;
+ apdu[apdulen++] = len;
+ assert (apdulen <= apdu_buffer_size);
+ memset (apdu+apdulen, 0, apdu_buffer_size - apdulen);
+ resultlen = result_buffer_size;
+ rc = send_apdu (slot, apdu, apdulen, result, &resultlen, NULL);
+ if (rc || resultlen < 2)
+ {
+ log_error ("apdu_send_simple(%d) for get response failed: %s\n",
+ slot, apdu_strerror (rc));
+ unlock_slot (slot);
+ xfree (result_buffer);
+ return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE;
+ }
+ sw = (result[resultlen-2] << 8) | result[resultlen-1];
+ resultlen -= 2;
+ if (DBG_CARD_IO)
+ {
+ log_debug (" more: sw=%04X datalen=%d\n",
+ sw, (unsigned int)resultlen);
+ if (!retbuf && (sw==SW_SUCCESS || (sw&0xff00)==SW_MORE_DATA))
+ log_printhex (" dump: ", result, resultlen);
+ }
+
+ if ((sw & 0xff00) == SW_MORE_DATA
+ || sw == SW_SUCCESS
+ || sw == SW_EOF_REACHED )
+ {
+ if (retbuf && resultlen)
+ {
+ if (p - *retbuf + resultlen > bufsize)
+ {
+ bufsize += resultlen > 4096? resultlen: 4096;
+ tmp = xtryrealloc (*retbuf, bufsize);
+ if (!tmp)
+ {
+ unlock_slot (slot);
+ xfree (result_buffer);
+ return SW_HOST_OUT_OF_CORE;
+ }
+ p = tmp + (p - *retbuf);
+ *retbuf = tmp;
+ }
+ memcpy (p, result, resultlen);
+ p += resultlen;
+ }
+ }
+ else
+ log_info ("apdu_send_simple(%d) "
+ "got unexpected status %04X from get response\n",
+ slot, sw);
+ }
+ while ((sw & 0xff00) == SW_MORE_DATA);
+
+ if (retbuf)
+ {
+ *retbuflen = p - *retbuf;
+ tmp = xtryrealloc (*retbuf, *retbuflen);
+ if (tmp)
+ *retbuf = tmp;
+ }
+ }
+
+ unlock_slot (slot);
+ xfree (result_buffer);
+
+ if (DBG_CARD_IO && retbuf && sw == SW_SUCCESS)
+ log_printhex (" dump: ", *retbuf, *retbuflen);
+
+ return sw;
+}
+
+/* Send an APDU to the card in SLOT. The APDU is created from all
+ given parameters: CLASS, INS, P0, P1, LC, DATA, LE. A value of -1
+ for LC won't sent this field and the data field; in this case DATA
+ must also be passed as NULL. If EXTENDED_MODE is not 0 command
+ chaining or extended length will be used; see send_le for details.
+ The return value is the status word or -1 for an invalid SLOT or
+ other non card related error. If RETBUF is not NULL, it will
+ receive an allocated buffer with the returned data. The length of
+ that data will be put into *RETBUFLEN. The caller is reponsible
+ for releasing the buffer even in case of errors. */
+int
+apdu_send_le(int slot, int extended_mode,
+ int class, int ins, int p0, int p1,
+ int lc, const char *data, int le,
+ unsigned char **retbuf, size_t *retbuflen)
+{
+ return send_le (slot, class, ins, p0, p1,
+ lc, data, le,
+ retbuf, retbuflen,
+ NULL, extended_mode);
+}
+
+
+/* Send an APDU to the card in SLOT. The APDU is created from all
+ given parameters: CLASS, INS, P0, P1, LC, DATA. A value of -1 for
+ LC won't sent this field and the data field; in this case DATA must
+ also be passed as NULL. If EXTENDED_MODE is not 0 command chaining
+ or extended length will be used; see send_le for details. The
+ return value is the status word or -1 for an invalid SLOT or other
+ non card related error. If RETBUF is not NULL, it will receive an
+ allocated buffer with the returned data. The length of that data
+ will be put into *RETBUFLEN. The caller is reponsible for
+ releasing the buffer even in case of errors. */
+int
+apdu_send (int slot, int extended_mode,
+ int class, int ins, int p0, int p1,
+ int lc, const char *data, unsigned char **retbuf, size_t *retbuflen)
+{
+ return send_le (slot, class, ins, p0, p1, lc, data, 256,
+ retbuf, retbuflen, NULL, extended_mode);
+}
+
+/* Send an APDU to the card in SLOT. The APDU is created from all
+ given parameters: CLASS, INS, P0, P1, LC, DATA. A value of -1 for
+ LC won't sent this field and the data field; in this case DATA must
+ also be passed as NULL. If EXTENDED_MODE is not 0 command chaining
+ or extended length will be used; see send_le for details. The
+ return value is the status word or -1 for an invalid SLOT or other
+ non card related error. No data will be returned. */
+int
+apdu_send_simple (int slot, int extended_mode,
+ int class, int ins, int p0, int p1,
+ int lc, const char *data)
+{
+ return send_le (slot, class, ins, p0, p1, lc, data, -1, NULL, NULL, NULL,
+ extended_mode);
+}
+
+
+/* Same as apdu_send_simple but uses the keypad of the reader. */
+int
+apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1,
+ int lc, const char *data,
+ int pin_mode,
+ int pinlen_min, int pinlen_max, int pin_padlen)
+{
+ struct pininfo_s pininfo;
+
+ pininfo.mode = pin_mode;
+ pininfo.minlen = pinlen_min;
+ pininfo.maxlen = pinlen_max;
+ pininfo.padlen = pin_padlen;
+ return send_le (slot, class, ins, p0, p1, lc, data, -1,
+ NULL, NULL, &pininfo, 0);
+}
+
+
+/* This is a more generic version of the apdu sending routine. It
+ takes an already formatted APDU in APDUDATA or length APDUDATALEN
+ and returns with an APDU including the status word. With
+ HANDLE_MORE set to true this function will handle the MORE DATA
+ status and return all APDUs concatenated with one status word at
+ the end. If EXTENDED_LENGTH is != 0 extended lengths are allowed
+ with a max. result data length of EXTENDED_LENGTH bytes. The
+ function does not return a regular status word but 0 on success.
+ If the slot is locked, the function returns immediately with an
+ error. */
+int
+apdu_send_direct (int slot, size_t extended_length,
+ const unsigned char *apdudata, size_t apdudatalen,
+ int handle_more,
+ unsigned char **retbuf, size_t *retbuflen)
+{
+#define SHORT_RESULT_BUFFER_SIZE 258
+ unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10];
+ unsigned char *result_buffer = NULL;
+ size_t result_buffer_size;
+ unsigned char *result;
+ size_t resultlen;
+ unsigned char short_apdu_buffer[5+256+10];
+ unsigned char *apdu_buffer = NULL;
+ unsigned char *apdu;
+ size_t apdulen;
+ int sw;
+ long rc; /* we need a long here due to PC/SC. */
+ int class;
+
+ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
+ return SW_HOST_NO_DRIVER;
+
+ if (apdudatalen > 65535)
+ return SW_HOST_INV_VALUE;
+
+ if (apdudatalen > sizeof short_apdu_buffer - 5)
+ {
+ apdu_buffer = xtrymalloc (apdudatalen + 5);
+ if (!apdu_buffer)
+ return SW_HOST_OUT_OF_CORE;
+ apdu = apdu_buffer;
+ }
+ else
+ {
+ apdu = short_apdu_buffer;
+ }
+ apdulen = apdudatalen;
+ memcpy (apdu, apdudata, apdudatalen);
+ class = apdulen? *apdu : 0;
+
+ if (extended_length >= 256 && extended_length <= 65536)
+ {
+ result_buffer_size = extended_length;
+ result_buffer = xtrymalloc (result_buffer_size + 10);
+ if (!result_buffer)
+ {
+ xfree (apdu_buffer);
+ return SW_HOST_OUT_OF_CORE;
+ }
+ result = result_buffer;
+ }
+ else
+ {
+ result_buffer_size = SHORT_RESULT_BUFFER_SIZE;
+ result = short_result_buffer;
+ }
+#undef SHORT_RESULT_BUFFER_SIZE
+
+ if ((sw = trylock_slot (slot)))
+ {
+ xfree (apdu_buffer);
+ xfree (result_buffer);
+ return sw;
+ }
+
+ resultlen = result_buffer_size;
+ rc = send_apdu (slot, apdu, apdulen, result, &resultlen, NULL);
+ xfree (apdu_buffer);
+ apdu_buffer = NULL;
+ if (rc || resultlen < 2)
+ {
+ log_error ("apdu_send_direct(%d) failed: %s\n",
+ slot, apdu_strerror (rc));
+ unlock_slot (slot);
+ xfree (result_buffer);
+ return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE;
+ }
+ sw = (result[resultlen-2] << 8) | result[resultlen-1];
+ /* Store away the returned data but strip the statusword. */
+ resultlen -= 2;
+ if (DBG_CARD_IO)
+ {
+ log_debug (" response: sw=%04X datalen=%d\n",
+ sw, (unsigned int)resultlen);
+ if ( !retbuf && (sw == SW_SUCCESS || (sw & 0xff00) == SW_MORE_DATA))
+ log_printhex (" dump: ", result, resultlen);
+ }
+
+ if (handle_more && (sw & 0xff00) == SW_MORE_DATA)
+ {
+ unsigned char *p = NULL, *tmp;
+ size_t bufsize = 4096;
+
+ /* It is likely that we need to return much more data, so we
+ start off with a large buffer. */
+ if (retbuf)
+ {
+ *retbuf = p = xtrymalloc (bufsize + 2);
+ if (!*retbuf)
+ {
+ unlock_slot (slot);
+ xfree (result_buffer);
+ return SW_HOST_OUT_OF_CORE;
+ }
+ assert (resultlen < bufsize);
+ memcpy (p, result, resultlen);
+ p += resultlen;
+ }
+
+ do
+ {
+ int len = (sw & 0x00ff);
+
+ if (DBG_CARD_IO)
+ log_debug ("apdu_send_direct(%d): %d more bytes available\n",
+ slot, len);
+ apdu = short_apdu_buffer;
+ apdulen = 0;
+ apdu[apdulen++] = class;
+ apdu[apdulen++] = 0xC0;
+ apdu[apdulen++] = 0;
+ apdu[apdulen++] = 0;
+ apdu[apdulen++] = len;
+ memset (apdu+apdulen, 0, sizeof (short_apdu_buffer) - apdulen);
+ resultlen = result_buffer_size;
+ rc = send_apdu (slot, apdu, apdulen, result, &resultlen, NULL);
+ if (rc || resultlen < 2)
+ {
+ log_error ("apdu_send_direct(%d) for get response failed: %s\n",
+ slot, apdu_strerror (rc));
+ unlock_slot (slot);
+ xfree (result_buffer);
+ return rc ? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE;
+ }
+ sw = (result[resultlen-2] << 8) | result[resultlen-1];
+ resultlen -= 2;
+ if (DBG_CARD_IO)
+ {
+ log_debug (" more: sw=%04X datalen=%d\n",
+ sw, (unsigned int)resultlen);
+ if (!retbuf && (sw==SW_SUCCESS || (sw&0xff00)==SW_MORE_DATA))
+ log_printhex (" dump: ", result, resultlen);
+ }
+
+ if ((sw & 0xff00) == SW_MORE_DATA
+ || sw == SW_SUCCESS
+ || sw == SW_EOF_REACHED )
+ {
+ if (retbuf && resultlen)
+ {
+ if (p - *retbuf + resultlen > bufsize)
+ {
+ bufsize += resultlen > 4096? resultlen: 4096;
+ tmp = xtryrealloc (*retbuf, bufsize + 2);
+ if (!tmp)
+ {
+ unlock_slot (slot);
+ xfree (result_buffer);
+ return SW_HOST_OUT_OF_CORE;
+ }
+ p = tmp + (p - *retbuf);
+ *retbuf = tmp;
+ }
+ memcpy (p, result, resultlen);
+ p += resultlen;
+ }
+ }
+ else
+ log_info ("apdu_send_direct(%d) "
+ "got unexpected status %04X from get response\n",
+ slot, sw);
+ }
+ while ((sw & 0xff00) == SW_MORE_DATA);
+
+ if (retbuf)
+ {
+ *retbuflen = p - *retbuf;
+ tmp = xtryrealloc (*retbuf, *retbuflen + 2);
+ if (tmp)
+ *retbuf = tmp;
+ }
+ }
+ else
+ {
+ if (retbuf)
+ {
+ *retbuf = xtrymalloc ((resultlen? resultlen : 1)+2);
+ if (!*retbuf)
+ {
+ unlock_slot (slot);
+ xfree (result_buffer);
+ return SW_HOST_OUT_OF_CORE;
+ }
+ *retbuflen = resultlen;
+ memcpy (*retbuf, result, resultlen);
+ }
+ }
+
+ unlock_slot (slot);
+ xfree (result_buffer);
+
+ /* Append the status word. Note that we reserved the two extra
+ bytes while allocating the buffer. */
+ if (retbuf)
+ {
+ (*retbuf)[(*retbuflen)++] = (sw >> 8);
+ (*retbuf)[(*retbuflen)++] = sw;
+ }
+
+ if (DBG_CARD_IO && retbuf)
+ log_printhex (" dump: ", *retbuf, *retbuflen);
+
+ return 0;
+}
diff --git a/scd/apdu.h b/scd/apdu.h
new file mode 100644
index 0000000..d79f8b4
--- /dev/null
+++ b/scd/apdu.h
@@ -0,0 +1,140 @@
+/* apdu.h - ISO 7816 APDU functions and low level I/O
+ * Copyright (C) 2003, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * $Id$
+ */
+
+#ifndef APDU_H
+#define APDU_H
+
+/* ISO 7816 values for the statusword are defined here because they
+ should not be visible to the users of the actual ISO command
+ API. */
+enum {
+ SW_MORE_DATA = 0x6100, /* Note: that the low byte must be
+ masked of.*/
+ SW_EOF_REACHED = 0x6282,
+ SW_TERM_STATE = 0x6285, /* Selected file is in termination state. */
+ SW_EEPROM_FAILURE = 0x6581,
+ SW_WRONG_LENGTH = 0x6700,
+ SW_SM_NOT_SUP = 0x6882, /* Secure Messaging is not supported. */
+ SW_CC_NOT_SUP = 0x6884, /* Command Chaining is not supported. */
+ SW_CHV_WRONG = 0x6982,
+ SW_CHV_BLOCKED = 0x6983,
+ SW_USE_CONDITIONS = 0x6985,
+ SW_BAD_PARAMETER = 0x6a80, /* (in the data field) */
+ SW_NOT_SUPPORTED = 0x6a81,
+ SW_FILE_NOT_FOUND = 0x6a82,
+ SW_RECORD_NOT_FOUND = 0x6a83,
+ SW_BAD_LC = 0x6a87, /* Lc does not match command or p1/p2. */
+ SW_REF_NOT_FOUND = 0x6a88,
+ SW_BAD_P0_P1 = 0x6b00,
+ SW_EXACT_LENGTH = 0x6c00,
+ SW_INS_NOT_SUP = 0x6d00,
+ SW_CLA_NOT_SUP = 0x6e00,
+ SW_SUCCESS = 0x9000,
+
+ /* The follwoing statuswords are no real ones but used to map host
+ OS errors into status words. A status word is 16 bit so that
+ those values can't be issued by a card. */
+ SW_HOST_OUT_OF_CORE = 0x10001, /* No way yet to differentiate
+ between errnos on a failed malloc. */
+ SW_HOST_INV_VALUE = 0x10002,
+ SW_HOST_INCOMPLETE_CARD_RESPONSE = 0x10003,
+ SW_HOST_NO_DRIVER = 0x10004,
+ SW_HOST_NOT_SUPPORTED = 0x10005,
+ SW_HOST_LOCKING_FAILED= 0x10006,
+ SW_HOST_BUSY = 0x10007,
+ SW_HOST_NO_CARD = 0x10008,
+ SW_HOST_CARD_INACTIVE = 0x10009,
+ SW_HOST_CARD_IO_ERROR = 0x1000a,
+ SW_HOST_GENERAL_ERROR = 0x1000b,
+ SW_HOST_NO_READER = 0x1000c,
+ SW_HOST_ABORTED = 0x1000d,
+ SW_HOST_NO_KEYPAD = 0x1000e,
+ SW_HOST_ALREADY_CONNECTED = 0x1000f
+};
+
+
+#define SW_EXACT_LENGTH_P(a) (((a)&~0xff) == SW_EXACT_LENGTH)
+
+
+/* Bit flags for the card status. */
+#define APDU_CARD_USABLE (1) /* Card is present and ready for use. */
+#define APDU_CARD_PRESENT (2) /* Card is just present. */
+#define APDU_CARD_ACTIVE (4) /* Card is active. */
+
+
+/* Note, that apdu_open_reader returns no status word but -1 on error. */
+int apdu_open_reader (const char *portstr, int *r_no_service);
+int apdu_open_remote_reader (const char *portstr,
+ const unsigned char *cookie, size_t length,
+ int (*readfnc) (void *opaque,
+ void *buffer, size_t size),
+ void *readfnc_value,
+ int (*writefnc) (void *opaque,
+ const void *buffer, size_t size),
+ void *writefnc_value,
+ void (*closefnc) (void *opaque),
+ void *closefnc_value);
+int apdu_shutdown_reader (int slot);
+int apdu_close_reader (int slot);
+void apdu_prepare_exit (void);
+int apdu_enum_reader (int slot, int *used);
+unsigned char *apdu_get_atr (int slot, size_t *atrlen);
+
+const char *apdu_strerror (int rc);
+
+
+/* These APDU functions return status words. */
+
+int apdu_connect (int slot);
+int apdu_disconnect (int slot);
+
+int apdu_set_progress_cb (int slot, gcry_handler_progress_t cb, void *cb_arg);
+
+int apdu_activate (int slot);
+int apdu_reset (int slot);
+int apdu_get_status (int slot, int hang,
+ unsigned int *status, unsigned int *changed);
+int apdu_check_keypad (int slot, int command, int pin_mode,
+ int pinlen_min, int pinlen_max, int pin_padlen);
+int apdu_send_simple (int slot, int extended_mode,
+ int class, int ins, int p0, int p1,
+ int lc, const char *data);
+int apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1,
+ int lc, const char *data,
+ int pin_mode,
+ int pinlen_min, int pinlen_max, int pin_padlen);
+int apdu_send (int slot, int extended_mode,
+ int class, int ins, int p0, int p1, int lc, const char *data,
+ unsigned char **retbuf, size_t *retbuflen);
+int apdu_send_le (int slot, int extended_mode,
+ int class, int ins, int p0, int p1,
+ int lc, const char *data, int le,
+ unsigned char **retbuf, size_t *retbuflen);
+int apdu_send_direct (int slot, size_t extended_length,
+ const unsigned char *apdudata, size_t apdudatalen,
+ int handle_more,
+ unsigned char **retbuf, size_t *retbuflen);
+
+
+#endif /*APDU_H*/
+
+
+
diff --git a/scd/app-common.h b/scd/app-common.h
new file mode 100644
index 0000000..4b2e13e
--- /dev/null
+++ b/scd/app-common.h
@@ -0,0 +1,228 @@
+/* app-common.h - Common declarations for all card applications
+ * Copyright (C) 2003, 2005, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * $Id$
+ */
+
+#ifndef GNUPG_SCD_APP_COMMON_H
+#define GNUPG_SCD_APP_COMMON_H
+
+#if GNUPG_MAJOR_VERSION == 1
+# ifdef ENABLE_AGENT_SUPPORT
+# include "assuan.h"
+# endif
+#else
+# include <ksba.h>
+#endif
+
+
+#define APP_CHANGE_FLAG_RESET 1
+#define APP_CHANGE_FLAG_NULLPIN 2
+
+
+struct app_local_s; /* Defined by all app-*.c. */
+
+struct app_ctx_s {
+ /* Number of connections currently using this application context.
+ If this is not 0 the application has been initialized and the
+ function pointers may be used. Note that for unsupported
+ operations the particular function pointer is set to NULL */
+ unsigned int ref_count;
+
+ /* Flag indicating that a reset has been done for that application
+ and that this context is merely lingering and just should not be
+ reused. */
+ int no_reuse;
+
+ /* Used reader slot. */
+ int slot;
+
+ /* If this is used by GnuPG 1.4 we need to know the assuan context
+ in case we need to divert the operation to an already running
+ agent. This if ASSUAN_CTX is not NULL we take this as indication
+ that all operations are diverted to gpg-agent. */
+#if GNUPG_MAJOR_VERSION == 1
+ assuan_context_t assuan_ctx;
+#endif /*GNUPG_MAJOR_VERSION == 1*/
+
+ unsigned char *serialno; /* Serialnumber in raw form, allocated. */
+ size_t serialnolen; /* Length in octets of serialnumber. */
+ const char *apptype;
+ unsigned int card_version;
+ int did_chv1;
+ int force_chv1; /* True if the card does not cache CHV1. */
+ int did_chv2;
+ int did_chv3;
+ struct app_local_s *app_local; /* Local to the application. */
+ struct {
+ void (*deinit) (app_t app);
+ gpg_error_t (*learn_status) (app_t app, ctrl_t ctrl, unsigned int flags);
+ gpg_error_t (*readcert) (app_t app, const char *certid,
+ unsigned char **cert, size_t *certlen);
+ gpg_error_t (*readkey) (app_t app, const char *certid,
+ unsigned char **pk, size_t *pklen);
+ gpg_error_t (*getattr) (app_t app, ctrl_t ctrl, const char *name);
+ gpg_error_t (*setattr) (app_t app, const char *name,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const unsigned char *value, size_t valuelen);
+ gpg_error_t (*sign) (app_t app,
+ const char *keyidstr, int hashalgo,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen );
+ gpg_error_t (*auth) (app_t app, const char *keyidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen);
+ gpg_error_t (*decipher) (app_t app, const char *keyidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen);
+ gpg_error_t (*writecert) (app_t app, ctrl_t ctrl,
+ const char *certid,
+ gpg_error_t (*pincb)(void*,const char *,char **),
+ void *pincb_arg,
+ const unsigned char *data, size_t datalen);
+ gpg_error_t (*writekey) (app_t app, ctrl_t ctrl,
+ const char *keyid, unsigned int flags,
+ gpg_error_t (*pincb)(void*,const char *,char **),
+ void *pincb_arg,
+ const unsigned char *pk, size_t pklen);
+ gpg_error_t (*genkey) (app_t app, ctrl_t ctrl,
+ const char *keynostr, unsigned int flags,
+ time_t createtime,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg);
+ gpg_error_t (*change_pin) (app_t app, ctrl_t ctrl,
+ const char *chvnostr, unsigned int flags,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg);
+ gpg_error_t (*check_pin) (app_t app, const char *keyidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg);
+ } fnc;
+
+};
+
+#if GNUPG_MAJOR_VERSION == 1
+gpg_error_t app_select_openpgp (app_t app);
+gpg_error_t app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp);
+gpg_error_t app_openpgp_storekey (app_t app, int keyno,
+ unsigned char *template, size_t template_len,
+ time_t created_at,
+ const unsigned char *m, size_t mlen,
+ const unsigned char *e, size_t elen,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg);
+#else
+/*-- app-help.c --*/
+unsigned int app_help_count_bits (const unsigned char *a, size_t len);
+gpg_error_t app_help_get_keygrip_string (ksba_cert_t cert, char *hexkeygrip);
+size_t app_help_read_length_of_cert (int slot, int fid, size_t *r_certoff);
+
+
+/*-- app.c --*/
+void app_dump_state (void);
+void application_notify_card_reset (int slot);
+gpg_error_t check_application_conflict (ctrl_t ctrl, const char *name);
+gpg_error_t select_application (ctrl_t ctrl, int slot, const char *name,
+ app_t *r_app);
+char *get_supported_applications (void);
+void release_application (app_t app);
+gpg_error_t app_munge_serialno (app_t app);
+gpg_error_t app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp);
+gpg_error_t app_write_learn_status (app_t app, ctrl_t ctrl,
+ unsigned int flags);
+gpg_error_t app_readcert (app_t app, const char *certid,
+ unsigned char **cert, size_t *certlen);
+gpg_error_t app_readkey (app_t app, const char *keyid,
+ unsigned char **pk, size_t *pklen);
+gpg_error_t app_getattr (app_t app, ctrl_t ctrl, const char *name);
+gpg_error_t app_setattr (app_t app, const char *name,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const unsigned char *value, size_t valuelen);
+gpg_error_t app_sign (app_t app, const char *keyidstr, int hashalgo,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen );
+gpg_error_t app_auth (app_t app, const char *keyidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen);
+gpg_error_t app_decipher (app_t app, const char *keyidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen );
+gpg_error_t app_writecert (app_t app, ctrl_t ctrl,
+ const char *certidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const unsigned char *keydata, size_t keydatalen);
+gpg_error_t app_writekey (app_t app, ctrl_t ctrl,
+ const char *keyidstr, unsigned int flags,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const unsigned char *keydata, size_t keydatalen);
+gpg_error_t app_genkey (app_t app, ctrl_t ctrl,
+ const char *keynostr, unsigned int flags,
+ time_t createtime,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg);
+gpg_error_t app_get_challenge (app_t app, size_t nbytes,
+ unsigned char *buffer);
+gpg_error_t app_change_pin (app_t app, ctrl_t ctrl,
+ const char *chvnostr, int reset_mode,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg);
+gpg_error_t app_check_pin (app_t app, const char *keyidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg);
+
+
+/*-- app-openpgp.c --*/
+gpg_error_t app_select_openpgp (app_t app);
+
+/*-- app-nks.c --*/
+gpg_error_t app_select_nks (app_t app);
+
+/*-- app-dinsig.c --*/
+gpg_error_t app_select_dinsig (app_t app);
+
+/*-- app-p15.c --*/
+gpg_error_t app_select_p15 (app_t app);
+
+/*-- app-geldkarte.c --*/
+gpg_error_t app_select_geldkarte (app_t app);
+
+
+#endif
+
+
+
+#endif /*GNUPG_SCD_APP_COMMON_H*/
+
+
+
diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c
new file mode 100644
index 0000000..46e9a6a
--- /dev/null
+++ b/scd/app-dinsig.c
@@ -0,0 +1,574 @@
+/* app-dinsig.c - The DINSIG (DIN V 66291-1) card application.
+ * Copyright (C) 2002, 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/* The German signature law and its bylaw (SigG and SigV) is currently
+ used with an interface specification described in DIN V 66291-1.
+ The AID to be used is: 'D27600006601'.
+
+ The file IDs for certificates utilize the generic format:
+ Cxyz
+ C being the hex digit 'C' (12).
+ x being the service indicator:
+ '0' := SigG conform digital signature.
+ '1' := entity authentication.
+ '2' := key encipherment.
+ '3' := data encipherment.
+ '4' := key agreement.
+ other values are reserved for future use.
+ y being the security environment number using '0' for cards
+ not supporting a SE number.
+ z being the certificate type:
+ '0' := C.CH (base certificate of card holder) or C.ICC.
+ '1' .. '7' := C.CH (business or professional certificate
+ of card holder.
+ '8' .. 'D' := C.CA (certificate of a CA issue by the Root-CA).
+ 'E' := C.RCA (self certified certificate of the Root-CA).
+ 'F' := reserved.
+
+ The file IDs used by default are:
+ '1F00' EF.SSD (security service descriptor). [o,o]
+ '2F02' EF.GDO (global data objects) [m,m]
+ 'A000' EF.PROT (signature log). Cyclic file with 20 records of 53 byte.
+ Read and update after user authentication. [o,o]
+ 'B000' EF.PK.RCA.DS (public keys of Root-CA). Size is 512b or size
+ of keys. [m (unless a 'C00E' is present),m]
+ 'B001' EF.PK.CA.DS (public keys of CAs). Size is 512b or size
+ of keys. [o,o]
+ 'C00n' EF.C.CH.DS (digital signature certificate of card holder)
+ with n := 0 .. 7. Size is 2k or size of cert. Read and
+ update allowed after user authentication. [m,m]
+ 'C00m' EF.C.CA.DS (digital signature certificate of CA)
+ with m := 8 .. E. Size is 1k or size of cert. Read always
+ allowed, update after user authentication. [o,o]
+ 'C100' EF.C.ICC.AUT (AUT certificate of ICC) [o,m]
+ 'C108' EF.C.CA.AUT (AUT certificate of CA) [o,m]
+ 'D000' EF.DM (display message) [-,m]
+
+ The letters in brackets indicate optional or mandatory files: The
+ first for card terminals under full control and the second for
+ "business" card terminals.
+*/
+
+
+
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <time.h>
+
+#include "scdaemon.h"
+
+#include "i18n.h"
+#include "iso7816.h"
+#include "app-common.h"
+#include "tlv.h"
+
+
+static gpg_error_t
+do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
+{
+ gpg_error_t err;
+ char ct_buf[100], id_buf[100];
+ char hexkeygrip[41];
+ size_t len, certoff;
+ unsigned char *der;
+ size_t derlen;
+ ksba_cert_t cert;
+ int fid;
+
+ (void)flags;
+
+ /* Return the certificate of the card holder. */
+ fid = 0xC000;
+ len = app_help_read_length_of_cert (app->slot, fid, &certoff);
+ if (!len)
+ return 0; /* Card has not been personalized. */
+
+ sprintf (ct_buf, "%d", 101);
+ sprintf (id_buf, "DINSIG.%04X", fid);
+ send_status_info (ctrl, "CERTINFO",
+ ct_buf, strlen (ct_buf),
+ id_buf, strlen (id_buf),
+ NULL, (size_t)0);
+
+ /* Now we need to read the certificate, so that we can get the
+ public key out of it. */
+ err = iso7816_read_binary (app->slot, certoff, len-certoff, &der, &derlen);
+ if (err)
+ {
+ log_info ("error reading entire certificate from FID 0x%04X: %s\n",
+ fid, gpg_strerror (err));
+ return 0;
+ }
+
+ err = ksba_cert_new (&cert);
+ if (err)
+ {
+ xfree (der);
+ return err;
+ }
+ err = ksba_cert_init_from_mem (cert, der, derlen);
+ xfree (der); der = NULL;
+ if (err)
+ {
+ log_error ("failed to parse the certificate at FID 0x%04X: %s\n",
+ fid, gpg_strerror (err));
+ ksba_cert_release (cert);
+ return err;
+ }
+ err = app_help_get_keygrip_string (cert, hexkeygrip);
+ if (err)
+ {
+ log_error ("failed to calculate the keygrip for FID 0x%04X\n", fid);
+ ksba_cert_release (cert);
+ return gpg_error (GPG_ERR_CARD);
+ }
+ ksba_cert_release (cert);
+
+ sprintf (id_buf, "DINSIG.%04X", fid);
+ send_status_info (ctrl, "KEYPAIRINFO",
+ hexkeygrip, 40,
+ id_buf, strlen (id_buf),
+ NULL, (size_t)0);
+ return 0;
+}
+
+
+
+
+/* Read the certificate with id CERTID (as returned by learn_status in
+ the CERTINFO status lines) and return it in the freshly allocated
+ buffer put into CERT and the length of the certificate put into
+ CERTLEN.
+
+ FIXME: This needs some cleanups and caching with do_learn_status.
+*/
+static gpg_error_t
+do_readcert (app_t app, const char *certid,
+ unsigned char **cert, size_t *certlen)
+{
+ int fid;
+ gpg_error_t err;
+ unsigned char *buffer;
+ const unsigned char *p;
+ size_t buflen, n;
+ int class, tag, constructed, ndef;
+ size_t totobjlen, objlen, hdrlen;
+ int rootca = 0;
+
+ *cert = NULL;
+ *certlen = 0;
+ if (strncmp (certid, "DINSIG.", 7) )
+ return gpg_error (GPG_ERR_INV_ID);
+ certid += 7;
+ if (!hexdigitp (certid) || !hexdigitp (certid+1)
+ || !hexdigitp (certid+2) || !hexdigitp (certid+3)
+ || certid[4])
+ return gpg_error (GPG_ERR_INV_ID);
+ fid = xtoi_4 (certid);
+ if (fid != 0xC000 )
+ return gpg_error (GPG_ERR_NOT_FOUND);
+
+ /* Read the entire file. fixme: This could be optimized by first
+ reading the header to figure out how long the certificate
+ actually is. */
+ err = iso7816_select_file (app->slot, fid, 0, NULL, NULL);
+ if (err)
+ {
+ log_error ("error selecting FID 0x%04X: %s\n", fid, gpg_strerror (err));
+ return err;
+ }
+
+ err = iso7816_read_binary (app->slot, 0, 0, &buffer, &buflen);
+ if (err)
+ {
+ log_error ("error reading certificate from FID 0x%04X: %s\n",
+ fid, gpg_strerror (err));
+ return err;
+ }
+
+ if (!buflen || *buffer == 0xff)
+ {
+ log_info ("no certificate contained in FID 0x%04X\n", fid);
+ err = gpg_error (GPG_ERR_NOT_FOUND);
+ goto leave;
+ }
+
+ /* Now figure something out about the object. */
+ p = buffer;
+ n = buflen;
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (err)
+ goto leave;
+ if ( class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed )
+ ;
+ else if ( class == CLASS_UNIVERSAL && tag == TAG_SET && constructed )
+ rootca = 1;
+ else
+ return gpg_error (GPG_ERR_INV_OBJ);
+ totobjlen = objlen + hdrlen;
+ assert (totobjlen <= buflen);
+
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (err)
+ goto leave;
+
+ if (rootca)
+ ;
+ else if (class == CLASS_UNIVERSAL && tag == TAG_OBJECT_ID && !constructed)
+ {
+ const unsigned char *save_p;
+
+ /* The certificate seems to be contained in a userCertificate
+ container. Skip this and assume the following sequence is
+ the certificate. */
+ if (n < objlen)
+ {
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ goto leave;
+ }
+ p += objlen;
+ n -= objlen;
+ save_p = p;
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (err)
+ goto leave;
+ if ( !(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed) )
+ return gpg_error (GPG_ERR_INV_OBJ);
+ totobjlen = objlen + hdrlen;
+ assert (save_p + totobjlen <= buffer + buflen);
+ memmove (buffer, save_p, totobjlen);
+ }
+
+ *cert = buffer;
+ buffer = NULL;
+ *certlen = totobjlen;
+
+ leave:
+ xfree (buffer);
+ return err;
+}
+
+
+/* Verify the PIN if required. */
+static gpg_error_t
+verify_pin (app_t app,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg)
+{
+ const char *s;
+ int rc;
+ iso7816_pininfo_t pininfo;
+
+ if ( app->did_chv1 && !app->force_chv1 )
+ return 0; /* No need to verify it again. */
+
+ memset (&pininfo, 0, sizeof pininfo);
+ pininfo.mode = 1;
+ pininfo.minlen = 6;
+ pininfo.maxlen = 8;
+
+ if (!opt.disable_keypad
+ && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )
+ {
+ rc = pincb (pincb_arg,
+ _("||Please enter your PIN at the reader's keypad"),
+ NULL);
+ if (rc)
+ {
+ log_info (_("PIN callback returned error: %s\n"),
+ gpg_strerror (rc));
+ return rc;
+ }
+ rc = iso7816_verify_kp (app->slot, 0x81, "", 0, &pininfo);
+ /* Dismiss the prompt. */
+ pincb (pincb_arg, NULL, NULL);
+ }
+ else /* No Keypad. */
+ {
+ char *pinvalue;
+
+ rc = pincb (pincb_arg, "PIN", &pinvalue);
+ if (rc)
+ {
+ log_info ("PIN callback returned error: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+
+ /* We require the PIN to be at least 6 and at max 8 bytes.
+ According to the specs, this should all be ASCII. */
+ for (s=pinvalue; digitp (s); s++)
+ ;
+ if (*s)
+ {
+ log_error ("Non-numeric digits found in PIN\n");
+ xfree (pinvalue);
+ return gpg_error (GPG_ERR_BAD_PIN);
+ }
+
+ if (strlen (pinvalue) < pininfo.minlen)
+ {
+ log_error ("PIN is too short; minimum length is %d\n",
+ pininfo.minlen);
+ xfree (pinvalue);
+ return gpg_error (GPG_ERR_BAD_PIN);
+ }
+ else if (strlen (pinvalue) > pininfo.maxlen)
+ {
+ log_error ("PIN is too large; maximum length is %d\n",
+ pininfo.maxlen);
+ xfree (pinvalue);
+ return gpg_error (GPG_ERR_BAD_PIN);
+ }
+
+ rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
+ if (gpg_err_code (rc) == GPG_ERR_INV_VALUE)
+ {
+ /* We assume that ISO 9564-1 encoding is used and we failed
+ because the first nibble we passed was 3 and not 2. DIN
+ says something about looking up such an encoding in the
+ SSD but I was not able to find any tag relevant to
+ this. */
+ char paddedpin[8];
+ int i, ndigits;
+
+ for (ndigits=0, s=pinvalue; *s; ndigits++, s++)
+ ;
+ i = 0;
+ paddedpin[i++] = 0x20 | (ndigits & 0x0f);
+ for (s=pinvalue; i < sizeof paddedpin && *s && s[1]; s = s+2 )
+ paddedpin[i++] = (((*s - '0') << 4) | ((s[1] - '0') & 0x0f));
+ if (i < sizeof paddedpin && *s)
+ paddedpin[i++] = (((*s - '0') << 4) | 0x0f);
+ while (i < sizeof paddedpin)
+ paddedpin[i++] = 0xff;
+ rc = iso7816_verify (app->slot, 0x81, paddedpin, sizeof paddedpin);
+ }
+ xfree (pinvalue);
+ }
+
+ if (rc)
+ {
+ log_error ("verify PIN failed\n");
+ return rc;
+ }
+ app->did_chv1 = 1;
+ return 0;
+}
+
+
+
+/* Create the signature and return the allocated result in OUTDATA.
+ If a PIN is required the PINCB will be used to ask for the PIN;
+ that callback should return the PIN in an allocated buffer and
+ store that in the 3rd argument. */
+static gpg_error_t
+do_sign (app_t app, const char *keyidstr, int hashalgo,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen )
+{
+ static unsigned char sha1_prefix[15] = /* Object ID is 1.3.14.3.2.26 */
+ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
+ 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
+ static unsigned char rmd160_prefix[15] = /* Object ID is 1.3.36.3.2.1 */
+ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
+ 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };
+ static unsigned char sha256_prefix[19] = /* OID is 2.16.840.1.101.3.4.2.1 */
+ { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+ 0x00, 0x04, 0x20 };
+ int rc;
+ int fid;
+ unsigned char data[19+32]; /* Must be large enough for a SHA-256 digest
+ + the largest OID _prefix above. */
+ int datalen;
+
+ if (!keyidstr || !*keyidstr)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (indatalen != 20 && indatalen != 16 && indatalen != 32
+ && indatalen != (15+20) && indatalen != (19+32))
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ /* Check that the provided ID is vaid. This is not really needed
+ but we do it to to enforce correct usage by the caller. */
+ if (strncmp (keyidstr, "DINSIG.", 7) )
+ return gpg_error (GPG_ERR_INV_ID);
+ keyidstr += 7;
+ if (!hexdigitp (keyidstr) || !hexdigitp (keyidstr+1)
+ || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3)
+ || keyidstr[4])
+ return gpg_error (GPG_ERR_INV_ID);
+ fid = xtoi_4 (keyidstr);
+ if (fid != 0xC000)
+ return gpg_error (GPG_ERR_NOT_FOUND);
+
+ /* Prepare the DER object from INDATA. */
+ datalen = 35;
+ if (indatalen == 15+20)
+ {
+ /* Alright, the caller was so kind to send us an already
+ prepared DER object. Check that it is what we want and that
+ it matches the hash algorithm. */
+ if (hashalgo == GCRY_MD_SHA1 && !memcmp (indata, sha1_prefix, 15))
+ ;
+ else if (hashalgo == GCRY_MD_RMD160 && !memcmp (indata, rmd160_prefix,15))
+ ;
+ else
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+ memcpy (data, indata, indatalen);
+ }
+ else if (indatalen == 19+32)
+ {
+ /* Alright, the caller was so kind to send us an already
+ prepared DER object. Check that it is what we want and that
+ it matches the hash algorithm. */
+ datalen = indatalen;
+ if (hashalgo == GCRY_MD_SHA256 && !memcmp (indata, sha256_prefix, 19))
+ ;
+ else if (hashalgo == GCRY_MD_SHA1 && !memcmp (indata, sha256_prefix, 19))
+ {
+ /* Fixme: This is a kludge. A better solution is not to use
+ SHA1 as default but use an autodetection. However this
+ needs changes in all app-*.c */
+ hashalgo = GCRY_MD_SHA256;
+ datalen = indatalen;
+ }
+ else
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+ memcpy (data, indata, indatalen);
+ }
+ else
+ {
+ int len = 15;
+ if (hashalgo == GCRY_MD_SHA1)
+ memcpy (data, sha1_prefix, len);
+ else if (hashalgo == GCRY_MD_RMD160)
+ memcpy (data, rmd160_prefix, len);
+ else if (hashalgo == GCRY_MD_SHA256)
+ {
+ len = 19;
+ datalen = len + indatalen;
+ memcpy (data, sha256_prefix, len);
+ }
+ else
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+ memcpy (data+len, indata, indatalen);
+ }
+
+ rc = verify_pin (app, pincb, pincb_arg);
+ if (!rc)
+ rc = iso7816_compute_ds (app->slot, 0, data, datalen, 0,
+ outdata, outdatalen);
+ return rc;
+}
+
+
+#if 0
+#warning test function - works but may brick your card
+/* Handle the PASSWD command. CHVNOSTR is currently ignored; we
+ always use VHV0. RESET_MODE is not yet implemented. */
+static gpg_error_t
+do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
+ unsigned int flags,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg)
+{
+ gpg_error_t err;
+ char *pinvalue;
+ const char *oldpin;
+ size_t oldpinlen;
+
+ if ((flags & APP_CHANGE_FLAG_RESET))
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+
+ if ((flags & APP_CHANGE_FLAG_NULLPIN))
+ {
+ /* With the nullpin flag, we do not verify the PIN - it would fail
+ if the Nullpin is still set. */
+ oldpin = "\0\0\0\0\0";
+ oldpinlen = 6;
+ }
+ else
+ {
+ err = verify_pin (app, pincb, pincb_arg);
+ if (err)
+ return err;
+ oldpin = NULL;
+ oldpinlen = 0;
+ }
+
+ /* TRANSLATORS: Do not translate the "|*|" prefixes but
+ keep it at the start of the string. We need this elsewhere
+ to get some infos on the string. */
+ err = pincb (pincb_arg, _("|N|Initial New PIN"), &pinvalue);
+ if (err)
+ {
+ log_error (_("error getting new PIN: %s\n"), gpg_strerror (err));
+ return err;
+ }
+
+ err = iso7816_change_reference_data (app->slot, 0x81,
+ oldpin, oldpinlen,
+ pinvalue, strlen (pinvalue));
+ xfree (pinvalue);
+ return err;
+}
+#endif /*0*/
+
+
+/* Select the DINSIG application on the card in SLOT. This function
+ must be used before any other DINSIG application functions. */
+gpg_error_t
+app_select_dinsig (app_t app)
+{
+ static char const aid[] = { 0xD2, 0x76, 0x00, 0x00, 0x66, 0x01 };
+ int slot = app->slot;
+ int rc;
+
+ rc = iso7816_select_application (slot, aid, sizeof aid, 0);
+ if (!rc)
+ {
+ app->apptype = "DINSIG";
+
+ app->fnc.learn_status = do_learn_status;
+ app->fnc.readcert = do_readcert;
+ app->fnc.getattr = NULL;
+ app->fnc.setattr = NULL;
+ app->fnc.genkey = NULL;
+ app->fnc.sign = do_sign;
+ app->fnc.auth = NULL;
+ app->fnc.decipher = NULL;
+ app->fnc.change_pin = NULL /*do_change_pin*/;
+ app->fnc.check_pin = NULL;
+
+ app->force_chv1 = 1;
+ }
+
+ return rc;
+}
diff --git a/scd/app-geldkarte.c b/scd/app-geldkarte.c
new file mode 100644
index 0000000..6e8d077
--- /dev/null
+++ b/scd/app-geldkarte.c
@@ -0,0 +1,409 @@
+/* app-geldkarte.c - The German Geldkarte application
+ * Copyright (C) 2004 g10 Code GmbH
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/* This is a read-only application to quickly dump information of a
+ German Geldkarte (debit card for small amounts). We only support
+ newer Geldkarte (with the AID DF_BOERSE_NEU) issued since 2000 or
+ even earlier.
+*/
+
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <time.h>
+#include <ctype.h>
+
+#include "scdaemon.h"
+
+#include "i18n.h"
+#include "iso7816.h"
+#include "app-common.h"
+#include "tlv.h"
+
+
+
+/* Object with application (i.e. Geldkarte) specific data. */
+struct app_local_s
+{
+ char kblz[2+1+4+1];
+ const char *banktype;
+ char *cardno;
+ char expires[7+1];
+ char validfrom[10+1];
+ char *country;
+ char currency[3+1];
+ unsigned int currency_mult100;
+ unsigned char chipid;
+ unsigned char osvers;
+ int balance;
+ int maxamount;
+ int maxamount1;
+};
+
+
+
+
+/* Deconstructor. */
+static void
+do_deinit (app_t app)
+{
+ if (app && app->app_local)
+ {
+ xfree (app->app_local->cardno);
+ xfree (app->app_local->country);
+ xfree (app->app_local);
+ app->app_local = NULL;
+ }
+}
+
+
+static gpg_error_t
+send_one_string (ctrl_t ctrl, const char *name, const char *string)
+{
+ if (!name || !string)
+ return 0;
+ send_status_info (ctrl, name, string, strlen (string), NULL, 0);
+ return 0;
+}
+
+/* Implement the GETATTR command. This is similar to the LEARN
+ command but returns just one value via the status interface. */
+static gpg_error_t
+do_getattr (app_t app, ctrl_t ctrl, const char *name)
+{
+ gpg_error_t err;
+ struct app_local_s *ld = app->app_local;
+ char numbuf[100];
+
+ if (!strcmp (name, "X-KBLZ"))
+ err = send_one_string (ctrl, name, ld->kblz);
+ else if (!strcmp (name, "X-BANKINFO"))
+ err = send_one_string (ctrl, name, ld->banktype);
+ else if (!strcmp (name, "X-CARDNO"))
+ err = send_one_string (ctrl, name, ld->cardno);
+ else if (!strcmp (name, "X-EXPIRES"))
+ err = send_one_string (ctrl, name, ld->expires);
+ else if (!strcmp (name, "X-VALIDFROM"))
+ err = send_one_string (ctrl, name, ld->validfrom);
+ else if (!strcmp (name, "X-COUNTRY"))
+ err = send_one_string (ctrl, name, ld->country);
+ else if (!strcmp (name, "X-CURRENCY"))
+ err = send_one_string (ctrl, name, ld->currency);
+ else if (!strcmp (name, "X-ZKACHIPID"))
+ {
+ snprintf (numbuf, sizeof numbuf, "0x%02X", ld->chipid);
+ err = send_one_string (ctrl, name, numbuf);
+ }
+ else if (!strcmp (name, "X-OSVERSION"))
+ {
+ snprintf (numbuf, sizeof numbuf, "0x%02X", ld->osvers);
+ err = send_one_string (ctrl, name, numbuf);
+ }
+ else if (!strcmp (name, "X-BALANCE"))
+ {
+ snprintf (numbuf, sizeof numbuf, "%.2f",
+ (double)ld->balance / 100 * ld->currency_mult100);
+ err = send_one_string (ctrl, name, numbuf);
+ }
+ else if (!strcmp (name, "X-MAXAMOUNT"))
+ {
+ snprintf (numbuf, sizeof numbuf, "%.2f",
+ (double)ld->maxamount / 100 * ld->currency_mult100);
+ err = send_one_string (ctrl, name, numbuf);
+ }
+ else if (!strcmp (name, "X-MAXAMOUNT1"))
+ {
+ snprintf (numbuf, sizeof numbuf, "%.2f",
+ (double)ld->maxamount1 / 100 * ld->currency_mult100);
+ err = send_one_string (ctrl, name, numbuf);
+ }
+ else
+ err = gpg_error (GPG_ERR_INV_NAME);
+
+ return err;
+}
+
+
+static gpg_error_t
+do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
+{
+ static const char *names[] = {
+ "X-KBLZ",
+ "X-BANKINFO",
+ "X-CARDNO",
+ "X-EXPIRES",
+ "X-VALIDFROM",
+ "X-COUNTRY",
+ "X-CURRENCY",
+ "X-ZKACHIPID",
+ "X-OSVERSION",
+ "X-BALANCE",
+ "X-MAXAMOUNT",
+ "X-MAXAMOUNT1",
+ NULL
+ };
+ gpg_error_t err = 0;
+ int idx;
+
+ (void)flags;
+
+ for (idx=0; names[idx] && !err; idx++)
+ err = do_getattr (app, ctrl, names[idx]);
+ return err;
+}
+
+
+static char *
+copy_bcd (const unsigned char *string, size_t length)
+{
+ const unsigned char *s;
+ size_t n;
+ size_t needed;
+ char *buffer, *dst;
+
+ if (!length)
+ return xtrystrdup ("");
+
+ /* Skip leading zeroes. */
+ for (; length && !*string; length--, string++)
+ ;
+ s = string;
+ n = length;
+ needed = 0;
+ for (; n ; n--, s++)
+ {
+ if (!needed && !(*s & 0xf0))
+ ; /* Skip the leading zero in the first nibble. */
+ else
+ {
+ if ( ((*s >> 4) & 0x0f) > 9 )
+ {
+ errno = EINVAL;
+ return NULL;
+ }
+ needed++;
+ }
+ if ( n == 1 && (*s & 0x0f) > 9 )
+ ; /* Ignore the last digit if it has the sign. */
+ else
+ {
+ needed++;
+ if ( (*s & 0x0f) > 9 )
+ {
+ errno = EINVAL;
+ return NULL;
+ }
+ }
+
+ }
+ if (!needed) /* If it is all zero, print a "0". */
+ needed++;
+
+ buffer = dst = xtrymalloc (needed+1);
+ if (!buffer)
+ return NULL;
+
+ s = string;
+ n = length;
+ needed = 0;
+ for (; n ; n--, s++)
+ {
+ if (!needed && !(*s & 0xf0))
+ ; /* Skip the leading zero in the first nibble. */
+ else
+ {
+ *dst++ = '0' + ((*s >> 4) & 0x0f);
+ needed++;
+ }
+
+ if ( n == 1 && (*s & 0x0f) > 9 )
+ ; /* Ignore the last digit if it has the sign. */
+ else
+ {
+ *dst++ = '0' + (*s & 0x0f);
+ needed++;
+ }
+ }
+ if (!needed)
+ *dst++ = '0';
+ *dst = 0;
+
+ return buffer;
+}
+
+
+/* Convert the BCD number at STING of LENGTH into an integer and store
+ that at RESULT. Return 0 on success. */
+static gpg_error_t
+bcd_to_int (const unsigned char *string, size_t length, int *result)
+{
+ char *tmp;
+
+ tmp = copy_bcd (string, length);
+ if (!tmp)
+ return gpg_error (GPG_ERR_BAD_DATA);
+ *result = strtol (tmp, NULL, 10);
+ xfree (tmp);
+ return 0;
+}
+
+
+/* Select the Geldkarte application. */
+gpg_error_t
+app_select_geldkarte (app_t app)
+{
+ static char const aid[] =
+ { 0xD2, 0x76, 0x00, 0x00, 0x25, 0x45, 0x50, 0x02, 0x00 };
+ gpg_error_t err;
+ int slot = app->slot;
+ unsigned char *result = NULL;
+ size_t resultlen;
+ struct app_local_s *ld;
+ const char *banktype;
+
+ err = iso7816_select_application (slot, aid, sizeof aid, 0);
+ if (err)
+ goto leave;
+
+ /* Read the first record of EF_ID (SFI=0x17). We require this
+ record to be at least 24 bytes with the the first byte 0x67 and a
+ correct filler byte. */
+ err = iso7816_read_record (slot, 1, 1, ((0x17 << 3)|4), &result, &resultlen);
+ if (err)
+ goto leave; /* Oops - not a Geldkarte. */
+ if (resultlen < 24 || *result != 0x67 || result[22])
+ {
+ err = gpg_error (GPG_ERR_NOT_FOUND);
+ goto leave;
+ }
+
+ /* The short Bankleitzahl consists of 3 bytes at offset 1. */
+ switch (result[1])
+ {
+ case 0x21: banktype = "Oeffentlich-rechtliche oder private Bank"; break;
+ case 0x22: banktype = "Privat- oder Geschaeftsbank"; break;
+ case 0x25: banktype = "Sparkasse"; break;
+ case 0x26:
+ case 0x29: banktype = "Genossenschaftsbank"; break;
+ default:
+ err = gpg_error (GPG_ERR_NOT_FOUND);
+ goto leave; /* Probably not a Geldkarte. */
+ }
+
+ app->apptype = "GELDKARTE";
+ app->fnc.deinit = do_deinit;
+
+ /* If we don't have a serialno yet construct it from the EF_ID. */
+ if (!app->serialno)
+ {
+ app->serialno = xtrymalloc (10);
+ if (!app->serialno)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ memcpy (app->serialno, result, 10);
+ app->serialnolen = 10;
+ err = app_munge_serialno (app);
+ if (err)
+ goto leave;
+ }
+
+
+ app->app_local = ld = xtrycalloc (1, sizeof *app->app_local);
+ if (!app->app_local)
+ {
+ err = gpg_err_code_from_syserror ();
+ goto leave;
+ }
+
+ snprintf (ld->kblz, sizeof ld->kblz, "%02X-%02X%02X",
+ result[1], result[2], result[3]);
+ ld->banktype = banktype;
+ ld->cardno = copy_bcd (result+4, 5);
+ if (!ld->cardno)
+ {
+ err = gpg_err_code_from_syserror ();
+ goto leave;
+ }
+
+ snprintf (ld->expires, sizeof ld->expires, "20%02X-%02X",
+ result[10], result[11]);
+ snprintf (ld->validfrom, sizeof ld->validfrom, "20%02X-%02X-%02X",
+ result[12], result[13], result[14]);
+
+ ld->country = copy_bcd (result+15, 2);
+ if (!ld->country)
+ {
+ err = gpg_err_code_from_syserror ();
+ goto leave;
+ }
+
+ snprintf (ld->currency, sizeof ld->currency, "%c%c%c",
+ isascii (result[17])? result[17]:' ',
+ isascii (result[18])? result[18]:' ',
+ isascii (result[19])? result[19]:' ');
+
+ ld->currency_mult100 = (result[20] == 0x01? 1:
+ result[20] == 0x02? 10:
+ result[20] == 0x04? 100:
+ result[20] == 0x08? 1000:
+ result[20] == 0x10? 10000:
+ result[20] == 0x20? 100000:0);
+
+ ld->chipid = result[21];
+ ld->osvers = result[23];
+
+ /* Read the first record of EF_BETRAG (SFI=0x18). */
+ xfree (result);
+ err = iso7816_read_record (slot, 1, 1, ((0x18 << 3)|4), &result, &resultlen);
+ if (err)
+ goto leave; /* It does not make sense to continue. */
+ if (resultlen < 12)
+ {
+ err = gpg_error (GPG_ERR_NOT_FOUND);
+ goto leave;
+ }
+ err = bcd_to_int (result+0, 3, &ld->balance);
+ if (!err)
+ err = bcd_to_int (result+3, 3, &ld->maxamount);
+ if (!err)
+ err = bcd_to_int (result+6, 3, &ld->maxamount1);
+ /* The next 3 bytes are the maximum amount chargable without using a
+ MAC. This is usually 0. */
+ if (err)
+ goto leave;
+
+ /* Setup the rest of the methods. */
+ app->fnc.learn_status = do_learn_status;
+ app->fnc.getattr = do_getattr;
+
+
+ leave:
+ xfree (result);
+ if (err)
+ do_deinit (app);
+ return err;
+}
diff --git a/scd/app-help.c b/scd/app-help.c
new file mode 100644
index 0000000..3d9c605
--- /dev/null
+++ b/scd/app-help.c
@@ -0,0 +1,182 @@
+/* app-help.c - Application helper functions
+ * Copyright (C) 2004, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "scdaemon.h"
+#include "app-common.h"
+#include "iso7816.h"
+#include "tlv.h"
+
+
+/* Count the number of bits, assuming the A represents an unsigned big
+ integer of length LEN bytes. If A is NULL a length of 0 is
+ returned. */
+unsigned int
+app_help_count_bits (const unsigned char *a, size_t len)
+{
+ unsigned int n = len * 8;
+ int i;
+
+ if (!a)
+ return 0;
+
+ for (; len && !*a; len--, a++, n -=8)
+ ;
+ if (len)
+ {
+ for (i=7; i && !(*a & (1<<i)); i--)
+ n--;
+ }
+ return n;
+}
+
+
+/* Return the KEYGRIP for the certificate CERT as an hex encoded
+ string in the user provided buffer HEXKEYGRIP which must be of at
+ least 41 bytes. */
+gpg_error_t
+app_help_get_keygrip_string (ksba_cert_t cert, char *hexkeygrip)
+{
+ gpg_error_t err;
+ gcry_sexp_t s_pkey;
+ ksba_sexp_t p;
+ size_t n;
+ unsigned char array[20];
+
+ p = ksba_cert_get_public_key (cert);
+ if (!p)
+ return gpg_error (GPG_ERR_BUG);
+ n = gcry_sexp_canon_len (p, 0, NULL, NULL);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ err = gcry_sexp_sscan (&s_pkey, NULL, (char*)p, n);
+ xfree (p);
+ if (err)
+ return err; /* Can't parse that S-expression. */
+ if (!gcry_pk_get_keygrip (s_pkey, array))
+ {
+ gcry_sexp_release (s_pkey);
+ return gpg_error (GPG_ERR_GENERAL); /* Failed to calculate the keygrip.*/
+ }
+ gcry_sexp_release (s_pkey);
+
+ bin2hex (array, 20, hexkeygrip);
+
+ return 0;
+}
+
+
+
+/* Given the SLOT and the File ID FID, return the length of the
+ certificate contained in that file. Returns 0 if the file does not
+ exists or does not contain a certificate. If R_CERTOFF is not
+ NULL, the length the header will be stored at this address; thus to
+ parse the X.509 certificate a read should start at that offset.
+
+ On success the file is still selected.
+*/
+size_t
+app_help_read_length_of_cert (int slot, int fid, size_t *r_certoff)
+{
+ gpg_error_t err;
+ unsigned char *buffer;
+ const unsigned char *p;
+ size_t buflen, n;
+ int class, tag, constructed, ndef;
+ size_t resultlen, objlen, hdrlen;
+
+ err = iso7816_select_file (slot, fid, 0, NULL, NULL);
+ if (err)
+ {
+ log_info ("error selecting FID 0x%04X: %s\n", fid, gpg_strerror (err));
+ return 0;
+ }
+
+ err = iso7816_read_binary (slot, 0, 32, &buffer, &buflen);
+ if (err)
+ {
+ log_info ("error reading certificate from FID 0x%04X: %s\n",
+ fid, gpg_strerror (err));
+ return 0;
+ }
+
+ if (!buflen || *buffer == 0xff)
+ {
+ log_info ("no certificate contained in FID 0x%04X\n", fid);
+ xfree (buffer);
+ return 0;
+ }
+
+ p = buffer;
+ n = buflen;
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (err)
+ {
+ log_info ("error parsing certificate in FID 0x%04X: %s\n",
+ fid, gpg_strerror (err));
+ xfree (buffer);
+ return 0;
+ }
+
+ /* All certificates should commence with a SEQUENCE except for the
+ special ROOT CA which are enclosed in a SET. */
+ if ( !(class == CLASS_UNIVERSAL && constructed
+ && (tag == TAG_SEQUENCE || tag == TAG_SET)))
+ {
+ log_info ("data at FID 0x%04X does not look like a certificate\n", fid);
+ return 0;
+ }
+
+ resultlen = objlen + hdrlen;
+ if (r_certoff)
+ {
+ /* The callers want the offset to the actual certificate. */
+ *r_certoff = hdrlen;
+
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (err)
+ return 0;
+
+ if (class == CLASS_UNIVERSAL && tag == TAG_OBJECT_ID && !constructed)
+ {
+ /* The certificate seems to be contained in a
+ userCertificate container. Assume the following sequence
+ is the certificate. */
+ *r_certoff += hdrlen + objlen;
+ if (*r_certoff > resultlen)
+ {
+ *r_certoff = 0;
+ return 0; /* That should never happen. */
+ }
+ }
+ else
+ *r_certoff = 0;
+ }
+
+ return resultlen;
+}
+
+
diff --git a/scd/app-nks.c b/scd/app-nks.c
new file mode 100644
index 0000000..076b913
--- /dev/null
+++ b/scd/app-nks.c
@@ -0,0 +1,1420 @@
+/* app-nks.c - The Telesec NKS card application.
+ * Copyright (C) 2004, 2007, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* Notes:
+
+ - We are now targeting TCOS 3 cards and it may happen that there is
+ a regression towards TCOS 2 cards. Please report.
+
+ - The TKS3 AUT key is not used. It seems that it is only useful for
+ the internal authentication command and not accessible by other
+ applications. The key itself is in the encryption class but the
+ corresponding certificate has only the digitalSignature
+ capability.
+
+ - If required, we automagically switch between the NKS application
+ and the SigG application. This avoids to use the DINSIG
+ application which is somewhat limited, has no support for Secure
+ Messaging as required by TCOS 3 and has no way to change the PIN
+ or even set the NullPIN.
+
+ - We use the prefix NKS-DF01 for TCOS 2 cards and NKS-NKS3 for newer
+ cards. This is because the NKS application has moved to DF02 with
+ TCOS 3 and thus we better use a DF independent tag.
+
+ - We use only the global PINs for the NKS application.
+
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <time.h>
+
+#include "scdaemon.h"
+#include "i18n.h"
+#include "iso7816.h"
+#include "app-common.h"
+#include "tlv.h"
+#include "apdu.h"
+
+static char const aid_nks[] = { 0xD2, 0x76, 0x00, 0x00, 0x03, 0x01, 0x02 };
+static char const aid_sigg[] = { 0xD2, 0x76, 0x00, 0x00, 0x66, 0x01 };
+
+
+static struct
+{
+ int is_sigg; /* Valid for SigG application. */
+ int fid; /* File ID. */
+ int nks_ver; /* 0 for NKS version 2, 3 for version 3. */
+ int certtype; /* Type of certificate or 0 if it is not a certificate. */
+ int iskeypair; /* If true has the FID of the corresponding certificate. */
+ int issignkey; /* True if file is a key usable for signing. */
+ int isenckey; /* True if file is a key usable for decryption. */
+ unsigned char kid; /* Corresponding key references. */
+} filelist[] = {
+ { 0, 0x4531, 0, 0, 0xC000, 1, 0, 0x80 }, /* EF_PK.NKS.SIG */
+ { 0, 0xC000, 0, 101 }, /* EF_C.NKS.SIG */
+ { 0, 0x4331, 0, 100 },
+ { 0, 0x4332, 0, 100 },
+ { 0, 0xB000, 0, 110 }, /* EF_PK.RCA.NKS */
+ { 0, 0x45B1, 0, 0, 0xC200, 0, 1, 0x81 }, /* EF_PK.NKS.ENC */
+ { 0, 0xC200, 0, 101 }, /* EF_C.NKS.ENC */
+ { 0, 0x43B1, 0, 100 },
+ { 0, 0x43B2, 0, 100 },
+/* The authentication key is not used. */
+/* { 0, 0x4571, 3, 0, 0xC500, 0, 0, 0x82 }, /\* EF_PK.NKS.AUT *\/ */
+/* { 0, 0xC500, 3, 101 }, /\* EF_C.NKS.AUT *\/ */
+ { 0, 0x45B2, 3, 0, 0xC201, 0, 1, 0x83 }, /* EF_PK.NKS.ENC1024 */
+ { 0, 0xC201, 3, 101 }, /* EF_C.NKS.ENC1024 */
+ { 1, 0x4531, 3, 0, 0xC000, 1, 1, 0x84 }, /* EF_PK.CH.SIG */
+ { 1, 0xC000, 0, 101 }, /* EF_C.CH.SIG */
+ { 1, 0xC008, 3, 101 }, /* EF_C.CA.SIG */
+ { 1, 0xC00E, 3, 111 }, /* EF_C.RCA.SIG */
+ { 0, 0 }
+};
+
+
+
+/* Object with application (i.e. NKS) specific data. */
+struct app_local_s {
+ int nks_version; /* NKS version. */
+
+ int sigg_active; /* True if switched to the SigG application. */
+ int sigg_msig_checked;/* True if we checked for a mass signature card. */
+ int sigg_is_msig; /* True if this is a mass signature card. */
+
+ int need_app_select; /* Need to re-select the application. */
+
+};
+
+
+
+static gpg_error_t switch_application (app_t app, int enable_sigg);
+
+
+
+/* Release local data. */
+static void
+do_deinit (app_t app)
+{
+ if (app && app->app_local)
+ {
+ xfree (app->app_local);
+ app->app_local = NULL;
+ }
+}
+
+
+static int
+all_zero_p (void *buffer, size_t length)
+{
+ char *p;
+
+ for (p=buffer; length; length--, p++)
+ if (*p)
+ return 0;
+ return 1;
+}
+
+
+/* Read the file with FID, assume it contains a public key and return
+ its keygrip in the caller provided 41 byte buffer R_GRIPSTR. */
+static gpg_error_t
+keygripstr_from_pk_file (app_t app, int fid, char *r_gripstr)
+{
+ gpg_error_t err;
+ unsigned char grip[20];
+ unsigned char *buffer[2];
+ size_t buflen[2];
+ gcry_sexp_t sexp;
+ int i;
+ int offset[2] = { 0, 0 };
+
+ err = iso7816_select_file (app->slot, fid, 0, NULL, NULL);
+ if (err)
+ return err;
+ err = iso7816_read_record (app->slot, 1, 1, 0, &buffer[0], &buflen[0]);
+ if (err)
+ return err;
+ err = iso7816_read_record (app->slot, 2, 1, 0, &buffer[1], &buflen[1]);
+ if (err)
+ {
+ xfree (buffer[0]);
+ return err;
+ }
+
+ if (app->app_local->nks_version < 3)
+ {
+ /* Old versions of NKS store the values in a TLV encoded format.
+ We need to do some checks. */
+ for (i=0; i < 2; i++)
+ {
+ /* Check that the value appears like an integer encoded as
+ Simple-TLV. We don't check the tag because the tests cards I
+ have use 1 for both, the modulus and the exponent - the
+ example in the documentation gives 2 for the exponent. */
+ if (buflen[i] < 3)
+ err = gpg_error (GPG_ERR_TOO_SHORT);
+ else if (buffer[i][1] != buflen[i]-2 )
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ else
+ offset[i] = 2;
+ }
+ }
+ else
+ {
+ /* Remove leading zeroes to get a correct keygrip. Take care of
+ negative numbers. We should also fix it the same way in
+ libgcrypt but we can't yet rely on it yet. */
+ for (i=0; i < 2; i++)
+ {
+ while (buflen[i]-offset[i] > 1
+ && !buffer[i][offset[i]]
+ && !(buffer[i][offset[i]+1] & 0x80))
+ offset[i]++;
+ }
+ }
+
+ /* Check whether negative values are not prefixed with a zero and
+ fix that. */
+ for (i=0; i < 2; i++)
+ {
+ if ((buflen[i]-offset[i]) && (buffer[i][offset[i]] & 0x80))
+ {
+ unsigned char *newbuf;
+ size_t newlen;
+
+ newlen = 1 + buflen[i] - offset[i];
+ newbuf = xtrymalloc (newlen);
+ if (!newlen)
+ {
+ xfree (buffer[0]);
+ xfree (buffer[1]);
+ return gpg_error_from_syserror ();
+ }
+ newbuf[0] = 0;
+ memcpy (newbuf+1, buffer[i]+offset[i], buflen[i] - offset[i]);
+ xfree (buffer[i]);
+ buffer[i] = newbuf;
+ buflen[i] = newlen;
+ offset[i] = 0;
+ }
+ }
+
+ if (!err)
+ err = gcry_sexp_build (&sexp, NULL,
+ "(public-key (rsa (n %b) (e %b)))",
+ (int)buflen[0]-offset[0], buffer[0]+offset[0],
+ (int)buflen[1]-offset[1], buffer[1]+offset[1]);
+
+ xfree (buffer[0]);
+ xfree (buffer[1]);
+ if (err)
+ return err;
+
+ if (!gcry_pk_get_keygrip (sexp, grip))
+ {
+ err = gpg_error (GPG_ERR_INTERNAL); /* i.e. RSA not supported by
+ libgcrypt. */
+ }
+ else
+ {
+ bin2hex (grip, 20, r_gripstr);
+ }
+ gcry_sexp_release (sexp);
+ return err;
+}
+
+
+/* TCOS responds to a verify with empty data (i.e. without the Lc
+ byte) with the status of the PIN. PWID is the PIN ID, If SIGG is
+ true, the application is switched into SigG mode.
+ Returns:
+ -1 = Error retrieving the data,
+ -2 = No such PIN,
+ -3 = PIN blocked,
+ -4 = NullPIN activ,
+ n >= 0 = Number of verification attempts left. */
+static int
+get_chv_status (app_t app, int sigg, int pwid)
+{
+ unsigned char *result = NULL;
+ size_t resultlen;
+ char command[4];
+ int rc;
+
+ if (switch_application (app, sigg))
+ return sigg? -2 : -1; /* No such PIN / General error. */
+
+ command[0] = 0x00;
+ command[1] = 0x20;
+ command[2] = 0x00;
+ command[3] = pwid;
+
+ if (apdu_send_direct (app->slot, 0, (unsigned char *)command,
+ 4, 0, &result, &resultlen))
+ rc = -1; /* Error. */
+ else if (resultlen < 2)
+ rc = -1; /* Error. */
+ else
+ {
+ unsigned int sw = ((result[resultlen-2] << 8) | result[resultlen-1]);
+
+ if (sw == 0x6a88)
+ rc = -2; /* No such PIN. */
+ else if (sw == 0x6983)
+ rc = -3; /* PIN is blocked. */
+ else if (sw == 0x6985)
+ rc = -4; /* NullPIN is activ. */
+ else if ((sw & 0xfff0) == 0x63C0)
+ rc = (sw & 0x000f); /* PIN has N tries left. */
+ else
+ rc = -1; /* Other error. */
+ }
+ xfree (result);
+
+ return rc;
+}
+
+
+/* Implement the GETATTR command. This is similar to the LEARN
+ command but returns just one value via the status interface. */
+static gpg_error_t
+do_getattr (app_t app, ctrl_t ctrl, const char *name)
+{
+ static struct {
+ const char *name;
+ int special;
+ } table[] = {
+ { "$AUTHKEYID", 1 },
+ { "NKS-VERSION", 2 },
+ { "CHV-STATUS", 3 },
+ { NULL, 0 }
+ };
+ gpg_error_t err = 0;
+ int idx;
+ char buffer[100];
+
+ err = switch_application (app, 0);
+ if (err)
+ return err;
+
+ for (idx=0; table[idx].name && strcmp (table[idx].name, name); idx++)
+ ;
+ if (!table[idx].name)
+ return gpg_error (GPG_ERR_INV_NAME);
+
+ switch (table[idx].special)
+ {
+ case 1: /* $AUTHKEYID */
+ {
+ /* NetKey 3.0 cards define an authentication key but according
+ to the specs this key is only usable for encryption and not
+ signing. it might work anyway but it has not yet been
+ tested - fixme. Thus for now we use the NKS signature key
+ for authentication. */
+ char const tmp[] = "NKS-NKS3.4531";
+ send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0);
+ }
+ break;
+
+ case 2: /* NKS-VERSION */
+ snprintf (buffer, sizeof buffer, "%d", app->app_local->nks_version);
+ send_status_info (ctrl, table[idx].name,
+ buffer, strlen (buffer), NULL, 0);
+ break;
+
+ case 3: /* CHV-STATUS */
+ {
+ /* Returns: PW1.CH PW2.CH PW1.CH.SIG PW2.CH.SIG That are the
+ two global passwords followed by the two SigG passwords.
+ For the values, see the function get_chv_status. */
+ int tmp[4];
+
+ /* We use a helper array so that we can control that there is
+ no superfluous application switch. Note that PW2.CH.SIG
+ really has the identifier 0x83 and not 0x82 as one would
+ expect. */
+ tmp[0] = get_chv_status (app, 0, 0x00);
+ tmp[1] = get_chv_status (app, 0, 0x01);
+ tmp[2] = get_chv_status (app, 1, 0x81);
+ tmp[3] = get_chv_status (app, 1, 0x83);
+ snprintf (buffer, sizeof buffer,
+ "%d %d %d %d", tmp[0], tmp[1], tmp[2], tmp[3]);
+ send_status_info (ctrl, table[idx].name,
+ buffer, strlen (buffer), NULL, 0);
+ }
+ break;
+
+
+ default:
+ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ break;
+ }
+
+ return err;
+}
+
+
+
+static void
+do_learn_status_core (app_t app, ctrl_t ctrl, unsigned int flags, int is_sigg)
+{
+ gpg_error_t err;
+ char ct_buf[100], id_buf[100];
+ int i;
+ const char *tag;
+
+ if (is_sigg)
+ tag = "SIGG";
+ else if (app->app_local->nks_version < 3)
+ tag = "DF01";
+ else
+ tag = "NKS3";
+
+ /* Output information about all useful objects in the NKS application. */
+ for (i=0; filelist[i].fid; i++)
+ {
+ if (filelist[i].nks_ver > app->app_local->nks_version)
+ continue;
+
+ if (!!filelist[i].is_sigg != !!is_sigg)
+ continue;
+
+ if (filelist[i].certtype && !(flags &1))
+ {
+ size_t len;
+
+ len = app_help_read_length_of_cert (app->slot,
+ filelist[i].fid, NULL);
+ if (len)
+ {
+ /* FIXME: We should store the length in the application's
+ context so that a following readcert does only need to
+ read that many bytes. */
+ snprintf (ct_buf, sizeof ct_buf, "%d", filelist[i].certtype);
+ snprintf (id_buf, sizeof id_buf, "NKS-%s.%04X",
+ tag, filelist[i].fid);
+ send_status_info (ctrl, "CERTINFO",
+ ct_buf, strlen (ct_buf),
+ id_buf, strlen (id_buf),
+ NULL, (size_t)0);
+ }
+ }
+ else if (filelist[i].iskeypair)
+ {
+ char gripstr[40+1];
+
+ err = keygripstr_from_pk_file (app, filelist[i].fid, gripstr);
+ if (err)
+ log_error ("can't get keygrip from FID 0x%04X: %s\n",
+ filelist[i].fid, gpg_strerror (err));
+ else
+ {
+ snprintf (id_buf, sizeof id_buf, "NKS-%s.%04X",
+ tag, filelist[i].fid);
+ send_status_info (ctrl, "KEYPAIRINFO",
+ gripstr, 40,
+ id_buf, strlen (id_buf),
+ NULL, (size_t)0);
+ }
+ }
+ }
+
+
+}
+
+
+static gpg_error_t
+do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
+{
+ gpg_error_t err;
+
+ err = switch_application (app, 0);
+ if (err)
+ return err;
+
+ do_learn_status_core (app, ctrl, flags, 0);
+
+ err = switch_application (app, 1);
+ if (err)
+ return 0; /* Silently ignore if we can't switch to SigG. */
+
+ do_learn_status_core (app, ctrl, flags, 1);
+
+ return 0;
+}
+
+
+
+
+/* Read the certificate with id CERTID (as returned by learn_status in
+ the CERTINFO status lines) and return it in the freshly allocated
+ buffer put into CERT and the length of the certificate put into
+ CERTLEN. */
+static gpg_error_t
+do_readcert (app_t app, const char *certid,
+ unsigned char **cert, size_t *certlen)
+{
+ int i, fid;
+ gpg_error_t err;
+ unsigned char *buffer;
+ const unsigned char *p;
+ size_t buflen, n;
+ int class, tag, constructed, ndef;
+ size_t totobjlen, objlen, hdrlen;
+ int rootca = 0;
+ int is_sigg = 0;
+
+ *cert = NULL;
+ *certlen = 0;
+
+ if (!strncmp (certid, "NKS-NKS3.", 9))
+ ;
+ else if (!strncmp (certid, "NKS-DF01.", 9))
+ ;
+ else if (!strncmp (certid, "NKS-SIGG.", 9))
+ is_sigg = 1;
+ else
+ return gpg_error (GPG_ERR_INV_ID);
+
+ err = switch_application (app, is_sigg);
+ if (err)
+ return err;
+
+ certid += 9;
+ if (!hexdigitp (certid) || !hexdigitp (certid+1)
+ || !hexdigitp (certid+2) || !hexdigitp (certid+3)
+ || certid[4])
+ return gpg_error (GPG_ERR_INV_ID);
+ fid = xtoi_4 (certid);
+ for (i=0; filelist[i].fid; i++)
+ if ((filelist[i].certtype || filelist[i].iskeypair)
+ && filelist[i].fid == fid)
+ break;
+ if (!filelist[i].fid)
+ return gpg_error (GPG_ERR_NOT_FOUND);
+
+ /* If the requested objects is a plain public key, redirect it to
+ the corresponding certificate. The whole system is a bit messy
+ because we sometime use the key directly or let the caller
+ retrieve the key from the certificate. The rationale for
+ that is to support not-yet stored certificates. */
+ if (filelist[i].iskeypair)
+ fid = filelist[i].iskeypair;
+
+
+ /* Read the entire file. fixme: This could be optimized by first
+ reading the header to figure out how long the certificate
+ actually is. */
+ err = iso7816_select_file (app->slot, fid, 0, NULL, NULL);
+ if (err)
+ {
+ log_error ("error selecting FID 0x%04X: %s\n", fid, gpg_strerror (err));
+ return err;
+ }
+
+ err = iso7816_read_binary (app->slot, 0, 0, &buffer, &buflen);
+ if (err)
+ {
+ log_error ("error reading certificate from FID 0x%04X: %s\n",
+ fid, gpg_strerror (err));
+ return err;
+ }
+
+ if (!buflen || *buffer == 0xff)
+ {
+ log_info ("no certificate contained in FID 0x%04X\n", fid);
+ err = gpg_error (GPG_ERR_NOT_FOUND);
+ goto leave;
+ }
+
+ /* Now figure something out about the object. */
+ p = buffer;
+ n = buflen;
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (err)
+ goto leave;
+ if ( class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed )
+ ;
+ else if ( class == CLASS_UNIVERSAL && tag == TAG_SET && constructed )
+ rootca = 1;
+ else
+ return gpg_error (GPG_ERR_INV_OBJ);
+ totobjlen = objlen + hdrlen;
+ assert (totobjlen <= buflen);
+
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (err)
+ goto leave;
+
+ if (rootca)
+ ;
+ else if (class == CLASS_UNIVERSAL && tag == TAG_OBJECT_ID && !constructed)
+ {
+ const unsigned char *save_p;
+
+ /* The certificate seems to be contained in a userCertificate
+ container. Skip this and assume the following sequence is
+ the certificate. */
+ if (n < objlen)
+ {
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ goto leave;
+ }
+ p += objlen;
+ n -= objlen;
+ save_p = p;
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (err)
+ goto leave;
+ if ( !(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed) )
+ return gpg_error (GPG_ERR_INV_OBJ);
+ totobjlen = objlen + hdrlen;
+ assert (save_p + totobjlen <= buffer + buflen);
+ memmove (buffer, save_p, totobjlen);
+ }
+
+ *cert = buffer;
+ buffer = NULL;
+ *certlen = totobjlen;
+
+ leave:
+ xfree (buffer);
+ return err;
+}
+
+
+/* Handle the READKEY command. On success a canonical encoded
+ S-expression with the public key will get stored at PK and its
+ length at PKLEN; the caller must release that buffer. On error PK
+ and PKLEN are not changed and an error code is returned. As of now
+ this function is only useful for the internal authentication key.
+ Other keys are automagically retrieved via by means of the
+ certificate parsing code in commands.c:cmd_readkey. For internal
+ use PK and PKLEN may be NULL to just check for an existing key. */
+static gpg_error_t
+do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
+{
+ gpg_error_t err;
+ unsigned char *buffer[2];
+ size_t buflen[2];
+ unsigned short path[1] = { 0x4500 };
+
+ /* We use a generic name to retrieve PK.AUT.IFD-SPK. */
+ if (!strcmp (keyid, "$IFDAUTHKEY") && app->app_local->nks_version >= 3)
+ ;
+ else /* Return the error code expected by cmd_readkey. */
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+
+ /* Access the KEYD file which is always in the master directory. */
+ err = iso7816_select_path (app->slot, path, DIM (path), NULL, NULL);
+ if (err)
+ return err;
+ /* Due to the above select we need to re-select our application. */
+ app->app_local->need_app_select = 1;
+ /* Get the two records. */
+ err = iso7816_read_record (app->slot, 5, 1, 0, &buffer[0], &buflen[0]);
+ if (err)
+ return err;
+ if (all_zero_p (buffer[0], buflen[0]))
+ {
+ xfree (buffer[0]);
+ return gpg_error (GPG_ERR_NOT_FOUND);
+ }
+ err = iso7816_read_record (app->slot, 6, 1, 0, &buffer[1], &buflen[1]);
+ if (err)
+ {
+ xfree (buffer[0]);
+ return err;
+ }
+
+ if (pk && pklen)
+ {
+ *pk = make_canon_sexp_from_rsa_pk (buffer[0], buflen[0],
+ buffer[1], buflen[1],
+ pklen);
+ if (!*pk)
+ err = gpg_error_from_syserror ();
+ }
+
+ xfree (buffer[0]);
+ xfree (buffer[1]);
+ return err;
+}
+
+
+/* Handle the WRITEKEY command for NKS. This function expects a
+ canonical encoded S-expression with the public key in KEYDATA and
+ its length in KEYDATALEN. The only supported KEYID is
+ "$IFDAUTHKEY" to store the terminal key on the card. Bit 0 of
+ FLAGS indicates whether an existing key shall get overwritten.
+ PINCB and PINCB_ARG are the usual arguments for the pinentry
+ callback. */
+static gpg_error_t
+do_writekey (app_t app, ctrl_t ctrl,
+ const char *keyid, unsigned int flags,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const unsigned char *keydata, size_t keydatalen)
+{
+ gpg_error_t err;
+ int force = (flags & 1);
+ const unsigned char *rsa_n = NULL;
+ const unsigned char *rsa_e = NULL;
+ size_t rsa_n_len, rsa_e_len;
+ unsigned int nbits;
+
+ (void)ctrl;
+ (void)pincb;
+ (void)pincb_arg;
+
+ if (!strcmp (keyid, "$IFDAUTHKEY") && app->app_local->nks_version >= 3)
+ ;
+ else
+ return gpg_error (GPG_ERR_INV_ID);
+
+ if (!force && !do_readkey (app, keyid, NULL, NULL))
+ return gpg_error (GPG_ERR_EEXIST);
+
+ /* Parse the S-expression. */
+ err = get_rsa_pk_from_canon_sexp (keydata, keydatalen,
+ &rsa_n, &rsa_n_len, &rsa_e, &rsa_e_len);
+ if (err)
+ goto leave;
+
+ /* Check that the parameters match the requirements. */
+ nbits = app_help_count_bits (rsa_n, rsa_n_len);
+ if (nbits != 1024)
+ {
+ log_error (_("RSA modulus missing or not of size %d bits\n"), 1024);
+ err = gpg_error (GPG_ERR_BAD_PUBKEY);
+ goto leave;
+ }
+
+ nbits = app_help_count_bits (rsa_e, rsa_e_len);
+ if (nbits < 2 || nbits > 32)
+ {
+ log_error (_("RSA public exponent missing or larger than %d bits\n"),
+ 32);
+ err = gpg_error (GPG_ERR_BAD_PUBKEY);
+ goto leave;
+ }
+
+/* /\* Store them. *\/ */
+/* err = verify_pin (app, 0, NULL, pincb, pincb_arg); */
+/* if (err) */
+/* goto leave; */
+
+ /* Send the MSE:Store_Public_Key. */
+ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+/* mse = xtrymalloc (1000); */
+
+/* mse[0] = 0x80; /\* Algorithm reference. *\/ */
+/* mse[1] = 1; */
+/* mse[2] = 0x17; */
+/* mse[3] = 0x84; /\* Private key reference. *\/ */
+/* mse[4] = 1; */
+/* mse[5] = 0x77; */
+/* mse[6] = 0x7F; /\* Public key parameter. *\/ */
+/* mse[7] = 0x49; */
+/* mse[8] = 0x81; */
+/* mse[9] = 3 + 0x80 + 2 + rsa_e_len; */
+/* mse[10] = 0x81; /\* RSA modulus of 128 byte. *\/ */
+/* mse[11] = 0x81; */
+/* mse[12] = rsa_n_len; */
+/* memcpy (mse+12, rsa_n, rsa_n_len); */
+/* mse[10] = 0x82; /\* RSA public exponent of up to 4 bytes. *\/ */
+/* mse[12] = rsa_e_len; */
+/* memcpy (mse+12, rsa_e, rsa_e_len); */
+/* err = iso7816_manage_security_env (app->slot, 0x81, 0xB6, */
+/* mse, sizeof mse); */
+
+ leave:
+ return err;
+}
+
+
+static gpg_error_t
+basic_pin_checks (const char *pinvalue, int minlen, int maxlen)
+{
+ if (strlen (pinvalue) < minlen)
+ {
+ log_error ("PIN is too short; minimum length is %d\n", minlen);
+ return gpg_error (GPG_ERR_BAD_PIN);
+ }
+ if (strlen (pinvalue) > maxlen)
+ {
+ log_error ("PIN is too large; maximum length is %d\n", maxlen);
+ return gpg_error (GPG_ERR_BAD_PIN);
+ }
+ return 0;
+}
+
+
+/* Verify the PIN if required. */
+static gpg_error_t
+verify_pin (app_t app, int pwid, const char *desc,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg)
+{
+ iso7816_pininfo_t pininfo;
+ int rc;
+
+ if (!desc)
+ desc = "PIN";
+
+ memset (&pininfo, 0, sizeof pininfo);
+ pininfo.mode = 1;
+ pininfo.minlen = 6;
+ pininfo.maxlen = 16;
+
+ if (!opt.disable_keypad
+ && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )
+ {
+ rc = pincb (pincb_arg, desc, NULL);
+ if (rc)
+ {
+ log_info (_("PIN callback returned error: %s\n"),
+ gpg_strerror (rc));
+ return rc;
+ }
+
+ rc = iso7816_verify_kp (app->slot, pwid, "", 0, &pininfo);
+ pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
+ }
+ else
+ {
+ char *pinvalue;
+
+ rc = pincb (pincb_arg, desc, &pinvalue);
+ if (rc)
+ {
+ log_info ("PIN callback returned error: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+
+ rc = basic_pin_checks (pinvalue, pininfo.minlen, pininfo.maxlen);
+ if (rc)
+ {
+ xfree (pinvalue);
+ return rc;
+ }
+
+ rc = iso7816_verify (app->slot, pwid, pinvalue, strlen (pinvalue));
+ xfree (pinvalue);
+ }
+
+ if (rc)
+ {
+ if ( gpg_err_code (rc) == GPG_ERR_USE_CONDITIONS )
+ log_error (_("the NullPIN has not yet been changed\n"));
+ else
+ log_error ("verify PIN failed\n");
+ return rc;
+ }
+
+ return 0;
+}
+
+
+/* Create the signature and return the allocated result in OUTDATA.
+ If a PIN is required the PINCB will be used to ask for the PIN;
+ that callback should return the PIN in an allocated buffer and
+ store that in the 3rd argument. */
+static gpg_error_t
+do_sign (app_t app, const char *keyidstr, int hashalgo,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen )
+{
+ static unsigned char sha1_prefix[15] = /* Object ID is 1.3.14.3.2.26 */
+ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
+ 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
+ static unsigned char rmd160_prefix[15] = /* Object ID is 1.3.36.3.2.1 */
+ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
+ 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };
+ int rc, i;
+ int is_sigg = 0;
+ int fid;
+ unsigned char kid;
+ unsigned char data[83]; /* Must be large enough for a SHA-1 digest
+ + the largest OID prefix. */
+ size_t datalen;
+
+ if (!keyidstr || !*keyidstr)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ switch (indatalen)
+ {
+ case 16: case 20: case 35: case 47: case 51: case 67: case 83: break;
+ default: return gpg_error (GPG_ERR_INV_VALUE);
+ }
+
+ /* Check that the provided ID is valid. This is not really needed
+ but we do it to enforce correct usage by the caller. */
+ if (!strncmp (keyidstr, "NKS-NKS3.", 9) )
+ ;
+ else if (!strncmp (keyidstr, "NKS-DF01.", 9) )
+ ;
+ else if (!strncmp (keyidstr, "NKS-SIGG.", 9) )
+ is_sigg = 1;
+ else
+ return gpg_error (GPG_ERR_INV_ID);
+ keyidstr += 9;
+
+ rc = switch_application (app, is_sigg);
+ if (rc)
+ return rc;
+
+ if (is_sigg && app->app_local->sigg_is_msig)
+ {
+ log_info ("mass signature cards are not allowed\n");
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+ }
+
+ if (!hexdigitp (keyidstr) || !hexdigitp (keyidstr+1)
+ || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3)
+ || keyidstr[4])
+ return gpg_error (GPG_ERR_INV_ID);
+ fid = xtoi_4 (keyidstr);
+ for (i=0; filelist[i].fid; i++)
+ if (filelist[i].iskeypair && filelist[i].fid == fid)
+ break;
+ if (!filelist[i].fid)
+ return gpg_error (GPG_ERR_NOT_FOUND);
+ if (!filelist[i].issignkey)
+ return gpg_error (GPG_ERR_INV_ID);
+ kid = filelist[i].kid;
+
+ /* Prepare the DER object from INDATA. */
+ if (app->app_local->nks_version > 2 && (indatalen == 35
+ || indatalen == 47
+ || indatalen == 51
+ || indatalen == 67
+ || indatalen == 83))
+ {
+ /* The caller send data matching the length of the ASN.1 encoded
+ hash for SHA-{1,224,256,384,512}. Assume that is okay. */
+ assert (indatalen <= sizeof data);
+ memcpy (data, indata, indatalen);
+ datalen = indatalen;
+ }
+ else if (indatalen == 35)
+ {
+ /* Alright, the caller was so kind to send us an already
+ prepared DER object. This is for TCOS 2. */
+ if (hashalgo == GCRY_MD_SHA1 && !memcmp (indata, sha1_prefix, 15))
+ ;
+ else if (hashalgo == GCRY_MD_RMD160 && !memcmp (indata,rmd160_prefix,15))
+ ;
+ else
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+ memcpy (data, indata, indatalen);
+ datalen = 35;
+ }
+ else if (indatalen == 20)
+ {
+ if (hashalgo == GCRY_MD_SHA1)
+ memcpy (data, sha1_prefix, 15);
+ else if (hashalgo == GCRY_MD_RMD160)
+ memcpy (data, rmd160_prefix, 15);
+ else
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+ memcpy (data+15, indata, indatalen);
+ datalen = 35;
+ }
+ else
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+
+ /* Send an MSE for PSO:Computer_Signature. */
+ if (app->app_local->nks_version > 2)
+ {
+ unsigned char mse[6];
+
+ mse[0] = 0x80; /* Algorithm reference. */
+ mse[1] = 1;
+ mse[2] = 2; /* RSA, card does pkcs#1 v1.5 padding, no ASN.1 check. */
+ mse[3] = 0x84; /* Private key reference. */
+ mse[4] = 1;
+ mse[5] = kid;
+ rc = iso7816_manage_security_env (app->slot, 0x41, 0xB6,
+ mse, sizeof mse);
+ }
+ /* Verify using PW1.CH. */
+ if (!rc)
+ rc = verify_pin (app, 0, NULL, pincb, pincb_arg);
+ /* Compute the signature. */
+ if (!rc)
+ rc = iso7816_compute_ds (app->slot, 0, data, datalen, 0,
+ outdata, outdatalen);
+ return rc;
+}
+
+
+
+/* Decrypt the data in INDATA and return the allocated result in OUTDATA.
+ If a PIN is required the PINCB will be used to ask for the PIN; it
+ should return the PIN in an allocated buffer and put it into PIN. */
+static gpg_error_t
+do_decipher (app_t app, const char *keyidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen )
+{
+ int rc, i;
+ int is_sigg = 0;
+ int fid;
+ int kid;
+
+ if (!keyidstr || !*keyidstr || !indatalen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ /* Check that the provided ID is valid. This is not really needed
+ but we do it to to enforce correct usage by the caller. */
+ if (!strncmp (keyidstr, "NKS-NKS3.", 9) )
+ ;
+ else if (!strncmp (keyidstr, "NKS-DF01.", 9) )
+ ;
+ else if (!strncmp (keyidstr, "NKS-SIGG.", 9) )
+ is_sigg = 1;
+ else
+ return gpg_error (GPG_ERR_INV_ID);
+ keyidstr += 9;
+
+ rc = switch_application (app, is_sigg);
+ if (rc)
+ return rc;
+
+ if (!hexdigitp (keyidstr) || !hexdigitp (keyidstr+1)
+ || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3)
+ || keyidstr[4])
+ return gpg_error (GPG_ERR_INV_ID);
+ fid = xtoi_4 (keyidstr);
+ for (i=0; filelist[i].fid; i++)
+ if (filelist[i].iskeypair && filelist[i].fid == fid)
+ break;
+ if (!filelist[i].fid)
+ return gpg_error (GPG_ERR_NOT_FOUND);
+ if (!filelist[i].isenckey)
+ return gpg_error (GPG_ERR_INV_ID);
+ kid = filelist[i].kid;
+
+ if (app->app_local->nks_version > 2)
+ {
+ unsigned char mse[6];
+ mse[0] = 0x80; /* Algorithm reference. */
+ mse[1] = 1;
+ mse[2] = 0x0a; /* RSA no padding. (0x1A is pkcs#1.5 padding.) */
+ mse[3] = 0x84; /* Private key reference. */
+ mse[4] = 1;
+ mse[5] = kid;
+ rc = iso7816_manage_security_env (app->slot, 0x41, 0xB8,
+ mse, sizeof mse);
+ }
+ else
+ {
+ static const unsigned char mse[] =
+ {
+ 0x80, 1, 0x10, /* Select algorithm RSA. */
+ 0x84, 1, 0x81 /* Select local secret key 1 for decryption. */
+ };
+ rc = iso7816_manage_security_env (app->slot, 0xC1, 0xB8,
+ mse, sizeof mse);
+
+ }
+
+ if (!rc)
+ rc = verify_pin (app, 0, NULL, pincb, pincb_arg);
+
+ /* Note that we need to use extended length APDUs for TCOS 3 cards.
+ Command chaining does not work. */
+ if (!rc)
+ rc = iso7816_decipher (app->slot, app->app_local->nks_version > 2? 1:0,
+ indata, indatalen, 0, 0x81,
+ outdata, outdatalen);
+ return rc;
+}
+
+
+
+/* Parse a password ID string. Returns NULL on error or a string
+ suitable as passpahrse prompt on success. On success stores the
+ reference value for the password at R_PWID and a flag indicating
+ that the SigG application is to be used at R_SIGG. If NEW_MODE is
+ true, the returned description is suitable for a new Password.
+ Supported values for PWIDSTR are:
+
+ PW1.CH - Global password 1
+ PW2.CH - Global password 2
+ PW1.CH.SIG - SigG password 1
+ PW2.CH.SIG - SigG password 2
+ */
+static const char *
+parse_pwidstr (const char *pwidstr, int new_mode, int *r_sigg, int *r_pwid)
+{
+ const char *desc;
+
+ if (!pwidstr)
+ desc = NULL;
+ else if (!strcmp (pwidstr, "PW1.CH"))
+ {
+ *r_sigg = 0;
+ *r_pwid = 0x00;
+ /* TRANSLATORS: Do not translate the "|*|" prefixes but keep
+ them verbatim at the start of the string. */
+ desc = (new_mode
+ ? _("|N|Please enter a new PIN for the standard keys.")
+ : _("||Please enter the PIN for the standard keys."));
+ }
+ else if (!strcmp (pwidstr, "PW2.CH"))
+ {
+ *r_pwid = 0x01;
+ desc = (new_mode
+ ? _("|NP|Please enter a new PIN Unblocking Code (PUK) "
+ "for the standard keys.")
+ : _("|P|Please enter the PIN Unblocking Code (PUK) "
+ "for the standard keys."));
+ }
+ else if (!strcmp (pwidstr, "PW1.CH.SIG"))
+ {
+ *r_pwid = 0x81;
+ *r_sigg = 1;
+ desc = (new_mode
+ ? _("|N|Please enter a new PIN for the key to create "
+ "qualified signatures.")
+ : _("||Please enter the PIN for the key to create "
+ "qualified signatures."));
+ }
+ else if (!strcmp (pwidstr, "PW2.CH.SIG"))
+ {
+ *r_pwid = 0x83; /* Yes, that is 83 and not 82. */
+ *r_sigg = 1;
+ desc = (new_mode
+ ? _("|NP|Please enter a new PIN Unblocking Code (PUK) "
+ "for the key to create qualified signatures.")
+ : _("|P|Please enter the PIN Unblocking Code (PUK) "
+ "for the key to create qualified signatures."));
+ }
+ else
+ desc = NULL;
+
+ return desc;
+}
+
+
+/* Handle the PASSWD command. See parse_pwidstr() for allowed values
+ for CHVNOSTR. */
+static gpg_error_t
+do_change_pin (app_t app, ctrl_t ctrl, const char *pwidstr,
+ unsigned int flags,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg)
+{
+ gpg_error_t err;
+ char *newpin = NULL;
+ char *oldpin = NULL;
+ size_t newpinlen;
+ size_t oldpinlen;
+ int is_sigg;
+ const char *newdesc;
+ int pwid;
+ iso7816_pininfo_t pininfo;
+
+ (void)ctrl;
+
+ /* The minimum length is enforced by TCOS, the maximum length is
+ just a reasonable value. */
+ memset (&pininfo, 0, sizeof pininfo);
+ pininfo.minlen = 6;
+ pininfo.maxlen = 16;
+
+ newdesc = parse_pwidstr (pwidstr, 1, &is_sigg, &pwid);
+ if (!newdesc)
+ return gpg_error (GPG_ERR_INV_ID);
+
+ err = switch_application (app, is_sigg);
+ if (err)
+ return err;
+
+ if ((flags & APP_CHANGE_FLAG_NULLPIN))
+ {
+ /* With the nullpin flag, we do not verify the PIN - it would
+ fail if the Nullpin is still set. */
+ oldpin = xtrycalloc (1, 6);
+ if (!oldpin)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ oldpinlen = 6;
+ }
+ else
+ {
+ const char *desc;
+ int dummy1, dummy2;
+
+ if ((flags & APP_CHANGE_FLAG_RESET))
+ {
+ /* Reset mode: Ask for the alternate PIN. */
+ const char *altpwidstr;
+
+ if (!strcmp (pwidstr, "PW1.CH"))
+ altpwidstr = "PW2.CH";
+ else if (!strcmp (pwidstr, "PW2.CH"))
+ altpwidstr = "PW1.CH";
+ else if (!strcmp (pwidstr, "PW1.CH.SIG"))
+ altpwidstr = "PW2.CH.SIG";
+ else if (!strcmp (pwidstr, "PW2.CH.SIG"))
+ altpwidstr = "PW1.CH.SIG";
+ else
+ {
+ err = gpg_error (GPG_ERR_BUG);
+ goto leave;
+ }
+ desc = parse_pwidstr (altpwidstr, 0, &dummy1, &dummy2);
+ }
+ else
+ {
+ /* Regular change mode: Ask for the old PIN. */
+ desc = parse_pwidstr (pwidstr, 0, &dummy1, &dummy2);
+ }
+ err = pincb (pincb_arg, desc, &oldpin);
+ if (err)
+ {
+ log_error ("error getting old PIN: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+ oldpinlen = strlen (oldpin);
+ err = basic_pin_checks (oldpin, pininfo.minlen, pininfo.maxlen);
+ if (err)
+ goto leave;
+ }
+
+ err = pincb (pincb_arg, newdesc, &newpin);
+ if (err)
+ {
+ log_error (_("error getting new PIN: %s\n"), gpg_strerror (err));
+ goto leave;
+ }
+ newpinlen = strlen (newpin);
+
+ err = basic_pin_checks (newpin, pininfo.minlen, pininfo.maxlen);
+ if (err)
+ goto leave;
+
+ if ((flags & APP_CHANGE_FLAG_RESET))
+ {
+ char *data;
+ size_t datalen = oldpinlen + newpinlen;
+
+ data = xtrymalloc (datalen);
+ if (!data)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ memcpy (data, oldpin, oldpinlen);
+ memcpy (data+oldpinlen, newpin, newpinlen);
+ err = iso7816_reset_retry_counter_with_rc (app->slot, pwid,
+ data, datalen);
+ wipememory (data, datalen);
+ xfree (data);
+ }
+ else
+ err = iso7816_change_reference_data (app->slot, pwid,
+ oldpin, oldpinlen,
+ newpin, newpinlen);
+ leave:
+ xfree (oldpin);
+ xfree (newpin);
+ return err;
+}
+
+
+/* Perform a simple verify operation. KEYIDSTR should be NULL or empty. */
+static gpg_error_t
+do_check_pin (app_t app, const char *pwidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg)
+{
+ gpg_error_t err;
+ int pwid;
+ int is_sigg;
+ const char *desc;
+
+ desc = parse_pwidstr (pwidstr, 0, &is_sigg, &pwid);
+ if (!desc)
+ return gpg_error (GPG_ERR_INV_ID);
+
+ err = switch_application (app, is_sigg);
+ if (err)
+ return err;
+
+ return verify_pin (app, pwid, desc, pincb, pincb_arg);
+}
+
+
+/* Return the version of the NKS application. */
+static int
+get_nks_version (int slot)
+{
+ unsigned char *result = NULL;
+ size_t resultlen;
+ int type;
+
+ if (iso7816_apdu_direct (slot, "\x80\xaa\x06\x00\x00", 5, 0,
+ &result, &resultlen))
+ return 2; /* NKS 2 does not support this command. */
+
+ /* Example value: 04 11 19 22 21 6A 20 80 03 03 01 01 01 00 00 00
+ vv tt ccccccccccccccccc aa bb cc vvvvvvvvvvv xx
+ vendor (Philips) -+ | | | | | | |
+ chip type -----------+ | | | | | |
+ chip id ----------------+ | | | | |
+ card type (3 - tcos 3) -------------------+ | | | |
+ OS version of card type ---------------------+ | | |
+ OS release of card type ------------------------+ | |
+ OS vendor internal version ------------------------+ |
+ RFU -----------------------------------------------------------+
+ */
+ if (resultlen < 16)
+ type = 0; /* Invalid data returned. */
+ else
+ type = result[8];
+ xfree (result);
+
+ return type;
+}
+
+
+/* If ENABLE_SIGG is true switch to the SigG application if not yet
+ active. If false switch to the NKS application if not yet active.
+ Returns 0 on success. */
+static gpg_error_t
+switch_application (app_t app, int enable_sigg)
+{
+ gpg_error_t err;
+
+ if (((app->app_local->sigg_active && enable_sigg)
+ || (!app->app_local->sigg_active && !enable_sigg))
+ && !app->app_local->need_app_select)
+ return 0; /* Already switched. */
+
+ log_info ("app-nks: switching to %s\n", enable_sigg? "SigG":"NKS");
+ if (enable_sigg)
+ err = iso7816_select_application (app->slot, aid_sigg, sizeof aid_sigg, 0);
+ else
+ err = iso7816_select_application (app->slot, aid_nks, sizeof aid_nks, 0);
+
+ if (!err && enable_sigg && app->app_local->nks_version >= 3
+ && !app->app_local->sigg_msig_checked)
+ {
+ /* Check whether this card is a mass signature card. */
+ unsigned char *buffer;
+ size_t buflen;
+ const unsigned char *tmpl;
+ size_t tmpllen;
+
+ app->app_local->sigg_msig_checked = 1;
+ app->app_local->sigg_is_msig = 1;
+ err = iso7816_select_file (app->slot, 0x5349, 0, NULL, NULL);
+ if (!err)
+ err = iso7816_read_record (app->slot, 1, 1, 0, &buffer, &buflen);
+ if (!err)
+ {
+ tmpl = find_tlv (buffer, buflen, 0x7a, &tmpllen);
+ if (tmpl && tmpllen == 12
+ && !memcmp (tmpl,
+ "\x93\x02\x00\x01\xA4\x06\x83\x01\x81\x83\x01\x83",
+ 12))
+ app->app_local->sigg_is_msig = 0;
+ xfree (buffer);
+ }
+ if (app->app_local->sigg_is_msig)
+ log_info ("This is a mass signature card\n");
+ }
+
+ if (!err)
+ {
+ app->app_local->need_app_select = 0;
+ app->app_local->sigg_active = enable_sigg;
+ }
+ else
+ log_error ("app-nks: error switching to %s: %s\n",
+ enable_sigg? "SigG":"NKS", gpg_strerror (err));
+
+ return err;
+}
+
+
+/* Select the NKS application. */
+gpg_error_t
+app_select_nks (app_t app)
+{
+ int slot = app->slot;
+ int rc;
+
+ rc = iso7816_select_application (slot, aid_nks, sizeof aid_nks, 0);
+ if (!rc)
+ {
+ app->apptype = "NKS";
+
+ app->app_local = xtrycalloc (1, sizeof *app->app_local);
+ if (!app->app_local)
+ {
+ rc = gpg_error (gpg_err_code_from_errno (errno));
+ goto leave;
+ }
+
+ app->app_local->nks_version = get_nks_version (slot);
+ if (opt.verbose)
+ log_info ("Detected NKS version: %d\n", app->app_local->nks_version);
+
+ app->fnc.deinit = do_deinit;
+ app->fnc.learn_status = do_learn_status;
+ app->fnc.readcert = do_readcert;
+ app->fnc.readkey = do_readkey;
+ app->fnc.getattr = do_getattr;
+ app->fnc.setattr = NULL;
+ app->fnc.writekey = do_writekey;
+ app->fnc.genkey = NULL;
+ app->fnc.sign = do_sign;
+ app->fnc.auth = NULL;
+ app->fnc.decipher = do_decipher;
+ app->fnc.change_pin = do_change_pin;
+ app->fnc.check_pin = do_check_pin;
+ }
+
+ leave:
+ if (rc)
+ do_deinit (app);
+ return rc;
+}
+
+
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
new file mode 100644
index 0000000..8a71caf
--- /dev/null
+++ b/scd/app-openpgp.c
@@ -0,0 +1,3813 @@
+/* app-openpgp.c - The OpenPGP card application.
+ * Copyright (C) 2003, 2004, 2005, 2007, 2008,
+ * 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* Some notes:
+
+ CHV means Card Holder Verification and is nothing else than a PIN
+ or password. That term seems to have been used originally with GSM
+ cards. Version v2 of the specs changes the term to the clearer
+ term PW for password. We use the terms here interchangeable
+ because we do not want to change existing strings i18n wise.
+
+ Version 2 of the specs also drops the separate PW2 which was
+ required in v1 due to ISO requirements. It is now possible to have
+ one physical PW but two reference to it so that they can be
+ individually be verified (e.g. to implement a forced verification
+ for one key). Thus you will noticed the use of PW2 with the verify
+ command but not with change_reference_data because the latter
+ operates directly on the physical PW.
+
+ The Reset Code (RC) as implemented by v2 cards uses the same error
+ counter as the PW2 of v1 cards. By default no RC is set and thus
+ that error counter is set to 0. After setting the RC the error
+ counter will be initialized to 3.
+
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <time.h>
+
+#if GNUPG_MAJOR_VERSION == 1
+/* This is used with GnuPG version < 1.9. The code has been source
+ copied from the current GnuPG >= 1.9 and is maintained over
+ there. */
+#include "options.h"
+#include "errors.h"
+#include "memory.h"
+#include "util.h"
+#include "cardglue.h"
+#else /* GNUPG_MAJOR_VERSION != 1 */
+#include "scdaemon.h"
+#endif /* GNUPG_MAJOR_VERSION != 1 */
+
+#include "i18n.h"
+#include "iso7816.h"
+#include "app-common.h"
+#include "tlv.h"
+
+
+/* A table describing the DOs of the card. */
+static struct {
+ int tag;
+ int constructed;
+ int get_from; /* Constructed DO with this DO or 0 for direct access. */
+ int binary:1;
+ int dont_cache:1;
+ int flush_on_error:1;
+ int get_immediate_in_v11:1; /* Enable a hack to bypass the cache of
+ this data object if it is used in 1.1
+ and later versions of the card. This
+ does not work with composite DO and
+ is currently only useful for the CHV
+ status bytes. */
+ int try_extlen:1; /* Large object; try to use an extended
+ length APDU. */
+ char *desc;
+} data_objects[] = {
+ { 0x005E, 0, 0, 1, 0, 0, 0, 0, "Login Data" },
+ { 0x5F50, 0, 0, 0, 0, 0, 0, 0, "URL" },
+ { 0x5F52, 0, 0, 1, 0, 0, 0, 0, "Historical Bytes" },
+ { 0x0065, 1, 0, 1, 0, 0, 0, 0, "Cardholder Related Data"},
+ { 0x005B, 0, 0x65, 0, 0, 0, 0, 0, "Name" },
+ { 0x5F2D, 0, 0x65, 0, 0, 0, 0, 0, "Language preferences" },
+ { 0x5F35, 0, 0x65, 0, 0, 0, 0, 0, "Sex" },
+ { 0x006E, 1, 0, 1, 0, 0, 0, 0, "Application Related Data" },
+ { 0x004F, 0, 0x6E, 1, 0, 0, 0, 0, "AID" },
+ { 0x0073, 1, 0, 1, 0, 0, 0, 0, "Discretionary Data Objects" },
+ { 0x0047, 0, 0x6E, 1, 1, 0, 0, 0, "Card Capabilities" },
+ { 0x00C0, 0, 0x6E, 1, 1, 0, 0, 0, "Extended Card Capabilities" },
+ { 0x00C1, 0, 0x6E, 1, 1, 0, 0, 0, "Algorithm Attributes Signature" },
+ { 0x00C2, 0, 0x6E, 1, 1, 0, 0, 0, "Algorithm Attributes Decryption" },
+ { 0x00C3, 0, 0x6E, 1, 1, 0, 0, 0, "Algorithm Attributes Authentication" },
+ { 0x00C4, 0, 0x6E, 1, 0, 1, 1, 0, "CHV Status Bytes" },
+ { 0x00C5, 0, 0x6E, 1, 0, 0, 0, 0, "Fingerprints" },
+ { 0x00C6, 0, 0x6E, 1, 0, 0, 0, 0, "CA Fingerprints" },
+ { 0x00CD, 0, 0x6E, 1, 0, 0, 0, 0, "Generation time" },
+ { 0x007A, 1, 0, 1, 0, 0, 0, 0, "Security Support Template" },
+ { 0x0093, 0, 0x7A, 1, 1, 0, 0, 0, "Digital Signature Counter" },
+ { 0x0101, 0, 0, 0, 0, 0, 0, 0, "Private DO 1"},
+ { 0x0102, 0, 0, 0, 0, 0, 0, 0, "Private DO 2"},
+ { 0x0103, 0, 0, 0, 0, 0, 0, 0, "Private DO 3"},
+ { 0x0104, 0, 0, 0, 0, 0, 0, 0, "Private DO 4"},
+ { 0x7F21, 1, 0, 1, 0, 0, 0, 1, "Cardholder certificate"},
+ { 0 }
+};
+
+
+/* The format of RSA private keys. */
+typedef enum
+ {
+ RSA_UNKNOWN_FMT,
+ RSA_STD,
+ RSA_STD_N,
+ RSA_CRT,
+ RSA_CRT_N
+ }
+rsa_key_format_t;
+
+
+/* One cache item for DOs. */
+struct cache_s {
+ struct cache_s *next;
+ int tag;
+ size_t length;
+ unsigned char data[1];
+};
+
+
+/* Object with application (i.e. OpenPGP card) specific data. */
+struct app_local_s {
+ /* A linked list with cached DOs. */
+ struct cache_s *cache;
+
+ /* Keep track of the public keys. */
+ struct
+ {
+ int read_done; /* True if we have at least tried to read them. */
+ unsigned char *key; /* This is a malloced buffer with a canonical
+ encoded S-expression encoding a public
+ key. Might be NULL if key is not
+ available. */
+ size_t keylen; /* The length of the above S-expression. This
+ is usually only required for cross checks
+ because the length of an S-expression is
+ implicitly available. */
+ } pk[3];
+
+ unsigned char status_indicator; /* The card status indicator. */
+
+ /* Keep track of the ISO card capabilities. */
+ struct
+ {
+ unsigned int cmd_chaining:1; /* Command chaining is supported. */
+ unsigned int ext_lc_le:1; /* Extended Lc and Le are supported. */
+ } cardcap;
+
+ /* Keep track of extended card capabilities. */
+ struct
+ {
+ unsigned int is_v2:1; /* This is a v2.0 compatible card. */
+ unsigned int get_challenge:1;
+ unsigned int key_import:1;
+ unsigned int change_force_chv:1;
+ unsigned int private_dos:1;
+ unsigned int algo_attr_change:1; /* Algorithm attributes changeable. */
+ unsigned int sm_supported:1; /* Secure Messaging is supported. */
+ unsigned int sm_aes128:1; /* Use AES-128 for SM. */
+ unsigned int max_certlen_3:16;
+ unsigned int max_get_challenge:16; /* Maximum size for get_challenge. */
+ unsigned int max_cmd_data:16; /* Maximum data size for a command. */
+ unsigned int max_rsp_data:16; /* Maximum size of a response. */
+ } extcap;
+
+ /* Flags used to control the application. */
+ struct
+ {
+ unsigned int no_sync:1; /* Do not sync CHV1 and CHV2 */
+ unsigned int def_chv2:1; /* Use 123456 for CHV2. */
+ } flags;
+
+ struct
+ {
+ unsigned int n_bits; /* Size of the modulus in bits. The rest
+ of this strucuire is only valid if
+ this is not 0. */
+ unsigned int e_bits; /* Size of the public exponent in bits. */
+ rsa_key_format_t format;
+ } keyattr[3];
+
+};
+
+
+
+/***** Local prototypes *****/
+static unsigned long convert_sig_counter_value (const unsigned char *value,
+ size_t valuelen);
+static unsigned long get_sig_counter (app_t app);
+static gpg_error_t do_auth (app_t app, const char *keyidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen);
+static void parse_algorithm_attribute (app_t app, int keyno);
+static gpg_error_t change_keyattr_from_string
+ (app_t app,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *value, size_t valuelen);
+
+
+
+
+
+/* Deconstructor. */
+static void
+do_deinit (app_t app)
+{
+ if (app && app->app_local)
+ {
+ struct cache_s *c, *c2;
+ int i;
+
+ for (c = app->app_local->cache; c; c = c2)
+ {
+ c2 = c->next;
+ xfree (c);
+ }
+
+ for (i=0; i < DIM (app->app_local->pk); i++)
+ {
+ xfree (app->app_local->pk[i].key);
+ app->app_local->pk[i].read_done = 0;
+ }
+ xfree (app->app_local);
+ app->app_local = NULL;
+ }
+}
+
+
+/* Wrapper around iso7816_get_data which first tries to get the data
+ from the cache. With GET_IMMEDIATE passed as true, the cache is
+ bypassed. With TRY_EXTLEN extended lengths APDUs are use if
+ supported by the card. */
+static gpg_error_t
+get_cached_data (app_t app, int tag,
+ unsigned char **result, size_t *resultlen,
+ int get_immediate, int try_extlen)
+{
+ gpg_error_t err;
+ int i;
+ unsigned char *p;
+ size_t len;
+ struct cache_s *c;
+ int exmode;
+
+ *result = NULL;
+ *resultlen = 0;
+
+ if (!get_immediate)
+ {
+ for (c=app->app_local->cache; c; c = c->next)
+ if (c->tag == tag)
+ {
+ if(c->length)
+ {
+ p = xtrymalloc (c->length);
+ if (!p)
+ return gpg_error (gpg_err_code_from_errno (errno));
+ memcpy (p, c->data, c->length);
+ *result = p;
+ }
+
+ *resultlen = c->length;
+
+ return 0;
+ }
+ }
+
+ if (try_extlen && app->app_local->cardcap.ext_lc_le)
+ exmode = app->app_local->extcap.max_rsp_data;
+ else
+ exmode = 0;
+
+ err = iso7816_get_data (app->slot, exmode, tag, &p, &len);
+ if (err)
+ return err;
+ *result = p;
+ *resultlen = len;
+
+ /* Check whether we should cache this object. */
+ if (get_immediate)
+ return 0;
+
+ for (i=0; data_objects[i].tag; i++)
+ if (data_objects[i].tag == tag)
+ {
+ if (data_objects[i].dont_cache)
+ return 0;
+ break;
+ }
+
+ /* Okay, cache it. */
+ for (c=app->app_local->cache; c; c = c->next)
+ assert (c->tag != tag);
+
+ c = xtrymalloc (sizeof *c + len);
+ if (c)
+ {
+ memcpy (c->data, p, len);
+ c->length = len;
+ c->tag = tag;
+ c->next = app->app_local->cache;
+ app->app_local->cache = c;
+ }
+
+ return 0;
+}
+
+/* Remove DO at TAG from the cache. */
+static void
+flush_cache_item (app_t app, int tag)
+{
+ struct cache_s *c, *cprev;
+ int i;
+
+ if (!app->app_local)
+ return;
+
+ for (c=app->app_local->cache, cprev=NULL; c ; cprev=c, c = c->next)
+ if (c->tag == tag)
+ {
+ if (cprev)
+ cprev->next = c->next;
+ else
+ app->app_local->cache = c->next;
+ xfree (c);
+
+ for (c=app->app_local->cache; c ; c = c->next)
+ {
+ assert (c->tag != tag); /* Oops: duplicated entry. */
+ }
+ return;
+ }
+
+ /* Try again if we have an outer tag. */
+ for (i=0; data_objects[i].tag; i++)
+ if (data_objects[i].tag == tag && data_objects[i].get_from
+ && data_objects[i].get_from != tag)
+ flush_cache_item (app, data_objects[i].get_from);
+}
+
+/* Flush all entries from the cache which might be out of sync after
+ an error. */
+static void
+flush_cache_after_error (app_t app)
+{
+ int i;
+
+ for (i=0; data_objects[i].tag; i++)
+ if (data_objects[i].flush_on_error)
+ flush_cache_item (app, data_objects[i].tag);
+}
+
+
+/* Flush the entire cache. */
+static void
+flush_cache (app_t app)
+{
+ if (app && app->app_local)
+ {
+ struct cache_s *c, *c2;
+
+ for (c = app->app_local->cache; c; c = c2)
+ {
+ c2 = c->next;
+ xfree (c);
+ }
+ app->app_local->cache = NULL;
+ }
+}
+
+
+/* Get the DO identified by TAG from the card in SLOT and return a
+ buffer with its content in RESULT and NBYTES. The return value is
+ NULL if not found or a pointer which must be used to release the
+ buffer holding value. */
+static void *
+get_one_do (app_t app, int tag, unsigned char **result, size_t *nbytes,
+ int *r_rc)
+{
+ int rc, i;
+ unsigned char *buffer;
+ size_t buflen;
+ unsigned char *value;
+ size_t valuelen;
+ int dummyrc;
+ int exmode;
+
+ if (!r_rc)
+ r_rc = &dummyrc;
+
+ *result = NULL;
+ *nbytes = 0;
+ *r_rc = 0;
+ for (i=0; data_objects[i].tag && data_objects[i].tag != tag; i++)
+ ;
+
+ if (app->card_version > 0x0100 && data_objects[i].get_immediate_in_v11)
+ {
+ if (data_objects[i].try_extlen && app->app_local->cardcap.ext_lc_le)
+ exmode = app->app_local->extcap.max_rsp_data;
+ else
+ exmode = 0;
+ rc = iso7816_get_data (app->slot, exmode, tag, &buffer, &buflen);
+ if (rc)
+ {
+ *r_rc = rc;
+ return NULL;
+ }
+ *result = buffer;
+ *nbytes = buflen;
+ return buffer;
+ }
+
+ value = NULL;
+ rc = -1;
+ if (data_objects[i].tag && data_objects[i].get_from)
+ {
+ rc = get_cached_data (app, data_objects[i].get_from,
+ &buffer, &buflen,
+ (data_objects[i].dont_cache
+ || data_objects[i].get_immediate_in_v11),
+ data_objects[i].try_extlen);
+ if (!rc)
+ {
+ const unsigned char *s;
+
+ s = find_tlv_unchecked (buffer, buflen, tag, &valuelen);
+ if (!s)
+ value = NULL; /* not found */
+ else if (valuelen > buflen - (s - buffer))
+ {
+ log_error ("warning: constructed DO too short\n");
+ value = NULL;
+ xfree (buffer); buffer = NULL;
+ }
+ else
+ value = buffer + (s - buffer);
+ }
+ }
+
+ if (!value) /* Not in a constructed DO, try simple. */
+ {
+ rc = get_cached_data (app, tag, &buffer, &buflen,
+ (data_objects[i].dont_cache
+ || data_objects[i].get_immediate_in_v11),
+ data_objects[i].try_extlen);
+ if (!rc)
+ {
+ value = buffer;
+ valuelen = buflen;
+ }
+ }
+
+ if (!rc)
+ {
+ *nbytes = valuelen;
+ *result = value;
+ return buffer;
+ }
+ *r_rc = rc;
+ return NULL;
+}
+
+
+static void
+dump_all_do (int slot)
+{
+ int rc, i, j;
+ unsigned char *buffer;
+ size_t buflen;
+
+ for (i=0; data_objects[i].tag; i++)
+ {
+ if (data_objects[i].get_from)
+ continue;
+
+ /* We don't try extended length APDU because such large DO would
+ be pretty useless in a log file. */
+ rc = iso7816_get_data (slot, 0, data_objects[i].tag, &buffer, &buflen);
+ if (gpg_err_code (rc) == GPG_ERR_NO_OBJ)
+ ;
+ else if (rc)
+ log_info ("DO `%s' not available: %s\n",
+ data_objects[i].desc, gpg_strerror (rc));
+ else
+ {
+ if (data_objects[i].binary)
+ {
+ log_info ("DO `%s': ", data_objects[i].desc);
+ log_printhex ("", buffer, buflen);
+ }
+ else
+ log_info ("DO `%s': `%.*s'\n",
+ data_objects[i].desc,
+ (int)buflen, buffer); /* FIXME: sanitize */
+
+ if (data_objects[i].constructed)
+ {
+ for (j=0; data_objects[j].tag; j++)
+ {
+ const unsigned char *value;
+ size_t valuelen;
+
+ if (j==i || data_objects[i].tag != data_objects[j].get_from)
+ continue;
+ value = find_tlv_unchecked (buffer, buflen,
+ data_objects[j].tag, &valuelen);
+ if (!value)
+ ; /* not found */
+ else if (valuelen > buflen - (value - buffer))
+ log_error ("warning: constructed DO too short\n");
+ else
+ {
+ if (data_objects[j].binary)
+ {
+ log_info ("DO `%s': ", data_objects[j].desc);
+ if (valuelen > 200)
+ log_info ("[%u]\n", (unsigned int)valuelen);
+ else
+ log_printhex ("", value, valuelen);
+ }
+ else
+ log_info ("DO `%s': `%.*s'\n",
+ data_objects[j].desc,
+ (int)valuelen, value); /* FIXME: sanitize */
+ }
+ }
+ }
+ }
+ xfree (buffer); buffer = NULL;
+ }
+}
+
+
+/* Count the number of bits, assuming the A represents an unsigned big
+ integer of length LEN bytes. */
+static unsigned int
+count_bits (const unsigned char *a, size_t len)
+{
+ unsigned int n = len * 8;
+ int i;
+
+ for (; len && !*a; len--, a++, n -=8)
+ ;
+ if (len)
+ {
+ for (i=7; i && !(*a & (1<<i)); i--)
+ n--;
+ }
+ return n;
+}
+
+/* GnuPG makes special use of the login-data DO, this function parses
+ the login data to store the flags for later use. It may be called
+ at any time and should be called after changing the login-data DO.
+
+ Everything up to a LF is considered a mailbox or account name. If
+ the first LF is followed by DC4 (0x14) control sequence are
+ expected up to the next LF. Control sequences are separated by FS
+ (0x18) and consist of key=value pairs. There is one key defined:
+
+ F=<flags>
+
+ Were FLAGS is a plain hexadecimal number representing flag values.
+ The lsb is here the rightmost bit. Defined flags bits are:
+
+ Bit 0 = CHV1 and CHV2 are not syncronized
+ Bit 1 = CHV2 has been been set to the default PIN of "123456"
+ (this implies that bit 0 is also set).
+
+*/
+static void
+parse_login_data (app_t app)
+{
+ unsigned char *buffer, *p;
+ size_t buflen, len;
+ void *relptr;
+
+ /* Set defaults. */
+ app->app_local->flags.no_sync = 0;
+ app->app_local->flags.def_chv2 = 0;
+
+ /* Read the DO. */
+ relptr = get_one_do (app, 0x005E, &buffer, &buflen, NULL);
+ if (!relptr)
+ return; /* Ooops. */
+ for (; buflen; buflen--, buffer++)
+ if (*buffer == '\n')
+ break;
+ if (buflen < 2 || buffer[1] != '\x14')
+ return; /* No control sequences. */
+ buflen--;
+ buffer++;
+ do
+ {
+ buflen--;
+ buffer++;
+ if (buflen > 1 && *buffer == 'F' && buffer[1] == '=')
+ {
+ /* Flags control sequence found. */
+ int lastdig = 0;
+
+ /* For now we are only interested in the last digit, so skip
+ any leading digits but bail out on invalid characters. */
+ for (p=buffer+2, len = buflen-2; len && hexdigitp (p); p++, len--)
+ lastdig = xtoi_1 (p);
+ if (len && !(*p == '\n' || *p == '\x18'))
+ goto next; /* Invalid characters in field. */
+ app->app_local->flags.no_sync = !!(lastdig & 1);
+ app->app_local->flags.def_chv2 = (lastdig & 3) == 3;
+ }
+ next:
+ for (; buflen && *buffer != '\x18'; buflen--, buffer++)
+ if (*buffer == '\n')
+ buflen = 1;
+ }
+ while (buflen);
+
+ xfree (relptr);
+}
+
+/* Note, that FPR must be at least 20 bytes. */
+static gpg_error_t
+store_fpr (app_t app, int keynumber, u32 timestamp,
+ const unsigned char *m, size_t mlen,
+ const unsigned char *e, size_t elen,
+ unsigned char *fpr, unsigned int card_version)
+{
+ unsigned int n, nbits;
+ unsigned char *buffer, *p;
+ int tag, tag2;
+ int rc;
+
+ for (; mlen && !*m; mlen--, m++) /* strip leading zeroes */
+ ;
+ for (; elen && !*e; elen--, e++) /* strip leading zeroes */
+ ;
+
+ n = 6 + 2 + mlen + 2 + elen;
+ p = buffer = xtrymalloc (3 + n);
+ if (!buffer)
+ return gpg_error_from_syserror ();
+
+ *p++ = 0x99; /* ctb */
+ *p++ = n >> 8; /* 2 byte length header */
+ *p++ = n;
+ *p++ = 4; /* key packet version */
+ *p++ = timestamp >> 24;
+ *p++ = timestamp >> 16;
+ *p++ = timestamp >> 8;
+ *p++ = timestamp;
+ *p++ = 1; /* RSA */
+ nbits = count_bits (m, mlen);
+ *p++ = nbits >> 8;
+ *p++ = nbits;
+ memcpy (p, m, mlen); p += mlen;
+ nbits = count_bits (e, elen);
+ *p++ = nbits >> 8;
+ *p++ = nbits;
+ memcpy (p, e, elen); p += elen;
+
+ gcry_md_hash_buffer (GCRY_MD_SHA1, fpr, buffer, n+3);
+
+ xfree (buffer);
+
+ tag = (card_version > 0x0007? 0xC7 : 0xC6) + keynumber;
+ flush_cache_item (app, tag);
+ tag2 = 0xCE + keynumber;
+ flush_cache_item (app, tag2);
+
+ rc = iso7816_put_data (app->slot, 0, tag, fpr, 20);
+ if (rc)
+ log_error (_("failed to store the fingerprint: %s\n"),gpg_strerror (rc));
+
+ if (!rc && card_version > 0x0100)
+ {
+ unsigned char buf[4];
+
+ buf[0] = timestamp >> 24;
+ buf[1] = timestamp >> 16;
+ buf[2] = timestamp >> 8;
+ buf[3] = timestamp;
+
+ rc = iso7816_put_data (app->slot, 0, tag2, buf, 4);
+ if (rc)
+ log_error (_("failed to store the creation date: %s\n"),
+ gpg_strerror (rc));
+ }
+
+ return rc;
+}
+
+
+static void
+send_fpr_if_not_null (ctrl_t ctrl, const char *keyword,
+ int number, const unsigned char *fpr)
+{
+ int i;
+ char buf[41];
+ char numbuf[25];
+
+ for (i=0; i < 20 && !fpr[i]; i++)
+ ;
+ if (i==20)
+ return; /* All zero. */
+ bin2hex (fpr, 20, buf);
+ if (number == -1)
+ *numbuf = 0; /* Don't print the key number */
+ else
+ sprintf (numbuf, "%d", number);
+ send_status_info (ctrl, keyword,
+ numbuf, (size_t)strlen(numbuf),
+ buf, (size_t)strlen (buf), NULL, 0);
+}
+
+static void
+send_fprtime_if_not_null (ctrl_t ctrl, const char *keyword,
+ int number, const unsigned char *stamp)
+{
+ char numbuf1[50], numbuf2[50];
+ unsigned long value;
+
+ value = (stamp[0] << 24) | (stamp[1]<<16) | (stamp[2]<<8) | stamp[3];
+ if (!value)
+ return;
+ sprintf (numbuf1, "%d", number);
+ sprintf (numbuf2, "%lu", value);
+ send_status_info (ctrl, keyword,
+ numbuf1, (size_t)strlen(numbuf1),
+ numbuf2, (size_t)strlen(numbuf2), NULL, 0);
+}
+
+static void
+send_key_data (ctrl_t ctrl, const char *name,
+ const unsigned char *a, size_t alen)
+{
+ char *buffer, *buf;
+ size_t buflen;
+
+ buffer = buf = bin2hex (a, alen, NULL);
+ if (!buffer)
+ {
+ log_error ("memory allocation error in send_key_data\n");
+ return;
+ }
+ buflen = strlen (buffer);
+
+ /* 768 is the hexified size for the modulus of an 3072 bit key. We
+ use extra chunks to transmit larger data (i.e for 4096 bit). */
+ for ( ;buflen > 768; buflen -= 768, buf += 768)
+ send_status_info (ctrl, "KEY-DATA",
+ "-", 1,
+ buf, 768,
+ NULL, 0);
+ send_status_info (ctrl, "KEY-DATA",
+ name, (size_t)strlen(name),
+ buf, buflen,
+ NULL, 0);
+ xfree (buffer);
+}
+
+
+static void
+send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int number)
+{
+ char buffer[200];
+
+ assert (number >=0 && number < DIM(app->app_local->keyattr));
+
+ /* We only support RSA thus the algo identifier is fixed to 1. */
+ snprintf (buffer, sizeof buffer, "%d 1 %u %u %d",
+ number+1,
+ app->app_local->keyattr[number].n_bits,
+ app->app_local->keyattr[number].e_bits,
+ app->app_local->keyattr[number].format);
+ send_status_direct (ctrl, keyword, buffer);
+}
+
+
+/* Implement the GETATTR command. This is similar to the LEARN
+ command but returns just one value via the status interface. */
+static gpg_error_t
+do_getattr (app_t app, ctrl_t ctrl, const char *name)
+{
+ static struct {
+ const char *name;
+ int tag;
+ int special;
+ } table[] = {
+ { "DISP-NAME", 0x005B },
+ { "LOGIN-DATA", 0x005E },
+ { "DISP-LANG", 0x5F2D },
+ { "DISP-SEX", 0x5F35 },
+ { "PUBKEY-URL", 0x5F50 },
+ { "KEY-FPR", 0x00C5, 3 },
+ { "KEY-TIME", 0x00CD, 4 },
+ { "KEY-ATTR", 0x0000, -5 },
+ { "CA-FPR", 0x00C6, 3 },
+ { "CHV-STATUS", 0x00C4, 1 },
+ { "SIG-COUNTER", 0x0093, 2 },
+ { "SERIALNO", 0x004F, -1 },
+ { "AID", 0x004F },
+ { "EXTCAP", 0x0000, -2 },
+ { "PRIVATE-DO-1", 0x0101 },
+ { "PRIVATE-DO-2", 0x0102 },
+ { "PRIVATE-DO-3", 0x0103 },
+ { "PRIVATE-DO-4", 0x0104 },
+ { "$AUTHKEYID", 0x0000, -3 },
+ { "$DISPSERIALNO",0x0000, -4 },
+ { NULL, 0 }
+ };
+ int idx, i, rc;
+ void *relptr;
+ unsigned char *value;
+ size_t valuelen;
+
+ for (idx=0; table[idx].name && strcmp (table[idx].name, name); idx++)
+ ;
+ if (!table[idx].name)
+ return gpg_error (GPG_ERR_INV_NAME);
+
+ if (table[idx].special == -1)
+ {
+ /* The serial number is very special. We could have used the
+ AID DO to retrieve it, but we have it already in the app
+ context and the stamp argument is required anyway which we
+ can't by other means. The AID DO is available anyway but not
+ hex formatted. */
+ char *serial;
+ time_t stamp;
+ char tmp[50];
+
+ if (!app_get_serial_and_stamp (app, &serial, &stamp))
+ {
+ sprintf (tmp, "%lu", (unsigned long)stamp);
+ send_status_info (ctrl, "SERIALNO",
+ serial, strlen (serial),
+ tmp, strlen (tmp),
+ NULL, 0);
+ xfree (serial);
+ }
+ return 0;
+ }
+ if (table[idx].special == -2)
+ {
+ char tmp[100];
+
+ snprintf (tmp, sizeof tmp,
+ "gc=%d ki=%d fc=%d pd=%d mcl3=%u aac=%d sm=%d",
+ app->app_local->extcap.get_challenge,
+ app->app_local->extcap.key_import,
+ app->app_local->extcap.change_force_chv,
+ app->app_local->extcap.private_dos,
+ app->app_local->extcap.max_certlen_3,
+ app->app_local->extcap.algo_attr_change,
+ (app->app_local->extcap.sm_supported
+ ? (app->app_local->extcap.sm_aes128? 7 : 2)
+ : 0));
+ send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0);
+ return 0;
+ }
+ if (table[idx].special == -3)
+ {
+ char const tmp[] = "OPENPGP.3";
+ send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0);
+ return 0;
+ }
+ if (table[idx].special == -4)
+ {
+ char *serial;
+ time_t stamp;
+
+ if (!app_get_serial_and_stamp (app, &serial, &stamp))
+ {
+ if (strlen (serial) > 16+12)
+ {
+ send_status_info (ctrl, table[idx].name, serial+16, 12, NULL, 0);
+ xfree (serial);
+ return 0;
+ }
+ xfree (serial);
+ }
+ return gpg_error (GPG_ERR_INV_NAME);
+ }
+ if (table[idx].special == -5)
+ {
+ for (i=0; i < 3; i++)
+ send_key_attr (ctrl, app, table[idx].name, i);
+ return 0;
+ }
+
+ relptr = get_one_do (app, table[idx].tag, &value, &valuelen, &rc);
+ if (relptr)
+ {
+ if (table[idx].special == 1)
+ {
+ char numbuf[7*23];
+
+ for (i=0,*numbuf=0; i < valuelen && i < 7; i++)
+ sprintf (numbuf+strlen (numbuf), " %d", value[i]);
+ send_status_info (ctrl, table[idx].name,
+ numbuf, strlen (numbuf), NULL, 0);
+ }
+ else if (table[idx].special == 2)
+ {
+ char numbuf[50];
+
+ sprintf (numbuf, "%lu", convert_sig_counter_value (value, valuelen));
+ send_status_info (ctrl, table[idx].name,
+ numbuf, strlen (numbuf), NULL, 0);
+ }
+ else if (table[idx].special == 3)
+ {
+ if (valuelen >= 60)
+ for (i=0; i < 3; i++)
+ send_fpr_if_not_null (ctrl, table[idx].name, i+1, value+i*20);
+ }
+ else if (table[idx].special == 4)
+ {
+ if (valuelen >= 12)
+ for (i=0; i < 3; i++)
+ send_fprtime_if_not_null (ctrl, table[idx].name, i+1, value+i*4);
+ }
+ else
+ send_status_info (ctrl, table[idx].name, value, valuelen, NULL, 0);
+
+ xfree (relptr);
+ }
+ return rc;
+}
+
+/* Retrieve the fingerprint from the card inserted in SLOT and write
+ the according hex representation to FPR. Caller must have provide
+ a buffer at FPR of least 41 bytes. Returns 0 on success or an
+ error code. */
+#if GNUPG_MAJOR_VERSION > 1
+static gpg_error_t
+retrieve_fpr_from_card (app_t app, int keyno, char *fpr)
+{
+ gpg_error_t err = 0;
+ void *relptr;
+ unsigned char *value;
+ size_t valuelen;
+
+ assert (keyno >=0 && keyno <= 2);
+
+ relptr = get_one_do (app, 0x00C5, &value, &valuelen, NULL);
+ if (relptr && valuelen >= 60)
+ bin2hex (value+keyno*20, 20, fpr);
+ else
+ err = gpg_error (GPG_ERR_NOT_FOUND);
+ xfree (relptr);
+ return err;
+}
+#endif /*GNUPG_MAJOR_VERSION > 1*/
+
+
+/* Retrieve the public key material for the RSA key, whose fingerprint
+ is FPR, from gpg output, which can be read through the stream FP.
+ The RSA modulus will be stored at the address of M and MLEN, the
+ public exponent at E and ELEN. Returns zero on success, an error
+ code on failure. Caller must release the allocated buffers at M
+ and E if the function returns success. */
+#if GNUPG_MAJOR_VERSION > 1
+static gpg_error_t
+retrieve_key_material (FILE *fp, const char *hexkeyid,
+ const unsigned char **m, size_t *mlen,
+ const unsigned char **e, size_t *elen)
+{
+ gcry_error_t err = 0;
+ char *line = NULL; /* read_line() buffer. */
+ size_t line_size = 0; /* Helper for for read_line. */
+ int found_key = 0; /* Helper to find a matching key. */
+ unsigned char *m_new = NULL;
+ unsigned char *e_new = NULL;
+ size_t m_new_n = 0;
+ size_t e_new_n = 0;
+
+ /* Loop over all records until we have found the subkey
+ corresponding to the fingerprint. Inm general the first record
+ should be the pub record, but we don't rely on that. Given that
+ we only need to look at one key, it is sufficient to compare the
+ keyid so that we don't need to look at "fpr" records. */
+ for (;;)
+ {
+ char *p;
+ char *fields[6];
+ int nfields;
+ size_t max_length;
+ gcry_mpi_t mpi;
+ int i;
+
+ max_length = 4096;
+ i = read_line (fp, &line, &line_size, &max_length);
+ if (!i)
+ break; /* EOF. */
+ if (i < 0)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave; /* Error. */
+ }
+ if (!max_length)
+ {
+ err = gpg_error (GPG_ERR_TRUNCATED);
+ goto leave; /* Line truncated - we better stop processing. */
+ }
+
+ /* Parse the line into fields. */
+ for (nfields=0, p=line; p && nfields < DIM (fields); nfields++)
+ {
+ fields[nfields] = p;
+ p = strchr (p, ':');
+ if (p)
+ *(p++) = 0;
+ }
+ if (!nfields)
+ continue; /* No fields at all - skip line. */
+
+ if (!found_key)
+ {
+ if ( (!strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") )
+ && nfields > 4 && !strcmp (fields[4], hexkeyid))
+ found_key = 1;
+ continue;
+ }
+
+ if ( !strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") )
+ break; /* Next key - stop. */
+
+ if ( strcmp (fields[0], "pkd") )
+ continue; /* Not a key data record. */
+ i = 0; /* Avoid erroneous compiler warning. */
+ if ( nfields < 4 || (i = atoi (fields[1])) < 0 || i > 1
+ || (!i && m_new) || (i && e_new))
+ {
+ err = gpg_error (GPG_ERR_GENERAL);
+ goto leave; /* Error: Invalid key data record or not an RSA key. */
+ }
+
+ err = gcry_mpi_scan (&mpi, GCRYMPI_FMT_HEX, fields[3], 0, NULL);
+ if (err)
+ mpi = NULL;
+ else if (!i)
+ err = gcry_mpi_aprint (GCRYMPI_FMT_STD, &m_new, &m_new_n, mpi);
+ else
+ err = gcry_mpi_aprint (GCRYMPI_FMT_STD, &e_new, &e_new_n, mpi);
+ gcry_mpi_release (mpi);
+ if (err)
+ goto leave;
+ }
+
+ if (m_new && e_new)
+ {
+ *m = m_new;
+ *mlen = m_new_n;
+ m_new = NULL;
+ *e = e_new;
+ *elen = e_new_n;
+ e_new = NULL;
+ }
+ else
+ err = gpg_error (GPG_ERR_GENERAL);
+
+ leave:
+ xfree (m_new);
+ xfree (e_new);
+ xfree (line);
+ return err;
+}
+#endif /*GNUPG_MAJOR_VERSION > 1*/
+
+
+/* Get the public key for KEYNO and store it as an S-expresion with
+ the APP handle. On error that field gets cleared. If we already
+ know about the public key we will just return. Note that this does
+ not mean a key is available; this is soley indicated by the
+ presence of the app->app_local->pk[KEYNO-1].key field.
+
+ Note that GnuPG 1.x does not need this and it would be too time
+ consuming to send it just for the fun of it. However, given that we
+ use the same code in gpg 1.4, we can't use the gcry S-expresion
+ here but need to open encode it. */
+#if GNUPG_MAJOR_VERSION > 1
+static gpg_error_t
+get_public_key (app_t app, int keyno)
+{
+ gpg_error_t err = 0;
+ unsigned char *buffer;
+ const unsigned char *keydata, *m, *e;
+ size_t buflen, keydatalen, mlen, elen;
+ unsigned char *mbuf = NULL;
+ unsigned char *ebuf = NULL;
+ char *keybuf = NULL;
+ char *keybuf_p;
+
+ if (keyno < 1 || keyno > 3)
+ return gpg_error (GPG_ERR_INV_ID);
+ keyno--;
+
+ /* Already cached? */
+ if (app->app_local->pk[keyno].read_done)
+ return 0;
+
+ xfree (app->app_local->pk[keyno].key);
+ app->app_local->pk[keyno].key = NULL;
+ app->app_local->pk[keyno].keylen = 0;
+
+ m = e = NULL; /* (avoid cc warning) */
+
+ if (app->card_version > 0x0100)
+ {
+ int exmode, le_value;
+
+ /* We may simply read the public key out of these cards. */
+ if (app->app_local->cardcap.ext_lc_le)
+ {
+ exmode = 1; /* Use extended length. */
+ le_value = app->app_local->extcap.max_rsp_data;
+ }
+ else
+ {
+ exmode = 0;
+ le_value = 256; /* Use legacy value. */
+ }
+
+ err = iso7816_read_public_key
+ (app->slot, exmode,
+ (const unsigned char*)(keyno == 0? "\xB6" :
+ keyno == 1? "\xB8" : "\xA4"), 2,
+ le_value,
+ &buffer, &buflen);
+ if (err)
+ {
+ log_error (_("reading public key failed: %s\n"), gpg_strerror (err));
+ goto leave;
+ }
+
+ keydata = find_tlv (buffer, buflen, 0x7F49, &keydatalen);
+ if (!keydata)
+ {
+ err = gpg_error (GPG_ERR_CARD);
+ log_error (_("response does not contain the public key data\n"));
+ goto leave;
+ }
+
+ m = find_tlv (keydata, keydatalen, 0x0081, &mlen);
+ if (!m)
+ {
+ err = gpg_error (GPG_ERR_CARD);
+ log_error (_("response does not contain the RSA modulus\n"));
+ goto leave;
+ }
+
+
+ e = find_tlv (keydata, keydatalen, 0x0082, &elen);
+ if (!e)
+ {
+ err = gpg_error (GPG_ERR_CARD);
+ log_error (_("response does not contain the RSA public exponent\n"));
+ goto leave;
+ }
+
+ /* Prepend numbers with a 0 if needed. */
+ if (mlen && (*m & 0x80))
+ {
+ mbuf = xtrymalloc ( mlen + 1);
+ if (!mbuf)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ *mbuf = 0;
+ memcpy (mbuf+1, m, mlen);
+ mlen++;
+ m = mbuf;
+ }
+ if (elen && (*e & 0x80))
+ {
+ ebuf = xtrymalloc ( elen + 1);
+ if (!ebuf)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ *ebuf = 0;
+ memcpy (ebuf+1, e, elen);
+ elen++;
+ e = ebuf;
+ }
+
+ }
+ else
+ {
+ /* Due to a design problem in v1.0 cards we can't get the public
+ key out of these cards without doing a verify on CHV3.
+ Clearly that is not an option and thus we try to locate the
+ key using an external helper.
+
+ The helper we use here is gpg itself, which should know about
+ the key in any case. */
+
+ char fpr[41];
+ char *hexkeyid;
+ char *command = NULL;
+ FILE *fp;
+ int ret;
+
+ buffer = NULL; /* We don't need buffer. */
+
+ err = retrieve_fpr_from_card (app, keyno, fpr);
+ if (err)
+ {
+ log_error ("error while retrieving fpr from card: %s\n",
+ gpg_strerror (err));
+ goto leave;
+ }
+ hexkeyid = fpr + 24;
+
+ ret = estream_asprintf (&command,
+ "gpg --list-keys --with-colons --with-key-data '%s'",
+ fpr);
+ if (ret < 0)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+
+ fp = popen (command, "r");
+ xfree (command);
+ if (!fp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("running gpg failed: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+
+ err = retrieve_key_material (fp, hexkeyid, &m, &mlen, &e, &elen);
+ fclose (fp);
+ if (err)
+ {
+ log_error ("error while retrieving key material through pipe: %s\n",
+ gpg_strerror (err));
+ goto leave;
+ }
+ }
+
+ /* Allocate a buffer to construct the S-expression. */
+ /* FIXME: We should provide a generalized S-expression creation
+ mechanism. */
+ keybuf = xtrymalloc (50 + 2*35 + mlen + elen + 1);
+ if (!keybuf)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+
+ sprintf (keybuf, "(10:public-key(3:rsa(1:n%u:", (unsigned int) mlen);
+ keybuf_p = keybuf + strlen (keybuf);
+ memcpy (keybuf_p, m, mlen);
+ keybuf_p += mlen;
+ sprintf (keybuf_p, ")(1:e%u:", (unsigned int)elen);
+ keybuf_p += strlen (keybuf_p);
+ memcpy (keybuf_p, e, elen);
+ keybuf_p += elen;
+ strcpy (keybuf_p, ")))");
+ keybuf_p += strlen (keybuf_p);
+
+ app->app_local->pk[keyno].key = (unsigned char*)keybuf;
+ app->app_local->pk[keyno].keylen = (keybuf_p - keybuf);
+
+ leave:
+ /* Set a flag to indicate that we tried to read the key. */
+ app->app_local->pk[keyno].read_done = 1;
+
+ xfree (buffer);
+ xfree (mbuf);
+ xfree (ebuf);
+ return 0;
+}
+#endif /* GNUPG_MAJOR_VERSION > 1 */
+
+
+
+/* Send the KEYPAIRINFO back. KEYNO needs to be in the range [1,3].
+ This is used by the LEARN command. */
+static gpg_error_t
+send_keypair_info (app_t app, ctrl_t ctrl, int keyno)
+{
+ gpg_error_t err = 0;
+ /* Note that GnuPG 1.x does not need this and it would be too time
+ consuming to send it just for the fun of it. */
+#if GNUPG_MAJOR_VERSION > 1
+ unsigned char grip[20];
+ char gripstr[41];
+ char idbuf[50];
+
+ err = get_public_key (app, keyno);
+ if (err)
+ goto leave;
+
+ assert (keyno >= 1 && keyno <= 3);
+ if (!app->app_local->pk[keyno-1].key)
+ goto leave; /* No such key - ignore. */
+
+ err = keygrip_from_canon_sexp (app->app_local->pk[keyno-1].key,
+ app->app_local->pk[keyno-1].keylen,
+ grip);
+ if (err)
+ goto leave;
+
+ bin2hex (grip, 20, gripstr);
+
+ sprintf (idbuf, "OPENPGP.%d", keyno);
+ send_status_info (ctrl, "KEYPAIRINFO",
+ gripstr, 40,
+ idbuf, strlen (idbuf),
+ NULL, (size_t)0);
+
+ leave:
+#endif /* GNUPG_MAJOR_VERSION > 1 */
+
+ return err;
+}
+
+
+/* Handle the LEARN command for OpenPGP. */
+static gpg_error_t
+do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
+{
+ (void)flags;
+
+ do_getattr (app, ctrl, "EXTCAP");
+ do_getattr (app, ctrl, "DISP-NAME");
+ do_getattr (app, ctrl, "DISP-LANG");
+ do_getattr (app, ctrl, "DISP-SEX");
+ do_getattr (app, ctrl, "PUBKEY-URL");
+ do_getattr (app, ctrl, "LOGIN-DATA");
+ do_getattr (app, ctrl, "KEY-FPR");
+ if (app->card_version > 0x0100)
+ do_getattr (app, ctrl, "KEY-TIME");
+ do_getattr (app, ctrl, "CA-FPR");
+ do_getattr (app, ctrl, "CHV-STATUS");
+ do_getattr (app, ctrl, "SIG-COUNTER");
+ if (app->app_local->extcap.private_dos)
+ {
+ do_getattr (app, ctrl, "PRIVATE-DO-1");
+ do_getattr (app, ctrl, "PRIVATE-DO-2");
+ if (app->did_chv2)
+ do_getattr (app, ctrl, "PRIVATE-DO-3");
+ if (app->did_chv3)
+ do_getattr (app, ctrl, "PRIVATE-DO-4");
+ }
+ send_keypair_info (app, ctrl, 1);
+ send_keypair_info (app, ctrl, 2);
+ send_keypair_info (app, ctrl, 3);
+ /* Note: We do not send the Cardholder Certificate, because that is
+ relativly long and for OpenPGP applications not really needed. */
+ return 0;
+}
+
+
+/* Handle the READKEY command for OpenPGP. On success a canonical
+ encoded S-expression with the public key will get stored at PK and
+ its length (for assertions) at PKLEN; the caller must release that
+ buffer. On error PK and PKLEN are not changed and an error code is
+ returned. */
+static gpg_error_t
+do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
+{
+#if GNUPG_MAJOR_VERSION > 1
+ gpg_error_t err;
+ int keyno;
+ unsigned char *buf;
+
+ if (!strcmp (keyid, "OPENPGP.1"))
+ keyno = 1;
+ else if (!strcmp (keyid, "OPENPGP.2"))
+ keyno = 2;
+ else if (!strcmp (keyid, "OPENPGP.3"))
+ keyno = 3;
+ else
+ return gpg_error (GPG_ERR_INV_ID);
+
+ err = get_public_key (app, keyno);
+ if (err)
+ return err;
+
+ buf = app->app_local->pk[keyno-1].key;
+ if (!buf)
+ return gpg_error (GPG_ERR_NO_PUBKEY);
+ *pklen = app->app_local->pk[keyno-1].keylen;;
+ *pk = xtrymalloc (*pklen);
+ if (!*pk)
+ {
+ err = gpg_error_from_syserror ();
+ *pklen = 0;
+ return err;
+ }
+ memcpy (*pk, buf, *pklen);
+ return 0;
+#else
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
+}
+
+/* Read the standard certificate of an OpenPGP v2 card. It is
+ returned in a freshly allocated buffer with that address stored at
+ CERT and the length of the certificate stored at CERTLEN. CERTID
+ needs to be set to "OPENPGP.3". */
+static gpg_error_t
+do_readcert (app_t app, const char *certid,
+ unsigned char **cert, size_t *certlen)
+{
+#if GNUPG_MAJOR_VERSION > 1
+ gpg_error_t err;
+ unsigned char *buffer;
+ size_t buflen;
+ void *relptr;
+
+ *cert = NULL;
+ *certlen = 0;
+ if (strcmp (certid, "OPENPGP.3"))
+ return gpg_error (GPG_ERR_INV_ID);
+ if (!app->app_local->extcap.is_v2)
+ return gpg_error (GPG_ERR_NOT_FOUND);
+
+ relptr = get_one_do (app, 0x7F21, &buffer, &buflen, NULL);
+ if (!relptr)
+ return gpg_error (GPG_ERR_NOT_FOUND);
+
+ if (!buflen)
+ err = gpg_error (GPG_ERR_NOT_FOUND);
+ else if (!(*cert = xtrymalloc (buflen)))
+ err = gpg_error_from_syserror ();
+ else
+ {
+ memcpy (*cert, buffer, buflen);
+ *certlen = buflen;
+ err = 0;
+ }
+ xfree (relptr);
+ return err;
+#else
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
+}
+
+
+/* Verify a CHV either using using the pinentry or if possibile by
+ using a keypad. PINCB and PINCB_ARG describe the usual callback
+ for the pinentry. CHVNO must be either 1 or 2. SIGCOUNT is only
+ used with CHV1. PINVALUE is the address of a pointer which will
+ receive a newly allocated block with the actual PIN (this is useful
+ in case that PIN shall be used for another verify operation). The
+ caller needs to free this value. If the function returns with
+ success and NULL is stored at PINVALUE, the caller should take this
+ as an indication that the keypad has been used.
+ */
+static gpg_error_t
+verify_a_chv (app_t app,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ int chvno, unsigned long sigcount, char **pinvalue)
+{
+ int rc = 0;
+ char *prompt_buffer = NULL;
+ const char *prompt;
+ iso7816_pininfo_t pininfo;
+ int minlen = 6;
+
+ assert (chvno == 1 || chvno == 2);
+
+ *pinvalue = NULL;
+
+ if (chvno == 2 && app->app_local->flags.def_chv2)
+ {
+ /* Special case for def_chv2 mechanism. */
+ if (opt.verbose)
+ log_info (_("using default PIN as %s\n"), "CHV2");
+ rc = iso7816_verify (app->slot, 0x82, "123456", 6);
+ if (rc)
+ {
+ /* Verification of CHV2 with the default PIN failed,
+ although the card pretends to have the default PIN set as
+ CHV2. We better disable the def_chv2 flag now. */
+ log_info (_("failed to use default PIN as %s: %s"
+ " - disabling further default use\n"),
+ "CHV2", gpg_strerror (rc));
+ app->app_local->flags.def_chv2 = 0;
+ }
+ return rc;
+ }
+
+ memset (&pininfo, 0, sizeof pininfo);
+ pininfo.mode = 1;
+ pininfo.minlen = minlen;
+
+
+ if (chvno == 1)
+ {
+#define PROMPTSTRING _("||Please enter the PIN%%0A[sigs done: %lu]")
+ size_t promptsize = strlen (PROMPTSTRING) + 50;
+
+ prompt_buffer = xtrymalloc (promptsize);
+ if (!prompt_buffer)
+ return gpg_error_from_syserror ();
+ snprintf (prompt_buffer, promptsize-1, PROMPTSTRING, sigcount);
+ prompt = prompt_buffer;
+#undef PROMPTSTRING
+ }
+ else
+ prompt = _("||Please enter the PIN");
+
+
+ if (!opt.disable_keypad
+ && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )
+ {
+ /* The reader supports the verify command through the keypad.
+ Note that the pincb appends a text to the prompt telling the
+ user to use the keypad. */
+ rc = pincb (pincb_arg, prompt, NULL);
+ prompt = NULL;
+ xfree (prompt_buffer);
+ prompt_buffer = NULL;
+ if (rc)
+ {
+ log_info (_("PIN callback returned error: %s\n"),
+ gpg_strerror (rc));
+ return rc;
+ }
+ rc = iso7816_verify_kp (app->slot, 0x80+chvno, "", 0, &pininfo);
+ /* Dismiss the prompt. */
+ pincb (pincb_arg, NULL, NULL);
+
+ assert (!*pinvalue);
+ }
+ else
+ {
+ /* The reader has no keypad or we don't want to use it. */
+ rc = pincb (pincb_arg, prompt, pinvalue);
+ prompt = NULL;
+ xfree (prompt_buffer);
+ prompt_buffer = NULL;
+ if (rc)
+ {
+ log_info (_("PIN callback returned error: %s\n"),
+ gpg_strerror (rc));
+ return rc;
+ }
+
+ if (strlen (*pinvalue) < minlen)
+ {
+ log_error (_("PIN for CHV%d is too short;"
+ " minimum length is %d\n"), chvno, minlen);
+ xfree (*pinvalue);
+ *pinvalue = NULL;
+ return gpg_error (GPG_ERR_BAD_PIN);
+ }
+
+ rc = iso7816_verify (app->slot, 0x80+chvno,
+ *pinvalue, strlen (*pinvalue));
+ }
+
+ if (rc)
+ {
+ log_error (_("verify CHV%d failed: %s\n"), chvno, gpg_strerror (rc));
+ xfree (*pinvalue);
+ *pinvalue = NULL;
+ flush_cache_after_error (app);
+ }
+
+ return rc;
+}
+
+
+/* Verify CHV2 if required. Depending on the configuration of the
+ card CHV1 will also be verified. */
+static gpg_error_t
+verify_chv2 (app_t app,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg)
+{
+ int rc;
+ char *pinvalue;
+
+ if (app->did_chv2)
+ return 0; /* We already verified CHV2. */
+
+ rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue);
+ if (rc)
+ return rc;
+ app->did_chv2 = 1;
+
+ if (!app->did_chv1 && !app->force_chv1 && pinvalue)
+ {
+ /* For convenience we verify CHV1 here too. We do this only if
+ the card is not configured to require a verification before
+ each CHV1 controlled operation (force_chv1) and if we are not
+ using the keypad (PINVALUE == NULL). */
+ rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
+ if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
+ rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
+ if (rc)
+ {
+ log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc));
+ flush_cache_after_error (app);
+ }
+ else
+ app->did_chv1 = 1;
+ }
+
+ xfree (pinvalue);
+
+ return rc;
+}
+
+
+/* Build the prompt to enter the Admin PIN. The prompt depends on the
+ current sdtate of the card. */
+static gpg_error_t
+build_enter_admin_pin_prompt (app_t app, char **r_prompt)
+{
+ void *relptr;
+ unsigned char *value;
+ size_t valuelen;
+ int remaining;
+ char *prompt;
+
+ *r_prompt = NULL;
+
+ relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
+ if (!relptr || valuelen < 7)
+ {
+ log_error (_("error retrieving CHV status from card\n"));
+ xfree (relptr);
+ return gpg_error (GPG_ERR_CARD);
+ }
+ if (value[6] == 0)
+ {
+ log_info (_("card is permanently locked!\n"));
+ xfree (relptr);
+ return gpg_error (GPG_ERR_BAD_PIN);
+ }
+ remaining = value[6];
+ xfree (relptr);
+
+ log_info(_("%d Admin PIN attempts remaining before card"
+ " is permanently locked\n"), remaining);
+
+ if (remaining < 3)
+ {
+ /* TRANSLATORS: Do not translate the "|A|" prefix but keep it at
+ the start of the string. Use %%0A to force a linefeed. */
+ prompt = xtryasprintf (_("|A|Please enter the Admin PIN%%0A"
+ "[remaining attempts: %d]"), remaining);
+ }
+ else
+ prompt = xtrystrdup (_("|A|Please enter the Admin PIN"));
+
+ if (!prompt)
+ return gpg_error_from_syserror ();
+
+ *r_prompt = prompt;
+ return 0;
+}
+
+
+/* Verify CHV3 if required. */
+static gpg_error_t
+verify_chv3 (app_t app,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg)
+{
+ int rc = 0;
+
+#if GNUPG_MAJOR_VERSION != 1
+ if (!opt.allow_admin)
+ {
+ log_info (_("access to admin commands is not configured\n"));
+ return gpg_error (GPG_ERR_EACCES);
+ }
+#endif
+
+ if (!app->did_chv3)
+ {
+ iso7816_pininfo_t pininfo;
+ int minlen = 8;
+ char *prompt;
+
+ memset (&pininfo, 0, sizeof pininfo);
+ pininfo.mode = 1;
+ pininfo.minlen = minlen;
+
+ rc = build_enter_admin_pin_prompt (app, &prompt);
+ if (rc)
+ return rc;
+
+ if (!opt.disable_keypad
+ && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )
+ {
+ /* The reader supports the verify command through the keypad. */
+ rc = pincb (pincb_arg, prompt, NULL);
+ xfree (prompt);
+ prompt = NULL;
+ if (rc)
+ {
+ log_info (_("PIN callback returned error: %s\n"),
+ gpg_strerror (rc));
+ return rc;
+ }
+ rc = iso7816_verify_kp (app->slot, 0x83, "", 0, &pininfo);
+ /* Dismiss the prompt. */
+ pincb (pincb_arg, NULL, NULL);
+ }
+ else
+ {
+ char *pinvalue;
+
+ rc = pincb (pincb_arg, prompt, &pinvalue);
+ xfree (prompt);
+ prompt = NULL;
+ if (rc)
+ {
+ log_info (_("PIN callback returned error: %s\n"),
+ gpg_strerror (rc));
+ return rc;
+ }
+
+ if (strlen (pinvalue) < minlen)
+ {
+ log_error (_("PIN for CHV%d is too short;"
+ " minimum length is %d\n"), 3, minlen);
+ xfree (pinvalue);
+ return gpg_error (GPG_ERR_BAD_PIN);
+ }
+
+ rc = iso7816_verify (app->slot, 0x83, pinvalue, strlen (pinvalue));
+ xfree (pinvalue);
+ }
+
+ if (rc)
+ {
+ log_error (_("verify CHV%d failed: %s\n"), 3, gpg_strerror (rc));
+ flush_cache_after_error (app);
+ return rc;
+ }
+ app->did_chv3 = 1;
+ }
+ return rc;
+}
+
+
+/* Handle the SETATTR operation. All arguments are already basically
+ checked. */
+static gpg_error_t
+do_setattr (app_t app, const char *name,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const unsigned char *value, size_t valuelen)
+{
+ gpg_error_t rc;
+ int idx;
+ static struct {
+ const char *name;
+ int tag;
+ int need_chv;
+ int special;
+ unsigned int need_v2:1;
+ } table[] = {
+ { "DISP-NAME", 0x005B, 3 },
+ { "LOGIN-DATA", 0x005E, 3, 2 },
+ { "DISP-LANG", 0x5F2D, 3 },
+ { "DISP-SEX", 0x5F35, 3 },
+ { "PUBKEY-URL", 0x5F50, 3 },
+ { "CHV-STATUS-1", 0x00C4, 3, 1 },
+ { "CA-FPR-1", 0x00CA, 3 },
+ { "CA-FPR-2", 0x00CB, 3 },
+ { "CA-FPR-3", 0x00CC, 3 },
+ { "PRIVATE-DO-1", 0x0101, 2 },
+ { "PRIVATE-DO-2", 0x0102, 3 },
+ { "PRIVATE-DO-3", 0x0103, 2 },
+ { "PRIVATE-DO-4", 0x0104, 3 },
+ { "CERT-3", 0x7F21, 3, 0, 1 },
+ { "SM-KEY-ENC", 0x00D1, 3, 0, 1 },
+ { "SM-KEY-MAC", 0x00D2, 3, 0, 1 },
+ { "KEY-ATTR", 0, 0, 3, 1 },
+ { NULL, 0 }
+ };
+ int exmode;
+
+ for (idx=0; table[idx].name && strcmp (table[idx].name, name); idx++)
+ ;
+ if (!table[idx].name)
+ return gpg_error (GPG_ERR_INV_NAME);
+ if (table[idx].need_v2 && !app->app_local->extcap.is_v2)
+ return gpg_error (GPG_ERR_NOT_SUPPORTED); /* Not yet supported. */
+
+ if (table[idx].special == 3)
+ return change_keyattr_from_string (app, pincb, pincb_arg, value, valuelen);
+
+ switch (table[idx].need_chv)
+ {
+ case 2:
+ rc = verify_chv2 (app, pincb, pincb_arg);
+ break;
+ case 3:
+ rc = verify_chv3 (app, pincb, pincb_arg);
+ break;
+ default:
+ rc = 0;
+ }
+ if (rc)
+ return rc;
+
+ /* Flush the cache before writing it, so that the next get operation
+ will reread the data from the card and thus get synced in case of
+ errors (e.g. data truncated by the card). */
+ flush_cache_item (app, table[idx].tag);
+
+ if (app->app_local->cardcap.ext_lc_le && valuelen > 254)
+ exmode = 1; /* Use extended length w/o a limit. */
+ else if (app->app_local->cardcap.cmd_chaining && valuelen > 254)
+ exmode = -254; /* Command chaining with max. 254 bytes. */
+ else
+ exmode = 0;
+ rc = iso7816_put_data (app->slot, exmode, table[idx].tag, value, valuelen);
+ if (rc)
+ log_error ("failed to set `%s': %s\n", table[idx].name, gpg_strerror (rc));
+
+ if (table[idx].special == 1)
+ app->force_chv1 = (valuelen && *value == 0);
+ else if (table[idx].special == 2)
+ parse_login_data (app);
+
+ return rc;
+}
+
+
+/* Handle the WRITECERT command for OpenPGP. This rites the standard
+ certifciate to the card; CERTID needs to be set to "OPENPGP.3".
+ PINCB and PINCB_ARG are the usual arguments for the pinentry
+ callback. */
+static gpg_error_t
+do_writecert (app_t app, ctrl_t ctrl,
+ const char *certidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const unsigned char *certdata, size_t certdatalen)
+{
+ (void)ctrl;
+#if GNUPG_MAJOR_VERSION > 1
+ if (strcmp (certidstr, "OPENPGP.3"))
+ return gpg_error (GPG_ERR_INV_ID);
+ if (!certdata || !certdatalen)
+ return gpg_error (GPG_ERR_INV_ARG);
+ if (!app->app_local->extcap.is_v2)
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+ if (certdatalen > app->app_local->extcap.max_certlen_3)
+ return gpg_error (GPG_ERR_TOO_LARGE);
+ return do_setattr (app, "CERT-3", pincb, pincb_arg, certdata, certdatalen);
+#else
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
+}
+
+
+
+/* Handle the PASSWD command. The following combinations are
+ possible:
+
+ Flags CHVNO Vers. Description
+ RESET 1 1 Verify CHV3 and set a new CHV1 and CHV2
+ RESET 1 2 Verify PW3 and set a new PW1.
+ RESET 2 1 Verify CHV3 and set a new CHV1 and CHV2.
+ RESET 2 2 Verify PW3 and set a new Reset Code.
+ RESET 3 any Returns GPG_ERR_INV_ID.
+ - 1 1 Verify CHV2 and set a new CHV1 and CHV2.
+ - 1 2 Verify PW1 and set a new PW1.
+ - 2 1 Verify CHV2 and set a new CHV1 and CHV2.
+ - 2 2 Verify Reset Code and set a new PW1.
+ - 3 any Verify CHV3/PW3 and set a new CHV3/PW3.
+ */
+static gpg_error_t
+do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
+ unsigned int flags,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg)
+{
+ int rc = 0;
+ int chvno = atoi (chvnostr);
+ char *resetcode = NULL;
+ char *oldpinvalue = NULL;
+ char *pinvalue;
+ int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET);
+ int set_resetcode = 0;
+
+ (void)ctrl;
+
+ if (reset_mode && chvno == 3)
+ {
+ rc = gpg_error (GPG_ERR_INV_ID);
+ goto leave;
+ }
+
+ if (!app->app_local->extcap.is_v2)
+ {
+ /* Version 1 cards. */
+
+ if (reset_mode || chvno == 3)
+ {
+ /* We always require that the PIN is entered. */
+ app->did_chv3 = 0;
+ rc = verify_chv3 (app, pincb, pincb_arg);
+ if (rc)
+ goto leave;
+ }
+ else if (chvno == 1 || chvno == 2)
+ {
+ /* On a v1.x card CHV1 and CVH2 should always have the same
+ value, thus we enforce it here. */
+ int save_force = app->force_chv1;
+
+ app->force_chv1 = 0;
+ app->did_chv1 = 0;
+ app->did_chv2 = 0;
+ rc = verify_chv2 (app, pincb, pincb_arg);
+ app->force_chv1 = save_force;
+ if (rc)
+ goto leave;
+ }
+ else
+ {
+ rc = gpg_error (GPG_ERR_INV_ID);
+ goto leave;
+ }
+ }
+ else
+ {
+ /* Version 2 cards. */
+
+ if (reset_mode)
+ {
+ /* To reset a PIN the Admin PIN is required. */
+ app->did_chv3 = 0;
+ rc = verify_chv3 (app, pincb, pincb_arg);
+ if (rc)
+ goto leave;
+
+ if (chvno == 2)
+ set_resetcode = 1;
+ }
+ else if (chvno == 1 || chvno == 3)
+ {
+ int minlen = (chvno ==3)? 8 : 6;
+ char *promptbuf = NULL;
+ const char *prompt;
+
+ if (chvno == 3)
+ {
+ rc = build_enter_admin_pin_prompt (app, &promptbuf);
+ if (rc)
+ goto leave;
+ prompt = promptbuf;
+ }
+ else
+ prompt = _("||Please enter the PIN");
+ rc = pincb (pincb_arg, prompt, &oldpinvalue);
+ xfree (promptbuf);
+ promptbuf = NULL;
+ if (rc)
+ {
+ log_info (_("PIN callback returned error: %s\n"),
+ gpg_strerror (rc));
+ goto leave;
+ }
+
+ if (strlen (oldpinvalue) < minlen)
+ {
+ log_info (_("PIN for CHV%d is too short;"
+ " minimum length is %d\n"), chvno, minlen);
+ rc = gpg_error (GPG_ERR_BAD_PIN);
+ goto leave;
+ }
+ }
+ else if (chvno == 2)
+ {
+ /* There is no PW2 for v2 cards. We use this condition to
+ allow a PW reset using the Reset Code. */
+ void *relptr;
+ unsigned char *value;
+ size_t valuelen;
+ int remaining;
+ int minlen = 8;
+
+ relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
+ if (!relptr || valuelen < 7)
+ {
+ log_error (_("error retrieving CHV status from card\n"));
+ xfree (relptr);
+ rc = gpg_error (GPG_ERR_CARD);
+ goto leave;
+ }
+ remaining = value[5];
+ xfree (relptr);
+ if (!remaining)
+ {
+ log_error (_("Reset Code not or not anymore available\n"));
+ rc = gpg_error (GPG_ERR_BAD_PIN);
+ goto leave;
+ }
+
+ rc = pincb (pincb_arg,
+ _("||Please enter the Reset Code for the card"),
+ &resetcode);
+ if (rc)
+ {
+ log_info (_("PIN callback returned error: %s\n"),
+ gpg_strerror (rc));
+ goto leave;
+ }
+ if (strlen (resetcode) < minlen)
+ {
+ log_info (_("Reset Code is too short; minimum length is %d\n"),
+ minlen);
+ rc = gpg_error (GPG_ERR_BAD_PIN);
+ goto leave;
+ }
+ }
+ else
+ {
+ rc = gpg_error (GPG_ERR_INV_ID);
+ goto leave;
+ }
+ }
+
+ if (chvno == 3)
+ app->did_chv3 = 0;
+ else
+ app->did_chv1 = app->did_chv2 = 0;
+
+ /* TRANSLATORS: Do not translate the "|*|" prefixes but
+ keep it at the start of the string. We need this elsewhere
+ to get some infos on the string. */
+ rc = pincb (pincb_arg,
+ set_resetcode? _("|RN|New Reset Code") :
+ chvno == 3? _("|AN|New Admin PIN") : _("|N|New PIN"),
+ &pinvalue);
+ if (rc)
+ {
+ log_error (_("error getting new PIN: %s\n"), gpg_strerror (rc));
+ goto leave;
+ }
+
+
+ if (resetcode)
+ {
+ char *buffer;
+
+ buffer = xtrymalloc (strlen (resetcode) + strlen (pinvalue) + 1);
+ if (!buffer)
+ rc = gpg_error_from_syserror ();
+ else
+ {
+ strcpy (stpcpy (buffer, resetcode), pinvalue);
+ rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81,
+ buffer, strlen (buffer));
+ wipememory (buffer, strlen (buffer));
+ xfree (buffer);
+ }
+ }
+ else if (set_resetcode)
+ {
+ if (strlen (pinvalue) < 8)
+ {
+ log_error (_("Reset Code is too short; minimum length is %d\n"), 8);
+ rc = gpg_error (GPG_ERR_BAD_PIN);
+ }
+ else
+ rc = iso7816_put_data (app->slot, 0, 0xD3,
+ pinvalue, strlen (pinvalue));
+ }
+ else if (reset_mode)
+ {
+ rc = iso7816_reset_retry_counter (app->slot, 0x81,
+ pinvalue, strlen (pinvalue));
+ if (!rc && !app->app_local->extcap.is_v2)
+ rc = iso7816_reset_retry_counter (app->slot, 0x82,
+ pinvalue, strlen (pinvalue));
+ }
+ else if (!app->app_local->extcap.is_v2)
+ {
+ /* Version 1 cards. */
+ if (chvno == 1 || chvno == 2)
+ {
+ rc = iso7816_change_reference_data (app->slot, 0x81, NULL, 0,
+ pinvalue, strlen (pinvalue));
+ if (!rc)
+ rc = iso7816_change_reference_data (app->slot, 0x82, NULL, 0,
+ pinvalue, strlen (pinvalue));
+ }
+ else /* CHVNO == 3 */
+ {
+ rc = iso7816_change_reference_data (app->slot, 0x80 + chvno, NULL, 0,
+ pinvalue, strlen (pinvalue));
+ }
+ }
+ else
+ {
+ /* Version 2 cards. */
+ assert (chvno == 1 || chvno == 3);
+
+ rc = iso7816_change_reference_data (app->slot, 0x80 + chvno,
+ oldpinvalue, strlen (oldpinvalue),
+ pinvalue, strlen (pinvalue));
+ }
+
+ if (pinvalue)
+ {
+ wipememory (pinvalue, strlen (pinvalue));
+ xfree (pinvalue);
+ }
+ if (rc)
+ flush_cache_after_error (app);
+
+ leave:
+ if (resetcode)
+ {
+ wipememory (resetcode, strlen (resetcode));
+ xfree (resetcode);
+ }
+ if (oldpinvalue)
+ {
+ wipememory (oldpinvalue, strlen (oldpinvalue));
+ xfree (oldpinvalue);
+ }
+ return rc;
+}
+
+
+/* Check whether a key already exists. KEYIDX is the index of the key
+ (0..2). If FORCE is TRUE a diagnositic will be printed but no
+ error returned if the key already exists. The flag GENERATING is
+ only used to print correct messages. */
+static gpg_error_t
+does_key_exist (app_t app, int keyidx, int generating, int force)
+{
+ const unsigned char *fpr;
+ unsigned char *buffer;
+ size_t buflen, n;
+ int i;
+
+ assert (keyidx >=0 && keyidx <= 2);
+
+ if (iso7816_get_data (app->slot, 0, 0x006E, &buffer, &buflen))
+ {
+ log_error (_("error reading application data\n"));
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+ fpr = find_tlv (buffer, buflen, 0x00C5, &n);
+ if (!fpr || n < 60)
+ {
+ log_error (_("error reading fingerprint DO\n"));
+ xfree (buffer);
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+ fpr += 20*keyidx;
+ for (i=0; i < 20 && !fpr[i]; i++)
+ ;
+ xfree (buffer);
+ if (i!=20 && !force)
+ {
+ log_error (_("key already exists\n"));
+ return gpg_error (GPG_ERR_EEXIST);
+ }
+ else if (i!=20)
+ log_info (_("existing key will be replaced\n"));
+ else if (generating)
+ log_info (_("generating new key\n"));
+ else
+ log_info (_("writing new key\n"));
+ return 0;
+}
+
+
+/* Create a TLV tag and value and store it at BUFFER. Return the length
+ of tag and length. A LENGTH greater than 65535 is truncated. */
+static size_t
+add_tlv (unsigned char *buffer, unsigned int tag, size_t length)
+{
+ unsigned char *p = buffer;
+
+ assert (tag <= 0xffff);
+ if ( tag > 0xff )
+ *p++ = tag >> 8;
+ *p++ = tag;
+ if (length < 128)
+ *p++ = length;
+ else if (length < 256)
+ {
+ *p++ = 0x81;
+ *p++ = length;
+ }
+ else
+ {
+ if (length > 0xffff)
+ length = 0xffff;
+ *p++ = 0x82;
+ *p++ = length >> 8;
+ *p++ = length;
+ }
+
+ return p - buffer;
+}
+
+
+/* Build the private key template as specified in the OpenPGP specs
+ v2.0 section 4.3.3.7. */
+static gpg_error_t
+build_privkey_template (app_t app, int keyno,
+ const unsigned char *rsa_n, size_t rsa_n_len,
+ const unsigned char *rsa_e, size_t rsa_e_len,
+ const unsigned char *rsa_p, size_t rsa_p_len,
+ const unsigned char *rsa_q, size_t rsa_q_len,
+ unsigned char **result, size_t *resultlen)
+{
+ size_t rsa_e_reqlen;
+ unsigned char privkey[7*(1+3)];
+ size_t privkey_len;
+ unsigned char exthdr[2+2+3];
+ size_t exthdr_len;
+ unsigned char suffix[2+3];
+ size_t suffix_len;
+ unsigned char *tp;
+ size_t datalen;
+ unsigned char *template;
+ size_t template_size;
+
+ *result = NULL;
+ *resultlen = 0;
+
+ switch (app->app_local->keyattr[keyno].format)
+ {
+ case RSA_STD:
+ case RSA_STD_N:
+ break;
+ case RSA_CRT:
+ case RSA_CRT_N:
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ default:
+ return gpg_error (GPG_ERR_INV_VALUE);
+ }
+
+ /* Get the required length for E. */
+ rsa_e_reqlen = app->app_local->keyattr[keyno].e_bits/8;
+ assert (rsa_e_len <= rsa_e_reqlen);
+
+ /* Build the 7f48 cardholder private key template. */
+ datalen = 0;
+ tp = privkey;
+
+ tp += add_tlv (tp, 0x91, rsa_e_reqlen);
+ datalen += rsa_e_reqlen;
+
+ tp += add_tlv (tp, 0x92, rsa_p_len);
+ datalen += rsa_p_len;
+
+ tp += add_tlv (tp, 0x93, rsa_q_len);
+ datalen += rsa_q_len;
+
+ if (app->app_local->keyattr[keyno].format == RSA_STD_N
+ || app->app_local->keyattr[keyno].format == RSA_CRT_N)
+ {
+ tp += add_tlv (tp, 0x97, rsa_n_len);
+ datalen += rsa_n_len;
+ }
+ privkey_len = tp - privkey;
+
+ /* Build the extended header list without the private key template. */
+ tp = exthdr;
+ *tp++ = keyno ==0 ? 0xb6 : keyno == 1? 0xb8 : 0xa4;
+ *tp++ = 0;
+ tp += add_tlv (tp, 0x7f48, privkey_len);
+ exthdr_len = tp - exthdr;
+
+ /* Build the 5f48 suffix of the data. */
+ tp = suffix;
+ tp += add_tlv (tp, 0x5f48, datalen);
+ suffix_len = tp - suffix;
+
+ /* Now concatenate everything. */
+ template_size = (1 + 3 /* 0x4d and len. */
+ + exthdr_len
+ + privkey_len
+ + suffix_len
+ + datalen);
+ tp = template = xtrymalloc_secure (template_size);
+ if (!template)
+ return gpg_error_from_syserror ();
+
+ tp += add_tlv (tp, 0x4d, exthdr_len + privkey_len + suffix_len + datalen);
+ memcpy (tp, exthdr, exthdr_len);
+ tp += exthdr_len;
+ memcpy (tp, privkey, privkey_len);
+ tp += privkey_len;
+ memcpy (tp, suffix, suffix_len);
+ tp += suffix_len;
+
+ memcpy (tp, rsa_e, rsa_e_len);
+ if (rsa_e_len < rsa_e_reqlen)
+ {
+ /* Right justify E. */
+ memmove (tp + rsa_e_reqlen - rsa_e_len, tp, rsa_e_len);
+ memset (tp, 0, rsa_e_reqlen - rsa_e_len);
+ }
+ tp += rsa_e_reqlen;
+
+ memcpy (tp, rsa_p, rsa_p_len);
+ tp += rsa_p_len;
+
+ memcpy (tp, rsa_q, rsa_q_len);
+ tp += rsa_q_len;
+
+ if (app->app_local->keyattr[keyno].format == RSA_STD_N
+ || app->app_local->keyattr[keyno].format == RSA_CRT_N)
+ {
+ memcpy (tp, rsa_n, rsa_n_len);
+ tp += rsa_n_len;
+ }
+
+ /* Sanity check. We don't know the exact length because we
+ allocated 3 bytes for the first length header. */
+ assert (tp - template <= template_size);
+
+ *result = template;
+ *resultlen = tp - template;
+ return 0;
+}
+
+
+/* Helper for do_writekley to change the size of a key. Not ethat
+ this deletes the entire key without asking. */
+static gpg_error_t
+change_keyattr (app_t app, int keyno, unsigned int nbits,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg)
+{
+ gpg_error_t err;
+ unsigned char *buffer;
+ size_t buflen;
+ void *relptr;
+
+ assert (keyno >=0 && keyno <= 2);
+
+ if (nbits > 4096)
+ return gpg_error (GPG_ERR_TOO_LARGE);
+
+ /* Read the current attributes into a buffer. */
+ relptr = get_one_do (app, 0xC1+keyno, &buffer, &buflen, NULL);
+ if (!relptr)
+ return gpg_error (GPG_ERR_CARD);
+ if (buflen < 6 || buffer[0] != 1)
+ {
+ /* Attriutes too short or not an RSA key. */
+ xfree (relptr);
+ return gpg_error (GPG_ERR_CARD);
+ }
+
+ /* We only change n_bits and don't touch anything else. Before we
+ do so, we round up NBITS to a sensible way in the same way as
+ gpg's key generation does it. This may help to sort out problems
+ with a few bits too short keys. */
+ nbits = ((nbits + 31) / 32) * 32;
+ buffer[1] = (nbits >> 8);
+ buffer[2] = nbits;
+
+ /* Prepare for storing the key. */
+ err = verify_chv3 (app, pincb, pincb_arg);
+ if (err)
+ {
+ xfree (relptr);
+ return err;
+ }
+
+ /* Change the attribute. */
+ err = iso7816_put_data (app->slot, 0, 0xC1+keyno, buffer, buflen);
+ xfree (relptr);
+ if (err)
+ log_error ("error changing size of key %d to %u bits\n", keyno+1, nbits);
+ else
+ log_info ("size of key %d changed to %u bits\n", keyno+1, nbits);
+ flush_cache (app);
+ parse_algorithm_attribute (app, keyno);
+ app->did_chv1 = 0;
+ app->did_chv2 = 0;
+ app->did_chv3 = 0;
+ return err;
+}
+
+
+/* Helper to process an setattr command for name KEY-ATTR. It expects
+ a string "--force <keyno> <algo> <nbits>" in (VALUE,VALUELEN). */
+static gpg_error_t
+change_keyattr_from_string (app_t app,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *value, size_t valuelen)
+{
+ gpg_error_t err;
+ char *string;
+ int keyno, algo;
+ unsigned int nbits;
+
+ /* VALUE is expected to be a string but not guaranteed to be
+ terminated. Thus copy it to an allocated buffer first. */
+ string = xtrymalloc (valuelen+1);
+ if (!string)
+ return gpg_error_from_syserror ();
+ memcpy (string, value, valuelen);
+ string[valuelen] = 0;
+
+ /* Because this function deletes the key we require the string
+ "--force" in the data to make clear that something serious might
+ happen. */
+ if (sscanf (string, " --force %d %d %u", &keyno, &algo, &nbits) != 3)
+ err = gpg_error (GPG_ERR_INV_DATA);
+ else if (keyno < 1 || keyno > 3)
+ err = gpg_error (GPG_ERR_INV_ID);
+ else if (algo != 1)
+ err = gpg_error (GPG_ERR_PUBKEY_ALGO); /* Not RSA. */
+ else if (nbits < 1024)
+ err = gpg_error (GPG_ERR_TOO_SHORT);
+ else
+ err = change_keyattr (app, keyno-1, nbits, pincb, pincb_arg);
+
+ xfree (string);
+ return err;
+}
+
+
+/* Handle the WRITEKEY command for OpenPGP. This function expects a
+ canonical encoded S-expression with the secret key in KEYDATA and
+ its length (for assertions) in KEYDATALEN. KEYID needs to be the
+ usual keyid which for OpenPGP is the string "OPENPGP.n" with
+ n=1,2,3. Bit 0 of FLAGS indicates whether an existing key shall
+ get overwritten. PINCB and PINCB_ARG are the usual arguments for
+ the pinentry callback. */
+static gpg_error_t
+do_writekey (app_t app, ctrl_t ctrl,
+ const char *keyid, unsigned int flags,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const unsigned char *keydata, size_t keydatalen)
+{
+ gpg_error_t err;
+ int force = (flags & 1);
+ int keyno;
+ const unsigned char *buf, *tok;
+ size_t buflen, toklen;
+ int depth, last_depth1, last_depth2;
+ const unsigned char *rsa_n = NULL;
+ const unsigned char *rsa_e = NULL;
+ const unsigned char *rsa_p = NULL;
+ const unsigned char *rsa_q = NULL;
+ size_t rsa_n_len, rsa_e_len, rsa_p_len, rsa_q_len;
+ unsigned int nbits;
+ unsigned int maxbits;
+ unsigned char *template = NULL;
+ unsigned char *tp;
+ size_t template_len;
+ unsigned char fprbuf[20];
+ u32 created_at = 0;
+
+ (void)ctrl;
+
+ if (!strcmp (keyid, "OPENPGP.1"))
+ keyno = 0;
+ else if (!strcmp (keyid, "OPENPGP.2"))
+ keyno = 1;
+ else if (!strcmp (keyid, "OPENPGP.3"))
+ keyno = 2;
+ else
+ return gpg_error (GPG_ERR_INV_ID);
+
+ err = does_key_exist (app, keyno, 0, force);
+ if (err)
+ return err;
+
+
+ /*
+ Parse the S-expression
+ */
+ buf = keydata;
+ buflen = keydatalen;
+ depth = 0;
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ goto leave;
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ goto leave;
+ if (!tok || toklen != 11 || memcmp ("private-key", tok, toklen))
+ {
+ if (!tok)
+ ;
+ else if (toklen == 21 && !memcmp ("protected-private-key", tok, toklen))
+ log_info ("protected-private-key passed to writekey\n");
+ else if (toklen == 20 && !memcmp ("shadowed-private-key", tok, toklen))
+ log_info ("shadowed-private-key passed to writekey\n");
+ err = gpg_error (GPG_ERR_BAD_SECKEY);
+ goto leave;
+ }
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ goto leave;
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ goto leave;
+ if (!tok || toklen != 3 || memcmp ("rsa", tok, toklen))
+ {
+ err = gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
+ goto leave;
+ }
+ last_depth1 = depth;
+ while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
+ && depth && depth >= last_depth1)
+ {
+ if (tok)
+ {
+ err = gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ goto leave;
+ }
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ goto leave;
+ if (tok && toklen == 1)
+ {
+ const unsigned char **mpi;
+ size_t *mpi_len;
+
+ switch (*tok)
+ {
+ case 'n': mpi = &rsa_n; mpi_len = &rsa_n_len; break;
+ case 'e': mpi = &rsa_e; mpi_len = &rsa_e_len; break;
+ case 'p': mpi = &rsa_p; mpi_len = &rsa_p_len; break;
+ case 'q': mpi = &rsa_q; mpi_len = &rsa_q_len;break;
+ default: mpi = NULL; mpi_len = NULL; break;
+ }
+ if (mpi && *mpi)
+ {
+ err = gpg_error (GPG_ERR_DUP_VALUE);
+ goto leave;
+ }
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ goto leave;
+ if (tok && mpi)
+ {
+ /* Strip off leading zero bytes and save. */
+ for (;toklen && !*tok; toklen--, tok++)
+ ;
+ *mpi = tok;
+ *mpi_len = toklen;
+ }
+ }
+ /* Skip until end of list. */
+ last_depth2 = depth;
+ while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
+ && depth && depth >= last_depth2)
+ ;
+ if (err)
+ goto leave;
+ }
+ /* Parse other attributes. */
+ last_depth1 = depth;
+ while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
+ && depth && depth >= last_depth1)
+ {
+ if (tok)
+ {
+ err = gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ goto leave;
+ }
+ if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
+ goto leave;
+ if (tok && toklen == 10 && !memcmp ("created-at", tok, toklen))
+ {
+ if ((err = parse_sexp (&buf,&buflen,&depth,&tok,&toklen)))
+ goto leave;
+ if (tok)
+ {
+ for (created_at=0; toklen && *tok && *tok >= '0' && *tok <= '9';
+ tok++, toklen--)
+ created_at = created_at*10 + (*tok - '0');
+ }
+ }
+ /* Skip until end of list. */
+ last_depth2 = depth;
+ while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
+ && depth && depth >= last_depth2)
+ ;
+ if (err)
+ goto leave;
+ }
+
+
+ /* Check that we have all parameters and that they match the card
+ description. */
+ if (!created_at)
+ {
+ log_error (_("creation timestamp missing\n"));
+ err = gpg_error (GPG_ERR_INV_VALUE);
+ goto leave;
+ }
+
+ maxbits = app->app_local->keyattr[keyno].n_bits;
+ nbits = rsa_n? count_bits (rsa_n, rsa_n_len) : 0;
+ if (opt.verbose)
+ log_info ("RSA modulus size is %u bits (%u bytes)\n",
+ nbits, (unsigned int)rsa_n_len);
+ if (nbits && nbits != maxbits
+ && app->app_local->extcap.algo_attr_change)
+ {
+ /* Try to switch the key to a new length. */
+ err = change_keyattr (app, keyno, nbits, pincb, pincb_arg);
+ if (!err)
+ maxbits = app->app_local->keyattr[keyno].n_bits;
+ }
+ if (nbits != maxbits)
+ {
+ log_error (_("RSA modulus missing or not of size %d bits\n"),
+ (int)maxbits);
+ err = gpg_error (GPG_ERR_BAD_SECKEY);
+ goto leave;
+ }
+
+ maxbits = app->app_local->keyattr[keyno].e_bits;
+ if (maxbits > 32 && !app->app_local->extcap.is_v2)
+ maxbits = 32; /* Our code for v1 does only support 32 bits. */
+ nbits = rsa_e? count_bits (rsa_e, rsa_e_len) : 0;
+ if (nbits < 2 || nbits > maxbits)
+ {
+ log_error (_("RSA public exponent missing or larger than %d bits\n"),
+ (int)maxbits);
+ err = gpg_error (GPG_ERR_BAD_SECKEY);
+ goto leave;
+ }
+
+ maxbits = app->app_local->keyattr[keyno].n_bits/2;
+ nbits = rsa_p? count_bits (rsa_p, rsa_p_len) : 0;
+ if (nbits != maxbits)
+ {
+ log_error (_("RSA prime %s missing or not of size %d bits\n"),
+ "P", (int)maxbits);
+ err = gpg_error (GPG_ERR_BAD_SECKEY);
+ goto leave;
+ }
+ nbits = rsa_q? count_bits (rsa_q, rsa_q_len) : 0;
+ if (nbits != maxbits)
+ {
+ log_error (_("RSA prime %s missing or not of size %d bits\n"),
+ "Q", (int)maxbits);
+ err = gpg_error (GPG_ERR_BAD_SECKEY);
+ goto leave;
+ }
+
+ /* We need to remove the cached public key. */
+ xfree (app->app_local->pk[keyno].key);
+ app->app_local->pk[keyno].key = NULL;
+ app->app_local->pk[keyno].keylen = 0;
+ app->app_local->pk[keyno].read_done = 0;
+
+
+ if (app->app_local->extcap.is_v2)
+ {
+ /* Build the private key template as described in section 4.3.3.7 of
+ the OpenPGP card specs version 2.0. */
+ int exmode;
+
+ err = build_privkey_template (app, keyno,
+ rsa_n, rsa_n_len,
+ rsa_e, rsa_e_len,
+ rsa_p, rsa_p_len,
+ rsa_q, rsa_q_len,
+ &template, &template_len);
+ if (err)
+ goto leave;
+
+ /* Prepare for storing the key. */
+ err = verify_chv3 (app, pincb, pincb_arg);
+ if (err)
+ goto leave;
+
+ /* Store the key. */
+ if (app->app_local->cardcap.ext_lc_le && template_len > 254)
+ exmode = 1; /* Use extended length w/o a limit. */
+ else if (app->app_local->cardcap.cmd_chaining && template_len > 254)
+ exmode = -254;
+ else
+ exmode = 0;
+ err = iso7816_put_data_odd (app->slot, exmode, 0x3fff,
+ template, template_len);
+ }
+ else
+ {
+ /* Build the private key template as described in section 4.3.3.6 of
+ the OpenPGP card specs version 1.1:
+ 0xC0 <length> public exponent
+ 0xC1 <length> prime p
+ 0xC2 <length> prime q
+ */
+ assert (rsa_e_len <= 4);
+ template_len = (1 + 1 + 4
+ + 1 + 1 + rsa_p_len
+ + 1 + 1 + rsa_q_len);
+ template = tp = xtrymalloc_secure (template_len);
+ if (!template)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ *tp++ = 0xC0;
+ *tp++ = 4;
+ memcpy (tp, rsa_e, rsa_e_len);
+ if (rsa_e_len < 4)
+ {
+ /* Right justify E. */
+ memmove (tp+4-rsa_e_len, tp, rsa_e_len);
+ memset (tp, 0, 4-rsa_e_len);
+ }
+ tp += 4;
+
+ *tp++ = 0xC1;
+ *tp++ = rsa_p_len;
+ memcpy (tp, rsa_p, rsa_p_len);
+ tp += rsa_p_len;
+
+ *tp++ = 0xC2;
+ *tp++ = rsa_q_len;
+ memcpy (tp, rsa_q, rsa_q_len);
+ tp += rsa_q_len;
+
+ assert (tp - template == template_len);
+
+ /* Prepare for storing the key. */
+ err = verify_chv3 (app, pincb, pincb_arg);
+ if (err)
+ goto leave;
+
+ /* Store the key. */
+ err = iso7816_put_data (app->slot, 0,
+ (app->card_version > 0x0007? 0xE0:0xE9)+keyno,
+ template, template_len);
+ }
+ if (err)
+ {
+ log_error (_("failed to store the key: %s\n"), gpg_strerror (err));
+ goto leave;
+ }
+
+ err = store_fpr (app, keyno, created_at,
+ rsa_n, rsa_n_len, rsa_e, rsa_e_len,
+ fprbuf, app->card_version);
+ if (err)
+ goto leave;
+
+
+ leave:
+ xfree (template);
+ return err;
+}
+
+
+/* Handle the GENKEY command. */
+static gpg_error_t
+do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
+ time_t createtime,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg)
+{
+ int rc;
+ char numbuf[30];
+ unsigned char fprbuf[20];
+ const unsigned char *keydata, *m, *e;
+ unsigned char *buffer = NULL;
+ size_t buflen, keydatalen, mlen, elen;
+ time_t created_at;
+ int keyno = atoi (keynostr);
+ int force = (flags & 1);
+ time_t start_at;
+ int exmode;
+ int le_value;
+ unsigned int keybits;
+
+ if (keyno < 1 || keyno > 3)
+ return gpg_error (GPG_ERR_INV_ID);
+ keyno--;
+
+ /* We flush the cache to increase the traffic before a key
+ generation. This _might_ help a card to gather more entropy. */
+ flush_cache (app);
+
+ /* Obviously we need to remove the cached public key. */
+ xfree (app->app_local->pk[keyno].key);
+ app->app_local->pk[keyno].key = NULL;
+ app->app_local->pk[keyno].keylen = 0;
+ app->app_local->pk[keyno].read_done = 0;
+
+ /* Check whether a key already exists. */
+ rc = does_key_exist (app, keyno, 1, force);
+ if (rc)
+ return rc;
+
+ /* Because we send the key parameter back via status lines we need
+ to put a limit on the max. allowed keysize. 2048 bit will
+ already lead to a 527 byte long status line and thus a 4096 bit
+ key would exceed the Assuan line length limit. */
+ keybits = app->app_local->keyattr[keyno].n_bits;
+ if (keybits > 4096)
+ return gpg_error (GPG_ERR_TOO_LARGE);
+
+ /* Prepare for key generation by verifying the Admin PIN. */
+ rc = verify_chv3 (app, pincb, pincb_arg);
+ if (rc)
+ goto leave;
+
+ /* Test whether we will need extended length mode. (1900 is an
+ arbitrary length which for sure fits into a short apdu.) */
+ if (app->app_local->cardcap.ext_lc_le && keybits > 1900)
+ {
+ exmode = 1; /* Use extended length w/o a limit. */
+ le_value = app->app_local->extcap.max_rsp_data;
+ /* No need to check le_value because it comes from a 16 bit
+ value and thus can't create an overflow on a 32 bit
+ system. */
+ }
+ else
+ {
+ exmode = 0;
+ le_value = 256; /* Use legacy value. */
+ }
+
+ log_info (_("please wait while key is being generated ...\n"));
+ start_at = time (NULL);
+ rc = iso7816_generate_keypair
+/* # warning key generation temporary replaced by reading an existing key. */
+/* rc = iso7816_read_public_key */
+ (app->slot, exmode,
+ (const unsigned char*)(keyno == 0? "\xB6" :
+ keyno == 1? "\xB8" : "\xA4"), 2,
+ le_value,
+ &buffer, &buflen);
+ if (rc)
+ {
+ rc = gpg_error (GPG_ERR_CARD);
+ log_error (_("generating key failed\n"));
+ goto leave;
+ }
+ log_info (_("key generation completed (%d seconds)\n"),
+ (int)(time (NULL) - start_at));
+
+ keydata = find_tlv (buffer, buflen, 0x7F49, &keydatalen);
+ if (!keydata)
+ {
+ rc = gpg_error (GPG_ERR_CARD);
+ log_error (_("response does not contain the public key data\n"));
+ goto leave;
+ }
+
+ m = find_tlv (keydata, keydatalen, 0x0081, &mlen);
+ if (!m)
+ {
+ rc = gpg_error (GPG_ERR_CARD);
+ log_error (_("response does not contain the RSA modulus\n"));
+ goto leave;
+ }
+ /* log_printhex ("RSA n:", m, mlen); */
+ send_key_data (ctrl, "n", m, mlen);
+
+ e = find_tlv (keydata, keydatalen, 0x0082, &elen);
+ if (!e)
+ {
+ rc = gpg_error (GPG_ERR_CARD);
+ log_error (_("response does not contain the RSA public exponent\n"));
+ goto leave;
+ }
+ /* log_printhex ("RSA e:", e, elen); */
+ send_key_data (ctrl, "e", e, elen);
+
+ created_at = createtime? createtime : gnupg_get_time ();
+ sprintf (numbuf, "%lu", (unsigned long)created_at);
+ send_status_info (ctrl, "KEY-CREATED-AT",
+ numbuf, (size_t)strlen(numbuf), NULL, 0);
+
+ rc = store_fpr (app, keyno, (u32)created_at,
+ m, mlen, e, elen, fprbuf, app->card_version);
+ if (rc)
+ goto leave;
+ send_fpr_if_not_null (ctrl, "KEY-FPR", -1, fprbuf);
+
+
+ leave:
+ xfree (buffer);
+ return rc;
+}
+
+
+static unsigned long
+convert_sig_counter_value (const unsigned char *value, size_t valuelen)
+{
+ unsigned long ul;
+
+ if (valuelen == 3 )
+ ul = (value[0] << 16) | (value[1] << 8) | value[2];
+ else
+ {
+ log_error (_("invalid structure of OpenPGP card (DO 0x93)\n"));
+ ul = 0;
+ }
+ return ul;
+}
+
+static unsigned long
+get_sig_counter (app_t app)
+{
+ void *relptr;
+ unsigned char *value;
+ size_t valuelen;
+ unsigned long ul;
+
+ relptr = get_one_do (app, 0x0093, &value, &valuelen, NULL);
+ if (!relptr)
+ return 0;
+ ul = convert_sig_counter_value (value, valuelen);
+ xfree (relptr);
+ return ul;
+}
+
+static gpg_error_t
+compare_fingerprint (app_t app, int keyno, unsigned char *sha1fpr)
+{
+ const unsigned char *fpr;
+ unsigned char *buffer;
+ size_t buflen, n;
+ int rc, i;
+
+ assert (keyno >= 1 && keyno <= 3);
+
+ rc = get_cached_data (app, 0x006E, &buffer, &buflen, 0, 0);
+ if (rc)
+ {
+ log_error (_("error reading application data\n"));
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+ fpr = find_tlv (buffer, buflen, 0x00C5, &n);
+ if (!fpr || n != 60)
+ {
+ xfree (buffer);
+ log_error (_("error reading fingerprint DO\n"));
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+ fpr += (keyno-1)*20;
+ for (i=0; i < 20; i++)
+ if (sha1fpr[i] != fpr[i])
+ {
+ xfree (buffer);
+ log_info (_("fingerprint on card does not match requested one\n"));
+ return gpg_error (GPG_ERR_WRONG_SECKEY);
+ }
+ xfree (buffer);
+ return 0;
+}
+
+
+/* If a fingerprint has been specified check it against the one on the
+ card. This allows for a meaningful error message in case the key
+ on the card has been replaced but the shadow information known to
+ gpg has not been updated. If there is no fingerprint we assume
+ that this is okay. */
+static gpg_error_t
+check_against_given_fingerprint (app_t app, const char *fpr, int keyno)
+{
+ unsigned char tmp[20];
+ const char *s;
+ int n;
+
+ for (s=fpr, n=0; hexdigitp (s); s++, n++)
+ ;
+ if (n != 40)
+ return gpg_error (GPG_ERR_INV_ID);
+ else if (!*s)
+ ; /* okay */
+ else
+ return gpg_error (GPG_ERR_INV_ID);
+
+ for (s=fpr, n=0; n < 20; s += 2, n++)
+ tmp[n] = xtoi_2 (s);
+ return compare_fingerprint (app, keyno, tmp);
+}
+
+
+
+/* Compute a digital signature on INDATA which is expected to be the
+ raw message digest. For this application the KEYIDSTR consists of
+ the serialnumber and the fingerprint delimited by a slash.
+
+ Note that this function may return the error code
+ GPG_ERR_WRONG_CARD to indicate that the card currently present does
+ not match the one required for the requested action (e.g. the
+ serial number does not match).
+
+ As a special feature a KEYIDSTR of "OPENPGP.3" redirects the
+ operation to the auth command.
+*/
+static gpg_error_t
+do_sign (app_t app, const char *keyidstr, int hashalgo,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen )
+{
+ static unsigned char rmd160_prefix[15] = /* Object ID is 1.3.36.3.2.1 */
+ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
+ 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };
+ static unsigned char sha1_prefix[15] = /* (1.3.14.3.2.26) */
+ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
+ 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
+ static unsigned char sha224_prefix[19] = /* (2.16.840.1.101.3.4.2.4) */
+ { 0x30, 0x2D, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
+ 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04,
+ 0x1C };
+ static unsigned char sha256_prefix[19] = /* (2.16.840.1.101.3.4.2.1) */
+ { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+ 0x00, 0x04, 0x20 };
+ static unsigned char sha384_prefix[19] = /* (2.16.840.1.101.3.4.2.2) */
+ { 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
+ 0x00, 0x04, 0x30 };
+ static unsigned char sha512_prefix[19] = /* (2.16.840.1.101.3.4.2.3) */
+ { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
+ 0x00, 0x04, 0x40 };
+ int rc;
+ unsigned char data[19+64];
+ size_t datalen;
+ unsigned char tmp_sn[20]; /* Actually 16 bytes but also for the fpr. */
+ const char *s;
+ int n;
+ const char *fpr = NULL;
+ unsigned long sigcount;
+ int use_auth = 0;
+ int exmode, le_value;
+
+ if (!keyidstr || !*keyidstr)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ /* Strip off known prefixes. */
+#define X(a,b,c,d) \
+ if (hashalgo == GCRY_MD_ ## a \
+ && (d) \
+ && indatalen == sizeof b ## _prefix + (c) \
+ && !memcmp (indata, b ## _prefix, sizeof b ## _prefix)) \
+ { \
+ indata = (const char*)indata + sizeof b ## _prefix; \
+ indatalen -= sizeof b ## _prefix; \
+ }
+
+ if (indatalen == 20)
+ ; /* Assume a plain SHA-1 or RMD160 digest has been given. */
+ else X(SHA1, sha1, 20, 1)
+ else X(RMD160, rmd160, 20, 1)
+ else X(SHA224, sha224, 28, app->app_local->extcap.is_v2)
+ else X(SHA256, sha256, 32, app->app_local->extcap.is_v2)
+ else X(SHA384, sha384, 48, app->app_local->extcap.is_v2)
+ else X(SHA512, sha512, 64, app->app_local->extcap.is_v2)
+ else if ((indatalen == 28 || indatalen == 32
+ || indatalen == 48 || indatalen ==64)
+ && app->app_local->extcap.is_v2)
+ ; /* Assume a plain SHA-3 digest has been given. */
+ else
+ {
+ log_error (_("card does not support digest algorithm %s\n"),
+ gcry_md_algo_name (hashalgo));
+ /* Or the supplied digest length does not match an algorithm. */
+ return gpg_error (GPG_ERR_INV_VALUE);
+ }
+#undef X
+
+ /* Check whether an OpenPGP card of any version has been requested. */
+ if (!strcmp (keyidstr, "OPENPGP.1"))
+ ;
+ else if (!strcmp (keyidstr, "OPENPGP.3"))
+ use_auth = 1;
+ else if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
+ return gpg_error (GPG_ERR_INV_ID);
+ else
+ {
+ for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
+ ;
+ if (n != 32)
+ return gpg_error (GPG_ERR_INV_ID);
+ else if (!*s)
+ ; /* no fingerprint given: we allow this for now. */
+ else if (*s == '/')
+ fpr = s + 1;
+ else
+ return gpg_error (GPG_ERR_INV_ID);
+
+ for (s=keyidstr, n=0; n < 16; s += 2, n++)
+ tmp_sn[n] = xtoi_2 (s);
+
+ if (app->serialnolen != 16)
+ return gpg_error (GPG_ERR_INV_CARD);
+ if (memcmp (app->serialno, tmp_sn, 16))
+ return gpg_error (GPG_ERR_WRONG_CARD);
+ }
+
+ /* If a fingerprint has been specified check it against the one on
+ the card. This is allows for a meaningful error message in case
+ the key on the card has been replaced but the shadow information
+ known to gpg was not updated. If there is no fingerprint, gpg
+ will detect a bogus signature anyway due to the
+ verify-after-signing feature. */
+ rc = fpr? check_against_given_fingerprint (app, fpr, 1) : 0;
+ if (rc)
+ return rc;
+
+ /* Concatenate prefix and digest. */
+#define X(a,b,d) \
+ if (hashalgo == GCRY_MD_ ## a && (d) ) \
+ { \
+ datalen = sizeof b ## _prefix + indatalen; \
+ assert (datalen <= sizeof data); \
+ memcpy (data, b ## _prefix, sizeof b ## _prefix); \
+ memcpy (data + sizeof b ## _prefix, indata, indatalen); \
+ }
+
+ X(SHA1, sha1, 1)
+ else X(RMD160, rmd160, 1)
+ else X(SHA224, sha224, app->app_local->extcap.is_v2)
+ else X(SHA256, sha256, app->app_local->extcap.is_v2)
+ else X(SHA384, sha384, app->app_local->extcap.is_v2)
+ else X(SHA512, sha512, app->app_local->extcap.is_v2)
+ else
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+#undef X
+
+ /* Redirect to the AUTH command if asked to. */
+ if (use_auth)
+ {
+ return do_auth (app, "OPENPGP.3", pincb, pincb_arg,
+ data, datalen,
+ outdata, outdatalen);
+ }
+
+ /* Show the number of signature done using this key. */
+ sigcount = get_sig_counter (app);
+ log_info (_("signatures created so far: %lu\n"), sigcount);
+
+ /* Check CHV if needed. */
+ if (!app->did_chv1 || app->force_chv1 )
+ {
+ char *pinvalue;
+
+ rc = verify_a_chv (app, pincb, pincb_arg, 1, sigcount, &pinvalue);
+ if (rc)
+ return rc;
+
+ app->did_chv1 = 1;
+
+ /* For cards with versions < 2 we want to keep CHV1 and CHV2 in
+ sync, thus we verify CHV2 here using the given PIN. Cards
+ with version2 to not have the need for a separate CHV2 and
+ internally use just one. Obviously we can't do that if the
+ keypad has been used. */
+ if (!app->did_chv2 && pinvalue && !app->app_local->extcap.is_v2)
+ {
+ rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue));
+ if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
+ rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
+ if (rc)
+ {
+ log_error (_("verify CHV%d failed: %s\n"), 2, gpg_strerror (rc));
+ xfree (pinvalue);
+ flush_cache_after_error (app);
+ return rc;
+ }
+ app->did_chv2 = 1;
+ }
+ xfree (pinvalue);
+ }
+
+
+ if (app->app_local->cardcap.ext_lc_le)
+ {
+ exmode = 1; /* Use extended length. */
+ le_value = app->app_local->extcap.max_rsp_data;
+ }
+ else
+ {
+ exmode = 0;
+ le_value = 0;
+ }
+ rc = iso7816_compute_ds (app->slot, exmode, data, datalen, le_value,
+ outdata, outdatalen);
+ return rc;
+}
+
+/* Compute a digital signature using the INTERNAL AUTHENTICATE command
+ on INDATA which is expected to be the raw message digest. For this
+ application the KEYIDSTR consists of the serialnumber and the
+ fingerprint delimited by a slash. Optionally the id OPENPGP.3 may
+ be given.
+
+ Note that this function may return the error code
+ GPG_ERR_WRONG_CARD to indicate that the card currently present does
+ not match the one required for the requested action (e.g. the
+ serial number does not match). */
+static gpg_error_t
+do_auth (app_t app, const char *keyidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen )
+{
+ int rc;
+ unsigned char tmp_sn[20]; /* Actually 16 but we use it also for the fpr. */
+ const char *s;
+ int n;
+ const char *fpr = NULL;
+
+ if (!keyidstr || !*keyidstr)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (indatalen > 101) /* For a 2048 bit key. */
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ /* Check whether an OpenPGP card of any version has been requested. */
+ if (!strcmp (keyidstr, "OPENPGP.3"))
+ ;
+ else if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
+ return gpg_error (GPG_ERR_INV_ID);
+ else
+ {
+ for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
+ ;
+ if (n != 32)
+ return gpg_error (GPG_ERR_INV_ID);
+ else if (!*s)
+ ; /* no fingerprint given: we allow this for now. */
+ else if (*s == '/')
+ fpr = s + 1;
+ else
+ return gpg_error (GPG_ERR_INV_ID);
+
+ for (s=keyidstr, n=0; n < 16; s += 2, n++)
+ tmp_sn[n] = xtoi_2 (s);
+
+ if (app->serialnolen != 16)
+ return gpg_error (GPG_ERR_INV_CARD);
+ if (memcmp (app->serialno, tmp_sn, 16))
+ return gpg_error (GPG_ERR_WRONG_CARD);
+ }
+
+ /* If a fingerprint has been specified check it against the one on
+ the card. This is allows for a meaningful error message in case
+ the key on the card has been replaced but the shadow information
+ known to gpg was not updated. If there is no fingerprint, gpg
+ will detect a bogus signature anyway due to the
+ verify-after-signing feature. */
+ rc = fpr? check_against_given_fingerprint (app, fpr, 3) : 0;
+ if (rc)
+ return rc;
+
+ rc = verify_chv2 (app, pincb, pincb_arg);
+ if (!rc)
+ {
+ int exmode, le_value;
+
+ if (app->app_local->cardcap.ext_lc_le)
+ {
+ exmode = 1; /* Use extended length. */
+ le_value = app->app_local->extcap.max_rsp_data;
+ }
+ else
+ {
+ exmode = 0;
+ le_value = 0;
+ }
+ rc = iso7816_internal_authenticate (app->slot, exmode,
+ indata, indatalen, le_value,
+ outdata, outdatalen);
+ }
+ return rc;
+}
+
+
+static gpg_error_t
+do_decipher (app_t app, const char *keyidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen )
+{
+ int rc;
+ unsigned char tmp_sn[20]; /* actually 16 but we use it also for the fpr. */
+ const char *s;
+ int n;
+ const char *fpr = NULL;
+ int exmode, le_value;
+
+ if (!keyidstr || !*keyidstr || !indatalen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ /* Check whether an OpenPGP card of any version has been requested. */
+ if (!strcmp (keyidstr, "OPENPGP.2"))
+ ;
+ else if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
+ return gpg_error (GPG_ERR_INV_ID);
+ else
+ {
+ for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
+ ;
+ if (n != 32)
+ return gpg_error (GPG_ERR_INV_ID);
+ else if (!*s)
+ ; /* no fingerprint given: we allow this for now. */
+ else if (*s == '/')
+ fpr = s + 1;
+ else
+ return gpg_error (GPG_ERR_INV_ID);
+
+ for (s=keyidstr, n=0; n < 16; s += 2, n++)
+ tmp_sn[n] = xtoi_2 (s);
+
+ if (app->serialnolen != 16)
+ return gpg_error (GPG_ERR_INV_CARD);
+ if (memcmp (app->serialno, tmp_sn, 16))
+ return gpg_error (GPG_ERR_WRONG_CARD);
+ }
+
+ /* If a fingerprint has been specified check it against the one on
+ the card. This is allows for a meaningful error message in case
+ the key on the card has been replaced but the shadow information
+ known to gpg was not updated. If there is no fingerprint, the
+ decryption won't produce the right plaintext anyway. */
+ rc = fpr? check_against_given_fingerprint (app, fpr, 2) : 0;
+ if (rc)
+ return rc;
+
+ rc = verify_chv2 (app, pincb, pincb_arg);
+ if (!rc)
+ {
+ size_t fixuplen;
+ unsigned char *fixbuf = NULL;
+ int padind = 0;
+
+ /* We might encounter a couple of leading zeroes in the
+ cryptogram. Due to internal use of MPIs thease leading
+ zeroes are stripped. However the OpenPGP card expects
+ exactly 128 bytes for the cryptogram (for a 1k key). Thus we
+ need to fix it up. We do this for up to 16 leading zero
+ bytes; a cryptogram with more than this is with a very high
+ probability anyway broken. */
+ if (indatalen >= (128-16) && indatalen < 128) /* 1024 bit key. */
+ fixuplen = 128 - indatalen;
+ else if (indatalen >= (192-16) && indatalen < 192) /* 1536 bit key. */
+ fixuplen = 192 - indatalen;
+ else if (indatalen >= (256-16) && indatalen < 256) /* 2048 bit key. */
+ fixuplen = 256 - indatalen;
+ else if (indatalen >= (384-16) && indatalen < 384) /* 3072 bit key. */
+ fixuplen = 384 - indatalen;
+ else if (indatalen >= (512-16) && indatalen < 512) /* 4096 bit key. */
+ fixuplen = 512 - indatalen;
+ else
+ fixuplen = 0;
+
+ if (fixuplen)
+ {
+ /* While we have to prepend stuff anyway, we can also
+ include the padding byte here so that iso1816_decipher
+ does not need to do another data mangling. */
+ fixuplen++;
+
+ fixbuf = xtrymalloc (fixuplen + indatalen);
+ if (!fixbuf)
+ return gpg_error_from_syserror ();
+
+ memset (fixbuf, 0, fixuplen);
+ memcpy (fixbuf+fixuplen, indata, indatalen);
+ indata = fixbuf;
+ indatalen = fixuplen + indatalen;
+ padind = -1; /* Already padded. */
+ }
+
+ if (app->app_local->cardcap.ext_lc_le && indatalen > 254 )
+ {
+ exmode = 1; /* Extended length w/o a limit. */
+ le_value = app->app_local->extcap.max_rsp_data;
+ }
+ else if (app->app_local->cardcap.cmd_chaining && indatalen > 254)
+ {
+ exmode = -254; /* Command chaining with max. 254 bytes. */
+ le_value = 0;
+ }
+ else
+ exmode = le_value = 0;
+
+ rc = iso7816_decipher (app->slot, exmode,
+ indata, indatalen, le_value, padind,
+ outdata, outdatalen);
+ xfree (fixbuf);
+ }
+
+ return rc;
+}
+
+
+/* Perform a simple verify operation for CHV1 and CHV2, so that
+ further operations won't ask for CHV2 and it is possible to do a
+ cheap check on the PIN: If there is something wrong with the PIN
+ entry system, only the regular CHV will get blocked and not the
+ dangerous CHV3. KEYIDSTR is the usual card's serial number; an
+ optional fingerprint part will be ignored.
+
+ There is a special mode if the keyidstr is "<serialno>[CHV3]" with
+ the "[CHV3]" being a literal string: The Admin Pin is checked if
+ and only if the retry counter is still at 3. */
+static gpg_error_t
+do_check_pin (app_t app, const char *keyidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg)
+{
+ unsigned char tmp_sn[20];
+ const char *s;
+ int n;
+ int admin_pin = 0;
+
+ if (!keyidstr || !*keyidstr)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ /* Check whether an OpenPGP card of any version has been requested. */
+ if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
+ return gpg_error (GPG_ERR_INV_ID);
+
+ for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
+ ;
+ if (n != 32)
+ return gpg_error (GPG_ERR_INV_ID);
+ else if (!*s)
+ ; /* No fingerprint given: we allow this for now. */
+ else if (*s == '/')
+ ; /* We ignore a fingerprint. */
+ else if (!strcmp (s, "[CHV3]") )
+ admin_pin = 1;
+ else
+ return gpg_error (GPG_ERR_INV_ID);
+
+ for (s=keyidstr, n=0; n < 16; s += 2, n++)
+ tmp_sn[n] = xtoi_2 (s);
+
+ if (app->serialnolen != 16)
+ return gpg_error (GPG_ERR_INV_CARD);
+ if (memcmp (app->serialno, tmp_sn, 16))
+ return gpg_error (GPG_ERR_WRONG_CARD);
+
+ /* Yes, there is a race conditions: The user might pull the card
+ right here and we won't notice that. However this is not a
+ problem and the check above is merely for a graceful failure
+ between operations. */
+
+ if (admin_pin)
+ {
+ void *relptr;
+ unsigned char *value;
+ size_t valuelen;
+ int count;
+
+ relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
+ if (!relptr || valuelen < 7)
+ {
+ log_error (_("error retrieving CHV status from card\n"));
+ xfree (relptr);
+ return gpg_error (GPG_ERR_CARD);
+ }
+ count = value[6];
+ xfree (relptr);
+
+ if (!count)
+ {
+ log_info (_("card is permanently locked!\n"));
+ return gpg_error (GPG_ERR_BAD_PIN);
+ }
+ else if (value[6] < 3)
+ {
+ log_info (_("verification of Admin PIN is currently prohibited "
+ "through this command\n"));
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+
+ app->did_chv3 = 0; /* Force verification. */
+ return verify_chv3 (app, pincb, pincb_arg);
+ }
+ else
+ return verify_chv2 (app, pincb, pincb_arg);
+}
+
+
+/* Show information about card capabilities. */
+static void
+show_caps (struct app_local_s *s)
+{
+ log_info ("Version-2 ......: %s\n", s->extcap.is_v2? "yes":"no");
+ log_info ("Get-Challenge ..: %s", s->extcap.get_challenge? "yes":"no");
+ if (s->extcap.get_challenge)
+ log_printf (" (%u bytes max)", s->extcap.max_get_challenge);
+ log_info ("Key-Import .....: %s\n", s->extcap.key_import? "yes":"no");
+ log_info ("Change-Force-PW1: %s\n", s->extcap.change_force_chv? "yes":"no");
+ log_info ("Private-DOs ....: %s\n", s->extcap.private_dos? "yes":"no");
+ log_info ("Algo-Attr-Change: %s\n", s->extcap.algo_attr_change? "yes":"no");
+ log_info ("SM-Support .....: %s", s->extcap.sm_supported? "yes":"no");
+ if (s->extcap.sm_supported)
+ log_printf (" (%s)", s->extcap.sm_aes128? "AES-128":"3DES");
+ log_info ("Max-Cert3-Len ..: %u\n", s->extcap.max_certlen_3);
+ log_info ("Max-Cmd-Data ...: %u\n", s->extcap.max_cmd_data);
+ log_info ("Max-Rsp-Data ...: %u\n", s->extcap.max_rsp_data);
+ log_info ("Cmd-Chaining ...: %s\n", s->cardcap.cmd_chaining?"yes":"no");
+ log_info ("Ext-Lc-Le ......: %s\n", s->cardcap.ext_lc_le?"yes":"no");
+ log_info ("Status Indicator: %02X\n", s->status_indicator);
+
+ log_info ("GnuPG-No-Sync ..: %s\n", s->flags.no_sync? "yes":"no");
+ log_info ("GnuPG-Def-PW2 ..: %s\n", s->flags.def_chv2? "yes":"no");
+}
+
+
+/* Parse the historical bytes in BUFFER of BUFLEN and store them in
+ APPLOC. */
+static void
+parse_historical (struct app_local_s *apploc,
+ const unsigned char * buffer, size_t buflen)
+{
+ /* Example buffer: 00 31 C5 73 C0 01 80 00 90 00 */
+ if (buflen < 4)
+ {
+ log_error ("warning: historical bytes are too short\n");
+ return; /* Too short. */
+ }
+ if (*buffer)
+ {
+ log_error ("warning: bad category indicator in historical bytes\n");
+ return;
+ }
+
+ /* Skip category indicator. */
+ buffer++;
+ buflen--;
+
+ /* Get the status indicator. */
+ apploc->status_indicator = buffer[buflen-3];
+ buflen -= 3;
+
+ /* Parse the compact TLV. */
+ while (buflen)
+ {
+ unsigned int tag = (*buffer & 0xf0) >> 4;
+ unsigned int len = (*buffer & 0x0f);
+ if (len+1 > buflen)
+ {
+ log_error ("warning: bad Compact-TLV in historical bytes\n");
+ return; /* Error. */
+ }
+ buffer++;
+ buflen--;
+ if (tag == 7 && len == 3)
+ {
+ /* Card capabilities. */
+ apploc->cardcap.cmd_chaining = !!(buffer[2] & 0x80);
+ apploc->cardcap.ext_lc_le = !!(buffer[2] & 0x40);
+ }
+ buffer += len;
+ buflen -= len;
+ }
+}
+
+
+/* Parse and optionally show the algorithm attributes for KEYNO.
+ KEYNO must be in the range 0..2. */
+static void
+parse_algorithm_attribute (app_t app, int keyno)
+{
+ unsigned char *buffer;
+ size_t buflen;
+ void *relptr;
+ const char const desc[3][5] = {"sign", "encr", "auth"};
+
+ assert (keyno >=0 && keyno <= 2);
+
+ app->app_local->keyattr[keyno].n_bits = 0;
+
+ relptr = get_one_do (app, 0xC1+keyno, &buffer, &buflen, NULL);
+ if (!relptr)
+ {
+ log_error ("error reading DO 0x%02X\n", 0xc1+keyno);
+ return;
+ }
+ if (buflen < 1)
+ {
+ log_error ("error reading DO 0x%02X\n", 0xc1+keyno);
+ xfree (relptr);
+ return;
+ }
+
+ if (opt.verbose)
+ log_info ("Key-Attr-%s ..: ", desc[keyno]);
+ if (*buffer == 1 && (buflen == 5 || buflen == 6))
+ {
+ app->app_local->keyattr[keyno].n_bits = (buffer[1]<<8 | buffer[2]);
+ app->app_local->keyattr[keyno].e_bits = (buffer[3]<<8 | buffer[4]);
+ app->app_local->keyattr[keyno].format = 0;
+ if (buflen < 6)
+ app->app_local->keyattr[keyno].format = RSA_STD;
+ else
+ app->app_local->keyattr[keyno].format = (buffer[5] == 0? RSA_STD :
+ buffer[5] == 1? RSA_STD_N :
+ buffer[5] == 2? RSA_CRT :
+ buffer[5] == 3? RSA_CRT_N :
+ RSA_UNKNOWN_FMT);
+
+ if (opt.verbose)
+ log_printf
+ ("RSA, n=%u, e=%u, fmt=%s\n",
+ app->app_local->keyattr[keyno].n_bits,
+ app->app_local->keyattr[keyno].e_bits,
+ app->app_local->keyattr[keyno].format == RSA_STD? "std" :
+ app->app_local->keyattr[keyno].format == RSA_STD_N?"std+n":
+ app->app_local->keyattr[keyno].format == RSA_CRT? "crt" :
+ app->app_local->keyattr[keyno].format == RSA_CRT_N?"crt+n":"?");
+ }
+ else if (opt.verbose)
+ log_printhex ("", buffer, buflen);
+
+ xfree (relptr);
+}
+
+/* Select the OpenPGP application on the card in SLOT. This function
+ must be used before any other OpenPGP application functions. */
+gpg_error_t
+app_select_openpgp (app_t app)
+{
+ static char const aid[] = { 0xD2, 0x76, 0x00, 0x01, 0x24, 0x01 };
+ int slot = app->slot;
+ int rc;
+ unsigned char *buffer;
+ size_t buflen;
+ void *relptr;
+
+ /* Note that the card can't cope with P2=0xCO, thus we need to pass a
+ special flag value. */
+ rc = iso7816_select_application (slot, aid, sizeof aid, 0x0001);
+ if (!rc)
+ {
+ unsigned int manufacturer;
+
+ app->apptype = "OPENPGP";
+
+ app->did_chv1 = 0;
+ app->did_chv2 = 0;
+ app->did_chv3 = 0;
+ app->app_local = NULL;
+
+ /* The OpenPGP card returns the serial number as part of the
+ AID; because we prefer to use OpenPGP serial numbers, we
+ replace a possibly already set one from a EF.GDO with this
+ one. Note, that for current OpenPGP cards, no EF.GDO exists
+ and thus it won't matter at all. */
+ rc = iso7816_get_data (slot, 0, 0x004F, &buffer, &buflen);
+ if (rc)
+ goto leave;
+ if (opt.verbose)
+ {
+ log_info ("AID: ");
+ log_printhex ("", buffer, buflen);
+ }
+
+ app->card_version = buffer[6] << 8;
+ app->card_version |= buffer[7];
+ manufacturer = (buffer[8]<<8 | buffer[9]);
+
+ xfree (app->serialno);
+ app->serialno = buffer;
+ app->serialnolen = buflen;
+ buffer = NULL;
+ app->app_local = xtrycalloc (1, sizeof *app->app_local);
+ if (!app->app_local)
+ {
+ rc = gpg_error (gpg_err_code_from_errno (errno));
+ goto leave;
+ }
+
+ if (app->card_version >= 0x0200)
+ app->app_local->extcap.is_v2 = 1;
+
+
+ /* Read the historical bytes. */
+ relptr = get_one_do (app, 0x5f52, &buffer, &buflen, NULL);
+ if (relptr)
+ {
+ if (opt.verbose)
+ {
+ log_info ("Historical Bytes: ");
+ log_printhex ("", buffer, buflen);
+ }
+ parse_historical (app->app_local, buffer, buflen);
+ xfree (relptr);
+ }
+
+ /* Read the force-chv1 flag. */
+ relptr = get_one_do (app, 0x00C4, &buffer, &buflen, NULL);
+ if (!relptr)
+ {
+ log_error (_("can't access %s - invalid OpenPGP card?\n"),
+ "CHV Status Bytes");
+ goto leave;
+ }
+ app->force_chv1 = (buflen && *buffer == 0);
+ xfree (relptr);
+
+ /* Read the extended capabilities. */
+ relptr = get_one_do (app, 0x00C0, &buffer, &buflen, NULL);
+ if (!relptr)
+ {
+ log_error (_("can't access %s - invalid OpenPGP card?\n"),
+ "Extended Capability Flags" );
+ goto leave;
+ }
+ if (buflen)
+ {
+ app->app_local->extcap.sm_supported = !!(*buffer & 0x80);
+ app->app_local->extcap.get_challenge = !!(*buffer & 0x40);
+ app->app_local->extcap.key_import = !!(*buffer & 0x20);
+ app->app_local->extcap.change_force_chv = !!(*buffer & 0x10);
+ app->app_local->extcap.private_dos = !!(*buffer & 0x08);
+ app->app_local->extcap.algo_attr_change = !!(*buffer & 0x04);
+ }
+ if (buflen >= 10)
+ {
+ /* Available with v2 cards. */
+ app->app_local->extcap.sm_aes128 = (buffer[1] == 1);
+ app->app_local->extcap.max_get_challenge
+ = (buffer[2] << 8 | buffer[3]);
+ app->app_local->extcap.max_certlen_3 = (buffer[4] << 8 | buffer[5]);
+ app->app_local->extcap.max_cmd_data = (buffer[6] << 8 | buffer[7]);
+ app->app_local->extcap.max_rsp_data = (buffer[8] << 8 | buffer[9]);
+ }
+ xfree (relptr);
+
+ /* Some of the first cards accidently don't set the
+ CHANGE_FORCE_CHV bit but allow it anyway. */
+ if (app->card_version <= 0x0100 && manufacturer == 1)
+ app->app_local->extcap.change_force_chv = 1;
+
+ parse_login_data (app);
+
+ if (opt.verbose)
+ show_caps (app->app_local);
+
+ parse_algorithm_attribute (app, 0);
+ parse_algorithm_attribute (app, 1);
+ parse_algorithm_attribute (app, 2);
+
+ if (opt.verbose > 1)
+ dump_all_do (slot);
+
+ app->fnc.deinit = do_deinit;
+ app->fnc.learn_status = do_learn_status;
+ app->fnc.readcert = do_readcert;
+ app->fnc.readkey = do_readkey;
+ app->fnc.getattr = do_getattr;
+ app->fnc.setattr = do_setattr;
+ app->fnc.writecert = do_writecert;
+ app->fnc.writekey = do_writekey;
+ app->fnc.genkey = do_genkey;
+ app->fnc.sign = do_sign;
+ app->fnc.auth = do_auth;
+ app->fnc.decipher = do_decipher;
+ app->fnc.change_pin = do_change_pin;
+ app->fnc.check_pin = do_check_pin;
+ }
+
+leave:
+ if (rc)
+ do_deinit (app);
+ return rc;
+}
+
+
+
diff --git a/scd/app-p15.c b/scd/app-p15.c
new file mode 100644
index 0000000..8322617
--- /dev/null
+++ b/scd/app-p15.c
@@ -0,0 +1,3423 @@
+/* app-p15.c - The pkcs#15 card application.
+ * Copyright (C) 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* Information pertaining to the BELPIC developer card samples:
+
+ Unblock PUK: "222222111111"
+ Reset PIN: "333333111111")
+
+ e.g. the APDUs 00:20:00:02:08:2C:33:33:33:11:11:11:FF
+ and 00:24:01:01:08:24:12:34:FF:FF:FF:FF:FF
+ should change the PIN into 1234.
+*/
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <time.h>
+
+#include "scdaemon.h"
+
+#include "iso7816.h"
+#include "app-common.h"
+#include "tlv.h"
+#include "apdu.h" /* fixme: we should move the card detection to a
+ separate file */
+
+/* Types of cards we know and which needs special treatment. */
+typedef enum
+ {
+ CARD_TYPE_UNKNOWN,
+ CARD_TYPE_TCOS,
+ CARD_TYPE_MICARDO,
+ CARD_TYPE_BELPIC /* Belgian eID card specs. */
+ }
+card_type_t;
+
+/* A list card types with ATRs noticed with these cards. */
+#define X(a) ((unsigned char const *)(a))
+static struct
+{
+ size_t atrlen;
+ unsigned char const *atr;
+ card_type_t type;
+} card_atr_list[] = {
+ { 19, X("\x3B\xBA\x13\x00\x81\x31\x86\x5D\x00\x64\x05\x0A\x02\x01\x31\x80"
+ "\x90\x00\x8B"),
+ CARD_TYPE_TCOS }, /* SLE44 */
+ { 19, X("\x3B\xBA\x14\x00\x81\x31\x86\x5D\x00\x64\x05\x14\x02\x02\x31\x80"
+ "\x90\x00\x91"),
+ CARD_TYPE_TCOS }, /* SLE66S */
+ { 19, X("\x3B\xBA\x96\x00\x81\x31\x86\x5D\x00\x64\x05\x60\x02\x03\x31\x80"
+ "\x90\x00\x66"),
+ CARD_TYPE_TCOS }, /* SLE66P */
+ { 27, X("\x3B\xFF\x94\x00\xFF\x80\xB1\xFE\x45\x1F\x03\x00\x68\xD2\x76\x00"
+ "\x00\x28\xFF\x05\x1E\x31\x80\x00\x90\x00\x23"),
+ CARD_TYPE_MICARDO }, /* German BMI card */
+ { 19, X("\x3B\x6F\x00\xFF\x00\x68\xD2\x76\x00\x00\x28\xFF\x05\x1E\x31\x80"
+ "\x00\x90\x00"),
+ CARD_TYPE_MICARDO }, /* German BMI card (ATR due to reader problem) */
+ { 26, X("\x3B\xFE\x94\x00\xFF\x80\xB1\xFA\x45\x1F\x03\x45\x73\x74\x45\x49"
+ "\x44\x20\x76\x65\x72\x20\x31\x2E\x30\x43"),
+ CARD_TYPE_MICARDO }, /* EstEID (Estonian Big Brother card) */
+
+ { 0 }
+};
+#undef X
+
+
+/* The AID of PKCS15. */
+static char const pkcs15_aid[] = { 0xA0, 0, 0, 0, 0x63,
+ 0x50, 0x4B, 0x43, 0x53, 0x2D, 0x31, 0x35 };
+
+/* The Belgian eID variant - they didn't understood why a shared AID
+ is useful for a standard. Oh well. */
+static char const pkcs15be_aid[] = { 0xA0, 0, 0, 0x01, 0x77,
+ 0x50, 0x4B, 0x43, 0x53, 0x2D, 0x31, 0x35 };
+
+
+/* The PIN types as defined in pkcs#15 v1.1 */
+typedef enum
+ {
+ PIN_TYPE_BCD = 0,
+ PIN_TYPE_ASCII_NUMERIC = 1,
+ PIN_TYPE_UTF8 = 2,
+ PIN_TYPE_HALF_NIBBLE_BCD = 3,
+ PIN_TYPE_ISO9564_1 = 4
+ } pin_type_t;
+
+
+/* A bit array with for the key usage flags from the
+ commonKeyAttributes. */
+struct keyusage_flags_s
+{
+ unsigned int encrypt: 1;
+ unsigned int decrypt: 1;
+ unsigned int sign: 1;
+ unsigned int sign_recover: 1;
+ unsigned int wrap: 1;
+ unsigned int unwrap: 1;
+ unsigned int verify: 1;
+ unsigned int verify_recover: 1;
+ unsigned int derive: 1;
+ unsigned int non_repudiation: 1;
+};
+typedef struct keyusage_flags_s keyusage_flags_t;
+
+
+
+/* This is an object to store information about a Certificate
+ Directory File (CDF) in a format suitable for further processing by
+ us. To keep memory management, simple we use a linked list of
+ items; i.e. one such object represents one certificate and the list
+ the entire CDF. */
+struct cdf_object_s
+{
+ /* Link to next item when used in a linked list. */
+ struct cdf_object_s *next;
+
+ /* Length and allocated buffer with the Id of this object. */
+ size_t objidlen;
+ unsigned char *objid;
+
+ /* To avoid reading a certificate more than once, we cache it in an
+ allocated memory IMAGE of IMAGELEN. */
+ size_t imagelen;
+ unsigned char *image;
+
+ /* Set to true if a length and offset is available. */
+ int have_off;
+ /* The offset and length of the object. They are only valid if
+ HAVE_OFF is true and set to 0 if HAVE_OFF is false. */
+ unsigned long off, len;
+
+ /* The length of the path as given in the CDF and the path itself.
+ path[0] is the top DF (usually 0x3f00). The path will never be
+ empty. */
+ size_t pathlen;
+ unsigned short path[1];
+};
+typedef struct cdf_object_s *cdf_object_t;
+
+
+/* This is an object to store information about a Private Key
+ Directory File (PrKDF) in a format suitable for further processing
+ by us. To keep memory management, simple we use a linked list of
+ items; i.e. one such object represents one certificate and the list
+ the entire PrKDF. */
+struct prkdf_object_s
+{
+ /* Link to next item when used in a linked list. */
+ struct prkdf_object_s *next;
+
+ /* Length and allocated buffer with the Id of this object. */
+ size_t objidlen;
+ unsigned char *objid;
+
+ /* Length and allocated buffer with the authId of this object or
+ NULL if no authID is known. */
+ size_t authidlen;
+ unsigned char *authid;
+
+ /* The key's usage flags. */
+ keyusage_flags_t usageflags;
+
+ /* The keyReference and a flag telling whether it is valid. */
+ unsigned long key_reference;
+ int key_reference_valid;
+
+ /* Set to true if a length and offset is available. */
+ int have_off;
+ /* The offset and length of the object. They are only valid if
+ HAVE_OFF is true and set to 0 if HAVE_OFF is false. */
+ unsigned long off, len;
+
+ /* The length of the path as given in the PrKDF and the path itself.
+ path[0] is the top DF (usually 0x3f00). */
+ size_t pathlen;
+ unsigned short path[1];
+};
+typedef struct prkdf_object_s *prkdf_object_t;
+
+
+/* This is an object to store information about a Authentication
+ Object Directory File (AODF) in a format suitable for further
+ processing by us. To keep memory management, simple we use a linked
+ list of items; i.e. one such object represents one authentication
+ object and the list the entire AOKDF. */
+struct aodf_object_s
+{
+ /* Link to next item when used in a linked list. */
+ struct aodf_object_s *next;
+
+ /* Length and allocated buffer with the Id of this object. */
+ size_t objidlen;
+ unsigned char *objid;
+
+ /* Length and allocated buffer with the authId of this object or
+ NULL if no authID is known. */
+ size_t authidlen;
+ unsigned char *authid;
+
+ /* The PIN Flags. */
+ struct
+ {
+ unsigned int case_sensitive: 1;
+ unsigned int local: 1;
+ unsigned int change_disabled: 1;
+ unsigned int unblock_disabled: 1;
+ unsigned int initialized: 1;
+ unsigned int needs_padding: 1;
+ unsigned int unblocking_pin: 1;
+ unsigned int so_pin: 1;
+ unsigned int disable_allowed: 1;
+ unsigned int integrity_protected: 1;
+ unsigned int confidentiality_protected: 1;
+ unsigned int exchange_ref_data: 1;
+ } pinflags;
+
+ /* The PIN Type. */
+ pin_type_t pintype;
+
+ /* The minimum length of a PIN. */
+ unsigned long min_length;
+
+ /* The stored length of a PIN. */
+ unsigned long stored_length;
+
+ /* The maximum length of a PIN and a flag telling whether it is valid. */
+ unsigned long max_length;
+ int max_length_valid;
+
+ /* The pinReference and a flag telling whether it is valid. */
+ unsigned long pin_reference;
+ int pin_reference_valid;
+
+ /* The padChar and a flag telling whether it is valid. */
+ char pad_char;
+ int pad_char_valid;
+
+
+ /* Set to true if a length and offset is available. */
+ int have_off;
+ /* The offset and length of the object. They are only valid if
+ HAVE_OFF is true and set to 0 if HAVE_OFF is false. */
+ unsigned long off, len;
+
+ /* The length of the path as given in the Aodf and the path itself.
+ path[0] is the top DF (usually 0x3f00). PATH is optional and thus
+ may be NULL. Malloced.*/
+ size_t pathlen;
+ unsigned short *path;
+};
+typedef struct aodf_object_s *aodf_object_t;
+
+
+/* Context local to this application. */
+struct app_local_s
+{
+ /* The home DF. Note, that we don't yet support a multilevel
+ hierachy. Thus we assume this is directly below the MF. */
+ unsigned short home_df;
+
+ /* The type of the card. */
+ card_type_t card_type;
+
+ /* Flag indicating whether we may use direct path selection. */
+ int direct_path_selection;
+
+ /* Structure with the EFIDs of the objects described in the ODF
+ file. */
+ struct
+ {
+ unsigned short private_keys;
+ unsigned short public_keys;
+ unsigned short trusted_public_keys;
+ unsigned short secret_keys;
+ unsigned short certificates;
+ unsigned short trusted_certificates;
+ unsigned short useful_certificates;
+ unsigned short data_objects;
+ unsigned short auth_objects;
+ } odf;
+
+ /* The PKCS#15 serialnumber from EF(TokeiNFo) or NULL. Malloced. */
+ unsigned char *serialno;
+ size_t serialnolen;
+
+ /* Information on all certificates. */
+ cdf_object_t certificate_info;
+ /* Information on all trusted certificates. */
+ cdf_object_t trusted_certificate_info;
+ /* Information on all useful certificates. */
+ cdf_object_t useful_certificate_info;
+
+ /* Information on all private keys. */
+ prkdf_object_t private_key_info;
+
+ /* Information on all authentication objects. */
+ aodf_object_t auth_object_info;
+
+};
+
+
+/*** Local prototypes. ***/
+static gpg_error_t readcert_by_cdf (app_t app, cdf_object_t cdf,
+ unsigned char **r_cert, size_t *r_certlen);
+
+
+
+/* Release the CDF object A */
+static void
+release_cdflist (cdf_object_t a)
+{
+ while (a)
+ {
+ cdf_object_t tmp = a->next;
+ xfree (a->image);
+ xfree (a->objid);
+ xfree (a);
+ a = tmp;
+ }
+}
+
+/* Release the PrKDF object A. */
+static void
+release_prkdflist (prkdf_object_t a)
+{
+ while (a)
+ {
+ prkdf_object_t tmp = a->next;
+ xfree (a->objid);
+ xfree (a->authid);
+ xfree (a);
+ a = tmp;
+ }
+}
+
+/* Release just one aodf object. */
+void
+release_aodf_object (aodf_object_t a)
+{
+ if (a)
+ {
+ xfree (a->objid);
+ xfree (a->authid);
+ xfree (a->path);
+ xfree (a);
+ }
+}
+
+/* Release the AODF list A. */
+static void
+release_aodflist (aodf_object_t a)
+{
+ while (a)
+ {
+ aodf_object_t tmp = a->next;
+ release_aodf_object (a);
+ a = tmp;
+ }
+}
+
+
+/* Release all local resources. */
+static void
+do_deinit (app_t app)
+{
+ if (app && app->app_local)
+ {
+ release_cdflist (app->app_local->certificate_info);
+ release_cdflist (app->app_local->trusted_certificate_info);
+ release_cdflist (app->app_local->useful_certificate_info);
+ release_prkdflist (app->app_local->private_key_info);
+ release_aodflist (app->app_local->auth_object_info);
+ xfree (app->app_local->serialno);
+ xfree (app->app_local);
+ app->app_local = NULL;
+ }
+}
+
+
+
+/* Do a select and a read for the file with EFID. EFID_DESC is a
+ desctription of the EF to be used with error messages. On success
+ BUFFER and BUFLEN contain the entire content of the EF. The caller
+ must free BUFFER only on success. */
+static gpg_error_t
+select_and_read_binary (int slot, unsigned short efid, const char *efid_desc,
+ unsigned char **buffer, size_t *buflen)
+{
+ gpg_error_t err;
+
+ err = iso7816_select_file (slot, efid, 0, NULL, NULL);
+ if (err)
+ {
+ log_error ("error selecting %s (0x%04X): %s\n",
+ efid_desc, efid, gpg_strerror (err));
+ return err;
+ }
+ err = iso7816_read_binary (slot, 0, 0, buffer, buflen);
+ if (err)
+ {
+ log_error ("error reading %s (0x%04X): %s\n",
+ efid_desc, efid, gpg_strerror (err));
+ return err;
+ }
+ return 0;
+}
+
+
+/* This function calls select file to read a file using a complete
+ path which may or may not start at the master file (MF). */
+static gpg_error_t
+select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen)
+{
+ gpg_error_t err;
+ int i, j;
+
+ if (!pathlen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ if (pathlen && *path != 0x3f00 )
+ log_debug ("WARNING: relative path selection not yet implemented\n");
+
+ if (app->app_local->direct_path_selection)
+ {
+ err = iso7816_select_path (app->slot, path+1, pathlen-1, NULL, NULL);
+ if (err)
+ {
+ log_error ("error selecting path ");
+ for (j=0; j < pathlen; j++)
+ log_printf ("%04hX", path[j]);
+ log_printf (": %s\n", gpg_strerror (err));
+ return err;
+ }
+ }
+ else
+ {
+ /* FIXME: Need code to remember the last PATH so that we can decide
+ what select commands to send in case the path does not start off
+ with 3F00. We might also want to use direct path selection if
+ supported by the card. */
+ for (i=0; i < pathlen; i++)
+ {
+ err = iso7816_select_file (app->slot, path[i],
+ !(i+1 == pathlen), NULL, NULL);
+ if (err)
+ {
+ log_error ("error selecting part %d from path ", i);
+ for (j=0; j < pathlen; j++)
+ log_printf ("%04hX", path[j]);
+ log_printf (": %s\n", gpg_strerror (err));
+ return err;
+ }
+ }
+ }
+ return 0;
+}
+
+/* Parse a cert Id string (or a key Id string) and return the binary
+ object Id string in a newly allocated buffer stored at R_OBJID and
+ R_OBJIDLEN. On Error NULL will be stored there and an error code
+ returned. On success caller needs to free the buffer at R_OBJID. */
+static gpg_error_t
+parse_certid (app_t app, const char *certid,
+ unsigned char **r_objid, size_t *r_objidlen)
+{
+ char tmpbuf[10];
+ const char *s;
+ size_t objidlen;
+ unsigned char *objid;
+ int i;
+
+ *r_objid = NULL;
+ *r_objidlen = 0;
+
+ if (app->app_local->home_df)
+ sprintf (tmpbuf, "P15-%04hX.", (app->app_local->home_df & 0xffff));
+ else
+ strcpy (tmpbuf, "P15.");
+ if (strncmp (certid, tmpbuf, strlen (tmpbuf)) )
+ {
+ if (!strncmp (certid, "P15.", 4)
+ || (!strncmp (certid, "P15-", 4)
+ && hexdigitp (certid+4)
+ && hexdigitp (certid+5)
+ && hexdigitp (certid+6)
+ && hexdigitp (certid+7)
+ && certid[8] == '.'))
+ return gpg_error (GPG_ERR_NOT_FOUND);
+ return gpg_error (GPG_ERR_INV_ID);
+ }
+ certid += strlen (tmpbuf);
+
+ for (s=certid, objidlen=0; hexdigitp (s); s++, objidlen++)
+ ;
+ if (*s || !objidlen || (objidlen%2))
+ return gpg_error (GPG_ERR_INV_ID);
+ objidlen /= 2;
+ objid = xtrymalloc (objidlen);
+ if (!objid)
+ return gpg_error_from_syserror ();
+ for (s=certid, i=0; i < objidlen; i++, s+=2)
+ objid[i] = xtoi_2 (s);
+ *r_objid = objid;
+ *r_objidlen = objidlen;
+ return 0;
+}
+
+
+/* Find a certificate object by the certificate ID CERTID and store a
+ pointer to it at R_CDF. */
+static gpg_error_t
+cdf_object_from_certid (app_t app, const char *certid, cdf_object_t *r_cdf)
+{
+ gpg_error_t err;
+ size_t objidlen;
+ unsigned char *objid;
+ cdf_object_t cdf;
+
+ err = parse_certid (app, certid, &objid, &objidlen);
+ if (err)
+ return err;
+
+ for (cdf = app->app_local->certificate_info; cdf; cdf = cdf->next)
+ if (cdf->objidlen == objidlen && !memcmp (cdf->objid, objid, objidlen))
+ break;
+ if (!cdf)
+ for (cdf = app->app_local->trusted_certificate_info; cdf; cdf = cdf->next)
+ if (cdf->objidlen == objidlen && !memcmp (cdf->objid, objid, objidlen))
+ break;
+ if (!cdf)
+ for (cdf = app->app_local->useful_certificate_info; cdf; cdf = cdf->next)
+ if (cdf->objidlen == objidlen && !memcmp (cdf->objid, objid, objidlen))
+ break;
+ xfree (objid);
+ if (!cdf)
+ return gpg_error (GPG_ERR_NOT_FOUND);
+ *r_cdf = cdf;
+ return 0;
+}
+
+
+/* Find a private key object by the key Id string KEYIDSTR and store a
+ pointer to it at R_PRKDF. */
+static gpg_error_t
+prkdf_object_from_keyidstr (app_t app, const char *keyidstr,
+ prkdf_object_t *r_prkdf)
+{
+ gpg_error_t err;
+ size_t objidlen;
+ unsigned char *objid;
+ prkdf_object_t prkdf;
+
+ err = parse_certid (app, keyidstr, &objid, &objidlen);
+ if (err)
+ return err;
+
+ for (prkdf = app->app_local->private_key_info; prkdf; prkdf = prkdf->next)
+ if (prkdf->objidlen == objidlen && !memcmp (prkdf->objid, objid, objidlen))
+ break;
+ xfree (objid);
+ if (!prkdf)
+ return gpg_error (GPG_ERR_NOT_FOUND);
+ *r_prkdf = prkdf;
+ return 0;
+}
+
+
+
+
+/* Read and parse the Object Directory File and store away the
+ pointers. ODF_FID shall contain the FID of the ODF.
+
+ Example of such a file:
+
+ A0 06 30 04 04 02 60 34 = Private Keys
+ A4 06 30 04 04 02 60 35 = Certificates
+ A5 06 30 04 04 02 60 36 = TrustedCertificates
+ A7 06 30 04 04 02 60 37 = DataObjects
+ A8 06 30 04 04 02 60 38 = AuthObjects
+
+ These are all PathOrObjects using the path CHOICE element. The
+ paths are octet strings of length 2. Using this Path CHOICE
+ element is recommended, so we only implement that for now.
+*/
+static gpg_error_t
+read_ef_odf (app_t app, unsigned short odf_fid)
+{
+ gpg_error_t err;
+ unsigned char *buffer, *p;
+ size_t buflen;
+ unsigned short value;
+ size_t offset;
+
+ err = select_and_read_binary (app->slot, odf_fid, "ODF", &buffer, &buflen);
+ if (err)
+ return err;
+
+ if (buflen < 8)
+ {
+ log_error ("error: ODF too short\n");
+ xfree (buffer);
+ return gpg_error (GPG_ERR_INV_OBJ);
+ }
+ p = buffer;
+ while (buflen && *p && *p != 0xff)
+ {
+ if ( buflen >= 8
+ && (p[0] & 0xf0) == 0xA0
+ && !memcmp (p+1, "\x06\x30\x04\x04\x02", 5) )
+ {
+ offset = 6;
+ }
+ else if ( buflen >= 12
+ && (p[0] & 0xf0) == 0xA0
+ && !memcmp (p+1, "\x0a\x30\x08\x04\x06\x3F\x00", 7)
+ && app->app_local->home_df == ((p[8]<<8)|p[9]) )
+ {
+ /* We only allow a full path if all files are at the same
+ level and below the home directory. The extend this we
+ would need to make use of new data type capable of
+ keeping a full path. */
+ offset = 10;
+ }
+ else
+ {
+ log_error ("ODF format is not supported by us\n");
+ xfree (buffer);
+ return gpg_error (GPG_ERR_INV_OBJ);
+ }
+ switch ((p[0] & 0x0f))
+ {
+ case 0: value = app->app_local->odf.private_keys; break;
+ case 1: value = app->app_local->odf.public_keys; break;
+ case 2: value = app->app_local->odf.trusted_public_keys; break;
+ case 3: value = app->app_local->odf.secret_keys; break;
+ case 4: value = app->app_local->odf.certificates; break;
+ case 5: value = app->app_local->odf.trusted_certificates; break;
+ case 6: value = app->app_local->odf.useful_certificates; break;
+ case 7: value = app->app_local->odf.data_objects; break;
+ case 8: value = app->app_local->odf.auth_objects; break;
+ default: value = 0; break;
+ }
+ if (value)
+ {
+ log_error ("duplicate object type %d in ODF ignored\n",(p[0]&0x0f));
+ continue;
+ }
+ value = ((p[offset] << 8) | p[offset+1]);
+ switch ((p[0] & 0x0f))
+ {
+ case 0: app->app_local->odf.private_keys = value; break;
+ case 1: app->app_local->odf.public_keys = value; break;
+ case 2: app->app_local->odf.trusted_public_keys = value; break;
+ case 3: app->app_local->odf.secret_keys = value; break;
+ case 4: app->app_local->odf.certificates = value; break;
+ case 5: app->app_local->odf.trusted_certificates = value; break;
+ case 6: app->app_local->odf.useful_certificates = value; break;
+ case 7: app->app_local->odf.data_objects = value; break;
+ case 8: app->app_local->odf.auth_objects = value; break;
+ default:
+ log_error ("unknown object type %d in ODF ignored\n", (p[0]&0x0f));
+ }
+ offset += 2;
+
+ if (buflen < offset)
+ break;
+ p += offset;
+ buflen -= offset;
+ }
+
+ if (buflen)
+ log_info ("warning: %u bytes of garbage detected at end of ODF\n",
+ (unsigned int)buflen);
+
+ xfree (buffer);
+ return 0;
+}
+
+
+/* Parse the BIT STRING with the keyUsageFlags from teh
+ CommonKeyAttributes. */
+static gpg_error_t
+parse_keyusage_flags (const unsigned char *der, size_t derlen,
+ keyusage_flags_t *usageflags)
+{
+ unsigned int bits, mask;
+ int i, unused, full;
+
+ memset (usageflags, 0, sizeof *usageflags);
+ if (!derlen)
+ return gpg_error (GPG_ERR_INV_OBJ);
+
+ unused = *der++; derlen--;
+ if ((!derlen && unused) || unused/8 > derlen)
+ return gpg_error (GPG_ERR_ENCODING_PROBLEM);
+ full = derlen - (unused+7)/8;
+ unused %= 8;
+ mask = 0;
+ for (i=1; unused; i <<= 1, unused--)
+ mask |= i;
+
+ /* First octet */
+ if (derlen)
+ {
+ bits = *der++; derlen--;
+ if (full)
+ full--;
+ else
+ {
+ bits &= ~mask;
+ mask = 0;
+ }
+ }
+ else
+ bits = 0;
+ if ((bits & 0x80)) usageflags->encrypt = 1;
+ if ((bits & 0x40)) usageflags->decrypt = 1;
+ if ((bits & 0x20)) usageflags->sign = 1;
+ if ((bits & 0x10)) usageflags->sign_recover = 1;
+ if ((bits & 0x08)) usageflags->wrap = 1;
+ if ((bits & 0x04)) usageflags->unwrap = 1;
+ if ((bits & 0x02)) usageflags->verify = 1;
+ if ((bits & 0x01)) usageflags->verify_recover = 1;
+
+ /* Second octet. */
+ if (derlen)
+ {
+ bits = *der++; derlen--;
+ if (full)
+ full--;
+ else
+ {
+ bits &= ~mask;
+ mask = 0;
+ }
+ }
+ else
+ bits = 0;
+ if ((bits & 0x80)) usageflags->derive = 1;
+ if ((bits & 0x40)) usageflags->non_repudiation = 1;
+
+ return 0;
+}
+
+/* Read and parse the Private Key Directory Files. */
+/*
+ 6034 (privatekeys)
+
+30 33 30 11 0C 08 53 4B 2E 43 48 2E 44 53 03 02 030...SK.CH.DS..
+06 80 04 01 07 30 0C 04 01 01 03 03 06 00 40 02 .....0........@.
+02 00 50 A1 10 30 0E 30 08 04 06 3F 00 40 16 00 ..P..0.0...?.@..
+50 02 02 04 00 30 33 30 11 0C 08 53 4B 2E 43 48 P....030...SK.CH
+2E 4B 45 03 02 06 80 04 01 0A 30 0C 04 01 0C 03 .KE.......0.....
+03 06 44 00 02 02 00 52 A1 10 30 0E 30 08 04 06 ..D....R..0.0...
+3F 00 40 16 00 52 02 02 04 00 30 34 30 12 0C 09 ?.@..R....040...
+53 4B 2E 43 48 2E 41 55 54 03 02 06 80 04 01 0A SK.CH.AUT.......
+30 0C 04 01 0D 03 03 06 20 00 02 02 00 51 A1 10 0....... ....Q..
+30 0E 30 08 04 06 3F 00 40 16 00 51 02 02 04 00 0.0...?.@..Q....
+30 37 30 15 0C 0C 53 4B 2E 43 48 2E 44 53 2D 53 070...SK.CH.DS-S
+50 58 03 02 06 80 04 01 0A 30 0C 04 01 02 03 03 PX.......0......
+06 20 00 02 02 00 53 A1 10 30 0E 30 08 04 06 3F . ....S..0.0...?
+00 40 16 00 53 02 02 04 00 00 00 00 00 00 00 00 .@..S...........
+00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+
+ 0 30 51: SEQUENCE {
+ 2 30 17: SEQUENCE { -- commonObjectAttributes
+ 4 0C 8: UTF8String 'SK.CH.DS'
+ 14 03 2: BIT STRING 6 unused bits
+ : '01'B (bit 0)
+ 18 04 1: OCTET STRING --authid
+ : 07
+ : }
+ 21 30 12: SEQUENCE { -- commonKeyAttributes
+ 23 04 1: OCTET STRING
+ : 01
+ 26 03 3: BIT STRING 6 unused bits
+ : '1000000000'B (bit 9)
+ 31 02 2: INTEGER 80 -- keyReference (optional)
+ : }
+ 35 A1 16: [1] { -- keyAttributes
+ 37 30 14: SEQUENCE { -- privateRSAKeyAttributes
+ 39 30 8: SEQUENCE { -- objectValue
+ 41 04 6: OCTET STRING --path
+ : 3F 00 40 16 00 50
+ : }
+ 49 02 2: INTEGER 1024 -- modulus
+ : }
+ : }
+ : }
+
+
+*/
+static gpg_error_t
+read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result)
+{
+ gpg_error_t err;
+ unsigned char *buffer = NULL;
+ size_t buflen;
+ const unsigned char *p;
+ size_t n, objlen, hdrlen;
+ int class, tag, constructed, ndef;
+ prkdf_object_t prkdflist = NULL;
+ int i;
+
+ if (!fid)
+ return gpg_error (GPG_ERR_NO_DATA); /* No private keys. */
+
+ err = select_and_read_binary (app->slot, fid, "PrKDF", &buffer, &buflen);
+ if (err)
+ return err;
+
+ p = buffer;
+ n = buflen;
+
+ /* FIXME: This shares a LOT of code with read_ef_cdf! */
+
+ /* Loop over the records. We stop as soon as we detect a new record
+ starting with 0x00 or 0xff as these values are commonly used to
+ pad data blocks and are no valid ASN.1 encoding. */
+ while (n && *p && *p != 0xff)
+ {
+ const unsigned char *pp;
+ size_t nn;
+ int where;
+ const char *errstr = NULL;
+ prkdf_object_t prkdf = NULL;
+ unsigned long ul;
+ const unsigned char *objid;
+ size_t objidlen;
+ const unsigned char *authid = NULL;
+ size_t authidlen = 0;
+ keyusage_flags_t usageflags;
+ unsigned long key_reference = 0;
+ int key_reference_valid = 0;
+ const char *s;
+
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > n || tag != TAG_SEQUENCE))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ {
+ log_error ("error parsing PrKDF record: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+ pp = p;
+ nn = objlen;
+ p += objlen;
+ n -= objlen;
+
+ /* Parse the commonObjectAttributes. */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn || tag != TAG_SEQUENCE))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ {
+ const unsigned char *ppp = pp;
+ size_t nnn = objlen;
+
+ pp += objlen;
+ nn -= objlen;
+
+ /* Search the optional AuthId. We need to skip the optional
+ Label (UTF8STRING) and the optional CommonObjectFlags
+ (BITSTRING). */
+ where = __LINE__;
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nnn || class != CLASS_UNIVERSAL))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ goto no_authid;
+ if (err)
+ goto parse_error;
+ if (tag == TAG_UTF8_STRING)
+ {
+ ppp += objlen; /* Skip the Label. */
+ nnn -= objlen;
+
+ where = __LINE__;
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nnn || class != CLASS_UNIVERSAL))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ goto no_authid;
+ if (err)
+ goto parse_error;
+ }
+ if (tag == TAG_BIT_STRING)
+ {
+ ppp += objlen; /* Skip the CommonObjectFlags. */
+ nnn -= objlen;
+
+ where = __LINE__;
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nnn || class != CLASS_UNIVERSAL))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ goto no_authid;
+ if (err)
+ goto parse_error;
+ }
+ if (tag == TAG_OCTET_STRING && objlen)
+ {
+ authid = ppp;
+ authidlen = objlen;
+ }
+ no_authid:
+ ;
+ }
+
+ /* Parse the commonKeyAttributes. */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn || tag != TAG_SEQUENCE))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ {
+ const unsigned char *ppp = pp;
+ size_t nnn = objlen;
+
+ pp += objlen;
+ nn -= objlen;
+
+ /* Get the Id. */
+ where = __LINE__;
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nnn
+ || class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ objid = ppp;
+ objidlen = objlen;
+ ppp += objlen;
+ nnn -= objlen;
+
+ /* Get the KeyUsageFlags. */
+ where = __LINE__;
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nnn
+ || class != CLASS_UNIVERSAL || tag != TAG_BIT_STRING))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ err = parse_keyusage_flags (ppp, objlen, &usageflags);
+ if (err)
+ goto parse_error;
+ ppp += objlen;
+ nnn -= objlen;
+
+ /* Find the keyReference */
+ where = __LINE__;
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ goto leave_cki;
+ if (!err && objlen > nnn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ if (class == CLASS_UNIVERSAL && tag == TAG_BOOLEAN)
+ {
+ /* Skip the native element. */
+ ppp += objlen;
+ nnn -= objlen;
+
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ goto leave_cki;
+ if (!err && objlen > nnn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ }
+ if (class == CLASS_UNIVERSAL && tag == TAG_BIT_STRING)
+ {
+ /* Skip the accessFlags. */
+ ppp += objlen;
+ nnn -= objlen;
+
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ goto leave_cki;
+ if (!err && objlen > nnn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ }
+ if (class == CLASS_UNIVERSAL && tag == TAG_INTEGER)
+ {
+ /* Yep, this is the keyReference. */
+ for (ul=0; objlen; objlen--)
+ {
+ ul <<= 8;
+ ul |= (*ppp++) & 0xff;
+ nnn--;
+ }
+ key_reference = ul;
+ key_reference_valid = 1;
+ }
+
+ leave_cki:
+ ;
+ }
+
+
+ /* Skip subClassAttributes. */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && objlen > nn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ if (class == CLASS_CONTEXT && tag == 0)
+ {
+ pp += objlen;
+ nn -= objlen;
+
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ }
+ /* Parse the keyAttributes. */
+ if (!err && (objlen > nn || class != CLASS_CONTEXT || tag != 1))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ nn = objlen;
+
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && objlen > nn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE)
+ ; /* RSA */
+ else if (class == CLASS_CONTEXT)
+ {
+ switch (tag)
+ {
+ case 0: errstr = "EC key objects are not supported"; break;
+ case 1: errstr = "DH key objects are not supported"; break;
+ case 2: errstr = "DSA key objects are not supported"; break;
+ case 3: errstr = "KEA key objects are not supported"; break;
+ default: errstr = "unknown privateKeyObject"; break;
+ }
+ goto parse_error;
+ }
+ else
+ {
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ goto parse_error;
+ }
+
+ nn = objlen;
+
+ /* Check that the reference is a Path object. */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && objlen > nn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ if (class != CLASS_UNIVERSAL || tag != TAG_SEQUENCE)
+ {
+ errstr = "unsupported reference type";
+ goto parse_error;
+ }
+ nn = objlen;
+
+ /* Parse the Path object. */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && objlen > nn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+
+ /* Make sure that the next element is a non zero path and of
+ even length (FID are two bytes each). */
+ if (class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING
+ || !objlen || (objlen & 1) )
+ {
+ errstr = "invalid path reference";
+ goto parse_error;
+ }
+ /* Create a new PrKDF list item. */
+ prkdf = xtrycalloc (1, (sizeof *prkdf
+ - sizeof(unsigned short)
+ + objlen/2 * sizeof(unsigned short)));
+ if (!prkdf)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ prkdf->objidlen = objidlen;
+ prkdf->objid = xtrymalloc (objidlen);
+ if (!prkdf->objid)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (prkdf);
+ goto leave;
+ }
+ memcpy (prkdf->objid, objid, objidlen);
+ if (authid)
+ {
+ prkdf->authidlen = authidlen;
+ prkdf->authid = xtrymalloc (authidlen);
+ if (!prkdf->authid)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (prkdf->objid);
+ xfree (prkdf);
+ goto leave;
+ }
+ memcpy (prkdf->authid, authid, authidlen);
+ }
+
+ prkdf->pathlen = objlen/2;
+ for (i=0; i < prkdf->pathlen; i++, pp += 2, nn -= 2)
+ prkdf->path[i] = ((pp[0] << 8) | pp[1]);
+
+ prkdf->usageflags = usageflags;
+ prkdf->key_reference = key_reference;
+ prkdf->key_reference_valid = key_reference_valid;
+
+ if (nn)
+ {
+ /* An index and length follows. */
+ prkdf->have_off = 1;
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn
+ || class != CLASS_UNIVERSAL || tag != TAG_INTEGER))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+
+ for (ul=0; objlen; objlen--)
+ {
+ ul <<= 8;
+ ul |= (*pp++) & 0xff;
+ nn--;
+ }
+ prkdf->off = ul;
+
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn
+ || class != CLASS_CONTEXT || tag != 0))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+
+ for (ul=0; objlen; objlen--)
+ {
+ ul <<= 8;
+ ul |= (*pp++) & 0xff;
+ nn--;
+ }
+ prkdf->len = ul;
+ }
+
+
+ log_debug ("PrKDF %04hX: id=", fid);
+ for (i=0; i < prkdf->objidlen; i++)
+ log_printf ("%02X", prkdf->objid[i]);
+ log_printf (" path=");
+ for (i=0; i < prkdf->pathlen; i++)
+ log_printf ("%04hX", prkdf->path[i]);
+ if (prkdf->have_off)
+ log_printf ("[%lu/%lu]", prkdf->off, prkdf->len);
+ if (prkdf->authid)
+ {
+ log_printf (" authid=");
+ for (i=0; i < prkdf->authidlen; i++)
+ log_printf ("%02X", prkdf->authid[i]);
+ }
+ if (prkdf->key_reference_valid)
+ log_printf (" keyref=0x%02lX", prkdf->key_reference);
+ log_printf (" usage=");
+ s = "";
+ if (prkdf->usageflags.encrypt) log_printf ("%sencrypt", s), s = ",";
+ if (prkdf->usageflags.decrypt) log_printf ("%sdecrypt", s), s = ",";
+ if (prkdf->usageflags.sign ) log_printf ("%ssign", s), s = ",";
+ if (prkdf->usageflags.sign_recover)
+ log_printf ("%ssign_recover", s), s = ",";
+ if (prkdf->usageflags.wrap ) log_printf ("%swrap", s), s = ",";
+ if (prkdf->usageflags.unwrap ) log_printf ("%sunwrap", s), s = ",";
+ if (prkdf->usageflags.verify ) log_printf ("%sverify", s), s = ",";
+ if (prkdf->usageflags.verify_recover)
+ log_printf ("%sverify_recover", s), s = ",";
+ if (prkdf->usageflags.derive ) log_printf ("%sderive", s), s = ",";
+ if (prkdf->usageflags.non_repudiation)
+ log_printf ("%snon_repudiation", s), s = ",";
+ log_printf ("\n");
+
+ /* Put it into the list. */
+ prkdf->next = prkdflist;
+ prkdflist = prkdf;
+ prkdf = NULL;
+ continue; /* Ready. */
+
+ parse_error:
+ log_error ("error parsing PrKDF record (%d): %s - skipped\n",
+ where, errstr? errstr : gpg_strerror (err));
+ if (prkdf)
+ {
+ xfree (prkdf->objid);
+ xfree (prkdf->authid);
+ xfree (prkdf);
+ }
+ err = 0;
+ } /* End looping over all records. */
+
+ leave:
+ xfree (buffer);
+ if (err)
+ release_prkdflist (prkdflist);
+ else
+ *result = prkdflist;
+ return err;
+}
+
+
+/* Read and parse the Certificate Directory Files identified by FID.
+ On success a newlist of CDF object gets stored at RESULT and the
+ caller is then responsible of releasing this list. On error a
+ error code is returned and RESULT won't get changed. */
+static gpg_error_t
+read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result)
+{
+ gpg_error_t err;
+ unsigned char *buffer = NULL;
+ size_t buflen;
+ const unsigned char *p;
+ size_t n, objlen, hdrlen;
+ int class, tag, constructed, ndef;
+ cdf_object_t cdflist = NULL;
+ int i;
+
+ if (!fid)
+ return gpg_error (GPG_ERR_NO_DATA); /* No certificates. */
+
+ err = select_and_read_binary (app->slot, fid, "CDF", &buffer, &buflen);
+ if (err)
+ return err;
+
+ p = buffer;
+ n = buflen;
+
+ /* Loop over the records. We stop as soon as we detect a new record
+ starting with 0x00 or 0xff as these values are commonly used to
+ pad data blocks and are no valid ASN.1 encoding. */
+ while (n && *p && *p != 0xff)
+ {
+ const unsigned char *pp;
+ size_t nn;
+ int where;
+ const char *errstr = NULL;
+ cdf_object_t cdf = NULL;
+ unsigned long ul;
+ const unsigned char *objid;
+ size_t objidlen;
+
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > n || tag != TAG_SEQUENCE))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ {
+ log_error ("error parsing CDF record: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+ pp = p;
+ nn = objlen;
+ p += objlen;
+ n -= objlen;
+
+ /* Skip the commonObjectAttributes. */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn || tag != TAG_SEQUENCE))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ pp += objlen;
+ nn -= objlen;
+
+ /* Parse the commonCertificateAttributes. */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn || tag != TAG_SEQUENCE))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ {
+ const unsigned char *ppp = pp;
+ size_t nnn = objlen;
+
+ pp += objlen;
+ nn -= objlen;
+
+ /* Get the Id. */
+ where = __LINE__;
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nnn
+ || class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ objid = ppp;
+ objidlen = objlen;
+ }
+
+ /* Parse the certAttribute. */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn || class != CLASS_CONTEXT || tag != 1))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ nn = objlen;
+
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn
+ || class != CLASS_UNIVERSAL || tag != TAG_SEQUENCE))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ nn = objlen;
+
+ /* Check that the reference is a Path object. */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && objlen > nn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ if (class != CLASS_UNIVERSAL || tag != TAG_SEQUENCE)
+ {
+ errstr = "unsupported reference type";
+ continue;
+ }
+ nn = objlen;
+
+ /* Parse the Path object. */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && objlen > nn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+
+ /* Make sure that the next element is a non zero path and of
+ even length (FID are two bytes each). */
+ if (class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING
+ || !objlen || (objlen & 1) )
+ {
+ errstr = "invalid path reference";
+ goto parse_error;
+ }
+ /* Create a new CDF list item. */
+ cdf = xtrycalloc (1, (sizeof *cdf
+ - sizeof(unsigned short)
+ + objlen/2 * sizeof(unsigned short)));
+ if (!cdf)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ cdf->objidlen = objidlen;
+ cdf->objid = xtrymalloc (objidlen);
+ if (!cdf->objid)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (cdf);
+ goto leave;
+ }
+ memcpy (cdf->objid, objid, objidlen);
+
+ cdf->pathlen = objlen/2;
+ for (i=0; i < cdf->pathlen; i++, pp += 2, nn -= 2)
+ cdf->path[i] = ((pp[0] << 8) | pp[1]);
+
+ if (nn)
+ {
+ /* An index and length follows. */
+ cdf->have_off = 1;
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn
+ || class != CLASS_UNIVERSAL || tag != TAG_INTEGER))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+
+ for (ul=0; objlen; objlen--)
+ {
+ ul <<= 8;
+ ul |= (*pp++) & 0xff;
+ nn--;
+ }
+ cdf->off = ul;
+
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn
+ || class != CLASS_CONTEXT || tag != 0))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+
+ for (ul=0; objlen; objlen--)
+ {
+ ul <<= 8;
+ ul |= (*pp++) & 0xff;
+ nn--;
+ }
+ cdf->len = ul;
+ }
+
+ log_debug ("CDF %04hX: id=", fid);
+ for (i=0; i < cdf->objidlen; i++)
+ log_printf ("%02X", cdf->objid[i]);
+ log_printf (" path=");
+ for (i=0; i < cdf->pathlen; i++)
+ log_printf ("%04hX", cdf->path[i]);
+ if (cdf->have_off)
+ log_printf ("[%lu/%lu]", cdf->off, cdf->len);
+ log_printf ("\n");
+
+ /* Put it into the list. */
+ cdf->next = cdflist;
+ cdflist = cdf;
+ cdf = NULL;
+ continue; /* Ready. */
+
+ parse_error:
+ log_error ("error parsing CDF record (%d): %s - skipped\n",
+ where, errstr? errstr : gpg_strerror (err));
+ xfree (cdf);
+ err = 0;
+ } /* End looping over all records. */
+
+ leave:
+ xfree (buffer);
+ if (err)
+ release_cdflist (cdflist);
+ else
+ *result = cdflist;
+ return err;
+}
+
+
+/*
+SEQUENCE {
+ SEQUENCE { -- CommonObjectAttributes
+ UTF8String 'specific PIN for DS'
+ BIT STRING 0 unused bits
+ '00000011'B
+ }
+ SEQUENCE { -- CommonAuthenticationObjectAttributes
+ OCTET STRING
+ 07 -- iD
+ }
+
+ [1] { -- typeAttributes
+ SEQUENCE { -- PinAttributes
+ BIT STRING 0 unused bits
+ '0000100000110010'B -- local,initialized,needs-padding
+ -- exchangeRefData
+ ENUMERATED 1 -- ascii-numeric
+ INTEGER 6 -- minLength
+ INTEGER 6 -- storedLength
+ INTEGER 8 -- maxLength
+ [0]
+ 02 -- pinReference
+ GeneralizedTime 19/04/2002 12:12 GMT -- lastPinChange
+ SEQUENCE {
+ OCTET STRING
+ 3F 00 40 16 -- path to DF of PIN
+ }
+ }
+ }
+ }
+
+*/
+/* Read and parse an Authentication Object Directory File identified
+ by FID. On success a newlist of AODF objects gets stored at RESULT
+ and the caller is responsible of releasing this list. On error a
+ error code is returned and RESULT won't get changed. */
+static gpg_error_t
+read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result)
+{
+ gpg_error_t err;
+ unsigned char *buffer = NULL;
+ size_t buflen;
+ const unsigned char *p;
+ size_t n, objlen, hdrlen;
+ int class, tag, constructed, ndef;
+ aodf_object_t aodflist = NULL;
+ int i;
+
+ if (!fid)
+ return gpg_error (GPG_ERR_NO_DATA); /* No authentication objects. */
+
+ err = select_and_read_binary (app->slot, fid, "AODF", &buffer, &buflen);
+ if (err)
+ return err;
+
+ p = buffer;
+ n = buflen;
+
+ /* FIXME: This shares a LOT of code with read_ef_prkdf! */
+
+ /* Loop over the records. We stop as soon as we detect a new record
+ starting with 0x00 or 0xff as these values are commonly used to
+ pad data blocks and are no valid ASN.1 encoding. */
+ while (n && *p && *p != 0xff)
+ {
+ const unsigned char *pp;
+ size_t nn;
+ int where;
+ const char *errstr = NULL;
+ aodf_object_t aodf = NULL;
+ unsigned long ul;
+ const char *s;
+
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > n || tag != TAG_SEQUENCE))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ {
+ log_error ("error parsing AODF record: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+ pp = p;
+ nn = objlen;
+ p += objlen;
+ n -= objlen;
+
+ /* Allocate memory for a new AODF list item. */
+ aodf = xtrycalloc (1, sizeof *aodf);
+ if (!aodf)
+ goto no_core;
+
+ /* Parse the commonObjectAttributes. */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn || tag != TAG_SEQUENCE))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ {
+ const unsigned char *ppp = pp;
+ size_t nnn = objlen;
+
+ pp += objlen;
+ nn -= objlen;
+
+ /* Search the optional AuthId. We need to skip the optional
+ Label (UTF8STRING) and the optional CommonObjectFlags
+ (BITSTRING). */
+ where = __LINE__;
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nnn || class != CLASS_UNIVERSAL))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ goto no_authid;
+ if (err)
+ goto parse_error;
+ if (tag == TAG_UTF8_STRING)
+ {
+ ppp += objlen; /* Skip the Label. */
+ nnn -= objlen;
+
+ where = __LINE__;
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nnn || class != CLASS_UNIVERSAL))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ goto no_authid;
+ if (err)
+ goto parse_error;
+ }
+ if (tag == TAG_BIT_STRING)
+ {
+ ppp += objlen; /* Skip the CommonObjectFlags. */
+ nnn -= objlen;
+
+ where = __LINE__;
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nnn || class != CLASS_UNIVERSAL))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ goto no_authid;
+ if (err)
+ goto parse_error;
+ }
+ if (tag == TAG_OCTET_STRING && objlen)
+ {
+ aodf->authidlen = objlen;
+ aodf->authid = xtrymalloc (objlen);
+ if (!aodf->authid)
+ goto no_core;
+ memcpy (aodf->authid, ppp, objlen);
+ }
+ no_authid:
+ ;
+ }
+
+ /* Parse the CommonAuthenticationObjectAttributes. */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn || tag != TAG_SEQUENCE))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ {
+ const unsigned char *ppp = pp;
+ size_t nnn = objlen;
+
+ pp += objlen;
+ nn -= objlen;
+
+ /* Get the Id. */
+ where = __LINE__;
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nnn
+ || class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+
+ aodf->objidlen = objlen;
+ aodf->objid = xtrymalloc (objlen);
+ if (!aodf->objid)
+ goto no_core;
+ memcpy (aodf->objid, ppp, objlen);
+ }
+
+ /* Parse the typeAttributes. */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn || class != CLASS_CONTEXT || tag != 1))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ nn = objlen;
+
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && objlen > nn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE)
+ ; /* PinAttributes */
+ else if (class == CLASS_CONTEXT)
+ {
+ switch (tag)
+ {
+ case 0: errstr = "biometric auth types are not supported"; break;
+ case 1: errstr = "authKey auth types are not supported"; break;
+ case 2: errstr = "external auth type are not supported"; break;
+ default: errstr = "unknown privateKeyObject"; break;
+ }
+ goto parse_error;
+ }
+ else
+ {
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ goto parse_error;
+ }
+
+ nn = objlen;
+
+ /* PinFlags */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn || !objlen
+ || class != CLASS_UNIVERSAL || tag != TAG_BIT_STRING))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+
+ {
+ unsigned int bits, mask;
+ int unused, full;
+
+ unused = *pp++; nn--; objlen--;
+ if ((!objlen && unused) || unused/8 > objlen)
+ {
+ err = gpg_error (GPG_ERR_ENCODING_PROBLEM);
+ goto parse_error;
+ }
+ full = objlen - (unused+7)/8;
+ unused %= 8;
+ mask = 0;
+ for (i=1; unused; i <<= 1, unused--)
+ mask |= i;
+
+ /* The first octet */
+ bits = 0;
+ if (objlen)
+ {
+ bits = *pp++; nn--; objlen--;
+ if (full)
+ full--;
+ else
+ {
+ bits &= ~mask;
+ mask = 0;
+ }
+ }
+ if ((bits & 0x80)) /* ASN.1 bit 0. */
+ aodf->pinflags.case_sensitive = 1;
+ if ((bits & 0x40)) /* ASN.1 bit 1. */
+ aodf->pinflags.local = 1;
+ if ((bits & 0x20))
+ aodf->pinflags.change_disabled = 1;
+ if ((bits & 0x10))
+ aodf->pinflags.unblock_disabled = 1;
+ if ((bits & 0x08))
+ aodf->pinflags.initialized = 1;
+ if ((bits & 0x04))
+ aodf->pinflags.needs_padding = 1;
+ if ((bits & 0x02))
+ aodf->pinflags.unblocking_pin = 1;
+ if ((bits & 0x01))
+ aodf->pinflags.so_pin = 1;
+ /* The second octet. */
+ bits = 0;
+ if (objlen)
+ {
+ bits = *pp++; nn--; objlen--;
+ if (full)
+ full--;
+ else
+ {
+ bits &= ~mask;
+ mask = 0;
+ }
+ }
+ if ((bits & 0x80))
+ aodf->pinflags.disable_allowed = 1;
+ if ((bits & 0x40))
+ aodf->pinflags.integrity_protected = 1;
+ if ((bits & 0x20))
+ aodf->pinflags.confidentiality_protected = 1;
+ if ((bits & 0x10))
+ aodf->pinflags.exchange_ref_data = 1;
+ /* Skip remaining bits. */
+ pp += objlen;
+ nn -= objlen;
+ }
+
+
+ /* PinType */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn
+ || class != CLASS_UNIVERSAL || tag != TAG_ENUMERATED))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (!err && (objlen > sizeof (pin_type_t) || objlen > sizeof (ul)))
+ err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
+ if (err)
+ goto parse_error;
+
+ for (ul=0; objlen; objlen--)
+ {
+ ul <<= 8;
+ ul |= (*pp++) & 0xff;
+ nn--;
+ }
+ aodf->pintype = ul;
+
+
+ /* minLength */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn
+ || class != CLASS_UNIVERSAL || tag != TAG_INTEGER))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (!err && objlen > sizeof (ul))
+ err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
+ if (err)
+ goto parse_error;
+ for (ul=0; objlen; objlen--)
+ {
+ ul <<= 8;
+ ul |= (*pp++) & 0xff;
+ nn--;
+ }
+ aodf->min_length = ul;
+
+
+ /* storedLength */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nn
+ || class != CLASS_UNIVERSAL || tag != TAG_INTEGER))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (!err && objlen > sizeof (ul))
+ err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
+ if (err)
+ goto parse_error;
+ for (ul=0; objlen; objlen--)
+ {
+ ul <<= 8;
+ ul |= (*pp++) & 0xff;
+ nn--;
+ }
+ aodf->stored_length = ul;
+
+ /* optional maxLength */
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ goto ready;
+ if (!err && objlen > nn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ if (class == CLASS_UNIVERSAL && tag == TAG_INTEGER)
+ {
+ if (objlen > sizeof (ul))
+ {
+ err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
+ goto parse_error;
+ }
+ for (ul=0; objlen; objlen--)
+ {
+ ul <<= 8;
+ ul |= (*pp++) & 0xff;
+ nn--;
+ }
+ aodf->max_length = ul;
+ aodf->max_length_valid = 1;
+
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ goto ready;
+ if (!err && objlen > nn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ }
+
+ /* Optional pinReference. */
+ if (class == CLASS_CONTEXT && tag == 0)
+ {
+ if (objlen > sizeof (ul))
+ {
+ err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
+ goto parse_error;
+ }
+ for (ul=0; objlen; objlen--)
+ {
+ ul <<= 8;
+ ul |= (*pp++) & 0xff;
+ nn--;
+ }
+ aodf->pin_reference = ul;
+ aodf->pin_reference_valid = 1;
+
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ goto ready;
+ if (!err && objlen > nn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ }
+
+ /* Optional padChar. */
+ if (class == CLASS_UNIVERSAL && tag == TAG_OCTET_STRING)
+ {
+ if (objlen != 1)
+ {
+ errstr = "padChar is not of size(1)";
+ goto parse_error;
+ }
+ aodf->pad_char = *pp++; nn--;
+ aodf->pad_char_valid = 1;
+
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ goto ready;
+ if (!err && objlen > nn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ }
+
+ /* Skip optional lastPinChange. */
+ if (class == CLASS_UNIVERSAL && tag == TAG_GENERALIZED_TIME)
+ {
+ pp += objlen;
+ nn -= objlen;
+
+ where = __LINE__;
+ err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ goto ready;
+ if (!err && objlen > nn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+ }
+
+ /* Optional Path object. */
+ if (class == CLASS_UNIVERSAL || tag == TAG_SEQUENCE)
+ {
+ const unsigned char *ppp = pp;
+ size_t nnn = objlen;
+
+ pp += objlen;
+ nn -= objlen;
+
+ where = __LINE__;
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && objlen > nnn)
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+
+ /* Make sure that the next element is a non zero FID and of
+ even length (FID are two bytes each). */
+ if (class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING
+ || !objlen || (objlen & 1) )
+ {
+ errstr = "invalid path reference";
+ goto parse_error;
+ }
+
+ aodf->pathlen = objlen/2;
+ aodf->path = xtrymalloc (aodf->pathlen);
+ if (!aodf->path)
+ goto no_core;
+ for (i=0; i < aodf->pathlen; i++, ppp += 2, nnn -= 2)
+ aodf->path[i] = ((ppp[0] << 8) | ppp[1]);
+
+ if (nnn)
+ {
+ /* An index and length follows. */
+ aodf->have_off = 1;
+ where = __LINE__;
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nnn
+ || class != CLASS_UNIVERSAL || tag != TAG_INTEGER))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+
+ for (ul=0; objlen; objlen--)
+ {
+ ul <<= 8;
+ ul |= (*ppp++) & 0xff;
+ nnn--;
+ }
+ aodf->off = ul;
+
+ where = __LINE__;
+ err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > nnn
+ || class != CLASS_CONTEXT || tag != 0))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto parse_error;
+
+ for (ul=0; objlen; objlen--)
+ {
+ ul <<= 8;
+ ul |= (*ppp++) & 0xff;
+ nnn--;
+ }
+ aodf->len = ul;
+ }
+ }
+
+ /* Igonore further objects which might be there due to future
+ extensions of pkcs#15. */
+
+ ready:
+ log_debug ("AODF %04hX: id=", fid);
+ for (i=0; i < aodf->objidlen; i++)
+ log_printf ("%02X", aodf->objid[i]);
+ if (aodf->authid)
+ {
+ log_printf (" authid=");
+ for (i=0; i < aodf->authidlen; i++)
+ log_printf ("%02X", aodf->authid[i]);
+ }
+ log_printf (" flags=");
+ s = "";
+ if (aodf->pinflags.case_sensitive)
+ log_printf ("%scase_sensitive", s), s = ",";
+ if (aodf->pinflags.local)
+ log_printf ("%slocal", s), s = ",";
+ if (aodf->pinflags.change_disabled)
+ log_printf ("%schange_disabled", s), s = ",";
+ if (aodf->pinflags.unblock_disabled)
+ log_printf ("%sunblock_disabled", s), s = ",";
+ if (aodf->pinflags.initialized)
+ log_printf ("%sinitialized", s), s = ",";
+ if (aodf->pinflags.needs_padding)
+ log_printf ("%sneeds_padding", s), s = ",";
+ if (aodf->pinflags.unblocking_pin)
+ log_printf ("%sunblocking_pin", s), s = ",";
+ if (aodf->pinflags.so_pin)
+ log_printf ("%sso_pin", s), s = ",";
+ if (aodf->pinflags.disable_allowed)
+ log_printf ("%sdisable_allowed", s), s = ",";
+ if (aodf->pinflags.integrity_protected)
+ log_printf ("%sintegrity_protected", s), s = ",";
+ if (aodf->pinflags.confidentiality_protected)
+ log_printf ("%sconfidentiality_protected", s), s = ",";
+ if (aodf->pinflags.exchange_ref_data)
+ log_printf ("%sexchange_ref_data", s), s = ",";
+ {
+ char numbuf[50];
+ switch (aodf->pintype)
+ {
+ case PIN_TYPE_BCD: s = "bcd"; break;
+ case PIN_TYPE_ASCII_NUMERIC: s = "ascii-numeric"; break;
+ case PIN_TYPE_UTF8: s = "utf8"; break;
+ case PIN_TYPE_HALF_NIBBLE_BCD: s = "half-nibble-bcd"; break;
+ case PIN_TYPE_ISO9564_1: s = "iso9564-1"; break;
+ default:
+ sprintf (numbuf, "%lu", (unsigned long)aodf->pintype);
+ s = numbuf;
+ }
+ log_printf (" type=%s", s);
+ }
+ log_printf (" min=%lu", aodf->min_length);
+ log_printf (" stored=%lu", aodf->stored_length);
+ if (aodf->max_length_valid)
+ log_printf (" max=%lu", aodf->max_length);
+ if (aodf->pad_char_valid)
+ log_printf (" pad=0x%02x", aodf->pad_char);
+ if (aodf->pin_reference_valid)
+ log_printf (" pinref=0x%02lX", aodf->pin_reference);
+ if (aodf->pathlen)
+ {
+ log_printf (" path=");
+ for (i=0; i < aodf->pathlen; i++)
+ log_printf ("%04hX", aodf->path[i]);
+ if (aodf->have_off)
+ log_printf ("[%lu/%lu]", aodf->off, aodf->len);
+ }
+ log_printf ("\n");
+
+ /* Put it into the list. */
+ aodf->next = aodflist;
+ aodflist = aodf;
+ aodf = NULL;
+ continue; /* Ready. */
+
+ no_core:
+ err = gpg_error_from_syserror ();
+ release_aodf_object (aodf);
+ goto leave;
+
+ parse_error:
+ log_error ("error parsing AODF record (%d): %s - skipped\n",
+ where, errstr? errstr : gpg_strerror (err));
+ err = 0;
+ release_aodf_object (aodf);
+ } /* End looping over all records. */
+
+ leave:
+ xfree (buffer);
+ if (err)
+ release_aodflist (aodflist);
+ else
+ *result = aodflist;
+ return err;
+}
+
+
+
+
+
+/* Read and parse the EF(TokenInfo).
+
+TokenInfo ::= SEQUENCE {
+ version INTEGER {v1(0)} (v1,...),
+ serialNumber OCTET STRING,
+ manufacturerID Label OPTIONAL,
+ label [0] Label OPTIONAL,
+ tokenflags TokenFlags,
+ seInfo SEQUENCE OF SecurityEnvironmentInfo OPTIONAL,
+ recordInfo [1] RecordInfo OPTIONAL,
+ supportedAlgorithms [2] SEQUENCE OF AlgorithmInfo OPTIONAL,
+ ...,
+ issuerId [3] Label OPTIONAL,
+ holderId [4] Label OPTIONAL,
+ lastUpdate [5] LastUpdate OPTIONAL,
+ preferredLanguage PrintableString OPTIONAL -- In accordance with
+ -- IETF RFC 1766
+} (CONSTRAINED BY { -- Each AlgorithmInfo.reference value must be unique --})
+
+TokenFlags ::= BIT STRING {
+ readonly (0),
+ loginRequired (1),
+ prnGeneration (2),
+ eidCompliant (3)
+}
+
+
+ 5032:
+
+30 31 02 01 00 04 04 05 45 36 9F 0C 0C 44 2D 54 01......E6...D-T
+72 75 73 74 20 47 6D 62 48 80 14 4F 66 66 69 63 rust GmbH..Offic
+65 20 69 64 65 6E 74 69 74 79 20 63 61 72 64 03 e identity card.
+02 00 40 20 63 61 72 64 03 02 00 40 00 00 00 00 ..@ card...@....
+00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+
+ 0 49: SEQUENCE {
+ 2 1: INTEGER 0
+ 5 4: OCTET STRING 05 45 36 9F
+ 11 12: UTF8String 'D-Trust GmbH'
+ 25 20: [0] 'Office identity card'
+ 47 2: BIT STRING
+ : '00000010'B (bit 1)
+ : Error: Spurious zero bits in bitstring.
+ : }
+
+
+
+
+ */
+static gpg_error_t
+read_ef_tokeninfo (app_t app)
+{
+ gpg_error_t err;
+ unsigned char *buffer = NULL;
+ size_t buflen;
+ const unsigned char *p;
+ size_t n, objlen, hdrlen;
+ int class, tag, constructed, ndef;
+ unsigned long ul;
+
+ err = select_and_read_binary (app->slot, 0x5032, "TokenInfo",
+ &buffer, &buflen);
+ if (err)
+ return err;
+
+ p = buffer;
+ n = buflen;
+
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > n || tag != TAG_SEQUENCE))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ {
+ log_error ("error parsing TokenInfo: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+
+ n = objlen;
+
+ /* Version. */
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > n || tag != TAG_INTEGER))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto leave;
+
+ for (ul=0; objlen; objlen--)
+ {
+ ul <<= 8;
+ ul |= (*p++) & 0xff;
+ n--;
+ }
+ if (ul)
+ {
+ log_error ("invalid version %lu in TokenInfo\n", ul);
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ goto leave;
+ }
+
+ /* serialNumber. */
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > n || tag != TAG_OCTET_STRING || !objlen))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto leave;
+
+ xfree (app->app_local->serialno);
+ app->app_local->serialno = xtrymalloc (objlen);
+ if (!app->app_local->serialno)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ memcpy (app->app_local->serialno, p, objlen);
+ app->app_local->serialnolen = objlen;
+ log_printhex ("Serialnumber from EF(TokenInfo) is:", p, objlen);
+
+ leave:
+ xfree (buffer);
+ return err;
+}
+
+
+/* Get all the basic information from the pkcs#15 card, check the
+ structure and initialize our local context. This is used once at
+ application initialization. */
+static gpg_error_t
+read_p15_info (app_t app)
+{
+ gpg_error_t err;
+
+ if (!read_ef_tokeninfo (app))
+ {
+ /* If we don't have a serial number yet but the TokenInfo provides
+ one, use that. */
+ if (!app->serialno && app->app_local->serialno)
+ {
+ app->serialno = app->app_local->serialno;
+ app->serialnolen = app->app_local->serialnolen;
+ app->app_local->serialno = NULL;
+ app->app_local->serialnolen = 0;
+ err = app_munge_serialno (app);
+ if (err)
+ return err;
+ }
+ }
+
+ /* Read the ODF so that we know the location of all directory
+ files. */
+ /* Fixme: We might need to get a non-standard ODF FID from TokenInfo. */
+ err = read_ef_odf (app, 0x5031);
+ if (err)
+ return err;
+
+ /* Read certificate information. */
+ assert (!app->app_local->certificate_info);
+ assert (!app->app_local->trusted_certificate_info);
+ assert (!app->app_local->useful_certificate_info);
+ err = read_ef_cdf (app, app->app_local->odf.certificates,
+ &app->app_local->certificate_info);
+ if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
+ err = read_ef_cdf (app, app->app_local->odf.trusted_certificates,
+ &app->app_local->trusted_certificate_info);
+ if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
+ err = read_ef_cdf (app, app->app_local->odf.useful_certificates,
+ &app->app_local->useful_certificate_info);
+ if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+ err = 0;
+ if (err)
+ return err;
+
+ /* Read information about private keys. */
+ assert (!app->app_local->private_key_info);
+ err = read_ef_prkdf (app, app->app_local->odf.private_keys,
+ &app->app_local->private_key_info);
+ if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+ err = 0;
+ if (err)
+ return err;
+
+ /* Read information about authentication objects. */
+ assert (!app->app_local->auth_object_info);
+ err = read_ef_aodf (app, app->app_local->odf.auth_objects,
+ &app->app_local->auth_object_info);
+ if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+ err = 0;
+
+
+ return err;
+}
+
+
+/* Helper to do_learn_status: Send information about all certificates
+ listed in CERTINFO back. Use CERTTYPE as type of the
+ certificate. */
+static gpg_error_t
+send_certinfo (app_t app, ctrl_t ctrl, const char *certtype,
+ cdf_object_t certinfo)
+{
+ for (; certinfo; certinfo = certinfo->next)
+ {
+ char *buf, *p;
+
+ buf = xtrymalloc (9 + certinfo->objidlen*2 + 1);
+ if (!buf)
+ return gpg_error_from_syserror ();
+ p = stpcpy (buf, "P15");
+ if (app->app_local->home_df)
+ {
+ sprintf (p, "-%04hX", (app->app_local->home_df & 0xffff));
+ p += 5;
+ }
+ p = stpcpy (p, ".");
+ bin2hex (certinfo->objid, certinfo->objidlen, p);
+
+ send_status_info (ctrl, "CERTINFO",
+ certtype, strlen (certtype),
+ buf, strlen (buf),
+ NULL, (size_t)0);
+ xfree (buf);
+ }
+ return 0;
+}
+
+
+/* Get the keygrip of the private key object PRKDF. On success the
+ keygrip gets returned in the caller provided 41 byte buffer
+ R_GRIPSTR. */
+static gpg_error_t
+keygripstr_from_prkdf (app_t app, prkdf_object_t prkdf, char *r_gripstr)
+{
+ gpg_error_t err;
+ cdf_object_t cdf;
+ unsigned char *der;
+ size_t derlen;
+ ksba_cert_t cert;
+
+ /* FIXME: We should check whether a public key directory file and a
+ matching public key for PRKDF is available. This should make
+ extraction of the key much easier. My current test card doesn't
+ have one, so we can only use the fallback solution bu looking for
+ a matching certificate and extract the key from there. */
+
+ /* Look for a matching certificate. A certificate matches if the Id
+ matches the obne of the private key info. */
+ for (cdf = app->app_local->certificate_info; cdf; cdf = cdf->next)
+ if (cdf->objidlen == prkdf->objidlen
+ && !memcmp (cdf->objid, prkdf->objid, prkdf->objidlen))
+ break;
+ if (!cdf)
+ for (cdf = app->app_local->trusted_certificate_info; cdf; cdf = cdf->next)
+ if (cdf->objidlen == prkdf->objidlen
+ && !memcmp (cdf->objid, prkdf->objid, prkdf->objidlen))
+ break;
+ if (!cdf)
+ for (cdf = app->app_local->useful_certificate_info; cdf; cdf = cdf->next)
+ if (cdf->objidlen == prkdf->objidlen
+ && !memcmp (cdf->objid, prkdf->objid, prkdf->objidlen))
+ break;
+ if (!cdf)
+ return gpg_error (GPG_ERR_NOT_FOUND);
+
+ err = readcert_by_cdf (app, cdf, &der, &derlen);
+ if (err)
+ return err;
+
+ err = ksba_cert_new (&cert);
+ if (!err)
+ err = ksba_cert_init_from_mem (cert, der, derlen);
+ xfree (der);
+ if (!err)
+ err = app_help_get_keygrip_string (cert, r_gripstr);
+ ksba_cert_release (cert);
+
+ return err;
+}
+
+
+
+
+/* Helper to do_learn_status: Send information about all known
+ keypairs back. FIXME: much code duplication from
+ send_sertinfo(). */
+static gpg_error_t
+send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t keyinfo)
+{
+ gpg_error_t err;
+
+ for (; keyinfo; keyinfo = keyinfo->next)
+ {
+ char gripstr[40+1];
+ char *buf, *p;
+ int j;
+
+ buf = xtrymalloc (9 + keyinfo->objidlen*2 + 1);
+ if (!buf)
+ return gpg_error_from_syserror ();
+ p = stpcpy (buf, "P15");
+ if (app->app_local->home_df)
+ {
+ sprintf (p, "-%04hX", (app->app_local->home_df & 0xffff));
+ p += 5;
+ }
+ p = stpcpy (p, ".");
+ bin2hex (keyinfo->objid, keyinfo->objidlen, p);
+
+ err = keygripstr_from_prkdf (app, keyinfo, gripstr);
+ if (err)
+ {
+ log_error ("can't get keygrip from ");
+ for (j=0; j < keyinfo->pathlen; j++)
+ log_printf ("%04hX", keyinfo->path[j]);
+ log_printf (": %s\n", gpg_strerror (err));
+ }
+ else
+ {
+ assert (strlen (gripstr) == 40);
+ send_status_info (ctrl, "KEYPAIRINFO",
+ gripstr, 40,
+ buf, strlen (buf),
+ NULL, (size_t)0);
+ }
+ xfree (buf);
+ }
+ return 0;
+}
+
+
+
+/* This is the handler for the LEARN command. */
+static gpg_error_t
+do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
+{
+ gpg_error_t err;
+
+ if ((flags & 1))
+ err = 0;
+ else
+ {
+ err = send_certinfo (app, ctrl, "100", app->app_local->certificate_info);
+ if (!err)
+ err = send_certinfo (app, ctrl, "101",
+ app->app_local->trusted_certificate_info);
+ if (!err)
+ err = send_certinfo (app, ctrl, "102",
+ app->app_local->useful_certificate_info);
+ }
+
+ if (!err)
+ err = send_keypairinfo (app, ctrl, app->app_local->private_key_info);
+
+ return err;
+}
+
+
+/* Read a certifciate using the information in CDF and return the
+ certificate in a newly llocated buffer R_CERT and its length
+ R_CERTLEN. */
+static gpg_error_t
+readcert_by_cdf (app_t app, cdf_object_t cdf,
+ unsigned char **r_cert, size_t *r_certlen)
+{
+ gpg_error_t err;
+ unsigned char *buffer = NULL;
+ const unsigned char *p, *save_p;
+ size_t buflen, n;
+ int class, tag, constructed, ndef;
+ size_t totobjlen, objlen, hdrlen;
+ int rootca;
+ int i;
+
+ *r_cert = NULL;
+ *r_certlen = 0;
+
+ /* First check whether it has been cached. */
+ if (cdf->image)
+ {
+ *r_cert = xtrymalloc (cdf->imagelen);
+ if (!*r_cert)
+ return gpg_error_from_syserror ();
+ memcpy (*r_cert, cdf->image, cdf->imagelen);
+ *r_certlen = cdf->imagelen;
+ return 0;
+ }
+
+ /* Read the entire file. fixme: This could be optimized by first
+ reading the header to figure out how long the certificate
+ actually is. */
+ err = select_ef_by_path (app, cdf->path, cdf->pathlen);
+ if (err)
+ goto leave;
+
+ err = iso7816_read_binary (app->slot, cdf->off, cdf->len, &buffer, &buflen);
+ if (!err && (!buflen || *buffer == 0xff))
+ err = gpg_error (GPG_ERR_NOT_FOUND);
+ if (err)
+ {
+ log_error ("error reading certificate with Id ");
+ for (i=0; i < cdf->objidlen; i++)
+ log_printf ("%02X", cdf->objid[i]);
+ log_printf (": %s\n", gpg_strerror (err));
+ goto leave;
+ }
+
+ /* Check whether this is really a certificate. */
+ p = buffer;
+ n = buflen;
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (err)
+ goto leave;
+
+ if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed)
+ rootca = 0;
+ else if ( class == CLASS_UNIVERSAL && tag == TAG_SET && constructed )
+ rootca = 1;
+ else
+ {
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ goto leave;
+ }
+ totobjlen = objlen + hdrlen;
+ assert (totobjlen <= buflen);
+
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (err)
+ goto leave;
+
+ if (!rootca
+ && class == CLASS_UNIVERSAL && tag == TAG_OBJECT_ID && !constructed)
+ {
+ /* The certificate seems to be contained in a userCertificate
+ container. Skip this and assume the following sequence is
+ the certificate. */
+ if (n < objlen)
+ {
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ goto leave;
+ }
+ p += objlen;
+ n -= objlen;
+ save_p = p;
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (err)
+ goto leave;
+ if ( !(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed) )
+ {
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ goto leave;
+ }
+ totobjlen = objlen + hdrlen;
+ assert (save_p + totobjlen <= buffer + buflen);
+ memmove (buffer, save_p, totobjlen);
+ }
+
+ *r_cert = buffer;
+ buffer = NULL;
+ *r_certlen = totobjlen;
+
+ /* Try to cache it. */
+ if (!cdf->image && (cdf->image = xtrymalloc (*r_certlen)))
+ {
+ memcpy (cdf->image, *r_cert, *r_certlen);
+ cdf->imagelen = *r_certlen;
+ }
+
+
+ leave:
+ xfree (buffer);
+ return err;
+}
+
+
+/* Handler for the READCERT command.
+
+ Read the certificate with id CERTID (as returned by learn_status in
+ the CERTINFO status lines) and return it in the freshly allocated
+ buffer to be stored at R_CERT and its length at R_CERTLEN. A error
+ code will be returned on failure and R_CERT and R_CERTLEN will be
+ set to NULL/0. */
+static gpg_error_t
+do_readcert (app_t app, const char *certid,
+ unsigned char **r_cert, size_t *r_certlen)
+{
+ gpg_error_t err;
+ cdf_object_t cdf;
+
+ *r_cert = NULL;
+ *r_certlen = 0;
+ err = cdf_object_from_certid (app, certid, &cdf);
+ if (!err)
+ err =readcert_by_cdf (app, cdf, r_cert, r_certlen);
+ return err;
+}
+
+
+
+/* Implement the GETATTR command. This is similar to the LEARN
+ command but returns just one value via the status interface. */
+static gpg_error_t
+do_getattr (app_t app, ctrl_t ctrl, const char *name)
+{
+ gpg_error_t err;
+
+ if (!strcmp (name, "$AUTHKEYID"))
+ {
+ char *buf, *p;
+ prkdf_object_t prkdf;
+
+ /* We return the ID of the first private keycapable of
+ signing. */
+ for (prkdf = app->app_local->private_key_info; prkdf;
+ prkdf = prkdf->next)
+ if (prkdf->usageflags.sign)
+ break;
+ if (prkdf)
+ {
+ buf = xtrymalloc (9 + prkdf->objidlen*2 + 1);
+ if (!buf)
+ return gpg_error_from_syserror ();
+ p = stpcpy (buf, "P15");
+ if (app->app_local->home_df)
+ {
+ sprintf (p, "-%04hX", (app->app_local->home_df & 0xffff));
+ p += 5;
+ }
+ p = stpcpy (p, ".");
+ bin2hex (prkdf->objid, prkdf->objidlen, p);
+
+ send_status_info (ctrl, name, buf, strlen (buf), NULL, 0);
+ xfree (buf);
+ return 0;
+ }
+ }
+ else if (!strcmp (name, "$DISPSERIALNO"))
+ {
+ /* For certain cards we return special IDs. There is no
+ general rule for it so we need to decide case by case. */
+ if (app->app_local->card_type == CARD_TYPE_BELPIC)
+ {
+ /* The eID card has a card number printed on the front matter
+ which seems to be a good indication. */
+ unsigned char *buffer;
+ const unsigned char *p;
+ size_t buflen, n;
+ unsigned short path[] = { 0x3F00, 0xDF01, 0x4031 };
+
+ err = select_ef_by_path (app, path, DIM(path) );
+ if (!err)
+ err = iso7816_read_binary (app->slot, 0, 0, &buffer, &buflen);
+ if (err)
+ {
+ log_error ("error accessing EF(ID): %s\n", gpg_strerror (err));
+ return err;
+ }
+
+ p = find_tlv (buffer, buflen, 1, &n);
+ if (p && n == 12)
+ {
+ char tmp[12+2+1];
+ memcpy (tmp, p, 3);
+ tmp[3] = '-';
+ memcpy (tmp+4, p+3, 7);
+ tmp[11] = '-';
+ memcpy (tmp+12, p+10, 2);
+ tmp[14] = 0;
+ send_status_info (ctrl, name, tmp, strlen (tmp), NULL, 0);
+ xfree (buffer);
+ return 0;
+ }
+ xfree (buffer);
+ }
+
+ }
+ return gpg_error (GPG_ERR_INV_NAME);
+}
+
+
+
+
+/* Micardo cards require special treatment. This is a helper for the
+ crypto functions to manage the security environment. We expect that
+ the key file has already been selected. FID is the one of the
+ selected key. */
+static gpg_error_t
+micardo_mse (app_t app, unsigned short fid)
+{
+ gpg_error_t err;
+ int recno;
+ unsigned short refdata = 0;
+ int se_num;
+ unsigned char msebuf[10];
+
+ /* Read the KeyD file containing extra information on keys. */
+ err = iso7816_select_file (app->slot, 0x0013, 0, NULL, NULL);
+ if (err)
+ {
+ log_error ("error reading EF_keyD: %s\n", gpg_strerror (err));
+ return err;
+ }
+
+ for (recno = 1, se_num = -1; ; recno++)
+ {
+ unsigned char *buffer;
+ size_t buflen;
+ size_t n, nn;
+ const unsigned char *p, *pp;
+
+ err = iso7816_read_record (app->slot, recno, 1, 0, &buffer, &buflen);
+ if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
+ break; /* ready */
+ if (err)
+ {
+ log_error ("error reading EF_keyD record: %s\n",
+ gpg_strerror (err));
+ return err;
+ }
+ log_printhex ("keyD record:", buffer, buflen);
+ p = find_tlv (buffer, buflen, 0x83, &n);
+ if (p && n == 4 && ((p[2]<<8)|p[3]) == fid)
+ {
+ refdata = ((p[0]<<8)|p[1]);
+ /* Locate the SE DO and the there included sec env number. */
+ p = find_tlv (buffer, buflen, 0x7b, &n);
+ if (p && n)
+ {
+ pp = find_tlv (p, n, 0x80, &nn);
+ if (pp && nn == 1)
+ {
+ se_num = *pp;
+ xfree (buffer);
+ break; /* found. */
+ }
+ }
+ }
+ xfree (buffer);
+ }
+ if (se_num == -1)
+ {
+ log_error ("CRT for keyfile %04hX not found\n", fid);
+ return gpg_error (GPG_ERR_NOT_FOUND);
+ }
+
+
+ /* Restore the security environment to SE_NUM if needed */
+ if (se_num)
+ {
+ err = iso7816_manage_security_env (app->slot, 0xf3, se_num, NULL, 0);
+ if (err)
+ {
+ log_error ("restoring SE to %d failed: %s\n",
+ se_num, gpg_strerror (err));
+ return err;
+ }
+ }
+
+ /* Set the DST reference data. */
+ msebuf[0] = 0x83;
+ msebuf[1] = 0x03;
+ msebuf[2] = 0x80;
+ msebuf[3] = (refdata >> 8);
+ msebuf[4] = refdata;
+ err = iso7816_manage_security_env (app->slot, 0x41, 0xb6, msebuf, 5);
+ if (err)
+ {
+ log_error ("setting SE to reference file %04hX failed: %s\n",
+ refdata, gpg_strerror (err));
+ return err;
+ }
+ return 0;
+}
+
+
+
+/* Handler for the PKSIGN command.
+
+ Create the signature and return the allocated result in OUTDATA.
+ If a PIN is required, the PINCB will be used to ask for the PIN;
+ that callback should return the PIN in an allocated buffer and
+ store that as the 3rd argument. */
+static gpg_error_t
+do_sign (app_t app, const char *keyidstr, int hashalgo,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen )
+{
+ static unsigned char sha1_prefix[15] = /* Object ID is 1.3.14.3.2.26 */
+ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
+ 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
+ static unsigned char rmd160_prefix[15] = /* Object ID is 1.3.36.3.2.1 */
+ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
+ 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };
+
+ gpg_error_t err;
+ int i;
+ unsigned char data[36]; /* Must be large enough for a SHA-1 digest
+ + the largest OID prefix above and also
+ fit the 36 bytes of md5sha1. */
+ prkdf_object_t prkdf; /* The private key object. */
+ aodf_object_t aodf; /* The associated authentication object. */
+ int no_data_padding = 0; /* True if the card want the data without padding.*/
+ int mse_done = 0; /* Set to true if the MSE has been done. */
+
+ if (!keyidstr || !*keyidstr)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (indatalen != 20 && indatalen != 16 && indatalen != 35 && indatalen != 36)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf);
+ if (err)
+ return err;
+ if (!(prkdf->usageflags.sign || prkdf->usageflags.sign_recover
+ ||prkdf->usageflags.non_repudiation))
+ {
+ log_error ("key %s may not be used for signing\n", keyidstr);
+ return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
+ }
+
+ if (!prkdf->authid)
+ {
+ log_error ("no authentication object defined for %s\n", keyidstr);
+ /* fixme: we might want to go ahead and do without PIN
+ verification. */
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+ }
+
+ /* Find the authentication object to this private key object. */
+ for (aodf = app->app_local->auth_object_info; aodf; aodf = aodf->next)
+ if (aodf->objidlen == prkdf->authidlen
+ && !memcmp (aodf->objid, prkdf->authid, prkdf->authidlen))
+ break;
+ if (!aodf)
+ {
+ log_error ("authentication object for %s missing\n", keyidstr);
+ return gpg_error (GPG_ERR_INV_CARD);
+ }
+ if (aodf->authid)
+ {
+ log_error ("PIN verification is protected by an "
+ "additional authentication token\n");
+ return gpg_error (GPG_ERR_BAD_PIN_METHOD);
+ }
+ if (aodf->pinflags.integrity_protected
+ || aodf->pinflags.confidentiality_protected)
+ {
+ log_error ("PIN verification requires unsupported protection method\n");
+ return gpg_error (GPG_ERR_BAD_PIN_METHOD);
+ }
+ if (!aodf->stored_length && aodf->pinflags.needs_padding)
+ {
+ log_error ("PIN verification requires padding but no length known\n");
+ return gpg_error (GPG_ERR_INV_CARD);
+ }
+
+ /* Select the key file. Note that this may change the security
+ environment thus we do it before PIN verification. */
+ err = select_ef_by_path (app, prkdf->path, prkdf->pathlen);
+ if (err)
+ {
+ log_error ("error selecting file for key %s: %s\n",
+ keyidstr, gpg_strerror (errno));
+ return err;
+ }
+
+
+ /* Due to the fact that the non-repudiation signature on a BELPIC
+ card requires a verify immediately before the DSO we set the
+ MSE before we do the verification. Other cards might allow to do
+ this also but I don't want to break anything, thus we do it only
+ for the BELPIC card here. */
+ if (app->app_local->card_type == CARD_TYPE_BELPIC)
+ {
+ unsigned char mse[5];
+
+ mse[0] = 4; /* Length of the template. */
+ mse[1] = 0x80; /* Algorithm reference tag. */
+ if (hashalgo == MD_USER_TLS_MD5SHA1)
+ mse[2] = 0x01; /* Let card do pkcs#1 0xFF padding. */
+ else
+ mse[2] = 0x02; /* RSASSA-PKCS1-v1.5 using SHA1. */
+ mse[3] = 0x84; /* Private key reference tag. */
+ mse[4] = prkdf->key_reference_valid? prkdf->key_reference : 0x82;
+
+ err = iso7816_manage_security_env (app->slot,
+ 0x41, 0xB6,
+ mse, sizeof mse);
+ no_data_padding = 1;
+ mse_done = 1;
+ }
+ if (err)
+ {
+ log_error ("MSE failed: %s\n", gpg_strerror (err));
+ return err;
+ }
+
+
+ /* Now that we have all the information available, prepare and run
+ the PIN verification.*/
+ if (1)
+ {
+ char *pinvalue;
+ size_t pinvaluelen;
+ const char *errstr;
+ const char *s;
+
+ if (prkdf->usageflags.non_repudiation
+ && app->app_local->card_type == CARD_TYPE_BELPIC)
+ err = pincb (pincb_arg, "PIN (qualified signature!)", &pinvalue);
+ else
+ err = pincb (pincb_arg, "PIN", &pinvalue);
+ if (err)
+ {
+ log_info ("PIN callback returned error: %s\n", gpg_strerror (err));
+ return err;
+ }
+
+ /* We might need to cope with UTF8 things here. Not sure how
+ min_length etc. are exactly defined, for now we take them as
+ a plain octet count. */
+
+ if (strlen (pinvalue) < aodf->min_length)
+ {
+ log_error ("PIN is too short; minimum length is %lu\n",
+ aodf->min_length);
+ err = gpg_error (GPG_ERR_BAD_PIN);
+ }
+ else if (aodf->stored_length && strlen (pinvalue) > aodf->stored_length)
+ {
+ /* This would otherwise truncate the PIN silently. */
+ log_error ("PIN is too large; maximum length is %lu\n",
+ aodf->stored_length);
+ err = gpg_error (GPG_ERR_BAD_PIN);
+ }
+ else if (aodf->max_length_valid && strlen (pinvalue) > aodf->max_length)
+ {
+ log_error ("PIN is too large; maximum length is %lu\n",
+ aodf->max_length);
+ err = gpg_error (GPG_ERR_BAD_PIN);
+ }
+
+ if (err)
+ {
+ xfree (pinvalue);
+ return err;
+ }
+
+ errstr = NULL;
+ err = 0;
+ switch (aodf->pintype)
+ {
+ case PIN_TYPE_BCD:
+ case PIN_TYPE_ASCII_NUMERIC:
+ for (s=pinvalue; digitp (s); s++)
+ ;
+ if (*s)
+ {
+ errstr = "Non-numeric digits found in PIN";
+ err = gpg_error (GPG_ERR_BAD_PIN);
+ }
+ break;
+ case PIN_TYPE_UTF8:
+ break;
+ case PIN_TYPE_HALF_NIBBLE_BCD:
+ errstr = "PIN type Half-Nibble-BCD is not supported";
+ break;
+ case PIN_TYPE_ISO9564_1:
+ errstr = "PIN type ISO9564-1 is not supported";
+ break;
+ default:
+ errstr = "Unknown PIN type";
+ break;
+ }
+ if (errstr)
+ {
+ log_error ("can't verify PIN: %s\n", errstr);
+ xfree (pinvalue);
+ return err? err : gpg_error (GPG_ERR_BAD_PIN_METHOD);
+ }
+
+
+ if (aodf->pintype == PIN_TYPE_BCD )
+ {
+ char *paddedpin;
+ int ndigits;
+
+ for (ndigits=0, s=pinvalue; *s; ndigits++, s++)
+ ;
+ paddedpin = xtrymalloc (aodf->stored_length+1);
+ if (!paddedpin)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (pinvalue);
+ return err;
+ }
+
+ i = 0;
+ paddedpin[i++] = 0x20 | (ndigits & 0x0f);
+ for (s=pinvalue; i < aodf->stored_length && *s && s[1]; s = s+2 )
+ paddedpin[i++] = (((*s - '0') << 4) | ((s[1] - '0') & 0x0f));
+ if (i < aodf->stored_length && *s)
+ paddedpin[i++] = (((*s - '0') << 4)
+ |((aodf->pad_char_valid?aodf->pad_char:0)&0x0f));
+
+ if (aodf->pinflags.needs_padding)
+ while (i < aodf->stored_length)
+ paddedpin[i++] = aodf->pad_char_valid? aodf->pad_char : 0;
+
+ xfree (pinvalue);
+ pinvalue = paddedpin;
+ pinvaluelen = i;
+ }
+ else if (aodf->pinflags.needs_padding)
+ {
+ char *paddedpin;
+
+ paddedpin = xtrymalloc (aodf->stored_length+1);
+ if (!paddedpin)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (pinvalue);
+ return err;
+ }
+ for (i=0, s=pinvalue; i < aodf->stored_length && *s; i++, s++)
+ paddedpin[i] = *s;
+ /* Not sure what padding char to use if none has been set.
+ For now we use 0x00; maybe a space would be better. */
+ for (; i < aodf->stored_length; i++)
+ paddedpin[i] = aodf->pad_char_valid? aodf->pad_char : 0;
+ paddedpin[i] = 0;
+ pinvaluelen = i;
+ xfree (pinvalue);
+ pinvalue = paddedpin;
+ }
+ else
+ pinvaluelen = strlen (pinvalue);
+
+ err = iso7816_verify (app->slot,
+ aodf->pin_reference_valid? aodf->pin_reference : 0,
+ pinvalue, pinvaluelen);
+ xfree (pinvalue);
+ if (err)
+ {
+ log_error ("PIN verification failed: %s\n", gpg_strerror (err));
+ return err;
+ }
+ log_debug ("PIN verification succeeded\n");
+ }
+
+ /* Prepare the DER object from INDATA. */
+ if (indatalen == 36)
+ {
+ /* No ASN.1 container used. */
+ if (hashalgo != MD_USER_TLS_MD5SHA1)
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+ memcpy (data, indata, indatalen);
+ }
+ else if (indatalen == 35)
+ {
+ /* Alright, the caller was so kind to send us an already
+ prepared DER object. Check that it is what we want and that
+ it matches the hash algorithm. */
+ if (hashalgo == GCRY_MD_SHA1 && !memcmp (indata, sha1_prefix, 15))
+ ;
+ else if (hashalgo == GCRY_MD_RMD160
+ && !memcmp (indata, rmd160_prefix, 15))
+ ;
+ else
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+ memcpy (data, indata, indatalen);
+ }
+ else
+ {
+ /* Need to prepend the prefix. */
+ if (hashalgo == GCRY_MD_SHA1)
+ memcpy (data, sha1_prefix, 15);
+ else if (hashalgo == GCRY_MD_RMD160)
+ memcpy (data, rmd160_prefix, 15);
+ else
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+ memcpy (data+15, indata, indatalen);
+ }
+
+ /* Manage security environment needs to be weaked for certain cards. */
+ if (mse_done)
+ err = 0;
+ else if (app->app_local->card_type == CARD_TYPE_TCOS)
+ {
+ /* TCOS creates signatures always using the local key 0. MSE
+ may not be used. */
+ }
+ else if (app->app_local->card_type == CARD_TYPE_MICARDO)
+ {
+ if (!prkdf->pathlen)
+ err = gpg_error (GPG_ERR_BUG);
+ else
+ err = micardo_mse (app, prkdf->path[prkdf->pathlen-1]);
+ }
+ else if (prkdf->key_reference_valid)
+ {
+ unsigned char mse[3];
+
+ mse[0] = 0x84; /* Select asym. key. */
+ mse[1] = 1;
+ mse[2] = prkdf->key_reference;
+
+ err = iso7816_manage_security_env (app->slot,
+ 0x41, 0xB6,
+ mse, sizeof mse);
+ }
+ if (err)
+ {
+ log_error ("MSE failed: %s\n", gpg_strerror (err));
+ return err;
+ }
+
+ if (hashalgo == MD_USER_TLS_MD5SHA1)
+ err = iso7816_compute_ds (app->slot, 0, data, 36, 0, outdata, outdatalen);
+ else if (no_data_padding)
+ err = iso7816_compute_ds (app->slot, 0, data+15, 20, 0,outdata,outdatalen);
+ else
+ err = iso7816_compute_ds (app->slot, 0, data, 35, 0, outdata, outdatalen);
+ return err;
+}
+
+
+/* Handler for the PKAUTH command.
+
+ This is basically the same as the PKSIGN command but we first check
+ that the requested key is suitable for authentication; that is, it
+ must match the criteria used for the attribute $AUTHKEYID. See
+ do_sign for calling conventions; there is no HASHALGO, though. */
+static gpg_error_t
+do_auth (app_t app, const char *keyidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen )
+{
+ gpg_error_t err;
+ prkdf_object_t prkdf;
+ int algo;
+
+ if (!keyidstr || !*keyidstr)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf);
+ if (err)
+ return err;
+ if (!prkdf->usageflags.sign)
+ {
+ log_error ("key %s may not be used for authentication\n", keyidstr);
+ return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
+ }
+
+ algo = indatalen == 36? MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1;
+ return do_sign (app, keyidstr, algo, pincb, pincb_arg,
+ indata, indatalen, outdata, outdatalen);
+}
+
+
+
+/* Assume that EF(DIR) has been selected. Read its content and figure
+ out the home EF of pkcs#15. Return that home DF or 0 if not found
+ and the value at the address of BELPIC indicates whether it was
+ found by the belpic aid. */
+static unsigned short
+read_home_df (int slot, int *r_belpic)
+{
+ gpg_error_t err;
+ unsigned char *buffer;
+ const unsigned char *p, *pp;
+ size_t buflen, n, nn;
+ unsigned short result = 0;
+
+ *r_belpic = 0;
+
+ err = iso7816_read_binary (slot, 0, 0, &buffer, &buflen);
+ if (err)
+ {
+ log_error ("error reading EF{DIR}: %s\n", gpg_strerror (err));
+ return 0;
+ }
+
+ /* FIXME: We need to scan all records. */
+ p = find_tlv (buffer, buflen, 0x61, &n);
+ if (p && n)
+ {
+ pp = find_tlv (p, n, 0x4f, &nn);
+ if (pp && ((nn == sizeof pkcs15_aid && !memcmp (pp, pkcs15_aid, nn))
+ || (*r_belpic = (nn == sizeof pkcs15be_aid
+ && !memcmp (pp, pkcs15be_aid, nn)))))
+ {
+ pp = find_tlv (p, n, 0x50, &nn);
+ if (pp) /* fixme: Filter log value? */
+ log_info ("pkcs#15 application label from EF(DIR) is `%.*s'\n",
+ (int)nn, pp);
+ pp = find_tlv (p, n, 0x51, &nn);
+ if (pp && nn == 4 && *pp == 0x3f && !pp[1])
+ {
+ result = ((pp[2] << 8) | pp[3]);
+ log_info ("pkcs#15 application directory is 0x%04hX\n", result);
+ }
+ }
+ }
+ xfree (buffer);
+ return result;
+}
+
+
+/*
+ Select the PKCS#15 application on the card in SLOT.
+ */
+gpg_error_t
+app_select_p15 (app_t app)
+{
+ int slot = app->slot;
+ int rc;
+ unsigned short def_home_df = 0;
+ card_type_t card_type = CARD_TYPE_UNKNOWN;
+ int direct = 0;
+ int is_belpic = 0;
+
+ rc = iso7816_select_application (slot, pkcs15_aid, sizeof pkcs15_aid, 0);
+ if (rc)
+ { /* Not found: Try to locate it from 2F00. We use direct path
+ selection here because it seems that the Belgian eID card
+ does only allow for that. Many other cards supports this
+ selection method too. Note, that we don't use
+ select_application above for the Belgian card - the call
+ works but it seems that it did not switch to the correct DF.
+ Using the 2f02 just works. */
+ unsigned short path[1] = { 0x2f00 };
+
+ rc = iso7816_select_path (app->slot, path, 1, NULL, NULL);
+ if (!rc)
+ {
+ direct = 1;
+ def_home_df = read_home_df (slot, &is_belpic);
+ if (def_home_df)
+ {
+ path[0] = def_home_df;
+ rc = iso7816_select_path (app->slot, path, 1, NULL, NULL);
+ }
+ }
+ }
+ if (rc)
+ { /* Still not found: Try the default DF. */
+ def_home_df = 0x5015;
+ rc = iso7816_select_file (slot, def_home_df, 1, NULL, NULL);
+ }
+ if (!rc)
+ {
+ /* Determine the type of the card. The general case is to look
+ it up from the ATR table. For the Belgian eID card we know
+ it instantly from the AID. */
+ if (is_belpic)
+ {
+ card_type = CARD_TYPE_BELPIC;
+ }
+ else
+ {
+ unsigned char *atr;
+ size_t atrlen;
+ int i;
+
+ atr = apdu_get_atr (app->slot, &atrlen);
+ if (!atr)
+ rc = gpg_error (GPG_ERR_INV_CARD);
+ else
+ {
+ for (i=0; card_atr_list[i].atrlen; i++)
+ if (card_atr_list[i].atrlen == atrlen
+ && !memcmp (card_atr_list[i].atr, atr, atrlen))
+ {
+ card_type = card_atr_list[i].type;
+ break;
+ }
+ xfree (atr);
+ }
+ }
+ }
+ if (!rc)
+ {
+ app->apptype = "P15";
+
+ app->app_local = xtrycalloc (1, sizeof *app->app_local);
+ if (!app->app_local)
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
+
+ /* Set the home DF. Note that we currently can't do that if the
+ selection via application ID worked. This will store 0 there
+ instead. FIXME: We either need to figure the home_df via the
+ DIR file or using the return values from the select file
+ APDU. */
+ app->app_local->home_df = def_home_df;
+
+ /* Store the card type. FIXME: We might want to put this into
+ the common APP structure. */
+ app->app_local->card_type = card_type;
+
+ /* Store whether we may and should use direct path selection. */
+ app->app_local->direct_path_selection = direct;
+
+ /* Read basic information and thus check whether this is a real
+ card. */
+ rc = read_p15_info (app);
+ if (rc)
+ goto leave;
+
+ /* Special serial number munging. We need to check for a German
+ prototype card right here because we need to access to
+ EF(TokenInfo). We mark such a serial number by the using a
+ prefix of FF0100. */
+ if (app->serialnolen == 12
+ && !memcmp (app->serialno, "\xD2\x76\0\0\0\0\0\0\0\0\0\0", 12))
+ {
+ /* This is a German card with a silly serial number. Try to get
+ the serial number from the EF(TokenInfo). . */
+ unsigned char *p;
+
+ /* FIXME: actually get it from EF(TokenInfo). */
+
+ p = xtrymalloc (3 + app->serialnolen);
+ if (!p)
+ rc = gpg_error (gpg_err_code_from_errno (errno));
+ else
+ {
+ memcpy (p, "\xff\x01", 3);
+ memcpy (p+3, app->serialno, app->serialnolen);
+ app->serialnolen += 3;
+ xfree (app->serialno);
+ app->serialno = p;
+ }
+ }
+
+ app->fnc.deinit = do_deinit;
+ app->fnc.learn_status = do_learn_status;
+ app->fnc.readcert = do_readcert;
+ app->fnc.getattr = do_getattr;
+ app->fnc.setattr = NULL;
+ app->fnc.genkey = NULL;
+ app->fnc.sign = do_sign;
+ app->fnc.auth = do_auth;
+ app->fnc.decipher = NULL;
+ app->fnc.change_pin = NULL;
+ app->fnc.check_pin = NULL;
+
+ leave:
+ if (rc)
+ do_deinit (app);
+ }
+
+ return rc;
+}
diff --git a/scd/app.c b/scd/app.c
new file mode 100644
index 0000000..a23c4a5
--- /dev/null
+++ b/scd/app.c
@@ -0,0 +1,981 @@
+/* app.c - Application selection.
+ * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <pth.h>
+
+#include "scdaemon.h"
+#include "app-common.h"
+#include "apdu.h"
+#include "iso7816.h"
+#include "tlv.h"
+
+/* This table is used to keep track of locks on a per reader base.
+ The index into the table is the slot number of the reader. The
+ mutex will be initialized on demand (one of the advantages of a
+ userland threading system). */
+static struct
+{
+ int initialized;
+ pth_mutex_t lock;
+ app_t app; /* Application context in use or NULL. */
+ app_t last_app; /* Last application object used as this slot or NULL. */
+} lock_table[10];
+
+
+
+static void deallocate_app (app_t app);
+
+
+
+static void
+print_progress_line (void *opaque, const char *what, int pc, int cur, int tot)
+{
+ ctrl_t ctrl = opaque;
+ char line[100];
+
+ if (ctrl)
+ {
+ snprintf (line, sizeof line, "%s %c %d %d", what, pc, cur, tot);
+ send_status_direct (ctrl, "PROGRESS", line);
+ }
+}
+
+
+/* Lock the reader SLOT. This function shall be used right before
+ calling any of the actual application functions to serialize access
+ to the reader. We do this always even if the reader is not
+ actually used. This allows an actual connection to assume that it
+ never shares a reader (while performing one command). Returns 0 on
+ success; only then the unlock_reader function must be called after
+ returning from the handler. */
+static gpg_error_t
+lock_reader (int slot, ctrl_t ctrl)
+{
+ gpg_error_t err;
+
+ if (slot < 0 || slot >= DIM (lock_table))
+ return gpg_error (slot<0? GPG_ERR_INV_VALUE : GPG_ERR_RESOURCE_LIMIT);
+
+ if (!lock_table[slot].initialized)
+ {
+ if (!pth_mutex_init (&lock_table[slot].lock))
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error initializing mutex: %s\n", strerror (errno));
+ return err;
+ }
+ lock_table[slot].initialized = 1;
+ lock_table[slot].app = NULL;
+ lock_table[slot].last_app = NULL;
+ }
+
+ if (!pth_mutex_acquire (&lock_table[slot].lock, 0, NULL))
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("failed to acquire APP lock for slot %d: %s\n",
+ slot, strerror (errno));
+ return err;
+ }
+
+ apdu_set_progress_cb (slot, print_progress_line, ctrl);
+
+ return 0;
+}
+
+/* Release a lock on the reader. See lock_reader(). */
+static void
+unlock_reader (int slot)
+{
+ if (slot < 0 || slot >= DIM (lock_table)
+ || !lock_table[slot].initialized)
+ log_bug ("unlock_reader called for invalid slot %d\n", slot);
+
+ apdu_set_progress_cb (slot, NULL, NULL);
+
+ if (!pth_mutex_release (&lock_table[slot].lock))
+ log_error ("failed to release APP lock for slot %d: %s\n",
+ slot, strerror (errno));
+}
+
+
+static void
+dump_mutex_state (pth_mutex_t *m)
+{
+#ifdef _W32_PTH_H
+ (void)m;
+ log_printf ("unknown under W32");
+#else
+ if (!(m->mx_state & PTH_MUTEX_INITIALIZED))
+ log_printf ("not_initialized");
+ else if (!(m->mx_state & PTH_MUTEX_LOCKED))
+ log_printf ("not_locked");
+ else
+ log_printf ("locked tid=0x%lx count=%lu", (long)m->mx_owner, m->mx_count);
+#endif
+}
+
+
+/* This function may be called to print information pertaining to the
+ current state of this module to the log. */
+void
+app_dump_state (void)
+{
+ int slot;
+
+ for (slot=0; slot < DIM (lock_table); slot++)
+ if (lock_table[slot].initialized)
+ {
+ log_info ("app_dump_state: slot=%d lock=", slot);
+ dump_mutex_state (&lock_table[slot].lock);
+ if (lock_table[slot].app)
+ {
+ log_printf (" app=%p", lock_table[slot].app);
+ if (lock_table[slot].app->apptype)
+ log_printf (" type=`%s'", lock_table[slot].app->apptype);
+ }
+ if (lock_table[slot].last_app)
+ {
+ log_printf (" lastapp=%p", lock_table[slot].last_app);
+ if (lock_table[slot].last_app->apptype)
+ log_printf (" type=`%s'", lock_table[slot].last_app->apptype);
+ }
+ log_printf ("\n");
+ }
+}
+
+/* Check wether the application NAME is allowed. This does not mean
+ we have support for it though. */
+static int
+is_app_allowed (const char *name)
+{
+ strlist_t l;
+
+ for (l=opt.disabled_applications; l; l = l->next)
+ if (!strcmp (l->d, name))
+ return 0; /* no */
+ return 1; /* yes */
+}
+
+
+/* This may be called to tell this module about a removed or resetted card. */
+void
+application_notify_card_reset (int slot)
+{
+ app_t app;
+
+ if (slot < 0 || slot >= DIM (lock_table))
+ return;
+
+ /* FIXME: We are ignoring any error value here. */
+ lock_reader (slot, NULL);
+
+ /* Mark application as non-reusable. */
+ if (lock_table[slot].app)
+ lock_table[slot].app->no_reuse = 1;
+
+ /* Deallocate a saved application for that slot, so that we won't
+ try to reuse it. If there is no saved application, set a flag so
+ that we won't save the current state. */
+ app = lock_table[slot].last_app;
+
+ if (app)
+ {
+ lock_table[slot].last_app = NULL;
+ deallocate_app (app);
+ }
+ unlock_reader (slot);
+}
+
+
+/* This function is used by the serialno command to check for an
+ application conflict which may appear if the serialno command is
+ used to request a specific application and the connection has
+ already done a select_application. */
+gpg_error_t
+check_application_conflict (ctrl_t ctrl, const char *name)
+{
+ int slot = ctrl->reader_slot;
+ app_t app;
+
+ if (slot < 0 || slot >= DIM (lock_table))
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ app = lock_table[slot].initialized ? lock_table[slot].app : NULL;
+ if (app && app->apptype && name)
+ if ( ascii_strcasecmp (app->apptype, name))
+ return gpg_error (GPG_ERR_CONFLICT);
+ return 0;
+}
+
+
+/* If called with NAME as NULL, select the best fitting application
+ and return a context; otherwise select the application with NAME
+ and return a context. SLOT identifies the reader device. Returns
+ an error code and stores NULL at R_APP if no application was found
+ or no card is present. */
+gpg_error_t
+select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
+{
+ gpg_error_t err;
+ app_t app = NULL;
+ unsigned char *result = NULL;
+ size_t resultlen;
+
+ (void)ctrl;
+
+ *r_app = NULL;
+
+ err = lock_reader (slot, ctrl);
+ if (err)
+ return err;
+
+ /* First check whether we already have an application to share. */
+ app = lock_table[slot].initialized ? lock_table[slot].app : NULL;
+ if (app && name)
+ if (!app->apptype || ascii_strcasecmp (app->apptype, name))
+ {
+ unlock_reader (slot);
+ if (app->apptype)
+ log_info ("application `%s' in use by reader %d - can't switch\n",
+ app->apptype, slot);
+ return gpg_error (GPG_ERR_CONFLICT);
+ }
+
+ /* Don't use a non-reusable marked application. */
+ if (app && app->no_reuse)
+ {
+ unlock_reader (slot);
+ log_info ("lingering application `%s' in use by reader %d"
+ " - can't switch\n",
+ app->apptype? app->apptype:"?", slot);
+ return gpg_error (GPG_ERR_CONFLICT);
+ }
+
+ /* If we don't have an app, check whether we have a saved
+ application for that slot. This is useful so that a card does
+ not get reset even if only one session is using the card - this
+ way the PIN cache and other cached data are preserved. */
+ if (!app && lock_table[slot].initialized && lock_table[slot].last_app)
+ {
+ app = lock_table[slot].last_app;
+ if (!name || (app->apptype && !ascii_strcasecmp (app->apptype, name)) )
+ {
+ /* Yes, we can reuse this application - either the caller
+ requested an unspecific one or the requested one matches
+ the saved one. */
+ lock_table[slot].app = app;
+ lock_table[slot].last_app = NULL;
+ }
+ else
+ {
+ /* No, this saved application can't be used - deallocate it. */
+ lock_table[slot].last_app = NULL;
+ deallocate_app (app);
+ app = NULL;
+ }
+ }
+
+ /* If we can reuse an application, bump the reference count and
+ return it. */
+ if (app)
+ {
+ if (app->slot != slot)
+ log_bug ("slot mismatch %d/%d\n", app->slot, slot);
+ app->slot = slot;
+
+ app->ref_count++;
+ *r_app = app;
+ unlock_reader (slot);
+ return 0; /* Okay: We share that one. */
+ }
+
+ /* Need to allocate a new one. */
+ app = xtrycalloc (1, sizeof *app);
+ if (!app)
+ {
+ err = gpg_error_from_syserror ();
+ log_info ("error allocating context: %s\n", gpg_strerror (err));
+ unlock_reader (slot);
+ return err;
+ }
+ app->slot = slot;
+
+
+ /* Fixme: We should now first check whether a card is at all
+ present. */
+
+ /* Try to read the GDO file first to get a default serial number. */
+ err = iso7816_select_file (slot, 0x3F00, 1, NULL, NULL);
+ if (!err)
+ err = iso7816_select_file (slot, 0x2F02, 0, NULL, NULL);
+ if (!err)
+ err = iso7816_read_binary (slot, 0, 0, &result, &resultlen);
+ if (!err)
+ {
+ size_t n;
+ const unsigned char *p;
+
+ p = find_tlv_unchecked (result, resultlen, 0x5A, &n);
+ if (p)
+ resultlen -= (p-result);
+ if (p && n > resultlen && n == 0x0d && resultlen+1 == n)
+ {
+ /* The object it does not fit into the buffer. This is an
+ invalid encoding (or the buffer is too short. However, I
+ have some test cards with such an invalid encoding and
+ therefore I use this ugly workaround to return something
+ I can further experiment with. */
+ log_info ("enabling BMI testcard workaround\n");
+ n--;
+ }
+
+ if (p && n <= resultlen)
+ {
+ /* The GDO file is pretty short, thus we simply reuse it for
+ storing the serial number. */
+ memmove (result, p, n);
+ app->serialno = result;
+ app->serialnolen = n;
+ err = app_munge_serialno (app);
+ if (err)
+ goto leave;
+ }
+ else
+ xfree (result);
+ result = NULL;
+ }
+
+ /* For certain error codes, there is no need to try more. */
+ if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT
+ || gpg_err_code (err) == GPG_ERR_ENODEV)
+ goto leave;
+
+ /* Figure out the application to use. */
+ err = gpg_error (GPG_ERR_NOT_FOUND);
+
+ if (err && is_app_allowed ("openpgp")
+ && (!name || !strcmp (name, "openpgp")))
+ err = app_select_openpgp (app);
+ if (err && is_app_allowed ("nks") && (!name || !strcmp (name, "nks")))
+ err = app_select_nks (app);
+ if (err && is_app_allowed ("p15") && (!name || !strcmp (name, "p15")))
+ err = app_select_p15 (app);
+ if (err && is_app_allowed ("dinsig") && (!name || !strcmp (name, "dinsig")))
+ err = app_select_dinsig (app);
+ if (err && is_app_allowed ("geldkarte")
+ && (!name || !strcmp (name, "geldkarte")))
+ err = app_select_geldkarte (app);
+ if (err && name)
+ err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ leave:
+ if (err)
+ {
+ if (name)
+ log_info ("can't select application `%s': %s\n",
+ name, gpg_strerror (err));
+ else
+ log_info ("no supported card application found: %s\n",
+ gpg_strerror (err));
+ xfree (app);
+ unlock_reader (slot);
+ return err;
+ }
+
+ app->ref_count = 1;
+
+ lock_table[slot].app = app;
+ *r_app = app;
+ unlock_reader (slot);
+ return 0;
+}
+
+
+char *
+get_supported_applications (void)
+{
+ const char *list[] = {
+ "openpgp",
+ "nks",
+ "p15",
+ "dinsig",
+ "geldkarte",
+ NULL
+ };
+ int idx;
+ size_t nbytes;
+ char *buffer, *p;
+
+ for (nbytes=1, idx=0; list[idx]; idx++)
+ nbytes += strlen (list[idx]) + 1 + 1;
+
+ buffer = xtrymalloc (nbytes);
+ if (!buffer)
+ return NULL;
+
+ for (p=buffer, idx=0; list[idx]; idx++)
+ if (is_app_allowed (list[idx]))
+ p = stpcpy (stpcpy (p, list[idx]), ":\n");
+ *p = 0;
+
+ return buffer;
+}
+
+
+/* Deallocate the application. */
+static void
+deallocate_app (app_t app)
+{
+ if (app->fnc.deinit)
+ {
+ app->fnc.deinit (app);
+ app->fnc.deinit = NULL;
+ }
+
+ xfree (app->serialno);
+ xfree (app);
+}
+
+/* Free the resources associated with the application APP. APP is
+ allowed to be NULL in which case this is a no-op. Note that we are
+ using reference counting to track the users of the application and
+ actually deferring the deallocation to allow for a later reuse by
+ a new connection. */
+void
+release_application (app_t app)
+{
+ int slot;
+
+ if (!app)
+ return;
+
+ if (!app->ref_count)
+ log_bug ("trying to release an already released context\n");
+ if (--app->ref_count)
+ return;
+
+ /* Move the reference to the application in the lock table. */
+ slot = app->slot;
+ /* FIXME: We are ignoring any error value. */
+ lock_reader (slot, NULL);
+ if (lock_table[slot].app != app)
+ {
+ unlock_reader (slot);
+ log_bug ("app mismatch %p/%p\n", app, lock_table[slot].app);
+ deallocate_app (app);
+ return;
+ }
+
+ if (lock_table[slot].last_app)
+ deallocate_app (lock_table[slot].last_app);
+ if (app->no_reuse)
+ {
+ /* If we shall not re-use the application we can't save it for
+ later use. */
+ deallocate_app (app);
+ lock_table[slot].last_app = NULL;
+ }
+ else
+ lock_table[slot].last_app = lock_table[slot].app;
+ lock_table[slot].app = NULL;
+ unlock_reader (slot);
+}
+
+
+
+/* The serial number may need some cosmetics. Do it here. This
+ function shall only be called once after a new serial number has
+ been put into APP->serialno.
+
+ Prefixes we use:
+
+ FF 00 00 = For serial numbers starting with an FF
+ FF 01 00 = Some german p15 cards return an empty serial number so the
+ serial number from the EF(TokenInfo) is used instead.
+ FF 7F 00 = No serialno.
+
+ All other serial number not starting with FF are used as they are.
+*/
+gpg_error_t
+app_munge_serialno (app_t app)
+{
+ if (app->serialnolen && app->serialno[0] == 0xff)
+ {
+ /* The serial number starts with our special prefix. This
+ requires that we put our default prefix "FF0000" in front. */
+ unsigned char *p = xtrymalloc (app->serialnolen + 3);
+ if (!p)
+ return gpg_error_from_syserror ();
+ memcpy (p, "\xff\0", 3);
+ memcpy (p+3, app->serialno, app->serialnolen);
+ app->serialnolen += 3;
+ xfree (app->serialno);
+ app->serialno = p;
+ }
+ else if (!app->serialnolen)
+ {
+ unsigned char *p = xtrymalloc (3);
+ if (!p)
+ return gpg_error_from_syserror ();
+ memcpy (p, "\xff\x7f", 3);
+ app->serialnolen = 3;
+ xfree (app->serialno);
+ app->serialno = p;
+ }
+ return 0;
+}
+
+
+
+/* Retrieve the serial number and the time of the last update of the
+ card. The serial number is returned as a malloced string (hex
+ encoded) in SERIAL and the time of update is returned in STAMP. If
+ no update time is available the returned value is 0. Caller must
+ free SERIAL unless the function returns an error. If STAMP is not
+ of interest, NULL may be passed. */
+gpg_error_t
+app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp)
+{
+ char *buf;
+
+ if (!app || !serial)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ *serial = NULL;
+ if (stamp)
+ *stamp = 0; /* not available */
+
+ if (!app->serialnolen)
+ buf = xtrystrdup ("FF7F00");
+ else
+ buf = bin2hex (app->serialno, app->serialnolen, NULL);
+ if (!buf)
+ return gpg_error_from_syserror ();
+
+ *serial = buf;
+ return 0;
+}
+
+
+/* Write out the application specifig status lines for the LEARN
+ command. */
+gpg_error_t
+app_write_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
+{
+ gpg_error_t err;
+
+ if (!app)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!app->ref_count)
+ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+ if (!app->fnc.learn_status)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+
+ /* We do not send APPTYPE if only keypairinfo is requested. */
+ if (app->apptype && !(flags & 1))
+ send_status_info (ctrl, "APPTYPE",
+ app->apptype, strlen (app->apptype), NULL, 0);
+ err = lock_reader (app->slot, ctrl);
+ if (err)
+ return err;
+ err = app->fnc.learn_status (app, ctrl, flags);
+ unlock_reader (app->slot);
+ return err;
+}
+
+
+/* Read the certificate with id CERTID (as returned by learn_status in
+ the CERTINFO status lines) and return it in the freshly allocated
+ buffer put into CERT and the length of the certificate put into
+ CERTLEN. */
+gpg_error_t
+app_readcert (app_t app, const char *certid,
+ unsigned char **cert, size_t *certlen)
+{
+ gpg_error_t err;
+
+ if (!app)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!app->ref_count)
+ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+ if (!app->fnc.readcert)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+ err = lock_reader (app->slot, NULL/* FIXME*/);
+ if (err)
+ return err;
+ err = app->fnc.readcert (app, certid, cert, certlen);
+ unlock_reader (app->slot);
+ return err;
+}
+
+
+/* Read the key with ID KEYID. On success a canonical encoded
+ S-expression with the public key will get stored at PK and its
+ length (for assertions) at PKLEN; the caller must release that
+ buffer. On error NULL will be stored at PK and PKLEN and an error
+ code returned.
+
+ This function might not be supported by all applications. */
+gpg_error_t
+app_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
+{
+ gpg_error_t err;
+
+ if (pk)
+ *pk = NULL;
+ if (pklen)
+ *pklen = 0;
+
+ if (!app || !keyid || !pk || !pklen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!app->ref_count)
+ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+ if (!app->fnc.readkey)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+ err = lock_reader (app->slot, NULL /*FIXME*/);
+ if (err)
+ return err;
+ err= app->fnc.readkey (app, keyid, pk, pklen);
+ unlock_reader (app->slot);
+ return err;
+}
+
+
+/* Perform a GETATTR operation. */
+gpg_error_t
+app_getattr (app_t app, ctrl_t ctrl, const char *name)
+{
+ gpg_error_t err;
+
+ if (!app || !name || !*name)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!app->ref_count)
+ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+
+ if (app->apptype && name && !strcmp (name, "APPTYPE"))
+ {
+ send_status_info (ctrl, "APPTYPE",
+ app->apptype, strlen (app->apptype), NULL, 0);
+ return 0;
+ }
+ if (name && !strcmp (name, "SERIALNO"))
+ {
+ char *serial;
+ time_t stamp;
+ int rc;
+
+ rc = app_get_serial_and_stamp (app, &serial, &stamp);
+ if (rc)
+ return rc;
+ send_status_info (ctrl, "SERIALNO", serial, strlen (serial), NULL, 0);
+ xfree (serial);
+ return 0;
+ }
+
+ if (!app->fnc.getattr)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+ err = lock_reader (app->slot, ctrl);
+ if (err)
+ return err;
+ err = app->fnc.getattr (app, ctrl, name);
+ unlock_reader (app->slot);
+ return err;
+}
+
+/* Perform a SETATTR operation. */
+gpg_error_t
+app_setattr (app_t app, const char *name,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const unsigned char *value, size_t valuelen)
+{
+ gpg_error_t err;
+
+ if (!app || !name || !*name || !value)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!app->ref_count)
+ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+ if (!app->fnc.setattr)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+ err = lock_reader (app->slot, NULL /*FIXME*/);
+ if (err)
+ return err;
+ err = app->fnc.setattr (app, name, pincb, pincb_arg, value, valuelen);
+ unlock_reader (app->slot);
+ return err;
+}
+
+/* Create the signature and return the allocated result in OUTDATA.
+ If a PIN is required the PINCB will be used to ask for the PIN; it
+ should return the PIN in an allocated buffer and put it into PIN. */
+gpg_error_t
+app_sign (app_t app, const char *keyidstr, int hashalgo,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen )
+{
+ gpg_error_t err;
+
+ if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!app->ref_count)
+ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+ if (!app->fnc.sign)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+ err = lock_reader (app->slot, NULL /*FIXME*/);
+ if (err)
+ return err;
+ err = app->fnc.sign (app, keyidstr, hashalgo,
+ pincb, pincb_arg,
+ indata, indatalen,
+ outdata, outdatalen);
+ unlock_reader (app->slot);
+ if (opt.verbose)
+ log_info ("operation sign result: %s\n", gpg_strerror (err));
+ return err;
+}
+
+/* Create the signature using the INTERNAL AUTHENTICATE command and
+ return the allocated result in OUTDATA. If a PIN is required the
+ PINCB will be used to ask for the PIN; it should return the PIN in
+ an allocated buffer and put it into PIN. */
+gpg_error_t
+app_auth (app_t app, const char *keyidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen )
+{
+ gpg_error_t err;
+
+ if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!app->ref_count)
+ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+ if (!app->fnc.auth)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+ err = lock_reader (app->slot, NULL /*FIXME*/);
+ if (err)
+ return err;
+ err = app->fnc.auth (app, keyidstr,
+ pincb, pincb_arg,
+ indata, indatalen,
+ outdata, outdatalen);
+ unlock_reader (app->slot);
+ if (opt.verbose)
+ log_info ("operation auth result: %s\n", gpg_strerror (err));
+ return err;
+}
+
+
+/* Decrypt the data in INDATA and return the allocated result in OUTDATA.
+ If a PIN is required the PINCB will be used to ask for the PIN; it
+ should return the PIN in an allocated buffer and put it into PIN. */
+gpg_error_t
+app_decipher (app_t app, const char *keyidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const void *indata, size_t indatalen,
+ unsigned char **outdata, size_t *outdatalen )
+{
+ gpg_error_t err;
+
+ if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!app->ref_count)
+ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+ if (!app->fnc.decipher)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+ err = lock_reader (app->slot, NULL /*FIXME*/);
+ if (err)
+ return err;
+ err = app->fnc.decipher (app, keyidstr,
+ pincb, pincb_arg,
+ indata, indatalen,
+ outdata, outdatalen);
+ unlock_reader (app->slot);
+ if (opt.verbose)
+ log_info ("operation decipher result: %s\n", gpg_strerror (err));
+ return err;
+}
+
+
+/* Perform the WRITECERT operation. */
+gpg_error_t
+app_writecert (app_t app, ctrl_t ctrl,
+ const char *certidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const unsigned char *data, size_t datalen)
+{
+ gpg_error_t err;
+
+ if (!app || !certidstr || !*certidstr || !pincb)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!app->ref_count)
+ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+ if (!app->fnc.writecert)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+ err = lock_reader (app->slot, ctrl);
+ if (err)
+ return err;
+ err = app->fnc.writecert (app, ctrl, certidstr,
+ pincb, pincb_arg, data, datalen);
+ unlock_reader (app->slot);
+ if (opt.verbose)
+ log_info ("operation writecert result: %s\n", gpg_strerror (err));
+ return err;
+}
+
+
+/* Perform the WRITEKEY operation. */
+gpg_error_t
+app_writekey (app_t app, ctrl_t ctrl,
+ const char *keyidstr, unsigned int flags,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg,
+ const unsigned char *keydata, size_t keydatalen)
+{
+ gpg_error_t err;
+
+ if (!app || !keyidstr || !*keyidstr || !pincb)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!app->ref_count)
+ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+ if (!app->fnc.writekey)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+ err = lock_reader (app->slot, ctrl);
+ if (err)
+ return err;
+ err = app->fnc.writekey (app, ctrl, keyidstr, flags,
+ pincb, pincb_arg, keydata, keydatalen);
+ unlock_reader (app->slot);
+ if (opt.verbose)
+ log_info ("operation writekey result: %s\n", gpg_strerror (err));
+ return err;
+}
+
+
+/* Perform a SETATTR operation. */
+gpg_error_t
+app_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
+ time_t createtime,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg)
+{
+ gpg_error_t err;
+
+ if (!app || !keynostr || !*keynostr || !pincb)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!app->ref_count)
+ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+ if (!app->fnc.genkey)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+ err = lock_reader (app->slot, ctrl);
+ if (err)
+ return err;
+ err = app->fnc.genkey (app, ctrl, keynostr, flags,
+ createtime, pincb, pincb_arg);
+ unlock_reader (app->slot);
+ if (opt.verbose)
+ log_info ("operation genkey result: %s\n", gpg_strerror (err));
+ return err;
+}
+
+
+/* Perform a GET CHALLENGE operation. This fucntion is special as it
+ directly accesses the card without any application specific
+ wrapper. */
+gpg_error_t
+app_get_challenge (app_t app, size_t nbytes, unsigned char *buffer)
+{
+ gpg_error_t err;
+
+ if (!app || !nbytes || !buffer)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!app->ref_count)
+ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+ err = lock_reader (app->slot, NULL /*FIXME*/);
+ if (err)
+ return err;
+ err = iso7816_get_challenge (app->slot, nbytes, buffer);
+ unlock_reader (app->slot);
+ return err;
+}
+
+
+
+/* Perform a CHANGE REFERENCE DATA or RESET RETRY COUNTER operation. */
+gpg_error_t
+app_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, int reset_mode,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg)
+{
+ gpg_error_t err;
+
+ if (!app || !chvnostr || !*chvnostr || !pincb)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!app->ref_count)
+ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+ if (!app->fnc.change_pin)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+ err = lock_reader (app->slot, ctrl);
+ if (err)
+ return err;
+ err = app->fnc.change_pin (app, ctrl, chvnostr, reset_mode,
+ pincb, pincb_arg);
+ unlock_reader (app->slot);
+ if (opt.verbose)
+ log_info ("operation change_pin result: %s\n", gpg_strerror (err));
+ return err;
+}
+
+
+/* Perform a VERIFY operation without doing anything lese. This may
+ be used to initialze a the PIN cache for long lasting other
+ operations. Its use is highly application dependent. */
+gpg_error_t
+app_check_pin (app_t app, const char *keyidstr,
+ gpg_error_t (*pincb)(void*, const char *, char **),
+ void *pincb_arg)
+{
+ gpg_error_t err;
+
+ if (!app || !keyidstr || !*keyidstr || !pincb)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ if (!app->ref_count)
+ return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
+ if (!app->fnc.check_pin)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+ err = lock_reader (app->slot, NULL /*FIXME*/);
+ if (err)
+ return err;
+ err = app->fnc.check_pin (app, keyidstr, pincb, pincb_arg);
+ unlock_reader (app->slot);
+ if (opt.verbose)
+ log_info ("operation check_pin result: %s\n", gpg_strerror (err));
+ return err;
+}
+
diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
new file mode 100644
index 0000000..8c362d7
--- /dev/null
+++ b/scd/ccid-driver.c
@@ -0,0 +1,3490 @@
+/* ccid-driver.c - USB ChipCardInterfaceDevices driver
+ * Copyright (C) 2003, 2004, 2005, 2006, 2007
+ * 2008, 2009 Free Software Foundation, Inc.
+ * Written by Werner Koch.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * ALTERNATIVELY, this file may be distributed under the terms of the
+ * following license, in which case the provisions of this license are
+ * required INSTEAD OF the GNU General Public License. If you wish to
+ * allow use of your version of this file only under the terms of the
+ * GNU General Public License, and not to allow others to use your
+ * version of this file under the terms of the following license,
+ * indicate your decision by deleting this paragraph and the license
+ * below.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $Date$
+ */
+
+
+/* CCID (ChipCardInterfaceDevices) is a specification for accessing
+ smartcard via a reader connected to the USB.
+
+ This is a limited driver allowing to use some CCID drivers directly
+ without any other specila drivers. This is a fallback driver to be
+ used when nothing else works or the system should be kept minimal
+ for security reasons. It makes use of the libusb library to gain
+ portable access to USB.
+
+ This driver has been tested with the SCM SCR335 and SPR532
+ smartcard readers and requires that a reader implements APDU or
+ TPDU level exchange and does fully automatic initialization.
+*/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#if defined(HAVE_LIBUSB) || defined(TEST)
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <time.h>
+#ifdef HAVE_PTH
+# include <pth.h>
+#endif /*HAVE_PTH*/
+
+#include <usb.h>
+
+#include "ccid-driver.h"
+
+#define DRVNAME "ccid-driver: "
+
+
+/* Depending on how this source is used we either define our error
+ output to go to stderr or to the jnlib based logging functions. We
+ use the latter when GNUPG_MAJOR_VERSION is defines or when both,
+ GNUPG_SCD_MAIN_HEADER and HAVE_JNLIB_LOGGING are defined.
+*/
+#if defined(GNUPG_MAJOR_VERSION) \
+ || (defined(GNUPG_SCD_MAIN_HEADER) && defined(HAVE_JNLIB_LOGGING))
+
+#if defined(GNUPG_SCD_MAIN_HEADER)
+# include GNUPG_SCD_MAIN_HEADER
+#elif GNUPG_MAJOR_VERSION == 1 /* GnuPG Version is < 1.9. */
+# include "options.h"
+# include "util.h"
+# include "memory.h"
+# include "cardglue.h"
+# else /* This is the modularized GnuPG 1.9 or later. */
+# include "scdaemon.h"
+#endif
+
+
+# define DEBUGOUT(t) do { if (debug_level) \
+ log_debug (DRVNAME t); } while (0)
+# define DEBUGOUT_1(t,a) do { if (debug_level) \
+ log_debug (DRVNAME t,(a)); } while (0)
+# define DEBUGOUT_2(t,a,b) do { if (debug_level) \
+ log_debug (DRVNAME t,(a),(b)); } while (0)
+# define DEBUGOUT_3(t,a,b,c) do { if (debug_level) \
+ log_debug (DRVNAME t,(a),(b),(c));} while (0)
+# define DEBUGOUT_4(t,a,b,c,d) do { if (debug_level) \
+ log_debug (DRVNAME t,(a),(b),(c),(d));} while (0)
+# define DEBUGOUT_CONT(t) do { if (debug_level) \
+ log_printf (t); } while (0)
+# define DEBUGOUT_CONT_1(t,a) do { if (debug_level) \
+ log_printf (t,(a)); } while (0)
+# define DEBUGOUT_CONT_2(t,a,b) do { if (debug_level) \
+ log_printf (t,(a),(b)); } while (0)
+# define DEBUGOUT_CONT_3(t,a,b,c) do { if (debug_level) \
+ log_printf (t,(a),(b),(c)); } while (0)
+# define DEBUGOUT_LF() do { if (debug_level) \
+ log_printf ("\n"); } while (0)
+
+#else /* Other usage of this source - don't use gnupg specifics. */
+
+# define DEBUGOUT(t) do { if (debug_level) \
+ fprintf (stderr, DRVNAME t); } while (0)
+# define DEBUGOUT_1(t,a) do { if (debug_level) \
+ fprintf (stderr, DRVNAME t, (a)); } while (0)
+# define DEBUGOUT_2(t,a,b) do { if (debug_level) \
+ fprintf (stderr, DRVNAME t, (a), (b)); } while (0)
+# define DEBUGOUT_3(t,a,b,c) do { if (debug_level) \
+ fprintf (stderr, DRVNAME t, (a), (b), (c)); } while (0)
+# define DEBUGOUT_4(t,a,b,c,d) do { if (debug_level) \
+ fprintf (stderr, DRVNAME t, (a), (b), (c), (d));} while(0)
+# define DEBUGOUT_CONT(t) do { if (debug_level) \
+ fprintf (stderr, t); } while (0)
+# define DEBUGOUT_CONT_1(t,a) do { if (debug_level) \
+ fprintf (stderr, t, (a)); } while (0)
+# define DEBUGOUT_CONT_2(t,a,b) do { if (debug_level) \
+ fprintf (stderr, t, (a), (b)); } while (0)
+# define DEBUGOUT_CONT_3(t,a,b,c) do { if (debug_level) \
+ fprintf (stderr, t, (a), (b), (c)); } while (0)
+# define DEBUGOUT_LF() do { if (debug_level) \
+ putc ('\n', stderr); } while (0)
+
+#endif /* This source not used by scdaemon. */
+
+
+#ifndef EAGAIN
+#define EAGAIN EWOULDBLOCK
+#endif
+
+
+
+enum {
+ RDR_to_PC_NotifySlotChange= 0x50,
+ RDR_to_PC_HardwareError = 0x51,
+
+ PC_to_RDR_SetParameters = 0x61,
+ PC_to_RDR_IccPowerOn = 0x62,
+ PC_to_RDR_IccPowerOff = 0x63,
+ PC_to_RDR_GetSlotStatus = 0x65,
+ PC_to_RDR_Secure = 0x69,
+ PC_to_RDR_T0APDU = 0x6a,
+ PC_to_RDR_Escape = 0x6b,
+ PC_to_RDR_GetParameters = 0x6c,
+ PC_to_RDR_ResetParameters = 0x6d,
+ PC_to_RDR_IccClock = 0x6e,
+ PC_to_RDR_XfrBlock = 0x6f,
+ PC_to_RDR_Mechanical = 0x71,
+ PC_to_RDR_Abort = 0x72,
+ PC_to_RDR_SetDataRate = 0x73,
+
+ RDR_to_PC_DataBlock = 0x80,
+ RDR_to_PC_SlotStatus = 0x81,
+ RDR_to_PC_Parameters = 0x82,
+ RDR_to_PC_Escape = 0x83,
+ RDR_to_PC_DataRate = 0x84
+};
+
+
+/* Two macro to detect whether a CCID command has failed and to get
+ the error code. These macros assume that we can access the
+ mandatory first 10 bytes of a CCID message in BUF. */
+#define CCID_COMMAND_FAILED(buf) ((buf)[7] & 0x40)
+#define CCID_ERROR_CODE(buf) (((unsigned char *)(buf))[8])
+
+
+/* We need to know the vendor to do some hacks. */
+enum {
+ VENDOR_CHERRY = 0x046a,
+ VENDOR_SCM = 0x04e6,
+ VENDOR_OMNIKEY= 0x076b,
+ VENDOR_GEMPC = 0x08e6,
+ VENDOR_KAAN = 0x0d46
+};
+
+/* A list and a table with special transport descriptions. */
+enum {
+ TRANSPORT_USB = 0, /* Standard USB transport. */
+ TRANSPORT_CM4040 = 1 /* As used by the Cardman 4040. */
+};
+
+static struct
+{
+ char *name; /* Device name. */
+ int type;
+
+} transports[] = {
+ { "/dev/cmx0", TRANSPORT_CM4040 },
+ { "/dev/cmx1", TRANSPORT_CM4040 },
+ { NULL },
+};
+
+
+/* Store information on the driver's state. A pointer to such a
+ structure is used as handle for most functions. */
+struct ccid_driver_s
+{
+ usb_dev_handle *idev;
+ char *rid;
+ int dev_fd; /* -1 for USB transport or file descriptor of the
+ transport device. */
+ unsigned short id_vendor;
+ unsigned short id_product;
+ unsigned short bcd_device;
+ int ifc_no;
+ int ep_bulk_out;
+ int ep_bulk_in;
+ int ep_intr;
+ int seqno;
+ unsigned char t1_ns;
+ unsigned char t1_nr;
+ unsigned char nonnull_nad;
+ int max_ifsd;
+ int ifsd;
+ int ifsc;
+ unsigned char apdu_level:2; /* Reader supports short APDU level
+ exchange. With a value of 2 short
+ and extended level is supported.*/
+ unsigned int auto_ifsd:1;
+ unsigned int powered_off:1;
+ unsigned int has_pinpad:2;
+ unsigned int enodev_seen:1;
+
+ time_t last_progress; /* Last time we sent progress line. */
+
+ /* The progress callback and its first arg as supplied to
+ ccid_set_progress_cb. */
+ void (*progress_cb)(void *, const char *, int, int, int);
+ void *progress_cb_arg;
+};
+
+
+static int initialized_usb; /* Tracks whether USB has been initialized. */
+static int debug_level; /* Flag to control the debug output.
+ 0 = No debugging
+ 1 = USB I/O info
+ 2 = Level 1 + T=1 protocol tracing
+ 3 = Level 2 + USB/I/O tracing of SlotStatus.
+ */
+
+
+static unsigned int compute_edc (const unsigned char *data, size_t datalen,
+ int use_crc);
+static int bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen,
+ int no_debug);
+static int bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
+ size_t *nread, int expected_type, int seqno, int timeout,
+ int no_debug);
+static int abort_cmd (ccid_driver_t handle, int seqno);
+
+/* Convert a little endian stored 4 byte value into an unsigned
+ integer. */
+static unsigned int
+convert_le_u32 (const unsigned char *buf)
+{
+ return buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24);
+}
+
+
+/* Convert a little endian stored 2 byte value into an unsigned
+ integer. */
+static unsigned int
+convert_le_u16 (const unsigned char *buf)
+{
+ return buf[0] | (buf[1] << 8);
+}
+
+static void
+set_msg_len (unsigned char *msg, unsigned int length)
+{
+ msg[1] = length;
+ msg[2] = length >> 8;
+ msg[3] = length >> 16;
+ msg[4] = length >> 24;
+}
+
+
+static void
+my_sleep (int seconds)
+{
+#ifdef HAVE_PTH
+ /* With Pth we also call the standard sleep(0) so that the process
+ may give up its timeslot. */
+ if (!seconds)
+ {
+# ifdef HAVE_W32_SYSTEM
+ Sleep (0);
+# else
+ sleep (0);
+# endif
+ }
+ pth_sleep (seconds);
+#else
+# ifdef HAVE_W32_SYSTEM
+ Sleep (seconds*1000);
+# else
+ sleep (seconds);
+# endif
+#endif
+}
+
+static void
+print_progress (ccid_driver_t handle)
+{
+ time_t ct = time (NULL);
+
+ /* We don't want to print progress lines too often. */
+ if (ct == handle->last_progress)
+ return;
+
+ if (handle->progress_cb)
+ handle->progress_cb (handle->progress_cb_arg, "card_busy", 'w', 0, 0);
+
+ handle->last_progress = ct;
+}
+
+
+
+/* Pint an error message for a failed CCID command including a textual
+ error code. MSG shall be the CCID message at a minimum of 10 bytes. */
+static void
+print_command_failed (const unsigned char *msg)
+{
+ const char *t;
+ char buffer[100];
+ int ec;
+
+ if (!debug_level)
+ return;
+
+ ec = CCID_ERROR_CODE (msg);
+ switch (ec)
+ {
+ case 0x00: t = "Command not supported"; break;
+
+ case 0xE0: t = "Slot busy"; break;
+ case 0xEF: t = "PIN cancelled"; break;
+ case 0xF0: t = "PIN timeout"; break;
+
+ case 0xF2: t = "Automatic sequence ongoing"; break;
+ case 0xF3: t = "Deactivated Protocol"; break;
+ case 0xF4: t = "Procedure byte conflict"; break;
+ case 0xF5: t = "ICC class not supported"; break;
+ case 0xF6: t = "ICC protocol not supported"; break;
+ case 0xF7: t = "Bad checksum in ATR"; break;
+ case 0xF8: t = "Bad TS in ATR"; break;
+
+ case 0xFB: t = "An all inclusive hardware error occurred"; break;
+ case 0xFC: t = "Overrun error while talking to the ICC"; break;
+ case 0xFD: t = "Parity error while talking to the ICC"; break;
+ case 0xFE: t = "CCID timed out while talking to the ICC"; break;
+ case 0xFF: t = "Host aborted the current activity"; break;
+
+ default:
+ if (ec > 0 && ec < 128)
+ sprintf (buffer, "Parameter error at offset %d", ec);
+ else
+ sprintf (buffer, "Error code %02X", ec);
+ t = buffer;
+ break;
+ }
+ DEBUGOUT_1 ("CCID command failed: %s\n", t);
+}
+
+
+static void
+print_pr_data (const unsigned char *data, size_t datalen, size_t off)
+{
+ int any = 0;
+
+ for (; off < datalen; off++)
+ {
+ if (!any || !(off % 16))
+ {
+ if (any)
+ DEBUGOUT_LF ();
+ DEBUGOUT_1 (" [%04lu] ", (unsigned long) off);
+ }
+ DEBUGOUT_CONT_1 (" %02X", data[off]);
+ any = 1;
+ }
+ if (any && (off % 16))
+ DEBUGOUT_LF ();
+}
+
+
+static void
+print_p2r_header (const char *name, const unsigned char *msg, size_t msglen)
+{
+ DEBUGOUT_1 ("%s:\n", name);
+ if (msglen < 7)
+ return;
+ DEBUGOUT_1 (" dwLength ..........: %u\n", convert_le_u32 (msg+1));
+ DEBUGOUT_1 (" bSlot .............: %u\n", msg[5]);
+ DEBUGOUT_1 (" bSeq ..............: %u\n", msg[6]);
+}
+
+
+static void
+print_p2r_iccpoweron (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_IccPowerOn", msg, msglen);
+ if (msglen < 10)
+ return;
+ DEBUGOUT_2 (" bPowerSelect ......: 0x%02x (%s)\n", msg[7],
+ msg[7] == 0? "auto":
+ msg[7] == 1? "5.0 V":
+ msg[7] == 2? "3.0 V":
+ msg[7] == 3? "1.8 V":"");
+ print_pr_data (msg, msglen, 8);
+}
+
+
+static void
+print_p2r_iccpoweroff (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_IccPowerOff", msg, msglen);
+ print_pr_data (msg, msglen, 7);
+}
+
+
+static void
+print_p2r_getslotstatus (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_GetSlotStatus", msg, msglen);
+ print_pr_data (msg, msglen, 7);
+}
+
+
+static void
+print_p2r_xfrblock (const unsigned char *msg, size_t msglen)
+{
+ unsigned int val;
+
+ print_p2r_header ("PC_to_RDR_XfrBlock", msg, msglen);
+ if (msglen < 10)
+ return;
+ DEBUGOUT_1 (" bBWI ..............: 0x%02x\n", msg[7]);
+ val = convert_le_u16 (msg+8);
+ DEBUGOUT_2 (" wLevelParameter ...: 0x%04x%s\n", val,
+ val == 1? " (continued)":
+ val == 2? " (continues+ends)":
+ val == 3? " (continues+continued)":
+ val == 16? " (DataBlock-expected)":"");
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_p2r_getparameters (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_GetParameters", msg, msglen);
+ print_pr_data (msg, msglen, 7);
+}
+
+
+static void
+print_p2r_resetparameters (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_ResetParameters", msg, msglen);
+ print_pr_data (msg, msglen, 7);
+}
+
+
+static void
+print_p2r_setparameters (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_SetParameters", msg, msglen);
+ if (msglen < 10)
+ return;
+ DEBUGOUT_1 (" bProtocolNum ......: 0x%02x\n", msg[7]);
+ print_pr_data (msg, msglen, 8);
+}
+
+
+static void
+print_p2r_escape (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_Escape", msg, msglen);
+ print_pr_data (msg, msglen, 7);
+}
+
+
+static void
+print_p2r_iccclock (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_IccClock", msg, msglen);
+ if (msglen < 10)
+ return;
+ DEBUGOUT_1 (" bClockCommand .....: 0x%02x\n", msg[7]);
+ print_pr_data (msg, msglen, 8);
+}
+
+
+static void
+print_p2r_to0apdu (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_T0APDU", msg, msglen);
+ if (msglen < 10)
+ return;
+ DEBUGOUT_1 (" bmChanges .........: 0x%02x\n", msg[7]);
+ DEBUGOUT_1 (" bClassGetResponse .: 0x%02x\n", msg[8]);
+ DEBUGOUT_1 (" bClassEnvelope ....: 0x%02x\n", msg[9]);
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_p2r_secure (const unsigned char *msg, size_t msglen)
+{
+ unsigned int val;
+
+ print_p2r_header ("PC_to_RDR_Secure", msg, msglen);
+ if (msglen < 10)
+ return;
+ DEBUGOUT_1 (" bBMI ..............: 0x%02x\n", msg[7]);
+ val = convert_le_u16 (msg+8);
+ DEBUGOUT_2 (" wLevelParameter ...: 0x%04x%s\n", val,
+ val == 1? " (continued)":
+ val == 2? " (continues+ends)":
+ val == 3? " (continues+continued)":
+ val == 16? " (DataBlock-expected)":"");
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_p2r_mechanical (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_Mechanical", msg, msglen);
+ if (msglen < 10)
+ return;
+ DEBUGOUT_1 (" bFunction .........: 0x%02x\n", msg[7]);
+ print_pr_data (msg, msglen, 8);
+}
+
+
+static void
+print_p2r_abort (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_Abort", msg, msglen);
+ print_pr_data (msg, msglen, 7);
+}
+
+
+static void
+print_p2r_setdatarate (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_SetDataRate", msg, msglen);
+ if (msglen < 10)
+ return;
+ print_pr_data (msg, msglen, 7);
+}
+
+
+static void
+print_p2r_unknown (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("Unknown PC_to_RDR command", msg, msglen);
+ if (msglen < 10)
+ return;
+ print_pr_data (msg, msglen, 0);
+}
+
+
+static void
+print_r2p_header (const char *name, const unsigned char *msg, size_t msglen)
+{
+ DEBUGOUT_1 ("%s:\n", name);
+ if (msglen < 9)
+ return;
+ DEBUGOUT_1 (" dwLength ..........: %u\n", convert_le_u32 (msg+1));
+ DEBUGOUT_1 (" bSlot .............: %u\n", msg[5]);
+ DEBUGOUT_1 (" bSeq ..............: %u\n", msg[6]);
+ DEBUGOUT_1 (" bStatus ...........: %u\n", msg[7]);
+ if (msg[8])
+ DEBUGOUT_1 (" bError ............: %u\n", msg[8]);
+}
+
+
+static void
+print_r2p_datablock (const unsigned char *msg, size_t msglen)
+{
+ print_r2p_header ("RDR_to_PC_DataBlock", msg, msglen);
+ if (msglen < 10)
+ return;
+ if (msg[9])
+ DEBUGOUT_2 (" bChainParameter ...: 0x%02x%s\n", msg[9],
+ msg[9] == 1? " (continued)":
+ msg[9] == 2? " (continues+ends)":
+ msg[9] == 3? " (continues+continued)":
+ msg[9] == 16? " (XferBlock-expected)":"");
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_r2p_slotstatus (const unsigned char *msg, size_t msglen)
+{
+ print_r2p_header ("RDR_to_PC_SlotStatus", msg, msglen);
+ if (msglen < 10)
+ return;
+ DEBUGOUT_2 (" bClockStatus ......: 0x%02x%s\n", msg[9],
+ msg[9] == 0? " (running)":
+ msg[9] == 1? " (stopped-L)":
+ msg[9] == 2? " (stopped-H)":
+ msg[9] == 3? " (stopped)":"");
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_r2p_parameters (const unsigned char *msg, size_t msglen)
+{
+ print_r2p_header ("RDR_to_PC_Parameters", msg, msglen);
+ if (msglen < 10)
+ return;
+
+ DEBUGOUT_1 (" protocol ..........: T=%d\n", msg[9]);
+ if (msglen == 17 && msg[9] == 1)
+ {
+ /* Protocol T=1. */
+ DEBUGOUT_1 (" bmFindexDindex ....: %02X\n", msg[10]);
+ DEBUGOUT_1 (" bmTCCKST1 .........: %02X\n", msg[11]);
+ DEBUGOUT_1 (" bGuardTimeT1 ......: %02X\n", msg[12]);
+ DEBUGOUT_1 (" bmWaitingIntegersT1: %02X\n", msg[13]);
+ DEBUGOUT_1 (" bClockStop ........: %02X\n", msg[14]);
+ DEBUGOUT_1 (" bIFSC .............: %d\n", msg[15]);
+ DEBUGOUT_1 (" bNadValue .........: %d\n", msg[16]);
+ }
+ else
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_r2p_escape (const unsigned char *msg, size_t msglen)
+{
+ print_r2p_header ("RDR_to_PC_Escape", msg, msglen);
+ if (msglen < 10)
+ return;
+ DEBUGOUT_1 (" buffer[9] .........: %02X\n", msg[9]);
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_r2p_datarate (const unsigned char *msg, size_t msglen)
+{
+ print_r2p_header ("RDR_to_PC_DataRate", msg, msglen);
+ if (msglen < 10)
+ return;
+ if (msglen >= 18)
+ {
+ DEBUGOUT_1 (" dwClockFrequency ..: %u\n", convert_le_u32 (msg+10));
+ DEBUGOUT_1 (" dwDataRate ..... ..: %u\n", convert_le_u32 (msg+14));
+ print_pr_data (msg, msglen, 18);
+ }
+ else
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_r2p_unknown (const unsigned char *msg, size_t msglen)
+{
+ print_r2p_header ("Unknown RDR_to_PC command", msg, msglen);
+ if (msglen < 10)
+ return;
+ DEBUGOUT_1 (" bMessageType ......: %02X\n", msg[0]);
+ DEBUGOUT_1 (" buffer[9] .........: %02X\n", msg[9]);
+ print_pr_data (msg, msglen, 10);
+}
+
+
+/* Given a handle used for special transport prepare it for use. In
+ particular setup all information in way that resembles what
+ parse_cccid_descriptor does. */
+static void
+prepare_special_transport (ccid_driver_t handle)
+{
+ assert (!handle->id_vendor);
+
+ handle->nonnull_nad = 0;
+ handle->auto_ifsd = 0;
+ handle->max_ifsd = 32;
+ handle->ifsd = 0;
+ handle->has_pinpad = 0;
+ handle->apdu_level = 0;
+ switch (handle->id_product)
+ {
+ case TRANSPORT_CM4040:
+ DEBUGOUT ("setting up transport for CardMan 4040\n");
+ handle->apdu_level = 1;
+ break;
+
+ default: assert (!"transport not defined");
+ }
+}
+
+/* Parse a CCID descriptor, optionally print all available features
+ and test whether this reader is usable by this driver. Returns 0
+ if it is usable.
+
+ Note, that this code is based on the one in lsusb.c of the
+ usb-utils package, I wrote on 2003-09-01. -wk. */
+static int
+parse_ccid_descriptor (ccid_driver_t handle,
+ const unsigned char *buf, size_t buflen)
+{
+ unsigned int i;
+ unsigned int us;
+ int have_t1 = 0, have_tpdu=0, have_auto_conf = 0;
+
+
+ handle->nonnull_nad = 0;
+ handle->auto_ifsd = 0;
+ handle->max_ifsd = 32;
+ handle->ifsd = 0;
+ handle->has_pinpad = 0;
+ handle->apdu_level = 0;
+ DEBUGOUT_3 ("idVendor: %04X idProduct: %04X bcdDevice: %04X\n",
+ handle->id_vendor, handle->id_product, handle->bcd_device);
+ if (buflen < 54 || buf[0] < 54)
+ {
+ DEBUGOUT ("CCID device descriptor is too short\n");
+ return -1;
+ }
+
+ DEBUGOUT ("ChipCard Interface Descriptor:\n");
+ DEBUGOUT_1 (" bLength %5u\n", buf[0]);
+ DEBUGOUT_1 (" bDescriptorType %5u\n", buf[1]);
+ DEBUGOUT_2 (" bcdCCID %2x.%02x", buf[3], buf[2]);
+ if (buf[3] != 1 || buf[2] != 0)
+ DEBUGOUT_CONT(" (Warning: Only accurate for version 1.0)");
+ DEBUGOUT_LF ();
+
+ DEBUGOUT_1 (" nMaxSlotIndex %5u\n", buf[4]);
+ DEBUGOUT_2 (" bVoltageSupport %5u %s\n",
+ buf[5], (buf[5] == 1? "5.0V" : buf[5] == 2? "3.0V"
+ : buf[5] == 3? "1.8V":"?"));
+
+ us = convert_le_u32 (buf+6);
+ DEBUGOUT_1 (" dwProtocols %5u ", us);
+ if ((us & 1))
+ DEBUGOUT_CONT (" T=0");
+ if ((us & 2))
+ {
+ DEBUGOUT_CONT (" T=1");
+ have_t1 = 1;
+ }
+ if ((us & ~3))
+ DEBUGOUT_CONT (" (Invalid values detected)");
+ DEBUGOUT_LF ();
+
+ us = convert_le_u32(buf+10);
+ DEBUGOUT_1 (" dwDefaultClock %5u\n", us);
+ us = convert_le_u32(buf+14);
+ DEBUGOUT_1 (" dwMaxiumumClock %5u\n", us);
+ DEBUGOUT_1 (" bNumClockSupported %5u\n", buf[18]);
+ us = convert_le_u32(buf+19);
+ DEBUGOUT_1 (" dwDataRate %7u bps\n", us);
+ us = convert_le_u32(buf+23);
+ DEBUGOUT_1 (" dwMaxDataRate %7u bps\n", us);
+ DEBUGOUT_1 (" bNumDataRatesSupp. %5u\n", buf[27]);
+
+ us = convert_le_u32(buf+28);
+ DEBUGOUT_1 (" dwMaxIFSD %5u\n", us);
+ handle->max_ifsd = us;
+
+ us = convert_le_u32(buf+32);
+ DEBUGOUT_1 (" dwSyncProtocols %08X ", us);
+ if ((us&1))
+ DEBUGOUT_CONT ( " 2-wire");
+ if ((us&2))
+ DEBUGOUT_CONT ( " 3-wire");
+ if ((us&4))
+ DEBUGOUT_CONT ( " I2C");
+ DEBUGOUT_LF ();
+
+ us = convert_le_u32(buf+36);
+ DEBUGOUT_1 (" dwMechanical %08X ", us);
+ if ((us & 1))
+ DEBUGOUT_CONT (" accept");
+ if ((us & 2))
+ DEBUGOUT_CONT (" eject");
+ if ((us & 4))
+ DEBUGOUT_CONT (" capture");
+ if ((us & 8))
+ DEBUGOUT_CONT (" lock");
+ DEBUGOUT_LF ();
+
+ us = convert_le_u32(buf+40);
+ DEBUGOUT_1 (" dwFeatures %08X\n", us);
+ if ((us & 0x0002))
+ {
+ DEBUGOUT (" Auto configuration based on ATR\n");
+ have_auto_conf = 1;
+ }
+ if ((us & 0x0004))
+ DEBUGOUT (" Auto activation on insert\n");
+ if ((us & 0x0008))
+ DEBUGOUT (" Auto voltage selection\n");
+ if ((us & 0x0010))
+ DEBUGOUT (" Auto clock change\n");
+ if ((us & 0x0020))
+ DEBUGOUT (" Auto baud rate change\n");
+ if ((us & 0x0040))
+ DEBUGOUT (" Auto parameter negotiation made by CCID\n");
+ else if ((us & 0x0080))
+ DEBUGOUT (" Auto PPS made by CCID\n");
+ else if ((us & (0x0040 | 0x0080)))
+ DEBUGOUT (" WARNING: conflicting negotiation features\n");
+
+ if ((us & 0x0100))
+ DEBUGOUT (" CCID can set ICC in clock stop mode\n");
+ if ((us & 0x0200))
+ {
+ DEBUGOUT (" NAD value other than 0x00 accepted\n");
+ handle->nonnull_nad = 1;
+ }
+ if ((us & 0x0400))
+ {
+ DEBUGOUT (" Auto IFSD exchange\n");
+ handle->auto_ifsd = 1;
+ }
+
+ if ((us & 0x00010000))
+ {
+ DEBUGOUT (" TPDU level exchange\n");
+ have_tpdu = 1;
+ }
+ else if ((us & 0x00020000))
+ {
+ DEBUGOUT (" Short APDU level exchange\n");
+ handle->apdu_level = 1;
+ }
+ else if ((us & 0x00040000))
+ {
+ DEBUGOUT (" Short and extended APDU level exchange\n");
+ handle->apdu_level = 2;
+ }
+ else if ((us & 0x00070000))
+ DEBUGOUT (" WARNING: conflicting exchange levels\n");
+
+ us = convert_le_u32(buf+44);
+ DEBUGOUT_1 (" dwMaxCCIDMsgLen %5u\n", us);
+
+ DEBUGOUT ( " bClassGetResponse ");
+ if (buf[48] == 0xff)
+ DEBUGOUT_CONT ("echo\n");
+ else
+ DEBUGOUT_CONT_1 (" %02X\n", buf[48]);
+
+ DEBUGOUT ( " bClassEnvelope ");
+ if (buf[49] == 0xff)
+ DEBUGOUT_CONT ("echo\n");
+ else
+ DEBUGOUT_CONT_1 (" %02X\n", buf[48]);
+
+ DEBUGOUT ( " wlcdLayout ");
+ if (!buf[50] && !buf[51])
+ DEBUGOUT_CONT ("none\n");
+ else
+ DEBUGOUT_CONT_2 ("%u cols %u lines\n", buf[50], buf[51]);
+
+ DEBUGOUT_1 (" bPINSupport %5u ", buf[52]);
+ if ((buf[52] & 1))
+ {
+ DEBUGOUT_CONT ( " verification");
+ handle->has_pinpad |= 1;
+ }
+ if ((buf[52] & 2))
+ {
+ DEBUGOUT_CONT ( " modification");
+ handle->has_pinpad |= 2;
+ }
+ DEBUGOUT_LF ();
+
+ DEBUGOUT_1 (" bMaxCCIDBusySlots %5u\n", buf[53]);
+
+ if (buf[0] > 54) {
+ DEBUGOUT (" junk ");
+ for (i=54; i < buf[0]-54; i++)
+ DEBUGOUT_CONT_1 (" %02X", buf[i]);
+ DEBUGOUT_LF ();
+ }
+
+ if (!have_t1 || !(have_tpdu || handle->apdu_level) || !have_auto_conf)
+ {
+ DEBUGOUT ("this drivers requires that the reader supports T=1, "
+ "TPDU or APDU level exchange and auto configuration - "
+ "this is not available\n");
+ return -1;
+ }
+
+
+ /* SCM drivers get stuck in their internal USB stack if they try to
+ send a frame of n*wMaxPacketSize back to us. Given that
+ wMaxPacketSize is 64 for these readers we set the IFSD to a value
+ lower than that:
+ 64 - 10 CCID header - 4 T1frame - 2 reserved = 48
+ Product Ids:
+ 0xe001 - SCR 331
+ 0x5111 - SCR 331-DI
+ 0x5115 - SCR 335
+ 0xe003 - SPR 532
+ The
+ 0x5117 - SCR 3320 USB ID-000 reader
+ seems to be very slow but enabling this workaround boosts the
+ performance to a a more or less acceptable level (tested by David).
+
+ */
+ if (handle->id_vendor == VENDOR_SCM
+ && handle->max_ifsd > 48
+ && ( (handle->id_product == 0xe001 && handle->bcd_device < 0x0516)
+ ||(handle->id_product == 0x5111 && handle->bcd_device < 0x0620)
+ ||(handle->id_product == 0x5115 && handle->bcd_device < 0x0514)
+ ||(handle->id_product == 0xe003 && handle->bcd_device < 0x0504)
+ ||(handle->id_product == 0x5117 && handle->bcd_device < 0x0522)
+ ))
+ {
+ DEBUGOUT ("enabling workaround for buggy SCM readers\n");
+ handle->max_ifsd = 48;
+ }
+
+
+ return 0;
+}
+
+
+static char *
+get_escaped_usb_string (usb_dev_handle *idev, int idx,
+ const char *prefix, const char *suffix)
+{
+ int rc;
+ unsigned char buf[280];
+ unsigned char *s;
+ unsigned int langid;
+ size_t i, n, len;
+ char *result;
+
+ if (!idx)
+ return NULL;
+
+ /* Fixme: The next line is for the current Valgrid without support
+ for USB IOCTLs. */
+ memset (buf, 0, sizeof buf);
+
+ /* First get the list of supported languages and use the first one.
+ If we do don't find it we try to use English. Note that this is
+ all in a 2 bute Unicode encoding using little endian. */
+ rc = usb_control_msg (idev, USB_ENDPOINT_IN, USB_REQ_GET_DESCRIPTOR,
+ (USB_DT_STRING << 8), 0,
+ (char*)buf, sizeof buf, 1000 /* ms timeout */);
+ if (rc < 4)
+ langid = 0x0409; /* English. */
+ else
+ langid = (buf[3] << 8) | buf[2];
+
+ rc = usb_control_msg (idev, USB_ENDPOINT_IN, USB_REQ_GET_DESCRIPTOR,
+ (USB_DT_STRING << 8) + idx, langid,
+ (char*)buf, sizeof buf, 1000 /* ms timeout */);
+ if (rc < 2 || buf[1] != USB_DT_STRING)
+ return NULL; /* Error or not a string. */
+ len = buf[0];
+ if (len > rc)
+ return NULL; /* Larger than our buffer. */
+
+ for (s=buf+2, i=2, n=0; i+1 < len; i += 2, s += 2)
+ {
+ if (s[1])
+ n++; /* High byte set. */
+ else if (*s <= 0x20 || *s >= 0x7f || *s == '%' || *s == ':')
+ n += 3 ;
+ else
+ n++;
+ }
+
+ result = malloc (strlen (prefix) + n + strlen (suffix) + 1);
+ if (!result)
+ return NULL;
+
+ strcpy (result, prefix);
+ n = strlen (prefix);
+ for (s=buf+2, i=2; i+1 < len; i += 2, s += 2)
+ {
+ if (s[1])
+ result[n++] = '\xff'; /* High byte set. */
+ else if (*s <= 0x20 || *s >= 0x7f || *s == '%' || *s == ':')
+ {
+ sprintf (result+n, "%%%02X", *s);
+ n += 3;
+ }
+ else
+ result[n++] = *s;
+ }
+ strcpy (result+n, suffix);
+
+ return result;
+}
+
+/* This function creates an reader id to be used to find the same
+ physical reader after a reset. It returns an allocated and possibly
+ percent escaped string or NULL if not enough memory is available. */
+static char *
+make_reader_id (usb_dev_handle *idev,
+ unsigned int vendor, unsigned int product,
+ unsigned char serialno_index)
+{
+ char *rid;
+ char prefix[20];
+
+ sprintf (prefix, "%04X:%04X:", (vendor & 0xffff), (product & 0xffff));
+ rid = get_escaped_usb_string (idev, serialno_index, prefix, ":0");
+ if (!rid)
+ {
+ rid = malloc (strlen (prefix) + 3 + 1);
+ if (!rid)
+ return NULL;
+ strcpy (rid, prefix);
+ strcat (rid, "X:0");
+ }
+ return rid;
+}
+
+
+/* Helper to find the endpoint from an interface descriptor. */
+static int
+find_endpoint (struct usb_interface_descriptor *ifcdesc, int mode)
+{
+ int no;
+ int want_bulk_in = 0;
+
+ if (mode == 1)
+ want_bulk_in = 0x80;
+ for (no=0; no < ifcdesc->bNumEndpoints; no++)
+ {
+ struct usb_endpoint_descriptor *ep = ifcdesc->endpoint + no;
+ if (ep->bDescriptorType != USB_DT_ENDPOINT)
+ ;
+ else if (mode == 2
+ && ((ep->bmAttributes & USB_ENDPOINT_TYPE_MASK)
+ == USB_ENDPOINT_TYPE_INTERRUPT)
+ && (ep->bEndpointAddress & 0x80))
+ return (ep->bEndpointAddress & 0x0f);
+ else if (((ep->bmAttributes & USB_ENDPOINT_TYPE_MASK)
+ == USB_ENDPOINT_TYPE_BULK)
+ && (ep->bEndpointAddress & 0x80) == want_bulk_in)
+ return (ep->bEndpointAddress & 0x0f);
+ }
+ /* Should never happen. */
+ return mode == 2? 0x83 : mode == 1? 0x82 :1;
+}
+
+
+/* Helper for scan_or_find_devices. This function returns true if a
+ requested device has been found or the caller should stop scanning
+ for other reasons. */
+static int
+scan_or_find_usb_device (int scan_mode,
+ int *readerno, int *count, char **rid_list,
+ const char *readerid,
+ struct usb_device *dev,
+ char **r_rid,
+ struct usb_device **r_dev,
+ usb_dev_handle **r_idev,
+ unsigned char **ifcdesc_extra,
+ size_t *ifcdesc_extra_len,
+ int *interface_number,
+ int *ep_bulk_out, int *ep_bulk_in, int *ep_intr)
+{
+ int cfg_no;
+ int ifc_no;
+ int set_no;
+ struct usb_config_descriptor *config;
+ struct usb_interface *interface;
+ struct usb_interface_descriptor *ifcdesc;
+ char *rid;
+ usb_dev_handle *idev;
+
+ *r_idev = NULL;
+
+ for (cfg_no=0; cfg_no < dev->descriptor.bNumConfigurations; cfg_no++)
+ {
+ config = dev->config + cfg_no;
+ if(!config)
+ continue;
+
+ for (ifc_no=0; ifc_no < config->bNumInterfaces; ifc_no++)
+ {
+ interface = config->interface + ifc_no;
+ if (!interface)
+ continue;
+
+ for (set_no=0; set_no < interface->num_altsetting; set_no++)
+ {
+ ifcdesc = (interface->altsetting + set_no);
+ /* The second condition is for older SCM SPR 532 who did
+ not know about the assigned CCID class. Instead of
+ trying to interpret the strings we simply check the
+ product ID. */
+ if (ifcdesc && ifcdesc->extra
+ && ((ifcdesc->bInterfaceClass == 11
+ && ifcdesc->bInterfaceSubClass == 0
+ && ifcdesc->bInterfaceProtocol == 0)
+ || (ifcdesc->bInterfaceClass == 255
+ && dev->descriptor.idVendor == VENDOR_SCM
+ && dev->descriptor.idProduct == 0xe003)))
+ {
+ idev = usb_open (dev);
+ if (!idev)
+ {
+ DEBUGOUT_1 ("usb_open failed: %s\n",
+ strerror (errno));
+ continue; /* with next setting. */
+ }
+
+ rid = make_reader_id (idev,
+ dev->descriptor.idVendor,
+ dev->descriptor.idProduct,
+ dev->descriptor.iSerialNumber);
+ if (rid)
+ {
+ if (scan_mode)
+ {
+ char *p;
+
+ /* We are collecting infos about all
+ available CCID readers. Store them and
+ continue. */
+ DEBUGOUT_2 ("found CCID reader %d (ID=%s)\n",
+ *count, rid );
+ p = malloc ((*rid_list? strlen (*rid_list):0) + 1
+ + strlen (rid) + 1);
+ if (p)
+ {
+ *p = 0;
+ if (*rid_list)
+ {
+ strcat (p, *rid_list);
+ free (*rid_list);
+ }
+ strcat (p, rid);
+ strcat (p, "\n");
+ *rid_list = p;
+ }
+ else /* Out of memory. */
+ free (rid);
+
+ rid = NULL;
+ ++*count;
+ }
+ else if (!*readerno
+ || (*readerno < 0
+ && readerid
+ && !strcmp (readerid, rid)))
+ {
+ /* We found the requested reader. */
+ if (ifcdesc_extra && ifcdesc_extra_len)
+ {
+ *ifcdesc_extra = malloc (ifcdesc
+ ->extralen);
+ if (!*ifcdesc_extra)
+ {
+ usb_close (idev);
+ free (rid);
+ return 1; /* Out of core. */
+ }
+ memcpy (*ifcdesc_extra, ifcdesc->extra,
+ ifcdesc->extralen);
+ *ifcdesc_extra_len = ifcdesc->extralen;
+ }
+
+ if (interface_number)
+ *interface_number = (ifcdesc->bInterfaceNumber);
+
+ if (ep_bulk_out)
+ *ep_bulk_out = find_endpoint (ifcdesc, 0);
+ if (ep_bulk_in)
+ *ep_bulk_in = find_endpoint (ifcdesc, 1);
+ if (ep_intr)
+ *ep_intr = find_endpoint (ifcdesc, 2);
+
+ if (r_dev)
+ *r_dev = dev;
+ if (r_rid)
+ {
+ *r_rid = rid;
+ rid = NULL;
+ }
+ else
+ free (rid);
+
+ *r_idev = idev;
+ return 1; /* Found requested device. */
+ }
+ else
+ {
+ /* This is not yet the reader we want.
+ fixme: We should avoid the extra usb_open
+ in this case. */
+ if (*readerno >= 0)
+ --*readerno;
+ }
+ free (rid);
+ }
+
+ usb_close (idev);
+ idev = NULL;
+ return 0;
+ }
+ }
+ }
+ }
+
+ return 0;
+}
+
+/* Combination function to either scan all CCID devices or to find and
+ open one specific device.
+
+ The function returns 0 if a reader has been found or when a scan
+ returned without error.
+
+ With READERNO = -1 and READERID is NULL, scan mode is used and
+ R_RID should be the address where to store the list of reader_ids
+ we found. If on return this list is empty, no CCID device has been
+ found; otherwise it points to an allocated linked list of reader
+ IDs. Note that in this mode the function always returns NULL.
+
+ With READERNO >= 0 or READERID is not NULL find mode is used. This
+ uses the same algorithm as the scan mode but stops and returns at
+ the entry number READERNO and return the handle for the the opened
+ USB device. If R_RID is not NULL it will receive the reader ID of
+ that device. If R_DEV is not NULL it will the device pointer of
+ that device. If IFCDESC_EXTRA is NOT NULL it will receive a
+ malloced copy of the interfaces "extra: data filed;
+ IFCDESC_EXTRA_LEN receive the length of this field. If there is
+ no reader with number READERNO or that reader is not usable by our
+ implementation NULL will be returned. The caller must close a
+ returned USB device handle and free (if not passed as NULL) the
+ returned reader ID info as well as the IFCDESC_EXTRA. On error
+ NULL will get stored at R_RID, R_DEV, IFCDESC_EXTRA and
+ IFCDESC_EXTRA_LEN. With READERID being -1 the function stops if
+ the READERID was found.
+
+ If R_FD is not -1 on return the device is not using USB for
+ transport but the device associated with that file descriptor. In
+ this case INTERFACE will receive the transport type and the other
+ USB specific return values are not used; the return value is
+ (void*)(1).
+
+ Note that the first entry of the returned reader ID list in scan mode
+ corresponds with a READERNO of 0 in find mode.
+*/
+static int
+scan_or_find_devices (int readerno, const char *readerid,
+ char **r_rid,
+ struct usb_device **r_dev,
+ unsigned char **ifcdesc_extra,
+ size_t *ifcdesc_extra_len,
+ int *interface_number,
+ int *ep_bulk_out, int *ep_bulk_in, int *ep_intr,
+ usb_dev_handle **r_idev,
+ int *r_fd)
+{
+ char *rid_list = NULL;
+ int count = 0;
+ struct usb_bus *busses, *bus;
+ struct usb_device *dev = NULL;
+ usb_dev_handle *idev = NULL;
+ int scan_mode = (readerno == -1 && !readerid);
+ int i;
+
+ /* Set return values to a default. */
+ if (r_rid)
+ *r_rid = NULL;
+ if (r_dev)
+ *r_dev = NULL;
+ if (ifcdesc_extra)
+ *ifcdesc_extra = NULL;
+ if (ifcdesc_extra_len)
+ *ifcdesc_extra_len = 0;
+ if (interface_number)
+ *interface_number = 0;
+ if (r_idev)
+ *r_idev = NULL;
+ if (r_fd)
+ *r_fd = -1;
+
+ /* See whether we want scan or find mode. */
+ if (scan_mode)
+ {
+ assert (r_rid);
+ }
+
+ usb_find_busses();
+ usb_find_devices();
+
+#ifdef HAVE_USB_GET_BUSSES
+ busses = usb_get_busses();
+#else
+ busses = usb_busses;
+#endif
+
+ for (bus = busses; bus; bus = bus->next)
+ {
+ for (dev = bus->devices; dev; dev = dev->next)
+ {
+ if (scan_or_find_usb_device (scan_mode, &readerno, &count, &rid_list,
+ readerid,
+ dev,
+ r_rid,
+ r_dev,
+ &idev,
+ ifcdesc_extra,
+ ifcdesc_extra_len,
+ interface_number,
+ ep_bulk_out, ep_bulk_in, ep_intr))
+ {
+ /* Found requested device or out of core. */
+ if (!idev)
+ {
+ free (rid_list);
+ return -1; /* error */
+ }
+ *r_idev = idev;
+ return 0;
+ }
+ }
+ }
+
+ /* Now check whether there are any devices with special transport types. */
+ for (i=0; transports[i].name; i++)
+ {
+ int fd;
+ char *rid, *p;
+
+ fd = open (transports[i].name, O_RDWR);
+ if (fd == -1 && scan_mode && errno == EBUSY)
+ {
+ /* Ignore this error in scan mode because it indicates that
+ the device exists but is already open (most likely by us)
+ and thus in general suitable as a reader. */
+ }
+ else if (fd == -1)
+ {
+ DEBUGOUT_2 ("failed to open `%s': %s\n",
+ transports[i].name, strerror (errno));
+ continue;
+ }
+
+ rid = malloc (strlen (transports[i].name) + 30 + 10);
+ if (!rid)
+ {
+ if (fd != -1)
+ close (fd);
+ free (rid_list);
+ return -1; /* Error. */
+ }
+ sprintf (rid, "0000:%04X:%s:0", transports[i].type, transports[i].name);
+ if (scan_mode)
+ {
+ DEBUGOUT_2 ("found CCID reader %d (ID=%s)\n", count, rid);
+ p = malloc ((rid_list? strlen (rid_list):0) + 1 + strlen (rid) + 1);
+ if (!p)
+ {
+ if (fd != -1)
+ close (fd);
+ free (rid_list);
+ free (rid);
+ return -1; /* Error. */
+ }
+ *p = 0;
+ if (rid_list)
+ {
+ strcat (p, rid_list);
+ free (rid_list);
+ }
+ strcat (p, rid);
+ strcat (p, "\n");
+ rid_list = p;
+ ++count;
+ }
+ else if (!readerno ||
+ (readerno < 0 && readerid && !strcmp (readerid, rid)))
+ {
+ /* Found requested device. */
+ if (interface_number)
+ *interface_number = transports[i].type;
+ if (r_rid)
+ *r_rid = rid;
+ else
+ free (rid);
+ if (r_fd)
+ *r_fd = fd;
+ return 0; /* Okay, found device */
+ }
+ else /* This is not yet the reader we want. */
+ {
+ if (readerno >= 0)
+ --readerno;
+ }
+ free (rid);
+ if (fd != -1)
+ close (fd);
+ }
+
+ if (scan_mode)
+ {
+ *r_rid = rid_list;
+ return 0;
+ }
+ else
+ return -1;
+}
+
+
+/* Set the level of debugging to LEVEL and return the old level. -1
+ just returns the old level. A level of 0 disables debugging, 1
+ enables debugging, 2 enables additional tracing of the T=1
+ protocol, 3 additionally enables debugging for GetSlotStatus, other
+ values are not yet defined.
+
+ Note that libusb may provide its own debugging feature which is
+ enabled by setting the envvar USB_DEBUG. */
+int
+ccid_set_debug_level (int level)
+{
+ int old = debug_level;
+ if (level != -1)
+ debug_level = level;
+ return old;
+}
+
+
+char *
+ccid_get_reader_list (void)
+{
+ char *reader_list;
+
+ if (!initialized_usb)
+ {
+ usb_init ();
+ initialized_usb = 1;
+ }
+
+ if (scan_or_find_devices (-1, NULL, &reader_list, NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL))
+ return NULL; /* Error. */
+ return reader_list;
+}
+
+
+/* Open the reader with the internal number READERNO and return a
+ pointer to be used as handle in HANDLE. Returns 0 on success. */
+int
+ccid_open_reader (ccid_driver_t *handle, const char *readerid)
+{
+ int rc = 0;
+ struct usb_device *dev = NULL;
+ usb_dev_handle *idev = NULL;
+ int dev_fd = -1;
+ char *rid = NULL;
+ unsigned char *ifcdesc_extra = NULL;
+ size_t ifcdesc_extra_len;
+ int readerno;
+ int ifc_no, ep_bulk_out, ep_bulk_in, ep_intr;
+
+ *handle = NULL;
+
+ if (!initialized_usb)
+ {
+ usb_init ();
+ initialized_usb = 1;
+ }
+
+ /* See whether we want to use the reader ID string or a reader
+ number. A readerno of -1 indicates that the reader ID string is
+ to be used. */
+ if (readerid && strchr (readerid, ':'))
+ readerno = -1; /* We want to use the readerid. */
+ else if (readerid)
+ {
+ readerno = atoi (readerid);
+ if (readerno < 0)
+ {
+ DEBUGOUT ("no CCID readers found\n");
+ rc = CCID_DRIVER_ERR_NO_READER;
+ goto leave;
+ }
+ }
+ else
+ readerno = 0; /* Default. */
+
+ if (scan_or_find_devices (readerno, readerid, &rid, &dev,
+ &ifcdesc_extra, &ifcdesc_extra_len,
+ &ifc_no, &ep_bulk_out, &ep_bulk_in, &ep_intr,
+ &idev, &dev_fd) )
+ {
+ if (readerno == -1)
+ DEBUGOUT_1 ("no CCID reader with ID %s\n", readerid );
+ else
+ DEBUGOUT_1 ("no CCID reader with number %d\n", readerno );
+ rc = CCID_DRIVER_ERR_NO_READER;
+ goto leave;
+ }
+
+ /* Okay, this is a CCID reader. */
+ *handle = calloc (1, sizeof **handle);
+ if (!*handle)
+ {
+ DEBUGOUT ("out of memory\n");
+ rc = CCID_DRIVER_ERR_OUT_OF_CORE;
+ goto leave;
+ }
+ (*handle)->rid = rid;
+ if (idev) /* Regular USB transport. */
+ {
+ (*handle)->idev = idev;
+ (*handle)->dev_fd = -1;
+ (*handle)->id_vendor = dev->descriptor.idVendor;
+ (*handle)->id_product = dev->descriptor.idProduct;
+ (*handle)->bcd_device = dev->descriptor.bcdDevice;
+ (*handle)->ifc_no = ifc_no;
+ (*handle)->ep_bulk_out = ep_bulk_out;
+ (*handle)->ep_bulk_in = ep_bulk_in;
+ (*handle)->ep_intr = ep_intr;
+ }
+ else if (dev_fd != -1) /* Device transport. */
+ {
+ (*handle)->idev = NULL;
+ (*handle)->dev_fd = dev_fd;
+ (*handle)->id_vendor = 0; /* Magic vendor for special transport. */
+ (*handle)->id_product = ifc_no; /* Transport type */
+ prepare_special_transport (*handle);
+ }
+ else
+ {
+ assert (!"no transport"); /* Bug. */
+ }
+
+ DEBUGOUT_2 ("using CCID reader %d (ID=%s)\n", readerno, rid );
+
+ if (idev)
+ {
+ if (parse_ccid_descriptor (*handle, ifcdesc_extra, ifcdesc_extra_len))
+ {
+ DEBUGOUT ("device not supported\n");
+ rc = CCID_DRIVER_ERR_NO_READER;
+ goto leave;
+ }
+
+ rc = usb_claim_interface (idev, ifc_no);
+ if (rc)
+ {
+ DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc);
+ rc = CCID_DRIVER_ERR_CARD_IO_ERROR;
+ goto leave;
+ }
+ }
+
+ leave:
+ free (ifcdesc_extra);
+ if (rc)
+ {
+ free (rid);
+ if (idev)
+ usb_close (idev);
+ if (dev_fd != -1)
+ close (dev_fd);
+ free (*handle);
+ *handle = NULL;
+ }
+
+ return rc;
+}
+
+
+static void
+do_close_reader (ccid_driver_t handle)
+{
+ int rc;
+ unsigned char msg[100];
+ size_t msglen;
+ unsigned char seqno;
+
+ if (!handle->powered_off)
+ {
+ msg[0] = PC_to_RDR_IccPowerOff;
+ msg[5] = 0; /* slot */
+ msg[6] = seqno = handle->seqno++;
+ msg[7] = 0; /* RFU */
+ msg[8] = 0; /* RFU */
+ msg[9] = 0; /* RFU */
+ set_msg_len (msg, 0);
+ msglen = 10;
+
+ rc = bulk_out (handle, msg, msglen, 0);
+ if (!rc)
+ bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_SlotStatus,
+ seqno, 2000, 0);
+ handle->powered_off = 1;
+ }
+ if (handle->idev)
+ {
+ usb_release_interface (handle->idev, handle->ifc_no);
+ usb_close (handle->idev);
+ handle->idev = NULL;
+ }
+ if (handle->dev_fd != -1)
+ {
+ close (handle->dev_fd);
+ handle->dev_fd = -1;
+ }
+}
+
+
+/* Reset a reader on HANDLE. This is useful in case a reader has been
+ plugged of and inserted at a different port. By resetting the
+ handle, the same reader will be get used. Note, that on error the
+ handle won't get released.
+
+ This does not return an ATR, so ccid_get_atr should be called right
+ after this one.
+*/
+int
+ccid_shutdown_reader (ccid_driver_t handle)
+{
+ int rc = 0;
+ struct usb_device *dev = NULL;
+ usb_dev_handle *idev = NULL;
+ unsigned char *ifcdesc_extra = NULL;
+ size_t ifcdesc_extra_len;
+ int ifc_no, ep_bulk_out, ep_bulk_in, ep_intr;
+
+ if (!handle || !handle->rid)
+ return CCID_DRIVER_ERR_INV_VALUE;
+
+ do_close_reader (handle);
+
+ if (scan_or_find_devices (-1, handle->rid, NULL, &dev,
+ &ifcdesc_extra, &ifcdesc_extra_len,
+ &ifc_no, &ep_bulk_out, &ep_bulk_in, &ep_intr,
+ &idev, NULL) || !idev)
+ {
+ DEBUGOUT_1 ("no CCID reader with ID %s\n", handle->rid);
+ return CCID_DRIVER_ERR_NO_READER;
+ }
+
+ if (idev)
+ {
+ handle->idev = idev;
+ handle->ifc_no = ifc_no;
+ handle->ep_bulk_out = ep_bulk_out;
+ handle->ep_bulk_in = ep_bulk_in;
+ handle->ep_intr = ep_intr;
+
+ if (parse_ccid_descriptor (handle, ifcdesc_extra, ifcdesc_extra_len))
+ {
+ DEBUGOUT ("device not supported\n");
+ rc = CCID_DRIVER_ERR_NO_READER;
+ goto leave;
+ }
+
+ rc = usb_claim_interface (idev, ifc_no);
+ if (rc)
+ {
+ DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc);
+ rc = CCID_DRIVER_ERR_CARD_IO_ERROR;
+ goto leave;
+ }
+ }
+
+ leave:
+ free (ifcdesc_extra);
+ if (rc)
+ {
+ if (handle->idev)
+ usb_close (handle->idev);
+ handle->idev = NULL;
+ if (handle->dev_fd != -1)
+ close (handle->dev_fd);
+ handle->dev_fd = -1;
+ }
+
+ return rc;
+
+}
+
+
+int
+ccid_set_progress_cb (ccid_driver_t handle,
+ void (*cb)(void *, const char *, int, int, int),
+ void *cb_arg)
+{
+ if (!handle || !handle->rid)
+ return CCID_DRIVER_ERR_INV_VALUE;
+
+ handle->progress_cb = cb;
+ handle->progress_cb_arg = cb_arg;
+ return 0;
+}
+
+
+/* Close the reader HANDLE. */
+int
+ccid_close_reader (ccid_driver_t handle)
+{
+ if (!handle || (!handle->idev && handle->dev_fd == -1))
+ return 0;
+
+ do_close_reader (handle);
+ free (handle->rid);
+ free (handle);
+ return 0;
+}
+
+
+/* Return False if a card is present and powered. */
+int
+ccid_check_card_presence (ccid_driver_t handle)
+{
+ (void)handle; /* Not yet implemented. */
+ return -1;
+}
+
+
+/* Write NBYTES of BUF to file descriptor FD. */
+static int
+writen (int fd, const void *buf, size_t nbytes)
+{
+ size_t nleft = nbytes;
+ int nwritten;
+
+ while (nleft > 0)
+ {
+ nwritten = write (fd, buf, nleft);
+ if (nwritten < 0)
+ {
+ if (errno == EINTR)
+ nwritten = 0;
+ else
+ return -1;
+ }
+ nleft -= nwritten;
+ buf = (const char*)buf + nwritten;
+ }
+
+ return 0;
+}
+
+
+/* Write a MSG of length MSGLEN to the designated bulk out endpoint.
+ Returns 0 on success. */
+static int
+bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen,
+ int no_debug)
+{
+ int rc;
+
+ /* No need to continue and clutter the log with USB write error
+ messages after we got the first ENODEV. */
+ if (handle->enodev_seen)
+ return CCID_DRIVER_ERR_NO_READER;
+
+ if (debug_level && (!no_debug || debug_level >= 3))
+ {
+ switch (msglen? msg[0]:0)
+ {
+ case PC_to_RDR_IccPowerOn:
+ print_p2r_iccpoweron (msg, msglen);
+ break;
+ case PC_to_RDR_IccPowerOff:
+ print_p2r_iccpoweroff (msg, msglen);
+ break;
+ case PC_to_RDR_GetSlotStatus:
+ print_p2r_getslotstatus (msg, msglen);
+ break;
+ case PC_to_RDR_XfrBlock:
+ print_p2r_xfrblock (msg, msglen);
+ break;
+ case PC_to_RDR_GetParameters:
+ print_p2r_getparameters (msg, msglen);
+ break;
+ case PC_to_RDR_ResetParameters:
+ print_p2r_resetparameters (msg, msglen);
+ break;
+ case PC_to_RDR_SetParameters:
+ print_p2r_setparameters (msg, msglen);
+ break;
+ case PC_to_RDR_Escape:
+ print_p2r_escape (msg, msglen);
+ break;
+ case PC_to_RDR_IccClock:
+ print_p2r_iccclock (msg, msglen);
+ break;
+ case PC_to_RDR_T0APDU:
+ print_p2r_to0apdu (msg, msglen);
+ break;
+ case PC_to_RDR_Secure:
+ print_p2r_secure (msg, msglen);
+ break;
+ case PC_to_RDR_Mechanical:
+ print_p2r_mechanical (msg, msglen);
+ break;
+ case PC_to_RDR_Abort:
+ print_p2r_abort (msg, msglen);
+ break;
+ case PC_to_RDR_SetDataRate:
+ print_p2r_setdatarate (msg, msglen);
+ break;
+ default:
+ print_p2r_unknown (msg, msglen);
+ break;
+ }
+ }
+
+ if (handle->idev)
+ {
+ rc = usb_bulk_write (handle->idev,
+ handle->ep_bulk_out,
+ (char*)msg, msglen,
+ 5000 /* ms timeout */);
+ if (rc == msglen)
+ return 0;
+#ifdef ENODEV
+ if (rc == -(ENODEV))
+ {
+ /* The Linux libusb returns a negative error value. Catch
+ the most important one. */
+ errno = ENODEV;
+ rc = -1;
+ }
+#endif /*ENODEV*/
+
+ if (rc == -1)
+ {
+ DEBUGOUT_1 ("usb_bulk_write error: %s\n", strerror (errno));
+#ifdef ENODEV
+ if (errno == ENODEV)
+ {
+ handle->enodev_seen = 1;
+ return CCID_DRIVER_ERR_NO_READER;
+ }
+#endif /*ENODEV*/
+ }
+ else
+ DEBUGOUT_1 ("usb_bulk_write failed: %d\n", rc);
+ }
+ else
+ {
+ rc = writen (handle->dev_fd, msg, msglen);
+ if (!rc)
+ return 0;
+ DEBUGOUT_2 ("writen to %d failed: %s\n",
+ handle->dev_fd, strerror (errno));
+
+ }
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+}
+
+
+/* Read a maximum of LENGTH bytes from the bulk in endpoint into
+ BUFFER and return the actual read number if bytes in NREAD. SEQNO
+ is the sequence number used to send the request and EXPECTED_TYPE
+ the type of message we expect. Does checks on the ccid
+ header. TIMEOUT is the timeout value in ms. NO_DEBUG may be set to
+ avoid debug messages in case of no error; this can be overriden
+ with a glibal debug level of at least 3. Returns 0 on success. */
+static int
+bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
+ size_t *nread, int expected_type, int seqno, int timeout,
+ int no_debug)
+{
+ int rc;
+ size_t msglen;
+ int eagain_retries = 0;
+
+ /* Fixme: The next line for the current Valgrind without support
+ for USB IOCTLs. */
+ memset (buffer, 0, length);
+ retry:
+ if (handle->idev)
+ {
+ rc = usb_bulk_read (handle->idev,
+ handle->ep_bulk_in,
+ (char*)buffer, length,
+ timeout);
+ if (rc < 0)
+ {
+ rc = errno;
+ DEBUGOUT_1 ("usb_bulk_read error: %s\n", strerror (rc));
+ if (rc == EAGAIN && eagain_retries++ < 3)
+ {
+ my_sleep (1);
+ goto retry;
+ }
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+ }
+ *nread = msglen = rc;
+ }
+ else
+ {
+ rc = read (handle->dev_fd, buffer, length);
+ if (rc < 0)
+ {
+ rc = errno;
+ DEBUGOUT_2 ("read from %d failed: %s\n",
+ handle->dev_fd, strerror (rc));
+ if (rc == EAGAIN && eagain_retries++ < 5)
+ {
+ my_sleep (1);
+ goto retry;
+ }
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+ }
+ *nread = msglen = rc;
+ }
+ eagain_retries = 0;
+
+ if (msglen < 10)
+ {
+ DEBUGOUT_1 ("bulk-in msg too short (%u)\n", (unsigned int)msglen);
+ abort_cmd (handle, seqno);
+ return CCID_DRIVER_ERR_INV_VALUE;
+ }
+ if (buffer[5] != 0)
+ {
+ DEBUGOUT_1 ("unexpected bulk-in slot (%d)\n", buffer[5]);
+ return CCID_DRIVER_ERR_INV_VALUE;
+ }
+ if (buffer[6] != seqno)
+ {
+ DEBUGOUT_2 ("bulk-in seqno does not match (%d/%d)\n",
+ seqno, buffer[6]);
+ /* Retry until we are synced again. */
+ goto retry;
+ }
+
+ /* We need to handle the time extension request before we check that
+ we got the expected message type. This is in particular required
+ for the Cherry keyboard which sends a time extension request for
+ each key hit. */
+ if ( !(buffer[7] & 0x03) && (buffer[7] & 0xC0) == 0x80)
+ {
+ /* Card present and active, time extension requested. */
+ DEBUGOUT_2 ("time extension requested (%02X,%02X)\n",
+ buffer[7], buffer[8]);
+ goto retry;
+ }
+
+ if (buffer[0] != expected_type)
+ {
+ DEBUGOUT_1 ("unexpected bulk-in msg type (%02x)\n", buffer[0]);
+ abort_cmd (handle, seqno);
+ return CCID_DRIVER_ERR_INV_VALUE;
+ }
+
+ if (debug_level && (!no_debug || debug_level >= 3))
+ {
+ switch (buffer[0])
+ {
+ case RDR_to_PC_DataBlock:
+ print_r2p_datablock (buffer, msglen);
+ break;
+ case RDR_to_PC_SlotStatus:
+ print_r2p_slotstatus (buffer, msglen);
+ break;
+ case RDR_to_PC_Parameters:
+ print_r2p_parameters (buffer, msglen);
+ break;
+ case RDR_to_PC_Escape:
+ print_r2p_escape (buffer, msglen);
+ break;
+ case RDR_to_PC_DataRate:
+ print_r2p_datarate (buffer, msglen);
+ break;
+ default:
+ print_r2p_unknown (buffer, msglen);
+ break;
+ }
+ }
+ if (CCID_COMMAND_FAILED (buffer))
+ print_command_failed (buffer);
+
+ /* Check whether a card is at all available. Note: If you add new
+ error codes here, check whether they need to be ignored in
+ send_escape_cmd. */
+ switch ((buffer[7] & 0x03))
+ {
+ case 0: /* no error */ break;
+ case 1: return CCID_DRIVER_ERR_CARD_INACTIVE;
+ case 2: return CCID_DRIVER_ERR_NO_CARD;
+ case 3: /* RFU */ break;
+ }
+ return 0;
+}
+
+
+
+/* Send an abort sequence and wait until everything settled. */
+static int
+abort_cmd (ccid_driver_t handle, int seqno)
+{
+ int rc;
+ char dummybuf[8];
+ unsigned char msg[100];
+ size_t msglen;
+
+ if (!handle->idev)
+ {
+ /* I don't know how to send an abort to non-USB devices. */
+ rc = CCID_DRIVER_ERR_NOT_SUPPORTED;
+ }
+
+ seqno &= 0xff;
+ DEBUGOUT_1 ("sending abort sequence for seqno %d\n", seqno);
+ /* Send the abort command to the control pipe. Note that we don't
+ need to keep track of sent abort commands because there should
+ never be another thread using the same slot concurrently. */
+ rc = usb_control_msg (handle->idev,
+ 0x21,/* bmRequestType: host-to-device,
+ class specific, to interface. */
+ 1, /* ABORT */
+ (seqno << 8 | 0 /* slot */),
+ handle->ifc_no,
+ dummybuf, 0,
+ 1000 /* ms timeout */);
+ if (rc < 0)
+ {
+ DEBUGOUT_1 ("usb_control_msg error: %s\n", strerror (errno));
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+ }
+
+ /* Now send the abort command to the bulk out pipe using the same
+ SEQNO and SLOT. Do this in a loop to so that all seqno are
+ tried. */
+ seqno--; /* Adjust for next increment. */
+ do
+ {
+ seqno++;
+ msg[0] = PC_to_RDR_Abort;
+ msg[5] = 0; /* slot */
+ msg[6] = seqno;
+ msg[7] = 0; /* RFU */
+ msg[8] = 0; /* RFU */
+ msg[9] = 0; /* RFU */
+ msglen = 10;
+ set_msg_len (msg, 0);
+
+ rc = usb_bulk_write (handle->idev,
+ handle->ep_bulk_out,
+ (char*)msg, msglen,
+ 5000 /* ms timeout */);
+ if (rc == msglen)
+ rc = 0;
+ else if (rc == -1)
+ DEBUGOUT_1 ("usb_bulk_write error in abort_cmd: %s\n",
+ strerror (errno));
+ else
+ DEBUGOUT_1 ("usb_bulk_write failed in abort_cmd: %d\n", rc);
+
+ if (rc)
+ return rc;
+
+ rc = usb_bulk_read (handle->idev,
+ handle->ep_bulk_in,
+ (char*)msg, sizeof msg,
+ 5000 /*ms timeout*/);
+ if (rc < 0)
+ {
+ DEBUGOUT_1 ("usb_bulk_read error in abort_cmd: %s\n",
+ strerror (errno));
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+ }
+ msglen = rc;
+
+ if (msglen < 10)
+ {
+ DEBUGOUT_1 ("bulk-in msg in abort_cmd too short (%u)\n",
+ (unsigned int)msglen);
+ return CCID_DRIVER_ERR_INV_VALUE;
+ }
+ if (msg[5] != 0)
+ {
+ DEBUGOUT_1 ("unexpected bulk-in slot (%d) in abort_cmd\n", msg[5]);
+ return CCID_DRIVER_ERR_INV_VALUE;
+ }
+
+ DEBUGOUT_3 ("status: %02X error: %02X octet[9]: %02X\n",
+ msg[7], msg[8], msg[9]);
+ if (CCID_COMMAND_FAILED (msg))
+ print_command_failed (msg);
+ }
+ while (msg[0] != RDR_to_PC_SlotStatus && msg[5] != 0 && msg[6] != seqno);
+
+ handle->seqno = ((seqno + 1) & 0xff);
+ DEBUGOUT ("sending abort sequence succeeded\n");
+
+ return 0;
+}
+
+
+/* Note that this function won't return the error codes NO_CARD or
+ CARD_INACTIVE. IF RESULT is not NULL, the result from the
+ operation will get returned in RESULT and its length in RESULTLEN.
+ If the response is larger than RESULTMAX, an error is returned and
+ the required buffer length returned in RESULTLEN. */
+static int
+send_escape_cmd (ccid_driver_t handle,
+ const unsigned char *data, size_t datalen,
+ unsigned char *result, size_t resultmax, size_t *resultlen)
+{
+ int rc;
+ unsigned char msg[100];
+ size_t msglen;
+ unsigned char seqno;
+
+ if (resultlen)
+ *resultlen = 0;
+
+ if (datalen > sizeof msg - 10)
+ return CCID_DRIVER_ERR_INV_VALUE; /* Escape data too large. */
+
+ msg[0] = PC_to_RDR_Escape;
+ msg[5] = 0; /* slot */
+ msg[6] = seqno = handle->seqno++;
+ msg[7] = 0; /* RFU */
+ msg[8] = 0; /* RFU */
+ msg[9] = 0; /* RFU */
+ memcpy (msg+10, data, datalen);
+ msglen = 10 + datalen;
+ set_msg_len (msg, datalen);
+
+ rc = bulk_out (handle, msg, msglen, 0);
+ if (rc)
+ return rc;
+ rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Escape,
+ seqno, 5000, 0);
+ if (result)
+ switch (rc)
+ {
+ /* We need to ignore certain errorcode here. */
+ case 0:
+ case CCID_DRIVER_ERR_CARD_INACTIVE:
+ case CCID_DRIVER_ERR_NO_CARD:
+ {
+ if (msglen > resultmax)
+ rc = CCID_DRIVER_ERR_INV_VALUE; /* Response too large. */
+ else
+ {
+ memcpy (result, msg, msglen);
+ *resultlen = msglen;
+ }
+ rc = 0;
+ }
+ break;
+ default:
+ break;
+ }
+
+ return rc;
+}
+
+
+int
+ccid_transceive_escape (ccid_driver_t handle,
+ const unsigned char *data, size_t datalen,
+ unsigned char *resp, size_t maxresplen, size_t *nresp)
+{
+ return send_escape_cmd (handle, data, datalen, resp, maxresplen, nresp);
+}
+
+
+
+/* experimental */
+int
+ccid_poll (ccid_driver_t handle)
+{
+ int rc;
+ unsigned char msg[10];
+ size_t msglen;
+ int i, j;
+
+ if (handle->idev)
+ {
+ rc = usb_bulk_read (handle->idev,
+ handle->ep_intr,
+ (char*)msg, sizeof msg,
+ 0 /* ms timeout */ );
+ if (rc < 0 && errno == ETIMEDOUT)
+ return 0;
+ }
+ else
+ return 0;
+
+ if (rc < 0)
+ {
+ DEBUGOUT_1 ("usb_intr_read error: %s\n", strerror (errno));
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+ }
+
+ msglen = rc;
+ rc = 0;
+
+ if (msglen < 1)
+ {
+ DEBUGOUT ("intr-in msg too short\n");
+ return CCID_DRIVER_ERR_INV_VALUE;
+ }
+
+ if (msg[0] == RDR_to_PC_NotifySlotChange)
+ {
+ DEBUGOUT ("notify slot change:");
+ for (i=1; i < msglen; i++)
+ for (j=0; j < 4; j++)
+ DEBUGOUT_CONT_3 (" %d:%c%c",
+ (i-1)*4+j,
+ (msg[i] & (1<<(j*2)))? 'p':'-',
+ (msg[i] & (2<<(j*2)))? '*':' ');
+ DEBUGOUT_LF ();
+ }
+ else if (msg[0] == RDR_to_PC_HardwareError)
+ {
+ DEBUGOUT ("hardware error occured\n");
+ }
+ else
+ {
+ DEBUGOUT_1 ("unknown intr-in msg of type %02X\n", msg[0]);
+ }
+
+ return 0;
+}
+
+
+/* Note that this function won't return the error codes NO_CARD or
+ CARD_INACTIVE */
+int
+ccid_slot_status (ccid_driver_t handle, int *statusbits)
+{
+ int rc;
+ unsigned char msg[100];
+ size_t msglen;
+ unsigned char seqno;
+ int retries = 0;
+
+ retry:
+ msg[0] = PC_to_RDR_GetSlotStatus;
+ msg[5] = 0; /* slot */
+ msg[6] = seqno = handle->seqno++;
+ msg[7] = 0; /* RFU */
+ msg[8] = 0; /* RFU */
+ msg[9] = 0; /* RFU */
+ set_msg_len (msg, 0);
+
+ rc = bulk_out (handle, msg, 10, 1);
+ if (rc)
+ return rc;
+ /* Note that we set the NO_DEBUG flag here, so that the logs won't
+ get cluttered up by a ticker function checking for the slot
+ status and debugging enabled. */
+ rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_SlotStatus,
+ seqno, retries? 1000 : 200, 1);
+ if (rc == CCID_DRIVER_ERR_CARD_IO_ERROR && retries < 3)
+ {
+ if (!retries)
+ {
+ DEBUGOUT ("USB: CALLING USB_CLEAR_HALT\n");
+ usb_clear_halt (handle->idev, handle->ep_bulk_in);
+ usb_clear_halt (handle->idev, handle->ep_bulk_out);
+ }
+ else
+ DEBUGOUT ("USB: RETRYING bulk_in AGAIN\n");
+ retries++;
+ goto retry;
+ }
+ if (rc && rc != CCID_DRIVER_ERR_NO_CARD
+ && rc != CCID_DRIVER_ERR_CARD_INACTIVE)
+ return rc;
+ *statusbits = (msg[7] & 3);
+
+ return 0;
+}
+
+
+/* Return the ATR of the card. This is not a cached value and thus an
+ actual reset is done. */
+int
+ccid_get_atr (ccid_driver_t handle,
+ unsigned char *atr, size_t maxatrlen, size_t *atrlen)
+{
+ int rc;
+ int statusbits;
+ unsigned char msg[100];
+ unsigned char *tpdu;
+ size_t msglen, tpdulen;
+ unsigned char seqno;
+ int use_crc = 0;
+ unsigned int edc;
+ int tried_iso = 0;
+ int got_param;
+
+ /* First check whether a card is available. */
+ rc = ccid_slot_status (handle, &statusbits);
+ if (rc)
+ return rc;
+ if (statusbits == 2)
+ return CCID_DRIVER_ERR_NO_CARD;
+
+ /* For an inactive and also for an active card, issue the PowerOn
+ command to get the ATR. */
+ again:
+ msg[0] = PC_to_RDR_IccPowerOn;
+ msg[5] = 0; /* slot */
+ msg[6] = seqno = handle->seqno++;
+ msg[7] = 0; /* power select (0=auto, 1=5V, 2=3V, 3=1.8V) */
+ msg[8] = 0; /* RFU */
+ msg[9] = 0; /* RFU */
+ set_msg_len (msg, 0);
+ msglen = 10;
+
+ rc = bulk_out (handle, msg, msglen, 0);
+ if (rc)
+ return rc;
+ rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_DataBlock,
+ seqno, 5000, 0);
+ if (rc)
+ return rc;
+ if (!tried_iso && CCID_COMMAND_FAILED (msg) && CCID_ERROR_CODE (msg) == 0xbb
+ && ((handle->id_vendor == VENDOR_CHERRY
+ && handle->id_product == 0x0005)
+ || (handle->id_vendor == VENDOR_GEMPC
+ && handle->id_product == 0x4433)
+ ))
+ {
+ tried_iso = 1;
+ /* Try switching to ISO mode. */
+ if (!send_escape_cmd (handle, (const unsigned char*)"\xF1\x01", 2,
+ NULL, 0, NULL))
+ goto again;
+ }
+ else if (CCID_COMMAND_FAILED (msg))
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+
+
+ handle->powered_off = 0;
+
+ if (atr)
+ {
+ size_t n = msglen - 10;
+
+ if (n > maxatrlen)
+ n = maxatrlen;
+ memcpy (atr, msg+10, n);
+ *atrlen = n;
+ }
+
+ got_param = 0;
+ msg[0] = PC_to_RDR_GetParameters;
+ msg[5] = 0; /* slot */
+ msg[6] = seqno = handle->seqno++;
+ msg[7] = 0; /* RFU */
+ msg[8] = 0; /* RFU */
+ msg[9] = 0; /* RFU */
+ set_msg_len (msg, 0);
+ msglen = 10;
+ rc = bulk_out (handle, msg, msglen, 0);
+ if (!rc)
+ rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters,
+ seqno, 2000, 0);
+ if (rc)
+ DEBUGOUT ("GetParameters failed\n");
+ else if (msglen == 17 && msg[9] == 1)
+ got_param = 1;
+
+ /* Setup parameters to select T=1. */
+ msg[0] = PC_to_RDR_SetParameters;
+ msg[5] = 0; /* slot */
+ msg[6] = seqno = handle->seqno++;
+ msg[7] = 1; /* Select T=1. */
+ msg[8] = 0; /* RFU */
+ msg[9] = 0; /* RFU */
+
+ if (!got_param)
+ {
+ /* FIXME: Get those values from the ATR. */
+ msg[10]= 0x01; /* Fi/Di */
+ msg[11]= 0x10; /* LRC, direct convention. */
+ msg[12]= 0; /* Extra guardtime. */
+ msg[13]= 0x41; /* BWI/CWI */
+ msg[14]= 0; /* No clock stoppping. */
+ msg[15]= 254; /* IFSC */
+ msg[16]= 0; /* Does not support non default NAD values. */
+ }
+ set_msg_len (msg, 7);
+ msglen = 10 + 7;
+
+ rc = bulk_out (handle, msg, msglen, 0);
+ if (rc)
+ return rc;
+ rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters,
+ seqno, 5000, 0);
+ if (rc)
+ DEBUGOUT ("SetParameters failed (ignored)\n");
+
+ if (!rc && msglen > 15 && msg[15] >= 16 && msg[15] <= 254 )
+ handle->ifsc = msg[15];
+ else
+ handle->ifsc = 128; /* Something went wrong, assume 128 bytes. */
+
+ handle->t1_ns = 0;
+ handle->t1_nr = 0;
+
+ /* Send an S-Block with our maximum IFSD to the CCID. */
+ if (!handle->apdu_level && !handle->auto_ifsd)
+ {
+ tpdu = msg+10;
+ /* NAD: DAD=1, SAD=0 */
+ tpdu[0] = handle->nonnull_nad? ((1 << 4) | 0): 0;
+ tpdu[1] = (0xc0 | 0 | 1); /* S-block request: change IFSD */
+ tpdu[2] = 1;
+ tpdu[3] = handle->max_ifsd? handle->max_ifsd : 32;
+ tpdulen = 4;
+ edc = compute_edc (tpdu, tpdulen, use_crc);
+ if (use_crc)
+ tpdu[tpdulen++] = (edc >> 8);
+ tpdu[tpdulen++] = edc;
+
+ msg[0] = PC_to_RDR_XfrBlock;
+ msg[5] = 0; /* slot */
+ msg[6] = seqno = handle->seqno++;
+ msg[7] = 0;
+ msg[8] = 0; /* RFU */
+ msg[9] = 0; /* RFU */
+ set_msg_len (msg, tpdulen);
+ msglen = 10 + tpdulen;
+
+ if (debug_level > 1)
+ DEBUGOUT_3 ("T=1: put %c-block seq=%d%s\n",
+ ((msg[11] & 0xc0) == 0x80)? 'R' :
+ (msg[11] & 0x80)? 'S' : 'I',
+ ((msg[11] & 0x80)? !!(msg[11]& 0x10)
+ : !!(msg[11] & 0x40)),
+ (!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":""));
+
+ rc = bulk_out (handle, msg, msglen, 0);
+ if (rc)
+ return rc;
+
+
+ rc = bulk_in (handle, msg, sizeof msg, &msglen,
+ RDR_to_PC_DataBlock, seqno, 5000, 0);
+ if (rc)
+ return rc;
+
+ tpdu = msg + 10;
+ tpdulen = msglen - 10;
+
+ if (tpdulen < 4)
+ return CCID_DRIVER_ERR_ABORTED;
+
+ if (debug_level > 1)
+ DEBUGOUT_4 ("T=1: got %c-block seq=%d err=%d%s\n",
+ ((msg[11] & 0xc0) == 0x80)? 'R' :
+ (msg[11] & 0x80)? 'S' : 'I',
+ ((msg[11] & 0x80)? !!(msg[11]& 0x10)
+ : !!(msg[11] & 0x40)),
+ ((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0,
+ (!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":""));
+
+ if ((tpdu[1] & 0xe0) != 0xe0 || tpdu[2] != 1)
+ {
+ DEBUGOUT ("invalid response for S-block (Change-IFSD)\n");
+ return -1;
+ }
+ DEBUGOUT_1 ("IFSD has been set to %d\n", tpdu[3]);
+ }
+
+ return 0;
+}
+
+
+
+
+static unsigned int
+compute_edc (const unsigned char *data, size_t datalen, int use_crc)
+{
+ if (use_crc)
+ {
+ return 0x42; /* Not yet implemented. */
+ }
+ else
+ {
+ unsigned char crc = 0;
+
+ for (; datalen; datalen--)
+ crc ^= *data++;
+ return crc;
+ }
+}
+
+
+/* Return true if APDU is an extended length one. */
+static int
+is_exlen_apdu (const unsigned char *apdu, size_t apdulen)
+{
+ if (apdulen < 7 || apdu[4])
+ return 0; /* Too short or no Z byte. */
+ return 1;
+}
+
+
+/* Helper for ccid_transceive used for APDU level exchanges. */
+static int
+ccid_transceive_apdu_level (ccid_driver_t handle,
+ const unsigned char *apdu_buf, size_t apdu_buflen,
+ unsigned char *resp, size_t maxresplen,
+ size_t *nresp)
+{
+ int rc;
+ unsigned char send_buffer[10+261+300], recv_buffer[10+261+300];
+ const unsigned char *apdu;
+ size_t apdulen;
+ unsigned char *msg;
+ size_t msglen;
+ unsigned char seqno;
+ int bwi = 4;
+
+ msg = send_buffer;
+
+ apdu = apdu_buf;
+ apdulen = apdu_buflen;
+ assert (apdulen);
+
+ /* The maximum length for a short APDU T=1 block is 261. For an
+ extended APDU T=1 block the maximum length 65544; however
+ extended APDU exchange level is not yet supported. */
+ if (apdulen > 261)
+ return CCID_DRIVER_ERR_INV_VALUE; /* Invalid length. */
+
+ msg[0] = PC_to_RDR_XfrBlock;
+ msg[5] = 0; /* slot */
+ msg[6] = seqno = handle->seqno++;
+ msg[7] = bwi; /* bBWI */
+ msg[8] = 0; /* RFU */
+ msg[9] = 0; /* RFU */
+ memcpy (msg+10, apdu, apdulen);
+ set_msg_len (msg, apdulen);
+ msglen = 10 + apdulen;
+
+ rc = bulk_out (handle, msg, msglen, 0);
+ if (rc)
+ return rc;
+
+ msg = recv_buffer;
+ rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen,
+ RDR_to_PC_DataBlock, seqno, 5000, 0);
+ if (rc)
+ return rc;
+
+ apdu = msg + 10;
+ apdulen = msglen - 10;
+
+ if (resp)
+ {
+ if (apdulen > maxresplen)
+ {
+ DEBUGOUT_2 ("provided buffer too short for received data "
+ "(%u/%u)\n",
+ (unsigned int)apdulen, (unsigned int)maxresplen);
+ return CCID_DRIVER_ERR_INV_VALUE;
+ }
+
+ memcpy (resp, apdu, apdulen);
+ *nresp = apdulen;
+ }
+
+ return 0;
+}
+
+
+
+/*
+ Protocol T=1 overview
+
+ Block Structure:
+ Prologue Field:
+ 1 byte Node Address (NAD)
+ 1 byte Protocol Control Byte (PCB)
+ 1 byte Length (LEN)
+ Information Field:
+ 0-254 byte APDU or Control Information (INF)
+ Epilogue Field:
+ 1 byte Error Detection Code (EDC)
+
+ NAD:
+ bit 7 unused
+ bit 4..6 Destination Node Address (DAD)
+ bit 3 unused
+ bit 2..0 Source Node Address (SAD)
+
+ If node adresses are not used, SAD and DAD should be set to 0 on
+ the first block sent to the card. If they are used they should
+ have different values (0 for one is okay); that first block sets up
+ the addresses of the nodes.
+
+ PCB:
+ Information Block (I-Block):
+ bit 7 0
+ bit 6 Sequence number (yep, that is modulo 2)
+ bit 5 Chaining flag
+ bit 4..0 reserved
+ Received-Ready Block (R-Block):
+ bit 7 1
+ bit 6 0
+ bit 5 0
+ bit 4 Sequence number
+ bit 3..0 0 = no error
+ 1 = EDC or parity error
+ 2 = other error
+ other values are reserved
+ Supervisory Block (S-Block):
+ bit 7 1
+ bit 6 1
+ bit 5 clear=request,set=response
+ bit 4..0 0 = resyncronisation request
+ 1 = information field size request
+ 2 = abort request
+ 3 = extension of BWT request
+ 4 = VPP error
+ other values are reserved
+
+*/
+
+int
+ccid_transceive (ccid_driver_t handle,
+ const unsigned char *apdu_buf, size_t apdu_buflen,
+ unsigned char *resp, size_t maxresplen, size_t *nresp)
+{
+ int rc;
+ /* The size of the buffer used to be 10+259. For the via_escape
+ hack we need one extra byte, thus 11+259. */
+ unsigned char send_buffer[11+259], recv_buffer[11+259];
+ const unsigned char *apdu;
+ size_t apdulen;
+ unsigned char *msg, *tpdu, *p;
+ size_t msglen, tpdulen, last_tpdulen, n;
+ unsigned char seqno;
+ unsigned int edc;
+ int use_crc = 0;
+ int hdrlen, pcboff;
+ size_t dummy_nresp;
+ int via_escape = 0;
+ int next_chunk = 1;
+ int sending = 1;
+ int retries = 0;
+ int resyncing = 0;
+ int nad_byte;
+
+ if (!nresp)
+ nresp = &dummy_nresp;
+ *nresp = 0;
+
+ /* Smarter readers allow to send APDUs directly; divert here. */
+ if (handle->apdu_level)
+ {
+ /* We employ a hack for Omnikey readers which are able to send
+ TPDUs using an escape sequence. There is no documentation
+ but the Windows driver does it this way. Tested using a
+ CM6121. This method works also for the Cherry XX44
+ keyboards; however there are problems with the
+ ccid_tranceive_secure which leads to a loss of sync on the
+ CCID level. If Cherry wants to make their keyboard work
+ again, they should hand over some docs. */
+ if ((handle->id_vendor == VENDOR_OMNIKEY
+ || (!handle->idev && handle->id_product == TRANSPORT_CM4040))
+ && handle->apdu_level < 2
+ && is_exlen_apdu (apdu_buf, apdu_buflen))
+ via_escape = 1;
+ else
+ return ccid_transceive_apdu_level (handle, apdu_buf, apdu_buflen,
+ resp, maxresplen, nresp);
+ }
+
+ /* The other readers we support require sending TPDUs. */
+
+ tpdulen = 0; /* Avoid compiler warning about no initialization. */
+ msg = send_buffer;
+ hdrlen = via_escape? 11 : 10;
+
+ /* NAD: DAD=1, SAD=0 */
+ nad_byte = handle->nonnull_nad? ((1 << 4) | 0): 0;
+ if (via_escape)
+ nad_byte = 0;
+
+ last_tpdulen = 0; /* Avoid gcc warning (controlled by RESYNCING). */
+ for (;;)
+ {
+ if (next_chunk)
+ {
+ next_chunk = 0;
+
+ apdu = apdu_buf;
+ apdulen = apdu_buflen;
+ assert (apdulen);
+
+ /* Construct an I-Block. */
+ tpdu = msg + hdrlen;
+ tpdu[0] = nad_byte;
+ tpdu[1] = ((handle->t1_ns & 1) << 6); /* I-block */
+ if (apdulen > handle->ifsc )
+ {
+ apdulen = handle->ifsc;
+ apdu_buf += handle->ifsc;
+ apdu_buflen -= handle->ifsc;
+ tpdu[1] |= (1 << 5); /* Set more bit. */
+ }
+ tpdu[2] = apdulen;
+ memcpy (tpdu+3, apdu, apdulen);
+ tpdulen = 3 + apdulen;
+ edc = compute_edc (tpdu, tpdulen, use_crc);
+ if (use_crc)
+ tpdu[tpdulen++] = (edc >> 8);
+ tpdu[tpdulen++] = edc;
+ }
+
+ if (via_escape)
+ {
+ msg[0] = PC_to_RDR_Escape;
+ msg[5] = 0; /* slot */
+ msg[6] = seqno = handle->seqno++;
+ msg[7] = 0; /* RFU */
+ msg[8] = 0; /* RFU */
+ msg[9] = 0; /* RFU */
+ msg[10] = 0x1a; /* Omnikey command to send a TPDU. */
+ set_msg_len (msg, 1 + tpdulen);
+ }
+ else
+ {
+ msg[0] = PC_to_RDR_XfrBlock;
+ msg[5] = 0; /* slot */
+ msg[6] = seqno = handle->seqno++;
+ msg[7] = 4; /* bBWI */
+ msg[8] = 0; /* RFU */
+ msg[9] = 0; /* RFU */
+ set_msg_len (msg, tpdulen);
+ }
+ msglen = hdrlen + tpdulen;
+ if (!resyncing)
+ last_tpdulen = tpdulen;
+ pcboff = hdrlen+1;
+
+ if (debug_level > 1)
+ DEBUGOUT_3 ("T=1: put %c-block seq=%d%s\n",
+ ((msg[pcboff] & 0xc0) == 0x80)? 'R' :
+ (msg[pcboff] & 0x80)? 'S' : 'I',
+ ((msg[pcboff] & 0x80)? !!(msg[pcboff]& 0x10)
+ : !!(msg[pcboff] & 0x40)),
+ (!(msg[pcboff] & 0x80) && (msg[pcboff] & 0x20)?
+ " [more]":""));
+
+ rc = bulk_out (handle, msg, msglen, 0);
+ if (rc)
+ return rc;
+
+ msg = recv_buffer;
+ rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen,
+ via_escape? RDR_to_PC_Escape : RDR_to_PC_DataBlock,
+ seqno, 5000, 0);
+ if (rc)
+ return rc;
+
+ tpdu = msg + hdrlen;
+ tpdulen = msglen - hdrlen;
+ resyncing = 0;
+
+ if (tpdulen < 4)
+ {
+ usb_clear_halt (handle->idev, handle->ep_bulk_in);
+ return CCID_DRIVER_ERR_ABORTED;
+ }
+
+ if (debug_level > 1)
+ DEBUGOUT_4 ("T=1: got %c-block seq=%d err=%d%s\n",
+ ((msg[pcboff] & 0xc0) == 0x80)? 'R' :
+ (msg[pcboff] & 0x80)? 'S' : 'I',
+ ((msg[pcboff] & 0x80)? !!(msg[pcboff]& 0x10)
+ : !!(msg[pcboff] & 0x40)),
+ ((msg[pcboff] & 0xc0) == 0x80)? (msg[pcboff] & 0x0f) : 0,
+ (!(msg[pcboff] & 0x80) && (msg[pcboff] & 0x20)?
+ " [more]":""));
+
+ if (!(tpdu[1] & 0x80))
+ { /* This is an I-block. */
+ retries = 0;
+ if (sending)
+ { /* last block sent was successful. */
+ handle->t1_ns ^= 1;
+ sending = 0;
+ }
+
+ if (!!(tpdu[1] & 0x40) != handle->t1_nr)
+ { /* Reponse does not match our sequence number. */
+ msg = send_buffer;
+ tpdu = msg + hdrlen;
+ tpdu[0] = nad_byte;
+ tpdu[1] = (0x80 | (handle->t1_nr & 1) << 4 | 2); /* R-block */
+ tpdu[2] = 0;
+ tpdulen = 3;
+ edc = compute_edc (tpdu, tpdulen, use_crc);
+ if (use_crc)
+ tpdu[tpdulen++] = (edc >> 8);
+ tpdu[tpdulen++] = edc;
+
+ continue;
+ }
+
+ handle->t1_nr ^= 1;
+
+ p = tpdu + 3; /* Skip the prologue field. */
+ n = tpdulen - 3 - 1; /* Strip the epilogue field. */
+ /* fixme: verify the checksum. */
+ if (resp)
+ {
+ if (n > maxresplen)
+ {
+ DEBUGOUT_2 ("provided buffer too short for received data "
+ "(%u/%u)\n",
+ (unsigned int)n, (unsigned int)maxresplen);
+ return CCID_DRIVER_ERR_INV_VALUE;
+ }
+
+ memcpy (resp, p, n);
+ resp += n;
+ *nresp += n;
+ maxresplen -= n;
+ }
+
+ if (!(tpdu[1] & 0x20))
+ return 0; /* No chaining requested - ready. */
+
+ msg = send_buffer;
+ tpdu = msg + hdrlen;
+ tpdu[0] = nad_byte;
+ tpdu[1] = (0x80 | (handle->t1_nr & 1) << 4); /* R-block */
+ tpdu[2] = 0;
+ tpdulen = 3;
+ edc = compute_edc (tpdu, tpdulen, use_crc);
+ if (use_crc)
+ tpdu[tpdulen++] = (edc >> 8);
+ tpdu[tpdulen++] = edc;
+ }
+ else if ((tpdu[1] & 0xc0) == 0x80)
+ { /* This is a R-block. */
+ if ( (tpdu[1] & 0x0f))
+ {
+ retries++;
+ if (via_escape && retries == 1 && (msg[pcboff] & 0x0f))
+ {
+ /* Error probably due to switching to TPDU. Send a
+ resync request. We use the recv_buffer so that
+ we don't corrupt the send_buffer. */
+ msg = recv_buffer;
+ tpdu = msg + hdrlen;
+ tpdu[0] = nad_byte;
+ tpdu[1] = 0xc0; /* S-block resync request. */
+ tpdu[2] = 0;
+ tpdulen = 3;
+ edc = compute_edc (tpdu, tpdulen, use_crc);
+ if (use_crc)
+ tpdu[tpdulen++] = (edc >> 8);
+ tpdu[tpdulen++] = edc;
+ resyncing = 1;
+ DEBUGOUT ("T=1: requesting resync\n");
+ }
+ else if (retries > 3)
+ {
+ DEBUGOUT ("T=1: 3 failed retries\n");
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+ }
+ else
+ {
+ /* Error: repeat last block */
+ msg = send_buffer;
+ tpdulen = last_tpdulen;
+ }
+ }
+ else if (sending && !!(tpdu[1] & 0x10) == handle->t1_ns)
+ { /* Response does not match our sequence number. */
+ DEBUGOUT ("R-block with wrong seqno received on more bit\n");
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+ }
+ else if (sending)
+ { /* Send next chunk. */
+ retries = 0;
+ msg = send_buffer;
+ next_chunk = 1;
+ handle->t1_ns ^= 1;
+ }
+ else
+ {
+ DEBUGOUT ("unexpected ACK R-block received\n");
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+ }
+ }
+ else
+ { /* This is a S-block. */
+ retries = 0;
+ DEBUGOUT_2 ("T=1: S-block %s received cmd=%d\n",
+ (tpdu[1] & 0x20)? "response": "request",
+ (tpdu[1] & 0x1f));
+ if ( !(tpdu[1] & 0x20) && (tpdu[1] & 0x1f) == 1 && tpdu[2] == 1)
+ {
+ /* Information field size request. */
+ unsigned char ifsc = tpdu[3];
+
+ if (ifsc < 16 || ifsc > 254)
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+
+ msg = send_buffer;
+ tpdu = msg + hdrlen;
+ tpdu[0] = nad_byte;
+ tpdu[1] = (0xc0 | 0x20 | 1); /* S-block response */
+ tpdu[2] = 1;
+ tpdu[3] = ifsc;
+ tpdulen = 4;
+ edc = compute_edc (tpdu, tpdulen, use_crc);
+ if (use_crc)
+ tpdu[tpdulen++] = (edc >> 8);
+ tpdu[tpdulen++] = edc;
+ DEBUGOUT_1 ("T=1: requesting an ifsc=%d\n", ifsc);
+ }
+ else if ( !(tpdu[1] & 0x20) && (tpdu[1] & 0x1f) == 3 && tpdu[2])
+ {
+ /* Wait time extension request. */
+ unsigned char bwi = tpdu[3];
+ msg = send_buffer;
+ tpdu = msg + hdrlen;
+ tpdu[0] = nad_byte;
+ tpdu[1] = (0xc0 | 0x20 | 3); /* S-block response */
+ tpdu[2] = 1;
+ tpdu[3] = bwi;
+ tpdulen = 4;
+ edc = compute_edc (tpdu, tpdulen, use_crc);
+ if (use_crc)
+ tpdu[tpdulen++] = (edc >> 8);
+ tpdu[tpdulen++] = edc;
+ DEBUGOUT_1 ("T=1: waittime extension of bwi=%d\n", bwi);
+ print_progress (handle);
+ }
+ else if ( (tpdu[1] & 0x20) && (tpdu[1] & 0x1f) == 0 && !tpdu[2])
+ {
+ DEBUGOUT ("T=1: resync ack from reader\n");
+ /* Repeat previous block. */
+ msg = send_buffer;
+ tpdulen = last_tpdulen;
+ }
+ else
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+ }
+ } /* end T=1 protocol loop. */
+
+ return 0;
+}
+
+
+/* Send the CCID Secure command to the reader. APDU_BUF should
+ contain the APDU template. PIN_MODE defines how the pin gets
+ formatted:
+
+ 1 := The PIN is ASCII encoded and of variable length. The
+ length of the PIN entered will be put into Lc by the reader.
+ The APDU should me made up of 4 bytes without Lc.
+
+ PINLEN_MIN and PINLEN_MAX define the limits for the pin length. 0
+ may be used t enable reasonable defaults. PIN_PADLEN should be 0.
+
+ When called with RESP and NRESP set to NULL, the function will
+ merely check whether the reader supports the secure command for the
+ given APDU and PIN_MODE. */
+int
+ccid_transceive_secure (ccid_driver_t handle,
+ const unsigned char *apdu_buf, size_t apdu_buflen,
+ int pin_mode, int pinlen_min, int pinlen_max,
+ int pin_padlen,
+ unsigned char *resp, size_t maxresplen, size_t *nresp)
+{
+ int rc;
+ unsigned char send_buffer[10+259], recv_buffer[10+259];
+ unsigned char *msg, *tpdu, *p;
+ size_t msglen, tpdulen, n;
+ unsigned char seqno;
+ size_t dummy_nresp;
+ int testmode;
+ int cherry_mode = 0;
+
+ testmode = !resp && !nresp;
+
+ if (!nresp)
+ nresp = &dummy_nresp;
+ *nresp = 0;
+
+ if (apdu_buflen >= 4 && apdu_buf[1] == 0x20 && (handle->has_pinpad & 1))
+ ;
+ else if (apdu_buflen >= 4 && apdu_buf[1] == 0x24 && (handle->has_pinpad & 2))
+ return CCID_DRIVER_ERR_NOT_SUPPORTED; /* Not yet by our code. */
+ else
+ return CCID_DRIVER_ERR_NO_KEYPAD;
+
+ if (pin_mode != 1)
+ return CCID_DRIVER_ERR_NOT_SUPPORTED;
+
+ if (pin_padlen != 0)
+ return CCID_DRIVER_ERR_NOT_SUPPORTED;
+
+ if (!pinlen_min)
+ pinlen_min = 1;
+ if (!pinlen_max)
+ pinlen_max = 25;
+
+ /* Note that the 25 is the maximum value the SPR532 allows. */
+ if (pinlen_min < 1 || pinlen_min > 25
+ || pinlen_max < 1 || pinlen_max > 25
+ || pinlen_min > pinlen_max)
+ return CCID_DRIVER_ERR_INV_VALUE;
+
+ /* We have only tested a few readers so better don't risk anything
+ and do not allow the use with other readers. */
+ switch (handle->id_vendor)
+ {
+ case VENDOR_SCM: /* Tested with SPR 532. */
+ case VENDOR_KAAN: /* Tested with KAAN Advanced (1.02). */
+ break;
+ case VENDOR_CHERRY:
+ /* The CHERRY XX44 keyboard echos an asterisk for each entered
+ character on the keyboard channel. We use a special variant
+ of PC_to_RDR_Secure which directs these characters to the
+ smart card's bulk-in channel. We also need to append a zero
+ Lc byte to the APDU. It seems that it will be replaced with
+ the actual length instead of being appended before the APDU
+ is send to the card. */
+ cherry_mode = 1;
+ break;
+ default:
+ return CCID_DRIVER_ERR_NOT_SUPPORTED;
+ }
+
+ if (testmode)
+ return 0; /* Success */
+
+ msg = send_buffer;
+ if (handle->id_vendor == VENDOR_SCM)
+ {
+ DEBUGOUT ("sending escape sequence to switch to a case 1 APDU\n");
+ rc = send_escape_cmd (handle, (const unsigned char*)"\x80\x02\x00", 3,
+ NULL, 0, NULL);
+ if (rc)
+ return rc;
+ }
+
+ msg[0] = cherry_mode? 0x89 : PC_to_RDR_Secure;
+ msg[5] = 0; /* slot */
+ msg[6] = seqno = handle->seqno++;
+ msg[7] = 0; /* bBWI */
+ msg[8] = 0; /* RFU */
+ msg[9] = 0; /* RFU */
+ msg[10] = 0; /* Perform PIN verification. */
+ msg[11] = 0; /* Timeout in seconds. */
+ msg[12] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */
+ if (handle->id_vendor == VENDOR_SCM)
+ {
+ /* For the SPR532 the next 2 bytes need to be zero. We do this
+ for all SCM products. Kudos to Martin Paljak for this
+ hint. */
+ msg[13] = msg[14] = 0;
+ }
+ else
+ {
+ msg[13] = 0x00; /* bmPINBlockString:
+ 0 bits of pin length to insert.
+ 0 bytes of PIN block size. */
+ msg[14] = 0x00; /* bmPINLengthFormat:
+ Units are bytes, position is 0. */
+ }
+
+ /* The following is a little endian word. */
+ msg[15] = pinlen_max; /* wPINMaxExtraDigit-Maximum. */
+ msg[16] = pinlen_min; /* wPINMaxExtraDigit-Minimum. */
+
+ msg[17] = 0x02; /* bEntryValidationCondition:
+ Validation key pressed */
+ if (pinlen_min && pinlen_max && pinlen_min == pinlen_max)
+ msg[17] |= 0x01; /* Max size reached. */
+ msg[18] = 0xff; /* bNumberMessage: Default. */
+ msg[19] = 0x04; /* wLangId-High. */
+ msg[20] = 0x09; /* wLangId-Low: English FIXME: use the first entry. */
+ msg[21] = 0; /* bMsgIndex. */
+ /* bTeoProlog follows: */
+ msg[22] = handle->nonnull_nad? ((1 << 4) | 0): 0;
+ msg[23] = ((handle->t1_ns & 1) << 6); /* I-block */
+ msg[24] = 0; /* The apdulen will be filled in by the reader. */
+ /* APDU follows: */
+ msg[25] = apdu_buf[0]; /* CLA */
+ msg[26] = apdu_buf[1]; /* INS */
+ msg[27] = apdu_buf[2]; /* P1 */
+ msg[28] = apdu_buf[3]; /* P2 */
+ msglen = 29;
+ if (cherry_mode)
+ msg[msglen++] = 0;
+ /* An EDC is not required. */
+ set_msg_len (msg, msglen - 10);
+
+ rc = bulk_out (handle, msg, msglen, 0);
+ if (rc)
+ return rc;
+
+ msg = recv_buffer;
+ rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen,
+ RDR_to_PC_DataBlock, seqno, 30000, 0);
+ if (rc)
+ return rc;
+
+ tpdu = msg + 10;
+ tpdulen = msglen - 10;
+
+ if (handle->apdu_level)
+ {
+ if (resp)
+ {
+ if (tpdulen > maxresplen)
+ {
+ DEBUGOUT_2 ("provided buffer too short for received data "
+ "(%u/%u)\n",
+ (unsigned int)tpdulen, (unsigned int)maxresplen);
+ return CCID_DRIVER_ERR_INV_VALUE;
+ }
+
+ memcpy (resp, tpdu, tpdulen);
+ *nresp = tpdulen;
+ }
+ return 0;
+ }
+
+ if (tpdulen < 4)
+ {
+ usb_clear_halt (handle->idev, handle->ep_bulk_in);
+ return CCID_DRIVER_ERR_ABORTED;
+ }
+ if (debug_level > 1)
+ DEBUGOUT_4 ("T=1: got %c-block seq=%d err=%d%s\n",
+ ((msg[11] & 0xc0) == 0x80)? 'R' :
+ (msg[11] & 0x80)? 'S' : 'I',
+ ((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)),
+ ((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0,
+ (!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":""));
+
+ if (!(tpdu[1] & 0x80))
+ { /* This is an I-block. */
+ /* Last block sent was successful. */
+ handle->t1_ns ^= 1;
+
+ if (!!(tpdu[1] & 0x40) != handle->t1_nr)
+ { /* Reponse does not match our sequence number. */
+ DEBUGOUT ("I-block with wrong seqno received\n");
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+ }
+
+ handle->t1_nr ^= 1;
+
+ p = tpdu + 3; /* Skip the prologue field. */
+ n = tpdulen - 3 - 1; /* Strip the epilogue field. */
+ /* fixme: verify the checksum. */
+ if (resp)
+ {
+ if (n > maxresplen)
+ {
+ DEBUGOUT_2 ("provided buffer too short for received data "
+ "(%u/%u)\n",
+ (unsigned int)n, (unsigned int)maxresplen);
+ return CCID_DRIVER_ERR_INV_VALUE;
+ }
+
+ memcpy (resp, p, n);
+ resp += n;
+ *nresp += n;
+ maxresplen -= n;
+ }
+
+ if (!(tpdu[1] & 0x20))
+ return 0; /* No chaining requested - ready. */
+
+ DEBUGOUT ("chaining requested but not supported for Secure operation\n");
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+ }
+ else if ((tpdu[1] & 0xc0) == 0x80)
+ { /* This is a R-block. */
+ if ( (tpdu[1] & 0x0f))
+ { /* Error: repeat last block */
+ DEBUGOUT ("No retries supported for Secure operation\n");
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+ }
+ else if (!!(tpdu[1] & 0x10) == handle->t1_ns)
+ { /* Reponse does not match our sequence number. */
+ DEBUGOUT ("R-block with wrong seqno received on more bit\n");
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+ }
+ else
+ { /* Send next chunk. */
+ DEBUGOUT ("chaining not supported on Secure operation\n");
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+ }
+ }
+ else
+ { /* This is a S-block. */
+ DEBUGOUT_2 ("T=1: S-block %s received cmd=%d for Secure operation\n",
+ (tpdu[1] & 0x20)? "response": "request",
+ (tpdu[1] & 0x1f));
+ return CCID_DRIVER_ERR_CARD_IO_ERROR;
+ }
+
+ return 0;
+}
+
+
+
+
+#ifdef TEST
+
+
+static void
+print_error (int err)
+{
+ const char *p;
+ char buf[50];
+
+ switch (err)
+ {
+ case 0: p = "success";
+ case CCID_DRIVER_ERR_OUT_OF_CORE: p = "out of core"; break;
+ case CCID_DRIVER_ERR_INV_VALUE: p = "invalid value"; break;
+ case CCID_DRIVER_ERR_NO_DRIVER: p = "no driver"; break;
+ case CCID_DRIVER_ERR_NOT_SUPPORTED: p = "not supported"; break;
+ case CCID_DRIVER_ERR_LOCKING_FAILED: p = "locking failed"; break;
+ case CCID_DRIVER_ERR_BUSY: p = "busy"; break;
+ case CCID_DRIVER_ERR_NO_CARD: p = "no card"; break;
+ case CCID_DRIVER_ERR_CARD_INACTIVE: p = "card inactive"; break;
+ case CCID_DRIVER_ERR_CARD_IO_ERROR: p = "card I/O error"; break;
+ case CCID_DRIVER_ERR_GENERAL_ERROR: p = "general error"; break;
+ case CCID_DRIVER_ERR_NO_READER: p = "no reader"; break;
+ case CCID_DRIVER_ERR_ABORTED: p = "aborted"; break;
+ default: sprintf (buf, "0x%05x", err); p = buf; break;
+ }
+ fprintf (stderr, "operation failed: %s\n", p);
+}
+
+
+static void
+print_data (const unsigned char *data, size_t length)
+{
+ if (length >= 2)
+ {
+ fprintf (stderr, "operation status: %02X%02X\n",
+ data[length-2], data[length-1]);
+ length -= 2;
+ }
+ if (length)
+ {
+ fputs (" returned data:", stderr);
+ for (; length; length--, data++)
+ fprintf (stderr, " %02X", *data);
+ putc ('\n', stderr);
+ }
+}
+
+static void
+print_result (int rc, const unsigned char *data, size_t length)
+{
+ if (rc)
+ print_error (rc);
+ else if (data)
+ print_data (data, length);
+}
+
+int
+main (int argc, char **argv)
+{
+ int rc;
+ ccid_driver_t ccid;
+ int slotstat;
+ unsigned char result[512];
+ size_t resultlen;
+ int no_pinpad = 0;
+ int verify_123456 = 0;
+ int did_verify = 0;
+ int no_poll = 0;
+
+ if (argc)
+ {
+ argc--;
+ argv++;
+ }
+
+ while (argc)
+ {
+ if ( !strcmp (*argv, "--list"))
+ {
+ char *p;
+ p = ccid_get_reader_list ();
+ if (!p)
+ return 1;
+ fputs (p, stderr);
+ free (p);
+ return 0;
+ }
+ else if ( !strcmp (*argv, "--debug"))
+ {
+ ccid_set_debug_level (ccid_set_debug_level (-1)+1);
+ argc--; argv++;
+ }
+ else if ( !strcmp (*argv, "--no-poll"))
+ {
+ no_poll = 1;
+ argc--; argv++;
+ }
+ else if ( !strcmp (*argv, "--no-pinpad"))
+ {
+ no_pinpad = 1;
+ argc--; argv++;
+ }
+ else if ( !strcmp (*argv, "--verify-123456"))
+ {
+ verify_123456 = 1;
+ argc--; argv++;
+ }
+ else
+ break;
+ }
+
+ rc = ccid_open_reader (&ccid, argc? *argv:NULL);
+ if (rc)
+ return 1;
+
+ if (!no_poll)
+ ccid_poll (ccid);
+ fputs ("getting ATR ...\n", stderr);
+ rc = ccid_get_atr (ccid, NULL, 0, NULL);
+ if (rc)
+ {
+ print_error (rc);
+ return 1;
+ }
+
+ if (!no_poll)
+ ccid_poll (ccid);
+ fputs ("getting slot status ...\n", stderr);
+ rc = ccid_slot_status (ccid, &slotstat);
+ if (rc)
+ {
+ print_error (rc);
+ return 1;
+ }
+
+ if (!no_poll)
+ ccid_poll (ccid);
+
+ fputs ("selecting application OpenPGP ....\n", stderr);
+ {
+ static unsigned char apdu[] = {
+ 0, 0xA4, 4, 0, 6, 0xD2, 0x76, 0x00, 0x01, 0x24, 0x01};
+ rc = ccid_transceive (ccid,
+ apdu, sizeof apdu,
+ result, sizeof result, &resultlen);
+ print_result (rc, result, resultlen);
+ }
+
+
+ if (!no_poll)
+ ccid_poll (ccid);
+
+ fputs ("getting OpenPGP DO 0x65 ....\n", stderr);
+ {
+ static unsigned char apdu[] = { 0, 0xCA, 0, 0x65, 254 };
+ rc = ccid_transceive (ccid, apdu, sizeof apdu,
+ result, sizeof result, &resultlen);
+ print_result (rc, result, resultlen);
+ }
+
+ if (!no_pinpad)
+ {
+ }
+
+ if (!no_pinpad)
+ {
+ static unsigned char apdu[] = { 0, 0x20, 0, 0x81 };
+
+
+ if (ccid_transceive_secure (ccid,
+ apdu, sizeof apdu,
+ 1, 0, 0, 0,
+ NULL, 0, NULL))
+ fputs ("can't verify using a PIN-Pad reader\n", stderr);
+ else
+ {
+ fputs ("verifying CHV1 using the PINPad ....\n", stderr);
+
+ rc = ccid_transceive_secure (ccid,
+ apdu, sizeof apdu,
+ 1, 0, 0, 0,
+ result, sizeof result, &resultlen);
+ print_result (rc, result, resultlen);
+ did_verify = 1;
+ }
+ }
+
+ if (verify_123456 && !did_verify)
+ {
+ fputs ("verifying that CHV1 is 123456....\n", stderr);
+ {
+ static unsigned char apdu[] = {0, 0x20, 0, 0x81,
+ 6, '1','2','3','4','5','6'};
+ rc = ccid_transceive (ccid, apdu, sizeof apdu,
+ result, sizeof result, &resultlen);
+ print_result (rc, result, resultlen);
+ }
+ }
+
+ if (!rc)
+ {
+ fputs ("getting OpenPGP DO 0x5E ....\n", stderr);
+ {
+ static unsigned char apdu[] = { 0, 0xCA, 0, 0x5E, 254 };
+ rc = ccid_transceive (ccid, apdu, sizeof apdu,
+ result, sizeof result, &resultlen);
+ print_result (rc, result, resultlen);
+ }
+ }
+
+ ccid_close_reader (ccid);
+
+ return 0;
+}
+
+/*
+ * Local Variables:
+ * compile-command: "gcc -DTEST -Wall -I/usr/local/include -lusb -g ccid-driver.c"
+ * End:
+ */
+#endif /*TEST*/
+#endif /*HAVE_LIBUSB*/
diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h
new file mode 100644
index 0000000..6bb1913
--- /dev/null
+++ b/scd/ccid-driver.h
@@ -0,0 +1,109 @@
+/* ccid-driver.c - USB ChipCardInterfaceDevices driver
+ * Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * ALTERNATIVELY, this file may be distributed under the terms of the
+ * following license, in which case the provisions of this license are
+ * required INSTEAD OF the GNU General Public License. If you wish to
+ * allow use of your version of this file only under the terms of the
+ * GNU General Public License, and not to allow others to use your
+ * version of this file under the terms of the following license,
+ * indicate your decision by deleting this paragraph and the license
+ * below.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifndef CCID_DRIVER_H
+#define CCID_DRIVER_H
+
+/* The CID driver returns the same error codes as the status words
+ used by GnuPG's apdu.h. For ease of maintenance they should always
+ match. */
+#define CCID_DRIVER_ERR_OUT_OF_CORE 0x10001
+#define CCID_DRIVER_ERR_INV_VALUE 0x10002
+#define CCID_DRIVER_ERR_INCOMPLETE_CARD_RESPONSE = 0x10003
+#define CCID_DRIVER_ERR_NO_DRIVER 0x10004
+#define CCID_DRIVER_ERR_NOT_SUPPORTED 0x10005
+#define CCID_DRIVER_ERR_LOCKING_FAILED 0x10006
+#define CCID_DRIVER_ERR_BUSY 0x10007
+#define CCID_DRIVER_ERR_NO_CARD 0x10008
+#define CCID_DRIVER_ERR_CARD_INACTIVE 0x10009
+#define CCID_DRIVER_ERR_CARD_IO_ERROR 0x1000a
+#define CCID_DRIVER_ERR_GENERAL_ERROR 0x1000b
+#define CCID_DRIVER_ERR_NO_READER 0x1000c
+#define CCID_DRIVER_ERR_ABORTED 0x1000d
+#define CCID_DRIVER_ERR_NO_KEYPAD 0x1000e
+
+struct ccid_driver_s;
+typedef struct ccid_driver_s *ccid_driver_t;
+
+int ccid_set_debug_level (int level);
+char *ccid_get_reader_list (void);
+int ccid_open_reader (ccid_driver_t *handle, const char *readerid);
+int ccid_set_progress_cb (ccid_driver_t handle,
+ void (*cb)(void *, const char *, int, int, int),
+ void *cb_arg);
+int ccid_shutdown_reader (ccid_driver_t handle);
+int ccid_close_reader (ccid_driver_t handle);
+int ccid_get_atr (ccid_driver_t handle,
+ unsigned char *atr, size_t maxatrlen, size_t *atrlen);
+int ccid_slot_status (ccid_driver_t handle, int *statusbits);
+int ccid_transceive (ccid_driver_t handle,
+ const unsigned char *apdu, size_t apdulen,
+ unsigned char *resp, size_t maxresplen, size_t *nresp);
+int ccid_transceive_secure (ccid_driver_t handle,
+ const unsigned char *apdu, size_t apdulen,
+ int pin_mode,
+ int pinlen_min, int pinlen_max, int pin_padlen,
+ unsigned char *resp, size_t maxresplen, size_t *nresp);
+int ccid_transceive_escape (ccid_driver_t handle,
+ const unsigned char *data, size_t datalen,
+ unsigned char *resp, size_t maxresplen,
+ size_t *nresp);
+
+
+
+#endif /*CCID_DRIVER_H*/
+
+
+
diff --git a/scd/command.c b/scd/command.c
new file mode 100644
index 0000000..52b22c6
--- /dev/null
+++ b/scd/command.c
@@ -0,0 +1,2327 @@
+/* command.c - SCdaemon command handler
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005,
+ * 2007, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#include <signal.h>
+#ifdef USE_GNU_PTH
+# include <pth.h>
+#endif
+
+#include "scdaemon.h"
+#include <assuan.h>
+#include <ksba.h>
+#include "app-common.h"
+#include "apdu.h" /* Required for apdu_*_reader (). */
+#include "exechelp.h"
+#ifdef HAVE_LIBUSB
+#include "ccid-driver.h"
+#endif
+
+/* Maximum length allowed as a PIN; used for INQUIRE NEEDPIN */
+#define MAXLEN_PIN 100
+
+/* Maximum allowed size of key data as used in inquiries. */
+#define MAXLEN_KEYDATA 4096
+
+/* Maximum allowed size of certificate data as used in inquiries. */
+#define MAXLEN_CERTDATA 16384
+
+
+#define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
+
+
+/* Macro to flag a removed card. ENODEV is also tested to catch teh
+ case of a removed reader. */
+#define TEST_CARD_REMOVAL(c,r) \
+ do { \
+ int _r = (r); \
+ if (gpg_err_code (_r) == GPG_ERR_CARD_NOT_PRESENT \
+ || gpg_err_code (_r) == GPG_ERR_CARD_REMOVED \
+ || gpg_err_code (_r) == GPG_ERR_ENODEV ) \
+ update_card_removed ((c)->reader_slot, 1); \
+ } while (0)
+
+#define IS_LOCKED(c) \
+ (locked_session && locked_session != (c)->server_local \
+ && (c)->reader_slot != -1 && locked_session->ctrl_backlink \
+ && (c)->reader_slot == locked_session->ctrl_backlink->reader_slot)
+
+
+/* Flag indicating that the reader has been disabled. */
+static int reader_disabled;
+
+
+/* This structure is used to keep track of open readers (slots). */
+struct slot_status_s
+{
+ int valid; /* True if the other objects are valid. */
+ int slot; /* Slot number of the reader or -1 if not open. */
+
+ int reset_failed; /* A reset failed. */
+
+ int any; /* Flag indicating whether any status check has been
+ done. This is set once to indicate that the status
+ tracking for the slot has been initialized. */
+ unsigned int status; /* Last status of the slot. */
+ unsigned int changed; /* Last change counter of the slot. */
+};
+
+
+/* Data used to associate an Assuan context with local server data.
+ This object describes the local properties of one session. */
+struct server_local_s
+{
+ /* We keep a list of all active sessions with the anchor at
+ SESSION_LIST (see below). This field is used for linking. */
+ struct server_local_s *next_session;
+
+ /* This object is usually assigned to a CTRL object (which is
+ globally visible). While enumerating all sessions we sometimes
+ need to access data of the CTRL object; thus we keep a
+ backpointer here. */
+ ctrl_t ctrl_backlink;
+
+ /* The Assuan context used by this session/server. */
+ assuan_context_t assuan_ctx;
+
+#ifdef HAVE_W32_SYSTEM
+ unsigned long event_signal; /* Or 0 if not used. */
+#else
+ int event_signal; /* Or 0 if not used. */
+#endif
+
+ /* True if the card has been removed and a reset is required to
+ continue operation. */
+ int card_removed;
+
+ /* Flag indicating that the application context needs to be released
+ at the next opportunity. */
+ int app_ctx_marked_for_release;
+
+ /* A disconnect command has been sent. */
+ int disconnect_allowed;
+
+ /* If set to true we will be terminate ourself at the end of the
+ this session. */
+ int stopme;
+
+};
+
+
+/* The table with information on all used slots. FIXME: This is a
+ different slot number than the one used by the APDU layer, and
+ should be renamed. */
+static struct slot_status_s slot_table[10];
+
+
+/* To keep track of all running sessions, we link all active server
+ contexts and the anchor in this variable. */
+static struct server_local_s *session_list;
+
+/* If a session has been locked we store a link to its server object
+ in this variable. */
+static struct server_local_s *locked_session;
+
+/* While doing a reset we need to make sure that the ticker does not
+ call scd_update_reader_status_file while we are using it. */
+static pth_mutex_t status_file_update_lock;
+
+
+/*-- Local prototypes --*/
+static void update_reader_status_file (int set_card_removed_flag);
+
+
+
+
+/* This function must be called once to initialize this module. This
+ has to be done before a second thread is spawned. We can't do the
+ static initialization because Pth emulation code might not be able
+ to do a static init; in particular, it is not possible for W32. */
+void
+initialize_module_command (void)
+{
+ static int initialized;
+
+ if (!initialized)
+ {
+ if (pth_mutex_init (&status_file_update_lock))
+ initialized = 1;
+ }
+}
+
+
+/* Update the CARD_REMOVED element of all sessions using the reader
+ given by SLOT to VALUE. */
+static void
+update_card_removed (int slot, int value)
+{
+ struct server_local_s *sl;
+
+ for (sl=session_list; sl; sl = sl->next_session)
+ if (sl->ctrl_backlink
+ && sl->ctrl_backlink->reader_slot == slot)
+ {
+ sl->card_removed = value;
+ }
+ /* Let the card application layer know about the removal. */
+ if (value)
+ application_notify_card_reset (slot);
+}
+
+
+
+/* Check whether the option NAME appears in LINE. Returns 1 or 0. */
+static int
+has_option (const char *line, const char *name)
+{
+ const char *s;
+ int n = strlen (name);
+
+ s = strstr (line, name);
+ return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n)));
+}
+
+/* Same as has_option but does only test for the name of the option
+ and ignores an argument, i.e. with NAME being "--hash" it would
+ return a pointer for "--hash" as well as for "--hash=foo". If
+ there is no such option NULL is returned. The pointer returned
+ points right behind the option name, this may be an equal sign, Nul
+ or a space. */
+static const char *
+has_option_name (const char *line, const char *name)
+{
+ const char *s;
+ int n = strlen (name);
+
+ s = strstr (line, name);
+ return (s && (s == line || spacep (s-1))
+ && (!s[n] || spacep (s+n) || s[n] == '=')) ? (s+n) : NULL;
+}
+
+
+/* Skip over options. It is assumed that leading spaces have been
+ removed (this is the case for lines passed to a handler from
+ assuan). Blanks after the options are also removed. */
+static char *
+skip_options (char *line)
+{
+ while ( *line == '-' && line[1] == '-' )
+ {
+ while (*line && !spacep (line))
+ line++;
+ while (spacep (line))
+ line++;
+ }
+ return line;
+}
+
+
+
+/* Convert the STRING into a newly allocated buffer while translating
+ the hex numbers. Stops at the first invalid character. Blanks and
+ colons are allowed to separate the hex digits. Returns NULL on
+ error or a newly malloced buffer and its length in LENGTH. */
+static unsigned char *
+hex_to_buffer (const char *string, size_t *r_length)
+{
+ unsigned char *buffer;
+ const char *s;
+ size_t n;
+
+ buffer = xtrymalloc (strlen (string)+1);
+ if (!buffer)
+ return NULL;
+ for (s=string, n=0; *s; s++)
+ {
+ if (spacep (s) || *s == ':')
+ continue;
+ if (hexdigitp (s) && hexdigitp (s+1))
+ {
+ buffer[n++] = xtoi_2 (s);
+ s++;
+ }
+ else
+ break;
+ }
+ *r_length = n;
+ return buffer;
+}
+
+
+
+/* Reset the card and free the application context. With SEND_RESET
+ set to true actually send a RESET to the reader; this is the normal
+ way of calling the function. */
+static void
+do_reset (ctrl_t ctrl, int send_reset)
+{
+ int slot = ctrl->reader_slot;
+
+ if (!(slot == -1 || (slot >= 0 && slot < DIM(slot_table))))
+ BUG ();
+
+ /* If there is an active application, release it. Tell all other
+ sessions using the same application to release the
+ application. */
+ if (ctrl->app_ctx)
+ {
+ release_application (ctrl->app_ctx);
+ ctrl->app_ctx = NULL;
+ if (send_reset)
+ {
+ struct server_local_s *sl;
+
+ for (sl=session_list; sl; sl = sl->next_session)
+ if (sl->ctrl_backlink
+ && sl->ctrl_backlink->reader_slot == slot)
+ {
+ sl->app_ctx_marked_for_release = 1;
+ }
+ }
+ }
+
+ /* If we want a real reset for the card, send the reset APDU and
+ tell the application layer about it. */
+ if (slot != -1 && send_reset && !IS_LOCKED (ctrl) )
+ {
+ if (apdu_reset (slot))
+ {
+ slot_table[slot].valid = 0;
+ }
+ application_notify_card_reset (slot);
+ }
+
+ /* If we hold a lock, unlock now. */
+ if (locked_session && ctrl->server_local == locked_session)
+ {
+ locked_session = NULL;
+ log_info ("implicitly unlocking due to RESET\n");
+ }
+
+ /* Reset the card removed flag for the current reader. We need to
+ take the lock here so that the ticker thread won't concurrently
+ try to update the file. Calling update_reader_status_file is
+ required to get hold of the new status of the card in the slot
+ table. */
+ if (!pth_mutex_acquire (&status_file_update_lock, 0, NULL))
+ {
+ log_error ("failed to acquire status_fle_update lock\n");
+ ctrl->reader_slot = -1;
+ return;
+ }
+ update_reader_status_file (0); /* Update slot status table. */
+ update_card_removed (slot, 0); /* Clear card_removed flag. */
+ if (!pth_mutex_release (&status_file_update_lock))
+ log_error ("failed to release status_file_update lock\n");
+
+ /* Do this last, so that the update_card_removed above does its job. */
+ ctrl->reader_slot = -1;
+}
+
+
+static gpg_error_t
+reset_notify (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ (void) line;
+
+ do_reset (ctrl, 1);
+ return 0;
+}
+
+
+static gpg_error_t
+option_handler (assuan_context_t ctx, const char *key, const char *value)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ if (!strcmp (key, "event-signal"))
+ {
+ /* A value of 0 is allowed to reset the event signal. */
+#ifdef HAVE_W32_SYSTEM
+ if (!*value)
+ return gpg_error (GPG_ERR_ASS_PARAMETER);
+ ctrl->server_local->event_signal = strtoul (value, NULL, 16);
+#else
+ int i = *value? atoi (value) : -1;
+ if (i < 0)
+ return gpg_error (GPG_ERR_ASS_PARAMETER);
+ ctrl->server_local->event_signal = i;
+#endif
+ }
+
+ return 0;
+}
+
+
+/* Return the slot of the current reader or open the reader if no
+ other sessions are using a reader. Note, that we currently support
+ only one reader but most of the code (except for this function)
+ should be able to cope with several readers. */
+static int
+get_reader_slot (void)
+{
+ struct slot_status_s *ss;
+
+ ss = &slot_table[0]; /* One reader for now. */
+
+ /* Initialize the item if needed. */
+ if (!ss->valid)
+ {
+ ss->slot = -1;
+ ss->valid = 1;
+ }
+
+ /* Try to open the reader. */
+ if (ss->slot == -1)
+ {
+ int no_service_flag;
+ ss->slot = apdu_open_reader (opt.reader_port, &no_service_flag);
+
+ /* If we still don't have a slot, we have no readers.
+ Invalidate for now until a reader is attached. */
+ if(ss->slot == -1)
+ {
+ ss->valid = 0;
+ }
+
+ if (no_service_flag)
+ {
+ log_info ("no card services - disabling scdaemon\n");
+ reader_disabled = 1;
+ }
+ }
+
+ /* Return the slot_table index. */
+ return 0;
+}
+
+/* If the card has not yet been opened, do it. Note that this
+ function returns an Assuan error, so don't map the error a second
+ time. */
+static gpg_error_t
+open_card (ctrl_t ctrl, const char *apptype)
+{
+ gpg_error_t err;
+ int slot;
+
+ if (reader_disabled)
+ return gpg_error (GPG_ERR_NOT_OPERATIONAL);
+
+ /* If we ever got a card not present error code, return that. Only
+ the SERIALNO command and a reset are able to clear from that
+ state. */
+ if (ctrl->server_local->card_removed)
+ return gpg_error (GPG_ERR_CARD_REMOVED);
+
+ if ( IS_LOCKED (ctrl) )
+ return gpg_error (GPG_ERR_LOCKED);
+
+ /* If the application has been marked for release do it now. We
+ can't do it immediately in do_reset because the application may
+ still be in use. */
+ if (ctrl->server_local->app_ctx_marked_for_release)
+ {
+ ctrl->server_local->app_ctx_marked_for_release = 0;
+ release_application (ctrl->app_ctx);
+ ctrl->app_ctx = NULL;
+ }
+
+ /* If we are already initialized for one specific application we
+ need to check that the client didn't requested a specific
+ application different from the one in use before we continue. */
+ if (ctrl->app_ctx)
+ return check_application_conflict (ctrl, apptype);
+
+ /* Setup the slot and select the application. */
+ if (ctrl->reader_slot != -1)
+ slot = ctrl->reader_slot;
+ else
+ slot = get_reader_slot ();
+ ctrl->reader_slot = slot;
+ if (slot == -1)
+ err = gpg_error (reader_disabled? GPG_ERR_NOT_OPERATIONAL: GPG_ERR_CARD);
+ else
+ {
+ /* Fixme: We should move the apdu_connect call to
+ select_application. */
+ int sw;
+
+ ctrl->server_local->disconnect_allowed = 0;
+ sw = apdu_connect (slot);
+ if (sw && sw != SW_HOST_ALREADY_CONNECTED)
+ {
+ if (sw == SW_HOST_NO_CARD)
+ err = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
+ else
+ err = gpg_error (GPG_ERR_CARD);
+ }
+ else
+ err = select_application (ctrl, slot, apptype, &ctrl->app_ctx);
+ }
+
+ TEST_CARD_REMOVAL (ctrl, err);
+ return err;
+}
+
+
+static const char hlp_serialno[] =
+ "SERIALNO [<apptype>]\n"
+ "\n"
+ "Return the serial number of the card using a status reponse. This\n"
+ "function should be used to check for the presence of a card.\n"
+ "\n"
+ "If APPTYPE is given, an application of that type is selected and an\n"
+ "error is returned if the application is not supported or available.\n"
+ "The default is to auto-select the application using a hardwired\n"
+ "preference system. Note, that a future extension to this function\n"
+ "may allow to specify a list and order of applications to try.\n"
+ "\n"
+ "This function is special in that it can be used to reset the card.\n"
+ "Most other functions will return an error when a card change has\n"
+ "been detected and the use of this function is therefore required.\n"
+ "\n"
+ "Background: We want to keep the client clear of handling card\n"
+ "changes between operations; i.e. the client can assume that all\n"
+ "operations are done on the same card unless he calls this function.";
+static gpg_error_t
+cmd_serialno (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc = 0;
+ char *serial_and_stamp;
+ char *serial;
+ time_t stamp;
+
+ /* Clear the remove flag so that the open_card is able to reread it. */
+ if (!reader_disabled && ctrl->server_local->card_removed)
+ {
+ if ( IS_LOCKED (ctrl) )
+ return gpg_error (GPG_ERR_LOCKED);
+ do_reset (ctrl, 1);
+ }
+
+ if ((rc = open_card (ctrl, *line? line:NULL)))
+ return rc;
+
+ rc = app_get_serial_and_stamp (ctrl->app_ctx, &serial, &stamp);
+ if (rc)
+ return rc;
+
+ rc = estream_asprintf (&serial_and_stamp, "%s %lu",
+ serial, (unsigned long)stamp);
+ xfree (serial);
+ if (rc < 0)
+ return out_of_core ();
+ rc = 0;
+ assuan_write_status (ctx, "SERIALNO", serial_and_stamp);
+ xfree (serial_and_stamp);
+ return 0;
+}
+
+
+static const char hlp_learn[] =
+ "LEARN [--force] [--keypairinfo]\n"
+ "\n"
+ "Learn all useful information of the currently inserted card. When\n"
+ "used without the force options, the command might do an INQUIRE\n"
+ "like this:\n"
+ "\n"
+ " INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp>\n"
+ "\n"
+ "The client should just send an \"END\" if the processing should go on\n"
+ "or a \"CANCEL\" to force the function to terminate with a Cancel\n"
+ "error message.\n"
+ "\n"
+ "With the option --keypairinfo only KEYPARIINFO lstatus lines are\n"
+ "returned.\n"
+ "\n"
+ "The response of this command is a list of status lines formatted as\n"
+ "this:\n"
+ "\n"
+ " S APPTYPE <apptype>\n"
+ "\n"
+ "This returns the type of the application, currently the strings:\n"
+ "\n"
+ " P15 = PKCS-15 structure used\n"
+ " DINSIG = DIN SIG\n"
+ " OPENPGP = OpenPGP card\n"
+ " NKS = NetKey card\n"
+ "\n"
+ "are implemented. These strings are aliases for the AID\n"
+ "\n"
+ " S KEYPAIRINFO <hexstring_with_keygrip> <hexstring_with_id>\n"
+ "\n"
+ "If there is no certificate yet stored on the card a single 'X' is\n"
+ "returned as the keygrip. In addition to the keypair info, information\n"
+ "about all certificates stored on the card is also returned:\n"
+ "\n"
+ " S CERTINFO <certtype> <hexstring_with_id>\n"
+ "\n"
+ "Where CERTTYPE is a number indicating the type of certificate:\n"
+ " 0 := Unknown\n"
+ " 100 := Regular X.509 cert\n"
+ " 101 := Trusted X.509 cert\n"
+ " 102 := Useful X.509 cert\n"
+ " 110 := Root CA cert in a special format (e.g. DINSIG)\n"
+ " 111 := Root CA cert as standard X509 cert.\n"
+ "\n"
+ "For certain cards, more information will be returned:\n"
+ "\n"
+ " S KEY-FPR <no> <hexstring>\n"
+ "\n"
+ "For OpenPGP cards this returns the stored fingerprints of the\n"
+ "keys. This can be used check whether a key is available on the\n"
+ "card. NO may be 1, 2 or 3.\n"
+ "\n"
+ " S CA-FPR <no> <hexstring>\n"
+ "\n"
+ "Similar to above, these are the fingerprints of keys assumed to be\n"
+ "ultimately trusted.\n"
+ "\n"
+ " S DISP-NAME <name_of_card_holder>\n"
+ "\n"
+ "The name of the card holder as stored on the card; percent\n"
+ "escaping takes place, spaces are encoded as '+'\n"
+ "\n"
+ " S PUBKEY-URL <url>\n"
+ "\n"
+ "The URL to be used for locating the entire public key.\n"
+ " \n"
+ "Note, that this function may even be used on a locked card.";
+static gpg_error_t
+cmd_learn (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc = 0;
+ int only_keypairinfo = has_option (line, "--keypairinfo");
+
+ if ((rc = open_card (ctrl, NULL)))
+ return rc;
+
+ /* Unless the force option is used we try a shortcut by identifying
+ the card using a serial number and inquiring the client with
+ that. The client may choose to cancel the operation if he already
+ knows about this card */
+ if (!only_keypairinfo)
+ {
+ char *serial_and_stamp;
+ char *serial;
+ time_t stamp;
+
+ rc = app_get_serial_and_stamp (ctrl->app_ctx, &serial, &stamp);
+ if (rc)
+ return rc;
+ rc = estream_asprintf (&serial_and_stamp, "%s %lu",
+ serial, (unsigned long)stamp);
+ xfree (serial);
+ if (rc < 0)
+ return out_of_core ();
+ rc = 0;
+ assuan_write_status (ctx, "SERIALNO", serial_and_stamp);
+
+ if (!has_option (line, "--force"))
+ {
+ char *command;
+
+ rc = estream_asprintf (&command, "KNOWNCARDP %s", serial_and_stamp);
+ if (rc < 0)
+ {
+ xfree (serial_and_stamp);
+ return out_of_core ();
+ }
+ rc = 0;
+ rc = assuan_inquire (ctx, command, NULL, NULL, 0);
+ xfree (command);
+ if (rc)
+ {
+ if (gpg_err_code (rc) != GPG_ERR_ASS_CANCELED)
+ log_error ("inquire KNOWNCARDP failed: %s\n",
+ gpg_strerror (rc));
+ xfree (serial_and_stamp);
+ return rc;
+ }
+ /* Not canceled, so we have to proceeed. */
+ }
+ xfree (serial_and_stamp);
+ }
+
+ /* Let the application print out its collection of useful status
+ information. */
+ if (!rc)
+ rc = app_write_learn_status (ctrl->app_ctx, ctrl, only_keypairinfo);
+
+ TEST_CARD_REMOVAL (ctrl, rc);
+ return rc;
+}
+
+
+
+static const char hlp_readcert[] =
+ "READCERT <hexified_certid>|<keyid>\n"
+ "\n"
+ "Note, that this function may even be used on a locked card.";
+static gpg_error_t
+cmd_readcert (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ unsigned char *cert;
+ size_t ncert;
+
+ if ((rc = open_card (ctrl, NULL)))
+ return rc;
+
+ line = xstrdup (line); /* Need a copy of the line. */
+ rc = app_readcert (ctrl->app_ctx, line, &cert, &ncert);
+ if (rc)
+ log_error ("app_readcert failed: %s\n", gpg_strerror (rc));
+ xfree (line);
+ line = NULL;
+ if (!rc)
+ {
+ rc = assuan_send_data (ctx, cert, ncert);
+ xfree (cert);
+ if (rc)
+ return rc;
+ }
+
+ TEST_CARD_REMOVAL (ctrl, rc);
+ return rc;
+}
+
+
+static const char hlp_readkey[] =
+ "READKEY <keyid>\n"
+ "\n"
+ "Return the public key for the given cert or key ID as a standard\n"
+ "S-expression.\n"
+ "\n"
+ "Note, that this function may even be used on a locked card.";
+static gpg_error_t
+cmd_readkey (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ unsigned char *cert = NULL;
+ size_t ncert, n;
+ ksba_cert_t kc = NULL;
+ ksba_sexp_t p;
+ unsigned char *pk;
+ size_t pklen;
+
+ if ((rc = open_card (ctrl, NULL)))
+ return rc;
+
+ line = xstrdup (line); /* Need a copy of the line. */
+ /* If the application supports the READKEY function we use that.
+ Otherwise we use the old way by extracting it from the
+ certificate. */
+ rc = app_readkey (ctrl->app_ctx, line, &pk, &pklen);
+ if (!rc)
+ { /* Yeah, got that key - send it back. */
+ rc = assuan_send_data (ctx, pk, pklen);
+ xfree (pk);
+ xfree (line);
+ line = NULL;
+ goto leave;
+ }
+
+ if (gpg_err_code (rc) != GPG_ERR_UNSUPPORTED_OPERATION)
+ log_error ("app_readkey failed: %s\n", gpg_strerror (rc));
+ else
+ {
+ rc = app_readcert (ctrl->app_ctx, line, &cert, &ncert);
+ if (rc)
+ log_error ("app_readcert failed: %s\n", gpg_strerror (rc));
+ }
+ xfree (line);
+ line = NULL;
+ if (rc)
+ goto leave;
+
+ rc = ksba_cert_new (&kc);
+ if (rc)
+ {
+ xfree (cert);
+ goto leave;
+ }
+ rc = ksba_cert_init_from_mem (kc, cert, ncert);
+ if (rc)
+ {
+ log_error ("failed to parse the certificate: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ p = ksba_cert_get_public_key (kc);
+ if (!p)
+ {
+ rc = gpg_error (GPG_ERR_NO_PUBKEY);
+ goto leave;
+ }
+
+ n = gcry_sexp_canon_len (p, 0, NULL, NULL);
+ rc = assuan_send_data (ctx, p, n);
+ xfree (p);
+
+
+ leave:
+ ksba_cert_release (kc);
+ xfree (cert);
+ TEST_CARD_REMOVAL (ctrl, rc);
+ return rc;
+}
+
+
+
+static const char hlp_setdata[] =
+ "SETDATA <hexstring> \n"
+ "\n"
+ "The client should use this command to tell us the data he want to sign.";
+static gpg_error_t
+cmd_setdata (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int n;
+ char *p;
+ unsigned char *buf;
+
+ if (locked_session && locked_session != ctrl->server_local)
+ return gpg_error (GPG_ERR_LOCKED);
+
+ /* Parse the hexstring. */
+ for (p=line,n=0; hexdigitp (p); p++, n++)
+ ;
+ if (*p)
+ return set_error (GPG_ERR_ASS_PARAMETER, "invalid hexstring");
+ if (!n)
+ return set_error (GPG_ERR_ASS_PARAMETER, "no data given");
+ if ((n&1))
+ return set_error (GPG_ERR_ASS_PARAMETER, "odd number of digits");
+ n /= 2;
+ buf = xtrymalloc (n);
+ if (!buf)
+ return out_of_core ();
+
+ ctrl->in_data.value = buf;
+ ctrl->in_data.valuelen = n;
+ for (p=line, n=0; n < ctrl->in_data.valuelen; p += 2, n++)
+ buf[n] = xtoi_2 (p);
+ return 0;
+}
+
+
+
+static gpg_error_t
+pin_cb (void *opaque, const char *info, char **retstr)
+{
+ assuan_context_t ctx = opaque;
+ char *command;
+ int rc;
+ unsigned char *value;
+ size_t valuelen;
+
+ if (!retstr)
+ {
+ /* We prompt for keypad entry. To make sure that the popup has
+ been show we use an inquire and not just a status message.
+ We ignore any value returned. */
+ if (info)
+ {
+ log_debug ("prompting for keypad entry '%s'\n", info);
+ rc = estream_asprintf (&command, "POPUPKEYPADPROMPT %s", info);
+ if (rc < 0)
+ return gpg_error (gpg_err_code_from_errno (errno));
+ rc = assuan_inquire (ctx, command, &value, &valuelen, MAXLEN_PIN);
+ xfree (command);
+ }
+ else
+ {
+ log_debug ("dismiss keypad entry prompt\n");
+ rc = assuan_inquire (ctx, "DISMISSKEYPADPROMPT",
+ &value, &valuelen, MAXLEN_PIN);
+ }
+ if (!rc)
+ xfree (value);
+ return rc;
+ }
+
+ *retstr = NULL;
+ log_debug ("asking for PIN '%s'\n", info);
+
+ rc = estream_asprintf (&command, "NEEDPIN %s", info);
+ if (rc < 0)
+ return gpg_error (gpg_err_code_from_errno (errno));
+
+ /* Fixme: Write an inquire function which returns the result in
+ secure memory and check all further handling of the PIN. */
+ rc = assuan_inquire (ctx, command, &value, &valuelen, MAXLEN_PIN);
+ xfree (command);
+ if (rc)
+ return rc;
+
+ if (!valuelen || value[valuelen-1])
+ {
+ /* We require that the returned value is an UTF-8 string */
+ xfree (value);
+ return gpg_error (GPG_ERR_INV_RESPONSE);
+ }
+ *retstr = (char*)value;
+ return 0;
+}
+
+
+static const char hlp_pksign[] =
+ "PKSIGN [--hash=[rmd160|sha{1,224,256,384,512}|md5]] <hexified_id>\n"
+ "\n"
+ "The --hash option is optional; the default is SHA1.";
+static gpg_error_t
+cmd_pksign (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ unsigned char *outdata;
+ size_t outdatalen;
+ char *keyidstr;
+ int hash_algo;
+
+ if (has_option (line, "--hash=rmd160"))
+ hash_algo = GCRY_MD_RMD160;
+ else if (has_option (line, "--hash=sha1"))
+ hash_algo = GCRY_MD_SHA1;
+ else if (has_option (line, "--hash=sha224"))
+ hash_algo = GCRY_MD_SHA224;
+ else if (has_option (line, "--hash=sha256"))
+ hash_algo = GCRY_MD_SHA256;
+ else if (has_option (line, "--hash=sha384"))
+ hash_algo = GCRY_MD_SHA384;
+ else if (has_option (line, "--hash=sha512"))
+ hash_algo = GCRY_MD_SHA512;
+ else if (has_option (line, "--hash=md5"))
+ hash_algo = GCRY_MD_MD5;
+ else if (!strstr (line, "--"))
+ hash_algo = GCRY_MD_SHA1;
+ else
+ return set_error (GPG_ERR_ASS_PARAMETER, "invalid hash algorithm");
+
+ line = skip_options (line);
+
+ if ( IS_LOCKED (ctrl) )
+ return gpg_error (GPG_ERR_LOCKED);
+
+ if ((rc = open_card (ctrl, NULL)))
+ return rc;
+
+ /* We have to use a copy of the key ID because the function may use
+ the pin_cb which in turn uses the assuan line buffer and thus
+ overwriting the original line with the keyid */
+ keyidstr = xtrystrdup (line);
+ if (!keyidstr)
+ return out_of_core ();
+
+ rc = app_sign (ctrl->app_ctx,
+ keyidstr, hash_algo,
+ pin_cb, ctx,
+ ctrl->in_data.value, ctrl->in_data.valuelen,
+ &outdata, &outdatalen);
+
+ xfree (keyidstr);
+ if (rc)
+ {
+ log_error ("app_sign failed: %s\n", gpg_strerror (rc));
+ }
+ else
+ {
+ rc = assuan_send_data (ctx, outdata, outdatalen);
+ xfree (outdata);
+ if (rc)
+ return rc; /* that is already an assuan error code */
+ }
+
+ TEST_CARD_REMOVAL (ctrl, rc);
+ return rc;
+}
+
+
+static const char hlp_pkauth[] =
+ "PKAUTH <hexified_id>";
+static gpg_error_t
+cmd_pkauth (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ unsigned char *outdata;
+ size_t outdatalen;
+ char *keyidstr;
+
+ if ( IS_LOCKED (ctrl) )
+ return gpg_error (GPG_ERR_LOCKED);
+
+ if ((rc = open_card (ctrl, NULL)))
+ return rc;
+
+ if (!ctrl->app_ctx)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+
+ /* We have to use a copy of the key ID because the function may use
+ the pin_cb which in turn uses the assuan line buffer and thus
+ overwriting the original line with the keyid */
+ keyidstr = xtrystrdup (line);
+ if (!keyidstr)
+ return out_of_core ();
+
+ rc = app_auth (ctrl->app_ctx,
+ keyidstr,
+ pin_cb, ctx,
+ ctrl->in_data.value, ctrl->in_data.valuelen,
+ &outdata, &outdatalen);
+ xfree (keyidstr);
+ if (rc)
+ {
+ log_error ("app_auth failed: %s\n", gpg_strerror (rc));
+ }
+ else
+ {
+ rc = assuan_send_data (ctx, outdata, outdatalen);
+ xfree (outdata);
+ if (rc)
+ return rc; /* that is already an assuan error code */
+ }
+
+ TEST_CARD_REMOVAL (ctrl, rc);
+ return rc;
+}
+
+
+static const char hlp_pkdecrypt[] =
+ "PKDECRYPT <hexified_id>";
+static gpg_error_t
+cmd_pkdecrypt (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ unsigned char *outdata;
+ size_t outdatalen;
+ char *keyidstr;
+
+ if ( IS_LOCKED (ctrl) )
+ return gpg_error (GPG_ERR_LOCKED);
+
+ if ((rc = open_card (ctrl, NULL)))
+ return rc;
+
+ keyidstr = xtrystrdup (line);
+ if (!keyidstr)
+ return out_of_core ();
+ rc = app_decipher (ctrl->app_ctx,
+ keyidstr,
+ pin_cb, ctx,
+ ctrl->in_data.value, ctrl->in_data.valuelen,
+ &outdata, &outdatalen);
+
+ xfree (keyidstr);
+ if (rc)
+ {
+ log_error ("app_decipher failed: %s\n", gpg_strerror (rc));
+ }
+ else
+ {
+ rc = assuan_send_data (ctx, outdata, outdatalen);
+ xfree (outdata);
+ if (rc)
+ return rc; /* that is already an assuan error code */
+ }
+
+ TEST_CARD_REMOVAL (ctrl, rc);
+ return rc;
+}
+
+
+static const char hlp_getattr[] =
+ "GETATTR <name>\n"
+ "\n"
+ "This command is used to retrieve data from a smartcard. The\n"
+ "allowed names depend on the currently selected smartcard\n"
+ "application. NAME must be percent and '+' escaped. The value is\n"
+ "returned through status message, see the LEARN command for details.\n"
+ "\n"
+ "However, the current implementation assumes that Name is not escaped;\n"
+ "this works as long as noone uses arbitrary escaping. \n"
+ "\n"
+ "Note, that this function may even be used on a locked card.";
+static gpg_error_t
+cmd_getattr (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ const char *keyword;
+
+ if ((rc = open_card (ctrl, NULL)))
+ return rc;
+
+ keyword = line;
+ for (; *line && !spacep (line); line++)
+ ;
+ if (*line)
+ *line++ = 0;
+
+ /* (We ignore any garbage for now.) */
+
+ /* FIXME: Applications should not return sensitive data if the card
+ is locked. */
+ rc = app_getattr (ctrl->app_ctx, ctrl, keyword);
+
+ TEST_CARD_REMOVAL (ctrl, rc);
+ return rc;
+}
+
+
+static const char hlp_setattr[] =
+ "SETATTR <name> <value> \n"
+ "\n"
+ "This command is used to store data on a a smartcard. The allowed\n"
+ "names and values are depend on the currently selected smartcard\n"
+ "application. NAME and VALUE must be percent and '+' escaped.\n"
+ "\n"
+ "However, the current implementation assumes that NAME is not\n"
+ "escaped; this works as long as noone uses arbitrary escaping.\n"
+ "\n"
+ "A PIN will be requested for most NAMEs. See the corresponding\n"
+ "setattr function of the actually used application (app-*.c) for\n"
+ "details.";
+static gpg_error_t
+cmd_setattr (assuan_context_t ctx, char *orig_line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ char *keyword;
+ int keywordlen;
+ size_t nbytes;
+ char *line, *linebuf;
+
+ if ( IS_LOCKED (ctrl) )
+ return gpg_error (GPG_ERR_LOCKED);
+
+ if ((rc = open_card (ctrl, NULL)))
+ return rc;
+
+ /* We need to use a copy of LINE, because PIN_CB uses the same
+ context and thus reuses the Assuan provided LINE. */
+ line = linebuf = xtrystrdup (orig_line);
+ if (!line)
+ return out_of_core ();
+
+ keyword = line;
+ for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+ ;
+ if (*line)
+ *line++ = 0;
+ while (spacep (line))
+ line++;
+ nbytes = percent_plus_unescape_inplace (line, 0);
+
+ rc = app_setattr (ctrl->app_ctx, keyword, pin_cb, ctx,
+ (const unsigned char*)line, nbytes);
+ xfree (linebuf);
+
+ TEST_CARD_REMOVAL (ctrl, rc);
+ return rc;
+}
+
+
+static const char hlp_writecert[] =
+ "WRITECERT <hexified_certid>\n"
+ "\n"
+ "This command is used to store a certifciate on a smartcard. The\n"
+ "allowed certids depend on the currently selected smartcard\n"
+ "application. The actual certifciate is requested using the inquiry\n"
+ "\"CERTDATA\" and needs to be provided in its raw (e.g. DER) form.\n"
+ "\n"
+ "In almost all cases a a PIN will be requested. See the related\n"
+ "writecert function of the actually used application (app-*.c) for\n"
+ "details.";
+static gpg_error_t
+cmd_writecert (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ char *certid;
+ unsigned char *certdata;
+ size_t certdatalen;
+
+ if ( IS_LOCKED (ctrl) )
+ return gpg_error (GPG_ERR_LOCKED);
+
+ line = skip_options (line);
+
+ if (!*line)
+ return set_error (GPG_ERR_ASS_PARAMETER, "no certid given");
+ certid = line;
+ while (*line && !spacep (line))
+ line++;
+ *line = 0;
+
+ if ((rc = open_card (ctrl, NULL)))
+ return rc;
+
+ if (!ctrl->app_ctx)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+
+ certid = xtrystrdup (certid);
+ if (!certid)
+ return out_of_core ();
+
+ /* Now get the actual keydata. */
+ rc = assuan_inquire (ctx, "CERTDATA",
+ &certdata, &certdatalen, MAXLEN_CERTDATA);
+ if (rc)
+ {
+ xfree (certid);
+ return rc;
+ }
+
+ /* Write the certificate to the card. */
+ rc = app_writecert (ctrl->app_ctx, ctrl, certid,
+ pin_cb, ctx, certdata, certdatalen);
+ xfree (certid);
+ xfree (certdata);
+
+ TEST_CARD_REMOVAL (ctrl, rc);
+ return rc;
+}
+
+
+static const char hlp_writekey[] =
+ "WRITEKEY [--force] <keyid> \n"
+ "\n"
+ "This command is used to store a secret key on a a smartcard. The\n"
+ "allowed keyids depend on the currently selected smartcard\n"
+ "application. The actual keydata is requested using the inquiry\n"
+ "\"KEYDATA\" and need to be provided without any protection. With\n"
+ "--force set an existing key under this KEYID will get overwritten.\n"
+ "The keydata is expected to be the usual canonical encoded\n"
+ "S-expression.\n"
+ "\n"
+ "A PIN will be requested for most NAMEs. See the corresponding\n"
+ "writekey function of the actually used application (app-*.c) for\n"
+ "details.";
+static gpg_error_t
+cmd_writekey (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ char *keyid;
+ int force = has_option (line, "--force");
+ unsigned char *keydata;
+ size_t keydatalen;
+
+ if ( IS_LOCKED (ctrl) )
+ return gpg_error (GPG_ERR_LOCKED);
+
+ line = skip_options (line);
+
+ if (!*line)
+ return set_error (GPG_ERR_ASS_PARAMETER, "no keyid given");
+ keyid = line;
+ while (*line && !spacep (line))
+ line++;
+ *line = 0;
+
+ if ((rc = open_card (ctrl, NULL)))
+ return rc;
+
+ if (!ctrl->app_ctx)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+
+ keyid = xtrystrdup (keyid);
+ if (!keyid)
+ return out_of_core ();
+
+ /* Now get the actual keydata. */
+ assuan_begin_confidential (ctx);
+ rc = assuan_inquire (ctx, "KEYDATA", &keydata, &keydatalen, MAXLEN_KEYDATA);
+ assuan_end_confidential (ctx);
+ if (rc)
+ {
+ xfree (keyid);
+ return rc;
+ }
+
+ /* Write the key to the card. */
+ rc = app_writekey (ctrl->app_ctx, ctrl, keyid, force? 1:0,
+ pin_cb, ctx, keydata, keydatalen);
+ xfree (keyid);
+ xfree (keydata);
+
+ TEST_CARD_REMOVAL (ctrl, rc);
+ return rc;
+}
+
+
+static const char hlp_genkey[] =
+ "GENKEY [--force] [--timestamp=<isodate>] <no>\n"
+ "\n"
+ "Generate a key on-card identified by NO, which is application\n"
+ "specific. Return values are application specific. For OpenPGP\n"
+ "cards 3 status lines are returned:\n"
+ "\n"
+ " S KEY-FPR <hexstring>\n"
+ " S KEY-CREATED-AT <seconds_since_epoch>\n"
+ " S KEY-DATA [-|p|n] <hexdata>\n"
+ "\n"
+ " 'p' and 'n' are the names of the RSA parameters; '-' is used to\n"
+ " indicate that HEXDATA is the first chunk of a parameter given\n"
+ " by the next KEY-DATA.\n"
+ "\n"
+ "--force is required to overwrite an already existing key. The\n"
+ "KEY-CREATED-AT is required for further processing because it is\n"
+ "part of the hashed key material for the fingerprint.\n"
+ "\n"
+ "If --timestamp is given an OpenPGP key will be created using this\n"
+ "value. The value needs to be in ISO Format; e.g.\n"
+ "\"--timestamp=20030316T120000\" and after 1970-01-01 00:00:00.\n"
+ "\n"
+ "The public part of the key can also later be retrieved using the\n"
+ "READKEY command.";
+static gpg_error_t
+cmd_genkey (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ char *keyno;
+ int force;
+ const char *s;
+ time_t timestamp;
+
+ if ( IS_LOCKED (ctrl) )
+ return gpg_error (GPG_ERR_LOCKED);
+
+ force = has_option (line, "--force");
+
+ if ((s=has_option_name (line, "--timestamp")))
+ {
+ if (*s != '=')
+ return set_error (GPG_ERR_ASS_PARAMETER, "missing value for option");
+ timestamp = isotime2epoch (s+1);
+ if (timestamp < 1)
+ return set_error (GPG_ERR_ASS_PARAMETER, "invalid time value");
+ }
+ else
+ timestamp = 0;
+
+
+ line = skip_options (line);
+ if (!*line)
+ return set_error (GPG_ERR_ASS_PARAMETER, "no key number given");
+ keyno = line;
+ while (*line && !spacep (line))
+ line++;
+ *line = 0;
+
+ if ((rc = open_card (ctrl, NULL)))
+ return rc;
+
+ if (!ctrl->app_ctx)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+
+ keyno = xtrystrdup (keyno);
+ if (!keyno)
+ return out_of_core ();
+ rc = app_genkey (ctrl->app_ctx, ctrl, keyno, force? 1:0,
+ timestamp, pin_cb, ctx);
+ xfree (keyno);
+
+ TEST_CARD_REMOVAL (ctrl, rc);
+ return rc;
+}
+
+
+static const char hlp_random[] =
+ "RANDOM <nbytes>\n"
+ "\n"
+ "Get NBYTES of random from the card and send them back as data.\n"
+ "This usually involves EEPROM write on the card and thus excessive\n"
+ "use of this command may destroy the card.\n"
+ "\n"
+ "Note, that this function may be even be used on a locked card.";
+static gpg_error_t
+cmd_random (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ size_t nbytes;
+ unsigned char *buffer;
+
+ if (!*line)
+ return set_error (GPG_ERR_ASS_PARAMETER,
+ "number of requested bytes missing");
+ nbytes = strtoul (line, NULL, 0);
+
+ if ((rc = open_card (ctrl, NULL)))
+ return rc;
+
+ if (!ctrl->app_ctx)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+
+ buffer = xtrymalloc (nbytes);
+ if (!buffer)
+ return out_of_core ();
+
+ rc = app_get_challenge (ctrl->app_ctx, nbytes, buffer);
+ if (!rc)
+ {
+ rc = assuan_send_data (ctx, buffer, nbytes);
+ xfree (buffer);
+ return rc; /* that is already an assuan error code */
+ }
+ xfree (buffer);
+
+ TEST_CARD_REMOVAL (ctrl, rc);
+ return rc;
+}
+
+
+
+static const char hlp_passwd[] =
+ "PASSWD [--reset] [--nullpin] <chvno>\n"
+ "\n"
+ "Change the PIN or, if --reset is given, reset the retry counter of\n"
+ "the card holder verfication vector CHVNO. The option --nullpin is\n"
+ "used for TCOS cards to set the initial PIN. The format of CHVNO\n"
+ "depends on the card application.";
+static gpg_error_t
+cmd_passwd (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ char *chvnostr;
+ unsigned int flags = 0;
+
+ if (has_option (line, "--reset"))
+ flags |= APP_CHANGE_FLAG_RESET;
+ if (has_option (line, "--nullpin"))
+ flags |= APP_CHANGE_FLAG_NULLPIN;
+
+ if ( IS_LOCKED (ctrl) )
+ return gpg_error (GPG_ERR_LOCKED);
+
+ line = skip_options (line);
+
+ if (!*line)
+ return set_error (GPG_ERR_ASS_PARAMETER, "no CHV number given");
+ chvnostr = line;
+ while (*line && !spacep (line))
+ line++;
+ *line = 0;
+
+ if ((rc = open_card (ctrl, NULL)))
+ return rc;
+
+ if (!ctrl->app_ctx)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+
+ chvnostr = xtrystrdup (chvnostr);
+ if (!chvnostr)
+ return out_of_core ();
+ rc = app_change_pin (ctrl->app_ctx, ctrl, chvnostr, flags, pin_cb, ctx);
+ if (rc)
+ log_error ("command passwd failed: %s\n", gpg_strerror (rc));
+ xfree (chvnostr);
+
+ TEST_CARD_REMOVAL (ctrl, rc);
+ return rc;
+}
+
+
+static const char hlp_checkpin[] =
+ "CHECKPIN <idstr>\n"
+ "\n"
+ "Perform a VERIFY operation without doing anything else. This may\n"
+ "be used to initialize a the PIN cache earlier to long lasting\n"
+ "operations. Its use is highly application dependent.\n"
+ "\n"
+ "For OpenPGP:\n"
+ "\n"
+ " Perform a simple verify operation for CHV1 and CHV2, so that\n"
+ " further operations won't ask for CHV2 and it is possible to do a\n"
+ " cheap check on the PIN: If there is something wrong with the PIN\n"
+ " entry system, only the regular CHV will get blocked and not the\n"
+ " dangerous CHV3. IDSTR is the usual card's serial number in hex\n"
+ " notation; an optional fingerprint part will get ignored. There\n"
+ " is however a special mode if the IDSTR is sffixed with the\n"
+ " literal string \"[CHV3]\": In this case the Admin PIN is checked\n"
+ " if and only if the retry counter is still at 3.\n"
+ "\n"
+ "For Netkey:\n"
+ "\n"
+ " Any of the valid PIN Ids may be used. These are the strings:\n"
+ "\n"
+ " PW1.CH - Global password 1\n"
+ " PW2.CH - Global password 2\n"
+ " PW1.CH.SIG - SigG password 1\n"
+ " PW2.CH.SIG - SigG password 2\n"
+ "\n"
+ " For a definitive list, see the implementation in app-nks.c.\n"
+ " Note that we call a PW2.* PIN a \"PUK\" despite that since TCOS\n"
+ " 3.0 they are technically alternative PINs used to mutally\n"
+ " unblock each other.";
+static gpg_error_t
+cmd_checkpin (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ char *idstr;
+
+ if ( IS_LOCKED (ctrl) )
+ return gpg_error (GPG_ERR_LOCKED);
+
+ if ((rc = open_card (ctrl, NULL)))
+ return rc;
+
+ if (!ctrl->app_ctx)
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+
+ /* We have to use a copy of the key ID because the function may use
+ the pin_cb which in turn uses the assuan line buffer and thus
+ overwriting the original line with the keyid. */
+ idstr = xtrystrdup (line);
+ if (!idstr)
+ return out_of_core ();
+
+ rc = app_check_pin (ctrl->app_ctx, idstr, pin_cb, ctx);
+ xfree (idstr);
+ if (rc)
+ log_error ("app_check_pin failed: %s\n", gpg_strerror (rc));
+
+ TEST_CARD_REMOVAL (ctrl, rc);
+ return rc;
+}
+
+
+static const char hlp_lock[] =
+ "LOCK [--wait]\n"
+ "\n"
+ "Grant exclusive card access to this session. Note that there is\n"
+ "no lock counter used and a second lock from the same session will\n"
+ "be ignored. A single unlock (or RESET) unlocks the session.\n"
+ "Return GPG_ERR_LOCKED if another session has locked the reader.\n"
+ "\n"
+ "If the option --wait is given the command will wait until a\n"
+ "lock has been released.";
+static gpg_error_t
+cmd_lock (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc = 0;
+
+ retry:
+ if (locked_session)
+ {
+ if (locked_session != ctrl->server_local)
+ rc = gpg_error (GPG_ERR_LOCKED);
+ }
+ else
+ locked_session = ctrl->server_local;
+
+#ifdef USE_GNU_PTH
+ if (rc && has_option (line, "--wait"))
+ {
+ rc = 0;
+ pth_sleep (1); /* Better implement an event mechanism. However,
+ for card operations this should be
+ sufficient. */
+ /* FIXME: Need to check that the connection is still alive.
+ This can be done by issuing status messages. */
+ goto retry;
+ }
+#endif /*USE_GNU_PTH*/
+
+ if (rc)
+ log_error ("cmd_lock failed: %s\n", gpg_strerror (rc));
+ return rc;
+}
+
+
+static const char hlp_unlock[] =
+ "UNLOCK\n"
+ "\n"
+ "Release exclusive card access.";
+static gpg_error_t
+cmd_unlock (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc = 0;
+
+ (void)line;
+
+ if (locked_session)
+ {
+ if (locked_session != ctrl->server_local)
+ rc = gpg_error (GPG_ERR_LOCKED);
+ else
+ locked_session = NULL;
+ }
+ else
+ rc = gpg_error (GPG_ERR_NOT_LOCKED);
+
+ if (rc)
+ log_error ("cmd_unlock failed: %s\n", gpg_strerror (rc));
+ return rc;
+}
+
+
+static const char hlp_getinfo[] =
+ "GETINFO <what>\n"
+ "\n"
+ "Multi purpose command to return certain information. \n"
+ "Supported values of WHAT are:\n"
+ "\n"
+ "version - Return the version of the program.\n"
+ "pid - Return the process id of the server.\n"
+ "\n"
+ "socket_name - Return the name of the socket.\n"
+ "\n"
+ "status - Return the status of the current slot (in the future, may\n"
+ "also return the status of all slots). The status is a list of\n"
+ "one-character flags. The following flags are currently defined:\n"
+ " 'u' Usable card present. This is the normal state during operation.\n"
+ " 'r' Card removed. A reset is necessary.\n"
+ "These flags are exclusive.\n"
+ "\n"
+ "reader_list - Return a list of detected card readers. Does\n"
+ " currently only work with the internal CCID driver.\n"
+ "\n"
+ "deny_admin - Returns OK if admin commands are not allowed or\n"
+ " GPG_ERR_GENERAL if admin commands are allowed.\n"
+ "\n"
+ "app_list - Return a list of supported applications. One\n"
+ " application per line, fields delimited by colons,\n"
+ " first field is the name.";
+static gpg_error_t
+cmd_getinfo (assuan_context_t ctx, char *line)
+{
+ int rc = 0;
+
+ if (!strcmp (line, "version"))
+ {
+ const char *s = VERSION;
+ rc = assuan_send_data (ctx, s, strlen (s));
+ }
+ else if (!strcmp (line, "pid"))
+ {
+ char numbuf[50];
+
+ snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ());
+ rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
+ }
+ else if (!strcmp (line, "socket_name"))
+ {
+ const char *s = scd_get_socket_name ();
+
+ if (s)
+ rc = assuan_send_data (ctx, s, strlen (s));
+ else
+ rc = gpg_error (GPG_ERR_NO_DATA);
+ }
+ else if (!strcmp (line, "status"))
+ {
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int slot = ctrl->reader_slot;
+ char flag = 'r';
+
+ if (!ctrl->server_local->card_removed && slot != -1)
+ {
+ struct slot_status_s *ss;
+
+ if (!(slot >= 0 && slot < DIM(slot_table)))
+ BUG ();
+
+ ss = &slot_table[slot];
+
+ if (!ss->valid)
+ BUG ();
+
+ if (ss->any && (ss->status & 1))
+ flag = 'u';
+ }
+ rc = assuan_send_data (ctx, &flag, 1);
+ }
+ else if (!strcmp (line, "reader_list"))
+ {
+#ifdef HAVE_LIBUSB
+ char *s = ccid_get_reader_list ();
+#else
+ char *s = NULL;
+#endif
+
+ if (s)
+ rc = assuan_send_data (ctx, s, strlen (s));
+ else
+ rc = gpg_error (GPG_ERR_NO_DATA);
+ xfree (s);
+ }
+ else if (!strcmp (line, "deny_admin"))
+ rc = opt.allow_admin? gpg_error (GPG_ERR_GENERAL) : 0;
+ else if (!strcmp (line, "app_list"))
+ {
+ char *s = get_supported_applications ();
+ if (s)
+ rc = assuan_send_data (ctx, s, strlen (s));
+ else
+ rc = 0;
+ xfree (s);
+ }
+ else
+ rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
+ return rc;
+}
+
+
+static const char hlp_restart[] =
+ "RESTART\n"
+ "\n"
+ "Restart the current connection; this is a kind of warm reset. It\n"
+ "deletes the context used by this connection but does not send a\n"
+ "RESET to the card. Thus the card itself won't get reset. \n"
+ "\n"
+ "This is used by gpg-agent to reuse a primary pipe connection and\n"
+ "may be used by clients to backup from a conflict in the serial\n"
+ "command; i.e. to select another application.";
+static gpg_error_t
+cmd_restart (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ (void)line;
+
+ if (ctrl->app_ctx)
+ {
+ release_application (ctrl->app_ctx);
+ ctrl->app_ctx = NULL;
+ }
+ if (locked_session && ctrl->server_local == locked_session)
+ {
+ locked_session = NULL;
+ log_info ("implicitly unlocking due to RESTART\n");
+ }
+ return 0;
+}
+
+
+static const char hlp_disconnect[] =
+ "DISCONNECT\n"
+ "\n"
+ "Disconnect the card if it is not any longer used by other\n"
+ "connections and the backend supports a disconnect operation.";
+static gpg_error_t
+cmd_disconnect (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ (void)line;
+
+ ctrl->server_local->disconnect_allowed = 1;
+ return 0;
+}
+
+
+
+static const char hlp_apdu[] =
+ "APDU [--atr] [--more] [--exlen[=N]] [hexstring]\n"
+ "\n"
+ "Send an APDU to the current reader. This command bypasses the high\n"
+ "level functions and sends the data directly to the card. HEXSTRING\n"
+ "is expected to be a proper APDU. If HEXSTRING is not given no\n"
+ "commands are set to the card but the command will implictly check\n"
+ "whether the card is ready for use. \n"
+ "\n"
+ "Using the option \"--atr\" returns the ATR of the card as a status\n"
+ "message before any data like this:\n"
+ " S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1\n"
+ "\n"
+ "Using the option --more handles the card status word MORE_DATA\n"
+ "(61xx) and concatenates all reponses to one block.\n"
+ "\n"
+ "Using the option \"--exlen\" the returned APDU may use extended\n"
+ "length up to N bytes. If N is not given a default value is used\n"
+ "(currently 4096).";
+static gpg_error_t
+cmd_apdu (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ unsigned char *apdu;
+ size_t apdulen;
+ int with_atr;
+ int handle_more;
+ const char *s;
+ size_t exlen;
+
+ with_atr = has_option (line, "--atr");
+ handle_more = has_option (line, "--more");
+
+ if ((s=has_option_name (line, "--exlen")))
+ {
+ if (*s == '=')
+ exlen = strtoul (s+1, NULL, 0);
+ else
+ exlen = 4096;
+ }
+ else
+ exlen = 0;
+
+ line = skip_options (line);
+
+ if ( IS_LOCKED (ctrl) )
+ return gpg_error (GPG_ERR_LOCKED);
+
+ if ((rc = open_card (ctrl, NULL)))
+ return rc;
+
+ if (with_atr)
+ {
+ unsigned char *atr;
+ size_t atrlen;
+ char hexbuf[400];
+
+ atr = apdu_get_atr (ctrl->reader_slot, &atrlen);
+ if (!atr || atrlen > sizeof hexbuf - 2 )
+ {
+ rc = gpg_error (GPG_ERR_INV_CARD);
+ goto leave;
+ }
+ bin2hex (atr, atrlen, hexbuf);
+ xfree (atr);
+ send_status_info (ctrl, "CARD-ATR", hexbuf, strlen (hexbuf), NULL, 0);
+ }
+
+ apdu = hex_to_buffer (line, &apdulen);
+ if (!apdu)
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
+ if (apdulen)
+ {
+ unsigned char *result = NULL;
+ size_t resultlen;
+
+ rc = apdu_send_direct (ctrl->reader_slot, exlen,
+ apdu, apdulen, handle_more,
+ &result, &resultlen);
+ if (rc)
+ log_error ("apdu_send_direct failed: %s\n", gpg_strerror (rc));
+ else
+ {
+ rc = assuan_send_data (ctx, result, resultlen);
+ xfree (result);
+ }
+ }
+ xfree (apdu);
+
+ leave:
+ TEST_CARD_REMOVAL (ctrl, rc);
+ return rc;
+}
+
+
+static const char hlp_killscd[] =
+ "KILLSCD\n"
+ "\n"
+ "Commit suicide.";
+static gpg_error_t
+cmd_killscd (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ (void)line;
+
+ ctrl->server_local->stopme = 1;
+ return gpg_error (GPG_ERR_EOF);
+}
+
+
+
+/* Tell the assuan library about our commands */
+static int
+register_commands (assuan_context_t ctx)
+{
+ static struct {
+ const char *name;
+ assuan_handler_t handler;
+ const char * const help;
+ } table[] = {
+ { "SERIALNO", cmd_serialno, hlp_serialno },
+ { "LEARN", cmd_learn, hlp_learn },
+ { "READCERT", cmd_readcert, hlp_readcert },
+ { "READKEY", cmd_readkey, hlp_readkey },
+ { "SETDATA", cmd_setdata, hlp_setdata },
+ { "PKSIGN", cmd_pksign, hlp_pksign },
+ { "PKAUTH", cmd_pkauth, hlp_pkauth },
+ { "PKDECRYPT", cmd_pkdecrypt,hlp_pkdecrypt },
+ { "INPUT", NULL },
+ { "OUTPUT", NULL },
+ { "GETATTR", cmd_getattr, hlp_getattr },
+ { "SETATTR", cmd_setattr, hlp_setattr },
+ { "WRITECERT", cmd_writecert,hlp_writecert },
+ { "WRITEKEY", cmd_writekey, hlp_writekey },
+ { "GENKEY", cmd_genkey, hlp_genkey },
+ { "RANDOM", cmd_random, hlp_random },
+ { "PASSWD", cmd_passwd, hlp_passwd },
+ { "CHECKPIN", cmd_checkpin, hlp_checkpin },
+ { "LOCK", cmd_lock, hlp_lock },
+ { "UNLOCK", cmd_unlock, hlp_unlock },
+ { "GETINFO", cmd_getinfo, hlp_getinfo },
+ { "RESTART", cmd_restart, hlp_restart },
+ { "DISCONNECT", cmd_disconnect,hlp_disconnect },
+ { "APDU", cmd_apdu, hlp_apdu },
+ { "KILLSCD", cmd_killscd, hlp_killscd },
+ { NULL }
+ };
+ int i, rc;
+
+ for (i=0; table[i].name; i++)
+ {
+ rc = assuan_register_command (ctx, table[i].name, table[i].handler,
+ table[i].help);
+ if (rc)
+ return rc;
+ }
+ assuan_set_hello_line (ctx, "GNU Privacy Guard's Smartcard server ready");
+
+ assuan_register_reset_notify (ctx, reset_notify);
+ assuan_register_option_handler (ctx, option_handler);
+ return 0;
+}
+
+
+/* Startup the server. If FD is given as -1 this is simple pipe
+ server, otherwise it is a regular server. Returns true if there
+ are no more active asessions. */
+int
+scd_command_handler (ctrl_t ctrl, int fd)
+{
+ int rc;
+ assuan_context_t ctx = NULL;
+ int stopme;
+
+ rc = assuan_new (&ctx);
+ if (rc)
+ {
+ log_error ("failed to allocate assuan context: %s\n",
+ gpg_strerror (rc));
+ scd_exit (2);
+ }
+
+ if (fd == -1)
+ {
+ assuan_fd_t filedes[2];
+
+ filedes[0] = assuan_fdopen (0);
+ filedes[1] = assuan_fdopen (1);
+ rc = assuan_init_pipe_server (ctx, filedes);
+ }
+ else
+ {
+ rc = assuan_init_socket_server (ctx, INT2FD(fd),
+ ASSUAN_SOCKET_SERVER_ACCEPTED);
+ }
+ if (rc)
+ {
+ log_error ("failed to initialize the server: %s\n",
+ gpg_strerror(rc));
+ scd_exit (2);
+ }
+ rc = register_commands (ctx);
+ if (rc)
+ {
+ log_error ("failed to register commands with Assuan: %s\n",
+ gpg_strerror(rc));
+ scd_exit (2);
+ }
+ assuan_set_pointer (ctx, ctrl);
+
+ /* Allocate and initialize the server object. Put it into the list
+ of active sessions. */
+ ctrl->server_local = xcalloc (1, sizeof *ctrl->server_local);
+ ctrl->server_local->next_session = session_list;
+ session_list = ctrl->server_local;
+ ctrl->server_local->ctrl_backlink = ctrl;
+ ctrl->server_local->assuan_ctx = ctx;
+
+ if (DBG_ASSUAN)
+ assuan_set_log_stream (ctx, log_get_stream ());
+
+ /* We open the reader right at startup so that the ticker is able to
+ update the status file. */
+ if (ctrl->reader_slot == -1)
+ {
+ ctrl->reader_slot = get_reader_slot ();
+ }
+
+ /* Command processing loop. */
+ for (;;)
+ {
+ rc = assuan_accept (ctx);
+ if (rc == -1)
+ {
+ break;
+ }
+ else if (rc)
+ {
+ log_info ("Assuan accept problem: %s\n", gpg_strerror (rc));
+ break;
+ }
+
+ rc = assuan_process (ctx);
+ if (rc)
+ {
+ log_info ("Assuan processing failed: %s\n", gpg_strerror (rc));
+ continue;
+ }
+ }
+
+ /* Cleanup. We don't send an explicit reset to the card. */
+ do_reset (ctrl, 0);
+
+ /* Release the server object. */
+ if (session_list == ctrl->server_local)
+ session_list = ctrl->server_local->next_session;
+ else
+ {
+ struct server_local_s *sl;
+
+ for (sl=session_list; sl->next_session; sl = sl->next_session)
+ if (sl->next_session == ctrl->server_local)
+ break;
+ if (!sl->next_session)
+ BUG ();
+ sl->next_session = ctrl->server_local->next_session;
+ }
+ stopme = ctrl->server_local->stopme || reader_disabled;
+ xfree (ctrl->server_local);
+ ctrl->server_local = NULL;
+
+ /* Release the Assuan context. */
+ assuan_release (ctx);
+
+ if (stopme)
+ scd_exit (0);
+
+ /* If there are no more sessions return true. */
+ return !session_list;
+}
+
+
+/* Send a line with status information via assuan and escape all given
+ buffers. The variable elements are pairs of (char *, size_t),
+ terminated with a (NULL, 0). */
+void
+send_status_info (ctrl_t ctrl, const char *keyword, ...)
+{
+ va_list arg_ptr;
+ const unsigned char *value;
+ size_t valuelen;
+ char buf[950], *p;
+ size_t n;
+ assuan_context_t ctx = ctrl->server_local->assuan_ctx;
+
+ va_start (arg_ptr, keyword);
+
+ p = buf;
+ n = 0;
+ while ( (value = va_arg (arg_ptr, const unsigned char *)) )
+ {
+ valuelen = va_arg (arg_ptr, size_t);
+ if (!valuelen)
+ continue; /* empty buffer */
+ if (n)
+ {
+ *p++ = ' ';
+ n++;
+ }
+ for ( ; valuelen && n < DIM (buf)-2; n++, valuelen--, value++)
+ {
+ if (*value < ' ' || *value == '+')
+ {
+ sprintf (p, "%%%02X", *value);
+ p += 3;
+ }
+ else if (*value == ' ')
+ *p++ = '+';
+ else
+ *p++ = *value;
+ }
+ }
+ *p = 0;
+ assuan_write_status (ctx, keyword, buf);
+
+ va_end (arg_ptr);
+}
+
+
+/* Send a ready formatted status line via assuan. */
+void
+send_status_direct (ctrl_t ctrl, const char *keyword, const char *args)
+{
+ assuan_context_t ctx = ctrl->server_local->assuan_ctx;
+
+ if (strchr (args, '\n'))
+ log_error ("error: LF detected in status line - not sending\n");
+ else
+ assuan_write_status (ctx, keyword, args);
+}
+
+
+/* Helper to send the clients a status change notification. */
+static void
+send_client_notifications (void)
+{
+ struct {
+ pid_t pid;
+#ifdef HAVE_W32_SYSTEM
+ HANDLE handle;
+#else
+ int signo;
+#endif
+ } killed[50];
+ int killidx = 0;
+ int kidx;
+ struct server_local_s *sl;
+
+ for (sl=session_list; sl; sl = sl->next_session)
+ {
+ if (sl->event_signal && sl->assuan_ctx)
+ {
+ pid_t pid = assuan_get_pid (sl->assuan_ctx);
+#ifdef HAVE_W32_SYSTEM
+ HANDLE handle = (void *)sl->event_signal;
+
+ for (kidx=0; kidx < killidx; kidx++)
+ if (killed[kidx].pid == pid
+ && killed[kidx].handle == handle)
+ break;
+ if (kidx < killidx)
+ log_info ("event %lx (%p) already triggered for client %d\n",
+ sl->event_signal, handle, (int)pid);
+ else
+ {
+ log_info ("triggering event %lx (%p) for client %d\n",
+ sl->event_signal, handle, (int)pid);
+ if (!SetEvent (handle))
+ log_error ("SetEvent(%lx) failed: %s\n",
+ sl->event_signal, w32_strerror (-1));
+ if (killidx < DIM (killed))
+ {
+ killed[killidx].pid = pid;
+ killed[killidx].handle = handle;
+ killidx++;
+ }
+ }
+#else /*!HAVE_W32_SYSTEM*/
+ int signo = sl->event_signal;
+
+ if (pid != (pid_t)(-1) && pid && signo > 0)
+ {
+ for (kidx=0; kidx < killidx; kidx++)
+ if (killed[kidx].pid == pid
+ && killed[kidx].signo == signo)
+ break;
+ if (kidx < killidx)
+ log_info ("signal %d already sent to client %d\n",
+ signo, (int)pid);
+ else
+ {
+ log_info ("sending signal %d to client %d\n",
+ signo, (int)pid);
+ kill (pid, signo);
+ if (killidx < DIM (killed))
+ {
+ killed[killidx].pid = pid;
+ killed[killidx].signo = signo;
+ killidx++;
+ }
+ }
+ }
+#endif /*!HAVE_W32_SYSTEM*/
+ }
+ }
+}
+
+
+
+/* This is the core of scd_update_reader_status_file but the caller
+ needs to take care of the locking. */
+static void
+update_reader_status_file (int set_card_removed_flag)
+{
+ int idx;
+ unsigned int status, changed;
+
+ /* Make sure that the reader has been opened. Like get_reader_slot,
+ this part of the code assumes that there is only one reader. */
+ if (!slot_table[0].valid)
+ (void)get_reader_slot ();
+
+ /* Note, that we only try to get the status, because it does not
+ make sense to wait here for a operation to complete. If we are
+ busy working with a card, delays in the status file update should
+ be acceptable. */
+ for (idx=0; idx < DIM(slot_table); idx++)
+ {
+ struct slot_status_s *ss = slot_table + idx;
+ struct server_local_s *sl;
+ int sw_apdu;
+
+ if (!ss->valid || ss->slot == -1)
+ continue; /* Not valid or reader not yet open. */
+
+ sw_apdu = apdu_get_status (ss->slot, 0, &status, &changed);
+ if (sw_apdu == SW_HOST_NO_READER)
+ {
+ /* Most likely the _reader_ has been unplugged. */
+ apdu_close_reader (ss->slot);
+ ss->valid = 0;
+ status = 0;
+ changed = ss->changed;
+ }
+ else if (sw_apdu)
+ {
+ /* Get status failed. Ignore that. */
+ continue;
+ }
+
+ if (!ss->any || ss->status != status || ss->changed != changed )
+ {
+ char *fname;
+ char templ[50];
+ FILE *fp;
+
+ log_info ("updating slot %d status: 0x%04X->0x%04X (%u->%u)\n",
+ ss->slot, ss->status, status, ss->changed, changed);
+ ss->status = status;
+ ss->changed = changed;
+
+ /* FIXME: Should this be IDX instead of ss->slot? This
+ depends on how client sessions will associate the reader
+ status with their session. */
+ snprintf (templ, sizeof templ, "reader_%d.status", ss->slot);
+ fname = make_filename (opt.homedir, templ, NULL );
+ fp = fopen (fname, "w");
+ if (fp)
+ {
+ fprintf (fp, "%s\n",
+ (status & 1)? "USABLE":
+ (status & 4)? "ACTIVE":
+ (status & 2)? "PRESENT": "NOCARD");
+ fclose (fp);
+ }
+ xfree (fname);
+
+ /* If a status script is executable, run it. */
+ {
+ const char *args[9], *envs[2];
+ char numbuf1[30], numbuf2[30], numbuf3[30];
+ char *homestr, *envstr;
+ gpg_error_t err;
+
+ homestr = make_filename (opt.homedir, NULL);
+ if (estream_asprintf (&envstr, "GNUPGHOME=%s", homestr) < 0)
+ log_error ("out of core while building environment\n");
+ else
+ {
+ envs[0] = envstr;
+ envs[1] = NULL;
+
+ sprintf (numbuf1, "%d", ss->slot);
+ sprintf (numbuf2, "0x%04X", ss->status);
+ sprintf (numbuf3, "0x%04X", status);
+ args[0] = "--reader-port";
+ args[1] = numbuf1;
+ args[2] = "--old-code";
+ args[3] = numbuf2;
+ args[4] = "--new-code";
+ args[5] = numbuf3;
+ args[6] = "--status";
+ args[7] = ((status & 1)? "USABLE":
+ (status & 4)? "ACTIVE":
+ (status & 2)? "PRESENT": "NOCARD");
+ args[8] = NULL;
+
+ fname = make_filename (opt.homedir, "scd-event", NULL);
+ err = gnupg_spawn_process_detached (fname, args, envs);
+ if (err && gpg_err_code (err) != GPG_ERR_ENOENT)
+ log_error ("failed to run event handler `%s': %s\n",
+ fname, gpg_strerror (err));
+ xfree (fname);
+ xfree (envstr);
+ }
+ xfree (homestr);
+ }
+
+ /* Set the card removed flag for all current sessions. We
+ will set this on any card change because a reset or
+ SERIALNO request must be done in any case. */
+ if (ss->any && set_card_removed_flag)
+ update_card_removed (idx, 1);
+
+ ss->any = 1;
+
+ /* Send a signal to all clients who applied for it. */
+ send_client_notifications ();
+ }
+
+ /* Check whether a disconnect is pending. */
+ if (opt.card_timeout)
+ {
+ for (sl=session_list; sl; sl = sl->next_session)
+ if (!sl->disconnect_allowed)
+ break;
+ if (session_list && !sl)
+ {
+ /* FIXME: Use a real timeout. */
+ /* At least one connection and all allow a disconnect. */
+ log_info ("disconnecting card in slot %d\n", ss->slot);
+ apdu_disconnect (ss->slot);
+ }
+ }
+
+ }
+}
+
+/* This function is called by the ticker thread to check for changes
+ of the reader stati. It updates the reader status files and if
+ requested by the caller also send a signal to the caller. */
+void
+scd_update_reader_status_file (void)
+{
+ if (!pth_mutex_acquire (&status_file_update_lock, 1, NULL))
+ return; /* locked - give up. */
+ update_reader_status_file (1);
+ if (!pth_mutex_release (&status_file_update_lock))
+ log_error ("failed to release status_file_update lock\n");
+}
diff --git a/scd/iso7816.c b/scd/iso7816.c
new file mode 100644
index 0000000..e3f2c1b
--- /dev/null
+++ b/scd/iso7816.c
@@ -0,0 +1,873 @@
+/* iso7816.c - ISO 7816 commands
+ * Copyright (C) 2003, 2004, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(GNUPG_SCD_MAIN_HEADER)
+#include GNUPG_SCD_MAIN_HEADER
+#elif GNUPG_MAJOR_VERSION == 1
+/* This is used with GnuPG version < 1.9. The code has been source
+ copied from the current GnuPG >= 1.9 and is maintained over
+ there. */
+#include "options.h"
+#include "errors.h"
+#include "memory.h"
+#include "util.h"
+#include "i18n.h"
+#else /* GNUPG_MAJOR_VERSION != 1 */
+#include "scdaemon.h"
+#endif /* GNUPG_MAJOR_VERSION != 1 */
+
+#include "iso7816.h"
+#include "apdu.h"
+
+
+#define CMD_SELECT_FILE 0xA4
+#define CMD_VERIFY ISO7816_VERIFY
+#define CMD_CHANGE_REFERENCE_DATA ISO7816_CHANGE_REFERENCE_DATA
+#define CMD_RESET_RETRY_COUNTER ISO7816_RESET_RETRY_COUNTER
+#define CMD_GET_DATA 0xCA
+#define CMD_PUT_DATA 0xDA
+#define CMD_MSE 0x22
+#define CMD_PSO 0x2A
+#define CMD_INTERNAL_AUTHENTICATE 0x88
+#define CMD_GENERATE_KEYPAIR 0x47
+#define CMD_GET_CHALLENGE 0x84
+#define CMD_READ_BINARY 0xB0
+#define CMD_READ_RECORD 0xB2
+
+static gpg_error_t
+map_sw (int sw)
+{
+ gpg_err_code_t ec;
+
+ switch (sw)
+ {
+ case SW_EEPROM_FAILURE: ec = GPG_ERR_HARDWARE; break;
+ case SW_TERM_STATE: ec = GPG_ERR_CARD; break;
+ case SW_WRONG_LENGTH: ec = GPG_ERR_INV_VALUE; break;
+ case SW_SM_NOT_SUP: ec = GPG_ERR_NOT_SUPPORTED; break;
+ case SW_CC_NOT_SUP: ec = GPG_ERR_NOT_SUPPORTED; break;
+ case SW_CHV_WRONG: ec = GPG_ERR_BAD_PIN; break;
+ case SW_CHV_BLOCKED: ec = GPG_ERR_PIN_BLOCKED; break;
+ case SW_USE_CONDITIONS: ec = GPG_ERR_USE_CONDITIONS; break;
+ case SW_NOT_SUPPORTED: ec = GPG_ERR_NOT_SUPPORTED; break;
+ case SW_BAD_PARAMETER: ec = GPG_ERR_INV_VALUE; break;
+ case SW_FILE_NOT_FOUND: ec = GPG_ERR_ENOENT; break;
+ case SW_RECORD_NOT_FOUND:ec= GPG_ERR_NOT_FOUND; break;
+ case SW_REF_NOT_FOUND: ec = GPG_ERR_NO_OBJ; break;
+ case SW_BAD_P0_P1: ec = GPG_ERR_INV_VALUE; break;
+ case SW_EXACT_LENGTH: ec = GPG_ERR_INV_VALUE; break;
+ case SW_INS_NOT_SUP: ec = GPG_ERR_CARD; break;
+ case SW_CLA_NOT_SUP: ec = GPG_ERR_CARD; break;
+ case SW_SUCCESS: ec = 0; break;
+
+ case SW_HOST_OUT_OF_CORE: ec = GPG_ERR_ENOMEM; break;
+ case SW_HOST_INV_VALUE: ec = GPG_ERR_INV_VALUE; break;
+ case SW_HOST_INCOMPLETE_CARD_RESPONSE: ec = GPG_ERR_CARD; break;
+ case SW_HOST_NOT_SUPPORTED: ec = GPG_ERR_NOT_SUPPORTED; break;
+ case SW_HOST_LOCKING_FAILED: ec = GPG_ERR_BUG; break;
+ case SW_HOST_BUSY: ec = GPG_ERR_EBUSY; break;
+ case SW_HOST_NO_CARD: ec = GPG_ERR_CARD_NOT_PRESENT; break;
+ case SW_HOST_CARD_INACTIVE: ec = GPG_ERR_CARD_RESET; break;
+ case SW_HOST_CARD_IO_ERROR: ec = GPG_ERR_EIO; break;
+ case SW_HOST_GENERAL_ERROR: ec = GPG_ERR_GENERAL; break;
+ case SW_HOST_NO_READER: ec = GPG_ERR_ENODEV; break;
+ case SW_HOST_ABORTED: ec = GPG_ERR_CANCELED; break;
+ case SW_HOST_NO_KEYPAD: ec = GPG_ERR_NOT_SUPPORTED; break;
+
+ default:
+ if ((sw & 0x010000))
+ ec = GPG_ERR_GENERAL; /* Should not happen. */
+ else if ((sw & 0xff00) == SW_MORE_DATA)
+ ec = 0; /* This should actually never been seen here. */
+ else
+ ec = GPG_ERR_CARD;
+ }
+ return gpg_error (ec);
+}
+
+/* Map a status word from the APDU layer to a gpg-error code. */
+gpg_error_t
+iso7816_map_sw (int sw)
+{
+ /* All APDU functions should return 0x9000 on success but for
+ historical reasons of the implementation some return 0 to
+ indicate success. We allow for that here. */
+ return sw? map_sw (sw) : 0;
+}
+
+
+/* This function is specialized version of the SELECT FILE command.
+ SLOT is the card and reader as created for example by
+ apdu_open_reader (), AID is a buffer of size AIDLEN holding the
+ requested application ID. The function can't be used to enumerate
+ AIDs and won't return the AID on success. The return value is 0
+ for okay or a GPG error code. Note that ISO error codes are
+ internally mapped. Bit 0 of FLAGS should be set if the card does
+ not understand P2=0xC0. */
+gpg_error_t
+iso7816_select_application (int slot, const char *aid, size_t aidlen,
+ unsigned int flags)
+{
+ int sw;
+ sw = apdu_send_simple (slot, 0, 0x00, CMD_SELECT_FILE, 4,
+ (flags&1)? 0 :0x0c, aidlen, aid);
+ return map_sw (sw);
+}
+
+
+gpg_error_t
+iso7816_select_file (int slot, int tag, int is_dir,
+ unsigned char **result, size_t *resultlen)
+{
+ int sw, p0, p1;
+ unsigned char tagbuf[2];
+
+ tagbuf[0] = (tag >> 8) & 0xff;
+ tagbuf[1] = tag & 0xff;
+
+ if (result || resultlen)
+ {
+ *result = NULL;
+ *resultlen = 0;
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ }
+ else
+ {
+ p0 = (tag == 0x3F00)? 0: is_dir? 1:2;
+ p1 = 0x0c; /* No FC return. */
+ sw = apdu_send_simple (slot, 0, 0x00, CMD_SELECT_FILE,
+ p0, p1, 2, (char*)tagbuf );
+ return map_sw (sw);
+ }
+
+ return 0;
+}
+
+
+/* Do a select file command with a direct path. */
+gpg_error_t
+iso7816_select_path (int slot, const unsigned short *path, size_t pathlen,
+ unsigned char **result, size_t *resultlen)
+{
+ int sw, p0, p1;
+ unsigned char buffer[100];
+ int buflen;
+
+ if (result || resultlen)
+ {
+ *result = NULL;
+ *resultlen = 0;
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ }
+
+ if (pathlen/2 >= sizeof buffer)
+ return gpg_error (GPG_ERR_TOO_LARGE);
+
+ for (buflen = 0; pathlen; pathlen--, path++)
+ {
+ buffer[buflen++] = (*path >> 8);
+ buffer[buflen++] = *path;
+ }
+
+ p0 = 0x08;
+ p1 = 0x0c; /* No FC return. */
+ sw = apdu_send_simple (slot, 0, 0x00, CMD_SELECT_FILE,
+ p0, p1, buflen, (char*)buffer );
+ return map_sw (sw);
+}
+
+
+/* This is a private command currently only working for TCOS cards. */
+gpg_error_t
+iso7816_list_directory (int slot, int list_dirs,
+ unsigned char **result, size_t *resultlen)
+{
+ int sw;
+
+ if (!result || !resultlen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ *result = NULL;
+ *resultlen = 0;
+
+ sw = apdu_send (slot, 0, 0x80, 0xAA, list_dirs? 1:2, 0, -1, NULL,
+ result, resultlen);
+ if (sw != SW_SUCCESS)
+ {
+ /* Make sure that pending buffers are released. */
+ xfree (*result);
+ *result = NULL;
+ *resultlen = 0;
+ }
+ return map_sw (sw);
+}
+
+
+/* This funcion sends an already formatted APDU to the card. With
+ HANDLE_MORE set to true a MORE DATA status will be handled
+ internally. The return value is a gpg error code (i.e. a mapped
+ status word). This is basically the same as apdu_send_direct but
+ it maps the status word and does not return it in the result
+ buffer. */
+gpg_error_t
+iso7816_apdu_direct (int slot, const void *apdudata, size_t apdudatalen,
+ int handle_more,
+ unsigned char **result, size_t *resultlen)
+{
+ int sw;
+
+ if (!result || !resultlen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ *result = NULL;
+ *resultlen = 0;
+
+ sw = apdu_send_direct (slot, 0, apdudata, apdudatalen, handle_more,
+ result, resultlen);
+ if (!sw)
+ {
+ if (*resultlen < 2)
+ sw = SW_HOST_GENERAL_ERROR;
+ else
+ {
+ sw = ((*result)[*resultlen-2] << 8) | (*result)[*resultlen-1];
+ (*resultlen)--;
+ (*resultlen)--;
+ }
+ }
+ if (sw != SW_SUCCESS)
+ {
+ /* Make sure that pending buffers are released. */
+ xfree (*result);
+ *result = NULL;
+ *resultlen = 0;
+ }
+ return map_sw (sw);
+}
+
+
+/* Check whether the reader supports the ISO command code COMMAND on
+ the keypad. Returns 0 on success. */
+gpg_error_t
+iso7816_check_keypad (int slot, int command, iso7816_pininfo_t *pininfo)
+{
+ int sw;
+
+ sw = apdu_check_keypad (slot, command,
+ pininfo->mode, pininfo->minlen, pininfo->maxlen,
+ pininfo->padlen);
+ return iso7816_map_sw (sw);
+}
+
+
+/* Perform a VERIFY command on SLOT using the card holder verification
+ vector CHVNO with a CHV of lenght CHVLEN. With PININFO non-NULL
+ the keypad of the reader will be used. Returns 0 on success. */
+gpg_error_t
+iso7816_verify_kp (int slot, int chvno, const char *chv, size_t chvlen,
+ iso7816_pininfo_t *pininfo)
+{
+ int sw;
+
+ if (pininfo && pininfo->mode)
+ sw = apdu_send_simple_kp (slot, 0x00, CMD_VERIFY, 0, chvno, chvlen, chv,
+ pininfo->mode,
+ pininfo->minlen,
+ pininfo->maxlen,
+ pininfo->padlen);
+ else
+ sw = apdu_send_simple (slot, 0, 0x00, CMD_VERIFY, 0, chvno, chvlen, chv);
+ return map_sw (sw);
+}
+
+/* Perform a VERIFY command on SLOT using the card holder verification
+ vector CHVNO with a CHV of lenght CHVLEN. Returns 0 on success. */
+gpg_error_t
+iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen)
+{
+ return iso7816_verify_kp (slot, chvno, chv, chvlen, NULL);
+}
+
+/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
+ verification vector CHVNO. If the OLDCHV is NULL (and OLDCHVLEN
+ 0), a "change reference data" is done, otherwise an "exchange
+ reference data". The new reference data is expected in NEWCHV of
+ length NEWCHVLEN. With PININFO non-NULL the keypad of the reader
+ will be used. */
+gpg_error_t
+iso7816_change_reference_data_kp (int slot, int chvno,
+ const char *oldchv, size_t oldchvlen,
+ const char *newchv, size_t newchvlen,
+ iso7816_pininfo_t *pininfo)
+{
+ int sw;
+ char *buf;
+
+ if ((!oldchv && oldchvlen)
+ || (oldchv && !oldchvlen)
+ || !newchv || !newchvlen )
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ buf = xtrymalloc (oldchvlen + newchvlen);
+ if (!buf)
+ return gpg_error (gpg_err_code_from_errno (errno));
+ if (oldchvlen)
+ memcpy (buf, oldchv, oldchvlen);
+ memcpy (buf+oldchvlen, newchv, newchvlen);
+
+ if (pininfo && pininfo->mode)
+ sw = apdu_send_simple_kp (slot, 0x00, CMD_CHANGE_REFERENCE_DATA,
+ oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf,
+ pininfo->mode,
+ pininfo->minlen,
+ pininfo->maxlen,
+ pininfo->padlen);
+ else
+ sw = apdu_send_simple (slot, 0, 0x00, CMD_CHANGE_REFERENCE_DATA,
+ oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf);
+ xfree (buf);
+ return map_sw (sw);
+
+}
+
+/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
+ verification vector CHVNO. If the OLDCHV is NULL (and OLDCHVLEN
+ 0), a "change reference data" is done, otherwise an "exchange
+ reference data". The new reference data is expected in NEWCHV of
+ length NEWCHVLEN. */
+gpg_error_t
+iso7816_change_reference_data (int slot, int chvno,
+ const char *oldchv, size_t oldchvlen,
+ const char *newchv, size_t newchvlen)
+{
+ return iso7816_change_reference_data_kp (slot, chvno, oldchv, oldchvlen,
+ newchv, newchvlen, NULL);
+}
+
+
+gpg_error_t
+iso7816_reset_retry_counter_kp (int slot, int chvno,
+ const char *newchv, size_t newchvlen,
+ iso7816_pininfo_t *pininfo)
+{
+ int sw;
+
+ if (!newchv || !newchvlen )
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ /* FIXME: The keypad mode has not yet been tested. */
+ if (pininfo && pininfo->mode)
+ sw = apdu_send_simple_kp (slot, 0x00, CMD_RESET_RETRY_COUNTER,
+ 2, chvno, newchvlen, newchv,
+ pininfo->mode,
+ pininfo->minlen,
+ pininfo->maxlen,
+ pininfo->padlen);
+ else
+ sw = apdu_send_simple (slot, 0, 0x00, CMD_RESET_RETRY_COUNTER,
+ 2, chvno, newchvlen, newchv);
+ return map_sw (sw);
+}
+
+
+gpg_error_t
+iso7816_reset_retry_counter_with_rc (int slot, int chvno,
+ const char *data, size_t datalen)
+{
+ int sw;
+
+ if (!data || !datalen )
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ sw = apdu_send_simple (slot, 0, 0x00, CMD_RESET_RETRY_COUNTER,
+ 0, chvno, datalen, data);
+ return map_sw (sw);
+}
+
+
+gpg_error_t
+iso7816_reset_retry_counter (int slot, int chvno,
+ const char *newchv, size_t newchvlen)
+{
+ return iso7816_reset_retry_counter_kp (slot, chvno, newchv, newchvlen, NULL);
+}
+
+
+
+/* Perform a GET DATA command requesting TAG and storing the result in
+ a newly allocated buffer at the address passed by RESULT. Return
+ the length of this data at the address of RESULTLEN. */
+gpg_error_t
+iso7816_get_data (int slot, int extended_mode, int tag,
+ unsigned char **result, size_t *resultlen)
+{
+ int sw;
+ int le;
+
+ if (!result || !resultlen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ *result = NULL;
+ *resultlen = 0;
+
+ if (extended_mode > 0 && extended_mode < 256)
+ le = 65534; /* Not 65535 in case it is used as some special flag. */
+ else if (extended_mode > 0)
+ le = extended_mode;
+ else
+ le = 256;
+
+ sw = apdu_send_le (slot, extended_mode, 0x00, CMD_GET_DATA,
+ ((tag >> 8) & 0xff), (tag & 0xff), -1, NULL, le,
+ result, resultlen);
+ if (sw != SW_SUCCESS)
+ {
+ /* Make sure that pending buffers are released. */
+ xfree (*result);
+ *result = NULL;
+ *resultlen = 0;
+ return map_sw (sw);
+ }
+
+ return 0;
+}
+
+
+/* Perform a PUT DATA command on card in SLOT. Write DATA of length
+ DATALEN to TAG. EXTENDED_MODE controls whether extended length
+ headers or command chaining is used instead of single length
+ bytes. */
+gpg_error_t
+iso7816_put_data (int slot, int extended_mode, int tag,
+ const void *data, size_t datalen)
+{
+ int sw;
+
+ sw = apdu_send_simple (slot, extended_mode, 0x00, CMD_PUT_DATA,
+ ((tag >> 8) & 0xff), (tag & 0xff),
+ datalen, (const char*)data);
+ return map_sw (sw);
+}
+
+/* Same as iso7816_put_data but uses an odd instruction byte. */
+gpg_error_t
+iso7816_put_data_odd (int slot, int extended_mode, int tag,
+ const void *data, size_t datalen)
+{
+ int sw;
+
+ sw = apdu_send_simple (slot, extended_mode, 0x00, CMD_PUT_DATA+1,
+ ((tag >> 8) & 0xff), (tag & 0xff),
+ datalen, (const char*)data);
+ return map_sw (sw);
+}
+
+/* Manage Security Environment. This is a weird operation and there
+ is no easy abstraction for it. Furthermore, some card seem to have
+ a different interpreation of 7816-8 and thus we resort to let the
+ caller decide what to do. */
+gpg_error_t
+iso7816_manage_security_env (int slot, int p1, int p2,
+ const unsigned char *data, size_t datalen)
+{
+ int sw;
+
+ if (p1 < 0 || p1 > 255 || p2 < 0 || p2 > 255 )
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ sw = apdu_send_simple (slot, 0, 0x00, CMD_MSE, p1, p2,
+ data? datalen : -1, (const char*)data);
+ return map_sw (sw);
+}
+
+
+/* Perform the security operation COMPUTE DIGITAL SIGANTURE. On
+ success 0 is returned and the data is availavle in a newly
+ allocated buffer stored at RESULT with its length stored at
+ RESULTLEN. For LE see do_generate_keypair. */
+gpg_error_t
+iso7816_compute_ds (int slot, int extended_mode,
+ const unsigned char *data, size_t datalen, int le,
+ unsigned char **result, size_t *resultlen)
+{
+ int sw;
+
+ if (!data || !datalen || !result || !resultlen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ *result = NULL;
+ *resultlen = 0;
+
+ if (!extended_mode)
+ le = 256; /* Ignore provided Le and use what apdu_send uses. */
+ else if (le >= 0 && le < 256)
+ le = 256;
+
+ sw = apdu_send_le (slot, extended_mode,
+ 0x00, CMD_PSO, 0x9E, 0x9A,
+ datalen, (const char*)data,
+ le,
+ result, resultlen);
+ if (sw != SW_SUCCESS)
+ {
+ /* Make sure that pending buffers are released. */
+ xfree (*result);
+ *result = NULL;
+ *resultlen = 0;
+ return map_sw (sw);
+ }
+
+ return 0;
+}
+
+
+/* Perform the security operation DECIPHER. PADIND is the padding
+ indicator to be used. It should be 0 if no padding is required, a
+ value of -1 suppresses the padding byte. On success 0 is returned
+ and the plaintext is available in a newly allocated buffer stored
+ at RESULT with its length stored at RESULTLEN. For LE see
+ do_generate_keypair. */
+gpg_error_t
+iso7816_decipher (int slot, int extended_mode,
+ const unsigned char *data, size_t datalen, int le,
+ int padind, unsigned char **result, size_t *resultlen)
+{
+ int sw;
+ unsigned char *buf;
+
+ if (!data || !datalen || !result || !resultlen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ *result = NULL;
+ *resultlen = 0;
+
+ if (!extended_mode)
+ le = 256; /* Ignore provided Le and use what apdu_send uses. */
+ else if (le >= 0 && le < 256)
+ le = 256;
+
+ if (padind >= 0)
+ {
+ /* We need to prepend the padding indicator. */
+ buf = xtrymalloc (datalen + 1);
+ if (!buf)
+ return gpg_error (gpg_err_code_from_errno (errno));
+
+ *buf = padind; /* Padding indicator. */
+ memcpy (buf+1, data, datalen);
+ sw = apdu_send_le (slot, extended_mode,
+ 0x00, CMD_PSO, 0x80, 0x86,
+ datalen+1, (char*)buf, le,
+ result, resultlen);
+ xfree (buf);
+ }
+ else
+ {
+ sw = apdu_send_le (slot, extended_mode,
+ 0x00, CMD_PSO, 0x80, 0x86,
+ datalen, (const char *)data, le,
+ result, resultlen);
+ }
+ if (sw != SW_SUCCESS)
+ {
+ /* Make sure that pending buffers are released. */
+ xfree (*result);
+ *result = NULL;
+ *resultlen = 0;
+ return map_sw (sw);
+ }
+
+ return 0;
+}
+
+
+/* For LE see do_generate_keypair. */
+gpg_error_t
+iso7816_internal_authenticate (int slot, int extended_mode,
+ const unsigned char *data, size_t datalen,
+ int le,
+ unsigned char **result, size_t *resultlen)
+{
+ int sw;
+
+ if (!data || !datalen || !result || !resultlen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ *result = NULL;
+ *resultlen = 0;
+
+ if (!extended_mode)
+ le = 256; /* Ignore provided Le and use what apdu_send uses. */
+ else if (le >= 0 && le < 256)
+ le = 256;
+
+ sw = apdu_send_le (slot, extended_mode,
+ 0x00, CMD_INTERNAL_AUTHENTICATE, 0, 0,
+ datalen, (const char*)data,
+ le,
+ result, resultlen);
+ if (sw != SW_SUCCESS)
+ {
+ /* Make sure that pending buffers are released. */
+ xfree (*result);
+ *result = NULL;
+ *resultlen = 0;
+ return map_sw (sw);
+ }
+
+ return 0;
+}
+
+
+/* LE is the expected return length. This is usually 0 except if
+ extended length mode is used and more than 256 byte will be
+ returned. In that case a value of -1 uses a large default
+ (e.g. 4096 bytes), a value larger 256 used that value. */
+static gpg_error_t
+do_generate_keypair (int slot, int extended_mode, int readonly,
+ const unsigned char *data, size_t datalen,
+ int le,
+ unsigned char **result, size_t *resultlen)
+{
+ int sw;
+
+ if (!data || !datalen || !result || !resultlen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ *result = NULL;
+ *resultlen = 0;
+
+ sw = apdu_send_le (slot, extended_mode,
+ 0x00, CMD_GENERATE_KEYPAIR, readonly? 0x81:0x80, 0,
+ datalen, (const char*)data,
+ le >= 0 && le < 256? 256:le,
+ result, resultlen);
+ if (sw != SW_SUCCESS)
+ {
+ /* Make sure that pending buffers are released. */
+ xfree (*result);
+ *result = NULL;
+ *resultlen = 0;
+ return map_sw (sw);
+ }
+
+ return 0;
+}
+
+
+gpg_error_t
+iso7816_generate_keypair (int slot, int extended_mode,
+ const unsigned char *data, size_t datalen,
+ int le,
+ unsigned char **result, size_t *resultlen)
+{
+ return do_generate_keypair (slot, extended_mode, 0,
+ data, datalen, le, result, resultlen);
+}
+
+
+gpg_error_t
+iso7816_read_public_key (int slot, int extended_mode,
+ const unsigned char *data, size_t datalen,
+ int le,
+ unsigned char **result, size_t *resultlen)
+{
+ return do_generate_keypair (slot, extended_mode, 1,
+ data, datalen, le, result, resultlen);
+}
+
+
+
+gpg_error_t
+iso7816_get_challenge (int slot, int length, unsigned char *buffer)
+{
+ int sw;
+ unsigned char *result;
+ size_t resultlen, n;
+
+ if (!buffer || length < 1)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ do
+ {
+ result = NULL;
+ n = length > 254? 254 : length;
+ sw = apdu_send_le (slot, 0,
+ 0x00, CMD_GET_CHALLENGE, 0, 0, -1, NULL, n,
+ &result, &resultlen);
+ if (sw != SW_SUCCESS)
+ {
+ /* Make sure that pending buffers are released. */
+ xfree (result);
+ return map_sw (sw);
+ }
+ if (resultlen > n)
+ resultlen = n;
+ memcpy (buffer, result, resultlen);
+ buffer += resultlen;
+ length -= resultlen;
+ xfree (result);
+ }
+ while (length > 0);
+
+ return 0;
+}
+
+/* Perform a READ BINARY command requesting a maximum of NMAX bytes
+ from OFFSET. With NMAX = 0 the entire file is read. The result is
+ stored in a newly allocated buffer at the address passed by RESULT.
+ Returns the length of this data at the address of RESULTLEN. */
+gpg_error_t
+iso7816_read_binary (int slot, size_t offset, size_t nmax,
+ unsigned char **result, size_t *resultlen)
+{
+ int sw;
+ unsigned char *buffer;
+ size_t bufferlen;
+ int read_all = !nmax;
+ size_t n;
+
+ if (!result || !resultlen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ *result = NULL;
+ *resultlen = 0;
+
+ /* We can only encode 15 bits in p0,p1 to indicate an offset. Thus
+ we check for this limit. */
+ if (offset > 32767)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ do
+ {
+ buffer = NULL;
+ bufferlen = 0;
+ n = read_all? 0 : nmax;
+ sw = apdu_send_le (slot, 0, 0x00, CMD_READ_BINARY,
+ ((offset>>8) & 0xff), (offset & 0xff) , -1, NULL,
+ n, &buffer, &bufferlen);
+ if ( SW_EXACT_LENGTH_P(sw) )
+ {
+ n = (sw & 0x00ff);
+ sw = apdu_send_le (slot, 0, 0x00, CMD_READ_BINARY,
+ ((offset>>8) & 0xff), (offset & 0xff) , -1, NULL,
+ n, &buffer, &bufferlen);
+ }
+
+ if (*result && sw == SW_BAD_P0_P1)
+ {
+ /* Bad Parameter means that the offset is outside of the
+ EF. When reading all data we take this as an indication
+ for EOF. */
+ break;
+ }
+
+ if (sw != SW_SUCCESS && sw != SW_EOF_REACHED)
+ {
+ /* Make sure that pending buffers are released. */
+ xfree (buffer);
+ xfree (*result);
+ *result = NULL;
+ *resultlen = 0;
+ return map_sw (sw);
+ }
+ if (*result) /* Need to extend the buffer. */
+ {
+ unsigned char *p = xtryrealloc (*result, *resultlen + bufferlen);
+ if (!p)
+ {
+ gpg_error_t err = gpg_error_from_syserror ();
+ xfree (buffer);
+ xfree (*result);
+ *result = NULL;
+ *resultlen = 0;
+ return err;
+ }
+ *result = p;
+ memcpy (*result + *resultlen, buffer, bufferlen);
+ *resultlen += bufferlen;
+ xfree (buffer);
+ buffer = NULL;
+ }
+ else /* Transfer the buffer into our result. */
+ {
+ *result = buffer;
+ *resultlen = bufferlen;
+ }
+ offset += bufferlen;
+ if (offset > 32767)
+ break; /* We simply truncate the result for too large
+ files. */
+ if (nmax > bufferlen)
+ nmax -= bufferlen;
+ else
+ nmax = 0;
+ }
+ while ((read_all && sw != SW_EOF_REACHED) || (!read_all && nmax));
+
+ return 0;
+}
+
+/* Perform a READ RECORD command. RECNO gives the record number to
+ read with 0 indicating the current record. RECCOUNT must be 1 (not
+ all cards support reading of more than one record). SHORT_EF
+ should be 0 to read the current EF or contain a short EF. The
+ result is stored in a newly allocated buffer at the address passed
+ by RESULT. Returns the length of this data at the address of
+ RESULTLEN. */
+gpg_error_t
+iso7816_read_record (int slot, int recno, int reccount, int short_ef,
+ unsigned char **result, size_t *resultlen)
+{
+ int sw;
+ unsigned char *buffer;
+ size_t bufferlen;
+
+ if (!result || !resultlen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ *result = NULL;
+ *resultlen = 0;
+
+ /* We can only encode 15 bits in p0,p1 to indicate an offset. Thus
+ we check for this limit. */
+ if (recno < 0 || recno > 255 || reccount != 1
+ || short_ef < 0 || short_ef > 254 )
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ buffer = NULL;
+ bufferlen = 0;
+ sw = apdu_send_le (slot, 0, 0x00, CMD_READ_RECORD,
+ recno,
+ short_ef? short_ef : 0x04,
+ -1, NULL,
+ 0, &buffer, &bufferlen);
+
+ if (sw != SW_SUCCESS && sw != SW_EOF_REACHED)
+ {
+ /* Make sure that pending buffers are released. */
+ xfree (buffer);
+ xfree (*result);
+ *result = NULL;
+ *resultlen = 0;
+ return map_sw (sw);
+ }
+ *result = buffer;
+ *resultlen = bufferlen;
+
+ return 0;
+}
+
diff --git a/scd/iso7816.h b/scd/iso7816.h
new file mode 100644
index 0000000..8519712
--- /dev/null
+++ b/scd/iso7816.h
@@ -0,0 +1,123 @@
+/* iso7816.h - ISO 7816 commands
+ * Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ISO7816_H
+#define ISO7816_H
+
+#if GNUPG_MAJOR_VERSION == 1
+#include "cardglue.h"
+#endif
+
+/* Command codes used by iso7816_check_keypad. */
+#define ISO7816_VERIFY 0x20
+#define ISO7816_CHANGE_REFERENCE_DATA 0x24
+#define ISO7816_RESET_RETRY_COUNTER 0x2C
+
+
+/* Information to be passed to keypad equipped readers. See
+ ccid-driver.c for details. */
+struct iso7816_pininfo_s
+{
+ int mode; /* A mode of 0 means: Do not use the keypad. */
+ int minlen;
+ int maxlen;
+ int padlen;
+ int padchar;
+};
+typedef struct iso7816_pininfo_s iso7816_pininfo_t;
+
+
+gpg_error_t iso7816_map_sw (int sw);
+
+gpg_error_t iso7816_select_application (int slot,
+ const char *aid, size_t aidlen,
+ unsigned int flags);
+gpg_error_t iso7816_select_file (int slot, int tag, int is_dir,
+ unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_select_path (int slot,
+ const unsigned short *path, size_t pathlen,
+ unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_list_directory (int slot, int list_dirs,
+ unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_apdu_direct (int slot,
+ const void *apdudata, size_t apdudatalen,
+ int handle_more,
+ unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_check_keypad (int slot, int command,
+ iso7816_pininfo_t *pininfo);
+gpg_error_t iso7816_verify (int slot,
+ int chvno, const char *chv, size_t chvlen);
+gpg_error_t iso7816_verify_kp (int slot,
+ int chvno, const char *chv, size_t chvlen,
+ iso7816_pininfo_t *pininfo);
+gpg_error_t iso7816_change_reference_data (int slot, int chvno,
+ const char *oldchv, size_t oldchvlen,
+ const char *newchv, size_t newchvlen);
+gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno,
+ const char *oldchv, size_t oldchvlen,
+ const char *newchv, size_t newchvlen,
+ iso7816_pininfo_t *pininfo);
+gpg_error_t iso7816_reset_retry_counter (int slot, int chvno,
+ const char *newchv, size_t newchvlen);
+gpg_error_t iso7816_reset_retry_counter_kp (int slot, int chvno,
+ const char *newchv,
+ size_t newchvlen,
+ iso7816_pininfo_t *pininfo);
+gpg_error_t iso7816_reset_retry_counter_with_rc (int slot, int chvno,
+ const char *data,
+ size_t datalen);
+gpg_error_t iso7816_get_data (int slot, int extended_mode, int tag,
+ unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_put_data (int slot, int extended_mode, int tag,
+ const void *data, size_t datalen);
+gpg_error_t iso7816_put_data_odd (int slot, int extended_mode, int tag,
+ const void *data, size_t datalen);
+gpg_error_t iso7816_manage_security_env (int slot, int p1, int p2,
+ const unsigned char *data,
+ size_t datalen);
+gpg_error_t iso7816_compute_ds (int slot, int extended_mode,
+ const unsigned char *data, size_t datalen,
+ int le,
+ unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_decipher (int slot, int extended_mode,
+ const unsigned char *data, size_t datalen,
+ int le, int padind,
+ unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_internal_authenticate (int slot, int extended_mode,
+ const unsigned char *data, size_t datalen,
+ int le,
+ unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_generate_keypair (int slot, int extended_mode,
+ const unsigned char *data, size_t datalen,
+ int le,
+ unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_read_public_key (int slot, int extended_mode,
+ const unsigned char *data, size_t datalen,
+ int le,
+ unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_get_challenge (int slot,
+ int length, unsigned char *buffer);
+
+gpg_error_t iso7816_read_binary (int slot, size_t offset, size_t nmax,
+ unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_read_record (int slot, int recno, int reccount,
+ int short_ef,
+ unsigned char **result, size_t *resultlen);
+
+#endif /*ISO7816_H*/
diff --git a/scd/pcsc-wrapper.c b/scd/pcsc-wrapper.c
new file mode 100644
index 0000000..ee974ac
--- /dev/null
+++ b/scd/pcsc-wrapper.c
@@ -0,0 +1,848 @@
+/* pcsc-wrapper.c - Wrapper for accessing the PC/SC service
+ * Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ This wrapper is required to handle problems with the libpscslite
+ library. That library assumes that pthreads are used and fails
+ badly if one tries to use it with a procerss using Pth.
+
+ The operation model is pretty simple: It reads requests from stdin
+ and returns the answer on stdout. There is no direct mapping to the
+ pcsc interface but to a higher level one which resembles the code
+ used in scdaemon (apdu.c) when not using Pth or while running under
+ Windows.
+
+ The interface is binary consisting of a command tag and the length
+ of the parameter list. The calling process needs to pass the
+ version number of the interface on the command line to make sure
+ that both agree on the same interface. For each port a separate
+ instance of this process needs to be started.
+
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <dlfcn.h>
+
+
+#define PGM "pcsc-wrapper"
+
+/* Allow for a standalone build. */
+#ifdef VERSION
+#define MYVERSION_LINE PGM " (GnuPG) " VERSION
+#define BUGREPORT_LINE "\nReport bugs to <bug-gnupg@gnu.org>.\n"
+#else
+#define MYVERSION_LINE PGM
+#define BUGREPORT_LINE ""
+#endif
+
+#define DEFAULT_PCSC_DRIVER "libpcsclite.so"
+
+
+static int verbose;
+
+
+/* PC/SC constants and function pointer. */
+#define PCSC_SCOPE_USER 0
+#define PCSC_SCOPE_TERMINAL 1
+#define PCSC_SCOPE_SYSTEM 2
+#define PCSC_SCOPE_GLOBAL 3
+
+#define PCSC_PROTOCOL_T0 1
+#define PCSC_PROTOCOL_T1 2
+#define PCSC_PROTOCOL_RAW 4
+
+#define PCSC_SHARE_EXCLUSIVE 1
+#define PCSC_SHARE_SHARED 2
+#define PCSC_SHARE_DIRECT 3
+
+#define PCSC_LEAVE_CARD 0
+#define PCSC_RESET_CARD 1
+#define PCSC_UNPOWER_CARD 2
+#define PCSC_EJECT_CARD 3
+
+#define PCSC_UNKNOWN 0x0001
+#define PCSC_ABSENT 0x0002 /* Card is absent. */
+#define PCSC_PRESENT 0x0004 /* Card is present. */
+#define PCSC_SWALLOWED 0x0008 /* Card is present and electrical connected. */
+#define PCSC_POWERED 0x0010 /* Card is powered. */
+#define PCSC_NEGOTIABLE 0x0020 /* Card is awaiting PTS. */
+#define PCSC_SPECIFIC 0x0040 /* Card is ready for use. */
+
+#define PCSC_STATE_UNAWARE 0x0000 /* Want status. */
+#define PCSC_STATE_IGNORE 0x0001 /* Ignore this reader. */
+#define PCSC_STATE_CHANGED 0x0002 /* State has changed. */
+#define PCSC_STATE_UNKNOWN 0x0004 /* Reader unknown. */
+#define PCSC_STATE_UNAVAILABLE 0x0008 /* Status unavailable. */
+#define PCSC_STATE_EMPTY 0x0010 /* Card removed. */
+#define PCSC_STATE_PRESENT 0x0020 /* Card inserted. */
+#define PCSC_STATE_ATRMATCH 0x0040 /* ATR matches card. */
+#define PCSC_STATE_EXCLUSIVE 0x0080 /* Exclusive Mode. */
+#define PCSC_STATE_INUSE 0x0100 /* Shared mode. */
+#define PCSC_STATE_MUTE 0x0200 /* Unresponsive card. */
+
+struct pcsc_io_request_s {
+ unsigned long protocol;
+ unsigned long pci_len;
+};
+
+typedef struct pcsc_io_request_s *pcsc_io_request_t;
+
+struct pcsc_readerstate_s
+{
+ const char *reader;
+ void *user_data;
+ unsigned long current_state;
+ unsigned long event_state;
+ unsigned long atrlen;
+ unsigned char atr[33];
+};
+
+typedef struct pcsc_readerstate_s *pcsc_readerstate_t;
+
+
+static int driver_is_open; /* True if the PC/SC driver has been
+ initialzied and is ready for
+ operations. The following variables
+ are then valid. */
+static unsigned long pcsc_context; /* The current PC/CS context. */
+static char *current_rdrname;
+static unsigned long pcsc_card;
+static unsigned long pcsc_protocol;
+static unsigned char current_atr[33];
+static size_t current_atrlen;
+
+long (* pcsc_establish_context) (unsigned long scope,
+ const void *reserved1,
+ const void *reserved2,
+ unsigned long *r_context);
+long (* pcsc_release_context) (unsigned long context);
+long (* pcsc_list_readers) (unsigned long context,
+ const char *groups,
+ char *readers, unsigned long*readerslen);
+long (* pcsc_get_status_change) (unsigned long context,
+ unsigned long timeout,
+ pcsc_readerstate_t readerstates,
+ unsigned long nreaderstates);
+long (* pcsc_connect) (unsigned long context,
+ const char *reader,
+ unsigned long share_mode,
+ unsigned long preferred_protocols,
+ unsigned long *r_card,
+ unsigned long *r_active_protocol);
+long (* pcsc_reconnect) (unsigned long card,
+ unsigned long share_mode,
+ unsigned long preferred_protocols,
+ unsigned long initialization,
+ unsigned long *r_active_protocol);
+long (* pcsc_disconnect) (unsigned long card,
+ unsigned long disposition);
+long (* pcsc_status) (unsigned long card,
+ char *reader, unsigned long *readerlen,
+ unsigned long *r_state,
+ unsigned long *r_protocol,
+ unsigned char *atr, unsigned long *atrlen);
+long (* pcsc_begin_transaction) (unsigned long card);
+long (* pcsc_end_transaction) (unsigned long card,
+ unsigned long disposition);
+long (* pcsc_transmit) (unsigned long card,
+ const pcsc_io_request_t send_pci,
+ const unsigned char *send_buffer,
+ unsigned long send_len,
+ pcsc_io_request_t recv_pci,
+ unsigned char *recv_buffer,
+ unsigned long *recv_len);
+long (* pcsc_set_timeout) (unsigned long context,
+ unsigned long timeout);
+
+
+
+static void
+bad_request (const char *type)
+{
+ fprintf (stderr, PGM ": bad `%s' request\n", type);
+ exit (1);
+}
+
+static void
+request_failed (int err)
+{
+ if (!err)
+ err = -1;
+
+ putchar (0x81); /* Simple error/success response. */
+
+ putchar (0);
+ putchar (0);
+ putchar (0);
+ putchar (4);
+
+ putchar ((err >> 24) & 0xff);
+ putchar ((err >> 16) & 0xff);
+ putchar ((err >> 8) & 0xff);
+ putchar ((err ) & 0xff);
+
+ fflush (stdout);
+}
+
+
+static void
+request_succeeded (const void *buffer, size_t buflen)
+{
+ size_t len;
+
+ putchar (0x81); /* Simple error/success response. */
+
+ len = 4 + buflen;
+ putchar ((len >> 24) & 0xff);
+ putchar ((len >> 16) & 0xff);
+ putchar ((len >> 8) & 0xff);
+ putchar ((len ) & 0xff);
+
+ /* Error code. */
+ putchar (0);
+ putchar (0);
+ putchar (0);
+ putchar (0);
+
+ /* Optional reponse string. */
+ if (buffer)
+ fwrite (buffer, buflen, 1, stdout);
+
+ fflush (stdout);
+}
+
+
+
+static unsigned long
+read_32 (FILE *fp)
+{
+ int c1, c2, c3, c4;
+
+ c1 = getc (fp);
+ c2 = getc (fp);
+ c3 = getc (fp);
+ c4 = getc (fp);
+ if (c1 == EOF || c2 == EOF || c3 == EOF || c4 == EOF)
+ {
+ fprintf (stderr, PGM ": premature EOF while parsing request\n");
+ exit (1);
+ }
+ return (c1 << 24) | (c2 << 16) | (c3 << 8) | c4;
+}
+
+
+
+static const char *
+pcsc_error_string (long err)
+{
+ const char *s;
+
+ if (!err)
+ return "okay";
+ if ((err & 0x80100000) != 0x80100000)
+ return "invalid PC/SC error code";
+ err &= 0xffff;
+ switch (err)
+ {
+ case 0x0002: s = "cancelled"; break;
+ case 0x000e: s = "can't dispose"; break;
+ case 0x0008: s = "insufficient buffer"; break;
+ case 0x0015: s = "invalid ATR"; break;
+ case 0x0003: s = "invalid handle"; break;
+ case 0x0004: s = "invalid parameter"; break;
+ case 0x0005: s = "invalid target"; break;
+ case 0x0011: s = "invalid value"; break;
+ case 0x0006: s = "no memory"; break;
+ case 0x0013: s = "comm error"; break;
+ case 0x0001: s = "internal error"; break;
+ case 0x0014: s = "unknown error"; break;
+ case 0x0007: s = "waited too long"; break;
+ case 0x0009: s = "unknown reader"; break;
+ case 0x000a: s = "timeout"; break;
+ case 0x000b: s = "sharing violation"; break;
+ case 0x000c: s = "no smartcard"; break;
+ case 0x000d: s = "unknown card"; break;
+ case 0x000f: s = "proto mismatch"; break;
+ case 0x0010: s = "not ready"; break;
+ case 0x0012: s = "system cancelled"; break;
+ case 0x0016: s = "not transacted"; break;
+ case 0x0017: s = "reader unavailable"; break;
+ case 0x0065: s = "unsupported card"; break;
+ case 0x0066: s = "unresponsive card"; break;
+ case 0x0067: s = "unpowered card"; break;
+ case 0x0068: s = "reset card"; break;
+ case 0x0069: s = "removed card"; break;
+ case 0x006a: s = "inserted card"; break;
+ case 0x001f: s = "unsupported feature"; break;
+ case 0x0019: s = "PCI too small"; break;
+ case 0x001a: s = "reader unsupported"; break;
+ case 0x001b: s = "duplicate reader"; break;
+ case 0x001c: s = "card unsupported"; break;
+ case 0x001d: s = "no service"; break;
+ case 0x001e: s = "service stopped"; break;
+ default: s = "unknown PC/SC error code"; break;
+ }
+ return s;
+}
+
+static void
+load_pcsc_driver (const char *libname)
+{
+ void *handle;
+
+ handle = dlopen (libname, RTLD_LAZY);
+ if (!handle)
+ {
+ fprintf (stderr, PGM ": failed to open driver `%s': %s",
+ libname, dlerror ());
+ exit (1);
+ }
+
+ pcsc_establish_context = dlsym (handle, "SCardEstablishContext");
+ pcsc_release_context = dlsym (handle, "SCardReleaseContext");
+ pcsc_list_readers = dlsym (handle, "SCardListReaders");
+ pcsc_get_status_change = dlsym (handle, "SCardGetStatusChange");
+ pcsc_connect = dlsym (handle, "SCardConnect");
+ pcsc_reconnect = dlsym (handle, "SCardReconnect");
+ pcsc_disconnect = dlsym (handle, "SCardDisconnect");
+ pcsc_status = dlsym (handle, "SCardStatus");
+ pcsc_begin_transaction = dlsym (handle, "SCardBeginTransaction");
+ pcsc_end_transaction = dlsym (handle, "SCardEndTransaction");
+ pcsc_transmit = dlsym (handle, "SCardTransmit");
+ pcsc_set_timeout = dlsym (handle, "SCardSetTimeout");
+
+ if (!pcsc_establish_context
+ || !pcsc_release_context
+ || !pcsc_list_readers
+ || !pcsc_get_status_change
+ || !pcsc_connect
+ || !pcsc_reconnect
+ || !pcsc_disconnect
+ || !pcsc_status
+ || !pcsc_begin_transaction
+ || !pcsc_end_transaction
+ || !pcsc_transmit
+ /* || !pcsc_set_timeout */)
+ {
+ /* Note that set_timeout is currently not used and also not
+ available under Windows. */
+ fprintf (stderr,
+ "apdu_open_reader: invalid PC/SC driver "
+ "(%d%d%d%d%d%d%d%d%d%d%d%d)\n",
+ !!pcsc_establish_context,
+ !!pcsc_release_context,
+ !!pcsc_list_readers,
+ !!pcsc_get_status_change,
+ !!pcsc_connect,
+ !!pcsc_reconnect,
+ !!pcsc_disconnect,
+ !!pcsc_status,
+ !!pcsc_begin_transaction,
+ !!pcsc_end_transaction,
+ !!pcsc_transmit,
+ !!pcsc_set_timeout );
+ dlclose (handle);
+ exit (1);
+ }
+}
+
+
+
+
+/* Handle a open request. The argument is expected to be a string
+ with the port identification. ARGBUF is always guaranteed to be
+ terminted by a 0 which is not counted in ARGLEN. We may modifiy
+ ARGBUF. */
+static void
+handle_open (unsigned char *argbuf, size_t arglen)
+{
+ long err;
+ const char * portstr;
+ char *list = NULL;
+ unsigned long nreader, atrlen;
+ char *p;
+ unsigned long card_state, card_protocol;
+ unsigned char atr[33];
+
+ /* Make sure there is only the port string */
+ if (arglen != strlen ((char*)argbuf))
+ bad_request ("OPEN");
+ portstr = (char*)argbuf;
+
+ if (driver_is_open)
+ {
+ fprintf (stderr, PGM ": PC/SC has already been opened\n");
+ request_failed (-1);
+ return;
+ }
+
+ err = pcsc_establish_context (PCSC_SCOPE_SYSTEM, NULL, NULL, &pcsc_context);
+ if (err)
+ {
+ fprintf (stderr, PGM": pcsc_establish_context failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ request_failed (err);
+ return;
+ }
+
+ err = pcsc_list_readers (pcsc_context, NULL, NULL, &nreader);
+ if (!err)
+ {
+ list = malloc (nreader+1); /* Better add 1 for safety reasons. */
+ if (!list)
+ {
+ fprintf (stderr, PGM": error allocating memory for reader list\n");
+ exit (1);
+ }
+ err = pcsc_list_readers (pcsc_context, NULL, list, &nreader);
+ }
+ if (err)
+ {
+ fprintf (stderr, PGM": pcsc_list_readers failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ pcsc_release_context (pcsc_context);
+ free (list);
+ request_failed (err);
+ return;
+ }
+
+ p = list;
+ while (nreader)
+ {
+ if (!*p && !p[1])
+ break;
+ fprintf (stderr, PGM": detected reader `%s'\n", p);
+ if (nreader < (strlen (p)+1))
+ {
+ fprintf (stderr, PGM": invalid response from pcsc_list_readers\n");
+ break;
+ }
+ nreader -= strlen (p)+1;
+ p += strlen (p) + 1;
+ }
+
+ current_rdrname = malloc (strlen (portstr && *portstr? portstr:list)+1);
+ if (!current_rdrname)
+ {
+ fprintf (stderr, PGM": error allocating memory for reader name\n");
+ exit (1);
+ }
+ strcpy (current_rdrname, portstr && *portstr? portstr:list);
+ free (list);
+
+ err = pcsc_connect (pcsc_context,
+ current_rdrname,
+ PCSC_SHARE_EXCLUSIVE,
+ PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1,
+ &pcsc_card,
+ &pcsc_protocol);
+ if (err == 0x8010000c) /* No smartcard. */
+ {
+ pcsc_card = 0;
+ }
+ else if (err)
+ {
+ fprintf (stderr, PGM": pcsc_connect failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ pcsc_release_context (pcsc_context);
+ free (current_rdrname);
+ current_rdrname = NULL;
+ pcsc_card = 0;
+ pcsc_protocol = 0;
+ request_failed (err);
+ return;
+ }
+
+ current_atrlen = 0;
+ if (!err)
+ {
+ char reader[250];
+ unsigned long readerlen;
+
+ atrlen = 33;
+ readerlen = sizeof reader -1;
+ err = pcsc_status (pcsc_card,
+ reader, &readerlen,
+ &card_state, &card_protocol,
+ atr, &atrlen);
+ if (err)
+ fprintf (stderr, PGM": pcsc_status failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ else
+ {
+ if (atrlen >= sizeof atr || atrlen >= sizeof current_atr)
+ {
+ fprintf (stderr, PGM": ATR returned by pcsc_status"
+ " is too large\n");
+ exit (4);
+ }
+ memcpy (current_atr, atr, atrlen);
+ current_atrlen = atrlen;
+ }
+ }
+
+ driver_is_open = 1;
+ request_succeeded (current_atr, current_atrlen);
+}
+
+
+
+/* Handle a close request. We expect no arguments. We may modifiy
+ ARGBUF. */
+static void
+handle_close (unsigned char *argbuf, size_t arglen)
+{
+ (void)argbuf;
+ (void)arglen;
+
+ if (!driver_is_open)
+ {
+ fprintf (stderr, PGM ": PC/SC has not yet been opened\n");
+ request_failed (-1);
+ return;
+ }
+
+ free (current_rdrname);
+ current_rdrname = NULL;
+ pcsc_release_context (pcsc_context);
+ pcsc_card = 0;
+ pcsc_protocol = 0;
+
+ request_succeeded (NULL, 0);
+}
+
+
+
+/* Handle a status request. We expect no arguments. We may modifiy
+ ARGBUF. */
+static void
+handle_status (unsigned char *argbuf, size_t arglen)
+{
+ long err;
+ struct pcsc_readerstate_s rdrstates[1];
+ int status;
+ unsigned char buf[20];
+
+ (void)argbuf;
+ (void)arglen;
+
+ if (!driver_is_open)
+ {
+ fprintf (stderr, PGM ": PC/SC has not yet been opened\n");
+ request_failed (-1);
+ return;
+ }
+
+ memset (rdrstates, 0, sizeof *rdrstates);
+ rdrstates[0].reader = current_rdrname;
+ rdrstates[0].current_state = PCSC_STATE_UNAWARE;
+ err = pcsc_get_status_change (pcsc_context,
+ 0,
+ rdrstates, 1);
+ if (err == 0x8010000a) /* Timeout. */
+ err = 0;
+ if (err)
+ {
+ fprintf (stderr, PGM": pcsc_get_status_change failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ request_failed (err);
+ return;
+ }
+
+ status = 0;
+ if ( !(rdrstates[0].event_state & PCSC_STATE_UNKNOWN) )
+ {
+ if ( (rdrstates[0].event_state & PCSC_STATE_PRESENT) )
+ status |= 2;
+ if ( !(rdrstates[0].event_state & PCSC_STATE_MUTE) )
+ status |= 4;
+ /* We indicate a useful card if it is not in use by another
+ application. This is because we only use exclusive access
+ mode. */
+ if ( (status & 6) == 6
+ && !(rdrstates[0].event_state & PCSC_STATE_INUSE) )
+ status |= 1;
+ }
+
+ /* First word is identical to the one used by apdu.c. */
+ buf[0] = 0;
+ buf[1] = 0;
+ buf[2] = 0;
+ buf[3] = status;
+ /* The second word is the native PCSC state. */
+ buf[4] = (rdrstates[0].event_state >> 24);
+ buf[5] = (rdrstates[0].event_state >> 16);
+ buf[6] = (rdrstates[0].event_state >> 8);
+ buf[7] = (rdrstates[0].event_state >> 0);
+ /* The third word is the protocol. */
+ buf[8] = (pcsc_protocol >> 24);
+ buf[9] = (pcsc_protocol >> 16);
+ buf[10] = (pcsc_protocol >> 8);
+ buf[11] = (pcsc_protocol);
+
+ request_succeeded (buf, 8);
+}
+
+
+/* Handle a reset request. We expect no arguments. We may modifiy
+ ARGBUF. */
+static void
+handle_reset (unsigned char *argbuf, size_t arglen)
+{
+ long err;
+ char reader[250];
+ unsigned long nreader, atrlen;
+ unsigned long card_state, card_protocol;
+
+ (void)argbuf;
+ (void)arglen;
+
+ if (!driver_is_open)
+ {
+ fprintf (stderr, PGM ": PC/SC has not yet been opened\n");
+ request_failed (-1);
+ return;
+ }
+
+ if (pcsc_card)
+ {
+ err = pcsc_disconnect (pcsc_card, PCSC_LEAVE_CARD);
+ if (err == 0x80100003) /* Invalid handle. (already disconnected) */
+ err = 0;
+ if (err)
+ {
+ fprintf (stderr, PGM": pcsc_disconnect failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ request_failed (err);
+ return;
+ }
+ pcsc_card = 0;
+ }
+
+ err = pcsc_connect (pcsc_context,
+ current_rdrname,
+ PCSC_SHARE_EXCLUSIVE,
+ PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1,
+ &pcsc_card,
+ &pcsc_protocol);
+ if (err)
+ {
+ fprintf (stderr, PGM": pcsc_connect failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ pcsc_card = 0;
+ request_failed (err);
+ return;
+ }
+
+
+ atrlen = 33;
+ nreader = sizeof reader - 1;
+ err = pcsc_status (pcsc_card,
+ reader, &nreader,
+ &card_state, &card_protocol,
+ current_atr, &atrlen);
+ if (err)
+ {
+ fprintf (stderr, PGM": pcsc_status failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ current_atrlen = 0;
+ request_failed (err);
+ return;
+ }
+
+ request_succeeded (current_atr, current_atrlen);
+}
+
+
+
+/* Handle a transmit request. The argument is expected to be a buffer
+ with the APDU. We may modifiy ARGBUF. */
+static void
+handle_transmit (unsigned char *argbuf, size_t arglen)
+{
+ long err;
+ struct pcsc_io_request_s send_pci;
+ unsigned long recv_len;
+ unsigned char buffer[1024];
+
+ /* The apdu should at least be one byte. */
+ if (!arglen)
+ bad_request ("TRANSMIT");
+
+ if (!driver_is_open)
+ {
+ fprintf (stderr, PGM ": PC/SC has not yet been opened\n");
+ request_failed (-1);
+ return;
+ }
+ if ((pcsc_protocol & PCSC_PROTOCOL_T1))
+ send_pci.protocol = PCSC_PROTOCOL_T1;
+ else
+ send_pci.protocol = PCSC_PROTOCOL_T0;
+ send_pci.pci_len = sizeof send_pci;
+ recv_len = sizeof (buffer);
+ err = pcsc_transmit (pcsc_card, &send_pci, argbuf, arglen,
+ NULL, buffer, &recv_len);
+ if (err)
+ {
+ if (verbose)
+ fprintf (stderr, PGM": pcsc_transmit failed: %s (0x%lx)\n",
+ pcsc_error_string (err), err);
+ request_failed (err);
+ return;
+ }
+ request_succeeded (buffer, recv_len);
+}
+
+
+
+static void
+print_version (int with_help)
+{
+ fputs (MYVERSION_LINE "\n"
+ "Copyright (C) 2004 Free Software Foundation, Inc.\n"
+ "This program comes with ABSOLUTELY NO WARRANTY.\n"
+ "This is free software, and you are welcome to redistribute it\n"
+ "under certain conditions. See the file COPYING for details.\n",
+ stdout);
+
+ if (with_help)
+ fputs ("\n"
+ "Usage: " PGM " [OPTIONS] API-NUMBER [LIBNAME]\n"
+ "Helper to connect scdaemon to the PC/SC library\n"
+ "\n"
+ " --verbose enable extra informational output\n"
+ " --version print version of the program and exit\n"
+ " --help display this help and exit\n"
+ BUGREPORT_LINE, stdout );
+
+ exit (0);
+}
+
+
+int
+main (int argc, char **argv)
+{
+ int last_argc = -1;
+ int api_number = 0;
+ int c;
+
+ if (argc)
+ {
+ argc--; argv++;
+ }
+ while (argc && last_argc != argc )
+ {
+ last_argc = argc;
+ if (!strcmp (*argv, "--"))
+ {
+ argc--; argv++;
+ break;
+ }
+ else if (!strcmp (*argv, "--version"))
+ print_version (0);
+ else if (!strcmp (*argv, "--help"))
+ print_version (1);
+ else if (!strcmp (*argv, "--verbose"))
+ {
+ verbose = 1;
+ argc--; argv++;
+ }
+ }
+ if (argc != 1 && argc != 2)
+ {
+ fprintf (stderr, "usage: " PGM " API-NUMBER [LIBNAME]\n");
+ exit (1);
+ }
+
+ api_number = atoi (*argv);
+ argv++; argc--;
+ if (api_number != 1)
+ {
+ fprintf (stderr, PGM ": api-number %d is not valid\n", api_number);
+ exit (1);
+ }
+
+ load_pcsc_driver (argc? *argv : DEFAULT_PCSC_DRIVER);
+
+ while ((c = getc (stdin)) != EOF)
+ {
+ size_t arglen;
+ unsigned char argbuffer[2048];
+
+ arglen = read_32 (stdin);
+ if (arglen >= sizeof argbuffer - 1)
+ {
+ fprintf (stderr, PGM ": request too long\n");
+ exit (1);
+ }
+ if (arglen && fread (argbuffer, arglen, 1, stdin) != 1)
+ {
+ fprintf (stderr, PGM ": error reading request: %s\n",
+ strerror (errno));
+ exit (1);
+ }
+ argbuffer[arglen] = 0;
+ switch (c)
+ {
+ case 1:
+ handle_open (argbuffer, arglen);
+ break;
+
+ case 2:
+ handle_close (argbuffer, arglen);
+ exit (0);
+ break;
+
+ case 3:
+ handle_transmit (argbuffer, arglen);
+ break;
+
+ case 4:
+ handle_status (argbuffer, arglen);
+ break;
+
+ case 5:
+ handle_reset (argbuffer, arglen);
+ break;
+
+ default:
+ fprintf (stderr, PGM ": invalid request 0x%02X\n", c);
+ exit (1);
+ }
+ }
+ return 0;
+}
+
+
+
+/*
+Local Variables:
+compile-command: "gcc -Wall -g -o pcsc-wrapper pcsc-wrapper.c -ldl"
+End:
+*/
diff --git a/scd/scdaemon.c b/scd/scdaemon.c
new file mode 100644
index 0000000..064d342
--- /dev/null
+++ b/scd/scdaemon.c
@@ -0,0 +1,1318 @@
+/* scdaemon.c - The GnuPG Smartcard Daemon
+ * Copyright (C) 2001, 2002, 2004, 2005,
+ * 2007, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdarg.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <time.h>
+#include <fcntl.h>
+#ifndef HAVE_W32_SYSTEM
+#include <sys/socket.h>
+#include <sys/un.h>
+#endif /*HAVE_W32_SYSTEM*/
+#include <unistd.h>
+#include <signal.h>
+#include <pth.h>
+
+#define JNLIB_NEED_LOG_LOGV
+#define JNLIB_NEED_AFLOCAL
+#include "scdaemon.h"
+#include <ksba.h>
+#include <gcrypt.h>
+
+#include <assuan.h> /* malloc hooks */
+
+#include "i18n.h"
+#include "sysutils.h"
+#include "app-common.h"
+#include "apdu.h"
+#include "ccid-driver.h"
+#include "mkdtemp.h"
+#include "gc-opt-flags.h"
+
+enum cmd_and_opt_values
+{ aNull = 0,
+ oCsh = 'c',
+ oQuiet = 'q',
+ oSh = 's',
+ oVerbose = 'v',
+
+ oNoVerbose = 500,
+ aGPGConfList,
+ aGPGConfTest,
+ oOptions,
+ oDebug,
+ oDebugAll,
+ oDebugLevel,
+ oDebugWait,
+ oDebugAllowCoreDump,
+ oDebugCCIDDriver,
+ oDebugLogTid,
+ oNoGreeting,
+ oNoOptions,
+ oHomedir,
+ oNoDetach,
+ oNoGrab,
+ oLogFile,
+ oServer,
+ oMultiServer,
+ oDaemon,
+ oBatch,
+ oReaderPort,
+ oCardTimeout,
+ octapiDriver,
+ opcscDriver,
+ oDisableCCID,
+ oDisableOpenSC,
+ oDisableKeypad,
+ oAllowAdmin,
+ oDenyAdmin,
+ oDisableApplication,
+ oDebugDisableTicker
+};
+
+
+
+static ARGPARSE_OPTS opts[] = {
+ ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
+ ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
+
+ ARGPARSE_group (301, N_("@Options:\n ")),
+
+ ARGPARSE_s_n (oServer,"server", N_("run in server mode (foreground)")),
+ ARGPARSE_s_n (oMultiServer, "multi-server",
+ N_("run in multi server mode (foreground)")),
+ ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")),
+ ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
+ ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
+ ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")),
+ ARGPARSE_s_n (oCsh, "csh", N_("csh-style command output")),
+ ARGPARSE_s_s (oOptions, "options", N_("|FILE|read options from FILE")),
+ ARGPARSE_p_u (oDebug, "debug", "@"),
+ ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
+ ARGPARSE_s_s (oDebugLevel, "debug-level" ,
+ N_("|LEVEL|set the debugging level to LEVEL")),
+ ARGPARSE_s_i (oDebugWait, "debug-wait", "@"),
+ ARGPARSE_s_n (oDebugAllowCoreDump, "debug-allow-core-dump", "@"),
+ ARGPARSE_s_n (oDebugCCIDDriver, "debug-ccid-driver", "@"),
+ ARGPARSE_s_n (oDebugDisableTicker, "debug-disable-ticker", "@"),
+ ARGPARSE_s_n (oDebugLogTid, "debug-log-tid", "@"),
+ ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
+ ARGPARSE_s_s (oLogFile, "log-file", N_("|FILE|write a log to FILE")),
+ ARGPARSE_s_s (oReaderPort, "reader-port",
+ N_("|N|connect to reader at port N")),
+ ARGPARSE_s_s (octapiDriver, "ctapi-driver",
+ N_("|NAME|use NAME as ct-API driver")),
+ ARGPARSE_s_s (opcscDriver, "pcsc-driver",
+ N_("|NAME|use NAME as PC/SC driver")),
+ ARGPARSE_s_n (oDisableCCID, "disable-ccid",
+#ifdef HAVE_LIBUSB
+ N_("do not use the internal CCID driver")
+#else
+ "@"
+#endif
+ /* end --disable-ccid */),
+ ARGPARSE_s_u (oCardTimeout, "card-timeout",
+ N_("|N|disconnect the card after N seconds of inactivity")),
+ ARGPARSE_s_n (oDisableKeypad, "disable-keypad",
+ N_("do not use a reader's keypad")),
+ ARGPARSE_s_n (oAllowAdmin, "allow-admin", "@"),
+ ARGPARSE_s_n (oDenyAdmin, "deny-admin",
+ N_("deny the use of admin card commands")),
+ ARGPARSE_s_s (oDisableApplication, "disable-application", "@"),
+
+ ARGPARSE_end ()
+};
+
+
+/* The card driver we use by default for PC/SC. */
+#if defined(HAVE_W32_SYSTEM) || defined(__CYGWIN__)
+#define DEFAULT_PCSC_DRIVER "winscard.dll"
+#elif defined(__APPLE__)
+#define DEFAULT_PCSC_DRIVER "/System/Library/Frameworks/PCSC.framework/PCSC"
+#elif defined(__GLIBC__)
+#define DEFAULT_PCSC_DRIVER "libpcsclite.so.1"
+#else
+#define DEFAULT_PCSC_DRIVER "libpcsclite.so"
+#endif
+
+/* The timer tick used for housekeeping stuff. We poll every 500ms to
+ let the user immediately know a status change.
+
+ This is not too good for power saving but given that there is no
+ easy way to block on card status changes it is the best we can do.
+ For PC/SC we could in theory use an extra thread to wait for status
+ changes but that requires a native thread because there is no way
+ to make the underlying PC/SC card change function block using a Pth
+ mechanism. Given that a native thread could only be used under W32
+ we don't do that at all. */
+#define TIMERTICK_INTERVAL_SEC (0)
+#define TIMERTICK_INTERVAL_USEC (500000)
+
+/* Flag to indicate that a shutdown was requested. */
+static int shutdown_pending;
+
+/* It is possible that we are currently running under setuid permissions */
+static int maybe_setuid = 1;
+
+/* Flag telling whether we are running as a pipe server. */
+static int pipe_server;
+
+/* Name of the communication socket */
+static char *socket_name;
+
+/* We need to keep track of the server's nonces (these are dummies for
+ POSIX systems). */
+static assuan_sock_nonce_t socket_nonce;
+
+/* Debug flag to disable the ticker. The ticker is in fact not
+ disabled but it won't perform any ticker specific actions. */
+static int ticker_disabled;
+
+
+
+static char *create_socket_name (int use_standard_socket,
+ char *standard_name, char *template);
+static gnupg_fd_t create_server_socket (int is_standard_name, const char *name,
+ assuan_sock_nonce_t *nonce);
+
+static void *start_connection_thread (void *arg);
+static void handle_connections (int listen_fd);
+
+/* Pth wrapper function definitions. */
+ASSUAN_SYSTEM_PTH_IMPL;
+
+GCRY_THREAD_OPTION_PTH_IMPL;
+static int fixed_gcry_pth_init (void)
+{
+ return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0;
+}
+
+
+
+static char *
+make_libversion (const char *libname, const char *(*getfnc)(const char*))
+{
+ const char *s;
+ char *result;
+
+ if (maybe_setuid)
+ {
+ gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ maybe_setuid = 0;
+ }
+ s = getfnc (NULL);
+ result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
+ strcpy (stpcpy (stpcpy (result, libname), " "), s);
+ return result;
+}
+
+
+static const char *
+my_strusage (int level)
+{
+ static char *ver_gcry, *ver_ksba;
+ const char *p;
+
+ switch (level)
+ {
+ case 11: p = "scdaemon (GnuPG)";
+ break;
+ case 13: p = VERSION; break;
+ case 17: p = PRINTABLE_OS_NAME; break;
+ case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+ case 20:
+ if (!ver_gcry)
+ ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
+ p = ver_gcry;
+ break;
+ case 21:
+ if (!ver_ksba)
+ ver_ksba = make_libversion ("libksba", ksba_check_version);
+ p = ver_ksba;
+ break;
+ case 1:
+ case 40: p = _("Usage: scdaemon [options] (-h for help)");
+ break;
+ case 41: p = _("Syntax: scdaemon [options] [command [args]]\n"
+ "Smartcard daemon for GnuPG\n");
+ break;
+
+ default: p = NULL;
+ }
+ return p;
+}
+
+
+static unsigned long
+tid_log_callback (void)
+{
+#ifdef PTH_HAVE_PTH_THREAD_ID
+ return pth_thread_id ();
+#else
+ return (unsigned long)pth_self ();
+#endif
+}
+
+
+
+
+
+/* Setup the debugging. With a LEVEL of NULL only the active debug
+ flags are propagated to the subsystems. With LEVEL set, a specific
+ set of debug flags is set; thus overriding all flags already
+ set. */
+static void
+set_debug (const char *level)
+{
+ int numok = (level && digitp (level));
+ int numlvl = numok? atoi (level) : 0;
+
+ if (!level)
+ ;
+ else if (!strcmp (level, "none") || (numok && numlvl < 1))
+ opt.debug = 0;
+ else if (!strcmp (level, "basic") || (numok && numlvl <= 2))
+ opt.debug = DBG_ASSUAN_VALUE;
+ else if (!strcmp (level, "advanced") || (numok && numlvl <= 5))
+ opt.debug = DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE;
+ else if (!strcmp (level, "expert") || (numok && numlvl <= 8))
+ opt.debug = (DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE
+ |DBG_CACHE_VALUE|DBG_CARD_IO_VALUE);
+ else if (!strcmp (level, "guru") || numok)
+ {
+ opt.debug = ~0;
+ /* Unless the "guru" string has been used we don't want to allow
+ hashing debugging. The rationale is that people tend to
+ select the highest debug value and would then clutter their
+ disk with debug files which may reveal confidential data. */
+ if (numok)
+ opt.debug &= ~(DBG_HASHING_VALUE);
+ }
+ else
+ {
+ log_error (_("invalid debug-level `%s' given\n"), level);
+ scd_exit(2);
+ }
+
+
+ if (opt.debug && !opt.verbose)
+ opt.verbose = 1;
+ if (opt.debug && opt.quiet)
+ opt.quiet = 0;
+
+ if (opt.debug & DBG_MPI_VALUE)
+ gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
+ if (opt.debug & DBG_CRYPTO_VALUE )
+ gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
+ gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
+
+ if (opt.debug)
+ log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s\n",
+ (opt.debug & DBG_COMMAND_VALUE)? " command":"",
+ (opt.debug & DBG_MPI_VALUE )? " mpi":"",
+ (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",
+ (opt.debug & DBG_MEMORY_VALUE )? " memory":"",
+ (opt.debug & DBG_CACHE_VALUE )? " cache":"",
+ (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
+ (opt.debug & DBG_HASHING_VALUE)? " hashing":"",
+ (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"",
+ (opt.debug & DBG_CARD_IO_VALUE)? " cardio":"");
+}
+
+
+
+static void
+cleanup (void)
+{
+ if (socket_name && *socket_name)
+ {
+ char *p;
+
+ remove (socket_name);
+ p = strrchr (socket_name, '/');
+ if (p)
+ {
+ *p = 0;
+ rmdir (socket_name);
+ *p = '/';
+ }
+ *socket_name = 0;
+ }
+}
+
+
+
+int
+main (int argc, char **argv )
+{
+ ARGPARSE_ARGS pargs;
+ int orig_argc;
+ gpg_error_t err;
+ char **orig_argv;
+ FILE *configfp = NULL;
+ char *configname = NULL;
+ const char *shell;
+ unsigned int configlineno;
+ int parse_debug = 0;
+ const char *debug_level = NULL;
+ int default_config =1;
+ int greeting = 0;
+ int nogreeting = 0;
+ int multi_server = 0;
+ int is_daemon = 0;
+ int nodetach = 0;
+ int csh_style = 0;
+ char *logfile = NULL;
+ int debug_wait = 0;
+ int gpgconf_list = 0;
+ const char *config_filename = NULL;
+ int allow_coredump = 0;
+ int standard_socket = 0;
+ struct assuan_malloc_hooks malloc_hooks;
+
+ set_strusage (my_strusage);
+ gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
+ /* Please note that we may running SUID(ROOT), so be very CAREFUL
+ when adding any stuff between here and the call to INIT_SECMEM()
+ somewhere after the option parsing */
+ log_set_prefix ("scdaemon", 1|4);
+
+ /* Make sure that our subsystems are ready. */
+ i18n_init ();
+ init_common_subsystems ();
+
+
+ /* Libgcrypt requires us to register the threading model first.
+ Note that this will also do the pth_init. */
+ gcry_threads_pth.init = fixed_gcry_pth_init;
+ err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
+ if (err)
+ {
+ log_fatal ("can't register GNU Pth with Libgcrypt: %s\n",
+ gpg_strerror (err));
+ }
+
+ /* Check that the libraries are suitable. Do it here because
+ the option parsing may need services of the library */
+ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
+ {
+ log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt",
+ NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
+ }
+
+ ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
+
+ malloc_hooks.malloc = gcry_malloc;
+ malloc_hooks.realloc = gcry_realloc;
+ malloc_hooks.free = gcry_free;
+ assuan_set_malloc_hooks (&malloc_hooks);
+ assuan_set_assuan_log_prefix (log_get_prefix (NULL));
+ assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
+ assuan_set_system_hooks (ASSUAN_SYSTEM_PTH);
+ assuan_sock_init ();
+
+ setup_libgcrypt_logging ();
+ gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
+
+ disable_core_dumps ();
+
+ /* Set default options. */
+ opt.allow_admin = 1;
+ opt.pcsc_driver = DEFAULT_PCSC_DRIVER;
+
+#ifdef HAVE_W32_SYSTEM
+ standard_socket = 1; /* Under Windows we always use a standard
+ socket. */
+#endif
+
+
+ shell = getenv ("SHELL");
+ if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
+ csh_style = 1;
+
+ opt.homedir = default_homedir ();
+
+ /* Check whether we have a config file on the commandline */
+ orig_argc = argc;
+ orig_argv = argv;
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags= 1|(1<<6); /* do not remove the args, ignore version */
+ while (arg_parse( &pargs, opts))
+ {
+ if (pargs.r_opt == oDebug || pargs.r_opt == oDebugAll)
+ parse_debug++;
+ else if (pargs.r_opt == oOptions)
+ { /* yes there is one, so we do not try the default one, but
+ read the option file when it is encountered at the
+ commandline */
+ default_config = 0;
+ }
+ else if (pargs.r_opt == oNoOptions)
+ default_config = 0; /* --no-options */
+ else if (pargs.r_opt == oHomedir)
+ opt.homedir = pargs.r.ret_str;
+ }
+
+ /* initialize the secure memory. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
+ maybe_setuid = 0;
+
+ /*
+ Now we are working under our real uid
+ */
+
+
+ if (default_config)
+ configname = make_filename (opt.homedir, "scdaemon.conf", NULL );
+
+
+ argc = orig_argc;
+ argv = orig_argv;
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags= 1; /* do not remove the args */
+ next_pass:
+ if (configname)
+ {
+ configlineno = 0;
+ configfp = fopen (configname, "r");
+ if (!configfp)
+ {
+ if (default_config)
+ {
+ if( parse_debug )
+ log_info (_("NOTE: no default option file `%s'\n"),
+ configname );
+ }
+ else
+ {
+ log_error (_("option file `%s': %s\n"),
+ configname, strerror(errno) );
+ exit(2);
+ }
+ xfree (configname);
+ configname = NULL;
+ }
+ if (parse_debug && configname )
+ log_info (_("reading options from `%s'\n"), configname );
+ default_config = 0;
+ }
+
+ while (optfile_parse( configfp, configname, &configlineno, &pargs, opts) )
+ {
+ switch (pargs.r_opt)
+ {
+ case aGPGConfList: gpgconf_list = 1; break;
+ case aGPGConfTest: gpgconf_list = 2; break;
+ case oQuiet: opt.quiet = 1; break;
+ case oVerbose: opt.verbose++; break;
+ case oBatch: opt.batch=1; break;
+
+ case oDebug: opt.debug |= pargs.r.ret_ulong; break;
+ case oDebugAll: opt.debug = ~0; break;
+ case oDebugLevel: debug_level = pargs.r.ret_str; break;
+ case oDebugWait: debug_wait = pargs.r.ret_int; break;
+ case oDebugAllowCoreDump:
+ enable_core_dumps ();
+ allow_coredump = 1;
+ break;
+ case oDebugCCIDDriver:
+#ifdef HAVE_LIBUSB
+ ccid_set_debug_level (ccid_set_debug_level (-1)+1);
+#endif /*HAVE_LIBUSB*/
+ break;
+ case oDebugDisableTicker: ticker_disabled = 1; break;
+ case oDebugLogTid:
+ log_set_get_tid_callback (tid_log_callback);
+ break;
+
+ case oOptions:
+ /* config files may not be nested (silently ignore them) */
+ if (!configfp)
+ {
+ xfree(configname);
+ configname = xstrdup(pargs.r.ret_str);
+ goto next_pass;
+ }
+ break;
+ case oNoGreeting: nogreeting = 1; break;
+ case oNoVerbose: opt.verbose = 0; break;
+ case oNoOptions: break; /* no-options */
+ case oHomedir: opt.homedir = pargs.r.ret_str; break;
+ case oNoDetach: nodetach = 1; break;
+ case oLogFile: logfile = pargs.r.ret_str; break;
+ case oCsh: csh_style = 1; break;
+ case oSh: csh_style = 0; break;
+ case oServer: pipe_server = 1; break;
+ case oMultiServer: pipe_server = 1; multi_server = 1; break;
+ case oDaemon: is_daemon = 1; break;
+
+ case oReaderPort: opt.reader_port = pargs.r.ret_str; break;
+ case octapiDriver: opt.ctapi_driver = pargs.r.ret_str; break;
+ case opcscDriver: opt.pcsc_driver = pargs.r.ret_str; break;
+ case oDisableCCID: opt.disable_ccid = 1; break;
+ case oDisableOpenSC: break;
+
+ case oDisableKeypad: opt.disable_keypad = 1; break;
+
+ case oAllowAdmin: /* Dummy because allow is now the default. */
+ break;
+ case oDenyAdmin: opt.allow_admin = 0; break;
+
+ case oCardTimeout: opt.card_timeout = pargs.r.ret_ulong; break;
+
+ case oDisableApplication:
+ add_to_strlist (&opt.disabled_applications, pargs.r.ret_str);
+ break;
+
+ default:
+ pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
+ break;
+ }
+ }
+ if (configfp)
+ {
+ fclose( configfp );
+ configfp = NULL;
+ /* Keep a copy of the config name for use by --gpgconf-list. */
+ config_filename = configname;
+ configname = NULL;
+ goto next_pass;
+ }
+ xfree (configname);
+ configname = NULL;
+ if (log_get_errorcount(0))
+ exit(2);
+ if (nogreeting )
+ greeting = 0;
+
+ if (greeting)
+ {
+ fprintf (stderr, "%s %s; %s\n",
+ strusage(11), strusage(13), strusage(14) );
+ fprintf (stderr, "%s\n", strusage(15) );
+ }
+#ifdef IS_DEVELOPMENT_VERSION
+ log_info ("NOTE: this is a development version!\n");
+#endif
+
+
+ if (atexit (cleanup))
+ {
+ log_error ("atexit failed\n");
+ cleanup ();
+ exit (1);
+ }
+
+ set_debug (debug_level);
+
+ initialize_module_command ();
+
+ if (gpgconf_list == 2)
+ scd_exit (0);
+ if (gpgconf_list)
+ {
+ /* List options and default values in the GPG Conf format. */
+ char *filename = NULL;
+ char *filename_esc;
+
+ if (config_filename)
+ filename = xstrdup (config_filename);
+ else
+ filename = make_filename (opt.homedir, "scdaemon.conf", NULL);
+ filename_esc = percent_escape (filename, NULL);
+
+ printf ("gpgconf-scdaemon.conf:%lu:\"%s\n",
+ GC_OPT_FLAG_DEFAULT, filename_esc);
+ xfree (filename_esc);
+ xfree (filename);
+
+ printf ("verbose:%lu:\n"
+ "quiet:%lu:\n"
+ "debug-level:%lu:\"none:\n"
+ "log-file:%lu:\n",
+ GC_OPT_FLAG_NONE,
+ GC_OPT_FLAG_NONE,
+ GC_OPT_FLAG_DEFAULT,
+ GC_OPT_FLAG_NONE );
+
+ printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE );
+ printf ("ctapi-driver:%lu:\n", GC_OPT_FLAG_NONE );
+ printf ("pcsc-driver:%lu:\"%s:\n",
+ GC_OPT_FLAG_DEFAULT, DEFAULT_PCSC_DRIVER );
+#ifdef HAVE_LIBUSB
+ printf ("disable-ccid:%lu:\n", GC_OPT_FLAG_NONE );
+#endif
+ printf ("deny-admin:%lu:\n", GC_OPT_FLAG_NONE );
+ printf ("disable-keypad:%lu:\n", GC_OPT_FLAG_NONE );
+ printf ("card-timeout:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, 0);
+
+ scd_exit (0);
+ }
+
+ /* Now start with logging to a file if this is desired. */
+ if (logfile)
+ {
+ log_set_file (logfile);
+ log_set_prefix (NULL, 1|2|4);
+ }
+
+ if (debug_wait && pipe_server)
+ {
+ log_debug ("waiting for debugger - my pid is %u .....\n",
+ (unsigned int)getpid());
+ gnupg_sleep (debug_wait);
+ log_debug ("... okay\n");
+ }
+
+ if (pipe_server)
+ {
+ /* This is the simple pipe based server */
+ ctrl_t ctrl;
+ pth_attr_t tattr;
+ int fd = -1;
+
+#ifndef HAVE_W32_SYSTEM
+ {
+ struct sigaction sa;
+
+ sa.sa_handler = SIG_IGN;
+ sigemptyset (&sa.sa_mask);
+ sa.sa_flags = 0;
+ sigaction (SIGPIPE, &sa, NULL);
+ }
+#endif
+
+ /* If --debug-allow-core-dump has been given we also need to
+ switch the working directory to a place where we can actually
+ write. */
+ if (allow_coredump)
+ {
+ if (chdir("/tmp"))
+ log_debug ("chdir to `/tmp' failed: %s\n", strerror (errno));
+ else
+ log_debug ("changed working directory to `/tmp'\n");
+ }
+
+ /* In multi server mode we need to listen on an additional
+ socket. Create that socket now before starting the handler
+ for the pipe connection. This allows that handler to send
+ back the name of that socket. */
+ if (multi_server)
+ {
+ socket_name = create_socket_name (standard_socket,
+ "S.scdaemon",
+ "/tmp/gpg-XXXXXX/S.scdaemon");
+
+ fd = FD2INT(create_server_socket (standard_socket,
+ socket_name, &socket_nonce));
+ }
+
+ tattr = pth_attr_new();
+ pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
+ pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 512*1024);
+ pth_attr_set (tattr, PTH_ATTR_NAME, "pipe-connection");
+
+ ctrl = xtrycalloc (1, sizeof *ctrl);
+ if ( !ctrl )
+ {
+ log_error ("error allocating connection control data: %s\n",
+ strerror (errno) );
+ scd_exit (2);
+ }
+ ctrl->thread_startup.fd = GNUPG_INVALID_FD;
+ if ( !pth_spawn (tattr, start_connection_thread, ctrl) )
+ {
+ log_error ("error spawning pipe connection handler: %s\n",
+ strerror (errno) );
+ xfree (ctrl);
+ scd_exit (2);
+ }
+
+ /* We run handle_connection to wait for the shutdown signal and
+ to run the ticker stuff. */
+ handle_connections (fd);
+ if (fd != -1)
+ close (fd);
+ }
+ else if (!is_daemon)
+ {
+ log_info (_("please use the option `--daemon'"
+ " to run the program in the background\n"));
+ }
+ else
+ { /* Regular server mode */
+ int fd;
+#ifndef HAVE_W32_SYSTEM
+ pid_t pid;
+ int i;
+#endif
+
+ /* Create the socket. */
+ socket_name = create_socket_name (standard_socket,
+ "S.scdaemon",
+ "/tmp/gpg-XXXXXX/S.scdaemon");
+
+ fd = FD2INT (create_server_socket (standard_socket,
+ socket_name, &socket_nonce));
+
+
+ fflush (NULL);
+#ifndef HAVE_W32_SYSTEM
+ pid = fork ();
+ if (pid == (pid_t)-1)
+ {
+ log_fatal ("fork failed: %s\n", strerror (errno) );
+ exit (1);
+ }
+ else if (pid)
+ { /* we are the parent */
+ char *infostr;
+
+ close (fd);
+
+ /* create the info string: <name>:<pid>:<protocol_version> */
+ if (estream_asprintf (&infostr, "SCDAEMON_INFO=%s:%lu:1",
+ socket_name, (ulong) pid) < 0)
+ {
+ log_error ("out of core\n");
+ kill (pid, SIGTERM);
+ exit (1);
+ }
+ *socket_name = 0; /* don't let cleanup() remove the socket -
+ the child should do this from now on */
+ if (argc)
+ { /* run the program given on the commandline */
+ if (putenv (infostr))
+ {
+ log_error ("failed to set environment: %s\n",
+ strerror (errno) );
+ kill (pid, SIGTERM );
+ exit (1);
+ }
+ execvp (argv[0], argv);
+ log_error ("failed to run the command: %s\n", strerror (errno));
+ kill (pid, SIGTERM);
+ exit (1);
+ }
+ else
+ {
+ /* Print the environment string, so that the caller can use
+ shell's eval to set it */
+ if (csh_style)
+ {
+ *strchr (infostr, '=') = ' ';
+ printf ( "setenv %s;\n", infostr);
+ }
+ else
+ {
+ printf ( "%s; export SCDAEMON_INFO;\n", infostr);
+ }
+ xfree (infostr);
+ exit (0);
+ }
+ /* NOTREACHED */
+ } /* end parent */
+
+ /* This is the child. */
+
+ /* Detach from tty and put process into a new session. */
+ if (!nodetach )
+ {
+ /* Close stdin, stdout and stderr unless it is the log stream. */
+ for (i=0; i <= 2; i++)
+ {
+ if ( log_test_fd (i) && i != fd)
+ close (i);
+ }
+ if (setsid() == -1)
+ {
+ log_error ("setsid() failed: %s\n", strerror(errno) );
+ cleanup ();
+ exit (1);
+ }
+ }
+
+ {
+ struct sigaction sa;
+
+ sa.sa_handler = SIG_IGN;
+ sigemptyset (&sa.sa_mask);
+ sa.sa_flags = 0;
+ sigaction (SIGPIPE, &sa, NULL);
+ }
+
+ if (chdir("/"))
+ {
+ log_error ("chdir to / failed: %s\n", strerror (errno));
+ exit (1);
+ }
+
+#endif /*!HAVE_W32_SYSTEM*/
+
+ handle_connections (fd);
+
+ close (fd);
+ }
+
+ return 0;
+}
+
+void
+scd_exit (int rc)
+{
+ apdu_prepare_exit ();
+#if 0
+#warning no update_random_seed_file
+ update_random_seed_file();
+#endif
+#if 0
+ /* at this time a bit annoying */
+ if (opt.debug & DBG_MEMSTAT_VALUE)
+ {
+ gcry_control( GCRYCTL_DUMP_MEMORY_STATS );
+ gcry_control( GCRYCTL_DUMP_RANDOM_STATS );
+ }
+ if (opt.debug)
+ gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
+#endif
+ gcry_control (GCRYCTL_TERM_SECMEM );
+ rc = rc? rc : log_get_errorcount(0)? 2 : 0;
+ exit (rc);
+}
+
+
+static void
+scd_init_default_ctrl (ctrl_t ctrl)
+{
+ ctrl->reader_slot = -1;
+}
+
+static void
+scd_deinit_default_ctrl (ctrl_t ctrl)
+{
+ (void)ctrl;
+}
+
+
+/* Return the name of the socket to be used to connect to this
+ process. If no socket is available, return NULL. */
+const char *
+scd_get_socket_name ()
+{
+ if (socket_name && *socket_name)
+ return socket_name;
+ return NULL;
+}
+
+
+static void
+handle_signal (int signo)
+{
+ switch (signo)
+ {
+#ifndef HAVE_W32_SYSTEM
+ case SIGHUP:
+ log_info ("SIGHUP received - "
+ "re-reading configuration and resetting cards\n");
+/* reread_configuration (); */
+ break;
+
+ case SIGUSR1:
+ log_info ("SIGUSR1 received - printing internal information:\n");
+ pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ());
+ app_dump_state ();
+ break;
+
+ case SIGUSR2:
+ log_info ("SIGUSR2 received - no action defined\n");
+ break;
+
+ case SIGTERM:
+ if (!shutdown_pending)
+ log_info ("SIGTERM received - shutting down ...\n");
+ else
+ log_info ("SIGTERM received - still %ld running threads\n",
+ pth_ctrl( PTH_CTRL_GETTHREADS ));
+ shutdown_pending++;
+ if (shutdown_pending > 2)
+ {
+ log_info ("shutdown forced\n");
+ log_info ("%s %s stopped\n", strusage(11), strusage(13) );
+ cleanup ();
+ scd_exit (0);
+ }
+ break;
+
+ case SIGINT:
+ log_info ("SIGINT received - immediate shutdown\n");
+ log_info( "%s %s stopped\n", strusage(11), strusage(13));
+ cleanup ();
+ scd_exit (0);
+ break;
+#endif /*!HAVE_W32_SYSTEM*/
+
+ default:
+ log_info ("signal %d received - no action defined\n", signo);
+ }
+}
+
+
+static void
+handle_tick (void)
+{
+ if (!ticker_disabled)
+ scd_update_reader_status_file ();
+}
+
+
+/* Create a name for the socket. With USE_STANDARD_SOCKET given as
+ true using STANDARD_NAME in the home directory or if given has
+ false from the mkdir type name TEMPLATE. In the latter case a
+ unique name in a unique new directory will be created. In both
+ cases check for valid characters as well as against a maximum
+ allowed length for a unix domain socket is done. The function
+ terminates the process in case of an error. Retunrs: Pointer to an
+ allcoated string with the absolute name of the socket used. */
+static char *
+create_socket_name (int use_standard_socket,
+ char *standard_name, char *template)
+{
+ char *name, *p;
+
+ if (use_standard_socket)
+ name = make_filename (opt.homedir, standard_name, NULL);
+ else
+ {
+ name = xstrdup (template);
+ p = strrchr (name, '/');
+ if (!p)
+ BUG ();
+ *p = 0;
+ if (!mkdtemp (name))
+ {
+ log_error (_("can't create directory `%s': %s\n"),
+ name, strerror (errno));
+ scd_exit (2);
+ }
+ *p = '/';
+ }
+
+ if (strchr (name, PATHSEP_C))
+ {
+ log_error (("`%s' are not allowed in the socket name\n"), PATHSEP_S);
+ scd_exit (2);
+ }
+ if (strlen (name) + 1 >= DIMof (struct sockaddr_un, sun_path) )
+ {
+ log_error (_("name of socket too long\n"));
+ scd_exit (2);
+ }
+ return name;
+}
+
+
+
+/* Create a Unix domain socket with NAME. IS_STANDARD_NAME indicates
+ whether a non-random socket is used. Returns the file descriptor
+ or terminates the process in case of an error. */
+static gnupg_fd_t
+create_server_socket (int is_standard_name, const char *name,
+ assuan_sock_nonce_t *nonce)
+{
+ struct sockaddr_un *serv_addr;
+ socklen_t len;
+ gnupg_fd_t fd;
+ int rc;
+
+ fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0);
+ if (fd == GNUPG_INVALID_FD)
+ {
+ log_error (_("can't create socket: %s\n"), strerror (errno));
+ scd_exit (2);
+ }
+
+ serv_addr = xmalloc (sizeof (*serv_addr));
+ memset (serv_addr, 0, sizeof *serv_addr);
+ serv_addr->sun_family = AF_UNIX;
+ assert (strlen (name) + 1 < sizeof (serv_addr->sun_path));
+ strcpy (serv_addr->sun_path, name);
+ len = SUN_LEN (serv_addr);
+
+ rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len);
+ if (is_standard_name && rc == -1 && errno == EADDRINUSE)
+ {
+ remove (name);
+ rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len);
+ }
+ if (rc != -1
+ && (rc=assuan_sock_get_nonce ((struct sockaddr*)serv_addr, len, nonce)))
+ log_error (_("error getting nonce for the socket\n"));
+ if (rc == -1)
+ {
+ log_error (_("error binding socket to `%s': %s\n"),
+ serv_addr->sun_path,
+ gpg_strerror (gpg_error_from_syserror ()));
+ assuan_sock_close (fd);
+ scd_exit (2);
+ }
+
+ if (listen (FD2INT(fd), 5 ) == -1)
+ {
+ log_error (_("listen() failed: %s\n"),
+ gpg_strerror (gpg_error_from_syserror ()));
+ assuan_sock_close (fd);
+ scd_exit (2);
+ }
+
+ if (opt.verbose)
+ log_info (_("listening on socket `%s'\n"), serv_addr->sun_path);
+
+ return fd;
+}
+
+
+
+/* This is the standard connection thread's main function. */
+static void *
+start_connection_thread (void *arg)
+{
+ ctrl_t ctrl = arg;
+
+ if (ctrl->thread_startup.fd != GNUPG_INVALID_FD
+ && assuan_sock_check_nonce (ctrl->thread_startup.fd, &socket_nonce))
+ {
+ log_info (_("error reading nonce on fd %d: %s\n"),
+ FD2INT(ctrl->thread_startup.fd), strerror (errno));
+ assuan_sock_close (ctrl->thread_startup.fd);
+ xfree (ctrl);
+ return NULL;
+ }
+
+ scd_init_default_ctrl (ctrl);
+ if (opt.verbose)
+ log_info (_("handler for fd %d started\n"),
+ FD2INT(ctrl->thread_startup.fd));
+
+ /* If this is a pipe server, we request a shutdown if the command
+ handler asked for it. With the next ticker event and given that
+ no other connections are running the shutdown will then
+ happen. */
+ if (scd_command_handler (ctrl, FD2INT(ctrl->thread_startup.fd))
+ && pipe_server)
+ shutdown_pending = 1;
+
+ if (opt.verbose)
+ log_info (_("handler for fd %d terminated\n"),
+ FD2INT (ctrl->thread_startup.fd));
+
+ scd_deinit_default_ctrl (ctrl);
+ xfree (ctrl);
+ return NULL;
+}
+
+
+/* Connection handler loop. Wait for connection requests and spawn a
+ thread after accepting a connection. LISTEN_FD is allowed to be -1
+ in which case this code will only do regular timeouts and handle
+ signals. */
+static void
+handle_connections (int listen_fd)
+{
+ pth_attr_t tattr;
+ pth_event_t ev, time_ev;
+ sigset_t sigs;
+ int signo;
+ struct sockaddr_un paddr;
+ socklen_t plen;
+ fd_set fdset, read_fdset;
+ int ret;
+ int fd;
+ int nfd;
+
+ tattr = pth_attr_new();
+ pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
+ pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 512*1024);
+
+#ifndef HAVE_W32_SYSTEM /* fixme */
+ sigemptyset (&sigs );
+ sigaddset (&sigs, SIGHUP);
+ sigaddset (&sigs, SIGUSR1);
+ sigaddset (&sigs, SIGUSR2);
+ sigaddset (&sigs, SIGINT);
+ sigaddset (&sigs, SIGTERM);
+ pth_sigmask (SIG_UNBLOCK, &sigs, NULL);
+ ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
+#else
+ sigs = 0;
+ ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
+#endif
+ time_ev = NULL;
+
+ FD_ZERO (&fdset);
+ nfd = 0;
+ if (listen_fd != -1)
+ {
+ FD_SET (listen_fd, &fdset);
+ nfd = listen_fd;
+ }
+
+ for (;;)
+ {
+ sigset_t oldsigs;
+
+ if (shutdown_pending)
+ {
+ if (pth_ctrl (PTH_CTRL_GETTHREADS) == 1)
+ break; /* ready */
+
+ /* Do not accept anymore connections but wait for existing
+ connections to terminate. We do this by clearing out all
+ file descriptors to wait for, so that the select will be
+ used to just wait on a signal or timeout event. */
+ FD_ZERO (&fdset);
+ listen_fd = -1;
+ }
+
+ /* Create a timeout event if needed. Round it up to the next
+ microsecond interval to help with power saving. */
+ if (!time_ev)
+ {
+ pth_time_t nexttick = pth_timeout (TIMERTICK_INTERVAL_SEC,
+ TIMERTICK_INTERVAL_USEC/2);
+ if ((nexttick.tv_usec % (TIMERTICK_INTERVAL_USEC/2)) > 10)
+ {
+ nexttick.tv_usec = ((nexttick.tv_usec
+ /(TIMERTICK_INTERVAL_USEC/2))
+ + 1) * (TIMERTICK_INTERVAL_USEC/2);
+ if (nexttick.tv_usec >= 1000000)
+ {
+ nexttick.tv_sec++;
+ nexttick.tv_usec = 0;
+ }
+ }
+ time_ev = pth_event (PTH_EVENT_TIME, nexttick);
+ }
+
+ /* POSIX says that fd_set should be implemented as a structure,
+ thus a simple assignment is fine to copy the entire set. */
+ read_fdset = fdset;
+
+ if (time_ev)
+ pth_event_concat (ev, time_ev, NULL);
+ ret = pth_select_ev (nfd+1, &read_fdset, NULL, NULL, NULL, ev);
+ if (time_ev)
+ pth_event_isolate (time_ev);
+
+ if (ret == -1)
+ {
+ if (pth_event_occurred (ev)
+ || (time_ev && pth_event_occurred (time_ev)))
+ {
+ if (pth_event_occurred (ev))
+ handle_signal (signo);
+ if (time_ev && pth_event_occurred (time_ev))
+ {
+ pth_event_free (time_ev, PTH_FREE_ALL);
+ time_ev = NULL;
+ handle_tick ();
+ }
+ continue;
+ }
+ log_error (_("pth_select failed: %s - waiting 1s\n"),
+ strerror (errno));
+ pth_sleep (1);
+ continue;
+ }
+
+ if (pth_event_occurred (ev))
+ {
+ handle_signal (signo);
+ }
+
+ if (time_ev && pth_event_occurred (time_ev))
+ {
+ pth_event_free (time_ev, PTH_FREE_ALL);
+ time_ev = NULL;
+ handle_tick ();
+ }
+
+ /* We now might create new threads and because we don't want any
+ signals - we are handling here - to be delivered to a new
+ thread. Thus we need to block those signals. */
+ pth_sigmask (SIG_BLOCK, &sigs, &oldsigs);
+
+ if (listen_fd != -1 && FD_ISSET (listen_fd, &read_fdset))
+ {
+ ctrl_t ctrl;
+
+ plen = sizeof paddr;
+ fd = pth_accept (listen_fd, (struct sockaddr *)&paddr, &plen);
+ if (fd == -1)
+ {
+ log_error ("accept failed: %s\n", strerror (errno));
+ }
+ else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)) )
+ {
+ log_error ("error allocating connection control data: %s\n",
+ strerror (errno) );
+ close (fd);
+ }
+ else
+ {
+ char threadname[50];
+
+ snprintf (threadname, sizeof threadname-1, "conn fd=%d", fd);
+ threadname[sizeof threadname -1] = 0;
+ pth_attr_set (tattr, PTH_ATTR_NAME, threadname);
+ ctrl->thread_startup.fd = INT2FD (fd);
+ if (!pth_spawn (tattr, start_connection_thread, ctrl))
+ {
+ log_error ("error spawning connection handler: %s\n",
+ strerror (errno) );
+ xfree (ctrl);
+ close (fd);
+ }
+ }
+ fd = -1;
+ }
+
+ /* Restore the signal mask. */
+ pth_sigmask (SIG_SETMASK, &oldsigs, NULL);
+
+ }
+
+ pth_event_free (ev, PTH_FREE_ALL);
+ if (time_ev)
+ pth_event_free (time_ev, PTH_FREE_ALL);
+ cleanup ();
+ log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
+}
+
+
diff --git a/scd/scdaemon.h b/scd/scdaemon.h
new file mode 100644
index 0000000..c429396
--- /dev/null
+++ b/scd/scdaemon.h
@@ -0,0 +1,132 @@
+/* scdaemon.h - Global definitions for the SCdaemon
+ * Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef SCDAEMON_H
+#define SCDAEMON_H
+
+#ifdef GPG_ERR_SOURCE_DEFAULT
+#error GPG_ERR_SOURCE_DEFAULT already defined
+#endif
+#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_SCD
+#include <gpg-error.h>
+
+#include <time.h>
+#include <gcrypt.h>
+#include "../common/util.h"
+#include "../common/sysutils.h"
+
+/* To convey some special hash algorithms we use algorithm numbers
+ reserved for application use. */
+#ifndef GCRY_MODULE_ID_USER
+#define GCRY_MODULE_ID_USER 1024
+#endif
+#define MD_USER_TLS_MD5SHA1 (GCRY_MODULE_ID_USER+1)
+
+/* Maximum length of a digest. */
+#define MAX_DIGEST_LEN 64
+
+
+
+/* A large struct name "opt" to keep global flags. */
+struct
+{
+ unsigned int debug; /* Debug flags (DBG_foo_VALUE). */
+ int verbose; /* Verbosity level. */
+ int quiet; /* Be as quiet as possible. */
+ int dry_run; /* Don't change any persistent data. */
+ int batch; /* Batch mode. */
+ const char *homedir; /* Configuration directory name. */
+ const char *ctapi_driver; /* Library to access the ctAPI. */
+ const char *pcsc_driver; /* Library to access the PC/SC system. */
+ const char *reader_port; /* NULL or reder port to use. */
+ int disable_ccid; /* Disable the use of the internal CCID driver. */
+ int disable_keypad; /* Do not use a keypad. */
+ int allow_admin; /* Allow the use of admin commands for certain
+ cards. */
+ strlist_t disabled_applications; /* Card applications we do not
+ want to use. */
+ unsigned long card_timeout; /* Disconnect after N seconds of inactivity. */
+} opt;
+
+
+#define DBG_COMMAND_VALUE 1 /* debug commands i/o */
+#define DBG_MPI_VALUE 2 /* debug mpi details */
+#define DBG_CRYPTO_VALUE 4 /* debug low level crypto */
+#define DBG_MEMORY_VALUE 32 /* debug memory allocation stuff */
+#define DBG_CACHE_VALUE 64 /* debug the caching */
+#define DBG_MEMSTAT_VALUE 128 /* show memory statistics */
+#define DBG_HASHING_VALUE 512 /* debug hashing operations */
+#define DBG_ASSUAN_VALUE 1024
+#define DBG_CARD_IO_VALUE 2048
+
+#define DBG_COMMAND (opt.debug & DBG_COMMAND_VALUE)
+#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
+#define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE)
+#define DBG_CACHE (opt.debug & DBG_CACHE_VALUE)
+#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
+#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE)
+#define DBG_CARD_IO (opt.debug & DBG_CARD_IO_VALUE)
+
+struct server_local_s;
+struct app_ctx_s;
+
+struct server_control_s
+{
+ /* Private data used to fire up the connection thread. We use this
+ structure do avoid an extra allocation for just a few bytes. */
+ struct {
+ gnupg_fd_t fd;
+ } thread_startup;
+
+ /* Local data of the server; used only in command.c. */
+ struct server_local_s *server_local;
+
+ /* Slot of the open reader or -1 if not open. */
+ int reader_slot;
+
+ /* The application context used with this connection or NULL if none
+ associated. Note that this is shared with the other connections:
+ All connections accessing the same reader are using the same
+ application context. */
+ struct app_ctx_s *app_ctx;
+
+ /* Helper to store the value we are going to sign */
+ struct
+ {
+ unsigned char *value;
+ int valuelen;
+ } in_data;
+};
+
+typedef struct app_ctx_s *app_t;
+
+/*-- scdaemon.c --*/
+void scd_exit (int rc);
+const char *scd_get_socket_name (void);
+
+/*-- command.c --*/
+void initialize_module_command (void);
+int scd_command_handler (ctrl_t, int);
+void send_status_info (ctrl_t ctrl, const char *keyword, ...)
+ GNUPG_GCC_A_SENTINEL(1);
+void send_status_direct (ctrl_t ctrl, const char *keyword, const char *args);
+void scd_update_reader_status_file (void);
+
+
+#endif /*SCDAEMON_H*/
diff --git a/scripts/ChangeLog-2011 b/scripts/ChangeLog-2011
new file mode 100644
index 0000000..a4b30d7
--- /dev/null
+++ b/scripts/ChangeLog-2011
@@ -0,0 +1,52 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2011-07-22 Werner Koch <wk@g10code.com>
+
+ * config.sub, config.guess: Update to version 2011-06-03.
+
+2011-01-11 Werner Koch <wk@g10code.com>
+
+ * config.guess, config.sub: Update to version 2010-09-24.
+
+2009-12-21 Werner Koch <wk@g10code.com>
+
+ * config.guess, config.sub: Update to version 2009-06-11.
+
+2007-12-14 Werner Koch <wk@g10code.com>
+
+ * config.guess, config.sub: Update to version 2007-11-19.
+
+2007-07-04 Werner Koch <wk@g10code.com>
+
+ Switched to GPLv3+.
+
+ * config.sub, config.guess: Updated from current Savannah
+ upstream. Changed to GPLv3+.
+
+2007-05-04 Werner Koch <wk@g10code.com>
+
+ * texinfo.tex: Updated from gnulib.
+
+2007-04-04 Werner Koch <wk@g10code.com>
+
+ * mail-to-translators: Copied from 1.4 and adjusted.
+
+2004-09-30 Werner Koch <wk@g10code.com>
+
+ * config.guess, config.sub: Updated.
+
+
+ Copyright 2004, 2007 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/scripts/compile b/scripts/compile
new file mode 100755
index 0000000..c985324
--- /dev/null
+++ b/scripts/compile
@@ -0,0 +1,141 @@
+#! /bin/sh
+# Wrapper for compilers which do not understand `-c -o'.
+
+scriptversion=2005-05-14.22
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc.
+# Written by Tom Tromey <tromey@cygnus.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+case $1 in
+ '')
+ echo "$0: No command. Try \`$0 --help' for more information." 1>&2
+ exit 1;
+ ;;
+ -h | --h*)
+ cat <<\EOF
+Usage: compile [--help] [--version] PROGRAM [ARGS]
+
+Wrapper for compilers which do not understand `-c -o'.
+Remove `-o dest.o' from ARGS, run PROGRAM with the remaining
+arguments, and rename the output as expected.
+
+If you are trying to build a whole package this is not the
+right script to run: please start by reading the file `INSTALL'.
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+ exit $?
+ ;;
+ -v | --v*)
+ echo "compile $scriptversion"
+ exit $?
+ ;;
+esac
+
+ofile=
+cfile=
+eat=
+
+for arg
+do
+ if test -n "$eat"; then
+ eat=
+ else
+ case $1 in
+ -o)
+ # configure might choose to run compile as `compile cc -o foo foo.c'.
+ # So we strip `-o arg' only if arg is an object.
+ eat=1
+ case $2 in
+ *.o | *.obj)
+ ofile=$2
+ ;;
+ *)
+ set x "$@" -o "$2"
+ shift
+ ;;
+ esac
+ ;;
+ *.c)
+ cfile=$1
+ set x "$@" "$1"
+ shift
+ ;;
+ *)
+ set x "$@" "$1"
+ shift
+ ;;
+ esac
+ fi
+ shift
+done
+
+if test -z "$ofile" || test -z "$cfile"; then
+ # If no `-o' option was seen then we might have been invoked from a
+ # pattern rule where we don't need one. That is ok -- this is a
+ # normal compilation that the losing compiler can handle. If no
+ # `.c' file was seen then we are probably linking. That is also
+ # ok.
+ exec "$@"
+fi
+
+# Name of file we expect compiler to create.
+cofile=`echo "$cfile" | sed -e 's|^.*/||' -e 's/\.c$/.o/'`
+
+# Create the lock directory.
+# Note: use `[/.-]' here to ensure that we don't use the same name
+# that we are using for the .o file. Also, base the name on the expected
+# object file name, since that is what matters with a parallel build.
+lockdir=`echo "$cofile" | sed -e 's|[/.-]|_|g'`.d
+while true; do
+ if mkdir "$lockdir" >/dev/null 2>&1; then
+ break
+ fi
+ sleep 1
+done
+# FIXME: race condition here if user kills between mkdir and trap.
+trap "rmdir '$lockdir'; exit 1" 1 2 15
+
+# Run the compile.
+"$@"
+ret=$?
+
+if test -f "$cofile"; then
+ mv "$cofile" "$ofile"
+elif test -f "${cofile}bj"; then
+ mv "${cofile}bj" "$ofile"
+fi
+
+rmdir "$lockdir"
+exit $ret
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/scripts/config.guess b/scripts/config.guess
new file mode 100755
index 0000000..d622a44
--- /dev/null
+++ b/scripts/config.guess
@@ -0,0 +1,1530 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011, 2012 Free Software Foundation, Inc.
+
+timestamp='2012-02-10'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner. Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub. If it succeeds, it prints the system name on stdout, and
+# exits with 0. Otherwise, it exits with 1.
+#
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help" >&2
+ exit 1 ;;
+ * )
+ break ;;
+ esac
+done
+
+if test $# != 0; then
+ echo "$me: too many arguments$help" >&2
+ exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,) echo "int x;" > $dummy.c ;
+ for c in cc gcc c89 c99 ; do
+ if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+ CC_FOR_BUILD="$c"; break ;
+ fi ;
+ done ;
+ if test x"$CC_FOR_BUILD" = x ; then
+ CC_FOR_BUILD=no_compiler_found ;
+ fi
+ ;;
+ ,,*) CC_FOR_BUILD=$CC ;;
+ ,*,*) CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+ PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+ *:NetBSD:*:*)
+ # NetBSD (nbsd) targets should (where applicable) match one or
+ # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
+ # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
+ # switched to ELF, *-*-netbsd* would select the old
+ # object file format. This provides both forward
+ # compatibility and a consistent mechanism for selecting the
+ # object file format.
+ #
+ # Note: NetBSD doesn't particularly care about the vendor
+ # portion of the name. We always set it to "unknown".
+ sysctl="sysctl -n hw.machine_arch"
+ UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+ /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+ case "${UNAME_MACHINE_ARCH}" in
+ armeb) machine=armeb-unknown ;;
+ arm*) machine=arm-unknown ;;
+ sh3el) machine=shl-unknown ;;
+ sh3eb) machine=sh-unknown ;;
+ sh5el) machine=sh5le-unknown ;;
+ *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+ esac
+ # The Operating System including object format, if it has switched
+ # to ELF recently, or will in the future.
+ case "${UNAME_MACHINE_ARCH}" in
+ arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+ eval $set_cc_for_build
+ if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ELF__
+ then
+ # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+ # Return netbsd for either. FIX?
+ os=netbsd
+ else
+ os=netbsdelf
+ fi
+ ;;
+ *)
+ os=netbsd
+ ;;
+ esac
+ # The OS release
+ # Debian GNU/NetBSD machines have a different userland, and
+ # thus, need a distinct triplet. However, they do not need
+ # kernel version information, so it can be replaced with a
+ # suitable tag, in the style of linux-gnu.
+ case "${UNAME_VERSION}" in
+ Debian*)
+ release='-gnu'
+ ;;
+ *)
+ release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ ;;
+ esac
+ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+ # contains redundant information, the shorter form:
+ # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+ echo "${machine}-${os}${release}"
+ exit ;;
+ *:OpenBSD:*:*)
+ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+ exit ;;
+ *:ekkoBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+ exit ;;
+ *:SolidBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+ exit ;;
+ macppc:MirBSD:*:*)
+ echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ *:MirBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ alpha:OSF1:*:*)
+ case $UNAME_RELEASE in
+ *4.0)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+ ;;
+ *5.*)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+ ;;
+ esac
+ # According to Compaq, /usr/sbin/psrinfo has been available on
+ # OSF/1 and Tru64 systems produced since 1995. I hope that
+ # covers most systems running today. This code pipes the CPU
+ # types through head -n 1, so we only detect the type of CPU 0.
+ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+ case "$ALPHA_CPU_TYPE" in
+ "EV4 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "EV4.5 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "LCA4 (21066/21068)")
+ UNAME_MACHINE="alpha" ;;
+ "EV5 (21164)")
+ UNAME_MACHINE="alphaev5" ;;
+ "EV5.6 (21164A)")
+ UNAME_MACHINE="alphaev56" ;;
+ "EV5.6 (21164PC)")
+ UNAME_MACHINE="alphapca56" ;;
+ "EV5.7 (21164PC)")
+ UNAME_MACHINE="alphapca57" ;;
+ "EV6 (21264)")
+ UNAME_MACHINE="alphaev6" ;;
+ "EV6.7 (21264A)")
+ UNAME_MACHINE="alphaev67" ;;
+ "EV6.8CB (21264C)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8AL (21264B)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8CX (21264D)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.9A (21264/EV69A)")
+ UNAME_MACHINE="alphaev69" ;;
+ "EV7 (21364)")
+ UNAME_MACHINE="alphaev7" ;;
+ "EV7.9 (21364A)")
+ UNAME_MACHINE="alphaev79" ;;
+ esac
+ # A Pn.n version is a patched version.
+ # A Vn.n version is a released version.
+ # A Tn.n version is a released field test version.
+ # A Xn.n version is an unreleased experimental baselevel.
+ # 1.2 uses "1.2" for uname -r.
+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ # Reset EXIT trap before exiting to avoid spurious non-zero exit code.
+ exitcode=$?
+ trap '' 0
+ exit $exitcode ;;
+ Alpha\ *:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # Should we change UNAME_MACHINE based on the output of uname instead
+ # of the specific Alpha model?
+ echo alpha-pc-interix
+ exit ;;
+ 21064:Windows_NT:50:3)
+ echo alpha-dec-winnt3.5
+ exit ;;
+ Amiga*:UNIX_System_V:4.0:*)
+ echo m68k-unknown-sysv4
+ exit ;;
+ *:[Aa]miga[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-amigaos
+ exit ;;
+ *:[Mm]orph[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-morphos
+ exit ;;
+ *:OS/390:*:*)
+ echo i370-ibm-openedition
+ exit ;;
+ *:z/VM:*:*)
+ echo s390-ibm-zvmoe
+ exit ;;
+ *:OS400:*:*)
+ echo powerpc-ibm-os400
+ exit ;;
+ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+ echo arm-acorn-riscix${UNAME_RELEASE}
+ exit ;;
+ arm:riscos:*:*|arm:RISCOS:*:*)
+ echo arm-unknown-riscos
+ exit ;;
+ SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+ echo hppa1.1-hitachi-hiuxmpp
+ exit ;;
+ Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+ # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+ if test "`(/bin/universe) 2>/dev/null`" = att ; then
+ echo pyramid-pyramid-sysv3
+ else
+ echo pyramid-pyramid-bsd
+ fi
+ exit ;;
+ NILE*:*:*:dcosx)
+ echo pyramid-pyramid-svr4
+ exit ;;
+ DRS?6000:unix:4.0:6*)
+ echo sparc-icl-nx6
+ exit ;;
+ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+ case `/usr/bin/uname -p` in
+ sparc) echo sparc-icl-nx7; exit ;;
+ esac ;;
+ s390x:SunOS:*:*)
+ echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4H:SunOS:5.*:*)
+ echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+ echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
+ echo i386-pc-auroraux${UNAME_RELEASE}
+ exit ;;
+ i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+ eval $set_cc_for_build
+ SUN_ARCH="i386"
+ # If there is a compiler, see if it is configured for 64-bit objects.
+ # Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+ # This test works for both compilers.
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ SUN_ARCH="x86_64"
+ fi
+ fi
+ echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:6*:*)
+ # According to config.sub, this is the proper way to canonicalize
+ # SunOS6. Hard to guess exactly what SunOS6 will be like, but
+ # it's likely to be more like Solaris than SunOS4.
+ echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:*:*)
+ case "`/usr/bin/arch -k`" in
+ Series*|S4*)
+ UNAME_RELEASE=`uname -v`
+ ;;
+ esac
+ # Japanese Language versions have a version number like `4.1.3-JL'.
+ echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+ exit ;;
+ sun3*:SunOS:*:*)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ exit ;;
+ sun*:*:4.2BSD:*)
+ UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+ test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+ case "`/bin/arch`" in
+ sun3)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ ;;
+ sun4)
+ echo sparc-sun-sunos${UNAME_RELEASE}
+ ;;
+ esac
+ exit ;;
+ aushp:SunOS:*:*)
+ echo sparc-auspex-sunos${UNAME_RELEASE}
+ exit ;;
+ # The situation for MiNT is a little confusing. The machine name
+ # can be virtually everything (everything which is not
+ # "atarist" or "atariste" at least should have a processor
+ # > m68000). The system name ranges from "MiNT" over "FreeMiNT"
+ # to the lowercase version "mint" (or "freemint"). Finally
+ # the system name "TOS" denotes a system which is actually not
+ # MiNT. But MiNT is downward compatible to TOS, so this should
+ # be no problem.
+ atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+ echo m68k-milan-mint${UNAME_RELEASE}
+ exit ;;
+ hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+ echo m68k-hades-mint${UNAME_RELEASE}
+ exit ;;
+ *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+ echo m68k-unknown-mint${UNAME_RELEASE}
+ exit ;;
+ m68k:machten:*:*)
+ echo m68k-apple-machten${UNAME_RELEASE}
+ exit ;;
+ powerpc:machten:*:*)
+ echo powerpc-apple-machten${UNAME_RELEASE}
+ exit ;;
+ RISC*:Mach:*:*)
+ echo mips-dec-mach_bsd4.3
+ exit ;;
+ RISC*:ULTRIX:*:*)
+ echo mips-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ VAX*:ULTRIX*:*:*)
+ echo vax-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ 2020:CLIX:*:* | 2430:CLIX:*:*)
+ echo clipper-intergraph-clix${UNAME_RELEASE}
+ exit ;;
+ mips:*:*:UMIPS | mips:*:*:RISCos)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h> /* for printf() prototype */
+ int main (int argc, char *argv[]) {
+#else
+ int main (argc, argv) int argc; char *argv[]; {
+#endif
+ #if defined (host_mips) && defined (MIPSEB)
+ #if defined (SYSTYPE_SYSV)
+ printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_SVR4)
+ printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+ printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+ #endif
+ #endif
+ exit (-1);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c &&
+ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+ SYSTEM_NAME=`$dummy $dummyarg` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo mips-mips-riscos${UNAME_RELEASE}
+ exit ;;
+ Motorola:PowerMAX_OS:*:*)
+ echo powerpc-motorola-powermax
+ exit ;;
+ Motorola:*:4.3:PL8-*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:Power_UNIX:*:*)
+ echo powerpc-harris-powerunix
+ exit ;;
+ m88k:CX/UX:7*:*)
+ echo m88k-harris-cxux7
+ exit ;;
+ m88k:*:4*:R4*)
+ echo m88k-motorola-sysv4
+ exit ;;
+ m88k:*:3*:R3*)
+ echo m88k-motorola-sysv3
+ exit ;;
+ AViiON:dgux:*:*)
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+ then
+ if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+ [ ${TARGET_BINARY_INTERFACE}x = x ]
+ then
+ echo m88k-dg-dgux${UNAME_RELEASE}
+ else
+ echo m88k-dg-dguxbcs${UNAME_RELEASE}
+ fi
+ else
+ echo i586-dg-dgux${UNAME_RELEASE}
+ fi
+ exit ;;
+ M88*:DolphinOS:*:*) # DolphinOS (SVR3)
+ echo m88k-dolphin-sysv3
+ exit ;;
+ M88*:*:R3*:*)
+ # Delta 88k system running SVR3
+ echo m88k-motorola-sysv3
+ exit ;;
+ XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+ echo m88k-tektronix-sysv3
+ exit ;;
+ Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+ echo m68k-tektronix-bsd
+ exit ;;
+ *:IRIX*:*:*)
+ echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+ exit ;;
+ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ i*86:AIX:*:*)
+ echo i386-ibm-aix
+ exit ;;
+ ia64:AIX:*:*)
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:2:3)
+ if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <sys/systemcfg.h>
+
+ main()
+ {
+ if (!__power_pc())
+ exit(1);
+ puts("powerpc-ibm-aix3.2.5");
+ exit(0);
+ }
+EOF
+ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+ then
+ echo "$SYSTEM_NAME"
+ else
+ echo rs6000-ibm-aix3.2.5
+ fi
+ elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+ echo rs6000-ibm-aix3.2.4
+ else
+ echo rs6000-ibm-aix3.2
+ fi
+ exit ;;
+ *:AIX:*:[4567])
+ IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+ if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+ IBM_ARCH=rs6000
+ else
+ IBM_ARCH=powerpc
+ fi
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:*:*)
+ echo rs6000-ibm-aix
+ exit ;;
+ ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+ echo romp-ibm-bsd4.4
+ exit ;;
+ ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
+ echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
+ exit ;; # report: romp-ibm BSD 4.3
+ *:BOSX:*:*)
+ echo rs6000-bull-bosx
+ exit ;;
+ DPX/2?00:B.O.S.:*:*)
+ echo m68k-bull-sysv3
+ exit ;;
+ 9000/[34]??:4.3bsd:1.*:*)
+ echo m68k-hp-bsd
+ exit ;;
+ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+ echo m68k-hp-bsd4.4
+ exit ;;
+ 9000/[34678]??:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ case "${UNAME_MACHINE}" in
+ 9000/31? ) HP_ARCH=m68000 ;;
+ 9000/[34]?? ) HP_ARCH=m68k ;;
+ 9000/[678][0-9][0-9])
+ if [ -x /usr/bin/getconf ]; then
+ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+ case "${sc_cpu_version}" in
+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 532) # CPU_PA_RISC2_0
+ case "${sc_kernel_bits}" in
+ 32) HP_ARCH="hppa2.0n" ;;
+ 64) HP_ARCH="hppa2.0w" ;;
+ '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
+ esac ;;
+ esac
+ fi
+ if [ "${HP_ARCH}" = "" ]; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+
+ #define _HPUX_SOURCE
+ #include <stdlib.h>
+ #include <unistd.h>
+
+ int main ()
+ {
+ #if defined(_SC_KERNEL_BITS)
+ long bits = sysconf(_SC_KERNEL_BITS);
+ #endif
+ long cpu = sysconf (_SC_CPU_VERSION);
+
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+ case CPU_PA_RISC2_0:
+ #if defined(_SC_KERNEL_BITS)
+ switch (bits)
+ {
+ case 64: puts ("hppa2.0w"); break;
+ case 32: puts ("hppa2.0n"); break;
+ default: puts ("hppa2.0"); break;
+ } break;
+ #else /* !defined(_SC_KERNEL_BITS) */
+ puts ("hppa2.0"); break;
+ #endif
+ default: puts ("hppa1.0"); break;
+ }
+ exit (0);
+ }
+EOF
+ (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+ test -z "$HP_ARCH" && HP_ARCH=hppa
+ fi ;;
+ esac
+ if [ ${HP_ARCH} = "hppa2.0w" ]
+ then
+ eval $set_cc_for_build
+
+ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
+ # generating 64-bit code. GNU and HP use different nomenclature:
+ #
+ # $ CC_FOR_BUILD=cc ./config.guess
+ # => hppa2.0w-hp-hpux11.23
+ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+ # => hppa64-hp-hpux11.23
+
+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+ grep -q __LP64__
+ then
+ HP_ARCH="hppa2.0w"
+ else
+ HP_ARCH="hppa64"
+ fi
+ fi
+ echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+ exit ;;
+ ia64:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ echo ia64-hp-hpux${HPUX_REV}
+ exit ;;
+ 3050*:HI-UX:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <unistd.h>
+ int
+ main ()
+ {
+ long cpu = sysconf (_SC_CPU_VERSION);
+ /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+ true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
+ results, however. */
+ if (CPU_IS_PA_RISC (cpu))
+ {
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+ default: puts ("hppa-hitachi-hiuxwe2"); break;
+ }
+ }
+ else if (CPU_IS_HP_MC68K (cpu))
+ puts ("m68k-hitachi-hiuxwe2");
+ else puts ("unknown-hitachi-hiuxwe2");
+ exit (0);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo unknown-hitachi-hiuxwe2
+ exit ;;
+ 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+ echo hppa1.1-hp-bsd
+ exit ;;
+ 9000/8??:4.3bsd:*:*)
+ echo hppa1.0-hp-bsd
+ exit ;;
+ *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+ echo hppa1.0-hp-mpeix
+ exit ;;
+ hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+ echo hppa1.1-hp-osf
+ exit ;;
+ hp8??:OSF1:*:*)
+ echo hppa1.0-hp-osf
+ exit ;;
+ i*86:OSF1:*:*)
+ if [ -x /usr/sbin/sysversion ] ; then
+ echo ${UNAME_MACHINE}-unknown-osf1mk
+ else
+ echo ${UNAME_MACHINE}-unknown-osf1
+ fi
+ exit ;;
+ parisc*:Lites*:*:*)
+ echo hppa1.1-hp-lites
+ exit ;;
+ C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+ echo c1-convex-bsd
+ exit ;;
+ C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+ echo c34-convex-bsd
+ exit ;;
+ C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+ echo c38-convex-bsd
+ exit ;;
+ C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+ echo c4-convex-bsd
+ exit ;;
+ CRAY*Y-MP:*:*:*)
+ echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*[A-Z]90:*:*:*)
+ echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+ -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*TS:*:*:*)
+ echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*T3E:*:*:*)
+ echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*SV1:*:*:*)
+ echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ *:UNICOS/mp:*:*)
+ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+ FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ 5000:UNIX_System_V:4.*:*)
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+ echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+ exit ;;
+ sparc*:BSD/OS:*:*)
+ echo sparc-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:BSD/OS:*:*)
+ echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:FreeBSD:*:*)
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ case ${UNAME_PROCESSOR} in
+ amd64)
+ echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ *)
+ echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ esac
+ exit ;;
+ i*:CYGWIN*:*)
+ echo ${UNAME_MACHINE}-pc-cygwin
+ exit ;;
+ *:MINGW*:*)
+ echo ${UNAME_MACHINE}-pc-mingw32
+ exit ;;
+ i*:MSYS*:*)
+ echo ${UNAME_MACHINE}-pc-msys
+ exit ;;
+ i*:windows32*:*)
+ # uname -m includes "-pc" on this system.
+ echo ${UNAME_MACHINE}-mingw32
+ exit ;;
+ i*:PW*:*)
+ echo ${UNAME_MACHINE}-pc-pw32
+ exit ;;
+ *:Interix*:*)
+ case ${UNAME_MACHINE} in
+ x86)
+ echo i586-pc-interix${UNAME_RELEASE}
+ exit ;;
+ authenticamd | genuineintel | EM64T)
+ echo x86_64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ IA64)
+ echo ia64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ esac ;;
+ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+ echo i${UNAME_MACHINE}-pc-mks
+ exit ;;
+ 8664:Windows_NT:*)
+ echo x86_64-pc-mks
+ exit ;;
+ i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+ # UNAME_MACHINE based on the output of uname instead of i386?
+ echo i586-pc-interix
+ exit ;;
+ i*:UWIN*:*)
+ echo ${UNAME_MACHINE}-pc-uwin
+ exit ;;
+ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+ echo x86_64-unknown-cygwin
+ exit ;;
+ p*:CYGWIN*:*)
+ echo powerpcle-unknown-cygwin
+ exit ;;
+ prep*:SunOS:5.*:*)
+ echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ *:GNU:*:*)
+ # the GNU system
+ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+ exit ;;
+ *:GNU/*:*:*)
+ # other systems with GNU libc and userland
+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+ exit ;;
+ i*86:Minix:*:*)
+ echo ${UNAME_MACHINE}-pc-minix
+ exit ;;
+ aarch64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ aarch64_be:Linux:*:*)
+ UNAME_MACHINE=aarch64_be
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ alpha:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5) UNAME_MACHINE=alphaev5 ;;
+ EV56) UNAME_MACHINE=alphaev56 ;;
+ PCA56) UNAME_MACHINE=alphapca56 ;;
+ PCA57) UNAME_MACHINE=alphapca56 ;;
+ EV6) UNAME_MACHINE=alphaev6 ;;
+ EV67) UNAME_MACHINE=alphaev67 ;;
+ EV68*) UNAME_MACHINE=alphaev68 ;;
+ esac
+ objdump --private-headers /bin/sh | grep -q ld.so.1
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+ exit ;;
+ arm*:Linux:*:*)
+ eval $set_cc_for_build
+ if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_EABI__
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ else
+ if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_PCS_VFP
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+ else
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabihf
+ fi
+ fi
+ exit ;;
+ avr32*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ cris:Linux:*:*)
+ echo ${UNAME_MACHINE}-axis-linux-gnu
+ exit ;;
+ crisv32:Linux:*:*)
+ echo ${UNAME_MACHINE}-axis-linux-gnu
+ exit ;;
+ frv:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ hexagon:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ i*86:Linux:*:*)
+ LIBC=gnu
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #ifdef __dietlibc__
+ LIBC=dietlibc
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
+ echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+ exit ;;
+ ia64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m32r*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m68*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ mips:Linux:*:* | mips64:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #undef CPU
+ #undef ${UNAME_MACHINE}
+ #undef ${UNAME_MACHINE}el
+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+ CPU=${UNAME_MACHINE}el
+ #else
+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+ CPU=${UNAME_MACHINE}
+ #else
+ CPU=
+ #endif
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+ ;;
+ or32:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ padre:Linux:*:*)
+ echo sparc-unknown-linux-gnu
+ exit ;;
+ parisc64:Linux:*:* | hppa64:Linux:*:*)
+ echo hppa64-unknown-linux-gnu
+ exit ;;
+ parisc:Linux:*:* | hppa:Linux:*:*)
+ # Look for CPU level
+ case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+ PA7*) echo hppa1.1-unknown-linux-gnu ;;
+ PA8*) echo hppa2.0-unknown-linux-gnu ;;
+ *) echo hppa-unknown-linux-gnu ;;
+ esac
+ exit ;;
+ ppc64:Linux:*:*)
+ echo powerpc64-unknown-linux-gnu
+ exit ;;
+ ppc:Linux:*:*)
+ echo powerpc-unknown-linux-gnu
+ exit ;;
+ s390:Linux:*:* | s390x:Linux:*:*)
+ echo ${UNAME_MACHINE}-ibm-linux
+ exit ;;
+ sh64*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sh*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sparc:Linux:*:* | sparc64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ tile*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ vax:Linux:*:*)
+ echo ${UNAME_MACHINE}-dec-linux-gnu
+ exit ;;
+ x86_64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ xtensa*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ i*86:DYNIX/ptx:4*:*)
+ # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+ # earlier versions are messed up and put the nodename in both
+ # sysname and nodename.
+ echo i386-sequent-sysv4
+ exit ;;
+ i*86:UNIX_SV:4.2MP:2.*)
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+ # I am not positive that other SVR4 systems won't match this,
+ # I just have to hope. -- rms.
+ # Use sysv4.2uw... so that sysv4* matches it.
+ echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+ exit ;;
+ i*86:OS/2:*:*)
+ # If we were able to find `uname', then EMX Unix compatibility
+ # is probably installed.
+ echo ${UNAME_MACHINE}-pc-os2-emx
+ exit ;;
+ i*86:XTS-300:*:STOP)
+ echo ${UNAME_MACHINE}-unknown-stop
+ exit ;;
+ i*86:atheos:*:*)
+ echo ${UNAME_MACHINE}-unknown-atheos
+ exit ;;
+ i*86:syllable:*:*)
+ echo ${UNAME_MACHINE}-pc-syllable
+ exit ;;
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+ echo i386-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ i*86:*DOS:*:*)
+ echo ${UNAME_MACHINE}-pc-msdosdjgpp
+ exit ;;
+ i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+ UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+ if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+ echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+ else
+ echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+ fi
+ exit ;;
+ i*86:*:5:[678]*)
+ # UnixWare 7.x, OpenUNIX and OpenServer 6.
+ case `/bin/uname -X | grep "^Machine"` in
+ *486*) UNAME_MACHINE=i486 ;;
+ *Pentium) UNAME_MACHINE=i586 ;;
+ *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+ esac
+ echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+ exit ;;
+ i*86:*:3.2:*)
+ if test -f /usr/options/cb.name; then
+ UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+ echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+ elif /bin/uname -X 2>/dev/null >/dev/null ; then
+ UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+ (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+ (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+ && UNAME_MACHINE=i586
+ (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+ && UNAME_MACHINE=i686
+ (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+ && UNAME_MACHINE=i686
+ echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+ else
+ echo ${UNAME_MACHINE}-pc-sysv32
+ fi
+ exit ;;
+ pc:*:*:*)
+ # Left here for compatibility:
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i586.
+ # Note: whatever this is, it MUST be the same as what config.sub
+ # prints for the "djgpp" host, or else GDB configury will decide that
+ # this is a cross-build.
+ echo i586-pc-msdosdjgpp
+ exit ;;
+ Intel:Mach:3*:*)
+ echo i386-pc-mach3
+ exit ;;
+ paragon:*:*:*)
+ echo i860-intel-osf1
+ exit ;;
+ i860:*:4.*:*) # i860-SVR4
+ if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+ echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+ else # Add other i860-SVR4 vendors below as they are discovered.
+ echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
+ fi
+ exit ;;
+ mini*:CTIX:SYS*5:*)
+ # "miniframe"
+ echo m68010-convergent-sysv
+ exit ;;
+ mc68k:UNIX:SYSTEM5:3.51m)
+ echo m68k-convergent-sysv
+ exit ;;
+ M680?0:D-NIX:5.3:*)
+ echo m68k-diab-dnix
+ exit ;;
+ M68*:*:R3V[5678]*:*)
+ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+ OS_REL=''
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4; exit; } ;;
+ NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+ OS_REL='.3'
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+ echo m68k-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ mc68030:UNIX_System_V:4.*:*)
+ echo m68k-atari-sysv4
+ exit ;;
+ TSUNAMI:LynxOS:2.*:*)
+ echo sparc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ rs6000:LynxOS:2.*:*)
+ echo rs6000-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+ echo powerpc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ SM[BE]S:UNIX_SV:*:*)
+ echo mips-dde-sysv${UNAME_RELEASE}
+ exit ;;
+ RM*:ReliantUNIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ RM*:SINIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ *:SINIX-*:*:*)
+ if uname -p 2>/dev/null >/dev/null ; then
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ echo ${UNAME_MACHINE}-sni-sysv4
+ else
+ echo ns32k-sni-sysv
+ fi
+ exit ;;
+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says <Richard.M.Bartel@ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+ exit ;;
+ *:UNIX_System_V:4*:FTX*)
+ # From Gerald Hewes <hewes@openmarket.com>.
+ # How about differentiating between stratus architectures? -djm
+ echo hppa1.1-stratus-sysv4
+ exit ;;
+ *:*:*:FTX*)
+ # From seanf@swdc.stratus.com.
+ echo i860-stratus-sysv4
+ exit ;;
+ i*86:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo ${UNAME_MACHINE}-stratus-vos
+ exit ;;
+ *:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo hppa1.1-stratus-vos
+ exit ;;
+ mc68*:A/UX:*:*)
+ echo m68k-apple-aux${UNAME_RELEASE}
+ exit ;;
+ news*:NEWS-OS:6*:*)
+ echo mips-sony-newsos6
+ exit ;;
+ R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+ if [ -d /usr/nec ]; then
+ echo mips-nec-sysv${UNAME_RELEASE}
+ else
+ echo mips-unknown-sysv${UNAME_RELEASE}
+ fi
+ exit ;;
+ BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
+ echo powerpc-be-beos
+ exit ;;
+ BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
+ echo powerpc-apple-beos
+ exit ;;
+ BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
+ echo i586-pc-beos
+ exit ;;
+ BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
+ echo i586-pc-haiku
+ exit ;;
+ SX-4:SUPER-UX:*:*)
+ echo sx4-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-5:SUPER-UX:*:*)
+ echo sx5-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-6:SUPER-UX:*:*)
+ echo sx6-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-7:SUPER-UX:*:*)
+ echo sx7-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8:SUPER-UX:*:*)
+ echo sx8-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8R:SUPER-UX:*:*)
+ echo sx8r-nec-superux${UNAME_RELEASE}
+ exit ;;
+ Power*:Rhapsody:*:*)
+ echo powerpc-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Rhapsody:*:*)
+ echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Darwin:*:*)
+ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+ case $UNAME_PROCESSOR in
+ i386)
+ eval $set_cc_for_build
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ UNAME_PROCESSOR="x86_64"
+ fi
+ fi ;;
+ unknown) UNAME_PROCESSOR=powerpc ;;
+ esac
+ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+ exit ;;
+ *:procnto*:*:* | *:QNX:[0123456789]*:*)
+ UNAME_PROCESSOR=`uname -p`
+ if test "$UNAME_PROCESSOR" = "x86"; then
+ UNAME_PROCESSOR=i386
+ UNAME_MACHINE=pc
+ fi
+ echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+ exit ;;
+ *:QNX:*:4*)
+ echo i386-pc-qnx
+ exit ;;
+ NEO-?:NONSTOP_KERNEL:*:*)
+ echo neo-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSE-?:NONSTOP_KERNEL:*:*)
+ echo nse-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSR-?:NONSTOP_KERNEL:*:*)
+ echo nsr-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ *:NonStop-UX:*:*)
+ echo mips-compaq-nonstopux
+ exit ;;
+ BS2000:POSIX*:*:*)
+ echo bs2000-siemens-sysv
+ exit ;;
+ DS/*:UNIX_System_V:*:*)
+ echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+ exit ;;
+ *:Plan9:*:*)
+ # "uname -m" is not consistent, so use $cputype instead. 386
+ # is converted to i386 for consistency with other x86
+ # operating systems.
+ if test "$cputype" = "386"; then
+ UNAME_MACHINE=i386
+ else
+ UNAME_MACHINE="$cputype"
+ fi
+ echo ${UNAME_MACHINE}-unknown-plan9
+ exit ;;
+ *:TOPS-10:*:*)
+ echo pdp10-unknown-tops10
+ exit ;;
+ *:TENEX:*:*)
+ echo pdp10-unknown-tenex
+ exit ;;
+ KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+ echo pdp10-dec-tops20
+ exit ;;
+ XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+ echo pdp10-xkl-tops20
+ exit ;;
+ *:TOPS-20:*:*)
+ echo pdp10-unknown-tops20
+ exit ;;
+ *:ITS:*:*)
+ echo pdp10-unknown-its
+ exit ;;
+ SEI:*:*:SEIUX)
+ echo mips-sei-seiux${UNAME_RELEASE}
+ exit ;;
+ *:DragonFly:*:*)
+ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ exit ;;
+ *:*VMS:*:*)
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ case "${UNAME_MACHINE}" in
+ A*) echo alpha-dec-vms ; exit ;;
+ I*) echo ia64-dec-vms ; exit ;;
+ V*) echo vax-dec-vms ; exit ;;
+ esac ;;
+ *:XENIX:*:SysV)
+ echo i386-pc-xenix
+ exit ;;
+ i*86:skyos:*:*)
+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+ exit ;;
+ i*86:rdos:*:*)
+ echo ${UNAME_MACHINE}-pc-rdos
+ exit ;;
+ i*86:AROS:*:*)
+ echo ${UNAME_MACHINE}-pc-aros
+ exit ;;
+ x86_64:VMkernel:*:*)
+ echo ${UNAME_MACHINE}-unknown-esx
+ exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
+ I don't know.... */
+ printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+ printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+ "4"
+#else
+ ""
+#endif
+ ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+ printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+ printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+ int version;
+ version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+ if (version < 4)
+ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+ else
+ printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+ exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+ printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+ printf ("ns32k-encore-mach\n"); exit (0);
+#else
+ printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+ printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+ printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+ printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+ struct utsname un;
+
+ uname(&un);
+
+ if (strncmp(un.version, "V2", 2) == 0) {
+ printf ("i386-sequent-ptx2\n"); exit (0);
+ }
+ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+ printf ("i386-sequent-ptx1\n"); exit (0);
+ }
+ printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+# include <sys/param.h>
+# if defined (BSD)
+# if BSD == 43
+ printf ("vax-dec-bsd4.3\n"); exit (0);
+# else
+# if BSD == 199006
+ printf ("vax-dec-bsd4.3reno\n"); exit (0);
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# endif
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# else
+ printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+ printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+ exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+ case `getsysinfo -f cpu_type` in
+ c1*)
+ echo c1-convex-bsd
+ exit ;;
+ c2*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ c34*)
+ echo c34-convex-bsd
+ exit ;;
+ c38*)
+ echo c38-convex-bsd
+ exit ;;
+ c4*)
+ echo c4-convex-bsd
+ exit ;;
+ esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo = `(hostinfo) 2>/dev/null`
+/bin/universe = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/scripts/config.rpath b/scripts/config.rpath
new file mode 100755
index 0000000..c547c68
--- /dev/null
+++ b/scripts/config.rpath
@@ -0,0 +1,666 @@
+#! /bin/sh
+# Output a system dependent set of variables, describing how to set the
+# run time search path of shared libraries in an executable.
+#
+# Copyright 1996-2007 Free Software Foundation, Inc.
+# Taken from GNU libtool, 2001
+# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# The first argument passed to this file is the canonical host specification,
+# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or
+# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# The environment variables CC, GCC, LDFLAGS, LD, with_gnu_ld
+# should be set by the caller.
+#
+# The set of defined variables is at the end of this script.
+
+# Known limitations:
+# - On IRIX 6.5 with CC="cc", the run time search patch must not be longer
+# than 256 bytes, otherwise the compiler driver will dump core. The only
+# known workaround is to choose shorter directory names for the build
+# directory and/or the installation directory.
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+shrext=.so
+
+host="$1"
+host_cpu=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+host_vendor=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+host_os=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+
+# Code taken from libtool.m4's _LT_CC_BASENAME.
+
+for cc_temp in $CC""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`echo "$cc_temp" | sed -e 's%^.*/%%'`
+
+# Code taken from libtool.m4's AC_LIBTOOL_PROG_COMPILER_PIC.
+
+wl=
+if test "$GCC" = yes; then
+ wl='-Wl,'
+else
+ case "$host_os" in
+ aix*)
+ wl='-Wl,'
+ ;;
+ darwin*)
+ case $cc_basename in
+ xlc*)
+ wl='-Wl,'
+ ;;
+ esac
+ ;;
+ mingw* | cygwin* | pw32* | os2*)
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ wl='-Wl,'
+ ;;
+ irix5* | irix6* | nonstopux*)
+ wl='-Wl,'
+ ;;
+ newsos6)
+ ;;
+ linux* | k*bsd*-gnu)
+ case $cc_basename in
+ icc* | ecc*)
+ wl='-Wl,'
+ ;;
+ pgcc | pgf77 | pgf90)
+ wl='-Wl,'
+ ;;
+ ccc*)
+ wl='-Wl,'
+ ;;
+ como)
+ wl='-lopt='
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ wl='-Wl,'
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+ osf3* | osf4* | osf5*)
+ wl='-Wl,'
+ ;;
+ rdos*)
+ ;;
+ solaris*)
+ wl='-Wl,'
+ ;;
+ sunos4*)
+ wl='-Qoption ld '
+ ;;
+ sysv4 | sysv4.2uw2* | sysv4.3*)
+ wl='-Wl,'
+ ;;
+ sysv4*MP*)
+ ;;
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ wl='-Wl,'
+ ;;
+ unicos*)
+ wl='-Wl,'
+ ;;
+ uts4*)
+ ;;
+ esac
+fi
+
+# Code taken from libtool.m4's AC_LIBTOOL_PROG_LD_SHLIBS.
+
+hardcode_libdir_flag_spec=
+hardcode_libdir_separator=
+hardcode_direct=no
+hardcode_minus_L=no
+
+case "$host_os" in
+ cygwin* | mingw* | pw32*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+esac
+
+ld_shlibs=yes
+if test "$with_gnu_ld" = yes; then
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ # Unlike libtool, we use -rpath here, not --rpath, since the documented
+ # option of GNU ld is called -rpath, not --rpath.
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ case "$host_os" in
+ aix3* | aix4* | aix5*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ ld_shlibs=no
+ fi
+ ;;
+ amigaos*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ # Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
+ # that the semantics of dynamic libraries on AmigaOS, at least up
+ # to version 4, is to share data among multiple programs linked
+ # with the same dynamic library. Since this doesn't match the
+ # behavior of shared libraries on other platforms, we cannot use
+ # them.
+ ld_shlibs=no
+ ;;
+ beos*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ cygwin* | mingw* | pw32*)
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec='-L$libdir'
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ interix[3-9]*)
+ hardcode_direct=no
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ ;;
+ gnu* | linux* | k*bsd*-gnu)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ netbsd*)
+ ;;
+ solaris*)
+ if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+ ld_shlibs=no
+ elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+ ld_shlibs=no
+ ;;
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+ ;;
+ sunos4*)
+ hardcode_direct=yes
+ ;;
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+ if test "$ld_shlibs" = no; then
+ hardcode_libdir_flag_spec=
+ fi
+else
+ case "$host_os" in
+ aix3*)
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ hardcode_minus_L=yes
+ if test "$GCC" = yes; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ hardcode_direct=unsupported
+ fi
+ ;;
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ else
+ aix_use_runtimelinking=no
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ ;;
+ esac
+ fi
+ hardcode_direct=yes
+ hardcode_libdir_separator=':'
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ hardcode_direct=unsupported
+ hardcode_minus_L=yes
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_libdir_separator=
+ fi
+ ;;
+ esac
+ fi
+ # Begin _LT_AC_SYS_LIBPATH_AIX.
+ echo 'int main () { return 0; }' > conftest.c
+ ${CC} ${LDFLAGS} conftest.c -o conftest
+ aix_libpath=`dump -H conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+ if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+ fi
+ if test -z "$aix_libpath"; then
+ aix_libpath="/usr/lib:/lib"
+ fi
+ rm -f conftest.c conftest
+ # End _LT_AC_SYS_LIBPATH_AIX.
+ if test "$aix_use_runtimelinking" = yes; then
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
+ else
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ fi
+ fi
+ ;;
+ amigaos*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ # see comment about different semantics on the GNU ld section
+ ld_shlibs=no
+ ;;
+ bsdi[45]*)
+ ;;
+ cygwin* | mingw* | pw32*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec=' '
+ libext=lib
+ ;;
+ darwin* | rhapsody*)
+ hardcode_direct=no
+ if test "$GCC" = yes ; then
+ :
+ else
+ case $cc_basename in
+ xlc*)
+ ;;
+ *)
+ ld_shlibs=no
+ ;;
+ esac
+ fi
+ ;;
+ dgux*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ ;;
+ freebsd1*)
+ ld_shlibs=no
+ ;;
+ freebsd2.2*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ ;;
+ freebsd2*)
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ ;;
+ freebsd* | dragonfly*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ ;;
+ hpux9*)
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ hpux10*)
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ fi
+ ;;
+ hpux11*)
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ case $host_cpu in
+ hppa*64*|ia64*)
+ hardcode_direct=no
+ ;;
+ *)
+ hardcode_direct=yes
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ esac
+ fi
+ ;;
+ irix5* | irix6* | nonstopux*)
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+ netbsd*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ ;;
+ newsos6)
+ hardcode_direct=yes
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+ openbsd*)
+ if test -f /usr/libexec/ld.so; then
+ hardcode_direct=yes
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ else
+ case "$host_os" in
+ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ ;;
+ *)
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ os2*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ osf3*)
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+ osf4* | osf5*)
+ if test "$GCC" = yes; then
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ else
+ # Both cc and cxx compiler support -rpath directly
+ hardcode_libdir_flag_spec='-rpath $libdir'
+ fi
+ hardcode_libdir_separator=:
+ ;;
+ solaris*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ ;;
+ sunos4*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ ;;
+ sysv4)
+ case $host_vendor in
+ sni)
+ hardcode_direct=yes # is this really true???
+ ;;
+ siemens)
+ hardcode_direct=no
+ ;;
+ motorola)
+ hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ ;;
+ sysv4.3*)
+ ;;
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ ld_shlibs=yes
+ fi
+ ;;
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+ ;;
+ sysv5* | sco3.2v5* | sco5v6*)
+ hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+ hardcode_libdir_separator=':'
+ ;;
+ uts4*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ ;;
+ *)
+ ld_shlibs=no
+ ;;
+ esac
+fi
+
+# Check dynamic linker characteristics
+# Code taken from libtool.m4's AC_LIBTOOL_SYS_DYNAMIC_LINKER.
+# Unlike libtool.m4, here we don't care about _all_ names of the library, but
+# only about the one the linker finds when passed -lNAME. This is the last
+# element of library_names_spec in libtool.m4, or possibly two of them if the
+# linker has special search rules.
+library_names_spec= # the last element of library_names_spec in libtool.m4
+libname_spec='lib$name'
+case "$host_os" in
+ aix3*)
+ library_names_spec='$libname.a'
+ ;;
+ aix4* | aix5*)
+ library_names_spec='$libname$shrext'
+ ;;
+ amigaos*)
+ library_names_spec='$libname.a'
+ ;;
+ beos*)
+ library_names_spec='$libname$shrext'
+ ;;
+ bsdi[45]*)
+ library_names_spec='$libname$shrext'
+ ;;
+ cygwin* | mingw* | pw32*)
+ shrext=.dll
+ library_names_spec='$libname.dll.a $libname.lib'
+ ;;
+ darwin* | rhapsody*)
+ shrext=.dylib
+ library_names_spec='$libname$shrext'
+ ;;
+ dgux*)
+ library_names_spec='$libname$shrext'
+ ;;
+ freebsd1*)
+ ;;
+ freebsd* | dragonfly*)
+ case "$host_os" in
+ freebsd[123]*)
+ library_names_spec='$libname$shrext$versuffix' ;;
+ *)
+ library_names_spec='$libname$shrext' ;;
+ esac
+ ;;
+ gnu*)
+ library_names_spec='$libname$shrext'
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ case $host_cpu in
+ ia64*)
+ shrext=.so
+ ;;
+ hppa*64*)
+ shrext=.sl
+ ;;
+ *)
+ shrext=.sl
+ ;;
+ esac
+ library_names_spec='$libname$shrext'
+ ;;
+ interix[3-9]*)
+ library_names_spec='$libname$shrext'
+ ;;
+ irix5* | irix6* | nonstopux*)
+ library_names_spec='$libname$shrext'
+ case "$host_os" in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= ;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 ;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 ;;
+ *) libsuff= shlibsuff= ;;
+ esac
+ ;;
+ esac
+ ;;
+ linux*oldld* | linux*aout* | linux*coff*)
+ ;;
+ linux* | k*bsd*-gnu)
+ library_names_spec='$libname$shrext'
+ ;;
+ knetbsd*-gnu)
+ library_names_spec='$libname$shrext'
+ ;;
+ netbsd*)
+ library_names_spec='$libname$shrext'
+ ;;
+ newsos6)
+ library_names_spec='$libname$shrext'
+ ;;
+ nto-qnx*)
+ library_names_spec='$libname$shrext'
+ ;;
+ openbsd*)
+ library_names_spec='$libname$shrext$versuffix'
+ ;;
+ os2*)
+ libname_spec='$name'
+ shrext=.dll
+ library_names_spec='$libname.a'
+ ;;
+ osf3* | osf4* | osf5*)
+ library_names_spec='$libname$shrext'
+ ;;
+ rdos*)
+ ;;
+ solaris*)
+ library_names_spec='$libname$shrext'
+ ;;
+ sunos4*)
+ library_names_spec='$libname$shrext$versuffix'
+ ;;
+ sysv4 | sysv4.3*)
+ library_names_spec='$libname$shrext'
+ ;;
+ sysv4*MP*)
+ library_names_spec='$libname$shrext'
+ ;;
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ library_names_spec='$libname$shrext'
+ ;;
+ uts4*)
+ library_names_spec='$libname$shrext'
+ ;;
+esac
+
+sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
+escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"`
+shlibext=`echo "$shrext" | sed -e 's,^\.,,'`
+escaped_libname_spec=`echo "X$libname_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
+escaped_library_names_spec=`echo "X$library_names_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
+escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
+
+LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <<EOF
+
+# How to pass a linker flag through the compiler.
+wl="$escaped_wl"
+
+# Static library suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally "so").
+shlibext="$shlibext"
+
+# Format of library name prefix.
+libname_spec="$escaped_libname_spec"
+
+# Library names that the linker finds when passed -lNAME.
+library_names_spec="$escaped_library_names_spec"
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec="$escaped_hardcode_libdir_flag_spec"
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator="$hardcode_libdir_separator"
+
+# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct="$hardcode_direct"
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L="$hardcode_minus_L"
+
+EOF
diff --git a/scripts/config.sub b/scripts/config.sub
new file mode 100755
index 0000000..c894da4
--- /dev/null
+++ b/scripts/config.sub
@@ -0,0 +1,1773 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011, 2012 Free Software Foundation, Inc.
+
+timestamp='2012-02-10'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine. It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>. Submit a context
+# diff and a properly formatted GNU ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support. The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+ $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help"
+ exit 1 ;;
+
+ *local*)
+ # First pass through any local machine types.
+ echo $1
+ exit ;;
+
+ * )
+ break ;;
+ esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+ exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+ exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+ nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
+ linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
+ knetbsd*-gnu* | netbsd*-gnu* | \
+ kopensolaris*-gnu* | \
+ storm-chaos* | os2-emx* | rtmk-nova*)
+ os=-$maybe_os
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+ ;;
+ android-linux)
+ os=-linux-android
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
+ ;;
+ *)
+ basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+ if [ $basic_machine != $1 ]
+ then os=`echo $1 | sed 's/.*-/-/'`
+ else os=; fi
+ ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work. We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+ -sun*os*)
+ # Prevent following clause from handling this invalid input.
+ ;;
+ -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+ -apple | -axis | -knuth | -cray | -microblaze)
+ os=
+ basic_machine=$1
+ ;;
+ -bluegene*)
+ os=-cnk
+ ;;
+ -sim | -cisco | -oki | -wec | -winbond)
+ os=
+ basic_machine=$1
+ ;;
+ -scout)
+ ;;
+ -wrs)
+ os=-vxworks
+ basic_machine=$1
+ ;;
+ -chorusos*)
+ os=-chorusos
+ basic_machine=$1
+ ;;
+ -chorusrdb)
+ os=-chorusrdb
+ basic_machine=$1
+ ;;
+ -hiux*)
+ os=-hiuxwe2
+ ;;
+ -sco6)
+ os=-sco5v6
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5)
+ os=-sco3.2v5
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco4)
+ os=-sco3.2v4
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2.[4-9]*)
+ os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2v[4-9]*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5v6*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco*)
+ os=-sco3.2v2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -udk*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -isc)
+ os=-isc2.2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -clix*)
+ basic_machine=clipper-intergraph
+ ;;
+ -isc*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -lynx*)
+ os=-lynxos
+ ;;
+ -ptx*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+ ;;
+ -windowsnt*)
+ os=`echo $os | sed -e 's/windowsnt/winnt/'`
+ ;;
+ -psos*)
+ os=-psos
+ ;;
+ -mint | -mint[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+ # Recognize the basic CPU types without company name.
+ # Some are omitted here because they have special meanings below.
+ 1750a | 580 \
+ | a29k \
+ | aarch64 | aarch64_be \
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ | am33_2.0 \
+ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+ | be32 | be64 \
+ | bfin \
+ | c4x | clipper \
+ | d10v | d30v | dlx | dsp16xx \
+ | epiphany \
+ | fido | fr30 | frv \
+ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | hexagon \
+ | i370 | i860 | i960 | ia64 \
+ | ip2k | iq2000 \
+ | le32 | le64 \
+ | lm32 \
+ | m32c | m32r | m32rle | m68000 | m68k | m88k \
+ | maxq | mb | microblaze | mcore | mep | metag \
+ | mips | mipsbe | mipseb | mipsel | mipsle \
+ | mips16 \
+ | mips64 | mips64el \
+ | mips64octeon | mips64octeonel \
+ | mips64orion | mips64orionel \
+ | mips64r5900 | mips64r5900el \
+ | mips64vr | mips64vrel \
+ | mips64vr4100 | mips64vr4100el \
+ | mips64vr4300 | mips64vr4300el \
+ | mips64vr5000 | mips64vr5000el \
+ | mips64vr5900 | mips64vr5900el \
+ | mipsisa32 | mipsisa32el \
+ | mipsisa32r2 | mipsisa32r2el \
+ | mipsisa64 | mipsisa64el \
+ | mipsisa64r2 | mipsisa64r2el \
+ | mipsisa64sb1 | mipsisa64sb1el \
+ | mipsisa64sr71k | mipsisa64sr71kel \
+ | mipstx39 | mipstx39el \
+ | mn10200 | mn10300 \
+ | moxie \
+ | mt \
+ | msp430 \
+ | nds32 | nds32le | nds32be \
+ | nios | nios2 \
+ | ns16k | ns32k \
+ | open8 \
+ | or32 \
+ | pdp10 | pdp11 | pj | pjl \
+ | powerpc | powerpc64 | powerpc64le | powerpcle \
+ | pyramid \
+ | rl78 | rx \
+ | score \
+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+ | sh64 | sh64le \
+ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+ | spu \
+ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
+ | ubicom32 \
+ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
+ | we32k \
+ | x86 | xc16x | xstormy16 | xtensa \
+ | z8k | z80)
+ basic_machine=$basic_machine-unknown
+ ;;
+ c54x)
+ basic_machine=tic54x-unknown
+ ;;
+ c55x)
+ basic_machine=tic55x-unknown
+ ;;
+ c6x)
+ basic_machine=tic6x-unknown
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip)
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+ ;;
+ ms1)
+ basic_machine=mt-unknown
+ ;;
+
+ strongarm | thumb | xscale)
+ basic_machine=arm-unknown
+ ;;
+ xgate)
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ xscaleeb)
+ basic_machine=armeb-unknown
+ ;;
+
+ xscaleel)
+ basic_machine=armel-unknown
+ ;;
+
+ # We use `pc' rather than `unknown'
+ # because (1) that's what they normally are, and
+ # (2) the word "unknown" tends to confuse beginning users.
+ i*86 | x86_64)
+ basic_machine=$basic_machine-pc
+ ;;
+ # Object if more than one company name word.
+ *-*-*)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+ # Recognize the basic CPU types with company name.
+ 580-* \
+ | a29k-* \
+ | aarch64-* | aarch64_be-* \
+ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
+ | avr-* | avr32-* \
+ | be32-* | be64-* \
+ | bfin-* | bs2000-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* \
+ | clipper-* | craynv-* | cydra-* \
+ | d10v-* | d30v-* | dlx-* \
+ | elxsi-* \
+ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+ | h8300-* | h8500-* \
+ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+ | hexagon-* \
+ | i*86-* | i860-* | i960-* | ia64-* \
+ | ip2k-* | iq2000-* \
+ | le32-* | le64-* \
+ | lm32-* \
+ | m32c-* | m32r-* | m32rle-* \
+ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+ | mips16-* \
+ | mips64-* | mips64el-* \
+ | mips64octeon-* | mips64octeonel-* \
+ | mips64orion-* | mips64orionel-* \
+ | mips64r5900-* | mips64r5900el-* \
+ | mips64vr-* | mips64vrel-* \
+ | mips64vr4100-* | mips64vr4100el-* \
+ | mips64vr4300-* | mips64vr4300el-* \
+ | mips64vr5000-* | mips64vr5000el-* \
+ | mips64vr5900-* | mips64vr5900el-* \
+ | mipsisa32-* | mipsisa32el-* \
+ | mipsisa32r2-* | mipsisa32r2el-* \
+ | mipsisa64-* | mipsisa64el-* \
+ | mipsisa64r2-* | mipsisa64r2el-* \
+ | mipsisa64sb1-* | mipsisa64sb1el-* \
+ | mipsisa64sr71k-* | mipsisa64sr71kel-* \
+ | mipstx39-* | mipstx39el-* \
+ | mmix-* \
+ | mt-* \
+ | msp430-* \
+ | nds32-* | nds32le-* | nds32be-* \
+ | nios-* | nios2-* \
+ | none-* | np1-* | ns16k-* | ns32k-* \
+ | open8-* \
+ | orion-* \
+ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
+ | pyramid-* \
+ | rl78-* | romp-* | rs6000-* | rx-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+ | sparclite-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
+ | tahoe-* \
+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tile*-* \
+ | tron-* \
+ | ubicom32-* \
+ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
+ | vax-* \
+ | we32k-* \
+ | x86-* | x86_64-* | xc16x-* | xps100-* \
+ | xstormy16-* | xtensa*-* \
+ | ymp-* \
+ | z8k-* | z80-*)
+ ;;
+ # Recognize the basic CPU types without company name, with glob match.
+ xtensa*)
+ basic_machine=$basic_machine-unknown
+ ;;
+ # Recognize the various machine names and aliases which stand
+ # for a CPU type and a company and sometimes even an OS.
+ 386bsd)
+ basic_machine=i386-unknown
+ os=-bsd
+ ;;
+ 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+ basic_machine=m68000-att
+ ;;
+ 3b*)
+ basic_machine=we32k-att
+ ;;
+ a29khif)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ abacus)
+ basic_machine=abacus-unknown
+ ;;
+ adobe68k)
+ basic_machine=m68010-adobe
+ os=-scout
+ ;;
+ alliant | fx80)
+ basic_machine=fx80-alliant
+ ;;
+ altos | altos3068)
+ basic_machine=m68k-altos
+ ;;
+ am29k)
+ basic_machine=a29k-none
+ os=-bsd
+ ;;
+ amd64)
+ basic_machine=x86_64-pc
+ ;;
+ amd64-*)
+ basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ amdahl)
+ basic_machine=580-amdahl
+ os=-sysv
+ ;;
+ amiga | amiga-*)
+ basic_machine=m68k-unknown
+ ;;
+ amigaos | amigados)
+ basic_machine=m68k-unknown
+ os=-amigaos
+ ;;
+ amigaunix | amix)
+ basic_machine=m68k-unknown
+ os=-sysv4
+ ;;
+ apollo68)
+ basic_machine=m68k-apollo
+ os=-sysv
+ ;;
+ apollo68bsd)
+ basic_machine=m68k-apollo
+ os=-bsd
+ ;;
+ aros)
+ basic_machine=i386-pc
+ os=-aros
+ ;;
+ aux)
+ basic_machine=m68k-apple
+ os=-aux
+ ;;
+ balance)
+ basic_machine=ns32k-sequent
+ os=-dynix
+ ;;
+ blackfin)
+ basic_machine=bfin-unknown
+ os=-linux
+ ;;
+ blackfin-*)
+ basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ bluegene*)
+ basic_machine=powerpc-ibm
+ os=-cnk
+ ;;
+ c54x-*)
+ basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c55x-*)
+ basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c6x-*)
+ basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c90)
+ basic_machine=c90-cray
+ os=-unicos
+ ;;
+ cegcc)
+ basic_machine=arm-unknown
+ os=-cegcc
+ ;;
+ convex-c1)
+ basic_machine=c1-convex
+ os=-bsd
+ ;;
+ convex-c2)
+ basic_machine=c2-convex
+ os=-bsd
+ ;;
+ convex-c32)
+ basic_machine=c32-convex
+ os=-bsd
+ ;;
+ convex-c34)
+ basic_machine=c34-convex
+ os=-bsd
+ ;;
+ convex-c38)
+ basic_machine=c38-convex
+ os=-bsd
+ ;;
+ cray | j90)
+ basic_machine=j90-cray
+ os=-unicos
+ ;;
+ craynv)
+ basic_machine=craynv-cray
+ os=-unicosmp
+ ;;
+ cr16 | cr16-*)
+ basic_machine=cr16-unknown
+ os=-elf
+ ;;
+ crds | unos)
+ basic_machine=m68k-crds
+ ;;
+ crisv32 | crisv32-* | etraxfs*)
+ basic_machine=crisv32-axis
+ ;;
+ cris | cris-* | etrax*)
+ basic_machine=cris-axis
+ ;;
+ crx)
+ basic_machine=crx-unknown
+ os=-elf
+ ;;
+ da30 | da30-*)
+ basic_machine=m68k-da30
+ ;;
+ decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+ basic_machine=mips-dec
+ ;;
+ decsystem10* | dec10*)
+ basic_machine=pdp10-dec
+ os=-tops10
+ ;;
+ decsystem20* | dec20*)
+ basic_machine=pdp10-dec
+ os=-tops20
+ ;;
+ delta | 3300 | motorola-3300 | motorola-delta \
+ | 3300-motorola | delta-motorola)
+ basic_machine=m68k-motorola
+ ;;
+ delta88)
+ basic_machine=m88k-motorola
+ os=-sysv3
+ ;;
+ dicos)
+ basic_machine=i686-pc
+ os=-dicos
+ ;;
+ djgpp)
+ basic_machine=i586-pc
+ os=-msdosdjgpp
+ ;;
+ dpx20 | dpx20-*)
+ basic_machine=rs6000-bull
+ os=-bosx
+ ;;
+ dpx2* | dpx2*-bull)
+ basic_machine=m68k-bull
+ os=-sysv3
+ ;;
+ ebmon29k)
+ basic_machine=a29k-amd
+ os=-ebmon
+ ;;
+ elxsi)
+ basic_machine=elxsi-elxsi
+ os=-bsd
+ ;;
+ encore | umax | mmax)
+ basic_machine=ns32k-encore
+ ;;
+ es1800 | OSE68k | ose68k | ose | OSE)
+ basic_machine=m68k-ericsson
+ os=-ose
+ ;;
+ fx2800)
+ basic_machine=i860-alliant
+ ;;
+ genix)
+ basic_machine=ns32k-ns
+ ;;
+ gmicro)
+ basic_machine=tron-gmicro
+ os=-sysv
+ ;;
+ go32)
+ basic_machine=i386-pc
+ os=-go32
+ ;;
+ h3050r* | hiux*)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ h8300hms)
+ basic_machine=h8300-hitachi
+ os=-hms
+ ;;
+ h8300xray)
+ basic_machine=h8300-hitachi
+ os=-xray
+ ;;
+ h8500hms)
+ basic_machine=h8500-hitachi
+ os=-hms
+ ;;
+ harris)
+ basic_machine=m88k-harris
+ os=-sysv3
+ ;;
+ hp300-*)
+ basic_machine=m68k-hp
+ ;;
+ hp300bsd)
+ basic_machine=m68k-hp
+ os=-bsd
+ ;;
+ hp300hpux)
+ basic_machine=m68k-hp
+ os=-hpux
+ ;;
+ hp3k9[0-9][0-9] | hp9[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k2[0-9][0-9] | hp9k31[0-9])
+ basic_machine=m68000-hp
+ ;;
+ hp9k3[2-9][0-9])
+ basic_machine=m68k-hp
+ ;;
+ hp9k6[0-9][0-9] | hp6[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k7[0-79][0-9] | hp7[0-79][0-9])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k78[0-9] | hp78[0-9])
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][13679] | hp8[0-9][13679])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][0-9] | hp8[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hppa-next)
+ os=-nextstep3
+ ;;
+ hppaosf)
+ basic_machine=hppa1.1-hp
+ os=-osf
+ ;;
+ hppro)
+ basic_machine=hppa1.1-hp
+ os=-proelf
+ ;;
+ i370-ibm* | ibm*)
+ basic_machine=i370-ibm
+ ;;
+ i*86v32)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv32
+ ;;
+ i*86v4*)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv4
+ ;;
+ i*86v)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv
+ ;;
+ i*86sol2)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-solaris2
+ ;;
+ i386mach)
+ basic_machine=i386-mach
+ os=-mach
+ ;;
+ i386-vsta | vsta)
+ basic_machine=i386-unknown
+ os=-vsta
+ ;;
+ iris | iris4d)
+ basic_machine=mips-sgi
+ case $os in
+ -irix*)
+ ;;
+ *)
+ os=-irix4
+ ;;
+ esac
+ ;;
+ isi68 | isi)
+ basic_machine=m68k-isi
+ os=-sysv
+ ;;
+ m68knommu)
+ basic_machine=m68k-unknown
+ os=-linux
+ ;;
+ m68knommu-*)
+ basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ m88k-omron*)
+ basic_machine=m88k-omron
+ ;;
+ magnum | m3230)
+ basic_machine=mips-mips
+ os=-sysv
+ ;;
+ merlin)
+ basic_machine=ns32k-utek
+ os=-sysv
+ ;;
+ microblaze)
+ basic_machine=microblaze-xilinx
+ ;;
+ mingw32)
+ basic_machine=i386-pc
+ os=-mingw32
+ ;;
+ mingw32ce)
+ basic_machine=arm-unknown
+ os=-mingw32ce
+ ;;
+ miniframe)
+ basic_machine=m68000-convergent
+ ;;
+ *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+ mips3*-*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+ ;;
+ mips3*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+ ;;
+ monitor)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ morphos)
+ basic_machine=powerpc-unknown
+ os=-morphos
+ ;;
+ msdos)
+ basic_machine=i386-pc
+ os=-msdos
+ ;;
+ ms1-*)
+ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+ ;;
+ msys)
+ basic_machine=i386-pc
+ os=-msys
+ ;;
+ mvs)
+ basic_machine=i370-ibm
+ os=-mvs
+ ;;
+ nacl)
+ basic_machine=le32-unknown
+ os=-nacl
+ ;;
+ ncr3000)
+ basic_machine=i486-ncr
+ os=-sysv4
+ ;;
+ netbsd386)
+ basic_machine=i386-unknown
+ os=-netbsd
+ ;;
+ netwinder)
+ basic_machine=armv4l-rebel
+ os=-linux
+ ;;
+ news | news700 | news800 | news900)
+ basic_machine=m68k-sony
+ os=-newsos
+ ;;
+ news1000)
+ basic_machine=m68030-sony
+ os=-newsos
+ ;;
+ news-3600 | risc-news)
+ basic_machine=mips-sony
+ os=-newsos
+ ;;
+ necv70)
+ basic_machine=v70-nec
+ os=-sysv
+ ;;
+ next | m*-next )
+ basic_machine=m68k-next
+ case $os in
+ -nextstep* )
+ ;;
+ -ns2*)
+ os=-nextstep2
+ ;;
+ *)
+ os=-nextstep3
+ ;;
+ esac
+ ;;
+ nh3000)
+ basic_machine=m68k-harris
+ os=-cxux
+ ;;
+ nh[45]000)
+ basic_machine=m88k-harris
+ os=-cxux
+ ;;
+ nindy960)
+ basic_machine=i960-intel
+ os=-nindy
+ ;;
+ mon960)
+ basic_machine=i960-intel
+ os=-mon960
+ ;;
+ nonstopux)
+ basic_machine=mips-compaq
+ os=-nonstopux
+ ;;
+ np1)
+ basic_machine=np1-gould
+ ;;
+ neo-tandem)
+ basic_machine=neo-tandem
+ ;;
+ nse-tandem)
+ basic_machine=nse-tandem
+ ;;
+ nsr-tandem)
+ basic_machine=nsr-tandem
+ ;;
+ op50n-* | op60c-*)
+ basic_machine=hppa1.1-oki
+ os=-proelf
+ ;;
+ openrisc | openrisc-*)
+ basic_machine=or32-unknown
+ ;;
+ os400)
+ basic_machine=powerpc-ibm
+ os=-os400
+ ;;
+ OSE68000 | ose68000)
+ basic_machine=m68000-ericsson
+ os=-ose
+ ;;
+ os68k)
+ basic_machine=m68k-none
+ os=-os68k
+ ;;
+ pa-hitachi)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ paragon)
+ basic_machine=i860-intel
+ os=-osf
+ ;;
+ parisc)
+ basic_machine=hppa-unknown
+ os=-linux
+ ;;
+ parisc-*)
+ basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ pbd)
+ basic_machine=sparc-tti
+ ;;
+ pbb)
+ basic_machine=m68k-tti
+ ;;
+ pc532 | pc532-*)
+ basic_machine=ns32k-pc532
+ ;;
+ pc98)
+ basic_machine=i386-pc
+ ;;
+ pc98-*)
+ basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium | p5 | k5 | k6 | nexgen | viac3)
+ basic_machine=i586-pc
+ ;;
+ pentiumpro | p6 | 6x86 | athlon | athlon_*)
+ basic_machine=i686-pc
+ ;;
+ pentiumii | pentium2 | pentiumiii | pentium3)
+ basic_machine=i686-pc
+ ;;
+ pentium4)
+ basic_machine=i786-pc
+ ;;
+ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+ basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumpro-* | p6-* | 6x86-* | athlon-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium4-*)
+ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pn)
+ basic_machine=pn-gould
+ ;;
+ power) basic_machine=power-ibm
+ ;;
+ ppc | ppcbe) basic_machine=powerpc-unknown
+ ;;
+ ppc-* | ppcbe-*)
+ basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppcle | powerpclittle | ppc-le | powerpc-little)
+ basic_machine=powerpcle-unknown
+ ;;
+ ppcle-* | powerpclittle-*)
+ basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64) basic_machine=powerpc64-unknown
+ ;;
+ ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+ basic_machine=powerpc64le-unknown
+ ;;
+ ppc64le-* | powerpc64little-*)
+ basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ps2)
+ basic_machine=i386-ibm
+ ;;
+ pw32)
+ basic_machine=i586-unknown
+ os=-pw32
+ ;;
+ rdos)
+ basic_machine=i386-pc
+ os=-rdos
+ ;;
+ rom68k)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ rm[46]00)
+ basic_machine=mips-siemens
+ ;;
+ rtpc | rtpc-*)
+ basic_machine=romp-ibm
+ ;;
+ s390 | s390-*)
+ basic_machine=s390-ibm
+ ;;
+ s390x | s390x-*)
+ basic_machine=s390x-ibm
+ ;;
+ sa29200)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ sb1)
+ basic_machine=mipsisa64sb1-unknown
+ ;;
+ sb1el)
+ basic_machine=mipsisa64sb1el-unknown
+ ;;
+ sde)
+ basic_machine=mipsisa32-sde
+ os=-elf
+ ;;
+ sei)
+ basic_machine=mips-sei
+ os=-seiux
+ ;;
+ sequent)
+ basic_machine=i386-sequent
+ ;;
+ sh)
+ basic_machine=sh-hitachi
+ os=-hms
+ ;;
+ sh5el)
+ basic_machine=sh5le-unknown
+ ;;
+ sh64)
+ basic_machine=sh64-unknown
+ ;;
+ sparclite-wrs | simso-wrs)
+ basic_machine=sparclite-wrs
+ os=-vxworks
+ ;;
+ sps7)
+ basic_machine=m68k-bull
+ os=-sysv2
+ ;;
+ spur)
+ basic_machine=spur-unknown
+ ;;
+ st2000)
+ basic_machine=m68k-tandem
+ ;;
+ stratus)
+ basic_machine=i860-stratus
+ os=-sysv4
+ ;;
+ strongarm-* | thumb-*)
+ basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ sun2)
+ basic_machine=m68000-sun
+ ;;
+ sun2os3)
+ basic_machine=m68000-sun
+ os=-sunos3
+ ;;
+ sun2os4)
+ basic_machine=m68000-sun
+ os=-sunos4
+ ;;
+ sun3os3)
+ basic_machine=m68k-sun
+ os=-sunos3
+ ;;
+ sun3os4)
+ basic_machine=m68k-sun
+ os=-sunos4
+ ;;
+ sun4os3)
+ basic_machine=sparc-sun
+ os=-sunos3
+ ;;
+ sun4os4)
+ basic_machine=sparc-sun
+ os=-sunos4
+ ;;
+ sun4sol2)
+ basic_machine=sparc-sun
+ os=-solaris2
+ ;;
+ sun3 | sun3-*)
+ basic_machine=m68k-sun
+ ;;
+ sun4)
+ basic_machine=sparc-sun
+ ;;
+ sun386 | sun386i | roadrunner)
+ basic_machine=i386-sun
+ ;;
+ sv1)
+ basic_machine=sv1-cray
+ os=-unicos
+ ;;
+ symmetry)
+ basic_machine=i386-sequent
+ os=-dynix
+ ;;
+ t3e)
+ basic_machine=alphaev5-cray
+ os=-unicos
+ ;;
+ t90)
+ basic_machine=t90-cray
+ os=-unicos
+ ;;
+ tile*)
+ basic_machine=$basic_machine-unknown
+ os=-linux-gnu
+ ;;
+ tx39)
+ basic_machine=mipstx39-unknown
+ ;;
+ tx39el)
+ basic_machine=mipstx39el-unknown
+ ;;
+ toad1)
+ basic_machine=pdp10-xkl
+ os=-tops20
+ ;;
+ tower | tower-32)
+ basic_machine=m68k-ncr
+ ;;
+ tpf)
+ basic_machine=s390x-ibm
+ os=-tpf
+ ;;
+ udi29k)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ ultra3)
+ basic_machine=a29k-nyu
+ os=-sym1
+ ;;
+ v810 | necv810)
+ basic_machine=v810-nec
+ os=-none
+ ;;
+ vaxv)
+ basic_machine=vax-dec
+ os=-sysv
+ ;;
+ vms)
+ basic_machine=vax-dec
+ os=-vms
+ ;;
+ vpp*|vx|vx-*)
+ basic_machine=f301-fujitsu
+ ;;
+ vxworks960)
+ basic_machine=i960-wrs
+ os=-vxworks
+ ;;
+ vxworks68)
+ basic_machine=m68k-wrs
+ os=-vxworks
+ ;;
+ vxworks29k)
+ basic_machine=a29k-wrs
+ os=-vxworks
+ ;;
+ w65*)
+ basic_machine=w65-wdc
+ os=-none
+ ;;
+ w89k-*)
+ basic_machine=hppa1.1-winbond
+ os=-proelf
+ ;;
+ xbox)
+ basic_machine=i686-pc
+ os=-mingw32
+ ;;
+ xps | xps100)
+ basic_machine=xps100-honeywell
+ ;;
+ xscale-* | xscalee[bl]-*)
+ basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
+ ;;
+ ymp)
+ basic_machine=ymp-cray
+ os=-unicos
+ ;;
+ z8k-*-coff)
+ basic_machine=z8k-unknown
+ os=-sim
+ ;;
+ z80-*-coff)
+ basic_machine=z80-unknown
+ os=-sim
+ ;;
+ none)
+ basic_machine=none-none
+ os=-none
+ ;;
+
+# Here we handle the default manufacturer of certain CPU types. It is in
+# some cases the only manufacturer, in others, it is the most popular.
+ w89k)
+ basic_machine=hppa1.1-winbond
+ ;;
+ op50n)
+ basic_machine=hppa1.1-oki
+ ;;
+ op60c)
+ basic_machine=hppa1.1-oki
+ ;;
+ romp)
+ basic_machine=romp-ibm
+ ;;
+ mmix)
+ basic_machine=mmix-knuth
+ ;;
+ rs6000)
+ basic_machine=rs6000-ibm
+ ;;
+ vax)
+ basic_machine=vax-dec
+ ;;
+ pdp10)
+ # there are many clones, so DEC is not a safe bet
+ basic_machine=pdp10-unknown
+ ;;
+ pdp11)
+ basic_machine=pdp11-dec
+ ;;
+ we32k)
+ basic_machine=we32k-att
+ ;;
+ sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+ basic_machine=sh-unknown
+ ;;
+ sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+ basic_machine=sparc-sun
+ ;;
+ cydra)
+ basic_machine=cydra-cydrome
+ ;;
+ orion)
+ basic_machine=orion-highlevel
+ ;;
+ orion105)
+ basic_machine=clipper-highlevel
+ ;;
+ mac | mpw | mac-mpw)
+ basic_machine=m68k-apple
+ ;;
+ pmac | pmac-mpw)
+ basic_machine=powerpc-apple
+ ;;
+ *-unknown)
+ # Make sure to match an already-canonicalized machine name.
+ ;;
+ *)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+ *-digital*)
+ basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+ ;;
+ *-commodore*)
+ basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+ ;;
+ *)
+ ;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+ # First match some system type aliases
+ # that might get confused with valid system types.
+ # -solaris* is a basic system type, with this one exception.
+ -auroraux)
+ os=-auroraux
+ ;;
+ -solaris1 | -solaris1.*)
+ os=`echo $os | sed -e 's|solaris1|sunos4|'`
+ ;;
+ -solaris)
+ os=-solaris2
+ ;;
+ -svr4*)
+ os=-sysv4
+ ;;
+ -unixware*)
+ os=-sysv4.2uw
+ ;;
+ -gnu/linux*)
+ os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+ ;;
+ # First accept the basic system types.
+ # The portable systems comes first.
+ # Each alternative MUST END IN A *, to match a version number.
+ # -sysv* is not here because it comes later, after sysvr4.
+ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
+ | -sym* | -kopensolaris* \
+ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+ | -aos* | -aros* \
+ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+ | -openbsd* | -solidbsd* \
+ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+ | -chorusos* | -chorusrdb* | -cegcc* \
+ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+ | -mingw32* | -linux-gnu* | -linux-android* \
+ | -linux-newlib* | -linux-uclibc* \
+ | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
+ # Remember, each alternative MUST END IN *, to match a version number.
+ ;;
+ -qnx*)
+ case $basic_machine in
+ x86-* | i*86-*)
+ ;;
+ *)
+ os=-nto$os
+ ;;
+ esac
+ ;;
+ -nto-qnx*)
+ ;;
+ -nto*)
+ os=`echo $os | sed -e 's|nto|nto-qnx|'`
+ ;;
+ -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+ ;;
+ -mac*)
+ os=`echo $os | sed -e 's|mac|macos|'`
+ ;;
+ -linux-dietlibc)
+ os=-linux-dietlibc
+ ;;
+ -linux*)
+ os=`echo $os | sed -e 's|linux|linux-gnu|'`
+ ;;
+ -sunos5*)
+ os=`echo $os | sed -e 's|sunos5|solaris2|'`
+ ;;
+ -sunos6*)
+ os=`echo $os | sed -e 's|sunos6|solaris3|'`
+ ;;
+ -opened*)
+ os=-openedition
+ ;;
+ -os400*)
+ os=-os400
+ ;;
+ -wince*)
+ os=-wince
+ ;;
+ -osfrose*)
+ os=-osfrose
+ ;;
+ -osf*)
+ os=-osf
+ ;;
+ -utek*)
+ os=-bsd
+ ;;
+ -dynix*)
+ os=-bsd
+ ;;
+ -acis*)
+ os=-aos
+ ;;
+ -atheos*)
+ os=-atheos
+ ;;
+ -syllable*)
+ os=-syllable
+ ;;
+ -386bsd)
+ os=-bsd
+ ;;
+ -ctix* | -uts*)
+ os=-sysv
+ ;;
+ -nova*)
+ os=-rtmk-nova
+ ;;
+ -ns2 )
+ os=-nextstep2
+ ;;
+ -nsk*)
+ os=-nsk
+ ;;
+ # Preserve the version number of sinix5.
+ -sinix5.*)
+ os=`echo $os | sed -e 's|sinix|sysv|'`
+ ;;
+ -sinix*)
+ os=-sysv4
+ ;;
+ -tpf*)
+ os=-tpf
+ ;;
+ -triton*)
+ os=-sysv3
+ ;;
+ -oss*)
+ os=-sysv3
+ ;;
+ -svr4)
+ os=-sysv4
+ ;;
+ -svr3)
+ os=-sysv3
+ ;;
+ -sysvr4)
+ os=-sysv4
+ ;;
+ # This must come after -sysvr4.
+ -sysv*)
+ ;;
+ -ose*)
+ os=-ose
+ ;;
+ -es1800*)
+ os=-ose
+ ;;
+ -xenix)
+ os=-xenix
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ os=-mint
+ ;;
+ -aros*)
+ os=-aros
+ ;;
+ -kaos*)
+ os=-kaos
+ ;;
+ -zvmoe)
+ os=-zvmoe
+ ;;
+ -dicos*)
+ os=-dicos
+ ;;
+ -nacl*)
+ ;;
+ -none)
+ ;;
+ *)
+ # Get rid of the `-' at the beginning of $os.
+ os=`echo $os | sed 's/[^-]*-//'`
+ echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system. Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+ score-*)
+ os=-elf
+ ;;
+ spu-*)
+ os=-elf
+ ;;
+ *-acorn)
+ os=-riscix1.2
+ ;;
+ arm*-rebel)
+ os=-linux
+ ;;
+ arm*-semi)
+ os=-aout
+ ;;
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
+ tic54x-*)
+ os=-coff
+ ;;
+ tic55x-*)
+ os=-coff
+ ;;
+ tic6x-*)
+ os=-coff
+ ;;
+ # This must come before the *-dec entry.
+ pdp10-*)
+ os=-tops20
+ ;;
+ pdp11-*)
+ os=-none
+ ;;
+ *-dec | vax-*)
+ os=-ultrix4.2
+ ;;
+ m68*-apollo)
+ os=-domain
+ ;;
+ i386-sun)
+ os=-sunos4.0.2
+ ;;
+ m68000-sun)
+ os=-sunos3
+ ;;
+ m68*-cisco)
+ os=-aout
+ ;;
+ mep-*)
+ os=-elf
+ ;;
+ mips*-cisco)
+ os=-elf
+ ;;
+ mips*-*)
+ os=-elf
+ ;;
+ or32-*)
+ os=-coff
+ ;;
+ *-tti) # must be before sparc entry or we get the wrong os.
+ os=-sysv3
+ ;;
+ sparc-* | *-sun)
+ os=-sunos4.1.1
+ ;;
+ *-be)
+ os=-beos
+ ;;
+ *-haiku)
+ os=-haiku
+ ;;
+ *-ibm)
+ os=-aix
+ ;;
+ *-knuth)
+ os=-mmixware
+ ;;
+ *-wec)
+ os=-proelf
+ ;;
+ *-winbond)
+ os=-proelf
+ ;;
+ *-oki)
+ os=-proelf
+ ;;
+ *-hp)
+ os=-hpux
+ ;;
+ *-hitachi)
+ os=-hiux
+ ;;
+ i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+ os=-sysv
+ ;;
+ *-cbm)
+ os=-amigaos
+ ;;
+ *-dg)
+ os=-dgux
+ ;;
+ *-dolphin)
+ os=-sysv3
+ ;;
+ m68k-ccur)
+ os=-rtu
+ ;;
+ m88k-omron*)
+ os=-luna
+ ;;
+ *-next )
+ os=-nextstep
+ ;;
+ *-sequent)
+ os=-ptx
+ ;;
+ *-crds)
+ os=-unos
+ ;;
+ *-ns)
+ os=-genix
+ ;;
+ i370-*)
+ os=-mvs
+ ;;
+ *-next)
+ os=-nextstep3
+ ;;
+ *-gould)
+ os=-sysv
+ ;;
+ *-highlevel)
+ os=-bsd
+ ;;
+ *-encore)
+ os=-bsd
+ ;;
+ *-sgi)
+ os=-irix
+ ;;
+ *-siemens)
+ os=-sysv4
+ ;;
+ *-masscomp)
+ os=-rtu
+ ;;
+ f30[01]-fujitsu | f700-fujitsu)
+ os=-uxpv
+ ;;
+ *-rom68k)
+ os=-coff
+ ;;
+ *-*bug)
+ os=-coff
+ ;;
+ *-apple)
+ os=-macos
+ ;;
+ *-atari*)
+ os=-mint
+ ;;
+ *)
+ os=-none
+ ;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer. We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+ *-unknown)
+ case $os in
+ -riscix*)
+ vendor=acorn
+ ;;
+ -sunos*)
+ vendor=sun
+ ;;
+ -cnk*|-aix*)
+ vendor=ibm
+ ;;
+ -beos*)
+ vendor=be
+ ;;
+ -hpux*)
+ vendor=hp
+ ;;
+ -mpeix*)
+ vendor=hp
+ ;;
+ -hiux*)
+ vendor=hitachi
+ ;;
+ -unos*)
+ vendor=crds
+ ;;
+ -dgux*)
+ vendor=dg
+ ;;
+ -luna*)
+ vendor=omron
+ ;;
+ -genix*)
+ vendor=ns
+ ;;
+ -mvs* | -opened*)
+ vendor=ibm
+ ;;
+ -os400*)
+ vendor=ibm
+ ;;
+ -ptx*)
+ vendor=sequent
+ ;;
+ -tpf*)
+ vendor=ibm
+ ;;
+ -vxsim* | -vxworks* | -windiss*)
+ vendor=wrs
+ ;;
+ -aux*)
+ vendor=apple
+ ;;
+ -hms*)
+ vendor=hitachi
+ ;;
+ -mpw* | -macos*)
+ vendor=apple
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ vendor=atari
+ ;;
+ -vos*)
+ vendor=stratus
+ ;;
+ esac
+ basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+ ;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/scripts/depcomp b/scripts/depcomp
new file mode 100755
index 0000000..e1c6e34
--- /dev/null
+++ b/scripts/depcomp
@@ -0,0 +1,582 @@
+#! /bin/sh
+# depcomp - compile a program generating dependencies as side-effects
+
+scriptversion=2006-10-15.18
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006 Free Software
+# Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
+
+case $1 in
+ '')
+ echo "$0: No command. Try \`$0 --help' for more information." 1>&2
+ exit 1;
+ ;;
+ -h | --h*)
+ cat <<\EOF
+Usage: depcomp [--help] [--version] PROGRAM [ARGS]
+
+Run PROGRAMS ARGS to compile a file, generating dependencies
+as side-effects.
+
+Environment variables:
+ depmode Dependency tracking mode.
+ source Source file read by `PROGRAMS ARGS'.
+ object Object file output by `PROGRAMS ARGS'.
+ DEPDIR directory where to store dependencies.
+ depfile Dependency file to output.
+ tmpdepfile Temporary file to use when outputing dependencies.
+ libtool Whether libtool is used (yes/no).
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+ exit $?
+ ;;
+ -v | --v*)
+ echo "depcomp $scriptversion"
+ exit $?
+ ;;
+esac
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+ echo "depcomp: Variables source, object and depmode must be set" 1>&2
+ exit 1
+fi
+
+# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
+depfile=${depfile-`echo "$object" |
+ sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Some modes work just like other modes, but use different flags. We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write. Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+ # HP compiler uses -M and no extra arg.
+ gccflag=-M
+ depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+ # This is just like dashmstdout with a different argument.
+ dashmflag=-xM
+ depmode=dashmstdout
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want. Yay! Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff. Hmm.
+## Unfortunately, FreeBSD c89 acceptance of flags depends upon
+## the command line argument order; so add the flags where they
+## appear in depend2.am. Note that the slowdown incurred here
+## affects only configure: in makefiles, %FASTDEP% shortcuts this.
+ for arg
+ do
+ case $arg in
+ -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
+ *) set fnord "$@" "$arg" ;;
+ esac
+ shift # fnord
+ shift # $arg
+ done
+ "$@"
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ mv "$tmpdepfile" "$depfile"
+ ;;
+
+gcc)
+## There are various ways to get dependency output from gcc. Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+## up in a subdir. Having to rename by hand is ugly.
+## (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+## -MM, not -M (despite what the docs say).
+## - Using -M directly means running the compiler twice (even worse
+## than renaming).
+ if test -z "$gccflag"; then
+ gccflag=-MD,
+ fi
+ "$@" -Wp,"$gccflag$tmpdepfile"
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+## The second -e expression handles DOS-style file names with drive letters.
+ sed -e 's/^[^:]*: / /' \
+ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the `deleted header file' problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header). We avoid this by adding
+## dummy dependencies for each header file. Too bad gcc doesn't do
+## this for us directly.
+ tr ' ' '
+' < "$tmpdepfile" |
+## Some versions of gcc put a space before the `:'. On the theory
+## that the space means something, we add a space to the output as
+## well.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly. Breaking it into two sed invocations is a workaround.
+ sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+hp)
+ # This case exists only to let depend.m4 do its work. It works by
+ # looking at the text of this script. This case will never be run,
+ # since it is checked for above.
+ exit 1
+ ;;
+
+sgi)
+ if test "$libtool" = yes; then
+ "$@" "-Wp,-MDupdate,$tmpdepfile"
+ else
+ "$@" -MDupdate "$tmpdepfile"
+ fi
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+
+ if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files
+ echo "$object : \\" > "$depfile"
+
+ # Clip off the initial element (the dependent). Don't try to be
+ # clever and replace this with sed code, as IRIX sed won't handle
+ # lines with more than a fixed number of characters (4096 in
+ # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
+ # the IRIX cc adds comments like `#:fec' to the end of the
+ # dependency line.
+ tr ' ' '
+' < "$tmpdepfile" \
+ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
+ tr '
+' ' ' >> $depfile
+ echo >> $depfile
+
+ # The second pass generates a dummy entry for each header file.
+ tr ' ' '
+' < "$tmpdepfile" \
+ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+ >> $depfile
+ else
+ # The sourcefile does not contain any dependencies, so just
+ # store a dummy comment line, to avoid errors with the Makefile
+ # "include basename.Plo" scheme.
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile"
+ ;;
+
+aix)
+ # The C for AIX Compiler uses -M and outputs the dependencies
+ # in a .u file. In older versions, this file always lives in the
+ # current directory. Also, the AIX compiler puts `$object:' at the
+ # start of each line; $object doesn't have directory information.
+ # Version 6 uses the directory in both cases.
+ stripped=`echo "$object" | sed 's/\(.*\)\..*$/\1/'`
+ tmpdepfile="$stripped.u"
+ if test "$libtool" = yes; then
+ "$@" -Wc,-M
+ else
+ "$@" -M
+ fi
+ stat=$?
+
+ if test -f "$tmpdepfile"; then :
+ else
+ stripped=`echo "$stripped" | sed 's,^.*/,,'`
+ tmpdepfile="$stripped.u"
+ fi
+
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+
+ if test -f "$tmpdepfile"; then
+ outname="$stripped.o"
+ # Each line is of the form `foo.o: dependent.h'.
+ # Do two passes, one to just change these to
+ # `$object: dependent.h' and one to simply `dependent.h:'.
+ sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile"
+ sed -e "s,^$outname: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile"
+ else
+ # The sourcefile does not contain any dependencies, so just
+ # store a dummy comment line, to avoid errors with the Makefile
+ # "include basename.Plo" scheme.
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile"
+ ;;
+
+icc)
+ # Intel's C compiler understands `-MD -MF file'. However on
+ # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+ # ICC 7.0 will fill foo.d with something like
+ # foo.o: sub/foo.c
+ # foo.o: sub/foo.h
+ # which is wrong. We want:
+ # sub/foo.o: sub/foo.c
+ # sub/foo.o: sub/foo.h
+ # sub/foo.c:
+ # sub/foo.h:
+ # ICC 7.1 will output
+ # foo.o: sub/foo.c sub/foo.h
+ # and will wrap long lines using \ :
+ # foo.o: sub/foo.c ... \
+ # sub/foo.h ... \
+ # ...
+
+ "$@" -MD -MF "$tmpdepfile"
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+ # Each line is of the form `foo.o: dependent.h',
+ # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+ # Do two passes, one to just change these to
+ # `$object: dependent.h' and one to simply `dependent.h:'.
+ sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+ # Some versions of the HPUX 10.20 sed can't process this invocation
+ # correctly. Breaking it into two sed invocations is a workaround.
+ sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
+ sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+hp2)
+ # The "hp" stanza above does not work with aCC (C++) and HP's ia64
+ # compilers, which have integrated preprocessors. The correct option
+ # to use with these is +Maked; it writes dependencies to a file named
+ # 'foo.d', which lands next to the object file, wherever that
+ # happens to be.
+ # Much of this is similar to the tru64 case; see comments there.
+ dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+ test "x$dir" = "x$object" && dir=
+ base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+ if test "$libtool" = yes; then
+ tmpdepfile1=$dir$base.d
+ tmpdepfile2=$dir.libs/$base.d
+ "$@" -Wc,+Maked
+ else
+ tmpdepfile1=$dir$base.d
+ tmpdepfile2=$dir$base.d
+ "$@" +Maked
+ fi
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile1" "$tmpdepfile2"
+ exit $stat
+ fi
+
+ for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
+ do
+ test -f "$tmpdepfile" && break
+ done
+ if test -f "$tmpdepfile"; then
+ sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
+ # Add `dependent.h:' lines.
+ sed -ne '2,${; s/^ *//; s/ \\*$//; s/$/:/; p;}' "$tmpdepfile" >> "$depfile"
+ else
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile" "$tmpdepfile2"
+ ;;
+
+tru64)
+ # The Tru64 compiler uses -MD to generate dependencies as a side
+ # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+ # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+ # dependencies in `foo.d' instead, so we check for that too.
+ # Subdirectories are respected.
+ dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+ test "x$dir" = "x$object" && dir=
+ base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+
+ if test "$libtool" = yes; then
+ # With Tru64 cc, shared objects can also be used to make a
+ # static library. This mechanism is used in libtool 1.4 series to
+ # handle both shared and static libraries in a single compilation.
+ # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
+ #
+ # With libtool 1.5 this exception was removed, and libtool now
+ # generates 2 separate objects for the 2 libraries. These two
+ # compilations output dependencies in $dir.libs/$base.o.d and
+ # in $dir$base.o.d. We have to check for both files, because
+ # one of the two compilations can be disabled. We should prefer
+ # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
+ # automatically cleaned when .libs/ is deleted, while ignoring
+ # the former would cause a distcleancheck panic.
+ tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4
+ tmpdepfile2=$dir$base.o.d # libtool 1.5
+ tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5
+ tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504
+ "$@" -Wc,-MD
+ else
+ tmpdepfile1=$dir$base.o.d
+ tmpdepfile2=$dir$base.d
+ tmpdepfile3=$dir$base.d
+ tmpdepfile4=$dir$base.d
+ "$@" -MD
+ fi
+
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+ exit $stat
+ fi
+
+ for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+ do
+ test -f "$tmpdepfile" && break
+ done
+ if test -f "$tmpdepfile"; then
+ sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+ # That's a tab and a space in the [].
+ sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+ else
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile"
+ ;;
+
+#nosideeffect)
+ # This comment above is used by automake to tell side-effect
+ # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+ # Important note: in order to support this mode, a compiler *must*
+ # always write the preprocessed file to stdout, regardless of -o.
+ "$@" || exit $?
+
+ # Remove the call to Libtool.
+ if test "$libtool" = yes; then
+ while test $1 != '--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+
+ # Remove `-o $object'.
+ IFS=" "
+ for arg
+ do
+ case $arg in
+ -o)
+ shift
+ ;;
+ $object)
+ shift
+ ;;
+ *)
+ set fnord "$@" "$arg"
+ shift # fnord
+ shift # $arg
+ ;;
+ esac
+ done
+
+ test -z "$dashmflag" && dashmflag=-M
+ # Require at least two characters before searching for `:'
+ # in the target name. This is to cope with DOS-style filenames:
+ # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+ "$@" $dashmflag |
+ sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile"
+ rm -f "$depfile"
+ cat < "$tmpdepfile" > "$depfile"
+ tr ' ' '
+' < "$tmpdepfile" | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly. Breaking it into two sed invocations is a workaround.
+ sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+dashXmstdout)
+ # This case only exists to satisfy depend.m4. It is never actually
+ # run, as this mode is specially recognized in the preamble.
+ exit 1
+ ;;
+
+makedepend)
+ "$@" || exit $?
+ # Remove any Libtool call
+ if test "$libtool" = yes; then
+ while test $1 != '--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+ # X makedepend
+ shift
+ cleared=no
+ for arg in "$@"; do
+ case $cleared in
+ no)
+ set ""; shift
+ cleared=yes ;;
+ esac
+ case "$arg" in
+ -D*|-I*)
+ set fnord "$@" "$arg"; shift ;;
+ # Strip any option that makedepend may not understand. Remove
+ # the object too, otherwise makedepend will parse it as a source file.
+ -*|$object)
+ ;;
+ *)
+ set fnord "$@" "$arg"; shift ;;
+ esac
+ done
+ obj_suffix="`echo $object | sed 's/^.*\././'`"
+ touch "$tmpdepfile"
+ ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+ rm -f "$depfile"
+ cat < "$tmpdepfile" > "$depfile"
+ sed '1,2d' "$tmpdepfile" | tr ' ' '
+' | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly. Breaking it into two sed invocations is a workaround.
+ sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile" "$tmpdepfile".bak
+ ;;
+
+cpp)
+ # Important note: in order to support this mode, a compiler *must*
+ # always write the preprocessed file to stdout.
+ "$@" || exit $?
+
+ # Remove the call to Libtool.
+ if test "$libtool" = yes; then
+ while test $1 != '--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+
+ # Remove `-o $object'.
+ IFS=" "
+ for arg
+ do
+ case $arg in
+ -o)
+ shift
+ ;;
+ $object)
+ shift
+ ;;
+ *)
+ set fnord "$@" "$arg"
+ shift # fnord
+ shift # $arg
+ ;;
+ esac
+ done
+
+ "$@" -E |
+ sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+ -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
+ sed '$ s: \\$::' > "$tmpdepfile"
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ cat < "$tmpdepfile" >> "$depfile"
+ sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+msvisualcpp)
+ # Important note: in order to support this mode, a compiler *must*
+ # always write the preprocessed file to stdout, regardless of -o,
+ # because we must use -o when running libtool.
+ "$@" || exit $?
+ IFS=" "
+ for arg
+ do
+ case "$arg" in
+ "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+ set fnord "$@"
+ shift
+ shift
+ ;;
+ *)
+ set fnord "$@" "$arg"
+ shift
+ shift
+ ;;
+ esac
+ done
+ "$@" -E |
+ sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile"
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile"
+ echo " " >> "$depfile"
+ . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+none)
+ exec "$@"
+ ;;
+
+*)
+ echo "Unknown depmode $depmode" 1>&2
+ exit 1
+ ;;
+esac
+
+exit 0
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/scripts/install-sh b/scripts/install-sh
new file mode 100755
index 0000000..4fbbae7
--- /dev/null
+++ b/scripts/install-sh
@@ -0,0 +1,507 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2006-10-14.15
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" "" $nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+if test -z "$doit"; then
+ doit_exec=exec
+else
+ doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+posix_glob=
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chmodcmd=$chmodprog
+chowncmd=
+chgrpcmd=
+stripcmd=
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=
+dst=
+dir_arg=
+dstarg=
+no_target_directory=
+
+usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+ or: $0 [OPTION]... SRCFILES... DIRECTORY
+ or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+ or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+-c (ignored)
+-d create directories instead of installing files.
+-g GROUP $chgrpprog installed files to GROUP.
+-m MODE $chmodprog installed files to MODE.
+-o USER $chownprog installed files to USER.
+-s $stripprog installed files.
+-t DIRECTORY install into DIRECTORY.
+-T report an error if DSTFILE is a directory.
+--help display this help and exit.
+--version display version info and exit.
+
+Environment variables override the default commands:
+ CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+ case $1 in
+ -c) shift
+ continue;;
+
+ -d) dir_arg=true
+ shift
+ continue;;
+
+ -g) chgrpcmd="$chgrpprog $2"
+ shift
+ shift
+ continue;;
+
+ --help) echo "$usage"; exit $?;;
+
+ -m) mode=$2
+ shift
+ shift
+ case $mode in
+ *' '* | *' '* | *'
+'* | *'*'* | *'?'* | *'['*)
+ echo "$0: invalid mode: $mode" >&2
+ exit 1;;
+ esac
+ continue;;
+
+ -o) chowncmd="$chownprog $2"
+ shift
+ shift
+ continue;;
+
+ -s) stripcmd=$stripprog
+ shift
+ continue;;
+
+ -t) dstarg=$2
+ shift
+ shift
+ continue;;
+
+ -T) no_target_directory=true
+ shift
+ continue;;
+
+ --version) echo "$0 $scriptversion"; exit $?;;
+
+ --) shift
+ break;;
+
+ -*) echo "$0: invalid option: $1" >&2
+ exit 1;;
+
+ *) break;;
+ esac
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dstarg"; then
+ # When -d is used, all remaining arguments are directories to create.
+ # When -t is used, the destination is already specified.
+ # Otherwise, the last argument is the destination. Remove it from $@.
+ for arg
+ do
+ if test -n "$dstarg"; then
+ # $@ is not empty: it contains at least $arg.
+ set fnord "$@" "$dstarg"
+ shift # fnord
+ fi
+ shift # arg
+ dstarg=$arg
+ done
+fi
+
+if test $# -eq 0; then
+ if test -z "$dir_arg"; then
+ echo "$0: no input file specified." >&2
+ exit 1
+ fi
+ # It's OK to call `install-sh -d' without argument.
+ # This can happen when creating conditional directories.
+ exit 0
+fi
+
+if test -z "$dir_arg"; then
+ trap '(exit $?); exit' 1 2 13 15
+
+ # Set umask so as not to create temps with too-generous modes.
+ # However, 'strip' requires both read and write access to temps.
+ case $mode in
+ # Optimize common cases.
+ *644) cp_umask=133;;
+ *755) cp_umask=22;;
+
+ *[0-7])
+ if test -z "$stripcmd"; then
+ u_plus_rw=
+ else
+ u_plus_rw='% 200'
+ fi
+ cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+ *)
+ if test -z "$stripcmd"; then
+ u_plus_rw=
+ else
+ u_plus_rw=,u+rw
+ fi
+ cp_umask=$mode$u_plus_rw;;
+ esac
+fi
+
+for src
+do
+ # Protect names starting with `-'.
+ case $src in
+ -*) src=./$src ;;
+ esac
+
+ if test -n "$dir_arg"; then
+ dst=$src
+ dstdir=$dst
+ test -d "$dstdir"
+ dstdir_status=$?
+ else
+
+ # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+ # might cause directories to be created, which would be especially bad
+ # if $src (and thus $dsttmp) contains '*'.
+ if test ! -f "$src" && test ! -d "$src"; then
+ echo "$0: $src does not exist." >&2
+ exit 1
+ fi
+
+ if test -z "$dstarg"; then
+ echo "$0: no destination specified." >&2
+ exit 1
+ fi
+
+ dst=$dstarg
+ # Protect names starting with `-'.
+ case $dst in
+ -*) dst=./$dst ;;
+ esac
+
+ # If destination is a directory, append the input filename; won't work
+ # if double slashes aren't ignored.
+ if test -d "$dst"; then
+ if test -n "$no_target_directory"; then
+ echo "$0: $dstarg: Is a directory" >&2
+ exit 1
+ fi
+ dstdir=$dst
+ dst=$dstdir/`basename "$src"`
+ dstdir_status=0
+ else
+ # Prefer dirname, but fall back on a substitute if dirname fails.
+ dstdir=`
+ (dirname "$dst") 2>/dev/null ||
+ expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$dst" : 'X\(//\)[^/]' \| \
+ X"$dst" : 'X\(//\)$' \| \
+ X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+ echo X"$dst" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'
+ `
+
+ test -d "$dstdir"
+ dstdir_status=$?
+ fi
+ fi
+
+ obsolete_mkdir_used=false
+
+ if test $dstdir_status != 0; then
+ case $posix_mkdir in
+ '')
+ # Create intermediate dirs using mode 755 as modified by the umask.
+ # This is like FreeBSD 'install' as of 1997-10-28.
+ umask=`umask`
+ case $stripcmd.$umask in
+ # Optimize common cases.
+ *[2367][2367]) mkdir_umask=$umask;;
+ .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+ *[0-7])
+ mkdir_umask=`expr $umask + 22 \
+ - $umask % 100 % 40 + $umask % 20 \
+ - $umask % 10 % 4 + $umask % 2
+ `;;
+ *) mkdir_umask=$umask,go-w;;
+ esac
+
+ # With -d, create the new directory with the user-specified mode.
+ # Otherwise, rely on $mkdir_umask.
+ if test -n "$dir_arg"; then
+ mkdir_mode=-m$mode
+ else
+ mkdir_mode=
+ fi
+
+ posix_mkdir=false
+ case $umask in
+ *[123567][0-7][0-7])
+ # POSIX mkdir -p sets u+wx bits regardless of umask, which
+ # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+ ;;
+ *)
+ tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+ trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+ if (umask $mkdir_umask &&
+ exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+ then
+ if test -z "$dir_arg" || {
+ # Check for POSIX incompatibilities with -m.
+ # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+ # other-writeable bit of parent directory when it shouldn't.
+ # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+ ls_ld_tmpdir=`ls -ld "$tmpdir"`
+ case $ls_ld_tmpdir in
+ d????-?r-*) different_mode=700;;
+ d????-?--*) different_mode=755;;
+ *) false;;
+ esac &&
+ $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+ ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+ test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+ }
+ }
+ then posix_mkdir=:
+ fi
+ rmdir "$tmpdir/d" "$tmpdir"
+ else
+ # Remove any dirs left behind by ancient mkdir implementations.
+ rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+ fi
+ trap '' 0;;
+ esac;;
+ esac
+
+ if
+ $posix_mkdir && (
+ umask $mkdir_umask &&
+ $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+ )
+ then :
+ else
+
+ # The umask is ridiculous, or mkdir does not conform to POSIX,
+ # or it failed possibly due to a race condition. Create the
+ # directory the slow way, step by step, checking for races as we go.
+
+ case $dstdir in
+ /*) prefix=/ ;;
+ -*) prefix=./ ;;
+ *) prefix= ;;
+ esac
+
+ case $posix_glob in
+ '')
+ if (set -f) 2>/dev/null; then
+ posix_glob=true
+ else
+ posix_glob=false
+ fi ;;
+ esac
+
+ oIFS=$IFS
+ IFS=/
+ $posix_glob && set -f
+ set fnord $dstdir
+ shift
+ $posix_glob && set +f
+ IFS=$oIFS
+
+ prefixes=
+
+ for d
+ do
+ test -z "$d" && continue
+
+ prefix=$prefix$d
+ if test -d "$prefix"; then
+ prefixes=
+ else
+ if $posix_mkdir; then
+ (umask=$mkdir_umask &&
+ $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+ # Don't fail if two instances are running concurrently.
+ test -d "$prefix" || exit 1
+ else
+ case $prefix in
+ *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+ *) qprefix=$prefix;;
+ esac
+ prefixes="$prefixes '$qprefix'"
+ fi
+ fi
+ prefix=$prefix/
+ done
+
+ if test -n "$prefixes"; then
+ # Don't fail if two instances are running concurrently.
+ (umask $mkdir_umask &&
+ eval "\$doit_exec \$mkdirprog $prefixes") ||
+ test -d "$dstdir" || exit 1
+ obsolete_mkdir_used=true
+ fi
+ fi
+ fi
+
+ if test -n "$dir_arg"; then
+ { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+ { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+ { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+ test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+ else
+
+ # Make a couple of temp file names in the proper directory.
+ dsttmp=$dstdir/_inst.$$_
+ rmtmp=$dstdir/_rm.$$_
+
+ # Trap to clean up those temp files at exit.
+ trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+ # Copy the file name to the temp name.
+ (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+ # and set any options; do chmod last to preserve setuid bits.
+ #
+ # If any of these fail, we abort the whole thing. If we want to
+ # ignore errors from any of these, just make sure not to ignore
+ # errors from the above "$doit $cpprog $src $dsttmp" command.
+ #
+ { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \
+ && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \
+ && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \
+ && { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+ # Now rename the file to the real destination.
+ { $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null \
+ || {
+ # The rename failed, perhaps because mv can't rename something else
+ # to itself, or perhaps because mv is so ancient that it does not
+ # support -f.
+
+ # Now remove or move aside any old file at destination location.
+ # We try this two ways since rm can't unlink itself on some
+ # systems and the destination file might be busy for other
+ # reasons. In this case, the final cleanup might fail but the new
+ # file should still install successfully.
+ {
+ if test -f "$dst"; then
+ $doit $rmcmd -f "$dst" 2>/dev/null \
+ || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null \
+ && { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }; }\
+ || {
+ echo "$0: cannot unlink or rename $dst" >&2
+ (exit 1); exit 1
+ }
+ else
+ :
+ fi
+ } &&
+
+ # Now rename the file to the real destination.
+ $doit $mvcmd "$dsttmp" "$dst"
+ }
+ } || exit 1
+
+ trap '' 0
+ fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/scripts/mdate-sh b/scripts/mdate-sh
new file mode 100755
index 0000000..9a6d216
--- /dev/null
+++ b/scripts/mdate-sh
@@ -0,0 +1,199 @@
+#!/bin/sh
+# Get modification time of a file or directory and pretty-print it.
+
+scriptversion=2005-06-29.22
+
+# Copyright (C) 1995, 1996, 1997, 2003, 2004, 2005 Free Software
+# Foundation, Inc.
+# written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, June 1995
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+case $1 in
+ '')
+ echo "$0: No file. Try \`$0 --help' for more information." 1>&2
+ exit 1;
+ ;;
+ -h | --h*)
+ cat <<\EOF
+Usage: mdate-sh [--help] [--version] FILE
+
+Pretty-print the modification time of FILE.
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+ exit $?
+ ;;
+ -v | --v*)
+ echo "mdate-sh $scriptversion"
+ exit $?
+ ;;
+esac
+
+# Prevent date giving response in another language.
+LANG=C
+export LANG
+LC_ALL=C
+export LC_ALL
+LC_TIME=C
+export LC_TIME
+
+# GNU ls changes its time format in response to the TIME_STYLE
+# variable. Since we cannot assume `unset' works, revert this
+# variable to its documented default.
+if test "${TIME_STYLE+set}" = set; then
+ TIME_STYLE=posix-long-iso
+ export TIME_STYLE
+fi
+
+save_arg1=$1
+
+# Find out how to get the extended ls output of a file or directory.
+if ls -L /dev/null 1>/dev/null 2>&1; then
+ ls_command='ls -L -l -d'
+else
+ ls_command='ls -l -d'
+fi
+
+# A `ls -l' line looks as follows on OS/2.
+# drwxrwx--- 0 Aug 11 2001 foo
+# This differs from Unix, which adds ownership information.
+# drwxrwx--- 2 root root 4096 Aug 11 2001 foo
+#
+# To find the date, we split the line on spaces and iterate on words
+# until we find a month. This cannot work with files whose owner is a
+# user named `Jan', or `Feb', etc. However, it's unlikely that `/'
+# will be owned by a user whose name is a month. So we first look at
+# the extended ls output of the root directory to decide how many
+# words should be skipped to get the date.
+
+# On HPUX /bin/sh, "set" interprets "-rw-r--r--" as options, so the "x" below.
+set x`ls -l -d /`
+
+# Find which argument is the month.
+month=
+command=
+until test $month
+do
+ shift
+ # Add another shift to the command.
+ command="$command shift;"
+ case $1 in
+ Jan) month=January; nummonth=1;;
+ Feb) month=February; nummonth=2;;
+ Mar) month=March; nummonth=3;;
+ Apr) month=April; nummonth=4;;
+ May) month=May; nummonth=5;;
+ Jun) month=June; nummonth=6;;
+ Jul) month=July; nummonth=7;;
+ Aug) month=August; nummonth=8;;
+ Sep) month=September; nummonth=9;;
+ Oct) month=October; nummonth=10;;
+ Nov) month=November; nummonth=11;;
+ Dec) month=December; nummonth=12;;
+ esac
+done
+
+# Get the extended ls output of the file or directory.
+set dummy x`eval "$ls_command \"\$save_arg1\""`
+
+# Remove all preceding arguments
+eval $command
+
+# Because of the dummy argument above, month is in $2.
+#
+# On a POSIX system, we should have
+#
+# $# = 5
+# $1 = file size
+# $2 = month
+# $3 = day
+# $4 = year or time
+# $5 = filename
+#
+# On Darwin 7.7.0 and 7.6.0, we have
+#
+# $# = 4
+# $1 = day
+# $2 = month
+# $3 = year or time
+# $4 = filename
+
+# Get the month.
+case $2 in
+ Jan) month=January; nummonth=1;;
+ Feb) month=February; nummonth=2;;
+ Mar) month=March; nummonth=3;;
+ Apr) month=April; nummonth=4;;
+ May) month=May; nummonth=5;;
+ Jun) month=June; nummonth=6;;
+ Jul) month=July; nummonth=7;;
+ Aug) month=August; nummonth=8;;
+ Sep) month=September; nummonth=9;;
+ Oct) month=October; nummonth=10;;
+ Nov) month=November; nummonth=11;;
+ Dec) month=December; nummonth=12;;
+esac
+
+case $3 in
+ ???*) day=$1;;
+ *) day=$3; shift;;
+esac
+
+# Here we have to deal with the problem that the ls output gives either
+# the time of day or the year.
+case $3 in
+ *:*) set `date`; eval year=\$$#
+ case $2 in
+ Jan) nummonthtod=1;;
+ Feb) nummonthtod=2;;
+ Mar) nummonthtod=3;;
+ Apr) nummonthtod=4;;
+ May) nummonthtod=5;;
+ Jun) nummonthtod=6;;
+ Jul) nummonthtod=7;;
+ Aug) nummonthtod=8;;
+ Sep) nummonthtod=9;;
+ Oct) nummonthtod=10;;
+ Nov) nummonthtod=11;;
+ Dec) nummonthtod=12;;
+ esac
+ # For the first six month of the year the time notation can also
+ # be used for files modified in the last year.
+ if (expr $nummonth \> $nummonthtod) > /dev/null;
+ then
+ year=`expr $year - 1`
+ fi;;
+ *) year=$3;;
+esac
+
+# The result.
+echo $day $month $year
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/scripts/missing b/scripts/missing
new file mode 100755
index 0000000..cff574b
--- /dev/null
+++ b/scripts/missing
@@ -0,0 +1,365 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+scriptversion=2006-05-10.23
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006
+# Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+fi
+
+run=:
+sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
+sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+ configure_ac=configure.ac
+else
+ configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case $1 in
+--run)
+ # Try to run requested program, and just exit if it succeeds.
+ run=
+ shift
+ "$@" && exit 0
+ # Exit code 63 means version mismatch. This often happens
+ # when the user try to use an ancient version of a tool on
+ # a file that requires a minimum version. In this case we
+ # we should proceed has if the program had been absent, or
+ # if --run hadn't been passed.
+ if test $? = 63; then
+ run=:
+ msg="probably too old"
+ fi
+ ;;
+
+ -h|--h|--he|--hel|--help)
+ echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+ -h, --help display this help and exit
+ -v, --version output version information and exit
+ --run try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+ aclocal touch file \`aclocal.m4'
+ autoconf touch file \`configure'
+ autoheader touch file \`config.h.in'
+ autom4te touch the output file, or create a stub one
+ automake touch all \`Makefile.in' files
+ bison create \`y.tab.[ch]', if possible, from existing .[ch]
+ flex create \`lex.yy.c', if possible, from existing .c
+ help2man touch the output file
+ lex create \`lex.yy.c', if possible, from existing .c
+ makeinfo touch the output file
+ tar try tar, gnutar, gtar, then tar without non-portable flags
+ yacc create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Send bug reports to <bug-automake@gnu.org>."
+ exit $?
+ ;;
+
+ -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+ echo "missing $scriptversion (GNU Automake)"
+ exit $?
+ ;;
+
+ -*)
+ echo 1>&2 "$0: Unknown \`$1' option"
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+ ;;
+
+esac
+
+# Now exit if we have it, but it failed. Also exit now if we
+# don't have it and --version was passed (most likely to detect
+# the program).
+case $1 in
+ lex|yacc)
+ # Not GNU programs, they don't have --version.
+ ;;
+
+ tar)
+ if test -n "$run"; then
+ echo 1>&2 "ERROR: \`tar' requires --run"
+ exit 1
+ elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+ exit 1
+ fi
+ ;;
+
+ *)
+ if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+ # We have it, but it failed.
+ exit 1
+ elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+ # Could not run --version or --help. This is probably someone
+ # running `$TOOL --version' or `$TOOL --help' to check whether
+ # $TOOL exists and not knowing $TOOL uses missing.
+ exit 1
+ fi
+ ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case $1 in
+ aclocal*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`acinclude.m4' or \`${configure_ac}'. You might want
+ to install the \`Automake' and \`Perl' packages. Grab them from
+ any GNU archive site."
+ touch aclocal.m4
+ ;;
+
+ autoconf)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`${configure_ac}'. You might want to install the
+ \`Autoconf' and \`GNU m4' packages. Grab them from any GNU
+ archive site."
+ touch configure
+ ;;
+
+ autoheader)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`acconfig.h' or \`${configure_ac}'. You might want
+ to install the \`Autoconf' and \`GNU m4' packages. Grab them
+ from any GNU archive site."
+ files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+ test -z "$files" && files="config.h"
+ touch_files=
+ for f in $files; do
+ case $f in
+ *:*) touch_files="$touch_files "`echo "$f" |
+ sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+ *) touch_files="$touch_files $f.in";;
+ esac
+ done
+ touch $touch_files
+ ;;
+
+ automake*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+ You might want to install the \`Automake' and \`Perl' packages.
+ Grab them from any GNU archive site."
+ find . -type f -name Makefile.am -print |
+ sed 's/\.am$/.in/' |
+ while read f; do touch "$f"; done
+ ;;
+
+ autom4te)
+ echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+ You might have modified some files without having the
+ proper tools for further handling them.
+ You can get \`$1' as part of \`Autoconf' from any GNU
+ archive site."
+
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -f "$file"; then
+ touch $file
+ else
+ test -z "$file" || exec >$file
+ echo "#! /bin/sh"
+ echo "# Created by GNU Automake missing as a replacement of"
+ echo "# $ $@"
+ echo "exit 0"
+ chmod +x $file
+ exit 1
+ fi
+ ;;
+
+ bison|yacc)
+ echo 1>&2 "\
+WARNING: \`$1' $msg. You should only need it if
+ you modified a \`.y' file. You may need the \`Bison' package
+ in order for those modifications to take effect. You can get
+ \`Bison' from any GNU archive site."
+ rm -f y.tab.c y.tab.h
+ if test $# -ne 1; then
+ eval LASTARG="\${$#}"
+ case $LASTARG in
+ *.y)
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+ if test -f "$SRCFILE"; then
+ cp "$SRCFILE" y.tab.c
+ fi
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+ if test -f "$SRCFILE"; then
+ cp "$SRCFILE" y.tab.h
+ fi
+ ;;
+ esac
+ fi
+ if test ! -f y.tab.h; then
+ echo >y.tab.h
+ fi
+ if test ! -f y.tab.c; then
+ echo 'main() { return 0; }' >y.tab.c
+ fi
+ ;;
+
+ lex|flex)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a \`.l' file. You may need the \`Flex' package
+ in order for those modifications to take effect. You can get
+ \`Flex' from any GNU archive site."
+ rm -f lex.yy.c
+ if test $# -ne 1; then
+ eval LASTARG="\${$#}"
+ case $LASTARG in
+ *.l)
+ SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+ if test -f "$SRCFILE"; then
+ cp "$SRCFILE" lex.yy.c
+ fi
+ ;;
+ esac
+ fi
+ if test ! -f lex.yy.c; then
+ echo 'main() { return 0; }' >lex.yy.c
+ fi
+ ;;
+
+ help2man)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a dependency of a manual page. You may need the
+ \`Help2man' package in order for those modifications to take
+ effect. You can get \`Help2man' from any GNU archive site."
+
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -f "$file"; then
+ touch $file
+ else
+ test -z "$file" || exec >$file
+ echo ".ab help2man is required to generate this page"
+ exit 1
+ fi
+ ;;
+
+ makeinfo)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a \`.texi' or \`.texinfo' file, or any other file
+ indirectly affecting the aspect of the manual. The spurious
+ call might also be the consequence of using a buggy \`make' (AIX,
+ DU, IRIX). You might want to install the \`Texinfo' package or
+ the \`GNU make' package. Grab either from any GNU archive site."
+ # The file to touch is that specified with -o ...
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -z "$file"; then
+ # ... or it is the one specified with @setfilename ...
+ infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+ file=`sed -n '
+ /^@setfilename/{
+ s/.* \([^ ]*\) *$/\1/
+ p
+ q
+ }' $infile`
+ # ... or it is derived from the source name (dir/f.texi becomes f.info)
+ test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
+ fi
+ # If the file does not exist, the user really needs makeinfo;
+ # let's fail without touching anything.
+ test -f $file || exit 1
+ touch $file
+ ;;
+
+ tar)
+ shift
+
+ # We have already tried tar in the generic part.
+ # Look for gnutar/gtar before invocation to avoid ugly error
+ # messages.
+ if (gnutar --version > /dev/null 2>&1); then
+ gnutar "$@" && exit 0
+ fi
+ if (gtar --version > /dev/null 2>&1); then
+ gtar "$@" && exit 0
+ fi
+ firstarg="$1"
+ if shift; then
+ case $firstarg in
+ *o*)
+ firstarg=`echo "$firstarg" | sed s/o//`
+ tar "$firstarg" "$@" && exit 0
+ ;;
+ esac
+ case $firstarg in
+ *h*)
+ firstarg=`echo "$firstarg" | sed s/h//`
+ tar "$firstarg" "$@" && exit 0
+ ;;
+ esac
+ fi
+
+ echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+ You may want to install GNU tar or Free paxutils, or check the
+ command line arguments."
+ exit 1
+ ;;
+
+ *)
+ echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+ You might have modified some files without having the
+ proper tools for further handling them. Check the \`README' file,
+ it often tells you about the needed prerequisites for installing
+ this package. You may also peek at any GNU archive site, in case
+ some other package would contain this missing \`$1' program."
+ exit 1
+ ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/scripts/mkinstalldirs b/scripts/mkinstalldirs
new file mode 100755
index 0000000..ef7e16f
--- /dev/null
+++ b/scripts/mkinstalldirs
@@ -0,0 +1,161 @@
+#! /bin/sh
+# mkinstalldirs --- make directory hierarchy
+
+scriptversion=2006-05-11.19
+
+# Original author: Noah Friedman <friedman@prep.ai.mit.edu>
+# Created: 1993-05-16
+# Public domain.
+#
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+nl='
+'
+IFS=" "" $nl"
+errstatus=0
+dirmode=
+
+usage="\
+Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ...
+
+Create each directory DIR (with mode MODE, if specified), including all
+leading file name components.
+
+Report bugs to <bug-automake@gnu.org>."
+
+# process command line arguments
+while test $# -gt 0 ; do
+ case $1 in
+ -h | --help | --h*) # -h for help
+ echo "$usage"
+ exit $?
+ ;;
+ -m) # -m PERM arg
+ shift
+ test $# -eq 0 && { echo "$usage" 1>&2; exit 1; }
+ dirmode=$1
+ shift
+ ;;
+ --version)
+ echo "$0 $scriptversion"
+ exit $?
+ ;;
+ --) # stop option processing
+ shift
+ break
+ ;;
+ -*) # unknown option
+ echo "$usage" 1>&2
+ exit 1
+ ;;
+ *) # first non-opt arg
+ break
+ ;;
+ esac
+done
+
+for file
+do
+ if test -d "$file"; then
+ shift
+ else
+ break
+ fi
+done
+
+case $# in
+ 0) exit 0 ;;
+esac
+
+# Solaris 8's mkdir -p isn't thread-safe. If you mkdir -p a/b and
+# mkdir -p a/c at the same time, both will detect that a is missing,
+# one will create a, then the other will try to create a and die with
+# a "File exists" error. This is a problem when calling mkinstalldirs
+# from a parallel make. We use --version in the probe to restrict
+# ourselves to GNU mkdir, which is thread-safe.
+case $dirmode in
+ '')
+ if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
+ echo "mkdir -p -- $*"
+ exec mkdir -p -- "$@"
+ else
+ # On NextStep and OpenStep, the `mkdir' command does not
+ # recognize any option. It will interpret all options as
+ # directories to create, and then abort because `.' already
+ # exists.
+ test -d ./-p && rmdir ./-p
+ test -d ./--version && rmdir ./--version
+ fi
+ ;;
+ *)
+ if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 &&
+ test ! -d ./--version; then
+ echo "mkdir -m $dirmode -p -- $*"
+ exec mkdir -m "$dirmode" -p -- "$@"
+ else
+ # Clean up after NextStep and OpenStep mkdir.
+ for d in ./-m ./-p ./--version "./$dirmode";
+ do
+ test -d $d && rmdir $d
+ done
+ fi
+ ;;
+esac
+
+for file
+do
+ case $file in
+ /*) pathcomp=/ ;;
+ *) pathcomp= ;;
+ esac
+ oIFS=$IFS
+ IFS=/
+ set fnord $file
+ shift
+ IFS=$oIFS
+
+ for d
+ do
+ test "x$d" = x && continue
+
+ pathcomp=$pathcomp$d
+ case $pathcomp in
+ -*) pathcomp=./$pathcomp ;;
+ esac
+
+ if test ! -d "$pathcomp"; then
+ echo "mkdir $pathcomp"
+
+ mkdir "$pathcomp" || lasterr=$?
+
+ if test ! -d "$pathcomp"; then
+ errstatus=$lasterr
+ else
+ if test ! -z "$dirmode"; then
+ echo "chmod $dirmode $pathcomp"
+ lasterr=
+ chmod "$dirmode" "$pathcomp" || lasterr=$?
+
+ if test ! -z "$lasterr"; then
+ errstatus=$lasterr
+ fi
+ fi
+ fi
+ fi
+
+ pathcomp=$pathcomp/
+ done
+done
+
+exit $errstatus
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/scripts/texinfo.tex b/scripts/texinfo.tex
new file mode 100644
index 0000000..5063065
--- /dev/null
+++ b/scripts/texinfo.tex
@@ -0,0 +1,8638 @@
+% texinfo.tex -- TeX macros to handle Texinfo files.
+%
+% Load plain if necessary, i.e., if running under initex.
+\expandafter\ifx\csname fmtname\endcsname\relax\input plain\fi
+%
+\def\texinfoversion{2007-05-03.09}
+%
+% Copyright (C) 1985, 1986, 1988, 1990, 1991, 1992, 1993, 1994, 1995,
+% 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
+% 2007 Free Software Foundation, Inc.
+%
+% This texinfo.tex file is free software; you can redistribute it and/or
+% modify it under the terms of the GNU General Public License as
+% published by the Free Software Foundation; either version 3, or (at
+% your option) any later version.
+%
+% This texinfo.tex file is distributed in the hope that it will be
+% useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+% of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+% General Public License for more details.
+%
+% You should have received a copy of the GNU General Public License
+% along with this texinfo.tex file; see the file COPYING. If not,
+% see <http://www.gnu.org/licenses/>.
+%
+% As a special exception, when this file is read by TeX when processing
+% a Texinfo source document, you may use the result without
+% restriction. (This has been our intent since Texinfo was invented.)
+%
+% Please try the latest version of texinfo.tex before submitting bug
+% reports; you can get the latest version from:
+% http://www.gnu.org/software/texinfo/ (the Texinfo home page), or
+% ftp://tug.org/tex/texinfo.tex
+% (and all CTAN mirrors, see http://www.ctan.org).
+% The texinfo.tex in any given distribution could well be out
+% of date, so if that's what you're using, please check.
+%
+% Send bug reports to bug-texinfo@gnu.org. Please include including a
+% complete document in each bug report with which we can reproduce the
+% problem. Patches are, of course, greatly appreciated.
+%
+% To process a Texinfo manual with TeX, it's most reliable to use the
+% texi2dvi shell script that comes with the distribution. For a simple
+% manual foo.texi, however, you can get away with this:
+% tex foo.texi
+% texindex foo.??
+% tex foo.texi
+% tex foo.texi
+% dvips foo.dvi -o # or whatever; this makes foo.ps.
+% The extra TeX runs get the cross-reference information correct.
+% Sometimes one run after texindex suffices, and sometimes you need more
+% than two; texi2dvi does it as many times as necessary.
+%
+% It is possible to adapt texinfo.tex for other languages, to some
+% extent. You can get the existing language-specific files from the
+% full Texinfo distribution.
+%
+% The GNU Texinfo home page is http://www.gnu.org/software/texinfo.
+
+
+\message{Loading texinfo [version \texinfoversion]:}
+
+% If in a .fmt file, print the version number
+% and turn on active characters that we couldn't do earlier because
+% they might have appeared in the input file name.
+\everyjob{\message{[Texinfo version \texinfoversion]}%
+ \catcode`+=\active \catcode`\_=\active}
+
+
+\chardef\other=12
+
+% We never want plain's \outer definition of \+ in Texinfo.
+% For @tex, we can use \tabalign.
+\let\+ = \relax
+
+% Save some plain tex macros whose names we will redefine.
+\let\ptexb=\b
+\let\ptexbullet=\bullet
+\let\ptexc=\c
+\let\ptexcomma=\,
+\let\ptexdot=\.
+\let\ptexdots=\dots
+\let\ptexend=\end
+\let\ptexequiv=\equiv
+\let\ptexexclam=\!
+\let\ptexfootnote=\footnote
+\let\ptexgtr=>
+\let\ptexhat=^
+\let\ptexi=\i
+\let\ptexindent=\indent
+\let\ptexinsert=\insert
+\let\ptexlbrace=\{
+\let\ptexless=<
+\let\ptexnewwrite\newwrite
+\let\ptexnoindent=\noindent
+\let\ptexplus=+
+\let\ptexrbrace=\}
+\let\ptexslash=\/
+\let\ptexstar=\*
+\let\ptext=\t
+
+% If this character appears in an error message or help string, it
+% starts a new line in the output.
+\newlinechar = `^^J
+
+% Use TeX 3.0's \inputlineno to get the line number, for better error
+% messages, but if we're using an old version of TeX, don't do anything.
+%
+\ifx\inputlineno\thisisundefined
+ \let\linenumber = \empty % Pre-3.0.
+\else
+ \def\linenumber{l.\the\inputlineno:\space}
+\fi
+
+% Set up fixed words for English if not already set.
+\ifx\putwordAppendix\undefined \gdef\putwordAppendix{Appendix}\fi
+\ifx\putwordChapter\undefined \gdef\putwordChapter{Chapter}\fi
+\ifx\putwordfile\undefined \gdef\putwordfile{file}\fi
+\ifx\putwordin\undefined \gdef\putwordin{in}\fi
+\ifx\putwordIndexIsEmpty\undefined \gdef\putwordIndexIsEmpty{(Index is empty)}\fi
+\ifx\putwordIndexNonexistent\undefined \gdef\putwordIndexNonexistent{(Index is nonexistent)}\fi
+\ifx\putwordInfo\undefined \gdef\putwordInfo{Info}\fi
+\ifx\putwordInstanceVariableof\undefined \gdef\putwordInstanceVariableof{Instance Variable of}\fi
+\ifx\putwordMethodon\undefined \gdef\putwordMethodon{Method on}\fi
+\ifx\putwordNoTitle\undefined \gdef\putwordNoTitle{No Title}\fi
+\ifx\putwordof\undefined \gdef\putwordof{of}\fi
+\ifx\putwordon\undefined \gdef\putwordon{on}\fi
+\ifx\putwordpage\undefined \gdef\putwordpage{page}\fi
+\ifx\putwordsection\undefined \gdef\putwordsection{section}\fi
+\ifx\putwordSection\undefined \gdef\putwordSection{Section}\fi
+\ifx\putwordsee\undefined \gdef\putwordsee{see}\fi
+\ifx\putwordSee\undefined \gdef\putwordSee{See}\fi
+\ifx\putwordShortTOC\undefined \gdef\putwordShortTOC{Short Contents}\fi
+\ifx\putwordTOC\undefined \gdef\putwordTOC{Table of Contents}\fi
+%
+\ifx\putwordMJan\undefined \gdef\putwordMJan{January}\fi
+\ifx\putwordMFeb\undefined \gdef\putwordMFeb{February}\fi
+\ifx\putwordMMar\undefined \gdef\putwordMMar{March}\fi
+\ifx\putwordMApr\undefined \gdef\putwordMApr{April}\fi
+\ifx\putwordMMay\undefined \gdef\putwordMMay{May}\fi
+\ifx\putwordMJun\undefined \gdef\putwordMJun{June}\fi
+\ifx\putwordMJul\undefined \gdef\putwordMJul{July}\fi
+\ifx\putwordMAug\undefined \gdef\putwordMAug{August}\fi
+\ifx\putwordMSep\undefined \gdef\putwordMSep{September}\fi
+\ifx\putwordMOct\undefined \gdef\putwordMOct{October}\fi
+\ifx\putwordMNov\undefined \gdef\putwordMNov{November}\fi
+\ifx\putwordMDec\undefined \gdef\putwordMDec{December}\fi
+%
+\ifx\putwordDefmac\undefined \gdef\putwordDefmac{Macro}\fi
+\ifx\putwordDefspec\undefined \gdef\putwordDefspec{Special Form}\fi
+\ifx\putwordDefvar\undefined \gdef\putwordDefvar{Variable}\fi
+\ifx\putwordDefopt\undefined \gdef\putwordDefopt{User Option}\fi
+\ifx\putwordDeffunc\undefined \gdef\putwordDeffunc{Function}\fi
+
+% Since the category of space is not known, we have to be careful.
+\chardef\spacecat = 10
+\def\spaceisspace{\catcode`\ =\spacecat}
+
+% sometimes characters are active, so we need control sequences.
+\chardef\colonChar = `\:
+\chardef\commaChar = `\,
+\chardef\dashChar = `\-
+\chardef\dotChar = `\.
+\chardef\exclamChar= `\!
+\chardef\lquoteChar= `\`
+\chardef\questChar = `\?
+\chardef\rquoteChar= `\'
+\chardef\semiChar = `\;
+\chardef\underChar = `\_
+
+% Ignore a token.
+%
+\def\gobble#1{}
+
+% The following is used inside several \edef's.
+\def\makecsname#1{\expandafter\noexpand\csname#1\endcsname}
+
+% Hyphenation fixes.
+\hyphenation{
+ Flor-i-da Ghost-script Ghost-view Mac-OS Post-Script
+ ap-pen-dix bit-map bit-maps
+ data-base data-bases eshell fall-ing half-way long-est man-u-script
+ man-u-scripts mini-buf-fer mini-buf-fers over-view par-a-digm
+ par-a-digms rath-er rec-tan-gu-lar ro-bot-ics se-vere-ly set-up spa-ces
+ spell-ing spell-ings
+ stand-alone strong-est time-stamp time-stamps which-ever white-space
+ wide-spread wrap-around
+}
+
+% Margin to add to right of even pages, to left of odd pages.
+\newdimen\bindingoffset
+\newdimen\normaloffset
+\newdimen\pagewidth \newdimen\pageheight
+
+% For a final copy, take out the rectangles
+% that mark overfull boxes (in case you have decided
+% that the text looks ok even though it passes the margin).
+%
+\def\finalout{\overfullrule=0pt}
+
+% @| inserts a changebar to the left of the current line. It should
+% surround any changed text. This approach does *not* work if the
+% change spans more than two lines of output. To handle that, we would
+% have adopt a much more difficult approach (putting marks into the main
+% vertical list for the beginning and end of each change).
+%
+\def\|{%
+ % \vadjust can only be used in horizontal mode.
+ \leavevmode
+ %
+ % Append this vertical mode material after the current line in the output.
+ \vadjust{%
+ % We want to insert a rule with the height and depth of the current
+ % leading; that is exactly what \strutbox is supposed to record.
+ \vskip-\baselineskip
+ %
+ % \vadjust-items are inserted at the left edge of the type. So
+ % the \llap here moves out into the left-hand margin.
+ \llap{%
+ %
+ % For a thicker or thinner bar, change the `1pt'.
+ \vrule height\baselineskip width1pt
+ %
+ % This is the space between the bar and the text.
+ \hskip 12pt
+ }%
+ }%
+}
+
+% Sometimes it is convenient to have everything in the transcript file
+% and nothing on the terminal. We don't just call \tracingall here,
+% since that produces some useless output on the terminal. We also make
+% some effort to order the tracing commands to reduce output in the log
+% file; cf. trace.sty in LaTeX.
+%
+\def\gloggingall{\begingroup \globaldefs = 1 \loggingall \endgroup}%
+\def\loggingall{%
+ \tracingstats2
+ \tracingpages1
+ \tracinglostchars2 % 2 gives us more in etex
+ \tracingparagraphs1
+ \tracingoutput1
+ \tracingmacros2
+ \tracingrestores1
+ \showboxbreadth\maxdimen \showboxdepth\maxdimen
+ \ifx\eTeXversion\undefined\else % etex gives us more logging
+ \tracingscantokens1
+ \tracingifs1
+ \tracinggroups1
+ \tracingnesting2
+ \tracingassigns1
+ \fi
+ \tracingcommands3 % 3 gives us more in etex
+ \errorcontextlines16
+}%
+
+% add check for \lastpenalty to plain's definitions. If the last thing
+% we did was a \nobreak, we don't want to insert more space.
+%
+\def\smallbreak{\ifnum\lastpenalty<10000\par\ifdim\lastskip<\smallskipamount
+ \removelastskip\penalty-50\smallskip\fi\fi}
+\def\medbreak{\ifnum\lastpenalty<10000\par\ifdim\lastskip<\medskipamount
+ \removelastskip\penalty-100\medskip\fi\fi}
+\def\bigbreak{\ifnum\lastpenalty<10000\par\ifdim\lastskip<\bigskipamount
+ \removelastskip\penalty-200\bigskip\fi\fi}
+
+% For @cropmarks command.
+% Do @cropmarks to get crop marks.
+%
+\newif\ifcropmarks
+\let\cropmarks = \cropmarkstrue
+%
+% Dimensions to add cropmarks at corners.
+% Added by P. A. MacKay, 12 Nov. 1986
+%
+\newdimen\outerhsize \newdimen\outervsize % set by the paper size routines
+\newdimen\cornerlong \cornerlong=1pc
+\newdimen\cornerthick \cornerthick=.3pt
+\newdimen\topandbottommargin \topandbottommargin=.75in
+
+% Main output routine.
+\chardef\PAGE = 255
+\output = {\onepageout{\pagecontents\PAGE}}
+
+\newbox\headlinebox
+\newbox\footlinebox
+
+% \onepageout takes a vbox as an argument. Note that \pagecontents
+% does insertions, but you have to call it yourself.
+\def\onepageout#1{%
+ \ifcropmarks \hoffset=0pt \else \hoffset=\normaloffset \fi
+ %
+ \ifodd\pageno \advance\hoffset by \bindingoffset
+ \else \advance\hoffset by -\bindingoffset\fi
+ %
+ % Do this outside of the \shipout so @code etc. will be expanded in
+ % the headline as they should be, not taken literally (outputting ''code).
+ \setbox\headlinebox = \vbox{\let\hsize=\pagewidth \makeheadline}%
+ \setbox\footlinebox = \vbox{\let\hsize=\pagewidth \makefootline}%
+ %
+ {%
+ % Have to do this stuff outside the \shipout because we want it to
+ % take effect in \write's, yet the group defined by the \vbox ends
+ % before the \shipout runs.
+ %
+ \indexdummies % don't expand commands in the output.
+ \normalturnoffactive % \ in index entries must not stay \, e.g., if
+ % the page break happens to be in the middle of an example.
+ % We don't want .vr (or whatever) entries like this:
+ % \entry{{\tt \indexbackslash }acronym}{32}{\code {\acronym}}
+ % "\acronym" won't work when it's read back in;
+ % it needs to be
+ % {\code {{\tt \backslashcurfont }acronym}
+ \shipout\vbox{%
+ % Do this early so pdf references go to the beginning of the page.
+ \ifpdfmakepagedest \pdfdest name{\the\pageno} xyz\fi
+ %
+ \ifcropmarks \vbox to \outervsize\bgroup
+ \hsize = \outerhsize
+ \vskip-\topandbottommargin
+ \vtop to0pt{%
+ \line{\ewtop\hfil\ewtop}%
+ \nointerlineskip
+ \line{%
+ \vbox{\moveleft\cornerthick\nstop}%
+ \hfill
+ \vbox{\moveright\cornerthick\nstop}%
+ }%
+ \vss}%
+ \vskip\topandbottommargin
+ \line\bgroup
+ \hfil % center the page within the outer (page) hsize.
+ \ifodd\pageno\hskip\bindingoffset\fi
+ \vbox\bgroup
+ \fi
+ %
+ \unvbox\headlinebox
+ \pagebody{#1}%
+ \ifdim\ht\footlinebox > 0pt
+ % Only leave this space if the footline is nonempty.
+ % (We lessened \vsize for it in \oddfootingyyy.)
+ % The \baselineskip=24pt in plain's \makefootline has no effect.
+ \vskip 24pt
+ \unvbox\footlinebox
+ \fi
+ %
+ \ifcropmarks
+ \egroup % end of \vbox\bgroup
+ \hfil\egroup % end of (centering) \line\bgroup
+ \vskip\topandbottommargin plus1fill minus1fill
+ \boxmaxdepth = \cornerthick
+ \vbox to0pt{\vss
+ \line{%
+ \vbox{\moveleft\cornerthick\nsbot}%
+ \hfill
+ \vbox{\moveright\cornerthick\nsbot}%
+ }%
+ \nointerlineskip
+ \line{\ewbot\hfil\ewbot}%
+ }%
+ \egroup % \vbox from first cropmarks clause
+ \fi
+ }% end of \shipout\vbox
+ }% end of group with \indexdummies
+ \advancepageno
+ \ifnum\outputpenalty>-20000 \else\dosupereject\fi
+}
+
+\newinsert\margin \dimen\margin=\maxdimen
+
+\def\pagebody#1{\vbox to\pageheight{\boxmaxdepth=\maxdepth #1}}
+{\catcode`\@ =11
+\gdef\pagecontents#1{\ifvoid\topins\else\unvbox\topins\fi
+% marginal hacks, juha@viisa.uucp (Juha Takala)
+\ifvoid\margin\else % marginal info is present
+ \rlap{\kern\hsize\vbox to\z@{\kern1pt\box\margin \vss}}\fi
+\dimen@=\dp#1 \unvbox#1
+\ifvoid\footins\else\vskip\skip\footins\footnoterule \unvbox\footins\fi
+\ifr@ggedbottom \kern-\dimen@ \vfil \fi}
+}
+
+% Here are the rules for the cropmarks. Note that they are
+% offset so that the space between them is truly \outerhsize or \outervsize
+% (P. A. MacKay, 12 November, 1986)
+%
+\def\ewtop{\vrule height\cornerthick depth0pt width\cornerlong}
+\def\nstop{\vbox
+ {\hrule height\cornerthick depth\cornerlong width\cornerthick}}
+\def\ewbot{\vrule height0pt depth\cornerthick width\cornerlong}
+\def\nsbot{\vbox
+ {\hrule height\cornerlong depth\cornerthick width\cornerthick}}
+
+% Parse an argument, then pass it to #1. The argument is the rest of
+% the input line (except we remove a trailing comment). #1 should be a
+% macro which expects an ordinary undelimited TeX argument.
+%
+\def\parsearg{\parseargusing{}}
+\def\parseargusing#1#2{%
+ \def\argtorun{#2}%
+ \begingroup
+ \obeylines
+ \spaceisspace
+ #1%
+ \parseargline\empty% Insert the \empty token, see \finishparsearg below.
+}
+
+{\obeylines %
+ \gdef\parseargline#1^^M{%
+ \endgroup % End of the group started in \parsearg.
+ \argremovecomment #1\comment\ArgTerm%
+ }%
+}
+
+% First remove any @comment, then any @c comment.
+\def\argremovecomment#1\comment#2\ArgTerm{\argremovec #1\c\ArgTerm}
+\def\argremovec#1\c#2\ArgTerm{\argcheckspaces#1\^^M\ArgTerm}
+
+% Each occurence of `\^^M' or `<space>\^^M' is replaced by a single space.
+%
+% \argremovec might leave us with trailing space, e.g.,
+% @end itemize @c foo
+% This space token undergoes the same procedure and is eventually removed
+% by \finishparsearg.
+%
+\def\argcheckspaces#1\^^M{\argcheckspacesX#1\^^M \^^M}
+\def\argcheckspacesX#1 \^^M{\argcheckspacesY#1\^^M}
+\def\argcheckspacesY#1\^^M#2\^^M#3\ArgTerm{%
+ \def\temp{#3}%
+ \ifx\temp\empty
+ % Do not use \next, perhaps the caller of \parsearg uses it; reuse \temp:
+ \let\temp\finishparsearg
+ \else
+ \let\temp\argcheckspaces
+ \fi
+ % Put the space token in:
+ \temp#1 #3\ArgTerm
+}
+
+% If a _delimited_ argument is enclosed in braces, they get stripped; so
+% to get _exactly_ the rest of the line, we had to prevent such situation.
+% We prepended an \empty token at the very beginning and we expand it now,
+% just before passing the control to \argtorun.
+% (Similarily, we have to think about #3 of \argcheckspacesY above: it is
+% either the null string, or it ends with \^^M---thus there is no danger
+% that a pair of braces would be stripped.
+%
+% But first, we have to remove the trailing space token.
+%
+\def\finishparsearg#1 \ArgTerm{\expandafter\argtorun\expandafter{#1}}
+
+% \parseargdef\foo{...}
+% is roughly equivalent to
+% \def\foo{\parsearg\Xfoo}
+% \def\Xfoo#1{...}
+%
+% Actually, I use \csname\string\foo\endcsname, ie. \\foo, as it is my
+% favourite TeX trick. --kasal, 16nov03
+
+\def\parseargdef#1{%
+ \expandafter \doparseargdef \csname\string#1\endcsname #1%
+}
+\def\doparseargdef#1#2{%
+ \def#2{\parsearg#1}%
+ \def#1##1%
+}
+
+% Several utility definitions with active space:
+{
+ \obeyspaces
+ \gdef\obeyedspace{ }
+
+ % Make each space character in the input produce a normal interword
+ % space in the output. Don't allow a line break at this space, as this
+ % is used only in environments like @example, where each line of input
+ % should produce a line of output anyway.
+ %
+ \gdef\sepspaces{\obeyspaces\let =\tie}
+
+ % If an index command is used in an @example environment, any spaces
+ % therein should become regular spaces in the raw index file, not the
+ % expansion of \tie (\leavevmode \penalty \@M \ ).
+ \gdef\unsepspaces{\let =\space}
+}
+
+
+\def\flushcr{\ifx\par\lisppar \def\next##1{}\else \let\next=\relax \fi \next}
+
+% Define the framework for environments in texinfo.tex. It's used like this:
+%
+% \envdef\foo{...}
+% \def\Efoo{...}
+%
+% It's the responsibility of \envdef to insert \begingroup before the
+% actual body; @end closes the group after calling \Efoo. \envdef also
+% defines \thisenv, so the current environment is known; @end checks
+% whether the environment name matches. The \checkenv macro can also be
+% used to check whether the current environment is the one expected.
+%
+% Non-false conditionals (@iftex, @ifset) don't fit into this, so they
+% are not treated as enviroments; they don't open a group. (The
+% implementation of @end takes care not to call \endgroup in this
+% special case.)
+
+
+% At runtime, environments start with this:
+\def\startenvironment#1{\begingroup\def\thisenv{#1}}
+% initialize
+\let\thisenv\empty
+
+% ... but they get defined via ``\envdef\foo{...}'':
+\long\def\envdef#1#2{\def#1{\startenvironment#1#2}}
+\def\envparseargdef#1#2{\parseargdef#1{\startenvironment#1#2}}
+
+% Check whether we're in the right environment:
+\def\checkenv#1{%
+ \def\temp{#1}%
+ \ifx\thisenv\temp
+ \else
+ \badenverr
+ \fi
+}
+
+% Evironment mismatch, #1 expected:
+\def\badenverr{%
+ \errhelp = \EMsimple
+ \errmessage{This command can appear only \inenvironment\temp,
+ not \inenvironment\thisenv}%
+}
+\def\inenvironment#1{%
+ \ifx#1\empty
+ out of any environment%
+ \else
+ in environment \expandafter\string#1%
+ \fi
+}
+
+% @end foo executes the definition of \Efoo.
+% But first, it executes a specialized version of \checkenv
+%
+\parseargdef\end{%
+ \if 1\csname iscond.#1\endcsname
+ \else
+ % The general wording of \badenverr may not be ideal, but... --kasal, 06nov03
+ \expandafter\checkenv\csname#1\endcsname
+ \csname E#1\endcsname
+ \endgroup
+ \fi
+}
+
+\newhelp\EMsimple{Press RETURN to continue.}
+
+
+%% Simple single-character @ commands
+
+% @@ prints an @
+% Kludge this until the fonts are right (grr).
+\def\@{{\tt\char64}}
+
+% This is turned off because it was never documented
+% and you can use @w{...} around a quote to suppress ligatures.
+%% Define @` and @' to be the same as ` and '
+%% but suppressing ligatures.
+%\def\`{{`}}
+%\def\'{{'}}
+
+% Used to generate quoted braces.
+\def\mylbrace {{\tt\char123}}
+\def\myrbrace {{\tt\char125}}
+\let\{=\mylbrace
+\let\}=\myrbrace
+\begingroup
+ % Definitions to produce \{ and \} commands for indices,
+ % and @{ and @} for the aux/toc files.
+ \catcode`\{ = \other \catcode`\} = \other
+ \catcode`\[ = 1 \catcode`\] = 2
+ \catcode`\! = 0 \catcode`\\ = \other
+ !gdef!lbracecmd[\{]%
+ !gdef!rbracecmd[\}]%
+ !gdef!lbraceatcmd[@{]%
+ !gdef!rbraceatcmd[@}]%
+!endgroup
+
+% @comma{} to avoid , parsing problems.
+\let\comma = ,
+
+% Accents: @, @dotaccent @ringaccent @ubaraccent @udotaccent
+% Others are defined by plain TeX: @` @' @" @^ @~ @= @u @v @H.
+\let\, = \c
+\let\dotaccent = \.
+\def\ringaccent#1{{\accent23 #1}}
+\let\tieaccent = \t
+\let\ubaraccent = \b
+\let\udotaccent = \d
+
+% Other special characters: @questiondown @exclamdown @ordf @ordm
+% Plain TeX defines: @AA @AE @O @OE @L (plus lowercase versions) @ss.
+\def\questiondown{?`}
+\def\exclamdown{!`}
+\def\ordf{\leavevmode\raise1ex\hbox{\selectfonts\lllsize \underbar{a}}}
+\def\ordm{\leavevmode\raise1ex\hbox{\selectfonts\lllsize \underbar{o}}}
+
+% Dotless i and dotless j, used for accents.
+\def\imacro{i}
+\def\jmacro{j}
+\def\dotless#1{%
+ \def\temp{#1}%
+ \ifx\temp\imacro \ptexi
+ \else\ifx\temp\jmacro \j
+ \else \errmessage{@dotless can be used only with i or j}%
+ \fi\fi
+}
+
+% The \TeX{} logo, as in plain, but resetting the spacing so that a
+% period following counts as ending a sentence. (Idea found in latex.)
+%
+\edef\TeX{\TeX \spacefactor=1000 }
+
+% @LaTeX{} logo. Not quite the same results as the definition in
+% latex.ltx, since we use a different font for the raised A; it's most
+% convenient for us to use an explicitly smaller font, rather than using
+% the \scriptstyle font (since we don't reset \scriptstyle and
+% \scriptscriptstyle).
+%
+\def\LaTeX{%
+ L\kern-.36em
+ {\setbox0=\hbox{T}%
+ \vbox to \ht0{\hbox{\selectfonts\lllsize A}\vss}}%
+ \kern-.15em
+ \TeX
+}
+
+% Be sure we're in horizontal mode when doing a tie, since we make space
+% equivalent to this in @example-like environments. Otherwise, a space
+% at the beginning of a line will start with \penalty -- and
+% since \penalty is valid in vertical mode, we'd end up putting the
+% penalty on the vertical list instead of in the new paragraph.
+{\catcode`@ = 11
+ % Avoid using \@M directly, because that causes trouble
+ % if the definition is written into an index file.
+ \global\let\tiepenalty = \@M
+ \gdef\tie{\leavevmode\penalty\tiepenalty\ }
+}
+
+% @: forces normal size whitespace following.
+\def\:{\spacefactor=1000 }
+
+% @* forces a line break.
+\def\*{\hfil\break\hbox{}\ignorespaces}
+
+% @/ allows a line break.
+\let\/=\allowbreak
+
+% @. is an end-of-sentence period.
+\def\.{.\spacefactor=\endofsentencespacefactor\space}
+
+% @! is an end-of-sentence bang.
+\def\!{!\spacefactor=\endofsentencespacefactor\space}
+
+% @? is an end-of-sentence query.
+\def\?{?\spacefactor=\endofsentencespacefactor\space}
+
+% @frenchspacing on|off says whether to put extra space after punctuation.
+%
+\def\onword{on}
+\def\offword{off}
+%
+\parseargdef\frenchspacing{%
+ \def\temp{#1}%
+ \ifx\temp\onword \plainfrenchspacing
+ \else\ifx\temp\offword \plainnonfrenchspacing
+ \else
+ \errhelp = \EMsimple
+ \errmessage{Unknown @frenchspacing option `\temp', must be on/off}%
+ \fi\fi
+}
+
+% @w prevents a word break. Without the \leavevmode, @w at the
+% beginning of a paragraph, when TeX is still in vertical mode, would
+% produce a whole line of output instead of starting the paragraph.
+\def\w#1{\leavevmode\hbox{#1}}
+
+% @group ... @end group forces ... to be all on one page, by enclosing
+% it in a TeX vbox. We use \vtop instead of \vbox to construct the box
+% to keep its height that of a normal line. According to the rules for
+% \topskip (p.114 of the TeXbook), the glue inserted is
+% max (\topskip - \ht (first item), 0). If that height is large,
+% therefore, no glue is inserted, and the space between the headline and
+% the text is small, which looks bad.
+%
+% Another complication is that the group might be very large. This can
+% cause the glue on the previous page to be unduly stretched, because it
+% does not have much material. In this case, it's better to add an
+% explicit \vfill so that the extra space is at the bottom. The
+% threshold for doing this is if the group is more than \vfilllimit
+% percent of a page (\vfilllimit can be changed inside of @tex).
+%
+\newbox\groupbox
+\def\vfilllimit{0.7}
+%
+\envdef\group{%
+ \ifnum\catcode`\^^M=\active \else
+ \errhelp = \groupinvalidhelp
+ \errmessage{@group invalid in context where filling is enabled}%
+ \fi
+ \startsavinginserts
+ %
+ \setbox\groupbox = \vtop\bgroup
+ % Do @comment since we are called inside an environment such as
+ % @example, where each end-of-line in the input causes an
+ % end-of-line in the output. We don't want the end-of-line after
+ % the `@group' to put extra space in the output. Since @group
+ % should appear on a line by itself (according to the Texinfo
+ % manual), we don't worry about eating any user text.
+ \comment
+}
+%
+% The \vtop produces a box with normal height and large depth; thus, TeX puts
+% \baselineskip glue before it, and (when the next line of text is done)
+% \lineskip glue after it. Thus, space below is not quite equal to space
+% above. But it's pretty close.
+\def\Egroup{%
+ % To get correct interline space between the last line of the group
+ % and the first line afterwards, we have to propagate \prevdepth.
+ \endgraf % Not \par, as it may have been set to \lisppar.
+ \global\dimen1 = \prevdepth
+ \egroup % End the \vtop.
+ % \dimen0 is the vertical size of the group's box.
+ \dimen0 = \ht\groupbox \advance\dimen0 by \dp\groupbox
+ % \dimen2 is how much space is left on the page (more or less).
+ \dimen2 = \pageheight \advance\dimen2 by -\pagetotal
+ % if the group doesn't fit on the current page, and it's a big big
+ % group, force a page break.
+ \ifdim \dimen0 > \dimen2
+ \ifdim \pagetotal < \vfilllimit\pageheight
+ \page
+ \fi
+ \fi
+ \box\groupbox
+ \prevdepth = \dimen1
+ \checkinserts
+}
+%
+% TeX puts in an \escapechar (i.e., `@') at the beginning of the help
+% message, so this ends up printing `@group can only ...'.
+%
+\newhelp\groupinvalidhelp{%
+group can only be used in environments such as @example,^^J%
+where each line of input produces a line of output.}
+
+% @need space-in-mils
+% forces a page break if there is not space-in-mils remaining.
+
+\newdimen\mil \mil=0.001in
+
+% Old definition--didn't work.
+%\parseargdef\need{\par %
+%% This method tries to make TeX break the page naturally
+%% if the depth of the box does not fit.
+%{\baselineskip=0pt%
+%\vtop to #1\mil{\vfil}\kern -#1\mil\nobreak
+%\prevdepth=-1000pt
+%}}
+
+\parseargdef\need{%
+ % Ensure vertical mode, so we don't make a big box in the middle of a
+ % paragraph.
+ \par
+ %
+ % If the @need value is less than one line space, it's useless.
+ \dimen0 = #1\mil
+ \dimen2 = \ht\strutbox
+ \advance\dimen2 by \dp\strutbox
+ \ifdim\dimen0 > \dimen2
+ %
+ % Do a \strut just to make the height of this box be normal, so the
+ % normal leading is inserted relative to the preceding line.
+ % And a page break here is fine.
+ \vtop to #1\mil{\strut\vfil}%
+ %
+ % TeX does not even consider page breaks if a penalty added to the
+ % main vertical list is 10000 or more. But in order to see if the
+ % empty box we just added fits on the page, we must make it consider
+ % page breaks. On the other hand, we don't want to actually break the
+ % page after the empty box. So we use a penalty of 9999.
+ %
+ % There is an extremely small chance that TeX will actually break the
+ % page at this \penalty, if there are no other feasible breakpoints in
+ % sight. (If the user is using lots of big @group commands, which
+ % almost-but-not-quite fill up a page, TeX will have a hard time doing
+ % good page breaking, for example.) However, I could not construct an
+ % example where a page broke at this \penalty; if it happens in a real
+ % document, then we can reconsider our strategy.
+ \penalty9999
+ %
+ % Back up by the size of the box, whether we did a page break or not.
+ \kern -#1\mil
+ %
+ % Do not allow a page break right after this kern.
+ \nobreak
+ \fi
+}
+
+% @br forces paragraph break (and is undocumented).
+
+\let\br = \par
+
+% @page forces the start of a new page.
+%
+\def\page{\par\vfill\supereject}
+
+% @exdent text....
+% outputs text on separate line in roman font, starting at standard page margin
+
+% This records the amount of indent in the innermost environment.
+% That's how much \exdent should take out.
+\newskip\exdentamount
+
+% This defn is used inside fill environments such as @defun.
+\parseargdef\exdent{\hfil\break\hbox{\kern -\exdentamount{\rm#1}}\hfil\break}
+
+% This defn is used inside nofill environments such as @example.
+\parseargdef\nofillexdent{{\advance \leftskip by -\exdentamount
+ \leftline{\hskip\leftskip{\rm#1}}}}
+
+% @inmargin{WHICH}{TEXT} puts TEXT in the WHICH margin next to the current
+% paragraph. For more general purposes, use the \margin insertion
+% class. WHICH is `l' or `r'.
+%
+\newskip\inmarginspacing \inmarginspacing=1cm
+\def\strutdepth{\dp\strutbox}
+%
+\def\doinmargin#1#2{\strut\vadjust{%
+ \nobreak
+ \kern-\strutdepth
+ \vtop to \strutdepth{%
+ \baselineskip=\strutdepth
+ \vss
+ % if you have multiple lines of stuff to put here, you'll need to
+ % make the vbox yourself of the appropriate size.
+ \ifx#1l%
+ \llap{\ignorespaces #2\hskip\inmarginspacing}%
+ \else
+ \rlap{\hskip\hsize \hskip\inmarginspacing \ignorespaces #2}%
+ \fi
+ \null
+ }%
+}}
+\def\inleftmargin{\doinmargin l}
+\def\inrightmargin{\doinmargin r}
+%
+% @inmargin{TEXT [, RIGHT-TEXT]}
+% (if RIGHT-TEXT is given, use TEXT for left page, RIGHT-TEXT for right;
+% else use TEXT for both).
+%
+\def\inmargin#1{\parseinmargin #1,,\finish}
+\def\parseinmargin#1,#2,#3\finish{% not perfect, but better than nothing.
+ \setbox0 = \hbox{\ignorespaces #2}%
+ \ifdim\wd0 > 0pt
+ \def\lefttext{#1}% have both texts
+ \def\righttext{#2}%
+ \else
+ \def\lefttext{#1}% have only one text
+ \def\righttext{#1}%
+ \fi
+ %
+ \ifodd\pageno
+ \def\temp{\inrightmargin\righttext}% odd page -> outside is right margin
+ \else
+ \def\temp{\inleftmargin\lefttext}%
+ \fi
+ \temp
+}
+
+% @include file insert text of that file as input.
+%
+\def\include{\parseargusing\filenamecatcodes\includezzz}
+\def\includezzz#1{%
+ \pushthisfilestack
+ \def\thisfile{#1}%
+ {%
+ \makevalueexpandable
+ \def\temp{\input #1 }%
+ \expandafter
+ }\temp
+ \popthisfilestack
+}
+\def\filenamecatcodes{%
+ \catcode`\\=\other
+ \catcode`~=\other
+ \catcode`^=\other
+ \catcode`_=\other
+ \catcode`|=\other
+ \catcode`<=\other
+ \catcode`>=\other
+ \catcode`+=\other
+ \catcode`-=\other
+}
+
+\def\pushthisfilestack{%
+ \expandafter\pushthisfilestackX\popthisfilestack\StackTerm
+}
+\def\pushthisfilestackX{%
+ \expandafter\pushthisfilestackY\thisfile\StackTerm
+}
+\def\pushthisfilestackY #1\StackTerm #2\StackTerm {%
+ \gdef\popthisfilestack{\gdef\thisfile{#1}\gdef\popthisfilestack{#2}}%
+}
+
+\def\popthisfilestack{\errthisfilestackempty}
+\def\errthisfilestackempty{\errmessage{Internal error:
+ the stack of filenames is empty.}}
+
+\def\thisfile{}
+
+% @center line
+% outputs that line, centered.
+%
+\parseargdef\center{%
+ \ifhmode
+ \let\next\centerH
+ \else
+ \let\next\centerV
+ \fi
+ \next{\hfil \ignorespaces#1\unskip \hfil}%
+}
+\def\centerH#1{%
+ {%
+ \hfil\break
+ \advance\hsize by -\leftskip
+ \advance\hsize by -\rightskip
+ \line{#1}%
+ \break
+ }%
+}
+\def\centerV#1{\line{\kern\leftskip #1\kern\rightskip}}
+
+% @sp n outputs n lines of vertical space
+
+\parseargdef\sp{\vskip #1\baselineskip}
+
+% @comment ...line which is ignored...
+% @c is the same as @comment
+% @ignore ... @end ignore is another way to write a comment
+
+\def\comment{\begingroup \catcode`\^^M=\other%
+\catcode`\@=\other \catcode`\{=\other \catcode`\}=\other%
+\commentxxx}
+{\catcode`\^^M=\other \gdef\commentxxx#1^^M{\endgroup}}
+
+\let\c=\comment
+
+% @paragraphindent NCHARS
+% We'll use ems for NCHARS, close enough.
+% NCHARS can also be the word `asis' or `none'.
+% We cannot feasibly implement @paragraphindent asis, though.
+%
+\def\asisword{asis} % no translation, these are keywords
+\def\noneword{none}
+%
+\parseargdef\paragraphindent{%
+ \def\temp{#1}%
+ \ifx\temp\asisword
+ \else
+ \ifx\temp\noneword
+ \defaultparindent = 0pt
+ \else
+ \defaultparindent = #1em
+ \fi
+ \fi
+ \parindent = \defaultparindent
+}
+
+% @exampleindent NCHARS
+% We'll use ems for NCHARS like @paragraphindent.
+% It seems @exampleindent asis isn't necessary, but
+% I preserve it to make it similar to @paragraphindent.
+\parseargdef\exampleindent{%
+ \def\temp{#1}%
+ \ifx\temp\asisword
+ \else
+ \ifx\temp\noneword
+ \lispnarrowing = 0pt
+ \else
+ \lispnarrowing = #1em
+ \fi
+ \fi
+}
+
+% @firstparagraphindent WORD
+% If WORD is `none', then suppress indentation of the first paragraph
+% after a section heading. If WORD is `insert', then do indent at such
+% paragraphs.
+%
+% The paragraph indentation is suppressed or not by calling
+% \suppressfirstparagraphindent, which the sectioning commands do.
+% We switch the definition of this back and forth according to WORD.
+% By default, we suppress indentation.
+%
+\def\suppressfirstparagraphindent{\dosuppressfirstparagraphindent}
+\def\insertword{insert}
+%
+\parseargdef\firstparagraphindent{%
+ \def\temp{#1}%
+ \ifx\temp\noneword
+ \let\suppressfirstparagraphindent = \dosuppressfirstparagraphindent
+ \else\ifx\temp\insertword
+ \let\suppressfirstparagraphindent = \relax
+ \else
+ \errhelp = \EMsimple
+ \errmessage{Unknown @firstparagraphindent option `\temp'}%
+ \fi\fi
+}
+
+% Here is how we actually suppress indentation. Redefine \everypar to
+% \kern backwards by \parindent, and then reset itself to empty.
+%
+% We also make \indent itself not actually do anything until the next
+% paragraph.
+%
+\gdef\dosuppressfirstparagraphindent{%
+ \gdef\indent{%
+ \restorefirstparagraphindent
+ \indent
+ }%
+ \gdef\noindent{%
+ \restorefirstparagraphindent
+ \noindent
+ }%
+ \global\everypar = {%
+ \kern -\parindent
+ \restorefirstparagraphindent
+ }%
+}
+
+\gdef\restorefirstparagraphindent{%
+ \global \let \indent = \ptexindent
+ \global \let \noindent = \ptexnoindent
+ \global \everypar = {}%
+}
+
+
+% @asis just yields its argument. Used with @table, for example.
+%
+\def\asis#1{#1}
+
+% @math outputs its argument in math mode.
+%
+% One complication: _ usually means subscripts, but it could also mean
+% an actual _ character, as in @math{@var{some_variable} + 1}. So make
+% _ active, and distinguish by seeing if the current family is \slfam,
+% which is what @var uses.
+{
+ \catcode`\_ = \active
+ \gdef\mathunderscore{%
+ \catcode`\_=\active
+ \def_{\ifnum\fam=\slfam \_\else\sb\fi}%
+ }
+}
+% Another complication: we want \\ (and @\) to output a \ character.
+% FYI, plain.tex uses \\ as a temporary control sequence (why?), but
+% this is not advertised and we don't care. Texinfo does not
+% otherwise define @\.
+%
+% The \mathchar is class=0=ordinary, family=7=ttfam, position=5C=\.
+\def\mathbackslash{\ifnum\fam=\ttfam \mathchar"075C \else\backslash \fi}
+%
+\def\math{%
+ \tex
+ \mathunderscore
+ \let\\ = \mathbackslash
+ \mathactive
+ $\finishmath
+}
+\def\finishmath#1{#1$\endgroup} % Close the group opened by \tex.
+
+% Some active characters (such as <) are spaced differently in math.
+% We have to reset their definitions in case the @math was an argument
+% to a command which sets the catcodes (such as @item or @section).
+%
+{
+ \catcode`^ = \active
+ \catcode`< = \active
+ \catcode`> = \active
+ \catcode`+ = \active
+ \gdef\mathactive{%
+ \let^ = \ptexhat
+ \let< = \ptexless
+ \let> = \ptexgtr
+ \let+ = \ptexplus
+ }
+}
+
+% @bullet and @minus need the same treatment as @math, just above.
+\def\bullet{$\ptexbullet$}
+\def\minus{$-$}
+
+% @dots{} outputs an ellipsis using the current font.
+% We do .5em per period so that it has the same spacing in the cm
+% typewriter fonts as three actual period characters; on the other hand,
+% in other typewriter fonts three periods are wider than 1.5em. So do
+% whichever is larger.
+%
+\def\dots{%
+ \leavevmode
+ \setbox0=\hbox{...}% get width of three periods
+ \ifdim\wd0 > 1.5em
+ \dimen0 = \wd0
+ \else
+ \dimen0 = 1.5em
+ \fi
+ \hbox to \dimen0{%
+ \hskip 0pt plus.25fil
+ .\hskip 0pt plus1fil
+ .\hskip 0pt plus1fil
+ .\hskip 0pt plus.5fil
+ }%
+}
+
+% @enddots{} is an end-of-sentence ellipsis.
+%
+\def\enddots{%
+ \dots
+ \spacefactor=\endofsentencespacefactor
+}
+
+% @comma{} is so commas can be inserted into text without messing up
+% Texinfo's parsing.
+%
+\let\comma = ,
+
+% @refill is a no-op.
+\let\refill=\relax
+
+% If working on a large document in chapters, it is convenient to
+% be able to disable indexing, cross-referencing, and contents, for test runs.
+% This is done with @novalidate (before @setfilename).
+%
+\newif\iflinks \linkstrue % by default we want the aux files.
+\let\novalidate = \linksfalse
+
+% @setfilename is done at the beginning of every texinfo file.
+% So open here the files we need to have open while reading the input.
+% This makes it possible to make a .fmt file for texinfo.
+\def\setfilename{%
+ \fixbackslash % Turn off hack to swallow `\input texinfo'.
+ \iflinks
+ \tryauxfile
+ % Open the new aux file. TeX will close it automatically at exit.
+ \immediate\openout\auxfile=\jobname.aux
+ \fi % \openindices needs to do some work in any case.
+ \openindices
+ \let\setfilename=\comment % Ignore extra @setfilename cmds.
+ %
+ % If texinfo.cnf is present on the system, read it.
+ % Useful for site-wide @afourpaper, etc.
+ \openin 1 texinfo.cnf
+ \ifeof 1 \else \input texinfo.cnf \fi
+ \closein 1
+ %
+ \comment % Ignore the actual filename.
+}
+
+% Called from \setfilename.
+%
+\def\openindices{%
+ \newindex{cp}%
+ \newcodeindex{fn}%
+ \newcodeindex{vr}%
+ \newcodeindex{tp}%
+ \newcodeindex{ky}%
+ \newcodeindex{pg}%
+}
+
+% @bye.
+\outer\def\bye{\pagealignmacro\tracingstats=1\ptexend}
+
+
+\message{pdf,}
+% adobe `portable' document format
+\newcount\tempnum
+\newcount\lnkcount
+\newtoks\filename
+\newcount\filenamelength
+\newcount\pgn
+\newtoks\toksA
+\newtoks\toksB
+\newtoks\toksC
+\newtoks\toksD
+\newbox\boxA
+\newcount\countA
+\newif\ifpdf
+\newif\ifpdfmakepagedest
+
+% when pdftex is run in dvi mode, \pdfoutput is defined (so \pdfoutput=1
+% can be set). So we test for \relax and 0 as well as \undefined,
+% borrowed from ifpdf.sty.
+\ifx\pdfoutput\undefined
+\else
+ \ifx\pdfoutput\relax
+ \else
+ \ifcase\pdfoutput
+ \else
+ \pdftrue
+ \fi
+ \fi
+\fi
+
+% PDF uses PostScript string constants for the names of xref targets,
+% for display in the outlines, and in other places. Thus, we have to
+% double any backslashes. Otherwise, a name like "\node" will be
+% interpreted as a newline (\n), followed by o, d, e. Not good.
+% http://www.ntg.nl/pipermail/ntg-pdftex/2004-July/000654.html
+% (and related messages, the final outcome is that it is up to the TeX
+% user to double the backslashes and otherwise make the string valid, so
+% that's what we do).
+
+% double active backslashes.
+%
+{\catcode`\@=0 \catcode`\\=\active
+ @gdef@activebackslashdouble{%
+ @catcode`@\=@active
+ @let\=@doublebackslash}
+}
+
+% To handle parens, we must adopt a different approach, since parens are
+% not active characters. hyperref.dtx (which has the same problem as
+% us) handles it with this amazing macro to replace tokens, with minor
+% changes for Texinfo. It is included here under the GPL by permission
+% from the author, Heiko Oberdiek.
+%
+% #1 is the tokens to replace.
+% #2 is the replacement.
+% #3 is the control sequence with the string.
+%
+\def\HyPsdSubst#1#2#3{%
+ \def\HyPsdReplace##1#1##2\END{%
+ ##1%
+ \ifx\\##2\\%
+ \else
+ #2%
+ \HyReturnAfterFi{%
+ \HyPsdReplace##2\END
+ }%
+ \fi
+ }%
+ \xdef#3{\expandafter\HyPsdReplace#3#1\END}%
+}
+\long\def\HyReturnAfterFi#1\fi{\fi#1}
+
+% #1 is a control sequence in which to do the replacements.
+\def\backslashparens#1{%
+ \xdef#1{#1}% redefine it as its expansion; the definition is simply
+ % \lastnode when called from \setref -> \pdfmkdest.
+ \HyPsdSubst{(}{\realbackslash(}{#1}%
+ \HyPsdSubst{)}{\realbackslash)}{#1}%
+}
+
+\newhelp\nopdfimagehelp{Texinfo supports .png, .jpg, .jpeg, and .pdf images
+with PDF output, and none of those formats could be found. (.eps cannot
+be supported due to the design of the PDF format; use regular TeX (DVI
+output) for that.)}
+
+\ifpdf
+ \input pdfcolor
+ \pdfcatalog{/PageMode /UseOutlines}
+ %
+ % #1 is image name, #2 width (might be empty/whitespace), #3 height (ditto).
+ \def\dopdfimage#1#2#3{%
+ \def\imagewidth{#2}\setbox0 = \hbox{\ignorespaces #2}%
+ \def\imageheight{#3}\setbox2 = \hbox{\ignorespaces #3}%
+ %
+ % pdftex (and the PDF format) support .png, .jpg, .pdf (among
+ % others). Let's try in that order.
+ \let\pdfimgext=\empty
+ \begingroup
+ \openin 1 #1.png \ifeof 1
+ \openin 1 #1.jpg \ifeof 1
+ \openin 1 #1.jpeg \ifeof 1
+ \openin 1 #1.JPG \ifeof 1
+ \openin 1 #1.pdf \ifeof 1
+ \errhelp = \nopdfimagehelp
+ \errmessage{Could not find image file #1 for pdf}%
+ \else \gdef\pdfimgext{pdf}%
+ \fi
+ \else \gdef\pdfimgext{JPG}%
+ \fi
+ \else \gdef\pdfimgext{jpeg}%
+ \fi
+ \else \gdef\pdfimgext{jpg}%
+ \fi
+ \else \gdef\pdfimgext{png}%
+ \fi
+ \closein 1
+ \endgroup
+ %
+ % without \immediate, pdftex seg faults when the same image is
+ % included twice. (Version 3.14159-pre-1.0-unofficial-20010704.)
+ \ifnum\pdftexversion < 14
+ \immediate\pdfimage
+ \else
+ \immediate\pdfximage
+ \fi
+ \ifdim \wd0 >0pt width \imagewidth \fi
+ \ifdim \wd2 >0pt height \imageheight \fi
+ \ifnum\pdftexversion<13
+ #1.\pdfimgext
+ \else
+ {#1.\pdfimgext}%
+ \fi
+ \ifnum\pdftexversion < 14 \else
+ \pdfrefximage \pdflastximage
+ \fi}
+ %
+ \def\pdfmkdest#1{{%
+ % We have to set dummies so commands such as @code, and characters
+ % such as \, aren't expanded when present in a section title.
+ \indexnofonts
+ \turnoffactive
+ \activebackslashdouble
+ \makevalueexpandable
+ \def\pdfdestname{#1}%
+ \backslashparens\pdfdestname
+ \safewhatsit{\pdfdest name{\pdfdestname} xyz}%
+ }}
+ %
+ % used to mark target names; must be expandable.
+ \def\pdfmkpgn#1{#1}
+ %
+ % by default, use a color that is dark enough to print on paper as
+ % nearly black, but still distinguishable for online viewing.
+ % (Defined in pdfcolor.tex.)
+ \let\urlcolor = \BrickRed
+ \let\linkcolor = \BrickRed
+ \def\endlink{\Black\pdfendlink}
+ %
+ % Adding outlines to PDF; macros for calculating structure of outlines
+ % come from Petr Olsak
+ \def\expnumber#1{\expandafter\ifx\csname#1\endcsname\relax 0%
+ \else \csname#1\endcsname \fi}
+ \def\advancenumber#1{\tempnum=\expnumber{#1}\relax
+ \advance\tempnum by 1
+ \expandafter\xdef\csname#1\endcsname{\the\tempnum}}
+ %
+ % #1 is the section text, which is what will be displayed in the
+ % outline by the pdf viewer. #2 is the pdf expression for the number
+ % of subentries (or empty, for subsubsections). #3 is the node text,
+ % which might be empty if this toc entry had no corresponding node.
+ % #4 is the page number
+ %
+ \def\dopdfoutline#1#2#3#4{%
+ % Generate a link to the node text if that exists; else, use the
+ % page number. We could generate a destination for the section
+ % text in the case where a section has no node, but it doesn't
+ % seem worth the trouble, since most documents are normally structured.
+ \def\pdfoutlinedest{#3}%
+ \ifx\pdfoutlinedest\empty
+ \def\pdfoutlinedest{#4}%
+ \else
+ % Doubled backslashes in the name.
+ {\activebackslashdouble \xdef\pdfoutlinedest{#3}%
+ \backslashparens\pdfoutlinedest}%
+ \fi
+ %
+ % Also double the backslashes in the display string.
+ {\activebackslashdouble \xdef\pdfoutlinetext{#1}%
+ \backslashparens\pdfoutlinetext}%
+ %
+ \pdfoutline goto name{\pdfmkpgn{\pdfoutlinedest}}#2{\pdfoutlinetext}%
+ }
+ %
+ \def\pdfmakeoutlines{%
+ \begingroup
+ % Thanh's hack / proper braces in bookmarks
+ \edef\mylbrace{\iftrue \string{\else}\fi}\let\{=\mylbrace
+ \edef\myrbrace{\iffalse{\else\string}\fi}\let\}=\myrbrace
+ %
+ % Read toc silently, to get counts of subentries for \pdfoutline.
+ \def\numchapentry##1##2##3##4{%
+ \def\thischapnum{##2}%
+ \def\thissecnum{0}%
+ \def\thissubsecnum{0}%
+ }%
+ \def\numsecentry##1##2##3##4{%
+ \advancenumber{chap\thischapnum}%
+ \def\thissecnum{##2}%
+ \def\thissubsecnum{0}%
+ }%
+ \def\numsubsecentry##1##2##3##4{%
+ \advancenumber{sec\thissecnum}%
+ \def\thissubsecnum{##2}%
+ }%
+ \def\numsubsubsecentry##1##2##3##4{%
+ \advancenumber{subsec\thissubsecnum}%
+ }%
+ \def\thischapnum{0}%
+ \def\thissecnum{0}%
+ \def\thissubsecnum{0}%
+ %
+ % use \def rather than \let here because we redefine \chapentry et
+ % al. a second time, below.
+ \def\appentry{\numchapentry}%
+ \def\appsecentry{\numsecentry}%
+ \def\appsubsecentry{\numsubsecentry}%
+ \def\appsubsubsecentry{\numsubsubsecentry}%
+ \def\unnchapentry{\numchapentry}%
+ \def\unnsecentry{\numsecentry}%
+ \def\unnsubsecentry{\numsubsecentry}%
+ \def\unnsubsubsecentry{\numsubsubsecentry}%
+ \readdatafile{toc}%
+ %
+ % Read toc second time, this time actually producing the outlines.
+ % The `-' means take the \expnumber as the absolute number of
+ % subentries, which we calculated on our first read of the .toc above.
+ %
+ % We use the node names as the destinations.
+ \def\numchapentry##1##2##3##4{%
+ \dopdfoutline{##1}{count-\expnumber{chap##2}}{##3}{##4}}%
+ \def\numsecentry##1##2##3##4{%
+ \dopdfoutline{##1}{count-\expnumber{sec##2}}{##3}{##4}}%
+ \def\numsubsecentry##1##2##3##4{%
+ \dopdfoutline{##1}{count-\expnumber{subsec##2}}{##3}{##4}}%
+ \def\numsubsubsecentry##1##2##3##4{% count is always zero
+ \dopdfoutline{##1}{}{##3}{##4}}%
+ %
+ % PDF outlines are displayed using system fonts, instead of
+ % document fonts. Therefore we cannot use special characters,
+ % since the encoding is unknown. For example, the eogonek from
+ % Latin 2 (0xea) gets translated to a | character. Info from
+ % Staszek Wawrykiewicz, 19 Jan 2004 04:09:24 +0100.
+ %
+ % xx to do this right, we have to translate 8-bit characters to
+ % their "best" equivalent, based on the @documentencoding. Right
+ % now, I guess we'll just let the pdf reader have its way.
+ \indexnofonts
+ \setupdatafile
+ \catcode`\\=\active \otherbackslash
+ \input \jobname.toc
+ \endgroup
+ }
+ %
+ \def\skipspaces#1{\def\PP{#1}\def\D{|}%
+ \ifx\PP\D\let\nextsp\relax
+ \else\let\nextsp\skipspaces
+ \ifx\p\space\else\addtokens{\filename}{\PP}%
+ \advance\filenamelength by 1
+ \fi
+ \fi
+ \nextsp}
+ \def\getfilename#1{\filenamelength=0\expandafter\skipspaces#1|\relax}
+ \ifnum\pdftexversion < 14
+ \let \startlink \pdfannotlink
+ \else
+ \let \startlink \pdfstartlink
+ \fi
+ % make a live url in pdf output.
+ \def\pdfurl#1{%
+ \begingroup
+ % it seems we really need yet another set of dummies; have not
+ % tried to figure out what each command should do in the context
+ % of @url. for now, just make @/ a no-op, that's the only one
+ % people have actually reported a problem with.
+ %
+ \normalturnoffactive
+ \def\@{@}%
+ \let\/=\empty
+ \makevalueexpandable
+ \leavevmode\urlcolor
+ \startlink attr{/Border [0 0 0]}%
+ user{/Subtype /Link /A << /S /URI /URI (#1) >>}%
+ \endgroup}
+ \def\pdfgettoks#1.{\setbox\boxA=\hbox{\toksA={#1.}\toksB={}\maketoks}}
+ \def\addtokens#1#2{\edef\addtoks{\noexpand#1={\the#1#2}}\addtoks}
+ \def\adn#1{\addtokens{\toksC}{#1}\global\countA=1\let\next=\maketoks}
+ \def\poptoks#1#2|ENDTOKS|{\let\first=#1\toksD={#1}\toksA={#2}}
+ \def\maketoks{%
+ \expandafter\poptoks\the\toksA|ENDTOKS|\relax
+ \ifx\first0\adn0
+ \else\ifx\first1\adn1 \else\ifx\first2\adn2 \else\ifx\first3\adn3
+ \else\ifx\first4\adn4 \else\ifx\first5\adn5 \else\ifx\first6\adn6
+ \else\ifx\first7\adn7 \else\ifx\first8\adn8 \else\ifx\first9\adn9
+ \else
+ \ifnum0=\countA\else\makelink\fi
+ \ifx\first.\let\next=\done\else
+ \let\next=\maketoks
+ \addtokens{\toksB}{\the\toksD}
+ \ifx\first,\addtokens{\toksB}{\space}\fi
+ \fi
+ \fi\fi\fi\fi\fi\fi\fi\fi\fi\fi
+ \next}
+ \def\makelink{\addtokens{\toksB}%
+ {\noexpand\pdflink{\the\toksC}}\toksC={}\global\countA=0}
+ \def\pdflink#1{%
+ \startlink attr{/Border [0 0 0]} goto name{\pdfmkpgn{#1}}
+ \linkcolor #1\endlink}
+ \def\done{\edef\st{\global\noexpand\toksA={\the\toksB}}\st}
+\else
+ \let\pdfmkdest = \gobble
+ \let\pdfurl = \gobble
+ \let\endlink = \relax
+ \let\linkcolor = \relax
+ \let\pdfmakeoutlines = \relax
+\fi % \ifx\pdfoutput
+
+
+\message{fonts,}
+
+% Change the current font style to #1, remembering it in \curfontstyle.
+% For now, we do not accumulate font styles: @b{@i{foo}} prints foo in
+% italics, not bold italics.
+%
+\def\setfontstyle#1{%
+ \def\curfontstyle{#1}% not as a control sequence, because we are \edef'd.
+ \csname ten#1\endcsname % change the current font
+}
+
+% Select #1 fonts with the current style.
+%
+\def\selectfonts#1{\csname #1fonts\endcsname \csname\curfontstyle\endcsname}
+
+\def\rm{\fam=0 \setfontstyle{rm}}
+\def\it{\fam=\itfam \setfontstyle{it}}
+\def\sl{\fam=\slfam \setfontstyle{sl}}
+\def\bf{\fam=\bffam \setfontstyle{bf}}\def\bfstylename{bf}
+\def\tt{\fam=\ttfam \setfontstyle{tt}}
+
+% Texinfo sort of supports the sans serif font style, which plain TeX does not.
+% So we set up a \sf.
+\newfam\sffam
+\def\sf{\fam=\sffam \setfontstyle{sf}}
+\let\li = \sf % Sometimes we call it \li, not \sf.
+
+% We don't need math for this font style.
+\def\ttsl{\setfontstyle{ttsl}}
+
+
+% Default leading.
+\newdimen\textleading \textleading = 13.2pt
+
+% Set the baselineskip to #1, and the lineskip and strut size
+% correspondingly. There is no deep meaning behind these magic numbers
+% used as factors; they just match (closely enough) what Knuth defined.
+%
+\def\lineskipfactor{.08333}
+\def\strutheightpercent{.70833}
+\def\strutdepthpercent {.29167}
+%
+\def\setleading#1{%
+ \normalbaselineskip = #1\relax
+ \normallineskip = \lineskipfactor\normalbaselineskip
+ \normalbaselines
+ \setbox\strutbox =\hbox{%
+ \vrule width0pt height\strutheightpercent\baselineskip
+ depth \strutdepthpercent \baselineskip
+ }%
+}
+
+%
+% PDF CMaps. See also LaTeX's t1.cmap.
+%
+% \cmapOT1
+\ifpdf
+ \begingroup
+ \catcode`\^^M=\active \def^^M{^^J}% Output line endings as the ^^J char.
+ \catcode`\%=12 \immediate\pdfobj stream {%!PS-Adobe-3.0 Resource-CMap
+%%DocumentNeededResources: ProcSet (CIDInit)
+%%IncludeResource: ProcSet (CIDInit)
+%%BeginResource: CMap (TeX-OT1-0)
+%%Title: (TeX-OT1-0 TeX OT1 0)
+%%Version: 1.000
+%%EndComments
+/CIDInit /ProcSet findresource begin
+12 dict begin
+begincmap
+/CIDSystemInfo
+<< /Registry (TeX)
+/Ordering (OT1)
+/Supplement 0
+>> def
+/CMapName /TeX-OT1-0 def
+/CMapType 2 def
+1 begincodespacerange
+<00> <7F>
+endcodespacerange
+8 beginbfrange
+<00> <01> <0393>
+<09> <0A> <03A8>
+<23> <26> <0023>
+<28> <3B> <0028>
+<3F> <5B> <003F>
+<5D> <5E> <005D>
+<61> <7A> <0061>
+<7B> <7C> <2013>
+endbfrange
+40 beginbfchar
+<02> <0398>
+<03> <039B>
+<04> <039E>
+<05> <03A0>
+<06> <03A3>
+<07> <03D2>
+<08> <03A6>
+<0B> <00660066>
+<0C> <00660069>
+<0D> <0066006C>
+<0E> <006600660069>
+<0F> <00660066006C>
+<10> <0131>
+<11> <0237>
+<12> <0060>
+<13> <00B4>
+<14> <02C7>
+<15> <02D8>
+<16> <00AF>
+<17> <02DA>
+<18> <00B8>
+<19> <00DF>
+<1A> <00E6>
+<1B> <0153>
+<1C> <00F8>
+<1D> <00C6>
+<1E> <0152>
+<1F> <00D8>
+<21> <0021>
+<22> <201D>
+<27> <2019>
+<3C> <00A1>
+<3D> <003D>
+<3E> <00BF>
+<5C> <201C>
+<5F> <02D9>
+<60> <2018>
+<7D> <02DD>
+<7E> <007E>
+<7F> <00A8>
+endbfchar
+endcmap
+CMapName currentdict /CMap defineresource pop
+end
+end
+%%EndResource
+%%EOF
+ }\endgroup
+ \expandafter\edef\csname cmapOT1\endcsname#1{%
+ \pdffontattr#1{/ToUnicode \the\pdflastobj\space 0 R}%
+ }%
+%
+% \cmapOT1IT
+ \begingroup
+ \catcode`\^^M=\active \def^^M{^^J}% Output line endings as the ^^J char.
+ \catcode`\%=12 \immediate\pdfobj stream {%!PS-Adobe-3.0 Resource-CMap
+%%DocumentNeededResources: ProcSet (CIDInit)
+%%IncludeResource: ProcSet (CIDInit)
+%%BeginResource: CMap (TeX-OT1IT-0)
+%%Title: (TeX-OT1IT-0 TeX OT1IT 0)
+%%Version: 1.000
+%%EndComments
+/CIDInit /ProcSet findresource begin
+12 dict begin
+begincmap
+/CIDSystemInfo
+<< /Registry (TeX)
+/Ordering (OT1IT)
+/Supplement 0
+>> def
+/CMapName /TeX-OT1IT-0 def
+/CMapType 2 def
+1 begincodespacerange
+<00> <7F>
+endcodespacerange
+8 beginbfrange
+<00> <01> <0393>
+<09> <0A> <03A8>
+<25> <26> <0025>
+<28> <3B> <0028>
+<3F> <5B> <003F>
+<5D> <5E> <005D>
+<61> <7A> <0061>
+<7B> <7C> <2013>
+endbfrange
+42 beginbfchar
+<02> <0398>
+<03> <039B>
+<04> <039E>
+<05> <03A0>
+<06> <03A3>
+<07> <03D2>
+<08> <03A6>
+<0B> <00660066>
+<0C> <00660069>
+<0D> <0066006C>
+<0E> <006600660069>
+<0F> <00660066006C>
+<10> <0131>
+<11> <0237>
+<12> <0060>
+<13> <00B4>
+<14> <02C7>
+<15> <02D8>
+<16> <00AF>
+<17> <02DA>
+<18> <00B8>
+<19> <00DF>
+<1A> <00E6>
+<1B> <0153>
+<1C> <00F8>
+<1D> <00C6>
+<1E> <0152>
+<1F> <00D8>
+<21> <0021>
+<22> <201D>
+<23> <0023>
+<24> <00A3>
+<27> <2019>
+<3C> <00A1>
+<3D> <003D>
+<3E> <00BF>
+<5C> <201C>
+<5F> <02D9>
+<60> <2018>
+<7D> <02DD>
+<7E> <007E>
+<7F> <00A8>
+endbfchar
+endcmap
+CMapName currentdict /CMap defineresource pop
+end
+end
+%%EndResource
+%%EOF
+ }\endgroup
+ \expandafter\edef\csname cmapOT1IT\endcsname#1{%
+ \pdffontattr#1{/ToUnicode \the\pdflastobj\space 0 R}%
+ }%
+%
+% \cmapOT1TT
+ \begingroup
+ \catcode`\^^M=\active \def^^M{^^J}% Output line endings as the ^^J char.
+ \catcode`\%=12 \immediate\pdfobj stream {%!PS-Adobe-3.0 Resource-CMap
+%%DocumentNeededResources: ProcSet (CIDInit)
+%%IncludeResource: ProcSet (CIDInit)
+%%BeginResource: CMap (TeX-OT1TT-0)
+%%Title: (TeX-OT1TT-0 TeX OT1TT 0)
+%%Version: 1.000
+%%EndComments
+/CIDInit /ProcSet findresource begin
+12 dict begin
+begincmap
+/CIDSystemInfo
+<< /Registry (TeX)
+/Ordering (OT1TT)
+/Supplement 0
+>> def
+/CMapName /TeX-OT1TT-0 def
+/CMapType 2 def
+1 begincodespacerange
+<00> <7F>
+endcodespacerange
+5 beginbfrange
+<00> <01> <0393>
+<09> <0A> <03A8>
+<21> <26> <0021>
+<28> <5F> <0028>
+<61> <7E> <0061>
+endbfrange
+32 beginbfchar
+<02> <0398>
+<03> <039B>
+<04> <039E>
+<05> <03A0>
+<06> <03A3>
+<07> <03D2>
+<08> <03A6>
+<0B> <2191>
+<0C> <2193>
+<0D> <0027>
+<0E> <00A1>
+<0F> <00BF>
+<10> <0131>
+<11> <0237>
+<12> <0060>
+<13> <00B4>
+<14> <02C7>
+<15> <02D8>
+<16> <00AF>
+<17> <02DA>
+<18> <00B8>
+<19> <00DF>
+<1A> <00E6>
+<1B> <0153>
+<1C> <00F8>
+<1D> <00C6>
+<1E> <0152>
+<1F> <00D8>
+<20> <2423>
+<27> <2019>
+<60> <2018>
+<7F> <00A8>
+endbfchar
+endcmap
+CMapName currentdict /CMap defineresource pop
+end
+end
+%%EndResource
+%%EOF
+ }\endgroup
+ \expandafter\edef\csname cmapOT1TT\endcsname#1{%
+ \pdffontattr#1{/ToUnicode \the\pdflastobj\space 0 R}%
+ }%
+\else
+ \expandafter\let\csname cmapOT1\endcsname\gobble
+ \expandafter\let\csname cmapOT1IT\endcsname\gobble
+ \expandafter\let\csname cmapOT1TT\endcsname\gobble
+\fi
+
+
+% Set the font macro #1 to the font named #2, adding on the
+% specified font prefix (normally `cm').
+% #3 is the font's design size, #4 is a scale factor, #5 is the CMap
+% encoding (currently only OT1, OT1IT and OT1TT are allowed, pass
+% empty to omit).
+\def\setfont#1#2#3#4#5{%
+ \font#1=\fontprefix#2#3 scaled #4
+ \csname cmap#5\endcsname#1%
+}
+% This is what gets called when #5 of \setfont is empty.
+\let\cmap\gobble
+
+
+% Use cm as the default font prefix.
+% To specify the font prefix, you must define \fontprefix
+% before you read in texinfo.tex.
+\ifx\fontprefix\undefined
+\def\fontprefix{cm}
+\fi
+% Support font families that don't use the same naming scheme as CM.
+\def\rmshape{r}
+\def\rmbshape{bx} %where the normal face is bold
+\def\bfshape{b}
+\def\bxshape{bx}
+\def\ttshape{tt}
+\def\ttbshape{tt}
+\def\ttslshape{sltt}
+\def\itshape{ti}
+\def\itbshape{bxti}
+\def\slshape{sl}
+\def\slbshape{bxsl}
+\def\sfshape{ss}
+\def\sfbshape{ss}
+\def\scshape{csc}
+\def\scbshape{csc}
+
+% Definitions for a main text size of 11pt. This is the default in
+% Texinfo.
+%
+\def\definetextfontsizexi{%
+% Text fonts (11.2pt, magstep1).
+\def\textnominalsize{11pt}
+\edef\mainmagstep{\magstephalf}
+\setfont\textrm\rmshape{10}{\mainmagstep}{OT1}
+\setfont\texttt\ttshape{10}{\mainmagstep}{OT1TT}
+\setfont\textbf\bfshape{10}{\mainmagstep}{OT1}
+\setfont\textit\itshape{10}{\mainmagstep}{OT1IT}
+\setfont\textsl\slshape{10}{\mainmagstep}{OT1}
+\setfont\textsf\sfshape{10}{\mainmagstep}{OT1}
+\setfont\textsc\scshape{10}{\mainmagstep}{OT1}
+\setfont\textttsl\ttslshape{10}{\mainmagstep}{OT1TT}
+\font\texti=cmmi10 scaled \mainmagstep
+\font\textsy=cmsy10 scaled \mainmagstep
+
+% A few fonts for @defun names and args.
+\setfont\defbf\bfshape{10}{\magstep1}{OT1}
+\setfont\deftt\ttshape{10}{\magstep1}{OT1TT}
+\setfont\defttsl\ttslshape{10}{\magstep1}{OT1TT}
+\def\df{\let\tentt=\deftt \let\tenbf = \defbf \let\tenttsl=\defttsl \bf}
+
+% Fonts for indices, footnotes, small examples (9pt).
+\def\smallnominalsize{9pt}
+\setfont\smallrm\rmshape{9}{1000}{OT1}
+\setfont\smalltt\ttshape{9}{1000}{OT1TT}
+\setfont\smallbf\bfshape{10}{900}{OT1}
+\setfont\smallit\itshape{9}{1000}{OT1IT}
+\setfont\smallsl\slshape{9}{1000}{OT1}
+\setfont\smallsf\sfshape{9}{1000}{OT1}
+\setfont\smallsc\scshape{10}{900}{OT1}
+\setfont\smallttsl\ttslshape{10}{900}{OT1TT}
+\font\smalli=cmmi9
+\font\smallsy=cmsy9
+
+% Fonts for small examples (8pt).
+\def\smallernominalsize{8pt}
+\setfont\smallerrm\rmshape{8}{1000}{OT1}
+\setfont\smallertt\ttshape{8}{1000}{OT1TT}
+\setfont\smallerbf\bfshape{10}{800}{OT1}
+\setfont\smallerit\itshape{8}{1000}{OT1IT}
+\setfont\smallersl\slshape{8}{1000}{OT1}
+\setfont\smallersf\sfshape{8}{1000}{OT1}
+\setfont\smallersc\scshape{10}{800}{OT1}
+\setfont\smallerttsl\ttslshape{10}{800}{OT1TT}
+\font\smalleri=cmmi8
+\font\smallersy=cmsy8
+
+% Fonts for title page (20.4pt):
+\def\titlenominalsize{20pt}
+\setfont\titlerm\rmbshape{12}{\magstep3}{OT1}
+\setfont\titleit\itbshape{10}{\magstep4}{OT1IT}
+\setfont\titlesl\slbshape{10}{\magstep4}{OT1}
+\setfont\titlett\ttbshape{12}{\magstep3}{OT1TT}
+\setfont\titlettsl\ttslshape{10}{\magstep4}{OT1TT}
+\setfont\titlesf\sfbshape{17}{\magstep1}{OT1}
+\let\titlebf=\titlerm
+\setfont\titlesc\scbshape{10}{\magstep4}{OT1}
+\font\titlei=cmmi12 scaled \magstep3
+\font\titlesy=cmsy10 scaled \magstep4
+\def\authorrm{\secrm}
+\def\authortt{\sectt}
+
+% Chapter (and unnumbered) fonts (17.28pt).
+\def\chapnominalsize{17pt}
+\setfont\chaprm\rmbshape{12}{\magstep2}{OT1}
+\setfont\chapit\itbshape{10}{\magstep3}{OT1IT}
+\setfont\chapsl\slbshape{10}{\magstep3}{OT1}
+\setfont\chaptt\ttbshape{12}{\magstep2}{OT1TT}
+\setfont\chapttsl\ttslshape{10}{\magstep3}{OT1TT}
+\setfont\chapsf\sfbshape{17}{1000}{OT1}
+\let\chapbf=\chaprm
+\setfont\chapsc\scbshape{10}{\magstep3}{OT1}
+\font\chapi=cmmi12 scaled \magstep2
+\font\chapsy=cmsy10 scaled \magstep3
+
+% Section fonts (14.4pt).
+\def\secnominalsize{14pt}
+\setfont\secrm\rmbshape{12}{\magstep1}{OT1}
+\setfont\secit\itbshape{10}{\magstep2}{OT1IT}
+\setfont\secsl\slbshape{10}{\magstep2}{OT1}
+\setfont\sectt\ttbshape{12}{\magstep1}{OT1TT}
+\setfont\secttsl\ttslshape{10}{\magstep2}{OT1TT}
+\setfont\secsf\sfbshape{12}{\magstep1}{OT1}
+\let\secbf\secrm
+\setfont\secsc\scbshape{10}{\magstep2}{OT1}
+\font\seci=cmmi12 scaled \magstep1
+\font\secsy=cmsy10 scaled \magstep2
+
+% Subsection fonts (13.15pt).
+\def\ssecnominalsize{13pt}
+\setfont\ssecrm\rmbshape{12}{\magstephalf}{OT1}
+\setfont\ssecit\itbshape{10}{1315}{OT1IT}
+\setfont\ssecsl\slbshape{10}{1315}{OT1}
+\setfont\ssectt\ttbshape{12}{\magstephalf}{OT1TT}
+\setfont\ssecttsl\ttslshape{10}{1315}{OT1TT}
+\setfont\ssecsf\sfbshape{12}{\magstephalf}{OT1}
+\let\ssecbf\ssecrm
+\setfont\ssecsc\scbshape{10}{1315}{OT1}
+\font\sseci=cmmi12 scaled \magstephalf
+\font\ssecsy=cmsy10 scaled 1315
+
+% Reduced fonts for @acro in text (10pt).
+\def\reducednominalsize{10pt}
+\setfont\reducedrm\rmshape{10}{1000}{OT1}
+\setfont\reducedtt\ttshape{10}{1000}{OT1TT}
+\setfont\reducedbf\bfshape{10}{1000}{OT1}
+\setfont\reducedit\itshape{10}{1000}{OT1IT}
+\setfont\reducedsl\slshape{10}{1000}{OT1}
+\setfont\reducedsf\sfshape{10}{1000}{OT1}
+\setfont\reducedsc\scshape{10}{1000}{OT1}
+\setfont\reducedttsl\ttslshape{10}{1000}{OT1TT}
+\font\reducedi=cmmi10
+\font\reducedsy=cmsy10
+
+% reset the current fonts
+\textfonts
+\rm
+} % end of 11pt text font size definitions
+
+
+% Definitions to make the main text be 10pt Computer Modern, with
+% section, chapter, etc., sizes following suit. This is for the GNU
+% Press printing of the Emacs 22 manual. Maybe other manuals in the
+% future. Used with @smallbook, which sets the leading to 12pt.
+%
+\def\definetextfontsizex{%
+% Text fonts (10pt).
+\def\textnominalsize{10pt}
+\edef\mainmagstep{1000}
+\setfont\textrm\rmshape{10}{\mainmagstep}{OT1}
+\setfont\texttt\ttshape{10}{\mainmagstep}{OT1TT}
+\setfont\textbf\bfshape{10}{\mainmagstep}{OT1}
+\setfont\textit\itshape{10}{\mainmagstep}{OT1IT}
+\setfont\textsl\slshape{10}{\mainmagstep}{OT1}
+\setfont\textsf\sfshape{10}{\mainmagstep}{OT1}
+\setfont\textsc\scshape{10}{\mainmagstep}{OT1}
+\setfont\textttsl\ttslshape{10}{\mainmagstep}{OT1TT}
+\font\texti=cmmi10 scaled \mainmagstep
+\font\textsy=cmsy10 scaled \mainmagstep
+
+% A few fonts for @defun names and args.
+\setfont\defbf\bfshape{10}{\magstephalf}{OT1}
+\setfont\deftt\ttshape{10}{\magstephalf}{OT1TT}
+\setfont\defttsl\ttslshape{10}{\magstephalf}{OT1TT}
+\def\df{\let\tentt=\deftt \let\tenbf = \defbf \let\tenttsl=\defttsl \bf}
+
+% Fonts for indices, footnotes, small examples (9pt).
+\def\smallnominalsize{9pt}
+\setfont\smallrm\rmshape{9}{1000}{OT1}
+\setfont\smalltt\ttshape{9}{1000}{OT1TT}
+\setfont\smallbf\bfshape{10}{900}{OT1}
+\setfont\smallit\itshape{9}{1000}{OT1IT}
+\setfont\smallsl\slshape{9}{1000}{OT1}
+\setfont\smallsf\sfshape{9}{1000}{OT1}
+\setfont\smallsc\scshape{10}{900}{OT1}
+\setfont\smallttsl\ttslshape{10}{900}{OT1TT}
+\font\smalli=cmmi9
+\font\smallsy=cmsy9
+
+% Fonts for small examples (8pt).
+\def\smallernominalsize{8pt}
+\setfont\smallerrm\rmshape{8}{1000}{OT1}
+\setfont\smallertt\ttshape{8}{1000}{OT1TT}
+\setfont\smallerbf\bfshape{10}{800}{OT1}
+\setfont\smallerit\itshape{8}{1000}{OT1IT}
+\setfont\smallersl\slshape{8}{1000}{OT1}
+\setfont\smallersf\sfshape{8}{1000}{OT1}
+\setfont\smallersc\scshape{10}{800}{OT1}
+\setfont\smallerttsl\ttslshape{10}{800}{OT1TT}
+\font\smalleri=cmmi8
+\font\smallersy=cmsy8
+
+% Fonts for title page (20.4pt):
+\def\titlenominalsize{20pt}
+\setfont\titlerm\rmbshape{12}{\magstep3}{OT1}
+\setfont\titleit\itbshape{10}{\magstep4}{OT1IT}
+\setfont\titlesl\slbshape{10}{\magstep4}{OT1}
+\setfont\titlett\ttbshape{12}{\magstep3}{OT1TT}
+\setfont\titlettsl\ttslshape{10}{\magstep4}{OT1TT}
+\setfont\titlesf\sfbshape{17}{\magstep1}{OT1}
+\let\titlebf=\titlerm
+\setfont\titlesc\scbshape{10}{\magstep4}{OT1}
+\font\titlei=cmmi12 scaled \magstep3
+\font\titlesy=cmsy10 scaled \magstep4
+\def\authorrm{\secrm}
+\def\authortt{\sectt}
+
+% Chapter fonts (14.4pt).
+\def\chapnominalsize{14pt}
+\setfont\chaprm\rmbshape{12}{\magstep1}{OT1}
+\setfont\chapit\itbshape{10}{\magstep2}{OT1IT}
+\setfont\chapsl\slbshape{10}{\magstep2}{OT1}
+\setfont\chaptt\ttbshape{12}{\magstep1}{OT1TT}
+\setfont\chapttsl\ttslshape{10}{\magstep2}{OT1TT}
+\setfont\chapsf\sfbshape{12}{\magstep1}{OT1}
+\let\chapbf\chaprm
+\setfont\chapsc\scbshape{10}{\magstep2}{OT1}
+\font\chapi=cmmi12 scaled \magstep1
+\font\chapsy=cmsy10 scaled \magstep2
+
+% Section fonts (12pt).
+\def\secnominalsize{12pt}
+\setfont\secrm\rmbshape{12}{1000}{OT1}
+\setfont\secit\itbshape{10}{\magstep1}{OT1IT}
+\setfont\secsl\slbshape{10}{\magstep1}{OT1}
+\setfont\sectt\ttbshape{12}{1000}{OT1TT}
+\setfont\secttsl\ttslshape{10}{\magstep1}{OT1TT}
+\setfont\secsf\sfbshape{12}{1000}{OT1}
+\let\secbf\secrm
+\setfont\secsc\scbshape{10}{\magstep1}{OT1}
+\font\seci=cmmi12
+\font\secsy=cmsy10 scaled \magstep1
+
+% Subsection fonts (10pt).
+\def\ssecnominalsize{10pt}
+\setfont\ssecrm\rmbshape{10}{1000}{OT1}
+\setfont\ssecit\itbshape{10}{1000}{OT1IT}
+\setfont\ssecsl\slbshape{10}{1000}{OT1}
+\setfont\ssectt\ttbshape{10}{1000}{OT1TT}
+\setfont\ssecttsl\ttslshape{10}{1000}{OT1TT}
+\setfont\ssecsf\sfbshape{10}{1000}{OT1}
+\let\ssecbf\ssecrm
+\setfont\ssecsc\scbshape{10}{1000}{OT1}
+\font\sseci=cmmi10
+\font\ssecsy=cmsy10
+
+% Reduced fonts for @acro in text (9pt).
+\def\reducednominalsize{9pt}
+\setfont\reducedrm\rmshape{9}{1000}{OT1}
+\setfont\reducedtt\ttshape{9}{1000}{OT1TT}
+\setfont\reducedbf\bfshape{10}{900}{OT1}
+\setfont\reducedit\itshape{9}{1000}{OT1IT}
+\setfont\reducedsl\slshape{9}{1000}{OT1}
+\setfont\reducedsf\sfshape{9}{1000}{OT1}
+\setfont\reducedsc\scshape{10}{900}{OT1}
+\setfont\reducedttsl\ttslshape{10}{900}{OT1TT}
+\font\reducedi=cmmi9
+\font\reducedsy=cmsy9
+
+% reduce space between paragraphs
+\divide\parskip by 2
+
+% reset the current fonts
+\textfonts
+\rm
+} % end of 10pt text font size definitions
+
+
+% We provide the user-level command
+% @fonttextsize 10
+% (or 11) to redefine the text font size. pt is assumed.
+%
+\def\xword{10}
+\def\xiword{11}
+%
+\parseargdef\fonttextsize{%
+ \def\textsizearg{#1}%
+ \wlog{doing @fonttextsize \textsizearg}%
+ %
+ % Set \globaldefs so that documents can use this inside @tex, since
+ % makeinfo 4.8 does not support it, but we need it nonetheless.
+ %
+ \begingroup \globaldefs=1
+ \ifx\textsizearg\xword \definetextfontsizex
+ \else \ifx\textsizearg\xiword \definetextfontsizexi
+ \else
+ \errhelp=\EMsimple
+ \errmessage{@fonttextsize only supports `10' or `11', not `\textsizearg'}
+ \fi\fi
+ \endgroup
+}
+
+
+% In order for the font changes to affect most math symbols and letters,
+% we have to define the \textfont of the standard families. Since
+% texinfo doesn't allow for producing subscripts and superscripts except
+% in the main text, we don't bother to reset \scriptfont and
+% \scriptscriptfont (which would also require loading a lot more fonts).
+%
+\def\resetmathfonts{%
+ \textfont0=\tenrm \textfont1=\teni \textfont2=\tensy
+ \textfont\itfam=\tenit \textfont\slfam=\tensl \textfont\bffam=\tenbf
+ \textfont\ttfam=\tentt \textfont\sffam=\tensf
+}
+
+% The font-changing commands redefine the meanings of \tenSTYLE, instead
+% of just \STYLE. We do this because \STYLE needs to also set the
+% current \fam for math mode. Our \STYLE (e.g., \rm) commands hardwire
+% \tenSTYLE to set the current font.
+%
+% Each font-changing command also sets the names \lsize (one size lower)
+% and \lllsize (three sizes lower). These relative commands are used in
+% the LaTeX logo and acronyms.
+%
+% This all needs generalizing, badly.
+%
+\def\textfonts{%
+ \let\tenrm=\textrm \let\tenit=\textit \let\tensl=\textsl
+ \let\tenbf=\textbf \let\tentt=\texttt \let\smallcaps=\textsc
+ \let\tensf=\textsf \let\teni=\texti \let\tensy=\textsy
+ \let\tenttsl=\textttsl
+ \def\curfontsize{text}%
+ \def\lsize{reduced}\def\lllsize{smaller}%
+ \resetmathfonts \setleading{\textleading}}
+\def\titlefonts{%
+ \let\tenrm=\titlerm \let\tenit=\titleit \let\tensl=\titlesl
+ \let\tenbf=\titlebf \let\tentt=\titlett \let\smallcaps=\titlesc
+ \let\tensf=\titlesf \let\teni=\titlei \let\tensy=\titlesy
+ \let\tenttsl=\titlettsl
+ \def\curfontsize{title}%
+ \def\lsize{chap}\def\lllsize{subsec}%
+ \resetmathfonts \setleading{25pt}}
+\def\titlefont#1{{\titlefonts\rm #1}}
+\def\chapfonts{%
+ \let\tenrm=\chaprm \let\tenit=\chapit \let\tensl=\chapsl
+ \let\tenbf=\chapbf \let\tentt=\chaptt \let\smallcaps=\chapsc
+ \let\tensf=\chapsf \let\teni=\chapi \let\tensy=\chapsy
+ \let\tenttsl=\chapttsl
+ \def\curfontsize{chap}%
+ \def\lsize{sec}\def\lllsize{text}%
+ \resetmathfonts \setleading{19pt}}
+\def\secfonts{%
+ \let\tenrm=\secrm \let\tenit=\secit \let\tensl=\secsl
+ \let\tenbf=\secbf \let\tentt=\sectt \let\smallcaps=\secsc
+ \let\tensf=\secsf \let\teni=\seci \let\tensy=\secsy
+ \let\tenttsl=\secttsl
+ \def\curfontsize{sec}%
+ \def\lsize{subsec}\def\lllsize{reduced}%
+ \resetmathfonts \setleading{16pt}}
+\def\subsecfonts{%
+ \let\tenrm=\ssecrm \let\tenit=\ssecit \let\tensl=\ssecsl
+ \let\tenbf=\ssecbf \let\tentt=\ssectt \let\smallcaps=\ssecsc
+ \let\tensf=\ssecsf \let\teni=\sseci \let\tensy=\ssecsy
+ \let\tenttsl=\ssecttsl
+ \def\curfontsize{ssec}%
+ \def\lsize{text}\def\lllsize{small}%
+ \resetmathfonts \setleading{15pt}}
+\let\subsubsecfonts = \subsecfonts
+\def\reducedfonts{%
+ \let\tenrm=\reducedrm \let\tenit=\reducedit \let\tensl=\reducedsl
+ \let\tenbf=\reducedbf \let\tentt=\reducedtt \let\reducedcaps=\reducedsc
+ \let\tensf=\reducedsf \let\teni=\reducedi \let\tensy=\reducedsy
+ \let\tenttsl=\reducedttsl
+ \def\curfontsize{reduced}%
+ \def\lsize{small}\def\lllsize{smaller}%
+ \resetmathfonts \setleading{10.5pt}}
+\def\smallfonts{%
+ \let\tenrm=\smallrm \let\tenit=\smallit \let\tensl=\smallsl
+ \let\tenbf=\smallbf \let\tentt=\smalltt \let\smallcaps=\smallsc
+ \let\tensf=\smallsf \let\teni=\smalli \let\tensy=\smallsy
+ \let\tenttsl=\smallttsl
+ \def\curfontsize{small}%
+ \def\lsize{smaller}\def\lllsize{smaller}%
+ \resetmathfonts \setleading{10.5pt}}
+\def\smallerfonts{%
+ \let\tenrm=\smallerrm \let\tenit=\smallerit \let\tensl=\smallersl
+ \let\tenbf=\smallerbf \let\tentt=\smallertt \let\smallcaps=\smallersc
+ \let\tensf=\smallersf \let\teni=\smalleri \let\tensy=\smallersy
+ \let\tenttsl=\smallerttsl
+ \def\curfontsize{smaller}%
+ \def\lsize{smaller}\def\lllsize{smaller}%
+ \resetmathfonts \setleading{9.5pt}}
+
+% Set the fonts to use with the @small... environments.
+\let\smallexamplefonts = \smallfonts
+
+% About \smallexamplefonts. If we use \smallfonts (9pt), @smallexample
+% can fit this many characters:
+% 8.5x11=86 smallbook=72 a4=90 a5=69
+% If we use \scriptfonts (8pt), then we can fit this many characters:
+% 8.5x11=90+ smallbook=80 a4=90+ a5=77
+% For me, subjectively, the few extra characters that fit aren't worth
+% the additional smallness of 8pt. So I'm making the default 9pt.
+%
+% By the way, for comparison, here's what fits with @example (10pt):
+% 8.5x11=71 smallbook=60 a4=75 a5=58
+%
+% I wish the USA used A4 paper.
+% --karl, 24jan03.
+
+
+% Set up the default fonts, so we can use them for creating boxes.
+%
+\definetextfontsizexi
+
+% Define these so they can be easily changed for other fonts.
+\def\angleleft{$\langle$}
+\def\angleright{$\rangle$}
+
+% Count depth in font-changes, for error checks
+\newcount\fontdepth \fontdepth=0
+
+% Fonts for short table of contents.
+\setfont\shortcontrm\rmshape{12}{1000}{OT1}
+\setfont\shortcontbf\bfshape{10}{\magstep1}{OT1} % no cmb12
+\setfont\shortcontsl\slshape{12}{1000}{OT1}
+\setfont\shortconttt\ttshape{12}{1000}{OT1TT}
+
+%% Add scribe-like font environments, plus @l for inline lisp (usually sans
+%% serif) and @ii for TeX italic
+
+% \smartitalic{ARG} outputs arg in italics, followed by an italic correction
+% unless the following character is such as not to need one.
+\def\smartitalicx{\ifx\next,\else\ifx\next-\else\ifx\next.\else
+ \ptexslash\fi\fi\fi}
+\def\smartslanted#1{{\ifusingtt\ttsl\sl #1}\futurelet\next\smartitalicx}
+\def\smartitalic#1{{\ifusingtt\ttsl\it #1}\futurelet\next\smartitalicx}
+
+% like \smartslanted except unconditionally uses \ttsl.
+% @var is set to this for defun arguments.
+\def\ttslanted#1{{\ttsl #1}\futurelet\next\smartitalicx}
+
+% like \smartslanted except unconditionally use \sl. We never want
+% ttsl for book titles, do we?
+\def\cite#1{{\sl #1}\futurelet\next\smartitalicx}
+
+\let\i=\smartitalic
+\let\slanted=\smartslanted
+\let\var=\smartslanted
+\let\dfn=\smartslanted
+\let\emph=\smartitalic
+
+% @b, explicit bold.
+\def\b#1{{\bf #1}}
+\let\strong=\b
+
+% @sansserif, explicit sans.
+\def\sansserif#1{{\sf #1}}
+
+% We can't just use \exhyphenpenalty, because that only has effect at
+% the end of a paragraph. Restore normal hyphenation at the end of the
+% group within which \nohyphenation is presumably called.
+%
+\def\nohyphenation{\hyphenchar\font = -1 \aftergroup\restorehyphenation}
+\def\restorehyphenation{\hyphenchar\font = `- }
+
+% Set sfcode to normal for the chars that usually have another value.
+% Can't use plain's \frenchspacing because it uses the `\x notation, and
+% sometimes \x has an active definition that messes things up.
+%
+\catcode`@=11
+ \def\plainfrenchspacing{%
+ \sfcode\dotChar =\@m \sfcode\questChar=\@m \sfcode\exclamChar=\@m
+ \sfcode\colonChar=\@m \sfcode\semiChar =\@m \sfcode\commaChar =\@m
+ \def\endofsentencespacefactor{1000}% for @. and friends
+ }
+ \def\plainnonfrenchspacing{%
+ \sfcode`\.3000\sfcode`\?3000\sfcode`\!3000
+ \sfcode`\:2000\sfcode`\;1500\sfcode`\,1250
+ \def\endofsentencespacefactor{3000}% for @. and friends
+ }
+\catcode`@=\other
+\def\endofsentencespacefactor{3000}% default
+
+\def\t#1{%
+ {\tt \rawbackslash \plainfrenchspacing #1}%
+ \null
+}
+\def\samp#1{`\tclose{#1}'\null}
+\setfont\keyrm\rmshape{8}{1000}{OT1}
+\font\keysy=cmsy9
+\def\key#1{{\keyrm\textfont2=\keysy \leavevmode\hbox{%
+ \raise0.4pt\hbox{\angleleft}\kern-.08em\vtop{%
+ \vbox{\hrule\kern-0.4pt
+ \hbox{\raise0.4pt\hbox{\vphantom{\angleleft}}#1}}%
+ \kern-0.4pt\hrule}%
+ \kern-.06em\raise0.4pt\hbox{\angleright}}}}
+\def\key #1{{\nohyphenation \uppercase{#1}}\null}
+% The old definition, with no lozenge:
+%\def\key #1{{\ttsl \nohyphenation \uppercase{#1}}\null}
+\def\ctrl #1{{\tt \rawbackslash \hat}#1}
+
+% @file, @option are the same as @samp.
+\let\file=\samp
+\let\option=\samp
+
+% @code is a modification of @t,
+% which makes spaces the same size as normal in the surrounding text.
+\def\tclose#1{%
+ {%
+ % Change normal interword space to be same as for the current font.
+ \spaceskip = \fontdimen2\font
+ %
+ % Switch to typewriter.
+ \tt
+ %
+ % But `\ ' produces the large typewriter interword space.
+ \def\ {{\spaceskip = 0pt{} }}%
+ %
+ % Turn off hyphenation.
+ \nohyphenation
+ %
+ \rawbackslash
+ \plainfrenchspacing
+ #1%
+ }%
+ \null
+}
+
+% We *must* turn on hyphenation at `-' and `_' in @code.
+% Otherwise, it is too hard to avoid overfull hboxes
+% in the Emacs manual, the Library manual, etc.
+
+% Unfortunately, TeX uses one parameter (\hyphenchar) to control
+% both hyphenation at - and hyphenation within words.
+% We must therefore turn them both off (\tclose does that)
+% and arrange explicitly to hyphenate at a dash.
+% -- rms.
+{
+ \catcode`\-=\active \catcode`\_=\active
+ \catcode`\'=\active \catcode`\`=\active
+ %
+ \global\def\code{\begingroup
+ \catcode\rquoteChar=\active \catcode\lquoteChar=\active
+ \let'\codequoteright \let`\codequoteleft
+ %
+ \catcode\dashChar=\active \catcode\underChar=\active
+ \ifallowcodebreaks
+ \let-\codedash
+ \let_\codeunder
+ \else
+ \let-\realdash
+ \let_\realunder
+ \fi
+ \codex
+ }
+}
+
+\def\realdash{-}
+\def\codedash{-\discretionary{}{}{}}
+\def\codeunder{%
+ % this is all so @math{@code{var_name}+1} can work. In math mode, _
+ % is "active" (mathcode"8000) and \normalunderscore (or \char95, etc.)
+ % will therefore expand the active definition of _, which is us
+ % (inside @code that is), therefore an endless loop.
+ \ifusingtt{\ifmmode
+ \mathchar"075F % class 0=ordinary, family 7=ttfam, pos 0x5F=_.
+ \else\normalunderscore \fi
+ \discretionary{}{}{}}%
+ {\_}%
+}
+\def\codex #1{\tclose{#1}\endgroup}
+
+% An additional complication: the above will allow breaks after, e.g.,
+% each of the four underscores in __typeof__. This is undesirable in
+% some manuals, especially if they don't have long identifiers in
+% general. @allowcodebreaks provides a way to control this.
+%
+\newif\ifallowcodebreaks \allowcodebreakstrue
+
+\def\keywordtrue{true}
+\def\keywordfalse{false}
+
+\parseargdef\allowcodebreaks{%
+ \def\txiarg{#1}%
+ \ifx\txiarg\keywordtrue
+ \allowcodebreakstrue
+ \else\ifx\txiarg\keywordfalse
+ \allowcodebreaksfalse
+ \else
+ \errhelp = \EMsimple
+ \errmessage{Unknown @allowcodebreaks option `\txiarg'}%
+ \fi\fi
+}
+
+% @kbd is like @code, except that if the argument is just one @key command,
+% then @kbd has no effect.
+
+% @kbdinputstyle -- arg is `distinct' (@kbd uses slanted tty font always),
+% `example' (@kbd uses ttsl only inside of @example and friends),
+% or `code' (@kbd uses normal tty font always).
+\parseargdef\kbdinputstyle{%
+ \def\txiarg{#1}%
+ \ifx\txiarg\worddistinct
+ \gdef\kbdexamplefont{\ttsl}\gdef\kbdfont{\ttsl}%
+ \else\ifx\txiarg\wordexample
+ \gdef\kbdexamplefont{\ttsl}\gdef\kbdfont{\tt}%
+ \else\ifx\txiarg\wordcode
+ \gdef\kbdexamplefont{\tt}\gdef\kbdfont{\tt}%
+ \else
+ \errhelp = \EMsimple
+ \errmessage{Unknown @kbdinputstyle option `\txiarg'}%
+ \fi\fi\fi
+}
+\def\worddistinct{distinct}
+\def\wordexample{example}
+\def\wordcode{code}
+
+% Default is `distinct.'
+\kbdinputstyle distinct
+
+\def\xkey{\key}
+\def\kbdfoo#1#2#3\par{\def\one{#1}\def\three{#3}\def\threex{??}%
+\ifx\one\xkey\ifx\threex\three \key{#2}%
+\else{\tclose{\kbdfont\look}}\fi
+\else{\tclose{\kbdfont\look}}\fi}
+
+% For @indicateurl, @env, @command quotes seem unnecessary, so use \code.
+\let\indicateurl=\code
+\let\env=\code
+\let\command=\code
+
+% @uref (abbreviation for `urlref') takes an optional (comma-separated)
+% second argument specifying the text to display and an optional third
+% arg as text to display instead of (rather than in addition to) the url
+% itself. First (mandatory) arg is the url. Perhaps eventually put in
+% a hypertex \special here.
+%
+\def\uref#1{\douref #1,,,\finish}
+\def\douref#1,#2,#3,#4\finish{\begingroup
+ \unsepspaces
+ \pdfurl{#1}%
+ \setbox0 = \hbox{\ignorespaces #3}%
+ \ifdim\wd0 > 0pt
+ \unhbox0 % third arg given, show only that
+ \else
+ \setbox0 = \hbox{\ignorespaces #2}%
+ \ifdim\wd0 > 0pt
+ \ifpdf
+ \unhbox0 % PDF: 2nd arg given, show only it
+ \else
+ \unhbox0\ (\code{#1})% DVI: 2nd arg given, show both it and url
+ \fi
+ \else
+ \code{#1}% only url given, so show it
+ \fi
+ \fi
+ \endlink
+\endgroup}
+
+% @url synonym for @uref, since that's how everyone uses it.
+%
+\let\url=\uref
+
+% rms does not like angle brackets --karl, 17may97.
+% So now @email is just like @uref, unless we are pdf.
+%
+%\def\email#1{\angleleft{\tt #1}\angleright}
+\ifpdf
+ \def\email#1{\doemail#1,,\finish}
+ \def\doemail#1,#2,#3\finish{\begingroup
+ \unsepspaces
+ \pdfurl{mailto:#1}%
+ \setbox0 = \hbox{\ignorespaces #2}%
+ \ifdim\wd0>0pt\unhbox0\else\code{#1}\fi
+ \endlink
+ \endgroup}
+\else
+ \let\email=\uref
+\fi
+
+% Check if we are currently using a typewriter font. Since all the
+% Computer Modern typewriter fonts have zero interword stretch (and
+% shrink), and it is reasonable to expect all typewriter fonts to have
+% this property, we can check that font parameter.
+%
+\def\ifmonospace{\ifdim\fontdimen3\font=0pt }
+
+% Typeset a dimension, e.g., `in' or `pt'. The only reason for the
+% argument is to make the input look right: @dmn{pt} instead of @dmn{}pt.
+%
+\def\dmn#1{\thinspace #1}
+
+\def\kbd#1{\def\look{#1}\expandafter\kbdfoo\look??\par}
+
+% @l was never documented to mean ``switch to the Lisp font'',
+% and it is not used as such in any manual I can find. We need it for
+% Polish suppressed-l. --karl, 22sep96.
+%\def\l#1{{\li #1}\null}
+
+% Explicit font changes: @r, @sc, undocumented @ii.
+\def\r#1{{\rm #1}} % roman font
+\def\sc#1{{\smallcaps#1}} % smallcaps font
+\def\ii#1{{\it #1}} % italic font
+
+% @acronym for "FBI", "NATO", and the like.
+% We print this one point size smaller, since it's intended for
+% all-uppercase.
+%
+\def\acronym#1{\doacronym #1,,\finish}
+\def\doacronym#1,#2,#3\finish{%
+ {\selectfonts\lsize #1}%
+ \def\temp{#2}%
+ \ifx\temp\empty \else
+ \space ({\unsepspaces \ignorespaces \temp \unskip})%
+ \fi
+}
+
+% @abbr for "Comput. J." and the like.
+% No font change, but don't do end-of-sentence spacing.
+%
+\def\abbr#1{\doabbr #1,,\finish}
+\def\doabbr#1,#2,#3\finish{%
+ {\plainfrenchspacing #1}%
+ \def\temp{#2}%
+ \ifx\temp\empty \else
+ \space ({\unsepspaces \ignorespaces \temp \unskip})%
+ \fi
+}
+
+% @pounds{} is a sterling sign, which Knuth put in the CM italic font.
+%
+\def\pounds{{\it\$}}
+
+% @euro{} comes from a separate font, depending on the current style.
+% We use the free feym* fonts from the eurosym package by Henrik
+% Theiling, which support regular, slanted, bold and bold slanted (and
+% "outlined" (blackboard board, sort of) versions, which we don't need).
+% It is available from http://www.ctan.org/tex-archive/fonts/eurosym.
+%
+% Although only regular is the truly official Euro symbol, we ignore
+% that. The Euro is designed to be slightly taller than the regular
+% font height.
+%
+% feymr - regular
+% feymo - slanted
+% feybr - bold
+% feybo - bold slanted
+%
+% There is no good (free) typewriter version, to my knowledge.
+% A feymr10 euro is ~7.3pt wide, while a normal cmtt10 char is ~5.25pt wide.
+% Hmm.
+%
+% Also doesn't work in math. Do we need to do math with euro symbols?
+% Hope not.
+%
+%
+\def\euro{{\eurofont e}}
+\def\eurofont{%
+ % We set the font at each command, rather than predefining it in
+ % \textfonts and the other font-switching commands, so that
+ % installations which never need the symbol don't have to have the
+ % font installed.
+ %
+ % There is only one designed size (nominal 10pt), so we always scale
+ % that to the current nominal size.
+ %
+ % By the way, simply using "at 1em" works for cmr10 and the like, but
+ % does not work for cmbx10 and other extended/shrunken fonts.
+ %
+ \def\eurosize{\csname\curfontsize nominalsize\endcsname}%
+ %
+ \ifx\curfontstyle\bfstylename
+ % bold:
+ \font\thiseurofont = \ifusingit{feybo10}{feybr10} at \eurosize
+ \else
+ % regular:
+ \font\thiseurofont = \ifusingit{feymo10}{feymr10} at \eurosize
+ \fi
+ \thiseurofont
+}
+
+% @registeredsymbol - R in a circle. The font for the R should really
+% be smaller yet, but lllsize is the best we can do for now.
+% Adapted from the plain.tex definition of \copyright.
+%
+\def\registeredsymbol{%
+ $^{{\ooalign{\hfil\raise.07ex\hbox{\selectfonts\lllsize R}%
+ \hfil\crcr\Orb}}%
+ }$%
+}
+
+% @textdegree - the normal degrees sign.
+%
+\def\textdegree{$^\circ$}
+
+% Laurent Siebenmann reports \Orb undefined with:
+% Textures 1.7.7 (preloaded format=plain 93.10.14) (68K) 16 APR 2004 02:38
+% so we'll define it if necessary.
+%
+\ifx\Orb\undefined
+\def\Orb{\mathhexbox20D}
+\fi
+
+
+\message{page headings,}
+
+\newskip\titlepagetopglue \titlepagetopglue = 1.5in
+\newskip\titlepagebottomglue \titlepagebottomglue = 2pc
+
+% First the title page. Must do @settitle before @titlepage.
+\newif\ifseenauthor
+\newif\iffinishedtitlepage
+
+% Do an implicit @contents or @shortcontents after @end titlepage if the
+% user says @setcontentsaftertitlepage or @setshortcontentsaftertitlepage.
+%
+\newif\ifsetcontentsaftertitlepage
+ \let\setcontentsaftertitlepage = \setcontentsaftertitlepagetrue
+\newif\ifsetshortcontentsaftertitlepage
+ \let\setshortcontentsaftertitlepage = \setshortcontentsaftertitlepagetrue
+
+\parseargdef\shorttitlepage{\begingroup\hbox{}\vskip 1.5in \chaprm \centerline{#1}%
+ \endgroup\page\hbox{}\page}
+
+\envdef\titlepage{%
+ % Open one extra group, as we want to close it in the middle of \Etitlepage.
+ \begingroup
+ \parindent=0pt \textfonts
+ % Leave some space at the very top of the page.
+ \vglue\titlepagetopglue
+ % No rule at page bottom unless we print one at the top with @title.
+ \finishedtitlepagetrue
+ %
+ % Most title ``pages'' are actually two pages long, with space
+ % at the top of the second. We don't want the ragged left on the second.
+ \let\oldpage = \page
+ \def\page{%
+ \iffinishedtitlepage\else
+ \finishtitlepage
+ \fi
+ \let\page = \oldpage
+ \page
+ \null
+ }%
+}
+
+\def\Etitlepage{%
+ \iffinishedtitlepage\else
+ \finishtitlepage
+ \fi
+ % It is important to do the page break before ending the group,
+ % because the headline and footline are only empty inside the group.
+ % If we use the new definition of \page, we always get a blank page
+ % after the title page, which we certainly don't want.
+ \oldpage
+ \endgroup
+ %
+ % Need this before the \...aftertitlepage checks so that if they are
+ % in effect the toc pages will come out with page numbers.
+ \HEADINGSon
+ %
+ % If they want short, they certainly want long too.
+ \ifsetshortcontentsaftertitlepage
+ \shortcontents
+ \contents
+ \global\let\shortcontents = \relax
+ \global\let\contents = \relax
+ \fi
+ %
+ \ifsetcontentsaftertitlepage
+ \contents
+ \global\let\contents = \relax
+ \global\let\shortcontents = \relax
+ \fi
+}
+
+\def\finishtitlepage{%
+ \vskip4pt \hrule height 2pt width \hsize
+ \vskip\titlepagebottomglue
+ \finishedtitlepagetrue
+}
+
+%%% Macros to be used within @titlepage:
+
+\let\subtitlerm=\tenrm
+\def\subtitlefont{\subtitlerm \normalbaselineskip = 13pt \normalbaselines}
+
+\def\authorfont{\authorrm \normalbaselineskip = 16pt \normalbaselines
+ \let\tt=\authortt}
+
+\parseargdef\title{%
+ \checkenv\titlepage
+ \leftline{\titlefonts\rm #1}
+ % print a rule at the page bottom also.
+ \finishedtitlepagefalse
+ \vskip4pt \hrule height 4pt width \hsize \vskip4pt
+}
+
+\parseargdef\subtitle{%
+ \checkenv\titlepage
+ {\subtitlefont \rightline{#1}}%
+}
+
+% @author should come last, but may come many times.
+% It can also be used inside @quotation.
+%
+\parseargdef\author{%
+ \def\temp{\quotation}%
+ \ifx\thisenv\temp
+ \def\quotationauthor{#1}% printed in \Equotation.
+ \else
+ \checkenv\titlepage
+ \ifseenauthor\else \vskip 0pt plus 1filll \seenauthortrue \fi
+ {\authorfont \leftline{#1}}%
+ \fi
+}
+
+
+%%% Set up page headings and footings.
+
+\let\thispage=\folio
+
+\newtoks\evenheadline % headline on even pages
+\newtoks\oddheadline % headline on odd pages
+\newtoks\evenfootline % footline on even pages
+\newtoks\oddfootline % footline on odd pages
+
+% Now make TeX use those variables
+\headline={{\textfonts\rm \ifodd\pageno \the\oddheadline
+ \else \the\evenheadline \fi}}
+\footline={{\textfonts\rm \ifodd\pageno \the\oddfootline
+ \else \the\evenfootline \fi}\HEADINGShook}
+\let\HEADINGShook=\relax
+
+% Commands to set those variables.
+% For example, this is what @headings on does
+% @evenheading @thistitle|@thispage|@thischapter
+% @oddheading @thischapter|@thispage|@thistitle
+% @evenfooting @thisfile||
+% @oddfooting ||@thisfile
+
+
+\def\evenheading{\parsearg\evenheadingxxx}
+\def\evenheadingxxx #1{\evenheadingyyy #1\|\|\|\|\finish}
+\def\evenheadingyyy #1\|#2\|#3\|#4\finish{%
+\global\evenheadline={\rlap{\centerline{#2}}\line{#1\hfil#3}}}
+
+\def\oddheading{\parsearg\oddheadingxxx}
+\def\oddheadingxxx #1{\oddheadingyyy #1\|\|\|\|\finish}
+\def\oddheadingyyy #1\|#2\|#3\|#4\finish{%
+\global\oddheadline={\rlap{\centerline{#2}}\line{#1\hfil#3}}}
+
+\parseargdef\everyheading{\oddheadingxxx{#1}\evenheadingxxx{#1}}%
+
+\def\evenfooting{\parsearg\evenfootingxxx}
+\def\evenfootingxxx #1{\evenfootingyyy #1\|\|\|\|\finish}
+\def\evenfootingyyy #1\|#2\|#3\|#4\finish{%
+\global\evenfootline={\rlap{\centerline{#2}}\line{#1\hfil#3}}}
+
+\def\oddfooting{\parsearg\oddfootingxxx}
+\def\oddfootingxxx #1{\oddfootingyyy #1\|\|\|\|\finish}
+\def\oddfootingyyy #1\|#2\|#3\|#4\finish{%
+ \global\oddfootline = {\rlap{\centerline{#2}}\line{#1\hfil#3}}%
+ %
+ % Leave some space for the footline. Hopefully ok to assume
+ % @evenfooting will not be used by itself.
+ \global\advance\pageheight by -12pt
+ \global\advance\vsize by -12pt
+}
+
+\parseargdef\everyfooting{\oddfootingxxx{#1}\evenfootingxxx{#1}}
+
+
+% @headings double turns headings on for double-sided printing.
+% @headings single turns headings on for single-sided printing.
+% @headings off turns them off.
+% @headings on same as @headings double, retained for compatibility.
+% @headings after turns on double-sided headings after this page.
+% @headings doubleafter turns on double-sided headings after this page.
+% @headings singleafter turns on single-sided headings after this page.
+% By default, they are off at the start of a document,
+% and turned `on' after @end titlepage.
+
+\def\headings #1 {\csname HEADINGS#1\endcsname}
+
+\def\HEADINGSoff{%
+\global\evenheadline={\hfil} \global\evenfootline={\hfil}
+\global\oddheadline={\hfil} \global\oddfootline={\hfil}}
+\HEADINGSoff
+% When we turn headings on, set the page number to 1.
+% For double-sided printing, put current file name in lower left corner,
+% chapter name on inside top of right hand pages, document
+% title on inside top of left hand pages, and page numbers on outside top
+% edge of all pages.
+\def\HEADINGSdouble{%
+\global\pageno=1
+\global\evenfootline={\hfil}
+\global\oddfootline={\hfil}
+\global\evenheadline={\line{\folio\hfil\thistitle}}
+\global\oddheadline={\line{\thischapter\hfil\folio}}
+\global\let\contentsalignmacro = \chapoddpage
+}
+\let\contentsalignmacro = \chappager
+
+% For single-sided printing, chapter title goes across top left of page,
+% page number on top right.
+\def\HEADINGSsingle{%
+\global\pageno=1
+\global\evenfootline={\hfil}
+\global\oddfootline={\hfil}
+\global\evenheadline={\line{\thischapter\hfil\folio}}
+\global\oddheadline={\line{\thischapter\hfil\folio}}
+\global\let\contentsalignmacro = \chappager
+}
+\def\HEADINGSon{\HEADINGSdouble}
+
+\def\HEADINGSafter{\let\HEADINGShook=\HEADINGSdoublex}
+\let\HEADINGSdoubleafter=\HEADINGSafter
+\def\HEADINGSdoublex{%
+\global\evenfootline={\hfil}
+\global\oddfootline={\hfil}
+\global\evenheadline={\line{\folio\hfil\thistitle}}
+\global\oddheadline={\line{\thischapter\hfil\folio}}
+\global\let\contentsalignmacro = \chapoddpage
+}
+
+\def\HEADINGSsingleafter{\let\HEADINGShook=\HEADINGSsinglex}
+\def\HEADINGSsinglex{%
+\global\evenfootline={\hfil}
+\global\oddfootline={\hfil}
+\global\evenheadline={\line{\thischapter\hfil\folio}}
+\global\oddheadline={\line{\thischapter\hfil\folio}}
+\global\let\contentsalignmacro = \chappager
+}
+
+% Subroutines used in generating headings
+% This produces Day Month Year style of output.
+% Only define if not already defined, in case a txi-??.tex file has set
+% up a different format (e.g., txi-cs.tex does this).
+\ifx\today\undefined
+\def\today{%
+ \number\day\space
+ \ifcase\month
+ \or\putwordMJan\or\putwordMFeb\or\putwordMMar\or\putwordMApr
+ \or\putwordMMay\or\putwordMJun\or\putwordMJul\or\putwordMAug
+ \or\putwordMSep\or\putwordMOct\or\putwordMNov\or\putwordMDec
+ \fi
+ \space\number\year}
+\fi
+
+% @settitle line... specifies the title of the document, for headings.
+% It generates no output of its own.
+\def\thistitle{\putwordNoTitle}
+\def\settitle{\parsearg{\gdef\thistitle}}
+
+
+\message{tables,}
+% Tables -- @table, @ftable, @vtable, @item(x).
+
+% default indentation of table text
+\newdimen\tableindent \tableindent=.8in
+% default indentation of @itemize and @enumerate text
+\newdimen\itemindent \itemindent=.3in
+% margin between end of table item and start of table text.
+\newdimen\itemmargin \itemmargin=.1in
+
+% used internally for \itemindent minus \itemmargin
+\newdimen\itemmax
+
+% Note @table, @ftable, and @vtable define @item, @itemx, etc., with
+% these defs.
+% They also define \itemindex
+% to index the item name in whatever manner is desired (perhaps none).
+
+\newif\ifitemxneedsnegativevskip
+
+\def\itemxpar{\par\ifitemxneedsnegativevskip\nobreak\vskip-\parskip\nobreak\fi}
+
+\def\internalBitem{\smallbreak \parsearg\itemzzz}
+\def\internalBitemx{\itemxpar \parsearg\itemzzz}
+
+\def\itemzzz #1{\begingroup %
+ \advance\hsize by -\rightskip
+ \advance\hsize by -\tableindent
+ \setbox0=\hbox{\itemindicate{#1}}%
+ \itemindex{#1}%
+ \nobreak % This prevents a break before @itemx.
+ %
+ % If the item text does not fit in the space we have, put it on a line
+ % by itself, and do not allow a page break either before or after that
+ % line. We do not start a paragraph here because then if the next
+ % command is, e.g., @kindex, the whatsit would get put into the
+ % horizontal list on a line by itself, resulting in extra blank space.
+ \ifdim \wd0>\itemmax
+ %
+ % Make this a paragraph so we get the \parskip glue and wrapping,
+ % but leave it ragged-right.
+ \begingroup
+ \advance\leftskip by-\tableindent
+ \advance\hsize by\tableindent
+ \advance\rightskip by0pt plus1fil
+ \leavevmode\unhbox0\par
+ \endgroup
+ %
+ % We're going to be starting a paragraph, but we don't want the
+ % \parskip glue -- logically it's part of the @item we just started.
+ \nobreak \vskip-\parskip
+ %
+ % Stop a page break at the \parskip glue coming up. However, if
+ % what follows is an environment such as @example, there will be no
+ % \parskip glue; then the negative vskip we just inserted would
+ % cause the example and the item to crash together. So we use this
+ % bizarre value of 10001 as a signal to \aboveenvbreak to insert
+ % \parskip glue after all. Section titles are handled this way also.
+ %
+ \penalty 10001
+ \endgroup
+ \itemxneedsnegativevskipfalse
+ \else
+ % The item text fits into the space. Start a paragraph, so that the
+ % following text (if any) will end up on the same line.
+ \noindent
+ % Do this with kerns and \unhbox so that if there is a footnote in
+ % the item text, it can migrate to the main vertical list and
+ % eventually be printed.
+ \nobreak\kern-\tableindent
+ \dimen0 = \itemmax \advance\dimen0 by \itemmargin \advance\dimen0 by -\wd0
+ \unhbox0
+ \nobreak\kern\dimen0
+ \endgroup
+ \itemxneedsnegativevskiptrue
+ \fi
+}
+
+\def\item{\errmessage{@item while not in a list environment}}
+\def\itemx{\errmessage{@itemx while not in a list environment}}
+
+% @table, @ftable, @vtable.
+\envdef\table{%
+ \let\itemindex\gobble
+ \tablecheck{table}%
+}
+\envdef\ftable{%
+ \def\itemindex ##1{\doind {fn}{\code{##1}}}%
+ \tablecheck{ftable}%
+}
+\envdef\vtable{%
+ \def\itemindex ##1{\doind {vr}{\code{##1}}}%
+ \tablecheck{vtable}%
+}
+\def\tablecheck#1{%
+ \ifnum \the\catcode`\^^M=\active
+ \endgroup
+ \errmessage{This command won't work in this context; perhaps the problem is
+ that we are \inenvironment\thisenv}%
+ \def\next{\doignore{#1}}%
+ \else
+ \let\next\tablex
+ \fi
+ \next
+}
+\def\tablex#1{%
+ \def\itemindicate{#1}%
+ \parsearg\tabley
+}
+\def\tabley#1{%
+ {%
+ \makevalueexpandable
+ \edef\temp{\noexpand\tablez #1\space\space\space}%
+ \expandafter
+ }\temp \endtablez
+}
+\def\tablez #1 #2 #3 #4\endtablez{%
+ \aboveenvbreak
+ \ifnum 0#1>0 \advance \leftskip by #1\mil \fi
+ \ifnum 0#2>0 \tableindent=#2\mil \fi
+ \ifnum 0#3>0 \advance \rightskip by #3\mil \fi
+ \itemmax=\tableindent
+ \advance \itemmax by -\itemmargin
+ \advance \leftskip by \tableindent
+ \exdentamount=\tableindent
+ \parindent = 0pt
+ \parskip = \smallskipamount
+ \ifdim \parskip=0pt \parskip=2pt \fi
+ \let\item = \internalBitem
+ \let\itemx = \internalBitemx
+}
+\def\Etable{\endgraf\afterenvbreak}
+\let\Eftable\Etable
+\let\Evtable\Etable
+\let\Eitemize\Etable
+\let\Eenumerate\Etable
+
+% This is the counter used by @enumerate, which is really @itemize
+
+\newcount \itemno
+
+\envdef\itemize{\parsearg\doitemize}
+
+\def\doitemize#1{%
+ \aboveenvbreak
+ \itemmax=\itemindent
+ \advance\itemmax by -\itemmargin
+ \advance\leftskip by \itemindent
+ \exdentamount=\itemindent
+ \parindent=0pt
+ \parskip=\smallskipamount
+ \ifdim\parskip=0pt \parskip=2pt \fi
+ \def\itemcontents{#1}%
+ % @itemize with no arg is equivalent to @itemize @bullet.
+ \ifx\itemcontents\empty\def\itemcontents{\bullet}\fi
+ \let\item=\itemizeitem
+}
+
+% Definition of @item while inside @itemize and @enumerate.
+%
+\def\itemizeitem{%
+ \advance\itemno by 1 % for enumerations
+ {\let\par=\endgraf \smallbreak}% reasonable place to break
+ {%
+ % If the document has an @itemize directly after a section title, a
+ % \nobreak will be last on the list, and \sectionheading will have
+ % done a \vskip-\parskip. In that case, we don't want to zero
+ % parskip, or the item text will crash with the heading. On the
+ % other hand, when there is normal text preceding the item (as there
+ % usually is), we do want to zero parskip, or there would be too much
+ % space. In that case, we won't have a \nobreak before. At least
+ % that's the theory.
+ \ifnum\lastpenalty<10000 \parskip=0in \fi
+ \noindent
+ \hbox to 0pt{\hss \itemcontents \kern\itemmargin}%
+ \vadjust{\penalty 1200}}% not good to break after first line of item.
+ \flushcr
+}
+
+% \splitoff TOKENS\endmark defines \first to be the first token in
+% TOKENS, and \rest to be the remainder.
+%
+\def\splitoff#1#2\endmark{\def\first{#1}\def\rest{#2}}%
+
+% Allow an optional argument of an uppercase letter, lowercase letter,
+% or number, to specify the first label in the enumerated list. No
+% argument is the same as `1'.
+%
+\envparseargdef\enumerate{\enumeratey #1 \endenumeratey}
+\def\enumeratey #1 #2\endenumeratey{%
+ % If we were given no argument, pretend we were given `1'.
+ \def\thearg{#1}%
+ \ifx\thearg\empty \def\thearg{1}\fi
+ %
+ % Detect if the argument is a single token. If so, it might be a
+ % letter. Otherwise, the only valid thing it can be is a number.
+ % (We will always have one token, because of the test we just made.
+ % This is a good thing, since \splitoff doesn't work given nothing at
+ % all -- the first parameter is undelimited.)
+ \expandafter\splitoff\thearg\endmark
+ \ifx\rest\empty
+ % Only one token in the argument. It could still be anything.
+ % A ``lowercase letter'' is one whose \lccode is nonzero.
+ % An ``uppercase letter'' is one whose \lccode is both nonzero, and
+ % not equal to itself.
+ % Otherwise, we assume it's a number.
+ %
+ % We need the \relax at the end of the \ifnum lines to stop TeX from
+ % continuing to look for a <number>.
+ %
+ \ifnum\lccode\expandafter`\thearg=0\relax
+ \numericenumerate % a number (we hope)
+ \else
+ % It's a letter.
+ \ifnum\lccode\expandafter`\thearg=\expandafter`\thearg\relax
+ \lowercaseenumerate % lowercase letter
+ \else
+ \uppercaseenumerate % uppercase letter
+ \fi
+ \fi
+ \else
+ % Multiple tokens in the argument. We hope it's a number.
+ \numericenumerate
+ \fi
+}
+
+% An @enumerate whose labels are integers. The starting integer is
+% given in \thearg.
+%
+\def\numericenumerate{%
+ \itemno = \thearg
+ \startenumeration{\the\itemno}%
+}
+
+% The starting (lowercase) letter is in \thearg.
+\def\lowercaseenumerate{%
+ \itemno = \expandafter`\thearg
+ \startenumeration{%
+ % Be sure we're not beyond the end of the alphabet.
+ \ifnum\itemno=0
+ \errmessage{No more lowercase letters in @enumerate; get a bigger
+ alphabet}%
+ \fi
+ \char\lccode\itemno
+ }%
+}
+
+% The starting (uppercase) letter is in \thearg.
+\def\uppercaseenumerate{%
+ \itemno = \expandafter`\thearg
+ \startenumeration{%
+ % Be sure we're not beyond the end of the alphabet.
+ \ifnum\itemno=0
+ \errmessage{No more uppercase letters in @enumerate; get a bigger
+ alphabet}
+ \fi
+ \char\uccode\itemno
+ }%
+}
+
+% Call \doitemize, adding a period to the first argument and supplying the
+% common last two arguments. Also subtract one from the initial value in
+% \itemno, since @item increments \itemno.
+%
+\def\startenumeration#1{%
+ \advance\itemno by -1
+ \doitemize{#1.}\flushcr
+}
+
+% @alphaenumerate and @capsenumerate are abbreviations for giving an arg
+% to @enumerate.
+%
+\def\alphaenumerate{\enumerate{a}}
+\def\capsenumerate{\enumerate{A}}
+\def\Ealphaenumerate{\Eenumerate}
+\def\Ecapsenumerate{\Eenumerate}
+
+
+% @multitable macros
+% Amy Hendrickson, 8/18/94, 3/6/96
+%
+% @multitable ... @end multitable will make as many columns as desired.
+% Contents of each column will wrap at width given in preamble. Width
+% can be specified either with sample text given in a template line,
+% or in percent of \hsize, the current width of text on page.
+
+% Table can continue over pages but will only break between lines.
+
+% To make preamble:
+%
+% Either define widths of columns in terms of percent of \hsize:
+% @multitable @columnfractions .25 .3 .45
+% @item ...
+%
+% Numbers following @columnfractions are the percent of the total
+% current hsize to be used for each column. You may use as many
+% columns as desired.
+
+
+% Or use a template:
+% @multitable {Column 1 template} {Column 2 template} {Column 3 template}
+% @item ...
+% using the widest term desired in each column.
+
+% Each new table line starts with @item, each subsequent new column
+% starts with @tab. Empty columns may be produced by supplying @tab's
+% with nothing between them for as many times as empty columns are needed,
+% ie, @tab@tab@tab will produce two empty columns.
+
+% @item, @tab do not need to be on their own lines, but it will not hurt
+% if they are.
+
+% Sample multitable:
+
+% @multitable {Column 1 template} {Column 2 template} {Column 3 template}
+% @item first col stuff @tab second col stuff @tab third col
+% @item
+% first col stuff
+% @tab
+% second col stuff
+% @tab
+% third col
+% @item first col stuff @tab second col stuff
+% @tab Many paragraphs of text may be used in any column.
+%
+% They will wrap at the width determined by the template.
+% @item@tab@tab This will be in third column.
+% @end multitable
+
+% Default dimensions may be reset by user.
+% @multitableparskip is vertical space between paragraphs in table.
+% @multitableparindent is paragraph indent in table.
+% @multitablecolmargin is horizontal space to be left between columns.
+% @multitablelinespace is space to leave between table items, baseline
+% to baseline.
+% 0pt means it depends on current normal line spacing.
+%
+\newskip\multitableparskip
+\newskip\multitableparindent
+\newdimen\multitablecolspace
+\newskip\multitablelinespace
+\multitableparskip=0pt
+\multitableparindent=6pt
+\multitablecolspace=12pt
+\multitablelinespace=0pt
+
+% Macros used to set up halign preamble:
+%
+\let\endsetuptable\relax
+\def\xendsetuptable{\endsetuptable}
+\let\columnfractions\relax
+\def\xcolumnfractions{\columnfractions}
+\newif\ifsetpercent
+
+% #1 is the @columnfraction, usually a decimal number like .5, but might
+% be just 1. We just use it, whatever it is.
+%
+\def\pickupwholefraction#1 {%
+ \global\advance\colcount by 1
+ \expandafter\xdef\csname col\the\colcount\endcsname{#1\hsize}%
+ \setuptable
+}
+
+\newcount\colcount
+\def\setuptable#1{%
+ \def\firstarg{#1}%
+ \ifx\firstarg\xendsetuptable
+ \let\go = \relax
+ \else
+ \ifx\firstarg\xcolumnfractions
+ \global\setpercenttrue
+ \else
+ \ifsetpercent
+ \let\go\pickupwholefraction
+ \else
+ \global\advance\colcount by 1
+ \setbox0=\hbox{#1\unskip\space}% Add a normal word space as a
+ % separator; typically that is always in the input, anyway.
+ \expandafter\xdef\csname col\the\colcount\endcsname{\the\wd0}%
+ \fi
+ \fi
+ \ifx\go\pickupwholefraction
+ % Put the argument back for the \pickupwholefraction call, so
+ % we'll always have a period there to be parsed.
+ \def\go{\pickupwholefraction#1}%
+ \else
+ \let\go = \setuptable
+ \fi%
+ \fi
+ \go
+}
+
+% multitable-only commands.
+%
+% @headitem starts a heading row, which we typeset in bold.
+% Assignments have to be global since we are inside the implicit group
+% of an alignment entry. Note that \everycr resets \everytab.
+\def\headitem{\checkenv\multitable \crcr \global\everytab={\bf}\the\everytab}%
+%
+% A \tab used to include \hskip1sp. But then the space in a template
+% line is not enough. That is bad. So let's go back to just `&' until
+% we encounter the problem it was intended to solve again.
+% --karl, nathan@acm.org, 20apr99.
+\def\tab{\checkenv\multitable &\the\everytab}%
+
+% @multitable ... @end multitable definitions:
+%
+\newtoks\everytab % insert after every tab.
+%
+\envdef\multitable{%
+ \vskip\parskip
+ \startsavinginserts
+ %
+ % @item within a multitable starts a normal row.
+ % We use \def instead of \let so that if one of the multitable entries
+ % contains an @itemize, we don't choke on the \item (seen as \crcr aka
+ % \endtemplate) expanding \doitemize.
+ \def\item{\crcr}%
+ %
+ \tolerance=9500
+ \hbadness=9500
+ \setmultitablespacing
+ \parskip=\multitableparskip
+ \parindent=\multitableparindent
+ \overfullrule=0pt
+ \global\colcount=0
+ %
+ \everycr = {%
+ \noalign{%
+ \global\everytab={}%
+ \global\colcount=0 % Reset the column counter.
+ % Check for saved footnotes, etc.
+ \checkinserts
+ % Keeps underfull box messages off when table breaks over pages.
+ %\filbreak
+ % Maybe so, but it also creates really weird page breaks when the
+ % table breaks over pages. Wouldn't \vfil be better? Wait until the
+ % problem manifests itself, so it can be fixed for real --karl.
+ }%
+ }%
+ %
+ \parsearg\domultitable
+}
+\def\domultitable#1{%
+ % To parse everything between @multitable and @item:
+ \setuptable#1 \endsetuptable
+ %
+ % This preamble sets up a generic column definition, which will
+ % be used as many times as user calls for columns.
+ % \vtop will set a single line and will also let text wrap and
+ % continue for many paragraphs if desired.
+ \halign\bgroup &%
+ \global\advance\colcount by 1
+ \multistrut
+ \vtop{%
+ % Use the current \colcount to find the correct column width:
+ \hsize=\expandafter\csname col\the\colcount\endcsname
+ %
+ % In order to keep entries from bumping into each other
+ % we will add a \leftskip of \multitablecolspace to all columns after
+ % the first one.
+ %
+ % If a template has been used, we will add \multitablecolspace
+ % to the width of each template entry.
+ %
+ % If the user has set preamble in terms of percent of \hsize we will
+ % use that dimension as the width of the column, and the \leftskip
+ % will keep entries from bumping into each other. Table will start at
+ % left margin and final column will justify at right margin.
+ %
+ % Make sure we don't inherit \rightskip from the outer environment.
+ \rightskip=0pt
+ \ifnum\colcount=1
+ % The first column will be indented with the surrounding text.
+ \advance\hsize by\leftskip
+ \else
+ \ifsetpercent \else
+ % If user has not set preamble in terms of percent of \hsize
+ % we will advance \hsize by \multitablecolspace.
+ \advance\hsize by \multitablecolspace
+ \fi
+ % In either case we will make \leftskip=\multitablecolspace:
+ \leftskip=\multitablecolspace
+ \fi
+ % Ignoring space at the beginning and end avoids an occasional spurious
+ % blank line, when TeX decides to break the line at the space before the
+ % box from the multistrut, so the strut ends up on a line by itself.
+ % For example:
+ % @multitable @columnfractions .11 .89
+ % @item @code{#}
+ % @tab Legal holiday which is valid in major parts of the whole country.
+ % Is automatically provided with highlighting sequences respectively
+ % marking characters.
+ \noindent\ignorespaces##\unskip\multistrut
+ }\cr
+}
+\def\Emultitable{%
+ \crcr
+ \egroup % end the \halign
+ \global\setpercentfalse
+}
+
+\def\setmultitablespacing{%
+ \def\multistrut{\strut}% just use the standard line spacing
+ %
+ % Compute \multitablelinespace (if not defined by user) for use in
+ % \multitableparskip calculation. We used define \multistrut based on
+ % this, but (ironically) that caused the spacing to be off.
+ % See bug-texinfo report from Werner Lemberg, 31 Oct 2004 12:52:20 +0100.
+\ifdim\multitablelinespace=0pt
+\setbox0=\vbox{X}\global\multitablelinespace=\the\baselineskip
+\global\advance\multitablelinespace by-\ht0
+\fi
+%% Test to see if parskip is larger than space between lines of
+%% table. If not, do nothing.
+%% If so, set to same dimension as multitablelinespace.
+\ifdim\multitableparskip>\multitablelinespace
+\global\multitableparskip=\multitablelinespace
+\global\advance\multitableparskip-7pt %% to keep parskip somewhat smaller
+ %% than skip between lines in the table.
+\fi%
+\ifdim\multitableparskip=0pt
+\global\multitableparskip=\multitablelinespace
+\global\advance\multitableparskip-7pt %% to keep parskip somewhat smaller
+ %% than skip between lines in the table.
+\fi}
+
+
+\message{conditionals,}
+
+% @iftex, @ifnotdocbook, @ifnothtml, @ifnotinfo, @ifnotplaintext,
+% @ifnotxml always succeed. They currently do nothing; we don't
+% attempt to check whether the conditionals are properly nested. But we
+% have to remember that they are conditionals, so that @end doesn't
+% attempt to close an environment group.
+%
+\def\makecond#1{%
+ \expandafter\let\csname #1\endcsname = \relax
+ \expandafter\let\csname iscond.#1\endcsname = 1
+}
+\makecond{iftex}
+\makecond{ifnotdocbook}
+\makecond{ifnothtml}
+\makecond{ifnotinfo}
+\makecond{ifnotplaintext}
+\makecond{ifnotxml}
+
+% Ignore @ignore, @ifhtml, @ifinfo, and the like.
+%
+\def\direntry{\doignore{direntry}}
+\def\documentdescription{\doignore{documentdescription}}
+\def\docbook{\doignore{docbook}}
+\def\html{\doignore{html}}
+\def\ifdocbook{\doignore{ifdocbook}}
+\def\ifhtml{\doignore{ifhtml}}
+\def\ifinfo{\doignore{ifinfo}}
+\def\ifnottex{\doignore{ifnottex}}
+\def\ifplaintext{\doignore{ifplaintext}}
+\def\ifxml{\doignore{ifxml}}
+\def\ignore{\doignore{ignore}}
+\def\menu{\doignore{menu}}
+\def\xml{\doignore{xml}}
+
+% Ignore text until a line `@end #1', keeping track of nested conditionals.
+%
+% A count to remember the depth of nesting.
+\newcount\doignorecount
+
+\def\doignore#1{\begingroup
+ % Scan in ``verbatim'' mode:
+ \obeylines
+ \catcode`\@ = \other
+ \catcode`\{ = \other
+ \catcode`\} = \other
+ %
+ % Make sure that spaces turn into tokens that match what \doignoretext wants.
+ \spaceisspace
+ %
+ % Count number of #1's that we've seen.
+ \doignorecount = 0
+ %
+ % Swallow text until we reach the matching `@end #1'.
+ \dodoignore{#1}%
+}
+
+{ \catcode`_=11 % We want to use \_STOP_ which cannot appear in texinfo source.
+ \obeylines %
+ %
+ \gdef\dodoignore#1{%
+ % #1 contains the command name as a string, e.g., `ifinfo'.
+ %
+ % Define a command to find the next `@end #1'.
+ \long\def\doignoretext##1^^M@end #1{%
+ \doignoretextyyy##1^^M@#1\_STOP_}%
+ %
+ % And this command to find another #1 command, at the beginning of a
+ % line. (Otherwise, we would consider a line `@c @ifset', for
+ % example, to count as an @ifset for nesting.)
+ \long\def\doignoretextyyy##1^^M@#1##2\_STOP_{\doignoreyyy{##2}\_STOP_}%
+ %
+ % And now expand that command.
+ \doignoretext ^^M%
+ }%
+}
+
+\def\doignoreyyy#1{%
+ \def\temp{#1}%
+ \ifx\temp\empty % Nothing found.
+ \let\next\doignoretextzzz
+ \else % Found a nested condition, ...
+ \advance\doignorecount by 1
+ \let\next\doignoretextyyy % ..., look for another.
+ % If we're here, #1 ends with ^^M\ifinfo (for example).
+ \fi
+ \next #1% the token \_STOP_ is present just after this macro.
+}
+
+% We have to swallow the remaining "\_STOP_".
+%
+\def\doignoretextzzz#1{%
+ \ifnum\doignorecount = 0 % We have just found the outermost @end.
+ \let\next\enddoignore
+ \else % Still inside a nested condition.
+ \advance\doignorecount by -1
+ \let\next\doignoretext % Look for the next @end.
+ \fi
+ \next
+}
+
+% Finish off ignored text.
+{ \obeylines%
+ % Ignore anything after the last `@end #1'; this matters in verbatim
+ % environments, where otherwise the newline after an ignored conditional
+ % would result in a blank line in the output.
+ \gdef\enddoignore#1^^M{\endgroup\ignorespaces}%
+}
+
+
+% @set VAR sets the variable VAR to an empty value.
+% @set VAR REST-OF-LINE sets VAR to the value REST-OF-LINE.
+%
+% Since we want to separate VAR from REST-OF-LINE (which might be
+% empty), we can't just use \parsearg; we have to insert a space of our
+% own to delimit the rest of the line, and then take it out again if we
+% didn't need it.
+% We rely on the fact that \parsearg sets \catcode`\ =10.
+%
+\parseargdef\set{\setyyy#1 \endsetyyy}
+\def\setyyy#1 #2\endsetyyy{%
+ {%
+ \makevalueexpandable
+ \def\temp{#2}%
+ \edef\next{\gdef\makecsname{SET#1}}%
+ \ifx\temp\empty
+ \next{}%
+ \else
+ \setzzz#2\endsetzzz
+ \fi
+ }%
+}
+% Remove the trailing space \setxxx inserted.
+\def\setzzz#1 \endsetzzz{\next{#1}}
+
+% @clear VAR clears (i.e., unsets) the variable VAR.
+%
+\parseargdef\clear{%
+ {%
+ \makevalueexpandable
+ \global\expandafter\let\csname SET#1\endcsname=\relax
+ }%
+}
+
+% @value{foo} gets the text saved in variable foo.
+\def\value{\begingroup\makevalueexpandable\valuexxx}
+\def\valuexxx#1{\expandablevalue{#1}\endgroup}
+{
+ \catcode`\- = \active \catcode`\_ = \active
+ %
+ \gdef\makevalueexpandable{%
+ \let\value = \expandablevalue
+ % We don't want these characters active, ...
+ \catcode`\-=\other \catcode`\_=\other
+ % ..., but we might end up with active ones in the argument if
+ % we're called from @code, as @code{@value{foo-bar_}}, though.
+ % So \let them to their normal equivalents.
+ \let-\realdash \let_\normalunderscore
+ }
+}
+
+% We have this subroutine so that we can handle at least some @value's
+% properly in indexes (we call \makevalueexpandable in \indexdummies).
+% The command has to be fully expandable (if the variable is set), since
+% the result winds up in the index file. This means that if the
+% variable's value contains other Texinfo commands, it's almost certain
+% it will fail (although perhaps we could fix that with sufficient work
+% to do a one-level expansion on the result, instead of complete).
+%
+\def\expandablevalue#1{%
+ \expandafter\ifx\csname SET#1\endcsname\relax
+ {[No value for ``#1'']}%
+ \message{Variable `#1', used in @value, is not set.}%
+ \else
+ \csname SET#1\endcsname
+ \fi
+}
+
+% @ifset VAR ... @end ifset reads the `...' iff VAR has been defined
+% with @set.
+%
+% To get special treatment of `@end ifset,' call \makeond and the redefine.
+%
+\makecond{ifset}
+\def\ifset{\parsearg{\doifset{\let\next=\ifsetfail}}}
+\def\doifset#1#2{%
+ {%
+ \makevalueexpandable
+ \let\next=\empty
+ \expandafter\ifx\csname SET#2\endcsname\relax
+ #1% If not set, redefine \next.
+ \fi
+ \expandafter
+ }\next
+}
+\def\ifsetfail{\doignore{ifset}}
+
+% @ifclear VAR ... @end ifclear reads the `...' iff VAR has never been
+% defined with @set, or has been undefined with @clear.
+%
+% The `\else' inside the `\doifset' parameter is a trick to reuse the
+% above code: if the variable is not set, do nothing, if it is set,
+% then redefine \next to \ifclearfail.
+%
+\makecond{ifclear}
+\def\ifclear{\parsearg{\doifset{\else \let\next=\ifclearfail}}}
+\def\ifclearfail{\doignore{ifclear}}
+
+% @dircategory CATEGORY -- specify a category of the dir file
+% which this file should belong to. Ignore this in TeX.
+\let\dircategory=\comment
+
+% @defininfoenclose.
+\let\definfoenclose=\comment
+
+
+\message{indexing,}
+% Index generation facilities
+
+% Define \newwrite to be identical to plain tex's \newwrite
+% except not \outer, so it can be used within macros and \if's.
+\edef\newwrite{\makecsname{ptexnewwrite}}
+
+% \newindex {foo} defines an index named foo.
+% It automatically defines \fooindex such that
+% \fooindex ...rest of line... puts an entry in the index foo.
+% It also defines \fooindfile to be the number of the output channel for
+% the file that accumulates this index. The file's extension is foo.
+% The name of an index should be no more than 2 characters long
+% for the sake of vms.
+%
+\def\newindex#1{%
+ \iflinks
+ \expandafter\newwrite \csname#1indfile\endcsname
+ \openout \csname#1indfile\endcsname \jobname.#1 % Open the file
+ \fi
+ \expandafter\xdef\csname#1index\endcsname{% % Define @#1index
+ \noexpand\doindex{#1}}
+}
+
+% @defindex foo == \newindex{foo}
+%
+\def\defindex{\parsearg\newindex}
+
+% Define @defcodeindex, like @defindex except put all entries in @code.
+%
+\def\defcodeindex{\parsearg\newcodeindex}
+%
+\def\newcodeindex#1{%
+ \iflinks
+ \expandafter\newwrite \csname#1indfile\endcsname
+ \openout \csname#1indfile\endcsname \jobname.#1
+ \fi
+ \expandafter\xdef\csname#1index\endcsname{%
+ \noexpand\docodeindex{#1}}%
+}
+
+
+% @synindex foo bar makes index foo feed into index bar.
+% Do this instead of @defindex foo if you don't want it as a separate index.
+%
+% @syncodeindex foo bar similar, but put all entries made for index foo
+% inside @code.
+%
+\def\synindex#1 #2 {\dosynindex\doindex{#1}{#2}}
+\def\syncodeindex#1 #2 {\dosynindex\docodeindex{#1}{#2}}
+
+% #1 is \doindex or \docodeindex, #2 the index getting redefined (foo),
+% #3 the target index (bar).
+\def\dosynindex#1#2#3{%
+ % Only do \closeout if we haven't already done it, else we'll end up
+ % closing the target index.
+ \expandafter \ifx\csname donesynindex#2\endcsname \undefined
+ % The \closeout helps reduce unnecessary open files; the limit on the
+ % Acorn RISC OS is a mere 16 files.
+ \expandafter\closeout\csname#2indfile\endcsname
+ \expandafter\let\csname\donesynindex#2\endcsname = 1
+ \fi
+ % redefine \fooindfile:
+ \expandafter\let\expandafter\temp\expandafter=\csname#3indfile\endcsname
+ \expandafter\let\csname#2indfile\endcsname=\temp
+ % redefine \fooindex:
+ \expandafter\xdef\csname#2index\endcsname{\noexpand#1{#3}}%
+}
+
+% Define \doindex, the driver for all \fooindex macros.
+% Argument #1 is generated by the calling \fooindex macro,
+% and it is "foo", the name of the index.
+
+% \doindex just uses \parsearg; it calls \doind for the actual work.
+% This is because \doind is more useful to call from other macros.
+
+% There is also \dosubind {index}{topic}{subtopic}
+% which makes an entry in a two-level index such as the operation index.
+
+\def\doindex#1{\edef\indexname{#1}\parsearg\singleindexer}
+\def\singleindexer #1{\doind{\indexname}{#1}}
+
+% like the previous two, but they put @code around the argument.
+\def\docodeindex#1{\edef\indexname{#1}\parsearg\singlecodeindexer}
+\def\singlecodeindexer #1{\doind{\indexname}{\code{#1}}}
+
+% Take care of Texinfo commands that can appear in an index entry.
+% Since there are some commands we want to expand, and others we don't,
+% we have to laboriously prevent expansion for those that we don't.
+%
+\def\indexdummies{%
+ \escapechar = `\\ % use backslash in output files.
+ \def\@{@}% change to @@ when we switch to @ as escape char in index files.
+ \def\ {\realbackslash\space }%
+ %
+ % Need these in case \tex is in effect and \{ is a \delimiter again.
+ % But can't use \lbracecmd and \rbracecmd because texindex assumes
+ % braces and backslashes are used only as delimiters.
+ \let\{ = \mylbrace
+ \let\} = \myrbrace
+ %
+ % I don't entirely understand this, but when an index entry is
+ % generated from a macro call, the \endinput which \scanmacro inserts
+ % causes processing to be prematurely terminated. This is,
+ % apparently, because \indexsorttmp is fully expanded, and \endinput
+ % is an expandable command. The redefinition below makes \endinput
+ % disappear altogether for that purpose -- although logging shows that
+ % processing continues to some further point. On the other hand, it
+ % seems \endinput does not hurt in the printed index arg, since that
+ % is still getting written without apparent harm.
+ %
+ % Sample source (mac-idx3.tex, reported by Graham Percival to
+ % help-texinfo, 22may06):
+ % @macro funindex {WORD}
+ % @findex xyz
+ % @end macro
+ % ...
+ % @funindex commtest
+ %
+ % The above is not enough to reproduce the bug, but it gives the flavor.
+ %
+ % Sample whatsit resulting:
+ % .@write3{\entry{xyz}{@folio }{@code {xyz@endinput }}}
+ %
+ % So:
+ \let\endinput = \empty
+ %
+ % Do the redefinitions.
+ \commondummies
+}
+
+% For the aux and toc files, @ is the escape character. So we want to
+% redefine everything using @ as the escape character (instead of
+% \realbackslash, still used for index files). When everything uses @,
+% this will be simpler.
+%
+\def\atdummies{%
+ \def\@{@@}%
+ \def\ {@ }%
+ \let\{ = \lbraceatcmd
+ \let\} = \rbraceatcmd
+ %
+ % Do the redefinitions.
+ \commondummies
+ \otherbackslash
+}
+
+% Called from \indexdummies and \atdummies.
+%
+\def\commondummies{%
+ %
+ % \definedummyword defines \#1 as \string\#1\space, thus effectively
+ % preventing its expansion. This is used only for control% words,
+ % not control letters, because the \space would be incorrect for
+ % control characters, but is needed to separate the control word
+ % from whatever follows.
+ %
+ % For control letters, we have \definedummyletter, which omits the
+ % space.
+ %
+ % These can be used both for control words that take an argument and
+ % those that do not. If it is followed by {arg} in the input, then
+ % that will dutifully get written to the index (or wherever).
+ %
+ \def\definedummyword ##1{\def##1{\string##1\space}}%
+ \def\definedummyletter##1{\def##1{\string##1}}%
+ \let\definedummyaccent\definedummyletter
+ %
+ \commondummiesnofonts
+ %
+ \definedummyletter\_%
+ %
+ % Non-English letters.
+ \definedummyword\AA
+ \definedummyword\AE
+ \definedummyword\L
+ \definedummyword\OE
+ \definedummyword\O
+ \definedummyword\aa
+ \definedummyword\ae
+ \definedummyword\l
+ \definedummyword\oe
+ \definedummyword\o
+ \definedummyword\ss
+ \definedummyword\exclamdown
+ \definedummyword\questiondown
+ \definedummyword\ordf
+ \definedummyword\ordm
+ %
+ % Although these internal commands shouldn't show up, sometimes they do.
+ \definedummyword\bf
+ \definedummyword\gtr
+ \definedummyword\hat
+ \definedummyword\less
+ \definedummyword\sf
+ \definedummyword\sl
+ \definedummyword\tclose
+ \definedummyword\tt
+ %
+ \definedummyword\LaTeX
+ \definedummyword\TeX
+ %
+ % Assorted special characters.
+ \definedummyword\bullet
+ \definedummyword\comma
+ \definedummyword\copyright
+ \definedummyword\registeredsymbol
+ \definedummyword\dots
+ \definedummyword\enddots
+ \definedummyword\equiv
+ \definedummyword\error
+ \definedummyword\euro
+ \definedummyword\expansion
+ \definedummyword\minus
+ \definedummyword\pounds
+ \definedummyword\point
+ \definedummyword\print
+ \definedummyword\result
+ \definedummyword\textdegree
+ %
+ % We want to disable all macros so that they are not expanded by \write.
+ \macrolist
+ %
+ \normalturnoffactive
+ %
+ % Handle some cases of @value -- where it does not contain any
+ % (non-fully-expandable) commands.
+ \makevalueexpandable
+}
+
+% \commondummiesnofonts: common to \commondummies and \indexnofonts.
+%
+\def\commondummiesnofonts{%
+ % Control letters and accents.
+ \definedummyletter\!%
+ \definedummyaccent\"%
+ \definedummyaccent\'%
+ \definedummyletter\*%
+ \definedummyaccent\,%
+ \definedummyletter\.%
+ \definedummyletter\/%
+ \definedummyletter\:%
+ \definedummyaccent\=%
+ \definedummyletter\?%
+ \definedummyaccent\^%
+ \definedummyaccent\`%
+ \definedummyaccent\~%
+ \definedummyword\u
+ \definedummyword\v
+ \definedummyword\H
+ \definedummyword\dotaccent
+ \definedummyword\ringaccent
+ \definedummyword\tieaccent
+ \definedummyword\ubaraccent
+ \definedummyword\udotaccent
+ \definedummyword\dotless
+ %
+ % Texinfo font commands.
+ \definedummyword\b
+ \definedummyword\i
+ \definedummyword\r
+ \definedummyword\sc
+ \definedummyword\t
+ %
+ % Commands that take arguments.
+ \definedummyword\acronym
+ \definedummyword\cite
+ \definedummyword\code
+ \definedummyword\command
+ \definedummyword\dfn
+ \definedummyword\emph
+ \definedummyword\env
+ \definedummyword\file
+ \definedummyword\kbd
+ \definedummyword\key
+ \definedummyword\math
+ \definedummyword\option
+ \definedummyword\pxref
+ \definedummyword\ref
+ \definedummyword\samp
+ \definedummyword\strong
+ \definedummyword\tie
+ \definedummyword\uref
+ \definedummyword\url
+ \definedummyword\var
+ \definedummyword\verb
+ \definedummyword\w
+ \definedummyword\xref
+}
+
+% \indexnofonts is used when outputting the strings to sort the index
+% by, and when constructing control sequence names. It eliminates all
+% control sequences and just writes whatever the best ASCII sort string
+% would be for a given command (usually its argument).
+%
+\def\indexnofonts{%
+ % Accent commands should become @asis.
+ \def\definedummyaccent##1{\let##1\asis}%
+ % We can just ignore other control letters.
+ \def\definedummyletter##1{\let##1\empty}%
+ % Hopefully, all control words can become @asis.
+ \let\definedummyword\definedummyaccent
+ %
+ \commondummiesnofonts
+ %
+ % Don't no-op \tt, since it isn't a user-level command
+ % and is used in the definitions of the active chars like <, >, |, etc.
+ % Likewise with the other plain tex font commands.
+ %\let\tt=\asis
+ %
+ \def\ { }%
+ \def\@{@}%
+ % how to handle braces?
+ \def\_{\normalunderscore}%
+ %
+ % Non-English letters.
+ \def\AA{AA}%
+ \def\AE{AE}%
+ \def\L{L}%
+ \def\OE{OE}%
+ \def\O{O}%
+ \def\aa{aa}%
+ \def\ae{ae}%
+ \def\l{l}%
+ \def\oe{oe}%
+ \def\o{o}%
+ \def\ss{ss}%
+ \def\exclamdown{!}%
+ \def\questiondown{?}%
+ \def\ordf{a}%
+ \def\ordm{o}%
+ %
+ \def\LaTeX{LaTeX}%
+ \def\TeX{TeX}%
+ %
+ % Assorted special characters.
+ % (The following {} will end up in the sort string, but that's ok.)
+ \def\bullet{bullet}%
+ \def\comma{,}%
+ \def\copyright{copyright}%
+ \def\registeredsymbol{R}%
+ \def\dots{...}%
+ \def\enddots{...}%
+ \def\equiv{==}%
+ \def\error{error}%
+ \def\euro{euro}%
+ \def\expansion{==>}%
+ \def\minus{-}%
+ \def\pounds{pounds}%
+ \def\point{.}%
+ \def\print{-|}%
+ \def\result{=>}%
+ \def\textdegree{degrees}%
+ %
+ % We need to get rid of all macros, leaving only the arguments (if present).
+ % Of course this is not nearly correct, but it is the best we can do for now.
+ % makeinfo does not expand macros in the argument to @deffn, which ends up
+ % writing an index entry, and texindex isn't prepared for an index sort entry
+ % that starts with \.
+ %
+ % Since macro invocations are followed by braces, we can just redefine them
+ % to take a single TeX argument. The case of a macro invocation that
+ % goes to end-of-line is not handled.
+ %
+ \macrolist
+}
+
+\let\indexbackslash=0 %overridden during \printindex.
+\let\SETmarginindex=\relax % put index entries in margin (undocumented)?
+
+% Most index entries go through here, but \dosubind is the general case.
+% #1 is the index name, #2 is the entry text.
+\def\doind#1#2{\dosubind{#1}{#2}{}}
+
+% Workhorse for all \fooindexes.
+% #1 is name of index, #2 is stuff to put there, #3 is subentry --
+% empty if called from \doind, as we usually are (the main exception
+% is with most defuns, which call us directly).
+%
+\def\dosubind#1#2#3{%
+ \iflinks
+ {%
+ % Store the main index entry text (including the third arg).
+ \toks0 = {#2}%
+ % If third arg is present, precede it with a space.
+ \def\thirdarg{#3}%
+ \ifx\thirdarg\empty \else
+ \toks0 = \expandafter{\the\toks0 \space #3}%
+ \fi
+ %
+ \edef\writeto{\csname#1indfile\endcsname}%
+ %
+ \safewhatsit\dosubindwrite
+ }%
+ \fi
+}
+
+% Write the entry in \toks0 to the index file:
+%
+\def\dosubindwrite{%
+ % Put the index entry in the margin if desired.
+ \ifx\SETmarginindex\relax\else
+ \insert\margin{\hbox{\vrule height8pt depth3pt width0pt \the\toks0}}%
+ \fi
+ %
+ % Remember, we are within a group.
+ \indexdummies % Must do this here, since \bf, etc expand at this stage
+ \def\backslashcurfont{\indexbackslash}% \indexbackslash isn't defined now
+ % so it will be output as is; and it will print as backslash.
+ %
+ % Process the index entry with all font commands turned off, to
+ % get the string to sort by.
+ {\indexnofonts
+ \edef\temp{\the\toks0}% need full expansion
+ \xdef\indexsorttmp{\temp}%
+ }%
+ %
+ % Set up the complete index entry, with both the sort key and
+ % the original text, including any font commands. We write
+ % three arguments to \entry to the .?? file (four in the
+ % subentry case), texindex reduces to two when writing the .??s
+ % sorted result.
+ \edef\temp{%
+ \write\writeto{%
+ \string\entry{\indexsorttmp}{\noexpand\folio}{\the\toks0}}%
+ }%
+ \temp
+}
+
+% Take care of unwanted page breaks/skips around a whatsit:
+%
+% If a skip is the last thing on the list now, preserve it
+% by backing up by \lastskip, doing the \write, then inserting
+% the skip again. Otherwise, the whatsit generated by the
+% \write or \pdfdest will make \lastskip zero. The result is that
+% sequences like this:
+% @end defun
+% @tindex whatever
+% @defun ...
+% will have extra space inserted, because the \medbreak in the
+% start of the @defun won't see the skip inserted by the @end of
+% the previous defun.
+%
+% But don't do any of this if we're not in vertical mode. We
+% don't want to do a \vskip and prematurely end a paragraph.
+%
+% Avoid page breaks due to these extra skips, too.
+%
+% But wait, there is a catch there:
+% We'll have to check whether \lastskip is zero skip. \ifdim is not
+% sufficient for this purpose, as it ignores stretch and shrink parts
+% of the skip. The only way seems to be to check the textual
+% representation of the skip.
+%
+% The following is almost like \def\zeroskipmacro{0.0pt} except that
+% the ``p'' and ``t'' characters have catcode \other, not 11 (letter).
+%
+\edef\zeroskipmacro{\expandafter\the\csname z@skip\endcsname}
+%
+\newskip\whatsitskip
+\newcount\whatsitpenalty
+%
+% ..., ready, GO:
+%
+\def\safewhatsit#1{%
+\ifhmode
+ #1%
+\else
+ % \lastskip and \lastpenalty cannot both be nonzero simultaneously.
+ \whatsitskip = \lastskip
+ \edef\lastskipmacro{\the\lastskip}%
+ \whatsitpenalty = \lastpenalty
+ %
+ % If \lastskip is nonzero, that means the last item was a
+ % skip. And since a skip is discardable, that means this
+ % -\skip0 glue we're inserting is preceded by a
+ % non-discardable item, therefore it is not a potential
+ % breakpoint, therefore no \nobreak needed.
+ \ifx\lastskipmacro\zeroskipmacro
+ \else
+ \vskip-\whatsitskip
+ \fi
+ %
+ #1%
+ %
+ \ifx\lastskipmacro\zeroskipmacro
+ % If \lastskip was zero, perhaps the last item was a penalty, and
+ % perhaps it was >=10000, e.g., a \nobreak. In that case, we want
+ % to re-insert the same penalty (values >10000 are used for various
+ % signals); since we just inserted a non-discardable item, any
+ % following glue (such as a \parskip) would be a breakpoint. For example:
+ %
+ % @deffn deffn-whatever
+ % @vindex index-whatever
+ % Description.
+ % would allow a break between the index-whatever whatsit
+ % and the "Description." paragraph.
+ \ifnum\whatsitpenalty>9999 \penalty\whatsitpenalty \fi
+ \else
+ % On the other hand, if we had a nonzero \lastskip,
+ % this make-up glue would be preceded by a non-discardable item
+ % (the whatsit from the \write), so we must insert a \nobreak.
+ \nobreak\vskip\whatsitskip
+ \fi
+\fi
+}
+
+% The index entry written in the file actually looks like
+% \entry {sortstring}{page}{topic}
+% or
+% \entry {sortstring}{page}{topic}{subtopic}
+% The texindex program reads in these files and writes files
+% containing these kinds of lines:
+% \initial {c}
+% before the first topic whose initial is c
+% \entry {topic}{pagelist}
+% for a topic that is used without subtopics
+% \primary {topic}
+% for the beginning of a topic that is used with subtopics
+% \secondary {subtopic}{pagelist}
+% for each subtopic.
+
+% Define the user-accessible indexing commands
+% @findex, @vindex, @kindex, @cindex.
+
+\def\findex {\fnindex}
+\def\kindex {\kyindex}
+\def\cindex {\cpindex}
+\def\vindex {\vrindex}
+\def\tindex {\tpindex}
+\def\pindex {\pgindex}
+
+\def\cindexsub {\begingroup\obeylines\cindexsub}
+{\obeylines %
+\gdef\cindexsub "#1" #2^^M{\endgroup %
+\dosubind{cp}{#2}{#1}}}
+
+% Define the macros used in formatting output of the sorted index material.
+
+% @printindex causes a particular index (the ??s file) to get printed.
+% It does not print any chapter heading (usually an @unnumbered).
+%
+\parseargdef\printindex{\begingroup
+ \dobreak \chapheadingskip{10000}%
+ %
+ \smallfonts \rm
+ \tolerance = 9500
+ \plainfrenchspacing
+ \everypar = {}% don't want the \kern\-parindent from indentation suppression.
+ %
+ % See if the index file exists and is nonempty.
+ % Change catcode of @ here so that if the index file contains
+ % \initial {@}
+ % as its first line, TeX doesn't complain about mismatched braces
+ % (because it thinks @} is a control sequence).
+ \catcode`\@ = 11
+ \openin 1 \jobname.#1s
+ \ifeof 1
+ % \enddoublecolumns gets confused if there is no text in the index,
+ % and it loses the chapter title and the aux file entries for the
+ % index. The easiest way to prevent this problem is to make sure
+ % there is some text.
+ \putwordIndexNonexistent
+ \else
+ %
+ % If the index file exists but is empty, then \openin leaves \ifeof
+ % false. We have to make TeX try to read something from the file, so
+ % it can discover if there is anything in it.
+ \read 1 to \temp
+ \ifeof 1
+ \putwordIndexIsEmpty
+ \else
+ % Index files are almost Texinfo source, but we use \ as the escape
+ % character. It would be better to use @, but that's too big a change
+ % to make right now.
+ \def\indexbackslash{\backslashcurfont}%
+ \catcode`\\ = 0
+ \escapechar = `\\
+ \begindoublecolumns
+ \input \jobname.#1s
+ \enddoublecolumns
+ \fi
+ \fi
+ \closein 1
+\endgroup}
+
+% These macros are used by the sorted index file itself.
+% Change them to control the appearance of the index.
+
+\def\initial#1{{%
+ % Some minor font changes for the special characters.
+ \let\tentt=\sectt \let\tt=\sectt \let\sf=\sectt
+ %
+ % Remove any glue we may have, we'll be inserting our own.
+ \removelastskip
+ %
+ % We like breaks before the index initials, so insert a bonus.
+ \nobreak
+ \vskip 0pt plus 3\baselineskip
+ \penalty 0
+ \vskip 0pt plus -3\baselineskip
+ %
+ % Typeset the initial. Making this add up to a whole number of
+ % baselineskips increases the chance of the dots lining up from column
+ % to column. It still won't often be perfect, because of the stretch
+ % we need before each entry, but it's better.
+ %
+ % No shrink because it confuses \balancecolumns.
+ \vskip 1.67\baselineskip plus .5\baselineskip
+ \leftline{\secbf #1}%
+ % Do our best not to break after the initial.
+ \nobreak
+ \vskip .33\baselineskip plus .1\baselineskip
+}}
+
+% \entry typesets a paragraph consisting of the text (#1), dot leaders, and
+% then page number (#2) flushed to the right margin. It is used for index
+% and table of contents entries. The paragraph is indented by \leftskip.
+%
+% A straightforward implementation would start like this:
+% \def\entry#1#2{...
+% But this frozes the catcodes in the argument, and can cause problems to
+% @code, which sets - active. This problem was fixed by a kludge---
+% ``-'' was active throughout whole index, but this isn't really right.
+%
+% The right solution is to prevent \entry from swallowing the whole text.
+% --kasal, 21nov03
+\def\entry{%
+ \begingroup
+ %
+ % Start a new paragraph if necessary, so our assignments below can't
+ % affect previous text.
+ \par
+ %
+ % Do not fill out the last line with white space.
+ \parfillskip = 0in
+ %
+ % No extra space above this paragraph.
+ \parskip = 0in
+ %
+ % Do not prefer a separate line ending with a hyphen to fewer lines.
+ \finalhyphendemerits = 0
+ %
+ % \hangindent is only relevant when the entry text and page number
+ % don't both fit on one line. In that case, bob suggests starting the
+ % dots pretty far over on the line. Unfortunately, a large
+ % indentation looks wrong when the entry text itself is broken across
+ % lines. So we use a small indentation and put up with long leaders.
+ %
+ % \hangafter is reset to 1 (which is the value we want) at the start
+ % of each paragraph, so we need not do anything with that.
+ \hangindent = 2em
+ %
+ % When the entry text needs to be broken, just fill out the first line
+ % with blank space.
+ \rightskip = 0pt plus1fil
+ %
+ % A bit of stretch before each entry for the benefit of balancing
+ % columns.
+ \vskip 0pt plus1pt
+ %
+ % Swallow the left brace of the text (first parameter):
+ \afterassignment\doentry
+ \let\temp =
+}
+\def\doentry{%
+ \bgroup % Instead of the swallowed brace.
+ \noindent
+ \aftergroup\finishentry
+ % And now comes the text of the entry.
+}
+\def\finishentry#1{%
+ % #1 is the page number.
+ %
+ % The following is kludged to not output a line of dots in the index if
+ % there are no page numbers. The next person who breaks this will be
+ % cursed by a Unix daemon.
+ \def\tempa{{\rm }}%
+ \def\tempb{#1}%
+ \edef\tempc{\tempa}%
+ \edef\tempd{\tempb}%
+ \ifx\tempc\tempd
+ \ %
+ \else
+ %
+ % If we must, put the page number on a line of its own, and fill out
+ % this line with blank space. (The \hfil is overwhelmed with the
+ % fill leaders glue in \indexdotfill if the page number does fit.)
+ \hfil\penalty50
+ \null\nobreak\indexdotfill % Have leaders before the page number.
+ %
+ % The `\ ' here is removed by the implicit \unskip that TeX does as
+ % part of (the primitive) \par. Without it, a spurious underfull
+ % \hbox ensues.
+ \ifpdf
+ \pdfgettoks#1.%
+ \ \the\toksA
+ \else
+ \ #1%
+ \fi
+ \fi
+ \par
+ \endgroup
+}
+
+% Like plain.tex's \dotfill, except uses up at least 1 em.
+\def\indexdotfill{\cleaders
+ \hbox{$\mathsurround=0pt \mkern1.5mu.\mkern1.5mu$}\hskip 1em plus 1fill}
+
+\def\primary #1{\line{#1\hfil}}
+
+\newskip\secondaryindent \secondaryindent=0.5cm
+\def\secondary#1#2{{%
+ \parfillskip=0in
+ \parskip=0in
+ \hangindent=1in
+ \hangafter=1
+ \noindent\hskip\secondaryindent\hbox{#1}\indexdotfill
+ \ifpdf
+ \pdfgettoks#2.\ \the\toksA % The page number ends the paragraph.
+ \else
+ #2
+ \fi
+ \par
+}}
+
+% Define two-column mode, which we use to typeset indexes.
+% Adapted from the TeXbook, page 416, which is to say,
+% the manmac.tex format used to print the TeXbook itself.
+\catcode`\@=11
+
+\newbox\partialpage
+\newdimen\doublecolumnhsize
+
+\def\begindoublecolumns{\begingroup % ended by \enddoublecolumns
+ % Grab any single-column material above us.
+ \output = {%
+ %
+ % Here is a possibility not foreseen in manmac: if we accumulate a
+ % whole lot of material, we might end up calling this \output
+ % routine twice in a row (see the doublecol-lose test, which is
+ % essentially a couple of indexes with @setchapternewpage off). In
+ % that case we just ship out what is in \partialpage with the normal
+ % output routine. Generally, \partialpage will be empty when this
+ % runs and this will be a no-op. See the indexspread.tex test case.
+ \ifvoid\partialpage \else
+ \onepageout{\pagecontents\partialpage}%
+ \fi
+ %
+ \global\setbox\partialpage = \vbox{%
+ % Unvbox the main output page.
+ \unvbox\PAGE
+ \kern-\topskip \kern\baselineskip
+ }%
+ }%
+ \eject % run that output routine to set \partialpage
+ %
+ % Use the double-column output routine for subsequent pages.
+ \output = {\doublecolumnout}%
+ %
+ % Change the page size parameters. We could do this once outside this
+ % routine, in each of @smallbook, @afourpaper, and the default 8.5x11
+ % format, but then we repeat the same computation. Repeating a couple
+ % of assignments once per index is clearly meaningless for the
+ % execution time, so we may as well do it in one place.
+ %
+ % First we halve the line length, less a little for the gutter between
+ % the columns. We compute the gutter based on the line length, so it
+ % changes automatically with the paper format. The magic constant
+ % below is chosen so that the gutter has the same value (well, +-<1pt)
+ % as it did when we hard-coded it.
+ %
+ % We put the result in a separate register, \doublecolumhsize, so we
+ % can restore it in \pagesofar, after \hsize itself has (potentially)
+ % been clobbered.
+ %
+ \doublecolumnhsize = \hsize
+ \advance\doublecolumnhsize by -.04154\hsize
+ \divide\doublecolumnhsize by 2
+ \hsize = \doublecolumnhsize
+ %
+ % Double the \vsize as well. (We don't need a separate register here,
+ % since nobody clobbers \vsize.)
+ \vsize = 2\vsize
+}
+
+% The double-column output routine for all double-column pages except
+% the last.
+%
+\def\doublecolumnout{%
+ \splittopskip=\topskip \splitmaxdepth=\maxdepth
+ % Get the available space for the double columns -- the normal
+ % (undoubled) page height minus any material left over from the
+ % previous page.
+ \dimen@ = \vsize
+ \divide\dimen@ by 2
+ \advance\dimen@ by -\ht\partialpage
+ %
+ % box0 will be the left-hand column, box2 the right.
+ \setbox0=\vsplit255 to\dimen@ \setbox2=\vsplit255 to\dimen@
+ \onepageout\pagesofar
+ \unvbox255
+ \penalty\outputpenalty
+}
+%
+% Re-output the contents of the output page -- any previous material,
+% followed by the two boxes we just split, in box0 and box2.
+\def\pagesofar{%
+ \unvbox\partialpage
+ %
+ \hsize = \doublecolumnhsize
+ \wd0=\hsize \wd2=\hsize
+ \hbox to\pagewidth{\box0\hfil\box2}%
+}
+%
+% All done with double columns.
+\def\enddoublecolumns{%
+ % The following penalty ensures that the page builder is exercised
+ % _before_ we change the output routine. This is necessary in the
+ % following situation:
+ %
+ % The last section of the index consists only of a single entry.
+ % Before this section, \pagetotal is less than \pagegoal, so no
+ % break occurs before the last section starts. However, the last
+ % section, consisting of \initial and the single \entry, does not
+ % fit on the page and has to be broken off. Without the following
+ % penalty the page builder will not be exercised until \eject
+ % below, and by that time we'll already have changed the output
+ % routine to the \balancecolumns version, so the next-to-last
+ % double-column page will be processed with \balancecolumns, which
+ % is wrong: The two columns will go to the main vertical list, with
+ % the broken-off section in the recent contributions. As soon as
+ % the output routine finishes, TeX starts reconsidering the page
+ % break. The two columns and the broken-off section both fit on the
+ % page, because the two columns now take up only half of the page
+ % goal. When TeX sees \eject from below which follows the final
+ % section, it invokes the new output routine that we've set after
+ % \balancecolumns below; \onepageout will try to fit the two columns
+ % and the final section into the vbox of \pageheight (see
+ % \pagebody), causing an overfull box.
+ %
+ % Note that glue won't work here, because glue does not exercise the
+ % page builder, unlike penalties (see The TeXbook, pp. 280-281).
+ \penalty0
+ %
+ \output = {%
+ % Split the last of the double-column material. Leave it on the
+ % current page, no automatic page break.
+ \balancecolumns
+ %
+ % If we end up splitting too much material for the current page,
+ % though, there will be another page break right after this \output
+ % invocation ends. Having called \balancecolumns once, we do not
+ % want to call it again. Therefore, reset \output to its normal
+ % definition right away. (We hope \balancecolumns will never be
+ % called on to balance too much material, but if it is, this makes
+ % the output somewhat more palatable.)
+ \global\output = {\onepageout{\pagecontents\PAGE}}%
+ }%
+ \eject
+ \endgroup % started in \begindoublecolumns
+ %
+ % \pagegoal was set to the doubled \vsize above, since we restarted
+ % the current page. We're now back to normal single-column
+ % typesetting, so reset \pagegoal to the normal \vsize (after the
+ % \endgroup where \vsize got restored).
+ \pagegoal = \vsize
+}
+%
+% Called at the end of the double column material.
+\def\balancecolumns{%
+ \setbox0 = \vbox{\unvbox255}% like \box255 but more efficient, see p.120.
+ \dimen@ = \ht0
+ \advance\dimen@ by \topskip
+ \advance\dimen@ by-\baselineskip
+ \divide\dimen@ by 2 % target to split to
+ %debug\message{final 2-column material height=\the\ht0, target=\the\dimen@.}%
+ \splittopskip = \topskip
+ % Loop until we get a decent breakpoint.
+ {%
+ \vbadness = 10000
+ \loop
+ \global\setbox3 = \copy0
+ \global\setbox1 = \vsplit3 to \dimen@
+ \ifdim\ht3>\dimen@
+ \global\advance\dimen@ by 1pt
+ \repeat
+ }%
+ %debug\message{split to \the\dimen@, column heights: \the\ht1, \the\ht3.}%
+ \setbox0=\vbox to\dimen@{\unvbox1}%
+ \setbox2=\vbox to\dimen@{\unvbox3}%
+ %
+ \pagesofar
+}
+\catcode`\@ = \other
+
+
+\message{sectioning,}
+% Chapters, sections, etc.
+
+% \unnumberedno is an oxymoron, of course. But we count the unnumbered
+% sections so that we can refer to them unambiguously in the pdf
+% outlines by their "section number". We avoid collisions with chapter
+% numbers by starting them at 10000. (If a document ever has 10000
+% chapters, we're in trouble anyway, I'm sure.)
+\newcount\unnumberedno \unnumberedno = 10000
+\newcount\chapno
+\newcount\secno \secno=0
+\newcount\subsecno \subsecno=0
+\newcount\subsubsecno \subsubsecno=0
+
+% This counter is funny since it counts through charcodes of letters A, B, ...
+\newcount\appendixno \appendixno = `\@
+%
+% \def\appendixletter{\char\the\appendixno}
+% We do the following ugly conditional instead of the above simple
+% construct for the sake of pdftex, which needs the actual
+% letter in the expansion, not just typeset.
+%
+\def\appendixletter{%
+ \ifnum\appendixno=`A A%
+ \else\ifnum\appendixno=`B B%
+ \else\ifnum\appendixno=`C C%
+ \else\ifnum\appendixno=`D D%
+ \else\ifnum\appendixno=`E E%
+ \else\ifnum\appendixno=`F F%
+ \else\ifnum\appendixno=`G G%
+ \else\ifnum\appendixno=`H H%
+ \else\ifnum\appendixno=`I I%
+ \else\ifnum\appendixno=`J J%
+ \else\ifnum\appendixno=`K K%
+ \else\ifnum\appendixno=`L L%
+ \else\ifnum\appendixno=`M M%
+ \else\ifnum\appendixno=`N N%
+ \else\ifnum\appendixno=`O O%
+ \else\ifnum\appendixno=`P P%
+ \else\ifnum\appendixno=`Q Q%
+ \else\ifnum\appendixno=`R R%
+ \else\ifnum\appendixno=`S S%
+ \else\ifnum\appendixno=`T T%
+ \else\ifnum\appendixno=`U U%
+ \else\ifnum\appendixno=`V V%
+ \else\ifnum\appendixno=`W W%
+ \else\ifnum\appendixno=`X X%
+ \else\ifnum\appendixno=`Y Y%
+ \else\ifnum\appendixno=`Z Z%
+ % The \the is necessary, despite appearances, because \appendixletter is
+ % expanded while writing the .toc file. \char\appendixno is not
+ % expandable, thus it is written literally, thus all appendixes come out
+ % with the same letter (or @) in the toc without it.
+ \else\char\the\appendixno
+ \fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi
+ \fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi}
+
+% Each @chapter defines this as the name of the chapter.
+% page headings and footings can use it. @section does likewise.
+% However, they are not reliable, because we don't use marks.
+\def\thischapter{}
+\def\thissection{}
+
+\newcount\absseclevel % used to calculate proper heading level
+\newcount\secbase\secbase=0 % @raisesections/@lowersections modify this count
+
+% @raisesections: treat @section as chapter, @subsection as section, etc.
+\def\raisesections{\global\advance\secbase by -1}
+\let\up=\raisesections % original BFox name
+
+% @lowersections: treat @chapter as section, @section as subsection, etc.
+\def\lowersections{\global\advance\secbase by 1}
+\let\down=\lowersections % original BFox name
+
+% we only have subsub.
+\chardef\maxseclevel = 3
+%
+% A numbered section within an unnumbered changes to unnumbered too.
+% To achive this, remember the "biggest" unnum. sec. we are currently in:
+\chardef\unmlevel = \maxseclevel
+%
+% Trace whether the current chapter is an appendix or not:
+% \chapheadtype is "N" or "A", unnumbered chapters are ignored.
+\def\chapheadtype{N}
+
+% Choose a heading macro
+% #1 is heading type
+% #2 is heading level
+% #3 is text for heading
+\def\genhead#1#2#3{%
+ % Compute the abs. sec. level:
+ \absseclevel=#2
+ \advance\absseclevel by \secbase
+ % Make sure \absseclevel doesn't fall outside the range:
+ \ifnum \absseclevel < 0
+ \absseclevel = 0
+ \else
+ \ifnum \absseclevel > 3
+ \absseclevel = 3
+ \fi
+ \fi
+ % The heading type:
+ \def\headtype{#1}%
+ \if \headtype U%
+ \ifnum \absseclevel < \unmlevel
+ \chardef\unmlevel = \absseclevel
+ \fi
+ \else
+ % Check for appendix sections:
+ \ifnum \absseclevel = 0
+ \edef\chapheadtype{\headtype}%
+ \else
+ \if \headtype A\if \chapheadtype N%
+ \errmessage{@appendix... within a non-appendix chapter}%
+ \fi\fi
+ \fi
+ % Check for numbered within unnumbered:
+ \ifnum \absseclevel > \unmlevel
+ \def\headtype{U}%
+ \else
+ \chardef\unmlevel = 3
+ \fi
+ \fi
+ % Now print the heading:
+ \if \headtype U%
+ \ifcase\absseclevel
+ \unnumberedzzz{#3}%
+ \or \unnumberedseczzz{#3}%
+ \or \unnumberedsubseczzz{#3}%
+ \or \unnumberedsubsubseczzz{#3}%
+ \fi
+ \else
+ \if \headtype A%
+ \ifcase\absseclevel
+ \appendixzzz{#3}%
+ \or \appendixsectionzzz{#3}%
+ \or \appendixsubseczzz{#3}%
+ \or \appendixsubsubseczzz{#3}%
+ \fi
+ \else
+ \ifcase\absseclevel
+ \chapterzzz{#3}%
+ \or \seczzz{#3}%
+ \or \numberedsubseczzz{#3}%
+ \or \numberedsubsubseczzz{#3}%
+ \fi
+ \fi
+ \fi
+ \suppressfirstparagraphindent
+}
+
+% an interface:
+\def\numhead{\genhead N}
+\def\apphead{\genhead A}
+\def\unnmhead{\genhead U}
+
+% @chapter, @appendix, @unnumbered. Increment top-level counter, reset
+% all lower-level sectioning counters to zero.
+%
+% Also set \chaplevelprefix, which we prepend to @float sequence numbers
+% (e.g., figures), q.v. By default (before any chapter), that is empty.
+\let\chaplevelprefix = \empty
+%
+\outer\parseargdef\chapter{\numhead0{#1}} % normally numhead0 calls chapterzzz
+\def\chapterzzz#1{%
+ % section resetting is \global in case the chapter is in a group, such
+ % as an @include file.
+ \global\secno=0 \global\subsecno=0 \global\subsubsecno=0
+ \global\advance\chapno by 1
+ %
+ % Used for \float.
+ \gdef\chaplevelprefix{\the\chapno.}%
+ \resetallfloatnos
+ %
+ \message{\putwordChapter\space \the\chapno}%
+ %
+ % Write the actual heading.
+ \chapmacro{#1}{Ynumbered}{\the\chapno}%
+ %
+ % So @section and the like are numbered underneath this chapter.
+ \global\let\section = \numberedsec
+ \global\let\subsection = \numberedsubsec
+ \global\let\subsubsection = \numberedsubsubsec
+}
+
+\outer\parseargdef\appendix{\apphead0{#1}} % normally apphead0 calls appendixzzz
+\def\appendixzzz#1{%
+ \global\secno=0 \global\subsecno=0 \global\subsubsecno=0
+ \global\advance\appendixno by 1
+ \gdef\chaplevelprefix{\appendixletter.}%
+ \resetallfloatnos
+ %
+ \def\appendixnum{\putwordAppendix\space \appendixletter}%
+ \message{\appendixnum}%
+ %
+ \chapmacro{#1}{Yappendix}{\appendixletter}%
+ %
+ \global\let\section = \appendixsec
+ \global\let\subsection = \appendixsubsec
+ \global\let\subsubsection = \appendixsubsubsec
+}
+
+\outer\parseargdef\unnumbered{\unnmhead0{#1}} % normally unnmhead0 calls unnumberedzzz
+\def\unnumberedzzz#1{%
+ \global\secno=0 \global\subsecno=0 \global\subsubsecno=0
+ \global\advance\unnumberedno by 1
+ %
+ % Since an unnumbered has no number, no prefix for figures.
+ \global\let\chaplevelprefix = \empty
+ \resetallfloatnos
+ %
+ % This used to be simply \message{#1}, but TeX fully expands the
+ % argument to \message. Therefore, if #1 contained @-commands, TeX
+ % expanded them. For example, in `@unnumbered The @cite{Book}', TeX
+ % expanded @cite (which turns out to cause errors because \cite is meant
+ % to be executed, not expanded).
+ %
+ % Anyway, we don't want the fully-expanded definition of @cite to appear
+ % as a result of the \message, we just want `@cite' itself. We use
+ % \the<toks register> to achieve this: TeX expands \the<toks> only once,
+ % simply yielding the contents of <toks register>. (We also do this for
+ % the toc entries.)
+ \toks0 = {#1}%
+ \message{(\the\toks0)}%
+ %
+ \chapmacro{#1}{Ynothing}{\the\unnumberedno}%
+ %
+ \global\let\section = \unnumberedsec
+ \global\let\subsection = \unnumberedsubsec
+ \global\let\subsubsection = \unnumberedsubsubsec
+}
+
+% @centerchap is like @unnumbered, but the heading is centered.
+\outer\parseargdef\centerchap{%
+ % Well, we could do the following in a group, but that would break
+ % an assumption that \chapmacro is called at the outermost level.
+ % Thus we are safer this way: --kasal, 24feb04
+ \let\centerparametersmaybe = \centerparameters
+ \unnmhead0{#1}%
+ \let\centerparametersmaybe = \relax
+}
+
+% @top is like @unnumbered.
+\let\top\unnumbered
+
+% Sections.
+\outer\parseargdef\numberedsec{\numhead1{#1}} % normally calls seczzz
+\def\seczzz#1{%
+ \global\subsecno=0 \global\subsubsecno=0 \global\advance\secno by 1
+ \sectionheading{#1}{sec}{Ynumbered}{\the\chapno.\the\secno}%
+}
+
+\outer\parseargdef\appendixsection{\apphead1{#1}} % normally calls appendixsectionzzz
+\def\appendixsectionzzz#1{%
+ \global\subsecno=0 \global\subsubsecno=0 \global\advance\secno by 1
+ \sectionheading{#1}{sec}{Yappendix}{\appendixletter.\the\secno}%
+}
+\let\appendixsec\appendixsection
+
+\outer\parseargdef\unnumberedsec{\unnmhead1{#1}} % normally calls unnumberedseczzz
+\def\unnumberedseczzz#1{%
+ \global\subsecno=0 \global\subsubsecno=0 \global\advance\secno by 1
+ \sectionheading{#1}{sec}{Ynothing}{\the\unnumberedno.\the\secno}%
+}
+
+% Subsections.
+\outer\parseargdef\numberedsubsec{\numhead2{#1}} % normally calls numberedsubseczzz
+\def\numberedsubseczzz#1{%
+ \global\subsubsecno=0 \global\advance\subsecno by 1
+ \sectionheading{#1}{subsec}{Ynumbered}{\the\chapno.\the\secno.\the\subsecno}%
+}
+
+\outer\parseargdef\appendixsubsec{\apphead2{#1}} % normally calls appendixsubseczzz
+\def\appendixsubseczzz#1{%
+ \global\subsubsecno=0 \global\advance\subsecno by 1
+ \sectionheading{#1}{subsec}{Yappendix}%
+ {\appendixletter.\the\secno.\the\subsecno}%
+}
+
+\outer\parseargdef\unnumberedsubsec{\unnmhead2{#1}} %normally calls unnumberedsubseczzz
+\def\unnumberedsubseczzz#1{%
+ \global\subsubsecno=0 \global\advance\subsecno by 1
+ \sectionheading{#1}{subsec}{Ynothing}%
+ {\the\unnumberedno.\the\secno.\the\subsecno}%
+}
+
+% Subsubsections.
+\outer\parseargdef\numberedsubsubsec{\numhead3{#1}} % normally numberedsubsubseczzz
+\def\numberedsubsubseczzz#1{%
+ \global\advance\subsubsecno by 1
+ \sectionheading{#1}{subsubsec}{Ynumbered}%
+ {\the\chapno.\the\secno.\the\subsecno.\the\subsubsecno}%
+}
+
+\outer\parseargdef\appendixsubsubsec{\apphead3{#1}} % normally appendixsubsubseczzz
+\def\appendixsubsubseczzz#1{%
+ \global\advance\subsubsecno by 1
+ \sectionheading{#1}{subsubsec}{Yappendix}%
+ {\appendixletter.\the\secno.\the\subsecno.\the\subsubsecno}%
+}
+
+\outer\parseargdef\unnumberedsubsubsec{\unnmhead3{#1}} %normally unnumberedsubsubseczzz
+\def\unnumberedsubsubseczzz#1{%
+ \global\advance\subsubsecno by 1
+ \sectionheading{#1}{subsubsec}{Ynothing}%
+ {\the\unnumberedno.\the\secno.\the\subsecno.\the\subsubsecno}%
+}
+
+% These macros control what the section commands do, according
+% to what kind of chapter we are in (ordinary, appendix, or unnumbered).
+% Define them by default for a numbered chapter.
+\let\section = \numberedsec
+\let\subsection = \numberedsubsec
+\let\subsubsection = \numberedsubsubsec
+
+% Define @majorheading, @heading and @subheading
+
+% NOTE on use of \vbox for chapter headings, section headings, and such:
+% 1) We use \vbox rather than the earlier \line to permit
+% overlong headings to fold.
+% 2) \hyphenpenalty is set to 10000 because hyphenation in a
+% heading is obnoxious; this forbids it.
+% 3) Likewise, headings look best if no \parindent is used, and
+% if justification is not attempted. Hence \raggedright.
+
+
+\def\majorheading{%
+ {\advance\chapheadingskip by 10pt \chapbreak }%
+ \parsearg\chapheadingzzz
+}
+
+\def\chapheading{\chapbreak \parsearg\chapheadingzzz}
+\def\chapheadingzzz#1{%
+ {\chapfonts \vbox{\hyphenpenalty=10000\tolerance=5000
+ \parindent=0pt\raggedright
+ \rm #1\hfill}}%
+ \bigskip \par\penalty 200\relax
+ \suppressfirstparagraphindent
+}
+
+% @heading, @subheading, @subsubheading.
+\parseargdef\heading{\sectionheading{#1}{sec}{Yomitfromtoc}{}
+ \suppressfirstparagraphindent}
+\parseargdef\subheading{\sectionheading{#1}{subsec}{Yomitfromtoc}{}
+ \suppressfirstparagraphindent}
+\parseargdef\subsubheading{\sectionheading{#1}{subsubsec}{Yomitfromtoc}{}
+ \suppressfirstparagraphindent}
+
+% These macros generate a chapter, section, etc. heading only
+% (including whitespace, linebreaking, etc. around it),
+% given all the information in convenient, parsed form.
+
+%%% Args are the skip and penalty (usually negative)
+\def\dobreak#1#2{\par\ifdim\lastskip<#1\removelastskip\penalty#2\vskip#1\fi}
+
+%%% Define plain chapter starts, and page on/off switching for it
+% Parameter controlling skip before chapter headings (if needed)
+
+\newskip\chapheadingskip
+
+\def\chapbreak{\dobreak \chapheadingskip {-4000}}
+\def\chappager{\par\vfill\supereject}
+\def\chapoddpage{\chappager \ifodd\pageno \else \hbox to 0pt{} \chappager\fi}
+
+\def\setchapternewpage #1 {\csname CHAPPAG#1\endcsname}
+
+\def\CHAPPAGoff{%
+\global\let\contentsalignmacro = \chappager
+\global\let\pchapsepmacro=\chapbreak
+\global\let\pagealignmacro=\chappager}
+
+\def\CHAPPAGon{%
+\global\let\contentsalignmacro = \chappager
+\global\let\pchapsepmacro=\chappager
+\global\let\pagealignmacro=\chappager
+\global\def\HEADINGSon{\HEADINGSsingle}}
+
+\def\CHAPPAGodd{%
+\global\let\contentsalignmacro = \chapoddpage
+\global\let\pchapsepmacro=\chapoddpage
+\global\let\pagealignmacro=\chapoddpage
+\global\def\HEADINGSon{\HEADINGSdouble}}
+
+\CHAPPAGon
+
+% Chapter opening.
+%
+% #1 is the text, #2 is the section type (Ynumbered, Ynothing,
+% Yappendix, Yomitfromtoc), #3 the chapter number.
+%
+% To test against our argument.
+\def\Ynothingkeyword{Ynothing}
+\def\Yomitfromtockeyword{Yomitfromtoc}
+\def\Yappendixkeyword{Yappendix}
+%
+\def\chapmacro#1#2#3{%
+ \pchapsepmacro
+ {%
+ \chapfonts \rm
+ %
+ % Have to define \thissection before calling \donoderef, because the
+ % xref code eventually uses it. On the other hand, it has to be called
+ % after \pchapsepmacro, or the headline will change too soon.
+ \gdef\thissection{#1}%
+ \gdef\thischaptername{#1}%
+ %
+ % Only insert the separating space if we have a chapter/appendix
+ % number, and don't print the unnumbered ``number''.
+ \def\temptype{#2}%
+ \ifx\temptype\Ynothingkeyword
+ \setbox0 = \hbox{}%
+ \def\toctype{unnchap}%
+ \gdef\thischapternum{}%
+ \gdef\thischapter{#1}%
+ \else\ifx\temptype\Yomitfromtockeyword
+ \setbox0 = \hbox{}% contents like unnumbered, but no toc entry
+ \def\toctype{omit}%
+ \gdef\thischapternum{}%
+ \gdef\thischapter{}%
+ \else\ifx\temptype\Yappendixkeyword
+ \setbox0 = \hbox{\putwordAppendix{} #3\enspace}%
+ \def\toctype{app}%
+ \xdef\thischapternum{\appendixletter}%
+ % We don't substitute the actual chapter name into \thischapter
+ % because we don't want its macros evaluated now. And we don't
+ % use \thissection because that changes with each section.
+ %
+ \xdef\thischapter{\putwordAppendix{} \appendixletter:
+ \noexpand\thischaptername}%
+ \else
+ \setbox0 = \hbox{#3\enspace}%
+ \def\toctype{numchap}%
+ \xdef\thischapternum{\the\chapno}%
+ \xdef\thischapter{\putwordChapter{} \the\chapno:
+ \noexpand\thischaptername}%
+ \fi\fi\fi
+ %
+ % Write the toc entry for this chapter. Must come before the
+ % \donoderef, because we include the current node name in the toc
+ % entry, and \donoderef resets it to empty.
+ \writetocentry{\toctype}{#1}{#3}%
+ %
+ % For pdftex, we have to write out the node definition (aka, make
+ % the pdfdest) after any page break, but before the actual text has
+ % been typeset. If the destination for the pdf outline is after the
+ % text, then jumping from the outline may wind up with the text not
+ % being visible, for instance under high magnification.
+ \donoderef{#2}%
+ %
+ % Typeset the actual heading.
+ \vbox{\hyphenpenalty=10000 \tolerance=5000 \parindent=0pt \raggedright
+ \hangindent=\wd0 \centerparametersmaybe
+ \unhbox0 #1\par}%
+ }%
+ \nobreak\bigskip % no page break after a chapter title
+ \nobreak
+}
+
+% @centerchap -- centered and unnumbered.
+\let\centerparametersmaybe = \relax
+\def\centerparameters{%
+ \advance\rightskip by 3\rightskip
+ \leftskip = \rightskip
+ \parfillskip = 0pt
+}
+
+
+% I don't think this chapter style is supported any more, so I'm not
+% updating it with the new noderef stuff. We'll see. --karl, 11aug03.
+%
+\def\setchapterstyle #1 {\csname CHAPF#1\endcsname}
+%
+\def\unnchfopen #1{%
+\chapoddpage {\chapfonts \vbox{\hyphenpenalty=10000\tolerance=5000
+ \parindent=0pt\raggedright
+ \rm #1\hfill}}\bigskip \par\nobreak
+}
+\def\chfopen #1#2{\chapoddpage {\chapfonts
+\vbox to 3in{\vfil \hbox to\hsize{\hfil #2} \hbox to\hsize{\hfil #1} \vfil}}%
+\par\penalty 5000 %
+}
+\def\centerchfopen #1{%
+\chapoddpage {\chapfonts \vbox{\hyphenpenalty=10000\tolerance=5000
+ \parindent=0pt
+ \hfill {\rm #1}\hfill}}\bigskip \par\nobreak
+}
+\def\CHAPFopen{%
+ \global\let\chapmacro=\chfopen
+ \global\let\centerchapmacro=\centerchfopen}
+
+
+% Section titles. These macros combine the section number parts and
+% call the generic \sectionheading to do the printing.
+%
+\newskip\secheadingskip
+\def\secheadingbreak{\dobreak \secheadingskip{-1000}}
+
+% Subsection titles.
+\newskip\subsecheadingskip
+\def\subsecheadingbreak{\dobreak \subsecheadingskip{-500}}
+
+% Subsubsection titles.
+\def\subsubsecheadingskip{\subsecheadingskip}
+\def\subsubsecheadingbreak{\subsecheadingbreak}
+
+
+% Print any size, any type, section title.
+%
+% #1 is the text, #2 is the section level (sec/subsec/subsubsec), #3 is
+% the section type for xrefs (Ynumbered, Ynothing, Yappendix), #4 is the
+% section number.
+%
+\def\sectionheading#1#2#3#4{%
+ {%
+ % Switch to the right set of fonts.
+ \csname #2fonts\endcsname \rm
+ %
+ % Insert space above the heading.
+ \csname #2headingbreak\endcsname
+ %
+ % Only insert the space after the number if we have a section number.
+ \def\sectionlevel{#2}%
+ \def\temptype{#3}%
+ %
+ \ifx\temptype\Ynothingkeyword
+ \setbox0 = \hbox{}%
+ \def\toctype{unn}%
+ \gdef\thissection{#1}%
+ \else\ifx\temptype\Yomitfromtockeyword
+ % for @headings -- no section number, don't include in toc,
+ % and don't redefine \thissection.
+ \setbox0 = \hbox{}%
+ \def\toctype{omit}%
+ \let\sectionlevel=\empty
+ \else\ifx\temptype\Yappendixkeyword
+ \setbox0 = \hbox{#4\enspace}%
+ \def\toctype{app}%
+ \gdef\thissection{#1}%
+ \else
+ \setbox0 = \hbox{#4\enspace}%
+ \def\toctype{num}%
+ \gdef\thissection{#1}%
+ \fi\fi\fi
+ %
+ % Write the toc entry (before \donoderef). See comments in \chapmacro.
+ \writetocentry{\toctype\sectionlevel}{#1}{#4}%
+ %
+ % Write the node reference (= pdf destination for pdftex).
+ % Again, see comments in \chapmacro.
+ \donoderef{#3}%
+ %
+ % Interline glue will be inserted when the vbox is completed.
+ % That glue will be a valid breakpoint for the page, since it'll be
+ % preceded by a whatsit (usually from the \donoderef, or from the
+ % \writetocentry if there was no node). We don't want to allow that
+ % break, since then the whatsits could end up on page n while the
+ % section is on page n+1, thus toc/etc. are wrong. Debian bug 276000.
+ \nobreak
+ %
+ % Output the actual section heading.
+ \vbox{\hyphenpenalty=10000 \tolerance=5000 \parindent=0pt \raggedright
+ \hangindent=\wd0 % zero if no section number
+ \unhbox0 #1}%
+ }%
+ % Add extra space after the heading -- half of whatever came above it.
+ % Don't allow stretch, though.
+ \kern .5 \csname #2headingskip\endcsname
+ %
+ % Do not let the kern be a potential breakpoint, as it would be if it
+ % was followed by glue.
+ \nobreak
+ %
+ % We'll almost certainly start a paragraph next, so don't let that
+ % glue accumulate. (Not a breakpoint because it's preceded by a
+ % discardable item.)
+ \vskip-\parskip
+ %
+ % This is purely so the last item on the list is a known \penalty >
+ % 10000. This is so \startdefun can avoid allowing breakpoints after
+ % section headings. Otherwise, it would insert a valid breakpoint between:
+ %
+ % @section sec-whatever
+ % @deffn def-whatever
+ \penalty 10001
+}
+
+
+\message{toc,}
+% Table of contents.
+\newwrite\tocfile
+
+% Write an entry to the toc file, opening it if necessary.
+% Called from @chapter, etc.
+%
+% Example usage: \writetocentry{sec}{Section Name}{\the\chapno.\the\secno}
+% We append the current node name (if any) and page number as additional
+% arguments for the \{chap,sec,...}entry macros which will eventually
+% read this. The node name is used in the pdf outlines as the
+% destination to jump to.
+%
+% We open the .toc file for writing here instead of at @setfilename (or
+% any other fixed time) so that @contents can be anywhere in the document.
+% But if #1 is `omit', then we don't do anything. This is used for the
+% table of contents chapter openings themselves.
+%
+\newif\iftocfileopened
+\def\omitkeyword{omit}%
+%
+\def\writetocentry#1#2#3{%
+ \edef\writetoctype{#1}%
+ \ifx\writetoctype\omitkeyword \else
+ \iftocfileopened\else
+ \immediate\openout\tocfile = \jobname.toc
+ \global\tocfileopenedtrue
+ \fi
+ %
+ \iflinks
+ {\atdummies
+ \edef\temp{%
+ \write\tocfile{@#1entry{#2}{#3}{\lastnode}{\noexpand\folio}}}%
+ \temp
+ }%
+ \fi
+ \fi
+ %
+ % Tell \shipout to create a pdf destination on each page, if we're
+ % writing pdf. These are used in the table of contents. We can't
+ % just write one on every page because the title pages are numbered
+ % 1 and 2 (the page numbers aren't printed), and so are the first
+ % two pages of the document. Thus, we'd have two destinations named
+ % `1', and two named `2'.
+ \ifpdf \global\pdfmakepagedesttrue \fi
+}
+
+
+% These characters do not print properly in the Computer Modern roman
+% fonts, so we must take special care. This is more or less redundant
+% with the Texinfo input format setup at the end of this file.
+%
+\def\activecatcodes{%
+ \catcode`\"=\active
+ \catcode`\$=\active
+ \catcode`\<=\active
+ \catcode`\>=\active
+ \catcode`\\=\active
+ \catcode`\^=\active
+ \catcode`\_=\active
+ \catcode`\|=\active
+ \catcode`\~=\active
+}
+
+
+% Read the toc file, which is essentially Texinfo input.
+\def\readtocfile{%
+ \setupdatafile
+ \activecatcodes
+ \input \jobname.toc
+}
+
+\newskip\contentsrightmargin \contentsrightmargin=1in
+\newcount\savepageno
+\newcount\lastnegativepageno \lastnegativepageno = -1
+
+% Prepare to read what we've written to \tocfile.
+%
+\def\startcontents#1{%
+ % If @setchapternewpage on, and @headings double, the contents should
+ % start on an odd page, unlike chapters. Thus, we maintain
+ % \contentsalignmacro in parallel with \pagealignmacro.
+ % From: Torbjorn Granlund <tege@matematik.su.se>
+ \contentsalignmacro
+ \immediate\closeout\tocfile
+ %
+ % Don't need to put `Contents' or `Short Contents' in the headline.
+ % It is abundantly clear what they are.
+ \def\thischapter{}%
+ \chapmacro{#1}{Yomitfromtoc}{}%
+ %
+ \savepageno = \pageno
+ \begingroup % Set up to handle contents files properly.
+ \raggedbottom % Worry more about breakpoints than the bottom.
+ \advance\hsize by -\contentsrightmargin % Don't use the full line length.
+ %
+ % Roman numerals for page numbers.
+ \ifnum \pageno>0 \global\pageno = \lastnegativepageno \fi
+}
+
+
+% Normal (long) toc.
+\def\contents{%
+ \startcontents{\putwordTOC}%
+ \openin 1 \jobname.toc
+ \ifeof 1 \else
+ \readtocfile
+ \fi
+ \vfill \eject
+ \contentsalignmacro % in case @setchapternewpage odd is in effect
+ \ifeof 1 \else
+ \pdfmakeoutlines
+ \fi
+ \closein 1
+ \endgroup
+ \lastnegativepageno = \pageno
+ \global\pageno = \savepageno
+}
+
+% And just the chapters.
+\def\summarycontents{%
+ \startcontents{\putwordShortTOC}%
+ %
+ \let\numchapentry = \shortchapentry
+ \let\appentry = \shortchapentry
+ \let\unnchapentry = \shortunnchapentry
+ % We want a true roman here for the page numbers.
+ \secfonts
+ \let\rm=\shortcontrm \let\bf=\shortcontbf
+ \let\sl=\shortcontsl \let\tt=\shortconttt
+ \rm
+ \hyphenpenalty = 10000
+ \advance\baselineskip by 1pt % Open it up a little.
+ \def\numsecentry##1##2##3##4{}
+ \let\appsecentry = \numsecentry
+ \let\unnsecentry = \numsecentry
+ \let\numsubsecentry = \numsecentry
+ \let\appsubsecentry = \numsecentry
+ \let\unnsubsecentry = \numsecentry
+ \let\numsubsubsecentry = \numsecentry
+ \let\appsubsubsecentry = \numsecentry
+ \let\unnsubsubsecentry = \numsecentry
+ \openin 1 \jobname.toc
+ \ifeof 1 \else
+ \readtocfile
+ \fi
+ \closein 1
+ \vfill \eject
+ \contentsalignmacro % in case @setchapternewpage odd is in effect
+ \endgroup
+ \lastnegativepageno = \pageno
+ \global\pageno = \savepageno
+}
+\let\shortcontents = \summarycontents
+
+% Typeset the label for a chapter or appendix for the short contents.
+% The arg is, e.g., `A' for an appendix, or `3' for a chapter.
+%
+\def\shortchaplabel#1{%
+ % This space should be enough, since a single number is .5em, and the
+ % widest letter (M) is 1em, at least in the Computer Modern fonts.
+ % But use \hss just in case.
+ % (This space doesn't include the extra space that gets added after
+ % the label; that gets put in by \shortchapentry above.)
+ %
+ % We'd like to right-justify chapter numbers, but that looks strange
+ % with appendix letters. And right-justifying numbers and
+ % left-justifying letters looks strange when there is less than 10
+ % chapters. Have to read the whole toc once to know how many chapters
+ % there are before deciding ...
+ \hbox to 1em{#1\hss}%
+}
+
+% These macros generate individual entries in the table of contents.
+% The first argument is the chapter or section name.
+% The last argument is the page number.
+% The arguments in between are the chapter number, section number, ...
+
+% Chapters, in the main contents.
+\def\numchapentry#1#2#3#4{\dochapentry{#2\labelspace#1}{#4}}
+%
+% Chapters, in the short toc.
+% See comments in \dochapentry re vbox and related settings.
+\def\shortchapentry#1#2#3#4{%
+ \tocentry{\shortchaplabel{#2}\labelspace #1}{\doshortpageno\bgroup#4\egroup}%
+}
+
+% Appendices, in the main contents.
+% Need the word Appendix, and a fixed-size box.
+%
+\def\appendixbox#1{%
+ % We use M since it's probably the widest letter.
+ \setbox0 = \hbox{\putwordAppendix{} M}%
+ \hbox to \wd0{\putwordAppendix{} #1\hss}}
+%
+\def\appentry#1#2#3#4{\dochapentry{\appendixbox{#2}\labelspace#1}{#4}}
+
+% Unnumbered chapters.
+\def\unnchapentry#1#2#3#4{\dochapentry{#1}{#4}}
+\def\shortunnchapentry#1#2#3#4{\tocentry{#1}{\doshortpageno\bgroup#4\egroup}}
+
+% Sections.
+\def\numsecentry#1#2#3#4{\dosecentry{#2\labelspace#1}{#4}}
+\let\appsecentry=\numsecentry
+\def\unnsecentry#1#2#3#4{\dosecentry{#1}{#4}}
+
+% Subsections.
+\def\numsubsecentry#1#2#3#4{\dosubsecentry{#2\labelspace#1}{#4}}
+\let\appsubsecentry=\numsubsecentry
+\def\unnsubsecentry#1#2#3#4{\dosubsecentry{#1}{#4}}
+
+% And subsubsections.
+\def\numsubsubsecentry#1#2#3#4{\dosubsubsecentry{#2\labelspace#1}{#4}}
+\let\appsubsubsecentry=\numsubsubsecentry
+\def\unnsubsubsecentry#1#2#3#4{\dosubsubsecentry{#1}{#4}}
+
+% This parameter controls the indentation of the various levels.
+% Same as \defaultparindent.
+\newdimen\tocindent \tocindent = 15pt
+
+% Now for the actual typesetting. In all these, #1 is the text and #2 is the
+% page number.
+%
+% If the toc has to be broken over pages, we want it to be at chapters
+% if at all possible; hence the \penalty.
+\def\dochapentry#1#2{%
+ \penalty-300 \vskip1\baselineskip plus.33\baselineskip minus.25\baselineskip
+ \begingroup
+ \chapentryfonts
+ \tocentry{#1}{\dopageno\bgroup#2\egroup}%
+ \endgroup
+ \nobreak\vskip .25\baselineskip plus.1\baselineskip
+}
+
+\def\dosecentry#1#2{\begingroup
+ \secentryfonts \leftskip=\tocindent
+ \tocentry{#1}{\dopageno\bgroup#2\egroup}%
+\endgroup}
+
+\def\dosubsecentry#1#2{\begingroup
+ \subsecentryfonts \leftskip=2\tocindent
+ \tocentry{#1}{\dopageno\bgroup#2\egroup}%
+\endgroup}
+
+\def\dosubsubsecentry#1#2{\begingroup
+ \subsubsecentryfonts \leftskip=3\tocindent
+ \tocentry{#1}{\dopageno\bgroup#2\egroup}%
+\endgroup}
+
+% We use the same \entry macro as for the index entries.
+\let\tocentry = \entry
+
+% Space between chapter (or whatever) number and the title.
+\def\labelspace{\hskip1em \relax}
+
+\def\dopageno#1{{\rm #1}}
+\def\doshortpageno#1{{\rm #1}}
+
+\def\chapentryfonts{\secfonts \rm}
+\def\secentryfonts{\textfonts}
+\def\subsecentryfonts{\textfonts}
+\def\subsubsecentryfonts{\textfonts}
+
+
+\message{environments,}
+% @foo ... @end foo.
+
+% @point{}, @result{}, @expansion{}, @print{}, @equiv{}.
+%
+% Since these characters are used in examples, it should be an even number of
+% \tt widths. Each \tt character is 1en, so two makes it 1em.
+%
+\def\point{$\star$}
+\def\result{\leavevmode\raise.15ex\hbox to 1em{\hfil$\Rightarrow$\hfil}}
+\def\expansion{\leavevmode\raise.1ex\hbox to 1em{\hfil$\mapsto$\hfil}}
+\def\print{\leavevmode\lower.1ex\hbox to 1em{\hfil$\dashv$\hfil}}
+\def\equiv{\leavevmode\lower.1ex\hbox to 1em{\hfil$\ptexequiv$\hfil}}
+
+% The @error{} command.
+% Adapted from the TeXbook's \boxit.
+%
+\newbox\errorbox
+%
+{\tentt \global\dimen0 = 3em}% Width of the box.
+\dimen2 = .55pt % Thickness of rules
+% The text. (`r' is open on the right, `e' somewhat less so on the left.)
+\setbox0 = \hbox{\kern-.75pt \reducedsf error\kern-1.5pt}
+%
+\setbox\errorbox=\hbox to \dimen0{\hfil
+ \hsize = \dimen0 \advance\hsize by -5.8pt % Space to left+right.
+ \advance\hsize by -2\dimen2 % Rules.
+ \vbox{%
+ \hrule height\dimen2
+ \hbox{\vrule width\dimen2 \kern3pt % Space to left of text.
+ \vtop{\kern2.4pt \box0 \kern2.4pt}% Space above/below.
+ \kern3pt\vrule width\dimen2}% Space to right.
+ \hrule height\dimen2}
+ \hfil}
+%
+\def\error{\leavevmode\lower.7ex\copy\errorbox}
+
+% @tex ... @end tex escapes into raw Tex temporarily.
+% One exception: @ is still an escape character, so that @end tex works.
+% But \@ or @@ will get a plain tex @ character.
+
+\envdef\tex{%
+ \catcode `\\=0 \catcode `\{=1 \catcode `\}=2
+ \catcode `\$=3 \catcode `\&=4 \catcode `\#=6
+ \catcode `\^=7 \catcode `\_=8 \catcode `\~=\active \let~=\tie
+ \catcode `\%=14
+ \catcode `\+=\other
+ \catcode `\"=\other
+ \catcode `\|=\other
+ \catcode `\<=\other
+ \catcode `\>=\other
+ \escapechar=`\\
+ %
+ \let\b=\ptexb
+ \let\bullet=\ptexbullet
+ \let\c=\ptexc
+ \let\,=\ptexcomma
+ \let\.=\ptexdot
+ \let\dots=\ptexdots
+ \let\equiv=\ptexequiv
+ \let\!=\ptexexclam
+ \let\i=\ptexi
+ \let\indent=\ptexindent
+ \let\noindent=\ptexnoindent
+ \let\{=\ptexlbrace
+ \let\+=\tabalign
+ \let\}=\ptexrbrace
+ \let\/=\ptexslash
+ \let\*=\ptexstar
+ \let\t=\ptext
+ \let\frenchspacing=\plainfrenchspacing
+ %
+ \def\endldots{\mathinner{\ldots\ldots\ldots\ldots}}%
+ \def\enddots{\relax\ifmmode\endldots\else$\mathsurround=0pt \endldots\,$\fi}%
+ \def\@{@}%
+}
+% There is no need to define \Etex.
+
+% Define @lisp ... @end lisp.
+% @lisp environment forms a group so it can rebind things,
+% including the definition of @end lisp (which normally is erroneous).
+
+% Amount to narrow the margins by for @lisp.
+\newskip\lispnarrowing \lispnarrowing=0.4in
+
+% This is the definition that ^^M gets inside @lisp, @example, and other
+% such environments. \null is better than a space, since it doesn't
+% have any width.
+\def\lisppar{\null\endgraf}
+
+% This space is always present above and below environments.
+\newskip\envskipamount \envskipamount = 0pt
+
+% Make spacing and below environment symmetrical. We use \parskip here
+% to help in doing that, since in @example-like environments \parskip
+% is reset to zero; thus the \afterenvbreak inserts no space -- but the
+% start of the next paragraph will insert \parskip.
+%
+\def\aboveenvbreak{{%
+ % =10000 instead of <10000 because of a special case in \itemzzz and
+ % \sectionheading, q.v.
+ \ifnum \lastpenalty=10000 \else
+ \advance\envskipamount by \parskip
+ \endgraf
+ \ifdim\lastskip<\envskipamount
+ \removelastskip
+ % it's not a good place to break if the last penalty was \nobreak
+ % or better ...
+ \ifnum\lastpenalty<10000 \penalty-50 \fi
+ \vskip\envskipamount
+ \fi
+ \fi
+}}
+
+\let\afterenvbreak = \aboveenvbreak
+
+% \nonarrowing is a flag. If "set", @lisp etc don't narrow margins; it will
+% also clear it, so that its embedded environments do the narrowing again.
+\let\nonarrowing=\relax
+
+% @cartouche ... @end cartouche: draw rectangle w/rounded corners around
+% environment contents.
+\font\circle=lcircle10
+\newdimen\circthick
+\newdimen\cartouter\newdimen\cartinner
+\newskip\normbskip\newskip\normpskip\newskip\normlskip
+\circthick=\fontdimen8\circle
+%
+\def\ctl{{\circle\char'013\hskip -6pt}}% 6pt from pl file: 1/2charwidth
+\def\ctr{{\hskip 6pt\circle\char'010}}
+\def\cbl{{\circle\char'012\hskip -6pt}}
+\def\cbr{{\hskip 6pt\circle\char'011}}
+\def\carttop{\hbox to \cartouter{\hskip\lskip
+ \ctl\leaders\hrule height\circthick\hfil\ctr
+ \hskip\rskip}}
+\def\cartbot{\hbox to \cartouter{\hskip\lskip
+ \cbl\leaders\hrule height\circthick\hfil\cbr
+ \hskip\rskip}}
+%
+\newskip\lskip\newskip\rskip
+
+\envdef\cartouche{%
+ \ifhmode\par\fi % can't be in the midst of a paragraph.
+ \startsavinginserts
+ \lskip=\leftskip \rskip=\rightskip
+ \leftskip=0pt\rightskip=0pt % we want these *outside*.
+ \cartinner=\hsize \advance\cartinner by-\lskip
+ \advance\cartinner by-\rskip
+ \cartouter=\hsize
+ \advance\cartouter by 18.4pt % allow for 3pt kerns on either
+ % side, and for 6pt waste from
+ % each corner char, and rule thickness
+ \normbskip=\baselineskip \normpskip=\parskip \normlskip=\lineskip
+ % Flag to tell @lisp, etc., not to narrow margin.
+ \let\nonarrowing = t%
+ \vbox\bgroup
+ \baselineskip=0pt\parskip=0pt\lineskip=0pt
+ \carttop
+ \hbox\bgroup
+ \hskip\lskip
+ \vrule\kern3pt
+ \vbox\bgroup
+ \kern3pt
+ \hsize=\cartinner
+ \baselineskip=\normbskip
+ \lineskip=\normlskip
+ \parskip=\normpskip
+ \vskip -\parskip
+ \comment % For explanation, see the end of \def\group.
+}
+\def\Ecartouche{%
+ \ifhmode\par\fi
+ \kern3pt
+ \egroup
+ \kern3pt\vrule
+ \hskip\rskip
+ \egroup
+ \cartbot
+ \egroup
+ \checkinserts
+}
+
+
+% This macro is called at the beginning of all the @example variants,
+% inside a group.
+\def\nonfillstart{%
+ \aboveenvbreak
+ \hfuzz = 12pt % Don't be fussy
+ \sepspaces % Make spaces be word-separators rather than space tokens.
+ \let\par = \lisppar % don't ignore blank lines
+ \obeylines % each line of input is a line of output
+ \parskip = 0pt
+ \parindent = 0pt
+ \emergencystretch = 0pt % don't try to avoid overfull boxes
+ \ifx\nonarrowing\relax
+ \advance \leftskip by \lispnarrowing
+ \exdentamount=\lispnarrowing
+ \else
+ \let\nonarrowing = \relax
+ \fi
+ \let\exdent=\nofillexdent
+}
+
+% If you want all examples etc. small: @set dispenvsize small.
+% If you want even small examples the full size: @set dispenvsize nosmall.
+% This affects the following displayed environments:
+% @example, @display, @format, @lisp
+%
+\def\smallword{small}
+\def\nosmallword{nosmall}
+\let\SETdispenvsize\relax
+\def\setnormaldispenv{%
+ \ifx\SETdispenvsize\smallword
+ % end paragraph for sake of leading, in case document has no blank
+ % line. This is redundant with what happens in \aboveenvbreak, but
+ % we need to do it before changing the fonts, and it's inconvenient
+ % to change the fonts afterward.
+ \ifnum \lastpenalty=10000 \else \endgraf \fi
+ \smallexamplefonts \rm
+ \fi
+}
+\def\setsmalldispenv{%
+ \ifx\SETdispenvsize\nosmallword
+ \else
+ \ifnum \lastpenalty=10000 \else \endgraf \fi
+ \smallexamplefonts \rm
+ \fi
+}
+
+% We often define two environments, @foo and @smallfoo.
+% Let's do it by one command:
+\def\makedispenv #1#2{
+ \expandafter\envdef\csname#1\endcsname {\setnormaldispenv #2}
+ \expandafter\envdef\csname small#1\endcsname {\setsmalldispenv #2}
+ \expandafter\let\csname E#1\endcsname \afterenvbreak
+ \expandafter\let\csname Esmall#1\endcsname \afterenvbreak
+}
+
+% Define two synonyms:
+\def\maketwodispenvs #1#2#3{
+ \makedispenv{#1}{#3}
+ \makedispenv{#2}{#3}
+}
+
+% @lisp: indented, narrowed, typewriter font; @example: same as @lisp.
+%
+% @smallexample and @smalllisp: use smaller fonts.
+% Originally contributed by Pavel@xerox.
+%
+\maketwodispenvs {lisp}{example}{%
+ \nonfillstart
+ \tt\quoteexpand
+ \let\kbdfont = \kbdexamplefont % Allow @kbd to do something special.
+ \gobble % eat return
+}
+% @display/@smalldisplay: same as @lisp except keep current font.
+%
+\makedispenv {display}{%
+ \nonfillstart
+ \gobble
+}
+
+% @format/@smallformat: same as @display except don't narrow margins.
+%
+\makedispenv{format}{%
+ \let\nonarrowing = t%
+ \nonfillstart
+ \gobble
+}
+
+% @flushleft: same as @format, but doesn't obey \SETdispenvsize.
+\envdef\flushleft{%
+ \let\nonarrowing = t%
+ \nonfillstart
+ \gobble
+}
+\let\Eflushleft = \afterenvbreak
+
+% @flushright.
+%
+\envdef\flushright{%
+ \let\nonarrowing = t%
+ \nonfillstart
+ \advance\leftskip by 0pt plus 1fill
+ \gobble
+}
+\let\Eflushright = \afterenvbreak
+
+
+% @quotation does normal linebreaking (hence we can't use \nonfillstart)
+% and narrows the margins. We keep \parskip nonzero in general, since
+% we're doing normal filling. So, when using \aboveenvbreak and
+% \afterenvbreak, temporarily make \parskip 0.
+%
+\envdef\quotation{%
+ {\parskip=0pt \aboveenvbreak}% because \aboveenvbreak inserts \parskip
+ \parindent=0pt
+ %
+ % @cartouche defines \nonarrowing to inhibit narrowing at next level down.
+ \ifx\nonarrowing\relax
+ \advance\leftskip by \lispnarrowing
+ \advance\rightskip by \lispnarrowing
+ \exdentamount = \lispnarrowing
+ \else
+ \let\nonarrowing = \relax
+ \fi
+ \parsearg\quotationlabel
+}
+
+% We have retained a nonzero parskip for the environment, since we're
+% doing normal filling.
+%
+\def\Equotation{%
+ \par
+ \ifx\quotationauthor\undefined\else
+ % indent a bit.
+ \leftline{\kern 2\leftskip \sl ---\quotationauthor}%
+ \fi
+ {\parskip=0pt \afterenvbreak}%
+}
+
+% If we're given an argument, typeset it in bold with a colon after.
+\def\quotationlabel#1{%
+ \def\temp{#1}%
+ \ifx\temp\empty \else
+ {\bf #1: }%
+ \fi
+}
+
+
+% LaTeX-like @verbatim...@end verbatim and @verb{<char>...<char>}
+% If we want to allow any <char> as delimiter,
+% we need the curly braces so that makeinfo sees the @verb command, eg:
+% `@verbx...x' would look like the '@verbx' command. --janneke@gnu.org
+%
+% [Knuth]: Donald Ervin Knuth, 1996. The TeXbook.
+%
+% [Knuth] p.344; only we need to do the other characters Texinfo sets
+% active too. Otherwise, they get lost as the first character on a
+% verbatim line.
+\def\dospecials{%
+ \do\ \do\\\do\{\do\}\do\$\do\&%
+ \do\#\do\^\do\^^K\do\_\do\^^A\do\%\do\~%
+ \do\<\do\>\do\|\do\@\do+\do\"%
+}
+%
+% [Knuth] p. 380
+\def\uncatcodespecials{%
+ \def\do##1{\catcode`##1=\other}\dospecials}
+%
+% [Knuth] pp. 380,381,391
+% Disable Spanish ligatures ?` and !` of \tt font
+\begingroup
+ \catcode`\`=\active\gdef`{\relax\lq}
+\endgroup
+%
+% Setup for the @verb command.
+%
+% Eight spaces for a tab
+\begingroup
+ \catcode`\^^I=\active
+ \gdef\tabeightspaces{\catcode`\^^I=\active\def^^I{\ \ \ \ \ \ \ \ }}
+\endgroup
+%
+\def\setupverb{%
+ \tt % easiest (and conventionally used) font for verbatim
+ \def\par{\leavevmode\endgraf}%
+ \catcode`\`=\active
+ \tabeightspaces
+ % Respect line breaks,
+ % print special symbols as themselves, and
+ % make each space count
+ % must do in this order:
+ \obeylines \uncatcodespecials \sepspaces
+}
+
+% Setup for the @verbatim environment
+%
+% Real tab expansion
+\newdimen\tabw \setbox0=\hbox{\tt\space} \tabw=8\wd0 % tab amount
+%
+\def\starttabbox{\setbox0=\hbox\bgroup}
+
+% Allow an option to not replace quotes with a regular directed right
+% quote/apostrophe (char 0x27), but instead use the undirected quote
+% from cmtt (char 0x0d). The undirected quote is ugly, so don't make it
+% the default, but it works for pasting with more pdf viewers (at least
+% evince), the lilypond developers report. xpdf does work with the
+% regular 0x27.
+%
+\def\codequoteright{%
+ \expandafter\ifx\csname SETcodequoteundirected\endcsname\relax
+ '%
+ \else
+ \char'15
+ \fi
+}
+%
+% and a similar option for the left quote char vs. a grave accent.
+% Modern fonts display ASCII 0x60 as a grave accent, so some people like
+% the code environments to do likewise.
+%
+\def\codequoteleft{%
+ \expandafter\ifx\csname SETcodequotebacktick\endcsname\relax
+ `%
+ \else
+ \char'22
+ \fi
+}
+%
+\begingroup
+ \catcode`\^^I=\active
+ \gdef\tabexpand{%
+ \catcode`\^^I=\active
+ \def^^I{\leavevmode\egroup
+ \dimen0=\wd0 % the width so far, or since the previous tab
+ \divide\dimen0 by\tabw
+ \multiply\dimen0 by\tabw % compute previous multiple of \tabw
+ \advance\dimen0 by\tabw % advance to next multiple of \tabw
+ \wd0=\dimen0 \box0 \starttabbox
+ }%
+ }
+ \catcode`\'=\active
+ \gdef\rquoteexpand{\catcode\rquoteChar=\active \def'{\codequoteright}}%
+ %
+ \catcode`\`=\active
+ \gdef\lquoteexpand{\catcode\lquoteChar=\active \def`{\codequoteleft}}%
+ %
+ \gdef\quoteexpand{\rquoteexpand \lquoteexpand}%
+\endgroup
+
+% start the verbatim environment.
+\def\setupverbatim{%
+ \let\nonarrowing = t%
+ \nonfillstart
+ % Easiest (and conventionally used) font for verbatim
+ \tt
+ \def\par{\leavevmode\egroup\box0\endgraf}%
+ \catcode`\`=\active
+ \tabexpand
+ \quoteexpand
+ % Respect line breaks,
+ % print special symbols as themselves, and
+ % make each space count
+ % must do in this order:
+ \obeylines \uncatcodespecials \sepspaces
+ \everypar{\starttabbox}%
+}
+
+% Do the @verb magic: verbatim text is quoted by unique
+% delimiter characters. Before first delimiter expect a
+% right brace, after last delimiter expect closing brace:
+%
+% \def\doverb'{'<char>#1<char>'}'{#1}
+%
+% [Knuth] p. 382; only eat outer {}
+\begingroup
+ \catcode`[=1\catcode`]=2\catcode`\{=\other\catcode`\}=\other
+ \gdef\doverb{#1[\def\next##1#1}[##1\endgroup]\next]
+\endgroup
+%
+\def\verb{\begingroup\setupverb\doverb}
+%
+%
+% Do the @verbatim magic: define the macro \doverbatim so that
+% the (first) argument ends when '@end verbatim' is reached, ie:
+%
+% \def\doverbatim#1@end verbatim{#1}
+%
+% For Texinfo it's a lot easier than for LaTeX,
+% because texinfo's \verbatim doesn't stop at '\end{verbatim}':
+% we need not redefine '\', '{' and '}'.
+%
+% Inspired by LaTeX's verbatim command set [latex.ltx]
+%
+\begingroup
+ \catcode`\ =\active
+ \obeylines %
+ % ignore everything up to the first ^^M, that's the newline at the end
+ % of the @verbatim input line itself. Otherwise we get an extra blank
+ % line in the output.
+ \xdef\doverbatim#1^^M#2@end verbatim{#2\noexpand\end\gobble verbatim}%
+ % We really want {...\end verbatim} in the body of the macro, but
+ % without the active space; thus we have to use \xdef and \gobble.
+\endgroup
+%
+\envdef\verbatim{%
+ \setupverbatim\doverbatim
+}
+\let\Everbatim = \afterenvbreak
+
+
+% @verbatiminclude FILE - insert text of file in verbatim environment.
+%
+\def\verbatiminclude{\parseargusing\filenamecatcodes\doverbatiminclude}
+%
+\def\doverbatiminclude#1{%
+ {%
+ \makevalueexpandable
+ \setupverbatim
+ \input #1
+ \afterenvbreak
+ }%
+}
+
+% @copying ... @end copying.
+% Save the text away for @insertcopying later.
+%
+% We save the uninterpreted tokens, rather than creating a box.
+% Saving the text in a box would be much easier, but then all the
+% typesetting commands (@smallbook, font changes, etc.) have to be done
+% beforehand -- and a) we want @copying to be done first in the source
+% file; b) letting users define the frontmatter in as flexible order as
+% possible is very desirable.
+%
+\def\copying{\checkenv{}\begingroup\scanargctxt\docopying}
+\def\docopying#1@end copying{\endgroup\def\copyingtext{#1}}
+%
+\def\insertcopying{%
+ \begingroup
+ \parindent = 0pt % paragraph indentation looks wrong on title page
+ \scanexp\copyingtext
+ \endgroup
+}
+
+
+\message{defuns,}
+% @defun etc.
+
+\newskip\defbodyindent \defbodyindent=.4in
+\newskip\defargsindent \defargsindent=50pt
+\newskip\deflastargmargin \deflastargmargin=18pt
+\newcount\defunpenalty
+
+% Start the processing of @deffn:
+\def\startdefun{%
+ \ifnum\lastpenalty<10000
+ \medbreak
+ \defunpenalty=10003 % Will keep this @deffn together with the
+ % following @def command, see below.
+ \else
+ % If there are two @def commands in a row, we'll have a \nobreak,
+ % which is there to keep the function description together with its
+ % header. But if there's nothing but headers, we need to allow a
+ % break somewhere. Check specifically for penalty 10002, inserted
+ % by \printdefunline, instead of 10000, since the sectioning
+ % commands also insert a nobreak penalty, and we don't want to allow
+ % a break between a section heading and a defun.
+ %
+ % As a minor refinement, we avoid "club" headers by signalling
+ % with penalty of 10003 after the very first @deffn in the
+ % sequence (see above), and penalty of 10002 after any following
+ % @def command.
+ \ifnum\lastpenalty=10002 \penalty2000 \else \defunpenalty=10002 \fi
+ %
+ % Similarly, after a section heading, do not allow a break.
+ % But do insert the glue.
+ \medskip % preceded by discardable penalty, so not a breakpoint
+ \fi
+ %
+ \parindent=0in
+ \advance\leftskip by \defbodyindent
+ \exdentamount=\defbodyindent
+}
+
+\def\dodefunx#1{%
+ % First, check whether we are in the right environment:
+ \checkenv#1%
+ %
+ % As above, allow line break if we have multiple x headers in a row.
+ % It's not a great place, though.
+ \ifnum\lastpenalty=10002 \penalty3000 \else \defunpenalty=10002 \fi
+ %
+ % And now, it's time to reuse the body of the original defun:
+ \expandafter\gobbledefun#1%
+}
+\def\gobbledefun#1\startdefun{}
+
+% \printdefunline \deffnheader{text}
+%
+\def\printdefunline#1#2{%
+ \begingroup
+ % call \deffnheader:
+ #1#2 \endheader
+ % common ending:
+ \interlinepenalty = 10000
+ \advance\rightskip by 0pt plus 1fil
+ \endgraf
+ \nobreak\vskip -\parskip
+ \penalty\defunpenalty % signal to \startdefun and \dodefunx
+ % Some of the @defun-type tags do not enable magic parentheses,
+ % rendering the following check redundant. But we don't optimize.
+ \checkparencounts
+ \endgroup
+}
+
+\def\Edefun{\endgraf\medbreak}
+
+% \makedefun{deffn} creates \deffn, \deffnx and \Edeffn;
+% the only thing remainnig is to define \deffnheader.
+%
+\def\makedefun#1{%
+ \expandafter\let\csname E#1\endcsname = \Edefun
+ \edef\temp{\noexpand\domakedefun
+ \makecsname{#1}\makecsname{#1x}\makecsname{#1header}}%
+ \temp
+}
+
+% \domakedefun \deffn \deffnx \deffnheader
+%
+% Define \deffn and \deffnx, without parameters.
+% \deffnheader has to be defined explicitly.
+%
+\def\domakedefun#1#2#3{%
+ \envdef#1{%
+ \startdefun
+ \parseargusing\activeparens{\printdefunline#3}%
+ }%
+ \def#2{\dodefunx#1}%
+ \def#3%
+}
+
+%%% Untyped functions:
+
+% @deffn category name args
+\makedefun{deffn}{\deffngeneral{}}
+
+% @deffn category class name args
+\makedefun{defop}#1 {\defopon{#1\ \putwordon}}
+
+% \defopon {category on}class name args
+\def\defopon#1#2 {\deffngeneral{\putwordon\ \code{#2}}{#1\ \code{#2}} }
+
+% \deffngeneral {subind}category name args
+%
+\def\deffngeneral#1#2 #3 #4\endheader{%
+ % Remember that \dosubind{fn}{foo}{} is equivalent to \doind{fn}{foo}.
+ \dosubind{fn}{\code{#3}}{#1}%
+ \defname{#2}{}{#3}\magicamp\defunargs{#4\unskip}%
+}
+
+%%% Typed functions:
+
+% @deftypefn category type name args
+\makedefun{deftypefn}{\deftypefngeneral{}}
+
+% @deftypeop category class type name args
+\makedefun{deftypeop}#1 {\deftypeopon{#1\ \putwordon}}
+
+% \deftypeopon {category on}class type name args
+\def\deftypeopon#1#2 {\deftypefngeneral{\putwordon\ \code{#2}}{#1\ \code{#2}} }
+
+% \deftypefngeneral {subind}category type name args
+%
+\def\deftypefngeneral#1#2 #3 #4 #5\endheader{%
+ \dosubind{fn}{\code{#4}}{#1}%
+ \defname{#2}{#3}{#4}\defunargs{#5\unskip}%
+}
+
+%%% Typed variables:
+
+% @deftypevr category type var args
+\makedefun{deftypevr}{\deftypecvgeneral{}}
+
+% @deftypecv category class type var args
+\makedefun{deftypecv}#1 {\deftypecvof{#1\ \putwordof}}
+
+% \deftypecvof {category of}class type var args
+\def\deftypecvof#1#2 {\deftypecvgeneral{\putwordof\ \code{#2}}{#1\ \code{#2}} }
+
+% \deftypecvgeneral {subind}category type var args
+%
+\def\deftypecvgeneral#1#2 #3 #4 #5\endheader{%
+ \dosubind{vr}{\code{#4}}{#1}%
+ \defname{#2}{#3}{#4}\defunargs{#5\unskip}%
+}
+
+%%% Untyped variables:
+
+% @defvr category var args
+\makedefun{defvr}#1 {\deftypevrheader{#1} {} }
+
+% @defcv category class var args
+\makedefun{defcv}#1 {\defcvof{#1\ \putwordof}}
+
+% \defcvof {category of}class var args
+\def\defcvof#1#2 {\deftypecvof{#1}#2 {} }
+
+%%% Type:
+% @deftp category name args
+\makedefun{deftp}#1 #2 #3\endheader{%
+ \doind{tp}{\code{#2}}%
+ \defname{#1}{}{#2}\defunargs{#3\unskip}%
+}
+
+% Remaining @defun-like shortcuts:
+\makedefun{defun}{\deffnheader{\putwordDeffunc} }
+\makedefun{defmac}{\deffnheader{\putwordDefmac} }
+\makedefun{defspec}{\deffnheader{\putwordDefspec} }
+\makedefun{deftypefun}{\deftypefnheader{\putwordDeffunc} }
+\makedefun{defvar}{\defvrheader{\putwordDefvar} }
+\makedefun{defopt}{\defvrheader{\putwordDefopt} }
+\makedefun{deftypevar}{\deftypevrheader{\putwordDefvar} }
+\makedefun{defmethod}{\defopon\putwordMethodon}
+\makedefun{deftypemethod}{\deftypeopon\putwordMethodon}
+\makedefun{defivar}{\defcvof\putwordInstanceVariableof}
+\makedefun{deftypeivar}{\deftypecvof\putwordInstanceVariableof}
+
+% \defname, which formats the name of the @def (not the args).
+% #1 is the category, such as "Function".
+% #2 is the return type, if any.
+% #3 is the function name.
+%
+% We are followed by (but not passed) the arguments, if any.
+%
+\def\defname#1#2#3{%
+ % Get the values of \leftskip and \rightskip as they were outside the @def...
+ \advance\leftskip by -\defbodyindent
+ %
+ % How we'll format the type name. Putting it in brackets helps
+ % distinguish it from the body text that may end up on the next line
+ % just below it.
+ \def\temp{#1}%
+ \setbox0=\hbox{\kern\deflastargmargin \ifx\temp\empty\else [\rm\temp]\fi}
+ %
+ % Figure out line sizes for the paragraph shape.
+ % The first line needs space for \box0; but if \rightskip is nonzero,
+ % we need only space for the part of \box0 which exceeds it:
+ \dimen0=\hsize \advance\dimen0 by -\wd0 \advance\dimen0 by \rightskip
+ % The continuations:
+ \dimen2=\hsize \advance\dimen2 by -\defargsindent
+ % (plain.tex says that \dimen1 should be used only as global.)
+ \parshape 2 0in \dimen0 \defargsindent \dimen2
+ %
+ % Put the type name to the right margin.
+ \noindent
+ \hbox to 0pt{%
+ \hfil\box0 \kern-\hsize
+ % \hsize has to be shortened this way:
+ \kern\leftskip
+ % Intentionally do not respect \rightskip, since we need the space.
+ }%
+ %
+ % Allow all lines to be underfull without complaint:
+ \tolerance=10000 \hbadness=10000
+ \exdentamount=\defbodyindent
+ {%
+ % defun fonts. We use typewriter by default (used to be bold) because:
+ % . we're printing identifiers, they should be in tt in principle.
+ % . in languages with many accents, such as Czech or French, it's
+ % common to leave accents off identifiers. The result looks ok in
+ % tt, but exceedingly strange in rm.
+ % . we don't want -- and --- to be treated as ligatures.
+ % . this still does not fix the ?` and !` ligatures, but so far no
+ % one has made identifiers using them :).
+ \df \tt
+ \def\temp{#2}% return value type
+ \ifx\temp\empty\else \tclose{\temp} \fi
+ #3% output function name
+ }%
+ {\rm\enskip}% hskip 0.5 em of \tenrm
+ %
+ \boldbrax
+ % arguments will be output next, if any.
+}
+
+% Print arguments in slanted roman (not ttsl), inconsistently with using
+% tt for the name. This is because literal text is sometimes needed in
+% the argument list (groff manual), and ttsl and tt are not very
+% distinguishable. Prevent hyphenation at `-' chars.
+%
+\def\defunargs#1{%
+ % use sl by default (not ttsl),
+ % tt for the names.
+ \df \sl \hyphenchar\font=0
+ %
+ % On the other hand, if an argument has two dashes (for instance), we
+ % want a way to get ttsl. Let's try @var for that.
+ \let\var=\ttslanted
+ #1%
+ \sl\hyphenchar\font=45
+}
+
+% We want ()&[] to print specially on the defun line.
+%
+\def\activeparens{%
+ \catcode`\(=\active \catcode`\)=\active
+ \catcode`\[=\active \catcode`\]=\active
+ \catcode`\&=\active
+}
+
+% Make control sequences which act like normal parenthesis chars.
+\let\lparen = ( \let\rparen = )
+
+% Be sure that we always have a definition for `(', etc. For example,
+% if the fn name has parens in it, \boldbrax will not be in effect yet,
+% so TeX would otherwise complain about undefined control sequence.
+{
+ \activeparens
+ \global\let(=\lparen \global\let)=\rparen
+ \global\let[=\lbrack \global\let]=\rbrack
+ \global\let& = \&
+
+ \gdef\boldbrax{\let(=\opnr\let)=\clnr\let[=\lbrb\let]=\rbrb}
+ \gdef\magicamp{\let&=\amprm}
+}
+
+\newcount\parencount
+
+% If we encounter &foo, then turn on ()-hacking afterwards
+\newif\ifampseen
+\def\amprm#1 {\ampseentrue{\bf\&#1 }}
+
+\def\parenfont{%
+ \ifampseen
+ % At the first level, print parens in roman,
+ % otherwise use the default font.
+ \ifnum \parencount=1 \rm \fi
+ \else
+ % The \sf parens (in \boldbrax) actually are a little bolder than
+ % the contained text. This is especially needed for [ and ] .
+ \sf
+ \fi
+}
+\def\infirstlevel#1{%
+ \ifampseen
+ \ifnum\parencount=1
+ #1%
+ \fi
+ \fi
+}
+\def\bfafterword#1 {#1 \bf}
+
+\def\opnr{%
+ \global\advance\parencount by 1
+ {\parenfont(}%
+ \infirstlevel \bfafterword
+}
+\def\clnr{%
+ {\parenfont)}%
+ \infirstlevel \sl
+ \global\advance\parencount by -1
+}
+
+\newcount\brackcount
+\def\lbrb{%
+ \global\advance\brackcount by 1
+ {\bf[}%
+}
+\def\rbrb{%
+ {\bf]}%
+ \global\advance\brackcount by -1
+}
+
+\def\checkparencounts{%
+ \ifnum\parencount=0 \else \badparencount \fi
+ \ifnum\brackcount=0 \else \badbrackcount \fi
+}
+\def\badparencount{%
+ \errmessage{Unbalanced parentheses in @def}%
+ \global\parencount=0
+}
+\def\badbrackcount{%
+ \errmessage{Unbalanced square braces in @def}%
+ \global\brackcount=0
+}
+
+
+\message{macros,}
+% @macro.
+
+% To do this right we need a feature of e-TeX, \scantokens,
+% which we arrange to emulate with a temporary file in ordinary TeX.
+\ifx\eTeXversion\undefined
+ \newwrite\macscribble
+ \def\scantokens#1{%
+ \toks0={#1}%
+ \immediate\openout\macscribble=\jobname.tmp
+ \immediate\write\macscribble{\the\toks0}%
+ \immediate\closeout\macscribble
+ \input \jobname.tmp
+ }
+\fi
+
+\def\scanmacro#1{%
+ \begingroup
+ \newlinechar`\^^M
+ \let\xeatspaces\eatspaces
+ % Undo catcode changes of \startcontents and \doprintindex
+ % When called from @insertcopying or (short)caption, we need active
+ % backslash to get it printed correctly. Previously, we had
+ % \catcode`\\=\other instead. We'll see whether a problem appears
+ % with macro expansion. --kasal, 19aug04
+ \catcode`\@=0 \catcode`\\=\active \escapechar=`\@
+ % ... and \example
+ \spaceisspace
+ %
+ % Append \endinput to make sure that TeX does not see the ending newline.
+ % I've verified that it is necessary both for e-TeX and for ordinary TeX
+ % --kasal, 29nov03
+ \scantokens{#1\endinput}%
+ \endgroup
+}
+
+\def\scanexp#1{%
+ \edef\temp{\noexpand\scanmacro{#1}}%
+ \temp
+}
+
+\newcount\paramno % Count of parameters
+\newtoks\macname % Macro name
+\newif\ifrecursive % Is it recursive?
+
+% List of all defined macros in the form
+% \definedummyword\macro1\definedummyword\macro2...
+% Currently is also contains all @aliases; the list can be split
+% if there is a need.
+\def\macrolist{}
+
+% Add the macro to \macrolist
+\def\addtomacrolist#1{\expandafter \addtomacrolistxxx \csname#1\endcsname}
+\def\addtomacrolistxxx#1{%
+ \toks0 = \expandafter{\macrolist\definedummyword#1}%
+ \xdef\macrolist{\the\toks0}%
+}
+
+% Utility routines.
+% This does \let #1 = #2, with \csnames; that is,
+% \let \csname#1\endcsname = \csname#2\endcsname
+% (except of course we have to play expansion games).
+%
+\def\cslet#1#2{%
+ \expandafter\let
+ \csname#1\expandafter\endcsname
+ \csname#2\endcsname
+}
+
+% Trim leading and trailing spaces off a string.
+% Concepts from aro-bend problem 15 (see CTAN).
+{\catcode`\@=11
+\gdef\eatspaces #1{\expandafter\trim@\expandafter{#1 }}
+\gdef\trim@ #1{\trim@@ @#1 @ #1 @ @@}
+\gdef\trim@@ #1@ #2@ #3@@{\trim@@@\empty #2 @}
+\def\unbrace#1{#1}
+\unbrace{\gdef\trim@@@ #1 } #2@{#1}
+}
+
+% Trim a single trailing ^^M off a string.
+{\catcode`\^^M=\other \catcode`\Q=3%
+\gdef\eatcr #1{\eatcra #1Q^^MQ}%
+\gdef\eatcra#1^^MQ{\eatcrb#1Q}%
+\gdef\eatcrb#1Q#2Q{#1}%
+}
+
+% Macro bodies are absorbed as an argument in a context where
+% all characters are catcode 10, 11 or 12, except \ which is active
+% (as in normal texinfo). It is necessary to change the definition of \.
+
+% It's necessary to have hard CRs when the macro is executed. This is
+% done by making ^^M (\endlinechar) catcode 12 when reading the macro
+% body, and then making it the \newlinechar in \scanmacro.
+
+\def\scanctxt{%
+ \catcode`\"=\other
+ \catcode`\+=\other
+ \catcode`\<=\other
+ \catcode`\>=\other
+ \catcode`\@=\other
+ \catcode`\^=\other
+ \catcode`\_=\other
+ \catcode`\|=\other
+ \catcode`\~=\other
+}
+
+\def\scanargctxt{%
+ \scanctxt
+ \catcode`\\=\other
+ \catcode`\^^M=\other
+}
+
+\def\macrobodyctxt{%
+ \scanctxt
+ \catcode`\{=\other
+ \catcode`\}=\other
+ \catcode`\^^M=\other
+ \usembodybackslash
+}
+
+\def\macroargctxt{%
+ \scanctxt
+ \catcode`\\=\other
+}
+
+% \mbodybackslash is the definition of \ in @macro bodies.
+% It maps \foo\ => \csname macarg.foo\endcsname => #N
+% where N is the macro parameter number.
+% We define \csname macarg.\endcsname to be \realbackslash, so
+% \\ in macro replacement text gets you a backslash.
+
+{\catcode`@=0 @catcode`@\=@active
+ @gdef@usembodybackslash{@let\=@mbodybackslash}
+ @gdef@mbodybackslash#1\{@csname macarg.#1@endcsname}
+}
+\expandafter\def\csname macarg.\endcsname{\realbackslash}
+
+\def\macro{\recursivefalse\parsearg\macroxxx}
+\def\rmacro{\recursivetrue\parsearg\macroxxx}
+
+\def\macroxxx#1{%
+ \getargs{#1}% now \macname is the macname and \argl the arglist
+ \ifx\argl\empty % no arguments
+ \paramno=0%
+ \else
+ \expandafter\parsemargdef \argl;%
+ \fi
+ \if1\csname ismacro.\the\macname\endcsname
+ \message{Warning: redefining \the\macname}%
+ \else
+ \expandafter\ifx\csname \the\macname\endcsname \relax
+ \else \errmessage{Macro name \the\macname\space already defined}\fi
+ \global\cslet{macsave.\the\macname}{\the\macname}%
+ \global\expandafter\let\csname ismacro.\the\macname\endcsname=1%
+ \addtomacrolist{\the\macname}%
+ \fi
+ \begingroup \macrobodyctxt
+ \ifrecursive \expandafter\parsermacbody
+ \else \expandafter\parsemacbody
+ \fi}
+
+\parseargdef\unmacro{%
+ \if1\csname ismacro.#1\endcsname
+ \global\cslet{#1}{macsave.#1}%
+ \global\expandafter\let \csname ismacro.#1\endcsname=0%
+ % Remove the macro name from \macrolist:
+ \begingroup
+ \expandafter\let\csname#1\endcsname \relax
+ \let\definedummyword\unmacrodo
+ \xdef\macrolist{\macrolist}%
+ \endgroup
+ \else
+ \errmessage{Macro #1 not defined}%
+ \fi
+}
+
+% Called by \do from \dounmacro on each macro. The idea is to omit any
+% macro definitions that have been changed to \relax.
+%
+\def\unmacrodo#1{%
+ \ifx #1\relax
+ % remove this
+ \else
+ \noexpand\definedummyword \noexpand#1%
+ \fi
+}
+
+% This makes use of the obscure feature that if the last token of a
+% <parameter list> is #, then the preceding argument is delimited by
+% an opening brace, and that opening brace is not consumed.
+\def\getargs#1{\getargsxxx#1{}}
+\def\getargsxxx#1#{\getmacname #1 \relax\getmacargs}
+\def\getmacname #1 #2\relax{\macname={#1}}
+\def\getmacargs#1{\def\argl{#1}}
+
+% Parse the optional {params} list. Set up \paramno and \paramlist
+% so \defmacro knows what to do. Define \macarg.blah for each blah
+% in the params list, to be ##N where N is the position in that list.
+% That gets used by \mbodybackslash (above).
+
+% We need to get `macro parameter char #' into several definitions.
+% The technique used is stolen from LaTeX: let \hash be something
+% unexpandable, insert that wherever you need a #, and then redefine
+% it to # just before using the token list produced.
+%
+% The same technique is used to protect \eatspaces till just before
+% the macro is used.
+
+\def\parsemargdef#1;{\paramno=0\def\paramlist{}%
+ \let\hash\relax\let\xeatspaces\relax\parsemargdefxxx#1,;,}
+\def\parsemargdefxxx#1,{%
+ \if#1;\let\next=\relax
+ \else \let\next=\parsemargdefxxx
+ \advance\paramno by 1%
+ \expandafter\edef\csname macarg.\eatspaces{#1}\endcsname
+ {\xeatspaces{\hash\the\paramno}}%
+ \edef\paramlist{\paramlist\hash\the\paramno,}%
+ \fi\next}
+
+% These two commands read recursive and nonrecursive macro bodies.
+% (They're different since rec and nonrec macros end differently.)
+
+\long\def\parsemacbody#1@end macro%
+{\xdef\temp{\eatcr{#1}}\endgroup\defmacro}%
+\long\def\parsermacbody#1@end rmacro%
+{\xdef\temp{\eatcr{#1}}\endgroup\defmacro}%
+
+% This defines the macro itself. There are six cases: recursive and
+% nonrecursive macros of zero, one, and many arguments.
+% Much magic with \expandafter here.
+% \xdef is used so that macro definitions will survive the file
+% they're defined in; @include reads the file inside a group.
+\def\defmacro{%
+ \let\hash=##% convert placeholders to macro parameter chars
+ \ifrecursive
+ \ifcase\paramno
+ % 0
+ \expandafter\xdef\csname\the\macname\endcsname{%
+ \noexpand\scanmacro{\temp}}%
+ \or % 1
+ \expandafter\xdef\csname\the\macname\endcsname{%
+ \bgroup\noexpand\macroargctxt
+ \noexpand\braceorline
+ \expandafter\noexpand\csname\the\macname xxx\endcsname}%
+ \expandafter\xdef\csname\the\macname xxx\endcsname##1{%
+ \egroup\noexpand\scanmacro{\temp}}%
+ \else % many
+ \expandafter\xdef\csname\the\macname\endcsname{%
+ \bgroup\noexpand\macroargctxt
+ \noexpand\csname\the\macname xx\endcsname}%
+ \expandafter\xdef\csname\the\macname xx\endcsname##1{%
+ \expandafter\noexpand\csname\the\macname xxx\endcsname ##1,}%
+ \expandafter\expandafter
+ \expandafter\xdef
+ \expandafter\expandafter
+ \csname\the\macname xxx\endcsname
+ \paramlist{\egroup\noexpand\scanmacro{\temp}}%
+ \fi
+ \else
+ \ifcase\paramno
+ % 0
+ \expandafter\xdef\csname\the\macname\endcsname{%
+ \noexpand\norecurse{\the\macname}%
+ \noexpand\scanmacro{\temp}\egroup}%
+ \or % 1
+ \expandafter\xdef\csname\the\macname\endcsname{%
+ \bgroup\noexpand\macroargctxt
+ \noexpand\braceorline
+ \expandafter\noexpand\csname\the\macname xxx\endcsname}%
+ \expandafter\xdef\csname\the\macname xxx\endcsname##1{%
+ \egroup
+ \noexpand\norecurse{\the\macname}%
+ \noexpand\scanmacro{\temp}\egroup}%
+ \else % many
+ \expandafter\xdef\csname\the\macname\endcsname{%
+ \bgroup\noexpand\macroargctxt
+ \expandafter\noexpand\csname\the\macname xx\endcsname}%
+ \expandafter\xdef\csname\the\macname xx\endcsname##1{%
+ \expandafter\noexpand\csname\the\macname xxx\endcsname ##1,}%
+ \expandafter\expandafter
+ \expandafter\xdef
+ \expandafter\expandafter
+ \csname\the\macname xxx\endcsname
+ \paramlist{%
+ \egroup
+ \noexpand\norecurse{\the\macname}%
+ \noexpand\scanmacro{\temp}\egroup}%
+ \fi
+ \fi}
+
+\def\norecurse#1{\bgroup\cslet{#1}{macsave.#1}}
+
+% \braceorline decides whether the next nonwhitespace character is a
+% {. If so it reads up to the closing }, if not, it reads the whole
+% line. Whatever was read is then fed to the next control sequence
+% as an argument (by \parsebrace or \parsearg)
+\def\braceorline#1{\let\macnamexxx=#1\futurelet\nchar\braceorlinexxx}
+\def\braceorlinexxx{%
+ \ifx\nchar\bgroup\else
+ \expandafter\parsearg
+ \fi \macnamexxx}
+
+
+% @alias.
+% We need some trickery to remove the optional spaces around the equal
+% sign. Just make them active and then expand them all to nothing.
+\def\alias{\parseargusing\obeyspaces\aliasxxx}
+\def\aliasxxx #1{\aliasyyy#1\relax}
+\def\aliasyyy #1=#2\relax{%
+ {%
+ \expandafter\let\obeyedspace=\empty
+ \addtomacrolist{#1}%
+ \xdef\next{\global\let\makecsname{#1}=\makecsname{#2}}%
+ }%
+ \next
+}
+
+
+\message{cross references,}
+
+\newwrite\auxfile
+\newif\ifhavexrefs % True if xref values are known.
+\newif\ifwarnedxrefs % True if we warned once that they aren't known.
+
+% @inforef is relatively simple.
+\def\inforef #1{\inforefzzz #1,,,,**}
+\def\inforefzzz #1,#2,#3,#4**{\putwordSee{} \putwordInfo{} \putwordfile{} \file{\ignorespaces #3{}},
+ node \samp{\ignorespaces#1{}}}
+
+% @node's only job in TeX is to define \lastnode, which is used in
+% cross-references. The @node line might or might not have commas, and
+% might or might not have spaces before the first comma, like:
+% @node foo , bar , ...
+% We don't want such trailing spaces in the node name.
+%
+\parseargdef\node{\checkenv{}\donode #1 ,\finishnodeparse}
+%
+% also remove a trailing comma, in case of something like this:
+% @node Help-Cross, , , Cross-refs
+\def\donode#1 ,#2\finishnodeparse{\dodonode #1,\finishnodeparse}
+\def\dodonode#1,#2\finishnodeparse{\gdef\lastnode{#1}}
+
+\let\nwnode=\node
+\let\lastnode=\empty
+
+% Write a cross-reference definition for the current node. #1 is the
+% type (Ynumbered, Yappendix, Ynothing).
+%
+\def\donoderef#1{%
+ \ifx\lastnode\empty\else
+ \setref{\lastnode}{#1}%
+ \global\let\lastnode=\empty
+ \fi
+}
+
+% @anchor{NAME} -- define xref target at arbitrary point.
+%
+\newcount\savesfregister
+%
+\def\savesf{\relax \ifhmode \savesfregister=\spacefactor \fi}
+\def\restoresf{\relax \ifhmode \spacefactor=\savesfregister \fi}
+\def\anchor#1{\savesf \setref{#1}{Ynothing}\restoresf \ignorespaces}
+
+% \setref{NAME}{SNT} defines a cross-reference point NAME (a node or an
+% anchor), which consists of three parts:
+% 1) NAME-title - the current sectioning name taken from \thissection,
+% or the anchor name.
+% 2) NAME-snt - section number and type, passed as the SNT arg, or
+% empty for anchors.
+% 3) NAME-pg - the page number.
+%
+% This is called from \donoderef, \anchor, and \dofloat. In the case of
+% floats, there is an additional part, which is not written here:
+% 4) NAME-lof - the text as it should appear in a @listoffloats.
+%
+\def\setref#1#2{%
+ \pdfmkdest{#1}%
+ \iflinks
+ {%
+ \atdummies % preserve commands, but don't expand them
+ \edef\writexrdef##1##2{%
+ \write\auxfile{@xrdef{#1-% #1 of \setref, expanded by the \edef
+ ##1}{##2}}% these are parameters of \writexrdef
+ }%
+ \toks0 = \expandafter{\thissection}%
+ \immediate \writexrdef{title}{\the\toks0 }%
+ \immediate \writexrdef{snt}{\csname #2\endcsname}% \Ynumbered etc.
+ \safewhatsit{\writexrdef{pg}{\folio}}% will be written later, during \shipout
+ }%
+ \fi
+}
+
+% @xref, @pxref, and @ref generate cross-references. For \xrefX, #1 is
+% the node name, #2 the name of the Info cross-reference, #3 the printed
+% node name, #4 the name of the Info file, #5 the name of the printed
+% manual. All but the node name can be omitted.
+%
+\def\pxref#1{\putwordsee{} \xrefX[#1,,,,,,,]}
+\def\xref#1{\putwordSee{} \xrefX[#1,,,,,,,]}
+\def\ref#1{\xrefX[#1,,,,,,,]}
+\def\xrefX[#1,#2,#3,#4,#5,#6]{\begingroup
+ \unsepspaces
+ \def\printedmanual{\ignorespaces #5}%
+ \def\printedrefname{\ignorespaces #3}%
+ \setbox1=\hbox{\printedmanual\unskip}%
+ \setbox0=\hbox{\printedrefname\unskip}%
+ \ifdim \wd0 = 0pt
+ % No printed node name was explicitly given.
+ \expandafter\ifx\csname SETxref-automatic-section-title\endcsname\relax
+ % Use the node name inside the square brackets.
+ \def\printedrefname{\ignorespaces #1}%
+ \else
+ % Use the actual chapter/section title appear inside
+ % the square brackets. Use the real section title if we have it.
+ \ifdim \wd1 > 0pt
+ % It is in another manual, so we don't have it.
+ \def\printedrefname{\ignorespaces #1}%
+ \else
+ \ifhavexrefs
+ % We know the real title if we have the xref values.
+ \def\printedrefname{\refx{#1-title}{}}%
+ \else
+ % Otherwise just copy the Info node name.
+ \def\printedrefname{\ignorespaces #1}%
+ \fi%
+ \fi
+ \fi
+ \fi
+ %
+ % Make link in pdf output.
+ \ifpdf
+ \leavevmode
+ \getfilename{#4}%
+ {\indexnofonts
+ \turnoffactive
+ % See comments at \activebackslashdouble.
+ {\activebackslashdouble \xdef\pdfxrefdest{#1}%
+ \backslashparens\pdfxrefdest}%
+ %
+ \ifnum\filenamelength>0
+ \startlink attr{/Border [0 0 0]}%
+ goto file{\the\filename.pdf} name{\pdfxrefdest}%
+ \else
+ \startlink attr{/Border [0 0 0]}%
+ goto name{\pdfmkpgn{\pdfxrefdest}}%
+ \fi
+ }%
+ \linkcolor
+ \fi
+ %
+ % Float references are printed completely differently: "Figure 1.2"
+ % instead of "[somenode], p.3". We distinguish them by the
+ % LABEL-title being set to a magic string.
+ {%
+ % Have to otherify everything special to allow the \csname to
+ % include an _ in the xref name, etc.
+ \indexnofonts
+ \turnoffactive
+ \expandafter\global\expandafter\let\expandafter\Xthisreftitle
+ \csname XR#1-title\endcsname
+ }%
+ \iffloat\Xthisreftitle
+ % If the user specified the print name (third arg) to the ref,
+ % print it instead of our usual "Figure 1.2".
+ \ifdim\wd0 = 0pt
+ \refx{#1-snt}{}%
+ \else
+ \printedrefname
+ \fi
+ %
+ % if the user also gave the printed manual name (fifth arg), append
+ % "in MANUALNAME".
+ \ifdim \wd1 > 0pt
+ \space \putwordin{} \cite{\printedmanual}%
+ \fi
+ \else
+ % node/anchor (non-float) references.
+ %
+ % If we use \unhbox0 and \unhbox1 to print the node names, TeX does not
+ % insert empty discretionaries after hyphens, which means that it will
+ % not find a line break at a hyphen in a node names. Since some manuals
+ % are best written with fairly long node names, containing hyphens, this
+ % is a loss. Therefore, we give the text of the node name again, so it
+ % is as if TeX is seeing it for the first time.
+ \ifdim \wd1 > 0pt
+ \putwordsection{} ``\printedrefname'' \putwordin{} \cite{\printedmanual}%
+ \else
+ % _ (for example) has to be the character _ for the purposes of the
+ % control sequence corresponding to the node, but it has to expand
+ % into the usual \leavevmode...\vrule stuff for purposes of
+ % printing. So we \turnoffactive for the \refx-snt, back on for the
+ % printing, back off for the \refx-pg.
+ {\turnoffactive
+ % Only output a following space if the -snt ref is nonempty; for
+ % @unnumbered and @anchor, it won't be.
+ \setbox2 = \hbox{\ignorespaces \refx{#1-snt}{}}%
+ \ifdim \wd2 > 0pt \refx{#1-snt}\space\fi
+ }%
+ % output the `[mynode]' via a macro so it can be overridden.
+ \xrefprintnodename\printedrefname
+ %
+ % But we always want a comma and a space:
+ ,\space
+ %
+ % output the `page 3'.
+ \turnoffactive \putwordpage\tie\refx{#1-pg}{}%
+ \fi
+ \fi
+ \endlink
+\endgroup}
+
+% This macro is called from \xrefX for the `[nodename]' part of xref
+% output. It's a separate macro only so it can be changed more easily,
+% since square brackets don't work well in some documents. Particularly
+% one that Bob is working on :).
+%
+\def\xrefprintnodename#1{[#1]}
+
+% Things referred to by \setref.
+%
+\def\Ynothing{}
+\def\Yomitfromtoc{}
+\def\Ynumbered{%
+ \ifnum\secno=0
+ \putwordChapter@tie \the\chapno
+ \else \ifnum\subsecno=0
+ \putwordSection@tie \the\chapno.\the\secno
+ \else \ifnum\subsubsecno=0
+ \putwordSection@tie \the\chapno.\the\secno.\the\subsecno
+ \else
+ \putwordSection@tie \the\chapno.\the\secno.\the\subsecno.\the\subsubsecno
+ \fi\fi\fi
+}
+\def\Yappendix{%
+ \ifnum\secno=0
+ \putwordAppendix@tie @char\the\appendixno{}%
+ \else \ifnum\subsecno=0
+ \putwordSection@tie @char\the\appendixno.\the\secno
+ \else \ifnum\subsubsecno=0
+ \putwordSection@tie @char\the\appendixno.\the\secno.\the\subsecno
+ \else
+ \putwordSection@tie
+ @char\the\appendixno.\the\secno.\the\subsecno.\the\subsubsecno
+ \fi\fi\fi
+}
+
+% Define \refx{NAME}{SUFFIX} to reference a cross-reference string named NAME.
+% If its value is nonempty, SUFFIX is output afterward.
+%
+\def\refx#1#2{%
+ {%
+ \indexnofonts
+ \otherbackslash
+ \expandafter\global\expandafter\let\expandafter\thisrefX
+ \csname XR#1\endcsname
+ }%
+ \ifx\thisrefX\relax
+ % If not defined, say something at least.
+ \angleleft un\-de\-fined\angleright
+ \iflinks
+ \ifhavexrefs
+ \message{\linenumber Undefined cross reference `#1'.}%
+ \else
+ \ifwarnedxrefs\else
+ \global\warnedxrefstrue
+ \message{Cross reference values unknown; you must run TeX again.}%
+ \fi
+ \fi
+ \fi
+ \else
+ % It's defined, so just use it.
+ \thisrefX
+ \fi
+ #2% Output the suffix in any case.
+}
+
+% This is the macro invoked by entries in the aux file. Usually it's
+% just a \def (we prepend XR to the control sequence name to avoid
+% collisions). But if this is a float type, we have more work to do.
+%
+\def\xrdef#1#2{%
+ {% The node name might contain 8-bit characters, which in our current
+ % implementation are changed to commands like @'e. Don't let these
+ % mess up the control sequence name.
+ \indexnofonts
+ \turnoffactive
+ \xdef\safexrefname{#1}%
+ }%
+ %
+ \expandafter\gdef\csname XR\safexrefname\endcsname{#2}% remember this xref
+ %
+ % Was that xref control sequence that we just defined for a float?
+ \expandafter\iffloat\csname XR\safexrefname\endcsname
+ % it was a float, and we have the (safe) float type in \iffloattype.
+ \expandafter\let\expandafter\floatlist
+ \csname floatlist\iffloattype\endcsname
+ %
+ % Is this the first time we've seen this float type?
+ \expandafter\ifx\floatlist\relax
+ \toks0 = {\do}% yes, so just \do
+ \else
+ % had it before, so preserve previous elements in list.
+ \toks0 = \expandafter{\floatlist\do}%
+ \fi
+ %
+ % Remember this xref in the control sequence \floatlistFLOATTYPE,
+ % for later use in \listoffloats.
+ \expandafter\xdef\csname floatlist\iffloattype\endcsname{\the\toks0
+ {\safexrefname}}%
+ \fi
+}
+
+% Read the last existing aux file, if any. No error if none exists.
+%
+\def\tryauxfile{%
+ \openin 1 \jobname.aux
+ \ifeof 1 \else
+ \readdatafile{aux}%
+ \global\havexrefstrue
+ \fi
+ \closein 1
+}
+
+\def\setupdatafile{%
+ \catcode`\^^@=\other
+ \catcode`\^^A=\other
+ \catcode`\^^B=\other
+ \catcode`\^^C=\other
+ \catcode`\^^D=\other
+ \catcode`\^^E=\other
+ \catcode`\^^F=\other
+ \catcode`\^^G=\other
+ \catcode`\^^H=\other
+ \catcode`\^^K=\other
+ \catcode`\^^L=\other
+ \catcode`\^^N=\other
+ \catcode`\^^P=\other
+ \catcode`\^^Q=\other
+ \catcode`\^^R=\other
+ \catcode`\^^S=\other
+ \catcode`\^^T=\other
+ \catcode`\^^U=\other
+ \catcode`\^^V=\other
+ \catcode`\^^W=\other
+ \catcode`\^^X=\other
+ \catcode`\^^Z=\other
+ \catcode`\^^[=\other
+ \catcode`\^^\=\other
+ \catcode`\^^]=\other
+ \catcode`\^^^=\other
+ \catcode`\^^_=\other
+ % It was suggested to set the catcode of ^ to 7, which would allow ^^e4 etc.
+ % in xref tags, i.e., node names. But since ^^e4 notation isn't
+ % supported in the main text, it doesn't seem desirable. Furthermore,
+ % that is not enough: for node names that actually contain a ^
+ % character, we would end up writing a line like this: 'xrdef {'hat
+ % b-title}{'hat b} and \xrdef does a \csname...\endcsname on the first
+ % argument, and \hat is not an expandable control sequence. It could
+ % all be worked out, but why? Either we support ^^ or we don't.
+ %
+ % The other change necessary for this was to define \auxhat:
+ % \def\auxhat{\def^{'hat }}% extra space so ok if followed by letter
+ % and then to call \auxhat in \setq.
+ %
+ \catcode`\^=\other
+ %
+ % Special characters. Should be turned off anyway, but...
+ \catcode`\~=\other
+ \catcode`\[=\other
+ \catcode`\]=\other
+ \catcode`\"=\other
+ \catcode`\_=\other
+ \catcode`\|=\other
+ \catcode`\<=\other
+ \catcode`\>=\other
+ \catcode`\$=\other
+ \catcode`\#=\other
+ \catcode`\&=\other
+ \catcode`\%=\other
+ \catcode`+=\other % avoid \+ for paranoia even though we've turned it off
+ %
+ % This is to support \ in node names and titles, since the \
+ % characters end up in a \csname. It's easier than
+ % leaving it active and making its active definition an actual \
+ % character. What I don't understand is why it works in the *value*
+ % of the xrdef. Seems like it should be a catcode12 \, and that
+ % should not typeset properly. But it works, so I'm moving on for
+ % now. --karl, 15jan04.
+ \catcode`\\=\other
+ %
+ % Make the characters 128-255 be printing characters.
+ {%
+ \count1=128
+ \def\loop{%
+ \catcode\count1=\other
+ \advance\count1 by 1
+ \ifnum \count1<256 \loop \fi
+ }%
+ }%
+ %
+ % @ is our escape character in .aux files, and we need braces.
+ \catcode`\{=1
+ \catcode`\}=2
+ \catcode`\@=0
+}
+
+\def\readdatafile#1{%
+\begingroup
+ \setupdatafile
+ \input\jobname.#1
+\endgroup}
+
+
+\message{insertions,}
+% including footnotes.
+
+\newcount \footnoteno
+
+% The trailing space in the following definition for supereject is
+% vital for proper filling; pages come out unaligned when you do a
+% pagealignmacro call if that space before the closing brace is
+% removed. (Generally, numeric constants should always be followed by a
+% space to prevent strange expansion errors.)
+\def\supereject{\par\penalty -20000\footnoteno =0 }
+
+% @footnotestyle is meaningful for info output only.
+\let\footnotestyle=\comment
+
+{\catcode `\@=11
+%
+% Auto-number footnotes. Otherwise like plain.
+\gdef\footnote{%
+ \let\indent=\ptexindent
+ \let\noindent=\ptexnoindent
+ \global\advance\footnoteno by \@ne
+ \edef\thisfootno{$^{\the\footnoteno}$}%
+ %
+ % In case the footnote comes at the end of a sentence, preserve the
+ % extra spacing after we do the footnote number.
+ \let\@sf\empty
+ \ifhmode\edef\@sf{\spacefactor\the\spacefactor}\ptexslash\fi
+ %
+ % Remove inadvertent blank space before typesetting the footnote number.
+ \unskip
+ \thisfootno\@sf
+ \dofootnote
+}%
+
+% Don't bother with the trickery in plain.tex to not require the
+% footnote text as a parameter. Our footnotes don't need to be so general.
+%
+% Oh yes, they do; otherwise, @ifset (and anything else that uses
+% \parseargline) fails inside footnotes because the tokens are fixed when
+% the footnote is read. --karl, 16nov96.
+%
+\gdef\dofootnote{%
+ \insert\footins\bgroup
+ % We want to typeset this text as a normal paragraph, even if the
+ % footnote reference occurs in (for example) a display environment.
+ % So reset some parameters.
+ \hsize=\pagewidth
+ \interlinepenalty\interfootnotelinepenalty
+ \splittopskip\ht\strutbox % top baseline for broken footnotes
+ \splitmaxdepth\dp\strutbox
+ \floatingpenalty\@MM
+ \leftskip\z@skip
+ \rightskip\z@skip
+ \spaceskip\z@skip
+ \xspaceskip\z@skip
+ \parindent\defaultparindent
+ %
+ \smallfonts \rm
+ %
+ % Because we use hanging indentation in footnotes, a @noindent appears
+ % to exdent this text, so make it be a no-op. makeinfo does not use
+ % hanging indentation so @noindent can still be needed within footnote
+ % text after an @example or the like (not that this is good style).
+ \let\noindent = \relax
+ %
+ % Hang the footnote text off the number. Use \everypar in case the
+ % footnote extends for more than one paragraph.
+ \everypar = {\hang}%
+ \textindent{\thisfootno}%
+ %
+ % Don't crash into the line above the footnote text. Since this
+ % expands into a box, it must come within the paragraph, lest it
+ % provide a place where TeX can split the footnote.
+ \footstrut
+ \futurelet\next\fo@t
+}
+}%end \catcode `\@=11
+
+% In case a @footnote appears in a vbox, save the footnote text and create
+% the real \insert just after the vbox finished. Otherwise, the insertion
+% would be lost.
+% Similarily, if a @footnote appears inside an alignment, save the footnote
+% text to a box and make the \insert when a row of the table is finished.
+% And the same can be done for other insert classes. --kasal, 16nov03.
+
+% Replace the \insert primitive by a cheating macro.
+% Deeper inside, just make sure that the saved insertions are not spilled
+% out prematurely.
+%
+\def\startsavinginserts{%
+ \ifx \insert\ptexinsert
+ \let\insert\saveinsert
+ \else
+ \let\checkinserts\relax
+ \fi
+}
+
+% This \insert replacement works for both \insert\footins{foo} and
+% \insert\footins\bgroup foo\egroup, but it doesn't work for \insert27{foo}.
+%
+\def\saveinsert#1{%
+ \edef\next{\noexpand\savetobox \makeSAVEname#1}%
+ \afterassignment\next
+ % swallow the left brace
+ \let\temp =
+}
+\def\makeSAVEname#1{\makecsname{SAVE\expandafter\gobble\string#1}}
+\def\savetobox#1{\global\setbox#1 = \vbox\bgroup \unvbox#1}
+
+\def\checksaveins#1{\ifvoid#1\else \placesaveins#1\fi}
+
+\def\placesaveins#1{%
+ \ptexinsert \csname\expandafter\gobblesave\string#1\endcsname
+ {\box#1}%
+}
+
+% eat @SAVE -- beware, all of them have catcode \other:
+{
+ \def\dospecials{\do S\do A\do V\do E} \uncatcodespecials % ;-)
+ \gdef\gobblesave @SAVE{}
+}
+
+% initialization:
+\def\newsaveins #1{%
+ \edef\next{\noexpand\newsaveinsX \makeSAVEname#1}%
+ \next
+}
+\def\newsaveinsX #1{%
+ \csname newbox\endcsname #1%
+ \expandafter\def\expandafter\checkinserts\expandafter{\checkinserts
+ \checksaveins #1}%
+}
+
+% initialize:
+\let\checkinserts\empty
+\newsaveins\footins
+\newsaveins\margin
+
+
+% @image. We use the macros from epsf.tex to support this.
+% If epsf.tex is not installed and @image is used, we complain.
+%
+% Check for and read epsf.tex up front. If we read it only at @image
+% time, we might be inside a group, and then its definitions would get
+% undone and the next image would fail.
+\openin 1 = epsf.tex
+\ifeof 1 \else
+ % Do not bother showing banner with epsf.tex v2.7k (available in
+ % doc/epsf.tex and on ctan).
+ \def\epsfannounce{\toks0 = }%
+ \input epsf.tex
+\fi
+\closein 1
+%
+% We will only complain once about lack of epsf.tex.
+\newif\ifwarnednoepsf
+\newhelp\noepsfhelp{epsf.tex must be installed for images to
+ work. It is also included in the Texinfo distribution, or you can get
+ it from ftp://tug.org/tex/epsf.tex.}
+%
+\def\image#1{%
+ \ifx\epsfbox\undefined
+ \ifwarnednoepsf \else
+ \errhelp = \noepsfhelp
+ \errmessage{epsf.tex not found, images will be ignored}%
+ \global\warnednoepsftrue
+ \fi
+ \else
+ \imagexxx #1,,,,,\finish
+ \fi
+}
+%
+% Arguments to @image:
+% #1 is (mandatory) image filename; we tack on .eps extension.
+% #2 is (optional) width, #3 is (optional) height.
+% #4 is (ignored optional) html alt text.
+% #5 is (ignored optional) extension.
+% #6 is just the usual extra ignored arg for parsing this stuff.
+\newif\ifimagevmode
+\def\imagexxx#1,#2,#3,#4,#5,#6\finish{\begingroup
+ \catcode`\^^M = 5 % in case we're inside an example
+ \normalturnoffactive % allow _ et al. in names
+ % If the image is by itself, center it.
+ \ifvmode
+ \imagevmodetrue
+ \nobreak\bigskip
+ % Usually we'll have text after the image which will insert
+ % \parskip glue, so insert it here too to equalize the space
+ % above and below.
+ \nobreak\vskip\parskip
+ \nobreak
+ \line\bgroup
+ \fi
+ %
+ % Output the image.
+ \ifpdf
+ \dopdfimage{#1}{#2}{#3}%
+ \else
+ % \epsfbox itself resets \epsf?size at each figure.
+ \setbox0 = \hbox{\ignorespaces #2}\ifdim\wd0 > 0pt \epsfxsize=#2\relax \fi
+ \setbox0 = \hbox{\ignorespaces #3}\ifdim\wd0 > 0pt \epsfysize=#3\relax \fi
+ \epsfbox{#1.eps}%
+ \fi
+ %
+ \ifimagevmode \egroup \bigbreak \fi % space after the image
+\endgroup}
+
+
+% @float FLOATTYPE,LABEL,LOC ... @end float for displayed figures, tables,
+% etc. We don't actually implement floating yet, we always include the
+% float "here". But it seemed the best name for the future.
+%
+\envparseargdef\float{\eatcommaspace\eatcommaspace\dofloat#1, , ,\finish}
+
+% There may be a space before second and/or third parameter; delete it.
+\def\eatcommaspace#1, {#1,}
+
+% #1 is the optional FLOATTYPE, the text label for this float, typically
+% "Figure", "Table", "Example", etc. Can't contain commas. If omitted,
+% this float will not be numbered and cannot be referred to.
+%
+% #2 is the optional xref label. Also must be present for the float to
+% be referable.
+%
+% #3 is the optional positioning argument; for now, it is ignored. It
+% will somehow specify the positions allowed to float to (here, top, bottom).
+%
+% We keep a separate counter for each FLOATTYPE, which we reset at each
+% chapter-level command.
+\let\resetallfloatnos=\empty
+%
+\def\dofloat#1,#2,#3,#4\finish{%
+ \let\thiscaption=\empty
+ \let\thisshortcaption=\empty
+ %
+ % don't lose footnotes inside @float.
+ %
+ % BEWARE: when the floats start float, we have to issue warning whenever an
+ % insert appears inside a float which could possibly float. --kasal, 26may04
+ %
+ \startsavinginserts
+ %
+ % We can't be used inside a paragraph.
+ \par
+ %
+ \vtop\bgroup
+ \def\floattype{#1}%
+ \def\floatlabel{#2}%
+ \def\floatloc{#3}% we do nothing with this yet.
+ %
+ \ifx\floattype\empty
+ \let\safefloattype=\empty
+ \else
+ {%
+ % the floattype might have accents or other special characters,
+ % but we need to use it in a control sequence name.
+ \indexnofonts
+ \turnoffactive
+ \xdef\safefloattype{\floattype}%
+ }%
+ \fi
+ %
+ % If label is given but no type, we handle that as the empty type.
+ \ifx\floatlabel\empty \else
+ % We want each FLOATTYPE to be numbered separately (Figure 1,
+ % Table 1, Figure 2, ...). (And if no label, no number.)
+ %
+ \expandafter\getfloatno\csname\safefloattype floatno\endcsname
+ \global\advance\floatno by 1
+ %
+ {%
+ % This magic value for \thissection is output by \setref as the
+ % XREFLABEL-title value. \xrefX uses it to distinguish float
+ % labels (which have a completely different output format) from
+ % node and anchor labels. And \xrdef uses it to construct the
+ % lists of floats.
+ %
+ \edef\thissection{\floatmagic=\safefloattype}%
+ \setref{\floatlabel}{Yfloat}%
+ }%
+ \fi
+ %
+ % start with \parskip glue, I guess.
+ \vskip\parskip
+ %
+ % Don't suppress indentation if a float happens to start a section.
+ \restorefirstparagraphindent
+}
+
+% we have these possibilities:
+% @float Foo,lbl & @caption{Cap}: Foo 1.1: Cap
+% @float Foo,lbl & no caption: Foo 1.1
+% @float Foo & @caption{Cap}: Foo: Cap
+% @float Foo & no caption: Foo
+% @float ,lbl & Caption{Cap}: 1.1: Cap
+% @float ,lbl & no caption: 1.1
+% @float & @caption{Cap}: Cap
+% @float & no caption:
+%
+\def\Efloat{%
+ \let\floatident = \empty
+ %
+ % In all cases, if we have a float type, it comes first.
+ \ifx\floattype\empty \else \def\floatident{\floattype}\fi
+ %
+ % If we have an xref label, the number comes next.
+ \ifx\floatlabel\empty \else
+ \ifx\floattype\empty \else % if also had float type, need tie first.
+ \appendtomacro\floatident{\tie}%
+ \fi
+ % the number.
+ \appendtomacro\floatident{\chaplevelprefix\the\floatno}%
+ \fi
+ %
+ % Start the printed caption with what we've constructed in
+ % \floatident, but keep it separate; we need \floatident again.
+ \let\captionline = \floatident
+ %
+ \ifx\thiscaption\empty \else
+ \ifx\floatident\empty \else
+ \appendtomacro\captionline{: }% had ident, so need a colon between
+ \fi
+ %
+ % caption text.
+ \appendtomacro\captionline{\scanexp\thiscaption}%
+ \fi
+ %
+ % If we have anything to print, print it, with space before.
+ % Eventually this needs to become an \insert.
+ \ifx\captionline\empty \else
+ \vskip.5\parskip
+ \captionline
+ %
+ % Space below caption.
+ \vskip\parskip
+ \fi
+ %
+ % If have an xref label, write the list of floats info. Do this
+ % after the caption, to avoid chance of it being a breakpoint.
+ \ifx\floatlabel\empty \else
+ % Write the text that goes in the lof to the aux file as
+ % \floatlabel-lof. Besides \floatident, we include the short
+ % caption if specified, else the full caption if specified, else nothing.
+ {%
+ \atdummies
+ %
+ % since we read the caption text in the macro world, where ^^M
+ % is turned into a normal character, we have to scan it back, so
+ % we don't write the literal three characters "^^M" into the aux file.
+ \scanexp{%
+ \xdef\noexpand\gtemp{%
+ \ifx\thisshortcaption\empty
+ \thiscaption
+ \else
+ \thisshortcaption
+ \fi
+ }%
+ }%
+ \immediate\write\auxfile{@xrdef{\floatlabel-lof}{\floatident
+ \ifx\gtemp\empty \else : \gtemp \fi}}%
+ }%
+ \fi
+ \egroup % end of \vtop
+ %
+ % place the captured inserts
+ %
+ % BEWARE: when the floats start floating, we have to issue warning
+ % whenever an insert appears inside a float which could possibly
+ % float. --kasal, 26may04
+ %
+ \checkinserts
+}
+
+% Append the tokens #2 to the definition of macro #1, not expanding either.
+%
+\def\appendtomacro#1#2{%
+ \expandafter\def\expandafter#1\expandafter{#1#2}%
+}
+
+% @caption, @shortcaption
+%
+\def\caption{\docaption\thiscaption}
+\def\shortcaption{\docaption\thisshortcaption}
+\def\docaption{\checkenv\float \bgroup\scanargctxt\defcaption}
+\def\defcaption#1#2{\egroup \def#1{#2}}
+
+% The parameter is the control sequence identifying the counter we are
+% going to use. Create it if it doesn't exist and assign it to \floatno.
+\def\getfloatno#1{%
+ \ifx#1\relax
+ % Haven't seen this figure type before.
+ \csname newcount\endcsname #1%
+ %
+ % Remember to reset this floatno at the next chap.
+ \expandafter\gdef\expandafter\resetallfloatnos
+ \expandafter{\resetallfloatnos #1=0 }%
+ \fi
+ \let\floatno#1%
+}
+
+% \setref calls this to get the XREFLABEL-snt value. We want an @xref
+% to the FLOATLABEL to expand to "Figure 3.1". We call \setref when we
+% first read the @float command.
+%
+\def\Yfloat{\floattype@tie \chaplevelprefix\the\floatno}%
+
+% Magic string used for the XREFLABEL-title value, so \xrefX can
+% distinguish floats from other xref types.
+\def\floatmagic{!!float!!}
+
+% #1 is the control sequence we are passed; we expand into a conditional
+% which is true if #1 represents a float ref. That is, the magic
+% \thissection value which we \setref above.
+%
+\def\iffloat#1{\expandafter\doiffloat#1==\finish}
+%
+% #1 is (maybe) the \floatmagic string. If so, #2 will be the
+% (safe) float type for this float. We set \iffloattype to #2.
+%
+\def\doiffloat#1=#2=#3\finish{%
+ \def\temp{#1}%
+ \def\iffloattype{#2}%
+ \ifx\temp\floatmagic
+}
+
+% @listoffloats FLOATTYPE - print a list of floats like a table of contents.
+%
+\parseargdef\listoffloats{%
+ \def\floattype{#1}% floattype
+ {%
+ % the floattype might have accents or other special characters,
+ % but we need to use it in a control sequence name.
+ \indexnofonts
+ \turnoffactive
+ \xdef\safefloattype{\floattype}%
+ }%
+ %
+ % \xrdef saves the floats as a \do-list in \floatlistSAFEFLOATTYPE.
+ \expandafter\ifx\csname floatlist\safefloattype\endcsname \relax
+ \ifhavexrefs
+ % if the user said @listoffloats foo but never @float foo.
+ \message{\linenumber No `\safefloattype' floats to list.}%
+ \fi
+ \else
+ \begingroup
+ \leftskip=\tocindent % indent these entries like a toc
+ \let\do=\listoffloatsdo
+ \csname floatlist\safefloattype\endcsname
+ \endgroup
+ \fi
+}
+
+% This is called on each entry in a list of floats. We're passed the
+% xref label, in the form LABEL-title, which is how we save it in the
+% aux file. We strip off the -title and look up \XRLABEL-lof, which
+% has the text we're supposed to typeset here.
+%
+% Figures without xref labels will not be included in the list (since
+% they won't appear in the aux file).
+%
+\def\listoffloatsdo#1{\listoffloatsdoentry#1\finish}
+\def\listoffloatsdoentry#1-title\finish{{%
+ % Can't fully expand XR#1-lof because it can contain anything. Just
+ % pass the control sequence. On the other hand, XR#1-pg is just the
+ % page number, and we want to fully expand that so we can get a link
+ % in pdf output.
+ \toksA = \expandafter{\csname XR#1-lof\endcsname}%
+ %
+ % use the same \entry macro we use to generate the TOC and index.
+ \edef\writeentry{\noexpand\entry{\the\toksA}{\csname XR#1-pg\endcsname}}%
+ \writeentry
+}}
+
+
+\message{localization,}
+
+% @documentlanguage is usually given very early, just after
+% @setfilename. If done too late, it may not override everything
+% properly. Single argument is the language abbreviation.
+% It would be nice if we could set up a hyphenation file here.
+%
+\parseargdef\documentlanguage{%
+ \tex % read txi-??.tex file in plain TeX.
+ % Read the file if it exists.
+ \openin 1 txi-#1.tex
+ \ifeof 1
+ \errhelp = \nolanghelp
+ \errmessage{Cannot read language file txi-#1.tex}%
+ \else
+ \input txi-#1.tex
+ \fi
+ \closein 1
+ \endgroup
+}
+\newhelp\nolanghelp{The given language definition file cannot be found or
+is empty. Maybe you need to install it? In the current directory
+should work if nowhere else does.}
+
+% Set the catcode of characters 128 through 255 to the specified number.
+%
+\def\setnonasciicharscatcode#1{%
+ \count255=128
+ \loop\ifnum\count255<256
+ \global\catcode\count255=#1
+ \advance\count255 by 1
+ \repeat
+}
+
+% @documentencoding sets the definition of non-ASCII characters
+% according to the specified encoding.
+%
+\parseargdef\documentencoding{%
+ % Encoding being declared for the document.
+ \def\declaredencoding{\csname #1.enc\endcsname}%
+ %
+ % Supported encodings: names converted to tokens in order to be able
+ % to compare them with \ifx.
+ \def\ascii{\csname US-ASCII.enc\endcsname}%
+ \def\latnine{\csname ISO-8859-15.enc\endcsname}%
+ \def\latone{\csname ISO-8859-1.enc\endcsname}%
+ \def\lattwo{\csname ISO-8859-2.enc\endcsname}%
+ \def\utfeight{\csname UTF-8.enc\endcsname}%
+ %
+ \ifx \declaredencoding \ascii
+ \asciichardefs
+ %
+ \else \ifx \declaredencoding \lattwo
+ \setnonasciicharscatcode\active
+ \lattwochardefs
+ %
+ \else \ifx \declaredencoding \latone
+ \setnonasciicharscatcode\active
+ \latonechardefs
+ %
+ \else \ifx \declaredencoding \latnine
+ \setnonasciicharscatcode\active
+ \latninechardefs
+ %
+ \else \ifx \declaredencoding \utfeight
+ \setnonasciicharscatcode\active
+ \utfeightchardefs
+ %
+ \else
+ \message{Unknown document encoding #1, ignoring.}%
+ %
+ \fi % utfeight
+ \fi % latnine
+ \fi % latone
+ \fi % lattwo
+ \fi % ascii
+}
+
+% A message to be logged when using a character that isn't available
+% the default font encoding (OT1).
+%
+\def\missingcharmsg#1{\message{Character missing in OT1 encoding: #1.}}
+
+% Take account of \c (plain) vs. \, (Texinfo) difference.
+\def\cedilla#1{\ifx\c\ptexc\c{#1}\else\,{#1}\fi}
+
+% First, make active non-ASCII characters in order for them to be
+% correctly categorized when TeX reads the replacement text of
+% macros containing the character definitions.
+\setnonasciicharscatcode\active
+%
+% Latin1 (ISO-8859-1) character definitions.
+\def\latonechardefs{%
+ \gdef^^a0{~}
+ \gdef^^a1{\exclamdown}
+ \gdef^^a2{\missingcharmsg{CENT SIGN}}
+ \gdef^^a3{{\pounds}}
+ \gdef^^a4{\missingcharmsg{CURRENCY SIGN}}
+ \gdef^^a5{\missingcharmsg{YEN SIGN}}
+ \gdef^^a6{\missingcharmsg{BROKEN BAR}}
+ \gdef^^a7{\S}
+ \gdef^^a8{\"{}}
+ \gdef^^a9{\copyright}
+ \gdef^^aa{\ordf}
+ \gdef^^ab{\missingcharmsg{LEFT-POINTING DOUBLE ANGLE QUOTATION MARK}}
+ \gdef^^ac{$\lnot$}
+ \gdef^^ad{\-}
+ \gdef^^ae{\registeredsymbol}
+ \gdef^^af{\={}}
+ %
+ \gdef^^b0{\textdegree}
+ \gdef^^b1{$\pm$}
+ \gdef^^b2{$^2$}
+ \gdef^^b3{$^3$}
+ \gdef^^b4{\'{}}
+ \gdef^^b5{$\mu$}
+ \gdef^^b6{\P}
+ %
+ \gdef^^b7{$^.$}
+ \gdef^^b8{\cedilla\ }
+ \gdef^^b9{$^1$}
+ \gdef^^ba{\ordm}
+ %
+ \gdef^^bb{\missingcharmsg{RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK}}
+ \gdef^^bc{$1\over4$}
+ \gdef^^bd{$1\over2$}
+ \gdef^^be{$3\over4$}
+ \gdef^^bf{\questiondown}
+ %
+ \gdef^^c0{\`A}
+ \gdef^^c1{\'A}
+ \gdef^^c2{\^A}
+ \gdef^^c3{\~A}
+ \gdef^^c4{\"A}
+ \gdef^^c5{\ringaccent A}
+ \gdef^^c6{\AE}
+ \gdef^^c7{\cedilla C}
+ \gdef^^c8{\`E}
+ \gdef^^c9{\'E}
+ \gdef^^ca{\^E}
+ \gdef^^cb{\"E}
+ \gdef^^cc{\`I}
+ \gdef^^cd{\'I}
+ \gdef^^ce{\^I}
+ \gdef^^cf{\"I}
+ %
+ \gdef^^d0{\missingcharmsg{LATIN CAPITAL LETTER ETH}}
+ \gdef^^d1{\~N}
+ \gdef^^d2{\`O}
+ \gdef^^d3{\'O}
+ \gdef^^d4{\^O}
+ \gdef^^d5{\~O}
+ \gdef^^d6{\"O}
+ \gdef^^d7{$\times$}
+ \gdef^^d8{\O}
+ \gdef^^d9{\`U}
+ \gdef^^da{\'U}
+ \gdef^^db{\^U}
+ \gdef^^dc{\"U}
+ \gdef^^dd{\'Y}
+ \gdef^^de{\missingcharmsg{LATIN CAPITAL LETTER THORN}}
+ \gdef^^df{\ss}
+ %
+ \gdef^^e0{\`a}
+ \gdef^^e1{\'a}
+ \gdef^^e2{\^a}
+ \gdef^^e3{\~a}
+ \gdef^^e4{\"a}
+ \gdef^^e5{\ringaccent a}
+ \gdef^^e6{\ae}
+ \gdef^^e7{\cedilla c}
+ \gdef^^e8{\`e}
+ \gdef^^e9{\'e}
+ \gdef^^ea{\^e}
+ \gdef^^eb{\"e}
+ \gdef^^ec{\`{\dotless i}}
+ \gdef^^ed{\'{\dotless i}}
+ \gdef^^ee{\^{\dotless i}}
+ \gdef^^ef{\"{\dotless i}}
+ %
+ \gdef^^f0{\missingcharmsg{LATIN SMALL LETTER ETH}}
+ \gdef^^f1{\~n}
+ \gdef^^f2{\`o}
+ \gdef^^f3{\'o}
+ \gdef^^f4{\^o}
+ \gdef^^f5{\~o}
+ \gdef^^f6{\"o}
+ \gdef^^f7{$\div$}
+ \gdef^^f8{\o}
+ \gdef^^f9{\`u}
+ \gdef^^fa{\'u}
+ \gdef^^fb{\^u}
+ \gdef^^fc{\"u}
+ \gdef^^fd{\'y}
+ \gdef^^fe{\missingcharmsg{LATIN SMALL LETTER THORN}}
+ \gdef^^ff{\"y}
+}
+
+% Latin9 (ISO-8859-15) encoding character definitions.
+\def\latninechardefs{%
+ % Encoding is almost identical to Latin1.
+ \latonechardefs
+ %
+ \gdef^^a4{\euro}
+ \gdef^^a6{\v S}
+ \gdef^^a8{\v s}
+ \gdef^^b4{\v Z}
+ \gdef^^b8{\v z}
+ \gdef^^bc{\OE}
+ \gdef^^bd{\oe}
+ \gdef^^be{\"Y}
+}
+
+% Latin2 (ISO-8859-2) character definitions.
+\def\lattwochardefs{%
+ \gdef^^a0{~}
+ \gdef^^a1{\missingcharmsg{LATIN CAPITAL LETTER A WITH OGONEK}}
+ \gdef^^a2{\u{}}
+ \gdef^^a3{\L}
+ \gdef^^a4{\missingcharmsg{CURRENCY SIGN}}
+ \gdef^^a5{\v L}
+ \gdef^^a6{\'S}
+ \gdef^^a7{\S}
+ \gdef^^a8{\"{}}
+ \gdef^^a9{\v S}
+ \gdef^^aa{\cedilla S}
+ \gdef^^ab{\v T}
+ \gdef^^ac{\'Z}
+ \gdef^^ad{\-}
+ \gdef^^ae{\v Z}
+ \gdef^^af{\dotaccent Z}
+ %
+ \gdef^^b0{\textdegree}
+ \gdef^^b1{\missingcharmsg{LATIN SMALL LETTER A WITH OGONEK}}
+ \gdef^^b2{\missingcharmsg{OGONEK}}
+ \gdef^^b3{\l}
+ \gdef^^b4{\'{}}
+ \gdef^^b5{\v l}
+ \gdef^^b6{\'s}
+ \gdef^^b7{\v{}}
+ \gdef^^b8{\cedilla\ }
+ \gdef^^b9{\v s}
+ \gdef^^ba{\cedilla s}
+ \gdef^^bb{\v t}
+ \gdef^^bc{\'z}
+ \gdef^^bd{\H{}}
+ \gdef^^be{\v z}
+ \gdef^^bf{\dotaccent z}
+ %
+ \gdef^^c0{\'R}
+ \gdef^^c1{\'A}
+ \gdef^^c2{\^A}
+ \gdef^^c3{\u A}
+ \gdef^^c4{\"A}
+ \gdef^^c5{\'L}
+ \gdef^^c6{\'C}
+ \gdef^^c7{\cedilla C}
+ \gdef^^c8{\v C}
+ \gdef^^c9{\'E}
+ \gdef^^ca{\missingcharmsg{LATIN CAPITAL LETTER E WITH OGONEK}}
+ \gdef^^cb{\"E}
+ \gdef^^cc{\v E}
+ \gdef^^cd{\'I}
+ \gdef^^ce{\^I}
+ \gdef^^cf{\v D}
+ %
+ \gdef^^d0{\missingcharmsg{LATIN CAPITAL LETTER D WITH STROKE}}
+ \gdef^^d1{\'N}
+ \gdef^^d2{\v N}
+ \gdef^^d3{\'O}
+ \gdef^^d4{\^O}
+ \gdef^^d5{\H O}
+ \gdef^^d6{\"O}
+ \gdef^^d7{$\times$}
+ \gdef^^d8{\v R}
+ \gdef^^d9{\ringaccent U}
+ \gdef^^da{\'U}
+ \gdef^^db{\H U}
+ \gdef^^dc{\"U}
+ \gdef^^dd{\'Y}
+ \gdef^^de{\cedilla T}
+ \gdef^^df{\ss}
+ %
+ \gdef^^e0{\'r}
+ \gdef^^e1{\'a}
+ \gdef^^e2{\^a}
+ \gdef^^e3{\u a}
+ \gdef^^e4{\"a}
+ \gdef^^e5{\'l}
+ \gdef^^e6{\'c}
+ \gdef^^e7{\cedilla c}
+ \gdef^^e8{\v c}
+ \gdef^^e9{\'e}
+ \gdef^^ea{\missingcharmsg{LATIN SMALL LETTER E WITH OGONEK}}
+ \gdef^^eb{\"e}
+ \gdef^^ec{\v e}
+ \gdef^^ed{\'\i}
+ \gdef^^ee{\^\i}
+ \gdef^^ef{\v d}
+ %
+ \gdef^^f0{\missingcharmsg{LATIN SMALL LETTER D WITH STROKE}}
+ \gdef^^f1{\'n}
+ \gdef^^f2{\v n}
+ \gdef^^f3{\'o}
+ \gdef^^f4{\^o}
+ \gdef^^f5{\H o}
+ \gdef^^f6{\"o}
+ \gdef^^f7{$\div$}
+ \gdef^^f8{\v r}
+ \gdef^^f9{\ringaccent u}
+ \gdef^^fa{\'u}
+ \gdef^^fb{\H u}
+ \gdef^^fc{\"u}
+ \gdef^^fd{\'y}
+ \gdef^^fe{\cedilla t}
+ \gdef^^ff{\dotaccent{}}
+}
+
+% UTF-8 character definitions.
+%
+% This code to support UTF-8 is based on LaTeX's utf8.def, with some
+% changes for Texinfo conventions. It is included here under the GPL by
+% permission from Frank Mittelbach and the LaTeX team.
+%
+\newcount\countUTFx
+\newcount\countUTFy
+\newcount\countUTFz
+
+\gdef\UTFviiiTwoOctets#1#2{\expandafter
+ \UTFviiiDefined\csname u8:#1\string #2\endcsname}
+%
+\gdef\UTFviiiThreeOctets#1#2#3{\expandafter
+ \UTFviiiDefined\csname u8:#1\string #2\string #3\endcsname}
+%
+\gdef\UTFviiiFourOctets#1#2#3#4{\expandafter
+ \UTFviiiDefined\csname u8:#1\string #2\string #3\string #4\endcsname}
+
+\gdef\UTFviiiDefined#1{%
+ \ifx #1\relax
+ \message{\linenumber Unicode char \string #1 not defined for Texinfo}%
+ \else
+ \expandafter #1%
+ \fi
+}
+
+\begingroup
+ \catcode`\~13
+ \catcode`\"12
+
+ \def\UTFviiiLoop{%
+ \global\catcode\countUTFx\active
+ \uccode`\~\countUTFx
+ \uppercase\expandafter{\UTFviiiTmp}%
+ \advance\countUTFx by 1
+ \ifnum\countUTFx < \countUTFy
+ \expandafter\UTFviiiLoop
+ \fi}
+
+ \countUTFx = "C2
+ \countUTFy = "E0
+ \def\UTFviiiTmp{%
+ \xdef~{\noexpand\UTFviiiTwoOctets\string~}}
+ \UTFviiiLoop
+
+ \countUTFx = "E0
+ \countUTFy = "F0
+ \def\UTFviiiTmp{%
+ \xdef~{\noexpand\UTFviiiThreeOctets\string~}}
+ \UTFviiiLoop
+
+ \countUTFx = "F0
+ \countUTFy = "F4
+ \def\UTFviiiTmp{%
+ \xdef~{\noexpand\UTFviiiFourOctets\string~}}
+ \UTFviiiLoop
+\endgroup
+
+\begingroup
+ \catcode`\"=12
+ \catcode`\<=12
+ \catcode`\.=12
+ \catcode`\,=12
+ \catcode`\;=12
+ \catcode`\!=12
+ \catcode`\~=13
+
+ \gdef\DeclareUnicodeCharacter#1#2{%
+ \countUTFz = "#1\relax
+ \wlog{\space\space defining Unicode char U+#1 (decimal \the\countUTFz)}%
+ \begingroup
+ \parseXMLCharref
+ \def\UTFviiiTwoOctets##1##2{%
+ \csname u8:##1\string ##2\endcsname}%
+ \def\UTFviiiThreeOctets##1##2##3{%
+ \csname u8:##1\string ##2\string ##3\endcsname}%
+ \def\UTFviiiFourOctets##1##2##3##4{%
+ \csname u8:##1\string ##2\string ##3\string ##4\endcsname}%
+ \expandafter\expandafter\expandafter\expandafter
+ \expandafter\expandafter\expandafter
+ \gdef\UTFviiiTmp{#2}%
+ \endgroup}
+
+ \gdef\parseXMLCharref{%
+ \ifnum\countUTFz < "A0\relax
+ \errhelp = \EMsimple
+ \errmessage{Cannot define Unicode char value < 00A0}%
+ \else\ifnum\countUTFz < "800\relax
+ \parseUTFviiiA,%
+ \parseUTFviiiB C\UTFviiiTwoOctets.,%
+ \else\ifnum\countUTFz < "10000\relax
+ \parseUTFviiiA;%
+ \parseUTFviiiA,%
+ \parseUTFviiiB E\UTFviiiThreeOctets.{,;}%
+ \else
+ \parseUTFviiiA;%
+ \parseUTFviiiA,%
+ \parseUTFviiiA!%
+ \parseUTFviiiB F\UTFviiiFourOctets.{!,;}%
+ \fi\fi\fi
+ }
+
+ \gdef\parseUTFviiiA#1{%
+ \countUTFx = \countUTFz
+ \divide\countUTFz by 64
+ \countUTFy = \countUTFz
+ \multiply\countUTFz by 64
+ \advance\countUTFx by -\countUTFz
+ \advance\countUTFx by 128
+ \uccode `#1\countUTFx
+ \countUTFz = \countUTFy}
+
+ \gdef\parseUTFviiiB#1#2#3#4{%
+ \advance\countUTFz by "#10\relax
+ \uccode `#3\countUTFz
+ \uppercase{\gdef\UTFviiiTmp{#2#3#4}}}
+\endgroup
+
+\def\utfeightchardefs{%
+ \DeclareUnicodeCharacter{00A0}{\tie}
+ \DeclareUnicodeCharacter{00A1}{\exclamdown}
+ \DeclareUnicodeCharacter{00A3}{\pounds}
+ \DeclareUnicodeCharacter{00A8}{\"{ }}
+ \DeclareUnicodeCharacter{00A9}{\copyright}
+ \DeclareUnicodeCharacter{00AA}{\ordf}
+ \DeclareUnicodeCharacter{00AD}{\-}
+ \DeclareUnicodeCharacter{00AE}{\registeredsymbol}
+ \DeclareUnicodeCharacter{00AF}{\={ }}
+
+ \DeclareUnicodeCharacter{00B0}{\ringaccent{ }}
+ \DeclareUnicodeCharacter{00B4}{\'{ }}
+ \DeclareUnicodeCharacter{00B8}{\cedilla{ }}
+ \DeclareUnicodeCharacter{00BA}{\ordm}
+ \DeclareUnicodeCharacter{00BF}{\questiondown}
+
+ \DeclareUnicodeCharacter{00C0}{\`A}
+ \DeclareUnicodeCharacter{00C1}{\'A}
+ \DeclareUnicodeCharacter{00C2}{\^A}
+ \DeclareUnicodeCharacter{00C3}{\~A}
+ \DeclareUnicodeCharacter{00C4}{\"A}
+ \DeclareUnicodeCharacter{00C5}{\AA}
+ \DeclareUnicodeCharacter{00C6}{\AE}
+ \DeclareUnicodeCharacter{00C7}{\cedilla{C}}
+ \DeclareUnicodeCharacter{00C8}{\`E}
+ \DeclareUnicodeCharacter{00C9}{\'E}
+ \DeclareUnicodeCharacter{00CA}{\^E}
+ \DeclareUnicodeCharacter{00CB}{\"E}
+ \DeclareUnicodeCharacter{00CC}{\`I}
+ \DeclareUnicodeCharacter{00CD}{\'I}
+ \DeclareUnicodeCharacter{00CE}{\^I}
+ \DeclareUnicodeCharacter{00CF}{\"I}
+
+ \DeclareUnicodeCharacter{00D1}{\~N}
+ \DeclareUnicodeCharacter{00D2}{\`O}
+ \DeclareUnicodeCharacter{00D3}{\'O}
+ \DeclareUnicodeCharacter{00D4}{\^O}
+ \DeclareUnicodeCharacter{00D5}{\~O}
+ \DeclareUnicodeCharacter{00D6}{\"O}
+ \DeclareUnicodeCharacter{00D8}{\O}
+ \DeclareUnicodeCharacter{00D9}{\`U}
+ \DeclareUnicodeCharacter{00DA}{\'U}
+ \DeclareUnicodeCharacter{00DB}{\^U}
+ \DeclareUnicodeCharacter{00DC}{\"U}
+ \DeclareUnicodeCharacter{00DD}{\'Y}
+ \DeclareUnicodeCharacter{00DF}{\ss}
+
+ \DeclareUnicodeCharacter{00E0}{\`a}
+ \DeclareUnicodeCharacter{00E1}{\'a}
+ \DeclareUnicodeCharacter{00E2}{\^a}
+ \DeclareUnicodeCharacter{00E3}{\~a}
+ \DeclareUnicodeCharacter{00E4}{\"a}
+ \DeclareUnicodeCharacter{00E5}{\aa}
+ \DeclareUnicodeCharacter{00E6}{\ae}
+ \DeclareUnicodeCharacter{00E7}{\cedilla{c}}
+ \DeclareUnicodeCharacter{00E8}{\`e}
+ \DeclareUnicodeCharacter{00E9}{\'e}
+ \DeclareUnicodeCharacter{00EA}{\^e}
+ \DeclareUnicodeCharacter{00EB}{\"e}
+ \DeclareUnicodeCharacter{00EC}{\`{\dotless{i}}}
+ \DeclareUnicodeCharacter{00ED}{\'{\dotless{i}}}
+ \DeclareUnicodeCharacter{00EE}{\^{\dotless{i}}}
+ \DeclareUnicodeCharacter{00EF}{\"{\dotless{i}}}
+
+ \DeclareUnicodeCharacter{00F1}{\~n}
+ \DeclareUnicodeCharacter{00F2}{\`o}
+ \DeclareUnicodeCharacter{00F3}{\'o}
+ \DeclareUnicodeCharacter{00F4}{\^o}
+ \DeclareUnicodeCharacter{00F5}{\~o}
+ \DeclareUnicodeCharacter{00F6}{\"o}
+ \DeclareUnicodeCharacter{00F8}{\o}
+ \DeclareUnicodeCharacter{00F9}{\`u}
+ \DeclareUnicodeCharacter{00FA}{\'u}
+ \DeclareUnicodeCharacter{00FB}{\^u}
+ \DeclareUnicodeCharacter{00FC}{\"u}
+ \DeclareUnicodeCharacter{00FD}{\'y}
+ \DeclareUnicodeCharacter{00FF}{\"y}
+
+ \DeclareUnicodeCharacter{0100}{\=A}
+ \DeclareUnicodeCharacter{0101}{\=a}
+ \DeclareUnicodeCharacter{0102}{\u{A}}
+ \DeclareUnicodeCharacter{0103}{\u{a}}
+ \DeclareUnicodeCharacter{0106}{\'C}
+ \DeclareUnicodeCharacter{0107}{\'c}
+ \DeclareUnicodeCharacter{0108}{\^C}
+ \DeclareUnicodeCharacter{0109}{\^c}
+ \DeclareUnicodeCharacter{010A}{\dotaccent{C}}
+ \DeclareUnicodeCharacter{010B}{\dotaccent{c}}
+ \DeclareUnicodeCharacter{010C}{\v{C}}
+ \DeclareUnicodeCharacter{010D}{\v{c}}
+ \DeclareUnicodeCharacter{010E}{\v{D}}
+
+ \DeclareUnicodeCharacter{0112}{\=E}
+ \DeclareUnicodeCharacter{0113}{\=e}
+ \DeclareUnicodeCharacter{0114}{\u{E}}
+ \DeclareUnicodeCharacter{0115}{\u{e}}
+ \DeclareUnicodeCharacter{0116}{\dotaccent{E}}
+ \DeclareUnicodeCharacter{0117}{\dotaccent{e}}
+ \DeclareUnicodeCharacter{011A}{\v{E}}
+ \DeclareUnicodeCharacter{011B}{\v{e}}
+ \DeclareUnicodeCharacter{011C}{\^G}
+ \DeclareUnicodeCharacter{011D}{\^g}
+ \DeclareUnicodeCharacter{011E}{\u{G}}
+ \DeclareUnicodeCharacter{011F}{\u{g}}
+
+ \DeclareUnicodeCharacter{0120}{\dotaccent{G}}
+ \DeclareUnicodeCharacter{0121}{\dotaccent{g}}
+ \DeclareUnicodeCharacter{0124}{\^H}
+ \DeclareUnicodeCharacter{0125}{\^h}
+ \DeclareUnicodeCharacter{0128}{\~I}
+ \DeclareUnicodeCharacter{0129}{\~{\dotless{i}}}
+ \DeclareUnicodeCharacter{012A}{\=I}
+ \DeclareUnicodeCharacter{012B}{\={\dotless{i}}}
+ \DeclareUnicodeCharacter{012C}{\u{I}}
+ \DeclareUnicodeCharacter{012D}{\u{\dotless{i}}}
+
+ \DeclareUnicodeCharacter{0130}{\dotaccent{I}}
+ \DeclareUnicodeCharacter{0131}{\dotless{i}}
+ \DeclareUnicodeCharacter{0132}{IJ}
+ \DeclareUnicodeCharacter{0133}{ij}
+ \DeclareUnicodeCharacter{0134}{\^J}
+ \DeclareUnicodeCharacter{0135}{\^{\dotless{j}}}
+ \DeclareUnicodeCharacter{0139}{\'L}
+ \DeclareUnicodeCharacter{013A}{\'l}
+
+ \DeclareUnicodeCharacter{0141}{\L}
+ \DeclareUnicodeCharacter{0142}{\l}
+ \DeclareUnicodeCharacter{0143}{\'N}
+ \DeclareUnicodeCharacter{0144}{\'n}
+ \DeclareUnicodeCharacter{0147}{\v{N}}
+ \DeclareUnicodeCharacter{0148}{\v{n}}
+ \DeclareUnicodeCharacter{014C}{\=O}
+ \DeclareUnicodeCharacter{014D}{\=o}
+ \DeclareUnicodeCharacter{014E}{\u{O}}
+ \DeclareUnicodeCharacter{014F}{\u{o}}
+
+ \DeclareUnicodeCharacter{0150}{\H{O}}
+ \DeclareUnicodeCharacter{0151}{\H{o}}
+ \DeclareUnicodeCharacter{0152}{\OE}
+ \DeclareUnicodeCharacter{0153}{\oe}
+ \DeclareUnicodeCharacter{0154}{\'R}
+ \DeclareUnicodeCharacter{0155}{\'r}
+ \DeclareUnicodeCharacter{0158}{\v{R}}
+ \DeclareUnicodeCharacter{0159}{\v{r}}
+ \DeclareUnicodeCharacter{015A}{\'S}
+ \DeclareUnicodeCharacter{015B}{\'s}
+ \DeclareUnicodeCharacter{015C}{\^S}
+ \DeclareUnicodeCharacter{015D}{\^s}
+ \DeclareUnicodeCharacter{015E}{\cedilla{S}}
+ \DeclareUnicodeCharacter{015F}{\cedilla{s}}
+
+ \DeclareUnicodeCharacter{0160}{\v{S}}
+ \DeclareUnicodeCharacter{0161}{\v{s}}
+ \DeclareUnicodeCharacter{0162}{\cedilla{t}}
+ \DeclareUnicodeCharacter{0163}{\cedilla{T}}
+ \DeclareUnicodeCharacter{0164}{\v{T}}
+
+ \DeclareUnicodeCharacter{0168}{\~U}
+ \DeclareUnicodeCharacter{0169}{\~u}
+ \DeclareUnicodeCharacter{016A}{\=U}
+ \DeclareUnicodeCharacter{016B}{\=u}
+ \DeclareUnicodeCharacter{016C}{\u{U}}
+ \DeclareUnicodeCharacter{016D}{\u{u}}
+ \DeclareUnicodeCharacter{016E}{\ringaccent{U}}
+ \DeclareUnicodeCharacter{016F}{\ringaccent{u}}
+
+ \DeclareUnicodeCharacter{0170}{\H{U}}
+ \DeclareUnicodeCharacter{0171}{\H{u}}
+ \DeclareUnicodeCharacter{0174}{\^W}
+ \DeclareUnicodeCharacter{0175}{\^w}
+ \DeclareUnicodeCharacter{0176}{\^Y}
+ \DeclareUnicodeCharacter{0177}{\^y}
+ \DeclareUnicodeCharacter{0178}{\"Y}
+ \DeclareUnicodeCharacter{0179}{\'Z}
+ \DeclareUnicodeCharacter{017A}{\'z}
+ \DeclareUnicodeCharacter{017B}{\dotaccent{Z}}
+ \DeclareUnicodeCharacter{017C}{\dotaccent{z}}
+ \DeclareUnicodeCharacter{017D}{\v{Z}}
+ \DeclareUnicodeCharacter{017E}{\v{z}}
+
+ \DeclareUnicodeCharacter{01C4}{D\v{Z}}
+ \DeclareUnicodeCharacter{01C5}{D\v{z}}
+ \DeclareUnicodeCharacter{01C6}{d\v{z}}
+ \DeclareUnicodeCharacter{01C7}{LJ}
+ \DeclareUnicodeCharacter{01C8}{Lj}
+ \DeclareUnicodeCharacter{01C9}{lj}
+ \DeclareUnicodeCharacter{01CA}{NJ}
+ \DeclareUnicodeCharacter{01CB}{Nj}
+ \DeclareUnicodeCharacter{01CC}{nj}
+ \DeclareUnicodeCharacter{01CD}{\v{A}}
+ \DeclareUnicodeCharacter{01CE}{\v{a}}
+ \DeclareUnicodeCharacter{01CF}{\v{I}}
+
+ \DeclareUnicodeCharacter{01D0}{\v{\dotless{i}}}
+ \DeclareUnicodeCharacter{01D1}{\v{O}}
+ \DeclareUnicodeCharacter{01D2}{\v{o}}
+ \DeclareUnicodeCharacter{01D3}{\v{U}}
+ \DeclareUnicodeCharacter{01D4}{\v{u}}
+
+ \DeclareUnicodeCharacter{01E2}{\={\AE}}
+ \DeclareUnicodeCharacter{01E3}{\={\ae}}
+ \DeclareUnicodeCharacter{01E6}{\v{G}}
+ \DeclareUnicodeCharacter{01E7}{\v{g}}
+ \DeclareUnicodeCharacter{01E8}{\v{K}}
+ \DeclareUnicodeCharacter{01E9}{\v{k}}
+
+ \DeclareUnicodeCharacter{01F0}{\v{\dotless{j}}}
+ \DeclareUnicodeCharacter{01F1}{DZ}
+ \DeclareUnicodeCharacter{01F2}{Dz}
+ \DeclareUnicodeCharacter{01F3}{dz}
+ \DeclareUnicodeCharacter{01F4}{\'G}
+ \DeclareUnicodeCharacter{01F5}{\'g}
+ \DeclareUnicodeCharacter{01F8}{\`N}
+ \DeclareUnicodeCharacter{01F9}{\`n}
+ \DeclareUnicodeCharacter{01FC}{\'{\AE}}
+ \DeclareUnicodeCharacter{01FD}{\'{\ae}}
+ \DeclareUnicodeCharacter{01FE}{\'{\O}}
+ \DeclareUnicodeCharacter{01FF}{\'{\o}}
+
+ \DeclareUnicodeCharacter{021E}{\v{H}}
+ \DeclareUnicodeCharacter{021F}{\v{h}}
+
+ \DeclareUnicodeCharacter{0226}{\dotaccent{A}}
+ \DeclareUnicodeCharacter{0227}{\dotaccent{a}}
+ \DeclareUnicodeCharacter{0228}{\cedilla{E}}
+ \DeclareUnicodeCharacter{0229}{\cedilla{e}}
+ \DeclareUnicodeCharacter{022E}{\dotaccent{O}}
+ \DeclareUnicodeCharacter{022F}{\dotaccent{o}}
+
+ \DeclareUnicodeCharacter{0232}{\=Y}
+ \DeclareUnicodeCharacter{0233}{\=y}
+ \DeclareUnicodeCharacter{0237}{\dotless{j}}
+
+ \DeclareUnicodeCharacter{1E02}{\dotaccent{B}}
+ \DeclareUnicodeCharacter{1E03}{\dotaccent{b}}
+ \DeclareUnicodeCharacter{1E04}{\udotaccent{B}}
+ \DeclareUnicodeCharacter{1E05}{\udotaccent{b}}
+ \DeclareUnicodeCharacter{1E06}{\ubaraccent{B}}
+ \DeclareUnicodeCharacter{1E07}{\ubaraccent{b}}
+ \DeclareUnicodeCharacter{1E0A}{\dotaccent{D}}
+ \DeclareUnicodeCharacter{1E0B}{\dotaccent{d}}
+ \DeclareUnicodeCharacter{1E0C}{\udotaccent{D}}
+ \DeclareUnicodeCharacter{1E0D}{\udotaccent{d}}
+ \DeclareUnicodeCharacter{1E0E}{\ubaraccent{D}}
+ \DeclareUnicodeCharacter{1E0F}{\ubaraccent{d}}
+
+ \DeclareUnicodeCharacter{1E1E}{\dotaccent{F}}
+ \DeclareUnicodeCharacter{1E1F}{\dotaccent{f}}
+
+ \DeclareUnicodeCharacter{1E20}{\=G}
+ \DeclareUnicodeCharacter{1E21}{\=g}
+ \DeclareUnicodeCharacter{1E22}{\dotaccent{H}}
+ \DeclareUnicodeCharacter{1E23}{\dotaccent{h}}
+ \DeclareUnicodeCharacter{1E24}{\udotaccent{H}}
+ \DeclareUnicodeCharacter{1E25}{\udotaccent{h}}
+ \DeclareUnicodeCharacter{1E26}{\"H}
+ \DeclareUnicodeCharacter{1E27}{\"h}
+
+ \DeclareUnicodeCharacter{1E30}{\'K}
+ \DeclareUnicodeCharacter{1E31}{\'k}
+ \DeclareUnicodeCharacter{1E32}{\udotaccent{K}}
+ \DeclareUnicodeCharacter{1E33}{\udotaccent{k}}
+ \DeclareUnicodeCharacter{1E34}{\ubaraccent{K}}
+ \DeclareUnicodeCharacter{1E35}{\ubaraccent{k}}
+ \DeclareUnicodeCharacter{1E36}{\udotaccent{L}}
+ \DeclareUnicodeCharacter{1E37}{\udotaccent{l}}
+ \DeclareUnicodeCharacter{1E3A}{\ubaraccent{L}}
+ \DeclareUnicodeCharacter{1E3B}{\ubaraccent{l}}
+ \DeclareUnicodeCharacter{1E3E}{\'M}
+ \DeclareUnicodeCharacter{1E3F}{\'m}
+
+ \DeclareUnicodeCharacter{1E40}{\dotaccent{M}}
+ \DeclareUnicodeCharacter{1E41}{\dotaccent{m}}
+ \DeclareUnicodeCharacter{1E42}{\udotaccent{M}}
+ \DeclareUnicodeCharacter{1E43}{\udotaccent{m}}
+ \DeclareUnicodeCharacter{1E44}{\dotaccent{N}}
+ \DeclareUnicodeCharacter{1E45}{\dotaccent{n}}
+ \DeclareUnicodeCharacter{1E46}{\udotaccent{N}}
+ \DeclareUnicodeCharacter{1E47}{\udotaccent{n}}
+ \DeclareUnicodeCharacter{1E48}{\ubaraccent{N}}
+ \DeclareUnicodeCharacter{1E49}{\ubaraccent{n}}
+
+ \DeclareUnicodeCharacter{1E54}{\'P}
+ \DeclareUnicodeCharacter{1E55}{\'p}
+ \DeclareUnicodeCharacter{1E56}{\dotaccent{P}}
+ \DeclareUnicodeCharacter{1E57}{\dotaccent{p}}
+ \DeclareUnicodeCharacter{1E58}{\dotaccent{R}}
+ \DeclareUnicodeCharacter{1E59}{\dotaccent{r}}
+ \DeclareUnicodeCharacter{1E5A}{\udotaccent{R}}
+ \DeclareUnicodeCharacter{1E5B}{\udotaccent{r}}
+ \DeclareUnicodeCharacter{1E5E}{\ubaraccent{R}}
+ \DeclareUnicodeCharacter{1E5F}{\ubaraccent{r}}
+
+ \DeclareUnicodeCharacter{1E60}{\dotaccent{S}}
+ \DeclareUnicodeCharacter{1E61}{\dotaccent{s}}
+ \DeclareUnicodeCharacter{1E62}{\udotaccent{S}}
+ \DeclareUnicodeCharacter{1E63}{\udotaccent{s}}
+ \DeclareUnicodeCharacter{1E6A}{\dotaccent{T}}
+ \DeclareUnicodeCharacter{1E6B}{\dotaccent{t}}
+ \DeclareUnicodeCharacter{1E6C}{\udotaccent{T}}
+ \DeclareUnicodeCharacter{1E6D}{\udotaccent{t}}
+ \DeclareUnicodeCharacter{1E6E}{\ubaraccent{T}}
+ \DeclareUnicodeCharacter{1E6F}{\ubaraccent{t}}
+
+ \DeclareUnicodeCharacter{1E7C}{\~V}
+ \DeclareUnicodeCharacter{1E7D}{\~v}
+ \DeclareUnicodeCharacter{1E7E}{\udotaccent{V}}
+ \DeclareUnicodeCharacter{1E7F}{\udotaccent{v}}
+
+ \DeclareUnicodeCharacter{1E80}{\`W}
+ \DeclareUnicodeCharacter{1E81}{\`w}
+ \DeclareUnicodeCharacter{1E82}{\'W}
+ \DeclareUnicodeCharacter{1E83}{\'w}
+ \DeclareUnicodeCharacter{1E84}{\"W}
+ \DeclareUnicodeCharacter{1E85}{\"w}
+ \DeclareUnicodeCharacter{1E86}{\dotaccent{W}}
+ \DeclareUnicodeCharacter{1E87}{\dotaccent{w}}
+ \DeclareUnicodeCharacter{1E88}{\udotaccent{W}}
+ \DeclareUnicodeCharacter{1E89}{\udotaccent{w}}
+ \DeclareUnicodeCharacter{1E8A}{\dotaccent{X}}
+ \DeclareUnicodeCharacter{1E8B}{\dotaccent{x}}
+ \DeclareUnicodeCharacter{1E8C}{\"X}
+ \DeclareUnicodeCharacter{1E8D}{\"x}
+ \DeclareUnicodeCharacter{1E8E}{\dotaccent{Y}}
+ \DeclareUnicodeCharacter{1E8F}{\dotaccent{y}}
+
+ \DeclareUnicodeCharacter{1E90}{\^Z}
+ \DeclareUnicodeCharacter{1E91}{\^z}
+ \DeclareUnicodeCharacter{1E92}{\udotaccent{Z}}
+ \DeclareUnicodeCharacter{1E93}{\udotaccent{z}}
+ \DeclareUnicodeCharacter{1E94}{\ubaraccent{Z}}
+ \DeclareUnicodeCharacter{1E95}{\ubaraccent{z}}
+ \DeclareUnicodeCharacter{1E96}{\ubaraccent{h}}
+ \DeclareUnicodeCharacter{1E97}{\"t}
+ \DeclareUnicodeCharacter{1E98}{\ringaccent{w}}
+ \DeclareUnicodeCharacter{1E99}{\ringaccent{y}}
+
+ \DeclareUnicodeCharacter{1EA0}{\udotaccent{A}}
+ \DeclareUnicodeCharacter{1EA1}{\udotaccent{a}}
+
+ \DeclareUnicodeCharacter{1EB8}{\udotaccent{E}}
+ \DeclareUnicodeCharacter{1EB9}{\udotaccent{e}}
+ \DeclareUnicodeCharacter{1EBC}{\~E}
+ \DeclareUnicodeCharacter{1EBD}{\~e}
+
+ \DeclareUnicodeCharacter{1ECA}{\udotaccent{I}}
+ \DeclareUnicodeCharacter{1ECB}{\udotaccent{i}}
+ \DeclareUnicodeCharacter{1ECC}{\udotaccent{O}}
+ \DeclareUnicodeCharacter{1ECD}{\udotaccent{o}}
+
+ \DeclareUnicodeCharacter{1EE4}{\udotaccent{U}}
+ \DeclareUnicodeCharacter{1EE5}{\udotaccent{u}}
+
+ \DeclareUnicodeCharacter{1EF2}{\`Y}
+ \DeclareUnicodeCharacter{1EF3}{\`y}
+ \DeclareUnicodeCharacter{1EF4}{\udotaccent{Y}}
+
+ \DeclareUnicodeCharacter{1EF8}{\~Y}
+ \DeclareUnicodeCharacter{1EF9}{\~y}
+
+ \DeclareUnicodeCharacter{2013}{--}
+ \DeclareUnicodeCharacter{2014}{---}
+ \DeclareUnicodeCharacter{2022}{\bullet}
+ \DeclareUnicodeCharacter{2026}{\dots}
+ \DeclareUnicodeCharacter{20AC}{\euro}
+
+ \DeclareUnicodeCharacter{2192}{\expansion}
+ \DeclareUnicodeCharacter{21D2}{\result}
+
+ \DeclareUnicodeCharacter{2212}{\minus}
+ \DeclareUnicodeCharacter{2217}{\point}
+ \DeclareUnicodeCharacter{2261}{\equiv}
+}% end of \utfeightchardefs
+
+
+% US-ASCII character definitions.
+\def\asciichardefs{% nothing need be done
+ \relax
+}
+
+% Make non-ASCII characters printable again for compatibility with
+% existing Texinfo documents that may use them, even without declaring a
+% document encoding.
+%
+\setnonasciicharscatcode \other
+
+
+\message{formatting,}
+
+\newdimen\defaultparindent \defaultparindent = 15pt
+
+\chapheadingskip = 15pt plus 4pt minus 2pt
+\secheadingskip = 12pt plus 3pt minus 2pt
+\subsecheadingskip = 9pt plus 2pt minus 2pt
+
+% Prevent underfull vbox error messages.
+\vbadness = 10000
+
+% Don't be so finicky about underfull hboxes, either.
+\hbadness = 2000
+
+% Following George Bush, just get rid of widows and orphans.
+\widowpenalty=10000
+\clubpenalty=10000
+
+% Use TeX 3.0's \emergencystretch to help line breaking, but if we're
+% using an old version of TeX, don't do anything. We want the amount of
+% stretch added to depend on the line length, hence the dependence on
+% \hsize. We call this whenever the paper size is set.
+%
+\def\setemergencystretch{%
+ \ifx\emergencystretch\thisisundefined
+ % Allow us to assign to \emergencystretch anyway.
+ \def\emergencystretch{\dimen0}%
+ \else
+ \emergencystretch = .15\hsize
+ \fi
+}
+
+% Parameters in order: 1) textheight; 2) textwidth;
+% 3) voffset; 4) hoffset; 5) binding offset; 6) topskip;
+% 7) physical page height; 8) physical page width.
+%
+% We also call \setleading{\textleading}, so the caller should define
+% \textleading. The caller should also set \parskip.
+%
+\def\internalpagesizes#1#2#3#4#5#6#7#8{%
+ \voffset = #3\relax
+ \topskip = #6\relax
+ \splittopskip = \topskip
+ %
+ \vsize = #1\relax
+ \advance\vsize by \topskip
+ \outervsize = \vsize
+ \advance\outervsize by 2\topandbottommargin
+ \pageheight = \vsize
+ %
+ \hsize = #2\relax
+ \outerhsize = \hsize
+ \advance\outerhsize by 0.5in
+ \pagewidth = \hsize
+ %
+ \normaloffset = #4\relax
+ \bindingoffset = #5\relax
+ %
+ \ifpdf
+ \pdfpageheight #7\relax
+ \pdfpagewidth #8\relax
+ \fi
+ %
+ \setleading{\textleading}
+ %
+ \parindent = \defaultparindent
+ \setemergencystretch
+}
+
+% @letterpaper (the default).
+\def\letterpaper{{\globaldefs = 1
+ \parskip = 3pt plus 2pt minus 1pt
+ \textleading = 13.2pt
+ %
+ % If page is nothing but text, make it come out even.
+ \internalpagesizes{46\baselineskip}{6in}%
+ {\voffset}{.25in}%
+ {\bindingoffset}{36pt}%
+ {11in}{8.5in}%
+}}
+
+% Use @smallbook to reset parameters for 7x9.25 trim size.
+\def\smallbook{{\globaldefs = 1
+ \parskip = 2pt plus 1pt
+ \textleading = 12pt
+ %
+ \internalpagesizes{7.5in}{5in}%
+ {\voffset}{.25in}%
+ {\bindingoffset}{16pt}%
+ {9.25in}{7in}%
+ %
+ \lispnarrowing = 0.3in
+ \tolerance = 700
+ \hfuzz = 1pt
+ \contentsrightmargin = 0pt
+ \defbodyindent = .5cm
+}}
+
+% Use @smallerbook to reset parameters for 6x9 trim size.
+% (Just testing, parameters still in flux.)
+\def\smallerbook{{\globaldefs = 1
+ \parskip = 1.5pt plus 1pt
+ \textleading = 12pt
+ %
+ \internalpagesizes{7.4in}{4.8in}%
+ {-.2in}{-.4in}%
+ {0pt}{14pt}%
+ {9in}{6in}%
+ %
+ \lispnarrowing = 0.25in
+ \tolerance = 700
+ \hfuzz = 1pt
+ \contentsrightmargin = 0pt
+ \defbodyindent = .4cm
+}}
+
+% Use @afourpaper to print on European A4 paper.
+\def\afourpaper{{\globaldefs = 1
+ \parskip = 3pt plus 2pt minus 1pt
+ \textleading = 13.2pt
+ %
+ % Double-side printing via postscript on Laserjet 4050
+ % prints double-sided nicely when \bindingoffset=10mm and \hoffset=-6mm.
+ % To change the settings for a different printer or situation, adjust
+ % \normaloffset until the front-side and back-side texts align. Then
+ % do the same for \bindingoffset. You can set these for testing in
+ % your texinfo source file like this:
+ % @tex
+ % \global\normaloffset = -6mm
+ % \global\bindingoffset = 10mm
+ % @end tex
+ \internalpagesizes{51\baselineskip}{160mm}
+ {\voffset}{\hoffset}%
+ {\bindingoffset}{44pt}%
+ {297mm}{210mm}%
+ %
+ \tolerance = 700
+ \hfuzz = 1pt
+ \contentsrightmargin = 0pt
+ \defbodyindent = 5mm
+}}
+
+% Use @afivepaper to print on European A5 paper.
+% From romildo@urano.iceb.ufop.br, 2 July 2000.
+% He also recommends making @example and @lisp be small.
+\def\afivepaper{{\globaldefs = 1
+ \parskip = 2pt plus 1pt minus 0.1pt
+ \textleading = 12.5pt
+ %
+ \internalpagesizes{160mm}{120mm}%
+ {\voffset}{\hoffset}%
+ {\bindingoffset}{8pt}%
+ {210mm}{148mm}%
+ %
+ \lispnarrowing = 0.2in
+ \tolerance = 800
+ \hfuzz = 1.2pt
+ \contentsrightmargin = 0pt
+ \defbodyindent = 2mm
+ \tableindent = 12mm
+}}
+
+% A specific text layout, 24x15cm overall, intended for A4 paper.
+\def\afourlatex{{\globaldefs = 1
+ \afourpaper
+ \internalpagesizes{237mm}{150mm}%
+ {\voffset}{4.6mm}%
+ {\bindingoffset}{7mm}%
+ {297mm}{210mm}%
+ %
+ % Must explicitly reset to 0 because we call \afourpaper.
+ \globaldefs = 0
+}}
+
+% Use @afourwide to print on A4 paper in landscape format.
+\def\afourwide{{\globaldefs = 1
+ \afourpaper
+ \internalpagesizes{241mm}{165mm}%
+ {\voffset}{-2.95mm}%
+ {\bindingoffset}{7mm}%
+ {297mm}{210mm}%
+ \globaldefs = 0
+}}
+
+% @pagesizes TEXTHEIGHT[,TEXTWIDTH]
+% Perhaps we should allow setting the margins, \topskip, \parskip,
+% and/or leading, also. Or perhaps we should compute them somehow.
+%
+\parseargdef\pagesizes{\pagesizesyyy #1,,\finish}
+\def\pagesizesyyy#1,#2,#3\finish{{%
+ \setbox0 = \hbox{\ignorespaces #2}\ifdim\wd0 > 0pt \hsize=#2\relax \fi
+ \globaldefs = 1
+ %
+ \parskip = 3pt plus 2pt minus 1pt
+ \setleading{\textleading}%
+ %
+ \dimen0 = #1
+ \advance\dimen0 by \voffset
+ %
+ \dimen2 = \hsize
+ \advance\dimen2 by \normaloffset
+ %
+ \internalpagesizes{#1}{\hsize}%
+ {\voffset}{\normaloffset}%
+ {\bindingoffset}{44pt}%
+ {\dimen0}{\dimen2}%
+}}
+
+% Set default to letter.
+%
+\letterpaper
+
+
+\message{and turning on texinfo input format.}
+
+% Define macros to output various characters with catcode for normal text.
+\catcode`\"=\other
+\catcode`\~=\other
+\catcode`\^=\other
+\catcode`\_=\other
+\catcode`\|=\other
+\catcode`\<=\other
+\catcode`\>=\other
+\catcode`\+=\other
+\catcode`\$=\other
+\def\normaldoublequote{"}
+\def\normaltilde{~}
+\def\normalcaret{^}
+\def\normalunderscore{_}
+\def\normalverticalbar{|}
+\def\normalless{<}
+\def\normalgreater{>}
+\def\normalplus{+}
+\def\normaldollar{$}%$ font-lock fix
+
+% This macro is used to make a character print one way in \tt
+% (where it can probably be output as-is), and another way in other fonts,
+% where something hairier probably needs to be done.
+%
+% #1 is what to print if we are indeed using \tt; #2 is what to print
+% otherwise. Since all the Computer Modern typewriter fonts have zero
+% interword stretch (and shrink), and it is reasonable to expect all
+% typewriter fonts to have this, we can check that font parameter.
+%
+\def\ifusingtt#1#2{\ifdim \fontdimen3\font=0pt #1\else #2\fi}
+
+% Same as above, but check for italic font. Actually this also catches
+% non-italic slanted fonts since it is impossible to distinguish them from
+% italic fonts. But since this is only used by $ and it uses \sl anyway
+% this is not a problem.
+\def\ifusingit#1#2{\ifdim \fontdimen1\font>0pt #1\else #2\fi}
+
+% Turn off all special characters except @
+% (and those which the user can use as if they were ordinary).
+% Most of these we simply print from the \tt font, but for some, we can
+% use math or other variants that look better in normal text.
+
+\catcode`\"=\active
+\def\activedoublequote{{\tt\char34}}
+\let"=\activedoublequote
+\catcode`\~=\active
+\def~{{\tt\char126}}
+\chardef\hat=`\^
+\catcode`\^=\active
+\def^{{\tt \hat}}
+
+\catcode`\_=\active
+\def_{\ifusingtt\normalunderscore\_}
+\let\realunder=_
+% Subroutine for the previous macro.
+\def\_{\leavevmode \kern.07em \vbox{\hrule width.3em height.1ex}\kern .07em }
+
+\catcode`\|=\active
+\def|{{\tt\char124}}
+\chardef \less=`\<
+\catcode`\<=\active
+\def<{{\tt \less}}
+\chardef \gtr=`\>
+\catcode`\>=\active
+\def>{{\tt \gtr}}
+\catcode`\+=\active
+\def+{{\tt \char 43}}
+\catcode`\$=\active
+\def${\ifusingit{{\sl\$}}\normaldollar}%$ font-lock fix
+
+% If a .fmt file is being used, characters that might appear in a file
+% name cannot be active until we have parsed the command line.
+% So turn them off again, and have \everyjob (or @setfilename) turn them on.
+% \otherifyactive is called near the end of this file.
+\def\otherifyactive{\catcode`+=\other \catcode`\_=\other}
+
+% Used sometimes to turn off (effectively) the active characters even after
+% parsing them.
+\def\turnoffactive{%
+ \normalturnoffactive
+ \otherbackslash
+}
+
+\catcode`\@=0
+
+% \backslashcurfont outputs one backslash character in current font,
+% as in \char`\\.
+\global\chardef\backslashcurfont=`\\
+\global\let\rawbackslashxx=\backslashcurfont % let existing .??s files work
+
+% \realbackslash is an actual character `\' with catcode other, and
+% \doublebackslash is two of them (for the pdf outlines).
+{\catcode`\\=\other @gdef@realbackslash{\} @gdef@doublebackslash{\\}}
+
+% In texinfo, backslash is an active character; it prints the backslash
+% in fixed width font.
+\catcode`\\=\active
+@def@normalbackslash{{@tt@backslashcurfont}}
+% On startup, @fixbackslash assigns:
+% @let \ = @normalbackslash
+
+% \rawbackslash defines an active \ to do \backslashcurfont.
+% \otherbackslash defines an active \ to be a literal `\' character with
+% catcode other.
+@gdef@rawbackslash{@let\=@backslashcurfont}
+@gdef@otherbackslash{@let\=@realbackslash}
+
+% Same as @turnoffactive except outputs \ as {\tt\char`\\} instead of
+% the literal character `\'.
+%
+@def@normalturnoffactive{%
+ @let\=@normalbackslash
+ @let"=@normaldoublequote
+ @let~=@normaltilde
+ @let^=@normalcaret
+ @let_=@normalunderscore
+ @let|=@normalverticalbar
+ @let<=@normalless
+ @let>=@normalgreater
+ @let+=@normalplus
+ @let$=@normaldollar %$ font-lock fix
+ @unsepspaces
+}
+
+% Make _ and + \other characters, temporarily.
+% This is canceled by @fixbackslash.
+@otherifyactive
+
+% If a .fmt file is being used, we don't want the `\input texinfo' to show up.
+% That is what \eatinput is for; after that, the `\' should revert to printing
+% a backslash.
+%
+@gdef@eatinput input texinfo{@fixbackslash}
+@global@let\ = @eatinput
+
+% On the other hand, perhaps the file did not have a `\input texinfo'. Then
+% the first `\' in the file would cause an error. This macro tries to fix
+% that, assuming it is called before the first `\' could plausibly occur.
+% Also turn back on active characters that might appear in the input
+% file name, in case not using a pre-dumped format.
+%
+@gdef@fixbackslash{%
+ @ifx\@eatinput @let\ = @normalbackslash @fi
+ @catcode`+=@active
+ @catcode`@_=@active
+}
+
+% Say @foo, not \foo, in error messages.
+@escapechar = `@@
+
+% These look ok in all fonts, so just make them not special.
+@catcode`@& = @other
+@catcode`@# = @other
+@catcode`@% = @other
+
+
+@c Local variables:
+@c eval: (add-hook 'write-file-hooks 'time-stamp)
+@c page-delimiter: "^\\\\message"
+@c time-stamp-start: "def\\\\texinfoversion{"
+@c time-stamp-format: "%:y-%02m-%02d.%02H"
+@c time-stamp-end: "}"
+@c End:
+
+@c vim:sw=2:
+
+@ignore
+ arch-tag: e1b36e32-c96e-4135-a41a-0b2efa2ea115
+@end ignore
diff --git a/sm/ChangeLog-2011 b/sm/ChangeLog-2011
new file mode 100644
index 0000000..4efea96
--- /dev/null
+++ b/sm/ChangeLog-2011
@@ -0,0 +1,2705 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2011-08-04 Werner Koch <wk@g10code.com>
+
+ * keydb.c (keydb_add_resource): Remove set but unused var
+ CREATED_FNAME.
+ * gpgsm.c (main): Remove set but used var FNAME.
+
+2011-07-21 Werner Koch <wk@g10code.com>
+
+ * call-dirmngr.c (get_cached_cert, get_cached_cert_data_cb): New.
+ (gpgsm_dirmngr_isvalid): Try to get the only-valid-if-cert-valid
+ certificate from the dirmngr first.
+
+2010-09-16 Werner Koch <wk@g10code.com>
+
+ * certchain.c (gpgsm_walk_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT.
+ (do_validate_chain): Ditto.
+ (gpgsm_basic_cert_check): Ditto.
+ * call-agent.c (learn_cb): Take care of new
+ GPG_ERR_MISSING_ISSUER_CERT.
+ * import.c (check_and_store): Ditto.
+ (check_and_store): Ditto.
+
+2010-05-12 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (gpgsm_LDADD): Include NETLIBS which is required for
+ Solaris.
+
+2010-03-12 Werner Koch <wk@g10code.com>
+
+ * server.c (cmd_passwd): New. From trunk.
+ (register_commands): Register it.
+
+2010-02-11 Marcus Brinkmann <marcus@g10code.de>
+
+ From trunk 2009-09-23, 2009-11-02, 2009-11-04, 2009-11-05, 2009-11-25,
+ 2009-12-08:
+
+ * call-agent.c (membuf_data_cb, default_inq_cb)
+ (inq_ciphertext_cb, scd_serialno_status_cb)
+ (scd_keypairinfo_status_cb, istrusted_status_cb)
+ (learn_status_cb, learn_cb, keyinfo_status_cb): Return gpg_error_t.
+ * gpgsm.c (main): Update to new assuan API.
+ * server.c: Include "gpgsm.h" before <assuan.h> due to check for
+ GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
+ * server.c (reset_notify, input_notify, output_notify): Update to
+ new assuan interface.
+ (option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
+ (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
+ (cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
+ (cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
+ (cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
+ (register_commands): Use assuan_handler_t. Same for member HANDLER
+ in table. Add NULL arg to assuan_register_command. Add help arg to
+ assuan_register_command. Provide help strings for all commands.
+ (gpgsm_server): Allocate assuan context before starting server.
+ Use assuan_fd_t and assuan_fdopen on fds.
+ * call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
+ setting LDAPSERVER.
+ (start_dirmngr_ext): Allocate assuan context before starting
+ server. Update use ofassuan_pipe_connect and assuan_socket_connect.
+ Convert posix fd to assuan fd.
+ (inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
+ (run_command_cb, run_command_inq_cb, run_command_status_cb):
+ Return gpg_error_t instead of int.
+
+2009-12-10 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c: Add option --ignore-cert-extension.
+ * gpgsm.h (opt): Add field IGNORED_CERT_EXTENSIONS.
+ * certchain.c (unknown_criticals): Handle ignored extensions,
+
+2009-12-03 Werner Koch <wk@g10code.com>
+
+ From trunk:
+
+ * verify.c (gpgsm_verify): Add audit info on hash algorithms.
+ * sign.c (gpgsm_sign): Add audit log calls.
+ (hash_data): Return an error indicator.
+ * decrypt.c (gpgsm_decrypt): Add audit log calls.
+
+ * gpgsm.c: New option --html-audit-log.
+
+ * certreqgen.c (proc_parameters): Change fallback key length to
+ 2048.
+ * gpgsm.c (main) <aGpgConfList>: Add key "default_pubkey_algo".
+
+2009-12-03 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (set_debug): Allow for numerical debug levels. Print
+ active debug flags.
+
+2009-10-16 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (DEFAULT_INCLUDE_CERTS): New.
+ (default_include_certs): Init to -2.
+
+2009-08-06 Werner Koch <wk@g10code.com>
+
+ * sign.c (gpgsm_sign): Print INV_SNDR for a bad default key.
+
+ * server.c (cmd_signer): Remove unneeded case for -1. Send
+ INV_SGNR. Use new map function.
+ (cmd_recipient): Use new map function.
+ * gpgsm.c (do_add_recipient): Use new map function for INV_RECP.
+ (main): Ditto. Also send INV_SGNR.
+
+2009-07-30 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (learn_cb): Do not store as ephemeral.
+
+2009-07-29 Marcus Brinkmann <marcus@g10code.com>
+
+ * keylist.c (print_capabilities): Print a trailing colon.
+
+2009-07-23 Werner Koch <wk@g10code.com>
+
+ * certchain.c (is_cert_still_valid): Emit AUDIT_CRL_CHECK.
+
+2009-07-07 Werner Koch <wk@g10code.com>
+
+ * server.c (command_has_option): New.
+ (cmd_getinfo): Add subcommand "cmd_has_option".
+ (cmd_import): Implement option --re-import.
+ * import.c (gpgsm_import): Add arg reimport_mode.
+ (reimport_one): New.
+
+ * gpgsm.h: Include session-env.h.
+ (opt): Add field SESSION_ENV. Remove obsolete fields.
+ * server.c (option_handler): Rewrite setting of option fields.
+ Replace strdup by xtrystrdup.
+ * gpgsm.c (set_opt_session_env): New.
+ (main): Use it for oDisplay, oTTYname, oTTYtype and oXauthority.
+ * call-agent.c (start_agent): Adjust start_new_gpg_agent for
+ changed args.
+ * misc.c (setup_pinentry_env): Use new session_env stuff.
+
+2009-07-02 Werner Koch <wk@g10code.com>
+
+ * certreqgen-ui.c (gpgsm_gencertreq_tty): Allow using a key from a
+ card.
+ * call-agent.c (gpgsm_agent_scd_serialno)
+ (scd_serialno_status_cb, store_serialno): New.
+ (scd_keypairinfo_status_cb, gpgsm_agent_scd_keypairinfo): New.
+
+2009-07-01 Werner Koch <wk@g10code.com>
+
+ * certreqgen-ui.c (check_keygrip): New.
+ (gpgsm_gencertreq_tty): Allow using an existing key.
+
+ * gpgsm.c (open_es_fread): New.
+ (main) <aKeygen>: Implement --batch mode.
+
+2009-06-24 Werner Koch <wk@g10code.com>
+
+ * call-dirmngr.c (pattern_from_strlist): Remove dead assignment of N.
+ * sign.c (gpgsm_sign): Remove dead assignment.
+ * certreqgen.c (create_request): Assign GPG_ERR_BUG to RC.
+ Reported by Fabian Keil.
+
+2009-05-27 Werner Koch <wk@g10code.com>
+
+ * encrypt.c (encrypt_dek): Make use of make_canon_sexp.
+
+2009-05-18 Werner Koch <wk@g10code.com>
+
+ * server.c (option_handler): New option "no-encrypt-to".
+ (cmd_encrypt): Make use of it.
+
+ * gpgsm.c: Remove not implemented --verify-files.
+
+2009-04-02 Werner Koch <wk@g10code.com>
+
+ * keylist.c (list_cert_std): Print card serial number.
+
+2009-04-01 Werner Koch <wk@g10code.com>
+
+ * export.c (popen_protect_tool): Add command line option
+ --agent-program and pass flag bit 6.
+ * import.c (popen_protect_tool): Ditto.
+
+2009-03-26 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): s/def_digest_string/forced_digest_algo/ and
+ activate the --digest-algo option.
+ * gpgsm.h (struct opt): s/def_digest_algo/forced_digest_algo/.
+ * sign.c (gpgsm_sign): Implement --digest-algo.
+
+ * sign.c (MAX_DIGEST_LEN): Change to 64.
+
+ * call-agent.c (gpgsm_agent_marktrusted): Format the issuer name.
+
+2009-03-25 Werner Koch <wk@g10code.com>
+
+ * decrypt.c (gpgsm_decrypt): Print ENC_TO and NO_SECKEY stati.
+ Fixes bug#1020.
+ * fingerprint.c (gpgsm_get_short_fingerprint): Add arg R_HIGH and
+ change all callers.
+
+2009-03-23 Werner Koch <wk@g10code.com>
+
+ * delete.c (delete_one): Also delete ephemeral certificates if
+ specified uniquely.
+
+2009-03-20 Werner Koch <wk@g10code.com>
+
+ * keylist.c (list_internal_keys): Set released cert to NULL.
+
+ * call-agent.c (learn_status_cb): New.
+ (gpgsm_agent_learn): Use it.
+ (learn_cb): Send a progress for every certificate.
+
+2009-03-18 Werner Koch <wk@g10code.com>
+
+ * gpgsm.h (struct opt): Move field WITH_EPHEMERAL_KEYS to struct
+ server_control_s.
+ * gpgsm.c (main): Change accordingly.
+ * keylist.c (list_internal_keys): Ditto.
+ * server.c (option_handler): Add "with-ephemeral-keys".
+
+2009-03-12 Werner Koch <wk@g10code.com>
+
+ * certdump.c (gpgsm_dump_time): Remove.
+ * certdump.c, verify.c, certchain.c
+ * gpgsm.c: s/gpgsm_dump_time/dump_isotime/.
+
+2009-03-06 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (gpgsm_agent_keyinfo, keyinfo_status_cb): New.
+ * keylist.c (list_cert_colon): Print card S/N.
+
+ * keylist.c (list_internal_keys): Always list ephemeral keys if
+ specified by keygrip or fingerprint.
+ (list_cert_raw): Always show ephemeral flag.
+ * export.c (gpgsm_export): Export ephemeral keys if specified by
+ keygrip.
+
+2009-02-09 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): Change default cipher back to 3DES.
+
+2009-01-12 Werner Koch <wk@g10code.com>
+
+ * keylist.c (print_utf8_extn_raw): Cast printf precision argument.
+
+2009-01-08 Werner Koch <wk@g10code.com>
+
+ * fingerprint.c (gpgsm_get_keygrip_hexstring): Add error detection.
+
+2008-12-10 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (our_cipher_test_algo): Use the GCRY constants as we now
+ require 1.4.
+ (our_md_test_algo): Ditto. Add SHA224.
+ (main) <aGpgConfList>: Update default cipher algo.
+
+2008-12-09 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): Call i18n_init before init_common_subsystems.
+
+2008-12-05 Werner Koch <wk@g10code.com>
+
+ * certreqgen.c (create_request): Provide a custom prompt for the
+ signing.
+
+ * certdump.c (gpgsm_format_keydesc): Remove debug output.
+ (gpgsm_format_keydesc): Remove saving of errno as xfree is
+ supposed not to change it. Use the new percent_plus_escape
+ function which also fixes the issue that we did not escaped a
+ percent in the past.
+
+2008-11-18 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (make_libversion): New.
+ (my_strusage): Use new function.
+ (build_lib_list): Remove.
+
+2008-11-13 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c: Remove all unused options. Use ARGPARSE macros.
+
+2008-10-28 Werner Koch <wk@g10code.com>
+
+ * certdump.c (gpgsm_format_keydesc): Use xtryasprintf and xfree.
+ (gpgsm_es_print_name): Factor code out to ...
+ (gpgsm_es_print_name2): New function.
+ (gpgsm_format_name2, format_name_writer): Use estream so that it
+ works on all platforms.
+ (format_name_writer): Fix reallocation bug.
+
+2008-10-23 Werner Koch <wk@g10code.com>
+
+ * import.c (popen_protect_tool): Add arg CTRL and assure that the
+ agent is running. Pass a value for CTRL from all caller.
+ * export.c (popen_protect_tool): Ditto.
+
+2008-10-21 Werner Koch <wk@g10code.com>
+
+ * call-dirmngr.c (inq_certificate_parm_s): Add field CTRL.
+ (gpgsm_dirmngr_isvalid): Supply a value for that field.
+ (inq_certificate): Add inquiry ISTRUSTED.
+
+ * call-agent.c (gpgsm_agent_istrusted): Add new optional arg
+ HEXFPR. Changed all callers.
+
+2008-10-20 Werner Koch <wk@g10code.com>
+
+ * keydb.c (keydb_locate_writable): Mark unused arg.
+ (keydb_search_kid): Ditto.
+ (keydb_clear_some_cert_flags): Ditto.
+ * server.c (cmd_encrypt): Ditto.
+ (cmd_decrypt, cmd_verify, cmd_import, cmd_genkey): Ditto.
+ * call-agent.c (gpgsm_scd_pksign): Ditto.
+ * call-dirmngr.c (release_dirmngr, release_dirmngr2)
+ (run_command_cb): Ditto.
+ * certlist.c (gpgsm_add_cert_to_certlist): Ditto.
+ * certchain.c (find_up_dirmngr): Ditto.
+ * keylist.c (print_key_data): Ditto.
+ (list_cert_raw, list_cert_std): Ditto.
+ * qualified.c (gpgsm_is_in_qualified_list): Ditto.
+
+ * gpgsm.c (set_binary) [!W32]: Mark unused arg.
+
+2008-10-17 Werner Koch <wk@g10code.com>
+
+ * call-dirmngr.c (start_dirmngr, start_dirmngr2): Reset the lock
+ flag on error.
+ (release_dirmngr, release_dirmngr2): Replace asserts by error messages.
+ (gpgsm_dirmngr_lookup): Replace assert by fatal error message.
+
+2008-10-13 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c: Add alias --delete-keys.
+
+2008-09-30 Werner Koch <wk@g10code.com>
+
+ * server.c (cmd_getinfo): New subcommand agent-check.
+ * call-agent.c (gpgsm_agent_send_nop): New.
+
+2008-09-29 Werner Koch <wk@g10code.com>
+
+ * certcheck.c (MY_GCRY_PK_ECDSA): Remove. Change users to
+ GCRY_PK_ECDSA.
+ * gpgsm.c (MY_GCRY_PK_ECDSA): Ditto.
+ * sign.c (MY_GCRY_MD_SHA224): Remove change users to GCRY_MD_SHA224.
+
+2008-09-04 Werner Koch <wk@g10code.com>
+
+ * certdump.c (gpgsm_format_keydesc): Work around a mingw32 bug.
+
+2008-09-03 Werner Koch <wk@g10code.com>
+
+ * sign.c (MY_GCRY_MD_SHA224): New, so that we don't need libgcrypt
+ 1.2.
+
+2008-08-13 Werner Koch <wk@g10code.com>
+
+ * keylist.c (list_cert_colon): Print 'f' for validated certs.
+
+2008-08-08 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgsm.h (struct server_control_s): Remove member dirmngr_seen.
+ * call-dirmngr.c (dirmngr2_ctx, dirmngr_ctx_locked)
+ (dirmngr2_ctx_locked): New global variables.
+ (prepare_dirmngr): Don't check dirmngr_seen anymore.
+ (start_dirmngr): Move bunch of code to ...
+ (start_dirmngr_ext): ... this new function.
+ (release_dirmngr, start_dirmngr2, release_dirmngr2): New
+ functions.
+ (gpgsm_dirmngr_isvalid): Call release_dirmngr.
+ (gpgsm_dirmngr_lookup): Call release_dirmngr. If dirmngr_ctx is
+ locked, use dirmngr2_locked.
+ (gpgsm_dirmngr_run_command): Call release_dirmngr.
+
+2008-06-25 Werner Koch <wk@g10code.com>
+
+ * sign.c (gpgsm_sign): Revamp the hash algorithm selection.
+ * gpgsm.h (struct certlist_s): Add field HASH_ALGO and HASH_ALGO_OID.
+
+ * qualified.c (gpgsm_qualified_consent): Fix double free.
+
+ * gpgsm.c (main): Change default cipher algo to AES.
+
+ * keylist.c (print_utf8_extn_raw, print_utf8_extn): New.
+ (list_cert_raw, list_cert_std): Print the TeleSec restriction
+ extension.
+
+2008-06-23 Werner Koch <wk@g10code.com>
+
+ * encrypt.c (encode_session_key): Replace xmalloc by xtrymalloc.
+ Use bin2hex instead of open coding the conversion.
+ (encrypt_dek): Init S_DATA.
+
+2008-06-13 Marcus Brinkmann <marcus@ulysses.g10code.com>
+
+ * call-dirmngr.c (prepare_dirmngr): Fix error code to ignore.
+
+2008-06-12 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgsm.h (struct keyserver_spec): New struct.
+ (opt): Add member keyserver.
+ * gpgsm.c (keyserver_list_free, parse_keyserver_line): New functions.
+ (main): Implement --keyserver option.
+ * call-dirmngr.c (prepare_dirmngr): Send LDAPSERVER commands.
+
+2008-05-20 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main) <aExportSecretKeyP12>: Pass FP and not stdout to
+ the export function. Reported by Marc Mutz.
+
+2008-05-06 Werner Koch <wk@g10code.com>
+
+ * keylist.c (list_external_keys): Ignore NOT FOUND error code.
+ This is bug#907.
+
+2008-04-23 Werner Koch <wk@g10code.com>
+
+ * certchain.c (find_up): Make correct C89 code. Declare variable
+ at the top of the block. Reported by Alain Guibert.
+
+2008-04-09 Werner Koch <wk@g10code.com>
+
+ * verify.c (gpgsm_verify): Print the message hash values on error.
+
+2008-03-31 Werner Koch <wk@g10code.com>
+
+ * call-dirmngr.c (start_dirmngr): Use log_info instead of
+ log_error when falling back to start dirmngr.
+
+2008-03-20 Werner Koch <wk@g10code.com>
+
+ * certlist.c (gpgsm_add_to_certlist): Always save the first
+ subject and issuer. Initialize issuer with issuer and not with
+ subject.
+ (same_subject_issuer): Set issuer2 to issuer and not to subject.
+
+2008-03-17 Werner Koch <wk@g10code.com>
+
+ * certdump.c (my_funopen_hook_size_t): New.
+ (format_name_writer): Use it.
+
+2008-03-13 Werner Koch <wk@g10code.com>
+
+ * certdump.c (gpgsm_fpr_and_name_for_status): Fix signed/unsigned
+ char issue.
+ (gpgsm_format_keydesc): Remove superfluous test. Add expire date
+ to the prompt.
+
+2008-02-18 Werner Koch <wk@g10code.com>
+
+ * certchain.c (gpgsm_is_root_cert): Factor code out to ...
+ (is_root_cert): New. Extend test for self-issued certificates
+ signed by other CAs.
+ (do_validate_chain, gpgsm_basic_cert_check)
+ (gpgsm_walk_cert_chain): Use it here.
+
+ * gpgsm.c: Add option --no-common-certs-import.
+
+ * certchain.c (find_up_dirmngr, find_up, do_validate_chain)
+ (check_cert_policy): Be more silent with --quiet.
+
+ * gpgsm.c: Add option --disable-dirmngr.
+ * gpgsm.h (opt): Add field DISABLE_DIRMNGR.
+ * call-dirmngr.c (start_dirmngr): Implement option.
+
+2008-02-14 Werner Koch <wk@g10code.com>
+
+ * server.c (option_handler): Add option allow-pinentry-notify.
+ (gpgsm_proxy_pinentry_notify): New.
+ * call-agent.c (default_inq_cb): New.
+ (gpgsm_agent_pksign, gpgsm_scd_pksign, gpgsm_agent_readkey)
+ (gpgsm_agent_istrusted, gpgsm_agent_marktrusted)
+ (gpgsm_agent_passwd, gpgsm_agent_get_confirmation): Call it.
+ (struct cipher_parm_s, struct genkey_parm_s): Add field CTRL.
+ (inq_ciphertext_cb): Test keyword and fallback to default_inq_cb.
+ (inq_genkey_parms): Ditto.
+ (start_agent): Tell agent to send us the pinentry notifications.
+
+2008-02-13 Werner Koch <wk@g10code.com>
+
+ * call-dirmngr.c (gpgsm_dirmngr_lookup): Add arg CACHE_ONLY.
+ * keylist.c (list_external_keys): Pass false for new arg.
+ * certchain.c (find_up_dirmngr): New.
+ (find_up): Also try to read from the dirmngr cache.
+ (find_up, find_up_external, gpgsm_walk_cert_chain)
+ (gpgsm_basic_cert_check, allowed_ca): Add arg CTRL and changed all
+ callers.
+ * call-agent.c (struct learn_parm_s): Add field CTRL.
+ (gpgsm_agent_learn): Set it.
+
+2008-02-11 Werner Koch <wk@g10code.com>
+
+ * server.c (cmd_getinfo): New.
+ (gpgsm_server): Register GETINFO.
+
+2008-01-29 Marcus Brinkmann <marcus@g10code.de>
+
+ * keylist.c (list_internal_keys): New variable lastcert. Use it
+ to suppress duplicates which immediately follow each other.
+
+2008-01-27 Werner Koch <wk@g10code.com>
+
+ * import.c (popen_protect_tool): Set bit 7 in the flags for
+ gnupg_spawn_process so that under W32 no window appears.
+ * export.c (popen_protect_tool): Ditto.
+
+2007-12-13 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): Add option --extra-digest-algo.
+ * gpgsm.h (struct): Add EXTRA_DIGEST_ALGO.
+ * verify.c (gpgsm_verify): Use it. Use the hash algorithm from
+ the signature value.
+
+2007-12-11 Werner Koch <wk@g10code.com>
+
+ * certchain.c (do_validate_chain): Log AUDIT_ROOT_TRUSTED.
+
+ * server.c (cmd_sign, cmd_decrypt, cmd_encrypt): Start audit log.
+ (cmd_recipient): Start audit session.
+
+ * gpgsm.c (main): Revamp creation of the audit log.
+
+ * gpgsm.h (struct server_control_s): Add AGENT_SEEN and DIRMNGR_SEEN.
+ * call-agent.c (start_agent): Record an audit event.
+ * call-dirmngr.c (start_dirmngr): Ditto. Add new arg CTRL and pass
+ it from all callers.
+ (prepare_dirmngr): New helper for start_dirmngr.
+
+ * encrypt.c (gpgsm_encrypt): Add calls to audit_log.
+
+2007-12-03 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): Call gnupg_reopen_std.
+
+h2007-11-22 Werner Koch <wk@g10code.com>
+
+ * server.c (cmd_getauditlog): New.
+ (register_commands): Register GETAUDITLOG.
+
+2007-11-19 Werner Koch <wk@g10code.com>
+
+ * server.c (cmd_recipient, cmd_signer): Add error reason 11.
+
+ * gpgsm.c (main): Print a warning if --audit-log is used.
+
+2007-11-15 Werner Koch <wk@g10code.com>
+
+ * gpgsm.h (struct): Add XAUTHORITY and PINENTRY_USER_DATA.
+ * misc.c (setup_pinentry_env): Add XAUTHORITY and PINENTRY_USER_DATA.
+ * gpgsm.c (main): New option --xauthority.
+ * call-agent.c (start_agent): Adjust for changed start_new_gpg_agent.
+ * server.c (option_handler): Ad the new options.
+
+2007-11-07 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): New option --audit-log.
+ * server.c (option_handler): New option enable-audit-log.
+ (start_audit_session): New.
+ (cmd_verify): Create audit context.
+ (gpgsm_server): Release the context.
+
+ * gpgsm.h (struct server_control_s): Add member AUDIT, include
+ audit.h.
+ * certdump.c (gpgsm_format_sn_issuer): New.
+ * verify.c (hash_data): Return an error code.
+ (gpgsm_verify): Add calls to audit_log.
+
+ * gpgsm.c (get_status_string): Remove.
+ * gpgsm.h: Include status.h instead of errors.h.
+
+2007-10-19 Werner Koch <wk@g10code.com>
+
+ * qualified.c (gpgsm_qualified_consent): Use i18N-swicth functions.
+ (gpgsm_not_qualified_warning): Ditto.
+ * certdump.c (gpgsm_format_keydesc): Ditto.
+
+2007-09-14 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (build_lib_list): New.
+ (my_strusage): Print lib info.
+
+2007-08-24 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (common_libs): Swap libkeybox and jnlib.
+
+2007-08-23 Werner Koch <wk@g10code.com>
+
+ * certlist.c (gpgsm_certs_identical_p): New.
+ (gpgsm_add_to_certlist): Ignore duplicate certificates in
+ ambigious name detection.
+ (gpgsm_find_cert): Ditto.
+ * export.c (gpgsm_p12_export): Ditto.
+
+2007-08-22 Werner Koch <wk@g10code.com>
+
+ * certreqgen.c (create_request): Replace open coding by bin2hex.
+
+ * certreqgen-ui.c (gpgsm_gencertreq_tty): Use es_fopenmem.
+
+2007-08-21 Werner Koch <wk@g10code.com>
+
+ * import.c (parse_p12): Use gnupg_tmpfile.
+ * export.c (export_p12): Ditto.
+
+2007-08-20 Werner Koch <wk@g10code.com>
+
+ * certreqgen.c (read_parameters): Change FP to an estream_t.
+ (gpgsm_genkey): Replace in_fd and in_stream by a estream_t.
+ * server.c (cmd_genkey): Adjust for that.
+ * certreqgen-ui.c (gpgsm_gencertreq_tty): Use es_open_memstream
+ instead of a temporary file.
+
+2007-08-14 Werner Koch <wk@g10code.com>
+
+ * call-dirmngr.c (start_dirmngr): Use dirmngr_socket_name. change
+ the way infostr is xstrdupped.
+
+ * gpgsm.c (main) [W32]: Make --prefer-system-dirmngr a dummy under
+ Windows.
+
+2007-08-13 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (do_add_recipient): Add RECP_REQUIRED and make error
+ message depend on that.
+ (main): Add avriable RECP_REQUIRED, set ift for encryption
+ commands and pass it to do_add_recipient.
+ (our_pk_test_algo, our_cipher_test_algo, our_md_test_algo): Implement.
+
+2007-08-09 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main) [W32]: Enable CRL check by default.
+ (main): Update the default control structure after reading the
+ options.
+ (gpgsm_parse_validation_model, parse_validation_model): New.
+ (main): New option --validation-model.
+ * certchain.c (gpgsm_validate_chain): Implement this option.
+ * server.c (option_handler): Ditto.
+
+ * certchain.c (is_cert_still_valid): Reformatted. Add arg
+ FORCE_OCSP. Changed callers to set this flag when using the chain
+ model.
+
+2007-08-08 Werner Koch <wk@g10code.com>
+
+ * certdump.c (gpgsm_print_serial): Fixed brown paper bag style bugs
+ which prefixed the output with a 3A and cut it off at a 00.
+
+ * keylist.c (list_cert_raw): Print the certificate ID first and
+ rename "Serial number" to "S/N".
+ (list_cert_std): Ditto.
+
+2007-08-07 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): Allow a string for --faked-system-time.
+
+2007-08-06 Werner Koch <wk@g10code.com>
+
+ Implementation of the chain model.
+
+ * gpgsm.h (struct rootca_flags_s): Define new members VALID and
+ CHAIN_MODEL.
+ * call-agent.c (gpgsm_agent_istrusted): Mark ROOTCA_FLAGS valid.
+ (istrusted_status_cb): Set CHAIN_MODEL.
+ * certchain.c (gpgsm_validate_chain): Replace LM alias by LISTMODE
+ and FP by LISTFP.
+ (gpgsm_validate_chain): Factor some code out to ...
+ (check_validity_period, ask_marktrusted): .. new.
+ (check_validity_cm_basic, check_validity_cm_main): New.
+ (do_validate_chain): New with all code from gpgsm_validate_chain.
+ New arg ROOTCA_FLAGS.
+ (gpgsm_validate_chain): Provide ROOTCA_FLAGS and fallback to chain
+ model. Add RETFLAGS arg and changed all callers to pass NULL. Add
+ CHECKTIME arg and changed all callers to pass a nil value.
+ (has_validity_model_chain): New.
+ * verify.c (gpgsm_verify): Check for chain model and return as
+ part of the trust status.
+
+ * gpgsm.h (VALIDATE_FLAG_NO_DIRMNGR): New.
+ (VALIDATE_FLAG_NO_DIRMNGR): New.
+ * call-dirmngr.c (gpgsm_dirmngr_isvalid): Use constant here.
+
+2007-08-03 Werner Koch <wk@g10code.com>
+
+ * keylist.c (list_cert_colon): Avoid duplicate listing of kludge
+ uids.
+
+ * verify.c (gpgsm_verify): Make STATUS_VERIFY return the hash and
+ pk algo.
+ * certcheck.c (gpgsm_check_cms_signature): Add arg R_PKALGO.
+
+2007-08-02 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): Factored GC_OPT_FLAGS out to gc-opt-flags.h.
+
+2007-07-17 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): Implement --default-key.
+ (main) <gpgconf-list>: Declare --default-key and --encrypt-to.
+
+2007-07-16 Werner Koch <wk@g10code.com>
+
+ * server.c (cmd_message): Use gnupg_fd_t to avoid dependecy on
+ newer assuan versions.
+
+2007-07-12 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (check_special_filename): Use translate_sys2libc_fd_int
+ when passing an int value.
+ * server.c (cmd_encrypt, cmd_decrypt, cmd_verify, cmd_import)
+ (cmd_export, cmd_message, cmd_genkey): Translate file descriptors.
+
+2007-07-05 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (common_libs): Changed order of libs.
+
+2007-07-04 Werner Koch <wk@g10code.com>
+
+ * certchain.c (check_cert_policy): Remove extra checks for
+ GPG_ERR_NO_VALUE. They are not needed since libksba 1.0.1.
+ * keylist.c (print_capabilities, list_cert_raw, list_cert_std): Ditto.
+ * certlist.c (cert_usage_p, cert_usage_p): Ditto.
+
+2007-06-26 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): Call gnupg_rl_initialize.
+ * Makefile.am (gpgsm_LDADD): Add LIBREADLINE and libgpgrl.a.
+
+2007-06-25 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (check_special_filename): Use translate_sys2libc_fd and
+ add new arg FOR_WRITE. Change callers to pass new arg.
+
+2007-06-24 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (open_es_fwrite): Avoid the dup by using the new
+ es_fdopen_nc().
+
+2007-06-21 Werner Koch <wk@g10code.com>
+
+ * certreqgen-ui.c: New.
+ * gpgsm.c (main): Let --gen-key call it.
+ * certreqgen.c (gpgsm_genkey): Add optional IN_STREAM arg and
+ adjusted caller.
+
+ * gpgsm.h (ctrl_t): Remove. It is now declared in ../common/util.h.
+
+ * call-agent.c (start_agent): Factored almost all code out to
+ ../common/asshelp.c.
+
+2007-06-20 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (start_agent) [W32]: Start the agent on the fly.
+
+2007-06-18 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgsm.c (main): Percent escape output of --gpgconf-list.
+
+2007-06-14 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (start_agent): Use gnupg_module_name.
+ * call-dirmngr.c (start_dirmngr): Ditto.
+ * export.c (export_p12): Ditto.
+ * import.c (parse_p12): Ditto.
+ * gpgsm.c (run_protect_tool): Ditto.
+
+2007-06-12 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): Replace some calls by init_common_subsystems.
+ (main): Use gnupg_datadir.
+ * qualified.c (read_list): Use gnupg-datadir.
+
+2007-06-11 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (common_libs): Use libcommaonstd macr.
+
+ * gpgsm.c (main) [W32]: Call pth_init.
+
+2007-06-06 Werner Koch <wk@g10code.com>
+
+ * qualified.c (gpgsm_not_qualified_warning) [!ENABLE_NLS]: Do not
+ define orig_codeset.
+ * certdump.c (gpgsm_format_keydesc) [!ENABLE_NLS]: Do not define
+ orig_codeset.
+ (format_name_writer): Define only if funopen et al is available.
+
+ * gpgsm.c (i18n_init): Remove.
+
+2007-05-29 Werner Koch <wk@g10code.com>
+
+ * export.c (gpgsm_p12_export): Print passphrase encoding info only
+ in PEM mode.
+
+2007-05-18 Marcus Brinkmann <marcus@g10code.de>
+
+ * qualified.c (gpgsm_qualified_consent,
+ gpgsm_not_qualified_warning): Free ORIG_CODESET on error.
+ * certdump.c (gpgsm_format_keydesc): Likewise.
+
+2007-05-07 Werner Koch <wk@g10code.com>
+
+ * certcheck.c (MY_GCRY_PK_ECDSA): New.
+
+2007-04-20 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): Parameterize failed versions check messages.
+
+2007-04-19 Werner Koch <wk@g10code.com>
+
+ * certcheck.c (do_encode_md): Add arg PKEY. Add support for DSA2
+ and all ECDSA sizes.
+ (get_dsa_qbits): New.
+ (pk_algo_from_sexp): A key will never contain ecdsa as algorithm,
+ so remove that.
+
+2007-04-18 Werner Koch <wk@g10code.com>
+
+ * certcheck.c (do_encode_md): Support 160 bit ECDSA.
+
+2007-04-13 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (start_agent): Don't use log_error when using the
+ fallback hack to start the agent. This is bug 782.
+
+2007-03-20 Werner Koch <wk@g10code.com>
+
+ * fingerprint.c (gpgsm_get_fingerprint): Add caching.
+ (gpgsm_get_fingerprint_string): Use bin2hexcolon().
+ (gpgsm_get_fingerprint_hexstring): Use bin2hex and allocate only
+ as much memory as required.
+ (gpgsm_get_keygrip_hexstring): Use bin2hex.
+
+ * certchain.c (gpgsm_validate_chain): Keep track of the
+ certificate chain and reset the ephemeral flags.
+ * keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK.
+ Changed caller to use a mask of ~0. Return a proper error code if
+ the certificate is not available.
+
+ * gpgsm.c: Add option --p12-charset.
+ * gpgsm.h (struct opt): Add p12_charset.
+ * export.c (popen_protect_tool): Use new option.
+
+2007-03-19 Werner Koch <wk@g10code.com>
+
+ Changes to let export and key listing use estream to help systems
+ without funopen.
+
+ * keylist.c: Use estream in place of stdio functions.
+ * gpgsm.c (open_es_fwrite): New.
+ (main): Use it for the list commands.
+ * server.c (data_line_cookie_functions): New.
+ (data_line_cookie_write, data_line_cookie_close): New.
+ (do_listkeys): Use estream.
+
+ * certdump.c (gpgsm_print_serial): Changed to use estream.
+ (gpgsm_print_time): Ditto.
+ (pretty_es_print_sexp): New.
+ (gpgsm_es_print_name): New.
+ (print_dn_part): New arg STREAM. Changed all callers.
+ (print_dn_parts): Ditto.
+ * certchain.c (gpgsm_validate_chain): Changed FP to type
+ estream_t.
+ (do_list, unknown_criticals, allowed_ca, check_cert_policy)
+ (is_cert_still_valid): Ditto.
+
+ * export.c (gpgsm_export): New arg STREAM.
+ (do_putc, do_fputs): New.
+ (print_short_info): Allow printing to optional STREAM.
+ * server.c (cmd_export): Use stream.
+ * base64.c (do_putc, do_fputs): New.
+ (base64_writer_cb, base64_finish_write): Let them cope with an
+ alternate output function.
+ (plain_writer_cb): New.
+ (gpgsm_create_writer): New arg STREAM and call plain_writer_cb for
+ binary output to an estream. Changed call callers.
+
+2007-01-31 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): Let --gen-key print a more informative error
+ message.
+
+2007-01-25 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (gpgsm_LDADD): Add LIBICONV. Noted by Billy Halsey.
+
+2007-01-05 Werner Koch <wk@g10code.com>
+
+ * certchain.c (unknown_criticals): Add subjectAltName.
+
+2006-12-21 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c: Comment mtrace feature.
+
+2006-12-21 Marcus Brinkmann <marcus@g10code.de>
+
+ * certchain.c (gpgsm_basic_cert_check): Release SUBJECT.
+
+ * encrypt.c (encrypt_dek): Release S_CIPH.
+
+2006-12-20 Marcus Brinkmann <marcus@g10code.de>
+
+ * server.c (gpgsm_server): Release CTRL->server_local.
+
+ * base64.c: Add new members READER and WRITER in union U2.
+ (gpgsm_create_reader): Initialise CTX->u2.reader.
+ (gpgsm_destroy_reader): Invoke ksba_reader_release. Return early
+ if CTX is NULL.
+ (gpgsm_create_writer): Initialise CTX->u2.writer.
+ (gpgsm_destroy_writer): Invoke ksba_writer_release. Return early
+ if CTX is NULL.
+
+2006-12-18 Marcus Brinkmann <marcus@g10code.de>
+
+ * fingerprint.c (gpgsm_get_fingerprint): Close MD.
+
+2006-11-24 Werner Koch <wk@g10code.com>
+
+ * certdump.c (parse_dn_part): Take '#' as a special character only
+ at the beginning of a string.
+
+2006-11-21 Werner Koch <wk@g10code.com>
+
+ * certdump.c (my_funopen_hook_ret_t): New.
+ (format_name_writer): Use it for the return value.
+
+2006-11-14 Werner Koch <wk@g10code.com>
+
+ * server.c (skip_options): Skip leading spaces.
+ (has_option): Honor "--".
+ (cmd_export): Add option --data to do an inline export. Skip all
+ options.
+
+ * certdump.c (gpgsm_fpr_and_name_for_status): New.
+ * verify.c (gpgsm_verify): Use it to print correct status messages.
+
+2006-11-11 Werner Koch <wk@g10code.com>
+
+ * server.c (skip_options): New.
+
+2006-10-24 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).
+
+2006-10-23 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): Remap common cipher algo names to their OIDs.
+ (main): New command --gpgconf-test.
+
+2006-10-20 Werner Koch <wk@g10code.com>
+
+ * keydb.c (classify_user_id): Parse keygrip for the '&' identifier.
+
+2006-10-18 Werner Koch <wk@g10code.com>
+
+ * keylist.c (list_cert_raw): Also test for GPG_ERR_NO_VALUE when
+ testing for GPG_ERR_NO_DATA.
+ * certlist.c (cert_usage_p, gpgsm_find_cert): Ditto.
+ * certchain.c (check_cert_policy): Ditto.
+
+ * keylist.c (list_cert_std, list_cert_raw): Print "none" for no
+ chain length available.
+
+2006-10-17 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c: No need for pth.h.
+ (main): or to init it. It used to be hack for W32.
+
+ * sign.c (gpgsm_get_default_cert): Changed to return only
+ certificates usable for signing.
+
+2006-10-16 Werner Koch <wk@g10code.com>
+
+ * certchain.c (already_asked_marktrusted)
+ (set_already_asked_marktrusted): New.
+ (gpgsm_validate_chain) <not trusted>: Keep track of certificates
+ we already asked for.
+
+2006-10-11 Werner Koch <wk@g10code.com>
+
+ * certreqgen.c (proc_parameters, create_request): Allow for
+ creation directly from a card.
+ * call-agent.c (gpgsm_agent_readkey): New arg FROMCARD.
+ (gpgsm_scd_pksign): New.
+
+2006-10-06 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (AM_CFLAGS): Use PTH version of libassuan.
+ (gpgsm_LDADD): Ditto.
+
+2006-10-05 Werner Koch <wk@g10code.com>
+
+ * certcheck.c (do_encode_md): Check that the has algo is valid.
+
+2006-10-02 Marcus Brinkmann <marcus@g10code.de>
+
+ * server.c (register_commands): New commands DUMPKEYS and
+ DUMPSECRETKEYS.
+ (cmd_dumpkeys, cmd_dumpsecretkeys): New functions.
+ (option_handler): Support with-key-data option.
+
+2006-09-26 Werner Koch <wk@g10code.com>
+
+ * certchain.c (gpgsm_validate_chain): More changes for the relax
+ feature. Use certificate reference counting instead of the old
+ explicit tests. Added a missing free.
+
+2006-09-25 Werner Koch <wk@g10code.com>
+
+ * gpgsm.h (struct rootca_flags_s): New.
+ * call-agent.c (istrusted_status_cb): New.
+ (gpgsm_agent_istrusted): New arg ROOTCA_FLAGS.
+ * keylist.c (list_cert_colon): Use dummy for new arg.
+ * certchain.c (gpgsm_validate_chain): Make use of the relax flag
+ for root certificates.
+ (unknown_criticals): Ignore a GPG_ERR_NO_VALUE.
+
+2006-09-20 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c: Add alias command --dump-cert.
+
+ * Makefile.am: Changes to allow parallel make runs.
+
+2006-09-18 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): Use this to import standard certificates.
+ * keydb.c (keydb_add_resource): New arg AUTO_CREATED.
+
+2006-09-14 Werner Koch <wk@g10code.com>
+
+ Replaced all call gpg_error_from_errno(errno) by
+ gpg_error_from_syserror().
+
+2006-09-13 Werner Koch <wk@g10code.com>
+
+ * keylist.c (list_internal_keys): Print marker line to FP and not
+ to stdout.
+
+ * gpgsm.c (main): All list key list commands now make ose of
+ --output. Cleaned up calls to list modes. New command
+ --dump-chain. Renamed --list-sigs to --list-chain and added an
+ alias for the old one.
+
+ * server.c (cmd_message): Changed to use assuan_command_parse_fd.
+ (option_handler): New option list-to-output.
+ (do_listkeys): Use it.
+
+2006-09-06 Werner Koch <wk@g10code.com>
+
+ * gpgsm.h (OUT_OF_CORE): Removed and changed all callers to
+ out_of_core.
+ (CTRL): Removed and changed everywhere to ctrl_t.
+ (CERTLIST): Ditto.
+
+ Replaced all Assuan error codes by libgpg-error codes. Removed
+ all map_to_assuan_status and map_assuan_err.
+
+ * gpgsm.c (main): Call assuan_set_assuan_err_source to have Assuan
+ switch to gpg-error codes.
+ * server.c (set_error): Adjusted.
+
+2006-08-29 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (gpgsm_agent_pkdecrypt): Allow decryption using
+ complete S-expressions as implemented by the current gpg-agent.
+
+ * gpgsm.c (main): Implement --output for encrypt, decrypt, sign
+ and export.
+
+2006-07-03 Werner Koch <wk@g10code.com>
+
+ * certreqgen.c (proc_parameters): Print the component label of a
+ faulty DN.
+
+2006-06-26 Werner Koch <wk@g10code.com>
+
+ * certdump.c (gpgsm_cert_log_name): New.
+ * certchain.c (is_cert_still_valid): Log the name of the certificate.
+
+2006-06-20 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (gpgsm_init_default_ctrl): Take care of the command line
+ option --include-certs.
+
+ * keylist.c (list_cert_raw): Print the certid.
+
+2006-05-23 Werner Koch <wk@g10code.com>
+
+ * keydb.c (hextobyte): Deleted as it is now defined in jnlib.
+
+ * Makefile.am (gpgsm_LDADD): Include ZLIBS.
+
+2006-05-19 Marcus Brinkmann <marcus@g10code.de>
+
+ * keydb.c (keydb_insert_cert): Do not lock here, but only check if
+ it is locked.
+ (keydb_store_cert): Lock here.
+
+ * keydb.h (keydb_delete): Accept new argument UNLOCK.
+ * keydb.c (keydb_delete): Likewise. Only unlock if this is set.
+ * delete.c (delete_one): Add new argument to invocation of
+ keydb_delete.
+
+2006-05-15 Werner Koch <wk@g10code.com>
+
+ * keylist.c (print_names_raw): Sanitize URI.
+
+2006-03-21 Werner Koch <wk@g10code.com>
+
+ * certchain.c (get_regtp_ca_info): New.
+ (allowed_ca): Use it.
+
+2006-03-20 Werner Koch <wk@g10code.com>
+
+ * qualified.c (gpgsm_is_in_qualified_list): New optional arg COUNTRY.
+
+2006-02-17 Werner Koch <wk@g10code.com>
+
+ * call-dirmngr.c (start_dirmngr): Print name of dirmngr to be started.
+
+2005-11-23 Werner Koch <wk@g10code.com>
+
+ * gpgsm.h: New member QUALSIG_APPROVAL.
+ * sign.c (gpgsm_sign): Print a warning if a certificate is not
+ qualified.
+ * qualified.c (gpgsm_qualified_consent): Include a note that this
+ is not approved software.
+ (gpgsm_not_qualified_warning): New.
+ * gpgsm.c (main): Prepared to print a note whether the software
+ has been approved.
+
+2005-11-13 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (gpgsm_agent_get_confirmation): New.
+
+ * keylist.c (list_cert_std): Print qualified status.
+ * qualified.c: New.
+ * certchain.c (gpgsm_validate_chain): Check for qualified
+ certificates.
+
+ * certchain.c (gpgsm_basic_cert_check): Release keydb handle when
+ no-chain-validation is used.
+
+2005-11-11 Werner Koch <wk@g10code.com>
+
+ * keylist.c (print_capabilities): Print is_qualified status.
+
+2005-10-28 Werner Koch <wk@g10code.com>
+
+ * certdump.c (pretty_print_sexp): New.
+ (gpgsm_print_name2): Use it here. This allows proper printing of
+ DNS names as used with server certificates.
+
+2005-10-10 Werner Koch <wk@g10code.com>
+
+ * keylist.c: Add pkaAdress OID as reference.
+
+2005-10-08 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (gpgsm_LDADD): Add ../gl/libgnu.a after
+ ../common/libcommon.a.
+
+2005-09-13 Werner Koch <wk@g10code.com>
+
+ * verify.c (gpgsm_verify): Print a note if the unknown algorithm
+ is MD2.
+ * sign.c (gpgsm_sign): Ditto.
+ * certcheck.c (gpgsm_check_cert_sig): Ditto.
+
+2005-09-08 Werner Koch <wk@g10code.com>
+
+ * export.c (popen_protect_tool): Add option --have-cert. We
+ probably lost this option with 1.9.14 due to restructuring of
+ export.c.
+
+2005-07-21 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): New options --no-log-file and --debug-none.
+
+ * certreqgen.c (get_parameter, get_parameter_value): Add SEQ arg
+ to allow enumeration. Changed all callers.
+ (create_request): Process DNS and URI parameters.
+
+2005-07-20 Werner Koch <wk@g10code.com>
+
+ * keylist.c (email_kludge): Reworked.
+
+ * certdump.c (gpgsm_print_serial, gpgsm_dump_serial): Cast printf
+ arg to unsigned.
+ * call-dirmngr.c (gpgsm_dirmngr_run_command): Ditto
+
+2005-07-19 Werner Koch <wk@g10code.com>
+
+ * fingerprint.c (gpgsm_get_certid): Cast printf arg to unsigned.
+ Bug accidently introduced while solving the #$%^& gcc
+ signed/unsigned char* warnings.
+
+2005-06-15 Werner Koch <wk@g10code.com>
+
+ * delete.c (delete_one): Changed FPR to unsigned.
+ * encrypt.c (encrypt_dek): Made ENCVAL unsigned.
+ (gpgsm_encrypt): Ditto.
+ * sign.c (gpgsm_sign): Made SIGVAL unsigned.
+ * base64.c (base64_reader_cb): Need to use some casting to get
+ around signed/unsigned char* warnings.
+ * certcheck.c (gpgsm_check_cms_signature): Ditto.
+ (gpgsm_create_cms_signature): Changed arg R_SIGVAL to unsigned char*.
+ (do_encode_md): Made NFRAME a size_t.
+ * certdump.c (gpgsm_print_serial): Fixed signed/unsigned warning.
+ (gpgsm_dump_serial): Ditto.
+ (gpgsm_format_serial): Ditto.
+ (gpgsm_dump_string): Ditto.
+ (gpgsm_dump_cert): Ditto.
+ (parse_dn_part): Ditto.
+ (gpgsm_print_name2): Ditto.
+ * keylist.c (email_kludge): Ditto.
+ * certreqgen.c (proc_parameters, create_request): Ditto.
+ (create_request): Ditto.
+ * call-agent.c (gpgsm_agent_pksign): Made arg R_BUF unsigned.
+ (struct cipher_parm_s): Made CIPHERTEXT unsigned.
+ (struct genkey_parm_s): Ditto.
+ * server.c (strcpy_escaped_plus): Made arg S signed char*.
+ * fingerprint.c (gpgsm_get_fingerprint): Made ARRAY unsigned.
+ (gpgsm_get_keygrip): Ditto.
+ * keydb.c (keydb_insert_cert): Made DIGEST unsigned.
+ (keydb_update_cert): Ditto.
+ (classify_user_id): Apply cast to signed/unsigned assignment.
+ (hextobyte): Ditto.
+
+2005-06-01 Werner Koch <wk@g10code.com>
+
+ * misc.c: Include setenv.h.
+
+2005-04-21 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
+ * certchain.c (gpgsm_validate_chain): Make use of it.
+
+ * certchain.c (gpgsm_validate_chain): Check revocations even for
+ expired certificates. This is required because on signature
+ verification an expired key is fine whereas a revoked one is not.
+
+2005-04-20 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (AM_CFLAGS): Add PTH_CFLAGS as noted by several folks.
+
+2005-04-19 Werner Koch <wk@g10code.com>
+
+ * certchain.c (check_cert_policy): Print the diagnostic for a open
+ failure of policies.txt only in verbose mode or when it is not
+ ENOENT.
+
+2005-04-17 Werner Koch <wk@g10code.com>
+
+ * call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI.
+ * certlist.c (gpgsm_find_cert): Add new arg KEYID and implement
+ this filter. Changed all callers.
+
+ * certchain.c (find_up_search_by_keyid): New helper.
+ (find_up): Also try using the AKI.keyIdentifier.
+ (find_up_external): Ditto.
+
+2005-04-15 Werner Koch <wk@g10code.com>
+
+ * keylist.c (list_cert_raw): Print the subjectKeyIdentifier as
+ well as the keyIdentifier part of the authorityKeyIdentifier.
+
+2005-03-31 Werner Koch <wk@g10code.com>
+
+ * call-dirmngr.c (start_dirmngr): Use PATHSEP_C instead of ':'.
+ * call-agent.c (start_agent): Ditto.
+
+2005-03-17 Werner Koch <wk@g10code.com>
+
+ * certcheck.c: Fixed use of DBG_CRYPTO and DBG_X509.
+
+ * certchain.c (gpgsm_basic_cert_check): Dump certificates after a
+ failed gcry_pk_verify.
+ (find_up): Do an external lookup also for an authorityKeyIdentifier
+ lookup. Factored external lookup code out to ..
+ (find_up_external): .. new.
+
+2005-03-03 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (gpgsm_LDADD): Added PTH_LIBS. Noted by Kazu Yamamoto.
+
+2005-01-13 Werner Koch <wk@g10code.com>
+
+ * certreqgen.c (proc_parameters): Cast printf arg.
+
+2004-12-22 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (set_binary): New.
+ (main, open_read, open_fwrite): Use it.
+
+2004-12-21 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (main): Use default_homedir().
+ (main) [W32]: Default to disabled CRL checks.
+
+2004-12-20 Werner Koch <wk@g10code.com>
+
+ * call-agent.c (start_agent): Before starting a pipe server start
+ to connect to a server on the standard socket. Use PATHSEP
+ * call-dirmngr.c (start_dirmngr): Use PATHSEP.
+
+ * import.c: Include unistd.h for dup and close.
+
+2004-12-18 Werner Koch <wk@g10code.com>
+
+ * gpgsm.h (map_assuan_err): Define in terms of
+ map_assuan_err_with_source.
+ * call-agent.c (start_agent): Pass error source to
+ send_pinentry_environment.
+
+2004-12-17 Werner Koch <wk@g10code.com>
+
+ * call-dirmngr.c (isvalid_status_cb, lookup_status_cb)
+ (run_command_status_cb): Return cancel status if gpgsm_status
+ returned an error.
+
+ * server.c (gpgsm_status, gpgsm_status2)
+ (gpgsm_status_with_err_code): Return an error code.
+ (gpgsm_status2): Always call va_end().
+
+2004-12-15 Werner Koch <wk@g10code.com>
+
+ * call-dirmngr.c (lookup_status_cb): Send progress messages
+ upstream.
+ (isvalid_status_cb): Ditto.
+ (gpgsm_dirmngr_isvalid): Put CTRL into status CB parameters.
+ (gpgsm_dirmngr_run_command, run_command_status_cb): Pass CTRL to
+ status callback and handle PROGRESS.
+
+ * misc.c (setup_pinentry_env) [W32]: Don't use it.
+
+ * gpgsm.c (main) [W32]: Init Pth because we need it for the socket
+ operations and to resolve libassuan symbols.
+ (run_protect_tool) [W32]: Disable it.
+
+ * Makefile.am (gpgsm_LDADD): Move LIBASSUAN_LIBS more to the end.
+
+2004-12-07 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (gpgsm_LDADD): Put libassuan before jnlib because
+ under W32 we need the w32 pth code from jnlib.
+
+ * misc.c (setup_pinentry_env) [W32]: Disabled.
+
+2004-12-06 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (run_protect_tool) [_WIN32]: Disabled.
+
+ * import.c (popen_protect_tool): Simplified by making use of
+ gnupg_spawn_process.
+ (parse_p12): Likewise, using gnupg_wait_process.
+ * export.c (popen_protect_tool): Ditto.
+ (export_p12): Ditto.
+
+ * keydb.c: Don't define DIRSEP_S here.
+
+2004-12-02 Werner Koch <wk@g10code.com>
+
+ * certchain.c (gpgsm_basic_cert_check): Dump certs with bad
+ signature for debugging.
+ (gpgsm_validate_chain): Ditto.
+
+2004-11-29 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (set_debug): Changed to use a globals DEBUG_LEVEL and
+ DEBUG_VALUE.
+ (main): Made DEBUG_LEVEL global and introduced DEBUG_VALUE. This
+ now allows to add debug flags on top of a debug-level setting.
+
+2004-11-23 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c: New option --prefer-system-dirmngr.
+ * call-dirmngr.c (start_dirmngr): Implement this option.
+
+2004-10-22 Werner Koch <wk@g10code.com>
+
+ * certreqgen.c (gpgsm_genkey): Remove the NEW from the certificate
+ request PEM header. This is according to the Sphinx standard.
+
+2004-10-08 Moritz Schulte <moritz@g10code.com>
+
+ * certchain.c (gpgsm_validate_chain): Do not use keydb_new() in
+ case the no_chain_validation-return-short-cut is used (fixes
+ memory leak).
+
+2004-10-04 Werner Koch <wk@g10code.com>
+
+ * misc.c (setup_pinentry_env): Try hard to set a default for GPG_TTY.
+
+2004-09-30 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c (i18n_init): Always use LC_ALL.
+
+ * certdump.c (gpgsm_format_name): Factored code out to ..
+ (gpgsm_format_name2): .. new.
+ (gpgsm_print_name): Factored code out to ..
+ (gpgsm_print_name2): .. new.
+ (print_dn_part): New arg TRANSLATE. Changed all callers.
+ (print_dn_parts): Ditto.
+ (gpgsm_format_keydesc): Do not translate the SUBJECT; we require
+ it to stay UTF-8 but we still want to filter out bad control
+ characters.
+
+ * Makefile.am: Adjusted for gettext 0.14.
+
+ * keylist.c (list_cert_colon): Make sure that the expired flag has
+ a higher precedence than the invalid flag.
+
+2004-09-29 Werner Koch <wk@g10code.com>
+
+ * import.c (parse_p12): Write an error status line for bad
+ passphrases. Add new arg CTRL and changed caller.
+ * export.c (export_p12): Likewise.
+
+2004-09-14 Werner Koch <wk@g10code.com>
+
+ * certchain.c (gpgsm_validate_chain): Give expired certificates a
+ higher error precedence and don't bother to check any CRL in that
+ case.
+
+2004-08-24 Werner Koch <wk@g10code.de>
+
+ * certlist.c: Fixed typo in ocsp OID.
+
+2004-08-18 Werner Koch <wk@g10code.de>
+
+ * certlist.c (gpgsm_cert_use_ocsp_p): New.
+ (cert_usage_p): Support it here.
+ * call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it here.
+
+2004-08-17 Marcus Brinkmann <marcus@g10code.de>
+
+ * import.c: Fix typo in last change.
+
+2004-08-17 Werner Koch <wk@g10code.de>
+
+ * import.c (check_and_store): Do a full validation if
+ --with-validation is set.
+
+ * certchain.c (gpgsm_basic_cert_check): Print more detailed error
+ messages.
+
+ * certcheck.c (do_encode_md): Partly support DSA. Add new arg
+ PKALGO. Changed all callers to pass it.
+ (pk_algo_from_sexp): New.
+
+2004-08-16 Werner Koch <wk@g10code.de>
+
+ * gpgsm.c: New option --fixed-passphrase.
+ * import.c (popen_protect_tool): Pass it to the protect-tool.
+
+ * server.c (cmd_encrypt): Use DEFAULT_RECPLIST and not recplist
+ for encrypt-to keys.
+
+2004-08-06 Werner Koch <wk@g10code.com>
+
+ * gpgsm.c: New option --with-ephemeral-keys.
+ * keylist.c (list_internal_keys): Set it here.
+ (list_cert_raw): And indicate those keys. Changed all our callers
+ to pass the new arg HD through.
+
+2004-07-23 Werner Koch <wk@g10code.de>
+
+ * certreqgen.c (proc_parameters): Do not allow key length below
+ 1024.
+
+2004-07-22 Werner Koch <wk@g10code.de>
+
+ * keylist.c (list_cert_raw): Print the keygrip.
+
+2004-07-20 Werner Koch <wk@gnupg.org>
+
+ * certchain.c (gpgsm_validate_chain): The trust check didn't
+ worked anymore, probably due to the changes at 2003-03-04. Fixed.
+
+2004-06-06 Werner Koch <wk@gnupg.org>
+
+ * certreqgen.c (get_parameter_uint, create_request): Create
+ an extension for key usage when requested.
+
+2004-05-12 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main): Install emergency_cleanup also as an atexit
+ handler.
+
+ * verify.c (gpgsm_verify): Removed the separate error code
+ handling for KSBA. We use shared error codes anyway.
+
+ * export.c (export_p12): Removed debugging code.
+
+ * encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.
+
+2004-05-11 Werner Koch <wk@gnupg.org>
+
+ * sign.c (gpgsm_sign): Include the error source in the final error
+ message.
+ * decrypt.c (gpgsm_decrypt): Ditto.
+
+ * fingerprint.c (gpgsm_get_key_algo_info): New.
+ * sign.c (gpgsm_sign): Don't assume RSA in the status line.
+ * keylist.c (list_cert_colon): Really print the algorithm and key
+ length.
+ (list_cert_raw, list_cert_std): Ditto.
+ (list_cert_colon): Reorganized to be able to tell whether a root
+ certificate is trusted.
+
+ * gpgsm.c: New option --debug-allow-core-dump.
+
+ * gpgsm.h (opt): Add member CONFIG_FILENAME.
+ * gpgsm.c (main): Use it here instead of the local var.
+
+ * server.c (gpgsm_server): Print some additional information with
+ the hello in verbose mode.
+
+2004-04-30 Werner Koch <wk@gnupg.org>
+
+ * import.c (check_and_store): Do not update the stats for hidden
+ imports of issuer certs.
+ (popen_protect_tool): Request statusmessages from the protect-tool.
+ (parse_p12): Detect status messages. Add new arg STATS and update them.
+ (print_imported_summary): Include secret key stats.
+
+2004-04-28 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c: New command --keydb-clear-some-cert-flags.
+ * keydb.c (keydb_clear_some_cert_flags): New.
+ (keydb_update_keyblock, keydb_set_flags): Change error code
+ CONFLICT to NOT_LOCKED.
+
+2004-04-26 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main) <gpgconf>: Do not use /dev/null as default config
+ filename.
+
+ * call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt)
+ (gpgsm_agent_genkey, gpgsm_agent_istrusted)
+ (gpgsm_agent_marktrusted, gpgsm_agent_havekey)
+ (gpgsm_agent_passwd): Add new arg CTRL and changed all callers.
+ (start_agent): New arg CTRL. Send progress item when starting a
+ new agent.
+ * sign.c (gpgsm_get_default_cert, get_default_signer): New arg
+ CTRL to be passed down to the agent function.
+ * decrypt.c (prepare_decryption): Ditto.
+ * certreqgen.c (proc_parameters, read_parameters): Ditto.
+ * certcheck.c (gpgsm_create_cms_signature): Ditto.
+
+2004-04-23 Werner Koch <wk@gnupg.org>
+
+ * keydb.c (keydb_add_resource): Try to compress the file on init.
+
+ * keylist.c (oidtranstbl): New. OIDs collected from several sources.
+ (print_name_raw, print_names_raw, list_cert_raw): New.
+ (gpgsm_list_keys): Check the dump mode and pass it down as
+ necessary.
+
+2004-04-22 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main): New commands --dump-keys, --dump-external-keys,
+ --dump-secret-keys.
+
+2004-04-13 Werner Koch <wk@gnupg.org>
+
+ * misc.c (setup_pinentry_env): New.
+ * import.c (popen_protect_tool): Call it.
+ * export.c (popen_protect_tool): Call it.
+
+2004-04-08 Werner Koch <wk@gnupg.org>
+
+ * decrypt.c (gpgsm_decrypt): Return GPG_ERR_NO_DATA if it is not a
+ encrypted message.
+
+2004-04-07 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c: New option --force-crl-refresh.
+ * call-dirmngr.c (gpgsm_dirmngr_isvalid): Pass option to dirmngr.
+
+2004-04-05 Werner Koch <wk@gnupg.org>
+
+ * server.c (get_status_string): Add STATUS_NEWSIG.
+ * verify.c (gpgsm_verify): Print STATUS_NEWSIG for each signature.
+
+ * certchain.c (gpgsm_validate_chain) <gpgsm_cert_use_cer_p>: Do
+ not just warn if a cert is not suitable; bail out immediately.
+
+2004-04-01 Werner Koch <wk@gnupg.org>
+
+ * call-dirmngr.c (isvalid_status_cb): New.
+ (unhexify_fpr): New. Taken from ../g10/call-agent.c
+ (gpgsm_dirmngr_isvalid): Add new arg CTRL, changed caller to pass
+ it thru. Detect need to check the respondert cert and do that.
+ * certchain.c (gpgsm_validate_chain): Add new arg FLAGS. Changed
+ all callers.
+
+2004-03-24 Werner Koch <wk@gnupg.org>
+
+ * sign.c (gpgsm_sign): Include a short list of capabilities.
+
+2004-03-17 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main) <gpgconf>: Fixed default value quoting.
+
+2004-03-16 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main): Implemented --gpgconf-list.
+
+2004-03-15 Werner Koch <wk@gnupg.org>
+
+ * keylist.c (list_cert_colon): Hack to set the expired flag.
+
+2004-03-09 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main): Correctly intitialze USE_OCSP flag.
+
+ * keydb.c (keydb_delete): s/GPG_ERR_CONFLICT/GPG_ERR_NOT_LOCKED/
+
+2004-03-04 Werner Koch <wk@gnupg.org>
+
+ * call-dirmngr.c (gpgsm_dirmngr_isvalid): New arg ISSUER_CERT.
+
+ * certchain.c (is_cert_still_valid): New. Code moved from ...
+ (gpgsm_validate_chain): ... here because we now need to check at
+ two places and at a later stage, so that we can pass the issuer
+ cert down to the dirmngr.
+
+2004-03-03 Werner Koch <wk@gnupg.org>
+
+ * call-agent.c (start_agent): Replaced pinentry setup code by a
+ call to a new common function.
+
+ * certdump.c (gpgsm_format_keydesc): Make sure the string is
+ returned as utf-8.
+
+ * export.c (gpgsm_export): Make sure that we don't export more
+ than one certificate.
+
+2004-03-02 Werner Koch <wk@gnupg.org>
+
+ * export.c (create_duptable, destroy_duptable)
+ (insert_duptable): New.
+ (gpgsm_export): Avoid duplicates.
+
+2004-02-26 Werner Koch <wk@gnupg.org>
+
+ * certchain.c (compare_certs): New.
+ (gpgsm_validate_chain): Fixed infinite certificate checks after
+ bad signatures.
+
+2004-02-24 Werner Koch <wk@gnupg.org>
+
+ * keylist.c (list_cert_colon): Print the fingerprint as the
+ cert-id for root certificates.
+
+2004-02-21 Werner Koch <wk@gnupg.org>
+
+ * keylist.c (list_internal_keys): Return error codes.
+ (list_external_keys, gpgsm_list_keys): Ditto.
+ * server.c (do_listkeys): Ditto.
+
+ * gpgsm.c (main): Display a key description for --passwd.
+ * call-agent.c (gpgsm_agent_passwd): New arg DESC.
+
+2004-02-20 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main): New option --debug-ignore-expiration.
+ * certchain.c (gpgsm_validate_chain): Use it here.
+
+ * certlist.c (cert_usage_p): Apply extKeyUsage.
+
+2004-02-19 Werner Koch <wk@gnupg.org>
+
+ * export.c (export_p12, popen_protect_tool)
+ (gpgsm_p12_export): New.
+ * gpgsm.c (main): New command --export-secret-key-p12.
+
+2004-02-18 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (set_debug): Set the new --debug-level flags.
+ (main): New option --gpgconf-list.
+ (main): Do not setup -u and -r keys when not required.
+ (main): Setup the used character set.
+
+ * keydb.c (keydb_add_resource): Print a hint to start the
+ gpg-agent.
+
+2004-02-17 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c: Fixed value parsing for --with-validation.
+ * call-agent.c (start_agent): Ignore an empty GPG_AGENT_INFO.
+ * call-dirmngr.c (start_dirmngr): Likewise for DIRMNGR_INFO.
+
+ * gpgsm.c: New option --with-md5-fingerprint.
+ * keylist.c (list_cert_std): Print MD5 fpr.
+
+ * gpgsm.c: New options --with-validation.
+ * server.c (option_handler): New option "with-validation".
+ * keylist.c (list_cert_std, list_internal_keys): New args CTRL and
+ WITH_VALIDATION. Changed callers to set it.
+ (list_external_cb, list_external_keys): Pass CTRL to the callback.
+ (list_cert_colon): Add arg CTRL. Check validation if requested.
+ * certchain.c (unknown_criticals, allowed_ca, check_cert_policy)
+ (gpgsm_validate_chain): New args LISTMODE and FP.
+ (do_list): New helper for info output.
+ (find_up): New arg FIND_NEXT.
+ (gpgsm_validate_chain): After a bad signature try again with other
+ CA certificates.
+
+ * import.c (print_imported_status): New arg NEW_CERT. Print
+ additional STATUS_IMPORT_OK becuase that is what gpgme expects.
+ (check_and_store): Always call above function after import.
+ * server.c (get_status_string): Added STATUS_IMPORT_OK.
+
+2004-02-13 Werner Koch <wk@gnupg.org>
+
+ * certcheck.c (gpgsm_create_cms_signature): Format a description
+ for use by the pinentry.
+ * decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP.
+ * certdump.c (format_name_cookie, format_name_writer)
+ (gpgsm_format_name): New.
+ (gpgsm_format_serial): New.
+ (gpgsm_format_keydesc): New.
+ * call-agent.c (gpgsm_agent_pksign): New arg DESC.
+ (gpgsm_agent_pkdecrypt): Ditto.
+
+ * encrypt.c (init_dek): Check for too weak algorithms.
+
+ * import.c (parse_p12, popen_protect_tool): New.
+
+ * base64.c (gpgsm_create_reader): New arg ALLOW_MULTI_PEM.
+ Changed all callers.
+ (base64_reader_cb): Handle it here.
+ (gpgsm_reader_eof_seen): New.
+ (base64_reader_cb): Set a flag for EOF.
+ (simple_reader_cb): Ditto.
+
+2004-02-12 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.h, gpgsm.c: New option --protect-tool-program.
+ * gpgsm.c (run_protect_tool): Use it.
+
+2004-02-11 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (AM_CPPFLAGS): Pass directory constants via -D; this
+ will allow to override directory names at make time.
+
+2004-02-02 Werner Koch <wk@gnupg.org>
+
+ * import.c (check_and_store): Import certificates even with
+ missing issuer's cert. Fixed an "depending on the verbose
+ setting" bug.
+
+ * certchain.c (gpgsm_validate_chain): Mark revoked certs in the
+ keybox.
+
+ * keylist.c (list_cert_colon): New arg VALIDITY; use it to print a
+ revoked flag.
+ (list_internal_keys): Retrieve validity flag.
+ (list_external_cb): Pass 0 as validity flag.
+ * keydb.c (keydb_get_flags, keydb_set_flags): New.
+ (keydb_set_cert_flags): New.
+ (lock_all): Return a proper error code.
+ (keydb_lock): New.
+ (keydb_delete): Don't lock but check that it has been locked.
+ (keydb_update_keyblock): Ditto.
+ * delete.c (delete_one): Take a lock.
+
+2004-01-30 Werner Koch <wk@gnupg.org>
+
+ * certchain.c (check_cert_policy): Fixed read error checking.
+ (check_cert_policy): With no critical policies issue only a
+ warning if the policy file does not exists.
+
+ * sign.c (add_certificate_list): Decrement N for the first cert.
+
+2004-01-29 Werner Koch <wk@gnupg.org>
+
+ * certdump.c (parse_dn_part): Map common OIDs to human readable
+ labels. Make sure that a value won't get truncated if it includes
+ a Nul.
+
+2004-01-28 Werner Koch <wk@gnupg.org>
+
+ * certchain.c (gpgsm_validate_chain): Changed the message printed
+ for an untrusted root certificate.
+
+2004-01-27 Werner Koch <wk@gnupg.org>
+
+ * certdump.c (parse_dn_part): Pretty print the nameDistinguisher OID.
+ (print_dn_part): Do not delimit multiple RDN by " + ". Handle
+ multi-valued RDNs in a special way, i.e. in the order specified by
+ the certificate.
+ (print_dn_parts): Simplified.
+
+2004-01-16 Werner Koch <wk@gnupg.org>
+
+ * sign.c (gpgsm_sign): Print an error message on all failures.
+ * decrypt.c (gpgsm_decrypt): Ditto.
+
+2003-12-17 Werner Koch <wk@gnupg.org>
+
+ * server.c (gpgsm_server): Add arg DEFAULT_RECPLIST.
+ (cmd_encrypt): Add all enrypt-to marked certs to the list.
+ * encrypt.c (gpgsm_encrypt): Check that real recipients are
+ available.
+ * gpgsm.c (main): Make the --encrypt-to and --no-encrypt-to
+ options work. Pass the list of recients to gpgsm_server.
+ * gpgsm.h (certlist_s): Add field IS_ENCRYPT_TO.
+ (opt): Add NO_ENCRYPT_TO.
+ * certlist.c (gpgsm_add_to_certlist): New arg IS_ENCRYPT_TO.
+ Changed all callers and ignore duplicate entries.
+ (is_cert_in_certlist): New.
+ (gpgsm_add_cert_to_certlist): New.
+
+ * certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul.
+ (gpgsm_dump_serial): Ditto.
+
+ * decrypt.c (gpgsm_decrypt): Replaced ERR by RC.
+
+2003-12-16 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main): Set the prefixes for assuan logging.
+
+ * sign.c (gpgsm_sign): Add validation checks for the default
+ certificate.
+
+ * gpgsm.c: Add -k as alias for --list-keys and -K for
+ --list-secret-keys.
+
+2003-12-15 Werner Koch <wk@gnupg.org>
+
+ * encrypt.c (init_dek): Use gry_create_nonce for the IV; there is
+ not need for real strong random here and it even better protect
+ the random bits used for the key.
+
+2003-12-01 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c, gpgsm.h: New options --{enable,disable}-ocsp.
+ (gpgsm_init_default_ctrl): Set USE_OCSP to the default value.
+ * certchain.c (gpgsm_validate_chain): Handle USE_OCSP.
+ * call-dirmngr.c (gpgsm_dirmngr_isvalid): Add arg USE_OCSP and
+ proceed accordingly.
+
+2003-11-19 Werner Koch <wk@gnupg.org>
+
+ * verify.c (gpgsm_verify): Use "0" instead of an empty string for
+ the VALIDSIG status.
+
+2003-11-18 Werner Koch <wk@gnupg.org>
+
+ * verify.c (gpgsm_verify): Fixed for changes API of gcry_md_info.
+
+ * certchain.c (unknown_criticals): Fixed an error code test.
+
+2003-11-12 Werner Koch <wk@gnupg.org>
+
+ Adjusted for API changes in Libksba.
+
+2003-10-31 Werner Koch <wk@gnupg.org>
+
+ * certchain.c (gpgsm_validate_chain): Changed to use ksba_isotime_t.
+ * verify.c (strtimestamp_r, gpgsm_verify): Ditto.
+ * sign.c (gpgsm_sign): Ditto.
+ * keylist.c (print_time, list_cert_std, list_cert_colon): Ditto.
+ * certdump.c (gpgsm_print_time, gpgsm_dump_time, gpgsm_dump_cert):
+ Ditto.
+
+2003-10-25 Werner Koch <wk@gnupg.org>
+
+ * certreqgen.c (read_parameters): Fixed faulty of !spacep().
+
+2003-08-20 Marcus Brinkmann <marcus@g10code.de>
+
+ * encrypt.c (encode_session_key): Allocate enough space. Cast key
+ byte to unsigned char to prevent sign extension.
+ (encrypt_dek): Check return value before error.
+
+2003-08-14 Timo Schulz <twoaday@freakmail.de>
+
+ * encrypt.c (encode_session_key): Use new Libgcrypt interface.
+
+2003-07-31 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (gpgsm_LDADD): Added INTLLIBS.
+
+2003-07-29 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main): Add secmem features and set the random seed file.
+ (gpgsm_exit): Update the random seed file and enable debug output.
+
+2003-07-27 Werner Koch <wk@gnupg.org>
+
+ Adjusted for gcry_mpi_print and gcry_mpi_scan API change.
+
+2003-06-24 Werner Koch <wk@gnupg.org>
+
+ * server.c (gpgsm_status_with_err_code): New.
+ * verify.c (gpgsm_verify): Use it here instead of the old
+ tokenizing version.
+
+ * verify.c (strtimestamp): Renamed to strtimestamp_r
+
+ Adjusted for changes in the libgcrypt API. Some more fixes for the
+ libgpg-error stuff.
+
+2003-06-04 Werner Koch <wk@gnupg.org>
+
+ * call-agent.c (init_membuf,put_membuf,get_membuf): Removed.
+ Include new membuf header and changed used type.
+
+ Renamed error codes from INVALID to INV and removed _ERROR suffixes.
+
+2003-06-03 Werner Koch <wk@gnupg.org>
+
+ Changed all error codes in all files to the new libgpg-error scheme.
+
+ * gpgsm.h: Include gpg-error.h .
+ * Makefile.am: Link with libgpg-error.
+
+2003-04-29 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am: Use libassuan. Don't override LDFLAGS anymore.
+ * server.c (register_commands): Adjust for new Assuan semantics.
+
+2002-12-03 Werner Koch <wk@gnupg.org>
+
+ * call-agent.c (gpgsm_agent_passwd): New.
+ * gpgsm.c (main): New command --passwd and --call-protect-tool
+ (run_protect_tool): New.
+
+2002-11-25 Werner Koch <wk@gnupg.org>
+
+ * verify.c (gpgsm_verify): Handle content-type attribute.
+
+2002-11-13 Werner Koch <wk@gnupg.org>
+
+ * call-agent.c (start_agent): Try to use $GPG_TTY instead of
+ ttyname. Changed ttyname to test stdin becuase it can be assumed
+ that output redirection is more common that input redirection.
+
+2002-11-12 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c: New command --call-dirmngr.
+ * call-dirmngr.c (gpgsm_dirmngr_run_command)
+ (run_command_inq_cb,run_command_cb)
+ (run_command_status_cb): New.
+
+2002-11-11 Werner Koch <wk@gnupg.org>
+
+ * certcheck.c (gpgsm_check_cms_signature): Don't double free
+ s_sig but free s_pkey at leave.
+
+2002-11-10 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c: Removed duplicate --list-secret-key entry.
+
+2002-09-19 Werner Koch <wk@gnupg.org>
+
+ * certcheck.c (gpgsm_check_cert_sig): Add cert hash debugging.
+
+ * certchain.c (find_up): Print info when the cert was not found
+ by the autorithyKeyIdentifier.
+
+2002-09-03 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main): Disable the internal libgcrypt locking.
+
+2002-08-21 Werner Koch <wk@gnupg.org>
+
+ * import.c (print_imported_summary): Cleaned up. Print new
+ not_imported value.
+ (check_and_store): Update non_imported counter.
+ (print_import_problem): New.
+ (check_and_store): Print error status message.
+ * server.c (get_status_string): Added STATUS_IMPORT_PROBLEM.
+
+2002-08-20 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main): Use the log file only in server mode.
+
+ * import.c (print_imported_summary): New.
+ (check_and_store): Update the counters, take new argument.
+ (import_one): Factored out core of gpgsm_import.
+ (gpgsm_import): Print counters.
+ (gpgsm_import_files): New.
+ * gpgsm.c (main): Use the new function for import.
+
+2002-08-19 Werner Koch <wk@gnupg.org>
+
+ * decrypt.c (gpgsm_decrypt): Return a better error status token.
+ * verify.c (gpgsm_verify): Don't error on messages with no signing
+ time or no message digest. This is only the case for messages
+ without any signed attributes.
+
+2002-08-16 Werner Koch <wk@gnupg.org>
+
+ * certpath.c: Renamed to ..
+ * certchain.c: this. Renamed all all other usages of "path" in the
+ context of certificates to "chain".
+
+ * call-agent.c (learn_cb): Special treatment when the issuer
+ certificate is missing.
+
+2002-08-10 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (INCLUDES): Add definition for localedir.
+
+ * keylist.c (list_cert_colon): Print the short fingerprint in the
+ key ID field.
+ * fingerprint.c (gpgsm_get_short_fingerprint): New.
+ * verify.c (gpgsm_verify): Print more verbose info for a good
+ signature.
+
+2002-08-09 Werner Koch <wk@gnupg.org>
+
+ * decrypt.c (prepare_decryption): Hack to detected already
+ unpkcsedone keys.
+
+ * gpgsm.c (emergency_cleanup): New.
+ (main): Initialize the signal handler.
+
+ * sign.c (gpgsm_sign): Reset the hash context for subsequent
+ signers and release it at the end.
+
+2002-08-05 Werner Koch <wk@gnupg.org>
+
+ * server.c (cmd_signer): New command "SIGNER"
+ (register_commands): Register it.
+ (cmd_sign): Pass the signer list to gpgsm_sign.
+ * certlist.c (gpgsm_add_to_certlist): Add SECRET argument, check
+ for secret key if set and changed all callers.
+ * sign.c (gpgsm_sign): New argument SIGNERLIST and implemt
+ multiple signers.
+ * gpgsm.c (main): Support more than one -u.
+
+ * server.c (cmd_recipient): Return reason code 1 for No_Public_Key
+ which is actually what gets returned from add_to_certlist.
+
+2002-07-26 Werner Koch <wk@gnupg.org>
+
+ * certcheck.c (gpgsm_check_cert_sig): Implement proper cleanup.
+ (gpgsm_check_cms_signature): Ditto.
+
+2002-07-22 Werner Koch <wk@gnupg.org>
+
+ * keydb.c (keydb_add_resource): Register a lock file.
+ (lock_all, unlock_all): Implemented.
+
+ * delete.c: New.
+ * gpgsm.c: Made --delete-key work.
+ * server.c (cmd_delkeys): New.
+ (register_commands): New command DELKEYS.
+
+ * decrypt.c (gpgsm_decrypt): Print a convenience note when RC2 is
+ used and a STATUS_ERROR with the algorithm oid.
+
+2002-07-03 Werner Koch <wk@gnupg.org>
+
+ * server.c (gpgsm_status2): Insert a blank between all optional
+ arguments when using assuan.
+ * server.c (cmd_recipient): No more need for extra blank in constants.
+ * import.c (print_imported_status): Ditto.
+ * gpgsm.c (main): Ditto.
+
+2002-07-02 Werner Koch <wk@gnupg.org>
+
+ * verify.c (gpgsm_verify): Extend the STATUS_BADSIG line with
+ the fingerprint.
+
+ * certpath.c (check_cert_policy): Don't use log_error to print a
+ warning.
+
+ * keydb.c (keydb_store_cert): Add optional ar EXISTED and changed
+ all callers.
+ * call-agent.c (learn_cb): Print info message only for real imports.
+
+ * import.c (gpgsm_import): Moved duplicated code to ...
+ (check_and_store): new function. Added magic to import the entire
+ chain. Print status only for real imports and moved printing code
+ to ..
+ (print_imported_status): New.
+
+ * call-dirmngr.c (gpgsm_dirmngr_isvalid): print status of dirmngr
+ call in very verbose mode.
+
+ * gpgsm.c (main): Use the same error codes for STATUS_INV_RECP as
+ with the server mode.
+
+2002-06-29 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c: New option --auto-issuer-key-retrieve.
+ * certpath.c (find_up): Try to retrieve an issuer key from an
+ external source and from the ephemeral key DB.
+ (find_up_store_certs_cb): New.
+
+ * keydb.c (keydb_set_ephemeral): Does now return the old
+ state. Call the backend only when required.
+
+ * call-dirmngr.c (start_dirmngr): Use GNUPG_DEFAULT_DIRMNGR.
+ (lookup_status_cb): Issue status only when CTRL is not NULL.
+ (gpgsm_dirmngr_lookup): Document that CTRL is optional.
+
+ * call-agent.c (start_agent): Use GNUPG_DEFAULT_AGENT.
+
+2002-06-28 Werner Koch <wk@gnupg.org>
+
+ * server.c (cmd_recipient): Add more reason codes.
+
+2002-06-27 Werner Koch <wk@gnupg.org>
+
+ * certpath.c (gpgsm_basic_cert_check): Use
+ --debug-no-path-validation to also bypass this basic check.
+
+ * gpgsm.c (main): Use GNUPG_DEFAULT_HOMEDIR constant.
+
+ * call-agent.c (start_agent): Create and pass the list of FD to
+ keep in the child to assuan.
+ * call-dirmngr.c (start_dirmngr): Ditto.
+
+2002-06-26 Werner Koch <wk@gnupg.org>
+
+ * import.c (gpgsm_import): Print an STATUS_IMPORTED.
+
+ * gpgsm.c: --debug-no-path-validation does not take an argument.
+
+2002-06-25 Werner Koch <wk@gnupg.org>
+
+ * certdump.c (print_dn_part): Always print a leading slash,
+ removed NEED_DELIM arg and changed caller.
+
+ * export.c (gpgsm_export): Print LFs to FP and not stdout.
+ (print_short_info): Ditto. Make use of gpgsm_print_name.
+
+ * server.c (cmd_export): Use output-fd instead of data lines; this
+ was actually the specified way.
+
+2002-06-24 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c: Removed duped help entry for --list-keys.
+
+ * gpgsm.c, gpgsm.h: New option --debug-no-path-validation.
+
+ * certpath.c (gpgsm_validate_path): Use it here instead of the
+ debug flag hack.
+
+ * certpath.c (check_cert_policy): Return No_Policy_Match if the
+ policy file could not be opened.
+
+2002-06-20 Werner Koch <wk@gnupg.org>
+
+ * certlist.c (gpgsm_add_to_certlist): Fixed locating of a
+ certificate with the required key usage.
+
+ * gpgsm.c (main): Fixed a segv when using --outfile without an
+ argument.
+
+ * keylist.c (print_capabilities): Also check for non-repudiation
+ and data encipherment.
+ * certlist.c (cert_usage_p): Test for signing and encryption was
+ swapped. Add a case for certification usage, handle
+ non-repudiation and data encipherment.
+ (gpgsm_cert_use_cert_p): New.
+ (gpgsm_add_to_certlist): Added a CTRL argument and changed all
+ callers to pass it.
+ * certpath.c (gpgsm_validate_path): Use it here to print a status
+ message. Added a CTRL argument and changed all callers to pass it.
+ * decrypt.c (gpgsm_decrypt): Print a status message for wrong key
+ usage.
+ * verify.c (gpgsm_verify): Ditto.
+ * keydb.c (classify_user_id): Allow a colon delimited fingerprint.
+
+2002-06-19 Werner Koch <wk@gnupg.org>
+
+ * call-agent.c (learn_cb): Use log_info instead of log_error on
+ successful import.
+
+ * keydb.c (keydb_set_ephemeral): New.
+ (keydb_store_cert): New are ephemeral, changed all callers.
+ * keylist.c (list_external_cb): Store cert as ephemeral.
+ * export.c (gpgsm_export): Kludge to export epehmeral certificates.
+
+ * gpgsm.c (main): New command --list-external-keys.
+
+2002-06-17 Werner Koch <wk@gnupg.org>
+
+ * certreqgen.c (read_parameters): Improved error handling.
+ (gpgsm_genkey): Print error message.
+
+2002-06-13 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main): New option --log-file.
+
+2002-06-12 Werner Koch <wk@gnupg.org>
+
+ * call-dirmngr.c (lookup_status_cb): New.
+ (gpgsm_dirmngr_lookup): Use the status CB. Add new arg CTRL and
+ changed caller to pass it.
+
+ * gpgsm.c (open_fwrite): New.
+ (main): Allow --output for --verify.
+
+ * sign.c (hash_and_copy_data): New.
+ (gpgsm_sign): Implemented normal (non-detached) signatures.
+ * gpgsm.c (main): Ditto.
+
+ * certpath.c (gpgsm_validate_path): Special error handling for
+ no policy match.
+
+2002-06-10 Werner Koch <wk@gnupg.org>
+
+ * server.c (get_status_string): Add STATUS_ERROR.
+
+ * certpath.c (gpgsm_validate_path): Tweaked the error checking to
+ return error codes in a more sensitive way.
+ * verify.c (gpgsm_verify): Send status TRUST_NEVER also for a bad
+ CA certificate and when the certificate has been revoked. Issue
+ TRUST_FULLY even when the cert has expired. Append an error token
+ to these status lines. Issue the new generic error status when a
+ cert was not found and when leaving the function.
+
+2002-06-04 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main): New command --list-sigs
+ * keylist.c (list_cert_std): New. Use it whenever colon mode is
+ not used.
+ (list_cert_chain): New.
+
+2002-05-31 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main): Don't print the "go ahead" message for an
+ invalid command.
+
+2002-05-23 Werner Koch <wk@gnupg.org>
+
+ * import.c (gpgsm_import): Add error messages.
+
+2002-05-21 Werner Koch <wk@gnupg.org>
+
+ * keylist.c (list_internal_keys): Renamed from gpgsm_list_keys.
+ (list_external_keys): New.
+ (gpgsm_list_keys): Dispatcher for above.
+ * call-dirmngr.c (lookup_cb,pattern_from_strlist)
+ (gpgsm_dirmngr_lookup): New.
+ * server.c (option_handler): Handle new option --list-mode.
+ (do_listkeys): Handle options and actually use the mode argument.
+ (get_status_string): New code TRUNCATED.
+
+ * import.c (gpgsm_import): Try to identify the type of input and
+ handle certs-only messages.
+
+2002-05-14 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c: New option --faked-system-time
+ * sign.c (gpgsm_sign): And use it here.
+ * certpath.c (gpgsm_validate_path): Ditto.
+
+2002-05-03 Werner Koch <wk@gnupg.org>
+
+ * certpath.c (gpgsm_validate_path): Added EXPTIME arg and changed
+ all callers.
+ * verify.c (gpgsm_verify): Tweaked usage of log_debug and
+ log_error. Return EXPSIG status and add expiretime to VALIDSIG.
+
+2002-04-26 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.h (DBG_AGENT,DBG_AGENT_VALUE): Replaced by DBG_ASSUAN_*.
+ Changed all users.
+
+ * call-agent.c (start_agent): Be more silent without -v.
+ * call-dirmngr.c (start_dirmngr): Ditto.
+
+2002-04-25 Werner Koch <wk@gnupg.org>
+
+ * call-agent.c (start_agent): Make copies of old locales and check
+ for setlocale.
+
+2002-04-25 Marcus Brinkmann <marcus@g10code.de>
+
+ * call-agent.c (start_agent): Fix error handling logic so the
+ locale is always correctly reset.
+
+2002-04-25 Marcus Brinkmann <marcus@g10code.de>
+
+ * server.c (option_handler): Accept display, ttyname, ttytype,
+ lc_ctype and lc_messages options.
+ * gpgsm.c (main): Allocate memory for these options.
+ * gpgsm.h (struct opt): Make corresponding members non-const.
+
+2002-04-24 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgsm.h (struct opt): New members display, ttyname, ttytype,
+ lc_ctype, lc_messages.
+ * gpgsm.c (enum cmd_and_opt_values): New members oDisplay,
+ oTTYname, oTTYtype, oLCctype, oLCmessages.
+ (opts): New entries for these options.
+ (main): Handle these new options.
+ * call-agent.c (start_agent): Set the various display and tty
+ parameter after resetting.
+
+2002-04-18 Werner Koch <wk@gnupg.org>
+
+ * certreqgen.c (gpgsm_genkey): Write status output on success.
+
+2002-04-15 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main): Check ksba version.
+
+ * certpath.c (find_up): New to use the authorithKeyIdentifier.
+ Use it in all other functions to locate the signing cert..
+
+2002-04-11 Werner Koch <wk@gnupg.org>
+
+ * certlist.c (cert_usable_p): New.
+ (gpgsm_cert_use_sign_p,gpgsm_cert_use_encrypt_p): New.
+ (gpgsm_cert_use_verify_p,gpgsm_cert_use_decrypt_p): New.
+ (gpgsm_add_to_certlist): Check the key usage.
+ * sign.c (gpgsm_sign): Ditto.
+ * verify.c (gpgsm_verify): Print a message wehn an unsuitable
+ certificate was used.
+ * decrypt.c (gpgsm_decrypt): Ditto
+ * keylist.c (print_capabilities): Determine values from the cert.
+
+2002-03-28 Werner Koch <wk@gnupg.org>
+
+ * keylist.c (list_cert_colon): Fixed listing of crt record; the
+ issuer is not at the right place. Print a chainingID.
+ * certpath.c (gpgsm_walk_cert_chain): Be a bit more silent on
+ common errors.
+
+2002-03-21 Werner Koch <wk@gnupg.org>
+
+ * export.c: New.
+ * gpgsm.c: Add command --export.
+ * server.c (cmd_export): New.
+
+2002-03-13 Werner Koch <wk@gnupg.org>
+
+ * decrypt.c (gpgsm_decrypt): Allow multiple recipients.
+
+2002-03-12 Werner Koch <wk@gnupg.org>
+
+ * certpath.c (check_cert_policy): Print the policy list.
+
+ * verify.c (gpgsm_verify): Detect certs-only message.
+
+2002-03-11 Werner Koch <wk@gnupg.org>
+
+ * import.c (gpgsm_import): Print a notice about imported certificates
+ when in verbose mode.
+
+ * gpgsm.c (main): Print INV_RECP status.
+ * server.c (cmd_recipient): Ditto.
+
+ * server.c (gpgsm_status2): New. Allows for a list of strings.
+ (gpgsm_status): Divert to gpgsm_status2.
+
+ * encrypt.c (gpgsm_encrypt): Don't use a default key when no
+ recipients are given. Print a NO_RECP status.
+
+2002-03-06 Werner Koch <wk@gnupg.org>
+
+ * server.c (cmd_listkeys, cmd_listsecretkeys): Divert to
+ (do_listkeys): new. Add pattern parsing.
+
+ * keylist.c (gpgsm_list_keys): Handle selection pattern.
+
+ * gpgsm.c: New command --learn-card
+ * call-agent.c (learn_cb,gpgsm_agent_learn): New.
+
+ * gpgsm.c (main): Print error messages for non-implemented commands.
+
+ * base64.c (base64_reader_cb): Use case insensitive compare of the
+ Content-Type string to detect plain base-64.
+
+2002-03-05 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c, gpgsm.h: Add local_user.
+ * sign.c (gpgsm_get_default_cert): New.
+ (get_default_signer): Use the new function if local_user is not
+ set otherwise used that value.
+ * encrypt.c (get_default_recipient): Removed.
+ (gpgsm_encrypt): Use gpgsm_get_default_cert.
+
+ * verify.c (gpgsm_verify): Better error text for a bad signature
+ found by comparing the hashs.
+
+2002-02-27 Werner Koch <wk@gnupg.org>
+
+ * call-dirmngr.c, call-agent.c: Add 2 more arguments to all uses
+ of assuan_transact.
+
+2002-02-25 Werner Koch <wk@gnupg.org>
+
+ * server.c (option_handler): Allow to use -2 for "send all certs
+ except the root cert".
+ * sign.c (add_certificate_list): Implement it here.
+ * certpath.c (gpgsm_is_root_cert): New.
+
+2002-02-19 Werner Koch <wk@gnupg.org>
+
+ * certpath.c (check_cert_policy): New.
+ (gpgsm_validate_path): And call it from here.
+ * gpgsm.c (main): New options --policy-file,
+ --disable-policy-checks and --enable-policy-checks.
+ * gpgsm.h (opt): Added policy_file, no_policy_checks.
+
+2002-02-18 Werner Koch <wk@gnupg.org>
+
+ * certpath.c (gpgsm_validate_path): Ask the agent to add the
+ certificate into the trusted list.
+ * call-agent.c (gpgsm_agent_marktrusted): New.
+
+2002-02-07 Werner Koch <wk@gnupg.org>
+
+ * certlist.c (gpgsm_add_to_certlist): Check that the specified
+ name identifies a certificate unambiguously.
+ (gpgsm_find_cert): Ditto.
+
+ * server.c (cmd_listkeys): Check that the data stream is available.
+ (cmd_listsecretkeys): Ditto.
+ (has_option): New.
+ (cmd_sign): Fix ambiguousity in option recognition.
+
+ * gpgsm.c (main): Enable --logger-fd.
+
+ * encrypt.c (gpgsm_encrypt): Increased buffer size for better
+ performance.
+
+ * call-agent.c (gpgsm_agent_pksign): Check the S-Exp received from
+ the agent.
+
+ * keylist.c (list_cert_colon): Filter out control characters.
+
+2002-02-06 Werner Koch <wk@gnupg.org>
+
+ * decrypt.c (gpgsm_decrypt): Bail out after an decryption error.
+
+ * server.c (reset_notify): Close input and output FDs.
+ (cmd_encrypt,cmd_decrypt,cmd_verify,cmd_sign.cmd_import)
+ (cmd_genkey): Close the FDs and release the recipient list even in
+ the error case.
+
+2002-02-01 Marcus Brinkmann <marcus@g10code.de>
+
+ * sign.c (gpgsm_sign): Do not release certificate twice.
+
+2002-01-29 Werner Koch <wk@gnupg.org>
+
+ * call-agent.c (gpgsm_agent_havekey): New.
+ * keylist.c (list_cert_colon): New arg HAVE_SECRET, print "crs"
+ when we know that the secret key is available.
+ (gpgsm_list_keys): New arg MODE, check whether a secret key is
+ available. Changed all callers.
+ * gpgsm.c (main): New command --list-secret-keys.
+ * server.c (cmd_listsecretkeys): New.
+ (cmd_listkeys): Return secret keys with "crs" record.
+
+2002-01-28 Werner Koch <wk@gnupg.org>
+
+ * certreqgen.c (create_request): Store the email address in the req.
+
+2002-01-25 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main): Disable core dumps.
+
+ * sign.c (add_certificate_list): New.
+ (gpgsm_sign): Add the certificates to the CMS object.
+ * certpath.c (gpgsm_walk_cert_chain): New.
+ * gpgsm.h (server_control_s): Add included_certs.
+ * gpgsm.c: Add option --include-certs.
+ (gpgsm_init_default_ctrl): New.
+ (main): Call it.
+ * server.c (gpgsm_server): Ditto.
+ (option_handler): Support --include-certs.
+
+2002-01-23 Werner Koch <wk@gnupg.org>
+
+ * certpath.c (gpgsm_validate_path): Print the DN of a missing issuer.
+ * certdump.c (gpgsm_dump_string): New.
+ (print_dn): Replaced by above.
+
+2002-01-22 Werner Koch <wk@gnupg.org>
+
+ * certpath.c (unknown_criticals): New.
+ (allowed_ca): New.
+ (gpgsm_validate_path): Check validity, CA attribute, path length
+ and unknown critical extensions.
+
+2002-01-21 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c: Add option --enable-crl-checks.
+
+ * call-agent.c (start_agent): Implemented socket based access.
+ * call-dirmngr.c (start_dirmngr): Ditto.
+
+2002-01-20 Werner Koch <wk@gnupg.org>
+
+ * server.c (option_handler): New.
+ (gpgsm_server): Register it with assuan.
+
+2002-01-19 Werner Koch <wk@gnupg.org>
+
+ * server.c (gpgsm_server): Use assuan_deinit_server and setup
+ assuan logging if enabled.
+ * call-agent.c (inq_ciphertext_cb): Don't show the session key in
+ an Assuan log file.
+
+ * gpgsm.c (my_strusage): Take bugreport address from configure.ac
+
+2002-01-15 Werner Koch <wk@gnupg.org>
+
+ * import.c (gpgsm_import): Just do a basic cert check before
+ storing it.
+ * certpath.c (gpgsm_basic_cert_check): New.
+
+ * keydb.c (keydb_store_cert): New.
+ * import.c (store_cert): Removed and change all caller to use
+ the new function.
+ * verify.c (store_cert): Ditto.
+
+ * certlist.c (gpgsm_add_to_certlist): Validate the path
+
+ * certpath.c (gpgsm_validate_path): Check the trust list.
+ * call-agent.c (gpgsm_agent_istrusted): New.
+
+2002-01-14 Werner Koch <wk@gnupg.org>
+
+ * call-dirmngr.c (inq_certificate): Changed for new interface semantic.
+ * certlist.c (gpgsm_find_cert): New.
+
+2002-01-13 Werner Koch <wk@gnupg.org>
+
+ * fingerprint.c (gpgsm_get_certid): Print the serial and not the
+ hash after the dot.
+
+2002-01-11 Werner Koch <wk@gnupg.org>
+
+ * call-dirmngr.c: New.
+ * certpath.c (gpgsm_validate_path): Check the CRL here.
+ * fingerprint.c (gpgsm_get_certid): New.
+ * gpgsm.c: New options --dirmngr-program and --disable-crl-checks.
+
+2002-01-10 Werner Koch <wk@gnupg.org>
+
+ * base64.c (gpgsm_create_writer): Allow to set the object name
+
+2002-01-08 Werner Koch <wk@gnupg.org>
+
+ * keydb.c (spacep): Removed because it is now in util.c
+
+ * server.c (cmd_genkey): New.
+ * certreqgen.c: New. The parameter handling code has been taken
+ from gnupg/g10/keygen.c version 1.0.6.
+ * call-agent.c (gpgsm_agent_genkey): New.
+
+2002-01-02 Werner Koch <wk@gnupg.org>
+
+ * server.c (rc_to_assuan_status): Removed and changed all callers
+ to use map_to_assuan_status.
+
+2001-12-20 Werner Koch <wk@gnupg.org>
+
+ * verify.c (gpgsm_verify): Implemented non-detached signature
+ verification. Add OUT_FP arg, initialize a writer and changed all
+ callers.
+ * server.c (cmd_verify): Pass an out_fp if one has been set.
+
+ * base64.c (base64_reader_cb): Try to detect an S/MIME body part.
+
+ * certdump.c (print_sexp): Renamed to gpgsm_dump_serial, made
+ global.
+ (print_time): Renamed to gpgsm_dump_time, made global.
+ (gpgsm_dump_serial): Take a real S-Expression as argument and
+ print the first item.
+ * keylist.c (list_cert_colon): Ditto.
+ * keydb.c (keydb_search_issuer_sn): Ditto.
+ * decrypt.c (print_integer_sexp): Removed and made callers
+ use gpgsm_dump_serial.
+ * verify.c (print_time): Removed, made callers use gpgsm_dump_time.
+
+2001-12-19 Marcus Brinkmann <marcus@g10code.de>
+
+ * call-agent.c (start_agent): Add new argument to assuan_pipe_connect.
+
+2001-12-18 Werner Koch <wk@gnupg.org>
+
+ * verify.c (print_integer_sexp): Renamed from print_integer and
+ print the serial number according to the S-Exp rules.
+ * decrypt.c (print_integer_sexp): Ditto.
+
+2001-12-17 Werner Koch <wk@gnupg.org>
+
+ * keylist.c (list_cert_colon): Changed for new return value of
+ get_serial.
+ * keydb.c (keydb_search_issuer_sn): Ditto.
+ * certcheck.c (gpgsm_check_cert_sig): Likewise for other S-Exp
+ returingin functions.
+ * fingerprint.c (gpgsm_get_keygrip): Ditto.
+ * encrypt.c (encrypt_dek): Ditto
+ * certcheck.c (gpgsm_check_cms_signature): Ditto
+ * decrypt.c (prepare_decryption): Ditto.
+ * call-agent.c (gpgsm_agent_pkdecrypt): Removed arg ciphertextlen,
+ use KsbaSexp type and calculate the length.
+
+ * certdump.c (print_sexp): Remaned from print_integer, changed caller.
+
+ * Makefile.am: Use the LIBGCRYPT and LIBKSBA variables.
+
+ * fingerprint.c (gpgsm_get_keygrip): Use the new
+ gcry_pk_get_keygrip to calculate the grip - note the algorithm and
+ therefore the grip values changed.
+
+2001-12-15 Werner Koch <wk@gnupg.org>
+
+ * certcheck.c (gpgsm_check_cms_signature): Removed the faked-key
+ kludge.
+ (gpgsm_create_cms_signature): Removed the commented fake key
+ code. This makes the function pretty simple.
+
+ * gpgsm.c (main): Renamed the default key database to "keyring.kbx".
+
+ * decrypt.c (gpgsm_decrypt): Write STATUS_DECRYPTION_*.
+ * sign.c (gpgsm_sign): Write a STATUS_SIG_CREATED.
+
+2001-12-14 Werner Koch <wk@gnupg.org>
+
+ * keylist.c (list_cert_colon): Kludge to show an email address
+ encoded in the subject's DN.
+
+ * verify.c (gpgsm_verify): Add hash debug helpers
+ * sign.c (gpgsm_sign): Ditto.
+
+ * base64.c (base64_reader_cb): Reset the linelen when we need to
+ skip the line and adjusted test; I somehow forgot about DeMorgan.
+
+ * server.c (cmd_encrypt,cmd_decrypt,cmd_sign,cmd_verify)
+ (cmd_import): Close the FDs on success.
+ (close_message_fd): New.
+ (input_notify): Setting autodetect_encoding to 0 after initializing
+ it to 0 is pretty pointless. Easy to fix.
+
+ * gpgsm.c (main): New option --debug-wait n, so that it is
+ possible to attach gdb when used in server mode.
+
+ * sign.c (get_default_signer): Use keydb_classify_name here.
+
+2001-12-14 Marcus Brinkmann <marcus@g10code.de>
+
+ * call-agent.c (LINELENGTH): Removed.
+ (gpgsm_agent_pksign): Use ASSUAN_LINELENGTH, not LINELENGTH.
+ (gpgsm_agent_pkdecrypt): Likewise.
+
+2001-12-13 Werner Koch <wk@gnupg.org>
+
+ * keylist.c (list_cert_colon): Print alternative names of subject
+ and a few other values.
+
+2001-12-12 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c (main): New options --assume-{armor,base64,binary}.
+ * base64.c (base64_reader_cb): Fixed non-autodetection mode.
+
+2001-12-04 Werner Koch <wk@gnupg.org>
+
+ * call-agent.c (read_from_agent): Check for inquire responses.
+ (request_reply): Handle them using a new callback arg, changed all
+ callers.
+ (gpgsm_agent_pkdecrypt): New.
+
+2001-11-27 Werner Koch <wk@gnupg.org>
+
+ * base64.c: New. Changed all other functions to use this instead
+ of direct creation of ksba_reader/writer.
+ * gpgsm.c (main): Set ctrl.auto_encoding unless --no-armor is used.
+
+2001-11-26 Werner Koch <wk@gnupg.org>
+
+ * gpgsm.c: New option --agent-program
+ * call-agent.c (start_agent): Allow to override the default path
+ to the agent.
+
+ * keydb.c (keydb_add_resource): Create keybox
+
+ * keylist.c (gpgsm_list_keys): Fixed non-server keylisting.
+
+ * server.c (rc_to_assuan_status): New. Use it for all commands.
+
+
+ Copyright 2001, 2002, 2003, 2004, 2005, 2006,
+ 2007, 2008, 2009 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/sm/Makefile.am b/sm/Makefile.am
new file mode 100644
index 0000000..d945d71
--- /dev/null
+++ b/sm/Makefile.am
@@ -0,0 +1,71 @@
+# Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+## Process this file with automake to produce Makefile.in
+
+
+bin_PROGRAMS = gpgsm
+
+EXTRA_DIST = ChangeLog-2011
+
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS)
+
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl
+include $(top_srcdir)/am/cmacros.am
+
+
+gpgsm_SOURCES = \
+ gpgsm.c gpgsm.h \
+ misc.c \
+ keydb.c keydb.h \
+ server.c \
+ call-agent.c \
+ call-dirmngr.c \
+ fingerprint.c \
+ base64.c \
+ certlist.c \
+ certdump.c \
+ certcheck.c \
+ certchain.c \
+ keylist.c \
+ verify.c \
+ sign.c \
+ encrypt.c \
+ decrypt.c \
+ import.c \
+ export.c \
+ delete.c \
+ certreqgen.c \
+ certreqgen-ui.c \
+ qualified.c
+
+
+common_libs = $(libcommon) ../kbx/libkeybox.a ../jnlib/libjnlib.a \
+ ../gl/libgnu.a
+
+gpgsm_LDADD = $(common_libs) ../common/libgpgrl.a $(NETLIBS) \
+ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \
+ $(GPG_ERROR_LIBS) $(LIBREADLINE) $(LIBINTL) $(ZLIBS) $(LIBICONV)
+
+# Make sure that all libs are build before we use them. This is
+# important for things like make -j2.
+$(PROGRAMS): $(common_libs)
+
+
+
+
+
diff --git a/sm/Makefile.in b/sm/Makefile.in
new file mode 100644
index 0000000..b1cd1da
--- /dev/null
+++ b/sm/Makefile.in
@@ -0,0 +1,711 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+# cmacros.am - C macro definitions
+# Copyright (C) 2004 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+bin_PROGRAMS = gpgsm$(EXEEXT)
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/am/cmacros.am
+@HAVE_DOSISH_SYSTEM_FALSE@am__append_1 = -DGNUPG_BINDIR="\"$(bindir)\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBEXECDIR="\"$(libexecdir)\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_DATADIR="\"$(datadir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\""
+
+
+# If a specific protect tool program has been defined, pass its name
+# to cc. Note that these macros should not be used directly but via
+# the gnupg_module_name function.
+@GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
+@GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
+@GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+subdir = sm
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)"
+PROGRAMS = $(bin_PROGRAMS)
+am_gpgsm_OBJECTS = gpgsm.$(OBJEXT) misc.$(OBJEXT) keydb.$(OBJEXT) \
+ server.$(OBJEXT) call-agent.$(OBJEXT) call-dirmngr.$(OBJEXT) \
+ fingerprint.$(OBJEXT) base64.$(OBJEXT) certlist.$(OBJEXT) \
+ certdump.$(OBJEXT) certcheck.$(OBJEXT) certchain.$(OBJEXT) \
+ keylist.$(OBJEXT) verify.$(OBJEXT) sign.$(OBJEXT) \
+ encrypt.$(OBJEXT) decrypt.$(OBJEXT) import.$(OBJEXT) \
+ export.$(OBJEXT) delete.$(OBJEXT) certreqgen.$(OBJEXT) \
+ certreqgen-ui.$(OBJEXT) qualified.$(OBJEXT)
+gpgsm_OBJECTS = $(am_gpgsm_OBJECTS)
+am__DEPENDENCIES_1 =
+gpgsm_DEPENDENCIES = $(common_libs) ../common/libgpgrl.a \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/scripts/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(gpgsm_SOURCES)
+DIST_SOURCES = $(gpgsm_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = $(datadir)/locale
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+EXTRA_DIST = ChangeLog-2011
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS)
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common \
+ -I$(top_srcdir)/intl -DLOCALEDIR=\"$(localedir)\" \
+ $(am__append_1) $(am__append_2) $(am__append_3) \
+ $(am__append_4) $(am__append_5) $(am__append_6)
+
+# Convenience macros
+libcommon = ../common/libcommon.a
+libcommonpth = ../common/libcommonpth.a
+gpgsm_SOURCES = \
+ gpgsm.c gpgsm.h \
+ misc.c \
+ keydb.c keydb.h \
+ server.c \
+ call-agent.c \
+ call-dirmngr.c \
+ fingerprint.c \
+ base64.c \
+ certlist.c \
+ certdump.c \
+ certcheck.c \
+ certchain.c \
+ keylist.c \
+ verify.c \
+ sign.c \
+ encrypt.c \
+ decrypt.c \
+ import.c \
+ export.c \
+ delete.c \
+ certreqgen.c \
+ certreqgen-ui.c \
+ qualified.c
+
+common_libs = $(libcommon) ../kbx/libkeybox.a ../jnlib/libjnlib.a \
+ ../gl/libgnu.a
+
+gpgsm_LDADD = $(common_libs) ../common/libgpgrl.a $(NETLIBS) \
+ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \
+ $(GPG_ERROR_LIBS) $(LIBREADLINE) $(LIBINTL) $(ZLIBS) $(LIBICONV)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/am/cmacros.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu sm/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu sm/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(bindir)" && rm -f $$files
+
+clean-binPROGRAMS:
+ -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
+gpgsm$(EXEEXT): $(gpgsm_OBJECTS) $(gpgsm_DEPENDENCIES)
+ @rm -f gpgsm$(EXEEXT)
+ $(LINK) $(gpgsm_OBJECTS) $(gpgsm_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/base64.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/call-agent.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/call-dirmngr.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certchain.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certcheck.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certdump.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certlist.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certreqgen-ui.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certreqgen.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/decrypt.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encrypt.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/export.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fingerprint.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgsm.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/import.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keydb.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keylist.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/misc.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qualified.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/server.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sign.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verify.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-binPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \
+ clean-generic ctags distclean distclean-compile \
+ distclean-generic distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-binPROGRAMS \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+ uninstall-am uninstall-binPROGRAMS
+
+
+# Make sure that all libs are build before we use them. This is
+# important for things like make -j2.
+$(PROGRAMS): $(common_libs)
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/sm/base64.c b/sm/base64.c
new file mode 100644
index 0000000..b0c8dc8
--- /dev/null
+++ b/sm/base64.c
@@ -0,0 +1,733 @@
+/* base64.c
+ * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+
+#include "gpgsm.h"
+
+
+#include <ksba.h>
+
+#include "i18n.h"
+
+#ifdef HAVE_DOSISH_SYSTEM
+ #define LF "\r\n"
+#else
+ #define LF "\n"
+#endif
+
+/* data used by the reader callbacks */
+struct reader_cb_parm_s {
+ FILE *fp;
+
+ unsigned char line[1024];
+ int linelen;
+ int readpos;
+ int have_lf;
+ unsigned long line_counter;
+
+ int allow_multi_pem; /* Allow processing of multiple PEM objects. */
+ int autodetect; /* Try to detect the input encoding. */
+ int assume_pem; /* Assume input encoding is PEM. */
+ int assume_base64; /* Assume input is base64 encoded. */
+
+ int identified;
+ int is_pem;
+ int is_base64;
+ int stop_seen;
+ int might_be_smime;
+
+ int eof_seen;
+
+ struct {
+ int idx;
+ unsigned char val;
+ int stop_seen;
+ } base64;
+};
+
+/* data used by the writer callbacks */
+struct writer_cb_parm_s {
+ FILE *fp; /* FP is only used if STREAM is NULL. */
+ estream_t stream; /* Alternative output if not NULL. */
+
+ const char *pem_name;
+
+ int wrote_begin;
+ int did_finish;
+
+ struct {
+ int idx;
+ int quad_count;
+ unsigned char radbuf[4];
+ } base64;
+
+};
+
+
+/* context for this module's functions */
+struct base64_context_s {
+ union {
+ struct reader_cb_parm_s rparm;
+ struct writer_cb_parm_s wparm;
+ } u;
+
+ union {
+ ksba_reader_t reader;
+ ksba_writer_t writer;
+ } u2;
+};
+
+
+/* The base-64 character list */
+static char bintoasc[64] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789+/";
+/* The reverse base-64 list */
+static unsigned char asctobin[256] = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+ 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12,
+ 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
+ 0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff
+};
+
+
+static int
+has_only_base64 (const unsigned char *line, int linelen)
+{
+ if (linelen < 20)
+ return 0;
+ for (; linelen; line++, linelen--)
+ {
+ if (*line == '\n' || (linelen > 1 && *line == '\r' && line[1] == '\n'))
+ break;
+ if ( !strchr (bintoasc, *line) )
+ return 0;
+ }
+ return 1; /* yes */
+}
+
+static int
+is_empty_line (const unsigned char *line, int linelen)
+{
+ if (linelen >= 2 && *line == '\r' && line[1] == '\n')
+ return 1;
+ if (linelen >= 1 && *line == '\n')
+ return 1;
+ return 0;
+}
+
+
+static int
+base64_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
+{
+ struct reader_cb_parm_s *parm = cb_value;
+ size_t n;
+ int c, c2;
+
+ *nread = 0;
+ if (!buffer)
+ return -1; /* not supported */
+
+ next:
+ if (!parm->linelen)
+ {
+ /* read an entire line or up to the size of the buffer */
+ parm->line_counter++;
+ parm->have_lf = 0;
+ for (n=0; n < DIM(parm->line);)
+ {
+ c = getc (parm->fp);
+ if (c == EOF)
+ {
+ parm->eof_seen = 1;
+ if (ferror (parm->fp))
+ return -1;
+ break;
+ }
+ parm->line[n++] = c;
+ if (c == '\n')
+ {
+ parm->have_lf = 1;
+ /* Fixme: we need to skip overlong lines while detecting
+ the dashed lines */
+ break;
+ }
+ }
+ parm->linelen = n;
+ if (!n)
+ return -1; /* eof */
+ parm->readpos = 0;
+ }
+
+ if (!parm->identified)
+ {
+ if (!parm->autodetect)
+ {
+ if (parm->assume_pem)
+ {
+ /* wait for the header line */
+ parm->linelen = parm->readpos = 0;
+ if (!parm->have_lf
+ || strncmp ((char*)parm->line, "-----BEGIN ", 11)
+ || !strncmp ((char*)parm->line+11, "PGP ", 4))
+ goto next;
+ parm->is_pem = 1;
+ }
+ else if (parm->assume_base64)
+ parm->is_base64 = 1;
+ }
+ else if (parm->line_counter == 1 && !parm->have_lf)
+ {
+ /* first line too long - assume DER encoding */
+ parm->is_pem = 0;
+ }
+ else if (parm->line_counter == 1 && parm->linelen && *parm->line == 0x30)
+ {
+ /* the very first byte does pretty much look like a SEQUENCE tag*/
+ parm->is_pem = 0;
+ }
+ else if ( parm->have_lf
+ && !strncmp ((char*)parm->line, "-----BEGIN ", 11)
+ && strncmp ((char *)parm->line+11, "PGP ", 4) )
+ {
+ /* Fixme: we must only compare if the line really starts at
+ the beginning */
+ parm->is_pem = 1;
+ parm->linelen = parm->readpos = 0;
+ }
+ else if ( parm->have_lf && parm->line_counter == 1
+ && parm->linelen >= 13
+ && !ascii_memcasecmp (parm->line, "Content-Type:", 13))
+ { /* might be a S/MIME body */
+ parm->might_be_smime = 1;
+ parm->linelen = parm->readpos = 0;
+ goto next;
+ }
+ else if (parm->might_be_smime == 1
+ && is_empty_line (parm->line, parm->linelen))
+ {
+ parm->might_be_smime = 2;
+ parm->linelen = parm->readpos = 0;
+ goto next;
+ }
+ else if (parm->might_be_smime == 2)
+ {
+ parm->might_be_smime = 0;
+ if ( !has_only_base64 (parm->line, parm->linelen))
+ {
+ parm->linelen = parm->readpos = 0;
+ goto next;
+ }
+ parm->is_pem = 1;
+ }
+ else
+ {
+ parm->linelen = parm->readpos = 0;
+ goto next;
+ }
+ parm->identified = 1;
+ parm->base64.stop_seen = 0;
+ parm->base64.idx = 0;
+ }
+
+
+ n = 0;
+ if (parm->is_pem || parm->is_base64)
+ {
+ if (parm->is_pem && parm->have_lf
+ && !strncmp ((char*)parm->line, "-----END ", 9))
+ {
+ parm->identified = 0;
+ parm->linelen = parm->readpos = 0;
+
+ /* If the caller want to read multiple PEM objects from one
+ file, we have to reset our internal state and return a
+ EOF immediately. The caller is the expected to use
+ ksba_reader_clear to clear the EOF condition and continue
+ to read. If we don't want to do that we just return 0
+ bytes which will force the ksba_reader to skip until
+ EOF. */
+ if (parm->allow_multi_pem)
+ {
+ parm->identified = 0;
+ parm->autodetect = 0;
+ parm->assume_pem = 1;
+ parm->stop_seen = 0;
+ return -1; /* Send EOF now. */
+ }
+ }
+ else if (parm->stop_seen)
+ { /* skip the rest of the line */
+ parm->linelen = parm->readpos = 0;
+ }
+ else
+ {
+ int idx = parm->base64.idx;
+ unsigned char val = parm->base64.val;
+
+ while (n < count && parm->readpos < parm->linelen )
+ {
+ c = parm->line[parm->readpos++];
+ if (c == '\n' || c == ' ' || c == '\r' || c == '\t')
+ continue;
+ if (c == '=')
+ { /* pad character: stop */
+ if (idx == 1)
+ buffer[n++] = val;
+ parm->stop_seen = 1;
+ break;
+ }
+ if( (c = asctobin[(c2=c)]) == 255 )
+ {
+ log_error (_("invalid radix64 character %02x skipped\n"),
+ c2);
+ continue;
+ }
+ switch (idx)
+ {
+ case 0:
+ val = c << 2;
+ break;
+ case 1:
+ val |= (c>>4)&3;
+ buffer[n++] = val;
+ val = (c<<4)&0xf0;
+ break;
+ case 2:
+ val |= (c>>2)&15;
+ buffer[n++] = val;
+ val = (c<<6)&0xc0;
+ break;
+ case 3:
+ val |= c&0x3f;
+ buffer[n++] = val;
+ break;
+ }
+ idx = (idx+1) % 4;
+ }
+ if (parm->readpos == parm->linelen)
+ parm->linelen = parm->readpos = 0;
+
+ parm->base64.idx = idx;
+ parm->base64.val = val;
+ }
+ }
+ else
+ { /* DER encoded */
+ while (n < count && parm->readpos < parm->linelen)
+ buffer[n++] = parm->line[parm->readpos++];
+ if (parm->readpos == parm->linelen)
+ parm->linelen = parm->readpos = 0;
+ }
+
+ *nread = n;
+ return 0;
+}
+
+
+
+static int
+simple_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
+{
+ struct reader_cb_parm_s *parm = cb_value;
+ size_t n;
+ int c = 0;
+
+ *nread = 0;
+ if (!buffer)
+ return -1; /* not supported */
+
+ for (n=0; n < count; n++)
+ {
+ c = getc (parm->fp);
+ if (c == EOF)
+ {
+ parm->eof_seen = 1;
+ if ( ferror (parm->fp) )
+ return -1;
+ if (n)
+ break; /* return what we have before an EOF */
+ return -1;
+ }
+ *(byte *)buffer++ = c;
+ }
+
+ *nread = n;
+ return 0;
+}
+
+
+
+
+/* Call either es_putc or the plain putc. */
+static void
+do_putc (int value, FILE *fp, estream_t stream)
+{
+ if (stream)
+ es_putc (value, stream);
+ else
+ putc (value, fp);
+}
+
+/* Call either es_fputs or the plain fputs. */
+static void
+do_fputs (const char *string, FILE *fp, estream_t stream)
+{
+ if (stream)
+ es_fputs (string, stream);
+ else
+ fputs (string, fp);
+}
+
+
+static int
+base64_writer_cb (void *cb_value, const void *buffer, size_t count)
+{
+ struct writer_cb_parm_s *parm = cb_value;
+ unsigned char radbuf[4];
+ int i, c, idx, quad_count;
+ const unsigned char *p;
+ FILE *fp = parm->fp;
+ estream_t stream = parm->stream;
+
+ if (!count)
+ return 0;
+
+ if (!parm->wrote_begin)
+ {
+ if (parm->pem_name)
+ {
+ do_fputs ("-----BEGIN ", fp, stream);
+ do_fputs (parm->pem_name, fp, stream);
+ do_fputs ("-----\n", fp, stream);
+ }
+ parm->wrote_begin = 1;
+ parm->base64.idx = 0;
+ parm->base64.quad_count = 0;
+ }
+
+ idx = parm->base64.idx;
+ quad_count = parm->base64.quad_count;
+ for (i=0; i < idx; i++)
+ radbuf[i] = parm->base64.radbuf[i];
+
+ for (p=buffer; count; p++, count--)
+ {
+ radbuf[idx++] = *p;
+ if (idx > 2)
+ {
+ idx = 0;
+ c = bintoasc[(*radbuf >> 2) & 077];
+ do_putc (c, fp, stream);
+ c = bintoasc[(((*radbuf<<4)&060)|((radbuf[1] >> 4)&017))&077];
+ do_putc (c, fp, stream);
+ c = bintoasc[(((radbuf[1]<<2)&074)|((radbuf[2]>>6)&03))&077];
+ do_putc (c, fp, stream);
+ c = bintoasc[radbuf[2]&077];
+ do_putc (c, fp, stream);
+ if (++quad_count >= (64/4))
+ {
+ do_fputs (LF, fp, stream);
+ quad_count = 0;
+ }
+ }
+ }
+ for (i=0; i < idx; i++)
+ parm->base64.radbuf[i] = radbuf[i];
+ parm->base64.idx = idx;
+ parm->base64.quad_count = quad_count;
+
+ return ((stream? es_ferror (stream) : ferror (fp))
+ ? gpg_error_from_syserror ()
+ : 0);
+}
+
+/* This callback is only used in stream mode. Hiowever, we don't
+ restrict it to this. */
+static int
+plain_writer_cb (void *cb_value, const void *buffer, size_t count)
+{
+ struct writer_cb_parm_s *parm = cb_value;
+ FILE *fp = parm->fp;
+ estream_t stream = parm->stream;
+
+ if (!count)
+ return 0;
+
+ if (stream)
+ es_write (stream, buffer, count, NULL);
+ else
+ fwrite (buffer, count, 1, fp);
+
+ return ((stream? es_ferror (stream) : ferror (fp))
+ ? gpg_error_from_syserror ()
+ : 0);
+}
+
+static int
+base64_finish_write (struct writer_cb_parm_s *parm)
+{
+ unsigned char radbuf[4];
+ int i, c, idx, quad_count;
+ FILE *fp = parm->fp;
+ estream_t stream = parm->stream;
+
+ if (!parm->wrote_begin)
+ return 0; /* Nothing written or we are not called in base-64 mode. */
+
+ /* flush the base64 encoding */
+ idx = parm->base64.idx;
+ quad_count = parm->base64.quad_count;
+ for (i=0; i < idx; i++)
+ radbuf[i] = parm->base64.radbuf[i];
+
+ if (idx)
+ {
+ c = bintoasc[(*radbuf>>2)&077];
+ do_putc (c, fp, stream);
+ if (idx == 1)
+ {
+ c = bintoasc[((*radbuf << 4) & 060) & 077];
+ do_putc (c, fp, stream);
+ do_putc ('=', fp, stream);
+ do_putc ('=', fp, stream);
+ }
+ else
+ {
+ c = bintoasc[(((*radbuf<<4)&060)|((radbuf[1]>>4)&017))&077];
+ do_putc (c, fp, stream);
+ c = bintoasc[((radbuf[1] << 2) & 074) & 077];
+ do_putc (c, fp, stream);
+ do_putc ('=', fp, stream);
+
+ }
+ if (++quad_count >= (64/4))
+ {
+ do_fputs (LF, fp, stream);
+ quad_count = 0;
+ }
+ }
+
+ if (quad_count)
+ do_fputs (LF, fp, stream);
+
+ if (parm->pem_name)
+ {
+ do_fputs ("-----END ", fp, stream);
+ do_fputs (parm->pem_name, fp, stream);
+ do_fputs ("-----\n", fp, stream);
+ }
+
+ return ((stream? es_ferror (stream) : ferror (fp))
+ ? gpg_error_from_syserror ()
+ : 0);
+}
+
+
+
+
+/* Create a reader for the given file descriptor. Depending on the
+ control information an input decoding is automagically choosen.
+ The function returns a Base64Context object which must be passed to
+ the gpgme_destroy_reader function. The created KsbaReader object
+ is also returned, but the caller must not call the
+ ksba_reader_release function on. If ALLOW_MULTI_PEM is true, the
+ reader expects that the caller uses ksba_reader_clear after EOF
+ until no more objects were found. */
+int
+gpgsm_create_reader (Base64Context *ctx,
+ ctrl_t ctrl, FILE *fp, int allow_multi_pem,
+ ksba_reader_t *r_reader)
+{
+ int rc;
+ ksba_reader_t r;
+
+ *r_reader = NULL;
+ *ctx = xtrycalloc (1, sizeof **ctx);
+ if (!*ctx)
+ return out_of_core ();
+ (*ctx)->u.rparm.allow_multi_pem = allow_multi_pem;
+
+ rc = ksba_reader_new (&r);
+ if (rc)
+ {
+ xfree (*ctx); *ctx = NULL;
+ return rc;
+ }
+
+ (*ctx)->u.rparm.fp = fp;
+ if (ctrl->is_pem)
+ {
+ (*ctx)->u.rparm.assume_pem = 1;
+ (*ctx)->u.rparm.assume_base64 = 1;
+ rc = ksba_reader_set_cb (r, base64_reader_cb, &(*ctx)->u.rparm);
+ }
+ else if (ctrl->is_base64)
+ {
+ (*ctx)->u.rparm.assume_base64 = 1;
+ rc = ksba_reader_set_cb (r, base64_reader_cb, &(*ctx)->u.rparm);
+ }
+ else if (ctrl->autodetect_encoding)
+ {
+ (*ctx)->u.rparm.autodetect = 1;
+ rc = ksba_reader_set_cb (r, base64_reader_cb, &(*ctx)->u.rparm);
+ }
+ else
+ rc = ksba_reader_set_cb (r, simple_reader_cb, &(*ctx)->u.rparm);
+
+ if (rc)
+ {
+ ksba_reader_release (r);
+ xfree (*ctx); *ctx = NULL;
+ return rc;
+ }
+
+ (*ctx)->u2.reader = r;
+ *r_reader = r;
+ return 0;
+}
+
+
+int
+gpgsm_reader_eof_seen (Base64Context ctx)
+{
+ return ctx && ctx->u.rparm.eof_seen;
+}
+
+void
+gpgsm_destroy_reader (Base64Context ctx)
+{
+ if (!ctx)
+ return;
+
+ ksba_reader_release (ctx->u2.reader);
+ xfree (ctx);
+}
+
+
+
+/* Create a writer for the given stream FP or STREAM. Depending on
+ the control information an output encoding is automagically
+ choosen. The function returns a Base64Context object which must be
+ passed to the gpgme_destroy_writer function. The created
+ KsbaWriter object is also returned, but the caller must not call
+ the ksba_reader_release function on. */
+int
+gpgsm_create_writer (Base64Context *ctx,
+ ctrl_t ctrl, FILE *fp, estream_t stream,
+ ksba_writer_t *r_writer)
+{
+ int rc;
+ ksba_writer_t w;
+
+ *r_writer = NULL;
+ *ctx = xtrycalloc (1, sizeof **ctx);
+ if (!*ctx)
+ return out_of_core ();
+
+ rc = ksba_writer_new (&w);
+ if (rc)
+ {
+ xfree (*ctx); *ctx = NULL;
+ return rc;
+ }
+
+ if (ctrl->create_pem || ctrl->create_base64)
+ {
+ (*ctx)->u.wparm.fp = fp;
+ (*ctx)->u.wparm.stream = stream;
+ if (ctrl->create_pem)
+ (*ctx)->u.wparm.pem_name = ctrl->pem_name? ctrl->pem_name
+ : "CMS OBJECT";
+ rc = ksba_writer_set_cb (w, base64_writer_cb, &(*ctx)->u.wparm);
+ }
+ else if (stream)
+ {
+ (*ctx)->u.wparm.fp = fp;
+ (*ctx)->u.wparm.stream = stream;
+ rc = ksba_writer_set_cb (w, plain_writer_cb, &(*ctx)->u.wparm);
+ }
+ else
+ rc = ksba_writer_set_file (w, fp);
+
+ if (rc)
+ {
+ ksba_writer_release (w);
+ xfree (*ctx); *ctx = NULL;
+ return rc;
+ }
+
+ (*ctx)->u2.writer = w;
+ *r_writer = w;
+ return 0;
+}
+
+
+int
+gpgsm_finish_writer (Base64Context ctx)
+{
+ struct writer_cb_parm_s *parm;
+
+ if (!ctx)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ parm = &ctx->u.wparm;
+ if (parm->did_finish)
+ return 0; /* Already done. */
+ parm->did_finish = 1;
+ if (!parm->fp && !parm->stream)
+ return 0; /* Callback was not used. */
+ return base64_finish_write (parm);
+}
+
+void
+gpgsm_destroy_writer (Base64Context ctx)
+{
+ if (!ctx)
+ return;
+
+ ksba_writer_release (ctx->u2.writer);
+ xfree (ctx);
+}
diff --git a/sm/call-agent.c b/sm/call-agent.c
new file mode 100644
index 0000000..7eb16ed
--- /dev/null
+++ b/sm/call-agent.c
@@ -0,0 +1,1069 @@
+/* call-agent.c - Divert GPGSM operations to the agent
+ * Copyright (C) 2001, 2002, 2003, 2005, 2007,
+ * 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+#ifdef HAVE_LOCALE_H
+#include <locale.h>
+#endif
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <assuan.h>
+#include "i18n.h"
+#include "asshelp.h"
+#include "keydb.h" /* fixme: Move this to import.c */
+#include "membuf.h"
+
+
+static assuan_context_t agent_ctx = NULL;
+
+
+struct cipher_parm_s
+{
+ ctrl_t ctrl;
+ assuan_context_t ctx;
+ const unsigned char *ciphertext;
+ size_t ciphertextlen;
+};
+
+struct genkey_parm_s
+{
+ ctrl_t ctrl;
+ assuan_context_t ctx;
+ const unsigned char *sexp;
+ size_t sexplen;
+};
+
+struct learn_parm_s
+{
+ int error;
+ ctrl_t ctrl;
+ assuan_context_t ctx;
+ membuf_t *data;
+};
+
+
+
+/* Try to connect to the agent via socket or fork it off and work by
+ pipes. Handle the server's initial greeting */
+static int
+start_agent (ctrl_t ctrl)
+{
+ int rc;
+
+ if (agent_ctx)
+ rc = 0; /* fixme: We need a context for each thread or
+ serialize the access to the agent (which is
+ suitable given that the agent is not MT. */
+ else
+ {
+ rc = start_new_gpg_agent (&agent_ctx,
+ GPG_ERR_SOURCE_DEFAULT,
+ opt.homedir,
+ opt.agent_program,
+ opt.lc_ctype, opt.lc_messages,
+ opt.session_env,
+ opt.verbose, DBG_ASSUAN,
+ gpgsm_status2, ctrl);
+
+ if (!rc)
+ {
+ /* Tell the agent that we support Pinentry notifications. No
+ error checking so that it will work also with older
+ agents. */
+ assuan_transact (agent_ctx, "OPTION allow-pinentry-notify",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ }
+ }
+
+ if (!ctrl->agent_seen)
+ {
+ ctrl->agent_seen = 1;
+ audit_log_ok (ctrl->audit, AUDIT_AGENT_READY, rc);
+ }
+
+ return rc;
+}
+
+
+
+static gpg_error_t
+membuf_data_cb (void *opaque, const void *buffer, size_t length)
+{
+ membuf_t *data = opaque;
+
+ if (buffer)
+ put_membuf (data, buffer, length);
+ return 0;
+}
+
+
+/* This is the default inquiry callback. It mainly handles the
+ Pinentry notifications. */
+static gpg_error_t
+default_inq_cb (void *opaque, const char *line)
+{
+ gpg_error_t err;
+ ctrl_t ctrl = opaque;
+
+ if (!strncmp (line, "PINENTRY_LAUNCHED", 17) && (line[17]==' '||!line[17]))
+ {
+ err = gpgsm_proxy_pinentry_notify (ctrl, line);
+ if (err)
+ log_error (_("failed to proxy %s inquiry to client\n"),
+ "PINENTRY_LAUNCHED");
+ /* We do not pass errors to avoid breaking other code. */
+ }
+ else
+ log_error ("ignoring gpg-agent inquiry `%s'\n", line);
+
+ return 0;
+}
+
+
+
+
+/* Call the agent to do a sign operation using the key identified by
+ the hex string KEYGRIP. */
+int
+gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
+ unsigned char *digest, size_t digestlen, int digestalgo,
+ unsigned char **r_buf, size_t *r_buflen )
+{
+ int rc, i;
+ char *p, line[ASSUAN_LINELENGTH];
+ membuf_t data;
+ size_t len;
+
+ *r_buf = NULL;
+ rc = start_agent (ctrl);
+ if (rc)
+ return rc;
+
+ if (digestlen*2 + 50 > DIM(line))
+ return gpg_error (GPG_ERR_GENERAL);
+
+ rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return rc;
+
+ snprintf (line, DIM(line)-1, "SIGKEY %s", keygrip);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return rc;
+
+ if (desc)
+ {
+ snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (agent_ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return rc;
+ }
+
+ sprintf (line, "SETHASH %d ", digestalgo);
+ p = line + strlen (line);
+ for (i=0; i < digestlen ; i++, p += 2 )
+ sprintf (p, "%02X", digest[i]);
+ rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return rc;
+
+ init_membuf (&data, 1024);
+ rc = assuan_transact (agent_ctx, "PKSIGN",
+ membuf_data_cb, &data, default_inq_cb, ctrl,
+ NULL, NULL);
+ if (rc)
+ {
+ xfree (get_membuf (&data, &len));
+ return rc;
+ }
+ *r_buf = get_membuf (&data, r_buflen);
+
+ if (!gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL))
+ {
+ xfree (*r_buf); *r_buf = NULL;
+ return gpg_error (GPG_ERR_INV_VALUE);
+ }
+
+ return *r_buf? 0 : out_of_core ();
+}
+
+
+/* Call the scdaemon to do a sign operation using the key identified by
+ the hex string KEYID. */
+int
+gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
+ unsigned char *digest, size_t digestlen, int digestalgo,
+ unsigned char **r_buf, size_t *r_buflen )
+{
+ int rc, i;
+ char *p, line[ASSUAN_LINELENGTH];
+ membuf_t data;
+ size_t len;
+ const char *hashopt;
+ unsigned char *sigbuf;
+ size_t sigbuflen;
+
+ (void)desc;
+
+ *r_buf = NULL;
+
+ switch(digestalgo)
+ {
+ case GCRY_MD_SHA1: hashopt = "--hash=sha1"; break;
+ case GCRY_MD_RMD160:hashopt = "--hash=rmd160"; break;
+ case GCRY_MD_MD5: hashopt = "--hash=md5"; break;
+ case GCRY_MD_SHA256:hashopt = "--hash=sha256"; break;
+ default:
+ return gpg_error (GPG_ERR_DIGEST_ALGO);
+ }
+
+ rc = start_agent (ctrl);
+ if (rc)
+ return rc;
+
+ if (digestlen*2 + 50 > DIM(line))
+ return gpg_error (GPG_ERR_GENERAL);
+
+ p = stpcpy (line, "SCD SETDATA " );
+ for (i=0; i < digestlen ; i++, p += 2 )
+ sprintf (p, "%02X", digest[i]);
+ rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return rc;
+
+ init_membuf (&data, 1024);
+
+ snprintf (line, DIM(line)-1, "SCD PKSIGN %s %s", hashopt, keyid);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (agent_ctx, line,
+ membuf_data_cb, &data, default_inq_cb, ctrl,
+ NULL, NULL);
+ if (rc)
+ {
+ xfree (get_membuf (&data, &len));
+ return rc;
+ }
+ sigbuf = get_membuf (&data, &sigbuflen);
+
+ /* Create an S-expression from it which is formatted like this:
+ "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" Fixme: If a card ever
+ creates non-RSA keys we need to change things. */
+ *r_buflen = 21 + 11 + sigbuflen + 4;
+ p = xtrymalloc (*r_buflen);
+ *r_buf = (unsigned char*)p;
+ if (!p)
+ {
+ xfree (sigbuf);
+ return 0;
+ }
+ p = stpcpy (p, "(7:sig-val(3:rsa(1:s" );
+ sprintf (p, "%u:", (unsigned int)sigbuflen);
+ p += strlen (p);
+ memcpy (p, sigbuf, sigbuflen);
+ p += sigbuflen;
+ strcpy (p, ")))");
+ xfree (sigbuf);
+
+ assert (gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL));
+ return 0;
+}
+
+
+
+
+/* Handle a CIPHERTEXT inquiry. Note, we only send the data,
+ assuan_transact talkes care of flushing and writing the end */
+static gpg_error_t
+inq_ciphertext_cb (void *opaque, const char *line)
+{
+ struct cipher_parm_s *parm = opaque;
+ int rc;
+
+ if (!strncmp (line, "CIPHERTEXT", 10) && (line[10]==' '||!line[10]))
+ {
+ assuan_begin_confidential (parm->ctx);
+ rc = assuan_send_data (parm->ctx, parm->ciphertext, parm->ciphertextlen);
+ assuan_end_confidential (parm->ctx);
+ }
+ else
+ rc = default_inq_cb (parm->ctrl, line);
+
+ return rc;
+}
+
+
+/* Call the agent to do a decrypt operation using the key identified by
+ the hex string KEYGRIP. */
+int
+gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
+ ksba_const_sexp_t ciphertext,
+ char **r_buf, size_t *r_buflen )
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+ membuf_t data;
+ struct cipher_parm_s cipher_parm;
+ size_t n, len;
+ char *p, *buf, *endp;
+ size_t ciphertextlen;
+
+ if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ *r_buf = NULL;
+
+ ciphertextlen = gcry_sexp_canon_len (ciphertext, 0, NULL, NULL);
+ if (!ciphertextlen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ rc = start_agent (ctrl);
+ if (rc)
+ return rc;
+
+ rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return rc;
+
+ assert ( DIM(line) >= 50 );
+ snprintf (line, DIM(line)-1, "SETKEY %s", keygrip);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return rc;
+
+ if (desc)
+ {
+ snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (agent_ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return rc;
+ }
+
+ init_membuf (&data, 1024);
+ cipher_parm.ctrl = ctrl;
+ cipher_parm.ctx = agent_ctx;
+ cipher_parm.ciphertext = ciphertext;
+ cipher_parm.ciphertextlen = ciphertextlen;
+ rc = assuan_transact (agent_ctx, "PKDECRYPT",
+ membuf_data_cb, &data,
+ inq_ciphertext_cb, &cipher_parm, NULL, NULL);
+ if (rc)
+ {
+ xfree (get_membuf (&data, &len));
+ return rc;
+ }
+
+ put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
+ buf = get_membuf (&data, &len);
+ if (!buf)
+ return gpg_error (GPG_ERR_ENOMEM);
+ assert (len); /* (we forced Nul termination.) */
+
+ if (*buf == '(')
+ {
+ if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
+ return gpg_error (GPG_ERR_INV_SEXP);
+ len -= 11; /* Count only the data of the second part. */
+ p = buf + 8; /* Skip leading parenthesis and the value tag. */
+ }
+ else
+ {
+ /* For compatibility with older gpg-agents handle the old style
+ incomplete S-exps. */
+ len--; /* Do not count the Nul. */
+ p = buf;
+ }
+
+ n = strtoul (p, &endp, 10);
+ if (!n || *endp != ':')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ endp++;
+ if (endp-p+n > len)
+ return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
+
+ memmove (buf, endp, n);
+
+ *r_buflen = n;
+ *r_buf = buf;
+ return 0;
+}
+
+
+
+
+
+/* Handle a KEYPARMS inquiry. Note, we only send the data,
+ assuan_transact takes care of flushing and writing the end */
+static gpg_error_t
+inq_genkey_parms (void *opaque, const char *line)
+{
+ struct genkey_parm_s *parm = opaque;
+ int rc;
+
+ if (!strncmp (line, "KEYPARAM", 8) && (line[8]==' '||!line[8]))
+ {
+ rc = assuan_send_data (parm->ctx, parm->sexp, parm->sexplen);
+ }
+ else
+ rc = default_inq_cb (parm->ctrl, line);
+
+ return rc;
+}
+
+
+
+/* Call the agent to generate a newkey */
+int
+gpgsm_agent_genkey (ctrl_t ctrl,
+ ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
+{
+ int rc;
+ struct genkey_parm_s gk_parm;
+ membuf_t data;
+ size_t len;
+ unsigned char *buf;
+
+ *r_pubkey = NULL;
+ rc = start_agent (ctrl);
+ if (rc)
+ return rc;
+
+ rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return rc;
+
+ init_membuf (&data, 1024);
+ gk_parm.ctrl = ctrl;
+ gk_parm.ctx = agent_ctx;
+ gk_parm.sexp = keyparms;
+ gk_parm.sexplen = gcry_sexp_canon_len (keyparms, 0, NULL, NULL);
+ if (!gk_parm.sexplen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ rc = assuan_transact (agent_ctx, "GENKEY",
+ membuf_data_cb, &data,
+ inq_genkey_parms, &gk_parm, NULL, NULL);
+ if (rc)
+ {
+ xfree (get_membuf (&data, &len));
+ return rc;
+ }
+ buf = get_membuf (&data, &len);
+ if (!buf)
+ return gpg_error (GPG_ERR_ENOMEM);
+ if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
+ {
+ xfree (buf);
+ return gpg_error (GPG_ERR_INV_SEXP);
+ }
+ *r_pubkey = buf;
+ return 0;
+}
+
+
+/* Call the agent to read the public key part for a given keygrip. If
+ FROMCARD is true, the key is directly read from the current
+ smartcard. In this case HEXKEYGRIP should be the keyID
+ (e.g. OPENPGP.3). */
+int
+gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
+ ksba_sexp_t *r_pubkey)
+{
+ int rc;
+ membuf_t data;
+ size_t len;
+ unsigned char *buf;
+ char line[ASSUAN_LINELENGTH];
+
+ *r_pubkey = NULL;
+ rc = start_agent (ctrl);
+ if (rc)
+ return rc;
+
+ rc = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return rc;
+
+ snprintf (line, DIM(line)-1, "%sREADKEY %s",
+ fromcard? "SCD ":"", hexkeygrip);
+ line[DIM(line)-1] = 0;
+
+ init_membuf (&data, 1024);
+ rc = assuan_transact (agent_ctx, line,
+ membuf_data_cb, &data,
+ default_inq_cb, ctrl, NULL, NULL);
+ if (rc)
+ {
+ xfree (get_membuf (&data, &len));
+ return rc;
+ }
+ buf = get_membuf (&data, &len);
+ if (!buf)
+ return gpg_error (GPG_ERR_ENOMEM);
+ if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
+ {
+ xfree (buf);
+ return gpg_error (GPG_ERR_INV_SEXP);
+ }
+ *r_pubkey = buf;
+ return 0;
+}
+
+
+
+/* Take the serial number from LINE and return it verbatim in a newly
+ allocated string. We make sure that only hex characters are
+ returned. */
+static char *
+store_serialno (const char *line)
+{
+ const char *s;
+ char *p;
+
+ for (s=line; hexdigitp (s); s++)
+ ;
+ p = xtrymalloc (s + 1 - line);
+ if (p)
+ {
+ memcpy (p, line, s-line);
+ p[s-line] = 0;
+ }
+ return p;
+}
+
+
+/* Callback for the gpgsm_agent_serialno fucntion. */
+static gpg_error_t
+scd_serialno_status_cb (void *opaque, const char *line)
+{
+ char **r_serialno = opaque;
+ const char *keyword = line;
+ int keywordlen;
+
+ for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+ ;
+ while (spacep (line))
+ line++;
+
+ if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
+ {
+ xfree (*r_serialno);
+ *r_serialno = store_serialno (line);
+ }
+
+ return 0;
+}
+
+
+/* Call the agent to read the serial number of the current card. */
+int
+gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno)
+{
+ int rc;
+ char *serialno = NULL;
+
+ *r_serialno = NULL;
+ rc = start_agent (ctrl);
+ if (rc)
+ return rc;
+
+ rc = assuan_transact (agent_ctx, "SCD SERIALNO",
+ NULL, NULL,
+ default_inq_cb, ctrl,
+ scd_serialno_status_cb, &serialno);
+ if (!rc && !serialno)
+ rc = gpg_error (GPG_ERR_INTERNAL);
+ if (rc)
+ {
+ xfree (serialno);
+ return rc;
+ }
+ *r_serialno = serialno;
+ return 0;
+}
+
+
+
+/* Callback for the gpgsm_agent_serialno fucntion. */
+static gpg_error_t
+scd_keypairinfo_status_cb (void *opaque, const char *line)
+{
+ strlist_t *listaddr = opaque;
+ const char *keyword = line;
+ int keywordlen;
+ strlist_t sl;
+ char *p;
+
+ for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
+ ;
+ while (spacep (line))
+ line++;
+
+ if (keywordlen == 11 && !memcmp (keyword, "KEYPAIRINFO", keywordlen))
+ {
+ sl = append_to_strlist (listaddr, line);
+ p = sl->d;
+ /* Make sure that we only have two tokes so that future
+ extensions of the format won't change the format expected by
+ the caller. */
+ while (*p && !spacep (p))
+ p++;
+ if (*p)
+ {
+ while (spacep (p))
+ p++;
+ while (*p && !spacep (p))
+ p++;
+ *p = 0;
+ }
+ }
+
+ return 0;
+}
+
+
+/* Call the agent to read the keypairinfo lines of the current card.
+ The list is returned as a string made up of the keygrip, a space
+ and the keyid. */
+int
+gpgsm_agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list)
+{
+ int rc;
+ strlist_t list = NULL;
+
+ *r_list = NULL;
+ rc = start_agent (ctrl);
+ if (rc)
+ return rc;
+
+ rc = assuan_transact (agent_ctx, "SCD LEARN --force",
+ NULL, NULL,
+ default_inq_cb, ctrl,
+ scd_keypairinfo_status_cb, &list);
+ if (!rc && !list)
+ rc = gpg_error (GPG_ERR_NO_DATA);
+ if (rc)
+ {
+ free_strlist (list);
+ return rc;
+ }
+ *r_list = list;
+ return 0;
+}
+
+
+
+static gpg_error_t
+istrusted_status_cb (void *opaque, const char *line)
+{
+ struct rootca_flags_s *flags = opaque;
+
+ if (!strncmp (line, "TRUSTLISTFLAG", 13) && (line[13]==' ' || !line[13]))
+ {
+ for (line += 13; *line == ' '; line++)
+ ;
+ if (!strncmp (line, "relax", 5) && (line[5] == ' ' || !line[5]))
+ flags->relax = 1;
+ else if (!strncmp (line, "cm", 2) && (line[2] == ' ' || !line[2]))
+ flags->chain_model = 1;
+ }
+ return 0;
+}
+
+
+
+/* Ask the agent whether the certificate is in the list of trusted
+ keys. The certificate is either specified by the CERT object or by
+ the fingerprint HEXFPR. ROOTCA_FLAGS is guaranteed to be cleared
+ on error. */
+int
+gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, const char *hexfpr,
+ struct rootca_flags_s *rootca_flags)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+
+ memset (rootca_flags, 0, sizeof *rootca_flags);
+
+ if (cert && hexfpr)
+ return gpg_error (GPG_ERR_INV_ARG);
+
+ rc = start_agent (ctrl);
+ if (rc)
+ return rc;
+
+ if (hexfpr)
+ {
+ snprintf (line, DIM(line)-1, "ISTRUSTED %s", hexfpr);
+ line[DIM(line)-1] = 0;
+ }
+ else
+ {
+ char *fpr;
+
+ fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+ if (!fpr)
+ {
+ log_error ("error getting the fingerprint\n");
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+
+ snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr);
+ line[DIM(line)-1] = 0;
+ xfree (fpr);
+ }
+
+ rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
+ istrusted_status_cb, rootca_flags);
+ if (!rc)
+ rootca_flags->valid = 1;
+ return rc;
+}
+
+/* Ask the agent to mark CERT as a trusted Root-CA one */
+int
+gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert)
+{
+ int rc;
+ char *fpr, *dn, *dnfmt;
+ char line[ASSUAN_LINELENGTH];
+
+ rc = start_agent (ctrl);
+ if (rc)
+ return rc;
+
+ fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+ if (!fpr)
+ {
+ log_error ("error getting the fingerprint\n");
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+
+ dn = ksba_cert_get_issuer (cert, 0);
+ if (!dn)
+ {
+ xfree (fpr);
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+ dnfmt = gpgsm_format_name2 (dn, 0);
+ xfree (dn);
+ if (!dnfmt)
+ return gpg_error_from_syserror ();
+ snprintf (line, DIM(line)-1, "MARKTRUSTED %s S %s", fpr, dnfmt);
+ line[DIM(line)-1] = 0;
+ ksba_free (dnfmt);
+ xfree (fpr);
+
+ rc = assuan_transact (agent_ctx, line, NULL, NULL,
+ default_inq_cb, ctrl, NULL, NULL);
+ return rc;
+}
+
+
+
+/* Ask the agent whether the a corresponding secret key is available
+ for the given keygrip */
+int
+gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+
+ rc = start_agent (ctrl);
+ if (rc)
+ return rc;
+
+ if (!hexkeygrip || strlen (hexkeygrip) != 40)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ snprintf (line, DIM(line)-1, "HAVEKEY %s", hexkeygrip);
+ line[DIM(line)-1] = 0;
+
+ rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ return rc;
+}
+
+
+static gpg_error_t
+learn_status_cb (void *opaque, const char *line)
+{
+ struct learn_parm_s *parm = opaque;
+
+ /* Pass progress data to the caller. */
+ if (!strncmp (line, "PROGRESS", 8) && (line[8]==' ' || !line[8]))
+ {
+ if (parm->ctrl)
+ {
+ for (line += 8; *line == ' '; line++)
+ ;
+ if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
+ return gpg_error (GPG_ERR_ASS_CANCELED);
+ }
+ }
+ return 0;
+}
+
+static gpg_error_t
+learn_cb (void *opaque, const void *buffer, size_t length)
+{
+ struct learn_parm_s *parm = opaque;
+ size_t len;
+ char *buf;
+ ksba_cert_t cert;
+ int rc;
+
+ if (parm->error)
+ return 0;
+
+ if (buffer)
+ {
+ put_membuf (parm->data, buffer, length);
+ return 0;
+ }
+ /* END encountered - process what we have */
+ buf = get_membuf (parm->data, &len);
+ if (!buf)
+ {
+ parm->error = gpg_error (GPG_ERR_ENOMEM);
+ return 0;
+ }
+
+ if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, "learncard C 0 0"))
+ return gpg_error (GPG_ERR_ASS_CANCELED);
+
+ /* FIXME: this should go into import.c */
+ rc = ksba_cert_new (&cert);
+ if (rc)
+ {
+ parm->error = rc;
+ return 0;
+ }
+ rc = ksba_cert_init_from_mem (cert, buf, len);
+ if (rc)
+ {
+ log_error ("failed to parse a certificate: %s\n", gpg_strerror (rc));
+ ksba_cert_release (cert);
+ parm->error = rc;
+ return 0;
+ }
+
+ /* We do not store a certifciate with missing issuers as ephemeral
+ because we can assume that the --learn-card command has been used
+ on purpose. */
+ rc = gpgsm_basic_cert_check (parm->ctrl, cert);
+ if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT
+ && gpg_err_code (rc) != GPG_ERR_MISSING_ISSUER_CERT)
+ log_error ("invalid certificate: %s\n", gpg_strerror (rc));
+ else
+ {
+ int existed;
+
+ if (!keydb_store_cert (cert, 0, &existed))
+ {
+ if (opt.verbose > 1 && existed)
+ log_info ("certificate already in DB\n");
+ else if (opt.verbose && !existed)
+ log_info ("certificate imported\n");
+ }
+ }
+
+ ksba_cert_release (cert);
+ init_membuf (parm->data, 4096);
+ return 0;
+}
+
+/* Call the agent to learn about a smartcard */
+int
+gpgsm_agent_learn (ctrl_t ctrl)
+{
+ int rc;
+ struct learn_parm_s learn_parm;
+ membuf_t data;
+ size_t len;
+
+ rc = start_agent (ctrl);
+ if (rc)
+ return rc;
+
+ init_membuf (&data, 4096);
+ learn_parm.error = 0;
+ learn_parm.ctrl = ctrl;
+ learn_parm.ctx = agent_ctx;
+ learn_parm.data = &data;
+ rc = assuan_transact (agent_ctx, "LEARN --send",
+ learn_cb, &learn_parm,
+ NULL, NULL,
+ learn_status_cb, &learn_parm);
+ xfree (get_membuf (&data, &len));
+ if (rc)
+ return rc;
+ return learn_parm.error;
+}
+
+
+/* Ask the agent to change the passphrase of the key identified by
+ HEXKEYGRIP. If DESC is not NULL, display instead of the default
+ description message. */
+int
+gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+
+ rc = start_agent (ctrl);
+ if (rc)
+ return rc;
+
+ if (!hexkeygrip || strlen (hexkeygrip) != 40)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ if (desc)
+ {
+ snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (agent_ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return rc;
+ }
+
+ snprintf (line, DIM(line)-1, "PASSWD %s", hexkeygrip);
+ line[DIM(line)-1] = 0;
+
+ rc = assuan_transact (agent_ctx, line, NULL, NULL,
+ default_inq_cb, ctrl, NULL, NULL);
+ return rc;
+}
+
+
+
+/* Ask the agent to pop up a confirmation dialog with the text DESC
+ and an okay and cancel button. */
+gpg_error_t
+gpgsm_agent_get_confirmation (ctrl_t ctrl, const char *desc)
+{
+ int rc;
+ char line[ASSUAN_LINELENGTH];
+
+ rc = start_agent (ctrl);
+ if (rc)
+ return rc;
+
+ snprintf (line, DIM(line)-1, "GET_CONFIRMATION %s", desc);
+ line[DIM(line)-1] = 0;
+
+ rc = assuan_transact (agent_ctx, line, NULL, NULL,
+ default_inq_cb, ctrl, NULL, NULL);
+ return rc;
+}
+
+
+
+/* Return 0 if the agent is alive. This is useful to make sure that
+ an agent has been started. */
+gpg_error_t
+gpgsm_agent_send_nop (ctrl_t ctrl)
+{
+ int rc;
+
+ rc = start_agent (ctrl);
+ if (!rc)
+ rc = assuan_transact (agent_ctx, "NOP",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ return rc;
+}
+
+
+
+static gpg_error_t
+keyinfo_status_cb (void *opaque, const char *line)
+{
+ char **serialno = opaque;
+ const char *s, *s2;
+
+ if (!strncmp (line, "KEYINFO ", 8) && !*serialno)
+ {
+ s = strchr (line+8, ' ');
+ if (s && s[1] == 'T' && s[2] == ' ' && s[3])
+ {
+ s += 3;
+ s2 = strchr (s, ' ');
+ if ( s2 > s )
+ {
+ *serialno = xtrymalloc ((s2 - s)+1);
+ if (*serialno)
+ {
+ memcpy (*serialno, s, s2 - s);
+ (*serialno)[s2 - s] = 0;
+ }
+ }
+ }
+ }
+ return 0;
+}
+
+/* Return the serial number for a secret key. If the returned serial
+ number is NULL, the key is not stored on a smartcard. Caller needs
+ to free R_SERIALNO. */
+gpg_error_t
+gpgsm_agent_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno)
+{
+ gpg_error_t err;
+ char line[ASSUAN_LINELENGTH];
+ char *serialno = NULL;
+
+ *r_serialno = NULL;
+
+ err = start_agent (ctrl);
+ if (err)
+ return err;
+
+ if (!hexkeygrip || strlen (hexkeygrip) != 40)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ snprintf (line, DIM(line)-1, "KEYINFO %s", hexkeygrip);
+ line[DIM(line)-1] = 0;
+
+ err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
+ keyinfo_status_cb, &serialno);
+ if (!err && serialno)
+ {
+ /* Sanity check for bad characters. */
+ if (strpbrk (serialno, ":\n\r"))
+ err = GPG_ERR_INV_VALUE;
+ }
+ if (err)
+ xfree (serialno);
+ else
+ *r_serialno = serialno;
+ return err;
+}
+
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
new file mode 100644
index 0000000..6540a8f
--- /dev/null
+++ b/sm/call-dirmngr.c
@@ -0,0 +1,1126 @@
+/* call-dirmngr.c - communication with the dromngr
+ * Copyright (C) 2002, 2003, 2005, 2007, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+#include <ctype.h>
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <assuan.h>
+
+#include "i18n.h"
+#include "keydb.h"
+
+
+struct membuf {
+ size_t len;
+ size_t size;
+ char *buf;
+ int out_of_core;
+};
+
+
+
+/* fixme: We need a context for each thread or serialize the access to
+ the dirmngr. */
+static assuan_context_t dirmngr_ctx = NULL;
+static assuan_context_t dirmngr2_ctx = NULL;
+
+static int dirmngr_ctx_locked;
+static int dirmngr2_ctx_locked;
+
+static int force_pipe_server = 0;
+
+struct inq_certificate_parm_s {
+ ctrl_t ctrl;
+ assuan_context_t ctx;
+ ksba_cert_t cert;
+ ksba_cert_t issuer_cert;
+};
+
+struct isvalid_status_parm_s {
+ ctrl_t ctrl;
+ int seen;
+ unsigned char fpr[20];
+};
+
+
+struct lookup_parm_s {
+ ctrl_t ctrl;
+ assuan_context_t ctx;
+ void (*cb)(void *, ksba_cert_t);
+ void *cb_value;
+ struct membuf data;
+ int error;
+};
+
+struct run_command_parm_s {
+ assuan_context_t ctx;
+};
+
+
+
+static gpg_error_t get_cached_cert (assuan_context_t ctx,
+ const unsigned char *fpr,
+ ksba_cert_t *r_cert);
+
+
+
+/* A simple implementation of a dynamic buffer. Use init_membuf() to
+ create a buffer, put_membuf to append bytes and get_membuf to
+ release and return the buffer. Allocation errors are detected but
+ only returned at the final get_membuf(), this helps not to clutter
+ the code with out of core checks. */
+
+static void
+init_membuf (struct membuf *mb, int initiallen)
+{
+ mb->len = 0;
+ mb->size = initiallen;
+ mb->out_of_core = 0;
+ mb->buf = xtrymalloc (initiallen);
+ if (!mb->buf)
+ mb->out_of_core = 1;
+}
+
+static void
+put_membuf (struct membuf *mb, const void *buf, size_t len)
+{
+ if (mb->out_of_core)
+ return;
+
+ if (mb->len + len >= mb->size)
+ {
+ char *p;
+
+ mb->size += len + 1024;
+ p = xtryrealloc (mb->buf, mb->size);
+ if (!p)
+ {
+ mb->out_of_core = 1;
+ return;
+ }
+ mb->buf = p;
+ }
+ memcpy (mb->buf + mb->len, buf, len);
+ mb->len += len;
+}
+
+static void *
+get_membuf (struct membuf *mb, size_t *len)
+{
+ char *p;
+
+ if (mb->out_of_core)
+ {
+ xfree (mb->buf);
+ mb->buf = NULL;
+ return NULL;
+ }
+
+ p = mb->buf;
+ *len = mb->len;
+ mb->buf = NULL;
+ mb->out_of_core = 1; /* don't allow a reuse */
+ return p;
+}
+
+
+/* This function prepares the dirmngr for a new session. The
+ audit-events option is used so that other dirmngr clients won't get
+ disturbed by such events. */
+static void
+prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
+{
+ struct keyserver_spec *server;
+
+ if (!err)
+ {
+ err = assuan_transact (ctx, "OPTION audit-events=1",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
+ err = 0; /* Allow the use of old dirmngr versions. */
+ }
+ audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err);
+
+ if (!ctx || err)
+ return;
+
+ server = opt.keyserver;
+ while (server)
+ {
+ char line[ASSUAN_LINELENGTH];
+ char *user = server->user ? server->user : "";
+ char *pass = server->pass ? server->pass : "";
+ char *base = server->base ? server->base : "";
+
+ snprintf (line, DIM (line) - 1, "LDAPSERVER %s:%i:%s:%s:%s",
+ server->host, server->port, user, pass, base);
+ line[DIM (line) - 1] = 0;
+
+ err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (gpg_err_code (err) == GPG_ERR_ASS_UNKNOWN_CMD)
+ err = 0; /* Allow the use of old dirmngr versions. */
+
+ server = server->next;
+ }
+}
+
+
+
+/* Try to connect to the agent via socket or fork it off and work by
+ pipes. Handle the server's initial greeting */
+static int
+start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
+{
+ int rc;
+ char *infostr, *p;
+ assuan_context_t ctx = NULL;
+ int try_default = 0;
+
+ if (opt.disable_dirmngr)
+ return gpg_error (GPG_ERR_NO_DIRMNGR);
+
+ if (*ctx_r)
+ return 0;
+
+ /* Note: if you change this to multiple connections, you also need
+ to take care of the implicit option sending caching. */
+
+#ifdef HAVE_W32_SYSTEM
+ infostr = NULL;
+ opt.prefer_system_dirmngr = 1;
+#else
+ infostr = force_pipe_server? NULL : getenv ("DIRMNGR_INFO");
+#endif /*HAVE_W32_SYSTEM*/
+ if (infostr && !*infostr)
+ infostr = NULL;
+ else if (infostr)
+ infostr = xstrdup (infostr);
+
+ if (opt.prefer_system_dirmngr && !force_pipe_server && !infostr)
+ {
+ infostr = xstrdup (dirmngr_socket_name ());
+ try_default = 1;
+ }
+
+ rc = assuan_new (&ctx);
+ if (rc)
+ {
+ log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+
+ if (!infostr)
+ {
+ const char *pgmname;
+ const char *argv[3];
+ int no_close_list[3];
+ int i;
+
+ if (!opt.dirmngr_program || !*opt.dirmngr_program)
+ opt.dirmngr_program = gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR);
+ if ( !(pgmname = strrchr (opt.dirmngr_program, '/')))
+ pgmname = opt.dirmngr_program;
+ else
+ pgmname++;
+
+ if (opt.verbose)
+ log_info (_("no running dirmngr - starting `%s'\n"),
+ opt.dirmngr_program);
+
+ if (fflush (NULL))
+ {
+ gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
+ log_error ("error flushing pending output: %s\n", strerror (errno));
+ return tmperr;
+ }
+
+ argv[0] = pgmname;
+ argv[1] = "--server";
+ argv[2] = NULL;
+
+ i=0;
+ if (log_get_fd () != -1)
+ no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
+ no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
+ no_close_list[i] = -1;
+
+ /* connect to the agent and perform initial handshaking */
+ rc = assuan_pipe_connect (ctx, opt.dirmngr_program, argv,
+ no_close_list, NULL, NULL, 0);
+ }
+ else
+ {
+ int prot;
+ int pid;
+
+ if (!try_default)
+ {
+ if ( !(p = strchr (infostr, PATHSEP_C)) || p == infostr)
+ {
+ log_error (_("malformed DIRMNGR_INFO environment variable\n"));
+ xfree (infostr);
+ force_pipe_server = 1;
+ return start_dirmngr_ext (ctrl, ctx_r);
+ }
+ *p++ = 0;
+ pid = atoi (p);
+ while (*p && *p != PATHSEP_C)
+ p++;
+ prot = *p? atoi (p+1) : 0;
+ if (prot != 1)
+ {
+ log_error (_("dirmngr protocol version %d is not supported\n"),
+ prot);
+ xfree (infostr);
+ force_pipe_server = 1;
+ return start_dirmngr_ext (ctrl, ctx_r);
+ }
+ }
+ else
+ pid = -1;
+
+ rc = assuan_socket_connect (ctx, infostr, pid, 0);
+#ifdef HAVE_W32_SYSTEM
+ if (rc)
+ log_debug ("connecting dirmngr at `%s' failed\n", infostr);
+#endif
+
+ xfree (infostr);
+#ifndef HAVE_W32_SYSTEM
+ if (gpg_err_code (rc) == GPG_ERR_ASS_CONNECT_FAILED)
+ {
+ log_info (_("can't connect to the dirmngr - trying fall back\n"));
+ force_pipe_server = 1;
+ return start_dirmngr_ext (ctrl, ctx_r);
+ }
+#endif /*!HAVE_W32_SYSTEM*/
+ }
+
+ prepare_dirmngr (ctrl, ctx, rc);
+
+ if (rc)
+ {
+ assuan_release (ctx);
+ log_error ("can't connect to the dirmngr: %s\n", gpg_strerror (rc));
+ return gpg_error (GPG_ERR_NO_DIRMNGR);
+ }
+ *ctx_r = ctx;
+
+ if (DBG_ASSUAN)
+ log_debug ("connection to dirmngr established\n");
+ return 0;
+}
+
+
+static int
+start_dirmngr (ctrl_t ctrl)
+{
+ gpg_error_t err;
+
+ assert (! dirmngr_ctx_locked);
+ dirmngr_ctx_locked = 1;
+
+ err = start_dirmngr_ext (ctrl, &dirmngr_ctx);
+ /* We do not check ERR but the existance of a context because the
+ error might come from a failed command send to the dirmngr.
+ Fixme: Why don't we close the drimngr context if we encountered
+ an error in prepare_dirmngr? */
+ if (!dirmngr_ctx)
+ dirmngr_ctx_locked = 0;
+ return err;
+}
+
+
+static void
+release_dirmngr (ctrl_t ctrl)
+{
+ (void)ctrl;
+
+ if (!dirmngr_ctx_locked)
+ log_error ("WARNING: trying to release a non-locked dirmngr ctx\n");
+ dirmngr_ctx_locked = 0;
+}
+
+
+static int
+start_dirmngr2 (ctrl_t ctrl)
+{
+ gpg_error_t err;
+
+ assert (! dirmngr2_ctx_locked);
+ dirmngr2_ctx_locked = 1;
+
+ err = start_dirmngr_ext (ctrl, &dirmngr2_ctx);
+ if (!dirmngr2_ctx)
+ dirmngr2_ctx_locked = 0;
+ return err;
+}
+
+
+static void
+release_dirmngr2 (ctrl_t ctrl)
+{
+ (void)ctrl;
+
+ if (!dirmngr2_ctx_locked)
+ log_error ("WARNING: trying to release a non-locked dirmngr2 ctx\n");
+ dirmngr2_ctx_locked = 0;
+}
+
+
+
+/* Handle a SENDCERT inquiry. */
+static gpg_error_t
+inq_certificate (void *opaque, const char *line)
+{
+ struct inq_certificate_parm_s *parm = opaque;
+ int rc;
+ const unsigned char *der;
+ size_t derlen;
+ int issuer_mode = 0;
+ ksba_sexp_t ski = NULL;
+
+ if (!strncmp (line, "SENDCERT", 8) && (line[8] == ' ' || !line[8]))
+ {
+ line += 8;
+ }
+ else if (!strncmp (line, "SENDCERT_SKI", 12) && (line[12]==' ' || !line[12]))
+ {
+ size_t n;
+
+ /* Send a certificate where a sourceKeyIdentifier is included. */
+ line += 12;
+ while (*line == ' ')
+ line++;
+ ski = make_simple_sexp_from_hexstr (line, &n);
+ line += n;
+ while (*line == ' ')
+ line++;
+ }
+ else if (!strncmp (line, "SENDISSUERCERT", 14)
+ && (line[14] == ' ' || !line[14]))
+ {
+ line += 14;
+ issuer_mode = 1;
+ }
+ else if (!strncmp (line, "ISTRUSTED", 9) && (line[9]==' ' || !line[9]))
+ {
+ /* The server is asking us whether the certificate is a trusted
+ root certificate. */
+ const char *s;
+ size_t n;
+ char fpr[41];
+ struct rootca_flags_s rootca_flags;
+
+ line += 9;
+ while (*line == ' ')
+ line++;
+
+ for (s=line,n=0; hexdigitp (s); s++, n++)
+ ;
+ if (*s || n != 40)
+ return gpg_error (GPG_ERR_ASS_PARAMETER);
+ for (s=line, n=0; n < 40; s++, n++)
+ fpr[n] = (*s >= 'a')? (*s & 0xdf): *s;
+ fpr[n] = 0;
+
+ if (!gpgsm_agent_istrusted (parm->ctrl, NULL, fpr, &rootca_flags))
+ rc = assuan_send_data (parm->ctx, "1", 1);
+ else
+ rc = 0;
+ return rc;
+ }
+ else
+ {
+ log_error ("unsupported inquiry `%s'\n", line);
+ return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
+ }
+
+ if (!*line)
+ { /* Send the current certificate. */
+ der = ksba_cert_get_image (issuer_mode? parm->issuer_cert : parm->cert,
+ &derlen);
+ if (!der)
+ rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
+ else
+ rc = assuan_send_data (parm->ctx, der, derlen);
+ }
+ else if (issuer_mode)
+ {
+ log_error ("sending specific issuer certificate back "
+ "is not yet implemented\n");
+ rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
+ }
+ else
+ { /* Send the given certificate. */
+ int err;
+ ksba_cert_t cert;
+
+
+ err = gpgsm_find_cert (line, ski, &cert);
+ if (err)
+ {
+ log_error ("certificate not found: %s\n", gpg_strerror (err));
+ rc = gpg_error (GPG_ERR_NOT_FOUND);
+ }
+ else
+ {
+ der = ksba_cert_get_image (cert, &derlen);
+ if (!der)
+ rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
+ else
+ rc = assuan_send_data (parm->ctx, der, derlen);
+ ksba_cert_release (cert);
+ }
+ }
+
+ xfree (ski);
+ return rc;
+}
+
+
+/* Take a 20 byte hexencoded string and put it into the the provided
+ 20 byte buffer FPR in binary format. */
+static int
+unhexify_fpr (const char *hexstr, unsigned char *fpr)
+{
+ const char *s;
+ int n;
+
+ for (s=hexstr, n=0; hexdigitp (s); s++, n++)
+ ;
+ if (*s || (n != 40))
+ return 0; /* no fingerprint (invalid or wrong length). */
+ n /= 2;
+ for (s=hexstr, n=0; *s; s += 2, n++)
+ fpr[n] = xtoi_2 (s);
+ return 1; /* okay */
+}
+
+
+static gpg_error_t
+isvalid_status_cb (void *opaque, const char *line)
+{
+ struct isvalid_status_parm_s *parm = opaque;
+
+ if (!strncmp (line, "PROGRESS", 8) && (line[8]==' ' || !line[8]))
+ {
+ if (parm->ctrl)
+ {
+ for (line += 8; *line == ' '; line++)
+ ;
+ if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
+ return gpg_error (GPG_ERR_ASS_CANCELED);
+ }
+ }
+ else if (!strncmp (line, "ONLY_VALID_IF_CERT_VALID", 24)
+ && (line[24]==' ' || !line[24]))
+ {
+ parm->seen++;
+ if (!line[24] || !unhexify_fpr (line+25, parm->fpr))
+ parm->seen++; /* Bumb it to indicate an error. */
+ }
+ return 0;
+}
+
+
+
+
+/* Call the directory manager to check whether the certificate is valid
+ Returns 0 for valid or usually one of the errors:
+
+ GPG_ERR_CERTIFICATE_REVOKED
+ GPG_ERR_NO_CRL_KNOWN
+ GPG_ERR_CRL_TOO_OLD
+
+ Values for USE_OCSP:
+ 0 = Do CRL check.
+ 1 = Do an OCSP check.
+ 2 = Do an OCSP check using only the default responder.
+ */
+int
+gpgsm_dirmngr_isvalid (ctrl_t ctrl,
+ ksba_cert_t cert, ksba_cert_t issuer_cert, int use_ocsp)
+{
+ static int did_options;
+ int rc;
+ char *certid;
+ char line[ASSUAN_LINELENGTH];
+ struct inq_certificate_parm_s parm;
+ struct isvalid_status_parm_s stparm;
+
+ rc = start_dirmngr (ctrl);
+ if (rc)
+ return rc;
+
+ if (use_ocsp)
+ {
+ certid = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+ }
+ else
+ {
+ certid = gpgsm_get_certid (cert);
+ if (!certid)
+ {
+ log_error ("error getting the certificate ID\n");
+ release_dirmngr (ctrl);
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+ }
+
+ if (opt.verbose > 1)
+ {
+ char *fpr = gpgsm_get_fingerprint_string (cert, GCRY_MD_SHA1);
+ log_info ("asking dirmngr about %s%s\n", fpr,
+ use_ocsp? " (using OCSP)":"");
+ xfree (fpr);
+ }
+
+ parm.ctx = dirmngr_ctx;
+ parm.ctrl = ctrl;
+ parm.cert = cert;
+ parm.issuer_cert = issuer_cert;
+
+ stparm.ctrl = ctrl;
+ stparm.seen = 0;
+ memset (stparm.fpr, 0, 20);
+
+ /* FIXME: If --disable-crl-checks has been set, we should pass an
+ option to dirmngr, so that no fallback CRL check is done after an
+ ocsp check. It is not a problem right now as dirmngr does not
+ fallback to CRL checking. */
+
+ /* It is sufficient to send the options only once because we have
+ one connection per process only. */
+ if (!did_options)
+ {
+ if (opt.force_crl_refresh)
+ assuan_transact (dirmngr_ctx, "OPTION force-crl-refresh=1",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ did_options = 1;
+ }
+ snprintf (line, DIM(line)-1, "ISVALID%s %s",
+ use_ocsp == 2? " --only-ocsp --force-default-responder":"",
+ certid);
+ line[DIM(line)-1] = 0;
+ xfree (certid);
+
+ rc = assuan_transact (dirmngr_ctx, line, NULL, NULL,
+ inq_certificate, &parm,
+ isvalid_status_cb, &stparm);
+ if (opt.verbose > 1)
+ log_info ("response of dirmngr: %s\n", rc? gpg_strerror (rc): "okay");
+ rc = rc;
+
+ if (!rc && stparm.seen)
+ {
+ /* Need to also check the certificate validity. */
+ if (stparm.seen != 1)
+ {
+ log_error ("communication problem with dirmngr detected\n");
+ rc = gpg_error (GPG_ERR_INV_CRL);
+ }
+ else
+ {
+ ksba_cert_t rspcert = NULL;
+
+ if (get_cached_cert (dirmngr_ctx, stparm.fpr, &rspcert))
+ {
+ /* Ooops: Something went wrong getting the certificate
+ from the dirmngr. Try our own cert store now. */
+ KEYDB_HANDLE kh;
+
+ kh = keydb_new (0);
+ if (!kh)
+ rc = gpg_error (GPG_ERR_ENOMEM);
+ if (!rc)
+ rc = keydb_search_fpr (kh, stparm.fpr);
+ if (!rc)
+ rc = keydb_get_cert (kh, &rspcert);
+ if (rc)
+ {
+ log_error ("unable to find the certificate used "
+ "by the dirmngr: %s\n", gpg_strerror (rc));
+ rc = gpg_error (GPG_ERR_INV_CRL);
+ }
+ keydb_release (kh);
+ }
+
+ if (!rc)
+ {
+ rc = gpgsm_cert_use_ocsp_p (rspcert);
+ if (rc)
+ rc = gpg_error (GPG_ERR_INV_CRL);
+ else
+ {
+ /* Note the no_dirmngr flag: This avoids checking
+ this certificate over and over again. */
+ rc = gpgsm_validate_chain (ctrl, rspcert, "", NULL, 0, NULL,
+ VALIDATE_FLAG_NO_DIRMNGR, NULL);
+ if (rc)
+ {
+ log_error ("invalid certificate used for CRL/OCSP: %s\n",
+ gpg_strerror (rc));
+ rc = gpg_error (GPG_ERR_INV_CRL);
+ }
+ }
+ }
+ ksba_cert_release (rspcert);
+ }
+ }
+ release_dirmngr (ctrl);
+ return rc;
+}
+
+
+
+/* Lookup helpers*/
+static gpg_error_t
+lookup_cb (void *opaque, const void *buffer, size_t length)
+{
+ struct lookup_parm_s *parm = opaque;
+ size_t len;
+ char *buf;
+ ksba_cert_t cert;
+ int rc;
+
+ if (parm->error)
+ return 0;
+
+ if (buffer)
+ {
+ put_membuf (&parm->data, buffer, length);
+ return 0;
+ }
+ /* END encountered - process what we have */
+ buf = get_membuf (&parm->data, &len);
+ if (!buf)
+ {
+ parm->error = gpg_error (GPG_ERR_ENOMEM);
+ return 0;
+ }
+
+ rc = ksba_cert_new (&cert);
+ if (rc)
+ {
+ parm->error = rc;
+ return 0;
+ }
+ rc = ksba_cert_init_from_mem (cert, buf, len);
+ if (rc)
+ {
+ log_error ("failed to parse a certificate: %s\n", gpg_strerror (rc));
+ }
+ else
+ {
+ parm->cb (parm->cb_value, cert);
+ }
+
+ ksba_cert_release (cert);
+ init_membuf (&parm->data, 4096);
+ return 0;
+}
+
+/* Return a properly escaped pattern from NAMES. The only error
+ return is NULL to indicate a malloc failure. */
+static char *
+pattern_from_strlist (strlist_t names)
+{
+ strlist_t sl;
+ int n;
+ const char *s;
+ char *pattern, *p;
+
+ for (n=0, sl=names; sl; sl = sl->next)
+ {
+ for (s=sl->d; *s; s++, n++)
+ {
+ if (*s == '%' || *s == ' ' || *s == '+')
+ n += 2;
+ }
+ n++;
+ }
+
+ p = pattern = xtrymalloc (n+1);
+ if (!pattern)
+ return NULL;
+
+ for (sl=names; sl; sl = sl->next)
+ {
+ for (s=sl->d; *s; s++)
+ {
+ switch (*s)
+ {
+ case '%':
+ *p++ = '%';
+ *p++ = '2';
+ *p++ = '5';
+ break;
+ case ' ':
+ *p++ = '%';
+ *p++ = '2';
+ *p++ = '0';
+ break;
+ case '+':
+ *p++ = '%';
+ *p++ = '2';
+ *p++ = 'B';
+ break;
+ default:
+ *p++ = *s;
+ break;
+ }
+ }
+ *p++ = ' ';
+ }
+ if (p == pattern)
+ *pattern = 0; /* is empty */
+ else
+ p[-1] = '\0'; /* remove trailing blank */
+
+ return pattern;
+}
+
+static gpg_error_t
+lookup_status_cb (void *opaque, const char *line)
+{
+ struct lookup_parm_s *parm = opaque;
+
+ if (!strncmp (line, "PROGRESS", 8) && (line[8]==' ' || !line[8]))
+ {
+ if (parm->ctrl)
+ {
+ for (line += 8; *line == ' '; line++)
+ ;
+ if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
+ return gpg_error (GPG_ERR_ASS_CANCELED);
+ }
+ }
+ else if (!strncmp (line, "TRUNCATED", 9) && (line[9]==' ' || !line[9]))
+ {
+ if (parm->ctrl)
+ {
+ for (line +=9; *line == ' '; line++)
+ ;
+ gpgsm_status (parm->ctrl, STATUS_TRUNCATED, line);
+ }
+ }
+ return 0;
+}
+
+
+/* Run the Directory Manager's lookup command using the pattern
+ compiled from the strings given in NAMES. The caller must provide
+ the callback CB which will be passed cert by cert. Note that CTRL
+ is optional. With CACHE_ONLY the dirmngr will search only its own
+ key cache. */
+int
+gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only,
+ void (*cb)(void*, ksba_cert_t), void *cb_value)
+{
+ int rc;
+ char *pattern;
+ char line[ASSUAN_LINELENGTH];
+ struct lookup_parm_s parm;
+ size_t len;
+ assuan_context_t ctx;
+
+ /* The lookup function can be invoked from the callback of a lookup
+ function, for example to walk the chain. */
+ if (!dirmngr_ctx_locked)
+ {
+ rc = start_dirmngr (ctrl);
+ if (rc)
+ return rc;
+ ctx = dirmngr_ctx;
+ }
+ else if (!dirmngr2_ctx_locked)
+ {
+ rc = start_dirmngr2 (ctrl);
+ if (rc)
+ return rc;
+ ctx = dirmngr2_ctx;
+ }
+ else
+ {
+ log_fatal ("both dirmngr contexts are in use\n");
+ }
+
+ pattern = pattern_from_strlist (names);
+ if (!pattern)
+ {
+ if (ctx == dirmngr_ctx)
+ release_dirmngr (ctrl);
+ else
+ release_dirmngr2 (ctrl);
+
+ return out_of_core ();
+ }
+ snprintf (line, DIM(line)-1, "LOOKUP%s %s",
+ cache_only? " --cache-only":"", pattern);
+ line[DIM(line)-1] = 0;
+ xfree (pattern);
+
+ parm.ctrl = ctrl;
+ parm.ctx = ctx;
+ parm.cb = cb;
+ parm.cb_value = cb_value;
+ parm.error = 0;
+ init_membuf (&parm.data, 4096);
+
+ rc = assuan_transact (ctx, line, lookup_cb, &parm,
+ NULL, NULL, lookup_status_cb, &parm);
+ xfree (get_membuf (&parm.data, &len));
+
+ if (ctx == dirmngr_ctx)
+ release_dirmngr (ctrl);
+ else
+ release_dirmngr2 (ctrl);
+
+ if (rc)
+ return rc;
+ return parm.error;
+}
+
+
+
+static gpg_error_t
+get_cached_cert_data_cb (void *opaque, const void *buffer, size_t length)
+{
+ struct membuf *mb = opaque;
+
+ if (buffer)
+ put_membuf (mb, buffer, length);
+ return 0;
+}
+
+/* Return a certificate from the Directory Manager's cache. This
+ function only returns one certificate which must be specified using
+ the fingerprint FPR and will be stored at R_CERT. On error NULL is
+ stored at R_CERT and an error code returned. Note that the caller
+ must provide the locked dirmngr context CTX. */
+static gpg_error_t
+get_cached_cert (assuan_context_t ctx,
+ const unsigned char *fpr, ksba_cert_t *r_cert)
+{
+ gpg_error_t err;
+ char line[ASSUAN_LINELENGTH];
+ char hexfpr[2*20+1];
+ struct membuf mb;
+ char *buf;
+ size_t buflen;
+ ksba_cert_t cert;
+
+ *r_cert = NULL;
+
+ bin2hex (fpr, 20, hexfpr);
+ snprintf (line, DIM(line)-1, "LOOKUP --single --cache-only 0x%s", hexfpr);
+
+ init_membuf (&mb, 4096);
+ err = assuan_transact (ctx, line, get_cached_cert_data_cb, &mb,
+ NULL, NULL, NULL, NULL);
+ buf = get_membuf (&mb, &buflen);
+ if (err)
+ {
+ xfree (buf);
+ return err;
+ }
+ if (!buf)
+ return gpg_error (GPG_ERR_ENOMEM);
+
+ err = ksba_cert_new (&cert);
+ if (err)
+ {
+ xfree (buf);
+ return err;
+ }
+ err = ksba_cert_init_from_mem (cert, buf, buflen);
+ xfree (buf);
+ if (err)
+ {
+ log_error ("failed to parse a certificate: %s\n", gpg_strerror (err));
+ ksba_cert_release (cert);
+ return err;
+ }
+
+ *r_cert = cert;
+ return 0;
+}
+
+
+
+/* Run Command helpers*/
+
+/* Fairly simple callback to write all output of dirmngr to stdout. */
+static gpg_error_t
+run_command_cb (void *opaque, const void *buffer, size_t length)
+{
+ (void)opaque;
+
+ if (buffer)
+ {
+ if ( fwrite (buffer, length, 1, stdout) != 1 )
+ log_error ("error writing to stdout: %s\n", strerror (errno));
+ }
+ return 0;
+}
+
+/* Handle inquiries from the dirmngr COMMAND. */
+static gpg_error_t
+run_command_inq_cb (void *opaque, const char *line)
+{
+ struct run_command_parm_s *parm = opaque;
+ int rc = 0;
+
+ if ( !strncmp (line, "SENDCERT", 8) && (line[8] == ' ' || !line[8]) )
+ { /* send the given certificate */
+ int err;
+ ksba_cert_t cert;
+ const unsigned char *der;
+ size_t derlen;
+
+ line += 8;
+ if (!*line)
+ return gpg_error (GPG_ERR_ASS_PARAMETER);
+
+ err = gpgsm_find_cert (line, NULL, &cert);
+ if (err)
+ {
+ log_error ("certificate not found: %s\n", gpg_strerror (err));
+ rc = gpg_error (GPG_ERR_NOT_FOUND);
+ }
+ else
+ {
+ der = ksba_cert_get_image (cert, &derlen);
+ if (!der)
+ rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
+ else
+ rc = assuan_send_data (parm->ctx, der, derlen);
+ ksba_cert_release (cert);
+ }
+ }
+ else if ( !strncmp (line, "PRINTINFO", 9) && (line[9] == ' ' || !line[9]) )
+ { /* Simply show the message given in the argument. */
+ line += 9;
+ log_info ("dirmngr: %s\n", line);
+ }
+ else
+ {
+ log_error ("unsupported inquiry `%s'\n", line);
+ rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
+ }
+
+ return rc;
+}
+
+static gpg_error_t
+run_command_status_cb (void *opaque, const char *line)
+{
+ ctrl_t ctrl = opaque;
+
+ if (opt.verbose)
+ {
+ log_info ("dirmngr status: %s\n", line);
+ }
+ if (!strncmp (line, "PROGRESS", 8) && (line[8]==' ' || !line[8]))
+ {
+ if (ctrl)
+ {
+ for (line += 8; *line == ' '; line++)
+ ;
+ if (gpgsm_status (ctrl, STATUS_PROGRESS, line))
+ return gpg_error (GPG_ERR_ASS_CANCELED);
+ }
+ }
+ return 0;
+}
+
+
+
+/* Pass COMMAND to dirmngr and print all output generated by Dirmngr
+ to stdout. A couple of inquiries are defined (see above). ARGC
+ arguments in ARGV are given to the Dirmngr. Spaces, plus and
+ percent characters within the argument strings are percent escaped
+ so that blanks can act as delimiters. */
+int
+gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
+ int argc, char **argv)
+{
+ int rc;
+ int i;
+ const char *s;
+ char *line, *p;
+ size_t len;
+ struct run_command_parm_s parm;
+
+ rc = start_dirmngr (ctrl);
+ if (rc)
+ return rc;
+
+ parm.ctx = dirmngr_ctx;
+
+ len = strlen (command) + 1;
+ for (i=0; i < argc; i++)
+ len += 1 + 3*strlen (argv[i]); /* enough space for percent escaping */
+ line = xtrymalloc (len);
+ if (!line)
+ {
+ release_dirmngr (ctrl);
+ return out_of_core ();
+ }
+
+ p = stpcpy (line, command);
+ for (i=0; i < argc; i++)
+ {
+ *p++ = ' ';
+ for (s=argv[i]; *s; s++)
+ {
+ if (!isascii (*s))
+ *p++ = *s;
+ else if (*s == ' ')
+ *p++ = '+';
+ else if (!isprint (*s) || *s == '+')
+ {
+ sprintf (p, "%%%02X", *(const unsigned char *)s);
+ p += 3;
+ }
+ else
+ *p++ = *s;
+ }
+ }
+ *p = 0;
+
+ rc = assuan_transact (dirmngr_ctx, line,
+ run_command_cb, NULL,
+ run_command_inq_cb, &parm,
+ run_command_status_cb, ctrl);
+ xfree (line);
+ log_info ("response of dirmngr: %s\n", rc? gpg_strerror (rc): "okay");
+ release_dirmngr (ctrl);
+ return rc;
+}
diff --git a/sm/certchain.c b/sm/certchain.c
new file mode 100644
index 0000000..f4ad214
--- /dev/null
+++ b/sm/certchain.c
@@ -0,0 +1,2044 @@
+/* certchain.c - certificate chain validation
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005,
+ * 2006, 2007, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <stdarg.h>
+#include <assert.h>
+
+#define JNLIB_NEED_LOG_LOGV /* We need log_logv. */
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <ksba.h>
+
+#include "keydb.h"
+#include "../kbx/keybox.h" /* for KEYBOX_FLAG_* */
+#include "i18n.h"
+#include "tlv.h"
+
+
+/* Object to keep track of certain root certificates. */
+struct marktrusted_info_s
+{
+ struct marktrusted_info_s *next;
+ unsigned char fpr[20];
+};
+static struct marktrusted_info_s *marktrusted_info;
+
+
+/* While running the validation function we want to keep track of the
+ certificates in the chain. This type is used for that. */
+struct chain_item_s
+{
+ struct chain_item_s *next;
+ ksba_cert_t cert; /* The certificate. */
+ int is_root; /* The certificate is the root certificate. */
+};
+typedef struct chain_item_s *chain_item_t;
+
+
+static int is_root_cert (ksba_cert_t cert,
+ const char *issuerdn, const char *subjectdn);
+static int get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen);
+
+
+/* This function returns true if we already asked during this session
+ whether the root certificate CERT shall be marked as trusted. */
+static int
+already_asked_marktrusted (ksba_cert_t cert)
+{
+ unsigned char fpr[20];
+ struct marktrusted_info_s *r;
+
+ gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, fpr, NULL);
+ /* No context switches in the loop! */
+ for (r=marktrusted_info; r; r= r->next)
+ if (!memcmp (r->fpr, fpr, 20))
+ return 1;
+ return 0;
+}
+
+/* Flag certificate CERT as already asked whether it shall be marked
+ as trusted. */
+static void
+set_already_asked_marktrusted (ksba_cert_t cert)
+{
+ unsigned char fpr[20];
+ struct marktrusted_info_s *r;
+
+ gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, fpr, NULL);
+ for (r=marktrusted_info; r; r= r->next)
+ if (!memcmp (r->fpr, fpr, 20))
+ return; /* Already marked. */
+ r = xtrycalloc (1, sizeof *r);
+ if (!r)
+ return;
+ memcpy (r->fpr, fpr, 20);
+ r->next = marktrusted_info;
+ marktrusted_info = r;
+}
+
+/* If LISTMODE is true, print FORMAT using LISTMODE to FP. If
+ LISTMODE is false, use the string to print an log_info or, if
+ IS_ERROR is true, and log_error. */
+static void
+do_list (int is_error, int listmode, estream_t fp, const char *format, ...)
+{
+ va_list arg_ptr;
+
+ va_start (arg_ptr, format) ;
+ if (listmode)
+ {
+ if (fp)
+ {
+ es_fputs (" [", fp);
+ es_vfprintf (fp, format, arg_ptr);
+ es_fputs ("]\n", fp);
+ }
+ }
+ else
+ {
+ log_logv (is_error? JNLIB_LOG_ERROR: JNLIB_LOG_INFO, format, arg_ptr);
+ log_printf ("\n");
+ }
+ va_end (arg_ptr);
+}
+
+/* Return 0 if A and B are equal. */
+static int
+compare_certs (ksba_cert_t a, ksba_cert_t b)
+{
+ const unsigned char *img_a, *img_b;
+ size_t len_a, len_b;
+
+ img_a = ksba_cert_get_image (a, &len_a);
+ if (!img_a)
+ return 1;
+ img_b = ksba_cert_get_image (b, &len_b);
+ if (!img_b)
+ return 1;
+ return !(len_a == len_b && !memcmp (img_a, img_b, len_a));
+}
+
+
+/* Return true if CERT has the validityModel extensions and defines
+ the use of the chain model. */
+static int
+has_validation_model_chain (ksba_cert_t cert, int listmode, estream_t listfp)
+{
+ gpg_error_t err;
+ int idx, yes;
+ const char *oid;
+ size_t off, derlen, objlen, hdrlen;
+ const unsigned char *der;
+ int class, tag, constructed, ndef;
+ char *oidbuf;
+
+ for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
+ &oid, NULL, &off, &derlen));idx++)
+ if (!strcmp (oid, "1.3.6.1.4.1.8301.3.5") )
+ break;
+ if (err)
+ return 0; /* Not found. */
+ der = ksba_cert_get_image (cert, NULL);
+ if (!der)
+ {
+ err = gpg_error (GPG_ERR_INV_OBJ); /* Oops */
+ goto leave;
+ }
+ der += off;
+
+ err = parse_ber_header (&der, &derlen, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > derlen || tag != TAG_SEQUENCE))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto leave;
+ derlen = objlen;
+ err = parse_ber_header (&der, &derlen, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > derlen || tag != TAG_OBJECT_ID))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ goto leave;
+ oidbuf = ksba_oid_to_str (der, objlen);
+ if (!oidbuf)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+
+ if (opt.verbose)
+ do_list (0, listmode, listfp,
+ _("validation model requested by certificate: %s"),
+ !strcmp (oidbuf, "1.3.6.1.4.1.8301.3.5.1")? _("chain") :
+ !strcmp (oidbuf, "1.3.6.1.4.1.8301.3.5.2")? _("shell") :
+ /* */ oidbuf);
+ yes = !strcmp (oidbuf, "1.3.6.1.4.1.8301.3.5.1");
+ ksba_free (oidbuf);
+ return yes;
+
+
+ leave:
+ log_error ("error parsing validityModel: %s\n", gpg_strerror (err));
+ return 0;
+}
+
+
+
+static int
+unknown_criticals (ksba_cert_t cert, int listmode, estream_t fp)
+{
+ static const char *known[] = {
+ "2.5.29.15", /* keyUsage */
+ "2.5.29.17", /* subjectAltName
+ Japanese DoCoMo certs mark them as critical. PKIX
+ only requires them as critical if subjectName is
+ empty. I don't know whether our code gracefully
+ handles such empry subjectNames but that is
+ another story. */
+ "2.5.29.19", /* basic Constraints */
+ "2.5.29.32", /* certificatePolicies */
+ "2.5.29.37", /* extendedKeyUsage - handled by certlist.c */
+ "1.3.6.1.4.1.8301.3.5", /* validityModel - handled here. */
+ NULL
+ };
+ int rc = 0, i, idx, crit;
+ const char *oid;
+ gpg_error_t err;
+ int unsupported;
+ strlist_t sl;
+
+ for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
+ &oid, &crit, NULL, NULL));idx++)
+ {
+ if (!crit)
+ continue;
+ for (i=0; known[i] && strcmp (known[i],oid); i++)
+ ;
+ unsupported = !known[i];
+
+ /* If this critical extension is not supoported, check the list
+ of to be ignored extensions to se whether we claim that it is
+ supported. */
+ if (unsupported && opt.ignored_cert_extensions)
+ {
+ for (sl=opt.ignored_cert_extensions;
+ sl && strcmp (sl->d, oid); sl = sl->next)
+ ;
+ if (sl)
+ unsupported = 0;
+ }
+ if (unsupported)
+ {
+ do_list (1, listmode, fp,
+ _("critical certificate extension %s is not supported"),
+ oid);
+ rc = gpg_error (GPG_ERR_UNSUPPORTED_CERT);
+ }
+ }
+ /* We ignore the error codes EOF as well as no-value. The later will
+ occur for certificates with no extensions at all. */
+ if (err
+ && gpg_err_code (err) != GPG_ERR_EOF
+ && gpg_err_code (err) != GPG_ERR_NO_VALUE)
+ rc = err;
+
+ return rc;
+}
+
+
+/* Check whether CERT is an allowed certificate. This requires that
+ CERT matches all requirements for such a CA, i.e. the
+ BasicConstraints extension. The function returns 0 on success and
+ the awlloed length of the chain at CHAINLEN. */
+static int
+allowed_ca (ctrl_t ctrl,
+ ksba_cert_t cert, int *chainlen, int listmode, estream_t fp)
+{
+ gpg_error_t err;
+ int flag;
+
+ err = ksba_cert_is_ca (cert, &flag, chainlen);
+ if (err)
+ return err;
+ if (!flag)
+ {
+ if (get_regtp_ca_info (ctrl, cert, chainlen))
+ {
+ /* Note that dirmngr takes a different way to cope with such
+ certs. */
+ return 0; /* RegTP issued certificate. */
+ }
+
+ do_list (1, listmode, fp,_("issuer certificate is not marked as a CA"));
+ return gpg_error (GPG_ERR_BAD_CA_CERT);
+ }
+ return 0;
+}
+
+
+static int
+check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
+{
+ gpg_error_t err;
+ char *policies;
+ FILE *fp;
+ int any_critical;
+
+ err = ksba_cert_get_cert_policies (cert, &policies);
+ if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+ return 0; /* No policy given. */
+ if (err)
+ return err;
+
+ /* STRING is a line delimited list of certificate policies as stored
+ in the certificate. The line itself is colon delimited where the
+ first field is the OID of the policy and the second field either
+ N or C for normal or critical extension */
+
+ if (opt.verbose > 1 && !listmode)
+ log_info ("certificate's policy list: %s\n", policies);
+
+ /* The check is very minimal but won't give false positives */
+ any_critical = !!strstr (policies, ":C");
+
+ if (!opt.policy_file)
+ {
+ xfree (policies);
+ if (any_critical)
+ {
+ do_list (1, listmode, fplist,
+ _("critical marked policy without configured policies"));
+ return gpg_error (GPG_ERR_NO_POLICY_MATCH);
+ }
+ return 0;
+ }
+
+ fp = fopen (opt.policy_file, "r");
+ if (!fp)
+ {
+ if (opt.verbose || errno != ENOENT)
+ log_info (_("failed to open `%s': %s\n"),
+ opt.policy_file, strerror (errno));
+ xfree (policies);
+ /* With no critical policies this is only a warning */
+ if (!any_critical)
+ {
+ if (!opt.quiet)
+ do_list (0, listmode, fplist,
+ _("note: non-critical certificate policy not allowed"));
+ return 0;
+ }
+ do_list (1, listmode, fplist,
+ _("certificate policy not allowed"));
+ return gpg_error (GPG_ERR_NO_POLICY_MATCH);
+ }
+
+ for (;;)
+ {
+ int c;
+ char *p, line[256];
+ char *haystack, *allowed;
+
+ /* read line */
+ do
+ {
+ if (!fgets (line, DIM(line)-1, fp) )
+ {
+ gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
+
+ xfree (policies);
+ if (feof (fp))
+ {
+ fclose (fp);
+ /* With no critical policies this is only a warning */
+ if (!any_critical)
+ {
+ do_list (0, listmode, fplist,
+ _("note: non-critical certificate policy not allowed"));
+ return 0;
+ }
+ do_list (1, listmode, fplist,
+ _("certificate policy not allowed"));
+ return gpg_error (GPG_ERR_NO_POLICY_MATCH);
+ }
+ fclose (fp);
+ return tmperr;
+ }
+
+ if (!*line || line[strlen(line)-1] != '\n')
+ {
+ /* eat until end of line */
+ while ( (c=getc (fp)) != EOF && c != '\n')
+ ;
+ fclose (fp);
+ xfree (policies);
+ return gpg_error (*line? GPG_ERR_LINE_TOO_LONG
+ : GPG_ERR_INCOMPLETE_LINE);
+ }
+
+ /* Allow for empty lines and spaces */
+ for (p=line; spacep (p); p++)
+ ;
+ }
+ while (!*p || *p == '\n' || *p == '#');
+
+ /* parse line */
+ for (allowed=line; spacep (allowed); allowed++)
+ ;
+ p = strpbrk (allowed, " :\n");
+ if (!*p || p == allowed)
+ {
+ fclose (fp);
+ xfree (policies);
+ return gpg_error (GPG_ERR_CONFIGURATION);
+ }
+ *p = 0; /* strip the rest of the line */
+ /* See whether we find ALLOWED (which is an OID) in POLICIES */
+ for (haystack=policies; (p=strstr (haystack, allowed)); haystack = p+1)
+ {
+ if ( !(p == policies || p[-1] == '\n') )
+ continue; /* Does not match the begin of a line. */
+ if (p[strlen (allowed)] != ':')
+ continue; /* The length does not match. */
+ /* Yep - it does match so return okay. */
+ fclose (fp);
+ xfree (policies);
+ return 0;
+ }
+ }
+}
+
+
+/* Helper function for find_up. This resets the key handle and search
+ for an issuer ISSUER with a subjectKeyIdentifier of KEYID. Returns
+ 0 on success or -1 when not found. */
+static int
+find_up_search_by_keyid (KEYDB_HANDLE kh,
+ const char *issuer, ksba_sexp_t keyid)
+{
+ int rc;
+ ksba_cert_t cert = NULL;
+ ksba_sexp_t subj = NULL;
+
+ keydb_search_reset (kh);
+ while (!(rc = keydb_search_subject (kh, issuer)))
+ {
+ ksba_cert_release (cert); cert = NULL;
+ rc = keydb_get_cert (kh, &cert);
+ if (rc)
+ {
+ log_error ("keydb_get_cert() failed: rc=%d\n", rc);
+ rc = -1;
+ break;
+ }
+ xfree (subj);
+ if (!ksba_cert_get_subj_key_id (cert, NULL, &subj))
+ {
+ if (!cmp_simple_canon_sexp (keyid, subj))
+ break; /* Found matching cert. */
+ }
+ }
+
+ ksba_cert_release (cert);
+ xfree (subj);
+ return rc? -1:0;
+}
+
+
+static void
+find_up_store_certs_cb (void *cb_value, ksba_cert_t cert)
+{
+ if (keydb_store_cert (cert, 1, NULL))
+ log_error ("error storing issuer certificate as ephemeral\n");
+ ++*(int*)cb_value;
+}
+
+
+/* Helper for find_up(). Locate the certificate for ISSUER using an
+ external lookup. KH is the keydb context we are currently using.
+ On success 0 is returned and the certificate may be retrieved from
+ the keydb using keydb_get_cert(). KEYID is the keyIdentifier from
+ the AKI or NULL. */
+static int
+find_up_external (ctrl_t ctrl, KEYDB_HANDLE kh,
+ const char *issuer, ksba_sexp_t keyid)
+{
+ int rc;
+ strlist_t names = NULL;
+ int count = 0;
+ char *pattern;
+ const char *s;
+
+ if (opt.verbose)
+ log_info (_("looking up issuer at external location\n"));
+ /* The Dirmngr process is confused about unknown attributes. As a
+ quick and ugly hack we locate the CN and use the issuer string
+ starting at this attribite. Fixme: we should have far better
+ parsing for external lookups in the Dirmngr. */
+ s = strstr (issuer, "CN=");
+ if (!s || s == issuer || s[-1] != ',')
+ s = issuer;
+ pattern = xtrymalloc (strlen (s)+2);
+ if (!pattern)
+ return gpg_error_from_syserror ();
+ strcpy (stpcpy (pattern, "/"), s);
+ add_to_strlist (&names, pattern);
+ xfree (pattern);
+
+ rc = gpgsm_dirmngr_lookup (ctrl, names, 0, find_up_store_certs_cb, &count);
+ free_strlist (names);
+
+ if (opt.verbose)
+ log_info (_("number of issuers matching: %d\n"), count);
+ if (rc)
+ {
+ log_error ("external key lookup failed: %s\n", gpg_strerror (rc));
+ rc = -1;
+ }
+ else if (!count)
+ rc = -1;
+ else
+ {
+ int old;
+ /* The issuers are currently stored in the ephemeral key DB, so
+ we temporary switch to ephemeral mode. */
+ old = keydb_set_ephemeral (kh, 1);
+ if (keyid)
+ rc = find_up_search_by_keyid (kh, issuer, keyid);
+ else
+ {
+ keydb_search_reset (kh);
+ rc = keydb_search_subject (kh, issuer);
+ }
+ keydb_set_ephemeral (kh, old);
+ }
+ return rc;
+}
+
+
+/* Helper for find_up(). Ask the dirmngr for the certificate for
+ ISSUER with optional SERIALNO. KH is the keydb context we are
+ currently using. With SUBJECT_MODE set, ISSUER is searched as the
+ subject. On success 0 is returned and the certificate is available
+ in the ephemeral DB. */
+static int
+find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh,
+ ksba_sexp_t serialno, const char *issuer, int subject_mode)
+{
+ int rc;
+ strlist_t names = NULL;
+ int count = 0;
+ char *pattern;
+
+ (void)kh;
+
+ if (opt.verbose)
+ log_info (_("looking up issuer from the Dirmngr cache\n"));
+ if (subject_mode)
+ {
+ pattern = xtrymalloc (strlen (issuer)+2);
+ if (pattern)
+ strcpy (stpcpy (pattern, "/"), issuer);
+ }
+ else if (serialno)
+ pattern = gpgsm_format_sn_issuer (serialno, issuer);
+ else
+ {
+ pattern = xtrymalloc (strlen (issuer)+3);
+ if (pattern)
+ strcpy (stpcpy (pattern, "#/"), issuer);
+ }
+ if (!pattern)
+ return gpg_error_from_syserror ();
+ add_to_strlist (&names, pattern);
+ xfree (pattern);
+
+ rc = gpgsm_dirmngr_lookup (ctrl, names, 1, find_up_store_certs_cb, &count);
+ free_strlist (names);
+
+ if (opt.verbose)
+ log_info (_("number of matching certificates: %d\n"), count);
+ if (rc && !opt.quiet)
+ log_info (_("dirmngr cache-only key lookup failed: %s\n"),
+ gpg_strerror (rc));
+ return (!rc && count)? 0 : -1;
+}
+
+
+
+/* Locate issuing certificate for CERT. ISSUER is the name of the
+ issuer used as a fallback if the other methods don't work. If
+ FIND_NEXT is true, the function shall return the next possible
+ issuer. The certificate itself is not directly returned but a
+ keydb_get_cert on the keyDb context KH will return it. Returns 0
+ on success, -1 if not found or an error code. */
+static int
+find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
+ ksba_cert_t cert, const char *issuer, int find_next)
+{
+ ksba_name_t authid;
+ ksba_sexp_t authidno;
+ ksba_sexp_t keyid;
+ int rc = -1;
+
+ if (!ksba_cert_get_auth_key_id (cert, &keyid, &authid, &authidno))
+ {
+ const char *s = ksba_name_enum (authid, 0);
+ if (s && *authidno)
+ {
+ rc = keydb_search_issuer_sn (kh, s, authidno);
+ if (rc)
+ keydb_search_reset (kh);
+
+ /* In case of an error, try to get the certificate from the
+ dirmngr. That is done by trying to put that certifcate
+ into the ephemeral DB and let the code below do the
+ actual retrieve. Thus there is no error checking.
+ Skipped in find_next mode as usual. */
+ if (rc == -1 && !find_next)
+ find_up_dirmngr (ctrl, kh, authidno, s, 0);
+
+ /* In case of an error try the ephemeral DB. We can't do
+ that in find_next mode because we can't keep the search
+ state then. */
+ if (rc == -1 && !find_next)
+ {
+ int old = keydb_set_ephemeral (kh, 1);
+ if (!old)
+ {
+ rc = keydb_search_issuer_sn (kh, s, authidno);
+ if (rc)
+ keydb_search_reset (kh);
+ }
+ keydb_set_ephemeral (kh, old);
+ }
+ if (rc)
+ rc = -1; /* Need to make sure to have this error code. */
+ }
+
+ if (rc == -1 && keyid && !find_next)
+ {
+ /* Not found by AIK.issuer_sn. Lets try the AIK.ki
+ instead. Loop over all certificates with that issuer as
+ subject and stop for the one with a matching
+ subjectKeyIdentifier. */
+ /* Fixme: Should we also search in the dirmngr? */
+ rc = find_up_search_by_keyid (kh, issuer, keyid);
+ if (rc)
+ {
+ int old = keydb_set_ephemeral (kh, 1);
+ if (!old)
+ rc = find_up_search_by_keyid (kh, issuer, keyid);
+ keydb_set_ephemeral (kh, old);
+ }
+ if (rc)
+ rc = -1; /* Need to make sure to have this error code. */
+ }
+
+ /* If we still didn't found it, try to find it via the subject
+ from the dirmngr-cache. */
+ if (rc == -1 && !find_next)
+ {
+ if (!find_up_dirmngr (ctrl, kh, NULL, issuer, 1))
+ {
+ int old = keydb_set_ephemeral (kh, 1);
+ if (keyid)
+ rc = find_up_search_by_keyid (kh, issuer, keyid);
+ else
+ {
+ keydb_search_reset (kh);
+ rc = keydb_search_subject (kh, issuer);
+ }
+ keydb_set_ephemeral (kh, old);
+ }
+ if (rc)
+ rc = -1; /* Need to make sure to have this error code. */
+ }
+
+ /* If we still didn't found it, try an external lookup. */
+ if (rc == -1 && opt.auto_issuer_key_retrieve && !find_next)
+ rc = find_up_external (ctrl, kh, issuer, keyid);
+
+ /* Print a note so that the user does not feel too helpless when
+ an issuer certificate was found and gpgsm prints BAD
+ signature because it is not the correct one. */
+ if (rc == -1 && opt.quiet)
+ ;
+ else if (rc == -1)
+ {
+ log_info ("%sissuer certificate ", find_next?"next ":"");
+ if (keyid)
+ {
+ log_printf ("{");
+ gpgsm_dump_serial (keyid);
+ log_printf ("} ");
+ }
+ if (authidno)
+ {
+ log_printf ("(#");
+ gpgsm_dump_serial (authidno);
+ log_printf ("/");
+ gpgsm_dump_string (s);
+ log_printf (") ");
+ }
+ log_printf ("not found using authorityKeyIdentifier\n");
+ }
+ else if (rc)
+ log_error ("failed to find authorityKeyIdentifier: rc=%d\n", rc);
+ xfree (keyid);
+ ksba_name_release (authid);
+ xfree (authidno);
+ }
+
+ if (rc) /* Not found via authorithyKeyIdentifier, try regular issuer name. */
+ rc = keydb_search_subject (kh, issuer);
+ if (rc == -1 && !find_next)
+ {
+ int old;
+
+ /* Also try to get it from the Dirmngr cache. The function
+ merely puts it into the ephemeral database. */
+ find_up_dirmngr (ctrl, kh, NULL, issuer, 0);
+
+ /* Not found, let us see whether we have one in the ephemeral key DB. */
+ old = keydb_set_ephemeral (kh, 1);
+ if (!old)
+ {
+ keydb_search_reset (kh);
+ rc = keydb_search_subject (kh, issuer);
+ }
+ keydb_set_ephemeral (kh, old);
+ }
+
+ /* Still not found. If enabled, try an external lookup. */
+ if (rc == -1 && opt.auto_issuer_key_retrieve && !find_next)
+ rc = find_up_external (ctrl, kh, issuer, NULL);
+
+ return rc;
+}
+
+
+/* Return the next certificate up in the chain starting at START.
+ Returns -1 when there are no more certificates. */
+int
+gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
+{
+ int rc = 0;
+ char *issuer = NULL;
+ char *subject = NULL;
+ KEYDB_HANDLE kh = keydb_new (0);
+
+ *r_next = NULL;
+ if (!kh)
+ {
+ log_error (_("failed to allocated keyDB handle\n"));
+ rc = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+ issuer = ksba_cert_get_issuer (start, 0);
+ subject = ksba_cert_get_subject (start, 0);
+ if (!issuer)
+ {
+ log_error ("no issuer found in certificate\n");
+ rc = gpg_error (GPG_ERR_BAD_CERT);
+ goto leave;
+ }
+ if (!subject)
+ {
+ log_error ("no subject found in certificate\n");
+ rc = gpg_error (GPG_ERR_BAD_CERT);
+ goto leave;
+ }
+
+ if (is_root_cert (start, issuer, subject))
+ {
+ rc = -1; /* we are at the root */
+ goto leave;
+ }
+
+ rc = find_up (ctrl, kh, start, issuer, 0);
+ if (rc)
+ {
+ /* It is quite common not to have a certificate, so better don't
+ print an error here. */
+ if (rc != -1 && opt.verbose > 1)
+ log_error ("failed to find issuer's certificate: rc=%d\n", rc);
+ rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
+ goto leave;
+ }
+
+ rc = keydb_get_cert (kh, r_next);
+ if (rc)
+ {
+ log_error ("keydb_get_cert() failed: rc=%d\n", rc);
+ rc = gpg_error (GPG_ERR_GENERAL);
+ }
+
+ leave:
+ xfree (issuer);
+ xfree (subject);
+ keydb_release (kh);
+ return rc;
+}
+
+
+/* Helper for gpgsm_is_root_cert. This one is used if the subject and
+ issuer DNs are already known. */
+static int
+is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
+{
+ gpg_error_t err;
+ int result = 0;
+ ksba_sexp_t serialno;
+ ksba_sexp_t ak_keyid;
+ ksba_name_t ak_name;
+ ksba_sexp_t ak_sn;
+ const char *ak_name_str;
+ ksba_sexp_t subj_keyid = NULL;
+
+ if (!issuerdn || !subjectdn)
+ return 0; /* No. */
+
+ if (strcmp (issuerdn, subjectdn))
+ return 0; /* No. */
+
+ err = ksba_cert_get_auth_key_id (cert, &ak_keyid, &ak_name, &ak_sn);
+ if (err)
+ {
+ if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+ return 1; /* Yes. Without a authorityKeyIdentifier this needs
+ to be the Root certifcate (our trust anchor). */
+ log_error ("error getting authorityKeyIdentifier: %s\n",
+ gpg_strerror (err));
+ return 0; /* Well, it is broken anyway. Return No. */
+ }
+
+ serialno = ksba_cert_get_serial (cert);
+ if (!serialno)
+ {
+ log_error ("error getting serialno: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+
+ /* Check whether the auth name's matches the issuer name+sn. If
+ that is the case this is a root certificate. */
+ ak_name_str = ksba_name_enum (ak_name, 0);
+ if (ak_name_str
+ && !strcmp (ak_name_str, issuerdn)
+ && !cmp_simple_canon_sexp (ak_sn, serialno))
+ {
+ result = 1; /* Right, CERT is self-signed. */
+ goto leave;
+ }
+
+ /* Similar for the ak_keyid. */
+ if (ak_keyid && !ksba_cert_get_subj_key_id (cert, NULL, &subj_keyid)
+ && !cmp_simple_canon_sexp (ak_keyid, subj_keyid))
+ {
+ result = 1; /* Right, CERT is self-signed. */
+ goto leave;
+ }
+
+
+ leave:
+ ksba_free (subj_keyid);
+ ksba_free (ak_keyid);
+ ksba_name_release (ak_name);
+ ksba_free (ak_sn);
+ ksba_free (serialno);
+ return result;
+}
+
+
+
+/* Check whether the CERT is a root certificate. Returns True if this
+ is the case. */
+int
+gpgsm_is_root_cert (ksba_cert_t cert)
+{
+ char *issuer;
+ char *subject;
+ int yes;
+
+ issuer = ksba_cert_get_issuer (cert, 0);
+ subject = ksba_cert_get_subject (cert, 0);
+ yes = is_root_cert (cert, issuer, subject);
+ xfree (issuer);
+ xfree (subject);
+ return yes;
+}
+
+
+/* This is a helper for gpgsm_validate_chain. */
+static gpg_error_t
+is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
+ ksba_cert_t subject_cert, ksba_cert_t issuer_cert,
+ int *any_revoked, int *any_no_crl, int *any_crl_too_old)
+{
+ gpg_error_t err;
+
+ if (opt.no_crl_check && !ctrl->use_ocsp)
+ {
+ audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK,
+ gpg_error (GPG_ERR_NOT_ENABLED));
+ return 0;
+ }
+
+ err = gpgsm_dirmngr_isvalid (ctrl,
+ subject_cert, issuer_cert,
+ force_ocsp? 2 : !!ctrl->use_ocsp);
+ audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, err);
+
+ if (err)
+ {
+ if (!lm)
+ gpgsm_cert_log_name (NULL, subject_cert);
+ switch (gpg_err_code (err))
+ {
+ case GPG_ERR_CERT_REVOKED:
+ do_list (1, lm, fp, _("certificate has been revoked"));
+ *any_revoked = 1;
+ /* Store that in the keybox so that key listings are able to
+ return the revoked flag. We don't care about error,
+ though. */
+ keydb_set_cert_flags (subject_cert, 1, KEYBOX_FLAG_VALIDITY, 0,
+ ~0, VALIDITY_REVOKED);
+ break;
+
+ case GPG_ERR_NO_CRL_KNOWN:
+ do_list (1, lm, fp, _("no CRL found for certificate"));
+ *any_no_crl = 1;
+ break;
+
+ case GPG_ERR_NO_DATA:
+ do_list (1, lm, fp, _("the status of the certificate is unknown"));
+ *any_no_crl = 1;
+ break;
+
+ case GPG_ERR_CRL_TOO_OLD:
+ do_list (1, lm, fp, _("the available CRL is too old"));
+ if (!lm)
+ log_info (_("please make sure that the "
+ "\"dirmngr\" is properly installed\n"));
+ *any_crl_too_old = 1;
+ break;
+
+ default:
+ do_list (1, lm, fp, _("checking the CRL failed: %s"),
+ gpg_strerror (err));
+ return err;
+ }
+ }
+ return 0;
+}
+
+
+/* Helper for gpgsm_validate_chain to check the validity period of
+ SUBJECT_CERT. The caller needs to pass EXPTIME which will be
+ updated to the nearest expiration time seen. A DEPTH of 0 indicates
+ the target certifciate, -1 the final root certificate and other
+ values intermediate certificates. */
+static gpg_error_t
+check_validity_period (ksba_isotime_t current_time,
+ ksba_cert_t subject_cert,
+ ksba_isotime_t exptime,
+ int listmode, estream_t listfp, int depth)
+{
+ gpg_error_t err;
+ ksba_isotime_t not_before, not_after;
+
+ err = ksba_cert_get_validity (subject_cert, 0, not_before);
+ if (!err)
+ err = ksba_cert_get_validity (subject_cert, 1, not_after);
+ if (err)
+ {
+ do_list (1, listmode, listfp,
+ _("certificate with invalid validity: %s"), gpg_strerror (err));
+ return gpg_error (GPG_ERR_BAD_CERT);
+ }
+
+ if (*not_after)
+ {
+ if (!*exptime)
+ gnupg_copy_time (exptime, not_after);
+ else if (strcmp (not_after, exptime) < 0 )
+ gnupg_copy_time (exptime, not_after);
+ }
+
+ if (*not_before && strcmp (current_time, not_before) < 0 )
+ {
+ do_list (1, listmode, listfp,
+ depth == 0 ? _("certificate not yet valid") :
+ depth == -1 ? _("root certificate not yet valid") :
+ /* other */ _("intermediate certificate not yet valid"));
+ if (!listmode)
+ {
+ log_info (" (valid from ");
+ dump_isotime (not_before);
+ log_printf (")\n");
+ }
+ return gpg_error (GPG_ERR_CERT_TOO_YOUNG);
+ }
+
+ if (*not_after && strcmp (current_time, not_after) > 0 )
+ {
+ do_list (opt.ignore_expiration?0:1, listmode, listfp,
+ depth == 0 ? _("certificate has expired") :
+ depth == -1 ? _("root certificate has expired") :
+ /* other */ _("intermediate certificate has expired"));
+ if (!listmode)
+ {
+ log_info (" (expired at ");
+ dump_isotime (not_after);
+ log_printf (")\n");
+ }
+ if (opt.ignore_expiration)
+ log_info ("WARNING: ignoring expiration\n");
+ else
+ return gpg_error (GPG_ERR_CERT_EXPIRED);
+ }
+
+ return 0;
+}
+
+/* This is a variant of check_validity_period used with the chain
+ model. The dextra contraint here is that notBefore and notAfter
+ must exists and if the additional argument CHECK_TIME is given this
+ time is used to check the validity period of SUBJECT_CERT. */
+static gpg_error_t
+check_validity_period_cm (ksba_isotime_t current_time,
+ ksba_isotime_t check_time,
+ ksba_cert_t subject_cert,
+ ksba_isotime_t exptime,
+ int listmode, estream_t listfp, int depth)
+{
+ gpg_error_t err;
+ ksba_isotime_t not_before, not_after;
+
+ err = ksba_cert_get_validity (subject_cert, 0, not_before);
+ if (!err)
+ err = ksba_cert_get_validity (subject_cert, 1, not_after);
+ if (err)
+ {
+ do_list (1, listmode, listfp,
+ _("certificate with invalid validity: %s"), gpg_strerror (err));
+ return gpg_error (GPG_ERR_BAD_CERT);
+ }
+ if (!*not_before || !*not_after)
+ {
+ do_list (1, listmode, listfp,
+ _("required certificate attributes missing: %s%s%s"),
+ !*not_before? "notBefore":"",
+ (!*not_before && !*not_after)? ", ":"",
+ !*not_before? "notAfter":"");
+ return gpg_error (GPG_ERR_BAD_CERT);
+ }
+ if (strcmp (not_before, not_after) > 0 )
+ {
+ do_list (1, listmode, listfp,
+ _("certificate with invalid validity"));
+ log_info (" (valid from ");
+ dump_isotime (not_before);
+ log_printf (" expired at ");
+ dump_isotime (not_after);
+ log_printf (")\n");
+ return gpg_error (GPG_ERR_BAD_CERT);
+ }
+
+ if (!*exptime)
+ gnupg_copy_time (exptime, not_after);
+ else if (strcmp (not_after, exptime) < 0 )
+ gnupg_copy_time (exptime, not_after);
+
+ if (strcmp (current_time, not_before) < 0 )
+ {
+ do_list (1, listmode, listfp,
+ depth == 0 ? _("certificate not yet valid") :
+ depth == -1 ? _("root certificate not yet valid") :
+ /* other */ _("intermediate certificate not yet valid"));
+ if (!listmode)
+ {
+ log_info (" (valid from ");
+ dump_isotime (not_before);
+ log_printf (")\n");
+ }
+ return gpg_error (GPG_ERR_CERT_TOO_YOUNG);
+ }
+
+ if (*check_time
+ && (strcmp (check_time, not_before) < 0
+ || strcmp (check_time, not_after) > 0))
+ {
+ /* Note that we don't need a case for the root certificate
+ because its own consitency has already been checked. */
+ do_list(opt.ignore_expiration?0:1, listmode, listfp,
+ depth == 0 ?
+ _("signature not created during lifetime of certificate") :
+ depth == 1 ?
+ _("certificate not created during lifetime of issuer") :
+ _("intermediate certificate not created during lifetime "
+ "of issuer"));
+ if (!listmode)
+ {
+ log_info (depth== 0? _(" ( signature created at ") :
+ /* */ _(" (certificate created at ") );
+ dump_isotime (check_time);
+ log_printf (")\n");
+ log_info (depth==0? _(" (certificate valid from ") :
+ /* */ _(" ( issuer valid from ") );
+ dump_isotime (not_before);
+ log_info (" to ");
+ dump_isotime (not_after);
+ log_printf (")\n");
+ }
+ if (opt.ignore_expiration)
+ log_info ("WARNING: ignoring expiration\n");
+ else
+ return gpg_error (GPG_ERR_CERT_EXPIRED);
+ }
+
+ return 0;
+}
+
+
+
+/* Ask the user whether he wants to mark the certificate CERT trusted.
+ Returns true if the CERT is the trusted. We also check whether the
+ agent is at all enabled to allow marktrusted and don't call it in
+ this session again if it is not. */
+static int
+ask_marktrusted (ctrl_t ctrl, ksba_cert_t cert, int listmode)
+{
+ static int no_more_questions;
+ int rc;
+ char *fpr;
+ int success = 0;
+
+ fpr = gpgsm_get_fingerprint_string (cert, GCRY_MD_SHA1);
+ log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
+ xfree (fpr);
+
+ if (no_more_questions)
+ rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
+ else
+ rc = gpgsm_agent_marktrusted (ctrl, cert);
+ if (!rc)
+ {
+ log_info (_("root certificate has now been marked as trusted\n"));
+ success = 1;
+ }
+ else if (!listmode)
+ {
+ gpgsm_dump_cert ("issuer", cert);
+ log_info ("after checking the fingerprint, you may want "
+ "to add it manually to the list of trusted certificates.\n");
+ }
+
+ if (gpg_err_code (rc) == GPG_ERR_NOT_SUPPORTED)
+ {
+ if (!no_more_questions)
+ log_info (_("interactive marking as trusted "
+ "not enabled in gpg-agent\n"));
+ no_more_questions = 1;
+ }
+ else if (gpg_err_code (rc) == GPG_ERR_CANCELED)
+ {
+ log_info (_("interactive marking as trusted "
+ "disabled for this session\n"));
+ no_more_questions = 1;
+ }
+ else
+ set_already_asked_marktrusted (cert);
+
+ return success;
+}
+
+
+
+
+/* Validate a chain and optionally return the nearest expiration time
+ in R_EXPTIME. With LISTMODE set to 1 a special listmode is
+ activated where only information about the certificate is printed
+ to LISTFP and no output is send to the usual log stream. If
+ CHECKTIME_ARG is set, it is used only in the chain model instead of the
+ current time.
+
+ Defined flag bits
+
+ VALIDATE_FLAG_NO_DIRMNGR - Do not do any dirmngr isvalid checks.
+ VALIDATE_FLAG_CHAIN_MODEL - Check according to chain model.
+*/
+static int
+do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
+ ksba_isotime_t r_exptime,
+ int listmode, estream_t listfp, unsigned int flags,
+ struct rootca_flags_s *rootca_flags)
+{
+ int rc = 0, depth, maxdepth;
+ char *issuer = NULL;
+ char *subject = NULL;
+ KEYDB_HANDLE kh = NULL;
+ ksba_cert_t subject_cert = NULL, issuer_cert = NULL;
+ ksba_isotime_t current_time;
+ ksba_isotime_t check_time;
+ ksba_isotime_t exptime;
+ int any_expired = 0;
+ int any_revoked = 0;
+ int any_no_crl = 0;
+ int any_crl_too_old = 0;
+ int any_no_policy_match = 0;
+ int is_qualified = -1; /* Indicates whether the certificate stems
+ from a qualified root certificate.
+ -1 = unknown, 0 = no, 1 = yes. */
+ chain_item_t chain = NULL; /* A list of all certificates in the chain. */
+
+
+ gnupg_get_isotime (current_time);
+
+ if ( (flags & VALIDATE_FLAG_CHAIN_MODEL) )
+ {
+ if (!strcmp (checktime_arg, "19700101T000000"))
+ {
+ do_list (1, listmode, listfp,
+ _("WARNING: creation time of signature not known - "
+ "assuming current time"));
+ gnupg_copy_time (check_time, current_time);
+ }
+ else
+ gnupg_copy_time (check_time, checktime_arg);
+ }
+ else
+ *check_time = 0;
+
+ if (r_exptime)
+ *r_exptime = 0;
+ *exptime = 0;
+
+ if (opt.no_chain_validation && !listmode)
+ {
+ log_info ("WARNING: bypassing certificate chain validation\n");
+ return 0;
+ }
+
+ kh = keydb_new (0);
+ if (!kh)
+ {
+ log_error (_("failed to allocated keyDB handle\n"));
+ rc = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+ if (DBG_X509 && !listmode)
+ gpgsm_dump_cert ("target", cert);
+
+ subject_cert = cert;
+ ksba_cert_ref (subject_cert);
+ maxdepth = 50;
+ depth = 0;
+
+ for (;;)
+ {
+ int is_root;
+ gpg_error_t istrusted_rc = -1;
+
+ /* Put the certificate on our list. */
+ {
+ chain_item_t ci;
+
+ ci = xtrycalloc (1, sizeof *ci);
+ if (!ci)
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
+ ksba_cert_ref (subject_cert);
+ ci->cert = subject_cert;
+ ci->next = chain;
+ chain = ci;
+ }
+
+ xfree (issuer);
+ xfree (subject);
+ issuer = ksba_cert_get_issuer (subject_cert, 0);
+ subject = ksba_cert_get_subject (subject_cert, 0);
+
+ if (!issuer)
+ {
+ do_list (1, listmode, listfp, _("no issuer found in certificate"));
+ rc = gpg_error (GPG_ERR_BAD_CERT);
+ goto leave;
+ }
+
+
+ /* Is this a self-issued certificate (i.e. the root certificate)? */
+ is_root = is_root_cert (subject_cert, issuer, subject);
+ if (is_root)
+ {
+ chain->is_root = 1;
+ /* Check early whether the certificate is listed as trusted.
+ We used to do this only later but changed it to call the
+ check right here so that we can access special flags
+ associated with that specific root certificate. */
+ istrusted_rc = gpgsm_agent_istrusted (ctrl, subject_cert, NULL,
+ rootca_flags);
+ audit_log_cert (ctrl->audit, AUDIT_ROOT_TRUSTED,
+ subject_cert, istrusted_rc);
+ /* If the chain model extended attribute is used, make sure
+ that our chain model flag is set. */
+ if (has_validation_model_chain (subject_cert, listmode, listfp))
+ rootca_flags->chain_model = 1;
+ }
+
+
+ /* Check the validity period. */
+ if ( (flags & VALIDATE_FLAG_CHAIN_MODEL) )
+ rc = check_validity_period_cm (current_time, check_time, subject_cert,
+ exptime, listmode, listfp,
+ (depth && is_root)? -1: depth);
+ else
+ rc = check_validity_period (current_time, subject_cert,
+ exptime, listmode, listfp,
+ (depth && is_root)? -1: depth);
+ if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED)
+ {
+ any_expired = 1;
+ rc = 0;
+ }
+ else if (rc)
+ goto leave;
+
+
+ /* Assert that we understand all critical extensions. */
+ rc = unknown_criticals (subject_cert, listmode, listfp);
+ if (rc)
+ goto leave;
+
+ /* Do a policy check. */
+ if (!opt.no_policy_check)
+ {
+ rc = check_cert_policy (subject_cert, listmode, listfp);
+ if (gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH)
+ {
+ any_no_policy_match = 1;
+ rc = 1;
+ }
+ else if (rc)
+ goto leave;
+ }
+
+
+ /* If this is the root certificate we are at the end of the chain. */
+ if (is_root)
+ {
+ if (!istrusted_rc)
+ ; /* No need to check the certificate for a trusted one. */
+ else if (gpgsm_check_cert_sig (subject_cert, subject_cert) )
+ {
+ /* We only check the signature if the certificate is not
+ trusted for better diagnostics. */
+ do_list (1, listmode, listfp,
+ _("self-signed certificate has a BAD signature"));
+ if (DBG_X509)
+ {
+ gpgsm_dump_cert ("self-signing cert", subject_cert);
+ }
+ rc = gpg_error (depth? GPG_ERR_BAD_CERT_CHAIN
+ : GPG_ERR_BAD_CERT);
+ goto leave;
+ }
+ if (!rootca_flags->relax)
+ {
+ rc = allowed_ca (ctrl, subject_cert, NULL, listmode, listfp);
+ if (rc)
+ goto leave;
+ }
+
+
+ /* Set the flag for qualified signatures. This flag is
+ deduced from a list of root certificates allowed for
+ qualified signatures. */
+ if (is_qualified == -1)
+ {
+ gpg_error_t err;
+ size_t buflen;
+ char buf[1];
+
+ if (!ksba_cert_get_user_data (cert, "is_qualified",
+ &buf, sizeof (buf),
+ &buflen) && buflen)
+ {
+ /* We already checked this for this certificate,
+ thus we simply take it from the user data. */
+ is_qualified = !!*buf;
+ }
+ else
+ {
+ /* Need to consult the list of root certificates for
+ qualified signatures. */
+ err = gpgsm_is_in_qualified_list (ctrl, subject_cert, NULL);
+ if (!err)
+ is_qualified = 1;
+ else if ( gpg_err_code (err) == GPG_ERR_NOT_FOUND)
+ is_qualified = 0;
+ else
+ log_error ("checking the list of qualified "
+ "root certificates failed: %s\n",
+ gpg_strerror (err));
+ if ( is_qualified != -1 )
+ {
+ /* Cache the result but don't care too much
+ about an error. */
+ buf[0] = !!is_qualified;
+ err = ksba_cert_set_user_data (subject_cert,
+ "is_qualified", buf, 1);
+ if (err)
+ log_error ("set_user_data(is_qualified) failed: %s\n",
+ gpg_strerror (err));
+ }
+ }
+ }
+
+
+ /* Act on the check for a trusted root certificates. */
+ rc = istrusted_rc;
+ if (!rc)
+ ;
+ else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
+ {
+ do_list (0, listmode, listfp,
+ _("root certificate is not marked trusted"));
+ /* If we already figured out that the certificate is
+ expired it does not make much sense to ask the user
+ whether we wants to trust the root certificate. We
+ should do this only if the certificate under question
+ will then be usable. */
+ if ( !any_expired
+ && (!listmode || !already_asked_marktrusted (subject_cert))
+ && ask_marktrusted (ctrl, subject_cert, listmode) )
+ rc = 0;
+ }
+ else
+ {
+ log_error (_("checking the trust list failed: %s\n"),
+ gpg_strerror (rc));
+ }
+
+ if (rc)
+ goto leave;
+
+ /* Check for revocations etc. */
+ if ((flags & VALIDATE_FLAG_NO_DIRMNGR))
+ ;
+ else if (opt.no_trusted_cert_crl_check || rootca_flags->relax)
+ ;
+ else
+ rc = is_cert_still_valid (ctrl,
+ (flags & VALIDATE_FLAG_CHAIN_MODEL),
+ listmode, listfp,
+ subject_cert, subject_cert,
+ &any_revoked, &any_no_crl,
+ &any_crl_too_old);
+ if (rc)
+ goto leave;
+
+ break; /* Okay: a self-signed certicate is an end-point. */
+ } /* End is_root. */
+
+
+ /* Take care that the chain does not get too long. */
+ if ((depth+1) > maxdepth)
+ {
+ do_list (1, listmode, listfp, _("certificate chain too long\n"));
+ rc = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
+ goto leave;
+ }
+
+ /* Find the next cert up the tree. */
+ keydb_search_reset (kh);
+ rc = find_up (ctrl, kh, subject_cert, issuer, 0);
+ if (rc)
+ {
+ if (rc == -1)
+ {
+ do_list (0, listmode, listfp, _("issuer certificate not found"));
+ if (!listmode)
+ {
+ log_info ("issuer certificate: #/");
+ gpgsm_dump_string (issuer);
+ log_printf ("\n");
+ }
+ }
+ else
+ log_error ("failed to find issuer's certificate: rc=%d\n", rc);
+ rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
+ goto leave;
+ }
+
+ ksba_cert_release (issuer_cert); issuer_cert = NULL;
+ rc = keydb_get_cert (kh, &issuer_cert);
+ if (rc)
+ {
+ log_error ("keydb_get_cert() failed: rc=%d\n", rc);
+ rc = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+ try_another_cert:
+ if (DBG_X509)
+ {
+ log_debug ("got issuer's certificate:\n");
+ gpgsm_dump_cert ("issuer", issuer_cert);
+ }
+
+ rc = gpgsm_check_cert_sig (issuer_cert, subject_cert);
+ if (rc)
+ {
+ do_list (0, listmode, listfp, _("certificate has a BAD signature"));
+ if (DBG_X509)
+ {
+ gpgsm_dump_cert ("signing issuer", issuer_cert);
+ gpgsm_dump_cert ("signed subject", subject_cert);
+ }
+ if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE)
+ {
+ /* We now try to find other issuer certificates which
+ might have been used. This is required because some
+ CAs are reusing the issuer and subject DN for new
+ root certificates. */
+ /* FIXME: Do this only if we don't have an
+ AKI.keyIdentifier */
+ rc = find_up (ctrl, kh, subject_cert, issuer, 1);
+ if (!rc)
+ {
+ ksba_cert_t tmp_cert;
+
+ rc = keydb_get_cert (kh, &tmp_cert);
+ if (rc || !compare_certs (issuer_cert, tmp_cert))
+ {
+ /* The find next did not work or returned an
+ identical certificate. We better stop here
+ to avoid infinite checks. */
+ rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
+ ksba_cert_release (tmp_cert);
+ }
+ else
+ {
+ do_list (0, listmode, listfp,
+ _("found another possible matching "
+ "CA certificate - trying again"));
+ ksba_cert_release (issuer_cert);
+ issuer_cert = tmp_cert;
+ goto try_another_cert;
+ }
+ }
+ }
+
+ /* We give a more descriptive error code than the one
+ returned from the signature checking. */
+ rc = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
+ goto leave;
+ }
+
+ is_root = gpgsm_is_root_cert (issuer_cert);
+ istrusted_rc = -1;
+
+
+ /* Check that a CA is allowed to issue certificates. */
+ {
+ int chainlen;
+
+ rc = allowed_ca (ctrl, issuer_cert, &chainlen, listmode, listfp);
+ if (rc)
+ {
+ /* Not allowed. Check whether this is a trusted root
+ certificate and whether we allow special exceptions.
+ We could carry the result of the test over to the
+ regular root check at the top of the loop but for
+ clarity we won't do that. Given that the majority of
+ certificates carry proper BasicContraints our way of
+ overriding an error in the way is justified for
+ performance reasons. */
+ if (is_root)
+ {
+ istrusted_rc = gpgsm_agent_istrusted (ctrl, issuer_cert, NULL,
+ rootca_flags);
+ if (!istrusted_rc && rootca_flags->relax)
+ {
+ /* Ignore the error due to the relax flag. */
+ rc = 0;
+ chainlen = -1;
+ }
+ }
+ }
+ if (rc)
+ goto leave;
+ if (chainlen >= 0 && depth > chainlen)
+ {
+ do_list (1, listmode, listfp,
+ _("certificate chain longer than allowed by CA (%d)"),
+ chainlen);
+ rc = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
+ goto leave;
+ }
+ }
+
+ /* Is the certificate allowed to sign other certificates. */
+ if (!listmode)
+ {
+ rc = gpgsm_cert_use_cert_p (issuer_cert);
+ if (rc)
+ {
+ char numbuf[50];
+ sprintf (numbuf, "%d", rc);
+ gpgsm_status2 (ctrl, STATUS_ERROR, "certcert.issuer.keyusage",
+ numbuf, NULL);
+ goto leave;
+ }
+ }
+
+ /* Check for revocations etc. Note that for a root certificate
+ this test is done a second time later. This should eventually
+ be fixed. */
+ if ((flags & VALIDATE_FLAG_NO_DIRMNGR))
+ rc = 0;
+ else if (is_root && (opt.no_trusted_cert_crl_check
+ || (!istrusted_rc && rootca_flags->relax)))
+ rc = 0;
+ else
+ rc = is_cert_still_valid (ctrl,
+ (flags & VALIDATE_FLAG_CHAIN_MODEL),
+ listmode, listfp,
+ subject_cert, issuer_cert,
+ &any_revoked, &any_no_crl, &any_crl_too_old);
+ if (rc)
+ goto leave;
+
+
+ if (opt.verbose && !listmode)
+ log_info (depth == 0 ? _("certificate is good\n") :
+ !is_root ? _("intermediate certificate is good\n") :
+ /* other */ _("root certificate is good\n"));
+
+ /* Under the chain model the next check time is the creation
+ time of the subject certificate. */
+ if ( (flags & VALIDATE_FLAG_CHAIN_MODEL) )
+ {
+ rc = ksba_cert_get_validity (subject_cert, 0, check_time);
+ if (rc)
+ {
+ /* That will never happen as we have already checked
+ this above. */
+ BUG ();
+ }
+ }
+
+ /* For the next round the current issuer becomes the new subject. */
+ keydb_search_reset (kh);
+ ksba_cert_release (subject_cert);
+ subject_cert = issuer_cert;
+ issuer_cert = NULL;
+ depth++;
+ } /* End chain traversal. */
+
+ if (!listmode && !opt.quiet)
+ {
+ if (opt.no_policy_check)
+ log_info ("policies not checked due to %s option\n",
+ "--disable-policy-checks");
+ if (opt.no_crl_check && !ctrl->use_ocsp)
+ log_info ("CRLs not checked due to %s option\n",
+ "--disable-crl-checks");
+ }
+
+ if (!rc)
+ { /* If we encountered an error somewhere during the checks, set
+ the error code to the most critical one */
+ if (any_revoked)
+ rc = gpg_error (GPG_ERR_CERT_REVOKED);
+ else if (any_expired)
+ rc = gpg_error (GPG_ERR_CERT_EXPIRED);
+ else if (any_no_crl)
+ rc = gpg_error (GPG_ERR_NO_CRL_KNOWN);
+ else if (any_crl_too_old)
+ rc = gpg_error (GPG_ERR_CRL_TOO_OLD);
+ else if (any_no_policy_match)
+ rc = gpg_error (GPG_ERR_NO_POLICY_MATCH);
+ }
+
+ leave:
+ /* If we have traversed a complete chain up to the root we will
+ reset the ephemeral flag for all these certificates. This is done
+ regardless of any error because those errors may only be
+ transient. */
+ if (chain && chain->is_root)
+ {
+ gpg_error_t err;
+ chain_item_t ci;
+
+ for (ci = chain; ci; ci = ci->next)
+ {
+ /* Note that it is possible for the last certificate in the
+ chain (i.e. our target certificate) that it has not yet
+ been stored in the keybox and thus the flag can't be set.
+ We ignore this error becuase it will later be stored
+ anyway. */
+ err = keydb_set_cert_flags (ci->cert, 1, KEYBOX_FLAG_BLOB, 0,
+ KEYBOX_FLAG_BLOB_EPHEMERAL, 0);
+ if (!ci->next && gpg_err_code (err) == GPG_ERR_NOT_FOUND)
+ ;
+ else if (err)
+ log_error ("clearing ephemeral flag failed: %s\n",
+ gpg_strerror (err));
+ }
+ }
+
+ /* If we have figured something about the qualified signature
+ capability of the certificate under question, store the result as
+ user data in all certificates of the chain. We do this even if the
+ validation itself failed. */
+ if (is_qualified != -1)
+ {
+ gpg_error_t err;
+ chain_item_t ci;
+ char buf[1];
+
+ buf[0] = !!is_qualified;
+
+ for (ci = chain; ci; ci = ci->next)
+ {
+ err = ksba_cert_set_user_data (ci->cert, "is_qualified", buf, 1);
+ if (err)
+ {
+ log_error ("set_user_data(is_qualified) failed: %s\n",
+ gpg_strerror (err));
+ if (!rc)
+ rc = err;
+ }
+ }
+ }
+
+ /* If auditing has been enabled, record what is in the chain. */
+ if (ctrl->audit)
+ {
+ chain_item_t ci;
+
+ audit_log (ctrl->audit, AUDIT_CHAIN_BEGIN);
+ for (ci = chain; ci; ci = ci->next)
+ {
+ audit_log_cert (ctrl->audit,
+ ci->is_root? AUDIT_CHAIN_ROOTCERT : AUDIT_CHAIN_CERT,
+ ci->cert, 0);
+ }
+ audit_log (ctrl->audit, AUDIT_CHAIN_END);
+ }
+
+ if (r_exptime)
+ gnupg_copy_time (r_exptime, exptime);
+ xfree (issuer);
+ xfree (subject);
+ keydb_release (kh);
+ while (chain)
+ {
+ chain_item_t ci_next = chain->next;
+ ksba_cert_release (chain->cert);
+ xfree (chain);
+ chain = ci_next;
+ }
+ ksba_cert_release (issuer_cert);
+ ksba_cert_release (subject_cert);
+ return rc;
+}
+
+
+/* Validate a certificate chain. For a description see
+ do_validate_chain. This function is a wrapper to handle a root
+ certificate with the chain_model flag set. If RETFLAGS is not
+ NULL, flags indicating now the verification was done are stored
+ there. The only defined flag for RETFLAGS is
+ VALIDATE_FLAG_CHAIN_MODEL.
+
+ If you are verifying a signature you should set CHECKTIME to the
+ creation time of the signature. If your are verifying a
+ certificate, set it nil (i.e. the empty string). If the creation
+ date of the signature is not known use the special date
+ "19700101T000000" which is treated in a special way here. */
+int
+gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime,
+ ksba_isotime_t r_exptime,
+ int listmode, estream_t listfp, unsigned int flags,
+ unsigned int *retflags)
+{
+ int rc;
+ struct rootca_flags_s rootca_flags;
+ unsigned int dummy_retflags;
+
+ if (!retflags)
+ retflags = &dummy_retflags;
+
+ if (ctrl->validation_model == 1)
+ flags |= VALIDATE_FLAG_CHAIN_MODEL;
+
+ *retflags = (flags & VALIDATE_FLAG_CHAIN_MODEL);
+ memset (&rootca_flags, 0, sizeof rootca_flags);
+
+ rc = do_validate_chain (ctrl, cert, checktime,
+ r_exptime, listmode, listfp, flags,
+ &rootca_flags);
+ if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED
+ && !(flags & VALIDATE_FLAG_CHAIN_MODEL)
+ && (rootca_flags.valid && rootca_flags.chain_model))
+ {
+ do_list (0, listmode, listfp, _("switching to chain model"));
+ rc = do_validate_chain (ctrl, cert, checktime,
+ r_exptime, listmode, listfp,
+ (flags |= VALIDATE_FLAG_CHAIN_MODEL),
+ &rootca_flags);
+ *retflags |= VALIDATE_FLAG_CHAIN_MODEL;
+ }
+
+ if (opt.verbose)
+ do_list (0, listmode, listfp, _("validation model used: %s"),
+ (*retflags & VALIDATE_FLAG_CHAIN_MODEL)?
+ _("chain"):_("shell"));
+
+ return rc;
+}
+
+
+/* Check that the given certificate is valid but DO NOT check any
+ constraints. We assume that the issuers certificate is already in
+ the DB and that this one is valid; which it should be because it
+ has been checked using this function. */
+int
+gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
+{
+ int rc = 0;
+ char *issuer = NULL;
+ char *subject = NULL;
+ KEYDB_HANDLE kh;
+ ksba_cert_t issuer_cert = NULL;
+
+ if (opt.no_chain_validation)
+ {
+ log_info ("WARNING: bypassing basic certificate checks\n");
+ return 0;
+ }
+
+ kh = keydb_new (0);
+ if (!kh)
+ {
+ log_error (_("failed to allocated keyDB handle\n"));
+ rc = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+ issuer = ksba_cert_get_issuer (cert, 0);
+ subject = ksba_cert_get_subject (cert, 0);
+ if (!issuer)
+ {
+ log_error ("no issuer found in certificate\n");
+ rc = gpg_error (GPG_ERR_BAD_CERT);
+ goto leave;
+ }
+
+ if (is_root_cert (cert, issuer, subject))
+ {
+ rc = gpgsm_check_cert_sig (cert, cert);
+ if (rc)
+ {
+ log_error ("self-signed certificate has a BAD signature: %s\n",
+ gpg_strerror (rc));
+ if (DBG_X509)
+ {
+ gpgsm_dump_cert ("self-signing cert", cert);
+ }
+ rc = gpg_error (GPG_ERR_BAD_CERT);
+ goto leave;
+ }
+ }
+ else
+ {
+ /* Find the next cert up the tree. */
+ keydb_search_reset (kh);
+ rc = find_up (ctrl, kh, cert, issuer, 0);
+ if (rc)
+ {
+ if (rc == -1)
+ {
+ log_info ("issuer certificate (#/");
+ gpgsm_dump_string (issuer);
+ log_printf (") not found\n");
+ }
+ else
+ log_error ("failed to find issuer's certificate: rc=%d\n", rc);
+ rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
+ goto leave;
+ }
+
+ ksba_cert_release (issuer_cert); issuer_cert = NULL;
+ rc = keydb_get_cert (kh, &issuer_cert);
+ if (rc)
+ {
+ log_error ("keydb_get_cert() failed: rc=%d\n", rc);
+ rc = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+ rc = gpgsm_check_cert_sig (issuer_cert, cert);
+ if (rc)
+ {
+ log_error ("certificate has a BAD signature: %s\n",
+ gpg_strerror (rc));
+ if (DBG_X509)
+ {
+ gpgsm_dump_cert ("signing issuer", issuer_cert);
+ gpgsm_dump_cert ("signed subject", cert);
+ }
+ rc = gpg_error (GPG_ERR_BAD_CERT);
+ goto leave;
+ }
+ if (opt.verbose)
+ log_info (_("certificate is good\n"));
+ }
+
+ leave:
+ xfree (issuer);
+ xfree (subject);
+ keydb_release (kh);
+ ksba_cert_release (issuer_cert);
+ return rc;
+}
+
+
+
+/* Check whether the certificate CERT has been issued by the German
+ authority for qualified signature. They do not set the
+ basicConstraints and thus we need this workaround. It works by
+ looking up the root certificate and checking whether that one is
+ listed as a qualified certificate for Germany.
+
+ We also try to cache this data but as long as don't keep a
+ reference to the certificate this won't be used.
+
+ Returns: True if CERT is a RegTP issued CA cert (i.e. the root
+ certificate itself or one of the CAs). In that case CHAINLEN will
+ receive the length of the chain which is either 0 or 1.
+*/
+static int
+get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen)
+{
+ gpg_error_t err;
+ ksba_cert_t next;
+ int rc = 0;
+ int i, depth;
+ char country[3];
+ ksba_cert_t array[4];
+ char buf[2];
+ size_t buflen;
+ int dummy_chainlen;
+
+ if (!chainlen)
+ chainlen = &dummy_chainlen;
+
+ *chainlen = 0;
+ err = ksba_cert_get_user_data (cert, "regtp_ca_chainlen",
+ &buf, sizeof (buf), &buflen);
+ if (!err)
+ {
+ /* Got info. */
+ if (buflen < 2 || !*buf)
+ return 0; /* Nothing found. */
+ *chainlen = buf[1];
+ return 1; /* This is a regtp CA. */
+ }
+ else if (gpg_err_code (err) != GPG_ERR_NOT_FOUND)
+ {
+ log_error ("ksba_cert_get_user_data(%s) failed: %s\n",
+ "regtp_ca_chainlen", gpg_strerror (err));
+ return 0; /* Nothing found. */
+ }
+
+ /* Need to gather the info. This requires to walk up the chain
+ until we have found the root. Because we are only interested in
+ German Bundesnetzagentur (former RegTP) derived certificates 3
+ levels are enough. (The German signature law demands a 3 tier
+ hierachy; thus there is only one CA between the EE and the Root
+ CA.) */
+ memset (&array, 0, sizeof array);
+
+ depth = 0;
+ ksba_cert_ref (cert);
+ array[depth++] = cert;
+ ksba_cert_ref (cert);
+ while (depth < DIM(array) && !(rc=gpgsm_walk_cert_chain (ctrl, cert, &next)))
+ {
+ ksba_cert_release (cert);
+ ksba_cert_ref (next);
+ array[depth++] = next;
+ cert = next;
+ }
+ ksba_cert_release (cert);
+ if (rc != -1 || !depth || depth == DIM(array) )
+ {
+ /* We did not reached the root. */
+ goto leave;
+ }
+
+ /* If this is a German signature law issued certificate, we store
+ additional additional information. */
+ if (!gpgsm_is_in_qualified_list (NULL, array[depth-1], country)
+ && !strcmp (country, "de"))
+ {
+ /* Setting the pathlen for the root CA and the CA flag for the
+ next one is all what we need to do. */
+ err = ksba_cert_set_user_data (array[depth-1], "regtp_ca_chainlen",
+ "\x01\x01", 2);
+ if (!err && depth > 1)
+ err = ksba_cert_set_user_data (array[depth-2], "regtp_ca_chainlen",
+ "\x01\x00", 2);
+ if (err)
+ log_error ("ksba_set_user_data(%s) failed: %s\n",
+ "regtp_ca_chainlen", gpg_strerror (err));
+ for (i=0; i < depth; i++)
+ ksba_cert_release (array[i]);
+ *chainlen = (depth>1? 0:1);
+ return 1;
+ }
+
+ leave:
+ /* Nothing special with this certificate. Mark the target
+ certificate anyway to avoid duplicate lookups. */
+ err = ksba_cert_set_user_data (cert, "regtp_ca_chainlen", "", 1);
+ if (err)
+ log_error ("ksba_set_user_data(%s) failed: %s\n",
+ "regtp_ca_chainlen", gpg_strerror (err));
+ for (i=0; i < depth; i++)
+ ksba_cert_release (array[i]);
+ return 0;
+}
diff --git a/sm/certcheck.c b/sm/certcheck.c
new file mode 100644
index 0000000..51a809b
--- /dev/null
+++ b/sm/certcheck.c
@@ -0,0 +1,439 @@
+/* certcheck.c - check one certificate
+ * Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <ksba.h>
+
+#include "keydb.h"
+#include "i18n.h"
+
+
+/* Return the number of bits of the Q parameter from the DSA key
+ KEY. */
+static unsigned int
+get_dsa_qbits (gcry_sexp_t key)
+{
+ gcry_sexp_t l1, l2;
+ gcry_mpi_t q;
+ unsigned int nbits;
+
+ l1 = gcry_sexp_find_token (key, "public-key", 0);
+ if (!l1)
+ return 0; /* Does not contain a key object. */
+ l2 = gcry_sexp_cadr (l1);
+ gcry_sexp_release (l1);
+ l1 = gcry_sexp_find_token (l2, "q", 1);
+ gcry_sexp_release (l2);
+ if (!l1)
+ return 0; /* Invalid object. */
+ q = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (l1);
+ if (!q)
+ return 0; /* Missing value. */
+ nbits = gcry_mpi_get_nbits (q);
+ gcry_mpi_release (q);
+
+ return nbits;
+}
+
+
+static int
+do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
+ gcry_sexp_t pkey, gcry_mpi_t *r_val)
+{
+ int n;
+ size_t nframe;
+ unsigned char *frame;
+
+ if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECDSA)
+ {
+ unsigned int qbits;
+
+ if ( pkalgo == GCRY_PK_ECDSA )
+ qbits = gcry_pk_get_nbits (pkey);
+ else
+ qbits = get_dsa_qbits (pkey);
+
+ if ( (qbits%8) )
+ {
+ log_error(_("DSA requires the hash length to be a"
+ " multiple of 8 bits\n"));
+ return gpg_error (GPG_ERR_INTERNAL);
+ }
+
+ /* Don't allow any Q smaller than 160 bits. We don't want
+ someone to issue signatures from a key with a 16-bit Q or
+ something like that, which would look correct but allow
+ trivial forgeries. Yes, I know this rules out using MD5 with
+ DSA. ;) */
+ if (qbits < 160)
+ {
+ log_error (_("%s key uses an unsafe (%u bit) hash\n"),
+ gcry_pk_algo_name (pkalgo), qbits);
+ return gpg_error (GPG_ERR_INTERNAL);
+ }
+
+ /* Check if we're too short. Too long is safe as we'll
+ automatically left-truncate. */
+ nframe = gcry_md_get_algo_dlen (algo);
+ if (nframe < qbits/8)
+ {
+ log_error (_("a %u bit hash is not valid for a %u bit %s key\n"),
+ (unsigned int)nframe*8,
+ gcry_pk_get_nbits (pkey),
+ gcry_pk_algo_name (pkalgo));
+ /* FIXME: we need to check the requirements for ECDSA. */
+ if (nframe < 20 || pkalgo == GCRY_PK_DSA )
+ return gpg_error (GPG_ERR_INTERNAL);
+ }
+
+ frame = xtrymalloc (nframe);
+ if (!frame)
+ return out_of_core ();
+ memcpy (frame, gcry_md_read (md, algo), nframe);
+ n = nframe;
+ /* Truncate. */
+ if (n > qbits/8)
+ n = qbits/8;
+ }
+ else
+ {
+ int i;
+ unsigned char asn[100];
+ size_t asnlen;
+ size_t len;
+
+ nframe = (nbits+7) / 8;
+
+ asnlen = DIM(asn);
+ if (!algo || gcry_md_test_algo (algo))
+ return gpg_error (GPG_ERR_DIGEST_ALGO);
+ if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
+ {
+ log_error ("no object identifier for algo %d\n", algo);
+ return gpg_error (GPG_ERR_INTERNAL);
+ }
+
+ len = gcry_md_get_algo_dlen (algo);
+
+ if ( len + asnlen + 4 > nframe )
+ {
+ log_error ("can't encode a %d bit MD into a %d bits frame\n",
+ (int)(len*8), (int)nbits);
+ return gpg_error (GPG_ERR_INTERNAL);
+ }
+
+ /* We encode the MD in this way:
+ *
+ * 0 A PAD(n bytes) 0 ASN(asnlen bytes) MD(len bytes)
+ *
+ * PAD consists of FF bytes.
+ */
+ frame = xtrymalloc (nframe);
+ if (!frame)
+ return out_of_core ();
+ n = 0;
+ frame[n++] = 0;
+ frame[n++] = 1; /* block type */
+ i = nframe - len - asnlen -3 ;
+ assert ( i > 1 );
+ memset ( frame+n, 0xff, i ); n += i;
+ frame[n++] = 0;
+ memcpy ( frame+n, asn, asnlen ); n += asnlen;
+ memcpy ( frame+n, gcry_md_read(md, algo), len ); n += len;
+ assert ( n == nframe );
+ }
+ if (DBG_CRYPTO)
+ {
+ int j;
+ log_debug ("encoded hash:");
+ for (j=0; j < nframe; j++)
+ log_printf (" %02X", frame[j]);
+ log_printf ("\n");
+ }
+
+ gcry_mpi_scan (r_val, GCRYMPI_FMT_USG, frame, n, &nframe);
+ xfree (frame);
+ return 0;
+}
+
+/* Return the public key algorithm id from the S-expression PKEY.
+ FIXME: libgcrypt should provide such a function. Note that this
+ implementation uses the names as used by libksba. */
+static int
+pk_algo_from_sexp (gcry_sexp_t pkey)
+{
+ gcry_sexp_t l1, l2;
+ const char *name;
+ size_t n;
+ int algo;
+
+ l1 = gcry_sexp_find_token (pkey, "public-key", 0);
+ if (!l1)
+ return 0; /* Not found. */
+ l2 = gcry_sexp_cadr (l1);
+ gcry_sexp_release (l1);
+
+ name = gcry_sexp_nth_data (l2, 0, &n);
+ if (!name)
+ algo = 0; /* Not found. */
+ else if (n==3 && !memcmp (name, "rsa", 3))
+ algo = GCRY_PK_RSA;
+ else if (n==3 && !memcmp (name, "dsa", 3))
+ algo = GCRY_PK_DSA;
+ /* Because this function is called only for verification we can
+ assume that ECC actually means ECDSA. */
+ else if (n==3 && !memcmp (name, "ecc", 3))
+ algo = GCRY_PK_ECDSA;
+ else if (n==13 && !memcmp (name, "ambiguous-rsa", 13))
+ algo = GCRY_PK_RSA;
+ else
+ algo = 0;
+ gcry_sexp_release (l2);
+ return algo;
+}
+
+
+/* Check the signature on CERT using the ISSUER-CERT. This function
+ does only test the cryptographic signature and nothing else. It is
+ assumed that the ISSUER_CERT is valid. */
+int
+gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
+{
+ const char *algoid;
+ gcry_md_hd_t md;
+ int rc, algo;
+ gcry_mpi_t frame;
+ ksba_sexp_t p;
+ size_t n;
+ gcry_sexp_t s_sig, s_hash, s_pkey;
+
+ algo = gcry_md_map_name ( (algoid=ksba_cert_get_digest_algo (cert)));
+ if (!algo)
+ {
+ log_error ("unknown hash algorithm `%s'\n", algoid? algoid:"?");
+ if (algoid
+ && ( !strcmp (algoid, "1.2.840.113549.1.1.2")
+ ||!strcmp (algoid, "1.2.840.113549.2.2")))
+ log_info (_("(this is the MD2 algorithm)\n"));
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+ rc = gcry_md_open (&md, algo, 0);
+ if (rc)
+ {
+ log_error ("md_open failed: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+ if (DBG_HASHING)
+ gcry_md_start_debug (md, "hash.cert");
+
+ rc = ksba_cert_hash (cert, 1, HASH_FNC, md);
+ if (rc)
+ {
+ log_error ("ksba_cert_hash failed: %s\n", gpg_strerror (rc));
+ gcry_md_close (md);
+ return rc;
+ }
+ gcry_md_final (md);
+
+ p = ksba_cert_get_sig_val (cert);
+ n = gcry_sexp_canon_len (p, 0, NULL, NULL);
+ if (!n)
+ {
+ log_error ("libksba did not return a proper S-Exp\n");
+ gcry_md_close (md);
+ ksba_free (p);
+ return gpg_error (GPG_ERR_BUG);
+ }
+ if (DBG_CRYPTO)
+ {
+ int j;
+ log_debug ("signature value:");
+ for (j=0; j < n; j++)
+ log_printf (" %02X", p[j]);
+ log_printf ("\n");
+ }
+
+ rc = gcry_sexp_sscan ( &s_sig, NULL, (char*)p, n);
+ ksba_free (p);
+ if (rc)
+ {
+ log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
+ gcry_md_close (md);
+ return rc;
+ }
+
+ p = ksba_cert_get_public_key (issuer_cert);
+ n = gcry_sexp_canon_len (p, 0, NULL, NULL);
+ if (!n)
+ {
+ log_error ("libksba did not return a proper S-Exp\n");
+ gcry_md_close (md);
+ ksba_free (p);
+ gcry_sexp_release (s_sig);
+ return gpg_error (GPG_ERR_BUG);
+ }
+ rc = gcry_sexp_sscan ( &s_pkey, NULL, (char*)p, n);
+ ksba_free (p);
+ if (rc)
+ {
+ log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
+ gcry_md_close (md);
+ gcry_sexp_release (s_sig);
+ return rc;
+ }
+
+ rc = do_encode_md (md, algo, pk_algo_from_sexp (s_pkey),
+ gcry_pk_get_nbits (s_pkey), s_pkey, &frame);
+ if (rc)
+ {
+ gcry_md_close (md);
+ gcry_sexp_release (s_sig);
+ gcry_sexp_release (s_pkey);
+ return rc;
+ }
+
+ /* put hash into the S-Exp s_hash */
+ if ( gcry_sexp_build (&s_hash, NULL, "%m", frame) )
+ BUG ();
+ gcry_mpi_release (frame);
+
+
+ rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
+ if (DBG_X509)
+ log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc));
+ gcry_md_close (md);
+ gcry_sexp_release (s_sig);
+ gcry_sexp_release (s_hash);
+ gcry_sexp_release (s_pkey);
+ return rc;
+}
+
+
+
+int
+gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
+ gcry_md_hd_t md, int mdalgo, int *r_pkalgo)
+{
+ int rc;
+ ksba_sexp_t p;
+ gcry_mpi_t frame;
+ gcry_sexp_t s_sig, s_hash, s_pkey;
+ size_t n;
+ int pkalgo;
+
+ if (r_pkalgo)
+ *r_pkalgo = 0;
+
+ n = gcry_sexp_canon_len (sigval, 0, NULL, NULL);
+ if (!n)
+ {
+ log_error ("libksba did not return a proper S-Exp\n");
+ return gpg_error (GPG_ERR_BUG);
+ }
+ rc = gcry_sexp_sscan (&s_sig, NULL, (char*)sigval, n);
+ if (rc)
+ {
+ log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+
+ p = ksba_cert_get_public_key (cert);
+ n = gcry_sexp_canon_len (p, 0, NULL, NULL);
+ if (!n)
+ {
+ log_error ("libksba did not return a proper S-Exp\n");
+ ksba_free (p);
+ gcry_sexp_release (s_sig);
+ return gpg_error (GPG_ERR_BUG);
+ }
+ if (DBG_CRYPTO)
+ log_printhex ("public key: ", p, n);
+
+ rc = gcry_sexp_sscan ( &s_pkey, NULL, (char*)p, n);
+ ksba_free (p);
+ if (rc)
+ {
+ log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
+ gcry_sexp_release (s_sig);
+ return rc;
+ }
+
+ pkalgo = pk_algo_from_sexp (s_pkey);
+ if (r_pkalgo)
+ *r_pkalgo = pkalgo;
+ rc = do_encode_md (md, mdalgo, pkalgo,
+ gcry_pk_get_nbits (s_pkey), s_pkey, &frame);
+ if (rc)
+ {
+ gcry_sexp_release (s_sig);
+ gcry_sexp_release (s_pkey);
+ return rc;
+ }
+ /* put hash into the S-Exp s_hash */
+ if ( gcry_sexp_build (&s_hash, NULL, "%m", frame) )
+ BUG ();
+ gcry_mpi_release (frame);
+
+ rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
+ if (DBG_X509)
+ log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc));
+ gcry_sexp_release (s_sig);
+ gcry_sexp_release (s_hash);
+ gcry_sexp_release (s_pkey);
+ return rc;
+}
+
+
+
+int
+gpgsm_create_cms_signature (ctrl_t ctrl, ksba_cert_t cert,
+ gcry_md_hd_t md, int mdalgo,
+ unsigned char **r_sigval)
+{
+ int rc;
+ char *grip, *desc;
+ size_t siglen;
+
+ grip = gpgsm_get_keygrip_hexstring (cert);
+ if (!grip)
+ return gpg_error (GPG_ERR_BAD_CERT);
+
+ desc = gpgsm_format_keydesc (cert);
+
+ rc = gpgsm_agent_pksign (ctrl, grip, desc, gcry_md_read(md, mdalgo),
+ gcry_md_get_algo_dlen (mdalgo), mdalgo,
+ r_sigval, &siglen);
+ xfree (desc);
+ xfree (grip);
+ return rc;
+}
+
+
+
diff --git a/sm/certdump.c b/sm/certdump.c
new file mode 100644
index 0000000..d339070
--- /dev/null
+++ b/sm/certdump.c
@@ -0,0 +1,974 @@
+/* certdump.c - Dump a certificate for debugging
+ * Copyright (C) 2001, 2004, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+#ifdef HAVE_LOCALE_H
+#include <locale.h>
+#endif
+#ifdef HAVE_LANGINFO_CODESET
+#include <langinfo.h>
+#endif
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <ksba.h>
+
+#include "keydb.h"
+#include "i18n.h"
+
+
+struct dn_array_s {
+ char *key;
+ char *value;
+ int multivalued;
+ int done;
+};
+
+
+/* Print the first element of an S-Expression. */
+void
+gpgsm_print_serial (estream_t fp, ksba_const_sexp_t sn)
+{
+ const char *p = (const char *)sn;
+ unsigned long n;
+ char *endp;
+
+ if (!p)
+ es_fputs (_("none"), fp);
+ else if (*p != '(')
+ es_fputs ("[Internal error - not an S-expression]", fp);
+ else
+ {
+ p++;
+ n = strtoul (p, &endp, 10);
+ p = endp;
+ if (*p++ != ':')
+ es_fputs ("[Internal Error - invalid S-expression]", fp);
+ else
+ es_write_hexstring (fp, p, n, 0, NULL);
+ }
+}
+
+
+/* Dump the serial number or any other simple S-expression. */
+void
+gpgsm_dump_serial (ksba_const_sexp_t sn)
+{
+ const char *p = (const char *)sn;
+ unsigned long n;
+ char *endp;
+
+ if (!p)
+ log_printf ("none");
+ else if (*p != '(')
+ log_printf ("ERROR - not an S-expression");
+ else
+ {
+ p++;
+ n = strtoul (p, &endp, 10);
+ p = endp;
+ if (*p!=':')
+ log_printf ("ERROR - invalid S-expression");
+ else
+ {
+ for (p++; n; n--, p++)
+ log_printf ("%02X", *(const unsigned char *)p);
+ }
+ }
+}
+
+
+char *
+gpgsm_format_serial (ksba_const_sexp_t sn)
+{
+ const char *p = (const char *)sn;
+ unsigned long n;
+ char *endp;
+ char *buffer;
+ int i;
+
+ if (!p)
+ return NULL;
+
+ if (*p != '(')
+ BUG (); /* Not a valid S-expression. */
+
+ p++;
+ n = strtoul (p, &endp, 10);
+ p = endp;
+ if (*p!=':')
+ BUG (); /* Not a valid S-expression. */
+ p++;
+
+ buffer = xtrymalloc (n*2+1);
+ if (buffer)
+ {
+ for (i=0; n; n--, p++, i+=2)
+ sprintf (buffer+i, "%02X", *(unsigned char *)p);
+ buffer[i] = 0;
+ }
+ return buffer;
+}
+
+
+
+
+void
+gpgsm_print_time (estream_t fp, ksba_isotime_t t)
+{
+ if (!t || !*t)
+ es_fputs (_("none"), fp);
+ else
+ es_fprintf (fp, "%.4s-%.2s-%.2s %.2s:%.2s:%s",
+ t, t+4, t+6, t+9, t+11, t+13);
+}
+
+
+void
+gpgsm_dump_string (const char *string)
+{
+
+ if (!string)
+ log_printf ("[error]");
+ else
+ {
+ const unsigned char *s;
+
+ for (s=(const unsigned char*)string; *s; s++)
+ {
+ if (*s < ' ' || (*s >= 0x7f && *s <= 0xa0))
+ break;
+ }
+ if (!*s && *string != '[')
+ log_printf ("%s", string);
+ else
+ {
+ log_printf ( "[ ");
+ log_printhex (NULL, string, strlen (string));
+ log_printf ( " ]");
+ }
+ }
+}
+
+
+/* This simple dump function is mainly used for debugging purposes. */
+void
+gpgsm_dump_cert (const char *text, ksba_cert_t cert)
+{
+ ksba_sexp_t sexp;
+ char *p;
+ char *dn;
+ ksba_isotime_t t;
+
+ log_debug ("BEGIN Certificate `%s':\n", text? text:"");
+ if (cert)
+ {
+ sexp = ksba_cert_get_serial (cert);
+ log_debug (" serial: ");
+ gpgsm_dump_serial (sexp);
+ ksba_free (sexp);
+ log_printf ("\n");
+
+ ksba_cert_get_validity (cert, 0, t);
+ log_debug (" notBefore: ");
+ dump_isotime (t);
+ log_printf ("\n");
+ ksba_cert_get_validity (cert, 1, t);
+ log_debug (" notAfter: ");
+ dump_isotime (t);
+ log_printf ("\n");
+
+ dn = ksba_cert_get_issuer (cert, 0);
+ log_debug (" issuer: ");
+ gpgsm_dump_string (dn);
+ ksba_free (dn);
+ log_printf ("\n");
+
+ dn = ksba_cert_get_subject (cert, 0);
+ log_debug (" subject: ");
+ gpgsm_dump_string (dn);
+ ksba_free (dn);
+ log_printf ("\n");
+
+ log_debug (" hash algo: %s\n", ksba_cert_get_digest_algo (cert));
+
+ p = gpgsm_get_fingerprint_string (cert, 0);
+ log_debug (" SHA1 Fingerprint: %s\n", p);
+ xfree (p);
+ }
+ log_debug ("END Certificate\n");
+}
+
+
+/* Return a new string holding the format serial number and issuer
+ ("#SN/issuer"). No filtering on invalid characters is done.
+ Caller must release the string. On memory failure NULL is
+ returned. */
+char *
+gpgsm_format_sn_issuer (ksba_sexp_t sn, const char *issuer)
+{
+ char *p, *p1;
+
+ if (sn && issuer)
+ {
+ p1 = gpgsm_format_serial (sn);
+ if (!p1)
+ p = xtrystrdup ("[invalid SN]");
+ else
+ {
+ p = xtrymalloc (strlen (p1) + strlen (issuer) + 2 + 1);
+ if (p)
+ {
+ *p = '#';
+ strcpy (stpcpy (stpcpy (p+1, p1),"/"), issuer);
+ }
+ xfree (p1);
+ }
+ }
+ else
+ p = xtrystrdup ("[invalid SN/issuer]");
+ return p;
+}
+
+
+/* Log the certificate's name in "#SN/ISSUERDN" format along with
+ TEXT. */
+void
+gpgsm_cert_log_name (const char *text, ksba_cert_t cert)
+{
+ log_info ("%s", text? text:"certificate" );
+ if (cert)
+ {
+ ksba_sexp_t sn;
+ char *p;
+
+ p = ksba_cert_get_issuer (cert, 0);
+ sn = ksba_cert_get_serial (cert);
+ if (p && sn)
+ {
+ log_printf (" #");
+ gpgsm_dump_serial (sn);
+ log_printf ("/");
+ gpgsm_dump_string (p);
+ }
+ else
+ log_printf (" [invalid]");
+ ksba_free (sn);
+ xfree (p);
+ }
+ log_printf ("\n");
+}
+
+
+
+
+
+
+/* helper for the rfc2253 string parser */
+static const unsigned char *
+parse_dn_part (struct dn_array_s *array, const unsigned char *string)
+{
+ static struct {
+ const char *label;
+ const char *oid;
+ } label_map[] = {
+ /* Warning: When adding new labels, make sure that the buffer
+ below we be allocated large enough. */
+ {"EMail", "1.2.840.113549.1.9.1" },
+ {"T", "2.5.4.12" },
+ {"GN", "2.5.4.42" },
+ {"SN", "2.5.4.4" },
+ {"NameDistinguisher", "0.2.262.1.10.7.20"},
+ {"ADDR", "2.5.4.16" },
+ {"BC", "2.5.4.15" },
+ {"D", "2.5.4.13" },
+ {"PostalCode", "2.5.4.17" },
+ {"Pseudo", "2.5.4.65" },
+ {"SerialNumber", "2.5.4.5" },
+ {NULL, NULL}
+ };
+ const unsigned char *s, *s1;
+ size_t n;
+ char *p;
+ int i;
+
+ /* Parse attributeType */
+ for (s = string+1; *s && *s != '='; s++)
+ ;
+ if (!*s)
+ return NULL; /* error */
+ n = s - string;
+ if (!n)
+ return NULL; /* empty key */
+
+ /* We need to allocate a few bytes more due to the possible mapping
+ from the shorter OID to the longer label. */
+ array->key = p = xtrymalloc (n+10);
+ if (!array->key)
+ return NULL;
+ memcpy (p, string, n);
+ p[n] = 0;
+ trim_trailing_spaces (p);
+
+ if (digitp (p))
+ {
+ for (i=0; label_map[i].label; i++ )
+ if ( !strcmp (p, label_map[i].oid) )
+ {
+ strcpy (p, label_map[i].label);
+ break;
+ }
+ }
+ string = s + 1;
+
+ if (*string == '#')
+ { /* hexstring */
+ string++;
+ for (s=string; hexdigitp (s); s++)
+ s++;
+ n = s - string;
+ if (!n || (n & 1))
+ return NULL; /* Empty or odd number of digits. */
+ n /= 2;
+ array->value = p = xtrymalloc (n+1);
+ if (!p)
+ return NULL;
+ for (s1=string; n; s1 += 2, n--, p++)
+ {
+ *(unsigned char *)p = xtoi_2 (s1);
+ if (!*p)
+ *p = 0x01; /* Better print a wrong value than truncating
+ the string. */
+ }
+ *p = 0;
+ }
+ else
+ { /* regular v3 quoted string */
+ for (n=0, s=string; *s; s++)
+ {
+ if (*s == '\\')
+ { /* pair */
+ s++;
+ if (*s == ',' || *s == '=' || *s == '+'
+ || *s == '<' || *s == '>' || *s == '#' || *s == ';'
+ || *s == '\\' || *s == '\"' || *s == ' ')
+ n++;
+ else if (hexdigitp (s) && hexdigitp (s+1))
+ {
+ s++;
+ n++;
+ }
+ else
+ return NULL; /* invalid escape sequence */
+ }
+ else if (*s == '\"')
+ return NULL; /* invalid encoding */
+ else if (*s == ',' || *s == '=' || *s == '+'
+ || *s == '<' || *s == '>' || *s == ';' )
+ break;
+ else
+ n++;
+ }
+
+ array->value = p = xtrymalloc (n+1);
+ if (!p)
+ return NULL;
+ for (s=string; n; s++, n--)
+ {
+ if (*s == '\\')
+ {
+ s++;
+ if (hexdigitp (s))
+ {
+ *(unsigned char *)p++ = xtoi_2 (s);
+ s++;
+ }
+ else
+ *p++ = *s;
+ }
+ else
+ *p++ = *s;
+ }
+ *p = 0;
+ }
+ return s;
+}
+
+
+/* Parse a DN and return an array-ized one. This is not a validating
+ parser and it does not support any old-stylish syntax; KSBA is
+ expected to return only rfc2253 compatible strings. */
+static struct dn_array_s *
+parse_dn (const unsigned char *string)
+{
+ struct dn_array_s *array;
+ size_t arrayidx, arraysize;
+ int i;
+
+ arraysize = 7; /* C,ST,L,O,OU,CN,email */
+ arrayidx = 0;
+ array = xtrymalloc ((arraysize+1) * sizeof *array);
+ if (!array)
+ return NULL;
+ while (*string)
+ {
+ while (*string == ' ')
+ string++;
+ if (!*string)
+ break; /* ready */
+ if (arrayidx >= arraysize)
+ {
+ struct dn_array_s *a2;
+
+ arraysize += 5;
+ a2 = xtryrealloc (array, (arraysize+1) * sizeof *array);
+ if (!a2)
+ goto failure;
+ array = a2;
+ }
+ array[arrayidx].key = NULL;
+ array[arrayidx].value = NULL;
+ string = parse_dn_part (array+arrayidx, string);
+ if (!string)
+ goto failure;
+ while (*string == ' ')
+ string++;
+ array[arrayidx].multivalued = (*string == '+');
+ array[arrayidx].done = 0;
+ arrayidx++;
+ if (*string && *string != ',' && *string != ';' && *string != '+')
+ goto failure; /* invalid delimiter */
+ if (*string)
+ string++;
+ }
+ array[arrayidx].key = NULL;
+ array[arrayidx].value = NULL;
+ return array;
+
+ failure:
+ for (i=0; i < arrayidx; i++)
+ {
+ xfree (array[i].key);
+ xfree (array[i].value);
+ }
+ xfree (array);
+ return NULL;
+}
+
+
+/* Print a DN part to STREAM or if STREAM is NULL to FP. */
+static void
+print_dn_part (FILE *fp, estream_t stream,
+ struct dn_array_s *dn, const char *key, int translate)
+{
+ struct dn_array_s *first_dn = dn;
+
+ for (; dn->key; dn++)
+ {
+ if (!dn->done && !strcmp (dn->key, key))
+ {
+ /* Forward to the last multi-valued RDN, so that we can
+ print them all in reverse in the correct order. Note
+ that this overrides the the standard sequence but that
+ seems to a reasonable thing to do with multi-valued
+ RDNs. */
+ while (dn->multivalued && dn[1].key)
+ dn++;
+ next:
+ if (!dn->done && dn->value && *dn->value)
+ {
+ if (stream)
+ {
+ es_fprintf (stream, "/%s=", dn->key);
+ if (translate)
+ es_write_sanitized_utf8_buffer (stream, dn->value,
+ strlen (dn->value),
+ "/", NULL);
+ else
+ es_write_sanitized (stream, dn->value, strlen (dn->value),
+ "/", NULL);
+ }
+ else
+ {
+ fprintf (fp, "/%s=", dn->key);
+ if (translate)
+ print_sanitized_utf8_string (fp, dn->value, '/');
+ else
+ print_sanitized_string (fp, dn->value, '/');
+ }
+ }
+ dn->done = 1;
+ if (dn > first_dn && dn[-1].multivalued)
+ {
+ dn--;
+ goto next;
+ }
+ }
+ }
+}
+
+/* Print all parts of a DN in a "standard" sequence. We first print
+ all the known parts, followed by the uncommon ones */
+static void
+print_dn_parts (FILE *fp, estream_t stream,
+ struct dn_array_s *dn, int translate)
+{
+ const char *stdpart[] = {
+ "CN", "OU", "O", "STREET", "L", "ST", "C", "EMail", NULL
+ };
+ int i;
+
+ for (i=0; stdpart[i]; i++)
+ print_dn_part (fp, stream, dn, stdpart[i], translate);
+
+ /* Now print the rest without any specific ordering */
+ for (; dn->key; dn++)
+ print_dn_part (fp, stream, dn, dn->key, translate);
+}
+
+
+/* Print the S-Expression in BUF, which has a valid length of BUFLEN,
+ as a human readable string in one line to FP. */
+static void
+pretty_print_sexp (FILE *fp, const unsigned char *buf, size_t buflen)
+{
+ size_t len;
+ gcry_sexp_t sexp;
+ char *result, *p;
+
+ if ( gcry_sexp_sscan (&sexp, NULL, (const char*)buf, buflen) )
+ {
+ fputs (_("[Error - invalid encoding]"), fp);
+ return;
+ }
+ len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0);
+ assert (len);
+ result = xtrymalloc (len);
+ if (!result)
+ {
+ fputs (_("[Error - out of core]"), fp);
+ gcry_sexp_release (sexp);
+ return;
+ }
+ len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, result, len);
+ assert (len);
+ for (p = result; len; len--, p++)
+ {
+ if (*p == '\n')
+ {
+ if (len > 1) /* Avoid printing the trailing LF. */
+ fputs ("\\n", fp);
+ }
+ else if (*p == '\r')
+ fputs ("\\r", fp);
+ else if (*p == '\v')
+ fputs ("\\v", fp);
+ else if (*p == '\t')
+ fputs ("\\t", fp);
+ else
+ putc (*p, fp);
+ }
+ xfree (result);
+ gcry_sexp_release (sexp);
+}
+
+/* Print the S-Expression in BUF to extended STREAM, which has a valid
+ length of BUFLEN, as a human readable string in one line to FP. */
+static void
+pretty_es_print_sexp (estream_t fp, const unsigned char *buf, size_t buflen)
+{
+ size_t len;
+ gcry_sexp_t sexp;
+ char *result, *p;
+
+ if ( gcry_sexp_sscan (&sexp, NULL, (const char*)buf, buflen) )
+ {
+ es_fputs (_("[Error - invalid encoding]"), fp);
+ return;
+ }
+ len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0);
+ assert (len);
+ result = xtrymalloc (len);
+ if (!result)
+ {
+ es_fputs (_("[Error - out of core]"), fp);
+ gcry_sexp_release (sexp);
+ return;
+ }
+ len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, result, len);
+ assert (len);
+ for (p = result; len; len--, p++)
+ {
+ if (*p == '\n')
+ {
+ if (len > 1) /* Avoid printing the trailing LF. */
+ es_fputs ("\\n", fp);
+ }
+ else if (*p == '\r')
+ es_fputs ("\\r", fp);
+ else if (*p == '\v')
+ es_fputs ("\\v", fp);
+ else if (*p == '\t')
+ es_fputs ("\\t", fp);
+ else
+ es_putc (*p, fp);
+ }
+ xfree (result);
+ gcry_sexp_release (sexp);
+}
+
+
+
+
+void
+gpgsm_print_name2 (FILE *fp, const char *name, int translate)
+{
+ const unsigned char *s = (const unsigned char *)name;
+ int i;
+
+ if (!s)
+ {
+ fputs (_("[Error - No name]"), fp);
+ }
+ else if (*s == '<')
+ {
+ const char *s2 = strchr ( (char*)s+1, '>');
+ if (s2)
+ {
+ if (translate)
+ print_sanitized_utf8_buffer (fp, s + 1, s2 - (char*)s - 1, 0);
+ else
+ print_sanitized_buffer (fp, s + 1, s2 - (char*)s - 1, 0);
+ }
+ }
+ else if (*s == '(')
+ {
+ pretty_print_sexp (fp, s, gcry_sexp_canon_len (s, 0, NULL, NULL));
+ }
+ else if (!((*s >= '0' && *s < '9')
+ || (*s >= 'A' && *s <= 'Z')
+ || (*s >= 'a' && *s <= 'z')))
+ fputs (_("[Error - invalid encoding]"), fp);
+ else
+ {
+ struct dn_array_s *dn = parse_dn (s);
+ if (!dn)
+ fputs (_("[Error - invalid DN]"), fp);
+ else
+ {
+ print_dn_parts (fp, NULL, dn, translate);
+ for (i=0; dn[i].key; i++)
+ {
+ xfree (dn[i].key);
+ xfree (dn[i].value);
+ }
+ xfree (dn);
+ }
+ }
+}
+
+
+void
+gpgsm_print_name (FILE *fp, const char *name)
+{
+ gpgsm_print_name2 (fp, name, 1);
+}
+
+
+/* This is a variant of gpgsm_print_name sending it output to an estream. */
+void
+gpgsm_es_print_name2 (estream_t fp, const char *name, int translate)
+{
+ const unsigned char *s = (const unsigned char *)name;
+ int i;
+
+ if (!s)
+ {
+ es_fputs (_("[Error - No name]"), fp);
+ }
+ else if (*s == '<')
+ {
+ const char *s2 = strchr ( (char*)s+1, '>');
+
+ if (s2)
+ {
+ if (translate)
+ es_write_sanitized_utf8_buffer (fp, s + 1, s2 - (char*)s - 1,
+ NULL, NULL);
+ else
+ es_write_sanitized (fp, s + 1, s2 - (char*)s - 1, NULL, NULL);
+ }
+ }
+ else if (*s == '(')
+ {
+ pretty_es_print_sexp (fp, s, gcry_sexp_canon_len (s, 0, NULL, NULL));
+ }
+ else if (!((*s >= '0' && *s < '9')
+ || (*s >= 'A' && *s <= 'Z')
+ || (*s >= 'a' && *s <= 'z')))
+ es_fputs (_("[Error - invalid encoding]"), fp);
+ else
+ {
+ struct dn_array_s *dn = parse_dn (s);
+
+ if (!dn)
+ es_fputs (_("[Error - invalid DN]"), fp);
+ else
+ {
+ print_dn_parts (NULL, fp, dn, translate);
+ for (i=0; dn[i].key; i++)
+ {
+ xfree (dn[i].key);
+ xfree (dn[i].value);
+ }
+ xfree (dn);
+ }
+ }
+}
+
+
+void
+gpgsm_es_print_name (estream_t fp, const char *name)
+{
+ gpgsm_es_print_name2 (fp, name, 1);
+}
+
+
+/* A cookie structure used for the memory stream. */
+struct format_name_cookie
+{
+ char *buffer; /* Malloced buffer with the data to deliver. */
+ size_t size; /* Allocated size of this buffer. */
+ size_t len; /* strlen (buffer). */
+ int error; /* system error code if any. */
+};
+
+/* The writer function for the memory stream. */
+static ssize_t
+format_name_writer (void *cookie, const void *buffer, size_t size)
+{
+ struct format_name_cookie *c = cookie;
+ char *p;
+
+ if (!c->buffer)
+ {
+ p = xtrymalloc (size + 1 + 1);
+ if (p)
+ {
+ c->size = size + 1;
+ c->buffer = p;
+ c->len = 0;
+ }
+ }
+ else if (c->len + size < c->len)
+ {
+ p = NULL;
+ errno = ENOMEM;
+ }
+ else if (c->size < c->len + size)
+ {
+ p = xtryrealloc (c->buffer, c->len + size + 1);
+ if (p)
+ {
+ c->size = c->len + size;
+ c->buffer = p;
+ }
+ }
+ else
+ p = c->buffer;
+ if (!p)
+ {
+ c->error = errno;
+ xfree (c->buffer);
+ c->buffer = NULL;
+ errno = c->error;
+ return -1;
+ }
+ memcpy (p + c->len, buffer, size);
+ c->len += size;
+ p[c->len] = 0; /* Terminate string. */
+
+ return (ssize_t)size;
+}
+
+
+/* Format NAME which is expected to be in rfc2253 format into a better
+ human readable format. Caller must free the returned string. NULL
+ is returned in case of an error. With TRANSLATE set to true the
+ name will be translated to the native encoding. Note that NAME is
+ internally always UTF-8 encoded. */
+char *
+gpgsm_format_name2 (const char *name, int translate)
+{
+ estream_t fp;
+ struct format_name_cookie cookie;
+ es_cookie_io_functions_t io = { NULL };
+
+ memset (&cookie, 0, sizeof cookie);
+
+ io.func_write = format_name_writer;
+ fp = es_fopencookie (&cookie, "w", io);
+ if (!fp)
+ {
+ int save_errno = errno;
+ log_error ("error creating memory stream: %s\n", strerror (errno));
+ errno = save_errno;
+ return NULL;
+ }
+ gpgsm_es_print_name2 (fp, name, translate);
+ es_fclose (fp);
+ if (cookie.error || !cookie.buffer)
+ {
+ xfree (cookie.buffer);
+ errno = cookie.error;
+ return NULL;
+ }
+ return cookie.buffer;
+}
+
+
+char *
+gpgsm_format_name (const char *name)
+{
+ return gpgsm_format_name2 (name, 1);
+}
+
+
+/* Return fingerprint and a percent escaped name in a human readable
+ format suitable for status messages like GOODSIG. May return NULL
+ on error (out of core). */
+char *
+gpgsm_fpr_and_name_for_status (ksba_cert_t cert)
+{
+ char *fpr, *name, *p;
+ char *buffer;
+
+ fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+ if (!fpr)
+ return NULL;
+
+ name = ksba_cert_get_subject (cert, 0);
+ if (!name)
+ {
+ xfree (fpr);
+ return NULL;
+ }
+
+ p = gpgsm_format_name2 (name, 0);
+ ksba_free (name);
+ name = p;
+ if (!name)
+ {
+ xfree (fpr);
+ return NULL;
+ }
+
+ buffer = xtrymalloc (strlen (fpr) + 1 + 3*strlen (name) + 1);
+ if (buffer)
+ {
+ const char *s;
+
+ p = stpcpy (stpcpy (buffer, fpr), " ");
+ for (s = name; *s; s++)
+ {
+ if (*s < ' ')
+ {
+ sprintf (p, "%%%02X", *(const unsigned char*)s);
+ p += 3;
+ }
+ else
+ *p++ = *s;
+ }
+ *p = 0;
+ }
+ xfree (fpr);
+ xfree (name);
+ return buffer;
+}
+
+
+/* Create a key description for the CERT, this may be passed to the
+ pinentry. The caller must free the returned string. NULL may be
+ returned on error. */
+char *
+gpgsm_format_keydesc (ksba_cert_t cert)
+{
+ char *name, *subject, *buffer;
+ ksba_isotime_t t;
+ char created[20];
+ char expires[20];
+ char *sn;
+ ksba_sexp_t sexp;
+ char *orig_codeset;
+
+ name = ksba_cert_get_subject (cert, 0);
+ subject = name? gpgsm_format_name2 (name, 0) : NULL;
+ ksba_free (name); name = NULL;
+
+ sexp = ksba_cert_get_serial (cert);
+ sn = sexp? gpgsm_format_serial (sexp) : NULL;
+ ksba_free (sexp);
+
+ ksba_cert_get_validity (cert, 0, t);
+ if (*t)
+ sprintf (created, "%.4s-%.2s-%.2s", t, t+4, t+6);
+ else
+ *created = 0;
+ ksba_cert_get_validity (cert, 1, t);
+ if (*t)
+ sprintf (expires, "%.4s-%.2s-%.2s", t, t+4, t+6);
+ else
+ *expires = 0;
+
+ orig_codeset = i18n_switchto_utf8 ();
+
+ name = xtryasprintf (_("Please enter the passphrase to unlock the"
+ " secret key for the X.509 certificate:\n"
+ "\"%s\"\n"
+ "S/N %s, ID 0x%08lX,\n"
+ "created %s, expires %s.\n" ),
+ subject? subject:"?",
+ sn? sn: "?",
+ gpgsm_get_short_fingerprint (cert, NULL),
+ created, expires);
+
+ i18n_switchback (orig_codeset);
+
+ if (!name)
+ {
+ xfree (subject);
+ xfree (sn);
+ return NULL;
+ }
+
+ xfree (subject);
+ xfree (sn);
+
+ buffer = percent_plus_escape (name);
+ xfree (name);
+ return buffer;
+}
+
diff --git a/sm/certlist.c b/sm/certlist.c
new file mode 100644
index 0000000..4137437
--- /dev/null
+++ b/sm/certlist.c
@@ -0,0 +1,555 @@
+/* certlist.c - build list of certificates
+ * Copyright (C) 2001, 2003, 2004, 2005, 2007,
+ * 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <ksba.h>
+
+#include "keydb.h"
+#include "i18n.h"
+
+
+static const char oid_kp_serverAuth[] = "1.3.6.1.5.5.7.3.1";
+static const char oid_kp_clientAuth[] = "1.3.6.1.5.5.7.3.2";
+static const char oid_kp_codeSigning[] = "1.3.6.1.5.5.7.3.3";
+static const char oid_kp_emailProtection[]= "1.3.6.1.5.5.7.3.4";
+static const char oid_kp_timeStamping[] = "1.3.6.1.5.5.7.3.8";
+static const char oid_kp_ocspSigning[] = "1.3.6.1.5.5.7.3.9";
+
+/* Return 0 if the cert is usable for encryption. A MODE of 0 checks
+ for signing a MODE of 1 checks for encryption, a MODE of 2 checks
+ for verification and a MODE of 3 for decryption (just for
+ debugging). MODE 4 is for certificate signing, MODE for COSP
+ response signing. */
+static int
+cert_usage_p (ksba_cert_t cert, int mode)
+{
+ gpg_error_t err;
+ unsigned int use;
+ char *extkeyusages;
+ int have_ocsp_signing = 0;
+
+ err = ksba_cert_get_ext_key_usages (cert, &extkeyusages);
+ if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+ err = 0; /* no policy given */
+ if (!err)
+ {
+ unsigned int extusemask = ~0; /* Allow all. */
+
+ if (extkeyusages)
+ {
+ char *p, *pend;
+ int any_critical = 0;
+
+ extusemask = 0;
+
+ p = extkeyusages;
+ while (p && (pend=strchr (p, ':')))
+ {
+ *pend++ = 0;
+ /* Only care about critical flagged usages. */
+ if ( *pend == 'C' )
+ {
+ any_critical = 1;
+ if ( !strcmp (p, oid_kp_serverAuth))
+ extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
+ | KSBA_KEYUSAGE_KEY_ENCIPHERMENT
+ | KSBA_KEYUSAGE_KEY_AGREEMENT);
+ else if ( !strcmp (p, oid_kp_clientAuth))
+ extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
+ | KSBA_KEYUSAGE_KEY_AGREEMENT);
+ else if ( !strcmp (p, oid_kp_codeSigning))
+ extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE);
+ else if ( !strcmp (p, oid_kp_emailProtection))
+ extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
+ | KSBA_KEYUSAGE_NON_REPUDIATION
+ | KSBA_KEYUSAGE_KEY_ENCIPHERMENT
+ | KSBA_KEYUSAGE_KEY_AGREEMENT);
+ else if ( !strcmp (p, oid_kp_timeStamping))
+ extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
+ | KSBA_KEYUSAGE_NON_REPUDIATION);
+ }
+
+ /* This is a hack to cope with OCSP. Note that we do
+ not yet fully comply with the requirements and that
+ the entire CRL/OCSP checking thing should undergo a
+ thorough review and probably redesign. */
+ if ( !strcmp (p, oid_kp_ocspSigning))
+ have_ocsp_signing = 1;
+
+ if ((p = strchr (pend, '\n')))
+ p++;
+ }
+ xfree (extkeyusages);
+ extkeyusages = NULL;
+
+ if (!any_critical)
+ extusemask = ~0; /* Reset to the don't care mask. */
+ }
+
+
+ err = ksba_cert_get_key_usage (cert, &use);
+ if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+ {
+ err = 0;
+ if (opt.verbose && mode < 2)
+ log_info (_("no key usage specified - assuming all usages\n"));
+ use = ~0;
+ }
+
+ /* Apply extKeyUsage. */
+ use &= extusemask;
+
+ }
+ if (err)
+ {
+ log_error (_("error getting key usage information: %s\n"),
+ gpg_strerror (err));
+ xfree (extkeyusages);
+ return err;
+ }
+
+ if (mode == 4)
+ {
+ if ((use & (KSBA_KEYUSAGE_KEY_CERT_SIGN)))
+ return 0;
+ log_info (_("certificate should have not "
+ "been used for certification\n"));
+ return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
+ }
+
+ if (mode == 5)
+ {
+ if (use != ~0
+ && (have_ocsp_signing
+ || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
+ |KSBA_KEYUSAGE_CRL_SIGN))))
+ return 0;
+ log_info (_("certificate should have not "
+ "been used for OCSP response signing\n"));
+ return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
+ }
+
+ if ((use & ((mode&1)?
+ (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT):
+ (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
+ )
+ return 0;
+
+ log_info (mode==3? _("certificate should have not been used for encryption\n"):
+ mode==2? _("certificate should have not been used for signing\n"):
+ mode==1? _("certificate is not usable for encryption\n"):
+ _("certificate is not usable for signing\n"));
+ return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
+}
+
+
+/* Return 0 if the cert is usable for signing */
+int
+gpgsm_cert_use_sign_p (ksba_cert_t cert)
+{
+ return cert_usage_p (cert, 0);
+}
+
+
+/* Return 0 if the cert is usable for encryption */
+int
+gpgsm_cert_use_encrypt_p (ksba_cert_t cert)
+{
+ return cert_usage_p (cert, 1);
+}
+
+int
+gpgsm_cert_use_verify_p (ksba_cert_t cert)
+{
+ return cert_usage_p (cert, 2);
+}
+
+int
+gpgsm_cert_use_decrypt_p (ksba_cert_t cert)
+{
+ return cert_usage_p (cert, 3);
+}
+
+int
+gpgsm_cert_use_cert_p (ksba_cert_t cert)
+{
+ return cert_usage_p (cert, 4);
+}
+
+int
+gpgsm_cert_use_ocsp_p (ksba_cert_t cert)
+{
+ return cert_usage_p (cert, 5);
+}
+
+
+static int
+same_subject_issuer (const char *subject, const char *issuer, ksba_cert_t cert)
+{
+ char *subject2 = ksba_cert_get_subject (cert, 0);
+ char *issuer2 = ksba_cert_get_issuer (cert, 0);
+ int tmp;
+
+ tmp = (subject && subject2
+ && !strcmp (subject, subject2)
+ && issuer && issuer2
+ && !strcmp (issuer, issuer2));
+ xfree (subject2);
+ xfree (issuer2);
+ return tmp;
+}
+
+
+/* Return true if CERT_A is the same as CERT_B. */
+int
+gpgsm_certs_identical_p (ksba_cert_t cert_a, ksba_cert_t cert_b)
+{
+ const unsigned char *img_a, *img_b;
+ size_t len_a, len_b;
+
+ img_a = ksba_cert_get_image (cert_a, &len_a);
+ if (img_a)
+ {
+ img_b = ksba_cert_get_image (cert_b, &len_b);
+ if (img_b && len_a == len_b && !memcmp (img_a, img_b, len_a))
+ return 1; /* Identical. */
+ }
+ return 0;
+}
+
+
+/* Return true if CERT is already contained in CERTLIST. */
+static int
+is_cert_in_certlist (ksba_cert_t cert, certlist_t certlist)
+{
+ const unsigned char *img_a, *img_b;
+ size_t len_a, len_b;
+
+ img_a = ksba_cert_get_image (cert, &len_a);
+ if (img_a)
+ {
+ for ( ; certlist; certlist = certlist->next)
+ {
+ img_b = ksba_cert_get_image (certlist->cert, &len_b);
+ if (img_b && len_a == len_b && !memcmp (img_a, img_b, len_a))
+ return 1; /* Already contained. */
+ }
+ }
+ return 0;
+}
+
+
+/* Add CERT to the list of certificates at CERTADDR but avoid
+ duplicates. */
+int
+gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert,
+ certlist_t *listaddr, int is_encrypt_to)
+{
+ (void)ctrl;
+
+ if (!is_cert_in_certlist (cert, *listaddr))
+ {
+ certlist_t cl = xtrycalloc (1, sizeof *cl);
+ if (!cl)
+ return out_of_core ();
+ cl->cert = cert;
+ ksba_cert_ref (cert);
+ cl->next = *listaddr;
+ cl->is_encrypt_to = is_encrypt_to;
+ *listaddr = cl;
+ }
+ return 0;
+}
+
+/* Add a certificate to a list of certificate and make sure that it is
+ a valid certificate. With SECRET set to true a secret key must be
+ available for the certificate. IS_ENCRYPT_TO sets the corresponding
+ flag in the new create LISTADDR item. */
+int
+gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
+ certlist_t *listaddr, int is_encrypt_to)
+{
+ int rc;
+ KEYDB_SEARCH_DESC desc;
+ KEYDB_HANDLE kh = NULL;
+ ksba_cert_t cert = NULL;
+
+ rc = keydb_classify_name (name, &desc);
+ if (!rc)
+ {
+ kh = keydb_new (0);
+ if (!kh)
+ rc = gpg_error (GPG_ERR_ENOMEM);
+ else
+ {
+ int wrong_usage = 0;
+ char *first_subject = NULL;
+ char *first_issuer = NULL;
+
+ get_next:
+ rc = keydb_search (kh, &desc, 1);
+ if (!rc)
+ rc = keydb_get_cert (kh, &cert);
+ if (!rc)
+ {
+ if (!first_subject)
+ {
+ /* Save the the subject and the issuer for key usage
+ and ambiguous name tests. */
+ first_subject = ksba_cert_get_subject (cert, 0);
+ first_issuer = ksba_cert_get_issuer (cert, 0);
+ }
+ rc = secret? gpgsm_cert_use_sign_p (cert)
+ : gpgsm_cert_use_encrypt_p (cert);
+ if (gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE)
+ {
+ /* There might be another certificate with the
+ correct usage, so we try again */
+ if (!wrong_usage)
+ { /* save the first match */
+ wrong_usage = rc;
+ ksba_cert_release (cert);
+ cert = NULL;
+ goto get_next;
+ }
+ else if (same_subject_issuer (first_subject, first_issuer,
+ cert))
+ {
+ wrong_usage = rc;
+ ksba_cert_release (cert);
+ cert = NULL;
+ goto get_next;
+ }
+ else
+ wrong_usage = rc;
+
+ }
+ }
+ /* We want the error code from the first match in this case. */
+ if (rc && wrong_usage)
+ rc = wrong_usage;
+
+ if (!rc)
+ {
+ certlist_t dup_certs = NULL;
+
+ next_ambigious:
+ rc = keydb_search (kh, &desc, 1);
+ if (rc == -1)
+ rc = 0;
+ else if (!rc)
+ {
+ ksba_cert_t cert2 = NULL;
+
+ /* If this is the first possible duplicate, add the original
+ certificate to our list of duplicates. */
+ if (!dup_certs)
+ gpgsm_add_cert_to_certlist (ctrl, cert, &dup_certs, 0);
+
+ /* We have to ignore ambigious names as long as
+ there only fault is a bad key usage. This is
+ required to support encryption and signing
+ certificates of the same subject.
+
+ Further we ignore them if they are due to an
+ identical certificate (which may happen if a
+ certificate is accidential duplicated in the
+ keybox). */
+ if (!keydb_get_cert (kh, &cert2))
+ {
+ int tmp = (same_subject_issuer (first_subject,
+ first_issuer,
+ cert2)
+ && ((gpg_err_code (
+ secret? gpgsm_cert_use_sign_p (cert2)
+ : gpgsm_cert_use_encrypt_p (cert2)
+ )
+ ) == GPG_ERR_WRONG_KEY_USAGE));
+ if (tmp)
+ gpgsm_add_cert_to_certlist (ctrl, cert2,
+ &dup_certs, 0);
+ else
+ {
+ if (is_cert_in_certlist (cert2, dup_certs))
+ tmp = 1;
+ }
+
+ ksba_cert_release (cert2);
+ if (tmp)
+ goto next_ambigious;
+ }
+ rc = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
+ }
+ gpgsm_release_certlist (dup_certs);
+ }
+ xfree (first_subject);
+ xfree (first_issuer);
+ first_subject = NULL;
+ first_issuer = NULL;
+
+ if (!rc && !is_cert_in_certlist (cert, *listaddr))
+ {
+ if (!rc && secret)
+ {
+ char *p;
+
+ rc = gpg_error (GPG_ERR_NO_SECKEY);
+ p = gpgsm_get_keygrip_hexstring (cert);
+ if (p)
+ {
+ if (!gpgsm_agent_havekey (ctrl, p))
+ rc = 0;
+ xfree (p);
+ }
+ }
+ if (!rc)
+ rc = gpgsm_validate_chain (ctrl, cert, "", NULL,
+ 0, NULL, 0, NULL);
+ if (!rc)
+ {
+ certlist_t cl = xtrycalloc (1, sizeof *cl);
+ if (!cl)
+ rc = out_of_core ();
+ else
+ {
+ cl->cert = cert; cert = NULL;
+ cl->next = *listaddr;
+ cl->is_encrypt_to = is_encrypt_to;
+ *listaddr = cl;
+ }
+ }
+ }
+ }
+ }
+
+ keydb_release (kh);
+ ksba_cert_release (cert);
+ return rc == -1? gpg_error (GPG_ERR_NO_PUBKEY): rc;
+}
+
+
+void
+gpgsm_release_certlist (certlist_t list)
+{
+ while (list)
+ {
+ certlist_t cl = list->next;
+ ksba_cert_release (list->cert);
+ xfree (list);
+ list = cl;
+ }
+}
+
+
+/* Like gpgsm_add_to_certlist, but look only for one certificate. No
+ chain validation is done. If KEYID is not NULL it is taken as an
+ additional filter value which must match the
+ subjectKeyIdentifier. */
+int
+gpgsm_find_cert (const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert)
+{
+ int rc;
+ KEYDB_SEARCH_DESC desc;
+ KEYDB_HANDLE kh = NULL;
+
+ *r_cert = NULL;
+ rc = keydb_classify_name (name, &desc);
+ if (!rc)
+ {
+ kh = keydb_new (0);
+ if (!kh)
+ rc = gpg_error (GPG_ERR_ENOMEM);
+ else
+ {
+ nextone:
+ rc = keydb_search (kh, &desc, 1);
+ if (!rc)
+ {
+ rc = keydb_get_cert (kh, r_cert);
+ if (!rc && keyid)
+ {
+ ksba_sexp_t subj;
+
+ rc = ksba_cert_get_subj_key_id (*r_cert, NULL, &subj);
+ if (!rc)
+ {
+ if (cmp_simple_canon_sexp (keyid, subj))
+ {
+ xfree (subj);
+ goto nextone;
+ }
+ xfree (subj);
+ /* Okay: Here we know that the certificate's
+ subjectKeyIdentifier matches the requested
+ one. */
+ }
+ else if (gpg_err_code (rc) == GPG_ERR_NO_DATA)
+ goto nextone;
+ }
+ }
+
+ /* If we don't have the KEYID filter we need to check for
+ ambigious search results. Note, that it is somehwat
+ reasonable to assume that a specification of a KEYID
+ won't lead to ambiguous names. */
+ if (!rc && !keyid)
+ {
+ next_ambiguous:
+ rc = keydb_search (kh, &desc, 1);
+ if (rc == -1)
+ rc = 0;
+ else
+ {
+ if (!rc)
+ {
+ ksba_cert_t cert2 = NULL;
+
+ if (!keydb_get_cert (kh, &cert2))
+ {
+ if (gpgsm_certs_identical_p (*r_cert, cert2))
+ {
+ ksba_cert_release (cert2);
+ goto next_ambiguous;
+ }
+ ksba_cert_release (cert2);
+ }
+ rc = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
+ }
+ ksba_cert_release (*r_cert);
+ *r_cert = NULL;
+ }
+ }
+ }
+ }
+
+ keydb_release (kh);
+ return rc == -1? gpg_error (GPG_ERR_NO_PUBKEY): rc;
+}
+
diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c
new file mode 100644
index 0000000..3e98b66
--- /dev/null
+++ b/sm/certreqgen-ui.c
@@ -0,0 +1,415 @@
+/* certreqgen-ui.c - Simple user interface for certreqgen.c
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+
+#include "i18n.h"
+#include "ttyio.h"
+#include "membuf.h"
+
+
+/* Prompt for lines and append them to MB. */
+static void
+ask_mb_lines (membuf_t *mb, const char *prefix)
+{
+ char *answer = NULL;
+
+ do
+ {
+ xfree (answer);
+ answer = tty_get ("> ");
+ tty_kill_prompt ();
+ trim_spaces (answer);
+ if (*answer)
+ {
+ put_membuf_str (mb, prefix);
+ put_membuf_str (mb, answer);
+ put_membuf (mb, "\n", 1);
+ }
+ }
+ while (*answer);
+ xfree (answer);
+}
+
+/* Helper to store stuff in a membuf. */
+void
+store_key_value_lf (membuf_t *mb, const char *key, const char *value)
+{
+ put_membuf_str (mb, key);
+ put_membuf_str (mb, value);
+ put_membuf (mb, "\n", 1);
+}
+
+/* Helper tp store a membuf create by mb_ask_lines into MB. Returns
+ -1 on error. */
+int
+store_mb_lines (membuf_t *mb, membuf_t *lines)
+{
+ char *p;
+
+ if (get_membuf_len (lines))
+ {
+ put_membuf (lines, "", 1);
+ p = get_membuf (lines, NULL);
+ if (!p)
+ return -1;
+ put_membuf_str (mb, p);
+ xfree (p);
+ }
+ return 0;
+}
+
+
+/* Chech whether we have a key for the key with HEXGRIP. Returns NULL
+ if not or a string describing the type of the key (RSA, ELG, DSA,
+ etc..). */
+static const char *
+check_keygrip (ctrl_t ctrl, const char *hexgrip)
+{
+ gpg_error_t err;
+ ksba_sexp_t public;
+ size_t publiclen;
+ int algo;
+
+ if (hexgrip[0] == '&')
+ hexgrip++;
+
+ err = gpgsm_agent_readkey (ctrl, 0, hexgrip, &public);
+ if (err)
+ return NULL;
+ publiclen = gcry_sexp_canon_len (public, 0, NULL, NULL);
+
+ get_pk_algo_from_canon_sexp (public, publiclen, &algo);
+ xfree (public);
+
+ switch (algo)
+ {
+ case GCRY_PK_RSA: return "RSA";
+ case GCRY_PK_DSA: return "DSA";
+ case GCRY_PK_ELG: return "ELG";
+ case GCRY_PK_ECDSA: return "ECDSA";
+ default: return NULL;
+ }
+}
+
+
+/* This function is used to create a certificate request from the
+ command line. In the past the similar gpgsm-gencert.sh script has
+ been used for it; however that scripts requires a full Unix shell
+ and thus is not suitable for the Windows port. So here is the
+ re-implementation. */
+void
+gpgsm_gencertreq_tty (ctrl_t ctrl, FILE *output_fp)
+{
+ gpg_error_t err;
+ char *answer;
+ int selection;
+ estream_t fp = NULL;
+ int method;
+ char *keytype_buffer = NULL;
+ const char *keytype;
+ char *keygrip = NULL;
+ unsigned int nbits;
+ int minbits = 1024;
+ int maxbits = 4096;
+ int defbits = 2048;
+ const char *keyusage;
+ char *subject_name;
+ membuf_t mb_email, mb_dns, mb_uri, mb_result;
+ char *result = NULL;
+ int i;
+ const char *s, *s2;
+
+ answer = NULL;
+ init_membuf (&mb_email, 100);
+ init_membuf (&mb_dns, 100);
+ init_membuf (&mb_uri, 100);
+ init_membuf (&mb_result, 512);
+
+ again:
+ /* Get the type of the key. */
+ tty_printf (_("Please select what kind of key you want:\n"));
+ tty_printf (_(" (%d) RSA\n"), 1 );
+ tty_printf (_(" (%d) Existing key\n"), 2 );
+ tty_printf (_(" (%d) Existing key from card\n"), 3 );
+
+ do
+ {
+ xfree (answer);
+ answer = tty_get (_("Your selection? "));
+ tty_kill_prompt ();
+ selection = *answer? atoi (answer): 1;
+ }
+ while (!(selection >= 1 && selection <= 3));
+ method = selection;
+
+ /* Get size of the key. */
+ if (method == 1)
+ {
+ keytype = "RSA";
+ for (;;)
+ {
+ xfree (answer);
+ answer = tty_getf (_("What keysize do you want? (%u) "), defbits);
+ tty_kill_prompt ();
+ trim_spaces (answer);
+ nbits = *answer? atoi (answer): defbits;
+ if (nbits < minbits || nbits > maxbits)
+ tty_printf(_("%s keysizes must be in the range %u-%u\n"),
+ "RSA", minbits, maxbits);
+ else
+ break; /* Okay. */
+ }
+ tty_printf (_("Requested keysize is %u bits\n"), nbits);
+ /* We round it up so that it better matches the word size. */
+ if (( nbits % 64))
+ {
+ nbits = ((nbits + 63) / 64) * 64;
+ tty_printf (_("rounded up to %u bits\n"), nbits);
+ }
+ }
+ else if (method == 2)
+ {
+ for (;;)
+ {
+ xfree (answer);
+ answer = tty_get (_("Enter the keygrip: "));
+ tty_kill_prompt ();
+ trim_spaces (answer);
+
+ if (!*answer)
+ goto again;
+ else if (strlen (answer) != 40 &&
+ !(answer[0] == '&' && strlen (answer+1) == 40))
+ tty_printf (_("Not a valid keygrip (expecting 40 hex digits)\n"));
+ else if (!(keytype = check_keygrip (ctrl, answer)) )
+ tty_printf (_("No key with this keygrip\n"));
+ else
+ break; /* Okay. */
+ }
+ xfree (keygrip);
+ keygrip = answer;
+ answer = NULL;
+ nbits = 1024; /* A dummy value is sufficient. */
+ }
+ else /* method == 3 */
+ {
+ char *serialno;
+ strlist_t keypairlist, sl;
+ int count;
+
+ err = gpgsm_agent_scd_serialno (ctrl, &serialno);
+ if (err)
+ {
+ tty_printf (_("error reading the card: %s\n"), gpg_strerror (err));
+ goto again;
+ }
+ tty_printf (_("Serial number of the card: %s\n"), serialno);
+ xfree (serialno);
+
+ err = gpgsm_agent_scd_keypairinfo (ctrl, &keypairlist);
+ if (err)
+ {
+ tty_printf (_("error reading the card: %s\n"), gpg_strerror (err));
+ goto again;
+ }
+
+ do
+ {
+ tty_printf (_("Available keys:\n"));
+ for (count=1,sl=keypairlist; sl; sl = sl->next, count++)
+ tty_printf (" (%d) %s\n", count, sl->d);
+ xfree (answer);
+ answer = tty_get (_("Your selection? "));
+ tty_kill_prompt ();
+ trim_spaces (answer);
+ selection = atoi (answer);
+ }
+ while (!(selection > 0 && selection < count));
+
+ for (count=1,sl=keypairlist; sl; sl = sl->next, count++)
+ if (count == selection)
+ break;
+
+ s = sl->d;
+ while (*s && !spacep (s))
+ s++;
+ while (spacep (s))
+ s++;
+
+ xfree (keygrip);
+ keygrip = NULL;
+ xfree (keytype_buffer);
+ keytype_buffer = xasprintf ("card:%s", s);
+ free_strlist (keypairlist);
+ keytype = keytype_buffer;
+ nbits = 1024; /* A dummy value is sufficient. */
+ }
+
+ /* Ask for the key usage. */
+ tty_printf (_("Possible actions for a %s key:\n"), "RSA");
+ tty_printf (_(" (%d) sign, encrypt\n"), 1 );
+ tty_printf (_(" (%d) sign\n"), 2 );
+ tty_printf (_(" (%d) encrypt\n"), 3 );
+ do
+ {
+ xfree (answer);
+ answer = tty_get (_("Your selection? "));
+ tty_kill_prompt ();
+ trim_spaces (answer);
+ selection = *answer? atoi (answer): 1;
+ switch (selection)
+ {
+ case 1: keyusage = "sign, encrypt"; break;
+ case 2: keyusage = "sign"; break;
+ case 3: keyusage = "encrypt"; break;
+ default: keyusage = NULL; break;
+ }
+ }
+ while (!keyusage);
+
+ /* Get the subject name. */
+ do
+ {
+ size_t erroff, errlen;
+
+ xfree (answer);
+ answer = tty_get (_("Enter the X.509 subject name: "));
+ tty_kill_prompt ();
+ trim_spaces (answer);
+ if (!*answer)
+ tty_printf (_("No subject name given\n"));
+ else if ( (err = ksba_dn_teststr (answer, 0, &erroff, &errlen)) )
+ {
+ if (gpg_err_code (err) == GPG_ERR_UNKNOWN_NAME)
+ tty_printf (_("Invalid subject name label `%.*s'\n"),
+ (int)errlen, answer+erroff);
+ else
+ {
+ /* TRANSLATORS: The 22 in the second string is the
+ length of the first string up to the "%s". Please
+ adjust it do the length of your translation. The
+ second string is merely passed to atoi so you can
+ drop everything after the number. */
+ tty_printf (_("Invalid subject name `%s'\n"), answer);
+ tty_printf ("%*s^\n",
+ atoi (_("22 translator: see "
+ "certreg-ui.c:gpgsm_gencertreq_tty"))
+ + (int)erroff, "");
+ }
+ *answer = 0;
+ }
+ }
+ while (!*answer);
+ subject_name = answer;
+ answer = NULL;
+
+ /* Get the email addresses. */
+ tty_printf (_("Enter email addresses"));
+ tty_printf (_(" (end with an empty line):\n"));
+ ask_mb_lines (&mb_email, "Name-Email: ");
+
+ /* DNS names. */
+ tty_printf (_("Enter DNS names"));
+ tty_printf (_(" (optional; end with an empty line):\n"));
+ ask_mb_lines (&mb_email, "Name-DNS: ");
+
+ /* URIs. */
+ tty_printf (_("Enter URIs"));
+ tty_printf (_(" (optional; end with an empty line):\n"));
+ ask_mb_lines (&mb_email, "Name-URI: ");
+
+
+ /* Put it all together. */
+ store_key_value_lf (&mb_result, "Key-Type: ", keytype);
+ {
+ char numbuf[30];
+ snprintf (numbuf, sizeof numbuf, "%u", nbits);
+ store_key_value_lf (&mb_result, "Key-Length: ", numbuf);
+ }
+ store_key_value_lf (&mb_result, "Key-Usage: ", keyusage);
+ store_key_value_lf (&mb_result, "Name-DN: ", subject_name);
+ if (keygrip)
+ store_key_value_lf (&mb_result, "Key-Grip: ", keygrip);
+ if (store_mb_lines (&mb_result, &mb_email))
+ goto mem_error;
+ if (store_mb_lines (&mb_result, &mb_dns))
+ goto mem_error;
+ if (store_mb_lines (&mb_result, &mb_uri))
+ goto mem_error;
+ put_membuf (&mb_result, "", 1);
+ result = get_membuf (&mb_result, NULL);
+ if (!result)
+ goto mem_error;
+
+ tty_printf (_("Parameters to be used for the certificate request:\n"));
+ for (s=result; (s2 = strchr (s, '\n')); s = s2+1, i++)
+ tty_printf (" %.*s\n", (int)(s2-s), s);
+ tty_printf ("\n");
+
+
+ if (!tty_get_answer_is_yes ("Really create request? (y/N) "))
+ goto leave;
+
+ /* Now create a parameter file and generate the key. */
+ fp = es_fopenmem (0, "w+");
+ if (!fp)
+ {
+ log_error (_("error creating temporary file: %s\n"), strerror (errno));
+ goto leave;
+ }
+ es_fputs (result, fp);
+ es_rewind (fp);
+ tty_printf (_("Now creating certificate request. "
+ "This may take a while ...\n"));
+ {
+ int save_pem = ctrl->create_pem;
+ ctrl->create_pem = 1; /* Force creation of PEM. */
+ err = gpgsm_genkey (ctrl, fp, output_fp);
+ ctrl->create_pem = save_pem;
+ }
+ if (!err)
+ tty_printf (_("Ready. You should now send this request to your CA.\n"));
+
+
+ goto leave;
+ mem_error:
+ log_error (_("resource problem: out of core\n"));
+ leave:
+ es_fclose (fp);
+ xfree (answer);
+ xfree (subject_name);
+ xfree (keytype_buffer);
+ xfree (keygrip);
+ xfree (get_membuf (&mb_email, NULL));
+ xfree (get_membuf (&mb_dns, NULL));
+ xfree (get_membuf (&mb_uri, NULL));
+ xfree (get_membuf (&mb_result, NULL));
+ xfree (result);
+}
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
new file mode 100644
index 0000000..49b2b92
--- /dev/null
+++ b/sm/certreqgen.c
@@ -0,0 +1,884 @@
+/* certreqgen.c - Generate a key and a certification request
+ * Copyright (C) 2002, 2003, 2005, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+The format of the native parameter file is follows:
+ o Text only, line length is limited to about 1000 chars.
+ o You must use UTF-8 encoding to specify non-ascii characters.
+ o Empty lines are ignored.
+ o Leading and trailing spaces are ignored.
+ o A hash sign as the first non white space character is a comment line.
+ o Control statements are indicated by a leading percent sign, the
+ arguments are separated by white space from the keyword.
+ o Parameters are specified by a keyword, followed by a colon. Arguments
+ are separated by white space.
+ o The first parameter must be "Key-Type", control statements
+ may be placed anywhere.
+ o Key generation takes place when either the end of the parameter file
+ is reached, the next "Key-Type" parameter is encountered or at the
+ controlstatement "%commit"
+ o Control statements:
+ %echo <text>
+ Print <text>.
+ %dry-run
+ Suppress actual key generation (useful for syntax checking).
+ %commit
+ Perform the key generation. Note that an implicit commit is done
+ at the next "Key-Type" parameter.
+ %certfile <filename>
+ Do not write the certificate to the keyDB but to <filename>.
+ This must be given before the first
+ commit to take place, duplicate specification of the same filename
+ is ignored, the last filename before a commit is used.
+ The filename is used until a new filename is used (at commit points)
+ and all keys are written to that file. If a new filename is given,
+ this file is created (and overwrites an existing one).
+ Both control statements must be given.
+ o The order of the parameters does not matter except for "Key-Type"
+ which must be the first parameter. The parameters are only for the
+ generated keyblock and parameters from previous key generations are not
+ used. Some syntactically checks may be performed.
+ The currently defined parameters are:
+ Key-Type: <algo>
+ Starts a new parameter block by giving the type of the
+ primary key. The algorithm must be capable of signing.
+ This is a required parameter. For now the only supported
+ algorithm is "rsa".
+ Key-Length: <length-in-bits>
+ Length of the key in bits. Default is 2048.
+ Key-Grip: hexstring
+ This is optional and used to generate a request for an already
+ existing key. Key-Length will be ignored when given,
+ Key-Usage: <usage-list>
+ Space or comma delimited list of key usage, allowed values are
+ "encrypt" and "sign". This is used to generate the KeyUsage extension.
+ Please make sure that the algorithm is capable of this usage. Default
+ is to allow encrypt and sign.
+ Name-DN: subject name
+ This is the DN name of the subject in rfc2253 format.
+ Name-Email: <string>
+ The is an email address for the altSubjectName
+ Name-DNS: <string>
+ The is an DNS name for the altSubjectName
+ Name-URI: <string>
+ The is an URI for the altSubjectName
+
+Here is an example:
+$ cat >foo <<EOF
+%echo Generating a standard key
+Key-Type: RSA
+Key-Length: 2048
+Name-DN: CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=Düsseldorf,C=DE
+Name-Email: joe@foo.bar
+# Do a commit here, so that we can later print "done" :-)
+%commit
+%echo done
+EOF
+*/
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <ksba.h>
+
+#include "keydb.h"
+#include "i18n.h"
+
+
+enum para_name {
+ pKEYTYPE,
+ pKEYLENGTH,
+ pKEYGRIP,
+ pKEYUSAGE,
+ pNAMEDN,
+ pNAMEEMAIL,
+ pNAMEDNS,
+ pNAMEURI
+};
+
+struct para_data_s {
+ struct para_data_s *next;
+ int lnr;
+ enum para_name key;
+ union {
+ unsigned int usage;
+ char value[1];
+ } u;
+};
+
+struct reqgen_ctrl_s {
+ int lnr;
+ int dryrun;
+ ksba_writer_t writer;
+};
+
+
+static const char oidstr_keyUsage[] = "2.5.29.15";
+
+
+static int proc_parameters (ctrl_t ctrl,
+ struct para_data_s *para,
+ struct reqgen_ctrl_s *outctrl);
+static int create_request (ctrl_t ctrl,
+ struct para_data_s *para,
+ const char *carddirect,
+ ksba_const_sexp_t public,
+ struct reqgen_ctrl_s *outctrl);
+
+
+
+static void
+release_parameter_list (struct para_data_s *r)
+{
+ struct para_data_s *r2;
+
+ for (; r ; r = r2)
+ {
+ r2 = r->next;
+ xfree(r);
+ }
+}
+
+static struct para_data_s *
+get_parameter (struct para_data_s *para, enum para_name key, int seq)
+{
+ struct para_data_s *r;
+
+ for (r = para; r ; r = r->next)
+ if ( r->key == key && !seq--)
+ return r;
+ return NULL;
+}
+
+static const char *
+get_parameter_value (struct para_data_s *para, enum para_name key, int seq)
+{
+ struct para_data_s *r = get_parameter (para, key, seq);
+ return (r && *r->u.value)? r->u.value : NULL;
+}
+
+static int
+get_parameter_algo (struct para_data_s *para, enum para_name key)
+{
+ struct para_data_s *r = get_parameter (para, key, 0);
+ if (!r)
+ return -1;
+ if (digitp (r->u.value))
+ return atoi( r->u.value );
+ return gcry_pk_map_name (r->u.value);
+}
+
+/* Parse the usage parameter. Returns 0 on success. Note that we
+ only care about sign and encrypt and don't (yet) allow all the
+ other X.509 usage to be specified; instead we will use a fixed
+ mapping to the X.509 usage flags. */
+static int
+parse_parameter_usage (struct para_data_s *para, enum para_name key)
+{
+ struct para_data_s *r = get_parameter (para, key, 0);
+ char *p, *pn;
+ unsigned int use;
+
+ if (!r)
+ return 0; /* none (this is an optional parameter)*/
+
+ use = 0;
+ pn = r->u.value;
+ while ( (p = strsep (&pn, " \t,")) )
+ {
+ if (!*p)
+ ;
+ else if ( !ascii_strcasecmp (p, "sign") )
+ use |= GCRY_PK_USAGE_SIGN;
+ else if ( !ascii_strcasecmp (p, "encrypt") )
+ use |= GCRY_PK_USAGE_ENCR;
+ else
+ {
+ log_error ("line %d: invalid usage list\n", r->lnr);
+ return -1; /* error */
+ }
+ }
+ r->u.usage = use;
+ return 0;
+}
+
+
+static unsigned int
+get_parameter_uint (struct para_data_s *para, enum para_name key)
+{
+ struct para_data_s *r = get_parameter (para, key, 0);
+
+ if (!r)
+ return 0;
+
+ if (r->key == pKEYUSAGE)
+ return r->u.usage;
+
+ return (unsigned int)strtoul (r->u.value, NULL, 10);
+}
+
+
+
+/* Read the certificate generation parameters from FP and generate
+ (all) certificate requests. */
+static int
+read_parameters (ctrl_t ctrl, estream_t fp, ksba_writer_t writer)
+{
+ static struct {
+ const char *name;
+ enum para_name key;
+ int allow_dups;
+ } keywords[] = {
+ { "Key-Type", pKEYTYPE},
+ { "Key-Length", pKEYLENGTH },
+ { "Key-Grip", pKEYGRIP },
+ { "Key-Usage", pKEYUSAGE },
+ { "Name-DN", pNAMEDN },
+ { "Name-Email", pNAMEEMAIL, 1 },
+ { "Name-DNS", pNAMEDNS, 1 },
+ { "Name-URI", pNAMEURI, 1 },
+ { NULL, 0 }
+ };
+ char line[1024], *p;
+ const char *err = NULL;
+ struct para_data_s *para, *r;
+ int i, rc = 0, any = 0;
+ struct reqgen_ctrl_s outctrl;
+
+ memset (&outctrl, 0, sizeof (outctrl));
+ outctrl.writer = writer;
+
+ err = NULL;
+ para = NULL;
+ while (es_fgets (line, DIM(line)-1, fp) )
+ {
+ char *keyword, *value;
+
+ outctrl.lnr++;
+ if (*line && line[strlen(line)-1] != '\n')
+ {
+ err = "line too long";
+ break;
+ }
+ for (p=line; spacep (p); p++)
+ ;
+ if (!*p || *p == '#')
+ continue;
+
+ keyword = p;
+ if (*keyword == '%')
+ {
+ for (; *p && !spacep (p); p++)
+ ;
+ if (*p)
+ *p++ = 0;
+ for (; spacep (p); p++)
+ ;
+ value = p;
+ trim_trailing_spaces (value);
+
+ if (!ascii_strcasecmp (keyword, "%echo"))
+ log_info ("%s\n", value);
+ else if (!ascii_strcasecmp (keyword, "%dry-run"))
+ outctrl.dryrun = 1;
+ else if (!ascii_strcasecmp( keyword, "%commit"))
+ {
+ rc = proc_parameters (ctrl, para, &outctrl);
+ if (rc)
+ goto leave;
+ any = 1;
+ release_parameter_list (para);
+ para = NULL;
+ }
+ else
+ log_info ("skipping control `%s' (%s)\n", keyword, value);
+
+ continue;
+ }
+
+
+ if (!(p = strchr (p, ':')) || p == keyword)
+ {
+ err = "missing colon";
+ break;
+ }
+ if (*p)
+ *p++ = 0;
+ for (; spacep (p); p++)
+ ;
+ if (!*p)
+ {
+ err = "missing argument";
+ break;
+ }
+ value = p;
+ trim_trailing_spaces (value);
+
+ for (i=0; (keywords[i].name
+ && ascii_strcasecmp (keywords[i].name, keyword)); i++)
+ ;
+ if (!keywords[i].name)
+ {
+ err = "unknown keyword";
+ break;
+ }
+ if (keywords[i].key != pKEYTYPE && !para)
+ {
+ err = "parameter block does not start with \"Key-Type\"";
+ break;
+ }
+
+ if (keywords[i].key == pKEYTYPE && para)
+ {
+ rc = proc_parameters (ctrl, para, &outctrl);
+ if (rc)
+ goto leave;
+ any = 1;
+ release_parameter_list (para);
+ para = NULL;
+ }
+ else if (!keywords[i].allow_dups)
+ {
+ for (r = para; r && r->key != keywords[i].key; r = r->next)
+ ;
+ if (r)
+ {
+ err = "duplicate keyword";
+ break;
+ }
+ }
+
+ r = xtrycalloc (1, sizeof *r + strlen( value ));
+ if (!r)
+ {
+ err = "out of core";
+ break;
+ }
+ r->lnr = outctrl.lnr;
+ r->key = keywords[i].key;
+ strcpy (r->u.value, value);
+ r->next = para;
+ para = r;
+ }
+
+ if (err)
+ {
+ log_error ("line %d: %s\n", outctrl.lnr, err);
+ rc = gpg_error (GPG_ERR_GENERAL);
+ }
+ else if (es_ferror(fp))
+ {
+ log_error ("line %d: read error: %s\n", outctrl.lnr, strerror(errno) );
+ rc = gpg_error (GPG_ERR_GENERAL);
+ }
+ else if (para)
+ {
+ rc = proc_parameters (ctrl, para, &outctrl);
+ if (rc)
+ goto leave;
+ any = 1;
+ }
+
+ if (!rc && !any)
+ rc = gpg_error (GPG_ERR_NO_DATA);
+
+ leave:
+ release_parameter_list (para);
+ return rc;
+}
+
+/* check whether there are invalid characters in the email address S */
+static int
+has_invalid_email_chars (const char *s)
+{
+ int at_seen=0;
+ static char valid_chars[] = "01234567890_-."
+ "abcdefghijklmnopqrstuvwxyz"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ for (; *s; s++)
+ {
+ if (*s & 0x80)
+ return 1;
+ if (*s == '@')
+ at_seen++;
+ else if (!at_seen && !( !!strchr (valid_chars, *s) || *s == '+'))
+ return 1;
+ else if (at_seen && !strchr (valid_chars, *s))
+ return 1;
+ }
+ return at_seen != 1;
+}
+
+
+/* Check that all required parameters are given and perform the action */
+static int
+proc_parameters (ctrl_t ctrl,
+ struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
+{
+ gpg_error_t err;
+ struct para_data_s *r;
+ const char *s;
+ int i;
+ unsigned int nbits;
+ char numbuf[20];
+ unsigned char keyparms[100];
+ int rc;
+ ksba_sexp_t public;
+ int seq;
+ size_t erroff, errlen;
+ char *cardkeyid = NULL;
+
+ /* Check that we have all required parameters; */
+ assert (get_parameter (para, pKEYTYPE, 0));
+
+ /* We can only use RSA for now. There is a problem with pkcs-10 on
+ how to use ElGamal because it is expected that a PK algorithm can
+ always be used for signing. Another problem is that on-card
+ generated encryption keys may not be used for signing. */
+ i = get_parameter_algo (para, pKEYTYPE);
+ if (!i && (s = get_parameter_value (para, pKEYTYPE, 0)) && *s)
+ {
+ /* Hack to allow creation of certificates directly from a smart
+ card. For example: "Key-Type: card:OPENPGP.3". */
+ if (!strncmp (s, "card:", 5) && s[5])
+ cardkeyid = xtrystrdup (s+5);
+ }
+ if ( (i < 1 || i != GCRY_PK_RSA) && !cardkeyid )
+ {
+ r = get_parameter (para, pKEYTYPE, 0);
+ log_error (_("line %d: invalid algorithm\n"), r->lnr);
+ return gpg_error (GPG_ERR_INV_PARAMETER);
+ }
+
+ /* Check the keylength. */
+ if (!get_parameter (para, pKEYLENGTH, 0))
+ nbits = 2048;
+ else
+ nbits = get_parameter_uint (para, pKEYLENGTH);
+ if ((nbits < 1024 || nbits > 4096) && !cardkeyid)
+ {
+ /* The BSI specs dated 2002-11-25 don't allow lengths below 1024. */
+ r = get_parameter (para, pKEYLENGTH, 0);
+ log_error (_("line %d: invalid key length %u (valid are %d to %d)\n"),
+ r->lnr, nbits, 1024, 4096);
+ xfree (cardkeyid);
+ return gpg_error (GPG_ERR_INV_PARAMETER);
+ }
+
+ /* Check the usage. */
+ if (parse_parameter_usage (para, pKEYUSAGE))
+ {
+ xfree (cardkeyid);
+ return gpg_error (GPG_ERR_INV_PARAMETER);
+ }
+
+ /* Check that there is a subject name and that this DN fits our
+ requirements. */
+ if (!(s=get_parameter_value (para, pNAMEDN, 0)))
+ {
+ r = get_parameter (para, pNAMEDN, 0);
+ log_error (_("line %d: no subject name given\n"), r->lnr);
+ xfree (cardkeyid);
+ return gpg_error (GPG_ERR_INV_PARAMETER);
+ }
+ err = ksba_dn_teststr (s, 0, &erroff, &errlen);
+ if (err)
+ {
+ r = get_parameter (para, pNAMEDN, 0);
+ if (gpg_err_code (err) == GPG_ERR_UNKNOWN_NAME)
+ log_error (_("line %d: invalid subject name label `%.*s'\n"),
+ r->lnr, (int)errlen, s+erroff);
+ else
+ log_error (_("line %d: invalid subject name `%s' at pos %d\n"),
+ r->lnr, s, (int)erroff);
+
+ xfree (cardkeyid);
+ return gpg_error (GPG_ERR_INV_PARAMETER);
+ }
+
+ /* Check that the optional email address is okay. */
+ for (seq=0; (s=get_parameter_value (para, pNAMEEMAIL, seq)); seq++)
+ {
+ if (has_invalid_email_chars (s)
+ || *s == '@'
+ || s[strlen(s)-1] == '@'
+ || s[strlen(s)-1] == '.'
+ || strstr(s, ".."))
+ {
+ r = get_parameter (para, pNAMEEMAIL, seq);
+ log_error (_("line %d: not a valid email address\n"), r->lnr);
+ xfree (cardkeyid);
+ return gpg_error (GPG_ERR_INV_PARAMETER);
+ }
+ }
+
+ if (cardkeyid) /* Take the key from the current smart card. */
+ {
+ rc = gpgsm_agent_readkey (ctrl, 1, cardkeyid, &public);
+ if (rc)
+ {
+ r = get_parameter (para, pKEYTYPE, 0);
+ log_error (_("line %d: error reading key `%s' from card: %s\n"),
+ r->lnr, cardkeyid, gpg_strerror (rc));
+ xfree (cardkeyid);
+ return rc;
+ }
+ }
+ else if ((s=get_parameter_value (para, pKEYGRIP, 0))) /* Use existing key.*/
+ {
+ rc = gpgsm_agent_readkey (ctrl, 0, s, &public);
+ if (rc)
+ {
+ r = get_parameter (para, pKEYTYPE, 0);
+ log_error (_("line %d: error getting key by keygrip `%s': %s\n"),
+ r->lnr, s, gpg_strerror (rc));
+ xfree (cardkeyid);
+ return rc;
+ }
+ }
+ else /* Generate new key. */
+ {
+ sprintf (numbuf, "%u", nbits);
+ snprintf ((char*)keyparms, DIM (keyparms)-1,
+ "(6:genkey(3:rsa(5:nbits%d:%s)))",
+ (int)strlen (numbuf), numbuf);
+ rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
+ if (rc)
+ {
+ r = get_parameter (para, pKEYTYPE, 0);
+ log_error (_("line %d: key generation failed: %s <%s>\n"),
+ r->lnr, gpg_strerror (rc), gpg_strsource (rc));
+ xfree (cardkeyid);
+ return rc;
+ }
+ }
+
+ rc = create_request (ctrl, para, cardkeyid, public, outctrl);
+ xfree (public);
+ xfree (cardkeyid);
+
+ return rc;
+}
+
+
+/* Parameters are checked, the key pair has been created. Now
+ generate the request and write it out */
+static int
+create_request (ctrl_t ctrl,
+ struct para_data_s *para,
+ const char *carddirect,
+ ksba_const_sexp_t public,
+ struct reqgen_ctrl_s *outctrl)
+{
+ ksba_certreq_t cr;
+ gpg_error_t err;
+ gcry_md_hd_t md;
+ ksba_stop_reason_t stopreason;
+ int rc = 0;
+ const char *s;
+ unsigned int use;
+ int seq;
+ char *buf, *p;
+ size_t len;
+ char numbuf[30];
+
+ err = ksba_certreq_new (&cr);
+ if (err)
+ return err;
+
+ rc = gcry_md_open (&md, GCRY_MD_SHA1, 0);
+ if (rc)
+ {
+ log_error ("md_open failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ if (DBG_HASHING)
+ gcry_md_start_debug (md, "cr.cri");
+
+ ksba_certreq_set_hash_function (cr, HASH_FNC, md);
+ ksba_certreq_set_writer (cr, outctrl->writer);
+
+ err = ksba_certreq_add_subject (cr, get_parameter_value (para, pNAMEDN, 0));
+ if (err)
+ {
+ log_error ("error setting the subject's name: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+
+ for (seq=0; (s = get_parameter_value (para, pNAMEEMAIL, seq)); seq++)
+ {
+ buf = xtrymalloc (strlen (s) + 3);
+ if (!buf)
+ {
+ rc = out_of_core ();
+ goto leave;
+ }
+ *buf = '<';
+ strcpy (buf+1, s);
+ strcat (buf+1, ">");
+ err = ksba_certreq_add_subject (cr, buf);
+ xfree (buf);
+ if (err)
+ {
+ log_error ("error setting the subject's alternate name: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+ }
+
+ for (seq=0; (s = get_parameter_value (para, pNAMEDNS, seq)); seq++)
+ {
+ len = strlen (s);
+ assert (len);
+ snprintf (numbuf, DIM(numbuf), "%u:", (unsigned int)len);
+ buf = p = xtrymalloc (11 + strlen (numbuf) + len + 3);
+ if (!buf)
+ {
+ rc = out_of_core ();
+ goto leave;
+ }
+ p = stpcpy (p, "(8:dns-name");
+ p = stpcpy (p, numbuf);
+ p = stpcpy (p, s);
+ strcpy (p, ")");
+
+ err = ksba_certreq_add_subject (cr, buf);
+ xfree (buf);
+ if (err)
+ {
+ log_error ("error setting the subject's alternate name: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+ }
+
+ for (seq=0; (s = get_parameter_value (para, pNAMEURI, seq)); seq++)
+ {
+ len = strlen (s);
+ assert (len);
+ snprintf (numbuf, DIM(numbuf), "%u:", (unsigned int)len);
+ buf = p = xtrymalloc (6 + strlen (numbuf) + len + 3);
+ if (!buf)
+ {
+ rc = out_of_core ();
+ goto leave;
+ }
+ p = stpcpy (p, "(3:uri");
+ p = stpcpy (p, numbuf);
+ p = stpcpy (p, s);
+ strcpy (p, ")");
+
+ err = ksba_certreq_add_subject (cr, buf);
+ xfree (buf);
+ if (err)
+ {
+ log_error ("error setting the subject's alternate name: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+ }
+
+
+ err = ksba_certreq_set_public_key (cr, public);
+ if (err)
+ {
+ log_error ("error setting the public key: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+
+
+ use = get_parameter_uint (para, pKEYUSAGE);
+ if (use == GCRY_PK_USAGE_SIGN)
+ {
+ /* For signing only we encode the bits:
+ KSBA_KEYUSAGE_DIGITAL_SIGNATURE
+ KSBA_KEYUSAGE_NON_REPUDIATION */
+ err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
+ "\x03\x02\x06\xC0", 4);
+ }
+ else if (use == GCRY_PK_USAGE_ENCR)
+ {
+ /* For encrypt only we encode the bits:
+ KSBA_KEYUSAGE_KEY_ENCIPHERMENT
+ KSBA_KEYUSAGE_DATA_ENCIPHERMENT */
+ err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
+ "\x03\x02\x04\x30", 4);
+ }
+ else
+ err = 0; /* Both or none given: don't request one. */
+ if (err)
+ {
+ log_error ("error setting the key usage: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+
+
+ do
+ {
+ err = ksba_certreq_build (cr, &stopreason);
+ if (err)
+ {
+ log_error ("ksba_certreq_build failed: %s\n", gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+ if (stopreason == KSBA_SR_NEED_SIG)
+ {
+ gcry_sexp_t s_pkey;
+ size_t n;
+ unsigned char grip[20];
+ char hexgrip[41];
+ unsigned char *sigval;
+ size_t siglen;
+
+ n = gcry_sexp_canon_len (public, 0, NULL, NULL);
+ if (!n)
+ {
+ log_error ("libksba did not return a proper S-Exp\n");
+ rc = gpg_error (GPG_ERR_BUG);
+ goto leave;
+ }
+ rc = gcry_sexp_sscan (&s_pkey, NULL, (const char*)public, n);
+ if (rc)
+ {
+ log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ if ( !gcry_pk_get_keygrip (s_pkey, grip) )
+ {
+ rc = gpg_error (GPG_ERR_GENERAL);
+ log_error ("can't figure out the keygrip\n");
+ gcry_sexp_release (s_pkey);
+ goto leave;
+ }
+ gcry_sexp_release (s_pkey);
+ bin2hex (grip, 20, hexgrip);
+
+ log_info ("about to sign CSR for key: &%s\n", hexgrip);
+
+ if (carddirect)
+ rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
+ gcry_md_read(md, GCRY_MD_SHA1),
+ gcry_md_get_algo_dlen (GCRY_MD_SHA1),
+ GCRY_MD_SHA1,
+ &sigval, &siglen);
+ else
+ {
+ char *orig_codeset;
+ char *desc;
+
+ orig_codeset = i18n_switchto_utf8 ();
+ desc = percent_plus_escape
+ (_("To complete this certificate request please enter"
+ " the passphrase for the key you just created once"
+ " more.\n"));
+ i18n_switchback (orig_codeset);
+ rc = gpgsm_agent_pksign (ctrl, hexgrip, desc,
+ gcry_md_read(md, GCRY_MD_SHA1),
+ gcry_md_get_algo_dlen (GCRY_MD_SHA1),
+ GCRY_MD_SHA1,
+ &sigval, &siglen);
+ xfree (desc);
+ }
+ if (rc)
+ {
+ log_error ("signing failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ err = ksba_certreq_set_sig_val (cr, sigval);
+ xfree (sigval);
+ if (err)
+ {
+ log_error ("failed to store the sig_val: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+ }
+ }
+ while (stopreason != KSBA_SR_READY);
+
+
+ leave:
+ gcry_md_close (md);
+ ksba_certreq_release (cr);
+ return rc;
+}
+
+
+
+/* Create a new key by reading the parameters from IN_FP. Multiple
+ keys may be created */
+int
+gpgsm_genkey (ctrl_t ctrl, estream_t in_stream, FILE *out_fp)
+{
+ int rc;
+ Base64Context b64writer = NULL;
+ ksba_writer_t writer;
+
+ ctrl->pem_name = "CERTIFICATE REQUEST";
+ rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, NULL, &writer);
+ if (rc)
+ {
+ log_error ("can't create writer: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ rc = read_parameters (ctrl, in_stream, writer);
+ if (rc)
+ {
+ log_error ("error creating certificate request: %s <%s>\n",
+ gpg_strerror (rc), gpg_strsource (rc));
+ goto leave;
+ }
+
+ rc = gpgsm_finish_writer (b64writer);
+ if (rc)
+ {
+ log_error ("write failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ gpgsm_status (ctrl, STATUS_KEY_CREATED, "P");
+ log_info ("certificate request created\n");
+
+ leave:
+ gpgsm_destroy_writer (b64writer);
+ return rc;
+}
+
diff --git a/sm/decrypt.c b/sm/decrypt.c
new file mode 100644
index 0000000..de02551
--- /dev/null
+++ b/sm/decrypt.c
@@ -0,0 +1,586 @@
+/* decrypt.c - Decrypt a message
+ * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <ksba.h>
+
+#include "keydb.h"
+#include "i18n.h"
+
+struct decrypt_filter_parm_s {
+ int algo;
+ int mode;
+ int blklen;
+ gcry_cipher_hd_t hd;
+ char iv[16];
+ size_t ivlen;
+ int any_data; /* dod we push anything through the filter at all? */
+ unsigned char lastblock[16]; /* to strip the padding we have to
+ keep this one */
+ char helpblock[16]; /* needed because there is no block buffering in
+ libgcrypt (yet) */
+ int helpblocklen;
+};
+
+
+
+/* Decrypt the session key and fill in the parm structure. The
+ algo and the IV is expected to be already in PARM. */
+static int
+prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
+ ksba_const_sexp_t enc_val,
+ struct decrypt_filter_parm_s *parm)
+{
+ char *seskey = NULL;
+ size_t n, seskeylen;
+ int rc;
+
+ rc = gpgsm_agent_pkdecrypt (ctrl, hexkeygrip, desc, enc_val,
+ &seskey, &seskeylen);
+ if (rc)
+ {
+ log_error ("error decrypting session key: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ if (DBG_CRYPTO)
+ log_printhex ("pkcs1 encoded session key:", seskey, seskeylen);
+
+ n=0;
+ if (seskeylen == 24)
+ {
+ /* Smells like a 3-des key. This might happen because a SC has
+ already done the unpacking. */
+ }
+ else
+ {
+ if (n + 7 > seskeylen )
+ {
+ rc = gpg_error (GPG_ERR_INV_SESSION_KEY);
+ goto leave;
+ }
+
+ /* FIXME: Actually the leading zero is required but due to the way
+ we encode the output in libgcrypt as an MPI we are not able to
+ encode that leading zero. However, when using a Smartcard we are
+ doing it the right way and therefore we have to skip the zero. This
+ should be fixed in gpg-agent of course. */
+ if (!seskey[n])
+ n++;
+
+ if (seskey[n] != 2 ) /* Wrong block type version. */
+ {
+ rc = gpg_error (GPG_ERR_INV_SESSION_KEY);
+ goto leave;
+ }
+
+ for (n++; n < seskeylen && seskey[n]; n++) /* Skip the random bytes. */
+ ;
+ n++; /* and the zero byte */
+ if (n >= seskeylen )
+ {
+ rc = gpg_error (GPG_ERR_INV_SESSION_KEY);
+ goto leave;
+ }
+ }
+
+ if (DBG_CRYPTO)
+ log_printhex ("session key:", seskey+n, seskeylen-n);
+
+ rc = gcry_cipher_open (&parm->hd, parm->algo, parm->mode, 0);
+ if (rc)
+ {
+ log_error ("error creating decryptor: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ rc = gcry_cipher_setkey (parm->hd, seskey+n, seskeylen-n);
+ if (gpg_err_code (rc) == GPG_ERR_WEAK_KEY)
+ {
+ log_info (_("WARNING: message was encrypted with "
+ "a weak key in the symmetric cipher.\n"));
+ rc = 0;
+ }
+ if (rc)
+ {
+ log_error("key setup failed: %s\n", gpg_strerror(rc) );
+ goto leave;
+ }
+
+ gcry_cipher_setiv (parm->hd, parm->iv, parm->ivlen);
+
+ leave:
+ xfree (seskey);
+ return rc;
+}
+
+
+/* This function is called by the KSBA writer just before the actual
+ write is done. The function must take INLEN bytes from INBUF,
+ decrypt it and store it inoutbuf which has a maximum size of
+ maxoutlen. The valid bytes in outbuf should be return in outlen.
+ Due to different buffer sizes or different length of input and
+ output, it may happen that fewer bytes are processed or fewer bytes
+ are written. */
+static gpg_error_t
+decrypt_filter (void *arg,
+ const void *inbuf, size_t inlen, size_t *inused,
+ void *outbuf, size_t maxoutlen, size_t *outlen)
+{
+ struct decrypt_filter_parm_s *parm = arg;
+ int blklen = parm->blklen;
+ size_t orig_inlen = inlen;
+
+ /* fixme: Should we issue an error when we have not seen one full block? */
+ if (!inlen)
+ return gpg_error (GPG_ERR_BUG);
+
+ if (maxoutlen < 2*parm->blklen)
+ return gpg_error (GPG_ERR_BUG);
+ /* Make some space because we will later need an extra block at the end. */
+ maxoutlen -= blklen;
+
+ if (parm->helpblocklen)
+ {
+ int i, j;
+
+ for (i=parm->helpblocklen,j=0; i < blklen && j < inlen; i++, j++)
+ parm->helpblock[i] = ((const char*)inbuf)[j];
+ inlen -= j;
+ if (blklen > maxoutlen)
+ return gpg_error (GPG_ERR_BUG);
+ if (i < blklen)
+ {
+ parm->helpblocklen = i;
+ *outlen = 0;
+ }
+ else
+ {
+ parm->helpblocklen = 0;
+ if (parm->any_data)
+ {
+ memcpy (outbuf, parm->lastblock, blklen);
+ *outlen =blklen;
+ }
+ else
+ *outlen = 0;
+ gcry_cipher_decrypt (parm->hd, parm->lastblock, blklen,
+ parm->helpblock, blklen);
+ parm->any_data = 1;
+ }
+ *inused = orig_inlen - inlen;
+ return 0;
+ }
+
+
+ if (inlen > maxoutlen)
+ inlen = maxoutlen;
+ if (inlen % blklen)
+ { /* store the remainder away */
+ parm->helpblocklen = inlen%blklen;
+ inlen = inlen/blklen*blklen;
+ memcpy (parm->helpblock, (const char*)inbuf+inlen, parm->helpblocklen);
+ }
+
+ *inused = inlen + parm->helpblocklen;
+ if (inlen)
+ {
+ assert (inlen >= blklen);
+ if (parm->any_data)
+ {
+ gcry_cipher_decrypt (parm->hd, (char*)outbuf+blklen, inlen,
+ inbuf, inlen);
+ memcpy (outbuf, parm->lastblock, blklen);
+ memcpy (parm->lastblock,(char*)outbuf+inlen, blklen);
+ *outlen = inlen;
+ }
+ else
+ {
+ gcry_cipher_decrypt (parm->hd, outbuf, inlen, inbuf, inlen);
+ memcpy (parm->lastblock, (char*)outbuf+inlen-blklen, blklen);
+ *outlen = inlen - blklen;
+ parm->any_data = 1;
+ }
+ }
+ else
+ *outlen = 0;
+ return 0;
+}
+
+
+
+/* Perform a decrypt operation. */
+int
+gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
+{
+ int rc;
+ Base64Context b64reader = NULL;
+ Base64Context b64writer = NULL;
+ ksba_reader_t reader;
+ ksba_writer_t writer;
+ ksba_cms_t cms = NULL;
+ ksba_stop_reason_t stopreason;
+ KEYDB_HANDLE kh;
+ int recp;
+ FILE *in_fp = NULL;
+ struct decrypt_filter_parm_s dfparm;
+
+ memset (&dfparm, 0, sizeof dfparm);
+
+ audit_set_type (ctrl->audit, AUDIT_TYPE_DECRYPT);
+
+ kh = keydb_new (0);
+ if (!kh)
+ {
+ log_error (_("failed to allocated keyDB handle\n"));
+ rc = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+
+ in_fp = fdopen ( dup (in_fd), "rb");
+ if (!in_fp)
+ {
+ rc = gpg_error (gpg_err_code_from_errno (errno));
+ log_error ("fdopen() failed: %s\n", strerror (errno));
+ goto leave;
+ }
+
+ rc = gpgsm_create_reader (&b64reader, ctrl, in_fp, 0, &reader);
+ if (rc)
+ {
+ log_error ("can't create reader: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, NULL, &writer);
+ if (rc)
+ {
+ log_error ("can't create writer: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ rc = ksba_cms_new (&cms);
+ if (rc)
+ goto leave;
+
+ rc = ksba_cms_set_reader_writer (cms, reader, writer);
+ if (rc)
+ {
+ log_debug ("ksba_cms_set_reader_writer failed: %s\n",
+ gpg_strerror (rc));
+ goto leave;
+ }
+
+ audit_log (ctrl->audit, AUDIT_SETUP_READY);
+
+ /* Parser loop. */
+ do
+ {
+ rc = ksba_cms_parse (cms, &stopreason);
+ if (rc)
+ {
+ log_debug ("ksba_cms_parse failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ if (stopreason == KSBA_SR_BEGIN_DATA
+ || stopreason == KSBA_SR_DETACHED_DATA)
+ {
+ int algo, mode;
+ const char *algoid;
+ int any_key = 0;
+
+ audit_log (ctrl->audit, AUDIT_GOT_DATA);
+
+ algoid = ksba_cms_get_content_oid (cms, 2/* encryption algo*/);
+ algo = gcry_cipher_map_name (algoid);
+ mode = gcry_cipher_mode_from_oid (algoid);
+ if (!algo || !mode)
+ {
+ rc = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+ log_error ("unsupported algorithm `%s'\n", algoid? algoid:"?");
+ if (algoid && !strcmp (algoid, "1.2.840.113549.3.2"))
+ log_info (_("(this is the RC2 algorithm)\n"));
+ else if (!algoid)
+ log_info (_("(this does not seem to be an encrypted"
+ " message)\n"));
+ {
+ char numbuf[50];
+ sprintf (numbuf, "%d", rc);
+ gpgsm_status2 (ctrl, STATUS_ERROR, "decrypt.algorithm",
+ numbuf, algoid?algoid:"?", NULL);
+ audit_log_s (ctrl->audit, AUDIT_BAD_DATA_CIPHER_ALGO, algoid);
+ }
+
+ /* If it seems that this is not an encrypted message we
+ return a more sensible error code. */
+ if (!algoid)
+ rc = gpg_error (GPG_ERR_NO_DATA);
+
+ goto leave;
+ }
+
+ audit_log_i (ctrl->audit, AUDIT_DATA_CIPHER_ALGO, algo);
+ dfparm.algo = algo;
+ dfparm.mode = mode;
+ dfparm.blklen = gcry_cipher_get_algo_blklen (algo);
+ if (dfparm.blklen > sizeof (dfparm.helpblock))
+ return gpg_error (GPG_ERR_BUG);
+
+ rc = ksba_cms_get_content_enc_iv (cms,
+ dfparm.iv,
+ sizeof (dfparm.iv),
+ &dfparm.ivlen);
+ if (rc)
+ {
+ log_error ("error getting IV: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ for (recp=0; !any_key; recp++)
+ {
+ char *issuer;
+ ksba_sexp_t serial;
+ ksba_sexp_t enc_val;
+ char *hexkeygrip = NULL;
+ char *desc = NULL;
+ char kidbuf[16+1];
+
+ *kidbuf = 0;
+
+ rc = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial);
+ if (rc == -1 && recp)
+ break; /* no more recipients */
+ audit_log_i (ctrl->audit, AUDIT_NEW_RECP, recp);
+ if (rc)
+ log_error ("recp %d - error getting info: %s\n",
+ recp, gpg_strerror (rc));
+ else
+ {
+ ksba_cert_t cert = NULL;
+
+ log_debug ("recp %d - issuer: `%s'\n",
+ recp, issuer? issuer:"[NONE]");
+ log_debug ("recp %d - serial: ", recp);
+ gpgsm_dump_serial (serial);
+ log_printf ("\n");
+
+ if (ctrl->audit)
+ {
+ char *tmpstr = gpgsm_format_sn_issuer (serial, issuer);
+ audit_log_s (ctrl->audit, AUDIT_RECP_NAME, tmpstr);
+ xfree (tmpstr);
+ }
+
+ keydb_search_reset (kh);
+ rc = keydb_search_issuer_sn (kh, issuer, serial);
+ if (rc)
+ {
+ log_error ("failed to find the certificate: %s\n",
+ gpg_strerror(rc));
+ goto oops;
+ }
+
+ rc = keydb_get_cert (kh, &cert);
+ if (rc)
+ {
+ log_error ("failed to get cert: %s\n", gpg_strerror (rc));
+ goto oops;
+ }
+
+ /* Print the ENC_TO status line. Note that we can
+ do so only if we have the certificate. This is
+ in contrast to gpg where the keyID is commonly
+ included in the encrypted messages. It is too
+ cumbersome to retrieve the used algorithm, thus
+ we don't print it for now. We also record the
+ keyid for later use. */
+ {
+ unsigned long kid[2];
+
+ kid[0] = gpgsm_get_short_fingerprint (cert, kid+1);
+ snprintf (kidbuf, sizeof kidbuf, "%08lX%08lX",
+ kid[1], kid[0]);
+ gpgsm_status2 (ctrl, STATUS_ENC_TO,
+ kidbuf, "0", "0", NULL);
+ }
+
+ /* Put the certificate into the audit log. */
+ audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert, 0);
+
+ /* Just in case there is a problem with the own
+ certificate we print this message - should never
+ happen of course */
+ rc = gpgsm_cert_use_decrypt_p (cert);
+ if (rc)
+ {
+ char numbuf[50];
+ sprintf (numbuf, "%d", rc);
+ gpgsm_status2 (ctrl, STATUS_ERROR, "decrypt.keyusage",
+ numbuf, NULL);
+ rc = 0;
+ }
+
+ hexkeygrip = gpgsm_get_keygrip_hexstring (cert);
+ desc = gpgsm_format_keydesc (cert);
+
+ oops:
+ xfree (issuer);
+ xfree (serial);
+ ksba_cert_release (cert);
+ }
+
+ if (!hexkeygrip)
+ ;
+ else if (!(enc_val = ksba_cms_get_enc_val (cms, recp)))
+ log_error ("recp %d - error getting encrypted session key\n",
+ recp);
+ else
+ {
+ rc = prepare_decryption (ctrl,
+ hexkeygrip, desc, enc_val, &dfparm);
+ xfree (enc_val);
+ if (rc)
+ {
+ log_info ("decrypting session key failed: %s\n",
+ gpg_strerror (rc));
+ if (gpg_err_code (rc) == GPG_ERR_NO_SECKEY && *kidbuf)
+ gpgsm_status2 (ctrl, STATUS_NO_SECKEY, kidbuf, NULL);
+ }
+ else
+ { /* setup the bulk decrypter */
+ any_key = 1;
+ ksba_writer_set_filter (writer,
+ decrypt_filter,
+ &dfparm);
+ }
+ audit_log_ok (ctrl->audit, AUDIT_RECP_RESULT, rc);
+ }
+ xfree (hexkeygrip);
+ xfree (desc);
+ }
+
+ /* If we write an audit log add the unused recipients to the
+ log as well. */
+ if (ctrl->audit && any_key)
+ {
+ for (;; recp++)
+ {
+ char *issuer;
+ ksba_sexp_t serial;
+ int tmp_rc;
+
+ tmp_rc = ksba_cms_get_issuer_serial (cms, recp,
+ &issuer, &serial);
+ if (tmp_rc == -1)
+ break; /* no more recipients */
+ audit_log_i (ctrl->audit, AUDIT_NEW_RECP, recp);
+ if (tmp_rc)
+ log_error ("recp %d - error getting info: %s\n",
+ recp, gpg_strerror (rc));
+ else
+ {
+ char *tmpstr = gpgsm_format_sn_issuer (serial, issuer);
+ audit_log_s (ctrl->audit, AUDIT_RECP_NAME, tmpstr);
+ xfree (tmpstr);
+ xfree (issuer);
+ xfree (serial);
+ }
+ }
+ }
+
+ if (!any_key)
+ {
+ rc = gpg_error (GPG_ERR_NO_SECKEY);
+ goto leave;
+ }
+ }
+ else if (stopreason == KSBA_SR_END_DATA)
+ {
+ ksba_writer_set_filter (writer, NULL, NULL);
+ if (dfparm.any_data)
+ { /* write the last block with padding removed */
+ int i, npadding = dfparm.lastblock[dfparm.blklen-1];
+ if (!npadding || npadding > dfparm.blklen)
+ {
+ log_error ("invalid padding with value %d\n", npadding);
+ rc = gpg_error (GPG_ERR_INV_DATA);
+ goto leave;
+ }
+ rc = ksba_writer_write (writer,
+ dfparm.lastblock,
+ dfparm.blklen - npadding);
+ if (rc)
+ goto leave;
+
+ for (i=dfparm.blklen - npadding; i < dfparm.blklen; i++)
+ {
+ if (dfparm.lastblock[i] != npadding)
+ {
+ log_error ("inconsistent padding\n");
+ rc = gpg_error (GPG_ERR_INV_DATA);
+ goto leave;
+ }
+ }
+ }
+ }
+
+ }
+ while (stopreason != KSBA_SR_READY);
+
+ rc = gpgsm_finish_writer (b64writer);
+ if (rc)
+ {
+ log_error ("write failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ gpgsm_status (ctrl, STATUS_DECRYPTION_OKAY, NULL);
+
+
+ leave:
+ audit_log_ok (ctrl->audit, AUDIT_DECRYPTION_RESULT, rc);
+ if (rc)
+ {
+ gpgsm_status (ctrl, STATUS_DECRYPTION_FAILED, NULL);
+ log_error ("message decryption failed: %s <%s>\n",
+ gpg_strerror (rc), gpg_strsource (rc));
+ }
+ ksba_cms_release (cms);
+ gpgsm_destroy_reader (b64reader);
+ gpgsm_destroy_writer (b64writer);
+ keydb_release (kh);
+ if (in_fp)
+ fclose (in_fp);
+ if (dfparm.hd)
+ gcry_cipher_close (dfparm.hd);
+ return rc;
+}
+
+
diff --git a/sm/delete.c b/sm/delete.c
new file mode 100644
index 0000000..fd49ebe
--- /dev/null
+++ b/sm/delete.c
@@ -0,0 +1,182 @@
+/* delete.c - Delete certificates from the keybox.
+ * Copyright (C) 2002, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <ksba.h>
+
+#include "keydb.h"
+#include "i18n.h"
+
+
+/* Delete a certificate or an secret key from a key database. */
+static int
+delete_one (ctrl_t ctrl, const char *username)
+{
+ int rc = 0;
+ KEYDB_SEARCH_DESC desc;
+ KEYDB_HANDLE kh = NULL;
+ ksba_cert_t cert = NULL;
+ int duplicates = 0;
+ int is_ephem = 0;
+
+ rc = keydb_classify_name (username, &desc);
+ if (rc)
+ {
+ log_error (_("certificate `%s' not found: %s\n"),
+ username, gpg_strerror (rc));
+ gpgsm_status2 (ctrl, STATUS_DELETE_PROBLEM, "1", NULL);
+ goto leave;
+ }
+
+ kh = keydb_new (0);
+ if (!kh)
+ {
+ log_error ("keydb_new failed\n");
+ goto leave;
+ }
+
+ /* If the key is specified in a unique way, include ephemeral keys
+ in the search. */
+ if ( desc.mode == KEYDB_SEARCH_MODE_FPR
+ || desc.mode == KEYDB_SEARCH_MODE_FPR20
+ || desc.mode == KEYDB_SEARCH_MODE_FPR16
+ || desc.mode == KEYDB_SEARCH_MODE_KEYGRIP )
+ {
+ is_ephem = 1;
+ keydb_set_ephemeral (kh, 1);
+ }
+
+ rc = keydb_search (kh, &desc, 1);
+ if (!rc)
+ rc = keydb_get_cert (kh, &cert);
+ if (!rc && !is_ephem)
+ {
+ unsigned char fpr[20];
+
+ gpgsm_get_fingerprint (cert, 0, fpr, NULL);
+
+ next_ambigious:
+ rc = keydb_search (kh, &desc, 1);
+ if (rc == -1)
+ rc = 0;
+ else if (!rc)
+ {
+ ksba_cert_t cert2 = NULL;
+ unsigned char fpr2[20];
+
+ /* We ignore all duplicated certificates which might have
+ been inserted due to program bugs. */
+ if (!keydb_get_cert (kh, &cert2))
+ {
+ gpgsm_get_fingerprint (cert2, 0, fpr2, NULL);
+ ksba_cert_release (cert2);
+ if (!memcmp (fpr, fpr2, 20))
+ {
+ duplicates++;
+ goto next_ambigious;
+ }
+ }
+ rc = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
+ }
+ }
+ if (rc)
+ {
+ if (rc == -1)
+ rc = gpg_error (GPG_ERR_NO_PUBKEY);
+ log_error (_("certificate `%s' not found: %s\n"),
+ username, gpg_strerror (rc));
+ gpgsm_status2 (ctrl, STATUS_DELETE_PROBLEM, "3", NULL);
+ goto leave;
+ }
+
+ /* We need to search again to get back to the right position. */
+ rc = keydb_lock (kh);
+ if (rc)
+ {
+ log_error (_("error locking keybox: %s\n"), gpg_strerror (rc));
+ goto leave;
+ }
+
+ do
+ {
+ keydb_search_reset (kh);
+ rc = keydb_search (kh, &desc, 1);
+ if (rc)
+ {
+ log_error ("problem re-searching certificate: %s\n",
+ gpg_strerror (rc));
+ goto leave;
+ }
+
+ rc = keydb_delete (kh, duplicates ? 0 : 1);
+ if (rc)
+ goto leave;
+ if (opt.verbose)
+ {
+ if (duplicates)
+ log_info (_("duplicated certificate `%s' deleted\n"), username);
+ else
+ log_info (_("certificate `%s' deleted\n"), username);
+ }
+ }
+ while (duplicates--);
+
+ leave:
+ keydb_release (kh);
+ ksba_cert_release (cert);
+ return rc;
+}
+
+
+
+/* Delete the certificates specified by NAMES. */
+int
+gpgsm_delete (ctrl_t ctrl, strlist_t names)
+{
+ int rc;
+
+ if (!names)
+ {
+ log_error ("nothing to delete\n");
+ return gpg_error (GPG_ERR_NO_DATA);
+ }
+
+ for (; names; names=names->next )
+ {
+ rc = delete_one (ctrl, names->d);
+ if (rc)
+ {
+ log_error (_("deleting certificate \"%s\" failed: %s\n"),
+ names->d, gpg_strerror (rc) );
+ return rc;
+ }
+ }
+
+ return 0;
+}
diff --git a/sm/encrypt.c b/sm/encrypt.c
new file mode 100644
index 0000000..a526a64
--- /dev/null
+++ b/sm/encrypt.c
@@ -0,0 +1,513 @@
+/* encrypt.c - Encrypt a message
+ * Copyright (C) 2001, 2003, 2004, 2007, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <ksba.h>
+
+#include "keydb.h"
+#include "i18n.h"
+
+
+struct dek_s {
+ const char *algoid;
+ int algo;
+ gcry_cipher_hd_t chd;
+ char key[32];
+ int keylen;
+ char iv[32];
+ int ivlen;
+};
+typedef struct dek_s *DEK;
+
+struct encrypt_cb_parm_s {
+ FILE *fp;
+ DEK dek;
+ int eof_seen;
+ int ready;
+ int readerror;
+ int bufsize;
+ unsigned char *buffer;
+ int buflen;
+};
+
+
+
+
+
+/* Initialize the data encryption key (session key). */
+static int
+init_dek (DEK dek)
+{
+ int rc=0, mode, i;
+
+ dek->algo = gcry_cipher_map_name (dek->algoid);
+ mode = gcry_cipher_mode_from_oid (dek->algoid);
+ if (!dek->algo || !mode)
+ {
+ log_error ("unsupported algorithm `%s'\n", dek->algoid);
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+ }
+
+ /* Extra check for algorithms we consider to be too weak for
+ encryption, although we support them for decryption. Note that
+ there is another check below discriminating on the key length. */
+ switch (dek->algo)
+ {
+ case GCRY_CIPHER_DES:
+ case GCRY_CIPHER_RFC2268_40:
+ log_error ("cipher algorithm `%s' not allowed: too weak\n",
+ gcry_cipher_algo_name (dek->algo));
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+ default:
+ break;
+ }
+
+ dek->keylen = gcry_cipher_get_algo_keylen (dek->algo);
+ if (!dek->keylen || dek->keylen > sizeof (dek->key))
+ return gpg_error (GPG_ERR_BUG);
+
+ dek->ivlen = gcry_cipher_get_algo_blklen (dek->algo);
+ if (!dek->ivlen || dek->ivlen > sizeof (dek->iv))
+ return gpg_error (GPG_ERR_BUG);
+
+ /* Make sure we don't use weak keys. */
+ if (dek->keylen < 100/8)
+ {
+ log_error ("key length of `%s' too small\n", dek->algoid);
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+ }
+
+ rc = gcry_cipher_open (&dek->chd, dek->algo, mode, GCRY_CIPHER_SECURE);
+ if (rc)
+ {
+ log_error ("failed to create cipher context: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+
+ for (i=0; i < 8; i++)
+ {
+ gcry_randomize (dek->key, dek->keylen, GCRY_STRONG_RANDOM );
+ rc = gcry_cipher_setkey (dek->chd, dek->key, dek->keylen);
+ if (gpg_err_code (rc) != GPG_ERR_WEAK_KEY)
+ break;
+ log_info(_("weak key created - retrying\n") );
+ }
+ if (rc)
+ {
+ log_error ("failed to set the key: %s\n", gpg_strerror (rc));
+ gcry_cipher_close (dek->chd);
+ dek->chd = NULL;
+ return rc;
+ }
+
+ gcry_create_nonce (dek->iv, dek->ivlen);
+ rc = gcry_cipher_setiv (dek->chd, dek->iv, dek->ivlen);
+ if (rc)
+ {
+ log_error ("failed to set the IV: %s\n", gpg_strerror (rc));
+ gcry_cipher_close (dek->chd);
+ dek->chd = NULL;
+ return rc;
+ }
+
+ return 0;
+}
+
+
+static int
+encode_session_key (DEK dek, gcry_sexp_t * r_data)
+{
+ gcry_sexp_t data;
+ char *p;
+ int rc;
+
+ p = xtrymalloc (64 + 2 * dek->keylen);
+ if (!p)
+ return gpg_error_from_syserror ();
+ strcpy (p, "(data\n (flags pkcs1)\n (value #");
+ bin2hex (dek->key, dek->keylen, p + strlen (p));
+ strcat (p, "#))\n");
+ rc = gcry_sexp_sscan (&data, NULL, p, strlen (p));
+ xfree (p);
+ *r_data = data;
+ return rc;
+}
+
+
+/* Encrypt the DEK under the key contained in CERT and return it as a
+ canonical S-Exp in encval. */
+static int
+encrypt_dek (const DEK dek, ksba_cert_t cert, unsigned char **encval)
+{
+ gcry_sexp_t s_ciph, s_data, s_pkey;
+ int rc;
+ ksba_sexp_t buf;
+ size_t len;
+
+ *encval = NULL;
+
+ /* get the key from the cert */
+ buf = ksba_cert_get_public_key (cert);
+ if (!buf)
+ {
+ log_error ("no public key for recipient\n");
+ return gpg_error (GPG_ERR_NO_PUBKEY);
+ }
+ len = gcry_sexp_canon_len (buf, 0, NULL, NULL);
+ if (!len)
+ {
+ log_error ("libksba did not return a proper S-Exp\n");
+ return gpg_error (GPG_ERR_BUG);
+ }
+ rc = gcry_sexp_sscan (&s_pkey, NULL, (char*)buf, len);
+ xfree (buf); buf = NULL;
+ if (rc)
+ {
+ log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+
+ /* Put the encoded cleartext into a simple list. */
+ s_data = NULL; /* (avoid compiler warning) */
+ rc = encode_session_key (dek, &s_data);
+ if (rc)
+ {
+ log_error ("encode_session_key failed: %s\n", gpg_strerror (rc));
+ return rc;
+ }
+
+ /* pass it to libgcrypt */
+ rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
+ gcry_sexp_release (s_data);
+ gcry_sexp_release (s_pkey);
+
+ /* Reformat it. */
+ rc = make_canon_sexp (s_ciph, encval, NULL);
+ gcry_sexp_release (s_ciph);
+ return rc;
+}
+
+
+
+/* do the actual encryption */
+static int
+encrypt_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
+{
+ struct encrypt_cb_parm_s *parm = cb_value;
+ int blklen = parm->dek->ivlen;
+ unsigned char *p;
+ size_t n;
+
+ *nread = 0;
+ if (!buffer)
+ return -1; /* not supported */
+
+ if (parm->ready)
+ return -1;
+
+ if (count < blklen)
+ BUG ();
+
+ if (!parm->eof_seen)
+ { /* fillup the buffer */
+ p = parm->buffer;
+ for (n=parm->buflen; n < parm->bufsize; n++)
+ {
+ int c = getc (parm->fp);
+ if (c == EOF)
+ {
+ if (ferror (parm->fp))
+ {
+ parm->readerror = errno;
+ return -1;
+ }
+ parm->eof_seen = 1;
+ break;
+ }
+ p[n] = c;
+ }
+ parm->buflen = n;
+ }
+
+ n = parm->buflen < count? parm->buflen : count;
+ n = n/blklen * blklen;
+ if (n)
+ { /* encrypt the stuff */
+ gcry_cipher_encrypt (parm->dek->chd, buffer, n, parm->buffer, n);
+ *nread = n;
+ /* Who cares about cycles, take the easy way and shift the buffer */
+ parm->buflen -= n;
+ memmove (parm->buffer, parm->buffer+n, parm->buflen);
+ }
+ else if (parm->eof_seen)
+ { /* no complete block but eof: add padding */
+ /* fixme: we should try to do this also in the above code path */
+ int i, npad = blklen - (parm->buflen % blklen);
+ p = parm->buffer;
+ for (n=parm->buflen, i=0; n < parm->bufsize && i < npad; n++, i++)
+ p[n] = npad;
+ gcry_cipher_encrypt (parm->dek->chd, buffer, n, parm->buffer, n);
+ *nread = n;
+ parm->ready = 1;
+ }
+
+ return 0;
+}
+
+
+
+
+/* Perform an encrypt operation.
+
+ Encrypt the data received on DATA-FD and write it to OUT_FP. The
+ recipients are take from the certificate given in recplist; if this
+ is NULL it will be encrypted for a default recipient */
+int
+gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp)
+{
+ int rc = 0;
+ Base64Context b64writer = NULL;
+ gpg_error_t err;
+ ksba_writer_t writer;
+ ksba_reader_t reader = NULL;
+ ksba_cms_t cms = NULL;
+ ksba_stop_reason_t stopreason;
+ KEYDB_HANDLE kh = NULL;
+ struct encrypt_cb_parm_s encparm;
+ DEK dek = NULL;
+ int recpno;
+ FILE *data_fp = NULL;
+ certlist_t cl;
+ int count;
+
+ memset (&encparm, 0, sizeof encparm);
+
+ audit_set_type (ctrl->audit, AUDIT_TYPE_ENCRYPT);
+
+ /* Check that the certificate list is not empty and that at least
+ one certificate is not flagged as encrypt_to; i.e. is a real
+ recipient. */
+ for (cl = recplist; cl; cl = cl->next)
+ if (!cl->is_encrypt_to)
+ break;
+ if (!cl)
+ {
+ log_error(_("no valid recipients given\n"));
+ gpgsm_status (ctrl, STATUS_NO_RECP, "0");
+ audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, 0);
+ rc = gpg_error (GPG_ERR_NO_PUBKEY);
+ goto leave;
+ }
+
+ for (count = 0, cl = recplist; cl; cl = cl->next)
+ count++;
+ audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, count);
+
+ kh = keydb_new (0);
+ if (!kh)
+ {
+ log_error (_("failed to allocated keyDB handle\n"));
+ rc = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+ data_fp = fdopen ( dup (data_fd), "rb");
+ if (!data_fp)
+ {
+ rc = gpg_error (gpg_err_code_from_errno (errno));
+ log_error ("fdopen() failed: %s\n", strerror (errno));
+ goto leave;
+ }
+
+ err = ksba_reader_new (&reader);
+ if (err)
+ rc = err;
+ if (!rc)
+ rc = ksba_reader_set_cb (reader, encrypt_cb, &encparm);
+ if (rc)
+ goto leave;
+
+ encparm.fp = data_fp;
+
+ ctrl->pem_name = "ENCRYPTED MESSAGE";
+ rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, NULL, &writer);
+ if (rc)
+ {
+ log_error ("can't create writer: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ err = ksba_cms_new (&cms);
+ if (err)
+ {
+ rc = err;
+ goto leave;
+ }
+
+ err = ksba_cms_set_reader_writer (cms, reader, writer);
+ if (err)
+ {
+ log_debug ("ksba_cms_set_reader_writer failed: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+
+ audit_log (ctrl->audit, AUDIT_GOT_DATA);
+
+ /* We are going to create enveloped data with uninterpreted data as
+ inner content */
+ err = ksba_cms_set_content_type (cms, 0, KSBA_CT_ENVELOPED_DATA);
+ if (!err)
+ err = ksba_cms_set_content_type (cms, 1, KSBA_CT_DATA);
+ if (err)
+ {
+ log_debug ("ksba_cms_set_content_type failed: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+
+ /* Create a session key */
+ dek = xtrycalloc_secure (1, sizeof *dek);
+ if (!dek)
+ rc = out_of_core ();
+ else
+ {
+ dek->algoid = opt.def_cipher_algoid;
+ rc = init_dek (dek);
+ }
+ if (rc)
+ {
+ log_error ("failed to create the session key: %s\n",
+ gpg_strerror (rc));
+ goto leave;
+ }
+
+ err = ksba_cms_set_content_enc_algo (cms, dek->algoid, dek->iv, dek->ivlen);
+ if (err)
+ {
+ log_error ("ksba_cms_set_content_enc_algo failed: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+
+ encparm.dek = dek;
+ /* Use a ~8k (AES) or ~4k (3DES) buffer */
+ encparm.bufsize = 500 * dek->ivlen;
+ encparm.buffer = xtrymalloc (encparm.bufsize);
+ if (!encparm.buffer)
+ {
+ rc = out_of_core ();
+ goto leave;
+ }
+
+ audit_log_s (ctrl->audit, AUDIT_SESSION_KEY, dek->algoid);
+
+ /* Gather certificates of recipients, encrypt the session key for
+ each and store them in the CMS object */
+ for (recpno = 0, cl = recplist; cl; recpno++, cl = cl->next)
+ {
+ unsigned char *encval;
+
+ rc = encrypt_dek (dek, cl->cert, &encval);
+ if (rc)
+ {
+ audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, rc);
+ log_error ("encryption failed for recipient no. %d: %s\n",
+ recpno, gpg_strerror (rc));
+ goto leave;
+ }
+
+ err = ksba_cms_add_recipient (cms, cl->cert);
+ if (err)
+ {
+ audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err);
+ log_error ("ksba_cms_add_recipient failed: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ xfree (encval);
+ goto leave;
+ }
+
+ err = ksba_cms_set_enc_val (cms, recpno, encval);
+ xfree (encval);
+ audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err);
+ if (err)
+ {
+ log_error ("ksba_cms_set_enc_val failed: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+ }
+
+ /* Main control loop for encryption. */
+ recpno = 0;
+ do
+ {
+ err = ksba_cms_build (cms, &stopreason);
+ if (err)
+ {
+ log_debug ("ksba_cms_build failed: %s\n", gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+ }
+ while (stopreason != KSBA_SR_READY);
+
+ if (encparm.readerror)
+ {
+ log_error ("error reading input: %s\n", strerror (encparm.readerror));
+ rc = gpg_error (gpg_err_code_from_errno (encparm.readerror));
+ goto leave;
+ }
+
+
+ rc = gpgsm_finish_writer (b64writer);
+ if (rc)
+ {
+ log_error ("write failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ audit_log (ctrl->audit, AUDIT_ENCRYPTION_DONE);
+ log_info ("encrypted data created\n");
+
+ leave:
+ ksba_cms_release (cms);
+ gpgsm_destroy_writer (b64writer);
+ ksba_reader_release (reader);
+ keydb_release (kh);
+ xfree (dek);
+ if (data_fp)
+ fclose (data_fp);
+ xfree (encparm.buffer);
+ return rc;
+}
diff --git a/sm/export.c b/sm/export.c
new file mode 100644
index 0000000..fcf1dcc
--- /dev/null
+++ b/sm/export.c
@@ -0,0 +1,749 @@
+/* export.c - Export certificates and private keys.
+ * Copyright (C) 2002, 2003, 2004, 2007, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <time.h>
+#include <assert.h>
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <ksba.h>
+
+#include "keydb.h"
+#include "exechelp.h"
+#include "i18n.h"
+#include "sysutils.h"
+
+
+
+/* A table to store a fingerprint as used in a duplicates table. We
+ don't need to hash here because a fingerprint is already a perfect
+ hash value. This we use the most significant bits to index the
+ table and then use a linked list for the overflow. Possible
+ enhancement for very large number of certificates: Add a second
+ level table and then resort to a linked list. */
+struct duptable_s
+{
+ struct duptable_s *next;
+
+ /* Note that we only need to store 19 bytes because the first byte
+ is implictly given by the table index (we require at least 8
+ bits). */
+ unsigned char fpr[19];
+};
+typedef struct duptable_s *duptable_t;
+#define DUPTABLE_BITS 12
+#define DUPTABLE_SIZE (1 << DUPTABLE_BITS)
+
+
+static void print_short_info (ksba_cert_t cert, FILE *fp, estream_t stream);
+static gpg_error_t export_p12 (ctrl_t ctrl,
+ const unsigned char *certimg, size_t certimglen,
+ const char *prompt, const char *keygrip,
+ FILE **retfp);
+
+
+/* Create a table used to indetify duplicated certificates. */
+static duptable_t *
+create_duptable (void)
+{
+ return xtrycalloc (DUPTABLE_SIZE, sizeof (duptable_t));
+}
+
+static void
+destroy_duptable (duptable_t *table)
+{
+ int idx;
+ duptable_t t, t2;
+
+ if (table)
+ {
+ for (idx=0; idx < DUPTABLE_SIZE; idx++)
+ for (t = table[idx]; t; t = t2)
+ {
+ t2 = t->next;
+ xfree (t);
+ }
+ xfree (table);
+ }
+}
+
+/* Insert the 20 byte fingerprint FPR into TABLE. Sets EXITS to true
+ if the fingerprint already exists in the table. */
+static gpg_error_t
+insert_duptable (duptable_t *table, unsigned char *fpr, int *exists)
+{
+ size_t idx;
+ duptable_t t;
+
+ *exists = 0;
+ idx = fpr[0];
+#if DUPTABLE_BITS > 16 || DUPTABLE_BITS < 8
+#error cannot handle a table larger than 16 bits or smaller than 8 bits
+#elif DUPTABLE_BITS > 8
+ idx <<= (DUPTABLE_BITS - 8);
+ idx |= (fpr[1] & ~(~0 << 4));
+#endif
+
+ for (t = table[idx]; t; t = t->next)
+ if (!memcmp (t->fpr, fpr+1, 19))
+ break;
+ if (t)
+ {
+ *exists = 1;
+ return 0;
+ }
+ /* Insert that fingerprint. */
+ t = xtrymalloc (sizeof *t);
+ if (!t)
+ return gpg_error_from_syserror ();
+ memcpy (t->fpr, fpr+1, 19);
+ t->next = table[idx];
+ table[idx] = t;
+ return 0;
+}
+
+
+
+
+/* Export all certificates or just those given in NAMES. If STREAM is
+ not NULL the output is send to this extended stream. */
+void
+gpgsm_export (ctrl_t ctrl, strlist_t names, FILE *fp, estream_t stream)
+{
+ KEYDB_HANDLE hd = NULL;
+ KEYDB_SEARCH_DESC *desc = NULL;
+ int ndesc;
+ Base64Context b64writer = NULL;
+ ksba_writer_t writer;
+ strlist_t sl;
+ ksba_cert_t cert = NULL;
+ int rc=0;
+ int count = 0;
+ int i;
+ duptable_t *dtable;
+
+
+ dtable = create_duptable ();
+ if (!dtable)
+ {
+ log_error ("creating duplicates table failed: %s\n", strerror (errno));
+ goto leave;
+ }
+
+ hd = keydb_new (0);
+ if (!hd)
+ {
+ log_error ("keydb_new failed\n");
+ goto leave;
+ }
+
+ if (!names)
+ ndesc = 1;
+ else
+ {
+ for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++)
+ ;
+ }
+
+ desc = xtrycalloc (ndesc, sizeof *desc);
+ if (!ndesc)
+ {
+ log_error ("allocating memory for export failed: %s\n",
+ gpg_strerror (out_of_core ()));
+ goto leave;
+ }
+
+ if (!names)
+ desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
+ else
+ {
+ for (ndesc=0, sl=names; sl; sl = sl->next)
+ {
+ rc = keydb_classify_name (sl->d, desc+ndesc);
+ if (rc)
+ {
+ log_error ("key `%s' not found: %s\n",
+ sl->d, gpg_strerror (rc));
+ rc = 0;
+ }
+ else
+ ndesc++;
+ }
+ }
+
+ /* If all specifications are done by fingerprint or keygrip, we
+ switch to ephemeral mode so that _all_ currently available and
+ matching certificates are exported. */
+ if (names && ndesc)
+ {
+ for (i=0; (i < ndesc
+ && (desc[i].mode == KEYDB_SEARCH_MODE_FPR
+ || desc[i].mode == KEYDB_SEARCH_MODE_FPR20
+ || desc[i].mode == KEYDB_SEARCH_MODE_FPR16
+ || desc[i].mode == KEYDB_SEARCH_MODE_KEYGRIP)); i++)
+ ;
+ if (i == ndesc)
+ keydb_set_ephemeral (hd, 1);
+ }
+
+ while (!(rc = keydb_search (hd, desc, ndesc)))
+ {
+ unsigned char fpr[20];
+ int exists;
+
+ if (!names)
+ desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
+
+ rc = keydb_get_cert (hd, &cert);
+ if (rc)
+ {
+ log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ gpgsm_get_fingerprint (cert, 0, fpr, NULL);
+ rc = insert_duptable (dtable, fpr, &exists);
+ if (rc)
+ {
+ log_error ("inserting into duplicates table failed: %s\n",
+ gpg_strerror (rc));
+ goto leave;
+ }
+
+ if (!exists && count && !ctrl->create_pem)
+ {
+ log_info ("exporting more than one certificate "
+ "is not possible in binary mode\n");
+ log_info ("ignoring other certificates\n");
+ break;
+ }
+
+ if (!exists)
+ {
+ const unsigned char *image;
+ size_t imagelen;
+
+ image = ksba_cert_get_image (cert, &imagelen);
+ if (!image)
+ {
+ log_error ("ksba_cert_get_image failed\n");
+ goto leave;
+ }
+
+
+ if (ctrl->create_pem)
+ {
+ if (count)
+ {
+ if (stream)
+ es_putc ('\n', stream);
+ else
+ putc ('\n', fp);
+ }
+ print_short_info (cert, fp, stream);
+ if (stream)
+ es_putc ('\n', stream);
+ else
+ putc ('\n', fp);
+ }
+ count++;
+
+ if (!b64writer)
+ {
+ ctrl->pem_name = "CERTIFICATE";
+ rc = gpgsm_create_writer (&b64writer, ctrl, fp, stream, &writer);
+ if (rc)
+ {
+ log_error ("can't create writer: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ }
+
+ rc = ksba_writer_write (writer, image, imagelen);
+ if (rc)
+ {
+ log_error ("write error: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ if (ctrl->create_pem)
+ {
+ /* We want one certificate per PEM block */
+ rc = gpgsm_finish_writer (b64writer);
+ if (rc)
+ {
+ log_error ("write failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ gpgsm_destroy_writer (b64writer);
+ b64writer = NULL;
+ }
+ }
+
+ ksba_cert_release (cert);
+ cert = NULL;
+ }
+ if (rc && rc != -1)
+ log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
+ else if (b64writer)
+ {
+ rc = gpgsm_finish_writer (b64writer);
+ if (rc)
+ {
+ log_error ("write failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ }
+
+ leave:
+ gpgsm_destroy_writer (b64writer);
+ ksba_cert_release (cert);
+ xfree (desc);
+ keydb_release (hd);
+ destroy_duptable (dtable);
+}
+
+
+/* Export a certificates and its private key. */
+void
+gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp)
+{
+ KEYDB_HANDLE hd;
+ KEYDB_SEARCH_DESC *desc = NULL;
+ Base64Context b64writer = NULL;
+ ksba_writer_t writer;
+ ksba_cert_t cert = NULL;
+ int rc=0;
+ const unsigned char *image;
+ size_t imagelen;
+ char *keygrip = NULL;
+ char *prompt;
+ char buffer[1024];
+ int nread;
+ FILE *datafp = NULL;
+
+
+ hd = keydb_new (0);
+ if (!hd)
+ {
+ log_error ("keydb_new failed\n");
+ goto leave;
+ }
+
+ desc = xtrycalloc (1, sizeof *desc);
+ if (!desc)
+ {
+ log_error ("allocating memory for export failed: %s\n",
+ gpg_strerror (out_of_core ()));
+ goto leave;
+ }
+
+ rc = keydb_classify_name (name, desc);
+ if (rc)
+ {
+ log_error ("key `%s' not found: %s\n",
+ name, gpg_strerror (rc));
+ goto leave;
+ }
+
+ /* Lookup the certificate and make sure that it is unique. */
+ rc = keydb_search (hd, desc, 1);
+ if (!rc)
+ {
+ rc = keydb_get_cert (hd, &cert);
+ if (rc)
+ {
+ log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ next_ambiguous:
+ rc = keydb_search (hd, desc, 1);
+ if (!rc)
+ {
+ ksba_cert_t cert2 = NULL;
+
+ if (!keydb_get_cert (hd, &cert2))
+ {
+ if (gpgsm_certs_identical_p (cert, cert2))
+ {
+ ksba_cert_release (cert2);
+ goto next_ambiguous;
+ }
+ ksba_cert_release (cert2);
+ }
+ rc = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
+ }
+ else if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
+ rc = 0;
+ if (rc)
+ {
+ log_error ("key `%s' not found: %s\n",
+ name, gpg_strerror (rc));
+ goto leave;
+ }
+ }
+
+ keygrip = gpgsm_get_keygrip_hexstring (cert);
+ if (!keygrip || gpgsm_agent_havekey (ctrl, keygrip))
+ {
+ /* Note, that the !keygrip case indicates a bad certificate. */
+ rc = gpg_error (GPG_ERR_NO_SECKEY);
+ log_error ("can't export key `%s': %s\n", name, gpg_strerror (rc));
+ goto leave;
+ }
+
+ image = ksba_cert_get_image (cert, &imagelen);
+ if (!image)
+ {
+ log_error ("ksba_cert_get_image failed\n");
+ goto leave;
+ }
+
+ if (ctrl->create_pem)
+ {
+ print_short_info (cert, fp, NULL);
+ putc ('\n', fp);
+ }
+
+ if (opt.p12_charset && ctrl->create_pem)
+ {
+ fprintf (fp, "The passphrase is %s encoded.\n\n",
+ opt.p12_charset);
+ }
+
+ ctrl->pem_name = "PKCS12";
+ rc = gpgsm_create_writer (&b64writer, ctrl, fp, NULL, &writer);
+ if (rc)
+ {
+ log_error ("can't create writer: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+
+ prompt = gpgsm_format_keydesc (cert);
+ rc = export_p12 (ctrl, image, imagelen, prompt, keygrip, &datafp);
+ xfree (prompt);
+ if (rc)
+ goto leave;
+ rewind (datafp);
+ while ( (nread = fread (buffer, 1, sizeof buffer, datafp)) > 0 )
+ if ((rc = ksba_writer_write (writer, buffer, nread)))
+ {
+ log_error ("write failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ if (ferror (datafp))
+ {
+ rc = gpg_error_from_errno (rc);
+ log_error ("error reading temporary file: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ if (ctrl->create_pem)
+ {
+ /* We want one certificate per PEM block */
+ rc = gpgsm_finish_writer (b64writer);
+ if (rc)
+ {
+ log_error ("write failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ gpgsm_destroy_writer (b64writer);
+ b64writer = NULL;
+ }
+
+ ksba_cert_release (cert);
+ cert = NULL;
+
+ leave:
+ if (datafp)
+ fclose (datafp);
+ gpgsm_destroy_writer (b64writer);
+ ksba_cert_release (cert);
+ xfree (desc);
+ keydb_release (hd);
+}
+
+
+/* Call either es_putc or the plain putc. */
+static void
+do_putc (int value, FILE *fp, estream_t stream)
+{
+ if (stream)
+ es_putc (value, stream);
+ else
+ putc (value, fp);
+}
+
+/* Call either es_fputs or the plain fputs. */
+static void
+do_fputs (const char *string, FILE *fp, estream_t stream)
+{
+ if (stream)
+ es_fputs (string, stream);
+ else
+ fputs (string, fp);
+}
+
+
+/* Print some info about the certifciate CERT to FP or STREAM */
+static void
+print_short_info (ksba_cert_t cert, FILE *fp, estream_t stream)
+{
+ char *p;
+ ksba_sexp_t sexp;
+ int idx;
+
+ for (idx=0; (p = ksba_cert_get_issuer (cert, idx)); idx++)
+ {
+ do_fputs ((!idx
+ ? "Issuer ...: "
+ : "\n aka ...: "), fp, stream);
+ if (stream)
+ gpgsm_es_print_name (stream, p);
+ else
+ gpgsm_print_name (fp, p);
+ xfree (p);
+ }
+ do_putc ('\n', fp, stream);
+
+ do_fputs ("Serial ...: ", fp, stream);
+ sexp = ksba_cert_get_serial (cert);
+ if (sexp)
+ {
+ int len;
+ const unsigned char *s = sexp;
+
+ if (*s == '(')
+ {
+ s++;
+ for (len=0; *s && *s != ':' && digitp (s); s++)
+ len = len*10 + atoi_1 (s);
+ if (*s == ':')
+ {
+ if (stream)
+ es_write_hexstring (stream, s+1, len, 0, NULL);
+ else
+ print_hexstring (fp, s+1, len, 0);
+ }
+ }
+ xfree (sexp);
+ }
+ do_putc ('\n', fp, stream);
+
+ for (idx=0; (p = ksba_cert_get_subject (cert, idx)); idx++)
+ {
+ do_fputs ((!idx
+ ? "Subject ..: "
+ : "\n aka ..: "), fp, stream);
+ if (stream)
+ gpgsm_es_print_name (stream, p);
+ else
+ gpgsm_print_name (fp, p);
+ xfree (p);
+ }
+ do_putc ('\n', fp, stream);
+}
+
+
+static gpg_error_t
+popen_protect_tool (ctrl_t ctrl, const char *pgmname,
+ FILE *infile, FILE *outfile, FILE **statusfile,
+ const char *prompt, const char *keygrip,
+ pid_t *pid)
+{
+ const char *argv[22];
+ int i=0;
+
+ /* Make sure that the agent is running so that the protect tool is
+ able to ask for a passphrase. This has only an effect under W32
+ where the agent is started on demand; sending a NOP does not harm
+ on other platforms. This is not really necessary anymore because
+ the protect tool does this now by itself; it does not harm either.*/
+ gpgsm_agent_send_nop (ctrl);
+
+ argv[i++] = "--homedir";
+ argv[i++] = opt.homedir;
+ argv[i++] = "--p12-export";
+ argv[i++] = "--have-cert";
+ argv[i++] = "--prompt";
+ argv[i++] = prompt?prompt:"";
+ argv[i++] = "--enable-status-msg";
+ if (opt.p12_charset)
+ {
+ argv[i++] = "--p12-charset";
+ argv[i++] = opt.p12_charset;
+ }
+ if (opt.agent_program)
+ {
+ argv[i++] = "--agent-program";
+ argv[i++] = opt.agent_program;
+ }
+ argv[i++] = "--",
+ argv[i++] = keygrip,
+ argv[i] = NULL;
+ assert (i < sizeof argv);
+
+ return gnupg_spawn_process (pgmname, argv, infile, outfile,
+ setup_pinentry_env, (128|64),
+ statusfile, pid);
+}
+
+
+static gpg_error_t
+export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
+ const char *prompt, const char *keygrip,
+ FILE **retfp)
+{
+ const char *pgmname;
+ gpg_error_t err = 0, child_err = 0;
+ int c, cont_line;
+ unsigned int pos;
+ FILE *infp = NULL, *outfp = NULL, *fp = NULL;
+ char buffer[1024];
+ pid_t pid = -1;
+ int bad_pass = 0;
+
+ if (!opt.protect_tool_program || !*opt.protect_tool_program)
+ pgmname = gnupg_module_name (GNUPG_MODULE_NAME_PROTECT_TOOL);
+ else
+ pgmname = opt.protect_tool_program;
+
+ infp = gnupg_tmpfile ();
+ if (!infp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error creating temporary file: %s\n"), strerror (errno));
+ goto cleanup;
+ }
+
+ if (fwrite (certimg, certimglen, 1, infp) != 1)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error writing to temporary file: %s\n"),
+ strerror (errno));
+ goto cleanup;
+ }
+
+ outfp = gnupg_tmpfile ();
+ if (!outfp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error creating temporary file: %s\n"), strerror (errno));
+ goto cleanup;
+ }
+
+ err = popen_protect_tool (ctrl,
+ pgmname, infp, outfp, &fp, prompt, keygrip, &pid);
+ if (err)
+ {
+ pid = -1;
+ goto cleanup;
+ }
+ fclose (infp);
+ infp = NULL;
+
+ /* Read stderr of the protect tool. */
+ pos = 0;
+ cont_line = 0;
+ while ((c=getc (fp)) != EOF)
+ {
+ /* fixme: We could here grep for status information of the
+ protect tool to figure out better error codes for
+ CHILD_ERR. */
+ buffer[pos++] = c;
+ if (pos >= sizeof buffer - 5 || c == '\n')
+ {
+ buffer[pos - (c == '\n')] = 0;
+ if (cont_line)
+ log_printf ("%s", buffer);
+ else
+ {
+ if (!strncmp (buffer, "gpg-protect-tool: [PROTECT-TOOL:] ",34))
+ {
+ char *p, *pend;
+
+ p = buffer + 34;
+ pend = strchr (p, ' ');
+ if (pend)
+ *pend = 0;
+ if ( !strcmp (p, "bad-passphrase"))
+ bad_pass++;
+ }
+ else
+ log_info ("%s", buffer);
+ }
+ pos = 0;
+ cont_line = (c != '\n');
+ }
+ }
+
+ if (pos)
+ {
+ buffer[pos] = 0;
+ if (cont_line)
+ log_printf ("%s\n", buffer);
+ else
+ log_info ("%s\n", buffer);
+ }
+ else if (cont_line)
+ log_printf ("\n");
+
+ /* If we found no error in the output of the child, setup a suitable
+ error code, which will later be reset if the exit status of the
+ child is 0. */
+ if (!child_err)
+ child_err = gpg_error (GPG_ERR_DECRYPT_FAILED);
+
+ cleanup:
+ if (infp)
+ fclose (infp);
+ if (fp)
+ fclose (fp);
+ if (pid != -1)
+ {
+ if (!gnupg_wait_process (pgmname, pid, NULL))
+ child_err = 0;
+ }
+ if (!err)
+ err = child_err;
+ if (err)
+ {
+ if (outfp)
+ fclose (outfp);
+ }
+ else
+ *retfp = outfp;
+ if (bad_pass)
+ {
+ /* During export this is the passphrase used to unprotect the
+ key and not the pkcs#12 thing as in export. Therefore we can
+ issue the regular passphrase status. FIXME: replace the all
+ zero keyid by a regular one. */
+ gpgsm_status (ctrl, STATUS_BAD_PASSPHRASE, "0000000000000000");
+ }
+ return err;
+}
+
diff --git a/sm/fingerprint.c b/sm/fingerprint.c
new file mode 100644
index 0000000..4704f59
--- /dev/null
+++ b/sm/fingerprint.c
@@ -0,0 +1,347 @@
+/* fingerprint.c - Get the fingerprint
+ * Copyright (C) 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <ksba.h>
+
+/* Return the fingerprint of the certificate (we can't put this into
+ libksba because we need libgcrypt support). The caller must
+ provide an array of sufficient length or NULL so that the function
+ allocates the array. If r_len is not NULL, the length of the
+ digest is returned; well, this can also be done by using
+ gcry_md_get_algo_dlen(). If algo is 0, a SHA-1 will be used.
+
+ If there is a problem , the function does never return NULL but a
+ digest of all 0xff.
+ */
+unsigned char *
+gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
+ unsigned char *array, int *r_len)
+{
+ gcry_md_hd_t md;
+ int rc, len;
+
+ if (!algo)
+ algo = GCRY_MD_SHA1;
+
+ len = gcry_md_get_algo_dlen (algo);
+ assert (len);
+ if (!array)
+ array = xmalloc (len);
+
+ if (r_len)
+ *r_len = len;
+
+ /* Fist check whether we have cached the fingerprint. */
+ if (algo == GCRY_MD_SHA1)
+ {
+ size_t buflen;
+
+ assert (len >= 20);
+ if (!ksba_cert_get_user_data (cert, "sha1-fingerprint",
+ array, len, &buflen)
+ && buflen == 20)
+ return array;
+ }
+
+ /* No, need to compute it. */
+ rc = gcry_md_open (&md, algo, 0);
+ if (rc)
+ {
+ log_error ("md_open failed: %s\n", gpg_strerror (rc));
+ memset (array, 0xff, len); /* better return an invalid fpr than NULL */
+ return array;
+ }
+
+ rc = ksba_cert_hash (cert, 0, HASH_FNC, md);
+ if (rc)
+ {
+ log_error ("ksba_cert_hash failed: %s\n", gpg_strerror (rc));
+ gcry_md_close (md);
+ memset (array, 0xff, len); /* better return an invalid fpr than NULL */
+ return array;
+ }
+ gcry_md_final (md);
+ memcpy (array, gcry_md_read(md, algo), len );
+ gcry_md_close (md);
+
+ /* Cache an SHA-1 fingerprint. */
+ if ( algo == GCRY_MD_SHA1 )
+ ksba_cert_set_user_data (cert, "sha1-fingerprint", array, 20);
+
+ return array;
+}
+
+
+/* Return an allocated buffer with the formatted fingerprint */
+char *
+gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo)
+{
+ unsigned char digest[MAX_DIGEST_LEN];
+ char *buf;
+ int len;
+
+ if (!algo)
+ algo = GCRY_MD_SHA1;
+
+ len = gcry_md_get_algo_dlen (algo);
+ assert (len <= MAX_DIGEST_LEN );
+ gpgsm_get_fingerprint (cert, algo, digest, NULL);
+ buf = xmalloc (len*3+1);
+ bin2hexcolon (digest, len, buf);
+ return buf;
+}
+
+/* Return an allocated buffer with the formatted fingerprint as one
+ large hexnumber */
+char *
+gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo)
+{
+ unsigned char digest[MAX_DIGEST_LEN];
+ char *buf;
+ int len;
+
+ if (!algo)
+ algo = GCRY_MD_SHA1;
+
+ len = gcry_md_get_algo_dlen (algo);
+ assert (len <= MAX_DIGEST_LEN );
+ gpgsm_get_fingerprint (cert, algo, digest, NULL);
+ buf = xmalloc (len*2+1);
+ bin2hex (digest, len, buf);
+ return buf;
+}
+
+/* Return a certificate ID. These are the last 4 bytes of the SHA-1
+ fingerprint. If R_HIGH is not NULL the next 4 bytes are stored
+ there. */
+unsigned long
+gpgsm_get_short_fingerprint (ksba_cert_t cert, unsigned long *r_high)
+{
+ unsigned char digest[20];
+
+ gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL);
+ if (r_high)
+ *r_high = ((digest[12]<<24)|(digest[13]<<16)|(digest[14]<< 8)|digest[15]);
+ return ((digest[16]<<24)|(digest[17]<<16)|(digest[18]<< 8)|digest[19]);
+}
+
+
+/* Return the so called KEYGRIP which is the SHA-1 hash of the public
+ key parameters expressed as an canoncial encoded S-Exp. ARRAY must
+ be 20 bytes long. Returns ARRAY or a newly allocated buffer if ARRAY was
+ given as NULL. May return NULL on error. */
+unsigned char *
+gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array)
+{
+ gcry_sexp_t s_pkey;
+ int rc;
+ ksba_sexp_t p;
+ size_t n;
+
+ p = ksba_cert_get_public_key (cert);
+ if (!p)
+ return NULL; /* oops */
+
+ if (DBG_X509)
+ log_debug ("get_keygrip for public key\n");
+ n = gcry_sexp_canon_len (p, 0, NULL, NULL);
+ if (!n)
+ {
+ log_error ("libksba did not return a proper S-Exp\n");
+ return NULL;
+ }
+ rc = gcry_sexp_sscan ( &s_pkey, NULL, (char*)p, n);
+ xfree (p);
+ if (rc)
+ {
+ log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
+ return NULL;
+ }
+ array = gcry_pk_get_keygrip (s_pkey, array);
+ gcry_sexp_release (s_pkey);
+ if (!array)
+ {
+ rc = gpg_error (GPG_ERR_GENERAL);
+ log_error ("can't calculate keygrip\n");
+ return NULL;
+ }
+ if (DBG_X509)
+ log_printhex ("keygrip=", array, 20);
+
+ return array;
+}
+
+/* Return an allocated buffer with the keygrip of CERT encoded as a
+ hexstring. NULL is returned in case of error. */
+char *
+gpgsm_get_keygrip_hexstring (ksba_cert_t cert)
+{
+ unsigned char grip[20];
+ char *buf;
+
+ if (!gpgsm_get_keygrip (cert, grip))
+ return NULL;
+ buf = xtrymalloc (20*2+1);
+ if (buf)
+ bin2hex (grip, 20, buf);
+ return buf;
+}
+
+
+/* Return the PK algorithm used by CERT as well as the length in bits
+ of the public key at NBITS. */
+int
+gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
+{
+ gcry_sexp_t s_pkey;
+ int rc;
+ ksba_sexp_t p;
+ size_t n;
+ gcry_sexp_t l1, l2;
+ const char *name;
+ char namebuf[128];
+
+ if (nbits)
+ *nbits = 0;
+
+ p = ksba_cert_get_public_key (cert);
+ if (!p)
+ return 0;
+ n = gcry_sexp_canon_len (p, 0, NULL, NULL);
+ if (!n)
+ {
+ xfree (p);
+ return 0;
+ }
+ rc = gcry_sexp_sscan (&s_pkey, NULL, (char *)p, n);
+ xfree (p);
+ if (rc)
+ return 0;
+
+ if (nbits)
+ *nbits = gcry_pk_get_nbits (s_pkey);
+
+ /* Breaking the algorithm out of the S-exp is a bit of a challenge ... */
+ l1 = gcry_sexp_find_token (s_pkey, "public-key", 0);
+ if (!l1)
+ {
+ gcry_sexp_release (s_pkey);
+ return 0;
+ }
+ l2 = gcry_sexp_cadr (l1);
+ gcry_sexp_release (l1);
+ l1 = l2;
+ name = gcry_sexp_nth_data (l1, 0, &n);
+ if (name)
+ {
+ if (n > sizeof namebuf -1)
+ n = sizeof namebuf -1;
+ memcpy (namebuf, name, n);
+ namebuf[n] = 0;
+ }
+ else
+ *namebuf = 0;
+ gcry_sexp_release (l1);
+ gcry_sexp_release (s_pkey);
+ return gcry_pk_map_name (namebuf);
+}
+
+
+
+
+/* For certain purposes we need a certificate id which has an upper
+ limit of the size. We use the hash of the issuer name and the
+ serial number for this. In most cases the serial number is not
+ that large and the resulting string can be passed on an assuan
+ command line. Everything is hexencoded with the serialnumber
+ delimited from the hash by a dot.
+
+ The caller must free the string.
+*/
+char *
+gpgsm_get_certid (ksba_cert_t cert)
+{
+ ksba_sexp_t serial;
+ char *p;
+ char *endp;
+ unsigned char hash[20];
+ unsigned long n;
+ char *certid;
+ int i;
+
+ p = ksba_cert_get_issuer (cert, 0);
+ if (!p)
+ return NULL; /* Ooops: No issuer */
+ gcry_md_hash_buffer (GCRY_MD_SHA1, hash, p, strlen (p));
+ xfree (p);
+
+ serial = ksba_cert_get_serial (cert);
+ if (!serial)
+ return NULL; /* oops: no serial number */
+ p = (char *)serial;
+ if (*p != '(')
+ {
+ log_error ("Ooops: invalid serial number\n");
+ xfree (serial);
+ return NULL;
+ }
+ p++;
+ n = strtoul (p, &endp, 10);
+ p = endp;
+ if (*p != ':')
+ {
+ log_error ("Ooops: invalid serial number (no colon)\n");
+ xfree (serial);
+ return NULL;
+ }
+ p++;
+
+ certid = xtrymalloc ( 40 + 1 + n*2 + 1);
+ if (!certid)
+ {
+ xfree (serial);
+ return NULL; /* out of core */
+ }
+
+ for (i=0, endp = certid; i < 20; i++, endp += 2 )
+ sprintf (endp, "%02X", hash[i]);
+ *endp++ = '.';
+ for (i=0; i < n; i++, endp += 2)
+ sprintf (endp, "%02X", ((unsigned char*)p)[i]);
+ *endp = 0;
+
+ xfree (serial);
+ return certid;
+}
+
+
+
+
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
new file mode 100644
index 0000000..484ce9d
--- /dev/null
+++ b/sm/gpgsm.c
@@ -0,0 +1,2181 @@
+/* gpgsm.c - GnuPG for S/MIME
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005,
+ * 2006, 2007, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#include <fcntl.h>
+/*#include <mcheck.h>*/
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <assuan.h> /* malloc hooks */
+
+#include "../kbx/keybox.h" /* malloc hooks */
+#include "i18n.h"
+#include "keydb.h"
+#include "sysutils.h"
+#include "gc-opt-flags.h"
+
+
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
+enum cmd_and_opt_values {
+ aNull = 0,
+ oArmor = 'a',
+ aDetachedSign = 'b',
+ aSym = 'c',
+ aDecrypt = 'd',
+ aEncr = 'e',
+ aListKeys = 'k',
+ aListSecretKeys = 'K',
+ oDryRun = 'n',
+ oOutput = 'o',
+ oQuiet = 'q',
+ oRecipient = 'r',
+ aSign = 's',
+ oUser = 'u',
+ oVerbose = 'v',
+ oBatch = 500,
+ aClearsign,
+ aKeygen,
+ aSignEncr,
+ aDeleteKey,
+ aImport,
+ aVerify,
+ aListExternalKeys,
+ aListChain,
+ aSendKeys,
+ aRecvKeys,
+ aExport,
+ aExportSecretKeyP12,
+ aServer,
+ aLearnCard,
+ aCallDirmngr,
+ aCallProtectTool,
+ aPasswd,
+ aGPGConfList,
+ aGPGConfTest,
+ aDumpKeys,
+ aDumpChain,
+ aDumpSecretKeys,
+ aDumpExternalKeys,
+ aKeydbClearSomeCertFlags,
+ aFingerprint,
+
+ oOptions,
+ oDebug,
+ oDebugLevel,
+ oDebugAll,
+ oDebugNone,
+ oDebugWait,
+ oDebugAllowCoreDump,
+ oDebugNoChainValidation,
+ oDebugIgnoreExpiration,
+ oFixedPassphrase,
+ oLogFile,
+ oNoLogFile,
+ oAuditLog,
+ oHtmlAuditLog,
+
+ oEnableSpecialFilenames,
+
+ oAgentProgram,
+ oDisplay,
+ oTTYname,
+ oTTYtype,
+ oLCctype,
+ oLCmessages,
+ oXauthority,
+
+ oPreferSystemDirmngr,
+ oDirmngrProgram,
+ oDisableDirmngr,
+ oProtectToolProgram,
+ oFakedSystemTime,
+
+
+ oAssumeArmor,
+ oAssumeBase64,
+ oAssumeBinary,
+
+ oBase64,
+ oNoArmor,
+ oP12Charset,
+
+ oDisableCRLChecks,
+ oEnableCRLChecks,
+ oDisableTrustedCertCRLCheck,
+ oEnableTrustedCertCRLCheck,
+ oForceCRLRefresh,
+
+ oDisableOCSP,
+ oEnableOCSP,
+
+ oIncludeCerts,
+ oPolicyFile,
+ oDisablePolicyChecks,
+ oEnablePolicyChecks,
+ oAutoIssuerKeyRetrieve,
+
+ oWithFingerprint,
+ oWithMD5Fingerprint,
+ oAnswerYes,
+ oAnswerNo,
+ oKeyring,
+ oDefaultKey,
+ oDefRecipient,
+ oDefRecipientSelf,
+ oNoDefRecipient,
+ oStatusFD,
+ oCipherAlgo,
+ oDigestAlgo,
+ oExtraDigestAlgo,
+ oNoVerbose,
+ oNoSecmemWarn,
+ oNoDefKeyring,
+ oNoGreeting,
+ oNoTTY,
+ oNoOptions,
+ oNoBatch,
+ oHomedir,
+ oWithColons,
+ oWithKeyData,
+ oWithValidation,
+ oWithEphemeralKeys,
+ oSkipVerify,
+ oValidationModel,
+ oKeyServer,
+ oEncryptTo,
+ oNoEncryptTo,
+ oLoggerFD,
+ oDisableCipherAlgo,
+ oDisablePubkeyAlgo,
+ oIgnoreTimeConflict,
+ oNoRandomSeedFile,
+ oNoCommonCertsImport,
+ oIgnoreCertExtension
+ };
+
+
+static ARGPARSE_OPTS opts[] = {
+
+ ARGPARSE_group (300, N_("@Commands:\n ")),
+
+ ARGPARSE_c (aSign, "sign", N_("make a signature")),
+ ARGPARSE_c (aClearsign, "clearsign", N_("make a clear text signature") ),
+ ARGPARSE_c (aDetachedSign, "detach-sign", N_("make a detached signature")),
+ ARGPARSE_c (aEncr, "encrypt", N_("encrypt data")),
+ ARGPARSE_c (aSym, "symmetric", N_("encryption only with symmetric cipher")),
+ ARGPARSE_c (aDecrypt, "decrypt", N_("decrypt data (default)")),
+ ARGPARSE_c (aVerify, "verify", N_("verify a signature")),
+ ARGPARSE_c (aListKeys, "list-keys", N_("list keys")),
+ ARGPARSE_c (aListExternalKeys, "list-external-keys",
+ N_("list external keys")),
+ ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")),
+ ARGPARSE_c (aListChain, "list-chain", N_("list certificate chain")),
+ ARGPARSE_c (aFingerprint, "fingerprint", N_("list keys and fingerprints")),
+ ARGPARSE_c (aKeygen, "gen-key", N_("generate a new key pair")),
+ ARGPARSE_c (aDeleteKey, "delete-keys",
+ N_("remove keys from the public keyring")),
+ ARGPARSE_c (aSendKeys, "send-keys", N_("export keys to a key server")),
+ ARGPARSE_c (aRecvKeys, "recv-keys", N_("import keys from a key server")),
+ ARGPARSE_c (aImport, "import", N_("import certificates")),
+ ARGPARSE_c (aExport, "export", N_("export certificates")),
+ ARGPARSE_c (aExportSecretKeyP12, "export-secret-key-p12", "@"),
+ ARGPARSE_c (aLearnCard, "learn-card", N_("register a smartcard")),
+ ARGPARSE_c (aServer, "server", N_("run in server mode")),
+ ARGPARSE_c (aCallDirmngr, "call-dirmngr",
+ N_("pass a command to the dirmngr")),
+ ARGPARSE_c (aCallProtectTool, "call-protect-tool",
+ N_("invoke gpg-protect-tool")),
+ ARGPARSE_c (aPasswd, "passwd", N_("change a passphrase")),
+ ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
+ ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
+
+ ARGPARSE_c (aDumpKeys, "dump-cert", "@"),
+ ARGPARSE_c (aDumpKeys, "dump-keys", "@"),
+ ARGPARSE_c (aDumpChain, "dump-chain", "@"),
+ ARGPARSE_c (aDumpExternalKeys, "dump-external-keys", "@"),
+ ARGPARSE_c (aDumpSecretKeys, "dump-secret-keys", "@"),
+ ARGPARSE_c (aKeydbClearSomeCertFlags, "keydb-clear-some-cert-flags", "@"),
+
+ ARGPARSE_group (301, N_("@\nOptions:\n ")),
+
+ ARGPARSE_s_n (oArmor, "armor", N_("create ascii armored output")),
+ ARGPARSE_s_n (oArmor, "armour", "@"),
+ ARGPARSE_s_n (oBase64, "base64", N_("create base-64 encoded output")),
+
+ ARGPARSE_s_s (oP12Charset, "p12-charset", "@"),
+
+ ARGPARSE_s_n (oAssumeArmor, "assume-armor",
+ N_("assume input is in PEM format")),
+ ARGPARSE_s_n (oAssumeBase64, "assume-base64",
+ N_("assume input is in base-64 format")),
+ ARGPARSE_s_n (oAssumeBinary, "assume-binary",
+ N_("assume input is in binary format")),
+
+ ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")),
+
+ ARGPARSE_s_n (oPreferSystemDirmngr,"prefer-system-dirmngr",
+ N_("use system's dirmngr if available")),
+
+ ARGPARSE_s_n (oDisableCRLChecks, "disable-crl-checks",
+ N_("never consult a CRL")),
+ ARGPARSE_s_n (oEnableCRLChecks, "enable-crl-checks", "@"),
+ ARGPARSE_s_n (oDisableTrustedCertCRLCheck,
+ "disable-trusted-cert-crl-check", "@"),
+ ARGPARSE_s_n (oEnableTrustedCertCRLCheck,
+ "enable-trusted-cert-crl-check", "@"),
+
+ ARGPARSE_s_n (oForceCRLRefresh, "force-crl-refresh", "@"),
+
+ ARGPARSE_s_n (oDisableOCSP, "disable-ocsp", "@"),
+ ARGPARSE_s_n (oEnableOCSP, "enable-ocsp", N_("check validity using OCSP")),
+
+ ARGPARSE_s_s (oValidationModel, "validation-model", "@"),
+
+ ARGPARSE_s_i (oIncludeCerts, "include-certs",
+ N_("|N|number of certificates to include") ),
+
+ ARGPARSE_s_s (oPolicyFile, "policy-file",
+ N_("|FILE|take policy information from FILE")),
+
+ ARGPARSE_s_n (oDisablePolicyChecks, "disable-policy-checks",
+ N_("do not check certificate policies")),
+ ARGPARSE_s_n (oEnablePolicyChecks, "enable-policy-checks", "@"),
+
+ ARGPARSE_s_n (oAutoIssuerKeyRetrieve, "auto-issuer-key-retrieve",
+ N_("fetch missing issuer certificates")),
+
+ ARGPARSE_s_s (oEncryptTo, "encrypt-to", "@"),
+ ARGPARSE_s_n (oNoEncryptTo, "no-encrypt-to", "@"),
+
+ ARGPARSE_s_s (oUser, "local-user",
+ N_("|USER-ID|use USER-ID to sign or decrypt")),
+
+ ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")),
+ ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
+ ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
+ ARGPARSE_s_n (oNoTTY, "no-tty", N_("don't use the terminal at all")),
+ ARGPARSE_s_s (oLogFile, "log-file",
+ N_("|FILE|write a server mode log to FILE")),
+ ARGPARSE_s_n (oNoLogFile, "no-log-file", "@"),
+ ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
+
+ ARGPARSE_s_s (oAuditLog, "audit-log",
+ N_("|FILE|write an audit log to FILE")),
+ ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", "@"),
+ ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
+ ARGPARSE_s_n (oBatch, "batch", N_("batch mode: never ask")),
+ ARGPARSE_s_n (oAnswerYes, "yes", N_("assume yes on most questions")),
+ ARGPARSE_s_n (oAnswerNo, "no", N_("assume no on most questions")),
+
+ ARGPARSE_s_s (oKeyring, "keyring",
+ N_("|FILE|add keyring to the list of keyrings")),
+
+ ARGPARSE_s_s (oDefaultKey, "default-key",
+ N_("|USER-ID|use USER-ID as default secret key")),
+
+ /* Not yet used: */
+ /* ARGPARSE_s_s (oDefRecipient, "default-recipient", */
+ /* N_("|NAME|use NAME as default recipient")), */
+ /* ARGPARSE_s_n (oDefRecipientSelf, "default-recipient-self", */
+ /* N_("use the default key as default recipient")), */
+ /* ARGPARSE_s_n (oNoDefRecipient, "no-default-recipient", "@"), */
+
+ ARGPARSE_s_s (oKeyServer, "keyserver",
+ N_("|SPEC|use this keyserver to lookup keys")),
+ ARGPARSE_s_s (oOptions, "options", N_("|FILE|read options from FILE")),
+
+ ARGPARSE_p_u (oDebug, "debug", "@"),
+ ARGPARSE_s_s (oDebugLevel, "debug-level",
+ N_("|LEVEL|set the debugging level to LEVEL")),
+ ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
+ ARGPARSE_s_n (oDebugNone, "debug-none", "@"),
+ ARGPARSE_s_i (oDebugWait, "debug-wait", "@"),
+ ARGPARSE_s_n (oDebugAllowCoreDump, "debug-allow-core-dump", "@"),
+ ARGPARSE_s_n (oDebugNoChainValidation, "debug-no-chain-validation", "@"),
+ ARGPARSE_s_n (oDebugIgnoreExpiration, "debug-ignore-expiration", "@"),
+ ARGPARSE_s_s (oFixedPassphrase, "fixed-passphrase", "@"),
+
+ ARGPARSE_s_i (oStatusFD, "status-fd",
+ N_("|FD|write status info to this FD")),
+
+ ARGPARSE_s_s (oCipherAlgo, "cipher-algo",
+ N_("|NAME|use cipher algorithm NAME")),
+ ARGPARSE_s_s (oDigestAlgo, "digest-algo",
+ N_("|NAME|use message digest algorithm NAME")),
+ ARGPARSE_s_s (oExtraDigestAlgo, "extra-digest-algo", "@"),
+
+
+ ARGPARSE_group (302, N_(
+ "@\n(See the man page for a complete listing of all commands and options)\n"
+ )),
+
+ ARGPARSE_group (303, N_("@\nExamples:\n\n"
+ " -se -r Bob [file] sign and encrypt for user Bob\n"
+ " --clearsign [file] make a clear text signature\n"
+ " --detach-sign [file] make a detached signature\n"
+ " --list-keys [names] show keys\n"
+ " --fingerprint [names] show fingerprints\n" )),
+
+ /* Hidden options. */
+ ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
+ ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
+ ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
+ ARGPARSE_s_n (oNoArmor, "no-armor", "@"),
+ ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
+ ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
+ ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
+ ARGPARSE_s_n (oNoOptions, "no-options", "@"),
+ ARGPARSE_s_s (oHomedir, "homedir", "@"),
+ ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
+ ARGPARSE_s_s (oDisplay, "display", "@"),
+ ARGPARSE_s_s (oTTYname, "ttyname", "@"),
+ ARGPARSE_s_s (oTTYtype, "ttytype", "@"),
+ ARGPARSE_s_s (oLCctype, "lc-ctype", "@"),
+ ARGPARSE_s_s (oLCmessages, "lc-messages", "@"),
+ ARGPARSE_s_s (oXauthority, "xauthority", "@"),
+ ARGPARSE_s_s (oDirmngrProgram, "dirmngr-program", "@"),
+ ARGPARSE_s_n (oDisableDirmngr, "disable-dirmngr", "@"),
+ ARGPARSE_s_s (oProtectToolProgram, "protect-tool-program", "@"),
+ ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
+ ARGPARSE_s_n (oNoBatch, "no-batch", "@"),
+ ARGPARSE_s_n (oWithColons, "with-colons", "@"),
+ ARGPARSE_s_n (oWithKeyData,"with-key-data", "@"),
+ ARGPARSE_s_n (oWithValidation, "with-validation", "@"),
+ ARGPARSE_s_n (oWithMD5Fingerprint, "with-md5-fingerprint", "@"),
+ ARGPARSE_s_n (oWithEphemeralKeys, "with-ephemeral-keys", "@"),
+ ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
+ ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"),
+ ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"),
+ ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"),
+ ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
+ ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"),
+ ARGPARSE_s_n (oNoCommonCertsImport, "no-common-certs-import", "@"),
+ ARGPARSE_s_s (oIgnoreCertExtension, "ignore-cert-extension", "@"),
+
+ /* Command aliases. */
+ ARGPARSE_c (aListKeys, "list-key", "@"),
+ ARGPARSE_c (aListChain, "list-sig", "@"),
+ ARGPARSE_c (aListChain, "list-sigs", "@"),
+ ARGPARSE_c (aListChain, "check-sig", "@"),
+ ARGPARSE_c (aListChain, "check-sigs", "@"),
+ ARGPARSE_c (aDeleteKey, "delete-key", "@"),
+
+ ARGPARSE_end ()
+};
+
+
+
+
+/* Global variable to keep an error count. */
+int gpgsm_errors_seen = 0;
+
+/* It is possible that we are currentlu running under setuid permissions */
+static int maybe_setuid = 1;
+
+/* Helper to implement --debug-level and --debug*/
+static const char *debug_level;
+static unsigned int debug_value;
+
+/* Option --enable-special-filenames */
+static int allow_special_filenames;
+
+/* Default value for include-certs. We need an extra macro for
+ gpgconf-list because the variable will be changed by the command
+ line option. */
+#define DEFAULT_INCLUDE_CERTS -2 /* Include all certs but root. */
+static int default_include_certs = DEFAULT_INCLUDE_CERTS;
+
+/* Whether the chain mode shall be used for validation. */
+static int default_validation_model;
+
+
+static char *build_list (const char *text,
+ const char *(*mapf)(int), int (*chkf)(int));
+static void set_cmd (enum cmd_and_opt_values *ret_cmd,
+ enum cmd_and_opt_values new_cmd );
+
+static void emergency_cleanup (void);
+static int check_special_filename (const char *fname, int for_write);
+static int open_read (const char *filename);
+static estream_t open_es_fread (const char *filename);
+static FILE *open_fwrite (const char *filename);
+static estream_t open_es_fwrite (const char *filename);
+static void run_protect_tool (int argc, char **argv);
+
+static int
+our_pk_test_algo (int algo)
+{
+ switch (algo)
+ {
+ case GCRY_PK_RSA:
+ case GCRY_PK_ECDSA:
+ return gcry_pk_test_algo (algo);
+ default:
+ return 1;
+ }
+}
+
+static int
+our_cipher_test_algo (int algo)
+{
+ switch (algo)
+ {
+ case GCRY_CIPHER_3DES:
+ case GCRY_CIPHER_AES128:
+ case GCRY_CIPHER_AES192:
+ case GCRY_CIPHER_AES256:
+ case GCRY_CIPHER_SERPENT128:
+ case GCRY_CIPHER_SERPENT192:
+ case GCRY_CIPHER_SERPENT256:
+ case GCRY_CIPHER_SEED:
+ case GCRY_CIPHER_CAMELLIA128:
+ case GCRY_CIPHER_CAMELLIA192:
+ case GCRY_CIPHER_CAMELLIA256:
+ return gcry_cipher_test_algo (algo);
+ default:
+ return 1;
+ }
+}
+
+
+static int
+our_md_test_algo (int algo)
+{
+ switch (algo)
+ {
+ case GCRY_MD_MD5:
+ case GCRY_MD_SHA1:
+ case GCRY_MD_RMD160:
+ case GCRY_MD_SHA224:
+ case GCRY_MD_SHA256:
+ case GCRY_MD_SHA384:
+ case GCRY_MD_SHA512:
+ case GCRY_MD_WHIRLPOOL:
+ return gcry_md_test_algo (algo);
+ default:
+ return 1;
+ }
+}
+
+
+static char *
+make_libversion (const char *libname, const char *(*getfnc)(const char*))
+{
+ const char *s;
+ char *result;
+
+ if (maybe_setuid)
+ {
+ gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ maybe_setuid = 0;
+ }
+ s = getfnc (NULL);
+ result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
+ strcpy (stpcpy (stpcpy (result, libname), " "), s);
+ return result;
+}
+
+
+static const char *
+my_strusage( int level )
+{
+ static char *digests, *pubkeys, *ciphers;
+ static char *ver_gcry, *ver_ksba;
+ const char *p;
+
+ switch (level)
+ {
+ case 11: p = "gpgsm (GnuPG)";
+ break;
+ case 13: p = VERSION; break;
+ case 17: p = PRINTABLE_OS_NAME; break;
+ case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+ case 1:
+ case 40: p = _("Usage: gpgsm [options] [files] (-h for help)");
+ break;
+ case 41:
+ p = _("Syntax: gpgsm [options] [files]\n"
+ "sign, check, encrypt or decrypt using the S/MIME protocol\n"
+ "default operation depends on the input data\n");
+ break;
+
+ case 20:
+ if (!ver_gcry)
+ ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
+ p = ver_gcry;
+ break;
+ case 21:
+ if (!ver_ksba)
+ ver_ksba = make_libversion ("libksba", ksba_check_version);
+ p = ver_ksba;
+ break;
+
+ case 31: p = "\nHome: "; break;
+ case 32: p = opt.homedir; break;
+ case 33: p = _("\nSupported algorithms:\n"); break;
+ case 34:
+ if (!ciphers)
+ ciphers = build_list ("Cipher: ", gcry_cipher_algo_name,
+ our_cipher_test_algo );
+ p = ciphers;
+ break;
+ case 35:
+ if (!pubkeys)
+ pubkeys = build_list ("Pubkey: ", gcry_pk_algo_name,
+ our_pk_test_algo );
+ p = pubkeys;
+ break;
+ case 36:
+ if (!digests)
+ digests = build_list("Hash: ", gcry_md_algo_name, our_md_test_algo );
+ p = digests;
+ break;
+
+ default: p = NULL; break;
+ }
+ return p;
+}
+
+
+static char *
+build_list (const char *text, const char * (*mapf)(int), int (*chkf)(int))
+{
+ int i;
+ size_t n=strlen(text)+2;
+ char *list, *p;
+
+ if (maybe_setuid) {
+ gcry_control (GCRYCTL_DROP_PRIVS); /* drop setuid */
+ }
+
+ for (i=1; i < 400; i++ )
+ if (!chkf(i))
+ n += strlen(mapf(i)) + 2;
+ list = xmalloc (21 + n);
+ *list = 0;
+ for (p=NULL, i=1; i < 400; i++)
+ {
+ if (!chkf(i))
+ {
+ if( !p )
+ p = stpcpy (list, text );
+ else
+ p = stpcpy (p, ", ");
+ p = stpcpy (p, mapf(i) );
+ }
+ }
+ if (p)
+ p = stpcpy(p, "\n" );
+ return list;
+}
+
+
+/* Set the file pointer into binary mode if required. */
+static void
+set_binary (FILE *fp)
+{
+#ifdef HAVE_DOSISH_SYSTEM
+ setmode (fileno (fp), O_BINARY);
+#else
+ (void)fp;
+#endif
+}
+
+
+
+static void
+wrong_args (const char *text)
+{
+ fputs (_("usage: gpgsm [options] "), stderr);
+ fputs (text, stderr);
+ putc ('\n', stderr);
+ gpgsm_exit (2);
+}
+
+
+static void
+set_opt_session_env (const char *name, const char *value)
+{
+ gpg_error_t err;
+
+ err = session_env_setenv (opt.session_env, name, value);
+ if (err)
+ log_fatal ("error setting session environment: %s\n",
+ gpg_strerror (err));
+}
+
+
+/* Setup the debugging. With a DEBUG_LEVEL of NULL only the active
+ debug flags are propagated to the subsystems. With DEBUG_LEVEL
+ set, a specific set of debug flags is set; and individual debugging
+ flags will be added on top. */
+static void
+set_debug (void)
+{
+ int numok = (debug_level && digitp (debug_level));
+ int numlvl = numok? atoi (debug_level) : 0;
+
+ if (!debug_level)
+ ;
+ else if (!strcmp (debug_level, "none") || (numok && numlvl < 1))
+ opt.debug = 0;
+ else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2))
+ opt.debug = DBG_ASSUAN_VALUE;
+ else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5))
+ opt.debug = DBG_ASSUAN_VALUE|DBG_X509_VALUE;
+ else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8))
+ opt.debug = (DBG_ASSUAN_VALUE|DBG_X509_VALUE
+ |DBG_CACHE_VALUE|DBG_CRYPTO_VALUE);
+ else if (!strcmp (debug_level, "guru") || numok)
+ {
+ opt.debug = ~0;
+ /* Unless the "guru" string has been used we don't want to allow
+ hashing debugging. The rationale is that people tend to
+ select the highest debug value and would then clutter their
+ disk with debug files which may reveal confidential data. */
+ if (numok)
+ opt.debug &= ~(DBG_HASHING_VALUE);
+ }
+ else
+ {
+ log_error (_("invalid debug-level `%s' given\n"), debug_level);
+ gpgsm_exit (2);
+ }
+
+ opt.debug |= debug_value;
+
+ if (opt.debug && !opt.verbose)
+ opt.verbose = 1;
+ if (opt.debug)
+ opt.quiet = 0;
+
+ if (opt.debug & DBG_MPI_VALUE)
+ gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
+ if (opt.debug & DBG_CRYPTO_VALUE )
+ gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
+ gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
+
+ if (opt.debug)
+ log_info ("enabled debug flags:%s%s%s%s%s%s%s%s\n",
+ (opt.debug & DBG_X509_VALUE )? " x509":"",
+ (opt.debug & DBG_MPI_VALUE )? " mpi":"",
+ (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",
+ (opt.debug & DBG_MEMORY_VALUE )? " memory":"",
+ (opt.debug & DBG_CACHE_VALUE )? " cache":"",
+ (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
+ (opt.debug & DBG_HASHING_VALUE)? " hashing":"",
+ (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"" );
+}
+
+
+
+static void
+set_cmd (enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd)
+{
+ enum cmd_and_opt_values cmd = *ret_cmd;
+
+ if (!cmd || cmd == new_cmd)
+ cmd = new_cmd;
+ else if ( cmd == aSign && new_cmd == aEncr )
+ cmd = aSignEncr;
+ else if ( cmd == aEncr && new_cmd == aSign )
+ cmd = aSignEncr;
+ else if ( (cmd == aSign && new_cmd == aClearsign)
+ || (cmd == aClearsign && new_cmd == aSign) )
+ cmd = aClearsign;
+ else
+ {
+ log_error(_("conflicting commands\n"));
+ gpgsm_exit(2);
+ }
+
+ *ret_cmd = cmd;
+}
+
+
+/* Helper to add recipients to a list. */
+static void
+do_add_recipient (ctrl_t ctrl, const char *name,
+ certlist_t *recplist, int is_encrypt_to, int recp_required)
+{
+ int rc = gpgsm_add_to_certlist (ctrl, name, 0, recplist, is_encrypt_to);
+ if (rc)
+ {
+ if (recp_required)
+ {
+ log_error ("can't encrypt to `%s': %s\n", name, gpg_strerror (rc));
+ gpgsm_status2 (ctrl, STATUS_INV_RECP,
+ get_inv_recpsgnr_code (rc), name, NULL);
+ }
+ else
+ log_info (_("NOTE: won't be able to encrypt to `%s': %s\n"),
+ name, gpg_strerror (rc));
+ }
+}
+
+
+static void
+parse_validation_model (const char *model)
+{
+ int i = gpgsm_parse_validation_model (model);
+ if (i == -1)
+ log_error (_("unknown validation model `%s'\n"), model);
+ else
+ default_validation_model = i;
+}
+
+
+/* Release the list of SERVERS. As usual it is okay to call this
+ function with SERVERS passed as NULL. */
+void
+keyserver_list_free (struct keyserver_spec *servers)
+{
+ while (servers)
+ {
+ struct keyserver_spec *tmp = servers->next;
+ xfree (servers->host);
+ xfree (servers->user);
+ if (servers->pass)
+ memset (servers->pass, 0, strlen (servers->pass));
+ xfree (servers->pass);
+ xfree (servers->base);
+ xfree (servers);
+ servers = tmp;
+ }
+}
+
+/* See also dirmngr ldapserver_parse_one(). */
+struct keyserver_spec *
+parse_keyserver_line (char *line,
+ const char *filename, unsigned int lineno)
+{
+ char *p;
+ char *endp;
+ struct keyserver_spec *server;
+ int fieldno;
+ int fail = 0;
+
+ /* Parse the colon separated fields. */
+ server = xcalloc (1, sizeof *server);
+ for (fieldno = 1, p = line; p; p = endp, fieldno++ )
+ {
+ endp = strchr (p, ':');
+ if (endp)
+ *endp++ = '\0';
+ trim_spaces (p);
+ switch (fieldno)
+ {
+ case 1:
+ if (*p)
+ server->host = xstrdup (p);
+ else
+ {
+ log_error (_("%s:%u: no hostname given\n"),
+ filename, lineno);
+ fail = 1;
+ }
+ break;
+
+ case 2:
+ if (*p)
+ server->port = atoi (p);
+ break;
+
+ case 3:
+ if (*p)
+ server->user = xstrdup (p);
+ break;
+
+ case 4:
+ if (*p && !server->user)
+ {
+ log_error (_("%s:%u: password given without user\n"),
+ filename, lineno);
+ fail = 1;
+ }
+ else if (*p)
+ server->pass = xstrdup (p);
+ break;
+
+ case 5:
+ if (*p)
+ server->base = xstrdup (p);
+ break;
+
+ default:
+ /* (We silently ignore extra fields.) */
+ break;
+ }
+ }
+
+ if (fail)
+ {
+ log_info (_("%s:%u: skipping this line\n"), filename, lineno);
+ keyserver_list_free (server);
+ }
+
+ return server;
+}
+
+
+int
+main ( int argc, char **argv)
+{
+ ARGPARSE_ARGS pargs;
+ int orig_argc;
+ char **orig_argv;
+ /* char *username;*/
+ int may_coredump;
+ strlist_t sl, remusr= NULL, locusr=NULL;
+ strlist_t nrings=NULL;
+ int detached_sig = 0;
+ FILE *configfp = NULL;
+ char *configname = NULL;
+ unsigned configlineno;
+ int parse_debug = 0;
+ int no_more_options = 0;
+ int default_config =1;
+ int default_keyring = 1;
+ char *logfile = NULL;
+ char *auditlog = NULL;
+ char *htmlauditlog = NULL;
+ int greeting = 0;
+ int nogreeting = 0;
+ int debug_wait = 0;
+ int use_random_seed = 1;
+ int no_common_certs_import = 0;
+ int with_fpr = 0;
+ const char *forced_digest_algo = NULL;
+ const char *extra_digest_algo = NULL;
+ enum cmd_and_opt_values cmd = 0;
+ struct server_control_s ctrl;
+ certlist_t recplist = NULL;
+ certlist_t signerlist = NULL;
+ int do_not_setup_keys = 0;
+ int recp_required = 0;
+ estream_t auditfp = NULL;
+ estream_t htmlauditfp = NULL;
+ struct assuan_malloc_hooks malloc_hooks;
+
+ /*mtrace();*/
+
+ gnupg_reopen_std ("gpgsm");
+ /* trap_unaligned ();*/
+ gnupg_rl_initialize ();
+ set_strusage (my_strusage);
+ gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
+ /* We don't need any locking in libgcrypt unless we use any kind of
+ threading. */
+ gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING);
+
+ /* Please note that we may running SUID(ROOT), so be very CAREFUL
+ when adding any stuff between here and the call to secmem_init()
+ somewhere after the option parsing */
+ log_set_prefix ("gpgsm", 1);
+
+ /* Make sure that our subsystems are ready. */
+ i18n_init();
+ init_common_subsystems ();
+
+ /* Check that the libraries are suitable. Do it here because the
+ option parse may need services of the library */
+ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
+ log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt",
+ NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
+ if (!ksba_check_version (NEED_KSBA_VERSION) )
+ log_fatal (_("%s is too old (need %s, have %s)\n"), "libksba",
+ NEED_KSBA_VERSION, ksba_check_version (NULL) );
+
+
+ gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
+
+ may_coredump = disable_core_dumps ();
+
+ gnupg_init_signals (0, emergency_cleanup);
+
+ create_dotlock (NULL); /* register locking cleanup */
+
+ opt.session_env = session_env_new ();
+ if (!opt.session_env)
+ log_fatal ("error allocating session environment block: %s\n",
+ strerror (errno));
+
+ /* Note: If you change this default cipher algorithm , please
+ remember to update the Gpgconflist entry as well. */
+ opt.def_cipher_algoid = "3DES"; /*des-EDE3-CBC*/
+
+ opt.homedir = default_homedir ();
+
+ /* First check whether we have a config file on the commandline */
+ orig_argc = argc;
+ orig_argv = argv;
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags= 1|(1<<6); /* do not remove the args, ignore version */
+ while (arg_parse( &pargs, opts))
+ {
+ if (pargs.r_opt == oDebug || pargs.r_opt == oDebugAll)
+ parse_debug++;
+ else if (pargs.r_opt == oOptions)
+ { /* yes there is one, so we do not try the default one but
+ read the config file when it is encountered at the
+ commandline */
+ default_config = 0;
+ }
+ else if (pargs.r_opt == oNoOptions)
+ default_config = 0; /* --no-options */
+ else if (pargs.r_opt == oHomedir)
+ opt.homedir = pargs.r.ret_str;
+ else if (pargs.r_opt == aCallProtectTool)
+ break; /* This break makes sure that --version and --help are
+ passed to the protect-tool. */
+ }
+
+
+ /* Initialize the secure memory. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
+ maybe_setuid = 0;
+
+ /*
+ Now we are now working under our real uid
+ */
+
+ ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
+
+ malloc_hooks.malloc = gcry_malloc;
+ malloc_hooks.realloc = gcry_realloc;
+ malloc_hooks.free = gcry_free;
+ assuan_set_malloc_hooks (&malloc_hooks);
+ assuan_set_assuan_log_prefix (log_get_prefix (NULL));
+ assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
+
+ keybox_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
+
+ /* Setup a default control structure for command line mode */
+ memset (&ctrl, 0, sizeof ctrl);
+ gpgsm_init_default_ctrl (&ctrl);
+ ctrl.no_server = 1;
+ ctrl.status_fd = -1; /* No status output. */
+ ctrl.autodetect_encoding = 1;
+
+ /* Set the default option file */
+ if (default_config )
+ configname = make_filename (opt.homedir, "gpgsm.conf", NULL);
+ /* Set the default policy file */
+ opt.policy_file = make_filename (opt.homedir, "policies.txt", NULL);
+
+ argc = orig_argc;
+ argv = orig_argv;
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags = 1; /* do not remove the args */
+
+ next_pass:
+ if (configname) {
+ configlineno = 0;
+ configfp = fopen (configname, "r");
+ if (!configfp)
+ {
+ if (default_config)
+ {
+ if (parse_debug)
+ log_info (_("NOTE: no default option file `%s'\n"), configname);
+ }
+ else
+ {
+ log_error (_("option file `%s': %s\n"), configname, strerror(errno));
+ gpgsm_exit(2);
+ }
+ xfree(configname);
+ configname = NULL;
+ }
+ if (parse_debug && configname)
+ log_info (_("reading options from `%s'\n"), configname);
+ default_config = 0;
+ }
+
+ while (!no_more_options
+ && optfile_parse (configfp, configname, &configlineno, &pargs, opts))
+ {
+ switch (pargs.r_opt)
+ {
+ case aGPGConfList:
+ case aGPGConfTest:
+ set_cmd (&cmd, pargs.r_opt);
+ do_not_setup_keys = 1;
+ nogreeting = 1;
+ break;
+
+ case aServer:
+ opt.batch = 1;
+ set_cmd (&cmd, aServer);
+ break;
+
+ case aCallDirmngr:
+ opt.batch = 1;
+ set_cmd (&cmd, aCallDirmngr);
+ do_not_setup_keys = 1;
+ break;
+
+ case aCallProtectTool:
+ opt.batch = 1;
+ set_cmd (&cmd, aCallProtectTool);
+ no_more_options = 1; /* Stop parsing. */
+ do_not_setup_keys = 1;
+ break;
+
+ case aDeleteKey:
+ set_cmd (&cmd, aDeleteKey);
+ /*greeting=1;*/
+ do_not_setup_keys = 1;
+ break;
+
+ case aDetachedSign:
+ detached_sig = 1;
+ set_cmd (&cmd, aSign );
+ break;
+
+ case aKeygen:
+ set_cmd (&cmd, aKeygen);
+ greeting=1;
+ do_not_setup_keys = 1;
+ break;
+
+ case aImport:
+ case aSendKeys:
+ case aRecvKeys:
+ case aExport:
+ case aExportSecretKeyP12:
+ case aDumpKeys:
+ case aDumpChain:
+ case aDumpExternalKeys:
+ case aDumpSecretKeys:
+ case aListKeys:
+ case aListExternalKeys:
+ case aListSecretKeys:
+ case aListChain:
+ case aLearnCard:
+ case aPasswd:
+ case aKeydbClearSomeCertFlags:
+ do_not_setup_keys = 1;
+ set_cmd (&cmd, pargs.r_opt);
+ break;
+
+ case aEncr:
+ recp_required = 1;
+ set_cmd (&cmd, pargs.r_opt);
+ break;
+
+ case aSym:
+ case aDecrypt:
+ case aSign:
+ case aClearsign:
+ case aVerify:
+ set_cmd (&cmd, pargs.r_opt);
+ break;
+
+ /* Output encoding selection. */
+ case oArmor:
+ ctrl.create_pem = 1;
+ break;
+ case oBase64:
+ ctrl.create_pem = 0;
+ ctrl.create_base64 = 1;
+ break;
+ case oNoArmor:
+ ctrl.create_pem = 0;
+ ctrl.create_base64 = 0;
+ break;
+
+ case oP12Charset:
+ opt.p12_charset = pargs.r.ret_str;
+ break;
+
+ /* Input encoding selection. */
+ case oAssumeArmor:
+ ctrl.autodetect_encoding = 0;
+ ctrl.is_pem = 1;
+ ctrl.is_base64 = 0;
+ break;
+ case oAssumeBase64:
+ ctrl.autodetect_encoding = 0;
+ ctrl.is_pem = 0;
+ ctrl.is_base64 = 1;
+ break;
+ case oAssumeBinary:
+ ctrl.autodetect_encoding = 0;
+ ctrl.is_pem = 0;
+ ctrl.is_base64 = 0;
+ break;
+
+ case oDisableCRLChecks:
+ opt.no_crl_check = 1;
+ break;
+ case oEnableCRLChecks:
+ opt.no_crl_check = 0;
+ break;
+ case oDisableTrustedCertCRLCheck:
+ opt.no_trusted_cert_crl_check = 1;
+ break;
+ case oEnableTrustedCertCRLCheck:
+ opt.no_trusted_cert_crl_check = 0;
+ break;
+ case oForceCRLRefresh:
+ opt.force_crl_refresh = 1;
+ break;
+
+ case oDisableOCSP:
+ ctrl.use_ocsp = opt.enable_ocsp = 0;
+ break;
+ case oEnableOCSP:
+ ctrl.use_ocsp = opt.enable_ocsp = 1;
+ break;
+
+ case oIncludeCerts:
+ ctrl.include_certs = default_include_certs = pargs.r.ret_int;
+ break;
+
+ case oPolicyFile:
+ xfree (opt.policy_file);
+ if (*pargs.r.ret_str)
+ opt.policy_file = xstrdup (pargs.r.ret_str);
+ else
+ opt.policy_file = NULL;
+ break;
+
+ case oDisablePolicyChecks:
+ opt.no_policy_check = 1;
+ break;
+ case oEnablePolicyChecks:
+ opt.no_policy_check = 0;
+ break;
+
+ case oAutoIssuerKeyRetrieve:
+ opt.auto_issuer_key_retrieve = 1;
+ break;
+
+ case oOutput: opt.outfile = pargs.r.ret_str; break;
+
+
+ case oQuiet: opt.quiet = 1; break;
+ case oNoTTY: /* fixme:tty_no_terminal(1);*/ break;
+ case oDryRun: opt.dry_run = 1; break;
+
+ case oVerbose:
+ opt.verbose++;
+ gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
+ break;
+ case oNoVerbose:
+ opt.verbose = 0;
+ gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
+ break;
+
+ case oLogFile: logfile = pargs.r.ret_str; break;
+ case oNoLogFile: logfile = NULL; break;
+
+ case oAuditLog: auditlog = pargs.r.ret_str; break;
+ case oHtmlAuditLog: htmlauditlog = pargs.r.ret_str; break;
+
+ case oBatch:
+ opt.batch = 1;
+ greeting = 0;
+ break;
+ case oNoBatch: opt.batch = 0; break;
+
+ case oAnswerYes: opt.answer_yes = 1; break;
+ case oAnswerNo: opt.answer_no = 1; break;
+
+ case oKeyring: append_to_strlist (&nrings, pargs.r.ret_str); break;
+
+ case oDebug: debug_value |= pargs.r.ret_ulong; break;
+ case oDebugAll: debug_value = ~0; break;
+ case oDebugNone: debug_value = 0; break;
+ case oDebugLevel: debug_level = pargs.r.ret_str; break;
+ case oDebugWait: debug_wait = pargs.r.ret_int; break;
+ case oDebugAllowCoreDump:
+ may_coredump = enable_core_dumps ();
+ break;
+ case oDebugNoChainValidation: opt.no_chain_validation = 1; break;
+ case oDebugIgnoreExpiration: opt.ignore_expiration = 1; break;
+ case oFixedPassphrase: opt.fixed_passphrase = pargs.r.ret_str; break;
+
+ case oStatusFD: ctrl.status_fd = pargs.r.ret_int; break;
+ case oLoggerFD: log_set_fd (pargs.r.ret_int ); break;
+ case oWithMD5Fingerprint:
+ opt.with_md5_fingerprint=1; /*fall thru*/
+ case oWithFingerprint:
+ with_fpr=1; /*fall thru*/
+ case aFingerprint:
+ opt.fingerprint++;
+ break;
+
+ case oOptions:
+ /* config files may not be nested (silently ignore them) */
+ if (!configfp)
+ {
+ xfree(configname);
+ configname = xstrdup (pargs.r.ret_str);
+ goto next_pass;
+ }
+ break;
+ case oNoOptions: break; /* no-options */
+ case oHomedir: opt.homedir = pargs.r.ret_str; break;
+ case oAgentProgram: opt.agent_program = pargs.r.ret_str; break;
+
+ case oDisplay:
+ set_opt_session_env ("DISPLAY", pargs.r.ret_str);
+ break;
+ case oTTYname:
+ set_opt_session_env ("GPG_TTY", pargs.r.ret_str);
+ break;
+ case oTTYtype:
+ set_opt_session_env ("TERM", pargs.r.ret_str);
+ break;
+ case oXauthority:
+ set_opt_session_env ("XAUTHORITY", pargs.r.ret_str);
+ break;
+
+ case oLCctype: opt.lc_ctype = xstrdup (pargs.r.ret_str); break;
+ case oLCmessages: opt.lc_messages = xstrdup (pargs.r.ret_str); break;
+
+ case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
+ case oDisableDirmngr: opt.disable_dirmngr = 1; break;
+ case oPreferSystemDirmngr: opt.prefer_system_dirmngr = 1; break;
+ case oProtectToolProgram:
+ opt.protect_tool_program = pargs.r.ret_str;
+ break;
+
+ case oFakedSystemTime:
+ {
+ time_t faked_time = isotime2epoch (pargs.r.ret_str);
+ if (faked_time == (time_t)(-1))
+ faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
+ gnupg_set_time (faked_time, 0);
+ }
+ break;
+
+ case oNoDefKeyring: default_keyring = 0; break;
+ case oNoGreeting: nogreeting = 1; break;
+
+ case oDefaultKey:
+ if (*pargs.r.ret_str)
+ {
+ xfree (opt.local_user);
+ opt.local_user = xstrdup (pargs.r.ret_str);
+ }
+ break;
+ case oDefRecipient:
+ if (*pargs.r.ret_str)
+ opt.def_recipient = xstrdup (pargs.r.ret_str);
+ break;
+ case oDefRecipientSelf:
+ xfree (opt.def_recipient);
+ opt.def_recipient = NULL;
+ opt.def_recipient_self = 1;
+ break;
+ case oNoDefRecipient:
+ xfree (opt.def_recipient);
+ opt.def_recipient = NULL;
+ opt.def_recipient_self = 0;
+ break;
+
+ case oWithKeyData: opt.with_key_data=1; /* fall thru */
+ case oWithColons: ctrl.with_colons = 1; break;
+ case oWithValidation: ctrl.with_validation=1; break;
+ case oWithEphemeralKeys: ctrl.with_ephemeral_keys=1; break;
+
+ case oSkipVerify: opt.skip_verify=1; break;
+
+ case oNoEncryptTo: opt.no_encrypt_to = 1; break;
+ case oEncryptTo: /* Store the recipient in the second list */
+ sl = add_to_strlist (&remusr, pargs.r.ret_str);
+ sl->flags = 1;
+ break;
+
+ case oRecipient: /* store the recipient */
+ add_to_strlist ( &remusr, pargs.r.ret_str);
+ break;
+
+ case oUser: /* Store the local users, the first one is the default */
+ if (!opt.local_user)
+ opt.local_user = xstrdup (pargs.r.ret_str);
+ add_to_strlist (&locusr, pargs.r.ret_str);
+ break;
+
+ case oNoSecmemWarn:
+ gcry_control (GCRYCTL_DISABLE_SECMEM_WARN);
+ break;
+
+ case oCipherAlgo:
+ opt.def_cipher_algoid = pargs.r.ret_str;
+ break;
+
+ case oDisableCipherAlgo:
+ {
+ int algo = gcry_cipher_map_name (pargs.r.ret_str);
+ gcry_cipher_ctl (NULL, GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
+ }
+ break;
+ case oDisablePubkeyAlgo:
+ {
+ int algo = gcry_pk_map_name (pargs.r.ret_str);
+ gcry_pk_ctl (GCRYCTL_DISABLE_ALGO,&algo, sizeof algo );
+ }
+ break;
+
+ case oDigestAlgo:
+ forced_digest_algo = pargs.r.ret_str;
+ break;
+
+ case oExtraDigestAlgo:
+ extra_digest_algo = pargs.r.ret_str;
+ break;
+
+ case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
+ case oNoRandomSeedFile: use_random_seed = 0; break;
+ case oNoCommonCertsImport: no_common_certs_import = 1; break;
+
+ case oEnableSpecialFilenames: allow_special_filenames =1; break;
+
+ case oValidationModel: parse_validation_model (pargs.r.ret_str); break;
+
+ case oKeyServer:
+ {
+ struct keyserver_spec *keyserver;
+ keyserver = parse_keyserver_line (pargs.r.ret_str,
+ configname, configlineno);
+ if (! keyserver)
+ log_error (_("could not parse keyserver\n"));
+ else
+ {
+ /* FIXME: Keep last next pointer. */
+ struct keyserver_spec **next_p = &opt.keyserver;
+ while (*next_p)
+ next_p = &(*next_p)->next;
+ *next_p = keyserver;
+ }
+ }
+ break;
+
+ case oIgnoreCertExtension:
+ add_to_strlist (&opt.ignored_cert_extensions, pargs.r.ret_str);
+ break;
+
+ default:
+ pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
+ break;
+ }
+ }
+
+ if (configfp)
+ {
+ fclose (configfp);
+ configfp = NULL;
+ /* Keep a copy of the config filename. */
+ opt.config_filename = configname;
+ configname = NULL;
+ goto next_pass;
+ }
+ xfree (configname);
+ configname = NULL;
+
+ if (!opt.config_filename)
+ opt.config_filename = make_filename (opt.homedir, "gpgsm.conf", NULL);
+
+ if (log_get_errorcount(0))
+ gpgsm_exit(2);
+
+ /* Now that we have the options parsed we need to update the default
+ control structure. */
+ gpgsm_init_default_ctrl (&ctrl);
+
+ if (nogreeting)
+ greeting = 0;
+
+ if (greeting)
+ {
+ fprintf(stderr, "%s %s; %s\n",
+ strusage(11), strusage(13), strusage(14) );
+ fprintf(stderr, "%s\n", strusage(15) );
+ }
+# ifdef IS_DEVELOPMENT_VERSION
+ if (!opt.batch)
+ {
+ log_info ("NOTE: THIS IS A DEVELOPMENT VERSION!\n");
+ log_info ("It is only intended for test purposes and should NOT be\n");
+ log_info ("used in a production environment or with production keys!\n");
+ }
+# endif
+
+ if (may_coredump && !opt.quiet)
+ log_info (_("WARNING: program may create a core file!\n"));
+
+/* if (opt.qualsig_approval && !opt.quiet) */
+/* log_info (_("This software has offically been approved to " */
+/* "create and verify\n" */
+/* "qualified signatures according to German law.\n")); */
+
+ if (logfile && cmd == aServer)
+ {
+ log_set_file (logfile);
+ log_set_prefix (NULL, 1|2|4);
+ }
+
+ if (gnupg_faked_time_p ())
+ {
+ gnupg_isotime_t tbuf;
+
+ log_info (_("WARNING: running with faked system time: "));
+ gnupg_get_isotime (tbuf);
+ dump_isotime (tbuf);
+ log_printf ("\n");
+ }
+
+/*FIXME if (opt.batch) */
+/* tty_batchmode (1); */
+
+ gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
+
+ set_debug ();
+
+ /* Although we alwasy use gpgsm_exit, we better install a regualr
+ exit handler so that at least the secure memory gets wiped
+ out. */
+ if (atexit (emergency_cleanup))
+ {
+ log_error ("atexit failed\n");
+ gpgsm_exit (2);
+ }
+
+ /* Must do this after dropping setuid, because the mapping functions
+ may try to load an module and we may have disabled an algorithm.
+ We remap the commonly used algorithms to the OIDs for
+ convenience. We need to work with the OIDs because they are used
+ to check whether the encryption mode is actually available. */
+ if (!strcmp (opt.def_cipher_algoid, "3DES") )
+ opt.def_cipher_algoid = "1.2.840.113549.3.7";
+ else if (!strcmp (opt.def_cipher_algoid, "AES")
+ || !strcmp (opt.def_cipher_algoid, "AES128"))
+ opt.def_cipher_algoid = "2.16.840.1.101.3.4.1.2";
+ else if (!strcmp (opt.def_cipher_algoid, "AES256") )
+ opt.def_cipher_algoid = "2.16.840.1.101.3.4.1.42";
+ else if (!strcmp (opt.def_cipher_algoid, "SERPENT")
+ || !strcmp (opt.def_cipher_algoid, "SERPENT128") )
+ opt.def_cipher_algoid = "1.3.6.1.4.1.11591.13.2.2";
+ else if (!strcmp (opt.def_cipher_algoid, "SERPENT192") )
+ opt.def_cipher_algoid = "1.3.6.1.4.1.11591.13.2.22";
+ else if (!strcmp (opt.def_cipher_algoid, "SERPENT192") )
+ opt.def_cipher_algoid = "1.3.6.1.4.1.11591.13.2.42";
+ else if (!strcmp (opt.def_cipher_algoid, "SEED") )
+ opt.def_cipher_algoid = "1.2.410.200004.1.4";
+ else if (!strcmp (opt.def_cipher_algoid, "CAMELLIA")
+ || !strcmp (opt.def_cipher_algoid, "CAMELLIA128") )
+ opt.def_cipher_algoid = "1.2.392.200011.61.1.1.1.2";
+ else if (!strcmp (opt.def_cipher_algoid, "CAMELLIA192") )
+ opt.def_cipher_algoid = "1.2.392.200011.61.1.1.1.3";
+ else if (!strcmp (opt.def_cipher_algoid, "CAMELLIA256") )
+ opt.def_cipher_algoid = "1.2.392.200011.61.1.1.1.4";
+
+ if (cmd != aGPGConfList)
+ {
+ if ( !gcry_cipher_map_name (opt.def_cipher_algoid)
+ || !gcry_cipher_mode_from_oid (opt.def_cipher_algoid))
+ log_error (_("selected cipher algorithm is invalid\n"));
+
+ if (forced_digest_algo)
+ {
+ opt.forced_digest_algo = gcry_md_map_name (forced_digest_algo);
+ if (our_md_test_algo(opt.forced_digest_algo) )
+ log_error (_("selected digest algorithm is invalid\n"));
+ }
+ if (extra_digest_algo)
+ {
+ opt.extra_digest_algo = gcry_md_map_name (extra_digest_algo);
+ if (our_md_test_algo (opt.extra_digest_algo) )
+ log_error (_("selected digest algorithm is invalid\n"));
+ }
+ }
+
+ if (log_get_errorcount(0))
+ gpgsm_exit(2);
+
+ /* Set the random seed file. */
+ if (use_random_seed)
+ {
+ char *p = make_filename (opt.homedir, "random_seed", NULL);
+ gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
+ xfree(p);
+ }
+
+ if (!cmd && opt.fingerprint && !with_fpr)
+ set_cmd (&cmd, aListKeys);
+
+ /* Add default keybox. */
+ if (!nrings && default_keyring)
+ {
+ int created;
+
+ keydb_add_resource ("pubring.kbx", 0, 0, &created);
+ if (created && !no_common_certs_import)
+ {
+ /* Import the standard certificates for a new default keybox. */
+ char *filelist[2];
+
+ filelist[0] = make_filename (gnupg_datadir (),"com-certs.pem", NULL);
+ filelist[1] = NULL;
+ if (!access (filelist[0], F_OK))
+ {
+ log_info (_("importing common certificates `%s'\n"),
+ filelist[0]);
+ gpgsm_import_files (&ctrl, 1, filelist, open_read);
+ }
+ xfree (filelist[0]);
+ }
+ }
+ for (sl = nrings; sl; sl = sl->next)
+ keydb_add_resource (sl->d, 0, 0, NULL);
+ FREE_STRLIST(nrings);
+
+
+ /* Prepare the audit log feature for certain commands. */
+ if (auditlog || htmlauditlog)
+ {
+ switch (cmd)
+ {
+ case aEncr:
+ case aSign:
+ case aDecrypt:
+ case aVerify:
+ audit_release (ctrl.audit);
+ ctrl.audit = audit_new ();
+ if (auditlog)
+ auditfp = open_es_fwrite (auditlog);
+ if (htmlauditlog)
+ htmlauditfp = open_es_fwrite (htmlauditlog);
+ break;
+ default:
+ break;
+ }
+ }
+
+
+ if (!do_not_setup_keys)
+ {
+ for (sl = locusr; sl ; sl = sl->next)
+ {
+ int rc = gpgsm_add_to_certlist (&ctrl, sl->d, 1, &signerlist, 0);
+ if (rc)
+ {
+ log_error (_("can't sign using `%s': %s\n"),
+ sl->d, gpg_strerror (rc));
+ gpgsm_status2 (&ctrl, STATUS_INV_SGNR,
+ get_inv_recpsgnr_code (rc), sl->d, NULL);
+ gpgsm_status2 (&ctrl, STATUS_INV_RECP,
+ get_inv_recpsgnr_code (rc), sl->d, NULL);
+ }
+ }
+
+ /* Build the recipient list. We first add the regular ones and then
+ the encrypt-to ones because the underlying function will silently
+ ignore duplicates and we can't allow to keep a duplicate which is
+ flagged as encrypt-to as the actually encrypt function would then
+ complain about no (regular) recipients. */
+ for (sl = remusr; sl; sl = sl->next)
+ if (!(sl->flags & 1))
+ do_add_recipient (&ctrl, sl->d, &recplist, 0, recp_required);
+ if (!opt.no_encrypt_to)
+ {
+ for (sl = remusr; sl; sl = sl->next)
+ if ((sl->flags & 1))
+ do_add_recipient (&ctrl, sl->d, &recplist, 1, recp_required);
+ }
+ }
+
+ if (log_get_errorcount(0))
+ gpgsm_exit(1); /* Must stop for invalid recipients. */
+
+ /* Dispatch command. */
+ switch (cmd)
+ {
+ case aGPGConfList:
+ { /* List options and default values in the GPG Conf format. */
+ char *config_filename_esc = percent_escape (opt.config_filename, NULL);
+
+ printf ("gpgconf-gpgsm.conf:%lu:\"%s\n",
+ GC_OPT_FLAG_DEFAULT, config_filename_esc);
+ xfree (config_filename_esc);
+
+ printf ("verbose:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("quiet:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
+ printf ("log-file:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("disable-crl-checks:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("disable-trusted-cert-crl-check:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("enable-ocsp:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("include-certs:%lu:%d:\n", GC_OPT_FLAG_DEFAULT,
+ DEFAULT_INCLUDE_CERTS);
+ printf ("disable-policy-checks:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("auto-issuer-key-retrieve:%lu:\n", GC_OPT_FLAG_NONE);
+ printf ("disable-dirmngr:%lu:\n", GC_OPT_FLAG_NONE);
+#ifndef HAVE_W32_SYSTEM
+ printf ("prefer-system-dirmngr:%lu:\n", GC_OPT_FLAG_NONE);
+#endif
+ printf ("cipher-algo:%lu:\"3DES:\n", GC_OPT_FLAG_DEFAULT);
+ printf ("p12-charset:%lu:\n", GC_OPT_FLAG_DEFAULT);
+ printf ("default-key:%lu:\n", GC_OPT_FLAG_DEFAULT);
+ printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_DEFAULT);
+ printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE);
+
+ /* The next one is an info only item and should match what
+ proc_parameters actually implements. */
+ printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
+ "RSA-2048");
+ }
+ break;
+ case aGPGConfTest:
+ /* This is merely a dummy command to test whether the
+ configuration file is valid. */
+ break;
+
+ case aServer:
+ if (debug_wait)
+ {
+ log_debug ("waiting for debugger - my pid is %u .....\n",
+ (unsigned int)getpid());
+ gnupg_sleep (debug_wait);
+ log_debug ("... okay\n");
+ }
+ gpgsm_server (recplist);
+ break;
+
+ case aCallDirmngr:
+ if (!argc)
+ wrong_args ("--call-dirmngr <command> {args}");
+ else
+ if (gpgsm_dirmngr_run_command (&ctrl, *argv, argc-1, argv+1))
+ gpgsm_exit (1);
+ break;
+
+ case aCallProtectTool:
+ run_protect_tool (argc, argv);
+ break;
+
+ case aEncr: /* Encrypt the given file. */
+ {
+ FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
+
+ set_binary (stdin);
+
+ if (!argc) /* Source is stdin. */
+ gpgsm_encrypt (&ctrl, recplist, 0, fp);
+ else if (argc == 1) /* Source is the given file. */
+ gpgsm_encrypt (&ctrl, recplist, open_read (*argv), fp);
+ else
+ wrong_args ("--encrypt [datafile]");
+
+ if (fp != stdout)
+ fclose (fp);
+ }
+ break;
+
+ case aSign: /* Sign the given file. */
+ {
+ FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
+
+ /* Fixme: We should also allow to concatenate multiple files for
+ signing because that is what gpg does.*/
+ set_binary (stdin);
+ if (!argc) /* Create from stdin. */
+ gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp);
+ else if (argc == 1) /* From file. */
+ gpgsm_sign (&ctrl, signerlist,
+ open_read (*argv), detached_sig, fp);
+ else
+ wrong_args ("--sign [datafile]");
+
+ if (fp != stdout)
+ fclose (fp);
+ }
+ break;
+
+ case aSignEncr: /* sign and encrypt the given file */
+ log_error ("this command has not yet been implemented\n");
+ break;
+
+ case aClearsign: /* make a clearsig */
+ log_error ("this command has not yet been implemented\n");
+ break;
+
+ case aVerify:
+ {
+ FILE *fp = NULL;
+
+ set_binary (stdin);
+ if (argc == 2 && opt.outfile)
+ log_info ("option --output ignored for a detached signature\n");
+ else if (opt.outfile)
+ fp = open_fwrite (opt.outfile);
+
+ if (!argc)
+ gpgsm_verify (&ctrl, 0, -1, fp); /* normal signature from stdin */
+ else if (argc == 1)
+ gpgsm_verify (&ctrl, open_read (*argv), -1, fp); /* std signature */
+ else if (argc == 2) /* detached signature (sig, detached) */
+ gpgsm_verify (&ctrl, open_read (*argv), open_read (argv[1]), NULL);
+ else
+ wrong_args ("--verify [signature [detached_data]]");
+
+ if (fp && fp != stdout)
+ fclose (fp);
+ }
+ break;
+
+ case aDecrypt:
+ {
+ FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
+
+ set_binary (stdin);
+ if (!argc)
+ gpgsm_decrypt (&ctrl, 0, fp); /* from stdin */
+ else if (argc == 1)
+ gpgsm_decrypt (&ctrl, open_read (*argv), fp); /* from file */
+ else
+ wrong_args ("--decrypt [filename]");
+ if (fp != stdout)
+ fclose (fp);
+ }
+ break;
+
+ case aDeleteKey:
+ for (sl=NULL; argc; argc--, argv++)
+ add_to_strlist (&sl, *argv);
+ gpgsm_delete (&ctrl, sl);
+ free_strlist(sl);
+ break;
+
+ case aListChain:
+ case aDumpChain:
+ ctrl.with_chain = 1;
+ case aListKeys:
+ case aDumpKeys:
+ case aListExternalKeys:
+ case aDumpExternalKeys:
+ case aListSecretKeys:
+ case aDumpSecretKeys:
+ {
+ unsigned int mode;
+ estream_t fp;
+
+ switch (cmd)
+ {
+ case aListChain:
+ case aListKeys: mode = (0 | 0 | (1<<6)); break;
+ case aDumpChain:
+ case aDumpKeys: mode = (256 | 0 | (1<<6)); break;
+ case aListExternalKeys: mode = (0 | 0 | (1<<7)); break;
+ case aDumpExternalKeys: mode = (256 | 0 | (1<<7)); break;
+ case aListSecretKeys: mode = (0 | 2 | (1<<6)); break;
+ case aDumpSecretKeys: mode = (256 | 2 | (1<<6)); break;
+ default: BUG();
+ }
+
+ fp = open_es_fwrite (opt.outfile?opt.outfile:"-");
+ for (sl=NULL; argc; argc--, argv++)
+ add_to_strlist (&sl, *argv);
+ gpgsm_list_keys (&ctrl, sl, fp, mode);
+ free_strlist(sl);
+ es_fclose (fp);
+ }
+ break;
+
+
+ case aKeygen: /* Generate a key; well kind of. */
+ {
+ estream_t fpin = NULL;
+ FILE *fpout;
+
+ if (opt.batch)
+ {
+ if (!argc) /* Create from stdin. */
+ fpin = open_es_fread ("-");
+ else if (argc == 1) /* From file. */
+ fpin = open_es_fread (*argv);
+ else
+ wrong_args ("--gen-key --batch [parmfile]");
+ }
+
+ fpout = open_fwrite (opt.outfile?opt.outfile:"-");
+
+ if (fpin)
+ gpgsm_genkey (&ctrl, fpin, fpout);
+ else
+ gpgsm_gencertreq_tty (&ctrl, fpout);
+
+ if (fpout != stdout)
+ fclose (fpout);
+ }
+ break;
+
+
+ case aImport:
+ gpgsm_import_files (&ctrl, argc, argv, open_read);
+ break;
+
+ case aExport:
+ {
+ FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
+
+ for (sl=NULL; argc; argc--, argv++)
+ add_to_strlist (&sl, *argv);
+ gpgsm_export (&ctrl, sl, fp, NULL);
+ free_strlist(sl);
+ if (fp != stdout)
+ fclose (fp);
+ }
+ break;
+
+ case aExportSecretKeyP12:
+ {
+ FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
+
+ if (argc == 1)
+ gpgsm_p12_export (&ctrl, *argv, fp);
+ else
+ wrong_args ("--export-secret-key-p12 KEY-ID");
+ if (fp != stdout)
+ fclose (fp);
+ }
+ break;
+
+ case aSendKeys:
+ case aRecvKeys:
+ log_error ("this command has not yet been implemented\n");
+ break;
+
+
+ case aLearnCard:
+ if (argc)
+ wrong_args ("--learn-card");
+ else
+ {
+ int rc = gpgsm_agent_learn (&ctrl);
+ if (rc)
+ log_error ("error learning card: %s\n", gpg_strerror (rc));
+ }
+ break;
+
+ case aPasswd:
+ if (argc != 1)
+ wrong_args ("--passwd <key-Id>");
+ else
+ {
+ int rc;
+ ksba_cert_t cert = NULL;
+ char *grip = NULL;
+
+ rc = gpgsm_find_cert (*argv, NULL, &cert);
+ if (rc)
+ ;
+ else if (!(grip = gpgsm_get_keygrip_hexstring (cert)))
+ rc = gpg_error (GPG_ERR_BUG);
+ else
+ {
+ char *desc = gpgsm_format_keydesc (cert);
+ rc = gpgsm_agent_passwd (&ctrl, grip, desc);
+ xfree (desc);
+ }
+ if (rc)
+ log_error ("error changing passphrase: %s\n", gpg_strerror (rc));
+ xfree (grip);
+ ksba_cert_release (cert);
+ }
+ break;
+
+ case aKeydbClearSomeCertFlags:
+ for (sl=NULL; argc; argc--, argv++)
+ add_to_strlist (&sl, *argv);
+ keydb_clear_some_cert_flags (&ctrl, sl);
+ free_strlist(sl);
+ break;
+
+
+ default:
+ log_error (_("invalid command (there is no implicit command)\n"));
+ break;
+ }
+
+ /* Print the audit result if needed. */
+ if ((auditlog && auditfp) || (htmlauditlog && htmlauditfp))
+ {
+ if (auditlog && auditfp)
+ audit_print_result (ctrl.audit, auditfp, 0);
+ if (htmlauditlog && htmlauditfp)
+ audit_print_result (ctrl.audit, htmlauditfp, 1);
+ audit_release (ctrl.audit);
+ ctrl.audit = NULL;
+ es_fclose (auditfp);
+ es_fclose (htmlauditfp);
+ }
+
+ /* cleanup */
+ keyserver_list_free (opt.keyserver);
+ opt.keyserver = NULL;
+ gpgsm_release_certlist (recplist);
+ gpgsm_release_certlist (signerlist);
+ FREE_STRLIST (remusr);
+ FREE_STRLIST (locusr);
+ gpgsm_exit(0);
+ return 8; /*NOTREACHED*/
+}
+
+/* Note: This function is used by signal handlers!. */
+static void
+emergency_cleanup (void)
+{
+ gcry_control (GCRYCTL_TERM_SECMEM );
+}
+
+
+void
+gpgsm_exit (int rc)
+{
+ gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
+ if (opt.debug & DBG_MEMSTAT_VALUE)
+ {
+ gcry_control( GCRYCTL_DUMP_MEMORY_STATS );
+ gcry_control( GCRYCTL_DUMP_RANDOM_STATS );
+ }
+ if (opt.debug)
+ gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
+ emergency_cleanup ();
+ rc = rc? rc : log_get_errorcount(0)? 2 : gpgsm_errors_seen? 1 : 0;
+ exit (rc);
+}
+
+
+void
+gpgsm_init_default_ctrl (struct server_control_s *ctrl)
+{
+ ctrl->include_certs = default_include_certs;
+ ctrl->use_ocsp = opt.enable_ocsp;
+ ctrl->validation_model = default_validation_model;
+}
+
+
+int
+gpgsm_parse_validation_model (const char *model)
+{
+ if (!ascii_strcasecmp (model, "shell") )
+ return 0;
+ else if ( !ascii_strcasecmp (model, "chain") )
+ return 1;
+ else
+ return -1;
+}
+
+
+/* Check whether the filename has the form "-&nnnn", where n is a
+ non-zero number. Returns this number or -1 if it is not the case. */
+static int
+check_special_filename (const char *fname, int for_write)
+{
+ if (allow_special_filenames
+ && fname && *fname == '-' && fname[1] == '&' ) {
+ int i;
+
+ fname += 2;
+ for (i=0; isdigit (fname[i]); i++ )
+ ;
+ if ( !fname[i] )
+ return translate_sys2libc_fd_int (atoi (fname), for_write);
+ }
+ return -1;
+}
+
+
+
+/* Open the FILENAME for read and return the filedescriptor. Stop
+ with an error message in case of problems. "-" denotes stdin and
+ if special filenames are allowed the given fd is opened instead. */
+static int
+open_read (const char *filename)
+{
+ int fd;
+
+ if (filename[0] == '-' && !filename[1])
+ {
+ set_binary (stdin);
+ return 0; /* stdin */
+ }
+ fd = check_special_filename (filename, 0);
+ if (fd != -1)
+ return fd;
+ fd = open (filename, O_RDONLY | O_BINARY);
+ if (fd == -1)
+ {
+ log_error (_("can't open `%s': %s\n"), filename, strerror (errno));
+ gpgsm_exit (2);
+ }
+ return fd;
+}
+
+/* Same as open_read but return an estream_t. */
+static estream_t
+open_es_fread (const char *filename)
+{
+ int fd;
+ estream_t fp;
+
+ if (filename[0] == '-' && !filename[1])
+ fd = fileno (stdin);
+ else
+ fd = check_special_filename (filename, 0);
+ if (fd != -1)
+ {
+ fp = es_fdopen_nc (fd, "rb");
+ if (!fp)
+ {
+ log_error ("es_fdopen(%d) failed: %s\n", fd, strerror (errno));
+ gpgsm_exit (2);
+ }
+ return fp;
+ }
+ fp = es_fopen (filename, "rb");
+ if (!fp)
+ {
+ log_error (_("can't open `%s': %s\n"), filename, strerror (errno));
+ gpgsm_exit (2);
+ }
+ return fp;
+}
+
+
+/* Open FILENAME for fwrite and return the stream. Stop with an error
+ message in case of problems. "-" denotes stdout and if special
+ filenames are allowed the given fd is opened instead. Caller must
+ close the returned stream unless it is stdout. */
+static FILE *
+open_fwrite (const char *filename)
+{
+ int fd;
+ FILE *fp;
+
+ if (filename[0] == '-' && !filename[1])
+ {
+ set_binary (stdout);
+ return stdout;
+ }
+
+ fd = check_special_filename (filename, 1);
+ if (fd != -1)
+ {
+ fp = fdopen (dup (fd), "wb");
+ if (!fp)
+ {
+ log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno));
+ gpgsm_exit (2);
+ }
+ set_binary (fp);
+ return fp;
+ }
+ fp = fopen (filename, "wb");
+ if (!fp)
+ {
+ log_error (_("can't open `%s': %s\n"), filename, strerror (errno));
+ gpgsm_exit (2);
+ }
+ return fp;
+}
+
+
+/* Open FILENAME for fwrite and return an extended stream. Stop with
+ an error message in case of problems. "-" denotes stdout and if
+ special filenames are allowed the given fd is opened instead.
+ Caller must close the returned stream. */
+static estream_t
+open_es_fwrite (const char *filename)
+{
+ int fd;
+ estream_t fp;
+
+ if (filename[0] == '-' && !filename[1])
+ {
+ fflush (stdout);
+ fp = es_fdopen_nc (fileno(stdout), "wb");
+ return fp;
+ }
+
+ fd = check_special_filename (filename, 1);
+ if (fd != -1)
+ {
+ fp = es_fdopen_nc (fd, "wb");
+ if (!fp)
+ {
+ log_error ("es_fdopen(%d) failed: %s\n", fd, strerror (errno));
+ gpgsm_exit (2);
+ }
+ return fp;
+ }
+ fp = es_fopen (filename, "wb");
+ if (!fp)
+ {
+ log_error (_("can't open `%s': %s\n"), filename, strerror (errno));
+ gpgsm_exit (2);
+ }
+ return fp;
+}
+
+
+static void
+run_protect_tool (int argc, char **argv)
+{
+#ifndef HAVE_W32_SYSTEM
+ const char *pgm;
+ char **av;
+ int i;
+
+ if (!opt.protect_tool_program || !*opt.protect_tool_program)
+ pgm = gnupg_module_name (GNUPG_MODULE_NAME_PROTECT_TOOL);
+ else
+ pgm = opt.protect_tool_program;
+
+ av = xcalloc (argc+2, sizeof *av);
+ av[0] = strrchr (pgm, '/');
+ if (!av[0])
+ av[0] = xstrdup (pgm);
+ for (i=1; argc; i++, argc--, argv++)
+ av[i] = *argv;
+ av[i] = NULL;
+ execv (pgm, av);
+ log_error ("error executing `%s': %s\n", pgm, strerror (errno));
+#endif /*HAVE_W32_SYSTEM*/
+ gpgsm_exit (2);
+}
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
new file mode 100644
index 0000000..c4a261b
--- /dev/null
+++ b/sm/gpgsm.h
@@ -0,0 +1,423 @@
+/* gpgsm.h - Global definitions for GpgSM
+ * Copyright (C) 2001, 2003, 2004, 2007, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GPGSM_H
+#define GPGSM_H
+
+#ifdef GPG_ERR_SOURCE_DEFAULT
+#error GPG_ERR_SOURCE_DEFAULT already defined
+#endif
+#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GPGSM
+#include <gpg-error.h>
+
+
+#include <ksba.h>
+#include "../common/util.h"
+#include "../common/status.h"
+#include "../common/estream.h"
+#include "../common/audit.h"
+#include "../common/session-env.h"
+
+
+#define MAX_DIGEST_LEN 64
+
+struct keyserver_spec
+{
+ struct keyserver_spec *next;
+
+ char *host;
+ int port;
+ char *user;
+ char *pass;
+ char *base;
+};
+
+
+/* A large struct named "opt" to keep global flags. */
+struct
+{
+ unsigned int debug; /* debug flags (DBG_foo_VALUE) */
+ int verbose; /* verbosity level */
+ int quiet; /* be as quiet as possible */
+ int batch; /* run in batch mode, i.e w/o any user interaction */
+ int answer_yes; /* assume yes on most questions */
+ int answer_no; /* assume no on most questions */
+ int dry_run; /* don't change any persistent data */
+
+ const char *homedir; /* Configuration directory name */
+ const char *config_filename; /* Name of the used config file. */
+ const char *agent_program;
+
+ session_env_t session_env;
+ char *lc_ctype;
+ char *lc_messages;
+
+ const char *dirmngr_program;
+ int prefer_system_dirmngr; /* Prefer using a system wide drimngr. */
+ int disable_dirmngr; /* Do not do any dirmngr calls. */
+ const char *protect_tool_program;
+ char *outfile; /* name of output file */
+
+ int with_key_data;/* include raw key in the column delimted output */
+
+ int fingerprint; /* list fingerprints in all key listings */
+
+ int with_md5_fingerprint; /* Also print an MD5 fingerprint for
+ standard key listings. */
+
+ int armor; /* force base64 armoring (see also ctrl.with_base64) */
+ int no_armor; /* don't try to figure out whether data is base64 armored*/
+
+ const char *p12_charset; /* Use this charset for encoding the
+ pkcs#12 passphrase. */
+
+
+ const char *def_cipher_algoid; /* cipher algorithm to use if
+ nothing else is specified */
+
+ int def_compress_algo; /* Ditto for compress algorithm */
+
+ int forced_digest_algo; /* User forced hash algorithm. */
+
+ char *def_recipient; /* userID of the default recipient */
+ int def_recipient_self; /* The default recipient is the default key */
+
+ int no_encrypt_to; /* Ignore all as encrypt to marked recipients. */
+
+ char *local_user; /* NULL or argument to -u */
+
+ int extra_digest_algo; /* A digest algorithm also used for
+ verification of signatures. */
+
+ int always_trust; /* Trust the given keys even if there is no
+ valid certification chain */
+ int skip_verify; /* do not check signatures on data */
+
+ int lock_once; /* Keep lock once they are set */
+
+ int ignore_time_conflict; /* Ignore certain time conflicts */
+
+ int no_crl_check; /* Don't do a CRL check */
+ int no_trusted_cert_crl_check; /* Don't run a CRL check for trusted certs. */
+ int force_crl_refresh; /* Force refreshing the CRL. */
+ int enable_ocsp; /* Default to use OCSP checks. */
+
+ char *policy_file; /* full pathname of policy file */
+ int no_policy_check; /* ignore certificate policies */
+ int no_chain_validation; /* Bypass all cert chain validity tests */
+ int ignore_expiration; /* Ignore the notAfter validity checks. */
+ char *fixed_passphrase; /* Passphrase used by regression tests. */
+
+ int auto_issuer_key_retrieve; /* try to retrieve a missing issuer key. */
+
+ int qualsig_approval; /* Set to true if this software has
+ officially been approved to create an
+ verify qualified signatures. This is a
+ runtime option in case we want to check
+ the integrity of the software at
+ runtime. */
+
+ struct keyserver_spec *keyserver;
+
+ /* A list of certificate extension OIDs which are ignored so that
+ one can claim that a critical extension has been handled. One
+ OID per string. */
+ strlist_t ignored_cert_extensions;
+
+} opt;
+
+/* Debug values and macros. */
+#define DBG_X509_VALUE 1 /* debug x.509 data reading/writing */
+#define DBG_MPI_VALUE 2 /* debug mpi details */
+#define DBG_CRYPTO_VALUE 4 /* debug low level crypto */
+#define DBG_MEMORY_VALUE 32 /* debug memory allocation stuff */
+#define DBG_CACHE_VALUE 64 /* debug the caching */
+#define DBG_MEMSTAT_VALUE 128 /* show memory statistics */
+#define DBG_HASHING_VALUE 512 /* debug hashing operations */
+#define DBG_ASSUAN_VALUE 1024 /* debug assuan communication */
+
+#define DBG_X509 (opt.debug & DBG_X509_VALUE)
+#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
+#define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE)
+#define DBG_CACHE (opt.debug & DBG_CACHE_VALUE)
+#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
+#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE)
+
+/* Forward declaration for an object defined in server.c */
+struct server_local_s;
+
+/* Session control object. This object is passed down to most
+ functions. Note that the default values for it are set by
+ gpgsm_init_default_ctrl(). */
+struct server_control_s
+{
+ int no_server; /* We are not running under server control */
+ int status_fd; /* Only for non-server mode */
+ struct server_local_s *server_local;
+
+ audit_ctx_t audit; /* NULL or a context for the audit subsystem. */
+ int agent_seen; /* Flag indicating that the gpg-agent has been
+ accessed. */
+
+ int with_colons; /* Use column delimited output format */
+ int with_chain; /* Include the certifying certs in a listing */
+ int with_validation;/* Validate each key while listing. */
+ int with_ephemeral_keys; /* Include ephemeral flagged keys in the
+ keylisting. */
+
+ int autodetect_encoding; /* Try to detect the input encoding */
+ int is_pem; /* Is in PEM format */
+ int is_base64; /* is in plain base-64 format */
+
+ int create_base64; /* Create base64 encoded output */
+ int create_pem; /* create PEM output */
+ const char *pem_name; /* PEM name to use */
+
+ int include_certs; /* -1 to send all certificates in the chain
+ along with a signature or the number of
+ certificates up the chain (0 = none, 1 = only
+ signer) */
+ int use_ocsp; /* Set to true if OCSP should be used. */
+ int validation_model; /* Set to 1 for the chain model. */
+};
+
+
+/* Data structure used in base64.c. */
+typedef struct base64_context_s *Base64Context;
+
+
+/* An object to keep a list of certificates. */
+struct certlist_s
+{
+ struct certlist_s *next;
+ ksba_cert_t cert;
+ int is_encrypt_to; /* True if the certificate has been set through
+ the --encrypto-to option. */
+ int hash_algo; /* Used to track the hash algorithm to use. */
+ const char *hash_algo_oid; /* And the corresponding OID. */
+};
+typedef struct certlist_s *certlist_t;
+
+
+/* A structure carrying information about trusted root certificates. */
+struct rootca_flags_s
+{
+ unsigned int valid:1; /* The rest of the structure has valid
+ information. */
+ unsigned int relax:1; /* Relax checking of root certificates. */
+ unsigned int chain_model:1; /* Root requires the use of the chain model. */
+};
+
+
+
+/*-- gpgsm.c --*/
+void gpgsm_exit (int rc);
+void gpgsm_init_default_ctrl (struct server_control_s *ctrl);
+int gpgsm_parse_validation_model (const char *model);
+
+/*-- server.c --*/
+void gpgsm_server (certlist_t default_recplist);
+gpg_error_t gpgsm_status (ctrl_t ctrl, int no, const char *text);
+gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...) GNUPG_GCC_A_SENTINEL(0);
+gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
+ gpg_err_code_t ec);
+gpg_error_t gpgsm_proxy_pinentry_notify (ctrl_t ctrl,
+ const unsigned char *line);
+
+/*-- fingerprint --*/
+unsigned char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
+ unsigned char *array, int *r_len);
+char *gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo);
+char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo);
+unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert,
+ unsigned long *r_high);
+unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array);
+char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert);
+int gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);
+char *gpgsm_get_certid (ksba_cert_t cert);
+
+
+/*-- base64.c --*/
+int gpgsm_create_reader (Base64Context *ctx,
+ ctrl_t ctrl, FILE *fp, int allow_multi_pem,
+ ksba_reader_t *r_reader);
+int gpgsm_reader_eof_seen (Base64Context ctx);
+void gpgsm_destroy_reader (Base64Context ctx);
+int gpgsm_create_writer (Base64Context *ctx,
+ ctrl_t ctrl, FILE *fp, estream_t stream,
+ ksba_writer_t *r_writer);
+int gpgsm_finish_writer (Base64Context ctx);
+void gpgsm_destroy_writer (Base64Context ctx);
+
+
+/*-- certdump.c --*/
+void gpgsm_print_serial (estream_t fp, ksba_const_sexp_t p);
+void gpgsm_print_time (estream_t fp, ksba_isotime_t t);
+void gpgsm_print_name2 (FILE *fp, const char *string, int translate);
+void gpgsm_print_name (FILE *fp, const char *string);
+void gpgsm_es_print_name (estream_t fp, const char *string);
+void gpgsm_es_print_name2 (estream_t fp, const char *string, int translate);
+
+void gpgsm_cert_log_name (const char *text, ksba_cert_t cert);
+
+void gpgsm_dump_cert (const char *text, ksba_cert_t cert);
+void gpgsm_dump_serial (ksba_const_sexp_t p);
+void gpgsm_dump_time (ksba_isotime_t t);
+void gpgsm_dump_string (const char *string);
+
+char *gpgsm_format_serial (ksba_const_sexp_t p);
+char *gpgsm_format_name2 (const char *name, int translate);
+char *gpgsm_format_name (const char *name);
+char *gpgsm_format_sn_issuer (ksba_sexp_t sn, const char *issuer);
+
+char *gpgsm_fpr_and_name_for_status (ksba_cert_t cert);
+
+char *gpgsm_format_keydesc (ksba_cert_t cert);
+
+
+/*-- certcheck.c --*/
+int gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert);
+int gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
+ gcry_md_hd_t md, int hash_algo, int *r_pkalgo);
+/* fixme: move create functions to another file */
+int gpgsm_create_cms_signature (ctrl_t ctrl,
+ ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
+ unsigned char **r_sigval);
+
+
+/*-- certchain.c --*/
+
+/* Flags used with gpgsm_validate_chain. */
+#define VALIDATE_FLAG_NO_DIRMNGR 1
+#define VALIDATE_FLAG_CHAIN_MODEL 2
+
+
+int gpgsm_walk_cert_chain (ctrl_t ctrl,
+ ksba_cert_t start, ksba_cert_t *r_next);
+int gpgsm_is_root_cert (ksba_cert_t cert);
+int gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert,
+ ksba_isotime_t checktime,
+ ksba_isotime_t r_exptime,
+ int listmode, estream_t listfp,
+ unsigned int flags, unsigned int *retflags);
+int gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert);
+
+/*-- certlist.c --*/
+int gpgsm_cert_use_sign_p (ksba_cert_t cert);
+int gpgsm_cert_use_encrypt_p (ksba_cert_t cert);
+int gpgsm_cert_use_verify_p (ksba_cert_t cert);
+int gpgsm_cert_use_decrypt_p (ksba_cert_t cert);
+int gpgsm_cert_use_cert_p (ksba_cert_t cert);
+int gpgsm_cert_use_ocsp_p (ksba_cert_t cert);
+int gpgsm_certs_identical_p (ksba_cert_t cert_a, ksba_cert_t cert_b);
+int gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert,
+ certlist_t *listaddr, int is_encrypt_to);
+int gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
+ certlist_t *listaddr, int is_encrypt_to);
+void gpgsm_release_certlist (certlist_t list);
+int gpgsm_find_cert (const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert);
+
+/*-- keylist.c --*/
+gpg_error_t gpgsm_list_keys (ctrl_t ctrl, strlist_t names,
+ estream_t fp, unsigned int mode);
+
+/*-- import.c --*/
+int gpgsm_import (ctrl_t ctrl, int in_fd, int reimport_mode);
+int gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
+ int (*of)(const char *fname));
+
+/*-- export.c --*/
+void gpgsm_export (ctrl_t ctrl, strlist_t names, FILE *fp, estream_t stream);
+void gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp);
+
+/*-- delete.c --*/
+int gpgsm_delete (ctrl_t ctrl, strlist_t names);
+
+/*-- verify.c --*/
+int gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp);
+
+/*-- sign.c --*/
+int gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert);
+int gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
+ int data_fd, int detached, FILE *out_fp);
+
+/*-- encrypt.c --*/
+int gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int in_fd, FILE *out_fp);
+
+/*-- decrypt.c --*/
+int gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp);
+
+/*-- certreqgen.c --*/
+int gpgsm_genkey (ctrl_t ctrl, estream_t in_stream, FILE *out_fp);
+
+/*-- certreqgen-ui.c --*/
+void gpgsm_gencertreq_tty (ctrl_t ctrl, FILE *out_fp);
+
+
+/*-- qualified.c --*/
+gpg_error_t gpgsm_is_in_qualified_list (ctrl_t ctrl, ksba_cert_t cert,
+ char *country);
+gpg_error_t gpgsm_qualified_consent (ctrl_t ctrl, ksba_cert_t cert);
+gpg_error_t gpgsm_not_qualified_warning (ctrl_t ctrl, ksba_cert_t cert);
+
+/*-- call-agent.c --*/
+int gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
+ unsigned char *digest,
+ size_t digestlen,
+ int digestalgo,
+ unsigned char **r_buf, size_t *r_buflen);
+int gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
+ unsigned char *digest, size_t digestlen, int digestalgo,
+ unsigned char **r_buf, size_t *r_buflen);
+int gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
+ ksba_const_sexp_t ciphertext,
+ char **r_buf, size_t *r_buflen);
+int gpgsm_agent_genkey (ctrl_t ctrl,
+ ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);
+int gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
+ ksba_sexp_t *r_pubkey);
+int gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno);
+int gpgsm_agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list);
+int gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, const char *hexfpr,
+ struct rootca_flags_s *rootca_flags);
+int gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip);
+int gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert);
+int gpgsm_agent_learn (ctrl_t ctrl);
+int gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc);
+gpg_error_t gpgsm_agent_get_confirmation (ctrl_t ctrl, const char *desc);
+gpg_error_t gpgsm_agent_send_nop (ctrl_t ctrl);
+gpg_error_t gpgsm_agent_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
+ char **r_serialno);
+
+/*-- call-dirmngr.c --*/
+int gpgsm_dirmngr_isvalid (ctrl_t ctrl,
+ ksba_cert_t cert, ksba_cert_t issuer_cert,
+ int use_ocsp);
+int gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only,
+ void (*cb)(void*, ksba_cert_t), void *cb_value);
+int gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
+ int argc, char **argv);
+
+
+/*-- misc.c --*/
+void setup_pinentry_env (void);
+
+
+
+#endif /*GPGSM_H*/
diff --git a/sm/import.c b/sm/import.c
new file mode 100644
index 0000000..287e723
--- /dev/null
+++ b/sm/import.c
@@ -0,0 +1,807 @@
+/* import.c - Import certificates
+ * Copyright (C) 2001, 2003, 2004, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <time.h>
+#include <assert.h>
+#include <unistd.h>
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <ksba.h>
+
+#include "keydb.h"
+#include "exechelp.h"
+#include "i18n.h"
+#include "sysutils.h"
+#include "../kbx/keybox.h" /* for KEYBOX_FLAG_* */
+
+
+struct stats_s {
+ unsigned long count;
+ unsigned long imported;
+ unsigned long unchanged;
+ unsigned long not_imported;
+ unsigned long secret_read;
+ unsigned long secret_imported;
+ unsigned long secret_dups;
+ };
+
+
+static gpg_error_t parse_p12 (ctrl_t ctrl, ksba_reader_t reader, FILE **retfp,
+ struct stats_s *stats);
+
+
+
+static void
+print_imported_status (ctrl_t ctrl, ksba_cert_t cert, int new_cert)
+{
+ char *fpr;
+
+ fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+ if (new_cert)
+ gpgsm_status2 (ctrl, STATUS_IMPORTED, fpr, "[X.509]", NULL);
+
+ gpgsm_status2 (ctrl, STATUS_IMPORT_OK,
+ new_cert? "1":"0", fpr, NULL);
+
+ xfree (fpr);
+}
+
+
+/* Print an IMPORT_PROBLEM status. REASON is one of:
+ 0 := "No specific reason given".
+ 1 := "Invalid Certificate".
+ 2 := "Issuer Certificate missing".
+ 3 := "Certificate Chain too long".
+ 4 := "Error storing certificate".
+*/
+static void
+print_import_problem (ctrl_t ctrl, ksba_cert_t cert, int reason)
+{
+ char *fpr = NULL;
+ char buf[25];
+ int i;
+
+ sprintf (buf, "%d", reason);
+ if (cert)
+ {
+ fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+ /* detetect an error (all high) value */
+ for (i=0; fpr[i] == 'F'; i++)
+ ;
+ if (!fpr[i])
+ {
+ xfree (fpr);
+ fpr = NULL;
+ }
+ }
+ gpgsm_status2 (ctrl, STATUS_IMPORT_PROBLEM, buf, fpr, NULL);
+ xfree (fpr);
+}
+
+
+void
+print_imported_summary (ctrl_t ctrl, struct stats_s *stats)
+{
+ char buf[14*25];
+
+ if (!opt.quiet)
+ {
+ log_info (_("total number processed: %lu\n"), stats->count);
+ if (stats->imported)
+ {
+ log_info (_(" imported: %lu"), stats->imported );
+ log_printf ("\n");
+ }
+ if (stats->unchanged)
+ log_info (_(" unchanged: %lu\n"), stats->unchanged);
+ if (stats->secret_read)
+ log_info (_(" secret keys read: %lu\n"), stats->secret_read );
+ if (stats->secret_imported)
+ log_info (_(" secret keys imported: %lu\n"), stats->secret_imported );
+ if (stats->secret_dups)
+ log_info (_(" secret keys unchanged: %lu\n"), stats->secret_dups );
+ if (stats->not_imported)
+ log_info (_(" not imported: %lu\n"), stats->not_imported);
+ }
+
+ sprintf(buf, "%lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu",
+ stats->count,
+ 0l /*stats->no_user_id*/,
+ stats->imported,
+ 0l /*stats->imported_rsa*/,
+ stats->unchanged,
+ 0l /*stats->n_uids*/,
+ 0l /*stats->n_subk*/,
+ 0l /*stats->n_sigs*/,
+ 0l /*stats->n_revoc*/,
+ stats->secret_read,
+ stats->secret_imported,
+ stats->secret_dups,
+ 0l /*stats->skipped_new_keys*/,
+ stats->not_imported
+ );
+ gpgsm_status (ctrl, STATUS_IMPORT_RES, buf);
+}
+
+
+
+static void
+check_and_store (ctrl_t ctrl, struct stats_s *stats,
+ ksba_cert_t cert, int depth)
+{
+ int rc;
+
+ if (stats)
+ stats->count++;
+ if ( depth >= 50 )
+ {
+ log_error (_("certificate chain too long\n"));
+ if (stats)
+ stats->not_imported++;
+ print_import_problem (ctrl, cert, 3);
+ return;
+ }
+
+ /* Some basic checks, but don't care about missing certificates;
+ this is so that we are able to import entire certificate chains
+ w/o requiring a special order (i.e. root-CA first). This used
+ to be different but because gpgsm_verify even imports
+ certificates without any checks, it doesn't matter much and the
+ code gets much cleaner. A housekeeping function to remove
+ certificates w/o an anchor would be nice, though.
+
+ Optionally we do a full validation in addition to the basic test.
+ */
+ rc = gpgsm_basic_cert_check (ctrl, cert);
+ if (!rc && ctrl->with_validation)
+ rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL);
+ if (!rc || (!ctrl->with_validation
+ && (gpg_err_code (rc) == GPG_ERR_MISSING_CERT
+ || gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT)))
+ {
+ int existed;
+
+ if (!keydb_store_cert (cert, 0, &existed))
+ {
+ ksba_cert_t next = NULL;
+
+ if (!existed)
+ {
+ print_imported_status (ctrl, cert, 1);
+ if (stats)
+ stats->imported++;
+ }
+ else
+ {
+ print_imported_status (ctrl, cert, 0);
+ if (stats)
+ stats->unchanged++;
+ }
+
+ if (opt.verbose > 1 && existed)
+ {
+ if (depth)
+ log_info ("issuer certificate already in DB\n");
+ else
+ log_info ("certificate already in DB\n");
+ }
+ else if (opt.verbose && !existed)
+ {
+ if (depth)
+ log_info ("issuer certificate imported\n");
+ else
+ log_info ("certificate imported\n");
+ }
+
+ /* Now lets walk up the chain and import all certificates up
+ the chain. This is required in case we already stored
+ parent certificates in the ephemeral keybox. Do not
+ update the statistics, though. */
+ if (!gpgsm_walk_cert_chain (ctrl, cert, &next))
+ {
+ check_and_store (ctrl, NULL, next, depth+1);
+ ksba_cert_release (next);
+ }
+ }
+ else
+ {
+ log_error (_("error storing certificate\n"));
+ if (stats)
+ stats->not_imported++;
+ print_import_problem (ctrl, cert, 4);
+ }
+ }
+ else
+ {
+ log_error (_("basic certificate checks failed - not imported\n"));
+ if (stats)
+ stats->not_imported++;
+ /* We keep the test for GPG_ERR_MISSING_CERT only in case
+ GPG_ERR_MISSING_CERT has been used instead of the newer
+ GPG_ERR_MISSING_ISSUER_CERT. */
+ print_import_problem
+ (ctrl, cert,
+ gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT? 2 :
+ gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
+ gpg_err_code (rc) == GPG_ERR_BAD_CERT? 1 : 0);
+ }
+}
+
+
+
+
+static int
+import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
+{
+ int rc;
+ Base64Context b64reader = NULL;
+ ksba_reader_t reader;
+ ksba_cert_t cert = NULL;
+ ksba_cms_t cms = NULL;
+ FILE *fp = NULL;
+ ksba_content_type_t ct;
+ int any = 0;
+
+ fp = fdopen ( dup (in_fd), "rb");
+ if (!fp)
+ {
+ rc = gpg_error (gpg_err_code_from_errno (errno));
+ log_error ("fdopen() failed: %s\n", strerror (errno));
+ goto leave;
+ }
+
+ rc = gpgsm_create_reader (&b64reader, ctrl, fp, 1, &reader);
+ if (rc)
+ {
+ log_error ("can't create reader: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+
+ /* We need to loop here to handle multiple PEM objects in one
+ file. */
+ do
+ {
+ ksba_cms_release (cms); cms = NULL;
+ ksba_cert_release (cert); cert = NULL;
+
+ ct = ksba_cms_identify (reader);
+ if (ct == KSBA_CT_SIGNED_DATA)
+ { /* This is probably a signed-only message - import the certs */
+ ksba_stop_reason_t stopreason;
+ int i;
+
+ rc = ksba_cms_new (&cms);
+ if (rc)
+ goto leave;
+
+ rc = ksba_cms_set_reader_writer (cms, reader, NULL);
+ if (rc)
+ {
+ log_error ("ksba_cms_set_reader_writer failed: %s\n",
+ gpg_strerror (rc));
+ goto leave;
+ }
+
+ do
+ {
+ rc = ksba_cms_parse (cms, &stopreason);
+ if (rc)
+ {
+ log_error ("ksba_cms_parse failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ if (stopreason == KSBA_SR_BEGIN_DATA)
+ log_info ("not a certs-only message\n");
+ }
+ while (stopreason != KSBA_SR_READY);
+
+ for (i=0; (cert=ksba_cms_get_cert (cms, i)); i++)
+ {
+ check_and_store (ctrl, stats, cert, 0);
+ ksba_cert_release (cert);
+ cert = NULL;
+ }
+ if (!i)
+ log_error ("no certificate found\n");
+ else
+ any = 1;
+ }
+ else if (ct == KSBA_CT_PKCS12)
+ { /* This seems to be a pkcs12 message. We use an external
+ tool to parse the message and to store the private keys.
+ We need to use a another reader here to parse the
+ certificate we included in the p12 file; then we continue
+ to look for other pkcs12 files (works only if they are in
+ PEM format. */
+ FILE *certfp;
+ Base64Context b64p12rdr;
+ ksba_reader_t p12rdr;
+
+ rc = parse_p12 (ctrl, reader, &certfp, stats);
+ if (!rc)
+ {
+ any = 1;
+
+ rewind (certfp);
+ rc = gpgsm_create_reader (&b64p12rdr, ctrl, certfp, 1, &p12rdr);
+ if (rc)
+ {
+ log_error ("can't create reader: %s\n", gpg_strerror (rc));
+ fclose (certfp);
+ goto leave;
+ }
+
+ do
+ {
+ ksba_cert_release (cert); cert = NULL;
+ rc = ksba_cert_new (&cert);
+ if (!rc)
+ {
+ rc = ksba_cert_read_der (cert, p12rdr);
+ if (!rc)
+ check_and_store (ctrl, stats, cert, 0);
+ }
+ ksba_reader_clear (p12rdr, NULL, NULL);
+ }
+ while (!rc && !gpgsm_reader_eof_seen (b64p12rdr));
+
+ if (gpg_err_code (rc) == GPG_ERR_EOF)
+ rc = 0;
+ gpgsm_destroy_reader (b64p12rdr);
+ fclose (certfp);
+ if (rc)
+ goto leave;
+ }
+ }
+ else if (ct == KSBA_CT_NONE)
+ { /* Failed to identify this message - assume a certificate */
+
+ rc = ksba_cert_new (&cert);
+ if (rc)
+ goto leave;
+
+ rc = ksba_cert_read_der (cert, reader);
+ if (rc)
+ goto leave;
+
+ check_and_store (ctrl, stats, cert, 0);
+ any = 1;
+ }
+ else
+ {
+ log_error ("can't extract certificates from input\n");
+ rc = gpg_error (GPG_ERR_NO_DATA);
+ }
+
+ ksba_reader_clear (reader, NULL, NULL);
+ }
+ while (!gpgsm_reader_eof_seen (b64reader));
+
+ leave:
+ if (any && gpg_err_code (rc) == GPG_ERR_EOF)
+ rc = 0;
+ ksba_cms_release (cms);
+ ksba_cert_release (cert);
+ gpgsm_destroy_reader (b64reader);
+ if (fp)
+ fclose (fp);
+ return rc;
+}
+
+
+
+/* Re-import certifciates. IN_FD is a list of linefeed delimited
+ fingerprints t re-import. The actual re-import is done by clearing
+ the ephemeral flag. */
+static int
+reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
+{
+ gpg_error_t err = 0;
+ estream_t fp = NULL;
+ char line[100]; /* Sufficient for a fingerprint. */
+ KEYDB_HANDLE kh;
+ KEYDB_SEARCH_DESC desc;
+ ksba_cert_t cert = NULL;
+ unsigned int flags;
+
+ kh = keydb_new (0);
+ if (!kh)
+ {
+ err = gpg_error (GPG_ERR_ENOMEM);;
+ log_error (_("failed to allocate keyDB handle\n"));
+ goto leave;
+ }
+ keydb_set_ephemeral (kh, 1);
+
+ fp = es_fdopen_nc (in_fd, "r");
+ if (!fp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("es_fdopen(%d) failed: %s\n", in_fd, gpg_strerror (err));
+ goto leave;
+ }
+
+ while (es_fgets (line, DIM(line)-1, fp) )
+ {
+ if (*line && line[strlen(line)-1] != '\n')
+ {
+ err = gpg_error (GPG_ERR_LINE_TOO_LONG);
+ goto leave;
+ }
+ trim_spaces (line);
+ if (!*line)
+ continue;
+
+ stats->count++;
+
+ err = keydb_classify_name (line, &desc);
+ if (err)
+ {
+ print_import_problem (ctrl, NULL, 0);
+ stats->not_imported++;
+ continue;
+ }
+
+ keydb_search_reset (kh);
+ err = keydb_search (kh, &desc, 1);
+ if (err)
+ {
+ print_import_problem (ctrl, NULL, 0);
+ stats->not_imported++;
+ continue;
+ }
+
+ ksba_cert_release (cert);
+ cert = NULL;
+ err = keydb_get_cert (kh, &cert);
+ if (err)
+ {
+ log_error ("keydb_get_cert() failed: %s\n", gpg_strerror (err));
+ print_import_problem (ctrl, NULL, 1);
+ stats->not_imported++;
+ continue;
+ }
+
+ err = keydb_get_flags (kh, KEYBOX_FLAG_BLOB, 0, &flags);
+ if (err)
+ {
+ log_error (_("error getting stored flags: %s\n"), gpg_strerror (err));
+ print_imported_status (ctrl, cert, 0);
+ stats->not_imported++;
+ continue;
+ }
+ if ( !(flags & KEYBOX_FLAG_BLOB_EPHEMERAL) )
+ {
+ print_imported_status (ctrl, cert, 0);
+ stats->unchanged++;
+ continue;
+ }
+
+ err = keydb_set_cert_flags (cert, 1, KEYBOX_FLAG_BLOB, 0,
+ KEYBOX_FLAG_BLOB_EPHEMERAL, 0);
+ if (err)
+ {
+ log_error ("clearing ephemeral flag failed: %s\n",
+ gpg_strerror (err));
+ print_import_problem (ctrl, cert, 0);
+ stats->not_imported++;
+ continue;
+ }
+
+ print_imported_status (ctrl, cert, 1);
+ stats->imported++;
+ }
+ err = 0;
+ if (es_ferror (fp))
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error reading fd %d: %s\n", in_fd, gpg_strerror (err));
+ goto leave;
+ }
+
+ leave:
+ ksba_cert_release (cert);
+ keydb_release (kh);
+ es_fclose (fp);
+ return err;
+}
+
+
+
+int
+gpgsm_import (ctrl_t ctrl, int in_fd, int reimport_mode)
+{
+ int rc;
+ struct stats_s stats;
+
+ memset (&stats, 0, sizeof stats);
+ if (reimport_mode)
+ rc = reimport_one (ctrl, &stats, in_fd);
+ else
+ rc = import_one (ctrl, &stats, in_fd);
+ print_imported_summary (ctrl, &stats);
+ /* If we never printed an error message do it now so that a command
+ line invocation will return with an error (log_error keeps a
+ global errorcount) */
+ if (rc && !log_get_errorcount (0))
+ log_error (_("error importing certificate: %s\n"), gpg_strerror (rc));
+ return rc;
+}
+
+
+int
+gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
+ int (*of)(const char *fname))
+{
+ int rc = 0;
+ struct stats_s stats;
+
+ memset (&stats, 0, sizeof stats);
+
+ if (!nfiles)
+ rc = import_one (ctrl, &stats, 0);
+ else
+ {
+ for (; nfiles && !rc ; nfiles--, files++)
+ {
+ int fd = of (*files);
+ rc = import_one (ctrl, &stats, fd);
+ close (fd);
+ if (rc == -1)
+ rc = 0;
+ }
+ }
+ print_imported_summary (ctrl, &stats);
+ /* If we never printed an error message do it now so that a command
+ line invocation will return with an error (log_error keeps a
+ global errorcount) */
+ if (rc && !log_get_errorcount (0))
+ log_error (_("error importing certificate: %s\n"), gpg_strerror (rc));
+ return rc;
+}
+
+
+/* Fork and exec the protecttool, connect the file descriptor of
+ INFILE to stdin, return a new stream in STATUSFILE, write the
+ output to OUTFILE and the pid of the process in PID. Returns 0 on
+ success or an error code. */
+static gpg_error_t
+popen_protect_tool (ctrl_t ctrl, const char *pgmname,
+ FILE *infile, FILE *outfile, FILE **statusfile, pid_t *pid)
+{
+ const char *argv[22];
+ int i=0;
+
+ /* Make sure that the agent is running so that the protect tool is
+ able to ask for a passphrase. This has only an effect under W32
+ where the agent is started on demand; sending a NOP does not harm
+ on other platforms. This is not really necessary anymore because
+ the protect tool does this now by itself; it does not harm either. */
+ gpgsm_agent_send_nop (ctrl);
+
+ argv[i++] = "--homedir";
+ argv[i++] = opt.homedir;
+ argv[i++] = "--p12-import";
+ argv[i++] = "--store";
+ argv[i++] = "--no-fail-on-exist";
+ argv[i++] = "--enable-status-msg";
+ if (opt.fixed_passphrase)
+ {
+ argv[i++] = "--passphrase";
+ argv[i++] = opt.fixed_passphrase;
+ }
+ if (opt.agent_program)
+ {
+ argv[i++] = "--agent-program";
+ argv[i++] = opt.agent_program;
+ }
+ argv[i++] = "--",
+ argv[i] = NULL;
+ assert (i < sizeof argv);
+
+ return gnupg_spawn_process (pgmname, argv, infile, outfile,
+ setup_pinentry_env, (128 | 64),
+ statusfile, pid);
+}
+
+
+/* Assume that the reader is at a pkcs#12 message and try to import
+ certificates from that stupid format. We will also store secret
+ keys. All of the pkcs#12 parsing and key storing is handled by the
+ gpg-protect-tool, we merely have to take care of receiving the
+ certificates. On success RETFP returns a temporary file with
+ certificates. */
+static gpg_error_t
+parse_p12 (ctrl_t ctrl, ksba_reader_t reader,
+ FILE **retfp, struct stats_s *stats)
+{
+ const char *pgmname;
+ gpg_error_t err = 0, child_err = 0;
+ int c, cont_line;
+ unsigned int pos;
+ FILE *tmpfp, *certfp = NULL, *fp = NULL;
+ char buffer[1024];
+ size_t nread;
+ pid_t pid = -1;
+ int bad_pass = 0;
+
+ if (!opt.protect_tool_program || !*opt.protect_tool_program)
+ pgmname = gnupg_module_name (GNUPG_MODULE_NAME_PROTECT_TOOL);
+ else
+ pgmname = opt.protect_tool_program;
+
+ *retfp = NULL;
+
+ /* To avoid an extra feeder process or doing selects and because
+ gpg-protect-tool will anyway parse the entire pkcs#12 message in
+ memory, we simply use tempfiles here and pass them to
+ the gpg-protect-tool. */
+ tmpfp = gnupg_tmpfile ();
+ if (!tmpfp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error creating temporary file: %s\n"), strerror (errno));
+ goto cleanup;
+ }
+ while (!(err = ksba_reader_read (reader, buffer, sizeof buffer, &nread)))
+ {
+ if (nread && fwrite (buffer, nread, 1, tmpfp) != 1)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error writing to temporary file: %s\n"),
+ strerror (errno));
+ goto cleanup;
+ }
+ }
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ err = 0;
+ if (err)
+ {
+ log_error (_("error reading input: %s\n"), gpg_strerror (err));
+ goto cleanup;
+ }
+
+ certfp = gnupg_tmpfile ();
+ if (!certfp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error creating temporary file: %s\n"), strerror (errno));
+ goto cleanup;
+ }
+
+ err = popen_protect_tool (ctrl, pgmname, tmpfp, certfp, &fp, &pid);
+ if (err)
+ {
+ pid = -1;
+ goto cleanup;
+ }
+ fclose (tmpfp);
+ tmpfp = NULL;
+
+ /* Read stderr of the protect tool. */
+ pos = 0;
+ cont_line = 0;
+ while ((c=getc (fp)) != EOF)
+ {
+ /* fixme: We could here grep for status information of the
+ protect tool to figure out better error codes for
+ CHILD_ERR. */
+ buffer[pos++] = c;
+ if (pos >= sizeof buffer - 5 || c == '\n')
+ {
+ buffer[pos - (c == '\n')] = 0;
+ if (cont_line)
+ log_printf ("%s", buffer);
+ else
+ {
+ if (!strncmp (buffer, "gpg-protect-tool: [PROTECT-TOOL:] ",34))
+ {
+ char *p, *pend;
+
+ p = buffer + 34;
+ pend = strchr (p, ' ');
+ if (pend)
+ *pend = 0;
+ if ( !strcmp (p, "secretkey-stored"))
+ {
+ stats->count++;
+ stats->secret_read++;
+ stats->secret_imported++;
+ }
+ else if ( !strcmp (p, "secretkey-exists"))
+ {
+ stats->count++;
+ stats->secret_read++;
+ stats->secret_dups++;
+ }
+ else if ( !strcmp (p, "bad-passphrase"))
+ {
+
+ }
+ }
+ else
+ {
+ log_info ("%s", buffer);
+ if (!strncmp (buffer, "gpg-protect-tool: "
+ "possibly bad passphrase given",46))
+ bad_pass++;
+ }
+ }
+ pos = 0;
+ cont_line = (c != '\n');
+ }
+ }
+
+ if (pos)
+ {
+ buffer[pos] = 0;
+ if (cont_line)
+ log_printf ("%s\n", buffer);
+ else
+ log_info ("%s\n", buffer);
+ }
+
+
+ /* If we found no error in the output of the child, setup a suitable
+ error code, which will later be reset if the exit status of the
+ child is 0. */
+ if (!child_err)
+ child_err = gpg_error (GPG_ERR_DECRYPT_FAILED);
+
+ cleanup:
+ if (tmpfp)
+ fclose (tmpfp);
+ if (fp)
+ fclose (fp);
+ if (pid != -1)
+ {
+ if (!gnupg_wait_process (pgmname, pid, NULL))
+ child_err = 0;
+ }
+ if (!err)
+ err = child_err;
+ if (err)
+ {
+ if (certfp)
+ fclose (certfp);
+ }
+ else
+ *retfp = certfp;
+
+ if (bad_pass)
+ {
+ /* We only write a plain error code and not direct
+ BAD_PASSPHRASE because the pkcs12 parser might issue this
+ message multiple times, BAD_PASSPHRASE in general requires a
+ keyID and parts of the import might actually succeed so that
+ IMPORT_PROBLEM is also not appropriate. */
+ gpgsm_status_with_err_code (ctrl, STATUS_ERROR,
+ "import.parsep12", GPG_ERR_BAD_PASSPHRASE);
+ }
+
+ return err;
+}
diff --git a/sm/keydb.c b/sm/keydb.c
new file mode 100644
index 0000000..37f791e
--- /dev/null
+++ b/sm/keydb.c
@@ -0,0 +1,1535 @@
+/* keydb.c - key database dispatcher
+ * Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "gpgsm.h"
+#include "../kbx/keybox.h"
+#include "keydb.h"
+#include "i18n.h"
+
+static int active_handles;
+
+typedef enum {
+ KEYDB_RESOURCE_TYPE_NONE = 0,
+ KEYDB_RESOURCE_TYPE_KEYBOX
+} KeydbResourceType;
+#define MAX_KEYDB_RESOURCES 20
+
+struct resource_item {
+ KeydbResourceType type;
+ union {
+ KEYBOX_HANDLE kr;
+ } u;
+ void *token;
+ int secret;
+ DOTLOCK lockhandle;
+};
+
+static struct resource_item all_resources[MAX_KEYDB_RESOURCES];
+static int used_resources;
+
+struct keydb_handle {
+ int locked;
+ int found;
+ int current;
+ int is_ephemeral;
+ int used; /* items in active */
+ struct resource_item active[MAX_KEYDB_RESOURCES];
+};
+
+
+static int lock_all (KEYDB_HANDLE hd);
+static void unlock_all (KEYDB_HANDLE hd);
+
+
+/*
+ * Register a resource (which currently may only be a keybox file).
+ * The first keybox which is added by this function is created if it
+ * does not exist. If AUTO_CREATED is not NULL it will be set to true
+ * if the function has created a a new keybox.
+ */
+int
+keydb_add_resource (const char *url, int force, int secret, int *auto_created)
+{
+ static int any_secret, any_public;
+ const char *resname = url;
+ char *filename = NULL;
+ int rc = 0;
+ FILE *fp;
+ KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE;
+
+ if (auto_created)
+ *auto_created = 0;
+
+ /* Do we have an URL?
+ gnupg-kbx:filename := this is a plain keybox
+ filename := See what is is, but create as plain keybox.
+ */
+ if (strlen (resname) > 10)
+ {
+ if (!strncmp (resname, "gnupg-kbx:", 10) )
+ {
+ rt = KEYDB_RESOURCE_TYPE_KEYBOX;
+ resname += 10;
+ }
+#if !defined(HAVE_DRIVE_LETTERS) && !defined(__riscos__)
+ else if (strchr (resname, ':'))
+ {
+ log_error ("invalid key resource URL `%s'\n", url );
+ rc = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+#endif /* !HAVE_DRIVE_LETTERS && !__riscos__ */
+ }
+
+ if (*resname != DIRSEP_C )
+ { /* do tilde expansion etc */
+ if (strchr(resname, DIRSEP_C) )
+ filename = make_filename (resname, NULL);
+ else
+ filename = make_filename (opt.homedir, resname, NULL);
+ }
+ else
+ filename = xstrdup (resname);
+
+ if (!force)
+ force = secret? !any_secret : !any_public;
+
+ /* see whether we can determine the filetype */
+ if (rt == KEYDB_RESOURCE_TYPE_NONE)
+ {
+ FILE *fp2 = fopen( filename, "rb" );
+
+ if (fp2) {
+ u32 magic;
+
+ /* FIXME: check for the keybox magic */
+ if (fread( &magic, 4, 1, fp2) == 1 )
+ {
+ if (magic == 0x13579ace || magic == 0xce9a5713)
+ ; /* GDBM magic - no more support */
+ else
+ rt = KEYDB_RESOURCE_TYPE_KEYBOX;
+ }
+ else /* maybe empty: assume ring */
+ rt = KEYDB_RESOURCE_TYPE_KEYBOX;
+ fclose (fp2);
+ }
+ else /* no file yet: create ring */
+ rt = KEYDB_RESOURCE_TYPE_KEYBOX;
+ }
+
+ switch (rt)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ log_error ("unknown type of key resource `%s'\n", url );
+ rc = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ fp = fopen (filename, "rb");
+ if (!fp && !force)
+ {
+ rc = gpg_error (gpg_err_code_from_errno (errno));
+ goto leave;
+ }
+
+ if (!fp)
+ { /* no file */
+#if 0 /* no autocreate of the homedirectory yet */
+ {
+ char *last_slash_in_filename;
+
+ last_slash_in_filename = strrchr (filename, DIRSEP_C);
+ *last_slash_in_filename = 0;
+ if (access (filename, F_OK))
+ { /* on the first time we try to create the default
+ homedir and in this case the process will be
+ terminated, so that on the next invocation can
+ read the options file in on startup */
+ try_make_homedir (filename);
+ rc = gpg_error (GPG_ERR_FILE_OPEN_ERROR);
+ *last_slash_in_filename = DIRSEP_C;
+ goto leave;
+ }
+ *last_slash_in_filename = DIRSEP_C;
+ }
+#endif
+ fp = fopen (filename, "w");
+ if (!fp)
+ {
+ rc = gpg_error (gpg_err_code_from_errno (errno));
+ log_error (_("error creating keybox `%s': %s\n"),
+ filename, strerror(errno));
+ if (errno == ENOENT)
+ log_info (_("you may want to start the gpg-agent first\n"));
+ goto leave;
+ }
+
+ if (!opt.quiet)
+ log_info (_("keybox `%s' created\n"), filename);
+ if (auto_created)
+ *auto_created = 1;
+ }
+ fclose (fp);
+ fp = NULL;
+ /* now register the file */
+ {
+
+ void *token = keybox_register_file (filename, secret);
+ if (!token)
+ ; /* already registered - ignore it */
+ else if (used_resources >= MAX_KEYDB_RESOURCES)
+ rc = gpg_error (GPG_ERR_RESOURCE_LIMIT);
+ else
+ {
+ all_resources[used_resources].type = rt;
+ all_resources[used_resources].u.kr = NULL; /* Not used here */
+ all_resources[used_resources].token = token;
+ all_resources[used_resources].secret = secret;
+
+ all_resources[used_resources].lockhandle
+ = create_dotlock (filename);
+ if (!all_resources[used_resources].lockhandle)
+ log_fatal ( _("can't create lock for `%s'\n"), filename);
+
+ /* Do a compress run if needed and the file is not locked. */
+ if (!make_dotlock (all_resources[used_resources].lockhandle, 0))
+ {
+ KEYBOX_HANDLE kbxhd = keybox_new (token, secret);
+
+ if (kbxhd)
+ {
+ keybox_compress (kbxhd);
+ keybox_release (kbxhd);
+ }
+ release_dotlock (all_resources[used_resources].lockhandle);
+ }
+
+ used_resources++;
+ }
+ }
+
+
+ break;
+ default:
+ log_error ("resource type of `%s' not supported\n", url);
+ rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
+ goto leave;
+ }
+
+ /* fixme: check directory permissions and print a warning */
+
+ leave:
+ if (rc)
+ log_error ("keyblock resource `%s': %s\n", filename, gpg_strerror(rc));
+ else if (secret)
+ any_secret = 1;
+ else
+ any_public = 1;
+ xfree (filename);
+ return rc;
+}
+
+
+KEYDB_HANDLE
+keydb_new (int secret)
+{
+ KEYDB_HANDLE hd;
+ int i, j;
+
+ hd = xcalloc (1, sizeof *hd);
+ hd->found = -1;
+
+ assert (used_resources <= MAX_KEYDB_RESOURCES);
+ for (i=j=0; i < used_resources; i++)
+ {
+ if (!all_resources[i].secret != !secret)
+ continue;
+ switch (all_resources[i].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ hd->active[j].type = all_resources[i].type;
+ hd->active[j].token = all_resources[i].token;
+ hd->active[j].secret = all_resources[i].secret;
+ hd->active[j].lockhandle = all_resources[i].lockhandle;
+ hd->active[j].u.kr = keybox_new (all_resources[i].token, secret);
+ if (!hd->active[j].u.kr)
+ {
+ xfree (hd);
+ return NULL; /* fixme: release all previously allocated handles*/
+ }
+ j++;
+ break;
+ }
+ }
+ hd->used = j;
+
+ active_handles++;
+ return hd;
+}
+
+void
+keydb_release (KEYDB_HANDLE hd)
+{
+ int i;
+
+ if (!hd)
+ return;
+ assert (active_handles > 0);
+ active_handles--;
+
+ unlock_all (hd);
+ for (i=0; i < hd->used; i++)
+ {
+ switch (hd->active[i].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ keybox_release (hd->active[i].u.kr);
+ break;
+ }
+ }
+
+ xfree (hd);
+}
+
+
+/* Return the name of the current resource. This is function first
+ looks for the last found found, then for the current search
+ position, and last returns the first available resource. The
+ returned string is only valid as long as the handle exists. This
+ function does only return NULL if no handle is specified, in all
+ other error cases an empty string is returned. */
+const char *
+keydb_get_resource_name (KEYDB_HANDLE hd)
+{
+ int idx;
+ const char *s = NULL;
+
+ if (!hd)
+ return NULL;
+
+ if ( hd->found >= 0 && hd->found < hd->used)
+ idx = hd->found;
+ else if ( hd->current >= 0 && hd->current < hd->used)
+ idx = hd->current;
+ else
+ idx = 0;
+
+ switch (hd->active[idx].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ s = NULL;
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ s = keybox_get_resource_name (hd->active[idx].u.kr);
+ break;
+ }
+
+ return s? s: "";
+}
+
+/* Switch the handle into ephemeral mode and return the orginal value. */
+int
+keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
+{
+ int i;
+
+ if (!hd)
+ return 0;
+
+ yes = !!yes;
+ if (hd->is_ephemeral != yes)
+ {
+ for (i=0; i < hd->used; i++)
+ {
+ switch (hd->active[i].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ keybox_set_ephemeral (hd->active[i].u.kr, yes);
+ break;
+ }
+ }
+ }
+
+ i = hd->is_ephemeral;
+ hd->is_ephemeral = yes;
+ return i;
+}
+
+
+/* If the keyring has not yet been locked, lock it now. This
+ operation is required before any update operation; it is optional
+ for an insert operation. The lock is released with
+ keydb_released. */
+gpg_error_t
+keydb_lock (KEYDB_HANDLE hd)
+{
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_HANDLE);
+ if (hd->locked)
+ return 0; /* Already locked. */
+ return lock_all (hd);
+}
+
+
+
+static int
+lock_all (KEYDB_HANDLE hd)
+{
+ int i, rc = 0;
+
+ /* Fixme: This locking scheme may lead to deadlock if the resources
+ are not added in the same order by all processes. We are
+ currently only allowing one resource so it is not a problem. */
+ for (i=0; i < hd->used; i++)
+ {
+ switch (hd->active[i].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ if (hd->active[i].lockhandle)
+ rc = make_dotlock (hd->active[i].lockhandle, -1);
+ break;
+ }
+ if (rc)
+ break;
+ }
+
+ if (rc)
+ {
+ /* revert the already set locks */
+ for (i--; i >= 0; i--)
+ {
+ switch (hd->active[i].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ if (hd->active[i].lockhandle)
+ release_dotlock (hd->active[i].lockhandle);
+ break;
+ }
+ }
+ }
+ else
+ hd->locked = 1;
+
+ /* make_dotlock () does not yet guarantee that errno is set, thus
+ we can't rely on the error reason and will simply use
+ EACCES. */
+ return rc? gpg_error (GPG_ERR_EACCES) : 0;
+}
+
+static void
+unlock_all (KEYDB_HANDLE hd)
+{
+ int i;
+
+ if (!hd->locked)
+ return;
+
+ for (i=hd->used-1; i >= 0; i--)
+ {
+ switch (hd->active[i].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ if (hd->active[i].lockhandle)
+ release_dotlock (hd->active[i].lockhandle);
+ break;
+ }
+ }
+ hd->locked = 0;
+}
+
+
+#if 0
+/*
+ * Return the last found keybox. Caller must free it.
+ * The returned keyblock has the kbode flag bit 0 set for the node with
+ * the public key used to locate the keyblock or flag bit 1 set for
+ * the user ID node.
+ */
+int
+keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
+{
+ int rc = 0;
+
+ if (!hd)
+ return G10ERR_INV_ARG;
+
+ if ( hd->found < 0 || hd->found >= hd->used)
+ return -1; /* nothing found */
+
+ switch (hd->active[hd->found].type) {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ rc = G10ERR_GENERAL; /* oops */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ rc = keybox_get_keyblock (hd->active[hd->found].u.kr, ret_kb);
+ break;
+ }
+
+ return rc;
+}
+
+/*
+ * update the current keyblock with KB
+ */
+int
+keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb)
+{
+ int rc = 0;
+
+ if (!hd)
+ return G10ERR_INV_ARG;
+
+ if ( hd->found < 0 || hd->found >= hd->used)
+ return -1; /* nothing found */
+
+ if( opt.dry_run )
+ return 0;
+
+ if (!hd->locked)
+ return gpg_error (GPG_ERR_NOT_LOCKED);
+
+ switch (hd->active[hd->found].type) {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ rc = G10ERR_GENERAL; /* oops */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ rc = keybox_update_keyblock (hd->active[hd->found].u.kr, kb);
+ break;
+ }
+
+ unlock_all (hd);
+ return rc;
+}
+
+
+/*
+ * Insert a new KB into one of the resources.
+ */
+int
+keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
+{
+ int rc = -1;
+ int idx;
+
+ if (!hd)
+ return G10ERR_INV_ARG;
+
+ if( opt.dry_run )
+ return 0;
+
+ if ( hd->found >= 0 && hd->found < hd->used)
+ idx = hd->found;
+ else if ( hd->current >= 0 && hd->current < hd->used)
+ idx = hd->current;
+ else
+ return G10ERR_GENERAL;
+
+ rc = lock_all (hd);
+ if (rc)
+ return rc;
+
+ switch (hd->active[idx].type) {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ rc = G10ERR_GENERAL; /* oops */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ rc = keybox_insert_keyblock (hd->active[idx].u.kr, kb);
+ break;
+ }
+
+ unlock_all (hd);
+ return rc;
+}
+
+#endif /*disabled code*/
+
+
+
+/*
+ Return the last found object. Caller must free it. The returned
+ keyblock has the kbode flag bit 0 set for the node with the public
+ key used to locate the keyblock or flag bit 1 set for the user ID
+ node. */
+int
+keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert)
+{
+ int rc = 0;
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ if ( hd->found < 0 || hd->found >= hd->used)
+ return -1; /* nothing found */
+
+ switch (hd->active[hd->found].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ rc = gpg_error (GPG_ERR_GENERAL); /* oops */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ rc = keybox_get_cert (hd->active[hd->found].u.kr, r_cert);
+ break;
+ }
+
+ return rc;
+}
+
+/* Return a flag of the last found object. WHICH is the flag requested;
+ it should be one of the KEYBOX_FLAG_ values. If the operation is
+ successful, the flag value will be stored at the address given by
+ VALUE. Return 0 on success or an error code. */
+gpg_error_t
+keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value)
+{
+ int err = 0;
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ if ( hd->found < 0 || hd->found >= hd->used)
+ return gpg_error (GPG_ERR_NOTHING_FOUND);
+
+ switch (hd->active[hd->found].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ err = gpg_error (GPG_ERR_GENERAL); /* oops */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ err = keybox_get_flags (hd->active[hd->found].u.kr, which, idx, value);
+ break;
+ }
+
+ return err;
+}
+
+/* Set a flag of the last found object. WHICH is the flag to be set; it
+ should be one of the KEYBOX_FLAG_ values. If the operation is
+ successful, the flag value will be stored in the keybox. Note,
+ that some flag values can't be updated and thus may return an
+ error, some other flag values may be masked out before an update.
+ Returns 0 on success or an error code. */
+gpg_error_t
+keydb_set_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int value)
+{
+ int err = 0;
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ if ( hd->found < 0 || hd->found >= hd->used)
+ return gpg_error (GPG_ERR_NOTHING_FOUND);
+
+ if (!hd->locked)
+ return gpg_error (GPG_ERR_NOT_LOCKED);
+
+ switch (hd->active[hd->found].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ err = gpg_error (GPG_ERR_GENERAL); /* oops */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ err = keybox_set_flags (hd->active[hd->found].u.kr, which, idx, value);
+ break;
+ }
+
+ return err;
+}
+
+/*
+ * Insert a new Certificate into one of the resources.
+ */
+int
+keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
+{
+ int rc = -1;
+ int idx;
+ unsigned char digest[20];
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ if (opt.dry_run)
+ return 0;
+
+ if ( hd->found >= 0 && hd->found < hd->used)
+ idx = hd->found;
+ else if ( hd->current >= 0 && hd->current < hd->used)
+ idx = hd->current;
+ else
+ return gpg_error (GPG_ERR_GENERAL);
+
+ if (!hd->locked)
+ return gpg_error (GPG_ERR_NOT_LOCKED);
+
+ gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
+
+ switch (hd->active[idx].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ rc = gpg_error (GPG_ERR_GENERAL);
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ rc = keybox_insert_cert (hd->active[idx].u.kr, cert, digest);
+ break;
+ }
+
+ unlock_all (hd);
+ return rc;
+}
+
+
+
+/* Update the current keyblock with KB. */
+int
+keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
+{
+ int rc = 0;
+ unsigned char digest[20];
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ if ( hd->found < 0 || hd->found >= hd->used)
+ return -1; /* nothing found */
+
+ if (opt.dry_run)
+ return 0;
+
+ rc = lock_all (hd);
+ if (rc)
+ return rc;
+
+ gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
+
+ switch (hd->active[hd->found].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ rc = gpg_error (GPG_ERR_GENERAL); /* oops */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ rc = keybox_update_cert (hd->active[hd->found].u.kr, cert, digest);
+ break;
+ }
+
+ unlock_all (hd);
+ return rc;
+}
+
+
+/*
+ * The current keyblock or cert will be deleted.
+ */
+int
+keydb_delete (KEYDB_HANDLE hd, int unlock)
+{
+ int rc = -1;
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ if ( hd->found < 0 || hd->found >= hd->used)
+ return -1; /* nothing found */
+
+ if( opt.dry_run )
+ return 0;
+
+ if (!hd->locked)
+ return gpg_error (GPG_ERR_NOT_LOCKED);
+
+ switch (hd->active[hd->found].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ rc = gpg_error (GPG_ERR_GENERAL);
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ rc = keybox_delete (hd->active[hd->found].u.kr);
+ break;
+ }
+
+ if (unlock)
+ unlock_all (hd);
+ return rc;
+}
+
+
+
+/*
+ * Locate the default writable key resource, so that the next
+ * operation (which is only relevant for inserts) will be done on this
+ * resource.
+ */
+int
+keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
+{
+ int rc;
+
+ (void)reserved;
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ rc = keydb_search_reset (hd); /* this does reset hd->current */
+ if (rc)
+ return rc;
+
+ for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++)
+ {
+ switch (hd->active[hd->current].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ BUG();
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ if (keybox_is_writable (hd->active[hd->current].token))
+ return 0; /* found (hd->current is set to it) */
+ break;
+ }
+ }
+
+ return -1;
+}
+
+/*
+ * Rebuild the caches of all key resources.
+ */
+void
+keydb_rebuild_caches (void)
+{
+ int i;
+
+ for (i=0; i < used_resources; i++)
+ {
+ if (all_resources[i].secret)
+ continue;
+ switch (all_resources[i].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+/* rc = keybox_rebuild_cache (all_resources[i].token); */
+/* if (rc) */
+/* log_error (_("failed to rebuild keybox cache: %s\n"), */
+/* g10_errstr (rc)); */
+ break;
+ }
+ }
+}
+
+
+
+/*
+ * Start the next search on this handle right at the beginning
+ */
+int
+keydb_search_reset (KEYDB_HANDLE hd)
+{
+ int i, rc = 0;
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ hd->current = 0;
+ hd->found = -1;
+ /* and reset all resources */
+ for (i=0; !rc && i < hd->used; i++)
+ {
+ switch (hd->active[i].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ rc = keybox_search_reset (hd->active[i].u.kr);
+ break;
+ }
+ }
+ return rc; /* fixme: we need to map error codes or share them with
+ all modules*/
+}
+
+/*
+ * Search through all keydb resources, starting at the current position,
+ * for a keyblock which contains one of the keys described in the DESC array.
+ */
+int
+keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
+{
+ int rc = -1;
+
+ if (!hd)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ while (rc == -1 && hd->current >= 0 && hd->current < hd->used)
+ {
+ switch (hd->active[hd->current].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ BUG(); /* we should never see it here */
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ rc = keybox_search (hd->active[hd->current].u.kr, desc, ndesc);
+ break;
+ }
+ if (rc == -1) /* EOF -> switch to next resource */
+ hd->current++;
+ else if (!rc)
+ hd->found = hd->current;
+ }
+
+ return rc;
+}
+
+
+int
+keydb_search_first (KEYDB_HANDLE hd)
+{
+ KEYDB_SEARCH_DESC desc;
+
+ memset (&desc, 0, sizeof desc);
+ desc.mode = KEYDB_SEARCH_MODE_FIRST;
+ return keydb_search (hd, &desc, 1);
+}
+
+int
+keydb_search_next (KEYDB_HANDLE hd)
+{
+ KEYDB_SEARCH_DESC desc;
+
+ memset (&desc, 0, sizeof desc);
+ desc.mode = KEYDB_SEARCH_MODE_NEXT;
+ return keydb_search (hd, &desc, 1);
+}
+
+int
+keydb_search_kid (KEYDB_HANDLE hd, u32 *kid)
+{
+ KEYDB_SEARCH_DESC desc;
+
+ (void)kid;
+
+ memset (&desc, 0, sizeof desc);
+ desc.mode = KEYDB_SEARCH_MODE_LONG_KID;
+/* desc.u.kid[0] = kid[0]; */
+/* desc.u.kid[1] = kid[1]; */
+ return keydb_search (hd, &desc, 1);
+}
+
+int
+keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr)
+{
+ KEYDB_SEARCH_DESC desc;
+
+ memset (&desc, 0, sizeof desc);
+ desc.mode = KEYDB_SEARCH_MODE_FPR;
+ memcpy (desc.u.fpr, fpr, 20);
+ return keydb_search (hd, &desc, 1);
+}
+
+int
+keydb_search_issuer (KEYDB_HANDLE hd, const char *issuer)
+{
+ KEYDB_SEARCH_DESC desc;
+ int rc;
+
+ memset (&desc, 0, sizeof desc);
+ desc.mode = KEYDB_SEARCH_MODE_ISSUER;
+ desc.u.name = issuer;
+ rc = keydb_search (hd, &desc, 1);
+ return rc;
+}
+
+int
+keydb_search_issuer_sn (KEYDB_HANDLE hd,
+ const char *issuer, ksba_const_sexp_t serial)
+{
+ KEYDB_SEARCH_DESC desc;
+ int rc;
+ const unsigned char *s;
+
+ memset (&desc, 0, sizeof desc);
+ desc.mode = KEYDB_SEARCH_MODE_ISSUER_SN;
+ s = serial;
+ if (*s !='(')
+ return gpg_error (GPG_ERR_INV_VALUE);
+ s++;
+ for (desc.snlen = 0; digitp (s); s++)
+ desc.snlen = 10*desc.snlen + atoi_1 (s);
+ if (*s !=':')
+ return gpg_error (GPG_ERR_INV_VALUE);
+ desc.sn = s+1;
+ desc.u.name = issuer;
+ rc = keydb_search (hd, &desc, 1);
+ return rc;
+}
+
+int
+keydb_search_subject (KEYDB_HANDLE hd, const char *name)
+{
+ KEYDB_SEARCH_DESC desc;
+ int rc;
+
+ memset (&desc, 0, sizeof desc);
+ desc.mode = KEYDB_SEARCH_MODE_SUBJECT;
+ desc.u.name = name;
+ rc = keydb_search (hd, &desc, 1);
+ return rc;
+}
+
+
+static int
+classify_user_id (const char *name,
+ KEYDB_SEARCH_DESC *desc,
+ int *force_exact )
+{
+ const char *s;
+ int hexprefix = 0;
+ int hexlength;
+ int mode = 0;
+
+ /* clear the structure so that the mode field is set to zero unless
+ * we set it to the correct value right at the end of this function */
+ memset (desc, 0, sizeof *desc);
+ *force_exact = 0;
+ /* Skip leading spaces. Fixme: what about trailing white space? */
+ for(s = name; *s && spacep (s); s++ )
+ ;
+
+ switch (*s)
+ {
+ case 0: /* empty string is an error */
+ return 0;
+
+ case '.': /* an email address, compare from end */
+ mode = KEYDB_SEARCH_MODE_MAILEND;
+ s++;
+ desc->u.name = s;
+ break;
+
+ case '<': /* an email address */
+ mode = KEYDB_SEARCH_MODE_MAIL;
+ s++;
+ desc->u.name = s;
+ break;
+
+ case '@': /* part of an email address */
+ mode = KEYDB_SEARCH_MODE_MAILSUB;
+ s++;
+ desc->u.name = s;
+ break;
+
+ case '=': /* exact compare */
+ mode = KEYDB_SEARCH_MODE_EXACT;
+ s++;
+ desc->u.name = s;
+ break;
+
+ case '*': /* case insensitive substring search */
+ mode = KEYDB_SEARCH_MODE_SUBSTR;
+ s++;
+ desc->u.name = s;
+ break;
+
+ case '+': /* compare individual words */
+ mode = KEYDB_SEARCH_MODE_WORDS;
+ s++;
+ desc->u.name = s;
+ break;
+
+ case '/': /* subject's DN */
+ s++;
+ if (!*s || spacep (s))
+ return 0; /* no DN or prefixed with a space */
+ desc->u.name = s;
+ mode = KEYDB_SEARCH_MODE_SUBJECT;
+ break;
+
+ case '#':
+ {
+ const char *si;
+
+ s++;
+ if ( *s == '/')
+ { /* "#/" indicates an issuer's DN */
+ s++;
+ if (!*s || spacep (s))
+ return 0; /* no DN or prefixed with a space */
+ desc->u.name = s;
+ mode = KEYDB_SEARCH_MODE_ISSUER;
+ }
+ else
+ { /* serialnumber + optional issuer ID */
+ for (si=s; *si && *si != '/'; si++)
+ {
+ if (!strchr("01234567890abcdefABCDEF", *si))
+ return 0; /* invalid digit in serial number*/
+ }
+ desc->sn = (const unsigned char*)s;
+ desc->snlen = -1;
+ if (!*si)
+ mode = KEYDB_SEARCH_MODE_SN;
+ else
+ {
+ s = si+1;
+ if (!*s || spacep (s))
+ return 0; /* no DN or prefixed with a space */
+ desc->u.name = s;
+ mode = KEYDB_SEARCH_MODE_ISSUER_SN;
+ }
+ }
+ }
+ break;
+
+ case ':': /*Unified fingerprint */
+ {
+ const char *se, *si;
+ int i;
+
+ se = strchr (++s,':');
+ if (!se)
+ return 0;
+ for (i=0,si=s; si < se; si++, i++ )
+ {
+ if (!strchr("01234567890abcdefABCDEF", *si))
+ return 0; /* invalid digit */
+ }
+ if (i != 32 && i != 40)
+ return 0; /* invalid length of fpr*/
+ for (i=0,si=s; si < se; i++, si +=2)
+ desc->u.fpr[i] = hextobyte(si);
+ for (; i < 20; i++)
+ desc->u.fpr[i]= 0;
+ s = se + 1;
+ mode = KEYDB_SEARCH_MODE_FPR;
+ }
+ break;
+
+ case '&': /* Keygrip*/
+ {
+ if (hex2bin (s+1, desc->u.grip, 20) < 0)
+ return 0; /* Invalid. */
+ mode = KEYDB_SEARCH_MODE_KEYGRIP;
+ }
+ break;
+
+ default:
+ if (s[0] == '0' && s[1] == 'x')
+ {
+ hexprefix = 1;
+ s += 2;
+ }
+
+ hexlength = strspn(s, "0123456789abcdefABCDEF");
+ if (hexlength >= 8 && s[hexlength] =='!')
+ {
+ *force_exact = 1;
+ hexlength++; /* just for the following check */
+ }
+
+ /* check if a hexadecimal number is terminated by EOS or blank */
+ if (hexlength && s[hexlength] && !spacep (s+hexlength))
+ {
+ if (hexprefix) /* a "0x" prefix without correct */
+ return 0; /* termination is an error */
+ /* The first chars looked like a hex number, but really is
+ not */
+ hexlength = 0;
+ }
+
+ if (*force_exact)
+ hexlength--; /* remove the bang */
+
+ if (hexlength == 8
+ || (!hexprefix && hexlength == 9 && *s == '0'))
+ { /* short keyid */
+ unsigned long kid;
+ if (hexlength == 9)
+ s++;
+ kid = strtoul( s, NULL, 16 );
+ desc->u.kid[4] = kid >> 24;
+ desc->u.kid[5] = kid >> 16;
+ desc->u.kid[6] = kid >> 8;
+ desc->u.kid[7] = kid;
+ mode = KEYDB_SEARCH_MODE_SHORT_KID;
+ }
+ else if (hexlength == 16
+ || (!hexprefix && hexlength == 17 && *s == '0'))
+ { /* complete keyid */
+ unsigned long kid0, kid1;
+ char buf[9];
+ if (hexlength == 17)
+ s++;
+ mem2str(buf, s, 9 );
+ kid0 = strtoul (buf, NULL, 16);
+ kid1 = strtoul (s+8, NULL, 16);
+ desc->u.kid[0] = kid0 >> 24;
+ desc->u.kid[1] = kid0 >> 16;
+ desc->u.kid[2] = kid0 >> 8;
+ desc->u.kid[3] = kid0;
+ desc->u.kid[4] = kid1 >> 24;
+ desc->u.kid[5] = kid1 >> 16;
+ desc->u.kid[6] = kid1 >> 8;
+ desc->u.kid[7] = kid1;
+ mode = KEYDB_SEARCH_MODE_LONG_KID;
+ }
+ else if (hexlength == 32
+ || (!hexprefix && hexlength == 33 && *s == '0'))
+ { /* md5 fingerprint */
+ int i;
+ if (hexlength == 33)
+ s++;
+ memset(desc->u.fpr+16, 0, 4);
+ for (i=0; i < 16; i++, s+=2)
+ {
+ int c = hextobyte(s);
+ if (c == -1)
+ return 0;
+ desc->u.fpr[i] = c;
+ }
+ mode = KEYDB_SEARCH_MODE_FPR16;
+ }
+ else if (hexlength == 40
+ || (!hexprefix && hexlength == 41 && *s == '0'))
+ { /* sha1/rmd160 fingerprint */
+ int i;
+ if (hexlength == 41)
+ s++;
+ for (i=0; i < 20; i++, s+=2)
+ {
+ int c = hextobyte(s);
+ if (c == -1)
+ return 0;
+ desc->u.fpr[i] = c;
+ }
+ mode = KEYDB_SEARCH_MODE_FPR20;
+ }
+ else if (!hexprefix)
+ {
+ /* The fingerprint in an X.509 listing is often delimited by
+ colons, so we try to single this case out. */
+ mode = 0;
+ hexlength = strspn (s, ":0123456789abcdefABCDEF");
+ if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength)))
+ {
+ int i;
+
+ for (i=0; i < 20; i++, s += 3)
+ {
+ int c = hextobyte(s);
+ if (c == -1 || (i < 19 && s[2] != ':'))
+ break;
+ desc->u.fpr[i] = c;
+ }
+ if (i == 20)
+ mode = KEYDB_SEARCH_MODE_FPR20;
+ }
+ if (!mode) /* default is substring search */
+ {
+ *force_exact = 0;
+ desc->u.name = s;
+ mode = KEYDB_SEARCH_MODE_SUBSTR;
+ }
+ }
+ else
+ { /* hex number with a prefix but a wrong length */
+ return 0;
+ }
+ }
+
+ desc->mode = mode;
+ return mode;
+}
+
+
+int
+keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc)
+{
+ int dummy;
+ KEYDB_SEARCH_DESC dummy_desc;
+
+ if (!desc)
+ desc = &dummy_desc;
+
+ if (!classify_user_id (name, desc, &dummy))
+ return gpg_error (GPG_ERR_INV_NAME);
+ return 0;
+}
+
+
+/* Store the certificate in the key DB but make sure that it does not
+ already exists. We do this simply by comparing the fingerprint.
+ If EXISTED is not NULL it will be set to true if the certificate
+ was already in the DB. */
+int
+keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
+{
+ KEYDB_HANDLE kh;
+ int rc;
+ unsigned char fpr[20];
+
+ if (existed)
+ *existed = 0;
+
+ if (!gpgsm_get_fingerprint (cert, 0, fpr, NULL))
+ {
+ log_error (_("failed to get the fingerprint\n"));
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+
+ kh = keydb_new (0);
+ if (!kh)
+ {
+ log_error (_("failed to allocate keyDB handle\n"));
+ return gpg_error (GPG_ERR_ENOMEM);;
+ }
+
+ if (ephemeral)
+ keydb_set_ephemeral (kh, 1);
+
+ rc = lock_all (kh);
+ if (rc)
+ return rc;
+
+ rc = keydb_search_fpr (kh, fpr);
+ if (rc != -1)
+ {
+ keydb_release (kh);
+ if (!rc)
+ {
+ if (existed)
+ *existed = 1;
+ return 0; /* okay */
+ }
+ log_error (_("problem looking for existing certificate: %s\n"),
+ gpg_strerror (rc));
+ return rc;
+ }
+
+ rc = keydb_locate_writable (kh, 0);
+ if (rc)
+ {
+ log_error (_("error finding writable keyDB: %s\n"), gpg_strerror (rc));
+ keydb_release (kh);
+ return rc;
+ }
+
+ rc = keydb_insert_cert (kh, cert);
+ if (rc)
+ {
+ log_error (_("error storing certificate: %s\n"), gpg_strerror (rc));
+ keydb_release (kh);
+ return rc;
+ }
+ keydb_release (kh);
+ return 0;
+}
+
+
+/* This is basically keydb_set_flags but it implements a complete
+ transaction by locating the certificate in the DB and updating the
+ flags. */
+gpg_error_t
+keydb_set_cert_flags (ksba_cert_t cert, int ephemeral,
+ int which, int idx,
+ unsigned int mask, unsigned int value)
+{
+ KEYDB_HANDLE kh;
+ gpg_error_t err;
+ unsigned char fpr[20];
+ unsigned int old_value;
+
+ if (!gpgsm_get_fingerprint (cert, 0, fpr, NULL))
+ {
+ log_error (_("failed to get the fingerprint\n"));
+ return gpg_error (GPG_ERR_GENERAL);
+ }
+
+ kh = keydb_new (0);
+ if (!kh)
+ {
+ log_error (_("failed to allocate keyDB handle\n"));
+ return gpg_error (GPG_ERR_ENOMEM);;
+ }
+
+ if (ephemeral)
+ keydb_set_ephemeral (kh, 1);
+
+ err = keydb_lock (kh);
+ if (err)
+ {
+ log_error (_("error locking keybox: %s\n"), gpg_strerror (err));
+ keydb_release (kh);
+ return err;
+ }
+
+ err = keydb_search_fpr (kh, fpr);
+ if (err)
+ {
+ if (err == -1)
+ err = gpg_error (GPG_ERR_NOT_FOUND);
+ else
+ log_error (_("problem re-searching certificate: %s\n"),
+ gpg_strerror (err));
+ keydb_release (kh);
+ return err;
+ }
+
+ err = keydb_get_flags (kh, which, idx, &old_value);
+ if (err)
+ {
+ log_error (_("error getting stored flags: %s\n"), gpg_strerror (err));
+ keydb_release (kh);
+ return err;
+ }
+
+ value = ((old_value & ~mask) | (value & mask));
+
+ if (value != old_value)
+ {
+ err = keydb_set_flags (kh, which, idx, value);
+ if (err)
+ {
+ log_error (_("error storing flags: %s\n"), gpg_strerror (err));
+ keydb_release (kh);
+ return err;
+ }
+ }
+
+ keydb_release (kh);
+ return 0;
+}
+
+
+/* Reset all the certificate flags we have stored with the certificates
+ for performance reasons. */
+void
+keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
+{
+ gpg_error_t err;
+ KEYDB_HANDLE hd = NULL;
+ KEYDB_SEARCH_DESC *desc = NULL;
+ int ndesc;
+ strlist_t sl;
+ int rc=0;
+ unsigned int old_value, value;
+
+ (void)ctrl;
+
+ hd = keydb_new (0);
+ if (!hd)
+ {
+ log_error ("keydb_new failed\n");
+ goto leave;
+ }
+
+ if (!names)
+ ndesc = 1;
+ else
+ {
+ for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++)
+ ;
+ }
+
+ desc = xtrycalloc (ndesc, sizeof *desc);
+ if (!ndesc)
+ {
+ log_error ("allocating memory failed: %s\n",
+ gpg_strerror (out_of_core ()));
+ goto leave;
+ }
+
+ if (!names)
+ desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
+ else
+ {
+ for (ndesc=0, sl=names; sl; sl = sl->next)
+ {
+ rc = keydb_classify_name (sl->d, desc+ndesc);
+ if (rc)
+ {
+ log_error ("key `%s' not found: %s\n",
+ sl->d, gpg_strerror (rc));
+ rc = 0;
+ }
+ else
+ ndesc++;
+ }
+ }
+
+ err = keydb_lock (hd);
+ if (err)
+ {
+ log_error (_("error locking keybox: %s\n"), gpg_strerror (err));
+ goto leave;
+ }
+
+ while (!(rc = keydb_search (hd, desc, ndesc)))
+ {
+ if (!names)
+ desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
+
+ err = keydb_get_flags (hd, KEYBOX_FLAG_VALIDITY, 0, &old_value);
+ if (err)
+ {
+ log_error (_("error getting stored flags: %s\n"),
+ gpg_strerror (err));
+ goto leave;
+ }
+
+ value = (old_value & ~VALIDITY_REVOKED);
+ if (value != old_value)
+ {
+ err = keydb_set_flags (hd, KEYBOX_FLAG_VALIDITY, 0, value);
+ if (err)
+ {
+ log_error (_("error storing flags: %s\n"), gpg_strerror (err));
+ goto leave;
+ }
+ }
+ }
+ if (rc && rc != -1)
+ log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
+
+ leave:
+ xfree (desc);
+ keydb_release (hd);
+}
+
+
diff --git a/sm/keydb.h b/sm/keydb.h
new file mode 100644
index 0000000..a440c50
--- /dev/null
+++ b/sm/keydb.h
@@ -0,0 +1,86 @@
+/* keydb.h - Key database
+ * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_KEYDB_H
+#define GNUPG_KEYDB_H
+
+#include <ksba.h>
+
+#include "../kbx/keybox-search-desc.h"
+
+typedef struct keydb_handle *KEYDB_HANDLE;
+
+/* Flag value used with KEYBOX_FLAG_VALIDITY. */
+#define VALIDITY_REVOKED (1<<5)
+
+
+/*-- keydb.c --*/
+int keydb_add_resource (const char *url, int force, int secret,
+ int *auto_created);
+KEYDB_HANDLE keydb_new (int secret);
+void keydb_release (KEYDB_HANDLE hd);
+int keydb_set_ephemeral (KEYDB_HANDLE hd, int yes);
+const char *keydb_get_resource_name (KEYDB_HANDLE hd);
+gpg_error_t keydb_lock (KEYDB_HANDLE hd);
+
+#if 0 /* pgp stuff */
+int keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb);
+int keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb);
+int keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb);
+#endif
+
+gpg_error_t keydb_get_flags (KEYDB_HANDLE hd, int which, int idx,
+ unsigned int *value);
+gpg_error_t keydb_set_flags (KEYDB_HANDLE hd, int which, int idx,
+ unsigned int value);
+int keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert);
+int keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert);
+int keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert);
+
+int keydb_delete (KEYDB_HANDLE hd, int unlock);
+
+int keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved);
+void keydb_rebuild_caches (void);
+
+int keydb_search_reset (KEYDB_HANDLE hd);
+int keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc);
+int keydb_search_first (KEYDB_HANDLE hd);
+int keydb_search_next (KEYDB_HANDLE hd);
+int keydb_search_kid (KEYDB_HANDLE hd, u32 *kid);
+int keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr);
+int keydb_search_issuer (KEYDB_HANDLE hd, const char *issuer);
+int keydb_search_issuer_sn (KEYDB_HANDLE hd,
+ const char *issuer, const unsigned char *serial);
+int keydb_search_subject (KEYDB_HANDLE hd, const char *issuer);
+
+int keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc);
+
+int keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed);
+gpg_error_t keydb_set_cert_flags (ksba_cert_t cert, int ephemeral,
+ int which, int idx,
+ unsigned int mask, unsigned int value);
+
+void keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names);
+
+
+#endif /*GNUPG_KEYDB_H*/
+
+
+
+
diff --git a/sm/keylist.c b/sm/keylist.c
new file mode 100644
index 0000000..9b8538c
--- /dev/null
+++ b/sm/keylist.c
@@ -0,0 +1,1562 @@
+/* keylist.c - Print certificates in various formats.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003,
+ * 2004, 2005, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+
+#include "gpgsm.h"
+
+#include <gcrypt.h>
+#include <ksba.h>
+
+#include "keydb.h"
+#include "../kbx/keybox.h" /* for KEYBOX_FLAG_* */
+#include "i18n.h"
+#include "tlv.h"
+
+struct list_external_parm_s
+{
+ ctrl_t ctrl;
+ estream_t fp;
+ int print_header;
+ int with_colons;
+ int with_chain;
+ int raw_mode;
+};
+
+
+/* This table is to map Extended Key Usage OIDs to human readable
+ names. */
+struct
+{
+ const char *oid;
+ const char *name;
+} key_purpose_map[] = {
+ { "1.3.6.1.5.5.7.3.1", "serverAuth" },
+ { "1.3.6.1.5.5.7.3.2", "clientAuth" },
+ { "1.3.6.1.5.5.7.3.3", "codeSigning" },
+ { "1.3.6.1.5.5.7.3.4", "emailProtection" },
+ { "1.3.6.1.5.5.7.3.5", "ipsecEndSystem" },
+ { "1.3.6.1.5.5.7.3.6", "ipsecTunnel" },
+ { "1.3.6.1.5.5.7.3.7", "ipsecUser" },
+ { "1.3.6.1.5.5.7.3.8", "timeStamping" },
+ { "1.3.6.1.5.5.7.3.9", "ocspSigning" },
+ { "1.3.6.1.5.5.7.3.10", "dvcs" },
+ { "1.3.6.1.5.5.7.3.11", "sbgpCertAAServerAuth" },
+ { "1.3.6.1.5.5.7.3.13", "eapOverPPP" },
+ { "1.3.6.1.5.5.7.3.14", "wlanSSID" },
+
+ { "2.16.840.1.113730.4.1", "serverGatedCrypto.ns" }, /* Netscape. */
+ { "1.3.6.1.4.1.311.10.3.3", "serverGatedCrypto.ms"}, /* Microsoft. */
+
+ { "1.3.6.1.5.5.7.48.1.5", "ocspNoCheck" },
+
+ { NULL, NULL }
+};
+
+
+/* Do not print this extension in the list of extensions. This is set
+ for oids which are already available via ksba fucntions. */
+#define OID_FLAG_SKIP 1
+/* The extension is a simple UTF8String and should be printed. */
+#define OID_FLAG_UTF8 2
+
+/* A table mapping OIDs to a descriptive string. */
+static struct
+{
+ char *oid;
+ char *name;
+ unsigned int flag; /* A flag as described above. */
+} oidtranstbl[] = {
+
+ /* Algorithms. */
+ { "1.2.840.10040.4.1", "dsa" },
+ { "1.2.840.10040.4.3", "dsaWithSha1" },
+
+ { "1.2.840.113549.1.1.1", "rsaEncryption" },
+ { "1.2.840.113549.1.1.2", "md2WithRSAEncryption" },
+ { "1.2.840.113549.1.1.3", "md4WithRSAEncryption" },
+ { "1.2.840.113549.1.1.4", "md5WithRSAEncryption" },
+ { "1.2.840.113549.1.1.5", "sha1WithRSAEncryption" },
+ { "1.2.840.113549.1.1.7", "rsaOAEP" },
+ { "1.2.840.113549.1.1.8", "rsaOAEP-MGF" },
+ { "1.2.840.113549.1.1.9", "rsaOAEP-pSpecified" },
+ { "1.2.840.113549.1.1.10", "rsaPSS" },
+ { "1.2.840.113549.1.1.11", "sha256WithRSAEncryption" },
+ { "1.2.840.113549.1.1.12", "sha384WithRSAEncryption" },
+ { "1.2.840.113549.1.1.13", "sha512WithRSAEncryption" },
+
+ { "1.3.14.3.2.26", "sha1" },
+ { "1.3.14.3.2.29", "sha-1WithRSAEncryption" },
+ { "1.3.36.3.3.1.2", "rsaSignatureWithripemd160" },
+
+
+ /* Telesec extensions. */
+ { "0.2.262.1.10.12.0", "certExtensionLiabilityLimitationExt" },
+ { "0.2.262.1.10.12.1", "telesecCertIdExt" },
+ { "0.2.262.1.10.12.2", "telesecPolicyIdentifier" },
+ { "0.2.262.1.10.12.3", "telesecPolicyQualifierID" },
+ { "0.2.262.1.10.12.4", "telesecCRLFilteredExt" },
+ { "0.2.262.1.10.12.5", "telesecCRLFilterExt"},
+ { "0.2.262.1.10.12.6", "telesecNamingAuthorityExt" },
+#define OIDSTR_restriction \
+ "1.3.36.8.3.8"
+ { OIDSTR_restriction, "restriction", OID_FLAG_UTF8 },
+
+
+ /* PKIX private extensions. */
+ { "1.3.6.1.5.5.7.1.1", "authorityInfoAccess" },
+ { "1.3.6.1.5.5.7.1.2", "biometricInfo" },
+ { "1.3.6.1.5.5.7.1.3", "qcStatements" },
+ { "1.3.6.1.5.5.7.1.4", "acAuditIdentity" },
+ { "1.3.6.1.5.5.7.1.5", "acTargeting" },
+ { "1.3.6.1.5.5.7.1.6", "acAaControls" },
+ { "1.3.6.1.5.5.7.1.7", "sbgp-ipAddrBlock" },
+ { "1.3.6.1.5.5.7.1.8", "sbgp-autonomousSysNum" },
+ { "1.3.6.1.5.5.7.1.9", "sbgp-routerIdentifier" },
+ { "1.3.6.1.5.5.7.1.10", "acProxying" },
+ { "1.3.6.1.5.5.7.1.11", "subjectInfoAccess" },
+
+ { "1.3.6.1.5.5.7.48.1", "ocsp" },
+ { "1.3.6.1.5.5.7.48.2", "caIssuers" },
+ { "1.3.6.1.5.5.7.48.3", "timeStamping" },
+ { "1.3.6.1.5.5.7.48.5", "caRepository" },
+
+ /* X.509 id-ce */
+ { "2.5.29.14", "subjectKeyIdentifier", OID_FLAG_SKIP},
+ { "2.5.29.15", "keyUsage", OID_FLAG_SKIP},
+ { "2.5.29.16", "privateKeyUsagePeriod" },
+ { "2.5.29.17", "subjectAltName", OID_FLAG_SKIP},
+ { "2.5.29.18", "issuerAltName", OID_FLAG_SKIP},
+ { "2.5.29.19", "basicConstraints", OID_FLAG_SKIP},
+ { "2.5.29.20", "cRLNumber" },
+ { "2.5.29.21", "cRLReason" },
+ { "2.5.29.22", "expirationDate" },
+ { "2.5.29.23", "instructionCode" },
+ { "2.5.29.24", "invalidityDate" },
+ { "2.5.29.27", "deltaCRLIndicator" },
+ { "2.5.29.28", "issuingDistributionPoint" },
+ { "2.5.29.29", "certificateIssuer" },
+ { "2.5.29.30", "nameConstraints" },
+ { "2.5.29.31", "cRLDistributionPoints", OID_FLAG_SKIP},
+ { "2.5.29.32", "certificatePolicies", OID_FLAG_SKIP},
+ { "2.5.29.32.0", "anyPolicy" },
+ { "2.5.29.33", "policyMappings" },
+ { "2.5.29.35", "authorityKeyIdentifier", OID_FLAG_SKIP},
+ { "2.5.29.36", "policyConstraints" },
+ { "2.5.29.37", "extKeyUsage", OID_FLAG_SKIP},
+ { "2.5.29.46", "freshestCRL" },
+ { "2.5.29.54", "inhibitAnyPolicy" },
+
+ /* Netscape certificate extensions. */
+ { "2.16.840.1.113730.1.1", "netscape-cert-type" },
+ { "2.16.840.1.113730.1.2", "netscape-base-url" },
+ { "2.16.840.1.113730.1.3", "netscape-revocation-url" },
+ { "2.16.840.1.113730.1.4", "netscape-ca-revocation-url" },
+ { "2.16.840.1.113730.1.7", "netscape-cert-renewal-url" },
+ { "2.16.840.1.113730.1.8", "netscape-ca-policy-url" },
+ { "2.16.840.1.113730.1.9", "netscape-homePage-url" },
+ { "2.16.840.1.113730.1.10", "netscape-entitylogo" },
+ { "2.16.840.1.113730.1.11", "netscape-userPicture" },
+ { "2.16.840.1.113730.1.12", "netscape-ssl-server-name" },
+ { "2.16.840.1.113730.1.13", "netscape-comment" },
+
+ /* GnuPG extensions */
+ { "1.3.6.1.4.1.11591.2.1.1", "pkaAddress" },
+
+ /* Extensions used by the Bundesnetzagentur. */
+ { "1.3.6.1.4.1.8301.3.5", "validityModel" },
+
+ { NULL }
+};
+
+
+/* Return the description for OID; if no description is available
+ NULL is returned. */
+static const char *
+get_oid_desc (const char *oid, unsigned int *flag)
+{
+ int i;
+
+ if (oid)
+ for (i=0; oidtranstbl[i].oid; i++)
+ if (!strcmp (oidtranstbl[i].oid, oid))
+ {
+ if (flag)
+ *flag = oidtranstbl[i].flag;
+ return oidtranstbl[i].name;
+ }
+ if (flag)
+ *flag = 0;
+ return NULL;
+}
+
+
+static void
+print_key_data (ksba_cert_t cert, estream_t fp)
+{
+#if 0
+ int n = pk ? pubkey_get_npkey( pk->pubkey_algo ) : 0;
+ int i;
+
+ for(i=0; i < n; i++ )
+ {
+ es_fprintf (fp, "pkd:%d:%u:", i, mpi_get_nbits( pk->pkey[i] ) );
+ mpi_print(stdout, pk->pkey[i], 1 );
+ putchar(':');
+ putchar('\n');
+ }
+#else
+ (void)cert;
+ (void)fp;
+#endif
+}
+
+static void
+print_capabilities (ksba_cert_t cert, estream_t fp)
+{
+ gpg_error_t err;
+ unsigned int use;
+ size_t buflen;
+ char buffer[1];
+
+ err = ksba_cert_get_user_data (cert, "is_qualified",
+ &buffer, sizeof (buffer), &buflen);
+ if (!err && buflen)
+ {
+ if (*buffer)
+ es_putc ('q', fp);
+ }
+ else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
+ ; /* Don't know - will not get marked as 'q' */
+ else
+ log_debug ("get_user_data(is_qualified) failed: %s\n",
+ gpg_strerror (err));
+
+ err = ksba_cert_get_key_usage (cert, &use);
+ if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+ {
+ es_putc ('e', fp);
+ es_putc ('s', fp);
+ es_putc ('c', fp);
+ es_putc ('E', fp);
+ es_putc ('S', fp);
+ es_putc ('C', fp);
+ return;
+ }
+ if (err)
+ {
+ log_error (_("error getting key usage information: %s\n"),
+ gpg_strerror (err));
+ return;
+ }
+
+ if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))
+ es_putc ('e', fp);
+ if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
+ es_putc ('s', fp);
+ if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN))
+ es_putc ('c', fp);
+ if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))
+ es_putc ('E', fp);
+ if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
+ es_putc ('S', fp);
+ if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN))
+ es_putc ('C', fp);
+
+ es_putc (':', fp);
+}
+
+
+static void
+print_time (gnupg_isotime_t t, estream_t fp)
+{
+ if (!t || !*t)
+ ;
+ else
+ es_fputs (t, fp);
+}
+
+
+/* Return an allocated string with the email address extracted from a
+ DN. Note hat we use this code also in ../kbx/keybox-blob.c. */
+static char *
+email_kludge (const char *name)
+{
+ const char *p, *string;
+ unsigned char *buf;
+ int n;
+
+ string = name;
+ for (;;)
+ {
+ p = strstr (string, "1.2.840.113549.1.9.1=#");
+ if (!p)
+ return NULL;
+ if (p == name || (p > string+1 && p[-1] == ',' && p[-2] != '\\'))
+ {
+ name = p + 22;
+ break;
+ }
+ string = p + 22;
+ }
+
+
+ /* This looks pretty much like an email address in the subject's DN
+ we use this to add an additional user ID entry. This way,
+ OpenSSL generated keys get a nicer and usable listing. */
+ for (n=0, p=name; hexdigitp (p) && hexdigitp (p+1); p +=2, n++)
+ ;
+ if (!n)
+ return NULL;
+ buf = xtrymalloc (n+3);
+ if (!buf)
+ return NULL; /* oops, out of core */
+ *buf = '<';
+ for (n=1, p=name; hexdigitp (p); p +=2, n++)
+ buf[n] = xtoi_2 (p);
+ buf[n++] = '>';
+ buf[n] = 0;
+ return (char*)buf;
+}
+
+
+
+
+/* List one certificate in colon mode */
+static void
+list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
+ estream_t fp, int have_secret)
+{
+ int rc;
+ int idx;
+ char truststring[2];
+ char *p;
+ ksba_sexp_t sexp;
+ char *fpr;
+ ksba_isotime_t t;
+ gpg_error_t valerr;
+ int algo;
+ unsigned int nbits;
+ const char *chain_id;
+ char *chain_id_buffer = NULL;
+ int is_root = 0;
+ char *kludge_uid;
+
+ if (ctrl->with_validation)
+ valerr = gpgsm_validate_chain (ctrl, cert, "", NULL, 1, NULL, 0, NULL);
+ else
+ valerr = 0;
+
+
+ /* We need to get the fingerprint and the chaining ID in advance. */
+ fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+ {
+ ksba_cert_t next;
+
+ rc = gpgsm_walk_cert_chain (ctrl, cert, &next);
+ if (!rc) /* We known the issuer's certificate. */
+ {
+ p = gpgsm_get_fingerprint_hexstring (next, GCRY_MD_SHA1);
+ chain_id_buffer = p;
+ chain_id = chain_id_buffer;
+ ksba_cert_release (next);
+ }
+ else if (rc == -1) /* We have reached the root certificate. */
+ {
+ chain_id = fpr;
+ is_root = 1;
+ }
+ else
+ chain_id = NULL;
+ }
+
+
+ es_fputs (have_secret? "crs:":"crt:", fp);
+
+ /* Note: We can't use multiple flags, like "ei", because the
+ validation check does only return one error. */
+ truststring[0] = 0;
+ truststring[1] = 0;
+ if ((validity & VALIDITY_REVOKED)
+ || gpg_err_code (valerr) == GPG_ERR_CERT_REVOKED)
+ *truststring = 'r';
+ else if (gpg_err_code (valerr) == GPG_ERR_CERT_EXPIRED)
+ *truststring = 'e';
+ else
+ {
+ /* Lets also check whether the certificate under question
+ expired. This is merely a hack until we found a proper way
+ to store the expiration flag in the keybox. */
+ ksba_isotime_t current_time, not_after;
+
+ gnupg_get_isotime (current_time);
+ if (!opt.ignore_expiration
+ && !ksba_cert_get_validity (cert, 1, not_after)
+ && *not_after && strcmp (current_time, not_after) > 0 )
+ *truststring = 'e';
+ else if (valerr)
+ *truststring = 'i';
+ else if (ctrl->with_validation && !is_root)
+ *truststring = 'f';
+ }
+
+ /* If we have no truststring yet (i.e. the certificate might be
+ good) and this is a root certificate, we ask the agent whether
+ this is a trusted root certificate. */
+ if (!*truststring && is_root)
+ {
+ struct rootca_flags_s dummy_flags;
+
+ rc = gpgsm_agent_istrusted (ctrl, cert, NULL, &dummy_flags);
+ if (!rc)
+ *truststring = 'u'; /* Yes, we trust this one (ultimately). */
+ else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
+ *truststring = 'n'; /* No, we do not trust this one. */
+ /* (in case of an error we can't tell anything.) */
+ }
+
+ if (*truststring)
+ es_fputs (truststring, fp);
+
+ algo = gpgsm_get_key_algo_info (cert, &nbits);
+ es_fprintf (fp, ":%u:%d:%s:", nbits, algo, fpr+24);
+
+ /* We assume --fixed-list-mode for gpgsm */
+ ksba_cert_get_validity (cert, 0, t);
+ print_time (t, fp);
+ es_putc (':', fp);
+ ksba_cert_get_validity (cert, 1, t);
+ print_time ( t, fp);
+ es_putc (':', fp);
+ /* Field 8, serial number: */
+ if ((sexp = ksba_cert_get_serial (cert)))
+ {
+ int len;
+ const unsigned char *s = sexp;
+
+ if (*s == '(')
+ {
+ s++;
+ for (len=0; *s && *s != ':' && digitp (s); s++)
+ len = len*10 + atoi_1 (s);
+ if (*s == ':')
+ for (s++; len; len--, s++)
+ es_fprintf (fp,"%02X", *s);
+ }
+ xfree (sexp);
+ }
+ es_putc (':', fp);
+ /* Field 9, ownertrust - not used here */
+ es_putc (':', fp);
+ /* field 10, old user ID - we use it here for the issuer DN */
+ if ((p = ksba_cert_get_issuer (cert,0)))
+ {
+ es_write_sanitized (fp, p, strlen (p), ":", NULL);
+ xfree (p);
+ }
+ es_putc (':', fp);
+ /* Field 11, signature class - not used */
+ es_putc (':', fp);
+ /* Field 12, capabilities: */
+ print_capabilities (cert, fp);
+ /* Field 13, not used: */
+ es_putc (':', fp);
+ if (have_secret)
+ {
+ char *cardsn;
+
+ p = gpgsm_get_keygrip_hexstring (cert);
+ if (!gpgsm_agent_keyinfo (ctrl, p, &cardsn) && cardsn)
+ {
+ /* Field 14, not used: */
+ es_putc (':', fp);
+ /* Field 15: Token serial number. */
+ es_fputs (cardsn, fp);
+ es_putc (':', fp);
+ }
+ xfree (cardsn);
+ xfree (p);
+ }
+ es_putc ('\n', fp);
+
+ /* FPR record */
+ es_fprintf (fp, "fpr:::::::::%s:::", fpr);
+ /* Print chaining ID (field 13)*/
+ if (chain_id)
+ es_fputs (chain_id, fp);
+ es_putc (':', fp);
+ es_putc ('\n', fp);
+ xfree (fpr); fpr = NULL; chain_id = NULL;
+ xfree (chain_id_buffer); chain_id_buffer = NULL;
+
+ if (opt.with_key_data)
+ {
+ if ( (p = gpgsm_get_keygrip_hexstring (cert)))
+ {
+ es_fprintf (fp, "grp:::::::::%s:\n", p);
+ xfree (p);
+ }
+ print_key_data (cert, fp);
+ }
+
+ kludge_uid = NULL;
+ for (idx=0; (p = ksba_cert_get_subject (cert,idx)); idx++)
+ {
+ /* In the case that the same email address is in the subject DN
+ as well as in an alternate subject name we avoid printing it
+ a second time. */
+ if (kludge_uid && !strcmp (kludge_uid, p))
+ continue;
+
+ es_fprintf (fp, "uid:%s::::::::", truststring);
+ es_write_sanitized (fp, p, strlen (p), ":", NULL);
+ es_putc (':', fp);
+ es_putc (':', fp);
+ es_putc ('\n', fp);
+ if (!idx)
+ {
+ /* It would be better to get the faked email address from
+ the keydb. But as long as we don't have a way to pass
+ the meta data back, we just check it the same way as the
+ code used to create the keybox meta data does */
+ kludge_uid = email_kludge (p);
+ if (kludge_uid)
+ {
+ es_fprintf (fp, "uid:%s::::::::", truststring);
+ es_write_sanitized (fp, kludge_uid, strlen (kludge_uid),
+ ":", NULL);
+ es_putc (':', fp);
+ es_putc (':', fp);
+ es_putc ('\n', fp);
+ }
+ }
+ xfree (p);
+ }
+ xfree (kludge_uid);
+}
+
+
+static void
+print_name_raw (estream_t fp, const char *string)
+{
+ if (!string)
+ es_fputs ("[error]", fp);
+ else
+ es_write_sanitized (fp, string, strlen (string), NULL, NULL);
+}
+
+static void
+print_names_raw (estream_t fp, int indent, ksba_name_t name)
+{
+ int idx;
+ const char *s;
+ int indent_all;
+
+ if ((indent_all = (indent < 0)))
+ indent = - indent;
+
+ if (!name)
+ {
+ es_fputs ("none\n", fp);
+ return;
+ }
+
+ for (idx=0; (s = ksba_name_enum (name, idx)); idx++)
+ {
+ char *p = ksba_name_get_uri (name, idx);
+ es_fprintf (fp, "%*s", idx||indent_all?indent:0, "");
+ es_write_sanitized (fp, p?p:s, strlen (p?p:s), NULL, NULL);
+ es_putc ('\n', fp);
+ xfree (p);
+ }
+}
+
+
+static void
+print_utf8_extn_raw (estream_t fp, int indent,
+ const unsigned char *der, size_t derlen)
+{
+ gpg_error_t err;
+ int class, tag, constructed, ndef;
+ size_t objlen, hdrlen;
+
+ if (indent < 0)
+ indent = - indent;
+
+ err = parse_ber_header (&der, &derlen, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > derlen || tag != TAG_UTF8_STRING))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ {
+ es_fprintf (fp, "%*s[%s]\n", indent, "", gpg_strerror (err));
+ return;
+ }
+ es_fprintf (fp, "%*s(%.*s)\n", indent, "", (int)objlen, der);
+}
+
+
+static void
+print_utf8_extn (estream_t fp, int indent,
+ const unsigned char *der, size_t derlen)
+{
+ gpg_error_t err;
+ int class, tag, constructed, ndef;
+ size_t objlen, hdrlen;
+ int indent_all;
+
+ if ((indent_all = (indent < 0)))
+ indent = - indent;
+
+ err = parse_ber_header (&der, &derlen, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (!err && (objlen > derlen || tag != TAG_UTF8_STRING))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ if (err)
+ {
+ es_fprintf (fp, "%*s[%s%s]\n",
+ indent_all? indent:0, "", _("Error - "), gpg_strerror (err));
+ return;
+ }
+ es_fprintf (fp, "%*s\"", indent_all? indent:0, "");
+ /* Fixme: we should implement word wrapping */
+ es_write_sanitized (fp, der, objlen, "\"", NULL);
+ es_fputs ("\"\n", fp);
+}
+
+
+/* List one certificate in raw mode useful to have a closer look at
+ the certificate. This one does no beautification and only minimal
+ output sanitation. It is mainly useful for debugging. */
+static void
+list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
+ ksba_cert_t cert, estream_t fp, int have_secret,
+ int with_validation)
+{
+ gpg_error_t err;
+ size_t off, len;
+ ksba_sexp_t sexp, keyid;
+ char *dn;
+ ksba_isotime_t t;
+ int idx, i;
+ int is_ca, chainlen;
+ unsigned int kusage;
+ char *string, *p, *pend;
+ const char *oid, *s;
+ ksba_name_t name, name2;
+ unsigned int reason;
+ const unsigned char *cert_der = NULL;
+
+ (void)have_secret;
+
+ es_fprintf (fp, " ID: 0x%08lX\n",
+ gpgsm_get_short_fingerprint (cert, NULL));
+
+ sexp = ksba_cert_get_serial (cert);
+ es_fputs (" S/N: ", fp);
+ gpgsm_print_serial (fp, sexp);
+ ksba_free (sexp);
+ es_putc ('\n', fp);
+
+ dn = ksba_cert_get_issuer (cert, 0);
+ es_fputs (" Issuer: ", fp);
+ print_name_raw (fp, dn);
+ ksba_free (dn);
+ es_putc ('\n', fp);
+ for (idx=1; (dn = ksba_cert_get_issuer (cert, idx)); idx++)
+ {
+ es_fputs (" aka: ", fp);
+ print_name_raw (fp, dn);
+ ksba_free (dn);
+ es_putc ('\n', fp);
+ }
+
+ dn = ksba_cert_get_subject (cert, 0);
+ es_fputs (" Subject: ", fp);
+ print_name_raw (fp, dn);
+ ksba_free (dn);
+ es_putc ('\n', fp);
+ for (idx=1; (dn = ksba_cert_get_subject (cert, idx)); idx++)
+ {
+ es_fputs (" aka: ", fp);
+ print_name_raw (fp, dn);
+ ksba_free (dn);
+ es_putc ('\n', fp);
+ }
+
+ dn = gpgsm_get_fingerprint_string (cert, 0);
+ es_fprintf (fp, " sha1_fpr: %s\n", dn?dn:"error");
+ xfree (dn);
+
+ dn = gpgsm_get_fingerprint_string (cert, GCRY_MD_MD5);
+ es_fprintf (fp, " md5_fpr: %s\n", dn?dn:"error");
+ xfree (dn);
+
+ dn = gpgsm_get_certid (cert);
+ es_fprintf (fp, " certid: %s\n", dn?dn:"error");
+ xfree (dn);
+
+ dn = gpgsm_get_keygrip_hexstring (cert);
+ es_fprintf (fp, " keygrip: %s\n", dn?dn:"error");
+ xfree (dn);
+
+ ksba_cert_get_validity (cert, 0, t);
+ es_fputs (" notBefore: ", fp);
+ gpgsm_print_time (fp, t);
+ es_putc ('\n', fp);
+ es_fputs (" notAfter: ", fp);
+ ksba_cert_get_validity (cert, 1, t);
+ gpgsm_print_time (fp, t);
+ es_putc ('\n', fp);
+
+ oid = ksba_cert_get_digest_algo (cert);
+ s = get_oid_desc (oid, NULL);
+ es_fprintf (fp, " hashAlgo: %s%s%s%s\n", oid, s?" (":"",s?s:"",s?")":"");
+
+ {
+ const char *algoname;
+ unsigned int nbits;
+
+ algoname = gcry_pk_algo_name (gpgsm_get_key_algo_info (cert, &nbits));
+ es_fprintf (fp, " keyType: %u bit %s\n",
+ nbits, algoname? algoname:"?");
+ }
+
+ /* subjectKeyIdentifier */
+ es_fputs (" subjKeyId: ", fp);
+ err = ksba_cert_get_subj_key_id (cert, NULL, &keyid);
+ if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
+ {
+ if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+ es_fputs ("[none]\n", fp);
+ else
+ {
+ gpgsm_print_serial (fp, keyid);
+ ksba_free (keyid);
+ es_putc ('\n', fp);
+ }
+ }
+ else
+ es_fputs ("[?]\n", fp);
+
+
+ /* authorityKeyIdentifier */
+ es_fputs (" authKeyId: ", fp);
+ err = ksba_cert_get_auth_key_id (cert, &keyid, &name, &sexp);
+ if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)
+ {
+ if (gpg_err_code (err) == GPG_ERR_NO_DATA || !name)
+ es_fputs ("[none]\n", fp);
+ else
+ {
+ gpgsm_print_serial (fp, sexp);
+ ksba_free (sexp);
+ es_putc ('\n', fp);
+ print_names_raw (fp, -15, name);
+ ksba_name_release (name);
+ }
+ if (keyid)
+ {
+ es_fputs (" authKeyId.ki: ", fp);
+ gpgsm_print_serial (fp, keyid);
+ ksba_free (keyid);
+ es_putc ('\n', fp);
+ }
+ }
+ else
+ es_fputs ("[?]\n", fp);
+
+ es_fputs (" keyUsage:", fp);
+ err = ksba_cert_get_key_usage (cert, &kusage);
+ if (gpg_err_code (err) != GPG_ERR_NO_DATA)
+ {
+ if (err)
+ es_fprintf (fp, " [error: %s]", gpg_strerror (err));
+ else
+ {
+ if ( (kusage & KSBA_KEYUSAGE_DIGITAL_SIGNATURE))
+ es_fputs (" digitalSignature", fp);
+ if ( (kusage & KSBA_KEYUSAGE_NON_REPUDIATION))
+ es_fputs (" nonRepudiation", fp);
+ if ( (kusage & KSBA_KEYUSAGE_KEY_ENCIPHERMENT))
+ es_fputs (" keyEncipherment", fp);
+ if ( (kusage & KSBA_KEYUSAGE_DATA_ENCIPHERMENT))
+ es_fputs (" dataEncipherment", fp);
+ if ( (kusage & KSBA_KEYUSAGE_KEY_AGREEMENT))
+ es_fputs (" keyAgreement", fp);
+ if ( (kusage & KSBA_KEYUSAGE_KEY_CERT_SIGN))
+ es_fputs (" certSign", fp);
+ if ( (kusage & KSBA_KEYUSAGE_CRL_SIGN))
+ es_fputs (" crlSign", fp);
+ if ( (kusage & KSBA_KEYUSAGE_ENCIPHER_ONLY))
+ es_fputs (" encipherOnly", fp);
+ if ( (kusage & KSBA_KEYUSAGE_DECIPHER_ONLY))
+ es_fputs (" decipherOnly", fp);
+ }
+ es_putc ('\n', fp);
+ }
+ else
+ es_fputs (" [none]\n", fp);
+
+ es_fputs (" extKeyUsage: ", fp);
+ err = ksba_cert_get_ext_key_usages (cert, &string);
+ if (gpg_err_code (err) != GPG_ERR_NO_DATA)
+ {
+ if (err)
+ es_fprintf (fp, "[error: %s]", gpg_strerror (err));
+ else
+ {
+ p = string;
+ while (p && (pend=strchr (p, ':')))
+ {
+ *pend++ = 0;
+ for (i=0; key_purpose_map[i].oid; i++)
+ if ( !strcmp (key_purpose_map[i].oid, p) )
+ break;
+ es_fputs (key_purpose_map[i].oid?key_purpose_map[i].name:p, fp);
+ p = pend;
+ if (*p != 'C')
+ es_fputs (" (suggested)", fp);
+ if ((p = strchr (p, '\n')))
+ {
+ p++;
+ es_fputs ("\n ", fp);
+ }
+ }
+ xfree (string);
+ }
+ es_putc ('\n', fp);
+ }
+ else
+ es_fputs ("[none]\n", fp);
+
+
+ es_fputs (" policies: ", fp);
+ err = ksba_cert_get_cert_policies (cert, &string);
+ if (gpg_err_code (err) != GPG_ERR_NO_DATA)
+ {
+ if (err)
+ es_fprintf (fp, "[error: %s]", gpg_strerror (err));
+ else
+ {
+ p = string;
+ while (p && (pend=strchr (p, ':')))
+ {
+ *pend++ = 0;
+ for (i=0; key_purpose_map[i].oid; i++)
+ if ( !strcmp (key_purpose_map[i].oid, p) )
+ break;
+ es_fputs (p, fp);
+ p = pend;
+ if (*p == 'C')
+ es_fputs (" (critical)", fp);
+ if ((p = strchr (p, '\n')))
+ {
+ p++;
+ es_fputs ("\n ", fp);
+ }
+ }
+ xfree (string);
+ }
+ es_putc ('\n', fp);
+ }
+ else
+ es_fputs ("[none]\n", fp);
+
+ es_fputs (" chainLength: ", fp);
+ err = ksba_cert_is_ca (cert, &is_ca, &chainlen);
+ if (err || is_ca)
+ {
+ if (gpg_err_code (err) == GPG_ERR_NO_VALUE )
+ es_fprintf (fp, "[none]");
+ else if (err)
+ es_fprintf (fp, "[error: %s]", gpg_strerror (err));
+ else if (chainlen == -1)
+ es_fputs ("unlimited", fp);
+ else
+ es_fprintf (fp, "%d", chainlen);
+ es_putc ('\n', fp);
+ }
+ else
+ es_fputs ("not a CA\n", fp);
+
+
+ /* CRL distribution point */
+ for (idx=0; !(err=ksba_cert_get_crl_dist_point (cert, idx, &name, &name2,
+ &reason)) ;idx++)
+ {
+ es_fputs (" crlDP: ", fp);
+ print_names_raw (fp, 15, name);
+ if (reason)
+ {
+ es_fputs (" reason: ", fp);
+ if ( (reason & KSBA_CRLREASON_UNSPECIFIED))
+ es_fputs (" unused", fp);
+ if ( (reason & KSBA_CRLREASON_KEY_COMPROMISE))
+ es_fputs (" keyCompromise", fp);
+ if ( (reason & KSBA_CRLREASON_CA_COMPROMISE))
+ es_fputs (" caCompromise", fp);
+ if ( (reason & KSBA_CRLREASON_AFFILIATION_CHANGED))
+ es_fputs (" affiliationChanged", fp);
+ if ( (reason & KSBA_CRLREASON_SUPERSEDED))
+ es_fputs (" superseded", fp);
+ if ( (reason & KSBA_CRLREASON_CESSATION_OF_OPERATION))
+ es_fputs (" cessationOfOperation", fp);
+ if ( (reason & KSBA_CRLREASON_CERTIFICATE_HOLD))
+ es_fputs (" certificateHold", fp);
+ es_putc ('\n', fp);
+ }
+ es_fputs (" issuer: ", fp);
+ print_names_raw (fp, 23, name2);
+ ksba_name_release (name);
+ ksba_name_release (name2);
+ }
+ if (err && gpg_err_code (err) != GPG_ERR_EOF
+ && gpg_err_code (err) != GPG_ERR_NO_VALUE)
+ es_fputs (" crlDP: [error]\n", fp);
+ else if (!idx)
+ es_fputs (" crlDP: [none]\n", fp);
+
+
+ /* authorityInfoAccess. */
+ for (idx=0; !(err=ksba_cert_get_authority_info_access (cert, idx, &string,
+ &name)); idx++)
+ {
+ es_fputs (" authInfo: ", fp);
+ s = get_oid_desc (string, NULL);
+ es_fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");
+ print_names_raw (fp, -15, name);
+ ksba_name_release (name);
+ ksba_free (string);
+ }
+ if (err && gpg_err_code (err) != GPG_ERR_EOF
+ && gpg_err_code (err) != GPG_ERR_NO_VALUE)
+ es_fputs (" authInfo: [error]\n", fp);
+ else if (!idx)
+ es_fputs (" authInfo: [none]\n", fp);
+
+ /* subjectInfoAccess. */
+ for (idx=0; !(err=ksba_cert_get_subject_info_access (cert, idx, &string,
+ &name)); idx++)
+ {
+ es_fputs (" subjectInfo: ", fp);
+ s = get_oid_desc (string, NULL);
+ es_fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");
+ print_names_raw (fp, -15, name);
+ ksba_name_release (name);
+ ksba_free (string);
+ }
+ if (err && gpg_err_code (err) != GPG_ERR_EOF
+ && gpg_err_code (err) != GPG_ERR_NO_VALUE)
+ es_fputs (" subjInfo: [error]\n", fp);
+ else if (!idx)
+ es_fputs (" subjInfo: [none]\n", fp);
+
+
+ for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
+ &oid, &i, &off, &len));idx++)
+ {
+ unsigned int flag;
+
+ s = get_oid_desc (oid, &flag);
+ if ((flag & OID_FLAG_SKIP))
+ continue;
+
+ es_fprintf (fp, " %s: %s%s%s%s [%d octets]\n",
+ i? "critExtn":" extn",
+ oid, s?" (":"", s?s:"", s?")":"", (int)len);
+ if ((flag & OID_FLAG_UTF8))
+ {
+ if (!cert_der)
+ cert_der = ksba_cert_get_image (cert, NULL);
+ assert (cert_der);
+ print_utf8_extn_raw (fp, -15, cert_der+off, len);
+ }
+ }
+
+
+ if (with_validation)
+ {
+ err = gpgsm_validate_chain (ctrl, cert, "", NULL, 1, fp, 0, NULL);
+ if (!err)
+ es_fprintf (fp, " [certificate is good]\n");
+ else
+ es_fprintf (fp, " [certificate is bad: %s]\n", gpg_strerror (err));
+ }
+
+ if (hd)
+ {
+ unsigned int blobflags;
+
+ err = keydb_get_flags (hd, KEYBOX_FLAG_BLOB, 0, &blobflags);
+ if (err)
+ es_fprintf (fp, " [error getting keyflags: %s]\n",gpg_strerror (err));
+ else if ((blobflags & KEYBOX_FLAG_BLOB_EPHEMERAL))
+ es_fprintf (fp, " [stored as ephemeral]\n");
+ }
+
+}
+
+
+
+
+/* List one certificate in standard mode */
+static void
+list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
+ int with_validation)
+{
+ gpg_error_t err;
+ ksba_sexp_t sexp;
+ char *dn;
+ ksba_isotime_t t;
+ int idx, i;
+ int is_ca, chainlen;
+ unsigned int kusage;
+ char *string, *p, *pend;
+ size_t off, len;
+ const char *oid;
+ const unsigned char *cert_der = NULL;
+
+
+ es_fprintf (fp, " ID: 0x%08lX\n",
+ gpgsm_get_short_fingerprint (cert, NULL));
+
+ sexp = ksba_cert_get_serial (cert);
+ es_fputs (" S/N: ", fp);
+ gpgsm_print_serial (fp, sexp);
+ ksba_free (sexp);
+ es_putc ('\n', fp);
+
+ dn = ksba_cert_get_issuer (cert, 0);
+ es_fputs (" Issuer: ", fp);
+ gpgsm_es_print_name (fp, dn);
+ ksba_free (dn);
+ es_putc ('\n', fp);
+ for (idx=1; (dn = ksba_cert_get_issuer (cert, idx)); idx++)
+ {
+ es_fputs (" aka: ", fp);
+ gpgsm_es_print_name (fp, dn);
+ ksba_free (dn);
+ es_putc ('\n', fp);
+ }
+
+ dn = ksba_cert_get_subject (cert, 0);
+ es_fputs (" Subject: ", fp);
+ gpgsm_es_print_name (fp, dn);
+ ksba_free (dn);
+ es_putc ('\n', fp);
+ for (idx=1; (dn = ksba_cert_get_subject (cert, idx)); idx++)
+ {
+ es_fputs (" aka: ", fp);
+ gpgsm_es_print_name (fp, dn);
+ ksba_free (dn);
+ es_putc ('\n', fp);
+ }
+
+ ksba_cert_get_validity (cert, 0, t);
+ es_fputs (" validity: ", fp);
+ gpgsm_print_time (fp, t);
+ es_fputs (" through ", fp);
+ ksba_cert_get_validity (cert, 1, t);
+ gpgsm_print_time (fp, t);
+ es_putc ('\n', fp);
+
+
+ {
+ const char *algoname;
+ unsigned int nbits;
+
+ algoname = gcry_pk_algo_name (gpgsm_get_key_algo_info (cert, &nbits));
+ es_fprintf (fp, " key type: %u bit %s\n",
+ nbits, algoname? algoname:"?");
+ }
+
+
+ err = ksba_cert_get_key_usage (cert, &kusage);
+ if (gpg_err_code (err) != GPG_ERR_NO_DATA)
+ {
+ es_fputs (" key usage:", fp);
+ if (err)
+ es_fprintf (fp, " [error: %s]", gpg_strerror (err));
+ else
+ {
+ if ( (kusage & KSBA_KEYUSAGE_DIGITAL_SIGNATURE))
+ es_fputs (" digitalSignature", fp);
+ if ( (kusage & KSBA_KEYUSAGE_NON_REPUDIATION))
+ es_fputs (" nonRepudiation", fp);
+ if ( (kusage & KSBA_KEYUSAGE_KEY_ENCIPHERMENT))
+ es_fputs (" keyEncipherment", fp);
+ if ( (kusage & KSBA_KEYUSAGE_DATA_ENCIPHERMENT))
+ es_fputs (" dataEncipherment", fp);
+ if ( (kusage & KSBA_KEYUSAGE_KEY_AGREEMENT))
+ es_fputs (" keyAgreement", fp);
+ if ( (kusage & KSBA_KEYUSAGE_KEY_CERT_SIGN))
+ es_fputs (" certSign", fp);
+ if ( (kusage & KSBA_KEYUSAGE_CRL_SIGN))
+ es_fputs (" crlSign", fp);
+ if ( (kusage & KSBA_KEYUSAGE_ENCIPHER_ONLY))
+ es_fputs (" encipherOnly", fp);
+ if ( (kusage & KSBA_KEYUSAGE_DECIPHER_ONLY))
+ es_fputs (" decipherOnly", fp);
+ }
+ es_putc ('\n', fp);
+ }
+
+ err = ksba_cert_get_ext_key_usages (cert, &string);
+ if (gpg_err_code (err) != GPG_ERR_NO_DATA)
+ {
+ es_fputs ("ext key usage: ", fp);
+ if (err)
+ es_fprintf (fp, "[error: %s]", gpg_strerror (err));
+ else
+ {
+ p = string;
+ while (p && (pend=strchr (p, ':')))
+ {
+ *pend++ = 0;
+ for (i=0; key_purpose_map[i].oid; i++)
+ if ( !strcmp (key_purpose_map[i].oid, p) )
+ break;
+ es_fputs (key_purpose_map[i].oid?key_purpose_map[i].name:p, fp);
+ p = pend;
+ if (*p != 'C')
+ es_fputs (" (suggested)", fp);
+ if ((p = strchr (p, '\n')))
+ {
+ p++;
+ es_fputs (", ", fp);
+ }
+ }
+ xfree (string);
+ }
+ es_putc ('\n', fp);
+ }
+
+ /* Print restrictions. */
+ for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
+ &oid, NULL, &off, &len));idx++)
+ {
+ if (!strcmp (oid, OIDSTR_restriction) )
+ {
+ if (!cert_der)
+ cert_der = ksba_cert_get_image (cert, NULL);
+ assert (cert_der);
+ es_fputs (" restriction: ", fp);
+ print_utf8_extn (fp, 15, cert_der+off, len);
+ }
+ }
+
+ /* Print policies. */
+ err = ksba_cert_get_cert_policies (cert, &string);
+ if (gpg_err_code (err) != GPG_ERR_NO_DATA)
+ {
+ es_fputs (" policies: ", fp);
+ if (err)
+ es_fprintf (fp, "[error: %s]", gpg_strerror (err));
+ else
+ {
+ for (p=string; *p; p++)
+ {
+ if (*p == '\n')
+ *p = ',';
+ }
+ es_write_sanitized (fp, string, strlen (string), NULL, NULL);
+ xfree (string);
+ }
+ es_putc ('\n', fp);
+ }
+
+ err = ksba_cert_is_ca (cert, &is_ca, &chainlen);
+ if (err || is_ca)
+ {
+ es_fputs (" chain length: ", fp);
+ if (gpg_err_code (err) == GPG_ERR_NO_VALUE )
+ es_fprintf (fp, "none");
+ else if (err)
+ es_fprintf (fp, "[error: %s]", gpg_strerror (err));
+ else if (chainlen == -1)
+ es_fputs ("unlimited", fp);
+ else
+ es_fprintf (fp, "%d", chainlen);
+ es_putc ('\n', fp);
+ }
+
+ if (opt.with_md5_fingerprint)
+ {
+ dn = gpgsm_get_fingerprint_string (cert, GCRY_MD_MD5);
+ es_fprintf (fp, " md5 fpr: %s\n", dn?dn:"error");
+ xfree (dn);
+ }
+
+ dn = gpgsm_get_fingerprint_string (cert, 0);
+ es_fprintf (fp, " fingerprint: %s\n", dn?dn:"error");
+ xfree (dn);
+
+ if (have_secret)
+ {
+ char *cardsn;
+
+ p = gpgsm_get_keygrip_hexstring (cert);
+ if (!gpgsm_agent_keyinfo (ctrl, p, &cardsn) && cardsn)
+ es_fprintf (fp, " card s/n: %s\n", cardsn);
+ xfree (cardsn);
+ xfree (p);
+ }
+
+ if (with_validation)
+ {
+ gpg_error_t tmperr;
+ size_t buflen;
+ char buffer[1];
+
+ err = gpgsm_validate_chain (ctrl, cert, "", NULL, 1, fp, 0, NULL);
+ tmperr = ksba_cert_get_user_data (cert, "is_qualified",
+ &buffer, sizeof (buffer), &buflen);
+ if (!tmperr && buflen)
+ {
+ if (*buffer)
+ es_fputs (" [qualified]\n", fp);
+ }
+ else if (gpg_err_code (tmperr) == GPG_ERR_NOT_FOUND)
+ ; /* Don't know - will not get marked as 'q' */
+ else
+ log_debug ("get_user_data(is_qualified) failed: %s\n",
+ gpg_strerror (tmperr));
+
+ if (!err)
+ es_fprintf (fp, " [certificate is good]\n");
+ else
+ es_fprintf (fp, " [certificate is bad: %s]\n", gpg_strerror (err));
+ }
+}
+
+
+/* Same as standard mode mode list all certifying certs too. */
+static void
+list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd,
+ ksba_cert_t cert, int raw_mode,
+ estream_t fp, int with_validation)
+{
+ ksba_cert_t next = NULL;
+
+ if (raw_mode)
+ list_cert_raw (ctrl, hd, cert, fp, 0, with_validation);
+ else
+ list_cert_std (ctrl, cert, fp, 0, with_validation);
+ ksba_cert_ref (cert);
+ while (!gpgsm_walk_cert_chain (ctrl, cert, &next))
+ {
+ ksba_cert_release (cert);
+ es_fputs ("Certified by\n", fp);
+ if (raw_mode)
+ list_cert_raw (ctrl, hd, next, fp, 0, with_validation);
+ else
+ list_cert_std (ctrl, next, fp, 0, with_validation);
+ cert = next;
+ }
+ ksba_cert_release (cert);
+ es_putc ('\n', fp);
+}
+
+
+
+/* List all internal keys or just the keys given as NAMES. MODE is a
+ bit vector to specify what keys are to be included; see
+ gpgsm_list_keys (below) for details. If RAW_MODE is true, the raw
+ output mode will be used instead of the standard beautified one.
+ */
+static gpg_error_t
+list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
+ unsigned int mode, int raw_mode)
+{
+ KEYDB_HANDLE hd;
+ KEYDB_SEARCH_DESC *desc = NULL;
+ strlist_t sl;
+ int ndesc;
+ ksba_cert_t cert = NULL;
+ ksba_cert_t lastcert = NULL;
+ gpg_error_t rc = 0;
+ const char *lastresname, *resname;
+ int have_secret;
+ int want_ephemeral = ctrl->with_ephemeral_keys;
+
+ hd = keydb_new (0);
+ if (!hd)
+ {
+ log_error ("keydb_new failed\n");
+ rc = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+ if (!names)
+ ndesc = 1;
+ else
+ {
+ for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++)
+ ;
+ }
+
+ desc = xtrycalloc (ndesc, sizeof *desc);
+ if (!ndesc)
+ {
+ rc = gpg_error_from_syserror ();
+ log_error ("out of core\n");
+ goto leave;
+ }
+
+ if (!names)
+ desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
+ else
+ {
+ for (ndesc=0, sl=names; sl; sl = sl->next)
+ {
+ rc = keydb_classify_name (sl->d, desc+ndesc);
+ if (rc)
+ {
+ log_error ("key `%s' not found: %s\n",
+ sl->d, gpg_strerror (rc));
+ rc = 0;
+ }
+ else
+ ndesc++;
+ }
+
+ }
+
+ /* If all specifications are done by fingerprint or keygrip, we
+ switch to ephemeral mode so that _all_ currently available and
+ matching certificates are listed. */
+ if (!want_ephemeral && names && ndesc)
+ {
+ int i;
+
+ for (i=0; (i < ndesc
+ && (desc[i].mode == KEYDB_SEARCH_MODE_FPR
+ || desc[i].mode == KEYDB_SEARCH_MODE_FPR20
+ || desc[i].mode == KEYDB_SEARCH_MODE_FPR16
+ || desc[i].mode == KEYDB_SEARCH_MODE_KEYGRIP)); i++)
+ ;
+ if (i == ndesc)
+ want_ephemeral = 1;
+ }
+
+ if (want_ephemeral)
+ keydb_set_ephemeral (hd, 1);
+
+ /* It would be nice to see which of the given users did actually
+ match one in the keyring. To implement this we need to have a
+ found flag for each entry in desc and to set this we must check
+ all those entries after a match to mark all matched one -
+ currently we stop at the first match. To do this we need an
+ extra flag to enable this feature so */
+
+ /* Suppress duplicates at least when they follow each other. */
+ lastresname = NULL;
+ while (!(rc = keydb_search (hd, desc, ndesc)))
+ {
+ unsigned int validity;
+
+ if (!names)
+ desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
+
+ rc = keydb_get_flags (hd, KEYBOX_FLAG_VALIDITY, 0, &validity);
+ if (rc)
+ {
+ log_error ("keydb_get_flags failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ rc = keydb_get_cert (hd, &cert);
+ if (rc)
+ {
+ log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ /* Skip duplicated certificates, at least if they follow each
+ others. This works best if a single key is searched for and
+ expected. FIXME: Non-sequential duplicates remain. */
+ if (gpgsm_certs_identical_p (cert, lastcert))
+ {
+ ksba_cert_release (cert);
+ cert = NULL;
+ continue;
+ }
+
+ resname = keydb_get_resource_name (hd);
+
+ if (lastresname != resname )
+ {
+ int i;
+
+ if (ctrl->no_server)
+ {
+ es_fprintf (fp, "%s\n", resname );
+ for (i=strlen(resname); i; i-- )
+ es_putc ('-', fp);
+ es_putc ('\n', fp);
+ lastresname = resname;
+ }
+ }
+
+ have_secret = 0;
+ if (mode)
+ {
+ char *p = gpgsm_get_keygrip_hexstring (cert);
+ if (p)
+ {
+ rc = gpgsm_agent_havekey (ctrl, p);
+ if (!rc)
+ have_secret = 1;
+ else if ( gpg_err_code (rc) != GPG_ERR_NO_SECKEY)
+ goto leave;
+ rc = 0;
+ xfree (p);
+ }
+ }
+
+ if (!mode
+ || ((mode & 1) && !have_secret)
+ || ((mode & 2) && have_secret) )
+ {
+ if (ctrl->with_colons)
+ list_cert_colon (ctrl, cert, validity, fp, have_secret);
+ else if (ctrl->with_chain)
+ list_cert_chain (ctrl, hd, cert,
+ raw_mode, fp, ctrl->with_validation);
+ else
+ {
+ if (raw_mode)
+ list_cert_raw (ctrl, hd, cert, fp, have_secret,
+ ctrl->with_validation);
+ else
+ list_cert_std (ctrl, cert, fp, have_secret,
+ ctrl->with_validation);
+ es_putc ('\n', fp);
+ }
+ }
+
+ ksba_cert_release (lastcert);
+ lastcert = cert;
+ cert = NULL;
+ }
+ if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1 )
+ rc = 0;
+ if (rc)
+ log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
+
+ leave:
+ ksba_cert_release (cert);
+ ksba_cert_release (lastcert);
+ xfree (desc);
+ keydb_release (hd);
+ return rc;
+}
+
+
+
+static void
+list_external_cb (void *cb_value, ksba_cert_t cert)
+{
+ struct list_external_parm_s *parm = cb_value;
+
+ if (keydb_store_cert (cert, 1, NULL))
+ log_error ("error storing certificate as ephemeral\n");
+
+ if (parm->print_header)
+ {
+ const char *resname = "[external keys]";
+ int i;
+
+ es_fprintf (parm->fp, "%s\n", resname );
+ for (i=strlen(resname); i; i-- )
+ es_putc('-', parm->fp);
+ es_putc ('\n', parm->fp);
+ parm->print_header = 0;
+ }
+
+ if (parm->with_colons)
+ list_cert_colon (parm->ctrl, cert, 0, parm->fp, 0);
+ else if (parm->with_chain)
+ list_cert_chain (parm->ctrl, NULL, cert, parm->raw_mode, parm->fp, 0);
+ else
+ {
+ if (parm->raw_mode)
+ list_cert_raw (parm->ctrl, NULL, cert, parm->fp, 0, 0);
+ else
+ list_cert_std (parm->ctrl, cert, parm->fp, 0, 0);
+ es_putc ('\n', parm->fp);
+ }
+}
+
+
+/* List external keys similar to internal one. Note: mode does not
+ make sense here because it would be unwise to list external secret
+ keys */
+static gpg_error_t
+list_external_keys (ctrl_t ctrl, strlist_t names, estream_t fp, int raw_mode)
+{
+ int rc;
+ struct list_external_parm_s parm;
+
+ parm.fp = fp;
+ parm.ctrl = ctrl,
+ parm.print_header = ctrl->no_server;
+ parm.with_colons = ctrl->with_colons;
+ parm.with_chain = ctrl->with_chain;
+ parm.raw_mode = raw_mode;
+
+ rc = gpgsm_dirmngr_lookup (ctrl, names, 0, list_external_cb, &parm);
+ if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1
+ || gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
+ rc = 0; /* "Not found" is not an error here. */
+ if (rc)
+ log_error ("listing external keys failed: %s\n", gpg_strerror (rc));
+ return rc;
+}
+
+/* List all keys or just the key given as NAMES.
+ MODE controls the operation mode:
+ Bit 0-2:
+ 0 = list all public keys but don't flag secret ones
+ 1 = list only public keys
+ 2 = list only secret keys
+ 3 = list secret and public keys
+ Bit 6: list internal keys
+ Bit 7: list external keys
+ Bit 8: Do a raw format dump.
+ */
+gpg_error_t
+gpgsm_list_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
+ unsigned int mode)
+{
+ gpg_error_t err = 0;
+
+ if ((mode & (1<<6)))
+ err = list_internal_keys (ctrl, names, fp, (mode & 3), (mode&256));
+ if (!err && (mode & (1<<7)))
+ err = list_external_keys (ctrl, names, fp, (mode&256));
+ return err;
+}
diff --git a/sm/misc.c b/sm/misc.c
new file mode 100644
index 0000000..628b321
--- /dev/null
+++ b/sm/misc.c
@@ -0,0 +1,89 @@
+/* misc.c - Miscellaneous fucntions
+ * Copyright (C) 2004, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#ifdef HAVE_LOCALE_H
+#include <locale.h>
+#endif
+
+#include "gpgsm.h"
+#include "i18n.h"
+#include "setenv.h"
+
+/* Setup the environment so that the pinentry is able to get all
+ required information. This is used prior to an exec of the
+ protect-tool. */
+void
+setup_pinentry_env (void)
+{
+#ifndef HAVE_W32_SYSTEM
+ char *lc;
+ const char *name, *value;
+ int iterator;
+
+ /* Try to make sure that GPG_TTY has been set. This is needed if we
+ call for example the protect-tools with redirected stdin and thus
+ it won't be able to ge a default by itself. Try to do it here
+ but print a warning. */
+ value = session_env_getenv (opt.session_env, "GPG_TTY");
+ if (value)
+ setenv ("GPG_TTY", value, 1);
+ else if (!(lc=getenv ("GPG_TTY")) || !*lc)
+ {
+ log_error (_("GPG_TTY has not been set - "
+ "using maybe bogus default\n"));
+ lc = ttyname (0);
+ if (!lc)
+ lc = "/dev/tty";
+ setenv ("GPG_TTY", lc, 1);
+ }
+
+ if (opt.lc_ctype)
+ setenv ("LC_CTYPE", opt.lc_ctype, 1);
+#if defined(HAVE_SETLOCALE) && defined(LC_CTYPE)
+ else if ( (lc = setlocale (LC_CTYPE, "")) )
+ setenv ("LC_CTYPE", lc, 1);
+#endif
+
+ if (opt.lc_messages)
+ setenv ("LC_MESSAGES", opt.lc_messages, 1);
+#if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES)
+ else if ( (lc = setlocale (LC_MESSAGES, "")) )
+ setenv ("LC_MESSAGES", lc, 1);
+#endif
+
+ iterator = 0;
+ while ((name = session_env_list_stdenvnames (&iterator, NULL)))
+ {
+ if (!strcmp (name, "GPG_TTY"))
+ continue; /* Already set. */
+ value = session_env_getenv (opt.session_env, name);
+ if (value)
+ setenv (name, value, 1);
+ }
+
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
diff --git a/sm/qualified.c b/sm/qualified.c
new file mode 100644
index 0000000..d0db481
--- /dev/null
+++ b/sm/qualified.c
@@ -0,0 +1,321 @@
+/* qualified.c - Routines related to qualified signatures
+ * Copyright (C) 2005, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <errno.h>
+
+#include "gpgsm.h"
+#include "i18n.h"
+#include <ksba.h>
+
+
+/* We open the file only once and keep the open file pointer as well
+ as the name of the file here. Note that, a listname not equal to
+ NULL indicates that this module has been intialized and if the
+ LISTFP is also NULL, no list of qualified signatures exists. */
+static char *listname;
+static FILE *listfp;
+
+
+/* Read the trustlist and return entry by entry. KEY must point to a
+ buffer of at least 41 characters. COUNTRY shall be a buffer of at
+ least 3 characters to receive the country code of that qualified
+ signature (i.e. "de" for German and "be" for Belgium).
+
+ Reading a valid entry returns 0, EOF is indicated by GPG_ERR_EOF
+ and any other error condition is indicated by the appropriate error
+ code. */
+static gpg_error_t
+read_list (char *key, char *country, int *lnr)
+{
+ gpg_error_t err;
+ int c, i, j;
+ char *p, line[256];
+
+ *key = 0;
+ *country = 0;
+
+ if (!listname)
+ {
+ listname = make_filename (gnupg_datadir (), "qualified.txt", NULL);
+ listfp = fopen (listname, "r");
+ if (!listfp && errno != ENOENT)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("can't open `%s': %s\n"), listname, gpg_strerror (err));
+ return err;
+ }
+ }
+
+ if (!listfp)
+ return gpg_error (GPG_ERR_EOF);
+
+ do
+ {
+ if (!fgets (line, DIM(line)-1, listfp) )
+ {
+ if (feof (listfp))
+ return gpg_error (GPG_ERR_EOF);
+ return gpg_error_from_syserror ();
+ }
+
+ if (!*line || line[strlen(line)-1] != '\n')
+ {
+ /* Eat until end of line. */
+ while ( (c=getc (listfp)) != EOF && c != '\n')
+ ;
+ return gpg_error (*line? GPG_ERR_LINE_TOO_LONG
+ : GPG_ERR_INCOMPLETE_LINE);
+ }
+ ++*lnr;
+
+ /* Allow for empty lines and spaces */
+ for (p=line; spacep (p); p++)
+ ;
+ }
+ while (!*p || *p == '\n' || *p == '#');
+
+ for (i=j=0; (p[i] == ':' || hexdigitp (p+i)) && j < 40; i++)
+ if ( p[i] != ':' )
+ key[j++] = p[i] >= 'a'? (p[i] & 0xdf): p[i];
+ key[j] = 0;
+ if (j != 40 || !(spacep (p+i) || p[i] == '\n'))
+ {
+ log_error (_("invalid formatted fingerprint in `%s', line %d\n"),
+ listname, *lnr);
+ return gpg_error (GPG_ERR_BAD_DATA);
+ }
+ assert (p[i]);
+ i++;
+ while (spacep (p+i))
+ i++;
+ if ( p[i] >= 'a' && p[i] <= 'z'
+ && p[i+1] >= 'a' && p[i+1] <= 'z'
+ && (spacep (p+i+2) || p[i+2] == '\n'))
+ {
+ country[0] = p[i];
+ country[1] = p[i+1];
+ country[2] = 0;
+ }
+ else
+ {
+ log_error (_("invalid country code in `%s', line %d\n"), listname, *lnr);
+ return gpg_error (GPG_ERR_BAD_DATA);
+ }
+
+ return 0;
+}
+
+
+
+
+/* Check whether the certificate CERT is included in the list of
+ qualified certificates. This list is similar to the "trustlist.txt"
+ as maintained by gpg-agent and includes fingerprints of root
+ certificates to be used for qualified (legally binding like
+ handwritten) signatures. We keep this list system wide and not
+ per user because it is not a decision of the user.
+
+ Returns: 0 if the certificate is included. GPG_ERR_NOT_FOUND if it
+ is not in the list or any other error (e.g. if no list of
+ qualified signatures is available. If COUNTRY has not been passed
+ as NULL a string witha maximum length of 2 will be copied into it;
+ thus the caller needs to provide a buffer of length 3. */
+gpg_error_t
+gpgsm_is_in_qualified_list (ctrl_t ctrl, ksba_cert_t cert, char *country)
+{
+ gpg_error_t err;
+ char *fpr;
+ char key[41];
+ char mycountry[3];
+ int lnr = 0;
+
+ (void)ctrl;
+
+ if (country)
+ *country = 0;
+
+ fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+ if (!fpr)
+ return gpg_error (GPG_ERR_GENERAL);
+
+ if (listfp)
+ rewind (listfp);
+ while (!(err = read_list (key, mycountry, &lnr)))
+ {
+ if (!strcmp (key, fpr))
+ break;
+ }
+ if (gpg_err_code (err) == GPG_ERR_EOF)
+ err = gpg_error (GPG_ERR_NOT_FOUND);
+
+ if (!err && country)
+ strcpy (country, mycountry);
+
+ xfree (fpr);
+ return err;
+}
+
+
+/* We know that CERT is a qualified certificate. Ask the user for
+ consent to actually create a signature using this certificate.
+ Returns: 0 for yes, GPG_ERR_CANCEL for no or any otehr error
+ code. */
+gpg_error_t
+gpgsm_qualified_consent (ctrl_t ctrl, ksba_cert_t cert)
+{
+ gpg_error_t err;
+ char *name, *subject, *buffer, *p;
+ const char *s;
+ char *orig_codeset = NULL;
+
+ name = ksba_cert_get_subject (cert, 0);
+ if (!name)
+ return gpg_error (GPG_ERR_GENERAL);
+ subject = gpgsm_format_name2 (name, 0);
+ ksba_free (name); name = NULL;
+
+ orig_codeset = i18n_switchto_utf8 ();
+
+ if (asprintf (&name,
+ _("You are about to create a signature using your "
+ "certificate:\n"
+ "\"%s\"\n"
+ "This will create a qualified signature by law "
+ "equated to a handwritten signature.\n\n%s%s"
+ "Are you really sure that you want to do this?"),
+ subject? subject:"?",
+ opt.qualsig_approval?
+ "":
+ _("Note, that this software is not officially approved "
+ "to create or verify such signatures.\n"),
+ opt.qualsig_approval? "":"\n"
+ ) < 0 )
+ err = gpg_error_from_syserror ();
+ else
+ err = 0;
+
+ i18n_switchback (orig_codeset);
+ xfree (subject);
+
+ if (err)
+ return err;
+
+ buffer = p = xtrymalloc (strlen (name) * 3 + 1);
+ if (!buffer)
+ {
+ err = gpg_error_from_syserror ();
+ free (name);
+ return err;
+ }
+ for (s=name; *s; s++)
+ {
+ if (*s < ' ' || *s == '+')
+ {
+ sprintf (p, "%%%02X", *(unsigned char *)s);
+ p += 3;
+ }
+ else if (*s == ' ')
+ *p++ = '+';
+ else
+ *p++ = *s;
+ }
+ *p = 0;
+ free (name);
+
+
+ err = gpgsm_agent_get_confirmation (ctrl, buffer);
+
+ xfree (buffer);
+ return err;
+}
+
+
+/* Popup a prompt to inform the user that the signature created is not
+ a qualified one. This is of course only done if we know that we
+ have been approved. */
+gpg_error_t
+gpgsm_not_qualified_warning (ctrl_t ctrl, ksba_cert_t cert)
+{
+ gpg_error_t err;
+ char *name, *subject, *buffer, *p;
+ const char *s;
+ char *orig_codeset;
+
+ if (!opt.qualsig_approval)
+ return 0;
+
+ name = ksba_cert_get_subject (cert, 0);
+ if (!name)
+ return gpg_error (GPG_ERR_GENERAL);
+ subject = gpgsm_format_name2 (name, 0);
+ ksba_free (name); name = NULL;
+
+ orig_codeset = i18n_switchto_utf8 ();
+
+ if (asprintf (&name,
+ _("You are about to create a signature using your "
+ "certificate:\n"
+ "\"%s\"\n"
+ "Note, that this certificate will NOT create a "
+ "qualified signature!"),
+ subject? subject:"?") < 0 )
+ err = gpg_error_from_syserror ();
+ else
+ err = 0;
+
+ i18n_switchback (orig_codeset);
+ xfree (subject);
+
+ if (err)
+ return err;
+
+ buffer = p = xtrymalloc (strlen (name) * 3 + 1);
+ if (!buffer)
+ {
+ err = gpg_error_from_syserror ();
+ free (name);
+ return err;
+ }
+ for (s=name; *s; s++)
+ {
+ if (*s < ' ' || *s == '+')
+ {
+ sprintf (p, "%%%02X", *(unsigned char *)s);
+ p += 3;
+ }
+ else if (*s == ' ')
+ *p++ = '+';
+ else
+ *p++ = *s;
+ }
+ *p = 0;
+ free (name);
+
+
+ err = gpgsm_agent_get_confirmation (ctrl, buffer);
+
+ xfree (buffer);
+ return err;
+}
diff --git a/sm/server.c b/sm/server.c
new file mode 100644
index 0000000..fcf47a7
--- /dev/null
+++ b/sm/server.c
@@ -0,0 +1,1464 @@
+/* server.c - Server mode and main entry point
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+ * 2009, 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <unistd.h>
+
+#include "gpgsm.h"
+#include <assuan.h>
+#include "sysutils.h"
+
+#define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
+
+
+/* The filepointer for status message used in non-server mode */
+static FILE *statusfp;
+
+/* Data used to assuciate an Assuan context with local server data */
+struct server_local_s {
+ assuan_context_t assuan_ctx;
+ int message_fd;
+ int list_internal;
+ int list_external;
+ int list_to_output; /* Write keylistings to the output fd. */
+ int enable_audit_log; /* Use an audit log. */
+ certlist_t recplist;
+ certlist_t signerlist;
+ certlist_t default_recplist; /* As set by main() - don't release. */
+ int allow_pinentry_notify; /* Set if pinentry notifications should
+ be passed back to the client. */
+ int no_encrypt_to; /* Local version of option. */
+};
+
+
+/* Cookie definition for assuan data line output. */
+static ssize_t data_line_cookie_write (void *cookie,
+ const void *buffer, size_t size);
+static int data_line_cookie_close (void *cookie);
+static es_cookie_io_functions_t data_line_cookie_functions =
+ {
+ NULL,
+ data_line_cookie_write,
+ NULL,
+ data_line_cookie_close
+ };
+
+
+
+static int command_has_option (const char *cmd, const char *cmdopt);
+
+
+
+
+/* Note that it is sufficient to allocate the target string D as
+ long as the source string S, i.e.: strlen(s)+1; */
+static void
+strcpy_escaped_plus (char *d, const char *s)
+{
+ while (*s)
+ {
+ if (*s == '%' && s[1] && s[2])
+ {
+ s++;
+ *d++ = xtoi_2 (s);
+ s += 2;
+ }
+ else if (*s == '+')
+ *d++ = ' ', s++;
+ else
+ *d++ = *s++;
+ }
+ *d = 0;
+}
+
+
+/* Skip over options.
+ Blanks after the options are also removed. */
+static char *
+skip_options (const char *line)
+{
+ while (spacep (line))
+ line++;
+ while ( *line == '-' && line[1] == '-' )
+ {
+ while (*line && !spacep (line))
+ line++;
+ while (spacep (line))
+ line++;
+ }
+ return (char*)line;
+}
+
+
+/* Check whether the option NAME appears in LINE */
+static int
+has_option (const char *line, const char *name)
+{
+ const char *s;
+ int n = strlen (name);
+
+ s = strstr (line, name);
+ if (s && s >= skip_options (line))
+ return 0;
+ return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n)));
+}
+
+
+/* A write handler used by es_fopencookie to write assuan data
+ lines. */
+static ssize_t
+data_line_cookie_write (void *cookie, const void *buffer, size_t size)
+{
+ assuan_context_t ctx = cookie;
+
+ if (assuan_send_data (ctx, buffer, size))
+ {
+ errno = EIO;
+ return -1;
+ }
+
+ return size;
+}
+
+static int
+data_line_cookie_close (void *cookie)
+{
+ assuan_context_t ctx = cookie;
+
+ if (assuan_send_data (ctx, NULL, 0))
+ {
+ errno = EIO;
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static void
+close_message_fd (ctrl_t ctrl)
+{
+ if (ctrl->server_local->message_fd != -1)
+ {
+ close (ctrl->server_local->message_fd);
+ ctrl->server_local->message_fd = -1;
+ }
+}
+
+
+/* Start a new audit session if this has been enabled. */
+static gpg_error_t
+start_audit_session (ctrl_t ctrl)
+{
+ audit_release (ctrl->audit);
+ ctrl->audit = NULL;
+ if (ctrl->server_local->enable_audit_log && !(ctrl->audit = audit_new ()) )
+ return gpg_error_from_syserror ();
+
+ return 0;
+}
+
+
+static gpg_error_t
+option_handler (assuan_context_t ctx, const char *key, const char *value)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ gpg_error_t err = 0;
+
+ if (!strcmp (key, "putenv"))
+ {
+ /* Change the session's environment to be used for the
+ Pinentry. Valid values are:
+ <NAME> Delete envvar NAME
+ <KEY>= Set envvar NAME to the empty string
+ <KEY>=<VALUE> Set envvar NAME to VALUE
+ */
+ err = session_env_putenv (opt.session_env, value);
+ }
+ else if (!strcmp (key, "display"))
+ {
+ err = session_env_setenv (opt.session_env, "DISPLAY", value);
+ }
+ else if (!strcmp (key, "ttyname"))
+ {
+ err = session_env_setenv (opt.session_env, "GPG_TTY", value);
+ }
+ else if (!strcmp (key, "ttytype"))
+ {
+ err = session_env_setenv (opt.session_env, "TERM", value);
+ }
+ else if (!strcmp (key, "lc-ctype"))
+ {
+ xfree (opt.lc_ctype);
+ opt.lc_ctype = xtrystrdup (value);
+ if (!opt.lc_ctype)
+ err = gpg_error_from_syserror ();
+ }
+ else if (!strcmp (key, "lc-messages"))
+ {
+ xfree (opt.lc_messages);
+ opt.lc_messages = xtrystrdup (value);
+ if (!opt.lc_messages)
+ err = gpg_error_from_syserror ();
+ }
+ else if (!strcmp (key, "xauthority"))
+ {
+ err = session_env_setenv (opt.session_env, "XAUTHORITY", value);
+ }
+ else if (!strcmp (key, "pinentry-user-data"))
+ {
+ err = session_env_setenv (opt.session_env, "PINENTRY_USER_DATA", value);
+ }
+ else if (!strcmp (key, "include-certs"))
+ {
+ int i = *value? atoi (value) : -1;
+ if (ctrl->include_certs < -2)
+ err = gpg_error (GPG_ERR_ASS_PARAMETER);
+ else
+ ctrl->include_certs = i;
+ }
+ else if (!strcmp (key, "list-mode"))
+ {
+ int i = *value? atoi (value) : 0;
+ if (!i || i == 1) /* default and mode 1 */
+ {
+ ctrl->server_local->list_internal = 1;
+ ctrl->server_local->list_external = 0;
+ }
+ else if (i == 2)
+ {
+ ctrl->server_local->list_internal = 0;
+ ctrl->server_local->list_external = 1;
+ }
+ else if (i == 3)
+ {
+ ctrl->server_local->list_internal = 1;
+ ctrl->server_local->list_external = 1;
+ }
+ else
+ err = gpg_error (GPG_ERR_ASS_PARAMETER);
+ }
+ else if (!strcmp (key, "list-to-output"))
+ {
+ int i = *value? atoi (value) : 0;
+ ctrl->server_local->list_to_output = i;
+ }
+ else if (!strcmp (key, "with-validation"))
+ {
+ int i = *value? atoi (value) : 0;
+ ctrl->with_validation = i;
+ }
+ else if (!strcmp (key, "validation-model"))
+ {
+ int i = gpgsm_parse_validation_model (value);
+ if ( i >= 0 && i <= 1 )
+ ctrl->validation_model = i;
+ else
+ err = gpg_error (GPG_ERR_ASS_PARAMETER);
+ }
+ else if (!strcmp (key, "with-key-data"))
+ {
+ opt.with_key_data = 1;
+ }
+ else if (!strcmp (key, "enable-audit-log"))
+ {
+ int i = *value? atoi (value) : 0;
+ ctrl->server_local->enable_audit_log = i;
+ }
+ else if (!strcmp (key, "allow-pinentry-notify"))
+ {
+ ctrl->server_local->allow_pinentry_notify = 1;
+ }
+ else if (!strcmp (key, "with-ephemeral-keys"))
+ {
+ int i = *value? atoi (value) : 0;
+ ctrl->with_ephemeral_keys = i;
+ }
+ else if (!strcmp (key, "no-encrypt-to"))
+ {
+ ctrl->server_local->no_encrypt_to = 1;
+ }
+ else
+ err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
+
+ return err;
+}
+
+
+static gpg_error_t
+reset_notify (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ (void) line;
+
+ gpgsm_release_certlist (ctrl->server_local->recplist);
+ gpgsm_release_certlist (ctrl->server_local->signerlist);
+ ctrl->server_local->recplist = NULL;
+ ctrl->server_local->signerlist = NULL;
+ close_message_fd (ctrl);
+ assuan_close_input_fd (ctx);
+ assuan_close_output_fd (ctx);
+ return 0;
+}
+
+
+static gpg_error_t
+input_notify (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ ctrl->autodetect_encoding = 0;
+ ctrl->is_pem = 0;
+ ctrl->is_base64 = 0;
+ if (strstr (line, "--armor"))
+ ctrl->is_pem = 1;
+ else if (strstr (line, "--base64"))
+ ctrl->is_base64 = 1;
+ else if (strstr (line, "--binary"))
+ ;
+ else
+ ctrl->autodetect_encoding = 1;
+ return 0;
+}
+
+static gpg_error_t
+output_notify (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ ctrl->create_pem = 0;
+ ctrl->create_base64 = 0;
+ if (strstr (line, "--armor"))
+ ctrl->create_pem = 1;
+ else if (strstr (line, "--base64"))
+ ctrl->create_base64 = 1; /* just the raw output */
+ return 0;
+}
+
+
+static const char hlp_recipient[] =
+ "RECIPIENT <userID>\n"
+ "\n"
+ "Set the recipient for the encryption. USERID shall be the\n"
+ "internal representation of the key; the server may accept any other\n"
+ "way of specification [we will support this]. If this is a valid and\n"
+ "trusted recipient the server does respond with OK, otherwise the\n"
+ "return is an ERR with the reason why the recipient can't be used,\n"
+ "the encryption will then not be done for this recipient. If the\n"
+ "policy is not to encrypt at all if not all recipients are valid, the\n"
+ "client has to take care of this. All RECIPIENT commands are\n"
+ "cumulative until a RESET or an successful ENCRYPT command.";
+static gpg_error_t
+cmd_recipient (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+
+ if (!ctrl->audit)
+ rc = start_audit_session (ctrl);
+ else
+ rc = 0;
+
+ if (!rc)
+ rc = gpgsm_add_to_certlist (ctrl, line, 0,
+ &ctrl->server_local->recplist, 0);
+ if (rc)
+ {
+ gpgsm_status2 (ctrl, STATUS_INV_RECP,
+ get_inv_recpsgnr_code (rc), line, NULL);
+ }
+
+ return rc;
+}
+
+
+static const char hlp_signer[] =
+ "SIGNER <userID>\n"
+ "\n"
+ "Set the signer's keys for the signature creation. USERID should\n"
+ "be the internal representation of the key; the server may accept any\n"
+ "other way of specification [we will support this]. If this is a\n"
+ "valid and usable signing key the server does respond with OK,\n"
+ "otherwise it returns an ERR with the reason why the key can't be\n"
+ "used, the signing will then not be done for this key. If the policy\n"
+ "is not to sign at all if not all signer keys are valid, the client\n"
+ "has to take care of this. All SIGNER commands are cumulative until\n"
+ "a RESET but they are *not* reset by an SIGN command becuase it can\n"
+ "be expected that set of signers are used for more than one sign\n"
+ "operation.";
+static gpg_error_t
+cmd_signer (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+
+ rc = gpgsm_add_to_certlist (ctrl, line, 1,
+ &ctrl->server_local->signerlist, 0);
+ if (rc)
+ {
+ gpgsm_status2 (ctrl, STATUS_INV_SGNR,
+ get_inv_recpsgnr_code (rc), line, NULL);
+ /* For compatibiliy reasons we also issue the old code after the
+ new one. */
+ gpgsm_status2 (ctrl, STATUS_INV_RECP,
+ get_inv_recpsgnr_code (rc), line, NULL);
+ }
+ return rc;
+}
+
+
+static const char hlp_encrypt[] =
+ "ENCRYPT \n"
+ "\n"
+ "Do the actual encryption process. Takes the plaintext from the INPUT\n"
+ "command, writes to the ciphertext to the file descriptor set with\n"
+ "the OUTPUT command, take the recipients form all the recipients set\n"
+ "so far. If this command fails the clients should try to delete all\n"
+ "output currently done or otherwise mark it as invalid. GPGSM does\n"
+ "ensure that there won't be any security problem with leftover data\n"
+ "on the output in this case.\n"
+ "\n"
+ "This command should in general not fail, as all necessary checks\n"
+ "have been done while setting the recipients. The input and output\n"
+ "pipes are closed.";
+static gpg_error_t
+cmd_encrypt (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ certlist_t cl;
+ int inp_fd, out_fd;
+ FILE *out_fp;
+ int rc;
+
+ (void)line;
+
+ inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
+ if (inp_fd == -1)
+ return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
+ out_fd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1);
+ if (out_fd == -1)
+ return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
+
+ out_fp = fdopen (dup (out_fd), "w");
+ if (!out_fp)
+ return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
+
+ /* Now add all encrypt-to marked recipients from the default
+ list. */
+ rc = 0;
+ if (!opt.no_encrypt_to && !ctrl->server_local->no_encrypt_to)
+ {
+ for (cl=ctrl->server_local->default_recplist; !rc && cl; cl = cl->next)
+ if (cl->is_encrypt_to)
+ rc = gpgsm_add_cert_to_certlist (ctrl, cl->cert,
+ &ctrl->server_local->recplist, 1);
+ }
+ if (!rc)
+ rc = ctrl->audit? 0 : start_audit_session (ctrl);
+ if (!rc)
+ rc = gpgsm_encrypt (assuan_get_pointer (ctx),
+ ctrl->server_local->recplist,
+ inp_fd, out_fp);
+ fclose (out_fp);
+
+ gpgsm_release_certlist (ctrl->server_local->recplist);
+ ctrl->server_local->recplist = NULL;
+ /* Close and reset the fd */
+ close_message_fd (ctrl);
+ assuan_close_input_fd (ctx);
+ assuan_close_output_fd (ctx);
+ return rc;
+}
+
+
+static const char hlp_decrypt[] =
+ "DECRYPT\n"
+ "\n"
+ "This performs the decrypt operation after doing some check on the\n"
+ "internal state. (e.g. that only needed data has been set). Because\n"
+ "it utilizes the GPG-Agent for the session key decryption, there is\n"
+ "no need to ask the client for a protecting passphrase - GPG-Agent\n"
+ "does take care of this by requesting this from the user.";
+static gpg_error_t
+cmd_decrypt (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int inp_fd, out_fd;
+ FILE *out_fp;
+ int rc;
+
+ (void)line;
+
+ inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
+ if (inp_fd == -1)
+ return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
+ out_fd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1);
+ if (out_fd == -1)
+ return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
+
+ out_fp = fdopen (dup(out_fd), "w");
+ if (!out_fp)
+ return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
+
+ rc = start_audit_session (ctrl);
+ if (!rc)
+ rc = gpgsm_decrypt (ctrl, inp_fd, out_fp);
+ fclose (out_fp);
+
+ /* close and reset the fd */
+ close_message_fd (ctrl);
+ assuan_close_input_fd (ctx);
+ assuan_close_output_fd (ctx);
+
+ return rc;
+}
+
+
+static const char hlp_verify[] =
+ "VERIFY\n"
+ "\n"
+ "This does a verify operation on the message send to the input FD.\n"
+ "The result is written out using status lines. If an output FD was\n"
+ "given, the signed text will be written to that.\n"
+ "\n"
+ "If the signature is a detached one, the server will inquire about\n"
+ "the signed material and the client must provide it.";
+static gpg_error_t
+cmd_verify (assuan_context_t ctx, char *line)
+{
+ int rc;
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
+ int out_fd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1);
+ FILE *out_fp = NULL;
+
+ (void)line;
+
+ if (fd == -1)
+ return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
+
+ if (out_fd != -1)
+ {
+ out_fp = fdopen ( dup(out_fd), "w");
+ if (!out_fp)
+ return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
+ }
+
+ rc = start_audit_session (ctrl);
+ if (!rc)
+ rc = gpgsm_verify (assuan_get_pointer (ctx), fd,
+ ctrl->server_local->message_fd, out_fp);
+ if (out_fp)
+ fclose (out_fp);
+
+ /* close and reset the fd */
+ close_message_fd (ctrl);
+ assuan_close_input_fd (ctx);
+ assuan_close_output_fd (ctx);
+
+ return rc;
+}
+
+
+static const char hlp_sign[] =
+ "SIGN [--detached]\n"
+ "\n"
+ "Sign the data set with the INPUT command and write it to the sink\n"
+ "set by OUTPUT. With \"--detached\", a detached signature is\n"
+ "created (surprise).";
+static gpg_error_t
+cmd_sign (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int inp_fd, out_fd;
+ FILE *out_fp;
+ int detached;
+ int rc;
+
+ inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
+ if (inp_fd == -1)
+ return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
+ out_fd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1);
+ if (out_fd == -1)
+ return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
+
+ detached = has_option (line, "--detached");
+
+ out_fp = fdopen ( dup(out_fd), "w");
+ if (!out_fp)
+ return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
+
+ rc = start_audit_session (ctrl);
+ if (!rc)
+ rc = gpgsm_sign (assuan_get_pointer (ctx), ctrl->server_local->signerlist,
+ inp_fd, detached, out_fp);
+ fclose (out_fp);
+
+ /* close and reset the fd */
+ close_message_fd (ctrl);
+ assuan_close_input_fd (ctx);
+ assuan_close_output_fd (ctx);
+
+ return rc;
+}
+
+
+static const char hlp_import[] =
+ "IMPORT [--re-import]\n"
+ "\n"
+ "Import the certificates read form the input-fd, return status\n"
+ "message for each imported one. The import checks the validity of\n"
+ "the certificate but not of the entire chain. It is possible to\n"
+ "import expired certificates.\n"
+ "\n"
+ "With the option --re-import the input data is expected to a be a LF\n"
+ "separated list of fingerprints. The command will re-import these\n"
+ "certificates, meaning that they are made permanent by removing\n"
+ "their ephemeral flag.";
+static gpg_error_t
+cmd_import (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int rc;
+ int fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
+ int reimport = has_option (line, "--re-import");
+
+ (void)line;
+
+ if (fd == -1)
+ return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
+
+ rc = gpgsm_import (assuan_get_pointer (ctx), fd, reimport);
+
+ /* close and reset the fd */
+ close_message_fd (ctrl);
+ assuan_close_input_fd (ctx);
+ assuan_close_output_fd (ctx);
+
+ return rc;
+}
+
+
+static const char hlp_export[] =
+ "EXPORT [--data [--armor|--base64]] [--] <pattern>\n"
+ "\n"
+ "Export the certificates selected by PATTERN. With --data the output\n"
+ "is returned using Assuan D lines; the default is to use the sink given\n"
+ "by the last \"OUTPUT\" command. The options --armor or --base64 encode \n"
+ "the output using the PEM respective a plain base-64 format; the default\n"
+ "is a binary format which is only suitable for a single certificate.";
+static gpg_error_t
+cmd_export (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ char *p;
+ strlist_t list, sl;
+ int use_data;
+
+ use_data = has_option (line, "--data");
+
+ if (use_data)
+ {
+ /* We need to override any possible setting done by an OUTPUT command. */
+ ctrl->create_pem = has_option (line, "--armor");
+ ctrl->create_base64 = has_option (line, "--base64");
+ }
+
+ line = skip_options (line);
+
+ /* Break the line down into an strlist_t. */
+ list = NULL;
+ for (p=line; *p; line = p)
+ {
+ while (*p && *p != ' ')
+ p++;
+ if (*p)
+ *p++ = 0;
+ if (*line)
+ {
+ sl = xtrymalloc (sizeof *sl + strlen (line));
+ if (!sl)
+ {
+ free_strlist (list);
+ return out_of_core ();
+ }
+ sl->flags = 0;
+ strcpy_escaped_plus (sl->d, line);
+ sl->next = list;
+ list = sl;
+ }
+ }
+
+ if (use_data)
+ {
+ estream_t stream;
+
+ stream = es_fopencookie (ctx, "w", data_line_cookie_functions);
+ if (!stream)
+ {
+ free_strlist (list);
+ return set_error (GPG_ERR_ASS_GENERAL,
+ "error setting up a data stream");
+ }
+ gpgsm_export (ctrl, list, NULL, stream);
+ es_fclose (stream);
+ }
+ else
+ {
+ int fd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1);
+ FILE *out_fp;
+
+ if (fd == -1)
+ {
+ free_strlist (list);
+ return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
+ }
+ out_fp = fdopen ( dup(fd), "w");
+ if (!out_fp)
+ {
+ free_strlist (list);
+ return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
+ }
+
+ gpgsm_export (ctrl, list, out_fp, NULL);
+ fclose (out_fp);
+ }
+
+ free_strlist (list);
+ /* Close and reset the fds. */
+ close_message_fd (ctrl);
+ assuan_close_input_fd (ctx);
+ assuan_close_output_fd (ctx);
+ return 0;
+}
+
+
+
+static const char hlp_delkeys[] =
+ "DELKEYS <patterns>\n"
+ "\n"
+ "Delete the certificates specified by PATTERNS. Each pattern shall be\n"
+ "a percent-plus escaped certificate specification. Usually a\n"
+ "fingerprint will be used for this.";
+static gpg_error_t
+cmd_delkeys (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ char *p;
+ strlist_t list, sl;
+ int rc;
+
+ /* break the line down into an strlist_t */
+ list = NULL;
+ for (p=line; *p; line = p)
+ {
+ while (*p && *p != ' ')
+ p++;
+ if (*p)
+ *p++ = 0;
+ if (*line)
+ {
+ sl = xtrymalloc (sizeof *sl + strlen (line));
+ if (!sl)
+ {
+ free_strlist (list);
+ return out_of_core ();
+ }
+ sl->flags = 0;
+ strcpy_escaped_plus (sl->d, line);
+ sl->next = list;
+ list = sl;
+ }
+ }
+
+ rc = gpgsm_delete (ctrl, list);
+ free_strlist (list);
+
+ /* close and reset the fd */
+ close_message_fd (ctrl);
+ assuan_close_input_fd (ctx);
+ assuan_close_output_fd (ctx);
+
+ return rc;
+}
+
+
+
+static const char hlp_output[] =
+ "OUTPUT FD[=<n>]\n"
+ "\n"
+ "Set the file descriptor to write the output data to N. If N is not\n"
+ "given and the operating system supports file descriptor passing, the\n"
+ "file descriptor currently in flight will be used. See also the\n"
+ "\"INPUT\" and \"MESSAGE\" commands.";
+static const char hlp_input[] =
+ "INPUT FD[=<n>]\n"
+ "\n"
+ "Set the file descriptor to read the input data to N. If N is not\n"
+ "given and the operating system supports file descriptor passing, the\n"
+ "file descriptor currently in flight will be used. See also the\n"
+ "\"MESSAGE\" and \"OUTPUT\" commands.";
+static const char hlp_message[] =
+ "MESSAGE FD[=<n>]\n"
+ "\n"
+ "Set the file descriptor to read the message for a detached\n"
+ "signatures to N. If N is not given and the operating system\n"
+ "supports file descriptor passing, the file descriptor currently in\n"
+ "flight will be used. See also the \"INPUT\" and \"OUTPUT\" commands.";
+static gpg_error_t
+cmd_message (assuan_context_t ctx, char *line)
+{
+ int rc;
+ gnupg_fd_t sysfd;
+ int fd;
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ rc = assuan_command_parse_fd (ctx, line, &sysfd);
+ if (rc)
+ return rc;
+ fd = translate_sys2libc_fd (sysfd, 0);
+ if (fd == -1)
+ return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
+ ctrl->server_local->message_fd = fd;
+ return 0;
+}
+
+
+
+static const char hlp_listkeys[] =
+ "LISTKEYS [<patterns>]\n"
+ "LISTSECRETKEYS [<patterns>]\n"
+ "DUMPKEYS [<patterns>]\n"
+ "DUMPSECRETKEYS [<patterns>]\n"
+ "\n"
+ "List all certificates or only those specified by PATTERNS. Each\n"
+ "pattern shall be a percent-plus escaped certificate specification.\n"
+ "The \"SECRET\" versions of the command filter the output to include\n"
+ "only certificates where the secret key is available or a corresponding\n"
+ "smartcard has been registered. The \"DUMP\" versions of the command\n"
+ "are only useful for debugging. The output format is a percent escaped\n"
+ "colon delimited listing as described in the manual.\n"
+ "\n"
+ "These \"OPTION\" command keys effect the output::\n"
+ "\n"
+ " \"list-mode\" set to 0: List only local certificates (default).\n"
+ " 1: Ditto.\n"
+ " 2: List only external certificates.\n"
+ " 3: List local and external certificates.\n"
+ "\n"
+ " \"with-validation\" set to true: Validate each certificate.\n"
+ "\n"
+ " \"with-ephemeral-key\" set to true: Always include ephemeral\n"
+ " certificates.\n"
+ "\n"
+ " \"list-to-output\" set to true: Write output to the file descriptor\n"
+ " given by the last \"OUTPUT\" command.";
+static int
+do_listkeys (assuan_context_t ctx, char *line, int mode)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ estream_t fp;
+ char *p;
+ strlist_t list, sl;
+ unsigned int listmode;
+ gpg_error_t err;
+
+ /* Break the line down into an strlist. */
+ list = NULL;
+ for (p=line; *p; line = p)
+ {
+ while (*p && *p != ' ')
+ p++;
+ if (*p)
+ *p++ = 0;
+ if (*line)
+ {
+ sl = xtrymalloc (sizeof *sl + strlen (line));
+ if (!sl)
+ {
+ free_strlist (list);
+ return out_of_core ();
+ }
+ sl->flags = 0;
+ strcpy_escaped_plus (sl->d, line);
+ sl->next = list;
+ list = sl;
+ }
+ }
+
+ if (ctrl->server_local->list_to_output)
+ {
+ int outfd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1);
+
+ if ( outfd == -1 )
+ return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
+ fp = es_fdopen ( dup (outfd), "w");
+ if (!fp)
+ return set_error (GPG_ERR_ASS_GENERAL, "es_fdopen() failed");
+ }
+ else
+ {
+ fp = es_fopencookie (ctx, "w", data_line_cookie_functions);
+ if (!fp)
+ return set_error (GPG_ERR_ASS_GENERAL,
+ "error setting up a data stream");
+ }
+
+ ctrl->with_colons = 1;
+ listmode = mode;
+ if (ctrl->server_local->list_internal)
+ listmode |= (1<<6);
+ if (ctrl->server_local->list_external)
+ listmode |= (1<<7);
+ err = gpgsm_list_keys (assuan_get_pointer (ctx), list, fp, listmode);
+ free_strlist (list);
+ es_fclose (fp);
+ if (ctrl->server_local->list_to_output)
+ assuan_close_output_fd (ctx);
+ return err;
+}
+
+static gpg_error_t
+cmd_listkeys (assuan_context_t ctx, char *line)
+{
+ return do_listkeys (ctx, line, 3);
+}
+
+static gpg_error_t
+cmd_dumpkeys (assuan_context_t ctx, char *line)
+{
+ return do_listkeys (ctx, line, 259);
+}
+
+static gpg_error_t
+cmd_listsecretkeys (assuan_context_t ctx, char *line)
+{
+ return do_listkeys (ctx, line, 2);
+}
+
+static gpg_error_t
+cmd_dumpsecretkeys (assuan_context_t ctx, char *line)
+{
+ return do_listkeys (ctx, line, 258);
+}
+
+
+
+static const char hlp_genkey[] =
+ "GENKEY\n"
+ "\n"
+ "Read the parameters in native format from the input fd and write a\n"
+ "certificate request to the output.";
+static gpg_error_t
+cmd_genkey (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int inp_fd, out_fd;
+ FILE *out_fp;
+ int rc;
+ estream_t in_stream;
+
+ (void)line;
+
+ inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
+ if (inp_fd == -1)
+ return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
+ out_fd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1);
+ if (out_fd == -1)
+ return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
+
+ in_stream = es_fdopen_nc (inp_fd, "r");
+ if (!in_stream)
+ return set_error (GPG_ERR_ASS_GENERAL, "es_fdopen failed");
+
+ out_fp = fdopen ( dup(out_fd), "w");
+ if (!out_fp)
+ {
+ es_fclose (in_stream);
+ return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
+ }
+ rc = gpgsm_genkey (ctrl, in_stream, out_fp);
+ fclose (out_fp);
+
+ /* close and reset the fds */
+ assuan_close_input_fd (ctx);
+ assuan_close_output_fd (ctx);
+
+ return rc;
+}
+
+
+
+static const char hlp_getauditlog[] =
+ "GETAUDITLOG [--data] [--html]\n"
+ "\n"
+ "If --data is used, the output is send using D-lines and not to the\n"
+ "file descriptor given by an OUTPUT command.\n"
+ "\n"
+ "If --html is used the output is formated as an XHTML block. This is\n"
+ "designed to be incorporated into a HTML document.";
+static gpg_error_t
+cmd_getauditlog (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ int out_fd;
+ estream_t out_stream;
+ int opt_data, opt_html;
+ int rc;
+
+ opt_data = has_option (line, "--data");
+ opt_html = has_option (line, "--html");
+ line = skip_options (line);
+
+ if (!ctrl->audit)
+ return gpg_error (GPG_ERR_NO_DATA);
+
+ if (opt_data)
+ {
+ out_stream = es_fopencookie (ctx, "w", data_line_cookie_functions);
+ if (!out_stream)
+ return set_error (GPG_ERR_ASS_GENERAL,
+ "error setting up a data stream");
+ }
+ else
+ {
+ out_fd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1);
+ if (out_fd == -1)
+ return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
+
+ out_stream = es_fdopen_nc ( dup (out_fd), "w");
+ if (!out_stream)
+ {
+ return set_error (GPG_ERR_ASS_GENERAL, "es_fdopen() failed");
+ }
+ }
+
+ audit_print_result (ctrl->audit, out_stream, opt_html);
+ rc = 0;
+
+ es_fclose (out_stream);
+
+ /* Close and reset the fd. */
+ if (!opt_data)
+ assuan_close_output_fd (ctx);
+ return rc;
+}
+
+
+static const char hlp_getinfo[] =
+ "GETINFO <what>\n"
+ "\n"
+ "Multipurpose function to return a variety of information.\n"
+ "Supported values for WHAT are:\n"
+ "\n"
+ " version - Return the version of the program.\n"
+ " pid - Return the process id of the server.\n"
+ " agent-check - Return success if the agent is running.\n"
+ " cmd_has_option CMD OPT\n"
+ " - Returns OK if the command CMD implements the option OPT.";
+static gpg_error_t
+cmd_getinfo (assuan_context_t ctx, char *line)
+{
+ int rc = 0;
+
+ if (!strcmp (line, "version"))
+ {
+ const char *s = VERSION;
+ rc = assuan_send_data (ctx, s, strlen (s));
+ }
+ else if (!strcmp (line, "pid"))
+ {
+ char numbuf[50];
+
+ snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ());
+ rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
+ }
+ else if (!strcmp (line, "agent-check"))
+ {
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ rc = gpgsm_agent_send_nop (ctrl);
+ }
+ else if (!strncmp (line, "cmd_has_option", 14)
+ && (line[14] == ' ' || line[14] == '\t' || !line[14]))
+ {
+ char *cmd, *cmdopt;
+ line += 14;
+ while (*line == ' ' || *line == '\t')
+ line++;
+ if (!*line)
+ rc = gpg_error (GPG_ERR_MISSING_VALUE);
+ else
+ {
+ cmd = line;
+ while (*line && (*line != ' ' && *line != '\t'))
+ line++;
+ if (!*line)
+ rc = gpg_error (GPG_ERR_MISSING_VALUE);
+ else
+ {
+ *line++ = 0;
+ while (*line == ' ' || *line == '\t')
+ line++;
+ if (!*line)
+ rc = gpg_error (GPG_ERR_MISSING_VALUE);
+ else
+ {
+ cmdopt = line;
+ if (!command_has_option (cmd, cmdopt))
+ rc = gpg_error (GPG_ERR_GENERAL);
+ }
+ }
+ }
+ }
+ else
+ rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
+
+ return rc;
+}
+
+
+
+static const char hlp_passwd[] =
+ "PASSWD <userID>\n"
+ "\n"
+ "Change the passphrase of the secret key for USERID.";
+static gpg_error_t
+cmd_passwd (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+ gpg_error_t err;
+ ksba_cert_t cert = NULL;
+ char *grip = NULL;
+
+ line = skip_options (line);
+
+ err = gpgsm_find_cert (line, NULL, &cert);
+ if (err)
+ ;
+ else if (!(grip = gpgsm_get_keygrip_hexstring (cert)))
+ err = gpg_error (GPG_ERR_INTERNAL);
+ else
+ {
+ char *desc = gpgsm_format_keydesc (cert);
+ err = gpgsm_agent_passwd (ctrl, grip, desc);
+ xfree (desc);
+ }
+
+ xfree (grip);
+ ksba_cert_release (cert);
+
+ return err;
+}
+
+
+
+
+
+/* Return true if the command CMD implements the option OPT. */
+static int
+command_has_option (const char *cmd, const char *cmdopt)
+{
+ if (!strcmp (cmd, "IMPORT"))
+ {
+ if (!strcmp (cmdopt, "re-import"))
+ return 1;
+ }
+
+ return 0;
+}
+
+
+/* Tell the assuan library about our commands */
+static int
+register_commands (assuan_context_t ctx)
+{
+ static struct {
+ const char *name;
+ assuan_handler_t handler;
+ const char * const help;
+ } table[] = {
+ { "RECIPIENT", cmd_recipient, hlp_recipient },
+ { "SIGNER", cmd_signer, hlp_signer },
+ { "ENCRYPT", cmd_encrypt, hlp_encrypt },
+ { "DECRYPT", cmd_decrypt, hlp_decrypt },
+ { "VERIFY", cmd_verify, hlp_verify },
+ { "SIGN", cmd_sign, hlp_sign },
+ { "IMPORT", cmd_import, hlp_import },
+ { "EXPORT", cmd_export, hlp_export },
+ { "INPUT", NULL, hlp_input },
+ { "OUTPUT", NULL, hlp_output },
+ { "MESSAGE", cmd_message, hlp_message },
+ { "LISTKEYS", cmd_listkeys, hlp_listkeys },
+ { "DUMPKEYS", cmd_dumpkeys, hlp_listkeys },
+ { "LISTSECRETKEYS",cmd_listsecretkeys, hlp_listkeys },
+ { "DUMPSECRETKEYS",cmd_dumpsecretkeys, hlp_listkeys },
+ { "GENKEY", cmd_genkey, hlp_genkey },
+ { "DELKEYS", cmd_delkeys, hlp_delkeys },
+ { "GETAUDITLOG", cmd_getauditlog, hlp_getauditlog },
+ { "GETINFO", cmd_getinfo, hlp_getinfo },
+ { "PASSWD", cmd_passwd, hlp_passwd },
+ { NULL }
+ };
+ int i, rc;
+
+ for (i=0; table[i].name; i++)
+ {
+ rc = assuan_register_command (ctx, table[i].name, table[i].handler,
+ table[i].help);
+ if (rc)
+ return rc;
+ }
+ return 0;
+}
+
+/* Startup the server. DEFAULT_RECPLIST is the list of recipients as
+ set from the command line or config file. We only require those
+ marked as encrypt-to. */
+void
+gpgsm_server (certlist_t default_recplist)
+{
+ int rc;
+ assuan_fd_t filedes[2];
+ assuan_context_t ctx;
+ struct server_control_s ctrl;
+ static const char hello[] = ("GNU Privacy Guard's S/M server "
+ VERSION " ready");
+
+ memset (&ctrl, 0, sizeof ctrl);
+ gpgsm_init_default_ctrl (&ctrl);
+
+ /* We use a pipe based server so that we can work from scripts.
+ assuan_init_pipe_server will automagically detect when we are
+ called with a socketpair and ignore FIELDES in this case. */
+ filedes[0] = assuan_fdopen (0);
+ filedes[1] = assuan_fdopen (1);
+ rc = assuan_new (&ctx);
+ if (rc)
+ {
+ log_error ("failed to allocate assuan context: %s\n",
+ gpg_strerror (rc));
+ gpgsm_exit (2);
+ }
+
+ rc = assuan_init_pipe_server (ctx, filedes);
+ if (rc)
+ {
+ log_error ("failed to initialize the server: %s\n",
+ gpg_strerror (rc));
+ gpgsm_exit (2);
+ }
+ rc = register_commands (ctx);
+ if (rc)
+ {
+ log_error ("failed to the register commands with Assuan: %s\n",
+ gpg_strerror(rc));
+ gpgsm_exit (2);
+ }
+ if (opt.verbose || opt.debug)
+ {
+ char *tmp = NULL;
+ const char *s1 = getenv ("GPG_AGENT_INFO");
+ const char *s2 = getenv ("DIRMNGR_INFO");
+
+ if (asprintf (&tmp,
+ "Home: %s\n"
+ "Config: %s\n"
+ "AgentInfo: %s\n"
+ "DirmngrInfo: %s\n"
+ "%s",
+ opt.homedir,
+ opt.config_filename,
+ s1?s1:"[not set]",
+ s2?s2:"[not set]",
+ hello) > 0)
+ {
+ assuan_set_hello_line (ctx, tmp);
+ free (tmp);
+ }
+ }
+ else
+ assuan_set_hello_line (ctx, hello);
+
+ assuan_register_reset_notify (ctx, reset_notify);
+ assuan_register_input_notify (ctx, input_notify);
+ assuan_register_output_notify (ctx, output_notify);
+ assuan_register_option_handler (ctx, option_handler);
+
+ assuan_set_pointer (ctx, &ctrl);
+ ctrl.server_local = xcalloc (1, sizeof *ctrl.server_local);
+ ctrl.server_local->assuan_ctx = ctx;
+ ctrl.server_local->message_fd = -1;
+ ctrl.server_local->list_internal = 1;
+ ctrl.server_local->list_external = 0;
+ ctrl.server_local->default_recplist = default_recplist;
+
+ if (DBG_ASSUAN)
+ assuan_set_log_stream (ctx, log_get_stream ());
+
+ for (;;)
+ {
+ rc = assuan_accept (ctx);
+ if (rc == -1)
+ {
+ break;
+ }
+ else if (rc)
+ {
+ log_info ("Assuan accept problem: %s\n", gpg_strerror (rc));
+ break;
+ }
+
+ rc = assuan_process (ctx);
+ if (rc)
+ {
+ log_info ("Assuan processing failed: %s\n", gpg_strerror (rc));
+ continue;
+ }
+ }
+
+ gpgsm_release_certlist (ctrl.server_local->recplist);
+ ctrl.server_local->recplist = NULL;
+ gpgsm_release_certlist (ctrl.server_local->signerlist);
+ ctrl.server_local->signerlist = NULL;
+ xfree (ctrl.server_local);
+
+ audit_release (ctrl.audit);
+ ctrl.audit = NULL;
+
+ assuan_release (ctx);
+}
+
+
+
+gpg_error_t
+gpgsm_status2 (ctrl_t ctrl, int no, ...)
+{
+ gpg_error_t err = 0;
+ va_list arg_ptr;
+ const char *text;
+
+ va_start (arg_ptr, no);
+
+ if (ctrl->no_server && ctrl->status_fd == -1)
+ ; /* No status wanted. */
+ else if (ctrl->no_server)
+ {
+ if (!statusfp)
+ {
+ if (ctrl->status_fd == 1)
+ statusfp = stdout;
+ else if (ctrl->status_fd == 2)
+ statusfp = stderr;
+ else
+ statusfp = fdopen (ctrl->status_fd, "w");
+
+ if (!statusfp)
+ {
+ log_fatal ("can't open fd %d for status output: %s\n",
+ ctrl->status_fd, strerror(errno));
+ }
+ }
+
+ fputs ("[GNUPG:] ", statusfp);
+ fputs (get_status_string (no), statusfp);
+
+ while ( (text = va_arg (arg_ptr, const char*) ))
+ {
+ putc ( ' ', statusfp );
+ for (; *text; text++)
+ {
+ if (*text == '\n')
+ fputs ( "\\n", statusfp );
+ else if (*text == '\r')
+ fputs ( "\\r", statusfp );
+ else
+ putc ( *(const byte *)text, statusfp );
+ }
+ }
+ putc ('\n', statusfp);
+ fflush (statusfp);
+ }
+ else
+ {
+ assuan_context_t ctx = ctrl->server_local->assuan_ctx;
+ char buf[950], *p;
+ size_t n;
+
+ p = buf;
+ n = 0;
+ while ( (text = va_arg (arg_ptr, const char *)) )
+ {
+ if (n)
+ {
+ *p++ = ' ';
+ n++;
+ }
+ for ( ; *text && n < DIM (buf)-2; n++)
+ *p++ = *text++;
+ }
+ *p = 0;
+ err = assuan_write_status (ctx, get_status_string (no), buf);
+ }
+
+ va_end (arg_ptr);
+ return err;
+}
+
+gpg_error_t
+gpgsm_status (ctrl_t ctrl, int no, const char *text)
+{
+ return gpgsm_status2 (ctrl, no, text, NULL);
+}
+
+gpg_error_t
+gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
+ gpg_err_code_t ec)
+{
+ char buf[30];
+
+ sprintf (buf, "%u", (unsigned int)ec);
+ if (text)
+ return gpgsm_status2 (ctrl, no, text, buf, NULL);
+ else
+ return gpgsm_status2 (ctrl, no, buf, NULL);
+}
+
+
+/* Helper to notify the client about Pinentry events. Because that
+ might disturb some older clients, this is only done when enabled
+ via an option. Returns an gpg error code. */
+gpg_error_t
+gpgsm_proxy_pinentry_notify (ctrl_t ctrl, const unsigned char *line)
+{
+ if (!ctrl || !ctrl->server_local
+ || !ctrl->server_local->allow_pinentry_notify)
+ return 0;
+ return assuan_inquire (ctrl->server_local->assuan_ctx, line, NULL, NULL, 0);
+}
+
+
+
diff --git a/sm/sign.c b/sm/sign.c
new file mode 100644
index 0000000..fd7c4ff
--- /dev/null
+++ b/sm/sign.c
@@ -0,0 +1,780 @@
+/* sign.c - Sign a message
+ * Copyright (C) 2001, 2002, 2003, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <ksba.h>
+
+#include "keydb.h"
+#include "i18n.h"
+
+
+/* Hash the data and return if something was hashed. Return -1 on error. */
+static int
+hash_data (int fd, gcry_md_hd_t md)
+{
+ FILE *fp;
+ char buffer[4096];
+ int nread;
+ int rc = 0;
+
+ fp = fdopen ( dup (fd), "rb");
+ if (!fp)
+ {
+ log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno));
+ return -1;
+ }
+
+ do
+ {
+ nread = fread (buffer, 1, DIM(buffer), fp);
+ gcry_md_write (md, buffer, nread);
+ }
+ while (nread);
+ if (ferror (fp))
+ {
+ log_error ("read error on fd %d: %s\n", fd, strerror (errno));
+ rc = -1;
+ }
+ fclose (fp);
+ return rc;
+}
+
+static int
+hash_and_copy_data (int fd, gcry_md_hd_t md, ksba_writer_t writer)
+{
+ gpg_error_t err;
+ FILE *fp;
+ char buffer[4096];
+ int nread;
+ int rc = 0;
+ int any = 0;
+
+ fp = fdopen ( dup (fd), "rb");
+ if (!fp)
+ {
+ gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
+ log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno));
+ return tmperr;
+ }
+
+ do
+ {
+ nread = fread (buffer, 1, DIM(buffer), fp);
+ if (nread)
+ {
+ any = 1;
+ gcry_md_write (md, buffer, nread);
+ err = ksba_writer_write_octet_string (writer, buffer, nread, 0);
+ if (err)
+ {
+ log_error ("write failed: %s\n", gpg_strerror (err));
+ rc = err;
+ }
+ }
+ }
+ while (nread && !rc);
+ if (ferror (fp))
+ {
+ rc = gpg_error (gpg_err_code_from_errno (errno));
+ log_error ("read error on fd %d: %s\n", fd, strerror (errno));
+ }
+ fclose (fp);
+ if (!any)
+ {
+ /* We can't allow to sign an empty message because it does not
+ make much sense and more seriously, ksba-cms_build has
+ already written the tag for data and now expects an octet
+ string but an octet string of zeize 0 is illegal. */
+ log_error ("cannot sign an empty message\n");
+ rc = gpg_error (GPG_ERR_NO_DATA);
+ }
+ if (!rc)
+ {
+ err = ksba_writer_write_octet_string (writer, NULL, 0, 1);
+ if (err)
+ {
+ log_error ("write failed: %s\n", gpg_strerror (err));
+ rc = err;
+ }
+ }
+
+ return rc;
+}
+
+
+/* Get the default certificate which is defined as the first
+ certificate capable of signing returned by the keyDB and has a
+ secret key available. */
+int
+gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert)
+{
+ KEYDB_HANDLE hd;
+ ksba_cert_t cert = NULL;
+ int rc;
+ char *p;
+
+ hd = keydb_new (0);
+ if (!hd)
+ return gpg_error (GPG_ERR_GENERAL);
+ rc = keydb_search_first (hd);
+ if (rc)
+ {
+ keydb_release (hd);
+ return rc;
+ }
+
+ do
+ {
+ rc = keydb_get_cert (hd, &cert);
+ if (rc)
+ {
+ log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc));
+ keydb_release (hd);
+ return rc;
+ }
+
+ if (!gpgsm_cert_use_sign_p (cert))
+ {
+ p = gpgsm_get_keygrip_hexstring (cert);
+ if (p)
+ {
+ if (!gpgsm_agent_havekey (ctrl, p))
+ {
+ xfree (p);
+ keydb_release (hd);
+ *r_cert = cert;
+ return 0; /* got it */
+ }
+ xfree (p);
+ }
+ }
+
+ ksba_cert_release (cert);
+ cert = NULL;
+ }
+ while (!(rc = keydb_search_next (hd)));
+ if (rc && rc != -1)
+ log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
+
+ ksba_cert_release (cert);
+ keydb_release (hd);
+ return rc;
+}
+
+
+static ksba_cert_t
+get_default_signer (ctrl_t ctrl)
+{
+ KEYDB_SEARCH_DESC desc;
+ ksba_cert_t cert = NULL;
+ KEYDB_HANDLE kh = NULL;
+ int rc;
+
+ if (!opt.local_user)
+ {
+ rc = gpgsm_get_default_cert (ctrl, &cert);
+ if (rc)
+ {
+ if (rc != -1)
+ log_debug ("failed to find default certificate: %s\n",
+ gpg_strerror (rc));
+ return NULL;
+ }
+ return cert;
+ }
+
+ rc = keydb_classify_name (opt.local_user, &desc);
+ if (rc)
+ {
+ log_error ("failed to find default signer: %s\n", gpg_strerror (rc));
+ return NULL;
+ }
+
+ kh = keydb_new (0);
+ if (!kh)
+ return NULL;
+
+ rc = keydb_search (kh, &desc, 1);
+ if (rc)
+ {
+ log_debug ("failed to find default certificate: rc=%d\n", rc);
+ }
+ else
+ {
+ rc = keydb_get_cert (kh, &cert);
+ if (rc)
+ {
+ log_debug ("failed to get cert: rc=%d\n", rc);
+ }
+ }
+
+ keydb_release (kh);
+ return cert;
+}
+
+/* Depending on the options in CTRL add the certificate CERT as well as
+ other certificate up in the chain to the Root-CA to the CMS
+ object. */
+static int
+add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert)
+{
+ gpg_error_t err;
+ int rc = 0;
+ ksba_cert_t next = NULL;
+ int n;
+ int not_root = 0;
+
+ ksba_cert_ref (cert);
+
+ n = ctrl->include_certs;
+ log_debug ("adding certificates at level %d\n", n);
+ if (n == -2)
+ {
+ not_root = 1;
+ n = -1;
+ }
+ if (n < 0 || n > 50)
+ n = 50; /* We better apply an upper bound */
+
+ /* First add my own certificate unless we don't want any certificate
+ included at all. */
+ if (n)
+ {
+ if (not_root && gpgsm_is_root_cert (cert))
+ err = 0;
+ else
+ err = ksba_cms_add_cert (cms, cert);
+ if (err)
+ goto ksba_failure;
+ if (n>0)
+ n--;
+ }
+ /* Walk the chain to include all other certificates. Note that a -1
+ used for N makes sure that there is no limit and all certs get
+ included. */
+ while ( n-- && !(rc = gpgsm_walk_cert_chain (ctrl, cert, &next)) )
+ {
+ if (not_root && gpgsm_is_root_cert (next))
+ err = 0;
+ else
+ err = ksba_cms_add_cert (cms, next);
+ ksba_cert_release (cert);
+ cert = next; next = NULL;
+ if (err)
+ goto ksba_failure;
+ }
+ ksba_cert_release (cert);
+
+ return rc == -1? 0: rc;
+
+ ksba_failure:
+ ksba_cert_release (cert);
+ log_error ("ksba_cms_add_cert failed: %s\n", gpg_strerror (err));
+ return err;
+}
+
+
+
+
+/* Perform a sign operation.
+
+ Sign the data received on DATA-FD in embedded mode or in detached
+ mode when DETACHED is true. Write the signature to OUT_FP. The
+ keys used to sign are taken from SIGNERLIST or the default one will
+ be used if the value of this argument is NULL. */
+int
+gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
+ int data_fd, int detached, FILE *out_fp)
+{
+ int i, rc;
+ gpg_error_t err;
+ Base64Context b64writer = NULL;
+ ksba_writer_t writer;
+ ksba_cms_t cms = NULL;
+ ksba_stop_reason_t stopreason;
+ KEYDB_HANDLE kh = NULL;
+ gcry_md_hd_t data_md = NULL;
+ int signer;
+ const char *algoid;
+ int algo;
+ ksba_isotime_t signed_at;
+ certlist_t cl;
+ int release_signerlist = 0;
+
+ audit_set_type (ctrl->audit, AUDIT_TYPE_SIGN);
+
+ kh = keydb_new (0);
+ if (!kh)
+ {
+ log_error (_("failed to allocated keyDB handle\n"));
+ rc = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+ ctrl->pem_name = "SIGNED MESSAGE";
+ rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, NULL, &writer);
+ if (rc)
+ {
+ log_error ("can't create writer: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ err = ksba_cms_new (&cms);
+ if (err)
+ {
+ rc = err;
+ goto leave;
+ }
+
+ err = ksba_cms_set_reader_writer (cms, NULL, writer);
+ if (err)
+ {
+ log_debug ("ksba_cms_set_reader_writer failed: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+
+ /* We are going to create signed data with data as encap. content */
+ err = ksba_cms_set_content_type (cms, 0, KSBA_CT_SIGNED_DATA);
+ if (!err)
+ err = ksba_cms_set_content_type (cms, 1, KSBA_CT_DATA);
+ if (err)
+ {
+ log_debug ("ksba_cms_set_content_type failed: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+
+ /* If no list of signers is given, use the default certificate. */
+ if (!signerlist)
+ {
+ ksba_cert_t cert = get_default_signer (ctrl);
+ if (!cert)
+ {
+ log_error ("no default signer found\n");
+ gpgsm_status2 (ctrl, STATUS_INV_SGNR,
+ get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY), NULL);
+ rc = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+ /* Although we don't check for ambigious specification we will
+ check that the signer's certificate is usable and valid. */
+ rc = gpgsm_cert_use_sign_p (cert);
+ if (!rc)
+ rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL);
+ if (rc)
+ {
+ char *tmpfpr;
+
+ tmpfpr = gpgsm_get_fingerprint_hexstring (cert, 0);
+ gpgsm_status2 (ctrl, STATUS_INV_SGNR,
+ get_inv_recpsgnr_code (rc), tmpfpr, NULL);
+ xfree (tmpfpr);
+ goto leave;
+ }
+
+ /* That one is fine - create signerlist. */
+ signerlist = xtrycalloc (1, sizeof *signerlist);
+ if (!signerlist)
+ {
+ rc = out_of_core ();
+ ksba_cert_release (cert);
+ goto leave;
+ }
+ signerlist->cert = cert;
+ release_signerlist = 1;
+ }
+
+ /* Figure out the hash algorithm to use. We do not want to use the
+ one for the certificate but if possible an OID for the plain
+ algorithm. */
+ if (opt.forced_digest_algo && opt.verbose)
+ log_info ("user requested hash algorithm %d\n", opt.forced_digest_algo);
+ for (i=0, cl=signerlist; cl; cl = cl->next, i++)
+ {
+ const char *oid;
+
+ if (opt.forced_digest_algo)
+ {
+ oid = NULL;
+ cl->hash_algo = opt.forced_digest_algo;
+ }
+ else
+ {
+ oid = ksba_cert_get_digest_algo (cl->cert);
+ cl->hash_algo = oid ? gcry_md_map_name (oid) : 0;
+ }
+ switch (cl->hash_algo)
+ {
+ case GCRY_MD_SHA1: oid = "1.3.14.3.2.26"; break;
+ case GCRY_MD_RMD160: oid = "1.3.36.3.2.1"; break;
+ case GCRY_MD_SHA224: oid = "2.16.840.1.101.3.4.2.4"; break;
+ case GCRY_MD_SHA256: oid = "2.16.840.1.101.3.4.2.1"; break;
+ case GCRY_MD_SHA384: oid = "2.16.840.1.101.3.4.2.2"; break;
+ case GCRY_MD_SHA512: oid = "2.16.840.1.101.3.4.2.3"; break;
+/* case GCRY_MD_WHIRLPOOL: oid = "No OID yet"; break; */
+
+ case GCRY_MD_MD5: /* We don't want to use MD5. */
+ case 0: /* No algorithm found in cert. */
+ default: /* Other algorithms. */
+ log_info (_("hash algorithm %d (%s) for signer %d not supported;"
+ " using %s\n"),
+ cl->hash_algo, oid? oid: "?", i,
+ gcry_md_algo_name (GCRY_MD_SHA1));
+ cl->hash_algo = GCRY_MD_SHA1;
+ oid = "1.3.14.3.2.26";
+ break;
+ }
+ cl->hash_algo_oid = oid;
+ }
+
+ if (opt.verbose)
+ {
+ for (i=0, cl=signerlist; cl; cl = cl->next, i++)
+ log_info (_("hash algorithm used for signer %d: %s (%s)\n"),
+ i, gcry_md_algo_name (cl->hash_algo), cl->hash_algo_oid);
+ }
+
+
+ /* Gather certificates of signers and store them in the CMS object. */
+ for (cl=signerlist; cl; cl = cl->next)
+ {
+ rc = gpgsm_cert_use_sign_p (cl->cert);
+ if (rc)
+ goto leave;
+
+ err = ksba_cms_add_signer (cms, cl->cert);
+ if (err)
+ {
+ log_error ("ksba_cms_add_signer failed: %s\n", gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+ rc = add_certificate_list (ctrl, cms, cl->cert);
+ if (rc)
+ {
+ log_error ("failed to store list of certificates: %s\n",
+ gpg_strerror(rc));
+ goto leave;
+ }
+ /* Set the hash algorithm we are going to use */
+ err = ksba_cms_add_digest_algo (cms, cl->hash_algo_oid);
+ if (err)
+ {
+ log_debug ("ksba_cms_add_digest_algo failed: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+ }
+
+
+ /* Check whether one of the certificates is qualified. Note that we
+ already validated the certificate and thus the user data stored
+ flag must be available. */
+ for (cl=signerlist; cl; cl = cl->next)
+ {
+ size_t buflen;
+ char buffer[1];
+
+ err = ksba_cert_get_user_data (cl->cert, "is_qualified",
+ &buffer, sizeof (buffer), &buflen);
+ if (err || !buflen)
+ {
+ log_error (_("checking for qualified certificate failed: %s\n"),
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+ if (*buffer)
+ err = gpgsm_qualified_consent (ctrl, cl->cert);
+ else
+ err = gpgsm_not_qualified_warning (ctrl, cl->cert);
+ if (err)
+ {
+ rc = err;
+ goto leave;
+ }
+ }
+
+ /* Prepare hashing (actually we are figuring out what we have set
+ above). */
+ rc = gcry_md_open (&data_md, 0, 0);
+ if (rc)
+ {
+ log_error ("md_open failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ if (DBG_HASHING)
+ gcry_md_start_debug (data_md, "sign.data");
+
+ for (i=0; (algoid=ksba_cms_get_digest_algo_list (cms, i)); i++)
+ {
+ algo = gcry_md_map_name (algoid);
+ if (!algo)
+ {
+ log_error ("unknown hash algorithm `%s'\n", algoid? algoid:"?");
+ rc = gpg_error (GPG_ERR_BUG);
+ goto leave;
+ }
+ gcry_md_enable (data_md, algo);
+ audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, algo);
+ }
+
+ audit_log (ctrl->audit, AUDIT_SETUP_READY);
+
+ if (detached)
+ { /* We hash the data right now so that we can store the message
+ digest. ksba_cms_build() takes this as an flag that detached
+ data is expected. */
+ unsigned char *digest;
+ size_t digest_len;
+
+ if (!hash_data (data_fd, data_md))
+ audit_log (ctrl->audit, AUDIT_GOT_DATA);
+ for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
+ {
+ digest = gcry_md_read (data_md, cl->hash_algo);
+ digest_len = gcry_md_get_algo_dlen (cl->hash_algo);
+ if ( !digest || !digest_len )
+ {
+ log_error ("problem getting the hash of the data\n");
+ rc = gpg_error (GPG_ERR_BUG);
+ goto leave;
+ }
+ err = ksba_cms_set_message_digest (cms, signer, digest, digest_len);
+ if (err)
+ {
+ log_error ("ksba_cms_set_message_digest failed: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+ }
+ }
+
+ gnupg_get_isotime (signed_at);
+ for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
+ {
+ err = ksba_cms_set_signing_time (cms, signer, signed_at);
+ if (err)
+ {
+ log_error ("ksba_cms_set_signing_time failed: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+ }
+
+ /* We need to write at least a minimal list of our capabilities to
+ try to convince some MUAs to use 3DES and not the crippled
+ RC2. Our list is:
+
+ aes128-CBC
+ des-EDE3-CBC
+ */
+ err = ksba_cms_add_smime_capability (cms, "2.16.840.1.101.3.4.1.2", NULL, 0);
+ if (!err)
+ err = ksba_cms_add_smime_capability (cms, "1.2.840.113549.3.7", NULL, 0);
+ if (err)
+ {
+ log_error ("ksba_cms_add_smime_capability failed: %s\n",
+ gpg_strerror (err));
+ goto leave;
+ }
+
+
+ /* Main building loop. */
+ do
+ {
+ err = ksba_cms_build (cms, &stopreason);
+ if (err)
+ {
+ log_debug ("ksba_cms_build failed: %s\n", gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+
+ if (stopreason == KSBA_SR_BEGIN_DATA)
+ {
+ /* Hash the data and store the message digest. */
+ unsigned char *digest;
+ size_t digest_len;
+
+ assert (!detached);
+
+ rc = hash_and_copy_data (data_fd, data_md, writer);
+ if (rc)
+ goto leave;
+ audit_log (ctrl->audit, AUDIT_GOT_DATA);
+ for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
+ {
+ digest = gcry_md_read (data_md, cl->hash_algo);
+ digest_len = gcry_md_get_algo_dlen (cl->hash_algo);
+ if ( !digest || !digest_len )
+ {
+ log_error ("problem getting the hash of the data\n");
+ rc = gpg_error (GPG_ERR_BUG);
+ goto leave;
+ }
+ err = ksba_cms_set_message_digest (cms, signer,
+ digest, digest_len);
+ if (err)
+ {
+ log_error ("ksba_cms_set_message_digest failed: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+ }
+ }
+ else if (stopreason == KSBA_SR_NEED_SIG)
+ {
+ /* Compute the signature for all signers. */
+ gcry_md_hd_t md;
+
+ rc = gcry_md_open (&md, 0, 0);
+ if (rc)
+ {
+ log_error ("md_open failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ if (DBG_HASHING)
+ gcry_md_start_debug (md, "sign.attr");
+ ksba_cms_set_hash_function (cms, HASH_FNC, md);
+ for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
+ {
+ unsigned char *sigval = NULL;
+ char *buf, *fpr;
+
+ audit_log_i (ctrl->audit, AUDIT_NEW_SIG, signer);
+ if (signer)
+ gcry_md_reset (md);
+ {
+ certlist_t cl_tmp;
+
+ for (cl_tmp=signerlist; cl_tmp; cl_tmp = cl_tmp->next)
+ {
+ gcry_md_enable (md, cl_tmp->hash_algo);
+ audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO,
+ cl_tmp->hash_algo);
+ }
+ }
+
+ rc = ksba_cms_hash_signed_attrs (cms, signer);
+ if (rc)
+ {
+ log_debug ("hashing signed attrs failed: %s\n",
+ gpg_strerror (rc));
+ gcry_md_close (md);
+ goto leave;
+ }
+
+ rc = gpgsm_create_cms_signature (ctrl, cl->cert,
+ md, cl->hash_algo, &sigval);
+ if (rc)
+ {
+ audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, rc);
+ gcry_md_close (md);
+ goto leave;
+ }
+
+ err = ksba_cms_set_sig_val (cms, signer, sigval);
+ xfree (sigval);
+ if (err)
+ {
+ audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, err);
+ log_error ("failed to store the signature: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ gcry_md_close (md);
+ goto leave;
+ }
+
+ /* write a status message */
+ fpr = gpgsm_get_fingerprint_hexstring (cl->cert, GCRY_MD_SHA1);
+ if (!fpr)
+ {
+ rc = gpg_error (GPG_ERR_ENOMEM);
+ gcry_md_close (md);
+ goto leave;
+ }
+ rc = 0;
+ {
+ int pkalgo = gpgsm_get_key_algo_info (cl->cert, NULL);
+ buf = xtryasprintf ("%c %d %d 00 %s %s",
+ detached? 'D':'S',
+ pkalgo,
+ cl->hash_algo,
+ signed_at,
+ fpr);
+ if (!buf)
+ rc = gpg_error_from_syserror ();
+ }
+ xfree (fpr);
+ if (rc)
+ {
+ gcry_md_close (md);
+ goto leave;
+ }
+ gpgsm_status (ctrl, STATUS_SIG_CREATED, buf);
+ xfree (buf);
+ audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, 0);
+ }
+ gcry_md_close (md);
+ }
+ }
+ while (stopreason != KSBA_SR_READY);
+
+ rc = gpgsm_finish_writer (b64writer);
+ if (rc)
+ {
+ log_error ("write failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ audit_log (ctrl->audit, AUDIT_SIGNING_DONE);
+ log_info ("signature created\n");
+
+
+ leave:
+ if (rc)
+ log_error ("error creating signature: %s <%s>\n",
+ gpg_strerror (rc), gpg_strsource (rc) );
+ if (release_signerlist)
+ gpgsm_release_certlist (signerlist);
+ ksba_cms_release (cms);
+ gpgsm_destroy_writer (b64writer);
+ keydb_release (kh);
+ gcry_md_close (data_md);
+ return rc;
+}
diff --git a/sm/verify.c b/sm/verify.c
new file mode 100644
index 0000000..c8663e3
--- /dev/null
+++ b/sm/verify.c
@@ -0,0 +1,660 @@
+/* verify.c - Verify a messages signature
+ * Copyright (C) 2001, 2002, 2003, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+
+#include "gpgsm.h"
+#include <gcrypt.h>
+#include <ksba.h>
+
+#include "keydb.h"
+#include "i18n.h"
+
+static char *
+strtimestamp_r (ksba_isotime_t atime)
+{
+ char *buffer = xmalloc (15);
+
+ if (!atime || !*atime)
+ strcpy (buffer, "none");
+ else
+ sprintf (buffer, "%.4s-%.2s-%.2s", atime, atime+4, atime+6);
+ return buffer;
+}
+
+
+
+/* Hash the data for a detached signature. Returns 0 on success. */
+static gpg_error_t
+hash_data (int fd, gcry_md_hd_t md)
+{
+ gpg_error_t err = 0;
+ FILE *fp;
+ char buffer[4096];
+ int nread;
+
+ fp = fdopen ( dup (fd), "rb");
+ if (!fp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("fdopen(%d) failed: %s\n", fd, gpg_strerror (err));
+ return err;
+ }
+
+ do
+ {
+ nread = fread (buffer, 1, DIM(buffer), fp);
+ gcry_md_write (md, buffer, nread);
+ }
+ while (nread);
+ if (ferror (fp))
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("read error on fd %d: %s\n", fd, gpg_strerror (err));
+ }
+ fclose (fp);
+ return err;
+}
+
+
+
+
+/* Perform a verify operation. To verify detached signatures, data_fd
+ must be different than -1. With OUT_FP given and a non-detached
+ signature, the signed material is written to that stream. */
+int
+gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
+{
+ int i, rc;
+ Base64Context b64reader = NULL;
+ Base64Context b64writer = NULL;
+ ksba_reader_t reader;
+ ksba_writer_t writer = NULL;
+ ksba_cms_t cms = NULL;
+ ksba_stop_reason_t stopreason;
+ ksba_cert_t cert;
+ KEYDB_HANDLE kh;
+ gcry_md_hd_t data_md = NULL;
+ int signer;
+ const char *algoid;
+ int algo;
+ int is_detached;
+ FILE *fp = NULL;
+ char *p;
+
+ audit_set_type (ctrl->audit, AUDIT_TYPE_VERIFY);
+
+ kh = keydb_new (0);
+ if (!kh)
+ {
+ log_error (_("failed to allocated keyDB handle\n"));
+ rc = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+
+ fp = fdopen ( dup (in_fd), "rb");
+ if (!fp)
+ {
+ rc = gpg_error (gpg_err_code_from_errno (errno));
+ log_error ("fdopen() failed: %s\n", strerror (errno));
+ goto leave;
+ }
+
+ rc = gpgsm_create_reader (&b64reader, ctrl, fp, 0, &reader);
+ if (rc)
+ {
+ log_error ("can't create reader: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ if (out_fp)
+ {
+ rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, NULL, &writer);
+ if (rc)
+ {
+ log_error ("can't create writer: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ }
+
+ rc = ksba_cms_new (&cms);
+ if (rc)
+ goto leave;
+
+ rc = ksba_cms_set_reader_writer (cms, reader, writer);
+ if (rc)
+ {
+ log_error ("ksba_cms_set_reader_writer failed: %s\n",
+ gpg_strerror (rc));
+ goto leave;
+ }
+
+ rc = gcry_md_open (&data_md, 0, 0);
+ if (rc)
+ {
+ log_error ("md_open failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+ if (DBG_HASHING)
+ gcry_md_start_debug (data_md, "vrfy.data");
+
+ audit_log (ctrl->audit, AUDIT_SETUP_READY);
+
+ is_detached = 0;
+ do
+ {
+ rc = ksba_cms_parse (cms, &stopreason);
+ if (rc)
+ {
+ log_error ("ksba_cms_parse failed: %s\n", gpg_strerror (rc));
+ goto leave;
+ }
+
+ if (stopreason == KSBA_SR_NEED_HASH)
+ {
+ is_detached = 1;
+ audit_log (ctrl->audit, AUDIT_DETACHED_SIGNATURE);
+ if (opt.verbose)
+ log_info ("detached signature\n");
+ }
+
+ if (stopreason == KSBA_SR_NEED_HASH
+ || stopreason == KSBA_SR_BEGIN_DATA)
+ {
+ audit_log (ctrl->audit, AUDIT_GOT_DATA);
+
+ /* We are now able to enable the hash algorithms */
+ for (i=0; (algoid=ksba_cms_get_digest_algo_list (cms, i)); i++)
+ {
+ algo = gcry_md_map_name (algoid);
+ if (!algo)
+ {
+ log_error ("unknown hash algorithm `%s'\n",
+ algoid? algoid:"?");
+ if (algoid
+ && ( !strcmp (algoid, "1.2.840.113549.1.1.2")
+ ||!strcmp (algoid, "1.2.840.113549.2.2")))
+ log_info (_("(this is the MD2 algorithm)\n"));
+ audit_log_s (ctrl->audit, AUDIT_BAD_DATA_HASH_ALGO, algoid);
+ }
+ else
+ {
+ if (DBG_X509)
+ log_debug ("enabling hash algorithm %d (%s)\n",
+ algo, algoid? algoid:"");
+ gcry_md_enable (data_md, algo);
+ audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, algo);
+ }
+ }
+ if (opt.extra_digest_algo)
+ {
+ if (DBG_X509)
+ log_debug ("enabling extra hash algorithm %d\n",
+ opt.extra_digest_algo);
+ gcry_md_enable (data_md, opt.extra_digest_algo);
+ audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO,
+ opt.extra_digest_algo);
+ }
+ if (is_detached)
+ {
+ if (data_fd == -1)
+ {
+ log_info ("detached signature w/o data "
+ "- assuming certs-only\n");
+ audit_log (ctrl->audit, AUDIT_CERT_ONLY_SIG);
+ }
+ else
+ audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING,
+ hash_data (data_fd, data_md));
+ }
+ else
+ {
+ ksba_cms_set_hash_function (cms, HASH_FNC, data_md);
+ }
+ }
+ else if (stopreason == KSBA_SR_END_DATA)
+ { /* The data bas been hashed */
+ audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING, 0);
+ }
+ }
+ while (stopreason != KSBA_SR_READY);
+
+ if (b64writer)
+ {
+ rc = gpgsm_finish_writer (b64writer);
+ if (rc)
+ {
+ log_error ("write failed: %s\n", gpg_strerror (rc));
+ audit_log_ok (ctrl->audit, AUDIT_WRITE_ERROR, rc);
+ goto leave;
+ }
+ }
+
+ if (data_fd != -1 && !is_detached)
+ {
+ log_error ("data given for a non-detached signature\n");
+ rc = gpg_error (GPG_ERR_CONFLICT);
+ audit_log (ctrl->audit, AUDIT_USAGE_ERROR);
+ goto leave;
+ }
+
+ for (i=0; (cert=ksba_cms_get_cert (cms, i)); i++)
+ {
+ /* Fixme: it might be better to check the validity of the
+ certificate first before entering it into the DB. This way
+ we would avoid cluttering the DB with invalid
+ certificates. */
+ audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert,
+ keydb_store_cert (cert, 0, NULL));
+ ksba_cert_release (cert);
+ }
+
+ cert = NULL;
+ for (signer=0; ; signer++)
+ {
+ char *issuer = NULL;
+ ksba_sexp_t sigval = NULL;
+ ksba_isotime_t sigtime, keyexptime;
+ ksba_sexp_t serial;
+ char *msgdigest = NULL;
+ size_t msgdigestlen;
+ char *ctattr;
+ int sigval_hash_algo;
+ int info_pkalgo;
+ unsigned int verifyflags;
+
+ rc = ksba_cms_get_issuer_serial (cms, signer, &issuer, &serial);
+ if (!signer && gpg_err_code (rc) == GPG_ERR_NO_DATA
+ && data_fd == -1 && is_detached)
+ {
+ log_info ("certs-only message accepted\n");
+ rc = 0;
+ break;
+ }
+ if (rc)
+ {
+ if (signer && rc == -1)
+ rc = 0;
+ break;
+ }
+
+ gpgsm_status (ctrl, STATUS_NEWSIG, NULL);
+ audit_log_i (ctrl->audit, AUDIT_NEW_SIG, signer);
+
+ if (DBG_X509)
+ {
+ log_debug ("signer %d - issuer: `%s'\n",
+ signer, issuer? issuer:"[NONE]");
+ log_debug ("signer %d - serial: ", signer);
+ gpgsm_dump_serial (serial);
+ log_printf ("\n");
+ }
+ if (ctrl->audit)
+ {
+ char *tmpstr = gpgsm_format_sn_issuer (serial, issuer);
+ audit_log_s (ctrl->audit, AUDIT_SIG_NAME, tmpstr);
+ xfree (tmpstr);
+ }
+
+ rc = ksba_cms_get_signing_time (cms, signer, sigtime);
+ if (gpg_err_code (rc) == GPG_ERR_NO_DATA)
+ *sigtime = 0;
+ else if (rc)
+ {
+ log_error ("error getting signing time: %s\n", gpg_strerror (rc));
+ *sigtime = 0; /* (we can't encode an error in the time string.) */
+ }
+
+ rc = ksba_cms_get_message_digest (cms, signer,
+ &msgdigest, &msgdigestlen);
+ if (!rc)
+ {
+ size_t is_enabled;
+
+ algoid = ksba_cms_get_digest_algo (cms, signer);
+ algo = gcry_md_map_name (algoid);
+ if (DBG_X509)
+ log_debug ("signer %d - digest algo: %d\n", signer, algo);
+ is_enabled = sizeof algo;
+ if ( gcry_md_info (data_md, GCRYCTL_IS_ALGO_ENABLED,
+ &algo, &is_enabled)
+ || !is_enabled)
+ {
+ log_error ("digest algo %d (%s) has not been enabled\n",
+ algo, algoid?algoid:"");
+ audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "unsupported");
+ goto next_signer;
+ }
+ }
+ else if (gpg_err_code (rc) == GPG_ERR_NO_DATA)
+ {
+ assert (!msgdigest);
+ rc = 0;
+ algoid = NULL;
+ algo = 0;
+ }
+ else /* real error */
+ {
+ audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "error");
+ break;
+ }
+
+ rc = ksba_cms_get_sigattr_oids (cms, signer,
+ "1.2.840.113549.1.9.3", &ctattr);
+ if (!rc)
+ {
+ const char *s;
+
+ if (DBG_X509)
+ log_debug ("signer %d - content-type attribute: %s",
+ signer, ctattr);
+
+ s = ksba_cms_get_content_oid (cms, 1);
+ if (!s || strcmp (ctattr, s))
+ {
+ log_error ("content-type attribute does not match "
+ "actual content-type\n");
+ ksba_free (ctattr);
+ ctattr = NULL;
+ audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
+ goto next_signer;
+ }
+ ksba_free (ctattr);
+ ctattr = NULL;
+ }
+ else if (rc != -1)
+ {
+ log_error ("error getting content-type attribute: %s\n",
+ gpg_strerror (rc));
+ audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
+ goto next_signer;
+ }
+ rc = 0;
+
+
+ sigval = ksba_cms_get_sig_val (cms, signer);
+ if (!sigval)
+ {
+ log_error ("no signature value available\n");
+ audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
+ goto next_signer;
+ }
+ sigval_hash_algo = hash_algo_from_sigval (sigval);
+ if (DBG_X509)
+ {
+ log_debug ("signer %d - signature available (sigval hash=%d)",
+ signer, sigval_hash_algo);
+/* log_printhex ("sigval ", sigval, */
+/* gcry_sexp_canon_len (sigval, 0, NULL, NULL)); */
+ }
+ if (!sigval_hash_algo)
+ sigval_hash_algo = algo; /* Fallback used e.g. with old libksba. */
+
+ /* Find the certificate of the signer */
+ keydb_search_reset (kh);
+ rc = keydb_search_issuer_sn (kh, issuer, serial);
+ if (rc)
+ {
+ if (rc == -1)
+ {
+ log_error ("certificate not found\n");
+ rc = gpg_error (GPG_ERR_NO_PUBKEY);
+ }
+ else
+ log_error ("failed to find the certificate: %s\n",
+ gpg_strerror(rc));
+ {
+ char numbuf[50];
+ sprintf (numbuf, "%d", rc);
+
+ gpgsm_status2 (ctrl, STATUS_ERROR, "verify.findkey",
+ numbuf, NULL);
+ }
+ audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "no-cert");
+ goto next_signer;
+ }
+
+ rc = keydb_get_cert (kh, &cert);
+ if (rc)
+ {
+ log_error ("failed to get cert: %s\n", gpg_strerror (rc));
+ audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "error");
+ goto next_signer;
+ }
+
+ log_info (_("Signature made "));
+ if (*sigtime)
+ dump_isotime (sigtime);
+ else
+ log_printf (_("[date not given]"));
+ log_printf (_(" using certificate ID 0x%08lX\n"),
+ gpgsm_get_short_fingerprint (cert, NULL));
+
+ audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, algo);
+
+ if (msgdigest)
+ { /* Signed attributes are available. */
+ gcry_md_hd_t md;
+ unsigned char *s;
+
+ /* Check that the message digest in the signed attributes
+ matches the one we calculated on the data. */
+ s = gcry_md_read (data_md, algo);
+ if ( !s || !msgdigestlen
+ || gcry_md_get_algo_dlen (algo) != msgdigestlen
+ || !s || memcmp (s, msgdigest, msgdigestlen) )
+ {
+ char *fpr;
+
+ log_error (_("invalid signature: message digest attribute "
+ "does not match computed one\n"));
+ if (DBG_X509)
+ {
+ if (msgdigest)
+ log_printhex ("message: ", msgdigest, msgdigestlen);
+ if (s)
+ log_printhex ("computed: ",
+ s, gcry_md_get_algo_dlen (algo));
+ }
+ fpr = gpgsm_fpr_and_name_for_status (cert);
+ gpgsm_status (ctrl, STATUS_BADSIG, fpr);
+ xfree (fpr);
+ audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
+ goto next_signer;
+ }
+
+ audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, sigval_hash_algo);
+ rc = gcry_md_open (&md, sigval_hash_algo, 0);
+ if (rc)
+ {
+ log_error ("md_open failed: %s\n", gpg_strerror (rc));
+ audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "error");
+ goto next_signer;
+ }
+ if (DBG_HASHING)
+ gcry_md_start_debug (md, "vrfy.attr");
+
+ ksba_cms_set_hash_function (cms, HASH_FNC, md);
+ rc = ksba_cms_hash_signed_attrs (cms, signer);
+ if (rc)
+ {
+ log_error ("hashing signed attrs failed: %s\n",
+ gpg_strerror (rc));
+ gcry_md_close (md);
+ audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "error");
+ goto next_signer;
+ }
+ rc = gpgsm_check_cms_signature (cert, sigval, md,
+ sigval_hash_algo, &info_pkalgo);
+ gcry_md_close (md);
+ }
+ else
+ {
+ rc = gpgsm_check_cms_signature (cert, sigval, data_md,
+ algo, &info_pkalgo);
+ }
+
+ if (rc)
+ {
+ char *fpr;
+
+ log_error ("invalid signature: %s\n", gpg_strerror (rc));
+ fpr = gpgsm_fpr_and_name_for_status (cert);
+ gpgsm_status (ctrl, STATUS_BADSIG, fpr);
+ xfree (fpr);
+ audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
+ goto next_signer;
+ }
+ rc = gpgsm_cert_use_verify_p (cert); /*(this displays an info message)*/
+ if (rc)
+ {
+ gpgsm_status_with_err_code (ctrl, STATUS_ERROR, "verify.keyusage",
+ gpg_err_code (rc));
+ rc = 0;
+ }
+
+ if (DBG_X509)
+ log_debug ("signature okay - checking certs\n");
+ audit_log (ctrl->audit, AUDIT_VALIDATE_CHAIN);
+ rc = gpgsm_validate_chain (ctrl, cert,
+ *sigtime? sigtime : "19700101T000000",
+ keyexptime, 0,
+ NULL, 0, &verifyflags);
+ {
+ char *fpr, *buf, *tstr;
+
+ fpr = gpgsm_fpr_and_name_for_status (cert);
+ if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED)
+ {
+ gpgsm_status (ctrl, STATUS_EXPKEYSIG, fpr);
+ rc = 0;
+ }
+ else
+ gpgsm_status (ctrl, STATUS_GOODSIG, fpr);
+
+ xfree (fpr);
+
+ fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+ tstr = strtimestamp_r (sigtime);
+ buf = xasprintf ("%s %s %s %s 0 0 %d %d 00", fpr, tstr,
+ *sigtime? sigtime : "0",
+ *keyexptime? keyexptime : "0",
+ info_pkalgo, algo);
+ xfree (tstr);
+ xfree (fpr);
+ gpgsm_status (ctrl, STATUS_VALIDSIG, buf);
+ xfree (buf);
+ }
+
+ audit_log_ok (ctrl->audit, AUDIT_CHAIN_STATUS, rc);
+ if (rc) /* of validate_chain */
+ {
+ log_error ("invalid certification chain: %s\n", gpg_strerror (rc));
+ if (gpg_err_code (rc) == GPG_ERR_BAD_CERT_CHAIN
+ || gpg_err_code (rc) == GPG_ERR_BAD_CERT
+ || gpg_err_code (rc) == GPG_ERR_BAD_CA_CERT
+ || gpg_err_code (rc) == GPG_ERR_CERT_REVOKED)
+ gpgsm_status_with_err_code (ctrl, STATUS_TRUST_NEVER, NULL,
+ gpg_err_code (rc));
+ else
+ gpgsm_status_with_err_code (ctrl, STATUS_TRUST_UNDEFINED, NULL,
+ gpg_err_code (rc));
+ audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
+ goto next_signer;
+ }
+
+ audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "good");
+
+ for (i=0; (p = ksba_cert_get_subject (cert, i)); i++)
+ {
+ log_info (!i? _("Good signature from")
+ : _(" aka"));
+ log_printf (" \"");
+ gpgsm_print_name (log_get_stream (), p);
+ log_printf ("\"\n");
+ ksba_free (p);
+ }
+
+ /* Print a note if this is a qualified signature. */
+ {
+ size_t qualbuflen;
+ char qualbuffer[1];
+
+ rc = ksba_cert_get_user_data (cert, "is_qualified", &qualbuffer,
+ sizeof (qualbuffer), &qualbuflen);
+ if (!rc && qualbuflen)
+ {
+ if (*qualbuffer)
+ {
+ log_info (_("This is a qualified signature\n"));
+ if (!opt.qualsig_approval)
+ log_info
+ (_("Note, that this software is not officially approved "
+ "to create or verify such signatures.\n"));
+ }
+ }
+ else if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
+ log_error ("get_user_data(is_qualified) failed: %s\n",
+ gpg_strerror (rc));
+ }
+
+ gpgsm_status (ctrl, STATUS_TRUST_FULLY,
+ (verifyflags & VALIDATE_FLAG_CHAIN_MODEL)?
+ "0 chain": "0 shell");
+
+
+ next_signer:
+ rc = 0;
+ xfree (issuer);
+ xfree (serial);
+ xfree (sigval);
+ xfree (msgdigest);
+ ksba_cert_release (cert);
+ cert = NULL;
+ }
+ rc = 0;
+
+ leave:
+ ksba_cms_release (cms);
+ gpgsm_destroy_reader (b64reader);
+ gpgsm_destroy_writer (b64writer);
+ keydb_release (kh);
+ gcry_md_close (data_md);
+ if (fp)
+ fclose (fp);
+
+ if (rc)
+ {
+ char numbuf[50];
+ sprintf (numbuf, "%d", rc );
+ gpgsm_status2 (ctrl, STATUS_ERROR, "verify.leave",
+ numbuf, NULL);
+ }
+
+ return rc;
+}
+
diff --git a/tests/ChangeLog-2011 b/tests/ChangeLog-2011
new file mode 100644
index 0000000..75bbaac
--- /dev/null
+++ b/tests/ChangeLog-2011
@@ -0,0 +1,142 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2009-10-13 Werner Koch <wk@g10code.com>
+
+ * asschk.c (die): Replace this vararg macro by C-89 compliant
+ macros die_0, die_1, die_2 and die_3. Change all callers.
+ Reported by Nelson H. F. Beebe.
+
+2009-02-19 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (TESTS_ENVIRONMENT): Use /bin/pwd.
+ * inittests: Ditto. Fixes bug#1001.
+
+2008-10-20 Werner Koch <wk@g10code.com>
+
+ * asschk.c (cmd_echo): Mark unused arg.
+ (cmd_send, cmd_expect_ok, cmd_expect_err, cmd_pipeserver)
+ (cmd_quit_if, cmd_fail_if): Ditto.
+
+2008-09-29 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (TESTS): Remove tests.
+
+2008-02-19 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Always run pkits tests.
+
+2008-01-17 Werner Koch <wk@g10code.com>
+
+ * asschk.c (read_assuan): Use __func__ instead of __FUNCTION__.
+
+2006-11-05 Werner Koch <wk@g10code.com>
+
+ * asschk.c (read_assuan): Minor cleanups.
+
+2006-09-06 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (openpgp): New variable.
+ (SUBDIRS): Conditionalize openpgp on RUN_GPG_TESTS.
+
+2006-08-21 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (SUBDIRS): New.
+ * openpgp/: New.
+
+2006-06-08 Marcus Brinkmann <marcus@g10code.de>
+
+ * asschk.c (__func__) [__STDC_VERSION__ < 199901L && __GNUC__ >= 2]:
+ Define macro to __FUNCTION__.
+ (die): Use __func__ instead of __FUNCTION__.
+
+2005-10-07 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (TESTS_ENVIRONMENT): Remove LD_LIBRARY_PATH hack.
+ It's the responsibility of the person building the software to set
+ it properly.
+
+2004-09-30 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (SUBDIRS): Remove pkits until the copyright issues
+ have been cleared.
+
+2004-08-16 Werner Koch <wk@g10code.de>
+
+ * Makefile.am: Descend into the new pkits directory
+
+2004-02-20 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am: Reset GPG_AGENT_INFO here
+ * runtest: and not anymore here.
+
+2002-12-04 Werner Koch <wk@gnupg.org>
+
+ * inittests (gpgsm.conf): Fake system time.
+
+2002-10-31 Neal H. Walfield <neal@g10code.de>
+
+ * Makefile.am (inittests.stamp): Do not set LD_LIBRARY_PATH here.
+ (TESTS_ENVIRONMENT): Do it here. And also frob $(LIBGCRYPT_LIBS)
+ and $(PTH_LIBS).
+
+2002-10-31 Neal H. Walfield <neal@g10code.de>
+
+ * asschk.c (die): New macro.
+ (read_assuan): If in verbose mode, dump the string that was read.
+ (write_assuan): Be more verbose on failure.
+
+2002-09-04 Neal H. Walfield <neal@g10code.de>
+
+ * Makefile.am (inittests.stamp): Do not set LD_LIBRARY_PATH, but
+ rather prepend it. Be more robust and prefer printf over echo -n.
+
+2002-09-04 Marcus Brinkmann <marcus@g10code.de>
+
+ * asschk.c (start_server): Close the parent's file descriptors in
+ the child.
+ (read_assuan): Variable NREAD removed. Cut off the received line
+ currectly if more than one line was read.
+
+2002-09-03 Neal H. Walfield <neal@g10code.de>
+
+ * Makefile.am (inittests.stamp): Construct an LD_LIBRARY_PATH from
+ LDFLAGS.
+
+2002-08-09 Werner Koch <wk@gnupg.org>
+
+ * asschk.c (cmd_getenv): New.
+ (expand_line): Allow / as variable name delimiter.
+ * sm-sign+verify, sm-verify: Use $srcdir so that a VPATH build works.
+
+ * Makefile.am: Fixes for make dist.
+ * samplekets/Makefile.am: New.
+
+2002-08-08 Werner Koch <wk@gnupg.org>
+
+ * asschk.c: Added some new features.
+ * runtest, inittests: New.
+ * text-1.txt, text-2.txt, text-3.txt: New.
+ * text-1.osig.pem, text-1.dsig.pem, text-1.osig-bad.pem: New.
+ * text-2.osig.pem, text-2.osig-bad.pem: New.
+ * samplekeys : New directory
+ * sm-verify, sm-sign+verify: The first test scripts.
+
+2002-08-06 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am, asschk.c: New.
+
+
+ Copyright 2002 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/tests/Makefile.am b/tests/Makefile.am
new file mode 100644
index 0000000..46c9af0
--- /dev/null
+++ b/tests/Makefile.am
@@ -0,0 +1,75 @@
+# Makefile.am -tests makefile for libxtime
+# Copyright (C) 2002 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+## Process this file with automake to produce Makefile.in
+
+
+if RUN_GPG_TESTS
+openpgp = openpgp
+else
+openpgp =
+endif
+
+SUBDIRS = ${openpgp} . pkits
+
+GPGSM = ../sm/gpgsm
+
+# Note that we need to use /bin/pwd so that we don't get into trouble
+# if the shell used for inittests would use an internal version of
+# pwd which handles symlinks differently.
+TESTS_ENVIRONMENT = GNUPGHOME=`/bin/pwd` GPG_AGENT_INFO= LC_ALL=C \
+ GPGSM=$(GPGSM) $(srcdir)/runtest
+
+testscripts = sm-sign+verify sm-verify
+
+EXTRA_DIST = runtest inittests $(testscripts) ChangeLog-2011 \
+ text-1.txt text-2.txt text-3.txt \
+ text-1.osig.pem text-1.dsig.pem text-1.osig-bad.pem \
+ text-2.osig.pem text-2.osig-bad.pem \
+ samplekeys/32100C27173EF6E9C4E9A25D3D69F86D37A4F939.key \
+ samplekeys/cert_g10code_pete1.pem \
+ samplekeys/cert_g10code_test1.pem \
+ samplekeys/cert_g10code_theo1.pem
+
+# We used to run $(testscripts) here but these asschk scripts are not
+# completely reliable in all enviromnets and thus we better disable
+# them. The tests are anyway way too minimal. We will eventually
+# write new tests based on gpg-connect-agent which has a full fledged
+# script language and thus makes it far easier to write tests than to
+# use the low--level asschk stuff.
+TESTS =
+
+CLEANFILES = inittests.stamp x y y z out err \
+ *.lock .\#lk*
+
+DISTCLEANFILES = pubring.kbx~ random_seed
+
+noinst_PROGRAMS = asschk
+
+asschk_SOURCES = asschk.c
+
+
+all-local: inittests.stamp
+
+clean-local:
+ srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests --clean
+
+inittests.stamp: inittests
+ srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests
+ echo timestamp >./inittests.stamp
+
diff --git a/tests/Makefile.in b/tests/Makefile.in
new file mode 100644
index 0000000..0bd1f0e
--- /dev/null
+++ b/tests/Makefile.in
@@ -0,0 +1,845 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Makefile.am -tests makefile for libxtime
+# Copyright (C) 2002 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+TESTS =
+noinst_PROGRAMS = asschk$(EXEEXT)
+subdir = tests
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+PROGRAMS = $(noinst_PROGRAMS)
+am_asschk_OBJECTS = asschk.$(OBJEXT)
+asschk_OBJECTS = $(am_asschk_OBJECTS)
+asschk_LDADD = $(LDADD)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/scripts/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(asschk_SOURCES)
+DIST_SOURCES = $(asschk_SOURCES)
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+ distdir
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors = \
+red=; grn=; lgn=; blu=; std=
+DIST_SUBDIRS = openpgp . pkits
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+@RUN_GPG_TESTS_FALSE@openpgp =
+@RUN_GPG_TESTS_TRUE@openpgp = openpgp
+SUBDIRS = ${openpgp} . pkits
+GPGSM = ../sm/gpgsm
+
+# Note that we need to use /bin/pwd so that we don't get into trouble
+# if the shell used for inittests would use an internal version of
+# pwd which handles symlinks differently.
+TESTS_ENVIRONMENT = GNUPGHOME=`/bin/pwd` GPG_AGENT_INFO= LC_ALL=C \
+ GPGSM=$(GPGSM) $(srcdir)/runtest
+
+testscripts = sm-sign+verify sm-verify
+EXTRA_DIST = runtest inittests $(testscripts) ChangeLog-2011 \
+ text-1.txt text-2.txt text-3.txt \
+ text-1.osig.pem text-1.dsig.pem text-1.osig-bad.pem \
+ text-2.osig.pem text-2.osig-bad.pem \
+ samplekeys/32100C27173EF6E9C4E9A25D3D69F86D37A4F939.key \
+ samplekeys/cert_g10code_pete1.pem \
+ samplekeys/cert_g10code_test1.pem \
+ samplekeys/cert_g10code_theo1.pem
+
+CLEANFILES = inittests.stamp x y y z out err \
+ *.lock .\#lk*
+
+DISTCLEANFILES = pubring.kbx~ random_seed
+asschk_SOURCES = asschk.c
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu tests/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstPROGRAMS:
+ -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
+asschk$(EXEEXT): $(asschk_OBJECTS) $(asschk_DEPENDENCIES)
+ @rm -f asschk$(EXEEXT)
+ $(LINK) $(asschk_OBJECTS) $(asschk_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asschk.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ echo "$$grn$$dashes"; \
+ else \
+ echo "$$red$$dashes"; \
+ fi; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes$$std"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-recursive
+all-am: Makefile $(PROGRAMS) all-local
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-local clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) check-am \
+ ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am all-local check check-TESTS check-am clean \
+ clean-generic clean-local clean-noinstPROGRAMS ctags \
+ ctags-recursive distclean distclean-compile distclean-generic \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ installdirs-am maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic pdf pdf-am \
+ ps ps-am tags tags-recursive uninstall uninstall-am
+
+
+all-local: inittests.stamp
+
+clean-local:
+ srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests --clean
+
+inittests.stamp: inittests
+ srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests
+ echo timestamp >./inittests.stamp
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tests/asschk.c b/tests/asschk.c
new file mode 100644
index 0000000..ec338e7
--- /dev/null
+++ b/tests/asschk.c
@@ -0,0 +1,1092 @@
+/* asschk.c - Assuan Server Checker
+ * Copyright (C) 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* This is a simple stand-alone Assuan server test program. We don't
+ want to use the assuan library because we don't want to hide errors
+ in that library.
+
+ The script language is line based. Empty lines or lines containing
+ only white spaces are ignored, line with a hash sign as first non
+ white space character are treated as comments.
+
+ A simple macro mechanism is implemnted. Macros are expanded before
+ a line is processed but after comment processing. Macros are only
+ expanded once and non existing macros expand to the empty string.
+ A macro is dereferenced by prefixing its name with a dollar sign;
+ the end of the name is currently indicated by a white space, a
+ dollar sign or a slash. To use a dollor sign verbatim, double it.
+
+ A macro is assigned by prefixing a statement with the macro name
+ and an equal sign. The value is assigned verbatim if it does not
+ resemble a command, otherwise the return value of the command will
+ get assigned. The command "let" may be used to assign values
+ unambigiously and it should be used if the value starts with a
+ letter.
+
+ Conditions are not yes implemented except for a simple evaluation
+ which yields false for an empty string or the string "0". The
+ result may be negated by prefixing with a '!'.
+
+ The general syntax of a command is:
+
+ [<name> =] <statement> [<args>]
+
+ If NAME is not specifed but the statement returns a value it is
+ assigned to the name "?" so that it can be referenced using "$?".
+ The following commands are implemented:
+
+ let <value>
+ Return VALUE.
+
+ echo <value>
+ Print VALUE.
+
+ openfile <filename>
+ Open file FILENAME for read access and return the file descriptor.
+
+ createfile <filename>
+ Create file FILENAME, open for write access and return the file
+ descriptor.
+
+ pipeserver <program>
+ Connect to the Assuan server PROGRAM.
+
+ send <line>
+ Send LINE to the server.
+
+ expect-ok
+ Expect an OK response from the server. Status and data out put
+ is ignored.
+
+ expect-err
+ Expect an ERR response from the server. Status and data out put
+ is ignored.
+
+ count-status <code>
+ Initialize the assigned variable to 0 and assign it as an counter for
+ status code CODE. This command must be called with an assignment.
+
+ quit
+ Terminate the process.
+
+ quit-if <condition>
+ Terminate the process if CONDITION evaluates to true.
+
+ fail-if <condition>
+ Terminate the process with an exit code of 1 if CONDITION
+ evaluates to true.
+
+ cmpfiles <first> <second>
+ Returns true when the content of the files FIRST and SECOND match.
+
+ getenv <name>
+ Return the value of the environment variable NAME.
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
+# define ATTR_PRINTF(f,a) __attribute__ ((format (printf,f,a)))
+#else
+# define ATTR_PRINTF(f,a)
+#endif
+
+#if __STDC_VERSION__ < 199901L
+# if __GNUC__ >= 2
+# define __func__ __FUNCTION__
+# else
+/* Let's try our luck here. Some systems may provide __func__ without
+ providing __STDC_VERSION__ 199901L. */
+# if 0
+# define __func__ "<unknown>"
+# endif
+# endif
+#endif
+
+#define spacep(p) (*(p) == ' ' || *(p) == '\t')
+
+#define MAX_LINELEN 2048
+
+typedef enum {
+ LINE_OK = 0,
+ LINE_ERR,
+ LINE_STAT,
+ LINE_DATA,
+ LINE_END,
+} LINETYPE;
+
+typedef enum {
+ VARTYPE_SIMPLE = 0,
+ VARTYPE_FD,
+ VARTYPE_COUNTER
+} VARTYPE;
+
+
+struct variable_s {
+ struct variable_s *next;
+ VARTYPE type;
+ unsigned int count;
+ char *value;
+ char name[1];
+};
+typedef struct variable_s *VARIABLE;
+
+
+static void die (const char *format, ...) ATTR_PRINTF(1,2);
+
+
+/* Name of this program to be printed in error messages. */
+static const char *invocation_name;
+
+/* Talk a bit about what is going on. */
+static int opt_verbose;
+
+/* Option to ignore the echo command. */
+static int opt_no_echo;
+
+/* File descriptors used to communicate with the current server. */
+static int server_send_fd = -1;
+static int server_recv_fd = -1;
+
+/* The Assuan protocol limits the line length to 1024, so we can
+ safely use a (larger) buffer. The buffer is filled using the
+ read_assuan(). */
+static char recv_line[MAX_LINELEN];
+/* Tell the status of the current line. */
+static LINETYPE recv_type;
+
+/* This is our variable storage. */
+static VARIABLE variable_list;
+
+
+static void
+die (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ fflush (stdout);
+ fprintf (stderr, "%s: ", invocation_name);
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+ putc ('\n', stderr);
+
+ exit (1);
+}
+
+#define die_0(format) (die) ("%s: " format, __func__)
+#define die_1(format, a) (die) ("%s: " format, __func__, (a))
+#define die_2(format, a, b) (die) ("%s: " format, __func__, (a),(b))
+#define die_3(format, a, b, c) (die) ("%s: " format, __func__, (a),(b),(c))
+
+static void
+err (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ fflush (stdout);
+ fprintf (stderr, "%s: ", invocation_name);
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+ putc ('\n', stderr);
+}
+
+static void *
+xmalloc (size_t n)
+{
+ void *p = malloc (n);
+ if (!p)
+ die ("out of core");
+ return p;
+}
+
+static void *
+xcalloc (size_t n, size_t m)
+{
+ void *p = calloc (n, m);
+ if (!p)
+ die ("out of core");
+ return p;
+}
+
+static char *
+xstrdup (const char *s)
+{
+ char *p = xmalloc (strlen (s)+1);
+ strcpy (p, s);
+ return p;
+}
+
+
+/* Write LENGTH bytes from BUFFER to FD. */
+static int
+writen (int fd, const char *buffer, size_t length)
+{
+ while (length)
+ {
+ int nwritten = write (fd, buffer, length);
+
+ if (nwritten < 0)
+ {
+ if (errno == EINTR)
+ continue;
+ return -1; /* write error */
+ }
+ length -= nwritten;
+ buffer += nwritten;
+ }
+ return 0; /* okay */
+}
+
+
+
+
+/* Assuan specific stuff. */
+
+/* Read a line from FD, store it in the global recv_line, analyze the
+ type and store that in recv_type. The function terminates on a
+ communication error. Returns a pointer into the inputline to the
+ first byte of the arguments. The parsing is very strict to match
+ exaclty what we want to send. */
+static char *
+read_assuan (int fd)
+{
+ /* FIXME: For general robustness, the pending stuff needs to be
+ associated with FD. */
+ static char pending[MAX_LINELEN];
+ static size_t pending_len;
+ size_t nleft = sizeof recv_line;
+ char *buf = recv_line;
+ char *p;
+
+ while (nleft > 0)
+ {
+ int n;
+
+ if (pending_len)
+ {
+ if (pending_len >= nleft)
+ die_0 ("received line too large");
+ memcpy (buf, pending, pending_len);
+ n = pending_len;
+ pending_len = 0;
+ }
+ else
+ {
+ do
+ {
+ n = read (fd, buf, nleft);
+ }
+ while (n < 0 && errno == EINTR);
+ }
+
+ if (opt_verbose && n >= 0 )
+ {
+ int i;
+
+ printf ("%s: read \"", __func__);
+ for (i = 0; i < n; i ++)
+ putc (buf[i], stdout);
+ printf ("\"\n");
+ }
+
+ if (n < 0)
+ die_2 ("reading fd %d failed: %s", fd, strerror (errno));
+ else if (!n)
+ die_1 ("received incomplete line on fd %d", fd);
+ p = buf;
+ nleft -= n;
+ buf += n;
+
+ for (; n && *p != '\n'; n--, p++)
+ ;
+ if (n)
+ {
+ if (n>1)
+ {
+ n--;
+ memcpy (pending, p + 1, n);
+ pending_len = n;
+ }
+ *p = '\0';
+ break;
+ }
+ }
+ if (!nleft)
+ die_0 ("received line too large");
+
+ p = recv_line;
+ if (p[0] == 'O' && p[1] == 'K' && (p[2] == ' ' || !p[2]))
+ {
+ recv_type = LINE_OK;
+ p += 3;
+ }
+ else if (p[0] == 'E' && p[1] == 'R' && p[2] == 'R'
+ && (p[3] == ' ' || !p[3]))
+ {
+ recv_type = LINE_ERR;
+ p += 4;
+ }
+ else if (p[0] == 'S' && (p[1] == ' ' || !p[1]))
+ {
+ recv_type = LINE_STAT;
+ p += 2;
+ }
+ else if (p[0] == 'D' && p[1] == ' ')
+ {
+ recv_type = LINE_DATA;
+ p += 2;
+ }
+ else if (p[0] == 'E' && p[1] == 'N' && p[2] == 'D' && !p[3])
+ {
+ recv_type = LINE_END;
+ p += 3;
+ }
+ else
+ die_1 ("invalid line type (%.5s)", p);
+
+ return p;
+}
+
+/* Write LINE to the server using FD. It is expected that the line
+ contains the terminating linefeed as last character. */
+static void
+write_assuan (int fd, const char *line)
+{
+ char buffer[1026];
+ size_t n = strlen (line);
+
+ if (n > 1024)
+ die_0 ("line too long for Assuan protocol");
+ strcpy (buffer, line);
+ if (!n || buffer[n-1] != '\n')
+ buffer[n++] = '\n';
+
+ if (writen (fd, buffer, n))
+ die_3 ("sending line (\"%s\") to %d failed: %s", buffer, fd,
+ strerror (errno));
+}
+
+
+/* Start the server with path PGMNAME and connect its stdout and
+ strerr to a newly created pipes; the file descriptors are then
+ store in the gloabl variables SERVER_SEND_FD and
+ SERVER_RECV_FD. The initial handcheck is performed.*/
+static void
+start_server (const char *pgmname)
+{
+ int rp[2];
+ int wp[2];
+ pid_t pid;
+
+ if (pipe (rp) < 0)
+ die_1 ("pipe creation failed: %s", strerror (errno));
+ if (pipe (wp) < 0)
+ die_1 ("pipe creation failed: %s", strerror (errno));
+
+ fflush (stdout);
+ fflush (stderr);
+ pid = fork ();
+ if (pid < 0)
+ die_0 ("fork failed");
+
+ if (!pid)
+ {
+ const char *arg0;
+
+ arg0 = strrchr (pgmname, '/');
+ if (arg0)
+ arg0++;
+ else
+ arg0 = pgmname;
+
+ if (wp[0] != STDIN_FILENO)
+ {
+ if (dup2 (wp[0], STDIN_FILENO) == -1)
+ die_1 ("dup2 failed in child: %s", strerror (errno));
+ close (wp[0]);
+ }
+ if (rp[1] != STDOUT_FILENO)
+ {
+ if (dup2 (rp[1], STDOUT_FILENO) == -1)
+ die_1 ("dup2 failed in child: %s", strerror (errno));
+ close (rp[1]);
+ }
+ if (!opt_verbose)
+ {
+ int fd = open ("/dev/null", O_WRONLY);
+ if (fd == -1)
+ die_1 ("can't open `/dev/null': %s", strerror (errno));
+ if (dup2 (fd, STDERR_FILENO) == -1)
+ die_1 ("dup2 failed in child: %s", strerror (errno));
+ close (fd);
+ }
+
+ close (wp[1]);
+ close (rp[0]);
+ execl (pgmname, arg0, "--server", NULL);
+ die_2 ("exec failed for `%s': %s", pgmname, strerror (errno));
+ }
+ close (wp[0]);
+ close (rp[1]);
+ server_send_fd = wp[1];
+ server_recv_fd = rp[0];
+
+ read_assuan (server_recv_fd);
+ if (recv_type != LINE_OK)
+ die_0 ("no greating message");
+}
+
+
+
+
+
+/* Script intepreter. */
+
+static void
+unset_var (const char *name)
+{
+ VARIABLE var;
+
+ for (var=variable_list; var && strcmp (var->name, name); var = var->next)
+ ;
+ if (!var)
+ return;
+/* fprintf (stderr, "unsetting `%s'\n", name); */
+
+ if (var->type == VARTYPE_FD && var->value)
+ {
+ int fd;
+
+ fd = atoi (var->value);
+ if (fd != -1 && fd != 0 && fd != 1 && fd != 2)
+ close (fd);
+ }
+
+ free (var->value);
+ var->value = NULL;
+ var->type = 0;
+ var->count = 0;
+}
+
+
+static void
+set_type_var (const char *name, const char *value, VARTYPE type)
+{
+ VARIABLE var;
+
+ if (!name)
+ name = "?";
+ for (var=variable_list; var && strcmp (var->name, name); var = var->next)
+ ;
+ if (!var)
+ {
+ var = xcalloc (1, sizeof *var + strlen (name));
+ strcpy (var->name, name);
+ var->next = variable_list;
+ variable_list = var;
+ }
+ else
+ free (var->value);
+
+ if (var->type == VARTYPE_FD && var->value)
+ {
+ int fd;
+
+ fd = atoi (var->value);
+ if (fd != -1 && fd != 0 && fd != 1 && fd != 2)
+ close (fd);
+ }
+
+ var->type = type;
+ var->count = 0;
+ if (var->type == VARTYPE_COUNTER)
+ {
+ /* We need some extra sapce as scratch area for get_var. */
+ var->value = xmalloc (strlen (value) + 1 + 20);
+ strcpy (var->value, value);
+ }
+ else
+ var->value = xstrdup (value);
+}
+
+static void
+set_var (const char *name, const char *value)
+{
+ set_type_var (name, value, 0);
+}
+
+
+static const char *
+get_var (const char *name)
+{
+ VARIABLE var;
+
+ for (var=variable_list; var && strcmp (var->name, name); var = var->next)
+ ;
+ if (!var)
+ return NULL;
+ if (var->type == VARTYPE_COUNTER && var->value)
+ { /* Use the scratch space allocated by set_var. */
+ char *p = var->value + strlen(var->value)+1;
+ sprintf (p, "%u", var->count);
+ return p;
+ }
+ else
+ return var->value;
+}
+
+
+/* Incremente all counter type variables with NAME in their VALUE. */
+static void
+inc_counter (const char *name)
+{
+ VARIABLE var;
+
+ if (!*name)
+ return;
+ for (var=variable_list; var; var = var->next)
+ {
+ if (var->type == VARTYPE_COUNTER
+ && var->value && !strcmp (var->value, name))
+ var->count++;
+ }
+}
+
+
+/* Expand variables in LINE and return a new allocated buffer if
+ required. The function might modify LINE if the expanded version
+ fits into it. */
+static char *
+expand_line (char *buffer)
+{
+ char *line = buffer;
+ char *p, *pend;
+ const char *value;
+ size_t valuelen, n;
+ char *result = NULL;
+
+ while (*line)
+ {
+ p = strchr (line, '$');
+ if (!p)
+ return result; /* nothing more to expand */
+
+ if (p[1] == '$') /* quoted */
+ {
+ memmove (p, p+1, strlen (p+1)+1);
+ line = p + 1;
+ continue;
+ }
+ for (pend=p+1; *pend && !spacep (pend)
+ && *pend != '$' && *pend != '/'; pend++)
+ ;
+ if (*pend)
+ {
+ int save = *pend;
+ *pend = 0;
+ value = get_var (p+1);
+ *pend = save;
+ }
+ else
+ value = get_var (p+1);
+ if (!value)
+ value = "";
+ valuelen = strlen (value);
+ if (valuelen <= pend - p)
+ {
+ memcpy (p, value, valuelen);
+ p += valuelen;
+ n = pend - p;
+ if (n)
+ memmove (p, p+n, strlen (p+n)+1);
+ line = p;
+ }
+ else
+ {
+ char *src = result? result : buffer;
+ char *dst;
+
+ dst = xmalloc (strlen (src) + valuelen + 1);
+ n = p - src;
+ memcpy (dst, src, n);
+ memcpy (dst + n, value, valuelen);
+ n += valuelen;
+ strcpy (dst + n, pend);
+ line = dst + n;
+ free (result);
+ result = dst;
+ }
+ }
+ return result;
+}
+
+
+/* Evaluate COND and return the result. */
+static int
+eval_boolean (const char *cond)
+{
+ int true = 1;
+
+ for ( ; *cond == '!'; cond++)
+ true = !true;
+ if (!*cond || (*cond == '0' && !cond[1]))
+ return !true;
+ return true;
+}
+
+
+
+
+
+static void
+cmd_let (const char *assign_to, char *arg)
+{
+ set_var (assign_to, arg);
+}
+
+
+static void
+cmd_echo (const char *assign_to, char *arg)
+{
+ (void)assign_to;
+ if (!opt_no_echo)
+ printf ("%s\n", arg);
+}
+
+static void
+cmd_send (const char *assign_to, char *arg)
+{
+ (void)assign_to;
+ if (opt_verbose)
+ fprintf (stderr, "sending `%s'\n", arg);
+ write_assuan (server_send_fd, arg);
+}
+
+static void
+handle_status_line (char *arg)
+{
+ char *p;
+
+ for (p=arg; *p && !spacep (p); p++)
+ ;
+ if (*p)
+ {
+ int save = *p;
+ *p = 0;
+ inc_counter (arg);
+ *p = save;
+ }
+ else
+ inc_counter (arg);
+}
+
+static void
+cmd_expect_ok (const char *assign_to, char *arg)
+{
+ (void)assign_to;
+ (void)arg;
+
+ if (opt_verbose)
+ fprintf (stderr, "expecting OK\n");
+ do
+ {
+ char *p = read_assuan (server_recv_fd);
+ if (opt_verbose > 1)
+ fprintf (stderr, "got line `%s'\n", recv_line);
+ if (recv_type == LINE_STAT)
+ handle_status_line (p);
+ }
+ while (recv_type != LINE_OK && recv_type != LINE_ERR);
+ if (recv_type != LINE_OK)
+ die_1 ("expected OK but got `%s'", recv_line);
+}
+
+static void
+cmd_expect_err (const char *assign_to, char *arg)
+{
+ (void)assign_to;
+ (void)arg;
+
+ if (opt_verbose)
+ fprintf (stderr, "expecting ERR\n");
+ do
+ {
+ char *p = read_assuan (server_recv_fd);
+ if (opt_verbose > 1)
+ fprintf (stderr, "got line `%s'\n", recv_line);
+ if (recv_type == LINE_STAT)
+ handle_status_line (p);
+ }
+ while (recv_type != LINE_OK && recv_type != LINE_ERR);
+ if (recv_type != LINE_ERR)
+ die_1 ("expected ERR but got `%s'", recv_line);
+}
+
+static void
+cmd_count_status (const char *assign_to, char *arg)
+{
+ char *p;
+
+ if (!*assign_to || !*arg)
+ die_0 ("syntax error: count-status requires an argument and a variable");
+
+ for (p=arg; *p && !spacep (p); p++)
+ ;
+ if (*p)
+ {
+ for (*p++ = 0; spacep (p); p++)
+ ;
+ if (*p)
+ die_0 ("cmpfiles: syntax error");
+ }
+ set_type_var (assign_to, arg, VARTYPE_COUNTER);
+}
+
+static void
+cmd_openfile (const char *assign_to, char *arg)
+{
+ int fd;
+ char numbuf[20];
+
+ do
+ fd = open (arg, O_RDONLY);
+ while (fd == -1 && errno == EINTR);
+ if (fd == -1)
+ die_2 ("error opening `%s': %s", arg, strerror (errno));
+
+ sprintf (numbuf, "%d", fd);
+ set_type_var (assign_to, numbuf, VARTYPE_FD);
+}
+
+static void
+cmd_createfile (const char *assign_to, char *arg)
+{
+ int fd;
+ char numbuf[20];
+
+ do
+ fd = open (arg, O_WRONLY|O_CREAT|O_TRUNC, 0666);
+ while (fd == -1 && errno == EINTR);
+ if (fd == -1)
+ die_2 ("error creating `%s': %s", arg, strerror (errno));
+
+ sprintf (numbuf, "%d", fd);
+ set_type_var (assign_to, numbuf, VARTYPE_FD);
+}
+
+
+static void
+cmd_pipeserver (const char *assign_to, char *arg)
+{
+ (void)assign_to;
+
+ if (!*arg)
+ die_0 ("syntax error: servername missing");
+
+ start_server (arg);
+}
+
+
+static void
+cmd_quit_if(const char *assign_to, char *arg)
+{
+ (void)assign_to;
+
+ if (eval_boolean (arg))
+ exit (0);
+}
+
+static void
+cmd_fail_if(const char *assign_to, char *arg)
+{
+ (void)assign_to;
+
+ if (eval_boolean (arg))
+ exit (1);
+}
+
+
+static void
+cmd_cmpfiles (const char *assign_to, char *arg)
+{
+ char *p = arg;
+ char *second;
+ FILE *fp1, *fp2;
+ char buffer1[2048]; /* note: both must be of equal size. */
+ char buffer2[2048];
+ size_t nread1, nread2;
+ int rc = 0;
+
+ set_var (assign_to, "0");
+ for (p=arg; *p && !spacep (p); p++)
+ ;
+ if (!*p)
+ die_0 ("cmpfiles: syntax error");
+ for (*p++ = 0; spacep (p); p++)
+ ;
+ second = p;
+ for (; *p && !spacep (p); p++)
+ ;
+ if (*p)
+ {
+ for (*p++ = 0; spacep (p); p++)
+ ;
+ if (*p)
+ die_0 ("cmpfiles: syntax error");
+ }
+
+ fp1 = fopen (arg, "rb");
+ if (!fp1)
+ {
+ err ("can't open `%s': %s", arg, strerror (errno));
+ return;
+ }
+ fp2 = fopen (second, "rb");
+ if (!fp2)
+ {
+ err ("can't open `%s': %s", second, strerror (errno));
+ fclose (fp1);
+ return;
+ }
+ while ( (nread1 = fread (buffer1, 1, sizeof buffer1, fp1)))
+ {
+ if (ferror (fp1))
+ break;
+ nread2 = fread (buffer2, 1, sizeof buffer2, fp2);
+ if (ferror (fp2))
+ break;
+ if (nread1 != nread2 || memcmp (buffer1, buffer2, nread1))
+ {
+ rc = 1;
+ break;
+ }
+ }
+ if (feof (fp1) && feof (fp2) && !rc)
+ {
+ if (opt_verbose)
+ err ("files match");
+ set_var (assign_to, "1");
+ }
+ else if (!rc)
+ err ("cmpfiles: read error: %s", strerror (errno));
+ else
+ err ("cmpfiles: mismatch");
+ fclose (fp1);
+ fclose (fp2);
+}
+
+static void
+cmd_getenv (const char *assign_to, char *arg)
+{
+ const char *s;
+ s = *arg? getenv (arg):"";
+ set_var (assign_to, s? s:"");
+}
+
+
+
+
+/* Process the current script line LINE. */
+static int
+interpreter (char *line)
+{
+ static struct {
+ const char *name;
+ void (*fnc)(const char*, char*);
+ } cmdtbl[] = {
+ { "let" , cmd_let },
+ { "echo" , cmd_echo },
+ { "send" , cmd_send },
+ { "expect-ok" , cmd_expect_ok },
+ { "expect-err", cmd_expect_err },
+ { "count-status", cmd_count_status },
+ { "openfile" , cmd_openfile },
+ { "createfile", cmd_createfile },
+ { "pipeserver", cmd_pipeserver },
+ { "quit" , NULL },
+ { "quit-if" , cmd_quit_if },
+ { "fail-if" , cmd_fail_if },
+ { "cmpfiles" , cmd_cmpfiles },
+ { "getenv" , cmd_getenv },
+ { NULL }
+ };
+ char *p, *save_p;
+ int i, save_c;
+ char *stmt = NULL;
+ char *assign_to = NULL;
+ char *must_free = NULL;
+
+ for ( ;spacep (line); line++)
+ ;
+ if (!*line || *line == '#')
+ return 0; /* empty or comment */
+ p = expand_line (line);
+ if (p)
+ {
+ must_free = p;
+ line = p;
+ for ( ;spacep (line); line++)
+ ;
+ if (!*line || *line == '#')
+ {
+ free (must_free);
+ return 0; /* empty or comment */
+ }
+ }
+ for (p=line; *p && !spacep (p) && *p != '='; p++)
+ ;
+ if (*p == '=')
+ {
+ *p = 0;
+ assign_to = line;
+ }
+ else if (*p)
+ {
+ for (*p++ = 0; spacep (p); p++)
+ ;
+ if (*p == '=')
+ assign_to = line;
+ }
+ if (!*line)
+ die_0 ("syntax error");
+ stmt = line;
+ save_c = 0;
+ save_p = NULL;
+ if (assign_to)
+ { /* this is an assignment */
+ for (p++; spacep (p); p++)
+ ;
+ if (!*p)
+ {
+ unset_var (assign_to);
+ free (must_free);
+ return 0;
+ }
+ stmt = p;
+ for (; *p && !spacep (p); p++)
+ ;
+ if (*p)
+ {
+ save_p = p;
+ save_c = *p;
+ for (*p++ = 0; spacep (p); p++)
+ ;
+ }
+ }
+ for (i=0; cmdtbl[i].name && strcmp (stmt, cmdtbl[i].name); i++)
+ ;
+ if (!cmdtbl[i].name)
+ {
+ if (!assign_to)
+ die_1 ("invalid statement `%s'\n", stmt);
+ if (save_p)
+ *save_p = save_c;
+ set_var (assign_to, stmt);
+ free (must_free);
+ return 0;
+ }
+
+ if (cmdtbl[i].fnc)
+ cmdtbl[i].fnc (assign_to, p);
+ free (must_free);
+ return cmdtbl[i].fnc? 0:1;
+}
+
+
+
+int
+main (int argc, char **argv)
+{
+ char buffer[2048];
+ char *p, *pend;
+
+ if (!argc)
+ invocation_name = "asschk";
+ else
+ {
+ invocation_name = *argv++;
+ argc--;
+ p = strrchr (invocation_name, '/');
+ if (p)
+ invocation_name = p+1;
+ }
+
+
+ set_var ("?","1"); /* defaults to true */
+
+ for (; argc; argc--, argv++)
+ {
+ p = *argv;
+ if (*p != '-')
+ break;
+ if (!strcmp (p, "--verbose"))
+ opt_verbose++;
+ else if (!strcmp (p, "--no-echo"))
+ opt_no_echo++;
+ else if (*p == '-' && p[1] == 'D')
+ {
+ p += 2;
+ pend = strchr (p, '=');
+ if (pend)
+ {
+ int tmp = *pend;
+ *pend = 0;
+ set_var (p, pend+1);
+ *pend = tmp;
+ }
+ else
+ set_var (p, "1");
+ }
+ else if (*p == '-' && p[1] == '-' && !p[2])
+ {
+ argc--; argv++;
+ break;
+ }
+ else
+ break;
+ }
+ if (argc)
+ die ("usage: asschk [--verbose] {-D<name>[=<value>]}");
+
+
+ while (fgets (buffer, sizeof buffer, stdin))
+ {
+ p = strchr (buffer,'\n');
+ if (!p)
+ die_0 ("incomplete script line");
+ *p = 0;
+ if (interpreter (buffer))
+ break;
+ fflush (stdout);
+ }
+ return 0;
+}
+
diff --git a/tests/inittests b/tests/inittests
new file mode 100755
index 0000000..790b92e
--- /dev/null
+++ b/tests/inittests
@@ -0,0 +1,99 @@
+#!/bin/sh
+# Copyright (C) 2002 Free Software Foundation, Inc.
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+set -e
+
+sample_certs='
+cert_g10code_test1.pem
+cert_g10code_pete1.pem
+cert_g10code_theo1.pem
+'
+
+private_keys='
+32100C27173EF6E9C4E9A25D3D69F86D37A4F939
+'
+
+clean_files='
+gpgsm.conf gpg-agent.conf trustlist.txt pubring.kbx
+msg msg.sig msg.unsig
+'
+
+
+[ -z "$srcdir" ] && srcdir=.
+[ -z "$GPGSM" ] && GPGSM=../sm/gpgsm
+
+if [ -d $srcdir/samplekeys ] \
+ && grep TESTS_ENVIRONMENT Makefile >/dev/null 2>&1; then
+ :
+else
+ # During make distclean the Makefile has already been removed,
+ # so we need this extra test.
+ if ! grep gnupg-test-directory testdir.stamp >/dev/null 2>&1; then
+ echo "inittests: please cd to the tests directory first" >&2
+ exit 1
+ fi
+fi
+
+if [ "$1" = "--clean" ]; then
+ if [ -d private-keys-v1.d ]; then
+ rm private-keys-v1.d/* 2>/dev/null || true
+ rmdir private-keys-v1.d
+ fi
+ rm ${clean_files} testdir.stamp 2>/dev/null || true
+ exit 0
+fi
+
+if [ "$GNUPGHOME" != "`/bin/pwd`" ]; then
+ echo "inittests: please set GNUPGHOME to the test directory" >&2
+ exit 1
+fi
+
+if [ -n "$GPG_AGENT_INFO" ]; then
+ echo "inittests: please unset GPG_AGENT_INFO" >&2
+ exit 1
+fi
+
+# A stamp file used with --clean
+echo gnupg-test-directory > testdir.stamp
+
+
+# Create the private key directy if it does not exists and copy
+# the sample keys.
+[ -d private-keys-v1.d ] || mkdir private-keys-v1.d
+for i in ${private_keys}; do
+ cat ${srcdir}/samplekeys/$i.key >private-keys-v1.d/$i.key
+done
+
+# Create the configuration scripts
+# Note, due to an expired test certificate, we need to use
+# the faked system time option.
+cat > gpgsm.conf <<EOF
+no-secmem-warning
+disable-crl-checks
+agent-program ../agent/gpg-agent
+faked-system-time 1038835799
+EOF
+
+cat > gpg-agent.conf <<EOF
+no-grab
+pinentry-program /home/wk/work/pinentry/gtk/pinentry-gtk
+EOF
+
+cat > trustlist.txt <<EOF
+# CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=Düsseldorf,C=DE
+3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E S
+EOF
+
+# Make sure that the sample certs are available but ignore errors here
+# because we are not a test script.
+for i in ${sample_certs}; do
+ $GPGSM --import ${srcdir}/samplekeys/$i || true
+done
diff --git a/tests/openpgp/ChangeLog-2011 b/tests/openpgp/ChangeLog-2011
new file mode 100644
index 0000000..75246dd
--- /dev/null
+++ b/tests/openpgp/ChangeLog-2011
@@ -0,0 +1,379 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2010-05-12 Werner Koch <wk@g10code.com>
+
+ * armor.test: Add test for bug#1179.
+
+ * Makefile.am (TESTS_ENVIRONMENT): New. Start all scripts under
+ the control of the gpg-agent.
+ (prepared.stamp): Create gpg-agent.conf.
+ * defs.inc: Do not create gpg-agent.conf
+ (GNUPGHOME): Check that it is set properly.
+ (GPG_AGENT_INFO): Do not change.
+
+2010-05-11 Werner Koch <wk@g10code.com>
+
+ * genkey1024.test: Use GPG macro.
+
+ * gpg-agent.conf.tmpl: New.
+ * defs.inc: Create gpg-agent.conf
+ (GNUPGHOME): Set and export.
+ (GPG_AGENT_INFO): Unset
+ * Makefile.am (CLEANFILES): Add S.gpg-agent
+
+2009-12-21 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (required_pgms): New.
+ (./gpg_dearmor): Depend on them.
+
+2009-06-05 David Shaw <dshaw@jabberwocky.com>
+
+ * defs.inc: Improved all_cipher_algos and all_hash_algos to work
+ when there are more than one line of algorithms. From 1.4.
+
+2009-04-19 Werner Koch <wk@g10code.com>
+
+ * mkdemodirs (GPG): Use --no-options.
+
+2008-09-29 Werner Koch <wk@g10code.com>
+
+ * clearsig.test: Replace -sat by --clearsign.
+
+2008-03-19 Werner Koch <wk@g10code.com>
+
+ * import.test, bug894-test.asc: New.
+
+2007-12-14 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (./gpg_dearmor): Reverted last change because the
+ real fix is to --no-options.
+
+2007-11-22 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (./gpg_dearmor): Add --homedir so that we don't
+ auto create a ~/.gnupg/. From Gentoo.
+
+2007-10-25 Werner Koch <wk@g10code.com>
+
+ Add missing copyright notices to *.test.
+
+2007-10-25 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ From 1.4 (July):
+
+ * defs.inc (all_cipher_algos): New function to return all ciphers.
+ * defs.inc (all_cipher_algos): New function to return all ciphers
+ we support. This is safer than the previous setup which could
+ hide that some ciphers weren't being tested. Plus, this
+ automatically tests any new ciphers libgcrypt supports.
+ (all_hash_algos): New.
+ * sigs.test: Use it here, and also test with >=160 bit hashes for
+ DSA2.
+ * conventional.test, encrypt.test, encrypt-dsa.test,
+ * conventional-mdc.test: Use it here.
+
+2007-05-02 David Shaw <dshaw@jabberwocky.com>
+
+ * conventional.test, encrypt.test, encrypt-dsa.test,
+ conventional-mdc.test: Fix some broken tests that were only
+ testing 3DES instead of all available ciphers.
+
+2007-03-04 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ * verify.test: Use --allow-multiple-messages instead of
+ --allow-multisig-verification. Two clearsigs in a row counds as a
+ multiple-message test.
+
+2006-11-16 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (plain-large): Use gpg.texi instead of FAQ which
+ won't be found as it is not a source file. Pointed out by Moritz.
+
+2006-10-04 Werner Koch <wk@g10code.com>
+
+ * signencrypt.test: Need to prepend srcdir to the file name
+
+2006-09-27 Werner Koch <wk@g10code.com>
+
+ * signencrypt.test: Add a test for bug 537.
+ * bug537-test.data.asc: New. Taken from the BTS.
+
+2006-08-21 Werner Koch <wk@g10code.com>
+
+ Copied tests from 1.4 and adjusted paths.
+
+2006-04-19 David Shaw <dshaw@jabberwocky.com>
+
+ * sigs.test, mds.test: Add tests for SHA-224, SHA-384, and
+ SHA-512.
+
+2006-04-11 Werner Koch <wk@g10code.com>
+
+ * armor.test: New.
+
+2006-03-09 Werner Koch <wk@g10code.com>
+
+ * defs.inc: Removed Basishm by proper redirection.
+
+2006-03-06 Werner Koch <wk@g10code.com>
+
+ * defs.inc: Print error messages also to stderr. Allow for
+ verbose environment variable.
+ (linefeed): New.
+ (suspend_error, resume_error): New.
+ * verify.test: More tests.
+ * multisig.test: Better error printing.
+ (sig_1ls1ls_valid, sig_ls_valid): Moved to the non-valid group.
+
+2006-02-14 Werner Koch <wk@gnupg.org>
+
+ * verify.test: New.
+
+2005-06-21 Werner Koch <wk@g10code.com>
+
+ * conventional.test (algos): Uhh ohh, cut+paste error and not
+ tested.
+
+2005-06-02 Werner Koch <wk@g10code.com>
+
+ * conventional.test: have_cipher_algo now requires uppercase
+ algorithm names. Changed. Noted by John R. Shannon.
+
+2004-02-09 David Shaw <dshaw@jabberwocky.com>
+
+ * clearsig.test, sigs.test: Properly detect RSA being missing, and
+ use the proper key for doing an RSA test.
+
+2003-12-31 David Shaw <dshaw@jabberwocky.com>
+
+ * clearsig.test, conventional-mdc.test, conventional.test,
+ defs.inc, encrypt-dsa.test, encrypt.test, genkey1024.test,
+ plain-1.asc, plain-1-pgp.asc, plain-2.asc, plain-3.asc,
+ pubring.asc, secring.asc, sigs.test: Rework tests to work properly
+ with a gpg binary that doesn't have all ciphers and all pk algos.
+ Basically, we test for the ciphers we have, only test signing with
+ non-160-bit hashes with RSA (we test all hashes as hashes). Test
+ all key lengths of AES.
+
+2003-12-05 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: Reenable tests now that the Elgamal signature keys
+ are gone.
+
+ * defs.inc, pubring.asc, secring.asc, plain-1.asc, plain-2.asc,
+ plain-3.asc: Remove the old v3 Elgamal keys and replace with
+ RSA+Elgamal and RSA s+e.
+
+2003-12-03 David Shaw <dshaw@jabberwocky.com>
+
+ * options: Remove emulate-md-encode-bug.
+
+2003-11-27 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (TESTS): Temporary remove tests using ElG signatures.
+
+2003-09-04 David Shaw <dshaw@jabberwocky.com>
+
+ * mds.test, sigs.test: Remove TIGER/192 and make SHA-256 optional
+ (since it might not be compiled in).
+
+2003-07-10 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: Add --no-permission-warning to avoid spurious
+ warning when importing demo keys.
+
+2003-05-27 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (CLEANFILES): Add gpg.conf
+
+2003-05-26 David Shaw <dshaw@jabberwocky.com>
+
+ * defs.inc (pgmname): Make sure there is a valid options
+ file. (From wk on stable branch)
+
+ * mds.test: Note that missing algorithms are not errors.
+
+2003-04-23 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am, options.in: Rename options.in to options since it
+ no longer needs to be a generated file.
+
+ * sigs.test: TODO note to add the new SHAs when we start
+ generating them.
+
+ * mds.test: Test the new SHAs.
+
+2002-05-10 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am: Add gpg_dearmor to all targets where it is used.
+ Noted by Andreas Haumer.
+
+2002-04-19 Werner Koch <wk@gnupg.org>
+
+ * signencrypt-dsa.test, sigs-dsa.test: Don't check with MD5 as
+ this is not valid with DSA signatures.
+
+2001-12-22 Werner Koch <wk@gnupg.org>
+
+ * options.in: Add no-permission-warning.
+
+2001-12-21 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (distclean-local): prefix mkdemodirs with srcdir
+ (DISTCLEANFILES): Add random_seed.
+
+2001-12-19 Werner Koch <wk@gnupg.org>
+
+ * options.in: Remove load-extension tiger
+ * Makefile.am (./options): append it if there is such a module.
+
+2001-10-23 Werner Koch <wk@gnupg.org>
+
+ * defs.inc, Makefile.am: Do not use $srcdir when invoking gpg.
+ Write the logfile to the current directory.
+
+2001-09-28 Werner Koch <wk@gnupg.org>
+
+ * defs.inc: Write a log file for each test.
+ * run-gpg, run-gpgm, run-gpg.patterns: Removed. Replaced in all
+ tests by a simple macro from defs.inc.
+ * Makefile.am (CLEANFILES): Remove log files.
+ (./gpg_dearmor): create it and use it instead of the macro.
+ This is needed in multisig.test due to IFS tricks.
+
+ * armsignencrypt.test, signencrypt-dsa.test, signencrypt.test,
+ armencryptp.test, armencrypt.test, encryptp.test, seat.test,
+ encrypt-dsa.test, encrypt.test: Use --always-trust because the
+ test are not designed to check the validity.
+
+2001-09-06 Werner Koch <wk@gnupg.org>
+
+ * genkey1024.test: Simplified by using a parameter file.
+
+2001-05-30 Werner Koch <wk@gnupg.org>
+
+ * multisig.test (IFS): Reset IFS just before the test.
+
+2001-04-30 Werner Koch <wk@gnupg.org>
+
+ * multisig.test: Add an set +x to avoid ksh problems
+
+2001-04-28 Werner Koch <wk@gnupg.org>
+
+ * run-gpg.patterns: a v3 test key expired yesterday, suppress the
+ messages.
+
+2001-03-27 Werner Koch <wk@gnupg.org>
+
+ * defs.inc: Removed creation of options file.
+ * options.in: New.
+ * Makefile.am: Create options file and fixed import of pubdemo.asc.
+
+ * run-gpg.patterns (gpg): Add some more patterns.
+
+2001-03-20 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am: Import the pubdemo.asc file
+
+ * sigs.test (hash_algo_list): s/tiger/tiger192/
+
+2001-03-19 Werner Koch <wk@gnupg.org>
+
+ * mkdemodirs (GPGDEMO): Add --allow-secret-key-import to all gpg
+ invocations. Use echon -n instead of an argument with \c.
+
+2001-02-12 Werner Koch <wk@gnupg.org>
+
+ * multisig.test: new
+ * Makefile.am (TESTS): Added.
+
+2000-10-18 Werner Koch <wk@gnupg.org>
+
+ * conventional-mdc.test: Add Rijndael and fix for empty plain texts.
+
+Thu Feb 10 17:39:44 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * mkdemodirs: Fixed the --clean loop.
+
+Thu Jan 13 19:31:58 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * defs.inc (chdir): Removed becuase it is unsused an plain old sh
+ does not like this name. Reported by Alec Habig.
+
+Tue Oct 26 20:02:23 1999 Werner Koch (wk@gnupg.org)
+
+ * Makefile.am (GPG_DEARMOR): New and use --no-options.
+
+Tue Aug 31 17:20:44 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * defs.inc: set LC_ALL empty
+
+Wed Aug 4 10:34:18 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * defs.inc (echo_n): New and used instead of /bin/echo "\c"
+
+Sun Apr 18 10:11:28 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * mkdemodirs: New
+ * signdemokey: New.
+ * Makefile.am (distclean-local): New.
+
+Wed Mar 17 13:09:03 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * mds.test: replaced the "echo -n"
+
+Mon Mar 8 20:47:17 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * pubdemo.asc, secdemo.asc: New.
+
+Fri Feb 19 15:49:15 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * genkey1024.test: Be really quiet.
+
+1999-01-01 Geoff Keating <geoffk@ozemail.com.au>
+
+ * Makefile.am (CLEANFILES): Also delete trustdb and any leftover
+ lockfiles.
+
+Fri Nov 27 15:30:24 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * clearsig.test: Some more test cases.
+
+Sun Oct 25 18:19:35 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * mds.test: Check whether TIGER is available.
+ * sigs.tesr: Ditto.
+
+Wed Sep 23 12:25:07 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * run-gpg.patterns: New (because Solaris fgrep does not like -f -).
+
+Mon Aug 10 21:33:38 1998 Werner Koch (wk@(none))
+
+ * genkey1024.test: Ariel fixed this.
+
+Wed Jul 8 10:43:47 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * seat.test: New.
+
+Mon May 18 15:40:02 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * Makefile.am: Now uses mk-tdata to produce random test data.
+
+ * ChangeLog: New.
+
+
+ Copyright 1998, 1999, 2000, 2001, 2007 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
new file mode 100644
index 0000000..837298d
--- /dev/null
+++ b/tests/openpgp/Makefile.am
@@ -0,0 +1,124 @@
+# Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+# Process this file with automake to create Makefile.in
+
+GPG_IMPORT = ../../g10/gpg2 --homedir . \
+ --quiet --yes --no-permission-warning --import
+
+# Programs required before we can run these tests.
+required_pgms = ../../g10/gpg2 ../../agent/gpg-agent \
+ ../../tools/gpg-connect-agent
+
+
+TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C \
+ ../../agent/gpg-agent --quiet --daemon sh
+
+
+TESTS = version.test mds.test \
+ decrypt.test decrypt-dsa.test \
+ sigs.test sigs-dsa.test \
+ encrypt.test encrypt-dsa.test \
+ seat.test clearsig.test encryptp.test detach.test \
+ armsigs.test armencrypt.test armencryptp.test \
+ signencrypt.test signencrypt-dsa.test \
+ armsignencrypt.test armdetach.test \
+ armdetachm.test detachm.test genkey1024.test \
+ conventional.test conventional-mdc.test \
+ multisig.test verify.test armor.test \
+ import.test
+
+
+TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
+ plain-1.asc plain-2.asc plain-3.asc plain-1-pgp.asc \
+ pubring.pkr.asc secring.skr.asc secdemo.asc pubdemo.asc \
+ gpg.conf.tmpl gpg-agent.conf.tmpl \
+ bug537-test.data.asc bug894-test.asc
+
+DATA_FILES = data-500 data-9000 data-32000 data-80000 plain-large
+
+EXTRA_DIST = defs.inc $(TESTS) $(TEST_FILES) ChangeLog-2011 \
+ mkdemodirs signdemokey
+
+# Note that removing S.gpg-agent forces a running gpg-agent to
+# terminate after some time.
+CLEANFILES = prepared.stamp x y yy z out err $(DATA_FILES) \
+ plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \
+ *.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \
+ pubring.gpg secring.gpg pubring.pkr secring.skr
+
+DISTCLEANFILES = pubring.gpg~ random_seed
+
+
+all-local: prepared.stamp
+
+distclean-local:
+ $(srcdir)/mkdemodirs --clean
+
+prepared.stamp: ./pubring.gpg ./secring.gpg ./plain-1 ./plain-2 ./plain-3 \
+ ./pubring.pkr ./secring.skr ./gpg_dearmor $(DATA_FILES)
+ $(GPG_IMPORT) $(srcdir)/pubdemo.asc
+ cat $(srcdir)/gpg-agent.conf.tmpl > gpg-agent.conf
+ echo timestamp >./prepared.stamp
+
+
+# We need to depend on a couple of programs so that the tests don't
+# start before all programs are built.
+./gpg_dearmor: $(required_pgms)
+ echo '#!/bin/sh' >./gpg_dearmor
+ echo "../../g10/gpg2 --no-options --no-greeting \
+ --no-secmem-warning --batch --dearmor" >>./gpg_dearmor
+ chmod 755 ./gpg_dearmor
+
+./pubring.gpg: $(srcdir)/pubring.asc $(srcdir)/pubdemo.asc ./gpg_dearmor
+ ./gpg_dearmor > ./pubring.gpg < $(srcdir)/pubring.asc
+
+./secring.gpg: $(srcdir)/secring.asc ./gpg_dearmor
+ ./gpg_dearmor > ./secring.gpg < $(srcdir)/secring.asc
+
+./pubring.pkr: $(srcdir)/pubring.pkr.asc ./gpg_dearmor
+ ./gpg_dearmor > ./pubring.pkr < $(srcdir)/pubring.pkr.asc
+
+./secring.skr: $(srcdir)/secring.skr.asc ./gpg_dearmor
+ ./gpg_dearmor > ./secring.skr < $(srcdir)/secring.skr.asc
+
+./plain-1: $(srcdir)/plain-1o.asc ./gpg_dearmor
+ ./gpg_dearmor > ./plain-1 < $(srcdir)/plain-1o.asc
+
+./plain-2: $(srcdir)/plain-2o.asc ./gpg_dearmor
+ ./gpg_dearmor > ./plain-2 < $(srcdir)/plain-2o.asc
+
+./plain-3: $(srcdir)/plain-3o.asc ./gpg_dearmor
+ ./gpg_dearmor > ./plain-3 < $(srcdir)/plain-3o.asc
+
+
+data-500:
+ ../../tools/mk-tdata 500 >data-500
+data-9000:
+ ../../tools/mk-tdata 9000 >data-9000
+data-32000:
+ ../../tools/mk-tdata 32000 >data-32000
+data-80000:
+ ../../tools/mk-tdata 80000 >data-80000
+plain-large:
+ cat $(srcdir)/../../doc/HACKING \
+ $(srcdir)/../../doc/DETAILS \
+ $(srcdir)/../../doc/gpg.texi >plain-large
+
+# To speed up key generation we create a dummy random seed file
+random_seed:
+ ../../tools/mk-tdata 600
+
diff --git a/tests/openpgp/Makefile.in b/tests/openpgp/Makefile.in
new file mode 100644
index 0000000..1a617e7
--- /dev/null
+++ b/tests/openpgp/Makefile.in
@@ -0,0 +1,660 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+# Process this file with automake to create Makefile.in
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = tests/openpgp
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__tty_colors = \
+red=; grn=; lgn=; blu=; std=
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+GPG_IMPORT = ../../g10/gpg2 --homedir . \
+ --quiet --yes --no-permission-warning --import
+
+
+# Programs required before we can run these tests.
+required_pgms = ../../g10/gpg2 ../../agent/gpg-agent \
+ ../../tools/gpg-connect-agent
+
+TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C \
+ ../../agent/gpg-agent --quiet --daemon sh
+
+TESTS = version.test mds.test \
+ decrypt.test decrypt-dsa.test \
+ sigs.test sigs-dsa.test \
+ encrypt.test encrypt-dsa.test \
+ seat.test clearsig.test encryptp.test detach.test \
+ armsigs.test armencrypt.test armencryptp.test \
+ signencrypt.test signencrypt-dsa.test \
+ armsignencrypt.test armdetach.test \
+ armdetachm.test detachm.test genkey1024.test \
+ conventional.test conventional-mdc.test \
+ multisig.test verify.test armor.test \
+ import.test
+
+TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
+ plain-1.asc plain-2.asc plain-3.asc plain-1-pgp.asc \
+ pubring.pkr.asc secring.skr.asc secdemo.asc pubdemo.asc \
+ gpg.conf.tmpl gpg-agent.conf.tmpl \
+ bug537-test.data.asc bug894-test.asc
+
+DATA_FILES = data-500 data-9000 data-32000 data-80000 plain-large
+EXTRA_DIST = defs.inc $(TESTS) $(TEST_FILES) ChangeLog-2011 \
+ mkdemodirs signdemokey
+
+
+# Note that removing S.gpg-agent forces a running gpg-agent to
+# terminate after some time.
+CLEANFILES = prepared.stamp x y yy z out err $(DATA_FILES) \
+ plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \
+ *.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \
+ pubring.gpg secring.gpg pubring.pkr secring.skr
+
+DISTCLEANFILES = pubring.gpg~ random_seed
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/openpgp/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu tests/openpgp/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ echo "$$grn$$dashes"; \
+ else \
+ echo "$$red$$dashes"; \
+ fi; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes$$std"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-local
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: all all-am all-local check check-TESTS check-am clean \
+ clean-generic distclean distclean-generic distclean-local \
+ distdir dvi dvi-am html html-am info info-am install \
+ install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic pdf pdf-am ps ps-am uninstall uninstall-am
+
+
+all-local: prepared.stamp
+
+distclean-local:
+ $(srcdir)/mkdemodirs --clean
+
+prepared.stamp: ./pubring.gpg ./secring.gpg ./plain-1 ./plain-2 ./plain-3 \
+ ./pubring.pkr ./secring.skr ./gpg_dearmor $(DATA_FILES)
+ $(GPG_IMPORT) $(srcdir)/pubdemo.asc
+ cat $(srcdir)/gpg-agent.conf.tmpl > gpg-agent.conf
+ echo timestamp >./prepared.stamp
+
+# We need to depend on a couple of programs so that the tests don't
+# start before all programs are built.
+./gpg_dearmor: $(required_pgms)
+ echo '#!/bin/sh' >./gpg_dearmor
+ echo "../../g10/gpg2 --no-options --no-greeting \
+ --no-secmem-warning --batch --dearmor" >>./gpg_dearmor
+ chmod 755 ./gpg_dearmor
+
+./pubring.gpg: $(srcdir)/pubring.asc $(srcdir)/pubdemo.asc ./gpg_dearmor
+ ./gpg_dearmor > ./pubring.gpg < $(srcdir)/pubring.asc
+
+./secring.gpg: $(srcdir)/secring.asc ./gpg_dearmor
+ ./gpg_dearmor > ./secring.gpg < $(srcdir)/secring.asc
+
+./pubring.pkr: $(srcdir)/pubring.pkr.asc ./gpg_dearmor
+ ./gpg_dearmor > ./pubring.pkr < $(srcdir)/pubring.pkr.asc
+
+./secring.skr: $(srcdir)/secring.skr.asc ./gpg_dearmor
+ ./gpg_dearmor > ./secring.skr < $(srcdir)/secring.skr.asc
+
+./plain-1: $(srcdir)/plain-1o.asc ./gpg_dearmor
+ ./gpg_dearmor > ./plain-1 < $(srcdir)/plain-1o.asc
+
+./plain-2: $(srcdir)/plain-2o.asc ./gpg_dearmor
+ ./gpg_dearmor > ./plain-2 < $(srcdir)/plain-2o.asc
+
+./plain-3: $(srcdir)/plain-3o.asc ./gpg_dearmor
+ ./gpg_dearmor > ./plain-3 < $(srcdir)/plain-3o.asc
+
+data-500:
+ ../../tools/mk-tdata 500 >data-500
+data-9000:
+ ../../tools/mk-tdata 9000 >data-9000
+data-32000:
+ ../../tools/mk-tdata 32000 >data-32000
+data-80000:
+ ../../tools/mk-tdata 80000 >data-80000
+plain-large:
+ cat $(srcdir)/../../doc/HACKING \
+ $(srcdir)/../../doc/DETAILS \
+ $(srcdir)/../../doc/gpg.texi >plain-large
+
+# To speed up key generation we create a dummy random seed file
+random_seed:
+ ../../tools/mk-tdata 600
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tests/openpgp/armdetach.test b/tests/openpgp/armdetach.test
new file mode 100755
index 0000000..e4bbb1f
--- /dev/null
+++ b/tests/openpgp/armdetach.test
@@ -0,0 +1,19 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+
+#info Checking armored detached signatures
+for i in $plain_files $data_files ; do
+ echo "$usrpass1" | $GPG --passphrase-fd 0 -sab -o x --yes $i
+ $GPG -o /dev/null --yes x <$i || error "$i: bad signature"
+done
+
diff --git a/tests/openpgp/armdetachm.test b/tests/openpgp/armdetachm.test
new file mode 100755
index 0000000..67d9628
--- /dev/null
+++ b/tests/openpgp/armdetachm.test
@@ -0,0 +1,17 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+#info Checking armored detached signatures of multiple files
+i="$plain_files $data_files"
+echo "$usrpass1" | $GPG --passphrase-fd 0 -sab -o x --yes $i
+cat $i | $GPG -o /dev/null --yes x || error "$i: bad signature"
+
diff --git a/tests/openpgp/armencrypt.test b/tests/openpgp/armencrypt.test
new file mode 100755
index 0000000..df37294
--- /dev/null
+++ b/tests/openpgp/armencrypt.test
@@ -0,0 +1,19 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+#info Checking armored encryption
+for i in $plain_files $data_files ; do
+ $GPG --always-trust -ea -o x --yes -r "$usrname2" $i
+ $GPG -o y --yes x
+ cmp $i y || error "$i: mismatch"
+done
+
diff --git a/tests/openpgp/armencryptp.test b/tests/openpgp/armencryptp.test
new file mode 100755
index 0000000..9246b6d
--- /dev/null
+++ b/tests/openpgp/armencryptp.test
@@ -0,0 +1,20 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+#info Checking armored encryption with a pipe
+for i in $plain_files $data_files ; do
+ $GPG --always-trust -ea --yes -r "$usrname2" < $i | tee x | $GPG -o y --yes
+ cmp $i y || error "$i: mismatch"
+ $GPG --yes < x > y
+ cmp $i y || error "$i: mismatch"
+done
+
diff --git a/tests/openpgp/armor.test b/tests/openpgp/armor.test
new file mode 100755
index 0000000..cb3c892
--- /dev/null
+++ b/tests/openpgp/armor.test
@@ -0,0 +1,764 @@
+#!/bin/sh
+# Regression tests pertaining to the armoring.
+# Copyright 2006, 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+armored_key_8192='-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: SKS 1.0.9
+
+mQGiBDnKLQkRBACVlYh6HivoRjHzGedNpnYPISxImK3eFgt+qs/DD9rqhBOSUTYvmKfa1u7M
+W4XDc23YEoq3MyhtC35IL2RH6rmeIPz7ZVK5rUKWMqzf94n58gIkgdDZgCcaDWImtZFSjji4
+TGhepaIz75iIbymvtnjr9d++fH/lFkz0HDjbOkXCfwCg9GeOjiWw1yBK8cO11acAjk+QpW8D
+/i8ftC1hV0iuh9mswYeG05pBbeeaOW4I2Ps4IcecpXhSyPaP1YiXKRqg9GX2brNgXwc3MEiq
+Wn4UU407RzjrUNF4/d20Q7N2g2MDUDzBtmMytfT2LLKlj53Cq+p510yXESA7UHjiOpRrHPN9
+R69wHmHPsLPkdkB/jRTSM1gzQNtXA/96bRpfGMtCssfB449gBA/kYF14iXUM5KTF6YPSFhCC
+xPGNMoP1uxTk0NHvcYZe4zW2O6b/f9x5Lh15RI1ozWXakX6u3xEV3OqsvVTtXupe4MljHQlX
+YwMDI3MUzFtnHR+He1Bw5lkBVWtkV7rX2kX749J1EgADwlNEP1KFRdjqi7QhU3VzdW11IE9T
+QVdBIDxzdXN1bXVvQGRlYmlhbi5vcmc+iEYEEBECAAYFAjvNYPUACgkQU+WZW1FVMwrlTACf
+RigokAWd1OqYtcOt3v829fhNqYEAnR9uUslZr6B6RaW0z8/BZZuhGuLViEYEEBECAAYFAjzG
+evgACgkQfGUzr9MtPXGWyACg066aP5SSkBHWqqYGGLZv9sVRMNIAoIEHBI1gq4rPJatYDdau
+Ni6DUTkGiEYEEBECAAYFAjzGfBAACgkQ9D5yZjzIjAlTqACeJmtp9kpfljkARhfa3QTc2Q56
+WKkAoJmUchp+fAceVeFncpFeo6leM1YhiEYEEBECAAYFAjzGftIACgkQ2QCnNZ2xmQQCegCg
+rdTsTWzaZk6gF+mtvIDwKsUx8gwAnRUbdDfOP0qL+83Bbz2r/IzPxjCEiEYEEBECAAYFAj2T
+Rd0ACgkQFwU5DuZsm7BfXQCeNVG09VZ2VnuuWTRbgoANXGIyRb0AoI/giUU4DcIpAPbcoNV7
+PzCIreyviEYEExECAAYFAj2508wACgkQ0pu//EQuY8KiUwCdHijK7Wkim2FUPU6i6KxwRH/k
+kFwAn1sOAWVOrLfRBfrNNQBANpbr5ufniEYEExECAAYFAj27vpsACgkQKb5dImj9VJ9m2wCc
+DeL9IkWpytXLPFhKCH9U9XhzPA4AnRjiY3y6AdNhbUgG/eS8Dumch0dniEYEExECAAYFAj5q
+MCcACgkQO/YJxouvzb2O5QCghtxYfrIcbfTcBwvz9vG1sBHkQSkAnj3PMjN9dk1x1e4rUD9d
+S00JOoI0iFYEExECABYFAjnKLQkECwoEAwMVAwIDFgIBAheAAAoJEN7sjAneQVsOUfcAoNgN
+xaeqMn5EWO2MkwVvVrLjWI2FAKDLnp19rJsU69OK7qHqfMeGWFXsQYheBBMRAgAWBQI5yi0J
+BAsKBAMDFQMCAxYCAQIXgAASCRDe7IwJ3kFbDgdlR1BHAAEBUfcAoNgNxaeqMn5EWO2MkwVv
+VrLjWI2FAKDLnp19rJsU69OK7qHqfMeGWFXsQYiVAwUQOcrkWi2pLp/VI9wNAQE5mAP/WW9g
+shqGqWN/rWevpVKlzwqGSqMUq6E2K34dHrFdqd/WnY8ng5zAd66Ey3OLS5x9/+KI6W9MU5OI
+WmxOfrp7PxwqLrQH/BruPTHe9mZbkSyjWIS/V+W8/lYtzIUYTd0584+1x7cK6jah3mAdFu5t
+8fr1k3NyVXFH66dLrLF0bBu0JFN1c3VtdSBPU0FXQSA8c3VzdW11LW9AZGViaWFuLm9yLmpw
+PohGBBARAgAGBQI7zWD4AAoJEFPlmVtRVTMKpEEAn0Oxl1tcdFf6LxiG2URD7kmHNm+iAJ9l
+uLXjsYvo0OXlG1HlaFkFduhgp4hGBBARAgAGBQI8xnr7AAoJEHxlM6/TLT1xZlEAnjSeGhDQ
+mbidMrjv4nOaWWDePjN7AKDXoHEhZbpUIJLJBgS4jZfuGtT3VYhGBBARAgAGBQI8xnwTAAoJ
+EPQ+cmY8yIwJTjEAnAllI6IPXWJlHjtwqlHHwprrZG4eAJwMTl5Rbqu1lf+Lmz3N8QBrcTjn
+zYhGBBARAgAGBQI8xn7VAAoJENkApzWdsZkE6M4AoIpVj26AQLU6dtiJuLNMio8jKx/AAJ9n
+8VzpA4GFEL3Rg2eqNvuQC0bJp4hGBBARAgAGBQI9k0XgAAoJEBcFOQ7mbJuwsaUAnRIT1q2W
+kEgui423U/TVWLvSp2/aAKDG6xkJ+tdAmBnO5CcQcNswRmK4NIhGBBMRAgAGBQI9u76dAAoJ
+ECm+XSJo/VSfDJQAn0pZLQJhXUWzasjG2s2L8egRvvkmAJ4yTxKBoZbvtruTf//8HwNLRs9W
+v4hGBBMRAgAGBQI+ajAuAAoJEDv2CcaLr829bTYAoJzZa95z3Ty/rVS8Q5viOnicJwtOAKCG
+RKoaw3UZfpm6RLHZ4aHlYxCA0YhXBBMRAgAXBQI6aHxFBQsHCgMEAxUDAgMWAgECF4AACgkQ
+3uyMCd5BWw4I+ACfQhdkd2tu9qqWuWW7O1GsLpb359oAoLleotCCH4La5L5ZE/cPIde9+p8o
+iF8EExECABcFAjpofEUFCwcKAwQDFQMCAxYCAQIXgAASCRDe7IwJ3kFbDgdlR1BHAAEBCPgA
+n0IXZHdrbvaqlrlluztRrC6W9+faAKC5XqLQgh+C2uS+WRP3DyHXvfqfKLQlU3VzdW11IE9T
+QVdBIDxzdXN1bXUtb0Bnb2ZvcndhcmQub3JnPohGBBARAgAGBQI7zWD4AAoJEFPlmVtRVTMK
+aY0An0oI4Fwko9YsVWS+0M3/Tpc8FB2eAJ4oALojFgFkOWYT97dh8rTQW8BhyohGBBARAgAG
+BQI8xnr7AAoJEHxlM6/TLT1xsXcAoJV/9zoudxvWy+LwktkGyCB7aTx4AJ0Z8GWmx2/C4W2M
+tSyaUscY3X19uYhGBBARAgAGBQI8xnwTAAoJEPQ+cmY8yIwJpxQAn3efnPpctMJFDQomRDbo
+7Q8rg6r4AKCq7LZmOaXvyrBF/JcYjOCLtYMPIIhGBBARAgAGBQI8xn7VAAoJENkApzWdsZkE
+iB0AnRQs0XjhpGOpR1lyEOuZkm2xxHPzAJ9Is3sG9UMOr+YS5V1GXXiFM29S3YhGBBARAgAG
+BQI9k0XgAAoJEBcFOQ7mbJuwjiAAn2wcQP9HreVLCSQruB1wnX/s79ZcAKCRcecLF+wiRo59
+JJvwtnxp2W24EYhGBBMRAgAGBQI9u76dAAoJECm+XSJo/VSftKUAoJQ/cYKqkyOLSOelU8eM
+plFiFJlPAJwK7B0HrN+tDmR7r8Hc0GrRrbAuvYhGBBMRAgAGBQI+ajAuAAoJEDv2CcaLr829
+PX0An2kfEs+3iR5qV35EQlCdL5ITZCSNAKCf8HErpT620TUhU6hI7vW5R3LNgohXBBMRAgAX
+BQI6aHxeBQsHCgMEAxUDAgMWAgECF4AACgkQ3uyMCd5BWw5HzwCdF8w3WjnwTvktko3ZB7IM
+mFLKvSQAn3GbioDBdV+j6xuhSI90osLMu1jgiF8EExECABcFAjpofF4FCwcKAwQDFQMCAxYC
+AQIXgAASCRDe7IwJ3kFbDgdlR1BHAAEBR88AnRfMN1o58E75LZKN2QeyDJhSyr0kAJ9xm4qA
+wXVfo+sboUiPdKLCzLtY4IkBIgQQAQIADAUCQpGGggUDABJ1AAAKCRCXELibyletfJEKCACw
+Yf5qY4J3RtHnC56HmGiW4GXaahJpBQ1JcWmfx7CkTqJPQveg+KQ4pfLuJvZ8v4YqPZCxPOeK
+/ZhIO48UB4obcD8BZdSkRA4QBamRp8iqcgrCot/LA5xQu9tivIhUJP/1dT6PmDy4DAV3Flgt
+HgED5niVESDPfz3Gjff5iWWIs6dM3bycxoTcFWLz++578aOasoq9T8Tfua9H8UrouVz3+6TK
+xG0rGeb2jOQOQcbLCn3soU/Z60H3SvJYHzgxlS5bqIybrjo3sAnuus/kisrmNjeFfQBdl9v+
+GnK65D1tmBa1+6a95uHb+OG4eHzIXmvnDI4A1RhRKiZ/kpVsT7RViQEiBBABAgAMBQJCo1H8
+BQMAEnUAAAoJEJcQuJvKV618bJgIAMb9Xiv8ps3quJ9ByHhbIQtBOymH0fFiodsutPrcR2Af
+1lc/eh3Ik20Z9Ba3g5V6eUW+3sjpDsjKtI1CXuRq0Zgmze3hrUTMRmyrLoaHPocrqfj2G9mW
+y2OomLHMDurcJFQkSUJioI4Kxo+1NBZmylPKUEeIEoP8UBJbKxf78dVh00ZUecwZcn9lLiZA
+TycRQ0WTT1Yv1fI+tBmvSrpMSe+0k+JS+QigvINN5vUxaV1cN6mkREPYVm7oHzPCQ2C9NX1q
+cI/Wkc38ieZw1Sv9vyPCCL6MYd/2t1209a/ZKADaw5l+mhyWUqIT6SXPLxMDy0NvPhTKdDr1
+7S5LOcKhwPqJASIEEAECAAwFAkK2pukFAwASdQAACgkQlxC4m8pXrXxvUQgAlfw6doD0JHtY
+iN9uCp2M1orLKS/zm66e9eiYPJwbim96KiwP98Ti5J+QO5hZdT3dhW2Avw5JPFiQukSc/rjT
+1YHRyuhZfXKhQhsjom5JmyFSdeIzjnz0PIM2qZaK4OfFihleQfQ8Y94wkPwYtkEXxpBQSClg
+Xk6QJEql34sQexIDM7VsREwv/eIQ73RMquat4RZP1L3h4nj1UJu/X7ey3HVVo61gH0RIAR+A
+adv59AAp//TkKUNIRCHOsIpFCXHjJsJxRvJKhiz3T6FhqFEQNF2tDJKHFV1FcLAIEZheuGOV
+fKNXgmvVATPHrJsg5HsZACg/aRFq9NL9FYskFyGcB4kBIgQQAQIADAUCQrdR0QUDABJ1AAAK
+CRCXELibyletfMNMB/49u9oQzbmTtmHaoKuvou7OA6zmrfeu5X9vV1efZgItF78J7G19fVt8
+K3e6kn0KGYVL+FTbPdEbvrYTb+jfMkzrHooxQYSr0j8Baqfh2bMuZzuw2pVtgBUTYHoihNjQ
+lv6GPtF7Y3CVWLUYXZ25yqY3Hzh9YneoH8bUVFZWxRFitqGB+noFpvm0YXrCJZ19BDNTQlx7
+5quAl4KTNOAxapsKaBrz/4PrnNbuwZBkzP5EEuEyjTM+6UBhxibXfdWKnZw6ky7k6tuUsc68
+qfQJBK6KBmVLflZ5nrd2N90Ueb0m3xfzdncBAZb43THGhi6XyZ4jvbMjvjm3MCGuUosYYbT6
+iQEiBBABAgAMBQJCyQLdBQMAEnUAAAoJEJcQuJvKV618Jz0IAKstm2VX39p4Lt4k55ZdOqXG
+CqHCFT5YYOVcnptx8dKTpHWQXpI2lUJBAcWz0IAXXFhyUbGpvS1E9T/pYF97RSSsQyTncQll
+mLbzy3fESVkGT9xpEvF7ZaK+61BKuWFpbKRdpy5wWakk0GRyF0156vxm7vQh4XI91TwXj7DA
+v6KYWdjnHcEB8O9jLw6RlD4Y6dKjb/v7vTY6dGmYYyOQVK+Bmr/8vVcNDf+tevExsytTu4FZ
+tL9yp+yHODfHP5LZk3mC7UGR/mUKFDYhuEzzIU5ozc6qUfC5ViGt2Hjg45i2T79WeSV0UHSE
+8c3JOgE3e7A71bQEUJygPC9S+RTuc8aJASIEEAECAAwFAkLMT3oFAwASdQAACgkQlxC4m8pX
+rXwoBgf+MEjA/hx7UMl6LHwheZ9qzH/4P1d4CU46SzoC/XEPqWGs9sJw0dKxEAnRZgrG1WMP
+Ml127bOHby5WWDa/xGi0siYM64F386SG0W42FD67vPK9mMPnCDIQ4xn5gGoqUUl8ZzFG0eNv
+XRg0bmMVmoZFvaUyf0uah/0dYCYplgAjJtmC3cmNuJ98PoYEVHMKKGtPW4fVf+TcN90HVjXU
+kr0GnAvRegb3ZXnte3GrOe3jOfXjfjZMyEM6a16FFuKHmykgfyX/I4tS9GqoxPZ6s0KARKn0
+YLZUuxxFL7i1VaGJR/9duyUc8T0BLc9O4TxNuvd1vd5UKVVmTL04fe0q1Bfu4okBIgQQAQIA
+DAUCQtGX8QUDABJ1AAAKCRCXELibyletfNEoCACtKtfWhAfkxLqPihQMbvwXTuSszG61XNYb
+a41gTOpjADF2jQAQ2y8oilVyr5RgSvug8knik3EitSpBOOg0o5Y9NHF3e+85r27m8T5cP3g5
+GHAeugRFDqMXXioiAw9WoyvG9ruMY4caD3gAuogM4hB/3EMEHSlMylMrXLUtbGkQKqkLVJQn
+7V/3SVG8zfUyGb0lSFaGtHFa6LaIIuvJwkQYGMT/SiK7ISqPKOPD7kKRWhxjgcfzVthqGORn
+uQGi+316fdA+JzEYOI/gGdcZsbN/KrMSNQ0DOdSRIeiATy9M0fd+8QtUPOCtaDKLYISSrm72
+xgnKbussJRxAPjxo66dPiQEiBBABAgAMBQJC42DIBQMAEnUAAAoJEJcQuJvKV6181SUIAL/P
+gZhrwepyFUhr+nlYvxeflrxgR9Yl1aNtTngcOYlFU273cs3XnkczIpkg4fVikY5s56Y42G8F
+NvqRu0M0eL5kJvYi50NNMQnf39GkZZp2LrL9bZ9n7ysWU5tiOJsxCBnaOiAg/p6vCUVN3NV+
+t8vRP1fHwPsd5tYEBqA/g4g1U0xJAG+JqJftSDRDLxfTZ16hBdHzlQ3opqMMmW5Mv005p4o+
+buh4HzQLmBHDE98BeZ7CpjYeXY23bu8oi0tvkcTjCEeBWrXWfA3pKSX5HH63nmG3ryKuP0tr
+1A2gTgs9JtLXnGFJUdVYULiQbU781wR6+9o/0h6NuCJDPmJMNmmJASIEEAECAAwFAkLmBFIF
+AwASdQAACgkQlxC4m8pXrXxYZwf/ah4IaTK3CbtqF1+4uz7VVRKemSaNg3jMKLey2simqAQs
+1JwqkLuwEgrwF7XiejfLAvX0/yFqJZkdtDFqeK0VrwOq3WIpfj7+g5B9YSW0CkasD0HUci/l
+oXQiT9CN7PAe1vM5X4X3cqlXfC9tmU7fH7kc0kULxYHAfn96nZQklZS9aVecJ0H+pqMlPoDt
+xtxweNa7UJWAanO9kbPZ/xEdSlkuqzk1CK6ThURedc2lCE+qobPpUZri1FEvMBjyXoQ9MyD6
+AFWfax9eNn1ZSRq9t2WpPyFSQmCvyGETHyvM2BBiFR6UAQUKdr+d4ZE09cR0wXpEtoqaNeJ8
+AidTEGkuLYkBIgQQAQIADAUCQuydlwUDABJ1AAAKCRCXELibyletfLsbB/0X/Jafv+v43U26
+W3HD5XdmHaNdxm7uthGzGGzATGcTAUd3/t8fyVFk2XgmUYxtz0wHUdM8GiyK0tpKBu6wqcbO
+nGkBlvC1m6Blxy+PvpJxQ2sK4ycN8ToEEn/7HCCJesS2fvDudXkvdvskXkxZprPWe7JTHNxj
+fvESUAbLLmSpNGflZnMAOfuQP0hFBQr4D5FEA+zMf7FtrwkBanXt6W65xxEIJ/239ctCsRe8
+jIQ4LesYQN7hyX6x9bP9h3tEw6+OtvjYbMH+2B/3muNVac/9bYqi9rnuGew9eAjmdmm0u8T5
+7Iboy5mUDH2wjpRo6MGU1cHe4oZscW0f9TPE+6XbiQEiBBABAgAMBQJC7UXaBQMAEnUAAAoJ
+EJcQuJvKV618zbcH/RlUtrZSBcUafmhY29s9BYycwWx/UoeJRIJmi852TguSGsoPuAYEGeaW
+WxCdSru2ibn7GPBXowM5u+4MqYqaRB695sg/Ajxho2Djys3lV0TPeSIbyZ7cXbjoSDnSVw/N
+eWGKJLwbFVZPjjC7mcGIMhE1NGGxyRO5H1Z6GA8dEP3zR0rIivklN8KEngfyLRVvB5WYPBs+
+buaNF5HflsBXl2bOP5ueThcal1PSE4HNoQXz79t0Cw7kpsWy3FyFUVVRHPyvwVpJSdYjz8Ur
+L4cD3Dj9SOPwa4AvM7WX+JXbPEIFxi+NA4R0TVxIZXJ/HX8AZj87RFxGYlTfP3GFFw+52QaJ
+ASIEEAECAAwFAkMHCEAFAwASdQAACgkQlxC4m8pXrXxGXQgAwFY5RYFHKcYkL9nDfblQDjXW
+Ictj1rlP2yPsy8dKX579ejhdd8o0TGJf8AzYRaDEpffPf/ZvyfRltqKd979GzdAE3smkrGeD
+kPuUY2rEF6Eon549Tn7omGYNueDuO27QQ4zIs0k9h4m+pE6PxPTgC5BsEVF8Hrz647/XSTf2
+G0Wo11y/KBWGJ9BYvZ1YSxwmk5zicGF4sYNktO1Yl6CGS1ugP9zitCuwSiUm+gJrMCZ3am/D
++Of+80Ui7e/V9yOOeyC7/gqQq4okPZbdVzJ3hiG2Y3eip19ewHYlYSiLoBW3rr3M3mKBTcbx
++nLfVOTUHp8HdqxIyI782SaZlpg0mYkBIgQQAQIADAUCQwhbTQUDABJ1AAAKCRCXELibylet
+fD7WB/9ydWuVT1DeeL3UBqqeRRN+mt5DChdFeCjJhWcAjds8R6Z8Q9c+kpKEk+MeSevKaOAf
+iiM2JBtruIxt1sfh/vVEFgjHP/M0sF1il6TwZEKqVn5c3ikMYCMXy75xheslCJoX7fi4jZut
+TO8+JqjVN+z+SYzeRrvQFcjJoIOLRnshh2XgUiXVf/xo/My+fM9rKnMHxF/75PaFVVz8cXz1
+X3jsuUOVLxnUZHsOaP9r1h3bq8uHJxkxPElVPbCuKLdCWrNOHHX6/+TAH9xohUvrBm6HXqbv
+O/aVGqf+Bip6oWSB6rSIe9+0GmXLRe4Ph3ekBvyGUJM/nFhN4hQHX69xZS7yiQEiBBABAgAM
+BQJDEOyRBQMAEnUAAAoJEJcQuJvKV618IlwIAIPbWp20TBCnU0D3kE6JFqRaVKqNAFaJbmRn
+48qxX10NmHnBAluU1iJiUsVL2kOpvf2eyFUsX+sQfVJPzmWkUU2gED/+WZNkcmxPZ72FtJCs
+hW30BcJnLjcRo8wv/6nhdEZ2JYNiBIFHxNQ6iiB7BzVpYsMp1l5tI6mIhbxYxMNETTMrb+hK
+NNAhxjrqiWxPNlrzw6TaKnBOE0Au/Asjz9n37hsPV5Q9xY3zXbff3yDirVkBC4l0Vc+U6drX
+XiFBjQj77yt6AjTYUzBZY7UuGQ0W6o/6QF3KfiC3WAoFJL7SLujIaALkALs+lFzsu3CA9KoB
+X8Ca4hA7kzOP1H76VZKJASIEEAECAAwFAkMSPXoFAwASdQAACgkQlxC4m8pXrXx3cQf9GBPO
+XIrdbvUWIKTofiwftiy6j3MhKOszHkzR9quCu6aLu/aVvIA/avTZHjfj0EvYaQaSNMWplMiX
+i2UhkPHe4cgJYkbjmXEz16GtXYPZXGP1FubQ/RwQ7yQKaVtXSCgz+ZdR5tKhU5kruxAsVjly
+KcQvST95wlqxLuvXzSCjPdWj4qBvkuEt6QADx8EYCafraIiHPRkKtAAiK0sXJSkLevXn3zAN
+6X6ngvZZiNQFvfWLFV8Rodz1vI4S6Af2MTSlVV9Vw0voJGprcsNDlB8k5B/Kl9LigeKdkFa8
+JVfwOQppAtU+Nq3pHjquEafZrPVF9HWY0G0Szh5tOFEpVMF6g4kBIgQQAQIADAUCQxQ7iwUD
+ABJ1AAAKCRCXELibyletfBVfB/9ydVsiBrNWLt0RwbAdMvHRceHz1twh+YeSnpr9Equ7aDMG
+qou4ppl/nTbnZIizdWn3dnRKt+vKY/puuPIT9kEVF7DlfBOcWBdLBvJz34eBt29BCFgvsfOS
+fwESMNKgquZmrraGpEvj4cSTOmW3DJPevB+6ajsN87BC5Qp2MjDGVkwT/Nj6R60pz/vmeSwl
+0BmzgthrBd+NfHSA116HEAF1V21/2UhA1hbkPKe40jWp6HK+GcXDC3+PucTJeS8nX4LLQnWZ
+JCr1QUbkaW6jHCw7i/pgCLfqBBdIh7xJE7d+6mut1AKtq2qUSpEM4qTvrR89DLz3OtNiMnr9
+hq7s5SyduQINBDnKLe0QCACUXlS4TkpEZZP06rJ2IVWZ2v7ZSPkLXjDRcC8h6ESQeZdBOSbd
+dciiWYiHtGq2kyx+eoltwooP7EgJ9m35wn0FGV+5hpKbhSwz2Up9oYsSbexjx/hlopUYGCL4
+kgezCUWQsKypsitJChjV8MHgePDQcF3ho+qK+0ZJeevbYKSZ9bLyzt/i3/b3Jnt0f8tsFP3P
+djel4N76DyQiTyuoOxzZJUJDKx1zr745PUMGcur79oAxuahUfPcRpuwcHFOB0yO7SwEY8fe2
+68U5/AZrGwX+UAZhN7y2MMkU/xK/4BIDY5/W4NY3EX2APAYMRanI+mFW3idui8EEzpzKZ1K1
+8RODAAMFCACOAfgCjg7cgjZe58k0lAV0SANrJbMqgAT1M7v4f5mOf5e3B4si9z8Mk1hx5cRX
+I3dDz/W4LPh8eONmMPjov42NOz8z84PksQBbnjlfZ5UCotPS2fZ2actJPhYCho+a4iXwRm8B
+aXQ3DFa1CsWdXvkGsNIouuSkGoGh6+sEgAdP6JXanM9YGTQINy9Xsg9YOj1UWInSwRqUmJnj
+aNQhxJfj8j5W0uXixzkbKB+Is92mfo8Km3TAi9u0Ge/Acb5Cz0c5sqs+oWqcouaTS3o8/1n6
+CZVmvcHyGI0APiALwU84z7YT9srpXHrjiHo2oS3M4sLxl0nuSFqD6uiIFrg7yF+HiEYEGBEC
+AAYFAjnKLe0ACgkQ3uyMCd5BWw6XgQCg7Gu7XOzqnEcnCYR7v6rub5d0zwwAoOsQ9TNDYmVl
+nW1ff9rt1YcTH9LiiE4EGBECAAYFAjnKLe0AEgkQ3uyMCd5BWw4HZUdQRwABAZeBAKDsa7tc
+7OqcRycJhHu/qu5vl3TPDACg6xD1M0NiZWWdbV9/2u3VhxMf0uI=
+=oXxa
+-----END PGP PUBLIC KEY BLOCK-----
+'
+
+# Bug solved 2005-04-07:
+# Try importing the attached key file. As the key is exactly 8192
+# bytes long, radix64_read is called twice - the first time to read
+# the 8192 bytes, and then once again, to handle the pad '=' on the
+# last four character radix64 block '0uI='. gpg bails out with
+# gpg: [don't know]: invalid packet (ctb=2d)
+# On a read for only the = sign, radix64_read returns -1 for EOF.
+# This causes the iobuf code to pop the armor filter and thus the next
+# byte read is the '-' from the END header line, causing an error.
+i=armored_key_8192
+info "checking: $i"
+eval "(IFS=; echo \"\$$i\")" >x
+$GPG --import x || error "the $i bug is back in town"
+
+
+
+nopad_armored_msg='-----BEGIN PGP MESSAGE-----
+Version: GnuPG v1.4.11-svn5139 (GNU/Linux)
+
+hQEOA2rm1+5GqHH4EAQAi8xXorNRK4QSZR1os2xtbVeZg5pI0hrdyejn0jSnlWmw
+wqnhQnoOXsX/ZE8Sq0deOJDKhIJztVcu4QB17R0zRxXhN+huXq/DRGUa3X2xF+Po
+4bP1XsZT6jYc6RDiN8KzQkuUgEjGsQhEYzBMFgk+tFDDA6PYKRk2mn0UaTyR6NUD
+/jimx1teliNBMhrPQjbBMCdgczfUhH0srGFKovkduf+Fmn0v4rV3JAhtHPYaPrgY
+hQtCMdjgCdh3uMK6rbprGdQ2lh4PAFKd25djBJlf8KBqkJXimAYhe5Y1q/x58xbA
+R5/tAKZFKT+ooU9qjVzXA0APHBwV50/K76Rsxo0QQOTihQEMA7WIRff0Cc1UAQf+
+MZ5HWEX6+2teJWGVKMmJBFkYF4rAEIoqEmtzRWcsAPx6PFXQt5Ok3PbSGDgOsQTQ
+XwR5bEmZ6Gd/O2xIM4BnwKQ/g6PxksPuni0ajZS5YWdoGY7ZTS1LpZMFj++fhtQ9
+1hd8j+i4P+GA2+4TUxVVFwIbHDT58+mw+tYD0KDfizdSwVc22F+5nT1tLaKJVvmu
+VX5L9u8OY6kR/xP09uCq+YzzHt1bi49Avrq9PpV2wbo2P0t7H+3bI92oGvpMPM2L
+ONAXyh11dlQkIrOiVztWtTYIfoCsV7Ud+25V+jYEfd9hyE0gf4awgqhpLwPrzzAs
+aHKQwrjlMaByKKht2teMJNLtARZ+7LbxgF0TR/019x4+XHCBhmwmPzL+OnPTC1r7
+fdB0kte5OefTUfglJyz9tD9QnrvCvuOmKxcsOu0C6NLUqZRJN9knhLBZyXbwx/Cm
+yA60Er2dGssL7e4pa+qW2O/xJRL1IaWpgZa6Ne89ut25hbEDWexCAikBnPUrwrLE
+sqWOepzPNGxUILOcjDV2jKq0t7XKfwj6UPoCQxY6FQpx/0goWllh+PuVLz7tazsM
+c01KGfU61j5EyyuytOkJO2XgyXZj6Zat194NgsMrNGBBWl5QSGUb5W0jW1bHm0Cr
+U+xNTvjnlVZzqy8w3GDr2bCWi6qJs20TrbsbDa4+sK9+WDJ2fcb6LzfTGOekbvyc
+OKyYcEL/UXMH0uYrReRiH/gheESZqyQ1kCz+/q01D0N0KBqj6LHCJyK6cOukrY5M
+Cd+Kdk2gPL5VP0FSVJLoFXfbfwQtjIkbhsP06sFOBszPhd8bh+/r+RKWaqQvHJDX
+u5XqE/lJfBpNd+NBPK1p1fMVW/ljj3EwsJCdYOxh2moXD7gcehbaHCN/pFxD2Xiu
+wFHAqTghAtge4DuIECN+8QrE6xgCnwx1TYlhd9T4f+OqTcn/RdSrGcR/TtQK7TJY
+R2zVvj7vougCx5avrNwmJNX2DiJJl/nDHmjzEFByFv+UvL1PUn4m0dsbyx8alixE
+dw4wl352n/ZpjIc7GdLeusuUPJ7xFY3r1xS16QuInhuj+ZIlPVVeo1vI29BxGP7n
+HH9JmewN57O8xztGeBSMb5dZCSsGaiZtT7TdF2C+r6NgwcULzpgANVMVjNt0U305
+ZhTf0FxH1LFTDd6IH1ry3EABCRQX+NDi78m9082QJPw0u46P6fchF2xW8MlJHa0W
+u+G0+DNrHXUFZBxt0yG7YqWYzqezXX/9ngin/W0o3Myf7RdHxmlwSm7fUuz2nYTn
+0gpJqmu1MdDN5wKxuIO3qMOoG8LGJwnR31sDo9BG+8Hpp+yxYMEMMpmW33otfYcq
+Qqt7L5kWYDrQb0jGr52hS8fBujYi58AY++a/RqddFkU4c3kgA11A2GNqsbtxw7rU
+jN1uqPs2bQA2HqEdlL2ZD71E8jZXztKxMIHyXbJuIEt3GOywJWeHNi2vZa2F4tIw
+bEy12FJXLW/6Dac7COzqVILjNH45S37JRQCc/0kAJV1VWMyhuPBU2LoPwMhdXiDm
+k2vznYlm2cEuvFL/6DRm32Dd/YaA0fw3S/L7nFyuA2FVJjs17XiIRdUemxXt1kC0
+1KPjNVekwJph2YE8GMyyV4nsuf5yGw0wJkXqRYR72Cf8mgxc6rPIS0panSWlAl1x
+5TMf9pEh0TUkNENAbxFazsfpG1RTEVzjpeLXrDSK84O3WW0jUHoG3IyP5iVli3g+
+/HPmOdd6+hBVZq11BcA97xnozZE0d0zFCVkpp2bcK/69X9NC/Cl9FTI0DzdoWMVL
+XTwmOV9BYsXAjJLXAfQR2eDrunaNkZO+rr3KT0/TtqhpcCo2AdP2IPglVRcYGLlr
+SUoF/sAtUgFLGnVnURrkAnKamSs7KBx6J4Y4uiBUqMxX6L4T456FBxHHMQNy7cQB
+quyVixd21NB+P8GYdwb+KLpVjiQRdveqDjBJEn/nTK1yKAhq7SY8B6StVgbzPcmQ
+Pt52HkVTh8a45gxvF8qGWcbhw1E9rwVT6yPFJXQiR/4ciEFFEfqQkYzNz7wVstqe
+R0Uf/rqwBdUCDpPzMPgl9OPKFMHNJ2tfYYU4kzfzdxBb6aKJbOX8xkxrhmktyUaE
+Ap4b2gngCenXf/1zrVoyH8+KOQPZZXlnUK1HfIERZwh2JlmowLvobMlup5zL/+s3
+kRsnxRLbJqn0tYYYFwKsGbEqHZUpzbWR6TKNsJvoRlcgOKbAqel8ggFXiSc4co/f
+VZqk2IPzaQCkTyAU+B5Fl29bTfB4LK9gvZlY63y/VFD2bEBVk36pI9M7CokAr+00
+KvAKEzpmSXN4RHKwJ0W1gZz4IGPKvi3eO6a35wd47K2tIS5K3IfTjsIsUM+agh37
+7xJiJByfKgA7ardssI1xeG46U2iIBvdUNeQe4Q2ODF4AjxczK3hJwBPg55FGkhll
+dIDa07ZsOTB23LpoCejKi4zzn5DsDNqQLaYaSP0Cud6DOuSsmUFHSHSo+NtzqEQG
+rm2o1LkZwQ85iDf1A3b/pzHBf2xhxEEdtMZ2yfWxPJvz+8hsasysqPD8BTJIy0jn
+NzmXJKTj8ll9IhQjr3UBCZZXWUPNbrl3zKGUTQMXbdUIV6cB6hjLERILhgm2VhKR
+eEOFMaqATMKnGETa03l6wDhWDyj7HbgzgKkveHJ5PDFKz+RJ3sIwgKD4LoSOYtZr
+MGuHzMtiFSx+42ZitFm28G6rzj7NUVA+FHvlkogLWCfrXkNyEp0F3D/qbg3S8WS3
+WrdUbLwbjFRSHgkdIUA4yIjCSmRzupfpvXS3UZPFD/tLZicU0ogfVL/2KK5WLYW2
+03q6egJXqYX1iQSOTXwx+Msw9zVzwcAI8j7KKDLVv0fLWXSMOg2ondmznb3s0Y91
+iaYjf7iFhuGH0hk0rTc6+CkxUhet2GeBc51G5XuLt7+Pgml8k7bZHU8kOB6etEP2
+i++7b6uCAhBW3o6shyoRgJNYJmzYbThfIx3yu+3vl1gkSxSQFo4RpEmk8VtjUsio
+tYJNRsAq79wGsyLuPwLKPkPihjGEf488A2NKuVnHB7051oU9hWbRGCVhzdOnD04Q
+HKzZVjt2HyI0v1sY/Nq3BqVH1Ha1CkmySYeeKXRgVQfD6RIzfd3Dgr34+rZqF3qD
+MXna3FeH2W22dbZH/yA+KuQEjU+uOOk8QQsqXorunuyuslrOmGzaDPILW8zJeV+v
+tBeecStyR4FdtWl1KH7YTdFDkeGKOQeBAKYpyYUKr3s1grPh6caqgF1FMNL3Qw+s
+x4d0zp9efHkGqhp1az97oNFBzGmsBD759iPu44QaElulO3OAPyn2GYZA3NhnFX7Q
+uGtFLSexLpVTlVyBHf/QeGJk2lkDuOegiAkW81lorVF0+gFFae/HIOnEZgVK0/Nu
+h8XNFvGd7iKlNhfLtRbKPqHYOtxxGC7gpuSa/M4kgvTmN78QonKjZPDxhlDhYE19
+WOHq14t60lZopVLY1bQREvem1K/RmPk8lak+uf/Fa+UqZ5C33m6kmbM8rwYmuSs5
+Y3M3mR2n4tsTrXEO1AN1vShuIJoMEJ0ledDJiWKkLHRZ/SJOBLYMM+F3/hliWB47
+eNkfQgo9JaTiNs9SBVVcxWYEGUieAZjOekD74oN9nOLVaXS82kQostloXhPHvBG3
+gKQufi48gOj1i7REcTyhQMhIXa/NQ80aKZEedH+qQvYTTNGe1XIJnRILyQfirtgX
+2m7PTaup+psJEOP/+Yf07G5KzN3wtBIXi3Avlr39ihdbuORERUNvu6kR2psvlXdQ
+otIijpBJW3Ur5yTpnTUo7chSlWFzbmVYv2cyXPrQc06RSxzrIQFjyTKI1/Pf6Aax
+wA7Uep62ga5r3IuR26XfaxunphrmFwb47EiFYP6JaNCYW7x5y4OGl8w1OYmabhwP
+azJsUAAem/lXZpPjx3s9meC48fHpuM5N9myIuRlLN1Rtl7EIG8cuZuubi+VUEhWD
+byap1IYIFZjWnS22/yuw6pzyNk5Mr5ccyo5xxvg1ZyC5rondGCcm1egSDcrHXQsE
+pR+jKBcR5AUKBhrgSy+N4HHZvsah+eNnTIZIm2Hh92vTLZZF7u3lW3mlePp4/zAt
+VMbn09ET1qWaIl9xMuHDIfIsSXMLsj4+o8qKaxipQ2sjFjnsFGIK1cAjjptpoUYU
+CffDWoBnLGkFSVTTooOQHuQhUmqaIv2pXWid/f1smPUjkshLoWiPoVl9lLzvo/XH
+NhoJ159/qczMsiosx3Y6e/haFlIfrklSklJCO+j4N/PYW+vyqYg/O6FlWF3BPRhp
+qnKwe+KfUeAyXQKG5CkONWBmUAhuLWOLU1P5280iAKHnOe3YRxkGIpsFJlIA9dIX
+Lf8KW9zFYMS5J1xysSyYtCwUfa/ewpRY+KuLAH/3wSbxViuhwJ1aoS2N6m8hkTqy
+SODnP5Nz/n/EZi3wWesBnz8oqBdrwkOWRnfFORpRkAedcsd9XYCbF1dHozHBdY8Y
+uu8N91ob/5c4RmP08Q5ama/BjaxskdMH3tw7kW/7r9tpzS7a2SLLzbDnyycZjknV
+tPr/xi2bmXHkUNnFwsTL0qvIkcZpae3k2oTwgNrjczqIdYGynflOc/gqxVeBO8gk
+t7mqZ5sCOlhqPkf+/1EY9kVwS0lh84yV2SskkuhEOF5BZP7IgNTgeZlgTwYRsGZq
+R40pWhW2iuAWfHop7NkrIWRvtyVtVtzwqtTLOs4oNrZU6f8xh+1asPdLqp48h53N
+wwS3AduoX31189s/ZnYUR74dfYcf3JehKyBTsfPfq+8rHf/LOHc831bavHQ4ncnW
+f//8T5Xipbjo+WX6LQxr9NnCIkZaJ4cjET+SBvEf2YGRjtG+3jGmWdgAkZLhWJFp
+xqhhOorpOFItwHiYIqsy6WEcEf2hEAww7NnC1qNmglDXw2ou2WOk/WDL+Oya9ANY
+1HAaYrNmyjZ45GXvt9/ISzeiFaClgetu/zmJTe0IG7qxuOsd0MG8DugeFwUDZQrq
+rrVL4U6Z9MZLQl/DAYppnxSmne8vQfwHQqRXoazaIxAh3/uWh/w220YuSIHJt8Cm
+a6J0w6YlQtBmaeY22/rbiOJLqAMtBDC4cCAp8nSuxZKdVTpJA7axQee6lWTzan5q
+WVyvyIkqq/4iuU+WLDtHV441cgnYENyZ/T6jrHwrX1AYIv8d2Bi179JVa0OKO7di
+axMS+65agfbswB1wKRU1QYin1sDQUMPjGbEtP0reyAFwpBlmA38rIg3j4xr1nm8p
+MkdCKOdqZw2ppWDTLFqqM6iUpTiOUZLzC80si8C0VYkTCZkCRze9QTAD3cdfITZZ
+huiHO3K4pS/6ao4QJtr78B4yyUMST8isRibuvqxQYaEIgO7DkFjD0Vh815jkydXB
+Mag8MjSydC3MuAYFtruOm0H2OtoBsY8YBbeQXeC04U49P0ktYYI7MNsShhfFxRtR
+kXV/PldGwhF3egUjSjk5UBiZEUDw39PMiWy6k/uM1KiT6AewNryw6j5SqqzeWynh
+MWAqxK2oIV+zhoR8EaX1sIZ3LtPeDi61GIaeKhnv88FhDQDX+pjm6I2qKgXhnYxr
+TI8YqfbGXGpCZWk13AL6CyYqSzcLeJYKInETPbmZ0D/eA00dKvDUcHnt4UEpuVHq
+XUHETJR1OEF/xNF2DyXBja1+B8fGfChRMjmk2J3YjmIcg1m6svC5r3Cti7WpbKIs
+qldz+u5QKRbAbj+izAd9PEHbJ7azMlFHyL1W69VkO9C2u3qYF3Kx4diDAQFVGisv
+6wVaT7kZod6Yn3dkv19EicvCnfyq1vE511OExvi75E01iznFRjdXIjCOpcsbVsnS
+vbdCo+TnLi01Fg7c4Bp50VMxZOKwvY083cxbR+csrf8z0TyfuaxPsy4YiLhv7SMU
+5D5f85TSgP1j1Gqy2vCqqh5iegpi9+JhO2efZGFTZTyuCsGiIzC9CyQ7BUPHTz12
+nvFa0pYNUjFHJD0FN8qVMVVOgl2SWldRaRD77FbcLsyiS19dFgnvbxXtEdW5OPD/
+AdxCM5PtrJymOijry6jKs7oU/9jZJMw1sooVjcX9Xo9e5HWRqawTAe24nhwzlSRT
+3GLcU/jTOmsjq3NLbzzC0VQb6/nqkN5t4f3JJj6jzRo/1lxKhHB4c+/CgVtQ3GPi
+aCjiyDt3qey29K5lMNmo+dIMtIh6Sf4klKSOlh3oT0XgM1WNNeJdFt6v344vxOrq
+/jw3tSMx9vRMDv52bdtCzzcfkVlSYLPlhS9ErBjaICVWqfaFJMzD2euHmau0RuPV
+S96FiHJfc4t0Lgb75bwIXA6a0SSS/JrDRUynBr3kmSUDJs67i3ULJ1rMV553K/3g
+xOBRT3t+gAYbl+5Dfu1+btu1MkmpVA1duQYcVxO/Mw2asc/kvXA+rGrs3FsScGmD
+Kr/1yLfXvM+p0bYlkCfVoOVEqfU83t1+5Hxp3PlqYwzxlBPx4rgofnDRyeLGtu7j
++1rZ8m1W/lndkJVf445LqcXWJy8c9V476LXpoRL5oNAQkEERDK5NHS45TP7cYFId
+0xuLwCQQ5hh3cBw+oBSqRZmjiEuxSArhBaw93S5SM96dXhoAmXEiipNbIXO53pqa
+jFeb2kVctAeNhupsUMql4nocwUYWyi0bMBzJH4eUakgBShxJjtAD+k2SEFk+nCVL
+76fVSxUwmpdqOTSMNo/L0CpG3zHU+CflPBnmSXFyTgZD9F2FJCUBWWdKst4bHq0T
+qoL4Y5Wqj6YK8QtZecrqigrayOk+CEM02C6nhyM7Hdt8sWSPtpWGkF85Ksz9RCxF
+QnfIQImjM9Qt6Hd7c8EOxpgdZufvD10vlELH8O5U+TimCoCaViiTcH7p9BziOI4b
+18d9bgXkj6GZmS5uOSBsMIF+uZjKQxyMgwzAaEYHA+vlKPS15rDDtlDNGWDHfNik
+hj7b/FesKCBCdqYpxKWmcHgX4aN7MNMTy+HroF/XVAPGzxGAnMS6oFahb4C/o4be
+T8k1mGhTlTQRWMi3VI9LrXoP1MsH8LwbaPSnSo80X5sbgZmSlctu5QiSaFm0kYc4
+HxMR9fJzxZyuXM/IbXSdlYCc04xwNO7hrF2n2HI4x5BR7fWZSl/E2yfpxwdBtcBf
+l2amxpmIjusGprhGCI860vpQxfyWyTfWNdMX+OFL+Jsgog6Qm8A6bSaNTs35Dkf9
+TjvTPS3wUPwDbTuk9++zPiKt5h85IOFaFzyjC/u+C38IvNmvUUcYLha8GEVz4OnA
+KT7FrOizC7pdyrqbCIJhoZsOzk8romND67wXfgIWZXYMU1b2K81jIFSvkVwrXT9w
+56vollH0x8YJD9xC3U8QcMDnK3FwuOrlGxHY8BfNszCV/OXpT0qlBVC/gywaq993
+YJoQOWugT4CWpmSqnRLjTV3gJTHH+qqQZ23TsoVE9WoByXj/yb14FtdRq9oGL8H4
+Ke03JNOkAlwzohG0XEsoHLC9+o5x6KT37OtLuds2bYV+PzSRVLJjsqNL3C5XSp/a
+nfXTim+6VIANM25jzxfCcot+VBz13fhwnaY3Am78ZEjQVmJn+Z4DbWIIIc6XGtBG
+eNydm9WNcZ2jF64aMN62DBp3RGqgnhE/qXTv/Sw0l9qiOCeWJ5GwqU+Bj08D4/6y
+6xBaaWHcPqCNuyk7pPG/tN59GVUP/jHEX77Z2kn6RiLbnKahcekaifolgBuhgiw1
+/c0fbWmJZVCUVhVPI7fHTAaUIO/VrK878WkSUWL5dRvjXp1yCvAxeYffsdwamPyQ
+R67h7sHAPPtYs9XpIjZxTzGF0YDFc+mpfYykLvc5ixrcuHGo3Km/hzdjVRhcCydM
+CexKFEHqI97u0Bz5aNW3tOE4iTeNth80tl2rV2PsJoK6FRkdGgFGdIsHZkhy3lsG
+GwGcp4bmAawGB/MmjnIQRPeVaSobJSln0BgP/j77h+pe+eTswwxBeCh90umeE9sd
+dFfKQNzuZvd5heYwzbLTwlWbNn8wnB/nh/Jh4O6w3db6WDi8Yl54mt1OSFNVjT9b
+1rM0CfUDFDk+Jzd3fwY5QQDy+Dy8oPm0lm0xCj7mrzmlVGP5JmLCvPiJUTPuybdr
+WlBJe9T3Hyi5xkYgl9P6Itxho+qHEMUYa3ScBBC8Tvl7y91Gp26CIfR5pQxkLKmh
+KI2wYSHF9fytr5F6imJ6kTocxq8T6UvVgXi61pWScjifnQdQBYtNcsmu6F2djNAF
+RIunpWxbcq9b1nuQaMx6aQhYTMnau/ApeW6Y4bbVwUHyHCWMwy4TiE1ifFrvOYzQ
+Ph3WPsfDJ7dfvHfN7/Vr/qF3mcORScAfkWa2yhVitoBnBMJ9fM+q6Qrxulp8xOqH
+0UwdTA/FSaIApZbIHVO5xquLVXDD8Hoene6GWz+wep/oUqXc2k1wl/8XbhKlS29z
+N6vJZ5zVJqLSWWyHceh9L1fd6ycHaNeYkPSAGBA5IluJfm0NsQHGW6LyGkkpnFVp
+mmB+crDof/RHYDU/ep3I+BP27yTFw+j4vgELB6XN689kE2dWetrINmemwilaFoNd
+eDmVpKbQR3J3WD9WNTseI2OJtZn/E+W8mzRkp3G54nGVq94nMYqxCMFHSGQm78iW
+CLqjp0uNPM1NUdAH9Y5jaWF7NzBQGh5H3KLqvn95ynwMbWeFEZ9tzjLoIO3u3qzJ
+eBlhnrM7JnwG/8XYatKQ4JaLteyTdYrlENwmQa0d41kuWiZYGGar4Jwqqf/Ma26V
+UR+IXP39j9agKLjzDDJJgt5Z0rknEWy8wQMhIY6WiKYpYGH4c9zrYtdzwRU7+w1I
+h85xbqgPMTSVlmRlgn81vpljz61Tw2hkb1sUB2uqgas7nwUod2+eiZWBOKDl3awq
+u6kwgp94M0opu9t5xx5oJeb+WdQd1nWo/5E3Pdp1hNPwFpqW0TjMgAtQHmXy3r0r
+sI4pjs5PS6JZ05D5+WR3GA5KDA1cCMq3kBDNhsxqUeKkM2BNuq/J/qQL1pyXjlwr
+4dqR7r49Op0PDIkkl5BEUOXLjLgwAN+TRMhu52vdM9V1jTBFG1hGFd4M7+4jOviy
+jaPsJyzrhvL0tkvxpq5eQUJRqMqqqrJd16UmJZef/xhYFuu+p6sr4oNtE+JxuOmE
+JgaC8I2HM6mIBq3VV4heR0CZUzP1WYk/iv+Z8WmYMTa2AVBbgwHlUK2fhLci8uPp
+tEsLiwyWubB4elo2VLxvgXPaBROuzqANnGSeFM9B2XZoGejAVsDRk9/cfzHunHcv
+is98xkuq9JRtWPdNIXgKVIvP0GuuDP1CNhdWR7XULqMZbZmq6UWsUwRWfPBZ9NM6
+rag4I+gpwnHPHAK3yBe40bgw9J9pSJVClNkH2RLoA4t7V2atSQOatLTP2JictUD1
+2R9kaeRdQ0XHbRe5QnvrByFy1noidLgyv2PXbZMHW+1OyGKMfY3eKa4/k/Wmgw+Z
+QUaomeAVqguCRQB/8QBv7f1fLJu+ZqhjhQXZoTk0MdDro40fTI5wxxg/yV25sw42
+McPy8dR14mKAXocHpYhP792wVhemaBPZC17LXt95xLvfAOLDz/ORalrUHdhwUtZu
+VKzQcxFhVp4aOCYR8gFgMKYNwX5E7I0ixfoTKf099fqwsAvKlOCqnoOuzFnRPrui
+XNg3CkWkJqZG4UgLE9mL0l4CAZ2J9kbleN+4YMLQUXFvlk74Qial8hE0QBIdCCyu
+6huelLEGsUZd+c+VsEQRUfq9sVUONGcIt9LQGFb/IYQoko87E1RThq2b5D+R1R4v
+AWMIJGit1k0F3SxYdeUEYTCqpUddXtjhjSUGbzikMU/PbmyZXFu5PHMK6L8MVoWL
+ZQ2TwphlVTo/gVz7dvW7KeZinnHB1BE2EOoSfhRukO2ckRH+bzuwC76xczosPLGn
+LnYQFLqpYBDN1uCrvoyaV4S0xhgHsfl7kyPVdoqDcoVJSik8uKu6KSCUUyUbrrjg
+lANey8pArBpI7x9BREUnGWNwZS6s5O9giMI58xljBm9wvu91fqGdga3qrv1QMgQg
+Hytb/q+OAgQaQ1wIJpZbKliWz8uqPk41fsDy6ZKOO6UXYwjOg822Wwj7xSpbSRf/
+lhegSXgfihyeEeeWeMTLDWI+N2zuj16zZSCyQHqaDS+vCkMkAXUtJx5Ia3maBHAK
+m1UMTJD6pP99zIqum5/QK4QKEk4rIvYtO0nTOW3L9fos2a6Cc2FouFon0Sbz2+IT
+fVM7zO7RBwI+xSyDmV1nc8C5VyKxUlAAcuqVKEe9YnG5pwv3ogPKQZ0TqSp8zUCO
+YOxHkG4F1kxAXHdrVarP+BYQuYIru1ZFovUQ5vYnl/8F3/7cuD7opnO5hKBr0tvD
+6lM2PvPpIzlOVDiNZSZDHOfmYWWVlq4uzzuP8tG3tLyYBGG/AZuDTA7WNrOGTSSB
+ZP9FVxvNT3kaxGHmjO7lGA1FtjRmkMJr05EWMHHvatvRcDFBVR1thxLkyfneSWs2
+orwnAqkYe8Fz9U8p38L4UC+J+2EZszHAeSO+eW3jrqZuFYbckROdzhktdUsRZcdL
+WFpDIN5zINOo13q2Ei/nG2kIlYKp6Mq0b+wN4x/ILkBWnOuzKXOY6dSrRr4y/zq1
+dpr4ZfQezvsLNh8zjMolwXYdLj32Rg8cgmq6bPWIm0k9Qbln9HCBTO5VihgUfvIe
+edpOxvSi+HpgIGnGl1M/w62z9HnZBCIcgZS4Z3EPvi7CWQg4S1aOABj/mri/RBh4
+k2vx1D0EQX5gBRcbgIGdyFyiRT4cAdPiXyje4zLIl0XT+v3/+LJnX7NPWXLPSOM4
+Skq+fDvzrFQYdZ7yefdxIujVKdI3iuo9dWTwITApf/KYop/M4vb5CJfa12Sig+VA
+k8wdIDwXkklbOvpe468KAtTdUyoluuoROH0hXNaypKHBLMHk0JJRVB9OxBlIdQSs
+jEoUZqQF4Kll7vHSC2sDeYfwiuBp5qZRPet+ew0SdwZfVmXcvjVKr8iPJEtr07Wj
+CtyMi2+yw4G4X99em2JJu728dI4OWPUeyuR4x3dRf1fM5OshgLYxEJl0CMDqKVr6
+GqJ/HAhj7lLQ9k4NOLn/RgKt65jXrjEJB+IHFFitqGu9qLKM8QkMAAKwBfsRyJiZ
+2e7aMj3w51DrifRL7uq8WZdP+RzvNb81WItRtVBQecHnPHrZI9Hwq7guxlzZTOT1
+lmUYNC48LVuq+aZsaD5i6MmT0hXCTC8GC4W+KAAqM1ZkHi8sV9zztWD0YCxmvjpi
+ldx0MTVU8dqySwvBFK0faO31pG1rf8qGVN99Ys/pY4OWGcnbDwGblWhhYlJYZ8uZ
+7IHt+0Zh3hpVWtOAttwifKXM6bGRX83O1FVExJhXkjg3zrklxNv+3baMHKrZFryi
+uDtE3LLbc5ypK1Afp5oenYpUiQwUeJ0fGYH2NT1fEc8UCRqmvcJGSc/MmBiWRMQN
+Iz83mOJ1sP3e0dbbXr4ZcCDf+RLKZRS8AH1zRp1FoBUIhyu4HVOs1C9YBmpaUGyX
+t/c2O+1Slh7bpAKQnguBqIno6O7XB9rZrs/PXezDv/03CU5lQkYqai8SZck1LrhE
+Ta3ak+EV76QfHTQm0DiVFIMD7IaXAjyYdm6nCDxZkLN+Ir/neEC10UzcWHqNIdKe
+o2ao5YePZFY/WW0HicTH62MJDZFvgppWZSxx00IktHmTsILKgHkGgBgMvLTkRX+H
+DdAzqFYNeewOnF2m4U3Z8R2pt3/m63p3sMSYsHnpK3OKjI0trrRJHuFjgTDAwhVm
+xMimLL/8SnVJW+KtjZ+XazD0hMvBC2GzcrYr4h66iVOZI1tsFE44BAlh9LW7h0D6
+FRRkZkbipDpv5uiKoOr6qrhjf4/2NxCdkYI36cAfU2czuPPZ7OoHkLniBbUuKavc
+n45Mn8tkq0qaCfUns46OUCc4qyBb3igBKVLlDlhP6gjNNdYKNaRKsQ09bs7TUk+d
+fJupU57YoatfskkG/RPhJebLSuuvh5+Z966ZTfGSVVIOFPDdACv/S6lJN8DiD7H1
+8b+bAVMdVcXn/egeKvsNuWovYZU4DPVdOLM0E5wGGCmqyt1ygFSaUcoFVFiYfnAB
+FkIxxBOtp67dLSazZDRRcsJRLroZ0AQRl7x9zN8Z5E/OxvQtiv2C/evhntVm2Tjr
+wdJlwPysZfKqjnccXkM5pkoMN3/vrNVjCGMYrCRz2AOPNVHrTr0Hm7TAFJ6QQOPk
+xITHOlIHEBGg1T1ZI3gwSyl9WLlGRp5vyQ+rdef4zg1ycDIj7sxFA2nzBsUBm5Xd
+SgYzbnp32Nir9MSr7pHy5XFPCKVzs0R3GqfAjGQlyt9Xuxau52u194n386tockI7
+iOe2u7DPjqVXcS9Z6lNFO0o6H27F2x+dicSeHXBoWU6DBxvvjWtHG5E/9blp7zCF
+weP5dMmB3UzuL3DcIFprNGJt9kEqmN80eWQRn6H3X/IzNWjLT52AT6pKS1sowOsj
+RztQ2qAJ5md7Uz7fTniUtjp831SmxvUx49Sh7XYfNEpqjyY9VizByKPOUdUKmoXr
+fgXIfsi6yLYkoR/g34dh2JsKrC1bVtC2AiRVAgtcBDN1zFm5hiQGztq7D/aXzr09
+q9szvRnXUat9iAJjCPsfjVJ6k4YjpmQ3iX2Kz+JHHNBYD7EAW89GhTSqJJB0viM8
+3lhxgxZgxnBz8ymwhKsyu1GKzJCv3cmvTqhlHo5xpn1YMFU7ea5xm5XkYKysWhq5
+w1dSMKhuvA0dNau3XTef7M0AI8iWIXdM70447qn2Gwp0bO7f2KZVtXoYMzr51CaP
+QoAEL6FfwULtruriOK26YhmH1F1ey31xgjE0eTbxW6AFLEvYQ0OX0PmjX1/OBW1x
+sVil7+beskMwIJpRPlsx1LUc8uojLnaD2j0ymqkxCuF9G/WkX1nlyi1s/SJpqAbF
+EzXkwj+4B1wM/c6fHfxyt0wxzaTNoZi/omqG6PdXmJDnNF3DlWs5LpHQOsKKKXSh
+2Uv4055evCC9R60LgC/xONXYB4zHTlmeBNnZO9lwcT1AdQ3Ho0h7TnqFm4IBnVva
+f5DZ5ntxLyygAdRLLHR2rQ3SN1Ms4rX3CtfMGvISX14CYu9U7WaHtL1XLbfw7Q2e
+z+wf0xE2zq/cO2161rUUQ7eq4XmF/qYreQ0nBT29ell6wE0540ncv8FAOO3dWK66
+4PrGQJFY8qgZ8B9wmTuHUBvTZ6du3KI1LYGOS5yIktfFX+0UWK+kPRQnLt/ibzID
+n1FoGt4lBlDuOBq3KcVZ5KiwEbS5uNsOuApygXanE9bEIXmGDKqGIMsIz3ZrEURp
+vVMxcr5fZDhNFsaJ6W/MuN1F9+V3Xu4qgS6603JiD/TRiZwKmt+YjZkmD90p5xU1
+joRyPUNv2SVkOqAmxVV0DCEctj3UT6S6XN3eDNN5v+JA4qAJqoSdVjV8M+8R8bHs
+6bDuwPrmOrQ5IFQKC0u0AqmrxfQjNXNftN0OwymryZcg2YTpOu6XAmwa058b7Dp5
+VR11McEUfl5qGtnc8Nhp3TUdvJ0ugx55LTM70SPZqADChRwdz/LGzA6Cj7DTKtAd
+/aD3ccRN4sEXEPGhYacalHKNSAyQPSLWc8+7T2GI8KHZgDQMreHDjzWQwUydEliq
+1wgEkXu72pRArUJ5jmE8ac8r3xGukO+HbAsijgQqKPctveQbGJ+Ypv08wKJHXauq
+E11NwaijBOZoZ6BrCFG/yOrjStDSbrhqd9qVqm3QCewoA2AifcNnzhcQw5Yk5a2I
+ehhGFN7eJxFM+bkXyHMcd3j/4K+7P0WChAS0vujJdm5I8HJYNtz6AlLT+ZT91zGX
+pJOUOnguWtWKhOQ3Hkzy3LrRhjFUmpdh56zOuKOoWP3tIhX5NMZyEBe9JQCYgXMX
+MXLA7uM/muO+Ju0p6TW9eZbc0vdmAjSDXGfJHsdXwt3XuxnbFIpSHhvLTsBqX78s
+cS2kv1IIVvolSeBIFhWmpB8Z0whWNwKWk/Ze9rR+ESmmCM7ykQO+IuEjD/AdzOfC
+H85sQ5uJLcL9xtzdkQ5jkryp0wZSgbApXnKMvt5pVxbUqLkEkguuiGwvPmKvAQau
+jxnypJh+ygKiDrK1WQmaV6sDHofvLjE7VC0SbH2l6ueQ6lQBhE/26UOFKrsOmxmU
+u6fwhiVyv8tiPR5/FLlp3ZuS4FjS6ZzBPAW/8VEhdeU7T6vOvpkDUxQZGsz+L3Nt
+u0mHVaMR1NaMIc6LwCoc2UcWJSlVf8C/tjvWDY8cyNDUCeMpnadQCrxgvVhC6r6Q
+SIJXxnkRgt9QkOQYzHx+l5I6klB6npXYE02+IVjririiAdIT1SCRBOxW02o8Jefk
+lMpqXygQEb21j5LQZgFmwiQSEx5xpvmvjAn7CkWZ+RIwjnLdymz8yUAWHPv433iE
+RvkJ3XeKw6TSrHfiJtVPOVoMbILBjxLHP5SxZ6S671WN+aujWpCKeUkIwiemiHBQ
+NlpR54J9O0u/yDYhDtTWicSnDvMUJPEPOGMhDXgxzl6JdbnvpjEQhPL4/UMpQCuW
+U4kySde3ANyjUgaldWOT4omzh5KLnrBxUrfsV9uFbPnNMROliOU8fpYvkrLaAb32
+mVGbYBncYJPgeVrFQTl2sBM6UMsDFeplGahZ1pzJLkC8aqySgIDpAyvZRBXYDe35
+C5sqCCdjeAUJ+/DOQOoOb8owQR0413HTnHQOU8ZkTsuqSnfNoH6KmjU3XH+xMlhi
+8YqLK+83J9ACgk9e1BkYQA6TdJuI2Nt4MRoBdFnXP8SfpcCO5dm1Prs7hOlhEJQb
+W7vNkZdwAK4WnotcVHRYScTuqn4eA4FIPBu8Mc56QLe9G7FWD8Z7g3bgbIDmgaw/
+Zc/V/6H8jUKMlEtPfJeHFmRxh1F5nDpjJswmLAGP+xJm9WUvuFDKHo/svpUb8KG3
+JP9gu7Hy39pZCU242AH4PK3cxPifhQU88GDWac5FfbGZ3fzoIW/NdxZnhSY7WY4A
+nk9SEv3HGjkmpPGnu3AYDMYnE7XiYk7rtDBMh7ZkZLw26NH9hZeOE4sLqa7aS8KU
+/WbhWzobgS4AlIZVNTUAPPkzKnPCIUPofCF13e23d0QI9nZDTe6JktEzP86lpzw2
+kQg1Zr2pm67jC9FQcu3nUgy0/XBPaBzn3LjCIYB9DX8ZjXBvRnG60qatu/yEYDQJ
+0KE/4V47I2Qs91jjmmTY3yRkCOWR3Hpbi9JIXLuLivvMz36AYQvCrwBxXImBxjNj
+u2d6McMg+LdDrtFjIIViqFJzYSjI/dtCT0aFHN3yF2Cfiy3tvlV8ja2B7Y6w+sOe
+BByjguuUl83bDGZWZD3BXRDiKEjeNJMJT/hlVsIjH++370rZD/XMYimE/oe5m5wQ
+lL4MMw/WjKHT1X+CJs5tDInM9nyzlbwHXkF25iYwA59Fu1Zbdlagz+SmDp3J1dxm
+SbRHKDo3dPp4n3XhHcdH+H4eOdCTOQ9U3jOn5how8DnkHMGHj9NG3Ga6jZqSp5US
+GithsWl6RhTeWYI2vZBafYF75whkB/iPTbwz/SKQprh6D5XbfQ23yp6k9CY1jnSK
+qrxMsEfuJ07xN5Ri4VRn1EOEs5QXf2aD5znMFXlUrVbNRKuYJ64U92wdHjqwZsUA
+CnVlkC+NUWBqLOEWOv7J57Id84Fast/x4DyKri3hqcfw8+t9lXfDFojmHWaPvqSt
+t7Hxxr0dYIQddMF0vePV0OGNMXLAcg9wQ0Hhretge4sbWkp2cW0ESTsvNpk12YJ2
+l14yFBgLOZd5T+xsV/NG+3jB5lyXfhRYa+eTC0VbEyXAWog/3Kl4XcPEAL2rXCju
+T3Z35x7XdbMCz5GSBvsmU92blmscpBLDOUJNpQBKIHyBmixM77YKMyE5ISpQ1Rk3
+hUAoOKIicF278ToBpdWJ/CyLkROzrTuuR7GAG4hhkor76alvyxW1F1rONuWkZkk9
+kV79E8Et772+7ndPsGQ1ZLkWvCHl9hTUJPdsRMjK/NZhuytD/oMWndUewg9AUY4Y
+YUu8iqRsSyE7rcsK/LvBXbjf/LZd5orDCXyWDT7sGZfKtJHiiEHoMhsH/YNcSPKq
+KhPyOz/p4hFFAaGfhxAdSnrh91qviqHpdyT5K6J/kzrrMZm3Mbsoxi5n5hIpeO3w
+4g5i7nGJ8C+TxZqaOr5jL8qYpHN9e+Lakr3oN5pDlpvKlXNzf2de3OgyOXMkbNie
+n0tdlCSkOxh9vCSiekjcclhPzVdcuqNuTriVcZiwcWaGQZq52MGkVbmTY9+qp11T
+OPj51ZB5KbEJaSfzLvX4ju1XZWdbz5FAkt9RyDqm0cLNWU1Ue5iEQuK1fLoDqH8N
+YyJWoHavKb33jQnqHvZrBnwxUlrpbfvqmqCvdsKdsjNu6lcreQU+reRSIbkgiVjT
+jYMWeTLzoMFyo4sVGik2ogUXnVSiWGAxnvc35iB863IlIjr9iYHsiSkZ1Zd2ytQ/
+t2jf7n1chJTyn1wkI3w6Gj1oW1CO+4083O0GfU7aUJUwUACsUAXMso+EdH9uDu5b
+UIS4U2WFff2dJgvNKXZh3vdsAruoEzsk3avocj72GvCBg+qbHL8rDfaZeT5qaBy8
+xNhiOqXULKfg/CwU/ilvt+V/QTvo9WIv11f7mYS0j18GJsgaVm4Mrw7uh4T9A5f5
+4PnmZsNM5b0HpW62DCnARfkjGEObdTC0znKbSoGn4wD3H09T5HP88oSd2q+rdx11
+GFCdo3MOYEhI7y0cUBO+onZozOVJELyW9sbGoXy5jcRtah63sXcZN/+hayQiH+3s
+eLh7rOtQSV/Et1P3oDK8hrMUnNcK6+BMediPxf/PHWCGBqjZP0t4diaON/UBavvZ
+SWA/m2Utgyqvy7h5IEOUbIomiKz90OypeHd57tVNC0BNMIQHnAYvgaDrZbUHpT2T
+7LqLPpG9rffH12550v/ZCCUrIFy0SiaXNZYQiDeG5/WiBOzS0MZZ3PVIMqx0czOG
+Tx8WUcSEasnjAH+pGK16YGDc66YLnrMhyySgiIrWsKqf8NolxDd67Z6AXcvKh+zy
+sCwUHzvTgXJ81ejNWekHIaAUZnpYXe2DCKXUuEOFJpYCdn4EfgOryDwte2WlGvUS
+ZPfj3Ym43bG0RoyFSo5qnJNE1Z7jjNJKxOEIFy8NHvb46ipcY7UeT2r6R8OJLi/H
+yM/8L2op7rXw6UEPat05dCp90VrXtzrT8UgF72yGVP7Wc0Hosb42JuqxmXtLlX6I
+oOu0l7Ht4zaKMm7DGbznsqHs2daXNhJTAQ49e4owHN8zpIZrt+SbN4b1/svO4hZJ
+fK5izj6botAkJIAnY8FT+lyrJ3oRtB3dq51lg/tWXsTR7RYyl2UVxXDRw0mpW5pe
+J8XS2J7tLaTIsVbuO19Q4de5u47KlzOn+exdvmPu6QwZVBIIs2CIFhYKjXKVxKAs
+tTuVv8ygT033gzrXOU9XkbjEPaTY9Dy0WlUf7wwg5Ug5dmEhrRRlhu4+rOc9mGH5
+NzEwSl4ZJmEPP1auB87iM3l1g0KcL81QX0kcTVCS0AnJUNTg1eSr+zc84tn2VLyp
+xdWidOZ5V5T5p7O0TDDZ/PJAddWAuGhRmK5vSW0XaNYcKUdSOTwul4+881/i/1mh
+ft2mHm5+PymHbBRVLMmVvB/AG9jqACnRXg4pbHwxp8RRMm5AXwQiRrKA7arUPttd
+1Faxq6C4e2GIYDdbWmLRg2P3PYZXbZE2HNo5DGpZ60xs9GwirIPeZZbmPjRTTvqC
+h7TBHyNZm/mQ3jB+f+2vdH0k9kXFxGCcitg+1faAjCOIkcQKdpc8RMz+e+XSIV39
+ZcIlLrV2Ku5jpJ9MbWNg4BpcCDi14nteey2R4JQGOSyeR27VMjGtVWB+b8fNjT29
+J9fDdgcso4OINe2jDC2oqtmlCHXMYDsaWx9uAB0LKsGbMYsF4kR8EqS10Yo709ij
+ARppJ4cRcYmxN+GsVLemIBTYVObK6Ro/k88rOZk00+cLGNWsZwkp2Bgdu5cuNfEX
+/0xkeR8dtuIZhAYdc61Hc61TVEQFPUyhbLgS/PEc7jhkLkbD3p4acVNrqt2I6WAH
+iAcLHJe6aCB29C1XRJf8DI9a5+7nXqSKFdv1pKQgVBLon+gk5CctlDsl/H2J4ehW
+J7/MrWpmKmlG5AUuTESqB9tShUZPCoxkB2wEWgNtPwoCi7+P57NR5A8BD56zP7hJ
+3vrkxSLHnzKBVkrN82cDk/RiVJz7PM6108APRRWncXx5kIfeK48A5FxgcZ7RElV6
+UWQGFfoGlC3rRJyMYAKai5Ial/mQVLwtcdTweaQdNiDXVKeAFyXgznA3fkMfE+9d
+0v0u6FtMml7KSXUwIT6JKmg17W4Lr8qdGFzz6W2YqAI0RelErgTbuai35i/4YTnW
+r5hOuCNTsDYZA0XuNVq2xbIcLoCJPOkOGRNtCKZdIt4CwBFGFg4ak4KVhpFjNTvC
+wBhDj7exxsiOdtpniKeHOiGk0hH6IEMITL5e+C9ycXmur9geA4v3Vr8E3MAsFixZ
+mYbgqx/xlI8Ahprd36ab+YTwmhRoav1ZsHJiiejNfUmv8Z625nQ7Pj6LPysLNZ0O
++UKZ6wm6mEBYm4hP6GfqJK3k/4V9nOt8sXxfo3FXKVAus26m9dDYOL1qb4NWsRLx
+r7hGMJfsf+hwcCpcN2urK/C6Mzpa923kMBBp/E35ObTyv9A9Fnjdpsp2t3Oo+G6z
+Q9IYGV2taJt3pPWK+qLGxkTEb8HzfH98vdWfdplr0B5C9pXel+gK0Dmk6+LnxYXk
+TA6ao7f8mxzLSMUiPjLW1Rl1udPnNjGFIdgcPQ9ZNJSx+6O3o2LcU6YVcwTcb4ES
+vqT+dWkh88O0WoKWkQL36V5mBUudSl6WipcLY2twp+WWweJquHA4xh13uqqbhF4Y
+4kwkupt8Im0oQKrLSofMaEalUPMZkIaXai6qhz5niRfo7x5fe8+8jS20HMUljbDG
+sn/Uyc1/MBv+8w1TXBOWoAgaoutuzOocARU2RbGrICc0Mm/rbuUt9nVKxpW1WvML
+awKfDhbY2XYoYn0CzfYrvA6oGZJ3bNwRa8MtEkmQdR7Qb99H5hn9StOKNE3BVKEu
+AZFgiWTGI2Eq/XlCOHW1vL/D4bPun/0PP8IfL3PyPjiELm/CSVYP59v1ZGtZyPqz
+2By3MT+7r1gqjU02HMElDq/+2MeJMu5YMzhcibQABS4JmqPHr5fpvqTzyz0T+zs7
+KRdMh7LVQ0WmW1F1pkwHEjVV8oFWkHCh0s4e0pmYPhW3/YRDVyAGSFNY9zKsv8a9
+BpLQEEY0JqW4aXLibKciLcj1dkY7XOrpFTir+LwYaCt7NayHm8ddWjWBg694U4Hc
+zxs8FWCp0VKm9/HlS4Nt1VkoYmxWdZCLCpllS7ZmQ4K9m4UfIRcyfh6NGeUOJ+SL
+av+L7m8I0TyRZ/0hra1D1c31Rltmt/2BoOnE6oo5plmxOkpV7PX4tLZO5oNlbbel
+C1IkzdjI9GLQgqr9XhNszFyeVfb8W3UjRNHzv+NfLY/bqU8vhDjtHmchlsnOiFSL
+TbW8I6VtbzhVAh6cwCE+1uLhd4B/pBczdg4DTxv7DkTZamvzOAVfyK5r38A2vCwe
+LOFpV0BN9v/4RqfXejFiw8gfXcA+UJNcOvVuRp6Hz8tmnZzyfTWTMRP38FTR6qVL
+7TGxeUwCmmAzYR3tUAwBYQzb7rLg5U7jeMtii08URsKUqOMFWvEomrm3Gb+/mRXA
+LZSjp18pflAxDtqvHNCxie5Fo1yMbqnO2kYT0BK/mppsLzKYH4QiuYjjTv9ffKjc
+A6RtTVJ/U1aUnJZ62nQJcbAw3Lv6YgtNFFqUq+KlwEhudvJpKtMf/zwp+caxyYNn
+F04gCsJlIVvqYUAZ2LV53tnLkBMs85bs0nzRBUkPCw1PK7YRv39mirDMYvbV3F5t
+bOUjeQvUx+tYzRrnT/ndmpPFR/iS2xatvoErkuIPxMrgX7W3amN6CHKGsqQn9VHd
+ujqoTTHMkIdyq7NcC0DIvUGjIXMMOwHL3bq04rYXadpsNgiKxqhvjallJC/1aNKg
+ra2KuxKxHT4g1lt501i1Xz91bjwXJPnKB5vwseEm4eElS6k/EUBWoR0AWGWu+nCz
+RWt60260ENuSuLT7BB7pbUUfgYxcHd5oJO7jQYK9xY7LImJzR+BYKO0l9M/TMWtL
+LxecJE2SdMkUJcNAM8p5BVL6W9gBzDK/UIh4qM4Ja31CwOdyrUUVr29HuUxnTNVh
+7RCX+WkSSGdiq1G/PEb8YwPPs7roZSP/nBcj4GNh6aZFiv+RBntOpzJA2oxoJ/z7
+4hK2g+UC62A+krW41h3QvMCZ/ZcNmQWcLg1EsnVGThFajtz5+1MU/p/R0JZ1HE/E
+UUoi+Aj6MC1MBsOaTqKNKq+0JL11hxya0uypiBJTQsCex63bdXGmOoN8OK+TQ9gt
+GO24H17S3ZXXy3koLUY50YGVXXY6UXgVYL0TlGWQFNjEzDxgZI4/tJckEyv+0gv8
+82eMDz5sMDVFXdYme8Rz3RyrG2+4kS1dYQNQ3vKuSABtAMU8v8RcoBX/EZGgOXy8
+4K0F+nD/Ldoi9d355n/pumiT5uz8omBNFs8Xv5zIArGCGg8fBQAqRslA6su041rp
+Uet3zhg3/EICocyFAsEL8a/qmG7SgmiLOx58ehTBs3/WMWr0am59UJUKN0iDHjB7
+lOezHJg78R98dfWIeWq2nSbOcriPvZcaWKbTDmh5ss5bNhwLHn1EwVpIdWzJo51R
+3J321Fnm1m1IpPRBkc1DV1Jt7daR27QuC+ikQC33SKOUnKeE9Kb6sRSA/9jBuzIH
+Z51iPuEZDLgFlomc5easAMfMYg1JEi9ocRsnzyEL8P5HS5znAdqO3kBFsG6X2b4r
+z0wgBl0TO9jKgut/WbW7rp4AhZQlrRo+ARF1J1G7dPov3SZ74eIhbbIOYf5owapY
+Fud9ctRnE90T1B8N07RRorhMvhPw0fxiJBPMq0jGVTTxp93gEA79CEBh/c6RhhdZ
+++zOma31Jc/nwvxY/FzGEUdzT+m89leib3I2DIHGBaQ5ZKUNXFRz/VF++sH3YrGB
+UQXRJEu/rbjJMXCfhs3TLor10cDx2P1bnO6oNTwt+BQuWH6Vz/cV6+KYDheGK5IQ
+N8iryCFvr41BDkMj1YaL55EqWpEk64adh5WN8YtruTowlJjsZ+d6MM/vsVz0USLU
+TeoXzOiNIfXFO8xjN2PS4PcsEOq2ti/oTPlJJW3hQ6dB4R8nk++iS+NZ6SRUnI8U
+mQ0utN+N/1HQKLh9nzUACdWe9BJ4KMJMpF8Vdk7mghIcX3aG9H+duT3FY8P0nsed
+cJM5H5tG1RkLw98POYNnPjn7j8iETIAlNG4QFh1qSO27rCHu9X2+9r0XxDPZiNhT
++HmdKXeIrAd2HotvWdwBnBChfxAb32I8QQHqwxkS9eBcexC7IxIkI3HLO1/EqKZU
+XqpLF8eyZ5YlNwavBoHPs5yiVJyXX9HHDwF12hGiPpj5cmjgAX5jxV3OTVp7A6rc
+cx2Appm5AeN8nz5XE4WrQeQQek19Dd6bM0p0kowmusMRSjOJvLCTtmTyLeVMXsFi
+/mLYee6rSEyjrB8lIjVMWq33rz//tnU1NuoqTM0X5Tj9iUd7R2f8DAA8q2NageAR
+kFK7B2IAIKpfy+366Axc8cE2+of8SocRdbavX35xTahsnQhaFpoDoxlhoOkCTtzj
+Y25jc8xNSO7ULGjE30DIPSNp35KG14rNVNTHJB62ks3z0XirNU4/pUrYOzIfBdZL
+49ETu3y7oVb/ouhZs3QCptZlkiFf9quG/eTumY4cm63n5nTLjWwPpUFQzPE2gpgS
+FJXFFlm252hRNKtJnNZv55EBUxcd5T6GjykyfpKxEnxBNbOLzsg3c/uXDKbJjpwt
+qpCqA4Y2BXHYNti+l4Fxjfy/WQ7a+pwMj8ImA5vqxn14N8cQAKSYI7m8k3ZH5EHy
+LMCrU94T6QFvpxzrRB392MIVR0IRe6mAvdPXpbHdKXkIYNYCtVZBt8TC/kPjuoXK
+84PlabtFzJAMZlf4Eg1+2WLTPCJageKSUsOKbJqn65tw5OX1i7W+hdQQnNl/c+CC
+jR1ZJp+AK5dOi7mR8lV7NPPoI7wkeY8avx4pwFpMtcexxAldfx5sG4Fd3MXSYJAz
+4n+qqrXjkTOfYlbuPcG6CPUcFR6siHktns5HyKBrNm8/8pk61/qgtJy/1pMpUia3
+kV8aFL+8Mey3soYij+DBeiOIE/5tyASokdngNiwZvw4K40PsW+jzQCiXYeGfhi9C
+YiTydDpT+pWBLxdKdk2B+wTIl+F6XniREcz5o2+ZyJzf8u3Nf1DI/bqwNk1+tg9t
+yHcjEHoQsA8YsLkK9JzhE48pLJaLHeGGfJlXlN6lPKhMrvWiEAdjvTLqykyjgv21
+wTgZg8BSf2rKApVGVmJRr1H4hf4eLpT5llt3byZ/lnmTfgJ9gLo32wDfPF4xi1U9
+nW6fk1mLN1tp3YDaIAnr1qbD0kFXkcjGRmWg68vukVNzaRcdF6Su/Y8jLlm3GQM6
+q7hJWH2ZnqiOx+9XPHyb6IDF4AXxbYWu35EiSgqu+5L0W11GlyKbB7plExhPXEn3
+HItmzZ/wuAhf3DOb/szBdeOAevcTjNagohAeax3yvnavgQ2925YGhezxgaEoxo+7
+U9B7T03XEGTaIx5qn8EMqu1wKy546kSWBhAxq8wHXqQfeA3w88f12l3VVDT9nYoU
+lEIJyS6kzOASMh0n3AGFv+q1YG4ZGlO88810wFoGXAOJhCQ5jgAWFDrK68F67Lps
+Cq9lWODdG9dypIn/bGcv0fOQtoj1YmA5ZzvYgzEawftbGruaMW1FjHJcH4Lnosa3
+0hDBLBclrgG5ZoMeOtTQpmRkmioTawwGVoX3fmi6eKtLWKJWL9znh6KRLWIPOQb9
+/KhHmuxPyVYkpBVc7EDyEXdaZfN57JTCvjBaGZBF3eE826q9mSTOiaTOEUDU/TD4
+vCmsDCL9/hVlWf1IjutZ6Iy/BGupHY04lOM18Wvr3Npm2B1TVB49mtZdhbN5bUw+
+xevTb5dgAfYnaDds4zIX+h2FNeLp5rDty2x3th+5Hre/TUY/zJ2WaM0yigQ1s9Rn
+5uZ6sg/bPe+M6nOzPguHz77pqSVa9PrGsHo65Hgb1w71S1NXOMFaCKQEH6lVl6kv
+UPKs73P0vUhAJM0njD+8LaXIsaTsILNY2IbOPyMsT6TgpvHkzlO5nR+h7R/o2pao
+kDmW0vBuHdw15V58JlYD7DR6eqsP0ESdnJRjEiuvnJEWElXXDA6OX89OqiM6cnFX
+LuN8BrmhdfH8nPXDTPkIGLcCOgBg9anEwAWG0T8ZXKY60nElz+bScXijDpyxnGpL
+/Wmwr2L0WtYoDyT/X5a8qtWY0B0I72NFeoEkg/A5rHGZ+SfSc79sE+4dm/zVNU37
+AurHotydNRXi5tL8/SgWggSD//KPv39pg8lmUi8AIfe/+Vrmqy3fnCUgyMb2iULM
+mMahyuZb7m4Glsd/VbCprT++3ZLV1K+SzP9GCZymos3byCw4CZV6oTrkyw9lqCf/
+O4xXy6Kz+Cl91do8OlIG3PhOmRSvVU1uDQmdX26mbbckLhmk6ZPYltg4/A33rfmB
+Atc+5XtVRhRteZ3Bk0csryFi1ljX5jdslsYsiOzPzs4FfzY4pcP/75ec92VEb3C0
+8lF786UbHHVBu6ZGDSBASbhqlVE5vC1z5b2YJRiNolpr+2KUOsDF8ReXDaogAgyj
+vcczjik83AV4+Wyc70sc6Y+9kpTxchdhmug8Fdrx7gUwwkqm25m9ia5Z1qIX5RQv
+RG/pMtdOLbps0XoE1GEZjOC74bIfRffcspiPmUEDKlfqcHdB78Z6sgNAO3TfRzTV
+elsEB27DNDNC4OAYLqfXnt3WPhfKyE2LHGf3jqX+izVgy2LdqxDd5TB6LEnWpLbC
+K388OEnmc2HBxhcoPQqcd5zyDGsXXhK1EuNnJMvP2G3Ug26wKd0xo1H8Y5cVMEw1
+W6YHmLvsxKAOEScsjqfEMkwMQri1d21fzCwcfqF1v7sA2GwLf1QNC8Vfrle1vU2E
+dvrMtsnv4XZHSPMlsYZpsNpR5L7T79hTjsHIVHvfOwG+VhzL43G8EIdUVLDrwZzk
+FtJE4jF0CG/mTcgXPiT9gY5RBDYFjdwEVyz9nCBBopoYmY15tM19g9uZErZ2pm2V
+2pJXdsVMTLM/m9kZcShA7I89XtCZyBlvfV2IO/xLeqhKCBhY945k1EDvQGHWyJ+k
+lC6zPO1F0ihTLE3mhDIV/9WX9V9iKMMcO7b1XRhH9ym6O/bE6XECIvA6V5Zi2Hvy
+p5knHk4cuGSOuQaAxlUHgDTZVuFQrBeygh2xJRHDD0aDKff8lJrUGmSG6STKd2IR
+C7YWBdt/nfpSXEqKejOteMxil0XuOxQUTqmIyysvEXsQAluYyEqNd97LleWuKvox
+0oUIj3W7AuztDo6NesANMSvMquGE1DCRm+SlVab/LpT05CYpLNhsiPjzRy0vTDhz
+RS+2i3d7OFWzmmy0A1dVFojqvVe+rVLgF8L9aVEOg/t8l0/SIS1X7c1deYYIlqyg
+aQ1kjUOrUNaxIXyBgo8drkBt/esoO2aG30Ty5BmNerORyWi97Kf9Kz0FFwXFhjWF
+wfhV3iVlvfB4yt4xyVOiS23PvRqhQh5FDGUacg7l18VFgQkEPCCXoel9oWQaqB//
+efrcNeNlOjRs/zf+gkgQ+YGK1Tg4WkcFCrWyJ4CWp1FDy777m4tgCABc+Uf9elwc
+OnEFDjVMJlIojzQ8ojtsMqDyqka71A02UbR22JV5GGLMrZn7v4a7m3IwYKsYDOMq
+rdnhETVHpR/MZNpmIl9sJDqp0l9f4nfZ0NXaEGtJWrAi1y8dF7DXw06ejb63m/vP
+u3CpEPd031clExD9laaCBX8+eIpZ1qA6auswkck/itIasaeXO0B1pyKKfT8/sdBF
+Yec7SXwaZ7YMdwMeQ/q9epaQCjfC6WhiyZFOspC8iKCv+YG9DnL+IPLoz19Uy+0s
+3MIo2eEb4UEoVusA+qPmyo2J54jxjoLg3lopEzZy6INaWmLwfLwuUPmW4ZQVGxTX
+K48eY7AQVwofe7+bVabVaJt15o0lC4bwwyvUFmVYYiWb6cQPghLlarFhCgQG6PuG
+cb2pbwNpS37CR3ClVoKoGpRim8UdgQCc/87wfpKGdIkNHL03U14uE/S+pnWKgxE/
+hVlfAJmEN2XXaxs8EUnyTyChxvXtR6oVPinbtDKUh+K6jhFrc6j4c2W9LaX6x3VW
+8YceU4m1088zXoAQ+JQ9ZjEE3EZSBhNTtD2CUBWxVvMtI1aD4pXoGcftSC48nJcm
+2yva7a45CfUthHrGM8K5DqHuxgYPkbvMxpQhoSAABg1XttOEBhr0wLCe6GwjB1MV
+NJ02CTwcU9NdGCXNwVY8bMQYUNmKWgno59C4nnYKGx89J6ot0oSDeozipqGR6qHH
+k6TOjTmJck0x5v4UB2bFTqv2d757j1wHX9aWI+TfE5LId9VNlx8eEceJPwLQCN+x
+sklKuZgzJ2kbopE/t6+AmOOf8Exowa74kJFjSRE/T0muNYRFFGUj5s+Q3IVqPc07
+N//rNHGR64YK7rUuIWM225WP9PF4cTIUwReOO9+G/RF/wwlYdPFx7gGE+RZpvRet
+idaiJdgWpWq2LCfDUr1lY5tpO5t0HIEEfGfCngGiMmxtBHjlQsnTxxiUbU76omrG
+GflKQZprwhbm0QjLr8DdqAWbl9NHyx7sNvNIBvIKfx4ha1HdIWqv7TIc4F7weR03
+zm4S2xk3TvQvF5B5S/wkP2ah1Q4D6s2zb/ltAfEdjZh1OplgUwtdl5qmD+6Gb4Rf
+MZhmhwPjFlH6tZbzVlbEKCBAVb1f7fBHdITP9J6vuZdfJX2KLgmowSCvF/CV2eFg
+MkYByXc70gFxGVQYWf+iyokBlopcPrUtaE6lz9HdvdYs8h9E6utNfigBO8HwesOv
+3mzx8QdZIxjlFobEryoM8coveomoQHMysGW2T7ZZcSH/qdGsim4wbz0Gh/2a3tZt
+JLwcuOTnkCy48iRcbmp1yM2v32466e5swRG08jx7WvfksGsyw3s1Bf2aKvXmLTfn
+shsnvKATqsbt9oYfNRSkr1VfbSHrtX/4QFSWoKA/y++3BCf1fymNwgZRqyWGiJ1L
+J+eXOgl8hPXQqwR6NAONtq81uJP5hPZ96B4W8A69Onlz+0O4yuHL0DzJXR6Y4WAa
++n5TWI7+D5nt5qMpURepwZVFAUblGqnzrt+ObSbZ4439acvFBqn2FqR1l903cMQc
+LVM+5iO7QFHh3cAp0wh5q500lgTI6E7isKaphnf7lrYfhu/XGLEMmhiIr6vCHIHZ
+qqF4LZ57amrwoa6vdbU0Mb84aN72gTee/hstZUUD9hS2NN6bRwwdV7Q8kCd7KXh4
+ksi+C9ezIkLL5rk/4RJEIVXzAYsk8+EPTLmsOpEld9Fhsz8qVixgMUKGuP7DTME0
+Ho+OlDdCc+LjeZ5PutEd+NErTSnKa0/wvr0p3SoNfNIBbLZ3B5vZmc/PJ/lC78dt
+lEJSoPLROxAjjmVL1PBS/xK2C2HFGl5GUtAJr3MBB4AoZqsm0ZE4FzSgkivPbDgT
+BC5uErDc8j5XERShES53q+pqsH6iFCWjtxfbQR2ZuaENehgBS9TZ5FC8TqhG+veg
+f3nyC6l3N1+2Q2vG37MM+u4de+UueB4J5aYaTOnozJefc+B0yqdShxKFjJczuQ+y
+U3DWcLMFVWcxWLJEc/ofdTjaKArlOsPSXcfK+MkGg7uamfmpwBGAVLAg7XQAczQR
+xItqTHxdRgyKmVmSQ+W32dPQezdGlwGx6/6xd4tgvkbmvcdiD2Dxd+hERwLxV8ch
+/6QZsS+2QLwsfCd5PuowAd4smW+t0hh/T2P9nJj9RFqAGJZjxlk2uiWgXnJqYka8
+9Wh3i+l5VjU9Vp88jbXsgNDnXv2moTm8PhU7xs7yup2OEOyINZQKmP/IruBdnIxL
+//mkxVweMNZx/zX8EIU/ZCWJLhTZdD1zQ64qg7OLsbDyoxUgjRqAm3ThGm+/RM2m
+4oYmgnEo0992SEooQQdaEaknVqxr3cFBPipBjhtSrvHtTmPdeXZd9LJMzDma1QPN
+CVE3N3cFlUjmZc6TbNobJs82eepRP5rReUDh774+Dmzjt9zG/f5lwd9AsMak8tSJ
+QqtordsjIBbD9mullL9VCAoEaICDQuKJyuRZKC6Zl8KmUlbJeRWAZoGYzFh9gQNZ
+vyowcho94c5OJVoWrkN9orZ3/AilScbdAbbVx1WUge/M1MTIimoyityrctwS1kCj
+5mEpsmR0KFkxQa0g/N40ieVaidIKulHKJ7/xXUO8Xev8W/73Foh9iJ4Zzk6WeBr6
+TzopDhv9S9C7DjYyPkIa/h/TcoW0ERGleqaXNUdv4FMw/h5elQz8UNTX44LA8e2C
+9rMkErSGRCMJFNMfw1tE9i4bDvfaupbAQ2wpASuLnrE1o8NCHAAVhL4NVhVhuTQZ
+0+p9l1MOKB4Mm1lJ7IQctspsgdI6tX8mSHtFkzxGVTV2mReDgM+xCiM/oK5Nqi3u
+bLeC/zCdhj08i1S33/NLgDTqXHiRQ4ixwmySXpJOhC/rbvcpS8n8LFY7vstUAg0P
+xc+wdjQV2oe7k2nuR/57pExIffynJ7VDbbKwSZ3Dolj78q9WuB7ej+AqXWyJWG8a
+aB7ayuu2J9r5kVjvR4XhHsJsPA5HOe79TJwfLdUdGvoH95mHx5G3BnuqShPWFvB0
+ejs4MN7tUoAMa06Te9AR20s867XbFWlA287mptLRKaWeQF7348vEpGjSQIJOzODS
+GCqFqaWn4ketWLu/EWfrSFMQMLeOlgIjWroeU2j1pIlPAS275ukJq06Tzs3vKq/u
+dDZsFg5skLngk8Uf1IBAuqnvFo+oCmK4Hcjdm22Ab4s7s1cLoRZOOVM+il3kM71X
+pcvOL/MnpEZ7z/Dv+0/EkvOaB6h+f6TXk5pSlW8IwlZ1IyXjXshY8uPo4zr9DuGa
+yHjCfvQxdHzSjBQ8EFcTarxQngcNynIcOt8EhYcg8sM4l73YoE50GIbJEtQStxO4
+sTdfyE+648y3mVXqMmLslw+W5i5CLN2EHvMLiOPcRccRpyfgSzrKOkAh94FjgRyn
+lENX1UgKrCEAQwSdtKW9KdvO0IoLkRqcsISbji0M5H1hxwY3WImYxnPSkLrIDXnx
+1W5qCXTjPqRAyuhLO3L49NcwCbCzRUXbfeATqQNWHrqjgI3rDfXhM2CMEzyndQ2v
+qRKS6NKd7gCRAUJWwqqZeJhkMjIyEodY8Ni001VxiCAjRIekn7W+p0dxfedQWpVI
+mDDElCMlXPQ5wcEftCjNDwrExEV/AAqEPgNzARnzQO3zrdTgs3LNTQ+KD/XRSeE+
+PlRMnR/buNn+EqXFNmF9iQt/y93Btb6GmMe4gAaAUfLpirozlnLYq4crn+LF4HHU
+tIi+AFTXrckbd+UH29l1JZLssgC5hNFVyJ5yl1e5XL+G3Ak63UyGeoqTbuNDMCRY
+L4FCEG38vzg6KZMzKyRbge3jPvI/ant0OwF2R/xNXaTedwHLBw29ObXNrnjzYMcG
+nAhc/i4QSXZpjoucfurBkyeUeRofRc1m62MZJvURsniWqpg1YQeJPBibww3vHd+O
+59UrrcXjga11aRhTV91rGMlgigMeOxn3R4yR16QTRIlnwXUpV4fNddJ4YMNBs4yQ
+bwvO3LZxAoYInLFBI2RMYaXr+ujFMTpw0INHPqo3TXFsHnNa6HVYdNKbouXv5/2j
+bANMr6X1ITuTvtQN4tWGbop5qfp90b9pPyw8P0bxSdro4ZHMeSgbiS9q6qZxjVz7
+jnOKMUrdbDkbYM+ojXZ18/4WPKtaxf6lTLrh3m5CJ1V8slRJp0Jes74aDQf/OXqo
+QgqVrI2wnl1klGwn06bhVaymdk0hMkxAfeHBGZIQ4BMMZ3aLuVWjAcBH/HP1tVQ4
+IG7MHRnm81yVNgA6yAuZZIPQwxDWVko7rRm/DnsJcpKfL0nZHoF+bJ6q4Rd6Dey1
+S96L4PDmXseFkVZOH/7dNWyKuvSA/MmthkN14lWJiYJebaXb7oZG3XDC70o7bG6Y
+mtGOrOwVthFereg1Ii98ZA4nKgqeu2paMju/t03hQXHY5iqyV9ax0A3B0rdivz4U
+VbqCcO7pGNb/Ki3gGc3hfVw9YXnR7E+tra19eE7UM7o+YlunKF1Q5dJaLKY1z3L9
+3UAJmXG/sZcLqrDn9zHfb/YxqbyIkM7VIU2kKztWCCNiNKgLQsIoVzK4sbS2LVDI
+grmvZg+Q7EkwxZ1FXeBGJmsiyjKYPU3PI8ZBU1MXjwTjtnQRuBSxh+Ok9glPeE+1
+rUDdlVoogUGgPAvLV3BM43E/Q5VE+X04KvPNKINvvS1nZpGKyyy1MayOfstc7Hsw
+W/RgllTEd7VW5jgZKg7YyA8r8cUjMqE7zewrq6MtkoFk6ZVslWxfoADBW3ivwdwe
+I4XwNboOgBx77qxf95aHRRdqWZa0JF8zvK5BH6EpBI29hlJU4leax696ACA7QIIM
+Rpc+ulkvHsNxsUlrUut9AXoob0MqDJRmZvU4gSVivHjvKLEIlymJw4pLbMWhcrNa
+v94TExP21Fy/zYcWiZT2nCX6qZVXTcUcQGIrBTWDbR8bxKll4FNo/2zmelyFmeXt
+iH+Zp2EwFAUELsrxx9plNd5WceyU9VnZoeucNFd2QFl7lV9KL8AlQaaMdsYOt27m
+8j7iNBID4HtCYM0xLwE/5uqVQPxX6qzPPZc66MSRIi8ZHZPFvVilFVzFyZSrq5Lo
+ojQQmAycQGOzx7dwx7vi9SeTrBRY2PK3WVurcLiRxM+2u9vjlxigwimpnK3VU1dh
+GDoPghB3O34bfiV5GndcnPDLJxsSGWz2z2WiyCFgCkVp3shHUN5c2PLWDIOf/Ejz
+LzNJXFKjO6/6ZGpMmGf6bZCa9MBnvXMNic9/k0lmtbgj8SS+2//gko1EDa/Gpaqo
+J2xgEuHLvp9KQABWt9VRI+tNUJQCS/Jq10ZiT1TzhczyJEqbtVDOo0l5A5sMV0PO
+HszFNxw2BmuM8RYGgAe5pkrdzVdtB8TLmhys7P+xRXNXnsUb+878kt2EyiXjMl1g
+oFeAlj2afj/GgelJG0G0FXm5WPDhbthHOO1hW9RP5WCTybjUTAS+GbikVwxa7bZE
+LHrROUOInY0ntR9lRNjpVCMdajCsMiqT/G0C/ApzeW6ErLMFIDdVdGSdnz/WDi5C
+xQTIS1FOAdefQ0CohE0yOOvjKTAGzht+g4gYiSa/mOnvXcCVM8t39thglZhq4+6G
+oWpOrXwByd8OA5f1aQMqSgoySJOGg8a3X7NR9bEDbF7/6QNJE5FvxwXvA8zcabUo
+OGxXen85Gkq1M/VnlJ3RGM8vA5UizsdPESYUCVH1eKg8ROlrQOr3ISj5kaNL42fv
+OSROmeHvZrHtvGn6hLTNPtWcm1hGSJS/Q5CEZe0/4ActkorF9kuoHCSG3UegX/lg
+5mD9aMTHUhD5VooS6OdyakqD+6LptNqQPL0IQALsS9Ls+8KUBxIi9cOe0xIusAQl
+OmyJcUJNr+Oq+Ypr6sWvelbWiymgGDN4gHm6BvzyXv5ihnvnmkIQ16WkAsIChzZx
+cZUl/bz9bDsSyJ4FyzSRoWuURTz9la3Bo2x5ufLChv2i9+X9WO6Y3nFc4KOBY4hD
+WeFt0ZUiY30SyTiWqrPHP8Lnto9JTBOZcIIHOqPgy4L+685Ou6xwO0cUzicIza5M
+TbMBOPfnVSgPSCFImGSjAaahWEvl360B8qjx8i1vgkUOxjqfFMnjZUF5b9lBDS72
+JK0esvGRUQqyC4uQHbTi8EOJYaOnCn+0lXPzLNpN171DHfEg/X6iiD0zTjMX/7Sk
+PPm2z3zH7yJmeDnh5e/gvgWaPuTVaN+LdUYv/ijqfS3bx6yF1VpNr+esTI23S+o2
+1HqlCfhZUnVmn6r0J1L8tuVeZaMni1qOFs4KacGA9UwAZeGVdOmK0rFIqUXKDehq
+7BAmDZV3hnQD2TQzgfDfXpegRECX/wZZVrcg896NltY1r6AVm9jcKLVCNalyoCwe
+Rp6anjx8qsUxnXXYN2rhl/l2Y9D23QZ2OM0cpvb9QPJGGgGeSaQu6p8N4hRUroje
+UlL8vBLle6tcvVoiRCvPCja857vnthqUppv9bzM9SAyMz4RXcYgQvFErExOI0eyT
+II67WbrY2j9ul7h4fZjNKCND7o2aENbylK8CU1wlwEBYC8BPgkTqi+dErP+VrWte
+QAhjomMkOVKKzG8JaoPJoVYBmMkMTCPsFFuTjtgvg2+a+DOiYbI8yTDT4+Mi/Woi
+gZUcE0HUosPkkJ2ZU3zDXdwPIr4DI7TlrnZPF99Es68+NXD6lQgc6U2fjnBfKMFw
+MfaTfrg3ykA8mBwqZ6hQdIoqha14uje9Ses2axrEF1FY+pU7JEKDozmo3HzgTfYA
+UFoHCu4Zbeu1IiHHJuVSRrwVy0BsY0nrq0Tjq2uYSbXyR9KylHCxztpzku5Gncy2
+Cl0sBUqv1uNWIt1v6yHdupzRM/fIZ3F95nPIomgM+uHmdpHaXyizM4D3doRGzNPH
+fOm6jWgKCllI8JHYJ1DUBUokYv8TYJLf0gOSaZLZmpEh88iXfBP52ZBlUIokeUN0
+aZlxSqawVMteeqcjCs7TNySBDzfTCZREHr77tnBz4+jINXi06mh+/Hz+LRA3YNRD
+Do5hyzvvFBg49rY0JzZPTC9J4bi+w1MPmmdz0OgQGG1Wiu+4LrSuBUOgiA0V+FyY
+/Md51ShFwRg/5zgcWS4hK1Eg4kKTKLF6Wjdu88PCKx2+gu9dYjXgdRuzZ6LUqqS2
+It/j3VptrXm8NwQFGM27HnqGwK5u+Ym3qLJ0FE4vWNbbxGlZtX3NS8SqZSqVfbqq
+TwIz4lXU3ipZJ5b42IanZ2nfWqKpdYn99C7yK6AbwA+qZf5zmy436dH+Rvo6PC6W
++9MQcrrNgvq0tiAJvA39dzb77bhRjAKzL5cDiA40hPlcZs5+Q5g9XpYtKsSfzu7s
+FCFRnhXmhiBXoUqf5jsYNrm5dvtl27wPTaKvVQQ6SsVtXDZSWEbdAj8Xfeq7kev+
+jtvaOUmFRMaFevzu5t2uuLYzH7zufMB6p13chVUH9yRnWBzdha/Sqf78k57UQnZg
+EJwvXcDJ+uFbnd2sibgoASzDNljSfERK5RfD7Re3n5dK6W0PXzic+7ljGoSLedtd
+6DD11IzD6WjBlE/9Aiof6IUDdzuo2VZ0XtufBxmYHXUx9LF3/dgGOr8hvxz/wpMx
+nPnr9QDgF9svoCvYq1toUbtWgKd1LjXeVoprAhHXwbn4Z8hj7+/LpPYwR1X3u1ik
+wL916n0bOkLgWgqGjqsrgskk5Lk6ZzyrESZ0xd6/+dSrf2YxLivF8O4eCLfNxB3d
+=3akT
+-----END PGP MESSAGE-----
+
+'
+
+alpha_seckey='-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1.4.8 (GNU/Linux)
+
+lQHhBDbjjp4RBAC2ZbFDX0wmJI8yLDYQdIiZeAuHLmfyHsqXaLGUMZtWiAvn/hNp
+ctwahmzKm5oXinHUvUkLOQ0s8rOlu15nhw4azc30rTP1LsIkn5zORNnFdgYC6RKy
+hOeim/63+/yGtdnTm49lVfaCqwsEmBCEkXaeWDGq+ie1b89J89T6n/JquwCgoQkj
+VeVGG+B/SzJ6+yifdHWQVkcD/RXDyLXX4+WHGP2aet51XlKojWGwsZmc9LPPYhwU
+/RcUO7ce1QQb0XFlUVFBhY0JQpM/ty/kNi+aGWFzigbQ+HAWZkUvA8+VIAVneN+p
++SHhGIyLTXKpAYTq46AwvllZ5Cpvf02Cp/+W1aVyA0qnBWMyeIxXmR9HOi6lxxn5
+cjajA/9VZufOXWqCXkBvz4Oy3Q5FbjQQ0/+ty8rDn8OTaiPi41FyUnEi6LO+qyBS
+09FjnZj++PkcRcXW99SNxmEJRY7MuNHt5wIvEH2jNEOJ9lszzZFBDbuwsjXHK35+
+lPbGEy69xCP26iEafysKKbRXJhE1C+tk8SnK+Gm62sivmK/5av4CAwKcF1Qep+Pf
+ssOqtJhr+klruUBf55onBJi4vkk0gK3m32p/05YB2bbMURGz8R4JxUZfUxjdDk73
+LaNYRbQpQWxwaGEgVGVzdCAoZGVtbyBrZXkpIDxhbHBoYUBleGFtcGxlLm5ldD6I
+VQQTEQIAFQUCNuOOngMLCgMDFQMCAxYCAQIXgAAKCRAtcnzHaGl3NDl4AJ4rouHB
++LpCkNi5C59jHEa1kbANzACgmddtrNSj1yPyTCwUwRghPUomECS0EEFsaWNlIChk
+ZW1vIGtleSmIVQQTEQIAFQUCNuO2qwMLCgMDFQMCAxYCAQIXgAAKCRAtcnzHaGl3
+NCeMAJ9MeUVrago5Jc6PdwdeN5OMwby37QCghW65cZTQlD1bBlIq/QM8bz9AN4G0
+J0FsZmEgVGVzdCAoZGVtbyBrZXkpIDxhbGZhQGV4YW1wbGUubmV0PohVBBMRAgAV
+BQI247hYAwsKAwMVAwIDFgIBAheAAAoJEC1yfMdoaXc0t8IAoJPwa6j+Vm5Vi3Nv
+uo8JZri4PJ/DAJ9dqbmaJdB8FdJnHfGh1rXK3y/Jcp0BuAQ2448PEAQAnI3XH1f0
+uyN9fZnw72zsHMw706g7EW29nD4UDQG4OzRZViSrUa5n39eI7QrfTO+1meVvs0y8
+F/PvFst5jH68rPLnGSrXz4sTl1T4cop1FBkquvCAKwPLy0lE7jjtCyItOSwIOo8x
+oTfY4JEEXmcqsbm+KHv9yYSF/YK4Cf7bIzcAAwcD/Rnl5jKxoucDA96pD2829TKs
+LFQSau+Xiy8bvOSSDdlyABsOkNBSaeKO3eAQEKgDM7dzjVNTnAlpQ0EQ8Y9Z8pxO
+WYEQYlaMrnRBC4DZ2IadzEhLlIOz5BVp/jfhrr8oVVBwKZXsrz9PZLz+e4Yn+siU
+Uvlei9boD9L2ZgSOHakP/gIDApwXVB6n49+yw6e5k2VJBGTFDkQbxpgi4oslePpT
+7Tc2qjAke4zO8JHkgKSokEgnMpMz412q9otFX/3qC5MpPG5P8f4r00Kfy9Am/thk
+ri01WTIUqF8L/VZXJxLKVoRAabSXudG0eavfah14fN5/+Bw5i8vSHhc/xmQEKTya
+2X8Nt1F5zMrE1LAGVVCL9i/DUygnJYOZzAd1Ct0RJ4kFj7lOBICF2IWWiEYEGBEC
+AAYFAjbjjw8ACgkQLXJ8x2hpdzQgqQCgn81AaW8W/lyVwMh/UBeMuVMUb24An2uz
+wg7Md81a5RI3F2FG8747t9gX
+=VM1e
+-----END PGP PRIVATE KEY BLOCK-----
+'
+
+# Bug 1179 solved 2010-05-12:
+# It occured for messages of a multiple of the iobuf block size where
+# the last line had no pad character. Due to premature poppng of thea
+# rmor filter gpg swalled the CRC line and passed the '-----END...'
+# line on to the decryption layer.
+
+i=alpha_seckey
+info "importing: $i"
+eval "(IFS=; echo \"\$$i\")" >x
+$GPG --import x || true
+
+i=nopad_armored_msg
+info "checking: $i"
+eval "(IFS=; echo \"\$$i\")" >x
+if echo "abc" | $GPG --passphrase-fd 0 -o - x > /dev/null ; then
+ :
+else
+ error "bug#1179 is back in town"
+fi
+
+
diff --git a/tests/openpgp/armsignencrypt.test b/tests/openpgp/armsignencrypt.test
new file mode 100755
index 0000000..5b392df
--- /dev/null
+++ b/tests/openpgp/armsignencrypt.test
@@ -0,0 +1,21 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+
+#info Checking armored signing and encryption
+for i in $plain_files $data_files ; do
+ echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust \
+ -sae -o x --yes -r "$usrname2" $i
+ $GPG -o y --yes x
+ cmp $i y || error "$i: mismatch"
+done
+
diff --git a/tests/openpgp/armsigs.test b/tests/openpgp/armsigs.test
new file mode 100755
index 0000000..8fc8672
--- /dev/null
+++ b/tests/openpgp/armsigs.test
@@ -0,0 +1,19 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+#info Checking armored signatures
+for i in $plain_files $data_files ; do
+ echo "$usrpass1" | $GPG --passphrase-fd 0 -sa -o x --yes $i
+ $GPG -o y --yes x
+ cmp $i y || error "$i: mismatch"
+done
+
diff --git a/tests/openpgp/bug537-test.data.asc b/tests/openpgp/bug537-test.data.asc
new file mode 100644
index 0000000..130dd5b
--- /dev/null
+++ b/tests/openpgp/bug537-test.data.asc
@@ -0,0 +1,960 @@
+This is a binary (gzip compressed) file which exhibits a problem with
+the zlib decryptor. See encr-data.c:decrypt_data for a decription of
+the problem we solved with 1.9.92 (1.4.6). It is not easy to produce
+such files, but this one works. The source file is also in the BTS
+under the name check-data-410-1.data. The result of the decryption
+should yield a file with the SHA-1 hash
+4336AE2A528FAE091E73E59E325B588FEE795F9B.
+
+-----BEGIN PGP MESSAGE-----
+Version: GnuPG v1.4.5 (GNU/Linux)
+
+hQEOA6urKKJHvid1EAP9ENEq6XQZEX7o40GuQBVRM0ZyYYV5p1nFrHqymikdMiFH
+QdiYfZQ3c82CZyx/AK5iBeIrHNTLmex9iIlyqMtf7Gw3BWXbEtMtol3Zcx/0ie3w
+QTpjl2qiPOmnO97cp1Ut5dheOUwmOuv6UTGtk0o1d6Cws2RTFJSi81GeCr4yQDoD
+/3qilIjJcskmLj2lTMz/Vnrnr7u9TmBiEBjcl1NutDudtuTWb58FXhlmqwHvNFBi
+t+/lIr4N/3mU2Z9Y+NFhJxY7R0Xvq20pNH44vhd8qxMt6N/yMxaDjY0tY0a8Hy6b
+Rj0TbVobRmWia4N+6ES5DzRaTOKWA2tVxk9VQptgU/FM0u0B8yvO6TfIaHOR7PnO
+7j0+v7MfnRJZvjRe4S/hXJduNFLg8IPxV84KTxDRmc/QK3Sl8tQLHLAkDiQRFQSM
+Rm5hEzbigfYY+zOjDzWv1xbxfd348+fmALy1PszQN7qk16U85yZtx191O/d3P2gP
+zJcJzlfgQU1r8Od5qmrT4Lxe4N7DDIDbiB6MH9Wr3Vbm3jxqurUBDyPNrOLdsenF
+HbuEkfr5jtnYzTWTi0NCLajaRB0tTVa0rcOLUGEcLCXFt13wvPc+ZsS0NuJWYAu9
+4+WVDyPS7tpGvUZ8Uc3HOzAgXs16m9vYN+OjI5u8IyX1shZF4Tv+bYLjxs4yZzvO
+DyltH1rmMYo7UMUu8vtM+hjhsQtvr/ervGQOzKTqd4txWPjmt4Lk0xk62NpDm6JD
+nn4P+lYHF8+EbhcPbMnvbhl7aP6IOdr7ij/f4kp/JOMhh+/ymW1Xl61E9Zf2uwT9
+SOsqDgxK/bL+6ewt/OkE9+knet8ZWB2pNxSspznuv0QBAX8Xrg/ZiFy8yQNsDiu6
+PVyXWqXRx/rZ1kwLB5QZSdMFLpBC5p0Ev9hiImVxsA5nX1BDglxM1SjVJpuEtrCL
+fK2Lky5qhm50oXxX9QVxg2btITm+fFZhM+dbEwBQxv6yiWJNcpi7PNBeNEhck9Xr
+fDOtz65+9cDMeHv78RNiPPewkeloiPmRWDLivX85bD6WQSDzJ9f1XhyY8eKOs8bz
+ymQJPtfQcBiNdI9HNTQP5pZkr4XAbOo5Ji5XHJ3JScIlpdYforit6m9orpgJpUJK
+K0PSNF5Yx7LlesKbJsYcuwQAvZuyrGEtTXH5rDgBgCcEHQaZR61tPu454wyLWnGI
+hj08LzYM4uzfmjDCQmISPY5KDSRAP5LpG/Iq5bX6yr4KUF8WrxJpBeJGmaRNUyJO
+P4p2Xth/uBzu40r60Z5gr1mqpR+cvlBbUiwMC4D5zWXiK24e3yRPoTzJn+J7g7De
+gG2P6crZgrpGsnnheYvcLin1BShctSzC7zMMql8yNKp5IYeFSd4fJmWcQ42RVf3E
+mQBhiXd7UUrBJcZkPL/+hxbvALBtBgNlebdwugC4+IBMcreM7TM+WilOr1A8fKcb
+Eu1EQZ0Rw3RMuw639GdFgE+EKgbzUFhKm9W9hdV6CLCddhlaFjFkMZWBQfMHUKHX
+xnHIjQxxjmThfVu8VyiJ4nfT9coLGoJNx0MbU3JNCVUzeBLuzNx8TWtvmK2ikzaY
+xIltoD1uRXOnYFsRrmg0+YWbtpP6FTsZQTRYpcy5MeHcyOIQmV3ieLB3yb1R7GAN
+FEKoCexaa0JJ3uMT8dza6Fi1Vt2Z1ZkVES3h4zfYg25FAspE7h/n1/W93dolUatb
+ch9wPHdjwHUghimQdoIuuRaFfbDpb6QqssJDtGrEFWm/XRii3Z08x0rtGeAdpcr6
+qW6xW+rdZepPac3E8+eI6BB5Jq1IaVPD0OjySCRlFvsxIUOI2yBvBsJ47q1/6AtR
+zGRM7Y42B68ITEHdUCNnPbtK5G2U8XHTX98MdG2SYXAAELMhXM/zucy8AJ9kLE19
+g4oVTLfpjh5/lJHcQjHBd/0lpE/BwmamKn0IF7YEJ2d6SVTDFMgo/tLS0Phu8Xs4
+dHBexIX6Em+iGYZQBOFpqtDYs0OtdbjD2KAAYOI0l99TFMfAzHcf4uiZMHlONdB8
+EWMQUzyLlN/5oWbihjiyPh41tZQtCQvC3vWB1mjtwEtcuEU3oqfbt42S19k+H1ok
+Ov0VxHX+N0kdc5IdBW7we7E0n9mSpouaSxmWIJVCt/Vhto8+F9/b20UrLF5pjnW+
+erQYZ+T75BHkZyImncDOBvs1wEEqBlAK7nWW47mFKdgWeJfPTwr30BMR9F4OEnWc
+RLpO8No+5Kti7sGN2u+Ubo54nsTIb5AG1gcvH/mr/5FForcnbM44MHXDdeGGsQVd
+QYnTy+twSInhB9yPI+1DXH+dtcsvcDAc7w1F9TnBNbo50PYV0ppr237afDDSm/6B
+M2Zp7ye/LIWL1oRkqVuJPjPsuBtKFXNgwk97bO1agEZI433Z7BNV00mR+iAxPr2D
+Id1gultRXP0MZHrtUVwb+CCDbRtgBbJNcLALr8miog397dM4aEiRpf3xXAOjTZGX
+1owuq1lRGd4NO2OhKwU33nzUwP8g2Uo/qDQc/P4tL6aLdUCnZkYrwHCP/lGK1ZIH
+3edIiQ0afjWhVQnSoKq6raC0ddsn/h0nO/Qbm0i1m+oEsBYAGgLgYIc/iYH5bi9G
+jSze5BeXmU1s+Dyj3pse0T5lnDzpvRmx2i5d5umB3CSq2L7Z9vSlyzwMrNFpsOng
+lvH/rCxYhrKJAitj2PeJ9db/cH3flXwvyi5diYOWWjqufbZc7yckzN1VNEkiLdZk
+NRo3ECEtJ+0IozKG8mY3hwhclOPx/zW/3R9zrcW8clr+9d1fvq6zwK7ezwdtcO/W
+nOWGQZnsv4FLrgVxjrBrehQrYTfNC4ZR4u/fTqhuvfNG6cdhgavnpAbBhOuvYxZX
+C33SkNEtYZaUKr77HMAavGkwxFU02yNR8mkJamvpI7A2J2gDdFvK4Ua8KeXjWzqV
+XTblQVSw4viPFdB3PH9X2h4cr6/jhCXRPyiDIhV+VvfOowXVSH7fWXgRdwQ8lSUI
+IQJ1yucF5U78jAOYMYt1uXRBoRqyIJeAeFKrr6cTh5ieg+ErWsLRGFnKAcET8lzd
+XcX144LliJfTP/yw0LV2V5XisSLTN3tiKUMTw3ZFcZE2LSExw4Z7sGF3r022nL3z
+m1fAU403g0vcEqNFWWFu8i504EcGvxQcFeDYKUlE4zbMpl8X7WxPja8Rld/xiVUy
+Lq6SQ1QlSD22VMt8EYIkCC8q+1P5P/sIFXsFpVu3Mpih124evD1JRc7F2QKIzCuQ
+HSxHzTVB3DlkblMSxTLcSULWtobMcyTrxS8/6uOLGlX1kYfnEIZzDbSG19xEc6OF
+osqoREXcq/r3Tr4gMNV1Ql7XqmzlTwOBRUJxcTdo0/b0nJVC/5rt8qnSxve3btx9
+DDS4vufEUuBl0aZz7+o9Ai5ht48T9/7p4r+hMso86cqfModHD4DLBRT4/HiFmSZo
+n9+V94q6JCJCANZnemVvS4V6LWGkabfHUbuTyDAFNDGnupSdbgd6tFJPxx2bl/jE
+nsSqU1iSZ2ugpad1hkEEcW5aUk6IhsES1LfpaMdDgQF9t4jKh5EWp97UjEO3aAfU
+KGff3uKl47G7HVUdig0ErCcIiChLkzRN68zAetHV4MvfKC6AuQmMOO0DIKN1mASR
+lad99OXO7Vfl1T4lCw71XKnnO1zWGFYqNIuxp3/18DtRBGwiJQ2faPzawIOap/7Q
+2ce3QJwf6eevo7vP5BICrJZ4KcnRbeEVH5eFh/y4VnAg/tI4JbSK6PisDE1gmuWc
+vGbIN1pdKQsRCBo2axzZxFotqCrRSJh+WrfUbur1WDJJVoyI+1/kQIs3KpkJYCJV
+vwTtGDlhiy4PMegBnZaBfRjQF8s7gZVhpeWxF8T6/kiYKUm6NFXBuF4kgwC2S9aS
+937B4MNZWPEAYGGjCgNqnRbO3QkbSzL1C/sQ+k7CbBqWQTNeGDeMutf1gQVyfxuf
+Bs+U/cXm295Vhl49Vk/zZDgF6ZrIVnKnRUQRKVa0u7mFkGLecCvScfEOS1MHw+cU
+JP5dv2oNAkIythmmoT3KSVR9Jij33azonLpP70xYUQ7JC4kDKSoYuK6WpbgbSmYI
+Aznxi5EKft8M/fqumXX5aG9D3sp84Sn8wKDXQNtN3D+UG3pINhIIhsee2ACHlSQc
+4FDsQwjleBrMLODQ3i7rMUeC1NQOndFo5oVHyWJPzUGDSsIoi/X//3JxMmyZyWzK
+lpRUmugRcBNf3avy1PIS5cgCYa/oCApCbFv10pdUw5VxbN3qwL67C92pxjlyeyad
+Y9Bz1bEUZUBB/APYdn2hEzu3m76LoNHJ6D0gZrS75IcmEsX6QdVj3rXgZ7K4wCM8
+lmcWuwdtu5AA9yl69MnRO4iv2tNgVZ3RMImOO/9/8rQ5BB/GaPDiqDqQ1xr3dknd
+JDf/9Ij2kvN+LVZEiQwGUXqouXbrMB8DBximotOOz07vOe5WUNVuizzv9dz2Jx0o
+rIV8pst1fFIOt4ZuQ0Oonbya+h3k06JugMXKzdfyNC/bTaYWQP8HIAVqTscgYmCW
+/gCjRVMcYCvdnlG7jePFAk9vKcV7MnrCvLAAd36CsJ7lU0e4VPiguCuuBb9lhqtG
+w5shRAPXcMlmABwiycu9MyYuqGEegWesE+XHrsWY5tImf+4bVPjf+O0c2ibRFfJ4
+uSKKMaByMwM75dEDpGW6ujRcioOu842Bzf1KcvTISl5GHajAJq3bFzlyddXl8Qp3
+zArbcGl8oSrehBwBXlZ8lbLh2pIxq4oWNmT3ychQbzz0X4ZqZArOpNzlKImdIY2i
+MX9hhI5JmZIOnFsNh0Z2JQEsw4Sb2y2fsKTB72Tgcax05MXPl3lYdMn0C8REbZD1
+u165yRsUTaddI2tT5c3nadwULODgv1MG3kGFrShWwI3rZ4vqr1ou8KT/znIe79wk
+lgkzBbeyvQ4OGXUxCHYWBzTCwemtSmaRWNlt3ip86q3jQMvPzSZq5kpcWksltzyn
+0eEqM67HKW3VhKYNYqricBJ9vueNrrKnZF9gA06tIsJdcBsi5j4PtbLwE7EXWDFR
+GdSB2KnvIyyWm/X+wmFtlg0VGvyIMF4CKzsB23GohponuR111EDLZAhGRGtkJMM6
+ufUlR/qfiO2TDpk9oBZza02+IEHsz3iQH1oWXAA9rnYLQ2P7Q8JmcT+z8yJVV9+I
+HGcATWdK+6tbzCuPqU5duBe+xO0ILh1pGncORxOdM+6YHmIPGbM8UY9DFk3EGQ3a
+fXpNeKXdy+AtINTRlpUQcbWkiG604lchNt9EnNp8A7SSUrq/OQbio3dzIdJcatNn
+n4A5S077W96SUPTsntWzlWZAR2pIlXbifH3jpkP6QwF/u7wjbfBVtEu4IoYd+VT1
+tXA3d3SMahaX+vJw1p8jDV0xOhiV7/NAA5u8Jsi4gYrHo5giED4sfs0pTDpET6bD
+k5PBSw4NANrDdGpsbJc0MmHB421MB1SE8GAjK0QtnSvrIzJxMaTsuChJxouSlegJ
+BhEyAjoPGXe2SXb4ZMUXmY+f+qLl0ClSGVl/Fs77jIVo6MC+vjgwsIL/PTrDe4Ah
+CGH430L1HqqPSJvTqrpAy08crlr5SlCIv1rZZeVzZctOC26tbxmeQXGPCxhSAZsn
+u2JVqFxprl16OBQDyK4/jrmICXMyRPXOvD+guisQVH09EnJuA25ORf9goovGbpfs
+lWlhWb+rKcFjCg0ueRYqXBfppR8m/NPutaW0kwpJUYpxRWdvvvAqIldn5gbeFsZ7
+e9h2fYKujO8eUcrxpWJSoO0XCAaiuRME8cwozfLjFrZ/Gudw4T1EuXQC9zjHGeop
+SOHW91Z9X7DCxeYaEbC2ki6hVdKeDRpdjyFTTC7FwNPw5vwyLVGWdELpJh6ciXdb
+29WoZXtHC7RB5f0pozNiJGBSA0iHu/q+DvlGuIRsSVzcFNyy9X5Qiq48uinUPDfA
+kh43yz67USf6JiTmVy8kXaMHbR8q32PZuLim/tAfuZCk9C6II32RRbs36FKBtGYO
+p0cPMWTLZARXPSusE3ObFuZI4O7NJiXNphTnd/nm4AOCdM3++wTiYZvikHj7k2tO
+fpWi8G15SodM5oKR+UDJNyWMQF4v57lmjxDsxLX5ACgLyu4Lt+QFP+aST7TLebha
+5Iumrrf38qS30ur/f9DsF+xVBl4dbJOMLlIB3Q0GgJfMf5vd4Inb8s5GULtNN+Es
+3DVBQuRv0qQZW5bLWUAk57jTKrW8R1CeaZOHnzoYiFKgf2aBlE3oUNl8dDn0i3qr
+tBKaCkBuiyb0T7lTpXXsJZ+7a5nPWgPjOgQSWEjuX+WFdWEDQIC9A3/fw6o9SaUs
+j2uGts+AhX1tqmrg7k/8Zy3TM0SJiLwSBKzD7iBp0E4+zkS3swn07XIWdcW2XHZQ
+cyftVJXbie4IZvRuWVwT6vrV7ceBOEL560Zl0zRkUKpg4SFi46MTWBq5mWXfQ6o9
+rIhZYWRaIxaZE9tu6l0BAvNPnMVYzxx2jIphVeEDM3TQ6DQeCuvP+lXLKLnAedbS
+wft0ygcKlhlXPtscaQyCERxEw5FuUan3cwX5tQc5HMmn6/VWHtqhXQjQtMtKDRfl
+I1L5KI+F7R1h2yHDfAY5Ce+DrBKk4+SfVuJrLb49b+kBDpG1gNTOZJ9SoXvT9mo4
+sRw7C4RAf+iRSsjYRHKTsQ43VF4G6Fbm8Ar2Mg357qt6cU6DEyuQ0k0gUaMRYjhS
+/LqVe0vT4WzbsZWDpf6hFkAP0sANu5NHwSmnX2nEd4BUwgTSl94HUYezXKEpz/7C
+pLhAJKoVcAPUnpTsZ/uK+5x6tK2JcDltM5OKCfMmX3Iuj6Ar4NmFFcYj+edKuiip
+hRHcCf25KdMuSDWO9o5MpIOvPC2X4CCM2uVDuCRWEwFtoG2CNbVzlygoYT+sSZDV
+uLJo49tsLUfFECAoIVkH4haePsC5yWaL6FILnLcGEIfXRVsv5MiqAOhB2p472zVc
+QjiVcHK+9i1z6kO7vT3oHNBI1Z//Qc2XuTNobQ9fpAtP4saCtnmR6JWpDRL8Ko+m
+ESAx7OnMIAvLprguxJ2DlFBc1pZfRX7JJ+yjgacOv7MBEUh/AEn4/W6vXqGKYU0/
+1Pt5ztE3YDv+u8wYklDWml03x8N8gTY/4/TNRd3E9MrpIHKOeI2ub+wMCh42Sj+I
+1Z44Zzd3TaEjedigVt6z41ynWfBWwcJQGeJezL8XnQFJt3S7piPIuhJcG3+ljS7T
+zcpf7Z0CsLpMVmn7yIDDzGJNzTbyJTVF0Trd1BboHcy1kB4kchWhbK4OCj1AMZOx
+N/Kvwg4l1Pmmo2XpGj/qTxnIq4NSgDiD8aLbuFEU25b6gWNn/YxfcDxG1+MthV0/
+h/f0aAldoKslMvHtQO/ZQ07guqF3BuCtDGZzp8icWKS1yMt6ZsQODD09t436ZVv9
+jynIxnRipSY9KcBejAThJS+RHCwny5I5hKQqZ/xyva5QtFnDV/xGUUzMC9GXYdpe
+k1j8ZW7wyQSdfhzjo0EMf0vOAQ4S9SbhaOFYg1yIh7irWQ/Cxr//qaUqPwZz5Yy9
+JjZYdvGEl30Tarz/GfM3DtfgH3nT/nBO47qWnbPbHsYWZiJvcBrmYn4eRmD++BIZ
+iJFHyWVy63KExEyVjjbBemFOMXV1S+TkDzN4lkzCYe6gCOoVNjlbiQO/C/ZnBZVU
+NfOibnCsgdAlkHbw6p0WGBw7E4TyXm/HNldNG16ajMu9R0kcaSElvctq2yKAzb/q
+fZyWuhArAt7IkCOSwaDLthiVoZrl+0PsKJhphI6wvTFJqt9PUFnUTMvuXG/iM1n1
+9h6sA0VKdkgsoR2GdJbzkkrkfRuZ3ipt4HBTTD+MtWOzpJDZYuLfANgmR/jICrDp
+FMYs9gesKHVs8q/vYlV4CHKsoBSBAEzdb/FKmMvZnzbglBUoekDbU94JnJUe1J79
++HZXN0DZtLjLX54XqDeV0q+qsvuXiZBe1cafAERlpjTBzi/w8DCOwwkDX1NPeSkP
+lmv0C1e2/XqFjootZ2axJ2xDUdRgPHVAUf4UH/eBcJ7kq///7msFkBx4yhLWEBUj
+m7PzApT5r6gtU+UaGJcUZafIwItdnLos183R3BNL/ZalygYgWH7QPFOw/s7ptUxd
+ottS7jjRNtO6oZvg9eeleZvW4lcQUXAtIHPnpN1vj+K3VMVp2sVBvBw4EYaWMLGk
+T91beIKBWwB1QxpWTGBsGBbpUGVbiAjP3yS42FTgH1yEFlBsKDSTT1rPExTFaCpp
+b+nufGIl7VLoMSMdcJlRAlLLg7e8c87fxY1gxNzjvJbotrVU1xkIzOtUpvH/TtdB
+Jnw/HPcrETPAUQ/p2fS4xfnPerw7Z8sALis8+8VTtxcLc8km8G9OuhckqFhMSh+A
+TohmB8JdgI7PZXNgeGuI8R+uDphj5wmIXXZKysh5hv1GSrJ6rVqPvnV2VEqZMbfE
+AcVHO7Kyu0uZxKFYuU2sXONULVdgSWcoHKwZk0YZDO3bCuzn9u7V0HAKBhQrNiSW
+axm/1pnGdMjRa4+XB9C5zKmKp+TqlFpmUEPBNgSKsmymVhrZOeHA6iIGIpUhAzkO
+MDNY8fRQoE4Bak1BaNsB45QKhXVeqDOKLOK/Q4xK56N1PkEcbw9HVdYmcvb42TTv
+b5jC+dxQM5w7hmea3o/TDnZxxasfRurcePwTaMznGBfEEYKDz7hMOH/CZa2sgHFr
+rkz3uwr6Ux14zt5XMrjzoHTlWFBtZe1ukfpWj4qcQh35B5ms0EoKwtxAL1dcwxpn
+yTY399HHL1ZCj1zslaxyffCBTGJGXey71kC4oB6cp+pEtUM17E8iJ4UJyGCtM4CG
+M+cxvca3ufZr7nsHNmY3gdqkJnDmml1q5cViO0c8rh9/6T0epQqmqB4VJHhKHCYN
+H8Rjw+/MdkLhqPv9Wiz82Im/GI/HiGlIl0Svfv9Y/bRQXZYhimR+ZazRuExXMGit
+PGpWbOTX8tpr3W5unFvrmOCvOKRmovqqQuI9YOQ58UGOUYljpAxNPrSztWnBVmnS
+kr8mGIZ0JMZNntwBAFg4YFia0q66VTwxVpi6DsV20/NsjviS9pvxfXEYSnOaSLB0
+Bq4qNF95u66T7uof3GAH9xOmOxNpnfRGZ5tbHHVUAFP/qbO9q8P+S/pjscKvRsXp
+rBvTU6Pgm8K9FdwftOAu7l5ZDEo6QpSY3KkLnbnGmWG/DLg2fQjE5aJeWhGWINHF
+YuBw5rB9j7diQ27xvZtiE1VUdiyXcnTxUrtnSJpTpPX26PvWihJinH5TXwgrcsty
+2sVp23s4imtJWXqGu8aOXPbkeQjgvxxcgWOgrRmEr/VXVWfkZodk9pFS06ZR/PUD
+P4A6mMMJfq6xkh+lGhAyxbnmbItmPW2tnvt9yjb1G4tK3vsXZLIBpE6iLMF+FFJR
+YOghrfriLo2Rvx20lmW1Na7sEweqxhLx/NRccL9wUv8D0Onib0K21xxuBi45E87U
+QgybDjYzTHjO6TfW7MIHMYJB1jFGLls0X3B2Hm/FymxNWqkBV3df63DDC1FJgy1f
+GQRQXlQ7OdaDdSLh7Kn6sybM8SprPxUJFIGyWtxHZCs7QsB6iZEdncQxLQP3AP9g
+7tX2BR25RB+USI7mfzkvYRRoteM/VflcQjXqUGy4/Eq7x2mbkqEm5uLXmKuVvFS4
+S8wCo6sFs2fxKWHiT4O1P1I9Wri5UO0gfrAdBffWS9cOFnUwRP+IFvI3JWrMYZMD
+cFIRB9oIrg6Qbc4NnV2pp8Fp1qcDxYbOjC3fcxsVhlT/+v4ssY56VBXszYNX8p0u
+HXvsCVWs6O7SiCmrwfQ9U6Ixd8fRVd+IJF/h4YgxVD3xSyoL/tOBxGZ30NZmGukw
+y5PrpKUAba0U1r9cvW44CRAI+xYlaS09wRHAyrSUAZD9p+qy/vVVIaK4i2uLLSXK
+y9t+/dlAw2fwLOKiRCha//3z2wnkdqDsjybBNsKrUmKDPqnn3wZu9AWW4UHD7BQx
+4r5C9G2q7DPtGl9fkwqxCMmfVij/P22+I9hz1yuQ6pk3cKcW3C+EDgy/BgFFoYsb
+0BEBUo5wDzrGQvIe7wlpp643+qY6bTHnK6Ka6YYIj85/3qxcxIbnLVjahRei7ygY
+g7m2p9L3/K0yLSYvBVI0XnZt/IiK+yg7qPOElnXYjnLmk/P581flUTkcoSV69LFz
+mGc/gW/4TEzYzUDuNOnZmBwigO+1PXkTXew7KCip+byScy4nXZXY82M4QyQ6S8J2
+2MKIzOucLbr0eLDmru17d7l4Db4ZwzL3KCirWY8fR3NGomJ1YVnySNvzvR2wzY5s
+px06bvDyOsTnqE9jv+egE1/OIdNWR0fYwzColuP8ITdmJr6D6fZ1jHRHW31k8XMl
+26pmeGTXBCwWeA7dE7Zbud7nnR/mpvCyW3NJjb+nOILIJlvEXdp0THTuZFJljZZV
+VMcC2fnBNePZn/n1bGmCIPLp8Sa+BMJdITdBkOKKnZhc/KThywuhVrEqZ+//Ttsu
+oB3rCarEGvGC5ESPE64tfhnbfPQDWfzNWeYIqNLUMlhM6KjvBavYyO5a8TyoVd+0
+HrIeFxv7J0NNjc3lwVIaXMllkfJ9QDyq/mz9QV3cTHlQcsqnh3d/uDmiCIQnC2l8
+YR4yp9kyJbjkVMnNdU5nSfOpXzzaElUY73r+A3ffOKBH/E0h4Xk6S5h87v36ubqe
+32tonALZRkOEgATpI+sPgyckpyzejHhaAcqy0E58XBYkprezUzCnDDT+C0YgQmH1
+5/EjlLn6V4Vb07+NZsi5ORgdWXLnWqS5k51opUcTUWXG10nOeDLCqEDec42pv82X
+nthFcqwqMJD7s8kKewrmExDT8kANo6hpUw0hFKe83f8f5DsqlGVFizThYlfAj4Ar
+OF6uiwW6ABvwesm6PTpbBFNLh+lOxbJjntNhBqvnfo8p8g9IEVvWXGeJnM77A15N
+88ocRiUxh+0+XptOl/SCGHna3Uz/lYqlXvtC7V42XLMITZlaT0wnT5QBaJFw2Fos
+8wg0wx2V10JUiySVbI1p85MGJFTSJdEsPvoKpAFyxkFVvp8n+kI0FezD7brLAGKd
+jlNWOZHdfjU2G2FualZYeAE8I6IZJDGKa/r0MlRwzjKvyPXFQ4J7NlqQASQ1IW1F
+NC7i00LZYfWTGryK6lo5AeU/IaNVk782qKnmEAKinoRCmJiKUoU+rGGCqZjdiraC
+kILl9t560bvROs0E8WlUHdZpUp+GHzfbqt5JV28QddA85pc2WxDUv0HfNM6t1nLa
+X0znYM7mdle9U0/BtD/ZsCVW4u10/toksgMihLvtN0mV9W8ZoT7sCGWF4jpSCi+k
+SFzVZFh/mbQAFDCySkpKDkN57hsmPOaHkNufQRPiPPVc4yiuAElT4/HM0vTeESey
+83q/5B+13ChjN0BP7uPP+mi3/+Rq9eCG2daJVYJKq93lZ7jS8NcFanWrNdmB9c82
+dk7lDzJRB3Vg7FEPSqzfMpdJ+OxpU4HgTf20sDsneSjGuRe4d+fJVudxN9Zl7GU/
+4sozJFtwx1wtm+CoqZ0KE+LC2bqlADnLXFrj8rKY+N+RtBHQqdg35/lvTXKdEKfC
+bkPc2p2/1WPNPqF+bBwRoLRfQ7JbxRiQdU9SxKVz4zyRYKMO7VHT3toWTeT4JyLf
+9hHgex+Myig+MWdrfbUliyhH+KKbWlsbQbZp/GAkCjq4LI4dPvCS4cRE3CmL8otI
+3bDZR7OOR8wpYZFl9p7f1o+f73ca/YNTYtoKb0LzkeARIz6VfmyqTPzFV1/skFiQ
+lkCnsxxTjkrFz8T6WtsscRAxPWV1h2xC/M3PkgWuTy0X5fZ8pe3+ULAHtVi3SoH7
+/a8+8VERs7uBMOFl7zMMkOSDknVdjQcYRqH6f4Aq2APlXtR9iTCQ7DfbBj7fbv8L
+HHl+XwgLhBdSiL5ikCdwh36j4QZspnZyaMfvpfncLe4d/E0yZvfPTfpsu6xn/ZeL
+zzj4Yus+peQWiB6FMyfl7s1shIKa9raPIwxgy+tClc5fyt1USdiXVjEuQ+Mw0rFI
+cH2duFO86R8pIy7npDOfjBh354wCcLKmYsUb8lPD6ldqPo/llDX9A2hmoT70352b
+2i4jd9qy1zTfI5PRxuvpB39wBiaH6AoyjTudaF0BOYVmrdSArrvrPxU4gYPm7nko
+P2nuI2n/B1HyPCS53oXY2swChuywbblb10Ou09SAF0vHmJojQ7zbrue0yfealfHO
+jvqYZvUvUWo1p/Rx5vrzGUdaigNTkPIWVfD29O/9cAcw3RLcqi03wLSZgpBBMf8R
+n7kcc6qTQk73zED3YZe/hD7y7RUv0D/QqLoVYRUboX/kistRWXuyR8Tn+PhdpP2q
+U0zxstGkRTR6wPpk1LOckSD0N3ncpPnZIA3bQ4pd8alWb9QPO2M4+jj3dtXEvaNx
+H+oetjG03PDl6A4JrAQiiEdbDgAjlN0gzbsiN4r1Usjdd7A6j0H0BbHChrdDail1
+r3Oy1W/2Xe6inIfRPyLvPv00lTiTTptgr5UyVB5t6wKEk1MJTZM1DrlE0u6yMd5Z
+Wd5CCYMhg3qtNhupJZxzgUIcUay4MCABaHVkCoUzohD+vljrXhtoee4uvAQaO3P6
+rNkW49XtMfjwHvhjJ83TX46fi9xebp6ij0UknygKDNAqE8H0DRGSTGMbRDAFZeIa
+nV1mQ0beTdu6j2Bi8m7yHhzKXTDVmcYVhjE3mXS1O0Re23xpVTrpeQG3HAOIvghj
+IWJjjLFCcroz8QuOb9WDtYuPB6airfuqYOsHne4EF0YHp7YdShbJdsL/TGLi9kA/
+33lkU+HHdIn9Lh8pQC4OKZndJbIRjfB/krZvCmxgYxAl1YaGcI1TSMgNc+BX1tae
+Ef6QSjJGWtZ9RdSOi61vWT+Q0u5NQcXBWYpNzvJOXNyEehE1owKBgdmMwhSzImxS
+J1nZtCg0i3mmq5fan4gGN0qtYghNEUgPMgoiAGN12A3f+ZdkRJo897BwlYWZ8aR+
+V4Vahpls6ERAeXluMuZ5bdcmZqHj2FAz0znhRkPQ3H2Li210DPfhk0UlU672EzZX
+8p1Mbispy49FvY6ctxK8uf+GzQxnC1MnH/pW/bdd3gReN1NouNJtRKKtyeGuLg0x
+erUS6G1wXvkZKtF60KruoEpAMA0utgKj52C3X20ZzpCUV+8GwjeWhHQhl4UQNCOt
+kzRKZtTrzDA6J9bwTLP5Jvuyg6SWjJmQCg2m/tGykmPg/CHCsACqvlRkMqMGN5Tn
+mp4nFXVqAiIaY5ryrnvlTUY86Tdk+CMZ1V8tNm7Bn/Xz6QgHapKe3yM9Ta1Ex06g
+1iUrZRpF371nNsRYpkkEbiM+uXOHdQ78+6+HMs4LlUSUNg9FdPRFQzQmL07ZFjNv
+oPHHK5Ba/QiIjlEVWZP16tHhqw17UIZAyQQUhnm6xSAmecfAswnIUHVKiM5WXJ0G
+RcnsUVep3qcw3+J0ZgoahaDyfsaEvPOCCJwYH8m6hUEtIL0azIufiE0T9f89+vSM
+jay0HUfvEg/phaW4mwBJjidMWed7+EXySF7NBGz3EGHHArOQqENAAJQ+qWKQb9e/
+8OBVZ8wt9hsAcl4W2IkYMcVIeqzYmpFCHVeja6z5HnZ4S1b9+T/Q6rWZNR3HZhSK
+KNsaJIRUpJRe+cAzlCOOmhTlUwy+zMktJCGWiGN5siQOkkiuqX3qagXt30w9UPLu
+zMyO70eIKHuh/+Ml4IDWV2JDLFtcJn9nK2VisOCUw/bZE7kZMHe2pX44QWefTGQ3
+mcL+Q/2vCZZ33dSjGORGzViNvhp+bEWM54F/9Mdmc7TMHJUatmWqXDH3YeIExAHH
+1zkNnqwrlfK8j5avHgRmnvFqVyBN1ei93wia4IzYq6zi0D0qikpqft4KyIbW/VxM
+sQsUK18rg3/A5Tsv8WWxw0hn0k0WL+ULFL+USpWIqgNv7B67SFNtUm2/yxrh4y6a
+KAz9vEvnKnekEuIUK6EX05HQohPDFUryFDTAzoKZCeMoeCoqAIb4LxthNdg5fzRu
+LeJXlIg+ZYMHsCuUmpApCqH0TuRPS1Pe1TYluzTSy+LcmY6VNCfjZi/TPzKDc5UT
+8SGhhvbc3SoDsPxVA774QReFQgqD2MFEsHt59dSweha9BHBSlt4k5sHt1aw82kbG
+gaTIsy+ZXMmLeCyB0JX/0Vi8dtNWtK3r5qYX77HELKOi9Ske4XKhBplwzZkK9cf9
+pbc2fjbFeAWVfss1VTflEag6h31TyQDVYJgKfpsIbD8fg33XUALcJ68X+boVpZ1Q
+N/nPPq8t8d65lHiqOGOMh/dr2F2cFlFymfeqOFhKobHuZAu4IEYB1+IRfHI0maEx
+8UbF0EckCYMySOoPz4wtcT457NlvG5fpAJCHpdPtjqRYPh0L0lGrFG5yfpxbxWO1
+L03srlZCwvURQWPVp32NaXm4v6GHeRBHOTe+361GFYVfCNSBOYXh7jbvjR6/szT9
+iWyMt1N5XkA3Gcgt8mDsAtFS/DC3dJUChyjTRv8giD0OCyGalmjeXmazaaaN7uT7
+X/df74iOkJdbF6mQ6pRKiqO8P+0fXvhsu/J0MBIrFHTNumU57P5UyvyR7KW7QdfC
+eGP9yQP9TqK46LHHf5RXcqNjc7CFVipTavyCnXkX118DdM4g8dvAJPvWhfwkJj4Y
+cBm8T654dLX5knKY8prehgHrcPzENWZIDugkzfcKjN0Baqdw6fKHzm1Ms9uVC2WT
+0stIBaEchw3SClvJ2MAzXOxoaR2sfbMduiXtCcxv1keRzyW1IqEFd7c7EzQgV9Al
+wxGPbkpo2BQgtk4+ccdE5/WebAItEYIO4NpyEE8MqmMsicjLDiS7SxwrL44wRGuC
+eVCD3QEizKfoSTo98B7hAgM94LQzWbQ9TB3QzZSJTb8eqPAwNZ5dCHHJ2XlQOqYm
+0Z0CKbzlvUQcEDvi+w4V4jw5i+m/fHmy+g79zUFHQBcR/H476Vp3qy/m9WfhNqUY
+A4FwxzwGGxDITqGqUtuT6mrOFlWXPn22CZsq+qQM5Zmr+LIGDXMtUDZFzvyho2wP
+4KyxubisDys8IY1hpZe7y/jls8CJrRKYFTLbasODEejqHj1Tm+eI0DSEiYgzPIYk
+uHzBVXQox0tbPwZSX/dxMY/GcvdJf2nFfGYELM3Vvb14vdyd0ZZcCPzH4LP0DNO5
+ndddVP0aKkFq32goHdpBT4U2SO9LPPMuL/vjsMWC2kkDV+NgsHdFDLX4tUY1EQvF
+4VOxJH6rGEE+B1Hzjaotk75WK9/6QGiHwY19UxX/1IxLfLw+Sg1Ri7ADZVyp9AcG
+4PQAxmPd56xo3aswl4p8j4WYMz9S63iK/xkPWj9rCjBMdsNj7JWD6LUUvQ2nPKGw
+erY6WB3+U7WipMZchKgOEYDGD38ooLRO+iAOAqyF69aBBlYi7O9DCA2tPzcq7AGf
+ZPoBQUcG15UrWGBXaXDd6MP4pmMdmnSyZrOFcVYRV+sEDXYpYObzj+HSiu6ye3yI
+FXjezhyrTDD1/TOpByXnwS73LbTEA9854I7r66/li0JJ5NCMR2Zc3J772q75xmky
+ydHJHdA/sMDAH+SLSuVw6UMAOD5VHYTHmwpi4nB6sKb7MdtD3kLQkSulboyuREw8
+23Ud05JY/pqVdtx7HauIMrVblUN5fpiSAto9SizbmP0Q/2OpPCKfFN8FpjT/5JCm
+2XRi0qLPPZtB4jLwpqfJQNwtI+ci9dJc2Vn1r9Jq+MxVQ2HswyfxezdIz/ag+DFT
+EjZAOQNQxJI+WLKB7W0ktSCij8gTIDHcMCwVg2fKFq9zsPS/3CL1OF/G0F5QRsL1
+qFWPjMSv0v0Hk2INTIrePf9tx1c+lBCed6wtYbNM0CK+uKxUqw7sUsAO0KkMUNjo
+hCib7xGlDY7Dkl5ODpcSHIBd9hmh0ZyzvD2uwnljK0Rbb/nNK82LWqO7G6IpmpXR
+cgz6cGnm8OS0/sD3rJVJvIAgM42Fo1YVNsA0X+SoRuCYL7dMtaQUD3EGcMzzp1sj
+3dxebd19uOKDzlqbn/fZC8NCG4H8HRtRVsZiTDVTQX32O7cvehNQCV/inSzm5kAW
+AXfUkYU5jmQWYjeZ/FvwgTU2voJM5ObvsIprB8kn5cFhHf1887NuSmmWhLCcyWrA
+aD/Kqz+2CU0Ka5egS34Urr4Vr+G0LRB9UZxkBAL14THavkqq1YASYFBnLryxC2/a
+Ubdhf6SBQ4gz1GfHt0bIPYgBkmM2gTztelgwJQwf8Ug3nDLH9kfvA3kVk3/k7w3m
+PerwVLRP6PtVxOOcns0NcnG8r1HIg1pKwyc6RbRfKuq1LQZ2ODv4D6WGq8YkgMdE
+zEjJhT5g7FnIPnSBhOxkcPhFb1mvvyi2pDbUCQXDoEOWaSTk5GJ/pX1wD8792N9x
+JbK0Mrj0G/hWPOZKMtHpMlYhW3s7hcKCHq8JS7x59jbQx+nwP9oHjoTrxmKpNCEG
+DYomeYbFa4nAoeYy81TnNBSnjhN54YnoWoYkqbfir/aKXVu4/rAnJf538oT+wuix
+YkHrGsubM73uK9wI6GR2JYipixGQ0ZW2+Wt/d3yVnv93iZ/5OE73CoBzQAe8AUeO
+zRKpN0xXYn7aCtRJwLjO0DM/kon1EjgLqn+JZkZolDNXDsnL3m1jRDA1a767Ba1j
+d8Obco79xf/RjQQ1nT27DqKf0xAo0/2f9qlqo9CKa3RKx5P+mSC+n8STh6Bvm81k
+wNCnOihRnWOHdt6dvlVBlmHp3BExYZZEo5HsQIR9gYhcOMiKhH8Y0bXLxAv+T//0
+Y9R+Q3bRb5LwpTHxxkAjAP/GK3Cp1HYk2rfDFG8Zwc7asyexi5voAccCsrFubek4
+IxxJ/wePbHMKz4x/qCb7B3FJzL7cpgGnClSUbfD31K492FM6GOGpTx/KFooGqUOI
+qXVq5pZZszl82TzbGoAHA3A/0df/jj+ZL9kEgGbQMNW/3GC92ge837sTJxYdGDMJ
+vtFiOANg+hb5qkjlTGBMeyz0pVMDA91+31NHrjJQGfCrC7kMlWTFP25vIk/LfpkT
+r43PrFo/fjzX1zXV42fXfJW65oskoWoO3jsTc+cO0gzhaV/j/bHdUAOEmda+nQz0
+IWQeYjojGpfhe96lKLk7QSY5RLOnxCdSNk7uV7dNEnPrwRjc02N33BBTlJA8U+lP
+SQ3nrU7CWo1geXFRn0Mpcc9hORxm6pOWUhw4UbjJh1owbhNJwsSiktsZa7NQad/w
+s/ZRSMKnUQrk17D3vS9GKeoT85MzZGvYlJWVBq4fafOcaYlrvwZG4nyQJrxmDhJo
+zxhDUMeE3KZ5l8gZHvMCAcJdARC/8Bm8HI16ixQ0XxQoebaLcuV6x/aNBb/usivo
+Py8T6XgKmCPRza2xWSu/Qv4koV2Gzh7Gi+14nwfLIaJtL+NEBX9WZoEGmWDjg8sV
+44I47/T7eHPEEhXcNkdTXKtWsqLEdj1ks28z2sX+WYmSKWdYPvlc47OQuv8Bx2HV
+1PiMTBacvZh7AKQmUvCL8LSY/Sgy3JnAw8OxL2TvUUrQhVAwISCuVXVpvVof3NiO
+RZBG/00XncP2aXT780c8jw8vAdMYC2Tw+Hk2Mt9ab8BaTzt4mDp5HcAkoJoe/kZp
+W1lf6+qB2LBuBLhR1bhd3R10i4eAKLd/KFMj/45nWqunVmts8FF3bzMBPiS8To1J
+MFpAyIkZxHDvlRGJWMhefP++fBuxFuyocceP82gQp0S7QGcmW15vh+eBPwitgIj6
+UIm+cEdbXbdVOCfcRy9wUVj9bLFmW5SlBGe35DOtLj7H0BP5JYlhGwKYrXzVef3L
+3hEid2QYUGUUmjGvZQoPjaMS8Ih26LR6atzAiBZ3j2QcLpB985pc3GGSXdnuYfgH
+GZ4zVLn4IJHbAh/ovUhKzvd5NYxhhLcfmkTS4sEv7Intpx8UHY5sJwOqc4Wfy3qa
+GiABx1F1e4Gyfj+MB4wLzPSnrGjNjSyblPfVxyf+4kER9rXlEzIaXfFgBgmHRLXm
+D63TSfBMwsF/JJaden6LnMZOMOPSPpaXjOQBXtX0/5KD8zC8fPOzMw79ycZSu9Be
+fGlpVxlIR8WN5iSWZS2OMONZrgPXDoqhW3RTzUHnt2Q1gM6akXRme84vLRL+NqZZ
+qURI3uzYqv2RBktj8ZsE74/5JKV7Uoc0C/wJlvUqYi2IdCk0divq8fpyQ4Mp0513
+y5UCwyWA2DdbZ1J8j4oNSV3c+vH89UWwqzFviLr9qvBEsnA8KMi6NRSCDjzpeYJh
+xjYVJXb6BEMIT1uvRoqmqGa7m3JSg75qnhncIksyhLeJqLo5pSB0wUGDfBnuF547
+eZuxegIe317kuRXujdCOnY+aBqmXMrCtRCfe93iG8NJMRbtTvUugjiUMW2BLw9VU
+7bHLdiXQNLS594NuP0QN9lVogqErm/FhSNbwkCElIpJXcD+0DPpLNShotqFn0Ehn
+t2RTYqPedOePhhsZAyhvN1w/+UEXNP03Iwf2nsZ1MKFyhtFasgzWo4Aw9JaqHMMM
+5LioDbKFKS2BPpkvbqBIWZK9l4QVEZCqGxfMBZ5XpeUx4oUsT++YGBiHRmd045ii
+uAezCFbQPS/MKWMnPtyYmkjMweTskeRCDElqYmcak3Nq0geFXAIfrSg6Z3cud/24
+I7Z/dXUPOCWk5O92bJ53RnBle5mzFKYo6MYLWwLu8KCz7NkL3vlkeTqkFQKgzWAU
+iaS9IqbLECMfzEfb5vm7hbaGnU+ylGrekAx6DcuVGS14BiLghh40dkFdg3JXH9Ro
+ib9B9JSm6shOHUpaPP7YVigntUY4JoIjnTwMx792daTkxT9sZYbDT0SUuD/HJkqN
+zaFJhd5BzosJ/XayzCNOhTE5HaXBKhk2IEejnHcolyWxJSXOru6ZEu17faLtE4zx
+icrppTJw2ttAO5MoKvkdrJEwuEopjU6q72ukWE6hKlExpbshKNgCUaXU7sCwaD49
+Ddm7JhDlIxOfFINAZ1CaJ1Xp+5dPIhRxe1nSDnr6SG8z/yswEFTqoawxM9TE1EO4
+mOM3G4he18R+UgOKxQ0svKXvLhff2j00waL81S/6cgxezFQ6nNDm1cUXZ4xGJTOR
+Mklrb4+tmp7n57/aZ4LNC889uRXkft+Ke7HysE9YL3NKWnWCM6AiCaB4Cu4B7O5t
+iUfDzUad4TtFDmDQOEy/p8eNhfH9kqFQ9NJVXidPfkA3EPRQvnH9HZ9vx026LS03
+CzeiUkjNPl2nwt5jR5An5ShdbjbDIMtGQ6HcmzmRo377O0eoA1LbgW90XA82K/ML
+Z/Aq1TtcySql5wgxfPfWsw4z3MiqZFl3/gOumTwDOilN5Q1i6j0LNlM38POajCV0
+i7Gh8Tt3TEFTZ8vJoW2l5fL9bwr7keOYOM14yogWKp1c8spRIuMZxioQNvt/FFO0
+GmXApKwp+RDyEH0WIDuzn4UoLKnYNF0urd5byUuCsYePRoxAZVbXDueGUW7KRplq
+Se4zF/653ts/fGzS/UhsC/AZd+s1RDY5zAdqcDOrZhw7vItLtZSWl/YwRWfTSes/
+uxBVRMn3c0DTd9o5wMftMz4IJcJFXq4C0kviSv1wSoKrVgShVoyI/G8phTm4d8Ih
+yPbCPPeb6qflow/JuppwTvVYVZyMLQ0B4WbALTFoCeznHU1S5PK25yYf2ZljgEya
+NUu7y8KCmCgoVlgsNKYeUuKbUfTqlRcOIp0Vt9AdOWycv97LMAm3UdoUQnyFL4MW
+xTH3tBvOsUi4u8syezxn/9OziVIA4zIAcS0l6UmyjDmIRmv3bm7QdNSrKTFXt9Fx
+O4dn330Q0DCX8y1Ffi0v+qaMU05uVDZgLPjUjy6A2l32UgLi1YbinH4OZ77JcDEh
+aQOscxTSsbAE9zdfh33hJqCOu1pNRcCMy1XNvw3G6qVKZSspvdsYwLi9y3LVS1BN
+AlUwDVfjZCORoORu9xI7tUAqxzMdwJ/YYa7G4I+ao6GTNElp/m9CJAM/FAv4+mxg
+e53zYwCvoMPUkFuKjToDyYkA1T5DqUw9VZgp/J0LKFg+XKtjpcrRFZsbeci7Pba/
+QpaxRm4l2SbYC1G07Mh8mBWgHwVyJryTI0p2aaDgYus/jkqK7/ZMsHycU2FGRghG
+5ZNJjTaBbSYY8yPeJdZ+kqPGei78wb5m9zjWSsw+Tfod4CfaFygVXb3xgOZl6Tr1
+dBdhYZwfVOSKLxiNDGuukxSZhLycXmak8Fq0hLt5Fg8cQZ4qD9pL24Zb73yPSjpN
+tex3qgRXDyBYLCNY/7hMF71EDw59ZI+dGLXosrXxZIrOAt8CtJVWz6F+pJDzv/hx
+op3IXRqWPKyp2GRu3OE1W1bDceueiuCqKdaJzbmL1VhFRWWEgKJ49LPA3xTCPGV8
+p20uKp5O2jMr4Qle3ae4MKaz6IH1YwcRrvBtcwKgFDEk0AXFqlgvOUZk6obEfYyk
+rr6y2njA8VIimB0SJjO1JkB7G6Oi9xHW9E2iSR8/zU/Fi7UZ9nll+3kInGPgNhB4
+jzyJ4Cd1TH1jofrpKG5HDhikIFdi5SAk6vpPrQfizfcilJlhHRfvX8ISvimodFVs
+LedyTlAF9m/jaysjRtdvCmZMgmsgUZ6DaI1Bz07VywL5KmyDQN38Hz4R6GGQdB5/
+BDTV38ZUe9y9QLhmCXsQG5xrmSFjOtqdiGz2bI8v+dcsiN0I7sXda1L4ZnZVeI4S
+h1OHM7xmlNLSvZKIUHwUkMjpxplYuxfrKTQtCF7ubqBkTpjzVb74RSthSBCrWHcu
+z3z5rIpZo4JRoLKLlz9IpEuvg81Ex8QMdoH6XbQ3ITDUA/aBIlgOaW4593iGeYK8
+cnAMDHP2TAHhMRlxu2X6weR0mTOhJ2ugmWl21d3tfaZstqZNIzNbuYzo0kp70OyG
+cgBjCWaPgSC14ENte22GFXiEDJoukpl/tDcb5ZE6g7oXT0BLa8U8ID7SxJW9zXrA
+NiTKkrZJK8WgTvChaMc++g26ytO8NcAPlyLQG1BxdCTPjvE/DCCHtdYEY72xyjEV
+EJqDGxPr20QjyRyWyTHYBcofyNHfgiLhADUJiLsgERDdvM7/O8svYs//8GMPt51P
+uFHxNjT4pdfl3cTt+zxoRLpdMkfhjBfdYvfwR/rWgblDmdm38ymUyvNgZ66e3G/b
+mXOdDPCoACsiaGgDlGPO5bOTu8Cw8HC/3jrKJxWG/X/p/djqNmekQWVPLda6fE1p
+amkPby8ZmsVnAgB2IUvR42EYbhUaYEKBIu60+M5q+t/SfQXqTpe+G2PJElHwmdax
+p6fqkwjR8QRBxfuWykna7xod9GCErPh2sGMwTciJ0DJdZlBNNIBFaDECJL5NocvT
+aS+1RnBgWuDV1/cefRLdeTiiwRXMGhpea/up5IA+K7Mx1ugMM8Hm6MlWI4d2Mnnq
+nnJBOpNUq8tLe6IOftY6OEzZPfSGXH0Esuq9jp+7JbGpZO7PGWh/zElTVVrA6EHV
+bpp5x4sra04PL7/LTjB6nvTKEA0rI8USXhIWfqdDp3LKhUEDscA/BHf920/ny7fd
+6S3R849U/n+w21NG0IAQKaJ7P+ZS1ewis/K50sptJBk501YkY5KhRSm1berglV/D
+7TysDGlg2uCe4wb0hwKW5X4UVGECrKf0yCTm5s9WIcADM8BtkftIWPcAQbMeGb8H
+xq+47ugSVWz9M6b5akTQRicKQaZ+22RTWtqr0bcFhvdYJr36qjiRen50GG1BZGnz
+Z3WFW156Uajzhm2OjbZHlh7dU4Oc9n3dtHMCdDXmSQ8PmGxu++ELr1ed/UGm8YXW
+a7xryGV7wb5Uw190bH6qI//9lCHxmTA0hbk+dq+hsgnouIw0Jx5/2eOoZefMg8h9
+soMt4val1G81gjS5JGiqqMCWsIHZ3BFFSipQCI3lmwl0Q481yfjHnK+gevfsk/Ex
+7H4DJLDij9ikteF0MqTKWmbpVfFZUs7S72CFVP80QVKFra+/dhAqSF0Acavmpvmu
+NTVC7VnDJBptX1cHdHkfby1GgQ4j5zJY6YmbP8O01JvmdOFnP/EYM6THOKqvaW2Y
+6hIBRIoDy7tP9BIUk/azpmfOnHdTYG05IBV6SRfq2HB9ewQbcZWn0JXbF+mO4sFu
+8etLRnIxJaO8R3Zi5pPtDlRrW3z3KBiGQbUDYjEjGovyeraPFG/MOuGXBgw43YS9
+YyNamIx32TQW8j9vLufz2Xc4oGkTplwICDDpierH/p7wiDT6N5aSx6yEu6P6/oH8
+UhdTuO1MMq0IzwknCuVP827yS+fzqdVPB54hlATjKngm2W/7Pawk+YdnKaza0YwC
+71c8WOF5Bt/q/5feHKTO2lk8dQfnHmySyOJ2hTxoHYPQ9xEY5BOSXHEkSs2wFKuI
+8Cey6nMFokNbqTrlXR2GV4k0L7aW+/XUwS2Hy4GWIbHzR/DTc8Qk+nWpupnmne3k
+h2/zhI7SirICsBZzR7cMtbsRIqg5svFsIvTgWXFRXB4raCMwKU9oka4t9bhMo2CY
+1n5zn3Ijeu2XHlB+3+S+dM6RiCO6eSPC/PhuiypyAniDcbamJVAjceDux2mjmzGf
+Q2AGwU8vtCIDkErojuszIXXMVGFVJdeaiG+JR4FyUtqkWGDywSv9lwUeuSJpTa7B
+VMmQ0HTz/amBzrpzKZhdfGMjd1DdLv67KDRY5AhR85pxVvyVUquw8yqFobvbZNF2
+dvoY0+0nCMlsir5sS6Q0zxUVaX7YeFd0XEoPGsM5pNnEFvoJ+wU4uXBoC3vOvX9l
+dRGkPlUQCIMEuDZfR44tfNkcsoQikcnluCw9nNV6DLZiBkkSxNR1RMiNQYHuqA8L
+t7vhDr/UzOs+fUMNcGc7tdFO7ttV1hNfKRvwUQEEH6JNvpDsjzO0QixJRgBbgd0C
+3oJ82dJBw7jP/znjQe8M6QIAXQ1THkl49obtKTBz3Ewgy+xgidD1CsxfwSo6ThP2
+yPmxc4zXpOZpnzk7fBqum2afWWhBVSiufVWUJpidTlc2aHMpc3R39s+HTnG0FcBY
+WbxLHjgHFB19gdcO4ysyG8xxFN5YeuAztc4CHXTY4X5US4T4WyGyjpw1iwQlzkET
+GMOE94Za5Y48i8qdAuESD1UEg8ZKGBBo7wha7jiij3BXke7teOWLqPD+F/p6B3L0
+26zi+nGn1vrYwFCRtjm8wyJmc0aX2Ycj8MYovaVtBVqG5OG40il33RYjRYaYU3p9
+9tq/BzMCQ7sQ4SUlbaaWvl5vGYRZodWZv885SDQ9/EMj4fSWK82284trqcsV5PMH
+Q07tOLlqMoOy5wLXxWqSO2F9PFKhjlrtZPUXQyQMz5GQorGK47/ZncBGP5ZJbpbL
+PizmdFxhAoUkoODoYTknwtaPkymZKUv0aVW/d4bVO/UJAhPUkAoFKZrUOk5SxDU4
+4QEtZTqaEBmuasmBqtKnCCBmm81WLBmfelA6ctUc9lhAlk7DEJKi0IieOw6m2qeb
+2oFpy6srP8bbHzLa7aBf0ZUCZcvZegpeVSq5gKAe76/wiPum00AvrAluB2w7iueh
+dmkxhHbEdbMflVNr0nyUq0TgjUUy/a4u+Kmw2dyTjxe0yakA3Nh2wATf1E2MHKh2
+DTiBfxPH37lDZqsnauYgdiP7It1nm/Vn/dqVRW90X1z/gMRyzcqTlNDNIrDfGBTe
+lb6CdOtKPsLMlIrRV8M6d0fuFFhO4vE5IFVvM685y0mpU4DJfuQHewFyRk1c4TDa
+2WiQFc/7CLN/xKvaRKhrhJNB3ClsVjXC2uV7+aXKbXQKpEwQuT+npjp0DkORIIxg
+753+cOIbxd+Y1BJ1KNi4ITRiQCgoc2FWsLHtMIPp75wEWMUai/lrOBGY8wg85YIT
+m3NDlCn7TbCFn8J5PGCpJG6o/Xt/MfCNeB4Y6yQHkWcUd/D0IT1cT+QvWHuWSDPb
+PMTBJjG5ektkZ39DHkEyUsGvtcE0V/29oZRadX3bPAzTmA1YQWKZAu1W4MTdaC53
+cXyDcj1WWEjs5+OGqp+HUDpMeoxIc98+yRYjo8p5+jpu9PrPDwpzfFCGAlF0pcvR
+n8CkJeAmjp4b7qu9+EimxTa+QYfMx0N0cbZN+ZajgmheMI3zTxtSNylJuQsalHHd
+870ve5oowQgCUzpgca99SXrUJnunGp9IAxETCaUrSYyfv619skWBQt3KORGhYRnM
+OtiChEfbb/4I5U0pfRky/6HhAlAQqKCgQ8+EM7WndoUKzeX5tJG+lR584lqGP5O2
+xUxdFGCw+TF1+RgGEqdXdOTOMAQNzAOaI51b/gSMAGqcbh+HJ4f5SZetTfSd0J1N
+gSGOZd8yNxqgUyuO3ndhEs0p4IedM4y8CgHlWHM/E2FPt+9UjRBoilwbjpFdO6iu
+E4CrBeuH37Y6s0bnfTzyLFBB02yuXevEE8JvnvQqqQ1UuZnfRXXwK92WkNQGi/X7
+LHpH3QEU9Ilt6gqgf3kj5p/eCE7wL1RVLJF28LqX772KUZ94GqJ8Aa4fJjwcidUd
+Uym9EEwMkCoYx1TUyysvR8TGruc6ujfdY8JXdiAI4M6hNJoeAsjU0yUTaGSG1OVS
+oYBTVdxTn7lmcGRZlwcDRnUpc8GjJ3d4Y9P3VlZs+F/MIIQFz/6e4SDP0zxNlLNI
+woKLewIbxHu8R2/P25ePw9YgfAupO28Kfvz63auiWygTF1EPhSJDwOKEInfbOqAE
+jQW90lK6wZ6EUI2mmNmAcZX+kimVt/Dll8sE1++T6aeA4rfQQW+qMd7G0CBEw2OB
+r4gibkIsYRKd2WiH/ntAxfiEQ8Q2ZPSlsmjIzc+HW4/x//aHTAYzW497DYcFmJq/
+wz4ECIY8hJHbhkN9RMTenTMQHz8MlPu+lq7rwfixEfg9Fk+rcShRlWhpWW+vOnhl
+MvuRtU3zrlQFdZYDsUD5PIk7ggwJ4TZEAQVajI96Iv5G+Pk7Po/FAiR+eGs2CsWF
+P+CG/LEuCzOyZ21nXPlO/15PD4HSNCIDQL+ISw0z0cXlEmWsz18iGs4LA75T5ItN
+AsYMTSEponAD9G4ILbyJFjHBbwMNf/LFgAsovstU/K3H2oBouI2HRlLiYNyFkamU
+9G45F6ZPVrT5ve1loQAV/AZck7saQhHLWzHas+HislTSrrFcUr9S2+vRJLJTQRyv
+I5HetiW1cCNPtAyNYK0FQv6mYQj01K2VALqpguHSTYz/AfQTi1/sFUUag3S40V7c
+JTnElgzMNtHJTDb+WF2Ln89UALXa90duaD8CpT9mAULny5EiYOE39yo2NItWNIQ2
+Zx9HQcZ1t5hN4/Iv4uDfFQoBkY90Mi90WfPwiogJW+eJf8AOvFz4E6oQjvUq5PEh
+PR54KIOjgdzovpLfxkVvXADX5MdNAxSgpfz68kXE+mrie8zN9/8BLTmcueCLFUv5
+sUgI/84rt7PmaRo8QBG/P6gcRmzW9W8p06XZWVW/HBnMXP0cClaercZrP8GskkuH
+GxYpLO225JmGe9uijD8BDewPxDhVaHuvgxkdsiGWUc3F55hXeluMb5i3DqBW516H
+bAM3JzV4Y+7RqdzWIxaQN3ygLMotwqCntha7zUBXfkpgD8djc9t70n5qw4uH7DIf
+oVDaTfWp5Wueccc2Ul+YEyjmop7sBzg4oXfleXDllhj6Dt4X2PnxvBTXpFNSEnSt
+ztVBQeVzWF76UtwqPcEC5j0attiVYtLyCWkKVnc6yNtoJ6SZtWkXvM/raKGq3H/I
+tN297Us1RPzWe3MfpbzF3tWYE1ITRlrKC1L03SLybLSErpu+jU2vMpsGYbRMoPwa
+zcQB6f4fZr/PStlUZJUwdRY3wvI/ocF2LCyFZOyRH+vyfmeMki2HuEM3gdL9vpHc
+/m00lqOLfs2e0+k29pv0A1bBJ6X72qqM5BU5WUS3SKZdGDHOIGrW5f30R/XPAnB4
+pj1KAAS1Rd4vdZpv7zBaJumkLq4J21d6KfP+U0Oa5Q2FMRZKSjPj29IrvkLlS8FX
+dY7ttKkq4HMX1RgeeHhrZY4BAL195RIRNKW+rcthXLaPb81VsR1UHb6LZnFGZcUx
+LzhTNlvDSq3VrFPKsCc+ACAGEM1KSy+s7zbkcE6BmYJG9y9YGN8PzyigwlEOGDfA
+fZmv2PAhUN2/rfEsytV6n+tezNSxCjiByCrSYaggTPVxuXvsCVylpm3m5j6Vfotn
+RB5cMNiOA3TM8JA9RHlpt689OGep2OVt+6y7eRkah59DzbDYHGpjpkkcvpiRfvs6
+7VctCnlM+yONiPsKb56SVSdhOs9VeWtmGByCmi6zCIn/TT5GpMwoUPco89CHxJmO
+y9+3Kjn12SDNTjTRCQOyBtkqEEH2t+KDSnhjCLwCwymPbWy9w23DlV56rVa9PAH3
+zUnIHihVWOXIfWR0xEIedhv9WIm8qbarYyX+S67uO9RNHPZ+x9fulnJcG58tXf33
+bWnwMMITrNQpay0n6J4ZQ2cYVobH5AyY0uyEkXPnJ1t0L+RDW95LDjC9DSiU26gC
+TAJDgU61V5l9oQ7x3ugbmdXL48Z/Y3zm8GEYLSsVis52E44UuEbStTzbLPWa17Gs
+ebrYwBbBhX2vyko8figBQmdsjPCaqTwV146Zkom9z6ffAq0bBWPefIAuosuE5f1u
+BCtbxsCepasgd5J3gjnm8Hzn8sSbumDPMWFSzqR34wnz/3rkwCDrxJx3Bzbo+Ho0
+YKmUkiyQA7fy4jYWcpNrZvZDzHg6lMSAqfyMT3IowNHRVhXM37crkTVvLIhlp6/P
+zz0fBNa7gTq6FLj6D+4ajnh3Rsz0dwqClNijTXVnjYloE8YRrkKUDCoXVrYOlNc7
+SdieXJgws0VfvKDCh7mKVQ5hswT70qtrAmOcuBAO5m9gDNCBZZeXhWd/YCKQMf+j
+U3EQwWWlcJVUshP7q8i6TrNJHo7JYre6SFGcDPt3HC/H0esuctJ5p5J7vDMZ+Ram
+Y2N20S+Kg4So6p/cZbZyJj2fIwu9KmqVEmRD32HsiVIot6CvM8HwP1iAQkH1tHfg
+HDpNfYHR2kmwqE/FGDu4Li2fMtUqR2yhB+XF7I5/SaveXKGt1zGqw7RuPdNRW/HK
+ox1i2w8p65WuSh/oLuqMkBABuZTILbENd0Kq5+0jfBGuYHuyWll/Ta1dR7S84For
+BM/nS0XaryX3JpLYxRc3TWf67AToSXTVI3JcX9BnCCnNvhQ9r4kiKZ/3R/O93joG
+HxmMrYNrxL5vqTLZSCjydgymm2gDG854/wv080HeB4UxEvUWfQFnoBvBCyT6dyFv
+3/MBQCbejqsXx77AXN59DhTa+cASQf1ZPlcOH1CKl2j67cDFO9kcFuMqAFPWXLaz
+E8MWHsFkphdVfWk4FAfkfDi2X1x7crViPPLHk2LFdX/NOrDVzP81/c8yhcb8bAYd
+8ZQT4N7Q3lQcCzGHHVQ9OjeGLtvrw41qfH3yUNTP/Q1dIr5xwitiz5kPdsnOfqpE
+LqHtMIOjJBdWBSy01TDvyUmqfppCpiSXW91SqZmbKR13t6lzIFL/BOrft8oqJHew
+NYj2TUjQ/l6mGRLwfNDbnIP2mp+YIcnZyQAHadAceiAtEW+FdWFFEAZh3aDy7Buh
+22XuGu5mX5DnrTepTT4Eiq549HPenWaLRMIdvPVWl/D0U7I5h2j7SlOiGTR7GdKd
+PGPmW502CFEJYtG7T4VzTy12f0EkFLwYn+DGsKbd7botUUnIAWTVZuBNNZWpJeqa
+8deURoR2mamrfgEm0BE59Cx9M1K3zNPcXouJZmxFWmabF28k3TF+LmFvSgBvvtQQ
+E1gy2NTsANtdrgd5MpZ0bP6bv5EuDMOmleGbu3t9LpDlXvysQyyleshaoHrGO0tO
+qET7Ba+/xGZt5B4fnMq/T59OIgGF4RyqubhXtyQ1+GMqbq4K5YBXxg6M+eOjbygG
+JnGsgP9oizHL/PGzgkSw472CtkJRqXtmLgurbjd75RxKZYkHU0UJygDpSq6Wq3d0
+elO79eeZcRklFRCQHt/vAT1geG7/MgpMBJqp9qURfza6jgyvwzZ8vriHC2VBE845
+T57L7LaFt9TbuqYt9qsSbN7/BRfzfe0ZnWsdIHsLxOl9kfZCo4Si5g+t6WPSgi4z
+pWyIKxIy+rLTxrrS906gONvTcyNSx+pz62CXyDukN4JBBx85n3SWw75YzwA7G89G
+sbtWksYbk1mI2Uk6Kh5YZc2dF7/3l1+nqUgjOfDWcH8ES4M3Nu1UKk9oGTfbmLJE
+OL0C7DXm1aHF7OeUmcFHrnR8a8kRpidN7kr/Ie47RvAOqXV1Hx5HrAz8OGLrV7rj
+yghMgxujF+1oBUszRQFk2/jBzRWR1AisKn05Fx5Aa4uPTNophLx5Iq40ndcXD5kW
+53MIKEqYaHec+ekJqDANBGmOsVHUbyjZNYDVM0TSf0kqSorl3s9sqvQaL2LmI5Y1
+7IWSrQ2/wg89u+SBioGyB23qn7dGl8gTKKZj2288NimciH2wH59vaA12Tnt2qjFv
+2QHyrjOEoYiXWxxtMa4Upe8Z+r1WITlT5I+vDf1LpJZFSL7oTaxRjgQOuv467lpu
+hq9vnJ+yjset2T4w4iO2wDyyTlu7gByE6QTaz6kTBuPi8MCM6Kj7ICMS9Tnj5uVy
+kZJCoKs13sNTh+l1RJU4Afrkk3ZdmTqMVVp3iXP7gZd+Cmrq07hr31EAcNmzs3ZW
+0UrVg1uqybk3GPwXXGhT8AqySuse8+Uuitse7r1gvMjGUAzowOxjkBnS2zROBQYq
+NdosQmvRtBoWeuRU3gevjvG1/oI6WwPvC4YSpspSROq39QSfdg5s6vuNJ84BYL60
+GNY5q4x+R5bWXQUln5D0/fM3A8/oeZhbvUXA5+t596xWzKW/pH4azL+RgmpUm7Bb
+YiY1Vpl1q6qY68m62T2aHhKNQ8w1DtRBhI1zBc0CQrTv9PUiZAcNzT4GJphyP8Kn
+AODuUzVSw1aRIZjzOSTisLtBP3RM6OKMUrf2UwJ+qN1gwWqCsSDRMX8DrRat9KIj
+1QCMY91HuT39SMDJ/rOfX0BWsWI5EKpDF4NObSirIZDOeNTmGJJN8iX4GGs+8QiN
+X77r5cvAvIeeROW2wi2vXN1w+j4VjWcbPrZwxMu9oTtnRrC6Ilk7qhKvd6JxqVlw
+RSDn1uaSD1yYQ6fmAyntgba/CKmAXOIzfsUCtEQl5OKwr/AMu6MJH7CdBnyrW77t
+mfOmM+yv8U7dPl5ODJaD5BYZFQchUQ53Tyhdh5c5kV1+Z0L9JY0glujF4fUGEg+3
+XQRc+J6+5hUTfRNO/+664wDOGGUaYbVrBQ4cB2YtVHirGysQWhY66PBNfmskMOfX
+/s49dc1PYpMY9tujzhkhs+F2dfPFhDbIwmsflzfrqUgbObqkMiN0BmODdqJwrnvT
+UJSx32T2K405wc4dEm1TCD5nlFOauLicLUaGTSZULLds6aARNgBf7IwZIzTAsQuE
+x0nZGIi7vTctJ4r3Hs/D6Y81rb/RoUSaibWiPXTKfaqVcd5/cYlj6bbdhPYeE9sE
+RkjxZCVZvAB/8CobvWi/i1/n5OKGJPiEjh9SE846dLgpfnm1sWrWcbvL/QbtUD51
+24Ylf4/Q/MXhKBpZlx4Yx4mnUPCbmhm4SRzWzGYy8wP7grkPxsoHgBqS2z0Nt2s/
+8qPWQdkAOunFLEoSxTsqlmkcFe+XVIvr6N7Jf7lYMUT5UTRoQU/F7wta2By9xi+d
+T/RY0UdSX8mSuUjZPgOpapYHN/FnJhqFoVi0do+2WjAFYKddP1EWzunH5+PE4zTe
+nXVviiGPu26xdHAAjCSEEdnbhRCOuQJge5l6YSxoyBALu7JXgvxo9b1OGBISFTb9
+YweLYUyiXX46o0P6tS2bzIp8Ja+7Big0uo2cHK8Lbvr+0eSs+Mh3X/qxZhE1H3+W
+pTK2kFNOvaMi0LR3ihUx3re9ee0zY49u1sFrVODlFWexiV/EQbLQKCKVmnZ+fhtE
+cqCL0KLkQV0l3Gj7JW8O47Oe77dAtjVtNYXvcqD47EY2fIyNtRogHn2z9zjFksL1
+KzY93itHRL5IrlrxC+how5mv8DHA1KjRL/iVEBtQTFXj9ekN2ZMVSl2I4aos/Pdq
+0Gq/X5ijRmTWFXpIW5pK0Yx1rZyVFaVkRv+KmHw9+dWP77WD//AOA5L8dDOSsZAJ
+pYyduzAFC5LFruf7lj1gM1wWFrVxQ834Cx1hFWpB53sQsWeYxUd4uKItYtqfOKXc
+12pWxyZCiVAuOviTNJRqbJ9kdt1LRxAUEzE/GOSO2s11l4pqt7WdDLLsEe6p2e3U
+bhqts2BFf31eRNM2ppL0vZLiEaMxfesmO1DS3vmifPQxdaGFgOKs4qP3OOvok4Sx
+C00wsXFgLiWBdqCDwpDpwJBLc03O2TEdcW196qpVxV6mcvphHW7IYOfN7bELuErB
+FHgvxzKbcTnsNAs4Bu/wSTr6Sy3etJ1HDek0Andc2zVu0ghzJ4TX0UsXdKej+mKT
+wbMR41buZ+DMCldGo2RaH80C1mkxfsUF9jFJaXephFt4H8/7XIIwmDpmvwZ/m+O9
+T5qtZsiZBG+Z4p9GzCPIQH0kIsHxYrVKFSA6eR5fn65No0ymsiyjpo6VVlkZ8rdm
+UhwFz4YAAJYvAyOv/VXS+Q9A4/4No/q2i1WMa8bYkD2NvRLlmMfsQVl+zSgjfUpV
+9GniChPNJQGcPyj2n4sMo3ZOvnvo1xSr8UjvV29HrbdQkD6OOlMIRXt5aDjZonHy
+omG873u9wLXlaBjVzLi73LR16uJmaRNsIiX3ATCHk3UTThM+ZVxqC6mQJ/ncTxla
+D2YWwcVKxZbTIYSH6euPMJQuqFP0vQIN7bYy9i689Gt3HS2LWwimqEnEDaZQHtld
+lSoKCqlyOukLubnxUFRfuZ1If+5VzGb08+2B5fl2O8LohU6zC9ovzHM9DeSlUnzi
+HwUgKCKJRBNiXa4PxC6rmH2onR/2CK+sFx0Sm3tqGr3h4pLEkWbTfSg54lf6S7Jz
+Eqv5imWQV/5hGYmi9RES/DOBRU3X1q3XPxmBXPt5XZzm/Bd0fnSRe6wQtGnPlkeR
+AgfzhWTLB6T9qyAPGhURd0oIynG3uzzsFRo77yu2Nbxnvl+6SMyEczdQeFQdMsYu
+lWv6rFABOYLDhwTyYS7YQ+sE1eReDyvIkxdEb+uuGVAw477XGAnUuviI/HJ28oyv
+FpjHiPwoeTMYAd89a6VcbzQEgQZ09bOrHzesVhef6E1SYG4Lzu8oEPGKI5BBaX63
+2eE6clmYmKeDVeSMscRSMlaHIK1sTwMoOleWEoUf3hMKTN/evOlL966qw1yDRq5U
+LYQHk8YpAIL2n/SxkjCmC+Sbz27pmJo3WR74lNnSP4bFpNG7bZpS3Csjbz4a7OEQ
+z6R3RNpEd+9Q4XWug2MxWZXSa/cYMyeBrA//EGkwGs0rDrL+OBjOKoGy57ztUoXY
+J7gTySHf55qb9r3DfKDEx8Fp8YwhHdx6NdLN1guX3bU7Vi+0uaA5FqYBvNfdFQU8
+TlOtwauTHt0KS1/EGh3ZLJSkojHuGxvN8DVy5TtGKex3LCgDc9C8wqjfaCkSaaPt
+2OFW/hu3p8znxIDBGsKWh+3B2FVa2BvHp1ZsEbHDIzKQtGy8qyOyEzDFWYIYO+PE
++ERTsCz/hGfr5N9Tvdnycei7tTLgY17FS7hAMBu+tpIJ6f+H9iIOT1mPgrN+eBrA
+DtSV0kB7oEUoX3ITKz17mXPUSfD4RW/Kty+hpz8MdFC4DiDKFuyehVStzwTw5plk
+uOvB/k5JOXJxVdQ9NLNKmbv+o5LmwXC/w4GrRWSeWKSmKOZccx6IFP7FfUYC/5nI
++9MAn7xGdLDU5GMXinfeH5gCll5F2DXTSki99VU/D4r8wxV3shArc8hPFSE0k+3+
+IkiP1WmIgdmN0tQzGYJuIXuCAroCYXvB6vyQwOVAhvAU0zy5ut1SJEZsiWxi9lx5
+dnfxq2YQwv7PJu5zTF9bimb68AheLCXvoDPOtyEMqmLICDwwRTxuYIjn/PdTRgNg
+6IvfOdtelCX2StHO9NvG/HuIdIThrJZvQf2/UZb8bSXLivp7YtOVmQulwP50L2K7
+qeP5Z4/2TA1Xgqev1OyDChLxLbWbE7JmDSq6Cxchfr9cDpE4s+x9TYac5qOZ0TAu
+A3XMfZDnku+qrzE6Y2sR/nIggL2HBGNytLAX5NfjMtFqtXlDoVgSE5M4BThqfaGn
+R9M+ZuoZpSa28h3N/MpjvTm8iDg9Zc5sd42QTGXmIp3wtBDCR5behefeiIs46ytd
+1tqJk2nJihcxqSh0w9CQ4sEOJKA+JcCbXmPWNk9Wb/mvdr8MNd7tRWWIG75HWGn7
+tvBhup9NYu4fydR+hbtlzs+dzThi/BAFH8YfyA7aailGrbbWYc/8BV6SBsMplWUL
+IpL10aPx73YJWLCZEnKMoJFbSedZKlF0Xc9byiacwPBMvGGZn71nbwfQ6OdCQROu
+L5K56fxKXx/64GEcjFWOzFnRTshbMgkcDb7B00QurRkqT1fXRVm9ihqAzkLDJSak
+B9xwGhMSgHYvJfP3jfaW46R6HH2RN9fN9sgKhEilnOZ8yvpKq+AljBDQqI9BfXFH
+EjfslxORrDzif7suJrBLQzwMn34K6PqK0G/ha+Yq/9tV9AGCXqn7LpY4ib6CwnXD
++AS/DrM/pGtySjVfCCphROQ7EGgVADf5CJ0uH9uouYphemNVqQO5yZKsUSLwiPma
+WKV+cFwSXcUpxbpZok7RPd7F0INiBEKO7ZVHtk5BPtNiIiRjqzQ3RCzaEgD0S1DS
+htJubbAbztYyGX/UynMcSz6sO1f6P3+SJoG7Dgjx9u3fVgyPEAYQq6Gpc1r+8XQ0
+tDXYqs6d/tqgLjUg0Y2u2amHQOK/+OvRpm1xvGXwpNlObhKYMRW0WZ7S6F//2dcF
+bLFwZhWvalvAV+mPdmmBe7QjS/CSQUOtWTAv4RWRD+kBLor0EsZhrzEdVqLF7yaM
+KmLH4NjnV+NvUE4Fwahr175pbRAIiS86t4QMb73UcwDu6TLzIEjBdAR0k4yBZPb+
+S1qkPj3EnZvbHO0LT1a1vNVghy6dYBi6bdFaDGcF7LIoprvYqfFKHFByNiuHRKIA
+NN7mbyZ50Rqlco/W1kALxAPMncKCOF7E74nnPpgosre2SQzwEpbnIMRCnDXk1YfJ
+oshU9IITmxeunSmaPeGAXta8ughblPRnV3ZQ2M1CfYS91UKnH+3RVV71Gu7QjbCZ
+1EBd4w9wKXWT4SJHmh7Wlet50rh5cutjKTHlHIQgout8jN+8i6Wv/S0rN5UIAZAS
+NNyUbbRDJbROmlW+z3aE3RlPHWuudU+sAO3Uxxsz40oi1vqNXDImPmPA/+1L4zPA
+T9eokg6cOnXMFxcFX7aWhp7AlGV3elvKHnNvrUZB/123b3qbv/wKMf04avDe9BWO
+JqcCrrZD0fRSWJqPPxUZsiJBFu0l6h2gRyQfsuxmN04L9BehAdBptD+93mkqyYLw
+hl7x2JknwLC54gV0niE5gS4r203RaFbB4P1gF1t4wpoGIv2vzewSir7m6KBtyctl
+9ctTX2TqvIGEF0nzrWd1Ifd2jfFQ2pZUwnLAjYSaY0m3Z8OA8TAAp6vnbIwEg+HP
+lxq7rlsBz0uDre5pL+kJ1RElcrJpgeJQfgFtOV+DLQvz9vfa5bMw6L4Zq45HsrFI
+4yjO7ObxCrt74i5nlsZnE8j0nCKQBLfgv2GWvFccocS99ABKrUZJV3nAaQMl/GrD
+6fLORFIZkzQVi58aOjLxwE5RNoV1rGeZSs3U+hlmA5Lg3Og+Ch1jMF1p46A6mIMx
+Y9VNV7d6m66T7ET7zbHwTMrkRw0N2jdi0xO2aRIGL/q2cc9nFNV1yFAoSXF6YZcC
+knZKYzaom9dp2zlLjEqPKvdhPovli95oD+bJLbov6Z8W92GbIVKhNRxIrNE2Fv1x
+Vv7XnDrzB43xDJmdGzsze07i2ifRevPLF8HZr0Pa1AaIKelqvJCTdt2O4xN28NtR
+nFO+a46llz2B4sp1Ifzq65rZjA50f8gFbmFb1SwvoOGPAKhZJn/meZof7YjSSPxI
+bi1ufhTCygyuhlko3m6REc7NFauuoKC+KfzM97nTeTfng9Gl9pezZNsoyRWXxOaG
+YAaQGzzwlbrIsCpwMRDV8XmOCGVtb2FrHUBx5qzD2HPlG9/1OGozNXouaejxnvyH
+FCCf45KP66bFL4CahQRk3T8zQV1cSyPkBQ6vFqPK1ok1twX+aVPGsi/sd1cRq9o8
+BwPQTH4zpK21F/n5icrpjZL7vRTegzzpwvpaqI6LvcFiMxZQHN0rAm1tUUiYRf2z
+6nou99HLe+wgIXqeQhT9+Br6efJDxv1LBdhP26u4YCnanpWCFkqnGk5Hqwf2XBBX
+ha51qFQ0b8KhDqWBU0Zrvy1SyQ3utQGszHQScRMIKlNcgxE58B1uGe4XtudpgQ1N
+C5P5zsrN0abgkBKLY+P07bTbalB4GjV4pSd2sSNckkgDif7bjta2HmSMXsWE0zha
+ueomRnkW907X9x7Har/t1/2syElwpaykmoTQ3/pYzcnv920/OvHPgcstOq5hC1Am
+x2pLgls8apwO8T5D0nDXyiTIOsgBnHShCRzNtjMXBQamcf0tZG4yKAk0339bhNCz
+rBO1RdfR86l5HSc41EAZgNjNNtxg9UG5i10kao8tuELzqQoQz45P6GYXh4CyBbGa
+EHRtABNHOhjuv0okrqJ2kG2r8E9KWjBfjgjYssAhtXxfgPtqyUJ3G07MEf5enCoz
+HnGMFF5pBStMcJJ3FNSX/gxUBbrZUGmyfMNMbGRAozlYzhWCTiEVaxIAj7P4cYYW
+tDnGkm7hijKU9Fy7OJ0gv47VHxDasWzMwoF9Qg0qQjCC/UwO+VToXjShdVRv6M5W
+yT85C7mzfLyWNjhVzeIgAjDXpqREw3lLOmBEIShDkJTirMLY76M1hIs9DpMo9ZUW
+mTYiMWMNCQIO7yQdvhIttT+9FSBXSdth6ZFYQi0DsU2vZlPnUl/Ky+5PTuT/FHDh
+htZxX5CErDVFT897H1ZVbl4nfQ07iIGJuoSHeIbXIfSGcKA0jGR3gFP3SV4DTpIa
+CdjureoaI1JXBCyHd1ubnbgfTCNJciglIOlQkDs9cgI0+NDsj9RdXXCZ6gfGpWes
+S6SeZacEcCXMd2eVJ1dc4IbC6zQRwg02pYWp/8mGSu7eocSQHSv+7WR6iAraqaER
+ueRpRPOY8lMlBu1kJsiw6W1qgDfbgC/G9umf2D/fHK/VFXo5xnlN7tPI8Ly2ZAWi
+GWgH6UxyeXg6eAnhkc2OuJMoE+19kBR5wEwmQ/jaM9mG6YVW/OJ51egZ817NBfUS
+o84M9iKVkRU+U0l4n6ozM1TfkR53zxsAATyq8VElM5I9r0/qtP+cpuHSiO9SBOY9
+D8yei6+aUb4eJiQl4cOvzDXFtg+QoypB+MG8lTGO2VT/KzPv9TAQhZCmsHdoPKQK
+YRGkTmSEGhfdAs+UX1IvStmf0hoR2ymi1E7nAMdBwt+xnzj8vWxQG7N4kZaQL9sh
+Ymqc+l8HUubKVj64D26J4Sa6pzoVr/suyN45yomxKTef+3I0iCL0pm7MjP2z53Pf
+iEYyJeTshFGvji6gp8Y5+wBQvqog5elkM9BZ5DqHiK1xNxC25GM+q9BBEp8H0b0i
+ULHKyjCumTP70GbmSipYxTHVbZ53HZGAT7aXCsJgvxlmA8RPuCfjTwp8EkQCmV1H
+hVg9SRctmMUtyxqfxWOL56hlT2r295K82gh5I5P0cc/CBASD2NYFdSPnudSfyoqa
+ZadNpaejdfoWOicW8JSuBlhAp8R4kKIeowyHkSAWTxbk1eF0F0Pe3gHm6Nejh7ei
+WuYsGEGDzVrZGUuuYhcoctni0BHl1rP8pojh84RPnQ5POrVrX7IH3uKjUdnivzDX
+4rTF82nkpMJJ5+bS1M2IOHoAZuM71vPR0Fy7+wP2+iuKCb94V631/VmipqP0SB/d
+Na/LIwn/UVeNPCSdvob1FZnXkuQOEFAE8rc65EqO/0SBUKK21oqM0oGEmA+P3ctc
+mnkjmuN8J7NxsdY+YdRtAcidaWBpHQhCDtIGOhp95HX472CzrrdP+0BvZUeRgoQW
+LSgDu0vncvirbsUMX4oLfKr6ZnOZfLN1Idt/lRMT/6YLKdDC00jxOM3dXBo1f6sE
+d7fj7bT4f3V5B2CY1bRaaoJncKutT9yq8KCqy6ieifdzPOveVf5u14HjnZpGHnSD
+UI+hZkRI9/kvL0kjOAWDiMMDxJq1IM728Mqh2Uq4ErtSlqUuoFk4EXnRmpyegyt0
+S2xa61NlNTq/lWDufL9dqeys3f9fb4jLhSkawONUdDa2lUgdt8GrD7agmrg+GSV2
+9248wC/2DNrFW/080ScvDpmhLWpHGvOGUs4K976ljna1B5KPmHS4fYjUOqQVoYco
+DlHbjdo3TsF2nUZ5OzjNcY15vgTdzE6aMguBoo3icQKCLOZnCqVUIVeMLYCzQzz6
+hcLpvR2ezH+LbKJ92yCbWeqHttfFCzJ1fJd1r+1yKnWao8EmRS/KYB1o4/UJTzLT
+C+OwL+OF4ChOPXTmpMAHvYK765omUUem2zxRxJFOeqCk6t3n49G1vZcDi2+VflJI
+nRxocp4q4MMWQ3wRXMe/lW7wpe/B/Kqmma7NvUuZaWrcwbE5azsVVlfyj1Vakrtz
+8TfMafzKuZxVHgf0p5X3QClZ1MLHuc+rA0DKnHUTP+bOodbsswP2MpbHt1cvS+9v
+BOalL3iCoY5x9u8kJ4PW2ux+Iy3j3OdwWzDPrUmnK/AMx8r0ALZEbmRHP57rCJ6e
+yDlmykSvTDWbVu8sgUQsS/+o9mHSV/TpZ4RSIbzJ8kxamDdK8IerAXMizB+8U/M4
+Xc7kUmTtylAobuNvxNiFv3HfZBW4er0+60EukTz55EkZNHcwOagjCQX39zFgqTlu
+l0vmTVJJKbfEJk3CEOuNK4O3SzpssLAZ11nnY+b/VE661AEarHO8+m6NCIUmJS6K
+XUcFyqNbmw6+WFRlv3CAE3hSYsS5wMa6YOVrlvC5UoGOflrSBWzfl9u+WjifPMV6
+T+dLwznpXgNYxh780Px3kuc1jW6812jTfcyAWYe4uGM177btSXZCZ4PHiwLGkE/O
+B/yRRWEVo3L2wnkF6kguwJhPFKtcJca5zYdFcKYkXNC/UaEehcB8A6SUD17DOalS
+ogqQj4uwYAoUg4ztupokD/+cpA2+P37XGEha9U7HJEqVYmfdVB/ix3ow1S+GbleT
+W2xSgP0M5HvkOPmYQPX+vcAW9scneYi1n9PxLZjZ8hf6JEnCo4NwHJtej6veR8x6
+o5Zfvv0xr/EkOhBb+EEsMvqvn4XaGX1MPIz2e+E2MMUR+dhkt0razwhKJjRx0ZQd
+R5FZM21elnSs3fSQOtfqtVE+AZZw4RlFoDRrPDPQoaCzOHYeZMCvxBW1DTjB948/
+kJMso5R2vyqjNGWAN4l7fUIcE2Rq83Su18YFtGvcF9zj+UF8o7Po+vMwWLum5yVm
+SLXMGZ2euRaJYH+mOl5vEmNcohZL0VJn1Ybgip1Rq5vO3xv2uilerqfbl9Y709po
+zMZC1sXxQAFmKYvqsHYSVCqUqKSOF+Z9GbSL2Dp2+vhJM1uTbBm0BAF8dnAax5wY
+Vn6PMrpL8dL9BqSXaAFM8jCYi7v2s/lx9FzGGyIWLlQYRjTfFukhQ/FDnoaAmahq
+Gd09VV9ZRtOEOJ7IlJN4AqJ5dq6zix3yFSWYWFBzjfYN+pOJYqaehuShGwI3FNvW
+elh/qkktRQ4p+PsyyZOf6hUs6Bof6w/M/ZCnupu62iIouvNxkhbMuBJalUlxfr14
+zntCl5fvb5Lt4AEPbqU/gIR1R2bHFepkZhGMlNfeCg0n4zzMkIWs5Z36hbTawupx
+/nWXNoMWrLbmPKHel7qHJ//JXx5ojbyUZ2svAB26plBQi7J4aAotgvxYecffIqJH
+X9EMDdnkc7Ukz6s9JVVnNB84MdgM012Ve+mbxE0sxueF25zbNqZYWw471ePcLIg4
+79lq+/hqodCwwp5dxn5tVPUMGf1wHI/QRkJcOC6HSr7t4Z/HSvzyKVsGmqrfODXc
+DZ0OMrrNN9srnHr6J9wlZA34/ib+0BvMMWfXo3M/FxlBxcI2Xk6ELfvyBj7TXFUY
+QVquQuBsCKv332vaqKVIsiy2SEXmFwttXq5hIvMEUe8r90Nr+dpJBhMS3m61Bwu1
+UnW4Z/nZkT1ByfI5BJBp630pCZ+pTdMMoEEV4XW/bJeG7tPfvGJxTaMEJ3Jk9OFD
+LgKbM06vwPV7omzS6Br3EfzbIGNln3B4gYvtEt/GjAOMxh2lJqxA0hKRtOBGNF67
+q9XEi5IHpoZWV+UyRJCCxw+nRkYwSw65k73eCC8AKvFXJp1vMg//0dbXEDBUKzQr
+RsjhifKUWFDXOVMLMZfafq6IXF8gfV+TA9aF+pFAkZtTdTk9YHJBf/Ae107IFsG2
+XKGpXPurIBp5SZ3Zfx0a/2fzgFTcbMF5+LmWViFtpR6+1ofxCvJotPlz6O3Nhytz
+xkeHUlFCGlVwxPCqQ3MQKDrC8jT2p9vNgZNb94tfQf0CcR7qdn9CSRI97545dhbA
+7ixCn3J7zCUoUj2LIzZ/Cd4RhNWzgECjtmtqPn/NCJ5wG9cW/yJpiaRuvmaS6kId
+Zh29bx7lchEdprdncDUI36SQtCjSQC85gJtM2ivD/x6j65AYVnn/PkelTuvcfbn2
+igCQ7CnTMcMxLDvNUjxrrFtqFd8txKijEXmZu8P6JN/KVNwjy03+uGQfa1+gKU1i
+/kOHqC8rJJOnLlbk8E93qAndoHh/2x68Plfl8lu/6cMyHfQRvSm/Bqnu5cnHxeMq
+8ioyIRE5ajVLd6hb+VLXk8eZfJRISAOOZxAkFAw2EQF6MSXaYJOj5bBVSHhnLEAP
+noH7juIJZsmPv3EdyjZgIjZ+OCq1eIwYaQVJSuwaJOWhbbBNc6N3V8s6jxeuK7ui
+84z/fVmBJmOLm6KgfZldshuw+bVMKeFJf+KGQJSZmsE0eu0EPGwEHoCGyqTCVFEk
+rNPKES4fyHkw5+RpUOoqq8hR26+Q2fPgJ7+dUVtk9HzNQnUYJvtYJI5MPEQ82eEg
+1YI6AAAjSpm8f13n5bZROQuSGiAEhEDR8+h8TZDOhdBNuILBaW+SaItZW9C+mJka
+od3eZ98QMuB7IBy0fgp9JncOu92I6LEAJq1EnTG/RBWx6jDuCwz3+KXxya/Qcdd2
+XyWT0aWwJyMB0xdXzQDBSins5Yrpsusc3FH03jc1Z2fnNDFxIGD1GX4jfHzm5zJA
+4sUOE7ch5ZWfhbfOuisjfdr7EdiRCTU/R5mwoVaKqFrljqwp0+BS9cNCDNEz1Pp8
+l1IBlQmQkB6XiY8/nhYfEf6wBLRs3xrkuwXmxGxnwqhsFv1VtA9Vz0FxHAkke8mF
+hITDLFUKuMwGMbPMA3TA3XBlFJ7ldPRpeFakXeJqxubv4yZwJDnIsA/TT5VrKpCZ
+jNq1j9QChfP85yNDWXDsvlebz+b+NUGEHKrbXQTqLFrHrxC1d69c6u0iGhRz2Cen
+yj/ut6oMzAkesgVMIbudbbSOOh8tf6WUZswGZ9cMmIw95Vcl06h+Dyx0l6d66ZRM
+fQPiPVgskB+zqDfjSvRzct7Pac49HWklwmizsywnWQVMUYgwEHIIDfMZOtUbj8FF
+7oxd8T+fdefH479kj7UhVQAGsPJuNzhLdfkBvmR5HXV/gBhO16hToCbxkNcrlK3/
+a80qN2RyOgcglYG3bMbrJi/RLpbdO86WGFeDicqZhpongoGYxf/yMH9SqTmtqWwq
+ADVxpTAidXl05rFU+gK7ZcqOklaxi4DLU6Kv+65bcwk0M/xu3GYIFo3UjqyZaDc8
+wQEgA1imfUs7jNUueu8QUP8oU3cDWoqP1Msi57vA466c4VZwy267MKeqTaC2brZA
+2mbxRnBK49AecpdCxfXeDC7rvT1ykKm5j/TMWQMMNIwqIvTLmNOGJdjUfO6WOG2Z
+Ei1eEcsY4uueaCmVqLjdKwrTc/5x6IwFtAucUBtwTg1OoUiT7i+waHAvX7rX72Lo
+3PVQlRwZkM/EqjbxCAG0+E1OGJVRfsyYtQaWUlCtdNhgcvyjgFBLlT2Pl7xUm6NM
+QzHrIMP8llW9Mmu2Y7fwlbGC3M9galTqwxNK943QALHAbO0cl0XXKYYSrQ/yXNlT
+aAcA+VpoDMQP0xOvr1AMKQHTwbDADDFPpDeOylRAZHoKojZm8oPvtSt+uzOmZ9MD
+ls205dcDZVu3ytHhZe6uv7AL1TslxfTMi/Ux+bJTmLY8bjgHZjBpwdc1LLy5y3Tb
+gVCeEYa18ObrRwWVu4a//o75xAj3eLUOKxIpiNsPmJjdy3XWkDnnNhSiNgWjV9bP
+s+9l7YeyMMQlh4bmOyZFPDfFnPFscEgkJugqKRHsc13GDPhWWr/ru7wtfUkNtMGJ
+nHMjxi5DIR92exqoMZMzv94IgNVtFUqpVdWigZbI2uc5HKCUS6K+Zptg3j59pVYS
+ofJl0JRxouDZqsnKf9k+SPOracupxbCMWyDp0GwvPtsMqYCgtEFp2pwCgGRvC1m3
+tcjjEKF17W8pZHiHZ3lhOBktpXKFsVO2KhfrLF6JzuySNVXt8vGONuQ5TUTP0RGu
+IP1LC+uVDRIuWDWjtHAoTJEePgjZyGuhSc45jmX0WkCNc53UG+UMKaTaUO9jixN7
+dv1j6GR20QETv7Kg6tR7aEZWSE9pEqAsxzYI1kxeBvmUO3fnHzSq7WOL8P0A9S2p
+yMvfDsW5tkGImBULkGdLtQMsMTyVKZe8LDu0SwX/uXbr82/RVgjgfDyG7c1Y0qqU
+0VcGmjJkWKWWuf9TO0zcmF/h5fWcCHHpWMvx586JA/8NCPs1Rf6ayhm9Q6iOo/Zv
+dbl8rGe/s7fFEtMdtbZrg8WmCRzcVogNNwybeXmTcuw0TWJ2+pbXqvN38UN6PKFi
+kVUAV044VfsmbJf8fs1nQhRs/DC2IxyDKXi5RBYftEKeWBcrZAM0q0LuTClzksgV
+nS4mBL4Yv/T6juW9T68hr9EMbUwngyrK/aYwBLzlc5lwrzt4XmL6WPjHyfZK1EL+
+7McFDKUYcnZaeTqdo+ixmD72BfAhBxU7Ja5sJBcMspUEABwPlbOPk/lUUqB3A1UR
+ba+8qsoIuRcV2dW+czO4bakKUCNGVkdqaaXaP/fkjuMSjuyPBmEJ1cLqUNm8nfmU
+eBOB7bq8knArQoE7+XUwyIKyiPFZres3XE3ayNEzJ/+zBtnfrTimMQo8lzL20Has
+dMmdkN13yonB3OSuq4eve6As8qc9o3VtC/k/u/n5BSm08jUfT2oXwCXOf62qnoYU
+L+57iSOIXXRVHFTfoIfpgW+0WQoIG1MsmhiZWKqp1mxWuGIlbr7FVpU8zzcHROdA
+HvVZBoSvsCCf3on+J8ee58sgJWiQhDWCQOKSlRcBgdn45CLTO9YIe3wb1ur9vy9A
++8gBHMfX7lYbzdeldI7K9etNZJssx39mahmIC16EfG2dN1arUKBUV5UIpfb8hxTy
+W7pPrT7lw5l6s0PaWU3eEdeZ3v9OMLf+8D9O96/5dh3WsL07m0KJJfZHy9zcKT4x
+NouIr5xO3NpxUVSdMsANYfzt9GnJqvaQ2ChorEOKet0uWd1lFyr7+itjVcOVablu
+RsPAyUvIFAv+tpYHQcj0Pe+CMspwBf8vfORq3QORMFnuzMbqJgjjA8ptso5/5TWh
+T8J1UUeXESxddoBpdJ28dHHzeEAxFd4FDCoCGl4jo1cm511nfDjjg7uyNLKyDgE8
+lXNOsCLEKnlgyNrh9lmmBTw5rRhcBZ4qNSZmZIrTfO4vo91BTeT++vXb1vcNa2Nw
+MbnEGDD+9lCXvOl+RFivGnqvNaMfT0mMS7mQlM7eib9Pv7Kr1IBx3eqRK0jSEIa8
+uojZZ66TYFCXylejEFQc5AREBTzues7zaAtcNiJ1om/GJ143rI+xksZlqjBfwdbY
+nLEZZbwGP8IsqsuSmFQCRXobPuwwaIzkNdDmG0D5Lz7MMMhTGTiJdfLHTz9MVQAC
+KOfUEWj4A1U8DIXVAdLF20XDWFerS/PRaCbeCJ0mYIj2vPjRa5omIvuEHUc70GKg
+K+byWYmjKnc/XiH/SDE9GJb7ndIN4mTIUwcHlp3ISsvR/dlhuk+6LTbx4cemSnvG
+6AHwS2fucOFC+o0zDpzkWTi63w+Cyv7G53ul0odX3phZ7iuBe7wUAWQHIa6fZmSm
+2U7Qbm8u5WZ+P3NsvDsPSxXFFD8qn1hzHMjc5RzLDqq2CrA6JyfE9a74dRU+uXpP
+//o3vm3bR6A1rY/Yd1GqKDyGcxwswk/S86Q/HBk0BkkjR0CEP2ch1XbNZLtKbKkN
+WbrS9BQpUZ4BDrUqLX1gP4SZfCqVNEolwUYQRV13Kyhg29cmxNrGjs8Mzf7w5MVO
+n4IcC/PBZrifg+90zKLRZySILIplJndSAb28dHcGThYZOwrZ2N3/2PPY3S6Oy9aB
+k95Zqx+kNL2c6bi6xuggKCQ/NvG0N+/VkNWEcLazNtIIfPlAyLY0j9qLtBChM0b7
+JmxpFY3nER7yJYV5ab66RKzuao5bXl/TI6d23FZhjFLkKs9X97Yl6WJE5UQk5jWV
+luz1KAfa5nEzywF0CMXLBECZ/Rvcm1nSWkgASbQYNtyYi1ccSuYRNKnnBbPYVgVT
+me0GIMGCjcQ2l/mWAS6EwVGsGPYJIJ3Ak3916GarcQeeW9HVjeYVVBhu9xwFOhfk
+rCYvQ4p9KPiEAUmWmapI+Gz+Mp7ub4b3yF1doOQ6yd+Yc7X/IS+76HjWNj4AV1Cy
+yX/Rt0+d+ucJ96azcPBYxxYscRssi8azPD8jayeVovQU50m6y+jysaHta4ulijnD
+bvk1Sn59yyqb8vyImCGxOhJ3TAQGMVrlXh1Y0VrZpIhRSIX0TT6ZJzk0XSR1zHlr
+43lRI7o1PIx05RlNUV0fS/ZFHahb7+NexGucgaU7trJ7szXYzp/WJF14SZU83xld
+rLvZCXvwoK0C+xvJWaj6na8atBpVCZ97nSwFZNLL1BTFSMgRTyWzaXKbZoIcK1Yf
+Hk7f0H9zEPlOafqWIe5F/Mm1PM8tckuGgswWZ4X+UAGbPDcwP9Kfl/j1/eOtgogw
+5sIk4N/pqjcs3pEinZYKQxje0PAd671wxO/9QCBEyT9m9qANsxizLQ23EvZKTjXs
+W/ytCP+pfjZYsATdbD6XqJ9FptvPsrdue0mqrcJXD8fssqvAjrvFmb+gjZonSY/K
+T+rvqFMlDluUN4fHt3aXJ61PjsgGzs+uxgWbGp47y2hlsMx7g/7sY0hg8hDnIv7V
+u5DejLQgdV6B84zJvzgdioMvd8E9ZhpT3lwaR492MFoUjRNqbwD8ZQ1g5PDJgOPS
+DXxxyQGR/0a11SXSwDoc9as4MkZ7Em9OfJJjBtRvVLJGBMQZm120jxqNi8NF7yhi
+LOzKGx1xBetRiS2jO0DwaskVGHFWUsFa9NjKLu4JWnQudTTUpIojWaYMIP/Lclyr
+CmEvfRmO09OdHQDQnuS+eFK/+VBY6Z5kENXUXDO7aoWsILG9Q3O3fwn/02aqAJlk
+rBSHJeG4ZABxyha3AnzLv7HCfkL4Iysev79+aD2bIlzBZuFPhLnHTuoZAJca9FeN
+GbRfyHhAcg6Gz0cPWwy7w0pdPpONgIuW3nYm1D8RZHboKL/8hXoZYgNMZkJfig2A
+9PSUS0f5QbGDHFfflOCgmNbTdIkvEphbA7yvO/+E+UrOO8XMBxQp8o33WZ0mfeJ7
+ChdGo44dAltmc9kaQxJFDzyKfRliIBpsq666Dbxo88A698gtcnlRAZeXEuzcxnAl
+wdUoiTpVvsk6XJrszpTnetyq2CQlHr3Wk0sn7XbEebho036mzFX2tWnKaHJOGymq
+FbddVL2spA24uYQ80MeQV+s5ALBB05wJCUX95rvKySE7Qu7DehqJEl85CZtQy+oS
+uFzfcx7cAYm5KY7gH8mvqxQXeZjE4ZF03TkskdGgMBFvlH2ZEOi5mXcSQ9QEtvfv
+G0gL9hVWn81OS7TI6b+aJW7tpYesf1SzdE2tBOcobyPIQBMsVkgQvOj6Gd4ST8xO
+tLlFhV/PqmXWMxWYGy92/PJke0csGu0BR4TtpPNCKIM80CbSPYyau5BpV5X03pBs
+O7pd9ZjZEM20h9ouJKXXO0ctbjwxeuOCPlIiPFU0gTYVUwrTwlr/Zumjco/B6M/3
+IoIGvwwRgZN1mAr9kjvwRHqs8slDp++oD+mvopCA14fEfR4/VjOh9Jlf4/j8bSBI
+QKiY3IOGc+JWmLgEJZBq5g9RuZY+aur7PFV2rcZJLK1bA9AvwB3OFoSrk/HowENP
+3+YKdVsMrTGDTkgDwmGQv+QdUJo/WCelvg2qX1dXsXpec6s+ZgiucJOdTu5/3HD1
+KzW72gavb8j4Rc6R9N9oE2bSm1IdZVPdi5hLZm1CJQL+wjr4tm1q4nAu9NO5Px/a
+NpJDlg9R+1SmDcUmLxY3DLvofM4Fhg/45zpEDqaqU7+GYh4+tBh3rZ2jIuLsfEA2
+1Q2ChEQAA9crepRwOnfP0OnOfHtKhXd9V2cPV4CydKJRCCK7ZPOuTALmhM+AuwlX
+/pnDR1NImoyuw083IaM7lsvBjbCqt3d8sprniquvpMm6SP7Tl3+90Va+TmBcvCeQ
+sx0eLpHzcHtSE7f6GIImJzD3/T3ikgtOlGqDrESl1uHYy9KH9UZ6/rW20XzJ7kh8
+VfcFIzn1fH3+jxYUsGFHStF03nGoiKR5Y+ub/v2TtbkOO1T0jrTFesxxH5auv6hW
+UAYoagW9cZxpCXq3LOhz0QqYttCA0DVGOA1u1BaBfHIth6ch6gls+6eRBnofzQot
+A7qYC819/DEj0xU/TRUoduxC0kbCDX6F71YTWFxPRbrP/rKgxebZTKcP97TOw/1a
+wrdEy/+Q5zvOjc+Vk/HpzzMtAlYiIVXXLu+ObNWVUIP5IqRrD15m1p1dEvtOCinu
+tc+eLC7FJIo8FvXFuaAJhTWkOrlISvHFZQPwwljNWPA0H0hgvPqe91gO9qc1Yz1O
+pTIUPEMBHY+qycVd1aZEQuVvP00AdRbo2e2Izv9kX0Q/Gj7WavgWu5zh7ie9Q2kO
+EDQs90jlwhT3Og15GqbdKyScZh6+VEPrrGF2lQNCCyd+bPu/MNwFY9vGoWGqWNFx
+/o0QFPekQljcqTcGU7FVqJkf9vEHMgh41CTnW4QSPaoN42Q80s+rtcaqJKjpj/8Y
+8CHN2s6fzAHPN1mjNCGJPBSDvmCxFkTRKWbZ+cfRKI7RQ67F9/hA6N3ahbxCzIUc
+zLnR9FvHq8QedyYDtGMSR5FdWOY9IQecnpJML6SzhwIaI6W2anSB+1HScWcktWw1
+/f9X/w5j0eK7vHrpOq+gS3Z3Gi3pyb4Blm36PFEsF9BG88dI7SoHKjXLuOPOdW/f
+m+8m3ryoYwFdapr+SzbgPjMGoL3dwjmcLpdBkhp2hBvjvS2teSB/qWZdwaT4s/xS
+OkqQkhDQ1pGivzSSl1L1Rv/cy693cNayUWY4DSCLxQtkf3Elw6i/Ol/1Gw6qmrQ6
+SiZ0Et3oToKk6vLViF1Z+dqDe1YiO9j0Z8W2b4mG9+MHjft0onclJKDdrZuFdBKK
+3dNAXuG8AX9UnqJXafJI1+D88tGBDWDVn4uaWcPYB8Lx2r/QIbtkQcmC+wfCMwxB
+2qDMyDkcYNVM59Hn1953dm+XUhKqfch7K8zelFWCh/XosWPpkBHS4aPD94dBnvoV
+cy4zrMPQJpYYX3bv77NgYdiAWSGEcluhe/TO0Qa1tqVtSHtvuVxvxihIc/8/A8GX
+1IVdKrH8ta6aP9UxXkltf7J1lDqWpkqzP3PmmxfYHRvfIpeOTNZY+BZ2R3sM6mjv
+TuQ57q6baw9BiKeGzmlTNiBMkd3IXPH67/Cob8TeXnyUnVyHwQqwRrOwqNuMHQpj
+jvE4pEPbB0jae9uiVDzyk653qusWGntw1Dg7Vnx2PBnvIN1pBzjVoMJu2C9as0yA
+6YiC/kHtLjmlUTuj2vQIe9oH76VA3b3Xn+76GbSwGYjW7lF8/dxj1vFygNSv3ao2
++O9P16aG/whfQfDK4GSBPRFCXMQdjOpSBf7F0FkALkWW4vAJd1EHjLPJ3JD/Teuw
+LFOKVZ8lgDJaPJCBer+iF0bYrxWI9lS6pEN0PGKZNKmlCU8Vt94219sztcaY6qL3
+dqJ6N4WG58gV4IxaRoKVfEs1r9jsF0VTDpMvD7UGaPlJWofgQdx2sq0f3HzrcBag
+nR9rE7SbrY87AhvG2qd4cgoF7eJsfKDmjKCDNIGN1POfqekGTx9A5Qzun190Khsf
+DREgKNbd1YtEAO7Yg5Uu1dFXTnXhHQ4MsvySt+kqt7XKcsUO3BXKllYpGaM9Ycj4
+hlPaARldaBWwJw5aPA2IUTDxUPWFxdb+Z0TyvQcZJWueAp1EuJxZbMd2ZWMbyFr+
++OTlFTW14bZPRlMvLRK2MbsDcL7DMoeqVa7jk7ujy5Uekz7uMYQ0MVBoO9z4MMl6
+D4bJCeGS+VS5+5fRrdxpKwzIkPLcSlRmbJiyBzoeSkWEDgGUAjkhtsQx6EFpZx6o
+G6Q3x7xEs88EzVkrIaB1H2G53NZ006fNCajWugXkEnYZmbsSbQeO3dtNzi6FCGxs
+cjxuLKnX6TSnJ7whAUZic+QfkewnR66PFjl4/2LGe6MJS8occUh7IwVWu2LzMSBN
+SjsUeiE4rj0CUC2ayb/ZHohRqn8yishyvnDMIQKLFbTyTzKpG/00IDftxzRK27cu
+CyOmIC99gEf3Sw0XgKMKhEimYh9nEKG5tvmgA8wNnNCkxeRlwQ+joI6FH753gV6j
+A1cd/Wm2xaqxLbEkWJ+2RS83zZaICsL2ADVEtMeVhLP9whXdf+OOELtDdKz8YEez
+GZhVZOAWpNN56LLUt1fQ7VrYxvCb5DZCBGtRW5c0S2H6CktV7MpZsSCXLC0O71hU
+tBA+fvJ0DnZor6oZHwSHxYLbba043npT9khqtRTjtx7SaKFh5pJDW8Wpg8lp5NYc
+8Bhdmf9R1zkBoYcJRsnPrBUpfB1B7DTKDSfTfttfzdcEvs+3Cf0bVCt+1M4fKLG3
+WeJtHBfGho+LmHpbOpjFUNkqK9Ax6dlhZlmxz7UCuMrXjvLBCxtAObLzxtJy2P5Q
+rGGUdHsVGuqXwIGYzk2D5/cFzWlNcNVrWkYSbGXp3J0vsJ5JzVV7nfK21ZyTIss5
+fbeA3Vgm0Pay4ZAj96qSAZ3cdHiZmAtCYVK6vd8u1UzxBOBuKX5RnV0Bado3zVwZ
+38KRTjN0Xix4yi2HGB/0OLBp1NovyjFCUjWhkiSOEFEG2ajg8mw3j0oGN4nsNbYa
+CxQPi/kWr8Wk6R2xMb3sIjBmPOlnvTwe0S4Cz8LLj3cpUOEcXe0qPxKfOuvE69O6
+n7FDf7yp7Lf8fSoYfa0bMTHyUnNPAxOw49PhzXcVeFIXHNjzvp012V/cOS4vvDDM
+3fENP/m8jh+aERRtqfvNo2Wt2rELTTPyjIX2EUmPggFTMUevRpyzbty0HcVQOuLs
+Ba/EWdh34OW0ZA9xZQK2cgHX+OTazHVq+C5bX/dNcSraUvZ/UreY49bD+RIDQ0n4
+4vMqUCFd0lLKKsoUeFeLsq4W8v0O7rE30xztsdr/2k45Cw5ZW2wSMKg6S+GOg2w3
+8tau92ZZD08bKvpS61wVHOKzDYzF8xgAevWvHPT3rANNNH1N0WiNmbIbxXXKq7Ln
+T0mPBma2V6RblyrCbVABteHdm8bOPN2gnEIFm8hedxRspjcV29ez2FI802E8jubm
+UUI64L0AJRvsHdaHS4FRExd0ZvrYUHzPT3CB/RtwmmYl0u0u01looxz+u4J9hnaB
+TBTkCypxbsM4nrSaqjC3FZz1JsGxi2WcGPShZw/2Y+FXye8O+b+rbaB76Bn3RPhu
+G15XXJBAAvxOJSmDuSapAMh1XrQBJxJfAKKJsrxzaeW5R9b1e0C4zhJKucJFkRTw
+2oic72qBQhAzOpkcHgKGxNvFL/cSdKv9jdvFUZt1JhdNLYFVJzHjbhNEZwGSRLtB
+Q8bhbMKq+2Lc13SiiYab5eH0RFQdoK9p9MEn4ZjD3Q/Fa5MAtj2k71FSp9qF+f+0
+xfsmunfcPcZRIgUrBX8RS9nuJPdxAqE2Z/894Tix9dKTVbtMjPJBqDr2DN18UpEB
+HH36vL21tQ8ErvC1wPjT83h7qK+Sf/7gUnXKWqUHfm5Q+nzLtv2hLqkiwoZnzyZ/
+E4H8dfBkxm7GO7eNYW9cW63oO61eJyKdCy+p2qbgzQL+2sOJFahzz/wT3LQCZGOi
+wgfoIxAtfrUk7cjMLhJJo1S45mGL7XCVwGmmrCON3I8+sxLkyDhMnrDK3BOOzWZo
+O36FZpeySOAQQ/C//cIamWV2v1xpTMeixIJLh42BaV5KxlIcpMTG5X49CQWme3FB
+KVcEp0WAWOaIwkNygwmMxKNV3/TvlXyM3lujZ6Pea1ZEhuUyKXVsIYeiNXjM9W0m
+RTbPxqTj9GGDIoSyZoXiQ92Oj5Nak8+RUD6cJMMr2277jzIx6G8LbOubRFpShUR8
+TAy2eylvbtlGRCVJu360QETYbRLBVyMsEksoqA3bedC2F2QTBrPa2JsIQgx6nJKR
+kyyOcCCSlO2tjz1NboojniGwXj9oPokQZu/SzBe1BXi8C7VpUYstaR2vq63odVyX
+1w15nB17r2SQZzis3W4tKR8DQ8CdaOE/Hr8uzbRuBozN/FVG1w3EumG9BCz97h2+
+mw2cT3EwZ2e5LqPn5HHswjrAvwGpjzCS43nnx9+BJyDudUxQWGcF9IifHGJMnwQK
+afsMnlYOi1M67zECASi5iPtnTv2TCoddu5QwhINEnKQB9xQ3jZC7NDaTKM6aKA8L
+iStUVMvwMJgyEjWtFwYsQ5fzyIn/4OT7SMCfqpqj9iM4L+pRp/hPUNZVDuRYx8Uf
+ZnXwZNOWIiQl9ryIedVo9vCa2QYWAGWmumI3fgW02OFFq8FWYTgwtJ/NKbbT79tN
+S9tobOQW2S2bXhP3iK90wtlFV2vca46aR25CL1On0j+VmEnISRBwpXkB+Rq5DjXZ
+S/lzT2HGoRPFaN+pyqxERE+OCtozCGez6Xk+90V/MvQEpkC1JnOyI4c8SLAkqEtI
+KSmUJYBr08nqkYGr8Dj7Kdumo2jYaRW/qX3u9erDjk0FbmrYAZQ5psK9pFzyJpVL
+VbSjXihB6rtA5Mn3epq+zrBxmXTpgLi1dJRupa95Wnqp2lmKIPHcn2fq0v8vK4vp
+qkgcXWwIdhoO+Nsb7LQ7kDR79ZTlWB4huOnkrIcPHvzDRPOEhTmEEzt69a52oeTy
+RJ9hMsx2In2LYU+yDhgU/97maGNLZYoI1TShcWf5bCnO2v15QnLiEx+6AXU5pFhI
+vD/BwhcPW/01iiKNPZRc2g0srj+ecXBQYxsUNvEwNrganH7wEaloiwTmID3rUAK6
+vEA78r1Rop5UerwGZwzDZWoHXK5zp0pVMTTqs8zaZAT90RIfJ8JzrCR6pTtP+Z5P
+QMMr2qFM5MZXsTGtoYwy2wXxvSJ/BVH4tIWKvNaluD8W6DMtsMuomFCHBPPVu/sG
+yJD/6SeKsv5S5E/qAsyXHtF2xCXRzCXtpkRoVH2cIPOaB2qw0fGzb+wFNKrL9XO9
+21nlPyGRXPGiA3OlZHsBPkakvNlnBGIcM8xTvaBck9xOGMGHwxtZnWJZ7jpHkSFh
+KENBeU8lRitEgX9pb8kyLTMeCzRvxzyGx45uy3PS8mRYq9bOFMiLLDOD2OatR3LL
+p7HLrQeNUvsjmV+sJxwSydexMYT7OgTm47atgkEgegwpxKOIaQqS72snjRHE7gDI
+Wy5y38a7xtK5MpFzE1fNtBX+aW3g1GQgUUghv/3hFh8v/k4oa2Q8Ld8Xta6yYhjB
+WAvfcF4Tmu5wq/j4rt4T492ek2tAnui1E+zTbNsqdBPefyPuMSxN04kzSRK9zRwT
+4HDJX4ec86LhwDlXg4X8gPhFSbnLgeSdUY1JTgTrLluhHN99lUytyBq1/pvqO2LL
+Geztye9Y4Q60JDYisCgWHhxuz9aY2GTYb2sDVGcyxodY3biq0RDThAs5HMsfOyHA
+ePMGWrhEQtVigjY0i5zReTOjFk+oDMha4p+MKCh9FjEJFckvIK5f6VuBYiJSfTj6
+aVJtDbOwWVNaWZzShYvLAG6+QYgIGu3Xnna574DkJBYf+akFPJLyUug3HDCQyjxc
+FT4W1XFQ5DOEs4c8b9pcqoOGtczr5/AJeZwUQouOWcZnUEBLtBreVMCFzyxq888B
+UqtOzED7aqg4bxR9pcbxr1aAGH4UICDLAS6eTiPwZxDDWc/f9ZwPUuk5XCXbx4PY
+S7wJhOkRn8z70nabnYnHXGqEjWAuS4jIN/UPGCzYwIY+Vvz481PL9+VBMktMf/5N
+FAIL0dYkx4I8XzCgQ9calYYktfpLjRuQ7xrAPthWJlEJv9Mf4U7wfFmnRdvRWvQz
+n+PIxM4SiemNO0T8z+jMz6rN0svu++e0eNAHme8jDWARzR5MuMkF2XRx9Mz9aD3b
+rwwALL4dKfsoTLYQKmm7qJ75LQBxqVf5euLsFhSEIQHyP1cqHA/Orr5XjnqtcZU4
+5XMH02vNoY+2M9F8V8mxRs3Bf1rnqnd8vRG7OZ/LWX+8Xp2Y8pmW+8tkiKqi4Oj3
++9CZrBBG6aZw/OKkiw0v57EZa+9TOuWLZ7rZnAdr1jm2+GTntJP06TneJBe3r3At
+qQoC04uTJnaZt7D70oacaQGPaVezzPZA660GXEkfn6ESQXIlu6tDm2oou96D0F+O
+QGT9fOxB/x+DUQhfcdhamDRJDVbbRAWbGx9BRNR0VS/jHVrIcX6q8n05sNfJpbH4
+tg/hGVnTTzOx7pd4ga60BeFRMBQz15Rrz+wOS/lAEIGYDA5uFXQLIe9JnTeAM+J+
+ODJH+6yybE+FYikxIzyGUik/so9AfrftymiTHBt73WZHIQyYb0b3cz30uXiFll77
+ik8f80AXbRlB3awY5n32jhfrC0js2oPhAJTd2zghi44TVoaszX57J2CWzxom3xIt
+qsApCyVdPqltusvWoQRepx3XB/PqIqdg0GUL7WJ9GpvRXF4XVSN7utmWkZun5eTR
+xRZ0PSWAJdBy5eieDw1/aZZpBs/+6HmXrpN43kL8jRNl+OgjyGNreqM+MJi9k580
+CvongZyQw4sdQoA5nnJarheq6Va8zc6nTuYiOy1UFqnDIZZ62jFKzC0+aEgvegrR
+SBs9mgv5FCUViAGofbxgivsTVQ0VM7p/JHu6YP0qc02wSQub/fXAhcopdDRFTeOI
+Mv/EcgCkDlL0eU0x3O7j9Q9jMY9YuOS9CLb7oSgP+XKKRCQwFF1V1eY100q8pczU
+yFtrdAsjgE2vOPjSThh5mZhGaTOGb9aAcZLAIT5RmNIUAHmBdf0N51Cd3mDoXTLj
+dSzKPbwG14UqKLD3EegFwyq9NNhmm878vdj4viY7r5J6H+IZrgYB+EcApCIFP5EP
+DgoS/bPJha++aqRBVmcL5wVka8yc/et0BdkXSBokSWRraaQnelMV0yxDGWd7VdiP
+MYjH3LRhaszNRMYt3P+YzBggbOJ9uOLJbNoIgePfMAODHmkjdRegxU5fcTyFeB4s
+PNSS9afyopRC5XxnlqpiYuq8jxdbgOvxaScbPuous2ZZ9ESI8mrGmNFj9GZtIGEZ
+8kF+iz/2BvrZa+iC3x8zmS/KW23yahyIuVlqPmf8Hq+zV1zUAHjQNT2i5qW3iRL+
+Bdl/RYf5/6xvMVSOWVtx81eNYvrL4AbPVCsxKzXV3Kq5LRXPBMV34d4yjreJ9koB
+cZwG3yBTwP2soH5ltlduppmhFAmB3w3la3ZEp0HiM+yD9O4DrFj4j/p2+wjUwNxs
+tuZVCQrkoDT16fV91gQ3lPx+1UyFzkBdvpg5SkGYLEZLnIqhqB7Dv+A5gnTCCu3J
+/ow/WYQ+gT2/hlyBu+9CPhud4Dm5fPGMAOwPeAVlujzLZKFzdC03tAVqaczGhl79
+DJdDDI05Sn9nrZ+RHN5KcmdOMEBwbH4YmUyOb2pE3SxB/lEK7UiDtJ6FyV7UkyIp
+ij3+rEbSV7OMVG+uUMnO0IfClKPOm3aBDCCeHY5EVI50wFArZaBSz4VyRmD0rmAK
+RfhnUMcy5M777mt8ld5Ip5lc/x5ksyxw4wXbVFP2A5KFixOg7YffWk/40IiKQ2z+
+sAd4b5HyksE/limJIF4TuQhn/2QfDzKNbLK5Fat77tK9uAIZaWGoYZxDHhp8NutB
+JJ2JE032HyN50lsyGUo2F3o3DsBB10XLqY/JXGQqUuiDKYQ4zXklNq53cdO4ZAU5
+drCc3kHlVuDCq+lJs9wKgw5w8ksJZXEgQSolUkTN1n/y4vQY4MS2UlNxonDVK4hE
+EGHZk79lXVVr7FnK6mGaCLEFCnRf2ROmuQaxWp+4w8mIhzPIXbAaQa720s3mCab+
+4oEVmLTmytxOs4RBvvDsF6gCti/xRsW6YfxVu/rt/Q3RprrCt3k5HqGHvJheB5f7
+Kdk+LMbp6ywNsSlNZ5Tenc0fM1vpS4Jic3RRzXicwwvUMkw8DjrztbRGFuwbn0uY
+nl1PQ1rtpoRpGXuB3h8dstZSo26UZOwUkCTnDid6r5+sPde7sucostXGhElUITJV
+31AM8QevSeeaTg3zeEAVcUonYPF0neS8ignxZN3apT6JDmoiD0XqMFZrz6aowSuN
+SR2DU/tcZ1/kn2RpECMBr9nhj6jr8s07ztsToIknoBqebAF/L18If63lfSRgBCKf
+8F/ILIrld7Omd2thP1Vz5S23fI12h2Ua94vIveCS8XbcaEmLj//N4gBo5zq0FMeM
+7U8jI4Y9GPWDThORx7Njz9UpWC5afoYoboctymAOcsSZmZ8E820frQRDBsbDNI6l
+PC+Xo4o77dHOX/GKcRqT76iucc8o3MNphk4lirDUL1txlNoUme5+FR96mCGuAdW4
+7NgelaWExoWUBvmp8Sr51+r0nYOmMr+0iXmbMT+K2h1LI2KN2s4LZLKn7cqvNuEV
+kf0kqZRNrWFYoZHcGa2NK1OaJ+qXcxDYX2yp3/4NVsYHF5yMXFNJaMW/5dEyaZVG
+IazFfAYuC++T+6pINv1OTBvSzgp0pruZGLd9QEt1WrWuiwkLq2fBv/1wwE7UvZaL
+oan5gXxb+854mssyow9KRUujiJ3Soygw9FFoyj4j9Mzy4Xzj7XhQXzAcxyiStkZd
+zyJqEdrP6+3QBYxhuvnPIA11e9KNnYZIDcim72CVVqdCoYTxnLP8KUgJxxuiB1aa
++VzzmOudHMmRY18+TLX90P+EpNhnRyc13I7qOxTK53i8Cn6xR8MoXlT82FkKPJmO
+8rWVZhSY15NFfvgX12hFl+MPeHtZdxyiIHLApZw5f3xjFkHVTX7VdEk7bKjXowzN
+d1dVSMB+i5ovW/qJloscjlyZScU3QcTIBO7yX27SiEgkYyBx7bXgTYt5VXD/Es0W
+BxmQxOsmTsqKf3V7BNfrHuko7dMbn/hJQJhImPm2JH+8PEhZsPxxhXvQy1TBoVrX
+BnFkfa7RBqWByLHXduqtFKaumDWkq95KVRdFIX0Fn0oSvoz+483ltygR80l3mqdz
+xxdnUVpsSNH1HwBzedKfqCE4sOAb6ELRcddYvolSB/aWs6tVx3dsF+jBeChuIUQ1
+QsnhKVTN/BphgQeo0v7+wkviRDzeJf8WdHdEE78z5FHP073eVDda+5ZASu8/g+Mk
+VFaN55Aqi7pNQDZDremzK3V4/mJawYn9SwX3UlEYR16tzsphhL2Ih76XxG7YYfsn
+5TlqD7NoRZqZORwX5OyyNeaHZh3ArgA+R6w4ieFb4eEqGkdIg7QOtvtyCXoAdEz7
++r4STVDYDP/SEVDoA7EMPzeT85y926/qcBp1nIJ4URz9i45tdyCYQl5KKOQfTYT7
+HZ1vj7Iz5HviNlvHHGfIr9dBTt+795S+5GDaEuDk089YekFIv3sMywAWSVZccLtD
+1v1zwPcuu1SRI5Gc8xO42LGL8A565LbxKt8rOwhd4JUQ3SJaX+Km7nOj2qgICaMx
+5D0LJl/yp7GVVaUgy3nc02lNedXLJMXVvV3g0mOongQGLjEBbMvwT9Bu69Hoo6f4
+d1Dl0/3WArLXbczg8pGFUZE0HhHg0IS9sI5Nh4tsD2xA2T+w4PEywQjhXrgnWMTC
+mwL7Ph9gxXfxqT2lRzd3vVvTB53Pg62NpTb0cAZzi3rOMUJJ26cIoI1yq0LzjJyC
+40PHF5U0XJXL9oORGDzuQrrdBhp5ND8K42OePKvR0L1Cl/tFIdw904kwtPXHAnLl
+iXJDk4Z87cchIKQ0kJDPS6YfRn/fcnQe/s5CrZFwgUSgqWahifE39cXV5vatH0te
+OrQW4xvTSKpJIOiosd2obnPZe81Gp224m9alKYWapamTu8fOCEvS56K4uVf82IGj
+SV15TDjEZedJ/U5O38wg1ZCWCQJhzZw1KW63iCdcb+FVRZdw9Sm9lhcL61wyc5Yp
+riLN/sIxNjtKrNZm3Ne02bW9dSdvaMcwF1uGUMq1kmQcGDAk4giU5EcKnQPpljpZ
+67C6qXpdNFy+1njmyGSDZGCsf6ZPEh6v97hIK0L7JreGLWvuTD5y5lLVnGpWEY5X
+7fsatPqWbyubUBk3Jm4Ez1555xFyOIG0LsUpPgn7hVUTVitRsUyZXQ0QruUIdsde
+f7pOkFNDpeW9UtHCYWVzLYd8kuZYS6vmdzPyKO+5kpMH6pnZtKrgqv73V2nJEdON
+PXb8FiaQNaOYV+8dIqHqN74la4HgGCB3qDIGEjwiEOnaCiy1IVyjYArmmKFz4iSx
+HVIf6c5vgjQlb9f3G9wu20w4eQRdfqFhu140wFYTOwHbCiDDkc4jsQ3gr2K+LO/k
+y5E3k1vSZAQz0R0gJYS5yI3SSBWG25esYJytRVpZt9JWv/JmCczf2pG7GBCjslmt
+OUKQXNede2Z6GKjCodJc/LWtYjAYZNqVfhdF9hAFZ8PxBL3id1KPTOWGAswym9td
+rCsz0QYXQOzzu9tyVZXf3mgbxPWj4ImiU26e3aX3CqWQpt179QfiE2FmklV5I3Vp
+Y59OgYF8JIuN3QPViOdzV/RmUSX8TtmnfzITK3Xc2fK1S3ySAXbJJxw+hJrmjr3r
+fy01APFXqCblCIwyc1OXtGG11d1IqCyvBEuB+Cumxmo0ZYfYym/C6wBX8pGWFmPB
+8yehM/XvTYdypZhrprlgBP8s8fqRouR0uK402S3ySp8ln3STAG/TLODHfhtkiynp
+U9xs+qfR531cEbzqRw7JTT226EjipSiDbTckBv/xDsZLxiSAIRQjPYpc48nUnuD0
+XBkwiQGcE0oRV+bvFCXY3qSG5v1aW2Ipg4egcPHgrelsZhgpS8TWumWi4uQA0CAo
+QGnNdfCE2l+R478NMB/4+MAkEqda67d/GWMHLWC5OWCMhIhK0Mpz/rMraAwHguAd
+M/qLumTaqcpD4Riowztej07Ql8dXzU5ifXOR+qr/I9DEKeEtTeoUcFBjQrKiI4P4
+m/acGZ7PER4Jrf4Luc0lsfNz6wdbN9dCjQRNj7qM5W+VyPNNglCEXTRSHaB5+Fpr
+Eu8AeKwpyLLBL6VTr0o+vja+FtbJrHUvgMJqQ/M7djWX69tA6vg62np4QXU2FFnp
+jpFGTBlpS3kkllE/ADgfwMcQJ+w/LR8uQTNyUK8bRjeQx8+mEOmHZ+SJ5ngVLPm4
++HCuHpJr/mPJS6EUYzo2j67mVCNmKqN6YRzusW3dfIhrBoV2da0uF0WUtb+VDcBr
+dacBcEo265taqvWY9ZTNPhXr88NXb+qAC+K0z3CfVXWSMkVHMtrWaNnaDyN2nmZw
+A8yU+0PquPJleJj77jXT1mG1iix1oxVZs51SCQ+srBSGbCdzbBm5Ke6jeTr/dCBe
+2zG/0/0q1DRCxDBLQiceiB439Z3zfC3EuBLnPrYqyBnedsNjj5zQ7q2kxwo56+eb
+/UtB3lQLiFz7mHldbwrbvGxnEOhX8eclOB0xc8Tbn7Jno4oH4zCOZKgv1BYyQp1k
+k57joLgoqoRlU6b6w/k9zcDDJv0Ve25G/3spRs6jTqhUAyya+ovbDBIGHNnaWb5R
++xfiqa2dsENRVEfwup/WrGmJpOKOQc1tSeOzgYuxEc1SvOvKhMAcj9N7TbqrNBrl
+FGvgYGdkWefXAxZY00fE0iI7SbUNHA3WZB4Ia/JcVnddADDhMsvbyVblkRj7r2Rp
+W7O6WS3l/+pSCjVZn40R+vsM+QMVeFJnUcVzw1yR0Ofg5OWMZ+NrcDXtUI7MK9bU
+vBJAnU+WBFwofweQnjaOZZopZ/9knHjNyz+Zqb1TmpdO5gPEcGg24EqDvLIux8Xi
+mwEi5NjC9pDxP7NRVTE24d/yFgzipwEGLvOXaH+aN9Qby9YcOVrJjZHTZQ9oToij
+xRXsq7D1Yzu5BqzxPg11kNg7KfbBytw6r0hdmLMsl6UtiChR5HLK0jWus4H73H9D
+lqLRmfY9I5H6ychfzZHQjXQPfyukg226CRojMd4AZAuGwitZEmb12+SadlAOpSZB
+pBMCpt4o91BxGKCc9eIzV7nIn+eXViQtA5cvuTCFdmjvAH8mrcXtb0659MqF9SzI
+60x4u1v3HJYi8mJHZr6RrVPayUm/fb36GiCDOaW3WvXeKhr2i7JNVTm166yXg0B/
+aQcDJF4OosRW8AzRJozRbvEw8jf18d1RLxGhqh+KVspNqbTNDLPNFx7fTqqyEpXc
+173orCLwFIQ9dXBrRJmC5NEBu+UFacSw5gYX6KHi+samXFibJhL7c1ev0ODMTtNg
+/dShXqEajGZ9dgwg3N6Wm3RkLIhkaBjgbqqPsxRN/AeOt9MKZBhYD7YEANJSgCuX
+ft3dzm+JKDsYNNnuWOsWZeFXB05sm/2KeKmLGR/PfW3N3MxP8J4WkTwcif9CxszA
+7T3dV+91Og7BEHgNJ6PFT8nUG/avSIKwuA5WTE09ivQh7pE8FbXcibrYQh5HIQIc
+/gMIkTq2fZ5JTbMqE162VyEhsRtxNMWQjPVED7fRbi1KZ+Rk/ueILOA6aqHFYPBH
+3X2YAStKymdn5mzFGC+QdDbd0chpgYNp6iaYWyRXXE0CQzw2Z9DeoZKjdh4UQ26o
+NFOryf6XBI0Ku3ve6fsKu24oKapgtilHqmP9RumwxN7bRqdT2vZTx/TVUwuqPqte
+BqWx4gEtDSY8Vd4MBYLwJl0IU0iX8+hJEdNFucqsGQj7P9zqCJO87pO3siSrIXyk
+v50GN0fge4HD93rKDA0eXPEF3IEXIEs1tyzYBWNjc5iX/lTd64rvjNQ5uQQ3SKQx
+3T0Du35OhhESnr52l38pewC84TEhsBwOd2/a3n0k8iNgZjl+P7o1u6qc/HlTnFIW
+oHKNla3op5KUDcRVydXtL6WFGyRTx2def8LO6w09NC/yVh8aJNOqaBxpXCvaI9TM
+Z55Y2iF9CJJ9x7uqRvIfpPIf6+fBkgjPnklNxhtTeyLfSK4ldIXozEX8WVdBOFkS
+pBeEsfashP0pV2W/weKSDmxDVee0gWjciOsBIdrNNedNtjIhDtxM93+Kc7qtJ6A1
+LrjyGGMhRkZXPP45cF+a2bVf3mvWWsTVwjLls3J6pDIioEo8m1tnYXEVZ2UABAzh
+mXFjfQjRIRoSxSRa/P5o1eJ4YbFHjXu2GLcNv2lMhx/14nPz0USoK85WOtMmXvfY
+AUdkG2YnKMqdotvdQRgWvmrevArOzwqeVHQOCXJxUqboepB2VRblnD5JNtFW2Lu+
+ctFwa3cMIpJ2Zh/sUCtGA+ov48Px3b4BSpcXNqrsH0h6h2O5TsPOeW+in1WB1tE9
+QP4Y9Gubnvs9dC/HMbivmf7MwK/OHblVNfCChmylXz7pC58TNbUncUnwSpzdjHpe
+SVLtfGcf3W2k50DnS2p8YGPEI1GrOPymYKhtg4k9lYA3s1iWfem9mkNGuuWCcVqN
+In5DEDVByzgthaz4ruw2ETYERO+jMnEujU+B2+Cr8EOv9gwRc3v3uc0s35+9hCa5
+Km/RBvNB3hqxXqadfzFmXYJKsYs2eJ6PzNbbql7J5amUGUHeQ0PR0J2x/cypO7sN
+voa0NIQh1k1MQrsgdbRT+B5Hz6lNbHn/7nh7dcd2FsbroaUBGvZ+IIVI5TbY+GOy
+9e8gXVPKSoppppoOW0OwCBxtsZZCzYOY//EvlUMImNmYhBZFihRnrsSI9l4jYGCM
+JuSoHvUynoUuCZB5N1H1W2uu5jAXtXFNEznMB7MVqDrsBQzzV5gE/dR09x/ykFCO
+s1tGtwom/IPkkbUyuAbZMHp6AIuNjed5mDvHazYSZxZLeE+B6tE4TGmLjuqA8bIO
+BSk4DcGo4Q1Bf5Bm2smewbid77vz8nhx9s6YCEcNHoLsxE7JZjwoM8PzkYTvsTvq
+umYh/3q7hx+FE7DQ6dfOfUe6eKDr5fioBU0NnIL1Yg1tdO10afwLih22pt5kX4ey
+eCYExpxcp1A9IKUEjir6/6eG9JfXRrIhk04aTsYPss7rXENdRNNKxudT7C8iiU5t
+w8oSj5VxEyO1cxMIldM/WMkTRfguw/hBzS4KuAd/zZm5AglKSdgR1+JwwpBLoop6
+KjaocKdVr2uCsV6dPfb9hsDfSHhTxZF59haOVfQCSbRg7VMfkecxr6icByFimxA0
+n7letTP1fDBkWWnHuvi7qFVSo9z6okAmgpdb4ztVXz723YuMjoMpU1hcD4WkEQ/7
+8kAG9PoHyFRtlVshY+VJILuxSd7YoAxaCarIpoK3tSpZhx7V3BKHWBSPQ49vG6ag
+tlRY6T9IPmaK3bvPppVMFqhFU/zfNAwR6oeHnBYgyqPY0xamSL0c15GgTbuwSiti
+vfJ6+BKtywi3FYfuwN3/tTLujuUtN4mSXyVhoZqAqlQiY1Si0xWc6txXkvuuz0+R
+u2tM0sWNes1UZ2gFqDibzh8/Eu9h4LjXWWXhF4hkw1zw3rXKqCyjaRciYY4RaGVP
+2PUax3iDiD1uiCHTyJAiYfiRlXN8PYfFb0Jj4BTTNpRL0Y67f/RL+jMtkkQei+9b
+OTnD8qjOsOwfTkGYfourHU2h3jlnXaFadcqRu67G8cbOS59PwK7PEYegZ6pxlkzQ
+0bTS0Eu237XwJqyqc/8fJozUK+BUIy1pEZ0l1ghcjX9nTJlNkWVjsMhd66YgGyL4
+2zqKj/LSFMBHdQ9K5ffAMBwiaxGjYYJR6AE8x1Uk05iL3hgUy8PIVAN3d07ov3iV
+3l1Yiz+3/bGfqsdBEkudnPheE/Lt5ExsOo/hV8i0p7kiImh/EQba95JaBTFhCqcv
+BG77sv9srobpRPYM/OEBBnkSEqnQY5XUbHh+pwwJVf7PnBjt8i+MzrTQjwcWGoEQ
+Tdo5sHvCMcBtHlkA4W/LqM7KB4Q+h/QdJ9SUzPWDAyLtOzLd+Cyg0uCQ4wm+3/ol
+IvXbhuqUEPObH3nq1Y9zs95bW2I2fda4o/QxxV3ZcZQezLvlB62NEIMCVE+N5GQa
+fdLH7oFAlp38sLm8Y4RdJCuAgpLXTud3bIxiFbPdE1pp+n1MTrQl47PGahvaGBRV
+YDLTiedVX6zvcKzPY1uwNZU8iOeG061nOn9iH81jmzz2+jHSiHfZr6tecr+v84yA
+tvAhsBuhHQGvEAVEGh6olHPR1h1DXhqvlB90n2CyFNMpSwuk5X9hr/tYB7EfTRLR
+KT+sNtOmupfgxngkxYA/ktpuSB6l/oHEhn7QxHQcSTfVEZtfq4mkkgApS1F3s+68
+Ha2rAEM/lBLtvxJ4EpcBR+ksPt+qefubG8yhoBcKZAbSmgtK9QqvNMQ5h/co+h1i
+rYRuqnQvg9AD2xTLYMuuyO3DEFelQo+U2ikSRT02GfiN7a8eBurp8iCkHg916f2B
+3zr0IqQpbOc4DMUOs9ci44zyjFPUuGpifpwILns7lPkXDbgrDDnHCkqsJ+i/iGt4
+2kQSrTOQB7ROMCwrDYq/QxwzgXBvp8VCOqH1Qsqt84zwnFfkHZnilrfveMBEYRDu
+c2eNoVWrlmHK5tEALJnQIrBW6OegcWolbWp6Hnp9Um18TwA4IbpPURTcrN9/EvMk
+Bi9nW9Mb2VkEZMl+3k7qRqxR6xFZo/uaxl8NAI9w3YQPL8+jHhfX0xdgTy+KOcum
+ZhEGdZG4npi07aF9/lkBr/NsUo1Z8ZbGVdt5gXGqwU+2NxBdLST3SnEdElpVhmlv
+c5mr2ANmx8QjM5ZW3QKodM3UujhHDi0cj5uv8j48yg83SsaR9GWWv0C9aN+YSA5g
+X2xjl+TB0d+cdh8EboHQVwUDMqn8sVAq80RBBgHEpH93kRDdqvDkF2OT/lgSXmdT
+CV8GC5ulOVCS/aM0QRLt4qkdvjrpfYEpHDvEEmo9sfMgMq72BEktWB46c/Bt0Tkt
+LKNzhGZYs5Kd1SSMobkRwf79cHknqpNEAEDsK3xavWBBTdgLUHu+Hkr5h20C98+e
+wiKe9oXDiwWZDjfjWyOORb3IIZHiUc1vIjuMDRXKQDHd4QEWsV8koHdprRd+n+3Q
+qgtkR/1FowOQkyE=
+=5l5y
+-----END PGP MESSAGE-----
+
diff --git a/tests/openpgp/bug894-test.asc b/tests/openpgp/bug894-test.asc
new file mode 100644
index 0000000..11223ea
--- /dev/null
+++ b/tests/openpgp/bug894-test.asc
@@ -0,0 +1,565 @@
+Test key for bug 894. segv when importing certain keys with duplicated
+user id.
+
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: PGP Key Server 0.9.6
+
+mQGiBD2CgM0RBACJLGH4VS1F+MEyE3hEDk580pmeLZl32nLUTGtGc0YBtfjiBkjD
+XnPHF1sbp3FLAYdKOZHY/4efGmGE86L9L5y1Uxuqgzi7c3jze27bp9bBKSQWMVIT
+iIXGnjNXNuZUCkhhKXCHBy/2x7J5jYdZYigU+a4vrhXgTdLJNpamEx7uRwCgnHFd
+8pImqdGJMUhGH5qJ8tdOZP0D+wSgY5U6f3GyC98c7HgtHoIHwTBR4DGmdHEZ2w9W
+xAsZhu34PsmVqWmkzzFQdzkjQq8Bxorrjn8MYRUZDhd/dYU+Xyk49IAdZVFnMOEO
+v2VyZLVwfjbIJK73g8otU3W538XXFhkUR9/cnuXTBWiUfizmIpzkbjaSpqMl1i99
+KY1YA/4+DX/nlFLemtZh4AH3RSeo5RQ6WJhFtuL5Vy7jWPFmInHktfx7Tpkq0qa2
+8oUK8pisNywZySd+iClgS+gkTNmPwbwTI6EGAznUgZB8bQpHgNMN+ENBPDYVhzdM
+OYmYr1WCKsFK5DYUp4iZLmyrvojOH47ZdbW7TXnzyUI7459AnLQdS3VydCBMaWVi
+ZXIgPGt1cnRAbGllYmVyLm9yZz6JASIEEAECAAwFAkHLzREFAwASdQAACgkQlxC4
+m8pXrXx0rggAw7ibX85WpgzNMqPHGbJ3ZBVgSdGwDM8J/ucklREzX7HVoGe5XYld
+6aHklODEJa/ng7Y+8fASDgdszgaNjUwD508EufNkC8rlUrFb89GGSqe2cEIOAfXs
++gcD3u8EkhJnzaGHmaeMSNLsmTuMVR6yN+M9olIdLO5ZZca4uhqmaOtIWSBmkHI1
+CxWRhE0HUzmZRY3tQYnujUDlDa5NIUJieVLBOKlnb+VXAIZDfgRvKM4MTZFv4o31
+G0Op7/7MvKz/rI26kjPkwWSn9O8oZ3HvYv/mghdova2Gg2GmWaRN3Q3IZmQHY7cf
+cC25NKoEyFO85fP5SnaoKev2Fr0F1m/ApYkBIgQQAQIADAUCQdzzzgUDABJ1AAAK
+CRCXELibyletfOrrB/4h3TJERSzaDFHi7d3q/gKC5oOxziMCYjrn8lQfDsg9ge8u
+1haKq1VfrmpntY26G7iJ9yS63/Vt08/4ZL1R8pMZryHtcrSXMW9uYp8BPf+QlWDU
+P4jk5JeAnpQ95r3SSE8YOAnGWDp0PpT00i4hGwgm+gCT/x0qXJhKvoElGZpUztUO
+uSNMb32XwZmE68RFDQybcXHzPc/MPp+AzFhhjjL3PutYagpzRoO4PzfTure2XkGY
+JcOteJj/TLtmSqBOPUgIx7H+H/3vCwA+pR1iiBSQFsyftpFsaFFuXg7YGXezVw68
+UC0UImP83L7RmBrqOCNQ8wcd4ecyUxFfCy7itPitiQEiBBABAgAMBQJB7r0RBQMA
+EnUAAAoJEJcQuJvKV618gg4H/20TTjWQta0HjYAK3H5xNSogkZyBg4eQT/5xW4/K
+QKNwBSAV4belVJ4tkVw57mOm5f1VzKf+efm5TR80g94R/wMsAkKsgxAr6pHE4h10
+fVmX+IFc2Ba3NNWWAda5dugGA5NT2QM6vo657uN9Lhy0yaRcEvcjYjGPghCq8L99
+qoRzKK1wdAOsE/3vbpG6vxPvjxJD+BkkwCEGefwWtHs//xFOUJUPddTd1yqrikaV
+BbuTpFhUmRIQmpuAIQWaBxusKR+Om/puUpsHvcj2jBSXR96vMPyV66F6eRGk4H50
+MtevNGGlxrLKhQjP139PEcwA/JT65NZfpqKiv4wmaaWpv+aJASIEEAECAAwFAkIA
+iWUFAwASdQAACgkQlxC4m8pXrXy2dggAmaK7DuKFWTpq0SV3UpZJxV1lFykxiTlj
+TnFdHH9KJtB8nPAKUc9xeAjhpuJmJRwUXDdpVOEPdpi/AHz0YCQI8wTosWroZQLL
+tSWFlrCLVDqYvlS5ushMvEl3HtnO7Foe2LynEplb7NDcGTlLUSldSHJ8I8q0Bppa
+dBNaV94xPxBTIn8PXU1EvJ3fCL+FuA3M0tWqPCn5A4xRCJEFwbahsry0jrR4z2T+
+YvvW4o6wvsKVpBonbqp7bNA0qnk+pqL3xYDuw47YRHi1tfYCZvJjEcs9M/ZhSHNB
+MfHB5wkHrPC/1JFDAdQpTCxKEDT3LQLSUzxOuQmn6GPQ5iSMDBtqIIkBIgQQAQIA
+DAUCQhJVMAUDABJ1AAAKCRCXELibyletfIysCADCgXmHxaTTbrq2ut9ShOzeNMiy
+9jX69O9eDaADteQyWY9CeLy/XtUPorLS0fmdq1igf8u0e6mLUAzgzLKG5UXzcc2D
+Slabinr6SXaVcmmR8wc63uUZaNasYoG6xjuSiABMJvnwUwQGPkGSct1Ne1O65r5m
+JYswxO/ou+sZNBHt+uCgDmAquocw6T1KFHXm6WBLfZMv1y0pca9rhaM8N8AG8AeE
+9Dwvi5ObIOWgzUE5k//F29Ynq4AKANAl69N7xoACn8SyKMr/XNhioq+jbHcgx0LN
+nx/xl40uOvOsQJ3xxG7lhaTMcgYpldadluckzNvEva3SqcvW+UQQstFivbVliQEi
+BBABAgAMBQJCE7kMBQMAEnUAAAoJEJcQuJvKV618eVwH/j2fAhyzUzWREWxSQsHD
+JQZWRCR1Bm7gX5RhuYrFWfLmHdEua9TdOl5z+DCJoXJyJcPfhj+N0gzfs+mLx2j6
+QyN6xVAMKLAy1lwxbVxwqnUhWnHTKMgDQkLs+WSzM6ZGGFdg0aoOZtuw/mPe9I25
+ARhCDRgClzT1YLQmcuueNohOfU5uXEDrJPQii7El1hpzenfLimBluE8r2MhZJZxO
+vNuub2TDbJir54N/cu6GV3jYEFCOXj3cW2JalyEiewbwEN1ZfChym3TLCevP5ItY
+90jKIdUR3EN1CrUzbPWF6Q0RsUbwlWYaXXDUfmojKUelcY5CQhkkaZ9CcPe6sVgs
+ZrCJASIEEAECAAwFAkIWrQgFAwASdQAACgkQlxC4m8pXrXySOQf/YsZiUyM4PfDy
+e9ZTNeC2KCK6xpvGW7suxMfZFHVMpV5J0ZtKWqUsPNDx/6f/SiroK/3/TGz+eACn
+CZXPpgraGwwwHn7nvtekYkX03ozO+XGY7QRlMf4sYHV6JsCxR14q8BBrjcUQpwnt
+dBQYQQV6OddwxqnCzGdWKSebSRE30xRRzYyPZsGuDmTZXuH1kaLS+qxGst0O8vS/
+Ht5PLI3BYbIoCU5H0tMiQoQrAeqSoZmaipVu65iXSeXCpR82wVgqqlyXDt+Euho2
+dW8ib3ilKa5oB8QJ3NicM7wYZd+lipvcGuX7iLtHi+iSCRrYhJDaTQVFsbSclYsv
+jWJolCuwoYkBIgQQAQIADAUCQilwqgUDABJ1AAAKCRCXELibyletfNJEB/9AGg0Q
+mH4iYNL3KeVx+0U6j9D82spXWUPHaacXnjj8k93FmwcO4qW8WaNuFZlOaayitCJ2
+QsxwYV1Etonu92RPbTQqYAvKjAx8NcXYBj6zG5PbgHIGE8NOKdLIgkqsJgSDn47/
+2IjGGwxrrECYlKn6aLcRKlD3t/zd5XgLz8mIUkXPOfeCmzlCZkarf2n+/5OaTyKV
+nxu9wJrQykQ7PbbiK6/oG9ZYhjk6zN7tW7ZM8eYQjn4L3x3Ht06XdLMFb1nCHSrn
+BK34FnBO19k4CDZLtD7zeLf1asYrNvX1ij2KvzFCW9KQoA2MIYB1LDsn4nuE/2Bv
+tkLxU+BMjCfMZ9GniQEiBBABAgAMBQJCPTR1BQMAEnUAAAoJEJcQuJvKV618byEH
+/3D/z5vcgXyNrkqfmhACLv0qM2w3Df3t9+b5zDRTQC/QB+tY250Ylg/5tamqYhKi
+QvOm4fMvmDOFEngSxcv3aDEtrfZf/SBX/AGdOKlDOtLLcaV3r1wZzCNEb4NrOpEq
+/zQkUETUrahwLXEt3H3gJoDIcU/uRKswGXdrl1SjjCVjrgupYet8hqP8Xd6MjEef
+U5xrtYQIee19K2Fx2UcfVATyoGapqnCFnqBfM8QXvQHwmFMmk5nZMED1oN0hn/qu
+1BKCb9xjsXk0VoVz0vFOM7ICHjbJrwbaaFjGBkIgI0GmGCJbPjCW6qqBYlGSb1zp
+VoPJn/Gauq+ypYyA1E+W4qSJASIEEAECAAwFAkJPqcgFAwASdQAACgkQlxC4m8pX
+rXzIuQgAySTWpeSv7PQ8wiXpeFTJnAhqC/gEIBdoRxOYMvcvJCWmMynDrymM0AU3
+A3aF/Mb95UaVb+A7co+fdlkcA/cge1ksQ1FmeoN141nQ7u2NknPaGwNSwQ1t1DRL
+9U2O+0VKtk2TowR4Ado4bzwgVsFvCm9Tfpa6IDip/BGdpjfLDN5XBBhJRIl0DYjT
+0ui2nuA7YFBfAW6ErxV2P88d/+2aJBux4A61KMtQrOOkclDZa/EOD20sn6B5gGYf
+JKb8VUNWgjOsq1WJ+2prmrHbSEqmqWtkoLPZYQl+yoJjTizfao8s0fA28YdATyk5
+eryog4X+Y8wZOk0r4Dp3BW7xWXAei4kBIgQQAQIADAUCQmIT4QUDABJ1AAAKCRCX
+ELibyletfJkkCACGnLYlBrQmrVMiQoIUMo3F0GhhrrgoIpP8vKu0WM/bW5itSE0D
+wzZDyyMdeSa5tYWCy3WjYHuUesC0g23jE9hP0gghvNAMcl8kieqFRPZFBqHyokZ6
+3m2y8cQT5AkwJFPosUjIaGkVmtzmBfsDBZdHve6HgnMEgotjnyCqscFvg2IDW5fr
+2lN/fgazqOnV/NKN2kkodJp7s1cT3e40+PsU9cukrxLJSbcYi2YDMRoIQ80tJk+q
+UoAGFDGfSx4/bWu1E/8X8rBBzkrBn5B+Wl2EwDfVI68YkU7AX69Xy+GhJYnWDWFV
+tISxktIHUYUa3OxF9KUFsI4w2YCzPNHKaSUfiQEiBBABAgAMBQJCYrzcBQMAEnUA
+AAoJEJcQuJvKV618iAwH/2pXT3uVaMCkRTN9p2R1s4GAS9A2hi2N0hKdWw4EJdbX
+M91RDxi+ZjhzEeUgWnWYTi+Bj0kKyyPxeVDQ2qaq2anEyXkV5MqVgJIqYTEq9nD0
++NBtU2zrVPVpl1MIXmws3++/JxGin/33f0ZVP8C/1DePGywblULM75Di368wHt/Y
+dFSSOWpfYZvCkh/Bvqf/4BTRu7BSci6OTKA+B3kNK7g9Wdy1zGfR0wtuHWBcD7rJ
+pZJqs90rUFnLXS3FYl0yGuLy/l+yOXzlTZF4vTgMtGmSqAcXOfpPKud/SheAP7Nt
+Vbin47rVxOcdNcEu+vx2EajxhSG8hzeVcmFYzOa0qZqJASIEEAECAAwFAkJ1MGEF
+AwASdQAACgkQlxC4m8pXrXyqDAf/RcKNNbobfnoJnI1VqhPVBCdffHOftLB1c/YU
+4KDt/PKB7s+UlmCLuC7LAuLBDa/AyyoUlMkYMHJq6WLJqxhIrc6l0g9lLEpEh2hg
+Sd5zV/cR3Aj26m7pQAGQf0SCruVtnFq45yY5PJtViOZ1knr0i0IOg2FZ6dF1hATG
+IZVahsYGf5Q6ls8IVU3KR0KzWYAvUWC4upXqqdoY5ykouAI+Gce6AQka6hMy7mbL
+/ySduzDdpDDiMRdjObajR9wsHErUrwPlGzbr6KscjeZtJoEoqu5HT4Ab2PQ10RJQ
+IJcxIQQVTcQeJJwIZdvK7v87wmwrwIiaBYw6f0kCFMBuGhURqIkBIgQQAQIADAUC
+QocBRgUDABJ1AAAKCRCXELibyletfL8ICACg0KtUwDWLTAR2qQyHNFTLX+PiScTc
+pC5kHHTj4zWyWW9eC1sO8lUqVB+3jAgckav62iVgyv7Gl+4vizBqOvjBh52C4BIR
+3lkpzZ2gQdnIXOw3WGrpiPSahY/fFvk7VE0vHqcbnO91+F2MvHcZxqWsPflag0TK
+ois1CmBXTkOO6QTtxS1xGvPAImmfb0XzIbZ/C7F5szvYHLBpz6cHdWvG8hJHI9+3
+y21i7ZkpzHAc6TwgGcXvTpPOSUU4jgS7IDu4Hs0Vd7MjK3F4R8QFPE+hWzLIQIOh
+6Ds1VFU0pgVsVuXkrvjgFsgXyfebp7FmdWVSKMbN+r6rkhjxGWimWrUNiQEiBBAB
+AgAMBQJCiaUGBQMAEnUAAAoJEJcQuJvKV618olUH/3mMp7GYIDAVLBxUGism5/VF
+Fm7gSW9ezNf7nquJU4W3aQanU44coKOBChD+ZVScOdXV4dD/gM4SzgVGiT01jyHh
+o/87165+fuqFKjCTsDFBbDR/bbIsseVVway4ixEQJ5eH1Pwhh1ErJdsWShBNvtvj
+j+ClTvCvc0iH4IVQJyir7rNdwKtDTd/YyNMRro6cF1bIp3bpr0bvAxZLF1eBp95C
+bdR+3t42Yb+mTGMBsmSXUm32sZSHnXs6De/r4moWM5VKqHrxguOwr8TjsM3vFK9b
+tw0cO45H4UzTVe1KRWlmrWZ2kG0cUBJsLUSHTSXJ4IeMVJ84VwAb6Hdxmv8MCSOI
+RgQQEQIABgUCPnnDVQAKCRBW9CvswNf60/4nAKCZ21TN3O44Oz9L75Ev5FL8QxLX
+0QCgqOdcSK+Em70sLqevTA8TqaE/zdWIRgQQEQIABgUCPwbGKQAKCRBEIH0YQ8qw
+NeJzAJ49aclqMXfGuV21ph6fyMzyD83rvgCeLDxPbXBQ/saVk+nuWuAtQs6JAZuI
+RgQQEQIABgUCP74pKgAKCRC3f/OHPJ47d9G8AJwOE6/AtcpPI42Ro+qRgou9nyat
+yQCeKCnvyNgRxrUCSVPJtBZKCjlx+gWIRgQQEQIABgUCQHZrCwAKCRAVYGGs2I/J
+NITZAKCPrXQth0d85BGYbdAsqyQwdtAzPACgjIcQ+LML6kHSDFqWkyEZgutZdhmI
+RgQREQIABgUCQILxlwAKCRAODE9jbmXTJX95AJ4wGxwsVaZEgQbsVwA19S3VPiUj
+BgCghPpy39/JvijAYW7lm1nuxLaWMgWJAhwEEgECAAYFAkB2VUgACgkQHh0RbLTm
+cZQkjA//RtBpVxskkKz5uC0hZKQ1pmlYixXItbBL7qwnV9VkY/c1te1IQh5FT0aJ
+KuSA95bFhs1UP0wCuHDLmsGCeYb/Ij/EinEU/4+Qn1NuLG6PZ1zj+yT6mRJJek2R
+3cM1XSv/rAYeCP25u19yw/nBI+bSU/r1uZaOJFuy0DVsurMa73k5Mxr3cRceikzT
+RR+M3CAh264E4HA1AUDr6CAhYxBjjERfH7hwsJL6JMScnbxgbYFq9S6lJWjFd+As
+j/c35K1tON43b+dhd0C6kn+8v09bMTJjrqrjy0t0wEhntlghDruHY5KelbhOiPVq
+pjU7TI+1eWg0mAtdAWGWaWFi6/uwUWCQD/G246LSBfQHdZDXFjT61YBvFvEnpb0e
+Xx4E6RQJ9icBF8ckjWfEu8ghvwHTAqt1qAuWsAFqKgAfYlnOkZZTwG3v//xIALih
+2KfiuRD0qPfJF8ScBHvhl21h/jfy96zJEsFadwaVDZ+pV6hsR0Ii02r2S+UGcLYF
+7Nhxv9dGm5sjMzo41QF2RjG8RV5ekogAH8f3ysE3BgyqKmeMhKizKR35GvVL9vjj
+Ia4UhGiUWbCbutpFVMxV1saQ8uG62LVituoTEgruz1CFdnQcEP52X5WTya7Xh0uo
+ciMF5Sx+9t86j9Aic34MeRaoe42zlfx0p5Hl1KuLkCqBYc3nf3+JAhwEEgECAAYF
+AkB2VUgACgkQHh0RbLTmcZQkjA//RtBpVxskkKz5uC0hZKQ1pmlYixXItbBL7qwn
+V9VkY/c1te1IQh5FT0aJKuSA95bFhs1UP0wCuHDLmsGCeYb/Ij/EinEU/4+Qn1Nu
+LG6PZ1zj+yT6mRJJek2R3cM1XSv/rAYeCP25u19yw/nBI+bSU/r1uZaOJFuy0DVs
+urMa73k5Mxr3cRceikzTRR+M3CAh264E4HA1AUDr6CAhYxBjjERfH7hwsJL6JMSc
+nbxgbYFq9S6lJWjFd+Asj/c35K1tON43b+dhd0C6kn+8v09bMTJjrqrjy0v/////
+////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////
+//////+IRgQSEQIABgUCPhkNSwAKCRAXOrFG37Nm8m+5AJ971mhmPMA/x/OKCp84
+55CgtGndhwCeKztNwbBEIjsZ7oqdqmHchoz4a3SIRgQSEQIABgUCPrZbygAKCRAd
+PGw26t/PlIwfAJkB0oJuahPdiQy2q0w6L7QWck6VQwCgoPJNpzRE5XXyYhsTo7cM
+JgCfHUmIRgQSEQIABgUCPy5EkAAKCRDByv33yCXnF1F+AJ9Xx/AfSJFAO9iWr46L
+QdxVFa5NowCfTQPH16eTqS8eHx4bxOl8PFvpgaSIRgQSEQIABgUCPzbsjQAKCRBg
+XsAfR9RtYQ/IAJ4uyiZl32CtqYPZukWa5ZP/g8dxtQCdHEKLXAzeHJi0yL5arIU6
+2wBuXKuIRgQSEQIABgUCP94mnAAKCRCPTqMcXxoXiYhCAJwIofjPOHNyUUx4VkGG
+dSYI1OPpRwCgmMZsFZYk4nuUzuznmbWCAHUZTRGIRgQSEQIABgUCQMI18QAKCRBT
+kAY85MY1z8cRAKCZiQWf2nhPf7R+OTL8dSNPGtLbNgCgmiZPwbXB8fYsmgy9O2QR
+aOGQ3ceIRgQSEQIABgUCQQouNgAKCRAA26vcc+3FWBMSAKClFLy6THXbXt1T/DRI
+siBoXmGm/ACg1dZPyZIRcA+ALK+IWHWkPlxTdb2IRgQSEQIABgUCQdI3PwAKCRAu
+xYY3lXnds/3QAJ47B/gSHaAG9Ht1fixxmE0TVN7VJgCgooH0ryjvBbIQplYbeZuw
+ovU7ioqJAhwEEwECAAYFAkEQZEsACgkQdEiKwUmJ0lwVXRAAlEwGyHmszzzhq7Mg
+sLyXmfSyANP/NYWdLGUS203ddBDfDszQjjUVfHzekRRAEtkCNWXR29VLbt+Hr0D+
+Vtp3ZK2kcMiny6YWzTLBjIqN+o6WEn0NNVs9pQu7uNtdKoKAkUTcSLXNZ6UhElQQ
+jY9Q5AYiWY74KgZ5fxyxZ1v3+h2acZAC+wsEmYzeGJNEr7dCk4ufS5ia7KsjS7gf
+jQE3QGQi7EdYVaxGaRZAvD5BVA0fJi0W+AH55fF2ZY+DGrloZo9Rs9cO2vkkIb+Z
+Ka/7x5hnQQ3Km91oXdFMWrzShLtdCua1LBGiBfNu+MlqXupibQ0EWAGUWvF7atFB
+/1RD1ZS/pRqjYrGU4YUpecsS37xHdRu88IDy8vuJLWXa5bWI6oCnLQ3RdPI+HzkH
+X9xpH1EJeNSV9UfXKPfMkXmbZdf1mxkjW687uYsALigxtkXQU+MVsybVwROdLM2D
+mqQevrIBLSCORkYaN4dwVXkNGpkb9yrQYl/655wOObtAw1SwWoUk5mOfyx61qilE
+Pstu7SxsA+2XMWEhiws4qzoOV6D4EbVzwS7phtmi7ndEZu/7zCBEWzJGbJj6XRL7
+8+zT1WEMKH3iYZvY+qzbUk0TGXyEE5U/sBY+GvQFcDjudWU1EdqAomIwqE2Q+i1C
+2PPGmrgC+J28/4HkByYaBe3qplGIRgQTEQIABgUCPvoekwAKCRCGSUObbvo5F2mx
+AJ0av59dIxma/GBPgZ4ubXaQnLoRBwCbBzZzMDMH7lgsAqLbFe57ho/G0WqIRgQT
+EQIABgUCPvruXgAKCRCi//DI8dMbCnFWAJsFEHCOdhGhD4YvqxvUCGvgmmx/xACg
+oowlosHf3UtDkwIv1J3g5bmHn+iIRgQTEQIABgUCPzlAGQAKCRCmr/ijowQUUydJ
+AKCXmahfeYgFOPUlwphOFZUUpHuymwCguuN0OUN05e9A93DEQuyf/NahNb2IRgQT
+EQIABgUCQBHMGgAKCRCRPiU0hLfpgVRWAKDBiYUC8JqLsWWUhF0uNQpUkCHOkQCf
+RHBePdss8RVj7sb9gDtLFlARyeSIRgQTEQIABgUCQDWbjwAKCRCe3S/TMCo4drx3
+AJsEIa+ZcBa/lUsppglCqZe17oS/ywCeJkUuICOKXKJwDjpQ7P9MBy+cXwuIRgQT
+EQIABgUCQI1F6gAKCRDYw7lS6Rq5udLaAJ4n4OCW/3jw4dDbMDfLmnVAkFEOVwCd
+GH9sPa8ETIX78ZL0qOfHW2hi0vKIRgQTEQIABgUCQO+yagAKCRB4/dwLP9OL75lt
+AJ9jNN0mFsyJPqf8Fhlmq0h0LibL8QCfaQN6+mLrkYk2lIahzTA0uDRYO8uIRgQT
+EQIABgUCQQQwsQAKCRBdie+AV1OiMxu7AJ4heFlUeRpIBgRKsLrZQzWc68gSUgCe
+LcYp9KH26dbGPE0NO807/VctncSIRgQTEQIABgUCQRCO4gAKCRBojF5iVAyzG3Je
+AJ9ozlp4ARsY1YDAKkMDyZK42O5ckgCdHGME2oJW7Y8fV6mlTZTldMHzYvWIRgQT
+EQIABgUCQRsdLAAKCRDaR1eOhkybnu2kAJ9m8CzFNQ/Mi11O9yaG8b8fK5WsDwCg
+hqfiwxA82CfBsoruhUl7ksGIr4KIXwQTEQIAHwIbAwQLBwMCAxUCAwMWAgECHgEC
+F4ACGQEFAj2XFxQACgkQJPpRNiftIEadpACcD/c7E4d6yRVq3ByNoFEX1vST6CQA
+nRFMgy0UTjwOqB2IZ17GD8Gv62/OiGcEExECAB8CGwMECwcDAgMVAgMDFgIBAh4B
+AheAAhkBBQI9lxcUABIJECT6UTYn7SBGB2VHUEcAAQGdpACcD/c7E4d6yRVq3ByN
+oFEX1vST6CQAnRFMgy0UTjwOqB2IZ17GD8Gv62/OiEkEMBECAAkFAkJI40ECHQAA
+CgkQt3/zhzyeO3eRMQCggo4XawhTK1xmlvqZiplBQMl76nkAn3HP2swn/kJqsUm7
+bLkOI6+Uo1s7tCBLdXJ0IExpZWJlciA8a2xpZWJlckBnZW50b28ub3JnPokBIgQQ
+AQIADAUCQcvNEQUDABJ1AAAKCRCXELibyletfJvaCACx+0Ja3RPr403jmA4gCxQV
+C+Ea6h1aGX+yoUErN4uE5NBc3/cHVVRrtFlM083FEWOIvDXlyyujnN4V/ODSLVhK
+4LYBqgK20VCqbxB3MhEp6DlxhbzbzwcG1c32+5eS5xOswL7FkYIWfRz4803F0drk
+Eti5DTy+lAHgh5JSqi10HnqYUdyyUZ0YJMK8j922KNqm4e1bsXwLKLvnSCcvgc5F
+1OCC62jf8aLuLbjK+qU+TtQbPbAZ/Ex/szGGBrT+wBHv+dbVAAtQR3234a9Gbfxq
+Fr6fnV7AXnJKkS5q031KLg9C+a2iHxmmgJNb/QPekgEfAuubU7teo9ZQH6IKUmzn
+iQEiBBABAgAMBQJB3PPOBQMAEnUAAAoJEJcQuJvKV618RG8IALkXNdYFdg/DSwqE
+9kAmwDbvqxsm29tsfFs4t/BV5sV70DaecPxnSGTo/BanVvzI1DaG0T3Ad61vaYOF
+yROi1xcQ1trmOQrh7li0URncVSmFtn6RT+Z66Rtf21jwZ5GhylAoUQdvWz4GsIYd
++It4SYoK4v7LgHfL+/YTryPVGo8+xNVsWFL/yT5ZkAE4hZ6xKLsCwIxL5ZibekbA
+XuLizUwMGFqaL6Aw1Wyrrotz4colotRNKI7EvndZUwzH/AOZoY+6iHdJkqlXwEe1
+f/Gtny06ZK5QpjRyZ9M4g981M7UrPZ4Yp0sPbbu70Xt+9nYvTCljSpuAqzJbGtJj
+6ne5vk6JASIEEAECAAwFAkHuvREFAwASdQAACgkQlxC4m8pXrXy5jAf/XFq0yFo6
+Jrhj6rBZBJIWI+VmjnWHm1c9o6++9yfCxQZcJKiBkhSEIVXMNY76T+R3LTIeXmNK
+31R1j67rpyHca6xTXnok00YBpxV6cFSf4MMnMLQf2NBD5nHke5cRkLRmog0MEWEB
+ONIZzSBp98+DydQPnKzX00eB7wh10U9h0jui7O3HxgyrzHf+5aMgKC0xNM2qIMlF
+AM4W684Q/wEXohMrVaJRQNyEucCrGLoxztmY3CyXGKuaRQZjVnHjXd82sl7/qlVE
+1DkUTOSz7QoZbXCIZEdW8ZugCiAe7WkS2XbIdDALAjSetZzKpvfn7TnXgnb/eZso
+nXXIjMyDJ2+d5YkBIgQQAQIADAUCQgCJZQUDABJ1AAAKCRCXELibyletfCPaB/wK
+zgxwX4A3wvOeOzyBtebpoFBkyFkFY5H+5WBGwif2QgeobPmg2dep5fKBllkugot7
+/Dyr/N5jcZzxVbSaIZjNDNY/OP49M1sZbG9YVxjI7ItfahP8/HlFCUckV7wibmw5
+xAXjxa3fS2KquvWW1As78UegVFrdgWK+XdKwsTTguxoYJR7hlJn+uSizBqpFwizA
+EzD2s27RRaaPSOHNgsHlp3uGSHj9Lr1QE8YPvVn5furL0lE7triCiqKwr8d98Vf8
+OzRV8evS7qJLbQhV2Du18pXOoLvnXtrx/AVhob/cfuKefP05P0vMgYmCgeGnAnVt
+OkuzFkLjXUOCmK4xJo2KiQEiBBABAgAMBQJCElUwBQMAEnUAAAoJEJcQuJvKV618
+i9IIAMehyDbGtQuZq/5zPzqnr0mb7B3AQ+m3VHm/le2t7JwWJ8oh6z9o1TpQmPbS
+PbGvX/3ItdBLKK5ZGePz3Z9RbHIJhuqSCZv1phYZt1v+OhNOPGn6iMqKcDcxQEuV
+Aewzz4k2zDIdDRXHAdKa53XWWyOJ50OYEFIpJA+wShNz4MNgXUeAe8MQVyvFo1XH
+zODDTMc73WFG8+HuQ6TMhHVu0rHXg+PlYxuVuODnZNHrRkvVWVLvfsHZvBoMYoZI
+BrwyFMTfjauv5KSfFBbRvpLmmNkqGivu+TVgXOlGxUbOpDVFAyWFOAHKfAltTx/q
+b4Qeo/Iwt4UaANt8NaE525iSuSiJASIEEAECAAwFAkITuQwFAwASdQAACgkQlxC4
+m8pXrXx/LggAtUsz1EH0ZJz3es/EFwclnV2ypet1K1maQWBhmNdh5yVJJB3t2zDI
+lIrHaYjVUFMIiKob4a72xQ07BWuARe1pTUaEt11ZWvAwpvo06E2G4tYGo7eYh5L3
+JDR7OF7v6zkQSvEJskGVtMt6NGGn7YLhePA04TI8JSGn5TWZRVGVzoMgFYzPtB1S
+F2Sm1KOFQAZuA5NKgqwz3YxKCV/SuK6ALx3cPBYWUsokskfciHkcVDsRmXMn8ghs
+nhcovGD9gGER8tB3JTpCQqHycTo8NvWuj5B+tBnHRrUEWuATy0k6WxxWitLMW6MG
+hugz0CfrEi+HTj5qGzdunDYj3YA0DF7CjokBIgQQAQIADAUCQhatCAUDABJ1AAAK
+CRCXELibyletfDCIB/95K0a42bhNzkRIqnTGGOit3m6WNZfnDBlrFKYxowCBUf71
+ekbWNhrnnfJs8j1ie47QvYFCAQQx0NLGdJBKTvqdGG6USbQiHZKXe3ek261ThVQm
+JjtW6l07qzIu5jxmPMwg8HHHfPRPCke9oEFrUREm3AXpk6I+1mH6Uf+O1DSSijp8
+QrkGZ+rLZ8AdYgnT/Gkf21Hx8PJsuvfIo+91NlbWAFHYO92lgo05x/79/XlBlN+K
+r78Akewrzwx8yXVgYal+g2wwNbsuPAXAuDDAhuS1wDA13yah0Nt58HG3Ettu3K25
+3dsPY5YutxjJ0ix4JsmWrMfxSKB15LgZSJFRXckUiQEiBBABAgAMBQJCKXCqBQMA
+EnUAAAoJEJcQuJvKV618tO0H/26+BSmw9u/as2++Ja3gVdSlbCxfl4bdrw3UCPdD
+HAhlT2PB6Oms0qbxdTvQ9Xc+ik39GCg0AGC3E7Ebm20d9vx7r+33kJD0XrIuurpU
+fxmShrrHa1DQ3Nr3QVmbUrwnWZ4Bohd4rAqWmLPoZF/EHfQhqzB+veGcWE8EjhD9
+zBo5zb9R9euqrCIEs1fv94itEshrD73Z6pXqepatJ39t3Weipfq8TsGSYOk8RK2+
+jaZObNZjxtzRQREpK+OUgS4uHgGQs7oOnN6QgNap2w3EfaYwrNDqCseOJkpXHgNV
+kaOgzQsh6BMNEWF0pLfmFj0ehbWc1HYCCI5wXLyUUSyutVqJASIEEAECAAwFAkI9
+NHUFAwASdQAACgkQlxC4m8pXrXz0cwgAxas5gi+cpPi1bZMWcIPZ2rFQVcXcH9Fv
+nOHTZfTKLq4bJLZn8pqDyeNCD0hoJqBpn+7MwLZ4XXY4MEPanUapyQ0mLstEFz9d
+oH3HdsxFtWu1ix/N6iqy0N0CpA5Z/SE03TsxJTgyuufEnFCfutql2xad/DDh408v
+OF333UOsfAKsehKWseXBb0VMJGw1CRUCmm/84rwJOlG7QT1z25RaeGMaJTLwJZVc
+cBkcIRXYxBtWjxmPYMt/alxFDRTkbCOItmo35zHieR5xz7ysRxSKi9HrTZmCx3bq
+p7Dv6pC6CQrIH2zOOJzFF13jUMpTEQ5lOdTKxnDDybyMuSPdosdtpYkBIgQQAQIA
+DAUCQk+pyAUDABJ1AAAKCRCXELibyletfHeWB/4qwgGprfEp859wFcaUqFri40Zy
+MJJiQWUXvkEqcMLa3UpoVJjdGqfKEKNBb1EPIcbmK0Qaj3CI0f1M8RZOr2QZlYEp
+aWog86O0Q9U31tmgZJyqe45INOK3cUuWDJLO/dT4hBz1N+u9AdajTTKqB9bxvxHB
++f91Y/HKzXGoMQK03GhMJ0gMWBl6yF2k5dHpZcfUMl68Q/rtFtrmlHoGQYk+vDmW
+kfwz3/QMBpVplvj9WRYsv+5xF5TxAyyW2s/VMbHB1zdIB7fAJQJ5VuHQ3jAjak8Q
+h932TTUlp4Xlhu6V+9QWh+uhqNYGaREOF7Oxkla+bbILtXrkxHspfdzjCiImiQEi
+BBABAgAMBQJCYhPhBQMAEnUAAAoJEJcQuJvKV618YtQH/1r5ITvcEflXN758W7Qb
+sfk2QmTkcvJ9grohOhgdaOAPF/kC6V0zctxR1IRdRyrSI/R2zherQYz+tqHntdP9
+cTdJ4skPPQblmYfPFQkTidNywi1faPlnVnaVq5H7SQFEPeBmUBOB7DdVVDCaj6BS
+Z0XhRaFyc3bjBL2Np6/HRvGTzmOBz7EakE8eMDpFk9tGhkp+rCzGiiczeCda/kJC
+f6ixP6tx7iPBl+SeeJUa0Wkl9xmKrmyfkDzcXt+vJ+NSzHijASpoKkeOemGR5+KU
+TIwfI3o7i7bzSn/m8kbnP2xOXyCU/TJd4KTpskCWSDbVYOZEqCODsAY3t7lqyXWa
+ToWJASIEEAECAAwFAkJivNwFAwASdQAACgkQlxC4m8pXrXyMrwf+OTnREFRoSmCL
+5ENMRzRmhlgL8P3mXMjqfp1wBsY0or6jV8Mnl5WMpa+itFeAhBGM9U/0+fs9zTvi
+9mPDLAai+sGHJGrbhilBqWph0316PwWwgJ3VFiVsd1lh5LYn0A1EYch20xlpgv0z
+3GpFxsv/r/UwqRfgFE1g/KICJUfMq/VWdeJI+E96UXv4f7RlRGcHoHD3PROguz/L
+zjA1cyZqgyvoD//SxRqegHleSH+GY/gvTL2go9m00TKu4/dzsCfbHaMjDr9z8n3A
+px0U7CoXzdwETT67ug2+VbIjCNgpGkBA/7FsS+7shCwbLYbyJ4d/qMdooE9MfqR/
+p1xwNbrckokBIgQQAQIADAUCQnUwYQUDABJ1AAAKCRCXELibyletfKVMCACPPBvg
+0A4X9poKCPkC5ptwSHcmmhUX1yLwPYo431oxe5oLqkUKfD7rv2M8FV90hDftNBL7
+b8rrfMzx6wMgaJVYTaUZa01WIk2abLfQTkZeLNEBW5GUpAIxH9OIunF/qLz8knoo
+d8oTSbElfyRTH+bji2PE1dP64/2zUCa95KLvdo4VHL77+Lukw88Wp1Y3u1M2W4QY
+ZnGqoJTpbWPy3O/xU7MHmGYyTl81CbfqbqYw+bYSy8kizbj+v6FVh1Dplp+6dMNX
+ITy7HgRvzftLzTiK6wOTqcYiZtNfZ6z9zlqABkMiUc5aNphp0FDetWHqKQ0Ps+5R
+QEXLAjXbmfWOnt91iQEiBBABAgAMBQJChwFGBQMAEnUAAAoJEJcQuJvKV618RVMH
+/AngTqFtlkwc4epwvTYx6+0TI3bloHSxGAciSN0C4279JVCXGdRTo4xy3kMSXG4g
+wUywKXM9zvCLyL70b4hlZe9ov/xQar8Vea6G9+dpHr5lBKPxLauXQTmyiO2bfUJP
+UlDyMiVlADOi22hcHUhi9ZIJ0Oeglr96Y8IB+4YMAm/7wIGRspOQH5RIRQn/n4ud
+hvWLxBjxyp0jsTRgnTgRnHEGsXInS1WvuA7cbMVjC0YpA1QHyuFwtL/yVIokggHO
+Ppk9y2fr970CUDD+MpxbaDy3t0loyjMBC6c7xqpQFuiDIUGLsoJ3AAYdGHnFN/b5
+B4w0w/KHxLkckuLTUsMCoauJASIEEAECAAwFAkKJpQYFAwASdQAACgkQlxC4m8pX
+rXx3ZQf+LJR4LdN1yXFp5Aoy59ex6pZsxY9wFoTPOgonHHT5npYvMjQdUPu8kCyU
+CfY1+LOT3iHNups4xV7vcbZZ/7LM9GITT/4QV74XENuEtvPSNAVPm/7cl8xeb+yV
+trPafV+5xJRkCNLkQl+q0MskV+gjpreRgjKUDTysDmS9gVok+i8gw4To1NoZH5cB
+SvbYNDN7fyHmkaJ4VDqcmUfbKe14AoKdOPVqVRWVeWvW7MjMwHCYrlijIYiECXaR
+U9WuuMYICH9OXj330070p3xXXN8rl3xX9Wphn2l2Gm3z8mIekBuPCmkfUEhNu1Pg
+hmaCDnPsFfdzxc6euYVB1QIgzYY1wYhGBBARAgAGBQI+ecNQAAoJEFb0K+zA1/rT
+b2cAoLnOTJq5juP7Q4a7W4hcVxsm+/+wAJ0VcRoXEScDIK37TKVCo6rGhYEdcohG
+BBARAgAGBQI/BsYpAAoJEEQgfRhDyrA1bXYAmQGyAC/OFAqeg7efesSDdwKrvEwS
+AJ9zS8F/TMtypsivtL9+z1WEe47B4ohGBBARAgAGBQI/vikuAAoJELd/84c8njt3
+zn8An1Iy3O6HDDGqZNVdXl0DxIWKlmSgAJ9FtTHdrKNfksCbBRSJfL9B+mBog4hG
+BBARAgAGBQJAdmsRAAoJEBVgYazYj8k0g3kAoMwHmnaYlwdRM0R3AwZ9aomnAZw0
+AKDaJ+WX7aXOBCq2uHHADOTg4OzebohGBBERAgAGBQJAgvGZAAoJEA4MT2NuZdMl
+IsQAoIKgW0BTuXJi0Li2+BfUSRopxZkJAKCXZOXurzcL3fJDF0zxOFKDbdKLuYkC
+HAQSAQIABgUCQHZVTwAKCRAeHRFstOZxlBJ7EACjrowxVbTuS04J4HxGY6ccbNYr
+mQHrG7depGzddPQ4X8FcX9dYvFCz0l5nleb3DH7mHXfJhBThcAnD0Tj25iFgoKcL
+Qq8Jq+PEh198muuHlBZesmhxkBc6Drhq3SCiCkBUXRzXBrYSVV5BPtlalKKEx9kC
+S0SC2WOF+hg2T5JZUqmzpzZw4lA9HGvT7UwuGJ882reoT/UeqJPnaYFl3w6AVdXG
+nADg30RpXfCWCMIoLqLwo+UwONGA0375R0gu3bSlSbaYGa1vILCsVkBXWdO3Sdzc
+L9SQwzrCtQDcFgZkjtI4UHsm3Jgxd5tBCgsL/CH/mpvVtRlb6Ltazh7949oYV+vD
+FfqzhN4aoUfmcGNxZuCC61Cs8Gn75cEQOhsxq40/xWoK+Y8dFoh2Q/FM2pAKluim
+UKvsJ1dZyjtwaDTwxa8lyqaUza6aufMEh/HkyoI12ieAw3hqE+QHtXB62ZqH09Vi
+2Y4I4BSLYgfDL6t74ajAAGJuJLl+d9+WbVsWSPAft4GAK8wVP4QbyJrxxoEGUkSc
+BovU6s8CQAhPXR9Pnc/PapBhAuWBmG/F9rBW0jcYRf5GDj6nDpQPZmhWaIoWLjYT
+lDqoCRT7LbZakwbcL/NcI6SsGh58Ftr9MoYPkz1EPsR2b2UcWt/JTTdUC/fHVWNJ
+5peuW3iuk1vVsahGuYhGBBIRAgAGBQI+GQ1HAAoJEBc6sUbfs2bysQQAn1I8HkYQ
+/U1xfMoueZu0fmIgs1D5AJ9z5kX3FZNt9CUCb78rCNx+T/1tAohGBBIRAgAGBQI+
+tlvEAAoJEB08bDbq38+UHnkAoMm1PP4JPNnqVhRBOqxbWxrNjOU6AJ9L80dmhIkb
+gbed/HZOykmX0IM3sIhGBBIRAgAGBQI/LkSUAAoJEMHK/ffIJecX/XoAnRc3y3g2
+vLyyJexx5AxyFqi6fCpwAJ0bYfatrJETqlPbjuRMBg5aOWs3w4hGBBIRAgAGBQI/
+NuyeAAoJEGBewB9H1G1hVy0AoIazxn7C/7pT9SNJeiqaO83YYN25AJ9Gg1dVKgoG
+UD33E6D41owTYJFsCohGBBIRAgAGBQI/3iafAAoJEI9OoxxfGheJYjcAnAk7qMCq
+55nPCyP+RwRrJpD4xhZeAKCgjHbKBAqVgzWB73tuwm+GYbzUHIhGBBIRAgAGBQJA
+wjYCAAoJEFOQBjzkxjXPwQIAnjj3aVeUAVw2tQ1SHPR1I9Qv7t/iAKC1FrgxBD+S
+WQb61TuJd3UGJYuzJ4hGBBIRAgAGBQJBCi45AAoJEADbq9xz7cVY7EUAoMoQN0pd
+vxGeaqAv/2UvAkY13XfDAJ4k4eVINYv23YNjAC8BO0hgiqiozohGBBIRAgAGBQJB
+0jc/AAoJEC7FhjeVed2zenQAniLCMILmqwQ4tRTJ/Zsw5UW5alAtAJ0bCm5nWCm/
+/Euf/bTtmm0gMtlD24kCHAQTAQIABgUCQRBkXQAKCRB0SIrBSYnSXGYkD/941Qqa
+eRfxDNIbAM0P9VIenu4twxEj+275xf4jDeg+7q1eIBI+IK+QnjvTttxlrU9prJET
+W5gZNt6d0ELdgakE7vJDbAkg39IlVYdkkigAyS6+dZVaia8NoymPcqT8za6mS2Re
+KEMx7YOLRh3g1lZ/715nDDVrL0zhzfslKPZxBaLwB4plxmHbT9ONBkJZpbwLgMBe
+ftrG+MSdlzV2gtAdr5W0VWQ8daUzSlcxcFXUJVETOWGsGn53RB5xm7KsRU+oGO3q
+mP8y8l1gKuYkIVLcN685w1vMS+xqoKiZgsZGqRSRvHkrmUseFauXOdqgChU5aig5
+jjF2/7NZiCJMinWIYYawlGcoc/6pQ9GILNA+NZGgM4ux8o92xF9e6Foj2syrmL0T
+1X9Yl7TuptMtrZPkXSyo4U0Is/GFxaviQkxmge2d8scyxyIr7Dqbj/ljSg5O6TgU
+nViBzIWDi7RrHKTu4sSoWcpG12iuyW/oOYGFxzkaGhexWsBUN5MAQL3pCwjIkw2N
+9ovlnH9SzWFY8W61QD+IvWrBTOxuOgDH7HptYwPzDZ5E5x+HJAMWex3GJ7huXDQM
+cLpzUDSkaOk6iK+jvhvLQeek8ubCwJKYZxQtP+Jfew75NfCZ+Owyr3kS3SO2GiUo
+P+TIIUouc1hvOG4rNe8dzRZv0SBWSVyQl/Qvn4hFBBMRAgAGBQI+Ni3HAAoJEO2i
+Zdg0WHgOg4EAmKAXQrdomL+RkoelTSJZ9UlasZQAoK1INRoQb2WRkW/NYlOLnalv
+64RjiEYEExECAAYFAj76HpgACgkQhklDm276ORcMvgCfa8ce/uacDpTLwU3H12yW
+0i7yASAAoPc0v45mLo489OY3CrpnDZhzqdewiEYEExECAAYFAj767mAACgkQov/w
+yPHTGwpRCwCgnXSEJm+qArZ6AmjBTmd+hh/ODlEAmwdYbFgf8rsQ+yOJaM/qu0EZ
+yqYOiEYEExECAAYFAj85QBsACgkQpq/4o6MEFFN47gCeOi9OljptM2vkbMLOq3s/
+dz7AN2EAnRYazOdwjt9GnX5tEX7ly24KVjxTiEYEExECAAYFAkARzBwACgkQkT4l
+NIS36YFGDQCgnSn5aRKHhSXLon+ZOVZtRBV5KHMAnAn58uShh5qVz9masNpCvrsg
+4kxLiEYEExECAAYFAkA1m5IACgkQnt0v0zAqOHaRJACgtZG8Ru7cZSbUQWoa3WRU
+CRtzKCIAoKwb91LI48wiasoHUhrQe/dfARZmiEYEExECAAYFAkCNRewACgkQ2MO5
+UukaubkMpwCgodNsHFUi/7hG9ebRtgvm23dJAbQAniTk/jaK0oHkgxRnMsvOXCvD
+bTsmiEYEExECAAYFAkDvsm8ACgkQeP3cCz/Ti+8nwwCdHKF77FicZMtHXymzVcvQ
+Xj8OUg8AoJQ0elAR6LiQ5rvCBSimVtpXx6aaiEYEExECAAYFAkEEMLQACgkQXYnv
+gFdTojPxMQCglWh3IicjlKxXVBaH4oAhXhAeOy8Anjm2ytgmrsTM4HBsSVuVwQnr
+PJALiEYEExECAAYFAkEQjuMACgkQaIxeYlQMsxsyoQCfYeljM8N7O4cRcwZNoi6D
+6vL6XJcAoIFk0zLSGqMdYANYYlfArQnL5M21iEYEExECAAYFAkEURrYACgkQ1lw5
+L9kbRynL2QCfXhTYIZpzmnh4eWF1CdvTy1JkHLIAn0frex28G+WiIXnufYZU8RPF
+jjKTiEYEExECAAYFAkEbHS0ACgkQ2kdXjoZMm57+awCbBZt7Gy1soPu9qQcfhXMl
+Yw6mKnQAnjAQcl/ziMY7b5FSC9OmSHldFYWdiFkEExECABkFAj2CgM0ECwcDAgMV
+AgMDFgIBAh4BAheAAAoJECT6UTYn7SBG9HYAn0uZLKCz0pxwa/3FF6PqlpKSv1aT
+AJ9BJPv78TwzT1Lh1aheJQ957z3dC4hhBBMRAgAZBQI9goDNBAsHAwIDFQIDAxYC
+AQIeAQIXgAASCRAk+lE2J+0gRgdlR1BHAAEB9HYAn0uZLKCz0pxwa/3FF6PqlpKS
+v1aTAJ9BJPv78TwzT1Lh1aheJQ957z3dC4hJBDARAgAJBQJCSONFAh0AAAoJELd/
+84c8njt3RRkAnjsyqK46PapbLtv/QyXT95N5ZX+NAJ9Nprn5f+ALZB9lqdrjlUaZ
+hcxpzrYAAAAdS3VydCBMaWViZXIgPGt1cnRAbGllYmVyLm9yZz6IRgQQEQIABgUC
+PnnDVQAKCRBW9CvswNf60/4nAKCZ21TN3O44Oz9L75Ev5FL8QxLX0QCgqOdcSK+E
+m70sLqevTA8TqaE/zdWIRgQQEQIABgUCPwbGKQAKCRBEIH0YQ8qwNeJzAJ49aclq
+MXfGuV21ph6fyMzyD83rvgCeLDxPbXBQ/saVk+nuWuAtQs6JAZuIRgQQEQIABgUC
+P74pKgAKCRC3f/OHPJ47d9G8AJwOE6/AtcpPI42Ro+qRgou9nyatyQCeKCnvyNgR
+xrUCSVPJtBZKCjlx+gWIRgQQEQIABgUCQHZrCwAKCRAVYGGs2I/JNITZAKCPrXQt
+h0d85BGYbdAsqyQwdtAzPACgjIcQ+LML6kHSDFqWkyEZgutZdhmIRgQREQIABgUC
+QILxlwAKCRAODE9jbmXTJX95AJ4wGxwsVaZEgQbsVwA19S3VPiUjBgCghPpy39/J
+vijAYW7lm1nuxLaWMgWJAhwEEgECAAYFAkB2VUgACgkQHh0RbLTmcZQkjA//RtBp
+VxskkKz5uC0hZKQ1pmlYixXItbBL7qwnV9VkY/c1te1IQh5FT0aJKuSA95bFhs1U
+P0wCuHDLmsGCeYb/Ij/EinEU/4+Qn1NuLG6PZ1zj+yT6mRJJek2R3cM1XSv/rAYe
+CP25u19yw/nBI+bSU/r1uZaOJFuy0DVsurMa73k5Mxr3cRceikzTRR+M3CAh264E
+4HA1AUDr6CAhYxBjjERfH7hwsJL6JMScnbxgbYFq9S6lJWjFd+Asj/c35K1tON43
+b+dhd0C6kn+8v09bMTJjrqrjy0t0wEhntlghDruHY5KelbhOiPVqpjU7TI+1eWg0
+mAtdAWGWaWFi6/uwUWCQD/G246LSBfQHdZDXFjT61YBvFvEnpb0eXx4E6RQJ9icB
+F8ckjWfEu8ghvwHTAqt1qAuWsAFqKgAfYlnOkZZTwG3v//xIALih2KfiuRD0qPfJ
+F8ScBHvhl21h/jfy96zJEsFadwaVDZ+pV6hsR0Ii02r2S+UGcLYF7Nhxv9dGm5sj
+Mzo41QF2RjG8RV5ekogAH8f3ysE3BgyqKmeMhKizKR35GvVL9vjjIa4UhGiUWbCb
+utpFVMxV1saQ8uG62LVituoTEgruz1CFdnQcEP52X5WTya7Xh0uociMF5Sx+9t86
+j9Aic34MeRaoe42zlfx0p5Hl1KuLkCqBYc3nf3+IRgQSEQIABgUCPhkNSwAKCRAX
+OrFG37Nm8m+5AJ971mhmPMA/x/OKCp8455CgtGndhwCeKztNwbBEIjsZ7oqdqmHc
+hoz4a3SIRgQSEQIABgUCPrZbygAKCRAdPGw26t/PlIwfAJkB0oJuahPdiQy2q0w6
+L7QWck6VQwCgoPJNpzRE5XXyYhsTo7cMJgCfHUmIRgQSEQIABgUCPy5EkAAKCRDB
+yv33yCXnF1F+AJ9Xx/AfSJFAO9iWr46LQdxVFa5NowCfTQPH16eTqS8eHx4bxOl8
+PFvpgaSIRgQSEQIABgUCPzbsjQAKCRBgXsAfR9RtYQ/IAJ4uyiZl32CtqYPZukWa
+5ZP/g8dxtQCdHEKLXAzeHJi0yL5arIU62wBuXKuIRgQSEQIABgUCP94mnAAKCRCP
+TqMcXxoXiYhCAJwIofjPOHNyUUx4VkGGdSYI1OPpRwCgmMZsFZYk4nuUzuznmbWC
+AHUZTRGIRgQSEQIABgUCQMI18QAKCRBTkAY85MY1z8cRAKCZiQWf2nhPf7R+OTL8
+dSNPGtLbNgCgmiZPwbXB8fYsmgy9O2QRaOGQ3ceJAhwEEwECAAYFAkEQZEsACgkQ
+dEiKwUmJ0lwVXRAAlEwGyHmszzzhq7MgsLyXmfSyANP/NYWdLGUS203ddBDfDszQ
+jjUVfHzekRRAEtkCNWXR29VLbt+Hr0D+Vtp3ZK2kcMiny6YWzTLBjIqN+o6WEn0N
+NVs9pQu7uNtdKoKAkUTcSLXNZ6UhElQQjY9Q5AYiWY74KgZ5fxyxZ1v3+h2acZAC
++wsEmYzeGJNEr7dCk4ufS5ia7KsjS7gfjQE3QGQi7EdYVaxGaRZAvD5BVA0fJi0W
++AH55fF2ZY+DGrloZo9Rs9cO2vkkIb+ZKa/7x5hnQQ3Km91oXdFMWrzShLtdCua1
+LBGiBfNu+MlqXupibQ0EWAGUWvF7atFB/1RD1ZS/pRqjYrGU4YUpecsS37xHdRu8
+8IDy8vuJLWXa5bWI6oCnLQ3RdPI+HzkHX9xpH1EJeNSV9UfXKPfMkXmbZdf1mxkj
+W687uYsALigxtkXQU+MVsybVwROdLM2DmqQevrIBLSCORkYaN4dwVXkNGpkb9yrQ
+Yl/655wOObtAw1SwWoUk5mOfyx61qilEPstu7SxsA+2XMWEhiws4qzoOV6D4EbVz
+wS7phtmi7ndEZu/7zCBEWzJGbJj6XRL78+zT1WEMKH3iYZvY+qzbUk0TGXyEE5U/
+sBY+GvQFcDjudWU1EdqAomIwqE2Q+i1C2PPGmrgC+J28/4HkByYaBe3qplGIRgQT
+EQIABgUCPvoekwAKCRCGSUObbvo5F2mxAJ0av59dIxma/GBPgZ4ubXaQnLoRBwCb
+BzZzMDMH7lgsAqLbFe57ho/G0WqIRgQTEQIABgUCPvruXgAKCRCi//DI8dMbCnFW
+AJsFEHCOdhGhD4YvqxvUCGvgmmx/xACgoowlosHf3UtDkwIv1J3g5bmHn+iIRgQT
+EQIABgUCPzlAGQAKCRCmr/ijowQUUydJAKCXmahfeYgFOPUlwphOFZUUpHuymwCg
+uuN0OUN05e9A93DEQuyf/NahNb2IRgQTEQIABgUCQBHMGgAKCRCRPiU0hLfpgVRW
+AKDBiYUC8JqLsWWUhF0uNQpUkCHOkQCfRHBePdss8RVj7sb9gDtLFlARyeSIRgQT
+EQIABgUCQI1F6gAKCRDYw7lS6Rq5udLaAJ4n4OCW/3jw4dDbMDfLmnVAkFEOVwCd
+GH9sPa8ETIX78ZL0qOfHW2hi0vKIRgQTEQIABgUCQO+yagAKCRB4/dwLP9OL75lt
+AJ9jNN0mFsyJPqf8Fhlmq0h0LibL8QCfaQN6+mLrkYk2lIahzTA0uDRYO8uIRgQT
+EQIABgUCQQQwsQAKCRBdie+AV1OiMxu7AJ4heFlUeRpIBgRKsLrZQzWc68gSUgCe
+LcYp9KH26dbGPE0NO807/VctncSIRgQTEQIABgUCQRCO4gAKCRBojF5iVAyzG3Je
+AJ9ozlp4ARsY1YDAKkMDyZK42O5ckgCdHGME2oJW7Y8fV6mlTZTldMHzYvWIRgQT
+EQIABgUCQRsdLAAKCRDaR1eOhkybnu2kAJ9m8CzFNQ/Mi11O9yaG8b8fK5WsDwCg
+hqfiwxA82CfBsoruhUl7ksGIr4KIXwQTEQIAHwIbAwQLBwMCAxUCAwMWAgECHgEC
+F4ACGQEFAj2XFxQACgkQJPpRNiftIEadpACcD/c7E4d6yRVq3ByNoFEX1vST6CQA
+nRFMgy0UTjwOqB2IZ17GD8Gv62/OiGcEExECAB8CGwMECwcDAgMVAgMDFgIBAh4B
+AheAAhkBBQI9lxcUABIJECT6UTYn7SBGB2VHUEcAAQGdpACcD/c7E4d6yRVq3ByN
+oFEX1vST6CQAnRFMgy0UTjwOqB2IZ17GD8Gv62/OtgAAACBLdXJ0IExpZWJlciA8
+a2xpZWJlckBnZW50b28ub3JnPohGBBARAgAGBQI+ecNQAAoJEFb0K+zA1/rTb2cA
+oLnOTJq5juP7Q4a7W4hcVxsm+/+wAJ0VcRoXEScDIK37TKVCo6rGhYEdcohGBBAR
+AgAGBQI/BsYpAAoJEEQgfRhDyrA1bXYAmQGyAC/OFAqeg7efesSDdwKrvEwSAJ9z
+S8F/TMtypsivtL9+z1WEe47B4ohGBBARAgAGBQI/vikuAAoJELd/84c8njt3zn8A
+n1Iy3O6HDDGqZNVdXl0DxIWKlmSgAJ9FtTHdrKNfksCbBRSJfL9B+mBog4hGBBAR
+AgAGBQJAdmsRAAoJEBVgYazYj8k0g3kAoMwHmnaYlwdRM0R3AwZ9aomnAZw0AKDa
+J+WX7aXOBCq2uHHADOTg4OzebohGBBERAgAGBQJAgvGZAAoJEA4MT2NuZdMlIsQA
+oIKgW0BTuXJi0Li2+BfUSRopxZkJAKCXZOXurzcL3fJDF0zxOFKDbdKLuYkCHAQS
+AQIABgUCQHZVTwAKCRAeHRFstOZxlBJ7EACjrowxVbTuS04J4HxGY6ccbNYrmQHr
+G7depGzddPQ4X8FcX9dYvFCz0l5nleb3DH7mHXfJhBThcAnD0Tj25iFgoKcLQq8J
+q+PEh198muuHlBZesmhxkBc6Drhq3SCiCkBUXRzXBrYSVV5BPtlalKKEx9kCS0SC
+2WOF+hg2T5JZUqmzpzZw4lA9HGvT7UwuGJ882reoT/UeqJPnaYFl3w6AVdXGnADg
+30RpXfCWCMIoLqLwo+UwONGA0375R0gu3bSlSbaYGa1vILCsVkBXWdO3SdzcL9SQ
+wzrCtQDcFgZkjtI4UHsm3Jgxd5tBCgsL/CH/mpvVtRlb6Ltazh7949oYV+vDFfqz
+hN4aoUfmcGNxZuCC61Cs8Gn75cEQOhsxq40/xWoK+Y8dFoh2Q/FM2pAKluimUKvs
+J1dZyjtwaDTwxa8lyqaUza6aufMEh/HkyoI12ieAw3hqE+QHtXB62ZqH09Vi2Y4I
+4BSLYgfDL6t74ajAAGJuJLl+d9+WbVsWSPAft4GAK8wVP4QbyJrxxoEGUkScBovU
+6s8CQAhPXR9Pnc/PapBhAuWBmG/F9rBW0jcYRf5GDj6nDpQPZmhWaIoWLjYTlDqo
+CRT7LbZakwbcL/NcI6SsGh58Ftr9MoYPkz1EPsR2b2UcWt/JTTdUC/fHVWNJ5peu
+W3iuk1vVsahGuYhGBBIRAgAGBQI+GQ1HAAoJEBc6sUbfs2bysQQAn1I8HkYQ/U1x
+fMoueZu0fmIgs1D5AJ9z5kX3FZNt9CUCb78rCNx+T/1tAohGBBIRAgAGBQI+tlvE
+AAoJEB08bDbq38+UHnkAoMm1PP4JPNnqVhRBOqxbWxrNjOU6AJ9L80dmhIkbgbed
+/HZOykmX0IM3sIhGBBIRAgAGBQI/LkSUAAoJEMHK/ffIJecX/XoAnRc3y3g2vLyy
+Jexx5AxyFqi6fCpwAJ0bYfatrJETqlPbjuRMBg5aOWs3w4hGBBIRAgAGBQI/Nuye
+AAoJEGBewB9H1G1hVy0AoIazxn7C/7pT9SNJeiqaO83YYN25AJ9Gg1dVKgoGUD33
+E6D41owTYJFsCohGBBIRAgAGBQI/3iafAAoJEI9OoxxfGheJYjcAnAk7qMCq55nP
+CyP+RwRrJpD4xhZeAKCgjHbKBAqVgzWB73tuwm+GYbzUHIhGBBIRAgAGBQJAwjYC
+AAoJEFOQBjzkxjXPwQIAnjj3aVeUAVw2tQ1SHPR1I9Qv7t/iAKC1FrgxBD+SWQb6
+1TuJd3UGJYuzJ4kCHAQTAQIABgUCQRBkXQAKCRB0SIrBSYnSXGYkD/941QqaeRfx
+DNIbAM0P9VIenu4twxEj+275xf4jDeg+7q1eIBI+IK+QnjvTttxlrU9prJETW5gZ
+Nt6d0ELdgakE7vJDbAkg39IlVYdkkigAyS6+dZVaia8NoymPcqT8za6mS2ReKEMx
+7YOLRh3g1lZ/715nDDVrL0zhzfslKPZxBaLwB4plxmHbT9ONBkJZpbwLgMBeftrG
++MSdlzV2gtAdr5W0VWQ8daUzSlcxcFXUJVETOWGsGn53RB5xm7KsRU+oGO3qmP8y
+8l1gKuYkIVLcN685w1vMS+xqoKiZgsZGqRSRvHkrmUseFauXOdqgChU5aig5jjF2
+/7NZiCJMinWIYYawlGcoc/6pQ9GILNA+NZGgM4ux8o92xF9e6Foj2syrmL0T1X9Y
+l7TuptMtrZPkXSyo4U0Is/GFxaviQkxmge2d8scyxyIr7Dqbj/ljSg5O6TgUnViB
+zIWDi7RrHKTu4sSoWcpG12iuyW/oOYGFxzkaGhexWsBUN5MAQL3pCwjIkw2N9ovl
+nH9SzWFY8W61QD+IvWrBTOxuOgDH7HptYwPzDZ5E5x+HJAMWex3GJ7huXDQMcLpz
+UDSkaOk6iK+jvhvLQeek8ubCwJKYZxQtP+Jfew75NfCZ+Owyr3kS3SO2GiUoP+TI
+IUouc1hvOG4rNe8dzRZv0SBWSVyQl/Qvn4hFBBMRAgAGBQI+Ni3HAAoJEO2iZdg0
+WHgOg4EAmKAXQrdomL+RkoelTSJZ9UlasZQAoK1INRoQb2WRkW/NYlOLnalv64Rj
+iEYEExECAAYFAj76HpgACgkQhklDm276ORcMvgCfa8ce/uacDpTLwU3H12yW0i7y
+ASAAoPc0v45mLo489OY3CrpnDZhzqdewiEYEExECAAYFAj767mAACgkQov/wyPHT
+GwpRCwCgnXSEJm+qArZ6AmjBTmd+hh/ODlEAmwdYbFgf8rsQ+yOJaM/qu0EZyqYO
+iEYEExECAAYFAj85QBsACgkQpq/4o6MEFFN47gCeOi9OljptM2vkbMLOq3s/dz7A
+N2EAnRYazOdwjt9GnX5tEX7ly24KVjxTiEYEExECAAYFAkARzBwACgkQkT4lNIS3
+6YFGDQCgnSn5aRKHhSXLon+ZOVZtRBV5KHMAnAn58uShh5qVz9masNpCvrsg4kxL
+iEYEExECAAYFAkCNRewACgkQ2MO5UukaubkMpwCgodNsHFUi/7hG9ebRtgvm23dJ
+AbQAniTk/jaK0oHkgxRnMsvOXCvDbTsmiEYEExECAAYFAkDvsm8ACgkQeP3cCz/T
+i+8nwwCdHKF77FicZMtHXymzVcvQXj8OUg8AoJQ0elAR6LiQ5rvCBSimVtpXx6aa
+iEYEExECAAYFAkEEMLQACgkQXYnvgFdTojPxMQCglWh3IicjlKxXVBaH4oAhXhAe
+Oy8Anjm2ytgmrsTM4HBsSVuVwQnrPJALiEYEExECAAYFAkEQjuMACgkQaIxeYlQM
+sxsyoQCfYeljM8N7O4cRcwZNoi6D6vL6XJcAoIFk0zLSGqMdYANYYlfArQnL5M21
+iEYEExECAAYFAkEURrYACgkQ1lw5L9kbRynL2QCfXhTYIZpzmnh4eWF1CdvTy1Jk
+HLIAn0frex28G+WiIXnufYZU8RPFjjKTiEYEExECAAYFAkEbHS0ACgkQ2kdXjoZM
+m57+awCbBZt7Gy1soPu9qQcfhXMlYw6mKnQAnjAQcl/ziMY7b5FSC9OmSHldFYWd
+iFkEExECABkFAj2CgM0ECwcDAgMVAgMDFgIBAh4BAheAAAoJECT6UTYn7SBG9HYA
+n0uZLKCz0pxwa/3FF6PqlpKSv1aTAJ9BJPv78TwzT1Lh1aheJQ957z3dC4hhBBMR
+AgAZBQI9goDNBAsHAwIDFQIDAxYCAQIeAQIXgAASCRAk+lE2J+0gRgdlR1BHAAEB
+9HYAn0uZLKCz0pxwa/3FF6PqlpKSv1aTAJ9BJPv78TwzT1Lh1aheJQ957z3dC7kC
+DQQ9goDwEAgAkUS+as6he2ArfvdUKtTtwQSpH8ziUyT/RYur6MdS8ZFHnmGJZEvn
+EctbRN8otyHy2T5ecZ2CRaqp53+Dx27rO2EeQc/JUHmK5ZOI0z6FmLXTa7nvXaMD
+O0sEIxcYJaI840pkY4irheE1VBqMv0NYVVTUkK9c0RUAXHGpvzbUHfuwNFu+qSt0
+LhZ+uF5HnhE1k+cq6iJohTqd6UU1AXdIuOu9UmP2bBzS2fHXm/bYm5SCb4a7QRlU
+PD7aBoHAjmC2cBTa8QCekq/zzLNaLLMNbaRvRcDFRh8A9g1jbxJtib0+Wu9B1zTC
+f3ohjruIB+qGqRd0o2PyvYVzPQaJ2OykpwADBQf+P6QcdEkL/QRBZ/LgZ5haxtkk
+D9rHFgW7hxlZ4EJEmUsY1CLa1crDzFHfK/xIzZWjYgLC51O2JVjHaFCcf25oysgf
+i4im15MroGUzCtVp/7IdCXqjJQqtd05NXt4FrSpQz1b5K+RYYPle1L5WsytvE1vf
+Mr7QVVaz2JGGKOjKRL1OONtQzOK/sUFtXZMnbzgz+g48us8wqlwVx+ARfGdtXq5u
+J60o3vm5zjLn60OwccROLazoRUmpuNS9hYXYZPM30enMmFSUHvH2X0/EuAn9Nfv1
+rbjToAaAVloB68h/TH2y/8ED7eVymc4GzL6Uu382XiAec8qm8X2YV4Ne1FAc6IhG
+BBgRAgAGBQI9goDwAAoJECT6UTYn7SBGvEQAn0ILsmZy5+MbiK/4BUwI4nZ8P/Kt
+AKCV+pcs+/Vww9F1+M5vQ19tfd8t3g==
+=HtIh
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: PGP Key Server 0.9.6
+
+mQGiBD+RkIYRBACUSRD9x3ZOOWQbsA0oyH7BYpredoEwnvNfpwxAbriY6+6VTVus
+IHtTuxVFQEk4aWQJFvz4pqOBBkDblEYyM7NwBtx/d20fBuRAnYm36nzgZhArplyc
+Oth5onufVNT4xqup80oF8uIWMH3SoARjT5l+2vnNdMftO6nURm7z1JRmJwCg9nx3
+c8Apn155TTYkdDqZpeeA2i8D/iCcz3t0T+9PYWrw3OGIFv8ptbjWnxNhCWxQol+g
+7Epbubxn5SdXQvpGanHmrLvoftr9uQSx1yeILveSvdCpvIit4fzXspdq+/aAodTY
+10lTfi/bvnvcAhuQ0Fa7VHaP6GtaETCFiVi83SGCK0GzAA3Qk/O6fgoic2JyW6s5
+hlcwA/9azwJNG8i1gTFkpH4BCntp95OSwMv5v1qfCGOjE9tjq/yYMBiNpetAd8gZ
+ZNT6Jvd6wulyj8OtsjfDJBnS8AVobG0yayuNCQ/t2eYGLTUaZwbo+kAZgyHlpG6S
+rY6DLprGBo0wPNK40qwiTc7cPhRsrcNmSRy/MM/HvvmRevamzbQfTGFuY2UgQWxi
+ZXJ0c29uIDxsYW5jZUBrc3UuZWR1PohGBBARAgAGBQJDH0OXAAoJEPpGZaX4MdJy
+GK0An3Wp3U1H+XzpS5hXLIuTdAukFZvlAKCB+LTlEEFHKw9/S7i+lKQI8dJa2YhG
+BBARAgAGBQJDMa+gAAoJEOTI2tZz1wK6ewsAmwZuTDwDhSvV1jT6N26awR4jCXqk
+AJ0Sqei8YU1gMW10UT4/FFbuBBVj0IkCHAQTAQIABgUCQRBqQQAKCRB0SIrBSYnS
+XADiD/9nJ2h3IA6BUxdRpTZJvgFhAIbF7Z18BoK18GVdKa6dNwSbQ1djWrZaml4h
+bqe4Rpnx4R9JaLNNEMFWUmR072vEHzaEV6kCzkBRAcomzgJCEhcr115h5Fc3rtA5
+TXLNKKYPeDjpHgHHn4iZDTnBz6Bwc3p9bqtSzqgvwtptoqcWjB6mUzH8vRQ4Skey
+w7E/hohJdJNLsn13sN+qXsKjc25Q0/LSEWWBIF8lWzMq+FCHKTKjESpbVe4cxNpL
+V5xddsfvr+hkAx9YFHy5etu8jJUmTuR7YPNVNcUxjeHEnJiMTggWBOo/FfzjnhYI
+2r3F++oZ7mcES9lOAVZ8p8EmgZexjkThTewqmNfKY7xys4u19VMSbriMKQgeOMQb
+P9BPgbMrpgb83p1xOQbQ0Ex0ST8cTuEL+jxmjAZrsO3f3AWVY6loqVco3k03GtBZ
+jIc2Ua6fMNI9x28gSITF2HCYMUXf+fV9SLDPfG+vo7mv4nxu97Gs1N27uqTloRfJ
+QRx7+YteWNGkqlHmTYHKrPER4r5xrGkSTRKOxy6OphgPdujaTitbQwStzybDA61S
+yJAnPswGWdtV9Jpb75gMa+iwNwtkSY+AKPRuNybTK7FYx17LLFzGbpa4rHSttNJx
+OXZzmzVCVHd8x+f5qgnLZRXa9arDTbifmzYoL2WukCJZZMIV34hGBBMRAgAGBQJB
+EI4ZAAoJEGiMXmJUDLMbXfMAnjs8RNNYdVqNYTp/y8jfy7xfYbV7AJ0SN3XLtdTh
+4wMMLNhtrVc9tcPkHohGBBMRAgAGBQJBo5s1AAoJEP1UTeQZUN3UWygAn01BNsyR
+dHAJd3piVvM989RR74nPAKCKTPYqS/zzGwha9PwxifBC4E35UIhGBBMRAgAGBQJC
+5Sa7AAoJELIO9o4wW9iFjeYAnihTW+xk8pGwxyPfAVEu4159JwYNAJ0anRoFB3No
+4H4gSOn5pcDcVAoydYheBBMRAgAeBQI/kZ1hAhsDBgsJCAcDAgMVAgMDFgIBAh4B
+AheAAAoJEEFvoV0n9LdCFLwAoLXN75an7GfqdQ/jVA1tbOvo8LkrAKCotJyMQJ7k
+bjpVNRXBtoz6HM8XQohgBBMRAgAgBQJGSgEDAhsDBgsJCAcDAgQVAggDBBYCAwEC
+HgECF4AACgkQQW+hXSf0t0Ir5QCdHNUxxjYBHxwaolakuP0GifjrV38AmgKJq6FC
+QgGHnADdHz3kFIWcCNoctDhMYW5jZSBBbGJlcnRzb24gKEdlbnRvbyBEZXZlbG9w
+ZXIpIDxyYW1lcmV0aEBnZW50b28ub3JnPohGBBARAgAGBQJDH0OdAAoJEPpGZaX4
+MdJyYQsAoJOLDqelkOUTtZKdF4QDsyWyH4n9AJwKVHrHFr1b/3t78vVN9sSovVOK
+cohGBBARAgAGBQJDMa+mAAoJEOTI2tZz1wK6N+4An2pqyPn1OWYF+s9iwXi1jt6q
+4+QCAJ9BKPi7bmOs56Zj9V8lKJYCepOqgIkCHAQTAQIABgUCQRBqUAAKCRB0SIrB
+SYnSXDexEACYknTNlUBRohI+BQYOCLJA8WLJqKQMIs5mxCc0QDpJkafFUQ0Gq4m9
+Ul0QTOOyChfqZYTmBL8lM6Y6lvA6sVkJZNbEY1T8I9QDzJnfTMzxjvk3B89F64a7
+4IJB4ruKpMAg76YKSMdjYKVORE8VsgIWPrsMF5W5pvy+1TIZbpW3sltFnU+xHY+m
+f6i6HgijMUBUAta7aR6dZR+BXT0HuAULovtW4Meous3eAIAeGNqW2wf1hf1DdB0K
+lCIcbB1S5qSNPPoKTGT6MgNsETHGGnk4KUqLyeXkvgJIyEkAo2hDnjKH4w2ZA1+D
+y+Hw1KxuwIMSszu4wH9qbqBwy5qJsFxlvlL/ixOngcsQ2f7loMlAB4FnpF1iwwAf
+otoHjEUcFhkiDdjxXm2F+3INh/PuFGgxgC99ljIYYetAiUpIKS1tHkBEEVrxJfKy
+kjAUy7TnGP+ixljCj6gc7d9pHkKtyG7d8+o0nQkoyxt8gfrZrmATKcfATOY4zr6e
++BV+PME9lhGskx1vqAF+38hv31nNBI6L2fnP8t0Fh6fCurc8f7f3C/QwiDqhA/Pq
+ooauiW1ettjjcKrf8akPVOZqQ+W9Qi/71GDgEYXhCFXCW3KfdIeHrL59WqFfAnTH
+7hKeVT+/ZSGT53MGIOpZN7KAjUgyZ7KjNGOU6atpxJ7gpGyHwed0vohGBBMRAgAG
+BQJBEI4bAAoJEGiMXmJUDLMbg8AAn0Pz9rQONzLTAluV7RrIpl+cU5wlAJ44hEnJ
+/sZhxaJIb5DKVZiAAZ67p4hGBBMRAgAGBQJBo5s4AAoJEP1UTeQZUN3U4NQAn3EN
+4cwEE9fzzCUTiEqc5sFsffYDAJ4xsZJyQAf5mN3So9jlc9xRMN/HMohGBBMRAgAG
+BQJC5Sa7AAoJELIO9o4wW9iFtLsAoKRgqOvt2euFDbnkBDyu53ceLYd0AJ9sJ0Ol
+X+gj4ot/6XvTsD9Ut2dAh4heBBMRAgAeBQI/kZCGAhsDBgsJCAcDAgMVAgMDFgIB
+Ah4BAheAAAoJEEFvoV0n9LdCO2gAn1qIZWI6uUGERaIVMDbOsoKDXTcdAKDmPPNr
+ZgBRH3zjqCE+0BqS4ghFdohgBBMRAgAgBQJGSgEDAhsDBgsJCAcDAgQVAggDBBYC
+AwECHgECF4AACgkQQW+hXSf0t0JBIwCg1a/i3skzNjNk1j2afTKDa4VaybsAn2IX
+FbgFz7EQsWyuMM37WQDHL/v5tERMYW5jZSBBbGJlcnRzb24gKE5ldHdvcmsgLyBT
+eXN0ZW1zIEFkbWluaXN0cmF0b3IpIDxsYW5jZUBvc3Vvc2wub3JnPohgBBMRAgAg
+BQJGSftbAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQQW+hXSf0t0JWHACg
+237Lk5t04REdVAhtwaYFqzV9W1wAoIh7AJEhEU0YQZ5xt+ZkEGI77PRniGAEExEC
+ACAFAkZKAQMCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBBb6FdJ/S3QqWG
+AJ4oIgpiZPpCZSDs432ADb0Ky0kZzwCgorqzPLX/FRzYGgcW/p1mfwomwYi0R0xh
+bmNlIEFsYmVydHNvbiAoTmV0d29yayAvIFN5c3RlbXMgQWRtaW5pc3RyYXRvcikg
+PHJhbWVyZXRoQG9zdW9zbC5vcmc+iGAEExECACAFAkZKAQECGwMGCwkIBwMCBBUC
+CAMEFgIDAQIeAQIXgAAKCRBBb6FdJ/S3Qlz0AKCZOUUfKgQ3EHsON9G3f/ldDZpm
+jwCg0bYhWvbMGaWfGDLmaHKWuOrzBGaIYwQTEQIAIwIbAwYLCQgHAwIEFQIIAwQW
+AgMBAh4BAheABQJGSgDRAhkBAAoJEEFvoV0n9LdC4QoAn3SfVEgRCmKvD89+JyZY
+9GpSqgOwAJ4/InaK+bDQKuV0F4GI2K317bpAAbYAAAAfTGFuY2UgQWxiZXJ0c29u
+IDxsYW5jZUBrc3UuZWR1PoheBBMRAgAeBQI/kZ1hAhsDBgsJCAcDAgMVAgMDFgIB
+Ah4BAheAAAoJEEFvoV0n9LdCFLwAoLXN75an7GfqdQ/jVA1tbOvo8LkrAKCotJyM
+QJ7kbjpVNRXBtoz6HM8XQrYAAAA4TGFuY2UgQWxiZXJ0c29uIChHZW50b28gRGV2
+ZWxvcGVyKSA8cmFtZXJldGhAZ2VudG9vLm9yZz6IXgQTEQIAHgUCP5GQhgIbAwYL
+CQgHAwIDFQIDAxYCAQIeAQIXgAAKCRBBb6FdJ/S3QjtoAJ9aiGViOrlBhEWiFTA2
+zrKCg103HQCg5jzza2YAUR9846ghPtAakuIIRXa5Ag0EP5GQohAIANFb9hH9lGq1
++oiN+U74TewGGbeEsbyMO4ZOxzLdSPDm5/1rnrZbTRwcUbf511rR2B+LwKRBDDvM
+wugsAy+L1/7Tl7r69sDHJTH3jZ+cyUjPvpsrrEvZTKpmzRXdNo/gqJV5wFdHn7R8
+8iQ5Xth8fA6POW5n5GXHjaNbP0tX+4DpmTk0U0KT6Ky3d+rQWUb5ySu4dafFHCAW
+ZiquTPZwYW9ywYlH+TthfCccaED9+u40rML7V2zCBlNUKl7nFPZf4BnLqu9LBwq1
+DzZsc7KLDS4DDohslOcMb4eH9kDjHhGqeJmYinn1TnJe6BtgtjD0NDbkJVpHfI5B
+IIOgEHSykPsAAwUIAK+gw5TckZXJ2mHRU5EI9hFSHPgS7cC97ZOO5/QCjQLexE0Z
+4uSdbB64vGBo9erkmYVRaMw+f0rAbREmqTRQIxwzPzOrH8lKN1uunuIEV84DGRq8
+fs0Dr2EztgzWFoE/p5xKfrtXxkyZZV+ukipnfumPWNSUPt24mTvdIX6ZJzO6LCS0
+XKUfs5FgFxuevZI5G8TsaMJI5tjkZpWkj7MLq0RFLRbw310XkXEwAf7XP6R3wvFA
+vVaFeG/I9lF9c2UvhU4CiMQMpoZkL3ZiRrha9KRSDF3JPCbCoEJQEV+MCM7BolaU
+S2bbn/vKHlG/ZoDhgvW/yLWN9+9BfbBhfqDBKXmISQQYEQIACQUCP5GQogIbDAAK
+CRBBb6FdJ/S3QoTsAJ0chSeRDeKHXKEc301DSIwG/5feSACfZDFqgkfTqqSb2SZW
+IM4K+97xXMM=
+=STHU
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/clearsig.test b/tests/openpgp/clearsig.test
new file mode 100755
index 0000000..74631e1
--- /dev/null
+++ b/tests/openpgp/clearsig.test
@@ -0,0 +1,110 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# Fixme: we should not only do a --verify but also the output.
+
+. $srcdir/defs.inc || exit 3
+
+# ======================================
+# I can't compare the out because plain-3 has no LF as last charcater
+# but the output has always one. I do not thinkl this is a bug, because
+# it is clear text and not binary text.
+# ======================================
+for i in $plain_files plain-large ; do
+ echo "$usrpass1" | $GPG --passphrase-fd 0 --clearsign -o x --yes $i
+ $GPG --verify x
+done
+
+
+# ======================================
+# and once more to check rfc1991
+# ======================================
+
+if have_pubkey_algo "RSA"; then
+ for i in $plain_files plain-large ; do
+ $GPG -u $usrname3 --rfc1991 --digest-algo md5 --clearsign -o x --yes $i
+ $GPG --verify x
+ done
+fi
+
+# ======================================
+# and one with long lines
+# ======================================
+cat >y <<EOF
+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxyx
+
+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+EOF
+echo "$usrpass1" | $GPG --passphrase-fd 0 --clearsign -o x --yes y
+$GPG --verify x
+
+
+# ======================================
+# and one with only one long lines
+# ======================================
+cat >y <<EOF
+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxyx
+EOF
+echo "$usrpass1" | $GPG --passphrase-fd 0 --clearsign -o x --yes y
+$GPG --verify x
+
+
+# ======================================
+# and one with an empty body
+# ======================================
+cat >y <<EOF
+EOF
+echo "$usrpass1" | $GPG --passphrase-fd 0 --clearsign -o x --yes y
+$GPG --verify x
+
+
+# ======================================
+# and one with one empty line at the end
+# ======================================
+cat >y <<EOF
+line 1
+line 2
+line 3
+there is a blank line after this
+
+EOF
+echo "$usrpass1" | $GPG --passphrase-fd 0 --clearsign -o x --yes y
+$GPG --verify x
+
+
+# ======================================
+# I think this file will be constructed wrong (gpg 0.9.3)
+# but it should verify okay anyway.
+# ======================================
+echo "this is a sig test" >y
+echo_n " " >>y
+echo "$usrpass1" | $GPG --passphrase-fd 0 --clearsign -o x --yes y
+$GPG --verify x
+
+
+# ======================================
+# check our special diff mode
+# ======================================
+cat >y <<EOF
+--- mainproc.c Tue Jun 27 09:28:11 2000
++++ mainproc.c~ Thu Jun 8 22:50:25 2000
+@@ -1190,16 +1190,13 @@
+ md_enable( c->mfx.md, n1->pkt->pkt.signature->digest_algo);
+ }
+ /* ask for file and hash it */
+- if( c->sigs_only ) {
++ if( c->sigs_only )
+ rc = hash_datafiles( c->mfx.md, NULL,
+ c->signed_data, c->sigfilename,
+ n1? (n1->pkt->pkt.onepass_sig->sig_class == 0x01):0 );
+EOF
+echo "$usrpass1" | $GPG --passphrase-fd 0 \
+ --not-dash-escaped --clearsign -o x --yes y
+$GPG --verify x
diff --git a/tests/openpgp/conventional-mdc.test b/tests/openpgp/conventional-mdc.test
new file mode 100755
index 0000000..a5e5c4e
--- /dev/null
+++ b/tests/openpgp/conventional-mdc.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+# Copyright 2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+#info Checking conventional encryption
+for ciph in `all_cipher_algos`; do
+ echo_n "$ciph "
+ for i in 0 1 2 3 9 10 11 19 20 21 22 23 39 40 41 8192 32000 ; do
+ # *BSD's dd can't cope with a count of 0
+ if test "$i" = "0"; then
+ : >z
+ else
+ dd if=data-80000 of=z bs=1 count=$i 2>/dev/null
+ fi
+ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \
+ --force-mdc --cipher $ciph -c -o x --yes z
+ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \
+ -o y --yes x
+ cmp z y || error "$ciph/$i: mismatch"
+ done
+done
+echo_n "| "
diff --git a/tests/openpgp/conventional.test b/tests/openpgp/conventional.test
new file mode 100755
index 0000000..1464ee2
--- /dev/null
+++ b/tests/openpgp/conventional.test
@@ -0,0 +1,29 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+#info Checking conventional encryption
+for i in plain-2 data-32000 ; do
+ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -c -o x --yes $i
+ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -o y --yes x
+ cmp $i y || error "$i: mismatch"
+done
+
+for a in `all_cipher_algos`; do
+ echo_n "$a "
+ for i in plain-1 data-80000 ; do
+ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \
+ --cipher-algo $a -c -o x --yes $i
+ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -o y --yes x
+ cmp $i y || error "$i: ($a) mismatch"
+ done
+done
+echo_n "| "
diff --git a/tests/openpgp/decrypt-dsa.test b/tests/openpgp/decrypt-dsa.test
new file mode 100755
index 0000000..7220f8a
--- /dev/null
+++ b/tests/openpgp/decrypt-dsa.test
@@ -0,0 +1,18 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+#info Checking decryption of supplied DSA encrypted file
+for i in "plain-1" ; do
+ $GPG $dsa_keyrings -o y --yes $srcdir/$i-pgp.asc
+ cmp $i y || error "$i: mismatch"
+done
+
diff --git a/tests/openpgp/decrypt.test b/tests/openpgp/decrypt.test
new file mode 100755
index 0000000..d3b5ddf
--- /dev/null
+++ b/tests/openpgp/decrypt.test
@@ -0,0 +1,18 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+#info Checking decryption of supplied files
+for i in $plain_files ; do
+ echo "$usrpass1" | $GPG --passphrase-fd 0 -o y --yes $srcdir/$i.asc
+ cmp $i y || error "$i: mismatch"
+done
+
diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc
new file mode 100755
index 0000000..12e1b80
--- /dev/null
+++ b/tests/openpgp/defs.inc
@@ -0,0 +1,193 @@
+# Definitions for the OpenPGP test scripts -*- sh -*-
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007, 2010 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+#--------------------------------
+#------ constants ---------------
+#--------------------------------
+
+# Note that usrpass1 is also used in Makefile.am
+usrname1="one"
+usrpass1="def"
+usrname2="two"
+usrpass2=""
+usrname3="three"
+usrpass3=""
+
+
+dsa_usrname1="pgp5"
+# we use the sub key because we do not yet have the logic to
+# to derive the first encryption key from a keyblock (I guess)
+dsa_usrname2="0xCB879DE9"
+
+dsa_keyrings="--keyring ./pubring.pkr --secret-keyring ./secring.skr"
+
+
+plain_files="plain-1 plain-2 plain-3"
+data_files="data-500 data-9000 data-32000 data-80000"
+exp_files=""
+
+# The testscripts expect the original language
+LANG=
+LANGUAGE=
+LC_ALL=
+LC_MESSAGES=
+
+# Internal use.
+defs_stop_on_error=no
+defs_error_seen=no
+
+#--------------------------------
+#------ utility functions -------
+#--------------------------------
+
+fatal () {
+ echo "$pgmname: fatal:" $* >&2
+ echo "$pgmname: fatal:" $* >&5
+ exit 1;
+}
+
+error () {
+ echo "$pgmname:" $* >&2
+ defs_error_seen=yes
+ echo "$pgmname:" $* >&5
+ if [ x$defs_stop_on_error != xyes ]; then
+ exit 1
+ fi
+}
+
+# Call this at the start of a test and resume_error at the end to keep
+# on running all subtests without immediately exiting on error.
+suspend_error () {
+ defs_stop_on_error=yes
+}
+
+resume_error () {
+ if [ x$defs_error_seen = xyes ]; then
+ exit 1
+ fi
+ defs_stop_on_error=no
+ defs_error_seen=no
+}
+
+info () {
+ echo "$pgmname:" $* >&2
+ if [ -n "${verbose+set}" ]; then
+ echo "$pgmname:" $* >&5
+ fi
+}
+
+linefeed () {
+ echo >&2
+}
+
+
+echo_n_init=no
+echo_n () {
+ if test "$echo_n_init" = "no"; then
+ if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
+ if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
+ echo_n_n=
+ echo_n_c='
+'
+ else
+ echo_n_n='-n'
+ echo_n_c=
+ fi
+ else
+ echo_n_n=
+ echo_n_c='\c'
+ fi
+ echo_n_init=yes
+ fi
+ echo $echo_n_n "${1}$echo_n_c"
+}
+
+
+#cleanup () {
+# rm $cleanup_files 2>/dev/null || true
+# echo "#empty" >./gpg.conf
+#}
+
+
+#add_cleanup () {
+# cleanup_files="$cleanup_files $*"
+#}
+
+have_pubkey_algo () {
+ if ../../g10/gpg2 --homedir . --version | grep "Pubkey:.*$1" >/dev/null
+ then
+ true
+ else
+ false
+ fi
+}
+
+have_cipher_algo () {
+ if ../../g10/gpg2 --homedir . --version | grep "Cipher:.*$1" >/dev/null
+ then
+ true
+ else
+ false
+ fi
+}
+
+have_hash_algo () {
+ if ../../g10/gpg2 --homedir . --version | grep "Hash:.*$1" >/dev/null
+ then
+ true
+ else
+ false
+ fi
+}
+
+all_cipher_algos () {
+ ../../g10/gpg2 --homedir . --with-colons --list-config ciphername | sed 's/^cfg:ciphername://; s/;/ /g'
+}
+
+all_hash_algos () {
+ ../../g10/gpg2 --homedir . --with-colons --list-config digestname | sed 's/^cfg:digestname://; s/;/ /g'
+}
+
+set -e
+pgmname=`basename $0`
+#trap cleanup SIGHUP SIGINT SIGQUIT
+
+[ -z "$srcdir" ] && fatal "not called from make"
+
+# Make sure we have a valid option file even with VPATH builds.
+for f in gpg.conf ; do
+ if [ -f ./$f ]; then
+ :
+ elif [ -f $srcdir/$f.tmpl ]; then
+ cat $srcdir/$f.tmpl >$f
+ fi
+done
+
+# Always work in the current directory. We set GNUPGHOME only if it
+# has not been set already. Usually it is set through the Makefile's
+# TESTS_ENVIRONMENT macro.
+if [ -z "$GNUPGHOME" ]; then
+ GNUPGHOME=`pwd`
+ export GNUPGHOME
+elif [ "$GNUPGHOME" != `pwd` ]; then
+ echo "$pgmname: GNUPGHOME not set to the cwd" $* >&2
+ exit 1
+fi
+
+
+GPG="../../g10/gpg2 --no-permission-warning "
+
+echo "Test: $pgmname" > ${pgmname}.log
+echo "GNUPGHOME=$GNUPGHOME" >> ${pgmname}.log
+echo "GPG_AGENT_INFO=$GPG_AGENT_INFO" >> ${pgmname}.log
+exec 5>&2 2>>${pgmname}.log
+
+:
+# end
diff --git a/tests/openpgp/detach.test b/tests/openpgp/detach.test
new file mode 100755
index 0000000..9b68e00
--- /dev/null
+++ b/tests/openpgp/detach.test
@@ -0,0 +1,18 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+#info Checking detached signatures
+for i in $plain_files $data_files ; do
+ echo "$usrpass1" | $GPG --passphrase-fd 0 -sb -o x --yes $i
+ $GPG -o /dev/null --yes x <$i || error "$i: bad signature"
+done
+
diff --git a/tests/openpgp/detachm.test b/tests/openpgp/detachm.test
new file mode 100755
index 0000000..d65bcf2
--- /dev/null
+++ b/tests/openpgp/detachm.test
@@ -0,0 +1,17 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+#info Checking detached signatures of multiple files
+i="$plain_files $data_files"
+echo "$usrpass1" | $GPG --passphrase-fd 0 -sb -o x --yes $i
+cat $i | $GPG -o /dev/null --yes x || error "$i: bad signature"
+
diff --git a/tests/openpgp/encrypt-dsa.test b/tests/openpgp/encrypt-dsa.test
new file mode 100755
index 0000000..01fe33a
--- /dev/null
+++ b/tests/openpgp/encrypt-dsa.test
@@ -0,0 +1,29 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+#info Checking encryption
+for i in $plain_files $data_files ; do
+ $GPG $dsa_keyrings --always-trust -e -o x --yes -r "$dsa_usrname2" $i
+ $GPG $dsa_keyrings -o y --yes x
+ cmp $i y || error "$i: mismatch"
+done
+
+for ca in `all_cipher_algos` ; do
+ echo_n "$ca "
+ for i in $plain_files $data_files ; do
+ $GPG $dsa_keyrings --always-trust --cipher-algo $ca -e \
+ -o x --yes -r "$dsa_usrname2" $i
+ $GPG $dsa_keyrings -o y --yes x
+ cmp $i y || error "$i: mismatch"
+ done
+done
+echo_n "| "
diff --git a/tests/openpgp/encrypt.test b/tests/openpgp/encrypt.test
new file mode 100755
index 0000000..c50c66c
--- /dev/null
+++ b/tests/openpgp/encrypt.test
@@ -0,0 +1,28 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+#info Checking encryption
+for i in $plain_files $data_files ; do
+ $GPG --always-trust -e -o x --yes -r "$usrname2" $i
+ $GPG -o y --yes x
+ cmp $i y || error "$i: mismatch"
+done
+
+for ca in `all_cipher_algos` ; do
+ echo_n "$ca "
+ for i in $plain_files $data_files ; do
+ $GPG --always-trust -e -o x --yes -r "$usrname2" --cipher-algo $ca $i
+ $GPG -o y --yes x
+ cmp $i y || error "$i: mismatch"
+ done
+done
+echo_n "| "
diff --git a/tests/openpgp/encryptp.test b/tests/openpgp/encryptp.test
new file mode 100755
index 0000000..984f56a
--- /dev/null
+++ b/tests/openpgp/encryptp.test
@@ -0,0 +1,18 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+#info Checking encryption with a pipe
+for i in $plain_files $data_files ; do
+ $GPG --always-trust -e --yes -r "$usrname2" <$i | $GPG --yes > y
+ cmp $i y || error "$i: mismatch"
+done
+
diff --git a/tests/openpgp/genkey1024.test b/tests/openpgp/genkey1024.test
new file mode 100755
index 0000000..835b4c8
--- /dev/null
+++ b/tests/openpgp/genkey1024.test
@@ -0,0 +1,39 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+$GPG --quiet --batch --debug-quick-random --gen-key <<EOF
+Key-Type: DSA
+Key-Length: 1024
+Subkey-Type: ELG
+Subkey-Length: 1024
+Name-Real: Harry H.
+Name-Comment: test key
+Name-Email: hh@@ddorf.de
+Expire-Date: 1
+Passphrase: abc
+%commit
+EOF
+
+if have_pubkey_algo "RSA"; then
+$GPG --quiet --batch --debug-quick-random --gen-key <<EOF
+Key-Type: RSA
+Key-Length: 1024
+Key-Usage: sign,encrypt
+Name-Real: Harry A.
+Name-Comment: RSA test key
+Name-Email: hh@@ddorf.de
+Expire-Date: 2
+Passphrase: abc
+%commit
+EOF
+fi
+
diff --git a/tests/openpgp/gpg-agent.conf.tmpl b/tests/openpgp/gpg-agent.conf.tmpl
new file mode 100644
index 0000000..18e1520
--- /dev/null
+++ b/tests/openpgp/gpg-agent.conf.tmpl
@@ -0,0 +1,2 @@
+no-use-standard-socket
+
diff --git a/tests/openpgp/gpg.conf.tmpl b/tests/openpgp/gpg.conf.tmpl
new file mode 100644
index 0000000..7060a66
--- /dev/null
+++ b/tests/openpgp/gpg.conf.tmpl
@@ -0,0 +1,5 @@
+no-greeting
+no-secmem-warning
+no-permission-warning
+batch
+no-auto-check-trustdb
diff --git a/tests/openpgp/import.test b/tests/openpgp/import.test
new file mode 100755
index 0000000..6117046
--- /dev/null
+++ b/tests/openpgp/import.test
@@ -0,0 +1,26 @@
+#!/bin/sh
+# Copyright 2008 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+i=$srcdir/bug894-test.asc
+info "Checking bug 894: segv importing certain keys."
+if $GPG --import $i; then
+ :
+else
+ error "$i: import failed (bug 894)"
+fi
+
+
+
+
+
+
+
+
diff --git a/tests/openpgp/mds.test b/tests/openpgp/mds.test
new file mode 100755
index 0000000..a4583a1
--- /dev/null
+++ b/tests/openpgp/mds.test
@@ -0,0 +1,77 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+
+. $srcdir/defs.inc || exit 3
+
+
+test_one () {
+ if [ "`grep $1 y | sed -e 's/:[^:]*:\(.*\):/\1/'`" != "$2" ]; then
+ failed="$failed $1"
+ fi
+}
+
+failed=""
+
+#info Checking message digests
+cat /dev/null | $GPG --with-colons --print-mds >y
+# MD5
+test_one ":1:" "D41D8CD98F00B204E9800998ECF8427E"
+# SHA-1
+test_one ":2:" "DA39A3EE5E6B4B0D3255BFEF95601890AFD80709"
+# RMD160
+test_one ":3:" "9C1185A5C5E9FC54612808977EE8F548B2258D31"
+# SHA-224
+if have_hash_algo "SHA224"; then
+ test_one ":11:" "D14A028C2A3A2BC9476102BB288234C415A2B01F828EA62AC5B3E42F"
+else
+ echo "Hash algorithm SHA-224 is not installed (not an error)"
+fi
+# SHA-256
+if have_hash_algo "SHA256"; then
+ test_one ":8:" "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855"
+else
+ echo "Hash algorithm SHA-256 is not installed (not an error)"
+fi
+# SHA-384
+if have_hash_algo "SHA384"; then
+ test_one ":9:" "38B060A751AC96384CD9327EB1B1E36A21FDB71114BE07434C0CC7BF63F6E1DA274EDEBFE76F65FBD51AD2F14898B95B"
+else
+ echo "Hash algorithm SHA-384 is not installed (not an error)"
+fi
+# SHA-512
+if have_hash_algo "SHA512"; then
+ test_one ":10:" "CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E"
+else
+ echo "Hash algorithm SHA-512 is not installed (not an error)"
+fi
+
+[ "$failed" != "" ] && error "$failed failed for empty string"
+
+echo_n "abcdefghijklmnopqrstuvwxyz" | $GPG --with-colons --print-mds >y
+test_one ":1:" "C3FCD3D76192E4007DFB496CCA67E13B"
+test_one ":2:" "32D10C7B8CF96570CA04CE37F2A19D84240D3A89"
+test_one ":3:" "F71C27109C692C1B56BBDCEB5B9D2865B3708DBC"
+if have_hash_algo "SHA224"; then
+ test_one ":11:" "45A5F72C39C5CFF2522EB3429799E49E5F44B356EF926BCF390DCCC2"
+fi
+if have_hash_algo "SHA256"; then
+ test_one ":8:" "71C480DF93D6AE2F1EFAD1447C66C9525E316218CF51FC8D9ED832F2DAF18B73"
+fi
+if have_hash_algo "SHA384"; then
+ test_one ":9:" "FEB67349DF3DB6F5924815D6C3DC133F091809213731FE5C7B5F4999E463479FF2877F5F2936FA63BB43784B12F3EBB4"
+fi
+if have_hash_algo "SHA512"; then
+ test_one ":10:" "4DBFF86CC2CA1BAE1E16468A05CB9881C97F1753BCE3619034898FAA1AABE429955A1BF8EC483D7421FE3C1646613A59ED5441FB0F321389F77F48A879C7B1F1"
+fi
+
+[ "$failed" != "" ] && error "$failed failed for a..z"
+
+exit 0
diff --git a/tests/openpgp/mkdemodirs b/tests/openpgp/mkdemodirs
new file mode 100755
index 0000000..7e6ec2c
--- /dev/null
+++ b/tests/openpgp/mkdemodirs
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+# We need to use --no-options so that a gpg.conf from an older version
+# of gpg is not used.
+GPG="../g10/gpg2 --no-options --batch --quiet
+ --no-secmem-warning --allow-secret-key-import"
+
+NAMES='Alpha Bravo Charlie Delta Echo Foxtrot Golf Hotel India
+ Juliet Kilo Lima Mike November Oscar Papa Quebec Romeo
+ Sierra Tango Uniform Victor Whisky XRay Yankee Zulu'
+
+if [ "$1" = "--clean" ]; then
+ (for i in $NAMES; do
+ [ -d $i ] && rm -r $i
+ done) || true
+ exit 0
+fi
+
+$GPG --dearmor -o secdemo.gpg --yes ../checks/secdemo.asc
+$GPG --dearmor -o pubdemo.gpg --yes ../checks/pubdemo.asc
+[ -f ./tdb.tmp ] && rm ./tdb.tmp
+GPGDEMO="$GPG --homedir . --trustdb-name ./tdb.tmp --no-default-keyring
+ --keyring pubdemo.gpg --secret-keyring secdemo.gpg"
+echo -n "Creating:"
+for name in $NAMES; do
+ echo -n " $name"
+ [ -d $name ] && rm -r $name
+ mkdir $name
+ $GPGDEMO --export-secret-key -o - $name > $name/Secret.gpg
+ $GPG --homedir $name --import $name/Secret.gpg
+ $GPGDEMO --export -o - $name > $name/Public.gpg
+ $GPG --homedir $name --import $name/Public.gpg
+ [ -f $name/pubring.gpg~ ] && rm $name/pubring.gpg~
+done
+echo "."
+[ -f ./tdb.tmp ] && rm ./tdb.tmp
+rm pubdemo.gpg secdemo.gpg
+
+
diff --git a/tests/openpgp/multisig.test b/tests/openpgp/multisig.test
new file mode 100755
index 0000000..908b578
--- /dev/null
+++ b/tests/openpgp/multisig.test
@@ -0,0 +1,154 @@
+#!/bin/sh
+# Copyright 2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# Check that gpg verifies only signatures where there is no ambiguity
+# in the order of packets. Needs the Demo Keys Lima and Mike.
+
+# Note: We do son't support multiple signaturess anymore thus thsi test is
+# not really needed becuase verify could do the same. We keep it anyway.
+
+. $srcdir/defs.inc || exit 3
+
+suspend_error
+
+
+
+sig_1ls1ls_valid='
+-----BEGIN PGP ARMORED FILE-----
+
+kA0DAAIRN8q1H7eRA/gBrCdiBXRleHQxOogq9EkgYW0gc29ycnksIEkgY2FuJ3Qg
+ZG8gdGhhdAqIPwMFADqIKvQ3yrUft5ED+BEC2joAoJaSaXOZEtSZqQ780HIXG77e
+8PB7AJ4wCprmaFTO0fBaTcXDuEOBdAWnOZANAwACETfKtR+3kQP4AawnYgV0ZXh0
+MTqIKvRJIGFtIHNvcnJ5LCBJIGNhbid0IGRvIHRoYXQKiD8DBQA6iCr0N8q1H7eR
+A/gRAto6AKCWkmlzmRLUmakO/NByFxu+3vDwewCeMAqa5mhUztHwWk3Fw7hDgXQF
+pzk=
+=8jSC
+-----END PGP ARMORED FILE-----
+'
+sig_ls_valid='
+-----BEGIN PGP ARMORED FILE-----
+
+rCdiBXRleHQxOogrS0kgYW0gc29ycnksIEkgY2FuJ3QgZG8gdGhhdAqIPwMFADqI
+K0s3yrUft5ED+BECLQMAn2jZUNOpB4OuurSQkc2TRfg6ek02AJ9+oJS0frQ+yUsT
+QDUFTH2PvZRxjw==
+=J+lb
+-----END PGP ARMORED FILE-----
+'
+sig_sl_valid='
+-----BEGIN PGP ARMORED FILE-----
+
+iD8DBQA6iCtLN8q1H7eRA/gRAi0DAJ9o2VDTqQeDrrq0kJHNk0X4OnpNNgCffqCU
+tH60PslLE0A1BUx9j72UcY+sJ2IFdGV4dDE6iCtLSSBhbSBzb3JyeSwgSSBjYW4n
+dCBkbyB0aGF0Cg==
+=N9MP
+-----END PGP ARMORED FILE-----
+'
+sig_11lss_valid_but_is_not='
+-----BEGIN PGP ARMORED FILE-----
+
+kA0DAAIRN8q1H7eRA/gAkA0DAAIRN8q1H7eRA/gBrCdiBXRleHQxOogyXUkgYW0g
+c29ycnksIEkgY2FuJ3QgZG8gdGhhdAqIPwMFADqIMl03yrUft5ED+BECwQAAnRXT
+mXjVd385oD38W80XuheWKTGcAJ9pZ6/flaKDfw+SLido7xaUHuhp5Yg/AwUAOogy
+XTfKtR+3kQP4EQLBAACgnN0IP+NztE0aAc/DZ17yHWR9diwAniN0P01WmbgZJoZB
+Q341WRXKS/at
+=Ekrs
+-----END PGP ARMORED FILE-----
+'
+sig_11lss11lss_valid_but_is_not='
+-----BEGIN PGP ARMORED FILE-----
+
+kA0DAAIRN8q1H7eRA/gAkA0DAAIRN8q1H7eRA/gBrCdiBXRleHQxOogyXUkgYW0g
+c29ycnksIEkgY2FuJ3QgZG8gdGhhdAqIPwMFADqIMl03yrUft5ED+BECwQAAnRXT
+mXjVd385oD38W80XuheWKTGcAJ9pZ6/flaKDfw+SLido7xaUHuhp5Yg/AwUAOogy
+XTfKtR+3kQP4EQLBAACgnN0IP+NztE0aAc/DZ17yHWR9diwAniN0P01WmbgZJoZB
+Q341WRXKS/atkA0DAAIRN8q1H7eRA/gAkA0DAAIRN8q1H7eRA/gBrCdiBXRleHQx
+OogyXUkgYW0gc29ycnksIEkgY2FuJ3QgZG8gdGhhdAqIPwMFADqIMl03yrUft5ED
++BECwQAAnRXTmXjVd385oD38W80XuheWKTGcAJ9pZ6/flaKDfw+SLido7xaUHuhp
+5Yg/AwUAOogyXTfKtR+3kQP4EQLBAACgnN0IP+NztE0aAc/DZ17yHWR9diwAniN0
+P01WmbgZJoZBQ341WRXKS/at
+=P1Mu
+-----END PGP ARMORED FILE-----
+'
+sig_ssl_valid_but_is_not='
+-----BEGIN PGP ARMORED FILE-----
+
+iD8DBQA6iCtLN8q1H7eRA/gRAi0DAJ9o2VDTqQeDrrq0kJHNk0X4OnpNNgCffqCU
+tH60PslLE0A1BUx9j72UcY+IPwMFADqIK0s3yrUft5ED+BECLQMAn2jZUNOpB4Ou
+urSQkc2TRfg6ek02AJ9+oJS0frQ+yUsTQDUFTH2PvZRxj6wnYgV0ZXh0MTqIK0tJ
+IGFtIHNvcnJ5LCBJIGNhbid0IGRvIHRoYXQK
+=Zven
+-----END PGP ARMORED FILE-----
+'
+sig_1lsls_invalid='
+-----BEGIN PGP ARMORED FILE-----
+
+kA0DAAIRN8q1H7eRA/gBrCdiBXRleHQxOogq9EkgYW0gc29ycnksIEkgY2FuJ3Qg
+ZG8gdGhhdAqIPwMFADqIKvQ3yrUft5ED+BEC2joAoJaSaXOZEtSZqQ780HIXG77e
+8PB7AJ4wCprmaFTO0fBaTcXDuEOBdAWnOawnYgV0ZXh0MTqIK0tJIGFtIHNvcnJ5
+LCBJIGNhbid0IGRvIHRoYXQKiD8DBQA6iCtLN8q1H7eRA/gRAi0DAJ9o2VDTqQeD
+rrq0kJHNk0X4OnpNNgCffqCUtH60PslLE0A1BUx9j72UcY8=
+=nkeu
+-----END PGP ARMORED FILE-----
+'
+sig_lsls_invalid='
+-----BEGIN PGP ARMORED FILE-----
+
+rCdiBXRleHQxOogrS0kgYW0gc29ycnksIEkgY2FuJ3QgZG8gdGhhdAqIPwMFADqI
+K0s3yrUft5ED+BECLQMAn2jZUNOpB4OuurSQkc2TRfg6ek02AJ9+oJS0frQ+yUsT
+QDUFTH2PvZRxj6wnYgV0ZXh0MTqIK0tJIGFtIHNvcnJ5LCBJIGNhbid0IGRvIHRo
+YXQKiD8DBQA6iCtLN8q1H7eRA/gRAi0DAJ9o2VDTqQeDrrq0kJHNk0X4OnpNNgCf
+fqCUtH60PslLE0A1BUx9j72UcY8=
+=BlZH
+-----END PGP ARMORED FILE-----
+'
+sig_lss_invalid='
+-----BEGIN PGP ARMORED FILE-----
+
+rCdiBXRleHQxOogrS0kgYW0gc29ycnksIEkgY2FuJ3QgZG8gdGhhdAqIPwMFADqI
+K0s3yrUft5ED+BECLQMAn2jZUNOpB4OuurSQkc2TRfg6ek02AJ9+oJS0frQ+yUsT
+QDUFTH2PvZRxj4g/AwUAOogrSzfKtR+3kQP4EQItAwCfaNlQ06kHg666tJCRzZNF
++Dp6TTYAn36glLR+tD7JSxNANQVMfY+9lHGP
+=jmt6
+-----END PGP ARMORED FILE-----
+'
+sig_slsl_invalid='
+-----BEGIN PGP ARMORED FILE-----
+
+iD8DBQA6iCtLN8q1H7eRA/gRAi0DAJ9o2VDTqQeDrrq0kJHNk0X4OnpNNgCffqCU
+tH60PslLE0A1BUx9j72UcY+sJ2IFdGV4dDE6iCtLSSBhbSBzb3JyeSwgSSBjYW4n
+dCBkbyB0aGF0Cog/AwUAOogrSzfKtR+3kQP4EQItAwCfaNlQ06kHg666tJCRzZNF
++Dp6TTYAn36glLR+tD7JSxNANQVMfY+9lHGPrCdiBXRleHQxOogrS0kgYW0gc29y
+cnksIEkgY2FuJ3QgZG8gdGhhdAo=
+=phBF
+-----END PGP ARMORED FILE-----
+'
+
+
+for i in sig_sl_valid ; do
+ eval "(IFS=; echo \"\$$i\")" | ./gpg_dearmor >x
+ $GPG --verify x 2>/dev/null || error "valid is invalid ($i)"
+ linefeed
+done
+#for i in "$sig_11lss_valid_but_is_not" "$sig_11lss11lss_valid_but_is_not" \
+# "$sig_ssl_valid_but_is_not"; do
+# echo "$i" | $GPG --dearmor >x
+# $GPG --verify <x 2>/dev/null || error "valid is invalid"
+#done
+
+for i in sig_1ls1ls_valid sig_ls_valid \
+ sig_1lsls_invalid sig_lsls_invalid \
+ sig_lss_invalid sig_slsl_invalid ; do
+ eval "(IFS=; echo \"\$$i\")" | ./gpg_dearmor >x
+ $GPG --verify <x 2>/dev/null && error "invalid is valid ($i)"
+ linefeed
+done
+
+
+resume_error
diff --git a/tests/openpgp/plain-1-pgp.asc b/tests/openpgp/plain-1-pgp.asc
new file mode 100644
index 0000000..9a83dcf
--- /dev/null
+++ b/tests/openpgp/plain-1-pgp.asc
@@ -0,0 +1,27 @@
+This is an encrypted version of plain-1 for the PGP test key
+0xCB879DE9 using 3DES.
+
+-----BEGIN PGP MESSAGE-----
+Version: GnuPG v1.3.5-cvs (GNU/Linux)
+
+hM4DW3oC8MuHnekQAv0U6qlDAA64QS/oZJErr1J77m5Dh7IFen3mAcwOxvL/POqS
+HQWTFcuFT4LH9asSWgRe6DebJGfscMjMqNPAkhEJtKQQ2jEesn2Bon6SMwah7vkD
+9Zap7WKHRlnB/Da1/xQC/ispXY7e5tuejnzoNSAOWFpBn354nvkKGaCfMRNuz3R2
+HljH+gXKRa00n2dPmvX9Mr8AI0Q+FoEI2/YW+6aUxmv8b0c2dP6HcL6HUu0Ro2Nl
+RJNPfYXP20EL/Xrv8LN0Ksnp3YKTWrz5gQKNr3DH5pn1PjFqAKz4JD6rQBpnlh1c
+03gLB1OAJWA6+/QNaEQV451GBZW3ul10R/6621/kk0Isdxn/htlD4Jl/jAvFdlQW
+ULBu1HorZZ5X/IMuMRFwSQkx+H8i0zq+LGr8+rLFVTRuXBrgpeTLWs/f35DDblPp
+jtPGSs1qql98PfOV1tAr16rGRLAAyNWEgi3yZWUGgq5dfFnRbJX1hrj9waQmq1g0
+mn1oB9Ig708xSZqcfFVFNpvIB7nmbFF/WaMnqfL3XmgTe8whKB/f/XYhg+W2d57h
+EmTcAlC1N6IHY8/7YqtnjitavTIUsi0hPldX0tvrjsaZ7ppSma2epRJhx47jIFjw
+wXOEByZE+K3pyTSN8KJxParDsqrTWFrL0t8az9W8lWG7YYsxUxk9cwRo5PyEko1M
+kAKrbDMb+02Iw35yeuxFY33dl7KqpaWy43ksX/ROxX4S0InQywaQejXyt5A1cJN1
+t+G0aKdRp40MDKtOkZfFGlUSFZIhB0dxKVfSKJE/SIeYZzROTuyCNe/2wwufxgpa
+uztUf5ipVnINupiztWGw5c5Wp40ptQ/0K4/35KrZhMoFGR9DtImAPpZocuiFdJDt
+uqqapxGfJ876S4hFjRAkHSNRsAySul9zFLnIJ+Smk5xsvQZK4yjDwZfSs9b7WPKg
+7NCxl5bF5dIbWRYdRBNjHQ4m3LyYmqKzQqALSYT54/9O35B7rb1fOB2SFIuME0QI
+5XQq9QsH/f5rW8U6Ixzw1582B8fO1TMRhCqMyXozmsBJoWdCIQTQiVNyrbgLi+ss
+wKiKq4AymLXFMSpI4TOCc+rKiAdMpLbNO8Ndox5hZEGz+mqg84cgC/rkJc/P03KR
+uo0+rb5eSfJw9t+uzBXDmFHynayj0CB8wW9iwXknpdlHDo1z
+=7Otr
+-----END PGP MESSAGE-----
diff --git a/tests/openpgp/plain-1.asc b/tests/openpgp/plain-1.asc
new file mode 100644
index 0000000..f62fb15
--- /dev/null
+++ b/tests/openpgp/plain-1.asc
@@ -0,0 +1,26 @@
+-----BEGIN PGP MESSAGE-----
+Version: GnuPG v1.3.5-cvs (GNU/Linux)
+
+hQEOA6urKKJHvid1EAQA0MchGc7vZsjUgxdII4lo/2jRDesMmLDN4U0uOgExvyhD
+u1OtQBJF8iHgNdDEf8/R3GWhRE94IpVwLqzKTqfVmyKIFd80/Qe4h37TUPpEf8Ex
+f7WaIBk/9OSDNKOkCwZ5OH9xGaorhBwYiTNJlEEGv5zcDte9ZoLO7WhWFfHp3b0E
+AJYk/tf3oV4sJSn8AbUa8UC2tAdpNM1Lx+UEuCtxevYRpWeDVDok7/xuaa/wcb39
+lKyhUV+FBUH++k59K4GVqykOz02hmFl97O+4bAldgP6cVTm0Gh7jwMcJANzhLW/O
+MR5birB+HPKOotMIfhggzxsAt6ESrviIlknkGqwKXWog0ukB/npOqQdu1GmvJqoC
+k6ElA6xZPY5HTF/JLKlLXFfIIKLeuyckKwGDkVNFE7JYPW+dfxcGH9z1KXaNNllY
+V4OKGQh3+gMaoJSY2X7PsmjC4fvi3g6rr360ATr5f82Mr8GPa3x21XLdIFZ04vTe
+yE3kwdcarkiT1QQLnOXk/yRBxJwiA5loL9crVdC2WyOV3B3DG33/yas8krw4BYWw
+DzAgxNtZR4MQXcj83WwoflMo43dYUq3Pk7ZnzKN04O8m9w0gxVxCpXu4ds9emMdJ
+WS4eNTPUOnzeWttkfYcd3SarK6COi9iBosFT2QF80FwDSlH3XdEo7rD1j6WJ5GeX
+RbHDvIm9g0xB23S7jmtfdqIHndvPKLmwW2B1VC1mbjcDUo6pyUb31GBd1zFVhT69
+ijhiEwBlr8uWxROdwJd/7IVIB/RYHLr5P3M8p08hdEdS1IMQbNEE4Y25fRdcc6g8
+fVEAExbG01K1EJhRLxoHzgnAkxDTV2HSwlqbFvKEzUfE+rMHApmSX2lfMvKgueYz
+JpA7nxuf79Wk17bjNvuVQwokhXpzw7FyPPdD7h4Z30LW0ozvSVgs2tigWCAysIKB
+3ZIolchqBoj0ddJgbPXrx09r1oCckEmdj1KtZsci9m+CFA8d22uxXBec0HkEHZpr
+EHlqEZfNTmqowoDtJ8KT+S8VPsALEyDnrqm3s4i44OwgvsPiKOST1xwk6lIJ5isu
+fO76RHTQ2jc8z7+sKyNffVugfjYVRj54/8Gj34QkrVo/42rlvg398tpbAbWuNq8w
+PM//M6eVD4IRDYEGrGOk7prd9mgdbWnOWpasirhr41kePu2vsrIUkJWHmOgdMQDH
+cSSzI8C5NpafROHAhMsUymcJ5dKksvPubh5IAdgtH+m6yDnNUJT8s6WV1f1RpSsQ
+L/n3dhti76l0XtfZ7aST8j46B1JPNDx8+r6Xl9IUbSU=
+=xK46
+-----END PGP MESSAGE-----
diff --git a/tests/openpgp/plain-1o.asc b/tests/openpgp/plain-1o.asc
new file mode 100644
index 0000000..973b293
--- /dev/null
+++ b/tests/openpgp/plain-1o.asc
@@ -0,0 +1,28 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GNUPG v0.3.4 (GNU/Linux)
+Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/
+Comment: Use "gpgm --dearmor" for unpacking
+
+PCEtLSBEaWVzIGlzdCBTZWl0ZSAzLCBkb3J0IGlzdCBrZWluZSBTZWl0ZW56YWhsIGFuZ2Vn
+ZWJlbiwKICAgICBvYmVuIHJlY2h0cyBpc3Qgd2llZGVyIGRlciBTdGVtcGVsIHZvbiBtZWlu
+ZW0gT3BhIHp1IGZpbmRlbiAtLT4KCjxzZWN0MT5OYW1lIDxxPkdyb98tQmFydGxvZmY8Lz4K
+CjxwPgpEZXIgTmFtZSA8cS9CYXJ0bG9mZi8gaXN0IHNjaHdlciB6dSBkZXV0ZW4uIE1hbiBo
+YXQgdmllbGUgTXV0bWHfdW5nZW4KYW5nZXN0ZWxsdCwgdm9uIGRlbmVuIG1hbiBhYmVyIGJp
+c2xhbmcga2VpbmUgZWluemlnZSBhbHMgdW5iZWRpbmd0CnJpY2h0aWcgZXJrbORyZW4ga2Fu
+bi4KPGZvbnRpbmZvIHJlbT0ibWl0IExlZXJ6ZWljaGVuIGdlc2NocmllYmVuIj5Vcmt1bmRs
+aWNoPC8+IHdpcmQgZGFzCkRvcmYgYmlzIHp1ciBSZWZvcm1hdGlvbiBzdGV0cyA8cS9CYXJ0
+b3JmLyAoYW5ubyAxMjUzKSB1bmQKPHEvQmFyZG9yZi8gKDEzMDYsIDEzMTgsIDEzMjksIDE0
+MjkpIGdlbmFubnQgdW5kIGRhc18gc293b2hsIEtsZWluLQp3aWUgR3Jv32JhcnRsb2ZmLiBF
+cnN0IDE1ODYgaW0gQmlzY2hvZnNzdGVpbmVyIEp1cmlzZGlrdGlvbmFsYnVjaApoZWnfdCB1
+bnNlciBEb3JmIDxxL0JhcnR0ZWxvZmYvIHVuZCBzbyBhdWNoIGluIGRlciDkbHRlc3RlbiBu
+b2NoCnZvcmhhbmRlbmVuIEtpcmNoZW5yZWNobnVuZyB2b20gSmFocmUgMTY1MS4gTkFjaCBk
+ZW0gSmFocmUgMTcwMCB3aXJkCmluIGRlbiBVcmt1bmRlbiBiZWdvbm5lbiwgZGVuIHZvbGxl
+biBOYW1lbiA8cS9Hcm/fLUJhcnRsb2ZmLyB1bmQKPHEvS2xlaW4tQmFydGxvZmYvIHp1IHNj
+aHJlaWJlbi4KLS0tLS0tLS0tLS0tLS0tLSBbd2VnZW4gZGFzaGVkIGVzY2FwZWQgdGV4dF0K
+PHA+Ck5pbW10IG1hbiBhbiwgZGHfIGRpZSB1cmt1bmRsaWNoZSwg5Gx0ZXN0ZSBCZXplaWNo
+bnVuZyBCYXJ0b3JmIGRpZQp1cnNwcvxuZ2xpY2hlIGlzdCB1bmQgbmljaHQgZGllIG11bmRh
+cnRsaWNoZSBCYXJ0bG9mZiwgc28ga/ZubnRlIGRlcgpOYW1lIGd1dCBnZWRldXRldCB3ZXJk
+ZW4gYWxzIERvcmYgYW4gZGVyIDxxL0JvcmRlLyBvZGVyIGFtIFJhbmRlCm9kZXIgYW4gZGVy
+IEdyZW56ZSBlbnR3ZWRlciBkZXMgV2FsZGVzCg==
+=m1k/
+-----END PGP ARMORED FILE-----
diff --git a/tests/openpgp/plain-2.asc b/tests/openpgp/plain-2.asc
new file mode 100644
index 0000000..5a774a6
--- /dev/null
+++ b/tests/openpgp/plain-2.asc
@@ -0,0 +1,31 @@
+-----BEGIN PGP MESSAGE-----
+Version: GnuPG v1.3.5-cvs (GNU/Linux)
+
+hQEOA6urKKJHvid1EAP/aYXFOkxPzbBB0SWtyX+yyvZso8i1WJS3pzrHNXcXQSQx
+xOAfmlCiuXYrjEzlyDAn7k7RLAhUB/ffI58HnbkQ7btWujrHig/V1tQ0j5igR85M
+3y2/msWu2c2pyeZnx29LzeoJ2aMVTbMObszlG+TNOuhCNn4unvbShrkFjNK5fi8E
+AIHiavE77ZPfcaUrXp6FJ6OuhbnJQ8y8CVpH++ddgU6xXK1vByMSsYqiOjfq08gV
+MzqT1eMVvKhSjl3R6Ktl7j+ErYM4KuIofIZsKc8M3JnoTSrLqWSEBq+DEiaSI58i
+SMJfzxfKA84bpJyLIjp4bjRIXveYoX8UjEnSNr3xuDIq0ukBoVe6Bx8lBActcwE+
+kE7EffSBHUmnm8cvwZan+Ms8t9p9aQEzBxV/LfEXZyk36lK35zCH188iJR+tt9zs
+rNubkRuOjq9jAcBtrvgjTTO91Ru7z4RCYeMfnX9AauJZFShBNYN46GTIwqMWE9vq
+B/IYFH9/L2nufcrDQ6u5WxJo0y2FoPqVS4RKEZ4FlKnlT2Op0X1k9w+1nWTtKwQx
+fPsB+YRSKmVbZOXDeKAIVEyGHgR1Hj6pbo/IeHSJ2DJt5OFu6eLQYjxYjM7BPjPD
+Gn+lTUvqw5ykYpCcnvpEx25+qHh5HI11Hi0sLKzvB92hhsQ7+lU2D+iAzsMJKdwE
+u2bCnrZokzZwDBy6NISQ+hoc6NPPezQM4FLN0BB752fa9DYMQo5nEGfPUM7fv51A
+nUdGOmaDVWY54GQxiYzl0JAT41sQSYlVHcWBCGNAm064y+tsHVjDYcf5uze/3Iuw
+m/IbRGLBT7x+j2OqMX30yXoeHCg0/M/2c6vIzhdHEsJjTbTr+M4bMii/mB5kSo/7
+x5R14Lr0mwnPNDFHG2egqd5uL8985+5BENm7q0pQHKGM5NxkjVSWCpzRgKcSEq5A
+x4Q2HbhEJNP6ZonnZkDmGM52Eq62eaR7t8+k9px35osfiTiClmVrjsTgl5Kvatk0
+oL1aYEwp8OtavoSwidUTk+Xb+cEE09P5bnCFs5Js0e5wdo+/izJ6iBuF+PndTh4i
+4ppFmt8/GZ63MKBJu4CZE7QJMVAcmmCrsGRONP2JVgmyaBjrIl5xk9FPXQVY0AJx
+gl3/jO/QFHYs+dlrQ3aqg8Mm0eZyLmZEYjoNibD8PW0keYiVfTF7EGl4jS2sAboc
+AOzbuABa+30vIjJRWeW5UdTcLyNK7B2qWk6dqpRn9ps3cwCWUiTIcIRgot4PY+3M
+8BL4smyZIP1Fmz/woL7gSVIaJHMExHjYPyRlfo+6Vfy3hh3zdiB9e5xA8QRFKgUb
+Px5ShU5bBykfvFBJjgKU1XLBKqdklaudf3+v8F3LPIyuO6vTYzOIU9UKAHy9CrA2
+kAZ8kgHBTtAjmKuJjASBCZHPepq0G9SaRDQI5g4DXx0LXPX3y5xkwVI6kd0QmsMF
+UU4ij/xjzIPN/AxBgQI8HKk56FnaX0JKoHm7mqWa+1TzbuvJjio4J/IN9XXzVqb1
+YL+mkx607hdW9oJltXLO5eio0pb12v/0YXAQlsrlJJNPCUW5hYFv/vH1rHzR98xx
+nx4PXElm8VUuhKDxdVi9Ipo8fL9Amu3PwYonzOck3R2W4wwlmcopVQQ=
+=Ng8B
+-----END PGP MESSAGE-----
diff --git a/tests/openpgp/plain-2o.asc b/tests/openpgp/plain-2o.asc
new file mode 100644
index 0000000..562e5f0
--- /dev/null
+++ b/tests/openpgp/plain-2o.asc
@@ -0,0 +1,36 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GNUPG v0.3.4 (GNU/Linux)
+Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/
+Comment: Use "gpgm --dearmor" for unpacking
+
+Cgo8c2VjdD5Wb3J3b3J0CjxwPgpEZXIgV2VydCBlaW5lciBPcnRzY2hyb25payBpc3Qgb2Zm
+ZW5iYXIgdW5kIGJlZGFyZiBrZWluZXIgRXL2cnRlcnVuZy4KTWl0IEF1c2JydWNoIGRlcyBX
+ZWx0a3JpZWdlc18sIGlubWl0dGVuIGRlciBnZXdhbHRpZ2VuIEdlc2NoZWhuaXNzZSwgZvxo
+bHRlCmRlciBLbGVydXNfIHVuc2VyZXNfIEVpY2hzX2ZlbGRlc18gZGFzXyBtZWhyIHdpZSBm
+cvxoZXIgdW5kIHNvCmVyc3Rhcmt0ZSBkYXNfIFN0cmViZW4sIGVpbmUgc29sY2hlIE9ydHNf
+Z2VzY2hpY2h0ZSB6dSBzY2FoZmZlbiwgdW0KdW5zZXJlbiBOYWNoa29tbWVuIHp1IGJlcmlj
+aHRlbiwgd2FzXyBhdWNoIGRpZSBrbGVpbnN0ZW4gRPZyZmVyIGluCmRlciBncm/fZW4gWmVp
+dCBnZWxlaXN0ZXQsIGVybGVidCB1bmQgZXJsaXR0ZW4gaGFiZW4uCjxwPgpVbmQgc28gYmVn
+YW5uIGF1Y2ggaWNoIGltIERlemVtYmVyIDE5MTQsIGRlbiA/Pz8/Pz8/Pz8KU3RvZmYsIHdv
+IGltbWVyIGljaCBpaG4gYXVjaCBudXIgc28gc3DkcmxpY2ggZmluZGVuIGtvbm50ZSwgenUK
+c2FtbWVsbiwgaWNoIGJlZnJhZ3RlIHp1buRjaHN0IGVtc2lnIGRpZSDkbHRlc3RlbiBMZXV0
+ZSwKZHVyY2hmb3JzY2h0ZSBzb2Rhbm4gZGFzIGdhbnplIFBmYXJyYXJjaGl2LCBkYXMgU2No
+dWx6ZW5hcmNoaXYKYmVpZGVyIFBmYXJyZPZyZmVyLCBkYXMgS29tbWlzc2FyaWF0c19hcmNo
+aXYgenUgSGVpbGlnZW5zdGFkdCwKZW5kbGljaCBhdWNoIDE5MTYgZGFzIFN0YWF0c19hcmNo
+aXYgenUgTWFnZGVidXJnLiBTZWxic3R2ZXJzdORuZGxpY2gKYXJiZWl0ZXRlIGljaCBhdWNo
+IGRpZSBlaW5zY2hs5GdpZ2UgTGl0ZXJhdHVyIGR1cmNoLiBHYXIgdmllbGUgWmVpdAp1bmQg
+TfxoZSBoYXQgZXNfIGdla29zdGV0IHVtIG5hY2ggbWVociBhbHMgOCBKYWhyZW4gZGllIE9y
+dHNjaHJvbmlrIHZvbgpHcm/fYmFydGxvZmYgdW5kIHZvbSBGaWxpYWxkb3JmIFdpbGJpY2gg
+Z2Vzb25kZXJ0IHp1IHNjaGFmZmVuLgo8cCB2c3BhY2U9IjJleCI+CjxiZj5Hcm/fYmFydGxv
+ZmYsPC8+IGRlbiAyMy4gTeRyeiAxOTIzLgo8cCB2c3BhY2U9IjNleCIgYWxpZ249cmlnaHQ+
+CjxiZi9OaWtvbGF1cyBH9nJpbmcsLyBQZmFycmVyLgo8L3A+Cgo8IS0tIEhpZXIgZm9sZ3Qg
+ZWluIFN0ZW1wZWwgdm9uIG1laW5lbSBPcGE6CgkgIFJ1ZC4gS29jaAogICAgIEdyb99iYXJ0
+bG9mZi9FaWNoc2ZlbGQKCUFuZ2VyIDE2MQotLT4KPCEtLSBGSVhNRTogaGllciBrb21tdCBl
+aW5lbiBaaWVybGluaWUgLS0+Cgo8cCB2c3BhY2U9ZmlsbD4gPCEtLSBEZXIgUmVzdCBrYW0g
+YW0gRW5kZSBkZXIgU2VpdGUgLS0+CjxwIGFsaWduPWNlbnRlcj4gTGl0ZXJhdHVyOiA8L3A+
+CjEpIEpvaC4gV29sZjogUG9saXRpc2NoZSBHZXNjaGljaHRlIGRlcyBFaWNoc2YuIEf2dHQu
+IDE3OTIgdW5kCkz2ZmZsZXIgMTkyMS4gMikgSy4gR2VzY2hpY2h0ZSwgV29sZiAxODE2IEf2
+dHQuICAzKSBLbmllYjogR2VzY2guCmRlciBSZWYuIHUuIEdlZ2VucmVmPz8/Cgo8IS0tIEZJ
+WE1FOiBEZXIgUmVzdCBmZWhsdCBub2NoIC0tPgoKCgoKCgoKCjwvc2VjdD4K
+=9nnj
+-----END PGP ARMORED FILE-----
diff --git a/tests/openpgp/plain-3.asc b/tests/openpgp/plain-3.asc
new file mode 100644
index 0000000..b2206ae
--- /dev/null
+++ b/tests/openpgp/plain-3.asc
@@ -0,0 +1,13 @@
+-----BEGIN PGP MESSAGE-----
+Version: GnuPG v1.3.5-cvs (GNU/Linux)
+
+hQEOA6urKKJHvid1EAQAreXx68NPUPpiNhqRyM//Y97N8hX5iAWq3WxXTa8D6Hy9
+81Jy2wI4IeDhHIoWuXMIX2oVL//V1+LyLkrF/tutBVvqct0TUDUWqb4Ydpfk2l5j
+FfSybWW1fS4D1e0KVB3Lfj2Y4cCoT/+zyq7jUKQE++qNefPBzeaRWY4qeI6xXF8E
+AMj01HPe0ZwIBWqiIYv91Q7rGzEZm0ROPilgSQjUvCdsNQGhZpFGTl6uMSU0lmp8
+SD2EKv3xGeo2nMPy/Xp4JoYAMW+fjJh+wM6uT84nJgCVaeWyR7HAfF1U4rzqz7DF
+amPozuwuZiyjoo/wB1irZSl90t5Oa69oMesZtGMvwBN10mMBM0TotT4gjgviv5uY
+kLjD7DM79xy0drptNypmcVcjnDunM6bSEhTyq/fahdaULTYcwSOTXVMyesNpmLCb
+ziayleyuSaXPxIqWTgSfkab/W2FGWZvbexYaSaWXmDqsyzs81o0=
+=JDKF
+-----END PGP MESSAGE-----
diff --git a/tests/openpgp/plain-3o.asc b/tests/openpgp/plain-3o.asc
new file mode 100644
index 0000000..409b9c2
--- /dev/null
+++ b/tests/openpgp/plain-3o.asc
@@ -0,0 +1,10 @@
+Stored by G10, because diff/patch have problems with
+files not having a trailing LF - and this one has none.
+
+-----BEGIN PGP ARMORED FILE-----
+Version: G10 v0.2.6a (Linux)
+Comment: This is an alpha version!
+
+RGllcyBpc3QgZWluZSBlaW5mYWNoZSBaZWlsZSBvaG5lIExGIGFtIEVuZGUu
+=ZQ6m
+-----END PGP ARMORED FILE-----
diff --git a/tests/openpgp/pubdemo.asc b/tests/openpgp/pubdemo.asc
new file mode 100644
index 0000000..d550f1a
--- /dev/null
+++ b/tests/openpgp/pubdemo.asc
@@ -0,0 +1,566 @@
+26 demo keys:
+
+pub 1024D/68697734 1999-03-08 Alpha Test (demo key) <alpha@example.net>
+uid Alice (demo key)
+uid Alfa Test (demo key) <alfa@example.net>
+sub 1024g/46A871F8 1999-03-08
+pub 1024D/1AFDAB6C 1999-03-08 Charlie Test (demo key) <charlie@example.net>
+sub 1024g/BC43DA60 1999-03-08
+pub 1024D/FAEF6D1B 1999-03-08 Echo Test (demo key) <echo@example.net>
+uid Eve (demo key)
+uid Echelon (demo key)
+sub 1024g/7272144D 1999-03-08
+pub 1024D/8FC282E6 1999-03-08 Golf Test (demo key) <golf@example.net>
+sub 1024g/9DCAD354 1999-03-08
+pub 1024D/04259677 1999-03-08 India Test (demo key) <india@example.net>
+sub 1024g/61F76C73 1999-03-08
+pub 1024D/43C2D0C7 1999-03-08 Kilo Test (demo key) <kilo@example.net>
+sub 1024g/9AF64D02 1999-03-08
+pub 1024D/A9E3B0B2 1999-03-08 Bravo Test (demo key) <bravo@example.net>
+uid Bob (demo key)
+sub 1024g/E29BA37F 1999-03-08
+pub 1024D/EB9DC9E6 1999-03-08 Delta Test (demo key) <delta@example.net>
+sub 1024g/B0C45424 1999-03-08
+pub 1024D/7372E243 1999-03-08 Foxtrot Test (demo key) <foxtrot@example.net>
+sub 1024g/EE45198E 1999-03-08
+pub 1024D/34C6E3F1 1999-03-08 Hotel Test (demo key) <hotel@example.net>
+sub 1024g/D622AD0A 1999-03-08
+pub 1024D/D2699313 1999-03-08 Juliet Test (demo key) <juliet@example.net>
+sub 1024g/35F8F136 1999-03-08
+pub 1024D/B79103F8 1999-03-08 Lima Test (demo key) <lima@example.net>
+sub 1024g/FE56350C 1999-03-08
+pub 1024D/BE5CF886 1999-03-08 Mike Test (demo key) <mike@example.net>
+uid Mallory (demo key)
+sub 1024g/4F31EAE8 1999-03-08
+pub 1024D/30CEC684 1999-03-08 November Test (demo key) <november@example.net>
+sub 1024g/8B70E472 1999-03-08
+pub 1024D/6D9732AC 1999-03-08 Oscar Test (demo key) <oscar@example.net>
+sub 1024g/2681619F 1999-03-08
+pub 1024D/3FF13206 1999-03-08 Papa test (demo key) <papa@example.net>
+sub 1024g/63330D9C 1999-03-08
+pub 1024D/3C661C84 1999-03-08 Quebec Test (demo key) <quebec@example.net>
+sub 1024g/A029ACF4 1999-03-08
+pub 1024D/777FBED3 1999-03-08 Romeo Test (demo key) <romeo@example.net>
+sub 1024g/11D102EA 1999-03-08
+pub 1024D/A3AE3EA1 1999-03-08 Sierra Test (demo key) <sierra@example.net>
+sub 1024g/0F1B50B4 1999-03-08
+pub 1024D/85A81F38 1999-03-08 Tango Test (demo key) <tango@example.net>
+sub 1024g/101C0402 1999-03-08
+pub 1024D/653244D6 1999-03-08 Uniform Test (demo key) <uniform@example.net>
+sub 1024g/5522BDB9 1999-03-08
+pub 1024D/61F04784 1999-03-08 Victor Test (demo key) <victor@example.org>
+sub 1024g/07287134 1999-03-08
+pub 1024D/EC67DBDE 1999-03-08 Whisky Test (demo key) <whisky@example.net>
+sub 1024g/FD6E27F6 1999-03-08
+pub 1024D/567FB34A 1999-03-08 XRay Test (demo key) <xray@example.net>
+sub 1024g/41E408BE 1999-03-08
+pub 1024D/4B11B25F 1999-03-08 Yankee Test (demo key) <yankee@example.net>
+sub 1024g/F7B080AD 1999-03-08
+pub 1024D/54ACD246 1999-03-08 Zulu Test (demo key) <zulu@example.net>
+sub 1024g/A172C881 1999-03-08
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v0.9.3 (GNU/Linux)
+Comment: For info see http://www.gnupg.org
+
+mQGiBDbjjp4RBAC2ZbFDX0wmJI8yLDYQdIiZeAuHLmfyHsqXaLGUMZtWiAvn/hNp
+ctwahmzKm5oXinHUvUkLOQ0s8rOlu15nhw4azc30rTP1LsIkn5zORNnFdgYC6RKy
+hOeim/63+/yGtdnTm49lVfaCqwsEmBCEkXaeWDGq+ie1b89J89T6n/JquwCgoQkj
+VeVGG+B/SzJ6+yifdHWQVkcD/RXDyLXX4+WHGP2aet51XlKojWGwsZmc9LPPYhwU
+/RcUO7ce1QQb0XFlUVFBhY0JQpM/ty/kNi+aGWFzigbQ+HAWZkUvA8+VIAVneN+p
++SHhGIyLTXKpAYTq46AwvllZ5Cpvf02Cp/+W1aVyA0qnBWMyeIxXmR9HOi6lxxn5
+cjajA/9VZufOXWqCXkBvz4Oy3Q5FbjQQ0/+ty8rDn8OTaiPi41FyUnEi6LO+qyBS
+09FjnZj++PkcRcXW99SNxmEJRY7MuNHt5wIvEH2jNEOJ9lszzZFBDbuwsjXHK35+
+lPbGEy69xCP26iEafysKKbRXJhE1C+tk8SnK+Gm62sivmK/5arQpQWxwaGEgVGVz
+dCAoZGVtbyBrZXkpIDxhbHBoYUBleGFtcGxlLm5ldD6IVQQTEQIAFQUCNuOOngML
+CgMDFQMCAxYCAQIXgAAKCRAtcnzHaGl3NDl4AKCBLmRplv/8ZfSqep5IjqEAuaXv
+WwCgl6NEzT+/WewPTGcwZY+pLkycLv20EEFsaWNlIChkZW1vIGtleSmIVQQTEQIA
+FQUCNuO2qwMLCgMDFQMCAxYCAQIXgAAKCRAtcnzHaGl3NCeMAJ9MeUVrago5Jc6P
+dwdeN5OMwby37QCghW65cZTQlD1bBlIq/QM8bz9AN4G0J0FsZmEgVGVzdCAoZGVt
+byBrZXkpIDxhbGZhQGV4YW1wbGUubmV0PohVBBMRAgAVBQI247hYAwsKAwMVAwID
+FgIBAheAAAoJEC1yfMdoaXc0t8IAoJPwa6j+Vm5Vi3Nvuo8JZri4PJ/DAJ9dqbma
+JdB8FdJnHfGh1rXK3y/JcrkBDQQ2448PEAQAnI3XH1f0uyN9fZnw72zsHMw706g7
+EW29nD4UDQG4OzRZViSrUa5n39eI7QrfTO+1meVvs0y8F/PvFst5jH68rPLnGSrX
+z4sTl1T4cop1FBkquvCAKwPLy0lE7jjtCyItOSwIOo8xoTfY4JEEXmcqsbm+KHv9
+yYSF/YK4Cf7bIzcAAwcD/Rnl5jKxoucDA96pD2829TKsLFQSau+Xiy8bvOSSDdly
+ABsOkNBSaeKO3eAQEKgDM7dzjVNTnAlpQ0EQ8Y9Z8pxOWYEQYlaMrnRBC4DZ2Iad
+zEhLlIOz5BVp/jfhrr8oVVBwKZXsrz9PZLz+e4Yn+siUUvlei9boD9L2ZgSOHakP
+iEYEGBECAAYFAjbjjw8ACgkQLXJ8x2hpdzQgqQCfcDXmD8uNVdKg/C9vqI3JSndq
+knsAnRxzVeHi/iJ73OCKtvFrHbV9GogqmQGiBDbjkGcRBAC/DCQungO2iJ7j9+9q
+d2crjBU8K+AmQhs27JBkJqtAbC/xFqkHBsA1Pi8Zb6TLa/OCm2PbXFiM5x00wiEn
+VKNzuGOzU8uHB6kwWtLj8+V7VOWOkSDEtnlTF6u0y9JOvs7GwDvqOM5C3QH7La+z
+nNeAu1527Hj6l0XGSAzyvp+NkwCgnktU11VFpKSIdoplZBayN9OzT8sD/Awc/890
+fiSMWYNGo4+n6IHxhjBBM9lL+DAe1RtCEtwUSWNrGsIxFnDRkMxvMpaT4GusG+DP
+haTddrDBSyFiCLxKDBYgMbSO6wQ9g6zWEEh1ZMTMVU/akr81DOEColXn/f3Q4sRj
+xI3hu2z8tjVewAPNTuWETQ6iHHoVqdpkK4aABACfbMrnfK6TujxSs91MfKBWfYxy
+w9hjM6+VV8cJJdDXiheMKzWcrVecwgYYzukmNinO//BRmQcs1wdfi5UdfHLNFDig
+w96SdyZpHx+79ghD3NqDmzYakoRIoDKcZAIrAjgfl5if6vIiA4c1LjhSdcVTBsSy
+ic/mkk01EgztWKY0abQtQ2hhcmxpZSBUZXN0IChkZW1vIGtleSkgPGNoYXJsaWVA
+ZXhhbXBsZS5uZXQ+iFUEExECABUFAjbjkGcDCwoDAxUDAgMWAgECF4AACgkQQT9K
+8xr9q2w+RACfX3AwFwPu5+mr/f1Sa/Wv0m9T57gAn1TBIoUErMqJehQZu73N0u93
+fqSKuQENBDbjkIIQBAChY8NSvu6sK0p4D0AVBsRz8iVXYqbRlRTZAHS4LCXwx/i8
+FmfdIXnaNLOoyi44YruSCnlZdh4YWquCx2mgywG589AzcFhahmqElNbKb7m4F//E
+GIZK0zTgW13tQwG9hTXOhYeqchnOOaDDwPEK1Gr+2o/5ANqhqrin0TFFBWLgdwAD
+BwP/R009s61X/FkUUAh8w4Tua6qndN/2GsqXsyPYjdF5E3gErK8jDcDLniOHqksw
+V17bJG81czCRE5JcVFLLWQJg9cpeoTpP+YcF+m9whtswaOJ/LPrx888i/OmluSD8
+1VP+6zBhhTUbpazfLEdt3XczpW7CNdNbyiEcgT+6Cr+W2GaIRgQYEQIABgUCNuOQ
+ggAKCRBBP0rzGv2rbLWtAJwNtSGPYjbesLSTeRwKGA5ffZiFDgCfTPC6I+XyGavj
+HJraHTgS/bSCN0OZAaIENuORzREEAIrOxkw6rRDOpbqKenlrMRYvfqoVFafTekvs
+ZW8M0GVQOBYwqn9VUfSV/H8Iy3nJsU+cU4UFXEaoHhVWgspMtjYHvxXBTD2UHmj+
+Y7+RkVnOT7x/UsPKbxjkweeleGXkeHECwwZuQhebSrtQQllqtjCx33Le013ukAs2
+SnI83cPLAKDfVb6yjfhG0Avkx83VmlFqXXH1pwQAhVhMi1T06SNYzbKAmdNBfBWr
+v9m2l5PJnUTpSWUum6ueJLHzkEM0XgVnHt+YdFuzXgUafsnqEn+2N4tI0zuJqzoi
+/9DQnEvKijZxihtYq3S3rN6UIQ2aXFHthvVtxZxocZeluYaWHPeedJlI9h9yObZn
+0mLFXFY6TUiHQYs8RNgD/0iNbequyxzEKdIdzD0Ns+3WjIVBlYl51Zdvqyo2+U+2
+70hXVdIssrsqKr1DwRlsCRSwMY+nrB0ZUOlvLaIB7qCQke3C9myu/fJoGDhMZOYA
+XsatVR0EGTdXnSuCxqNhEiqwlbZGMAcwFO+oWBSgGyjFPHTMSOw0XS42d73UNxTa
+tCdFY2hvIFRlc3QgKGRlbW8ga2V5KSA8ZWNob0BleGFtcGxlLm5ldD6IVQQTEQIA
+FQUCNuOkfwMLCgMDFQMCAxYCAQIXgAAKCRAxjB+u+u9tG2cDAKCzaFoiAm79QSmY
+ISeiM7XMKhoHDACaA8CU1j8+20C7rNipOHYz3KfUMhe0DkV2ZSAoZGVtbyBrZXkp
+iFUEExECABUFAjbjuAADCwoDAxUDAgMWAgECF4AACgkQMYwfrvrvbRsg3QCeOMf0
+g3znbc8IBiTrIPUgUz9p3WoAoJ6eRZTZk7z+hTyx4JDceReQbYlGtBJFY2hlbG9u
+IChkZW1vIGtleSmIVQQTEQIAFQUCNuO4HwMLCgMDFQMCAxYCAQIXgAAKCRAxjB+u
++u9tG16mAJ46lQbmtWRZUldQtp4ZnOptP7ZJtQCfceYMZfMAnqUKJiHk2tMhvwDv
+Ah25AQ0ENuOR/xAEALSl7SaNEf8mYovea5tJNEwoZx3vv6XymyXga1wDqKo2PeDr
+nRDbHGBb5BvWIv1J6Igk/wq4R+Pq989UpkcqREB+yOeluE3zPPtZBrbLySSaqiMe
+gYiHnAAPc0TqjH7UPZa+fJKZTUk64BCUQN9ELkL2FKtAGQ7RNQJYvbCq4O/XAAMF
+BACXdO4a3ZIK5hJejhHZ01mkHa6Sqoc6PuedNC7tlWiLU62BljGiv/DvzcbMsnvk
+991AxJ3pP4ZvKr5CClqIG+WZa1zmtwXdmCfGJb2fbNSVD4zp16e5slPr8Cp+fvIv
+2/SyvwruROs+oAzSVvoMAzAGSk3yj5nT5oikbn+M62fC5IhGBBgRAgAGBQI245H/
+AAoJEDGMH676720bj5AAnRH+1me1/iHDnS5ltXysOdl24/BMAKCPThApQ7lJe8LY
+r61+lXUUwr1TKZkBogQ245LREQQAubUOd0B7cFzJHF5vo5NwiMZ1JXPjyNqL2OWE
+/XfaeJiB55oMmVEPmK1JF69wU7ZBpo1l4PEIWcP7WRMqvBEFl+8LnelRkSW95kwF
+r3D8TRnarZy3kfiBF1t33dnkVTaZYxCDKOBdZ/ZiRvLa6gZ/KHhITfzaS7h36G2M
+bAlGlj8AoKQPFsEPjByKYdx72m5/2Ju/4d4jA/oCNAKaJH7N8Y3HLis1ShhpytJP
+1yC9GJjtec3ugzYSC7RKV3NJcBeCX4om3KhiDSN6YYVICf4wdqz6TAocoqPzR2t7
+Fz6+upxIgh5WGnnCs2e7uO1eXUCSXONfiDEDzRKGTQjkdvwFo+880DkiGln/qmRr
+cILA568dwNnOrBio5QP/dbkpUBhqGDr2LchpkoYyQlqzbvUpXJ1xlfZim1jfrmdf
+sk83dE3iBzvmT8ByIZcMoqDEHil95LmJp3qw1yVeApP/ZWR+0XiBLEF9GhcAOc5i
+hH2ACSXLWiRXpyMmK2/erTvTX3QkAcqoQ1cFWCwNNCrlgycB84Hdm5GXdajp7cC0
+J0dvbGYgVGVzdCAoZGVtbyBrZXkpIDxnb2xmQGV4YW1wbGUubmV0PohVBBMRAgAV
+BQI245LRAwsKAwMVAwIDFgIBAheAAAoJEBaEEKSPwoLmIuMAn222gK7ibwOXzIKd
+/gZP09JC/3+eAKCOelaqqYqNNbku0gA84+O7d1kMqrkBDQQ245L8EAQAtsGp/UnA
+1y4AqjewlkkTOQevLwtzwm3pmLLjl2Y3TfGn8Ni0h8Wd27kV32MUZyTaNaZuDxpD
+EO2aUIpGWVQmWvlqCFV2F0Z2AI8R4bx1tC2kD758hUvR+S2hn9lK7E1lQPuvec2L
+Eml+uvVxW/Vm4iDBgeMlIlz70MFC9LUnfpMAAwUD/At7Clo7D4dNk43BMvhQ8VgJ
++INy37Dj8PHX2sCZZ/tIfSwNIU3m2ygSVreTlDKo406v6Qmefs/m9dH9lsBE/8QL
+40Ek3SY6xV/QzTVN44QgnpRKWpfaMbGzWJVXeczlNkTeIZZo/nhDm+aMucMu/e7E
+KbG64BnrQk7Lz6LSKb2xiEYEGBECAAYFAjbjkvwACgkQFoQQpI/Cgub37ACgicCk
+6XvTqEv34RXVSkhf+EcDHOMAn3krqPc5ZeSJGa7RfRcVhm5QtcvymQGiBDbjlLER
+BADIbiZFRBlqCMOCXTECdpJssJDnAmpir+yfAKX4hsOVdygepdA071Ams8rApABS
+/c2+Tuaplad8w+iyQs4BKuzqeQK/YWj0DDqyY2LM7qJbvFd6nC/GOGjiEucTTSgY
+8IOFScBTTks7alMGjHAdWzSjq+1ppWJeTSzp04UKhV1/0wCguOIaUr/cMVahSuoi
+K4Tdot+CR10EAKunWycnUG2IaGYqO3sCfpChzktWdTjUn9ESJAjKK1QUC89f5+Kr
+MPITdUPypf++9MumBkJi+8R0GVJ8zwhwKfX9CHhrD0kfO68pCDxZyW+dDzOr/tFX
+0nuH9pL8oiEMkikaGLph+N+N1Ip8thh+vdLhNUr3EPRlrcAfv+WtOpbyA/9+kpa7
+x8nIn2SofJisj+PjKS3lAoGPe0eOoK/sVBvgVjy3Gc3d8vMG29r+2WRIpGwuhuLG
+NlQYX65BHV1MK/TjYvFnpoRSqtTK3GpRzTmkJIC8RlXxtfYf/n66VLB3EoTOzWHY
+29JMCJnnjPMoaMc2YSK10Bo8P/27nF0CKo8XEbQpSW5kaWEgVGVzdCAoZGVtbyBr
+ZXkpIDxpbmRpYUBleGFtcGxlLm5ldD6IVQQTEQIAFQUCNuOUsQMLCgMDFQMCAxYC
+AQIXgAAKCRAf6PxvBCWWd1pYAKCVZ7DfK+i/YZGyEu18DnWq0ixligCghGwDoMGg
+LnenSjyShMZ+1Ecekia5AQ0ENuOVEhAEAIMMgk/e8lsV/KEkd4/jNK4yFj5iy/Fa
+on800I3GUzETuQA2AT3getR+GuV4pbZWE/80b9hnNW50UJGiP1+SXfVtY5vT8p/g
+NFwn5d0O/pq3bpgFRJmoawTzx8SFDwCVPHEcwOHE2j5LvfrvRBOyKU32tr976ri+
+Uowt0+92LuA7AAMFA/0Yo9dDqhjR2UoNcYfEZwWhRHaaJenP3z3QbzjJkASb5H84
+xCTEpv0dqEtVTJUoIo8Lh5VjbiCwok4QPLVSbQFeHqTKb7N96PjevkZ1Co6OrLCN
+OcPRvXxgCwSGbuuLMkQJEutnXLu0DOKquY94KXXh79La7lTgjReE/1Wzbgc1+ohG
+BBgRAgAGBQI245USAAoJEB/o/G8EJZZ3CXgAoI5oimsZs8ZKmLb5sPB4AZzngCyz
+AJ9og9spt3EYXAB95XmfzqgJBRv04ZkBogQ245UlEQQAnKdAaILozJ04V6Z+FIwQ
+EY/aF4EFrJJIc+uewF7ukZl/7uUZqSxqmzZjbqigyMFGybJSMa6TpwN0BKG5CJe0
+4R/mVCIRsz1Jx5YXezN3UFsNVNE36R8l8dxWG+wgj2m60gu4VlodcpVMc/kRiSUg
+KUfg/xmPnRe3SJZSlG2lBm8AoNc/r5DW86om3MHWK8AoyhvVXhWvA/wOcjx6gfTT
+KftzpQBhOF0U0fC3npQC6bvjLjTBhQjC3WX5rfwJqMmrudRbEO1sFqzTOQPtb9xa
+tMeVqTcOi6+x2zfXes4nTfi9Lgq1z8HhE/LnktwxZxyPeOXqXu9N023IyQTv7mC5
+9C1xMZk4POOv9WZUGz4C85s2/9iTJCfkMwP+MRW0S9mHmisruCY6TDVFc12KIFMI
+PSmWav6gW6bCAA+wIHfmcSyR6MHiLV2gtJ0vQuqgyWfeTiaxPof07dg9pZsV7Hk1
+ZUhEmloeOcfZmwtHkRhWGEbEsd89IWMDJlwNJ7Y9JZ3QvK7vB42bQVvyhdFQdEXH
+0slvlvsgKtCcaOa0J0tpbG8gVGVzdCAoZGVtbyBrZXkpIDxraWxvQGV4YW1wbGUu
+bmV0PohVBBMRAgAVBQI245UlAwsKAwMVAwIDFgIBAheAAAoJEK0bD61DwtDH1RIA
+n1kxWuxGwCS1+i7Fp1cFzzZCHycLAJwJq+RG7ux9sQEmop2V2mKdjBZmkrkBDQQ2
+45VIEAQAuZli0/vYbs6h1HhF9HbvRHFMePjQ99Sk8h/dTx7PI7eSqMHXYh0PZghc
+hlbrMSPnemxfwMbJrmdK9WN0Wh9BJUe2ycH8ftUcGRo5CdESgiceziF6Vg4PQz9F
+lxtEhvrl7q8R6y7O+j03QAJKUGwBdt540oZ8YYKiDvgZUZxnoecAAwcD/1b2fYzA
+nuWrQZXhXQQ4cNVxMBVFKHScH24oFVbuEWLgM/tdgF+CPw2Vtzba8ySR1K80VSgs
+Qfs6n2wyCVd+II8lKHTZT/pfICFcPJlHKs4ge+JNn1IcxBAiq0QRNW5hGTO9KdJ8
+MFWrWn2Bbp5k32roAzuCagoielFo4MVFZTsNiEYEGBECAAYFAjbjlUgACgkQrRsP
+rUPC0MeO/QCfaGt8NeCm0zbssmOrXZ6v9zFk8xEAnj3SpjLTyqemniHSJ9KEzIKJ
+CdiDmQGiBDbjouIRBACKncc4Ueec7dWaVARy2SmNVufeSenYs4AsIPP0v59jEl7J
+I0rb+4JbIJoAzW/hcm26GS/UbbpQwig8/PgMUV5QfBST4CEOlf7/x2a4HKk9tDV4
+An7q2aNr1beW+twxfUGWWV5I0o1b/iKVk/LiQRiaMr8pJXY266m6/2Pn9LmDtwCg
++Iqfx8gsK2PZCWv87uEKAOLzHXsD/1eRxLqCt1hT98gdDLykRTlI3kMq6EK3I+z/
+8pDIMDuPIJq1eM68YdFZr8s7i1ye1QpDltPYHgWnUC733ujAKANdyybm3HrA3TSB
+jEAhNfcu8nkrVorvASQUDCLJatWRWJTUVrPH+GXIXMA/Oi6LDsgNDOJanwzzvDCC
+m8hWQqW9A/4xYAZ4NVFrQq8gtQPJWuMIfSFSvpZWNgQgYZntiXSUGYOVs28T/87R
+oRx02tsVDw2PA8z68q/XRuM9NdetxbUXQHB9eszFLi3W1idsXhd/C4SyiTgEFXG8
+Y8s94Eadgk1PAYHN6Gd3SY7jmevqYGVLmBp7qfj5Y9XSM5SE0Th+fLQpQnJhdm8g
+VGVzdCAoZGVtbyBrZXkpIDxicmF2b0BleGFtcGxlLm5ldD6IVQQTEQIAFQUCNuOi
+4gMLCgMDFQMCAxYCAQIXgAAKCRD+GAsdqeOwsvruAJ4iU4M5s1xsZiXa0wLnX4FB
+Bl9abgCfflNpwyEp6KEhKCPWwPRG9WJc0qi0DkJvYiAoZGVtbyBrZXkpiFUEExEC
+ABUFAjbjtzsDCwoDAxUDAgMWAgECF4AACgkQ/hgLHanjsLIa4QCgityK8zajBOqA
+N0ZZTq8fOzgiEYIAn1ZEfjX+jefZUuY+4zFzrpO/fX0OuQENBDbjowcQBACVSdXx
+UWlz81FjqHgR4b1EtmhmW89CmpsHfKlSwlYvBtbB/y7TFIfvAr4ZFbpuqew6Jvtj
+IEZoXvolTWwHVPEFkuG0LAa03olaYpzC6ZBDuLkb09RukCD4zdY6xwbAMRsOzZgv
+597LZXtOLLLnmOyTpsjRDLztWsuNglm5rffOTwADBwP/SyVZvFEdEVn5/dQTp7eA
+tXdrbZEM379ctCJ2663RbTZd55lIBev1fTnKQkvDTY2e58yIQ4E+Nzr99qg9Cyf6
+e3OhErTUqEBOhusBge4/7E5LrIVMvo6AFU9qgn0Sgsnu/ww2txVw3XEjqL8Hgl+4
+Q/57YRvJOe+q29Ye9LL8eaiIRgQYEQIABgUCNuOjBwAKCRD+GAsdqeOwsjK5AJ9p
+ek7H6yt3ZHAJ+7nn7sGmxYxb5ACg1INFN4AMzqEUjbZ51KTVdAvyKlSZAaIENuOj
+hxEEAN5nO1c81jCmgh/oF+p6kiZmqFV3ape5kEmcS/BoWgCXt6vjaldctmFYi7v+
+BY4N9zI3GxQqAxt5D6dY7aN1xlC236CZEAaXUXktvGw/ppHDjdbs8CRuZiA9jm1j
+92GAUY/mm6hX2aGKOkVwr9yN6DrA2CaO4SwK/wEXkVfj+nazAKDCaBzHzwSkkXf8
+QOtOTj/xevpnzwQAv30laCeXTDZM2I/1Pdzma1V1xizfae0kfzZOJBDQtHQDvNFj
+mu6iM1kL0uxOG3krr0AlqSsMD8W7mavbFigUlxbhvuul4pTL/BiJ946FhjlPY0Ni
+9pmdAldno7yUYsWADEKadkQ3ghEVqEqz+ACYbzp3p8K+5KuiFJm9D4uyvToEAIVP
+i2N+4voxnRWGwKXF4E+fLYAzXT5sMMzl46Xk4Ms303F/5JG7kB0iiPPY6oP0l3nl
+ahulRcbNMj7SDbfrfoi4m4ftUYIX3acXCSN0gNuVGipg8CwlGQyILgWRFp6oXQOm
+AlpxhIGcd1jdh3sj5y+CQrugGPNOJT9mzmFkB4rxtClEZWx0YSBUZXN0IChkZW1v
+IGtleSkgPGRlbHRhQGV4YW1wbGUubmV0PohVBBMRAgAVBQI246OHAwsKAwMVAwID
+FgIBAheAAAoJEOup8kDrncnmriYAoJdBwMXGVRTFlfw1u4XimCRPVFRNAJ9WFXys
+x0ugWaIaLJ3tyNZQHWoARrkBDQQ246OqEAQAj7WdaOJjzJNs2G8rvrDZvD/uaALQ
+9PtdvYAp/Drp7xMH5T62+KKTlKdO3s8IQBPiuFocJNir5st/nm8Xl+gcOZOvtr45
+c/cl54fGO1gOjBZOfgbkdBVK/LMwuQWIebK4qCZnAOlDLYNGVUguGLnEQBSfnhhk
+gh0WA0kqt7fYvpcAAwUD/3cOEqPlMdYeLnGEG4wPxtyVIchwGOv0YRW5apbz2fdO
+7otj1AFUN5WzFw0A5+WHza1OIUhg50Zco6HnwKx6F+LbZ5aOc37EAvaFgPuMxBfk
+aWYagCof3jBF0CbTWUXV/D5/dFmIeuGTuUMNsGVH+OSMW2hBN/7+aJK5LLHL+hzp
+iEYEGBECAAYFAjbjo6oACgkQ66nyQOudyeZzTQCgmr4mT/wPN2ppg5x75E3cXn6q
+B28An2hO/hgIPkf/rSSydA72ZZc/MWM6mQGiBDbjpSYRBADdWzld1lyDWDqGPSzG
+OsehXyTSa0pOfVTLckpJpDpErcn8jS8cKrXkVUowI7SlZhPRmYI+5pqGaG5FZ5VJ
+d1TfKWihc7O+JDHoK3yamOnh6OFQFPZUF1+WlAGiFXLc+WODzbgOSMy/8yXA6n0z
+e+v3et5n9Kzib3sDGjw5DMmiYwCgmUwnofqskHVv1S6tDg08mXALKKMEAIVGyf9i
+j3BzNb0fVYGUOLU07nqQ3RpNQPaKtPQpBobRknQ/ZSdzuiALcCB+Q664f1cKGA+O
+gtm0L/f1xUmKRW3rT9lzMtcCy6kcudCI2OHm/gOcPzKqjj5onpD84fgR4BdbsehT
+8+urmxFiK/bFFI6eC1L5edBQcRLs7TF2jY3SBACdXy9yHg6iDTJhysvR7UuLWE/1
+s9ysirhZgPb0vyIFwHfRzM96AYIPpLZr/jvkrDawTxYGfGIZrj7UyGePu7RCeFRV
+VX55B6evNv3fAqbmwQ1GHTX7WHCNdAkP07yTxZ/wnZudPAzQwRkEfZ39TdccbOhH
+fHvbv3RNQ0VxbWtQUrQtRm94dHJvdCBUZXN0IChkZW1vIGtleSkgPGZveHRyb3RA
+ZXhhbXBsZS5uZXQ+iFUEExECABUFAjbjpSYDCwoDAxUDAgMWAgECF4AACgkQ1L9X
+83Ny4kN3LQCfZhlov9Ux6LofeSt5g2hVijDdX0gAnRc7adixQ2hpprv4vNoKvmum
+F/D4uQENBDbjpVAQBADfVCPYwZ59MKgXTH4P71QzFnpG4E/MjqDNfW3NxQ9ZjLfw
+0ir6U1gGDuEsWRR+fS5OwCbfeHZDzPj8MZPuOZBamgiDvI1OvrrzUv+BijkWGEL6
+oRFnWI8zJ8zDAPuuvP1u2FQZOoKFXaHo2I9Q8zuJz8P2vEkgJfLx2yiPR1Dp2wAD
+BQP/SCCKZBNQIaY0cfKmiv8ZjRcAAvhXLyMCwLQUfVRqoNVOtMMfWpYtGdL27ESw
+4kgZIsxJ3ELQVkRiriMKbsJiNM4dMe+9gNuGz1CG9b2vhUPZ59sREVIRgyIfr0BJ
+AsYOn87mQ5lOBA6+XmjHO+ys4xpEVJZyfrq5QAw5GYcrPWCIRgQYEQIABgUCNuOl
+UAAKCRDUv1fzc3LiQ475AKCVZupUbMXq9yw03M34RS9YT9MzKQCfUgFd+Fn89xqU
+4Owg/MQzYlLreUmZAaIENuOl2hEEAKeOL2pIdZ+zQtehxdL9l/uDBFSTuN9rLb8D
+gLiw8Z9j8U5CEH/M38WzH1nHKKlZKjGVZYiyhRfAG83wvHnT83lq+Ad0lgaZTR4z
+6nrd5ViOlHPlfqo4RPZPzPe+uF7EfDl792sJerXGAasLosmKnxKAyJyVjh7eZcjT
+S/hUhO9zAKDVyLHJ/gQlMYk8vE5XYL7Pw4d28wP/VsKVkjlxsXpcrCQIoKeDXgKN
+Vv9L+0Pebspzr2WOah8iBN1QOkbtexIKCbb9mmviEnJU0FFx5MIw4mipvY4EpCaH
+3McGwJpCzWmdzID8Z6oISUyKsuP7PXjmASbogV6Iqy2m/2RDtfbIlbwotfbiOT9T
+r3IPbH+tHAZByMRyvxID/RN90WOPSpODxr9AH9btmeJD0BfNt99116+qdwvWrTof
+cbkBgzvB34vLLDaMKVIyinxz2lYyC7aSpA3uzjZvoPvPrQJFLE0dx7DSkUTtWbQG
+ByRabpyrXYdKZzsFXLb+LSTWwF3sQLax0C4cYT7OLPlxjDVq/A0jgztaZVWa37IY
+tClIb3RlbCBUZXN0IChkZW1vIGtleSkgPGhvdGVsQGV4YW1wbGUubmV0PohVBBMR
+AgAVBQI246XaAwsKAwMVAwIDFgIBAheAAAoJEBPbllU0xuPx7NQAoMhUK7d8mW1F
+45Qpwtpbn/EdSuqNAJ94+GVY6GrtMbA8yrZHeD8zSAedrrkBDQQ246YdEAQAzpO6
+UuCWWpP9up5GVhLPoSCBfSIA9JWm5Ap6/hjQ5hia7CcS8E41PjaGl6Pkh5lj2qkS
+UBa892SXyQMYqMqEq/h7+BW7+n62SCRMtYOHRYZPA4hvs0d7jznGQlMsltx7qamo
+VNP0XF+ws1wHLjyQl3qMnkrAQ8lAJP+jg7P5Hq8AAwcD/A61qQLRXsSFr7LMBnaU
+SR0o6+4/HCdh8t+mnAeQBDAkne5DTPiwqzqsjoYekX6JK7wk+mbsJTd/Zw55Jkq9
+xVm6nEUo/JIbN7cPlMqfCLaoS+ttbxZ9fNCO3WTNdWxAr/mGZZiBfy9yTcxUfo5q
+Tg0ffWy40CNHaVKk+iIcktGziEYEGBECAAYFAjbjph0ACgkQE9uWVTTG4/EmaACf
+U+XRhr/UgvgCfMlOthY327vlI30AoJypWeGLup2DqouZIGkY8bmpDrz9mQGiBDbj
+p/8RBACXrm5v2sQpLtexfA2S8a2PUruCeqXYfVsnkYX1sYJaFaYHxYW2wDL1dR4L
+dZuty5YWBOxu1N9dnkjuPsdIbq6R/phy6xv5sDUihP4YBAZakV5ahd7XrBdkWXSk
+RzaJSfH1OG2hAXR87liVu8ck8RDeS+ipx1vnZY45864IAnFzqwCg2qjnDRjGAn2O
+SPsnhyZH44VQQpcD/A7SOu9gTt6Jl4VSMY2JGi3HOFPOHnevG3Pb8NYbcP4gEU63
+iqrHGndYJI07lKcFlZRbnSEOSFPFLuNKax88GYKKeZDoQXkVoU/ItAGrS4rCExpZ
++Jx2tBL2zJcWU+7NDmM5LeRUDE6a0N3sIxMLzz3Z2PTarMATjpA01Qj3WRlcA/48
+g1+gnyFXbO+UZn21WWj4uCyXUE6/G8SCZhXXiDJOYxaBrmw2rtN0x1aLwXPRXLuw
+jhL5Ewn3qszCzaJPNYuLaMY7jiK2ha20LCqYYmaVJa6tGy9iFIGC80ItcUYZpCfm
+dw7W2oqdZIN/rblScCKmyBbw/gCB3molmLBd8nrseLQrSnVsaWV0IFRlc3QgKGRl
+bW8ga2V5KSA8anVsaWV0QGV4YW1wbGUubmV0PohVBBMRAgAVBQI246f/AwsKAwMV
+AwIDFgIBAheAAAoJEAyCDHHSaZMTQPYAoKRB8Ey3Ny6TaKaGoL2GNFQEwM1MAJ0W
+blK0ScSKbm1BN+2hfDmmKRkgvbkBDQQ246gqEAQAkdlSJYfTiZH/CkfV8tnhI6ID
+z+SgiZKcneEBnO+hAJottARGAojdbURlOIeZqRCgKpdTXBK7MdHAz4RKFnAAXPDB
+ZgA5q+Coqn580t/O/AKGb8kKn9n52z9lC8A5KnHaRAsOKVyPTIU5vq6FLmsWmMB5
+5iz826Dk9kMhV7mmdQcABA0EAI8Jq3Jnqf0HqqaX7CZuNKHJgag14bTaBw0niZK0
+KSB6FBpzitEoyst5JBPCl0ayQEw0Hn4jhZAqcZybI//pC1CNQBBO47VUi0y1UVjE
+xtaNmmWxugzkzWHHx4WmyWsCQwGN4B9riUws4g3dgC007l+aonKzj5QEo1XiiMNT
+FFmPiEYEGBECAAYFAjbjqCoACgkQDIIMcdJpkxOPrgCgvrCZO/Txjq3F6U9vxdQq
+lrLDgXIAnid5WPrZkh91f3gM+QXTQfmq9V4RmQGiBDbjqN0RBADBWmbmmByw+u1J
+TAixxj5NXRXQJ9zLtkxRQ1GHxLQPyQzojWWnD4kEme8yvsFXuulbPX8zZMnl6qcC
+8wt+b5E8dCtZuvQL3vS51yGe9M76VRC/1HgriE0YqHMTYJT4J+HciftldHFid+jR
+nGZpLwVtLxiLaWAm6SBi82FTn4lVGwCgtjc3u/SMsPgylPRyN/QeH8/OZ5MD/R2y
+G/c+ZF4kWcgmlzjJxQUN2wGYeDoOWUMXS8mf6yF+DLtwxo6oOlLaLHVTR6+qH2Vh
+z1zaqk1Ir6FJjkuUGvHbVFt2BmvL26StTjJ4zC4UFSWYP3qLvfbPThT+RoD4ea+V
+cPxGEGeqs0umImJ6s0reS3KJS9vgHtGo11Is4nP1A/9EzV7QkX5EuEnlUpGV2q29
+aGYx3RpcOhDYixogNHuW+K9KwcluBEEBmT74NwxVzI6qdJVVZn5lxT4IC5G0z/ki
+df1Rkgv8Eqj5DIikgnp0asB8FiHSsb+39d4cnk2V0ez/LmknXUl2mpKpk/fb+qXW
+TqPDbFUE8dz8zyqRFXIjwbQnTGltYSBUZXN0IChkZW1vIGtleSkgPGxpbWFAZXhh
+bXBsZS5uZXQ+iFUEExECABUFAjbjqN0DCwoDAxUDAgMWAgECF4AACgkQN8q1H7eR
+A/iKXACgkZY9/w96yK2Oiq/MUs/A74SzJ2MAniQ2eSHT5CQ4G8PPvYfPZueNI9PT
+uQENBDbjqPUQBACn8JyfkTPFcgaWMpUpnk+nTEkDe4GhAG9fO7alTgdT6+aDCdfX
+fXfH7gGwdURvDv6V/KEqcMPRNLAgAeP/F4T6OtoJNTxfWLB7j14DJNpYXjBPJPN1
+kpD2at8GcWB1aVGMsAtxMwlo4TZlqyfzCAAQeCLhBbIE9LWKX5oUTqiLOwADBgP9
+Gm8md+/xWp9sLE5i3uZ4t9Muu9w+UY3Ke/WcSA2CNthEYhHNtcMPP6PBwtz0x425
+mC1pe9RuxDyzRfV0/q+rjdWZBNA+VTVNDHXSj5hifvem3KFvA6TIgMabJ/q4WE7T
+4Hn8xjQpEsLGjSXAzG9WRg13qTzTilIk+rC6xYGbZHSIRgQYEQIABgUCNuOo9QAK
+CRA3yrUft5ED+P5vAJ9dQMc2nMpcKuH28xwKl8r7MP3pygCfWHGKFHWIDkUt8RfH
+AB9geauEQSKZAaIENuOqZBEEAKLUF5GqBMWJQtBs1t1Sp+NIOGuMLgJOhINbMU6t
+k2jzeUt6ooNd+c8P0TexsbSETwhrU4ntpvIISb7I8Twhcled7bi5KCABJOzz7Fw+
+Ydxo5Yjm1DQH7+gEtPx3n4AjZUfRAN0nqcFizDpRYPqVaN1QYiGWn9yPF3pubQhV
+n8zzAKCpx1LUlQl2e5t1YJhmom2qy38EeQP+IB45FBfDf5KKtyS64alQ0vHYIssU
+p806PQorw/ZOuoiscUQj/WeZ4vn7rCdu60uR1EuHpGp7n0t7igEgAOcxDjrxJmpg
+SdD79V+oJAFLATo2msj1IklVvJeI7ZsImyPchIU1lqn/GvpAam9N+FiIB1KUMFqT
+Jzc6zUn1Qqag1w0EAIiRHPYRW8ojd9Uh4Ed3X0daAnClyMWL82t2bj/bJRmhupQn
+4aVJ5D0pFB9izTiJEWciHpqiMdsi/zExYYIDS1Zu94+WFbNIxyMFfHrJ5fUQtAqL
+b7E5LrlxZONUnrRwshqR4X2TmW2mz1Wop542eUQ1UWp4Gr3VlH6giswY0CnQtCdN
+aWtlIFRlc3QgKGRlbW8ga2V5KSA8bWlrZUBleGFtcGxlLm5ldD6IVQQTEQIAFQUC
+NuOqZAMLCgMDFQMCAxYCAQIXgAAKCRC+eUhSvlz4hvEjAJsEfDLAxH49s9lf0nql
+F4tcflpr/wCeJKCP6iVwvhGIdCu+Dbvf6z8/sI60Ek1hbGxvcnkgKGRlbW8ga2V5
+KYhVBBMRAgAVBQI247e3AwsKAwMVAwIDFgIBAheAAAoJEL55SFK+XPiGmdUAoKhr
+c+z524neflMpRwJ+NG8KVxOxAJsFZqm7bBtYllrdcTqNqMk49LfBObkBDQQ246p+
+EAQApnvWjY5rMvw9Ly8xFL49pGjAYFb9zFijvgG4tMirI3T9EBLflKLJ8m4KWoRo
+T2eNmy/JGLHyZjveaVh8TerDV+uxZkEGvv702nz8NOElQTjHWHoy0n6poci6Fxhf
+Jd1bnOjDK2mZEufEQNSn2PhA46gjCLRTAPuwLpitSSL5ubsAAwYD/ij9KRO69/Jx
+3+W9DZQxWIQBiKnYHVr1us2WpdpTV4jpCqJOCOgB/hlBmCY1C1/tpsAj1A3ZZamJ
+RWVZoNokkReItZLXfGacprGbmmjcg89gFM5V3nEUNCU/mm2BQWp58h4NOCv60dGr
+5GAqHDxAStPk388zbxEdyFs57CPQ4ZJtiEYEGBECAAYFAjbjqn4ACgkQvnlIUr5c
++IaRMgCfdcoqwoaTU7rNH0BWaYUfCrQ6TnIAniN+yQaBbwZHMbSaDTBRndjLglsK
+mQGiBDbjquMRBACteKaHZ7pcM7Quj8Ec8Sx0fJ3u0NdLso5xn9Ek4FWMLBu6jw7b
+/5KjB2WtXOZSWKHOzeTfUAx79NMKJrD9jZW/0kEAFVeZpwZF1l8fBsRELR9cxAaj
+E3RvFkgCYAhXsF1Jno+qiU5TNvadGU4SzmP4vOnnjrIWTy83mtZiwoFIcwCggaaa
+ClE8Q41NyIfVtjS3f+Nm8x0D/icH9uwM3vpB2QV29IIBqazgaFr7vBoogFoAllaC
+QbPLiyHX1Mk3kEZg5xewmDS/tU4rGqj7UcL9OlZx1ICD8cp80yNYfoI7K5XM6sYO
+MmfJORGOEsqMtoYbo3lluDgDkg26DZNynUeFHZRrIWz2cKqTuaB3dw09m8sJNus3
+poEtA/9Q1KDsjKPi8+2kUzJoK3V61QglXAVDlfzK6B5KOEZ6GR/gX9M5uyyLjREy
+bFSSNPlvLR11+mV4GR5AcrVQOmE0QpFyo1Mr+uDsbqwkzERvRq1r5pOyqM5WPXhl
+Xa5oo4na1fBEX76IEzK6xIVG07GnNnaY+dlPgsLq4I8+A20ZG7QvTm92ZW1iZXIg
+VGVzdCAoZGVtbyBrZXkpIDxub3ZlbWJlckBleGFtcGxlLm5ldD6IVQQTEQIAFQUC
+NuOq4wMLCgMDFQMCAxYCAQIXgAAKCRAlsA/UMM7GhJjYAJ49ENMfPwK1U1ESEYQS
+5Yts3SRcAgCdG65G3ZW0dnhnjQAhf/vk+EteMfK5AQ0ENuOrHBAEAOGceVg3PC6F
+tgrZrnofohzWnui6FVBzeai1DZ5MMKmdN6/QMv1eeHoMOb33fbfhwA51n+kPuhap
+r6QqTzx62RGA/gK1m7vjU2OfYxSO65GN/rSUXN/kE83jR7Hux4MocRXZ+/8ngqL7
+JAjw1LZdJyOniJpeRvrckPNC/bKaua77AAMFA/95VjAjJIAU/gOMwtbqTgV+cmHe
+52Aa1CJEalV88yKG86nnqHuL4xxUTTZljyjbbKleJD/Ah7R1BxBhSEDy8WuTuonE
+VHVxTcL9Yig4pZ/OzYZf5fkl1eLNaSLb8XZMT0JbP02b//OMpAr29lcaga1o1RtW
+vrlUyIYOTm2RcTxkf4hGBBgRAgAGBQI246scAAoJECWwD9QwzsaEIOcAnjt0vZDn
+9+3cTNpCuV1ZKIu2t410AJ0Y3CnFBUFBOKk6zkOJnaArwVN3ZZkBogQ246tbEQQA
+lWieyQhDso2ZnD2wb+gq6aqk1rRUhcwdBwCTbiE1aLAsnuMl8nLH4fvhaTz2V/Ae
+joL00e28duA5or9JiBfmVblrpTAIGWsu0AU6uEQsWgZwRdso3NH/KfH8Z5lxwJtk
+Z/hlAiEHohmGoD38mJNsgnm63RXadUH76irO6McvWlcAoONeH7i25AcrMol4O7BZ
+wqGq25ibA/9IRhK7AFhfgaRrDTz84PaIssxp1dWKalRruMJYGQK2LDuEl53Q+d1r
+nYBPliPbjWr/9Gkjx3K4B0CfWWQC0sUl77bNRFqr8FXkjRZcvkCoxxHG7PIFG77r
+Ld2SiQ+eS+dp5QijuuMC8skkvQuuxS6eIk0g+jjGlNhjuu97Ya6xeQP/Zxek37p8
+P1u9TTmN7nPtlzGXGrfKVi9DtJ31E805ruXFqTuoFfcOBRrtfY+DOebX8RxIwQV/
+TEmyxwoXdmkv03EYwD6AJSmx3WuVi5/revcH9nfSEHDy7sFC8CBp4aavAFRQNrho
+mSB9lSm5clGLZiD4nljF1EFABwQFch7HhlO0KU9zY2FyIFRlc3QgKGRlbW8ga2V5
+KSA8b3NjYXJAZXhhbXBsZS5uZXQ+iFUEExECABUFAjbjq1sDCwoDAxUDAgMWAgEC
+F4AACgkQX2NWum2XMqywLwCbBT6UT+lNWMh/jxFu/m5Dy2qMwpMAmwePBu7USi6T
+WKaXYRSL2yywJR0HuQENBDbjq44QBACdC1XRPM9CMFrgVUvioU7SShffLnjgWBZ3
+hqbOYrsgtXfuQdv6lAixnNPdnk/k4mjL8w1pqbjUmfmbppVDxzsiiUQlJatzGDfU
+1gDc7ksnXpF/vzghbucy8HNO0SHi3uM/GXC574iZ1oxa/A14fKnCVYT1ThqUa1us
+C5YQXHm4IwADBQP/f4LZgN3dbL4jLqXHDNpAIEjiTbKXxDKHOnAof//4SE0mpaNV
+HLu3nxI57CtXfSI2kMQSm/3pqpTKzaBlM/CbMAJUanhmlLPARDcJ/hQcDtBsF5nF
+G7zfLfe0SBwgsM1HxL968Vva7WsbYpSa98+3HSDuy9VwphFp7i4HbnCbSK6IRgQY
+EQIABgUCNuOrjgAKCRBfY1a6bZcyrA3hAJ0erCoxKtpc184iLkp5kpXQakDGHgCe
+K2WXA5gTOULftladXZn8tNoXM6CZAaIENuOsQxEEAIQRmJhsJniNi/bRff/YGrZ9
+aFWt81G93W8WhV51qq+ntUHgUNY55Yyos4XLOa2tS+K8zP6X15FesVBPYIQa5BIC
+10mAsLfJ+1rbnGJPuNBA2U2MoEaRxo/JtXQ//5jiTRlYwLDRnBzuaMCPdsirveu+
+JBw53ytRwjwe7m/D1PPvAKCp2dj1FtDjubTN7kCF0o2KzPwE0wP7BimQxXyPwSzG
+qLaHXSEBsh84OQTxPI98BXgq0195/A1B1/pPs356euKlqoefUTHYhbjiMYbjZT+A
+6juudf7A2Ucy03G8HDZ4k1f1vmzrj24+6ygGBcxTVr0BaweiC1DwG3LjQoJ1cuFx
+RQ8BYJDGIwPrUW5JdlnzW2bJWfdyXOoD/0S7iEVN9txkSKildOeP1YcDCD8MM3hv
+F9kUc+1hbmir8SOZ/IYJAyQN+j+mYWsLuKtZ/F9pqiBNTXH2jWCTqldOD/ZYxHVJ
+AARnkiVG6yckMLsxHi2LPPBK8xack0y92mKe7za/7fhVgCRSs7M/rzUbzUhyInHS
+yxr2SYb+8lbutCdQYXBhIHRlc3QgKGRlbW8ga2V5KSA8cGFwYUBleGFtcGxlLm5l
+dD6IVQQTEQIAFQUCNuOsQwMLCgMDFQMCAxYCAQIXgAAKCRBdFeAdP/EyBgb6AJsE
+NGQmK4nUrwcbtZ7+av5GDQ2T4wCfYJaV2rBtTR9aWTRQfZOQoIkNF8+5AQ0ENuOs
+cRAEAN5hO+fEhqW2pX71oSUqW/TRHWSbybNc5brQ1tzgTbheHiG/LQJ1lHjtZoZQ
+syW3H/efEuNARwryo4IjvK0nmiQsqZUR1795XTIbo/waPN08QujC26uWbL1pYL5y
+QarwbKOoyAst4jgE1NpZVc/r1+WUp7NuEapicVjvFNzkiVCLAAMGBACWQJYr+h0o
+zr7JQ/BqI8vTKuVXb+DIBQjuSzN7LvaiIqMqb9ZdfNNmZ1Atvklo2Ce2VMyliQzV
+STZuHJQbfrDTBXBf+Q+AINiHdZEAodzBvDv6p7vsTnoP+A2bS8l6xrWObKt3Ky9+
+GUDkqW3WuagcUKogQgEb/FKec+GegwSgUYhGBBgRAgAGBQI246xxAAoJEF0V4B0/
+8TIGk4cAn1I/jmu7FSgglh9aPmVYAw7HWQMAAJ9PAPPXfqtwza6I8ttGPLYNvEAm
+AZkBogQ246zREQQAgcIj/Eo8PrIhEaxKcjc9dNb9/0BZ3BxBk7x9a7HKm6o0/vcf
+LH2XFjFxB4Ddfe+O1PC9KNUqIi6GTafGbyqS47XsnOJs5nvsrgmVpUUzAd7p0dxc
+c2tJodwhkH4GtOP4i4P9XBrxngQrWQ0ju333EPF6wLWi7qkVyGENCfsvktMAoKYg
+M+XYh9UQe7/HX0GiCnk3ExVnA/4ryBxdyBihj02i6s8vAe5mlTrwv85ugouSB95X
+EX8GPfvaWIW/TpUWQ6a7o8YzU/kIPa7YzETYX8e/FVr2Zd33HAfeLUNp3OS0NvEb
+YJlGDfW7/X7qLVv1o5WCjCHUhK8DCf9Ax9b4z7CbRHptxSE4U79NCCOsXQsObV28
+qlGsFQP+IIaCh7dTqADw/nBmfuXxepPKXS6Xdi0to79LfQtr+TUtJOEVGIbqqQBs
+gESFiT5qR0W7qhOnl47TIQyPQnt/V994QwyAGtIgtM5qYFRW70g1FkyDRX57PzTM
+uU2BjVI6mHkaUkLaLujbRXiQFm8IXJ4rf297GppKuSgvNcr7Rmq0K1F1ZWJlYyBU
+ZXN0IChkZW1vIGtleSkgPHF1ZWJlY0BleGFtcGxlLm5ldD6IVQQTEQIAFQUCNuOs
+0QMLCgMDFQMCAxYCAQIXgAAKCRAcZ+wTPGYchNG4AJ98zSyvQ3Rt+Y+AVfawyEoo
+sFG5KwCgmMyj4RYhRlXKWCPORBxAfCOYMtW5AQ0ENuOs5BAEAJGi4T/jrY5BtRTM
+0psAneQytzzFgH4+LigUXAAb0QDAOkyGNfWHrfHJIS7A3Nc9pMWAdOjWgSKbYyrz
+ra0SQ75/SkI5+/S5ev2Fpki+HYo7cNgVXnbCJrIY7k4DAMunqPJ9JCUXc88WxGvK
+V5b45htqCPnV2Pgq+AEIKD5aGfLjAAMFA/9+O6ttUbeY2bQHRdThl4HUxQw4lgYN
+7stgGZsbHCc0y6ln1HF9vlE4Tl6HI/NR/8OauQrXt8988dh039QNZsOdAeRWTk4P
+gSuXq6VDG5WNw6B9bvRPKXe5yeVmNNl6KESBzMcq87kANZWZ68vKJ2JihxPHRAyf
+xwGr2JKkVF0S+YhGBBgRAgAGBQI246zkAAoJEBxn7BM8ZhyEiJcAoJTy/pFHvd9y
+xAYZBYp7qLG2lUIOAJ9Rlpbjou3wb81vE+Qev1+GQGpaVZkBogQ24644EQQAlNDo
+1aAt9iof3VI1z3TehyLrBIR4XmKRSM2Bx02CZhQRIwY/QsK6WBoxlJqfgUtsBUuf
+cztjJaUBixq5qPmBgXYqN9/B8HZvG2nknHdiqKrvqFpAqATJtlccW0tzPJKtKaTb
+tkORBDv6hssFa1aXwTN7IjN5nLI1Wh8lsvk9SKsAoP5Z4IDSK/mM9h6FPRsAsAYv
+d99ZA/40UwQLl06u7wBtmxqSdF/86kjC0kWX8J2Y9vIceiNEiE9MmVNcYIKwIM0m
+wduF50EksVjEdgWUJrqT3RztJfMT5+Sgm2KOAvvfmbKa8RF4NPSrVXDDrFeqk6uN
+DT0jnUUTQFYTjk4Pxg9Kl+a/c7Qee6qXn5qeDX8ubZqN0noX0QP/Y5HSgi62UbBP
+5B+e5BqE+ZLeJ7yVtl909NwTCr7KVZt1o3Za0dCYtMosPT9ObAjCanhSnuEWa3hu
+outOgorWaUSEW6Y3zBKvN/M4FA7+1Rhe86gnnWLt+rHqX5M8Y/7JTcrugNtR04DF
+sYga5A16CLsTDxSmM2Rgvpwh14FtrqG0KVJvbWVvIFRlc3QgKGRlbW8ga2V5KSA8
+cm9tZW9AZXhhbXBsZS5uZXQ+iFUEExECABUFAjbjrjgDCwoDAxUDAgMWAgECF4AA
+CgkQO9vtsXd/vtOr4ACgllMIBb4leDKz61LQiA4TGWQp9+QAn0gF7rrvXtHdEc9k
+FQxgfASZH4RZuQENBDbjrmYQBACJ5res4tXRZj36s7P4KZWUf0YC8mtLxxeNEXe5
+ckAtn8gMfcSQJ4Mei4O1EBvrKZ9Dz28Emv0FmDd66DUd4ybRIk1PN8kWry9UuGLA
+f/VBAkMIyXhYCEnB7wRsNj4kF5DhYiytep2wekPocZO2GAUoIyY2yMNb2m2g2K8U
+nK2QBwADBQP+Ixih3o+++i02Xwi4wOe7aro2xSeBmH9b8nEaJ8v8RVLRO0AgoR4G
+LzKeTOfv57FU48tlY7sxth6FOxeJaQkS1nD1LRpb3GUDZr7qM/yOGYp0WhdRgGW+
+c0eYa32g5ajq2zn3+H1L4yrmRSZM4nmZ5ZXe9ijkGs0UNYqmi0gBYxqIRgQYEQIA
+BgUCNuOuZgAKCRA72+2xd3++00nRAKCX6f3/mVnEreWCgorUdZh8hg1LEgCg7FUW
+Ctn3HWOwgOwxxKzOs/rQm+CZAaIENuOvBBEEAMUtk4AJiXP3jaKpIhbi3B73S2SZ
+67rKzBkicjelpwWk6LndsCrbLsIWsDf8fNtih0r9As+2arfApkNlwuCGq1ZlPGGG
+Ef18OqPxFvnghVEbDdcosP4bIm3k6G2sgFbMl68xAGnTtkS5Gfz43uTuznPzdZnG
+bIjP0uBmPfZk6GW7AKDhi4htuxr3Y+ud9lx1bWM9KqUtAwQAiRYHm605RZVBkdzl
+fYx1Iwgn/l8Chq3MsPrfBMslapBnq1an2/nEQPmuIde9C6ALN1t03DHpKonx2Xgj
+YVz8pgty2FU7txSSm2EE+975dXp3ov4TfD1KxksOl770PAzixLfNhPW1q4A2cEru
+GgO74qEX3/fAa1J0nRKDgmA/mgYD/2TSZKCaFHoc3IHQnkygmGzzZNpVZV2+1kIB
+8Z2hNo9V81PYpzlYV8SlG51ajW1G3ePcti7JOIP6MquNUbYR4TOzZy1Dq4+VqqZC
+B6fOeIKL40IKKAoMMDYFNLp9zcT+s6+6DTPH27eE1WEt+NQjBgr2ofC/4iAU/nmA
+Ymo4xn7YtCtTaWVycmEgVGVzdCAoZGVtbyBrZXkpIDxzaWVycmFAZXhhbXBsZS5u
+ZXQ+iFUEExECABUFAjbjrwQDCwoDAxUDAgMWAgECF4AACgkQpeZ/f6OuPqGvfwCg
+oevUn2afCdW1bLwbcRs5kYrM1GwAn04Y4r15A7ytYdO2PaxSkSJ4gn5NuQENBDbj
+r4AQBAC4cckdPiWgQNkGvAm3q8FxzRLog68/jffvj8Mvt++XQ4NikO0VJ8ezYkVd
++vG3v5RoHTISynmMWZZjT56aFDSDZPOkQs2G0qZgAEgTpzCUBdlnUC8ZrHSTSQjC
+n7HtR2cpYCCUBliPtatDvS3Me1XdRfBhXib04TB0ci6DrzFQkwADBQQAje0R1INm
+9GkZKAzTECi+lVei7wbXkn4JF6n9r1KL5oULVF8aGHNEJ1Twj7kuq2kacYjc/Di4
+KdESRTZN9szlZnNruvAd9JKHIgbeysene3yRhy+YFaqXm1MtWCdwwaDiDoHDASpl
+55RtuCKxz6uW77qhrZ8E6GRDrhI92R88DbmIRgQYEQIABgUCNuOvgAAKCRCl5n9/
+o64+oWsJAJ0XijmoDUP1Iu6lhsSlmGOiNO/l4QCff5G6w6Vkq8d86Ev2IwS9Wf4u
+NmaZAaIENuOwChEEAJDhTfBph5G51alEDUaIfFvD0K+oXDXqDB7hDg3stVIpZR99
+d2bo/dPOuVWorwXFBDJeK0c7iJEQrMWKlxdqbRGkH8paFSnL5XWo4xMjknqnJzYu
+3gb734ioFHTC4WDM2/voTGuFpLw+eirW+wl12wusHpnNkWxMEIWt2HoGTerfAKD3
+JUBraePb8gHKnXFzyEu8RLp3swP/XaAKje+NAYeqhcAqxv2SEPUj8EMgtX7SDkky
+Dv8wuRfcNwMAt4XwHYnnM3bpUwWj2JcDGE9rsNna/HuFAjz/2lrhUKncH0Cywvjh
+Ytt1t92j0cPZaeR3pY8R/bm8Ns20tiP7uxVlj+szI2Pf5KiUHhiWHJ2RTXGE2pUm
+T6UFhc0D/juyZvINKwkbUSSwpKvsoi15d6e4Wx5PZ2mArT5y+ULitBx4WKIsXV6U
+VVaEBNaBe63k9cFGdPEba/HflSd76kLmcSdy+Fr73d3TMIrmwAKMVdKjRAEc3l87
+YaPd2/LdT+TWzCQw33EotexJ7yZzZA2SJx27/jyIgXkWtwvn5UCMtClUYW5nbyBU
+ZXN0IChkZW1vIGtleSkgPHRhbmdvQGV4YW1wbGUubmV0PohVBBMRAgAVBQI247AK
+AwsKAwMVAwIDFgIBAheAAAoJEFjLmkyFqB84JOIAni+c3CDhA3k2Pp2CWgBSFcsT
+A59CAJ4gy1+t/Pwk/095y1T6g3rwRbE0zbkBDQQ247CeEAQAnr0w2OcvlUX7E8u2
+C8dJGIj7wRU5qDazxh0tw55/ybJ3/KyhCFfsr2dZ2E7Zw6Yvc1u3WTTf82nH4S+/
+IJFSI+qBi3TrcwVtt8Xa3Po7cIzNvS0bBhqfmOOXJc4ihUlADR2Jukm/QC+f6bO8
+IZBDWr/7LnT4SwEPhPoZNMFb63sAAwYEAJ2kiP3e1zM+zEo2i2jkOny1Igyn0sRi
+uw0OXQ9B656zp02G5qtDN+IXhgLdfQqgqyWckP4BLDJ4NtQoEM/Mr2/7oj3h01Xp
+bU86R1QFQOXmoWw3q7yqEWIwfOBqClSF0A14sXdjQwadyabTFsW4m8Zn5jLW+1sH
+4PrVjHoNEz4CiEYEGBECAAYFAjbjsJ4ACgkQWMuaTIWoHzgImwCfYJ4NGyH/snAB
+xoxryuVciL3Cyu8AoMtIZ222A8al4XK0DrQqJAnIZlF+mQGiBDbjsakRBADettZo
+8gTOTr1nJXbk5sJfuVSQaMmbgLpZpMs3Q7C+gAX0XX+Q/vcuHp+wV2Nq0S4v+w5K
++sxDF4A8UDf+q+GmNKMA5U27hkcDQvE48EYUghcdWKjWeFwmmJOb0KMoatdeh4iP
+T4j8ocGw+i0z6o/e0y0OVWsUvIqp4iZP3UlnOwCggOq5GfPJMq3K3cND3nU7GOR8
+e1EEAMcgH09o68Hbjbwpw+ejPuKwVFa37COX/65FF8PONeleq7Mr3Y8yKqbLIsIW
+DaxrlflpbyMz/ShuDdNU8gh+msfwh0+RNzdEPmpJCCVJOdZO46cudgbyAQriH7Py
+sSbi7AbmpnMl7kQruhAZWXLtnH1e1kKovB43a3ph8wF4kotyA/45A8bLKEmJvpq/
+amY6VjDnGsxkDjjw2OoVbt8sLdGjpganj3fvy5KRhWeWLKhmtq44tH97m4YDmGCH
+Va/Iic4aDPMMvUPWdaY5DyCeerVOb3JN1qLC7o5x2HBt8RE7cXnPJl5VKxc4qzys
+5bqQEYYt2dP4cJqKk3OjjCbl6TJ+8bQtVW5pZm9ybSBUZXN0IChkZW1vIGtleSkg
+PHVuaWZvcm1AZXhhbXBsZS5uZXQ+iFUEExECABUFAjbjsakDCwoDAxUDAgMWAgEC
+F4AACgkQqUwPdWUyRNYzWwCeMxscN9idLHgH2DP2U6tP0tNR0T0An3lfFgidO+z8
+ZeHXzuOM9TAS+jz6uQENBDbjscMQBAC1u+09NP46dPnn6RJtczL3LEroyrcPmHOk
+3FbiNfJ8YMnFBeST+U++chi/kKzm+N4y8TZE8sHwGqnkeIBtJX2YmQJFhKi2RR9A
+tVn2HV1ZTBYT1q/P7MpZTPMI9EODlCEPJTvX+MdtP8xh0Gsj1i1wujQOJAiXdrqs
+Pxen4Sch5wADBQP+NRROzLFq4kBUpgoTyvWzJl96Gdykf+O0AhbTlZ7ix9KtQLfx
+Grqzgo0hwDjb2QzeWHfjVhaaaSc5UWNMuIQyHRcsj9x4n25XGE0HUyOVSD46IOAj
+fZF+beXOa/NbYcR+zzORfXr1qyW2g4oV8LN4s4uV4dPamQ3l98Lkg8lhWCeIRgQY
+EQIABgUCNuOxwwAKCRCpTA91ZTJE1s6YAJ9ZgYjqQ3rScmCwhc3Ihzt2ATANbwCd
+FuVgvD2Yh8lsuiWswLDFrNsDk5WZAaIENuOzmhEEAKMDGobMDqPX3SKI3/W8m9Lm
+NgtDUffHGHNd1npnGM8mSyVfWjEWoEg2GPMEmdX3/tvUUV7nTz02IJwZRVlrbEPd
+W76eItMAY1NB43LpjQTrAR++mVAslulUY6a5V5nJKEc0IqOuxkW1LWavujX1JRvl
+BZLeBkdpsVNuaGJtwUFfAKDfqoZUCcZxnO+dRMalHLfGOn7O4QP/apMk2mc+GJwp
+KSxXBvoQkVcfuZBJmXJuUCc4BUUzHX0ZSKNbgxY/kVR1xN3krMgOCR6dEsGukIsg
+VWRDj9to/+E6IIs6YKhG7fGcXKhE8z8mf3hDLcmjbCKDCSFBT7PI5TkLzlAEP1y2
+Rtin/Sa71unGZhNyEfAPW/d1dRcRVqMD/2WcTPUaIjRvAqmbxUpenRhg/mF5rwmH
+l81VvVBbZCoZ35c0edEZKpfmyYbKuz7GhjEPz6O/UWGYZpK/7r6f4kFUrhO5atCl
+nRyBkvmNmdfbtM5hd5jh3lgqAT7tk7ntPAIh8X8/qm5+Uab63kZwXCPiSR+iEwRp
+42GbVL7F/b2rtCtWaWN0b3IgVGVzdCAoZGVtbyBrZXkpIDx2aWN0b3JAZXhhbXBs
+ZS5vcmc+iFUEExECABUFAjbjs5oDCwoDAxUDAgMWAgECF4AACgkQR69LaWHwR4TM
+SQCgwD4p9j1sDwR1+9bBrzNQzVIyzmsAoNL7pfcdW4Jou1XHNc6hv4MpsHtvuQEN
+BDbjs74QBACHkUCB29pMkveMEZyNiKImizF5NZ/cv91Rj319k3xHf0NJWhQp/1G3
+8SxLkPLBdWcoB4mJRNjDyVsxFUXvRWFIMekwL0q1sHSWTcJwCpQs+LKKtPmD3LA3
+bhbuTSdpYgmKy21SH4epubqBzk/P0193mWXzHgSGLeUoTo3N7eBQ0wADBQP8C1Q3
+WGrBZNOmFVly0erclpQRv1qCa785yx/bj9ur2LxHwVozAEXh8jmoiKZyoAz7YFnp
+29kR2qtVplH1oePNyFweZqIjtmZbiCaT4scUVZ/3LuYbxgMoUFeRoG4mnEVvUUh8
+mmZovMmZFrvp0uojcDsfYTx0VBr8waxgJrg2YguIRQQYEQIABgUCNuOzvgAKCRBH
+r0tpYfBHhFPdAKCcyVECIa28vmUPgZ2jkXQoQ/nNkQCUDpGL1aZn1eKrDlHcGyD4
+CzywnpkBogQ247Q0EQQAvVX9TJEynPJEsX3X2fGPPDiQK+oB7D1INI9bfID5NKto
+o8qybivOLo85i5m7RUiEyhX3E9lUg9buKmtIhas0sJ8sLURmCndIKtXjIWg3Kd0p
+mjE8q2zyd7ChQ3ffJ20875wNbR4GQhSO1WTuxwRoL53ft+9JTULJxkQRf71Azm8A
+oJZQYphKeLWrLtFjb2WKbYxst54tBACS7C/Vu40euIevp2TZHTtY0U+ObFvJr8jD
+rdQZMkUFSuhti7rfO/bf7qTwmCvv6IVmn905ACh9bnKwZvcR5T1yR2b6CAN267fz
+riZhu6/FG+9Ddr62ZnV2rP8Oa7uxAXCnoovaafKYupopvHV0z0tUf2+wasrQdHZT
+vc0pfY+56AP/WOVJ0KGzP6k9bYjYSRJ1MJb70wdVFiHdlIlEd5P3jQsXOyHVMrWp
+6qH10sQLto8gweWJr9aHem0QjTNSTVpzp6laBHf7tnLEwCJGeX5f5BOh87akRjwf
+h9J9zW+DBrtpqS6vjlDYU5y6RGbGRl6ndtXhV5FpE4cbLax/pGFWEq20K1doaXNr
+eSBUZXN0IChkZW1vIGtleSkgPHdoaXNreUBleGFtcGxlLm5ldD6IVQQTEQIAFQUC
+NuO0NAMLCgMDFQMCAxYCAQIXgAAKCRDe8Pe47Gfb3qJqAJ9MbluIqs8qjd1lOkj5
+8xC5K482bACgjeYJadH5StXmbJMGw2ZD29yevzO5AQ0ENuO0VhAEAM9X7EMxDw3O
+SqgnI76WuIBSsI0gF/UptzpT8g8AY6gQPVhU9fgQHbu7cr8SZFV3dyUVLTzkNq7m
+sUivd3/Fecuf77CpKBCrQlzst+UykiPQ/bT3+gq3owGi9MBCfeU2l5yZZ3yjGIqg
+8/XnxmCbuItw69FNyz7+nQoDM28ci9B3AAMFA/wJBLjxXXqWFY5JdXq7ck66Qx5Y
+HDpPH7szUKrIGKGZHxk2UXoU8G9WRfQ0VVQfaomfnKvo+bFDFJGcLfIITI8FrjzG
+oh2K3PKcxsQiQ1SsVlMT3XmuvST0yvDM8a4t9o+2v8yLLgEjR2dn/lTiGjE/ANun
+Ro9TBGpvz5P085NmzohGBBgRAgAGBQI247RWAAoJEN7w97jsZ9ve/yAAn18Lg2NX
+AdY6HW0LEurh0Xcv8zlWAJ9ePiLMYxpoW5nv4g4nuOAWoL/KLJkBogQ247TcEQQA
+rUqUbiVTMxJhp8bA4vMXAzCuLjys4A44DE+uRFb9AGsZTmw/FTPETO7iU/3frlyY
+yTgIvI2zDF1SwHXG06KF3yIu8LF6OCM0N0k7KnKpw8M2tkPiT+D8ANrHU5d178ev
+zm40PyNDyKxSGNlIG1N4MIKFtNdMlahLvu91kG04WesAoLPa5zISvsX+Ew95M1o4
+Qti8iYHbA/4wr+eYRywP35eb/F5V9bOLWhWmEDzw4KHXQ7V+OJ7JD5n44S5KLPKw
+IogohDlPmrxDTAJ/YAukApUItd30kr0Uq34QgFktAsqgCP7C5KEM1TTxU25Tcs4o
+jUHoDyMj14ECuiTCP0ZFRKUivopgjgRhFTKXVVWTySkQ0g9SDaITSgP/a0FyXMQU
+YJjuB7GA6r4U6QnIHsxS5xrQgkshb4tp2MVWMhqlhsfOLaj1WZ+oe0DxKw0O3YKT
+H/EAzmNelKcMbtTcilLaIdI5l+Ylam/bZe7QvbN2s72Kn2PZjtYqO3Uzqw14bqAJ
+Rl0ekleMdZRMMzAsour+iNVPHnlodXnQ2gy0J1hSYXkgVGVzdCAoZGVtbyBrZXkp
+IDx4cmF5QGV4YW1wbGUubmV0PohVBBMRAgAVBQI247TcAwsKAwMVAwIDFgIBAheA
+AAoJEIl5psVWf7NKt08An0PRqhiMzF+L37DyvcaVl+0zSrmbAJ0fL+8D5Frcp1m3
+YtBMpo+j5dsieLkBDQQ247UFEAQAxuGlBvqoDkxhIDgFZzdHJO+gJym94zgSGHkB
+mBIBf5Q2G2O3zkN7SIENI16yg9cxy7zkTbBu9PMgzUe/UuQov9Z6YXKzTj1jLozr
+GdljKOcW5YRvlibo7eKXDUkSvT+X6J1BOIVexl05Y4Ncmf7otNDre29QfK8gGBO/
+bdQd7L8ABAsD/R4Nq/JQav4/7d5ETuMZddPAxV4kCnY+7F7oJgHDKJheJxt49rNt
+fXSxBZUsJ9P6Xhr46fCRT33DD1P8RyUmmS3/dJl7H/qR3A1rox4FQPWAuk4WGhsf
+SXvlZnFWKJhC8TZzFisjiXjw1OFYiF4TArxj9D7d/cHEKIi43rtefpf+iEYEGBEC
+AAYFAjbjtQUACgkQiXmmxVZ/s0rskACeKGRhY+fGFtaL1JQxoHdDPRJ+wu8AmwQa
+u+u5pPZc9UrBr0UV+pGPpY+emQGiBDbjtVERBADdUAZzhP6+69VdyRrgRNotouUv
+XE6I8h0kxZFZZDrQJmpZcNWkUHDqgbYDJ9RmIeEuWZNmyzPxSFcvD9RGw9KmIZu2
+kZYqIuzg4KqOyU3SUfNycarEZYJkmLEyBlrkNxZkmPCp1cRsMKGCbhQs//v6Iq8h
+6dNA2EWgJev0y12gcwCguk0KZIqVO7UfkaVaZhMr0Cd1at8D/juKnRViDMi9SEjS
+JZwb3mw1+yECnM8vrM+AoGoAKiCz/n8N9Gf2DTsFy4yKEskPQ8s09Wc5epBFo3gN
+ruMu4kDnde0uCmiDEbTwzpdSKZO5x9yi+7b39uCNkgoDlzwonaXNdIn2NnFKjL47
+TnV/vKFdtSZgLW902vwYGTr1ArL/BACIcx9TdxsJ9NMyaKD7MEcKQeOrOqv/Mq1H
+xFPkDBI4hTZpQiId1XTxqkJ6UHDw9sR/TvtO5YKrZjINkmaBZFiHlx1oyB0B3u6X
+UVLXIc9liyFyh9aOBdQkdHgjyI8Kzk6Z0ejYcre5TY4zfplAZKkUDlY3U0Sb0a0x
+IGhgo3YRELQrWWFua2VlIFRlc3QgKGRlbW8ga2V5KSA8eWFua2VlQGV4YW1wbGUu
+bmV0PohVBBMRAgAVBQI247VRAwsKAwMVAwIDFgIBAheAAAoJEJ7vNM1LEbJfSQQA
+oJRRe9UHKHiX2iFczXq6nrvr0NhLAJ99W/I5b2/2QQ01we8i1mcSYPWj47kBDQQ2
+47VnEAQAmuK5RcS0zTyXp6SjW2+WeQIpJnJDflL0+iBe//3SADv01qUmw3jWMAux
+G+CcCApksl122V9npEHiLC4Q2A69roLRsbxKBPebustfadLJoVYqPsvjnrBlafe5
+GcrFPnKbE0wV6ZXx/Tp/eSDiQlid4lWz5J+z/mN7KhHANzoRAbsAAwYEAJO5fkCS
+dNwkisFXzeKslWxm9Yoe1TOouiSV11hex0j94Hpz5wGWEXF7z+FbDq+4V0UqGkKx
+aERsl6HMWNkImj57N/9h1C1YDfiKTimg5tZpKmehXtldpWGCNDZrE0RasrFCKENV
+hFMhpc4kAnx6rbA0+LhRvJkvkdxY7pKU//aZiEYEGBECAAYFAjbjtWcACgkQnu80
+zUsRsl/0XACfffuI4IS7cgh0PNghr/0v3L/NhncAoJNwutmN7kkv9n/oPqkByzLx
+vZt4mQGiBDbjtcsRBACBDJOGX9C/xxCVZNP6OHz6cL5vM3PimUAhV+9HAVVPQViT
+nFKrkYPSQyRfWzjOU8RO1Tp5CHz747oOb6j9P74yH1uy78yFg4UuhXBWinhuCKKq
+4IIWwJkCKBFr1U8fu8a6Y6NcjqiDA0KmGRJrMPmXenXkJpFGHG78rUvNi9IMfwCg
+ugzNILh/3XZCZU+BUPYeXL+nUAEEAIDXZhj1vFXHgi9lmijKDjJocEBoamN/taQy
+6Ox1RRD6HtfAPY5TER1n7xm9hMzE+Ov1IKpH/E872Rha1qu1v7eOa6eTuNWF0Nvm
+SR955freRsNuR8JNIb6StI2ER9pzBUfjykC9pg2wPeC7wpQJIF9TF+Ja1BvG2I+h
+a2xJ786AA/sHEUvAOsc58YbPlbIPyp2JdEHvXTRT2NISVRuTMQsg8vV99nMYR2CU
+h270uPyy2xZaD/kYcJ9/1ngY7C9pbbNWoV70PkEMO/qj67OIViWVPzUhIdURorbp
+Ghuc3oBzUxOgial7IbISPRItDgg2oZoY4hqyQNx8Cj2ZZAzDpM2vCrQnWnVsdSBU
+ZXN0IChkZW1vIGtleSkgPHp1bHVAZXhhbXBsZS5uZXQ+iFUEExECABUFAjbjtcsD
+CwoDAxUDAgMWAgECF4AACgkQa8R3gFSs0kZA6wCeJUyRzuFbsZ0uQulvpgOIRTLT
+KscAoLd3InVEj20peTUQ5b2NOimSXnKxuQENBDbjtfIQBADMfPDBQoMzv52Mmjb8
+SdaYKKNzqDd9K1oY2hcMSi+LcHag+KJFOyKBf3SoHmcU/vCEN+LyTgljYSKDmEf4
+wZ2+eLfqFgSdBJp2xm55ih+9CHXg3dXx9SbHiGJCIxfJaIsnNz3VmJGPDDjBlaf/
+hjl/7SZvR+MJpVLFPGjj7uOhTwADBQP/Sgv0abeCXVdVXwGEmhdV0VDo833IQRdR
+u1yt+QLnWRMGTY1oQapsH6QLwYSZfDJlxbsBA3tfqKStpRSbdGNNTsK+RIehsGdd
+i3sWGplRGm5Xt5KpkY/mc/tLFaYJNMqAgfWQcKlZHBp7EoWMgiRiDJUWq0TH1wRD
+oPaRc+H5GdqIRgQYEQIABgUCNuO18gAKCRBrxHeAVKzSRn1jAKC5Gp5sHM9sWdZe
+M6qfu54F2OwMQACfTjYXfpMApAROPkjhhFNqH0d8x5E=
+=1N8S
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/pubring.asc b/tests/openpgp/pubring.asc
new file mode 100644
index 0000000..a091e0e
--- /dev/null
+++ b/tests/openpgp/pubring.asc
@@ -0,0 +1,720 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.3.5-cvs (GNU/Linux)
+
+mQGiBD/yNQgRBAC/KSfe6uVfDgA3BrGpNLhVxT/ytwXMpBI8pEdTiY0jWnYrb/Yu
+8wtCeZ9GAux/ZA/ted+7pdibHXfX5PzDfgUTZwrIJa57OUpWwI878AzZxNsnVv1I
+P6ufGyESKME4PUQO5heKhwAb0gQwFwArS3v4oeYrEljhJ79kpt319JEAEwCg+hTk
+nylYwYGT/PEVQ4JlLPoWmqUEAJn1HX1Od5tyoK4OEAM5G+wHz3SBj4FMonZNWs1I
+t03JKHoM5ulQ2FgEWmBVIPTKSDm/jQXPYApz5DpxpoGYbTCaEo6zfE32AEzoXDmG
+AZE90Xhq/wcEN+JcHpHytAA/n+hYaR3sYegQ52mWMR+vdd99KO0V0jLRcckgBA7Z
+2jlFA/98cyy2nYt0QI5Tf+t/d4WBeib2yNWVtZH/j7XpDqHLZDgVAYkazCA6ZF7B
+vLddBEqVAh1X5tqua4AXX9L4SGYb7B0LRV72alhYiWWHez126KjVgwRTUxtEJ4En
+HmYJRReLlXosPIRhXSz7HFAqalPXJ0DvC9kzTQnnjPOylyMPTbQjVGVzdCBvbmUg
+KHBwPWRlZikgPG9uZUBleGFtcGxlLmNvbT6IWgQTEQIAGgUCP/I1CAIbAwILAgMV
+AgMDFgIBAh4BAheAAAoJEA73cJbXTF8iUO4AnA8wHb3erMrfWV3ij0d/cEiSJAYF
+AJ9fcbShgTXDN1dIVZvLSW5E93TfC4haBBMRAgAaBQI/8jUIAhsDAgsCAxUCAwMW
+AgECHgECF4AACgkQDvdwltdMXyJQ7gCfcOplS9yv3a1gj4TCPiNybMWs0owAnjJh
+NmPvm3h3taFS/VaO0OAmSQCbuQENBD/yNQ0QBADoAktaeO83HXnNFL1QtKYXsGpR
+1FOn+5rpVq9I9GWNUVNCDj9fBwHk+yDXMD3FGlLwvSmHp15mG7ztYu7DTVAjrClG
+psIPqEjTHGzNwMDcMZYIE8iUtTelsyF+zI0S1JVKrWy0YTwxpQpbbesngI0tKWU+
+uOkwDWgQ4kSIJPeAAwADBQP/Rodl9UsvuCKf0bTCQz2TmPmOrFlDezojNgZHVJgi
+zpmjlX4K7BHrynUgQY9KFVjfNVNNou40M4YQCN7WTBSZj/4ZRewJUuR0mi49vrdZ
+xwCisu9EIbJCDUeNQgr/bBwHOYDdVq2OTQ6XiNdhpqrFjD0FT1B7E03tELE+l2x8
+7wuISQQYEQIACQUCP/I1DQIbDAAKCRAO93CW10xfInB4AKDKD5BulHRXb04ynP6Y
+Wel6I2g3fQCgqJEJLoUNcIF3tp2jF2jBr80WmM2ZAaIEP/JSaxEEAKxxqlg9Kz9D
+Z/3N52BC0w+JtYKke39vpdWVDHR3MHmMJ/31Y2iSpm0fvRs3h1j9/fBVmLOZglNQ
+yH62SxdJyZwCelkZzfUy/qLm9Qaqi7wpg0p4EbmWdoFF/A1Zg/MU7D5w5xu+EA1J
+77Z6QyALN9rIOXZ7rLLa64lw/MV4LdIPAKC449htJbbp5rkJHvBDs4YxEIkk5wP/
+X4hPGlIw5PlHrsG7hdahhTudV5hRGlvosnwsrYJXvKAQLAV1EV26SIYUH5pM/ycX
+rG25dqVoG56uQqnhBdUqo4iSnsxY3ZMA46D14REc9P//CGvJ/j2Z41gw8u8oB7rS
+50djvoaWb5myj7bhacTBdfah3U8dVXcIi1ZFvtiaGAYD+gIF7eNIdpaYiB0427un
+4ggc26+Y9nkF93DaMnZEaYSeum6g/g7D1vwINFgQkMYEWi4DK3W+uH0E/n8o20wS
+2wvMrbeYaQm5v6ucd001wwFDY6AdwpwP7UCLQcu6qqvwNHdxWYK6+gIsSufLmeMG
+rsvC0WQqYeu1GfGpHIMCZJlZtCJUZXN0IHR3byAobm8gcHApIDx0d29AZXhhbXBs
+ZS5jb20+iF8EExECAB8FAj/yUmsCGwMHCwkIBwMCAQMVAgMDFgIBAh4BAheAAAoJ
+EJc9UOHED97PgEMAn0F8RGDrnmXv7rqM2+pic2oDz1kpAJ0SWPHxdjJHWzoGMrHq
+ocAy/3wFi7kBDQQ/8lJvEAQAzNix+drHTYCMxS8NiUZNpVTGnWfzMjxCqVyZYt9C
+Em7A4JcfSbgRUppqKunwreuDmmNGFc1W+lT1oLfvJaDi/oQ/oubgIcq0EZ5gOUyd
+aj961PV3ltNmaaUSZsJ6jRxaa0FB1cgx6EVB88gR6JB4mAM4KV+Ct/f9QzPv2TMS
+8qsAAwYD/jdzptnsiJ124yTW5ewhvUVpmDGuT9CuA3ggW65bjOhfravX5rfHMCXL
+PXMNXFgpA012vghVwun/ekkj7/rxapZmlE28YpSDj8Pwn/lkqNAjy466My+wUeoC
+gg7mEg/75is2ogKzx1L52nay7BGmfS415m7BBjWHsiUA6KRtFXt1iEkEGBECAAkF
+Aj/yUm8CGwwACgkQlz1Q4cQP3s8svgCgmWcpVwvtDN3nAVT1dMFTvCz0hfwAoI4V
+szJBesG/8GyLW+e2E+LiQXVqmIwEP/JTvQEEAKhSVnbs5Ndf5tAHPyv5mm9JM869
+1FKK9W5MYeL3MSRzk2Rd2vWOrdVlKcJTl3gjZGPfLUWFIOgONMBYJCs/+I3Tmog7
+R1tmzqq7yZif8B/+c3Zg6bYbudyRIF1Cj//o9nX672E2WMctptdQwOvECvYj0gZp
+LIJRTEBNiCWrcBABAAkBAbQmVGVzdCB0aHJlZSAobm8gcHApIDx0aHJlZUBleGFt
+cGxlLmNvbT6ItQQTAQIAHwUCP/JTvQIbAwcLCQgHAwIBAxUCAwMWAgECHgECF4AA
+CgkQ0SC2Juyr9R1qQwP/bCDX1WGk1u0zkKJWJ/VXnuH3jk6ZevkuHZICwjlqAxv1
+de5P3Jeya/4kPmEQTotEv3xcDAZ+9pBL3TrZolAKhxkBZ08l4QSy76kyf8hB0eoZ
+2Svs7LrGPBJr6CHX0kyDiapHgAhBKQq9GhNKpIAZuL6DK2dOaQDtoRSW2iB1h4mZ
+AaIENuOOnhEEALZlsUNfTCYkjzIsNhB0iJl4C4cuZ/IeypdosZQxm1aIC+f+E2ly
+3BqGbMqbmheKcdS9SQs5DSzys6W7XmeHDhrNzfStM/UuwiSfnM5E2cV2BgLpErKE
+56Kb/rf7/Ia12dObj2VV9oKrCwSYEISRdp5YMar6J7Vvz0nz1Pqf8mq7AKChCSNV
+5UYb4H9LMnr7KJ90dZBWRwP9FcPItdfj5YcY/Zp63nVeUqiNYbCxmZz0s89iHBT9
+FxQ7tx7VBBvRcWVRUUGFjQlCkz+3L+Q2L5oZYXOKBtD4cBZmRS8Dz5UgBWd436n5
+IeEYjItNcqkBhOrjoDC+WVnkKm9/TYKn/5bVpXIDSqcFYzJ4jFeZH0c6LqXHGfly
+NqMD/1Vm585daoJeQG/Pg7LdDkVuNBDT/63LysOfw5NqI+LjUXJScSLos76rIFLT
+0WOdmP74+RxFxdb31I3GYQlFjsy40e3nAi8QfaM0Q4n2WzPNkUENu7CyNccrfn6U
+9sYTLr3EI/bqIRp/KwoptFcmETUL62TxKcr4abrayK+Yr/lqtClBbHBoYSBUZXN0
+IChkZW1vIGtleSkgPGFscGhhQGV4YW1wbGUubmV0PohdBBMRAgAVBQI2446eAwsK
+AwMVAwIDFgIBAheAABIJEC1yfMdoaXc0B2VHUEcAAQE5eACggS5kaZb//GX0qnqe
+SI6hALml71sAoJejRM0/v1nsD0xnMGWPqS5MnC79tBBBbGljZSAoZGVtbyBrZXkp
+iF0EExECABUFAjbjtqsDCwoDAxUDAgMWAgECF4AAEgkQLXJ8x2hpdzQHZUdQRwAB
+ASeMAJ9MeUVrago5Jc6PdwdeN5OMwby37QCghW65cZTQlD1bBlIq/QM8bz9AN4G0
+J0FsZmEgVGVzdCAoZGVtbyBrZXkpIDxhbGZhQGV4YW1wbGUubmV0PohdBBMRAgAV
+BQI247hYAwsKAwMVAwIDFgIBAheAABIJEC1yfMdoaXc0B2VHUEcAAQG3wgCgk/Br
+qP5WblWLc2+6jwlmuLg8n8MAn12puZol0HwV0mcd8aHWtcrfL8lyuQENBDbjjw8Q
+BACcjdcfV/S7I319mfDvbOwczDvTqDsRbb2cPhQNAbg7NFlWJKtRrmff14jtCt9M
+77WZ5W+zTLwX8+8Wy3mMfrys8ucZKtfPixOXVPhyinUUGSq68IArA8vLSUTuOO0L
+Ii05LAg6jzGhN9jgkQReZyqxub4oe/3JhIX9grgJ/tsjNwADBwP9GeXmMrGi5wMD
+3qkPbzb1MqwsVBJq75eLLxu85JIN2XIAGw6Q0FJp4o7d4BAQqAMzt3ONU1OcCWlD
+QRDxj1nynE5ZgRBiVoyudEELgNnYhp3MSEuUg7PkFWn+N+GuvyhVUHApleyvP09k
+vP57hif6yJRS+V6L1ugP0vZmBI4dqQ+ITgQYEQIABgUCNuOPDwASCRAtcnzHaGl3
+NAdlR1BHAAEBIKkAn3A15g/LjVXSoPwvb6iNyUp3apJ7AJ0cc1Xh4v4ie9zgirbx
+ax21fRqIKpkBogQ245BnEQQAvwwkLp4Dtoie4/fvandnK4wVPCvgJkIbNuyQZCar
+QGwv8RapBwbANT4vGW+ky2vzgptj21xYjOcdNMIhJ1Sjc7hjs1PLhwepMFrS4/Pl
+e1TljpEgxLZ5UxertMvSTr7OxsA76jjOQt0B+y2vs5zXgLtedux4+pdFxkgM8r6f
+jZMAoJ5LVNdVRaSkiHaKZWQWsjfTs0/LA/wMHP/PdH4kjFmDRqOPp+iB8YYwQTPZ
+S/gwHtUbQhLcFEljaxrCMRZw0ZDMbzKWk+BrrBvgz4Wk3XawwUshYgi8SgwWIDG0
+jusEPYOs1hBIdWTEzFVP2pK/NQzhAqJV5/390OLEY8SN4bts/LY1XsADzU7lhE0O
+ohx6FanaZCuGgAQAn2zK53yuk7o8UrPdTHygVn2McsPYYzOvlVfHCSXQ14oXjCs1
+nK1XnMIGGM7pJjYpzv/wUZkHLNcHX4uVHXxyzRQ4oMPekncmaR8fu/YIQ9zag5s2
+GpKESKAynGQCKwI4H5eYn+ryIgOHNS44UnXFUwbEsonP5pJNNRIM7VimNGm0LUNo
+YXJsaWUgVGVzdCAoZGVtbyBrZXkpIDxjaGFybGllQGV4YW1wbGUubmV0PohdBBMR
+AgAVBQI245BnAwsKAwMVAwIDFgIBAheAABIJEEE/SvMa/atsB2VHUEcAAQE+RACf
+X3AwFwPu5+mr/f1Sa/Wv0m9T57gAn1TBIoUErMqJehQZu73N0u93fqSKuQENBDbj
+kIIQBAChY8NSvu6sK0p4D0AVBsRz8iVXYqbRlRTZAHS4LCXwx/i8FmfdIXnaNLOo
+yi44YruSCnlZdh4YWquCx2mgywG589AzcFhahmqElNbKb7m4F//EGIZK0zTgW13t
+QwG9hTXOhYeqchnOOaDDwPEK1Gr+2o/5ANqhqrin0TFFBWLgdwADBwP/R009s61X
+/FkUUAh8w4Tua6qndN/2GsqXsyPYjdF5E3gErK8jDcDLniOHqkswV17bJG81czCR
+E5JcVFLLWQJg9cpeoTpP+YcF+m9whtswaOJ/LPrx888i/OmluSD81VP+6zBhhTUb
+pazfLEdt3XczpW7CNdNbyiEcgT+6Cr+W2GaITgQYEQIABgUCNuOQggASCRBBP0rz
+Gv2rbAdlR1BHAAEBta0AnA21IY9iNt6wtJN5HAoYDl99mIUOAJ9M8Loj5fIZq+Mc
+mtodOBL9tII3Q5kBogQ245HNEQQAis7GTDqtEM6luop6eWsxFi9+qhUVp9N6S+xl
+bwzQZVA4FjCqf1VR9JX8fwjLecmxT5xThQVcRqgeFVaCyky2Nge/FcFMPZQeaP5j
+v5GRWc5PvH9Sw8pvGOTB56V4ZeR4cQLDBm5CF5tKu1BCWWq2MLHfct7TXe6QCzZK
+cjzdw8sAoN9VvrKN+EbQC+THzdWaUWpdcfWnBACFWEyLVPTpI1jNsoCZ00F8Fau/
+2baXk8mdROlJZS6bq54ksfOQQzReBWce35h0W7NeBRp+yeoSf7Y3i0jTO4mrOiL/
+0NCcS8qKNnGKG1irdLes3pQhDZpcUe2G9W3FnGhxl6W5hpYc9550mUj2H3I5tmfS
+YsVcVjpNSIdBizxE2AP/SI1t6q7LHMQp0h3MPQ2z7daMhUGViXnVl2+rKjb5T7bv
+SFdV0iyyuyoqvUPBGWwJFLAxj6esHRlQ6W8togHuoJCR7cL2bK798mgYOExk5gBe
+xq1VHQQZN1edK4LGo2ESKrCVtkYwBzAU76hYFKAbKMU8dMxI7DRdLjZ3vdQ3FNq0
+J0VjaG8gVGVzdCAoZGVtbyBrZXkpIDxlY2hvQGV4YW1wbGUubmV0PohdBBMRAgAV
+BQI246R/AwsKAwMVAwIDFgIBAheAABIJEDGMH676720bB2VHUEcAAQFnAwCgs2ha
+IgJu/UEpmCEnojO1zCoaBwwAmgPAlNY/PttAu6zYqTh2M9yn1DIXtA5FdmUgKGRl
+bW8ga2V5KYhdBBMRAgAVBQI247gAAwsKAwMVAwIDFgIBAheAABIJEDGMH676720b
+B2VHUEcAAQEg3QCeOMf0g3znbc8IBiTrIPUgUz9p3WoAoJ6eRZTZk7z+hTyx4JDc
+eReQbYlGtBJFY2hlbG9uIChkZW1vIGtleSmIXQQTEQIAFQUCNuO4HwMLCgMDFQMC
+AxYCAQIXgAASCRAxjB+u+u9tGwdlR1BHAAEBXqYAnjqVBua1ZFlSV1C2nhmc6m0/
+tkm1AJ9x5gxl8wCepQomIeTa0yG/AO8CHbkBDQQ245H/EAQAtKXtJo0R/yZii95r
+m0k0TChnHe+/pfKbJeBrXAOoqjY94OudENscYFvkG9Yi/UnoiCT/CrhH4+r3z1Sm
+RypEQH7I56W4TfM8+1kGtsvJJJqqIx6BiIecAA9zROqMftQ9lr58kplNSTrgEJRA
+30QuQvYUq0AZDtE1Ali9sKrg79cAAwUEAJd07hrdkgrmEl6OEdnTWaQdrpKqhzo+
+5500Lu2VaItTrYGWMaK/8O/Nxsyye+T33UDEnek/hm8qvkIKWogb5ZlrXOa3Bd2Y
+J8YlvZ9s1JUPjOnXp7myU+vwKn5+8i/b9LK/Cu5E6z6gDNJW+gwDMAZKTfKPmdPm
+iKRuf4zrZ8LkiE4EGBECAAYFAjbjkf8AEgkQMYwfrvrvbRsHZUdQRwABAY+QAJ0R
+/tZntf4hw50uZbV8rDnZduPwTACgj04QKUO5SXvC2K+tfpV1FMK9UymZAaIENuOS
+0REEALm1DndAe3BcyRxeb6OTcIjGdSVz48jai9jlhP132niYgeeaDJlRD5itSRev
+cFO2QaaNZeDxCFnD+1kTKrwRBZfvC53pUZElveZMBa9w/E0Z2q2ct5H4gRdbd93Z
+5FU2mWMQgyjgXWf2Ykby2uoGfyh4SE382ku4d+htjGwJRpY/AKCkDxbBD4wcimHc
+e9puf9ibv+HeIwP6AjQCmiR+zfGNxy4rNUoYacrST9cgvRiY7XnN7oM2Egu0Sldz
+SXAXgl+KJtyoYg0jemGFSAn+MHas+kwKHKKj80drexc+vrqcSIIeVhp5wrNnu7jt
+Xl1AklzjX4gxA80Shk0I5Hb8BaPvPNA5IhpZ/6pka3CCwOevHcDZzqwYqOUD/3W5
+KVAYahg69i3IaZKGMkJas271KVydcZX2YptY365nX7JPN3RN4gc75k/AciGXDKKg
+xB4pfeS5iad6sNclXgKT/2VkftF4gSxBfRoXADnOYoR9gAkly1okV6cjJitv3q07
+0190JAHKqENXBVgsDTQq5YMnAfOB3ZuRl3Wo6e3AtCdHb2xmIFRlc3QgKGRlbW8g
+a2V5KSA8Z29sZkBleGFtcGxlLm5ldD6IXQQTEQIAFQUCNuOS0QMLCgMDFQMCAxYC
+AQIXgAASCRAWhBCkj8KC5gdlR1BHAAEBIuMAn222gK7ibwOXzIKd/gZP09JC/3+e
+AKCOelaqqYqNNbku0gA84+O7d1kMqrkBDQQ245L8EAQAtsGp/UnA1y4AqjewlkkT
+OQevLwtzwm3pmLLjl2Y3TfGn8Ni0h8Wd27kV32MUZyTaNaZuDxpDEO2aUIpGWVQm
+WvlqCFV2F0Z2AI8R4bx1tC2kD758hUvR+S2hn9lK7E1lQPuvec2LEml+uvVxW/Vm
+4iDBgeMlIlz70MFC9LUnfpMAAwUD/At7Clo7D4dNk43BMvhQ8VgJ+INy37Dj8PHX
+2sCZZ/tIfSwNIU3m2ygSVreTlDKo406v6Qmefs/m9dH9lsBE/8QL40Ek3SY6xV/Q
+zTVN44QgnpRKWpfaMbGzWJVXeczlNkTeIZZo/nhDm+aMucMu/e7EKbG64BnrQk7L
+z6LSKb2xiE4EGBECAAYFAjbjkvwAEgkQFoQQpI/CguYHZUdQRwABAffsAKCJwKTp
+e9OoS/fhFdVKSF/4RwMc4wCfeSuo9zll5IkZrtF9FxWGblC1y/KZAaIENuOUsREE
+AMhuJkVEGWoIw4JdMQJ2kmywkOcCamKv7J8ApfiGw5V3KB6l0DTvUCazysCkAFL9
+zb5O5qmVp3zD6LJCzgEq7Op5Ar9haPQMOrJjYszuolu8V3qcL8Y4aOIS5xNNKBjw
+g4VJwFNOSztqUwaMcB1bNKOr7WmlYl5NLOnThQqFXX/TAKC44hpSv9wxVqFK6iIr
+hN2i34JHXQQAq6dbJydQbYhoZio7ewJ+kKHOS1Z1ONSf0RIkCMorVBQLz1/n4qsw
+8hN1Q/Kl/770y6YGQmL7xHQZUnzPCHAp9f0IeGsPSR87rykIPFnJb50PM6v+0VfS
+e4f2kvyiIQySKRoYumH4343Uiny2GH690uE1SvcQ9GWtwB+/5a06lvID/36SlrvH
+ycifZKh8mKyP4+MpLeUCgY97R46gr+xUG+BWPLcZzd3y8wbb2v7ZZEikbC6G4sY2
+VBhfrkEdXUwr9ONi8WemhFKq1MrcalHNOaQkgLxGVfG19h/+frpUsHcShM7NYdjb
+0kwImeeM8yhoxzZhIrXQGjw//bucXQIqjxcRtClJbmRpYSBUZXN0IChkZW1vIGtl
+eSkgPGluZGlhQGV4YW1wbGUubmV0PohdBBMRAgAVBQI245SxAwsKAwMVAwIDFgIB
+AheAABIJEB/o/G8EJZZ3B2VHUEcAAQFaWACglWew3yvov2GRshLtfA51qtIsZYoA
+oIRsA6DBoC53p0o8koTGftRHHpImuQENBDbjlRIQBACDDIJP3vJbFfyhJHeP4zSu
+MhY+YsvxWqJ/NNCNxlMxE7kANgE94HrUfhrleKW2VhP/NG/YZzVudFCRoj9fkl31
+bWOb0/Kf4DRcJ+XdDv6at26YBUSZqGsE88fEhQ8AlTxxHMDhxNo+S73670QTsilN
+9ra/e+q4vlKMLdPvdi7gOwADBQP9GKPXQ6oY0dlKDXGHxGcFoUR2miXpz9890G84
+yZAEm+R/OMQkxKb9HahLVUyVKCKPC4eVY24gsKJOEDy1Um0BXh6kym+zfej43r5G
+dQqOjqywjTnD0b18YAsEhm7rizJECRLrZ1y7tAziqrmPeCl14e/S2u5U4I0XhP9V
+s24HNfqITgQYEQIABgUCNuOVEgASCRAf6PxvBCWWdwdlR1BHAAEBCXgAoI5oimsZ
+s8ZKmLb5sPB4AZzngCyzAJ9og9spt3EYXAB95XmfzqgJBRv04ZkBogQ245UlEQQA
+nKdAaILozJ04V6Z+FIwQEY/aF4EFrJJIc+uewF7ukZl/7uUZqSxqmzZjbqigyMFG
+ybJSMa6TpwN0BKG5CJe04R/mVCIRsz1Jx5YXezN3UFsNVNE36R8l8dxWG+wgj2m6
+0gu4VlodcpVMc/kRiSUgKUfg/xmPnRe3SJZSlG2lBm8AoNc/r5DW86om3MHWK8Ao
+yhvVXhWvA/wOcjx6gfTTKftzpQBhOF0U0fC3npQC6bvjLjTBhQjC3WX5rfwJqMmr
+udRbEO1sFqzTOQPtb9xatMeVqTcOi6+x2zfXes4nTfi9Lgq1z8HhE/LnktwxZxyP
+eOXqXu9N023IyQTv7mC59C1xMZk4POOv9WZUGz4C85s2/9iTJCfkMwP+MRW0S9mH
+misruCY6TDVFc12KIFMIPSmWav6gW6bCAA+wIHfmcSyR6MHiLV2gtJ0vQuqgyWfe
+TiaxPof07dg9pZsV7Hk1ZUhEmloeOcfZmwtHkRhWGEbEsd89IWMDJlwNJ7Y9JZ3Q
+vK7vB42bQVvyhdFQdEXH0slvlvsgKtCcaOa0J0tpbG8gVGVzdCAoZGVtbyBrZXkp
+IDxraWxvQGV4YW1wbGUubmV0PohdBBMRAgAVBQI245UlAwsKAwMVAwIDFgIBAheA
+ABIJEK0bD61DwtDHB2VHUEcAAQHVEgCfWTFa7EbAJLX6LsWnVwXPNkIfJwsAnAmr
+5Ebu7H2xASainZXaYp2MFmaSuQENBDbjlUgQBAC5mWLT+9huzqHUeEX0du9EcUx4
++ND31KTyH91PHs8jt5KowddiHQ9mCFyGVusxI+d6bF/AxsmuZ0r1Y3RaH0ElR7bJ
+wfx+1RwZGjkJ0RKCJx7OIXpWDg9DP0WXG0SG+uXurxHrLs76PTdAAkpQbAF23njS
+hnxhgqIO+BlRnGeh5wADBwP/VvZ9jMCe5atBleFdBDhw1XEwFUUodJwfbigVVu4R
+YuAz+12AX4I/DZW3NtrzJJHUrzRVKCxB+zqfbDIJV34gjyUodNlP+l8gIVw8mUcq
+ziB74k2fUhzEECKrRBE1bmEZM70p0nwwVatafYFunmTfaugDO4JqCiJ6UWjgxUVl
+Ow2ITgQYEQIABgUCNuOVSAASCRCtGw+tQ8LQxwdlR1BHAAEBjv0An2hrfDXgptM2
+7LJjq12er/cxZPMRAJ490qYy08qnpp4h0ifShMyCiQnYg5kBogQ246LiEQQAip3H
+OFHnnO3VmlQEctkpjVbn3knp2LOALCDz9L+fYxJeySNK2/uCWyCaAM1v4XJtuhkv
+1G26UMIoPPz4DFFeUHwUk+AhDpX+/8dmuBypPbQ1eAJ+6tmja9W3lvrcMX1Bllle
+SNKNW/4ilZPy4kEYmjK/KSV2Nuupuv9j5/S5g7cAoPiKn8fILCtj2Qlr/O7hCgDi
+8x17A/9XkcS6grdYU/fIHQy8pEU5SN5DKuhCtyPs//KQyDA7jyCatXjOvGHRWa/L
+O4tcntUKQ5bT2B4Fp1Au997owCgDXcsm5tx6wN00gYxAITX3LvJ5K1aK7wEkFAwi
+yWrVkViU1Fazx/hlyFzAPzouiw7IDQziWp8M87wwgpvIVkKlvQP+MWAGeDVRa0Kv
+ILUDyVrjCH0hUr6WVjYEIGGZ7Yl0lBmDlbNvE//O0aEcdNrbFQ8NjwPM+vKv10bj
+PTXXrcW1F0BwfXrMxS4t1tYnbF4XfwuEsok4BBVxvGPLPeBGnYJNTwGBzehnd0mO
+45nr6mBlS5gae6n4+WPV0jOUhNE4fny0KUJyYXZvIFRlc3QgKGRlbW8ga2V5KSA8
+YnJhdm9AZXhhbXBsZS5uZXQ+iF0EExECABUFAjbjouIDCwoDAxUDAgMWAgECF4AA
+EgkQ/hgLHanjsLIHZUdQRwABAfruAJ4iU4M5s1xsZiXa0wLnX4FBBl9abgCfflNp
+wyEp6KEhKCPWwPRG9WJc0qi0DkJvYiAoZGVtbyBrZXkpiF0EExECABUFAjbjtzsD
+CwoDAxUDAgMWAgECF4AAEgkQ/hgLHanjsLIHZUdQRwABARrhAKCK3IrzNqME6oA3
+RllOrx87OCIRggCfVkR+Nf6N59lS5j7jMXOuk799fQ65AQ0ENuOjBxAEAJVJ1fFR
+aXPzUWOoeBHhvUS2aGZbz0Kamwd8qVLCVi8G1sH/LtMUh+8CvhkVum6p7Dom+2Mg
+Rmhe+iVNbAdU8QWS4bQsBrTeiVpinMLpkEO4uRvT1G6QIPjN1jrHBsAxGw7NmC/n
+3stle04ssueY7JOmyNEMvO1ay42CWbmt985PAAMHA/9LJVm8UR0RWfn91BOnt4C1
+d2ttkQzfv1y0InbrrdFtNl3nmUgF6/V9OcpCS8NNjZ7nzIhDgT43Ov32qD0LJ/p7
+c6EStNSoQE6G6wGB7j/sTkushUy+joAVT2qCfRKCye7/DDa3FXDdcSOovweCX7hD
+/nthG8k576rb1h70svx5qIhOBBgRAgAGBQI246MHABIJEP4YCx2p47CyB2VHUEcA
+AQEyuQCfaXpOx+srd2RwCfu55+7BpsWMW+QAoNSDRTeADM6hFI22edSk1XQL8ipU
+mQGiBDbjo4cRBADeZztXPNYwpoIf6BfqepImZqhVd2qXuZBJnEvwaFoAl7er42pX
+XLZhWIu7/gWODfcyNxsUKgMbeQ+nWO2jdcZQtt+gmRAGl1F5LbxsP6aRw43W7PAk
+bmYgPY5tY/dhgFGP5puoV9mhijpFcK/cjeg6wNgmjuEsCv8BF5FX4/p2swCgwmgc
+x88EpJF3/EDrTk4/8Xr6Z88EAL99JWgnl0w2TNiP9T3c5mtVdcYs32ntJH82TiQQ
+0LR0A7zRY5ruojNZC9LsTht5K69AJakrDA/Fu5mr2xYoFJcW4b7rpeKUy/wYifeO
+hYY5T2NDYvaZnQJXZ6O8lGLFgAxCmnZEN4IRFahKs/gAmG86d6fCvuSrohSZvQ+L
+sr06BACFT4tjfuL6MZ0VhsClxeBPny2AM10+bDDM5eOl5ODLN9Nxf+SRu5AdIojz
+2OqD9Jd55WobpUXGzTI+0g23636IuJuH7VGCF92nFwkjdIDblRoqYPAsJRkMiC4F
+kRaeqF0DpgJacYSBnHdY3Yd7I+cvgkK7oBjzTiU/Zs5hZAeK8bQpRGVsdGEgVGVz
+dCAoZGVtbyBrZXkpIDxkZWx0YUBleGFtcGxlLm5ldD6IXQQTEQIAFQUCNuOjhwML
+CgMDFQMCAxYCAQIXgAASCRDrqfJA653J5gdlR1BHAAEBriYAoJdBwMXGVRTFlfw1
+u4XimCRPVFRNAJ9WFXysx0ugWaIaLJ3tyNZQHWoARrkBDQQ246OqEAQAj7WdaOJj
+zJNs2G8rvrDZvD/uaALQ9PtdvYAp/Drp7xMH5T62+KKTlKdO3s8IQBPiuFocJNir
+5st/nm8Xl+gcOZOvtr45c/cl54fGO1gOjBZOfgbkdBVK/LMwuQWIebK4qCZnAOlD
+LYNGVUguGLnEQBSfnhhkgh0WA0kqt7fYvpcAAwUD/3cOEqPlMdYeLnGEG4wPxtyV
+IchwGOv0YRW5apbz2fdO7otj1AFUN5WzFw0A5+WHza1OIUhg50Zco6HnwKx6F+Lb
+Z5aOc37EAvaFgPuMxBfkaWYagCof3jBF0CbTWUXV/D5/dFmIeuGTuUMNsGVH+OSM
+W2hBN/7+aJK5LLHL+hzpiE4EGBECAAYFAjbjo6oAEgkQ66nyQOudyeYHZUdQRwAB
+AXNNAKCaviZP/A83ammDnHvkTdxefqoHbwCfaE7+GAg+R/+tJLJ0DvZllz8xYzqZ
+AaIENuOlJhEEAN1bOV3WXINYOoY9LMY6x6FfJNJrSk59VMtySkmkOkStyfyNLxwq
+teRVSjAjtKVmE9GZgj7mmoZobkVnlUl3VN8paKFzs74kMegrfJqY6eHo4VAU9lQX
+X5aUAaIVctz5Y4PNuA5IzL/zJcDqfTN76/d63mf0rOJvewMaPDkMyaJjAKCZTCeh
++qyQdW/VLq0ODTyZcAsoowQAhUbJ/2KPcHM1vR9VgZQ4tTTuepDdGk1A9oq09CkG
+htGSdD9lJ3O6IAtwIH5Drrh/VwoYD46C2bQv9/XFSYpFbetP2XMy1wLLqRy50IjY
+4eb+A5w/MqqOPmiekPzh+BHgF1ux6FPz66ubEWIr9sUUjp4LUvl50FBxEuztMXaN
+jdIEAJ1fL3IeDqINMmHKy9HtS4tYT/Wz3KyKuFmA9vS/IgXAd9HMz3oBgg+ktmv+
+O+SsNrBPFgZ8YhmuPtTIZ4+7tEJ4VFVVfnkHp682/d8CpubBDUYdNftYcI10CQ/T
+vJPFn/Cdm508DNDBGQR9nf1N1xxs6Ed8e9u/dE1DRXFta1BStC1Gb3h0cm90IFRl
+c3QgKGRlbW8ga2V5KSA8Zm94dHJvdEBleGFtcGxlLm5ldD6IXQQTEQIAFQUCNuOl
+JgMLCgMDFQMCAxYCAQIXgAASCRDUv1fzc3LiQwdlR1BHAAEBdy0An2YZaL/VMei6
+H3kreYNoVYow3V9IAJ0XO2nYsUNoaaa7+LzaCr5rphfw+LkBDQQ246VQEAQA31Qj
+2MGefTCoF0x+D+9UMxZ6RuBPzI6gzX1tzcUPWYy38NIq+lNYBg7hLFkUfn0uTsAm
+33h2Q8z4/DGT7jmQWpoIg7yNTr6681L/gYo5FhhC+qERZ1iPMyfMwwD7rrz9bthU
+GTqChV2h6NiPUPM7ic/D9rxJICXy8dsoj0dQ6dsAAwUD/0ggimQTUCGmNHHypor/
+GY0XAAL4Vy8jAsC0FH1UaqDVTrTDH1qWLRnS9uxEsOJIGSLMSdxC0FZEYq4jCm7C
+YjTOHTHvvYDbhs9QhvW9r4VD2efbERFSEYMiH69ASQLGDp/O5kOZTgQOvl5oxzvs
+rOMaRFSWcn66uUAMORmHKz1giE4EGBECAAYFAjbjpVAAEgkQ1L9X83Ny4kMHZUdQ
+RwABAY75AKCVZupUbMXq9yw03M34RS9YT9MzKQCfUgFd+Fn89xqU4Owg/MQzYlLr
+eUmZAaIENuOl2hEEAKeOL2pIdZ+zQtehxdL9l/uDBFSTuN9rLb8DgLiw8Z9j8U5C
+EH/M38WzH1nHKKlZKjGVZYiyhRfAG83wvHnT83lq+Ad0lgaZTR4z6nrd5ViOlHPl
+fqo4RPZPzPe+uF7EfDl792sJerXGAasLosmKnxKAyJyVjh7eZcjTS/hUhO9zAKDV
+yLHJ/gQlMYk8vE5XYL7Pw4d28wP/VsKVkjlxsXpcrCQIoKeDXgKNVv9L+0Pebspz
+r2WOah8iBN1QOkbtexIKCbb9mmviEnJU0FFx5MIw4mipvY4EpCaH3McGwJpCzWmd
+zID8Z6oISUyKsuP7PXjmASbogV6Iqy2m/2RDtfbIlbwotfbiOT9Tr3IPbH+tHAZB
+yMRyvxID/RN90WOPSpODxr9AH9btmeJD0BfNt99116+qdwvWrTofcbkBgzvB34vL
+LDaMKVIyinxz2lYyC7aSpA3uzjZvoPvPrQJFLE0dx7DSkUTtWbQGByRabpyrXYdK
+ZzsFXLb+LSTWwF3sQLax0C4cYT7OLPlxjDVq/A0jgztaZVWa37IYtClIb3RlbCBU
+ZXN0IChkZW1vIGtleSkgPGhvdGVsQGV4YW1wbGUubmV0PohdBBMRAgAVBQI246Xa
+AwsKAwMVAwIDFgIBAheAABIJEBPbllU0xuPxB2VHUEcAAQHs1ACgyFQrt3yZbUXj
+lCnC2luf8R1K6o0An3j4ZVjoau0xsDzKtkd4PzNIB52uuQENBDbjph0QBADOk7pS
+4JZak/26nkZWEs+hIIF9IgD0labkCnr+GNDmGJrsJxLwTjU+NoaXo+SHmWPaqRJQ
+Frz3ZJfJAxioyoSr+Hv4Fbv6frZIJEy1g4dFhk8DiG+zR3uPOcZCUyyW3HupqahU
+0/RcX7CzXAcuPJCXeoyeSsBDyUAk/6ODs/kerwADBwP8DrWpAtFexIWvsswGdpRJ
+HSjr7j8cJ2Hy36acB5AEMCSd7kNM+LCrOqyOhh6RfokrvCT6ZuwlN39nDnkmSr3F
+WbqcRSj8khs3tw+Uyp8ItqhL621vFn180I7dZM11bECv+YZlmIF/L3JNzFR+jmpO
+DR99bLjQI0dpUqT6IhyS0bOITgQYEQIABgUCNuOmHQASCRAT25ZVNMbj8QdlR1BH
+AAEBJmgAn1Pl0Ya/1IL4AnzJTrYWN9u75SN9AKCcqVnhi7qdg6qLmSBpGPG5qQ68
+/ZkBogQ246f/EQQAl65ub9rEKS7XsXwNkvGtj1K7gnql2H1bJ5GF9bGCWhWmB8WF
+tsAy9XUeC3WbrcuWFgTsbtTfXZ5I7j7HSG6ukf6Ycusb+bA1IoT+GAQGWpFeWoXe
+16wXZFl0pEc2iUnx9ThtoQF0fO5YlbvHJPEQ3kvoqcdb52WOOfOuCAJxc6sAoNqo
+5w0YxgJ9jkj7J4cmR+OFUEKXA/wO0jrvYE7eiZeFUjGNiRotxzhTzh53rxtz2/DW
+G3D+IBFOt4qqxxp3WCSNO5SnBZWUW50hDkhTxS7jSmsfPBmCinmQ6EF5FaFPyLQB
+q0uKwhMaWficdrQS9syXFlPuzQ5jOS3kVAxOmtDd7CMTC8892dj02qzAE46QNNUI
+91kZXAP+PINfoJ8hV2zvlGZ9tVlo+Lgsl1BOvxvEgmYV14gyTmMWga5sNq7TdMdW
+i8Fz0Vy7sI4S+RMJ96rMws2iTzWLi2jGO44itoWttCwqmGJmlSWurRsvYhSBgvNC
+LXFGGaQn5ncO1tqKnWSDf625UnAipsgW8P4Agd5qJZiwXfJ67Hi0K0p1bGlldCBU
+ZXN0IChkZW1vIGtleSkgPGp1bGlldEBleGFtcGxlLm5ldD6IXQQTEQIAFQUCNuOn
+/wMLCgMDFQMCAxYCAQIXgAASCRAMggxx0mmTEwdlR1BHAAEBQPYAoKRB8Ey3Ny6T
+aKaGoL2GNFQEwM1MAJ0WblK0ScSKbm1BN+2hfDmmKRkgvbkBDQQ246gqEAQAkdlS
+JYfTiZH/CkfV8tnhI6IDz+SgiZKcneEBnO+hAJottARGAojdbURlOIeZqRCgKpdT
+XBK7MdHAz4RKFnAAXPDBZgA5q+Coqn580t/O/AKGb8kKn9n52z9lC8A5KnHaRAsO
+KVyPTIU5vq6FLmsWmMB55iz826Dk9kMhV7mmdQcABA0EAI8Jq3Jnqf0HqqaX7CZu
+NKHJgag14bTaBw0niZK0KSB6FBpzitEoyst5JBPCl0ayQEw0Hn4jhZAqcZybI//p
+C1CNQBBO47VUi0y1UVjExtaNmmWxugzkzWHHx4WmyWsCQwGN4B9riUws4g3dgC00
+7l+aonKzj5QEo1XiiMNTFFmPiE4EGBECAAYFAjbjqCoAEgkQDIIMcdJpkxMHZUdQ
+RwABAY+uAKC+sJk79PGOrcXpT2/F1CqWssOBcgCeJ3lY+tmSH3V/eAz5BdNB+ar1
+XhGZAaIENuOo3REEAMFaZuaYHLD67UlMCLHGPk1dFdAn3Mu2TFFDUYfEtA/JDOiN
+ZacPiQSZ7zK+wVe66Vs9fzNkyeXqpwLzC35vkTx0K1m69Ave9LnXIZ70zvpVEL/U
+eCuITRiocxNglPgn4dyJ+2V0cWJ36NGcZmkvBW0vGItpYCbpIGLzYVOfiVUbAKC2
+Nze79Iyw+DKU9HI39B4fz85nkwP9HbIb9z5kXiRZyCaXOMnFBQ3bAZh4Og5ZQxdL
+yZ/rIX4Mu3DGjqg6UtosdVNHr6ofZWHPXNqqTUivoUmOS5Qa8dtUW3YGa8vbpK1O
+MnjMLhQVJZg/eou99s9OFP5GgPh5r5Vw/EYQZ6qzS6YiYnqzSt5LcolL2+Ae0ajX
+Uizic/UD/0TNXtCRfkS4SeVSkZXarb1oZjHdGlw6ENiLGiA0e5b4r0rByW4EQQGZ
+Pvg3DFXMjqp0lVVmfmXFPggLkbTP+SJ1/VGSC/wSqPkMiKSCenRqwHwWIdKxv7f1
+3hyeTZXR7P8uaSddSXaakqmT99v6pdZOo8NsVQTx3PzPKpEVciPBtCdMaW1hIFRl
+c3QgKGRlbW8ga2V5KSA8bGltYUBleGFtcGxlLm5ldD6IXQQTEQIAFQUCNuOo3QML
+CgMDFQMCAxYCAQIXgAASCRA3yrUft5ED+AdlR1BHAAEBilwAoJGWPf8Pesitjoqv
+zFLPwO+EsydjAJ4kNnkh0+QkOBvDz72Hz2bnjSPT07kBDQQ246j1EAQAp/Ccn5Ez
+xXIGljKVKZ5Pp0xJA3uBoQBvXzu2pU4HU+vmgwnX1313x+4BsHVEbw7+lfyhKnDD
+0TSwIAHj/xeE+jraCTU8X1iwe49eAyTaWF4wTyTzdZKQ9mrfBnFgdWlRjLALcTMJ
+aOE2Zasn8wgAEHgi4QWyBPS1il+aFE6oizsAAwYD/RpvJnfv8VqfbCxOYt7meLfT
+LrvcPlGNynv1nEgNgjbYRGIRzbXDDz+jwcLc9MeNuZgtaXvUbsQ8s0X1dP6vq43V
+mQTQPlU1TQx10o+YYn73ptyhbwOkyIDGmyf6uFhO0+B5/MY0KRLCxo0lwMxvVkYN
+d6k804pSJPqwusWBm2R0iE4EGBECAAYFAjbjqPUAEgkQN8q1H7eRA/gHZUdQRwAB
+Af5vAJ9dQMc2nMpcKuH28xwKl8r7MP3pygCfWHGKFHWIDkUt8RfHAB9geauEQSKZ
+AaIENuOqZBEEAKLUF5GqBMWJQtBs1t1Sp+NIOGuMLgJOhINbMU6tk2jzeUt6ooNd
++c8P0TexsbSETwhrU4ntpvIISb7I8Twhcled7bi5KCABJOzz7Fw+Ydxo5Yjm1DQH
+7+gEtPx3n4AjZUfRAN0nqcFizDpRYPqVaN1QYiGWn9yPF3pubQhVn8zzAKCpx1LU
+lQl2e5t1YJhmom2qy38EeQP+IB45FBfDf5KKtyS64alQ0vHYIssUp806PQorw/ZO
+uoiscUQj/WeZ4vn7rCdu60uR1EuHpGp7n0t7igEgAOcxDjrxJmpgSdD79V+oJAFL
+ATo2msj1IklVvJeI7ZsImyPchIU1lqn/GvpAam9N+FiIB1KUMFqTJzc6zUn1Qqag
+1w0EAIiRHPYRW8ojd9Uh4Ed3X0daAnClyMWL82t2bj/bJRmhupQn4aVJ5D0pFB9i
+zTiJEWciHpqiMdsi/zExYYIDS1Zu94+WFbNIxyMFfHrJ5fUQtAqLb7E5LrlxZONU
+nrRwshqR4X2TmW2mz1Wop542eUQ1UWp4Gr3VlH6giswY0CnQtCdNaWtlIFRlc3Qg
+KGRlbW8ga2V5KSA8bWlrZUBleGFtcGxlLm5ldD6IXQQTEQIAFQUCNuOqZAMLCgMD
+FQMCAxYCAQIXgAASCRC+eUhSvlz4hgdlR1BHAAEB8SMAmwR8MsDEfj2z2V/SeqUX
+i1x+Wmv/AJ4koI/qJXC+EYh0K74Nu9/rPz+wjrQSTWFsbG9yeSAoZGVtbyBrZXkp
+iF0EExECABUFAjbjt7cDCwoDAxUDAgMWAgECF4AAEgkQvnlIUr5c+IYHZUdQRwAB
+AZnVAKCoa3Ps+duJ3n5TKUcCfjRvClcTsQCbBWapu2wbWJZa3XE6jajJOPS3wTm5
+AQ0ENuOqfhAEAKZ71o2OazL8PS8vMRS+PaRowGBW/cxYo74BuLTIqyN0/RAS35Si
+yfJuClqEaE9njZsvyRix8mY73mlYfE3qw1frsWZBBr7+9Np8/DThJUE4x1h6MtJ+
+qaHIuhcYXyXdW5zowytpmRLnxEDUp9j4QOOoIwi0UwD7sC6YrUki+bm7AAMGA/4o
+/SkTuvfycd/lvQ2UMViEAYip2B1a9brNlqXaU1eI6QqiTgjoAf4ZQZgmNQtf7abA
+I9QN2WWpiUVlWaDaJJEXiLWS13xmnKaxm5po3IPPYBTOVd5xFDQlP5ptgUFqefIe
+DTgr+tHRq+RgKhw8QErT5N/PM28RHchbOewj0OGSbYhOBBgRAgAGBQI246p+ABIJ
+EL55SFK+XPiGB2VHUEcAAQGRMgCfdcoqwoaTU7rNH0BWaYUfCrQ6TnIAniN+yQaB
+bwZHMbSaDTBRndjLglsKmQGiBDbjquMRBACteKaHZ7pcM7Quj8Ec8Sx0fJ3u0NdL
+so5xn9Ek4FWMLBu6jw7b/5KjB2WtXOZSWKHOzeTfUAx79NMKJrD9jZW/0kEAFVeZ
+pwZF1l8fBsRELR9cxAajE3RvFkgCYAhXsF1Jno+qiU5TNvadGU4SzmP4vOnnjrIW
+Ty83mtZiwoFIcwCggaaaClE8Q41NyIfVtjS3f+Nm8x0D/icH9uwM3vpB2QV29IIB
+qazgaFr7vBoogFoAllaCQbPLiyHX1Mk3kEZg5xewmDS/tU4rGqj7UcL9OlZx1ICD
+8cp80yNYfoI7K5XM6sYOMmfJORGOEsqMtoYbo3lluDgDkg26DZNynUeFHZRrIWz2
+cKqTuaB3dw09m8sJNus3poEtA/9Q1KDsjKPi8+2kUzJoK3V61QglXAVDlfzK6B5K
+OEZ6GR/gX9M5uyyLjREybFSSNPlvLR11+mV4GR5AcrVQOmE0QpFyo1Mr+uDsbqwk
+zERvRq1r5pOyqM5WPXhlXa5oo4na1fBEX76IEzK6xIVG07GnNnaY+dlPgsLq4I8+
+A20ZG7QvTm92ZW1iZXIgVGVzdCAoZGVtbyBrZXkpIDxub3ZlbWJlckBleGFtcGxl
+Lm5ldD6IXQQTEQIAFQUCNuOq4wMLCgMDFQMCAxYCAQIXgAASCRAlsA/UMM7GhAdl
+R1BHAAEBmNgAnj0Q0x8/ArVTURIRhBLli2zdJFwCAJ0brkbdlbR2eGeNACF/++T4
+S14x8rkBDQQ246scEAQA4Zx5WDc8LoW2Ctmueh+iHNae6LoVUHN5qLUNnkwwqZ03
+r9Ay/V54egw5vfd9t+HADnWf6Q+6FqmvpCpPPHrZEYD+ArWbu+NTY59jFI7rkY3+
+tJRc3+QTzeNHse7HgyhxFdn7/yeCovskCPDUtl0nI6eIml5G+tyQ80L9spq5rvsA
+AwUD/3lWMCMkgBT+A4zC1upOBX5yYd7nYBrUIkRqVXzzIobzqeeoe4vjHFRNNmWP
+KNtsqV4kP8CHtHUHEGFIQPLxa5O6icRUdXFNwv1iKDiln87Nhl/l+SXV4s1pItvx
+dkxPQls/TZv/84ykCvb2VxqBrWjVG1a+uVTIhg5ObZFxPGR/iE4EGBECAAYFAjbj
+qxwAEgkQJbAP1DDOxoQHZUdQRwABASDnAJ47dL2Q5/ft3EzaQrldWSiLtreNdACd
+GNwpxQVBQTipOs5DiZ2gK8FTd2WZAaIENuOrWxEEAJVonskIQ7KNmZw9sG/oKumq
+pNa0VIXMHQcAk24hNWiwLJ7jJfJyx+H74Wk89lfwHo6C9NHtvHbgOaK/SYgX5lW5
+a6UwCBlrLtAFOrhELFoGcEXbKNzR/ynx/GeZccCbZGf4ZQIhB6IZhqA9/JiTbIJ5
+ut0V2nVB++oqzujHL1pXAKDjXh+4tuQHKzKJeDuwWcKhqtuYmwP/SEYSuwBYX4Gk
+aw08/OD2iLLMadXVimpUa7jCWBkCtiw7hJed0Pnda52AT5Yj241q//RpI8dyuAdA
+n1lkAtLFJe+2zURaq/BV5I0WXL5AqMcRxuzyBRu+6y3dkokPnkvnaeUIo7rjAvLJ
+JL0LrsUuniJNIPo4xpTYY7rve2GusXkD/2cXpN+6fD9bvU05je5z7Zcxlxq3ylYv
+Q7Sd9RPNOa7lxak7qBX3DgUa7X2Pgznm1/EcSMEFf0xJsscKF3ZpL9NxGMA+gCUp
+sd1rlYuf63r3B/Z30hBw8u7BQvAgaeGmrwBUUDa4aJkgfZUpuXJRi2Yg+J5YxdRB
+QAcEBXIex4ZTtClPc2NhciBUZXN0IChkZW1vIGtleSkgPG9zY2FyQGV4YW1wbGUu
+bmV0PohdBBMRAgAVBQI246tbAwsKAwMVAwIDFgIBAheAABIJEF9jVrptlzKsB2VH
+UEcAAQGwLwCbBT6UT+lNWMh/jxFu/m5Dy2qMwpMAmwePBu7USi6TWKaXYRSL2yyw
+JR0HuQENBDbjq44QBACdC1XRPM9CMFrgVUvioU7SShffLnjgWBZ3hqbOYrsgtXfu
+Qdv6lAixnNPdnk/k4mjL8w1pqbjUmfmbppVDxzsiiUQlJatzGDfU1gDc7ksnXpF/
+vzghbucy8HNO0SHi3uM/GXC574iZ1oxa/A14fKnCVYT1ThqUa1usC5YQXHm4IwAD
+BQP/f4LZgN3dbL4jLqXHDNpAIEjiTbKXxDKHOnAof//4SE0mpaNVHLu3nxI57CtX
+fSI2kMQSm/3pqpTKzaBlM/CbMAJUanhmlLPARDcJ/hQcDtBsF5nFG7zfLfe0SBwg
+sM1HxL968Vva7WsbYpSa98+3HSDuy9VwphFp7i4HbnCbSK6ITgQYEQIABgUCNuOr
+jgASCRBfY1a6bZcyrAdlR1BHAAEBDeEAnR6sKjEq2lzXziIuSnmSldBqQMYeAJ4r
+ZZcDmBM5Qt+2Vp1dmfy02hczoJkBogQ246xDEQQAhBGYmGwmeI2L9tF9/9gatn1o
+Va3zUb3dbxaFXnWqr6e1QeBQ1jnljKizhcs5ra1L4rzM/pfXkV6xUE9ghBrkEgLX
+SYCwt8n7WtucYk+40EDZTYygRpHGj8m1dD//mOJNGVjAsNGcHO5owI92yKu9674k
+HDnfK1HCPB7ub8PU8+8AoKnZ2PUW0OO5tM3uQIXSjYrM/ATTA/sGKZDFfI/BLMao
+toddIQGyHzg5BPE8j3wFeCrTX3n8DUHX+k+zfnp64qWqh59RMdiFuOIxhuNlP4Dq
+O651/sDZRzLTcbwcNniTV/W+bOuPbj7rKAYFzFNWvQFrB6ILUPAbcuNCgnVy4XFF
+DwFgkMYjA+tRbkl2WfNbZslZ93Jc6gP/RLuIRU323GRIqKV054/VhwMIPwwzeG8X
+2RRz7WFuaKvxI5n8hgkDJA36P6Zhawu4q1n8X2mqIE1NcfaNYJOqV04P9ljEdUkA
+BGeSJUbrJyQwuzEeLYs88ErzFpyTTL3aYp7vNr/t+FWAJFKzsz+vNRvNSHIicdLL
+GvZJhv7yVu60J1BhcGEgdGVzdCAoZGVtbyBrZXkpIDxwYXBhQGV4YW1wbGUubmV0
+PohdBBMRAgAVBQI246xDAwsKAwMVAwIDFgIBAheAABIJEF0V4B0/8TIGB2VHUEcA
+AQEG+gCbBDRkJiuJ1K8HG7We/mr+Rg0Nk+MAn2CWldqwbU0fWlk0UH2TkKCJDRfP
+uQENBDbjrHEQBADeYTvnxIaltqV+9aElKlv00R1km8mzXOW60Nbc4E24Xh4hvy0C
+dZR47WaGULMltx/3nxLjQEcK8qOCI7ytJ5okLKmVEde/eV0yG6P8GjzdPELowtur
+lmy9aWC+ckGq8GyjqMgLLeI4BNTaWVXP69fllKezbhGqYnFY7xTc5IlQiwADBgQA
+lkCWK/odKM6+yUPwaiPL0yrlV2/gyAUI7kszey72oiKjKm/WXXzTZmdQLb5JaNgn
+tlTMpYkM1Uk2bhyUG36w0wVwX/kPgCDYh3WRAKHcwbw7+qe77E56D/gNm0vJesa1
+jmyrdysvfhlA5Klt1rmoHFCqIEIBG/xSnnPhnoMEoFGITgQYEQIABgUCNuOscQAS
+CRBdFeAdP/EyBgdlR1BHAAEBk4cAn1I/jmu7FSgglh9aPmVYAw7HWQMAAJ9PAPPX
+fqtwza6I8ttGPLYNvEAmAZkBogQ246zREQQAgcIj/Eo8PrIhEaxKcjc9dNb9/0BZ
+3BxBk7x9a7HKm6o0/vcfLH2XFjFxB4Ddfe+O1PC9KNUqIi6GTafGbyqS47XsnOJs
+5nvsrgmVpUUzAd7p0dxcc2tJodwhkH4GtOP4i4P9XBrxngQrWQ0ju333EPF6wLWi
+7qkVyGENCfsvktMAoKYgM+XYh9UQe7/HX0GiCnk3ExVnA/4ryBxdyBihj02i6s8v
+Ae5mlTrwv85ugouSB95XEX8GPfvaWIW/TpUWQ6a7o8YzU/kIPa7YzETYX8e/FVr2
+Zd33HAfeLUNp3OS0NvEbYJlGDfW7/X7qLVv1o5WCjCHUhK8DCf9Ax9b4z7CbRHpt
+xSE4U79NCCOsXQsObV28qlGsFQP+IIaCh7dTqADw/nBmfuXxepPKXS6Xdi0to79L
+fQtr+TUtJOEVGIbqqQBsgESFiT5qR0W7qhOnl47TIQyPQnt/V994QwyAGtIgtM5q
+YFRW70g1FkyDRX57PzTMuU2BjVI6mHkaUkLaLujbRXiQFm8IXJ4rf297GppKuSgv
+Ncr7Rmq0K1F1ZWJlYyBUZXN0IChkZW1vIGtleSkgPHF1ZWJlY0BleGFtcGxlLm5l
+dD6IXQQTEQIAFQUCNuOs0QMLCgMDFQMCAxYCAQIXgAASCRAcZ+wTPGYchAdlR1BH
+AAEB0bgAn3zNLK9DdG35j4BV9rDISiiwUbkrAKCYzKPhFiFGVcpYI85EHEB8I5gy
+1bkBDQQ246zkEAQAkaLhP+OtjkG1FMzSmwCd5DK3PMWAfj4uKBRcABvRAMA6TIY1
+9Yet8ckhLsDc1z2kxYB06NaBIptjKvOtrRJDvn9KQjn79Ll6/YWmSL4dijtw2BVe
+dsImshjuTgMAy6eo8n0kJRdzzxbEa8pXlvjmG2oI+dXY+Cr4AQgoPloZ8uMAAwUD
+/347q21Rt5jZtAdF1OGXgdTFDDiWBg3uy2AZmxscJzTLqWfUcX2+UThOXocj81H/
+w5q5Cte3z3zx2HTf1A1mw50B5FZOTg+BK5erpUMblY3DoH1u9E8pd7nJ5WY02Xoo
+RIHMxyrzuQA1lZnry8onYmKHE8dEDJ/HAavYkqRUXRL5iE4EGBECAAYFAjbjrOQA
+EgkQHGfsEzxmHIQHZUdQRwABAYiXAKCU8v6RR73fcsQGGQWKe6ixtpVCDgCfUZaW
+46Lt8G/NbxPkHr9fhkBqWlWZAaIENuOuOBEEAJTQ6NWgLfYqH91SNc903oci6wSE
+eF5ikUjNgcdNgmYUESMGP0LCulgaMZSan4FLbAVLn3M7YyWlAYsauaj5gYF2Kjff
+wfB2bxtp5Jx3Yqiq76haQKgEybZXHFtLczySrSmk27ZDkQQ7+obLBWtWl8EzeyIz
+eZyyNVofJbL5PUirAKD+WeCA0iv5jPYehT0bALAGL3ffWQP+NFMEC5dOru8AbZsa
+knRf/OpIwtJFl/CdmPbyHHojRIhPTJlTXGCCsCDNJsHbhedBJLFYxHYFlCa6k90c
+7SXzE+fkoJtijgL735mymvEReDT0q1Vww6xXqpOrjQ09I51FE0BWE45OD8YPSpfm
+v3O0Hnuql5+ang1/Lm2ajdJ6F9ED/2OR0oIutlGwT+QfnuQahPmS3ie8lbZfdPTc
+Ewq+ylWbdaN2WtHQmLTKLD0/TmwIwmp4Up7hFmt4bqLrToKK1mlEhFumN8wSrzfz
+OBQO/tUYXvOoJ51i7fqx6l+TPGP+yU3K7oDbUdOAxbGIGuQNegi7Ew8UpjNkYL6c
+IdeBba6htClSb21lbyBUZXN0IChkZW1vIGtleSkgPHJvbWVvQGV4YW1wbGUubmV0
+PohdBBMRAgAVBQI24644AwsKAwMVAwIDFgIBAheAABIJEDvb7bF3f77TB2VHUEcA
+AQGr4ACgllMIBb4leDKz61LQiA4TGWQp9+QAn0gF7rrvXtHdEc9kFQxgfASZH4RZ
+uQENBDbjrmYQBACJ5res4tXRZj36s7P4KZWUf0YC8mtLxxeNEXe5ckAtn8gMfcSQ
+J4Mei4O1EBvrKZ9Dz28Emv0FmDd66DUd4ybRIk1PN8kWry9UuGLAf/VBAkMIyXhY
+CEnB7wRsNj4kF5DhYiytep2wekPocZO2GAUoIyY2yMNb2m2g2K8UnK2QBwADBQP+
+Ixih3o+++i02Xwi4wOe7aro2xSeBmH9b8nEaJ8v8RVLRO0AgoR4GLzKeTOfv57FU
+48tlY7sxth6FOxeJaQkS1nD1LRpb3GUDZr7qM/yOGYp0WhdRgGW+c0eYa32g5ajq
+2zn3+H1L4yrmRSZM4nmZ5ZXe9ijkGs0UNYqmi0gBYxqITgQYEQIABgUCNuOuZgAS
+CRA72+2xd3++0wdlR1BHAAEBSdEAoJfp/f+ZWcSt5YKCitR1mHyGDUsSAKDsVRYK
+2fcdY7CA7DHErM6z+tCb4JkBogQ2468EEQQAxS2TgAmJc/eNoqkiFuLcHvdLZJnr
+usrMGSJyN6WnBaToud2wKtsuwhawN/x822KHSv0Cz7Zqt8CmQ2XC4IarVmU8YYYR
+/Xw6o/EW+eCFURsN1yiw/hsibeTobayAVsyXrzEAadO2RLkZ/Pje5O7Oc/N1mcZs
+iM/S4GY99mToZbsAoOGLiG27Gvdj6532XHVtYz0qpS0DBACJFgebrTlFlUGR3OV9
+jHUjCCf+XwKGrcyw+t8EyyVqkGerVqfb+cRA+a4h170LoAs3W3TcMekqifHZeCNh
+XPymC3LYVTu3FJKbYQT73vl1enei/hN8PUrGSw6XvvQ8DOLEt82E9bWrgDZwSu4a
+A7vioRff98BrUnSdEoOCYD+aBgP/ZNJkoJoUehzcgdCeTKCYbPNk2lVlXb7WQgHx
+naE2j1XzU9inOVhXxKUbnVqNbUbd49y2Lsk4g/oyq41RthHhM7NnLUOrj5WqpkIH
+p854govjQgooCgwwNgU0un3NxP6zr7oNM8fbt4TVYS341CMGCvah8L/iIBT+eYBi
+ajjGfti0K1NpZXJyYSBUZXN0IChkZW1vIGtleSkgPHNpZXJyYUBleGFtcGxlLm5l
+dD6IXQQTEQIAFQUCNuOvBAMLCgMDFQMCAxYCAQIXgAASCRCl5n9/o64+oQdlR1BH
+AAEBr38AoKHr1J9mnwnVtWy8G3EbOZGKzNRsAJ9OGOK9eQO8rWHTtj2sUpEieIJ+
+TbkBDQQ246+AEAQAuHHJHT4loEDZBrwJt6vBcc0S6IOvP43374/DL7fvl0ODYpDt
+FSfHs2JFXfrxt7+UaB0yEsp5jFmWY0+emhQ0g2TzpELNhtKmYABIE6cwlAXZZ1Av
+Gax0k0kIwp+x7UdnKWAglAZYj7WrQ70tzHtV3UXwYV4m9OEwdHIug68xUJMAAwUE
+AI3tEdSDZvRpGSgM0xAovpVXou8G15J+CRep/a9Si+aFC1RfGhhzRCdU8I+5Lqtp
+GnGI3Pw4uCnREkU2TfbM5WZza7rwHfSShyIG3srHp3t8kYcvmBWql5tTLVgncMGg
+4g6BwwEqZeeUbbgisc+rlu+6oa2fBOhkQ64SPdkfPA25iE4EGBECAAYFAjbjr4AA
+EgkQpeZ/f6OuPqEHZUdQRwABAWsJAJ0XijmoDUP1Iu6lhsSlmGOiNO/l4QCff5G6
+w6Vkq8d86Ev2IwS9Wf4uNmaZAaIENuOwChEEAJDhTfBph5G51alEDUaIfFvD0K+o
+XDXqDB7hDg3stVIpZR99d2bo/dPOuVWorwXFBDJeK0c7iJEQrMWKlxdqbRGkH8pa
+FSnL5XWo4xMjknqnJzYu3gb734ioFHTC4WDM2/voTGuFpLw+eirW+wl12wusHpnN
+kWxMEIWt2HoGTerfAKD3JUBraePb8gHKnXFzyEu8RLp3swP/XaAKje+NAYeqhcAq
+xv2SEPUj8EMgtX7SDkkyDv8wuRfcNwMAt4XwHYnnM3bpUwWj2JcDGE9rsNna/HuF
+Ajz/2lrhUKncH0CywvjhYtt1t92j0cPZaeR3pY8R/bm8Ns20tiP7uxVlj+szI2Pf
+5KiUHhiWHJ2RTXGE2pUmT6UFhc0D/juyZvINKwkbUSSwpKvsoi15d6e4Wx5PZ2mA
+rT5y+ULitBx4WKIsXV6UVVaEBNaBe63k9cFGdPEba/HflSd76kLmcSdy+Fr73d3T
+MIrmwAKMVdKjRAEc3l87YaPd2/LdT+TWzCQw33EotexJ7yZzZA2SJx27/jyIgXkW
+twvn5UCMtClUYW5nbyBUZXN0IChkZW1vIGtleSkgPHRhbmdvQGV4YW1wbGUubmV0
+PohdBBMRAgAVBQI247AKAwsKAwMVAwIDFgIBAheAABIJEFjLmkyFqB84B2VHUEcA
+AQEk4gCeL5zcIOEDeTY+nYJaAFIVyxMDn0IAniDLX638/CT/T3nLVPqDevBFsTTN
+uQENBDbjsJ4QBACevTDY5y+VRfsTy7YLx0kYiPvBFTmoNrPGHS3Dnn/Jsnf8rKEI
+V+yvZ1nYTtnDpi9zW7dZNN/zacfhL78gkVIj6oGLdOtzBW23xdrc+jtwjM29LRsG
+Gp+Y45clziKFSUANHYm6Sb9AL5/ps7whkENav/sudPhLAQ+E+hk0wVvrewADBgQA
+naSI/d7XMz7MSjaLaOQ6fLUiDKfSxGK7DQ5dD0HrnrOnTYbmq0M34heGAt19CqCr
+JZyQ/gEsMng21CgQz8yvb/uiPeHTVeltTzpHVAVA5eahbDervKoRYjB84GoKVIXQ
+DXixd2NDBp3JptMWxbibxmfmMtb7Wwfg+tWMeg0TPgKITgQYEQIABgUCNuOwngAS
+CRBYy5pMhagfOAdlR1BHAAEBCJsAn2CeDRsh/7JwAcaMa8rlXIi9wsrvAKDLSGdt
+tgPGpeFytA60KiQJyGZRfpkBogQ247GpEQQA3rbWaPIEzk69ZyV25ObCX7lUkGjJ
+m4C6WaTLN0OwvoAF9F1/kP73Lh6fsFdjatEuL/sOSvrMQxeAPFA3/qvhpjSjAOVN
+u4ZHA0LxOPBGFIIXHVio1nhcJpiTm9CjKGrXXoeIj0+I/KHBsPotM+qP3tMtDlVr
+FLyKqeImT91JZzsAoIDquRnzyTKtyt3DQ951OxjkfHtRBADHIB9PaOvB2428KcPn
+oz7isFRWt+wjl/+uRRfDzjXpXquzK92PMiqmyyLCFg2sa5X5aW8jM/0obg3TVPII
+fprH8IdPkTc3RD5qSQglSTnWTuOnLnYG8gEK4h+z8rEm4uwG5qZzJe5EK7oQGVly
+7Zx9XtZCqLweN2t6YfMBeJKLcgP+OQPGyyhJib6av2pmOlYw5xrMZA448NjqFW7f
+LC3Ro6YGp49378uSkYVnliyoZrauOLR/e5uGA5hgh1WvyInOGgzzDL1D1nWmOQ8g
+nnq1Tm9yTdaiwu6OcdhwbfERO3F5zyZeVSsXOKs8rOW6kBGGLdnT+HCaipNzo4wm
+5ekyfvG0LVVuaWZvcm0gVGVzdCAoZGVtbyBrZXkpIDx1bmlmb3JtQGV4YW1wbGUu
+bmV0PohdBBMRAgAVBQI247GpAwsKAwMVAwIDFgIBAheAABIJEKlMD3VlMkTWB2VH
+UEcAAQEzWwCeMxscN9idLHgH2DP2U6tP0tNR0T0An3lfFgidO+z8ZeHXzuOM9TAS
++jz6uQENBDbjscMQBAC1u+09NP46dPnn6RJtczL3LEroyrcPmHOk3FbiNfJ8YMnF
+BeST+U++chi/kKzm+N4y8TZE8sHwGqnkeIBtJX2YmQJFhKi2RR9AtVn2HV1ZTBYT
+1q/P7MpZTPMI9EODlCEPJTvX+MdtP8xh0Gsj1i1wujQOJAiXdrqsPxen4Sch5wAD
+BQP+NRROzLFq4kBUpgoTyvWzJl96Gdykf+O0AhbTlZ7ix9KtQLfxGrqzgo0hwDjb
+2QzeWHfjVhaaaSc5UWNMuIQyHRcsj9x4n25XGE0HUyOVSD46IOAjfZF+beXOa/Nb
+YcR+zzORfXr1qyW2g4oV8LN4s4uV4dPamQ3l98Lkg8lhWCeITgQYEQIABgUCNuOx
+wwASCRCpTA91ZTJE1gdlR1BHAAEBzpgAn1mBiOpDetJyYLCFzciHO3YBMA1vAJ0W
+5WC8PZiHyWy6JazAsMWs2wOTlZkBogQ247OaEQQAowMahswOo9fdIojf9byb0uY2
+C0NR98cYc13WemcYzyZLJV9aMRagSDYY8wSZ1ff+29RRXudPPTYgnBlFWWtsQ91b
+vp4i0wBjU0HjcumNBOsBH76ZUCyW6VRjprlXmckoRzQio67GRbUtZq+6NfUlG+UF
+kt4GR2mxU25oYm3BQV8AoN+qhlQJxnGc751ExqUct8Y6fs7hA/9qkyTaZz4YnCkp
+LFcG+hCRVx+5kEmZcm5QJzgFRTMdfRlIo1uDFj+RVHXE3eSsyA4JHp0Swa6QiyBV
+ZEOP22j/4TogizpgqEbt8ZxcqETzPyZ/eEMtyaNsIoMJIUFPs8jlOQvOUAQ/XLZG
+2Kf9JrvW6cZmE3IR8A9b93V1FxFWowP/ZZxM9RoiNG8CqZvFSl6dGGD+YXmvCYeX
+zVW9UFtkKhnflzR50Rkql+bJhsq7PsaGMQ/Po79RYZhmkr/uvp/iQVSuE7lq0KWd
+HIGS+Y2Z19u0zmF3mOHeWCoBPu2Tue08AiHxfz+qbn5RpvreRnBcI+JJH6ITBGnj
+YZtUvsX9vau0K1ZpY3RvciBUZXN0IChkZW1vIGtleSkgPHZpY3RvckBleGFtcGxl
+Lm9yZz6IXQQTEQIAFQUCNuOzmgMLCgMDFQMCAxYCAQIXgAASCRBHr0tpYfBHhAdl
+R1BHAAEBzEkAoMA+KfY9bA8EdfvWwa8zUM1SMs5rAKDS+6X3HVuCaLtVxzXOob+D
+KbB7b7kBDQQ247O+EAQAh5FAgdvaTJL3jBGcjYiiJosxeTWf3L/dUY99fZN8R39D
+SVoUKf9Rt/EsS5DywXVnKAeJiUTYw8lbMRVF70VhSDHpMC9KtbB0lk3CcAqULPiy
+irT5g9ywN24W7k0naWIJisttUh+Hqbm6gc5Pz9Nfd5ll8x4Ehi3lKE6Nze3gUNMA
+AwUD/AtUN1hqwWTTphVZctHq3JaUEb9agmu/Ocsf24/bq9i8R8FaMwBF4fI5qIim
+cqAM+2BZ6dvZEdqrVaZR9aHjzchcHmaiI7ZmW4gmk+LHFFWf9y7mG8YDKFBXkaBu
+JpxFb1FIfJpmaLzJmRa76dLqI3A7H2E8dFQa/MGsYCa4NmILiE0EGBECAAYFAjbj
+s74AEgkQR69LaWHwR4QHZUdQRwABAVPdAKCcyVECIa28vmUPgZ2jkXQoQ/nNkQCU
+DpGL1aZn1eKrDlHcGyD4CzywnpkBogQ247Q0EQQAvVX9TJEynPJEsX3X2fGPPDiQ
+K+oB7D1INI9bfID5NKtoo8qybivOLo85i5m7RUiEyhX3E9lUg9buKmtIhas0sJ8s
+LURmCndIKtXjIWg3Kd0pmjE8q2zyd7ChQ3ffJ20875wNbR4GQhSO1WTuxwRoL53f
+t+9JTULJxkQRf71Azm8AoJZQYphKeLWrLtFjb2WKbYxst54tBACS7C/Vu40euIev
+p2TZHTtY0U+ObFvJr8jDrdQZMkUFSuhti7rfO/bf7qTwmCvv6IVmn905ACh9bnKw
+ZvcR5T1yR2b6CAN267fzriZhu6/FG+9Ddr62ZnV2rP8Oa7uxAXCnoovaafKYupop
+vHV0z0tUf2+wasrQdHZTvc0pfY+56AP/WOVJ0KGzP6k9bYjYSRJ1MJb70wdVFiHd
+lIlEd5P3jQsXOyHVMrWp6qH10sQLto8gweWJr9aHem0QjTNSTVpzp6laBHf7tnLE
+wCJGeX5f5BOh87akRjwfh9J9zW+DBrtpqS6vjlDYU5y6RGbGRl6ndtXhV5FpE4cb
+Lax/pGFWEq20K1doaXNreSBUZXN0IChkZW1vIGtleSkgPHdoaXNreUBleGFtcGxl
+Lm5ldD6IXQQTEQIAFQUCNuO0NAMLCgMDFQMCAxYCAQIXgAASCRDe8Pe47Gfb3gdl
+R1BHAAEBomoAn0xuW4iqzyqN3WU6SPnzELkrjzZsAKCN5glp0flK1eZskwbDZkPb
+3J6/M7kBDQQ247RWEAQAz1fsQzEPDc5KqCcjvpa4gFKwjSAX9Sm3OlPyDwBjqBA9
+WFT1+BAdu7tyvxJkVXd3JRUtPOQ2ruaxSK93f8V5y5/vsKkoEKtCXOy35TKSI9D9
+tPf6CrejAaL0wEJ95TaXnJlnfKMYiqDz9efGYJu4i3Dr0U3LPv6dCgMzbxyL0HcA
+AwUD/AkEuPFdepYVjkl1ertyTrpDHlgcOk8fuzNQqsgYoZkfGTZRehTwb1ZF9DRV
+VB9qiZ+cq+j5sUMUkZwt8ghMjwWuPMaiHYrc8pzGxCJDVKxWUxPdea69JPTK8Mzx
+ri32j7a/zIsuASNHZ2f+VOIaMT8A26dGj1MEam/Pk/Tzk2bOiE4EGBECAAYFAjbj
+tFYAEgkQ3vD3uOxn294HZUdQRwABAf8gAJ9fC4NjVwHWOh1tCxLq4dF3L/M5VgCf
+Xj4izGMaaFuZ7+IOJ7jgFqC/yiyZAaIENuO03BEEAK1KlG4lUzMSYafGwOLzFwMw
+ri48rOAOOAxPrkRW/QBrGU5sPxUzxEzu4lP9365cmMk4CLyNswxdUsB1xtOihd8i
+LvCxejgjNDdJOypyqcPDNrZD4k/g/ADax1OXde/Hr85uND8jQ8isUhjZSBtTeDCC
+hbTXTJWoS77vdZBtOFnrAKCz2ucyEr7F/hMPeTNaOELYvImB2wP+MK/nmEcsD9+X
+m/xeVfWzi1oVphA88OCh10O1fjieyQ+Z+OEuSizysCKIKIQ5T5q8Q0wCf2ALpAKV
+CLXd9JK9FKt+EIBZLQLKoAj+wuShDNU08VNuU3LOKI1B6A8jI9eBArokwj9GRUSl
+Ir6KYI4EYRUyl1VVk8kpENIPUg2iE0oD/2tBclzEFGCY7gexgOq+FOkJyB7MUuca
+0IJLIW+LadjFVjIapYbHzi2o9VmfqHtA8SsNDt2Ckx/xAM5jXpSnDG7U3IpS2iHS
+OZfmJWpv22Xu0L2zdrO9ip9j2Y7WKjt1M6sNeG6gCUZdHpJXjHWUTDMwLKLq/ojV
+Tx55aHV50NoMtCdYUmF5IFRlc3QgKGRlbW8ga2V5KSA8eHJheUBleGFtcGxlLm5l
+dD6IXQQTEQIAFQUCNuO03AMLCgMDFQMCAxYCAQIXgAASCRCJeabFVn+zSgdlR1BH
+AAEBt08An0PRqhiMzF+L37DyvcaVl+0zSrmbAJ0fL+8D5Frcp1m3YtBMpo+j5dsi
+eLkBDQQ247UFEAQAxuGlBvqoDkxhIDgFZzdHJO+gJym94zgSGHkBmBIBf5Q2G2O3
+zkN7SIENI16yg9cxy7zkTbBu9PMgzUe/UuQov9Z6YXKzTj1jLozrGdljKOcW5YRv
+libo7eKXDUkSvT+X6J1BOIVexl05Y4Ncmf7otNDre29QfK8gGBO/bdQd7L8ABAsD
+/R4Nq/JQav4/7d5ETuMZddPAxV4kCnY+7F7oJgHDKJheJxt49rNtfXSxBZUsJ9P6
+Xhr46fCRT33DD1P8RyUmmS3/dJl7H/qR3A1rox4FQPWAuk4WGhsfSXvlZnFWKJhC
+8TZzFisjiXjw1OFYiF4TArxj9D7d/cHEKIi43rtefpf+iE4EGBECAAYFAjbjtQUA
+EgkQiXmmxVZ/s0oHZUdQRwABAeyQAJ4oZGFj58YW1ovUlDGgd0M9En7C7wCbBBq7
+67mk9lz1SsGvRRX6kY+lj56ZAaIENuO1UREEAN1QBnOE/r7r1V3JGuBE2i2i5S9c
+TojyHSTFkVlkOtAmallw1aRQcOqBtgMn1GYh4S5Zk2bLM/FIVy8P1EbD0qYhm7aR
+lioi7ODgqo7JTdJR83JxqsRlgmSYsTIGWuQ3FmSY8KnVxGwwoYJuFCz/+/oiryHp
+00DYRaAl6/TLXaBzAKC6TQpkipU7tR+RpVpmEyvQJ3Vq3wP+O4qdFWIMyL1ISNIl
+nBvebDX7IQKczy+sz4CgagAqILP+fw30Z/YNOwXLjIoSyQ9DyzT1Zzl6kEWjeA2u
+4y7iQOd17S4KaIMRtPDOl1Ipk7nH3KL7tvf24I2SCgOXPCidpc10ifY2cUqMvjtO
+dX+8oV21JmAtb3Ta/BgZOvUCsv8EAIhzH1N3Gwn00zJooPswRwpB46s6q/8yrUfE
+U+QMEjiFNmlCIh3VdPGqQnpQcPD2xH9O+07lgqtmMg2SZoFkWIeXHWjIHQHe7pdR
+Utchz2WLIXKH1o4F1CR0eCPIjwrOTpnR6Nhyt7lNjjN+mUBkqRQOVjdTRJvRrTEg
+aGCjdhEQtCtZYW5rZWUgVGVzdCAoZGVtbyBrZXkpIDx5YW5rZWVAZXhhbXBsZS5u
+ZXQ+iF0EExECABUFAjbjtVEDCwoDAxUDAgMWAgECF4AAEgkQnu80zUsRsl8HZUdQ
+RwABAUkEAKCUUXvVByh4l9ohXM16up6769DYSwCffVvyOW9v9kENNcHvItZnEmD1
+o+O5AQ0ENuO1ZxAEAJriuUXEtM08l6eko1tvlnkCKSZyQ35S9PogXv/90gA79Nal
+JsN41jALsRvgnAgKZLJddtlfZ6RB4iwuENgOva6C0bG8SgT3m7rLX2nSyaFWKj7L
+456wZWn3uRnKxT5ymxNMFemV8f06f3kg4kJYneJVs+Sfs/5jeyoRwDc6EQG7AAMG
+BACTuX5AknTcJIrBV83irJVsZvWKHtUzqLoklddYXsdI/eB6c+cBlhFxe8/hWw6v
+uFdFKhpCsWhEbJehzFjZCJo+ezf/YdQtWA34ik4poObWaSpnoV7ZXaVhgjQ2axNE
+WrKxQihDVYRTIaXOJAJ8eq2wNPi4UbyZL5HcWO6SlP/2mYhOBBgRAgAGBQI247Vn
+ABIJEJ7vNM1LEbJfB2VHUEcAAQH0XACfffuI4IS7cgh0PNghr/0v3L/NhncAoJNw
+utmN7kkv9n/oPqkByzLxvZt4mQGiBDbjtcsRBACBDJOGX9C/xxCVZNP6OHz6cL5v
+M3PimUAhV+9HAVVPQViTnFKrkYPSQyRfWzjOU8RO1Tp5CHz747oOb6j9P74yH1uy
+78yFg4UuhXBWinhuCKKq4IIWwJkCKBFr1U8fu8a6Y6NcjqiDA0KmGRJrMPmXenXk
+JpFGHG78rUvNi9IMfwCgugzNILh/3XZCZU+BUPYeXL+nUAEEAIDXZhj1vFXHgi9l
+mijKDjJocEBoamN/taQy6Ox1RRD6HtfAPY5TER1n7xm9hMzE+Ov1IKpH/E872Rha
+1qu1v7eOa6eTuNWF0NvmSR955freRsNuR8JNIb6StI2ER9pzBUfjykC9pg2wPeC7
+wpQJIF9TF+Ja1BvG2I+ha2xJ786AA/sHEUvAOsc58YbPlbIPyp2JdEHvXTRT2NIS
+VRuTMQsg8vV99nMYR2CUh270uPyy2xZaD/kYcJ9/1ngY7C9pbbNWoV70PkEMO/qj
+67OIViWVPzUhIdURorbpGhuc3oBzUxOgial7IbISPRItDgg2oZoY4hqyQNx8Cj2Z
+ZAzDpM2vCrQnWnVsdSBUZXN0IChkZW1vIGtleSkgPHp1bHVAZXhhbXBsZS5uZXQ+
+iF0EExECABUFAjbjtcsDCwoDAxUDAgMWAgECF4AAEgkQa8R3gFSs0kYHZUdQRwAB
+AUDrAJ4lTJHO4VuxnS5C6W+mA4hFMtMqxwCgt3cidUSPbSl5NRDlvY06KZJecrG5
+AQ0ENuO18hAEAMx88MFCgzO/nYyaNvxJ1pgoo3OoN30rWhjaFwxKL4twdqD4okU7
+IoF/dKgeZxT+8IQ34vJOCWNhIoOYR/jBnb54t+oWBJ0EmnbGbnmKH70IdeDd1fH1
+JseIYkIjF8loiyc3PdWYkY8MOMGVp/+GOX/tJm9H4wmlUsU8aOPu46FPAAMFA/9K
+C/Rpt4JdV1VfAYSaF1XRUOjzfchBF1G7XK35AudZEwZNjWhBqmwfpAvBhJl8MmXF
+uwEDe1+opK2lFJt0Y01Owr5Eh6GwZ12LexYamVEable3kqmRj+Zz+0sVpgk0yoCB
+9ZBwqVkcGnsShYyCJGIMlRarRMfXBEOg9pFz4fkZ2ohOBBgRAgAGBQI247XyABIJ
+EGvEd4BUrNJGB2VHUEcAAQF9YwCguRqebBzPbFnWXjOqn7ueBdjsDEAAn042F36T
+AKQETj5I4YRTah9HfMeRmQGiBDunE88RBADJ7pHJpvdSqmL2oVUHWGiPxr//5+GA
+1i+wRzXQK1NzANMY3Jopsp0euyiF3bCrv5BFXECbx+q5ci9ifgb0aKcR0Zk/ieBS
+nUI829AXSTKCs8QXf792cIp1tH45b012m53J20Ttyn7A+gXeRRb/tBzhX1CU0AoG
+uWLTWK0GcSM+YwCg60xV3gtAAUYUDQQf8pto4iasw0UD/2Svbe7Sl9hipq3Z/LBX
+nN4/YdUDZw6D//Nsa12UESAjbrDARIT8w+zgBKNFYoKc9k7vvsFnIu4ISowgjKpo
+GEAxiVZlWyYK6jPuFoD0L+4w9kP8kVIZZH+/3adEjRV36HR8Tjg93eRY9MwTH6ay
+pXuerx4yA36TcGs/JNl42TMOA/4tb9FsnEi620lnAmGr6lRHmbZCeFDB3I7I0M9F
+ayO0/wzJjHmKGqrPK8x5QyRrk9jc+EN5MfKWP5Uy6ZOp+mmKux071x2Ul+SdPgJ/
++1YI91Ch/CrO/zf3Tee2SWOefupZZkJKYPz1dHHUDQ0mynlWJHgOLSaw41Yho3vO
+oemU1LQiSGFycnkgSC4gKHRlc3Qga2V5KSA8aGhAQGRkb3JmLmRlPohgBBMRAgAg
+BQI7pxPPBQkAAVGABQsHCgMEAxUDAgMWAgECHgECF4AACgkQf/Iwv51WPlYg/QCb
+B3/W8gBLgzhAhEevTQJtfDdlnaQAnA4mjmgN4HdNTJHRM+eLaChSKTxGuQENBDun
+E9gQBADtzp5/lES7jzbBVc+q6yFnpyW6cxmE3TX+5/ZABSF3xQCi/Jz7XZ3uMy+l
+EHBwAAQzgHeIAiPbUEjx0619bUpcwxdsSS+bGxRcZGjdYrwfaIePk6DFxBjThwGf
+UkYpxanQaLc6/OM4P6xlRU84UrjJDwjFLvtTQihieAesCCevywADBQP9HuyaJunf
+cD0Pi2Q0QSu3B/8hvmJauYsZfOgC9xEWS/yVLlHuAdolT8d99bGOBuaQwt7Kr/BX
+JiLXYrXxTvBWCRTFg9g303W7RlOF0cIHegUN9fdgGi3MMo86bhDK6ZQhUI01dDnx
+BaIEXIT+MeVBseoHcl0Q4uZ+9wqkJRkuHq+ITAQYEQIADAUCO6cT2AUJAAFRgAAK
+CRB/8jC/nVY+VjuDAJ0QtU4XC3frnCt7jNDr2qi+CAdeBgCcDbwQ5jxDq17hEv8R
+Yrg2uWkc28iYiwQ7pxPZAQP/Z7JX/e7utktjH8j7Q7WkbcnaAff7PCkJWGpHE1mo
+1UnqCl6kssgTZli9RJZMdKtJpvTqBLxUS41QRz5+MQjtjOb2UIJ8VPEiXB61bCZx
+WLtX0kLGvi0R6k6Il9y2O7ymiif+aPYE2FqW7F/2Q5EulMbkWtQUaBWGXQkvANv0
+EhkABRG0JkhhcnJ5IEEuIChSU0EgdGVzdCBrZXkpIDxoaEBAZGRvcmYuZGU+iLkE
+EwEBACMFAjunE9kCGw8FCQACowAFCwcKAwQDFQMCAxYCAQIeAQIXgAAKCRCenBCg
+zthU/wHfA/9PWfdy0flvORRc6/s7z4ZKdKCfTFXJ7jnHhMzYU+7j8mn/WWLYMh3Y
+zJ0TDD6mWZz/H8KMq5EqAf7w8vzPbfR9kRxm3VNBJRUXaklsDJBls6QNXMTMOULq
+s5xy6x4+lbDpENo6RpmN8gUMCQWxdfXhqt1eYyS1tC88p/RzN+06EZkBoQQ7qKLe
+EQQA2u7cgrIxZf9s7zUK/6/hh/2gn9dsJcbJlRNXLPxnZDuJ72YMwdJuUSj37ExH
+9fDqeMGYesuK0CRwlBcVZBuzGzw9nf2lGstZ1O7wqLerxvPb5FDLbnm2WN7VzUH8
+Fa7fJaPOw5wfxgNHSj0tEkM239PB4WocOBFEAxFiN7r3/+MAoKJmzdJ/HKVFT2qA
+zGZMiVlznfOfA/sGM5pCGx5PedXbDNcDi0L+2rYQ8A+2B4v7N+Fda1qGVZrk9lNx
+GYi7rGCeXP24LEbvfgN2Oqw5od1y+XfYKadiRLFoCTCOFO/fwLcs44sIDt4cN0Ll
+qKIflQdde6jPEsPV8hYZZkg9KI8YLZ64dmFuDsP2AfclOIi78D+Imgrh/AP3SKhP
+MTm25AItzW8g3sIui02Epy0JB71EIQbjASVHwSxyjb3dvP2ObnUuOKkL8/KBENcw
+JqNP8vpB1sX8Yd3hR0IjC+DEt+bKzwYrAlzqSRqCdHSfHOMvWvbK83oOmSRm08KB
+UEGW2gCMXHIkbrOzb5wjhKciiRG2tJcYclUwn7QiSGFycnkgSC4gKHRlc3Qga2V5
+KSA8aGhAQGRkb3JmLmRlPohgBBMRAgAgBQI7qKLeBQkAAVGABQsHCgMEAxUDAgMW
+AgECHgECF4AACgkQQjc2NGP7UxG5sQCePWDnb3MYe7QjwFT3C1hMWEvgXrIAn0EI
+UNaloyri8vclg3xikvuUJbKpuQENBDuoougQBACh6YePGIeo3sz5tU29hfVDn4Cw
+BCh128L+Rd5852HN/3Iwhy1yTSEqpavmX5UTLvJaVFn9h0C81RWF7Q1qAa7o5TpX
+WMtSFijr72DwUSFa23uq+LZ5JUTf9g2PA1VkkhaL7TYVrclBm4pfsAwEKA21kF4Y
+536+Mzr/oCSIzGG81wADBQP/d1frnzRuI6pujq3DMH+hNRh9KQZckjsLtTukKy18
+f2JSvnDEKj8sv6GelI/DKlBSCRAW0MHu28rmx5WCmyRum7OHnDlIIAE19wZ28ux8
+Af8Y0COhAqYY8Zqxqrb23sBvCxkmTYZn68eOC9IC6PG6e+4/KQGgnNbMkvBzbnv9
+ytSISwQYEQIADAUCO6ii6AUJAAFRgAAKCRBCNzY0Y/tTEW9ZAJ0XMOG6SmjO8MlK
+DiuKybmrPoDnzACWLKDApr6MxgHnkyRO5PAFpvaS2ZiLBDuooukBA/9r69N1QdSQ
+M40Ic4n2Nrnh8ntF/wXI7UhVoTeoyEMxx50R/KEmjTKdHeNoL8TaeWsqRLO9khTu
+FufNA7MWzXbUiYWguoZ6Z3AIPMgLGSKNyMe7+9/GJIeMzgf+ES8JmSc5toBvrKIk
+AAE0zgb5w9CCbplNOqQkVB0AydHWh7MK0QAFEbQmSGFycnkgQS4gKFJTQSB0ZXN0
+IGtleSkgPGhoQEBkZG9yZi5kZT6IuQQTAQEAIwUCO6ii6QIbDwUJAAKjAAULBwoD
+BAMVAwIDFgIBAh4BAheAAAoJEIOptNOKdysIOsQD/1YIs0R0vtkcYf5FSiNfz0UK
+VRghJfbhwefKXjHT5d2gF8QXDqDvu+HH293Hvqw9AxBoY1ynFw5dncC5f5UgDnVM
+Bz3S4ujIr+CL6DMjLAssRSIBp6+6mVBTsxLnrPR9CG1W8Er+qSTAoMnNGjp0cghX
+095vZVy/YSCFFb2sGrZ6mQGiBDuzYioRBADJT2TyxVZwVJ3PSdpWUXVZpx1oGAkX
+NpGIH3izKmO0PZfzXdUsbgrfA6bncFbP/MPuqDSB/oh9ZOKnGWDre2n8OQuVZ/Cx
+DfTX3E05L8BKm/c/BTXikwKhivJaZduTYADcKrcapYCvW2VLsczSIs7HPxqoJI8C
++U4COr6YnHRaFwCg1sgnVPENxCusaBVsT0eQ/fFahqcD/RXQqxagvzbd6yRwKvTz
+QliVrUzv04ivC0vD8pu2EaGyi8xgAONbgWhHFMYSQDiSnlvJuI6vZn5kIsRiKA1p
+taAWzOaKE8klAcHiWVIddyCZqHDmBPvisSO0Vxpq7mhXAhtKbrByyaGp8s4einlG
+8vUvz7WPQaN73PCNt/RD4Y9PA/4vZfnHVwhoRsDlkMbAjlHFy1fM23/pS9AMP23M
+La+vgkgrFvg3Z0bCc3MirCs/xHsyRPPS1LJhamV5x2knV0PlHTAHoGaGPoapZyDs
+YZDNkZRqjtnoHCfEya83rhxB7GJIsEKM8oSJ515kHYbQ50Pj67WIK9AWOZ4sMAer
+fDQhjrQiSGFycnkgSC4gKHRlc3Qga2V5KSA8aGhAQGRkb3JmLmRlPohgBBMRAgAg
+BQI7s2IqBQkAAVGABQsHCgMEAxUDAgMWAgECHgECF4AACgkQyECct8vKuumUcwCc
+DNsPEKSgDH2bDiDyjoiSiAgl5WMAn2CmmieSzs+pqpEm1YA1baXgGSSVuQENBDuz
+YjUQBACJygT7QnMtfDnFUnixXdXu/vOCqTbXvmysKnnI4OeDW9QxTr+ugf+f6ROy
+kJFF75zq/53jgDD2cQkUjU2OWbrrqWF/aYHpYM21TDtIRfRe0llF1kSHPnYW2rjn
+Y4/AeWvPjToevxursEn1J3Ijd6NentxE/FWhetTEHSWE784/NwAECwP/fpxILkyJ
+UfPdNY5HqN4Aag1g0ZWjVfaWrebZDt0BIHJpQd8RvUtQnOzCOZ29KOQKS9LHOJOB
+2EjysCKTwBDYK5ZonQUtmhdwNZeoLYlLrH1PQ9WuhddjT6dJWMl2yJ+zchmDRFaj
+f+4AvrbYGnMbMdjCllnDcygSlzUt7KGcjuuITAQYEQIADAUCO7NiNQUJAAFRgAAK
+CRDIQJy3y8q66b5jAJ9ROwHyPzvGq/vgztzs4972gMuDIQCfeQq3q4tW3qoWyC/T
+OkvTSeUuzwSYiwQ7s2I3AQP/ZLwvhFPpbGgF04i7p6pLQxyZk7sgO32sOxe2kYbQ
+K5cdqMiCJKAS5jFfu4wew29u9XYlDKc/dnIqHKbnFhyPC3+m7YSk3T1lpOy1evIM
+zalaXQPZtJ+RuMRrQO6YD5pmkNeLHk2O5axpDUpk8VZ6t8kqsoKNEt7U4MGS8qWA
+BWkABRO0JkhhcnJ5IEEuIChSU0EgdGVzdCBrZXkpIDxoaEBAZGRvcmYuZGU+iLkE
+EwEBACMFAjuzYjcCGw8FCQACowAFCwcKAwQDFQMCAxYCAQIeAQIXgAAKCRCfk5C+
+NXBwN1wvA/4oc01t7KIltGdDyU3XYwzA9Sfma6RZhv3MedM0XxHnEW6L1lIhHM46
+KXDsORumgiUXPVbCT1N85Ay1gPZT5Oy7/ZraPEMm7FLza6BjYuOxmlRj0dnrHu/v
+FmljrjGlYPzzNyoit6cxZOsbWlT/Gv6YJDLCT10UBGyh5GtlYft8cpkBogQ7tCnL
+EQQA/fmXfM8N93cmPNBu6nAWQ5MOev//CfIr8R9hGRH3FV8bO758gFLkHX2Rf/uR
+cyo8ZHeLw1cI0UfzC3A7TJr62MAoLBS2fn9wgAzd7KsnJFcKmpKVQqUX0EN0i+k4
+qnp1jyMCLNAVdTwVXuMTpBKEgYAI5xXNK6FnlmK4RAQ42M8AoKRDGHjijja3HLp/
++4P8/hwHYd8RA/9GjrsMfy9xynS2o99o7LkIaE4skJ7OYeJVfuZ9G6F7Q7JRIoTd
+d4OqHMeIvLIModiT0prmqRUdwEQS6Qi8HVwAsiUdNL9odleWOb380Ft6Qujn4zhs
+uvyt7S5/ctU4JPpOCokih/2D0jHzSMO5RPBKq7wQjkU/C3XSm09vsWou6wP/aSdB
+6Im2y47qiG9mHoUsCKl9CaJX6W+hl5Pto9OLW6QkYPofMs61hmzXKEZEl6Gbqhu+
+1rUd/35xahvh+hgjtRsW3XHcd7VrAPwkEruFgOM01q++sZg/4JXPDLVhAHYi7Xin
+vBsKAvOXvMGqhgByvyM9VS6bcIF7kgkIvSuodYy0IkhhcnJ5IEguICh0ZXN0IGtl
+eSkgPGhoQEBkZG9yZi5kZT6IYAQTEQIAIAUCO7QpywUJAAFRgAULBwoDBAMVAwID
+FgIBAh4BAheAAAoJEAQMJpyCUltmKsIAoJ5uxGMJtPAAGEBFidTybQ44Lk/AAJ9p
+h2WUiJFTUeNYbZa9YHcg1gk2+7kBDQQ7tCnREAQAvkwf0DiD1zbcqiBajDGZhDvE
+0cb5BUbMcuJvSH0FBXopIIniYcmnfu5q393y8WPc/rVrJVHrAU2RyHTAoX8vI14H
+vc4HUFDdnoj6Wk/xSiuYP8C4VN0NX3G+S+C4Pa1Er2s/m4X9PRz/YA0bMVynp7f9
+QM18aN++OpWV2jVBRd8AAwUD/3cuV7jHchUeZ7h6Upagzj7quky9o6o5lB///Pk9
+QZ5HEBQTCJDvmu13xCaaO9II4XFwjYntYbPOxOTJ1aEBKQubkUo0SIj8i5rhLTeD
+kkHB5M/rO40gS/MFNMVWqFCvUIQk7yBkum+MFcJFSEz7OMpL3K5X93W9twllqtUZ
+qjvuiEwEGBECAAwFAju0KdEFCQABUYAACgkQBAwmnIJSW2YNEwCfbPwQzlrLRCUu
+JM2inVLcz/3jijIAoJWggcMT69FfppDw3sA2h2PtAdOAmIsEO7Qp0gEEAMuvaXje
+qJDz2mAbPWARryInKsu+SJiOBsyNPdX2WIJTABcRh7FckP07IodeDPFGh4EgS/FE
+lDZRsMlL5SWf6Fj80JUXuyrbLNmvv0qUlDNVw1uJoeYulIypU1ZbuGSq+sDVyYur
+PDkXTlBfptMGII7Yuu+Q5Xk3CXymvDsQNbslAAURtCZIYXJyeSBBLiAoUlNBIHRl
+c3Qga2V5KSA8aGhAQGRkb3JmLmRlPoi5BBMBAQAjBQI7tCnSAhsPBQkAAqMABQsH
+CgMEAxUDAgMWAgECHgECF4AACgkQmwfivFMU1yHXHQP/ZZwHatqc12l6Pn9iawmU
+mFru8jnOhMJAzCQ/H+gUldmN9qsSQV0pFj+fP7NkNXEPOvkO4DS+ME/mHcm7JxDC
+4Z0MZbt4Xlkhffie0J6kwuiEuSoQ70lZQxbME3f+lBcNJTIhsTupJEsqqf3MaC+y
+tvHu/CcE8UkT9DPSBES5Qn2ZAaIEO7Qs+REEALaiacuS+YqTQ9Xrl462vSA6Ahvo
+hm6PUW8dg3kMOthEMVn0+fiQi7MvfDrgws51geKklPoHPwHKZs9/T7him2dcrHzN
+suh7e8i6kVGSXyLPLJUCnhklzxDnBEEjnXUG1uZQz306L/wE9oX/b76Yt08gbkPa
+33lYeep0bwvO4oBHAKCYAha4i/nB5MdV03XppOeOtp5UbwQAsCzn7IWSX6H9oYIN
+nyYBKOp1BpnidmsR878tzRHdM06A2lBGqF9O+Jt7H7vlqogX24LRuE7yw9aUTWKx
+iw/6UP+QEKHAR3RAbPv9Tg4rqyMDwHhzkebkc17VJyVSaLIEEo6TSkOl+tCqBvV1
+T5qq+z5lGzcaWqRYCkXEJu3Y32gEAKY2nu/lrMzBCHXRunNuMbhSkcIb8OplbWc4
+IDfrxw740iCsg5wh2GNzmEtPzwy3ay6sQhkGruV6pYpUii5Ms24e8ztSn85x7muL
+i1EhdqpExKt547wXz8ShXShP2Fst6bVfsaGbFU5a3kX/7BEMzzRrcSd6g85aCGWx
+a/Td6F8DtCJIYXJyeSBILiAodGVzdCBrZXkpIDxoaEBAZGRvcmYuZGU+iGAEExEC
+ACAFAju0LPkFCQABUYAFCwcKAwQDFQMCAxYCAQIeAQIXgAAKCRAM8Ubp5JhAg8/T
+AJ9PKJJLVr4KwCetNM2FWR+0Ldug/wCfbgPT1B7WtvQMztTsJom49sc1rGi5AQ0E
+O7QtABAEAM1AVhC7V3EnU5XF7M7OPozDnk9fOgGpCh4HeD8Emuqh4TRVWSmCSA+Y
+qWt5r1L4TpV4QQX+vUDHet2i/IieIFKOrowuwiONln+YGToxXSB8tOKKr4p0qJ/w
+4ozijJZ6NVBmsGeXZIpu5LB2Ar4K3z3HZmwNSlDznVNwXJXNpfIXAAMHA/48d7y3
+W9y7jHD6QatVl68EelxV/x7BWHQF0JEltwHCKN65H5yV6IhUn84VNJazS5jVwYUv
+bmbQu09Ndm7iKX/Gfwo5EyPxGzbLl/W5fA3vn1USXJFX2Tk7wALQ5SAZHHbrluIp
+/660zvXn3E+466KchiRCdOfqFpCd3Rxgrv/hAohMBBgRAgAMBQI7tC0ABQkAAVGA
+AAoJEAzxRunkmECDFXwAn0NXK//V3U3k1LNXeU0mz6GYmaPRAJ9eRstO6/n170QF
+3Q7bkGNUvtPVdZiLBDu0LQEBA/933MLSz3/cCubVa6XR94o7mM8DSmT+Jl1wINBZ
+iqgx+W7Z32Pe8ioU03+2r0kOW9Re11zjXX0+vkyCHulWdJpC1ipuKHx9tiA1RtfU
+2uqq2B4jufbxLlb5Ix9H+4sKl0ZJGhyH+C+YrPa7umfJAv9Nybl98w/SCSCM1UZr
+SiT/UwAFEbQmSGFycnkgQS4gKFJTQSB0ZXN0IGtleSkgPGhoQEBkZG9yZi5kZT6I
+uQQTAQEAIwUCO7QtAQIbDwUJAAKjAAULBwoDBAMVAwIDFgIBAh4BAheAAAoJEGre
+QqJ0A/WJWGwD/2r6jQvyWpIQsyK0BwR7yrvi36BqhCA7Mh1ZmnQbgZhrHIdTrFQC
+5a3XxYA4l1/VYb6+aXPmRVfg6+VNAWXSh5UR8IS81No4mxSU8RqMHyjdGsrOHGus
+n6ckZlXtJizsJsXZx+ue4sxne9zTtiUYwDFlTlANNPiwpnSGQQGEarKWmQGiBDu0
+L9kRBAD8/PiBfF/3DoGsadZWnzFmpmaBmuyWi7wG7UCWVfCWf9mrtYgF54/wuX+w
+UvH0JOLhPeJkMunI9UwZDQiRAEQqxkVEN3EjAaxQ/+1ip3lPTi7k2xunLwei0QWb
+/i2rkotviOzg/tZOFYWa2MiEhiMx0rSQBUHszS3vjHfc5TVa7wCgk9GBkr9m4L5V
+OA+Pn/S4vttDRjMD/1CmsrzbOh+E8ViYqTDUHqdawzlAyjU8iCVmjwMwO+Zfohbs
+qwQMN3DeDU7AykXTQgjn5pawttY9Hkg3Is8t41XlwHZCrM0EiygrK2xquMi/mSIB
+5X0HS/LJkjCJegtF++OhM/VVPeWnI444b4fFk8Ndo5GyEdUS/Rz/C1+tvq/zA/9Y
+sYdeqAb7StJfEDla25vx+hcE2bKX+Wy2+RtEUQV9VSWyh+Bgs5S8kN+HwFpdcXp+
+j3+W3iT+QjJxtnlmAq0ugJblLiCYKNcPr8eDBr6vTjHSsiWXGC21lJ8ewg2zqP9Z
+vr2bF4pAPM/hhX0bDi8C/h0nUkFcRGWxuoVifo0TLrQiSGFycnkgSC4gKHRlc3Qg
+a2V5KSA8aGhAQGRkb3JmLmRlPohgBBMRAgAgBQI7tC/ZBQkAAVGABQsHCgMEAxUD
+AgMWAgECHgECF4AACgkQcBJ6QSqLCEBA4QCdHAGobRtfv+IDDFpbW4rUqm0zQawA
+nRFFs5sBFUjq1/5zG74QHo0pY07auQENBDu0L94QBADW/R4I4DMQvkGlvP6jxWLz
+6TgkPMAAfEyxIJoZYLJggau4XJYyElmUGVFVH36DPE0453yN7j3gBxVbOCZamUOI
+NyehuBy8Gxom36Oegzvr/43TcNPTHZnVl9wJVCFmOsAR3L8A617lAguvUzlj4e7G
+wV5yCwwlNtBGO27Lq/dISwADBgP+JB4l+2Bdx9wMs1zVDGQj0BERtyHmwSVzLn3B
+G0pAM9wf6Me5/o633rOOQYl1mwmXXjUWZasmjegqWLUFPEkCyFMHR0CWWI9CdBOQ
+ROBFb6jK9Oq2jYoGxTJ4kCtMGo3z/pNsAGdNtgj5s0AgUIoQHw+L7u6XF8De/Sww
+56eyuKOITAQYEQIADAUCO7Qv3gUJAAFRgAAKCRBwEnpBKosIQNT/AJ9z794Z40YO
+apyZWN3NyQPI1zM0vwCfZIkY3c9J7WVXDqO+FlXWrb9L722YiwQ7tC/gAQP/U1mk
+j+I4eBCICqWjFBqJe84v1fmFu1c9sUw3wnVL7vxxHEEq1xvPgdfPlXQ6tMpcbtpe
+7nbWGuU554CMEWF/ZK99iY+Ln+zpG1CW/br6YtQWCm1fLww1WJoANloUimZs9B9p
+FtjVGNWDyRI8q3flw5rcOo7aCM1+BtNQhNM5RC8ABRO0JkhhcnJ5IEEuIChSU0Eg
+dGVzdCBrZXkpIDxoaEBAZGRvcmYuZGU+iLkEEwEBACMFAju0L+ACGw8FCQACowAF
+CwcKAwQDFQMCAxYCAQIeAQIXgAAKCRBHrPEvKhKYmd/XA/4uJqeH2WLMAtbxuARZ
+TsDwrof1adVKpVgn/KKFle/yId4co0DmeFS6a/HbHPYVtlQ2TWWASVu6geNobua3
+6MnG9vHs2W4YmQGTSO8T3MXP4sOp9oinwtvcgZW+XGfCX4PAZDoxHUwN/UVwGkiU
+wRjlQVX31vkPxZDR2UBoHjBYDg==
+=XVtd
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/pubring.pkr.asc b/tests/openpgp/pubring.pkr.asc
new file mode 100644
index 0000000..e8eaabb
--- /dev/null
+++ b/tests/openpgp/pubring.pkr.asc
@@ -0,0 +1,28 @@
+This is a test pubring generated by pgp 5 beta
+
+Type Bits KeyID Created Expires Algorithm Use
+sec+ 768 439F02CA 1998-03-17 ---------- DSS Sign and Encrypt
+sub 768 CB879DE9 1998-03-17 ---------- Diffie-Hellman
+uid pgp5 test <pgp5@dev.null>
+
+
+-----BEGIN PGP ARMORED FILE-----
+Version: GNUPG v0.2.13a (Linux)
+Comment: This is an alpha version!
+Comment: Use "gpgm --dearmor" for unpacking
+
+mQFCBDUOrE4RAwDbbxWAbWsheUJprK6VryMTpwDiYwMfL+92nrHqSfPqlpMWgDTia8qnpRSXbyEm
+Sppp/6/Ygp+N3n32Kznq7PjHXiuWLlZGvZMtzmvaMA17y0GY6oLBxS7rhASXIKa9hEUAoP+KBFly
+qNMdsK8j+ZO0A8rnImGrAwC1ddDme5iZFkTEWHhrtU97sEu2GDkSQB8HdX8CoRcrOz/B2WliF6qf
+BKhcZPFVBIhKNzjTfY7SEYAZk2zcsCm8elnwSLaGEzxKFNFBqKDNXP+a35spcqsHSGzDVw4VuKMD
+AJNnAP6skpHlhVAmecLZT9eRzVoOq1ivUIntK2Mh47qsL74q6BBwz2sviPU2Y3pDlbb6Ed0qJAXv
+dCT24hlfoGoXzkoDInkPJTJeL0gCnwmQPjvXFFd71Cvg5LaL4lIQLbABh7QZcGdwNSB0ZXN0IDxw
+Z3A1QGRldi5udWxsPrABA4kASwQQEQIACwUCNQ6sTgQLAwECAAoJENY0E25DnwLKxIoAoPSyM/Mw
+BogpyMU5YY+Sj74k3UIfAJ0RopQa8ciickDVzoSVPrGysrnOkLABZ7kAzQQ1DqxWEAMA/wVrlNsP
+qTxWZbUiMrUN8MjTFR2xUhuTw3cdvRgiVPUT/q1l1+I3CpopVBx/XuAkg5sHB80zc6pZg652YFV3
+dLoTceS7ridb5k23sHa2hZGCeTo6AdxIOy53giCPDP9FAAICAv9Oh5/OVxUqI+6hsp9ccOEhRA9N
+8aJzYDPjvCQyhgej2P1kTsBZqWIx0/PiMvIt+qqhT2YfyD68mHIBztScAXZKTnjroUPKl0+bkX09
+NbdyqojAkzhaCRKUzwnaHEfhi2WwAYeJAD8DBRg1DqxW1jQTbkOfAsoRAnaPAJ0Z/k6Y2ypgDhXo
+qBLeW7Lq/AKYEACeLTod6Nt117DkqDz9epmIqwWOE1ewAWc=
+=6BrN
+-----END PGP ARMORED FILE-----
diff --git a/tests/openpgp/seat.test b/tests/openpgp/seat.test
new file mode 100755
index 0000000..28e6925
--- /dev/null
+++ b/tests/openpgp/seat.test
@@ -0,0 +1,19 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+for i in $plain_files ; do
+ echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust -seat \
+ -r two -o x --yes $i
+ $GPG -o y --yes x
+ cmp $i y || error "$i: mismatch"
+done
+
diff --git a/tests/openpgp/secdemo.asc b/tests/openpgp/secdemo.asc
new file mode 100644
index 0000000..343453c
--- /dev/null
+++ b/tests/openpgp/secdemo.asc
@@ -0,0 +1,737 @@
+26 demo keys (passphrase is "abc"):
+
+sec 1024D/68697734 1999-03-08 Alpha Test (demo key) <alpha@example.net>
+uid Alice (demo key)
+uid Alfa Test (demo key) <alfa@example.net>
+ssb 1024g/46A871F8 1999-03-08
+sec 1024D/1AFDAB6C 1999-03-08 Charlie Test (demo key) <charlie@example.net>
+ssb 1024g/BC43DA60 1999-03-08
+sec 1024D/FAEF6D1B 1999-03-08 Echo Test (demo key) <echo@example.net>
+uid Eve (demo key)
+uid Echelon (demo key)
+ssb 1024g/7272144D 1999-03-08
+sec 1024D/8FC282E6 1999-03-08 Golf Test (demo key) <golf@example.net>
+ssb 1024g/9DCAD354 1999-03-08
+sec 1024D/04259677 1999-03-08 India Test (demo key) <india@example.net>
+ssb 1024g/61F76C73 1999-03-08
+sec 1024D/43C2D0C7 1999-03-08 Kilo Test (demo key) <kilo@example.net>
+ssb 1024g/9AF64D02 1999-03-08
+sec 1024D/A9E3B0B2 1999-03-08 Bravo Test (demo key) <bravo@example.net>
+uid Bob (demo key)
+ssb 1024g/E29BA37F 1999-03-08
+sec 1024D/EB9DC9E6 1999-03-08 Delta Test (demo key) <delta@example.net>
+ssb 1024g/B0C45424 1999-03-08
+sec 1024D/7372E243 1999-03-08 Foxtrot Test (demo key) <foxtrot@example.net>
+ssb 1024g/EE45198E 1999-03-08
+sec 1024D/34C6E3F1 1999-03-08 Hotel Test (demo key) <hotel@example.net>
+ssb 1024g/D622AD0A 1999-03-08
+sec 1024D/D2699313 1999-03-08 Juliet Test (demo key) <juliet@example.net>
+ssb 1024g/35F8F136 1999-03-08
+sec 1024D/B79103F8 1999-03-08 Lima Test (demo key) <lima@example.net>
+ssb 1024g/FE56350C 1999-03-08
+sec 1024D/BE5CF886 1999-03-08 Mike Test (demo key) <mike@example.net>
+uid Mallory (demo key)
+ssb 1024g/4F31EAE8 1999-03-08
+sec 1024D/30CEC684 1999-03-08 November Test (demo key) <november@example.net>
+ssb 1024g/8B70E472 1999-03-08
+sec 1024D/6D9732AC 1999-03-08 Oscar Test (demo key) <oscar@example.net>
+ssb 1024g/2681619F 1999-03-08
+sec 1024D/3FF13206 1999-03-08 Papa test (demo key) <papa@example.net>
+ssb 1024g/63330D9C 1999-03-08
+sec 1024D/3C661C84 1999-03-08 Quebec Test (demo key) <quebec@example.net>
+ssb 1024g/A029ACF4 1999-03-08
+sec 1024D/777FBED3 1999-03-08 Romeo Test (demo key) <romeo@example.net>
+ssb 1024g/11D102EA 1999-03-08
+sec 1024D/A3AE3EA1 1999-03-08 Sierra Test (demo key) <sierra@example.net>
+ssb 1024g/0F1B50B4 1999-03-08
+sec 1024D/85A81F38 1999-03-08 Tango Test (demo key) <tango@example.net>
+ssb 1024g/101C0402 1999-03-08
+sec 1024D/653244D6 1999-03-08 Uniform Test (demo key) <uniform@example.net>
+ssb 1024g/5522BDB9 1999-03-08
+sec 1024D/61F04784 1999-03-08 Victor Test (demo key) <victor@example.org>
+ssb 1024g/07287134 1999-03-08
+sec 1024D/EC67DBDE 1999-03-08 Whisky Test (demo key) <whisky@example.net>
+ssb 1024g/FD6E27F6 1999-03-08
+sec 1024D/567FB34A 1999-03-08 XRay Test (demo key) <xray@example.net>
+ssb 1024g/41E408BE 1999-03-08
+sec 1024D/4B11B25F 1999-03-08 Yankee Test (demo key) <yankee@example.net>
+ssb 1024g/F7B080AD 1999-03-08
+sec 1024D/54ACD246 1999-03-08 Zulu Test (demo key) <zulu@example.net>
+ssb 1024g/A172C881 1999-03-08
+
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v0.9.3 (GNU/Linux)
+Comment: For info see http://www.gnupg.org
+
+lQHOBDbjjp4RBAC2ZbFDX0wmJI8yLDYQdIiZeAuHLmfyHsqXaLGUMZtWiAvn/hNp
+ctwahmzKm5oXinHUvUkLOQ0s8rOlu15nhw4azc30rTP1LsIkn5zORNnFdgYC6RKy
+hOeim/63+/yGtdnTm49lVfaCqwsEmBCEkXaeWDGq+ie1b89J89T6n/JquwCgoQkj
+VeVGG+B/SzJ6+yifdHWQVkcD/RXDyLXX4+WHGP2aet51XlKojWGwsZmc9LPPYhwU
+/RcUO7ce1QQb0XFlUVFBhY0JQpM/ty/kNi+aGWFzigbQ+HAWZkUvA8+VIAVneN+p
++SHhGIyLTXKpAYTq46AwvllZ5Cpvf02Cp/+W1aVyA0qnBWMyeIxXmR9HOi6lxxn5
+cjajA/9VZufOXWqCXkBvz4Oy3Q5FbjQQ0/+ty8rDn8OTaiPi41FyUnEi6LO+qyBS
+09FjnZj++PkcRcXW99SNxmEJRY7MuNHt5wIvEH2jNEOJ9lszzZFBDbuwsjXHK35+
+lPbGEy69xCP26iEafysKKbRXJhE1C+tk8SnK+Gm62sivmK/5av8EAQNuYiCeVh4Q
+pF3i4v6LDa82cNBI92zOHLJAu1nbeJ6bl86f/lrm6DuH/SYjOkRTQV9mYWN0b3I6
+AACvUW2sEdiVCzqYu9QdI92LJQd2HLYgKf0mIzpEU0FfZmFjdG9yOgAAr3LeP6n0
+SUaQqSNKJPx1Wes66+3KH0n9JiM6RFNBX2ZhY3RvcjoAAK9/tmRCQsDGIXRnEJZM
+rvRjIUE4qvtztClBbHBoYSBUZXN0IChkZW1vIGtleSkgPGFscGhhQGV4YW1wbGUu
+bmV0PohVBBMRAgAVBQI2446eAwsKAwMVAwIDFgIBAheAAAoJEC1yfMdoaXc0OXgA
+niui4cH4ukKQ2LkLn2McRrWRsA3MAKCZ122s1KPXI/JMLBTBGCE9SiYQJLQQQWxp
+Y2UgKGRlbW8ga2V5KYhVBBMRAgAVBQI247arAwsKAwMVAwIDFgIBAheAAAoJEC1y
+fMdoaXc0J4wAn0x5RWtqCjklzo93B143k4zBvLftAKCFbrlxlNCUPVsGUir9Azxv
+P0A3gbQnQWxmYSBUZXN0IChkZW1vIGtleSkgPGFsZmFAZXhhbXBsZS5uZXQ+iFUE
+ExECABUFAjbjuFgDCwoDAxUDAgMWAgECF4AACgkQLXJ8x2hpdzS3wgCgk/BrqP5W
+blWLc2+6jwlmuLg8n8MAn12puZol0HwV0mcd8aHWtcrfL8lynQGlBDbjjw8QBACc
+jdcfV/S7I319mfDvbOwczDvTqDsRbb2cPhQNAbg7NFlWJKtRrmff14jtCt9M77WZ
+5W+zTLwX8+8Wy3mMfrys8ucZKtfPixOXVPhyinUUGSq68IArA8vLSUTuOO0LIi05
+LAg6jzGhN9jgkQReZyqxub4oe/3JhIX9grgJ/tsjNwADBwP9GeXmMrGi5wMD3qkP
+bzb1MqwsVBJq75eLLxu85JIN2XIAGw6Q0FJp4o7d4BAQqAMzt3ONU1OcCWlDQRDx
+j1nynE5ZgRBiVoyudEELgNnYhp3MSEuUg7PkFWn+N+GuvyhVUHApleyvP09kvP57
+hif6yJRS+V6L1ugP0vZmBI4dqQ//BAEDbmIgnlYeEKRd4uL+iw2vNnOO9Y3cRSEx
+yy8unuzNvx5GFG6KNtxoFCDzMMzUa0EDH1x/QJA3CgqMpS282nLdk/5O+AphiEVe
+Gv8+c6pL/t7falIfSgKZ0j2nvCKH12SobwiNflTGJB+jLnnesjqYJD7h0SVLjToP
+/vtKPYlXOU1ZpKzDwP5YcQQuRhF9Tj8SUxScIIhGBBgRAgAGBQI2448PAAoJEC1y
+fMdoaXc0IKkAoJ/NQGlvFv5clcDIf1AXjLlTFG9uAJ9rs8IOzHfNWuUSNxdhRvO+
+O7fYF5UBzgQ245BnEQQAvwwkLp4Dtoie4/fvandnK4wVPCvgJkIbNuyQZCarQGwv
+8RapBwbANT4vGW+ky2vzgptj21xYjOcdNMIhJ1Sjc7hjs1PLhwepMFrS4/Ple1Tl
+jpEgxLZ5UxertMvSTr7OxsA76jjOQt0B+y2vs5zXgLtedux4+pdFxkgM8r6fjZMA
+oJ5LVNdVRaSkiHaKZWQWsjfTs0/LA/wMHP/PdH4kjFmDRqOPp+iB8YYwQTPZS/gw
+HtUbQhLcFEljaxrCMRZw0ZDMbzKWk+BrrBvgz4Wk3XawwUshYgi8SgwWIDG0jusE
+PYOs1hBIdWTEzFVP2pK/NQzhAqJV5/390OLEY8SN4bts/LY1XsADzU7lhE0Oohx6
+FanaZCuGgAQAn2zK53yuk7o8UrPdTHygVn2McsPYYzOvlVfHCSXQ14oXjCs1nK1X
+nMIGGM7pJjYpzv/wUZkHLNcHX4uVHXxyzRQ4oMPekncmaR8fu/YIQ9zag5s2GpKE
+SKAynGQCKwI4H5eYn+ryIgOHNS44UnXFUwbEsonP5pJNNRIM7VimNGn/BAEDIkls
+jKh5E70pJ77zKAq/uP+EnBQq0tCcyqQgQiG1n28iMQy45N5zv/0mIzpEU0FfZmFj
+dG9yOgAAr2cvUYCyL3NVUcfw3gGkK+A8ZyTfoBH9JiM6RFNBX2ZhY3RvcjoAAK9H
+YClNyCyakk4UDrW4qn8YgsdvZcxN/SYjOkRTQV9mYWN0b3I6AACvZ5Ed3zcwNvmF
+Ptb2h6OhMGgwrNan67QtQ2hhcmxpZSBUZXN0IChkZW1vIGtleSkgPGNoYXJsaWVA
+ZXhhbXBsZS5uZXQ+iFUEExECABUFAjbjkGcDCwoDAxUDAgMWAgECF4AACgkQQT9K
+8xr9q2w+RACghpiwPnn7F3HJsm9VXM8SwBjWThIAnjHZulQw9Tee9XDT5STui+ZG
++WN3nQGlBDbjkIIQBAChY8NSvu6sK0p4D0AVBsRz8iVXYqbRlRTZAHS4LCXwx/i8
+FmfdIXnaNLOoyi44YruSCnlZdh4YWquCx2mgywG589AzcFhahmqElNbKb7m4F//E
+GIZK0zTgW13tQwG9hTXOhYeqchnOOaDDwPEK1Gr+2o/5ANqhqrin0TFFBWLgdwAD
+BwP/R009s61X/FkUUAh8w4Tua6qndN/2GsqXsyPYjdF5E3gErK8jDcDLniOHqksw
+V17bJG81czCRE5JcVFLLWQJg9cpeoTpP+YcF+m9whtswaOJ/LPrx888i/OmluSD8
+1VP+6zBhhTUbpazfLEdt3XczpW7CNdNbyiEcgT+6Cr+W2Gb/BAEDIklsjKh5E70p
+J77zKAq/uPsbfaq2h50JWrb/wQiufxaUrYRvo5FjMBLnoUE+L/yG/Hp2ZRZuA5Ez
+BpZ3ON5LaFadahL98oQe/W3IXFZwxyYfGCtVrV16zx6cFTJQK/iIqp3TNp/fA6TR
+E3syS1FQZIZMiFLvgSy4Tsu4vAadP290Tc62LP9ivC3PiIxt3aqW2l/NLohGBBgR
+AgAGBQI245CCAAoJEEE/SvMa/atsta0An3ZMmv9EVWVwEvf/Rwf7nbFsgGhuAJ0b
+P+lAOCRSYziWSIDf+BJ9F19H3ZUBzgQ245HNEQQAis7GTDqtEM6luop6eWsxFi9+
+qhUVp9N6S+xlbwzQZVA4FjCqf1VR9JX8fwjLecmxT5xThQVcRqgeFVaCyky2Nge/
+FcFMPZQeaP5jv5GRWc5PvH9Sw8pvGOTB56V4ZeR4cQLDBm5CF5tKu1BCWWq2MLHf
+ct7TXe6QCzZKcjzdw8sAoN9VvrKN+EbQC+THzdWaUWpdcfWnBACFWEyLVPTpI1jN
+soCZ00F8Fau/2baXk8mdROlJZS6bq54ksfOQQzReBWce35h0W7NeBRp+yeoSf7Y3
+i0jTO4mrOiL/0NCcS8qKNnGKG1irdLes3pQhDZpcUe2G9W3FnGhxl6W5hpYc9550
+mUj2H3I5tmfSYsVcVjpNSIdBizxE2AP/SI1t6q7LHMQp0h3MPQ2z7daMhUGViXnV
+l2+rKjb5T7bvSFdV0iyyuyoqvUPBGWwJFLAxj6esHRlQ6W8togHuoJCR7cL2bK79
+8mgYOExk5gBexq1VHQQZN1edK4LGo2ESKrCVtkYwBzAU76hYFKAbKMU8dMxI7DRd
+LjZ3vdQ3FNr/BAED+xylaHWcBOTZBCd4ui6NIsLkQLv5uFW66tWYKvc2APAe8oKx
+h5YMp/0mIzpEU0FfZmFjdG9yOgAAr0tuCtmJhCp9PoSOTFA2ssaMB7jl+5H9JiM6
+RFNBX2ZhY3RvcjoAAK9Ilc3l2agIgR5iIQnvOgyYUe4duz+d/SYjOkRTQV9mYWN0
+b3I6AACvfQ0dS/51Esd9E/rbG/m1C3qIenSthbQnRWNobyBUZXN0IChkZW1vIGtl
+eSkgPGVjaG9AZXhhbXBsZS5uZXQ+iFUEExECABUFAjbjpH8DCwoDAxUDAgMWAgEC
+F4AACgkQMYwfrvrvbRtnAwCgs2haIgJu/UEpmCEnojO1zCoaBwwAmgPAlNY/PttA
+u6zYqTh2M9yn1DIXtA5FdmUgKGRlbW8ga2V5KYhVBBMRAgAVBQI247gAAwsKAwMV
+AwIDFgIBAheAAAoJEDGMH676720bIN0AnjjH9IN8523PCAYk6yD1IFM/ad1qAKCe
+nkWU2ZO8/oU8seCQ3HkXkG2JRrQSRWNoZWxvbiAoZGVtbyBrZXkpiFUEExECABUF
+AjbjuB8DCwoDAxUDAgMWAgECF4AACgkQMYwfrvrvbRtepgCeOpUG5rVkWVJXULae
+GZzqbT+2SbUAn3HmDGXzAJ6lCiYh5NrTIb8A7wIdnQGlBDbjkf8QBAC0pe0mjRH/
+JmKL3mubSTRMKGcd77+l8psl4GtcA6iqNj3g650Q2xxgW+Qb1iL9SeiIJP8KuEfj
+6vfPVKZHKkRAfsjnpbhN8zz7WQa2y8kkmqojHoGIh5wAD3NE6ox+1D2WvnySmU1J
+OuAQlEDfRC5C9hSrQBkO0TUCWL2wquDv1wADBQQAl3TuGt2SCuYSXo4R2dNZpB2u
+kqqHOj7nnTQu7ZVoi1OtgZYxor/w783GzLJ75PfdQMSd6T+Gbyq+QgpaiBvlmWtc
+5rcF3ZgnxiW9n2zUlQ+M6denubJT6/Aqfn7yL9v0sr8K7kTrPqAM0lb6DAMwBkpN
+8o+Z0+aIpG5/jOtnwuT/BAED+xylaHWcBOTZBCd4ui6NIsGHGb+xn5M8RwQblStX
+KFu07GugiONqnqNgB+sywt1otn4dFUWo/4FzJzvEtBQ6EjchWAVKoVYj5H7ExOP4
+BKNDNb9JfOzu9ItHk8TvQ5X7HoV/r9eM0i6MRzNOlvchB1P3Hjw4a2Pj6TwpEBGZ
+uuYqe14UAGPlUjHSn+LuhtGpE06zuYhGBBgRAgAGBQI245H/AAoJEDGMH676720b
+j5AAn2T9b/n1T2CTa+Q5oGKLAsBIcgeGAJ9kC4ETWfY8itary77dKmyVJetgl5UB
+zgQ245LREQQAubUOd0B7cFzJHF5vo5NwiMZ1JXPjyNqL2OWE/XfaeJiB55oMmVEP
+mK1JF69wU7ZBpo1l4PEIWcP7WRMqvBEFl+8LnelRkSW95kwFr3D8TRnarZy3kfiB
+F1t33dnkVTaZYxCDKOBdZ/ZiRvLa6gZ/KHhITfzaS7h36G2MbAlGlj8AoKQPFsEP
+jByKYdx72m5/2Ju/4d4jA/oCNAKaJH7N8Y3HLis1ShhpytJP1yC9GJjtec3ugzYS
+C7RKV3NJcBeCX4om3KhiDSN6YYVICf4wdqz6TAocoqPzR2t7Fz6+upxIgh5WGnnC
+s2e7uO1eXUCSXONfiDEDzRKGTQjkdvwFo+880DkiGln/qmRrcILA568dwNnOrBio
+5QP/dbkpUBhqGDr2LchpkoYyQlqzbvUpXJ1xlfZim1jfrmdfsk83dE3iBzvmT8By
+IZcMoqDEHil95LmJp3qw1yVeApP/ZWR+0XiBLEF9GhcAOc5ihH2ACSXLWiRXpyMm
+K2/erTvTX3QkAcqoQ1cFWCwNNCrlgycB84Hdm5GXdajp7cD/BAEDMzjCY4kr/Q3j
+hyianLh3vPRtiNtOM1BAXVlyCFrMAWM4wvd1NvQzOv0mIzpEU0FfZmFjdG9yOgAA
+r2YMtXCKQcwejpJAvOyUDQkN7pMthHn9JiM6RFNBX2ZhY3RvcjoAAK9Jr4qS3ZZl
+PdL7YV1+Phgvnly8701B/SYjOkRTQV9mYWN0b3I6AACvUexSWiUCxWbF+aprVRlc
+r9OTu8iDIbQnR29sZiBUZXN0IChkZW1vIGtleSkgPGdvbGZAZXhhbXBsZS5uZXQ+
+iFUEExECABUFAjbjktEDCwoDAxUDAgMWAgECF4AACgkQFoQQpI/CguYi4wCgmXVE
+CJyjkfpJJBTdGzCjhUq4N/sAn3Cguw1R4rX0391e1pAUuyM4OsFnnQGlBDbjkvwQ
+BAC2wan9ScDXLgCqN7CWSRM5B68vC3PCbemYsuOXZjdN8afw2LSHxZ3buRXfYxRn
+JNo1pm4PGkMQ7ZpQikZZVCZa+WoIVXYXRnYAjxHhvHW0LaQPvnyFS9H5LaGf2Urs
+TWVA+695zYsSaX669XFb9WbiIMGB4yUiXPvQwUL0tSd+kwADBQP8C3sKWjsPh02T
+jcEy+FDxWAn4g3LfsOPw8dfawJln+0h9LA0hTebbKBJWt5OUMqjjTq/pCZ5+z+b1
+0f2WwET/xAvjQSTdJjrFX9DNNU3jhCCelEpal9oxsbNYlVd5zOU2RN4hlmj+eEOb
+5oy5wy797sQpsbrgGetCTsvPotIpvbH/BAEDMzjCY4kr/Q3jhyianLh3vPDNvR6M
+j3Bba3JZVQTKkPeSB3XBJgQ8ssznZMvxlNdGPl6SOlpBYPcmUuo2u69fS+LUzqxM
+0unjLC/WRRPWr5QCyg3kJFXpZ5DcsdXUPikfaRD4XWuVPTStcu7NC3YRt+QN0y4m
+dadZMjSAwMyHg/oqZHF6HoK/TA5ZTVHNlabj+zNpyYhGBBgRAgAGBQI245L9AAoJ
+EBaEEKSPwoLmSuUAnRcjDyrjIbOCDkQfCrpPvbqiHoQMAKCYSE1DVqBk+RlVUp8R
+uPmgvzIKC5UBzgQ245SxEQQAyG4mRUQZagjDgl0xAnaSbLCQ5wJqYq/snwCl+IbD
+lXcoHqXQNO9QJrPKwKQAUv3Nvk7mqZWnfMPoskLOASrs6nkCv2Fo9Aw6smNizO6i
+W7xXepwvxjho4hLnE00oGPCDhUnAU05LO2pTBoxwHVs0o6vtaaViXk0s6dOFCoVd
+f9MAoLjiGlK/3DFWoUrqIiuE3aLfgkddBACrp1snJ1BtiGhmKjt7An6Qoc5LVnU4
+1J/REiQIyitUFAvPX+fiqzDyE3VD8qX/vvTLpgZCYvvEdBlSfM8IcCn1/Qh4aw9J
+HzuvKQg8WclvnQ8zq/7RV9J7h/aS/KIhDJIpGhi6YfjfjdSKfLYYfr3S4TVK9xD0
+Za3AH7/lrTqW8gP/fpKWu8fJyJ9kqHyYrI/j4ykt5QKBj3tHjqCv7FQb4FY8txnN
+3fLzBtva/tlkSKRsLobixjZUGF+uQR1dTCv042LxZ6aEUqrUytxqUc05pCSAvEZV
+8bX2H/5+ulSwdxKEzs1h2NvSTAiZ54zzKGjHNmEitdAaPD/9u5xdAiqPFxH/BAED
+CYhWuhxneJYv2ZhcXqW11qNlLO3tHf4QWPYOZ9bRChm0UzW5CRik8f0mIzpEU0Ff
+ZmFjdG9yOgAAr2JqCOINgV2LqfCiK4s7X0mqwBz/uAX9JiM6RFNBX2ZhY3RvcjoA
+AK9CmjU0rQ5lHrAdn3TtY6fEEyaU9UBx/SYjOkRTQV9mYWN0b3I6AACvdPZBZuBl
+tFtFIRj0/+lL7Cm9daq3wbQpSW5kaWEgVGVzdCAoZGVtbyBrZXkpIDxpbmRpYUBl
+eGFtcGxlLm5ldD6IVQQTEQIAFQUCNuOUsQMLCgMDFQMCAxYCAQIXgAAKCRAf6Pxv
+BCWWd1pYAJ4lvyDCV/l9oXkJOzNeGL3Df5u87gCfWm5F7YsIhi+PR7BVafFUBsWT
+w+udAaUENuOVEhAEAIMMgk/e8lsV/KEkd4/jNK4yFj5iy/Faon800I3GUzETuQA2
+AT3getR+GuV4pbZWE/80b9hnNW50UJGiP1+SXfVtY5vT8p/gNFwn5d0O/pq3bpgF
+RJmoawTzx8SFDwCVPHEcwOHE2j5LvfrvRBOyKU32tr976ri+Uowt0+92LuA7AAMF
+A/0Yo9dDqhjR2UoNcYfEZwWhRHaaJenP3z3QbzjJkASb5H84xCTEpv0dqEtVTJUo
+Io8Lh5VjbiCwok4QPLVSbQFeHqTKb7N96PjevkZ1Co6OrLCNOcPRvXxgCwSGbuuL
+MkQJEutnXLu0DOKquY94KXXh79La7lTgjReE/1Wzbgc1+v8EAQMJiFa6HGd4li/Z
+mFxepbXWoDrmIq/iTdsieZ9YRYA+rJ4OBtb2sjqV2L6WYNOqc2qDSj9QDIRJ8yiD
+ysA/4Yiur+UNBqRtJQGroegDXG4+NHsudnVzGXaQsgEqAjZ9PZEtsrEf8D89NeZ0
+3yQFkAXQ3n+aCf69jmau/Yf2YAX7D8brkxgQp3PCUcOgGv8EPo9r+AeRiEYEGBEC
+AAYFAjbjlRIACgkQH+j8bwQllncJeACaAqT6TL4N3gG2lLQNzV6gMd/p3dgAn2/2
+mEgFb3CkorWwdW++wf/YThe0lQHOBDbjlSURBACcp0BogujMnThXpn4UjBARj9oX
+gQWskkhz657AXu6RmX/u5RmpLGqbNmNuqKDIwUbJslIxrpOnA3QEobkIl7ThH+ZU
+IhGzPUnHlhd7M3dQWw1U0TfpHyXx3FYb7CCPabrSC7hWWh1ylUxz+RGJJSApR+D/
+GY+dF7dIllKUbaUGbwCg1z+vkNbzqibcwdYrwCjKG9VeFa8D/A5yPHqB9NMp+3Ol
+AGE4XRTR8LeelALpu+MuNMGFCMLdZfmt/Amoyau51FsQ7WwWrNM5A+1v3Fq0x5Wp
+Nw6Lr7HbN9d6zidN+L0uCrXPweET8ueS3DFnHI945epe703TbcjJBO/uYLn0LXEx
+mTg846/1ZlQbPgLzmzb/2JMkJ+QzA/4xFbRL2YeaKyu4JjpMNUVzXYogUwg9KZZq
+/qBbpsIAD7Agd+ZxLJHoweItXaC0nS9C6qDJZ95OJrE+h/Tt2D2lmxXseTVlSESa
+Wh45x9mbC0eRGFYYRsSx3z0hYwMmXA0ntj0lndC8ru8HjZtBW/KF0VB0RcfSyW+W
++yAq0Jxo5v8EAQNzQpmchsGqHF94WG/VI+1oYlA4rI/KYT/DB+zHXBquIl2KZoUR
+ebyb/SYjOkRTQV9mYWN0b3I6AACvUJB07mtW6/9i6mmuR9JtC7USM0AP//0mIzpE
+U0FfZmFjdG9yOgAAr2EW7SJ8fPMvmLE8+Kb56tIqW9FrYAP9JiM6RFNBX2ZhY3Rv
+cjoAAK9VpNLwU8ljMnpHbTNr6de2pplMjS3ztCdLaWxvIFRlc3QgKGRlbW8ga2V5
+KSA8a2lsb0BleGFtcGxlLm5ldD6IVQQTEQIAFQUCNuOVJQMLCgMDFQMCAxYCAQIX
+gAAKCRCtGw+tQ8LQx9USAJ4sELIj8IZxlvkwqmmEMXtm1kIhQgCfZEpMtTpkRbT+
+rEHMssei72JJi+OdAaUENuOVSBAEALmZYtP72G7OodR4RfR270RxTHj40PfUpPIf
+3U8ezyO3kqjB12IdD2YIXIZW6zEj53psX8DGya5nSvVjdFofQSVHtsnB/H7VHBka
+OQnREoInHs4helYOD0M/RZcbRIb65e6vEesuzvo9N0ACSlBsAXbeeNKGfGGCog74
+GVGcZ6HnAAMHA/9W9n2MwJ7lq0GV4V0EOHDVcTAVRSh0nB9uKBVW7hFi4DP7XYBf
+gj8Nlbc22vMkkdSvNFUoLEH7Op9sMglXfiCPJSh02U/6XyAhXDyZRyrOIHviTZ9S
+HMQQIqtEETVuYRkzvSnSfDBVq1p9gW6eZN9q6AM7gmoKInpRaODFRWU7Df8EAQNz
+QpmchsGqHF94WG/VI+1oYTZm8S4dmnYvEY77B6haPMQN5nCjubqfHGGIMJxRRG/I
+HzXq0tNi4fusoLILtVbUgta+94uzgnsrUJqZbfmwrId96U52nG82ZMhLpX41lZ/d
+LZouCr/jMO0uvF+WYMjO04ffBfcnNkeQv0p7WDH0zZZjuJ0aoUwBM9xxU3lYTgzl
+aZi8iEYEGBECAAYFAjbjlUgACgkQrRsPrUPC0MeO/QCeNYtFDXrr21NZlLu0OfAe
+lPBM51AAoKglouZG0f49sm9tHg1Gc/nwjzzhlQHOBDbjouIRBACKncc4Ueec7dWa
+VARy2SmNVufeSenYs4AsIPP0v59jEl7JI0rb+4JbIJoAzW/hcm26GS/UbbpQwig8
+/PgMUV5QfBST4CEOlf7/x2a4HKk9tDV4An7q2aNr1beW+twxfUGWWV5I0o1b/iKV
+k/LiQRiaMr8pJXY266m6/2Pn9LmDtwCg+Iqfx8gsK2PZCWv87uEKAOLzHXsD/1eR
+xLqCt1hT98gdDLykRTlI3kMq6EK3I+z/8pDIMDuPIJq1eM68YdFZr8s7i1ye1QpD
+ltPYHgWnUC733ujAKANdyybm3HrA3TSBjEAhNfcu8nkrVorvASQUDCLJatWRWJTU
+VrPH+GXIXMA/Oi6LDsgNDOJanwzzvDCCm8hWQqW9A/4xYAZ4NVFrQq8gtQPJWuMI
+fSFSvpZWNgQgYZntiXSUGYOVs28T/87RoRx02tsVDw2PA8z68q/XRuM9NdetxbUX
+QHB9eszFLi3W1idsXhd/C4SyiTgEFXG8Y8s94Eadgk1PAYHN6Gd3SY7jmevqYGVL
+mBp7qfj5Y9XSM5SE0Th+fP8EAQNn55Peu081+nAbRC00SOkO5P3aJwu7AIvXN9Ng
+rJdUW7TQmQK+cHyT/SYjOkRTQV9mYWN0b3I6AACvbK2QUpz29Yo72wl9Cy/TCjWc
+O22z5f0mIzpEU0FfZmFjdG9yOgAAr3et3apzZ+S3o9ywcdaosE2TLfNzuX/9JiM6
+RFNBX2ZhY3RvcjoAAK9PHpBSB/T7wKTGFBngy9sOwtS7ZM3ptClCcmF2byBUZXN0
+IChkZW1vIGtleSkgPGJyYXZvQGV4YW1wbGUubmV0PohVBBMRAgAVBQI246LjAwsK
+AwMVAwIDFgIBAheAAAoJEP4YCx2p47CybMcAnj/BlcF5gdhj8huiFijkgZZi/YgA
+AKDxpmP4JCksz+UPKsQ8UbtuTPbpPbQOQm9iIChkZW1vIGtleSmIVQQTEQIAFQUC
+NuO3OwMLCgMDFQMCAxYCAQIXgAAKCRD+GAsdqeOwshrhAKCK3IrzNqME6oA3RllO
+rx87OCIRggCfVkR+Nf6N59lS5j7jMXOuk799fQ6dAaUENuOjBxAEAJVJ1fFRaXPz
+UWOoeBHhvUS2aGZbz0Kamwd8qVLCVi8G1sH/LtMUh+8CvhkVum6p7Dom+2MgRmhe
++iVNbAdU8QWS4bQsBrTeiVpinMLpkEO4uRvT1G6QIPjN1jrHBsAxGw7NmC/n3stl
+e04ssueY7JOmyNEMvO1ay42CWbmt985PAAMHA/9LJVm8UR0RWfn91BOnt4C1d2tt
+kQzfv1y0InbrrdFtNl3nmUgF6/V9OcpCS8NNjZ7nzIhDgT43Ov32qD0LJ/p7c6ES
+tNSoQE6G6wGB7j/sTkushUy+joAVT2qCfRKCye7/DDa3FXDdcSOovweCX7hD/nth
+G8k576rb1h70svx5qP8EAQNn55Peu081+nAbRC00SOkO55yVYRTuqV1cyTx/djMo
+oC9B9hYiXA8kcUn/RO3hztHVFGSYQWYNhOGBPe+FrUFfY6yjGeS9rlLKQ3oaGCr6
+pvZYdIBdzktW+TItDPYmRaaBTKrBw8jmccsn7xnEriVcgkSTTMd706I8cCIQh/iK
+iM5pFZGPPghQPn6paS6L+ydP0ZNliEYEGBECAAYFAjbjowcACgkQ/hgLHanjsLIy
+uQCdFkPnvUpYurVoPjhg1pw4UzuaVYwAnROb93OSUP9PZxf4XVJwHKU2PnCUlQHO
+BDbjo4cRBADeZztXPNYwpoIf6BfqepImZqhVd2qXuZBJnEvwaFoAl7er42pXXLZh
+WIu7/gWODfcyNxsUKgMbeQ+nWO2jdcZQtt+gmRAGl1F5LbxsP6aRw43W7PAkbmYg
+PY5tY/dhgFGP5puoV9mhijpFcK/cjeg6wNgmjuEsCv8BF5FX4/p2swCgwmgcx88E
+pJF3/EDrTk4/8Xr6Z88EAL99JWgnl0w2TNiP9T3c5mtVdcYs32ntJH82TiQQ0LR0
+A7zRY5ruojNZC9LsTht5K69AJakrDA/Fu5mr2xYoFJcW4b7rpeKUy/wYifeOhYY5
+T2NDYvaZnQJXZ6O8lGLFgAxCmnZEN4IRFahKs/gAmG86d6fCvuSrohSZvQ+Lsr06
+BACFT4tjfuL6MZ0VhsClxeBPny2AM10+bDDM5eOl5ODLN9Nxf+SRu5AdIojz2OqD
+9Jd55WobpUXGzTI+0g23636IuJuH7VGCF92nFwkjdIDblRoqYPAsJRkMiC4FkRae
+qF0DpgJacYSBnHdY3Yd7I+cvgkK7oBjzTiU/Zs5hZAeK8f8EAQNhroQ8vAawUbBJ
+GAm7E5zNoXK3ly9yV45/SohVZDzODvOlo6LWymLq/SYjOkRTQV9mYWN0b3I6AACv
+VTx87uYeuay/ZhQKJudCoAgGZGdML/0mIzpEU0FfZmFjdG9yOgAAr34g7RZNSO3G
+bdz8PNLxVgFG9ZaKo7X9JiM6RFNBX2ZhY3RvcjoAAK9YCrkTYjGM3LHB50POLDFY
+Z1O3Mu9jtClEZWx0YSBUZXN0IChkZW1vIGtleSkgPGRlbHRhQGV4YW1wbGUubmV0
+PohVBBMRAgAVBQI246OHAwsKAwMVAwIDFgIBAheAAAoJEOup8kDrncnmriYAoLZf
+OyE8KQbqCKZA2lLbxnCXr2G1AKCnWAeL/6RLjuyT7ddG3qd+ggEnB50BpQQ246Oq
+EAQAj7WdaOJjzJNs2G8rvrDZvD/uaALQ9PtdvYAp/Drp7xMH5T62+KKTlKdO3s8I
+QBPiuFocJNir5st/nm8Xl+gcOZOvtr45c/cl54fGO1gOjBZOfgbkdBVK/LMwuQWI
+ebK4qCZnAOlDLYNGVUguGLnEQBSfnhhkgh0WA0kqt7fYvpcAAwUD/3cOEqPlMdYe
+LnGEG4wPxtyVIchwGOv0YRW5apbz2fdO7otj1AFUN5WzFw0A5+WHza1OIUhg50Zc
+o6HnwKx6F+LbZ5aOc37EAvaFgPuMxBfkaWYagCof3jBF0CbTWUXV/D5/dFmIeuGT
+uUMNsGVH+OSMW2hBN/7+aJK5LLHL+hzp/wQBA2GuhDy8BrBRsEkYCbsTnM2iEIZ+
+jDx69i6vtiK2mS5+ud0+9/XEd1foHMXoByohTsJeUvbwXvAu7FvDdfroq3XGvSjZ
++czTMIekzBbYRxC+pPYENNuBn/e6LTKQD4oVW+uQYcPax5AvZeR5tm9RPxuQ1EYN
+AmHR2OEtmE4zSbqGtrnsp/a097bTCnmxH6PsQ19HSseIRgQYEQIABgUCNuOjqgAK
+CRDrqfJA653J5nNNAJ9Se4OBQyISgG6RMM2e6+frY01H+wCeJmn1SGKVrWnZeIBE
+j+jR5OSAMDCVAc4ENuOlJhEEAN1bOV3WXINYOoY9LMY6x6FfJNJrSk59VMtySkmk
+OkStyfyNLxwqteRVSjAjtKVmE9GZgj7mmoZobkVnlUl3VN8paKFzs74kMegrfJqY
+6eHo4VAU9lQXX5aUAaIVctz5Y4PNuA5IzL/zJcDqfTN76/d63mf0rOJvewMaPDkM
+yaJjAKCZTCeh+qyQdW/VLq0ODTyZcAsoowQAhUbJ/2KPcHM1vR9VgZQ4tTTuepDd
+Gk1A9oq09CkGhtGSdD9lJ3O6IAtwIH5Drrh/VwoYD46C2bQv9/XFSYpFbetP2XMy
+1wLLqRy50IjY4eb+A5w/MqqOPmiekPzh+BHgF1ux6FPz66ubEWIr9sUUjp4LUvl5
+0FBxEuztMXaNjdIEAJ1fL3IeDqINMmHKy9HtS4tYT/Wz3KyKuFmA9vS/IgXAd9HM
+z3oBgg+ktmv+O+SsNrBPFgZ8YhmuPtTIZ4+7tEJ4VFVVfnkHp682/d8CpubBDUYd
+NftYcI10CQ/TvJPFn/Cdm508DNDBGQR9nf1N1xxs6Ed8e9u/dE1DRXFta1BS/wQB
+A7n3lqEldy5uprCBgI7BwpM0ElWN+2D2a9LgElCF6MeTnG4Ycamo4Gb9JiM6RFNB
+X2ZhY3RvcjoAAK9TlqT8l+FZ3rsTboSXkdYnCZZwh4rd/SYjOkRTQV9mYWN0b3I6
+AACvZXMVrb4dxU2h5sKMOGXEpcHs+DuVW/0mIzpEU0FfZmFjdG9yOgAAr3vtqeEa
+itcXHtaGrkSx+21NoZaKkS+0LUZveHRyb3QgVGVzdCAoZGVtbyBrZXkpIDxmb3h0
+cm90QGV4YW1wbGUubmV0PohVBBMRAgAVBQI246UmAwsKAwMVAwIDFgIBAheAAAoJ
+ENS/V/NzcuJDdy0An1AXntULu0eTFfoqIj2gIoRR6l/kAJ0VIXasNn5cMC6DtduH
+/Cl3BCFW250BpQQ246VQEAQA31Qj2MGefTCoF0x+D+9UMxZ6RuBPzI6gzX1tzcUP
+WYy38NIq+lNYBg7hLFkUfn0uTsAm33h2Q8z4/DGT7jmQWpoIg7yNTr6681L/gYo5
+FhhC+qERZ1iPMyfMwwD7rrz9bthUGTqChV2h6NiPUPM7ic/D9rxJICXy8dsoj0dQ
+6dsAAwUD/0ggimQTUCGmNHHypor/GY0XAAL4Vy8jAsC0FH1UaqDVTrTDH1qWLRnS
+9uxEsOJIGSLMSdxC0FZEYq4jCm7CYjTOHTHvvYDbhs9QhvW9r4VD2efbERFSEYMi
+H69ASQLGDp/O5kOZTgQOvl5oxzvsrOMaRFSWcn66uUAMORmHKz1g/wQBA7n3lqEl
+dy5uprCBgI7BwpMwsmLANtSNhKe+VmFkvN9msymkZ/XyA43Ts3EpgI/RoP2B4GS9
+LyuCC26DEqGnsats++yae/wDoWz1mM9tq4UcML4hSHIbZnG2OEZDIiu1q5aS1I27
+UeWhA8+qPhPosw9cJ3Y3sQIgdIEiKzAdfsjhmE78aSpljhGnFumTVv9p/lCNuAGI
+RgQYEQIABgUCNuOlUAAKCRDUv1fzc3LiQ475AJ9aAil0KqenoLziTexEcc2EnFmR
+uwCdEjwBOoJFx6qltIM/tJcxqRi7qu2VAc4ENuOl2hEEAKeOL2pIdZ+zQtehxdL9
+l/uDBFSTuN9rLb8DgLiw8Z9j8U5CEH/M38WzH1nHKKlZKjGVZYiyhRfAG83wvHnT
+83lq+Ad0lgaZTR4z6nrd5ViOlHPlfqo4RPZPzPe+uF7EfDl792sJerXGAasLosmK
+nxKAyJyVjh7eZcjTS/hUhO9zAKDVyLHJ/gQlMYk8vE5XYL7Pw4d28wP/VsKVkjlx
+sXpcrCQIoKeDXgKNVv9L+0Pebspzr2WOah8iBN1QOkbtexIKCbb9mmviEnJU0FFx
+5MIw4mipvY4EpCaH3McGwJpCzWmdzID8Z6oISUyKsuP7PXjmASbogV6Iqy2m/2RD
+tfbIlbwotfbiOT9Tr3IPbH+tHAZByMRyvxID/RN90WOPSpODxr9AH9btmeJD0BfN
+t99116+qdwvWrTofcbkBgzvB34vLLDaMKVIyinxz2lYyC7aSpA3uzjZvoPvPrQJF
+LE0dx7DSkUTtWbQGByRabpyrXYdKZzsFXLb+LSTWwF3sQLax0C4cYT7OLPlxjDVq
+/A0jgztaZVWa37IY/wQBA4atrlwHD2LVQWW8aUn17IvjZxnp2Z5Em6q1rszts7m9
+rXCv+fKUFF/9JiM6RFNBX2ZhY3RvcjoAAK9hYwqxHjc6iHxWUSLF376lmCzbsJxV
+/SYjOkRTQV9mYWN0b3I6AACvYBDzN17V2d/ZXmycyHFyOyxqAighH/0mIzpEU0Ff
+ZmFjdG9yOgAAr1pTL8K2pO6rbaqNJoTiKU0q6XdGAj+0KUhvdGVsIFRlc3QgKGRl
+bW8ga2V5KSA8aG90ZWxAZXhhbXBsZS5uZXQ+iFUEExECABUFAjbjpdoDCwoDAxUD
+AgMWAgECF4AACgkQE9uWVTTG4/Hs1ACdFOYsQ4pNSdT9grdhmONXKXgVRzkAoImb
+lC/iwRti3/yZ8Ljc0tEc4HTPnQGlBDbjph0QBADOk7pS4JZak/26nkZWEs+hIIF9
+IgD0labkCnr+GNDmGJrsJxLwTjU+NoaXo+SHmWPaqRJQFrz3ZJfJAxioyoSr+Hv4
+Fbv6frZIJEy1g4dFhk8DiG+zR3uPOcZCUyyW3HupqahU0/RcX7CzXAcuPJCXeoye
+SsBDyUAk/6ODs/kerwADBwP8DrWpAtFexIWvsswGdpRJHSjr7j8cJ2Hy36acB5AE
+MCSd7kNM+LCrOqyOhh6RfokrvCT6ZuwlN39nDnkmSr3FWbqcRSj8khs3tw+Uyp8I
+tqhL621vFn180I7dZM11bECv+YZlmIF/L3JNzFR+jmpODR99bLjQI0dpUqT6IhyS
+0bP/BAEDhq2uXAcPYtVBZbxpSfXsi+AHAuizXUm/50gOqDPn9/AvgQnPzxgeV71O
+aUzUKvZEVIC7A8eNbmLXooM3Kc6ppaVOy1l6BVNcHA+iAdEOnGL9e46NALwFz+DH
+rt2umY2banvt6kYyWqChnp6vnk8O4CD8ufKnQ4c3zfSul69uuUA+l4e5ZG8V5yUo
+ikTP7kb7/7PSMohGBBgRAgAGBQI246YdAAoJEBPbllU0xuPxJmgAnjzxkJIErPw9
+iJ/WlLv4gvPY/IhLAJ9WR725AmIjPEe8YqhNfx5b+Va9CpUBzgQ246f/EQQAl65u
+b9rEKS7XsXwNkvGtj1K7gnql2H1bJ5GF9bGCWhWmB8WFtsAy9XUeC3WbrcuWFgTs
+btTfXZ5I7j7HSG6ukf6Ycusb+bA1IoT+GAQGWpFeWoXe16wXZFl0pEc2iUnx9Tht
+oQF0fO5YlbvHJPEQ3kvoqcdb52WOOfOuCAJxc6sAoNqo5w0YxgJ9jkj7J4cmR+OF
+UEKXA/wO0jrvYE7eiZeFUjGNiRotxzhTzh53rxtz2/DWG3D+IBFOt4qqxxp3WCSN
+O5SnBZWUW50hDkhTxS7jSmsfPBmCinmQ6EF5FaFPyLQBq0uKwhMaWficdrQS9syX
+FlPuzQ5jOS3kVAxOmtDd7CMTC8892dj02qzAE46QNNUI91kZXAP+PINfoJ8hV2zv
+lGZ9tVlo+Lgsl1BOvxvEgmYV14gyTmMWga5sNq7TdMdWi8Fz0Vy7sI4S+RMJ96rM
+ws2iTzWLi2jGO44itoWttCwqmGJmlSWurRsvYhSBgvNCLXFGGaQn5ncO1tqKnWSD
+f625UnAipsgW8P4Agd5qJZiwXfJ67Hj/BAEDu6tMael+rX7E/usFH0MyFQczfHWC
+g6VkC9TYfdLwbBVtdcq/lugvQP0mIzpEU0FfZmFjdG9yOgAAr030xCMZovqQobPR
+re1kY7ZER8BZq7H9JiM6RFNBX2ZhY3RvcjoAAK91zg0swEPwYMWjD9p9kHpjle8c
+eWvt/SYjOkRTQV9mYWN0b3I6AACvbxuq5MH2Yu4E6hH46k0+/KnqrsrS0bQrSnVs
+aWV0IFRlc3QgKGRlbW8ga2V5KSA8anVsaWV0QGV4YW1wbGUubmV0PohVBBMRAgAV
+BQI246f/AwsKAwMVAwIDFgIBAheAAAoJEAyCDHHSaZMTQPYAnj5F4su5N516+dcX
+YBl7cLVDPp1JAJ9d2mO76rlmINaaTtH5lhApIjQjEZ0BpQQ246gqEAQAkdlSJYfT
+iZH/CkfV8tnhI6IDz+SgiZKcneEBnO+hAJottARGAojdbURlOIeZqRCgKpdTXBK7
+MdHAz4RKFnAAXPDBZgA5q+Coqn580t/O/AKGb8kKn9n52z9lC8A5KnHaRAsOKVyP
+TIU5vq6FLmsWmMB55iz826Dk9kMhV7mmdQcABA0EAI8Jq3Jnqf0HqqaX7CZuNKHJ
+gag14bTaBw0niZK0KSB6FBpzitEoyst5JBPCl0ayQEw0Hn4jhZAqcZybI//pC1CN
+QBBO47VUi0y1UVjExtaNmmWxugzkzWHHx4WmyWsCQwGN4B9riUws4g3dgC007l+a
+onKzj5QEo1XiiMNTFFmP/wQBA7urTGnpfq1+xP7rBR9DMhUEbuQV+5mF3JEYDt0d
+r9Ej9Ccl8GT/tOi0QsPNbtaWED6pY70iZMVJSk0TG7pZ47FNx8UHI2bJKWWjCF1n
+uXV+mW/xLMM1GgFMwK44bX2IsEJVqFjB7alBd/uj0ugnj2feFeTao2xDuSQ71IjG
+y/lFtOkcdJOov7L4tNh2/8ag6bbuZKiIRgQYEQIABgUCNuOoKgAKCRAMggxx0mmT
+E4+uAJ4+JbldpmIpRDEuE8tFCnHacQr0/QCeLU0G5RaI4jZI+QUKtYiXq0ITUnGV
+Ac4ENuOo3REEAMFaZuaYHLD67UlMCLHGPk1dFdAn3Mu2TFFDUYfEtA/JDOiNZacP
+iQSZ7zK+wVe66Vs9fzNkyeXqpwLzC35vkTx0K1m69Ave9LnXIZ70zvpVEL/UeCuI
+TRiocxNglPgn4dyJ+2V0cWJ36NGcZmkvBW0vGItpYCbpIGLzYVOfiVUbAKC2Nze7
+9Iyw+DKU9HI39B4fz85nkwP9HbIb9z5kXiRZyCaXOMnFBQ3bAZh4Og5ZQxdLyZ/r
+IX4Mu3DGjqg6UtosdVNHr6ofZWHPXNqqTUivoUmOS5Qa8dtUW3YGa8vbpK1OMnjM
+LhQVJZg/eou99s9OFP5GgPh5r5Vw/EYQZ6qzS6YiYnqzSt5LcolL2+Ae0ajXUizi
+c/UD/0TNXtCRfkS4SeVSkZXarb1oZjHdGlw6ENiLGiA0e5b4r0rByW4EQQGZPvg3
+DFXMjqp0lVVmfmXFPggLkbTP+SJ1/VGSC/wSqPkMiKSCenRqwHwWIdKxv7f13hye
+TZXR7P8uaSddSXaakqmT99v6pdZOo8NsVQTx3PzPKpEVciPB/wQBA3B94sZ4BXVU
+UYZFifR1y3VNINM8s1ZkPHDNwxOmQwK5PkcxqfpPpGv9JiM6RFNBX2ZhY3RvcjoA
+AK95UQT4zAahgt0Z7gBkqnFPjSb7Fn9j/SYjOkRTQV9mYWN0b3I6AACvZij2NXRN
+N8KfYKoU+00zOAYGp8PcUf0mIzpEU0FfZmFjdG9yOgAAr2BTPmLEX46yXGfFOW40
+pPQsV5wHy6+0J0xpbWEgVGVzdCAoZGVtbyBrZXkpIDxsaW1hQGV4YW1wbGUubmV0
+PohVBBMRAgAVBQI246jdAwsKAwMVAwIDFgIBAheAAAoJEDfKtR+3kQP4ilwAn2q9
+qdnkpFPi1neWFi0OEOr5le7lAJ40e+wQHgKIE+Fn7sjYQ0Liwn7oip0BpQQ246j1
+EAQAp/Ccn5EzxXIGljKVKZ5Pp0xJA3uBoQBvXzu2pU4HU+vmgwnX1313x+4BsHVE
+bw7+lfyhKnDD0TSwIAHj/xeE+jraCTU8X1iwe49eAyTaWF4wTyTzdZKQ9mrfBnFg
+dWlRjLALcTMJaOE2Zasn8wgAEHgi4QWyBPS1il+aFE6oizsAAwYD/RpvJnfv8Vqf
+bCxOYt7meLfTLrvcPlGNynv1nEgNgjbYRGIRzbXDDz+jwcLc9MeNuZgtaXvUbsQ8
+s0X1dP6vq43VmQTQPlU1TQx10o+YYn73ptyhbwOkyIDGmyf6uFhO0+B5/MY0KRLC
+xo0lwMxvVkYNd6k804pSJPqwusWBm2R0/wQBA3B94sZ4BXVUUYZFifR1y3VOfk4w
+3PRZvIRE/y8bsqADpUHOrpzhg45mVJx0XUD9jUsufCzZg7wHdE3KlnZW2cJ+HHoh
+up28Ie38bbaUVgfofuur31BiAVojpu8KhTncGAMb64oNfdRJapHzzBcuUigQ9ETt
+6OPgUE/thuHws+GpxQe8KhGQcVfJwuRernhyJhW+BEeIRgQYEQIABgUCNuOo9gAK
+CRA3yrUft5ED+PJaAKCkicGM/NGxdTvpyHhtVSSkTRV/6gCgsnKOr6ziNIo/Bbdf
+RfYDd1dL4lOVAc4ENuOqZBEEAKLUF5GqBMWJQtBs1t1Sp+NIOGuMLgJOhINbMU6t
+k2jzeUt6ooNd+c8P0TexsbSETwhrU4ntpvIISb7I8Twhcled7bi5KCABJOzz7Fw+
+Ydxo5Yjm1DQH7+gEtPx3n4AjZUfRAN0nqcFizDpRYPqVaN1QYiGWn9yPF3pubQhV
+n8zzAKCpx1LUlQl2e5t1YJhmom2qy38EeQP+IB45FBfDf5KKtyS64alQ0vHYIssU
+p806PQorw/ZOuoiscUQj/WeZ4vn7rCdu60uR1EuHpGp7n0t7igEgAOcxDjrxJmpg
+SdD79V+oJAFLATo2msj1IklVvJeI7ZsImyPchIU1lqn/GvpAam9N+FiIB1KUMFqT
+Jzc6zUn1Qqag1w0EAIiRHPYRW8ojd9Uh4Ed3X0daAnClyMWL82t2bj/bJRmhupQn
+4aVJ5D0pFB9izTiJEWciHpqiMdsi/zExYYIDS1Zu94+WFbNIxyMFfHrJ5fUQtAqL
+b7E5LrlxZONUnrRwshqR4X2TmW2mz1Wop542eUQ1UWp4Gr3VlH6giswY0CnQ/wQB
+A5YOFNcg/BY3BMnzmbEa9r4DVqdF0faqHCAPM1GU/o1rZ++VSNJruLP9JiM6RFNB
+X2ZhY3RvcjoAAK9h5T6r3UXJdRJYgiPBeltuXDZLCq03/SYjOkRTQV9mYWN0b3I6
+AACvXXkGa4lux84ceaJy3CpOkPW9NxGnh/0mIzpEU0FfZmFjdG9yOgAAr2H8Yr3s
+FEe3lYbWaVBMe1xHDnsfH0u0J01pa2UgVGVzdCAoZGVtbyBrZXkpIDxtaWtlQGV4
+YW1wbGUubmV0PohVBBMRAgAVBQI246pkAwsKAwMVAwIDFgIBAheAAAoJEL55SFK+
+XPiG8SMAmQEeRej4CyoP+wmpdhNm+c9famN9AJ9nKsCqRWJ/ufezi0YqAcbgbaNQ
+5rQSTWFsbG9yeSAoZGVtbyBrZXkpiFUEExECABUFAjbjt7cDCwoDAxUDAgMWAgEC
+F4AACgkQvnlIUr5c+IaZ1QCgqGtz7Pnbid5+UylHAn40bwpXE7EAmwVmqbtsG1iW
+Wt1xOo2oyTj0t8E5nQGlBDbjqn4QBACme9aNjmsy/D0vLzEUvj2kaMBgVv3MWKO+
+Abi0yKsjdP0QEt+UosnybgpahGhPZ42bL8kYsfJmO95pWHxN6sNX67FmQQa+/vTa
+fPw04SVBOMdYejLSfqmhyLoXGF8l3Vuc6MMraZkS58RA1KfY+EDjqCMItFMA+7Au
+mK1JIvm5uwADBgP+KP0pE7r38nHf5b0NlDFYhAGIqdgdWvW6zZal2lNXiOkKok4I
+6AH+GUGYJjULX+2mwCPUDdllqYlFZVmg2iSRF4i1ktd8ZpymsZuaaNyDz2AUzlXe
+cRQ0JT+abYFBannyHg04K/rR0avkYCocPEBK0+TfzzNvER3IWznsI9Dhkm3/BAED
+lg4U1yD8FjcEyfOZsRr2vgAw2DSsek1WQcJVSrTcrl4DmC6JoYKNZxcZxkz+azXG
+MzU6P/gruBQX4ldaWq8ObvjrdF+g032GXju9Olh9Wx82E+lc4O2K5kwNe0fveQQG
+7vFrmajyXnIB4myEx8jSGNcEUcl/6pMmwjzIOMcU1lPVYNkZU8cFQpZHJ2dY0OO9
+MXpawIhGBBgRAgAGBQI246p+AAoJEL55SFK+XPiGkTIAnj6CpWQaP+vvx+HhzcjT
+cL/VKlZQAJ9Nk+d40+pCqkNEZDcV/xO6vXHbbZUBzgQ246rjEQQArXimh2e6XDO0
+Lo/BHPEsdHyd7tDXS7KOcZ/RJOBVjCwbuo8O2/+SowdlrVzmUlihzs3k31AMe/TT
+Ciaw/Y2Vv9JBABVXmacGRdZfHwbERC0fXMQGoxN0bxZIAmAIV7BdSZ6PqolOUzb2
+nRlOEs5j+Lzp546yFk8vN5rWYsKBSHMAoIGmmgpRPEONTciH1bY0t3/jZvMdA/4n
+B/bsDN76QdkFdvSCAams4Gha+7waKIBaAJZWgkGzy4sh19TJN5BGYOcXsJg0v7VO
+Kxqo+1HC/TpWcdSAg/HKfNMjWH6COyuVzOrGDjJnyTkRjhLKjLaGG6N5Zbg4A5IN
+ug2Tcp1HhR2UayFs9nCqk7mgd3cNPZvLCTbrN6aBLQP/UNSg7Iyj4vPtpFMyaCt1
+etUIJVwFQ5X8yugeSjhGehkf4F/TObssi40RMmxUkjT5by0ddfpleBkeQHK1UDph
+NEKRcqNTK/rg7G6sJMxEb0ata+aTsqjOVj14ZV2uaKOJ2tXwRF++iBMyusSFRtOx
+pzZ2mPnZT4LC6uCPPgNtGRv/BAEDsc7YSdD9O4gyqEDz+24vfhBH5b1jnJJ9MOul
+ZipNjfbpG+Tocn1wYf0mIzpEU0FfZmFjdG9yOgAAr1WRiijedefkEEOQBUrN2HOs
+xDW9NIX9JiM6RFNBX2ZhY3RvcjoAAK9CxfX5lmHbWFcJfFHEQCfpabmW2/on/SYj
+OkRTQV9mYWN0b3I6AACvV5X9PayElGU3atpQ//cE3jl3tHEfhbQvTm92ZW1iZXIg
+VGVzdCAoZGVtbyBrZXkpIDxub3ZlbWJlckBleGFtcGxlLm5ldD6IVQQTEQIAFQUC
+NuOq4wMLCgMDFQMCAxYCAQIXgAAKCRAlsA/UMM7GhJjYAJ96+gRNnRtFX68Wbsix
+2VqHsXeLugCfVbbEonL55bC9BBQ89XY+6AFNSgGdAaUENuOrHBAEAOGceVg3PC6F
+tgrZrnofohzWnui6FVBzeai1DZ5MMKmdN6/QMv1eeHoMOb33fbfhwA51n+kPuhap
+r6QqTzx62RGA/gK1m7vjU2OfYxSO65GN/rSUXN/kE83jR7Hux4MocRXZ+/8ngqL7
+JAjw1LZdJyOniJpeRvrckPNC/bKaua77AAMFA/95VjAjJIAU/gOMwtbqTgV+cmHe
+52Aa1CJEalV88yKG86nnqHuL4xxUTTZljyjbbKleJD/Ah7R1BxBhSEDy8WuTuonE
+VHVxTcL9Yig4pZ/OzYZf5fkl1eLNaSLb8XZMT0JbP02b//OMpAr29lcaga1o1RtW
+vrlUyIYOTm2RcTxkf/8EAQOxzthJ0P07iDKoQPP7bi9+FNgB92LCXMeilHSPeArG
+JblD4lyK8pp+jwjSCaWJrWQO/OJJOzhTh6Betn6H6C6bapoEaQ8TuKbHEnOMUfax
+tx/yzDtWu4EWGMyG9sSPjXRr/lChDsi5OMcYnrxK3foQYMEHBMb1fIqqtRZmqWPc
+FixNLKLjBalB2cMRuYaY8o2V3ZyKiEYEGBECAAYFAjbjqxwACgkQJbAP1DDOxoQg
+5wCfbgzOK8WkgR8iruUOQagMIqwMr6gAn1iBQ2TJM5znLHzYgLX+D0k5IG/plQHO
+BDbjq1sRBACVaJ7JCEOyjZmcPbBv6CrpqqTWtFSFzB0HAJNuITVosCye4yXycsfh
+++FpPPZX8B6OgvTR7bx24Dmiv0mIF+ZVuWulMAgZay7QBTq4RCxaBnBF2yjc0f8p
+8fxnmXHAm2Rn+GUCIQeiGYagPfyYk2yCebrdFdp1QfvqKs7oxy9aVwCg414fuLbk
+BysyiXg7sFnCoarbmJsD/0hGErsAWF+BpGsNPPzg9oiyzGnV1YpqVGu4wlgZArYs
+O4SXndD53WudgE+WI9uNav/0aSPHcrgHQJ9ZZALSxSXvts1EWqvwVeSNFly+QKjH
+Ecbs8gUbvust3ZKJD55L52nlCKO64wLyySS9C67FLp4iTSD6OMaU2GO673thrrF5
+A/9nF6Tfunw/W71NOY3uc+2XMZcat8pWL0O0nfUTzTmu5cWpO6gV9w4FGu19j4M5
+5tfxHEjBBX9MSbLHChd2aS/TcRjAPoAlKbHda5WLn+t69wf2d9IQcPLuwULwIGnh
+pq8AVFA2uGiZIH2VKblyUYtmIPieWMXUQUAHBAVyHseGU/8EAQMb786noBSUDw4m
+7xGDnWduktairbapLv/ColtFylU7mo8tzwPJ9N6M/SYjOkRTQV9mYWN0b3I6AACv
+V0SyyziakJ764L9AWGhvZl0VDNCEff0mIzpEU0FfZmFjdG9yOgAAr2aAgfc/R0ZI
+X1er4E/LYM2tthHZ54n9JiM6RFNBX2ZhY3RvcjoAAK9vCoy6yI44r9RAQQdGiriB
+nWdRPg35tClPc2NhciBUZXN0IChkZW1vIGtleSkgPG9zY2FyQGV4YW1wbGUubmV0
+PohVBBMRAgAVBQI246tbAwsKAwMVAwIDFgIBAheAAAoJEF9jVrptlzKssC8An32a
+3EYMFU3dvYtqymOZk1G6qdElAJ9XrILycL0GM22u75KkQfVlZReszp0BpQQ246uO
+EAQAnQtV0TzPQjBa4FVL4qFO0koX3y544FgWd4amzmK7ILV37kHb+pQIsZzT3Z5P
+5OJoy/MNaam41Jn5m6aVQ8c7IolEJSWrcxg31NYA3O5LJ16Rf784IW7nMvBzTtEh
+4t7jPxlwue+ImdaMWvwNeHypwlWE9U4alGtbrAuWEFx5uCMAAwUD/3+C2YDd3Wy+
+Iy6lxwzaQCBI4k2yl8QyhzpwKH//+EhNJqWjVRy7t58SOewrV30iNpDEEpv96aqU
+ys2gZTPwmzACVGp4ZpSzwEQ3Cf4UHA7QbBeZxRu83y33tEgcILDNR8S/evFb2u1r
+G2KUmvfPtx0g7svVcKYRae4uB25wm0iu/wQBAxvvzqegFJQPDibvEYOdZ26Rt9Gj
+Nyo0jdE5rAxUvk0VBw7TW+V6uxtqp+fKrP3W/ewR4mUXo1jq29kicdAtO/nI0uEW
+iMuascrL4lCWWcrEK2n4AX7KbzJ9W3HDupQhHHwYga7LFg+ZAc+6m9k+cn6M8Syc
+sbQt90IMqon/jpYnSialNZilcMpFfYCnqBDTVKpBReiIRgQYEQIABgUCNuOrjgAK
+CRBfY1a6bZcyrA3hAKCPwFgK2ukTx/0R6o/BN6HFJh7Y+ACeIB2LqEi2uOknmyef
+7JveVqldPTyVAc4ENuOsQxEEAIQRmJhsJniNi/bRff/YGrZ9aFWt81G93W8WhV51
+qq+ntUHgUNY55Yyos4XLOa2tS+K8zP6X15FesVBPYIQa5BIC10mAsLfJ+1rbnGJP
+uNBA2U2MoEaRxo/JtXQ//5jiTRlYwLDRnBzuaMCPdsirveu+JBw53ytRwjwe7m/D
+1PPvAKCp2dj1FtDjubTN7kCF0o2KzPwE0wP7BimQxXyPwSzGqLaHXSEBsh84OQTx
+PI98BXgq0195/A1B1/pPs356euKlqoefUTHYhbjiMYbjZT+A6juudf7A2Ucy03G8
+HDZ4k1f1vmzrj24+6ygGBcxTVr0BaweiC1DwG3LjQoJ1cuFxRQ8BYJDGIwPrUW5J
+dlnzW2bJWfdyXOoD/0S7iEVN9txkSKildOeP1YcDCD8MM3hvF9kUc+1hbmir8SOZ
+/IYJAyQN+j+mYWsLuKtZ/F9pqiBNTXH2jWCTqldOD/ZYxHVJAARnkiVG6yckMLsx
+Hi2LPPBK8xack0y92mKe7za/7fhVgCRSs7M/rzUbzUhyInHSyxr2SYb+8lbu/wQB
+A3vncg3S/0EKhZRFb/E5MzbPjleeF5fQn4SvP7U30kDoHyI3LH6KymD9JiM6RFNB
+X2ZhY3RvcjoAAK9Gv/oavNniW7Yqm+70mldjom2X6ztd/SYjOkRTQV9mYWN0b3I6
+AACvTc6M6Pazxb3BIBjtK8lUhha6Ei7BOf0mIzpEU0FfZmFjdG9yOgAAr3SSQHcy
+6mye2mjpCNKs/FezOQKbDUe0J1BhcGEgdGVzdCAoZGVtbyBrZXkpIDxwYXBhQGV4
+YW1wbGUubmV0PohVBBMRAgAVBQI246xEAwsKAwMVAwIDFgIBAheAAAoJEF0V4B0/
+8TIG4YwAn2L7BGoJE1q7g/ePfsIhAc0nacGKAJ4iBZV69HtWtOryudH1sG7zEoaR
+KZ0BpQQ246xxEAQA3mE758SGpbalfvWhJSpb9NEdZJvJs1zlutDW3OBNuF4eIb8t
+AnWUeO1mhlCzJbcf958S40BHCvKjgiO8rSeaJCyplRHXv3ldMhuj/Bo83TxC6MLb
+q5ZsvWlgvnJBqvBso6jICy3iOATU2llVz+vX5ZSns24RqmJxWO8U3OSJUIsAAwYE
+AJZAliv6HSjOvslD8Gojy9Mq5Vdv4MgFCO5LM3su9qIioypv1l1802ZnUC2+SWjY
+J7ZUzKWJDNVJNm4clBt+sNMFcF/5D4Ag2Id1kQCh3MG8O/qnu+xOeg/4DZtLyXrG
+tY5sq3crL34ZQOSpbda5qBxQqiBCARv8Up5z4Z6DBKBR/wQBA3vncg3S/0EKhZRF
+b/E5MzbLEL6CTR0ywkrjR5f4P+KFRNbVixP74rOGEYga1Uy8PrUOMDBIjbtKVWQy
+6ly4hnMv7ZPtIZSJFpeofg7k/kTNJB0W0BcJhWfg5CbiWncJYH+IZT6+/0aJfmhe
+y7gMlkoXOqH7y1MlLXHLriVzNOpapAK4Q7vwzzfRL8kXP8zC+u1noiuIRgQYEQIA
+BgUCNuOscgAKCRBdFeAdP/EyBhuTAJ4zaeXrBSUA3s0m0MV04WJxDDGwWgCeKwYd
+KMH/CO2Eaetd28XWxnxJHO6VAc4ENuOs0REEAIHCI/xKPD6yIRGsSnI3PXTW/f9A
+WdwcQZO8fWuxypuqNP73Hyx9lxYxcQeA3X3vjtTwvSjVKiIuhk2nxm8qkuO17Jzi
+bOZ77K4JlaVFMwHe6dHcXHNrSaHcIZB+BrTj+IuD/Vwa8Z4EK1kNI7t99xDxesC1
+ou6pFchhDQn7L5LTAKCmIDPl2IfVEHu/x19Bogp5NxMVZwP+K8gcXcgYoY9NourP
+LwHuZpU68L/OboKLkgfeVxF/Bj372liFv06VFkOmu6PGM1P5CD2u2MxE2F/HvxVa
+9mXd9xwH3i1DadzktDbxG2CZRg31u/1+6i1b9aOVgowh1ISvAwn/QMfW+M+wm0R6
+bcUhOFO/TQgjrF0LDm1dvKpRrBUD/iCGgoe3U6gA8P5wZn7l8XqTyl0ul3YtLaO/
+S30La/k1LSThFRiG6qkAbIBEhYk+akdFu6oTp5eO0yEMj0J7f1ffeEMMgBrSILTO
+amBUVu9INRZMg0V+ez80zLlNgY1SOph5GlJC2i7o20V4kBZvCFyeK39vexqaSrko
+LzXK+0Zq/wQBA0GK22cdg+tRJk3gYcN/JjZjdGbyparZK4zFc6L9X+dZtsC9gBVh
+D2j9JiM6RFNBX2ZhY3RvcjoAAK9XLx987T5u+PQj0za48diNtMwF5HRv/SYjOkRT
+QV9mYWN0b3I6AACvZ+sSQxavyXXTvVtvSZ9DrB2hdoyR5f0mIzpEU0FfZmFjdG9y
+OgAAr2TiK/D9hNwmBtF5JxEuKwCv5DBmY920K1F1ZWJlYyBUZXN0IChkZW1vIGtl
+eSkgPHF1ZWJlY0BleGFtcGxlLm5ldD6IVQQTEQIAFQUCNuOs0QMLCgMDFQMCAxYC
+AQIXgAAKCRAcZ+wTPGYchNG4AKCjSqAGZAKs7NstyNXe0qmxdjqhgACfUIFuQ0RA
+vRxngnEfGZJiTL7vHBmdAaUENuOs5BAEAJGi4T/jrY5BtRTM0psAneQytzzFgH4+
+LigUXAAb0QDAOkyGNfWHrfHJIS7A3Nc9pMWAdOjWgSKbYyrzra0SQ75/SkI5+/S5
+ev2Fpki+HYo7cNgVXnbCJrIY7k4DAMunqPJ9JCUXc88WxGvKV5b45htqCPnV2Pgq
++AEIKD5aGfLjAAMFA/9+O6ttUbeY2bQHRdThl4HUxQw4lgYN7stgGZsbHCc0y6ln
+1HF9vlE4Tl6HI/NR/8OauQrXt8988dh039QNZsOdAeRWTk4PgSuXq6VDG5WNw6B9
+bvRPKXe5yeVmNNl6KESBzMcq87kANZWZ68vKJ2JihxPHRAyfxwGr2JKkVF0S+f8E
+AQNBittnHYPrUSZN4GHDfyY2YCjm88CdmfBmhTozr+i8fBZaKPsQQkAz4Ybhdf+d
+CkGOyQjOvI9qUX4wNF1n9/2af6a9A9TJNYGpdQ3AQUyyH1AXIfYLeZhAKR8oHgP3
+r5L4DDGmyAG/I47Ziko9nyyRjEkT5B17n0HedUtHH0+v6vtjNc4OA0XtbY0SCvuF
+MpLRF9guiEYEGBECAAYFAjbjrOQACgkQHGfsEzxmHISIlwCfZ8SYKvVQnWcUbLR4
+pdAC/SDm0XwAnAqTsdVw9qkF0c5EwGnsst/qiAqalQHOBDbjrjgRBACU0OjVoC32
+Kh/dUjXPdN6HIusEhHheYpFIzYHHTYJmFBEjBj9CwrpYGjGUmp+BS2wFS59zO2Ml
+pQGLGrmo+YGBdio338Hwdm8baeScd2Koqu+oWkCoBMm2VxxbS3M8kq0ppNu2Q5EE
+O/qGywVrVpfBM3siM3mcsjVaHyWy+T1IqwCg/lnggNIr+Yz2HoU9GwCwBi9331kD
+/jRTBAuXTq7vAG2bGpJ0X/zqSMLSRZfwnZj28hx6I0SIT0yZU1xggrAgzSbB24Xn
+QSSxWMR2BZQmupPdHO0l8xPn5KCbYo4C+9+ZsprxEXg09KtVcMOsV6qTq40NPSOd
+RRNAVhOOTg/GD0qX5r9ztB57qpefmp4Nfy5tmo3SehfRA/9jkdKCLrZRsE/kH57k
+GoT5kt4nvJW2X3T03BMKvspVm3WjdlrR0Ji0yiw9P05sCMJqeFKe4RZreG6i606C
+itZpRIRbpjfMEq838zgUDv7VGF7zqCedYu36sepfkzxj/slNyu6A21HTgMWxiBrk
+DXoIuxMPFKYzZGC+nCHXgW2uof8EAQOPMKazZfwtUoJ7eB74i789uCp+H+yM1KRO
+CEcmSW/T7ago8wfbaRdC/SYjOkRTQV9mYWN0b3I6AACvTozOxPOPjYlU7v7vhyL4
+rFswiNRORf0mIzpEU0FfZmFjdG9yOgAAr0jn/8fzbG+geTnYS5NG4g227pXLeTn9
+JiM6RFNBX2ZhY3RvcjoAAK9spiY0wOlyucxM1H39jlMftXgj0GA/tClSb21lbyBU
+ZXN0IChkZW1vIGtleSkgPHJvbWVvQGV4YW1wbGUubmV0PohVBBMRAgAVBQI24644
+AwsKAwMVAwIDFgIBAheAAAoJEDvb7bF3f77Tq+AAn10WjJmAMcn1pBFwE28eIqtU
+z5bsAKCoNi7oa/HFVQZRypKR7SChjez90p0BpQQ2465mEAQAiea3rOLV0WY9+rOz
++CmVlH9GAvJrS8cXjRF3uXJALZ/IDH3EkCeDHouDtRAb6ymfQ89vBJr9BZg3eug1
+HeMm0SJNTzfJFq8vVLhiwH/1QQJDCMl4WAhJwe8EbDY+JBeQ4WIsrXqdsHpD6HGT
+thgFKCMmNsjDW9ptoNivFJytkAcAAwUD/iMYod6PvvotNl8IuMDnu2q6NsUngZh/
+W/JxGifL/EVS0TtAIKEeBi8ynkzn7+exVOPLZWO7MbYehTsXiWkJEtZw9S0aW9xl
+A2a+6jP8jhmKdFoXUYBlvnNHmGt9oOWo6ts59/h9S+Mq5kUmTOJ5meWV3vYo5BrN
+FDWKpotIAWMa/wQBA48wprNl/C1Sgnt4HviLvz27SydCgapMV/zUfdQL64nYYQj/
+00crVG3e1cAN2iOPRNsjnczkYXjFfSxTxoVvQEOvScRoOF1LQ6doAGGSJmSkyIGZ
+wxb4VLD8GhqmCX30XxOcTRG6EiLq9+kDGL5gAnBUTviRF6Tc+y9N79L+nxc4lawj
+36d0ZXeIG2fm8RycxA2E4ICIRgQYEQIABgUCNuOuZgAKCRA72+2xd3++00nRAKCQ
+vRyQt5pNoWbpj8btfqGK00jpOACgjSITGzCNURjHPCPEBAPqgOVDh4CVAc4ENuOv
+BBEEAMUtk4AJiXP3jaKpIhbi3B73S2SZ67rKzBkicjelpwWk6LndsCrbLsIWsDf8
+fNtih0r9As+2arfApkNlwuCGq1ZlPGGGEf18OqPxFvnghVEbDdcosP4bIm3k6G2s
+gFbMl68xAGnTtkS5Gfz43uTuznPzdZnGbIjP0uBmPfZk6GW7AKDhi4htuxr3Y+ud
+9lx1bWM9KqUtAwQAiRYHm605RZVBkdzlfYx1Iwgn/l8Chq3MsPrfBMslapBnq1an
+2/nEQPmuIde9C6ALN1t03DHpKonx2XgjYVz8pgty2FU7txSSm2EE+975dXp3ov4T
+fD1KxksOl770PAzixLfNhPW1q4A2cEruGgO74qEX3/fAa1J0nRKDgmA/mgYD/2TS
+ZKCaFHoc3IHQnkygmGzzZNpVZV2+1kIB8Z2hNo9V81PYpzlYV8SlG51ajW1G3ePc
+ti7JOIP6MquNUbYR4TOzZy1Dq4+VqqZCB6fOeIKL40IKKAoMMDYFNLp9zcT+s6+6
+DTPH27eE1WEt+NQjBgr2ofC/4iAU/nmAYmo4xn7Y/wQBAw1YC6sO6OK1YqygeAug
+0cwEFM97WACPFwv/yo59kPUn2OPV90GqWcP9JiM6RFNBX2ZhY3RvcjoAAK9kgTY3
+bsST11j0XtHaORe84A/oRwpP/SYjOkRTQV9mYWN0b3I6AACvXbfs2GvacmwUsN1h
+JIJ6o5Tv41Oiif0mIzpEU0FfZmFjdG9yOgAAr34DrRWil2lE06jH9gI775+twQFW
+Zp+0K1NpZXJyYSBUZXN0IChkZW1vIGtleSkgPHNpZXJyYUBleGFtcGxlLm5ldD6I
+VQQTEQIAFQUCNuOvBAMLCgMDFQMCAxYCAQIXgAAKCRCl5n9/o64+oa9/AKCaJbj4
+sc17CLwMOuvFVejk4mwUQQCfcrpQGZox97B60MgQRs/wklSEVWedAaUENuOvgBAE
+ALhxyR0+JaBA2Qa8CberwXHNEuiDrz+N9++Pwy+375dDg2KQ7RUnx7NiRV368be/
+lGgdMhLKeYxZlmNPnpoUNINk86RCzYbSpmAASBOnMJQF2WdQLxmsdJNJCMKfse1H
+ZylgIJQGWI+1q0O9Lcx7Vd1F8GFeJvThMHRyLoOvMVCTAAMFBACN7RHUg2b0aRko
+DNMQKL6VV6LvBteSfgkXqf2vUovmhQtUXxoYc0QnVPCPuS6raRpxiNz8OLgp0RJF
+Nk32zOVmc2u68B30kociBt7Kx6d7fJGHL5gVqpebUy1YJ3DBoOIOgcMBKmXnlG24
+IrHPq5bvuqGtnwToZEOuEj3ZHzwNuf8EAQMNWAurDujitWKsoHgLoNHMAI9CpJsg
+3p5r1/2dTbN+h0CJ+lqHoo70wkoAb+gaM+7jq/FWce/7mNExPIYobdgkvZ2rbKJP
+x8o0zJqu77IkMLTb/eh8z+dEaC9X0S/uYgN6AUJl/DsEU+XwOd+JY8Es0wJda+M0
+qvSGaH6+kTYy4pO5QD1BrfdPTOVNxcFna7HAItZPiEYEGBECAAYFAjbjr4EACgkQ
+peZ/f6OuPqEzHwCgo3fuvctqBR1zM+lGiitaCcoRH98AoM2iZsG2q1yiU3MebUWD
+xcPCiuRMlQHOBDbjsAoRBACQ4U3waYeRudWpRA1GiHxbw9CvqFw16gwe4Q4N7LVS
+KWUffXdm6P3TzrlVqK8FxQQyXitHO4iREKzFipcXam0RpB/KWhUpy+V1qOMTI5J6
+pyc2Lt4G+9+IqBR0wuFgzNv76ExrhaS8Pnoq1vsJddsLrB6ZzZFsTBCFrdh6Bk3q
+3wCg9yVAa2nj2/IByp1xc8hLvES6d7MD/12gCo3vjQGHqoXAKsb9khD1I/BDILV+
+0g5JMg7/MLkX3DcDALeF8B2J5zN26VMFo9iXAxhPa7DZ2vx7hQI8/9pa4VCp3B9A
+ssL44WLbdbfdo9HD2Wnkd6WPEf25vDbNtLYj+7sVZY/rMyNj3+SolB4YlhydkU1x
+hNqVJk+lBYXNA/47smbyDSsJG1EksKSr7KIteXenuFseT2dpgK0+cvlC4rQceFii
+LF1elFVWhATWgXut5PXBRnTxG2vx35Une+pC5nEncvha+93d0zCK5sACjFXSo0QB
+HN5fO2Gj3dvy3U/k1swkMN9xKLXsSe8mc2QNkicdu/48iIF5FrcL5+VAjP8EAQOk
+qTnVSVlDNyanmeWCbHT5y1XDf7flXnKwAlPvRhV71WMkqrgQyZSO/SYjOkRTQV9m
+YWN0b3I6AACvYMiOr13riT9DyF8K7MAH9rFUqh5JY/0mIzpEU0FfZmFjdG9yOgAA
+r1ZK4vMwe7MVGkYsBl0OFJFhJWf+nD/9JiM6RFNBX2ZhY3RvcjoAAK9tanjl+Ggi
+icD8mvH2FEnlCyuiB9iHtClUYW5nbyBUZXN0IChkZW1vIGtleSkgPHRhbmdvQGV4
+YW1wbGUubmV0PohVBBMRAgAVBQI247AKAwsKAwMVAwIDFgIBAheAAAoJEFjLmkyF
+qB84JOIAn1w8JVmBDp+6A35ia9SqWpt52ZiiAKCIHwczU5eSjSlPSm5W8C7dlk+B
+CZ0BpQQ247CeEAQAnr0w2OcvlUX7E8u2C8dJGIj7wRU5qDazxh0tw55/ybJ3/Kyh
+CFfsr2dZ2E7Zw6Yvc1u3WTTf82nH4S+/IJFSI+qBi3TrcwVtt8Xa3Po7cIzNvS0b
+BhqfmOOXJc4ihUlADR2Jukm/QC+f6bO8IZBDWr/7LnT4SwEPhPoZNMFb63sAAwYE
+AJ2kiP3e1zM+zEo2i2jkOny1Igyn0sRiuw0OXQ9B656zp02G5qtDN+IXhgLdfQqg
+qyWckP4BLDJ4NtQoEM/Mr2/7oj3h01XpbU86R1QFQOXmoWw3q7yqEWIwfOBqClSF
+0A14sXdjQwadyabTFsW4m8Zn5jLW+1sH4PrVjHoNEz4C/wQBA6SpOdVJWUM3JqeZ
+5YJsdPnICDfLPDsLTp+mSJOvz8ZkqbdjjI/q3Kptusm2FbDk07+WCtgfeKcaeJZH
+FNDb0PYRG9S22OGNlhDTmZluNPmUG5syMkoyycBX+4RTirp7LNS+VBIOHa6d1wD1
+k8lANIjD/ilD8pW0pAyqN5oJLDgGD9892G7eeE9Vy4XGRmBB6TbFMF2IRgQYEQIA
+BgUCNuOwngAKCRBYy5pMhagfOAibAKCS4dbgdlteoklBNH9XU3+trecmqgCg4u4N
+x5RLyPVJoOlZhb87WTBcW5+VAc4ENuOxqREEAN621mjyBM5OvWclduTmwl+5VJBo
+yZuAulmkyzdDsL6ABfRdf5D+9y4en7BXY2rRLi/7Dkr6zEMXgDxQN/6r4aY0owDl
+TbuGRwNC8TjwRhSCFx1YqNZ4XCaYk5vQoyhq116HiI9PiPyhwbD6LTPqj97TLQ5V
+axS8iqniJk/dSWc7AKCA6rkZ88kyrcrdw0PedTsY5Hx7UQQAxyAfT2jrwduNvCnD
+56M+4rBUVrfsI5f/rkUXw8416V6rsyvdjzIqpssiwhYNrGuV+WlvIzP9KG4N01Ty
+CH6ax/CHT5E3N0Q+akkIJUk51k7jpy52BvIBCuIfs/KxJuLsBuamcyXuRCu6EBlZ
+cu2cfV7WQqi8HjdremHzAXiSi3ID/jkDxssoSYm+mr9qZjpWMOcazGQOOPDY6hVu
+3ywt0aOmBqePd+/LkpGFZ5YsqGa2rji0f3ubhgOYYIdVr8iJzhoM8wy9Q9Z1pjkP
+IJ56tU5vck3WosLujnHYcG3xETtxec8mXlUrFzirPKzlupARhi3Z0/hwmoqTc6OM
+JuXpMn7x/wQBAwH5EiW2ICr1W3T/Rx6Cb3eG3/JG8Sjo3rpEYlaApMS+d4oM/9V8
+3kr9JiM6RFNBX2ZhY3RvcjoAAK9AzQba8DH0bAE2s5RGAEJ5VAWk/+g1/SYjOkRT
+QV9mYWN0b3I6AACveVUvbR4gGYzhP/+FIlqbM8KFSN9EM/0mIzpEU0FfZmFjdG9y
+OgAAr239YwqXBe1eAtTrlPkM+BZQS5iCzKm0LVVuaWZvcm0gVGVzdCAoZGVtbyBr
+ZXkpIDx1bmlmb3JtQGV4YW1wbGUubmV0PohVBBMRAgAVBQI247GpAwsKAwMVAwID
+FgIBAheAAAoJEKlMD3VlMkTWM1sAn0eideyWSJxrd/trrimzJpapYrQPAJ99nNzM
+TsSCQwsfLaq0E7kkkS7KtZ0BpQQ247HDEAQAtbvtPTT+OnT55+kSbXMy9yxK6Mq3
+D5hzpNxW4jXyfGDJxQXkk/lPvnIYv5Cs5vjeMvE2RPLB8Bqp5HiAbSV9mJkCRYSo
+tkUfQLVZ9h1dWUwWE9avz+zKWUzzCPRDg5QhDyU71/jHbT/MYdBrI9YtcLo0DiQI
+l3a6rD8Xp+EnIecAAwUD/jUUTsyxauJAVKYKE8r1syZfehncpH/jtAIW05We4sfS
+rUC38Rq6s4KNIcA429kM3lh341YWmmknOVFjTLiEMh0XLI/ceJ9uVxhNB1MjlUg+
+OiDgI32Rfm3lzmvzW2HEfs8zkX169asltoOKFfCzeLOLleHT2pkN5ffC5IPJYVgn
+/wQBAwH5EiW2ICr1W3T/Rx6Cb3eFuP+IvpNCP9FJtq/cHx/aNtVczSNEk2ParqkE
+bsZoGgIF0fZStEWeTda8b2/P8dt8E/hZL8YE86A6y26jjzhIQBnThCdlxYXCI+f3
+rwXSdBJYBu6jvOA6Cp7VJkBGBUknV3c26VN6mF0tq2xw8EdB0Z94SBwIObsUJxUX
+GSx6F9n/BIaIRgQYEQIABgUCNuOxwwAKCRCpTA91ZTJE1s6YAJ90NN6PZ4hYojIq
+GPHLsoXLX4ZQqwCeNI8dzekcdK9ZkqXRxIfFj4cQH5+VAc4ENuOzmhEEAKMDGobM
+DqPX3SKI3/W8m9LmNgtDUffHGHNd1npnGM8mSyVfWjEWoEg2GPMEmdX3/tvUUV7n
+Tz02IJwZRVlrbEPdW76eItMAY1NB43LpjQTrAR++mVAslulUY6a5V5nJKEc0IqOu
+xkW1LWavujX1JRvlBZLeBkdpsVNuaGJtwUFfAKDfqoZUCcZxnO+dRMalHLfGOn7O
+4QP/apMk2mc+GJwpKSxXBvoQkVcfuZBJmXJuUCc4BUUzHX0ZSKNbgxY/kVR1xN3k
+rMgOCR6dEsGukIsgVWRDj9to/+E6IIs6YKhG7fGcXKhE8z8mf3hDLcmjbCKDCSFB
+T7PI5TkLzlAEP1y2Rtin/Sa71unGZhNyEfAPW/d1dRcRVqMD/2WcTPUaIjRvAqmb
+xUpenRhg/mF5rwmHl81VvVBbZCoZ35c0edEZKpfmyYbKuz7GhjEPz6O/UWGYZpK/
+7r6f4kFUrhO5atClnRyBkvmNmdfbtM5hd5jh3lgqAT7tk7ntPAIh8X8/qm5+Uab6
+3kZwXCPiSR+iEwRp42GbVL7F/b2r/wQBA+smNbHH+mT2ogDvwebUEYQ5u7AjqZvU
+WkfnZPKAVQwghkIrT1Vq21v9JiM6RFNBX2ZhY3RvcjoAAK90DxORhCauJg3tbEH5
+zO25GERe8T2L/SYjOkRTQV9mYWN0b3I6AACvW0fayFNyPj0o3kQ0YOk+vZDnV7i/
+4/0mIzpEU0FfZmFjdG9yOgAAr1sEI+EYL25Oh+V/MAHMZ3nfeIm133O0K1ZpY3Rv
+ciBUZXN0IChkZW1vIGtleSkgPHZpY3RvckBleGFtcGxlLm9yZz6IVQQTEQIAFQUC
+NuOzmgMLCgMDFQMCAxYCAQIXgAAKCRBHr0tpYfBHhMxJAJ91JH/X2uIsYSrKJmI/
+S1Zgwoz1/wCfdQoDeGHzNwPI5NaxIZH0XYr+O22dAaUENuOzvhAEAIeRQIHb2kyS
+94wRnI2IoiaLMXk1n9y/3VGPfX2TfEd/Q0laFCn/UbfxLEuQ8sF1ZygHiYlE2MPJ
+WzEVRe9FYUgx6TAvSrWwdJZNwnAKlCz4soq0+YPcsDduFu5NJ2liCYrLbVIfh6m5
+uoHOT8/TX3eZZfMeBIYt5ShOjc3t4FDTAAMFA/wLVDdYasFk06YVWXLR6tyWlBG/
+WoJrvznLH9uP26vYvEfBWjMAReHyOaiIpnKgDPtgWenb2RHaq1WmUfWh483IXB5m
+oiO2ZluIJpPixxRVn/cu5hvGAyhQV5GgbiacRW9RSHyaZmi8yZkWu+nS6iNwOx9h
+PHRUGvzBrGAmuDZiC/8EAQPrJjWxx/pk9qIA78Hm1BGEOtrTuBDDiXmHnTN7vG9T
+7F+vQT/JusPW4EJHYO4E2e1J6gyPEGOqrAsLW97WTEN+LW1bdTdY7dhM4jSI+Unv
+ZqZ71xW06WXE2lxGD4ayXuzP6Q0KQT7YcMnrkqBluRJTfGKdjX0RPXt/5+KWd7H3
+VEst836l75/lYfLrbWxaArFjztISiEYEGBECAAYFAjbjs74ACgkQR69LaWHwR4RT
+3QCfcsKGxTTd4f5S/liM5MfnCtlAU9QAnia0uQcnuH/aodTQqspKUGN3Z04+lQHO
+BDbjtDQRBAC9Vf1MkTKc8kSxfdfZ8Y88OJAr6gHsPUg0j1t8gPk0q2ijyrJuK84u
+jzmLmbtFSITKFfcT2VSD1u4qa0iFqzSwnywtRGYKd0gq1eMhaDcp3SmaMTyrbPJ3
+sKFDd98nbTzvnA1tHgZCFI7VZO7HBGgvnd+370lNQsnGRBF/vUDObwCgllBimEp4
+tasu0WNvZYptjGy3ni0EAJLsL9W7jR64h6+nZNkdO1jRT45sW8mvyMOt1BkyRQVK
+6G2Lut879t/upPCYK+/ohWaf3TkAKH1ucrBm9xHlPXJHZvoIA3brt/OuJmG7r8Ub
+70N2vrZmdXas/w5ru7EBcKeii9pp8pi6mim8dXTPS1R/b7BqytB0dlO9zSl9j7no
+A/9Y5UnQobM/qT1tiNhJEnUwlvvTB1UWId2UiUR3k/eNCxc7IdUytanqofXSxAu2
+jyDB5Ymv1od6bRCNM1JNWnOnqVoEd/u2csTAIkZ5fl/kE6HztqRGPB+H0n3Nb4MG
+u2mpLq+OUNhTnLpEZsZGXqd21eFXkWkThxstrH+kYVYSrf8EAQMsrHk/oVe3Xf3i
+4RPIB3bwsBoWGrA4kRK7mm5a6M/pBLavd6wy89rv/SYjOkRTQV9mYWN0b3I6AACv
+ehBH0gU1mDQlnrZJH1j9rE7y0RQQ7f0mIzpEU0FfZmFjdG9yOgAAr0wMh+wQ/T3L
+5WOeVMHnGH1mSba/DcX9JiM6RFNBX2ZhY3RvcjoAAK9nFbd0J8gWcTtZNckFwvKi
+KKj15fB9tCtXaGlza3kgVGVzdCAoZGVtbyBrZXkpIDx3aGlza3lAZXhhbXBsZS5u
+ZXQ+iFUEExECABUFAjbjtDQDCwoDAxUDAgMWAgECF4AACgkQ3vD3uOxn296iagCf
+SizgYr94GzIrMWbc6H1ha7gFOX4An2oeiUql9DoXgvph82AUGtmv9TuRnQGlBDbj
+tFYQBADPV+xDMQ8NzkqoJyO+lriAUrCNIBf1Kbc6U/IPAGOoED1YVPX4EB27u3K/
+EmRVd3clFS085Dau5rFIr3d/xXnLn++wqSgQq0Jc7LflMpIj0P209/oKt6MBovTA
+Qn3lNpecmWd8oxiKoPP158Zgm7iLcOvRTcs+/p0KAzNvHIvQdwADBQP8CQS48V16
+lhWOSXV6u3JOukMeWBw6Tx+7M1CqyBihmR8ZNlF6FPBvVkX0NFVUH2qJn5yr6Pmx
+QxSRnC3yCEyPBa48xqIditzynMbEIkNUrFZTE915rr0k9MrwzPGuLfaPtr/Miy4B
+I0dnZ/5U4hoxPwDbp0aPUwRqb8+T9POTZs7/BAEDLKx5P6FXt1394uETyAd28LN6
+Abjx+ozpGMN36+SHvBm1QBbee0EWJ9LYnatmavOGPgEn7HZFbgk/QaUQiMRMNQIE
+ykHjoKU1C5uWEDR+P/wuEYX0+pQ1UhUUZ8v+/wZjAC+X5WymJmjKW2l4LXfq0RpO
+U3DedzHl5+zcuhfZN03MhxX4mcTHdGNSLqWzikj/1HWl3ohGBBgRAgAGBQI247RW
+AAoJEN7w97jsZ9ve/yAAnROeKraABkL+JUAzQwMcNm+0JCezAJ0Uz6p+tN5wt6yw
+yH09JfENI3F77ZUBzgQ247TcEQQArUqUbiVTMxJhp8bA4vMXAzCuLjys4A44DE+u
+RFb9AGsZTmw/FTPETO7iU/3frlyYyTgIvI2zDF1SwHXG06KF3yIu8LF6OCM0N0k7
+KnKpw8M2tkPiT+D8ANrHU5d178evzm40PyNDyKxSGNlIG1N4MIKFtNdMlahLvu91
+kG04WesAoLPa5zISvsX+Ew95M1o4Qti8iYHbA/4wr+eYRywP35eb/F5V9bOLWhWm
+EDzw4KHXQ7V+OJ7JD5n44S5KLPKwIogohDlPmrxDTAJ/YAukApUItd30kr0Uq34Q
+gFktAsqgCP7C5KEM1TTxU25Tcs4ojUHoDyMj14ECuiTCP0ZFRKUivopgjgRhFTKX
+VVWTySkQ0g9SDaITSgP/a0FyXMQUYJjuB7GA6r4U6QnIHsxS5xrQgkshb4tp2MVW
+MhqlhsfOLaj1WZ+oe0DxKw0O3YKTH/EAzmNelKcMbtTcilLaIdI5l+Ylam/bZe7Q
+vbN2s72Kn2PZjtYqO3Uzqw14bqAJRl0ekleMdZRMMzAsour+iNVPHnlodXnQ2gz/
+BAED36GMDF6APjbzsvUK+yk64h67FO9lD4i0FiXAE3DtfiBKzYh3jEV1uv0mIzpE
+U0FfZmFjdG9yOgAAr3nDQWlricc0AeWTgJNI54Z91WZHkBP9JiM6RFNBX2ZhY3Rv
+cjoAAK9OjHQxUQz8Wnpik8iZguVXD27lXLi9/SYjOkRTQV9mYWN0b3I6AACvX6xO
+WYl810CKCu/QJGFZWsNhMV3iibQnWFJheSBUZXN0IChkZW1vIGtleSkgPHhyYXlA
+ZXhhbXBsZS5uZXQ+iFUEExECABUFAjbjtNwDCwoDAxUDAgMWAgECF4AACgkQiXmm
+xVZ/s0q3TwCgnrUiygc8NmP/EDsgHOweLy5+oMUAoJCz7S9Q/1f2X7xXU9Xs2xka
+KazvnQGlBDbjtQUQBADG4aUG+qgOTGEgOAVnN0ck76AnKb3jOBIYeQGYEgF/lDYb
+Y7fOQ3tIgQ0jXrKD1zHLvORNsG708yDNR79S5Ci/1nphcrNOPWMujOsZ2WMo5xbl
+hG+WJujt4pcNSRK9P5fonUE4hV7GXTljg1yZ/ui00Ot7b1B8ryAYE79t1B3svwAE
+CwP9Hg2r8lBq/j/t3kRO4xl108DFXiQKdj7sXugmAcMomF4nG3j2s219dLEFlSwn
+0/peGvjp8JFPfcMPU/xHJSaZLf90mXsf+pHcDWujHgVA9YC6ThYaGx9Je+VmcVYo
+mELxNnMWKyOJePDU4ViIXhMCvGP0Pt39wcQoiLjeu15+l/7/BAED36GMDF6APjbz
+svUK+yk64h3k1cEq5Vaa4ZpvzNmxRxEEMST+XLJ7leRFzngFM7CJLENe3+ZTqaS7
+d9/a0p9ocVwP2NHOBTLSUiKi8PacU3qtr5A79M2AtUrlnwJca4opneBLJgNGJLyR
+Gsv6WEWrPZ1PhR7v6SkUfj8jQ/Tzb1lj6DpOApZFH9fHv5btLU+JITTR+ohGBBgR
+AgAGBQI247UFAAoJEIl5psVWf7NK7JAAnRosvXTK0JTDng87kaiXLAT3t2H8AJ95
+wwtp1x0eP4rcO45yUsgGIoWoU5UBzgQ247VREQQA3VAGc4T+vuvVXcka4ETaLaLl
+L1xOiPIdJMWRWWQ60CZqWXDVpFBw6oG2AyfUZiHhLlmTZssz8UhXLw/URsPSpiGb
+tpGWKiLs4OCqjslN0lHzcnGqxGWCZJixMgZa5DcWZJjwqdXEbDChgm4ULP/7+iKv
+IenTQNhFoCXr9MtdoHMAoLpNCmSKlTu1H5GlWmYTK9AndWrfA/47ip0VYgzIvUhI
+0iWcG95sNfshApzPL6zPgKBqACogs/5/DfRn9g07BcuMihLJD0PLNPVnOXqQRaN4
+Da7jLuJA53XtLgpogxG08M6XUimTucfcovu29/bgjZIKA5c8KJ2lzXSJ9jZxSoy+
+O051f7yhXbUmYC1vdNr8GBk69QKy/wQAiHMfU3cbCfTTMmig+zBHCkHjqzqr/zKt
+R8RT5AwSOIU2aUIiHdV08apCelBw8PbEf077TuWCq2YyDZJmgWRYh5cdaMgdAd7u
+l1FS1yHPZYshcofWjgXUJHR4I8iPCs5OmdHo2HK3uU2OM36ZQGSpFA5WN1NEm9Gt
+MSBoYKN2ERD/BAEDE+RZ21hlj9nFUQKkDf2E3ET88XB3l0M1bCxCv2UAfGp+pESW
+bFZsBv0mIzpEU0FfZmFjdG9yOgAAr1wtpFPolwbaQUa/5Qmzo2/e2AAZMSX9JiM6
+RFNBX2ZhY3RvcjoAAK9Sfv2nvtEYMQvNNDd0DvnBNBoxlAS5/SYjOkRTQV9mYWN0
+b3I6AACvZ5hJ+Tl0FtvDC+JX0swooQzPDGNCObQrWWFua2VlIFRlc3QgKGRlbW8g
+a2V5KSA8eWFua2VlQGV4YW1wbGUubmV0PohVBBMRAgAVBQI247VSAwsKAwMVAwID
+FgIBAheAAAoJEJ7vNM1LEbJfV7EAoJAAKzgeRH40g+m1xX5ZfP6QnCcoAKCbTZMS
+o0H79g6Zn2wZbdEVGwmj+p0BpQQ247VnEAQAmuK5RcS0zTyXp6SjW2+WeQIpJnJD
+flL0+iBe//3SADv01qUmw3jWMAuxG+CcCApksl122V9npEHiLC4Q2A69roLRsbxK
+BPebustfadLJoVYqPsvjnrBlafe5GcrFPnKbE0wV6ZXx/Tp/eSDiQlid4lWz5J+z
+/mN7KhHANzoRAbsAAwYEAJO5fkCSdNwkisFXzeKslWxm9Yoe1TOouiSV11hex0j9
+4Hpz5wGWEXF7z+FbDq+4V0UqGkKxaERsl6HMWNkImj57N/9h1C1YDfiKTimg5tZp
+KmehXtldpWGCNDZrE0RasrFCKENVhFMhpc4kAnx6rbA0+LhRvJkvkdxY7pKU//aZ
+/wQBAxPkWdtYZY/ZxVECpA39hNxHnMEofjVNfhE0JAv3KTJRZHOCbzCkO+DxKgcS
+IsZVSJizzudmVLYbQWMKc0ykAvbJot4k6PgNiWwUyY8HxQs0F+5YYtQkMs8VdIQN
+ez+5E2RCoB+VflUVq4qhWUxXB737maUEsSc220yeEj04n59OlPILb+A/XvwoCE/F
++kCQdlS7BA2IRgQYEQIABgUCNuO1ZwAKCRCe7zTNSxGyX/RcAJ9X3N2PPlX0KeNx
+UHefqmpPYDF6GgCfZmyC/OlrmmSulJ6NAHxiQNT4D/aVAc4ENuO1yxEEAIEMk4Zf
+0L/HEJVk0/o4fPpwvm8zc+KZQCFX70cBVU9BWJOcUquRg9JDJF9bOM5TxE7VOnkI
+fPvjug5vqP0/vjIfW7LvzIWDhS6FcFaKeG4IoqrgghbAmQIoEWvVTx+7xrpjo1yO
+qIMDQqYZEmsw+Zd6deQmkUYcbvytS82L0gx/AKC6DM0guH/ddkJlT4FQ9h5cv6dQ
+AQQAgNdmGPW8VceCL2WaKMoOMmhwQGhqY3+1pDLo7HVFEPoe18A9jlMRHWfvGb2E
+zMT46/Ugqkf8TzvZGFrWq7W/t45rp5O41YXQ2+ZJH3nl+t5Gw25Hwk0hvpK0jYRH
+2nMFR+PKQL2mDbA94LvClAkgX1MX4lrUG8bYj6FrbEnvzoAD+wcRS8A6xznxhs+V
+sg/KnYl0Qe9dNFPY0hJVG5MxCyDy9X32cxhHYJSHbvS4/LLbFloP+Rhwn3/WeBjs
+L2lts1ahXvQ+QQw7+qPrs4hWJZU/NSEh1RGitukaG5zegHNTE6CJqXshshI9Ei0O
+CDahmhjiGrJA3HwKPZlkDMOkza8K/wQBA3GTFCmP28PloZW7fHe9ipQH0TkH+yp2
+IXXRWNHjhcbOrwkv7+jedHX9JiM6RFNBX2ZhY3RvcjoAAK9nd2gdDGXr+aS4H9RN
+o21VL8OsKJBj/SYjOkRTQV9mYWN0b3I6AACvXT7TUKyg8va6X0RToEWg4+feDJFE
+n/0mIzpEU0FfZmFjdG9yOgAAr0s/BxXRDWjjCqZNI5VKmGD3EQ2CCWO0J1p1bHUg
+VGVzdCAoZGVtbyBrZXkpIDx6dWx1QGV4YW1wbGUubmV0PohVBBMRAgAVBQI247XL
+AwsKAwMVAwIDFgIBAheAAAoJEGvEd4BUrNJGQOsAnjgUjTj9/yeCyzBgwu2Fs1Z2
+HB9aAKCYdUx3OscN3QmqVVre3pwZY5GmSJ0BpQQ247XyEAQAzHzwwUKDM7+djJo2
+/EnWmCijc6g3fStaGNoXDEovi3B2oPiiRTsigX90qB5nFP7whDfi8k4JY2Eig5hH
++MGdvni36hYEnQSadsZueYofvQh14N3V8fUmx4hiQiMXyWiLJzc91ZiRjww4wZWn
+/4Y5f+0mb0fjCaVSxTxo4+7joU8AAwUD/0oL9Gm3gl1XVV8BhJoXVdFQ6PN9yEEX
+UbtcrfkC51kTBk2NaEGqbB+kC8GEmXwyZcW7AQN7X6ikraUUm3RjTU7CvkSHobBn
+XYt7FhqZURpuV7eSqZGP5nP7SxWmCTTKgIH1kHCpWRwaexKFjIIkYgyVFqtEx9cE
+Q6D2kXPh+Rna/wQBA3GTFCmP28PloZW7fHe9ipQEjson+R8J0cZFxO8B2k6Fas1C
+pLvP8P0NdTIyitaiBUatIGDI8N22I6mqelpWZpTKZZymrDKe0n8h+rTNqb0uIt8F
+R+6/1qFnL1k3E/+QxqS7VGkRz6xnT+la7OVrexXz18ynbpvzJMPe2SAPyqY+RSzW
+wf5Z/bgM+A/ftNFfEencn7KIRgQYEQIABgUCNuO18gAKCRBrxHeAVKzSRn1jAJsF
+3zuwZ09o7T0yZNm4zWcRGZvteACgroLrVdUuNxbdEllH4BbcvFB06zA=
+=P9+G
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/secring.asc b/tests/openpgp/secring.asc
new file mode 100644
index 0000000..99e02ca
--- /dev/null
+++ b/tests/openpgp/secring.asc
@@ -0,0 +1,73 @@
+This is a test secret keyring simply stored by GNUPG so that it is
+easier to make diff files.
+
+sec 1024D/D74C5F22 2003-12-31 Test one (pp=def) <one@example.com>
+ssb 1024g/47BE2775 2003-12-31
+
+sec 1024D/C40FDECF 2003-12-31 Test two (no pp) <two@example.com>
+ssb 1024g/B27907AA 2003-12-31
+
+sec 1024R/ECABF51D 2003-12-31 Test three (no pp) <three@example.com>
+
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1.3.5-cvs (GNU/Linux)
+
+lQHhBD/yNQgRBAC/KSfe6uVfDgA3BrGpNLhVxT/ytwXMpBI8pEdTiY0jWnYrb/Yu
+8wtCeZ9GAux/ZA/ted+7pdibHXfX5PzDfgUTZwrIJa57OUpWwI878AzZxNsnVv1I
+P6ufGyESKME4PUQO5heKhwAb0gQwFwArS3v4oeYrEljhJ79kpt319JEAEwCg+hTk
+nylYwYGT/PEVQ4JlLPoWmqUEAJn1HX1Od5tyoK4OEAM5G+wHz3SBj4FMonZNWs1I
+t03JKHoM5ulQ2FgEWmBVIPTKSDm/jQXPYApz5DpxpoGYbTCaEo6zfE32AEzoXDmG
+AZE90Xhq/wcEN+JcHpHytAA/n+hYaR3sYegQ52mWMR+vdd99KO0V0jLRcckgBA7Z
+2jlFA/98cyy2nYt0QI5Tf+t/d4WBeib2yNWVtZH/j7XpDqHLZDgVAYkazCA6ZF7B
+vLddBEqVAh1X5tqua4AXX9L4SGYb7B0LRV72alhYiWWHez126KjVgwRTUxtEJ4En
+HmYJRReLlXosPIRhXSz7HFAqalPXJ0DvC9kzTQnnjPOylyMPTf4CAwJkfa7fzYfs
+BWBdwH11VHPRv4hkbVaS7Vw6TTmc9D+ZEFv6pw+gTLldIfEZU3+24eoVkMjdwGF2
+dXN/V7QjVGVzdCBvbmUgKHBwPWRlZikgPG9uZUBleGFtcGxlLmNvbT6IWgQTEQIA
+GgUCP/I1CAIbAwILAgMVAgMDFgIBAh4BAheAAAoJEA73cJbXTF8iUO4AnA8wHb3e
+rMrfWV3ij0d/cEiSJAYFAJ9fcbShgTXDN1dIVZvLSW5E93TfC50BVwQ/8jUNEAQA
+6AJLWnjvNx15zRS9ULSmF7BqUdRTp/ua6VavSPRljVFTQg4/XwcB5Psg1zA9xRpS
+8L0ph6deZhu87WLuw01QI6wpRqbCD6hI0xxszcDA3DGWCBPIlLU3pbMhfsyNEtSV
+Sq1stGE8MaUKW23rJ4CNLSllPrjpMA1oEOJEiCT3gAMAAwUD/0aHZfVLL7gin9G0
+wkM9k5j5jqxZQ3s6IzYGR1SYIs6Zo5V+CuwR68p1IEGPShVY3zVTTaLuNDOGEAje
+1kwUmY/+GUXsCVLkdJouPb63WccAorLvRCGyQg1HjUIK/2wcBzmA3Vatjk0Ol4jX
+YaaqxYw9BU9QexNN7RCxPpdsfO8L/gIDAmR9rt/Nh+wFYEvXzcetbmRUtlnyX2e0
+2F35hsF4RxXrHAYepLiQbk+oWnYH8mWL5IED80PzjUifsIxDH9AWHUBvD+4NjxWI
+SQQYEQIACQUCP/I1DQIbDAAKCRAO93CW10xfInB4AKDKD5BulHRXb04ynP6YWel6
+I2g3fQCgqJEJLoUNcIF3tp2jF2jBr80WmM2VAbsEP/JSaxEEAKxxqlg9Kz9DZ/3N
+52BC0w+JtYKke39vpdWVDHR3MHmMJ/31Y2iSpm0fvRs3h1j9/fBVmLOZglNQyH62
+SxdJyZwCelkZzfUy/qLm9Qaqi7wpg0p4EbmWdoFF/A1Zg/MU7D5w5xu+EA1J77Z6
+QyALN9rIOXZ7rLLa64lw/MV4LdIPAKC449htJbbp5rkJHvBDs4YxEIkk5wP/X4hP
+GlIw5PlHrsG7hdahhTudV5hRGlvosnwsrYJXvKAQLAV1EV26SIYUH5pM/ycXrG25
+dqVoG56uQqnhBdUqo4iSnsxY3ZMA46D14REc9P//CGvJ/j2Z41gw8u8oB7rS50dj
+voaWb5myj7bhacTBdfah3U8dVXcIi1ZFvtiaGAYD+gIF7eNIdpaYiB0427un4ggc
+26+Y9nkF93DaMnZEaYSeum6g/g7D1vwINFgQkMYEWi4DK3W+uH0E/n8o20wS2wvM
+rbeYaQm5v6ucd001wwFDY6AdwpwP7UCLQcu6qqvwNHdxWYK6+gIsSufLmeMGrsvC
+0WQqYeu1GfGpHIMCZJlZAACff9jWuNkBIYwr0gZvXL9kMpPTORMJ4LQiVGVzdCB0
+d28gKG5vIHBwKSA8dHdvQGV4YW1wbGUuY29tPohfBBMRAgAfBQI/8lJrAhsDBwsJ
+CAcDAgEDFQIDAxYCAQIeAQIXgAAKCRCXPVDhxA/ez4BDAJ9sPyWbgc4424/Rt291
+voaJYdMdFwCdFAxAg7wN6d8qoZKEWJZUiopPvzGdATEEP/JSbxAEAMzYsfnax02A
+jMUvDYlGTaVUxp1n8zI8QqlcmWLfQhJuwOCXH0m4EVKaairp8K3rg5pjRhXNVvpU
+9aC37yWg4v6EP6Lm4CHKtBGeYDlMnWo/etT1d5bTZmmlEmbCeo0cWmtBQdXIMehF
+QfPIEeiQeJgDOClfgrf3/UMz79kzEvKrAAMGA/43c6bZ7IidduMk1uXsIb1FaZgx
+rk/QrgN4IFuuW4zoX62r1+a3xzAlyz1zDVxYKQNNdr4IVcLp/3pJI+/68WqWZpRN
+vGKUg4/D8J/5ZKjQI8uOujMvsFHqAoIO5hIP++YrNqICs8dS+dp2suwRpn0uNeZu
+wQY1h7IlAOikbRV7dQAA92kVxs7SWBQ/iTexM19Ih/AEK3xjAFOY+TlruFMjjLYO
+TohJBBgRAgAJBQI/8lJvAhsMAAoJEJc9UOHED97PLL4An2KG78IRsthGnHJOtnQP
+QrYoxb27AJ41qvZyQw0V5ClIAtEtd+JqUnxHmJUB1gQ/8lO9AQQAqFJWduzk11/m
+0Ac/K/mab0kzzr3UUor1bkxh4vcxJHOTZF3a9Y6t1WUpwlOXeCNkY98tRYUg6A40
+wFgkKz/4jdOaiDtHW2bOqrvJmJ/wH/5zdmDpthu53JEgXUKP/+j2dfrvYTZYxy2m
+11DA68QK9iPSBmksglFMQE2IJatwEAEACQEBAAP4vKABRIX7dtUOm2y6VyGsESE5
+D4YI1AhL0EWodt84EPEUvC1o61UuYbAe28JIHwjIKDLgDiedZ6hTBV3K5cI1aFHL
+421hDE0qtD+mVZhcRGnR2RHhr9gX6qX+4P8mV0w1nhdShwUhlFO1GuwQ2/dWKwYd
+XGbDW7P58LIiudGWuQIAwzxYBjmWvVl1Kqvf2s2qe0tmqhdU7g2Jt3lPDej/ckxU
+n/ESozKSu517zueU8IAkw+Vf2CM/UHntSZHE3yYY2QIA3LWUXwDxr0OL1MMRuLrK
+PZ2wrRZRmGU0IDDx3zBX5VMsR/WNMwPLo8iimBT2F7ez3umPqqrugRtJj6ryF3t3
+aQH+Kfst9psjWkmpBrEO99j4Gq6orYHnzd4fSnnOJEv4/ObdXrGBGwvV5RZblXCF
+A2kB3ShaYowpengtqBVzpD0cCZ6ntCZUZXN0IHRocmVlIChubyBwcCkgPHRocmVl
+QGV4YW1wbGUuY29tPoi1BBMBAgAfBQI/8lO9AhsDBwsJCAcDAgEDFQIDAxYCAQIe
+AQIXgAAKCRDRILYm7Kv1HWpDA/9sINfVYaTW7TOQolYn9Vee4feOTpl6+S4dkgLC
+OWoDG/V17k/cl7Jr/iQ+YRBOi0S/fFwMBn72kEvdOtmiUAqHGQFnTyXhBLLvqTJ/
+yEHR6hnZK+zsusY8EmvoIdfSTIOJqkeACEEpCr0aE0qkgBm4voMrZ05pAO2hFJba
+IHWHiQ==
+=52aT
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/secring.skr.asc b/tests/openpgp/secring.skr.asc
new file mode 100644
index 0000000..0081b59
--- /dev/null
+++ b/tests/openpgp/secring.skr.asc
@@ -0,0 +1,27 @@
+This is a test secring generated by pgp 5 beta
+
+Type Bits KeyID Created Expires Algorithm Use
+sec+ 768 439F02CA 1998-03-17 ---------- DSS Sign and Encrypt
+sub 768 CB879DE9 1998-03-17 ---------- Diffie-Hellman
+uid pgp5 test <pgp5@dev.null>
+
+There is no password on the key
+
+-----BEGIN PGP ARMORED FILE-----
+Version: GNUPG v0.2.13a (Linux)
+Comment: This is an alpha version!
+Comment: Use "gpgm --dearmor" for unpacking
+
+lQFbBDUOrE4RAwDbbxWAbWsheUJprK6VryMTpwDiYwMfL+92nrHqSfPqlpMWgDTia8qnpRSXbyEm
+Sppp/6/Ygp+N3n32Kznq7PjHXiuWLlZGvZMtzmvaMA17y0GY6oLBxS7rhASXIKa9hEUAoP+KBFly
+qNMdsK8j+ZO0A8rnImGrAwC1ddDme5iZFkTEWHhrtU97sEu2GDkSQB8HdX8CoRcrOz/B2WliF6qf
+BKhcZPFVBIhKNzjTfY7SEYAZk2zcsCm8elnwSLaGEzxKFNFBqKDNXP+a35spcqsHSGzDVw4VuKMD
+AJNnAP6skpHlhVAmecLZT9eRzVoOq1ivUIntK2Mh47qsL74q6BBwz2sviPU2Y3pDlbb6Ed0qJAXv
+dCT24hlfoGoXzkoDInkPJTJeL0gCnwmQPjvXFFd71Cvg5LaL4lIQLQAAn3GbgsWo+7E/hWakzstp
+TXzI2kDIDIm0GXBncDUgdGVzdCA8cGdwNUBkZXYubnVsbD6dAO8ENQ6sVhADAP8Fa5TbD6k8VmW1
+IjK1DfDI0xUdsVIbk8N3Hb0YIlT1E/6tZdfiNwqaKVQcf17gJIObBwfNM3OqWYOudmBVd3S6E3Hk
+u64nW+ZNt7B2toWRgnk6OgHcSDsud4Igjwz/RQACAgL/ToefzlcVKiPuobKfXHDhIUQPTfGic2Az
+47wkMoYHo9j9ZE7AWaliMdPz4jLyLfqqoU9mH8g+vJhyAc7UnAF2Sk5466FDypdPm5F9PTW3cqqI
+wJM4WgkSlM8J2hxH4YtlAADlG+pxFXNFuDPmcq6jL6dug2ikZ7hcHLAy7DddSS8OAA==
+=1UWo
+-----END PGP ARMORED FILE-----
diff --git a/tests/openpgp/signdemokey b/tests/openpgp/signdemokey
new file mode 100755
index 0000000..9a1257c
--- /dev/null
+++ b/tests/openpgp/signdemokey
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -e
+
+if [ $# != 3 ]; then
+ echo "Usage: signdemokey name user_id user_id_no"
+ exit 1
+fi
+name="$1"
+user_id="$2"
+user_id_no="$3"
+
+echo "abc" | ../g10/gpg2 --options ./gpg.conf --homedir $name \
+ --sign-key --batch --yes --passphrase-fd 0 $user_id \
+ $user_id_no sign save
+
diff --git a/tests/openpgp/signencrypt-dsa.test b/tests/openpgp/signencrypt-dsa.test
new file mode 100755
index 0000000..77ded12
--- /dev/null
+++ b/tests/openpgp/signencrypt-dsa.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+#info Checking signing and encryption for DSA
+for i in $plain_files $data_files ; do
+ $GPG $dsa_keyrings --always-trust -se -o x --yes \
+ -u "$dsa_usrname1" -r "$dsa_usrname2" $i
+ $GPG $dsa_keyrings -o y --yes x
+ cmp $i y || error "$i: mismatch"
+done
+
+for da in ripemd160 sha1; do
+ for i in $plain_files; do
+ $GPG $dsa_keyrings --always-trust -se -o x --yes --digest-algo $da \
+ -u "$dsa_usrname1" -r "$dsa_usrname2" $i
+ $GPG $dsa_keyrings -o y --yes x
+ cmp $i y || error "$i: mismatch"
+ # process only the first one
+ break
+ done
+done
diff --git a/tests/openpgp/signencrypt.test b/tests/openpgp/signencrypt.test
new file mode 100755
index 0000000..8ccbaf7
--- /dev/null
+++ b/tests/openpgp/signencrypt.test
@@ -0,0 +1,34 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+
+info "Checking signing and encryption"
+for i in $plain_files $data_files ; do
+ echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust \
+ -se -o x --yes -r "$usrname2" $i
+ $GPG -o y --yes x
+ cmp $i y || error "$i: mismatch"
+done
+
+i=$srcdir/bug537-test.data.asc
+info "Checking bug 537: MDC problem with old style compressed packets."
+echo "$usrpass1" | $GPG --passphrase-fd 0 -o y --yes $i
+tmp=`$GPG --with-colons --print-md sha1 <y`
+if [ "$tmp" != ":2:4336AE2A528FAE091E73E59E325B588FEE795F9B:" ]; then
+ error "$i: mismatch (bug 537)"
+fi
+
+
+
+
+
+
diff --git a/tests/openpgp/sigs-dsa.test b/tests/openpgp/sigs-dsa.test
new file mode 100755
index 0000000..8b3b14f
--- /dev/null
+++ b/tests/openpgp/sigs-dsa.test
@@ -0,0 +1,30 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+#info Checking DSA signatures (default digest algo)
+for i in $plain_files $data_files; do
+ $GPG $dsa_keyrings -s -o x --yes -u $dsa_usrname1 $i
+ $GPG $dsa_keyrings -o y --yes x
+ cmp $i y || error "$i: mismatch"
+done
+
+for da in ripemd160 sha1; do
+ for i in $plain_files; do
+ $GPG $dsa_keyrings --digest-algo $da \
+ -s -o x --yes -u $dsa_usrname1 $i
+ $GPG $dsa_keyrings -o y --yes x
+ cmp $i y || error "$i: mismatch"
+ # process only the first one
+ break
+ done
+done
+
diff --git a/tests/openpgp/sigs.test b/tests/openpgp/sigs.test
new file mode 100755
index 0000000..86b0cdc
--- /dev/null
+++ b/tests/openpgp/sigs.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+for i in $plain_files $data_files; do
+ echo "$usrpass1" | $GPG --passphrase-fd 0 -s -o x --yes $i
+ $GPG -o y --yes x
+ cmp $i y || error "$i: mismatch"
+done
+
+for da in `all_hash_algos` ; do
+ echo_n "$da "
+
+ # RSA key, so any hash is okay
+ if have_pubkey_algo "RSA"; then
+ for i in $plain_files; do
+ $GPG -u $usrname3 --digest-algo $da -s -o x --yes $i
+ $GPG -o y --yes x
+ cmp $i y || error "$i: mismatch"
+ # process only the first one
+ break
+ done
+ fi
+
+ # Using the DSA sig key - only 160 bit or larger hashes
+ if test $da != "MD5"; then
+ for i in $plain_files; do
+ echo "$usrpass1" | $GPG --passphrase-fd 0 --digest-algo $da \
+ -s -o x --yes $i
+ $GPG -o y --yes x
+ cmp $i y || error "$i: mismatch"
+ # process only the first one
+ break
+ done
+ fi
+done
+echo_n "| "
diff --git a/tests/openpgp/verify.test b/tests/openpgp/verify.test
new file mode 100755
index 0000000..eef61c7
--- /dev/null
+++ b/tests/openpgp/verify.test
@@ -0,0 +1,260 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+suspend_error
+
+#
+# Two simple tests to check that verify fails for bad input data
+#
+info "checking bogus signature 1"
+../../tools/mk-tdata --char 0x2d 64 >x
+$GPG --verify x data-500 && error "no error code from verify"
+info "checking bogus signature 2"
+../../tools/mk-tdata --char 0xca 64 >x
+$GPG --verify x data-500 && error "no error code from verify"
+
+linefeed
+
+# A variable to collect the test names
+tests=""
+
+# A plain signed message created using
+# echo abc | gpg --homedir . --passphrase-fd 0 -u Alpha -z0 -sa msg
+tests="$tests msg_ols_asc"
+msg_ols_asc='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
+dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
+aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
+cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
+cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
+IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
+UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
+D8luT78c/1x45Q==
+=a29i
+-----END PGP MESSAGE-----'
+
+# A plain signed message created using
+# echo abc | gpg --homedir . --passphrase-fd 0 -u Alpha -sa msg
+tests="$tests msg_cols_asc"
+msg_cols_asc='-----BEGIN PGP MESSAGE-----
+
+owGbwMvMwCSoW1RzPCOz3IRxLSN7EnNucboLT6Cgp0JJRmZeNpBMLFFIzMlRKMpM
+zyjRBQtm5qUrFKTmF+SkKmTmgdQVKyTnl+aVFFUqJBalKhRnJmcrJOalcJVkFqWm
+KOSnKSSlgrSU5OekQMzLL0rJzEsEKk9JTU7NK4EZBtKcBtRRWgAzlwtmbnlmSQbU
+GJjxCmDj9RQUPNVzFZJTi0oSM/NyKhXy8kuAYk6lJSBxLlTF2NziqZCYq8elq+Cb
+n1dSqRBQWZKRn8fVYc/MygAKBljYCDIFiTDMT+9seu836Q+bevyHTJ0dzPNuvCjn
+ZpgrwX38z58rJsfYDhwOSS4SkN/d6vUAAA==
+=s6sY
+-----END PGP MESSAGE-----'
+
+# A PGP 2 style message.
+tests="$tests msg_sl_asc"
+msg_sl_asc='-----BEGIN PGP MESSAGE-----
+
+iD8DBQBEDFJaLXJ8x2hpdzQRAkeCAKCZRBk2Pmx4w9h2LgosS0AppNNaWwCgiI5M
+yzgJpGTZtA/Jbk+/HP9ceOWtAQdiA21zZ0QMUlpJIHRoaW5rIHRoYXQgYWxsIHJp
+Z2h0LXRoaW5raW5nIHBlb3BsZSBpbiB0aGlzIGNvdW50cnkgYXJlIHNpY2sgYW5k
+CnRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBvcmRpbmFyeSBkZWNlbnQgcGVvcGxl
+IGFyZSBmZWQgdXAgaW4gdGhpcwpjb3VudHJ5IHdpdGggYmVpbmcgc2ljayBhbmQg
+dGlyZWQuICBJJ20gY2VydGFpbmx5IG5vdC4gIEJ1dCBJJ20Kc2ljayBhbmQgdGly
+ZWQgb2YgYmVpbmcgdG9sZCB0aGF0IEkgYW0uCi0gTW9udHkgUHl0aG9uCg==
+=0ukK
+-----END PGP MESSAGE-----'
+
+# An OpenPGP message lacking the onepass packet. We used to accept
+# such messages but now consider them invalid.
+tests="$tests bad_ls_asc"
+bad_ls_asc='-----BEGIN PGP MESSAGE-----
+
+rQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9w
+bGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0
+b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRo
+aXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRh
+aW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQg
+dGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IA
+oJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Q==
+=Mpiu
+-----END PGP MESSAGE-----'
+
+
+# A signed message prefixed with an unsigned literal packet.
+# (fols = faked-literal-data, one-pass, literal-data, signature)
+# This should throw an error because running gpg to extract the
+# signed data will return both literal data packets
+tests="$tests bad_fols_asc"
+bad_fols_asc='-----BEGIN PGP MESSAGE-----
+
+rF1iDG1zZy51bnNpZ25lZEQMY0x0aW1lc2hhcmluZywgbjoKCUFuIGFjY2VzcyBt
+ZXRob2Qgd2hlcmVieSBvbmUgY29tcHV0ZXIgYWJ1c2VzIG1hbnkgcGVvcGxlLgqQ
+DQMAAhEtcnzHaGl3NAGtAQdiA21zZ0QMUlpJIHRoaW5rIHRoYXQgYWxsIHJpZ2h0
+LXRoaW5raW5nIHBlb3BsZSBpbiB0aGlzIGNvdW50cnkgYXJlIHNpY2sgYW5kCnRp
+cmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBvcmRpbmFyeSBkZWNlbnQgcGVvcGxlIGFy
+ZSBmZWQgdXAgaW4gdGhpcwpjb3VudHJ5IHdpdGggYmVpbmcgc2ljayBhbmQgdGly
+ZWQuICBJJ20gY2VydGFpbmx5IG5vdC4gIEJ1dCBJJ20Kc2ljayBhbmQgdGlyZWQg
+b2YgYmVpbmcgdG9sZCB0aGF0IEkgYW0uCi0gTW9udHkgUHl0aG9uCog/AwUARAxS
+Wi1yfMdoaXc0EQJHggCgmUQZNj5seMPYdi4KLEtAKaTTWlsAoIiOTMs4CaRk2bQP
+yW5Pvxz/XHjl
+=UNM4
+-----END PGP MESSAGE-----'
+
+# A signed message suffixed with an unsigned literal packet.
+# (fols = faked-literal-data, one-pass, literal-data, signature)
+# This should throw an error because running gpg to extract the
+# signed data will return both literal data packets
+tests="$tests bad_olsf_asc"
+bad_olsf_asc='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
+dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
+aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
+cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
+cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
+IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
+UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
+D8luT78c/1x45axdYgxtc2cudW5zaWduZWREDGNMdGltZXNoYXJpbmcsIG46CglB
+biBhY2Nlc3MgbWV0aG9kIHdoZXJlYnkgb25lIGNvbXB1dGVyIGFidXNlcyBtYW55
+IHBlb3BsZS4K
+=3gnG
+-----END PGP MESSAGE-----'
+
+
+# Two standard signed messages in a row
+tests="$tests msg_olsols_asc_multiple"
+msg_olsols_asc_multiple='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
+dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
+aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
+cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
+cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
+IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
+UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
+D8luT78c/1x45ZANAwACES1yfMdoaXc0Aa0BB2IDbXNnRAxSWkkgdGhpbmsgdGhh
+dCBhbGwgcmlnaHQtdGhpbmtpbmcgcGVvcGxlIGluIHRoaXMgY291bnRyeSBhcmUg
+c2ljayBhbmQKdGlyZWQgb2YgYmVpbmcgdG9sZCB0aGF0IG9yZGluYXJ5IGRlY2Vu
+dCBwZW9wbGUgYXJlIGZlZCB1cCBpbiB0aGlzCmNvdW50cnkgd2l0aCBiZWluZyBz
+aWNrIGFuZCB0aXJlZC4gIEknbSBjZXJ0YWlubHkgbm90LiAgQnV0IEknbQpzaWNr
+IGFuZCB0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgSSBhbS4KLSBNb250eSBQeXRo
+b24KiD8DBQBEDFJaLXJ8x2hpdzQRAkeCAKCZRBk2Pmx4w9h2LgosS0AppNNaWwCg
+iI5MyzgJpGTZtA/Jbk+/HP9ceOU=
+=8nLN
+-----END PGP MESSAGE-----'
+
+# A standard message with two signatures (actually the same signature
+# duplicated).
+tests="$tests msg_oolss_asc"
+msg_oolss_asc='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBkA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGlu
+ayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5
+IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkg
+ZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJl
+aW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdt
+CnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5
+IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk
+01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Yg/AwUARAxSWi1yfMdoaXc0EQJHggCg
+mUQZNj5seMPYdi4KLEtAKaTTWlsAoIiOTMs4CaRk2bQPyW5Pvxz/XHjl
+=KVw5
+-----END PGP MESSAGE-----'
+
+# A standard message with two one-pass packet but only one signature
+# packet
+tests="$tests bad_ools_asc"
+bad_ools_asc='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBkA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGlu
+ayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5
+IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkg
+ZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJl
+aW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdt
+CnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5
+IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk
+01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Q==
+=1/ix
+-----END PGP MESSAGE-----'
+
+# Standard cleartext signature
+tests="$tests msg_cls_asc"
+msg_cls_asc=`cat <<EOF
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+I think that all right-thinking people in this country are sick and
+tired of being told that ordinary decent people are fed up in this
+country with being sick and tired. I'm certainly not. But I'm
+sick and tired of being told that I am.
+- - Monty Python
+-----BEGIN PGP SIGNATURE-----
+
+iD8DBQFEDVp1LXJ8x2hpdzQRAplUAKCMfpG3GPw/TLN52tosgXP5lNECkwCfQhAa
+emmev7IuQjWYrGF9Lxj+zj8=
+=qJsY
+-----END PGP SIGNATURE-----
+EOF
+`
+
+# Cleartext signature with two signatures
+tests="$tests msg_clss_asc"
+msg_clss_asc=`cat <<EOF
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+What is the difference between a Turing machine and the modern computer?
+It's the same as that between Hillary's ascent of Everest and the
+establishment of a Hilton on its peak.
+-----BEGIN PGP SIGNATURE-----
+
+iD8DBQFEDVz6LXJ8x2hpdzQRAtkGAKCeMhNbHnh339fpjNj9owsYcC4zBwCfYO5l
+2u+KEfXX0FKyk8SMzLjZ536IPwMFAUQNXPr+GAsdqeOwshEC2QYAoPOWAiQm0EF/
+FWIAQUplk7JWbyRKAJ92ZJyJpWfzb0yc1s7MY65r2qEHrg==
+=1Xvv
+-----END PGP SIGNATURE-----
+EOF
+`
+
+# Two clear text signatures in a row
+tests="$tests msg_clsclss_asc_multiple"
+msg_clsclss_asc_multiple="${msg_cls_asc}
+${msg_clss_asc}"
+
+
+# Fixme: We need more tests with manipulated cleartext signatures.
+
+
+#
+# Now run the tests.
+#
+for i in $tests ; do
+ info "checking: $i"
+ eval "(IFS=; echo \"\$$i\")" >x
+ case "$i" in
+ msg_*_asc)
+ $GPG --verify x || error "verify of $i failed"
+ ;;
+ msg_*_asc_multiple)
+ $GPG --verify --allow-multiple-messages x \
+ || error "verify of $i failed"
+ $GPG --verify x && error "verify of $i succeeded but should not"
+ ;;
+ bad_*_asc)
+ $GPG --verify x && error "verify of $i succeeded but should not"
+ ;;
+ *)
+ error "No handler for test case $i"
+ ;;
+ esac
+ linefeed
+done
+
+
+resume_error
diff --git a/tests/openpgp/version.test b/tests/openpgp/version.test
new file mode 100755
index 0000000..34733e2
--- /dev/null
+++ b/tests/openpgp/version.test
@@ -0,0 +1,17 @@
+#!/bin/sh
+# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
+# 2007 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+# print the GPG version
+$GPG --version
+
+#fixme: check that the output is correct
+
diff --git a/tests/pkits/ChangeLog-2011 b/tests/pkits/ChangeLog-2011
new file mode 100644
index 0000000..a98689e
--- /dev/null
+++ b/tests/pkits/ChangeLog-2011
@@ -0,0 +1,71 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2009-03-03 Werner Koch <wk@g10code.com>
+
+ * inittests (clean_files): Use /bin/pwd here as well.
+
+ * Makefile.am (run-all-tests): Also use /bin/pwd here.
+
+2009-02-19 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (TESTS_ENVIRONMENT): Use /bin/pwd
+ * common.sh: Ditto.
+
+2008-02-19 Werner Koch <wk@g10code.com>
+
+ * inittests: Unpack test data onlyu if available.
+ * common.sh: Skip tests if PKITS test data is not available.
+ * Makefile.am: Do not distribute test data. This allows to
+ include the test suite in the distribution.
+
+ * signature-verification: New.
+ * validity-periods: New.
+ * verifying-name-chaining: New.
+ * basic-certificate-revocation: New.
+ * verifying-paths-self-issued: New.
+ * verifying-basic-constraints: New.
+ * key-usage: New.
+ * certificate-policies: New.
+ * require-explicit-policy: New.
+ * policy-mappings: New.
+ * inhibit-policy-mapping: New.
+ * inhibit-any-policy: New.
+ * name-constraints: New.
+ * distribution-points: New.
+ * delta-crls: New.
+ * private-certificate-extensions: New.
+ * Makefile.am (testscripts): Add them.
+
+ * import-all-certs.data: Add section numbers.
+
+2008-02-18 Werner Koch <wk@g10code.com>
+
+ * import-all-certs.data: Adjust import tests results. Almost all
+ certificates should now be importable due to relaxed basic checks.
+
+ * inittests (clean_files): Disable all dirmngr access.
+
+2006-05-02 Werner Koch <wk@g10code.com>
+
+ * PKITS_data.tar.bz2: Repackaged new copy because the old one got
+ corrupted by the conversion from CVS to SVN.
+
+2004-08-16 Werner Koch <wk@g10code.de>
+
+ Started implementing PKITS based tests.
+
+
+ Copyright 2004, 2008 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/tests/pkits/Makefile.am b/tests/pkits/Makefile.am
new file mode 100644
index 0000000..8098ad2
--- /dev/null
+++ b/tests/pkits/Makefile.am
@@ -0,0 +1,75 @@
+# Makefile.am - tests using NIST's PKITS
+# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+## Process this file with automake to produce Makefile.in
+
+GPGSM = ../../sm/gpgsm
+
+TESTS_ENVIRONMENT = GNUPGHOME=`/bin/pwd` GPG_AGENT_INFO= LC_ALL=C \
+ GPGSM=$(GPGSM) silent=yes
+
+
+testscripts = import-all-certs validate-all-certs \
+ signature-verification \
+ validity-periods \
+ verifying-name-chaining \
+ basic-certificate-revocation \
+ verifying-paths-self-issued \
+ verifying-basic-constraints \
+ key-usage \
+ certificate-policies \
+ require-explicit-policy \
+ policy-mappings \
+ inhibit-policy-mapping \
+ inhibit-any-policy \
+ name-constraints \
+ distribution-points \
+ delta-crls \
+ private-certificate-extensions
+
+
+EXTRA_DIST = inittests runtest common.sh $(testscripts) ChangeLog-2011 \
+ import-all-certs.data
+
+TESTS = $(testscripts)
+
+CLEANFILES = inittests.stamp scratch.*.tmp x y z out err *.lock .\#lk* *.log
+
+DISTCLEANFILES = pubring.kbx~ random_seed
+
+all-local: inittests.stamp
+
+clean-local:
+ srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests --clean
+
+inittests.stamp: inittests
+ srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests
+ echo timestamp >./inittests.stamp
+
+
+run-all-tests: inittests.stamp
+ @set -e; \
+ GNUPGHOME=`/bin/pwd`; export GNUPGHOME;\
+ unset GPG_AGENT_INFO; \
+ for tst in $(testscripts); do \
+ if ./$${tst}; then : ; \
+ elif test $$? -eq 77; then echo "- SKIP $$tst"; \
+ fi; \
+ done
+
+
diff --git a/tests/pkits/Makefile.in b/tests/pkits/Makefile.in
new file mode 100644
index 0000000..5f79159
--- /dev/null
+++ b/tests/pkits/Makefile.in
@@ -0,0 +1,607 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Makefile.am - tests using NIST's PKITS
+# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = tests/pkits
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__tty_colors = \
+red=; grn=; lgn=; blu=; std=
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+GPGSM = ../../sm/gpgsm
+TESTS_ENVIRONMENT = GNUPGHOME=`/bin/pwd` GPG_AGENT_INFO= LC_ALL=C \
+ GPGSM=$(GPGSM) silent=yes
+
+testscripts = import-all-certs validate-all-certs \
+ signature-verification \
+ validity-periods \
+ verifying-name-chaining \
+ basic-certificate-revocation \
+ verifying-paths-self-issued \
+ verifying-basic-constraints \
+ key-usage \
+ certificate-policies \
+ require-explicit-policy \
+ policy-mappings \
+ inhibit-policy-mapping \
+ inhibit-any-policy \
+ name-constraints \
+ distribution-points \
+ delta-crls \
+ private-certificate-extensions
+
+EXTRA_DIST = inittests runtest common.sh $(testscripts) ChangeLog-2011 \
+ import-all-certs.data
+
+TESTS = $(testscripts)
+CLEANFILES = inittests.stamp scratch.*.tmp x y z out err *.lock .\#lk* *.log
+DISTCLEANFILES = pubring.kbx~ random_seed
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/pkits/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu tests/pkits/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ echo "$$grn$$dashes"; \
+ else \
+ echo "$$red$$dashes"; \
+ fi; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes$$std"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-local mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: all all-am all-local check check-TESTS check-am clean \
+ clean-generic clean-local distclean distclean-generic distdir \
+ dvi dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
+ pdf-am ps ps-am uninstall uninstall-am
+
+
+all-local: inittests.stamp
+
+clean-local:
+ srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests --clean
+
+inittests.stamp: inittests
+ srcdir=$(srcdir) $(TESTS_ENVIRONMENT) $(srcdir)/inittests
+ echo timestamp >./inittests.stamp
+
+run-all-tests: inittests.stamp
+ @set -e; \
+ GNUPGHOME=`/bin/pwd`; export GNUPGHOME;\
+ unset GPG_AGENT_INFO; \
+ for tst in $(testscripts); do \
+ if ./$${tst}; then : ; \
+ elif test $$? -eq 77; then echo "- SKIP $$tst"; \
+ fi; \
+ done
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tests/pkits/README b/tests/pkits/README
new file mode 100644
index 0000000..3fe238c
--- /dev/null
+++ b/tests/pkits/README
@@ -0,0 +1,37 @@
+tests/pkits/README
+
+These are tests based on NIST's Public Key Interoperability Test Suite
+(PKITS) as downloaded on 2006-05-02 from
+http://csrc.nist.gov/pki/testing/x509paths.html .
+
+README - this file.
+PKITS_data.tar.bz2 - the orginal ZIP file, repackaged as a tarball.
+Makefile.am - Part of our build system.
+import-all-certs - Run a simple import test on all certifcates
+validate-all-certs - Run an import and validate test on all certificates
+signature-verification - PKITS test 4.1
+validity-periods - PKITS test 4.2
+verifying-name-chaining - PKITS test 4.3
+basic-certificate-revocation - PKITS test 4.4
+verifying-paths-self-issued - PKITS test 4.5
+verifying-basic-constraints - PKITS test 4.6
+key-usage - PKITS test 4.7
+certificate-policies - PKITS test 4.8
+require-explicit-policy - PKITS test 4.9
+policy-mappings - PKITS test 4.10
+inhibit-policy-mapping - PKITS test 4.11
+inhibit-any-policy - PKITS test 4.12
+name-constraints - PKITS test 4.13
+distribution-points - PKITS test 4.14
+delta-crls - PKITS test 4.15
+private-certificate-extensions - PKITS test 4.16
+
+
+The password for the p12 files is "password".
+
+You may run the tests as usual with "make check" or after a plain make
+in this directory you may run the tests individually. When run in
+this way they will print easy to parse output to stdout. To run all
+tests in this mode, use "make run-all-tests". All test scripts create
+a log file with the suffix ".log" appended to the test script's name.
+
diff --git a/tests/pkits/basic-certificate-revocation b/tests/pkits/basic-certificate-revocation
new file mode 100755
index 0000000..496a82c
--- /dev/null
+++ b/tests/pkits/basic-certificate-revocation
@@ -0,0 +1,31 @@
+#!/bin/sh
+# basic-certificate-revocation - PKITS Test 4.4 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.4
+description="Basic Certificate Revocation"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/certificate-policies b/tests/pkits/certificate-policies
new file mode 100755
index 0000000..f472201
--- /dev/null
+++ b/tests/pkits/certificate-policies
@@ -0,0 +1,31 @@
+#!/bin/sh
+# certificate-policies - PKITS Test 4.8 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.8
+description="Certificate Policies"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/common.sh b/tests/pkits/common.sh
new file mode 100644
index 0000000..ca18b95
--- /dev/null
+++ b/tests/pkits/common.sh
@@ -0,0 +1,275 @@
+# common.sh - common defs for all tests -*- sh -*-
+# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+# reset some environment variables because we do not want to test locals
+LANG=C
+LANGUAGE=C
+LC_ALL=C
+export LANG LANGUAGE LC_ALL
+
+pgmname=`basename $0`
+
+if [ "$1" = "--debug" ]; then
+ debug=yes
+ set -x
+else
+ debug=
+fi
+[ -z "$srcdir" ] && srcdir="."
+[ -z "$top_srcdir" ] && top_srcdir=".."
+[ -z "$GPGSM" ] && GPGSM="../../sm/gpgsm"
+[ -z "$silent" ] && silent=no
+
+AWK=awk
+SCRATCH="scratch.$$.tmp"
+
+# We use this as the faked system time for certain tests.
+MYTIME="20080508T120000"
+
+
+if [ "$GNUPGHOME" != "`/bin/pwd`" ]; then
+ echo "inittests: please set GNUPGHOME to the tests/pkits directory" >&2
+ exit 1
+fi
+
+if [ -n "$GPG_AGENT_INFO" ]; then
+ echo "inittests: please unset GPG_AGENT_INFO" >&2
+ exit 1
+fi
+
+if [ -f PKITS_data.tar.bz2 ]; then
+ :
+else
+ if [ "$pgmname" = "import-all-certs" ]; then
+ if [ "$silent" = "yes" ]; then tmp1="Note: "; tmp2=' '
+ else tmp1="- ____ "; tmp2="$tmp1"
+ fi
+ echo "${tmp1}PKITS_data.tar.bz2 is not installed"
+ echo "${tmp2}All tests will be skipped (this is not an error)"
+ fi
+ # Exit code 77 is used by the Makefile for skipping a tests.
+ exit 77
+fi
+
+#--------------------------------
+#------ utility functions -------
+#--------------------------------
+
+echo_n_init=no
+echo_n () {
+ if test "$echo_n_init" = "no"; then
+ if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
+ if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
+ echo_n_n=
+ echo_n_c='
+'
+ else
+ echo_n_n='-n'
+ echo_n_c=
+ fi
+ else
+ echo_n_n=
+ echo_n_c='\c'
+ fi
+ echo_n_init=yes
+ fi
+ echo $echo_n_n "${1}$echo_n_c"
+}
+
+setup_output () {
+ if [ -z "$first_section_set" ]; then
+ first_section_set=$section
+ fi
+ section_out="$(echo $section)"
+ if [ -z "$section_out" ]; then
+ section_out="-"
+ fi
+}
+
+fatal () {
+ echo "$pgmname: fatal:" $* >&2
+ if [ "$silent" != "yes" ]; then
+ echo "$section_out ERROR: $* (fatal)"
+ fi
+ exit 1;
+}
+
+error () {
+ echo "$pgmname:" $* >&2
+ if [ "$silent" != "yes" ]; then
+ echo "$section_out ERROR: $*"
+ fi
+ exit 1
+}
+
+info () {
+ setup_output
+ echo "$pgmname:" $* >&2
+ if [ "$silent" != "yes" ]; then
+ echo "$section_out ____ $*"
+ fi
+}
+
+info_n () {
+ setup_output
+ echo_n "$pgmname:" $* >&2
+}
+
+pass () {
+ setup_output
+ echo "PASS: " $* >&2
+ pass_count=`expr ${pass_count} + 1`
+ if [ "$silent" != "yes" ]; then
+ echo_n "$section_out PASS"
+ if [ -n "$1" ]; then echo_n " $1"
+ elif [ -n "$description" ]; then echo_n " ($description)"
+ fi
+ echo
+ fi
+}
+
+fail () {
+ setup_output
+ echo "FAIL: " $* >&2
+ fail_count=`expr ${fail_count} + 1`
+ if [ "$silent" != "yes" ]; then
+ echo_n "$section_out FAIL"
+ if [ -n "$1" ]; then echo_n " $1"
+ elif [ -n "$description" ]; then echo_n " ($description)"
+ fi
+ echo
+ fi
+}
+
+skip () {
+ setup_output
+ echo "SKIP: " $* >&2
+ skip_count=`expr ${skip_count} + 1`
+ if [ "$silent" != "yes" ]; then
+ echo_n "$section_out SKIP"
+ if [ -n "$1" ]; then echo_n " $1"
+ elif [ -n "$description" ]; then echo_n " ($description)"
+ fi
+ echo
+ fi
+}
+
+unresolved () {
+ setup_output
+ echo "UNRESOLVED: " $* >&2
+ unresolved_count=`expr ${unresolved_count} + 1`
+ if [ "$silent" != "yes" ]; then
+ echo_n "$section_out UNRESOLVED"
+ if [ -n "$1" ]; then echo_n " $1"
+ elif [ -n "$description" ]; then echo_n " ($description)"
+ fi
+ echo
+ fi
+}
+
+
+final_result () {
+ section=$first_section_set
+ [ $pass_count = 0 ] || info "$pass_count tests passed"
+ [ $fail_count = 0 ] || info "$fail_count tests failed"
+ [ $skip_count = 0 ] || info "$unsupported_count tests skipped"
+ [ $unresolved_count = 0 ] || info "$unresolved_count tests unresolved"
+ [ -z "$debug" -a -f "$SCRATCH" ] && rm "$SCRATCH"
+ if [ $fail_count = 0 ]; then
+ info "all tests passed"
+ else
+ exit 1
+ fi
+}
+
+
+clean_homedir () {
+ [ -f pubring.kbx ] && rm pubring.kbx
+ if [ -d private-keys-v1.d ]; then
+ rm private-keys-v1.d/* 2>/dev/null || true
+ rmdir private-keys-v1.d
+ fi
+}
+
+start_test () {
+ section="$1"
+ description="$2"
+ test_status=none
+ echo "BEGIN TEST $section ($description)" >&2
+}
+
+end_test () {
+ case "$test_status" in
+ none) skip "($description) - test not implemented";;
+ pass) pass "($description)";;
+ fail) fail "($description)";;
+ setup) fail "($description) - setup failed";;
+ ns) skip "($description) - not supported";;
+ nys) skip "($description) - not yet supported";;
+ *) unresolved "$(description)";;
+ esac
+ echo "END TEST $section" >&2
+}
+
+set_status () {
+ if [ "$test_status" = "none" ]; then
+ test_status=$1
+ fi
+}
+
+need_cert () {
+ if [ "$2" = "--import-anyway" ]; then
+ if ! ${GPGSM} -q --debug-no-chain-validation --import certs/$1.crt
+ then
+ set_status setup
+ fi
+ else
+ if ! ${GPGSM} -q --import certs/$1.crt; then
+ set_status setup
+ fi
+ fi
+}
+
+need_crl () {
+ # CRL are not yet implemented
+ #set_status setup
+ :
+}
+
+
+
+set -e
+
+pass_count=0
+fail_count=0
+skip_count=0
+unresolved_count=0
+first_section_set=""
+section_out=""
+test_status=none
+
+# User settable variables
+section=""
+description=""
+
+
+#trap cleanup SIGHUP SIGINT SIGQUIT
+[ -z "$debug" ] && exec 2> ${pgmname}.log
+
+:
+# end
diff --git a/tests/pkits/delta-crls b/tests/pkits/delta-crls
new file mode 100755
index 0000000..2b91288
--- /dev/null
+++ b/tests/pkits/delta-crls
@@ -0,0 +1,31 @@
+#!/bin/sh
+# delta-crls - PKITS Test 4.15 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.15
+description="Delta-CRLs"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/distribution-points b/tests/pkits/distribution-points
new file mode 100755
index 0000000..2d59fcd
--- /dev/null
+++ b/tests/pkits/distribution-points
@@ -0,0 +1,31 @@
+#!/bin/sh
+# distribution-points - PKITS Test 4.14 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.14
+description="Distribution Points"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/import-all-certs b/tests/pkits/import-all-certs
new file mode 100755
index 0000000..51f3253
--- /dev/null
+++ b/tests/pkits/import-all-certs
@@ -0,0 +1,58 @@
+#!/bin/sh
+# import-all-certs - GnuPG import test -*- sh -*-
+# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=6
+description="GnuPG Import"
+info "Running $description tests"
+
+while read flag dummy section name; do
+ case $flag in \#*) continue ;; esac
+ [ -z "$(echo $flag)" ] && continue;
+
+ description="import $name"
+ if ${GPGSM} -q --import certs/$name ; then
+ if [ "$flag" = 'p' ]; then
+ pass "importing certificate \`$name' succeeded"
+ elif [ "$flag" = 'f' ]; then
+ fail "importing certificate \`$name' succeeded"
+ elif [ "$flag" = '?' ]; then
+ unresolved "importing certificate \`$name' succeeded"
+ elif [ "$flag" = 'u' ]; then
+ skip "importing certificate \`$name' succeeded"
+ else
+ info "importing certificate \`$name' succeeded - (flag=$flag)"
+ fi
+ else
+ if [ "$flag" = 'p' ]; then
+ fail "importing certificate \`$name' failed"
+ elif [ "$flag" = 'f' ]; then
+ pass "importing certificate \`$name' failed"
+ elif [ "$flag" = '?' ]; then
+ unresolved "importing certificate \`$name' failed"
+ elif [ "$flag" = 'u' ]; then
+ skip "importing certificate \`$name' failed"
+ else
+ info "importing certificate \`$name' failed - (flag=$flag)"
+ fi
+ fi
+done < $srcdir/import-all-certs.data
+
+final_result
diff --git a/tests/pkits/import-all-certs.data b/tests/pkits/import-all-certs.data
new file mode 100644
index 0000000..e91b9f1
--- /dev/null
+++ b/tests/pkits/import-all-certs.data
@@ -0,0 +1,471 @@
+# The first column is for the basic import test, the second for a
+# validation test, the third is the section number and th foruth the
+# filename of the certificate.
+
+# Make sure that the root certificate is imported first
+p p 6.1.5.1 TrustAnchorRootCertificate.crt
+
+p p 6.1.5.168 AllCertificatesNoPoliciesTest2EE.crt
+p p 6.1.5.204 AllCertificatesSamePoliciesTest10EE.crt
+p p 6.1.5.211 AllCertificatesSamePoliciesTest13EE.crt
+p p 6.1.5.207 AllCertificatesanyPolicyTest11EE.crt
+p p 6.1.5.212 AnyPolicyTest14EE.crt
+p p 6.1.5.41 BadCRLIssuerNameCACert.crt
+p p 6.1.5.38 BadCRLSignatureCACert.crt
+f f 6.1.5.6 BadSignedCACert.crt
+p f 6.1.5.16 BadnotAfterDateCACert.crt
+
+# UTC: "470101120100Z" i.e. not before 2047-01-01
+p f 6.1.5.10 BadnotBeforeDateCACert.crt
+
+p p 6.1.5.88 BasicSelfIssuedCRLSigningKeyCACert.crt
+p p 6.1.5.90 BasicSelfIssuedCRLSigningKeyCRLCert.crt
+
+p p 6.1.5.76 BasicSelfIssuedNewKeyCACert.crt
+p p 6.1.5.78 BasicSelfIssuedNewKeyOldWithNewCACert.crt
+p p 6.1.5.81 BasicSelfIssuedOldKeyCACert.crt
+p p 6.1.5.83 BasicSelfIssuedOldKeyNewWithOldCACert.crt
+
+p p 6.1.5.218 CPSPointerQualifierTest20EE.crt
+
+p u 6.1.5.572 DSACACert.crt
+u u 6.1.5.575 DSAParametersInheritedCACert.crt
+
+p p 6.1.5.210 DifferentPoliciesTest12EE.crt
+p p 6.1.5.171 DifferentPoliciesTest3EE.crt
+p p 6.1.5.174 DifferentPoliciesTest4EE.crt
+p p 6.1.5.177 DifferentPoliciesTest5EE.crt
+p p 6.1.5.191 DifferentPoliciesTest7EE.crt
+p p 6.1.5.198 DifferentPoliciesTest8EE.crt
+p p 6.1.5.203 DifferentPoliciesTest9EE.crt
+p p 6.1.5.64 GeneralizedTimeCRLnextUpdateCACert.crt
+p p 6.1.5.3 GoodCACert.crt
+p p 6.1.5.172 GoodsubCACert.crt
+
+# gpgsm: critical certificate extension 2.5.29.33 (policyMappings)
+# is not supported
+p u 6.1.5.300 GoodsubCAPanyPolicyMapping1to2CACert.crt
+
+p f 6.1.5.43 InvalidBadCRLIssuerNameTest5EE.crt
+
+p f 6.1.5.40 InvalidBadCRLSignatureTest4EE.crt
+p f 6.1.5.93 InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
+
+p f 6.1.5.94 InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
+
+p f 6.1.5.87 InvalidBasicSelfIssuedNewWithOldTest5EE.crt
+
+p f 6.1.5.80 InvalidBasicSelfIssuedOldWithNewTest2EE.crt
+
+p f 6.1.5.8 InvalidCASignatureTest2EE.crt
+
+p f 6.1.5.18 InvalidCAnotAfterDateTest5EE.crt
+p f 6.1.5.12 InvalidCAnotBeforeDateTest1EE.crt
+p f 6.1.5.439 InvalidDNSnameConstraintsTest31EE.crt
+p f 6.1.5.443 InvalidDNSnameConstraintsTest33EE.crt
+p f 6.1.5.562 InvalidDNSnameConstraintsTest38EE.crt
+p f 6.1.5.434 InvalidDNandRFC822nameConstraintsTest28EE.crt
+p f 6.1.5.435 InvalidDNandRFC822nameConstraintsTest29EE.crt
+p f 6.1.5.399 InvalidDNnameConstraintsTest10EE.crt
+p f 6.1.5.403 InvalidDNnameConstraintsTest12EE.crt
+p f 6.1.5.406 InvalidDNnameConstraintsTest13EE.crt
+p f 6.1.5.410 InvalidDNnameConstraintsTest15EE.crt
+p f 6.1.5.411 InvalidDNnameConstraintsTest16EE.crt
+p f 6.1.5.414 InvalidDNnameConstraintsTest17EE.crt
+
+p f 6.1.5.418 InvalidDNnameConstraintsTest20EE.crt
+
+p f 6.1.5.383 InvalidDNnameConstraintsTest2EE.crt
+p f 6.1.5.384 InvalidDNnameConstraintsTest3EE.crt
+p f 6.1.5.392 InvalidDNnameConstraintsTest7EE.crt
+p f 6.1.5.395 InvalidDNnameConstraintsTest8EE.crt
+p f 6.1.5.396 InvalidDNnameConstraintsTest9EE.crt
+
+p u 6.1.5.578 InvalidDSASignatureTest6EE.crt
+
+p f 6.1.5.9 InvalidEESignatureTest3EE.crt
+
+p f 6.1.5.19 InvalidEEnotAfterDateTest6EE.crt
+p f 6.1.5.13 InvalidEEnotBeforeDateTest2EE.crt
+p f 6.1.5.500 InvalidIDPwithindirectCRLTest23EE.crt
+p f 6.1.5.504 InvalidIDPwithindirectCRLTest26EE.crt
+p f 6.1.5.75 InvalidLongSerialNumberTest18EE.crt
+p f 6.1.5.293 InvalidMappingFromanyPolicyTest7EE.crt
+p f 6.1.5.296 InvalidMappingToanyPolicyTest8EE.crt
+p f 6.1.5.33 InvalidMissingCRLTest1EE.crt
+p f 6.1.5.97 InvalidMissingbasicConstraintsTest1EE.crt
+p f 6.1.5.25 InvalidNameChainingOrderTest2EE.crt
+p f 6.1.5.22 InvalidNameChainingTest1EE.crt
+p f 6.1.5.70 InvalidNegativeSerialNumberTest15EE.crt
+p f 6.1.5.60 InvalidOldCRLnextUpdateTest11EE.crt
+p f 6.1.5.302 InvalidPolicyMappingTest10EE.crt
+p f 6.1.5.276 InvalidPolicyMappingTest2EE.crt
+p f 6.1.5.284 InvalidPolicyMappingTest4EE.crt
+p f 6.1.5.422 InvalidRFC822nameConstraintsTest22EE.crt
+p f 6.1.5.426 InvalidRFC822nameConstraintsTest24EE.crt
+p f 6.1.5.430 InvalidRFC822nameConstraintsTest26EE.crt
+p f 6.1.5.36 InvalidRevokedCATest2EE.crt
+p f 6.1.5.37 InvalidRevokedEETest3EE.crt
+
+p f 6.1.5.379 InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt
+
+p f 6.1.5.376 InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt
+p f 6.1.5.348 InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt
+p f 6.1.5.349 InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt
+p f 6.1.5.345 InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt
+p f 6.1.5.346 InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt
+p f 6.1.5.143 InvalidSelfIssuedpathLenConstraintTest16EE.crt
+p f 6.1.5.270 InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt
+p f 6.1.5.272 InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt
+
+p f 6.1.5.567 InvalidSeparateCertificateandCRLKeysTest20EE.crt
+p f 6.1.5.571 InvalidSeparateCertificateandCRLKeysTest21EE.crt
+
+p f 6.1.5.447 InvalidURInameConstraintsTest35EE.crt
+p f 6.1.5.451 InvalidURInameConstraintsTest37EE.crt
+p f 6.1.5.53 InvalidUnknownCRLEntryExtensionTest8EE.crt
+p f 6.1.5.57 InvalidUnknownCRLExtensionTest10EE.crt
+p f 6.1.5.56 InvalidUnknownCRLExtensionTest9EE.crt
+p f 6.1.5.546 InvalidUnknownCriticalCertificateExtensionTest2EE.crt
+p f 6.1.5.46 InvalidWrongCRLTest6EE.crt
+p f 6.1.5.100 InvalidcAFalseTest2EE.crt
+p f 6.1.5.103 InvalidcAFalseTest3EE.crt
+p f 6.1.5.505 InvalidcRLIssuerTest27EE.crt
+p f 6.1.5.519 InvalidcRLIssuerTest31EE.crt
+p f 6.1.5.520 InvalidcRLIssuerTest32EE.crt
+p f 6.1.5.522 InvalidcRLIssuerTest34EE.crt
+p f 6.1.5.523 InvalidcRLIssuerTest35EE.crt
+p f 6.1.5.526 InvaliddeltaCRLIndicatorNoBaseTest1EE.crt
+p f 6.1.5.544 InvaliddeltaCRLTest10EE.crt
+p f 6.1.5.531 InvaliddeltaCRLTest3EE.crt
+p f 6.1.5.532 InvaliddeltaCRLTest4EE.crt
+p f 6.1.5.534 InvaliddeltaCRLTest6EE.crt
+p f 6.1.5.540 InvaliddeltaCRLTest9EE.crt
+p f 6.1.5.455 InvaliddistributionPointTest2EE.crt
+p f 6.1.5.456 InvaliddistributionPointTest3EE.crt
+p f 6.1.5.461 InvaliddistributionPointTest6EE.crt
+p f 6.1.5.463 InvaliddistributionPointTest8EE.crt
+p f 6.1.5.464 InvaliddistributionPointTest9EE.crt
+p f 6.1.5.352 InvalidinhibitAnyPolicyTest1EE.crt
+p f 6.1.5.359 InvalidinhibitAnyPolicyTest4EE.crt
+p f 6.1.5.366 InvalidinhibitAnyPolicyTest5EE.crt
+p f 6.1.5.369 InvalidinhibitAnyPolicyTest6EE.crt
+p f 6.1.5.313 InvalidinhibitPolicyMappingTest1EE.crt
+p f 6.1.5.321 InvalidinhibitPolicyMappingTest3EE.crt
+p f 6.1.5.331 InvalidinhibitPolicyMappingTest5EE.crt
+p f 6.1.5.336 InvalidinhibitPolicyMappingTest6EE.crt
+p f 6.1.5.162 InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt
+p f 6.1.5.153 InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt
+p f 6.1.5.165 InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt
+p f 6.1.5.156 InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt
+p f 6.1.5.477 InvalidonlyContainsAttributeCertsTest14EE.crt
+p f 6.1.5.473 InvalidonlyContainsCACertsTest12EE.crt
+p f 6.1.5.470 InvalidonlyContainsUserCertsTest11EE.crt
+p f 6.1.5.481 InvalidonlySomeReasonsTest15EE.crt
+p f 6.1.5.482 InvalidonlySomeReasonsTest16EE.crt
+p f 6.1.5.486 InvalidonlySomeReasonsTest17EE.crt
+p f 6.1.5.495 InvalidonlySomeReasonsTest20EE.crt
+p f 6.1.5.496 InvalidonlySomeReasonsTest21EE.crt
+p f 6.1.5.122 InvalidpathLenConstraintTest10EE.crt
+p f 6.1.5.129 InvalidpathLenConstraintTest11EE.crt
+p f 6.1.5.130 InvalidpathLenConstraintTest12EE.crt
+p f 6.1.5.111 InvalidpathLenConstraintTest5EE.crt
+p f 6.1.5.112 InvalidpathLenConstraintTest6EE.crt
+p f 6.1.5.121 InvalidpathLenConstraintTest9EE.crt
+p f 6.1.5.63 Invalidpre2000CRLnextUpdateTest12EE.crt
+p f 6.1.5.20 Invalidpre2000UTCEEnotAfterDateTest7EE.crt
+p f 6.1.5.245 InvalidrequireExplicitPolicyTest3EE.crt
+p f 6.1.5.263 InvalidrequireExplicitPolicyTest5EE.crt
+p p 6.1.5.71 LongSerialNumberCACert.crt
+p p 6.1.5.273 Mapping1to2CACert.crt
+p p 6.1.5.291 MappingFromanyPolicyCACert.crt
+p p 6.1.5.294 MappingToanyPolicyCACert.crt
+p p 6.1.5.95 MissingbasicConstraintsCACert.crt
+p p 6.1.5.23 NameOrderingCACert.crt
+p p 6.1.5.67 NegativeSerialNumberCACert.crt
+p p 6.1.5.32 NoCRLCACert.crt
+p p 6.1.5.166 NoPoliciesCACert.crt
+p p 6.1.5.465 NoissuingDistributionPointCACert.crt
+p p 6.1.5.58 OldCRLnextUpdateCACert.crt
+p p 6.1.5.184 OverlappingPoliciesTest6EE.crt
+p p 6.1.5.277 P12Mapping1to3CACert.crt
+p p 6.1.5.279 P12Mapping1to3subCACert.crt
+p p 6.1.5.281 P12Mapping1to3subsubCACert.crt
+p p 6.1.5.285 P1Mapping1to234CACert.crt
+p p 6.1.5.287 P1Mapping1to234subCACert.crt
+p p 6.1.5.305 P1anyPolicyMapping1to2CACert.crt
+p p 6.1.5.297 PanyPolicyMapping1to2CACert.crt
+p p 6.1.5.178 PoliciesP1234CACert.crt
+p p 6.1.5.180 PoliciesP1234subCAP123Cert.crt
+p p 6.1.5.182 PoliciesP1234subsubCAP123P12Cert.crt
+p p 6.1.5.185 PoliciesP123CACert.crt
+p p 6.1.5.187 PoliciesP123subCAP12Cert.crt
+p p 6.1.5.189 PoliciesP123subsubCAP12P1Cert.crt
+p p 6.1.5.199 PoliciesP123subsubCAP12P2Cert.crt
+p p 6.1.5.201 PoliciesP123subsubsubCAP12P2P1Cert.crt
+p p 6.1.5.192 PoliciesP12CACert.crt
+p p 6.1.5.194 PoliciesP12subCAP1Cert.crt
+p p 6.1.5.196 PoliciesP12subsubCAP1P2Cert.crt
+p p 6.1.5.175 PoliciesP2subCA2Cert.crt
+p p 6.1.5.169 PoliciesP2subCACert.crt
+p p 6.1.5.208 PoliciesP3CACert.crt
+p p 6.1.5.547 RFC3280MandatoryAttributeTypesCACert.crt
+p p 6.1.5.550 RFC3280OptionalAttributeTypesCACert.crt
+p p 6.1.5.34 RevokedsubCACert.crt
+p p 6.1.5.556 RolloverfromPrintableStringtoUTF8StringCACert.crt
+p p 6.1.5.569 SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
+p p 6.1.5.568 SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt
+p p 6.1.5.564 SeparateCertificateandCRLKeysCRLSigningCert.crt
+p p 6.1.5.563 SeparateCertificateandCRLKeysCertificateSigningCACert.crt
+p p 6.1.5.47 TwoCRLsCACert.crt
+p p 6.1.5.29 UIDCACert.crt
+p p 6.1.5.559 UTF8StringCaseInsensitiveMatchCACert.crt
+p p 6.1.5.553 UTF8StringEncodedNamesCACert.crt
+p p 6.1.5.51 UnknownCRLEntryExtensionCACert.crt
+p p 6.1.5.54 UnknownCRLExtensionCACert.crt
+p p 6.1.5.213 UserNoticeQualifierTest15EE.crt
+p p 6.1.5.214 UserNoticeQualifierTest16EE.crt
+p p 6.1.5.215 UserNoticeQualifierTest17EE.crt
+p p 6.1.5.216 UserNoticeQualifierTest18EE.crt
+p p 6.1.5.217 UserNoticeQualifierTest19EE.crt
+p p 6.1.5.92 ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt
+
+p p 6.1.5.85 ValidBasicSelfIssuedNewWithOldTest3EE.crt
+p p 6.1.5.86 ValidBasicSelfIssuedNewWithOldTest4EE.crt
+p p 6.1.5.79 ValidBasicSelfIssuedOldWithNewTest1EE.crt
+
+p p 6.1.5.5 ValidCertificatePathTest1EE.crt
+p p 6.1.5.438 ValidDNSnameConstraintsTest30EE.crt
+p p 6.1.5.442 ValidDNSnameConstraintsTest32EE.crt
+p p 6.1.5.433 ValidDNandRFC822nameConstraintsTest27EE.crt
+p p 6.1.5.400 ValidDNnameConstraintsTest11EE.crt
+
+# This certificate has an empty subject sequence. Our parser does not
+# support this yet and it is unlikely that gpgsm will be able to cope
+# with it at all.
+u u 6.1.5.407 ValidDNnameConstraintsTest14EE.crt
+
+p p 6.1.5.415 ValidDNnameConstraintsTest18EE.crt
+p p 6.1.5.417 ValidDNnameConstraintsTest19EE.crt
+
+p p 6.1.5.382 ValidDNnameConstraintsTest1EE.crt
+p p 6.1.5.385 ValidDNnameConstraintsTest4EE.crt
+p p 6.1.5.388 ValidDNnameConstraintsTest5EE.crt
+p p 6.1.5.391 ValidDNnameConstraintsTest6EE.crt
+
+u p 6.1.5.577 ValidDSAParameterInheritanceTest5EE.crt
+u p 6.1.5.574 ValidDSASignaturesTest4EE.crt
+
+p p 6.1.5.66 ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
+p p 6.1.5.21 ValidGeneralizedTimenotAfterDateTest8EE.crt
+p p 6.1.5.15 ValidGeneralizedTimenotBeforeDateTest4EE.crt
+p p 6.1.5.499 ValidIDPwithindirectCRLTest22EE.crt
+p p 6.1.5.502 ValidIDPwithindirectCRLTest24EE.crt
+p p 6.1.5.503 ValidIDPwithindirectCRLTest25EE.crt
+p p 6.1.5.73 ValidLongSerialNumberTest16EE.crt
+p p 6.1.5.74 ValidLongSerialNumberTest17EE.crt
+p p 6.1.5.28 ValidNameChainingCapitalizationTest5EE.crt
+p p 6.1.5.26 ValidNameChainingWhitespaceTest3EE.crt
+p p 6.1.5.27 ValidNameChainingWhitespaceTest4EE.crt
+p p 6.1.5.31 ValidNameUIDsTest6EE.crt
+p p 6.1.5.69 ValidNegativeSerialNumberTest14EE.crt
+p p 6.1.5.467 ValidNoissuingDistributionPointTest10EE.crt
+p p 6.1.5.303 ValidPolicyMappingTest11EE.crt
+p p 6.1.5.304 ValidPolicyMappingTest12EE.crt
+p p 6.1.5.307 ValidPolicyMappingTest13EE.crt
+p p 6.1.5.308 ValidPolicyMappingTest14EE.crt
+p p 6.1.5.275 ValidPolicyMappingTest1EE.crt
+p p 6.1.5.283 ValidPolicyMappingTest3EE.crt
+p p 6.1.5.289 ValidPolicyMappingTest5EE.crt
+p p 6.1.5.290 ValidPolicyMappingTest6EE.crt
+p p 6.1.5.299 ValidPolicyMappingTest9EE.crt
+p p 6.1.5.549 ValidRFC3280MandatoryAttributeTypesTest7EE.crt
+p p 6.1.5.552 ValidRFC3280OptionalAttributeTypesTest8EE.crt
+p p 6.1.5.421 ValidRFC822nameConstraintsTest21EE.crt
+p p 6.1.5.425 ValidRFC822nameConstraintsTest23EE.crt
+p p 6.1.5.429 ValidRFC822nameConstraintsTest25EE.crt
+p p 6.1.5.558 ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt
+p p 6.1.5.373 ValidSelfIssuedinhibitAnyPolicyTest7EE.crt
+
+p p 6.1.5.378 ValidSelfIssuedinhibitAnyPolicyTest9EE.crt
+
+p p 6.1.5.342 ValidSelfIssuedinhibitPolicyMappingTest7EE.crt
+
+p ? 6.1.5.140 ValidSelfIssuedpathLenConstraintTest15EE.crt
+
+p p 6.1.5.150 ValidSelfIssuedpathLenConstraintTest17EE.crt
+
+p ? 6.1.5.267 ValidSelfIssuedrequireExplicitPolicyTest6EE.crt
+
+p ? 6.1.5.566 ValidSeparateCertificateandCRLKeysTest19EE.crt
+
+p p 6.1.5.50 ValidTwoCRLsTest7EE.crt
+p p 6.1.5.446 ValidURInameConstraintsTest34EE.crt
+p p 6.1.5.450 ValidURInameConstraintsTest36EE.crt
+p p 6.1.5.561 ValidUTF8StringCaseInsensitiveMatchTest11EE.crt
+p p 6.1.5.555 ValidUTF8StringEncodedNamesTest9EE.crt
+p p 6.1.5.545 ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
+p p 6.1.5.106 ValidbasicConstraintsNotCriticalTest4EE.crt
+p p 6.1.5.510 ValidcRLIssuerTest28EE.crt
+p p 6.1.5.511 ValidcRLIssuerTest29EE.crt
+p p 6.1.5.515 ValidcRLIssuerTest30EE.crt
+p p 6.1.5.521 ValidcRLIssuerTest33EE.crt
+p p 6.1.5.530 ValiddeltaCRLTest2EE.crt
+p p 6.1.5.533 ValiddeltaCRLTest5EE.crt
+p p 6.1.5.535 ValiddeltaCRLTest7EE.crt
+p p 6.1.5.539 ValiddeltaCRLTest8EE.crt
+p p 6.1.5.454 ValiddistributionPointTest1EE.crt
+p p 6.1.5.457 ValiddistributionPointTest4EE.crt
+p p 6.1.5.460 ValiddistributionPointTest5EE.crt
+p p 6.1.5.462 ValiddistributionPointTest7EE.crt
+p p 6.1.5.353 ValidinhibitAnyPolicyTest2EE.crt
+p p 6.1.5.318 ValidinhibitPolicyMappingTest2EE.crt
+p p 6.1.5.322 ValidinhibitPolicyMappingTest4EE.crt
+p p 6.1.5.159 ValidkeyUsageNotCriticalTest3EE.crt
+p p 6.1.5.474 ValidonlyContainsCACertsTest13EE.crt
+p p 6.1.5.490 ValidonlySomeReasonsTest18EE.crt
+p p 6.1.5.494 ValidonlySomeReasonsTest19EE.crt
+p p 6.1.5.137 ValidpathLenConstraintTest13EE.crt
+p p 6.1.5.138 ValidpathLenConstraintTest14EE.crt
+p p 6.1.5.113 ValidpathLenConstraintTest7EE.crt
+p p 6.1.5.114 ValidpathLenConstraintTest8EE.crt
+p p 6.1.5.14 Validpre2000UTCnotBeforeDateTest3EE.crt
+p p 6.1.5.227 ValidrequireExplicitPolicyTest1EE.crt
+p p 6.1.5.236 ValidrequireExplicitPolicyTest2EE.crt
+p p 6.1.5.254 ValidrequireExplicitPolicyTest4EE.crt
+p p 6.1.5.44 WrongCRLCACert.crt
+p p 6.1.5.205 anyPolicyCACert.crt
+p p 6.1.5.98 basicConstraintsCriticalcAFalseCACert.crt
+p p 6.1.5.104 basicConstraintsNotCriticalCACert.crt
+p p 6.1.5.101 basicConstraintsNotCriticalcAFalseCACert.crt
+p p 6.1.5.527 deltaCRLCA1Cert.crt
+p p 6.1.5.536 deltaCRLCA2Cert.crt
+p p 6.1.5.541 deltaCRLCA3Cert.crt
+p p 6.1.5.524 deltaCRLIndicatorNoBaseCACert.crt
+p p 6.1.5.452 distributionPoint1CACert.crt
+p p 6.1.5.458 distributionPoint2CACert.crt
+p p 6.1.5.497 indirectCRLCA1Cert.crt
+p p 6.1.5.501 indirectCRLCA2Cert.crt
+p p 6.1.5.506 indirectCRLCA3Cert.crt
+p p 6.1.5.508 indirectCRLCA3cRLIssuerCert.crt
+p p 6.1.5.512 indirectCRLCA4Cert.crt
+p p 6.1.5.513 indirectCRLCA4cRLIssuerCert.crt
+p p 6.1.5.516 indirectCRLCA5Cert.crt
+p p 6.1.5.518 indirectCRLCA6Cert.crt
+p p 6.1.5.350 inhibitAnyPolicy0CACert.crt
+p p 6.1.5.354 inhibitAnyPolicy1CACert.crt
+
+p ? 6.1.5.370 inhibitAnyPolicy1SelfIssuedCACert.crt
+p ? 6.1.5.377 inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt
+
+p p 6.1.5.356 inhibitAnyPolicy1subCA1Cert.crt
+
+? ? 6.1.5.371 inhibitAnyPolicy1subCA2Cert.crt
+
+p p 6.1.5.367 inhibitAnyPolicy1subCAIAP5Cert.crt
+p p 6.1.5.374 inhibitAnyPolicy1subsubCA2Cert.crt
+p p 6.1.5.360 inhibitAnyPolicy5CACert.crt
+p p 6.1.5.362 inhibitAnyPolicy5subCACert.crt
+p p 6.1.5.364 inhibitAnyPolicy5subsubCACert.crt
+p p 6.1.5.358 inhibitAnyPolicyTest3EE.crt
+p p 6.1.5.309 inhibitPolicyMapping0CACert.crt
+p p 6.1.5.311 inhibitPolicyMapping0subCACert.crt
+p p 6.1.5.314 inhibitPolicyMapping1P12CACert.crt
+p p 6.1.5.316 inhibitPolicyMapping1P12subCACert.crt
+p p 6.1.5.332 inhibitPolicyMapping1P12subCAIPM5Cert.crt
+p p 6.1.5.319 inhibitPolicyMapping1P12subsubCACert.crt
+p p 6.1.5.334 inhibitPolicyMapping1P12subsubCAIPM5Cert.crt
+p p 6.1.5.337 inhibitPolicyMapping1P1CACert.crt
+
+# For yet unknown reasons gpgsm claims a bad signature.
+? ? 6.1.5.339 inhibitPolicyMapping1P1SelfIssuedCACert.crt
+? ? 6.1.5.347 inhibitPolicyMapping1P1SelfIssuedsubCACert.crt
+? ? 6.1.5.340 inhibitPolicyMapping1P1subCACert.crt
+
+p p 6.1.5.343 inhibitPolicyMapping1P1subsubCACert.crt
+p p 6.1.5.323 inhibitPolicyMapping5CACert.crt
+p p 6.1.5.325 inhibitPolicyMapping5subCACert.crt
+p p 6.1.5.327 inhibitPolicyMapping5subsubCACert.crt
+p p 6.1.5.329 inhibitPolicyMapping5subsubsubCACert.crt
+p p 6.1.5.160 keyUsageCriticalcRLSignFalseCACert.crt
+p p 6.1.5.151 keyUsageCriticalkeyCertSignFalseCACert.crt
+p p 6.1.5.157 keyUsageNotCriticalCACert.crt
+p p 6.1.5.163 keyUsageNotCriticalcRLSignFalseCACert.crt
+p p 6.1.5.154 keyUsageNotCriticalkeyCertSignFalseCACert.crt
+p p 6.1.5.380 nameConstraintsDN1CACert.crt
+
+? ? 6.1.5.416 nameConstraintsDN1SelfIssuedCACert.crt
+
+p p 6.1.5.401 nameConstraintsDN1subCA1Cert.crt
+p p 6.1.5.404 nameConstraintsDN1subCA2Cert.crt
+p p 6.1.5.431 nameConstraintsDN1subCA3Cert.crt
+p p 6.1.5.386 nameConstraintsDN2CACert.crt
+p p 6.1.5.389 nameConstraintsDN3CACert.crt
+p p 6.1.5.408 nameConstraintsDN3subCA1Cert.crt
+p p 6.1.5.412 nameConstraintsDN3subCA2Cert.crt
+p p 6.1.5.393 nameConstraintsDN4CACert.crt
+p p 6.1.5.397 nameConstraintsDN5CACert.crt
+p p 6.1.5.436 nameConstraintsDNS1CACert.crt
+p p 6.1.5.440 nameConstraintsDNS2CACert.crt
+p p 6.1.5.419 nameConstraintsRFC822CA1Cert.crt
+p p 6.1.5.423 nameConstraintsRFC822CA2Cert.crt
+p p 6.1.5.427 nameConstraintsRFC822CA3Cert.crt
+p p 6.1.5.444 nameConstraintsURI1CACert.crt
+p p 6.1.5.448 nameConstraintsURI2CACert.crt
+p p 6.1.5.475 onlyContainsAttributeCertsCACert.crt
+p p 6.1.5.471 onlyContainsCACertsCACert.crt
+p p 6.1.5.468 onlyContainsUserCertsCACert.crt
+p p 6.1.5.478 onlySomeReasonsCA1Cert.crt
+p p 6.1.5.483 onlySomeReasonsCA2Cert.crt
+p p 6.1.5.487 onlySomeReasonsCA3Cert.crt
+p p 6.1.5.491 onlySomeReasonsCA4Cert.crt
+p p 6.1.5.107 pathLenConstraint0CACert.crt
+
+? ? 6.1.5.139 pathLenConstraint0SelfIssuedCACert.crt
+? ? 6.1.5.141 pathLenConstraint0subCA2Cert.crt
+
+p p 6.1.5.109 pathLenConstraint0subCACert.crt
+p p 6.1.5.144 pathLenConstraint1CACert.crt
+
+? ? 6.1.5.146 pathLenConstraint1SelfIssuedCACert.crt
+? ? 6.1.5.149 pathLenConstraint1SelfIssuedsubCACert.crt
+? ? 6.1.5.147 pathLenConstraint1subCACert.crt
+
+p p 6.1.5.115 pathLenConstraint6CACert.crt
+p p 6.1.5.117 pathLenConstraint6subCA0Cert.crt
+p p 6.1.5.123 pathLenConstraint6subCA1Cert.crt
+p p 6.1.5.131 pathLenConstraint6subCA4Cert.crt
+p p 6.1.5.119 pathLenConstraint6subsubCA00Cert.crt
+p p 6.1.5.125 pathLenConstraint6subsubCA11Cert.crt
+p p 6.1.5.133 pathLenConstraint6subsubCA41Cert.crt
+p p 6.1.5.127 pathLenConstraint6subsubsubCA11XCert.crt
+p p 6.1.5.135 pathLenConstraint6subsubsubCA41XCert.crt
+p p 6.1.5.61 pre2000CRLnextUpdateCACert.crt
+p p 6.1.5.246 requireExplicitPolicy0CACert.crt
+p p 6.1.5.248 requireExplicitPolicy0subCACert.crt
+p p 6.1.5.250 requireExplicitPolicy0subsubCACert.crt
+p p 6.1.5.252 requireExplicitPolicy0subsubsubCACert.crt
+p p 6.1.5.219 requireExplicitPolicy10CACert.crt
+p p 6.1.5.221 requireExplicitPolicy10subCACert.crt
+p p 6.1.5.223 requireExplicitPolicy10subsubCACert.crt
+p p 6.1.5.225 requireExplicitPolicy10subsubsubCACert.crt
+p p 6.1.5.264 requireExplicitPolicy2CACert.crt
+
+# For yet unknown reasons gpgsm claims a bad signature.
+? ? 6.1.5.266 requireExplicitPolicy2SelfIssuedCACert.crt
+? ? 6.1.5.271 requireExplicitPolicy2SelfIssuedsubCACert.crt
+? ? 6.1.5.268 requireExplicitPolicy2subCACert.crt
+
+p p 6.1.5.237 requireExplicitPolicy4CACert.crt
+p p 6.1.5.239 requireExplicitPolicy4subCACert.crt
+p p 6.1.5.241 requireExplicitPolicy4subsubCACert.crt
+p p 6.1.5.243 requireExplicitPolicy4subsubsubCACert.crt
+p p 6.1.5.228 requireExplicitPolicy5CACert.crt
+p p 6.1.5.230 requireExplicitPolicy5subCACert.crt
+p p 6.1.5.232 requireExplicitPolicy5subsubCACert.crt
+p p 6.1.5.234 requireExplicitPolicy5subsubsubCACert.crt
+p p 6.1.5.255 requireExplicitPolicy7CACert.crt
+p p 6.1.5.257 requireExplicitPolicy7subCARE2Cert.crt
+p p 6.1.5.259 requireExplicitPolicy7subsubCARE2RE4Cert.crt
+p p 6.1.5.261 requireExplicitPolicy7subsubsubCARE2RE4Cert.crt
+
diff --git a/tests/pkits/inhibit-any-policy b/tests/pkits/inhibit-any-policy
new file mode 100755
index 0000000..5e625e2
--- /dev/null
+++ b/tests/pkits/inhibit-any-policy
@@ -0,0 +1,31 @@
+#!/bin/sh
+# inhibit-any-policy - PKITS Test 4.12 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.12
+description="Inhibit Any Policy"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/inhibit-policy-mapping b/tests/pkits/inhibit-policy-mapping
new file mode 100755
index 0000000..1da5f35
--- /dev/null
+++ b/tests/pkits/inhibit-policy-mapping
@@ -0,0 +1,31 @@
+#!/bin/sh
+# inhibit-policy-mapping - PKITS Test 4.11 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.11
+description="Inhibit Policy Mapping"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/inittests b/tests/pkits/inittests
new file mode 100755
index 0000000..5c29bdc
--- /dev/null
+++ b/tests/pkits/inittests
@@ -0,0 +1,108 @@
+#!/bin/sh
+# Copyright (C) 2004 Free Software Foundation, Inc. -*- sh -*-
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+set -e
+
+
+clean_files='
+ReadMe.txt pkits.ldif pkits.schema
+gpgsm.conf gpg-agent.conf trustlist.txt policies.txt pubring.kbx
+msg msg.sig msg.unsig
+'
+
+[ -z "$srcdir" ] && srcdir=.
+[ -z "$GPGSM" ] && GPGSM=../../sm/gpgsm
+
+#if [ -f $srcdir/README ] \
+# && grep tests/pkits/README README >/dev/null 2>&1; then
+# :
+#else
+# # During make distclean the Makefile has already been removed,
+# # so we need this extra test.
+# if ! grep gnupg-test-pkits-directory testdir.stamp >/dev/null 2>&1; then
+# echo "inittests: please cd to the tests/pkits directory first" >&2
+# exit 1
+# fi
+#fi
+
+if [ "$1" = "--clean" ]; then
+ if [ -d private-keys-v1.d ]; then
+ rm private-keys-v1.d/* 2>/dev/null || true
+ rmdir private-keys-v1.d
+ fi
+ rm ${clean_files} testdir.stamp 2>/dev/null || true
+ for i in certs certpairs crls pkcs12 smime; do
+ if [ -d $i ]; then
+ rm $i/* 2>/dev/null || true
+ rmdir $i
+ fi
+ done
+ exit 0
+fi
+
+if [ "$GNUPGHOME" != "`/bin/pwd`" ]; then
+ echo "inittests: please set GNUPGHOME to the tests/pkits directory" >&2
+ exit 1
+fi
+
+if [ -n "$GPG_AGENT_INFO" ]; then
+ echo "inittests: please unset GPG_AGENT_INFO" >&2
+ exit 1
+fi
+
+if test -f PKITS_data.tar.bz2; then
+ if ! bunzip2 -c PKITS_data.tar.bz2 | tar xf - ; then
+ echo "inittests: failed to untar the test data" >&2
+ exit 1
+ fi
+fi
+
+# A stamp file used with --clean
+echo gnupg-test-pkits-directory > testdir.stamp
+
+
+# Create the configuration scripts
+cat > gpgsm.conf <<EOF
+no-secmem-warning
+no-greeting
+batch
+disable-crl-checks
+disable-dirmngr
+agent-program ../../agent/gpg-agent
+no-common-certs-import
+EOF
+
+# The set of NIST test policies which should be used if anyPolicy is
+# not supported.
+cat > policies.txt <<EOF
+2.16.840.1.101.3.2.1.48.1
+2.16.840.1.101.3.2.1.48.2
+2.16.840.1.101.3.2.1.48.3
+2.16.840.1.101.3.2.1.48.4
+2.16.840.1.101.3.2.1.48.5
+2.16.840.1.101.3.2.1.48.6
+EOF
+
+# Fixme: we need to write a dummy pinentry program
+cat > gpg-agent.conf <<EOF
+no-grab
+EOF
+
+# Mark the root CA trusted
+cat > trustlist.txt <<EOF
+# /CN=Trust Anchor/O=Test Certificates/C=US
+66:8A:47:56:A2:DC:88:FF:DA:B8:95:E1:3C:63:37:55:5F:0A:F7:BF S
+EOF
+
+# Define the standard policies as NIST test-policy-1
+#cat >policies.txt <<EOF
+#2.16.840.1.101.3.2.1.48.1
+#EOF
diff --git a/tests/pkits/key-usage b/tests/pkits/key-usage
new file mode 100755
index 0000000..6e10bb9
--- /dev/null
+++ b/tests/pkits/key-usage
@@ -0,0 +1,28 @@
+#!/bin/sh
+# key-usage - PKITS Test 4.7 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.7
+description="Key Usage"
+info "Running $description tests"
+
+
+
+final_result
diff --git a/tests/pkits/name-constraints b/tests/pkits/name-constraints
new file mode 100755
index 0000000..8e36c28
--- /dev/null
+++ b/tests/pkits/name-constraints
@@ -0,0 +1,31 @@
+#!/bin/sh
+# name-constraints - PKITS Test 4.13 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.13
+description="Name Constraints"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/policy-mappings b/tests/pkits/policy-mappings
new file mode 100755
index 0000000..8ce9ee8
--- /dev/null
+++ b/tests/pkits/policy-mappings
@@ -0,0 +1,31 @@
+#!/bin/sh
+# policy-mappings - PKITS Test 4.10 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.10
+description="Policy Mappings"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/private-certificate-extensions b/tests/pkits/private-certificate-extensions
new file mode 100755
index 0000000..43f3425
--- /dev/null
+++ b/tests/pkits/private-certificate-extensions
@@ -0,0 +1,31 @@
+#!/bin/sh
+# private-certificate-extensions - PKITS Test 4.16 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.16
+description="Private Certificate Extensions"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/require-explicit-policy b/tests/pkits/require-explicit-policy
new file mode 100755
index 0000000..ceb87bd
--- /dev/null
+++ b/tests/pkits/require-explicit-policy
@@ -0,0 +1,31 @@
+#!/bin/sh
+# require-explicit-policy - PKITS Test 4.9 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.9
+description="Require Explicit Policy"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/runtest b/tests/pkits/runtest
new file mode 100755
index 0000000..f054a34
--- /dev/null
+++ b/tests/pkits/runtest
@@ -0,0 +1,4 @@
+#!/bin/sh
+[ -x "$1" ] && exec $1 $2
+exec sh $1 $2
+
diff --git a/tests/pkits/signature-verification b/tests/pkits/signature-verification
new file mode 100755
index 0000000..7765371
--- /dev/null
+++ b/tests/pkits/signature-verification
@@ -0,0 +1,167 @@
+#!/bin/sh
+# signature-verification - PKITS Test 4.1 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.1
+description="Signature Verification"
+info "Running $description tests"
+
+
+start_test 4.1.1 "Valid Signatures Test1"
+# The purpose of this test is to verify an application's ability to
+# name chain, signature chain, and check validity dates, on
+# certificates in a certification path. It also tests processing of
+# the basic constraints and key usage extensions in intermediate
+# certificates.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert GoodCACert
+need_crl GoodCACRL
+need_cert ValidCertificatePathTest1EE
+if $GPGSM --with-colons --with-validation --list-key 0x126B7002 >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ -n "$tmp" ] && set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ if sed '1,/^.$/d' smime/SignedValidSignaturesTest1.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_FULLY >/dev/null; then
+ set_status pass
+ else
+ set_status fail
+ fi
+fi
+end_test
+
+
+
+start_test 4.1.2 "Invalid CA Signatures Test2"
+# The purpose of this test is to verify an application's ability to
+# recognize an invalid signature on an intermediate certificate in a
+# certification path.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert BadSignedCACert --import-anyway
+need_crl BadSignedCACRL
+need_cert InvalidCASignatureTest2EE --import-anyway
+if $GPGSM --with-colons --with-validation --list-key 0xD667FE3C >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ "$tmp" = "i" ] || set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ if sed '1,/^.$/d' smime/SignedInvalidCASignatureTest2.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_NEVER >/dev/null; then
+ set_status pass
+ else
+ set_status fail
+ fi
+fi
+end_test
+
+
+
+start_test 4.1.3 "Invalid EE Signature Test3"
+# The purpose of this test is to verify an application's ability to
+# recognize an invalid signature on an end entity certificate in a
+# certification path.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert GoodCACert
+need_crl GoodCACRL
+need_cert InvalidEESignatureTest3EE --import-anyway
+if $GPGSM --with-colons --with-validation --list-key 0x42E1AEE3 >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ "$tmp" = "i" ] || set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ if sed '1,/^.$/d' smime/SignedInvalidEESignatureTest3.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_NEVER >/dev/null; then
+ set_status pass
+ else
+ set_status fail
+ fi
+fi
+end_test
+
+
+start_test 4.1.4 "Valid DSA Signatures Test4"
+# The purpose of this test is to verify an application's ability to
+# validate certificate in which DSA signatures are used. The
+# intermediate CA and the end entity have DSA key pairs.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert DSACACert
+need_crl DSACACRL
+need_cert ValidDSASignaturesTest4EE
+if $GPGSM --with-colons --with-validation --list-key 0x820A72B8 >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ -n "$tmp" ] && set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ # Note: This S/MIME file uses LF and not CR,LF. */
+ if sed '1,/^$/d' smime/SignedValidDSASignaturesTest4.eml \
+ | $GPGSM --verify --assume-base64 --status-fd 1 \
+ | grep TRUST_FULLY >/dev/null; then
+ set_status pass
+ else
+ set_status fail
+ fi
+fi
+end_test
+
+
+start_test 4.1.5 "Valid DSA Parameter Inheritance Test5"
+# The purpose of this test is to verify an application's ability to
+# validate DSA signatures when the DSA parameters are not included in
+# a certificate and need to be inherited from a previous certificate
+# in the path. The intermediate CAs and the end entity have DSA key
+# pairs.
+set_status nys
+end_test
+
+
+start_test 4.1.6 "Invalid DSA Signature Test6"
+# The purpose of this test is to verify an application's ability to
+# determine when a DSA signature is invalid. The intermediate CA and
+# the end entity have DSA key pairs.
+set_status nys
+end_test
+
+
+
+final_result
diff --git a/tests/pkits/validate-all-certs b/tests/pkits/validate-all-certs
new file mode 100755
index 0000000..b9da579
--- /dev/null
+++ b/tests/pkits/validate-all-certs
@@ -0,0 +1,59 @@
+#!/bin/sh
+# validate-all-certs - GnuPG import and validate tests -*- sh -*-
+# Copyright (C) 2004, 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=6
+description="GnuPG Import with Validation"
+info "Running $description tests"
+
+while read dummy flag section name; do
+ case $dummy in \#*) continue;; esac
+ [ -z "$(echo $dummy)" ] && continue;
+
+ description="import and validate $name"
+ if ${GPGSM} -q --import --with-validation --disable-crl-checks \
+ certs/$name ; then
+ if [ "$flag" = 'p' ]; then
+ pass "validating certificate \`$name' succeeded"
+ elif [ "$flag" = 'f' ]; then
+ fail "validating certificate \`$name' succeeded"
+ elif [ "$flag" = '?' ]; then
+ unresolved "validating certificate \`$name' succeeded"
+ elif [ "$flag" = 'u' ]; then
+ skip "validating certificate \`$name' succeeded"
+ else
+ info "validating certificate \`$name' succeeded - (flag=$flag)"
+ fi
+ else
+ if [ "$flag" = 'p' ]; then
+ fail "validating certificate \`$name' failed"
+ elif [ "$flag" = 'f' ]; then
+ pass "validating certificate \`$name' failed"
+ elif [ "$flag" = '?' ]; then
+ unresolved "validating certificate \`$name' failed"
+ elif [ "$flag" = 'u' ]; then
+ skip "validating certificate \`$name' failed"
+ else
+ info "validating certificate \`$name' failed - (flag=$flag)"
+ fi
+ fi
+done < $srcdir/import-all-certs.data
+
+final_result
diff --git a/tests/pkits/validity-periods b/tests/pkits/validity-periods
new file mode 100755
index 0000000..90f1764
--- /dev/null
+++ b/tests/pkits/validity-periods
@@ -0,0 +1,218 @@
+#!/bin/sh
+# validity-periods - PKITS Test 4.2 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.2
+description="Validity Periods"
+info "Running $description tests"
+
+start_test 4.2.1 "Invalid CA notBefore Date Test1"
+# In this test, the intermediate certificate's notBefore date is after
+# the current date.
+clean_homedir
+need_cert TrustAnchorRootCertificate
+need_crl TrustAnchorRootCRL
+need_cert BadnotBeforeDateCACert
+need_crl BadnotBeforeDateCACRL
+need_cert InvalidCAnotBeforeDateTest1EE
+if $GPGSM --faked-system-time $MYTIME \
+ --with-colons --with-validation --list-key 0x459ADD33 >$SCRATCH; then
+ tmp=$($AWK -F: '$1 == "crt" {any=1; print $2};
+ END {if(!any) print "error"}' $SCRATCH)
+ [ "$tmp" = "i" ] || set_status fail
+else
+ set_status fail
+fi
+if [ "$test_status" = "none" ]; then
+ if sed '1,/^.$/d' smime/SignedInvalidCAnotBeforeDateTest1.eml \
+ | $GPGSM --faked-system-time $MYTIME \
+ --verify --assume-base64 --status-fd 1 --logger-fd 1 \
+ | tee $SCRATCH \
+ | grep TRUST_UNDEFINED >/dev/null; then
+ if grep 'intermediate certificate not yet valid' $SCRATCH >/dev/null \
+ && grep 'invalid certification chain: Certificate too young' \
+ $SCRATCH >/dev/null
+ then
+ set_status pass
+ fi
+ fi
+ set_status fail
+fi
+end_test
+
+
+start_test 4.2.2 "Invalid EE notBefore Date Test2"
+# In this test, the end entity certificate's notBefore date is after
+# the current date.
+
+# Procedure: Validate Invalid EE notBefore Date Test2 EE using the
+# default settings or open and verify Signed Test Message 6.2.2.5
+# using the default settings.
+
+# Expected Result: The path should not validate successfully as the
+# notBefore date in the end entity certificate is after the current
+# date.
+
+# Certification Path: The certification path is composed of the
+# following objects: Trust Anchor Root Certificate, Trust Anchor
+# Root CRL Good CA Cert, Good CA CRL Invalid EE notBefore Date
+# Test2 EE
+
+end_test
+
+
+
+start_test 4.2.3 "Valid pre2000 UTC notBefore Date Test3"
+# In this test, the end entity certificate's notBefore date is set to
+# 1950 and is encoded in UTCTime.
+#
+# Procedure: Validate Valid pre2000 UTC notBefore Date Test3 EE
+# using the default settings or open and
+# verify Signed Test Message 6.2.2.6 using
+# the default settings.
+#
+# Expected Result: The path should validate successfully as the
+# notBefore date in the end entity
+# certificate is before the current date.
+#
+# Certification Path: The certification path is composed of the
+# following objects: Trust Anchor Root Certificate,
+# Trust Anchor Root CRL Good CA Cert, Good CA CRL Valid
+# pre2000 UTC notBefore Date Test3 EE
+#
+end_test
+
+
+
+start_test 4.2.4 "Valid GeneralizedTime notBefore Date Test4"
+# In this test, the end entity certificate's notBefore date is
+# specified in GeneralizedTime.
+#
+# Procedure: Validate Valid GeneralizedTime notBefore Date Test4 EE
+# using the default settings or open and
+# verify Signed Test Message 6.2.2.7 using
+# the default settings.
+#
+# Expected Result: The path should validate successfully.
+#
+# Certification Path:
+# The certification path is composed of the following objects:
+# Trust Anchor Root Certificate, Trust Anchor Root CRL
+# Good CA Cert, Good CA CRL
+# Valid GeneralizedTime notBefore Date Test4 EE
+#
+end_test
+
+
+
+start_test 4.2.5 "Invalid CA notAfter Date Test5"
+# In this test, the intermediate certificate's notAfter date is before
+# the current date.
+
+# Procedure: Validate Invalid CA notAfter Date Test5 EE using the
+# default settings or open and verify
+# Signed Test Message 6.2.2.8 using the
+# default settings.
+#
+# Expected Result: The path should not validate successfully as the
+# notAfter date in the intermediate
+# certificate is before the current date.
+#
+# Certification Path: The certification path is composed of the
+# following objects:
+#
+# Trust Anchor Root Certificate, Trust Anchor Root CRL
+# Bad notAfter Date CA Cert, Bad notAfter Date CA CRL
+# Invalid CA notAfter Date Test5 EE
+#
+end_test
+
+
+start_test 4.2.6 "Invalid EE notAfter Date Test6"
+# In this test, the end entity certificate's notAfter date is before
+# the current date.
+
+# Procedure: Validate Invalid EE notAfter Date Test6 EE using the
+# default settings or open and verify
+# Signed Test Message 6.2.2.9 using the
+# default settings.
+#
+# Expected Result: The path should not validate successfully as the
+# notAfter date in the end certificate is
+# before the current date.
+#
+# Certification Path: The certification path is composed of the
+# following objects:
+# Trust Anchor Root Certificate, Trust Anchor Root CRL
+# Good CA Cert, Good CA CRL
+# Invalid EE notAfter Date Test6 EE
+
+end_test
+
+
+start_test 4.2.7 "Invalid pre2000 UTC EE notAfter Date Test7"
+# In this test, the end entity certificate's notAfter date is 1999 and
+# is encoded in UTCTime.
+
+# Procedure: Validate Invalid pre2000 UTC EE notAfter Date Test7 EE
+# using the default settings or open and
+# verify Signed Test Message 6.2.2.10 using
+# the default settings.
+#
+# Expected Result: The path should not validate successfully as the
+# notAfter date in the end certificate is
+# before the current date.
+#
+#
+# Certification Path: The certification path is composed of the
+# following objects:
+#
+# Trust Anchor Root Certificate, Trust Anchor Root CRL
+# Good CA Cert, Good CA CRL
+# Invalid pre2000 UTC EE notAfter Date Test7 EE
+
+end_test
+
+
+
+start_test 4.2.8 "Valid GeneralizedTime notAfter Date Test8"
+# In this test, the end entity certificate's notAfter date is 2050 and
+# is encoded in GeneralizedTime.
+
+# Procedure: Validate Valid GeneralizedTime notAfter Date Test8 EE
+# using the default settings or open and
+# verify Signed Test Message 6.2.2.11 using
+# the default settings.
+#
+# Expected Result: The path should validate successfully as the
+# notAfter date in the end certificate is
+# after the current date.
+#
+#
+# Trust Anchor Root Certificate, Trust Anchor Root CRL
+# Good CA Cert, Good CA CRL
+# Valid GeneralizedTime notAfter Date Test8 EE
+
+end_test
+
+
+
+
+final_result
diff --git a/tests/pkits/verifying-basic-constraints b/tests/pkits/verifying-basic-constraints
new file mode 100755
index 0000000..0e052f3
--- /dev/null
+++ b/tests/pkits/verifying-basic-constraints
@@ -0,0 +1,31 @@
+#!/bin/sh
+# verifying-basic-constraints - PKITS Test 4.6 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.6
+description="Verifying Basic Constraints"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/verifying-name-chaining b/tests/pkits/verifying-name-chaining
new file mode 100755
index 0000000..9bdbb59
--- /dev/null
+++ b/tests/pkits/verifying-name-chaining
@@ -0,0 +1,31 @@
+#!/bin/sh
+# verifying-name-chaining - PKITS Test 4.3 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.3
+description="Verifying Name Chaining"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/pkits/verifying-paths-self-issued b/tests/pkits/verifying-paths-self-issued
new file mode 100755
index 0000000..443d7ad
--- /dev/null
+++ b/tests/pkits/verifying-paths-self-issued
@@ -0,0 +1,31 @@
+#!/bin/sh
+# verifying-paths-self-issued - PKITS Test 4.5 -*- sh -*-
+# Copyright (C) 2008 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+. ${srcdir:-.}/common.sh || exit 2
+
+section=4.5
+description="Verifying Paths with Self-Issued Certificates"
+info "Running $description tests"
+
+
+
+
+
+
+final_result
diff --git a/tests/runtest b/tests/runtest
new file mode 100755
index 0000000..8d50786
--- /dev/null
+++ b/tests/runtest
@@ -0,0 +1,4 @@
+#!/bin/sh
+[ -x "$1" ] && exec $1 $2
+exec ./asschk --no-echo -DGPGSM=${GPGSM} <"$1"
+
diff --git a/tests/samplekeys/32100C27173EF6E9C4E9A25D3D69F86D37A4F939.key b/tests/samplekeys/32100C27173EF6E9C4E9A25D3D69F86D37A4F939.key
new file mode 100644
index 0000000..cf0535f
--- /dev/null
+++ b/tests/samplekeys/32100C27173EF6E9C4E9A25D3D69F86D37A4F939.key
@@ -0,0 +1,18 @@
+(private-key
+ (oid.1.2.840.113549.1.1.1
+ (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)
+ (e #010001#)
+ (d #046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B117D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BDC543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781#)
+ (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)
+ (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f935a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)
+ (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891eebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)
+ )
+)
+
+
+
+
+
+
+
+
diff --git a/tests/samplekeys/cert_g10code_pete1.pem b/tests/samplekeys/cert_g10code_pete1.pem
new file mode 100644
index 0000000..c6f778a
--- /dev/null
+++ b/tests/samplekeys/cert_g10code_pete1.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID7jCCA1egAwIBAgIBADANBgkqhkiG9w0BAQQFADCBsTELMAkGA1UEBhMCREUx
+DDAKBgNVBAgTA05SVzETMBEGA1UEBxQKRPxzc2VsZG9yZjEWMBQGA1UEChMNZzEw
+IENvZGUgR21iSDEbMBkGA1UECxMSS2VyY2tob2ZmcyBUZXN0bGFiMRYwFAYDVQQD
+Ew1QZXRlciBQYW50aGVyMTIwMAYJKoZIhvcNAQkBFiNwZXRlci5wYW50aGVyQGtl
+cmNraG9mZnMuZzEwY29kZS5kZTAeFw0wMjA0MTIxNjU4MzFaFw0wMzA0MTIxNjU4
+MzFaMIGxMQswCQYDVQQGEwJERTEMMAoGA1UECBMDTlJXMRMwEQYDVQQHFApE/HNz
+ZWxkb3JmMRYwFAYDVQQKEw1nMTAgQ29kZSBHbWJIMRswGQYDVQQLExJLZXJja2hv
+ZmZzIFRlc3RsYWIxFjAUBgNVBAMTDVBldGVyIFBhbnRoZXIxMjAwBgkqhkiG9w0B
+CQEWI3BldGVyLnBhbnRoZXJAa2VyY2tob2Zmcy5nMTBjb2RlLmRlMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC/UYKEu+IZgvoUwbBaKT96SDsgnsOLkC7TWuP+
+td9qyjF+tQCSUdTqRDYyP44hLH24v4h9KsVxwl5iuncJCdNmpTHL4ika+3v7arGU
+DmGEHZOC3mHMzD+/dfqotse7C37AEMWSXguh4x2vmSESG9wnAxCgLl78j+RIuKUE
+RVK55wIDAQABo4IBEjCCAQ4wHQYDVR0OBBYEFDhJ93SfqHOecsryvYN01++o7qh/
+MIHeBgNVHSMEgdYwgdOAFDhJ93SfqHOecsryvYN01++o7qh/oYG3pIG0MIGxMQsw
+CQYDVQQGEwJERTEMMAoGA1UECBMDTlJXMRMwEQYDVQQHFApE/HNzZWxkb3JmMRYw
+FAYDVQQKEw1nMTAgQ29kZSBHbWJIMRswGQYDVQQLExJLZXJja2hvZmZzIFRlc3Rs
+YWIxFjAUBgNVBAMTDVBldGVyIFBhbnRoZXIxMjAwBgkqhkiG9w0BCQEWI3BldGVy
+LnBhbnRoZXJAa2VyY2tob2Zmcy5nMTBjb2RlLmRlggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEEBQADgYEADoBAUnaZIjp+T60s1at/tLa03TfYT8DdTQz+p/UF
+MFGPz9CTqsoN7NLFoXyq+RN9FipsGEKLMif7e/buRqlcir+ntxqQFdy6EYfxfu4n
+Dys8JxnhjcEqXSz+uPUE8jiGho5Tkveo+hurDKZ54CVTeJtvKrWpA6YkuhmL/zRz
+T7Y=
+-----END CERTIFICATE-----
diff --git a/tests/samplekeys/cert_g10code_test1.pem b/tests/samplekeys/cert_g10code_test1.pem
new file mode 100644
index 0000000..61d1f98
--- /dev/null
+++ b/tests/samplekeys/cert_g10code_test1.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFTCCAn6gAwIBAgIBADANBgkqhkiG9w0BAQQFADBrMQswCQYDVQQGEwJERTET
+MBEGA1UEBxQKRPxzc2VsZG9yZjEWMBQGA1UEChMNZzEwIENvZGUgR21iSDEZMBcG
+A1UECxMQQWVneXB0ZW4gUHJvamVjdDEUMBIGA1UEAxMLdGVzdCBjZXJ0IDEwHhcN
+MDExMjAzMDkzNjM4WhcNMDIxMjAzMDkzNjM4WjBrMQswCQYDVQQGEwJERTETMBEG
+A1UEBxQKRPxzc2VsZG9yZjEWMBQGA1UEChMNZzEwIENvZGUgR21iSDEZMBcGA1UE
+CxMQQWVneXB0ZW4gUHJvamVjdDEUMBIGA1UEAxMLdGVzdCBjZXJ0IDEwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAODOlvkLbJ4C85Ir6tqT/lCoderGvMGLuanP
+LoSWXKotH/laf1QkZcbAwZ0nbkUmzgSIaKepFP00PMOofddCkf/FZVBtW7sly6xq
+Di3R+LyqsNSinC83yVDzY0hL8mn3iRRARkuveYJ+A6NucLgUk47r3GPpZCR7513F
+iwFLfqJRAgMBAAGjgcgwgcUwHQYDVR0OBBYEFDM3jRKRwFRxgzhfCGW/qUv5jjTz
+MIGVBgNVHSMEgY0wgYqAFDM3jRKRwFRxgzhfCGW/qUv5jjTzoW+kbTBrMQswCQYD
+VQQGEwJERTETMBEGA1UEBxQKRPxzc2VsZG9yZjEWMBQGA1UEChMNZzEwIENvZGUg
+R21iSDEZMBcGA1UECxMQQWVneXB0ZW4gUHJvamVjdDEUMBIGA1UEAxMLdGVzdCBj
+ZXJ0IDGCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBshwQeijio
+2hsXZxZEIFoNldDpdxcbWUws5utNJ7hqxQr74fn2cL9rH7AycNWtZnyCTAk7Uqwc
+bH3z6CNoJH6U/k//ITk7w8PtM6nw6JhlXLD+C65Bifip6id2JtRQwl4kJ/tPpx+/
+42Muki3yVFN+BEGFPpI6hdJmh1Hz81k8GQ==
+-----END CERTIFICATE-----
diff --git a/tests/samplekeys/cert_g10code_theo1.pem b/tests/samplekeys/cert_g10code_theo1.pem
new file mode 100644
index 0000000..a7685c4
--- /dev/null
+++ b/tests/samplekeys/cert_g10code_theo1.pem
@@ -0,0 +1,40 @@
+
+ <GnupgKeyblock>
+ <mainkey>
+ <keyid></keyid>
+ <fpr>E76B5D4BA2CF0B05BBBE425CDBF4E9DC4904941D</fpr>
+ <algo>0</algo>
+ <len>1024</len>
+ <created>1017250241</created>
+ <expire>1048786241</expire>
+ </mainkey>
+ <userid>
+ <raw>1.2.840.113549.1.9.1=#7468656F62616C642E7469676572406B6572636B686F6666732E673130636F64652E6465,CN=Theobald Tiger,OU=Kerckhoffs Testlab,O=g10 Code GmbH,L=Düsseldorf,ST=NRW,C=de</raw>
+ </userid>
+ </GnupgKeyblock>
+
+
+-----BEGIN CERTIFICATE-----
+MIID9DCCA12gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBszELMAkGA1UEBhMCZGUx
+DDAKBgNVBAgTA05SVzETMBEGA1UEBxQKRPxzc2VsZG9yZjEWMBQGA1UEChMNZzEw
+IENvZGUgR21iSDEbMBkGA1UECxMSS2VyY2tob2ZmcyBUZXN0bGFiMRcwFQYDVQQD
+Ew5UaGVvYmFsZCBUaWdlcjEzMDEGCSqGSIb3DQEJARYkdGhlb2JhbGQudGlnZXJA
+a2VyY2tob2Zmcy5nMTBjb2RlLmRlMB4XDTAyMDMyNzE3MzA0MVoXDTAzMDMyNzE3
+MzA0MVowgbMxCzAJBgNVBAYTAmRlMQwwCgYDVQQIEwNOUlcxEzARBgNVBAcUCkT8
+c3NlbGRvcmYxFjAUBgNVBAoTDWcxMCBDb2RlIEdtYkgxGzAZBgNVBAsTEktlcmNr
+aG9mZnMgVGVzdGxhYjEXMBUGA1UEAxMOVGhlb2JhbGQgVGlnZXIxMzAxBgkqhkiG
+9w0BCQEWJHRoZW9iYWxkLnRpZ2VyQGtlcmNraG9mZnMuZzEwY29kZS5kZTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2N+6T7awrnWhg1g+HIE8TGn3e8OOkqmE
+v2k7uazL2aGUIk2Omg+2Jjq2dovotiSAjoVQFtJ+Ahk4aiGFA4Zdp34ZzijpXhD+
++xbFt1Vz/zBWlExpN9A5m2XPAbcW5rTMcl9O6jXKgu4sLDXOGOVCSOIpaQGwB3g3
+ti/p7J4lvFcCAwEAAaOCARQwggEQMB0GA1UdDgQWBBQTVJsLsvwdrA5XJMZyCECy
+gFdHGzCB4AYDVR0jBIHYMIHVgBQTVJsLsvwdrA5XJMZyCECygFdHG6GBuaSBtjCB
+szELMAkGA1UEBhMCZGUxDDAKBgNVBAgTA05SVzETMBEGA1UEBxQKRPxzc2VsZG9y
+ZjEWMBQGA1UEChMNZzEwIENvZGUgR21iSDEbMBkGA1UECxMSS2VyY2tob2ZmcyBU
+ZXN0bGFiMRcwFQYDVQQDEw5UaGVvYmFsZCBUaWdlcjEzMDEGCSqGSIb3DQEJARYk
+dGhlb2JhbGQudGlnZXJAa2VyY2tob2Zmcy5nMTBjb2RlLmRlggEAMAwGA1UdEwQF
+MAMBAf8wDQYJKoZIhvcNAQEEBQADgYEASILHzi6O8Gf4Xd98FFtln3FGLhlHlxKV
+xuO4Qn+qcBN7dFfQE3B/WKRR5jC8NTZHgGzAzcVv/ha2AAVs/zbSxE6lU04OOSJv
+qm9lo6lsm5P+C/NH/hSdlUfSoKbmt5ZAPYpOhHvmPQpLi4Iv4hjeFqoCN5OVXOXN
+OSgvBzegSSA=
+-----END CERTIFICATE-----
diff --git a/tests/sm-sign+verify b/tests/sm-sign+verify
new file mode 100644
index 0000000..1c3ae7d
--- /dev/null
+++ b/tests/sm-sign+verify
@@ -0,0 +1,73 @@
+# sm-sign+verify
+#
+# Creating a signature and verifying it
+# Requirements: a plain file "text-1.txt"
+
+srcdir = getenv srcdir
+plaintext = let $srcdir/text-1.txt
+
+in = openfile $plaintext
+out = createfile msg.sig
+in2 = openfile msg.sig
+out2 = createfile msg.unsig
+
+pipeserver $GPGSM
+send INPUT FD=$in
+expect-ok
+send OUTPUT FD=$out
+expect-ok
+send SIGN
+expect-ok
+
+send RESET
+expect-ok
+send INPUT FD=$in2
+expect-ok
+send OUTPUT FD=$out2
+expect-ok
+goodsig = count-status GOODSIG
+trusted = count-status TRUST_FULLY
+send VERIFY
+expect-ok
+echo goodsig=$goodsig trusted=$trusted
+fail-if !$goodsig
+fail-if !$trusted
+send BYE
+expect-ok
+
+# Unset variables so that the files get closed.
+in =
+out =
+in2 =
+out2=
+
+cmpfiles $plaintext msg.unsig
+fail-if !$?
+
+# Lets check it again with a new server instance, this time we keep
+# the server running to check whether the entire message has been
+# output after the VERIFY.
+in = openfile msg.sig
+out = createfile msg.unsig
+pipeserver $GPGSM
+send INPUT FD=$in
+expect-ok
+send OUTPUT FD=$out
+expect-ok
+goodsig = count-status GOODSIG
+trusted = count-status TRUST_FULLY
+send VERIFY
+expect-ok
+echo goodsig=$goodsig trusted=$trusted
+fail-if !$goodsig
+fail-if !$trusted
+
+cmpfiles $plaintext msg.unsig
+fail-if !$?
+
+send BYE
+expect-ok
+
+
+quit
+
diff --git a/tests/sm-verify b/tests/sm-verify
new file mode 100644
index 0000000..b06dc16
--- /dev/null
+++ b/tests/sm-verify
@@ -0,0 +1,114 @@
+# sm-verify
+#
+# Verify a few distributed signatures.
+# Requirements:
+#
+
+srcdir = getenv srcdir
+
+# Check an opaque signature
+sig = openfile $srcdir/text-1.osig.pem
+out = createfile msg.unsig
+pipeserver $GPGSM
+send INPUT FD=$sig
+expect-ok
+send OUTPUT FD=$out
+expect-ok
+badsig = count-status BADSIG
+goodsig = count-status GOODSIG
+trusted = count-status TRUST_FULLY
+send VERIFY
+expect-ok
+echo badsig=$badsig goodsig=$goodsig trusted=$trusted
+fail-if $badsig
+fail-if !$goodsig
+fail-if !$trusted
+send BYE
+expect-ok
+
+sig =
+out =
+cmpfiles $srcdir/text-1.txt msg.unsig
+fail-if !$?
+
+# Check a detached signature.
+sig = openfile $srcdir/text-1.dsig.pem
+plain = openfile $srcdir/text-1.txt
+pipeserver $GPGSM
+send INPUT FD=$sig
+expect-ok
+send MESSAGE FD=$plain
+expect-ok
+badsig = count-status BADSIG
+goodsig = count-status GOODSIG
+trusted = count-status TRUST_FULLY
+send VERIFY
+expect-ok
+echo badsig=$badsig goodsig=$goodsig trusted=$trusted
+fail-if $badsig
+fail-if !$goodsig
+fail-if !$trusted
+send BYE
+expect-ok
+
+# Check a tampered opaque message
+sig = openfile $srcdir/text-1.osig-bad.pem
+out = createfile msg.unsig
+
+pipeserver $GPGSM
+send INPUT FD=$sig
+expect-ok
+send OUTPUT FD=$out
+expect-ok
+badsig = count-status BADSIG
+goodsig = count-status GOODSIG
+trusted = count-status TRUST_FULLY
+send VERIFY
+expect-ok
+echo badsig=$badsig goodsig=$goodsig trusted=$trusted
+fail-if $goodsig
+fail-if !$badsig
+fail-if $trusted
+send BYE
+expect-ok
+
+# Check another opaque signature but without asking for the output.
+sig = openfile $srcdir/text-2.osig.pem
+
+pipeserver $GPGSM
+send INPUT FD=$sig
+expect-ok
+badsig = count-status BADSIG
+goodsig = count-status GOODSIG
+trusted = count-status TRUST_FULLY
+send VERIFY
+expect-ok
+echo badsig=$badsig goodsig=$goodsig trusted=$trusted
+fail-if $badsig
+fail-if !$goodsig
+fail-if !$trusted
+send BYE
+expect-ok
+
+# We als have tampered version.
+sig = openfile $srcdir/text-2.osig-bad.pem
+
+pipeserver $GPGSM
+send INPUT FD=$sig
+expect-ok
+badsig = count-status BADSIG
+goodsig = count-status GOODSIG
+trusted = count-status TRUST_FULLY
+send VERIFY
+expect-ok
+echo badsig=$badsig goodsig=$goodsig trusted=$trusted
+fail-if $goodsig
+fail-if !$badsig
+fail-if $trusted
+send BYE
+expect-ok
+
+
+quit
+
+
diff --git a/tests/text-1.dsig.pem b/tests/text-1.dsig.pem
new file mode 100644
index 0000000..a031ec2
--- /dev/null
+++ b/tests/text-1.dsig.pem
@@ -0,0 +1,27 @@
+-----BEGIN SIGNED MESSAGE-----
+MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAA
+oIIDGTCCAxUwggJ+oAMCAQICAQAwDQYJKoZIhvcNAQEEBQAwazELMAkGA1UEBhMC
+REUxEzARBgNVBAcUCkT8c3NlbGRvcmYxFjAUBgNVBAoTDWcxMCBDb2RlIEdtYkgx
+GTAXBgNVBAsTEEFlZ3lwdGVuIFByb2plY3QxFDASBgNVBAMTC3Rlc3QgY2VydCAx
+MB4XDTAxMTIwMzA5MzYzOFoXDTAyMTIwMzA5MzYzOFowazELMAkGA1UEBhMCREUx
+EzARBgNVBAcUCkT8c3NlbGRvcmYxFjAUBgNVBAoTDWcxMCBDb2RlIEdtYkgxGTAX
+BgNVBAsTEEFlZ3lwdGVuIFByb2plY3QxFDASBgNVBAMTC3Rlc3QgY2VydCAxMIGf
+MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgzpb5C2yeAvOSK+rak/5QqHXqxrzB
+i7mpzy6EllyqLR/5Wn9UJGXGwMGdJ25FJs4EiGinqRT9NDzDqH3XQpH/xWVQbVu7
+Jcusag4t0fi8qrDUopwvN8lQ82NIS/Jp94kUQEZLr3mCfgOjbnC4FJOO69xj6WQk
+e+ddxYsBS36iUQIDAQABo4HIMIHFMB0GA1UdDgQWBBQzN40SkcBUcYM4Xwhlv6lL
++Y408zCBlQYDVR0jBIGNMIGKgBQzN40SkcBUcYM4Xwhlv6lL+Y4086FvpG0wazEL
+MAkGA1UEBhMCREUxEzARBgNVBAcUCkT8c3NlbGRvcmYxFjAUBgNVBAoTDWcxMCBD
+b2RlIEdtYkgxGTAXBgNVBAsTEEFlZ3lwdGVuIFByb2plY3QxFDASBgNVBAMTC3Rl
+c3QgY2VydCAxggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAbIcE
+Hoo4qNobF2cWRCBaDZXQ6XcXG1lMLObrTSe4asUK++H59nC/ax+wMnDVrWZ8gkwJ
+O1KsHGx98+gjaCR+lP5P/yE5O8PD7TOp8OiYZVyw/guuQYn4qeondibUUMJeJCf7
+T6cfv+NjLpIt8lRTfgRBhT6SOoXSZodR8/NZPBkxggFXMIIBUwIBATBwMGsxCzAJ
+BgNVBAYTAkRFMRMwEQYDVQQHFApE/HNzZWxkb3JmMRYwFAYDVQQKEw1nMTAgQ29k
+ZSBHbWJIMRkwFwYDVQQLExBBZWd5cHRlbiBQcm9qZWN0MRQwEgYDVQQDEwt0ZXN0
+IGNlcnQgMQIBADAHBgUrDgMCGqBDMBwGCSqGSIb3DQEJBTEPFw0wMjA4MDgxMjIy
+NTRaMCMGCSqGSIb3DQEJBDEWBBR5MsAm+0wJAVQl3AAGYmnpxA4XLjALBgkqhkiG
+9w0BAQEEgYAZpBbucgorq56kl2rokCV1EAZcKgylfpEkqSz4RU6qNid+0NtjSAxi
+5164wjMLG71U9qSBX4XDdDQPHpH+PPF/8021kne2kPfeP68NiXK8CagdIqlnuJEj
+K934mVre7AIjrXqoob1ipUtCWeK+2uHXsUjtUn3u1Y3eWVZ6+1hDTAAAAAAAAA==
+-----END SIGNED MESSAGE-----
diff --git a/tests/text-1.osig-bad.pem b/tests/text-1.osig-bad.pem
new file mode 100644
index 0000000..0b5f4a4
--- /dev/null
+++ b/tests/text-1.osig-bad.pem
@@ -0,0 +1,45 @@
+The text in this message has been tampered.
+
+-----BEGIN SIGNED MESSAGE-----
+MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCAJIAEggPh
+SGlnaCBQcmllc3Q6CUFybWFtZW50cyBDaGFwdGVyIE9uZSwgdmVyc2VzIG5pbmUgdGhyb3Vn
+aCB0d2VudHktc2V2ZW46CkJyby4gTWF5bmFyZDoJQW5kIFNhaW50IEF0dGlsYSByYWlzZWQg
+dGhlIEhvbHkgSGFuZCBHcmVuYWRlIHVwIG9uIGhpZ2gKCXNheWluZywgIk9oIExvcmQsIEJs
+ZXNzIHVzIHRoaXMgSG9seSBIYW5kIEdyZW5hZGUsIGFuZCB3aXRoIGl0CglzbWFzaCBvdXIg
+ZW5lbWllcyB0byB0aW55IGJpdHMuIiAgQW5kIHRoZSBMb3JkIGRpZCBncmluLCBhbmQgdGhl
+CglwZW9wbGUgZGlkIGZlYXN0IHVwb24gdGhlIGxhbWJzLCBhbmQgc3RvYXRzLCBhbmQgb3Jh
+bmd1dGFucywgYW5kCglicmVha2Zhc3QgY2VyZWFscywgYW5kIGxpbWEgYmVhbi0KSGlnaCBQ
+cmllc3Q6CVNraXAgYSBiaXQsIHNpc3Rlci4gCkJyby4gTWF5bmFyZDoJQW5kIHRoZW4gdGhl
+IExvcmQgc3Bha2UsIHNheWluZzogIkZpcnN0LCBzaGFsdCB0aG91IHRha2UKCW91dCB0aGUg
+aG9seSBwaW4uICBUaGVuIHNoYWx0IHRob3UgY291bnQgdG8gdGhyZWUuICBObyBtb3JlLCBu
+byBsZXNzLgoJKlRocmVlKiBzaGFsbCBiZSB0aGUgbnVtYmVyIG9mIHRoZSBjb3VudGluZywg
+YW5kIHRoZSBudW1iZXIgb2YgdGhlCgljb3VudGluZyBzaGFsbCBiZSB0aHJlZS4gICpGb3Vy
+KiBzaGFsdCB0aG91IG5vdCBjb3VudCwgYW5kIG5laXRoZXIKCWNvdW50IHRob3UgdHdvLCBl
+eGNlcHRpbmcgdGhhdCB0aG91IHRoZW4gZ29lc3Qgb24gdG8gdGhyZWUuICBGaXZlIGlzCglS
+SUdIVCBPVVQuICBPbmNlIHRoZSBudW1iZXIgdGhyZWUsIGJlaW5nIHRoZSB0aGlyZCBudW1i
+ZXIgYmUgcmVhY2hlZCwKCXRoZW4gbG9iYmVzdCB0aG91IHRoeSBIb2x5IEhhbmQgR3JlbmFk
+ZSB0b3dhcmRzIHRoeSBmb2UsIHdobywgYmVpbmcKCW5hdWdodHkgaW4gbXkgc2lnaHQsIHNo
+YWxsIHNudWZmIGl0LiAgQW1lbi4KQWxsOglBbWVuLgoJCS0tIE1vbnR5IFB5dGhvbiwgIlRo
+ZSBIb2x5IEhhbmQgR3JlbmFkZSIKAAAAAAAAoIIDGTCCAxUwggJ+oAMCAQICAQAwDQYJKoZI
+hvcNAQEEBQAwazELMAkGA1UEBhMCREUxEzARBgNVBAcUCkT8c3NlbGRvcmYxFjAUBgNVBAoT
+DWcxMCBDb2RlIEdtYkgxGTAXBgNVBAsTEEFlZ3lwdGVuIFByb2plY3QxFDASBgNVBAMTC3Rl
+c3QgY2VydCAxMB4XDTAxMTIwMzA5MzYzOFoXDTAyMTIwMzA5MzYzOFowazELMAkGA1UEBhMC
+REUxEzARBgNVBAcUCkT8c3NlbGRvcmYxFjAUBgNVBAoTDWcxMCBDb2RlIEdtYkgxGTAXBgNV
+BAsTEEFlZ3lwdGVuIFByb2plY3QxFDASBgNVBAMTC3Rlc3QgY2VydCAxMIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQDgzpb5C2yeAvOSK+rak/5QqHXqxrzBi7mpzy6EllyqLR/5Wn9U
+JGXGwMGdJ25FJs4EiGinqRT9NDzDqH3XQpH/xWVQbVu7Jcusag4t0fi8qrDUopwvN8lQ82NI
+S/Jp94kUQEZLr3mCfgOjbnC4FJOO69xj6WQke+ddxYsBS36iUQIDAQABo4HIMIHFMB0GA1Ud
+DgQWBBQzN40SkcBUcYM4Xwhlv6lL+Y408zCBlQYDVR0jBIGNMIGKgBQzN40SkcBUcYM4Xwhl
+v6lL+Y4086FvpG0wazELMAkGA1UEBhMCREUxEzARBgNVBAcUCkT8c3NlbGRvcmYxFjAUBgNV
+BAoTDWcxMCBDb2RlIEdtYkgxGTAXBgNVBAsTEEFlZ3lwdGVuIFByb2plY3QxFDASBgNVBAMT
+C3Rlc3QgY2VydCAxggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAbIcEHoo4
+qNobF2cWRCBaDZXQ6XcXG1lMLObrTSe4asUK++H59nC/ax+wMnDVrWZ8gkwJO1KsHGx98+gj
+aCR+lP5P/yE5O8PD7TOp8OiYZVyw/guuQYn4qeondibUUMJeJCf7T6cfv+NjLpIt8lRTfgRB
+hT6SOoXSZodR8/NZPBkxggFXMIIBUwIBATBwMGsxCzAJBgNVBAYTAkRFMRMwEQYDVQQHFApE
+/HNzZWxkb3JmMRYwFAYDVQQKEw1nMTAgQ29kZSBHbWJIMRkwFwYDVQQLExBBZWd5cHRlbiBQ
+cm9qZWN0MRQwEgYDVQQDEwt0ZXN0IGNlcnQgMQIBADAHBgUrDgMCGqBDMBwGCSqGSIb3DQEJ
+BTEPFw0wMjA4MDgxMjIyNDZaMCMGCSqGSIb3DQEJBDEWBBR5MsAm+0wJAVQl3AAGYmnpxA4X
+LjALBgkqhkiG9w0BAQEEgYC+7rFtegP8v+Z5yI4CH/0Y4RK48DM1oFMSz4xySpERFTk9p5RP
+BDhOqaaACVKUdmNW6xYJAFo53tQxbBTZ12woctFLbLm9rs/F6Tz2JIA9GxpXInkKYdvkaVHb
+pvEQgeoezFc4fd4yB87kgq4zZTViFcCJ3OvjboCu9ltIeIn73AAAAAAAAA==
+-----END SIGNED MESSAGE-----
diff --git a/tests/text-1.osig.pem b/tests/text-1.osig.pem
new file mode 100644
index 0000000..7317350
--- /dev/null
+++ b/tests/text-1.osig.pem
@@ -0,0 +1,48 @@
+-----BEGIN SIGNED MESSAGE-----
+MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCA
+JIAEggPhSGlnaCBQcmllc3Q6CUFybWFtZW50cyBDaGFwdGVyIE9uZSwgdmVyc2Vz
+IG5pbmUgdGhyb3VnaCB0d2VudHktc2V2ZW46CkJyby4gTWF5bmFyZDoJQW5kIFNh
+aW50IEF0dGlsYSByYWlzZWQgdGhlIEhvbHkgSGFuZCBHcmVuYWRlIHVwIG9uIGhp
+Z2gKCXNheWluZywgIk9oIExvcmQsIEJsZXNzIHVzIHRoaXMgSG9seSBIYW5kIEdy
+ZW5hZGUsIGFuZCB3aXRoIGl0CglzbWFzaCBvdXIgZW5lbWllcyB0byB0aW55IGJp
+dHMuIiAgQW5kIHRoZSBMb3JkIGRpZCBncmluLCBhbmQgdGhlCglwZW9wbGUgZGlk
+IGZlYXN0IHVwb24gdGhlIGxhbWJzLCBhbmQgc3RvYXRzLCBhbmQgb3Jhbmd1dGFu
+cywgYW5kCglicmVha2Zhc3QgY2VyZWFscywgYW5kIGxpbWEgYmVhbi0KSGlnaCBQ
+cmllc3Q6CVNraXAgYSBiaXQsIGJyb3RoZXIuCkJyby4gTWF5bmFyZDoJQW5kIHRo
+ZW4gdGhlIExvcmQgc3Bha2UsIHNheWluZzogIkZpcnN0LCBzaGFsdCB0aG91IHRh
+a2UKCW91dCB0aGUgaG9seSBwaW4uICBUaGVuIHNoYWx0IHRob3UgY291bnQgdG8g
+dGhyZWUuICBObyBtb3JlLCBubyBsZXNzLgoJKlRocmVlKiBzaGFsbCBiZSB0aGUg
+bnVtYmVyIG9mIHRoZSBjb3VudGluZywgYW5kIHRoZSBudW1iZXIgb2YgdGhlCglj
+b3VudGluZyBzaGFsbCBiZSB0aHJlZS4gICpGb3VyKiBzaGFsdCB0aG91IG5vdCBj
+b3VudCwgYW5kIG5laXRoZXIKCWNvdW50IHRob3UgdHdvLCBleGNlcHRpbmcgdGhh
+dCB0aG91IHRoZW4gZ29lc3Qgb24gdG8gdGhyZWUuICBGaXZlIGlzCglSSUdIVCBP
+VVQuICBPbmNlIHRoZSBudW1iZXIgdGhyZWUsIGJlaW5nIHRoZSB0aGlyZCBudW1i
+ZXIgYmUgcmVhY2hlZCwKCXRoZW4gbG9iYmVzdCB0aG91IHRoeSBIb2x5IEhhbmQg
+R3JlbmFkZSB0b3dhcmRzIHRoeSBmb2UsIHdobywgYmVpbmcKCW5hdWdodHkgaW4g
+bXkgc2lnaHQsIHNoYWxsIHNudWZmIGl0LiAgQW1lbi4KQWxsOglBbWVuLgoJCS0t
+IE1vbnR5IFB5dGhvbiwgIlRoZSBIb2x5IEhhbmQgR3JlbmFkZSIKAAAAAAAAoIID
+GTCCAxUwggJ+oAMCAQICAQAwDQYJKoZIhvcNAQEEBQAwazELMAkGA1UEBhMCREUx
+EzARBgNVBAcUCkT8c3NlbGRvcmYxFjAUBgNVBAoTDWcxMCBDb2RlIEdtYkgxGTAX
+BgNVBAsTEEFlZ3lwdGVuIFByb2plY3QxFDASBgNVBAMTC3Rlc3QgY2VydCAxMB4X
+DTAxMTIwMzA5MzYzOFoXDTAyMTIwMzA5MzYzOFowazELMAkGA1UEBhMCREUxEzAR
+BgNVBAcUCkT8c3NlbGRvcmYxFjAUBgNVBAoTDWcxMCBDb2RlIEdtYkgxGTAXBgNV
+BAsTEEFlZ3lwdGVuIFByb2plY3QxFDASBgNVBAMTC3Rlc3QgY2VydCAxMIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgzpb5C2yeAvOSK+rak/5QqHXqxrzBi7mp
+zy6EllyqLR/5Wn9UJGXGwMGdJ25FJs4EiGinqRT9NDzDqH3XQpH/xWVQbVu7Jcus
+ag4t0fi8qrDUopwvN8lQ82NIS/Jp94kUQEZLr3mCfgOjbnC4FJOO69xj6WQke+dd
+xYsBS36iUQIDAQABo4HIMIHFMB0GA1UdDgQWBBQzN40SkcBUcYM4Xwhlv6lL+Y40
+8zCBlQYDVR0jBIGNMIGKgBQzN40SkcBUcYM4Xwhlv6lL+Y4086FvpG0wazELMAkG
+A1UEBhMCREUxEzARBgNVBAcUCkT8c3NlbGRvcmYxFjAUBgNVBAoTDWcxMCBDb2Rl
+IEdtYkgxGTAXBgNVBAsTEEFlZ3lwdGVuIFByb2plY3QxFDASBgNVBAMTC3Rlc3Qg
+Y2VydCAxggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAbIcEHoo4
+qNobF2cWRCBaDZXQ6XcXG1lMLObrTSe4asUK++H59nC/ax+wMnDVrWZ8gkwJO1Ks
+HGx98+gjaCR+lP5P/yE5O8PD7TOp8OiYZVyw/guuQYn4qeondibUUMJeJCf7T6cf
+v+NjLpIt8lRTfgRBhT6SOoXSZodR8/NZPBkxggFXMIIBUwIBATBwMGsxCzAJBgNV
+BAYTAkRFMRMwEQYDVQQHFApE/HNzZWxkb3JmMRYwFAYDVQQKEw1nMTAgQ29kZSBH
+bWJIMRkwFwYDVQQLExBBZWd5cHRlbiBQcm9qZWN0MRQwEgYDVQQDEwt0ZXN0IGNl
+cnQgMQIBADAHBgUrDgMCGqBDMBwGCSqGSIb3DQEJBTEPFw0wMjA4MDgxMjIyNDZa
+MCMGCSqGSIb3DQEJBDEWBBR5MsAm+0wJAVQl3AAGYmnpxA4XLjALBgkqhkiG9w0B
+AQEEgYC+7rFtegP8v+Z5yI4CH/0Y4RK48DM1oFMSz4xySpERFTk9p5RPBDhOqaaA
+CVKUdmNW6xYJAFo53tQxbBTZ12woctFLbLm9rs/F6Tz2JIA9GxpXInkKYdvkaVHb
+pvEQgeoezFc4fd4yB87kgq4zZTViFcCJ3OvjboCu9ltIeIn73AAAAAAAAA==
+-----END SIGNED MESSAGE-----
diff --git a/tests/text-1.txt b/tests/text-1.txt
new file mode 100644
index 0000000..b14c1a2
--- /dev/null
+++ b/tests/text-1.txt
@@ -0,0 +1,17 @@
+High Priest: Armaments Chapter One, verses nine through twenty-seven:
+Bro. Maynard: And Saint Attila raised the Holy Hand Grenade up on high
+ saying, "Oh Lord, Bless us this Holy Hand Grenade, and with it
+ smash our enemies to tiny bits." And the Lord did grin, and the
+ people did feast upon the lambs, and stoats, and orangutans, and
+ breakfast cereals, and lima bean-
+High Priest: Skip a bit, brother.
+Bro. Maynard: And then the Lord spake, saying: "First, shalt thou take
+ out the holy pin. Then shalt thou count to three. No more, no less.
+ *Three* shall be the number of the counting, and the number of the
+ counting shall be three. *Four* shalt thou not count, and neither
+ count thou two, excepting that thou then goest on to three. Five is
+ RIGHT OUT. Once the number three, being the third number be reached,
+ then lobbest thou thy Holy Hand Grenade towards thy foe, who, being
+ naughty in my sight, shall snuff it. Amen.
+All: Amen.
+ -- Monty Python, "The Holy Hand Grenade"
diff --git a/tests/text-2.osig-bad.pem b/tests/text-2.osig-bad.pem
new file mode 100644
index 0000000..5558448
--- /dev/null
+++ b/tests/text-2.osig-bad.pem
@@ -0,0 +1,28 @@
+The signature time in this message has been tampered.
+
+-----BEGIN SIGNED MESSAGE-----
+MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCAJIAEU01p
+bGl0YXJ5IGludGVsbGlnZW5jZSBpcyBhIGNvbnRyYWRpY3Rpb24gaW4gdGVybXMuCiAgICAg
+ICAgICAgICAgICAtLSBHcm91Y2hvIE1hcngKAAAAAAAAoIIDGTCCAxUwggJ+oAMCAQICAQAw
+DQYJKoZIhvcNAQEEBQAwazELMAkGA1UEBhMCREUxEzARBgNVBAcUCkT8c3NlbGRvcmYxFjAU
+BgNVBAoTDWcxMCBDb2RlIEdtYkgxGTAXBgNVBAsTEEFlZ3lwdGVuIFByb2plY3QxFDASBgNV
+BAMTC3Rlc3QgY2VydCAxMB4XDTAxMTIwMzA5MzYzOFoXDTAyMTIwMzA5MzYzOFowazELMAkG
+A1UEBhMCREUxEzARBgNVBAcUCkT8c3NlbGRvcmYxFjAUBgNVBAoTDWcxMCBDb2RlIEdtYkgx
+GTAXBgNVBAsTEEFlZ3lwdGVuIFByb2plY3QxFDASBgNVBAMTC3Rlc3QgY2VydCAxMIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgzpb5C2yeAvOSK+rak/5QqHXqxrzBi7mpzy6Ellyq
+LR/5Wn9UJGXGwMGdJ25FJs4EiGinqRT9NDzDqH3XQpH/xWVQbVu7Jcusag4t0fi8qrDUopwv
+N8lQ82NIS/Jp94kUQEZLr3mCfgOjbnC4FJOO69xj6WQke+ddxYsBS36iUQIDAQABo4HIMIHF
+MB0GA1UdDgQWBBQzN40SkcBUcYM4Xwhlv6lL+Y408zCBlQYDVR0jBIGNMIGKgBQzN40SkcBU
+cYM4Xwhlv6lL+Y4086FvpG0wazELMAkGA1UEBhMCREUxEzARBgNVBAcUCkT8c3NlbGRvcmYx
+FjAUBgNVBAoTDWcxMCBDb2RlIEdtYkgxGTAXBgNVBAsTEEFlZ3lwdGVuIFByb2plY3QxFDAS
+BgNVBAMTC3Rlc3QgY2VydCAxggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEA
+bIcEHoo4qNobF2cWRCBaDZXQ6XcXG1lMLObrTSe4asUK++H59nC/ax+wMnDVrWZ8gkwJO1Ks
+HGx98+gjaCR+lP5P/yE5O8PD7TOp8OiYZVyw/guuQYn4qeondibUUMJeJCf7T6cfv+NjLpIt
+8lRTfgRBhT6SOoXSZodR8/NZPBkxggFXMIIBUwIBATBwMGsxCzAJBgNVBAYTAkRFMRMwEQYD
+VQQHFApE/HNzZWxkb3JmMRYwFAYDVQQKEw1nMTAgQ29kZSBHbWJIMRkwFwYDVQQLExBBZWd5
+cHRlbiBQcm9qZWN0MRQwEgYDVQQDEwt0ZXN0IGNlcnQgMQIBADAHBgUrDgMCGqBDMBwGCSqG
+SIb3DQEJBTEPFw0wMjA4MDcxMjM4MjJaMCMGCSqGSIb3DQEJBDEWBBSzI9M4i+WJMTDoCeLu
+lJP7p1PCezALBgkqhkiG9w0BAQEEgYAqoJR3uJkChUhaH0EH3U5JpQApIhVEqedaKPT6BCPP
+WALFPzEa6YKzftA5e+Dap41UnB8nQ9rfwYty3hw5EulzV9iLnhGornQIgI6D5o7ymxyacsiY
+EarezxGXjuPMnyXcpTOgt+vz2k3qisjzxU32zpsOuK6U82PSHysX8rH9QgAAAAAAAA==
+-----END SIGNED MESSAGE-----
diff --git a/tests/text-2.osig.pem b/tests/text-2.osig.pem
new file mode 100644
index 0000000..57b5da9
--- /dev/null
+++ b/tests/text-2.osig.pem
@@ -0,0 +1,29 @@
+-----BEGIN SIGNED MESSAGE-----
+MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCA
+JIAEU01pbGl0YXJ5IGludGVsbGlnZW5jZSBpcyBhIGNvbnRyYWRpY3Rpb24gaW4g
+dGVybXMuCiAgICAgICAgICAgICAgICAtLSBHcm91Y2hvIE1hcngKAAAAAAAAoIID
+GTCCAxUwggJ+oAMCAQICAQAwDQYJKoZIhvcNAQEEBQAwazELMAkGA1UEBhMCREUx
+EzARBgNVBAcUCkT8c3NlbGRvcmYxFjAUBgNVBAoTDWcxMCBDb2RlIEdtYkgxGTAX
+BgNVBAsTEEFlZ3lwdGVuIFByb2plY3QxFDASBgNVBAMTC3Rlc3QgY2VydCAxMB4X
+DTAxMTIwMzA5MzYzOFoXDTAyMTIwMzA5MzYzOFowazELMAkGA1UEBhMCREUxEzAR
+BgNVBAcUCkT8c3NlbGRvcmYxFjAUBgNVBAoTDWcxMCBDb2RlIEdtYkgxGTAXBgNV
+BAsTEEFlZ3lwdGVuIFByb2plY3QxFDASBgNVBAMTC3Rlc3QgY2VydCAxMIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgzpb5C2yeAvOSK+rak/5QqHXqxrzBi7mp
+zy6EllyqLR/5Wn9UJGXGwMGdJ25FJs4EiGinqRT9NDzDqH3XQpH/xWVQbVu7Jcus
+ag4t0fi8qrDUopwvN8lQ82NIS/Jp94kUQEZLr3mCfgOjbnC4FJOO69xj6WQke+dd
+xYsBS36iUQIDAQABo4HIMIHFMB0GA1UdDgQWBBQzN40SkcBUcYM4Xwhlv6lL+Y40
+8zCBlQYDVR0jBIGNMIGKgBQzN40SkcBUcYM4Xwhlv6lL+Y4086FvpG0wazELMAkG
+A1UEBhMCREUxEzARBgNVBAcUCkT8c3NlbGRvcmYxFjAUBgNVBAoTDWcxMCBDb2Rl
+IEdtYkgxGTAXBgNVBAsTEEFlZ3lwdGVuIFByb2plY3QxFDASBgNVBAMTC3Rlc3Qg
+Y2VydCAxggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAbIcEHoo4
+qNobF2cWRCBaDZXQ6XcXG1lMLObrTSe4asUK++H59nC/ax+wMnDVrWZ8gkwJO1Ks
+HGx98+gjaCR+lP5P/yE5O8PD7TOp8OiYZVyw/guuQYn4qeondibUUMJeJCf7T6cf
+v+NjLpIt8lRTfgRBhT6SOoXSZodR8/NZPBkxggFXMIIBUwIBATBwMGsxCzAJBgNV
+BAYTAkRFMRMwEQYDVQQHFApE/HNzZWxkb3JmMRYwFAYDVQQKEw1nMTAgQ29kZSBH
+bWJIMRkwFwYDVQQLExBBZWd5cHRlbiBQcm9qZWN0MRQwEgYDVQQDEwt0ZXN0IGNl
+cnQgMQIBADAHBgUrDgMCGqBDMBwGCSqGSIb3DQEJBTEPFw0wMjA4MDgxMjM4MjJa
+MCMGCSqGSIb3DQEJBDEWBBSzI9M4i+WJMTDoCeLulJP7p1PCezALBgkqhkiG9w0B
+AQEEgYAqoJR3uJkChUhaH0EH3U5JpQApIhVEqedaKPT6BCPPWALFPzEa6YKzftA5
+e+Dap41UnB8nQ9rfwYty3hw5EulzV9iLnhGornQIgI6D5o7ymxyacsiYEarezxGX
+juPMnyXcpTOgt+vz2k3qisjzxU32zpsOuK6U82PSHysX8rH9QgAAAAAAAA==
+-----END SIGNED MESSAGE-----
diff --git a/tests/text-2.txt b/tests/text-2.txt
new file mode 100644
index 0000000..314c7a4
--- /dev/null
+++ b/tests/text-2.txt
@@ -0,0 +1,2 @@
+Military intelligence is a contradiction in terms.
+ -- Groucho Marx
diff --git a/tests/text-3.txt b/tests/text-3.txt
new file mode 100644
index 0000000..9345b55
--- /dev/null
+++ b/tests/text-3.txt
@@ -0,0 +1,2 @@
+Military justice is to justice what military music is to music.
+ -- Groucho Marx
diff --git a/tools/ChangeLog-2011 b/tools/ChangeLog-2011
new file mode 100644
index 0000000..1eca0b5
--- /dev/null
+++ b/tools/ChangeLog-2011
@@ -0,0 +1,1098 @@
+2011-12-02 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2011-08-04 Werner Koch <wk@g10code.com>
+
+ * symcryptrun.c: Include utmp.h for login_tty.
+
+ * gpgconf-comp.c (gc_process_gpgconf_conf): Remove unsued var
+ USED_COMPONENTS.
+
+2011-01-11 Werner Koch <wk@g10code.com>
+
+ * gpgtar.c, gpgtar.h, gpgtar-create.c, gpgtar-extract.c
+ * gpgtar-list.c: New. Take from GnuPG master and add missing
+ functions.
+ * Makefile.am (bin_PROGRAMS): Add gpgtar.
+ (gpgtar_SOURCES, gpgtar_CFLAGS, gpgtar_LDADD): New.
+
+2010-08-23 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (retrieve_options_from_program)
+ (retrieve_options_from_file, copy_file): Do not use ferror after a
+ failed fclose. Note that the stream is in any case invalid after
+ calling fclose and that fclose does set ERRNO.
+
+2010-08-19 Werner Koch <wk@g10code.com>
+
+ * gpgconf.c (main): Fix --check-options.
+
+2010-02-11 Marcus Brinkmann <marcus@g10code.de>
+
+ From 2009-09-23, 2009-11-04, 2009-11-05, 2009-12-08:
+
+ * gpg-connect-agent.c (read_and_print_response): Add arg WITHHASH.
+ (getinfo_pid_cb, read_and_print_response)
+ (main): Pass true for WITHHASH for the HELP command. Update to
+ new Assuan API. Update use of assuan_socket_connect and
+ assuan_pipe_connect. Convert posix fd to assuan fd.
+
+2010-01-10 Werner Koch <wk@g10code.com>
+
+ * symcryptrun.c (utmp.h): Remove header; it is not used.
+
+2009-12-18 Werner Koch <wk@g10code.com>
+
+ * applygnupgdefaults (errorfile): Use mktemp. Fixes bug#1146.
+
+2009-12-07 Werner Koch <wk@g10code.com>
+
+ * no-libgcrypt.c (gcry_strdup): Actually copy the string.
+
+2009-07-21 Werner Koch <wk@g10code.com>
+
+ * gpgsplit.c (my_strusage): Remove i18n stuff.
+
+2009-07-07 Werner Koch <wk@g10code.com>
+
+ * gpg-connect-agent.c (start_agent): Adjust for changed args of
+ send_pinentry_environment.
+
+2009-06-30 Werner Koch <wk@g10code.com>
+
+ * ccidmon.c (parse_line_sniffusb): Take also TAB as delimiter.
+
+2009-06-29 Werner Koch <wk@g10code.com>
+
+ * ccidmon.c (parse_line_sniffusb): New.
+ (main): Add option --sniffusb.
+
+2009-06-08 Werner Koch <wk@g10code.com>
+
+ * gpgconf.c (main): Call gnupg_reopen_std. Should fix bug#1072.
+
+2009-05-19 Werner Koch <wk@g10code.com>
+
+ * watchgnupg.c: Include jnlib/mischelp.h if required.
+ (main): Use SUN_LEN.
+
+2009-04-17 Werner Koch <wk@g10code.com>
+
+ * ccidmon.c: New.
+
+2009-03-03 Werner Koch <wk@g10code.com>
+
+ * gpgconf.c: New command --reload.
+
+ * gpgconf-comp.c (gc_component_reload): New.
+
+2009-03-02 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (scdaemon_runtime_change): Killsc d only if it is
+ not running.
+
+2009-02-27 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (gpg_agent_runtime_change): Declare static.
+ (scdaemon_runtime_change): New.
+ (gc_backend_scdaemon): Register new function.
+ (gc_options_scdaemon): Make most options runtime changable.
+
+2009-01-20 Werner Koch <wk@g10code.com>
+
+ * gpgconf.c (main): Print more directories.
+
+2008-12-09 Werner Koch <wk@g10code.com>
+
+ * gpg-check-pattern.c (main): Call i18n_init before
+ init_common_subsystems.
+ * gpg-connect-agent.c (main): Ditto.
+ * gpgconf.c (main): Ditto.
+ * symcryptrun.c (main): Ditto.
+
+2008-12-08 Werner Koch <wk@g10code.com>
+
+ * gpgkey2ssh.c (main): Change order of output for RSA. Change name
+ of DSA identifier. Reported by Daniel Kahn Gillmor. This is
+ bug#901.
+
+2008-12-05 Werner Koch <wk@g10code.com>
+
+ * gpg-connect-agent.c (opts): Use ARGPARSE_ macros.
+ (start_agent) [W32]: Start agent if not running.
+
+2008-12-03 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c <scdaemon>: Add option --card-timeout. Remove
+ unused option --disable-opensc.
+
+2008-10-20 Werner Koch <wk@g10code.com>
+
+ * gpgsplit.c (write_part): Remove unused arg FNAME. Change caller.
+ (do_split): Ditto.
+
+ * no-libgcrypt.c (gcry_control): Mark unused arg.
+ * gpg-connect-agent.c (do_recvfd): Ditto.
+ * gpgparsemail.c (mime_signed_begin, mime_encrypted_begin): Ditto.
+ (pkcs7_begin): Ditto.
+
+2008-10-01 Werner Koch <wk@g10code.com>
+
+ * gpg-connect-agent.c (main): New command datafile.
+ (read_and_print_response): Print to the defined datafile.
+
+2008-09-30 Werner Koch <wk@g10code.com>
+
+ * gpgconf.c (main) <aListDirs>: Print the bindir.
+
+2008-08-06 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (gc_options_gpgsm): Change type of keyserver
+ option to GC_ARG_TYPE_LDAP_SERVER.
+
+ * gpgconf-comp.c (retrieve_options_from_file): Transfer the
+ NO_CHANGE flag from the file name option to the list option.
+
+2008-06-19 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (GC_ARG_TYPE_ALIAS_LIST): New.
+ (gc_arg_type): Add fallback type.
+ (gc_options_gpg): Add option "group".
+
+2008-06-12 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (gc_options_gpgsm): Add option keyserver.
+
+2008-05-26 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c: Replace pathname by filename everywhere.
+
+ * gpgconf.c (enum cmd_and_opt_values): Add aListDirs.
+ (opts): Add aListDirs option.
+ (main): Handle aListDirs.
+ * gpgconf.h (gc_percent_escape): New declaration.
+ * gpgconf-comp.c (my_percent_escape): Make non-static and rename
+ to ...
+ (gc_percent_escape): ... this. Change all callers.
+
+2008-05-26 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (gpg_agent_runtime_change) [W32]: Issue
+ "reloadagent" command to gpg-agent.
+
+ * gpg-connect-agent.c (main): Allow server command on the command
+ line.
+
+2008-05-20 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf.h (gc_component_check_programs): Rename to ...
+ (gc_check_programs): ... this.
+ (gc_component_change_options): Add argument OUT.
+ (gc_component_check_options): New function.
+ * gpgconf.c (enum cmd_and_opt_values): New option aCheckOptions.
+ (opts): Add new option aCheckOptions (aka --check-options).
+ (main): Handle new option aCheckOptions.
+ * gpgconf-comp.c (gc_component_check_programs): Rename to ...
+ (gc_check_programs): ... this. Refactor core of it to ...
+ (gc_component_check_options): ... this new function.
+ (gc_component_change_options): Add new argument OUT. Externally
+ verify all changes. Implement option --dry-run.
+
+2008-05-09 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (my_dgettext) [USE_SIMPLE_GETTEXT]: Hack to
+ parly support translations.
+
+2008-04-08 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (gc_options_gpg): Add --auto-key-locate.
+
+2008-03-26 Werner Koch <wk@g10code.com>
+
+ * make-dns-cert.c: Include unistd.h. Use config.h if requested.
+ (cert_key): Protect read against EINTR.
+ (main): Print SVN revision for standalone version.
+
+2008-03-05 Werner Koch <wk@g10code.com>
+
+ * gpg-connect-agent.c (arithmetic_op): Add logical not, or and and.
+ (get_var_ext): Add functions errcode, errsource and errstring.
+ (read_and_print_response): Store server reply in $? variable.
+ (main): Implement IF command.
+
+2008-02-27 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (option_check_validity): For now, error out on
+ empty strings.
+ (enum): Add GC_ARG_TYPE_PUB_KEY and GC_ARG_TYPE_SEC_KEY.
+
+2008-02-01 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (gc_component_list_options): Fix memcpy.
+ Reported by Marc Mutz.
+
+2008-01-22 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c: Use gnupg domain for honor-http-proxy. Make
+ "LDAP server list" group title translatable.
+
+2008-01-17 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (change_options_program): Strip duplicated
+ utf8-strings entries for gnupg backend. Don't create them either.
+
+2007-12-10 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (gc_component_list_options): Fix up expert level
+ of group.
+
+2007-12-04 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (gc_component_list_components): Do not print a
+ trailing semi-colon to ensure forward compatibility, as this would
+ indicate another empty field.
+ (gc_process_gpgconf_conf): Likewise.
+
+2007-11-15 Werner Koch <wk@g10code.com>
+
+ * gpg-connect-agent.c (start_agent): Adjust changed
+ send_pinentry_environment.
+
+2007-10-24 Werner Koch <wk@g10code.com>
+
+ * gpg-connect-agent.c (substitute_line): Restore temporary nul
+ marker.
+ (main): Add /while command.
+
+2007-10-23 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (gc_process_gpgconf_conf): Add arg
+ LISTFP. Changed all callers.
+ * gpgconf.h: Add gc_error.
+ * gpgconf.c: Add command --list-config.
+ (get_outfp): New.
+ (main): Make --output work.
+
+ * gpgconf-comp.c (gc_options_gpg_agent): Replace accidently used
+ GC_BACKEND_SCDAEMON. We should consider to create these tables
+ from plain files.
+
+2007-10-22 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (retrieve_options_from_program): Replace use of
+ popen by our gnupg_spawn_process_fd. This is required because
+ popen under Windows can't handle long filenames.
+
+2007-10-19 Werner Koch <wk@g10code.com>
+
+ * symcryptrun.c (confucius_get_pass): Use utf8 switching functions.
+
+ * gpg-connect-agent.c (get_var_ext): New.
+ (substitute_line): Use it.
+ (assign_variable): Implement /slet in terms of get_var_ext.
+ (main): New option -s/--subst.
+ (add_definq): Add arg IS_VAR. Change all callers.
+ (main): Add command /definq.
+ (handle_inquire): Implement new command.
+ (substitute_line_copy): New.
+ (unescape_string, unpercent_string): New.
+ * no-libgcrypt.c (gcry_set_outofcore_handler)
+ (gcry_set_fatalerror_handler, gcry_set_log_handler): New.
+ * Makefile.am (gpg_connect_agent_LDADD): Link to libreadline.
+
+ * gpgconf-comp.c (retrieve_options_from_file): Don't call fclose
+ with NULL. Fixes bug 842.
+
+2007-10-12 Werner Koch <wk@g10code.com>
+
+ * gpg-connect-agent.c (substitute_line): Allow ${foo} syntax.
+
+2007-10-11 Werner Koch <wk@g10code.com>
+
+ * gpg-connect-agent.c (get_var): Expand environment variables.
+ Suggested by Marc Mutz.
+ (set_var): Return the value.
+ (assign_variable): Add arg syslet.
+ (main): New command /slet.
+ (gnu_getcwd): New.
+ (assign_variable): Add tag cwd, and *dir.
+
+2007-10-02 Werner Koch <wk@g10code.com>
+
+ * no-libgcrypt.c (gcry_malloc_secure): New.
+
+ * gpg-connect-agent.c (set_var, set_int_var, get_var)
+ (substitute_line, show_variables, assign_variable)
+ (do_open, do_close, do_showopen): New.
+ (main): Add new commands /nosubst, /subst, /let, /showvar, /open,
+ /close and /showopen.
+ (main): New commands /run and /bye.
+
+2007-10-01 Werner Koch <wk@g10code.com>
+
+ * gpg-connect-agent.c (do_sendfd): Use INT2FD for assuan_sendfd.
+
+2007-09-26 Werner Koch <wk@g10code.com>
+
+ * gpg-connect-agent.c (main): Print the first response from the
+ server.
+
+2007-09-14 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c: Make a string translatable.
+
+2007-09-04 Moritz Schulte <moritz@g10code.com>
+
+ * gpgsm-gencert.sh: Use printf instead of echo.
+
+2007-09-04 Moritz Schulte <moritz@g10code.com>
+
+ * gpgkey2ssh.c: Include sysutils.h so that gnupg_tmpfile() is
+ declared.
+
+2007-08-31 Werner Koch <wk@g10code.com>
+
+ * gpgparsemail.c: Support PGP/MIME signed messages.
+
+ * gpgconf-comp.c (gc_component_list_components): List the programs
+ names.
+
+2007-08-29 Werner Koch <wk@g10code.com>
+
+ * gpgconf.c: New command --check-programs.
+ * gpgconf-comp.c (gc_component_check_programs): New.
+ (gc_backend): Add member MODULE_NAME and add these module names.
+ (retrieve_options_from_program): Use module name so that we use an
+ absolute file name and don't rely on $PATH.
+ (collect_error_output): New.
+ * no-libgcrypt.c (gcry_control): New.
+
+2007-08-28 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c <gpg-agent>: Add options --max-passphrase-days
+ and --enable-passphrase-history.
+
+2007-08-27 Werner Koch <wk@g10code.com>
+
+ * gpg-check-pattern.c: New
+ * Makefile.am (libexec_PROGRAMS): Add unless DISABLE_REGEX.
+
+2007-08-24 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c <gpg-agent>: Add options --check-passphrase-pattern,
+ --min-passphrase-nonalpha and --enforce-passphrase-constraints and
+ move them into a new "passphrase policy" group.
+ (gc_component) [W32]: Enable dirmngr.
+
+2007-08-21 Werner Koch <wk@g10code.com>
+
+ * gpgkey2ssh.c (key_to_blob): Use gnupg_tmpfile().
+
+2007-08-02 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c: Factor the public GC_OPT_FLAG constants out and
+ include gc-opt-flags.h.
+
+2007-07-17 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c: Add --encrypt-to and --default-key to gpg and
+ gpgsm.
+
+2007-07-16 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpg-connect-agent.c (main): Bail out if write fails.
+
+2007-07-05 Marcus Brinkmann <marcus@g10code.de>
+
+ * symcryptrun.c (confucius_get_pass): Define orig_codeset if
+ [ENABLE_NLS], not [HAVE_LANGINFO_CODESET].
+
+2007-06-26 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (key_matches_user_or_group) [W32]: Implement user
+ name matching.
+ (GPGNAME): New. Use it instead of "gpg".
+ (gc_component) [W32]: Disable dirmngr for now.
+ (gc_component_retrieve_options): Ignore components without options.
+ (gc_component_change_options): Ditto.
+ (gc_component_list_options): Ditto.
+ (gc_component_find, gc_component_list_components): Ditto.
+
+2007-06-19 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (percent_escape): Rename to my_percent_escape.
+ Changed all callers.
+
+2007-06-18 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (retrieve_options_from_file): Close LIST_FILE.
+ (copy_file): In error case, save/restore errno. Close SRC and DST.
+ (gc_component_change_options): Catch error from unlink(). Remove
+ target backup file before rename().
+
+2007-06-15 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (copy_file) [HAVE_W32_SYSTEM]: New function.
+ (change_options_file, change_options_program) [HAVE_W32_SYSTEM]:
+ Copy backup file.
+ (gc_component_change_options) [HAVE_W32_SYSTEM]: Non-atomic replace.
+ (gc_process_gpgconf_conf): Rename fname to fname_arg and
+ fname_buffer to fname, initialize fname with fname_arg, discarding
+ const qualifier.
+
+2007-06-15 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (symcryptrun_LDADD): It is LIBICONV and not LIBINCONV.
+ (gpgconf_LDADD, symcryptrun_LDADD): Add W32SOCKLIBS.
+
+2007-06-14 Werner Koch <wk@g10code.com>
+
+ * symcryptrun.c (main): Setup default socket name for
+ simple-pwquery.
+ (MAP_SPWQ_ERROR_IMPL): New. Use it for all spwq error returns.
+
+2007-06-12 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (gc_process_gpgconf_conf): Replace
+ GNUPG_SYSCONFDIR by a function call.
+
+ * gpg-connect-agent.c (main): Replace some calls by
+ init_common_subsystems.
+ * gpgconf.c (main): Ditto.
+ * symcryptrun.c (main): Ditto.
+
+2007-06-11 Werner Koch <wk@g10code.com>
+
+ * symcryptrun.c (main) [W32]: Call pth_init.
+ * gpgconf.c (main) [W32]: Call pth_init
+ * gpg-connect-agent.c (main) [W32]: Call pth_init.
+
+2007-06-06 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (bin_PROGRAMS) [W32]: Do not build gpgparsemail.
+
+ * gpgconf-comp.c [W32]: Do not include pwd.h and grp.h.
+ (key_matches_user_or_group) [W32]: For now always return false.
+
+ * symcryptrun.c (i18n_init): Remove.
+ * gpgconf.c (i18n_init): Remove.
+ * gpg-connect-agent.c (i18n_init): Remove.
+
+2007-05-19 Marcus Brinkmann <marcus@g10code.de>
+
+ * symcryptrun.c (confucius_get_pass): Free ORIG_CODESET on error.
+
+2007-05-08 Werner Koch <wk@g10code.com>
+
+ * sockprox.c: New. It needs to be build manually. By Moritz
+ Schulte.
+
+2007-04-20 Werner Koch <wk@g10code.com>
+
+ * symcryptrun.c (my_gcry_logger): Removed.
+ (main): Call setup_libgcrypt_logging.
+
+2007-04-03 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c: Allow changing of --allow-mark-trusted.
+
+ * gpg-connect-agent.c (main): New option --decode and commands
+ decode and undecode.
+ (read_and_print_response): Implement option.
+
+2007-03-20 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (gc_options_gpgsm): Add p12-charset.
+
+2007-03-07 Werner Koch <wk@g10code.com>
+
+ * applygnupgdefaults: New.
+ * Makefile.am (sbin_SCRIPTS): Add it
+
+2007-03-06 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c: Include pwd.h and grp.h.
+ (GC_OPT_FLAG_NO_CHANGE): New.
+ (gc_component_change_options): Implement it.
+ (gc_options_gpg_agent): Add options for all ttl values and
+ min-passphrase-length. Apply new flag to some of them.
+ (gc_process_gpgconf_conf, key_matches_user_or_group): New.
+ (gc_component_change_options): Factor some code out to ..
+ (change_one_value): .. new.
+ (gc_component_retrieve_options): Allow -1 for COMPONENT to iterate
+ over al components.
+ * gpgconf.c (main): New commands --check-config and
+ --apply-defaults. Call gc_process_gpgconf_conf.
+
+2007-01-31 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (symcryptrun_LDADD): Add LIBICONV.
+ (gpgkey2ssh_LDADD): Ditto.
+
+2006-12-13 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am (gpgsplit_LDADD): Link to LIBINTL if we're using the
+ built-in code.
+
+2006-12-07 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am: Link to iconv for jnlib dependency.
+
+2006-11-23 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (gpg_connect_agent_LDADD): Add NETLIBS.
+
+2006-11-21 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (list_one_option): Cast print size_t arg.
+
+2006-11-17 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c: Made disable-keypad a basic option.
+
+2006-11-03 Werner Koch <wk@g10code.com>
+
+ * symcryptrun.c: Include signal.h and include pth.h only if test
+ asserts that it exists.
+
+2006-10-23 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c <gpgsm>: Add --cipher-algo.
+
+2006-10-20 Werner Koch <wk@g10code.com>
+
+ * gpgsm-gencert.sh: Enhanced the main menu.
+
+2006-10-12 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (gpg-zip, gpgsplit): Do not install due to a
+ conflict with gpg1.
+
+2006-10-11 Werner Koch <wk@g10code.com>
+
+ * gpgsm-gencert.sh: Allow generation of card keys.
+
+2006-10-08 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (gpgkey2ssh_LDADD): Add LIBINTL. Suggested by
+ Andreas Metzler.
+
+2006-09-22 Werner Koch <wk@g10code.com>
+
+ * no-libgcrypt.c: Changed license to a simple all permissive one.
+
+2006-09-20 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Changes to allow parallel make runs.
+
+2006-09-12 Werner Koch <wk@g10code.com>
+
+ Replaced all call gpg_error_from_errno(errno) by
+ gpg_error_from_syserror().
+
+ * gpg-connect-agent.c (read_and_print_response): With verbosity
+ level 2 also print comment lines.
+
+2006-09-06 Werner Koch <wk@g10code.com>
+
+ * gpg-connect-agent.c: Switch everything to new Assuan error code
+ style.
+
+ * no-libgcrypt.c (out_of_core): Reanmed to ...
+ (out_of_memory): .. this to avoid name clash with util.h.
+
+2006-08-21 Werner Koch <wk@g10code.com>
+
+ * gpgsplit.c: New. Taken from 1.4. Adjusted to GnuPG2.
+
+ * Makefile.am (noinst_PROGRAMS): New.
+
+2006-06-09 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (gpgconf_LDADD): Add $(GPG_ERROR_LIBS).
+ (gpgkey2ssh_LDADD): Add ../jnlib/libjnlib.a.
+
+2006-05-23 Werner Koch <wk@g10code.com>
+
+ * gpgparsemail.c: Include config.h if available
+ (stpcpy): Conditional include it.
+
+ * gpgconf-comp.c (hextobyte): Removed as it is now availble in
+ jnlib.
+
+2005-12-20 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (gc_options_gpg): Add allow-pka-lookup.
+
+2005-12-14 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (bin_PROGRAMS): Build gpgparsemail.
+
+ * gpgparsemail.c (pkcs7_begin): New.
+ (parse_message, message_cb): Add support of direct pkcs signatures.
+
+2005-10-19 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (gc_options_scdaemon): New option --disable-keypad.
+
+2005-09-22 Werner Koch <wk@g10code.com>
+
+ * rfc822parse.c (parse_field): Tread Content-Disposition special.
+
+2005-10-08 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (watchgnupg_LDADD): New variable.
+
+ * Makefile.am (gpgconf_LDADD): Add ../gl/libgnu.a after
+ ../common/libcommon.a.
+ (symcryptrun_LDADD, gpg_connect_agent_LDADD, gpgkey2ssh_LDADD):
+ Likewise.
+
+2005-09-29 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (AM_CFLAGS): Add $(LIBGCRYPT_CFLAGS).
+
+2005-09-06 Werner Koch <wk@g10code.com>
+
+ * rfc822parse.c, rfc822parse.h: Changed license to LGPL.
+
+2005-08-01 Werner Koch <wk@g10code.com>
+
+ * gpgsm-gencert.sh: Allow entering a keygrip to generate a CSR from
+ an existing key.
+
+2005-07-21 Werner Koch <wk@g10code.com>
+
+ * gpgsm-gencert.sh: Reworked to allow for multiple email addresses
+ as well as DNsanmes and URi. Present the parameter file before
+ creating the certificate.
+
+2005-07-04 Marcus Brinkmann <marcus@g10code.de>
+
+ * symcryptrun.c (SYMC_BAD_PASSPHRASE, SYMC_CANCELED): New symbols,
+ use instead constants.
+ (hash_string): New function copied from simple-gettext.c.
+ (confucius_get_pass): Take new argument CACHEID.
+ (confucius_process): Calculate cacheid and pass it to
+ confucius_get_pass. Clear passphrase from cache if necessary.
+
+2005-06-16 Werner Koch <wk@g10code.com>
+
+ * gpg-connect-agent.c (read_and_print_response): Made LINELEN a
+ size_t.
+
+2005-06-04 Marcus Brinkmann <marcus@g10code.de>
+
+ * symcryptrun.c (main): Allow any number of arguments, don't use
+ first argument as input file name. Pass extra arguments to
+ confucius_main.
+ (confucius_main): Accept new arguments argc and argv and pass them
+ to confucius_process.
+ (confucius_process): Accept new arguments argc and argv and pass
+ them to the confucius process.
+
+2005-06-01 Werner Koch <wk@g10code.com>
+
+ * symcryptrun.c: Include mkdtemp.h.
+
+2005-05-31 Werner Koch <wk@g10code.com>
+
+ * watchgnupg.c: Make sure that PF_LCOAL and AF_LOCAL are defines.
+ Noted by Ray Link.
+
+2005-05-28 Moritz Schulte <moritz@g10code.com>
+
+ * gpgkey2ssh.c: New file.
+ * Makefile.am (bin_PROGRAMS): Added gpgkey2ssh.
+
+2005-05-20 Werner Koch <wk@g10code.com>
+
+ * gpg-connect-agent.c (add_definq, show_definq, clear_definq)
+ (handle_inquire): New.
+ (read_and_print_response): Handle INQUIRE command.
+ (main): Implement control commands.
+
+2005-04-21 Werner Koch <wk@g10code.com>
+
+ * symcryptrun.c (main): Optionally allow the input file as command
+ line argument.
+
+ * gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.
+
+2005-04-20 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c: Add gpg-agent:disable-scdaemon.
+
+2005-04-19 Marcus Brinkmann <marcus@g10code.de>
+
+ * symcryptrun.c: Add --input option.
+
+2005-04-15 Marcus Brinkmann <marcus@g10code.de>
+
+ * symcryptrun.c (TEMP_FAILURE_RETRY): Define if not defined.
+
+ * symcryptrun.c (remove_file): New function.
+ (confucius_copy_file): Accept new argument PLAIN and shred the
+ file if it is set on error.
+
+ * Makefile.am: Define symcryptrun make variable depending on
+ BUILD_SYMCRYPTUN.
+ (bin_PROGRAMS): Add ${symcryptrun} instead symcryptrun.
+ (symcryptrun_LDADD): Use $(LIBUTIL_LIBS) instead of -lutil.
+
+2005-04-11 Werner Koch <wk@g10code.com>
+
+ * symcryptrun.c (confucius_mktmpdir): Changed to use mkdtmp(3).
+
+2005-04-11 Marcus Brinkmann <marcus@g10code.de>
+
+ * symcryptrun.c: Implement config file parsing.
+
+ * Makefile.am (bin_PROGRAMS): Add symcryptrun.
+ (symcryptrun_SOURCES, symcryptrun_LDADD): New variables.
+ * symcryptrun.c: New file.
+
+2005-03-31 Werner Koch <wk@g10code.com>
+
+ * gpg-connect-agent.c (start_agent): Use PATHSEP_C instead of ':'.
+
+2005-03-09 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c <dirmngr>: Add honor-http-proxy.
+
+2005-02-25 Werner Koch <wk@g10code.com>
+
+ * no-libgcrypt.c (gcry_strdup): New.
+
+2005-02-24 Werner Koch <wk@g10code.com>
+
+ * gpg-connect-agent.c: New.
+ * Makefile.am: Add it.
+
+2004-12-21 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (get_config_pathname) [DOSISH]: Detect absolute
+ pathnames with a drive letter.
+
+2004-12-15 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (bin_PROGRAMS) [W32]: Do not build watchgnupg.
+
+ * gpgconf-comp.c (gpg_agent_runtime_change) [W32]: No way yet to
+ send a signal. Disable.
+ (change_options_file, change_options_program) [W32]: No link(2),
+ so we disable it.
+ (gc_component_change_options): Use rename instead of link.
+
+2004-12-13 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c <ignore-ocsp-service-url>: Fixed typo.
+
+2004-11-24 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c <dirmngr>: Add --ignore-http-dp, --ignore-ldap-dp
+ and --ignore-ocsp-service-url.
+
+2004-11-23 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c <dirmngr>: Add the proxy options.
+ <gpgsm>: Add --prefer-system-daemon.
+
+2004-11-11 Werner Koch <wk@g10code.com>
+
+ * watchgnupg.c (main): Fixed test for read error.
+
+2004-10-22 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (bin_SCRIPTS): Add gpgsm-gencert.sh
+
+ * gpgsm-gencert.sh: Fixed copyright; its part of GnuPG thus FSF.
+
+2004-10-01 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c: Made all strings for --log-file read the same.
+
+2004-10-01 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c (my_dgettext): Also switch codeset and directory
+ for the other used domains (i.e. dirmngr).
+
+ * gpgconf.c (main): Fixed translation markers.
+
+2004-09-30 Werner Koch <wk@g10code.com>
+
+ * gpgconf.c (i18n_init): Always use LC_ALL.
+
+ * Makefile.am: Adjusted for gettext 0.14.
+
+2004-09-29 Werner Koch <wk@g10code.com>
+
+ * gpgconf-comp.c: Made the entries fro GROUPs translatable.
+ Include i18n.h.
+ (my_dgettext): Hack to use the gnupg2 domain.
+
+2004-08-09 Moritz Schulte <moritz@g10code.com>
+
+ * gpgsm-gencert.sh: New file.
+
+2004-06-16 Werner Koch <wk@gnupg.org>
+
+ * rfc822parse.c (rfc822parse_get_field): Add arg VALUEOFF.
+
+2004-06-14 Werner Koch <wk@gnupg.org>
+
+ * no-libgcrypt.c (gcry_realloc, gcry_xmalloc, gcry_xcalloc): New.
+
+ * gpgconf-comp.c (retrieve_options_from_program)
+ (retrieve_options_from_file, change_options_file)
+ (change_options_program, gc_component_change_options): Replaced
+ getline by read_line and test for allocation failure.
+
+2004-05-21 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (gc_options_dirmngr): Remove CRL group, put its
+ only option "max-replies" into LDAP group.
+ (gc_component): Change description of dirmngr to "Directory
+ Manager".
+
+ * gpgconf-comp.c (gc_component_change_options): Move the
+ per-process backup file into a standard location.
+
+2004-05-03 Werner Koch <wk@gnupg.org>
+
+ * gpgconf-comp.c: Add --allow-mark-trusted for the gpg-agent.
+
+2004-04-30 Werner Koch <wk@gnupg.org>
+
+ * gpgconf-comp.c: Added more runtime flags for the gpg-agent
+ backend.
+
+2004-04-29 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (change_options_program): Turn on utf8-strings in
+ the gpgconf specific part of the config file for the GnuPG
+ backend.
+
+2004-04-28 Werner Koch <wk@gnupg.org>
+
+ * gpgconf-comp.c: Add --ocsp-signer for the dirmngr backend.
+
+2004-04-20 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (gc_options_gpg_agent): Change type of
+ ignore-cache-for-signing option to GC_ARG_TYPE_NONE.
+
+2004-04-07 Werner Koch <wk@gnupg.org>
+
+ * gpgconf-comp.c (my_dgettext): Switch the codeset once to utf-8.
+ Allow building with out NLS.
+
+2004-03-23 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (gc_options_dirmngr): Set GC_OPT_FLAG_ARG_OPT for
+ "LDAP Server".
+ (change_options_file): Remove assertion that tests that this flag
+ is not present. Handle an empty string in OPTION->new_value.
+
+ * gpgconf.c (main): Remove obsolete warning.
+
+2004-03-23 Werner Koch <wk@gnupg.org>
+
+ * gpgconf-comp.c (gc_options_gpg): New.
+ (gc_component_t, gc_component): Add GC_BACKEND_GPG.
+ (gc_options_dirmngr): Add allow-ocsp.
+
+2004-03-23 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (gc_flag): Add missing flags.
+
+ * gpgconf-comp.c: Include <signal.h>.
+ (gc_backend): Add new member runtime_change.
+ (gpg_agent_runtime_change): New function.
+ (gc_component_change_options): New variable runtime. Initialize
+ it. If an option is changed that has the GC_OPT_FLAG_RUNTIME bit
+ set, also set the corresponding runtime variable. Finally, call
+ the runtime_change callback of the backend if needed.
+
+2004-03-16 Werner Koch <wk@gnupg.org>
+
+ * gpgconf-comp.c (gc_options_gpg_agent): Implemented.
+ (gc_options_gpgsm, gc_options_scdaemon): Implemented.
+ (gc_backend_t): Add GC_BACKEND_SCDAEMON.
+
+2004-03-12 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (gc_component_change_options): Set the filenames
+ of the option's backend, not of the component.
+ Also use GC_BACKEND_NR, not GC_COMPONENT_NR.
+
+2004-03-09 Werner Koch <wk@gnupg.org>
+
+ * gpgconf-comp.c [_riscos_]: Removed special code for RISC OS; we
+ don't want to clutter our code with system dependent stuff.
+
+2004-03-08 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (retrieve_options_from_file): Quote each string
+ in the list, not only the first.
+
+2004-02-26 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (gc_component_list_options): Do not print empty
+ groups.
+
+ * gpgconf-comp.c (option_check_validity): Check if option is
+ active.
+ (change_options_file): Implement.
+
+ * gpgconf-comp.c (retrieve_options_from_program): Remove broken
+ string handling.
+
+ * gpgconf-comp.c (change_options_program): Support all types of
+ options, including list types.
+
+ * README.gpgconf: Fix description of arguments.
+ * gpgconf-comp.c (option_check_validity): Rewritten to properly
+ support optional arguments in lists.
+
+ * README.gpgconf: Add info about optional arg and arg type 0.
+ * gpgconf-comp.c (gc_component_change_options): Parse list of
+ arg type 0 options.
+ (option_check_validity): Add new argument NEW_VALUE_NR. Perform
+ rigorous validity checks.
+ (change_options_program): Disable an option also if we have a new
+ value for it.
+
+2004-02-25 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (gc_component_list_options): Correct output for
+ lists of arg type none.
+ (struct gc_option): Add new member new_flags.
+ (option_check_validity): Check OPTION->new_flags beside
+ OPTION->new_value. Add new argument FLAGS.
+ (gc_component_change_options): Support default flag correctly.
+ (change_options_program): Likewise.
+
+2004-02-24 Marcus Brinkmann <marcus@g10code.de>
+
+ * README.gpgconf: Revert last change. Add new flags "default",
+ "default desc" and "no arg desc". Add new field ARGDEF. Add new
+ field FLAG to backend interface.
+ * gpgconf-comp.c (struct gc_option): Make flags of type unsigned
+ long.
+ (gc_component_list_options): Adjust type for flags.
+ Add default argument field.
+ (retrieve_options_from_program): Use "1" as value for non-option
+ arguments, not "Y".
+ (gc_component_change_options): Read in flags from input.
+
+2004-02-23 Marcus Brinkmann <marcus@g10code.de>
+
+ * README.gpgconf: Change meaning of type 0 options value if it is
+ the empty string or "0".
+
+ * gpgconf.h (struct): Add member runtime.
+ * gpgconf.c: Add new option oRuntime.
+ (main): Same here.
+
+ * gpgconf-comp.c (hextobyte): New function.
+ (percent_deescape): New function.
+ (get_config_pathname): Percent deescape pathname if taken from
+ option (default) value. Use default value only if it exists and
+ is not empty. Use empty string otherwise. Don't include leading
+ quote in pathname.
+ (change_options_program): Percent deescape string before writing
+ it out.
+
+ * gpgconf-comp.c (gc_component_list_options): Do not skip groups
+ on output.
+
+2004-02-18 Werner Koch <wk@gnupg.org>
+
+ * gpgconf-comp.c: Added empty components for gpgsm and scdaemon.
+
+2004-02-12 Werner Koch <wk@gnupg.org>
+
+ * watchgnupg.c (main): Implement option "--".
+ (print_version): New.
+
+ * Makefile.am: Include cmacros.am for common flags.
+
+2004-02-03 Werner Koch <wk@gnupg.org>
+
+ * addgnupghome: Try to use getent, so that it also works for NIS
+ setups.
+
+2004-01-31 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c: Some bug fixes, parse only defaults from the
+ program, and read the current values from the configuration file
+ directly.
+
+2004-01-30 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-comp.c (gc_error): New function, use it instead of
+ error() throughout.
+
+ * gpgconf-comp.c: Use xmalloc, libcommon's asctimestamp and
+ gnupg_get_time, fix error() invocation and use getline()
+ consistently.
+
+2004-01-30 Werner Koch <wk@gnupg.org>
+
+ * addgnupghome: Also set the group of copied files.
+
+2004-01-30 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (sbin_SCRIPTS): New, to install addgnupghome.
+ (EXTRA_DIST): Added rfc822parse.c rfc822parse.h gpgparsemail.c
+ which might be useful for debugging.
+
+2004-01-29 Werner Koch <wk@gnupg.org>
+
+ * addgnupghome: New.
+
+2004-01-29 Marcus Brinkmann <marcus@g10code.de>
+
+ * gpgconf-list.c: File removed.
+ * README.gpgconf: New file.
+ * gpgconf-comp.c: New file.
+ * Makefile.am (gpgconf_SOURCES): Remove gpgconf-list.c, add
+ gpgconf-comp.c.
+
+2004-01-16 Werner Koch <wk@gnupg.org>
+
+ * watchgnupg.c (main): Need to use FD_ISSET for the client
+ descriptors too; aiiih. Set the listening socket to non-blocking.
+
+2004-01-10 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am: Use GPG_ERROR_CFLAGS
+
+2004-01-05 Werner Koch <wk@gnupg.org>
+
+ * Manifest: New.
+ * gpgconf.c, gpgconf.h, gpgconf-list.c: New. A skeleton for now.
+ * no-libgcrypt.c: New.
+ * Makefile.am: Add above.
+
+2003-12-23 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am: New.
+ * watchgnupg.c: New.
+
+
+ Copyright 2003, 2004, 2005, 2006, 2007, 2008,
+ 2009 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/tools/Makefile.am b/tools/Makefile.am
new file mode 100644
index 0000000..32940a3
--- /dev/null
+++ b/tools/Makefile.am
@@ -0,0 +1,121 @@
+# Makefile.am - Tools directory
+# Copyright (C) 2003, 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+EXTRA_DIST = \
+ Manifest watchgnupg.c ChangeLog-2011 \
+ addgnupghome applygnupgdefaults gpgsm-gencert.sh \
+ lspgpot mail-signed-keys convert-from-106 sockprox.c \
+ ccidmon.c
+
+
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common
+include $(top_srcdir)/am/cmacros.am
+
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS)
+
+sbin_SCRIPTS = addgnupghome applygnupgdefaults
+
+bin_SCRIPTS = gpgsm-gencert.sh
+if HAVE_USTAR
+# bin_SCRIPTS += gpg-zip
+noinst_SCRIPTS = gpg-zip
+endif
+
+if BUILD_SYMCRYPTRUN
+ symcryptrun = symcryptrun
+else
+ symcryptrun =
+endif
+
+if BUILD_GPGTAR
+ gpgtar = gpgtar
+else
+ gpgtar =
+endif
+
+
+bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun} ${gpgtar}
+if !HAVE_W32_SYSTEM
+bin_PROGRAMS += watchgnupg gpgparsemail
+endif
+
+if !DISABLE_REGEX
+libexec_PROGRAMS = gpg-check-pattern
+endif
+
+noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert gpgsplit
+
+common_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a
+pwquery_libs = ../common/libsimple-pwquery.a
+
+gpgsplit_LDADD = $(common_libs) \
+ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
+ $(ZLIBS) $(LIBINTL) $(LIBICONV)
+
+gpgconf_SOURCES = gpgconf.c gpgconf.h gpgconf-comp.c no-libgcrypt.c
+
+# jnlib/common sucks in gpg-error, will they, nil they (some compilers
+# do not eliminate the supposed-to-be-unused-inline-functions).
+gpgconf_LDADD = $(common_libs) \
+ $(LIBINTL) $(GPG_ERROR_LIBS) $(LIBICONV) $(W32SOCKLIBS)
+
+gpgparsemail_SOURCES = gpgparsemail.c rfc822parse.c rfc822parse.h
+gpgparsemail_LDADD =
+
+symcryptrun_SOURCES = symcryptrun.c
+symcryptrun_LDADD = $(LIBUTIL_LIBS) $(common_libs) $(pwquery_libs) \
+ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) \
+ $(LIBICONV) $(W32SOCKLIBS)
+
+watchgnupg_SOURCES = watchgnupg.c
+watchgnupg_LDADD = $(NETLIBS)
+
+gpg_connect_agent_SOURCES = gpg-connect-agent.c no-libgcrypt.c
+# FIXME: remove PTH_LIBS (why do we need them at all?)
+gpg_connect_agent_LDADD = ../common/libgpgrl.a $(common_libs) \
+ $(LIBASSUAN_LIBS) $(PTH_LIBS) $(GPG_ERROR_LIBS) \
+ $(LIBREADLINE) $(LIBINTL) $(NETLIBS) $(LIBICONV)
+
+gpgkey2ssh_SOURCES = gpgkey2ssh.c
+gpgkey2ssh_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+# common sucks in jnlib, via use of BUG() in an inline function, which
+# some compilers do not eliminate.
+gpgkey2ssh_LDADD = $(common_libs) \
+ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV)
+
+
+if !DISABLE_REGEX
+gpg_check_pattern_SOURCES = gpg-check-pattern.c
+gpg_check_pattern_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+gpg_check_pattern_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
+ $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS)
+endif
+
+gpgtar_SOURCES = \
+ gpgtar.c gpgtar.h \
+ gpgtar-create.c \
+ gpgtar-extract.c \
+ gpgtar-list.c \
+ no-libgcrypt.c
+gpgtar_CFLAGS = $(GPG_ERROR_CFLAGS) $(PTH_CFLAGS)
+gpgtar_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(W32SOCKLIBS)
+
+# Make sure that all libs are build before we use them. This is
+# important for things like make -j2.
+$(PROGRAMS): $(common_libs) $(pwquery_libs) ../common/libgpgrl.a
+
diff --git a/tools/Makefile.in b/tools/Makefile.in
new file mode 100644
index 0000000..03b9984
--- /dev/null
+++ b/tools/Makefile.in
@@ -0,0 +1,1078 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Makefile.am - Tools directory
+# Copyright (C) 2003, 2007 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+# cmacros.am - C macro definitions
+# Copyright (C) 2004 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(srcdir)/gpg-zip.in $(top_srcdir)/am/cmacros.am
+@HAVE_DOSISH_SYSTEM_FALSE@am__append_1 = -DGNUPG_BINDIR="\"$(bindir)\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBEXECDIR="\"$(libexecdir)\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_DATADIR="\"$(datadir)/@PACKAGE@\"" \
+@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\""
+
+
+# If a specific protect tool program has been defined, pass its name
+# to cc. Note that these macros should not be used directly but via
+# the gnupg_module_name function.
+@GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
+@GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
+@GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) \
+ gpgkey2ssh$(EXEEXT) $(am__EXEEXT_1) $(am__EXEEXT_2) \
+ $(am__EXEEXT_3)
+@HAVE_W32_SYSTEM_FALSE@am__append_7 = watchgnupg gpgparsemail
+@DISABLE_REGEX_FALSE@libexec_PROGRAMS = gpg-check-pattern$(EXEEXT)
+noinst_PROGRAMS = clean-sat$(EXEEXT) mk-tdata$(EXEEXT) \
+ make-dns-cert$(EXEEXT) gpgsplit$(EXEEXT)
+subdir = tools
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+ $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+ $(top_srcdir)/gl/m4/eealloc.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/gnulib-tool.m4 \
+ $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+ $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+ $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+ $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
+ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
+ $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+ $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+ $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = gpg-zip
+CONFIG_CLEAN_VPATH_FILES =
+@BUILD_SYMCRYPTRUN_TRUE@am__EXEEXT_1 = symcryptrun$(EXEEXT)
+@BUILD_GPGTAR_TRUE@am__EXEEXT_2 = gpgtar$(EXEEXT)
+@HAVE_W32_SYSTEM_FALSE@am__EXEEXT_3 = watchgnupg$(EXEEXT) \
+@HAVE_W32_SYSTEM_FALSE@ gpgparsemail$(EXEEXT)
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \
+ "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)"
+PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS)
+clean_sat_SOURCES = clean-sat.c
+clean_sat_OBJECTS = clean-sat.$(OBJEXT)
+clean_sat_LDADD = $(LDADD)
+am__gpg_check_pattern_SOURCES_DIST = gpg-check-pattern.c
+@DISABLE_REGEX_FALSE@am_gpg_check_pattern_OBJECTS = gpg_check_pattern-gpg-check-pattern.$(OBJEXT)
+gpg_check_pattern_OBJECTS = $(am_gpg_check_pattern_OBJECTS)
+am__DEPENDENCIES_1 =
+@DISABLE_REGEX_FALSE@gpg_check_pattern_DEPENDENCIES = $(common_libs) \
+@DISABLE_REGEX_FALSE@ $(am__DEPENDENCIES_1) \
+@DISABLE_REGEX_FALSE@ $(am__DEPENDENCIES_1) \
+@DISABLE_REGEX_FALSE@ $(am__DEPENDENCIES_1) \
+@DISABLE_REGEX_FALSE@ $(am__DEPENDENCIES_1) \
+@DISABLE_REGEX_FALSE@ $(am__DEPENDENCIES_1)
+gpg_check_pattern_LINK = $(CCLD) $(gpg_check_pattern_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+am_gpg_connect_agent_OBJECTS = gpg-connect-agent.$(OBJEXT) \
+ no-libgcrypt.$(OBJEXT)
+gpg_connect_agent_OBJECTS = $(am_gpg_connect_agent_OBJECTS)
+gpg_connect_agent_DEPENDENCIES = ../common/libgpgrl.a $(common_libs) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am_gpgconf_OBJECTS = gpgconf.$(OBJEXT) gpgconf-comp.$(OBJEXT) \
+ no-libgcrypt.$(OBJEXT)
+gpgconf_OBJECTS = $(am_gpgconf_OBJECTS)
+gpgconf_DEPENDENCIES = $(common_libs) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am_gpgkey2ssh_OBJECTS = gpgkey2ssh-gpgkey2ssh.$(OBJEXT)
+gpgkey2ssh_OBJECTS = $(am_gpgkey2ssh_OBJECTS)
+gpgkey2ssh_DEPENDENCIES = $(common_libs) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+gpgkey2ssh_LINK = $(CCLD) $(gpgkey2ssh_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+am_gpgparsemail_OBJECTS = gpgparsemail.$(OBJEXT) rfc822parse.$(OBJEXT)
+gpgparsemail_OBJECTS = $(am_gpgparsemail_OBJECTS)
+gpgparsemail_DEPENDENCIES =
+gpgsplit_SOURCES = gpgsplit.c
+gpgsplit_OBJECTS = gpgsplit.$(OBJEXT)
+gpgsplit_DEPENDENCIES = $(common_libs) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+am_gpgtar_OBJECTS = gpgtar-gpgtar.$(OBJEXT) \
+ gpgtar-gpgtar-create.$(OBJEXT) gpgtar-gpgtar-extract.$(OBJEXT) \
+ gpgtar-gpgtar-list.$(OBJEXT) gpgtar-no-libgcrypt.$(OBJEXT)
+gpgtar_OBJECTS = $(am_gpgtar_OBJECTS)
+gpgtar_DEPENDENCIES = $(common_libs) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+gpgtar_LINK = $(CCLD) $(gpgtar_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+make_dns_cert_SOURCES = make-dns-cert.c
+make_dns_cert_OBJECTS = make-dns-cert.$(OBJEXT)
+make_dns_cert_LDADD = $(LDADD)
+mk_tdata_SOURCES = mk-tdata.c
+mk_tdata_OBJECTS = mk-tdata.$(OBJEXT)
+mk_tdata_LDADD = $(LDADD)
+am_symcryptrun_OBJECTS = symcryptrun.$(OBJEXT)
+symcryptrun_OBJECTS = $(am_symcryptrun_OBJECTS)
+symcryptrun_DEPENDENCIES = $(am__DEPENDENCIES_1) $(common_libs) \
+ $(pwquery_libs) $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am_watchgnupg_OBJECTS = watchgnupg.$(OBJEXT)
+watchgnupg_OBJECTS = $(am_watchgnupg_OBJECTS)
+watchgnupg_DEPENDENCIES = $(am__DEPENDENCIES_1)
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+SCRIPTS = $(bin_SCRIPTS) $(noinst_SCRIPTS) $(sbin_SCRIPTS)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/scripts/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = clean-sat.c $(gpg_check_pattern_SOURCES) \
+ $(gpg_connect_agent_SOURCES) $(gpgconf_SOURCES) \
+ $(gpgkey2ssh_SOURCES) $(gpgparsemail_SOURCES) gpgsplit.c \
+ $(gpgtar_SOURCES) make-dns-cert.c mk-tdata.c \
+ $(symcryptrun_SOURCES) $(watchgnupg_SOURCES)
+DIST_SOURCES = clean-sat.c $(am__gpg_check_pattern_SOURCES_DIST) \
+ $(gpg_connect_agent_SOURCES) $(gpgconf_SOURCES) \
+ $(gpgkey2ssh_SOURCES) $(gpgparsemail_SOURCES) gpgsplit.c \
+ $(gpgtar_SOURCES) make-dns-cert.c mk-tdata.c \
+ $(symcryptrun_SOURCES) $(watchgnupg_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
+ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DL_LIBS = @DL_LIBS@
+DNSLIBS = @DNSLIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FAQPROG = @FAQPROG@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
+GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
+GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
+GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
+GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+KSBA_CFLAGS = @KSBA_CFLAGS@
+KSBA_CONFIG = @KSBA_CONFIG@
+KSBA_LIBS = @KSBA_LIBS@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
+LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
+LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB_LIBS = @LIBUSB_LIBS@
+LIBUTIL_LIBS = @LIBUTIL_LIBS@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_GT = @PACKAGE_GT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+TAR = @TAR@
+UNISTD_H = @UNISTD_H@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = $(datadir)/locale
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+EXTRA_DIST = \
+ Manifest watchgnupg.c ChangeLog-2011 \
+ addgnupghome applygnupgdefaults gpgsm-gencert.sh \
+ lspgpot mail-signed-keys convert-from-106 sockprox.c \
+ ccidmon.c
+
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl \
+ -I$(top_srcdir)/common -DLOCALEDIR=\"$(localedir)\" \
+ $(am__append_1) $(am__append_2) $(am__append_3) \
+ $(am__append_4) $(am__append_5) $(am__append_6)
+
+# Convenience macros
+libcommon = ../common/libcommon.a
+libcommonpth = ../common/libcommonpth.a
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS)
+sbin_SCRIPTS = addgnupghome applygnupgdefaults
+bin_SCRIPTS = gpgsm-gencert.sh
+# bin_SCRIPTS += gpg-zip
+@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip
+@BUILD_SYMCRYPTRUN_FALSE@symcryptrun =
+@BUILD_SYMCRYPTRUN_TRUE@symcryptrun = symcryptrun
+@BUILD_GPGTAR_FALSE@gpgtar =
+@BUILD_GPGTAR_TRUE@gpgtar = gpgtar
+common_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a
+pwquery_libs = ../common/libsimple-pwquery.a
+gpgsplit_LDADD = $(common_libs) \
+ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
+ $(ZLIBS) $(LIBINTL) $(LIBICONV)
+
+gpgconf_SOURCES = gpgconf.c gpgconf.h gpgconf-comp.c no-libgcrypt.c
+
+# jnlib/common sucks in gpg-error, will they, nil they (some compilers
+# do not eliminate the supposed-to-be-unused-inline-functions).
+gpgconf_LDADD = $(common_libs) \
+ $(LIBINTL) $(GPG_ERROR_LIBS) $(LIBICONV) $(W32SOCKLIBS)
+
+gpgparsemail_SOURCES = gpgparsemail.c rfc822parse.c rfc822parse.h
+gpgparsemail_LDADD =
+symcryptrun_SOURCES = symcryptrun.c
+symcryptrun_LDADD = $(LIBUTIL_LIBS) $(common_libs) $(pwquery_libs) \
+ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) \
+ $(LIBICONV) $(W32SOCKLIBS)
+
+watchgnupg_SOURCES = watchgnupg.c
+watchgnupg_LDADD = $(NETLIBS)
+gpg_connect_agent_SOURCES = gpg-connect-agent.c no-libgcrypt.c
+# FIXME: remove PTH_LIBS (why do we need them at all?)
+gpg_connect_agent_LDADD = ../common/libgpgrl.a $(common_libs) \
+ $(LIBASSUAN_LIBS) $(PTH_LIBS) $(GPG_ERROR_LIBS) \
+ $(LIBREADLINE) $(LIBINTL) $(NETLIBS) $(LIBICONV)
+
+gpgkey2ssh_SOURCES = gpgkey2ssh.c
+gpgkey2ssh_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+# common sucks in jnlib, via use of BUG() in an inline function, which
+# some compilers do not eliminate.
+gpgkey2ssh_LDADD = $(common_libs) \
+ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV)
+
+@DISABLE_REGEX_FALSE@gpg_check_pattern_SOURCES = gpg-check-pattern.c
+@DISABLE_REGEX_FALSE@gpg_check_pattern_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+@DISABLE_REGEX_FALSE@gpg_check_pattern_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
+@DISABLE_REGEX_FALSE@ $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS)
+
+gpgtar_SOURCES = \
+ gpgtar.c gpgtar.h \
+ gpgtar-create.c \
+ gpgtar-extract.c \
+ gpgtar-list.c \
+ no-libgcrypt.c
+
+gpgtar_CFLAGS = $(GPG_ERROR_CFLAGS) $(PTH_CFLAGS)
+gpgtar_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(W32SOCKLIBS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/am/cmacros.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tools/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu tools/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+gpg-zip: $(top_builddir)/config.status $(srcdir)/gpg-zip.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(bindir)" && rm -f $$files
+
+clean-binPROGRAMS:
+ -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(libexecdir)" && rm -f $$files
+
+clean-libexecPROGRAMS:
+ -test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
+
+clean-noinstPROGRAMS:
+ -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
+clean-sat$(EXEEXT): $(clean_sat_OBJECTS) $(clean_sat_DEPENDENCIES)
+ @rm -f clean-sat$(EXEEXT)
+ $(LINK) $(clean_sat_OBJECTS) $(clean_sat_LDADD) $(LIBS)
+gpg-check-pattern$(EXEEXT): $(gpg_check_pattern_OBJECTS) $(gpg_check_pattern_DEPENDENCIES)
+ @rm -f gpg-check-pattern$(EXEEXT)
+ $(gpg_check_pattern_LINK) $(gpg_check_pattern_OBJECTS) $(gpg_check_pattern_LDADD) $(LIBS)
+gpg-connect-agent$(EXEEXT): $(gpg_connect_agent_OBJECTS) $(gpg_connect_agent_DEPENDENCIES)
+ @rm -f gpg-connect-agent$(EXEEXT)
+ $(LINK) $(gpg_connect_agent_OBJECTS) $(gpg_connect_agent_LDADD) $(LIBS)
+gpgconf$(EXEEXT): $(gpgconf_OBJECTS) $(gpgconf_DEPENDENCIES)
+ @rm -f gpgconf$(EXEEXT)
+ $(LINK) $(gpgconf_OBJECTS) $(gpgconf_LDADD) $(LIBS)
+gpgkey2ssh$(EXEEXT): $(gpgkey2ssh_OBJECTS) $(gpgkey2ssh_DEPENDENCIES)
+ @rm -f gpgkey2ssh$(EXEEXT)
+ $(gpgkey2ssh_LINK) $(gpgkey2ssh_OBJECTS) $(gpgkey2ssh_LDADD) $(LIBS)
+gpgparsemail$(EXEEXT): $(gpgparsemail_OBJECTS) $(gpgparsemail_DEPENDENCIES)
+ @rm -f gpgparsemail$(EXEEXT)
+ $(LINK) $(gpgparsemail_OBJECTS) $(gpgparsemail_LDADD) $(LIBS)
+gpgsplit$(EXEEXT): $(gpgsplit_OBJECTS) $(gpgsplit_DEPENDENCIES)
+ @rm -f gpgsplit$(EXEEXT)
+ $(LINK) $(gpgsplit_OBJECTS) $(gpgsplit_LDADD) $(LIBS)
+gpgtar$(EXEEXT): $(gpgtar_OBJECTS) $(gpgtar_DEPENDENCIES)
+ @rm -f gpgtar$(EXEEXT)
+ $(gpgtar_LINK) $(gpgtar_OBJECTS) $(gpgtar_LDADD) $(LIBS)
+make-dns-cert$(EXEEXT): $(make_dns_cert_OBJECTS) $(make_dns_cert_DEPENDENCIES)
+ @rm -f make-dns-cert$(EXEEXT)
+ $(LINK) $(make_dns_cert_OBJECTS) $(make_dns_cert_LDADD) $(LIBS)
+mk-tdata$(EXEEXT): $(mk_tdata_OBJECTS) $(mk_tdata_DEPENDENCIES)
+ @rm -f mk-tdata$(EXEEXT)
+ $(LINK) $(mk_tdata_OBJECTS) $(mk_tdata_LDADD) $(LIBS)
+symcryptrun$(EXEEXT): $(symcryptrun_OBJECTS) $(symcryptrun_DEPENDENCIES)
+ @rm -f symcryptrun$(EXEEXT)
+ $(LINK) $(symcryptrun_OBJECTS) $(symcryptrun_LDADD) $(LIBS)
+watchgnupg$(EXEEXT): $(watchgnupg_OBJECTS) $(watchgnupg_DEPENDENCIES)
+ @rm -f watchgnupg$(EXEEXT)
+ $(LINK) $(watchgnupg_OBJECTS) $(watchgnupg_LDADD) $(LIBS)
+install-binSCRIPTS: $(bin_SCRIPTS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_SCRIPTS)'; test -n "$(bindir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n' \
+ -e 'h;s|.*|.|' \
+ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+ if (++n[d] == $(am__install_max)) { \
+ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+ else { print "f", d "/" $$4, $$1 } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-binSCRIPTS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 's,.*/,,;$(transform)'`; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(bindir)" && rm -f $$files
+install-sbinSCRIPTS: $(sbin_SCRIPTS)
+ @$(NORMAL_INSTALL)
+ test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+ @list='$(sbin_SCRIPTS)'; test -n "$(sbindir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n' \
+ -e 'h;s|.*|.|' \
+ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+ if (++n[d] == $(am__install_max)) { \
+ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+ else { print "f", d "/" $$4, $$1 } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-sbinSCRIPTS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(sbin_SCRIPTS)'; test -n "$(sbindir)" || exit 0; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 's,.*/,,;$(transform)'`; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/clean-sat.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg-connect-agent.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_check_pattern-gpg-check-pattern.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgconf-comp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgconf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgkey2ssh-gpgkey2ssh.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgparsemail.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgsplit.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgtar-gpgtar-create.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgtar-gpgtar-extract.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgtar-gpgtar-list.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgtar-gpgtar.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgtar-no-libgcrypt.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/make-dns-cert.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mk-tdata.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/no-libgcrypt.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc822parse.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symcryptrun.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/watchgnupg.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+gpg_check_pattern-gpg-check-pattern.o: gpg-check-pattern.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_check_pattern_CFLAGS) $(CFLAGS) -MT gpg_check_pattern-gpg-check-pattern.o -MD -MP -MF $(DEPDIR)/gpg_check_pattern-gpg-check-pattern.Tpo -c -o gpg_check_pattern-gpg-check-pattern.o `test -f 'gpg-check-pattern.c' || echo '$(srcdir)/'`gpg-check-pattern.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_check_pattern-gpg-check-pattern.Tpo $(DEPDIR)/gpg_check_pattern-gpg-check-pattern.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpg-check-pattern.c' object='gpg_check_pattern-gpg-check-pattern.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_check_pattern_CFLAGS) $(CFLAGS) -c -o gpg_check_pattern-gpg-check-pattern.o `test -f 'gpg-check-pattern.c' || echo '$(srcdir)/'`gpg-check-pattern.c
+
+gpg_check_pattern-gpg-check-pattern.obj: gpg-check-pattern.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_check_pattern_CFLAGS) $(CFLAGS) -MT gpg_check_pattern-gpg-check-pattern.obj -MD -MP -MF $(DEPDIR)/gpg_check_pattern-gpg-check-pattern.Tpo -c -o gpg_check_pattern-gpg-check-pattern.obj `if test -f 'gpg-check-pattern.c'; then $(CYGPATH_W) 'gpg-check-pattern.c'; else $(CYGPATH_W) '$(srcdir)/gpg-check-pattern.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpg_check_pattern-gpg-check-pattern.Tpo $(DEPDIR)/gpg_check_pattern-gpg-check-pattern.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpg-check-pattern.c' object='gpg_check_pattern-gpg-check-pattern.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_check_pattern_CFLAGS) $(CFLAGS) -c -o gpg_check_pattern-gpg-check-pattern.obj `if test -f 'gpg-check-pattern.c'; then $(CYGPATH_W) 'gpg-check-pattern.c'; else $(CYGPATH_W) '$(srcdir)/gpg-check-pattern.c'; fi`
+
+gpgkey2ssh-gpgkey2ssh.o: gpgkey2ssh.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgkey2ssh_CFLAGS) $(CFLAGS) -MT gpgkey2ssh-gpgkey2ssh.o -MD -MP -MF $(DEPDIR)/gpgkey2ssh-gpgkey2ssh.Tpo -c -o gpgkey2ssh-gpgkey2ssh.o `test -f 'gpgkey2ssh.c' || echo '$(srcdir)/'`gpgkey2ssh.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpgkey2ssh-gpgkey2ssh.Tpo $(DEPDIR)/gpgkey2ssh-gpgkey2ssh.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgkey2ssh.c' object='gpgkey2ssh-gpgkey2ssh.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgkey2ssh_CFLAGS) $(CFLAGS) -c -o gpgkey2ssh-gpgkey2ssh.o `test -f 'gpgkey2ssh.c' || echo '$(srcdir)/'`gpgkey2ssh.c
+
+gpgkey2ssh-gpgkey2ssh.obj: gpgkey2ssh.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgkey2ssh_CFLAGS) $(CFLAGS) -MT gpgkey2ssh-gpgkey2ssh.obj -MD -MP -MF $(DEPDIR)/gpgkey2ssh-gpgkey2ssh.Tpo -c -o gpgkey2ssh-gpgkey2ssh.obj `if test -f 'gpgkey2ssh.c'; then $(CYGPATH_W) 'gpgkey2ssh.c'; else $(CYGPATH_W) '$(srcdir)/gpgkey2ssh.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpgkey2ssh-gpgkey2ssh.Tpo $(DEPDIR)/gpgkey2ssh-gpgkey2ssh.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgkey2ssh.c' object='gpgkey2ssh-gpgkey2ssh.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgkey2ssh_CFLAGS) $(CFLAGS) -c -o gpgkey2ssh-gpgkey2ssh.obj `if test -f 'gpgkey2ssh.c'; then $(CYGPATH_W) 'gpgkey2ssh.c'; else $(CYGPATH_W) '$(srcdir)/gpgkey2ssh.c'; fi`
+
+gpgtar-gpgtar.o: gpgtar.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -MT gpgtar-gpgtar.o -MD -MP -MF $(DEPDIR)/gpgtar-gpgtar.Tpo -c -o gpgtar-gpgtar.o `test -f 'gpgtar.c' || echo '$(srcdir)/'`gpgtar.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpgtar-gpgtar.Tpo $(DEPDIR)/gpgtar-gpgtar.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgtar.c' object='gpgtar-gpgtar.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -c -o gpgtar-gpgtar.o `test -f 'gpgtar.c' || echo '$(srcdir)/'`gpgtar.c
+
+gpgtar-gpgtar.obj: gpgtar.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -MT gpgtar-gpgtar.obj -MD -MP -MF $(DEPDIR)/gpgtar-gpgtar.Tpo -c -o gpgtar-gpgtar.obj `if test -f 'gpgtar.c'; then $(CYGPATH_W) 'gpgtar.c'; else $(CYGPATH_W) '$(srcdir)/gpgtar.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpgtar-gpgtar.Tpo $(DEPDIR)/gpgtar-gpgtar.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgtar.c' object='gpgtar-gpgtar.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -c -o gpgtar-gpgtar.obj `if test -f 'gpgtar.c'; then $(CYGPATH_W) 'gpgtar.c'; else $(CYGPATH_W) '$(srcdir)/gpgtar.c'; fi`
+
+gpgtar-gpgtar-create.o: gpgtar-create.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -MT gpgtar-gpgtar-create.o -MD -MP -MF $(DEPDIR)/gpgtar-gpgtar-create.Tpo -c -o gpgtar-gpgtar-create.o `test -f 'gpgtar-create.c' || echo '$(srcdir)/'`gpgtar-create.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpgtar-gpgtar-create.Tpo $(DEPDIR)/gpgtar-gpgtar-create.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgtar-create.c' object='gpgtar-gpgtar-create.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -c -o gpgtar-gpgtar-create.o `test -f 'gpgtar-create.c' || echo '$(srcdir)/'`gpgtar-create.c
+
+gpgtar-gpgtar-create.obj: gpgtar-create.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -MT gpgtar-gpgtar-create.obj -MD -MP -MF $(DEPDIR)/gpgtar-gpgtar-create.Tpo -c -o gpgtar-gpgtar-create.obj `if test -f 'gpgtar-create.c'; then $(CYGPATH_W) 'gpgtar-create.c'; else $(CYGPATH_W) '$(srcdir)/gpgtar-create.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpgtar-gpgtar-create.Tpo $(DEPDIR)/gpgtar-gpgtar-create.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgtar-create.c' object='gpgtar-gpgtar-create.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -c -o gpgtar-gpgtar-create.obj `if test -f 'gpgtar-create.c'; then $(CYGPATH_W) 'gpgtar-create.c'; else $(CYGPATH_W) '$(srcdir)/gpgtar-create.c'; fi`
+
+gpgtar-gpgtar-extract.o: gpgtar-extract.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -MT gpgtar-gpgtar-extract.o -MD -MP -MF $(DEPDIR)/gpgtar-gpgtar-extract.Tpo -c -o gpgtar-gpgtar-extract.o `test -f 'gpgtar-extract.c' || echo '$(srcdir)/'`gpgtar-extract.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpgtar-gpgtar-extract.Tpo $(DEPDIR)/gpgtar-gpgtar-extract.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgtar-extract.c' object='gpgtar-gpgtar-extract.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -c -o gpgtar-gpgtar-extract.o `test -f 'gpgtar-extract.c' || echo '$(srcdir)/'`gpgtar-extract.c
+
+gpgtar-gpgtar-extract.obj: gpgtar-extract.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -MT gpgtar-gpgtar-extract.obj -MD -MP -MF $(DEPDIR)/gpgtar-gpgtar-extract.Tpo -c -o gpgtar-gpgtar-extract.obj `if test -f 'gpgtar-extract.c'; then $(CYGPATH_W) 'gpgtar-extract.c'; else $(CYGPATH_W) '$(srcdir)/gpgtar-extract.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpgtar-gpgtar-extract.Tpo $(DEPDIR)/gpgtar-gpgtar-extract.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgtar-extract.c' object='gpgtar-gpgtar-extract.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -c -o gpgtar-gpgtar-extract.obj `if test -f 'gpgtar-extract.c'; then $(CYGPATH_W) 'gpgtar-extract.c'; else $(CYGPATH_W) '$(srcdir)/gpgtar-extract.c'; fi`
+
+gpgtar-gpgtar-list.o: gpgtar-list.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -MT gpgtar-gpgtar-list.o -MD -MP -MF $(DEPDIR)/gpgtar-gpgtar-list.Tpo -c -o gpgtar-gpgtar-list.o `test -f 'gpgtar-list.c' || echo '$(srcdir)/'`gpgtar-list.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpgtar-gpgtar-list.Tpo $(DEPDIR)/gpgtar-gpgtar-list.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgtar-list.c' object='gpgtar-gpgtar-list.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -c -o gpgtar-gpgtar-list.o `test -f 'gpgtar-list.c' || echo '$(srcdir)/'`gpgtar-list.c
+
+gpgtar-gpgtar-list.obj: gpgtar-list.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -MT gpgtar-gpgtar-list.obj -MD -MP -MF $(DEPDIR)/gpgtar-gpgtar-list.Tpo -c -o gpgtar-gpgtar-list.obj `if test -f 'gpgtar-list.c'; then $(CYGPATH_W) 'gpgtar-list.c'; else $(CYGPATH_W) '$(srcdir)/gpgtar-list.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpgtar-gpgtar-list.Tpo $(DEPDIR)/gpgtar-gpgtar-list.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gpgtar-list.c' object='gpgtar-gpgtar-list.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -c -o gpgtar-gpgtar-list.obj `if test -f 'gpgtar-list.c'; then $(CYGPATH_W) 'gpgtar-list.c'; else $(CYGPATH_W) '$(srcdir)/gpgtar-list.c'; fi`
+
+gpgtar-no-libgcrypt.o: no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -MT gpgtar-no-libgcrypt.o -MD -MP -MF $(DEPDIR)/gpgtar-no-libgcrypt.Tpo -c -o gpgtar-no-libgcrypt.o `test -f 'no-libgcrypt.c' || echo '$(srcdir)/'`no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpgtar-no-libgcrypt.Tpo $(DEPDIR)/gpgtar-no-libgcrypt.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='no-libgcrypt.c' object='gpgtar-no-libgcrypt.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -c -o gpgtar-no-libgcrypt.o `test -f 'no-libgcrypt.c' || echo '$(srcdir)/'`no-libgcrypt.c
+
+gpgtar-no-libgcrypt.obj: no-libgcrypt.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -MT gpgtar-no-libgcrypt.obj -MD -MP -MF $(DEPDIR)/gpgtar-no-libgcrypt.Tpo -c -o gpgtar-no-libgcrypt.obj `if test -f 'no-libgcrypt.c'; then $(CYGPATH_W) 'no-libgcrypt.c'; else $(CYGPATH_W) '$(srcdir)/no-libgcrypt.c'; fi`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gpgtar-no-libgcrypt.Tpo $(DEPDIR)/gpgtar-no-libgcrypt.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='no-libgcrypt.c' object='gpgtar-no-libgcrypt.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpgtar_CFLAGS) $(CFLAGS) -c -o gpgtar-no-libgcrypt.obj `if test -f 'no-libgcrypt.c'; then $(CYGPATH_W) 'no-libgcrypt.c'; else $(CYGPATH_W) '$(srcdir)/no-libgcrypt.c'; fi`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS) $(SCRIPTS)
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
+ clean-noinstPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-binPROGRAMS install-binSCRIPTS \
+ install-libexecPROGRAMS install-sbinSCRIPTS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS \
+ uninstall-libexecPROGRAMS uninstall-sbinSCRIPTS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \
+ clean-generic clean-libexecPROGRAMS clean-noinstPROGRAMS ctags \
+ distclean distclean-compile distclean-generic distclean-tags \
+ distdir dvi dvi-am html html-am info info-am install \
+ install-am install-binPROGRAMS install-binSCRIPTS install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-libexecPROGRAMS install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-sbinSCRIPTS install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic pdf pdf-am \
+ ps ps-am tags uninstall uninstall-am uninstall-binPROGRAMS \
+ uninstall-binSCRIPTS uninstall-libexecPROGRAMS \
+ uninstall-sbinSCRIPTS
+
+
+# Make sure that all libs are build before we use them. This is
+# important for things like make -j2.
+$(PROGRAMS): $(common_libs) $(pwquery_libs) ../common/libgpgrl.a
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/tools/Manifest b/tools/Manifest
new file mode 100644
index 0000000..9642335
--- /dev/null
+++ b/tools/Manifest
@@ -0,0 +1,6 @@
+Makefile.am
+watchgnupg.c
+gpgconf.c
+gpgconf.h
+gpgconf-list.c
+$names$
diff --git a/tools/addgnupghome b/tools/addgnupghome
new file mode 100755
index 0000000..fb032b6
--- /dev/null
+++ b/tools/addgnupghome
@@ -0,0 +1,122 @@
+#!/bin/sh
+# Add a new .gnupg home directory for a list of users -*- sh -*-
+#
+# Copyright 2004 Free Software Foundation, Inc.
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+PGM=addgnupghome
+any_error=0
+
+
+error () {
+ echo "$PGM: $*" >&2
+ any_error=1
+}
+
+info () {
+ echo "$PGM: $*" >&2
+}
+
+# Do it for one user
+one_user () {
+ user="$1"
+ home=$(${cat_passwd} | awk -F: -v n="$user" '$1 == n {print $6}')
+ if [ -z "$home" ]; then
+ if ${cat_passwd} | awk -F: -v n="$user" '$1 == n {exit 1}'; then
+ error "no such user \`$user'"
+ else
+ error "no home directory for user \`$user'"
+ fi
+ return
+ fi
+ if [ ! -d "$home" ]; then
+ error "home directory \`$home' of user \`$user' does not exist"
+ return
+ fi
+ if [ -d "$home/.gnupg" ]; then
+ info "skipping user \`$user': \`.gnupg' already exists"
+ return
+ fi
+ info "creating home directory \`$home/.gnupg' for \`$user'"
+ if ! mkdir "$home/.gnupg" ; then
+ error "error creating \`$home/.gnupg'"
+ return
+ fi
+
+ if ! chown $user "$home/.gnupg" ; then
+ error "error changing ownership of \`$home/.gnupg'"
+ return
+ fi
+
+ group=$(id -g "$user")
+ [ -z "$group" ] && group="0"
+
+ if [ "$group" -gt 0 ]; then
+ if ! chgrp $group "$home/.gnupg" ; then
+ error "error changing group of \`$home/.gnupg'"
+ return
+ fi
+ fi
+
+ if ! cd "$home/.gnupg" ; then
+ error "error cd-ing to \`$home/.gnupg'"
+ return
+ fi
+ for f in $filelist; do
+ if [ -d /etc/skel/.gnupg/$f ]; then
+ mkdir $f
+ else
+ cp /etc/skel/.gnupg/$f $f
+ fi
+ if ! chown $user $f ; then
+ error "error changing ownership of \`$f'"
+ return
+ fi
+ if [ "$group" -gt 0 ]; then
+ if ! chgrp $group "$f" ; then
+ error "error changing group of \`$f'"
+ return
+ fi
+ fi
+ done
+
+}
+
+if [ -z "$1" ]; then
+ echo "usage: $PGM userids"
+ exit 1
+fi
+
+# Check whether we can use getent
+if getent --help </dev/null >/dev/null 2>&1 ; then
+ cat_passwd='getent passwd'
+else
+ cat_passwd='cat /etc/passwd'
+ info "please note that only users from /etc/passwd are checked"
+fi
+
+if [ ! -d /etc/skel/.gnupg ]; then
+ error "skeleton directory \`/etc/skel/.gnupg' does not exist"
+ exit 1
+fi
+cd "/etc/skel/.gnupg" || (error "error cd-ing to \`/etc/skel/.gnupg'"; exit 1)
+filelist=$(find . \( -type f -or -type d \) -not -name '*~' -not -name . -print)
+
+
+if ! umask 0077 ; then
+ error "error setting umask"
+ exit 1
+fi
+
+for name in $*; do
+ one_user $name
+done
+
+exit $any_error
diff --git a/tools/applygnupgdefaults b/tools/applygnupgdefaults
new file mode 100755
index 0000000..b4cff63
--- /dev/null
+++ b/tools/applygnupgdefaults
@@ -0,0 +1,82 @@
+#!/bin/sh
+# Apply defaults from /etc/gnupg/gpg.conf to all users -*- sh -*-
+#
+# Copyright 2007 Free Software Foundation, Inc.
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+PGM=applygnupgdefaults
+errorfile=
+
+error () {
+ echo "$PGM: $*" >&2
+ [ -n "$errorfile" ] && echo "$PGM: $*" >>$errorfile
+}
+
+info () {
+ echo "$PGM: $*" >&2
+}
+
+if [ -n "$1" ]; then
+ echo "usage: $PGM" >&2
+ exit 1
+fi
+
+# Cleanup on exit
+cleanup ()
+{
+ [ -n "$errorfile" -a -f "$errorfile" ] && rm "$errorfile"
+}
+trap cleanup EXIT SIGINT SIGHUP SIGPIPE
+errorfile=$(mktemp "/tmp/$PGM.log.XXXXXX")
+[ -n "$errorfile" -a -f "$errorfile" ] || exit 2
+
+# Check whether we can use getent
+if getent --help </dev/null >/dev/null 2>&1 ; then
+ cat_passwd='getent passwd'
+else
+ cat_passwd='cat /etc/passwd'
+ info "please note that only users from /etc/passwd are processed"
+fi
+
+if [ ! -f /etc/gnupg/gpgconf.conf ]; then
+ error "global configuration file \`/etc/gnupg/gpgconf.conf' does not exist"
+ exit 1
+fi
+if [ ! -f /etc/shells ]; then
+ error "missing file \`/etc/shells'"
+ exit 1
+fi
+
+if [ $(id -u) -ne 0 ]; then
+ error "needs to be run as root"
+ exit 1
+fi
+
+${cat_passwd} \
+ | while IFS=: read -r user dmy_a uid dmy_c dmy_d home shell dmy_rest; do
+ # Process only entries with a valid login shell
+ grep </etc/shells "^$shell" 2>/dev/null >/dev/null || continue
+ # and with an existant gnupg home directory
+ [ -d "$home/.gnupg" ] || continue
+ # but not root
+ [ "${uid:-0}" -eq 0 ] && continue
+ info "running \"gpgconf --apply-defaults\" for $user"
+ if su -l -s /bin/sh \
+ -c 'gpgconf --apply-defaults && echo SUCCESS' $user \
+ | tail -1 | grep ^SUCCESS >/dev/null ; then
+ :
+ else
+ error "failed to update gnupg defaults for $user"
+ fi
+done
+
+[ "$(wc -c <$errorfile)" -gt 0 ] && exit 1
+exit 0
+
diff --git a/tools/ccidmon.c b/tools/ccidmon.c
new file mode 100644
index 0000000..b854640
--- /dev/null
+++ b/tools/ccidmon.c
@@ -0,0 +1,879 @@
+/* ccidmon.c - CCID monitor for use with the Linux usbmon facility.
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/* This utility takes the output of usbmon, filters out the bulk data
+ and prints the CCID messages in a human friendly way.
+
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <unistd.h>
+#include <signal.h>
+
+
+#ifndef PACKAGE_VERSION
+# define PACKAGE_VERSION "[build on " __DATE__ " " __TIME__ "]"
+#endif
+#ifndef PACKAGE_BUGREPORT
+# define PACKAGE_BUGREPORT "devnull@example.org"
+#endif
+#define PGM "ccidmon"
+
+/* Option flags. */
+static int verbose;
+static int debug;
+static int skip_escape;
+static int usb_bus, usb_dev;
+static int sniffusb;
+
+
+/* Error counter. */
+static int any_error;
+
+/* Data storage. */
+struct
+{
+ int is_bi;
+ char address[50];
+ int count;
+ char data[2000];
+} databuffer;
+
+
+enum {
+ RDR_to_PC_NotifySlotChange= 0x50,
+ RDR_to_PC_HardwareError = 0x51,
+
+ PC_to_RDR_SetParameters = 0x61,
+ PC_to_RDR_IccPowerOn = 0x62,
+ PC_to_RDR_IccPowerOff = 0x63,
+ PC_to_RDR_GetSlotStatus = 0x65,
+ PC_to_RDR_Secure = 0x69,
+ PC_to_RDR_T0APDU = 0x6a,
+ PC_to_RDR_Escape = 0x6b,
+ PC_to_RDR_GetParameters = 0x6c,
+ PC_to_RDR_ResetParameters = 0x6d,
+ PC_to_RDR_IccClock = 0x6e,
+ PC_to_RDR_XfrBlock = 0x6f,
+ PC_to_RDR_Mechanical = 0x71,
+ PC_to_RDR_Abort = 0x72,
+ PC_to_RDR_SetDataRate = 0x73,
+
+ RDR_to_PC_DataBlock = 0x80,
+ RDR_to_PC_SlotStatus = 0x81,
+ RDR_to_PC_Parameters = 0x82,
+ RDR_to_PC_Escape = 0x83,
+ RDR_to_PC_DataRate = 0x84
+};
+
+
+#define digitp(p) ((p) >= '0' && (p) <= '9')
+#define hexdigitp(a) (digitp (a) \
+ || ((a) >= 'A' && (a) <= 'F') \
+ || ((a) >= 'a' && (a) <= 'f'))
+#define ascii_isspace(a) ((a)==' ' || (a)=='\n' || (a)=='\r' || (a)=='\t')
+#define xtoi_1(p) ((p) <= '9'? ((p)- '0'): \
+ (p) <= 'F'? ((p)-'A'+10):((p)-'a'+10))
+
+
+
+/* Print diagnostic message and exit with failure. */
+static void
+die (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ fflush (stdout);
+ fprintf (stderr, "%s: ", PGM);
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+ putc ('\n', stderr);
+
+ exit (1);
+}
+
+
+/* Print diagnostic message. */
+static void
+err (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ any_error = 1;
+
+ fflush (stdout);
+ fprintf (stderr, "%s: ", PGM);
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+ putc ('\n', stderr);
+}
+
+
+/* Convert a little endian stored 4 byte value into an unsigned
+ integer. */
+static unsigned int
+convert_le_u32 (const unsigned char *buf)
+{
+ return buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24);
+}
+
+
+/* Convert a little endian stored 2 byte value into an unsigned
+ integer. */
+static unsigned int
+convert_le_u16 (const unsigned char *buf)
+{
+ return buf[0] | (buf[1] << 8);
+}
+
+
+
+
+static void
+print_pr_data (const unsigned char *data, size_t datalen, size_t off)
+{
+ int needlf = 0;
+ int first = 1;
+
+ for (; off < datalen; off++)
+ {
+ if (!(off % 16) || first)
+ {
+ if (needlf)
+ putchar ('\n');
+ printf (" [%04d] ", off);
+ }
+ printf (" %02X", data[off]);
+ needlf = 1;
+ first = 0;
+ }
+ if (needlf)
+ putchar ('\n');
+}
+
+
+static void
+print_p2r_header (const char *name, const unsigned char *msg, size_t msglen)
+{
+ printf ("%s:\n", name);
+ if (msglen < 7)
+ return;
+ printf (" dwLength ..........: %u\n", convert_le_u32 (msg+1));
+ printf (" bSlot .............: %u\n", msg[5]);
+ printf (" bSeq ..............: %u\n", msg[6]);
+}
+
+
+static void
+print_p2r_iccpoweron (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_IccPowerOn", msg, msglen);
+ if (msglen < 10)
+ return;
+ printf (" bPowerSelect ......: 0x%02x (%s)\n", msg[7],
+ msg[7] == 0? "auto":
+ msg[7] == 1? "5.0 V":
+ msg[7] == 2? "3.0 V":
+ msg[7] == 3? "1.8 V":"");
+ print_pr_data (msg, msglen, 8);
+}
+
+
+static void
+print_p2r_iccpoweroff (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_IccPowerOff", msg, msglen);
+ print_pr_data (msg, msglen, 7);
+}
+
+
+static void
+print_p2r_getslotstatus (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_GetSlotStatus", msg, msglen);
+ print_pr_data (msg, msglen, 7);
+}
+
+
+static void
+print_p2r_xfrblock (const unsigned char *msg, size_t msglen)
+{
+ unsigned int val;
+
+ print_p2r_header ("PC_to_RDR_XfrBlock", msg, msglen);
+ if (msglen < 10)
+ return;
+ printf (" bBWI ..............: 0x%02x\n", msg[7]);
+ val = convert_le_u16 (msg+8);
+ printf (" wLevelParameter ...: 0x%04x%s\n", val,
+ val == 1? " (continued)":
+ val == 2? " (continues+ends)":
+ val == 3? " (continues+continued)":
+ val == 16? " (DataBlock-expected)":"");
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_p2r_getparameters (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_GetParameters", msg, msglen);
+ print_pr_data (msg, msglen, 7);
+}
+
+
+static void
+print_p2r_resetparameters (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_ResetParameters", msg, msglen);
+ print_pr_data (msg, msglen, 7);
+}
+
+
+static void
+print_p2r_setparameters (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_SetParameters", msg, msglen);
+ if (msglen < 10)
+ return;
+ printf (" bProtocolNum ......: 0x%02x\n", msg[7]);
+ print_pr_data (msg, msglen, 8);
+}
+
+
+static void
+print_p2r_escape (const unsigned char *msg, size_t msglen)
+{
+ if (skip_escape)
+ return;
+ print_p2r_header ("PC_to_RDR_Escape", msg, msglen);
+ print_pr_data (msg, msglen, 7);
+}
+
+
+static void
+print_p2r_iccclock (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_IccClock", msg, msglen);
+ if (msglen < 10)
+ return;
+ printf (" bClockCommand .....: 0x%02x\n", msg[7]);
+ print_pr_data (msg, msglen, 8);
+}
+
+
+static void
+print_p2r_to0apdu (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_T0APDU", msg, msglen);
+ if (msglen < 10)
+ return;
+ printf (" bmChanges .........: 0x%02x\n", msg[7]);
+ printf (" bClassGetResponse .: 0x%02x\n", msg[8]);
+ printf (" bClassEnvelope ....: 0x%02x\n", msg[9]);
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_p2r_secure (const unsigned char *msg, size_t msglen)
+{
+ unsigned int val;
+
+ print_p2r_header ("PC_to_RDR_Secure", msg, msglen);
+ if (msglen < 10)
+ return;
+ printf (" bBMI ..............: 0x%02x\n", msg[7]);
+ val = convert_le_u16 (msg+8);
+ printf (" wLevelParameter ...: 0x%04x%s\n", val,
+ val == 1? " (continued)":
+ val == 2? " (continues+ends)":
+ val == 3? " (continues+continued)":
+ val == 16? " (DataBlock-expected)":"");
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_p2r_mechanical (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_Mechanical", msg, msglen);
+ if (msglen < 10)
+ return;
+ printf (" bFunction .........: 0x%02x\n", msg[7]);
+ print_pr_data (msg, msglen, 8);
+}
+
+
+static void
+print_p2r_abort (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_Abort", msg, msglen);
+ print_pr_data (msg, msglen, 7);
+}
+
+
+static void
+print_p2r_setdatarate (const unsigned char *msg, size_t msglen)
+{
+ print_p2r_header ("PC_to_RDR_SetDataRate", msg, msglen);
+ if (msglen < 10)
+ return;
+ print_pr_data (msg, msglen, 7);
+}
+
+
+static void
+print_p2r_unknown (const unsigned char *msg, size_t msglen)
+{
+ char buf[100];
+
+ snprintf (buf, sizeof buf, "Unknown PC_to_RDR command 0x%02X",
+ msglen? msg[0]:0);
+ print_p2r_header (buf, msg, msglen);
+ if (msglen < 10)
+ return;
+ print_pr_data (msg, msglen, 0);
+}
+
+
+static void
+print_p2r (const unsigned char *msg, size_t msglen)
+{
+ switch (msglen? msg[0]:0)
+ {
+ case PC_to_RDR_IccPowerOn:
+ print_p2r_iccpoweron (msg, msglen);
+ break;
+ case PC_to_RDR_IccPowerOff:
+ print_p2r_iccpoweroff (msg, msglen);
+ break;
+ case PC_to_RDR_GetSlotStatus:
+ print_p2r_getslotstatus (msg, msglen);
+ break;
+ case PC_to_RDR_XfrBlock:
+ print_p2r_xfrblock (msg, msglen);
+ break;
+ case PC_to_RDR_GetParameters:
+ print_p2r_getparameters (msg, msglen);
+ break;
+ case PC_to_RDR_ResetParameters:
+ print_p2r_resetparameters (msg, msglen);
+ break;
+ case PC_to_RDR_SetParameters:
+ print_p2r_setparameters (msg, msglen);
+ break;
+ case PC_to_RDR_Escape:
+ print_p2r_escape (msg, msglen);
+ break;
+ case PC_to_RDR_IccClock:
+ print_p2r_iccclock (msg, msglen);
+ break;
+ case PC_to_RDR_T0APDU:
+ print_p2r_to0apdu (msg, msglen);
+ break;
+ case PC_to_RDR_Secure:
+ print_p2r_secure (msg, msglen);
+ break;
+ case PC_to_RDR_Mechanical:
+ print_p2r_mechanical (msg, msglen);
+ break;
+ case PC_to_RDR_Abort:
+ print_p2r_abort (msg, msglen);
+ break;
+ case PC_to_RDR_SetDataRate:
+ print_p2r_setdatarate (msg, msglen);
+ break;
+ default:
+ print_p2r_unknown (msg, msglen);
+ break;
+ }
+}
+
+
+static void
+print_r2p_header (const char *name, const unsigned char *msg, size_t msglen)
+{
+ printf ("%s:\n", name);
+ if (msglen < 9)
+ return;
+ printf (" dwLength ..........: %u\n", convert_le_u32 (msg+1));
+ printf (" bSlot .............: %u\n", msg[5]);
+ printf (" bSeq ..............: %u\n", msg[6]);
+ printf (" bStatus ...........: %u\n", msg[7]);
+ if (msg[8])
+ printf (" bError ............: %u\n", msg[8]);
+}
+
+
+static void
+print_r2p_datablock (const unsigned char *msg, size_t msglen)
+{
+ print_r2p_header ("RDR_to_PC_DataBlock", msg, msglen);
+ if (msglen < 10)
+ return;
+ if (msg[9])
+ printf (" bChainParameter ...: 0x%02x%s\n", msg[9],
+ msg[9] == 1? " (continued)":
+ msg[9] == 2? " (continues+ends)":
+ msg[9] == 3? " (continues+continued)":
+ msg[9] == 16? " (XferBlock-expected)":"");
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_r2p_slotstatus (const unsigned char *msg, size_t msglen)
+{
+ print_r2p_header ("RDR_to_PC_SlotStatus", msg, msglen);
+ if (msglen < 10)
+ return;
+ printf (" bClockStatus ......: 0x%02x%s\n", msg[9],
+ msg[9] == 0? " (running)":
+ msg[9] == 1? " (stopped-L)":
+ msg[9] == 2? " (stopped-H)":
+ msg[9] == 3? " (stopped)":"");
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_r2p_parameters (const unsigned char *msg, size_t msglen)
+{
+ print_r2p_header ("RDR_to_PC_Parameters", msg, msglen);
+ if (msglen < 10)
+ return;
+
+ printf (" protocol ..........: T=%d\n", msg[9]);
+ if (msglen == 17 && msg[9] == 1)
+ {
+ /* Protocol T=1. */
+ printf (" bmFindexDindex ....: %02X\n", msg[10]);
+ printf (" bmTCCKST1 .........: %02X\n", msg[11]);
+ printf (" bGuardTimeT1 ......: %02X\n", msg[12]);
+ printf (" bmWaitingIntegersT1: %02X\n", msg[13]);
+ printf (" bClockStop ........: %02X\n", msg[14]);
+ printf (" bIFSC .............: %d\n", msg[15]);
+ printf (" bNadValue .........: %d\n", msg[16]);
+ }
+ else
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_r2p_escape (const unsigned char *msg, size_t msglen)
+{
+ if (skip_escape)
+ return;
+ print_r2p_header ("RDR_to_PC_Escape", msg, msglen);
+ if (msglen < 10)
+ return;
+ printf (" buffer[9] .........: %02X\n", msg[9]);
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_r2p_datarate (const unsigned char *msg, size_t msglen)
+{
+ print_r2p_header ("RDR_to_PC_DataRate", msg, msglen);
+ if (msglen < 10)
+ return;
+ if (msglen >= 18)
+ {
+ printf (" dwClockFrequency ..: %u\n", convert_le_u32 (msg+10));
+ printf (" dwDataRate ..... ..: %u\n", convert_le_u32 (msg+14));
+ print_pr_data (msg, msglen, 18);
+ }
+ else
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_r2p_unknown (const unsigned char *msg, size_t msglen)
+{
+ char buf[100];
+
+ snprintf (buf, sizeof buf, "Unknown RDR_to_PC command 0x%02X",
+ msglen? msg[0]:0);
+ print_r2p_header (buf, msg, msglen);
+ if (msglen < 10)
+ return;
+ printf (" bMessageType ......: %02X\n", msg[0]);
+ printf (" buffer[9] .........: %02X\n", msg[9]);
+ print_pr_data (msg, msglen, 10);
+}
+
+
+static void
+print_r2p (const unsigned char *msg, size_t msglen)
+{
+ switch (msglen? msg[0]:0)
+ {
+ case RDR_to_PC_DataBlock:
+ print_r2p_datablock (msg, msglen);
+ break;
+ case RDR_to_PC_SlotStatus:
+ print_r2p_slotstatus (msg, msglen);
+ break;
+ case RDR_to_PC_Parameters:
+ print_r2p_parameters (msg, msglen);
+ break;
+ case RDR_to_PC_Escape:
+ print_r2p_escape (msg, msglen);
+ break;
+ case RDR_to_PC_DataRate:
+ print_r2p_datarate (msg, msglen);
+ break;
+ default:
+ print_r2p_unknown (msg, msglen);
+ break;
+ }
+
+}
+
+
+static void
+flush_data (void)
+{
+ if (!databuffer.count)
+ return;
+
+ if (verbose)
+ printf ("Address: %s\n", databuffer.address);
+ if (databuffer.is_bi)
+ {
+ print_r2p (databuffer.data, databuffer.count);
+ if (verbose)
+ putchar ('\n');
+ }
+ else
+ print_p2r (databuffer.data, databuffer.count);
+
+ databuffer.count = 0;
+}
+
+static void
+collect_data (char *hexdata, const char *address, unsigned int lineno)
+{
+ size_t length;
+ int is_bi;
+ char *s;
+ unsigned int value;
+
+ is_bi = (*address && address[1] == 'i');
+
+ if (databuffer.is_bi != is_bi || strcmp (databuffer.address, address))
+ flush_data ();
+ databuffer.is_bi = is_bi;
+ if (strlen (address) >= sizeof databuffer.address)
+ die ("address field too long");
+ strcpy (databuffer.address, address);
+
+ length = databuffer.count;
+ for (s=hexdata; *s; s++ )
+ {
+ if (ascii_isspace (*s))
+ continue;
+ if (!hexdigitp (*s))
+ {
+ err ("invalid hex digit in line %u - line skipped", lineno);
+ break;
+ }
+ value = xtoi_1 (*s) * 16;
+ s++;
+ if (!hexdigitp (*s))
+ {
+ err ("invalid hex digit in line %u - line skipped", lineno);
+ break;
+ }
+ value += xtoi_1 (*s);
+
+ if (length >= sizeof (databuffer.data))
+ {
+ err ("too much data at line %u - can handle only up to % bytes",
+ lineno, sizeof (databuffer.data));
+ break;
+ }
+ databuffer.data[length++] = value;
+ }
+ databuffer.count = length;
+}
+
+
+static void
+parse_line (char *line, unsigned int lineno)
+{
+ char *p;
+ char *event_type, *address, *data, *status, *datatag;
+
+ if (debug)
+ printf ("line[%u] =`%s'\n", lineno, line);
+
+ p = strtok (line, " ");
+ if (!p)
+ die ("invalid line %d (no URB)");
+ p = strtok (NULL, " ");
+ if (!p)
+ die ("invalid line %d (no timestamp)");
+ event_type = strtok (NULL, " ");
+ if (!event_type)
+ die ("invalid line %d (no event type)");
+ address = strtok (NULL, " ");
+ if (!address)
+ die ("invalid line %d (no address");
+ if (usb_bus || usb_dev)
+ {
+ int bus, dev;
+
+ p = strchr (address, ':');
+ if (!p)
+ die ("invalid line %d (invalid address");
+ p++;
+ bus = atoi (p);
+ p = strchr (p, ':');
+ if (!p)
+ die ("invalid line %d (invalid address");
+ p++;
+ dev = atoi (p);
+
+ if ((usb_bus && usb_bus != bus) || (usb_dev && usb_dev != dev))
+ return; /* We don't want that one. */
+ }
+ if (*address != 'B' || (address[1] != 'o' && address[1] != 'i'))
+ return; /* We only want block in and block out. */
+ status = strtok (NULL, " ");
+ if (!status)
+ return;
+ if (!strchr ("-0123456789", *status))
+ return; /* Setup packet. */
+ /* We don't support "Z[io]" types thus we don't need to check here. */
+ p = strtok (NULL, " ");
+ if (!p)
+ return; /* No data length. */
+
+ datatag = strtok (NULL, " ");
+ if (datatag && *datatag == '=')
+ {
+ data = strtok (NULL, "");
+ collect_data (data?data:"", address, lineno);
+ }
+}
+
+
+static void
+parse_line_sniffusb (char *line, unsigned int lineno)
+{
+ char *p;
+
+ if (debug)
+ printf ("line[%u] =`%s'\n", lineno, line);
+
+ p = strtok (line, " \t");
+ if (!p)
+ return;
+ p = strtok (NULL, " \t");
+ if (!p)
+ return;
+ p = strtok (NULL, " \t");
+ if (!p)
+ return;
+
+ if (hexdigitp (p[0]) && hexdigitp (p[1])
+ && hexdigitp (p[2]) && hexdigitp (p[3])
+ && p[4] == ':' && !p[5])
+ {
+ size_t length;
+ unsigned int value;
+
+ length = databuffer.count;
+ while ((p=strtok (NULL, " \t")))
+ {
+ if (!hexdigitp (p[0]) || !hexdigitp (p[1]))
+ {
+ err ("invalid hex digit in line %u (%s)", lineno,p);
+ break;
+ }
+ value = xtoi_1 (p[0]) * 16 + xtoi_1 (p[1]);
+
+ if (length >= sizeof (databuffer.data))
+ {
+ err ("too much data at line %u - can handle only up to % bytes",
+ lineno, sizeof (databuffer.data));
+ break;
+ }
+ databuffer.data[length++] = value;
+ }
+ databuffer.count = length;
+
+ }
+ else if (!strcmp (p, "TransferFlags"))
+ {
+ flush_data ();
+
+ *databuffer.address = 0;
+ while ((p=strtok (NULL, " \t(,)")))
+ {
+ if (!strcmp (p, "USBD_TRANSFER_DIRECTION_IN"))
+ {
+ databuffer.is_bi = 1;
+ break;
+ }
+ else if (!strcmp (p, "USBD_TRANSFER_DIRECTION_OUT"))
+ {
+ databuffer.is_bi = 0;
+ break;
+ }
+ }
+ }
+
+}
+
+
+static void
+parse_input (FILE *fp)
+{
+ char line[2000];
+ size_t length;
+ unsigned int lineno = 0;
+
+ while (fgets (line, sizeof (line), fp))
+ {
+ lineno++;
+ length = strlen (line);
+ if (length && line[length - 1] == '\n')
+ line[--length] = 0;
+ else
+ err ("line number %u too long or last line not terminated", lineno);
+ if (length && line[length - 1] == '\r')
+ line[--length] = 0;
+ if (sniffusb)
+ parse_line_sniffusb (line, lineno);
+ else
+ parse_line (line, lineno);
+ }
+ flush_data ();
+ if (ferror (fp))
+ err ("error reading input at line %u: %s", lineno, strerror (errno));
+}
+
+
+int
+main (int argc, char **argv)
+{
+ int last_argc = -1;
+
+ if (argc)
+ {
+ argc--; argv++;
+ }
+ while (argc && last_argc != argc )
+ {
+ last_argc = argc;
+ if (!strcmp (*argv, "--"))
+ {
+ argc--; argv++;
+ break;
+ }
+ else if (!strcmp (*argv, "--version"))
+ {
+ fputs (PGM " (GnuPG) " PACKAGE_VERSION "\n", stdout);
+ exit (0);
+ }
+ else if (!strcmp (*argv, "--help"))
+ {
+ puts ("Usage: " PGM " [BUS:DEV]\n"
+ "Parse the output of usbmod assuming it is CCID compliant.\n\n"
+ " --skip-escape do not show escape packets\n"
+ " --sniffusb Assume output from Sniffusb.exe\n"
+ " --verbose enable extra informational output\n"
+ " --debug enable additional debug output\n"
+ " --help display this help and exit\n\n"
+ "Report bugs to " PACKAGE_BUGREPORT ".");
+ exit (0);
+ }
+ else if (!strcmp (*argv, "--verbose"))
+ {
+ verbose = 1;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--debug"))
+ {
+ verbose = debug = 1;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--skip-escape"))
+ {
+ skip_escape = 1;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--sniffusb"))
+ {
+ sniffusb = 1;
+ argc--; argv++;
+ }
+ }
+
+ if (argc && sniffusb)
+ die ("no arguments expected when using --sniffusb\n");
+ else if (argc > 1)
+ die ("usage: " PGM " [BUS:DEV] (try --help for more information)\n");
+
+ if (argc == 1)
+ {
+ const char *s = strchr (argv[0], ':');
+
+ usb_bus = atoi (argv[0]);
+ if (s)
+ usb_dev = atoi (s+1);
+ if (usb_bus < 1 || usb_bus > 999 || usb_dev < 1 || usb_dev > 999)
+ die ("invalid bus:dev specified");
+ }
+
+
+ signal (SIGPIPE, SIG_IGN);
+
+ parse_input (stdin);
+
+ return any_error? 1:0;
+}
+
+
+/*
+Local Variables:
+compile-command: "gcc -Wall -Wno-pointer-sign -g -o ccidmon ccidmon.c"
+End:
+*/
diff --git a/tools/clean-sat.c b/tools/clean-sat.c
new file mode 100644
index 0000000..4b44a7b
--- /dev/null
+++ b/tools/clean-sat.c
@@ -0,0 +1,36 @@
+/* clean-sat.c
+ * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is free software; as a special exception the author gives
+ * unlimited permission to copy and/or distribute it, with or without
+ * modifications, as long as this notice is preserved.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include <stdio.h>
+
+int
+main(int argc, char **argv)
+{
+ int c;
+
+ (void)argv;
+
+ if( argc > 1 ) {
+ fprintf(stderr, "no arguments, please\n");
+ return 1;
+ }
+
+ while( (c=getchar()) == '\n' )
+ ;
+ while( c != EOF ) {
+ putchar(c);
+ c = getchar();
+ }
+
+ return 0;
+}
+
diff --git a/tools/convert-from-106 b/tools/convert-from-106
new file mode 100755
index 0000000..173793b
--- /dev/null
+++ b/tools/convert-from-106
@@ -0,0 +1,55 @@
+#!/bin/sh
+# Copyright (C) 2002, 2004 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+if ! gpg --version > /dev/null 2>&1 ; then
+ echo "GnuPG not available!"
+ exit 1
+fi
+
+gpg="gpg --no-greeting --no-secmem-warning"
+
+echo "This script converts your public keyring and trustdb from GnuPG"
+echo "1.0.6 or earlier to the 1.0.7 and later format."
+
+echo "If you have already done this, there is no harm (but no point)"
+echo "in doing it again."
+
+echo -n "Continue? (y/N)"
+
+read answer
+
+if test "x$answer" != "xy" ; then
+ exit 0
+fi
+
+echo
+echo "Marking your keys as ultimately trusted"
+for key in `$gpg --with-colons --list-secret-keys | grep sec: | cut -d: -f5`
+do
+ $gpg --trusted-key $key --with-colons --list-keys $key > /dev/null 2>&1
+ echo -n "."
+done
+echo
+
+echo
+echo "Adding signature caches"
+$gpg --rebuild-keydb-caches
+
+echo
+echo "Checking trustdb"
+$gpg --check-trustdb
+
+echo
+echo "Done!"
diff --git a/tools/gpg-check-pattern.c b/tools/gpg-check-pattern.c
new file mode 100644
index 0000000..8d15263
--- /dev/null
+++ b/tools/gpg-check-pattern.c
@@ -0,0 +1,503 @@
+/* gpg-check-pattern.c - A tool to check passphrases against pattern.
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdarg.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#ifdef HAVE_LOCALE_H
+# include <locale.h>
+#endif
+#ifdef HAVE_LANGINFO_CODESET
+# include <langinfo.h>
+#endif
+#ifdef HAVE_DOSISH_SYSTEM
+# include <fcntl.h> /* for setmode() */
+#endif
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <regex.h>
+#include <ctype.h>
+
+
+#define JNLIB_NEED_LOG_LOGV
+#include "util.h"
+#include "i18n.h"
+#include "sysutils.h"
+
+
+enum cmd_and_opt_values
+{ aNull = 0,
+ oVerbose = 'v',
+ oArmor = 'a',
+ oPassphrase = 'P',
+
+ oProtect = 'p',
+ oUnprotect = 'u',
+ oNull = '0',
+
+ oNoVerbose = 500,
+ oCheck,
+
+ oHomedir
+};
+
+
+/* The list of commands and options. */
+static ARGPARSE_OPTS opts[] = {
+
+ { 301, NULL, 0, N_("@Options:\n ") },
+
+ { oVerbose, "verbose", 0, "verbose" },
+
+ { oHomedir, "homedir", 2, "@" },
+ { oCheck, "check", 0, "run only a syntax check on the patternfile" },
+ { oNull, "null", 0, "input is expected to be null delimited" },
+
+ {0}
+};
+
+
+/* Global options are accessed through the usual OPT structure. */
+static struct
+{
+ int verbose;
+ const char *homedir;
+ int checkonly;
+ int null;
+} opt;
+
+
+enum {
+ PAT_NULL, /* Indicates end of the array. */
+ PAT_STRING, /* The pattern is a simple string. */
+ PAT_REGEX /* The pattern is an extended regualr expression. */
+};
+
+
+/* An object to decibe an item of our pattern table. */
+struct pattern_s
+{
+ int type;
+ unsigned int lineno; /* Line number of the pattern file. */
+ union {
+ struct {
+ const char *string; /* Pointer to the actual string (nul termnated). */
+ size_t length; /* The length of this string (strlen). */
+ } s; /*PAT_STRING*/
+ struct {
+ /* We allocate the regex_t because this type is larger than what
+ we need for PAT_STRING and we expect only a few regex in a
+ patternfile. It would be a waste of core to have so many
+ unused stuff in the table. */
+ regex_t *regex;
+ } r; /*PAT_REGEX*/
+ } u;
+};
+typedef struct pattern_s pattern_t;
+
+
+
+/*** Local prototypes ***/
+static char *read_file (const char *fname, size_t *r_length);
+static pattern_t *parse_pattern_file (char *data, size_t datalen);
+static void process (FILE *fp, pattern_t *patarray);
+
+
+
+
+/* Info function for usage(). */
+static const char *
+my_strusage (int level)
+{
+ const char *p;
+ switch (level)
+ {
+ case 11: p = "gpg-check-pattern (GnuPG)";
+ break;
+ case 13: p = VERSION; break;
+ case 17: p = PRINTABLE_OS_NAME; break;
+ case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+ case 1:
+ case 40:
+ p = _("Usage: gpg-check-pattern [options] patternfile (-h for help)\n");
+ break;
+ case 41:
+ p = _("Syntax: gpg-check-pattern [options] patternfile\n"
+ "Check a passphrase given on stdin against the patternfile\n");
+ break;
+
+ default: p = NULL;
+ }
+ return p;
+}
+
+
+int
+main (int argc, char **argv )
+{
+ ARGPARSE_ARGS pargs;
+ char *raw_pattern;
+ size_t raw_pattern_length;
+ pattern_t *patternarray;
+
+ set_strusage (my_strusage);
+ gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
+ log_set_prefix ("gpg-check-pattern", 1);
+
+ /* Make sure that our subsystems are ready. */
+ i18n_init ();
+ init_common_subsystems ();
+
+ /* We need Libgcrypt for hashing. */
+ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
+ {
+ log_fatal ( _("%s is too old (need %s, have %s)\n"), "libgcrypt",
+ NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
+ }
+
+ setup_libgcrypt_logging ();
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);
+
+ opt.homedir = default_homedir ();
+
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags= 1; /* (do not remove the args) */
+ while (arg_parse (&pargs, opts) )
+ {
+ switch (pargs.r_opt)
+ {
+ case oVerbose: opt.verbose++; break;
+ case oHomedir: opt.homedir = pargs.r.ret_str; break;
+ case oCheck: opt.checkonly = 1; break;
+ case oNull: opt.null = 1; break;
+
+ default : pargs.err = 2; break;
+ }
+ }
+ if (log_get_errorcount(0))
+ exit (2);
+
+ if (argc != 1)
+ usage (1);
+
+ /* We read the entire pattern file into our memory and parse it
+ using a separate function. This allows us to eventual do the
+ reading while running setuid so that the pattern file can be
+ hidden from regular users. I am not sure whether this makes
+ sense, but lets be prepared for it. */
+ raw_pattern = read_file (*argv, &raw_pattern_length);
+ if (!raw_pattern)
+ exit (2);
+
+ patternarray = parse_pattern_file (raw_pattern, raw_pattern_length);
+ if (!patternarray)
+ exit (1);
+ if (opt.checkonly)
+ return 0;
+
+#ifdef HAVE_DOSISH_SYSTEM
+ setmode (fileno (stdin) , O_BINARY );
+#endif
+ process (stdin, patternarray);
+
+ return log_get_errorcount(0)? 1 : 0;
+}
+
+
+
+/* Read a file FNAME into a buffer and return that malloced buffer.
+ Caller must free the buffer. On error NULL is returned, on success
+ the valid length of the buffer is stored at R_LENGTH. The returned
+ buffer is guarnteed to be nul terminated. */
+static char *
+read_file (const char *fname, size_t *r_length)
+{
+ FILE *fp;
+ char *buf;
+ size_t buflen;
+
+ if (!strcmp (fname, "-"))
+ {
+ size_t nread, bufsize = 0;
+
+ fp = stdin;
+#ifdef HAVE_DOSISH_SYSTEM
+ setmode ( fileno(fp) , O_BINARY );
+#endif
+ buf = NULL;
+ buflen = 0;
+#define NCHUNK 8192
+ do
+ {
+ bufsize += NCHUNK;
+ if (!buf)
+ buf = xmalloc (bufsize+1);
+ else
+ buf = xrealloc (buf, bufsize+1);
+
+ nread = fread (buf+buflen, 1, NCHUNK, fp);
+ if (nread < NCHUNK && ferror (fp))
+ {
+ log_error ("error reading `[stdin]': %s\n", strerror (errno));
+ xfree (buf);
+ return NULL;
+ }
+ buflen += nread;
+ }
+ while (nread == NCHUNK);
+#undef NCHUNK
+
+ }
+ else
+ {
+ struct stat st;
+
+ fp = fopen (fname, "rb");
+ if (!fp)
+ {
+ log_error ("can't open `%s': %s\n", fname, strerror (errno));
+ return NULL;
+ }
+
+ if (fstat (fileno(fp), &st))
+ {
+ log_error ("can't stat `%s': %s\n", fname, strerror (errno));
+ fclose (fp);
+ return NULL;
+ }
+
+ buflen = st.st_size;
+ buf = xmalloc (buflen+1);
+ if (fread (buf, buflen, 1, fp) != 1)
+ {
+ log_error ("error reading `%s': %s\n", fname, strerror (errno));
+ fclose (fp);
+ xfree (buf);
+ return NULL;
+ }
+ fclose (fp);
+ }
+ buf[buflen] = 0;
+ *r_length = buflen;
+ return buf;
+}
+
+
+
+static char *
+get_regerror (int errcode, regex_t *compiled)
+{
+ size_t length = regerror (errcode, compiled, NULL, 0);
+ char *buffer = xmalloc (length);
+ regerror (errcode, compiled, buffer, length);
+ return buffer;
+}
+
+/* Parse the pattern given in the memory aread DATA/DATALEN and return
+ a new pattern array. The end of the array is indicated by a NULL
+ entry. On error an error message is printed and the fucntion
+ returns NULL. Note that the function modifies DATA and assumes
+ that data is nul terminated (even if this is one byte past
+ DATALEN). */
+static pattern_t *
+parse_pattern_file (char *data, size_t datalen)
+{
+ char *p, *p2;
+ size_t n;
+ pattern_t *array;
+ size_t arraysize, arrayidx;
+ unsigned int lineno = 0;
+
+ /* Estimate the number of entries by counting the non-comment lines. */
+ arraysize = 0;
+ p = data;
+ for (n = datalen; n && (p2 = memchr (p, '\n', n)); p2++, n -= p2 - p, p = p2)
+ if (*p != '#')
+ arraysize++;
+ arraysize += 2; /* For the terminating NULL and a last line w/o a LF. */
+
+ array = xcalloc (arraysize, sizeof *array);
+ arrayidx = 0;
+
+ /* Loop over all lines. */
+ while (datalen && data)
+ {
+ lineno++;
+ p = data;
+ p2 = data = memchr (p, '\n', datalen);
+ if (p2)
+ {
+ *data++ = 0;
+ datalen -= data - p;
+ }
+ else
+ p2 = p + datalen;
+ assert (!*p2);
+ p2--;
+ while (isascii (*p) && isspace (*p))
+ p++;
+ if (*p == '#')
+ continue;
+ while (p2 > p && isascii (*p2) && isspace (*p2))
+ *p2-- = 0;
+ if (!*p)
+ continue;
+ assert (arrayidx < arraysize);
+ array[arrayidx].lineno = lineno;
+ if (*p == '/')
+ {
+ int rerr;
+
+ p++;
+ array[arrayidx].type = PAT_REGEX;
+ if (*p && p[strlen(p)-1] == '/')
+ p[strlen(p)-1] = 0; /* Remove optional delimiter. */
+ array[arrayidx].u.r.regex = xcalloc (1, sizeof (regex_t));
+ rerr = regcomp (array[arrayidx].u.r.regex, p,
+ REG_ICASE|REG_NOSUB|REG_EXTENDED);
+ if (rerr)
+ {
+ char *rerrbuf = get_regerror (rerr, array[arrayidx].u.r.regex);
+ log_error ("invalid r.e. at line %u: %s\n", lineno, rerrbuf);
+ xfree (rerrbuf);
+ if (!opt.checkonly)
+ exit (1);
+ }
+ }
+ else
+ {
+ array[arrayidx].type = PAT_STRING;
+ array[arrayidx].u.s.string = p;
+ array[arrayidx].u.s.length = strlen (p);
+ }
+ arrayidx++;
+ }
+ assert (arrayidx < arraysize);
+ array[arrayidx].type = PAT_NULL;
+
+ return array;
+}
+
+
+/* Check whether string macthes any of the pattern in PATARRAY and
+ returns the matching pattern item or NULL. */
+static pattern_t *
+match_p (const char *string, pattern_t *patarray)
+{
+ pattern_t *pat;
+
+ if (!*string)
+ {
+ if (opt.verbose)
+ log_info ("zero length input line - ignored\n");
+ return NULL;
+ }
+
+ for (pat = patarray; pat->type != PAT_NULL; pat++)
+ {
+ if (pat->type == PAT_STRING)
+ {
+ if (!strcasecmp (pat->u.s.string, string))
+ return pat;
+ }
+ else if (pat->type == PAT_REGEX)
+ {
+ int rerr;
+
+ rerr = regexec (pat->u.r.regex, string, 0, NULL, 0);
+ if (!rerr)
+ return pat;
+ else if (rerr != REG_NOMATCH)
+ {
+ char *rerrbuf = get_regerror (rerr, pat->u.r.regex);
+ log_error ("matching r.e. failed: %s\n", rerrbuf);
+ xfree (rerrbuf);
+ return pat; /* Better indicate a match on error. */
+ }
+ }
+ else
+ BUG ();
+ }
+ return NULL;
+}
+
+
+/* Actual processing of the input. This fucntion does not return an
+ error code but exits as soon as a match has been found. */
+static void
+process (FILE *fp, pattern_t *patarray)
+{
+ char buffer[2048];
+ size_t idx;
+ int c;
+ unsigned long lineno = 0;
+ pattern_t *pat;
+
+ idx = 0;
+ c = 0;
+ while (idx < sizeof buffer -1 && c != EOF )
+ {
+ if ((c = getc (fp)) != EOF)
+ buffer[idx] = c;
+ if ((c == '\n' && !opt.null) || (!c && opt.null) || c == EOF)
+ {
+ lineno++;
+ if (!opt.null)
+ {
+ while (idx && isascii (buffer[idx-1]) && isspace (buffer[idx-1]))
+ idx--;
+ }
+ buffer[idx] = 0;
+ pat = match_p (buffer, patarray);
+ if (pat)
+ {
+ if (opt.verbose)
+ log_error ("input line %lu matches pattern at line %u"
+ " - rejected\n",
+ lineno, pat->lineno);
+ exit (1);
+ }
+ idx = 0;
+ }
+ else
+ idx++;
+ }
+ if (c != EOF)
+ {
+ log_error ("input line %lu too long - rejected\n", lineno+1);
+ exit (1);
+ }
+ if (ferror (fp))
+ {
+ log_error ("input read error at line %lu: %s - rejected\n",
+ lineno+1, strerror (errno));
+ exit (1);
+ }
+ if (opt.verbose)
+ log_info ("no input line matches the pattern - accepted\n");
+}
+
diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c
new file mode 100644
index 0000000..4acda01
--- /dev/null
+++ b/tools/gpg-connect-agent.c
@@ -0,0 +1,2228 @@
+/* gpg-connect-agent.c - Tool to connect to the agent.
+ * Copyright (C) 2005, 2007, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <ctype.h>
+#include <assuan.h>
+#include <unistd.h>
+#include <assert.h>
+
+#include "i18n.h"
+#include "../common/util.h"
+#include "../common/asshelp.h"
+#include "../common/sysutils.h"
+#include "../common/membuf.h"
+#include "../common/ttyio.h"
+#ifdef HAVE_W32_SYSTEM
+# include "../common/exechelp.h"
+#endif
+
+
+#define CONTROL_D ('D' - 'A' + 1)
+#define octdigitp(p) (*(p) >= '0' && *(p) <= '7')
+
+/* Constants to identify the commands and options. */
+enum cmd_and_opt_values
+ {
+ aNull = 0,
+ oQuiet = 'q',
+ oVerbose = 'v',
+ oRawSocket = 'S',
+ oExec = 'E',
+ oRun = 'r',
+ oSubst = 's',
+
+ oNoVerbose = 500,
+ oHomedir,
+ oHex,
+ oDecode,
+ oNoExtConnect
+
+ };
+
+
+/* The list of commands and options. */
+static ARGPARSE_OPTS opts[] = {
+ ARGPARSE_group (301, N_("@\nOptions:\n ")),
+
+ ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
+ ARGPARSE_s_n (oQuiet, "quiet", N_("quiet")),
+ ARGPARSE_s_n (oHex, "hex", N_("print data out hex encoded")),
+ ARGPARSE_s_n (oDecode,"decode", N_("decode received data lines")),
+ ARGPARSE_s_s (oRawSocket, "raw-socket",
+ N_("|NAME|connect to Assuan socket NAME")),
+ ARGPARSE_s_n (oExec, "exec",
+ N_("run the Assuan server given on the command line")),
+ ARGPARSE_s_n (oNoExtConnect, "no-ext-connect",
+ N_("do not use extended connect mode")),
+ ARGPARSE_s_s (oRun, "run",
+ N_("|FILE|run commands from FILE on startup")),
+ ARGPARSE_s_n (oSubst, "subst", N_("run /subst on startup")),
+
+ ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
+ ARGPARSE_s_s (oHomedir, "homedir", "@" ),
+
+ ARGPARSE_end ()
+};
+
+
+/* We keep all global options in the structure OPT. */
+struct
+{
+ int verbose; /* Verbosity level. */
+ int quiet; /* Be extra quiet. */
+ const char *homedir; /* Configuration directory name */
+ int hex; /* Print data lines in hex format. */
+ int decode; /* Decode received data lines. */
+ const char *raw_socket; /* Name of socket to connect in raw mode. */
+ int exec; /* Run the pgm given on the command line. */
+ unsigned int connect_flags; /* Flags used for connecting. */
+ int enable_varsubst; /* Set if variable substitution is enabled. */
+ int trim_leading_spaces;
+} opt;
+
+
+
+/* Definitions for /definq commands and a global linked list with all
+ the definitions. */
+struct definq_s
+{
+ struct definq_s *next;
+ char *name; /* Name of inquiry or NULL for any name. */
+ int is_var; /* True if FILE is a variable name. */
+ int is_prog; /* True if FILE is a program to run. */
+ char file[1]; /* Name of file or program. */
+};
+typedef struct definq_s *definq_t;
+
+static definq_t definq_list;
+static definq_t *definq_list_tail = &definq_list;
+
+
+/* Variable definitions and glovbal table. */
+struct variable_s
+{
+ struct variable_s *next;
+ char *value; /* Malloced value - always a string. */
+ char name[1]; /* Name of the variable. */
+};
+typedef struct variable_s *variable_t;
+
+static variable_t variable_table;
+
+
+/* To implement loops we store entire lines in a linked list. */
+struct loopline_s
+{
+ struct loopline_s *next;
+ char line[1];
+};
+typedef struct loopline_s *loopline_t;
+
+
+/* This is used to store the pid of the server. */
+static pid_t server_pid = (pid_t)(-1);
+
+/* The current datasink file or NULL. */
+static FILE *current_datasink;
+
+/* A list of open file descriptors. */
+static struct
+{
+ int inuse;
+#ifdef HAVE_W32_SYSTEM
+ HANDLE handle;
+#endif
+} open_fd_table[256];
+
+
+/*-- local prototypes --*/
+static char *substitute_line_copy (const char *buffer);
+static int read_and_print_response (assuan_context_t ctx, int withhash,
+ int *r_goterr);
+static assuan_context_t start_agent (void);
+
+
+
+
+/* Print usage information and and provide strings for help. */
+static const char *
+my_strusage( int level )
+{
+ const char *p;
+
+ switch (level)
+ {
+ case 11: p = "gpg-connect-agent (GnuPG)";
+ break;
+ case 13: p = VERSION; break;
+ case 17: p = PRINTABLE_OS_NAME; break;
+ case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+ case 1:
+ case 40: p = _("Usage: gpg-connect-agent [options] (-h for help)");
+ break;
+ case 41:
+ p = _("Syntax: gpg-connect-agent [options]\n"
+ "Connect to a running agent and send commands\n");
+ break;
+ case 31: p = "\nHome: "; break;
+ case 32: p = opt.homedir; break;
+ case 33: p = "\n"; break;
+
+ default: p = NULL; break;
+ }
+ return p;
+}
+
+
+static char *
+gnu_getcwd (void)
+{
+ char *buffer;
+ size_t size = 100;
+
+ for (;;)
+ {
+ buffer = xmalloc (size+1);
+ if (getcwd (buffer, size) == buffer)
+ return buffer;
+ xfree (buffer);
+ if (errno != ERANGE)
+ return NULL;
+ size *= 2;
+ }
+}
+
+
+/* Unescape STRING and returned the malloced result. The surrounding
+ quotes must already be removed from STRING. */
+static char *
+unescape_string (const char *string)
+{
+ const unsigned char *s;
+ int esc;
+ size_t n;
+ char *buffer;
+ unsigned char *d;
+
+ n = 0;
+ for (s = (const unsigned char*)string, esc=0; *s; s++)
+ {
+ if (esc)
+ {
+ switch (*s)
+ {
+ case 'b':
+ case 't':
+ case 'v':
+ case 'n':
+ case 'f':
+ case 'r':
+ case '"':
+ case '\'':
+ case '\\': n++; break;
+ case 'x':
+ if (s[1] && s[2] && hexdigitp (s+1) && hexdigitp (s+2))
+ n++;
+ break;
+
+ default:
+ if (s[1] && s[2]
+ && octdigitp (s) && octdigitp (s+1) && octdigitp (s+2))
+ n++;
+ break;
+ }
+ esc = 0;
+ }
+ else if (*s == '\\')
+ esc = 1;
+ else
+ n++;
+ }
+
+ buffer = xmalloc (n+1);
+ d = (unsigned char*)buffer;
+ for (s = (const unsigned char*)string, esc=0; *s; s++)
+ {
+ if (esc)
+ {
+ switch (*s)
+ {
+ case 'b': *d++ = '\b'; break;
+ case 't': *d++ = '\t'; break;
+ case 'v': *d++ = '\v'; break;
+ case 'n': *d++ = '\n'; break;
+ case 'f': *d++ = '\f'; break;
+ case 'r': *d++ = '\r'; break;
+ case '"': *d++ = '\"'; break;
+ case '\'': *d++ = '\''; break;
+ case '\\': *d++ = '\\'; break;
+ case 'x':
+ if (s[1] && s[2] && hexdigitp (s+1) && hexdigitp (s+2))
+ {
+ s++;
+ *d++ = xtoi_2 (s);
+ s++;
+ }
+ break;
+
+ default:
+ if (s[1] && s[2]
+ && octdigitp (s) && octdigitp (s+1) && octdigitp (s+2))
+ {
+ *d++ = (atoi_1 (s)*64) + (atoi_1 (s+1)*8) + atoi_1 (s+2);
+ s += 2;
+ }
+ break;
+ }
+ esc = 0;
+ }
+ else if (*s == '\\')
+ esc = 1;
+ else
+ *d++ = *s;
+ }
+ *d = 0;
+ return buffer;
+}
+
+
+/* Do the percent unescaping and return a newly malloced string.
+ If WITH_PLUS is set '+' characters will be changed to space. */
+static char *
+unpercent_string (const char *string, int with_plus)
+{
+ const unsigned char *s;
+ unsigned char *buffer, *p;
+ size_t n;
+
+ n = 0;
+ for (s=(const unsigned char *)string; *s; s++)
+ {
+ if (*s == '%' && s[1] && s[2])
+ {
+ s++;
+ n++;
+ s++;
+ }
+ else if (with_plus && *s == '+')
+ n++;
+ else
+ n++;
+ }
+
+ buffer = xmalloc (n+1);
+ p = buffer;
+ for (s=(const unsigned char *)string; *s; s++)
+ {
+ if (*s == '%' && s[1] && s[2])
+ {
+ s++;
+ *p++ = xtoi_2 (s);
+ s++;
+ }
+ else if (with_plus && *s == '+')
+ *p++ = ' ';
+ else
+ *p++ = *s;
+ }
+ *p = 0;
+ return (char*)buffer;
+}
+
+
+
+
+
+static const char *
+set_var (const char *name, const char *value)
+{
+ variable_t var;
+
+ for (var = variable_table; var; var = var->next)
+ if (!strcmp (var->name, name))
+ break;
+ if (!var)
+ {
+ var = xmalloc (sizeof *var + strlen (name));
+ var->value = NULL;
+ strcpy (var->name, name);
+ var->next = variable_table;
+ variable_table = var;
+ }
+ xfree (var->value);
+ var->value = value? xstrdup (value) : NULL;
+ return var->value;
+}
+
+
+static void
+set_int_var (const char *name, int value)
+{
+ char numbuf[35];
+
+ snprintf (numbuf, sizeof numbuf, "%d", value);
+ set_var (name, numbuf);
+}
+
+
+/* Return the value of a variable. That value is valid until a
+ variable of the name is changed. Return NULL if not found. Note
+ that envvars are copied to our variable list at the first access
+ and not at oprogram start. */
+static const char *
+get_var (const char *name)
+{
+ variable_t var;
+ const char *s;
+
+ if (!*name)
+ return "";
+ for (var = variable_table; var; var = var->next)
+ if (!strcmp (var->name, name))
+ break;
+ if (!var && (s = getenv (name)))
+ return set_var (name, s);
+ if (!var || !var->value)
+ return NULL;
+ return var->value;
+}
+
+
+/* Perform some simple arithmentic operations. Caller must release
+ the return value. On error the return value is NULL. */
+static char *
+arithmetic_op (int operator, const char *operands)
+{
+ long result, value;
+ char numbuf[35];
+
+ while ( spacep (operands) )
+ operands++;
+ if (!*operands)
+ return NULL;
+ result = strtol (operands, NULL, 0);
+ while (*operands && !spacep (operands) )
+ operands++;
+ if (operator == '!')
+ result = !result;
+
+ while (*operands)
+ {
+ while ( spacep (operands) )
+ operands++;
+ if (!*operands)
+ break;
+ value = strtol (operands, NULL, 0);
+ while (*operands && !spacep (operands) )
+ operands++;
+ switch (operator)
+ {
+ case '+': result += value; break;
+ case '-': result -= value; break;
+ case '*': result *= value; break;
+ case '/':
+ if (!value)
+ return NULL;
+ result /= value;
+ break;
+ case '%':
+ if (!value)
+ return NULL;
+ result %= value;
+ break;
+ case '!': result = !value; break;
+ case '|': result = result || value; break;
+ case '&': result = result && value; break;
+ default:
+ log_error ("unknown arithmetic operator `%c'\n", operator);
+ return NULL;
+ }
+ }
+ snprintf (numbuf, sizeof numbuf, "%ld", result);
+ return xstrdup (numbuf);
+}
+
+
+
+/* Extended version of get_var. This returns a malloced string and
+ understand the function syntax: "func args".
+
+ Defined functions are
+
+ get - Return a value described by the next argument:
+ cwd - The current working directory.
+ homedir - The gnupg homedir.
+ sysconfdir - GnuPG's system configuration directory.
+ bindir - GnuPG's binary directory.
+ libdir - GnuPG's library directory.
+ libexecdir - GnuPG's library directory for executable files.
+ datadir - GnuPG's data directory.
+ serverpid - The PID of the current server.
+
+ unescape ARGS
+ Remove C-style escapes from string. Note that "\0" and
+ "\x00" terminate the string implictly. Use "\x7d" to
+ represent the closing brace. The args start right after
+ the first space after the function name.
+
+ unpercent ARGS
+ unpercent+ ARGS
+ Remove percent style ecaping from string. Note that "%00
+ terminates the string implicitly. Use "%7d" to represetn
+ the closing brace. The args start right after the first
+ space after the function name. "unpercent+" also maps '+'
+ to space.
+
+ percent ARGS
+ percent+ ARGS
+ Escape the args using the percent style. Tabs, formfeeds,
+ linefeeds and carriage returns are also escaped.
+ "percent+" also maps spaces to plus characters.
+
+ errcode ARG
+ Assuming ARG is an integer, return the gpg-error code.
+
+ errsource ARG
+ Assuming ARG is an integer, return the gpg-error source.
+
+ errstring ARG
+ Assuming ARG is an integer return a formatted fpf error string.
+
+
+ Example: get_var_ext ("get sysconfdir") -> "/etc/gnupg"
+
+ */
+static char *
+get_var_ext (const char *name)
+{
+ static int recursion_count;
+ const char *s;
+ char *result;
+ char *p;
+ char *free_me = NULL;
+ int intvalue;
+
+ if (recursion_count > 50)
+ {
+ log_error ("variables nested too deeply\n");
+ return NULL;
+ }
+
+ recursion_count++;
+ free_me = opt.enable_varsubst? substitute_line_copy (name) : NULL;
+ if (free_me)
+ name = free_me;
+ for (s=name; *s && !spacep (s); s++)
+ ;
+ if (!*s)
+ {
+ s = get_var (name);
+ result = s? xstrdup (s): NULL;
+ }
+ else if ( (s - name) == 3 && !strncmp (name, "get", 3))
+ {
+ while ( spacep (s) )
+ s++;
+ if (!strcmp (s, "cwd"))
+ {
+ result = gnu_getcwd ();
+ if (!result)
+ log_error ("getcwd failed: %s\n", strerror (errno));
+ }
+ else if (!strcmp (s, "homedir"))
+ result = make_filename (opt.homedir, NULL);
+ else if (!strcmp (s, "sysconfdir"))
+ result = xstrdup (gnupg_sysconfdir ());
+ else if (!strcmp (s, "bindir"))
+ result = xstrdup (gnupg_bindir ());
+ else if (!strcmp (s, "libdir"))
+ result = xstrdup (gnupg_libdir ());
+ else if (!strcmp (s, "libexecdir"))
+ result = xstrdup (gnupg_libexecdir ());
+ else if (!strcmp (s, "datadir"))
+ result = xstrdup (gnupg_datadir ());
+ else if (!strcmp (s, "serverpid"))
+ result = xasprintf ("%d", (int)server_pid);
+ else
+ {
+ log_error ("invalid argument `%s' for variable function `get'\n", s);
+ log_info ("valid are: cwd, "
+ "{home,bin,lib,libexec,data}dir, serverpid\n");
+ result = NULL;
+ }
+ }
+ else if ( (s - name) == 8 && !strncmp (name, "unescape", 8))
+ {
+ s++;
+ result = unescape_string (s);
+ }
+ else if ( (s - name) == 9 && !strncmp (name, "unpercent", 9))
+ {
+ s++;
+ result = unpercent_string (s, 0);
+ }
+ else if ( (s - name) == 10 && !strncmp (name, "unpercent+", 10))
+ {
+ s++;
+ result = unpercent_string (s, 1);
+ }
+ else if ( (s - name) == 7 && !strncmp (name, "percent", 7))
+ {
+ s++;
+ result = percent_escape (s, "\t\r\n\f\v");
+ }
+ else if ( (s - name) == 8 && !strncmp (name, "percent+", 8))
+ {
+ s++;
+ result = percent_escape (s, "\t\r\n\f\v");
+ for (p=result; *p; p++)
+ if (*p == ' ')
+ *p = '+';
+ }
+ else if ( (s - name) == 7 && !strncmp (name, "errcode", 7))
+ {
+ s++;
+ intvalue = (int)strtol (s, NULL, 0);
+ result = xasprintf ("%d", gpg_err_code (intvalue));
+ }
+ else if ( (s - name) == 9 && !strncmp (name, "errsource", 9))
+ {
+ s++;
+ intvalue = (int)strtol (s, NULL, 0);
+ result = xasprintf ("%d", gpg_err_source (intvalue));
+ }
+ else if ( (s - name) == 9 && !strncmp (name, "errstring", 9))
+ {
+ s++;
+ intvalue = (int)strtol (s, NULL, 0);
+ result = xasprintf ("%s <%s>",
+ gpg_strerror (intvalue), gpg_strsource (intvalue));
+ }
+ else if ( (s - name) == 1 && strchr ("+-*/%!|&", *name))
+ {
+ result = arithmetic_op (*name, s+1);
+ }
+ else
+ {
+ log_error ("unknown variable function `%.*s'\n", (int)(s-name), name);
+ result = NULL;
+ }
+
+ xfree (free_me);
+ recursion_count--;
+ return result;
+}
+
+
+/* Substitute variables in LINE and return a new allocated buffer if
+ required. The function might modify LINE if the expanded version
+ fits into it. */
+static char *
+substitute_line (char *buffer)
+{
+ char *line = buffer;
+ char *p, *pend;
+ const char *value;
+ size_t valuelen, n;
+ char *result = NULL;
+ char *freeme = NULL;
+
+ while (*line)
+ {
+ p = strchr (line, '$');
+ if (!p)
+ return result; /* No more variables. */
+
+ if (p[1] == '$') /* Escaped dollar sign. */
+ {
+ memmove (p, p+1, strlen (p+1)+1);
+ line = p + 1;
+ continue;
+ }
+ if (p[1] == '{')
+ {
+ int count = 0;
+
+ for (pend=p+2; *pend; pend++)
+ {
+ if (*pend == '{')
+ count++;
+ else if (*pend == '}')
+ {
+ if (--count < 0)
+ break;
+ }
+ }
+ if (!*pend)
+ return result; /* Unclosed - don't substitute. */
+ }
+ else
+ {
+ for (pend=p+1; *pend && !spacep (pend) && *pend != '$' ; pend++)
+ ;
+ }
+ if (p[1] == '{' && *pend == '}')
+ {
+ int save = *pend;
+ *pend = 0;
+ freeme = get_var_ext (p+2);
+ value = freeme;
+ *pend++ = save;
+ }
+ else if (*pend)
+ {
+ int save = *pend;
+ *pend = 0;
+ value = get_var (p+1);
+ *pend = save;
+ }
+ else
+ value = get_var (p+1);
+ if (!value)
+ value = "";
+ valuelen = strlen (value);
+ if (valuelen <= pend - p)
+ {
+ memcpy (p, value, valuelen);
+ p += valuelen;
+ n = pend - p;
+ if (n)
+ memmove (p, p+n, strlen (p+n)+1);
+ line = p;
+ }
+ else
+ {
+ char *src = result? result : buffer;
+ char *dst;
+
+ dst = xmalloc (strlen (src) + valuelen + 1);
+ n = p - src;
+ memcpy (dst, src, n);
+ memcpy (dst + n, value, valuelen);
+ n += valuelen;
+ strcpy (dst + n, pend);
+ line = dst + n;
+ xfree (result);
+ result = dst;
+ }
+ xfree (freeme);
+ freeme = NULL;
+ }
+ return result;
+}
+
+/* Same as substitute_line but do not modify BUFFER. */
+static char *
+substitute_line_copy (const char *buffer)
+{
+ char *result, *p;
+
+ p = xstrdup (buffer?buffer:"");
+ result = substitute_line (p);
+ if (!result)
+ result = p;
+ else
+ xfree (p);
+ return result;
+}
+
+
+static void
+assign_variable (char *line, int syslet)
+{
+ char *name, *p, *tmp, *free_me, *buffer;
+
+ /* Get the name. */
+ name = line;
+ for (p=name; *p && !spacep (p); p++)
+ ;
+ if (*p)
+ *p++ = 0;
+ while (spacep (p))
+ p++;
+
+ if (!*p)
+ set_var (name, NULL); /* Remove variable. */
+ else if (syslet)
+ {
+ free_me = opt.enable_varsubst? substitute_line_copy (p) : NULL;
+ if (free_me)
+ p = free_me;
+ buffer = xmalloc (4 + strlen (p) + 1);
+ strcpy (stpcpy (buffer, "get "), p);
+ tmp = get_var_ext (buffer);
+ xfree (buffer);
+ set_var (name, tmp);
+ xfree (tmp);
+ xfree (free_me);
+ }
+ else
+ {
+ tmp = opt.enable_varsubst? substitute_line_copy (p) : NULL;
+ if (tmp)
+ {
+ set_var (name, tmp);
+ xfree (tmp);
+ }
+ else
+ set_var (name, p);
+ }
+}
+
+
+static void
+show_variables (void)
+{
+ variable_t var;
+
+ for (var = variable_table; var; var = var->next)
+ if (var->value)
+ printf ("%-20s %s\n", var->name, var->value);
+}
+
+
+/* Store an inquire response pattern. Note, that this function may
+ change the content of LINE. We assume that leading white spaces
+ are already removed. */
+static void
+add_definq (char *line, int is_var, int is_prog)
+{
+ definq_t d;
+ char *name, *p;
+
+ /* Get name. */
+ name = line;
+ for (p=name; *p && !spacep (p); p++)
+ ;
+ if (*p)
+ *p++ = 0;
+ while (spacep (p))
+ p++;
+
+ d = xmalloc (sizeof *d + strlen (p) );
+ strcpy (d->file, p);
+ d->is_var = is_var;
+ d->is_prog = is_prog;
+ if ( !strcmp (name, "*"))
+ d->name = NULL;
+ else
+ d->name = xstrdup (name);
+
+ d->next = NULL;
+ *definq_list_tail = d;
+ definq_list_tail = &d->next;
+}
+
+
+/* Show all inquiry defintions. */
+static void
+show_definq (void)
+{
+ definq_t d;
+
+ for (d=definq_list; d; d = d->next)
+ if (d->name)
+ printf ("%-20s %c %s\n",
+ d->name, d->is_var? 'v' : d->is_prog? 'p':'f', d->file);
+ for (d=definq_list; d; d = d->next)
+ if (!d->name)
+ printf ("%-20s %c %s\n", "*",
+ d->is_var? 'v': d->is_prog? 'p':'f', d->file);
+}
+
+
+/* Clear all inquiry definitions. */
+static void
+clear_definq (void)
+{
+ while (definq_list)
+ {
+ definq_t tmp = definq_list->next;
+ xfree (definq_list->name);
+ xfree (definq_list);
+ definq_list = tmp;
+ }
+ definq_list_tail = &definq_list;
+}
+
+
+static void
+do_sendfd (assuan_context_t ctx, char *line)
+{
+ FILE *fp;
+ char *name, *mode, *p;
+ int rc, fd;
+
+ /* Get file name. */
+ name = line;
+ for (p=name; *p && !spacep (p); p++)
+ ;
+ if (*p)
+ *p++ = 0;
+ while (spacep (p))
+ p++;
+
+ /* Get mode. */
+ mode = p;
+ if (!*mode)
+ mode = "r";
+ else
+ {
+ for (p=mode; *p && !spacep (p); p++)
+ ;
+ if (*p)
+ *p++ = 0;
+ }
+
+ /* Open and send. */
+ fp = fopen (name, mode);
+ if (!fp)
+ {
+ log_error ("can't open `%s' in \"%s\" mode: %s\n",
+ name, mode, strerror (errno));
+ return;
+ }
+ fd = fileno (fp);
+
+ if (opt.verbose)
+ log_error ("file `%s' opened in \"%s\" mode, fd=%d\n",
+ name, mode, fd);
+
+ rc = assuan_sendfd (ctx, INT2FD (fd) );
+ if (rc)
+ log_error ("sending descriptor %d failed: %s\n", fd, gpg_strerror (rc));
+ fclose (fp);
+}
+
+
+static void
+do_recvfd (assuan_context_t ctx, char *line)
+{
+ (void)ctx;
+ (void)line;
+ log_info ("This command has not yet been implemented\n");
+}
+
+
+static void
+do_open (char *line)
+{
+ FILE *fp;
+ char *varname, *name, *mode, *p;
+ int fd;
+
+#ifdef HAVE_W32_SYSTEM
+ if (server_pid == (pid_t)(-1))
+ {
+ log_error ("the pid of the server is unknown\n");
+ log_info ("use command \"/serverpid\" first\n");
+ return;
+ }
+#endif
+
+ /* Get variable name. */
+ varname = line;
+ for (p=varname; *p && !spacep (p); p++)
+ ;
+ if (*p)
+ *p++ = 0;
+ while (spacep (p))
+ p++;
+
+ /* Get file name. */
+ name = p;
+ for (p=name; *p && !spacep (p); p++)
+ ;
+ if (*p)
+ *p++ = 0;
+ while (spacep (p))
+ p++;
+
+ /* Get mode. */
+ mode = p;
+ if (!*mode)
+ mode = "r";
+ else
+ {
+ for (p=mode; *p && !spacep (p); p++)
+ ;
+ if (*p)
+ *p++ = 0;
+ }
+
+ /* Open and send. */
+ fp = fopen (name, mode);
+ if (!fp)
+ {
+ log_error ("can't open `%s' in \"%s\" mode: %s\n",
+ name, mode, strerror (errno));
+ return;
+ }
+ fd = fileno (fp);
+ if (fd >= 0 && fd < DIM (open_fd_table))
+ {
+ open_fd_table[fd].inuse = 1;
+#ifdef HAVE_W32_SYSTEM
+ {
+ HANDLE prochandle, handle, newhandle;
+
+ handle = (void*)_get_osfhandle (fd);
+
+ prochandle = OpenProcess (PROCESS_DUP_HANDLE, FALSE, server_pid);
+ if (!prochandle)
+ {
+ log_error ("failed to open the server process\n");
+ close (fd);
+ return;
+ }
+
+ if (!DuplicateHandle (GetCurrentProcess(), handle,
+ prochandle, &newhandle, 0,
+ TRUE, DUPLICATE_SAME_ACCESS ))
+ {
+ log_error ("failed to duplicate the handle\n");
+ close (fd);
+ CloseHandle (prochandle);
+ return;
+ }
+ CloseHandle (prochandle);
+ open_fd_table[fd].handle = newhandle;
+ }
+ if (opt.verbose)
+ log_info ("file `%s' opened in \"%s\" mode, fd=%d (libc=%d)\n",
+ name, mode, (int)open_fd_table[fd].handle, fd);
+ set_int_var (varname, (int)open_fd_table[fd].handle);
+#else
+ if (opt.verbose)
+ log_info ("file `%s' opened in \"%s\" mode, fd=%d\n",
+ name, mode, fd);
+ set_int_var (varname, fd);
+#endif
+ }
+ else
+ {
+ log_error ("can't put fd %d into table\n", fd);
+ close (fd);
+ }
+}
+
+
+static void
+do_close (char *line)
+{
+ int fd = atoi (line);
+
+#ifdef HAVE_W32_SYSTEM
+ int i;
+
+ for (i=0; i < DIM (open_fd_table); i++)
+ if ( open_fd_table[i].inuse && open_fd_table[i].handle == (void*)fd)
+ break;
+ if (i < DIM (open_fd_table))
+ fd = i;
+ else
+ {
+ log_error ("given fd (system handle) has not been opened\n");
+ return;
+ }
+#endif
+
+ if (fd < 0 || fd >= DIM (open_fd_table))
+ {
+ log_error ("invalid fd\n");
+ return;
+ }
+
+ if (!open_fd_table[fd].inuse)
+ {
+ log_error ("given fd has not been opened\n");
+ return;
+ }
+#ifdef HAVE_W32_SYSTEM
+ CloseHandle (open_fd_table[fd].handle); /* Close duped handle. */
+#endif
+ close (fd);
+ open_fd_table[fd].inuse = 0;
+}
+
+
+static void
+do_showopen (void)
+{
+ int i;
+
+ for (i=0; i < DIM (open_fd_table); i++)
+ if (open_fd_table[i].inuse)
+ {
+#ifdef HAVE_W32_SYSTEM
+ printf ("%-15d (libc=%d)\n", (int)open_fd_table[i].handle, i);
+#else
+ printf ("%-15d\n", i);
+#endif
+ }
+}
+
+
+
+static gpg_error_t
+getinfo_pid_cb (void *opaque, const void *buffer, size_t length)
+{
+ membuf_t *mb = opaque;
+ put_membuf (mb, buffer, length);
+ return 0;
+}
+
+/* Get the pid of the server and store it locally. */
+static void
+do_serverpid (assuan_context_t ctx)
+{
+ int rc;
+ membuf_t mb;
+ char *buffer;
+
+ init_membuf (&mb, 100);
+ rc = assuan_transact (ctx, "GETINFO pid", getinfo_pid_cb, &mb,
+ NULL, NULL, NULL, NULL);
+ put_membuf (&mb, "", 1);
+ buffer = get_membuf (&mb, NULL);
+ if (rc || !buffer)
+ log_error ("command \"%s\" failed: %s\n",
+ "GETINFO pid", gpg_strerror (rc));
+ else
+ {
+ server_pid = (pid_t)strtoul (buffer, NULL, 10);
+ if (opt.verbose)
+ log_info ("server's PID is %lu\n", (unsigned long)server_pid);
+ }
+ xfree (buffer);
+}
+
+
+/* gpg-connect-agent's entry point. */
+int
+main (int argc, char **argv)
+{
+ ARGPARSE_ARGS pargs;
+ int no_more_options = 0;
+ assuan_context_t ctx;
+ char *line, *p;
+ char *tmpline;
+ size_t linesize;
+ int rc;
+ int cmderr;
+ const char *opt_run = NULL;
+ FILE *script_fp = NULL;
+ int use_tty, keep_line;
+ struct {
+ int collecting;
+ loopline_t head;
+ loopline_t *tail;
+ loopline_t current;
+ unsigned int nestlevel;
+ int oneshot;
+ char *condition;
+ } loopstack[20];
+ int loopidx;
+ char **cmdline_commands = NULL;
+
+ gnupg_rl_initialize ();
+ set_strusage (my_strusage);
+ log_set_prefix ("gpg-connect-agent", 1);
+
+ /* Make sure that our subsystems are ready. */
+ i18n_init();
+ init_common_subsystems ();
+
+ assuan_set_gpg_err_source (0);
+
+
+ opt.homedir = default_homedir ();
+ opt.connect_flags = 1;
+
+ /* Parse the command line. */
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags = 1; /* Do not remove the args. */
+ while (!no_more_options && optfile_parse (NULL, NULL, NULL, &pargs, opts))
+ {
+ switch (pargs.r_opt)
+ {
+ case oQuiet: opt.quiet = 1; break;
+ case oVerbose: opt.verbose++; break;
+ case oNoVerbose: opt.verbose = 0; break;
+ case oHomedir: opt.homedir = pargs.r.ret_str; break;
+ case oHex: opt.hex = 1; break;
+ case oDecode: opt.decode = 1; break;
+ case oRawSocket: opt.raw_socket = pargs.r.ret_str; break;
+ case oExec: opt.exec = 1; break;
+ case oNoExtConnect: opt.connect_flags &= ~(1); break;
+ case oRun: opt_run = pargs.r.ret_str; break;
+ case oSubst:
+ opt.enable_varsubst = 1;
+ opt.trim_leading_spaces = 1;
+ break;
+
+ default: pargs.err = 2; break;
+ }
+ }
+
+ if (log_get_errorcount (0))
+ exit (2);
+
+ use_tty = (isatty ( fileno (stdin)) && isatty (fileno (stdout)));
+
+ if (opt.exec)
+ {
+ if (!argc)
+ {
+ log_error (_("option \"%s\" requires a program "
+ "and optional arguments\n"), "--exec" );
+ exit (1);
+ }
+ }
+ else if (argc)
+ cmdline_commands = argv;
+
+ if (opt.exec && opt.raw_socket)
+ log_info (_("option \"%s\" ignored due to \"%s\"\n"),
+ "--raw-socket", "--exec");
+
+ if (opt_run && !(script_fp = fopen (opt_run, "r")))
+ {
+ log_error ("cannot open run file `%s': %s\n",
+ opt_run, strerror (errno));
+ exit (1);
+ }
+
+
+ if (opt.exec)
+ {
+ int no_close[3];
+
+ no_close[0] = assuan_fd_from_posix_fd (fileno (stderr));
+ no_close[1] = assuan_fd_from_posix_fd (log_get_fd ());
+ no_close[2] = -1;
+
+ rc = assuan_new (&ctx);
+ if (rc)
+ {
+ log_error ("assuan_new failed: %s\n", gpg_strerror (rc));
+ exit (1);
+ }
+
+ rc = assuan_pipe_connect
+ (ctx, *argv, (const char **)argv, no_close, NULL, NULL,
+ (opt.connect_flags & 1) ? ASSUAN_PIPE_CONNECT_FDPASSING : 0);
+ if (rc)
+ {
+ log_error ("assuan_pipe_connect_ext failed: %s\n",
+ gpg_strerror (rc));
+ exit (1);
+ }
+
+ if (opt.verbose)
+ log_info ("server `%s' started\n", *argv);
+
+ }
+ else if (opt.raw_socket)
+ {
+ rc = assuan_new (&ctx);
+ if (rc)
+ {
+ log_error ("assuan_new failed: %s\n", gpg_strerror (rc));
+ exit (1);
+ }
+
+ rc = assuan_socket_connect
+ (ctx, opt.raw_socket, 0,
+ (opt.connect_flags & 1) ? ASSUAN_SOCKET_CONNECT_FDPASSING : 0);
+ if (rc)
+ {
+ log_error ("can't connect to socket `%s': %s\n",
+ opt.raw_socket, gpg_strerror (rc));
+ exit (1);
+ }
+
+ if (opt.verbose)
+ log_info ("connection to socket `%s' established\n", opt.raw_socket);
+ }
+ else
+ ctx = start_agent ();
+
+ /* See whether there is a line pending from the server (in case
+ assuan did not run the initial handshaking). */
+ if (assuan_pending_line (ctx))
+ {
+ rc = read_and_print_response (ctx, 0, &cmderr);
+ if (rc)
+ log_info (_("receiving line failed: %s\n"), gpg_strerror (rc) );
+ }
+
+
+ for (loopidx=0; loopidx < DIM (loopstack); loopidx++)
+ loopstack[loopidx].collecting = 0;
+ loopidx = -1;
+ line = NULL;
+ linesize = 0;
+ keep_line = 1;
+ for (;;)
+ {
+ int n;
+ size_t maxlength = 2048;
+
+ assert (loopidx < (int)DIM (loopstack));
+ if (loopidx >= 0 && loopstack[loopidx].current)
+ {
+ keep_line = 0;
+ xfree (line);
+ line = xstrdup (loopstack[loopidx].current->line);
+ n = strlen (line);
+ /* Never go beyond of the final /end. */
+ if (loopstack[loopidx].current->next)
+ loopstack[loopidx].current = loopstack[loopidx].current->next;
+ else if (!strncmp (line, "/end", 4) && (!line[4]||spacep(line+4)))
+ ;
+ else
+ log_fatal ("/end command vanished\n");
+ }
+ else if (cmdline_commands && *cmdline_commands && !script_fp)
+ {
+ keep_line = 0;
+ xfree (line);
+ line = xstrdup (*cmdline_commands);
+ cmdline_commands++;
+ n = strlen (line);
+ if (n >= maxlength)
+ maxlength = 0;
+ }
+ else if (use_tty && !script_fp)
+ {
+ keep_line = 0;
+ xfree (line);
+ line = tty_get ("> ");
+ n = strlen (line);
+ if (n==1 && *line == CONTROL_D)
+ n = 0;
+ if (n >= maxlength)
+ maxlength = 0;
+ }
+ else
+ {
+ if (!keep_line)
+ {
+ xfree (line);
+ line = NULL;
+ linesize = 0;
+ keep_line = 1;
+ }
+ n = read_line (script_fp? script_fp:stdin,
+ &line, &linesize, &maxlength);
+ }
+ if (n < 0)
+ {
+ log_error (_("error reading input: %s\n"), strerror (errno));
+ if (script_fp)
+ {
+ fclose (script_fp);
+ script_fp = NULL;
+ log_error ("stopping script execution\n");
+ continue;
+ }
+ exit (1);
+ }
+ if (!n)
+ {
+ /* EOF */
+ if (script_fp)
+ {
+ fclose (script_fp);
+ script_fp = NULL;
+ if (opt.verbose)
+ log_info ("end of script\n");
+ continue;
+ }
+ break;
+ }
+ if (!maxlength)
+ {
+ log_error (_("line too long - skipped\n"));
+ continue;
+ }
+ if (memchr (line, 0, n))
+ log_info (_("line shortened due to embedded Nul character\n"));
+ if (line[n-1] == '\n')
+ line[n-1] = 0;
+
+ if (opt.trim_leading_spaces)
+ {
+ const char *s = line;
+
+ while (spacep (s))
+ s++;
+ if (s != line)
+ {
+ for (p=line; *s;)
+ *p++ = *s++;
+ *p = 0;
+ n = p - line;
+ }
+ }
+
+ if (loopidx+1 >= 0 && loopstack[loopidx+1].collecting)
+ {
+ loopline_t ll;
+
+ ll = xmalloc (sizeof *ll + strlen (line));
+ ll->next = NULL;
+ strcpy (ll->line, line);
+ *loopstack[loopidx+1].tail = ll;
+ loopstack[loopidx+1].tail = &ll->next;
+
+ if (!strncmp (line, "/end", 4) && (!line[4]||spacep(line+4)))
+ loopstack[loopidx+1].nestlevel--;
+ else if (!strncmp (line, "/while", 6) && (!line[6]||spacep(line+6)))
+ loopstack[loopidx+1].nestlevel++;
+
+ if (loopstack[loopidx+1].nestlevel)
+ continue;
+ /* We reached the corresponding /end. */
+ loopstack[loopidx+1].collecting = 0;
+ loopidx++;
+ }
+
+ if (*line == '/')
+ {
+ /* Handle control commands. */
+ char *cmd = line+1;
+
+ for (p=cmd; *p && !spacep (p); p++)
+ ;
+ if (*p)
+ *p++ = 0;
+ while (spacep (p))
+ p++;
+ if (!strcmp (cmd, "let"))
+ {
+ assign_variable (p, 0);
+ }
+ else if (!strcmp (cmd, "slet"))
+ {
+ /* Deprecated - never used in a released version. */
+ assign_variable (p, 1);
+ }
+ else if (!strcmp (cmd, "showvar"))
+ {
+ show_variables ();
+ }
+ else if (!strcmp (cmd, "definq"))
+ {
+ tmpline = opt.enable_varsubst? substitute_line (p) : NULL;
+ if (tmpline)
+ {
+ add_definq (tmpline, 1, 0);
+ xfree (tmpline);
+ }
+ else
+ add_definq (p, 1, 0);
+ }
+ else if (!strcmp (cmd, "definqfile"))
+ {
+ tmpline = opt.enable_varsubst? substitute_line (p) : NULL;
+ if (tmpline)
+ {
+ add_definq (tmpline, 0, 0);
+ xfree (tmpline);
+ }
+ else
+ add_definq (p, 0, 0);
+ }
+ else if (!strcmp (cmd, "definqprog"))
+ {
+ tmpline = opt.enable_varsubst? substitute_line (p) : NULL;
+ if (tmpline)
+ {
+ add_definq (tmpline, 0, 1);
+ xfree (tmpline);
+ }
+ else
+ add_definq (p, 0, 1);
+ }
+ else if (!strcmp (cmd, "datafile"))
+ {
+ const char *fname;
+
+ if (current_datasink)
+ {
+ if (current_datasink != stdout)
+ fclose (current_datasink);
+ current_datasink = NULL;
+ }
+ tmpline = opt.enable_varsubst? substitute_line (p) : NULL;
+ fname = tmpline? tmpline : p;
+ if (fname && !strcmp (fname, "-"))
+ current_datasink = stdout;
+ else if (fname && *fname)
+ {
+ current_datasink = fopen (fname, "wb");
+ if (!current_datasink)
+ log_error ("can't open `%s': %s\n",
+ fname, strerror (errno));
+ }
+ xfree (tmpline);
+ }
+ else if (!strcmp (cmd, "showdef"))
+ {
+ show_definq ();
+ }
+ else if (!strcmp (cmd, "cleardef"))
+ {
+ clear_definq ();
+ }
+ else if (!strcmp (cmd, "echo"))
+ {
+ tmpline = opt.enable_varsubst? substitute_line (p) : NULL;
+ if (tmpline)
+ {
+ puts (tmpline);
+ xfree (tmpline);
+ }
+ else
+ puts (p);
+ }
+ else if (!strcmp (cmd, "sendfd"))
+ {
+ tmpline = opt.enable_varsubst? substitute_line (p) : NULL;
+ if (tmpline)
+ {
+ do_sendfd (ctx, tmpline);
+ xfree (tmpline);
+ }
+ else
+ do_sendfd (ctx, p);
+ continue;
+ }
+ else if (!strcmp (cmd, "recvfd"))
+ {
+ tmpline = opt.enable_varsubst? substitute_line (p) : NULL;
+ if (tmpline)
+ {
+ do_recvfd (ctx, tmpline);
+ xfree (tmpline);
+ }
+ else
+ do_recvfd (ctx, p);
+ continue;
+ }
+ else if (!strcmp (cmd, "open"))
+ {
+ tmpline = opt.enable_varsubst? substitute_line (p) : NULL;
+ if (tmpline)
+ {
+ do_open (tmpline);
+ xfree (tmpline);
+ }
+ else
+ do_open (p);
+ }
+ else if (!strcmp (cmd, "close"))
+ {
+ tmpline = opt.enable_varsubst? substitute_line (p) : NULL;
+ if (tmpline)
+ {
+ do_close (tmpline);
+ xfree (tmpline);
+ }
+ else
+ do_close (p);
+ }
+ else if (!strcmp (cmd, "showopen"))
+ {
+ do_showopen ();
+ }
+ else if (!strcmp (cmd, "serverpid"))
+ {
+ do_serverpid (ctx);
+ }
+ else if (!strcmp (cmd, "hex"))
+ opt.hex = 1;
+ else if (!strcmp (cmd, "nohex"))
+ opt.hex = 0;
+ else if (!strcmp (cmd, "decode"))
+ opt.decode = 1;
+ else if (!strcmp (cmd, "nodecode"))
+ opt.decode = 0;
+ else if (!strcmp (cmd, "subst"))
+ {
+ opt.enable_varsubst = 1;
+ opt.trim_leading_spaces = 1;
+ }
+ else if (!strcmp (cmd, "nosubst"))
+ opt.enable_varsubst = 0;
+ else if (!strcmp (cmd, "run"))
+ {
+ char *p2;
+
+ for (p2=p; *p2 && !spacep (p2); p2++)
+ ;
+ if (*p2)
+ *p2++ = 0;
+ while (spacep (p2))
+ p++;
+ if (*p2)
+ {
+ log_error ("syntax error in run command\n");
+ if (script_fp)
+ {
+ fclose (script_fp);
+ script_fp = NULL;
+ }
+ }
+ else if (script_fp)
+ {
+ log_error ("cannot nest run commands - stop\n");
+ fclose (script_fp);
+ script_fp = NULL;
+ }
+ else if (!(script_fp = fopen (p, "r")))
+ {
+ log_error ("cannot open run file `%s': %s\n",
+ p, strerror (errno));
+ }
+ else if (opt.verbose)
+ log_info ("running commands from `%s'\n", p);
+ }
+ else if (!strcmp (cmd, "while"))
+ {
+ if (loopidx+2 >= (int)DIM(loopstack))
+ {
+ log_error ("blocks are nested too deep\n");
+ /* We should better die or break all loop in this
+ case as recovering from this error won't be
+ easy. */
+ }
+ else
+ {
+ loopstack[loopidx+1].head = NULL;
+ loopstack[loopidx+1].tail = &loopstack[loopidx+1].head;
+ loopstack[loopidx+1].current = NULL;
+ loopstack[loopidx+1].nestlevel = 1;
+ loopstack[loopidx+1].oneshot = 0;
+ loopstack[loopidx+1].condition = xstrdup (p);
+ loopstack[loopidx+1].collecting = 1;
+ }
+ }
+ else if (!strcmp (cmd, "if"))
+ {
+ if (loopidx+2 >= (int)DIM(loopstack))
+ {
+ log_error ("blocks are nested too deep\n");
+ }
+ else
+ {
+ /* Note that we need to evaluate the condition right
+ away and not just at the end of the block as we
+ do with a WHILE. */
+ loopstack[loopidx+1].head = NULL;
+ loopstack[loopidx+1].tail = &loopstack[loopidx+1].head;
+ loopstack[loopidx+1].current = NULL;
+ loopstack[loopidx+1].nestlevel = 1;
+ loopstack[loopidx+1].oneshot = 1;
+ loopstack[loopidx+1].condition = substitute_line_copy (p);
+ loopstack[loopidx+1].collecting = 1;
+ }
+ }
+ else if (!strcmp (cmd, "end"))
+ {
+ if (loopidx < 0)
+ log_error ("stray /end command encountered - ignored\n");
+ else
+ {
+ char *tmpcond;
+ const char *value;
+ long condition;
+
+ /* Evaluate the condition. */
+ tmpcond = xstrdup (loopstack[loopidx].condition);
+ if (loopstack[loopidx].oneshot)
+ {
+ xfree (loopstack[loopidx].condition);
+ loopstack[loopidx].condition = xstrdup ("0");
+ }
+ tmpline = substitute_line (tmpcond);
+ value = tmpline? tmpline : tmpcond;
+ condition = strtol (value, NULL, 0);
+ xfree (tmpline);
+ xfree (tmpcond);
+
+ if (condition)
+ {
+ /* Run loop. */
+ loopstack[loopidx].current = loopstack[loopidx].head;
+ }
+ else
+ {
+ /* Cleanup. */
+ while (loopstack[loopidx].head)
+ {
+ loopline_t tmp = loopstack[loopidx].head->next;
+ xfree (loopstack[loopidx].head);
+ loopstack[loopidx].head = tmp;
+ }
+ loopstack[loopidx].tail = NULL;
+ loopstack[loopidx].current = NULL;
+ loopstack[loopidx].nestlevel = 0;
+ loopstack[loopidx].collecting = 0;
+ loopstack[loopidx].oneshot = 0;
+ xfree (loopstack[loopidx].condition);
+ loopstack[loopidx].condition = NULL;
+ loopidx--;
+ }
+ }
+ }
+ else if (!strcmp (cmd, "bye"))
+ {
+ break;
+ }
+ else if (!strcmp (cmd, "sleep"))
+ {
+ gnupg_sleep (1);
+ }
+ else if (!strcmp (cmd, "help"))
+ {
+ puts (
+"Available commands:\n"
+"/echo ARGS Echo ARGS.\n"
+"/let NAME VALUE Set variable NAME to VALUE.\n"
+"/showvar Show all variables.\n"
+"/definq NAME VAR Use content of VAR for inquiries with NAME.\n"
+"/definqfile NAME FILE Use content of FILE for inquiries with NAME.\n"
+"/definqprog NAME PGM Run PGM for inquiries with NAME.\n"
+"/datafile [NAME] Write all D line content to file NAME.\n"
+"/showdef Print all definitions.\n"
+"/cleardef Delete all definitions.\n"
+"/sendfd FILE MODE Open FILE and pass descriptor to server.\n"
+"/recvfd Receive FD from server and print.\n"
+"/open VAR FILE MODE Open FILE and assign the file descriptor to VAR.\n"
+"/close FD Close file with descriptor FD.\n"
+"/showopen Show descriptors of all open files.\n"
+"/serverpid Retrieve the pid of the server.\n"
+"/[no]hex Enable hex dumping of received data lines.\n"
+"/[no]decode Enable decoding of received data lines.\n"
+"/[no]subst Enable variable substitution.\n"
+"/run FILE Run commands from FILE.\n"
+"/if VAR Begin conditional block controlled by VAR.\n"
+"/while VAR Begin loop controlled by VAR.\n"
+"/end End loop or condition\n"
+"/bye Terminate gpg-connect-agent.\n"
+"/help Print this help.");
+ }
+ else
+ log_error (_("unknown command `%s'\n"), cmd );
+
+ continue;
+ }
+
+ if (opt.verbose && script_fp)
+ puts (line);
+
+ tmpline = opt.enable_varsubst? substitute_line (line) : NULL;
+ if (tmpline)
+ {
+ rc = assuan_write_line (ctx, tmpline);
+ xfree (tmpline);
+ }
+ else
+ rc = assuan_write_line (ctx, line);
+ if (rc)
+ {
+ log_info (_("sending line failed: %s\n"), gpg_strerror (rc) );
+ break;
+ }
+ if (*line == '#' || !*line)
+ continue; /* Don't expect a response for a comment line. */
+
+ rc = read_and_print_response (ctx, (!ascii_strncasecmp (line, "HELP", 4)
+ && (spacep (line+4) || !line[4])),
+ &cmderr);
+ if (rc)
+ log_info (_("receiving line failed: %s\n"), gpg_strerror (rc) );
+ if ((rc || cmderr) && script_fp)
+ {
+ log_error ("stopping script execution\n");
+ fclose (script_fp);
+ script_fp = NULL;
+ }
+
+
+ /* FIXME: If the last command was BYE or the server died for
+ some other reason, we won't notice until we get the next
+ input command. Probing the connection with a non-blocking
+ read could help to notice termination or other problems
+ early. */
+ }
+
+ if (opt.verbose)
+ log_info ("closing connection to agent\n");
+
+ return 0;
+}
+
+
+/* Handle an Inquire from the server. Return False if it could not be
+ handled; in this case the caller shll complete the operation. LINE
+ is the complete line as received from the server. This function
+ may change the content of LINE. */
+static int
+handle_inquire (assuan_context_t ctx, char *line)
+{
+ const char *name;
+ definq_t d;
+ FILE *fp = NULL;
+ char buffer[1024];
+ int rc, n;
+
+ /* Skip the command and trailing spaces. */
+ for (; *line && !spacep (line); line++)
+ ;
+ while (spacep (line))
+ line++;
+ /* Get the name. */
+ name = line;
+ for (; *line && !spacep (line); line++)
+ ;
+ if (*line)
+ *line++ = 0;
+
+ /* Now match it against our list. The second loop is there to
+ detect the match-all entry. */
+ for (d=definq_list; d; d = d->next)
+ if (d->name && !strcmp (d->name, name))
+ break;
+ if (!d)
+ for (d=definq_list; d; d = d->next)
+ if (!d->name)
+ break;
+ if (!d)
+ {
+ if (opt.verbose)
+ log_info ("no handler for inquiry `%s' found\n", name);
+ return 0;
+ }
+
+ if (d->is_var)
+ {
+ char *tmpvalue = get_var_ext (d->file);
+ rc = assuan_send_data (ctx, tmpvalue, strlen (tmpvalue));
+ xfree (tmpvalue);
+ if (rc)
+ log_error ("sending data back failed: %s\n", gpg_strerror (rc) );
+ }
+ else
+ {
+ if (d->is_prog)
+ {
+ fp = popen (d->file, "r");
+ if (!fp)
+ log_error ("error executing `%s': %s\n",
+ d->file, strerror (errno));
+ else if (opt.verbose)
+ log_error ("handling inquiry `%s' by running `%s'\n",
+ name, d->file);
+ }
+ else
+ {
+ fp = fopen (d->file, "rb");
+ if (!fp)
+ log_error ("error opening `%s': %s\n", d->file, strerror (errno));
+ else if (opt.verbose)
+ log_error ("handling inquiry `%s' by returning content of `%s'\n",
+ name, d->file);
+ }
+ if (!fp)
+ return 0;
+
+ while ( (n = fread (buffer, 1, sizeof buffer, fp)) )
+ {
+ rc = assuan_send_data (ctx, buffer, n);
+ if (rc)
+ {
+ log_error ("sending data back failed: %s\n", gpg_strerror (rc) );
+ break;
+ }
+ }
+ if (ferror (fp))
+ log_error ("error reading from `%s': %s\n", d->file, strerror (errno));
+ }
+
+ rc = assuan_send_data (ctx, NULL, 0);
+ if (rc)
+ log_error ("sending data back failed: %s\n", gpg_strerror (rc) );
+
+ if (d->is_var)
+ ;
+ else if (d->is_prog)
+ {
+ if (pclose (fp))
+ log_error ("error running `%s': %s\n", d->file, strerror (errno));
+ }
+ else
+ fclose (fp);
+ return 1;
+}
+
+
+/* Read all response lines from server and print them. Returns 0 on
+ success or an assuan error code. If WITHHASH istrue, comment lines
+ are printed. Sets R_GOTERR to true if the command did not returned
+ OK. */
+static int
+read_and_print_response (assuan_context_t ctx, int withhash, int *r_goterr)
+{
+ char *line;
+ size_t linelen;
+ gpg_error_t rc;
+ int i, j;
+ int need_lf = 0;
+
+ *r_goterr = 0;
+ for (;;)
+ {
+ do
+ {
+ rc = assuan_read_line (ctx, &line, &linelen);
+ if (rc)
+ return rc;
+
+ if ((withhash || opt.verbose > 1) && *line == '#')
+ {
+ fwrite (line, linelen, 1, stdout);
+ putchar ('\n');
+ }
+ }
+ while (*line == '#' || !linelen);
+
+ if (linelen >= 1
+ && line[0] == 'D' && line[1] == ' ')
+ {
+ if (current_datasink)
+ {
+ const unsigned char *s;
+ int c = 0;
+
+ for (j=2, s=(unsigned char*)line+2; j < linelen; j++, s++ )
+ {
+ if (*s == '%' && j+2 < linelen)
+ {
+ s++; j++;
+ c = xtoi_2 ( s );
+ s++; j++;
+ }
+ else
+ c = *s;
+ putc (c, current_datasink);
+ }
+ }
+ else if (opt.hex)
+ {
+ for (i=2; i < linelen; )
+ {
+ int save_i = i;
+
+ printf ("D[%04X] ", i-2);
+ for (j=0; j < 16 ; j++, i++)
+ {
+ if (j == 8)
+ putchar (' ');
+ if (i < linelen)
+ printf (" %02X", ((unsigned char*)line)[i]);
+ else
+ fputs (" ", stdout);
+ }
+ fputs (" ", stdout);
+ i= save_i;
+ for (j=0; j < 16; j++, i++)
+ {
+ unsigned int c = ((unsigned char*)line)[i];
+ if ( i >= linelen )
+ putchar (' ');
+ else if (isascii (c) && isprint (c) && !iscntrl (c))
+ putchar (c);
+ else
+ putchar ('.');
+ }
+ putchar ('\n');
+ }
+ }
+ else if (opt.decode)
+ {
+ const unsigned char *s;
+ int need_d = 1;
+ int c = 0;
+
+ for (j=2, s=(unsigned char*)line+2; j < linelen; j++, s++ )
+ {
+ if (need_d)
+ {
+ fputs ("D ", stdout);
+ need_d = 0;
+ }
+ if (*s == '%' && j+2 < linelen)
+ {
+ s++; j++;
+ c = xtoi_2 ( s );
+ s++; j++;
+ }
+ else
+ c = *s;
+ if (c == '\n')
+ need_d = 1;
+ putchar (c);
+ }
+ need_lf = (c != '\n');
+ }
+ else
+ {
+ fwrite (line, linelen, 1, stdout);
+ putchar ('\n');
+ }
+ }
+ else
+ {
+ if (need_lf)
+ {
+ if (!current_datasink || current_datasink != stdout)
+ putchar ('\n');
+ need_lf = 0;
+ }
+
+ if (linelen >= 1
+ && line[0] == 'S'
+ && (line[1] == '\0' || line[1] == ' '))
+ {
+ if (!current_datasink || current_datasink != stdout)
+ {
+ fwrite (line, linelen, 1, stdout);
+ putchar ('\n');
+ }
+ }
+ else if (linelen >= 2
+ && line[0] == 'O' && line[1] == 'K'
+ && (line[2] == '\0' || line[2] == ' '))
+ {
+ if (!current_datasink || current_datasink != stdout)
+ {
+ fwrite (line, linelen, 1, stdout);
+ putchar ('\n');
+ }
+ set_int_var ("?", 0);
+ return 0;
+ }
+ else if (linelen >= 3
+ && line[0] == 'E' && line[1] == 'R' && line[2] == 'R'
+ && (line[3] == '\0' || line[3] == ' '))
+ {
+ int errval;
+
+ errval = strtol (line+3, NULL, 10);
+ if (!errval)
+ errval = -1;
+ set_int_var ("?", errval);
+ if (!current_datasink || current_datasink != stdout)
+ {
+ fwrite (line, linelen, 1, stdout);
+ putchar ('\n');
+ }
+ *r_goterr = 1;
+ return 0;
+ }
+ else if (linelen >= 7
+ && line[0] == 'I' && line[1] == 'N' && line[2] == 'Q'
+ && line[3] == 'U' && line[4] == 'I' && line[5] == 'R'
+ && line[6] == 'E'
+ && (line[7] == '\0' || line[7] == ' '))
+ {
+ if (!current_datasink || current_datasink != stdout)
+ {
+ fwrite (line, linelen, 1, stdout);
+ putchar ('\n');
+ }
+ if (!handle_inquire (ctx, line))
+ assuan_write_line (ctx, "CANCEL");
+ }
+ else if (linelen >= 3
+ && line[0] == 'E' && line[1] == 'N' && line[2] == 'D'
+ && (line[3] == '\0' || line[3] == ' '))
+ {
+ if (!current_datasink || current_datasink != stdout)
+ {
+ fwrite (line, linelen, 1, stdout);
+ putchar ('\n');
+ }
+ /* Received from server, thus more responses are expected. */
+ }
+ else
+ return gpg_error (GPG_ERR_ASS_INV_RESPONSE);
+ }
+ }
+}
+
+
+
+
+/* Connect to the agent and send the standard options. */
+static assuan_context_t
+start_agent (void)
+{
+ int rc = 0;
+ char *infostr, *p;
+ assuan_context_t ctx;
+ session_env_t session_env;
+
+ infostr = getenv ("GPG_AGENT_INFO");
+ if (!infostr || !*infostr)
+ {
+ char *sockname;
+
+ rc = assuan_new (&ctx);
+ if (rc)
+ {
+ log_error ("assuan_new failed: %s\n", gpg_strerror (rc));
+ exit (1);
+ }
+
+ /* Check whether we can connect at the standard socket. */
+ sockname = make_filename (opt.homedir, "S.gpg-agent", NULL);
+ rc = assuan_socket_connect (ctx, sockname, 0, 0);
+
+#ifdef HAVE_W32_SYSTEM
+ /* If we failed to connect under Windows, we fire up the agent. */
+ if (gpg_err_code (rc) == GPG_ERR_ASS_CONNECT_FAILED)
+ {
+ const char *agent_program;
+ const char *argv[3];
+ int save_rc = rc;
+
+ if (opt.verbose)
+ log_info (_("no running gpg-agent - starting one\n"));
+ agent_program = gnupg_module_name (GNUPG_MODULE_NAME_AGENT);
+
+ argv[0] = "--daemon";
+ argv[1] = "--use-standard-socket";
+ argv[2] = NULL;
+
+ rc = gnupg_spawn_process_detached (agent_program, argv, NULL);
+ if (rc)
+ log_debug ("failed to start agent `%s': %s\n",
+ agent_program, gpg_strerror (rc));
+ else
+ {
+ /* Give the agent some time to prepare itself. */
+ gnupg_sleep (3);
+ /* Now try again to connect the agent. */
+ rc = assuan_new (&ctx);
+ if (rc)
+ {
+ log_error ("assuan_new failed: %s\n", gpg_strerror (rc));
+ exit (1);
+ }
+
+ rc = assuan_socket_connect (ctx, sockname, 0, 0);
+ }
+ if (rc)
+ rc = save_rc;
+ }
+#endif /*HAVE_W32_SYSTEM*/
+ xfree (sockname);
+ }
+ else
+ {
+ int prot;
+ int pid;
+
+ infostr = xstrdup (infostr);
+ if ( !(p = strchr (infostr, PATHSEP_C)) || p == infostr)
+ {
+ log_error (_("malformed GPG_AGENT_INFO environment variable\n"));
+ xfree (infostr);
+ exit (1);
+ }
+ *p++ = 0;
+ pid = atoi (p);
+ while (*p && *p != PATHSEP_C)
+ p++;
+ prot = *p? atoi (p+1) : 0;
+ if (prot != 1)
+ {
+ log_error (_("gpg-agent protocol version %d is not supported\n"),
+ prot);
+ xfree (infostr);
+ exit (1);
+ }
+
+ rc = assuan_new (&ctx);
+ if (rc)
+ {
+ log_error ("assuan_new failed: %s\n", gpg_strerror (rc));
+ exit (1);
+ }
+
+ rc = assuan_socket_connect (ctx, infostr, pid, 0);
+ xfree (infostr);
+ }
+
+ if (rc)
+ {
+ log_error ("can't connect to the agent: %s\n", gpg_strerror (rc));
+ exit (1);
+ }
+
+ if (opt.verbose)
+ log_info ("connection to agent established\n");
+
+ rc = assuan_transact (ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ {
+ log_error (_("error sending %s command: %s\n"), "RESET",
+ gpg_strerror (rc));
+ exit (1);
+ }
+
+ session_env = session_env_new ();
+ if (!session_env)
+ log_fatal ("error allocating session environment block: %s\n",
+ strerror (errno));
+
+ rc = send_pinentry_environment (ctx, GPG_ERR_SOURCE_DEFAULT,
+ NULL, NULL, session_env);
+ session_env_release (session_env);
+ if (rc)
+ {
+ log_error (_("error sending standard options: %s\n"), gpg_strerror (rc));
+ exit (1);
+ }
+
+ return ctx;
+}
diff --git a/tools/gpg-zip.in b/tools/gpg-zip.in
new file mode 100644
index 0000000..d27b1f9
--- /dev/null
+++ b/tools/gpg-zip.in
@@ -0,0 +1,140 @@
+#!/bin/sh
+
+# gpg-archive - gpg-ized tar using the same format as PGP's PGP Zip.
+# Copyright (C) 2005 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+# Despite the name, PGP Zip format is actually an OpenPGP-wrapped tar
+# file. To be compatible with PGP itself, this must be a USTAR format
+# tar file. Unclear on whether there is a distinction here between
+# the GNU or POSIX variant of USTAR.
+
+VERSION=@VERSION@
+TAR=@TAR@
+GPG=gpg
+
+usage="\
+Usage: gpg-zip [--help] [--version] [--encrypt] [--decrypt] [--symmetric]
+ [--list-archive] [--output FILE] [--gpg GPG] [--gpg-args ARGS]
+ [--tar TAR] [--tar-args ARGS] filename1 [filename2, ...]
+ directory1 [directory2, ...]
+
+Encrypt or sign files into an archive."
+
+while test $# -gt 0 ; do
+ case $1 in
+ -h | --help | --h*)
+ echo "$usage"
+ exit 0
+ ;;
+ --list-archive)
+ list=yes
+ create=no
+ unpack=no
+ shift
+ ;;
+ --encrypt | -e)
+ gpg_args="$gpg_args --encrypt"
+ list=no
+ create=yes
+ unpack=no
+ shift
+ ;;
+ --decrypt | -d)
+ gpg_args="$gpg_args --decrypt"
+ list=no
+ create=no
+ unpack=yes
+ shift
+ ;;
+ --symmetric | -c)
+ gpg_args="$gpg_args --symmetric"
+ list=no
+ create=yes
+ unpack=no
+ shift
+ ;;
+ --sign | -s)
+ gpg_args="$gpg_args --sign"
+ list=no
+ create=yes
+ unpack=no
+ shift
+ ;;
+ --recipient | -r)
+ gpg_args="$gpg_args --recipient $2"
+ shift
+ shift
+ ;;
+ --local-user | -u)
+ gpg_args="$gpg_args --local-user $2"
+ shift
+ shift
+ ;;
+ --output | -o)
+ gpg_args="$gpg_args --output $2"
+ shift
+ shift
+ ;;
+ --version)
+ echo "gpg-zip (GnuPG) $VERSION"
+ exit 0
+ ;;
+ --gpg)
+ GPG=$1
+ shift
+ ;;
+ --gpg-args)
+ gpg_args="$gpg_args $2"
+ shift
+ shift
+ ;;
+ --tar)
+ TAR=$1
+ shift
+ ;;
+ --tar-args)
+ tar_args="$tar_args $2"
+ shift
+ shift
+ ;;
+ --)
+ shift
+ break
+ ;;
+ -*)
+ echo "$usage" 1>&2
+ exit 1
+ ;;
+ *)
+ break
+ ;;
+ esac
+done
+
+if test x$create = xyes ; then
+# echo "$TAR -cf - "$@" | $GPG --set-filename x.tar $gpg_args" 1>&2
+ $TAR -cf - "$@" | $GPG --set-filename x.tar $gpg_args
+elif test x$list = xyes ; then
+# echo "cat \"$1\" | $GPG $gpg_args | $TAR $tar_args -tf -" 1>&2
+ cat "$1" | $GPG $gpg_args | $TAR $tar_args -tf -
+elif test x$unpack = xyes ; then
+# echo "cat \"$1\" | $GPG $gpg_args | $TAR $tar_args -xvf -" 1>&2
+ cat "$1" | $GPG $gpg_args | $TAR $tar_args -xvf -
+else
+ echo "$usage" 1>&2
+ exit 1
+fi
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
new file mode 100644
index 0000000..32b020f
--- /dev/null
+++ b/tools/gpgconf-comp.c
@@ -0,0 +1,3623 @@
+/* gpgconf-comp.c - Configuration utility for GnuPG.
+ * Copyright (C) 2004, 2007, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuPG; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#if HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <assert.h>
+#include <errno.h>
+#include <time.h>
+#include <stdarg.h>
+#include <signal.h>
+#include <ctype.h>
+#ifdef HAVE_W32_SYSTEM
+# define WIN32_LEAN_AND_MEAN 1
+# include <windows.h>
+#else
+# include <pwd.h>
+# include <grp.h>
+#endif
+
+/* For log_logv(), asctimestamp(), gnupg_get_time (). */
+#define JNLIB_NEED_LOG_LOGV
+#include "util.h"
+#include "i18n.h"
+#include "exechelp.h"
+
+#include "gc-opt-flags.h"
+#include "gpgconf.h"
+
+
+/* There is a problem with gpg 1.4 under Windows: --gpgconf-list
+ returns a plain filename without escaping. As long as we have not
+ fixed that we need to use gpg2 - it might actually be better to use
+ gpg2 in any case. */
+#ifdef HAVE_W32_SYSTEM
+#define GPGNAME "gpg2"
+#else
+#define GPGNAME "gpg"
+#endif
+
+
+/* TODO:
+ Components: Add more components and their options.
+ Robustness: Do more validation. Call programs to do validation for us.
+ Add options to change backend binary path.
+ Extract binary path for some backends from gpgsm/gpg config.
+*/
+
+
+#if (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ))
+void gc_error (int status, int errnum, const char *fmt, ...) \
+ __attribute__ ((format (printf, 3, 4)));
+#endif
+
+/* Output a diagnostic message. If ERRNUM is not 0, then the output
+ is followed by a colon, a white space, and the error string for the
+ error number ERRNUM. In any case the output is finished by a
+ newline. The message is prepended by the program name, a colon,
+ and a whitespace. The output may be further formatted or
+ redirected by the jnlib logging facility. */
+void
+gc_error (int status, int errnum, const char *fmt, ...)
+{
+ va_list arg_ptr;
+
+ va_start (arg_ptr, fmt);
+ log_logv (JNLIB_LOG_ERROR, fmt, arg_ptr);
+ va_end (arg_ptr);
+
+ if (errnum)
+ log_printf (": %s\n", strerror (errnum));
+ else
+ log_printf ("\n");
+
+ if (status)
+ {
+ log_printf (NULL);
+ log_printf ("fatal error (exit status %i)\n", status);
+ exit (status);
+ }
+}
+
+
+/* Forward declaration. */
+static void gpg_agent_runtime_change (void);
+static void scdaemon_runtime_change (void);
+
+/* Backend configuration. Backends are used to decide how the default
+ and current value of an option can be determined, and how the
+ option can be changed. To every option in every component belongs
+ exactly one backend that controls and determines the option. Some
+ backends are programs from the GPG system. Others might be
+ implemented by GPGConf itself. If you change this enum, don't
+ forget to update GC_BACKEND below. */
+typedef enum
+ {
+ /* Any backend, used for find_option (). */
+ GC_BACKEND_ANY,
+
+ /* The Gnu Privacy Guard. */
+ GC_BACKEND_GPG,
+
+ /* The Gnu Privacy Guard for S/MIME. */
+ GC_BACKEND_GPGSM,
+
+ /* The GPG Agent. */
+ GC_BACKEND_GPG_AGENT,
+
+ /* The GnuPG SCDaemon. */
+ GC_BACKEND_SCDAEMON,
+
+ /* The Aegypten directory manager. */
+ GC_BACKEND_DIRMNGR,
+
+ /* The LDAP server list file for the Aegypten director manager. */
+ GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST,
+
+ /* The number of the above entries. */
+ GC_BACKEND_NR
+ } gc_backend_t;
+
+
+/* To be able to implement generic algorithms for the various
+ backends, we collect all information about them in this struct. */
+static struct
+{
+ /* The name of the backend. */
+ const char *name;
+
+ /* The name of the program that acts as the backend. Some backends
+ don't have an associated program, but are implemented directly by
+ GPGConf. In this case, PROGRAM is NULL. */
+ char *program;
+
+ /* The module name (GNUPG_MODULE_NAME_foo) as defined by
+ ../common/util.h. This value is used to get the actual installed
+ path of the program. 0 is used if no backedn program is
+ available. */
+ char module_name;
+
+ /* The runtime change callback. */
+ void (*runtime_change) (void);
+
+ /* The option name for the configuration filename of this backend.
+ This must be an absolute filename. It can be an option from a
+ different backend (but then ordering of the options might
+ matter). Note: This must be unique among all components. */
+ const char *option_config_filename;
+
+ /* If this is a file backend rather than a program backend, then
+ this is the name of the option associated with the file. */
+ const char *option_name;
+} gc_backend[GC_BACKEND_NR] =
+ {
+ { NULL }, /* GC_BACKEND_ANY dummy entry. */
+ { "GnuPG", GPGNAME, GNUPG_MODULE_NAME_GPG,
+ NULL, "gpgconf-gpg.conf" },
+ { "GPGSM", "gpgsm", GNUPG_MODULE_NAME_GPGSM,
+ NULL, "gpgconf-gpgsm.conf" },
+ { "GPG Agent", "gpg-agent", GNUPG_MODULE_NAME_AGENT,
+ gpg_agent_runtime_change, "gpgconf-gpg-agent.conf" },
+ { "SCDaemon", "scdaemon", GNUPG_MODULE_NAME_SCDAEMON,
+ scdaemon_runtime_change, "gpgconf-scdaemon.conf" },
+ { "DirMngr", "dirmngr", GNUPG_MODULE_NAME_DIRMNGR,
+ NULL, "gpgconf-dirmngr.conf" },
+ { "DirMngr LDAP Server List", NULL, 0,
+ NULL, "ldapserverlist-file", "LDAP Server" },
+ };
+
+
+/* Option configuration. */
+
+/* An option might take an argument, or not. Argument types can be
+ basic or complex. Basic types are generic and easy to validate.
+ Complex types provide more specific information about the intended
+ use, but can be difficult to validate. If you add to this enum,
+ don't forget to update GC_ARG_TYPE below. YOU MUST NOT CHANGE THE
+ NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE EXTERNAL
+ INTERFACE. */
+typedef enum
+ {
+ /* Basic argument types. */
+
+ /* No argument. */
+ GC_ARG_TYPE_NONE = 0,
+
+ /* A String argument. */
+ GC_ARG_TYPE_STRING = 1,
+
+ /* A signed integer argument. */
+ GC_ARG_TYPE_INT32 = 2,
+
+ /* An unsigned integer argument. */
+ GC_ARG_TYPE_UINT32 = 3,
+
+ /* ADD NEW BASIC TYPE ENTRIES HERE. */
+
+ /* Complex argument types. */
+
+ /* A complete filename. */
+ GC_ARG_TYPE_FILENAME = 32,
+
+ /* An LDAP server in the format
+ HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN. */
+ GC_ARG_TYPE_LDAP_SERVER = 33,
+
+ /* A 40 character fingerprint. */
+ GC_ARG_TYPE_KEY_FPR = 34,
+
+ /* A user ID or key ID or fingerprint for a certificate. */
+ GC_ARG_TYPE_PUB_KEY = 35,
+
+ /* A user ID or key ID or fingerprint for a certificate with a key. */
+ GC_ARG_TYPE_SEC_KEY = 36,
+
+ /* A alias list made up of a key, an equal sign and a space
+ separated list of values. */
+ GC_ARG_TYPE_ALIAS_LIST = 37,
+
+ /* ADD NEW COMPLEX TYPE ENTRIES HERE. */
+
+ /* The number of the above entries. */
+ GC_ARG_TYPE_NR
+ } gc_arg_type_t;
+
+
+/* For every argument, we record some information about it in the
+ following struct. */
+static struct
+{
+ /* For every argument type exists a basic argument type that can be
+ used as a fallback for input and validation purposes. */
+ gc_arg_type_t fallback;
+
+ /* Human-readable name of the type. */
+ const char *name;
+} gc_arg_type[GC_ARG_TYPE_NR] =
+ {
+ /* The basic argument types have their own types as fallback. */
+ { GC_ARG_TYPE_NONE, "none" },
+ { GC_ARG_TYPE_STRING, "string" },
+ { GC_ARG_TYPE_INT32, "int32" },
+ { GC_ARG_TYPE_UINT32, "uint32" },
+
+ /* Reserved basic type entries for future extension. */
+ { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
+ { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
+ { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
+ { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
+ { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
+ { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
+ { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
+ { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
+ { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
+ { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
+ { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
+ { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
+ { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
+ { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
+
+ /* The complex argument types have a basic type as fallback. */
+ { GC_ARG_TYPE_STRING, "filename" },
+ { GC_ARG_TYPE_STRING, "ldap server" },
+ { GC_ARG_TYPE_STRING, "key fpr" },
+ { GC_ARG_TYPE_STRING, "pub key" },
+ { GC_ARG_TYPE_STRING, "sec key" },
+ { GC_ARG_TYPE_STRING, "alias list" },
+ };
+
+
+/* Every option has an associated expert level, than can be used to
+ hide advanced and expert options from beginners. If you add to
+ this list, don't forget to update GC_LEVEL below. YOU MUST NOT
+ CHANGE THE NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE
+ EXTERNAL INTERFACE. */
+typedef enum
+ {
+ /* The basic options should always be displayed. */
+ GC_LEVEL_BASIC,
+
+ /* The advanced options may be hidden from beginners. */
+ GC_LEVEL_ADVANCED,
+
+ /* The expert options should only be displayed to experts. */
+ GC_LEVEL_EXPERT,
+
+ /* The invisible options should normally never be displayed. */
+ GC_LEVEL_INVISIBLE,
+
+ /* The internal options are never exported, they mark options that
+ are recorded for internal use only. */
+ GC_LEVEL_INTERNAL,
+
+ /* ADD NEW ENTRIES HERE. */
+
+ /* The number of the above entries. */
+ GC_LEVEL_NR
+ } gc_expert_level_t;
+
+/* A description for each expert level. */
+static struct
+{
+ const char *name;
+} gc_level[] =
+ {
+ { "basic" },
+ { "advanced" },
+ { "expert" },
+ { "invisible" },
+ { "internal" }
+ };
+
+
+/* Option flags. The flags which are used by the backends are defined
+ by gc-opt-flags.h, included above.
+
+ YOU MUST NOT CHANGE THE NUMBERS OF THE EXISTING FLAGS, AS THEY ARE
+ PART OF THE EXTERNAL INTERFACE. */
+
+/* Some entries in the option list are not options, but mark the
+ beginning of a new group of options. These entries have the GROUP
+ flag set. */
+#define GC_OPT_FLAG_GROUP (1UL << 0)
+/* The ARG_OPT flag for an option indicates that the argument is
+ optional. This is never set for GC_ARG_TYPE_NONE options. */
+#define GC_OPT_FLAG_ARG_OPT (1UL << 1)
+/* The LIST flag for an option indicates that the option can occur
+ several times. A comma separated list of arguments is used as the
+ argument value. */
+#define GC_OPT_FLAG_LIST (1UL << 2)
+/* The NO_CHANGE flag for an option indicates that the user should not
+ be allowed to change this option using the standard gpgconf method.
+ Frontends using gpgconf should grey out such options, so that only
+ the current value is displayed. */
+#define GC_OPT_FLAG_NO_CHANGE (1UL <<7)
+
+
+/* A human-readable description for each flag. */
+static struct
+{
+ const char *name;
+} gc_flag[] =
+ {
+ { "group" },
+ { "optional arg" },
+ { "list" },
+ { "runtime" },
+ { "default" },
+ { "default desc" },
+ { "no arg desc" },
+ { "no change" }
+ };
+
+
+/* To each option, or group marker, the information in the GC_OPTION
+ struct is provided. If you change this, don't forget to update the
+ option list of each component. */
+struct gc_option
+{
+ /* If this is NULL, then this is a terminator in an array of unknown
+ length. Otherwise, if this entry is a group marker (see FLAGS),
+ then this is the name of the group described by this entry.
+ Otherwise it is the name of the option described by this
+ entry. The name must not contain a colon. */
+ const char *name;
+
+ /* The option flags. If the GROUP flag is set, then this entry is a
+ group marker, not an option, and only the fields LEVEL,
+ DESC_DOMAIN and DESC are valid. In all other cases, this entry
+ describes a new option and all fields are valid. */
+ unsigned long flags;
+
+ /* The expert level. This field is valid for options and groups. A
+ group has the expert level of the lowest-level option in the
+ group. */
+ gc_expert_level_t level;
+
+ /* A gettext domain in which the following description can be found.
+ If this is NULL, then DESC is not translated. Valid for groups
+ and options.
+
+ Note that we try to keep the description of groups within the
+ gnupg domain.
+
+ IMPORTANT: If you add a new domain please make sure to add a code
+ set switching call to the function my_dgettext further below. */
+ const char *desc_domain;
+
+ /* A gettext description for this group or option. If it starts
+ with a '|', then the string up to the next '|' describes the
+ argument, and the description follows the second '|'.
+
+ In general enclosing these description in N_() is not required
+ because the description should be identical to the one in the
+ help menu of the respective program. */
+ const char *desc;
+
+ /* The following fields are only valid for options. */
+
+ /* The type of the option argument. */
+ gc_arg_type_t arg_type;
+
+ /* The backend that implements this option. */
+ gc_backend_t backend;
+
+ /* The following fields are set to NULL at startup (because all
+ option's are declared as static variables). They are at the end
+ of the list so that they can be omitted from the option
+ declarations. */
+
+ /* This is true if the option is supported by this version of the
+ backend. */
+ int active;
+
+ /* The default value for this option. This is NULL if the option is
+ not present in the backend, the empty string if no default is
+ available, and otherwise a quoted string. */
+ char *default_value;
+
+ /* The default argument is only valid if the "optional arg" flag is
+ set, and specifies the default argument (value) that is used if
+ the argument is omitted. */
+ char *default_arg;
+
+ /* The current value of this option. */
+ char *value;
+
+ /* The new flags for this option. The only defined flag is actually
+ GC_OPT_FLAG_DEFAULT, and it means that the option should be
+ deleted. In this case, NEW_VALUE is NULL. */
+ unsigned long new_flags;
+
+ /* The new value of this option. */
+ char *new_value;
+};
+typedef struct gc_option gc_option_t;
+
+/* Use this macro to terminate an option list. */
+#define GC_OPTION_NULL { NULL }
+
+
+/* The options of the GC_COMPONENT_GPG_AGENT component. */
+static gc_option_t gc_options_gpg_agent[] =
+ {
+ /* The configuration file to which we write the changes. */
+ { "gpgconf-gpg-agent.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
+ NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
+
+ { "Monitor",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
+ "gnupg", N_("Options controlling the diagnostic output") },
+ { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
+ "gnupg", "verbose",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+ { "quiet", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
+ "gnupg", "be somewhat more quiet",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+ { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL,
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+
+ { "Configuration",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
+ "gnupg", N_("Options controlling the configuration") },
+ { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
+ "gnupg", "|FILE|read options from FILE",
+ GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
+ { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "gnupg", "do not use the SCdaemon",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+
+ { "Debug",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
+ "gnupg", N_("Options useful for debugging") },
+ { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
+ "gnupg", "|LEVEL|set the debugging level to LEVEL",
+ GC_ARG_TYPE_STRING, GC_BACKEND_GPG_AGENT },
+ { "log-file", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
+ "gnupg", N_("|FILE|write server mode logs to FILE"),
+ GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
+ { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL,
+ GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
+
+ { "Security",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
+ "gnupg", N_("Options controlling the security") },
+ { "default-cache-ttl", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_BASIC, "gnupg",
+ "|N|expire cached PINs after N seconds",
+ GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
+ { "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_ADVANCED, "gnupg",
+ N_("|N|expire SSH keys after N seconds"),
+ GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
+ { "max-cache-ttl", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_EXPERT, "gnupg",
+ N_("|N|set maximum PIN cache lifetime to N seconds"),
+ GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
+ { "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_EXPERT, "gnupg",
+ N_("|N|set maximum SSH key lifetime to N seconds"),
+ GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
+ { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+ { "allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_ADVANCED, "gnupg", "allow clients to mark keys as \"trusted\"",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+ { "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
+ "gnupg", "do not grab keyboard and mouse",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+
+ { "Passphrase policy",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
+ "gnupg", N_("Options enforcing a passphrase policy") },
+ { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_EXPERT, "gnupg",
+ N_("do not allow to bypass the passphrase policy"),
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+ { "min-passphrase-len", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_ADVANCED, "gnupg",
+ N_("|N|set minimal required length for new passphrases to N"),
+ GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
+ { "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_EXPERT, "gnupg",
+ N_("|N|require at least N non-alpha characters for a new passphrase"),
+ GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
+ { "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_EXPERT,
+ "gnupg", N_("|FILE|check new passphrases against pattern in FILE"),
+ GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
+ { "max-passphrase-days", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_EXPERT, "gnupg",
+ N_("|N|expire the passphrase after N days"),
+ GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
+ { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_EXPERT, "gnupg",
+ N_("do not allow the reuse of old passphrases"),
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+
+ GC_OPTION_NULL
+ };
+
+
+/* The options of the GC_COMPONENT_SCDAEMON component. */
+static gc_option_t gc_options_scdaemon[] =
+ {
+ /* The configuration file to which we write the changes. */
+ { "gpgconf-scdaemon.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
+ NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
+
+ { "Monitor",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
+ "gnupg", N_("Options controlling the diagnostic output") },
+ { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
+ "gnupg", "verbose",
+ GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
+ { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "gnupg", "be somewhat more quiet",
+ GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
+ { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL,
+ GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
+
+ { "Configuration",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
+ "gnupg", N_("Options controlling the configuration") },
+ { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
+ "gnupg", "|FILE|read options from FILE",
+ GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
+ { "reader-port", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
+ "gnupg", "|N|connect to reader at port N",
+ GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
+ { "ctapi-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
+ "gnupg", "|NAME|use NAME as ct-API driver",
+ GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
+ { "pcsc-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
+ "gnupg", "|NAME|use NAME as PC/SC driver",
+ GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
+ { "disable-ccid", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
+ "gnupg", "do not use the internal CCID driver",
+ GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
+ { "disable-keypad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
+ "gnupg", "do not use a reader's keypad",
+ GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
+ { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
+ "gnupg", "|N|disconnect the card after N seconds of inactivity",
+ GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
+
+ { "Debug",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
+ "gnupg", N_("Options useful for debugging") },
+ { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
+ "gnupg", "|LEVEL|set the debugging level to LEVEL",
+ GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
+ { "log-file", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
+ "gnupg", N_("|FILE|write a log to FILE"),
+ GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
+
+ { "Security",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
+ "gnupg", N_("Options controlling the security") },
+ { "deny-admin", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
+ "gnupg", "deny the use of admin card commands",
+ GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
+
+
+ GC_OPTION_NULL
+ };
+
+
+/* The options of the GC_COMPONENT_GPG component. */
+static gc_option_t gc_options_gpg[] =
+ {
+ /* The configuration file to which we write the changes. */
+ { "gpgconf-gpg.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
+ NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
+
+ { "Monitor",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
+ "gnupg", N_("Options controlling the diagnostic output") },
+ { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
+ "gnupg", "verbose",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
+ { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "gnupg", "be somewhat more quiet",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
+ { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL,
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
+
+ { "Configuration",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
+ "gnupg", N_("Options controlling the configuration") },
+ { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "gnupg", N_("|NAME|use NAME as default secret key"),
+ GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
+ { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
+ GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
+ { "group", GC_OPT_FLAG_LIST, GC_LEVEL_ADVANCED,
+ "gnupg", N_("|SPEC|set up email aliases"),
+ GC_ARG_TYPE_ALIAS_LIST, GC_BACKEND_GPG },
+ { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
+ "gnupg", "|FILE|read options from FILE",
+ GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
+
+ { "Debug",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
+ "gnupg", N_("Options useful for debugging") },
+ { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
+ "gnupg", "|LEVEL|set the debugging level to LEVEL",
+ GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
+ { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "gnupg", N_("|FILE|write server mode logs to FILE"),
+ GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
+/* { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE, */
+/* NULL, NULL, */
+/* GC_ARG_TYPE_UINT32, GC_BACKEND_GPG }, */
+
+ { "Keyserver",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
+ "gnupg", N_("Configuration for Keyservers") },
+ { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "gnupg", N_("|URL|use keyserver at URL"),
+ GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
+ { "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "gnupg", N_("allow PKA lookups (DNS requests)"),
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
+ { "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
+ GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
+
+
+ GC_OPTION_NULL
+ };
+
+
+
+/* The options of the GC_COMPONENT_GPGSM component. */
+static gc_option_t gc_options_gpgsm[] =
+ {
+ /* The configuration file to which we write the changes. */
+ { "gpgconf-gpgsm.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
+ NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
+
+ { "Monitor",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
+ "gnupg", N_("Options controlling the diagnostic output") },
+ { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
+ "gnupg", "verbose",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
+ { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "gnupg", "be somewhat more quiet",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
+ { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL,
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
+
+ { "Configuration",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
+ "gnupg", N_("Options controlling the configuration") },
+ { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "gnupg", N_("|NAME|use NAME as default secret key"),
+ GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
+ { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
+ GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
+ { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
+ "gnupg", "|FILE|read options from FILE",
+ GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
+ { "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "gnupg", "use system's dirmngr if available",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
+ { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
+ "gnupg", N_("disable all access to the dirmngr"),
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
+ { "p12-charset", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "gnupg", N_("|NAME|use encoding NAME for PKCS#12 passphrases"),
+ GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
+ { "keyserver", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
+ "gnupg", N_("|SPEC|use this keyserver to lookup keys"),
+ GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_GPGSM },
+
+ { "Debug",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
+ "gnupg", N_("Options useful for debugging") },
+ { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
+ "gnupg", "|LEVEL|set the debugging level to LEVEL",
+ GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
+ { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "gnupg", N_("|FILE|write server mode logs to FILE"),
+ GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
+ { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL,
+ GC_ARG_TYPE_UINT32, GC_BACKEND_GPGSM },
+
+ { "Security",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
+ "gnupg", N_("Options controlling the security") },
+ { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "gnupg", "never consult a CRL",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
+ { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
+ "gnupg", N_("do not check CRLs for root certificates"),
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
+ { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "gnupg", "check validity using OCSP",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
+ { "include-certs", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
+ "gnupg", "|N|number of certificates to include",
+ GC_ARG_TYPE_INT32, GC_BACKEND_GPGSM },
+ { "disable-policy-checks", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "gnupg", "do not check certificate policies",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
+ { "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "gnupg", "fetch missing issuer certificates",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
+ { "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "gnupg", "|NAME|use cipher algorithm NAME",
+ GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
+
+ GC_OPTION_NULL
+ };
+
+
+/* The options of the GC_COMPONENT_DIRMNGR component. */
+static gc_option_t gc_options_dirmngr[] =
+ {
+ /* The configuration file to which we write the changes. */
+ { "gpgconf-dirmngr.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
+ NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
+
+ { "Monitor",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
+ "gnupg", N_("Options controlling the diagnostic output") },
+ { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
+ "dirmngr", "verbose",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "dirmngr", "be somewhat more quiet",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL,
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+
+ { "Format",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
+ "gnupg", N_("Options controlling the format of the output") },
+ { "sh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "dirmngr", "sh-style command output",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "dirmngr", "csh-style command output",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+
+ { "Configuration",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
+ "gnupg", N_("Options controlling the configuration") },
+ { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
+ "dirmngr", "|FILE|read options from FILE",
+ GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
+
+ { "Debug",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
+ "gnupg", N_("Options useful for debugging") },
+ { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
+ "dirmngr", "|LEVEL|set the debugging level to LEVEL",
+ GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
+ { "no-detach", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", "do not detach from the console",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", N_("|FILE|write server mode logs to FILE"),
+ GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
+ { "debug-wait", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL,
+ GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
+ { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL,
+ GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
+
+ { "Enforcement",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
+ "gnupg", N_("Options controlling the interactivity and enforcement") },
+ { "batch", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "dirmngr", "run without asking a user",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "dirmngr", "force loading of outdated CRLs",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+
+ { "HTTP",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
+ "gnupg", N_("Configuration for HTTP servers") },
+ { "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", "inhibit the use of HTTP",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "ignore-http-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", "ignore HTTP CRL distribution points",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", "|URL|redirect all HTTP requests to URL",
+ GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
+ { "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "gnupg", N_("use system's HTTP proxy setting"),
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+
+ { "LDAP",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
+ "gnupg", N_("Configuration of LDAP servers to use") },
+ { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", "inhibit the use of LDAP",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "ignore-ldap-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", "ignore LDAP CRL distribution points",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "dirmngr", "|HOST|use HOST for LDAP queries",
+ GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
+ { "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", "do not use fallback hosts with --ldap-proxy",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", "add new servers discovered in CRL distribution points"
+ " to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "dirmngr", "|N|set LDAP timeout to N seconds",
+ GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
+ /* The following entry must not be removed, as it is required for
+ the GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST. */
+ { "ldapserverlist-file",
+ GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
+ "dirmngr", "|FILE|read LDAP server list from FILE",
+ GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
+ /* This entry must come after at least one entry for
+ GC_BACKEND_DIRMNGR in this component, so that the entry for
+ "ldapserverlist-file will be initialized before this one. */
+ { "LDAP Server", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
+ "gnupg", N_("LDAP server list"),
+ GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST },
+ { "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "dirmngr", "|N|do not return more than N items in one query",
+ GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
+
+ { "OCSP",
+ GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
+ "gnupg", N_("Configuration for OCSP") },
+ { "allow-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "dirmngr", "allow sending OCSP requests",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "ignore-ocsp-service-url", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", "ignore certificate contained OCSP service URLs",
+ GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+ { "ocsp-responder", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", "|URL|use OCSP responder at URL",
+ GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
+ { "ocsp-signer", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+ "dirmngr", "|FPR|OCSP response signed by FPR",
+ GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
+
+
+ GC_OPTION_NULL
+ };
+
+
+/* Component system. Each component is a set of options that can be
+ configured at the same time. If you change this, don't forget to
+ update GC_COMPONENT below. */
+typedef enum
+ {
+ /* The classic GPG for OpenPGP. */
+ GC_COMPONENT_GPG,
+
+ /* The GPG Agent. */
+ GC_COMPONENT_GPG_AGENT,
+
+ /* The Smardcard Daemon. */
+ GC_COMPONENT_SCDAEMON,
+
+ /* GPG for S/MIME. */
+ GC_COMPONENT_GPGSM,
+
+ /* The LDAP Directory Manager for CRLs. */
+ GC_COMPONENT_DIRMNGR,
+
+ /* The number of components. */
+ GC_COMPONENT_NR
+ } gc_component_t;
+
+
+/* The information associated with each component. */
+static struct
+{
+ /* The name of this component. Must not contain a colon (':')
+ character. */
+ const char *name;
+
+ /* The gettext domain for the description DESC. If this is NULL,
+ then the description is not translated. */
+ const char *desc_domain;
+
+ /* The description for this domain. */
+ const char *desc;
+
+ /* The list of options for this component, terminated by
+ GC_OPTION_NULL. */
+ gc_option_t *options;
+} gc_component[] =
+ {
+ { "gpg", NULL, "GPG for OpenPGP", gc_options_gpg },
+ { "gpg-agent", NULL, "GPG Agent", gc_options_gpg_agent },
+ { "scdaemon", NULL, "Smartcard Daemon", gc_options_scdaemon },
+ { "gpgsm", NULL, "GPG for S/MIME", gc_options_gpgsm },
+ { "dirmngr", NULL, "Directory Manager", gc_options_dirmngr }
+ };
+
+
+
+/* Structure used to collect error output of the backend programs. */
+struct error_line_s;
+typedef struct error_line_s *error_line_t;
+struct error_line_s
+{
+ error_line_t next; /* Link to next item. */
+ const char *fname; /* Name of the config file (points into BUFFER). */
+ unsigned int lineno; /* Line number of the config file. */
+ const char *errtext; /* Text of the error message (points into BUFFER). */
+ char buffer[1]; /* Helper buffer. */
+};
+
+
+
+/* Engine specific support. */
+static void
+gpg_agent_runtime_change (void)
+{
+#ifndef HAVE_W32_SYSTEM
+ char *agent = getenv ("GPG_AGENT_INFO");
+ char *pid_str;
+ unsigned long pid_long;
+ char *tail;
+ pid_t pid;
+
+ if (!agent)
+ return;
+
+ pid_str = strchr (agent, ':');
+ if (!pid_str)
+ return;
+
+ pid_str++;
+ errno = 0;
+ pid_long = strtoul (pid_str, &tail, 0);
+ if (errno || (*tail != ':' && *tail != '\0'))
+ return;
+
+ pid = (pid_t) pid_long;
+
+ /* Check for overflow. */
+ if (pid_long != (unsigned long) pid)
+ return;
+
+ /* Ignore any errors here. */
+ kill (pid, SIGHUP);
+#else
+ gpg_error_t err;
+ const char *pgmname;
+ const char *argv[2];
+ pid_t pid;
+
+ pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
+ argv[0] = "reloadagent";
+ argv[1] = NULL;
+
+ err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
+ if (!err)
+ err = gnupg_wait_process (pgmname, pid, NULL);
+ if (err)
+ gc_error (0, 0, "error running `%s%s': %s",
+ pgmname, " reloadagent", gpg_strerror (err));
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+
+static void
+scdaemon_runtime_change (void)
+{
+ gpg_error_t err;
+ const char *pgmname;
+ const char *argv[6];
+ pid_t pid;
+
+ /* We use "GETINFO app_running" to see whether the agent is already
+ running and kill it only in this case. This avoids an explicit
+ starting of the agent in case it is not yet running. There is
+ obviously a race condition but that should not harm too much. */
+
+ pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
+ argv[0] = "-s";
+ argv[1] = "GETINFO scd_running";
+ argv[2] = "/if ${! $?}";
+ argv[3] = "scd killscd";
+ argv[4] = "/end";
+ argv[5] = NULL;
+
+ err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
+ if (!err)
+ err = gnupg_wait_process (pgmname, pid, NULL);
+ if (err)
+ gc_error (0, 0, "error running `%s%s': %s",
+ pgmname, " scd killscd", gpg_strerror (err));
+}
+
+
+/* Unconditionally reload COMPONENT or all components if COMPONENT is -1. */
+void
+gc_component_reload (int component)
+{
+ int runtime[GC_BACKEND_NR];
+ gc_option_t *option;
+ gc_backend_t backend;
+
+ /* Set a flag for the backends to be reloaded. */
+ for (backend = 0; backend < GC_BACKEND_NR; backend++)
+ runtime[backend] = 0;
+
+ if (component == -1)
+ {
+ for (component = 0; component < GC_COMPONENT_NR; component++)
+ {
+ option = gc_component[component].options;
+ for (; option && option->name; option++)
+ runtime[option->backend] = 1;
+ }
+ }
+ else
+ {
+ assert (component < GC_COMPONENT_NR);
+ option = gc_component[component].options;
+ for (; option && option->name; option++)
+ runtime[option->backend] = 1;
+ }
+
+ /* Do the reload for all selected backends. */
+ for (backend = 0; backend < GC_BACKEND_NR; backend++)
+ {
+ if (runtime[backend] && gc_backend[backend].runtime_change)
+ (*gc_backend[backend].runtime_change) ();
+ }
+}
+
+
+
+/* More or less Robust version of dgettext. It has the side effect of
+ switching the codeset to utf-8 because this is what we want to
+ output. In theory it is posible to keep the orginal code set and
+ switch back for regular disgnostic output (redefine "_(" for that)
+ but given the natur of this tool, being something invoked from
+ other pograms, it does not make much sense. */
+static const char *
+my_dgettext (const char *domain, const char *msgid)
+{
+#ifdef USE_SIMPLE_GETTEXT
+ if (domain)
+ {
+ static int switched_codeset;
+ char *text;
+
+ if (!switched_codeset)
+ {
+ switched_codeset = 1;
+ gettext_select_utf8 (1);
+ }
+
+ if (!strcmp (domain, "gnupg"))
+ domain = PACKAGE_GT;
+
+ /* FIXME: we have no dgettext, thus we can't switch. */
+
+ text = (char*)gettext (msgid);
+ return text ? text : msgid;
+ }
+#elif defined(ENABLE_NLS)
+ if (domain)
+ {
+ static int switched_codeset;
+ char *text;
+
+ if (!switched_codeset)
+ {
+ switched_codeset = 1;
+ bind_textdomain_codeset (PACKAGE_GT, "utf-8");
+
+ bindtextdomain ("dirmngr", LOCALEDIR);
+ bind_textdomain_codeset ("dirmngr", "utf-8");
+
+ }
+
+ /* Note: This is a hack to actually use the gnupg2 domain as
+ long we are in a transition phase where gnupg 1.x and 1.9 may
+ coexist. */
+ if (!strcmp (domain, "gnupg"))
+ domain = PACKAGE_GT;
+
+ text = dgettext (domain, msgid);
+ return text ? text : msgid;
+ }
+ else
+#endif
+ return msgid;
+}
+
+
+/* Percent-Escape special characters. The string is valid until the
+ next invocation of the function. */
+char *
+gc_percent_escape (const char *src)
+{
+ static char *esc_str;
+ static int esc_str_len;
+ int new_len = 3 * strlen (src) + 1;
+ char *dst;
+
+ if (esc_str_len < new_len)
+ {
+ char *new_esc_str = realloc (esc_str, new_len);
+ if (!new_esc_str)
+ gc_error (1, errno, "can not escape string");
+ esc_str = new_esc_str;
+ esc_str_len = new_len;
+ }
+
+ dst = esc_str;
+ while (*src)
+ {
+ if (*src == '%')
+ {
+ *(dst++) = '%';
+ *(dst++) = '2';
+ *(dst++) = '5';
+ }
+ else if (*src == ':')
+ {
+ /* The colon is used as field separator. */
+ *(dst++) = '%';
+ *(dst++) = '3';
+ *(dst++) = 'a';
+ }
+ else if (*src == ',')
+ {
+ /* The comma is used as list separator. */
+ *(dst++) = '%';
+ *(dst++) = '2';
+ *(dst++) = 'c';
+ }
+ else
+ *(dst++) = *(src);
+ src++;
+ }
+ *dst = '\0';
+ return esc_str;
+}
+
+
+
+/* Percent-Deescape special characters. The string is valid until the
+ next invocation of the function. */
+static char *
+percent_deescape (const char *src)
+{
+ static char *str;
+ static int str_len;
+ int new_len = 3 * strlen (src) + 1;
+ char *dst;
+
+ if (str_len < new_len)
+ {
+ char *new_str = realloc (str, new_len);
+ if (!new_str)
+ gc_error (1, errno, "can not deescape string");
+ str = new_str;
+ str_len = new_len;
+ }
+
+ dst = str;
+ while (*src)
+ {
+ if (*src == '%')
+ {
+ int val = hextobyte (src + 1);
+
+ if (val < 0)
+ gc_error (1, 0, "malformed end of string %s", src);
+
+ *(dst++) = (char) val;
+ src += 3;
+ }
+ else
+ *(dst++) = *(src++);
+ }
+ *dst = '\0';
+ return str;
+}
+
+
+/* List all components that are available. */
+void
+gc_component_list_components (FILE *out)
+{
+ gc_component_t component;
+ gc_option_t *option;
+ gc_backend_t backend;
+ int backend_seen[GC_BACKEND_NR];
+ const char *desc;
+ const char *pgmname;
+
+ for (component = 0; component < GC_COMPONENT_NR; component++)
+ {
+ option = gc_component[component].options;
+ if (option)
+ {
+ for (backend = 0; backend < GC_BACKEND_NR; backend++)
+ backend_seen[backend] = 0;
+
+ pgmname = "";
+ for (; option && option->name; option++)
+ {
+ if ((option->flags & GC_OPT_FLAG_GROUP))
+ continue;
+ backend = option->backend;
+ if (backend_seen[backend])
+ continue;
+ backend_seen[backend] = 1;
+ assert (backend != GC_BACKEND_ANY);
+ if (gc_backend[backend].program
+ && !gc_backend[backend].module_name)
+ continue;
+ pgmname = gnupg_module_name (gc_backend[backend].module_name);
+ break;
+ }
+
+ desc = gc_component[component].desc;
+ desc = my_dgettext (gc_component[component].desc_domain, desc);
+ fprintf (out, "%s:%s:",
+ gc_component[component].name, gc_percent_escape (desc));
+ fprintf (out, "%s\n", gc_percent_escape (pgmname));
+ }
+ }
+}
+
+
+
+static int
+all_digits_p (const char *p, size_t len)
+{
+ if (!len)
+ return 0; /* No. */
+ for (; len; len--, p++)
+ if (!isascii (*p) || !isdigit (*p))
+ return 0; /* No. */
+ return 1; /* Yes. */
+}
+
+
+/* Collect all error lines from file descriptor FD. Only lines
+ prefixed with TAG are considered. Close that file descriptor
+ then. Returns a list of error line items (which may be empty).
+ There is no error return. */
+static error_line_t
+collect_error_output (int fd, const char *tag)
+{
+ FILE *fp;
+ char buffer[1024];
+ char *p, *p2, *p3;
+ int c, cont_line;
+ unsigned int pos;
+ error_line_t eitem, errlines, *errlines_tail;
+ size_t taglen = strlen (tag);
+
+ fp = fdopen (fd, "r");
+ if (!fp)
+ gc_error (1, errno, "can't fdopen pipe for reading");
+
+ errlines = NULL;
+ errlines_tail = &errlines;
+ pos = 0;
+ cont_line = 0;
+ while ((c=getc (fp)) != EOF)
+ {
+ buffer[pos++] = c;
+ if (pos >= sizeof buffer - 5 || c == '\n')
+ {
+ buffer[pos - (c == '\n')] = 0;
+ if (cont_line)
+ ; /*Ignore continuations of previous line. */
+ else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
+ {
+ /* "gpgsm: foo:4: bla" */
+ /* Yep, we are interested in this line. */
+ p = buffer + taglen + 1;
+ while (*p == ' ' || *p == '\t')
+ p++;
+ if (!*p)
+ ; /* Empty lines are ignored. */
+ else if ( (p2 = strchr (p, ':')) && (p3 = strchr (p2+1, ':'))
+ && all_digits_p (p2+1, p3 - (p2+1)))
+ {
+ /* Line in standard compiler format. */
+ p3++;
+ while (*p3 == ' ' || *p3 == '\t')
+ p3++;
+ eitem = xmalloc (sizeof *eitem + strlen (p));
+ eitem->next = NULL;
+ strcpy (eitem->buffer, p);
+ eitem->fname = eitem->buffer;
+ eitem->buffer[p2-p] = 0;
+ eitem->errtext = eitem->buffer + (p3 - p);
+ /* (we already checked that there are only ascii
+ digits followed by a colon) */
+ eitem->lineno = 0;
+ for (p2++; isdigit (*p2); p2++)
+ eitem->lineno = eitem->lineno*10 + (*p2 - '0');
+ *errlines_tail = eitem;
+ errlines_tail = &eitem->next;
+ }
+ else
+ {
+ /* Other error output. */
+ eitem = xmalloc (sizeof *eitem + strlen (p));
+ eitem->next = NULL;
+ strcpy (eitem->buffer, p);
+ eitem->fname = NULL;
+ eitem->errtext = eitem->buffer;
+ eitem->lineno = 0;
+ *errlines_tail = eitem;
+ errlines_tail = &eitem->next;
+ }
+ }
+ pos = 0;
+ /* If this was not a complete line mark that we are in a
+ continuation. */
+ cont_line = (c != '\n');
+ }
+ }
+
+ /* We ignore error lines not terminated by a LF. */
+
+ fclose (fp);
+ return errlines;
+}
+
+
+/* Check the options of a single component. Returns 0 if everything
+ is OK. */
+int
+gc_component_check_options (int component, FILE *out, const char *conf_file)
+{
+ gpg_error_t err;
+ unsigned int result;
+ int backend_seen[GC_BACKEND_NR];
+ gc_backend_t backend;
+ gc_option_t *option;
+ const char *pgmname;
+ const char *argv[4];
+ int i;
+ pid_t pid;
+ int exitcode;
+ int filedes[2];
+ error_line_t errlines;
+
+ /* We use a temporary file to collect the error output. It would be
+ better to use a pipe here but as of now we have no suitable
+ fucntion to create a portable pipe outside of exechelp. Thus it
+ is easier to use the tempfile approach. */
+
+ for (backend = 0; backend < GC_BACKEND_NR; backend++)
+ backend_seen[backend] = 0;
+
+ option = gc_component[component].options;
+ for (; option && option->name; option++)
+ {
+ if ((option->flags & GC_OPT_FLAG_GROUP))
+ continue;
+ backend = option->backend;
+ if (backend_seen[backend])
+ continue;
+ backend_seen[backend] = 1;
+ assert (backend != GC_BACKEND_ANY);
+ if (!gc_backend[backend].program)
+ continue;
+ if (!gc_backend[backend].module_name)
+ continue;
+
+ break;
+ }
+ if (! option || ! option->name)
+ return 0;
+
+ pgmname = gnupg_module_name (gc_backend[backend].module_name);
+ i = 0;
+ if (conf_file)
+ {
+ argv[i++] = "--options";
+ argv[i++] = conf_file;
+ }
+ argv[i++] = "--gpgconf-test";
+ argv[i++] = NULL;
+
+ err = gnupg_create_inbound_pipe (filedes);
+ if (err)
+ gc_error (1, 0, _("error creating a pipe: %s\n"),
+ gpg_strerror (err));
+
+ result = 0;
+ errlines = NULL;
+ if (gnupg_spawn_process_fd (pgmname, argv, -1, -1, filedes[1], &pid))
+ {
+ close (filedes[0]);
+ close (filedes[1]);
+ result |= 1; /* Program could not be run. */
+ }
+ else
+ {
+ close (filedes[1]);
+ errlines = collect_error_output (filedes[0],
+ gc_component[component].name);
+ if (gnupg_wait_process (pgmname, pid, &exitcode))
+ {
+ if (exitcode == -1)
+ result |= 1; /* Program could not be run or it
+ terminated abnormally. */
+ result |= 2; /* Program returned an error. */
+ }
+ }
+
+ /* If the program could not be run, we can't tell whether
+ the config file is good. */
+ if (result & 1)
+ result |= 2;
+
+ if (out)
+ {
+ const char *desc;
+ error_line_t errptr;
+
+ desc = gc_component[component].desc;
+ desc = my_dgettext (gc_component[component].desc_domain, desc);
+ fprintf (out, "%s:%s:",
+ gc_component[component].name, gc_percent_escape (desc));
+ fputs (gc_percent_escape (pgmname), out);
+ fprintf (out, ":%d:%d:", !(result & 1), !(result & 2));
+ for (errptr = errlines; errptr; errptr = errptr->next)
+ {
+ if (errptr != errlines)
+ fputs ("\n:::::", out); /* Continuation line. */
+ if (errptr->fname)
+ fputs (gc_percent_escape (errptr->fname), out);
+ putc (':', out);
+ if (errptr->fname)
+ fprintf (out, "%u", errptr->lineno);
+ putc (':', out);
+ fputs (gc_percent_escape (errptr->errtext), out);
+ putc (':', out);
+ }
+ putc ('\n', out);
+ }
+
+ while (errlines)
+ {
+ error_line_t tmp = errlines->next;
+ xfree (errlines);
+ errlines = tmp;
+ }
+
+ return result;
+}
+
+
+/* Check all components that are available. */
+void
+gc_check_programs (FILE *out)
+{
+ gc_component_t component;
+
+ for (component = 0; component < GC_COMPONENT_NR; component++)
+ gc_component_check_options (component, out, NULL);
+}
+
+
+
+/* Find the component with the name NAME. Returns -1 if not
+ found. */
+int
+gc_component_find (const char *name)
+{
+ gc_component_t idx;
+
+ for (idx = 0; idx < GC_COMPONENT_NR; idx++)
+ {
+ if (gc_component[idx].options
+ && !strcmp (name, gc_component[idx].name))
+ return idx;
+ }
+ return -1;
+}
+
+
+/* List the option OPTION. */
+static void
+list_one_option (const gc_option_t *option, FILE *out)
+{
+ const char *desc = NULL;
+ char *arg_name = NULL;
+
+ if (option->desc)
+ {
+ desc = my_dgettext (option->desc_domain, option->desc);
+
+ if (*desc == '|')
+ {
+ const char *arg_tail = strchr (&desc[1], '|');
+
+ if (arg_tail)
+ {
+ int arg_len = arg_tail - &desc[1];
+ arg_name = xmalloc (arg_len + 1);
+ memcpy (arg_name, &desc[1], arg_len);
+ arg_name[arg_len] = '\0';
+ desc = arg_tail + 1;
+ }
+ }
+ }
+
+
+ /* YOU MUST NOT REORDER THE FIELDS IN THIS OUTPUT, AS THEIR ORDER IS
+ PART OF THE EXTERNAL INTERFACE. YOU MUST NOT REMOVE ANY
+ FIELDS. */
+
+ /* The name field. */
+ fprintf (out, "%s", option->name);
+
+ /* The flags field. */
+ fprintf (out, ":%lu", option->flags);
+ if (opt.verbose)
+ {
+ putc (' ', out);
+
+ if (!option->flags)
+ fprintf (out, "none");
+ else
+ {
+ unsigned long flags = option->flags;
+ unsigned long flag = 0;
+ unsigned long first = 1;
+
+ while (flags)
+ {
+ if (flags & 1)
+ {
+ if (first)
+ first = 0;
+ else
+ putc (',', out);
+ fprintf (out, "%s", gc_flag[flag].name);
+ }
+ flags >>= 1;
+ flag++;
+ }
+ }
+ }
+
+ /* The level field. */
+ fprintf (out, ":%u", option->level);
+ if (opt.verbose)
+ fprintf (out, " %s", gc_level[option->level].name);
+
+ /* The description field. */
+ fprintf (out, ":%s", desc ? gc_percent_escape (desc) : "");
+
+ /* The type field. */
+ fprintf (out, ":%u", option->arg_type);
+ if (opt.verbose)
+ fprintf (out, " %s", gc_arg_type[option->arg_type].name);
+
+ /* The alternate type field. */
+ fprintf (out, ":%u", gc_arg_type[option->arg_type].fallback);
+ if (opt.verbose)
+ fprintf (out, " %s",
+ gc_arg_type[gc_arg_type[option->arg_type].fallback].name);
+
+ /* The argument name field. */
+ fprintf (out, ":%s", arg_name ? gc_percent_escape (arg_name) : "");
+ if (arg_name)
+ xfree (arg_name);
+
+ /* The default value field. */
+ fprintf (out, ":%s", option->default_value ? option->default_value : "");
+
+ /* The default argument field. */
+ fprintf (out, ":%s", option->default_arg ? option->default_arg : "");
+
+ /* The value field. */
+ if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
+ && (option->flags & GC_OPT_FLAG_LIST)
+ && option->value)
+ /* The special format "1,1,1,1,...,1" is converted to a number
+ here. */
+ fprintf (out, ":%u", (unsigned int)((strlen (option->value) + 1) / 2));
+ else
+ fprintf (out, ":%s", option->value ? option->value : "");
+
+ /* ADD NEW FIELDS HERE. */
+
+ putc ('\n', out);
+}
+
+
+/* List all options of the component COMPONENT. */
+void
+gc_component_list_options (int component, FILE *out)
+{
+ const gc_option_t *option = gc_component[component].options;
+
+ while (option && option->name)
+ {
+ /* Do not output unknown or internal options. */
+ if (!(option->flags & GC_OPT_FLAG_GROUP)
+ && (!option->active || option->level == GC_LEVEL_INTERNAL))
+ {
+ option++;
+ continue;
+ }
+
+ if (option->flags & GC_OPT_FLAG_GROUP)
+ {
+ const gc_option_t *group_option = option + 1;
+ gc_expert_level_t level = GC_LEVEL_NR;
+
+ /* The manual states that the group level is always the
+ minimum of the levels of all contained options. Due to
+ different active options, and because it is hard to
+ maintain manually, we calculate it here. The value in
+ the global static table is ignored. */
+
+ while (group_option->name)
+ {
+ if (group_option->flags & GC_OPT_FLAG_GROUP)
+ break;
+ if (group_option->level < level)
+ level = group_option->level;
+ group_option++;
+ }
+
+ /* Check if group is empty. */
+ if (level != GC_LEVEL_NR)
+ {
+ gc_option_t opt_copy;
+
+ /* Fix up the group level. */
+ memcpy (&opt_copy, option, sizeof (opt_copy));
+ opt_copy.level = level;
+ list_one_option (&opt_copy, out);
+ }
+ }
+ else
+ list_one_option (option, out);
+
+ option++;
+ }
+}
+
+
+/* Find the option NAME in component COMPONENT, for the backend
+ BACKEND. If BACKEND is GC_BACKEND_ANY, any backend will match. */
+static gc_option_t *
+find_option (gc_component_t component, const char *name,
+ gc_backend_t backend)
+{
+ gc_option_t *option = gc_component[component].options;
+ while (option->name)
+ {
+ if (!(option->flags & GC_OPT_FLAG_GROUP)
+ && !strcmp (option->name, name)
+ && (backend == GC_BACKEND_ANY || option->backend == backend))
+ break;
+ option++;
+ }
+ return option->name ? option : NULL;
+}
+
+
+/* Determine the configuration filename for the component COMPONENT
+ and backend BACKEND. */
+static char *
+get_config_filename (gc_component_t component, gc_backend_t backend)
+{
+ char *filename = NULL;
+ gc_option_t *option = find_option
+ (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
+ assert (option);
+ assert (option->arg_type == GC_ARG_TYPE_FILENAME);
+ assert (!(option->flags & GC_OPT_FLAG_LIST));
+
+ if (!option->active || !option->default_value)
+ gc_error (1, 0, "Option %s, needed by backend %s, was not initialized",
+ gc_backend[backend].option_config_filename,
+ gc_backend[backend].name);
+
+ if (option->value && *option->value)
+ filename = percent_deescape (&option->value[1]);
+ else if (option->default_value && *option->default_value)
+ filename = percent_deescape (&option->default_value[1]);
+ else
+ filename = "";
+
+#ifdef HAVE_DOSISH_SYSTEM
+ if (!(filename[0]
+ && filename[1] == ':'
+ && (filename[2] == '/' || filename[2] == '\\')))
+#else
+ if (filename[0] != '/')
+#endif
+ gc_error (1, 0, "Option %s, needed by backend %s, is not absolute",
+ gc_backend[backend].option_config_filename,
+ gc_backend[backend].name);
+
+ return filename;
+}
+
+
+/* Retrieve the options for the component COMPONENT from backend
+ BACKEND, which we already know is a program-type backend. */
+static void
+retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
+{
+ gpg_error_t err;
+ int filedes[2];
+ const char *pgmname;
+ const char *argv[2];
+ int exitcode;
+ pid_t pid;
+ char *line = NULL;
+ size_t line_len = 0;
+ ssize_t length;
+ FILE *config;
+ char *config_filename;
+
+ err = gnupg_create_inbound_pipe (filedes);
+ if (err)
+ gc_error (1, 0, _("error creating a pipe: %s\n"), gpg_strerror (err));
+
+ pgmname = (gc_backend[backend].module_name
+ ? gnupg_module_name (gc_backend[backend].module_name)
+ : gc_backend[backend].program );
+ argv[0] = "--gpgconf-list";
+ argv[1] = NULL;
+
+ err = gnupg_spawn_process_fd (pgmname, argv, -1, filedes[1], -1, &pid);
+ if (err)
+ {
+ close (filedes[0]);
+ close (filedes[1]);
+ gc_error (1, 0, "could not gather active options from `%s': %s",
+ pgmname, gpg_strerror (err));
+ }
+ close (filedes[1]);
+ config = fdopen (filedes[0], "r");
+ if (!config)
+ gc_error (1, errno, "can't fdopen pipe for reading");
+
+ while ((length = read_line (config, &line, &line_len, NULL)) > 0)
+ {
+ gc_option_t *option;
+ char *linep;
+ unsigned long flags = 0;
+ char *default_value = NULL;
+
+ /* Strip newline and carriage return, if present. */
+ while (length > 0
+ && (line[length - 1] == '\n' || line[length - 1] == '\r'))
+ line[--length] = '\0';
+
+ linep = strchr (line, ':');
+ if (linep)
+ *(linep++) = '\0';
+
+ /* Extract additional flags. Default to none. */
+ if (linep)
+ {
+ char *end;
+ char *tail;
+
+ end = strchr (linep, ':');
+ if (end)
+ *(end++) = '\0';
+
+ errno = 0;
+ flags = strtoul (linep, &tail, 0);
+ if (errno)
+ gc_error (1, errno, "malformed flags in option %s from %s",
+ line, pgmname);
+ if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
+ gc_error (1, 0, "garbage after flags in option %s from %s",
+ line, pgmname);
+
+ linep = end;
+ }
+
+ /* Extract default value, if present. Default to empty if
+ not. */
+ if (linep)
+ {
+ char *end;
+
+ end = strchr (linep, ':');
+ if (end)
+ *(end++) = '\0';
+
+ if (flags & GC_OPT_FLAG_DEFAULT)
+ default_value = linep;
+
+ linep = end;
+ }
+
+ /* Look up the option in the component and install the
+ configuration data. */
+ option = find_option (component, line, backend);
+ if (option)
+ {
+ if (option->active)
+ gc_error (1, errno, "option %s returned twice from %s",
+ line, pgmname);
+ option->active = 1;
+
+ option->flags |= flags;
+ if (default_value && *default_value)
+ option->default_value = xstrdup (default_value);
+ }
+ }
+ if (length < 0 || ferror (config))
+ gc_error (1, errno, "error reading from %s",pgmname);
+ if (fclose (config))
+ gc_error (1, errno, "error closing %s", pgmname);
+
+ err = gnupg_wait_process (pgmname, pid, &exitcode);
+ if (err)
+ gc_error (1, 0, "running %s failed (exitcode=%d): %s",
+ pgmname, exitcode, gpg_strerror (err));
+
+
+ /* At this point, we can parse the configuration file. */
+ config_filename = get_config_filename (component, backend);
+
+ config = fopen (config_filename, "r");
+ if (!config)
+ gc_error (0, errno, "warning: can not open config file %s",
+ config_filename);
+ else
+ {
+ while ((length = read_line (config, &line, &line_len, NULL)) > 0)
+ {
+ char *name;
+ char *value;
+ gc_option_t *option;
+
+ name = line;
+ while (*name == ' ' || *name == '\t')
+ name++;
+ if (!*name || *name == '#' || *name == '\r' || *name == '\n')
+ continue;
+
+ value = name;
+ while (*value && *value != ' ' && *value != '\t'
+ && *value != '#' && *value != '\r' && *value != '\n')
+ value++;
+ if (*value == ' ' || *value == '\t')
+ {
+ char *end;
+
+ *(value++) = '\0';
+ while (*value == ' ' || *value == '\t')
+ value++;
+
+ end = value;
+ while (*end && *end != '#' && *end != '\r' && *end != '\n')
+ end++;
+ while (end > value && (end[-1] == ' ' || end[-1] == '\t'))
+ end--;
+ *end = '\0';
+ }
+ else
+ *value = '\0';
+
+ /* Look up the option in the component and install the
+ configuration data. */
+ option = find_option (component, line, backend);
+ if (option)
+ {
+ char *opt_value;
+
+ if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
+ {
+ if (*value)
+ gc_error (0, 0,
+ "warning: ignoring argument %s for option %s",
+ value, name);
+ opt_value = xstrdup ("1");
+ }
+ else if (gc_arg_type[option->arg_type].fallback
+ == GC_ARG_TYPE_STRING)
+ opt_value = xasprintf ("\"%s", gc_percent_escape (value));
+ else
+ {
+ /* FIXME: Verify that the number is sane. */
+ opt_value = xstrdup (value);
+ }
+
+ /* Now enter the option into the table. */
+ if (!(option->flags & GC_OPT_FLAG_LIST))
+ {
+ if (option->value)
+ free (option->value);
+ option->value = opt_value;
+ }
+ else
+ {
+ if (!option->value)
+ option->value = opt_value;
+ else
+ {
+ char *opt_val = opt_value;
+
+ option->value = xasprintf ("%s,%s", option->value,
+ opt_val);
+ xfree (opt_value);
+ }
+ }
+ }
+ }
+
+ if (length < 0 || ferror (config))
+ gc_error (1, errno, "error reading from %s", config_filename);
+ if (fclose (config))
+ gc_error (1, errno, "error closing %s", config_filename);
+ }
+
+ xfree (line);
+}
+
+
+/* Retrieve the options for the component COMPONENT from backend
+ BACKEND, which we already know is of type file list. */
+static void
+retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
+{
+ gc_option_t *list_option;
+ gc_option_t *config_option;
+ char *list_filename;
+ FILE *list_file;
+ char *line = NULL;
+ size_t line_len = 0;
+ ssize_t length;
+ char *list = NULL;
+
+ list_option = find_option (component,
+ gc_backend[backend].option_name, GC_BACKEND_ANY);
+ assert (list_option);
+ assert (!list_option->active);
+
+ list_filename = get_config_filename (component, backend);
+ list_file = fopen (list_filename, "r");
+ if (!list_file)
+ gc_error (0, errno, "warning: can not open list file %s", list_filename);
+ else
+ {
+
+ while ((length = read_line (list_file, &line, &line_len, NULL)) > 0)
+ {
+ char *start;
+ char *end;
+ char *new_list;
+
+ start = line;
+ while (*start == ' ' || *start == '\t')
+ start++;
+ if (!*start || *start == '#' || *start == '\r' || *start == '\n')
+ continue;
+
+ end = start;
+ while (*end && *end != '#' && *end != '\r' && *end != '\n')
+ end++;
+ /* Walk back to skip trailing white spaces. Looks evil, but
+ works because of the conditions on START and END imposed
+ at this point (END is at least START + 1, and START is
+ not a whitespace character). */
+ while (*(end - 1) == ' ' || *(end - 1) == '\t')
+ end--;
+ *end = '\0';
+ /* FIXME: Oh, no! This is so lame! Should use realloc and
+ really append. */
+ if (list)
+ {
+ new_list = xasprintf ("%s,\"%s", list, gc_percent_escape (start));
+ xfree (list);
+ list = new_list;
+ }
+ else
+ list = xasprintf ("\"%s", gc_percent_escape (start));
+ }
+ if (length < 0 || ferror (list_file))
+ gc_error (1, errno, "can not read list file %s", list_filename);
+ }
+
+ list_option->active = 1;
+ list_option->value = list;
+
+ /* Fix up the read-only flag. */
+ config_option = find_option
+ (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
+ if (config_option->flags & GC_OPT_FLAG_NO_CHANGE)
+ list_option->flags |= GC_OPT_FLAG_NO_CHANGE;
+
+ if (list_file && fclose (list_file))
+ gc_error (1, errno, "error closing %s", list_filename);
+ xfree (line);
+}
+
+
+/* Retrieve the currently active options and their defaults from all
+ involved backends for this component. Using -1 for component will
+ retrieve all options from all components. */
+void
+gc_component_retrieve_options (int component)
+{
+ int process_all = 0;
+ int backend_seen[GC_BACKEND_NR];
+ gc_backend_t backend;
+ gc_option_t *option;
+
+ for (backend = 0; backend < GC_BACKEND_NR; backend++)
+ backend_seen[backend] = 0;
+
+ if (component == -1)
+ {
+ process_all = 1;
+ component = 0;
+ assert (component < GC_COMPONENT_NR);
+ }
+
+ do
+ {
+ option = gc_component[component].options;
+
+ while (option && option->name)
+ {
+ if (!(option->flags & GC_OPT_FLAG_GROUP))
+ {
+ backend = option->backend;
+
+ if (backend_seen[backend])
+ {
+ option++;
+ continue;
+ }
+ backend_seen[backend] = 1;
+
+ assert (backend != GC_BACKEND_ANY);
+
+ if (gc_backend[backend].program)
+ retrieve_options_from_program (component, backend);
+ else
+ retrieve_options_from_file (component, backend);
+ }
+ option++;
+ }
+ }
+ while (process_all && ++component < GC_COMPONENT_NR);
+
+}
+
+
+
+/* Perform a simple validity check based on the type. Return in
+ NEW_VALUE_NR the value of the number in NEW_VALUE if OPTION is of
+ type GC_ARG_TYPE_NONE. */
+static void
+option_check_validity (gc_option_t *option, unsigned long flags,
+ char *new_value, unsigned long *new_value_nr)
+{
+ char *arg;
+
+ if (!option->active)
+ gc_error (1, 0, "option %s not supported by backend %s",
+ option->name, gc_backend[option->backend].name);
+
+ if (option->new_flags || option->new_value)
+ gc_error (1, 0, "option %s already changed", option->name);
+
+ if (flags & GC_OPT_FLAG_DEFAULT)
+ {
+ if (*new_value)
+ gc_error (1, 0, "argument %s provided for deleted option %s",
+ new_value, option->name);
+
+ return;
+ }
+
+ /* GC_ARG_TYPE_NONE options have special list treatment. */
+ if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
+ {
+ char *tail;
+
+ errno = 0;
+ *new_value_nr = strtoul (new_value, &tail, 0);
+
+ if (errno)
+ gc_error (1, errno, "invalid argument for option %s",
+ option->name);
+ if (*tail)
+ gc_error (1, 0, "garbage after argument for option %s",
+ option->name);
+
+ if (!(option->flags & GC_OPT_FLAG_LIST))
+ {
+ if (*new_value_nr != 1)
+ gc_error (1, 0, "argument for non-list option %s of type 0 "
+ "(none) must be 1", option->name);
+ }
+ else
+ {
+ if (*new_value_nr == 0)
+ gc_error (1, 0, "argument for option %s of type 0 (none) "
+ "must be positive", option->name);
+ }
+
+ return;
+ }
+
+ arg = new_value;
+ do
+ {
+ if (*arg == '\0' || *arg == ',')
+ {
+ if (!(option->flags & GC_OPT_FLAG_ARG_OPT))
+ gc_error (1, 0, "argument required for option %s", option->name);
+
+ if (*arg == ',' && !(option->flags & GC_OPT_FLAG_LIST))
+ gc_error (1, 0, "list found for non-list option %s", option->name);
+ }
+ else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_STRING)
+ {
+ if (*arg != '"')
+ gc_error (1, 0, "string argument for option %s must begin "
+ "with a quote (\") character", option->name);
+
+ /* FIXME: We do not allow empty string arguments for now, as
+ we do not quote arguments in configuration files, and
+ thus no argument is indistinguishable from the empty
+ string. */
+ if (arg[1] == '\0' || arg[1] == ',')
+ gc_error (1, 0, "empty string argument for option %s is "
+ "currently not allowed. Please report this!",
+ option->name);
+ }
+ else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
+ {
+ errno = 0;
+ (void) strtol (arg, &arg, 0);
+
+ if (errno)
+ gc_error (1, errno, "invalid argument for option %s",
+ option->name);
+
+ if (*arg != '\0' && *arg != ',')
+ gc_error (1, 0, "garbage after argument for option %s",
+ option->name);
+ }
+ else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
+ {
+ errno = 0;
+ (void) strtoul (arg, &arg, 0);
+
+ if (errno)
+ gc_error (1, errno, "invalid argument for option %s",
+ option->name);
+
+ if (*arg != '\0' && *arg != ',')
+ gc_error (1, 0, "garbage after argument for option %s",
+ option->name);
+ }
+ arg = strchr (arg, ',');
+ if (arg)
+ arg++;
+ }
+ while (arg && *arg);
+}
+
+#ifdef HAVE_W32_SYSTEM
+int
+copy_file (const char *src_name, const char *dst_name)
+{
+#define BUF_LEN 4096
+ char buffer[BUF_LEN];
+ int len;
+ FILE *src;
+ FILE *dst;
+
+ src = fopen (src_name, "r");
+ if (src == NULL)
+ return -1;
+
+ dst = fopen (dst_name, "w");
+ if (dst == NULL)
+ {
+ int saved_err = errno;
+ fclose (src);
+ errno = saved_err;
+ return -1;
+ }
+
+ do
+ {
+ int written;
+
+ len = fread (buffer, 1, BUF_LEN, src);
+ if (len == 0)
+ break;
+ written = fwrite (buffer, 1, len, dst);
+ if (written != len)
+ break;
+ }
+ while (!feof (src) && !ferror (src) && !ferror (dst));
+
+ if (ferror (src) || ferror (dst) || !feof (src))
+ {
+ int saved_errno = errno;
+ fclose (src);
+ fclose (dst);
+ unlink (dst_name);
+ errno = saved_errno;
+ return -1;
+ }
+
+ if (fclose (dst))
+ gc_error (1, errno, "error closing %s", dst_name);
+ if (fclose (src))
+ gc_error (1, errno, "error closing %s", src_name);
+
+ return 0;
+}
+#endif /* HAVE_W32_SYSTEM */
+
+
+/* Create and verify the new configuration file for the specified
+ backend and component. Returns 0 on success and -1 on error. */
+static int
+change_options_file (gc_component_t component, gc_backend_t backend,
+ char **src_filenamep, char **dest_filenamep,
+ char **orig_filenamep)
+{
+ static const char marker[] = "###+++--- GPGConf ---+++###";
+ /* True if we are within the marker in the config file. */
+ int in_marker = 0;
+ gc_option_t *option;
+ char *line = NULL;
+ size_t line_len;
+ ssize_t length;
+ int res;
+ int fd;
+ FILE *src_file = NULL;
+ FILE *dest_file = NULL;
+ char *src_filename;
+ char *dest_filename;
+ char *orig_filename;
+ char *arg;
+ char *cur_arg = NULL;
+
+ option = find_option (component,
+ gc_backend[backend].option_name, GC_BACKEND_ANY);
+ assert (option);
+ assert (option->active);
+ assert (gc_arg_type[option->arg_type].fallback != GC_ARG_TYPE_NONE);
+
+ /* FIXME. Throughout the function, do better error reporting. */
+ /* Note that get_config_filename() calls percent_deescape(), so we
+ call this before processing the arguments. */
+ dest_filename = xstrdup (get_config_filename (component, backend));
+ src_filename = xasprintf ("%s.gpgconf.%i.new", dest_filename, getpid ());
+ orig_filename = xasprintf ("%s.gpgconf.%i.bak", dest_filename, getpid ());
+
+ arg = option->new_value;
+ if (arg && arg[0] == '\0')
+ arg = NULL;
+ else if (arg)
+ {
+ char *end;
+
+ arg++;
+ end = strchr (arg, ',');
+ if (end)
+ *end = '\0';
+
+ cur_arg = percent_deescape (arg);
+ if (end)
+ {
+ *end = ',';
+ arg = end + 1;
+ }
+ else
+ arg = NULL;
+ }
+
+#ifdef HAVE_W32_SYSTEM
+ res = copy_file (dest_filename, orig_filename);
+#else
+ res = link (dest_filename, orig_filename);
+#endif
+ if (res < 0 && errno != ENOENT)
+ return -1;
+ if (res < 0)
+ {
+ xfree (orig_filename);
+ orig_filename = NULL;
+ }
+
+ /* We now initialize the return strings, so the caller can do the
+ cleanup for us. */
+ *src_filenamep = src_filename;
+ *dest_filenamep = dest_filename;
+ *orig_filenamep = orig_filename;
+
+ /* Use open() so that we can use O_EXCL. */
+ fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
+ if (fd < 0)
+ return -1;
+ src_file = fdopen (fd, "w");
+ res = errno;
+ if (!src_file)
+ {
+ errno = res;
+ return -1;
+ }
+
+ /* Only if ORIG_FILENAME is not NULL did the configuration file
+ exist already. In this case, we will copy its content into the
+ new configuration file, changing it to our liking in the
+ process. */
+ if (orig_filename)
+ {
+ dest_file = fopen (dest_filename, "r");
+ if (!dest_file)
+ goto change_file_one_err;
+
+ while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
+ {
+ int disable = 0;
+ char *start;
+
+ if (!strncmp (marker, line, sizeof (marker) - 1))
+ {
+ if (!in_marker)
+ in_marker = 1;
+ else
+ break;
+ }
+
+ start = line;
+ while (*start == ' ' || *start == '\t')
+ start++;
+ if (*start && *start != '\r' && *start != '\n' && *start != '#')
+ {
+ char *end;
+ char *endp;
+ char saved_end;
+
+ endp = start;
+ end = endp;
+
+ /* Search for the end of the line. */
+ while (*endp && *endp != '#' && *endp != '\r' && *endp != '\n')
+ {
+ endp++;
+ if (*endp && *endp != ' ' && *endp != '\t'
+ && *endp != '\r' && *endp != '\n' && *endp != '#')
+ end = endp + 1;
+ }
+ saved_end = *end;
+ *end = '\0';
+
+ if ((option->new_flags & GC_OPT_FLAG_DEFAULT)
+ || !cur_arg || strcmp (start, cur_arg))
+ disable = 1;
+ else
+ {
+ /* Find next argument. */
+ if (arg)
+ {
+ char *arg_end;
+
+ arg++;
+ arg_end = strchr (arg, ',');
+ if (arg_end)
+ *arg_end = '\0';
+
+ cur_arg = percent_deescape (arg);
+ if (arg_end)
+ {
+ *arg_end = ',';
+ arg = arg_end + 1;
+ }
+ else
+ arg = NULL;
+ }
+ else
+ cur_arg = NULL;
+ }
+
+ *end = saved_end;
+ }
+
+ if (disable)
+ {
+ if (!in_marker)
+ {
+ fprintf (src_file,
+ "# GPGConf disabled this option here at %s\n",
+ asctimestamp (gnupg_get_time ()));
+ if (ferror (src_file))
+ goto change_file_one_err;
+ fprintf (src_file, "# %s", line);
+ if (ferror (src_file))
+ goto change_file_one_err;
+ }
+ }
+ else
+ {
+ fprintf (src_file, "%s", line);
+ if (ferror (src_file))
+ goto change_file_one_err;
+ }
+ }
+ if (length < 0 || ferror (dest_file))
+ goto change_file_one_err;
+ }
+
+ if (!in_marker)
+ {
+ /* There was no marker. This is the first time we edit the
+ file. We add our own marker at the end of the file and
+ proceed. Note that we first write a newline, this guards us
+ against files which lack the newline at the end of the last
+ line, while it doesn't hurt us in all other cases. */
+ fprintf (src_file, "\n%s\n", marker);
+ if (ferror (src_file))
+ goto change_file_one_err;
+ }
+
+ /* At this point, we have copied everything up to the end marker
+ into the new file, except for the arguments we are going to add.
+ Now, dump the new arguments and write the end marker, possibly
+ followed by the rest of the original file. */
+ while (cur_arg)
+ {
+ fprintf (src_file, "%s\n", cur_arg);
+
+ /* Find next argument. */
+ if (arg)
+ {
+ char *end;
+
+ arg++;
+ end = strchr (arg, ',');
+ if (end)
+ *end = '\0';
+
+ cur_arg = percent_deescape (arg);
+ if (end)
+ {
+ *end = ',';
+ arg = end + 1;
+ }
+ else
+ arg = NULL;
+ }
+ else
+ cur_arg = NULL;
+ }
+
+ fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
+ if (ferror (src_file))
+ goto change_file_one_err;
+
+ if (!in_marker)
+ {
+ fprintf (src_file, "# GPGConf edited this configuration file.\n");
+ if (ferror (src_file))
+ goto change_file_one_err;
+ fprintf (src_file, "# It will disable options before this marked "
+ "block, but it will\n");
+ if (ferror (src_file))
+ goto change_file_one_err;
+ fprintf (src_file, "# never change anything below these lines.\n");
+ if (ferror (src_file))
+ goto change_file_one_err;
+ }
+ if (dest_file)
+ {
+ while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
+ {
+ fprintf (src_file, "%s", line);
+ if (ferror (src_file))
+ goto change_file_one_err;
+ }
+ if (length < 0 || ferror (dest_file))
+ goto change_file_one_err;
+ }
+ xfree (line);
+ line = NULL;
+
+ res = fclose (src_file);
+ if (res)
+ {
+ res = errno;
+ close (fd);
+ if (dest_file)
+ fclose (dest_file);
+ errno = res;
+ return -1;
+ }
+ close (fd);
+ if (dest_file)
+ {
+ res = fclose (dest_file);
+ if (res)
+ return -1;
+ }
+ return 0;
+
+ change_file_one_err:
+ xfree (line);
+ res = errno;
+ if (src_file)
+ {
+ fclose (src_file);
+ close (fd);
+ }
+ if (dest_file)
+ fclose (dest_file);
+ errno = res;
+ return -1;
+}
+
+
+/* Create and verify the new configuration file for the specified
+ backend and component. Returns 0 on success and -1 on error. */
+static int
+change_options_program (gc_component_t component, gc_backend_t backend,
+ char **src_filenamep, char **dest_filenamep,
+ char **orig_filenamep)
+{
+ static const char marker[] = "###+++--- GPGConf ---+++###";
+ /* True if we are within the marker in the config file. */
+ int in_marker = 0;
+ gc_option_t *option;
+ char *line = NULL;
+ size_t line_len;
+ ssize_t length;
+ int res;
+ int fd;
+ FILE *src_file = NULL;
+ FILE *dest_file = NULL;
+ char *src_filename;
+ char *dest_filename;
+ char *orig_filename;
+ /* Special hack for gpg, see below. */
+ int utf8strings_seen = 0;
+
+ /* FIXME. Throughout the function, do better error reporting. */
+ dest_filename = xstrdup (get_config_filename (component, backend));
+ src_filename = xasprintf ("%s.gpgconf.%i.new", dest_filename, getpid ());
+ orig_filename = xasprintf ("%s.gpgconf.%i.bak", dest_filename, getpid ());
+
+#ifdef HAVE_W32_SYSTEM
+ res = copy_file (dest_filename, orig_filename);
+#else
+ res = link (dest_filename, orig_filename);
+#endif
+ if (res < 0 && errno != ENOENT)
+ return -1;
+ if (res < 0)
+ {
+ xfree (orig_filename);
+ orig_filename = NULL;
+ }
+
+ /* We now initialize the return strings, so the caller can do the
+ cleanup for us. */
+ *src_filenamep = src_filename;
+ *dest_filenamep = dest_filename;
+ *orig_filenamep = orig_filename;
+
+ /* Use open() so that we can use O_EXCL. */
+ fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
+ if (fd < 0)
+ return -1;
+ src_file = fdopen (fd, "w");
+ res = errno;
+ if (!src_file)
+ {
+ errno = res;
+ return -1;
+ }
+
+ /* Only if ORIG_FILENAME is not NULL did the configuration file
+ exist already. In this case, we will copy its content into the
+ new configuration file, changing it to our liking in the
+ process. */
+ if (orig_filename)
+ {
+ dest_file = fopen (dest_filename, "r");
+ if (!dest_file)
+ goto change_one_err;
+
+ while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
+ {
+ int disable = 0;
+ char *start;
+
+ if (!strncmp (marker, line, sizeof (marker) - 1))
+ {
+ if (!in_marker)
+ in_marker = 1;
+ else
+ break;
+ }
+ else if (backend == GC_BACKEND_GPG && in_marker
+ && ! strcmp ("utf8-strings\n", line))
+ {
+ /* Strip duplicated entries. */
+ if (utf8strings_seen)
+ disable = 1;
+ else
+ utf8strings_seen = 1;
+ }
+
+ start = line;
+ while (*start == ' ' || *start == '\t')
+ start++;
+ if (*start && *start != '\r' && *start != '\n' && *start != '#')
+ {
+ char *end;
+ char saved_end;
+
+ end = start;
+ while (*end && *end != ' ' && *end != '\t'
+ && *end != '\r' && *end != '\n' && *end != '#')
+ end++;
+ saved_end = *end;
+ *end = '\0';
+
+ option = find_option (component, start, backend);
+ *end = saved_end;
+ if (option && ((option->new_flags & GC_OPT_FLAG_DEFAULT)
+ || option->new_value))
+ disable = 1;
+ }
+ if (disable)
+ {
+ if (!in_marker)
+ {
+ fprintf (src_file,
+ "# GPGConf disabled this option here at %s\n",
+ asctimestamp (gnupg_get_time ()));
+ if (ferror (src_file))
+ goto change_one_err;
+ fprintf (src_file, "# %s", line);
+ if (ferror (src_file))
+ goto change_one_err;
+ }
+ }
+ else
+ {
+ fprintf (src_file, "%s", line);
+ if (ferror (src_file))
+ goto change_one_err;
+ }
+ }
+ if (length < 0 || ferror (dest_file))
+ goto change_one_err;
+ }
+
+ if (!in_marker)
+ {
+ /* There was no marker. This is the first time we edit the
+ file. We add our own marker at the end of the file and
+ proceed. Note that we first write a newline, this guards us
+ against files which lack the newline at the end of the last
+ line, while it doesn't hurt us in all other cases. */
+ fprintf (src_file, "\n%s\n", marker);
+ if (ferror (src_file))
+ goto change_one_err;
+ }
+ /* At this point, we have copied everything up to the end marker
+ into the new file, except for the options we are going to change.
+ Now, dump the changed options (except for those we are going to
+ revert to their default), and write the end marker, possibly
+ followed by the rest of the original file. */
+
+ /* We have to turn on UTF8 strings for GnuPG. */
+ if (backend == GC_BACKEND_GPG && ! utf8strings_seen)
+ fprintf (src_file, "utf8-strings\n");
+
+ option = gc_component[component].options;
+ while (option->name)
+ {
+ if (!(option->flags & GC_OPT_FLAG_GROUP)
+ && option->backend == backend
+ && option->new_value)
+ {
+ char *arg = option->new_value;
+
+ do
+ {
+ if (*arg == '\0' || *arg == ',')
+ {
+ fprintf (src_file, "%s\n", option->name);
+ if (ferror (src_file))
+ goto change_one_err;
+ }
+ else if (gc_arg_type[option->arg_type].fallback
+ == GC_ARG_TYPE_NONE)
+ {
+ assert (*arg == '1');
+ fprintf (src_file, "%s\n", option->name);
+ if (ferror (src_file))
+ goto change_one_err;
+
+ arg++;
+ }
+ else if (gc_arg_type[option->arg_type].fallback
+ == GC_ARG_TYPE_STRING)
+ {
+ char *end;
+
+ assert (*arg == '"');
+ arg++;
+
+ end = strchr (arg, ',');
+ if (end)
+ *end = '\0';
+
+ fprintf (src_file, "%s %s\n", option->name,
+ percent_deescape (arg));
+ if (ferror (src_file))
+ goto change_one_err;
+
+ if (end)
+ *end = ',';
+ arg = end;
+ }
+ else
+ {
+ char *end;
+
+ end = strchr (arg, ',');
+ if (end)
+ *end = '\0';
+
+ fprintf (src_file, "%s %s\n", option->name, arg);
+ if (ferror (src_file))
+ goto change_one_err;
+
+ if (end)
+ *end = ',';
+ arg = end;
+ }
+
+ assert (arg == NULL || *arg == '\0' || *arg == ',');
+ if (arg && *arg == ',')
+ arg++;
+ }
+ while (arg && *arg);
+ }
+ option++;
+ }
+
+ fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
+ if (ferror (src_file))
+ goto change_one_err;
+
+ if (!in_marker)
+ {
+ fprintf (src_file, "# GPGConf edited this configuration file.\n");
+ if (ferror (src_file))
+ goto change_one_err;
+ fprintf (src_file, "# It will disable options before this marked "
+ "block, but it will\n");
+ if (ferror (src_file))
+ goto change_one_err;
+ fprintf (src_file, "# never change anything below these lines.\n");
+ if (ferror (src_file))
+ goto change_one_err;
+ }
+ if (dest_file)
+ {
+ while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
+ {
+ fprintf (src_file, "%s", line);
+ if (ferror (src_file))
+ goto change_one_err;
+ }
+ if (length < 0 || ferror (dest_file))
+ goto change_one_err;
+ }
+ xfree (line);
+ line = NULL;
+
+ res = fclose (src_file);
+ if (res)
+ {
+ res = errno;
+ close (fd);
+ if (dest_file)
+ fclose (dest_file);
+ errno = res;
+ return -1;
+ }
+ close (fd);
+ if (dest_file)
+ {
+ res = fclose (dest_file);
+ if (res)
+ return -1;
+ }
+ return 0;
+
+ change_one_err:
+ xfree (line);
+ res = errno;
+ if (src_file)
+ {
+ fclose (src_file);
+ close (fd);
+ }
+ if (dest_file)
+ fclose (dest_file);
+ errno = res;
+ return -1;
+}
+
+
+/* Common code for gc_component_change_options and
+ gc_process_gpgconf_conf. */
+static void
+change_one_value (gc_option_t *option, int *runtime,
+ unsigned long flags, char *new_value)
+{
+ unsigned long new_value_nr = 0;
+
+ option_check_validity (option, flags, new_value, &new_value_nr);
+
+ if (option->flags & GC_OPT_FLAG_RUNTIME)
+ runtime[option->backend] = 1;
+
+ option->new_flags = flags;
+ if (!(flags & GC_OPT_FLAG_DEFAULT))
+ {
+ if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
+ && (option->flags & GC_OPT_FLAG_LIST))
+ {
+ char *str;
+
+ /* We convert the number to a list of 1's for convenient
+ list handling. */
+ assert (new_value_nr > 0);
+ option->new_value = xmalloc ((2 * (new_value_nr - 1) + 1) + 1);
+ str = option->new_value;
+ *(str++) = '1';
+ while (--new_value_nr > 0)
+ {
+ *(str++) = ',';
+ *(str++) = '1';
+ }
+ *(str++) = '\0';
+ }
+ else
+ option->new_value = xstrdup (new_value);
+ }
+}
+
+
+/* Read the modifications from IN and apply them. If IN is NULL the
+ modifications are expected to already have been set to the global
+ table. */
+void
+gc_component_change_options (int component, FILE *in, FILE *out)
+{
+ int err = 0;
+ int runtime[GC_BACKEND_NR];
+ char *src_filename[GC_BACKEND_NR];
+ char *dest_filename[GC_BACKEND_NR];
+ char *orig_filename[GC_BACKEND_NR];
+ gc_backend_t backend;
+ gc_option_t *option;
+ char *line = NULL;
+ size_t line_len = 0;
+ ssize_t length;
+
+ for (backend = 0; backend < GC_BACKEND_NR; backend++)
+ {
+ runtime[backend] = 0;
+ src_filename[backend] = NULL;
+ dest_filename[backend] = NULL;
+ orig_filename[backend] = NULL;
+ }
+
+ if (in)
+ {
+ /* Read options from the file IN. */
+ while ((length = read_line (in, &line, &line_len, NULL)) > 0)
+ {
+ char *linep;
+ unsigned long flags = 0;
+ char *new_value = "";
+
+ /* Strip newline and carriage return, if present. */
+ while (length > 0
+ && (line[length - 1] == '\n' || line[length - 1] == '\r'))
+ line[--length] = '\0';
+
+ linep = strchr (line, ':');
+ if (linep)
+ *(linep++) = '\0';
+
+ /* Extract additional flags. Default to none. */
+ if (linep)
+ {
+ char *end;
+ char *tail;
+
+ end = strchr (linep, ':');
+ if (end)
+ *(end++) = '\0';
+
+ errno = 0;
+ flags = strtoul (linep, &tail, 0);
+ if (errno)
+ gc_error (1, errno, "malformed flags in option %s", line);
+ if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
+ gc_error (1, 0, "garbage after flags in option %s", line);
+
+ linep = end;
+ }
+
+ /* Don't allow setting of the no change flag. */
+ flags &= ~GC_OPT_FLAG_NO_CHANGE;
+
+ /* Extract default value, if present. Default to empty if not. */
+ if (linep)
+ {
+ char *end;
+ end = strchr (linep, ':');
+ if (end)
+ *(end++) = '\0';
+ new_value = linep;
+ linep = end;
+ }
+
+ option = find_option (component, line, GC_BACKEND_ANY);
+ if (!option)
+ gc_error (1, 0, "unknown option %s", line);
+
+ if ((option->flags & GC_OPT_FLAG_NO_CHANGE))
+ {
+ gc_error (0, 0, "ignoring new value for option %s",
+ option->name);
+ continue;
+ }
+
+ change_one_value (option, runtime, flags, new_value);
+ }
+ }
+
+ /* Now that we have collected and locally verified the changes,
+ write them out to new configuration files, verify them
+ externally, and then commit them. */
+ option = gc_component[component].options;
+ while (option && option->name)
+ {
+ /* Go on if we have already seen this backend, or if there is
+ nothing to do. */
+ if (src_filename[option->backend]
+ || !(option->new_flags || option->new_value))
+ {
+ option++;
+ continue;
+ }
+
+ if (gc_backend[option->backend].program)
+ {
+ err = change_options_program (component, option->backend,
+ &src_filename[option->backend],
+ &dest_filename[option->backend],
+ &orig_filename[option->backend]);
+ if (! err)
+ {
+ /* External verification. */
+ err = gc_component_check_options (component, out,
+ src_filename[option->backend]);
+ if (err)
+ {
+ gc_error (0, 0,
+ _("External verification of component %s failed"),
+ gc_component[component].name);
+ errno = EINVAL;
+ }
+ }
+
+ }
+ else
+ err = change_options_file (component, option->backend,
+ &src_filename[option->backend],
+ &dest_filename[option->backend],
+ &orig_filename[option->backend]);
+
+ if (err)
+ break;
+
+ option++;
+ }
+
+ if (! err && ! opt.dry_run)
+ {
+ int i;
+
+ for (i = 0; i < GC_BACKEND_NR; i++)
+ {
+ if (src_filename[i])
+ {
+ /* FIXME: Make a verification here. */
+
+ assert (dest_filename[i]);
+
+ if (orig_filename[i])
+ {
+#ifdef HAVE_W32_SYSTEM
+ /* There is no atomic update on W32. */
+ err = unlink (dest_filename[i]);
+#endif /* HAVE_W32_SYSTEM */
+ if (!err)
+ err = rename (src_filename[i], dest_filename[i]);
+ }
+ else
+ {
+#ifdef HAVE_W32_SYSTEM
+ /* We skip the unlink if we expect the file not to
+ be there. */
+ err = rename (src_filename[i], dest_filename[i]);
+#else /* HAVE_W32_SYSTEM */
+ /* This is a bit safer than rename() because we
+ expect DEST_FILENAME not to be there. If it
+ happens to be there, this will fail. */
+ err = link (src_filename[i], dest_filename[i]);
+ if (!err)
+ err = unlink (src_filename[i]);
+#endif /* !HAVE_W32_SYSTEM */
+ }
+ if (err)
+ break;
+ src_filename[i] = NULL;
+ }
+ }
+ }
+
+ if (err || opt.dry_run)
+ {
+ int i;
+ int saved_errno = errno;
+
+ /* An error occured or a dry-run is requested. */
+ for (i = 0; i < GC_BACKEND_NR; i++)
+ {
+ if (src_filename[i])
+ {
+ /* The change was not yet committed. */
+ unlink (src_filename[i]);
+ if (orig_filename[i])
+ unlink (orig_filename[i]);
+ }
+ else
+ {
+ /* The changes were already committed. FIXME: This is a
+ tad dangerous, as we don't know if we don't overwrite
+ a version of the file that is even newer than the one
+ we just installed. */
+ if (orig_filename[i])
+ {
+#ifdef HAVE_W32_SYSTEM
+ /* There is no atomic update on W32. */
+ unlink (dest_filename[i]);
+#endif /* HAVE_W32_SYSTEM */
+ rename (orig_filename[i], dest_filename[i]);
+ }
+ else
+ unlink (dest_filename[i]);
+ }
+ }
+ if (err)
+ gc_error (1, saved_errno, "could not commit changes");
+
+ /* Fall-through for dry run. */
+ goto leave;
+ }
+
+ /* If it all worked, notify the daemons of the changes. */
+ if (opt.runtime)
+ for (backend = 0; backend < GC_BACKEND_NR; backend++)
+ {
+ if (runtime[backend] && gc_backend[backend].runtime_change)
+ (*gc_backend[backend].runtime_change) ();
+ }
+
+ /* Move the per-process backup file into its place. */
+ for (backend = 0; backend < GC_BACKEND_NR; backend++)
+ if (orig_filename[backend])
+ {
+ char *backup_filename;
+
+ assert (dest_filename[backend]);
+
+ backup_filename = xasprintf ("%s.gpgconf.bak", dest_filename[backend]);
+
+#ifdef HAVE_W32_SYSTEM
+ /* There is no atomic update on W32. */
+ unlink (backup_filename);
+#endif /* HAVE_W32_SYSTEM */
+ rename (orig_filename[backend], backup_filename);
+ }
+
+ leave:
+ xfree (line);
+}
+
+
+/* Check whether USER matches the current user of one of its group.
+ This function may change USER. Returns true is there is a
+ match. */
+static int
+key_matches_user_or_group (char *user)
+{
+ char *group;
+
+ if (*user == '*' && user[1] == 0)
+ return 1; /* A single asterisk matches all users. */
+
+ group = strchr (user, ':');
+ if (group)
+ *group++ = 0;
+
+#ifdef HAVE_W32_SYSTEM
+ /* Under Windows we don't support groups. */
+ if (group && *group)
+ gc_error (0, 0, _("Note that group specifications are ignored\n"));
+ if (*user)
+ {
+ static char *my_name;
+
+ if (!my_name)
+ {
+ char tmp[1];
+ DWORD size = 1;
+
+ GetUserNameA (tmp, &size);
+ my_name = xmalloc (size);
+ if (!GetUserNameA (my_name, &size))
+ gc_error (1,0, "error getting current user name: %s",
+ w32_strerror (-1));
+ }
+
+ if (!strcmp (user, my_name))
+ return 1; /* Found. */
+ }
+#else /*!HAVE_W32_SYSTEM*/
+ /* First check whether the user matches. */
+ if (*user)
+ {
+ static char *my_name;
+
+ if (!my_name)
+ {
+ struct passwd *pw = getpwuid ( getuid () );
+ if (!pw)
+ gc_error (1, errno, "getpwuid failed for current user");
+ my_name = xstrdup (pw->pw_name);
+ }
+ if (!strcmp (user, my_name))
+ return 1; /* Found. */
+ }
+
+ /* If that failed, check whether a group matches. */
+ if (group && *group)
+ {
+ static char *my_group;
+ static char **my_supgroups;
+ int n;
+
+ if (!my_group)
+ {
+ struct group *gr = getgrgid ( getgid () );
+ if (!gr)
+ gc_error (1, errno, "getgrgid failed for current user");
+ my_group = xstrdup (gr->gr_name);
+ }
+ if (!strcmp (group, my_group))
+ return 1; /* Found. */
+
+ if (!my_supgroups)
+ {
+ int ngids;
+ gid_t *gids;
+
+ ngids = getgroups (0, NULL);
+ gids = xcalloc (ngids+1, sizeof *gids);
+ ngids = getgroups (ngids, gids);
+ if (ngids < 0)
+ gc_error (1, errno, "getgroups failed for current user");
+ my_supgroups = xcalloc (ngids+1, sizeof *my_supgroups);
+ for (n=0; n < ngids; n++)
+ {
+ struct group *gr = getgrgid ( gids[n] );
+ if (!gr)
+ gc_error (1, errno, "getgrgid failed for supplementary group");
+ my_supgroups[n] = xstrdup (gr->gr_name);
+ }
+ xfree (gids);
+ }
+
+ for (n=0; my_supgroups[n]; n++)
+ if (!strcmp (group, my_supgroups[n]))
+ return 1; /* Found. */
+ }
+#endif /*!HAVE_W32_SYSTEM*/
+ return 0; /* No match. */
+}
+
+
+
+/* Read and process the global configuration file for gpgconf. This
+ optional file is used to update our internal tables at runtime and
+ may also be used to set new default values. If FNAME is NULL the
+ default name will be used. With UPDATE set to true the internal
+ tables are actually updated; if not set, only a syntax check is
+ done. If DEFAULTS is true the global options are written to the
+ configuration files. If LISTFP is set, no changes are done but the
+ configuration file is printed to LISTFP in a colon separated format.
+
+ Returns 0 on success or if the config file is not present; -1 is
+ returned on error. */
+int
+gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
+ FILE *listfp)
+{
+ int result = 0;
+ char *line = NULL;
+ size_t line_len = 0;
+ ssize_t length;
+ FILE *config;
+ int lineno = 0;
+ int in_rule = 0;
+ int got_match = 0;
+ int runtime[GC_BACKEND_NR];
+ int backend_id, component_id;
+ char *fname;
+
+ if (fname_arg)
+ fname = xstrdup (fname_arg);
+ else
+ fname = make_filename (gnupg_sysconfdir (), "gpgconf.conf", NULL);
+
+ for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
+ runtime[backend_id] = 0;
+
+ config = fopen (fname, "r");
+ if (!config)
+ {
+ /* Do not print an error if the file is not available, except
+ when running in syntax check mode. */
+ if (errno != ENOENT || !update)
+ {
+ gc_error (0, errno, "can not open global config file `%s'", fname);
+ result = -1;
+ }
+ xfree (fname);
+ return result;
+ }
+
+ while ((length = read_line (config, &line, &line_len, NULL)) > 0)
+ {
+ char *key, *component, *option, *flags, *value;
+ char *empty;
+ gc_option_t *option_info = NULL;
+ char *p;
+ int is_continuation;
+
+ lineno++;
+ key = line;
+ while (*key == ' ' || *key == '\t')
+ key++;
+ if (!*key || *key == '#' || *key == '\r' || *key == '\n')
+ continue;
+
+ is_continuation = (key != line);
+
+ /* Parse the key field. */
+ if (!is_continuation && got_match)
+ break; /* Finish after the first match. */
+ else if (!is_continuation)
+ {
+ in_rule = 0;
+ for (p=key+1; *p && !strchr (" \t\r\n", *p); p++)
+ ;
+ if (!*p)
+ {
+ gc_error (0, 0, "missing rule at `%s', line %d", fname, lineno);
+ result = -1;
+ continue;
+ }
+ *p++ = 0;
+ component = p;
+ }
+ else if (!in_rule)
+ {
+ gc_error (0, 0, "continuation but no rule at `%s', line %d",
+ fname, lineno);
+ result = -1;
+ continue;
+ }
+ else
+ {
+ component = key;
+ key = NULL;
+ }
+
+ in_rule = 1;
+
+ /* Parse the component. */
+ while (*component == ' ' || *component == '\t')
+ component++;
+ for (p=component; *p && !strchr (" \t\r\n", *p); p++)
+ ;
+ if (p == component)
+ {
+ gc_error (0, 0, "missing component at `%s', line %d",
+ fname, lineno);
+ result = -1;
+ continue;
+ }
+ empty = p;
+ *p++ = 0;
+ option = p;
+ component_id = gc_component_find (component);
+ if (component_id < 0)
+ {
+ gc_error (0, 0, "unknown component at `%s', line %d",
+ fname, lineno);
+ result = -1;
+ }
+
+ /* Parse the option name. */
+ while (*option == ' ' || *option == '\t')
+ option++;
+ for (p=option; *p && !strchr (" \t\r\n", *p); p++)
+ ;
+ if (p == option)
+ {
+ gc_error (0, 0, "missing option at `%s', line %d",
+ fname, lineno);
+ result = -1;
+ continue;
+ }
+ *p++ = 0;
+ flags = p;
+ if ( component_id != -1)
+ {
+ option_info = find_option (component_id, option, GC_BACKEND_ANY);
+ if (!option_info)
+ {
+ gc_error (0, 0, "unknown option at `%s', line %d",
+ fname, lineno);
+ result = -1;
+ }
+ }
+
+
+ /* Parse the optional flags. */
+ while (*flags == ' ' || *flags == '\t')
+ flags++;
+ if (*flags == '[')
+ {
+ flags++;
+ p = strchr (flags, ']');
+ if (!p)
+ {
+ gc_error (0, 0, "syntax error in rule at `%s', line %d",
+ fname, lineno);
+ result = -1;
+ continue;
+ }
+ *p++ = 0;
+ value = p;
+ }
+ else /* No flags given. */
+ {
+ value = flags;
+ flags = NULL;
+ }
+
+ /* Parse the optional value. */
+ while (*value == ' ' || *value == '\t')
+ value++;
+ for (p=value; *p && !strchr ("\r\n", *p); p++)
+ ;
+ if (p == value)
+ value = empty; /* No value given; let it point to an empty string. */
+ else
+ {
+ /* Strip trailing white space. */
+ *p = 0;
+ for (p--; p > value && (*p == ' ' || *p == '\t'); p--)
+ *p = 0;
+ }
+
+ /* Check flag combinations. */
+ if (!flags)
+ ;
+ else if (!strcmp (flags, "default"))
+ {
+ if (*value)
+ {
+ gc_error (0, 0, "flag \"default\" may not be combined "
+ "with a value at `%s', line %d",
+ fname, lineno);
+ result = -1;
+ }
+ }
+ else if (!strcmp (flags, "change"))
+ ;
+ else if (!strcmp (flags, "no-change"))
+ ;
+ else
+ {
+ gc_error (0, 0, "unknown flag at `%s', line %d",
+ fname, lineno);
+ result = -1;
+ }
+
+ /* In list mode we print out all records. */
+ if (listfp && !result)
+ {
+ /* If this is a new ruleset, print a key record. */
+ if (!is_continuation)
+ {
+ char *group = strchr (key, ':');
+ if (group)
+ {
+ *group++ = 0;
+ if ((p = strchr (group, ':')))
+ *p = 0; /* We better strip any extra stuff. */
+ }
+
+ fprintf (listfp, "k:%s:", gc_percent_escape (key));
+ fprintf (listfp, "%s\n", group? gc_percent_escape (group):"");
+ }
+
+ /* All other lines are rule records. */
+ fprintf (listfp, "r:::%s:%s:%s:",
+ gc_component[component_id].name,
+ option_info->name? option_info->name : "",
+ flags? flags : "");
+ if (value != empty)
+ fprintf (listfp, "\"%s", gc_percent_escape (value));
+
+ putc ('\n', listfp);
+ }
+
+ /* Check whether the key matches but do this only if we are not
+ running in syntax check mode. */
+ if ( update
+ && !result && !listfp
+ && (got_match || (key && key_matches_user_or_group (key))) )
+ {
+ int newflags = 0;
+
+ got_match = 1;
+
+ /* Apply the flags from gpgconf.conf. */
+ if (!flags)
+ ;
+ else if (!strcmp (flags, "default"))
+ newflags |= GC_OPT_FLAG_DEFAULT;
+ else if (!strcmp (flags, "no-change"))
+ option_info->flags |= GC_OPT_FLAG_NO_CHANGE;
+ else if (!strcmp (flags, "change"))
+ option_info->flags &= ~GC_OPT_FLAG_NO_CHANGE;
+
+ if (defaults)
+ {
+ assert (component_id >= 0 && component_id < GC_COMPONENT_NR);
+
+ /* Here we explicitly allow to update the value again. */
+ if (newflags)
+ {
+ option_info->new_flags = 0;
+ }
+ if (*value)
+ {
+ xfree (option_info->new_value);
+ option_info->new_value = NULL;
+ }
+ change_one_value (option_info, runtime, newflags, value);
+ }
+ }
+ }
+
+ if (length < 0 || ferror (config))
+ {
+ gc_error (0, errno, "error reading from `%s'", fname);
+ result = -1;
+ }
+ if (fclose (config) && ferror (config))
+ gc_error (0, errno, "error closing `%s'", fname);
+
+ xfree (line);
+
+ /* If it all worked, process the options. */
+ if (!result && update && defaults && !listfp)
+ {
+ /* We need to switch off the runtime update, so that we can do
+ it later all at once. */
+ int save_opt_runtime = opt.runtime;
+ opt.runtime = 0;
+
+ for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
+ {
+ gc_component_change_options (component_id, NULL, NULL);
+ }
+ opt.runtime = save_opt_runtime;
+
+ if (opt.runtime)
+ {
+ for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
+ if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
+ (*gc_backend[backend_id].runtime_change) ();
+ }
+ }
+
+ xfree (fname);
+ return result;
+}
diff --git a/tools/gpgconf.c b/tools/gpgconf.c
new file mode 100644
index 0000000..eb7e9c9
--- /dev/null
+++ b/tools/gpgconf.c
@@ -0,0 +1,348 @@
+/* gpgconf.c - Configuration utility for GnuPG
+ * Copyright (C) 2003, 2007, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "gpgconf.h"
+#include "i18n.h"
+#include "sysutils.h"
+
+/* Constants to identify the commands and options. */
+enum cmd_and_opt_values
+ {
+ aNull = 0,
+ oDryRun = 'n',
+ oOutput = 'o',
+ oQuiet = 'q',
+ oVerbose = 'v',
+ oRuntime = 'r',
+ oComponent = 'c',
+ oNoVerbose = 500,
+ oHomedir,
+
+ aListComponents,
+ aCheckPrograms,
+ aListOptions,
+ aChangeOptions,
+ aCheckOptions,
+ aApplyDefaults,
+ aListConfig,
+ aCheckConfig,
+ aListDirs,
+ aReload
+
+ };
+
+
+/* The list of commands and options. */
+static ARGPARSE_OPTS opts[] =
+ {
+ { 300, NULL, 0, N_("@Commands:\n ") },
+
+ { aListComponents, "list-components", 256, N_("list all components") },
+ { aCheckPrograms, "check-programs", 256, N_("check all programs") },
+ { aListOptions, "list-options", 256, N_("|COMPONENT|list options") },
+ { aChangeOptions, "change-options", 256, N_("|COMPONENT|change options") },
+ { aCheckOptions, "check-options", 256, N_("|COMPONENT|check options") },
+ { aApplyDefaults, "apply-defaults", 256,
+ N_("apply global default values") },
+ { aListDirs, "list-dirs", 256,
+ N_("get the configuration directories for gpgconf") },
+ { aListConfig, "list-config", 256,
+ N_("list global configuration file") },
+ { aCheckConfig, "check-config", 256,
+ N_("check global configuration file") },
+ { aReload, "reload", 256, "@" },
+
+ { 301, NULL, 0, N_("@\nOptions:\n ") },
+
+ { oOutput, "output", 2, N_("use as output file") },
+ { oVerbose, "verbose", 0, N_("verbose") },
+ { oQuiet, "quiet", 0, N_("quiet") },
+ { oDryRun, "dry-run", 0, N_("do not make any changes") },
+ { oRuntime, "runtime", 0, N_("activate changes at runtime, if possible") },
+ /* hidden options */
+ { oNoVerbose, "no-verbose", 0, "@"},
+ {0}
+ };
+
+
+/* Print usage information and and provide strings for help. */
+static const char *
+my_strusage( int level )
+{
+ const char *p;
+
+ switch (level)
+ {
+ case 11: p = "gpgconf (GnuPG)";
+ break;
+ case 13: p = VERSION; break;
+ case 17: p = PRINTABLE_OS_NAME; break;
+ case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+ case 1:
+ case 40: p = _("Usage: gpgconf [options] (-h for help)");
+ break;
+ case 41:
+ p = _("Syntax: gpgconf [options]\n"
+ "Manage configuration options for tools of the GnuPG system\n");
+ break;
+
+ default: p = NULL; break;
+ }
+ return p;
+}
+
+
+/* Return the fp for the output. This is usually stdout unless
+ --output has been used. In the latter case this function opens
+ that file. */
+static FILE *
+get_outfp (FILE **fp)
+{
+ if (!*fp)
+ {
+ if (opt.outfile)
+ {
+ *fp = fopen (opt.outfile, "w");
+ if (!*fp)
+ gc_error (1, errno, "can not open `%s'", opt.outfile);
+ }
+ else
+ *fp = stdout;
+ }
+ return *fp;
+}
+
+
+/* gpgconf main. */
+int
+main (int argc, char **argv)
+{
+ ARGPARSE_ARGS pargs;
+ const char *fname;
+ int no_more_options = 0;
+ enum cmd_and_opt_values cmd = 0;
+ FILE *outfp = NULL;
+
+ gnupg_reopen_std ("gpgconf");
+ set_strusage (my_strusage);
+ log_set_prefix ("gpgconf", 1);
+
+ /* Make sure that our subsystems are ready. */
+ i18n_init();
+ init_common_subsystems ();
+
+ /* Parse the command line. */
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags = 1; /* Do not remove the args. */
+ while (!no_more_options && optfile_parse (NULL, NULL, NULL, &pargs, opts))
+ {
+ switch (pargs.r_opt)
+ {
+ case oOutput: opt.outfile = pargs.r.ret_str; break;
+ case oQuiet: opt.quiet = 1; break;
+ case oDryRun: opt.dry_run = 1; break;
+ case oRuntime:
+ opt.runtime = 1;
+ break;
+ case oVerbose: opt.verbose++; break;
+ case oNoVerbose: opt.verbose = 0; break;
+
+ case aListDirs:
+ case aListComponents:
+ case aCheckPrograms:
+ case aListOptions:
+ case aChangeOptions:
+ case aCheckOptions:
+ case aApplyDefaults:
+ case aListConfig:
+ case aCheckConfig:
+ case aReload:
+ cmd = pargs.r_opt;
+ break;
+
+ default: pargs.err = 2; break;
+ }
+ }
+
+ if (log_get_errorcount (0))
+ exit (2);
+
+ fname = argc ? *argv : NULL;
+
+ switch (cmd)
+ {
+ case aListComponents:
+ default:
+ /* List all components. */
+ gc_component_list_components (get_outfp (&outfp));
+ break;
+
+ case aCheckPrograms:
+ /* Check all programs. */
+ gc_check_programs (get_outfp (&outfp));
+ break;
+
+ case aListOptions:
+ case aChangeOptions:
+ case aCheckOptions:
+ if (!fname)
+ {
+ fputs (_("usage: gpgconf [options] "), stderr);
+ putc ('\n',stderr);
+ fputs (_("Need one component argument"), stderr);
+ putc ('\n',stderr);
+ exit (2);
+ }
+ else
+ {
+ int idx = gc_component_find (fname);
+ if (idx < 0)
+ {
+ fputs (_("Component not found"), stderr);
+ putc ('\n', stderr);
+ exit (1);
+ }
+ if (cmd == aCheckOptions)
+ gc_component_check_options (idx, get_outfp (&outfp), NULL);
+ else
+ {
+ gc_component_retrieve_options (idx);
+ if (gc_process_gpgconf_conf (NULL, 1, 0, NULL))
+ exit (1);
+ if (cmd == aListOptions)
+ gc_component_list_options (idx, get_outfp (&outfp));
+ else if (cmd == aChangeOptions)
+ gc_component_change_options (idx, stdin, get_outfp (&outfp));
+ }
+ }
+ break;
+
+ case aReload:
+ if (!fname)
+ {
+ /* Reload all. */
+ gc_component_reload (-1);
+ }
+ else
+ {
+ /* Reload given component. */
+ int idx;
+
+ idx = gc_component_find (fname);
+ if (idx < 0)
+ {
+ fputs (_("Component not found"), stderr);
+ putc ('\n', stderr);
+ exit (1);
+ }
+ else
+ {
+ gc_component_reload (idx);
+ }
+ }
+ break;
+
+ case aListConfig:
+ if (gc_process_gpgconf_conf (fname, 0, 0, get_outfp (&outfp)))
+ exit (1);
+ break;
+
+ case aCheckConfig:
+ if (gc_process_gpgconf_conf (fname, 0, 0, NULL))
+ exit (1);
+ break;
+
+ case aApplyDefaults:
+ if (fname)
+ {
+ fputs (_("usage: gpgconf [options] "), stderr);
+ putc ('\n',stderr);
+ fputs (_("No argument allowed"), stderr);
+ putc ('\n',stderr);
+ exit (2);
+ }
+ gc_component_retrieve_options (-1);
+ if (gc_process_gpgconf_conf (NULL, 1, 1, NULL))
+ exit (1);
+ break;
+
+ case aListDirs:
+ /* Show the system configuration directories for gpgconf. */
+ get_outfp (&outfp);
+ fprintf (outfp, "sysconfdir:%s\n",
+ gc_percent_escape (gnupg_sysconfdir ()));
+ fprintf (outfp, "bindir:%s\n",
+ gc_percent_escape (gnupg_bindir ()));
+ fprintf (outfp, "libexecdir:%s\n",
+ gc_percent_escape (gnupg_libexecdir ()));
+ fprintf (outfp, "libdir:%s\n",
+ gc_percent_escape (gnupg_libdir ()));
+ fprintf (outfp, "datadir:%s\n",
+ gc_percent_escape (gnupg_datadir ()));
+ fprintf (outfp, "localedir:%s\n",
+ gc_percent_escape (gnupg_localedir ()));
+ fprintf (outfp, "dirmngr-socket:%s\n",
+ gc_percent_escape (dirmngr_socket_name ()));
+ {
+ char *infostr = getenv ("GPG_AGENT_INFO");
+
+ if (!infostr || !*infostr)
+ infostr = make_filename (default_homedir (), "S.gpg-agent", NULL);
+ else
+ {
+ char *tmp;
+
+ infostr = xstrdup (infostr);
+ tmp = strchr (infostr, PATHSEP_C);
+ if (!tmp || tmp == infostr)
+ {
+ xfree (infostr);
+ infostr = NULL;
+ }
+ else
+ *tmp = 0;
+ }
+ fprintf (outfp, "agent-socket:%s\n",
+ infostr? gc_percent_escape (infostr) : "");
+ xfree (infostr);
+ }
+ {
+ /* We need to use make_filename to expand a possible "~/". */
+ char *tmp = make_filename (default_homedir (), NULL);
+ fprintf (outfp, "homedir:%s\n", gc_percent_escape (tmp));
+ xfree (tmp);
+ }
+ break;
+ }
+
+ if (outfp && outfp != stdout)
+ if (fclose (outfp))
+ gc_error (1, errno, "error closing `%s'", opt.outfile);
+
+ return 0;
+}
+
diff --git a/tools/gpgconf.h b/tools/gpgconf.h
new file mode 100644
index 0000000..be9172a
--- /dev/null
+++ b/tools/gpgconf.h
@@ -0,0 +1,80 @@
+/* gpgconf.h - Global definitions for gpgconf
+ * Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GPGCONF_H
+#define GPGCONF_H
+
+#include "../common/util.h"
+
+/* We keep all global options in the structure OPT. */
+struct
+{
+ int verbose; /* Verbosity level. */
+ int quiet; /* Be extra quiet. */
+ int dry_run; /* Don't change any persistent data. */
+ int runtime; /* Make changes active at runtime. */
+ char *outfile; /* Name of output file. */
+
+ int component; /* The active component. */
+} opt;
+
+
+
+/*-- gpgconf-comp.c --*/
+/* Percent-Escape special characters. The string is valid until the
+ next invocation of the function. */
+char *gc_percent_escape (const char *src);
+
+
+void gc_error (int status, int errnum, const char *fmt, ...);
+
+/* Reload given component. */
+void gc_component_reload (int component);
+
+/* List all components that are available. */
+void gc_component_list_components (FILE *out);
+
+/* List all programs along with their status. */
+void gc_check_programs (FILE *out);
+
+/* Find the component with the name NAME. Returns -1 if not
+ found. */
+int gc_component_find (const char *name);
+
+/* Retrieve the currently active options and their defaults from all
+ involved backends for this component. */
+void gc_component_retrieve_options (int component);
+
+/* List all options of the component COMPONENT. */
+void gc_component_list_options (int component, FILE *out);
+
+/* Read the modifications from IN and apply them. */
+void gc_component_change_options (int component, FILE *in, FILE *out);
+
+/* Check the options of a single component. Returns 0 if everything
+ is OK. */
+int gc_component_check_options (int component, FILE *out,
+ const char *conf_file);
+
+/* Process global configuration file. */
+int gc_process_gpgconf_conf (const char *fname, int update, int defaults,
+ FILE *listfp);
+
+
+#endif /*GPGCONF_H*/
diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c
new file mode 100644
index 0000000..903fb5b
--- /dev/null
+++ b/tools/gpgkey2ssh.c
@@ -0,0 +1,306 @@
+/* gpgkey2ssh.c - Converter (Debug helper)
+ * Copyright (C) 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ FIXME: This tool needs some cleanup:
+
+ - Do not use assert() for error output.
+ - Add proper option parsing and standard options.
+ - retrieve_key_material needs to take the ordinal at field 1 in account.
+ 0 Write a man page.
+*/
+
+#include <config.h>
+
+#include <gcrypt.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <stdio.h>
+#include <errno.h>
+
+#include "util.h"
+#include "sysutils.h"
+
+
+
+typedef struct pkdbuf
+{
+ unsigned char *buffer;
+ size_t buffer_n;
+} pkdbuf_t;
+
+
+
+/* Retrieve the public key material for the RSA key, whose fingerprint
+ is FPR, from gpg output, which can be read through the stream FP.
+ The RSA modulus will be stored at the address of M and MLEN, the
+ public exponent at E and ELEN. Returns zero on success, an error
+ code on failure. Caller must release the allocated buffers at M
+ and E if the function returns success. */
+static gpg_error_t
+retrieve_key_material (FILE *fp, const char *hexkeyid, int *algorithm_id,
+ pkdbuf_t **pkdbuf, size_t *pkdbuf_n)
+{
+ pkdbuf_t *pkdbuf_new;
+ pkdbuf_t *pkdbuf_tmp;
+ size_t pkdbuf_new_n;
+ gcry_error_t err = 0;
+ char *line = NULL; /* read_line() buffer. */
+ size_t line_size = 0; /* Helper for for read_line. */
+ int found_key = 0; /* Helper to find a matching key. */
+ int id;
+ unsigned char *buffer;
+ size_t buffer_n;
+ int i;
+
+ pkdbuf_new = NULL;
+ pkdbuf_new_n = 0;
+ id = 0;
+
+ /* Loop over all records until we have found the subkey
+ corresponsing to the fingerprint. Inm general the first record
+ should be the pub record, but we don't rely on that. Given that
+ we only need to look at one key, it is sufficient to compare the
+ keyid so that we don't need to look at "fpr" records. */
+ for (;;)
+ {
+ char *p;
+ char *fields[6];
+ int nfields;
+ size_t max_length;
+ gcry_mpi_t mpi;
+
+ max_length = 4096;
+ i = read_line (fp, &line, &line_size, &max_length);
+ if (!i)
+ break; /* EOF. */
+ if (i < 0)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave; /* Error. */
+ }
+ if (!max_length)
+ {
+ err = gpg_error (GPG_ERR_TRUNCATED);
+ goto leave; /* Line truncated - we better stop processing. */
+ }
+
+ /* Parse the line into fields. */
+ for (nfields=0, p=line; p && nfields < DIM (fields); nfields++)
+ {
+ fields[nfields] = p;
+ p = strchr (p, ':');
+ if (p)
+ *(p++) = 0;
+ }
+ if (!nfields)
+ continue; /* No fields at all - skip line. */
+
+ if (!found_key)
+ {
+ if ( (!strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") )
+ && nfields > 4 &&
+ (((strlen (hexkeyid) == 8)
+ && (strlen (fields[4]) == 16)
+ && (! strcmp (fields[4] + 8, hexkeyid)))
+ || ((strlen (hexkeyid) == 16)
+ && (! strcmp (fields[4], hexkeyid)))))
+ {
+ found_key = 1;
+ /* Save algorithm ID. */
+ id = atoi (fields[3]);
+ }
+ continue;
+ }
+
+ if ( !strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") )
+ break; /* Next key - stop. */
+
+ if ( strcmp (fields[0], "pkd") )
+ continue; /* Not a key data record. */
+
+ /* FIXME, necessary? */
+
+ i = atoi (fields[1]);
+ if ((nfields < 4) || (i < 0))
+ {
+ err = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+ err = gcry_mpi_scan (&mpi, GCRYMPI_FMT_HEX, fields[3], 0, NULL);
+ if (err)
+ mpi = NULL;
+
+ err = gcry_mpi_aprint (GCRYMPI_FMT_STD, &buffer, &buffer_n, mpi);
+ gcry_mpi_release (mpi);
+ if (err)
+ goto leave;
+
+ pkdbuf_tmp = xrealloc (pkdbuf_new, sizeof (*pkdbuf_new) * (pkdbuf_new_n + 1));
+ if (pkdbuf_new != pkdbuf_tmp)
+ pkdbuf_new = pkdbuf_tmp;
+ pkdbuf_new[pkdbuf_new_n].buffer = buffer;
+ pkdbuf_new[pkdbuf_new_n].buffer_n = buffer_n;
+ pkdbuf_new_n++;
+ }
+
+ *algorithm_id = id;
+ *pkdbuf = pkdbuf_new;
+ *pkdbuf_n = pkdbuf_new_n;
+
+ leave:
+
+ if (err)
+ if (pkdbuf_new)
+ {
+ for (i = 0; i < pkdbuf_new_n; i++)
+ xfree (pkdbuf_new[i].buffer);
+ xfree (pkdbuf_new);
+ }
+ xfree (line);
+
+ return err;
+}
+
+
+
+int
+key_to_blob (unsigned char **blob, size_t *blob_n, const char *identifier, ...)
+{
+ unsigned char *blob_new;
+ size_t blob_new_n;
+ unsigned char uint32_buffer[4];
+ u32 identifier_n;
+ FILE *stream;
+ va_list ap;
+ int ret;
+ pkdbuf_t *pkd;
+
+ stream = gnupg_tmpfile ();
+ assert (stream);
+
+ identifier_n = strlen (identifier);
+ uint32_buffer[0] = identifier_n >> 24;
+ uint32_buffer[1] = identifier_n >> 16;
+ uint32_buffer[2] = identifier_n >> 8;
+ uint32_buffer[3] = identifier_n >> 0;
+ ret = fwrite (uint32_buffer, sizeof (uint32_buffer), 1, stream);
+ assert (ret == 1);
+ ret = fwrite (identifier, identifier_n, 1, stream);
+ assert (ret == 1);
+
+ va_start (ap, identifier);
+ while (1)
+ {
+ pkd = va_arg (ap, pkdbuf_t *);
+ if (! pkd)
+ break;
+
+ uint32_buffer[0] = pkd->buffer_n >> 24;
+ uint32_buffer[1] = pkd->buffer_n >> 16;
+ uint32_buffer[2] = pkd->buffer_n >> 8;
+ uint32_buffer[3] = pkd->buffer_n >> 0;
+ ret = fwrite (uint32_buffer, sizeof (uint32_buffer), 1, stream);
+ assert (ret == 1);
+ ret = fwrite (pkd->buffer, pkd->buffer_n, 1, stream);
+ assert (ret == 1);
+ }
+
+ blob_new_n = ftell (stream);
+ rewind (stream);
+
+ blob_new = xmalloc (blob_new_n);
+ ret = fread (blob_new, blob_new_n, 1, stream);
+ assert (ret == 1);
+
+ *blob = blob_new;
+ *blob_n = blob_new_n;
+
+ fclose (stream);
+
+ return 0;
+}
+
+int
+main (int argc, char **argv)
+{
+ const char *keyid;
+ int algorithm_id;
+ pkdbuf_t *pkdbuf;
+ size_t pkdbuf_n;
+ char *command;
+ FILE *fp;
+ int ret;
+ gcry_error_t err;
+ unsigned char *blob;
+ size_t blob_n;
+ struct b64state b64_state;
+ const char *identifier;
+
+ pkdbuf = NULL;
+ pkdbuf_n = 0;
+
+ algorithm_id = 0; /* (avoid cc warning) */
+ identifier = NULL; /* (avoid cc warning) */
+
+ assert (argc == 2);
+
+ keyid = argv[1];
+
+ ret = asprintf (&command,
+ "gpg --list-keys --with-colons --with-key-data '%s'",
+ keyid);
+ assert (ret > 0);
+
+ fp = popen (command, "r");
+ assert (fp);
+
+ err = retrieve_key_material (fp, keyid, &algorithm_id, &pkdbuf, &pkdbuf_n);
+ assert (! err);
+ assert ((algorithm_id == 1) || (algorithm_id == 17));
+
+ if (algorithm_id == 1)
+ {
+ identifier = "ssh-rsa";
+ ret = key_to_blob (&blob, &blob_n, identifier,
+ &pkdbuf[1], &pkdbuf[0], NULL);
+ }
+ else if (algorithm_id == 17)
+ {
+ identifier = "ssh-dss";
+ ret = key_to_blob (&blob, &blob_n, identifier,
+ &pkdbuf[0], &pkdbuf[1], &pkdbuf[2], &pkdbuf[3], NULL);
+ }
+ assert (! ret);
+
+ printf ("%s ", identifier);
+
+ err = b64enc_start (&b64_state, stdout, "");
+ assert (! err);
+ err = b64enc_write (&b64_state, blob, blob_n);
+ assert (! err);
+ err = b64enc_finish (&b64_state);
+ assert (! err);
+
+ printf (" COMMENT\n");
+
+ return 0;
+}
diff --git a/tools/gpgparsemail.c b/tools/gpgparsemail.c
new file mode 100644
index 0000000..6265efc
--- /dev/null
+++ b/tools/gpgparsemail.c
@@ -0,0 +1,809 @@
+/* gpgparsemail.c - Standalone crypto mail parser
+ * Copyright (C) 2004, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/* This utility prints an RFC8222, possible MIME structured, message
+ in an annotated format with the first column having an indicator
+ for the content of the line. Several options are available to
+ scrutinize the message. S/MIME and OpenPGP support is included. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <time.h>
+#include <signal.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/wait.h>
+
+#include "rfc822parse.h"
+
+
+#define PGM "gpgparsemail"
+
+/* Option flags. */
+static int verbose;
+static int debug;
+static int opt_crypto; /* Decrypt or verify messages. */
+static int opt_no_header; /* Don't output the header lines. */
+
+/* Structure used to communicate with the parser callback. */
+struct parse_info_s {
+ int show_header; /* Show the header lines. */
+ int show_data; /* Show the data lines. */
+ unsigned int skip_show; /* Temporary disable above for these
+ number of lines. */
+ int show_data_as_note; /* The next data line should be shown
+ as a note. */
+ int show_boundary;
+ int nesting_level;
+
+ int is_pkcs7; /* Old style S/MIME message. */
+
+ int moss_state; /* State of PGP/MIME or S/MIME parsing. */
+ int is_smime; /* This is S/MIME and not PGP/MIME. */
+
+ char *signing_protocol;
+ int hashing_level; /* The nesting level we are hashing. */
+ int hashing;
+ FILE *hash_file;
+
+ FILE *sig_file; /* Signature part with MIME or full
+ pkcs7 data if IS_PCKS7 is set. */
+ int verify_now; /* Flag set when all signature data is
+ available. */
+};
+
+
+/* Print diagnostic message and exit with failure. */
+static void
+die (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ fflush (stdout);
+ fprintf (stderr, "%s: ", PGM);
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+ putc ('\n', stderr);
+
+ exit (1);
+}
+
+
+/* Print diagnostic message. */
+static void
+err (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ fflush (stdout);
+ fprintf (stderr, "%s: ", PGM);
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+ putc ('\n', stderr);
+}
+
+static void *
+xmalloc (size_t n)
+{
+ void *p = malloc (n);
+ if (!p)
+ die ("out of core: %s", strerror (errno));
+ return p;
+}
+
+/* static void * */
+/* xcalloc (size_t n, size_t m) */
+/* { */
+/* void *p = calloc (n, m); */
+/* if (!p) */
+/* die ("out of core: %s", strerror (errno)); */
+/* return p; */
+/* } */
+
+/* static void * */
+/* xrealloc (void *old, size_t n) */
+/* { */
+/* void *p = realloc (old, n); */
+/* if (!p) */
+/* die ("out of core: %s", strerror (errno)); */
+/* return p; */
+/* } */
+
+static char *
+xstrdup (const char *string)
+{
+ void *p = malloc (strlen (string)+1);
+ if (!p)
+ die ("out of core: %s", strerror (errno));
+ strcpy (p, string);
+ return p;
+}
+
+#ifndef HAVE_STPCPY
+static char *
+stpcpy (char *a,const char *b)
+{
+ while (*b)
+ *a++ = *b++;
+ *a = 0;
+
+ return (char*)a;
+}
+#endif
+
+static int
+run_gnupg (int smime, int sig_fd, int data_fd, int *close_list)
+{
+ int rp[2];
+ pid_t pid;
+ int i, c, is_status;
+ unsigned int pos;
+ char status_buf[10];
+ FILE *fp;
+
+ if (pipe (rp) == -1)
+ die ("error creating a pipe: %s", strerror (errno));
+
+ pid = fork ();
+ if (pid == -1)
+ die ("error forking process: %s", strerror (errno));
+
+ if (!pid)
+ { /* Child. */
+ char data_fd_buf[50];
+ int fd;
+
+ /* Connect our signature fd to stdin. */
+ if (sig_fd != 0)
+ {
+ if (dup2 (sig_fd, 0) == -1)
+ die ("dup2 stdin failed: %s", strerror (errno));
+ }
+
+ /* Keep our data fd and format it for gpg/gpgsm use. */
+ if (data_fd == -1)
+ *data_fd_buf = 0;
+ else
+ sprintf (data_fd_buf, "-&%d", data_fd);
+
+ /* Send stdout to the bit bucket. */
+ fd = open ("/dev/null", O_WRONLY);
+ if (fd == -1)
+ die ("can't open `/dev/null': %s", strerror (errno));
+ if (fd != 1)
+ {
+ if (dup2 (fd, 1) == -1)
+ die ("dup2 stderr failed: %s", strerror (errno));
+ }
+
+ /* Connect stderr to our pipe. */
+ if (rp[1] != 2)
+ {
+ if (dup2 (rp[1], 2) == -1)
+ die ("dup2 stderr failed: %s", strerror (errno));
+ }
+
+ /* Close other files. */
+ for (i=0; (fd=close_list[i]) != -1; i++)
+ if (fd > 2 && fd != data_fd)
+ close (fd);
+ errno = 0;
+
+ if (smime)
+ execlp ("gpgsm", "gpgsm",
+ "--enable-special-filenames",
+ "--status-fd", "2",
+ "--assume-base64",
+ "--verify",
+ "--",
+ "-", data_fd == -1? NULL : data_fd_buf,
+ NULL);
+ else
+ execlp ("gpg", "gpg",
+ "--enable-special-filenames",
+ "--status-fd", "2",
+ "--verify",
+ "--debug=512",
+ "--",
+ "-", data_fd == -1? NULL : data_fd_buf,
+ NULL);
+
+ die ("failed to exec the crypto command: %s", strerror (errno));
+ }
+
+ /* Parent. */
+ close (rp[1]);
+
+ fp = fdopen (rp[0], "r");
+ if (!fp)
+ die ("can't fdopen pipe for reading: %s", strerror (errno));
+
+ pos = 0;
+ is_status = 0;
+ assert (sizeof status_buf > 9);
+ while ((c=getc (fp)) != EOF)
+ {
+ if (pos < 9)
+ status_buf[pos] = c;
+ else
+ {
+ if (pos == 9)
+ {
+ is_status = !memcmp (status_buf, "[GNUPG:] ", 9);
+ if (is_status)
+ fputs ( "c ", stdout);
+ else if (verbose)
+ fputs ( "# ", stdout);
+ fwrite (status_buf, 9, 1, stdout);
+ }
+ putchar (c);
+ }
+ if (c == '\n')
+ {
+ if (verbose && pos < 9)
+ {
+ fputs ( "# ", stdout);
+ fwrite (status_buf, pos+1, 1, stdout);
+ }
+ pos = 0;
+ }
+ else
+ pos++;
+ }
+ if (pos)
+ {
+ if (verbose && pos < 9)
+ {
+ fputs ( "# ", stdout);
+ fwrite (status_buf, pos+1, 1, stdout);
+ }
+ putchar ('\n');
+ }
+ fclose (fp);
+
+ while ( (i=waitpid (pid, NULL, 0)) == -1 && errno == EINTR)
+ ;
+ if (i == -1)
+ die ("waiting for child failed: %s", strerror (errno));
+
+ return 0;
+}
+
+
+
+
+/* Verify the signature in the current temp files. */
+static void
+verify_signature (struct parse_info_s *info)
+{
+ int close_list[10];
+
+ if (info->is_pkcs7)
+ {
+ assert (!info->hash_file);
+ assert (info->sig_file);
+ rewind (info->sig_file);
+ }
+ else
+ {
+ assert (info->hash_file);
+ assert (info->sig_file);
+ rewind (info->hash_file);
+ rewind (info->sig_file);
+ }
+
+/* printf ("# Begin hashed data\n"); */
+/* while ( (c=getc (info->hash_file)) != EOF) */
+/* putchar (c); */
+/* printf ("# End hashed data signature\n"); */
+/* printf ("# Begin signature\n"); */
+/* while ( (c=getc (info->sig_file)) != EOF) */
+/* putchar (c); */
+/* printf ("# End signature\n"); */
+/* rewind (info->hash_file); */
+/* rewind (info->sig_file); */
+
+ close_list[0] = -1;
+ run_gnupg (info->is_smime, fileno (info->sig_file),
+ info->hash_file ? fileno (info->hash_file) : -1, close_list);
+}
+
+
+
+
+
+/* Prepare for a multipart/signed.
+ FIELD_CTX is the parsed context of the content-type header.*/
+static void
+mime_signed_begin (struct parse_info_s *info, rfc822parse_t msg,
+ rfc822parse_field_t field_ctx)
+{
+ const char *s;
+
+ (void)msg;
+
+ s = rfc822parse_query_parameter (field_ctx, "protocol", 1);
+ if (s)
+ {
+ printf ("h signed.protocol: %s\n", s);
+ if (!strcmp (s, "application/pgp-signature"))
+ {
+ if (info->moss_state)
+ err ("note: ignoring nested PGP/MIME or S/MIME signature");
+ else
+ {
+ info->moss_state = 1;
+ info->is_smime = 0;
+ free (info->signing_protocol);
+ info->signing_protocol = xstrdup (s);
+ }
+ }
+ else if (!strcmp (s, "application/pkcs7-signature")
+ || !strcmp (s, "application/x-pkcs7-signature"))
+ {
+ if (info->moss_state)
+ err ("note: ignoring nested PGP/MIME or S/MIME signature");
+ else
+ {
+ info->moss_state = 1;
+ info->is_smime = 1;
+ free (info->signing_protocol);
+ info->signing_protocol = xstrdup (s);
+ }
+ }
+ else if (verbose)
+ printf ("# this protocol is not supported\n");
+ }
+}
+
+
+/* Prepare for a multipart/encrypted.
+ FIELD_CTX is the parsed context of the content-type header.*/
+static void
+mime_encrypted_begin (struct parse_info_s *info, rfc822parse_t msg,
+ rfc822parse_field_t field_ctx)
+{
+ const char *s;
+
+ (void)info;
+ (void)msg;
+
+ s = rfc822parse_query_parameter (field_ctx, "protocol", 0);
+ if (s)
+ printf ("h encrypted.protocol: %s\n", s);
+}
+
+
+/* Prepare for old-style pkcs7 messages. */
+static void
+pkcs7_begin (struct parse_info_s *info, rfc822parse_t msg,
+ rfc822parse_field_t field_ctx)
+{
+ const char *s;
+
+ (void)msg;
+
+ s = rfc822parse_query_parameter (field_ctx, "name", 0);
+ if (s)
+ printf ("h pkcs7.name: %s\n", s);
+ if (info->is_pkcs7)
+ err ("note: ignoring nested pkcs7 data");
+ else
+ {
+ info->is_pkcs7 = 1;
+ if (opt_crypto)
+ {
+ assert (!info->sig_file);
+ info->sig_file = tmpfile ();
+ if (!info->sig_file)
+ die ("error creating temp file: %s", strerror (errno));
+ }
+ }
+}
+
+
+/* Print the event received by the parser for debugging as comment
+ line. */
+static void
+show_event (rfc822parse_event_t event)
+{
+ const char *s;
+
+ switch (event)
+ {
+ case RFC822PARSE_OPEN: s= "Open"; break;
+ case RFC822PARSE_CLOSE: s= "Close"; break;
+ case RFC822PARSE_CANCEL: s= "Cancel"; break;
+ case RFC822PARSE_T2BODY: s= "T2Body"; break;
+ case RFC822PARSE_FINISH: s= "Finish"; break;
+ case RFC822PARSE_RCVD_SEEN: s= "Rcvd_Seen"; break;
+ case RFC822PARSE_LEVEL_DOWN: s= "Level_Down"; break;
+ case RFC822PARSE_LEVEL_UP: s= "Level_Up"; break;
+ case RFC822PARSE_BOUNDARY: s= "Boundary"; break;
+ case RFC822PARSE_LAST_BOUNDARY: s= "Last_Boundary"; break;
+ case RFC822PARSE_BEGIN_HEADER: s= "Begin_Header"; break;
+ case RFC822PARSE_PREAMBLE: s= "Preamble"; break;
+ case RFC822PARSE_EPILOGUE: s= "Epilogue"; break;
+ default: s= "[unknown event]"; break;
+ }
+ printf ("# *** got RFC822 event %s\n", s);
+}
+
+/* This function is called by the parser to communicate events. This
+ callback comminucates with the main program using a structure
+ passed in OPAQUE. Should retrun 0 or set errno and return -1. */
+static int
+message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg)
+{
+ struct parse_info_s *info = opaque;
+
+ if (debug)
+ show_event (event);
+
+ if (event == RFC822PARSE_BEGIN_HEADER || event == RFC822PARSE_T2BODY)
+ {
+ /* We need to check here whether to start collecting signed data
+ because attachments might come without header lines and thus
+ we won't see the BEGIN_HEADER event. */
+ if (info->moss_state == 1)
+ {
+ printf ("c begin_hash\n");
+ info->hashing = 1;
+ info->hashing_level = info->nesting_level;
+ info->moss_state++;
+
+ if (opt_crypto)
+ {
+ assert (!info->hash_file);
+ info->hash_file = tmpfile ();
+ if (!info->hash_file)
+ die ("failed to create temporary file: %s", strerror (errno));
+ }
+ }
+ }
+
+
+ if (event == RFC822PARSE_OPEN)
+ {
+ /* Initialize for a new message. */
+ info->show_header = 1;
+ }
+ else if (event == RFC822PARSE_T2BODY)
+ {
+ rfc822parse_field_t ctx;
+
+ ctx = rfc822parse_parse_field (msg, "Content-Type", -1);
+ if (ctx)
+ {
+ const char *s1, *s2;
+ s1 = rfc822parse_query_media_type (ctx, &s2);
+ if (s1)
+ {
+ printf ("h media: %*s%s %s\n",
+ info->nesting_level*2, "", s1, s2);
+ if (info->moss_state == 3)
+ {
+ char *buf = xmalloc (strlen (s1) + strlen (s2) + 2);
+ strcpy (stpcpy (stpcpy (buf, s1), "/"), s2);
+ assert (info->signing_protocol);
+ if (strcmp (buf, info->signing_protocol))
+ err ("invalid %s structure; expected `%s', found `%s'",
+ info->is_smime? "S/MIME":"PGP/MIME",
+ info->signing_protocol, buf);
+ else
+ {
+ printf ("c begin_signature\n");
+ info->moss_state++;
+ if (opt_crypto)
+ {
+ assert (!info->sig_file);
+ info->sig_file = tmpfile ();
+ if (!info->sig_file)
+ die ("error creating temp file: %s",
+ strerror (errno));
+ }
+ }
+ free (buf);
+ }
+ else if (!strcmp (s1, "multipart"))
+ {
+ if (!strcmp (s2, "signed"))
+ mime_signed_begin (info, msg, ctx);
+ else if (!strcmp (s2, "encrypted"))
+ mime_encrypted_begin (info, msg, ctx);
+ }
+ else if (!strcmp (s1, "application")
+ && (!strcmp (s2, "pkcs7-mime")
+ || !strcmp (s2, "x-pkcs7-mime")))
+ pkcs7_begin (info, msg, ctx);
+ }
+ else
+ printf ("h media: %*s none\n", info->nesting_level*2, "");
+
+ rfc822parse_release_field (ctx);
+ }
+ else
+ printf ("h media: %*stext plain [assumed]\n",
+ info->nesting_level*2, "");
+
+
+ info->show_header = 0;
+ info->show_data = 1;
+ info->skip_show = 1;
+ }
+ else if (event == RFC822PARSE_PREAMBLE)
+ info->show_data_as_note = 1;
+ else if (event == RFC822PARSE_LEVEL_DOWN)
+ {
+ printf ("b down\n");
+ info->nesting_level++;
+ }
+ else if (event == RFC822PARSE_LEVEL_UP)
+ {
+ printf ("b up\n");
+ if (info->nesting_level)
+ info->nesting_level--;
+ else
+ err ("invalid structure (bad nesting level)");
+ }
+ else if (event == RFC822PARSE_BOUNDARY || event == RFC822PARSE_LAST_BOUNDARY)
+ {
+ info->show_data = 0;
+ info->show_boundary = 1;
+ if (event == RFC822PARSE_BOUNDARY)
+ {
+ info->show_header = 1;
+ info->skip_show = 1;
+ printf ("b part\n");
+ }
+ else
+ printf ("b last\n");
+
+ if (info->moss_state == 2 && info->nesting_level == info->hashing_level)
+ {
+ printf ("c end_hash\n");
+ info->moss_state++;
+ info->hashing = 0;
+ }
+ else if (info->moss_state == 4)
+ {
+ printf ("c end_signature\n");
+ info->verify_now = 1;
+ }
+ }
+
+ return 0;
+}
+
+
+/* Read a message from FP and process it according to the global
+ options. */
+static void
+parse_message (FILE *fp)
+{
+ char line[5000];
+ size_t length;
+ rfc822parse_t msg;
+ unsigned int lineno = 0;
+ int no_cr_reported = 0;
+ struct parse_info_s info;
+
+ memset (&info, 0, sizeof info);
+
+ msg = rfc822parse_open (message_cb, &info);
+ if (!msg)
+ die ("can't open parser: %s", strerror (errno));
+
+ /* Fixme: We should not use fgets becuase it can't cope with
+ embedded nul characters. */
+ while (fgets (line, sizeof (line), fp))
+ {
+ lineno++;
+ if (lineno == 1 && !strncmp (line, "From ", 5))
+ continue; /* We better ignore a leading From line. */
+
+ length = strlen (line);
+ if (length && line[length - 1] == '\n')
+ line[--length] = 0;
+ else
+ err ("line number %u too long or last line not terminated", lineno);
+ if (length && line[length - 1] == '\r')
+ line[--length] = 0;
+ else if (verbose && !no_cr_reported)
+ {
+ err ("non canonical ended line detected (line %u)", lineno);
+ no_cr_reported = 1;
+ }
+
+
+ if (rfc822parse_insert (msg, line, length))
+ die ("parser failed: %s", strerror (errno));
+
+ if (info.hashing)
+ {
+ /* Delay hashing of the CR/LF because the last line ending
+ belongs to the next boundary. */
+ if (debug)
+ printf ("# hashing %s`%s'\n", info.hashing==2?"CR,LF+":"", line);
+ if (opt_crypto)
+ {
+ if (info.hashing == 2)
+ fputs ("\r\n", info.hash_file);
+ fputs (line, info.hash_file);
+ if (ferror (info.hash_file))
+ die ("error writing to temporary file: %s", strerror (errno));
+ }
+
+ info.hashing = 2;
+ }
+
+ if (info.sig_file && opt_crypto)
+ {
+ if (info.verify_now)
+ {
+ verify_signature (&info);
+ if (info.hash_file)
+ fclose (info.hash_file);
+ info.hash_file = NULL;
+ fclose (info.sig_file);
+ info.sig_file = NULL;
+ info.moss_state = 0;
+ info.is_smime = 0;
+ info.is_pkcs7 = 0;
+ }
+ else
+ {
+ fputs (line, info.sig_file);
+ fputs ("\r\n", info.sig_file);
+ if (ferror (info.sig_file))
+ die ("error writing to temporary file: %s", strerror (errno));
+ }
+ }
+
+ if (info.show_boundary)
+ {
+ if (!opt_no_header)
+ printf (":%s\n", line);
+ info.show_boundary = 0;
+ }
+
+ if (info.skip_show)
+ info.skip_show--;
+ else if (info.show_data)
+ {
+ if (info.show_data_as_note)
+ {
+ if (verbose)
+ printf ("# DATA: %s\n", line);
+ info.show_data_as_note = 0;
+ }
+ else
+ printf (" %s\n", line);
+ }
+ else if (info.show_header && !opt_no_header)
+ printf (".%s\n", line);
+
+ }
+
+ if (info.sig_file && opt_crypto && info.is_pkcs7)
+ {
+ verify_signature (&info);
+ fclose (info.sig_file);
+ info.sig_file = NULL;
+ info.is_pkcs7 = 0;
+ }
+
+ rfc822parse_close (msg);
+}
+
+
+int
+main (int argc, char **argv)
+{
+ int last_argc = -1;
+
+ if (argc)
+ {
+ argc--; argv++;
+ }
+ while (argc && last_argc != argc )
+ {
+ last_argc = argc;
+ if (!strcmp (*argv, "--"))
+ {
+ argc--; argv++;
+ break;
+ }
+ else if (!strcmp (*argv, "--help"))
+ {
+ puts (
+ "Usage: " PGM " [OPTION] [FILE]\n"
+ "Parse a mail message into an annotated format.\n\n"
+ " --crypto decrypt or verify messages\n"
+ " --no-header don't output the header lines\n"
+ " --verbose enable extra informational output\n"
+ " --debug enable additional debug output\n"
+ " --help display this help and exit\n\n"
+ "With no FILE, or when FILE is -, read standard input.\n\n"
+ "WARNING: This tool is under development.\n"
+ " The semantics may change without notice\n\n"
+ "Report bugs to <bug-gnupg@gnu.org>.");
+ exit (0);
+ }
+ else if (!strcmp (*argv, "--verbose"))
+ {
+ verbose = 1;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--debug"))
+ {
+ verbose = debug = 1;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--crypto"))
+ {
+ opt_crypto = 1;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--no-header"))
+ {
+ opt_no_header = 1;
+ argc--; argv++;
+ }
+ }
+
+ if (argc > 1)
+ die ("usage: " PGM " [OPTION] [FILE] (try --help for more information)\n");
+
+ signal (SIGPIPE, SIG_IGN);
+
+ if (argc && strcmp (*argv, "-"))
+ {
+ FILE *fp = fopen (*argv, "rb");
+ if (!fp)
+ die ("can't open `%s': %s", *argv, strerror (errno));
+ parse_message (fp);
+ fclose (fp);
+ }
+ else
+ parse_message (stdin);
+
+ return 0;
+}
+
+
+/*
+Local Variables:
+compile-command: "gcc -Wall -Wno-pointer-sign -g -o gpgparsemail rfc822parse.c gpgparsemail.c"
+End:
+*/
diff --git a/tools/gpgsm-gencert.sh b/tools/gpgsm-gencert.sh
new file mode 100755
index 0000000..b209c8e
--- /dev/null
+++ b/tools/gpgsm-gencert.sh
@@ -0,0 +1,203 @@
+#!/bin/sh
+# -*- sh -*-
+# gpgsm-gencert.c - Generate X.509 certificates through GPGSM.
+# Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+ASSUAN_FP_IN=4
+ASSUAN_FP_OUT=5
+
+ASSUAN_COMMANDS="\
+INPUT FD=$ASSUAN_FP_IN\n\
+OUTPUT FD=$ASSUAN_FP_OUT --armor\n\
+GENKEY\n\
+BYE\n"
+
+ANSWER=""
+
+query_user()
+{
+ message=$1; shift
+
+ echo "$message" >&2
+ echo -n "> " >&2
+ read answer
+
+ ANSWER=$answer;
+}
+
+query_user_menu()
+{
+ message=$1; shift
+ i=0
+
+ echo "$message" >&2
+ for choice in "$@"; do
+ i=$(expr $i + 1)
+ echo " [$i] $choice" >&2
+ done
+
+ while true; do
+ j=1
+ echo -n "Your selection: " >&2
+ read idx
+
+ while [ $j -lt $i -o $j -eq $i ]; do
+ if [ "$idx" = $j ]; then
+ break
+ fi
+ j=$(expr $j + 1)
+ done
+ if [ $j -lt $i -o $j -eq $i ]; then
+ break
+ fi
+ done
+
+ i=0
+ for choice in "$@"; do
+ i=$(expr $i + 1)
+ if [ $i -eq $idx ]; then
+ ANSWER=$1
+ break;
+ fi
+ shift
+ done
+
+ echo "You selected: $ANSWER" >&2
+}
+
+
+echo "WARNING: This script is deprecated; please use" >&2
+echo " gpgsm --gen-key" >&2
+echo " instead." >&2
+KEY_TYPE=""
+while [ -z "$KEY_TYPE" ]; do
+ query_user_menu "Key type" "RSA" "Existing key" "Direct from card"
+ case "$ANSWER" in
+ RSA)
+ KEY_TYPE=$ANSWER
+ query_user_menu "Key length" "1024" "2048"
+ KEY_LENGTH=$ANSWER
+ KEY_GRIP=
+ ;;
+ Existing*)
+ # User requested to use an existing key; need to set some dummy defaults
+ query_user "Keygrip "
+ if [ -n "$ANSWER" ]; then
+ KEY_TYPE=RSA
+ KEY_LENGTH=1024
+ KEY_GRIP=$ANSWER
+ fi
+ ;;
+ Direct*)
+ tmp=$(echo 'SCD SERIALNO' | gpg-connect-agent | \
+ awk '$2 == "SERIALNO" {print $3}')
+ if [ -z "$tmp" ]; then
+ echo "No card found" >&2
+ else
+ echo "Card with S/N $tmp found" >&2
+ tmp=$(echo 'SCD LEARN --force' | gpg-connect-agent | \
+ awk '$2 == "KEYPAIRINFO" {printf " %s", $4}')
+ sshid=$(echo 'SCD GETATTR $AUTHKEYID' | gpg-connect-agent | \
+ awk '$2 == "$AUTHKEYID" {print $3}')
+ [ -n "$sshid" ] && echo "gpg-agent uses $sshid as ssh key" >&2
+ query_user_menu "Select key " $tmp "back"
+ if [ "$ANSWER" != "back" ]; then
+ KEY_TYPE="card:$ANSWER"
+ KEY_LENGTH=
+ KEY_GRIP=
+ fi
+ fi
+ ;;
+ *)
+ exit 1
+ ;;
+ esac
+done
+
+query_user_menu "Key usage" "sign, encrypt" "sign" "encrypt"
+KEY_USAGE=$ANSWER
+
+query_user "Name (DN)"
+NAME=$ANSWER
+
+EMAIL_ADDRESSES=
+LF=
+while : ; do
+ query_user "E-Mail addresses (end with an empty line)"
+ [ -z "$ANSWER" ] && break
+ EMAIL_ADDRESSES="${EMAIL_ADDRESSES}${LF}Name-Email: $ANSWER"
+ LF='
+'
+done
+
+DNS_ADDRESSES=
+LF=
+while : ; do
+ query_user "DNS Names (optional; end with an empty line)"
+ [ -z "$ANSWER" ] && break
+ DNS_ADDRESSES="${DNS_ADDRESSES}${LF}Name-DNS: $ANSWER"
+ LF='
+'
+done
+
+URI_ADDRESSES=
+LF=
+while : ; do
+ query_user "URIs (optional; end with an empty line)"
+ [ -z "$ANSWER" ] && break
+ URI_ADDRESSES="${URI_ADDRESSES}${LF}Name-URI: $ANSWER"
+ LF='
+'
+done
+
+file_parameter=$(mktemp "/tmp/gpgsm.XXXXXX")
+outfile=$(mktemp "/tmp/gpgsm.XXXXXX")
+
+
+(
+cat <<EOF
+Key-Type: $KEY_TYPE
+Key-Length: $KEY_LENGTH
+Key-Usage: $KEY_USAGE
+Name-DN: $NAME
+EOF
+[ -n "$KEY_GRIP" ] && echo "Key-Grip: $KEY_GRIP"
+[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES"
+[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES"
+[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES"
+) > "$file_parameter"
+
+
+echo 'Parameters for certificate request to create:' >&2
+cat -n "$file_parameter" >&2
+echo >&2
+
+query_user_menu "Really create such a CSR?" "yes" "no"
+[ "$ANSWER" != "yes" ] && exit 1
+
+
+printf "$ASSUAN_COMMANDS" | \
+ gpgsm --no-log-file --debug-level none --debug-none \
+ --server 4< "$file_parameter" 5>"$outfile" >/dev/null
+
+cat "$outfile"
+
+rm "$file_parameter" "$outfile"
+exit 0
diff --git a/tools/gpgsplit.c b/tools/gpgsplit.c
new file mode 100644
index 0000000..3f093c3
--- /dev/null
+++ b/tools/gpgsplit.c
@@ -0,0 +1,882 @@
+/* gpgsplit.c - An OpenPGP packet splitting tool
+ * Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#include <assert.h>
+#include <sys/types.h>
+#ifdef HAVE_DOSISH_SYSTEM
+# include <fcntl.h> /* for setmode() */
+#endif
+#include <zlib.h>
+#ifdef HAVE_BZIP2
+#include <bzlib.h>
+#endif /* HAVE_BZIP2 */
+#if defined(__riscos__) && defined(USE_ZLIBRISCOS)
+# include "zlib-riscos.h"
+#endif
+
+#define INCLUDED_BY_MAIN_MODULE 1
+#include "util.h"
+#include "openpgpdefs.h"
+
+static int opt_verbose;
+static const char *opt_prefix = "";
+static int opt_uncompress;
+static int opt_secret_to_public;
+static int opt_no_split;
+
+static void g10_exit( int rc );
+static void split_packets (const char *fname);
+
+
+enum cmd_and_opt_values {
+ aNull = 0,
+ oVerbose = 'v',
+ oPrefix = 'p',
+ oUncompress = 500,
+ oSecretToPublic,
+ oNoSplit,
+
+ aTest
+};
+
+
+static ARGPARSE_OPTS opts[] = {
+
+ { 301, NULL, 0, "@Options:\n " },
+
+ { oVerbose, "verbose", 0, "verbose" },
+ { oPrefix, "prefix", 2, "|STRING|Prepend filenames with STRING" },
+ { oUncompress, "uncompress", 0, "uncompress a packet"},
+ { oSecretToPublic, "secret-to-public", 0, "convert secret keys to public keys"},
+ { oNoSplit, "no-split", 0, "write to stdout and don't actually split"},
+{0} };
+
+
+static const char *
+my_strusage (int level)
+{
+ const char *p;
+ switch (level)
+ {
+ case 11: p = "gpgsplit (GnuPG)";
+ break;
+ case 13: p = VERSION; break;
+ case 17: p = PRINTABLE_OS_NAME; break;
+ case 19: p = "Please report bugs to <@EMAIL@>.\n"; break;
+
+ case 1:
+ case 40: p =
+ "Usage: gpgsplit [options] [files] (-h for help)";
+ break;
+ case 41: p =
+ "Syntax: gpgsplit [options] [files]\n"
+ "Split an OpenPGP message into packets\n";
+ break;
+
+ default: p = NULL;
+ }
+ return p;
+}
+
+
+
+int
+main (int argc, char **argv)
+{
+ ARGPARSE_ARGS pargs;
+
+#ifdef HAVE_DOSISH_SYSTEM
+ setmode( fileno(stdin), O_BINARY );
+ setmode( fileno(stdout), O_BINARY );
+#endif
+ log_set_prefix ("gpgsplit", JNLIB_LOG_WITH_PREFIX);
+ set_strusage (my_strusage);
+
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags= 1; /* do not remove the args */
+ while (optfile_parse( NULL, NULL, NULL, &pargs, opts))
+ {
+ switch (pargs.r_opt)
+ {
+ case oVerbose: opt_verbose = 1; break;
+ case oPrefix: opt_prefix = pargs.r.ret_str; break;
+ case oUncompress: opt_uncompress = 1; break;
+ case oSecretToPublic: opt_secret_to_public = 1; break;
+ case oNoSplit: opt_no_split = 1; break;
+ default : pargs.err = 2; break;
+ }
+ }
+
+ if (log_get_errorcount(0))
+ g10_exit (2);
+
+ if (!argc)
+ split_packets (NULL);
+ else
+ {
+ for ( ;argc; argc--, argv++)
+ split_packets (*argv);
+ }
+
+ g10_exit (0);
+ return 0;
+}
+
+
+static void
+g10_exit (int rc)
+{
+ rc = rc? rc : log_get_errorcount(0)? 2 : 0;
+ exit(rc );
+}
+
+static const char *
+pkttype_to_string (int pkttype)
+{
+ const char *s;
+
+ switch (pkttype)
+ {
+ case PKT_PUBKEY_ENC : s = "pk_enc"; break;
+ case PKT_SIGNATURE : s = "sig"; break;
+ case PKT_SYMKEY_ENC : s = "sym_enc"; break;
+ case PKT_ONEPASS_SIG : s = "onepass_sig"; break;
+ case PKT_SECRET_KEY : s = "secret_key"; break;
+ case PKT_PUBLIC_KEY : s = "public_key"; break;
+ case PKT_SECRET_SUBKEY : s = "secret_subkey"; break;
+ case PKT_COMPRESSED :
+ s = opt_uncompress? "uncompressed":"compressed";
+ break;
+ case PKT_ENCRYPTED : s = "encrypted"; break;
+ case PKT_MARKER : s = "marker"; break;
+ case PKT_PLAINTEXT : s = "plaintext"; break;
+ case PKT_RING_TRUST : s = "ring_trust"; break;
+ case PKT_USER_ID : s = "user_id"; break;
+ case PKT_PUBLIC_SUBKEY : s = "public_subkey"; break;
+ case PKT_OLD_COMMENT : s = "old_comment"; break;
+ case PKT_ATTRIBUTE : s = "attribute"; break;
+ case PKT_ENCRYPTED_MDC : s = "encrypted_mdc"; break;
+ case PKT_MDC : s = "mdc"; break;
+ case PKT_COMMENT : s = "comment"; break;
+ case PKT_GPG_CONTROL : s = "gpg_control"; break;
+ default: s = "unknown"; break;
+ }
+ return s;
+}
+
+
+/*
+ * Create a new filename and a return a pointer to a statically
+ * allocated buffer
+ */
+static char *
+create_filename (int pkttype)
+{
+ static unsigned int partno = 0;
+ static char *name;
+
+ if (!name)
+ name = xmalloc (strlen (opt_prefix) + 100 );
+
+ assert (pkttype < 1000 && pkttype >= 0 );
+ partno++;
+ sprintf (name, "%s%06u-%03d" EXTSEP_S "%.40s",
+ opt_prefix, partno, pkttype, pkttype_to_string (pkttype));
+ return name;
+}
+
+static int
+read_u16 (FILE *fp, size_t *rn)
+{
+ int c;
+
+ if ( (c = getc (fp)) == EOF )
+ return -1;
+ *rn = c << 8;
+ if ( (c = getc (fp)) == EOF )
+ return -1;
+ *rn |= c;
+ return 0;
+}
+
+static int
+read_u32 (FILE *fp, unsigned long *rn)
+{
+ size_t tmp;
+
+ if (read_u16 (fp, &tmp))
+ return -1;
+ *rn = tmp << 16;
+ if (read_u16 (fp, &tmp))
+ return -1;
+ *rn |= tmp;
+ return 0;
+}
+
+static int
+write_old_header (FILE *fp, int pkttype, unsigned int len)
+{
+ int ctb = (0x80 | ((pkttype & 15)<<2));
+
+ if (len < 256)
+ ;
+ else if (len < 65536)
+ ctb |= 1;
+ else
+ ctb |= 2;
+
+ if ( putc ( ctb, fp) == EOF )
+ return -1;
+
+ if ( (ctb & 2) )
+ {
+ if (putc ((len>>24), fp) == EOF)
+ return -1;
+ if (putc ((len>>16), fp) == EOF)
+ return -1;
+ }
+ if ( (ctb & 3) )
+ {
+ if (putc ((len>>8), fp) == EOF)
+ return -1;
+ }
+ if (putc ((len&0xff), fp) == EOF)
+ return -1;
+ return 0;
+}
+
+static int
+write_new_header (FILE *fp, int pkttype, unsigned int len)
+{
+ if ( putc ((0xc0 | (pkttype & 0x3f)), fp) == EOF )
+ return -1;
+
+ if (len < 192)
+ {
+ if (putc (len, fp) == EOF)
+ return -1;
+ }
+ else if (len < 8384)
+ {
+ len -= 192;
+ if (putc ((len/256)+192, fp) == EOF)
+ return -1;
+ if (putc ((len%256), fp) == EOF)
+ return -1;
+ }
+ else
+ {
+ if (putc ( 0xff, fp) == EOF)
+ return -1;
+ if (putc ( (len >> 24), fp) == EOF)
+ return -1;
+ if (putc ( (len >> 16), fp) == EOF)
+ return -1;
+ if (putc ( (len >> 8), fp) == EOF)
+ return -1;
+ if (putc ( (len & 0xff), fp) == EOF)
+ return -1;
+ }
+ return 0;
+}
+
+/* Return the length of the public key given BUF of BUFLEN with a
+ secret key. */
+static int
+public_key_length (const unsigned char *buf, size_t buflen)
+{
+ const unsigned char *s;
+ int nmpis;
+
+ /* byte version number (3 or 4)
+ u32 creation time
+ [u16 valid days (version 3 only)]
+ byte algorithm
+ n MPIs (n and e) */
+ if (!buflen)
+ return 0;
+ if (buf[0] < 2 || buf[0] > 4)
+ return 0; /* wrong version number */
+ if (buflen < (buf[0] == 4? 6:8))
+ return 0;
+ s = buf + (buf[0] == 4? 6:8);
+ buflen -= (buf[0] == 4? 6:8);
+ switch (s[-1])
+ {
+ case 1:
+ case 2:
+ case 3:
+ nmpis = 2;
+ break;
+ case 16:
+ case 20:
+ nmpis = 3;
+ break;
+ case 17:
+ nmpis = 4;
+ break;
+ default:
+ return 0;
+ }
+
+ for (; nmpis; nmpis--)
+ {
+ unsigned int nbits, nbytes;
+
+ if (buflen < 2)
+ return 0;
+ nbits = (s[0] << 8) | s[1];
+ s += 2; buflen -= 2;
+ nbytes = (nbits+7) / 8;
+ if (buflen < nbytes)
+ return 0;
+ s += nbytes; buflen -= nbytes;
+ }
+
+ return s - buf;
+}
+
+static int
+handle_zlib(int algo,FILE *fpin,FILE *fpout)
+{
+ z_stream zs;
+ byte *inbuf, *outbuf;
+ unsigned int inbufsize, outbufsize;
+ int c,zinit_done, zrc, nread, count;
+ size_t n;
+
+ memset (&zs, 0, sizeof zs);
+ inbufsize = 2048;
+ inbuf = xmalloc (inbufsize);
+ outbufsize = 8192;
+ outbuf = xmalloc (outbufsize);
+ zs.avail_in = 0;
+ zinit_done = 0;
+
+ do
+ {
+ if (zs.avail_in < inbufsize)
+ {
+ n = zs.avail_in;
+ if (!n)
+ zs.next_in = (Bytef *) inbuf;
+ count = inbufsize - n;
+ for (nread=0;
+ nread < count && (c=getc (fpin)) != EOF;
+ nread++)
+ inbuf[n+nread] = c;
+
+ n += nread;
+ if (nread < count && algo == 1)
+ {
+ inbuf[n] = 0xFF; /* chew dummy byte */
+ n++;
+ }
+ zs.avail_in = n;
+ }
+ zs.next_out = (Bytef *) outbuf;
+ zs.avail_out = outbufsize;
+
+ if (!zinit_done)
+ {
+ zrc = (algo == 1? inflateInit2 ( &zs, -13)
+ : inflateInit ( &zs ));
+ if (zrc != Z_OK)
+ {
+ log_fatal ("zlib problem: %s\n", zs.msg? zs.msg :
+ zrc == Z_MEM_ERROR ? "out of core" :
+ zrc == Z_VERSION_ERROR ?
+ "invalid lib version" :
+ "unknown error" );
+ }
+ zinit_done = 1;
+ }
+ else
+ {
+#ifdef Z_SYNC_FLUSH
+ zrc = inflate (&zs, Z_SYNC_FLUSH);
+#else
+ zrc = inflate (&zs, Z_PARTIAL_FLUSH);
+#endif
+ if (zrc == Z_STREAM_END)
+ ; /* eof */
+ else if (zrc != Z_OK && zrc != Z_BUF_ERROR)
+ {
+ if (zs.msg)
+ log_fatal ("zlib inflate problem: %s\n", zs.msg );
+ else
+ log_fatal ("zlib inflate problem: rc=%d\n", zrc );
+ }
+ for (n=0; n < outbufsize - zs.avail_out; n++)
+ {
+ if (putc (outbuf[n], fpout) == EOF )
+ return 1;
+ }
+ }
+ }
+ while (zrc != Z_STREAM_END && zrc != Z_BUF_ERROR);
+ {
+ int i;
+
+ fputs ("Left over bytes:", stderr);
+ for (i=0; i < zs.avail_in; i++)
+ fprintf (stderr, " %02X", zs.next_in[i]);
+ putc ('\n', stderr);
+
+ }
+ inflateEnd (&zs);
+
+ return 0;
+}
+
+#ifdef HAVE_BZIP2
+static int
+handle_bzip2(int algo,FILE *fpin,FILE *fpout)
+{
+ bz_stream bzs;
+ byte *inbuf, *outbuf;
+ unsigned int inbufsize, outbufsize;
+ int c,zinit_done, zrc, nread, count;
+ size_t n;
+
+ memset (&bzs, 0, sizeof bzs);
+ inbufsize = 2048;
+ inbuf = xmalloc (inbufsize);
+ outbufsize = 8192;
+ outbuf = xmalloc (outbufsize);
+ bzs.avail_in = 0;
+ zinit_done = 0;
+
+ do
+ {
+ if (bzs.avail_in < inbufsize)
+ {
+ n = bzs.avail_in;
+ if (!n)
+ bzs.next_in = inbuf;
+ count = inbufsize - n;
+ for (nread=0;
+ nread < count && (c=getc (fpin)) != EOF;
+ nread++)
+ inbuf[n+nread] = c;
+
+ n += nread;
+ if (nread < count && algo == 1)
+ {
+ inbuf[n] = 0xFF; /* chew dummy byte */
+ n++;
+ }
+ bzs.avail_in = n;
+ }
+ bzs.next_out = outbuf;
+ bzs.avail_out = outbufsize;
+
+ if (!zinit_done)
+ {
+ zrc = BZ2_bzDecompressInit(&bzs,0,0);
+ if (zrc != BZ_OK)
+ log_fatal ("bz2lib problem: %d\n",zrc);
+ zinit_done = 1;
+ }
+ else
+ {
+ zrc = BZ2_bzDecompress(&bzs);
+ if (zrc == BZ_STREAM_END)
+ ; /* eof */
+ else if (zrc != BZ_OK && zrc != BZ_PARAM_ERROR)
+ log_fatal ("bz2lib inflate problem: %d\n", zrc );
+ for (n=0; n < outbufsize - bzs.avail_out; n++)
+ {
+ if (putc (outbuf[n], fpout) == EOF )
+ return 1;
+ }
+ }
+ }
+ while (zrc != BZ_STREAM_END && zrc != BZ_PARAM_ERROR);
+ BZ2_bzDecompressEnd(&bzs);
+
+ return 0;
+}
+#endif /* HAVE_BZIP2 */
+
+/* hdr must point to a buffer large enough to hold all header bytes */
+static int
+write_part (FILE *fpin, unsigned long pktlen,
+ int pkttype, int partial, unsigned char *hdr, size_t hdrlen)
+{
+ FILE *fpout;
+ int c, first;
+ unsigned char *p;
+ const char *outname = create_filename (pkttype);
+
+#if defined(__riscos__) && defined(USE_ZLIBRISCOS)
+ static int initialized = 0;
+
+ if (!initialized)
+ initialized = riscos_load_module("ZLib", zlib_path, 1);
+#endif
+ if (opt_no_split)
+ fpout = stdout;
+ else
+ {
+ if (opt_verbose)
+ log_info ("writing `%s'\n", outname);
+ fpout = fopen (outname, "wb");
+ if (!fpout)
+ {
+ log_error ("error creating `%s': %s\n", outname, strerror(errno));
+ /* stop right now, otherwise we would mess up the sequence
+ of the part numbers */
+ g10_exit (1);
+ }
+ }
+
+ if (opt_secret_to_public
+ && (pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY))
+ {
+ unsigned char *blob = xmalloc (pktlen);
+ int i, len;
+
+ pkttype = pkttype == PKT_SECRET_KEY? PKT_PUBLIC_KEY:PKT_PUBLIC_SUBKEY;
+
+ for (i=0; i < pktlen; i++)
+ {
+ c = getc (fpin);
+ if (c == EOF)
+ goto read_error;
+ blob[i] = c;
+ }
+ len = public_key_length (blob, pktlen);
+ if (!len)
+ {
+ log_error ("error calcualting public key length\n");
+ g10_exit (1);
+ }
+ if ( (hdr[0] & 0x40) )
+ {
+ if (write_new_header (fpout, pkttype, len))
+ goto write_error;
+ }
+ else
+ {
+ if (write_old_header (fpout, pkttype, len))
+ goto write_error;
+ }
+
+ for (i=0; i < len; i++)
+ {
+ if ( putc (blob[i], fpout) == EOF )
+ goto write_error;
+ }
+
+ goto ready;
+ }
+
+
+ if (!opt_uncompress)
+ {
+ for (p=hdr; hdrlen; p++, hdrlen--)
+ {
+ if ( putc (*p, fpout) == EOF )
+ goto write_error;
+ }
+ }
+
+ first = 1;
+ while (partial)
+ {
+ size_t partlen;
+
+ if (partial == 1)
+ { /* openpgp */
+ if (first )
+ {
+ c = pktlen;
+ assert( c >= 224 && c < 255 );
+ first = 0;
+ }
+ else if ((c = getc (fpin)) == EOF )
+ goto read_error;
+ else
+ hdr[hdrlen++] = c;
+
+ if (c < 192)
+ {
+ pktlen = c;
+ partial = 0; /* (last segment may follow) */
+ }
+ else if (c < 224 )
+ {
+ pktlen = (c - 192) * 256;
+ if ((c = getc (fpin)) == EOF)
+ goto read_error;
+ hdr[hdrlen++] = c;
+ pktlen += c + 192;
+ partial = 0;
+ }
+ else if (c == 255)
+ {
+ if (read_u32 (fpin, &pktlen))
+ goto read_error;
+ hdr[hdrlen++] = pktlen >> 24;
+ hdr[hdrlen++] = pktlen >> 16;
+ hdr[hdrlen++] = pktlen >> 8;
+ hdr[hdrlen++] = pktlen;
+ partial = 0;
+ }
+ else
+ { /* next partial body length */
+ for (p=hdr; hdrlen; p++, hdrlen--)
+ {
+ if ( putc (*p, fpout) == EOF )
+ goto write_error;
+ }
+ partlen = 1 << (c & 0x1f);
+ for (; partlen; partlen--)
+ {
+ if ((c = getc (fpin)) == EOF)
+ goto read_error;
+ if ( putc (c, fpout) == EOF )
+ goto write_error;
+ }
+ }
+ }
+ else if (partial == 2)
+ { /* old gnupg */
+ assert (!pktlen);
+ if ( read_u16 (fpin, &partlen) )
+ goto read_error;
+ hdr[hdrlen++] = partlen >> 8;
+ hdr[hdrlen++] = partlen;
+ for (p=hdr; hdrlen; p++, hdrlen--)
+ {
+ if ( putc (*p, fpout) == EOF )
+ goto write_error;
+ }
+ if (!partlen)
+ partial = 0; /* end of packet */
+ for (; partlen; partlen--)
+ {
+ c = getc (fpin);
+ if (c == EOF)
+ goto read_error;
+ if ( putc (c, fpout) == EOF )
+ goto write_error;
+ }
+ }
+ else
+ { /* compressed: read to end */
+ pktlen = 0;
+ partial = 0;
+ hdrlen = 0;
+ if (opt_uncompress)
+ {
+ if ((c = getc (fpin)) == EOF)
+ goto read_error;
+
+ if(c==1 || c==2)
+ {
+ if(handle_zlib(c,fpin,fpout))
+ goto write_error;
+ }
+#ifdef HAVE_BZIP2
+ else if(c==3)
+ {
+ if(handle_bzip2(c,fpin,fpout))
+ goto write_error;
+ }
+#endif /* HAVE_BZIP2 */
+ else
+ {
+ log_error("invalid compression algorithm (%d)\n",c);
+ goto read_error;
+ }
+ }
+ else
+ {
+ while ( (c=getc (fpin)) != EOF )
+ {
+ if ( putc (c, fpout) == EOF )
+ goto write_error;
+ }
+ }
+ if (!feof (fpin))
+ goto read_error;
+ }
+ }
+
+ for (p=hdr; hdrlen; p++, hdrlen--)
+ {
+ if ( putc (*p, fpout) == EOF )
+ goto write_error;
+ }
+
+ /* standard packet or last segment of partial length encoded packet */
+ for (; pktlen; pktlen--)
+ {
+ c = getc (fpin);
+ if (c == EOF)
+ goto read_error;
+ if ( putc (c, fpout) == EOF )
+ goto write_error;
+ }
+
+ ready:
+ if ( !opt_no_split && fclose (fpout) )
+ log_error ("error closing `%s': %s\n", outname, strerror (errno));
+ return 0;
+
+ write_error:
+ log_error ("error writing `%s': %s\n", outname, strerror (errno));
+ if (!opt_no_split)
+ fclose (fpout);
+ return 2;
+
+ read_error:
+ if (!opt_no_split)
+ {
+ int save = errno;
+ fclose (fpout);
+ errno = save;
+ }
+ return -1;
+}
+
+
+
+static int
+do_split (FILE *fp)
+{
+ int c, ctb, pkttype;
+ unsigned long pktlen = 0;
+ int partial = 0;
+ unsigned char header[20];
+ int header_idx = 0;
+
+ ctb = getc (fp);
+ if (ctb == EOF)
+ return 3; /* ready */
+ header[header_idx++] = ctb;
+
+ if (!(ctb & 0x80))
+ {
+ log_error("invalid CTB %02x\n", ctb );
+ return 1;
+ }
+ if ( (ctb & 0x40) )
+ { /* new CTB */
+ pkttype = (ctb & 0x3f);
+ if( (c = getc (fp)) == EOF )
+ return -1;
+ header[header_idx++] = c;
+
+ if ( c < 192 )
+ pktlen = c;
+ else if ( c < 224 )
+ {
+ pktlen = (c - 192) * 256;
+ if( (c = getc (fp)) == EOF )
+ return -1;
+ header[header_idx++] = c;
+ pktlen += c + 192;
+ }
+ else if ( c == 255 )
+ {
+ if (read_u32 (fp, &pktlen))
+ return -1;
+ header[header_idx++] = pktlen >> 24;
+ header[header_idx++] = pktlen >> 16;
+ header[header_idx++] = pktlen >> 8;
+ header[header_idx++] = pktlen;
+ }
+ else
+ { /* partial body length */
+ pktlen = c;
+ partial = 1;
+ }
+ }
+ else
+ {
+ int lenbytes;
+
+ pkttype = (ctb>>2)&0xf;
+ lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
+ if (!lenbytes )
+ {
+ pktlen = 0; /* don't know the value */
+ if( pkttype == PKT_COMPRESSED )
+ partial = 3;
+ else
+ partial = 2; /* the old GnuPG partial length encoding */
+ }
+ else
+ {
+ for ( ; lenbytes; lenbytes-- )
+ {
+ pktlen <<= 8;
+ if( (c = getc (fp)) == EOF )
+ return -1;
+ header[header_idx++] = c;
+
+ pktlen |= c;
+ }
+ }
+ }
+
+ return write_part (fp, pktlen, pkttype, partial, header, header_idx);
+}
+
+
+static void
+split_packets (const char *fname)
+{
+ FILE *fp;
+ int rc;
+
+ if (!fname || !strcmp (fname, "-"))
+ {
+ fp = stdin;
+ fname = "-";
+ }
+ else if ( !(fp = fopen (fname,"rb")) )
+ {
+ log_error ("can't open `%s': %s\n", fname, strerror (errno));
+ return;
+ }
+
+ while ( !(rc = do_split (fp)) )
+ ;
+ if ( rc > 0 )
+ ; /* error already handled */
+ else if ( ferror (fp) )
+ log_error ("error reading `%s': %s\n", fname, strerror (errno));
+ else
+ log_error ("premature EOF while reading `%s'\n", fname );
+
+ if ( fp != stdin )
+ fclose (fp);
+}
diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c
new file mode 100644
index 0000000..09587e4
--- /dev/null
+++ b/tools/gpgtar-create.c
@@ -0,0 +1,903 @@
+/* gpgtar-create.c - Create a TAR archive
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <dirent.h>
+#ifdef HAVE_W32_SYSTEM
+# define WIN32_LEAN_AND_MEAN
+# include <windows.h>
+# include <fcntl.h> /* for setmode() */
+#else /*!HAVE_W32_SYSTEM*/
+# include <unistd.h>
+# include <pwd.h>
+# include <grp.h>
+#endif /*!HAVE_W32_SYSTEM*/
+#include <assert.h>
+
+#include "i18n.h"
+#include "../common/sysutils.h"
+#include "gpgtar.h"
+
+#ifndef HAVE_LSTAT
+#define lstat(a,b) stat ((a), (b))
+#endif
+
+
+/* Object to control the file scanning. */
+struct scanctrl_s;
+typedef struct scanctrl_s *scanctrl_t;
+struct scanctrl_s
+{
+ tar_header_t flist;
+ tar_header_t *flist_tail;
+ int nestlevel;
+};
+
+
+
+
+/* Given a fresh header object HDR with only the name field set, try
+ to gather all available info. This is the W32 version. */
+#ifdef HAVE_W32_SYSTEM
+static gpg_error_t
+fillup_entry_w32 (tar_header_t hdr)
+{
+ char *p;
+ wchar_t *wfname;
+ WIN32_FILE_ATTRIBUTE_DATA fad;
+ DWORD attr;
+
+ for (p=hdr->name; *p; p++)
+ if (*p == '/')
+ *p = '\\';
+ wfname = utf8_to_wchar (hdr->name);
+ for (p=hdr->name; *p; p++)
+ if (*p == '\\')
+ *p = '/';
+ if (!wfname)
+ {
+ log_error ("error utf8-ing `%s': %s\n", hdr->name, w32_strerror (-1));
+ return gpg_error_from_syserror ();
+ }
+ if (!GetFileAttributesExW (wfname, GetFileExInfoStandard, &fad))
+ {
+ log_error ("error stat-ing `%s': %s\n", hdr->name, w32_strerror (-1));
+ xfree (wfname);
+ return gpg_error_from_syserror ();
+ }
+ xfree (wfname);
+
+ attr = fad.dwFileAttributes;
+
+ if ((attr & FILE_ATTRIBUTE_NORMAL))
+ hdr->typeflag = TF_REGULAR;
+ else if ((attr & FILE_ATTRIBUTE_DIRECTORY))
+ hdr->typeflag = TF_DIRECTORY;
+ else if ((attr & FILE_ATTRIBUTE_DEVICE))
+ hdr->typeflag = TF_NOTSUP;
+ else if ((attr & (FILE_ATTRIBUTE_OFFLINE | FILE_ATTRIBUTE_TEMPORARY)))
+ hdr->typeflag = TF_NOTSUP;
+ else
+ hdr->typeflag = TF_REGULAR;
+
+ /* Map some attributes to USTAR defined mode bits. */
+ hdr->mode = 0640; /* User may read and write, group only read. */
+ if ((attr & FILE_ATTRIBUTE_DIRECTORY))
+ hdr->mode |= 0110; /* Dirs are user and group executable. */
+ if ((attr & FILE_ATTRIBUTE_READONLY))
+ hdr->mode &= ~0200; /* Clear the user write bit. */
+ if ((attr & FILE_ATTRIBUTE_HIDDEN))
+ hdr->mode &= ~0707; /* Clear all user and other bits. */
+ if ((attr & FILE_ATTRIBUTE_SYSTEM))
+ hdr->mode |= 0004; /* Make it readable by other. */
+
+ /* Only set the size for a regular file. */
+ if (hdr->typeflag == TF_REGULAR)
+ hdr->size = (fad.nFileSizeHigh * (unsigned long long)(MAXDWORD+1)
+ + fad.nFileSizeLow);
+
+ hdr->mtime = (((unsigned long long)fad.ftLastWriteTime.dwHighDateTime << 32)
+ | fad.ftLastWriteTime.dwLowDateTime);
+ if (!hdr->mtime)
+ hdr->mtime = (((unsigned long long)fad.ftCreationTime.dwHighDateTime << 32)
+ | fad.ftCreationTime.dwLowDateTime);
+ hdr->mtime -= 116444736000000000ULL; /* The filetime epoch is 1601-01-01. */
+ hdr->mtime /= 10000000; /* Convert from 0.1us to seconds. */
+
+ return 0;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+/* Given a fresh header obje`<ct HDR with only the name field set, try
+ to gather all available info. This is the POSIX version. */
+#ifndef HAVE_W32_SYSTEM
+static gpg_error_t
+fillup_entry_posix (tar_header_t hdr)
+{
+ gpg_error_t err;
+ struct stat sbuf;
+
+ if (lstat (hdr->name, &sbuf))
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error stat-ing `%s': %s\n", hdr->name, gpg_strerror (err));
+ return err;
+ }
+
+ if (S_ISREG (sbuf.st_mode))
+ hdr->typeflag = TF_REGULAR;
+ else if (S_ISDIR (sbuf.st_mode))
+ hdr->typeflag = TF_DIRECTORY;
+ else if (S_ISCHR (sbuf.st_mode))
+ hdr->typeflag = TF_CHARDEV;
+ else if (S_ISBLK (sbuf.st_mode))
+ hdr->typeflag = TF_BLOCKDEV;
+ else if (S_ISFIFO (sbuf.st_mode))
+ hdr->typeflag = TF_FIFO;
+ else if (S_ISLNK (sbuf.st_mode))
+ hdr->typeflag = TF_SYMLINK;
+ else
+ hdr->typeflag = TF_NOTSUP;
+
+ /* FIXME: Save DEV and INO? */
+
+ /* Set the USTAR defined mode bits using the system macros. */
+ if (sbuf.st_mode & S_IRUSR)
+ hdr->mode |= 0400;
+ if (sbuf.st_mode & S_IWUSR)
+ hdr->mode |= 0200;
+ if (sbuf.st_mode & S_IXUSR)
+ hdr->mode |= 0100;
+ if (sbuf.st_mode & S_IRGRP)
+ hdr->mode |= 0040;
+ if (sbuf.st_mode & S_IWGRP)
+ hdr->mode |= 0020;
+ if (sbuf.st_mode & S_IXGRP)
+ hdr->mode |= 0010;
+ if (sbuf.st_mode & S_IROTH)
+ hdr->mode |= 0004;
+ if (sbuf.st_mode & S_IWOTH)
+ hdr->mode |= 0002;
+ if (sbuf.st_mode & S_IXOTH)
+ hdr->mode |= 0001;
+#ifdef S_IXUID
+ if (sbuf.st_mode & S_IXUID)
+ hdr->mode |= 04000;
+#endif
+#ifdef S_IXGID
+ if (sbuf.st_mode & S_IXGID)
+ hdr->mode |= 02000;
+#endif
+#ifdef S_ISVTX
+ if (sbuf.st_mode & S_ISVTX)
+ hdr->mode |= 01000;
+#endif
+
+ hdr->nlink = sbuf.st_nlink;
+
+ hdr->uid = sbuf.st_uid;
+ hdr->gid = sbuf.st_gid;
+
+ /* Only set the size for a regular file. */
+ if (hdr->typeflag == TF_REGULAR)
+ hdr->size = sbuf.st_size;
+
+ hdr->mtime = sbuf.st_mtime;
+
+ return 0;
+}
+#endif /*!HAVE_W32_SYSTEM*/
+
+
+/* Add a new entry. The name of a director entry is ENTRYNAME; if
+ that is NULL, DNAME is the name of the directory itself. Under
+ Windows ENTRYNAME shall have backslashes replaced by standard
+ slashes. */
+static gpg_error_t
+add_entry (const char *dname, const char *entryname, scanctrl_t scanctrl)
+{
+ gpg_error_t err;
+ tar_header_t hdr;
+ char *p;
+ size_t dnamelen = strlen (dname);
+
+ assert (dnamelen);
+
+ hdr = xtrycalloc (1, sizeof *hdr + dnamelen + 1
+ + (entryname? strlen (entryname) : 0) + 1);
+ if (!hdr)
+ return gpg_error_from_syserror ();
+
+ p = stpcpy (hdr->name, dname);
+ if (entryname)
+ {
+ if (dname[dnamelen-1] != '/')
+ *p++ = '/';
+ strcpy (p, entryname);
+ }
+ else
+ {
+ if (hdr->name[dnamelen-1] == '/')
+ hdr->name[dnamelen-1] = 0;
+ }
+#ifdef HAVE_DOSISH_SYSTEM
+ err = fillup_entry_w32 (hdr);
+#else
+ err = fillup_entry_posix (hdr);
+#endif
+ if (err)
+ xfree (hdr);
+ else
+ {
+ if (opt.verbose)
+ gpgtar_print_header (hdr, es_stderr);
+ *scanctrl->flist_tail = hdr;
+ scanctrl->flist_tail = &hdr->next;
+ }
+
+ return 0;
+}
+
+
+static gpg_error_t
+scan_directory (const char *dname, scanctrl_t scanctrl)
+{
+ gpg_error_t err = 0;
+
+#ifdef HAVE_W32_SYSTEM
+ WIN32_FIND_DATAW fi;
+ HANDLE hd = INVALID_HANDLE_VALUE;
+ char *p;
+
+ if (!*dname)
+ return 0; /* An empty directory name has no entries. */
+
+ {
+ char *fname;
+ wchar_t *wfname;
+
+ fname = xtrymalloc (strlen (dname) + 2 + 2 + 1);
+ if (!fname)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ if (!strcmp (dname, "/"))
+ strcpy (fname, "/*"); /* Trailing slash is not allowed. */
+ else if (!strcmp (dname, "."))
+ strcpy (fname, "*");
+ else if (*dname && dname[strlen (dname)-1] == '/')
+ strcpy (stpcpy (fname, dname), "*");
+ else if (*dname && dname[strlen (dname)-1] != '*')
+ strcpy (stpcpy (fname, dname), "/*");
+ else
+ strcpy (fname, dname);
+
+ for (p=fname; *p; p++)
+ if (*p == '/')
+ *p = '\\';
+ wfname = utf8_to_wchar (fname);
+ xfree (fname);
+ if (!wfname)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error reading directory `%s': %s\n"),
+ dname, gpg_strerror (err));
+ goto leave;
+ }
+ hd = FindFirstFileW (wfname, &fi);
+ if (hd == INVALID_HANDLE_VALUE)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error reading directory `%s': %s\n"),
+ dname, w32_strerror (-1));
+ xfree (wfname);
+ goto leave;
+ }
+ xfree (wfname);
+ }
+
+ do
+ {
+ char *fname = wchar_to_utf8 (fi.cFileName);
+ if (!fname)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error utf8-ing filename: %s\n", w32_strerror (-1));
+ break;
+ }
+ for (p=fname; *p; p++)
+ if (*p == '\\')
+ *p = '/';
+ if (!strcmp (fname, "." ) || !strcmp (fname, ".."))
+ err = 0; /* Skip self and parent dir entry. */
+ else if (!strncmp (dname, "./", 2) && dname[2])
+ err = add_entry (dname+2, fname, scanctrl);
+ else
+ err = add_entry (dname, fname, scanctrl);
+ xfree (fname);
+ }
+ while (!err && FindNextFileW (hd, &fi));
+ if (err)
+ ;
+ else if (GetLastError () == ERROR_NO_MORE_FILES)
+ err = 0;
+ else
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error reading directory `%s': %s\n"),
+ dname, w32_strerror (-1));
+ }
+
+ leave:
+ if (hd != INVALID_HANDLE_VALUE)
+ FindClose (hd);
+
+#else /*!HAVE_W32_SYSTEM*/
+ DIR *dir;
+ struct dirent *de;
+
+ if (!*dname)
+ return 0; /* An empty directory name has no entries. */
+
+ dir = opendir (dname);
+ if (!dir)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("error reading directory `%s': %s\n"),
+ dname, gpg_strerror (err));
+ return err;
+ }
+
+ while ((de = readdir (dir)))
+ {
+ if (!strcmp (de->d_name, "." ) || !strcmp (de->d_name, ".."))
+ continue; /* Skip self and parent dir entry. */
+
+ err = add_entry (dname, de->d_name, scanctrl);
+ if (err)
+ goto leave;
+ }
+
+ leave:
+ closedir (dir);
+#endif /*!HAVE_W32_SYSTEM*/
+ return err;
+}
+
+
+static gpg_error_t
+scan_recursive (const char *dname, scanctrl_t scanctrl)
+{
+ gpg_error_t err = 0;
+ tar_header_t hdr, *start_tail, *stop_tail;
+
+ if (scanctrl->nestlevel > 200)
+ {
+ log_error ("directories too deeply nested\n");
+ return gpg_error (GPG_ERR_RESOURCE_LIMIT);
+ }
+ scanctrl->nestlevel++;
+
+ assert (scanctrl->flist_tail);
+ start_tail = scanctrl->flist_tail;
+ scan_directory (dname, scanctrl);
+ stop_tail = scanctrl->flist_tail;
+ hdr = *start_tail;
+ for (; hdr && hdr != *stop_tail; hdr = hdr->next)
+ if (hdr->typeflag == TF_DIRECTORY)
+ {
+ if (opt.verbose > 1)
+ log_info ("scanning directory `%s'\n", hdr->name);
+ scan_recursive (hdr->name, scanctrl);
+ }
+
+ scanctrl->nestlevel--;
+ return err;
+}
+
+
+/* Returns true if PATTERN is acceptable. */
+static int
+pattern_valid_p (const char *pattern)
+{
+ if (!*pattern)
+ return 0;
+ if (*pattern == '.' && pattern[1] == '.')
+ return 0;
+ if (*pattern == '/' || *pattern == DIRSEP_C)
+ return 0; /* Absolute filenames are not supported. */
+#ifdef HAVE_DRIVE_LETTERS
+ if (((*pattern >= 'a' && *pattern <= 'z')
+ || (*pattern >= 'A' && *pattern <= 'Z'))
+ && pattern[1] == ':')
+ return 0; /* Drive letter are not allowed either. */
+#endif /*HAVE_DRIVE_LETTERS*/
+
+ return 1; /* Okay. */
+}
+
+
+
+static void
+store_xoctal (char *buffer, size_t length, unsigned long long value)
+{
+ char *p, *pend;
+ size_t n;
+ unsigned long long v;
+
+ assert (length > 1);
+
+ v = value;
+ n = length;
+ p = pend = buffer + length;
+ *--p = 0; /* Nul byte. */
+ n--;
+ do
+ {
+ *--p = '0' + (v % 8);
+ v /= 8;
+ n--;
+ }
+ while (v && n);
+ if (!v)
+ {
+ /* Pad. */
+ for ( ; n; n--)
+ *--p = '0';
+ }
+ else /* Does not fit into the field. Store as binary number. */
+ {
+ v = value;
+ n = length;
+ p = pend = buffer + length;
+ do
+ {
+ *--p = v;
+ v /= 256;
+ n--;
+ }
+ while (v && n);
+ if (!v)
+ {
+ /* Pad. */
+ for ( ; n; n--)
+ *--p = 0;
+ if (*p & 0x80)
+ BUG ();
+ *p |= 0x80; /* Set binary flag. */
+ }
+ else
+ BUG ();
+ }
+}
+
+
+static void
+store_uname (char *buffer, size_t length, unsigned long uid)
+{
+ static int initialized;
+ static unsigned long lastuid;
+ static char lastuname[32];
+
+ if (!initialized || uid != lastuid)
+ {
+#ifdef HAVE_W32_SYSTEM
+ mem2str (lastuname, uid? "user":"root", sizeof lastuname);
+#else
+ struct passwd *pw = getpwuid (uid);
+
+ lastuid = uid;
+ initialized = 1;
+ if (pw)
+ mem2str (lastuname, pw->pw_name, sizeof lastuname);
+ else
+ {
+ log_info ("failed to get name for uid %lu\n", uid);
+ *lastuname = 0;
+ }
+#endif
+ }
+ mem2str (buffer, lastuname, length);
+}
+
+
+static void
+store_gname (char *buffer, size_t length, unsigned long gid)
+{
+ static int initialized;
+ static unsigned long lastgid;
+ static char lastgname[32];
+
+ if (!initialized || gid != lastgid)
+ {
+#ifdef HAVE_W32_SYSTEM
+ mem2str (lastgname, gid? "users":"root", sizeof lastgname);
+#else
+ struct group *gr = getgrgid (gid);
+
+ lastgid = gid;
+ initialized = 1;
+ if (gr)
+ mem2str (lastgname, gr->gr_name, sizeof lastgname);
+ else
+ {
+ log_info ("failed to get name for gid %lu\n", gid);
+ *lastgname = 0;
+ }
+#endif
+ }
+ mem2str (buffer, lastgname, length);
+}
+
+
+static gpg_error_t
+build_header (void *record, tar_header_t hdr)
+{
+ gpg_error_t err;
+ struct ustar_raw_header *raw = record;
+ size_t namelen, n;
+ unsigned long chksum;
+ unsigned char *p;
+
+ memset (record, 0, RECORDSIZE);
+
+ /* Store name and prefix. */
+ namelen = strlen (hdr->name);
+ if (namelen < sizeof raw->name)
+ memcpy (raw->name, hdr->name, namelen);
+ else
+ {
+ n = (namelen < sizeof raw->prefix)? namelen : sizeof raw->prefix;
+ for (n--; n ; n--)
+ if (hdr->name[n] == '/')
+ break;
+ if (namelen - n < sizeof raw->name)
+ {
+ /* Note that the N is < sizeof prefix and that the
+ delimiting slash is not stored. */
+ memcpy (raw->prefix, hdr->name, n);
+ memcpy (raw->name, hdr->name+n+1, namelen - n);
+ }
+ else
+ {
+ err = gpg_error (GPG_ERR_TOO_LARGE);
+ log_error ("error storing file `%s': %s\n",
+ hdr->name, gpg_strerror (err));
+ return err;
+ }
+ }
+
+ store_xoctal (raw->mode, sizeof raw->mode, hdr->mode);
+ store_xoctal (raw->uid, sizeof raw->uid, hdr->uid);
+ store_xoctal (raw->gid, sizeof raw->gid, hdr->gid);
+ store_xoctal (raw->size, sizeof raw->size, hdr->size);
+ store_xoctal (raw->mtime, sizeof raw->mtime, hdr->mtime);
+
+ switch (hdr->typeflag)
+ {
+ case TF_REGULAR: raw->typeflag[0] = '0'; break;
+ case TF_HARDLINK: raw->typeflag[0] = '1'; break;
+ case TF_SYMLINK: raw->typeflag[0] = '2'; break;
+ case TF_CHARDEV: raw->typeflag[0] = '3'; break;
+ case TF_BLOCKDEV: raw->typeflag[0] = '4'; break;
+ case TF_DIRECTORY: raw->typeflag[0] = '5'; break;
+ case TF_FIFO: raw->typeflag[0] = '6'; break;
+ default: return gpg_error (GPG_ERR_NOT_SUPPORTED);
+ }
+
+ memcpy (raw->magic, "ustar", 6);
+ raw->version[0] = '0';
+ raw->version[1] = '0';
+
+ store_uname (raw->uname, sizeof raw->uname, hdr->uid);
+ store_gname (raw->gname, sizeof raw->gname, hdr->gid);
+
+#ifndef HAVE_W32_SYSTEM
+ if (hdr->typeflag == TF_SYMLINK)
+ {
+ int nread;
+
+ nread = readlink (hdr->name, raw->linkname, sizeof raw->linkname -1);
+ if (nread < 0)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error reading symlink `%s': %s\n",
+ hdr->name, gpg_strerror (err));
+ return err;
+ }
+ raw->linkname[nread] = 0;
+ }
+#endif /*HAVE_W32_SYSTEM*/
+
+ /* Compute the checksum. */
+ memset (raw->checksum, ' ', sizeof raw->checksum);
+ chksum = 0;
+ p = record;
+ for (n=0; n < RECORDSIZE; n++)
+ chksum += *p++;
+ store_xoctal (raw->checksum, sizeof raw->checksum - 1, chksum);
+ raw->checksum[7] = ' ';
+
+ return 0;
+}
+
+
+static gpg_error_t
+write_file (estream_t stream, tar_header_t hdr)
+{
+ gpg_error_t err;
+ char record[RECORDSIZE];
+ estream_t infp;
+ size_t nread, nbytes;
+ int any;
+
+ err = build_header (record, hdr);
+ if (err)
+ {
+ if (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED)
+ {
+ log_info ("skipping unsupported file `%s'\n", hdr->name);
+ err = 0;
+ }
+ return err;
+ }
+
+ if (hdr->typeflag == TF_REGULAR)
+ {
+ infp = es_fopen (hdr->name, "rb");
+ if (!infp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("can't open `%s': %s - skipped\n",
+ hdr->name, gpg_strerror (err));
+ return err;
+ }
+ }
+ else
+ infp = NULL;
+
+ err = write_record (stream, record);
+ if (err)
+ goto leave;
+
+ if (hdr->typeflag == TF_REGULAR)
+ {
+ hdr->nrecords = (hdr->size + RECORDSIZE-1)/RECORDSIZE;
+ any = 0;
+ while (hdr->nrecords--)
+ {
+ nbytes = hdr->nrecords? RECORDSIZE : (hdr->size % RECORDSIZE);
+ if (!nbytes)
+ nbytes = RECORDSIZE;
+ nread = es_fread (record, 1, nbytes, infp);
+ if (nread != nbytes)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error reading file `%s': %s%s\n",
+ hdr->name, gpg_strerror (err),
+ any? " (file shrunk?)":"");
+ goto leave;
+ }
+ any = 1;
+ err = write_record (stream, record);
+ if (err)
+ goto leave;
+ }
+ nread = es_fread (record, 1, 1, infp);
+ if (nread)
+ log_info ("note: file `%s' has grown\n", hdr->name);
+ }
+
+ leave:
+ if (err)
+ es_fclose (infp);
+ else if ((err = es_fclose (infp)))
+ log_error ("error closing file `%s': %s\n", hdr->name, gpg_strerror (err));
+
+ return err;
+}
+
+
+static gpg_error_t
+write_eof_mark (estream_t stream)
+{
+ gpg_error_t err;
+ char record[RECORDSIZE];
+
+ memset (record, 0, sizeof record);
+ err = write_record (stream, record);
+ if (!err)
+ err = write_record (stream, record);
+ return err;
+}
+
+
+
+/* Create a new tarball using the names in the array INPATTERN. If
+ INPATTERN is NULL take the pattern as null terminated strings from
+ stdin. */
+void
+gpgtar_create (char **inpattern)
+{
+ gpg_error_t err = 0;
+ struct scanctrl_s scanctrl_buffer;
+ scanctrl_t scanctrl = &scanctrl_buffer;
+ tar_header_t hdr, *start_tail;
+ estream_t outstream = NULL;
+ int eof_seen = 0;
+
+#ifdef HAVE_DOSISH_SYSTEM
+ if (!inpattern)
+ setmode (es_fileno (es_stdin), O_BINARY);
+#endif
+
+ memset (scanctrl, 0, sizeof *scanctrl);
+ scanctrl->flist_tail = &scanctrl->flist;
+
+ while (!eof_seen)
+ {
+ char *pat, *p;
+ int skip_this = 0;
+
+ if (inpattern)
+ {
+ const char *pattern = *inpattern;
+
+ if (!pattern)
+ break; /* End of array. */
+ inpattern++;
+
+ if (!*pattern)
+ continue;
+
+ pat = xtrystrdup (pattern);
+ }
+ else /* Read null delimited pattern from stdin. */
+ {
+ int c;
+ char namebuf[4096];
+ size_t n = 0;
+
+ for (;;)
+ {
+ if ((c = es_getc (es_stdin)) == EOF)
+ {
+ if (es_ferror (es_stdin))
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error reading `%s': %s\n",
+ "[stdin]", strerror (errno));
+ goto leave;
+ }
+ /* Note: The Nul is a delimiter and not a terminator. */
+ c = 0;
+ eof_seen = 1;
+ }
+ if (n >= sizeof namebuf - 1)
+ {
+ if (!skip_this)
+ {
+ skip_this = 1;
+ log_error ("error reading `%s': %s\n",
+ "[stdin]", "filename too long");
+ }
+ }
+ else
+ namebuf[n++] = c;
+ if (!c)
+ {
+ namebuf[n] = 0;
+ break;
+ }
+ }
+
+ if (skip_this || n < 2)
+ continue;
+
+ pat = xtrystrdup (namebuf);
+ }
+
+ if (!pat)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("memory allocation problem: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+ for (p=pat; *p; p++)
+ if (*p == '\\')
+ *p = '/';
+
+ if (opt.verbose > 1)
+ log_info ("scanning `%s'\n", pat);
+
+ start_tail = scanctrl->flist_tail;
+ if (skip_this || !pattern_valid_p (pat))
+ log_error ("skipping invalid name `%s'\n", pat);
+ else if (!add_entry (pat, NULL, scanctrl)
+ && *start_tail && ((*start_tail)->typeflag & TF_DIRECTORY))
+ scan_recursive (pat, scanctrl);
+
+ xfree (pat);
+ }
+
+ if (opt.outfile)
+ {
+ if (!strcmp (opt.outfile, "-"))
+ outstream = es_stdout;
+ else
+ outstream = es_fopen (opt.outfile, "wb");
+ if (!outstream)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("can't create `%s': %s\n"),
+ opt.outfile, gpg_strerror (err));
+ goto leave;
+ }
+ }
+ else
+ {
+ outstream = es_stdout;
+ }
+
+#ifdef HAVE_DOSISH_SYSTEM
+ if (outstream == es_stdout)
+ setmode (es_fileno (es_stdout), O_BINARY);
+#endif
+
+ for (hdr = scanctrl->flist; hdr; hdr = hdr->next)
+ {
+ err = write_file (outstream, hdr);
+ if (err)
+ goto leave;
+ }
+ err = write_eof_mark (outstream);
+
+ leave:
+ if (!err)
+ {
+ if (outstream != es_stdout)
+ err = es_fclose (outstream);
+ else
+ err = es_fflush (outstream);
+ outstream = NULL;
+ }
+ if (err)
+ {
+ log_error ("creating tarball `%s' failed: %s\n",
+ es_fname_get (outstream), gpg_strerror (err));
+ if (outstream && outstream != es_stdout)
+ es_fclose (outstream);
+ if (opt.outfile)
+ remove (opt.outfile);
+ }
+ scanctrl->flist_tail = NULL;
+ while ( (hdr = scanctrl->flist) )
+ {
+ scanctrl->flist = hdr->next;
+ xfree (hdr);
+ }
+}
diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c
new file mode 100644
index 0000000..736c7fc
--- /dev/null
+++ b/tools/gpgtar-extract.c
@@ -0,0 +1,349 @@
+/* gpgtar-extract.c - Extract from a TAR archive
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <assert.h>
+#ifdef HAVE_W32_SYSTEM
+# include <fcntl.h> /* for setmode() */
+#endif /*HAVE_W32_SYSTEM*/
+
+#include "i18n.h"
+#include "../common/sysutils.h"
+#include "gpgtar.h"
+
+#ifndef GPG_ERR_LIMIT_REACHED
+#define GPG_ERR_LIMIT_REACHED 183
+#endif
+
+
+static gpg_error_t
+extract_regular (estream_t stream, const char *dirname,
+ tar_header_t hdr)
+{
+ gpg_error_t err;
+ char record[RECORDSIZE];
+ size_t n, nbytes, nwritten;
+ char *fname;
+ estream_t outfp = NULL;
+
+ fname = strconcat (dirname, "/", hdr->name, NULL);
+ if (!fname)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error creating filename: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+ else
+ err = 0;
+
+ outfp = es_fopen (fname, "wb");
+ if (!outfp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error creating `%s': %s\n", fname, gpg_strerror (err));
+ goto leave;
+ }
+
+ for (n=0; n < hdr->nrecords;)
+ {
+ err = read_record (stream, record);
+ if (err)
+ goto leave;
+ n++;
+ nbytes = (n < hdr->nrecords)? RECORDSIZE : (hdr->size % RECORDSIZE);
+ nwritten = es_fwrite (record, 1, nbytes, outfp);
+ if (nwritten != nbytes)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error writing `%s': %s\n", fname, gpg_strerror (err));
+ goto leave;
+ }
+ }
+ /* Fixme: Set permissions etc. */
+
+ leave:
+ if (!err && opt.verbose)
+ log_info ("extracted `%s'\n", fname);
+ es_fclose (outfp);
+ if (err && fname && outfp)
+ {
+ if (remove (fname))
+ log_error ("error removing incomplete file `%s': %s\n",
+ fname, gpg_strerror (gpg_error_from_syserror ()));
+ }
+ xfree (fname);
+ return err;
+}
+
+
+static gpg_error_t
+extract_directory (const char *dirname, tar_header_t hdr)
+{
+ gpg_error_t err;
+ char *fname;
+ size_t prefixlen;
+
+ prefixlen = strlen (dirname) + 1;
+ fname = strconcat (dirname, "/", hdr->name, NULL);
+ if (!fname)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error creating filename: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+ else
+ err = 0;
+
+ if (fname[strlen (fname)-1] == '/')
+ fname[strlen (fname)-1] = 0;
+
+ /* Note that we don't need to care about EEXIST because we always
+ extract into a new hierarchy. */
+ if (gnupg_mkdir (fname, "-rwx------"))
+ {
+ err = gpg_error_from_syserror ();
+ if (gpg_err_code (err) == GPG_ERR_ENOENT)
+ {
+ /* Try to create the directory with parents but keep the
+ original error code in case of a failure. */
+ char *p;
+ int rc = 0;
+
+ for (p = fname+prefixlen; (p = strchr (p, '/')); p++)
+ {
+ *p = 0;
+ rc = gnupg_mkdir (fname, "-rwx------");
+ *p = '/';
+ if (rc)
+ break;
+ }
+ if (!rc && !gnupg_mkdir (fname, "-rwx------"))
+ err = 0;
+ }
+ if (err)
+ log_error ("error creating directory `%s': %s\n",
+ fname, gpg_strerror (err));
+ }
+
+ leave:
+ if (!err && opt.verbose)
+ log_info ("created `%s/'\n", fname);
+ xfree (fname);
+ return err;
+}
+
+
+static gpg_error_t
+extract (estream_t stream, const char *dirname, tar_header_t hdr)
+{
+ gpg_error_t err;
+ size_t n;
+
+ n = strlen (hdr->name);
+#ifdef HAVE_DOSISH_SYSTEM
+ if (strchr (hdr->name, '\\'))
+ {
+ log_error ("filename `%s' contains a backslash - "
+ "can't extract on this system\n", hdr->name);
+ return gpg_error (GPG_ERR_INV_NAME);
+ }
+#endif /*HAVE_DOSISH_SYSTEM*/
+
+ if (!n
+ || strstr (hdr->name, "//")
+ || strstr (hdr->name, "/../")
+ || !strncmp (hdr->name, "../", 3)
+ || (n >= 3 && !strcmp (hdr->name+n-3, "/.." )))
+ {
+ log_error ("filename `%s' as suspicious parts - not extracting\n",
+ hdr->name);
+ return gpg_error (GPG_ERR_INV_NAME);
+ }
+
+ if (hdr->typeflag == TF_REGULAR || hdr->typeflag == TF_UNKNOWN)
+ err = extract_regular (stream, dirname, hdr);
+ else if (hdr->typeflag == TF_DIRECTORY)
+ err = extract_directory (dirname, hdr);
+ else
+ {
+ char record[RECORDSIZE];
+
+ log_info ("unsupported file type %d for `%s' - skipped\n",
+ (int)hdr->typeflag, hdr->name);
+ for (err = 0, n=0; !err && n < hdr->nrecords; n++)
+ err = read_record (stream, record);
+ }
+ return err;
+}
+
+
+/* Create a new directory to be used for extracting the tarball.
+ Returns the name of the directory which must be freed by the
+ caller. In case of an error a diagnostic is printed and NULL
+ returned. */
+static char *
+create_directory (const char *dirprefix)
+{
+ gpg_error_t err = 0;
+ char *prefix_buffer = NULL;
+ char *dirname = NULL;
+ size_t n;
+ int idx;
+
+ /* Remove common suffixes. */
+ n = strlen (dirprefix);
+ if (n > 4 && (!compare_filenames (dirprefix + n - 4, EXTSEP_S "gpg")
+ || !compare_filenames (dirprefix + n - 4, EXTSEP_S "pgp")
+ || !compare_filenames (dirprefix + n - 4, EXTSEP_S "asc")
+ || !compare_filenames (dirprefix + n - 4, EXTSEP_S "pem")
+ || !compare_filenames (dirprefix + n - 4, EXTSEP_S "p7m")
+ || !compare_filenames (dirprefix + n - 4, EXTSEP_S "p7e")))
+ {
+ prefix_buffer = xtrystrdup (dirprefix);
+ if (!prefix_buffer)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ prefix_buffer[n-4] = 0;
+ dirprefix = prefix_buffer;
+ }
+
+
+
+ for (idx=1; idx < 5000; idx++)
+ {
+ xfree (dirname);
+ dirname = xtryasprintf ("%s_%d_", dirprefix, idx);
+ if (!dirname)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ if (!gnupg_mkdir (dirname, "-rwx------"))
+ goto leave; /* Ready. */
+ if (errno != EEXIST && errno != ENOTDIR)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ }
+ err = gpg_error (GPG_ERR_LIMIT_REACHED);
+
+ leave:
+ if (err)
+ {
+ log_error ("error creating an extract directory: %s\n",
+ gpg_strerror (err));
+ xfree (dirname);
+ dirname = NULL;
+ }
+ xfree (prefix_buffer);
+ return dirname;
+}
+
+
+
+void
+gpgtar_extract (const char *filename)
+{
+ gpg_error_t err;
+ estream_t stream;
+ tar_header_t header = NULL;
+ const char *dirprefix = NULL;
+ char *dirname = NULL;
+
+ if (filename)
+ {
+ if (!strcmp (filename, "-"))
+ stream = es_stdin;
+ else
+ stream = es_fopen (filename, "rb");
+ if (!stream)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error opening `%s': %s\n", filename, gpg_strerror (err));
+ return;
+ }
+ }
+ else
+ stream = es_stdin;
+
+#ifdef HAVE_DOSISH_SYSTEM
+ if (stream == es_stdin)
+ setmode (es_fileno (es_stdin), O_BINARY);
+#endif
+
+ if (filename && stream != es_stdin)
+ {
+ dirprefix = strrchr (filename, '/');
+ if (dirprefix)
+ dirprefix++;
+ else
+ dirprefix = filename;
+ }
+ else if (opt.filename)
+ {
+ dirprefix = strrchr (opt.filename, '/');
+ if (dirprefix)
+ dirprefix++;
+ else
+ dirprefix = opt.filename;
+ }
+
+ if (!dirprefix || !*dirprefix)
+ dirprefix = "GPGARCH";
+
+ dirname = create_directory (dirprefix);
+ if (!dirname)
+ {
+ err = gpg_error (GPG_ERR_GENERAL);
+ goto leave;
+ }
+
+ if (opt.verbose)
+ log_info ("extracting to `%s/'\n", dirname);
+
+ for (;;)
+ {
+ header = gpgtar_read_header (stream);
+ if (!header)
+ goto leave;
+
+ if (extract (stream, dirname, header))
+ goto leave;
+ xfree (header);
+ header = NULL;
+ }
+
+
+ leave:
+ xfree (header);
+ xfree (dirname);
+ if (stream != es_stdin)
+ es_fclose (stream);
+ return;
+}
diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c
new file mode 100644
index 0000000..0df7a26
--- /dev/null
+++ b/tools/gpgtar-list.c
@@ -0,0 +1,332 @@
+/* gpgtar-list.c - List a TAR archive
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <fcntl.h>
+
+#include "i18n.h"
+#include "gpgtar.h"
+
+
+
+static unsigned long long
+parse_xoctal (const void *data, size_t length, const char *filename)
+{
+ const unsigned char *p = data;
+ unsigned long long value;
+
+ if (!length)
+ value = 0;
+ else if ( (*p & 0x80))
+ {
+ /* Binary format. */
+ value = (*p++ & 0x7f);
+ while (--length)
+ {
+ value <<= 8;
+ value |= *p++;
+ }
+ }
+ else
+ {
+ /* Octal format */
+ value = 0;
+ /* Skip leading spaces and zeroes. */
+ for (; length && (*p == ' ' || *p == '0'); length--, p++)
+ ;
+ for (; length && *p; length--, p++)
+ {
+ if (*p >= '0' && *p <= '7')
+ {
+ value <<= 3;
+ value += (*p - '0');
+ }
+ else
+ {
+ log_error ("%s: invalid octal number encountered - assuming 0\n",
+ filename);
+ value = 0;
+ break;
+ }
+ }
+ }
+ return value;
+}
+
+
+static tar_header_t
+parse_header (const void *record, const char *filename)
+{
+ const struct ustar_raw_header *raw = record;
+ size_t n, namelen, prefixlen;
+ tar_header_t header;
+ int use_prefix;
+
+ use_prefix = (!memcmp (raw->magic, "ustar", 5)
+ && (raw->magic[5] == ' ' || !raw->magic[5]));
+
+
+ for (namelen=0; namelen < sizeof raw->name && raw->name[namelen]; namelen++)
+ ;
+ if (namelen == sizeof raw->name)
+ log_info ("%s: warning: name not terminated by a nul byte\n", filename);
+ for (n=namelen+1; n < sizeof raw->name; n++)
+ if (raw->name[n])
+ {
+ log_info ("%s: warning: garbage after name\n", filename);
+ break;
+ }
+
+
+ if (use_prefix && raw->prefix[0])
+ {
+ for (prefixlen=0; (prefixlen < sizeof raw->prefix
+ && raw->prefix[prefixlen]); prefixlen++)
+ ;
+ if (prefixlen == sizeof raw->prefix)
+ log_info ("%s: warning: prefix not terminated by a nul byte\n",
+ filename);
+ for (n=prefixlen+1; n < sizeof raw->prefix; n++)
+ if (raw->prefix[n])
+ {
+ log_info ("%s: warning: garbage after prefix\n", filename);
+ break;
+ }
+ }
+ else
+ prefixlen = 0;
+
+ header = xtrycalloc (1, sizeof *header + prefixlen + 1 + namelen);
+ if (!header)
+ {
+ log_error ("%s: error allocating header: %s\n",
+ filename, gpg_strerror (gpg_error_from_syserror ()));
+ return NULL;
+ }
+ if (prefixlen)
+ {
+ n = prefixlen;
+ memcpy (header->name, raw->prefix, n);
+ if (raw->prefix[n-1] != '/')
+ header->name[n++] = '/';
+ }
+ else
+ n = 0;
+ memcpy (header->name+n, raw->name, namelen);
+ header->name[n+namelen] = 0;
+
+ header->mode = parse_xoctal (raw->mode, sizeof raw->mode, filename);
+ header->uid = parse_xoctal (raw->uid, sizeof raw->uid, filename);
+ header->gid = parse_xoctal (raw->gid, sizeof raw->gid, filename);
+ header->size = parse_xoctal (raw->size, sizeof raw->size, filename);
+ header->mtime = parse_xoctal (raw->mtime, sizeof raw->mtime, filename);
+ /* checksum = */
+ switch (raw->typeflag[0])
+ {
+ case '0': header->typeflag = TF_REGULAR; break;
+ case '1': header->typeflag = TF_HARDLINK; break;
+ case '2': header->typeflag = TF_SYMLINK; break;
+ case '3': header->typeflag = TF_CHARDEV; break;
+ case '4': header->typeflag = TF_BLOCKDEV; break;
+ case '5': header->typeflag = TF_DIRECTORY; break;
+ case '6': header->typeflag = TF_FIFO; break;
+ case '7': header->typeflag = TF_RESERVED; break;
+ default: header->typeflag = TF_UNKNOWN; break;
+ }
+
+
+ /* Compute the number of data records following this header. */
+ if (header->typeflag == TF_REGULAR || header->typeflag == TF_UNKNOWN)
+ header->nrecords = (header->size + RECORDSIZE-1)/RECORDSIZE;
+ else
+ header->nrecords = 0;
+
+
+ return header;
+}
+
+
+
+/* Read the next block, assming it is a tar header. Returns a header
+ object on success or NULL one error. In case of an error an error
+ message has been printed. */
+static tar_header_t
+read_header (estream_t stream)
+{
+ gpg_error_t err;
+ char record[RECORDSIZE];
+ int i;
+
+ err = read_record (stream, record);
+ if (err)
+ return NULL;
+
+ for (i=0; i < RECORDSIZE && !record[i]; i++)
+ ;
+ if (i == RECORDSIZE)
+ {
+ /* All zero header - check whether it is the first part of an
+ end of archive mark. */
+ err = read_record (stream, record);
+ if (err)
+ return NULL;
+
+ for (i=0; i < RECORDSIZE && !record[i]; i++)
+ ;
+ if (i != RECORDSIZE)
+ log_info ("%s: warning: skipping empty header\n",
+ es_fname_get (stream));
+ else
+ {
+ /* End of archive - FIXME: we might want to check for garbage. */
+ return NULL;
+ }
+ }
+
+ return parse_header (record, es_fname_get (stream));
+}
+
+
+/* Skip the data records according to HEADER. Prints an error message
+ on error and return -1. */
+static int
+skip_data (estream_t stream, tar_header_t header)
+{
+ char record[RECORDSIZE];
+ unsigned long long n;
+
+ for (n=0; n < header->nrecords; n++)
+ {
+ if (read_record (stream, record))
+ return -1;
+ }
+
+ return 0;
+}
+
+
+
+static void
+print_header (tar_header_t header, estream_t out)
+{
+ unsigned long mask;
+ char modestr[10+1];
+ int i;
+
+ *modestr = '?';
+ switch (header->typeflag)
+ {
+ case TF_REGULAR: *modestr = '-'; break;
+ case TF_HARDLINK: *modestr = 'h'; break;
+ case TF_SYMLINK: *modestr = 'l'; break;
+ case TF_CHARDEV: *modestr = 'c'; break;
+ case TF_BLOCKDEV: *modestr = 'b'; break;
+ case TF_DIRECTORY:*modestr = 'd'; break;
+ case TF_FIFO: *modestr = 'f'; break;
+ case TF_RESERVED: *modestr = '='; break;
+ case TF_UNKNOWN: break;
+ case TF_NOTSUP: break;
+ }
+ for (mask = 0400, i = 0; i < 9; i++, mask >>= 1)
+ modestr[1+i] = (header->mode & mask)? "rwxrwxrwx"[i]:'-';
+ if ((header->typeflag & 04000))
+ modestr[3] = modestr[3] == 'x'? 's':'S';
+ if ((header->typeflag & 02000))
+ modestr[6] = modestr[6] == 'x'? 's':'S';
+ if ((header->typeflag & 01000))
+ modestr[9] = modestr[9] == 'x'? 't':'T';
+ modestr[10] = 0;
+
+ es_fprintf (out, "%s %lu %lu/%lu %12llu %s %s\n",
+ modestr, header->nlink, header->uid, header->gid, header->size,
+ isotimestamp (header->mtime), header->name);
+}
+
+
+
+/* List the tarball FILENAME or, if FILENAME is NULL, the tarball read
+ from stdin. */
+void
+gpgtar_list (const char *filename)
+{
+ gpg_error_t err;
+ estream_t stream;
+ tar_header_t header;
+
+ if (filename)
+ {
+ if (!strcmp (filename, "-"))
+ stream = es_stdin;
+ else
+ stream = es_fopen (filename, "rb");
+ if (!stream)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error opening `%s': %s\n", filename, gpg_strerror (err));
+ return;
+ }
+ }
+ else
+ stream = es_stdin;
+
+#ifdef HAVE_DOSISH_SYSTEM
+ if (stream == es_stdin)
+ setmode (es_fileno (es_stdin), O_BINARY);
+#endif
+
+ for (;;)
+ {
+ header = read_header (stream);
+ if (!header)
+ goto leave;
+
+ print_header (header, es_stdout);
+
+ if (skip_data (stream, header))
+ goto leave;
+ xfree (header);
+ header = NULL;
+ }
+
+
+ leave:
+ xfree (header);
+ if (stream != es_stdin)
+ es_fclose (stream);
+ return;
+}
+
+tar_header_t
+gpgtar_read_header (estream_t stream)
+{
+ /*FIXME: Change to return an error code. */
+ return read_header (stream);
+}
+
+void
+gpgtar_print_header (tar_header_t header, estream_t out)
+{
+ if (header && out)
+ print_header (header, out);
+}
diff --git a/tools/gpgtar.c b/tools/gpgtar.c
new file mode 100644
index 0000000..f88964f
--- /dev/null
+++ b/tools/gpgtar.c
@@ -0,0 +1,538 @@
+/* gpgtar.c - A simple TAR implementation mainly useful for Windows.
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* GnuPG comes with a shell script gpg-zip which creates archive files
+ in the same format as PGP Zip, which is actually a USTAR format.
+ That is fine and works nicely on all Unices but for Windows we
+ don't have a compatible shell and the supply of tar programs is
+ limited. Given that we need just a few tar option and it is an
+ open question how many Unix concepts are to be mapped to Windows,
+ we might as well write our own little tar customized for use with
+ gpg. So here we go. */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#ifdef HAVE_STAT
+# include <sys/stat.h>
+#endif
+
+#include "util.h"
+#include "i18n.h"
+#include "sysutils.h"
+#include "../common/openpgpdefs.h"
+
+#include "gpgtar.h"
+
+
+/* Constants to identify the commands and options. */
+enum cmd_and_opt_values
+ {
+ aNull = 0,
+ aEncrypt = 'e',
+ aDecrypt = 'd',
+ aSign = 's',
+ aList = 't',
+
+ oSymmetric = 'c',
+ oRecipient = 'r',
+ oUser = 'u',
+ oOutput = 'o',
+ oQuiet = 'q',
+ oVerbose = 'v',
+ oFilesFrom = 'T',
+ oNoVerbose = 500,
+
+ aSignEncrypt,
+ oSkipCrypto,
+ oOpenPGP,
+ oCMS,
+ oSetFilename,
+ oNull
+ };
+
+
+/* The list of commands and options. */
+static ARGPARSE_OPTS opts[] = {
+ ARGPARSE_group (300, N_("@Commands:\n ")),
+
+ ARGPARSE_c (aEncrypt, "encrypt", N_("create an archive")),
+ ARGPARSE_c (aDecrypt, "decrypt", N_("extract an archive")),
+ ARGPARSE_c (aSign, "sign", N_("create a signed archive")),
+ ARGPARSE_c (aList, "list-archive", N_("list an archive")),
+
+ ARGPARSE_group (301, N_("@\nOptions:\n ")),
+
+ ARGPARSE_s_n (oSymmetric, "symmetric", N_("use symmetric encryption")),
+ ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")),
+ ARGPARSE_s_s (oUser, "local-user",
+ N_("|USER-ID|use USER-ID to sign or decrypt")),
+ ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")),
+ ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
+ ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
+ ARGPARSE_s_n (oSkipCrypto, "skip-crypto", N_("skip the crypto processing")),
+ ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
+ ARGPARSE_s_s (oFilesFrom, "files-from",
+ N_("|FILE|get names to create from FILE")),
+ ARGPARSE_s_n (oNull, "null", N_("-T reads null-terminated names")),
+ ARGPARSE_s_n (oOpenPGP, "openpgp", "@"),
+ ARGPARSE_s_n (oCMS, "cms", "@"),
+
+ ARGPARSE_end ()
+};
+
+
+
+static void tar_and_encrypt (char **inpattern);
+static void decrypt_and_untar (const char *fname);
+static void decrypt_and_list (const char *fname);
+
+
+
+
+/* Print usage information and and provide strings for help. */
+static const char *
+my_strusage( int level )
+{
+ const char *p;
+
+ switch (level)
+ {
+ case 11: p = "gpgtar (GnuPG)";
+ break;
+ case 13: p = VERSION; break;
+ case 17: p = PRINTABLE_OS_NAME; break;
+ case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+ case 1:
+ case 40:
+ p = _("Usage: gpgtar [options] [files] [directories] (-h for help)");
+ break;
+ case 41:
+ p = _("Syntax: gpgtar [options] [files] [directories]\n"
+ "Encrypt or sign files into an archive\n");
+ break;
+
+ default: p = NULL; break;
+ }
+ return p;
+}
+
+
+static void
+set_cmd (enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd)
+{
+ enum cmd_and_opt_values cmd = *ret_cmd;
+
+ if (!cmd || cmd == new_cmd)
+ cmd = new_cmd;
+ else if (cmd == aSign && new_cmd == aEncrypt)
+ cmd = aSignEncrypt;
+ else if (cmd == aEncrypt && new_cmd == aSign)
+ cmd = aSignEncrypt;
+ else
+ {
+ log_error (_("conflicting commands\n"));
+ exit (2);
+ }
+
+ *ret_cmd = cmd;
+}
+
+
+
+/* gpgtar main. */
+int
+main (int argc, char **argv)
+{
+ ARGPARSE_ARGS pargs;
+ const char *fname;
+ int no_more_options = 0;
+ enum cmd_and_opt_values cmd = 0;
+ int skip_crypto = 0;
+ const char *files_from = NULL;
+ int null_names = 0;
+
+ assert (sizeof (struct ustar_raw_header) == 512);
+
+ gnupg_reopen_std ("gpgtar");
+ set_strusage (my_strusage);
+ log_set_prefix ("gpgtar", 1);
+
+ /* Make sure that our subsystems are ready. */
+ i18n_init();
+ init_common_subsystems ();
+
+ /* Parse the command line. */
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags = ARGPARSE_FLAG_KEEP;
+ while (!no_more_options && optfile_parse (NULL, NULL, NULL, &pargs, opts))
+ {
+ switch (pargs.r_opt)
+ {
+ case oOutput: opt.outfile = pargs.r.ret_str; break;
+ case oSetFilename: opt.filename = pargs.r.ret_str; break;
+ case oQuiet: opt.quiet = 1; break;
+ case oVerbose: opt.verbose++; break;
+ case oNoVerbose: opt.verbose = 0; break;
+ case oFilesFrom: files_from = pargs.r.ret_str; break;
+ case oNull: null_names = 1; break;
+
+ case aList:
+ case aDecrypt:
+ case aEncrypt:
+ case aSign:
+ set_cmd (&cmd, pargs.r_opt);
+ break;
+
+ case oSymmetric:
+ set_cmd (&cmd, aEncrypt);
+ opt.symmetric = 1;
+ break;
+
+ case oSkipCrypto:
+ skip_crypto = 1;
+ break;
+
+ case oOpenPGP: /* Dummy option for now. */ break;
+ case oCMS: /* Dummy option for now. */ break;
+
+ default: pargs.err = 2; break;
+ }
+ }
+
+ if ((files_from && !null_names) || (!files_from && null_names))
+ log_error ("--files-from and --null may only be used in conjunction\n");
+ if (files_from && strcmp (files_from, "-"))
+ log_error ("--files-from only supports argument \"-\"\n");
+
+ if (log_get_errorcount (0))
+ exit (2);
+
+ switch (cmd)
+ {
+ case aList:
+ if (argc > 1)
+ usage (1);
+ fname = argc ? *argv : NULL;
+ if (opt.filename)
+ log_info ("note: ignoring option --set-filename\n");
+ if (files_from)
+ log_info ("note: ignoring option --files-from\n");
+ if (skip_crypto)
+ gpgtar_list (fname);
+ else
+ decrypt_and_list (fname);
+ break;
+
+ case aEncrypt:
+ if ((!argc && !null_names)
+ || (argc && null_names))
+ usage (1);
+ if (opt.filename)
+ log_info ("note: ignoring option --set-filename\n");
+ if (skip_crypto)
+ gpgtar_create (null_names? NULL :argv);
+ else
+ tar_and_encrypt (null_names? NULL : argv);
+ break;
+
+ case aDecrypt:
+ if (argc != 1)
+ usage (1);
+ if (opt.outfile)
+ log_info ("note: ignoring option --output\n");
+ if (files_from)
+ log_info ("note: ignoring option --files-from\n");
+ fname = argc ? *argv : NULL;
+ if (skip_crypto)
+ gpgtar_extract (fname);
+ else
+ decrypt_and_untar (fname);
+ break;
+
+ default:
+ log_error (_("invalid command (there is no implicit command)\n"));
+ break;
+ }
+
+ return log_get_errorcount (0)? 1:0;
+}
+
+
+/* Read the next record from STREAM. RECORD is a buffer provided by
+ the caller and must be at leadt of size RECORDSIZE. The function
+ return 0 on success and and error code on failure; a diagnostic
+ printed as well. Note that there is no need for an EOF indicator
+ because a tarball has an explicit EOF record. */
+gpg_error_t
+read_record (estream_t stream, void *record)
+{
+ gpg_error_t err;
+ size_t nread;
+
+ nread = es_fread (record, 1, RECORDSIZE, stream);
+ if (nread != RECORDSIZE)
+ {
+ err = gpg_error_from_syserror ();
+ if (es_ferror (stream))
+ log_error ("error reading `%s': %s\n",
+ es_fname_get (stream), gpg_strerror (err));
+ else
+ log_error ("error reading `%s': premature EOF "
+ "(size of last record: %zu)\n",
+ es_fname_get (stream), nread);
+ }
+ else
+ err = 0;
+
+ return err;
+}
+
+
+/* Write the RECORD of size RECORDSIZE to STREAM. FILENAME is the
+ name of the file used for diagnostics. */
+gpg_error_t
+write_record (estream_t stream, const void *record)
+{
+ gpg_error_t err;
+ size_t nwritten;
+
+ nwritten = es_fwrite (record, 1, RECORDSIZE, stream);
+ if (nwritten != RECORDSIZE)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error writing `%s': %s\n",
+ es_fname_get (stream), gpg_strerror (err));
+ }
+ else
+ err = 0;
+
+ return err;
+}
+
+
+/* Return true if FP is an unarmored OpenPGP message. Note that this
+ fucntion reads a few bytes from FP but pushes them back. */
+#if 0
+static int
+openpgp_message_p (estream_t fp)
+{
+ int ctb;
+
+ ctb = es_getc (fp);
+ if (ctb != EOF)
+ {
+ if (es_ungetc (ctb, fp))
+ log_fatal ("error ungetting first byte: %s\n",
+ gpg_strerror (gpg_error_from_syserror ()));
+
+ if ((ctb & 0x80))
+ {
+ switch ((ctb & 0x40) ? (ctb & 0x3f) : ((ctb>>2)&0xf))
+ {
+ case PKT_MARKER:
+ case PKT_SYMKEY_ENC:
+ case PKT_ONEPASS_SIG:
+ case PKT_PUBKEY_ENC:
+ case PKT_SIGNATURE:
+ case PKT_COMMENT:
+ case PKT_OLD_COMMENT:
+ case PKT_PLAINTEXT:
+ case PKT_COMPRESSED:
+ case PKT_ENCRYPTED:
+ return 1; /* Yes, this seems to be an OpenPGP message. */
+ default:
+ break;
+ }
+ }
+ }
+ return 0;
+}
+#endif
+
+
+
+
+static void
+tar_and_encrypt (char **inpattern)
+{
+ (void)inpattern;
+ log_error ("tar_and_encrypt has not yet been implemented\n");
+}
+
+
+
+static void
+decrypt_and_untar (const char *fname)
+{
+ (void)fname;
+ log_error ("decrypt_and_untar has not yet been implemented\n");
+}
+
+
+
+static void
+decrypt_and_list (const char *fname)
+{
+ (void)fname;
+ log_error ("decrypt_and_list has not yet been implemented\n");
+}
+
+
+
+
+/* A wrapper around mkdir which takes a string for the mode argument.
+ This makes it easier to handle the mode argument which is not
+ defined on all systems. The format of the modestring is
+
+ "-rwxrwxrwx"
+
+ '-' is a don't care or not set. 'r', 'w', 'x' are read allowed,
+ write allowed, execution allowed with the first group for the user,
+ the second for the group and the third for all others. If the
+ string is shorter than above the missing mode characters are meant
+ to be not set. */
+int
+gnupg_mkdir (const char *name, const char *modestr)
+{
+#ifdef HAVE_W32CE_SYSTEM
+ wchar_t *wname;
+ (void)modestr;
+
+ wname = utf8_to_wchar (name);
+ if (!wname)
+ return -1;
+ if (!CreateDirectoryW (wname, NULL))
+ {
+ xfree (wname);
+ return -1; /* ERRNO is automagically provided by gpg-error.h. */
+ }
+ xfree (wname);
+ return 0;
+#elif MKDIR_TAKES_ONE_ARG
+ (void)modestr;
+ /* Note: In the case of W32 we better use CreateDirectory and try to
+ set appropriate permissions. However using mkdir is easier
+ because this sets ERRNO. */
+ return mkdir (name);
+#else
+ mode_t mode = 0;
+
+ if (modestr && *modestr)
+ {
+ modestr++;
+ if (*modestr && *modestr++ == 'r')
+ mode |= S_IRUSR;
+ if (*modestr && *modestr++ == 'w')
+ mode |= S_IWUSR;
+ if (*modestr && *modestr++ == 'x')
+ mode |= S_IXUSR;
+ if (*modestr && *modestr++ == 'r')
+ mode |= S_IRGRP;
+ if (*modestr && *modestr++ == 'w')
+ mode |= S_IWGRP;
+ if (*modestr && *modestr++ == 'x')
+ mode |= S_IXGRP;
+ if (*modestr && *modestr++ == 'r')
+ mode |= S_IROTH;
+ if (*modestr && *modestr++ == 'w')
+ mode |= S_IWOTH;
+ if (*modestr && *modestr++ == 'x')
+ mode |= S_IXOTH;
+ }
+ return mkdir (name, mode);
+#endif
+}
+
+#ifdef HAVE_W32_SYSTEM
+/* Return a malloced string encoded in UTF-8 from the wide char input
+ string STRING. Caller must free this value. Returns NULL and sets
+ ERRNO on failure. Calling this function with STRING set to NULL is
+ not defined. */
+char *
+wchar_to_utf8 (const wchar_t *string)
+{
+ int n;
+ char *result;
+
+ n = WideCharToMultiByte (CP_UTF8, 0, string, -1, NULL, 0, NULL, NULL);
+ if (n < 0)
+ {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ result = xtrymalloc (n+1);
+ if (!result)
+ return NULL;
+
+ n = WideCharToMultiByte (CP_UTF8, 0, string, -1, result, n, NULL, NULL);
+ if (n < 0)
+ {
+ xfree (result);
+ errno = EINVAL;
+ result = NULL;
+ }
+ return result;
+}
+
+
+/* Return a malloced wide char string from an UTF-8 encoded input
+ string STRING. Caller must free this value. Returns NULL and sets
+ ERRNO on failure. Calling this function with STRING set to NULL is
+ not defined. */
+wchar_t *
+utf8_to_wchar (const char *string)
+{
+ int n;
+ size_t nbytes;
+ wchar_t *result;
+
+ n = MultiByteToWideChar (CP_UTF8, 0, string, -1, NULL, 0);
+ if (n < 0)
+ {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ nbytes = (size_t)(n+1) * sizeof(*result);
+ if (nbytes / sizeof(*result) != (n+1))
+ {
+ errno = ENOMEM;
+ return NULL;
+ }
+ result = xtrymalloc (nbytes);
+ if (!result)
+ return NULL;
+
+ n = MultiByteToWideChar (CP_UTF8, 0, string, -1, result, n);
+ if (n < 0)
+ {
+ free (result);
+ errno = EINVAL;
+ result = NULL;
+ }
+ return result;
+}
+#endif /*HAVE_W32_SYSTEM*/
diff --git a/tools/gpgtar.h b/tools/gpgtar.h
new file mode 100644
index 0000000..5790894
--- /dev/null
+++ b/tools/gpgtar.h
@@ -0,0 +1,132 @@
+/* gpgtar.h - Global definitions for gpgtar
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GPGTAR_H
+#define GPGTAR_H
+
+#include "../common/util.h"
+#include "../common/estream.h"
+
+/* We keep all global options in the structure OPT. */
+struct
+{
+ int verbose;
+ int quiet;
+ const char *outfile;
+ int symmetric;
+ const char *filename;
+} opt;
+
+
+/* The size of a tar record. All IO is done in chunks of this size.
+ Note that we don't care about blocking because this version of tar
+ is not expected to be used directly on a tape drive in fact it is
+ used in a pipeline with GPG and thus any blocking would be
+ useless. */
+#define RECORDSIZE 512
+
+
+/* Description of the USTAR header format. */
+struct ustar_raw_header
+{
+ char name[100];
+ char mode[8];
+ char uid[8];
+ char gid[8];
+ char size[12];
+ char mtime[12];
+ char checksum[8];
+ char typeflag[1];
+ char linkname[100];
+ char magic[6];
+ char version[2];
+ char uname[32];
+ char gname[32];
+ char devmajor[8];
+ char devminor[8];
+ char prefix[155];
+ char pad[12];
+};
+
+
+/* Filetypes as defined by USTAR. */
+typedef enum
+ {
+ TF_REGULAR,
+ TF_HARDLINK,
+ TF_SYMLINK,
+ TF_CHARDEV,
+ TF_BLOCKDEV,
+ TF_DIRECTORY,
+ TF_FIFO,
+ TF_RESERVED,
+ TF_UNKNOWN, /* Needs to be treated as regular file. */
+ TF_NOTSUP /* Not supported (used with --create). */
+ } typeflag_t;
+
+
+/* The internal represenation of a TAR header. */
+struct tar_header_s;
+typedef struct tar_header_s *tar_header_t;
+struct tar_header_s
+{
+ tar_header_t next; /* Used to build a linked list iof entries. */
+
+ unsigned long mode; /* The file mode. */
+ unsigned long nlink; /* Number of hard links. */
+ unsigned long uid; /* The user id of the file. */
+ unsigned long gid; /* The group id of the file. */
+ unsigned long long size; /* The size of the file. */
+ unsigned long long mtime; /* Modification time since Epoch. Note
+ that we don't use time_t here but a
+ type which is more likely to be larger
+ that 32 bit and thus allows to track
+ times beyond 2106. */
+ typeflag_t typeflag; /* The type of the file. */
+
+
+ unsigned long long nrecords; /* Number of data records. */
+
+ char name[1]; /* Filename (dynamically extended). */
+};
+
+
+/*-- gpgtar.c --*/
+gpg_error_t read_record (estream_t stream, void *record);
+gpg_error_t write_record (estream_t stream, const void *record);
+
+int gnupg_mkdir (const char *name, const char *modestr);
+#ifdef HAVE_W32_SYSTEM
+char *wchar_to_utf8 (const wchar_t *string);
+wchar_t *utf8_to_wchar (const char *string);
+#endif
+
+/*-- gpgtar-create.c --*/
+void gpgtar_create (char **inpattern);
+
+/*-- gpgtar-extract.c --*/
+void gpgtar_extract (const char *filename);
+
+/*-- gpgtar-list.c --*/
+void gpgtar_list (const char *filename);
+tar_header_t gpgtar_read_header (estream_t stream);
+void gpgtar_print_header (tar_header_t header, estream_t out);
+
+
+#endif /*GPGTAR_H*/
diff --git a/tools/lspgpot b/tools/lspgpot
new file mode 100755
index 0000000..f406392
--- /dev/null
+++ b/tools/lspgpot
@@ -0,0 +1,27 @@
+#!/bin/sh
+# lspgpot - script to extract the ownertrust values
+# from PGP keyrings and list them in GnuPG ownertrust format.
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+if ! gpg --version > /dev/null 2>&1 ; then
+ echo "GnuPG not available!"
+ exit 1
+fi
+
+gpg --dry-run --with-fingerprint --with-colons $* | awk '
+BEGIN { FS=":"
+ printf "# Ownertrust listing generated by lspgpot\n"
+ printf "# This can be imported using the command:\n"
+ printf "# gpg --import-ownertrust\n\n" }
+$1 == "fpr" { fpr = $10 }
+$1 == "rtv" && $2 == 1 && $3 == 2 { printf "%s:3:\n", fpr; next }
+$1 == "rtv" && $2 == 1 && $3 == 5 { printf "%s:4:\n", fpr; next }
+$1 == "rtv" && $2 == 1 && $3 == 6 { printf "%s:5:\n", fpr; next }
+'
diff --git a/tools/mail-signed-keys b/tools/mail-signed-keys
new file mode 100755
index 0000000..757d7af
--- /dev/null
+++ b/tools/mail-signed-keys
@@ -0,0 +1,114 @@
+#!/bin/sh
+# Copyright (C) 2000, 2001 Free Software Foundation, Inc.
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# FIXME: Use only valid email addreses, extract only given keys
+
+dryrun=0
+if [ "$1" = "--dry-run" ]; then
+ dryrun=1
+ shift
+fi
+
+if [ -z "$1" -o -z "$2" -o -z "$3" ]; then
+ echo "usage: mail-signed-keys keyring signedby signame" >&2
+ exit 1
+fi
+
+signame="$3"
+
+if [ ! -f $1 ]; then
+ echo "mail-signed-keys: '$1': no such file" >&2
+ exit 1
+fi
+
+[ -f '.#tdb.tmp' ] && rm '.#tdb.tmp'
+ro="--homedir . --no-options --trustdb-name=./.#tdb.tmp --dry-run --lock-never --no-default-keyring --keyring $1"
+
+signedby=`gpg $ro --list-keys --with-colons $2 \
+ 2>/dev/null | awk -F: '$1=="pub" {print $5; exit 0}'`
+
+if [ -z "$signedby" ]; then
+ echo "mail-signed-keys: '$2': no such signator" >&2
+ exit 1
+fi
+
+if [ "$dryrun" = "0" ]; then
+ echo "About to send the the keys signed by $signedby" >&2
+ echo -n "to their owners. Do you really want to do this? (y/N)" >&2
+ read
+ [ "$REPLY" != "y" -a "$REPLY" != "Y" ] && exit 0
+fi
+
+gpg $ro --check-sigs --with-colons 2>/dev/null \
+ | awk -F: -v signedby="$signedby" -v gpgopt="$ro" \
+ -v dryrun="$dryrun" -v signame="$signame" '
+BEGIN { sendmail="/usr/lib/sendmail -oi -t " }
+$1 == "pub" { nextkid=$5; nextuid=$10
+ if( uidcount > 0 ) { myflush() }
+ kid=nextkid; uid=nextuid; next
+ }
+$1 == "uid" { uid=$10 ; next }
+$1 == "sig" && $2 == "!" && $5 == signedby { uids[uidcount++] = uid; next }
+END { if( uidcount > 0 ) { myflush() } }
+
+function myflush()
+{
+ if ( kid == signedby ) { uidcount=0; return }
+ print "sending key " substr(kid,9) " to" | "cat >&2"
+ for(i=0; i < 1; i++ ) {
+ print " " uids[i] | "cat >&2"
+ if( dryrun == 0 ) {
+ if( i == 0 ) {
+ printf "To: %s", uids[i] | sendmail
+ }
+ else {
+ printf ",\n %s", uids[i] | sendmail
+ }
+ }
+ }
+ if(dryrun == 0) {
+ printf "\n" | sendmail
+ print "Subject: I signed your key " substr(kid,9) | sendmail
+ print "" | sendmail
+ print "Hi," | sendmail
+ print "" | sendmail
+ print "Here you get back the signed key." | sendmail
+ print "Please send it yourself to a keyserver." | sendmail
+ print "" | sendmail
+ print "Peace," | sendmail
+ print " " signame | sendmail
+ print "" | sendmail
+ cmd = "gpg " gpgopt " --export -a " kid " 2>/dev/null"
+ while( (cmd | getline) > 0 ) {
+ print | sendmail
+ }
+ print "" | sendmail
+ close(cmd)
+ close( sendmail )
+ }
+ uidcount=0
+}
+'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tools/make-dns-cert.c b/tools/make-dns-cert.c
new file mode 100644
index 0000000..4cd4bd3
--- /dev/null
+++ b/tools/make-dns-cert.c
@@ -0,0 +1,247 @@
+/* make-dns-cert.c - An OpenPGP-to-DNS CERT conversion tool
+ * Copyright (C) 2006, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <unistd.h>
+#ifdef HAVE_GETOPT_H
+#include <getopt.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+/* We use TYPE37 instead of CERT since not all nameservers can handle
+ CERT yet... */
+
+static int
+cert_key(const char *name,const char *keyfile)
+{
+ int fd,ret=1,err,i;
+ struct stat statbuf;
+
+ fd=open(keyfile,O_RDONLY);
+ if(fd==-1)
+ {
+ fprintf(stderr,"Cannot open key file %s: %s\n",keyfile,strerror(errno));
+ return 1;
+ }
+
+ err=fstat(fd,&statbuf);
+ if(err==-1)
+ {
+ fprintf(stderr,"Unable to stat key file %s: %s\n",
+ keyfile,strerror(errno));
+ goto fail;
+ }
+
+ if(statbuf.st_size>65536)
+ {
+ fprintf(stderr,"Key %s too large for CERT encoding\n",keyfile);
+ goto fail;
+ }
+
+ if(statbuf.st_size>16384)
+ fprintf(stderr,"Warning: key file %s is larger than the default"
+ " GnuPG max-cert-size\n",keyfile);
+
+ printf("%s\tTYPE37\t\\# %u 0003 0000 00 ",
+ name,(unsigned int)statbuf.st_size+5);
+
+ err=1;
+ while(err!=0)
+ {
+ unsigned char buffer[1024];
+
+ do
+ err = read (fd,buffer,1024);
+ while (err == -1 && errno == EINTR);
+ if(err==-1)
+ {
+ fprintf(stderr,"Unable to read key file %s: %s\n",
+ keyfile,strerror(errno));
+ goto fail;
+ }
+
+ for(i=0;i<err;i++)
+ printf("%02X",buffer[i]);
+ }
+
+ printf("\n");
+
+ ret=0;
+
+ fail:
+ close(fd);
+
+ return ret;
+}
+
+static int
+url_key(const char *name,const char *fpr,const char *url)
+{
+ int len=6,fprlen=0;
+
+ if(fpr)
+ {
+ const char *tmp = fpr;
+ while (*tmp)
+ {
+ if ((*tmp >= 'A' && *tmp <= 'F') ||
+ (*tmp >= 'a' && *tmp <= 'f') ||
+ (*tmp >= '0' && *tmp <= '9'))
+ {
+ fprlen++;
+ }
+ else if (*tmp != ' ' && *tmp != '\t')
+ {
+ fprintf(stderr,"Fingerprint must consist of only hex digits"
+ " and whitespace\n");
+ return 1;
+ }
+
+ tmp++;
+ }
+
+ if(fprlen%2)
+ {
+ fprintf(stderr,"Fingerprint must be an even number of characters\n");
+ return 1;
+ }
+
+ fprlen/=2;
+ len+=fprlen;
+ }
+
+ if(url)
+ len+=strlen(url);
+
+ if(!fpr && !url)
+ {
+ fprintf(stderr,
+ "Cannot generate a CERT without either a fingerprint or URL\n");
+ return 1;
+ }
+
+ printf("%s\tTYPE37\t\\# %d 0006 0000 00 %02X",name,len,fprlen);
+
+ if(fpr)
+ printf(" %s",fpr);
+
+ if(url)
+ {
+ const char *c;
+ printf(" ");
+ for(c=url;*c;c++)
+ printf("%02X",*c);
+ }
+
+ printf("\n");
+
+ return 0;
+}
+
+static void
+usage(FILE *stream)
+{
+ fprintf(stream,"make-dns-cert\n");
+ fprintf(stream,"\t-f\tfingerprint\n");
+ fprintf(stream,"\t-u\tURL\n");
+ fprintf(stream,"\t-k\tkey file\n");
+ fprintf(stream,"\t-n\tDNS name\n");
+}
+
+int
+main(int argc,char *argv[])
+{
+ int arg,err=1;
+ char *fpr=NULL,*url=NULL,*keyfile=NULL,*name=NULL;
+
+ if(argc==1)
+ {
+ usage(stderr);
+ return 1;
+ }
+ else if(argc>1 && strcmp(argv[1],"--version")==0)
+ {
+#if defined(HAVE_CONFIG_H) && defined(VERSION)
+ printf ("make-dns-cert (GnuPG) " VERSION "\n");
+#else
+ printf ("make-dns-cert gnupg-svn%d\n", atoi (10+"$Revision$"));
+#endif
+ return 0;
+ }
+ else if(argc>1 && strcmp(argv[1],"--help")==0)
+ {
+ usage(stdout);
+ return 0;
+ }
+
+ while((arg=getopt(argc,argv,"hf:u:k:n:"))!=-1)
+ switch(arg)
+ {
+ default:
+ case 'h':
+ usage(stdout);
+ exit(0);
+
+ case 'f':
+ fpr=optarg;
+ break;
+
+ case 'u':
+ url=optarg;
+ break;
+
+ case 'k':
+ keyfile=optarg;
+ break;
+
+ case 'n':
+ name=optarg;
+ break;
+ }
+
+ if(!name)
+ {
+ fprintf(stderr,"No name provided\n");
+ return 1;
+ }
+
+ if(keyfile && (fpr || url))
+ {
+ fprintf(stderr,"Cannot generate a CERT record with both a keyfile and"
+ " a fingerprint or URL\n");
+ return 1;
+ }
+
+ if(keyfile)
+ err=cert_key(name,keyfile);
+ else
+ err=url_key(name,fpr,url);
+
+ return err;
+}
diff --git a/tools/mk-tdata.c b/tools/mk-tdata.c
new file mode 100644
index 0000000..9328dc1
--- /dev/null
+++ b/tools/mk-tdata.c
@@ -0,0 +1,69 @@
+/* mk-tdata.c - Create some simple random testdata
+ * Copyright (C) 1998, 1999, 2000, 2001, 2006 Free Software Foundation, Inc.
+ *
+ * This file is free software; as a special exception the author gives
+ * unlimited permission to copy and/or distribute it, with or without
+ * modifications, as long as this notice is preserved.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+
+#ifndef RAND_MAX /* for SunOS */
+#define RAND_MAX 32767
+#endif
+
+int
+main(int argc, char **argv)
+{
+ int i, c = 0;
+ int limit =0;
+ int char_mode = 0;
+
+ if (argc)
+ {
+ argc--;
+ argv++;
+ }
+
+ /* Check for option --char N */
+ if (argc > 1 && !strcmp (argv[0], "--char"))
+ {
+ char_mode = 1;
+ c = strtol (argv[1], NULL, 0);
+ argc -= 2;
+ argv += 2;
+ }
+
+ limit = argc ? atoi(argv[0]) : 0;
+
+ srand(getpid());
+
+ for (i=0; !limit || i < limit; i++ )
+ {
+ if (char_mode)
+ {
+ putchar (c);
+ }
+ else
+ {
+#ifdef HAVE_RAND
+ c = ((unsigned)(1 + (int) (256.0*rand()/(RAND_MAX+1.0)))-1);
+#else
+ c = ((unsigned)(1 + (int) (256.0*random()/(RAND_MAX+1.0)))-1);
+#endif
+ putchar (c);
+ }
+ }
+ return 0;
+}
diff --git a/tools/no-libgcrypt.c b/tools/no-libgcrypt.c
new file mode 100644
index 0000000..4cfedcc
--- /dev/null
+++ b/tools/no-libgcrypt.c
@@ -0,0 +1,144 @@
+/* no-libgcrypt.c - Replacement functions for libgcrypt.
+ * Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * This file is free software; as a special exception the author gives
+ * unlimited permission to copy and/or distribute it, with or without
+ * modifications, as long as this notice is preserved.
+ *
+ * This file is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY, to the extent permitted by law; without even
+ * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include "../common/util.h"
+#include "i18n.h"
+
+
+/* Replace libgcrypt's malloc functions which are used by
+ ../jnlib/libjnlib.a . ../common/util.h defines macros to map them
+ to xmalloc etc. */
+static void
+out_of_memory (void)
+{
+ log_fatal (_("error allocating enough memory: %s\n"), strerror (errno));
+}
+
+
+void *
+gcry_malloc (size_t n)
+{
+ return malloc (n);
+}
+
+void *
+gcry_malloc_secure (size_t n)
+{
+ return malloc (n);
+}
+
+void *
+gcry_xmalloc (size_t n)
+{
+ void *p = malloc (n);
+ if (!p)
+ out_of_memory ();
+ return p;
+}
+
+char *
+gcry_strdup (const char *string)
+{
+ char *p = malloc (strlen (string)+1);
+ if (p)
+ strcpy (p, string);
+ return p;
+}
+
+
+void *
+gcry_realloc (void *a, size_t n)
+{
+ return realloc (a, n);
+}
+
+void *
+gcry_xrealloc (void *a, size_t n)
+{
+ void *p = realloc (a, n);
+ if (!p)
+ out_of_memory ();
+ return p;
+}
+
+
+
+void *
+gcry_calloc (size_t n, size_t m)
+{
+ return calloc (n, m);
+}
+
+void *
+gcry_xcalloc (size_t n, size_t m)
+{
+ void *p = calloc (n, m);
+ if (!p)
+ out_of_memory ();
+ return p;
+}
+
+
+char *
+gcry_xstrdup (const char *string)
+{
+ void *p = malloc (strlen (string)+1);
+ if (!p)
+ out_of_memory ();
+ strcpy( p, string );
+ return p;
+}
+
+void
+gcry_free (void *a)
+{
+ if (a)
+ free (a);
+}
+
+
+/* We need this dummy because exechelp.c uses gcry_control to
+ terminate the secure memeory. */
+gcry_error_t
+gcry_control (enum gcry_ctl_cmds cmd, ...)
+{
+ (void)cmd;
+ return 0;
+}
+
+void
+gcry_set_outofcore_handler (gcry_handler_no_mem_t h, void *opaque)
+{
+ (void)h;
+ (void)opaque;
+}
+
+void
+gcry_set_fatalerror_handler (gcry_handler_error_t fnc, void *opaque)
+{
+ (void)fnc;
+ (void)opaque;
+}
+
+void
+gcry_set_log_handler (gcry_handler_log_t f, void *opaque)
+{
+ (void)f;
+ (void)opaque;
+}
diff --git a/tools/rfc822parse.c b/tools/rfc822parse.c
new file mode 100644
index 0000000..8fbe3c2
--- /dev/null
+++ b/tools/rfc822parse.c
@@ -0,0 +1,1256 @@
+/* rfc822parse.c - Simple mail and MIME parser
+ * Copyright (C) 1999, 2000 Werner Koch, Duesseldorf
+ * Copyright (C) 2003, 2004 g10 Code GmbH
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/* According to RFC822 binary zeroes are allowed at many places. We do
+ * not handle this correct especially in the field parsing code. It
+ * should be easy to fix and the API provides a interfaces which
+ * returns the length but in addition makes sure that returned strings
+ * are always ended by a \0.
+ *
+ * Furthermore, the case of field names is changed and thus it is not
+ * always a good idea to use these modified header
+ * lines (e.g. signatures may break).
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <assert.h>
+
+#include "rfc822parse.h"
+
+enum token_type
+ {
+ tSPACE,
+ tATOM,
+ tQUOTED,
+ tDOMAINLIT,
+ tSPECIAL
+ };
+
+/* For now we directly use our TOKEN as the parse context */
+typedef struct rfc822parse_field_context *TOKEN;
+struct rfc822parse_field_context
+{
+ TOKEN next;
+ enum token_type type;
+ struct {
+ unsigned int cont:1;
+ unsigned int lowered:1;
+ } flags;
+ /*TOKEN owner_pantry; */
+ char data[1];
+};
+
+struct hdr_line
+{
+ struct hdr_line *next;
+ int cont; /* This is a continuation of the previous line. */
+ unsigned char line[1];
+};
+
+typedef struct hdr_line *HDR_LINE;
+
+
+struct part
+{
+ struct part *right; /* The next part. */
+ struct part *down; /* A contained part. */
+ HDR_LINE hdr_lines; /* Header lines os that part. */
+ HDR_LINE *hdr_lines_tail; /* Helper for adding lines. */
+ char *boundary; /* Only used in the first part. */
+};
+typedef struct part *part_t;
+
+struct rfc822parse_context
+{
+ rfc822parse_cb_t callback;
+ void *callback_value;
+ int callback_error;
+ int in_body;
+ int in_preamble; /* Wether we are before the first boundary. */
+ part_t parts; /* The tree of parts. */
+ part_t current_part; /* Whom we are processing (points into parts). */
+ const char *boundary; /* Current boundary. */
+};
+
+static HDR_LINE find_header (rfc822parse_t msg, const char *name,
+ int which, HDR_LINE * rprev);
+
+
+static size_t
+length_sans_trailing_ws (const unsigned char *line, size_t len)
+{
+ const unsigned char *p, *mark;
+ size_t n;
+
+ for (mark=NULL, p=line, n=0; n < len; n++, p++)
+ {
+ if (strchr (" \t\r\n", *p ))
+ {
+ if( !mark )
+ mark = p;
+ }
+ else
+ mark = NULL;
+ }
+
+ if (mark)
+ return mark - line;
+ return len;
+}
+
+
+static void
+lowercase_string (unsigned char *string)
+{
+ for (; *string; string++)
+ if (*string >= 'A' && *string <= 'Z')
+ *string = *string - 'A' + 'a';
+}
+
+/* Transform a header name into a standard capitalized format; i.e
+ "Content-Type". Conversion stops at the colon. As usual we don't
+ use the localized versions of ctype.h.
+ */
+static void
+capitalize_header_name (unsigned char *name)
+{
+ int first = 1;
+
+ for (; *name && *name != ':'; name++)
+ if (*name == '-')
+ first = 1;
+ else if (first)
+ {
+ if (*name >= 'a' && *name <= 'z')
+ *name = *name - 'a' + 'A';
+ first = 0;
+ }
+ else if (*name >= 'A' && *name <= 'Z')
+ *name = *name - 'A' + 'a';
+}
+
+#ifndef HAVE_STPCPY
+static char *
+stpcpy (char *a,const char *b)
+{
+ while (*b)
+ *a++ = *b++;
+ *a = 0;
+
+ return (char*)a;
+}
+#endif
+
+
+/* If a callback has been registerd, call it for the event of type
+ EVENT. */
+static int
+do_callback (rfc822parse_t msg, rfc822parse_event_t event)
+{
+ int rc;
+
+ if (!msg->callback || msg->callback_error)
+ return 0;
+ rc = msg->callback (msg->callback_value, event, msg);
+ if (rc)
+ msg->callback_error = rc;
+ return rc;
+}
+
+static part_t
+new_part (void)
+{
+ part_t part;
+
+ part = calloc (1, sizeof *part);
+ if (part)
+ {
+ part->hdr_lines_tail = &part->hdr_lines;
+ }
+ return part;
+}
+
+
+static void
+release_part (part_t part)
+{
+ part_t tmp;
+ HDR_LINE hdr, hdr2;
+
+ for (; part; part = tmp)
+ {
+ tmp = part->right;
+ if (part->down)
+ release_part (part->down);
+ for (hdr = part->hdr_lines; hdr; hdr = hdr2)
+ {
+ hdr2 = hdr->next;
+ free (hdr);
+ }
+ free (part->boundary);
+ free (part);
+ }
+}
+
+
+static void
+release_handle_data (rfc822parse_t msg)
+{
+ release_part (msg->parts);
+ msg->parts = NULL;
+ msg->current_part = NULL;
+ msg->boundary = NULL;
+}
+
+
+/* Create a new parsing context for an entire rfc822 message and
+ return it. CB and CB_VALUE may be given to callback for certain
+ events. NULL is returned on error with errno set appropriately. */
+rfc822parse_t
+rfc822parse_open (rfc822parse_cb_t cb, void *cb_value)
+{
+ rfc822parse_t msg = calloc (1, sizeof *msg);
+ if (msg)
+ {
+ msg->parts = msg->current_part = new_part ();
+ if (!msg->parts)
+ {
+ free (msg);
+ msg = NULL;
+ }
+ else
+ {
+ msg->callback = cb;
+ msg->callback_value = cb_value;
+ if (do_callback (msg, RFC822PARSE_OPEN))
+ {
+ release_handle_data (msg);
+ free (msg);
+ msg = NULL;
+ }
+ }
+ }
+ return msg;
+}
+
+
+void
+rfc822parse_cancel (rfc822parse_t msg)
+{
+ if (msg)
+ {
+ do_callback (msg, RFC822PARSE_CANCEL);
+ release_handle_data (msg);
+ free (msg);
+ }
+}
+
+
+void
+rfc822parse_close (rfc822parse_t msg)
+{
+ if (msg)
+ {
+ do_callback (msg, RFC822PARSE_CLOSE);
+ release_handle_data (msg);
+ free (msg);
+ }
+}
+
+static part_t
+find_parent (part_t tree, part_t target)
+{
+ part_t part;
+
+ for (part = tree->down; part; part = part->right)
+ {
+ if (part == target)
+ return tree; /* Found. */
+ if (part->down)
+ {
+ part_t tmp = find_parent (part, target);
+ if (tmp)
+ return tmp;
+ }
+ }
+ return NULL;
+}
+
+static void
+set_current_part_to_parent (rfc822parse_t msg)
+{
+ part_t parent;
+
+ assert (msg->current_part);
+ parent = find_parent (msg->parts, msg->current_part);
+ if (!parent)
+ return; /* Already at the top. */
+
+#ifndef NDEBUG
+ {
+ part_t part;
+ for (part = parent->down; part; part = part->right)
+ if (part == msg->current_part)
+ break;
+ assert (part);
+ }
+#endif
+ msg->current_part = parent;
+
+ parent = find_parent (msg->parts, parent);
+ msg->boundary = parent? parent->boundary: NULL;
+}
+
+
+
+/****************
+ * We have read in all header lines and are about to receive the body
+ * part. The delimiter line has already been processed.
+ *
+ * FIXME: we's better return an error in case of memory failures.
+ */
+static int
+transition_to_body (rfc822parse_t msg)
+{
+ rfc822parse_field_t ctx;
+ int rc;
+
+ rc = do_callback (msg, RFC822PARSE_T2BODY);
+ if (!rc)
+ {
+ /* Store the boundary if we have multipart type. */
+ ctx = rfc822parse_parse_field (msg, "Content-Type", -1);
+ if (ctx)
+ {
+ const char *s;
+
+ s = rfc822parse_query_media_type (ctx, NULL);
+ if (s && !strcmp (s,"multipart"))
+ {
+ s = rfc822parse_query_parameter (ctx, "boundary", 0);
+ if (s)
+ {
+ assert (!msg->current_part->boundary);
+ msg->current_part->boundary = malloc (strlen (s) + 1);
+ if (msg->current_part->boundary)
+ {
+ part_t part;
+
+ strcpy (msg->current_part->boundary, s);
+ msg->boundary = msg->current_part->boundary;
+ part = new_part ();
+ if (!part)
+ {
+ int save_errno = errno;
+ rfc822parse_release_field (ctx);
+ errno = save_errno;
+ return -1;
+ }
+ rc = do_callback (msg, RFC822PARSE_LEVEL_DOWN);
+ assert (!msg->current_part->down);
+ msg->current_part->down = part;
+ msg->current_part = part;
+ msg->in_preamble = 1;
+ }
+ }
+ }
+ rfc822parse_release_field (ctx);
+ }
+ }
+
+ return rc;
+}
+
+/* We have just passed a MIME boundary and need to prepare for new part.
+ headers. */
+static int
+transition_to_header (rfc822parse_t msg)
+{
+ part_t part;
+
+ assert (msg->current_part);
+ assert (!msg->current_part->right);
+
+ part = new_part ();
+ if (!part)
+ return -1;
+
+ msg->current_part->right = part;
+ msg->current_part = part;
+ return 0;
+}
+
+
+static int
+insert_header (rfc822parse_t msg, const unsigned char *line, size_t length)
+{
+ HDR_LINE hdr;
+
+ assert (msg->current_part);
+ if (!length)
+ {
+ msg->in_body = 1;
+ return transition_to_body (msg);
+ }
+
+ if (!msg->current_part->hdr_lines)
+ do_callback (msg, RFC822PARSE_BEGIN_HEADER);
+
+ length = length_sans_trailing_ws (line, length);
+ hdr = malloc (sizeof (*hdr) + length);
+ if (!hdr)
+ return -1;
+ hdr->next = NULL;
+ hdr->cont = (*line == ' ' || *line == '\t');
+ memcpy (hdr->line, line, length);
+ hdr->line[length] = 0; /* Make it a string. */
+
+ /* Transform a field name into canonical format. */
+ if (!hdr->cont && strchr (line, ':'))
+ capitalize_header_name (hdr->line);
+
+ *msg->current_part->hdr_lines_tail = hdr;
+ msg->current_part->hdr_lines_tail = &hdr->next;
+
+ /* Lets help the caller to prevent mail loops and issue an event for
+ * every Received header. */
+ if (length >= 9 && !memcmp (line, "Received:", 9))
+ do_callback (msg, RFC822PARSE_RCVD_SEEN);
+ return 0;
+}
+
+
+/****************
+ * Note: We handle the body transparent to allow binary zeroes in it.
+ */
+static int
+insert_body (rfc822parse_t msg, const unsigned char *line, size_t length)
+{
+ int rc = 0;
+
+ if (length > 2 && *line == '-' && line[1] == '-' && msg->boundary)
+ {
+ size_t blen = strlen (msg->boundary);
+
+ if (length == blen + 2
+ && !memcmp (line+2, msg->boundary, blen))
+ {
+ rc = do_callback (msg, RFC822PARSE_BOUNDARY);
+ msg->in_body = 0;
+ if (!rc && !msg->in_preamble)
+ rc = transition_to_header (msg);
+ msg->in_preamble = 0;
+ }
+ else if (length == blen + 4
+ && line[length-2] =='-' && line[length-1] == '-'
+ && !memcmp (line+2, msg->boundary, blen))
+ {
+ rc = do_callback (msg, RFC822PARSE_LAST_BOUNDARY);
+ msg->boundary = NULL; /* No current boundary anymore. */
+ set_current_part_to_parent (msg);
+
+ /* Fixme: The next should actually be send right before the
+ next boundary, so that we can mark the epilogue. */
+ if (!rc)
+ rc = do_callback (msg, RFC822PARSE_LEVEL_UP);
+ }
+ }
+ if (msg->in_preamble && !rc)
+ rc = do_callback (msg, RFC822PARSE_PREAMBLE);
+
+ return rc;
+}
+
+/* Insert the next line into the parser. Return 0 on success or true
+ on error with errno set appropriately. */
+int
+rfc822parse_insert (rfc822parse_t msg, const unsigned char *line, size_t length)
+{
+ return (msg->in_body
+ ? insert_body (msg, line, length)
+ : insert_header (msg, line, length));
+}
+
+
+/* Tell the parser that we have finished the message. */
+int
+rfc822parse_finish (rfc822parse_t msg)
+{
+ return do_callback (msg, RFC822PARSE_FINISH);
+}
+
+
+
+/****************
+ * Get a copy of a header line. The line is returned as one long
+ * string with LF to separate the continuation line. Caller must free
+ * the return buffer. WHICH may be used to enumerate over all lines.
+ * Wildcards are allowed. This function works on the current headers;
+ * i.e. the regular mail headers or the MIME headers of the current
+ * part.
+ *
+ * WHICH gives the mode:
+ * -1 := Take the last occurence
+ * n := Take the n-th one.
+ *
+ * Returns a newly allocated buffer or NULL on error. errno is set in
+ * case of a memory failure or set to 0 if the requested field is not
+ * available.
+ *
+ * If VALUEOFF is not NULL it will receive the offset of the first non
+ * space character in the value part of the line (i.e. after the first
+ * colon).
+ */
+char *
+rfc822parse_get_field (rfc822parse_t msg, const char *name, int which,
+ size_t *valueoff)
+{
+ HDR_LINE h, h2;
+ char *buf, *p;
+ size_t n;
+
+ h = find_header (msg, name, which, NULL);
+ if (!h)
+ {
+ errno = 0;
+ return NULL; /* no such field */
+ }
+
+ n = strlen (h->line) + 1;
+ for (h2 = h->next; h2 && h2->cont; h2 = h2->next)
+ n += strlen (h2->line) + 1;
+
+ buf = p = malloc (n);
+ if (buf)
+ {
+ p = stpcpy (p, h->line);
+ *p++ = '\n';
+ for (h2 = h->next; h2 && h2->cont; h2 = h2->next)
+ {
+ p = stpcpy (p, h2->line);
+ *p++ = '\n';
+ }
+ p[-1] = 0;
+ }
+
+ if (valueoff)
+ {
+ p = strchr (buf, ':');
+ if (!p)
+ *valueoff = 0; /* Oops: should never happen. */
+ else
+ {
+ p++;
+ while (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\n')
+ p++;
+ *valueoff = p - buf;
+ }
+ }
+
+ return buf;
+}
+
+
+/****************
+ * Enumerate all header. Caller has to provide the address of a pointer
+ * which has to be initialzed to NULL, the caller should then never change this
+ * pointer until he has closed the enumeration by passing again the address
+ * of the pointer but with msg set to NULL.
+ * The function returns pointers to all the header lines or NULL when
+ * all lines have been enumerated or no headers are available.
+ */
+const char *
+rfc822parse_enum_header_lines (rfc822parse_t msg, void **context)
+{
+ HDR_LINE l;
+
+ if (!msg) /* Close. */
+ return NULL;
+
+ if (*context == msg || !msg->current_part)
+ return NULL;
+
+ l = *context ? (HDR_LINE) *context : msg->current_part->hdr_lines;
+
+ if (l)
+ {
+ *context = l->next ? (void *) (l->next) : (void *) msg;
+ return l->line;
+ }
+ *context = msg; /* Mark end of list. */
+ return NULL;
+}
+
+
+
+/****************
+ * Find a header field. If the Name does end in an asterisk this is meant
+ * to be a wildcard.
+ *
+ * which -1 : Retrieve the last field
+ * >0 : Retrieve the n-th field
+
+ * RPREV may be used to return the predecessor of the returned field;
+ * which may be NULL for the very first one. It has to be initialzed
+ * to either NULL in which case the search start at the first header line,
+ * or it may point to a headerline, where the search should start
+ */
+static HDR_LINE
+find_header (rfc822parse_t msg, const char *name, int which, HDR_LINE *rprev)
+{
+ HDR_LINE hdr, prev = NULL, mark = NULL;
+ unsigned char *p;
+ size_t namelen, n;
+ int found = 0;
+ int glob = 0;
+
+ if (!msg->current_part)
+ return NULL;
+
+ namelen = strlen (name);
+ if (namelen && name[namelen - 1] == '*')
+ {
+ namelen--;
+ glob = 1;
+ }
+
+ hdr = msg->current_part->hdr_lines;
+ if (rprev && *rprev)
+ {
+ /* spool forward to the requested starting place.
+ * we cannot simply set this as we have to return
+ * the previous list element too */
+ for (; hdr && hdr != *rprev; prev = hdr, hdr = hdr->next)
+ ;
+ }
+
+ for (; hdr; prev = hdr, hdr = hdr->next)
+ {
+ if (hdr->cont)
+ continue;
+ if (!(p = strchr (hdr->line, ':')))
+ continue; /* invalid header, just skip it. */
+ n = p - hdr->line;
+ if (!n)
+ continue; /* invalid name */
+ if ((glob ? (namelen <= n) : (namelen == n))
+ && !memcmp (hdr->line, name, namelen))
+ {
+ found++;
+ if (which == -1)
+ mark = hdr;
+ else if (found == which)
+ {
+ if (rprev)
+ *rprev = prev;
+ return hdr;
+ }
+ }
+ }
+ if (mark && rprev)
+ *rprev = prev;
+ return mark;
+}
+
+
+
+static const char *
+skip_ws (const char *s)
+{
+ while (*s == ' ' || *s == '\t' || *s == '\r' || *s == '\n')
+ s++;
+ return s;
+}
+
+
+static void
+release_token_list (TOKEN t)
+{
+ while (t)
+ {
+ TOKEN t2 = t->next;
+ /* fixme: If we have owner_pantry, put the token back to
+ * this pantry so that it can be reused later */
+ free (t);
+ t = t2;
+ }
+}
+
+
+static TOKEN
+new_token (enum token_type type, const char *buf, size_t length)
+{
+ TOKEN t;
+
+ /* fixme: look through our pantries to find a suitable
+ * token for reuse */
+ t = malloc (sizeof *t + length);
+ if (t)
+ {
+ t->next = NULL;
+ t->type = type;
+ memset (&t->flags, 0, sizeof (t->flags));
+ t->data[0] = 0;
+ if (buf)
+ {
+ memcpy (t->data, buf, length);
+ t->data[length] = 0; /* Make sure it is a C string. */
+ }
+ else
+ t->data[0] = 0;
+ }
+ return t;
+}
+
+static TOKEN
+append_to_token (TOKEN old, const char *buf, size_t length)
+{
+ size_t n = strlen (old->data);
+ TOKEN t;
+
+ t = malloc (sizeof *t + n + length);
+ if (t)
+ {
+ t->next = old->next;
+ t->type = old->type;
+ t->flags = old->flags;
+ memcpy (t->data, old->data, n);
+ memcpy (t->data + n, buf, length);
+ t->data[n + length] = 0;
+ old->next = NULL;
+ release_token_list (old);
+ }
+ return t;
+}
+
+
+
+/*
+ Parse a field into tokens as defined by rfc822.
+ */
+static TOKEN
+parse_field (HDR_LINE hdr)
+{
+ static const char specials[] = "<>@.,;:\\[]\"()";
+ static const char specials2[] = "<>@.,;:";
+ static const char tspecials[] = "/?=<>@,;:\\[]\"()";
+ static const char tspecials2[] = "/?=<>@.,;:"; /* FIXME: really
+ include '.'?*/
+ static struct
+ {
+ const unsigned char *name;
+ size_t namelen;
+ } tspecial_header[] = {
+ { "Content-Type", 12},
+ { "Content-Transfer-Encoding", 25},
+ { "Content-Disposition", 19},
+ { NULL, 0}
+ };
+ const char *delimiters;
+ const char *delimiters2;
+ const unsigned char *line, *s, *s2;
+ size_t n;
+ int i, invalid = 0;
+ TOKEN t, tok, *tok_tail;
+
+ errno = 0;
+ if (!hdr)
+ return NULL;
+
+ tok = NULL;
+ tok_tail = &tok;
+
+ line = hdr->line;
+ if (!(s = strchr (line, ':')))
+ return NULL; /* oops */
+
+ n = s - line;
+ if (!n)
+ return NULL; /* oops: invalid name */
+
+ delimiters = specials;
+ delimiters2 = specials2;
+ for (i = 0; tspecial_header[i].name; i++)
+ {
+ if (n == tspecial_header[i].namelen
+ && !memcmp (line, tspecial_header[i].name, n))
+ {
+ delimiters = tspecials;
+ delimiters2 = tspecials2;
+ break;
+ }
+ }
+
+ s++; /* Move over the colon. */
+ for (;;)
+ {
+ if (!*s)
+ {
+ if (!hdr->next || !hdr->next->cont)
+ break;
+ hdr = hdr->next;
+ s = hdr->line;
+ }
+
+ if (*s == '(')
+ {
+ int level = 1;
+ int in_quote = 0;
+
+ invalid = 0;
+ for (s++;; s++)
+ {
+ if (!*s)
+ {
+ if (!hdr->next || !hdr->next->cont)
+ break;
+ hdr = hdr->next;
+ s = hdr->line;
+ }
+
+ if (in_quote)
+ {
+ if (*s == '\"')
+ in_quote = 0;
+ else if (*s == '\\' && s[1]) /* what about continuation? */
+ s++;
+ }
+ else if (*s == ')')
+ {
+ if (!--level)
+ break;
+ }
+ else if (*s == '(')
+ level++;
+ else if (*s == '\"')
+ in_quote = 1;
+ }
+ if (!*s)
+ ; /* Actually this is an error, but we don't care about it. */
+ else
+ s++;
+ }
+ else if (*s == '\"' || *s == '[')
+ {
+ /* We do not check for non-allowed nesting of domainliterals */
+ int term = *s == '\"' ? '\"' : ']';
+ invalid = 0;
+ s++;
+ t = NULL;
+
+ for (;;)
+ {
+ for (s2 = s; *s2; s2++)
+ {
+ if (*s2 == term)
+ break;
+ else if (*s2 == '\\' && s2[1]) /* what about continuation? */
+ s2++;
+ }
+
+ t = (t
+ ? append_to_token (t, s, s2 - s)
+ : new_token (term == '\"'? tQUOTED : tDOMAINLIT, s, s2 - s));
+ if (!t)
+ goto failure;
+
+ if (*s2 || !hdr->next || !hdr->next->cont)
+ break;
+ hdr = hdr->next;
+ s = hdr->line;
+ }
+ *tok_tail = t;
+ tok_tail = &t->next;
+ s = s2;
+ if (*s)
+ s++; /* skip the delimiter */
+ }
+ else if ((s2 = strchr (delimiters2, *s)))
+ { /* Special characters which are not handled above. */
+ invalid = 0;
+ t = new_token (tSPECIAL, s, 1);
+ if (!t)
+ goto failure;
+ *tok_tail = t;
+ tok_tail = &t->next;
+ s++;
+ }
+ else if (*s == ' ' || *s == '\t' || *s == '\r' || *s == '\n')
+ {
+ invalid = 0;
+ s = skip_ws (s + 1);
+ }
+ else if (*s > 0x20 && !(*s & 128))
+ { /* Atom. */
+ invalid = 0;
+ for (s2 = s + 1; *s2 > 0x20
+ && !(*s2 & 128) && !strchr (delimiters, *s2); s2++)
+ ;
+ t = new_token (tATOM, s, s2 - s);
+ if (!t)
+ goto failure;
+ *tok_tail = t;
+ tok_tail = &t->next;
+ s = s2;
+ }
+ else
+ { /* Invalid character. */
+ if (!invalid)
+ { /* For parsing we assume only one space. */
+ t = new_token (tSPACE, NULL, 0);
+ if (!t)
+ goto failure;
+ *tok_tail = t;
+ tok_tail = &t->next;
+ invalid = 1;
+ }
+ s++;
+ }
+ }
+
+ return tok;
+
+ failure:
+ {
+ int save = errno;
+ release_token_list (tok);
+ errno = save;
+ }
+ return NULL;
+}
+
+
+
+
+/****************
+ * Find and parse a header field.
+ * WHICH indicates what to do if there are multiple instance of the same
+ * field (like "Received"); the following value are defined:
+ * -1 := Take the last occurence
+ * 0 := Reserved
+ * n := Take the n-th one.
+ * Returns a handle for further operations on the parse context of the field
+ * or NULL if the field was not found.
+ */
+rfc822parse_field_t
+rfc822parse_parse_field (rfc822parse_t msg, const char *name, int which)
+{
+ HDR_LINE hdr;
+
+ if (!which)
+ return NULL;
+
+ hdr = find_header (msg, name, which, NULL);
+ if (!hdr)
+ return NULL;
+ return parse_field (hdr);
+}
+
+void
+rfc822parse_release_field (rfc822parse_field_t ctx)
+{
+ if (ctx)
+ release_token_list (ctx);
+}
+
+
+
+/****************
+ * Check whether T points to a parameter.
+ * A parameter starts with a semicolon and it is assumed that t
+ * points to exactly this one.
+ */
+static int
+is_parameter (TOKEN t)
+{
+ t = t->next;
+ if (!t || t->type != tATOM)
+ return 0;
+ t = t->next;
+ if (!t || !(t->type == tSPECIAL && t->data[0] == '='))
+ return 0;
+ t = t->next;
+ if (!t)
+ return 1; /* We assume that an non existing value is an empty one. */
+ return t->type == tQUOTED || t->type == tATOM;
+}
+
+/*
+ Some header (Content-type) have a special syntax where attribute=value
+ pairs are used after a leading semicolon. The parse_field code
+ knows about these fields and changes the parsing to the one defined
+ in RFC2045.
+ Returns a pointer to the value which is valid as long as the
+ parse context is valid; NULL is returned in case that attr is not
+ defined in the header, a missing value is reppresented by an empty string.
+
+ With LOWER_VALUE set to true, a matching field valuebe be
+ lowercased.
+
+ Note, that ATTR should be lowercase.
+ */
+const char *
+rfc822parse_query_parameter (rfc822parse_field_t ctx, const char *attr,
+ int lower_value)
+{
+ TOKEN t, a;
+
+ for (t = ctx; t; t = t->next)
+ {
+ /* skip to the next semicolon */
+ for (; t && !(t->type == tSPECIAL && t->data[0] == ';'); t = t->next)
+ ;
+ if (!t)
+ return NULL;
+ if (is_parameter (t))
+ { /* Look closer. */
+ a = t->next; /* We know that this is an atom */
+ if ( !a->flags.lowered )
+ {
+ lowercase_string (a->data);
+ a->flags.lowered = 1;
+ }
+ if (!strcmp (a->data, attr))
+ { /* found */
+ t = a->next->next;
+ /* Either T is now an atom, a quoted string or NULL in
+ * which case we return an empty string. */
+
+ if ( lower_value && t && !t->flags.lowered )
+ {
+ lowercase_string (t->data);
+ t->flags.lowered = 1;
+ }
+ return t ? t->data : "";
+ }
+ }
+ }
+ return NULL;
+}
+
+/****************
+ * This function may be used for the Content-Type header to figure out
+ * the media type and subtype. Note, that the returned strings are
+ * guaranteed to be lowercase as required by MIME.
+ *
+ * Returns: a pointer to the media type and if subtype is not NULL,
+ * a pointer to the subtype.
+ */
+const char *
+rfc822parse_query_media_type (rfc822parse_field_t ctx, const char **subtype)
+{
+ TOKEN t = ctx;
+ const char *type;
+
+ if (t->type != tATOM)
+ return NULL;
+ if (!t->flags.lowered)
+ {
+ lowercase_string (t->data);
+ t->flags.lowered = 1;
+ }
+ type = t->data;
+ t = t->next;
+ if (!t || t->type != tSPECIAL || t->data[0] != '/')
+ return NULL;
+ t = t->next;
+ if (!t || t->type != tATOM)
+ return NULL;
+
+ if (subtype)
+ {
+ if (!t->flags.lowered)
+ {
+ lowercase_string (t->data);
+ t->flags.lowered = 1;
+ }
+ *subtype = t->data;
+ }
+ return type;
+}
+
+
+
+
+
+#ifdef TESTING
+
+/* Internal debug function to print the structure of the message. */
+static void
+dump_structure (rfc822parse_t msg, part_t part, int indent)
+{
+ if (!part)
+ {
+ printf ("*** Structure of this message:\n");
+ part = msg->parts;
+ }
+
+ for (; part; part = part->right)
+ {
+ rfc822parse_field_t ctx;
+ part_t save_part; /* ugly hack - we should have a function to
+ get part inforation. */
+ const char *s;
+
+ save_part = msg->current_part;
+ msg->current_part = part;
+ ctx = rfc822parse_parse_field (msg, "Content-Type", -1);
+ msg->current_part = save_part;
+ if (ctx)
+ {
+ const char *s1, *s2;
+ s1 = rfc822parse_query_media_type (ctx, &s2);
+ if (s1)
+ printf ("*** %*s %s/%s", indent*2, "", s1, s2);
+ else
+ printf ("*** %*s [not found]", indent*2, "");
+
+ s = rfc822parse_query_parameter (ctx, "boundary", 0);
+ if (s)
+ printf (" (boundary=\"%s\")", s);
+ rfc822parse_release_field (ctx);
+ }
+ else
+ printf ("*** %*s text/plain [assumed]", indent*2, "");
+ putchar('\n');
+
+ if (part->down)
+ dump_structure (msg, part->down, indent + 1);
+ }
+
+}
+
+
+
+static void
+show_param (rfc822parse_field_t ctx, const char *name)
+{
+ const char *s;
+
+ if (!ctx)
+ return;
+ s = rfc822parse_query_parameter (ctx, name, 0);
+ if (s)
+ printf ("*** %s: `%s'\n", name, s);
+}
+
+
+
+static void
+show_event (rfc822parse_event_t event)
+{
+ const char *s;
+
+ switch (event)
+ {
+ case RFC822PARSE_OPEN: s= "Open"; break;
+ case RFC822PARSE_CLOSE: s= "Close"; break;
+ case RFC822PARSE_CANCEL: s= "Cancel"; break;
+ case RFC822PARSE_T2BODY: s= "T2Body"; break;
+ case RFC822PARSE_FINISH: s= "Finish"; break;
+ case RFC822PARSE_RCVD_SEEN: s= "Rcvd_Seen"; break;
+ case RFC822PARSE_BOUNDARY: s= "Boundary"; break;
+ case RFC822PARSE_LAST_BOUNDARY: s= "Last_Boundary"; break;
+ default: s= "***invalid event***"; break;
+ }
+ printf ("*** got RFC822 event %s\n", s);
+}
+
+static int
+msg_cb (void *dummy_arg, rfc822parse_event_t event, rfc822parse_t msg)
+{
+ show_event (event);
+ if (event == RFC822PARSE_T2BODY)
+ {
+ rfc822parse_field_t ctx;
+ void *ectx;
+ const char *line;
+
+ for (ectx=NULL; (line = rfc822parse_enum_header_lines (msg, &ectx)); )
+ {
+ printf ("*** HDR: %s\n", line);
+ }
+ rfc822parse_enum_header_lines (NULL, &ectx); /* Close enumerator. */
+
+ ctx = rfc822parse_parse_field (msg, "Content-Type", -1);
+ if (ctx)
+ {
+ const char *s1, *s2;
+ s1 = rfc822parse_query_media_type (ctx, &s2);
+ if (s1)
+ printf ("*** media: `%s/%s'\n", s1, s2);
+ else
+ printf ("*** media: [not found]\n");
+ show_param (ctx, "boundary");
+ show_param (ctx, "protocol");
+ rfc822parse_release_field (ctx);
+ }
+ else
+ printf ("*** media: text/plain [assumed]\n");
+
+ }
+
+
+ return 0;
+}
+
+
+
+int
+main (int argc, char **argv)
+{
+ char line[5000];
+ size_t length;
+ rfc822parse_t msg;
+
+ msg = rfc822parse_open (msg_cb, NULL);
+ if (!msg)
+ abort ();
+
+ while (fgets (line, sizeof (line), stdin))
+ {
+ length = strlen (line);
+ if (length && line[length - 1] == '\n')
+ line[--length] = 0;
+ if (length && line[length - 1] == '\r')
+ line[--length] = 0;
+ if (rfc822parse_insert (msg, line, length))
+ abort ();
+ }
+
+ dump_structure (msg, NULL, 0);
+
+ rfc822parse_close (msg);
+ return 0;
+}
+#endif
+
+/*
+Local Variables:
+compile-command: "gcc -Wall -Wno-pointer-sign -g -DTESTING -o rfc822parse rfc822parse.c"
+End:
+*/
diff --git a/tools/rfc822parse.h b/tools/rfc822parse.h
new file mode 100644
index 0000000..12699d5
--- /dev/null
+++ b/tools/rfc822parse.h
@@ -0,0 +1,79 @@
+/* rfc822parse.h - Simple mail and MIME parser
+ * Copyright (C) 1999 Werner Koch, Duesseldorf
+ * Copyright (C) 2003, g10 Code GmbH
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef RFC822PARSE_H
+#define RFC822PARSE_H
+
+struct rfc822parse_context;
+typedef struct rfc822parse_context *rfc822parse_t;
+
+typedef enum
+ {
+ RFC822PARSE_OPEN = 1,
+ RFC822PARSE_CLOSE,
+ RFC822PARSE_CANCEL,
+ RFC822PARSE_T2BODY,
+ RFC822PARSE_FINISH,
+ RFC822PARSE_RCVD_SEEN,
+ RFC822PARSE_LEVEL_DOWN,
+ RFC822PARSE_LEVEL_UP,
+ RFC822PARSE_BOUNDARY,
+ RFC822PARSE_LAST_BOUNDARY,
+ RFC822PARSE_BEGIN_HEADER,
+ RFC822PARSE_PREAMBLE,
+ RFC822PARSE_EPILOGUE
+ }
+rfc822parse_event_t;
+
+struct rfc822parse_field_context;
+typedef struct rfc822parse_field_context *rfc822parse_field_t;
+
+
+typedef int (*rfc822parse_cb_t) (void *opaque,
+ rfc822parse_event_t event,
+ rfc822parse_t msg);
+
+
+rfc822parse_t rfc822parse_open (rfc822parse_cb_t cb, void *opaque_value);
+
+void rfc822parse_close (rfc822parse_t msg);
+
+void rfc822parse_cancel (rfc822parse_t msg);
+int rfc822parse_finish (rfc822parse_t msg);
+
+int rfc822parse_insert (rfc822parse_t msg,
+ const unsigned char *line, size_t length);
+
+char *rfc822parse_get_field (rfc822parse_t msg, const char *name, int which,
+ size_t *valueoff);
+
+const char *rfc822parse_enum_header_lines (rfc822parse_t msg, void **context);
+
+rfc822parse_field_t rfc822parse_parse_field (rfc822parse_t msg,
+ const char *name,
+ int which);
+
+void rfc822parse_release_field (rfc822parse_field_t field);
+
+const char *rfc822parse_query_parameter (rfc822parse_field_t ctx,
+ const char *attr, int lower_value);
+
+const char *rfc822parse_query_media_type (rfc822parse_field_t ctx,
+ const char **subtype);
+
+#endif /*RFC822PARSE_H */
diff --git a/tools/sockprox.c b/tools/sockprox.c
new file mode 100644
index 0000000..fe8d320
--- /dev/null
+++ b/tools/sockprox.c
@@ -0,0 +1,550 @@
+/* sockprox - Proxy for local sockets with logging facilities
+ * Copyright (C) 2007 g10 Code GmbH.
+ *
+ * sockprox is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * sockprox is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* Hacked by Moritz Schulte <moritz@g10code.com>.
+
+ Usage example:
+
+ Run a server which binds to a local socket. For example,
+ gpg-agent. gpg-agent's local socket is specified with --server.
+ sockprox opens a new local socket (here "mysock"); the whole
+ traffic between server and client is written to "/tmp/prot" in this
+ case.
+
+ ./sockprox --server /tmp/gpg-PKdD8r/S.gpg-agent.ssh \
+ --listen mysock --protocol /tmp/prot
+
+ Then, redirect your ssh-agent client to sockprox by setting
+ SSH_AUTH_SOCK to "mysock".
+*/
+
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <getopt.h>
+#include <stddef.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <fcntl.h>
+#include <assert.h>
+#include <pthread.h>
+
+struct opt
+{
+ char *protocol_file;
+ char *server_spec;
+ char *listen_spec;
+ int verbose;
+};
+
+struct opt opt = { NULL, NULL, NULL, 0 };
+
+struct thread_data
+{
+ int client_sock;
+ FILE *protocol_file;
+};
+
+
+
+static int
+create_server_socket (const char *filename, int *new_sock)
+{
+ struct sockaddr_un name;
+ size_t size;
+ int sock;
+ int ret;
+ int err;
+
+ /* Create the socket. */
+ sock = socket (PF_LOCAL, SOCK_STREAM, 0);
+ if (sock < 0)
+ {
+ err = errno;
+ goto out;
+ }
+
+ /* Bind a name to the socket. */
+ name.sun_family = AF_LOCAL;
+ strncpy (name.sun_path, filename, sizeof (name.sun_path));
+ name.sun_path[sizeof (name.sun_path) - 1] = '\0';
+ size = SUN_LEN (&name);
+
+ remove (filename);
+
+ ret = bind (sock, (struct sockaddr *) &name, size);
+ if (ret < 0)
+ {
+ err = errno;
+ goto out;
+ }
+
+ ret = listen (sock, 2);
+ if (ret < 0)
+ {
+ err = errno;
+ goto out;
+ }
+
+ *new_sock = sock;
+ err = 0;
+
+ out:
+
+ return err;
+}
+
+static int
+connect_to_socket (const char *filename, int *new_sock)
+{
+ struct sockaddr_un srvr_addr;
+ size_t len;
+ int sock;
+ int ret;
+ int err;
+
+ sock = socket (PF_LOCAL, SOCK_STREAM, 0);
+ if (sock == -1)
+ {
+ err = errno;
+ goto out;
+ }
+
+ memset (&srvr_addr, 0, sizeof srvr_addr);
+ srvr_addr.sun_family = AF_LOCAL;
+ strncpy (srvr_addr.sun_path, filename, sizeof (srvr_addr.sun_path) - 1);
+ srvr_addr.sun_path[sizeof (srvr_addr.sun_path) - 1] = 0;
+ len = SUN_LEN (&srvr_addr);
+
+ ret = connect (sock, (struct sockaddr *) &srvr_addr, len);
+ if (ret == -1)
+ {
+ close (sock);
+ err = errno;
+ goto out;
+ }
+
+ *new_sock = sock;
+ err = 0;
+
+ out:
+
+ return err;
+}
+
+
+
+static int
+log_data (unsigned char *data, size_t length,
+ FILE *from, FILE *to, FILE *protocol)
+{
+ unsigned int i;
+ int ret;
+ int err;
+
+ flockfile (protocol);
+ fprintf (protocol, "%i -> %i: ", fileno (from), fileno (to));
+ for (i = 0; i < length; i++)
+ fprintf (protocol, "%02X", data[i]);
+ fprintf (protocol, "\n");
+ funlockfile (protocol);
+
+ ret = fflush (protocol);
+ if (ret == EOF)
+ err = errno;
+ else
+ err = 0;
+
+ return err;
+}
+
+static int
+transfer_data (FILE *from, FILE *to, FILE *protocol)
+{
+ unsigned char buffer[BUFSIZ];
+ size_t len, written;
+ int err;
+ int ret;
+
+ err = 0;
+
+ while (1)
+ {
+ len = fread (buffer, 1, sizeof (buffer), from);
+ if (len == 0)
+ break;
+
+ err = log_data (buffer, len, from, to, protocol);
+ if (err)
+ break;
+
+ written = fwrite (buffer, 1, len, to);
+ if (written != len)
+ {
+ err = errno;
+ break;
+ }
+
+ ret = fflush (to);
+ if (ret == EOF)
+ {
+ err = errno;
+ break;
+ }
+
+ if (ferror (from))
+ break;
+ }
+
+ return err;
+}
+
+
+static int
+io_loop (FILE *client, FILE *server, FILE *protocol)
+{
+ fd_set active_fd_set, read_fd_set;
+ int ret;
+ int err;
+
+ FD_ZERO (&active_fd_set);
+ FD_SET (fileno (client), &active_fd_set);
+ FD_SET (fileno (server), &active_fd_set);
+
+ err = 0;
+
+ while (1)
+ {
+ read_fd_set = active_fd_set;
+
+ /* FIXME: eof? */
+
+ ret = select (FD_SETSIZE, &read_fd_set, NULL, NULL, NULL);
+ if (ret < 0)
+ {
+ err = errno;
+ break;
+ }
+
+ if (FD_ISSET (fileno (client), &read_fd_set))
+ {
+ if (feof (client))
+ break;
+
+ /* Forward data from client to server. */
+ err = transfer_data (client, server, protocol);
+ }
+ else if (FD_ISSET (fileno (server), &read_fd_set))
+ {
+ if (feof (server))
+ break;
+
+ /* Forward data from server to client. */
+ err = transfer_data (server, client, protocol);
+ }
+
+ if (err)
+ break;
+ }
+
+ return err;
+}
+
+
+
+
+/* Set the `O_NONBLOCK' flag of DESC if VALUE is nonzero,
+ or clear the flag if VALUE is 0.
+ Return 0 on success, or -1 on error with `errno' set. */
+
+int
+set_nonblock_flag (int desc, int value)
+{
+ int oldflags = fcntl (desc, F_GETFL, 0);
+ int err;
+ int ret;
+
+ /* If reading the flags failed, return error indication now. */
+ if (oldflags == -1)
+ return -1;
+ /* Set just the flag we want to set. */
+ if (value != 0)
+ oldflags |= O_NONBLOCK;
+ else
+ oldflags &= ~O_NONBLOCK;
+ /* Store modified flag word in the descriptor. */
+
+ ret = fcntl (desc, F_SETFL, oldflags);
+ if (ret == -1)
+ err = errno;
+ else
+ err = 0;
+
+ return err;
+}
+
+
+
+void *
+serve_client (void *data)
+{
+ struct thread_data *thread_data = data;
+ int client_sock = thread_data->client_sock;
+ int server_sock;
+ FILE *protocol = thread_data->protocol_file;
+ FILE *client;
+ FILE *server;
+ int err;
+
+ client = NULL;
+ server = NULL;
+
+ /* Connect to server. */
+ err = connect_to_socket (opt.server_spec, &server_sock);
+ if (err)
+ goto out;
+
+ /* Set IO mode to nonblicking. */
+ err = set_nonblock_flag (server_sock, 1);
+ if (err)
+ goto out;
+
+ client = fdopen (client_sock, "r+");
+ if (! client)
+ {
+ err = errno;
+ goto out;
+ }
+
+ server = fdopen (server_sock, "r+");
+ if (! server)
+ {
+ err = errno;
+ goto out;
+ }
+
+ err = io_loop (client, server, protocol);
+
+ out:
+
+ if (client)
+ fclose (client);
+ else
+ close (client_sock);
+
+ if (server)
+ fclose (server);
+ else
+ close (server_sock);
+
+ free (data);
+
+ return NULL;
+}
+
+static int
+run_proxy (void)
+{
+ int client_sock;
+ int my_sock;
+ int err;
+ struct sockaddr_un clientname;
+ size_t size;
+ pthread_t mythread;
+ struct thread_data *thread_data;
+ FILE *protocol_file;
+ pthread_attr_t thread_attr;
+
+ protocol_file = NULL;
+
+ err = pthread_attr_init (&thread_attr);
+ if (err)
+ goto out;
+
+ err = pthread_attr_setdetachstate (&thread_attr, PTHREAD_CREATE_DETACHED);
+ if (err)
+ goto out;
+
+ if (opt.protocol_file)
+ {
+ protocol_file = fopen (opt.protocol_file, "a");
+ if (! protocol_file)
+ {
+ err = errno;
+ goto out;
+ }
+ }
+ else
+ protocol_file = stdout;
+
+ err = create_server_socket (opt.listen_spec, &my_sock);
+ if (err)
+ goto out;
+
+ while (1)
+ {
+ /* Accept new client. */
+ size = sizeof (clientname);
+ client_sock = accept (my_sock,
+ (struct sockaddr *) &clientname,
+ &size);
+ if (client_sock < 0)
+ {
+ err = errno;
+ break;
+ }
+
+ /* Set IO mode to nonblicking. */
+ err = set_nonblock_flag (client_sock, 1);
+ if (err)
+ {
+ close (client_sock);
+ break;
+ }
+
+ /* Got new client -> handle in new process. */
+
+ thread_data = malloc (sizeof (*thread_data));
+ if (! thread_data)
+ {
+ err = errno;
+ break;
+ }
+ thread_data->client_sock = client_sock;
+ thread_data->protocol_file = protocol_file;
+
+ err = pthread_create (&mythread, &thread_attr, serve_client, thread_data);
+ if (err)
+ break;
+ }
+ if (err)
+ goto out;
+
+ /* ? */
+
+ out:
+
+ pthread_attr_destroy (&thread_attr);
+ fclose (protocol_file); /* FIXME, err checking. */
+
+ return err;
+}
+
+
+
+static int
+print_help (int ret)
+{
+ printf ("Usage: sockprox [options] "
+ "--server SERVER-SOCKET --listen PROXY-SOCKET\n");
+ exit (ret);
+}
+
+int
+main (int argc, char **argv)
+{
+ struct option long_options[] =
+ {
+ { "help", no_argument, 0, 'h' },
+ { "verbose", no_argument, &opt.verbose, 1 },
+ { "protocol", required_argument, 0, 'p' },
+ { "server", required_argument, 0, 's' },
+ { "listen", required_argument, 0, 'l' },
+ { 0, 0, 0, 0 }
+ };
+ int ret;
+ int err;
+ int c;
+
+ while (1)
+ {
+ int opt_idx = 0;
+ c = getopt_long (argc, argv, "hvp:s:l:",
+ long_options, &opt_idx);
+
+ if (c == -1)
+ break;
+
+ switch (c)
+ {
+ case 0:
+ if (long_options[opt_idx].flag)
+ break;
+ printf ("option %s", long_options[opt_idx].name);
+ if (optarg)
+ printf (" with arg %s", optarg);
+ printf ("\n");
+ break;
+
+ case 'p':
+ opt.protocol_file = optarg;
+ break;
+
+ case 's':
+ opt.server_spec = optarg;
+ break;
+
+ case 'l':
+ opt.listen_spec = optarg;
+ break;
+
+ case 'v':
+ opt.verbose = 1;
+ break;
+
+ case 'h':
+ print_help (EXIT_SUCCESS);
+ break;
+
+ default:
+ abort ();
+ }
+ }
+
+ if (opt.verbose)
+ {
+ printf ("server: %s\n", opt.server_spec ? opt.server_spec : "");
+ printf ("listen: %s\n", opt.listen_spec ? opt.listen_spec : "");
+ printf ("protocol: %s\n", opt.protocol_file ? opt.protocol_file : "");
+ }
+
+ if (! (opt.server_spec && opt.listen_spec))
+ print_help (EXIT_FAILURE);
+
+ err = run_proxy ();
+ if (err)
+ {
+ fprintf (stderr, "run_proxy() failed: %s\n", strerror (err));
+ ret = EXIT_FAILURE;
+ }
+ else
+ /* ? */
+ ret = EXIT_SUCCESS;
+
+ return ret;
+}
+
+
+/*
+Local Variables:
+compile-command: "cc -Wall -g -o sockprox sockprox.c -lpthread"
+End:
+*/
diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c
new file mode 100644
index 0000000..067da29
--- /dev/null
+++ b/tools/symcryptrun.c
@@ -0,0 +1,1027 @@
+/* symcryptrun.c - Tool to call simple symmetric encryption tools.
+ * Copyright (C) 2005, 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/* Sometimes simple encryption tools are already in use for a long
+ time and there is a desire to integrate them into the GnuPG
+ framework. The protocols and encryption methods might be
+ non-standard or not even properly documented, so that a
+ full-fledged encryption tool with an interface like gpg is not
+ doable. This simple wrapper program provides a solution: It
+ operates by calling the encryption/decryption module and providing
+ the passphrase for a key (or even the key directly) using the
+ standard pinentry mechanism through gpg-agent. */
+
+/* This program is invoked in the following way:
+
+ symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE \
+ [--decrypt | --encrypt]
+
+ For encryption, the plain text must be provided on STDIN, and the
+ ciphertext will be output to STDOUT. For decryption vice versa.
+
+ CLASS can currently only be "confucius".
+
+ PROGRAM must be the path to the crypto engine.
+
+ KEYFILE must contain the secret key, which may be protected by a
+ passphrase. The passphrase is retrieved via the pinentry program.
+
+
+ The GPG Agent _must_ be running before starting symcryptrun.
+
+ The possible exit status codes:
+
+ 0 Success
+ 1 Some error occured
+ 2 No valid passphrase was provided
+ 3 The operation was canceled by the user
+
+ Other classes may be added in the future. */
+
+#define SYMC_BAD_PASSPHRASE 2
+#define SYMC_CANCELED 3
+
+
+#include <config.h>
+
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <signal.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#ifdef HAVE_PTY_H
+# include <pty.h>
+#endif
+#ifdef HAVE_UTMP_H
+# include <utmp.h>
+#endif
+#include <ctype.h>
+#ifdef HAVE_LOCALE_H
+# include <locale.h>
+#endif
+#ifdef HAVE_LANGINFO_CODESET
+# include <langinfo.h>
+#endif
+#include <gpg-error.h>
+
+#define JNLIB_NEED_LOG_LOGV
+#include "i18n.h"
+#include "../common/util.h"
+#include "mkdtemp.h"
+
+/* FIXME: Bah. For spwq_secure_free. */
+#define SIMPLE_PWQUERY_IMPLEMENTATION 1
+#include "../common/simple-pwquery.h"
+
+
+/* From simple-gettext.c. */
+
+/* We assume to have `unsigned long int' value with at least 32 bits. */
+#define HASHWORDBITS 32
+
+/* The so called `hashpjw' function by P.J. Weinberger
+ [see Aho/Sethi/Ullman, COMPILERS: Principles, Techniques and Tools,
+ 1986, 1987 Bell Telephone Laboratories, Inc.] */
+
+static __inline__ ulong
+hash_string( const char *str_param )
+{
+ unsigned long int hval, g;
+ const char *str = str_param;
+
+ hval = 0;
+ while (*str != '\0')
+ {
+ hval <<= 4;
+ hval += (unsigned long int) *str++;
+ g = hval & ((unsigned long int) 0xf << (HASHWORDBITS - 4));
+ if (g != 0)
+ {
+ hval ^= g >> (HASHWORDBITS - 8);
+ hval ^= g;
+ }
+ }
+ return hval;
+}
+
+
+/* Constants to identify the commands and options. */
+enum cmd_and_opt_values
+ {
+ aNull = 0,
+ oQuiet = 'q',
+ oVerbose = 'v',
+
+ oNoVerbose = 500,
+ oOptions,
+ oNoOptions,
+ oLogFile,
+ oHomedir,
+ oClass,
+ oProgram,
+ oKeyfile,
+ oDecrypt,
+ oEncrypt,
+ oInput
+ };
+
+
+/* The list of commands and options. */
+static ARGPARSE_OPTS opts[] =
+ {
+ { 301, NULL, 0, N_("@\nCommands:\n ") },
+
+ { oDecrypt, "decrypt", 0, N_("decryption modus") },
+ { oEncrypt, "encrypt", 0, N_("encryption modus") },
+
+ { 302, NULL, 0, N_("@\nOptions:\n ") },
+
+ { oClass, "class", 2, N_("tool class (confucius)") },
+ { oProgram, "program", 2, N_("program filename") },
+
+ { oKeyfile, "keyfile", 2, N_("secret key file (required)") },
+ { oInput, "inputfile", 2, N_("input file name (default stdin)") },
+ { oVerbose, "verbose", 0, N_("verbose") },
+ { oQuiet, "quiet", 0, N_("quiet") },
+ { oLogFile, "log-file", 2, N_("use a log file for the server") },
+ { oOptions, "options" , 2, N_("|FILE|read options from FILE") },
+
+ /* Hidden options. */
+ { oNoVerbose, "no-verbose", 0, "@" },
+ { oHomedir, "homedir", 2, "@" },
+ { oNoOptions, "no-options", 0, "@" },/* shortcut for --options /dev/null */
+
+ {0}
+ };
+
+
+/* We keep all global options in the structure OPT. */
+struct
+{
+ int verbose; /* Verbosity level. */
+ int quiet; /* Be extra quiet. */
+ const char *homedir; /* Configuration directory name */
+
+ char *class;
+ char *program;
+ char *keyfile;
+ char *input;
+} opt;
+
+
+/* Print usage information and and provide strings for help. */
+static const char *
+my_strusage (int level)
+{
+ const char *p;
+
+ switch (level)
+ {
+ case 11: p = "symcryptrun (GnuPG)";
+ break;
+ case 13: p = VERSION; break;
+ case 17: p = PRINTABLE_OS_NAME; break;
+ case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
+
+ case 1:
+ case 40: p = _("Usage: symcryptrun [options] (-h for help)");
+ break;
+ case 41:
+ p = _("Syntax: symcryptrun --class CLASS --program PROGRAM "
+ "--keyfile KEYFILE [options...] COMMAND [inputfile]\n"
+ "Call a simple symmetric encryption tool\n");
+ break;
+ case 31: p = "\nHome: "; break;
+ case 32: p = opt.homedir; break;
+ case 33: p = "\n"; break;
+
+ default: p = NULL; break;
+ }
+ return p;
+}
+
+
+
+/* This is in the GNU C library in unistd.h. */
+
+#ifndef TEMP_FAILURE_RETRY
+/* Evaluate EXPRESSION, and repeat as long as it returns -1 with `errno'
+ set to EINTR. */
+
+# define TEMP_FAILURE_RETRY(expression) \
+ (__extension__ \
+ ({ long int __result; \
+ do __result = (long int) (expression); \
+ while (__result == -1L && errno == EINTR); \
+ __result; }))
+#endif
+
+/* Include the implementation of map_spwq_error. */
+MAP_SPWQ_ERROR_IMPL
+
+/* Unlink a file, and shred it if SHRED is true. */
+int
+remove_file (char *name, int shred)
+{
+ if (!shred)
+ return unlink (name);
+ else
+ {
+ int status;
+ pid_t pid;
+
+ pid = fork ();
+ if (pid == 0)
+ {
+ /* Child. */
+
+ /* -f forces file to be writable, and -u unlinks it afterwards. */
+ char *args[] = { SHRED, "-uf", name, NULL };
+
+ execv (SHRED, args);
+ _exit (127);
+ }
+ else if (pid < 0)
+ {
+ /* Fork failed. */
+ status = -1;
+ }
+ else
+ {
+ /* Parent. */
+
+ if (TEMP_FAILURE_RETRY (waitpid (pid, &status, 0)) != pid)
+ status = -1;
+ }
+
+ if (!WIFEXITED (status))
+ {
+ log_error (_("%s on %s aborted with status %i\n"),
+ SHRED, name, status);
+ unlink (name);
+ return 1;
+ }
+ else if (WEXITSTATUS (status))
+ {
+ log_error (_("%s on %s failed with status %i\n"), SHRED, name,
+ WEXITSTATUS (status));
+ unlink (name);
+ return 1;
+ }
+
+ return 0;
+ }
+}
+
+
+/* Class Confucius.
+
+ "Don't worry that other people don't know you;
+ worry that you don't know other people." Analects--1.16. */
+
+/* Create temporary directory with mode 0700. Returns a dynamically
+ allocated string with the filename of the directory. */
+static char *
+confucius_mktmpdir (void)
+{
+ char *name;
+
+ name = strdup ("/tmp/gpg-XXXXXX");
+ if (!name || !mkdtemp (name))
+ {
+ log_error (_("can't create temporary directory `%s': %s\n"),
+ name?name:"", strerror (errno));
+ return NULL;
+ }
+
+ return name;
+}
+
+
+/* Buffer size for I/O operations. */
+#define CONFUCIUS_BUFSIZE 4096
+
+/* Buffer size for output lines. */
+#define CONFUCIUS_LINESIZE 4096
+
+
+/* Copy the file IN to OUT, either of which may be "-". If PLAIN is
+ true, and the copying fails, and OUT is not STDOUT, then shred the
+ file instead unlinking it. */
+static int
+confucius_copy_file (char *infile, char *outfile, int plain)
+{
+ FILE *in;
+ int in_is_stdin = 0;
+ FILE *out;
+ int out_is_stdout = 0;
+ char data[CONFUCIUS_BUFSIZE];
+ ssize_t data_len;
+
+ if (infile[0] == '-' && infile[1] == '\0')
+ {
+ /* FIXME: Is stdin in binary mode? */
+ in = stdin;
+ in_is_stdin = 1;
+ }
+ else
+ {
+ in = fopen (infile, "rb");
+ if (!in)
+ {
+ log_error (_("could not open %s for writing: %s\n"),
+ infile, strerror (errno));
+ return 1;
+ }
+ }
+
+ if (outfile[0] == '-' && outfile[1] == '\0')
+ {
+ /* FIXME: Is stdout in binary mode? */
+ out = stdout;
+ out_is_stdout = 1;
+ }
+ else
+ {
+ out = fopen (outfile, "wb");
+ if (!out)
+ {
+ log_error (_("could not open %s for writing: %s\n"),
+ infile, strerror (errno));
+ return 1;
+ }
+ }
+
+ /* Now copy the data. */
+ while ((data_len = fread (data, 1, sizeof (data), in)) > 0)
+ {
+ if (fwrite (data, 1, data_len, out) != data_len)
+ {
+ log_error (_("error writing to %s: %s\n"), outfile,
+ strerror (errno));
+ goto copy_err;
+ }
+ }
+ if (data_len < 0 || ferror (in))
+ {
+ log_error (_("error reading from %s: %s\n"), infile, strerror (errno));
+ goto copy_err;
+ }
+
+ /* Close IN if appropriate. */
+ if (!in_is_stdin && fclose (in) && ferror (in))
+ {
+ log_error (_("error closing %s: %s\n"), infile, strerror (errno));
+ goto copy_err;
+ }
+
+ /* Close OUT if appropriate. */
+ if (!out_is_stdout && fclose (out) && ferror (out))
+ {
+ log_error (_("error closing %s: %s\n"), infile, strerror (errno));
+ goto copy_err;
+ }
+
+ return 0;
+
+ copy_err:
+ if (!out_is_stdout)
+ remove_file (outfile, plain);
+
+ return 1;
+}
+
+
+/* Get a passphrase in secure storage (if possible). If AGAIN is
+ true, then this is a repeated attempt. If CANCELED is not a null
+ pointer, it will be set to true or false, depending on if the user
+ canceled the operation or not. On error (including cancelation), a
+ null pointer is returned. The passphrase must be deallocated with
+ confucius_drop_pass. CACHEID is the ID to be used for passphrase
+ caching and can be NULL to disable caching. */
+char *
+confucius_get_pass (const char *cacheid, int again, int *canceled)
+{
+ int err;
+ char *pw;
+ char *orig_codeset;
+
+ if (canceled)
+ *canceled = 0;
+
+ orig_codeset = i18n_switchto_utf8 ();
+ pw = simple_pwquery (cacheid,
+ again ? _("does not match - try again"):NULL,
+ _("Passphrase:"), NULL, 0, &err);
+ err = map_spwq_error (err);
+ i18n_switchback (orig_codeset);
+
+ if (!pw)
+ {
+ if (err)
+ log_error (_("error while asking for the passphrase: %s\n"),
+ gpg_strerror (err));
+ else
+ {
+ log_info (_("cancelled\n"));
+ if (canceled)
+ *canceled = 1;
+ }
+ }
+
+ return pw;
+}
+
+
+/* Drop a passphrase retrieved with confucius_get_pass. */
+void
+confucius_drop_pass (char *pass)
+{
+ if (pass)
+ spwq_secure_free (pass);
+}
+
+
+/* Run a confucius crypto engine. If MODE is oEncrypt, encryption is
+ requested. If it is oDecrypt, decryption is requested. INFILE and
+ OUTFILE are the temporary files used in the process. */
+int
+confucius_process (int mode, char *infile, char *outfile,
+ int argc, char *argv[])
+{
+ char **args;
+ int cstderr[2];
+ int master;
+ int slave;
+ int res;
+ pid_t pid;
+ pid_t wpid;
+ int tries = 0;
+ char cacheid[40];
+
+ signal (SIGPIPE, SIG_IGN);
+
+ if (!opt.program)
+ {
+ log_error (_("no --program option provided\n"));
+ return 1;
+ }
+
+ if (mode != oDecrypt && mode != oEncrypt)
+ {
+ log_error (_("only --decrypt and --encrypt are supported\n"));
+ return 1;
+ }
+
+ if (!opt.keyfile)
+ {
+ log_error (_("no --keyfile option provided\n"));
+ return 1;
+ }
+
+ /* Generate a hash from the keyfile name for caching. */
+ snprintf (cacheid, sizeof (cacheid), "confucius:%lu",
+ hash_string (opt.keyfile));
+ cacheid[sizeof (cacheid) - 1] = '\0';
+ args = malloc (sizeof (char *) * (10 + argc));
+ if (!args)
+ {
+ log_error (_("cannot allocate args vector\n"));
+ return 1;
+ }
+ args[0] = opt.program;
+ args[1] = (mode == oEncrypt) ? "-m1" : "-m2";
+ args[2] = "-q";
+ args[3] = infile;
+ args[4] = "-z";
+ args[5] = outfile;
+ args[6] = "-s";
+ args[7] = opt.keyfile;
+ args[8] = (mode == oEncrypt) ? "-af" : "-f";
+ args[9 + argc] = NULL;
+ while (argc--)
+ args[9 + argc] = argv[argc];
+
+ if (pipe (cstderr) < 0)
+ {
+ log_error (_("could not create pipe: %s\n"), strerror (errno));
+ free (args);
+ return 1;
+ }
+
+ if (openpty (&master, &slave, NULL, NULL, NULL) == -1)
+ {
+ log_error (_("could not create pty: %s\n"), strerror (errno));
+ close (cstderr[0]);
+ close (cstderr[1]);
+ free (args);
+ return -1;
+ }
+
+ /* We don't want to deal with the worst case scenarios. */
+ assert (master > 2);
+ assert (slave > 2);
+ assert (cstderr[0] > 2);
+ assert (cstderr[1] > 2);
+
+ pid = fork ();
+ if (pid < 0)
+ {
+ log_error (_("could not fork: %s\n"), strerror (errno));
+ close (master);
+ close (slave);
+ close (cstderr[0]);
+ close (cstderr[1]);
+ free (args);
+ return 1;
+ }
+ else if (pid == 0)
+ {
+ /* Child. */
+
+ /* Close the parent ends. */
+ close (master);
+ close (cstderr[0]);
+
+ /* Change controlling terminal. */
+ if (login_tty (slave))
+ {
+ /* It's too early to output a debug message. */
+ _exit (1);
+ }
+
+ dup2 (cstderr[1], 2);
+ close (cstderr[1]);
+
+ /* Now kick off the engine program. */
+ execv (opt.program, args);
+ log_error (_("execv failed: %s\n"), strerror (errno));
+ _exit (1);
+ }
+ else
+ {
+ /* Parent. */
+ char buffer[CONFUCIUS_LINESIZE];
+ int buffer_len = 0;
+ fd_set fds;
+ int slave_closed = 0;
+ int stderr_closed = 0;
+
+ close (slave);
+ close (cstderr[1]);
+ free (args);
+
+ /* Listen on the output FDs. */
+ do
+ {
+ FD_ZERO (&fds);
+
+ if (!slave_closed)
+ FD_SET (master, &fds);
+ if (!stderr_closed)
+ FD_SET (cstderr[0], &fds);
+
+ res = select (FD_SETSIZE, &fds, NULL, NULL, NULL);
+ if (res < 0)
+ {
+ log_error (_("select failed: %s\n"), strerror (errno));
+
+ kill (pid, SIGTERM);
+ close (master);
+ close (cstderr[0]);
+ return 1;
+ }
+
+ if (FD_ISSET (cstderr[0], &fds))
+ {
+ /* We got some output on stderr. This is just passed
+ through via the logging facility. */
+
+ res = read (cstderr[0], &buffer[buffer_len],
+ sizeof (buffer) - buffer_len - 1);
+ if (res < 0)
+ {
+ log_error (_("read failed: %s\n"), strerror (errno));
+
+ kill (pid, SIGTERM);
+ close (master);
+ close (cstderr[0]);
+ return 1;
+ }
+ else
+ {
+ char *newline;
+
+ buffer_len += res;
+ for (;;)
+ {
+ buffer[buffer_len] = '\0';
+ newline = strchr (buffer, '\n');
+ if (newline)
+ {
+ *newline = '\0';
+ log_error ("%s\n", buffer);
+ buffer_len -= newline + 1 - buffer;
+ memmove (buffer, newline + 1, buffer_len);
+ }
+ else if (buffer_len == sizeof (buffer) - 1)
+ {
+ /* Overflow. */
+ log_error ("%s\n", buffer);
+ buffer_len = 0;
+ }
+ else
+ break;
+ }
+
+ if (res == 0)
+ stderr_closed = 1;
+ }
+ }
+ else if (FD_ISSET (master, &fds))
+ {
+ char data[512];
+
+ res = read (master, data, sizeof (data));
+ if (res < 0)
+ {
+ if (errno == EIO)
+ {
+ /* Slave-side close leads to readable fd and
+ EIO. */
+ slave_closed = 1;
+ }
+ else
+ {
+ log_error (_("pty read failed: %s\n"), strerror (errno));
+
+ kill (pid, SIGTERM);
+ close (master);
+ close (cstderr[0]);
+ return 1;
+ }
+ }
+ else if (res == 0)
+ /* This never seems to be what happens on slave-side
+ close. */
+ slave_closed = 1;
+ else
+ {
+ /* Check for password prompt. */
+ if (data[res - 1] == ':')
+ {
+ char *pass;
+ int canceled;
+
+ /* If this is not the first attempt, the
+ passphrase seems to be wrong, so clear the
+ cache. */
+ if (tries)
+ simple_pwclear (cacheid);
+
+ pass = confucius_get_pass (cacheid,
+ tries ? 1 : 0, &canceled);
+ if (!pass)
+ {
+ kill (pid, SIGTERM);
+ close (master);
+ close (cstderr[0]);
+ return canceled ? SYMC_CANCELED : 1;
+ }
+ write (master, pass, strlen (pass));
+ write (master, "\n", 1);
+ confucius_drop_pass (pass);
+
+ tries++;
+ }
+ }
+ }
+ }
+ while (!stderr_closed || !slave_closed);
+
+ close (master);
+ close (cstderr[0]);
+
+ wpid = waitpid (pid, &res, 0);
+ if (wpid < 0)
+ {
+ log_error (_("waitpid failed: %s\n"), strerror (errno));
+
+ kill (pid, SIGTERM);
+ /* State of cached password is unclear. Just remove it. */
+ simple_pwclear (cacheid);
+ return 1;
+ }
+ else
+ {
+ /* Shouldn't happen, as we don't use WNOHANG. */
+ assert (wpid != 0);
+
+ if (!WIFEXITED (res))
+ {
+ log_error (_("child aborted with status %i\n"), res);
+
+ /* State of cached password is unclear. Just remove it. */
+ simple_pwclear (cacheid);
+
+ return 1;
+ }
+
+ if (WEXITSTATUS (res))
+ {
+ /* The passphrase was wrong. Remove it from the cache. */
+ simple_pwclear (cacheid);
+
+ /* We probably exceeded our number of attempts at guessing
+ the password. */
+ if (tries >= 3)
+ return SYMC_BAD_PASSPHRASE;
+ else
+ return 1;
+ }
+
+ return 0;
+ }
+ }
+
+ /* Not reached. */
+}
+
+
+/* Class confucius main program. If MODE is oEncrypt, encryption is
+ requested. If it is oDecrypt, decryption is requested. The other
+ parameters are taken from the global option data. */
+int
+confucius_main (int mode, int argc, char *argv[])
+{
+ int res;
+ char *tmpdir;
+ char *infile;
+ int infile_from_stdin = 0;
+ char *outfile;
+
+ tmpdir = confucius_mktmpdir ();
+ if (!tmpdir)
+ return 1;
+
+ if (opt.input && !(opt.input[0] == '-' && opt.input[1] == '\0'))
+ infile = xstrdup (opt.input);
+ else
+ {
+ infile_from_stdin = 1;
+
+ /* TMPDIR + "/" + "in" + "\0". */
+ infile = malloc (strlen (tmpdir) + 1 + 2 + 1);
+ if (!infile)
+ {
+ log_error (_("cannot allocate infile string: %s\n"),
+ strerror (errno));
+ rmdir (tmpdir);
+ return 1;
+ }
+ strcpy (infile, tmpdir);
+ strcat (infile, "/in");
+ }
+
+ /* TMPDIR + "/" + "out" + "\0". */
+ outfile = malloc (strlen (tmpdir) + 1 + 3 + 1);
+ if (!outfile)
+ {
+ log_error (_("cannot allocate outfile string: %s\n"), strerror (errno));
+ free (infile);
+ rmdir (tmpdir);
+ return 1;
+ }
+ strcpy (outfile, tmpdir);
+ strcat (outfile, "/out");
+
+ if (infile_from_stdin)
+ {
+ /* Create INFILE and fill it with content. */
+ res = confucius_copy_file ("-", infile, mode == oEncrypt);
+ if (res)
+ {
+ free (outfile);
+ free (infile);
+ rmdir (tmpdir);
+ return res;
+ }
+ }
+
+ /* Run the engine and thus create the output file, handling
+ passphrase retrieval. */
+ res = confucius_process (mode, infile, outfile, argc, argv);
+ if (res)
+ {
+ remove_file (outfile, mode == oDecrypt);
+ if (infile_from_stdin)
+ remove_file (infile, mode == oEncrypt);
+ free (outfile);
+ free (infile);
+ rmdir (tmpdir);
+ return res;
+ }
+
+ /* Dump the output file to stdout. */
+ res = confucius_copy_file (outfile, "-", mode == oDecrypt);
+ if (res)
+ {
+ remove_file (outfile, mode == oDecrypt);
+ if (infile_from_stdin)
+ remove_file (infile, mode == oEncrypt);
+ free (outfile);
+ free (infile);
+ rmdir (tmpdir);
+ return res;
+ }
+
+ remove_file (outfile, mode == oDecrypt);
+ if (infile_from_stdin)
+ remove_file (infile, mode == oEncrypt);
+ free (outfile);
+ free (infile);
+ rmdir (tmpdir);
+ return 0;
+}
+
+
+/* symcryptrun's entry point. */
+int
+main (int argc, char **argv)
+{
+ ARGPARSE_ARGS pargs;
+ int orig_argc;
+ char **orig_argv;
+ FILE *configfp = NULL;
+ char *configname = NULL;
+ unsigned configlineno;
+ int mode = 0;
+ int res;
+ char *logfile = NULL;
+ int default_config = 1;
+
+ set_strusage (my_strusage);
+ log_set_prefix ("symcryptrun", 1);
+
+ /* Make sure that our subsystems are ready. */
+ i18n_init();
+ init_common_subsystems ();
+
+ opt.homedir = default_homedir ();
+
+ /* Check whether we have a config file given on the commandline */
+ orig_argc = argc;
+ orig_argv = argv;
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags= 1|(1<<6); /* do not remove the args, ignore version */
+ while (arg_parse( &pargs, opts))
+ {
+ if (pargs.r_opt == oOptions)
+ { /* Yes there is one, so we do not try the default one, but
+ read the option file when it is encountered at the
+ commandline */
+ default_config = 0;
+ }
+ else if (pargs.r_opt == oNoOptions)
+ default_config = 0; /* --no-options */
+ else if (pargs.r_opt == oHomedir)
+ opt.homedir = pargs.r.ret_str;
+ }
+
+ if (default_config)
+ configname = make_filename (opt.homedir, "symcryptrun.conf", NULL );
+
+ argc = orig_argc;
+ argv = orig_argv;
+ pargs.argc = &argc;
+ pargs.argv = &argv;
+ pargs.flags= 1; /* do not remove the args */
+ next_pass:
+ if (configname)
+ {
+ configlineno = 0;
+ configfp = fopen (configname, "r");
+ if (!configfp)
+ {
+ if (!default_config)
+ {
+ log_error (_("option file `%s': %s\n"),
+ configname, strerror(errno) );
+ exit(1);
+ }
+ xfree (configname);
+ configname = NULL;
+ }
+ default_config = 0;
+ }
+
+ /* Parse the command line. */
+ while (optfile_parse (configfp, configname, &configlineno, &pargs, opts))
+ {
+ switch (pargs.r_opt)
+ {
+ case oDecrypt: mode = oDecrypt; break;
+ case oEncrypt: mode = oEncrypt; break;
+
+ case oQuiet: opt.quiet = 1; break;
+ case oVerbose: opt.verbose++; break;
+ case oNoVerbose: opt.verbose = 0; break;
+
+ case oClass: opt.class = pargs.r.ret_str; break;
+ case oProgram: opt.program = pargs.r.ret_str; break;
+ case oKeyfile: opt.keyfile = pargs.r.ret_str; break;
+ case oInput: opt.input = pargs.r.ret_str; break;
+
+ case oLogFile: logfile = pargs.r.ret_str; break;
+
+ case oOptions:
+ /* Config files may not be nested (silently ignore them) */
+ if (!configfp)
+ {
+ xfree(configname);
+ configname = xstrdup(pargs.r.ret_str);
+ goto next_pass;
+ }
+ break;
+ case oNoOptions: break; /* no-options */
+ case oHomedir: /* Ignore this option here. */; break;
+
+ default : pargs.err = configfp? 1:2; break;
+ }
+ }
+ if (configfp)
+ {
+ fclose( configfp );
+ configfp = NULL;
+ configname = NULL;
+ goto next_pass;
+ }
+ xfree (configname);
+ configname = NULL;
+
+ if (!mode)
+ log_error (_("either %s or %s must be given\n"),
+ "--decrypt", "--encrypt");
+
+ if (log_get_errorcount (0))
+ exit (1);
+
+ if (logfile)
+ log_set_file (logfile);
+
+ gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
+ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
+ {
+ log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt",
+ NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
+ }
+ setup_libgcrypt_logging ();
+ gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
+
+ /* Tell simple-pwquery about the the standard socket name. */
+ {
+ char *tmp = make_filename (opt.homedir, "S.gpg-agent", NULL);
+ simple_pw_set_socket (tmp);
+ xfree (tmp);
+ }
+
+ if (!opt.class)
+ {
+ log_error (_("no class provided\n"));
+ res = 1;
+ }
+ else if (!strcmp (opt.class, "confucius"))
+ {
+ res = confucius_main (mode, argc, argv);
+ }
+ else
+ {
+ log_error (_("class %s is not supported\n"), opt.class);
+ res = 1;
+ }
+
+ return res;
+}
diff --git a/tools/watchgnupg.c b/tools/watchgnupg.c
new file mode 100644
index 0000000..aae1120
--- /dev/null
+++ b/tools/watchgnupg.c
@@ -0,0 +1,392 @@
+/* watchgnupg.c - Socket server for GnuPG logs
+ * Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <fcntl.h>
+#include <time.h>
+
+#define PGM "watchgnupg"
+
+/* Allow for a standalone build on most systems. */
+#ifdef VERSION
+#define MYVERSION_LINE PGM " (GnuPG) " VERSION
+#define BUGREPORT_LINE "\nReport bugs to <bug-gnupg@gnu.org>.\n"
+#else
+#define MYVERSION_LINE PGM
+#define BUGREPORT_LINE ""
+#endif
+#if !defined(SUN_LEN) || !defined(PF_LOCAL) || !defined(AF_LOCAL)
+#define JNLIB_NEED_AFLOCAL
+#include "../jnlib/mischelp.h"
+#endif
+
+
+static int verbose;
+
+
+static void
+die (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ fflush (stdout);
+ fprintf (stderr, "%s: ", PGM);
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+ putc ('\n', stderr);
+
+ exit (1);
+}
+
+
+/* static void */
+/* err (const char *format, ...) */
+/* { */
+/* va_list arg_ptr; */
+
+/* fflush (stdout); */
+/* fprintf (stderr, "%s: ", PGM); */
+
+/* va_start (arg_ptr, format); */
+/* vfprintf (stderr, format, arg_ptr); */
+/* va_end (arg_ptr); */
+/* putc ('\n', stderr); */
+/* } */
+
+static void *
+xmalloc (size_t n)
+{
+ void *p = malloc (n);
+ if (!p)
+ die ("out of core");
+ return p;
+}
+
+static void *
+xcalloc (size_t n, size_t m)
+{
+ void *p = calloc (n, m);
+ if (!p)
+ die ("out of core");
+ return p;
+}
+
+static void *
+xrealloc (void *old, size_t n)
+{
+ void *p = realloc (old, n);
+ if (!p)
+ die ("out of core");
+ return p;
+}
+
+
+struct client_s {
+ struct client_s *next;
+ int fd;
+ size_t size; /* Allocated size of buffer. */
+ size_t len; /* Current length of buffer. */
+ unsigned char *buffer; /* Buffer to with data already read. */
+
+};
+typedef struct client_s *client_t;
+
+
+
+static void
+print_fd_and_time (int fd)
+{
+ struct tm *tp;
+ time_t atime = time (NULL);
+
+ tp = localtime (&atime);
+ printf ("%3d - %04d-%02d-%02d %02d:%02d:%02d ",
+ fd,
+ 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
+ tp->tm_hour, tp->tm_min, tp->tm_sec );
+}
+
+
+/* Print LINE for the client identified by C. Calling this function
+ witgh LINE set to NULL, will flush the internal buffer. */
+static void
+print_line (client_t c, const char *line)
+{
+ const char *s;
+ size_t n;
+
+ if (!line)
+ {
+ if (c->buffer && c->len)
+ {
+ print_fd_and_time (c->fd);
+ fwrite (c->buffer, c->len, 1, stdout);
+ putc ('\n', stdout);
+ c->len = 0;
+ }
+ return;
+ }
+
+ while ((s = strchr (line, '\n')))
+ {
+ print_fd_and_time (c->fd);
+ if (c->buffer && c->len)
+ {
+ fwrite (c->buffer, c->len, 1, stdout);
+ c->len = 0;
+ }
+ fwrite (line, s - line + 1, 1, stdout);
+ line = s + 1;
+ }
+ n = strlen (line);
+ if (n)
+ {
+ if (c->len + n >= c->size)
+ {
+ c->size += ((n + 255) & ~255);
+ c->buffer = (c->buffer
+ ? xrealloc (c->buffer, c->size)
+ : xmalloc (c->size));
+ }
+ memcpy (c->buffer + c->len, line, n);
+ c->len += n;
+ }
+}
+
+
+static void
+print_version (int with_help)
+{
+ fputs (MYVERSION_LINE "\n"
+ "Copyright (C) 2012 Free Software Foundation, Inc.\n"
+ "This program comes with ABSOLUTELY NO WARRANTY.\n"
+ "This is free software, and you are welcome to redistribute it\n"
+ "under certain conditions. See the file COPYING for details.\n",
+ stdout);
+
+ if (with_help)
+ fputs ("\n"
+ "Usage: " PGM " [OPTIONS] SOCKETNAME\n"
+ "Open the local socket SOCKETNAME and display log messages\n"
+ "\n"
+ " --force delete an already existing socket file\n"
+ " --verbose enable extra informational output\n"
+ " --version print version of the program and exit\n"
+ " --help display this help and exit\n"
+ BUGREPORT_LINE, stdout );
+
+ exit (0);
+}
+
+int
+main (int argc, char **argv)
+{
+ int last_argc = -1;
+ int force = 0;
+
+ struct sockaddr_un srvr_addr;
+ socklen_t addrlen;
+ int server;
+ int flags;
+ client_t client_list = NULL;
+
+ if (argc)
+ {
+ argc--; argv++;
+ }
+ while (argc && last_argc != argc )
+ {
+ last_argc = argc;
+ if (!strcmp (*argv, "--"))
+ {
+ argc--; argv++;
+ break;
+ }
+ else if (!strcmp (*argv, "--version"))
+ print_version (0);
+ else if (!strcmp (*argv, "--help"))
+ print_version (1);
+ else if (!strcmp (*argv, "--verbose"))
+ {
+ verbose = 1;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--force"))
+ {
+ force = 1;
+ argc--; argv++;
+ }
+ }
+
+ if (argc != 1)
+ {
+ fprintf (stderr, "usage: " PGM " socketname\n");
+ exit (1);
+ }
+
+
+ if (verbose)
+ fprintf (stderr, "opening socket `%s'\n", *argv);
+
+ setvbuf (stdout, NULL, _IOLBF, 0);
+
+ server = socket (PF_LOCAL, SOCK_STREAM, 0);
+ if (server == -1)
+ die ("socket() failed: %s\n", strerror (errno));
+
+ /* We better set the listening socket to non-blocking so that we
+ don't get bitten by race conditions in accept. The should not
+ happen for Unix Domain sockets but well, shit happens. */
+ flags = fcntl (server, F_GETFL, 0);
+ if (flags == -1)
+ die ("fcntl (F_GETFL) failed: %s\n", strerror (errno));
+ if ( fcntl (server, F_SETFL, (flags | O_NONBLOCK)) == -1)
+ die ("fcntl (F_SETFL) failed: %s\n", strerror (errno));
+
+
+ memset (&srvr_addr, 0, sizeof srvr_addr);
+ srvr_addr.sun_family = AF_LOCAL;
+ strncpy (srvr_addr.sun_path, *argv, sizeof (srvr_addr.sun_path) - 1);
+ srvr_addr.sun_path[sizeof (srvr_addr.sun_path) - 1] = 0;
+ addrlen = SUN_LEN (&srvr_addr);
+
+
+ again:
+ if (bind (server, (struct sockaddr *) &srvr_addr, addrlen))
+ {
+ if (errno == EADDRINUSE && force)
+ {
+ force = 0;
+ remove (srvr_addr.sun_path);
+ goto again;
+ }
+ die ("bind to `%s' failed: %s\n", *argv, strerror (errno));
+ }
+
+ if (listen (server, 5))
+ die ("listen failed: %s\n", strerror (errno));
+
+ for (;;)
+ {
+ fd_set rfds;
+ int max_fd;
+ client_t client;
+
+ /* Usually we don't have that many connections, thus it is okay
+ to set them allways from scratch and don't maintain an active
+ fd_set. */
+ FD_ZERO (&rfds);
+ FD_SET (server, &rfds);
+ max_fd = server;
+ for (client = client_list; client; client = client->next)
+ if (client->fd != -1)
+ {
+ FD_SET (client->fd, &rfds);
+ if (client->fd > max_fd)
+ max_fd = client->fd;
+ }
+
+ if (select (max_fd + 1, &rfds, NULL, NULL, NULL) <= 0)
+ continue; /* Ignore any errors. */
+
+ if (FD_ISSET (server, &rfds)) /* New connection. */
+ {
+ struct sockaddr_un clnt_addr;
+ int fd;
+
+ addrlen = sizeof clnt_addr;
+ fd = accept (server, (struct sockaddr *) &clnt_addr, &addrlen);
+ if (fd == -1)
+ {
+ printf ("[accepting connection failed: %s]\n", strerror (errno));
+ }
+ else if (fd >= FD_SETSIZE)
+ {
+ close (fd);
+ printf ("[connection request denied: too many connections]\n");
+ }
+ else
+ {
+ for (client = client_list; client && client->fd != -1;
+ client = client->next)
+ ;
+ if (!client)
+ {
+ client = xcalloc (1, sizeof *client);
+ client->next = client_list;
+ client_list = client;
+ }
+ client->fd = fd;
+ printf ("[client at fd %d connected]\n", client->fd);
+ }
+ }
+ for (client = client_list; client; client = client->next)
+ if (client->fd != -1 && FD_ISSET (client->fd, &rfds))
+ {
+ char line[256];
+ int n;
+
+ n = read (client->fd, line, sizeof line - 1);
+ if (n < 0)
+ {
+ int save_errno = errno;
+ print_line (client, NULL); /* flush */
+ printf ("[client at fd %d read error: %s]\n",
+ client->fd, strerror (save_errno));
+ close (client->fd);
+ client->fd = -1;
+ }
+ else if (!n)
+ {
+ print_line (client, NULL); /* flush */
+ close (client->fd);
+ printf ("[client at fd %d disconnected]\n", client->fd);
+ client->fd = -1;
+ }
+ else
+ {
+ line[n] = 0;
+ print_line (client, line);
+ }
+ }
+ }
+
+ return 0;
+}
+
+
+/*
+Local Variables:
+compile-command: "gcc -Wall -g -o watchgnupg watchgnupg.c"
+End:
+*/
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 16:05:49 +0000